From 2462202bd6c67c359e0f0660d3ad3b4d702dc226 Mon Sep 17 00:00:00 2001 From: SCHNEIDER Laurent Date: Fri, 23 Feb 2024 16:19:40 +0100 Subject: [PATCH 01/15] begin bitwise operator --- creusot-contracts/src/std/num.rs | 30 ++--- creusot/Cargo.toml | 4 +- creusot/src/backend/program.rs | 50 ++++++++ creusot/src/backend/term.rs | 9 ++ creusot/src/translation/function/statement.rs | 5 +- creusot/src/translation/pearlite.rs | 15 +-- creusot/tests/should_succeed/bitwise.mlcfg | 100 ++++++++++++++++ creusot/tests/should_succeed/bitwise.rs | 35 ++++++ prelude/prelude.mlw | 112 ++++++------------ 9 files changed, 256 insertions(+), 104 deletions(-) create mode 100644 creusot/tests/should_succeed/bitwise.mlcfg create mode 100644 creusot/tests/should_succeed/bitwise.rs diff --git a/creusot-contracts/src/std/num.rs b/creusot-contracts/src/std/num.rs index 6ea805cfae..315ffaa4e2 100644 --- a/creusot-contracts/src/std/num.rs +++ b/creusot-contracts/src/std/num.rs @@ -2,13 +2,13 @@ use crate::{Default, *}; pub use ::std::num::*; macro_rules! mach_int { - ($t:ty, $ty_nm:expr, $zero:expr) => { + ($t:ty, $ty_nm:literal, $zero:expr) => { impl ShallowModel for $t { type ShallowModelTy = Int; #[ghost] #[open] #[trusted] - #[creusot::builtins = concat!($ty_nm, ".to_int")] + #[creusot::builtins = $ty_nm] fn shallow_model(self) -> Self::ShallowModelTy { pearlite! { absurd } } @@ -33,19 +33,19 @@ macro_rules! mach_int { }; } -mach_int!(u8, "prelude.UInt8", 0u8); -mach_int!(u16, "prelude.UInt16", 0u16); -mach_int!(u32, "prelude.UInt32", 0u32); -mach_int!(u64, "prelude.UInt64", 0u64); -mach_int!(u128, "prelude.UInt128", 0u128); -mach_int!(usize, "prelude.UIntSize", 0usize); - -mach_int!(i8, "prelude.Int8", 0i8); -mach_int!(i16, "prelude.Int16", 0i16); -mach_int!(i32, "prelude.Int32", 0i32); -mach_int!(i64, "prelude.Int64", 0i64); -mach_int!(i128, "prelude.Int128", 0i128); -mach_int!(isize, "prelude.IntSize", 9isize); +mach_int!(u8, "prelude.UInt8.to_uint", 0u8); +mach_int!(u16, "prelude.UInt16.to_uint", 0u16); +mach_int!(u32, "prelude.UInt32.to_uint", 0u32); +mach_int!(u64, "prelude.UInt64.to_uint", 0u64); +mach_int!(u128, "prelude.UInt128.to_uint", 0u128); +mach_int!(usize, "prelude.UIntSize.to_uint", 0usize); + +mach_int!(i8, "prelude.Int8.to_int", 0i8); +mach_int!(i16, "prelude.Int16.to_int", 0i16); +mach_int!(i32, "prelude.Int32.to_int", 0i32); +mach_int!(i64, "prelude.Int64.to_int", 0i64); +mach_int!(i128, "prelude.Int128.to_int", 0i128); +mach_int!(isize, "prelude.IntSize.to_int", 9isize); /// Adds specifications for checked, wrapping, saturating, and overflowing operations on the given /// integer type diff --git a/creusot/Cargo.toml b/creusot/Cargo.toml index 34a4a5e0cc..287af4e1cc 100644 --- a/creusot/Cargo.toml +++ b/creusot/Cargo.toml @@ -26,7 +26,9 @@ assert_cmd = "1.0" similar = "2.2" termcolor = "1.1" arraydeque = "0.4" -creusot-contracts = { path = "../creusot-contracts", features = ["typechecker"] } +creusot-contracts = { path = "../creusot-contracts", features = [ + "typechecker", +] } escargot = { version = "0.5" } [[test]] name = "ui" diff --git a/creusot/src/backend/program.rs b/creusot/src/backend/program.rs index ad2a3a5ace..45c8029a26 100644 --- a/creusot/src/backend/program.rs +++ b/creusot/src/backend/program.rs @@ -319,6 +319,56 @@ impl<'tcx> Expr<'tcx> { Exp::impure_qvar(QName::from_string("Bool.neqb").unwrap()) .app(vec![l.to_why(ctx, names, locals), r.to_why(ctx, names, locals)]) } + // bitwise operator + ExprKind::BinOp(op, l, r) + if matches!(op, BinOp::BitXor | BinOp::BitAnd | BinOp::BitOr) + && l.ty.is_integral() + && r.ty.is_integral() => + { + let fname = match op { + BinOp::BitXor => "bw_xor", + BinOp::BitAnd => "bw_and", + BinOp::BitOr => "bw_or", + _ => panic!("unknown bitwise operation on two integer"), + }; + + Exp::impure_qvar(QName::from_string(fname).unwrap()) + .app(vec![l.to_why(ctx, names, locals), r.to_why(ctx, names, locals)]) + } + // Arithmetic operation on two signed integer + ExprKind::BinOp(op, l, r) + if matches!(op, BinOp::Add | BinOp::Sub | BinOp::Mul | BinOp::Div) + && l.ty.is_signed() + && r.ty.is_signed() => + { + let fname = match op { + BinOp::Add => "s_add", + BinOp::Sub => "s_sub", + BinOp::Mul => "s_mul", + BinOp::Div => "s_div", + _ => panic!("unknown arithmetic operation on two signed integer"), + }; + + Exp::impure_qvar(QName::from_string(fname).unwrap()) + .app(vec![l.to_why(ctx, names, locals), r.to_why(ctx, names, locals)]) + } + // Artithmetic operation on two unsigned integer + ExprKind::BinOp(op, l, r) + if matches!(op, BinOp::Add | BinOp::Sub | BinOp::Mul | BinOp::Div) + && (l.ty.is_integral() && !l.ty.is_signed()) + && (r.ty.is_integral() && !r.ty.is_signed()) => + { + let fname = match op { + BinOp::Add => "u_add", + BinOp::Sub => "u_sub", + BinOp::Mul => "u_mul", + BinOp::Div => "u_div", + _ => panic!("unknown arithmetic operation on two unsigned integer"), + }; + + Exp::impure_qvar(QName::from_string(fname).unwrap()) + .app(vec![l.to_why(ctx, names, locals), r.to_why(ctx, names, locals)]) + } ExprKind::BinOp(op, l, r) => { // Hack translate_ty(ctx, names, DUMMY_SP, l.ty); diff --git a/creusot/src/backend/term.rs b/creusot/src/backend/term.rs index 4fea167e62..1f95db46da 100644 --- a/creusot/src/backend/term.rs +++ b/creusot/src/backend/term.rs @@ -117,6 +117,15 @@ impl<'tcx, N: Namer<'tcx>> Lower<'_, 'tcx, N> { inner } + (BitXor, _) => { + Exp::impure_qvar(QName::from_string("bw_xor").unwrap()).app(vec![lhs, rhs]) + } + (BitAnd, _) => { + Exp::impure_qvar(QName::from_string("bw_and").unwrap()).app(vec![lhs, rhs]) + } + (BitOr, _) => { + Exp::impure_qvar(QName::from_string("bw_or").unwrap()).app(vec![lhs, rhs]) + } _ => { Exp::BinaryOp(binop_to_binop(*op, self.pure), Box::new(lhs), Box::new(rhs)) } diff --git a/creusot/src/translation/function/statement.rs b/creusot/src/translation/function/statement.rs index 24ce51c75b..8fe2d2969e 100644 --- a/creusot/src/translation/function/statement.rs +++ b/creusot/src/translation/function/statement.rs @@ -10,7 +10,7 @@ use crate::{ use rustc_borrowck::borrow_set::TwoPhaseActivation; use rustc_middle::{ mir::{ - BinOp, BorrowKind::*, CastKind, Location, Operand::*, Place, Rvalue, SourceInfo, Statement, + BorrowKind::*, CastKind, Location, Operand::*, Place, Rvalue, SourceInfo, Statement, StatementKind, }, ty::adjustment::PointerCoercion, @@ -103,9 +103,6 @@ impl<'tcx> BodyTranslator<'_, 'tcx> { } }, Rvalue::Discriminant(_) => return, - Rvalue::BinaryOp(BinOp::BitAnd, box (l, _)) if !l.ty(self.body, self.tcx).is_bool() => { - self.ctx.crash_and_error(si.span, "bitwise operations are currently unsupported") - } Rvalue::BinaryOp(op, box (l, r)) | Rvalue::CheckedBinaryOp(op, box (l, r)) => { ExprKind::BinOp( *op, diff --git a/creusot/src/translation/pearlite.rs b/creusot/src/translation/pearlite.rs index 690f71e7bc..70189fb988 100644 --- a/creusot/src/translation/pearlite.rs +++ b/creusot/src/translation/pearlite.rs @@ -52,6 +52,9 @@ pub enum BinOp { Mul, Div, Rem, + BitXor, + BitAnd, + BitOr, Lt, Le, Ge, @@ -304,15 +307,9 @@ impl<'a, 'tcx> ThirTerm<'a, 'tcx> { mir::BinOp::Mul | mir::BinOp::MulUnchecked => BinOp::Mul, mir::BinOp::Div => BinOp::Div, mir::BinOp::Rem => BinOp::Rem, - mir::BinOp::BitXor => { - return Err(Error::new(self.thir[expr].span, "unsupported operation")) - } - mir::BinOp::BitAnd => { - return Err(Error::new(self.thir[expr].span, "unsupported operation")) - } - mir::BinOp::BitOr => { - return Err(Error::new(self.thir[expr].span, "unsupported operation")) - } + mir::BinOp::BitXor => BinOp::BitXor, + mir::BinOp::BitAnd => BinOp::BitAnd, + mir::BinOp::BitOr => BinOp::BitOr, mir::BinOp::Shl | mir::BinOp::ShlUnchecked => { return Err(Error::new(self.thir[expr].span, "unsupported operation")) } diff --git a/creusot/tests/should_succeed/bitwise.mlcfg b/creusot/tests/should_succeed/bitwise.mlcfg new file mode 100644 index 0000000000..dcd63b8fd3 --- /dev/null +++ b/creusot/tests/should_succeed/bitwise.mlcfg @@ -0,0 +1,100 @@ + +module Bitwise_TestBitXorI64 + use prelude.Int64 + use prelude.Int + let rec cfg test_bit_xor_i64 [#"../bitwise.rs" 9 0 9 46] [@cfg:stackify] [@cfg:subregion_analysis] (a : int64) (b : int64) : int64 + ensures { [#"../bitwise.rs" 8 10 8 25] result = bw_xor a b } + + = [@vc:do_not_keep_trace] [@vc:sp] + var _0 : int64; + var a : int64 = a; + var b : int64 = b; + { + goto BB0 + } + BB0 { + [#"../bitwise.rs" 10 4 10 9] _0 <- ([#"../bitwise.rs" 10 4 10 9] bw_xor ([#"../bitwise.rs" 10 4 10 5] a) ([#"../bitwise.rs" 10 8 10 9] b)); + return _0 + } + +end +module Bitwise_TestBitAndU16 + use prelude.UInt16 + use prelude.Int + let rec cfg test_bit_and_u16 [#"../bitwise.rs" 14 0 14 46] [@cfg:stackify] [@cfg:subregion_analysis] (a : uint16) (b : uint16) : uint16 + ensures { [#"../bitwise.rs" 13 10 13 25] result = bw_and a b } + + = [@vc:do_not_keep_trace] [@vc:sp] + var _0 : uint16; + var a : uint16 = a; + var b : uint16 = b; + { + goto BB0 + } + BB0 { + [#"../bitwise.rs" 15 4 15 9] _0 <- ([#"../bitwise.rs" 15 4 15 9] bw_and ([#"../bitwise.rs" 15 4 15 5] a) ([#"../bitwise.rs" 15 8 15 9] b)); + return _0 + } + +end +module Bitwise_TestBitOrI32 + use prelude.Int32 + use prelude.Int + let rec cfg test_bit_or_i32 [#"../bitwise.rs" 19 0 19 45] [@cfg:stackify] [@cfg:subregion_analysis] (a : int32) (b : int32) : int32 + ensures { [#"../bitwise.rs" 18 10 18 25] result = bw_or a b } + + = [@vc:do_not_keep_trace] [@vc:sp] + var _0 : int32; + var a : int32 = a; + var b : int32 = b; + { + goto BB0 + } + BB0 { + [#"../bitwise.rs" 20 4 20 9] _0 <- ([#"../bitwise.rs" 20 4 20 9] bw_or ([#"../bitwise.rs" 20 4 20 5] a) ([#"../bitwise.rs" 20 8 20 9] b)); + return _0 + } + +end +module Bitwise_TestAddUsize + use prelude.UIntSize + use prelude.UIntSize + use prelude.Int + let rec cfg test_add_usize [#"../bitwise.rs" 26 0 26 50] [@cfg:stackify] [@cfg:subregion_analysis] (a : usize) (b : usize) : usize + ensures { [#"../bitwise.rs" 24 10 24 28] UIntSize.to_uint result = UIntSize.to_uint a + UIntSize.to_uint b } + ensures { [#"../bitwise.rs" 25 10 25 25] result = a + b } + + = [@vc:do_not_keep_trace] [@vc:sp] + var _0 : usize; + var a : usize = a; + var b : usize = b; + { + goto BB0 + } + BB0 { + [#"../bitwise.rs" 27 4 27 9] _0 <- ([#"../bitwise.rs" 27 4 27 9] u_add ([#"../bitwise.rs" 27 4 27 5] a) ([#"../bitwise.rs" 27 8 27 9] b)); + return _0 + } + +end +module Bitwise_TestMulI8 + use prelude.Int8 + use prelude.Int8 + use prelude.Int + let rec cfg test_mul_i8 [#"../bitwise.rs" 33 0 33 38] [@cfg:stackify] [@cfg:subregion_analysis] (a : int8) (b : int8) : int8 + ensures { [#"../bitwise.rs" 31 10 31 28] Int8.to_int result = Int8.to_int a * Int8.to_int b } + ensures { [#"../bitwise.rs" 32 10 32 25] result = a * b } + + = [@vc:do_not_keep_trace] [@vc:sp] + var _0 : int8; + var a : int8 = a; + var b : int8 = b; + { + goto BB0 + } + BB0 { + [#"../bitwise.rs" 34 4 34 9] _0 <- ([#"../bitwise.rs" 34 4 34 9] s_mul ([#"../bitwise.rs" 34 4 34 5] a) ([#"../bitwise.rs" 34 8 34 9] b)); + return _0 + } + +end diff --git a/creusot/tests/should_succeed/bitwise.rs b/creusot/tests/should_succeed/bitwise.rs new file mode 100644 index 0000000000..eb6870b5d4 --- /dev/null +++ b/creusot/tests/should_succeed/bitwise.rs @@ -0,0 +1,35 @@ +extern crate creusot_contracts; + +use creusot_contracts::*; + + + + +#[ensures(result == a ^ b)] +pub fn test_bit_xor_i64(a: i64, b: i64) -> i64 { + a ^ b +} + +#[ensures(result == a & b)] +pub fn test_bit_and_u16(a: u16, b: u16) -> u16 { + a & b +} + +#[ensures(result == a | b)] +pub fn test_bit_or_i32(a: i32, b: i32) -> i32 { + a | b +} + + +#[ensures(result@ == a@ + b@)] +#[ensures(result == a + b)] +pub fn test_add_usize(a: usize, b: usize) -> usize { + a + b +} + + +#[ensures(result@ == a@ * b@)] +#[ensures(result == a * b)] +pub fn test_mul_i8(a: i8, b: i8) -> i8 { + a * b +} \ No newline at end of file diff --git a/prelude/prelude.mlw b/prelude/prelude.mlw index a132033874..46cbb4809d 100644 --- a/prelude/prelude.mlw +++ b/prelude/prelude.mlw @@ -63,48 +63,24 @@ end (* Signed Integer *) module IntSize - use export mach.int.Int64 - type isize = int64 + use export mach.bv.BVCheck64 + type isize = t end module Int8 - use int.Int - - type int8 = < range -0x80 0x7f > - - let constant min_int8 : int = - 0x80 - let constant max_int8 : int = 0x7f - function to_int (x : int8) : int = int8'int x - - clone export mach.int.Bounded_int with - type t = int8, - constant min = int8'minInt, - constant max = int8'maxInt, - function to_int = int8'int, - lemma to_int_in_bounds, - lemma extensionality + use export mach.bv.BVCheck8 + type int8 = t end module Int16 - use int.Int - - type int16 = < range -0x8000 0x7fff > - - let constant min_int16 : int = - 0x8000 - let constant max_int16 : int = 0x7fff - function to_int (x : int16) : int = int16'int x - - clone export mach.int.Bounded_int with - type t = int16, - constant min = int16'minInt, - constant max = int16'maxInt, - function to_int = int16'int, - lemma to_int_in_bounds, - lemma extensionality + use export mach.bv.BVCheck16 + type int16 = t end module Int32 - use export mach.int.Int32 + use export mach.bv.BVCheck32 + type int32 = t end module Int64 - use export mach.int.Int64 + use export mach.bv.BVCheck64 + type int64 = t end module Int128 use int.Int @@ -126,48 +102,34 @@ end (* Unsigned Integers *) module UIntSize - use export mach.int.UInt64 - type usize = uint64 + use export mach.bv.BVCheck64 + type usize = t + + function to_uint (x : t) : int = t'int x end module UInt8 - use int.Int - - type uint8 = < range 0x0 0xff > + use export mach.bv.BVCheck8 + type uint8 = t - let constant min_uint8 : int = 0x00 - let constant max_uint8 : int = 0xff - function to_int (x : uint8) : int = uint8'int x - - clone export mach.int.Bounded_int with - type t = uint8, - constant min = uint8'minInt, - constant max = uint8'maxInt, - function to_int = uint8'int, - lemma to_int_in_bounds, - lemma extensionality + function to_uint (x : t) : int = t'int x end module UInt16 - use int.Int + use export mach.bv.BVCheck16 + type uint16 = t - type uint16 = < range 0x0 0xffff > - - let constant min_uint16 : int = 0x00 - let constant max_uint16 : int = 0xffff - function to_int (x : uint16) : int = uint16'int x - - clone export mach.int.Bounded_int with - type t = uint16, - constant min = uint16'minInt, - constant max = uint16'maxInt, - function to_int = uint16'int, - lemma to_int_in_bounds, - lemma extensionality + function to_uint (x : t) : int = t'int x end module UInt32 - use export mach.int.UInt32 + use export mach.bv.BVCheck32 + type uint32 = t + + function to_uint (x : t) : int = t'int x end module UInt64 - use export mach.int.UInt64 + use export mach.bv.BVCheck64 + type uint64 = t + + function to_uint (x : t) : int = t'int x end module UInt128 use int.Int @@ -229,26 +191,26 @@ module Slice type slice 'a = { elts : seq 'a } - invariant { Seq.length elts <= max_uint64 } + invariant { Seq.length elts <= UIntSize.two_power_size - 1 } axiom slice_ext : forall x y: slice 'a. x.elts = y.elts -> x = y type array 'a = slice 'a - let create (len : uint64) (f : int -> 'a) : slice 'a = + let create (len : UIntSize.t) (f : int -> 'a) : slice 'a = { elts = Seq.create (to_int len) f} - let function length (s : slice 'a) : uint64 = of_int (Seq.length s.elts) + let function length (s : slice 'a) : UIntSize.t = of_int (Seq.length s.elts) - let function get (s : slice 'a) (ix : uint64) : 'a = - requires { ix < Seq.length s.elts } + let function get (s : slice 'a) (ix : UIntSize.t) : 'a = + requires { to_int ix < Seq.length s.elts } Seq.get s.elts (to_int ix) - let set (s : slice 'a) (ix : uint64) (v : 'a) : slice 'a = - requires { 0 <= ix < Seq.length s.elts } + let set (s : slice 'a) (ix : UIntSize.t) (v : 'a) : slice 'a = + requires { 0 <= to_int ix < Seq.length s.elts } ensures { Seq.length result.elts = Seq.length s.elts } - ensures { result.elts[ix] = v } - ensures { forall j. 0 <= j < Seq.length s.elts /\ j <> ix -> result.elts[j] = s.elts[j] } + ensures { result.elts[to_int ix] = v } + ensures { forall j. 0 <= j < Seq.length s.elts /\ j <> to_int ix -> result.elts[j] = s.elts[j] } { elts = Seq.set s.elts (to_int ix) v } function id (s : slice 'a) : seq 'a = s.elts From 4522d7b37cbd8c28597b07a710e29d66e3c5067c Mon Sep 17 00:00:00 2001 From: SCHNEIDER Laurent Date: Wed, 5 Jun 2024 15:40:57 +0200 Subject: [PATCH 02/15] remove arithmetic operator with bitwise, add shift and not operator --- creusot/src/backend/program.rs | 76 ++++++++++++++++--------- creusot/tests/should_succeed/bitwise.rs | 9 +-- 2 files changed, 54 insertions(+), 31 deletions(-) diff --git a/creusot/src/backend/program.rs b/creusot/src/backend/program.rs index 45c8029a26..37206b59a7 100644 --- a/creusot/src/backend/program.rs +++ b/creusot/src/backend/program.rs @@ -24,7 +24,7 @@ use crate::{ }; use rustc_hir::{def_id::DefId, Unsafety}; use rustc_middle::{ - mir::{BasicBlock, BinOp, ProjectionElem}, + mir::{BasicBlock, BinOp, ProjectionElem, UnOp}, ty::TyKind, }; use rustc_span::{Span, DUMMY_SP}; @@ -335,40 +335,57 @@ impl<'tcx> Expr<'tcx> { Exp::impure_qvar(QName::from_string(fname).unwrap()) .app(vec![l.to_why(ctx, names, locals), r.to_why(ctx, names, locals)]) } - // Arithmetic operation on two signed integer + // shift left operator ExprKind::BinOp(op, l, r) - if matches!(op, BinOp::Add | BinOp::Sub | BinOp::Mul | BinOp::Div) - && l.ty.is_signed() - && r.ty.is_signed() => - { - let fname = match op { - BinOp::Add => "s_add", - BinOp::Sub => "s_sub", - BinOp::Mul => "s_mul", - BinOp::Div => "s_div", - _ => panic!("unknown arithmetic operation on two signed integer"), - }; - + if matches!(op, BinOp::Shl) // #TODO-LS: que faire de BinOp::ShlUnchecked ?? + && l.ty.is_integral() && r.ty.is_integral() => { + let fname = if l.ty.is_signed() {"s_lsl"} else {"u_lsl"}; Exp::impure_qvar(QName::from_string(fname).unwrap()) .app(vec![l.to_why(ctx, names, locals), r.to_why(ctx, names, locals)]) } - // Artithmetic operation on two unsigned integer + // shift right operator ExprKind::BinOp(op, l, r) - if matches!(op, BinOp::Add | BinOp::Sub | BinOp::Mul | BinOp::Div) - && (l.ty.is_integral() && !l.ty.is_signed()) - && (r.ty.is_integral() && !r.ty.is_signed()) => - { - let fname = match op { - BinOp::Add => "u_add", - BinOp::Sub => "u_sub", - BinOp::Mul => "u_mul", - BinOp::Div => "u_div", - _ => panic!("unknown arithmetic operation on two unsigned integer"), - }; - + if matches!(op, BinOp::Shr) // #TODO-LS: que faire de BinOp::ShrUnchecked ?? + && l.ty.is_integral() && r.ty.is_integral() => { + let fname = if l.ty.is_signed() {"s_asl"} else {"u_lsr"}; Exp::impure_qvar(QName::from_string(fname).unwrap()) .app(vec![l.to_why(ctx, names, locals), r.to_why(ctx, names, locals)]) } + + // #TODO-LS: utiliser la surcharge d'operateur dans prelude et supprimer ce code ? + // Arithmetic operation on two signed integer + // ExprKind::BinOp(op, l, r) + // if matches!(op, BinOp::Add | BinOp::Sub | BinOp::Mul | BinOp::Div) + // && l.ty.is_signed() + // && r.ty.is_signed() => + // { + // let fname = match op { + // BinOp::Add => "s_add", + // BinOp::Sub => "s_sub", + // BinOp::Mul => "s_mul", + // BinOp::Div => "s_div", + // _ => panic!("unknown arithmetic operation on two signed integer"), + // }; + // Exp::impure_qvar(QName::from_string(fname).unwrap()) + // .app(vec![l.to_why(ctx, names, locals), r.to_why(ctx, names, locals)]) + // } + // Artithmetic operation on two unsigned integer + // ExprKind::BinOp(op, l, r) + // if matches!(op, BinOp::Add | BinOp::Sub | BinOp::Mul | BinOp::Div) + // && (l.ty.is_integral() && !l.ty.is_signed()) + // && (r.ty.is_integral() && !r.ty.is_signed()) => + // { + // let fname = match op { + // BinOp::Add => "u_add", + // BinOp::Sub => "u_sub", + // BinOp::Mul => "u_mul", + // BinOp::Div => "u_div", + // _ => panic!("unknown arithmetic operation on two unsigned integer"), + // }; + + // Exp::impure_qvar(QName::from_string(fname).unwrap()) + // .app(vec![l.to_why(ctx, names, locals), r.to_why(ctx, names, locals)]) + // } ExprKind::BinOp(op, l, r) => { // Hack translate_ty(ctx, names, DUMMY_SP, l.ty); @@ -379,6 +396,11 @@ impl<'tcx> Expr<'tcx> { Box::new(r.to_why(ctx, names, locals)), ) } + ExprKind::UnaryOp(op, arg) if matches!(op, UnOp::Not) && arg.ty.is_integral() => { + let fname = "bw_not"; + Exp::impure_qvar(QName::from_string(fname).unwrap()) + .app(vec![arg.to_why(ctx, names, locals)]) + } ExprKind::UnaryOp(op, arg) => { Exp::UnaryOp(unop_to_unop(arg.ty, op), Box::new(arg.to_why(ctx, names, locals))) } diff --git a/creusot/tests/should_succeed/bitwise.rs b/creusot/tests/should_succeed/bitwise.rs index eb6870b5d4..d69c57d830 100644 --- a/creusot/tests/should_succeed/bitwise.rs +++ b/creusot/tests/should_succeed/bitwise.rs @@ -1,10 +1,6 @@ extern crate creusot_contracts; - use creusot_contracts::*; - - - #[ensures(result == a ^ b)] pub fn test_bit_xor_i64(a: i64, b: i64) -> i64 { a ^ b @@ -32,4 +28,9 @@ pub fn test_add_usize(a: usize, b: usize) -> usize { #[ensures(result == a * b)] pub fn test_mul_i8(a: i8, b: i8) -> i8 { a * b +} + +#[ensures(result == (a <= 100))] +pub fn test_literal_i32(a: i32) -> bool { + a <= 100 } \ No newline at end of file From c69ed9e52544b63e3e8aef5fc1d6f1f81852dc6b Mon Sep 17 00:00:00 2001 From: SCHNEIDER Laurent Date: Mon, 12 Aug 2024 16:30:21 +0200 Subject: [PATCH 03/15] prelude with UInt8-64 --- Cargo.lock | 280 +++++++++---------- creusot/src/backend/program.rs | 24 +- creusot/src/backend/term.rs | 36 ++- creusot/src/backend/ty.rs | 8 +- creusot/src/translation/pearlite.rs | 16 +- mlcfg | 2 +- prelude/prelude.coma | 410 ++++++++++++++-------------- test_bitwise.rs | 167 +++++++++++ test_bitwise/why3session.xml | 142 ++++++++++ test_bitwise/why3shapes.gz | Bin 0 -> 1634 bytes why3/src/exp.rs | 10 + why3/src/mlcfg/printer.rs | 5 + 12 files changed, 733 insertions(+), 367 deletions(-) create mode 100644 test_bitwise.rs create mode 100644 test_bitwise/why3session.xml create mode 100644 test_bitwise/why3shapes.gz diff --git a/Cargo.lock b/Cargo.lock index 5ad5761700..49a294363c 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -88,9 +88,9 @@ dependencies = [ [[package]] name = "anyhow" -version = "1.0.80" +version = "1.0.86" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5ad32ce52e4161730f7098c077cd2ed6229b5804ccf99e5366be1ab72a98b4e1" +checksum = "b3d1d046238990b9cf5bcde22a3fb3584ee5cf65fb2765f454ed428c7a0063da" [[package]] name = "arraydeque" @@ -126,9 +126,9 @@ checksum = "d468802bab17cbc0cc575e9b053f41e72aa36bfa6b7f55e3529ffa43161b97fa" [[package]] name = "backtrace" -version = "0.3.69" +version = "0.3.71" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2089b7e3f35b9dd2d0ed921ead4f6d318c27680d4a5bd167b3ee120edb105837" +checksum = "26b05800d2e817c8b3b4b54abd461726265fa9789ae34330622f2db9ee696f9d" dependencies = [ "addr2line", "cc", @@ -174,9 +174,9 @@ checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a" [[package]] name = "bitflags" -version = "2.4.2" +version = "2.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ed570934406eb16438a4e976b1b4500774099c13b8cb96eec99f620f05090ddf" +checksum = "cf4b9d6a944f767f8e5e0db018570623c85f3d925ac718db4e06d0187adb21c1" [[package]] name = "block-buffer" @@ -200,9 +200,9 @@ dependencies = [ [[package]] name = "bumpalo" -version = "3.15.4" +version = "3.16.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7ff69b9dd49fd426c69a0db9fc04dd934cdb6645ff000864d98f7e2af8830eaa" +checksum = "79296716171880943b8470b5f8d03aa55eb2e645a4874bdbb28adb49162e012c" [[package]] name = "byteorder" @@ -212,9 +212,9 @@ checksum = "1fd0f2584146f6f2ef48085050886acf353beff7305ebd1ae69500e27c67f64b" [[package]] name = "bytes" -version = "1.5.0" +version = "1.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a2bd12c1caf447e69cd4528f47f94d203fd2582878ecb9e9465484c4148a8223" +checksum = "514de17de45fdb8dc022b1a7975556c53c86f9f0aa5f534b98977b171857c2c9" [[package]] name = "bzip2" @@ -239,9 +239,9 @@ dependencies = [ [[package]] name = "camino" -version = "1.1.6" +version = "1.1.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c59e92b5a388f549b863a7bea62612c09f24c8393560709a54558a9abdfb3b9c" +checksum = "e0ec6b951b160caa93cc0c7b209e5a3bff7aae9062213451ac99493cd844c239" dependencies = [ "serde", ] @@ -287,11 +287,12 @@ dependencies = [ [[package]] name = "cc" -version = "1.0.79" +version = "1.0.94" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "50d30906286121d95be3d479533b458f87493b30a4b5f79a607db8f5d11aa91f" +checksum = "17f6e324229dc011159fcc089755d1e2e216a90d43a7dea6853ca740b84f35e7" dependencies = [ "jobserver", + "libc", ] [[package]] @@ -403,9 +404,9 @@ dependencies = [ [[package]] name = "crc32fast" -version = "1.4.0" +version = "1.4.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b3855a8a784b474f333699ef2bbca9db2c4a1f6d9088a90a2d25b1eb53111eaa" +checksum = "a97769d94ddab943e4510d138150169a2758b5ef3eb191a9ee688de3e23ef7b3" dependencies = [ "cfg-if", ] @@ -520,9 +521,9 @@ dependencies = [ [[package]] name = "crossbeam-utils" -version = "0.8.19" +version = "0.8.20" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "248e3bacc7dc6baa3b21e405ee045c3047101a49145e7e9eca583ab4c2ca5345" +checksum = "22ec99545bb0ed0ea7bb9b8e1e9122ea386ff8a48c0922e43f36d45ab09e0e80" [[package]] name = "crypto-common" @@ -589,9 +590,9 @@ checksum = "fea41bba32d969b513997752735605054bc0dfa92b4c56bf1189f2e174be7a10" [[package]] name = "either" -version = "1.10.0" +version = "1.12.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "11157ac094ffbdde99aa67b23417ebdd801842852b500e395a45a9c0aac03e4a" +checksum = "3dca9240753cf90908d7e4aac30f630662b02aebaa1b58a3cadabdb23385b58b" [[package]] name = "encode_unicode" @@ -601,9 +602,9 @@ checksum = "a357d28ed41a50f9c765dbfe56cbc04a64e53e5fc58ba79fbc34c10ef3df831f" [[package]] name = "encoding_rs" -version = "0.8.33" +version = "0.8.34" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7268b386296a025e474d5140678f75d6de9493ae55a5d709eeb9dd08149945e1" +checksum = "b45de904aa0b010bce2ab45264d0631681847fa7b6f2eaa7dab7619943bc4f59" dependencies = [ "cfg-if", ] @@ -629,9 +630,9 @@ checksum = "5443807d6dff69373d433ab9ef5378ad8df50ca6298caf15de6e52e24aaf54d5" [[package]] name = "errno" -version = "0.3.8" +version = "0.3.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a258e46cdc063eb8519c00b9fc845fc47bcfca4130e2f08e88665ceda8474245" +checksum = "534c5cf6194dfab3db3242765c03bbe257cf92f22b38f6bc0c58d59108a820ba" dependencies = [ "libc", "windows-sys 0.52.0", @@ -651,9 +652,9 @@ dependencies = [ [[package]] name = "fastrand" -version = "2.0.1" +version = "2.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "25cbce373ec4653f1a01a31e8a5e5ec0c622dc27ff9c4e6606eefef5cbbed4a5" +checksum = "9fc0510504f03c51ada170672ac806f1f105a88aa97a5281117e1ddc3368e51a" [[package]] name = "fixedbitset" @@ -663,9 +664,9 @@ checksum = "0ce7134b9999ecaf8bcd65542e436736ef32ddca1b3e06094cb6ec5755203b80" [[package]] name = "flate2" -version = "1.0.28" +version = "1.0.30" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "46303f565772937ffe1d394a4fac6f411c6013172fadde9dcdb1e147a086940e" +checksum = "5f54427cfd1c7829e2a139fcefea601bf088ebca651d2bf53ebc600eac295dae" dependencies = [ "crc32fast", "miniz_oxide", @@ -805,9 +806,9 @@ checksum = "d2fabcfbdc87f4758337ca535fb41a6d701b65693ce38287d856d1674551ec9b" [[package]] name = "h2" -version = "0.3.24" +version = "0.3.26" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bb2c4422095b67ee78da96fbb51a4cc413b3b25883c7717ff7ca1ab31022c9c9" +checksum = "81fe527a889e1532da5c525686d96d4c2e74cdd345badf8dfef9f6b39dd5f5e8" dependencies = [ "bytes", "fnv", @@ -815,7 +816,7 @@ dependencies = [ "futures-sink", "futures-util", "http", - "indexmap 2.2.5", + "indexmap 2.2.6", "slab", "tokio", "tokio-util", @@ -830,9 +831,9 @@ checksum = "8a9ee70c43aaf417c914396645a0fa852624801b24ebb7ae78fe8272889ac888" [[package]] name = "hashbrown" -version = "0.14.3" +version = "0.14.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "290f1a1d9242c78d09ce40a5e87e7554ee637af1351968159f4952f028f75604" +checksum = "e5274423e17b7c9fc20b6e7e208532f9b19825d82dfd615708b70edd83df41f1" [[package]] name = "heck" @@ -912,9 +913,9 @@ checksum = "9a3a5bfb195931eeb336b2a7b4d761daec841b97f947d34394601737a7bba5e4" [[package]] name = "hyper" -version = "0.14.28" +version = "0.14.29" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bf96e135eb83a2a8ddf766e426a841d8ddd7449d5f00d34ea02b41d2f19eef80" +checksum = "f361cde2f109281a220d4307746cdfd5ee3f410da58a70377762396775634b33" dependencies = [ "bytes", "futures-channel", @@ -989,12 +990,12 @@ dependencies = [ [[package]] name = "indexmap" -version = "2.2.5" +version = "2.2.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7b0b929d511467233429c45a44ac1dcaa21ba0f5ba11e4879e6ed28ddb4f9df4" +checksum = "168fb715dda47215e360912c096649d23d58bf392ac62f73919e831745e40f26" dependencies = [ "equivalent", - "hashbrown 0.14.3", + "hashbrown 0.14.5", ] [[package]] @@ -1089,9 +1090,9 @@ checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646" [[package]] name = "libc" -version = "0.2.153" +version = "0.2.155" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9c198f91728a82281a64e1f4f9eeb25d82cb32a5de251c6bd1b5154d63a8e7bd" +checksum = "97b3888a4aecf77e811145cadf6eef5901f4782c53886191b2f693f24761847c" [[package]] name = "libgit2-sys" @@ -1115,13 +1116,12 @@ checksum = "4ec2a862134d2a7d32d7983ddcdd1c4923530833c9f2ea1a44fc5fa473989058" [[package]] name = "libredox" -version = "0.0.1" +version = "0.1.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "85c833ca1e66078851dba29046874e38f08b2c883700aa29a03ddd3b23814ee8" +checksum = "c0ff37bd590ca25063e35af745c343cb7a0271906fb7b37e4813e8f79f00268d" dependencies = [ - "bitflags 2.4.2", + "bitflags 2.5.0", "libc", - "redox_syscall", ] [[package]] @@ -1164,9 +1164,9 @@ checksum = "b64f40e5e03e0d54f03845c8197d0291253cdbedfb1cb46b13c2c117554a9f4c" [[package]] name = "linux-raw-sys" -version = "0.4.13" +version = "0.4.14" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "01cda141df6706de531b6c46c3a33ecca755538219bd484262fa09410c13539c" +checksum = "78b3ae25bc7c8c38cec158d1f2757ee79e9b3740fbc7ccf0e59e4b08d793fa89" [[package]] name = "log" @@ -1191,9 +1191,9 @@ checksum = "6877bb514081ee2a7ff5ef9de3281f14a4dd4bceac4c09388074a6b5df8a139a" [[package]] name = "miniz_oxide" -version = "0.7.2" +version = "0.7.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9d811f3e15f28568be3407c8e7fdb6514c1cda3cb30683f15b6a1a1dc4ea14a7" +checksum = "87dfd01fe195c66b572b37921ad8803d010623c0aca821bea2302239d155cdae" dependencies = [ "adler", ] @@ -1211,11 +1211,10 @@ dependencies = [ [[package]] name = "native-tls" -version = "0.2.11" +version = "0.2.12" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "07226173c32f2926027b63cce4bcd8076c3552846cbe7925f3aaffeac0a3b92e" +checksum = "a8614eb2c83d59d1c8cc974dd3f920198647674a0a035e1af1fa58707e317466" dependencies = [ - "lazy_static", "libc", "log", "openssl", @@ -1333,16 +1332,6 @@ dependencies = [ "libm", ] -[[package]] -name = "num_cpus" -version = "1.16.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4161fcb6d602d4d2081af7c3a45852d875a03dd337a6bfdd6e06407b61342a43" -dependencies = [ - "hermit-abi", - "libc", -] - [[package]] name = "object" version = "0.32.2" @@ -1364,7 +1353,7 @@ version = "0.10.64" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "95a0481286a310808298130d22dd1fef0fa571e05a8f44ec801801e84b216b1f" dependencies = [ - "bitflags 2.4.2", + "bitflags 2.5.0", "cfg-if", "foreign-types", "libc", @@ -1392,9 +1381,9 @@ checksum = "ff011a302c396a5197692431fc1948019154afc178baf7d8e37367442a4601cf" [[package]] name = "openssl-sys" -version = "0.9.101" +version = "0.9.102" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dda2b0f344e78efc2facf7d195d098df0dd72151b26ab98da807afc26c198dff" +checksum = "c597637d56fbc83893a35eb0dd04b2b8e7a50c91e64e9493e398b5df4fb45fa2" dependencies = [ "cc", "libc", @@ -1460,14 +1449,14 @@ version = "0.6.5" source = "git+https://github.com/xldenis/petgraph?rev=04cecb7#04cecb7aae38dfed25545fd87c49e26faec752b5" dependencies = [ "fixedbitset", - "indexmap 2.2.5", + "indexmap 2.2.6", ] [[package]] name = "pin-project-lite" -version = "0.2.13" +version = "0.2.14" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8afb450f006bf6385ca15ef45d71d2288452bc3683ce2e2cacc0d18e4be60b58" +checksum = "bda66fc9667c18cb2758a2ac84d1167245054bcf85d5d1aaa6923f45801bdd02" [[package]] name = "pin-utils" @@ -1549,13 +1538,13 @@ checksum = "31b476131c3c86cb68032fdc5cb6d5a1045e3e42d96b69fa599fd77701e1f5bf" dependencies = [ "bit-set", "bit-vec", - "bitflags 2.4.2", + "bitflags 2.5.0", "lazy_static", "num-traits", "rand 0.8.5", "rand_chacha", "rand_xorshift", - "regex-syntax 0.8.2", + "regex-syntax 0.8.3", "rusty-fork", "tempfile", "unarray", @@ -1652,20 +1641,11 @@ dependencies = [ "rand_core 0.3.1", ] -[[package]] -name = "redox_syscall" -version = "0.4.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4722d768eff46b75989dd134e5c353f0d6296e5aaa3132e776cbdb56be7731aa" -dependencies = [ - "bitflags 1.3.2", -] - [[package]] name = "redox_users" -version = "0.4.4" +version = "0.4.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a18479200779601e498ada4e8c1e1f50e3ee19deb0259c25825a98b5603b2cb4" +checksum = "bd283d9651eeda4b2a83a43c1c91b266c40fd76ecd39a50a8c630ae69dc72891" dependencies = [ "getrandom", "libredox", @@ -1717,9 +1697,9 @@ checksum = "a5996294f19bd3aae0453a862ad728f60e6600695733dd5df01da90c54363a3c" [[package]] name = "regex-syntax" -version = "0.8.2" +version = "0.8.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c08c74e62047bb2de4ff487b251e4a92e24f48745648451635cec7d591162d9f" +checksum = "adad44e29e4c806119491a7f06f03de4d1af22c3a680dd47f1e6e179439d1f56" [[package]] name = "remove_dir_all" @@ -1732,9 +1712,9 @@ dependencies = [ [[package]] name = "reqwest" -version = "0.11.24" +version = "0.11.27" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c6920094eb85afde5e4a138be3f2de8bbdf28000f0029e72c45025a56b042251" +checksum = "dd67538700a17451e7cba03ac727fb961abb7607553461627b97de0b89cf4a62" dependencies = [ "base64", "bytes", @@ -1781,9 +1761,9 @@ dependencies = [ [[package]] name = "rustc-demangle" -version = "0.1.23" +version = "0.1.24" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d626bb9dae77e28219937af045c257c28bfd3f69333c512553507f5f9798cb76" +checksum = "719b953e2095829ee67db738b3bfa9fa368c94900df327b3f07fe6e794d2fe1f" [[package]] name = "rustix" @@ -1801,14 +1781,14 @@ dependencies = [ [[package]] name = "rustix" -version = "0.38.31" +version = "0.38.34" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6ea3e1a662af26cd7a3ba09c0297a31af215563ecf42817c98df621387f4e949" +checksum = "70dc5ec042f7a43c4a73241207cecc9873a06d45debb38b329f8541d85c2730f" dependencies = [ - "bitflags 2.4.2", + "bitflags 2.5.0", "errno", "libc", - "linux-raw-sys 0.4.13", + "linux-raw-sys 0.4.14", "windows-sys 0.52.0", ] @@ -1850,11 +1830,11 @@ dependencies = [ [[package]] name = "security-framework" -version = "2.9.2" +version = "2.11.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "05b64fb303737d99b81884b2c63433e9ae28abebe5eb5045dcdd175dc2ecf4de" +checksum = "c627723fd09706bacdb5cf41499e95098555af3c3c29d014dc3c458ef6be11c0" dependencies = [ - "bitflags 1.3.2", + "bitflags 2.5.0", "core-foundation", "core-foundation-sys", "libc", @@ -1863,9 +1843,9 @@ dependencies = [ [[package]] name = "security-framework-sys" -version = "2.9.1" +version = "2.11.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e932934257d3b408ed8f30db49d85ea163bfe74961f017f405b025af298f0c7a" +checksum = "317936bbbd05227752583946b9e66d7ce3b489f84e11a94a510b4437fef407d7" dependencies = [ "core-foundation-sys", "libc", @@ -1873,9 +1853,9 @@ dependencies = [ [[package]] name = "semver" -version = "1.0.22" +version = "1.0.23" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "92d43fe69e652f3df9bdc2b85b2854a0825b86e4fb76bc44d945137d053639ca" +checksum = "61697e0a1c7e512e84a621326239844a24d8207b4669b41bc18b32ea5cbf988b" dependencies = [ "serde", ] @@ -1962,9 +1942,9 @@ dependencies = [ [[package]] name = "socket2" -version = "0.5.6" +version = "0.5.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "05ffd9c0a93b7543e062e759284fcf5f5e3b098501104bfbdde4d404db792871" +checksum = "ce305eb0b4296696835b71df73eb912e0f1ffd2556a501fcede6e0c50349191c" dependencies = [ "libc", "windows-sys 0.52.0", @@ -2032,13 +2012,13 @@ dependencies = [ [[package]] name = "tempfile" -version = "3.10.0" +version = "3.10.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a365e8cd18e44762ef95d87f284f4b5cd04107fec2ff3052bd6a3e6069669e67" +checksum = "85b77fafb263dd9d05cbeac119526425676db3784113aa9295c88498cbf8bff1" dependencies = [ "cfg-if", "fastrand", - "rustix 0.38.31", + "rustix 0.38.34", "windows-sys 0.52.0", ] @@ -2059,18 +2039,18 @@ checksum = "3369f5ac52d5eb6ab48c6b4ffdc8efbcad6b89c765749064ba298f2c68a16a76" [[package]] name = "thiserror" -version = "1.0.57" +version = "1.0.61" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1e45bcbe8ed29775f228095caf2cd67af7a4ccf756ebff23a306bf3e8b47b24b" +checksum = "c546c80d6be4bc6a00c0f01730c08df82eaa7a7a61f11d656526506112cc1709" dependencies = [ "thiserror-impl", ] [[package]] name = "thiserror-impl" -version = "1.0.57" +version = "1.0.61" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a953cb265bef375dae3de6663da4d3804eee9682ea80d8e2542529b73c531c81" +checksum = "46c3384250002a6d5af4d114f2845d37b57521033f30d5c3f46c4d70e1197533" dependencies = [ "proc-macro2", "quote", @@ -2079,9 +2059,9 @@ dependencies = [ [[package]] name = "time" -version = "0.3.34" +version = "0.3.36" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c8248b6521bb14bc45b4067159b9b6ad792e2d6d754d6c41fb50e29fefe38749" +checksum = "5dfd88e563464686c916c7e46e623e520ddc6d79fa6641390f2e3fa86e83e885" dependencies = [ "deranged", "num-conv", @@ -2113,15 +2093,14 @@ checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20" [[package]] name = "tokio" -version = "1.36.0" +version = "1.38.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "61285f6515fa018fb2d1e46eb21223fff441ee8db5d0f1435e8ab4f5cdb80931" +checksum = "ba4f4a02a7a80d6f274636f0aa95c7e383b912d41fe721a31f29e29698585a4a" dependencies = [ "backtrace", "bytes", "libc", "mio", - "num_cpus", "pin-project-lite", "socket2", "windows-sys 0.48.0", @@ -2139,16 +2118,15 @@ dependencies = [ [[package]] name = "tokio-util" -version = "0.7.10" +version = "0.7.11" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5419f34732d9eb6ee4c3578b7989078579b7f039cbbb9ca2c4da015749371e15" +checksum = "9cf6b47b3771c49ac75ad09a6162f53ad4b8088b76ac60e8ec1455b31a189fe1" dependencies = [ "bytes", "futures-core", "futures-sink", "pin-project-lite", "tokio", - "tracing", ] [[package]] @@ -2377,15 +2355,14 @@ dependencies = [ [[package]] name = "which" -version = "6.0.0" +version = "6.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7fa5e0c10bf77f44aac573e498d1a82d5fbd5e91f6fc0a99e7be4b38e85e101c" +checksum = "8211e4f58a2b2805adfbefbc07bab82958fc91e3836339b1ab7ae32465dce0d7" dependencies = [ "either", "home", - "once_cell", - "rustix 0.38.31", - "windows-sys 0.52.0", + "rustix 0.38.34", + "winsafe", ] [[package]] @@ -2476,7 +2453,7 @@ version = "0.52.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "282be5f36a8ce781fad8c8ae18fa3f9beff57ec1b52cb3de0789201425d9a33d" dependencies = [ - "windows-targets 0.52.0", + "windows-targets 0.52.5", ] [[package]] @@ -2496,17 +2473,18 @@ dependencies = [ [[package]] name = "windows-targets" -version = "0.52.0" +version = "0.52.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8a18201040b24831fbb9e4eb208f8892e1f50a37feb53cc7ff887feb8f50e7cd" +checksum = "6f0713a46559409d202e70e28227288446bf7841d3211583a4b53e3f6d96e7eb" dependencies = [ - "windows_aarch64_gnullvm 0.52.0", - "windows_aarch64_msvc 0.52.0", - "windows_i686_gnu 0.52.0", - "windows_i686_msvc 0.52.0", - "windows_x86_64_gnu 0.52.0", - "windows_x86_64_gnullvm 0.52.0", - "windows_x86_64_msvc 0.52.0", + "windows_aarch64_gnullvm 0.52.5", + "windows_aarch64_msvc 0.52.5", + "windows_i686_gnu 0.52.5", + "windows_i686_gnullvm", + "windows_i686_msvc 0.52.5", + "windows_x86_64_gnu 0.52.5", + "windows_x86_64_gnullvm 0.52.5", + "windows_x86_64_msvc 0.52.5", ] [[package]] @@ -2523,9 +2501,9 @@ checksum = "91ae572e1b79dba883e0d315474df7305d12f569b400fcf90581b06062f7e1bc" [[package]] name = "windows_aarch64_gnullvm" -version = "0.52.0" +version = "0.52.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cb7764e35d4db8a7921e09562a0304bf2f93e0a51bfccee0bd0bb0b666b015ea" +checksum = "7088eed71e8b8dda258ecc8bac5fb1153c5cffaf2578fc8ff5d61e23578d3263" [[package]] name = "windows_aarch64_msvc" @@ -2541,9 +2519,9 @@ checksum = "b2ef27e0d7bdfcfc7b868b317c1d32c641a6fe4629c171b8928c7b08d98d7cf3" [[package]] name = "windows_aarch64_msvc" -version = "0.52.0" +version = "0.52.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bbaa0368d4f1d2aaefc55b6fcfee13f41544ddf36801e793edbbfd7d7df075ef" +checksum = "9985fd1504e250c615ca5f281c3f7a6da76213ebd5ccc9561496568a2752afb6" [[package]] name = "windows_i686_gnu" @@ -2559,9 +2537,15 @@ checksum = "622a1962a7db830d6fd0a69683c80a18fda201879f0f447f065a3b7467daa241" [[package]] name = "windows_i686_gnu" -version = "0.52.0" +version = "0.52.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "88ba073cf16d5372720ec942a8ccbf61626074c6d4dd2e745299726ce8b89670" + +[[package]] +name = "windows_i686_gnullvm" +version = "0.52.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a28637cb1fa3560a16915793afb20081aba2c92ee8af57b4d5f28e4b3e7df313" +checksum = "87f4261229030a858f36b459e748ae97545d6f1ec60e5e0d6a3d32e0dc232ee9" [[package]] name = "windows_i686_msvc" @@ -2577,9 +2561,9 @@ checksum = "4542c6e364ce21bf45d69fdd2a8e455fa38d316158cfd43b3ac1c5b1b19f8e00" [[package]] name = "windows_i686_msvc" -version = "0.52.0" +version = "0.52.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ffe5e8e31046ce6230cc7215707b816e339ff4d4d67c65dffa206fd0f7aa7b9a" +checksum = "db3c2bf3d13d5b658be73463284eaf12830ac9a26a90c717b7f771dfe97487bf" [[package]] name = "windows_x86_64_gnu" @@ -2595,9 +2579,9 @@ checksum = "ca2b8a661f7628cbd23440e50b05d705db3686f894fc9580820623656af974b1" [[package]] name = "windows_x86_64_gnu" -version = "0.52.0" +version = "0.52.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3d6fa32db2bc4a2f5abeacf2b69f7992cd09dca97498da74a151a3132c26befd" +checksum = "4e4246f76bdeff09eb48875a0fd3e2af6aada79d409d33011886d3e1581517d9" [[package]] name = "windows_x86_64_gnullvm" @@ -2613,9 +2597,9 @@ checksum = "7896dbc1f41e08872e9d5e8f8baa8fdd2677f29468c4e156210174edc7f7b953" [[package]] name = "windows_x86_64_gnullvm" -version = "0.52.0" +version = "0.52.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1a657e1e9d3f514745a572a6846d3c7aa7dbe1658c056ed9c3344c4109a6949e" +checksum = "852298e482cd67c356ddd9570386e2862b5673c85bd5f88df9ab6802b334c596" [[package]] name = "windows_x86_64_msvc" @@ -2631,9 +2615,9 @@ checksum = "1a515f5799fe4961cb532f983ce2b23082366b898e52ffbce459c86f67c8378a" [[package]] name = "windows_x86_64_msvc" -version = "0.52.0" +version = "0.52.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dff9641d1cd4be8d1a070daf9e3773c5f67e78b4d9d42263020c057706765c04" +checksum = "bec47e5bfd1bff0eeaf6d8b485cc1074891a197ab4225d504cb7a1ab88b02bf0" [[package]] name = "winreg" @@ -2645,6 +2629,12 @@ dependencies = [ "windows-sys 0.48.0", ] +[[package]] +name = "winsafe" +version = "0.0.19" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d135d17ab770252ad95e9a872d365cf3090e3be864a34ab46f48555993efc904" + [[package]] name = "xmlparser" version = "0.13.5" @@ -2701,9 +2691,9 @@ dependencies = [ [[package]] name = "zstd-sys" -version = "2.0.9+zstd.1.5.5" +version = "2.0.10+zstd.1.5.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9e16efa8a874a0481a574084d34cc26fdb3b99627480f785888deb6386506656" +checksum = "c253a4914af5bafc8fa8c86ee400827e83cf6ec01195ec1f1ed8441bf00d65aa" dependencies = [ "cc", "pkg-config", diff --git a/creusot/src/backend/program.rs b/creusot/src/backend/program.rs index 3be1900fe3..fd4956bd04 100644 --- a/creusot/src/backend/program.rs +++ b/creusot/src/backend/program.rs @@ -480,7 +480,29 @@ impl<'tcx> RValue<'tcx> { // // Hack // translate_ty(ctx, names, DUMMY_SP, op_ty); } - RValue::UnaryOp(UnOp::Not, arg) => arg.to_why(lower, istmts).not(), + RValue::UnaryOp(UnOp::Not, arg) => { + let a_ty = arg.ty(lower.ctx.tcx, lower.locals); + match a_ty.kind() { + TyKind::Bool => arg.to_why(lower, istmts).not(), + TyKind::Int(_) | TyKind::Uint(_) => { + let prelude: PreludeModule = match a_ty.kind() { + TyKind::Int(ity) => int_to_prelude(*ity), + TyKind::Uint(uty) => uint_to_prelude(*uty), + _ => unreachable!("this is not an executable path {ty:?}"), + }; + + lower.names.import_prelude_module(prelude); + let mut module = prelude.qname(); + module.push_ident("bw_not"); + let fname = module.without_search_path(); + let call = coma::Expr::Symbol(fname); + let args = vec![Arg::Term(arg.to_why(lower, istmts))]; + istmts.push(IntermediateStmt::call("_ret'".into(), lower.ty(ty), call, args)); + Exp::var("_ret'") + } + _ => unreachable!("the not operator is not supported for {ty:?}"), + } + }, RValue::UnaryOp(UnOp::Neg, arg) => { let prelude: PreludeModule = match ty.kind() { TyKind::Int(ity) => int_to_prelude(*ity), diff --git a/creusot/src/backend/term.rs b/creusot/src/backend/term.rs index 9eedacd54f..bb60157503 100644 --- a/creusot/src/backend/term.rs +++ b/creusot/src/backend/term.rs @@ -1,10 +1,9 @@ use super::{program::borrow_generated_id, Why3Generator}; use crate::{ - backend::ty::{floatty_to_ty, intty_to_ty, translate_ty, uintty_to_ty}, + backend::{program::{int_to_prelude, uint_to_prelude}, ty::{floatty_to_ty, intty_to_ty, translate_ty, uintty_to_ty}}, ctx::*, pearlite::{self, Literal, Pattern, Term, TermKind}, - util, - util::get_builtin, + util::{self, get_builtin}, }; use rustc_hir::{def::DefKind, def_id::DefId}; use rustc_middle::ty::{EarlyBinder, GenericArgsRef, Ty, TyCtxt, TyKind}; @@ -68,6 +67,32 @@ impl<'tcx, N: Namer<'tcx>> Lower<'_, 'tcx, N> { match op { Div => Exp::var("div").app(vec![lhs, rhs]), Rem => Exp::var("mod").app(vec![lhs, rhs]), + BitAnd | BitOr | BitXor | Shl | Shr => { + let ty_kind = term.creusot_ty().kind(); + let prelude: PreludeModule = match ty_kind { + TyKind::Int(ity) => int_to_prelude(*ity), + TyKind::Uint(uty) => uint_to_prelude(*uty), + _ => unreachable!("the bitwise operator are only available on integer"), + }; + + self.names.import_prelude_module(prelude); + + let func_name = match (op, ty_kind) { + (BitAnd, _) => "bw_and", + (BitOr, _) => "bw_or", + (BitXor, _) => "bw_xor", + (Shl, _) => "lsl_bv", + (Shr, TyKind::Int(_)) => "asr_bv", + (Shr, TyKind::Uint(_)) => "lsr_bv", + _ => unreachable!("this is not an executable path"), + }; + + let mut module = prelude.qname(); + module.push_ident(func_name); + let fname = module.without_search_path(); + + Exp::qvar(fname).app(vec![lhs, rhs]) + }, _ => Exp::BinaryOp(binop_to_binop(*op), Box::new(lhs), Box::new(rhs)), } } @@ -307,6 +332,11 @@ pub(crate) fn binop_to_binop(op: pearlite::BinOp) -> why3::exp::BinOp { pearlite::BinOp::Ne => BinOp::Ne, pearlite::BinOp::And => BinOp::LogAnd, pearlite::BinOp::Or => BinOp::LogOr, + pearlite::BinOp::BitAnd => BinOp::BitAnd, + pearlite::BinOp::BitOr => BinOp::BitOr, + pearlite::BinOp::BitXor => BinOp::BitXor, + pearlite::BinOp::Shl => BinOp::Shl, + pearlite::BinOp::Shr => BinOp::Shr, pearlite::BinOp::Div => todo!("Refactor binop_to_binop to support Div"), pearlite::BinOp::Rem => todo!("Refactor binop_to_binop to support Rem"), } diff --git a/creusot/src/backend/ty.rs b/creusot/src/backend/ty.rs index 1aada49988..a139d1eaea 100644 --- a/creusot/src/backend/ty.rs +++ b/creusot/src/backend/ty.rs @@ -931,19 +931,19 @@ pub(crate) fn single_ty() -> MlT { } pub(crate) fn u8_ty() -> MlT { - MlT::TConstructor(QName::from_string("uint8").unwrap()) + MlT::TConstructor(QName::from_string("UInt8.t").unwrap()) } pub(crate) fn u16_ty() -> MlT { - MlT::TConstructor(QName::from_string("uint16").unwrap()) + MlT::TConstructor(QName::from_string("UInt16.t").unwrap()) } pub(crate) fn u32_ty() -> MlT { - MlT::TConstructor(QName::from_string("uint32").unwrap()) + MlT::TConstructor(QName::from_string("UInt32.t").unwrap()) } pub(crate) fn u64_ty() -> MlT { - MlT::TConstructor(QName::from_string("uint64").unwrap()) + MlT::TConstructor(QName::from_string("UInt64.t").unwrap()) } pub(crate) fn u128_ty() -> MlT { diff --git a/creusot/src/translation/pearlite.rs b/creusot/src/translation/pearlite.rs index de31406e3a..e19d55608c 100644 --- a/creusot/src/translation/pearlite.rs +++ b/creusot/src/translation/pearlite.rs @@ -55,6 +55,8 @@ pub enum BinOp { BitXor, BitAnd, BitOr, + Shl, + Shr, Lt, Le, Ge, @@ -339,18 +341,8 @@ impl<'a, 'tcx> ThirTerm<'a, 'tcx> { mir::BinOp::BitXor => BinOp::BitXor, mir::BinOp::BitAnd => BinOp::BitAnd, mir::BinOp::BitOr => BinOp::BitOr, - mir::BinOp::Shl | mir::BinOp::ShlUnchecked => { - return Err(Error::new( - self.thir[expr].span, - "shifts are currently unsupported", - )) - } - mir::BinOp::Shr | mir::BinOp::ShrUnchecked => { - return Err(Error::new( - self.thir[expr].span, - "shifts are currently unsupported", - )) - } + mir::BinOp::Shl | mir::BinOp::ShlUnchecked => BinOp::Shl, + mir::BinOp::Shr | mir::BinOp::ShrUnchecked => BinOp::Shr, mir::BinOp::Lt => BinOp::Lt, mir::BinOp::Le => BinOp::Le, mir::BinOp::Ge => BinOp::Ge, diff --git a/mlcfg b/mlcfg index b7bb899def..2b1eb9ebed 100755 --- a/mlcfg +++ b/mlcfg @@ -8,7 +8,7 @@ SCRIPTPATH=$(dirname "$BASH_SOURCE") pushd $SCRIPTPATH > /dev/null eval $(cargo run --bin dev-env) cargo run --bin creusot-rustc -- \ - --why3-config-file $WHY3CONFIG \ + --why3-config-file "$WHY3CONFIG" \ --output-file="${INPUTPATH%.*}.coma" \ --span-mode=absolute \ -- -Zno-codegen \ diff --git a/prelude/prelude.coma b/prelude/prelude.coma index 306e99b70f..d39f9390d1 100644 --- a/prelude/prelude.coma +++ b/prelude/prelude.coma @@ -382,217 +382,225 @@ end (* Unsigned Integers *) module UInt8 - use int.Int - - type uint8 = < range -0x0 0xff > - - constant min : int = - 0x0 - constant max : int = 0xff - - function to_int (x : uint8) : int = uint8'int x - meta coercion function to_int - meta "model_projection" function to_int - - predicate in_bounds (n:int) = min <= n <= max - - axiom to_int_in_bounds: forall n:uint8. in_bounds n - - let of_int (n:int) { [@expl:integer overflow] in_bounds n } - (ret (result : uint8) { result = n }) = any - - let add (a:uint8) (b:uint8) { [@expl:integer overflow] in_bounds (a + b) } (ret (result : uint8) { result = a + b }) = any - - let sub (a:uint8) (b:uint8) { [@expl:integer overflow] in_bounds (a - b) } (ret (result : uint8) { result = a - b }) = any - - let mul (a:uint8) (b:uint8) { [@expl:integer overflow] in_bounds (a * b) } (ret (result : uint8) { result = a * b }) = any - - let neg (a:uint8) { [@expl:integer overflow] in_bounds (- a) } (ret (result : uint8) { result = - a }) = any - - axiom extensionality: forall x y: uint8. to_int x = to_int y -> x = y - - let eq (a:uint8) (b:uint8) (ret (result : bool) { result <-> a = b } { to_int a = to_int b -> result }) = any - - let ne (a:uint8) (b:uint8) (ret (result : bool) { result <-> a <> b } { to_int a <> to_int b -> result }) = any - - let le (a:uint8) (b:uint8) (ret (result : bool) { result <-> to_int a <= to_int b }) = any - - let lt (a:uint8) (b:uint8) (ret (result : bool) { result <-> to_int a < to_int b }) = any - - let ge (a:uint8) (b:uint8) (ret (result : bool) { result <-> to_int a >= to_int b }) = any - - let gt (a:uint8) (b:uint8) (ret (result : bool) { result <-> to_int a > to_int b }) = any - - use int.ComputerDivision - - let div (a:uint8) (b:uint8) - { [@expl:division by zero] b <> 0 } - { [@expl:integer overflow] in_bounds (div a b) } - (ret (result : uint8) { result = div a b }) = any - - let rem (a:uint8) (b:uint8) - { [@expl:division by zero] b <> 0 } - { [@expl:integer overflow] in_bounds (mod a b) } - (ret (result : uint8) { result = mod a b }) = any + use export bv.BV8 + use bv.BV128 as BV128 + use bv.BVConverter_8_128 + use int.Int + use int.EuclideanDivision as ED + + constant max_uint : t = 0xFF + function uto_bv128 (x: t) : BV128.t = toBig x + constant max_uint_as_bv128 : BV128.t = uto_bv128 max_uint + + function to_uint(x:t): int = t'int x + + let eq (a: t) (b: t) (ret (result: bool) { result <-> to_uint a = to_uint b } { result <-> a = b }) = any + let ne (a: t) (b: t) (ret (result: bool) { result <-> to_uint a <> to_uint b } { result <-> a <> b }) = any + let le (a: t) (b: t) (ret (result: bool) { result <-> to_uint a <= to_uint b } { result <-> ule a b }) = any + let lt (a: t) (b: t) (ret (result: bool) { result <-> to_uint a < to_uint b } { result <-> ult a b }) = any + let ge (a: t) (b: t) (ret (result: bool) { result <-> to_uint a >= to_uint b } { result <-> uge a b }) = any + let gt (a: t) (b: t) (ret (result: bool) { result <-> to_uint a > to_uint b } { result <-> ugt a b }) = any + + let add (a:t) (b:t) + { [@expl:arithmetic overflow] to_uint a + to_uint b < two_power_size \/ BV128.ule (BV128.add (uto_bv128 a) (uto_bv128 b)) max_uint_as_bv128 } + (ret (result :t) { to_uint result = to_uint a + to_uint b } { result = add a b }) + = any + let sub (a:t) (b:t) + { [@expl:arithmetic overflow] to_uint a >= to_uint b \/ uge a b } + (ret (result: t) { to_uint result = to_uint a - to_uint b } { result = sub a b }) + = any + let mul (a:t) (b:t) + { [@expl:arithmetic overflow] to_uint a * to_uint b < two_power_size \/ BV128.ule (BV128.mul (uto_bv128 a) (uto_bv128 b)) max_uint_as_bv128 } + (ret (result: t) { result = mul a b } { to_int result = to_uint a * to_uint b }) + = any + let div (a:t) (b:t) + { [@expl:division by zero] b <> zeros \/ to_uint b <> 0 } + (ret (result: t) { to_uint result = ED.div (to_uint a) (to_uint b) } { result = udiv a b }) + = any + let rem (a:t) (b:t) + { [@expl:remainder by zero] b <> zeros \/ to_uint b <> 0 } + (ret (result: t) { to_uint result = ED.mod (to_uint a) (to_uint b) } { result = urem a b }) + = any + + let bw_and (a:t) (b:t) (ret (result :t)) = ret { bw_and a b } + let bw_or (a:t) (b:t) (ret (result :t)) = ret { bw_or a b } + let bw_xor (a:t) (b:t) (ret (result :t)) = ret { bw_xor a b } + let bw_not (a:t) (ret (result :t)) = ret { bw_not a } + let shl (a:t) (b:t) + { [@expl:out-of-bounds shifting] ult b size_bv \/ to_uint b < size } + (ret (result :t) { result = lsl_bv a b } { result = lsl a (to_uint b) }) + = any + let shr (a:t) (b:t) + { [@expl:out-of-bounds shifting] ult b size_bv \/ to_uint b < size } + (ret (result :t) { result = lsr_bv a b } { result = lsr a (to_uint b) }) + = any end module UInt16 - use int.Int - - type uint16 = < range -0x0 0xffff > - - constant min : int = - 0x0 - constant max : int = 0xffff - - function to_int (x : uint16) : int = uint16'int x - meta coercion function to_int - meta "model_projection" function to_int - - predicate in_bounds (n:int) = min <= n <= max - - axiom to_int_in_bounds: forall n:uint16. in_bounds n - - let of_int (n:int) { [@expl:integer overflow] in_bounds n } - (ret (result :uint16) { result = n }) = any - - let add (a:uint16) (b:uint16) { [@expl:integer overflow] in_bounds (a + b) } (ret (result :uint16) { result = a + b }) = any - - let sub (a:uint16) (b:uint16) { [@expl:integer overflow] in_bounds (a - b) } (ret (result :uint16) { result = a - b }) = any - - let mul (a:uint16) (b:uint16) { [@expl:integer overflow] in_bounds (a * b) } (ret (result :uint16) { result = a * b }) = any - - let neg (a:uint16) { [@expl:integer overflow] in_bounds (- a) } (ret (result :uint16) { result = - a }) = any - - axiom extensionality: forall x y: uint16. to_int x = to_int y -> x = y - - let eq (a:uint16) (b:uint16) (ret (result : bool) { result <-> a = b } { to_int a = to_int b -> result }) = any - - let ne (a:uint16) (b:uint16) (ret (result : bool) { result <-> a <> b } { to_int a <> to_int b -> result }) = any - - let le (a:uint16) (b:uint16) (ret (result : bool) { result <-> to_int a <= to_int b }) = any - - let lt (a:uint16) (b:uint16) (ret (result : bool) { result <-> to_int a < to_int b }) = any - - let ge (a:uint16) (b:uint16) (ret (result : bool) { result <-> to_int a >= to_int b }) = any - - let gt (a:uint16) (b:uint16) (ret (result : bool) { result <-> to_int a > to_int b }) = any - - use int.ComputerDivision - - let div (a:uint16) (b:uint16) - { [@expl:division by zero] b <> 0 } - { [@expl:integer overflow] in_bounds (div a b) } - (ret (result :uint16) { result = div a b }) = any - - let rem (a:uint16) (b:uint16) - { [@expl:division by zero] b <> 0 } - { [@expl:integer overflow] in_bounds (mod a b) } - (ret (result :uint16) { result = mod a b }) = any + use export bv.BV16 + use bv.BV128 as BV128 + use bv.BVConverter_16_128 + use int.Int + use int.EuclideanDivision as ED + + constant max_uint : t = 0xFFFF + function uto_bv128 (x: t) : BV128.t = toBig x + constant max_uint_as_bv128 : BV128.t = uto_bv128 max_uint + + function to_uint(x:t): int = t'int x + + let eq (a: t) (b: t) (ret (result: bool) { result <-> to_uint a = to_uint b } { result <-> a = b }) = any + let ne (a: t) (b: t) (ret (result: bool) { result <-> to_uint a <> to_uint b } { result <-> a <> b }) = any + let le (a: t) (b: t) (ret (result: bool) { result <-> to_uint a <= to_uint b } { result <-> ule a b }) = any + let lt (a: t) (b: t) (ret (result: bool) { result <-> to_uint a < to_uint b } { result <-> ult a b }) = any + let ge (a: t) (b: t) (ret (result: bool) { result <-> to_uint a >= to_uint b } { result <-> uge a b }) = any + let gt (a: t) (b: t) (ret (result: bool) { result <-> to_uint a > to_uint b } { result <-> ugt a b }) = any + + let add (a:t) (b:t) + { [@expl:arithmetic overflow] to_uint a + to_uint b < two_power_size \/ BV128.ule (BV128.add (uto_bv128 a) (uto_bv128 b)) max_uint_as_bv128 } + (ret (result :t) { to_uint result = to_uint a + to_uint b } { result = add a b }) + = any + let sub (a:t) (b:t) + { [@expl:arithmetic overflow] to_uint a >= to_uint b \/ uge a b } + (ret (result: t) { to_uint result = to_uint a - to_uint b } { result = sub a b }) + = any + let mul (a:t) (b:t) + { [@expl:arithmetic overflow] to_uint a * to_uint b < two_power_size \/ BV128.ule (BV128.mul (uto_bv128 a) (uto_bv128 b)) max_uint_as_bv128 } + (ret (result: t) { result = mul a b } { to_int result = to_uint a * to_uint b }) + = any + let div (a:t) (b:t) + { [@expl:division by zero] b <> zeros \/ to_uint b <> 0 } + (ret (result: t) { to_uint result = ED.div (to_uint a) (to_uint b) } { result = udiv a b }) + = any + let rem (a:t) (b:t) + { [@expl:remainder by zero] b <> zeros \/ to_uint b <> 0 } + (ret (result: t) { to_uint result = ED.mod (to_uint a) (to_uint b) } { result = urem a b }) + = any + + let bw_and (a:t) (b:t) (ret (result :t)) = ret { bw_and a b } + let bw_or (a:t) (b:t) (ret (result :t)) = ret { bw_or a b } + let bw_xor (a:t) (b:t) (ret (result :t)) = ret { bw_xor a b } + let bw_not (a:t) (ret (result :t)) = ret { bw_not a } + let shl (a:t) (b:t) + { [@expl:out-of-bounds shifting] ult b size_bv \/ to_uint b < size } + (ret (result :t) { result = lsl_bv a b } { result = lsl a (to_uint b) }) + = any + let shr (a:t) (b:t) + { [@expl:out-of-bounds shifting] ult b size_bv \/ to_uint b < size } + (ret (result :t) { result = lsr_bv a b } { result = lsr a (to_uint b) }) + = any end module UInt32 - use int.Int - - type uint32 = < range -0x0 0xffff_ffff > - - constant min : int = - 0x0 - constant max : int = 0xffff_ffff - - function to_int (x : uint32) : int = uint32'int x - meta coercion function to_int - meta "model_projection" function to_int - - predicate in_bounds (n:int) = min <= n <= max - - axiom to_int_in_bounds: forall n:uint32. in_bounds n - - let of_int (n:int) { [@expl:integer overflow] in_bounds n } - (ret (result :uint32) { result = n }) = any - - let add (a:uint32) (b:uint32) { [@expl:integer overflow] in_bounds (a + b) } (ret (result :uint32) { result = a + b }) = any - - let sub (a:uint32) (b:uint32) { [@expl:integer overflow] in_bounds (a - b) } (ret (result :uint32) { result = a - b }) = any - - let mul (a:uint32) (b:uint32) { [@expl:integer overflow] in_bounds (a * b) } (ret (result :uint32) { result = a * b }) = any - - let neg (a:uint32) { [@expl:integer overflow] in_bounds (- a) } (ret (result :uint32) { result = - a }) = any - - axiom extensionality: forall x y: uint32. to_int x = to_int y -> x = y - - let eq (a:uint32) (b:uint32) (ret (result : bool) { result <-> a = b } { to_int a = to_int b -> result }) = any - - let ne (a:uint32) (b:uint32) (ret (result : bool) { result <-> a <> b } { to_int a <> to_int b -> result }) = any - - let le (a:uint32) (b:uint32) (ret (result : bool) { result <-> to_int a <= to_int b }) = any - - let lt (a:uint32) (b:uint32) (ret (result : bool) { result <-> to_int a < to_int b }) = any - - let ge (a:uint32) (b:uint32) (ret (result : bool) { result <-> to_int a >= to_int b }) = any - - let gt (a:uint32) (b:uint32) (ret (result : bool) { result <-> to_int a > to_int b }) = any - - use int.ComputerDivision - - let div (a:uint32) (b:uint32) - { [@expl:division by zero] b <> 0 } - { [@expl:integer overflow] in_bounds (div a b) } - (ret (result :uint32) { result = div a b }) = any - - let rem (a:uint32) (b:uint32) - { [@expl:division by zero] b <> 0 } - { [@expl:integer overflow] in_bounds (mod a b) } - (ret (result :uint32) { result = mod a b }) = any + use export bv.BV32 + use bv.BV128 as BV128 + use bv.BVConverter_32_128 + use int.Int + use int.EuclideanDivision as ED + + constant max_uint : t = 0xFFFFFFFF + function uto_bv128 (x: t) : BV128.t = toBig x + constant max_uint_as_bv128 : BV128.t = uto_bv128 max_uint + + function to_uint(x:t): int = t'int x + + let eq (a: t) (b: t) (ret (result: bool) { result <-> to_uint a = to_uint b } { result <-> a = b }) = any + let ne (a: t) (b: t) (ret (result: bool) { result <-> to_uint a <> to_uint b } { result <-> a <> b }) = any + let le (a: t) (b: t) (ret (result: bool) { result <-> to_uint a <= to_uint b } { result <-> ule a b }) = any + let lt (a: t) (b: t) (ret (result: bool) { result <-> to_uint a < to_uint b } { result <-> ult a b }) = any + let ge (a: t) (b: t) (ret (result: bool) { result <-> to_uint a >= to_uint b } { result <-> uge a b }) = any + let gt (a: t) (b: t) (ret (result: bool) { result <-> to_uint a > to_uint b } { result <-> ugt a b }) = any + + let add (a:t) (b:t) + { [@expl:arithmetic overflow] to_uint a + to_uint b < two_power_size \/ BV128.ule (BV128.add (uto_bv128 a) (uto_bv128 b)) max_uint_as_bv128 } + (ret (result :t) { to_uint result = to_uint a + to_uint b } { result = add a b }) + = any + let sub (a:t) (b:t) + { [@expl:arithmetic overflow] to_uint a >= to_uint b \/ uge a b } + (ret (result: t) { to_uint result = to_uint a - to_uint b } { result = sub a b }) + = any + let mul (a:t) (b:t) + { [@expl:arithmetic overflow] to_uint a * to_uint b < two_power_size \/ BV128.ule (BV128.mul (uto_bv128 a) (uto_bv128 b)) max_uint_as_bv128 } + (ret (result: t) { result = mul a b } { to_int result = to_uint a * to_uint b }) + = any + let div (a:t) (b:t) + { [@expl:division by zero] b <> zeros \/ to_uint b <> 0 } + (ret (result: t) { to_uint result = ED.div (to_uint a) (to_uint b) } { result = udiv a b }) + = any + let rem (a:t) (b:t) + { [@expl:remainder by zero] b <> zeros \/ to_uint b <> 0 } + (ret (result: t) { to_uint result = ED.mod (to_uint a) (to_uint b) } { result = urem a b }) + = any + + let bw_and (a:t) (b:t) (ret (result :t)) = ret { bw_and a b } + let bw_or (a:t) (b:t) (ret (result :t)) = ret { bw_or a b } + let bw_xor (a:t) (b:t) (ret (result :t)) = ret { bw_xor a b } + let bw_not (a:t) (ret (result :t)) = ret { bw_not a } + let shl (a:t) (b:t) + { [@expl:out-of-bounds shifting] ult b size_bv \/ to_uint b < size } + (ret (result :t) { result = lsl_bv a b } { result = lsl a (to_uint b) }) + = any + let shr (a:t) (b:t) + { [@expl:out-of-bounds shifting] ult b size_bv \/ to_uint b < size } + (ret (result :t) { result = lsr_bv a b } { result = lsr a (to_uint b) }) + = any end module UInt64 - use int.Int - - type uint64 = < range -0x0 0xffff_ffff_ffff_ffff > - - constant min : int = - 0x0 - constant max : int = 0xffff_ffff_ffff_ffff - - function to_int (x : uint64) : int = uint64'int x - meta coercion function to_int - meta "model_projection" function to_int - - predicate in_bounds (n:int) = min <= n <= max - - axiom to_int_in_bounds: forall n:uint64. in_bounds n - - let of_int (n:int) { [@expl:integer overflow] in_bounds n } - (ret (result :uint64) { result = n }) = any - - let add (a:uint64) (b:uint64) { [@expl:integer overflow] in_bounds (a + b) } (ret (result :uint64) { result = a + b }) = any - - let sub (a:uint64) (b:uint64) { [@expl:integer overflow] in_bounds (a - b) } (ret (result :uint64) { result = a - b }) = any - - let mul (a:uint64) (b:uint64) { [@expl:integer overflow] in_bounds (a * b) } (ret (result :uint64) { result = a * b }) = any - - let neg (a:uint64) { [@expl:integer overflow] in_bounds (- a) } (ret (result :uint64) { result = - a }) = any - - axiom extensionality: forall x y: uint64. to_int x = to_int y -> x = y - - let eq (a:uint64) (b:uint64) (ret (result : bool) { result <-> a = b } { to_int a = to_int b -> result }) = any - - let ne (a:uint64) (b:uint64) (ret (result : bool) { result <-> a <> b } { to_int a <> to_int b -> result }) = any - - let le (a:uint64) (b:uint64) (ret (result : bool) { result <-> to_int a <= to_int b }) = any - - let lt (a:uint64) (b:uint64) (ret (result : bool) { result <-> to_int a < to_int b }) = any - - let ge (a:uint64) (b:uint64) (ret (result : bool) { result <-> to_int a >= to_int b }) = any + use export bv.BV64 + use bv.BV128 as BV128 + use bv.BVConverter_64_128 + use int.Int + use int.EuclideanDivision as ED + + constant max_uint : t = 0xFFFFFFFFFFFFFFFF + function uto_bv128 (x: t) : BV128.t = toBig x + constant max_uint_as_bv128 : BV128.t = uto_bv128 max_uint + + function to_uint(x:t): int = t'int x + + let eq (a: t) (b: t) (ret (result: bool) { result <-> to_uint a = to_uint b } { result <-> a = b }) = any + let ne (a: t) (b: t) (ret (result: bool) { result <-> to_uint a <> to_uint b } { result <-> a <> b }) = any + let le (a: t) (b: t) (ret (result: bool) { result <-> to_uint a <= to_uint b } { result <-> ule a b }) = any + let lt (a: t) (b: t) (ret (result: bool) { result <-> to_uint a < to_uint b } { result <-> ult a b }) = any + let ge (a: t) (b: t) (ret (result: bool) { result <-> to_uint a >= to_uint b } { result <-> uge a b }) = any + let gt (a: t) (b: t) (ret (result: bool) { result <-> to_uint a > to_uint b } { result <-> ugt a b }) = any + + let add (a:t) (b:t) + { [@expl:arithmetic overflow] to_uint a + to_uint b < two_power_size \/ BV128.ule (BV128.add (uto_bv128 a) (uto_bv128 b)) max_uint_as_bv128 } + (ret (result :t) { to_uint result = to_uint a + to_uint b } { result = add a b }) + = any + let sub (a:t) (b:t) + { [@expl:arithmetic overflow] to_uint a >= to_uint b \/ uge a b } + (ret (result: t) { to_uint result = to_uint a - to_uint b } { result = sub a b }) + = any + let mul (a:t) (b:t) + { [@expl:arithmetic overflow] to_uint a * to_uint b < two_power_size \/ BV128.ule (BV128.mul (uto_bv128 a) (uto_bv128 b)) max_uint_as_bv128 } + (ret (result: t) { result = mul a b } { to_int result = to_uint a * to_uint b }) + = any + let div (a:t) (b:t) + { [@expl:division by zero] b <> zeros \/ to_uint b <> 0 } + (ret (result: t) { to_uint result = ED.div (to_uint a) (to_uint b) } { result = udiv a b }) + = any + let rem (a:t) (b:t) + { [@expl:remainder by zero] b <> zeros \/ to_uint b <> 0 } + (ret (result: t) { to_uint result = ED.mod (to_uint a) (to_uint b) } { result = urem a b }) + = any + + let bw_and (a:t) (b:t) (ret (result :t)) = ret { bw_and a b } + let bw_or (a:t) (b:t) (ret (result :t)) = ret { bw_or a b } + let bw_xor (a:t) (b:t) (ret (result :t)) = ret { bw_xor a b } + let bw_not (a:t) (ret (result :t)) = ret { bw_not a } + let shl (a:t) (b:t) + { [@expl:out-of-bounds shifting] ult b size_bv \/ to_uint b < size } + (ret (result :t) { result = lsl_bv a b } { result = lsl a (to_uint b) }) + = any + let shr (a:t) (b:t) + { [@expl:out-of-bounds shifting] ult b size_bv \/ to_uint b < size } + (ret (result :t) { result = lsr_bv a b } { result = lsr a (to_uint b) }) + = any +end - let gt (a:uint64) (b:uint64) (ret (result : bool) { result <-> to_int a > to_int b }) = any - use int.ComputerDivision - let div (a:uint64) (b:uint64) - { [@expl:division by zero] b <> 0 } - { [@expl:integer overflow] in_bounds (div a b) } - (ret (result :uint64) { result = div a b }) = any - let rem (a:uint64) (b:uint64) - { [@expl:division by zero] b <> 0 } - { [@expl:integer overflow] in_bounds (mod a b) } - (ret (result :uint64) { result = mod a b }) = any -end module UInt128 use int.Int diff --git a/test_bitwise.rs b/test_bitwise.rs new file mode 100644 index 0000000000..a0b86efdf9 --- /dev/null +++ b/test_bitwise.rs @@ -0,0 +1,167 @@ +extern crate creusot_contracts; +use creusot_contracts::*; + +pub fn bitwise_test_constant() { + let l: u16 = 0xC; + let r: u16 = 0xA; + + let result_and: u16 = l & r; + let result_or: u16 = l | r; + let result_xor: u16 = l ^ r; + let result_not: u16 = !l; + + if result_and != 0x8 { + assert!(false); + } + + if result_or != 0xE { + assert!(false); + } + + if result_xor != 0x6 { + assert!(false); + } + + if result_not != 0xFFF3 { + assert!(false); + } +} + +#[allow(arithmetic_overflow)] +pub fn bitwise_test_shift() { + let a: u16 = 0xFFFF; + + let result_l3: u16 = a << 3u16; + // let result_l16: u16 = a << 16u16; + let result_r6: u16 = a >> 6u16; + + if result_l3 != 0xFFF8 { + assert!(false); + } + + if result_r6 != 0x3FF { + assert!(false); + } +} + +#[requires(l@<100)] +#[requires(r@<100)] +pub fn bitwise_add(l: u16, r: u16) -> u16 { + l + r +} + + +#[requires(l@<200)] +#[requires(l@>100)] +#[requires(r@<100)] +pub fn bitwise_sub(l: u16, r: u16) -> u16 { + l - r +} + +#[requires(l@<100)] +#[requires(r@<100)] +pub fn bitwise_mul(l: u16, r: u16) -> u16 { + l * r +} + +#[requires(l@<100)] +#[requires(r@<100)] +#[requires(r@ != 0)] +pub fn bitwise_div(l: u16, r: u16) -> u16 { + l / r +} + +#[requires(l@<100)] +#[requires(r@<100)] +#[requires(r@ != 0)] +pub fn bitwise_mod(l: u16, r: u16) -> u16 { + l % r +} + +// #[requires(l@<100)] +// pub fn bitwise_neg(l: u16) -> u16 { +// let r:i32 = -l; +// r +// } +// operateur neg + +#[requires(l@<=50)] +#[requires(r@>50)] +#[ensures(l@ bool { + l < r +} + +#[requires(l@<=50)] +#[requires(r@>=50)] +#[ensures(l@<=r@)] +pub fn bitwise_le(l: u16, r: u16) -> bool { + l <= r +} + + +#[requires(l@>=50)] +#[requires(r@<50)] +#[ensures(l@>r@)] +pub fn bitwise_gt(l: u16, r: u16) -> bool { + l > r +} + +#[requires(l@>=50)] +#[requires(r@<=50)] +#[ensures(l@>=r@)] +pub fn bitwise_ge(l: u16, r: u16) -> bool { + l >= r +} + + + +#[ensures(result == l & r)] +pub fn bitwise_and(l: u16, r: u16) -> u16 { + l & r +} + +#[ensures(result == l << 3u16)] +pub fn bitwise_shl_3(l: u16) -> u16 { + l << 3u16 +} + +// pub fn bitwise_add(l: u16, r: u16) -> u16 { +// l + r +// } + +/* +#[requires(l@<100)] +#[requires(r@<100)] +#[ensures(result == l & r)] +pub fn bitwise_and2(l: i16, r: i16) -> i16 { + l & r +} +*/ + +// extern crate creusot_contracts; +// use creusot_contracts::*; +// /* +// #[ensures(result == (a@ <= 100))] +// pub fn test_literal_i32(a: i32) -> bool { +// a <= 100 +// }*/ + +// /* +// #[requires(l@ < 100)] +// #[requires(r@ < 100)] +// #[ensures(result == l & r)]*/ +// pub fn bitwise_and(l: u16, r: u16) -> u16 { +// l & r +// } + + + +// /* +// #[requires(l@<100)] +// #[requires(r@<100)] +// #[ensures(result == l & r)] +// pub fn bitwise_and2(l: i16, r: i16) -> i16 { +// l & r +// } +// */ \ No newline at end of file diff --git a/test_bitwise/why3session.xml b/test_bitwise/why3session.xml new file mode 100644 index 0000000000..db9ac4e5e6 --- /dev/null +++ b/test_bitwise/why3session.xml @@ -0,0 +1,142 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/test_bitwise/why3shapes.gz b/test_bitwise/why3shapes.gz new file mode 100644 index 0000000000000000000000000000000000000000..1fc7e92633f34b4624443c989a4f73724dde4008 GIT binary patch literal 1634 zcmV-o2A%mIiwFP!00000|E*U`Pa8=PzR$1laW|_-U0wZLB}iOQa|xG-E9xh)WH9j~ zB>DAQJ+_%1dx*&@;=oKjzWVAp@YlQ9`ip)E%wTF;k{|IXCx-QV3O|Ivr%JO7v> z@CYoLuOwOJ^>(rGpI6)5jbE>;!)AH6oj-0yjt5~hjmMQ=taJBiA7r`O#{ltl)8&V! z&5ygDRL`P~Il-!Q=L1i~Id(hfUc5k5iv>x0-lQ7%*C3-T%g~ zpkMoNcOd-d?b9N&-J9H3tiEv8syG~qIf@k3Z?vl+c*tJunltc=N=lB@9unVDnJUO- zwYilC)%8x()43k3+EBM*h*0IXq9=MVy{c|@hj2-cW}j(&)`M6zVmTD9zKT(as|4G2 zQ~@7#u1aA4o9#f(jK$^DG+mw@!po`Iz3i(ALp4v<;d*B<6cygOZr775d;qw*>imZn zWAy9!&wS&l+4Q^xbywfJ<#zLaS>A``_A#yLPRz?@{&?Sv(qg^13*YJhpo}Uh)PhNAF;Aqq*YPIM0f>r@qhvqVksZaqA^FNN(x3KBp zq+8#*ri-VW!N#2W?O-nn?mg;)yrD#wXG>j4u&FM+D4M=rU7jD6!J@yFtQ9PFg6$%E zpOW8_JbVLg{GxeY`3L{Kx4-l2o$Q7%{uxk)0Dkklyn9+c=hZ&=YQFjMkT>%^<*&C3hFIkv|AU)*|+83eL3zk<+Qr-7ayl`>_C(v&x_`5$;@X?OP-N!YuGatd$=VicIm*(H* z^-rN$_%ZvLSIcAYoBjs)s#>=?;?nCVfnL{NcYX*pJhh1)g7#OTC%m`2I-m9RQS7U3 zl^^{4G3C_@^=1%PQPw$ZrfnyfYVJwl`lCJ}pY-mYmg`MiKBoDG%GkAuwDU_Sb-=$i zwVAXW7o}MS;@=KE(0g6IkH1Lymnr7y6kplT53j5x;hdy3X?iBFkH?99ILhndxRn=g z%kzG^m6P6GdsIeQ-k&sY(sGpK#c`4!PI5eM-t={xNNT!yuN~LdZtDK%j?y~cywkjn zo7d^2d_l-I#K=NMkD=&TQc^kzDa1@TjvXg`hGL6KA$Ttly|zV4CAqXp8?r*j9XQr8 z%OTJovjS}nz$8c^A(d!-NocGkQ@JxNDJ!l`;4w+fG-N=7v1mH@*#uuBa{}eyICEef z7zf&cazFsW0Xm?N;D9;njMGka+%TV2p+qD@!?cz>7vv10Vpe9>2mc+w!gCZVa2t)v z;JHLmRLH4#D9E5@gR%=sS)^b}Djs>%CYdDYG3TO%#4zI&RdhO1<XY~Wn7K((*%Xt{8Noo1Gz0Vr=c(3B&)r`Y{r(gs{6Ca%k`mLR z0}-PajBZ2fS60bRP%M-b(-tc{AkAC=qO3~REM-%H6R>yjs z0g@+fOfaSr0c+@Du{;T$O;j}3R7^&5&w`h#jDQqgMG;kOA> zM1_ij^{lob=z6%c>H_Lg3`-@IEI8dBMwiprsDP`)1Mh*Q(`1YlSW`o(C!DS-(}n)O g$&8Le*0jA~P#_(hdJ)BWtKG5r52~TRvqBR90DL4kJOBUy literal 0 HcmV?d00001 diff --git a/why3/src/exp.rs b/why3/src/exp.rs index 456bea05f7..0bcd92f14a 100644 --- a/why3/src/exp.rs +++ b/why3/src/exp.rs @@ -13,6 +13,11 @@ pub enum BinOp { LogOr, // i.e., \/ LazyAnd, // i.e., && LazyOr, // i.e., || + BitAnd, + BitOr, + BitXor, + Shl, + Shr, Add, FloatAdd, Sub, @@ -43,6 +48,11 @@ impl BinOp { BinOp::LazyAnd => Conj, BinOp::LogOr => Disj, BinOp::LazyOr => Disj, + BinOp::BitAnd => Infix2, + BinOp::BitOr => Infix2, + BinOp::BitXor => Infix2, + BinOp::Shl => Infix2, + BinOp::Shr => Infix2, BinOp::Add => Infix2, BinOp::Sub => Infix2, BinOp::Mul => Infix3, diff --git a/why3/src/mlcfg/printer.rs b/why3/src/mlcfg/printer.rs index 58af597839..1574c79a73 100644 --- a/why3/src/mlcfg/printer.rs +++ b/why3/src/mlcfg/printer.rs @@ -896,6 +896,11 @@ fn bin_op_to_string(op: &BinOp) -> &str { LazyAnd => "&&", LogOr => "\\/", LazyOr => "||", + BitAnd => unreachable!("the & operator can't be instanced in infix notation"), + BitOr => unreachable!("the | operator can't be instanced in infix notation"), + BitXor => unreachable!("the ^ operator can't be instanced in infix notation"), + Shl => unreachable!("the << operator can't be instanced in infix notation"), + Shr => unreachable!("the >> operator can't be instanced in infix notation"), Add => "+", Sub => "-", Mul => "*", From b1a8fd8975da3b03aa00d868b1779d362dca9b79 Mon Sep 17 00:00:00 2001 From: SCHNEIDER Laurent Date: Tue, 13 Aug 2024 16:08:30 +0200 Subject: [PATCH 04/15] test i16 --- creusot/src/backend/ty.rs | 16 +-- creusot/src/translation/function/statement.rs | 3 - prelude/prelude.coma | 100 ++++++++++-------- 3 files changed, 63 insertions(+), 56 deletions(-) diff --git a/creusot/src/backend/ty.rs b/creusot/src/backend/ty.rs index cdf5bdc771..598a64c14c 100644 --- a/creusot/src/backend/ty.rs +++ b/creusot/src/backend/ty.rs @@ -924,33 +924,33 @@ pub(crate) fn u64_ty() -> MlT { } pub(crate) fn u128_ty() -> MlT { - MlT::TConstructor(QName::from_string("uint128").unwrap()) + MlT::TConstructor(QName::from_string("UInt128.t").unwrap()) } pub(crate) fn usize_ty() -> MlT { - MlT::TConstructor(QName::from_string("usize").unwrap()) + MlT::TConstructor(QName::from_string("USize.t").unwrap()) } pub(crate) fn i8_ty() -> MlT { - MlT::TConstructor(QName::from_string("int8").unwrap()) + MlT::TConstructor(QName::from_string("Int8.t").unwrap()) } pub(crate) fn i16_ty() -> MlT { - MlT::TConstructor(QName::from_string("int16").unwrap()) + MlT::TConstructor(QName::from_string("Int16.t").unwrap()) } pub(crate) fn i32_ty() -> MlT { - MlT::TConstructor(QName::from_string("int32").unwrap()) + MlT::TConstructor(QName::from_string("Int32.t").unwrap()) } pub(crate) fn i64_ty() -> MlT { - MlT::TConstructor(QName::from_string("int64").unwrap()) + MlT::TConstructor(QName::from_string("Int64.t").unwrap()) } pub(crate) fn i128_ty() -> MlT { - MlT::TConstructor(QName::from_string("int128").unwrap()) + MlT::TConstructor(QName::from_string("Int128.t").unwrap()) } pub(crate) fn isize_ty() -> MlT { - MlT::TConstructor(QName::from_string("isize").unwrap()) + MlT::TConstructor(QName::from_string("ISize.t").unwrap()) } diff --git a/creusot/src/translation/function/statement.rs b/creusot/src/translation/function/statement.rs index 5d52ed9143..57dd35acf3 100644 --- a/creusot/src/translation/function/statement.rs +++ b/creusot/src/translation/function/statement.rs @@ -107,9 +107,6 @@ impl<'tcx> BodyTranslator<'_, 'tcx> { } }, Rvalue::Discriminant(_) => return, - Rvalue::BinaryOp(BinOp::BitAnd, box (l, _)) if !l.ty(self.body, self.tcx).is_bool() => { - self.ctx.crash_and_error(si.span, "bitwise operations are currently unsupported") - } Rvalue::BinaryOp(op, box (l, r)) => { RValue::BinOp(*op, self.translate_operand(l), self.translate_operand(r)) } diff --git a/prelude/prelude.coma b/prelude/prelude.coma index f4987cec21..2b340ef7dc 100644 --- a/prelude/prelude.coma +++ b/prelude/prelude.coma @@ -115,57 +115,67 @@ module Int8 (ret (result : int8) { result = mod a b }) = any end module Int16 - use int.Int - - type int16 = < range -0x8000 0x7fff > - - constant min : int = - 0x8000 - constant max : int = 0x7fff - - function to_int (x : int16) : int = int16'int x - meta coercion function to_int - meta "model_projection" function to_int - - predicate in_bounds (n:int) = min <= n <= max - - axiom to_int_in_bounds: forall n:int16. in_bounds n - - let of_int (n:int) { [@expl:integer overflow] in_bounds n } - (ret (result : int16) { result = n }) = any - - let add (a:int16) (b:int16) { [@expl:integer overflow] in_bounds (a + b) } (ret (result : int16) { result = a + b }) = any - - let sub (a:int16) (b:int16) { [@expl:integer overflow] in_bounds (a - b) } (ret (result : int16) { result = a - b }) = any - - let mul (a:int16) (b:int16) { [@expl:integer overflow] in_bounds (a * b) } (ret (result : int16) { result = a * b }) = any - - let neg (a:int16) { [@expl:integer overflow] in_bounds (- a) } (ret (result : int16) { result = - a }) = any - - axiom extensionality: forall x y: int16. to_int x = to_int y -> x = y - - let eq (a:int16) (b:int16) (ret (result : bool) { result <-> a = b } { to_int a = to_int b -> result }) = any - - let ne (a:int16) (b:int16) (ret (result : bool) { result <-> a <> b } { to_int a <> to_int b -> result }) = any - - let le (a:int16) (b:int16) (ret (result : bool) { result <-> to_int a <= to_int b }) = any + use export bv.BV16 + use bv.BV128 as BV128 + use bv.BVConverter_16_128 + use bv.Pow2int + use int.Int + use int.ComputerDivision as CD - let lt (a:int16) (b:int16) (ret (result : bool) { result <-> to_int a < to_int b }) = any + constant min_sint : t = 0x8000 + constant max_sint : t = 0x7FFF + constant two_power_size_minus_one : int = 0x8000 + constant minus_one : t = 0xFFFF - let ge (a:int16) (b:int16) (ret (result : bool) { result <-> to_int a >= to_int b }) = any + function sto_bv128 (x: t) : BV128.t = stoBig x + constant min_sint_as_bv128 : BV128.t = sto_bv128 min_sint + constant max_sint_as_bv128 : BV128.t = sto_bv128 max_sint - let gt (a:int16) (b:int16) (ret (result : bool) { result <-> to_int a > to_int b }) = any + function to_uint(x:t): int = t'int x - use int.ComputerDivision + let eq (a: t) (b: t) (ret (result: bool) { result <-> to_int a = to_int b } { result <-> a = b }) = any + let ne (a: t) (b: t) (ret (result: bool) { result <-> to_int a <> to_int b } { result <-> a <> b }) = any + let le (a: t) (b: t) (ret (result: bool) { result <-> to_int a <= to_int b } { result <-> sle a b }) = any + let lt (a: t) (b: t) (ret (result: bool) { result <-> to_int a < to_int b } { result <-> slt a b }) = any + let ge (a: t) (b: t) (ret (result: bool) { result <-> to_int a >= to_int b } { result <-> sge a b }) = any + let gt (a: t) (b: t) (ret (result: bool) { result <-> to_int a > to_int b } { result <-> sgt a b }) = any - let div (a:int16) (b:int16) - { [@expl:division by zero] b <> 0 } - { [@expl:integer overflow] in_bounds (div a b) } - (ret (result : int16) { result = div a b }) = any + let add (a:t) (b:t) + { [@expl:arithmetic overflow] - two_power_size_minus_one <= to_int a + to_int b < two_power_size_minus_one \/ let r = BV128.add (sto_bv128 a) (sto_bv128 b) in (BV128.sle min_sint_as_bv128 r /\ BV128.sle r max_sint_as_bv128) } + (ret (result :t) { to_int result = to_int a + to_int b } { result = add a b }) + = any + let sub (a:t) (b:t) + { [@expl:arithmetic overflow] - two_power_size_minus_one <= to_int a - to_int b < two_power_size_minus_one \/ let r = BV128.sub (sto_bv128 a) (sto_bv128 b) in (BV128.sle min_sint_as_bv128 r /\ BV128.sle r max_sint_as_bv128) } + (ret (result: t) { to_int result = to_int a - to_int b } { result = sub a b }) + = any + let mul (a:t) (b:t) + { [@expl:arithmetic overflow] - two_power_size_minus_one <= to_int a * to_int b < two_power_size_minus_one \/ let r = BV128.mul (sto_bv128 a) (sto_bv128 b) in (BV128.sle min_sint_as_bv128 r /\ BV128.sle r max_sint_as_bv128) } + (ret (result: t) { to_int result = to_int a * to_int b } { result = mul a b }) + = any + let div (a:t) (b:t) + { [@expl:division by zero] b <> zeros \/ to_int b <> 0 } + { [@expl:signed division overflow check] (a <> min_sint \/ b <> minus_one) \/ (to_int a <> to_int min_sint \/ to_int b <> -1) } + (ret (result: t) { to_int result = CD.div (to_int a) (to_int b) } { result = sdiv a b }) + = any + let rem (a:t) (b:t) + { [@expl:remainder by zero] b <> zeros \/ to_int b <> 0 } + (ret (result: t) { to_int result = CD.mod (to_int a) (to_int b) } { result = srem a b }) + = any - let rem (a:int16) (b:int16) - { [@expl:division by zero] b <> 0 } - { [@expl:integer overflow] in_bounds (mod a b) } - (ret (result : int16) { result = mod a b }) = any + let bw_and (a:t) (b:t) (ret (result :t)) = ret { bw_and a b } + let bw_or (a:t) (b:t) (ret (result :t)) = ret { bw_or a b } + let bw_xor (a:t) (b:t) (ret (result :t)) = ret { bw_xor a b } + let bw_not (a:t) (ret (result :t)) = ret { bw_not a } + let shl (a:t) (b:t) + { [@expl:out-of-bounds shifting] ult b size_bv \/ to_uint b < size } + { [@expl:out-of-bounds shifting] sle zeros a \/ to_int a >= 0 } + { [@expl:arithmetic overflow] (to_int a) * (pow2 (to_int b)) < two_power_size_minus_one \/ let r = BV128.lsl_bv (sto_bv128 a) (sto_bv128 b) in (BV128.sle min_sint_as_bv128 r /\ BV128.sle r max_sint_as_bv128)} + (ret (result :t) { result = lsl_bv a b } { result = lsl a (to_uint b) }) + = any + let shr (a:t) (b:t) + { [@expl:out-of-bounds shifting] ult b size_bv \/ to_uint b < size } + (ret (result :t) { result = asr_bv a b } { result = asr a (to_uint b) }) + = any end module Int32 use int.Int From 7dd3161e9492599eb945e0b028f1efcd2c79498b Mon Sep 17 00:00:00 2001 From: SCHNEIDER Laurent Date: Mon, 23 Sep 2024 11:39:11 +0200 Subject: [PATCH 05/15] module Int.coma, cast between integer, shl shr with integer perameter, BVConverter_X_256 --- creusot-deps.opam | 8 +- creusot/src/backend/program.rs | 143 ++++--- prelude/int.coma | 685 +++++++++++++++++++++++++++++++++ prelude/prelude.coma | 240 ++---------- 4 files changed, 809 insertions(+), 267 deletions(-) create mode 100644 prelude/int.coma diff --git a/creusot-deps.opam b/creusot-deps.opam index ad402195c3..114a279ba7 100644 --- a/creusot-deps.opam +++ b/creusot-deps.opam @@ -4,8 +4,8 @@ opam-version: "2.0" maintainer: "Armaël Guéneau " authors: "the creusot authors" depends: [ - "why3" {= "git-40a7"} - "why3-ide" {= "git-40a7" & !?in-creusot-ci} + "why3" {= "git-fd81"} + "why3-ide" {= "git-fd81" & !?in-creusot-ci} # optional dependencies of why3 "ocamlgraph" "camlzip" @@ -16,6 +16,6 @@ depends: [ # When updating the hash and git-XXX below, don't forget to update them in the # depends: field above! pin-depends: [ - [ "why3.git-40a7" "git+https://gitlab.inria.fr/why3/why3.git#40a7b4fc" ] - [ "why3-ide.git-40a7" "git+https://gitlab.inria.fr/why3/why3.git#40a7b4fc" ] + [ "why3.git-fd81" "git+https://gitlab.inria.fr/why3/why3.git#fd81557d" ] + [ "why3-ide.git-fd81" "git+https://gitlab.inria.fr/why3/why3.git#fd81557d" ] ] diff --git a/creusot/src/backend/program.rs b/creusot/src/backend/program.rs index 915f8c92bb..1110fc89f2 100644 --- a/creusot/src/backend/program.rs +++ b/creusot/src/backend/program.rs @@ -472,10 +472,38 @@ impl<'tcx> RValue<'tcx> { } RValue::BinOp(op, l, r) => { let l_ty = l.ty(lower.ctx.tcx, lower.locals); + let fname = binop_to_binop(lower.names, l_ty, op); let call = coma::Expr::Symbol(fname); + + // some operator need to convert the right operand + let r = match op { + // right operand must be converted to integer + BinOp::Shl | BinOp::ShlUnchecked | BinOp::Shr | BinOp::ShrUnchecked => { + let r_ty = r.ty(lower.ctx.tcx, lower.locals); + + // rust allows shifting by a value of any integer type + // so we need to import the prelude for the right operand + let prelude: PreludeModule = match r_ty.kind() { + TyKind::Int(ity) => int_to_prelude(*ity), + TyKind::Uint(uty) => uint_to_prelude(*uty), + _ => unreachable!("right operande, non-integer type for binary operation {op:?} {ty:?}"), + }; + lower.names.import_prelude_module(prelude); + + // convert the right operand to an logical integer + let mut module = prelude.qname(); + module.push_ident("to_int"); + module = module.without_search_path(); + + // build the expression for this convertion + Exp::qvar(module).app_to(r.to_why(lower, istmts)) + } + _ => r.to_why(lower, istmts) + }; + let args = - vec![Arg::Term(l.to_why(lower, istmts)), Arg::Term(r.to_why(lower, istmts))]; + vec![Arg::Term(l.to_why(lower, istmts)), Arg::Term(r)]; istmts.extend([IntermediateStmt::call("_ret'".into(), lower.ty(ty), call, args)]); // let ty = l.ty(lower.ctx.tcx, locals); // // Hack @@ -546,46 +574,55 @@ impl<'tcx> RValue<'tcx> { Exp::Tuple(f.into_iter().map(|f| f.to_why(lower, istmts)).collect()) } RValue::Cast(e, source, target) => { - let to_int = match source.kind() { + let bv256_ty = Type::TConstructor(QName::from_string("BV256.t").unwrap()); + + let to_fname = match source.kind() { TyKind::Int(ity) => { lower.names.import_prelude_module(int_to_prelude(*ity)); - int_to_int(ity) + int_to_bv256(ity) } TyKind::Uint(uty) => { lower.names.import_prelude_module(uint_to_prelude(*uty)); - uint_to_int(uty) - } - TyKind::Bool => { - lower.names.import_prelude_module(PreludeModule::Bool); - Exp::qvar(QName::from_string("Bool.to_int").unwrap()) + uint_to_bv256(uty) } + // Laurent Todo: remettre le cast bool operationnelle + // TyKind::Bool => { + // lower.names.import_prelude_module(PreludeModule::Bool); + // Exp::qvar(QName::from_string("Bool.to_int").unwrap()) + // } _ => lower .ctx .crash_and_error(DUMMY_SP, "Non integral casts are currently unsupported"), }; - let from_int = match target.kind() { - TyKind::Int(ity) => int_from_int(ity), - TyKind::Uint(uty) => uint_from_int(uty), - TyKind::Char => { - lower.names.import_prelude_module(PreludeModule::Char); - QName::from_string("Char.chr").unwrap() - } + // convert source to BV256.t + let to_ret_id: Ident = "_ret_to".into(); + let to_arg = Arg::Term(e.to_why(lower, istmts)); + istmts.push(IntermediateStmt::call( + to_ret_id.clone(), + bv256_ty.clone(), + Expr::Symbol(to_fname), + vec![to_arg], + )); + + // convert BV256.t to target + let of_ret_id: Ident = "_ret_from".into(); + let of_fname = match target.kind() { + TyKind::Int(ity) => int_from_bv256(ity), + TyKind::Uint(uty) => uint_from_bv256(uty), + // Laurent Todo: remettre le char bool operationnelle + // TyKind::Char => { + // lower.names.import_prelude_module(PreludeModule::Char); + // QName::from_string("Char.chr").unwrap() + // } _ => lower .ctx .crash_and_error(DUMMY_SP, "Non integral casts are currently unsupported"), }; - let int = to_int.app_to(e.to_why(lower, istmts)); - - istmts.push(IntermediateStmt::call( - "_res".into(), - lower.ty(ty), - Expr::Symbol(from_int), - vec![Arg::Term(int)], - )); - - Exp::var("_res") + // create final statement + istmts.extend([IntermediateStmt::call(of_ret_id.clone(), lower.ty(ty), Expr::Symbol(of_fname), vec![Arg::Term(Term::Var(to_ret_id))])]); + Exp::var(of_ret_id) } RValue::Len(pl) => { let len_call = Exp::qvar(QName::from_string("Slice.length").unwrap()) @@ -1279,46 +1316,46 @@ pub(crate) fn uint_to_prelude(ity: UintTy) -> PreludeModule { } } -pub(crate) fn int_from_int(ity: &IntTy) -> QName { +pub(crate) fn int_from_bv256(ity: &IntTy) -> QName { match ity { - IntTy::Isize => QName::from_string("IntSize.of_int").unwrap(), - IntTy::I8 => QName::from_string("Int8.of_int").unwrap(), - IntTy::I16 => QName::from_string("Int16.of_int").unwrap(), - IntTy::I32 => QName::from_string("Int32.of_int").unwrap(), - IntTy::I64 => QName::from_string("Int64.of_int").unwrap(), - IntTy::I128 => QName::from_string("Int128.of_int").unwrap(), + IntTy::Isize => QName::from_string("IntSize.of_bv256").unwrap(), + IntTy::I8 => QName::from_string("Int8.of_bv256").unwrap(), + IntTy::I16 => QName::from_string("Int16.of_bv256").unwrap(), + IntTy::I32 => QName::from_string("Int32.of_bv256").unwrap(), + IntTy::I64 => QName::from_string("Int64.of_bv256").unwrap(), + IntTy::I128 => QName::from_string("Int128.of_bv256").unwrap(), } } -pub(crate) fn uint_from_int(uty: &UintTy) -> QName { +pub(crate) fn uint_from_bv256(uty: &UintTy) -> QName { match uty { - UintTy::Usize => QName::from_string("UIntSize.of_int").unwrap(), - UintTy::U8 => QName::from_string("UInt8.of_int").unwrap(), - UintTy::U16 => QName::from_string("UInt16.of_int").unwrap(), - UintTy::U32 => QName::from_string("UInt32.of_int").unwrap(), - UintTy::U64 => QName::from_string("UInt64.of_int").unwrap(), - UintTy::U128 => QName::from_string("UInt128.of_int").unwrap(), + UintTy::Usize => QName::from_string("UIntSize.of_bv256").unwrap(), + UintTy::U8 => QName::from_string("UInt8.of_bv256").unwrap(), + UintTy::U16 => QName::from_string("UInt16.of_bv256").unwrap(), + UintTy::U32 => QName::from_string("UInt32.of_bv256").unwrap(), + UintTy::U64 => QName::from_string("UInt64.of_bv256").unwrap(), + UintTy::U128 => QName::from_string("UInt128.of_bv256").unwrap(), } } -pub(crate) fn int_to_int(ity: &IntTy) -> Exp { +pub(crate) fn int_to_bv256(ity: &IntTy) -> QName { match ity { - IntTy::Isize => Exp::qvar(QName::from_string("IntSize.to_int").unwrap()), - IntTy::I8 => Exp::qvar(QName::from_string("Int8.to_int").unwrap()), - IntTy::I16 => Exp::qvar(QName::from_string("Int16.to_int").unwrap()), - IntTy::I32 => Exp::qvar(QName::from_string("Int32.to_int").unwrap()), - IntTy::I64 => Exp::qvar(QName::from_string("Int64.to_int").unwrap()), - IntTy::I128 => Exp::qvar(QName::from_string("Int128.to_int").unwrap()), + IntTy::Isize => QName::from_string("IntSize.to_bv256").unwrap(), + IntTy::I8 => QName::from_string("Int8.to_bv256").unwrap(), + IntTy::I16 => QName::from_string("Int16.to_bv256").unwrap(), + IntTy::I32 => QName::from_string("Int32.to_bv256").unwrap(), + IntTy::I64 => QName::from_string("Int64.to_bv256").unwrap(), + IntTy::I128 => QName::from_string("Int128.to_bv256").unwrap(), } } -pub(crate) fn uint_to_int(uty: &UintTy) -> Exp { +pub(crate) fn uint_to_bv256(uty: &UintTy) -> QName { match uty { - UintTy::Usize => Exp::qvar(QName::from_string("UIntSize.to_int").unwrap()), - UintTy::U8 => Exp::qvar(QName::from_string("UInt8.to_int").unwrap()), - UintTy::U16 => Exp::qvar(QName::from_string("UInt16.to_int").unwrap()), - UintTy::U32 => Exp::qvar(QName::from_string("UInt32.to_int").unwrap()), - UintTy::U64 => Exp::qvar(QName::from_string("UInt64.to_int").unwrap()), - UintTy::U128 => Exp::qvar(QName::from_string("UInt128.to_int").unwrap()), + UintTy::Usize => QName::from_string("UIntSize.to_bv256").unwrap(), + UintTy::U8 => QName::from_string("UInt8.to_bv256").unwrap(), + UintTy::U16 => QName::from_string("UInt16.to_bv256").unwrap(), + UintTy::U32 => QName::from_string("UInt32.to_bv256").unwrap(), + UintTy::U64 => QName::from_string("UInt64.to_bv256").unwrap(), + UintTy::U128 => QName::from_string("UInt128.to_bv256").unwrap(), } } diff --git a/prelude/int.coma b/prelude/int.coma new file mode 100644 index 0000000000..3c983b783d --- /dev/null +++ b/prelude/int.coma @@ -0,0 +1,685 @@ +module UInt8 + use export bv.BV8 + use bv.BV256 as BV256 + use bv.BVConverter_8_256 + use int.Int + use int.EuclideanDivision as ED + + constant max_uint : t = 0xFF + function to_BV256 (x: t) : BV256.t = toBig x + function of_BV256 (x: BV256.t) : t = toSmall x + function bv256_to_uint (x: BV256.t) : int = BV256.t'int x + constant max_uint_as_BV256 : BV256.t = to_BV256 max_uint + + function to_uint(x:t): int = t'int x + + let eq (a: t) (b: t) (ret (result: bool) { result <-> to_uint a = to_uint b } { result <-> a = b }) = any + let ne (a: t) (b: t) (ret (result: bool) { result <-> to_uint a <> to_uint b } { result <-> a <> b }) = any + let le (a: t) (b: t) (ret (result: bool) { result <-> to_uint a <= to_uint b } { result <-> ule a b }) = any + let lt (a: t) (b: t) (ret (result: bool) { result <-> to_uint a < to_uint b } { result <-> ult a b }) = any + let ge (a: t) (b: t) (ret (result: bool) { result <-> to_uint a >= to_uint b } { result <-> uge a b }) = any + let gt (a: t) (b: t) (ret (result: bool) { result <-> to_uint a > to_uint b } { result <-> ugt a b }) = any + + let add (a:t) (b:t) + { [@expl:arithmetic overflow] to_uint a + to_uint b < two_power_size \/ BV256.ule (BV256.add (to_BV256 a) (to_BV256 b)) max_uint_as_BV256 } + (ret (result :t) { to_uint result = to_uint a + to_uint b } { result = add a b }) + = any + let sub (a:t) (b:t) + { [@expl:arithmetic overflow] to_uint a >= to_uint b \/ uge a b } + (ret (result: t) { to_uint result = to_uint a - to_uint b } { result = sub a b }) + = any + let mul (a:t) (b:t) + { [@expl:arithmetic overflow] to_uint a * to_uint b < two_power_size \/ BV256.ule (BV256.mul (to_BV256 a) (to_BV256 b)) max_uint_as_BV256 } + (ret (result: t) { result = mul a b } { to_int result = to_uint a * to_uint b }) + = any + let div (a:t) (b:t) + { [@expl:division by zero] b <> zeros \/ to_uint b <> 0 } + (ret (result: t) { to_uint result = ED.div (to_uint a) (to_uint b) } { result = udiv a b }) + = any + let rem (a:t) (b:t) + { [@expl:remainder by zero] b <> zeros \/ to_uint b <> 0 } + (ret (result: t) { to_uint result = ED.mod (to_uint a) (to_uint b) } { result = urem a b }) + = any + + let bw_and (a:t) (b:t) (ret (result :t)) = ret { bw_and a b } + let bw_or (a:t) (b:t) (ret (result :t)) = ret { bw_or a b } + let bw_xor (a:t) (b:t) (ret (result :t)) = ret { bw_xor a b } + let bw_not (a:t) (ret (result :t)) = ret { bw_not a } + let shl (a:t) (b:int) + { [@expl:out-of-bounds shifting] b >= 0 /\ b <= size } + (ret (result :t) { result = lsl_bv a (of_int b) } { result = lsl a b }) + = any + let shr (a:t) (b:int) + { [@expl:out-of-bounds shifting] b >= 0 /\ b <= size } + (ret (result :t) { result = lsr_bv a (of_int b) } { result = lsr a b }) + = any + + let to_bv256 (a:t) + (ret (result: BV256.t) { result = to_BV256 a }) + = any + let of_bv256 (a:BV256.t) + { [@expl:arithmetic overflow] bv256_to_uint a >= 0 /\ bv256_to_uint a < two_power_size } + (ret (result: t) { result = of_BV256 a }) + = any +end +module UInt16 + use export bv.BV16 + use bv.BV256 as BV256 + use bv.BVConverter_16_256 + use int.Int + use int.EuclideanDivision as ED + + constant max_uint : t = 0xFFFF + function to_BV256 (x: t) : BV256.t = toBig x + function of_BV256 (x: BV256.t) : t = toSmall x + function bv256_to_uint (x: BV256.t) : int = BV256.t'int x + constant max_uint_as_BV256 : BV256.t = to_BV256 max_uint + + function to_uint(x:t): int = t'int x + + let eq (a: t) (b: t) (ret (result: bool) { result <-> to_uint a = to_uint b } { result <-> a = b }) = any + let ne (a: t) (b: t) (ret (result: bool) { result <-> to_uint a <> to_uint b } { result <-> a <> b }) = any + let le (a: t) (b: t) (ret (result: bool) { result <-> to_uint a <= to_uint b } { result <-> ule a b }) = any + let lt (a: t) (b: t) (ret (result: bool) { result <-> to_uint a < to_uint b } { result <-> ult a b }) = any + let ge (a: t) (b: t) (ret (result: bool) { result <-> to_uint a >= to_uint b } { result <-> uge a b }) = any + let gt (a: t) (b: t) (ret (result: bool) { result <-> to_uint a > to_uint b } { result <-> ugt a b }) = any + + let add (a:t) (b:t) + { [@expl:arithmetic overflow] to_uint a + to_uint b < two_power_size \/ BV256.ule (BV256.add (to_BV256 a) (to_BV256 b)) max_uint_as_BV256 } + (ret (result :t) { to_uint result = to_uint a + to_uint b } { result = add a b }) + = any + let sub (a:t) (b:t) + { [@expl:arithmetic overflow] to_uint a >= to_uint b \/ uge a b } + (ret (result: t) { to_uint result = to_uint a - to_uint b } { result = sub a b }) + = any + let mul (a:t) (b:t) + { [@expl:arithmetic overflow] to_uint a * to_uint b < two_power_size \/ BV256.ule (BV256.mul (to_BV256 a) (to_BV256 b)) max_uint_as_BV256 } + (ret (result: t) { result = mul a b } { to_int result = to_uint a * to_uint b }) + = any + let div (a:t) (b:t) + { [@expl:division by zero] b <> zeros \/ to_uint b <> 0 } + (ret (result: t) { to_uint result = ED.div (to_uint a) (to_uint b) } { result = udiv a b }) + = any + let rem (a:t) (b:t) + { [@expl:remainder by zero] b <> zeros \/ to_uint b <> 0 } + (ret (result: t) { to_uint result = ED.mod (to_uint a) (to_uint b) } { result = urem a b }) + = any + + let bw_and (a:t) (b:t) (ret (result :t)) = ret { bw_and a b } + let bw_or (a:t) (b:t) (ret (result :t)) = ret { bw_or a b } + let bw_xor (a:t) (b:t) (ret (result :t)) = ret { bw_xor a b } + let bw_not (a:t) (ret (result :t)) = ret { bw_not a } + let shl (a:t) (b:int) + { [@expl:out-of-bounds shifting] b >= 0 /\ b <= size } + (ret (result :t) { result = lsl_bv a (of_int b) } { result = lsl a b }) + = any + let shr (a:t) (b:int) + { [@expl:out-of-bounds shifting] b >= 0 /\ b <= size } + (ret (result :t) { result = lsr_bv a (of_int b) } { result = lsr a b }) + = any + + let to_bv256 (a:t) + (ret (result: BV256.t) { result = to_BV256 a }) + = any + let of_bv256 (a:BV256.t) + { [@expl:arithmetic overflow] bv256_to_uint a >= 0 /\ bv256_to_uint a < two_power_size } + (ret (result: t) { result = of_BV256 a }) + = any +end +module UInt32 + use export bv.BV32 + use bv.BV256 as BV256 + use bv.BVConverter_32_256 + use int.Int + use int.EuclideanDivision as ED + + constant max_uint : t = 0xFFFFFFFF + function to_BV256 (x: t) : BV256.t = toBig x + function of_BV256 (x: BV256.t) : t = toSmall x + function bv256_to_uint (x: BV256.t) : int = BV256.t'int x + constant max_uint_as_BV256 : BV256.t = to_BV256 max_uint + + function to_uint(x:t): int = t'int x + + let eq (a: t) (b: t) (ret (result: bool) { result <-> to_uint a = to_uint b } { result <-> a = b }) = any + let ne (a: t) (b: t) (ret (result: bool) { result <-> to_uint a <> to_uint b } { result <-> a <> b }) = any + let le (a: t) (b: t) (ret (result: bool) { result <-> to_uint a <= to_uint b } { result <-> ule a b }) = any + let lt (a: t) (b: t) (ret (result: bool) { result <-> to_uint a < to_uint b } { result <-> ult a b }) = any + let ge (a: t) (b: t) (ret (result: bool) { result <-> to_uint a >= to_uint b } { result <-> uge a b }) = any + let gt (a: t) (b: t) (ret (result: bool) { result <-> to_uint a > to_uint b } { result <-> ugt a b }) = any + + let add (a:t) (b:t) + { [@expl:arithmetic overflow] to_uint a + to_uint b < two_power_size \/ BV256.ule (BV256.add (to_BV256 a) (to_BV256 b)) max_uint_as_BV256 } + (ret (result :t) { to_uint result = to_uint a + to_uint b } { result = add a b }) + = any + let sub (a:t) (b:t) + { [@expl:arithmetic overflow] to_uint a >= to_uint b \/ uge a b } + (ret (result: t) { to_uint result = to_uint a - to_uint b } { result = sub a b }) + = any + let mul (a:t) (b:t) + { [@expl:arithmetic overflow] to_uint a * to_uint b < two_power_size \/ BV256.ule (BV256.mul (to_BV256 a) (to_BV256 b)) max_uint_as_BV256 } + (ret (result: t) { result = mul a b } { to_int result = to_uint a * to_uint b }) + = any + let div (a:t) (b:t) + { [@expl:division by zero] b <> zeros \/ to_uint b <> 0 } + (ret (result: t) { to_uint result = ED.div (to_uint a) (to_uint b) } { result = udiv a b }) + = any + let rem (a:t) (b:t) + { [@expl:remainder by zero] b <> zeros \/ to_uint b <> 0 } + (ret (result: t) { to_uint result = ED.mod (to_uint a) (to_uint b) } { result = urem a b }) + = any + + let bw_and (a:t) (b:t) (ret (result :t)) = ret { bw_and a b } + let bw_or (a:t) (b:t) (ret (result :t)) = ret { bw_or a b } + let bw_xor (a:t) (b:t) (ret (result :t)) = ret { bw_xor a b } + let bw_not (a:t) (ret (result :t)) = ret { bw_not a } + let shl (a:t) (b:int) + { [@expl:out-of-bounds shifting] b >= 0 /\ b <= size } + (ret (result :t) { result = lsl_bv a (of_int b) } { result = lsl a b }) + = any + let shr (a:t) (b:int) + { [@expl:out-of-bounds shifting] b >= 0 /\ b <= size } + (ret (result :t) { result = lsr_bv a (of_int b) } { result = lsr a b }) + = any + + let to_bv256 (a:t) + (ret (result: BV256.t) { result = to_BV256 a }) + = any + let of_bv256 (a:BV256.t) + { [@expl:arithmetic overflow] bv256_to_uint a >= 0 /\ bv256_to_uint a < two_power_size } + (ret (result: t) { result = of_BV256 a }) + = any +end +module UInt64 + use export bv.BV64 + use bv.BV256 as BV256 + use bv.BVConverter_64_256 + use int.Int + use int.EuclideanDivision as ED + + constant max_uint : t = 0xFFFFFFFFFFFFFFFF + function to_BV256 (x: t) : BV256.t = toBig x + function of_BV256 (x: BV256.t) : t = toSmall x + function bv256_to_uint (x: BV256.t) : int = BV256.t'int x + constant max_uint_as_BV256 : BV256.t = to_BV256 max_uint + + function to_uint(x:t): int = t'int x + + let eq (a: t) (b: t) (ret (result: bool) { result <-> to_uint a = to_uint b } { result <-> a = b }) = any + let ne (a: t) (b: t) (ret (result: bool) { result <-> to_uint a <> to_uint b } { result <-> a <> b }) = any + let le (a: t) (b: t) (ret (result: bool) { result <-> to_uint a <= to_uint b } { result <-> ule a b }) = any + let lt (a: t) (b: t) (ret (result: bool) { result <-> to_uint a < to_uint b } { result <-> ult a b }) = any + let ge (a: t) (b: t) (ret (result: bool) { result <-> to_uint a >= to_uint b } { result <-> uge a b }) = any + let gt (a: t) (b: t) (ret (result: bool) { result <-> to_uint a > to_uint b } { result <-> ugt a b }) = any + + let add (a:t) (b:t) + { [@expl:arithmetic overflow] to_uint a + to_uint b < two_power_size \/ BV256.ule (BV256.add (to_BV256 a) (to_BV256 b)) max_uint_as_BV256 } + (ret (result :t) { to_uint result = to_uint a + to_uint b } { result = add a b }) + = any + let sub (a:t) (b:t) + { [@expl:arithmetic overflow] to_uint a >= to_uint b \/ uge a b } + (ret (result: t) { to_uint result = to_uint a - to_uint b } { result = sub a b }) + = any + let mul (a:t) (b:t) + { [@expl:arithmetic overflow] to_uint a * to_uint b < two_power_size \/ BV256.ule (BV256.mul (to_BV256 a) (to_BV256 b)) max_uint_as_BV256 } + (ret (result: t) { result = mul a b } { to_int result = to_uint a * to_uint b }) + = any + let div (a:t) (b:t) + { [@expl:division by zero] b <> zeros \/ to_uint b <> 0 } + (ret (result: t) { to_uint result = ED.div (to_uint a) (to_uint b) } { result = udiv a b }) + = any + let rem (a:t) (b:t) + { [@expl:remainder by zero] b <> zeros \/ to_uint b <> 0 } + (ret (result: t) { to_uint result = ED.mod (to_uint a) (to_uint b) } { result = urem a b }) + = any + + let bw_and (a:t) (b:t) (ret (result :t)) = ret { bw_and a b } + let bw_or (a:t) (b:t) (ret (result :t)) = ret { bw_or a b } + let bw_xor (a:t) (b:t) (ret (result :t)) = ret { bw_xor a b } + let bw_not (a:t) (ret (result :t)) = ret { bw_not a } + let shl (a:t) (b:int) + { [@expl:out-of-bounds shifting] b >= 0 /\ b <= size } + (ret (result :t) { result = lsl_bv a (of_int b) } { result = lsl a b }) + = any + let shr (a:t) (b:int) + { [@expl:out-of-bounds shifting] b >= 0 /\ b <= size } + (ret (result :t) { result = lsr_bv a (of_int b) } { result = lsr a b }) + = any + + let to_bv256 (a:t) + (ret (result: BV256.t) { result = to_BV256 a }) + = any + let of_bv256 (a:BV256.t) + { [@expl:arithmetic overflow] bv256_to_uint a >= 0 /\ bv256_to_uint a < two_power_size } + (ret (result: t) { result = of_BV256 a }) + = any +end +module UInt128 + use export bv.BV128 + use bv.BV256 as BV256 + use bv.BVConverter_128_256 + use int.Int + use int.EuclideanDivision as ED + + constant max_uint : t = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF + function to_BV256 (x: t) : BV256.t = toBig x + function of_BV256 (x: BV256.t) : t = toSmall x + function bv256_to_uint (x: BV256.t) : int = BV256.t'int x + constant max_uint_as_BV256 : BV256.t = to_BV256 max_uint + + function to_uint(x:t): int = t'int x + + let eq (a: t) (b: t) (ret (result: bool) { result <-> to_uint a = to_uint b } { result <-> a = b }) = any + let ne (a: t) (b: t) (ret (result: bool) { result <-> to_uint a <> to_uint b } { result <-> a <> b }) = any + let le (a: t) (b: t) (ret (result: bool) { result <-> to_uint a <= to_uint b } { result <-> ule a b }) = any + let lt (a: t) (b: t) (ret (result: bool) { result <-> to_uint a < to_uint b } { result <-> ult a b }) = any + let ge (a: t) (b: t) (ret (result: bool) { result <-> to_uint a >= to_uint b } { result <-> uge a b }) = any + let gt (a: t) (b: t) (ret (result: bool) { result <-> to_uint a > to_uint b } { result <-> ugt a b }) = any + + let add (a:t) (b:t) + { [@expl:arithmetic overflow] to_uint a + to_uint b < two_power_size \/ BV256.ule (BV256.add (to_BV256 a) (to_BV256 b)) max_uint_as_BV256 } + (ret (result :t) { to_uint result = to_uint a + to_uint b } { result = add a b }) + = any + let sub (a:t) (b:t) + { [@expl:arithmetic overflow] to_uint a >= to_uint b \/ uge a b } + (ret (result: t) { to_uint result = to_uint a - to_uint b } { result = sub a b }) + = any + let mul (a:t) (b:t) + { [@expl:arithmetic overflow] to_uint a * to_uint b < two_power_size \/ BV256.ule (BV256.mul (to_BV256 a) (to_BV256 b)) max_uint_as_BV256 } + (ret (result: t) { result = mul a b } { to_int result = to_uint a * to_uint b }) + = any + let div (a:t) (b:t) + { [@expl:division by zero] b <> zeros \/ to_uint b <> 0 } + (ret (result: t) { to_uint result = ED.div (to_uint a) (to_uint b) } { result = udiv a b }) + = any + let rem (a:t) (b:t) + { [@expl:remainder by zero] b <> zeros \/ to_uint b <> 0 } + (ret (result: t) { to_uint result = ED.mod (to_uint a) (to_uint b) } { result = urem a b }) + = any + + let bw_and (a:t) (b:t) (ret (result :t)) = ret { bw_and a b } + let bw_or (a:t) (b:t) (ret (result :t)) = ret { bw_or a b } + let bw_xor (a:t) (b:t) (ret (result :t)) = ret { bw_xor a b } + let bw_not (a:t) (ret (result :t)) = ret { bw_not a } + let shl (a:t) (b:int) + { [@expl:out-of-bounds shifting] b >= 0 /\ b <= size } + (ret (result :t) { result = lsl_bv a (of_int b) } { result = lsl a b }) + = any + let shr (a:t) (b:int) + { [@expl:out-of-bounds shifting] b >= 0 /\ b <= size } + (ret (result :t) { result = lsr_bv a (of_int b) } { result = lsr a b }) + = any + + let to_bv256 (a:t) + (ret (result: BV256.t) { result = to_BV256 a }) + = any + let of_bv256 (a:BV256.t) + { [@expl:arithmetic overflow] bv256_to_uint a >= 0 /\ bv256_to_uint a < two_power_size } + (ret (result: t) { result = of_BV256 a }) + = any +end +module Int8 + use export bv.BV8 + use bv.BV256 as BV256 + use bv.BVConverter_8_256 + use bv.Pow2int + use int.Int + use int.ComputerDivision as CD + + constant min_sint : t = 0x80 + constant max_sint : t = 0x7F + constant two_power_size_minus_one : int = 0x80 + constant minus_one : t = 0xFF + + function to_BV256 (x: t) : BV256.t = stoBig x + function of_BV256 (x: BV256.t) : t = toSmall x + function bv256_to_int (x: BV256.t) : int = BV256.t'int x + constant min_sint_as_BV256 : BV256.t = to_BV256 min_sint + constant max_sint_as_BV256 : BV256.t = to_BV256 max_sint + + function to_uint(x:t): int = t'int x + + let eq (a: t) (b: t) (ret (result: bool) { result <-> to_int a = to_int b } { result <-> a = b }) = any + let ne (a: t) (b: t) (ret (result: bool) { result <-> to_int a <> to_int b } { result <-> a <> b }) = any + let le (a: t) (b: t) (ret (result: bool) { result <-> to_int a <= to_int b } { result <-> sle a b }) = any + let lt (a: t) (b: t) (ret (result: bool) { result <-> to_int a < to_int b } { result <-> slt a b }) = any + let ge (a: t) (b: t) (ret (result: bool) { result <-> to_int a >= to_int b } { result <-> sge a b }) = any + let gt (a: t) (b: t) (ret (result: bool) { result <-> to_int a > to_int b } { result <-> sgt a b }) = any + + let add (a:t) (b:t) + { [@expl:arithmetic overflow] - two_power_size_minus_one <= to_int a + to_int b < two_power_size_minus_one \/ let r = BV256.add (to_BV256 a) (to_BV256 b) in (BV256.sle min_sint_as_BV256 r /\ BV256.sle r max_sint_as_BV256) } + (ret (result :t) { to_int result = to_int a + to_int b } { result = add a b }) + = any + let sub (a:t) (b:t) + { [@expl:arithmetic overflow] - two_power_size_minus_one <= to_int a - to_int b < two_power_size_minus_one \/ let r = BV256.sub (to_BV256 a) (to_BV256 b) in (BV256.sle min_sint_as_BV256 r /\ BV256.sle r max_sint_as_BV256) } + (ret (result: t) { to_int result = to_int a - to_int b } { result = sub a b }) + = any + let mul (a:t) (b:t) + { [@expl:arithmetic overflow] - two_power_size_minus_one <= to_int a * to_int b < two_power_size_minus_one \/ let r = BV256.mul (to_BV256 a) (to_BV256 b) in (BV256.sle min_sint_as_BV256 r /\ BV256.sle r max_sint_as_BV256) } + (ret (result: t) { to_int result = to_int a * to_int b } { result = mul a b }) + = any + let div (a:t) (b:t) + { [@expl:division by zero] b <> zeros \/ to_int b <> 0 } + { [@expl:signed division overflow check] (a <> min_sint \/ b <> minus_one) \/ (to_int a <> to_int min_sint \/ to_int b <> -1) } + (ret (result: t) { to_int result = CD.div (to_int a) (to_int b) } { result = sdiv a b }) + = any + let rem (a:t) (b:t) + { [@expl:remainder by zero] b <> zeros \/ to_int b <> 0 } + (ret (result: t) { to_int result = CD.mod (to_int a) (to_int b) } { result = srem a b }) + = any + + let bw_and (a:t) (b:t) (ret (result :t)) = ret { bw_and a b } + let bw_or (a:t) (b:t) (ret (result :t)) = ret { bw_or a b } + let bw_xor (a:t) (b:t) (ret (result :t)) = ret { bw_xor a b } + let bw_not (a:t) (ret (result :t)) = ret { bw_not a } + let shl (a:t) (b:int) + { [@expl:out-of-bounds shifting] ult (of_int b) size_bv \/ b < size } + { [@expl:out-of-bounds shifting] sle zeros a \/ to_int a >= 0 } + { [@expl:arithmetic overflow] (to_int a) * (pow2 (b)) < two_power_size_minus_one \/ let r = BV256.lsl_bv (to_BV256 a) (to_BV256 (of_int b)) in (BV256.sle min_sint_as_BV256 r /\ BV256.sle r max_sint_as_BV256)} + (ret (result :t) { result = lsl_bv a (of_int b) } { result = lsl a b }) + = any + let shr (a:t) (b:int) + { [@expl:out-of-bounds shifting] ult (of_int b) size_bv \/ b < size } + (ret (result :t) { result = asr_bv a (of_int b) } { result = asr a b }) + = any + + let to_bv256 (a:t) + (ret (result: BV256.t) { result = to_BV256 a }) + = any + let of_bv256 (a:BV256.t) + { [@expl:arithmetic overflow] bv256_to_int a >= 0 /\ bv256_to_int a < two_power_size } + (ret (result: t) { result = of_BV256 a }) + = any +end +module Int16 + use export bv.BV16 + use bv.BV256 as BV256 + use bv.BVConverter_16_256 + use bv.Pow2int + use int.Int + use int.ComputerDivision as CD + + constant min_sint : t = 0x8000 + constant max_sint : t = 0x7FFF + constant two_power_size_minus_one : int = 0x8000 + constant minus_one : t = 0xFFFF + + function to_BV256 (x: t) : BV256.t = stoBig x + function of_BV256 (x: BV256.t) : t = toSmall x + function bv256_to_int (x: BV256.t) : int = BV256.t'int x + constant min_sint_as_BV256 : BV256.t = to_BV256 min_sint + constant max_sint_as_BV256 : BV256.t = to_BV256 max_sint + + function to_uint(x:t): int = t'int x + + let eq (a: t) (b: t) (ret (result: bool) { result <-> to_int a = to_int b } { result <-> a = b }) = any + let ne (a: t) (b: t) (ret (result: bool) { result <-> to_int a <> to_int b } { result <-> a <> b }) = any + let le (a: t) (b: t) (ret (result: bool) { result <-> to_int a <= to_int b } { result <-> sle a b }) = any + let lt (a: t) (b: t) (ret (result: bool) { result <-> to_int a < to_int b } { result <-> slt a b }) = any + let ge (a: t) (b: t) (ret (result: bool) { result <-> to_int a >= to_int b } { result <-> sge a b }) = any + let gt (a: t) (b: t) (ret (result: bool) { result <-> to_int a > to_int b } { result <-> sgt a b }) = any + + let add (a:t) (b:t) + { [@expl:arithmetic overflow] - two_power_size_minus_one <= to_int a + to_int b < two_power_size_minus_one \/ let r = BV256.add (to_BV256 a) (to_BV256 b) in (BV256.sle min_sint_as_BV256 r /\ BV256.sle r max_sint_as_BV256) } + (ret (result :t) { to_int result = to_int a + to_int b } { result = add a b }) + = any + let sub (a:t) (b:t) + { [@expl:arithmetic overflow] - two_power_size_minus_one <= to_int a - to_int b < two_power_size_minus_one \/ let r = BV256.sub (to_BV256 a) (to_BV256 b) in (BV256.sle min_sint_as_BV256 r /\ BV256.sle r max_sint_as_BV256) } + (ret (result: t) { to_int result = to_int a - to_int b } { result = sub a b }) + = any + let mul (a:t) (b:t) + { [@expl:arithmetic overflow] - two_power_size_minus_one <= to_int a * to_int b < two_power_size_minus_one \/ let r = BV256.mul (to_BV256 a) (to_BV256 b) in (BV256.sle min_sint_as_BV256 r /\ BV256.sle r max_sint_as_BV256) } + (ret (result: t) { to_int result = to_int a * to_int b } { result = mul a b }) + = any + let div (a:t) (b:t) + { [@expl:division by zero] b <> zeros \/ to_int b <> 0 } + { [@expl:signed division overflow check] (a <> min_sint \/ b <> minus_one) \/ (to_int a <> to_int min_sint \/ to_int b <> -1) } + (ret (result: t) { to_int result = CD.div (to_int a) (to_int b) } { result = sdiv a b }) + = any + let rem (a:t) (b:t) + { [@expl:remainder by zero] b <> zeros \/ to_int b <> 0 } + (ret (result: t) { to_int result = CD.mod (to_int a) (to_int b) } { result = srem a b }) + = any + + let bw_and (a:t) (b:t) (ret (result :t)) = ret { bw_and a b } + let bw_or (a:t) (b:t) (ret (result :t)) = ret { bw_or a b } + let bw_xor (a:t) (b:t) (ret (result :t)) = ret { bw_xor a b } + let bw_not (a:t) (ret (result :t)) = ret { bw_not a } + let shl (a:t) (b:int) + { [@expl:out-of-bounds shifting] ult (of_int b) size_bv \/ b < size } + { [@expl:out-of-bounds shifting] sle zeros a \/ to_int a >= 0 } + { [@expl:arithmetic overflow] (to_int a) * (pow2 (b)) < two_power_size_minus_one \/ let r = BV256.lsl_bv (to_BV256 a) (to_BV256 (of_int b)) in (BV256.sle min_sint_as_BV256 r /\ BV256.sle r max_sint_as_BV256)} + (ret (result :t) { result = lsl_bv a (of_int b) } { result = lsl a b }) + = any + let shr (a:t) (b:int) + { [@expl:out-of-bounds shifting] ult (of_int b) size_bv \/ b < size } + (ret (result :t) { result = asr_bv a (of_int b) } { result = asr a b }) + = any + + let to_bv256 (a:t) + (ret (result: BV256.t) { result = to_BV256 a }) + = any + let of_bv256 (a:BV256.t) + { [@expl:arithmetic overflow] bv256_to_int a >= 0 /\ bv256_to_int a < two_power_size } + (ret (result: t) { result = of_BV256 a }) + = any +end +module Int32 + use export bv.BV32 + use bv.BV256 as BV256 + use bv.BVConverter_32_256 + use bv.Pow2int + use int.Int + use int.ComputerDivision as CD + + constant min_sint : t = 0x80000000 + constant max_sint : t = 0x7FFFFFFF + constant two_power_size_minus_one : int = 0x80000000 + constant minus_one : t = 0xFFFFFFFF + + function to_BV256 (x: t) : BV256.t = stoBig x + function of_BV256 (x: BV256.t) : t = toSmall x + function bv256_to_int (x: BV256.t) : int = BV256.t'int x + constant min_sint_as_BV256 : BV256.t = to_BV256 min_sint + constant max_sint_as_BV256 : BV256.t = to_BV256 max_sint + + function to_uint(x:t): int = t'int x + + let eq (a: t) (b: t) (ret (result: bool) { result <-> to_int a = to_int b } { result <-> a = b }) = any + let ne (a: t) (b: t) (ret (result: bool) { result <-> to_int a <> to_int b } { result <-> a <> b }) = any + let le (a: t) (b: t) (ret (result: bool) { result <-> to_int a <= to_int b } { result <-> sle a b }) = any + let lt (a: t) (b: t) (ret (result: bool) { result <-> to_int a < to_int b } { result <-> slt a b }) = any + let ge (a: t) (b: t) (ret (result: bool) { result <-> to_int a >= to_int b } { result <-> sge a b }) = any + let gt (a: t) (b: t) (ret (result: bool) { result <-> to_int a > to_int b } { result <-> sgt a b }) = any + + let add (a:t) (b:t) + { [@expl:arithmetic overflow] - two_power_size_minus_one <= to_int a + to_int b < two_power_size_minus_one \/ let r = BV256.add (to_BV256 a) (to_BV256 b) in (BV256.sle min_sint_as_BV256 r /\ BV256.sle r max_sint_as_BV256) } + (ret (result :t) { to_int result = to_int a + to_int b } { result = add a b }) + = any + let sub (a:t) (b:t) + { [@expl:arithmetic overflow] - two_power_size_minus_one <= to_int a - to_int b < two_power_size_minus_one \/ let r = BV256.sub (to_BV256 a) (to_BV256 b) in (BV256.sle min_sint_as_BV256 r /\ BV256.sle r max_sint_as_BV256) } + (ret (result: t) { to_int result = to_int a - to_int b } { result = sub a b }) + = any + let mul (a:t) (b:t) + { [@expl:arithmetic overflow] - two_power_size_minus_one <= to_int a * to_int b < two_power_size_minus_one \/ let r = BV256.mul (to_BV256 a) (to_BV256 b) in (BV256.sle min_sint_as_BV256 r /\ BV256.sle r max_sint_as_BV256) } + (ret (result: t) { to_int result = to_int a * to_int b } { result = mul a b }) + = any + let div (a:t) (b:t) + { [@expl:division by zero] b <> zeros \/ to_int b <> 0 } + { [@expl:signed division overflow check] (a <> min_sint \/ b <> minus_one) \/ (to_int a <> to_int min_sint \/ to_int b <> -1) } + (ret (result: t) { to_int result = CD.div (to_int a) (to_int b) } { result = sdiv a b }) + = any + let rem (a:t) (b:t) + { [@expl:remainder by zero] b <> zeros \/ to_int b <> 0 } + (ret (result: t) { to_int result = CD.mod (to_int a) (to_int b) } { result = srem a b }) + = any + + let bw_and (a:t) (b:t) (ret (result :t)) = ret { bw_and a b } + let bw_or (a:t) (b:t) (ret (result :t)) = ret { bw_or a b } + let bw_xor (a:t) (b:t) (ret (result :t)) = ret { bw_xor a b } + let bw_not (a:t) (ret (result :t)) = ret { bw_not a } + let shl (a:t) (b:int) + { [@expl:out-of-bounds shifting] ult (of_int b) size_bv \/ b < size } + { [@expl:out-of-bounds shifting] sle zeros a \/ to_int a >= 0 } + { [@expl:arithmetic overflow] (to_int a) * (pow2 (b)) < two_power_size_minus_one \/ let r = BV256.lsl_bv (to_BV256 a) (to_BV256 (of_int b)) in (BV256.sle min_sint_as_BV256 r /\ BV256.sle r max_sint_as_BV256)} + (ret (result :t) { result = lsl_bv a (of_int b) } { result = lsl a b }) + = any + let shr (a:t) (b:int) + { [@expl:out-of-bounds shifting] ult (of_int b) size_bv \/ b < size } + (ret (result :t) { result = asr_bv a (of_int b) } { result = asr a b }) + = any + + let to_bv256 (a:t) + (ret (result: BV256.t) { result = to_BV256 a }) + = any + let of_bv256 (a:BV256.t) + { [@expl:arithmetic overflow] bv256_to_int a >= 0 /\ bv256_to_int a < two_power_size } + (ret (result: t) { result = of_BV256 a }) + = any +end +module Int64 + use export bv.BV64 + use bv.BV256 as BV256 + use bv.BVConverter_64_256 + use bv.Pow2int + use int.Int + use int.ComputerDivision as CD + + constant min_sint : t = 0x8000000000000000 + constant max_sint : t = 0x7FFFFFFFFFFFFFFF + constant two_power_size_minus_one : int = 0x8000000000000000 + constant minus_one : t = 0xFFFFFFFFFFFFFFFF + + function to_BV256 (x: t) : BV256.t = stoBig x + function of_BV256 (x: BV256.t) : t = toSmall x + function bv256_to_int (x: BV256.t) : int = BV256.t'int x + constant min_sint_as_BV256 : BV256.t = to_BV256 min_sint + constant max_sint_as_BV256 : BV256.t = to_BV256 max_sint + + function to_uint(x:t): int = t'int x + + let eq (a: t) (b: t) (ret (result: bool) { result <-> to_int a = to_int b } { result <-> a = b }) = any + let ne (a: t) (b: t) (ret (result: bool) { result <-> to_int a <> to_int b } { result <-> a <> b }) = any + let le (a: t) (b: t) (ret (result: bool) { result <-> to_int a <= to_int b } { result <-> sle a b }) = any + let lt (a: t) (b: t) (ret (result: bool) { result <-> to_int a < to_int b } { result <-> slt a b }) = any + let ge (a: t) (b: t) (ret (result: bool) { result <-> to_int a >= to_int b } { result <-> sge a b }) = any + let gt (a: t) (b: t) (ret (result: bool) { result <-> to_int a > to_int b } { result <-> sgt a b }) = any + + let add (a:t) (b:t) + { [@expl:arithmetic overflow] - two_power_size_minus_one <= to_int a + to_int b < two_power_size_minus_one \/ let r = BV256.add (to_BV256 a) (to_BV256 b) in (BV256.sle min_sint_as_BV256 r /\ BV256.sle r max_sint_as_BV256) } + (ret (result :t) { to_int result = to_int a + to_int b } { result = add a b }) + = any + let sub (a:t) (b:t) + { [@expl:arithmetic overflow] - two_power_size_minus_one <= to_int a - to_int b < two_power_size_minus_one \/ let r = BV256.sub (to_BV256 a) (to_BV256 b) in (BV256.sle min_sint_as_BV256 r /\ BV256.sle r max_sint_as_BV256) } + (ret (result: t) { to_int result = to_int a - to_int b } { result = sub a b }) + = any + let mul (a:t) (b:t) + { [@expl:arithmetic overflow] - two_power_size_minus_one <= to_int a * to_int b < two_power_size_minus_one \/ let r = BV256.mul (to_BV256 a) (to_BV256 b) in (BV256.sle min_sint_as_BV256 r /\ BV256.sle r max_sint_as_BV256) } + (ret (result: t) { to_int result = to_int a * to_int b } { result = mul a b }) + = any + let div (a:t) (b:t) + { [@expl:division by zero] b <> zeros \/ to_int b <> 0 } + { [@expl:signed division overflow check] (a <> min_sint \/ b <> minus_one) \/ (to_int a <> to_int min_sint \/ to_int b <> -1) } + (ret (result: t) { to_int result = CD.div (to_int a) (to_int b) } { result = sdiv a b }) + = any + let rem (a:t) (b:t) + { [@expl:remainder by zero] b <> zeros \/ to_int b <> 0 } + (ret (result: t) { to_int result = CD.mod (to_int a) (to_int b) } { result = srem a b }) + = any + + let bw_and (a:t) (b:t) (ret (result :t)) = ret { bw_and a b } + let bw_or (a:t) (b:t) (ret (result :t)) = ret { bw_or a b } + let bw_xor (a:t) (b:t) (ret (result :t)) = ret { bw_xor a b } + let bw_not (a:t) (ret (result :t)) = ret { bw_not a } + let shl (a:t) (b:int) + { [@expl:out-of-bounds shifting] ult (of_int b) size_bv \/ b < size } + { [@expl:out-of-bounds shifting] sle zeros a \/ to_int a >= 0 } + { [@expl:arithmetic overflow] (to_int a) * (pow2 (b)) < two_power_size_minus_one \/ let r = BV256.lsl_bv (to_BV256 a) (to_BV256 (of_int b)) in (BV256.sle min_sint_as_BV256 r /\ BV256.sle r max_sint_as_BV256)} + (ret (result :t) { result = lsl_bv a (of_int b) } { result = lsl a b }) + = any + let shr (a:t) (b:int) + { [@expl:out-of-bounds shifting] ult (of_int b) size_bv \/ b < size } + (ret (result :t) { result = asr_bv a (of_int b) } { result = asr a b }) + = any + + let to_bv256 (a:t) + (ret (result: BV256.t) { result = to_BV256 a }) + = any + let of_bv256 (a:BV256.t) + { [@expl:arithmetic overflow] bv256_to_int a >= 0 /\ bv256_to_int a < two_power_size } + (ret (result: t) { result = of_BV256 a }) + = any +end +module Int128 + use export bv.BV128 + use bv.BV256 as BV256 + use bv.BVConverter_128_256 + use bv.Pow2int + use int.Int + use int.ComputerDivision as CD + + constant min_sint : t = 0x80000000000000000000000000000000 + constant max_sint : t = 0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF + constant two_power_size_minus_one : int = 0x80000000000000000000000000000000 + constant minus_one : t = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF + + function to_BV256 (x: t) : BV256.t = stoBig x + function of_BV256 (x: BV256.t) : t = toSmall x + function bv256_to_int (x: BV256.t) : int = BV256.t'int x + constant min_sint_as_BV256 : BV256.t = to_BV256 min_sint + constant max_sint_as_BV256 : BV256.t = to_BV256 max_sint + + function to_uint(x:t): int = t'int x + + let eq (a: t) (b: t) (ret (result: bool) { result <-> to_int a = to_int b } { result <-> a = b }) = any + let ne (a: t) (b: t) (ret (result: bool) { result <-> to_int a <> to_int b } { result <-> a <> b }) = any + let le (a: t) (b: t) (ret (result: bool) { result <-> to_int a <= to_int b } { result <-> sle a b }) = any + let lt (a: t) (b: t) (ret (result: bool) { result <-> to_int a < to_int b } { result <-> slt a b }) = any + let ge (a: t) (b: t) (ret (result: bool) { result <-> to_int a >= to_int b } { result <-> sge a b }) = any + let gt (a: t) (b: t) (ret (result: bool) { result <-> to_int a > to_int b } { result <-> sgt a b }) = any + + let add (a:t) (b:t) + { [@expl:arithmetic overflow] - two_power_size_minus_one <= to_int a + to_int b < two_power_size_minus_one \/ let r = BV256.add (to_BV256 a) (to_BV256 b) in (BV256.sle min_sint_as_BV256 r /\ BV256.sle r max_sint_as_BV256) } + (ret (result :t) { to_int result = to_int a + to_int b } { result = add a b }) + = any + let sub (a:t) (b:t) + { [@expl:arithmetic overflow] - two_power_size_minus_one <= to_int a - to_int b < two_power_size_minus_one \/ let r = BV256.sub (to_BV256 a) (to_BV256 b) in (BV256.sle min_sint_as_BV256 r /\ BV256.sle r max_sint_as_BV256) } + (ret (result: t) { to_int result = to_int a - to_int b } { result = sub a b }) + = any + let mul (a:t) (b:t) + { [@expl:arithmetic overflow] - two_power_size_minus_one <= to_int a * to_int b < two_power_size_minus_one \/ let r = BV256.mul (to_BV256 a) (to_BV256 b) in (BV256.sle min_sint_as_BV256 r /\ BV256.sle r max_sint_as_BV256) } + (ret (result: t) { to_int result = to_int a * to_int b } { result = mul a b }) + = any + let div (a:t) (b:t) + { [@expl:division by zero] b <> zeros \/ to_int b <> 0 } + { [@expl:signed division overflow check] (a <> min_sint \/ b <> minus_one) \/ (to_int a <> to_int min_sint \/ to_int b <> -1) } + (ret (result: t) { to_int result = CD.div (to_int a) (to_int b) } { result = sdiv a b }) + = any + let rem (a:t) (b:t) + { [@expl:remainder by zero] b <> zeros \/ to_int b <> 0 } + (ret (result: t) { to_int result = CD.mod (to_int a) (to_int b) } { result = srem a b }) + = any + + let bw_and (a:t) (b:t) (ret (result :t)) = ret { bw_and a b } + let bw_or (a:t) (b:t) (ret (result :t)) = ret { bw_or a b } + let bw_xor (a:t) (b:t) (ret (result :t)) = ret { bw_xor a b } + let bw_not (a:t) (ret (result :t)) = ret { bw_not a } + let shl (a:t) (b:int) + { [@expl:out-of-bounds shifting] ult (of_int b) size_bv \/ b < size } + { [@expl:out-of-bounds shifting] sle zeros a \/ to_int a >= 0 } + { [@expl:arithmetic overflow] (to_int a) * (pow2 (b)) < two_power_size_minus_one \/ let r = BV256.lsl_bv (to_BV256 a) (to_BV256 (of_int b)) in (BV256.sle min_sint_as_BV256 r /\ BV256.sle r max_sint_as_BV256)} + (ret (result :t) { result = lsl_bv a (of_int b) } { result = lsl a b }) + = any + let shr (a:t) (b:int) + { [@expl:out-of-bounds shifting] ult (of_int b) size_bv \/ b < size } + (ret (result :t) { result = asr_bv a (of_int b) } { result = asr a b }) + = any + + let to_bv256 (a:t) + (ret (result: BV256.t) { result = to_BV256 a }) + = any + let of_bv256 (a:BV256.t) + { [@expl:arithmetic overflow] bv256_to_int a >= 0 /\ bv256_to_int a < two_power_size } + (ret (result: t) { result = of_BV256 a }) + = any +end diff --git a/prelude/prelude.coma b/prelude/prelude.coma index 2b340ef7dc..537bd8d3c4 100644 --- a/prelude/prelude.coma +++ b/prelude/prelude.coma @@ -60,7 +60,9 @@ module Real end + (* Signed Integer *) +(* module Int8 use int.Int @@ -114,6 +116,7 @@ module Int8 { [@expl:integer overflow] in_bounds (mod a b) } (ret (result : int8) { result = mod a b }) = any end + module Int16 use export bv.BV16 use bv.BV128 as BV128 @@ -336,6 +339,8 @@ module Int128 { [@expl:integer overflow] in_bounds (mod a b) } (ret (result : int128) { result = mod a b }) = any end + +*) module IntSize use int.Int @@ -390,227 +395,41 @@ module IntSize (ret (result :isize) { result = mod a b }) = any end -(* Unsigned Integers *) +(* Int *) module UInt8 - use export bv.BV8 - use bv.BV128 as BV128 - use bv.BVConverter_8_128 - use int.Int - use int.EuclideanDivision as ED - - constant max_uint : t = 0xFF - function uto_bv128 (x: t) : BV128.t = toBig x - constant max_uint_as_bv128 : BV128.t = uto_bv128 max_uint - - function to_uint(x:t): int = t'int x - - let eq (a: t) (b: t) (ret (result: bool) { result <-> to_uint a = to_uint b } { result <-> a = b }) = any - let ne (a: t) (b: t) (ret (result: bool) { result <-> to_uint a <> to_uint b } { result <-> a <> b }) = any - let le (a: t) (b: t) (ret (result: bool) { result <-> to_uint a <= to_uint b } { result <-> ule a b }) = any - let lt (a: t) (b: t) (ret (result: bool) { result <-> to_uint a < to_uint b } { result <-> ult a b }) = any - let ge (a: t) (b: t) (ret (result: bool) { result <-> to_uint a >= to_uint b } { result <-> uge a b }) = any - let gt (a: t) (b: t) (ret (result: bool) { result <-> to_uint a > to_uint b } { result <-> ugt a b }) = any - - let add (a:t) (b:t) - { [@expl:arithmetic overflow] to_uint a + to_uint b < two_power_size \/ BV128.ule (BV128.add (uto_bv128 a) (uto_bv128 b)) max_uint_as_bv128 } - (ret (result :t) { to_uint result = to_uint a + to_uint b } { result = add a b }) - = any - let sub (a:t) (b:t) - { [@expl:arithmetic overflow] to_uint a >= to_uint b \/ uge a b } - (ret (result: t) { to_uint result = to_uint a - to_uint b } { result = sub a b }) - = any - let mul (a:t) (b:t) - { [@expl:arithmetic overflow] to_uint a * to_uint b < two_power_size \/ BV128.ule (BV128.mul (uto_bv128 a) (uto_bv128 b)) max_uint_as_bv128 } - (ret (result: t) { result = mul a b } { to_int result = to_uint a * to_uint b }) - = any - let div (a:t) (b:t) - { [@expl:division by zero] b <> zeros \/ to_uint b <> 0 } - (ret (result: t) { to_uint result = ED.div (to_uint a) (to_uint b) } { result = udiv a b }) - = any - let rem (a:t) (b:t) - { [@expl:remainder by zero] b <> zeros \/ to_uint b <> 0 } - (ret (result: t) { to_uint result = ED.mod (to_uint a) (to_uint b) } { result = urem a b }) - = any - - let bw_and (a:t) (b:t) (ret (result :t)) = ret { bw_and a b } - let bw_or (a:t) (b:t) (ret (result :t)) = ret { bw_or a b } - let bw_xor (a:t) (b:t) (ret (result :t)) = ret { bw_xor a b } - let bw_not (a:t) (ret (result :t)) = ret { bw_not a } - let shl (a:t) (b:t) - { [@expl:out-of-bounds shifting] ult b size_bv \/ to_uint b < size } - (ret (result :t) { result = lsl_bv a b } { result = lsl a (to_uint b) }) - = any - let shr (a:t) (b:t) - { [@expl:out-of-bounds shifting] ult b size_bv \/ to_uint b < size } - (ret (result :t) { result = lsr_bv a b } { result = lsr a (to_uint b) }) - = any + use export prelude.int.UInt8 end module UInt16 - use export bv.BV16 - use bv.BV128 as BV128 - use bv.BVConverter_16_128 - use int.Int - use int.EuclideanDivision as ED - - constant max_uint : t = 0xFFFF - function uto_bv128 (x: t) : BV128.t = toBig x - constant max_uint_as_bv128 : BV128.t = uto_bv128 max_uint - - function to_uint(x:t): int = t'int x - - let eq (a: t) (b: t) (ret (result: bool) { result <-> to_uint a = to_uint b } { result <-> a = b }) = any - let ne (a: t) (b: t) (ret (result: bool) { result <-> to_uint a <> to_uint b } { result <-> a <> b }) = any - let le (a: t) (b: t) (ret (result: bool) { result <-> to_uint a <= to_uint b } { result <-> ule a b }) = any - let lt (a: t) (b: t) (ret (result: bool) { result <-> to_uint a < to_uint b } { result <-> ult a b }) = any - let ge (a: t) (b: t) (ret (result: bool) { result <-> to_uint a >= to_uint b } { result <-> uge a b }) = any - let gt (a: t) (b: t) (ret (result: bool) { result <-> to_uint a > to_uint b } { result <-> ugt a b }) = any - - let add (a:t) (b:t) - { [@expl:arithmetic overflow] to_uint a + to_uint b < two_power_size \/ BV128.ule (BV128.add (uto_bv128 a) (uto_bv128 b)) max_uint_as_bv128 } - (ret (result :t) { to_uint result = to_uint a + to_uint b } { result = add a b }) - = any - let sub (a:t) (b:t) - { [@expl:arithmetic overflow] to_uint a >= to_uint b \/ uge a b } - (ret (result: t) { to_uint result = to_uint a - to_uint b } { result = sub a b }) - = any - let mul (a:t) (b:t) - { [@expl:arithmetic overflow] to_uint a * to_uint b < two_power_size \/ BV128.ule (BV128.mul (uto_bv128 a) (uto_bv128 b)) max_uint_as_bv128 } - (ret (result: t) { result = mul a b } { to_int result = to_uint a * to_uint b }) - = any - let div (a:t) (b:t) - { [@expl:division by zero] b <> zeros \/ to_uint b <> 0 } - (ret (result: t) { to_uint result = ED.div (to_uint a) (to_uint b) } { result = udiv a b }) - = any - let rem (a:t) (b:t) - { [@expl:remainder by zero] b <> zeros \/ to_uint b <> 0 } - (ret (result: t) { to_uint result = ED.mod (to_uint a) (to_uint b) } { result = urem a b }) - = any - - let bw_and (a:t) (b:t) (ret (result :t)) = ret { bw_and a b } - let bw_or (a:t) (b:t) (ret (result :t)) = ret { bw_or a b } - let bw_xor (a:t) (b:t) (ret (result :t)) = ret { bw_xor a b } - let bw_not (a:t) (ret (result :t)) = ret { bw_not a } - let shl (a:t) (b:t) - { [@expl:out-of-bounds shifting] ult b size_bv \/ to_uint b < size } - (ret (result :t) { result = lsl_bv a b } { result = lsl a (to_uint b) }) - = any - let shr (a:t) (b:t) - { [@expl:out-of-bounds shifting] ult b size_bv \/ to_uint b < size } - (ret (result :t) { result = lsr_bv a b } { result = lsr a (to_uint b) }) - = any + use export prelude.int.UInt16 end module UInt32 - use export bv.BV32 - use bv.BV128 as BV128 - use bv.BVConverter_32_128 - use int.Int - use int.EuclideanDivision as ED - - constant max_uint : t = 0xFFFFFFFF - function uto_bv128 (x: t) : BV128.t = toBig x - constant max_uint_as_bv128 : BV128.t = uto_bv128 max_uint - - function to_uint(x:t): int = t'int x - - let eq (a: t) (b: t) (ret (result: bool) { result <-> to_uint a = to_uint b } { result <-> a = b }) = any - let ne (a: t) (b: t) (ret (result: bool) { result <-> to_uint a <> to_uint b } { result <-> a <> b }) = any - let le (a: t) (b: t) (ret (result: bool) { result <-> to_uint a <= to_uint b } { result <-> ule a b }) = any - let lt (a: t) (b: t) (ret (result: bool) { result <-> to_uint a < to_uint b } { result <-> ult a b }) = any - let ge (a: t) (b: t) (ret (result: bool) { result <-> to_uint a >= to_uint b } { result <-> uge a b }) = any - let gt (a: t) (b: t) (ret (result: bool) { result <-> to_uint a > to_uint b } { result <-> ugt a b }) = any - - let add (a:t) (b:t) - { [@expl:arithmetic overflow] to_uint a + to_uint b < two_power_size \/ BV128.ule (BV128.add (uto_bv128 a) (uto_bv128 b)) max_uint_as_bv128 } - (ret (result :t) { to_uint result = to_uint a + to_uint b } { result = add a b }) - = any - let sub (a:t) (b:t) - { [@expl:arithmetic overflow] to_uint a >= to_uint b \/ uge a b } - (ret (result: t) { to_uint result = to_uint a - to_uint b } { result = sub a b }) - = any - let mul (a:t) (b:t) - { [@expl:arithmetic overflow] to_uint a * to_uint b < two_power_size \/ BV128.ule (BV128.mul (uto_bv128 a) (uto_bv128 b)) max_uint_as_bv128 } - (ret (result: t) { result = mul a b } { to_int result = to_uint a * to_uint b }) - = any - let div (a:t) (b:t) - { [@expl:division by zero] b <> zeros \/ to_uint b <> 0 } - (ret (result: t) { to_uint result = ED.div (to_uint a) (to_uint b) } { result = udiv a b }) - = any - let rem (a:t) (b:t) - { [@expl:remainder by zero] b <> zeros \/ to_uint b <> 0 } - (ret (result: t) { to_uint result = ED.mod (to_uint a) (to_uint b) } { result = urem a b }) - = any - - let bw_and (a:t) (b:t) (ret (result :t)) = ret { bw_and a b } - let bw_or (a:t) (b:t) (ret (result :t)) = ret { bw_or a b } - let bw_xor (a:t) (b:t) (ret (result :t)) = ret { bw_xor a b } - let bw_not (a:t) (ret (result :t)) = ret { bw_not a } - let shl (a:t) (b:t) - { [@expl:out-of-bounds shifting] ult b size_bv \/ to_uint b < size } - (ret (result :t) { result = lsl_bv a b } { result = lsl a (to_uint b) }) - = any - let shr (a:t) (b:t) - { [@expl:out-of-bounds shifting] ult b size_bv \/ to_uint b < size } - (ret (result :t) { result = lsr_bv a b } { result = lsr a (to_uint b) }) - = any + use export prelude.int.UInt32 end module UInt64 - use export bv.BV64 - use bv.BV128 as BV128 - use bv.BVConverter_64_128 - use int.Int - use int.EuclideanDivision as ED - - constant max_uint : t = 0xFFFFFFFFFFFFFFFF - function uto_bv128 (x: t) : BV128.t = toBig x - constant max_uint_as_bv128 : BV128.t = uto_bv128 max_uint - - function to_uint(x:t): int = t'int x - - let eq (a: t) (b: t) (ret (result: bool) { result <-> to_uint a = to_uint b } { result <-> a = b }) = any - let ne (a: t) (b: t) (ret (result: bool) { result <-> to_uint a <> to_uint b } { result <-> a <> b }) = any - let le (a: t) (b: t) (ret (result: bool) { result <-> to_uint a <= to_uint b } { result <-> ule a b }) = any - let lt (a: t) (b: t) (ret (result: bool) { result <-> to_uint a < to_uint b } { result <-> ult a b }) = any - let ge (a: t) (b: t) (ret (result: bool) { result <-> to_uint a >= to_uint b } { result <-> uge a b }) = any - let gt (a: t) (b: t) (ret (result: bool) { result <-> to_uint a > to_uint b } { result <-> ugt a b }) = any - - let add (a:t) (b:t) - { [@expl:arithmetic overflow] to_uint a + to_uint b < two_power_size \/ BV128.ule (BV128.add (uto_bv128 a) (uto_bv128 b)) max_uint_as_bv128 } - (ret (result :t) { to_uint result = to_uint a + to_uint b } { result = add a b }) - = any - let sub (a:t) (b:t) - { [@expl:arithmetic overflow] to_uint a >= to_uint b \/ uge a b } - (ret (result: t) { to_uint result = to_uint a - to_uint b } { result = sub a b }) - = any - let mul (a:t) (b:t) - { [@expl:arithmetic overflow] to_uint a * to_uint b < two_power_size \/ BV128.ule (BV128.mul (uto_bv128 a) (uto_bv128 b)) max_uint_as_bv128 } - (ret (result: t) { result = mul a b } { to_int result = to_uint a * to_uint b }) - = any - let div (a:t) (b:t) - { [@expl:division by zero] b <> zeros \/ to_uint b <> 0 } - (ret (result: t) { to_uint result = ED.div (to_uint a) (to_uint b) } { result = udiv a b }) - = any - let rem (a:t) (b:t) - { [@expl:remainder by zero] b <> zeros \/ to_uint b <> 0 } - (ret (result: t) { to_uint result = ED.mod (to_uint a) (to_uint b) } { result = urem a b }) - = any - - let bw_and (a:t) (b:t) (ret (result :t)) = ret { bw_and a b } - let bw_or (a:t) (b:t) (ret (result :t)) = ret { bw_or a b } - let bw_xor (a:t) (b:t) (ret (result :t)) = ret { bw_xor a b } - let bw_not (a:t) (ret (result :t)) = ret { bw_not a } - let shl (a:t) (b:t) - { [@expl:out-of-bounds shifting] ult b size_bv \/ to_uint b < size } - (ret (result :t) { result = lsl_bv a b } { result = lsl a (to_uint b) }) - = any - let shr (a:t) (b:t) - { [@expl:out-of-bounds shifting] ult b size_bv \/ to_uint b < size } - (ret (result :t) { result = lsr_bv a b } { result = lsr a (to_uint b) }) - = any + use export prelude.int.UInt64 +end +module UInt128 + use export prelude.int.UInt128 end +module Int8 + use export prelude.int.Int8 +end +module Int16 + use export prelude.int.Int16 +end +module Int32 + use export prelude.int.Int32 +end +module Int64 + use export prelude.int.Int64 +end +module Int128 + use export prelude.int.Int128 +end - +(* module UInt128 use int.Int @@ -664,6 +483,7 @@ module UInt128 { [@expl:integer overflow] in_bounds (mod a b) } (ret (result :uint128) { result = mod a b }) = any end +*) module UIntSize use int.Int From 7b90f6085e720104c0c9c63310919caf8d789d65 Mon Sep 17 00:00:00 2001 From: SCHNEIDER Laurent Date: Wed, 30 Oct 2024 14:05:37 +0100 Subject: [PATCH 06/15] isize/usize - first step --- creusot-contracts/src/std/num.rs | 6 +- creusot-deps.opam | 8 +- creusot/src/backend/clone_map.rs | 4 - creusot/src/backend/program.rs | 91 +- creusot/src/backend/term.rs | 7 +- creusot/src/backend/ty.rs | 191 ++-- .../bug/01_resolve_unsoundness.coma | 47 +- creusot/tests/should_fail/bug/222.coma | 6 +- creusot/tests/should_fail/bug/492.coma | 53 +- creusot/tests/should_fail/bug/692.coma | 53 +- creusot/tests/should_fail/bug/695.coma | 61 +- creusot/tests/should_fail/bug/specialize.coma | 60 +- creusot/tests/should_fail/bug/subregion.coma | 20 +- creusot/tests/should_fail/final_borrows.coma | 72 +- .../traits/17_impl_refinement.coma | 47 +- .../should_fail/type_invariants/borrows.coma | 486 +++++---- .../unsupported_binary_operations.rs | 13 - .../unsupported_binary_operations.stderr | 28 - creusot/tests/should_succeed/100doors.coma | 174 +-- creusot/tests/should_succeed/all_zero.coma | 54 +- creusot/tests/should_succeed/bdd.coma | 992 ++++++++++-------- .../tests/should_succeed/binary_search.coma | 228 ++-- creusot/tests/should_succeed/bug/168.coma | 8 +- creusot/tests/should_succeed/bug/271.coma | 12 +- creusot/tests/should_succeed/bug/387.coma | 45 +- creusot/tests/should_succeed/bug/545.coma | 2 +- creusot/tests/should_succeed/bug/594.coma | 80 +- .../should_succeed/bug/final_borrows.coma | 319 +++--- .../tests/should_succeed/swap_borrows.coma | 48 +- .../vector/04_binary_search.coma | 163 +-- prelude/prelude.coma | 7 +- 31 files changed, 1861 insertions(+), 1524 deletions(-) delete mode 100644 creusot/tests/should_fail/unsupported_binary_operations.rs delete mode 100644 creusot/tests/should_fail/unsupported_binary_operations.stderr diff --git a/creusot-contracts/src/std/num.rs b/creusot-contracts/src/std/num.rs index c806a472cd..162e204d0a 100644 --- a/creusot-contracts/src/std/num.rs +++ b/creusot-contracts/src/std/num.rs @@ -38,14 +38,16 @@ mach_int!(u16, "prelude.prelude.UInt16.to_uint", 0u16); mach_int!(u32, "prelude.prelude.UInt32.to_uint", 0u32); mach_int!(u64, "prelude.prelude.UInt64.to_uint", 0u64); mach_int!(u128, "prelude.prelude.UInt128.to_uint", 0u128); -mach_int!(usize, "prelude.prelude.UIntSize.to_uint", 0usize); +// mach_int!(usize, "prelude.prelude.UIntSize.to_uint", 0usize); +mach_int!(usize, "prelude.prelude.UInt64.to_uint", 0usize); // TODO laurent mach_int!(i8, "prelude.prelude.Int8.to_int", 0i8); mach_int!(i16, "prelude.prelude.Int16.to_int", 0i16); mach_int!(i32, "prelude.prelude.Int32.to_int", 0i32); mach_int!(i64, "prelude.prelude.Int64.to_int", 0i64); mach_int!(i128, "prelude.prelude.Int128.to_int", 0i128); -mach_int!(isize, "prelude.prelude.IntSize.to_int", 9isize); +// mach_int!(isize, "prelude.prelude.IntSize.to_int", 0isize); +mach_int!(isize, "prelude.prelude.Int64.to_int", 0isize); // TODO laurent /// Adds specifications for checked, wrapping, saturating, and overflowing operations on the given /// integer type diff --git a/creusot-deps.opam b/creusot-deps.opam index a4ae6804be..229a0e11cf 100644 --- a/creusot-deps.opam +++ b/creusot-deps.opam @@ -4,8 +4,8 @@ opam-version: "2.0" maintainer: "Armaël Guéneau " authors: "the creusot authors" depends: [ - "why3" {= "git-9c05"} - "why3-ide" {= "git-9c05" & !?in-creusot-ci} + "why3" {= "git-fd81"} + "why3-ide" {= "git-fd81" & !?in-creusot-ci} # optional dependencies of why3 "ocamlgraph" "camlzip" @@ -14,6 +14,6 @@ depends: [ # When updating the hash and git-XXX below, don't forget to update them in the # depends: field above! pin-depends: [ - [ "why3.git-9c05" "git+https://gitlab.inria.fr/why3/why3.git#9c0548a62" ] - [ "why3-ide.git-9c05" "git+https://gitlab.inria.fr/why3/why3.git#9c0548a62" ] + [ "why3.git-fd81" "git+https://gitlab.inria.fr/why3/why3.git#fd81557d" ] + [ "why3-ide.git-fd81" "git+https://gitlab.inria.fr/why3/why3.git#fd81557d" ] ] diff --git a/creusot/src/backend/clone_map.rs b/creusot/src/backend/clone_map.rs index 6ba31af95c..8a68dc6711 100644 --- a/creusot/src/backend/clone_map.rs +++ b/creusot/src/backend/clone_map.rs @@ -35,13 +35,11 @@ pub enum PreludeModule { Int32, Int64, Int128, - Isize, UInt8, UInt16, UInt32, UInt64, UInt128, - Usize, Char, Bool, Borrow, @@ -68,8 +66,6 @@ impl PreludeModule { PreludeModule::UInt128 => QName::from_string("prelude.prelude.UInt128"), PreludeModule::Char => QName::from_string("prelude.prelude.Char"), PreludeModule::Opaque => QName::from_string("prelude.prelude.Opaque"), - PreludeModule::Isize => QName::from_string("prelude.prelude.IntSize"), - PreludeModule::Usize => QName::from_string("prelude.prelude.UIntSize"), PreludeModule::Bool => QName::from_string("prelude.prelude.Bool"), PreludeModule::Borrow => QName::from_string("prelude.prelude.Borrow"), PreludeModule::Slice => QName::from_string("prelude.prelude.Slice"), diff --git a/creusot/src/backend/program.rs b/creusot/src/backend/program.rs index d76c821ff7..a7749859a8 100644 --- a/creusot/src/backend/program.rs +++ b/creusot/src/backend/program.rs @@ -1,3 +1,5 @@ +use self::ty::{concret_intty, concret_uintty}; + use super::{ clone_map::PreludeModule, is_trusted_function, @@ -34,6 +36,7 @@ use rustc_middle::{ use rustc_span::{Symbol, DUMMY_SP}; use rustc_target::abi::VariantIdx; use rustc_type_ir::{FloatTy, IntTy, UintTy}; +use rustc_target::spec::HasTargetSpec; use std::{cell::RefCell, fmt::Debug}; use why3::{ coma::{self, Arg, Defn, Expr, Param, Term}, @@ -426,8 +429,8 @@ impl<'tcx> RValue<'tcx> { // rust allows shifting by a value of any integer type // so we need to import the prelude for the right operand let prelude: PreludeModule = match r_ty.kind() { - TyKind::Int(ity) => int_to_prelude(*ity), - TyKind::Uint(uty) => uint_to_prelude(*uty), + TyKind::Int(ity) => int_to_prelude(concret_intty(*ity, lower.names.tcx().target_spec().pointer_width)), + TyKind::Uint(uty) => uint_to_prelude(concret_uintty(*uty, lower.names.tcx().target_spec().pointer_width)), _ => unreachable!("right operande, non-integer type for binary operation {op:?} {ty:?}"), }; lower.names.import_prelude_module(prelude); @@ -461,8 +464,8 @@ impl<'tcx> RValue<'tcx> { TyKind::Bool => arg.to_why(lower, istmts).not(), TyKind::Int(_) | TyKind::Uint(_) => { let prelude: PreludeModule = match a_ty.kind() { - TyKind::Int(ity) => int_to_prelude(*ity), - TyKind::Uint(uty) => uint_to_prelude(*uty), + TyKind::Int(ity) => int_to_prelude(concret_intty(*ity, lower.names.tcx().target_spec().pointer_width)), + TyKind::Uint(uty) => uint_to_prelude(concret_uintty(*uty, lower.names.tcx().target_spec().pointer_width)), _ => unreachable!("this is not an executable path {ty:?}"), }; @@ -480,8 +483,8 @@ impl<'tcx> RValue<'tcx> { }, RValue::UnaryOp(UnOp::Neg, arg) => { let prelude: PreludeModule = match ty.kind() { - TyKind::Int(ity) => int_to_prelude(*ity), - TyKind::Uint(uty) => uint_to_prelude(*uty), + TyKind::Int(ity) => int_to_prelude(concret_intty(*ity, lower.names.tcx().target_spec().pointer_width)), + TyKind::Uint(uty) => uint_to_prelude(concret_uintty(*uty, lower.names.tcx().target_spec().pointer_width)), TyKind::Float(FloatTy::F32) => PreludeModule::Float32, TyKind::Float(FloatTy::F64) => PreludeModule::Float64, TyKind::Bool => PreludeModule::Bool, @@ -515,15 +518,17 @@ impl<'tcx> RValue<'tcx> { Exp::Tuple(f.into_iter().map(|f| f.to_why(lower, istmts)).collect()) } RValue::Cast(e, source, target) => { - let bv256_ty = Type::TConstructor(QName::from_string("BV256.t").unwrap()); + let bv256_ty = Type::TConstructor(QName::from_string("BV256.t")); let to_fname = match source.kind() { TyKind::Int(ity) => { - lower.names.import_prelude_module(int_to_prelude(*ity)); + let ity = concret_intty(*ity, lower.names.tcx().target_spec().pointer_width); + lower.names.import_prelude_module(int_to_prelude(ity)); int_to_bv256(ity) } TyKind::Uint(uty) => { - lower.names.import_prelude_module(uint_to_prelude(*uty)); + let uty = concret_uintty(*uty, lower.names.tcx().target_spec().pointer_width); + lower.names.import_prelude_module(uint_to_prelude(uty)); uint_to_bv256(uty) } // Laurent Todo: remettre le cast bool operationnelle @@ -549,8 +554,8 @@ impl<'tcx> RValue<'tcx> { // convert BV256.t to target let of_ret_id: Ident = "_ret_from".into(); let of_fname = match target.kind() { - TyKind::Int(ity) => int_from_bv256(ity), - TyKind::Uint(uty) => uint_from_bv256(uty), + TyKind::Int(ity) => int_from_bv256(concret_intty(*ity, lower.names.tcx().target_spec().pointer_width)), + TyKind::Uint(uty) => uint_from_bv256(concret_uintty(*uty, lower.names.tcx().target_spec().pointer_width)), // Laurent Todo: remettre le char bool operationnelle // TyKind::Char => { // lower.names.import_prelude_module(PreludeModule::Char); @@ -1253,8 +1258,8 @@ fn func_call_to_why3<'tcx, N: Namer<'tcx>>( pub(crate) fn binop_to_binop<'tcx, N: Namer<'tcx>>(names: &mut N, ty: Ty, op: mir::BinOp) -> QName { let prelude: PreludeModule = match ty.kind() { - TyKind::Int(ity) => int_to_prelude(*ity), - TyKind::Uint(uty) => uint_to_prelude(*uty), + TyKind::Int(ity) => int_to_prelude(concret_intty(*ity, names.tcx().target_spec().pointer_width)), + TyKind::Uint(uty) => uint_to_prelude(concret_uintty(*uty, names.tcx().target_spec().pointer_width)), TyKind::Float(FloatTy::F32) => PreludeModule::Float32, TyKind::Float(FloatTy::F64) => PreludeModule::Float64, TyKind::Bool => PreludeModule::Bool, @@ -1297,7 +1302,7 @@ pub(crate) fn binop_to_binop<'tcx, N: Namer<'tcx>>(names: &mut N, ty: Ty, op: mi pub(crate) fn int_to_prelude(ity: IntTy) -> PreludeModule { match ity { - IntTy::Isize => PreludeModule::Isize, + IntTy::Isize => panic!("int_to_prelude usize not supported"), IntTy::I8 => PreludeModule::Int8, IntTy::I16 => PreludeModule::Int16, IntTy::I32 => PreludeModule::Int32, @@ -1308,7 +1313,7 @@ pub(crate) fn int_to_prelude(ity: IntTy) -> PreludeModule { pub(crate) fn uint_to_prelude(ity: UintTy) -> PreludeModule { match ity { - UintTy::Usize => PreludeModule::Usize, + UintTy::Usize => panic!("uint_to_prelude usize not supported"), UintTy::U8 => PreludeModule::UInt8, UintTy::U16 => PreludeModule::UInt16, UintTy::U32 => PreludeModule::UInt32, @@ -1317,46 +1322,46 @@ pub(crate) fn uint_to_prelude(ity: UintTy) -> PreludeModule { } } -pub(crate) fn int_from_bv256(ity: &IntTy) -> QName { +pub(crate) fn int_from_bv256(ity: IntTy) -> QName { match ity { - IntTy::Isize => QName::from_string("IntSize.of_bv256").unwrap(), - IntTy::I8 => QName::from_string("Int8.of_bv256").unwrap(), - IntTy::I16 => QName::from_string("Int16.of_bv256").unwrap(), - IntTy::I32 => QName::from_string("Int32.of_bv256").unwrap(), - IntTy::I64 => QName::from_string("Int64.of_bv256").unwrap(), - IntTy::I128 => QName::from_string("Int128.of_bv256").unwrap(), + IntTy::Isize => panic!("int_from_bv256 isize not supported"), + IntTy::I8 => QName::from_string("Int8.of_bv256"), + IntTy::I16 => QName::from_string("Int16.of_bv256"), + IntTy::I32 => QName::from_string("Int32.of_bv256"), + IntTy::I64 => QName::from_string("Int64.of_bv256"), + IntTy::I128 => QName::from_string("Int128.of_bv256"), } } -pub(crate) fn uint_from_bv256(uty: &UintTy) -> QName { +pub(crate) fn uint_from_bv256(uty: UintTy) -> QName { match uty { - UintTy::Usize => QName::from_string("UIntSize.of_bv256").unwrap(), - UintTy::U8 => QName::from_string("UInt8.of_bv256").unwrap(), - UintTy::U16 => QName::from_string("UInt16.of_bv256").unwrap(), - UintTy::U32 => QName::from_string("UInt32.of_bv256").unwrap(), - UintTy::U64 => QName::from_string("UInt64.of_bv256").unwrap(), - UintTy::U128 => QName::from_string("UInt128.of_bv256").unwrap(), + UintTy::Usize => panic!("uint_from_bv256 usize not supported"), + UintTy::U8 => QName::from_string("UInt8.of_bv256"), + UintTy::U16 => QName::from_string("UInt16.of_bv256"), + UintTy::U32 => QName::from_string("UInt32.of_bv256"), + UintTy::U64 => QName::from_string("UInt64.of_bv256"), + UintTy::U128 => QName::from_string("UInt128.of_bv256"), } } -pub(crate) fn int_to_bv256(ity: &IntTy) -> QName { +pub(crate) fn int_to_bv256(ity: IntTy) -> QName { match ity { - IntTy::Isize => QName::from_string("IntSize.to_bv256").unwrap(), - IntTy::I8 => QName::from_string("Int8.to_bv256").unwrap(), - IntTy::I16 => QName::from_string("Int16.to_bv256").unwrap(), - IntTy::I32 => QName::from_string("Int32.to_bv256").unwrap(), - IntTy::I64 => QName::from_string("Int64.to_bv256").unwrap(), - IntTy::I128 => QName::from_string("Int128.to_bv256").unwrap(), + IntTy::Isize => panic!("int_to_bv256 isize not supported"), + IntTy::I8 => QName::from_string("Int8.to_bv256"), + IntTy::I16 => QName::from_string("Int16.to_bv256"), + IntTy::I32 => QName::from_string("Int32.to_bv256"), + IntTy::I64 => QName::from_string("Int64.to_bv256"), + IntTy::I128 => QName::from_string("Int128.to_bv256"), } } -pub(crate) fn uint_to_bv256(uty: &UintTy) -> QName { +pub(crate) fn uint_to_bv256(uty: UintTy) -> QName { match uty { - UintTy::Usize => QName::from_string("UIntSize.to_bv256").unwrap(), - UintTy::U8 => QName::from_string("UInt8.to_bv256").unwrap(), - UintTy::U16 => QName::from_string("UInt16.to_bv256").unwrap(), - UintTy::U32 => QName::from_string("UInt32.to_bv256").unwrap(), - UintTy::U64 => QName::from_string("UInt64.to_bv256").unwrap(), - UintTy::U128 => QName::from_string("UInt128.to_bv256").unwrap(), + UintTy::Usize => panic!("uint_to_bv256 usize not supported"), + UintTy::U8 => QName::from_string("UInt8.to_bv256"), + UintTy::U16 => QName::from_string("UInt16.to_bv256"), + UintTy::U32 => QName::from_string("UInt32.to_bv256"), + UintTy::U64 => QName::from_string("UInt64.to_bv256"), + UintTy::U128 => QName::from_string("UInt128.to_bv256"), } } diff --git a/creusot/src/backend/term.rs b/creusot/src/backend/term.rs index 8bff5667db..d85f7aa2f8 100644 --- a/creusot/src/backend/term.rs +++ b/creusot/src/backend/term.rs @@ -1,6 +1,6 @@ use super::{program::borrow_generated_id, Why3Generator}; use crate::{ - backend::{program::{int_to_prelude, uint_to_prelude}, ty::{floatty_to_ty, intty_to_ty, translate_ty, uintty_to_ty}}, + backend::{program::{int_to_prelude, uint_to_prelude}, ty::{concret_intty, concret_uintty, floatty_to_ty, intty_to_ty, translate_ty, uintty_to_ty}}, contracts_items::get_builtin, ctx::*, pearlite::{self, Literal, Pattern, PointerKind, Term, TermKind}, @@ -9,6 +9,7 @@ use crate::{ }; use rustc_hir::{def::DefKind, def_id::DefId}; use rustc_middle::ty::{EarlyBinder, GenericArgsRef, Ty, TyCtxt, TyKind}; +use rustc_target::spec::HasTargetSpec; use why3::{ exp::{BinOp, Binder, Constant, Exp, Pattern as Pat}, ty::Type, @@ -84,8 +85,8 @@ impl<'tcx, N: Namer<'tcx>> Lower<'_, 'tcx, N> { BitAnd | BitOr | BitXor | Shl | Shr => { let ty_kind = term.creusot_ty().kind(); let prelude: PreludeModule = match ty_kind { - TyKind::Int(ity) => int_to_prelude(*ity), - TyKind::Uint(uty) => uint_to_prelude(*uty), + TyKind::Int(ity) => int_to_prelude(concret_intty(*ity, self.names.tcx().target_spec().pointer_width)), + TyKind::Uint(uty) => uint_to_prelude(concret_uintty(*uty, self.names.tcx().target_spec().pointer_width)), _ => unreachable!("the bitwise operator are only available on integer"), }; diff --git a/creusot/src/backend/ty.rs b/creusot/src/backend/ty.rs index 75045b8db8..a960321833 100644 --- a/creusot/src/backend/ty.rs +++ b/creusot/src/backend/ty.rs @@ -17,7 +17,7 @@ use rustc_middle::ty::{ GenericArgsRef, ParamEnv, Ty, TyCtxt, TyKind, }; use rustc_span::{Span, Symbol, DUMMY_SP}; -use rustc_target::abi::VariantIdx; +use rustc_target::{abi::VariantIdx, spec::HasTargetSpec}; use rustc_type_ir::TyKind::*; use std::collections::VecDeque; use why3::{ @@ -830,38 +830,93 @@ pub(crate) fn build_closure_accessor<'tcx>( (pre_sig, term) } +pub(crate) fn concret_intty(ity: rustc_middle::ty::IntTy, pointer_width: u32) -> rustc_middle::ty::IntTy { + use rustc_middle::ty::IntTy::*; + + fn int_ty (ity: rustc_middle::ty::IntTy, pointer_width: u32) -> rustc_middle::ty::IntTy { + match ity { + Isize => { + match pointer_width { + 8 => int_ty(I8, pointer_width), + 16 =>int_ty(I16, pointer_width), + 32 =>int_ty(I32, pointer_width), + 64 =>int_ty(I64, pointer_width), + 128 =>int_ty(I128, pointer_width), + w => panic!("concret_intty unknwon pointer width for isize: {w}"), + } + } + i => i + } + } + + int_ty(ity, pointer_width) +} + +pub(crate) fn concret_uintty(uty: rustc_middle::ty::UintTy, pointer_width: u32) -> rustc_middle::ty::UintTy { + use rustc_middle::ty::UintTy::*; + + fn uint_ty (uty: rustc_middle::ty::UintTy, pointer_width: u32) -> rustc_middle::ty::UintTy { + match uty { + Usize => { + match pointer_width { + 8 => uint_ty(U8, pointer_width), + 16 =>uint_ty(U16, pointer_width), + 32 =>uint_ty(U32, pointer_width), + 64 =>uint_ty(U64, pointer_width), + 128 =>uint_ty(U128, pointer_width), + w => panic!("concret_uintty unknwon pointer width for usize: {w}"), + } + } + i => i + } + } + + uint_ty(uty, pointer_width) +} + pub(crate) fn intty_to_ty<'tcx, N: Namer<'tcx>>( names: &mut N, ity: &rustc_middle::ty::IntTy, ) -> MlT { use rustc_middle::ty::IntTy::*; names.import_prelude_module(PreludeModule::Int); - match ity { - Isize => { - names.import_prelude_module(PreludeModule::Isize); - isize_ty() - } - I8 => { - names.import_prelude_module(PreludeModule::Int8); - i8_ty() - } - I16 => { - names.import_prelude_module(PreludeModule::Int16); - i16_ty() - } - I32 => { - names.import_prelude_module(PreludeModule::Int32); - i32_ty() - } - I64 => { - names.import_prelude_module(PreludeModule::Int64); - i64_ty() - } - I128 => { - names.import_prelude_module(PreludeModule::Int128); - i128_ty() + + fn add_int_ty<'tcx, N: Namer<'tcx>> (names: &mut N, ity: &rustc_middle::ty::IntTy) -> MlT { + match ity { + Isize => { + match names.tcx().target_spec().pointer_width { + 8 => add_int_ty(names, &I8), + 16 =>add_int_ty(names, &I16), + 32 =>add_int_ty(names, &I32), + 64 =>add_int_ty(names, &I64), + 128 =>add_int_ty(names, &I128), + t => panic!("uintty_to_ty unknwon pointer width for usize: {t}"), + } + } + I8 => { + names.import_prelude_module(PreludeModule::Int8); + i8_ty() + } + I16 => { + names.import_prelude_module(PreludeModule::Int16); + i16_ty() + } + I32 => { + names.import_prelude_module(PreludeModule::Int32); + i32_ty() + } + I64 => { + names.import_prelude_module(PreludeModule::Int64); + i64_ty() + } + I128 => { + names.import_prelude_module(PreludeModule::Int128); + i128_ty() + } } } + + add_int_ty(names, ity) } pub(crate) fn uintty_to_ty<'tcx, N: Namer<'tcx>>( @@ -871,32 +926,42 @@ pub(crate) fn uintty_to_ty<'tcx, N: Namer<'tcx>>( use rustc_middle::ty::UintTy::*; names.import_prelude_module(PreludeModule::Int); - match ity { - Usize => { - names.import_prelude_module(PreludeModule::Usize); - usize_ty() - } - U8 => { - names.import_prelude_module(PreludeModule::UInt8); - u8_ty() - } - U16 => { - names.import_prelude_module(PreludeModule::UInt16); - u16_ty() - } - U32 => { - names.import_prelude_module(PreludeModule::UInt32); - u32_ty() - } - U64 => { - names.import_prelude_module(PreludeModule::UInt64); - u64_ty() - } - U128 => { - names.import_prelude_module(PreludeModule::UInt128); - u128_ty() + fn add_uint_ty<'tcx, N: Namer<'tcx>> (names: &mut N, ity: &rustc_middle::ty::UintTy) -> MlT { + match ity { + Usize => { + match names.tcx().target_spec().pointer_width { + 8 => add_uint_ty(names, &U8), + 16 =>add_uint_ty(names, &U16), + 32 =>add_uint_ty(names, &U32), + 64 =>add_uint_ty(names, &U64), + 128 =>add_uint_ty(names, &U128), + t => panic!("uintty_to_ty unknwon pointer width for usize: {t}"), + } + } + U8 => { + names.import_prelude_module(PreludeModule::UInt8); + u8_ty() + } + U16 => { + names.import_prelude_module(PreludeModule::UInt16); + u16_ty() + } + U32 => { + names.import_prelude_module(PreludeModule::UInt32); + u32_ty() + } + U64 => { + names.import_prelude_module(PreludeModule::UInt64); + u64_ty() + } + U128 => { + names.import_prelude_module(PreludeModule::UInt128); + u128_ty() + } } } + + add_uint_ty(names, ity) } pub(crate) fn floatty_to_ty<'tcx, N: Namer<'tcx>>( @@ -942,49 +1007,41 @@ pub(crate) fn single_ty() -> MlT { } pub(crate) fn u8_ty() -> MlT { - MlT::TConstructor(QName::from_string("UInt8.t").unwrap()) + MlT::TConstructor(QName::from_string("UInt8.t")) } pub(crate) fn u16_ty() -> MlT { - MlT::TConstructor(QName::from_string("UInt16.t").unwrap()) + MlT::TConstructor(QName::from_string("UInt16.t")) } pub(crate) fn u32_ty() -> MlT { - MlT::TConstructor(QName::from_string("UInt32.t").unwrap()) + MlT::TConstructor(QName::from_string("UInt32.t")) } pub(crate) fn u64_ty() -> MlT { - MlT::TConstructor(QName::from_string("UInt64.t").unwrap()) + MlT::TConstructor(QName::from_string("UInt64.t")) } pub(crate) fn u128_ty() -> MlT { - MlT::TConstructor(QName::from_string("UInt128.t").unwrap()) -} - -pub(crate) fn usize_ty() -> MlT { - MlT::TConstructor(QName::from_string("USize.t").unwrap()) + MlT::TConstructor(QName::from_string("UInt128.t")) } pub(crate) fn i8_ty() -> MlT { - MlT::TConstructor(QName::from_string("Int8.t").unwrap()) + MlT::TConstructor(QName::from_string("Int8.t")) } pub(crate) fn i16_ty() -> MlT { - MlT::TConstructor(QName::from_string("Int16.t").unwrap()) + MlT::TConstructor(QName::from_string("Int16.t")) } pub(crate) fn i32_ty() -> MlT { - MlT::TConstructor(QName::from_string("Int32.t").unwrap()) + MlT::TConstructor(QName::from_string("Int32.t")) } pub(crate) fn i64_ty() -> MlT { - MlT::TConstructor(QName::from_string("Int64.t").unwrap()) + MlT::TConstructor(QName::from_string("Int64.t")) } pub(crate) fn i128_ty() -> MlT { - MlT::TConstructor(QName::from_string("Int128.t").unwrap()) -} - -pub(crate) fn isize_ty() -> MlT { - MlT::TConstructor(QName::from_string("ISize.t").unwrap()) + MlT::TConstructor(QName::from_string("Int128.t")) } diff --git a/creusot/tests/should_fail/bug/01_resolve_unsoundness.coma b/creusot/tests/should_fail/bug/01_resolve_unsoundness.coma index 63905e99a4..216caf5c4c 100644 --- a/creusot/tests/should_fail/bug/01_resolve_unsoundness.coma +++ b/creusot/tests/should_fail/bug/01_resolve_unsoundness.coma @@ -29,15 +29,15 @@ module T_core__ptr__unique__Unique end module T_alloc__raw_vec__Cap - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 use prelude.prelude.Int type t_Cap = - | C_Cap usize + | C_Cap UInt64.t - let rec t_Cap (input:t_Cap) (ret (field_0:usize))= any - [ good (field_0:usize)-> {C_Cap field_0 = input} (! ret {field_0}) ] + let rec t_Cap (input:t_Cap) (ret (field_0:UInt64.t))= any + [ good (field_0:UInt64.t)-> {C_Cap field_0 = input} (! ret {field_0}) ] end module T_alloc__raw_vec__RawVec @@ -54,17 +54,17 @@ module T_alloc__raw_vec__RawVec end module T_alloc__vec__Vec - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 use prelude.prelude.Int use T_alloc__raw_vec__RawVec as RawVec'0 type t_Vec 't 'a = - | C_Vec (RawVec'0.t_RawVec 't 'a) usize + | C_Vec (RawVec'0.t_RawVec 't 'a) UInt64.t - let rec t_Vec < 't > < 'a > (input:t_Vec 't 'a) (ret (buf:RawVec'0.t_RawVec 't 'a) (len:usize))= any - [ good (buf:RawVec'0.t_RawVec 't 'a) (len:usize)-> {C_Vec buf len = input} (! ret {buf} {len}) ] + let rec t_Vec < 't > < 'a > (input:t_Vec 't 'a) (ret (buf:RawVec'0.t_RawVec 't 'a) (len:UInt64.t))= any + [ good (buf:RawVec'0.t_RawVec 't 'a) (len:UInt64.t)-> {C_Vec buf len = input} (! ret {buf} {len}) ] end module T_alloc__alloc__Global @@ -103,22 +103,22 @@ module M_01_resolve_unsoundness__make_vec_of_size [#"01_resolve_unsoundness.rs" axiom inv_axiom'0 [@rewrite] : forall x : Vec'0.t_Vec bool (Global'0.t_Global) [inv'0 x] . inv'0 x = true - use prelude.prelude.UIntSize + use prelude.prelude.UInt64.to_uint use seq.Seq use seq.Seq - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 use prelude.prelude.Int - constant v_MAX'0 : usize = (18446744073709551615 : usize) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) function view'0 (self : Vec'0.t_Vec bool (Global'0.t_Global)) : Seq.seq bool axiom view'0_spec : forall self : Vec'0.t_Vec bool (Global'0.t_Global) . [%#svec8] Seq.length (view'0 self) - <= UIntSize.to_int (v_MAX'0 : usize) + <= UInt64.to_int (v_MAX'0 : UInt64.t) use prelude.prelude.Intrinsic @@ -131,26 +131,30 @@ module M_01_resolve_unsoundness__make_vec_of_size [#"01_resolve_unsoundness.rs" {[@expl:precondition] inv'1 self} any [ return' (result:())-> {[%#svec7] view'0 self.final = Seq.snoc (view'1 self) value} (! return' {result}) ] + use prelude.prelude.Int128.to_int + + use prelude.prelude.Int128 + let rec new'0 (_1:()) (return' (ret:Vec'0.t_Vec bool (Global'0.t_Global)))= any [ return' (result:Vec'0.t_Vec bool (Global'0.t_Global))-> {inv'0 result} - {[%#svec6] Seq.length (view'0 result) = 0} + {[%#svec6] Seq.length (view'0 result) = Int128.to_int (0 : Int128.t)} (! return' {result}) ] meta "compute_max_steps" 1000000 - let rec make_vec_of_size (n:usize) (return' (ret:Vec'0.t_Vec bool (Global'0.t_Global)))= (! bb0 + let rec make_vec_of_size (n:UInt64.t) (return' (ret:Vec'0.t_Vec bool (Global'0.t_Global)))= (! bb0 [ bb0 = s0 [ s0 = new'0 {[%#s01_resolve_unsoundness0] ()} (fun (_ret':Vec'0.t_Vec bool (Global'0.t_Global)) -> [ &out <- _ret' ] s1) | s1 = bb1 ] - | bb1 = s0 [ s0 = [ &i <- [%#s01_resolve_unsoundness1] (0 : usize) ] s1 | s1 = bb2 ] + | bb1 = s0 [ s0 = [ &i <- [%#s01_resolve_unsoundness1] (0 : UInt64.t) ] s1 | s1 = bb2 ] | bb2 = bb2 - [ bb2 = {[@expl:loop invariant] [%#s01_resolve_unsoundness2] (0 : usize) <= i /\ i <= n} + [ bb2 = {[@expl:loop invariant] [%#s01_resolve_unsoundness2] (0 : UInt64.t) <= i /\ i <= n} (! s0) [ s0 = bb3 ] [ bb3 = s0 - [ s0 = UIntSize.le {i} {n} (fun (_ret':bool) -> [ &_9 <- _ret' ] s1) + [ s0 = UInt64.le {i} {n} (fun (_ret':bool) -> [ &_9 <- _ret' ] s1) | s1 = any [ br0 -> {_9 = false} (! bb6) | br1 -> {_9} (! bb4) ] ] | bb4 = s0 @@ -163,7 +167,8 @@ module M_01_resolve_unsoundness__make_vec_of_size [#"01_resolve_unsoundness.rs" | s2 = bb5 ] | bb5 = s0 - [ s0 = UIntSize.add {i} {[%#s01_resolve_unsoundness4] (1 : usize)} (fun (_ret':usize) -> [ &i <- _ret' ] s1) + [ s0 = UInt64.add {i} {[%#s01_resolve_unsoundness4] (1 : UInt64.t)} + (fun (_ret':UInt64.t) -> [ &i <- _ret' ] s1) | s1 = bb2 ] ] ] @@ -172,15 +177,15 @@ module M_01_resolve_unsoundness__make_vec_of_size [#"01_resolve_unsoundness.rs" | bb7 = return' {_0} ] ) [ & _0 : Vec'0.t_Vec bool (Global'0.t_Global) = any_l () - | & n : usize = n + | & n : UInt64.t = n | & out : Vec'0.t_Vec bool (Global'0.t_Global) = any_l () - | & i : usize = any_l () + | & i : UInt64.t = any_l () | & _9 : bool = any_l () | & _12 : () = any_l () | & _13 : borrowed (Vec'0.t_Vec bool (Global'0.t_Global)) = any_l () ] [ return' (result:Vec'0.t_Vec bool (Global'0.t_Global))-> {[@expl:postcondition] [%#s01_resolve_unsoundness5] Seq.length (view'0 result) - = UIntSize.to_int n} + = UInt64.to_int n} (! return' {result}) ] end diff --git a/creusot/tests/should_fail/bug/222.coma b/creusot/tests/should_fail/bug/222.coma index 40f8130ffa..efd708ad40 100644 --- a/creusot/tests/should_fail/bug/222.coma +++ b/creusot/tests/should_fail/bug/222.coma @@ -3,6 +3,10 @@ module M_222__A__is_true [#"222.rs" 14 4 14 16] let%span s2220 = "222.rs" 13 14 13 34 + use prelude.prelude.Int128.to_int + + use prelude.prelude.Int128 + use prelude.prelude.Int function mktrue'0 [#"222.rs" 7 4 7 22] (_1 : ()) : int @@ -11,7 +15,7 @@ module M_222__A__is_true [#"222.rs" 14 4 14 16] function is_true [#"222.rs" 14 4 14 16] (_1 : ()) : () - goal vc_is_true : [%#s2220] mktrue'0 () <= 10 + goal vc_is_true : [%#s2220] mktrue'0 () <= Int128.to_int (10 : Int128.t) end module T_core__option__Option type t_Option 't = diff --git a/creusot/tests/should_fail/bug/492.coma b/creusot/tests/should_fail/bug/492.coma index ef6d0a23d2..908ea49c90 100644 --- a/creusot/tests/should_fail/bug/492.coma +++ b/creusot/tests/should_fail/bug/492.coma @@ -16,9 +16,9 @@ module M_492__reborrow_tuple [#"492.rs" 5 0 5 52] use prelude.prelude.Int - predicate inv'2 (_1 : (borrowed t, uint32)) + predicate inv'2 (_1 : (borrowed t, UInt32.t)) - axiom inv_axiom'1 [@rewrite] : forall x : (borrowed t, uint32) [inv'2 x] . inv'2 x = (let (a, b) = x in inv'1 a) + axiom inv_axiom'1 [@rewrite] : forall x : (borrowed t, UInt32.t) [inv'2 x] . inv'2 x = (let (a, b) = x in inv'1 a) predicate inv'0 (_1 : t) @@ -37,7 +37,7 @@ module M_492__reborrow_tuple [#"492.rs" 5 0 5 52] meta "compute_max_steps" 1000000 - let rec reborrow_tuple (x:borrowed t) (return' (ret:(borrowed t, uint32)))= {[%#s4921] inv'1 x} + let rec reborrow_tuple (x:borrowed t) (return' (ret:(borrowed t, UInt32.t)))= {[%#s4921] inv'1 x} (! bb0 [ bb0 = s0 [ s0 = {inv'0 x.current} @@ -47,13 +47,13 @@ module M_492__reborrow_tuple [#"492.rs" 5 0 5 52] -{inv'0 _ret'.final}- [ &x <- { x with current = _ret'.final ; } ] s1) - | s1 = [ &_0 <- (_3, ([%#s4920] (32 : uint32))) ] s2 + | s1 = [ &_0 <- (_3, ([%#s4920] (32 : UInt32.t))) ] s2 | s2 = {[@expl:type invariant] inv'1 x} s3 | s3 = -{resolve'0 x}- s4 | s4 = return' {_0} ] ] - ) [ & _0 : (borrowed t, uint32) = any_l () | & x : borrowed t = x | & _3 : borrowed t = any_l () ] - [ return' (result:(borrowed t, uint32))-> {[@expl:postcondition] [%#s4923] inv'2 result} + ) [ & _0 : (borrowed t, UInt32.t) = any_l () | & x : borrowed t = x | & _3 : borrowed t = any_l () ] + [ return' (result:(borrowed t, UInt32.t))-> {[@expl:postcondition] [%#s4923] inv'2 result} {[@expl:postcondition] [%#s4922] (let (a, _) = result in a).current = x.current} (! return' {result}) ] @@ -76,25 +76,25 @@ module M_492__test [#"492.rs" 10 0 10 13] use prelude.prelude.Borrow - predicate inv'1 (_1 : (borrowed int32, uint32)) + predicate inv'1 (_1 : (borrowed Int32.t, UInt32.t)) - axiom inv_axiom'1 [@rewrite] : forall x : (borrowed int32, uint32) [inv'1 x] . inv'1 x = true + axiom inv_axiom'1 [@rewrite] : forall x : (borrowed Int32.t, UInt32.t) [inv'1 x] . inv'1 x = true - predicate inv'0 (_1 : borrowed int32) + predicate inv'0 (_1 : borrowed Int32.t) - axiom inv_axiom'0 [@rewrite] : forall x : borrowed int32 [inv'0 x] . inv'0 x = true + axiom inv_axiom'0 [@rewrite] : forall x : borrowed Int32.t [inv'0 x] . inv'0 x = true use prelude.prelude.Intrinsic - predicate resolve'1 (self : borrowed int32) = + predicate resolve'1 (self : borrowed Int32.t) = [%#sresolve7] self.final = self.current - predicate resolve'0 (_1 : borrowed int32) = + predicate resolve'0 (_1 : borrowed Int32.t) = resolve'1 _1 - let rec reborrow_tuple'0 (x:borrowed int32) (return' (ret:(borrowed int32, uint32)))= {[@expl:precondition] [%#s4924] inv'0 x} + let rec reborrow_tuple'0 (x:borrowed Int32.t) (return' (ret:(borrowed Int32.t, UInt32.t)))= {[@expl:precondition] [%#s4924] inv'0 x} any - [ return' (result:(borrowed int32, uint32))-> {[%#s4926] inv'1 result} + [ return' (result:(borrowed Int32.t, UInt32.t))-> {[%#s4926] inv'1 result} {[%#s4925] (let (a, _) = result in a).current = x.current} (! return' {result}) ] @@ -103,27 +103,28 @@ module M_492__test [#"492.rs" 10 0 10 13] let rec test (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 - [ s0 = [ &x <- [%#s4920] (5 : int32) ] s1 - | s1 = Borrow.borrow_mut {x} (fun (_ret':borrowed int32) -> [ &_6 <- _ret' ] [ &x <- _ret'.final ] s2) - | s2 = Borrow.borrow_final {_6.current} {Borrow.get_id _6} - (fun (_ret':borrowed int32) -> [ &_5 <- _ret' ] [ &_6 <- { _6 with current = _ret'.final ; } ] s3) - | s3 = reborrow_tuple'0 {_5} (fun (_ret':(borrowed int32, uint32)) -> [ &_4 <- _ret' ] s4) + [ s0 = [ &x <- [%#s4920] (5 : Int32.t) ] s1 + | s1 = Borrow.borrow_mut {x} + (fun (_ret':borrowed Int32.t) -> [ &_6 <- _ret' ] [ &x <- _ret'.final ] s2) + | s2 = Borrow.borrow_final {_6.current} {Borrow.get_id _6} + (fun (_ret':borrowed Int32.t) -> [ &_5 <- _ret' ] [ &_6 <- { _6 with current = _ret'.final ; } ] s3) + | s3 = reborrow_tuple'0 {_5} (fun (_ret':(borrowed Int32.t, UInt32.t)) -> [ &_4 <- _ret' ] s4) | s4 = bb1 ] | bb1 = s0 [ s0 = [ &res <- let (r'0, _) = _4 in r'0 ] s1 | s1 = -{resolve'0 _6}- s2 - | s2 = {[@expl:assertion] [%#s4921] res.final = (5 : int32)} s3 - | s3 = [ &res <- { res with current = ([%#s4922] (10 : int32)) ; } ] s4 + | s2 = {[@expl:assertion] [%#s4921] res.final = (5 : Int32.t)} s3 + | s3 = [ &res <- { res with current = ([%#s4922] (10 : Int32.t)) ; } ] s4 | s4 = -{resolve'0 res}- s5 | s5 = return' {_0} ] ] ) [ & _0 : () = any_l () - | & x : int32 = any_l () - | & res : borrowed int32 = any_l () - | & _4 : (borrowed int32, uint32) = any_l () - | & _5 : borrowed int32 = any_l () - | & _6 : borrowed int32 = any_l () ] + | & x : Int32.t = any_l () + | & res : borrowed Int32.t = any_l () + | & _4 : (borrowed Int32.t, UInt32.t) = any_l () + | & _5 : borrowed Int32.t = any_l () + | & _6 : borrowed Int32.t = any_l () ] [ return' (result:())-> {[@expl:postcondition] [%#s4923] false} (! return' {result}) ] end diff --git a/creusot/tests/should_fail/bug/692.coma b/creusot/tests/should_fail/bug/692.coma index 65db622030..4ded6e723d 100644 --- a/creusot/tests/should_fail/bug/692.coma +++ b/creusot/tests/should_fail/bug/692.coma @@ -104,10 +104,10 @@ module T_692__valid_normal__qyClosure1 [#"692.rs" 13 15 13 47] use prelude.prelude.Borrow type m_692__valid_normal__qyClosure1 = - | M_692__valid_normal__qyClosure1 uint32 + | M_692__valid_normal__qyClosure1 UInt32.t - let rec m_692__valid_normal__qyClosure1 (input:m_692__valid_normal__qyClosure1) (ret (n:uint32))= any - [ good (n:uint32)-> {M_692__valid_normal__qyClosure1 n = input} (! ret {n}) ] + let rec m_692__valid_normal__qyClosure1 (input:m_692__valid_normal__qyClosure1) (ret (n:UInt32.t))= any + [ good (n:UInt32.t)-> {M_692__valid_normal__qyClosure1 n = input} (! ret {n}) ] end module M_692__valid_normal__qyClosure1 [#"692.rs" 13 15 13 47] @@ -122,7 +122,7 @@ module M_692__valid_normal__qyClosure1 [#"692.rs" 13 15 13 47] use T_692__valid_normal__qyClosure1 as Closure'0 - function field_0'0 [#"692.rs" 13 15 13 47] (self : Closure'0.m_692__valid_normal__qyClosure1) : uint32 = + function field_0'0 [#"692.rs" 13 15 13 47] (self : Closure'0.m_692__valid_normal__qyClosure1) : UInt32.t = let Closure'0.M_692__valid_normal__qyClosure1 a = self in a use prelude.prelude.Intrinsic @@ -132,12 +132,12 @@ module M_692__valid_normal__qyClosure1 [#"692.rs" 13 15 13 47] let rec m_692__valid_normal__qyClosure1 (_1:Closure'0.m_692__valid_normal__qyClosure1) (return' (ret:bool))= (! bb0 [ bb0 = s0 [ s0 = Closure'0.m_692__valid_normal__qyClosure1 {_1} - (fun (r'0:uint32) -> UInt32.gt {r'0} {[%#s6920] (7 : uint32)} (fun (_ret':bool) -> [ &res <- _ret' ] s1)) + (fun (r'0:UInt32.t) -> UInt32.gt {r'0} {[%#s6920] (7 : UInt32.t)} (fun (_ret':bool) -> [ &res <- _ret' ] s1)) | s1 = [ &_0 <- res ] s2 | s2 = return' {_0} ] ] ) [ & _0 : bool = any_l () | & _1 : Closure'0.m_692__valid_normal__qyClosure1 = _1 | & res : bool = any_l () ] - [ return' (result:bool)-> {[@expl:postcondition] [%#s6921] result = (field_0'0 _1 > (7 : uint32))} + [ return' (result:bool)-> {[@expl:postcondition] [%#s6921] result = (field_0'0 _1 > (7 : UInt32.t))} (! return' {result}) ] end @@ -149,10 +149,10 @@ module T_692__valid_normal__qyClosure2 [#"692.rs" 15 17 15 64] use prelude.prelude.Borrow type m_692__valid_normal__qyClosure2 = - | M_692__valid_normal__qyClosure2 (borrowed uint32) + | M_692__valid_normal__qyClosure2 (borrowed UInt32.t) - let rec m_692__valid_normal__qyClosure2 (input:m_692__valid_normal__qyClosure2) (ret (r:borrowed uint32))= any - [ good (r:borrowed uint32)-> {M_692__valid_normal__qyClosure2 r = input} (! ret {r}) ] + let rec m_692__valid_normal__qyClosure2 (input:m_692__valid_normal__qyClosure2) (ret (r:borrowed UInt32.t))= any + [ good (r:borrowed UInt32.t)-> {M_692__valid_normal__qyClosure2 r = input} (! ret {r}) ] end module M_692__valid_normal__qyClosure2 [#"692.rs" 15 17 15 64] @@ -169,7 +169,7 @@ module M_692__valid_normal__qyClosure2 [#"692.rs" 15 17 15 64] use T_692__valid_normal__qyClosure2 as Closure'0 - function field_0'0 [#"692.rs" 15 17 15 64] (self : Closure'0.m_692__valid_normal__qyClosure2) : borrowed uint32 = + function field_0'0 [#"692.rs" 15 17 15 64] (self : Closure'0.m_692__valid_normal__qyClosure2) : borrowed UInt32.t = let Closure'0.M_692__valid_normal__qyClosure2 a = self in a predicate unnest'0 [#"692.rs" 15 17 15 64] (self : Closure'0.m_692__valid_normal__qyClosure2) (_2 : Closure'0.m_692__valid_normal__qyClosure2) @@ -189,11 +189,11 @@ module M_692__valid_normal__qyClosure2 [#"692.rs" 15 17 15 64] let rec m_692__valid_normal__qyClosure2 (_1:borrowed Closure'0.m_692__valid_normal__qyClosure2) (b:bool) (return' (ret:()))= (! bb0 [ bb0 = any [ br0 -> {b = false} (! bb2) | br1 -> {b} (! bb1) ] - | bb1 = s0 [ s0 = [ &_4 <- [%#s6920] (2 : uint32) ] s1 | s1 = bb3 ] - | bb2 = s0 [ s0 = [ &_4 <- [%#s6921] (1 : uint32) ] s1 | s1 = bb3 ] + | bb1 = s0 [ s0 = [ &_4 <- [%#s6920] (2 : UInt32.t) ] s1 | s1 = bb3 ] + | bb2 = s0 [ s0 = [ &_4 <- [%#s6921] (1 : UInt32.t) ] s1 | s1 = bb3 ] | bb3 = s0 [ s0 = Closure'0.m_692__valid_normal__qyClosure2 {_1.current} - (fun (r'0:borrowed uint32) -> + (fun (r'0:borrowed UInt32.t) -> [ &_1 <- { _1 with current = Closure'0.M_692__valid_normal__qyClosure2 ({ r'0 with current = _4 ; }) ; } ] s1) | s1 = -{resolve'0 _1}- s2 @@ -203,11 +203,11 @@ module M_692__valid_normal__qyClosure2 [#"692.rs" 15 17 15 64] [ & _0 : () = any_l () | & _1 : borrowed Closure'0.m_692__valid_normal__qyClosure2 = _1 | & b : bool = b - | & _4 : uint32 = any_l () ] + | & _4 : UInt32.t = any_l () ] [ return' (result:())-> {[@expl:postcondition] unnest'0 _1.current _1.final} - {[@expl:postcondition] [%#s6922] b /\ (field_0'0 _1.final).current = (2 : uint32) - \/ not b /\ (field_0'0 _1.final).current = (1 : uint32)} + {[@expl:postcondition] [%#s6922] b /\ (field_0'0 _1.final).current = (2 : UInt32.t) + \/ not b /\ (field_0'0 _1.final).current = (1 : UInt32.t)} (! return' {result}) ] end @@ -240,13 +240,13 @@ module M_692__valid_normal [#"692.rs" 11 0 11 34] use prelude.prelude.Borrow - function field_0'0 [#"692.rs" 13 15 13 47] (self : Closure'0.m_692__valid_normal__qyClosure1) : uint32 = + function field_0'0 [#"692.rs" 13 15 13 47] (self : Closure'0.m_692__valid_normal__qyClosure1) : UInt32.t = let Closure'0.M_692__valid_normal__qyClosure1 a = self in a predicate postcondition'0 [#"692.rs" 13 15 13 47] (self : Closure'0.m_692__valid_normal__qyClosure1) (_ : ()) (result : bool) = - [%#s6926] result = (field_0'0 self > (7 : uint32)) + [%#s6926] result = (field_0'0 self > (7 : UInt32.t)) predicate precondition'1 [#"692.rs" 15 17 15 64] (self : Closure'1.m_692__valid_normal__qyClosure2) (args : bool) = let (b) = args in true @@ -263,23 +263,24 @@ module M_692__valid_normal [#"692.rs" 11 0 11 34] meta "compute_max_steps" 1000000 - let rec valid_normal (n:uint32) (return' (ret:uint32))= (! bb0 + let rec valid_normal (n:UInt32.t) (return' (ret:UInt32.t))= (! bb0 [ bb0 = s0 - [ s0 = [ &r <- [%#s6920] (0 : uint32) ] s1 + [ s0 = [ &r <- [%#s6920] (0 : UInt32.t) ] s1 | s1 = [ &cond <- Closure'0.M_692__valid_normal__qyClosure1 n ] s2 - | s2 = Borrow.borrow_mut {r} (fun (_ret':borrowed uint32) -> [ &_7 <- _ret' ] [ &r <- _ret'.final ] s3) + | s2 = Borrow.borrow_mut {r} + (fun (_ret':borrowed UInt32.t) -> [ &_7 <- _ret' ] [ &r <- _ret'.final ] s3) | s3 = [ &branch <- Closure'1.M_692__valid_normal__qyClosure2 _7 ] s4 | s4 = incorrect'0 {cond} {branch} (fun (_ret':()) -> [ &_8 <- _ret' ] s5) | s5 = bb1 ] | bb1 = s0 [ s0 = [ &_0 <- r ] s1 | s1 = return' {_0} ] ] ) - [ & _0 : uint32 = any_l () - | & n : uint32 = n - | & r : uint32 = any_l () + [ & _0 : UInt32.t = any_l () + | & n : UInt32.t = n + | & r : UInt32.t = any_l () | & cond : Closure'0.m_692__valid_normal__qyClosure1 = any_l () | & branch : Closure'1.m_692__valid_normal__qyClosure2 = any_l () - | & _7 : borrowed uint32 = any_l () + | & _7 : borrowed UInt32.t = any_l () | & _8 : () = any_l () ] - [ return' (result:uint32)-> {[@expl:postcondition] [%#s6921] false} (! return' {result}) ] + [ return' (result:UInt32.t)-> {[@expl:postcondition] [%#s6921] false} (! return' {result}) ] end diff --git a/creusot/tests/should_fail/bug/695.coma b/creusot/tests/should_fail/bug/695.coma index 884056b06b..1a8f34dc6d 100644 --- a/creusot/tests/should_fail/bug/695.coma +++ b/creusot/tests/should_fail/bug/695.coma @@ -159,10 +159,10 @@ module T_695__valid__qyClosure1 [#"695.rs" 17 15 17 47] use prelude.prelude.Borrow type m_695__valid__qyClosure1 = - | M_695__valid__qyClosure1 uint32 + | M_695__valid__qyClosure1 UInt32.t - let rec m_695__valid__qyClosure1 (input:m_695__valid__qyClosure1) (ret (n:uint32))= any - [ good (n:uint32)-> {M_695__valid__qyClosure1 n = input} (! ret {n}) ] + let rec m_695__valid__qyClosure1 (input:m_695__valid__qyClosure1) (ret (n:UInt32.t))= any + [ good (n:UInt32.t)-> {M_695__valid__qyClosure1 n = input} (! ret {n}) ] end module M_695__valid__qyClosure1 [#"695.rs" 17 15 17 47] @@ -177,7 +177,7 @@ module M_695__valid__qyClosure1 [#"695.rs" 17 15 17 47] use T_695__valid__qyClosure1 as Closure'0 - function field_0'0 [#"695.rs" 17 15 17 47] (self : Closure'0.m_695__valid__qyClosure1) : uint32 = + function field_0'0 [#"695.rs" 17 15 17 47] (self : Closure'0.m_695__valid__qyClosure1) : UInt32.t = let Closure'0.M_695__valid__qyClosure1 a = self in a use prelude.prelude.Intrinsic @@ -187,12 +187,12 @@ module M_695__valid__qyClosure1 [#"695.rs" 17 15 17 47] let rec m_695__valid__qyClosure1 (_1:Closure'0.m_695__valid__qyClosure1) (return' (ret:bool))= (! bb0 [ bb0 = s0 [ s0 = Closure'0.m_695__valid__qyClosure1 {_1} - (fun (r'0:uint32) -> UInt32.gt {r'0} {[%#s6950] (7 : uint32)} (fun (_ret':bool) -> [ &res <- _ret' ] s1)) + (fun (r'0:UInt32.t) -> UInt32.gt {r'0} {[%#s6950] (7 : UInt32.t)} (fun (_ret':bool) -> [ &res <- _ret' ] s1)) | s1 = [ &_0 <- res ] s2 | s2 = return' {_0} ] ] ) [ & _0 : bool = any_l () | & _1 : Closure'0.m_695__valid__qyClosure1 = _1 | & res : bool = any_l () ] - [ return' (result:bool)-> {[@expl:postcondition] [%#s6951] result = (field_0'0 _1 > (7 : uint32))} + [ return' (result:bool)-> {[@expl:postcondition] [%#s6951] result = (field_0'0 _1 > (7 : UInt32.t))} (! return' {result}) ] end @@ -204,10 +204,10 @@ module T_695__valid__qyClosure2 [#"695.rs" 19 17 19 64] use prelude.prelude.Borrow type m_695__valid__qyClosure2 = - | M_695__valid__qyClosure2 (borrowed uint32) + | M_695__valid__qyClosure2 (borrowed UInt32.t) - let rec m_695__valid__qyClosure2 (input:m_695__valid__qyClosure2) (ret (r:borrowed uint32))= any - [ good (r:borrowed uint32)-> {M_695__valid__qyClosure2 r = input} (! ret {r}) ] + let rec m_695__valid__qyClosure2 (input:m_695__valid__qyClosure2) (ret (r:borrowed UInt32.t))= any + [ good (r:borrowed UInt32.t)-> {M_695__valid__qyClosure2 r = input} (! ret {r}) ] end module M_695__valid__qyClosure2 [#"695.rs" 19 17 19 64] @@ -224,7 +224,7 @@ module M_695__valid__qyClosure2 [#"695.rs" 19 17 19 64] use T_695__valid__qyClosure2 as Closure'0 - function field_0'0 [#"695.rs" 19 17 19 64] (self : Closure'0.m_695__valid__qyClosure2) : borrowed uint32 = + function field_0'0 [#"695.rs" 19 17 19 64] (self : Closure'0.m_695__valid__qyClosure2) : borrowed UInt32.t = let Closure'0.M_695__valid__qyClosure2 a = self in a predicate unnest'0 [#"695.rs" 19 17 19 64] (self : Closure'0.m_695__valid__qyClosure2) (_2 : Closure'0.m_695__valid__qyClosure2) @@ -244,11 +244,11 @@ module M_695__valid__qyClosure2 [#"695.rs" 19 17 19 64] let rec m_695__valid__qyClosure2 (_1:borrowed Closure'0.m_695__valid__qyClosure2) (b:bool) (return' (ret:()))= (! bb0 [ bb0 = any [ br0 -> {b = false} (! bb2) | br1 -> {b} (! bb1) ] - | bb1 = s0 [ s0 = [ &_4 <- [%#s6950] (2 : uint32) ] s1 | s1 = bb3 ] - | bb2 = s0 [ s0 = [ &_4 <- [%#s6951] (1 : uint32) ] s1 | s1 = bb3 ] + | bb1 = s0 [ s0 = [ &_4 <- [%#s6950] (2 : UInt32.t) ] s1 | s1 = bb3 ] + | bb2 = s0 [ s0 = [ &_4 <- [%#s6951] (1 : UInt32.t) ] s1 | s1 = bb3 ] | bb3 = s0 [ s0 = Closure'0.m_695__valid__qyClosure2 {_1.current} - (fun (r'0:borrowed uint32) -> + (fun (r'0:borrowed UInt32.t) -> [ &_1 <- { _1 with current = Closure'0.M_695__valid__qyClosure2 ({ r'0 with current = _4 ; }) ; } ] s1) | s1 = -{resolve'0 _1}- s2 @@ -258,11 +258,11 @@ module M_695__valid__qyClosure2 [#"695.rs" 19 17 19 64] [ & _0 : () = any_l () | & _1 : borrowed Closure'0.m_695__valid__qyClosure2 = _1 | & b : bool = b - | & _4 : uint32 = any_l () ] + | & _4 : UInt32.t = any_l () ] [ return' (result:())-> {[@expl:postcondition] unnest'0 _1.current _1.final} - {[@expl:postcondition] [%#s6952] b /\ (field_0'0 _1.final).current = (2 : uint32) - \/ not b /\ (field_0'0 _1.final).current = (1 : uint32)} + {[@expl:postcondition] [%#s6952] b /\ (field_0'0 _1.final).current = (2 : UInt32.t) + \/ not b /\ (field_0'0 _1.final).current = (1 : UInt32.t)} (! return' {result}) ] end @@ -297,21 +297,21 @@ module M_695__valid [#"695.rs" 15 0 15 27] use prelude.prelude.Borrow - function field_0'1 [#"695.rs" 19 17 19 64] (self : Closure'1.m_695__valid__qyClosure2) : borrowed uint32 = + function field_0'1 [#"695.rs" 19 17 19 64] (self : Closure'1.m_695__valid__qyClosure2) : borrowed UInt32.t = let Closure'1.M_695__valid__qyClosure2 a = self in a predicate postcondition_once'0 [#"695.rs" 19 17 19 64] (self : Closure'1.m_695__valid__qyClosure2) (args : bool) (result : ()) = - [%#s6958] let (b) = args in b /\ (field_0'1 self).final = (2 : uint32) - \/ not b /\ (field_0'1 self).final = (1 : uint32) + [%#s6958] let (b) = args in b /\ (field_0'1 self).final = (2 : UInt32.t) + \/ not b /\ (field_0'1 self).final = (1 : UInt32.t) - function field_0'0 [#"695.rs" 17 15 17 47] (self : Closure'0.m_695__valid__qyClosure1) : uint32 = + function field_0'0 [#"695.rs" 17 15 17 47] (self : Closure'0.m_695__valid__qyClosure1) : UInt32.t = let Closure'0.M_695__valid__qyClosure1 a = self in a predicate postcondition'0 [#"695.rs" 17 15 17 47] (self : Closure'0.m_695__valid__qyClosure1) (_ : ()) (result : bool) = - [%#s6957] result = (field_0'0 self > (7 : uint32)) + [%#s6957] result = (field_0'0 self > (7 : UInt32.t)) predicate precondition'1 [#"695.rs" 19 17 19 64] (self : Closure'1.m_695__valid__qyClosure2) (args : bool) = let (b) = args in true @@ -330,27 +330,28 @@ module M_695__valid [#"695.rs" 15 0 15 27] meta "compute_max_steps" 1000000 - let rec valid (n:uint32) (return' (ret:uint32))= (! bb0 + let rec valid (n:UInt32.t) (return' (ret:UInt32.t))= (! bb0 [ bb0 = s0 - [ s0 = [ &r <- [%#s6950] (0 : uint32) ] s1 + [ s0 = [ &r <- [%#s6950] (0 : UInt32.t) ] s1 | s1 = [ &cond <- Closure'0.M_695__valid__qyClosure1 n ] s2 - | s2 = Borrow.borrow_mut {r} (fun (_ret':borrowed uint32) -> [ &_7 <- _ret' ] [ &r <- _ret'.final ] s3) + | s2 = Borrow.borrow_mut {r} + (fun (_ret':borrowed UInt32.t) -> [ &_7 <- _ret' ] [ &r <- _ret'.final ] s3) | s3 = [ &branch <- Closure'1.M_695__valid__qyClosure2 _7 ] s4 | s4 = inversed_if'0 {cond} {branch} (fun (_ret':()) -> [ &_8 <- _ret' ] s5) | s5 = bb1 ] | bb1 = s0 [ s0 = {[@expl:assertion] [%#s6951] false} s1 | s1 = [ &_0 <- r ] s2 | s2 = return' {_0} ] ] ) - [ & _0 : uint32 = any_l () - | & n : uint32 = n - | & r : uint32 = any_l () + [ & _0 : UInt32.t = any_l () + | & n : UInt32.t = n + | & r : UInt32.t = any_l () | & cond : Closure'0.m_695__valid__qyClosure1 = any_l () | & branch : Closure'1.m_695__valid__qyClosure2 = any_l () - | & _7 : borrowed uint32 = any_l () + | & _7 : borrowed UInt32.t = any_l () | & _8 : () = any_l () ] - [ return' (result:uint32)-> {[@expl:postcondition] [%#s6952] n > (7 : uint32) /\ result = (2 : uint32) - \/ n <= (7 : uint32) /\ result = (1 : uint32)} + [ return' (result:UInt32.t)-> {[@expl:postcondition] [%#s6952] n > (7 : UInt32.t) /\ result = (2 : UInt32.t) + \/ n <= (7 : UInt32.t) /\ result = (1 : UInt32.t)} (! return' {result}) ] end diff --git a/creusot/tests/should_fail/bug/specialize.coma b/creusot/tests/should_fail/bug/specialize.coma index a6625b981f..30c453ec0a 100644 --- a/creusot/tests/should_fail/bug/specialize.coma +++ b/creusot/tests/should_fail/bug/specialize.coma @@ -29,15 +29,15 @@ module T_core__ptr__unique__Unique end module T_alloc__raw_vec__Cap - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 use prelude.prelude.Int type t_Cap = - | C_Cap usize + | C_Cap UInt64.t - let rec t_Cap (input:t_Cap) (ret (field_0:usize))= any - [ good (field_0:usize)-> {C_Cap field_0 = input} (! ret {field_0}) ] + let rec t_Cap (input:t_Cap) (ret (field_0:UInt64.t))= any + [ good (field_0:UInt64.t)-> {C_Cap field_0 = input} (! ret {field_0}) ] end module T_alloc__raw_vec__RawVec @@ -54,17 +54,17 @@ module T_alloc__raw_vec__RawVec end module T_alloc__vec__Vec - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 use prelude.prelude.Int use T_alloc__raw_vec__RawVec as RawVec'0 type t_Vec 't 'a = - | C_Vec (RawVec'0.t_RawVec 't 'a) usize + | C_Vec (RawVec'0.t_RawVec 't 'a) UInt64.t - let rec t_Vec < 't > < 'a > (input:t_Vec 't 'a) (ret (buf:RawVec'0.t_RawVec 't 'a) (len:usize))= any - [ good (buf:RawVec'0.t_RawVec 't 'a) (len:usize)-> {C_Vec buf len = input} (! ret {buf} {len}) ] + let rec t_Vec < 't > < 'a > (input:t_Vec 't 'a) (ret (buf:RawVec'0.t_RawVec 't 'a) (len:UInt64.t))= any + [ good (buf:RawVec'0.t_RawVec 't 'a) (len:UInt64.t)-> {C_Vec buf len = input} (! ret {buf} {len}) ] end module T_alloc__alloc__Global @@ -87,17 +87,17 @@ module M_specialize__f [#"specialize.rs" 21 0 21 17] use prelude.prelude.Intrinsic - let rec x'0 (self:Vec'0.t_Vec uint32 (Global'0.t_Global)) (return' (ret:()))= any + let rec x'0 (self:Vec'0.t_Vec UInt32.t (Global'0.t_Global)) (return' (ret:()))= any [ return' (result:())-> {[%#sspecialize1] true} (! return' {result}) ] meta "compute_max_steps" 1000000 - let rec f (v:Vec'0.t_Vec uint32 (Global'0.t_Global)) (return' (ret:()))= (! bb0 + let rec f (v:Vec'0.t_Vec UInt32.t (Global'0.t_Global)) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = x'0 {v} (fun (_ret':()) -> [ &_2 <- _ret' ] s1) | s1 = bb1 ] | bb1 = s0 [ s0 = {[@expl:assertion] [%#sspecialize0] false} s1 | s1 = bb2 ] | bb2 = return' {_0} ] - ) [ & _0 : () = any_l () | & v : Vec'0.t_Vec uint32 (Global'0.t_Global) = v | & _2 : () = any_l () ] + ) [ & _0 : () = any_l () | & v : Vec'0.t_Vec UInt32.t (Global'0.t_Global) = v | & _2 : () = any_l () ] [ return' (result:())-> (! return' {result}) ] end @@ -125,12 +125,16 @@ module M_specialize__g [#"specialize.rs" 27 0 27 18] use seq.Seq + use prelude.prelude.Int128.to_int + + use prelude.prelude.Int128 + use prelude.prelude.Int use seq.Seq predicate invariant'1 (self : Seq.seq t) = - [%#sseq5] forall i : int . 0 <= i /\ i < Seq.length self -> inv'2 (Seq.get self i) + [%#sseq5] forall i : int . Int128.to_int (0 : Int128.t) <= i /\ i < Seq.length self -> inv'2 (Seq.get self i) predicate inv'1 (_1 : Seq.seq t) @@ -140,16 +144,16 @@ module M_specialize__g [#"specialize.rs" 27 0 27 18] use T_alloc__vec__Vec as Vec'0 - use prelude.prelude.UIntSize + use prelude.prelude.UInt64.to_uint - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 - constant v_MAX'0 : usize = (18446744073709551615 : usize) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) function view'0 (self : Vec'0.t_Vec t (Global'0.t_Global)) : Seq.seq t axiom view'0_spec : forall self : Vec'0.t_Vec t (Global'0.t_Global) . [%#svec4] Seq.length (view'0 self) - <= UIntSize.to_int (v_MAX'0 : usize) + <= UInt64.to_int (v_MAX'0 : UInt64.t) predicate invariant'0 (self : Vec'0.t_Vec t (Global'0.t_Global)) = [%#svec3] inv'1 (view'0 self) @@ -187,22 +191,22 @@ module M_specialize__h [#"specialize.rs" 34 0 34 17] use T_alloc__vec__Vec as Vec'0 - predicate inv'0 (_1 : Vec'0.t_Vec int32 (Global'0.t_Global)) + predicate inv'0 (_1 : Vec'0.t_Vec Int32.t (Global'0.t_Global)) - axiom inv_axiom'0 [@rewrite] : forall x : Vec'0.t_Vec int32 (Global'0.t_Global) [inv'0 x] . inv'0 x = true + axiom inv_axiom'0 [@rewrite] : forall x : Vec'0.t_Vec Int32.t (Global'0.t_Global) [inv'0 x] . inv'0 x = true use prelude.prelude.Intrinsic - let rec x'0 (self:Vec'0.t_Vec int32 (Global'0.t_Global)) (return' (ret:()))= {[@expl:precondition] [%#sspecialize1] inv'0 self} + let rec x'0 (self:Vec'0.t_Vec Int32.t (Global'0.t_Global)) (return' (ret:()))= {[@expl:precondition] [%#sspecialize1] inv'0 self} any [ return' (result:())-> {[%#sspecialize2] false} (! return' {result}) ] meta "compute_max_steps" 1000000 - let rec h (v:Vec'0.t_Vec int32 (Global'0.t_Global)) (return' (ret:()))= (! bb0 + let rec h (v:Vec'0.t_Vec Int32.t (Global'0.t_Global)) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = x'0 {v} (fun (_ret':()) -> [ &_2 <- _ret' ] s1) | s1 = bb1 ] | bb1 = s0 [ s0 = {[@expl:assertion] [%#sspecialize0] false} s1 | s1 = bb2 ] | bb2 = return' {_0} ] - ) [ & _0 : () = any_l () | & v : Vec'0.t_Vec int32 (Global'0.t_Global) = v | & _2 : () = any_l () ] + ) [ & _0 : () = any_l () | & v : Vec'0.t_Vec Int32.t (Global'0.t_Global) = v | & _2 : () = any_l () ] [ return' (result:())-> (! return' {result}) ] end @@ -228,12 +232,16 @@ module M_specialize__qyi2463200954251793265 [#"specialize.rs" 9 0 9 20] (* inv'2 (Seq.get self i) + [%#sseq3] forall i : int . Int128.to_int (0 : Int128.t) <= i /\ i < Seq.length self -> inv'2 (Seq.get self i) predicate inv'1 (_1 : Seq.seq u) @@ -243,16 +251,16 @@ module M_specialize__qyi2463200954251793265 [#"specialize.rs" 9 0 9 20] (* [ &_7 <- _ret' ] s1) + [ s0 = UInt64.ne {l} {[%#ssubregion2] (0 : UInt64.t)} (fun (_ret':bool) -> [ &_7 <- _ret' ] s1) | s1 = any [ br0 -> {_7 = false} (! bb4) | br1 -> {_7} (! bb3) ] ] | bb3 = s0 @@ -32,11 +32,11 @@ module M_subregion__list_reversal_h [#"subregion.rs" 3 0 3 37] | bb4 = s0 [ s0 = [ &_0 <- r ] s1 | s1 = return' {_0} ] ] ) - [ & _0 : usize = any_l () - | & l : usize = l - | & r : usize = any_l () + [ & _0 : UInt64.t = any_l () + | & l : UInt64.t = l + | & r : UInt64.t = any_l () | & _7 : bool = any_l () - | & x : usize = any_l () - | & tmp : usize = any_l () ] - [ return' (result:usize)-> (! return' {result}) ] + | & x : UInt64.t = any_l () + | & tmp : UInt64.t = any_l () ] + [ return' (result:UInt64.t)-> (! return' {result}) ] end diff --git a/creusot/tests/should_fail/final_borrows.coma b/creusot/tests/should_fail/final_borrows.coma index 43e1aa0aca..78a6be16a1 100644 --- a/creusot/tests/should_fail/final_borrows.coma +++ b/creusot/tests/should_fail/final_borrows.coma @@ -184,35 +184,40 @@ module M_final_borrows__call_changes_prophecy [#"final_borrows.rs" 27 0 27 43] use prelude.prelude.Borrow - predicate resolve'1 (self : borrowed int32) = + predicate resolve'1 (self : borrowed Int32.t) = [%#sresolve6] self.final = self.current - predicate resolve'0 (_1 : borrowed int32) = + predicate resolve'0 (_1 : borrowed Int32.t) = resolve'1 _1 - use prelude.prelude.Int32 + use prelude.prelude.Int128.to_int + + use prelude.prelude.Int128 + + use prelude.prelude.Int32.to_int - let rec inner'0 (_1:()) (return' (ret:int32))= any - [ return' (result:int32)-> {[%#sfinal_borrows5] Int32.to_int result = 2} (! return' {result}) ] + let rec inner'0 (_1:()) (return' (ret:Int32.t))= any + [ return' (result:Int32.t)-> {[%#sfinal_borrows5] Int32.to_int result = Int128.to_int (2 : Int128.t)} + (! return' {result}) ] use prelude.prelude.Snapshot meta "compute_max_steps" 1000000 - let rec call_changes_prophecy (bor:borrowed int32) (return' (ret:()))= (! bb0 + let rec call_changes_prophecy (bor:borrowed Int32.t) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &bor_snap <- [%#sfinal_borrows0] Snapshot.new bor ] s1 | s1 = bb1 ] | bb1 = s0 - [ s0 = Borrow.borrow_mut {bor.current} - (fun (_ret':borrowed int32) -> [ &b1 <- _ret' ] [ &bor <- { bor with current = _ret'.final ; } ] s1) + [ s0 = Borrow.borrow_mut {bor.current} + (fun (_ret':borrowed Int32.t) -> [ &b1 <- _ret' ] [ &bor <- { bor with current = _ret'.final ; } ] s1) | s1 = [ &b1_snap <- [%#sfinal_borrows1] Snapshot.new b1 ] s2 | s2 = bb2 ] - | bb2 = s0 [ s0 = inner'0 {[%#sfinal_borrows2] ()} (fun (_ret':int32) -> [ &_7 <- _ret' ] s1) | s1 = bb3 ] + | bb2 = s0 [ s0 = inner'0 {[%#sfinal_borrows2] ()} (fun (_ret':Int32.t) -> [ &_7 <- _ret' ] s1) | s1 = bb3 ] | bb3 = s0 [ s0 = [ &b1 <- { b1 with current = _7 ; } ] s1 | s1 = -{resolve'0 b1}- s2 - | s2 = inner'0 {[%#sfinal_borrows3] ()} (fun (_ret':int32) -> [ &_8 <- _ret' ] s3) + | s2 = inner'0 {[%#sfinal_borrows3] ()} (fun (_ret':Int32.t) -> [ &_8 <- _ret' ] s3) | s3 = bb4 ] | bb4 = s0 @@ -223,12 +228,12 @@ module M_final_borrows__call_changes_prophecy [#"final_borrows.rs" 27 0 27 43] ] ) [ & _0 : () = any_l () - | & bor : borrowed int32 = bor - | & bor_snap : Snapshot.snap_ty (borrowed int32) = any_l () - | & b1 : borrowed int32 = any_l () - | & b1_snap : Snapshot.snap_ty (borrowed int32) = any_l () - | & _7 : int32 = any_l () - | & _8 : int32 = any_l () ] + | & bor : borrowed Int32.t = bor + | & bor_snap : Snapshot.snap_ty (borrowed Int32.t) = any_l () + | & b1 : borrowed Int32.t = any_l () + | & b1_snap : Snapshot.snap_ty (borrowed Int32.t) = any_l () + | & _7 : Int32.t = any_l () + | & _8 : Int32.t = any_l () ] [ return' (result:())-> (! return' {result}) ] end module M_final_borrows__unnesting_fails [#"final_borrows.rs" 42 0 42 24] @@ -244,34 +249,35 @@ module M_final_borrows__unnesting_fails [#"final_borrows.rs" 42 0 42 24] use prelude.prelude.Borrow - predicate resolve'3 (self : borrowed (borrowed int32)) = + predicate resolve'3 (self : borrowed (borrowed Int32.t)) = [%#sresolve2] self.final = self.current - predicate resolve'1 (_1 : borrowed (borrowed int32)) = + predicate resolve'1 (_1 : borrowed (borrowed Int32.t)) = resolve'3 _1 - predicate resolve'2 (self : borrowed int32) = + predicate resolve'2 (self : borrowed Int32.t) = [%#sresolve2] self.final = self.current - predicate resolve'0 (_1 : borrowed int32) = + predicate resolve'0 (_1 : borrowed Int32.t) = resolve'2 _1 meta "compute_max_steps" 1000000 let rec unnesting_fails (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 - [ s0 = [ &x <- [%#sfinal_borrows0] (0 : int32) ] s1 - | s1 = Borrow.borrow_mut {x} (fun (_ret':borrowed int32) -> [ &bor <- _ret' ] [ &x <- _ret'.final ] s2) - | s2 = Borrow.borrow_mut {bor} - (fun (_ret':borrowed (borrowed int32)) -> [ &nested <- _ret' ] [ &bor <- _ret'.final ] s3) - | s3 = Borrow.borrow_mut {(nested.current).current} - (fun (_ret':borrowed int32) -> + [ s0 = [ &x <- [%#sfinal_borrows0] (0 : Int32.t) ] s1 + | s1 = Borrow.borrow_mut {x} + (fun (_ret':borrowed Int32.t) -> [ &bor <- _ret' ] [ &x <- _ret'.final ] s2) + | s2 = Borrow.borrow_mut {bor} + (fun (_ret':borrowed (borrowed Int32.t)) -> [ &nested <- _ret' ] [ &bor <- _ret'.final ] s3) + | s3 = Borrow.borrow_mut {(nested.current).current} + (fun (_ret':borrowed Int32.t) -> [ &rebor1 <- _ret' ] [ &nested <- { nested with current = { nested.current with current = _ret'.final ; } ; } ] s4) | s4 = -{resolve'0 rebor1}- s5 - | s5 = Borrow.borrow_mut {(nested.current).current} - (fun (_ret':borrowed int32) -> + | s5 = Borrow.borrow_mut {(nested.current).current} + (fun (_ret':borrowed Int32.t) -> [ &rebor2 <- _ret' ] [ &nested <- { nested with current = { nested.current with current = _ret'.final ; } ; } ] s6) @@ -283,11 +289,11 @@ module M_final_borrows__unnesting_fails [#"final_borrows.rs" 42 0 42 24] ] ) [ & _0 : () = any_l () - | & x : int32 = any_l () - | & bor : borrowed int32 = any_l () - | & nested : borrowed (borrowed int32) = any_l () - | & rebor1 : borrowed int32 = any_l () - | & rebor2 : borrowed int32 = any_l () ] + | & x : Int32.t = any_l () + | & bor : borrowed Int32.t = any_l () + | & nested : borrowed (borrowed Int32.t) = any_l () + | & rebor1 : borrowed Int32.t = any_l () + | & rebor2 : borrowed Int32.t = any_l () ] [ return' (result:())-> (! return' {result}) ] end module M_final_borrows__move_place_without_deref [#"final_borrows.rs" 53 0 53 52] diff --git a/creusot/tests/should_fail/traits/17_impl_refinement.coma b/creusot/tests/should_fail/traits/17_impl_refinement.coma index e990e6ad8e..2ac3edb6bb 100644 --- a/creusot/tests/should_fail/traits/17_impl_refinement.coma +++ b/creusot/tests/should_fail/traits/17_impl_refinement.coma @@ -5,21 +5,26 @@ module M_17_impl_refinement__qyi14398438181735515246__my_function [#"17_impl_ref use prelude.prelude.Borrow - use prelude.prelude.UIntSize + use prelude.prelude.Int128.to_int + + use prelude.prelude.Int128 + + use prelude.prelude.UInt64.to_uint use prelude.prelude.Intrinsic - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 use prelude.prelude.Int meta "compute_max_steps" 1000000 - let rec my_function (self:()) (return' (ret:usize))= {[%#s17_impl_refinement1] true} - (! bb0 [ bb0 = s0 [ s0 = [ &_0 <- [%#s17_impl_refinement0] (20 : usize) ] s1 | s1 = return' {_0} ] ] ) - [ & _0 : usize = any_l () ] + let rec my_function (self:()) (return' (ret:UInt64.t))= {[%#s17_impl_refinement1] true} + (! bb0 [ bb0 = s0 [ s0 = [ &_0 <- [%#s17_impl_refinement0] (20 : UInt64.t) ] s1 | s1 = return' {_0} ] ] ) + [ & _0 : UInt64.t = any_l () ] - [ return' (result:usize)-> {[@expl:postcondition] [%#s17_impl_refinement2] UIntSize.to_int result >= 15} + [ return' (result:UInt64.t)-> {[@expl:postcondition] [%#s17_impl_refinement2] UInt64.to_int result + >= Int128.to_int (15 : Int128.t)} (! return' {result}) ] end @@ -28,13 +33,17 @@ module M_17_impl_refinement__qyi15782060473717464421__need_false [#"17_impl_refi use prelude.prelude.UInt64 + use prelude.prelude.Int128.to_int + + use prelude.prelude.Int128 + use prelude.prelude.Int - use prelude.prelude.UInt64 + use prelude.prelude.UInt64.to_uint - constant y : uint64 + constant y : UInt64.t - function need_false [#"17_impl_refinement.rs" 29 4 29 25] (y : uint64) : () + function need_false [#"17_impl_refinement.rs" 29 4 29 25] (y : UInt64.t) : () goal vc_need_false : true end @@ -47,23 +56,33 @@ module M_17_impl_refinement__qyi14398438181735515246 [#"17_impl_refinement.rs" 1 axiom inv_axiom'0 [@rewrite] : forall x : () [inv'0 x] . inv'0 x = true - use prelude.prelude.UIntSize + use prelude.prelude.Int128.to_int - use prelude.prelude.UIntSize + use prelude.prelude.Int128 + + use prelude.prelude.UInt64.to_uint + + use prelude.prelude.UInt64 use prelude.prelude.Int goal my_function_refn : [%#s17_impl_refinement0] forall self : () . inv'0 self - -> (forall result : usize . UIntSize.to_int result >= 15 -> UIntSize.to_int result >= 10) + -> (forall result : UInt64.t . UInt64.to_int result >= Int128.to_int (15 : Int128.t) + -> UInt64.to_int result >= Int128.to_int (10 : Int128.t)) end module M_17_impl_refinement__qyi15782060473717464421 [#"17_impl_refinement.rs" 25 0 25 20] (* <() as ReqFalse> *) let%span s17_impl_refinement0 = "17_impl_refinement.rs" 29 4 29 25 - use prelude.prelude.UInt64 + use prelude.prelude.Int128.to_int + + use prelude.prelude.Int128 + + use prelude.prelude.UInt64.to_uint use prelude.prelude.UInt64 use prelude.prelude.Int - goal need_false_refn : [%#s17_impl_refinement0] forall x : uint64 . UInt64.to_int x >= 10 -> UInt64.to_int x >= 15 + goal need_false_refn : [%#s17_impl_refinement0] forall x : UInt64.t . UInt64.to_int x >= Int128.to_int (10 : Int128.t) + -> UInt64.to_int x >= Int128.to_int (15 : Int128.t) end diff --git a/creusot/tests/should_fail/type_invariants/borrows.coma b/creusot/tests/should_fail/type_invariants/borrows.coma index 6bd268e1fd..9bf78eeeda 100644 --- a/creusot/tests/should_fail/type_invariants/borrows.coma +++ b/creusot/tests/should_fail/type_invariants/borrows.coma @@ -4,13 +4,13 @@ module T_borrows__NonZero [#"borrows.rs" 4 0 4 18] use prelude.prelude.Int type t_NonZero = - | C_NonZero int32 + | C_NonZero Int32.t - let rec t_NonZero (input:t_NonZero) (ret (field_0:int32))= any - [ good (field_0:int32)-> {C_NonZero field_0 = input} (! ret {field_0}) ] + let rec t_NonZero (input:t_NonZero) (ret (field_0:Int32.t))= any + [ good (field_0:Int32.t)-> {C_NonZero field_0 = input} (! ret {field_0}) ] - function t_NonZero__0 (self : t_NonZero) : int32 = + function t_NonZero__0 (self : t_NonZero) : Int32.t = match self with | C_NonZero a -> a end @@ -21,14 +21,20 @@ module M_borrows__qyi5649894289181344863__new [#"borrows.rs" 17 4 17 30] (* NonZ let%span sborrows2 = "borrows.rs" 17 26 17 30 let%span sborrows3 = "borrows.rs" 10 20 10 32 - use prelude.prelude.Int32 + use prelude.prelude.Int128.to_int + + use prelude.prelude.Int128 + + use prelude.prelude.Int + + use prelude.prelude.Int32.to_int use T_borrows__NonZero as T_borrows__NonZero use T_borrows__NonZero as NonZero'0 predicate invariant'0 [#"borrows.rs" 9 4 9 30] (self : NonZero'0.t_NonZero) = - [%#sborrows3] Int32.to_int (T_borrows__NonZero.t_NonZero__0 self) <> 0 + [%#sborrows3] Int32.to_int (T_borrows__NonZero.t_NonZero__0 self) <> Int128.to_int (0 : Int128.t) predicate inv'0 (_1 : NonZero'0.t_NonZero) @@ -40,15 +46,14 @@ module M_borrows__qyi5649894289181344863__new [#"borrows.rs" 17 4 17 30] (* NonZ use prelude.prelude.Int32 - use prelude.prelude.Int - use prelude.prelude.Intrinsic meta "compute_max_steps" 1000000 - let rec new (n:int32) (return' (ret:NonZero'0.t_NonZero))= {[%#sborrows0] Int32.to_int n <> 0} + let rec new (n:Int32.t) (return' (ret:NonZero'0.t_NonZero))= {[%#sborrows0] Int32.to_int n + <> Int128.to_int (0 : Int128.t)} (! bb0 [ bb0 = s0 [ s0 = [ &_0 <- NonZero'0.C_NonZero n ] s1 | s1 = return' {_0} ] ] ) - [ & _0 : NonZero'0.t_NonZero = any_l () | & n : int32 = n ] + [ & _0 : NonZero'0.t_NonZero = any_l () | & n : Int32.t = n ] [ return' (result:NonZero'0.t_NonZero)-> {[@expl:postcondition] [%#sborrows2] inv'0 result} {[@expl:postcondition] [%#sborrows1] T_borrows__NonZero.t_NonZero__0 result = n} @@ -63,14 +68,20 @@ module M_borrows__qyi5649894289181344863__inner_mut [#"borrows.rs" 23 4 23 43] ( let%span sinvariant4 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 let%span sborrows5 = "borrows.rs" 10 20 10 32 - use prelude.prelude.Int32 + use prelude.prelude.Int128.to_int + + use prelude.prelude.Int128 + + use prelude.prelude.Int + + use prelude.prelude.Int32.to_int use T_borrows__NonZero as T_borrows__NonZero use T_borrows__NonZero as NonZero'0 predicate invariant'1 [#"borrows.rs" 9 4 9 30] (self : NonZero'0.t_NonZero) = - [%#sborrows5] Int32.to_int (T_borrows__NonZero.t_NonZero__0 self) <> 0 + [%#sborrows5] Int32.to_int (T_borrows__NonZero.t_NonZero__0 self) <> Int128.to_int (0 : Int128.t) predicate inv'1 (_1 : NonZero'0.t_NonZero) @@ -99,30 +110,28 @@ module M_borrows__qyi5649894289181344863__inner_mut [#"borrows.rs" 23 4 23 43] ( use prelude.prelude.Int32 - use prelude.prelude.Int - - predicate resolve'2 (self : borrowed int32) = + predicate resolve'2 (self : borrowed Int32.t) = [%#sresolve3] self.final = self.current - predicate resolve'0 (_1 : borrowed int32) = + predicate resolve'0 (_1 : borrowed Int32.t) = resolve'2 _1 meta "compute_max_steps" 1000000 - let rec inner_mut (self:borrowed (NonZero'0.t_NonZero)) (return' (ret:borrowed int32))= {[%#sborrows0] inv'0 self} + let rec inner_mut (self:borrowed (NonZero'0.t_NonZero)) (return' (ret:borrowed Int32.t))= {[%#sborrows0] inv'0 self} (! bb0 [ bb0 = s0 [ s0 = NonZero'0.t_NonZero {self.current} - (fun (r0'0:int32) -> - Borrow.borrow_final {r0'0} {Borrow.inherit_id (Borrow.get_id self) 1} - (fun (_ret':borrowed int32) -> + (fun (r0'0:Int32.t) -> + Borrow.borrow_final {r0'0} {Borrow.inherit_id (Borrow.get_id self) 1} + (fun (_ret':borrowed Int32.t) -> [ &_5 <- _ret' ] [ &self <- { self with current = NonZero'0.C_NonZero _ret'.final ; } ] s1)) - | s1 = Borrow.borrow_final {_5.current} {Borrow.get_id _5} - (fun (_ret':borrowed int32) -> [ &_2 <- _ret' ] [ &_5 <- { _5 with current = _ret'.final ; } ] s2) - | s2 = Borrow.borrow_final {_2.current} {Borrow.get_id _2} - (fun (_ret':borrowed int32) -> [ &_0 <- _ret' ] [ &_2 <- { _2 with current = _ret'.final ; } ] s3) + | s1 = Borrow.borrow_final {_5.current} {Borrow.get_id _5} + (fun (_ret':borrowed Int32.t) -> [ &_2 <- _ret' ] [ &_5 <- { _5 with current = _ret'.final ; } ] s2) + | s2 = Borrow.borrow_final {_2.current} {Borrow.get_id _2} + (fun (_ret':borrowed Int32.t) -> [ &_0 <- _ret' ] [ &_2 <- { _2 with current = _ret'.final ; } ] s3) | s3 = -{resolve'0 _5}- s4 | s4 = -{resolve'0 _2}- s5 | s5 = {[@expl:type invariant] inv'0 self} s6 @@ -130,12 +139,12 @@ module M_borrows__qyi5649894289181344863__inner_mut [#"borrows.rs" 23 4 23 43] ( | s7 = return' {_0} ] ] ) - [ & _0 : borrowed int32 = any_l () + [ & _0 : borrowed Int32.t = any_l () | & self : borrowed (NonZero'0.t_NonZero) = self - | & _2 : borrowed int32 = any_l () - | & _5 : borrowed int32 = any_l () ] + | & _2 : borrowed Int32.t = any_l () + | & _5 : borrowed Int32.t = any_l () ] - [ return' (result:borrowed int32)-> {[@expl:postcondition] [%#sborrows2] Int32.to_int (T_borrows__NonZero.t_NonZero__0 self.final) + [ return' (result:borrowed Int32.t)-> {[@expl:postcondition] [%#sborrows2] Int32.to_int (T_borrows__NonZero.t_NonZero__0 self.final) = Int32.to_int result.final} {[@expl:postcondition] [%#sborrows1] Int32.to_int (T_borrows__NonZero.t_NonZero__0 self.current) = Int32.to_int result.current} @@ -153,14 +162,20 @@ module M_borrows__simple [#"borrows.rs" 31 0 31 30] let%span sinvariant7 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 let%span sborrows8 = "borrows.rs" 10 20 10 32 - use prelude.prelude.Int32 + use prelude.prelude.Int128.to_int + + use prelude.prelude.Int128 + + use prelude.prelude.Int + + use prelude.prelude.Int32.to_int use T_borrows__NonZero as T_borrows__NonZero use T_borrows__NonZero as NonZero'0 predicate invariant'1 [#"borrows.rs" 9 4 9 30] (self : NonZero'0.t_NonZero) = - [%#sborrows8] Int32.to_int (T_borrows__NonZero.t_NonZero__0 self) <> 0 + [%#sborrows8] Int32.to_int (T_borrows__NonZero.t_NonZero__0 self) <> Int128.to_int (0 : Int128.t) predicate inv'1 (_1 : NonZero'0.t_NonZero) @@ -181,9 +196,7 @@ module M_borrows__simple [#"borrows.rs" 31 0 31 30] use prelude.prelude.Int32 - use prelude.prelude.Int - - constant v_MAX'0 : int32 = (2147483647 : int32) + constant v_MAX'0 : Int32.t = (2147483647 : Int32.t) use prelude.prelude.Intrinsic @@ -193,35 +206,38 @@ module M_borrows__simple [#"borrows.rs" 31 0 31 30] predicate resolve'1 (_1 : borrowed (NonZero'0.t_NonZero)) = resolve'3 _1 - predicate resolve'2 (self : borrowed int32) = + predicate resolve'2 (self : borrowed Int32.t) = [%#sresolve6] self.final = self.current - predicate resolve'0 (_1 : borrowed int32) = + predicate resolve'0 (_1 : borrowed Int32.t) = resolve'2 _1 - function view'0 (self : borrowed int32) : int = + function view'0 (self : borrowed Int32.t) : int = [%#smodel5] Int32.to_int self.current - let rec inc'0 (x:borrowed int32) (return' (ret:()))= {[@expl:precondition] [%#sborrows3] view'0 x - < Int32.to_int (v_MAX'0 : int32)} - any [ return' (result:())-> {[%#sborrows4] Int32.to_int x.final = view'0 x + 1} (! return' {result}) ] + let rec inc'0 (x:borrowed Int32.t) (return' (ret:()))= {[@expl:precondition] [%#sborrows3] view'0 x + < Int32.to_int (v_MAX'0 : Int32.t)} + any + [ return' (result:())-> {[%#sborrows4] Int32.to_int x.final = view'0 x + Int128.to_int (1 : Int128.t)} + (! return' {result}) ] + meta "compute_max_steps" 1000000 let rec simple (x:borrowed (NonZero'0.t_NonZero)) (return' (ret:()))= {[%#sborrows2] inv'0 x} - {[%#sborrows1] Int32.to_int (T_borrows__NonZero.t_NonZero__0 x.current) <> - 1} - {[%#sborrows0] Int32.to_int (T_borrows__NonZero.t_NonZero__0 x.current) < Int32.to_int (v_MAX'0 : int32)} + {[%#sborrows1] Int32.to_int (T_borrows__NonZero.t_NonZero__0 x.current) <> - Int128.to_int (1 : Int128.t)} + {[%#sborrows0] Int32.to_int (T_borrows__NonZero.t_NonZero__0 x.current) < Int32.to_int (v_MAX'0 : Int32.t)} (! bb0 [ bb0 = s0 [ s0 = NonZero'0.t_NonZero {x.current} - (fun (r0'0:int32) -> - Borrow.borrow_final {r0'0} {Borrow.inherit_id (Borrow.get_id x) 1} - (fun (_ret':borrowed int32) -> + (fun (r0'0:Int32.t) -> + Borrow.borrow_final {r0'0} {Borrow.inherit_id (Borrow.get_id x) 1} + (fun (_ret':borrowed Int32.t) -> [ &_6 <- _ret' ] [ &x <- { x with current = NonZero'0.C_NonZero _ret'.final ; } ] s1)) - | s1 = Borrow.borrow_final {_6.current} {Borrow.get_id _6} - (fun (_ret':borrowed int32) -> [ &_5 <- _ret' ] [ &_6 <- { _6 with current = _ret'.final ; } ] s2) + | s1 = Borrow.borrow_final {_6.current} {Borrow.get_id _6} + (fun (_ret':borrowed Int32.t) -> [ &_5 <- _ret' ] [ &_6 <- { _6 with current = _ret'.final ; } ] s2) | s2 = inc'0 {_5} (fun (_ret':()) -> [ &_4 <- _ret' ] s3) | s3 = bb1 ] @@ -235,8 +251,8 @@ module M_borrows__simple [#"borrows.rs" 31 0 31 30] [ & _0 : () = any_l () | & x : borrowed (NonZero'0.t_NonZero) = x | & _4 : () = any_l () - | & _5 : borrowed int32 = any_l () - | & _6 : borrowed int32 = any_l () ] + | & _5 : borrowed Int32.t = any_l () + | & _6 : borrowed Int32.t = any_l () ] [ return' (result:())-> (! return' {result}) ] end module M_borrows__hard [#"borrows.rs" 38 0 38 28] @@ -266,12 +282,18 @@ module M_borrows__hard [#"borrows.rs" 38 0 38 28] axiom inv_axiom'1 [@rewrite] : forall x : borrowed (NonZero'0.t_NonZero) [inv'1 x] . inv'1 x = invariant'1 x - use prelude.prelude.Int32 + use prelude.prelude.Int128.to_int + + use prelude.prelude.Int128 + + use prelude.prelude.Int + + use prelude.prelude.Int32.to_int use T_borrows__NonZero as T_borrows__NonZero predicate invariant'0 [#"borrows.rs" 9 4 9 30] (self : NonZero'0.t_NonZero) = - [%#sborrows10] Int32.to_int (T_borrows__NonZero.t_NonZero__0 self) <> 0 + [%#sborrows10] Int32.to_int (T_borrows__NonZero.t_NonZero__0 self) <> Int128.to_int (0 : Int128.t) axiom inv_axiom'0 [@rewrite] : forall x : NonZero'0.t_NonZero [inv'0 x] . inv'0 x = (invariant'0 x @@ -281,9 +303,7 @@ module M_borrows__hard [#"borrows.rs" 38 0 38 28] use prelude.prelude.Int32 - use prelude.prelude.Int - - constant v_MAX'0 : int32 = (2147483647 : int32) + constant v_MAX'0 : Int32.t = (2147483647 : Int32.t) use prelude.prelude.Intrinsic @@ -293,22 +313,25 @@ module M_borrows__hard [#"borrows.rs" 38 0 38 28] predicate resolve'1 (_1 : borrowed (NonZero'0.t_NonZero)) = resolve'3 _1 - predicate resolve'2 (self : borrowed int32) = + predicate resolve'2 (self : borrowed Int32.t) = [%#sresolve9] self.final = self.current - predicate resolve'0 (_1 : borrowed int32) = + predicate resolve'0 (_1 : borrowed Int32.t) = resolve'2 _1 - function view'0 (self : borrowed int32) : int = + function view'0 (self : borrowed Int32.t) : int = [%#smodel8] Int32.to_int self.current - let rec inc'0 (x:borrowed int32) (return' (ret:()))= {[@expl:precondition] [%#sborrows6] view'0 x - < Int32.to_int (v_MAX'0 : int32)} - any [ return' (result:())-> {[%#sborrows7] Int32.to_int x.final = view'0 x + 1} (! return' {result}) ] + let rec inc'0 (x:borrowed Int32.t) (return' (ret:()))= {[@expl:precondition] [%#sborrows6] view'0 x + < Int32.to_int (v_MAX'0 : Int32.t)} + any + [ return' (result:())-> {[%#sborrows7] Int32.to_int x.final = view'0 x + Int128.to_int (1 : Int128.t)} + (! return' {result}) ] + - let rec inner_mut'0 (self:borrowed (NonZero'0.t_NonZero)) (return' (ret:borrowed int32))= {[@expl:precondition] [%#sborrows3] inv'1 self} + let rec inner_mut'0 (self:borrowed (NonZero'0.t_NonZero)) (return' (ret:borrowed Int32.t))= {[@expl:precondition] [%#sborrows3] inv'1 self} any - [ return' (result:borrowed int32)-> {[%#sborrows5] Int32.to_int (T_borrows__NonZero.t_NonZero__0 self.final) + [ return' (result:borrowed Int32.t)-> {[%#sborrows5] Int32.to_int (T_borrows__NonZero.t_NonZero__0 self.final) = Int32.to_int result.final} {[%#sborrows4] Int32.to_int (T_borrows__NonZero.t_NonZero__0 self.current) = Int32.to_int result.current} (! return' {result}) ] @@ -317,8 +340,8 @@ module M_borrows__hard [#"borrows.rs" 38 0 38 28] meta "compute_max_steps" 1000000 let rec hard (x:borrowed (NonZero'0.t_NonZero)) (return' (ret:()))= {[%#sborrows2] inv'1 x} - {[%#sborrows1] Int32.to_int (T_borrows__NonZero.t_NonZero__0 x.current) <> - 1} - {[%#sborrows0] Int32.to_int (T_borrows__NonZero.t_NonZero__0 x.current) < Int32.to_int (v_MAX'0 : int32)} + {[%#sborrows1] Int32.to_int (T_borrows__NonZero.t_NonZero__0 x.current) <> - Int128.to_int (1 : Int128.t)} + {[%#sborrows0] Int32.to_int (T_borrows__NonZero.t_NonZero__0 x.current) < Int32.to_int (v_MAX'0 : Int32.t)} (! bb0 [ bb0 = s0 [ s0 = {inv'0 x.current} @@ -328,12 +351,12 @@ module M_borrows__hard [#"borrows.rs" 38 0 38 28] -{inv'0 _ret'.final}- [ &x <- { x with current = _ret'.final ; } ] s1) - | s1 = inner_mut'0 {_7} (fun (_ret':borrowed int32) -> [ &_6 <- _ret' ] s2) + | s1 = inner_mut'0 {_7} (fun (_ret':borrowed Int32.t) -> [ &_6 <- _ret' ] s2) | s2 = bb1 ] | bb1 = s0 - [ s0 = Borrow.borrow_final {_6.current} {Borrow.get_id _6} - (fun (_ret':borrowed int32) -> [ &_5 <- _ret' ] [ &_6 <- { _6 with current = _ret'.final ; } ] s1) + [ s0 = Borrow.borrow_final {_6.current} {Borrow.get_id _6} + (fun (_ret':borrowed Int32.t) -> [ &_5 <- _ret' ] [ &_6 <- { _6 with current = _ret'.final ; } ] s1) | s1 = inc'0 {_5} (fun (_ret':()) -> [ &_4 <- _ret' ] s2) | s2 = bb2 ] @@ -347,8 +370,8 @@ module M_borrows__hard [#"borrows.rs" 38 0 38 28] [ & _0 : () = any_l () | & x : borrowed (NonZero'0.t_NonZero) = x | & _4 : () = any_l () - | & _5 : borrowed int32 = any_l () - | & _6 : borrowed int32 = any_l () + | & _5 : borrowed Int32.t = any_l () + | & _6 : borrowed Int32.t = any_l () | & _7 : borrowed (NonZero'0.t_NonZero) = any_l () ] [ return' (result:())-> (! return' {result}) ] end @@ -378,12 +401,18 @@ module M_borrows__tuple [#"borrows.rs" 45 0 45 44] axiom inv_axiom'2 [@rewrite] : forall x : borrowed (NonZero'0.t_NonZero) [inv'2 x] . inv'2 x = invariant'1 x - use prelude.prelude.Int32 + use prelude.prelude.Int128.to_int + + use prelude.prelude.Int128 + + use prelude.prelude.Int + + use prelude.prelude.Int32.to_int use T_borrows__NonZero as T_borrows__NonZero predicate invariant'0 [#"borrows.rs" 9 4 9 30] (self : NonZero'0.t_NonZero) = - [%#sborrows9] Int32.to_int (T_borrows__NonZero.t_NonZero__0 self) <> 0 + [%#sborrows9] Int32.to_int (T_borrows__NonZero.t_NonZero__0 self) <> Int128.to_int (0 : Int128.t) axiom inv_axiom'1 [@rewrite] : forall x : NonZero'0.t_NonZero [inv'1 x] . inv'1 x = (invariant'0 x @@ -398,9 +427,7 @@ module M_borrows__tuple [#"borrows.rs" 45 0 45 44] use prelude.prelude.Int32 - use prelude.prelude.Int - - constant v_MAX'0 : int32 = (2147483647 : int32) + constant v_MAX'0 : Int32.t = (2147483647 : Int32.t) use prelude.prelude.Intrinsic @@ -419,40 +446,46 @@ module M_borrows__tuple [#"borrows.rs" 45 0 45 44] predicate resolve'1 (_1 : (NonZero'0.t_NonZero, borrowed (NonZero'0.t_NonZero))) = resolve'3 _1 - predicate resolve'2 (self : borrowed int32) = + predicate resolve'2 (self : borrowed Int32.t) = [%#sresolve7] self.final = self.current - predicate resolve'0 (_1 : borrowed int32) = + predicate resolve'0 (_1 : borrowed Int32.t) = resolve'2 _1 - function view'0 (self : borrowed int32) : int = + function view'0 (self : borrowed Int32.t) : int = [%#smodel6] Int32.to_int self.current - let rec inc'0 (x:borrowed int32) (return' (ret:()))= {[@expl:precondition] [%#sborrows4] view'0 x - < Int32.to_int (v_MAX'0 : int32)} - any [ return' (result:())-> {[%#sborrows5] Int32.to_int x.final = view'0 x + 1} (! return' {result}) ] + let rec inc'0 (x:borrowed Int32.t) (return' (ret:()))= {[@expl:precondition] [%#sborrows4] view'0 x + < Int32.to_int (v_MAX'0 : Int32.t)} + any + [ return' (result:())-> {[%#sborrows5] Int32.to_int x.final = view'0 x + Int128.to_int (1 : Int128.t)} + (! return' {result}) ] + meta "compute_max_steps" 1000000 let rec tuple (x:(NonZero'0.t_NonZero, borrowed (NonZero'0.t_NonZero))) (return' (ret:()))= {[%#sborrows3] inv'0 x} - {[%#sborrows2] Int32.to_int (T_borrows__NonZero.t_NonZero__0 (let (_, a) = x in a).current) <> - 1} + {[%#sborrows2] Int32.to_int (T_borrows__NonZero.t_NonZero__0 (let (_, a) = x in a).current) + <> - Int128.to_int (1 : Int128.t)} {[%#sborrows1] Int32.to_int (T_borrows__NonZero.t_NonZero__0 (let (_, a) = x in a).current) - < Int32.to_int (v_MAX'0 : int32)} + < Int32.to_int (v_MAX'0 : Int32.t)} (! bb0 [ bb0 = s0 [ s0 = NonZero'0.t_NonZero {let (r'0, _) = x in r'0} - (fun (r0'0:int32) -> [ &x <- let (_, r'2) = x in (NonZero'0.C_NonZero ([%#sborrows0] (0 : int32)), r'2) ] s1) + (fun (r0'0:Int32.t) -> + [ &x <- let (_, r'2) = x in (NonZero'0.C_NonZero ([%#sborrows0] (0 : Int32.t)), r'2) ] + s1) | s1 = NonZero'0.t_NonZero {(let (_, r'3) = x in r'3).current} - (fun (r0'1:int32) -> - Borrow.borrow_final {r0'1} {Borrow.inherit_id (Borrow.get_id (let (_, r'3) = x in r'3)) 1} - (fun (_ret':borrowed int32) -> + (fun (r0'1:Int32.t) -> + Borrow.borrow_final {r0'1} {Borrow.inherit_id (Borrow.get_id (let (_, r'3) = x in r'3)) 1} + (fun (_ret':borrowed Int32.t) -> [ &_6 <- _ret' ] [ &x <- let (r'4, _) = x in (r'4, { (let (_, r'3) = x in r'3) with current = NonZero'0.C_NonZero _ret'.final ; }) ] s2)) - | s2 = Borrow.borrow_final {_6.current} {Borrow.get_id _6} - (fun (_ret':borrowed int32) -> [ &_5 <- _ret' ] [ &_6 <- { _6 with current = _ret'.final ; } ] s3) + | s2 = Borrow.borrow_final {_6.current} {Borrow.get_id _6} + (fun (_ret':borrowed Int32.t) -> [ &_5 <- _ret' ] [ &_6 <- { _6 with current = _ret'.final ; } ] s3) | s3 = inc'0 {_5} (fun (_ret':()) -> [ &_4 <- _ret' ] s4) | s4 = bb1 ] @@ -466,8 +499,8 @@ module M_borrows__tuple [#"borrows.rs" 45 0 45 44] [ & _0 : () = any_l () | & x : (NonZero'0.t_NonZero, borrowed (NonZero'0.t_NonZero)) = x | & _4 : () = any_l () - | & _5 : borrowed int32 = any_l () - | & _6 : borrowed int32 = any_l () ] + | & _5 : borrowed Int32.t = any_l () + | & _6 : borrowed Int32.t = any_l () ] [ return' (result:())-> (! return' {result}) ] end module M_borrows__partial_move [#"borrows.rs" 53 0 53 47] @@ -482,14 +515,20 @@ module M_borrows__partial_move [#"borrows.rs" 53 0 53 47] let%span sinvariant8 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 let%span sborrows9 = "borrows.rs" 10 20 10 32 - use prelude.prelude.Int32 + use prelude.prelude.Int128.to_int + + use prelude.prelude.Int128 + + use prelude.prelude.Int + + use prelude.prelude.Int32.to_int use T_borrows__NonZero as T_borrows__NonZero use T_borrows__NonZero as NonZero'0 predicate invariant'1 [#"borrows.rs" 9 4 9 30] (self : NonZero'0.t_NonZero) = - [%#sborrows9] Int32.to_int (T_borrows__NonZero.t_NonZero__0 self) <> 0 + [%#sborrows9] Int32.to_int (T_borrows__NonZero.t_NonZero__0 self) <> Int128.to_int (0 : Int128.t) predicate inv'2 (_1 : NonZero'0.t_NonZero) @@ -515,9 +554,7 @@ module M_borrows__partial_move [#"borrows.rs" 53 0 53 47] use prelude.prelude.Int32 - use prelude.prelude.Int - - constant v_MAX'0 : int32 = (2147483647 : int32) + constant v_MAX'0 : Int32.t = (2147483647 : Int32.t) use prelude.prelude.Intrinsic @@ -527,39 +564,43 @@ module M_borrows__partial_move [#"borrows.rs" 53 0 53 47] predicate resolve'1 (_1 : borrowed (NonZero'0.t_NonZero)) = resolve'3 _1 - predicate resolve'2 (self : borrowed int32) = + predicate resolve'2 (self : borrowed Int32.t) = [%#sresolve7] self.final = self.current - predicate resolve'0 (_1 : borrowed int32) = + predicate resolve'0 (_1 : borrowed Int32.t) = resolve'2 _1 - function view'0 (self : borrowed int32) : int = + function view'0 (self : borrowed Int32.t) : int = [%#smodel6] Int32.to_int self.current - let rec inc'0 (x:borrowed int32) (return' (ret:()))= {[@expl:precondition] [%#sborrows4] view'0 x - < Int32.to_int (v_MAX'0 : int32)} - any [ return' (result:())-> {[%#sborrows5] Int32.to_int x.final = view'0 x + 1} (! return' {result}) ] + let rec inc'0 (x:borrowed Int32.t) (return' (ret:()))= {[@expl:precondition] [%#sborrows4] view'0 x + < Int32.to_int (v_MAX'0 : Int32.t)} + any + [ return' (result:())-> {[%#sborrows5] Int32.to_int x.final = view'0 x + Int128.to_int (1 : Int128.t)} + (! return' {result}) ] + meta "compute_max_steps" 1000000 let rec partial_move (x:(NonZero'0.t_NonZero, borrowed (NonZero'0.t_NonZero))) (return' (ret:()))= {[%#sborrows3] inv'1 x} - {[%#sborrows2] Int32.to_int (T_borrows__NonZero.t_NonZero__0 (let (_, a) = x in a).current) <> - 1} + {[%#sborrows2] Int32.to_int (T_borrows__NonZero.t_NonZero__0 (let (_, a) = x in a).current) + <> - Int128.to_int (1 : Int128.t)} {[%#sborrows1] Int32.to_int (T_borrows__NonZero.t_NonZero__0 (let (_, a) = x in a).current) - < Int32.to_int (v_MAX'0 : int32)} + < Int32.to_int (v_MAX'0 : Int32.t)} (! bb0 [ bb0 = s0 [ s0 = [ &a <- let (r'0, _) = x in r'0 ] s1 | s1 = NonZero'0.t_NonZero {(let (_, r'1) = x in r'1).current} - (fun (r0'0:int32) -> - Borrow.borrow_final {r0'0} {Borrow.inherit_id (Borrow.get_id (let (_, r'1) = x in r'1)) 1} - (fun (_ret':borrowed int32) -> + (fun (r0'0:Int32.t) -> + Borrow.borrow_final {r0'0} {Borrow.inherit_id (Borrow.get_id (let (_, r'1) = x in r'1)) 1} + (fun (_ret':borrowed Int32.t) -> [ &_7 <- _ret' ] [ &x <- let (r'2, _) = x in (r'2, { (let (_, r'1) = x in r'1) with current = NonZero'0.C_NonZero _ret'.final ; }) ] s2)) - | s2 = Borrow.borrow_final {_7.current} {Borrow.get_id _7} - (fun (_ret':borrowed int32) -> [ &_6 <- _ret' ] [ &_7 <- { _7 with current = _ret'.final ; } ] s3) + | s2 = Borrow.borrow_final {_7.current} {Borrow.get_id _7} + (fun (_ret':borrowed Int32.t) -> [ &_6 <- _ret' ] [ &_7 <- { _7 with current = _ret'.final ; } ] s3) | s3 = inc'0 {_6} (fun (_ret':()) -> [ &_5 <- _ret' ] s4) | s4 = bb1 ] @@ -575,7 +616,8 @@ module M_borrows__partial_move [#"borrows.rs" 53 0 53 47] | _ -> true end}- s3 - | s3 = NonZero'0.t_NonZero {a} (fun (r0'0:int32) -> [ &a <- NonZero'0.C_NonZero ([%#sborrows0] (0 : int32)) ] s4) + | s3 = NonZero'0.t_NonZero {a} + (fun (r0'0:Int32.t) -> [ &a <- NonZero'0.C_NonZero ([%#sborrows0] (0 : Int32.t)) ] s4) | s4 = return' {_0} ] ] ) @@ -583,8 +625,8 @@ module M_borrows__partial_move [#"borrows.rs" 53 0 53 47] | & x : (NonZero'0.t_NonZero, borrowed (NonZero'0.t_NonZero)) = x | & a : NonZero'0.t_NonZero = any_l () | & _5 : () = any_l () - | & _6 : borrowed int32 = any_l () - | & _7 : borrowed int32 = any_l () ] + | & _6 : borrowed Int32.t = any_l () + | & _7 : borrowed Int32.t = any_l () ] [ return' (result:())-> (! return' {result}) ] end module M_borrows__destruct [#"borrows.rs" 61 0 61 43] @@ -599,14 +641,20 @@ module M_borrows__destruct [#"borrows.rs" 61 0 61 43] let%span sinvariant8 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 let%span sborrows9 = "borrows.rs" 10 20 10 32 - use prelude.prelude.Int32 + use prelude.prelude.Int128.to_int + + use prelude.prelude.Int128 + + use prelude.prelude.Int + + use prelude.prelude.Int32.to_int use T_borrows__NonZero as T_borrows__NonZero use T_borrows__NonZero as NonZero'0 predicate invariant'1 [#"borrows.rs" 9 4 9 30] (self : NonZero'0.t_NonZero) = - [%#sborrows9] Int32.to_int (T_borrows__NonZero.t_NonZero__0 self) <> 0 + [%#sborrows9] Int32.to_int (T_borrows__NonZero.t_NonZero__0 self) <> Int128.to_int (0 : Int128.t) predicate inv'2 (_1 : NonZero'0.t_NonZero) @@ -632,9 +680,7 @@ module M_borrows__destruct [#"borrows.rs" 61 0 61 43] use prelude.prelude.Int32 - use prelude.prelude.Int - - constant v_MAX'0 : int32 = (2147483647 : int32) + constant v_MAX'0 : Int32.t = (2147483647 : Int32.t) use prelude.prelude.Intrinsic @@ -644,39 +690,44 @@ module M_borrows__destruct [#"borrows.rs" 61 0 61 43] predicate resolve'1 (_1 : borrowed (NonZero'0.t_NonZero)) = resolve'3 _1 - predicate resolve'2 (self : borrowed int32) = + predicate resolve'2 (self : borrowed Int32.t) = [%#sresolve7] self.final = self.current - predicate resolve'0 (_1 : borrowed int32) = + predicate resolve'0 (_1 : borrowed Int32.t) = resolve'2 _1 - function view'0 (self : borrowed int32) : int = + function view'0 (self : borrowed Int32.t) : int = [%#smodel6] Int32.to_int self.current - let rec inc'0 (x:borrowed int32) (return' (ret:()))= {[@expl:precondition] [%#sborrows4] view'0 x - < Int32.to_int (v_MAX'0 : int32)} - any [ return' (result:())-> {[%#sborrows5] Int32.to_int x.final = view'0 x + 1} (! return' {result}) ] + let rec inc'0 (x:borrowed Int32.t) (return' (ret:()))= {[@expl:precondition] [%#sborrows4] view'0 x + < Int32.to_int (v_MAX'0 : Int32.t)} + any + [ return' (result:())-> {[%#sborrows5] Int32.to_int x.final = view'0 x + Int128.to_int (1 : Int128.t)} + (! return' {result}) ] + meta "compute_max_steps" 1000000 let rec destruct (x:(NonZero'0.t_NonZero, borrowed (NonZero'0.t_NonZero))) (return' (ret:()))= {[%#sborrows3] inv'1 x} - {[%#sborrows2] Int32.to_int (T_borrows__NonZero.t_NonZero__0 (let (_, a) = x in a).current) <> - 1} + {[%#sborrows2] Int32.to_int (T_borrows__NonZero.t_NonZero__0 (let (_, a) = x in a).current) + <> - Int128.to_int (1 : Int128.t)} {[%#sborrows1] Int32.to_int (T_borrows__NonZero.t_NonZero__0 (let (_, a) = x in a).current) - < Int32.to_int (v_MAX'0 : int32)} + < Int32.to_int (v_MAX'0 : Int32.t)} (! bb0 [ bb0 = s0 [ s0 = [ &a <- let (r'0, _) = x in r'0 ] s1 | s1 = [ &b <- let (_, r'1) = x in r'1 ] s2 - | s2 = NonZero'0.t_NonZero {a} (fun (r0'0:int32) -> [ &a <- NonZero'0.C_NonZero ([%#sborrows0] (0 : int32)) ] s3) + | s2 = NonZero'0.t_NonZero {a} + (fun (r0'0:Int32.t) -> [ &a <- NonZero'0.C_NonZero ([%#sborrows0] (0 : Int32.t)) ] s3) | s3 = NonZero'0.t_NonZero {b.current} - (fun (r0'1:int32) -> - Borrow.borrow_final {r0'1} {Borrow.inherit_id (Borrow.get_id b) 1} - (fun (_ret':borrowed int32) -> + (fun (r0'1:Int32.t) -> + Borrow.borrow_final {r0'1} {Borrow.inherit_id (Borrow.get_id b) 1} + (fun (_ret':borrowed Int32.t) -> [ &_8 <- _ret' ] [ &b <- { b with current = NonZero'0.C_NonZero _ret'.final ; } ] s4)) - | s4 = Borrow.borrow_final {_8.current} {Borrow.get_id _8} - (fun (_ret':borrowed int32) -> [ &_7 <- _ret' ] [ &_8 <- { _8 with current = _ret'.final ; } ] s5) + | s4 = Borrow.borrow_final {_8.current} {Borrow.get_id _8} + (fun (_ret':borrowed Int32.t) -> [ &_7 <- _ret' ] [ &_8 <- { _8 with current = _ret'.final ; } ] s5) | s5 = inc'0 {_7} (fun (_ret':()) -> [ &_6 <- _ret' ] s6) | s6 = bb1 ] @@ -692,8 +743,8 @@ module M_borrows__destruct [#"borrows.rs" 61 0 61 43] | & a : NonZero'0.t_NonZero = any_l () | & b : borrowed (NonZero'0.t_NonZero) = any_l () | & _6 : () = any_l () - | & _7 : borrowed int32 = any_l () - | & _8 : borrowed int32 = any_l () ] + | & _7 : borrowed Int32.t = any_l () + | & _8 : borrowed Int32.t = any_l () ] [ return' (result:())-> (! return' {result}) ] end module M_borrows__frozen_dead [#"borrows.rs" 69 0 69 66] @@ -721,12 +772,18 @@ module M_borrows__frozen_dead [#"borrows.rs" 69 0 69 66] axiom inv_axiom'1 [@rewrite] : forall x : borrowed (NonZero'0.t_NonZero) [inv'1 x] . inv'1 x = invariant'1 x - use prelude.prelude.Int32 + use prelude.prelude.Int128.to_int + + use prelude.prelude.Int128 + + use prelude.prelude.Int + + use prelude.prelude.Int32.to_int use T_borrows__NonZero as T_borrows__NonZero predicate invariant'0 [#"borrows.rs" 9 4 9 30] (self : NonZero'0.t_NonZero) = - [%#sborrows8] Int32.to_int (T_borrows__NonZero.t_NonZero__0 self) <> 0 + [%#sborrows8] Int32.to_int (T_borrows__NonZero.t_NonZero__0 self) <> Int128.to_int (0 : Int128.t) axiom inv_axiom'0 [@rewrite] : forall x : NonZero'0.t_NonZero [inv'0 x] . inv'0 x = (invariant'0 x @@ -736,24 +793,25 @@ module M_borrows__frozen_dead [#"borrows.rs" 69 0 69 66] use prelude.prelude.Int32 - use prelude.prelude.Int - - constant v_MAX'0 : int32 = (2147483647 : int32) + constant v_MAX'0 : Int32.t = (2147483647 : Int32.t) use prelude.prelude.Intrinsic - predicate resolve'3 (self : borrowed int32) = + predicate resolve'3 (self : borrowed Int32.t) = [%#sresolve6] self.final = self.current - predicate resolve'1 (_1 : borrowed int32) = + predicate resolve'1 (_1 : borrowed Int32.t) = resolve'3 _1 - function view'0 (self : borrowed int32) : int = + function view'0 (self : borrowed Int32.t) : int = [%#smodel7] Int32.to_int self.current - let rec inc'0 (x:borrowed int32) (return' (ret:()))= {[@expl:precondition] [%#sborrows4] view'0 x - < Int32.to_int (v_MAX'0 : int32)} - any [ return' (result:())-> {[%#sborrows5] Int32.to_int x.final = view'0 x + 1} (! return' {result}) ] + let rec inc'0 (x:borrowed Int32.t) (return' (ret:()))= {[@expl:precondition] [%#sborrows4] view'0 x + < Int32.to_int (v_MAX'0 : Int32.t)} + any + [ return' (result:())-> {[%#sborrows5] Int32.to_int x.final = view'0 x + Int128.to_int (1 : Int128.t)} + (! return' {result}) ] + predicate resolve'2 (self : borrowed (NonZero'0.t_NonZero)) = [%#sresolve6] self.final = self.current @@ -765,14 +823,14 @@ module M_borrows__frozen_dead [#"borrows.rs" 69 0 69 66] let rec frozen_dead (x:borrowed (NonZero'0.t_NonZero)) (y:borrowed (NonZero'0.t_NonZero)) (return' (ret:()))= {[%#sborrows3] inv'1 y} {[%#sborrows2] inv'1 x} - {[%#sborrows1] Int32.to_int (T_borrows__NonZero.t_NonZero__0 x.current) <> - 1} - {[%#sborrows0] Int32.to_int (T_borrows__NonZero.t_NonZero__0 x.current) < Int32.to_int (v_MAX'0 : int32)} + {[%#sborrows1] Int32.to_int (T_borrows__NonZero.t_NonZero__0 x.current) <> - Int128.to_int (1 : Int128.t)} + {[%#sborrows0] Int32.to_int (T_borrows__NonZero.t_NonZero__0 x.current) < Int32.to_int (v_MAX'0 : Int32.t)} (! bb0 [ bb0 = s0 [ s0 = NonZero'0.t_NonZero {x.current} - (fun (r0'0:int32) -> - Borrow.borrow_final {r0'0} {Borrow.inherit_id (Borrow.get_id x) 1} - (fun (_ret':borrowed int32) -> + (fun (r0'0:Int32.t) -> + Borrow.borrow_final {r0'0} {Borrow.inherit_id (Borrow.get_id x) 1} + (fun (_ret':borrowed Int32.t) -> [ &_a <- _ret' ] [ &x <- { x with current = NonZero'0.C_NonZero _ret'.final ; } ] s1)) @@ -788,8 +846,8 @@ module M_borrows__frozen_dead [#"borrows.rs" 69 0 69 66] | s4 = [ &x <- _6 ] s5 | s5 = {[@expl:type invariant] inv'1 x} s6 | s6 = -{resolve'0 x}- s7 - | s7 = Borrow.borrow_final {_a.current} {Borrow.get_id _a} - (fun (_ret':borrowed int32) -> [ &_8 <- _ret' ] [ &_a <- { _a with current = _ret'.final ; } ] s8) + | s7 = Borrow.borrow_final {_a.current} {Borrow.get_id _a} + (fun (_ret':borrowed Int32.t) -> [ &_8 <- _ret' ] [ &_a <- { _a with current = _ret'.final ; } ] s8) | s8 = inc'0 {_8} (fun (_ret':()) -> [ &_7 <- _ret' ] s9) | s9 = bb1 ] @@ -803,10 +861,10 @@ module M_borrows__frozen_dead [#"borrows.rs" 69 0 69 66] [ & _0 : () = any_l () | & x : borrowed (NonZero'0.t_NonZero) = x | & y : borrowed (NonZero'0.t_NonZero) = y - | & _a : borrowed int32 = any_l () + | & _a : borrowed Int32.t = any_l () | & _6 : borrowed (NonZero'0.t_NonZero) = any_l () | & _7 : () = any_l () - | & _8 : borrowed int32 = any_l () ] + | & _8 : borrowed Int32.t = any_l () ] [ return' (result:())-> (! return' {result}) ] end module T_borrows__SumTo10 [#"borrows.rs" 78 0 78 18] @@ -815,18 +873,18 @@ module T_borrows__SumTo10 [#"borrows.rs" 78 0 78 18] use prelude.prelude.Int type t_SumTo10 = - | C_SumTo10 int32 int32 + | C_SumTo10 Int32.t Int32.t - let rec t_SumTo10 (input:t_SumTo10) (ret (a:int32) (b:int32))= any - [ good (a:int32) (b:int32)-> {C_SumTo10 a b = input} (! ret {a} {b}) ] + let rec t_SumTo10 (input:t_SumTo10) (ret (a:Int32.t) (b:Int32.t))= any + [ good (a:Int32.t) (b:Int32.t)-> {C_SumTo10 a b = input} (! ret {a} {b}) ] - function t_SumTo10__a (self : t_SumTo10) : int32 = + function t_SumTo10__a (self : t_SumTo10) : Int32.t = match self with | C_SumTo10 a _ -> a end - function t_SumTo10__b (self : t_SumTo10) : int32 = + function t_SumTo10__b (self : t_SumTo10) : Int32.t = match self with | C_SumTo10 _ a -> a end @@ -843,11 +901,15 @@ module M_borrows__qyi5556307355051076399__foo [#"borrows.rs" 93 4 93 25] (* SumT let%span sinvariant8 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 let%span sborrows9 = "borrows.rs" 87 20 87 43 + use prelude.prelude.Int128.to_int + + use prelude.prelude.Int128 + use prelude.prelude.Int use T_borrows__SumTo10 as T_borrows__SumTo10 - use prelude.prelude.Int32 + use prelude.prelude.Int32.to_int use T_borrows__SumTo10 as T_borrows__SumTo10 @@ -856,7 +918,7 @@ module M_borrows__qyi5556307355051076399__foo [#"borrows.rs" 93 4 93 25] (* SumT predicate invariant'1 [#"borrows.rs" 86 4 86 30] (self : SumTo10'0.t_SumTo10) = [%#sborrows9] Int32.to_int (T_borrows__SumTo10.t_SumTo10__a self) + Int32.to_int (T_borrows__SumTo10.t_SumTo10__b self) - = 10 + = Int128.to_int (10 : Int128.t) predicate inv'1 (_1 : SumTo10'0.t_SumTo10) @@ -877,7 +939,7 @@ module M_borrows__qyi5556307355051076399__foo [#"borrows.rs" 93 4 93 25] (* SumT use prelude.prelude.Int32 - constant v_MAX'0 : int32 = (2147483647 : int32) + constant v_MAX'0 : Int32.t = (2147483647 : Int32.t) use prelude.prelude.Intrinsic @@ -887,54 +949,60 @@ module M_borrows__qyi5556307355051076399__foo [#"borrows.rs" 93 4 93 25] (* SumT predicate resolve'1 (_1 : borrowed (SumTo10'0.t_SumTo10)) = resolve'3 _1 - constant v_MIN'0 : int32 = (-2147483648 : int32) + constant v_MIN'0 : Int32.t = (-2147483648 : Int32.t) - function view'0 (self : borrowed int32) : int = + function view'0 (self : borrowed Int32.t) : int = [%#smodel6] Int32.to_int self.current - let rec dec'0 (x:borrowed int32) (return' (ret:()))= {[@expl:precondition] [%#sborrows4] view'0 x - > Int32.to_int (v_MIN'0 : int32)} - any [ return' (result:())-> {[%#sborrows5] Int32.to_int x.final = view'0 x - 1} (! return' {result}) ] + let rec dec'0 (x:borrowed Int32.t) (return' (ret:()))= {[@expl:precondition] [%#sborrows4] view'0 x + > Int32.to_int (v_MIN'0 : Int32.t)} + any + [ return' (result:())-> {[%#sborrows5] Int32.to_int x.final = view'0 x - Int128.to_int (1 : Int128.t)} + (! return' {result}) ] + - predicate resolve'2 (self : borrowed int32) = + predicate resolve'2 (self : borrowed Int32.t) = [%#sresolve7] self.final = self.current - predicate resolve'0 (_1 : borrowed int32) = + predicate resolve'0 (_1 : borrowed Int32.t) = resolve'2 _1 - let rec inc'0 (x:borrowed int32) (return' (ret:()))= {[@expl:precondition] [%#sborrows2] view'0 x - < Int32.to_int (v_MAX'0 : int32)} - any [ return' (result:())-> {[%#sborrows3] Int32.to_int x.final = view'0 x + 1} (! return' {result}) ] + let rec inc'0 (x:borrowed Int32.t) (return' (ret:()))= {[@expl:precondition] [%#sborrows2] view'0 x + < Int32.to_int (v_MAX'0 : Int32.t)} + any + [ return' (result:())-> {[%#sborrows3] Int32.to_int x.final = view'0 x + Int128.to_int (1 : Int128.t)} + (! return' {result}) ] + meta "compute_max_steps" 1000000 let rec foo (self:borrowed (SumTo10'0.t_SumTo10)) (return' (ret:()))= {[%#sborrows1] inv'0 self} - {[%#sborrows0] Int32.to_int (T_borrows__SumTo10.t_SumTo10__a self.current) < Int32.to_int (v_MAX'0 : int32)} + {[%#sborrows0] Int32.to_int (T_borrows__SumTo10.t_SumTo10__a self.current) < Int32.to_int (v_MAX'0 : Int32.t)} (! bb0 [ bb0 = s0 [ s0 = SumTo10'0.t_SumTo10 {self.current} - (fun (ra'0:int32) (rb'0:int32) -> - Borrow.borrow_final {ra'0} {Borrow.inherit_id (Borrow.get_id self) 1} - (fun (_ret':borrowed int32) -> + (fun (ra'0:Int32.t) (rb'0:Int32.t) -> + Borrow.borrow_final {ra'0} {Borrow.inherit_id (Borrow.get_id self) 1} + (fun (_ret':borrowed Int32.t) -> [ &_5 <- _ret' ] [ &self <- { self with current = SumTo10'0.C_SumTo10 _ret'.final rb'0 ; } ] s1)) - | s1 = Borrow.borrow_final {_5.current} {Borrow.get_id _5} - (fun (_ret':borrowed int32) -> [ &_4 <- _ret' ] [ &_5 <- { _5 with current = _ret'.final ; } ] s2) + | s1 = Borrow.borrow_final {_5.current} {Borrow.get_id _5} + (fun (_ret':borrowed Int32.t) -> [ &_4 <- _ret' ] [ &_5 <- { _5 with current = _ret'.final ; } ] s2) | s2 = inc'0 {_4} (fun (_ret':()) -> [ &_3 <- _ret' ] s3) | s3 = bb1 ] | bb1 = s0 [ s0 = -{resolve'0 _5}- s1 | s1 = SumTo10'0.t_SumTo10 {self.current} - (fun (ra'0:int32) (rb'0:int32) -> - Borrow.borrow_final {rb'0} {Borrow.inherit_id (Borrow.get_id self) 2} - (fun (_ret':borrowed int32) -> + (fun (ra'0:Int32.t) (rb'0:Int32.t) -> + Borrow.borrow_final {rb'0} {Borrow.inherit_id (Borrow.get_id self) 2} + (fun (_ret':borrowed Int32.t) -> [ &_8 <- _ret' ] [ &self <- { self with current = SumTo10'0.C_SumTo10 ra'0 _ret'.final ; } ] s2)) - | s2 = Borrow.borrow_final {_8.current} {Borrow.get_id _8} - (fun (_ret':borrowed int32) -> [ &_7 <- _ret' ] [ &_8 <- { _8 with current = _ret'.final ; } ] s3) + | s2 = Borrow.borrow_final {_8.current} {Borrow.get_id _8} + (fun (_ret':borrowed Int32.t) -> [ &_7 <- _ret' ] [ &_8 <- { _8 with current = _ret'.final ; } ] s3) | s3 = dec'0 {_7} (fun (_ret':()) -> [ &_6 <- _ret' ] s4) | s4 = bb2 ] @@ -948,11 +1016,11 @@ module M_borrows__qyi5556307355051076399__foo [#"borrows.rs" 93 4 93 25] (* SumT [ & _0 : () = any_l () | & self : borrowed (SumTo10'0.t_SumTo10) = self | & _3 : () = any_l () - | & _4 : borrowed int32 = any_l () - | & _5 : borrowed int32 = any_l () + | & _4 : borrowed Int32.t = any_l () + | & _5 : borrowed Int32.t = any_l () | & _6 : () = any_l () - | & _7 : borrowed int32 = any_l () - | & _8 : borrowed int32 = any_l () ] + | & _7 : borrowed Int32.t = any_l () + | & _8 : borrowed Int32.t = any_l () ] [ return' (result:())-> (! return' {result}) ] end module M_borrows__inc [#"borrows.rs" 101 0 101 23] @@ -962,39 +1030,44 @@ module M_borrows__inc [#"borrows.rs" 101 0 101 23] let%span smodel3 = "../../../../creusot-contracts/src/model.rs" 109 8 109 22 let%span sresolve4 = "../../../../creusot-contracts/src/resolve.rs" 41 20 41 34 - use prelude.prelude.Int32 + use prelude.prelude.Int128.to_int + + use prelude.prelude.Int128 + + use prelude.prelude.Int32.to_int use prelude.prelude.Int32 use prelude.prelude.Int - constant v_MAX'0 : int32 = (2147483647 : int32) + constant v_MAX'0 : Int32.t = (2147483647 : Int32.t) use prelude.prelude.Borrow - function view'0 (self : borrowed int32) : int = + function view'0 (self : borrowed Int32.t) : int = [%#smodel3] Int32.to_int self.current use prelude.prelude.Intrinsic - predicate resolve'1 (self : borrowed int32) = + predicate resolve'1 (self : borrowed Int32.t) = [%#sresolve4] self.final = self.current - predicate resolve'0 (_1 : borrowed int32) = + predicate resolve'0 (_1 : borrowed Int32.t) = resolve'1 _1 meta "compute_max_steps" 1000000 - let rec inc (x:borrowed int32) (return' (ret:()))= {[%#sborrows1] view'0 x < Int32.to_int (v_MAX'0 : int32)} + let rec inc (x:borrowed Int32.t) (return' (ret:()))= {[%#sborrows1] view'0 x < Int32.to_int (v_MAX'0 : Int32.t)} (! bb0 [ bb0 = s0 - [ s0 = Int32.add {x.current} {[%#sborrows0] (1 : int32)} - (fun (_ret':int32) -> [ &x <- { x with current = _ret' ; } ] s1) + [ s0 = Int32.add {x.current} {[%#sborrows0] (1 : Int32.t)} + (fun (_ret':Int32.t) -> [ &x <- { x with current = _ret' ; } ] s1) | s1 = -{resolve'0 x}- s2 | s2 = return' {_0} ] ] - ) [ & _0 : () = any_l () | & x : borrowed int32 = x ] - [ return' (result:())-> {[@expl:postcondition] [%#sborrows2] Int32.to_int x.final = view'0 x + 1} + ) [ & _0 : () = any_l () | & x : borrowed Int32.t = x ] + [ return' (result:())-> {[@expl:postcondition] [%#sborrows2] Int32.to_int x.final + = view'0 x + Int128.to_int (1 : Int128.t)} (! return' {result}) ] end @@ -1005,39 +1078,44 @@ module M_borrows__dec [#"borrows.rs" 107 0 107 23] let%span smodel3 = "../../../../creusot-contracts/src/model.rs" 109 8 109 22 let%span sresolve4 = "../../../../creusot-contracts/src/resolve.rs" 41 20 41 34 - use prelude.prelude.Int32 + use prelude.prelude.Int128.to_int + + use prelude.prelude.Int128 + + use prelude.prelude.Int32.to_int use prelude.prelude.Int32 use prelude.prelude.Int - constant v_MIN'0 : int32 = (-2147483648 : int32) + constant v_MIN'0 : Int32.t = (-2147483648 : Int32.t) use prelude.prelude.Borrow - function view'0 (self : borrowed int32) : int = + function view'0 (self : borrowed Int32.t) : int = [%#smodel3] Int32.to_int self.current use prelude.prelude.Intrinsic - predicate resolve'1 (self : borrowed int32) = + predicate resolve'1 (self : borrowed Int32.t) = [%#sresolve4] self.final = self.current - predicate resolve'0 (_1 : borrowed int32) = + predicate resolve'0 (_1 : borrowed Int32.t) = resolve'1 _1 meta "compute_max_steps" 1000000 - let rec dec (x:borrowed int32) (return' (ret:()))= {[%#sborrows1] view'0 x > Int32.to_int (v_MIN'0 : int32)} + let rec dec (x:borrowed Int32.t) (return' (ret:()))= {[%#sborrows1] view'0 x > Int32.to_int (v_MIN'0 : Int32.t)} (! bb0 [ bb0 = s0 - [ s0 = Int32.sub {x.current} {[%#sborrows0] (1 : int32)} - (fun (_ret':int32) -> [ &x <- { x with current = _ret' ; } ] s1) + [ s0 = Int32.sub {x.current} {[%#sborrows0] (1 : Int32.t)} + (fun (_ret':Int32.t) -> [ &x <- { x with current = _ret' ; } ] s1) | s1 = -{resolve'0 x}- s2 | s2 = return' {_0} ] ] - ) [ & _0 : () = any_l () | & x : borrowed int32 = x ] - [ return' (result:())-> {[@expl:postcondition] [%#sborrows2] Int32.to_int x.final = view'0 x - 1} + ) [ & _0 : () = any_l () | & x : borrowed Int32.t = x ] + [ return' (result:())-> {[@expl:postcondition] [%#sborrows2] Int32.to_int x.final + = view'0 x - Int128.to_int (1 : Int128.t)} (! return' {result}) ] end diff --git a/creusot/tests/should_fail/unsupported_binary_operations.rs b/creusot/tests/should_fail/unsupported_binary_operations.rs deleted file mode 100644 index 7c25016661..0000000000 --- a/creusot/tests/should_fail/unsupported_binary_operations.rs +++ /dev/null @@ -1,13 +0,0 @@ -extern crate creusot_contracts; - -fn bit_and(a: u32, b: u32) -> u32 { - a & b -} - -fn bit_or(a: u32, b: u32) -> u32 { - a | b -} - -fn bit_xor(a: u32, b: u32) -> u32 { - a ^ b -} diff --git a/creusot/tests/should_fail/unsupported_binary_operations.stderr b/creusot/tests/should_fail/unsupported_binary_operations.stderr deleted file mode 100644 index 946e52a769..0000000000 --- a/creusot/tests/should_fail/unsupported_binary_operations.stderr +++ /dev/null @@ -1,28 +0,0 @@ -warning: function `bit_and` is never used - --> unsupported_binary_operations.rs:3:4 - | -3 | fn bit_and(a: u32, b: u32) -> u32 { - | ^^^^^^^ - | - = note: `#[warn(dead_code)]` on by default - -warning: function `bit_or` is never used - --> unsupported_binary_operations.rs:7:4 - | -7 | fn bit_or(a: u32, b: u32) -> u32 { - | ^^^^^^ - -warning: function `bit_xor` is never used - --> unsupported_binary_operations.rs:11:4 - | -11 | fn bit_xor(a: u32, b: u32) -> u32 { - | ^^^^^^^ - -error: bitwise operations are currently unsupported - --> unsupported_binary_operations.rs:4:5 - | -4 | a & b - | ^^^^^ - -error: aborting due to 1 previous error; 3 warnings emitted - diff --git a/creusot/tests/should_succeed/100doors.coma b/creusot/tests/should_succeed/100doors.coma index c631da8868..64f17719ce 100644 --- a/creusot/tests/should_succeed/100doors.coma +++ b/creusot/tests/should_succeed/100doors.coma @@ -29,15 +29,15 @@ module T_core__ptr__unique__Unique end module T_alloc__raw_vec__Cap - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 use prelude.prelude.Int type t_Cap = - | C_Cap usize + | C_Cap UInt64.t - let rec t_Cap (input:t_Cap) (ret (field_0:usize))= any - [ good (field_0:usize)-> {C_Cap field_0 = input} (! ret {field_0}) ] + let rec t_Cap (input:t_Cap) (ret (field_0:UInt64.t))= any + [ good (field_0:UInt64.t)-> {C_Cap field_0 = input} (! ret {field_0}) ] end module T_alloc__raw_vec__RawVec @@ -54,17 +54,17 @@ module T_alloc__raw_vec__RawVec end module T_alloc__vec__Vec - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 use prelude.prelude.Int use T_alloc__raw_vec__RawVec as RawVec'0 type t_Vec 't 'a = - | C_Vec (RawVec'0.t_RawVec 't 'a) usize + | C_Vec (RawVec'0.t_RawVec 't 'a) UInt64.t - let rec t_Vec < 't > < 'a > (input:t_Vec 't 'a) (ret (buf:RawVec'0.t_RawVec 't 'a) (len:usize))= any - [ good (buf:RawVec'0.t_RawVec 't 'a) (len:usize)-> {C_Vec buf len = input} (! ret {buf} {len}) ] + let rec t_Vec < 't > < 'a > (input:t_Vec 't 'a) (ret (buf:RawVec'0.t_RawVec 't 'a) (len:UInt64.t))= any + [ good (buf:RawVec'0.t_RawVec 't 'a) (len:UInt64.t)-> {C_Vec buf len = input} (! ret {buf} {len}) ] end module T_alloc__alloc__Global @@ -171,13 +171,13 @@ module M_100doors__f [#"100doors.rs" 18 0 18 10] axiom inv_axiom'8 [@rewrite] : forall x : bool [inv'8 x] . inv'8 x = true - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 use prelude.prelude.Int - predicate inv'7 (_1 : usize) + predicate inv'7 (_1 : UInt64.t) - axiom inv_axiom'7 [@rewrite] : forall x : usize [inv'7 x] . inv'7 x = true + axiom inv_axiom'7 [@rewrite] : forall x : UInt64.t [inv'7 x] . inv'7 x = true predicate inv'6 (_1 : Vec'0.t_Vec bool (Global'0.t_Global)) @@ -185,15 +185,15 @@ module M_100doors__f [#"100doors.rs" 18 0 18 10] use T_core__option__Option as Option'0 - predicate inv'5 (_1 : Option'0.t_Option usize) + predicate inv'5 (_1 : Option'0.t_Option UInt64.t) - axiom inv_axiom'5 [@rewrite] : forall x : Option'0.t_Option usize [inv'5 x] . inv'5 x = true + axiom inv_axiom'5 [@rewrite] : forall x : Option'0.t_Option UInt64.t [inv'5 x] . inv'5 x = true use T_core__ops__range__Range as Range'0 - predicate inv'4 (_1 : borrowed (Range'0.t_Range usize)) + predicate inv'4 (_1 : borrowed (Range'0.t_Range UInt64.t)) - axiom inv_axiom'4 [@rewrite] : forall x : borrowed (Range'0.t_Range usize) [inv'4 x] . inv'4 x = true + axiom inv_axiom'4 [@rewrite] : forall x : borrowed (Range'0.t_Range UInt64.t) [inv'4 x] . inv'4 x = true predicate inv'3 (_1 : Vec'0.t_Vec bool (Global'0.t_Global)) @@ -209,36 +209,40 @@ module M_100doors__f [#"100doors.rs" 18 0 18 10] use seq.Seq + use prelude.prelude.Int128.to_int + + use prelude.prelude.Int128 + use seq.Seq - use prelude.prelude.UIntSize + use prelude.prelude.UInt64.to_uint - function deep_model'0 (self : usize) : int = - [%#snum38] UIntSize.to_int self + function deep_model'0 (self : UInt64.t) : int = + [%#snum38] UInt64.to_int self use T_core__ops__range__Range as T_core__ops__range__Range use T_core__ops__range__Range as T_core__ops__range__Range - predicate produces'0 (self : Range'0.t_Range usize) (visited : Seq.seq usize) (o : Range'0.t_Range usize) = + predicate produces'0 (self : Range'0.t_Range UInt64.t) (visited : Seq.seq UInt64.t) (o : Range'0.t_Range UInt64.t) = [%#srange17] T_core__ops__range__Range.t_Range__end self = T_core__ops__range__Range.t_Range__end o /\ deep_model'0 (T_core__ops__range__Range.t_Range__start self) <= deep_model'0 (T_core__ops__range__Range.t_Range__start o) - /\ (Seq.length visited > 0 + /\ (Seq.length visited > Int128.to_int (0 : Int128.t) -> deep_model'0 (T_core__ops__range__Range.t_Range__start o) <= deep_model'0 (T_core__ops__range__Range.t_Range__end o)) /\ Seq.length visited = deep_model'0 (T_core__ops__range__Range.t_Range__start o) - deep_model'0 (T_core__ops__range__Range.t_Range__start self) - /\ (forall i : int . 0 <= i /\ i < Seq.length visited + /\ (forall i : int . Int128.to_int (0 : Int128.t) <= i /\ i < Seq.length visited -> deep_model'0 (Seq.get visited i) = deep_model'0 (T_core__ops__range__Range.t_Range__start self) + i) - predicate inv'1 (_1 : Range'0.t_Range usize) + predicate inv'1 (_1 : Range'0.t_Range UInt64.t) - function produces_trans'0 (a : Range'0.t_Range usize) (ab : Seq.seq usize) (b : Range'0.t_Range usize) (bc : Seq.seq usize) (c : Range'0.t_Range usize) : () + function produces_trans'0 (a : Range'0.t_Range UInt64.t) (ab : Seq.seq UInt64.t) (b : Range'0.t_Range UInt64.t) (bc : Seq.seq UInt64.t) (c : Range'0.t_Range UInt64.t) : () - axiom produces_trans'0_spec : forall a : Range'0.t_Range usize, ab : Seq.seq usize, b : Range'0.t_Range usize, bc : Seq.seq usize, c : Range'0.t_Range usize . ([%#srange32] inv'1 a) + axiom produces_trans'0_spec : forall a : Range'0.t_Range UInt64.t, ab : Seq.seq UInt64.t, b : Range'0.t_Range UInt64.t, bc : Seq.seq UInt64.t, c : Range'0.t_Range UInt64.t . ([%#srange32] inv'1 a) -> ([%#srange33] inv'1 b) -> ([%#srange34] inv'1 c) -> ([%#srange35] produces'0 a ab b) @@ -246,16 +250,16 @@ module M_100doors__f [#"100doors.rs" 18 0 18 10] use seq.Seq - function produces_refl'0 (self : Range'0.t_Range usize) : () + function produces_refl'0 (self : Range'0.t_Range UInt64.t) : () - axiom produces_refl'0_spec : forall self : Range'0.t_Range usize . ([%#srange30] inv'1 self) - -> ([%#srange31] produces'0 self (Seq.empty : Seq.seq usize) self) + axiom produces_refl'0_spec : forall self : Range'0.t_Range UInt64.t . ([%#srange30] inv'1 self) + -> ([%#srange31] produces'0 self (Seq.empty : Seq.seq UInt64.t) self) - axiom inv_axiom'1 [@rewrite] : forall x : Range'0.t_Range usize [inv'1 x] . inv'1 x = true + axiom inv_axiom'1 [@rewrite] : forall x : Range'0.t_Range UInt64.t [inv'1 x] . inv'1 x = true - predicate inv'0 (_1 : Seq.seq usize) + predicate inv'0 (_1 : Seq.seq UInt64.t) - axiom inv_axiom'0 [@rewrite] : forall x : Seq.seq usize [inv'0 x] . inv'0 x = true + axiom inv_axiom'0 [@rewrite] : forall x : Seq.seq UInt64.t [inv'0 x] . inv'0 x = true use prelude.prelude.Snapshot @@ -275,27 +279,27 @@ module M_100doors__f [#"100doors.rs" 18 0 18 10] use seq.Seq - predicate resolve_elswhere'0 [@inline:trivial] (self : usize) (old' : Seq.seq bool) (fin : Seq.seq bool) = - [%#sslice45] forall i : int . 0 <= i /\ i <> UIntSize.to_int self /\ i < Seq.length old' + predicate resolve_elswhere'0 [@inline:trivial] (self : UInt64.t) (old' : Seq.seq bool) (fin : Seq.seq bool) = + [%#sslice45] forall i : int . Int128.to_int (0 : Int128.t) <= i /\ i <> UInt64.to_int self /\ i < Seq.length old' -> Seq.get old' i = Seq.get fin i - constant v_MAX'0 : usize = (18446744073709551615 : usize) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) function view'0 (self : Vec'0.t_Vec bool (Global'0.t_Global)) : Seq.seq bool axiom view'0_spec : forall self : Vec'0.t_Vec bool (Global'0.t_Global) . [%#svec18] Seq.length (view'0 self) - <= UIntSize.to_int (v_MAX'0 : usize) + <= UInt64.to_int (v_MAX'0 : UInt64.t) - predicate has_value'0 [@inline:trivial] (self : usize) (seq : Seq.seq bool) (out : bool) = - [%#sslice43] Seq.get seq (UIntSize.to_int self) = out + predicate has_value'0 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq bool) (out : bool) = + [%#sslice43] Seq.get seq (UInt64.to_int self) = out - predicate in_bounds'0 [@inline:trivial] (self : usize) (seq : Seq.seq bool) = - [%#sslice42] UIntSize.to_int self < Seq.length seq + predicate in_bounds'0 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq bool) = + [%#sslice42] UInt64.to_int self < Seq.length seq function view'2 (self : borrowed (Vec'0.t_Vec bool (Global'0.t_Global))) : Seq.seq bool = [%#smodel44] view'0 self.current - let rec index_mut'0 (self:borrowed (Vec'0.t_Vec bool (Global'0.t_Global))) (index:usize) (return' (ret:borrowed bool))= {[@expl:precondition] inv'7 index} + let rec index_mut'0 (self:borrowed (Vec'0.t_Vec bool (Global'0.t_Global))) (index:UInt64.t) (return' (ret:borrowed bool))= {[@expl:precondition] inv'7 index} {[@expl:precondition] inv'9 self} {[@expl:precondition] [%#svec22] in_bounds'0 index (view'2 self)} any @@ -310,7 +314,7 @@ module M_100doors__f [#"100doors.rs" 18 0 18 10] function view'1 (self : Vec'0.t_Vec bool (Global'0.t_Global)) : Seq.seq bool = [%#smodel41] view'0 self - let rec index'0 (self:Vec'0.t_Vec bool (Global'0.t_Global)) (index:usize) (return' (ret:bool))= {[@expl:precondition] inv'7 index} + let rec index'0 (self:Vec'0.t_Vec bool (Global'0.t_Global)) (index:UInt64.t) (return' (ret:bool))= {[@expl:precondition] inv'7 index} {[@expl:precondition] inv'6 self} {[@expl:precondition] [%#svec20] in_bounds'0 index (view'1 self)} any @@ -319,20 +323,20 @@ module M_100doors__f [#"100doors.rs" 18 0 18 10] use seq.Seq - predicate resolve'2 (self : borrowed (Range'0.t_Range usize)) = + predicate resolve'2 (self : borrowed (Range'0.t_Range UInt64.t)) = [%#sresolve40] self.final = self.current - predicate resolve'0 (_1 : borrowed (Range'0.t_Range usize)) = + predicate resolve'0 (_1 : borrowed (Range'0.t_Range UInt64.t)) = resolve'2 _1 - predicate completed'0 (self : borrowed (Range'0.t_Range usize)) = + predicate completed'0 (self : borrowed (Range'0.t_Range UInt64.t)) = [%#srange39] resolve'2 self /\ deep_model'0 (T_core__ops__range__Range.t_Range__start self.current) >= deep_model'0 (T_core__ops__range__Range.t_Range__end self.current) - let rec next'0 (self:borrowed (Range'0.t_Range usize)) (return' (ret:Option'0.t_Option usize))= {[@expl:precondition] inv'4 self} + let rec next'0 (self:borrowed (Range'0.t_Range UInt64.t)) (return' (ret:Option'0.t_Option UInt64.t))= {[@expl:precondition] inv'4 self} any - [ return' (result:Option'0.t_Option usize)-> {inv'5 result} + [ return' (result:Option'0.t_Option UInt64.t)-> {inv'5 result} {[%#siter19] match result with | Option'0.C_None -> completed'0 self | Option'0.C_Some v -> produces'0 self.current (Seq.singleton v) self.final @@ -350,16 +354,16 @@ module M_100doors__f [#"100doors.rs" 18 0 18 10] use prelude.prelude.Snapshot - predicate into_iter_post'0 (self : Range'0.t_Range usize) (res : Range'0.t_Range usize) = + predicate into_iter_post'0 (self : Range'0.t_Range UInt64.t) (res : Range'0.t_Range UInt64.t) = [%#siter29] self = res - predicate into_iter_pre'0 (self : Range'0.t_Range usize) = + predicate into_iter_pre'0 (self : Range'0.t_Range UInt64.t) = [%#siter28] true - let rec into_iter'0 (self:Range'0.t_Range usize) (return' (ret:Range'0.t_Range usize))= {[@expl:precondition] inv'1 self} + let rec into_iter'0 (self:Range'0.t_Range UInt64.t) (return' (ret:Range'0.t_Range UInt64.t))= {[@expl:precondition] inv'1 self} {[@expl:precondition] [%#siter16] into_iter_pre'0 self} any - [ return' (result:Range'0.t_Range usize)-> {inv'1 result} + [ return' (result:Range'0.t_Range UInt64.t)-> {inv'1 result} {[%#siter16] into_iter_post'0 self result} (! return' {result}) ] @@ -367,11 +371,12 @@ module M_100doors__f [#"100doors.rs" 18 0 18 10] function index_logic'0 [@inline:trivial] (self : Vec'0.t_Vec bool (Global'0.t_Global)) (ix : int) : bool = [%#sops27] Seq.get (view'0 self) ix - let rec from_elem'0 (elem:bool) (n:usize) (return' (ret:Vec'0.t_Vec bool (Global'0.t_Global)))= {[@expl:precondition] inv'2 elem} + let rec from_elem'0 (elem:bool) (n:UInt64.t) (return' (ret:Vec'0.t_Vec bool (Global'0.t_Global)))= {[@expl:precondition] inv'2 elem} any [ return' (result:Vec'0.t_Vec bool (Global'0.t_Global))-> {inv'3 result} - {[%#svec15] forall i : int . 0 <= i /\ i < UIntSize.to_int n -> index_logic'0 result i = elem} - {[%#svec14] Seq.length (view'0 result) = UIntSize.to_int n} + {[%#svec15] forall i : int . Int128.to_int (0 : Int128.t) <= i /\ i < UInt64.to_int n + -> index_logic'0 result i = elem} + {[%#svec14] Seq.length (view'0 result) = UInt64.to_int n} (! return' {result}) ] @@ -379,45 +384,45 @@ module M_100doors__f [#"100doors.rs" 18 0 18 10] let rec f (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 - [ s0 = from_elem'0 {[%#s100doors0] false} {[%#s100doors1] (100 : usize)} + [ s0 = from_elem'0 {[%#s100doors0] false} {[%#s100doors1] (100 : UInt64.t)} (fun (_ret':Vec'0.t_Vec bool (Global'0.t_Global)) -> [ &door_open <- _ret' ] s1) | s1 = bb1 ] | bb1 = s0 - [ s0 = [ &_3 <- Range'0.C_Range ([%#s100doors2] (1 : usize)) ([%#s100doors3] (101 : usize)) ] s1 - | s1 = into_iter'0 {_3} (fun (_ret':Range'0.t_Range usize) -> [ &iter <- _ret' ] s2) + [ s0 = [ &_3 <- Range'0.C_Range ([%#s100doors2] (1 : UInt64.t)) ([%#s100doors3] (101 : UInt64.t)) ] s1 + | s1 = into_iter'0 {_3} (fun (_ret':Range'0.t_Range UInt64.t) -> [ &iter <- _ret' ] s2) | s2 = bb2 ] | bb2 = s0 [ s0 = [ &iter_old <- [%#s100doors4] Snapshot.new iter ] s1 | s1 = bb3 ] - | bb3 = s0 [ s0 = [ &produced <- [%#s100doors5] Snapshot.new (Seq.empty : Seq.seq usize) ] s1 | s1 = bb4 ] + | bb3 = s0 [ s0 = [ &produced <- [%#s100doors5] Snapshot.new (Seq.empty : Seq.seq UInt64.t) ] s1 | s1 = bb4 ] | bb4 = bb5 | bb5 = bb6 | bb6 = bb6 - [ bb6 = {[@expl:loop invariant] [%#s100doors7] Seq.length (view'0 door_open) = 100} + [ bb6 = {[@expl:loop invariant] [%#s100doors7] Seq.length (view'0 door_open) = Int128.to_int (100 : Int128.t)} {[@expl:loop invariant] [%#s100doors6] produces'0 (Snapshot.inner iter_old) (Snapshot.inner produced) iter} {[@expl:loop invariant] [%#s100doors6] inv'1 iter} {[@expl:loop invariant] [%#s100doors6] inv'0 (Snapshot.inner produced)} (! s0) [ s0 = bb7 ] [ bb7 = s0 - [ s0 = Borrow.borrow_mut {iter} - (fun (_ret':borrowed (Range'0.t_Range usize)) -> [ &_15 <- _ret' ] [ &iter <- _ret'.final ] s1) - | s1 = Borrow.borrow_final {_15.current} {Borrow.get_id _15} - (fun (_ret':borrowed (Range'0.t_Range usize)) -> + [ s0 = Borrow.borrow_mut {iter} + (fun (_ret':borrowed (Range'0.t_Range UInt64.t)) -> [ &_15 <- _ret' ] [ &iter <- _ret'.final ] s1) + | s1 = Borrow.borrow_final {_15.current} {Borrow.get_id _15} + (fun (_ret':borrowed (Range'0.t_Range UInt64.t)) -> [ &_14 <- _ret' ] [ &_15 <- { _15 with current = _ret'.final ; } ] s2) - | s2 = next'0 {_14} (fun (_ret':Option'0.t_Option usize) -> [ &_13 <- _ret' ] s3) + | s2 = next'0 {_14} (fun (_ret':Option'0.t_Option UInt64.t) -> [ &_13 <- _ret' ] s3) | s3 = bb8 ] | bb8 = s0 [ s0 = -{resolve'0 _15}- s1 | s1 = any - [ br0 -> {_13 = Option'0.C_None } (! bb11) | br1 (a:usize)-> {_13 = Option'0.C_Some a} (! bb10) ] + [ br0 -> {_13 = Option'0.C_None } (! bb11) | br1 (a:UInt64.t)-> {_13 = Option'0.C_Some a} (! bb10) ] ] | bb10 = bb12 | bb12 = s0 - [ s0 = Option'0.v_Some {_13} (fun (r0'0:usize) -> [ &__creusot_proc_iter_elem <- r0'0 ] s1) + [ s0 = Option'0.v_Some {_13} (fun (r0'0:UInt64.t) -> [ &__creusot_proc_iter_elem <- r0'0 ] s1) | s1 = [ &_18 <- [%#s100doors8] Snapshot.new (Seq.(++) (Snapshot.inner produced) (Seq.singleton __creusot_proc_iter_elem)) ] @@ -432,16 +437,17 @@ module M_100doors__f [#"100doors.rs" 18 0 18 10] | bb14 = bb15 | bb15 = bb15 - [ bb15 = {[@expl:loop invariant] [%#s100doors10] Seq.length (view'0 door_open) = 100} - {[@expl:loop invariant] [%#s100doors9] 1 <= UIntSize.to_int door - /\ UIntSize.to_int door <= 100 + UIntSize.to_int pass} + [ bb15 = {[@expl:loop invariant] [%#s100doors10] Seq.length (view'0 door_open) + = Int128.to_int (100 : Int128.t)} + {[@expl:loop invariant] [%#s100doors9] Int128.to_int (1 : Int128.t) <= UInt64.to_int door + /\ UInt64.to_int door <= Int128.to_int (100 : Int128.t) + UInt64.to_int pass} (! s0) [ s0 = bb16 ] [ bb16 = s0 - [ s0 = UIntSize.le {door} {[%#s100doors11] (100 : usize)} (fun (_ret':bool) -> [ &_24 <- _ret' ] s1) + [ s0 = UInt64.le {door} {[%#s100doors11] (100 : UInt64.t)} (fun (_ret':bool) -> [ &_24 <- _ret' ] s1) | s1 = any [ br0 -> {_24 = false} (! bb20) | br1 -> {_24} (! bb17) ] ] | bb17 = s0 - [ s0 = UIntSize.sub {door} {[%#s100doors12] (1 : usize)} (fun (_ret':usize) -> [ &_29 <- _ret' ] s1) + [ s0 = UInt64.sub {door} {[%#s100doors12] (1 : UInt64.t)} (fun (_ret':UInt64.t) -> [ &_29 <- _ret' ] s1) | s1 = index'0 {door_open} {_29} (fun (_ret':bool) -> [ &_27 <- _ret' ] s2) | s2 = bb18 ] @@ -451,14 +457,14 @@ module M_100doors__f [#"100doors.rs" 18 0 18 10] [ &_32 <- _ret' ] [ &door_open <- _ret'.final ] s1) - | s1 = UIntSize.sub {door} {[%#s100doors13] (1 : usize)} (fun (_ret':usize) -> [ &_33 <- _ret' ] s2) + | s1 = UInt64.sub {door} {[%#s100doors13] (1 : UInt64.t)} (fun (_ret':UInt64.t) -> [ &_33 <- _ret' ] s2) | s2 = index_mut'0 {_32} {_33} (fun (_ret':borrowed bool) -> [ &_31 <- _ret' ] s3) | s3 = bb19 ] | bb19 = s0 [ s0 = [ &_31 <- { _31 with current = (not _27) ; } ] s1 | s1 = -{resolve'1 _31}- s2 - | s2 = UIntSize.add {door} {pass} (fun (_ret':usize) -> [ &door <- _ret' ] s3) + | s2 = UInt64.add {door} {pass} (fun (_ret':UInt64.t) -> [ &door <- _ret' ] s3) | s3 = bb15 ] ] ] @@ -471,22 +477,22 @@ module M_100doors__f [#"100doors.rs" 18 0 18 10] ) [ & _0 : () = any_l () | & door_open : Vec'0.t_Vec bool (Global'0.t_Global) = any_l () - | & iter : Range'0.t_Range usize = any_l () - | & _3 : Range'0.t_Range usize = any_l () - | & iter_old : Snapshot.snap_ty (Range'0.t_Range usize) = any_l () - | & produced : Snapshot.snap_ty (Seq.seq usize) = any_l () - | & _13 : Option'0.t_Option usize = any_l () - | & _14 : borrowed (Range'0.t_Range usize) = any_l () - | & _15 : borrowed (Range'0.t_Range usize) = any_l () - | & __creusot_proc_iter_elem : usize = any_l () - | & _18 : Snapshot.snap_ty (Seq.seq usize) = any_l () - | & pass : usize = any_l () - | & door : usize = any_l () + | & iter : Range'0.t_Range UInt64.t = any_l () + | & _3 : Range'0.t_Range UInt64.t = any_l () + | & iter_old : Snapshot.snap_ty (Range'0.t_Range UInt64.t) = any_l () + | & produced : Snapshot.snap_ty (Seq.seq UInt64.t) = any_l () + | & _13 : Option'0.t_Option UInt64.t = any_l () + | & _14 : borrowed (Range'0.t_Range UInt64.t) = any_l () + | & _15 : borrowed (Range'0.t_Range UInt64.t) = any_l () + | & __creusot_proc_iter_elem : UInt64.t = any_l () + | & _18 : Snapshot.snap_ty (Seq.seq UInt64.t) = any_l () + | & pass : UInt64.t = any_l () + | & door : UInt64.t = any_l () | & _24 : bool = any_l () | & _27 : bool = any_l () - | & _29 : usize = any_l () + | & _29 : UInt64.t = any_l () | & _31 : borrowed bool = any_l () | & _32 : borrowed (Vec'0.t_Vec bool (Global'0.t_Global)) = any_l () - | & _33 : usize = any_l () ] + | & _33 : UInt64.t = any_l () ] [ return' (result:())-> (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/all_zero.coma b/creusot/tests/should_succeed/all_zero.coma index 761ebf78f0..313bd50028 100644 --- a/creusot/tests/should_succeed/all_zero.coma +++ b/creusot/tests/should_succeed/all_zero.coma @@ -4,12 +4,12 @@ module T_all_zero__List [#"all_zero.rs" 5 0 5 13] use prelude.prelude.Int type t_List = - | C_Cons uint32 (t_List) + | C_Cons UInt32.t (t_List) | C_Nil - let rec v_Cons (input:t_List) (ret (field_0:uint32) (field_1:t_List))= any - [ good (field_0:uint32) (field_1:t_List)-> {C_Cons field_0 field_1 = input} (! ret {field_0} {field_1}) - | bad -> {forall field_0 : uint32, field_1 : t_List [C_Cons field_0 field_1 : t_List] . C_Cons field_0 field_1 + let rec v_Cons (input:t_List) (ret (field_0:UInt32.t) (field_1:t_List))= any + [ good (field_0:UInt32.t) (field_1:t_List)-> {C_Cons field_0 field_1 = input} (! ret {field_0} {field_1}) + | bad -> {forall field_0 : UInt32.t, field_1 : t_List [C_Cons field_0 field_1 : t_List] . C_Cons field_0 field_1 <> input} (! {false} any) ] @@ -67,26 +67,34 @@ module M_all_zero__all_zero [#"all_zero.rs" 34 0 34 29] use prelude.prelude.Int - predicate resolve'3 (self : borrowed uint32) = + predicate resolve'3 (self : borrowed UInt32.t) = [%#sresolve7] self.final = self.current - predicate resolve'0 (_1 : borrowed uint32) = + predicate resolve'0 (_1 : borrowed UInt32.t) = resolve'3 _1 use prelude.prelude.Snapshot use T_core__option__Option as Option'0 - function get'0 [#"all_zero.rs" 21 4 21 40] (self : List'0.t_List) (ix : int) : Option'0.t_Option uint32 = + use prelude.prelude.Int128.to_int + + use prelude.prelude.Int128 + + function get'0 [#"all_zero.rs" 21 4 21 40] (self : List'0.t_List) (ix : int) : Option'0.t_Option UInt32.t = [%#sall_zero6] match self with - | List'0.C_Cons x ls -> if ix = 0 then Option'0.C_Some x else get'0 ls (ix - 1) + | List'0.C_Cons x ls -> if ix = Int128.to_int (0 : Int128.t) then + Option'0.C_Some x + else + get'0 ls (ix - Int128.to_int (1 : Int128.t)) + | List'0.C_Nil -> Option'0.C_None end function len'0 [#"all_zero.rs" 13 4 13 23] (self : List'0.t_List) : int = [%#sall_zero5] match self with - | List'0.C_Cons _ ls -> 1 + len'0 ls - | List'0.C_Nil -> 0 + | List'0.C_Cons _ ls -> Int128.to_int (1 : Int128.t) + len'0 ls + | List'0.C_Nil -> Int128.to_int (0 : Int128.t) end use prelude.prelude.Snapshot @@ -99,32 +107,32 @@ module M_all_zero__all_zero [#"all_zero.rs" 34 0 34 29] | bb2 = bb2 [ bb2 = {[@expl:loop invariant] [%#sall_zero1] len'0 loop_l.final = len'0 loop_l.current -> len'0 (Snapshot.inner old_l).final = len'0 (Snapshot.inner old_l).current} - {[@expl:loop invariant] [%#sall_zero1] (forall i : int . 0 <= i /\ i < len'0 loop_l.current - -> get'0 loop_l.final i = Option'0.C_Some (0 : uint32)) - -> (forall i : int . 0 <= i /\ i < len'0 (Snapshot.inner old_l).current - -> get'0 (Snapshot.inner old_l).final i = Option'0.C_Some (0 : uint32))} + {[@expl:loop invariant] [%#sall_zero1] (forall i : int . Int128.to_int (0 : Int128.t) <= i + /\ i < len'0 loop_l.current -> get'0 loop_l.final i = Option'0.C_Some (0 : UInt32.t)) + -> (forall i : int . Int128.to_int (0 : Int128.t) <= i /\ i < len'0 (Snapshot.inner old_l).current + -> get'0 (Snapshot.inner old_l).final i = Option'0.C_Some (0 : UInt32.t))} (! s0) [ s0 = bb3 ] [ bb3 = any - [ br0 (a:uint32) (b:List'0.t_List)-> {loop_l.current = List'0.C_Cons a b} (! bb4) + [ br0 (a:UInt32.t) (b:List'0.t_List)-> {loop_l.current = List'0.C_Cons a b} (! bb4) | br1 -> {loop_l.current = List'0.C_Nil } (! bb6) ] | bb4 = bb5 | bb5 = s0 [ s0 = List'0.v_Cons {loop_l.current} - (fun (r0'0:uint32) (r1'0:List'0.t_List) -> - Borrow.borrow_final {r0'0} {Borrow.inherit_id (Borrow.get_id loop_l) 1} - (fun (_ret':borrowed uint32) -> + (fun (r0'0:UInt32.t) (r1'0:List'0.t_List) -> + Borrow.borrow_final {r0'0} {Borrow.inherit_id (Borrow.get_id loop_l) 1} + (fun (_ret':borrowed UInt32.t) -> [ &value <- _ret' ] [ &loop_l <- { loop_l with current = List'0.C_Cons _ret'.final r1'0 ; } ] s1)) | s1 = List'0.v_Cons {loop_l.current} - (fun (r0'1:uint32) (r1'1:List'0.t_List) -> + (fun (r0'1:UInt32.t) (r1'1:List'0.t_List) -> Borrow.borrow_final {r1'1} {Borrow.inherit_id (Borrow.get_id loop_l) 2} (fun (_ret':borrowed (List'0.t_List)) -> [ &next <- _ret' ] [ &loop_l <- { loop_l with current = List'0.C_Cons r0'1 _ret'.final ; } ] s2)) - | s2 = [ &value <- { value with current = ([%#sall_zero2] (0 : uint32)) ; } ] s3 + | s2 = [ &value <- { value with current = ([%#sall_zero2] (0 : UInt32.t)) ; } ] s3 | s3 = -{resolve'0 value}- s4 | s4 = Borrow.borrow_final {next.current} {Borrow.get_id next} (fun (_ret':borrowed (List'0.t_List)) -> @@ -144,13 +152,13 @@ module M_all_zero__all_zero [#"all_zero.rs" 34 0 34 29] | & l : borrowed (List'0.t_List) = l | & old_l : Snapshot.snap_ty (borrowed (List'0.t_List)) = any_l () | & loop_l : borrowed (List'0.t_List) = any_l () - | & value : borrowed uint32 = any_l () + | & value : borrowed UInt32.t = any_l () | & next : borrowed (List'0.t_List) = any_l () | & _13 : borrowed (List'0.t_List) = any_l () ] [ return' (result:())-> {[@expl:postcondition] [%#sall_zero4] len'0 l.current = len'0 l.final} - {[@expl:postcondition] [%#sall_zero3] forall i : int . 0 <= i /\ i < len'0 l.current - -> get'0 l.final i = Option'0.C_Some (0 : uint32)} + {[@expl:postcondition] [%#sall_zero3] forall i : int . Int128.to_int (0 : Int128.t) <= i /\ i < len'0 l.current + -> get'0 l.final i = Option'0.C_Some (0 : UInt32.t)} (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/bdd.coma b/creusot/tests/should_succeed/bdd.coma index 647b64e4a0..805e71cee6 100644 --- a/creusot/tests/should_succeed/bdd.coma +++ b/creusot/tests/should_succeed/bdd.coma @@ -25,14 +25,14 @@ module M_bdd__hashmap__qyi11648407051195780326__hash [#"bdd.rs" 80 8 80 29] (* < let%span sbdd2 = "bdd.rs" 79 18 79 62 let%span sbdd3 = "bdd.rs" 35 17 35 21 let%span sbdd4 = "bdd.rs" 34 18 34 62 - let%span snum5 = "../../../creusot-contracts/src/std/num.rs" 141 20 141 93 - let%span snum6 = "../../../creusot-contracts/src/std/num.rs" 144 16 147 18 - let%span snum7 = "../../../creusot-contracts/src/std/num.rs" 151 16 155 18 - let%span snum8 = "../../../creusot-contracts/src/std/num.rs" 156 16 160 18 - let%span snum9 = "../../../creusot-contracts/src/std/num.rs" 141 20 141 93 - let%span snum10 = "../../../creusot-contracts/src/std/num.rs" 144 16 147 18 - let%span snum11 = "../../../creusot-contracts/src/std/num.rs" 151 16 155 18 - let%span snum12 = "../../../creusot-contracts/src/std/num.rs" 156 16 160 18 + let%span snum5 = "../../../creusot-contracts/src/std/num.rs" 143 20 143 93 + let%span snum6 = "../../../creusot-contracts/src/std/num.rs" 146 16 149 18 + let%span snum7 = "../../../creusot-contracts/src/std/num.rs" 153 16 157 18 + let%span snum8 = "../../../creusot-contracts/src/std/num.rs" 158 16 162 18 + let%span snum9 = "../../../creusot-contracts/src/std/num.rs" 143 20 143 93 + let%span snum10 = "../../../creusot-contracts/src/std/num.rs" 146 16 149 18 + let%span snum11 = "../../../creusot-contracts/src/std/num.rs" 153 16 157 18 + let%span snum12 = "../../../creusot-contracts/src/std/num.rs" 158 16 162 18 let%span smodel13 = "../../../creusot-contracts/src/model.rs" 82 8 82 28 let%span sbdd14 = "bdd.rs" 87 24 87 84 let%span stuples15 = "../../../creusot-contracts/src/std/tuples.rs" 29 28 29 57 @@ -69,13 +69,17 @@ module M_bdd__hashmap__qyi11648407051195780326__hash [#"bdd.rs" 80 8 80 29] (* < axiom inv_axiom'0 [@rewrite] : forall x : (u, v) [inv'0 x] . inv'0 x = invariant'0 x - use prelude.prelude.UInt64 + use prelude.prelude.UInt64.to_uint use prelude.prelude.UInt64 use prelude.prelude.Int - constant v_MAX'0 : uint64 = (18446744073709551615 : uint64) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) + + use prelude.prelude.Int128.to_int + + use prelude.prelude.Int128 type t_DeepModelTy'1 @@ -87,7 +91,8 @@ module M_bdd__hashmap__qyi11648407051195780326__hash [#"bdd.rs" 80 8 80 29] (* < function hash_log'0 [#"bdd.rs" 86 8 86 48] (x : (t_DeepModelTy'0, t_DeepModelTy'1)) : int = [%#sbdd14] mod (hash_log'1 (let (a, _) = x in a) - + hash_log'2 (let (_, a) = x in a) * 17) (UInt64.to_int (v_MAX'0 : uint64) + 1) + + hash_log'2 (let (_, a) = x in a) * Int128.to_int (17 : Int128.t)) (UInt64.to_int (v_MAX'0 : UInt64.t) + + Int128.to_int (1 : Int128.t)) function deep_model'5 (self : v) : t_DeepModelTy'1 @@ -101,95 +106,99 @@ module M_bdd__hashmap__qyi11648407051195780326__hash [#"bdd.rs" 80 8 80 29] (* < use prelude.prelude.Intrinsic - constant v_MIN'0 : uint64 = (0 : uint64) + constant v_MIN'0 : UInt64.t = (0 : UInt64.t) use int.EuclideanDivision use int.Power - use prelude.prelude.UInt32 + use prelude.prelude.UInt32.to_uint use prelude.prelude.UInt32 - constant v_BITS'0 : uint32 = (64 : uint32) + constant v_BITS'0 : UInt32.t = (64 : UInt32.t) - let rec wrapping_add'0 (self:uint64) (rhs:uint64) (return' (ret:uint64))= any - [ return' (result:uint64)-> {[%#snum12] UInt64.to_int self + UInt64.to_int rhs > UInt64.to_int (v_MAX'0 : uint64) - -> (exists k : int . k > 0 + let rec wrapping_add'0 (self:UInt64.t) (rhs:UInt64.t) (return' (ret:UInt64.t))= any + [ return' (result:UInt64.t)-> {[%#snum12] UInt64.to_int self + UInt64.to_int rhs + > UInt64.to_int (v_MAX'0 : UInt64.t) + -> (exists k : int . k > Int128.to_int (0 : Int128.t) /\ UInt64.to_int result = UInt64.to_int self + UInt64.to_int rhs - - k * (UInt64.to_int (v_MAX'0 : uint64) - UInt64.to_int (v_MIN'0 : uint64) + 1))} - {[%#snum11] UInt64.to_int self + UInt64.to_int rhs < UInt64.to_int (v_MIN'0 : uint64) - -> (exists k : int . k > 0 + - k * (UInt64.to_int (v_MAX'0 : UInt64.t) - UInt64.to_int (v_MIN'0 : UInt64.t) + Int128.to_int (1 : Int128.t)))} + {[%#snum11] UInt64.to_int self + UInt64.to_int rhs < UInt64.to_int (v_MIN'0 : UInt64.t) + -> (exists k : int . k > Int128.to_int (0 : Int128.t) /\ UInt64.to_int result = UInt64.to_int self + UInt64.to_int rhs - + k * (UInt64.to_int (v_MAX'0 : uint64) - UInt64.to_int (v_MIN'0 : uint64) + 1))} - {[%#snum10] UInt64.to_int self + UInt64.to_int rhs >= UInt64.to_int (v_MIN'0 : uint64) - /\ UInt64.to_int self + UInt64.to_int rhs <= UInt64.to_int (v_MAX'0 : uint64) + + k * (UInt64.to_int (v_MAX'0 : UInt64.t) - UInt64.to_int (v_MIN'0 : UInt64.t) + Int128.to_int (1 : Int128.t)))} + {[%#snum10] UInt64.to_int self + UInt64.to_int rhs >= UInt64.to_int (v_MIN'0 : UInt64.t) + /\ UInt64.to_int self + UInt64.to_int rhs <= UInt64.to_int (v_MAX'0 : UInt64.t) -> UInt64.to_int result = UInt64.to_int self + UInt64.to_int rhs} {[%#snum9] UInt64.to_int result = EuclideanDivision.mod (UInt64.to_int self - + UInt64.to_int rhs) (Power.power 2 (UInt32.to_int (v_BITS'0 : uint32))) - + UInt64.to_int (v_MIN'0 : uint64)} + + UInt64.to_int rhs) (Power.power (Int128.to_int (2 : Int128.t)) (UInt32.to_int (v_BITS'0 : UInt32.t))) + + UInt64.to_int (v_MIN'0 : UInt64.t)} (! return' {result}) ] - let rec wrapping_mul'0 (self:uint64) (rhs:uint64) (return' (ret:uint64))= any - [ return' (result:uint64)-> {[%#snum8] UInt64.to_int self * UInt64.to_int rhs > UInt64.to_int (v_MAX'0 : uint64) - -> (exists k : int . k > 0 + let rec wrapping_mul'0 (self:UInt64.t) (rhs:UInt64.t) (return' (ret:UInt64.t))= any + [ return' (result:UInt64.t)-> {[%#snum8] UInt64.to_int self * UInt64.to_int rhs > UInt64.to_int (v_MAX'0 : UInt64.t) + -> (exists k : int . k > Int128.to_int (0 : Int128.t) /\ UInt64.to_int result = UInt64.to_int self * UInt64.to_int rhs - - k * (UInt64.to_int (v_MAX'0 : uint64) - UInt64.to_int (v_MIN'0 : uint64) + 1))} - {[%#snum7] UInt64.to_int self * UInt64.to_int rhs < UInt64.to_int (v_MIN'0 : uint64) - -> (exists k : int . k > 0 + - k * (UInt64.to_int (v_MAX'0 : UInt64.t) - UInt64.to_int (v_MIN'0 : UInt64.t) + Int128.to_int (1 : Int128.t)))} + {[%#snum7] UInt64.to_int self * UInt64.to_int rhs < UInt64.to_int (v_MIN'0 : UInt64.t) + -> (exists k : int . k > Int128.to_int (0 : Int128.t) /\ UInt64.to_int result = UInt64.to_int self * UInt64.to_int rhs - + k * (UInt64.to_int (v_MAX'0 : uint64) - UInt64.to_int (v_MIN'0 : uint64) + 1))} - {[%#snum6] UInt64.to_int self * UInt64.to_int rhs >= UInt64.to_int (v_MIN'0 : uint64) - /\ UInt64.to_int self * UInt64.to_int rhs <= UInt64.to_int (v_MAX'0 : uint64) + + k * (UInt64.to_int (v_MAX'0 : UInt64.t) - UInt64.to_int (v_MIN'0 : UInt64.t) + Int128.to_int (1 : Int128.t)))} + {[%#snum6] UInt64.to_int self * UInt64.to_int rhs >= UInt64.to_int (v_MIN'0 : UInt64.t) + /\ UInt64.to_int self * UInt64.to_int rhs <= UInt64.to_int (v_MAX'0 : UInt64.t) -> UInt64.to_int result = UInt64.to_int self * UInt64.to_int rhs} {[%#snum5] UInt64.to_int result = EuclideanDivision.mod (UInt64.to_int self - * UInt64.to_int rhs) (Power.power 2 (UInt32.to_int (v_BITS'0 : uint32))) - + UInt64.to_int (v_MIN'0 : uint64)} + * UInt64.to_int rhs) (Power.power (Int128.to_int (2 : Int128.t)) (UInt32.to_int (v_BITS'0 : UInt32.t))) + + UInt64.to_int (v_MIN'0 : UInt64.t)} (! return' {result}) ] function deep_model'2 (self : v) : t_DeepModelTy'1 = [%#smodel13] deep_model'5 self - let rec hash'1 (self:v) (return' (ret:uint64))= {[@expl:precondition] [%#sbdd3] inv'2 self} + let rec hash'1 (self:v) (return' (ret:UInt64.t))= {[@expl:precondition] [%#sbdd3] inv'2 self} any - [ return' (result:uint64)-> {[%#sbdd4] UInt64.to_int result = hash_log'2 (deep_model'2 self)} (! return' {result}) ] + [ return' (result:UInt64.t)-> {[%#sbdd4] UInt64.to_int result = hash_log'2 (deep_model'2 self)} + (! return' {result}) ] function deep_model'1 (self : u) : t_DeepModelTy'0 = [%#smodel13] deep_model'4 self - let rec hash'0 (self:u) (return' (ret:uint64))= {[@expl:precondition] [%#sbdd3] inv'1 self} + let rec hash'0 (self:u) (return' (ret:UInt64.t))= {[@expl:precondition] [%#sbdd3] inv'1 self} any - [ return' (result:uint64)-> {[%#sbdd4] UInt64.to_int result = hash_log'1 (deep_model'1 self)} (! return' {result}) ] + [ return' (result:UInt64.t)-> {[%#sbdd4] UInt64.to_int result = hash_log'1 (deep_model'1 self)} + (! return' {result}) ] meta "compute_max_steps" 1000000 - let rec hash (self:(u, v)) (return' (ret:uint64))= {[%#sbdd1] inv'0 self} + let rec hash (self:(u, v)) (return' (ret:UInt64.t))= {[%#sbdd1] inv'0 self} (! bb0 - [ bb0 = s0 [ s0 = hash'0 {let (r'0, _) = self in r'0} (fun (_ret':uint64) -> [ &_3 <- _ret' ] s1) | s1 = bb1 ] - | bb1 = s0 [ s0 = hash'1 {let (_, r'0) = self in r'0} (fun (_ret':uint64) -> [ &_6 <- _ret' ] s1) | s1 = bb2 ] + [ bb0 = s0 [ s0 = hash'0 {let (r'0, _) = self in r'0} (fun (_ret':UInt64.t) -> [ &_3 <- _ret' ] s1) | s1 = bb1 ] + | bb1 = s0 [ s0 = hash'1 {let (_, r'0) = self in r'0} (fun (_ret':UInt64.t) -> [ &_6 <- _ret' ] s1) | s1 = bb2 ] | bb2 = s0 - [ s0 = wrapping_mul'0 {_6} {[%#sbdd0] (17 : uint64)} (fun (_ret':uint64) -> [ &_5 <- _ret' ] s1) | s1 = bb3 ] + [ s0 = wrapping_mul'0 {_6} {[%#sbdd0] (17 : UInt64.t)} (fun (_ret':UInt64.t) -> [ &_5 <- _ret' ] s1) | s1 = bb3 ] - | bb3 = s0 [ s0 = wrapping_add'0 {_3} {_5} (fun (_ret':uint64) -> [ &_0 <- _ret' ] s1) | s1 = bb4 ] + | bb3 = s0 [ s0 = wrapping_add'0 {_3} {_5} (fun (_ret':UInt64.t) -> [ &_0 <- _ret' ] s1) | s1 = bb4 ] | bb4 = return' {_0} ] ) - [ & _0 : uint64 = any_l () + [ & _0 : UInt64.t = any_l () | & self : (u, v) = self - | & _3 : uint64 = any_l () - | & _5 : uint64 = any_l () - | & _6 : uint64 = any_l () ] + | & _3 : UInt64.t = any_l () + | & _5 : UInt64.t = any_l () + | & _6 : UInt64.t = any_l () ] - [ return' (result:uint64)-> {[@expl:postcondition] [%#sbdd2] UInt64.to_int result = hash_log'0 (deep_model'0 self)} + [ return' (result:UInt64.t)-> {[@expl:postcondition] [%#sbdd2] UInt64.to_int result + = hash_log'0 (deep_model'0 self)} (! return' {result}) ] end @@ -201,14 +210,14 @@ module T_bdd__Bdd [#"bdd.rs" 109 0 109 22] use prelude.prelude.Borrow type t_Bdd = - | C_Bdd (t_Node) uint64 + | C_Bdd (t_Node) UInt64.t with t_Node = | C_False | C_True - | C_If uint64 (t_Bdd) (t_Bdd) + | C_If UInt64.t (t_Bdd) (t_Bdd) - let rec t_Bdd (input:t_Bdd) (ret (field_0:t_Node) (field_1:uint64))= any - [ good (field_0:t_Node) (field_1:uint64)-> {C_Bdd field_0 field_1 = input} (! ret {field_0} {field_1}) ] + let rec t_Bdd (input:t_Bdd) (ret (field_0:t_Node) (field_1:UInt64.t))= any + [ good (field_0:t_Node) (field_1:UInt64.t)-> {C_Bdd field_0 field_1 = input} (! ret {field_0} {field_1}) ] let rec v_False (input:t_Node) (ret )= any @@ -219,15 +228,15 @@ module T_bdd__Bdd [#"bdd.rs" 109 0 109 22] [ good -> {C_True = input} (! ret) | bad -> {C_True <> input} (! {false} any) ] - let rec v_If (input:t_Node) (ret (v:uint64) (childt:t_Bdd) (childf:t_Bdd))= any - [ good (v:uint64) (childt:t_Bdd) (childf:t_Bdd)-> {C_If v childt childf = input} (! ret {v} {childt} {childf}) - | bad -> {forall v : uint64, childt : t_Bdd, childf : t_Bdd [C_If v childt childf : t_Node] . C_If v childt childf + let rec v_If (input:t_Node) (ret (v:UInt64.t) (childt:t_Bdd) (childf:t_Bdd))= any + [ good (v:UInt64.t) (childt:t_Bdd) (childf:t_Bdd)-> {C_If v childt childf = input} (! ret {v} {childt} {childf}) + | bad -> {forall v : UInt64.t, childt : t_Bdd, childf : t_Bdd [C_If v childt childf : t_Node] . C_If v childt childf <> input} (! {false} any) ] - function t_Bdd__1 (self : t_Bdd) : uint64 = + function t_Bdd__1 (self : t_Bdd) : UInt64.t = match self with | C_Bdd _ a -> a end @@ -261,7 +270,7 @@ module T_bdd__NodeLog [#"bdd.rs" 102 0 102 12] type t_NodeLog = | C_False | C_True - | C_If uint64 uint64 uint64 + | C_If UInt64.t UInt64.t UInt64.t let rec v_False (input:t_NodeLog) (ret )= any [ good -> {C_False = input} (! ret) | bad -> {C_False <> input} (! {false} any) ] @@ -271,9 +280,10 @@ module T_bdd__NodeLog [#"bdd.rs" 102 0 102 12] [ good -> {C_True = input} (! ret) | bad -> {C_True <> input} (! {false} any) ] - let rec v_If (input:t_NodeLog) (ret (v:uint64) (childt:uint64) (childf:uint64))= any - [ good (v:uint64) (childt:uint64) (childf:uint64)-> {C_If v childt childf = input} (! ret {v} {childt} {childf}) - | bad -> {forall v : uint64, childt : uint64, childf : uint64 [C_If v childt childf : t_NodeLog] . C_If v childt childf + let rec v_If (input:t_NodeLog) (ret (v:UInt64.t) (childt:UInt64.t) (childf:UInt64.t))= any + [ good (v:UInt64.t) (childt:UInt64.t) (childf:UInt64.t)-> {C_If v childt childf = input} + (! ret {v} {childt} {childf}) + | bad -> {forall v : UInt64.t, childt : UInt64.t, childf : UInt64.t [C_If v childt childf : t_NodeLog] . C_If v childt childf <> input} (! {false} any) ] @@ -314,27 +324,27 @@ module M_bdd__qyi4854841669736991510__eq [#"bdd.rs" 94 13 94 22] (* {[%#scmp2] result = (deep_model'1 self = deep_model'1 other)} (! return' {result}) ] use T_bdd__Bdd as Bdd'0 - function deep_model'4 [#"bdd.rs" 189 4 189 44] (self : Bdd'0.t_Bdd) : uint64 = + function deep_model'4 [#"bdd.rs" 189 4 189 44] (self : Bdd'0.t_Bdd) : UInt64.t = [%#sbdd8] T_bdd__Bdd.t_Bdd__1 self - function view'1 [#"bdd.rs" 199 4 199 33] (self : Bdd'0.t_Bdd) : uint64 = + function view'1 [#"bdd.rs" 199 4 199 33] (self : Bdd'0.t_Bdd) : UInt64.t = [%#sbdd6] deep_model'4 self - function view'0 (self : Bdd'0.t_Bdd) : uint64 = + function view'0 (self : Bdd'0.t_Bdd) : UInt64.t = [%#smodel4] view'1 self let rec eq'0 (self:Bdd'0.t_Bdd) (o:Bdd'0.t_Bdd) (return' (ret:bool))= any @@ -349,29 +359,29 @@ module M_bdd__qyi4854841669736991510__eq [#"bdd.rs" 94 13 94 22] (* {(let (r'0, _) = _4 in r'0) = Node'0.C_False } (! bb2) | br1 -> {(let (r'0, _) = _4 in r'0) = Node'0.C_True } (! bb4) - | br2 (a:uint64) (b:Bdd'0.t_Bdd) (c:Bdd'0.t_Bdd)-> {(let (r'0, _) = _4 in r'0) = Node'0.C_If a b c} (! bb6) ] + | br2 (a:UInt64.t) (b:Bdd'0.t_Bdd) (c:Bdd'0.t_Bdd)-> {(let (r'0, _) = _4 in r'0) = Node'0.C_If a b c} (! bb6) ] ] | bb6 = any [ br0 -> {(let (_, r'0) = _4 in r'0) = Node'0.C_False } (! bb25) | br1 -> {(let (_, r'0) = _4 in r'0) = Node'0.C_True } (! bb25) - | br2 (a:uint64) (b:Bdd'0.t_Bdd) (c:Bdd'0.t_Bdd)-> {(let (_, r'0) = _4 in r'0) = Node'0.C_If a b c} (! bb7) ] + | br2 (a:UInt64.t) (b:Bdd'0.t_Bdd) (c:Bdd'0.t_Bdd)-> {(let (_, r'0) = _4 in r'0) = Node'0.C_If a b c} (! bb7) ] | bb25 = bb1 | bb7 = bb10 | bb10 = s0 [ s0 = Node'0.v_If {let (r'0, _) = _4 in r'0} - (fun (rv'0:uint64) (rchildt'0:Bdd'0.t_Bdd) (rchildf'0:Bdd'0.t_Bdd) -> [ &v_1 <- rv'0 ] s1) + (fun (rv'0:UInt64.t) (rchildt'0:Bdd'0.t_Bdd) (rchildf'0:Bdd'0.t_Bdd) -> [ &v_1 <- rv'0 ] s1) | s1 = Node'0.v_If {let (r'1, _) = _4 in r'1} - (fun (rv'1:uint64) (rchildt'1:Bdd'0.t_Bdd) (rchildf'1:Bdd'0.t_Bdd) -> [ &childt_1 <- rchildt'1 ] s2) + (fun (rv'1:UInt64.t) (rchildt'1:Bdd'0.t_Bdd) (rchildf'1:Bdd'0.t_Bdd) -> [ &childt_1 <- rchildt'1 ] s2) | s2 = Node'0.v_If {let (r'2, _) = _4 in r'2} - (fun (rv'2:uint64) (rchildt'2:Bdd'0.t_Bdd) (rchildf'2:Bdd'0.t_Bdd) -> [ &childf_1 <- rchildf'2 ] s3) + (fun (rv'2:UInt64.t) (rchildt'2:Bdd'0.t_Bdd) (rchildf'2:Bdd'0.t_Bdd) -> [ &childf_1 <- rchildf'2 ] s3) | s3 = Node'0.v_If {let (_, r'3) = _4 in r'3} - (fun (rv'3:uint64) (rchildt'3:Bdd'0.t_Bdd) (rchildf'3:Bdd'0.t_Bdd) -> [ &v_2 <- rv'3 ] s4) + (fun (rv'3:UInt64.t) (rchildt'3:Bdd'0.t_Bdd) (rchildf'3:Bdd'0.t_Bdd) -> [ &v_2 <- rv'3 ] s4) | s4 = Node'0.v_If {let (_, r'4) = _4 in r'4} - (fun (rv'4:uint64) (rchildt'4:Bdd'0.t_Bdd) (rchildf'4:Bdd'0.t_Bdd) -> [ &childt_2 <- rchildt'4 ] s5) + (fun (rv'4:UInt64.t) (rchildt'4:Bdd'0.t_Bdd) (rchildf'4:Bdd'0.t_Bdd) -> [ &childt_2 <- rchildt'4 ] s5) | s5 = Node'0.v_If {let (_, r'5) = _4 in r'5} - (fun (rv'5:uint64) (rchildt'5:Bdd'0.t_Bdd) (rchildf'5:Bdd'0.t_Bdd) -> [ &childf_2 <- rchildf'5 ] s6) + (fun (rv'5:UInt64.t) (rchildt'5:Bdd'0.t_Bdd) (rchildf'5:Bdd'0.t_Bdd) -> [ &childf_2 <- rchildf'5 ] s6) | s6 = eq'0 {childf_1} {childf_2} (fun (_ret':bool) -> [ &_17 <- _ret' ] s7) | s7 = bb11 ] @@ -389,14 +399,14 @@ module M_bdd__qyi4854841669736991510__eq [#"bdd.rs" 94 13 94 22] (* {(let (_, r'0) = _4 in r'0) = Node'0.C_False } (! bb1) | br1 -> {(let (_, r'0) = _4 in r'0) = Node'0.C_True } (! bb5) - | br2 (a:uint64) (b:Bdd'0.t_Bdd) (c:Bdd'0.t_Bdd)-> {(let (_, r'0) = _4 in r'0) = Node'0.C_If a b c} (! bb1) ] + | br2 (a:UInt64.t) (b:Bdd'0.t_Bdd) (c:Bdd'0.t_Bdd)-> {(let (_, r'0) = _4 in r'0) = Node'0.C_If a b c} (! bb1) ] | bb5 = bb9 | bb9 = s0 [ s0 = [ &_0 <- [%#sbdd0] true ] s1 | s1 = bb22 ] | bb2 = any [ br0 -> {(let (_, r'0) = _4 in r'0) = Node'0.C_False } (! bb3) | br1 -> {(let (_, r'0) = _4 in r'0) = Node'0.C_True } (! bb1) - | br2 (a:uint64) (b:Bdd'0.t_Bdd) (c:Bdd'0.t_Bdd)-> {(let (_, r'0) = _4 in r'0) = Node'0.C_If a b c} (! bb1) ] + | br2 (a:UInt64.t) (b:Bdd'0.t_Bdd) (c:Bdd'0.t_Bdd)-> {(let (_, r'0) = _4 in r'0) = Node'0.C_If a b c} (! bb1) ] | bb1 = s0 [ s0 = [ &_0 <- [%#sbdd0] false ] s1 | s1 = bb22 ] | bb3 = bb8 @@ -407,10 +417,10 @@ module M_bdd__qyi4854841669736991510__eq [#"bdd.rs" 94 13 94 22] (* {[%#sclone1] result = self} (! return' {result}) ] + let rec clone'0 (self:UInt64.t) (return' (ret:UInt64.t))= any + [ return' (result:UInt64.t)-> {[%#sclone1] result = self} (! return' {result}) ] use T_bdd__Node as Node'0 @@ -452,17 +462,17 @@ module M_bdd__qyi17981791245757283426__clone [#"bdd.rs" 94 24 94 29] (* {self = Node'0.C_False } (! bb2) | br1 -> {self = Node'0.C_True } (! bb3) - | br2 (a:uint64) (b:Bdd'0.t_Bdd) (c:Bdd'0.t_Bdd)-> {self = Node'0.C_If a b c} (! bb4) ] + | br2 (a:UInt64.t) (b:Bdd'0.t_Bdd) (c:Bdd'0.t_Bdd)-> {self = Node'0.C_If a b c} (! bb4) ] | bb4 = s0 [ s0 = Node'0.v_If {self} - (fun (rv'0:uint64) (rchildt'0:Bdd'0.t_Bdd) (rchildf'0:Bdd'0.t_Bdd) -> [ &v_1 <- rv'0 ] s1) + (fun (rv'0:UInt64.t) (rchildt'0:Bdd'0.t_Bdd) (rchildf'0:Bdd'0.t_Bdd) -> [ &v_1 <- rv'0 ] s1) | s1 = Node'0.v_If {self} - (fun (rv'1:uint64) (rchildt'1:Bdd'0.t_Bdd) (rchildf'1:Bdd'0.t_Bdd) -> [ &childt_1 <- rchildt'1 ] s2) + (fun (rv'1:UInt64.t) (rchildt'1:Bdd'0.t_Bdd) (rchildf'1:Bdd'0.t_Bdd) -> [ &childt_1 <- rchildt'1 ] s2) | s2 = Node'0.v_If {self} - (fun (rv'2:uint64) (rchildt'2:Bdd'0.t_Bdd) (rchildf'2:Bdd'0.t_Bdd) -> [ &childf_1 <- rchildf'2 ] s3) + (fun (rv'2:UInt64.t) (rchildt'2:Bdd'0.t_Bdd) (rchildf'2:Bdd'0.t_Bdd) -> [ &childf_1 <- rchildf'2 ] s3) | s3 = [ &_9 <- v_1 ] s4 - | s4 = clone'0 {_9} (fun (_ret':uint64) -> [ &_7 <- _ret' ] s5) + | s4 = clone'0 {_9} (fun (_ret':UInt64.t) -> [ &_7 <- _ret' ] s5) | s5 = bb7 ] | bb7 = s0 @@ -484,11 +494,11 @@ module M_bdd__qyi17981791245757283426__clone [#"bdd.rs" 94 24 94 29] (* 1 - | NodeLog'0.C_True -> 2 - | NodeLog'0.C_If v childt childf -> mod (UInt64.to_int v + UInt64.to_int childt * 5 - + UInt64.to_int childf * 7) (UInt64.to_int (v_MAX'0 : uint64) + 1) + | NodeLog'0.C_False -> Int128.to_int (1 : Int128.t) + | NodeLog'0.C_True -> Int128.to_int (2 : Int128.t) + | NodeLog'0.C_If v childt childf -> mod (UInt64.to_int v + UInt64.to_int childt * Int128.to_int (5 : Int128.t) + + UInt64.to_int childf * Int128.to_int (7 : Int128.t)) (UInt64.to_int (v_MAX'0 : UInt64.t) + + Int128.to_int (1 : Int128.t)) end use T_bdd__Bdd as T_bdd__Bdd @@ -583,57 +598,58 @@ module M_bdd__qyi699402059438633899__hash [#"bdd.rs" 120 4 120 25] (* {[%#snum12] UInt64.to_int self + UInt64.to_int rhs > UInt64.to_int (v_MAX'0 : uint64) - -> (exists k : int . k > 0 + let rec wrapping_add'0 (self:UInt64.t) (rhs:UInt64.t) (return' (ret:UInt64.t))= any + [ return' (result:UInt64.t)-> {[%#snum12] UInt64.to_int self + UInt64.to_int rhs + > UInt64.to_int (v_MAX'0 : UInt64.t) + -> (exists k : int . k > Int128.to_int (0 : Int128.t) /\ UInt64.to_int result = UInt64.to_int self + UInt64.to_int rhs - - k * (UInt64.to_int (v_MAX'0 : uint64) - UInt64.to_int (v_MIN'0 : uint64) + 1))} - {[%#snum11] UInt64.to_int self + UInt64.to_int rhs < UInt64.to_int (v_MIN'0 : uint64) - -> (exists k : int . k > 0 + - k * (UInt64.to_int (v_MAX'0 : UInt64.t) - UInt64.to_int (v_MIN'0 : UInt64.t) + Int128.to_int (1 : Int128.t)))} + {[%#snum11] UInt64.to_int self + UInt64.to_int rhs < UInt64.to_int (v_MIN'0 : UInt64.t) + -> (exists k : int . k > Int128.to_int (0 : Int128.t) /\ UInt64.to_int result = UInt64.to_int self + UInt64.to_int rhs - + k * (UInt64.to_int (v_MAX'0 : uint64) - UInt64.to_int (v_MIN'0 : uint64) + 1))} - {[%#snum10] UInt64.to_int self + UInt64.to_int rhs >= UInt64.to_int (v_MIN'0 : uint64) - /\ UInt64.to_int self + UInt64.to_int rhs <= UInt64.to_int (v_MAX'0 : uint64) + + k * (UInt64.to_int (v_MAX'0 : UInt64.t) - UInt64.to_int (v_MIN'0 : UInt64.t) + Int128.to_int (1 : Int128.t)))} + {[%#snum10] UInt64.to_int self + UInt64.to_int rhs >= UInt64.to_int (v_MIN'0 : UInt64.t) + /\ UInt64.to_int self + UInt64.to_int rhs <= UInt64.to_int (v_MAX'0 : UInt64.t) -> UInt64.to_int result = UInt64.to_int self + UInt64.to_int rhs} {[%#snum9] UInt64.to_int result = EuclideanDivision.mod (UInt64.to_int self - + UInt64.to_int rhs) (Power.power 2 (UInt32.to_int (v_BITS'0 : uint32))) - + UInt64.to_int (v_MIN'0 : uint64)} + + UInt64.to_int rhs) (Power.power (Int128.to_int (2 : Int128.t)) (UInt32.to_int (v_BITS'0 : UInt32.t))) + + UInt64.to_int (v_MIN'0 : UInt64.t)} (! return' {result}) ] - let rec wrapping_mul'0 (self:uint64) (rhs:uint64) (return' (ret:uint64))= any - [ return' (result:uint64)-> {[%#snum8] UInt64.to_int self * UInt64.to_int rhs > UInt64.to_int (v_MAX'0 : uint64) - -> (exists k : int . k > 0 + let rec wrapping_mul'0 (self:UInt64.t) (rhs:UInt64.t) (return' (ret:UInt64.t))= any + [ return' (result:UInt64.t)-> {[%#snum8] UInt64.to_int self * UInt64.to_int rhs > UInt64.to_int (v_MAX'0 : UInt64.t) + -> (exists k : int . k > Int128.to_int (0 : Int128.t) /\ UInt64.to_int result = UInt64.to_int self * UInt64.to_int rhs - - k * (UInt64.to_int (v_MAX'0 : uint64) - UInt64.to_int (v_MIN'0 : uint64) + 1))} - {[%#snum7] UInt64.to_int self * UInt64.to_int rhs < UInt64.to_int (v_MIN'0 : uint64) - -> (exists k : int . k > 0 + - k * (UInt64.to_int (v_MAX'0 : UInt64.t) - UInt64.to_int (v_MIN'0 : UInt64.t) + Int128.to_int (1 : Int128.t)))} + {[%#snum7] UInt64.to_int self * UInt64.to_int rhs < UInt64.to_int (v_MIN'0 : UInt64.t) + -> (exists k : int . k > Int128.to_int (0 : Int128.t) /\ UInt64.to_int result = UInt64.to_int self * UInt64.to_int rhs - + k * (UInt64.to_int (v_MAX'0 : uint64) - UInt64.to_int (v_MIN'0 : uint64) + 1))} - {[%#snum6] UInt64.to_int self * UInt64.to_int rhs >= UInt64.to_int (v_MIN'0 : uint64) - /\ UInt64.to_int self * UInt64.to_int rhs <= UInt64.to_int (v_MAX'0 : uint64) + + k * (UInt64.to_int (v_MAX'0 : UInt64.t) - UInt64.to_int (v_MIN'0 : UInt64.t) + Int128.to_int (1 : Int128.t)))} + {[%#snum6] UInt64.to_int self * UInt64.to_int rhs >= UInt64.to_int (v_MIN'0 : UInt64.t) + /\ UInt64.to_int self * UInt64.to_int rhs <= UInt64.to_int (v_MAX'0 : UInt64.t) -> UInt64.to_int result = UInt64.to_int self * UInt64.to_int rhs} {[%#snum5] UInt64.to_int result = EuclideanDivision.mod (UInt64.to_int self - * UInt64.to_int rhs) (Power.power 2 (UInt32.to_int (v_BITS'0 : uint32))) - + UInt64.to_int (v_MIN'0 : uint64)} + * UInt64.to_int rhs) (Power.power (Int128.to_int (2 : Int128.t)) (UInt32.to_int (v_BITS'0 : UInt32.t))) + + UInt64.to_int (v_MIN'0 : UInt64.t)} (! return' {result}) ] @@ -641,49 +657,49 @@ module M_bdd__qyi699402059438633899__hash [#"bdd.rs" 120 4 120 25] (* {self = Node'0.C_False } (! bb2) | br1 -> {self = Node'0.C_True } (! bb3) - | br2 (a:uint64) (b:Bdd'0.t_Bdd) (c:Bdd'0.t_Bdd)-> {self = Node'0.C_If a b c} (! bb4) ] + | br2 (a:UInt64.t) (b:Bdd'0.t_Bdd) (c:Bdd'0.t_Bdd)-> {self = Node'0.C_If a b c} (! bb4) ] | bb4 = s0 [ s0 = Node'0.v_If {self} - (fun (rv'0:uint64) (rchildt'0:Bdd'0.t_Bdd) (rchildf'0:Bdd'0.t_Bdd) -> [ &v <- rv'0 ] s1) + (fun (rv'0:UInt64.t) (rchildt'0:Bdd'0.t_Bdd) (rchildf'0:Bdd'0.t_Bdd) -> [ &v <- rv'0 ] s1) | s1 = Node'0.v_If {self} - (fun (rv'1:uint64) (rchildt'1:Bdd'0.t_Bdd) (rchildf'1:Bdd'0.t_Bdd) -> [ &childt <- rchildt'1 ] s2) + (fun (rv'1:UInt64.t) (rchildt'1:Bdd'0.t_Bdd) (rchildf'1:Bdd'0.t_Bdd) -> [ &childt <- rchildt'1 ] s2) | s2 = Node'0.v_If {self} - (fun (rv'2:uint64) (rchildt'2:Bdd'0.t_Bdd) (rchildf'2:Bdd'0.t_Bdd) -> [ &childf <- rchildf'2 ] s3) + (fun (rv'2:UInt64.t) (rchildt'2:Bdd'0.t_Bdd) (rchildf'2:Bdd'0.t_Bdd) -> [ &childf <- rchildf'2 ] s3) | s3 = Bdd'0.t_Bdd {childt} - (fun (r0'0:Node'0.t_Node) (r1'0:uint64) -> - wrapping_mul'0 {r1'0} {[%#sbdd0] (5 : uint64)} (fun (_ret':uint64) -> [ &_9 <- _ret' ] s4)) + (fun (r0'0:Node'0.t_Node) (r1'0:UInt64.t) -> + wrapping_mul'0 {r1'0} {[%#sbdd0] (5 : UInt64.t)} (fun (_ret':UInt64.t) -> [ &_9 <- _ret' ] s4)) | s4 = bb7 ] - | bb7 = s0 [ s0 = wrapping_add'0 {v} {_9} (fun (_ret':uint64) -> [ &_7 <- _ret' ] s1) | s1 = bb8 ] + | bb7 = s0 [ s0 = wrapping_add'0 {v} {_9} (fun (_ret':UInt64.t) -> [ &_7 <- _ret' ] s1) | s1 = bb8 ] | bb8 = s0 [ s0 = Bdd'0.t_Bdd {childf} - (fun (r0'0:Node'0.t_Node) (r1'0:uint64) -> - wrapping_mul'0 {r1'0} {[%#sbdd1] (7 : uint64)} (fun (_ret':uint64) -> [ &_11 <- _ret' ] s1)) + (fun (r0'0:Node'0.t_Node) (r1'0:UInt64.t) -> + wrapping_mul'0 {r1'0} {[%#sbdd1] (7 : UInt64.t)} (fun (_ret':UInt64.t) -> [ &_11 <- _ret' ] s1)) | s1 = bb9 ] - | bb9 = s0 [ s0 = wrapping_add'0 {_7} {_11} (fun (_ret':uint64) -> [ &_0 <- _ret' ] s1) | s1 = bb10 ] + | bb9 = s0 [ s0 = wrapping_add'0 {_7} {_11} (fun (_ret':UInt64.t) -> [ &_0 <- _ret' ] s1) | s1 = bb10 ] | bb10 = bb11 | bb3 = bb6 - | bb6 = s0 [ s0 = [ &_0 <- [%#sbdd2] (2 : uint64) ] s1 | s1 = bb11 ] + | bb6 = s0 [ s0 = [ &_0 <- [%#sbdd2] (2 : UInt64.t) ] s1 | s1 = bb11 ] | bb2 = bb5 - | bb5 = s0 [ s0 = [ &_0 <- [%#sbdd3] (1 : uint64) ] s1 | s1 = bb11 ] + | bb5 = s0 [ s0 = [ &_0 <- [%#sbdd3] (1 : UInt64.t) ] s1 | s1 = bb11 ] | bb11 = return' {_0} ] ) - [ & _0 : uint64 = any_l () + [ & _0 : UInt64.t = any_l () | & self : Node'0.t_Node = self - | & v : uint64 = any_l () + | & v : UInt64.t = any_l () | & childt : Bdd'0.t_Bdd = any_l () | & childf : Bdd'0.t_Bdd = any_l () - | & _7 : uint64 = any_l () - | & _9 : uint64 = any_l () - | & _11 : uint64 = any_l () ] + | & _7 : UInt64.t = any_l () + | & _9 : UInt64.t = any_l () + | & _11 : UInt64.t = any_l () ] - [ return' (result:uint64)-> {[@expl:postcondition] [%#sbdd4] UInt64.to_int result = hash_log'0 (view'0 self)} + [ return' (result:UInt64.t)-> {[@expl:postcondition] [%#sbdd4] UInt64.to_int result = hash_log'0 (view'0 self)} (! return' {result}) ] end @@ -694,28 +710,28 @@ module M_bdd__qyi14323183011761258016__hash [#"bdd.rs" 146 4 146 25] (* [ &_0 <- r1'0 ] s1) | s1 = return' {_0} ] + [ s0 = Bdd'0.t_Bdd {self} (fun (r0'0:Node'0.t_Node) (r1'0:UInt64.t) -> [ &_0 <- r1'0 ] s1) | s1 = return' {_0} ] ] - ) [ & _0 : uint64 = any_l () | & self : Bdd'0.t_Bdd = self ] - [ return' (result:uint64)-> {[@expl:postcondition] [%#sbdd0] UInt64.to_int result = hash_log'0 (view'0 self)} + ) [ & _0 : UInt64.t = any_l () | & self : Bdd'0.t_Bdd = self ] + [ return' (result:UInt64.t)-> {[@expl:postcondition] [%#sbdd0] UInt64.to_int result = hash_log'0 (view'0 self)} (! return' {result}) ] end @@ -747,15 +763,15 @@ module M_bdd__qyi2581120635339165136__eq [#"bdd.rs" 206 4 206 34] (* - Bdd'0.t_Bdd {o} - (fun (r0'1:Node'0.t_Node) (r1'1:uint64) -> - UInt64.eq {r1'0} {r1'1} (fun (_ret':bool) -> [ &_0 <- _ret' ] s1))) + [ s0 = Bdd'0.t_Bdd {o} + (fun (r0'0:Node'0.t_Node) (r1'0:UInt64.t) -> + Bdd'0.t_Bdd {self} + (fun (r0'1:Node'0.t_Node) (r1'1:UInt64.t) -> + UInt64.eq {r1'1} {r1'0} (fun (_ret':bool) -> [ &_0 <- _ret' ] s1))) | s1 = return' {_0} ] ] ) [ & _0 : bool = any_l () | & self : Bdd'0.t_Bdd = self | & o : Bdd'0.t_Bdd = o ] @@ -785,6 +801,10 @@ module M_bdd__qyi13535665294507397779__size [#"bdd.rs" 228 4 228 24] (* Bdd<'are use T_bdd__Bdd as Bdd'0 + use prelude.prelude.Int128.to_int + + use prelude.prelude.Int128 + use prelude.prelude.Int constant self : Bdd'0.t_Bdd @@ -792,10 +812,11 @@ module M_bdd__qyi13535665294507397779__size [#"bdd.rs" 228 4 228 24] (* Bdd<'are function size [#"bdd.rs" 228 4 228 24] (self : Bdd'0.t_Bdd) : int goal vc_size : match self with - | Bdd'0.C_Bdd (Node'0.C_True) _ -> [%#sbdd0] 0 >= 0 - | Bdd'0.C_Bdd (Node'0.C_False) _ -> [%#sbdd0] 0 >= 0 - | Bdd'0.C_Bdd (Node'0.C_If _ childt childf) _ -> ([%#sbdd0] size childt >= 0) - -> (let ht = size childt in ([%#sbdd0] size childf >= 0) -> (let hf = size childf in [%#sbdd0] 1 + ht + hf >= 0)) + | Bdd'0.C_Bdd (Node'0.C_True) _ -> [%#sbdd0] Int128.to_int (0 : Int128.t) >= Int128.to_int (0 : Int128.t) + | Bdd'0.C_Bdd (Node'0.C_False) _ -> [%#sbdd0] Int128.to_int (0 : Int128.t) >= Int128.to_int (0 : Int128.t) + | Bdd'0.C_Bdd (Node'0.C_If _ childt childf) _ -> ([%#sbdd0] size childt >= Int128.to_int (0 : Int128.t)) + -> (let ht = size childt in ([%#sbdd0] size childf >= Int128.to_int (0 : Int128.t)) + -> (let hf = size childf in [%#sbdd0] Int128.to_int (1 : Int128.t) + ht + hf >= Int128.to_int (0 : Int128.t))) end end module T_bdd__bumpalo__Bump [#"bdd.rs" 17 4 17 19] @@ -825,15 +846,15 @@ module T_bdd__Context [#"bdd.rs" 254 0 254 26] use prelude.prelude.Borrow type t_Context = - | C_Context (Bump'0.t_Bump) (MyHashMap'0.t_MyHashMap (Node'0.t_Node) (Bdd'0.t_Bdd)) (Snapshot.snap_ty (Map.map uint64 (Node'0.t_Node))) (MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd) (Bdd'0.t_Bdd)) (MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd, Bdd'0.t_Bdd) (Bdd'0.t_Bdd)) uint64 + | C_Context (Bump'0.t_Bump) (MyHashMap'0.t_MyHashMap (Node'0.t_Node) (Bdd'0.t_Bdd)) (Snapshot.snap_ty (Map.map UInt64.t (Node'0.t_Node))) (MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd) (Bdd'0.t_Bdd)) (MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd, Bdd'0.t_Bdd) (Bdd'0.t_Bdd)) UInt64.t - let rec t_Context (input:t_Context) (ret (alloc:Bump'0.t_Bump) (hashcons:MyHashMap'0.t_MyHashMap (Node'0.t_Node) (Bdd'0.t_Bdd)) (hashcons_ghost:Snapshot.snap_ty (Map.map uint64 (Node'0.t_Node))) (not_memo:MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd) (Bdd'0.t_Bdd)) (and_memo:MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd, Bdd'0.t_Bdd) (Bdd'0.t_Bdd)) (cnt:uint64))= any - [ good (alloc:Bump'0.t_Bump) (hashcons:MyHashMap'0.t_MyHashMap (Node'0.t_Node) (Bdd'0.t_Bdd)) (hashcons_ghost:Snapshot.snap_ty (Map.map uint64 (Node'0.t_Node))) (not_memo:MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd) (Bdd'0.t_Bdd)) (and_memo:MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd, Bdd'0.t_Bdd) (Bdd'0.t_Bdd)) (cnt:uint64)-> {C_Context alloc hashcons hashcons_ghost not_memo and_memo cnt + let rec t_Context (input:t_Context) (ret (alloc:Bump'0.t_Bump) (hashcons:MyHashMap'0.t_MyHashMap (Node'0.t_Node) (Bdd'0.t_Bdd)) (hashcons_ghost:Snapshot.snap_ty (Map.map UInt64.t (Node'0.t_Node))) (not_memo:MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd) (Bdd'0.t_Bdd)) (and_memo:MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd, Bdd'0.t_Bdd) (Bdd'0.t_Bdd)) (cnt:UInt64.t))= any + [ good (alloc:Bump'0.t_Bump) (hashcons:MyHashMap'0.t_MyHashMap (Node'0.t_Node) (Bdd'0.t_Bdd)) (hashcons_ghost:Snapshot.snap_ty (Map.map UInt64.t (Node'0.t_Node))) (not_memo:MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd) (Bdd'0.t_Bdd)) (and_memo:MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd, Bdd'0.t_Bdd) (Bdd'0.t_Bdd)) (cnt:UInt64.t)-> {C_Context alloc hashcons hashcons_ghost not_memo and_memo cnt = input} (! ret {alloc} {hashcons} {hashcons_ghost} {not_memo} {and_memo} {cnt}) ] - function t_Context__cnt (self : t_Context) : uint64 = + function t_Context__cnt (self : t_Context) : UInt64.t = match self with | C_Context _ _ _ _ _ a -> a end @@ -843,7 +864,7 @@ module T_bdd__Context [#"bdd.rs" 254 0 254 26] | C_Context _ a _ _ _ _ -> a end - function t_Context__hashcons_ghost (self : t_Context) : Snapshot.snap_ty (Map.map uint64 (Node'0.t_Node)) = + function t_Context__hashcons_ghost (self : t_Context) : Snapshot.snap_ty (Map.map UInt64.t (Node'0.t_Node)) = match self with | C_Context _ _ a _ _ _ -> a end @@ -914,7 +935,7 @@ module M_bdd__qyi11078426090797403070__grows_is_valid_bdd [#"bdd.rs" 340 4 340 5 use prelude.prelude.Int - use prelude.prelude.UInt64 + use prelude.prelude.UInt64.to_uint use T_bdd__Context as T_bdd__Context @@ -968,7 +989,7 @@ module M_bdd__qyi11078426090797403070__grows_trans [#"bdd.rs" 349 4 349 62] (* C use prelude.prelude.Int - use prelude.prelude.UInt64 + use prelude.prelude.UInt64.to_uint use T_bdd__Context as T_bdd__Context @@ -1022,7 +1043,7 @@ module M_bdd__qyi11078426090797403070__set_irrelevent_var [#"bdd.rs" 356 4 356 8 use T_bdd__hashmap__MyHashMap as MyHashMap'0 - function view'5 [#"bdd.rs" 50 8 50 37] (self : MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd, Bdd'0.t_Bdd) (Bdd'0.t_Bdd)) : Map.map (uint64, uint64) (Option'0.t_Option (Bdd'0.t_Bdd)) + function view'5 [#"bdd.rs" 50 8 50 37] (self : MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd, Bdd'0.t_Bdd) (Bdd'0.t_Bdd)) : Map.map (UInt64.t, UInt64.t) (Option'0.t_Option (Bdd'0.t_Bdd)) use T_bdd__Context as T_bdd__Context @@ -1033,26 +1054,30 @@ module M_bdd__qyi11078426090797403070__set_irrelevent_var [#"bdd.rs" 356 4 356 8 use T_bdd__hashmap__MyHashMap as MyHashMap'0 - function view'4 [#"bdd.rs" 50 8 50 37] (self : MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd) (Bdd'0.t_Bdd)) : Map.map uint64 (Option'0.t_Option (Bdd'0.t_Bdd)) + function view'4 [#"bdd.rs" 50 8 50 37] (self : MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd) (Bdd'0.t_Bdd)) : Map.map UInt64.t (Option'0.t_Option (Bdd'0.t_Bdd)) use T_bdd__Context as T_bdd__Context - use prelude.prelude.UInt64 + use prelude.prelude.UInt64.to_uint use prelude.prelude.Borrow - function view'2 (self : uint64) : int = + function view'2 (self : UInt64.t) : int = [%#smodel8] UInt64.to_int self - constant v_MAX'0 : uint64 = (18446744073709551615 : uint64) + use prelude.prelude.Int128.to_int + + use prelude.prelude.Int128 + + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) use T_bdd__Node as Node'0 function leastvar'0 [#"bdd.rs" 243 4 243 28] (self : Bdd'0.t_Bdd) : int = [%#sbdd5] match self with - | Bdd'0.C_Bdd (Node'0.C_True) _ -> UInt64.to_int (v_MAX'0 : uint64) + 1 - | Bdd'0.C_Bdd (Node'0.C_False) _ -> UInt64.to_int (v_MAX'0 : uint64) + 1 + | Bdd'0.C_Bdd (Node'0.C_True) _ -> UInt64.to_int (v_MAX'0 : UInt64.t) + Int128.to_int (1 : Int128.t) + | Bdd'0.C_Bdd (Node'0.C_False) _ -> UInt64.to_int (v_MAX'0 : UInt64.t) + Int128.to_int (1 : Int128.t) | Bdd'0.C_Bdd (Node'0.C_If v _ _) _ -> view'2 v end @@ -1060,7 +1085,7 @@ module M_bdd__qyi11078426090797403070__set_irrelevent_var [#"bdd.rs" 356 4 356 8 use map.Map - function interp'0 [#"bdd.rs" 213 4 213 53] (self : Bdd'0.t_Bdd) (vars : Map.map uint64 bool) : bool = + function interp'0 [#"bdd.rs" 213 4 213 53] (self : Bdd'0.t_Bdd) (vars : Map.map UInt64.t bool) : bool = [%#sbdd6] match self with | Bdd'0.C_Bdd (Node'0.C_True) _ -> true | Bdd'0.C_Bdd (Node'0.C_False) _ -> false @@ -1133,18 +1158,18 @@ module M_bdd__qyi11078426090797403070__set_irrelevent_var [#"bdd.rs" 356 4 356 8 = T_bdd__Bdd.t_Bdd__0 b | Option'0.C_None -> true end) - /\ (forall bm : uint64 . match Map.get (view'4 (T_bdd__Context.t_Context__not_memo self)) bm with + /\ (forall bm : UInt64.t . match Map.get (view'4 (T_bdd__Context.t_Context__not_memo self)) bm with | Option'0.C_None -> true | Option'0.C_Some n -> let b = Bdd'0.C_Bdd (Map.get (Snapshot.inner (T_bdd__Context.t_Context__hashcons_ghost self)) bm) bm in is_valid_bdd'0 self n /\ is_valid_bdd'0 self b - /\ (forall v : Map.map uint64 bool . interp'0 n v = (not interp'0 b v)) /\ leastvar'0 b <= leastvar'0 n + /\ (forall v : Map.map UInt64.t bool . interp'0 n v = (not interp'0 b v)) /\ leastvar'0 b <= leastvar'0 n end) - /\ (forall abm : (uint64, uint64) . match Map.get (view'5 (T_bdd__Context.t_Context__and_memo self)) abm with + /\ (forall abm : (UInt64.t, UInt64.t) . match Map.get (view'5 (T_bdd__Context.t_Context__and_memo self)) abm with | Option'0.C_None -> true | Option'0.C_Some n -> let a = Bdd'0.C_Bdd (Map.get (Snapshot.inner (T_bdd__Context.t_Context__hashcons_ghost self)) (let (a, _) = abm in a)) (let (a, _) = abm in a) in let b = Bdd'0.C_Bdd (Map.get (Snapshot.inner (T_bdd__Context.t_Context__hashcons_ghost self)) (let (_, a) = abm in a)) (let (_, a) = abm in a) in is_valid_bdd'0 self n /\ is_valid_bdd'0 self a /\ is_valid_bdd'0 self b - /\ (forall v : Map.map uint64 bool . interp'0 n v = (interp'0 a v /\ interp'0 b v)) + /\ (forall v : Map.map UInt64.t bool . interp'0 n v = (interp'0 a v /\ interp'0 b v)) /\ (leastvar'0 a <= leastvar'0 n \/ leastvar'0 b <= leastvar'0 n) end) @@ -1162,13 +1187,13 @@ module M_bdd__qyi11078426090797403070__set_irrelevent_var [#"bdd.rs" 356 4 356 8 constant a : Bdd'0.t_Bdd - constant x : uint64 + constant x : UInt64.t - constant v : Map.map uint64 bool + constant v : Map.map UInt64.t bool constant b : bool - function set_irrelevent_var [#"bdd.rs" 356 4 356 87] (self : Context'0.t_Context) (a : Bdd'0.t_Bdd) (x : uint64) (v : Map.map uint64 bool) (b : bool) : () + function set_irrelevent_var [#"bdd.rs" 356 4 356 87] (self : Context'0.t_Context) (a : Bdd'0.t_Bdd) (x : UInt64.t) (v : Map.map UInt64.t bool) (b : bool) : () goal vc_set_irrelevent_var : ([%#sbdd2] UInt64.to_int x < leastvar'0 a) @@ -1223,7 +1248,7 @@ module M_bdd__qyi11078426090797403070__discr_valuation [#"bdd.rs" 376 4 376 82] use T_bdd__hashmap__MyHashMap as MyHashMap'0 - function view'5 [#"bdd.rs" 50 8 50 37] (self : MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd, Bdd'0.t_Bdd) (Bdd'0.t_Bdd)) : Map.map (uint64, uint64) (Option'0.t_Option (Bdd'0.t_Bdd)) + function view'5 [#"bdd.rs" 50 8 50 37] (self : MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd, Bdd'0.t_Bdd) (Bdd'0.t_Bdd)) : Map.map (UInt64.t, UInt64.t) (Option'0.t_Option (Bdd'0.t_Bdd)) use T_bdd__Context as T_bdd__Context @@ -1234,26 +1259,30 @@ module M_bdd__qyi11078426090797403070__discr_valuation [#"bdd.rs" 376 4 376 82] use T_bdd__hashmap__MyHashMap as MyHashMap'0 - function view'4 [#"bdd.rs" 50 8 50 37] (self : MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd) (Bdd'0.t_Bdd)) : Map.map uint64 (Option'0.t_Option (Bdd'0.t_Bdd)) + function view'4 [#"bdd.rs" 50 8 50 37] (self : MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd) (Bdd'0.t_Bdd)) : Map.map UInt64.t (Option'0.t_Option (Bdd'0.t_Bdd)) use T_bdd__Context as T_bdd__Context - use prelude.prelude.UInt64 + use prelude.prelude.UInt64.to_uint use prelude.prelude.Borrow - function view'2 (self : uint64) : int = + function view'2 (self : UInt64.t) : int = [%#smodel17] UInt64.to_int self - constant v_MAX'0 : uint64 = (18446744073709551615 : uint64) + use prelude.prelude.Int128.to_int + + use prelude.prelude.Int128 + + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) use T_bdd__Node as Node'0 function leastvar'0 [#"bdd.rs" 243 4 243 28] (self : Bdd'0.t_Bdd) : int = [%#sbdd15] match self with - | Bdd'0.C_Bdd (Node'0.C_True) _ -> UInt64.to_int (v_MAX'0 : uint64) + 1 - | Bdd'0.C_Bdd (Node'0.C_False) _ -> UInt64.to_int (v_MAX'0 : uint64) + 1 + | Bdd'0.C_Bdd (Node'0.C_True) _ -> UInt64.to_int (v_MAX'0 : UInt64.t) + Int128.to_int (1 : Int128.t) + | Bdd'0.C_Bdd (Node'0.C_False) _ -> UInt64.to_int (v_MAX'0 : UInt64.t) + Int128.to_int (1 : Int128.t) | Bdd'0.C_Bdd (Node'0.C_If v _ _) _ -> view'2 v end @@ -1261,7 +1290,7 @@ module M_bdd__qyi11078426090797403070__discr_valuation [#"bdd.rs" 376 4 376 82] use map.Map - function interp'0 [#"bdd.rs" 213 4 213 53] (self : Bdd'0.t_Bdd) (vars : Map.map uint64 bool) : bool = + function interp'0 [#"bdd.rs" 213 4 213 53] (self : Bdd'0.t_Bdd) (vars : Map.map UInt64.t bool) : bool = [%#sbdd7] match self with | Bdd'0.C_Bdd (Node'0.C_True) _ -> true | Bdd'0.C_Bdd (Node'0.C_False) _ -> false @@ -1334,18 +1363,18 @@ module M_bdd__qyi11078426090797403070__discr_valuation [#"bdd.rs" 376 4 376 82] = T_bdd__Bdd.t_Bdd__0 b | Option'0.C_None -> true end) - /\ (forall bm : uint64 . match Map.get (view'4 (T_bdd__Context.t_Context__not_memo self)) bm with + /\ (forall bm : UInt64.t . match Map.get (view'4 (T_bdd__Context.t_Context__not_memo self)) bm with | Option'0.C_None -> true | Option'0.C_Some n -> let b = Bdd'0.C_Bdd (Map.get (Snapshot.inner (T_bdd__Context.t_Context__hashcons_ghost self)) bm) bm in is_valid_bdd'0 self n /\ is_valid_bdd'0 self b - /\ (forall v : Map.map uint64 bool . interp'0 n v = (not interp'0 b v)) /\ leastvar'0 b <= leastvar'0 n + /\ (forall v : Map.map UInt64.t bool . interp'0 n v = (not interp'0 b v)) /\ leastvar'0 b <= leastvar'0 n end) - /\ (forall abm : (uint64, uint64) . match Map.get (view'5 (T_bdd__Context.t_Context__and_memo self)) abm with + /\ (forall abm : (UInt64.t, UInt64.t) . match Map.get (view'5 (T_bdd__Context.t_Context__and_memo self)) abm with | Option'0.C_None -> true | Option'0.C_Some n -> let a = Bdd'0.C_Bdd (Map.get (Snapshot.inner (T_bdd__Context.t_Context__hashcons_ghost self)) (let (a, _) = abm in a)) (let (a, _) = abm in a) in let b = Bdd'0.C_Bdd (Map.get (Snapshot.inner (T_bdd__Context.t_Context__hashcons_ghost self)) (let (_, a) = abm in a)) (let (_, a) = abm in a) in is_valid_bdd'0 self n /\ is_valid_bdd'0 self a /\ is_valid_bdd'0 self b - /\ (forall v : Map.map uint64 bool . interp'0 n v = (interp'0 a v /\ interp'0 b v)) + /\ (forall v : Map.map UInt64.t bool . interp'0 n v = (interp'0 a v /\ interp'0 b v)) /\ (leastvar'0 a <= leastvar'0 n \/ leastvar'0 b <= leastvar'0 n) end) @@ -1361,7 +1390,7 @@ module M_bdd__qyi11078426090797403070__discr_valuation [#"bdd.rs" 376 4 376 82] use map.Map - function set_irrelevent_var'0 [#"bdd.rs" 356 4 356 87] (self : Context'0.t_Context) (a : Bdd'0.t_Bdd) (x : uint64) (v : Map.map uint64 bool) (b : bool) : () + function set_irrelevent_var'0 [#"bdd.rs" 356 4 356 87] (self : Context'0.t_Context) (a : Bdd'0.t_Bdd) (x : UInt64.t) (v : Map.map UInt64.t bool) (b : bool) : () = [%#sbdd14] match a with @@ -1369,18 +1398,20 @@ module M_bdd__qyi11078426090797403070__discr_valuation [#"bdd.rs" 376 4 376 82] | _ -> () end - axiom set_irrelevent_var'0_spec : forall self : Context'0.t_Context, a : Bdd'0.t_Bdd, x : uint64, v : Map.map uint64 bool, b : bool . ([%#sbdd10] inv'0 self) + axiom set_irrelevent_var'0_spec : forall self : Context'0.t_Context, a : Bdd'0.t_Bdd, x : UInt64.t, v : Map.map UInt64.t bool, b : bool . ([%#sbdd10] inv'0 self) -> ([%#sbdd11] is_valid_bdd'0 self a) -> ([%#sbdd12] UInt64.to_int x < leastvar'0 a) -> ([%#sbdd13] interp'0 a v = interp'0 a (Map.set v x b)) function size'0 [#"bdd.rs" 228 4 228 24] (self : Bdd'0.t_Bdd) : int = [%#sbdd9] match self with - | Bdd'0.C_Bdd (Node'0.C_True) _ -> 0 - | Bdd'0.C_Bdd (Node'0.C_False) _ -> 0 - | Bdd'0.C_Bdd (Node'0.C_If _ childt childf) _ -> let ht = size'0 childt in let hf = size'0 childf in 1 + ht + hf + | Bdd'0.C_Bdd (Node'0.C_True) _ -> Int128.to_int (0 : Int128.t) + | Bdd'0.C_Bdd (Node'0.C_False) _ -> Int128.to_int (0 : Int128.t) + | Bdd'0.C_Bdd (Node'0.C_If _ childt childf) _ -> let ht = size'0 childt in let hf = size'0 childf in Int128.to_int (1 : Int128.t) + + ht + + hf end - axiom size'0_spec : forall self : Bdd'0.t_Bdd . [%#sbdd8] size'0 self >= 0 + axiom size'0_spec : forall self : Bdd'0.t_Bdd . [%#sbdd8] size'0 self >= Int128.to_int (0 : Int128.t) constant self : Context'0.t_Context @@ -1388,7 +1419,7 @@ module M_bdd__qyi11078426090797403070__discr_valuation [#"bdd.rs" 376 4 376 82] constant b : Bdd'0.t_Bdd - function discr_valuation [#"bdd.rs" 376 4 376 82] (self : Context'0.t_Context) (a : Bdd'0.t_Bdd) (b : Bdd'0.t_Bdd) : Map.map uint64 bool + function discr_valuation [#"bdd.rs" 376 4 376 82] (self : Context'0.t_Context) (a : Bdd'0.t_Bdd) (b : Bdd'0.t_Bdd) : Map.map UInt64.t bool goal vc_discr_valuation : ([%#sbdd3] a <> b) @@ -1512,7 +1543,7 @@ module M_bdd__qyi11078426090797403070__bdd_canonical [#"bdd.rs" 425 4 425 62] (* use T_bdd__hashmap__MyHashMap as MyHashMap'0 - function view'5 [#"bdd.rs" 50 8 50 37] (self : MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd, Bdd'0.t_Bdd) (Bdd'0.t_Bdd)) : Map.map (uint64, uint64) (Option'0.t_Option (Bdd'0.t_Bdd)) + function view'5 [#"bdd.rs" 50 8 50 37] (self : MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd, Bdd'0.t_Bdd) (Bdd'0.t_Bdd)) : Map.map (UInt64.t, UInt64.t) (Option'0.t_Option (Bdd'0.t_Bdd)) use T_bdd__Context as T_bdd__Context @@ -1523,26 +1554,30 @@ module M_bdd__qyi11078426090797403070__bdd_canonical [#"bdd.rs" 425 4 425 62] (* use T_bdd__hashmap__MyHashMap as MyHashMap'0 - function view'4 [#"bdd.rs" 50 8 50 37] (self : MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd) (Bdd'0.t_Bdd)) : Map.map uint64 (Option'0.t_Option (Bdd'0.t_Bdd)) + function view'4 [#"bdd.rs" 50 8 50 37] (self : MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd) (Bdd'0.t_Bdd)) : Map.map UInt64.t (Option'0.t_Option (Bdd'0.t_Bdd)) use T_bdd__Context as T_bdd__Context - use prelude.prelude.UInt64 + use prelude.prelude.UInt64.to_uint use prelude.prelude.Borrow - function view'3 (self : uint64) : int = + function view'3 (self : UInt64.t) : int = [%#smodel14] UInt64.to_int self - constant v_MAX'0 : uint64 = (18446744073709551615 : uint64) + use prelude.prelude.Int128.to_int + + use prelude.prelude.Int128 + + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) use T_bdd__Node as Node'0 function leastvar'0 [#"bdd.rs" 243 4 243 28] (self : Bdd'0.t_Bdd) : int = [%#sbdd22] match self with - | Bdd'0.C_Bdd (Node'0.C_True) _ -> UInt64.to_int (v_MAX'0 : uint64) + 1 - | Bdd'0.C_Bdd (Node'0.C_False) _ -> UInt64.to_int (v_MAX'0 : uint64) + 1 + | Bdd'0.C_Bdd (Node'0.C_True) _ -> UInt64.to_int (v_MAX'0 : UInt64.t) + Int128.to_int (1 : Int128.t) + | Bdd'0.C_Bdd (Node'0.C_False) _ -> UInt64.to_int (v_MAX'0 : UInt64.t) + Int128.to_int (1 : Int128.t) | Bdd'0.C_Bdd (Node'0.C_If v _ _) _ -> view'3 v end @@ -1550,7 +1585,7 @@ module M_bdd__qyi11078426090797403070__bdd_canonical [#"bdd.rs" 425 4 425 62] (* use map.Map - function interp'0 [#"bdd.rs" 213 4 213 53] (self : Bdd'0.t_Bdd) (vars : Map.map uint64 bool) : bool = + function interp'0 [#"bdd.rs" 213 4 213 53] (self : Bdd'0.t_Bdd) (vars : Map.map UInt64.t bool) : bool = [%#sbdd6] match self with | Bdd'0.C_Bdd (Node'0.C_True) _ -> true | Bdd'0.C_Bdd (Node'0.C_False) _ -> false @@ -1623,18 +1658,18 @@ module M_bdd__qyi11078426090797403070__bdd_canonical [#"bdd.rs" 425 4 425 62] (* = T_bdd__Bdd.t_Bdd__0 b | Option'0.C_None -> true end) - /\ (forall bm : uint64 . match Map.get (view'4 (T_bdd__Context.t_Context__not_memo self)) bm with + /\ (forall bm : UInt64.t . match Map.get (view'4 (T_bdd__Context.t_Context__not_memo self)) bm with | Option'0.C_None -> true | Option'0.C_Some n -> let b = Bdd'0.C_Bdd (Map.get (Snapshot.inner (T_bdd__Context.t_Context__hashcons_ghost self)) bm) bm in is_valid_bdd'0 self n /\ is_valid_bdd'0 self b - /\ (forall v : Map.map uint64 bool . interp'0 n v = (not interp'0 b v)) /\ leastvar'0 b <= leastvar'0 n + /\ (forall v : Map.map UInt64.t bool . interp'0 n v = (not interp'0 b v)) /\ leastvar'0 b <= leastvar'0 n end) - /\ (forall abm : (uint64, uint64) . match Map.get (view'5 (T_bdd__Context.t_Context__and_memo self)) abm with + /\ (forall abm : (UInt64.t, UInt64.t) . match Map.get (view'5 (T_bdd__Context.t_Context__and_memo self)) abm with | Option'0.C_None -> true | Option'0.C_Some n -> let a = Bdd'0.C_Bdd (Map.get (Snapshot.inner (T_bdd__Context.t_Context__hashcons_ghost self)) (let (a, _) = abm in a)) (let (a, _) = abm in a) in let b = Bdd'0.C_Bdd (Map.get (Snapshot.inner (T_bdd__Context.t_Context__hashcons_ghost self)) (let (_, a) = abm in a)) (let (_, a) = abm in a) in is_valid_bdd'0 self n /\ is_valid_bdd'0 self a /\ is_valid_bdd'0 self b - /\ (forall v : Map.map uint64 bool . interp'0 n v = (interp'0 a v /\ interp'0 b v)) + /\ (forall v : Map.map UInt64.t bool . interp'0 n v = (interp'0 a v /\ interp'0 b v)) /\ (leastvar'0 a <= leastvar'0 n \/ leastvar'0 b <= leastvar'0 n) end) @@ -1650,7 +1685,7 @@ module M_bdd__qyi11078426090797403070__bdd_canonical [#"bdd.rs" 425 4 425 62] (* use map.Map - function set_irrelevent_var'0 [#"bdd.rs" 356 4 356 87] (self : Context'0.t_Context) (a : Bdd'0.t_Bdd) (x : uint64) (v : Map.map uint64 bool) (b : bool) : () + function set_irrelevent_var'0 [#"bdd.rs" 356 4 356 87] (self : Context'0.t_Context) (a : Bdd'0.t_Bdd) (x : UInt64.t) (v : Map.map UInt64.t bool) (b : bool) : () = [%#sbdd21] match a with @@ -1658,20 +1693,22 @@ module M_bdd__qyi11078426090797403070__bdd_canonical [#"bdd.rs" 425 4 425 62] (* | _ -> () end - axiom set_irrelevent_var'0_spec : forall self : Context'0.t_Context, a : Bdd'0.t_Bdd, x : uint64, v : Map.map uint64 bool, b : bool . ([%#sbdd17] inv'0 self) + axiom set_irrelevent_var'0_spec : forall self : Context'0.t_Context, a : Bdd'0.t_Bdd, x : UInt64.t, v : Map.map UInt64.t bool, b : bool . ([%#sbdd17] inv'0 self) -> ([%#sbdd18] is_valid_bdd'0 self a) -> ([%#sbdd19] UInt64.to_int x < leastvar'0 a) -> ([%#sbdd20] interp'0 a v = interp'0 a (Map.set v x b)) function size'0 [#"bdd.rs" 228 4 228 24] (self : Bdd'0.t_Bdd) : int = [%#sbdd16] match self with - | Bdd'0.C_Bdd (Node'0.C_True) _ -> 0 - | Bdd'0.C_Bdd (Node'0.C_False) _ -> 0 - | Bdd'0.C_Bdd (Node'0.C_If _ childt childf) _ -> let ht = size'0 childt in let hf = size'0 childf in 1 + ht + hf + | Bdd'0.C_Bdd (Node'0.C_True) _ -> Int128.to_int (0 : Int128.t) + | Bdd'0.C_Bdd (Node'0.C_False) _ -> Int128.to_int (0 : Int128.t) + | Bdd'0.C_Bdd (Node'0.C_If _ childt childf) _ -> let ht = size'0 childt in let hf = size'0 childf in Int128.to_int (1 : Int128.t) + + ht + + hf end - axiom size'0_spec : forall self : Bdd'0.t_Bdd . [%#sbdd15] size'0 self >= 0 + axiom size'0_spec : forall self : Bdd'0.t_Bdd . [%#sbdd15] size'0 self >= Int128.to_int (0 : Int128.t) - function discr_valuation'0 [#"bdd.rs" 376 4 376 82] (self : Context'0.t_Context) (a : Bdd'0.t_Bdd) (b : Bdd'0.t_Bdd) : Map.map uint64 bool + function discr_valuation'0 [#"bdd.rs" 376 4 376 82] (self : Context'0.t_Context) (a : Bdd'0.t_Bdd) (b : Bdd'0.t_Bdd) : Map.map UInt64.t bool axiom discr_valuation'0_def : forall self : Context'0.t_Context, a : Bdd'0.t_Bdd, b : Bdd'0.t_Bdd . discr_valuation'0 self a b @@ -1723,7 +1760,7 @@ module M_bdd__qyi11078426090797403070__bdd_canonical [#"bdd.rs" 425 4 425 62] (* function bdd_canonical [#"bdd.rs" 425 4 425 62] (self : Context'0.t_Context) (a : Bdd'0.t_Bdd) (b : Bdd'0.t_Bdd) : () - goal vc_bdd_canonical : ([%#sbdd3] forall v : Map.map uint64 bool . interp'0 a v = interp'0 b v) + goal vc_bdd_canonical : ([%#sbdd3] forall v : Map.map UInt64.t bool . interp'0 a v = interp'0 b v) -> ([%#sbdd2] is_valid_bdd'0 self b) -> ([%#sbdd1] is_valid_bdd'0 self a) -> ([%#sbdd0] inv'0 self) -> (let _ = discr_valuation'0 in [%#sbdd4] a = b) end @@ -1758,7 +1795,7 @@ module M_bdd__qyi11078426090797403070__new [#"bdd.rs" 431 4 431 52] (* Context<' use T_bdd__hashmap__MyHashMap as MyHashMap'0 - function view'2 [#"bdd.rs" 50 8 50 37] (self : MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd, Bdd'0.t_Bdd) (Bdd'0.t_Bdd)) : Map.map (uint64, uint64) (Option'0.t_Option (Bdd'0.t_Bdd)) + function view'2 [#"bdd.rs" 50 8 50 37] (self : MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd, Bdd'0.t_Bdd) (Bdd'0.t_Bdd)) : Map.map (UInt64.t, UInt64.t) (Option'0.t_Option (Bdd'0.t_Bdd)) use T_bdd__Context as T_bdd__Context @@ -1769,26 +1806,30 @@ module M_bdd__qyi11078426090797403070__new [#"bdd.rs" 431 4 431 52] (* Context<' use T_bdd__hashmap__MyHashMap as MyHashMap'0 - function view'1 [#"bdd.rs" 50 8 50 37] (self : MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd) (Bdd'0.t_Bdd)) : Map.map uint64 (Option'0.t_Option (Bdd'0.t_Bdd)) + function view'1 [#"bdd.rs" 50 8 50 37] (self : MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd) (Bdd'0.t_Bdd)) : Map.map UInt64.t (Option'0.t_Option (Bdd'0.t_Bdd)) use T_bdd__Context as T_bdd__Context - use prelude.prelude.UInt64 + use prelude.prelude.UInt64.to_uint use prelude.prelude.Borrow - function view'5 (self : uint64) : int = + function view'5 (self : UInt64.t) : int = [%#smodel8] UInt64.to_int self - constant v_MAX'0 : uint64 = (18446744073709551615 : uint64) + use prelude.prelude.Int128.to_int + + use prelude.prelude.Int128 + + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) use T_bdd__Node as Node'0 function leastvar'0 [#"bdd.rs" 243 4 243 28] (self : Bdd'0.t_Bdd) : int = [%#sbdd12] match self with - | Bdd'0.C_Bdd (Node'0.C_True) _ -> UInt64.to_int (v_MAX'0 : uint64) + 1 - | Bdd'0.C_Bdd (Node'0.C_False) _ -> UInt64.to_int (v_MAX'0 : uint64) + 1 + | Bdd'0.C_Bdd (Node'0.C_True) _ -> UInt64.to_int (v_MAX'0 : UInt64.t) + Int128.to_int (1 : Int128.t) + | Bdd'0.C_Bdd (Node'0.C_False) _ -> UInt64.to_int (v_MAX'0 : UInt64.t) + Int128.to_int (1 : Int128.t) | Bdd'0.C_Bdd (Node'0.C_If v _ _) _ -> view'5 v end @@ -1796,7 +1837,7 @@ module M_bdd__qyi11078426090797403070__new [#"bdd.rs" 431 4 431 52] (* Context<' use map.Map - function interp'0 [#"bdd.rs" 213 4 213 53] (self : Bdd'0.t_Bdd) (vars : Map.map uint64 bool) : bool = + function interp'0 [#"bdd.rs" 213 4 213 53] (self : Bdd'0.t_Bdd) (vars : Map.map UInt64.t bool) : bool = [%#sbdd11] match self with | Bdd'0.C_Bdd (Node'0.C_True) _ -> true | Bdd'0.C_Bdd (Node'0.C_False) _ -> false @@ -1869,18 +1910,18 @@ module M_bdd__qyi11078426090797403070__new [#"bdd.rs" 431 4 431 52] (* Context<' = T_bdd__Bdd.t_Bdd__0 b | Option'0.C_None -> true end) - /\ (forall bm : uint64 . match Map.get (view'1 (T_bdd__Context.t_Context__not_memo self)) bm with + /\ (forall bm : UInt64.t . match Map.get (view'1 (T_bdd__Context.t_Context__not_memo self)) bm with | Option'0.C_None -> true | Option'0.C_Some n -> let b = Bdd'0.C_Bdd (Map.get (Snapshot.inner (T_bdd__Context.t_Context__hashcons_ghost self)) bm) bm in is_valid_bdd'0 self n /\ is_valid_bdd'0 self b - /\ (forall v : Map.map uint64 bool . interp'0 n v = (not interp'0 b v)) /\ leastvar'0 b <= leastvar'0 n + /\ (forall v : Map.map UInt64.t bool . interp'0 n v = (not interp'0 b v)) /\ leastvar'0 b <= leastvar'0 n end) - /\ (forall abm : (uint64, uint64) . match Map.get (view'2 (T_bdd__Context.t_Context__and_memo self)) abm with + /\ (forall abm : (UInt64.t, UInt64.t) . match Map.get (view'2 (T_bdd__Context.t_Context__and_memo self)) abm with | Option'0.C_None -> true | Option'0.C_Some n -> let a = Bdd'0.C_Bdd (Map.get (Snapshot.inner (T_bdd__Context.t_Context__hashcons_ghost self)) (let (a, _) = abm in a)) (let (a, _) = abm in a) in let b = Bdd'0.C_Bdd (Map.get (Snapshot.inner (T_bdd__Context.t_Context__hashcons_ghost self)) (let (_, a) = abm in a)) (let (_, a) = abm in a) in is_valid_bdd'0 self n /\ is_valid_bdd'0 self a /\ is_valid_bdd'0 self b - /\ (forall v : Map.map uint64 bool . interp'0 n v = (interp'0 a v /\ interp'0 b v)) + /\ (forall v : Map.map UInt64.t bool . interp'0 n v = (interp'0 a v /\ interp'0 b v)) /\ (leastvar'0 a <= leastvar'0 n \/ leastvar'0 b <= leastvar'0 n) end) @@ -1956,14 +1997,14 @@ module M_bdd__qyi11078426090797403070__new [#"bdd.rs" 431 4 431 52] (* Context<' | s1 = bb4 ] | bb4 = s0 - [ s0 = [ &_0 <- Context'0.C_Context alloc _5 _6 _8 _9 ([%#sbdd4] (0 : uint64)) ] s1 | s1 = return' {_0} ] + [ s0 = [ &_0 <- Context'0.C_Context alloc _5 _6 _8 _9 ([%#sbdd4] (0 : UInt64.t)) ] s1 | s1 = return' {_0} ] ] ) [ & _0 : Context'0.t_Context = any_l () | & alloc : Bump'0.t_Bump = alloc | & t : Node'0.t_Node = any_l () | & _5 : MyHashMap'0.t_MyHashMap (Node'0.t_Node) (Bdd'0.t_Bdd) = any_l () - | & _6 : Snapshot.snap_ty (Map.map uint64 (Node'0.t_Node)) = any_l () + | & _6 : Snapshot.snap_ty (Map.map UInt64.t (Node'0.t_Node)) = any_l () | & _8 : MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd) (Bdd'0.t_Bdd) = any_l () | & _9 : MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd, Bdd'0.t_Bdd) (Bdd'0.t_Bdd) = any_l () | & _10 : Node'0.t_Node = any_l () ] @@ -1971,8 +2012,8 @@ module M_bdd__qyi11078426090797403070__new [#"bdd.rs" 431 4 431 52] (* Context<' end module M_bdd__qyi11078426090797403070__hashcons [#"bdd.rs" 447 4 447 58] (* Context<'arena> *) let%span sbdd0 = "bdd.rs" 454 30 454 77 - let%span sbdd1 = "bdd.rs" 455 22 455 30 - let%span sbdd2 = "bdd.rs" 455 33 455 34 + let%span sbdd1 = "bdd.rs" 455 33 455 34 + let%span sbdd2 = "bdd.rs" 455 22 455 30 let%span sbdd3 = "bdd.rs" 461 20 461 21 let%span sbdd4 = "bdd.rs" 449 28 449 38 let%span sbdd5 = "bdd.rs" 443 15 443 36 @@ -2017,7 +2058,7 @@ module M_bdd__qyi11078426090797403070__hashcons [#"bdd.rs" 447 4 447 58] (* Cont use T_bdd__hashmap__MyHashMap as MyHashMap'0 - function view'7 [#"bdd.rs" 50 8 50 37] (self : MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd, Bdd'0.t_Bdd) (Bdd'0.t_Bdd)) : Map.map (uint64, uint64) (Option'0.t_Option (Bdd'0.t_Bdd)) + function view'7 [#"bdd.rs" 50 8 50 37] (self : MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd, Bdd'0.t_Bdd) (Bdd'0.t_Bdd)) : Map.map (UInt64.t, UInt64.t) (Option'0.t_Option (Bdd'0.t_Bdd)) use T_bdd__Context as T_bdd__Context @@ -2028,26 +2069,30 @@ module M_bdd__qyi11078426090797403070__hashcons [#"bdd.rs" 447 4 447 58] (* Cont use T_bdd__hashmap__MyHashMap as MyHashMap'0 - function view'6 [#"bdd.rs" 50 8 50 37] (self : MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd) (Bdd'0.t_Bdd)) : Map.map uint64 (Option'0.t_Option (Bdd'0.t_Bdd)) + function view'6 [#"bdd.rs" 50 8 50 37] (self : MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd) (Bdd'0.t_Bdd)) : Map.map UInt64.t (Option'0.t_Option (Bdd'0.t_Bdd)) use T_bdd__Context as T_bdd__Context - use prelude.prelude.UInt64 + use prelude.prelude.UInt64.to_uint use prelude.prelude.Borrow - function view'5 (self : uint64) : int = + function view'5 (self : UInt64.t) : int = [%#smodel19] UInt64.to_int self - constant v_MAX'0 : uint64 = (18446744073709551615 : uint64) + use prelude.prelude.Int128.to_int + + use prelude.prelude.Int128 + + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) use T_bdd__Node as Node'0 function leastvar'0 [#"bdd.rs" 243 4 243 28] (self : Bdd'0.t_Bdd) : int = [%#sbdd28] match self with - | Bdd'0.C_Bdd (Node'0.C_True) _ -> UInt64.to_int (v_MAX'0 : uint64) + 1 - | Bdd'0.C_Bdd (Node'0.C_False) _ -> UInt64.to_int (v_MAX'0 : uint64) + 1 + | Bdd'0.C_Bdd (Node'0.C_True) _ -> UInt64.to_int (v_MAX'0 : UInt64.t) + Int128.to_int (1 : Int128.t) + | Bdd'0.C_Bdd (Node'0.C_False) _ -> UInt64.to_int (v_MAX'0 : UInt64.t) + Int128.to_int (1 : Int128.t) | Bdd'0.C_Bdd (Node'0.C_If v _ _) _ -> view'5 v end @@ -2055,7 +2100,7 @@ module M_bdd__qyi11078426090797403070__hashcons [#"bdd.rs" 447 4 447 58] (* Cont use map.Map - function interp'0 [#"bdd.rs" 213 4 213 53] (self : Bdd'0.t_Bdd) (vars : Map.map uint64 bool) : bool = + function interp'0 [#"bdd.rs" 213 4 213 53] (self : Bdd'0.t_Bdd) (vars : Map.map UInt64.t bool) : bool = [%#sbdd31] match self with | Bdd'0.C_Bdd (Node'0.C_True) _ -> true | Bdd'0.C_Bdd (Node'0.C_False) _ -> false @@ -2128,18 +2173,18 @@ module M_bdd__qyi11078426090797403070__hashcons [#"bdd.rs" 447 4 447 58] (* Cont = T_bdd__Bdd.t_Bdd__0 b | Option'0.C_None -> true end) - /\ (forall bm : uint64 . match Map.get (view'6 (T_bdd__Context.t_Context__not_memo self)) bm with + /\ (forall bm : UInt64.t . match Map.get (view'6 (T_bdd__Context.t_Context__not_memo self)) bm with | Option'0.C_None -> true | Option'0.C_Some n -> let b = Bdd'0.C_Bdd (Map.get (Snapshot.inner (T_bdd__Context.t_Context__hashcons_ghost self)) bm) bm in is_valid_bdd'0 self n /\ is_valid_bdd'0 self b - /\ (forall v : Map.map uint64 bool . interp'0 n v = (not interp'0 b v)) /\ leastvar'0 b <= leastvar'0 n + /\ (forall v : Map.map UInt64.t bool . interp'0 n v = (not interp'0 b v)) /\ leastvar'0 b <= leastvar'0 n end) - /\ (forall abm : (uint64, uint64) . match Map.get (view'7 (T_bdd__Context.t_Context__and_memo self)) abm with + /\ (forall abm : (UInt64.t, UInt64.t) . match Map.get (view'7 (T_bdd__Context.t_Context__and_memo self)) abm with | Option'0.C_None -> true | Option'0.C_Some n -> let a = Bdd'0.C_Bdd (Map.get (Snapshot.inner (T_bdd__Context.t_Context__hashcons_ghost self)) (let (a, _) = abm in a)) (let (a, _) = abm in a) in let b = Bdd'0.C_Bdd (Map.get (Snapshot.inner (T_bdd__Context.t_Context__hashcons_ghost self)) (let (_, a) = abm in a)) (let (_, a) = abm in a) in is_valid_bdd'0 self n /\ is_valid_bdd'0 self a /\ is_valid_bdd'0 self b - /\ (forall v : Map.map uint64 bool . interp'0 n v = (interp'0 a v /\ interp'0 b v)) + /\ (forall v : Map.map UInt64.t bool . interp'0 n v = (interp'0 a v /\ interp'0 b v)) /\ (leastvar'0 a <= leastvar'0 n \/ leastvar'0 b <= leastvar'0 n) end) @@ -2264,25 +2309,25 @@ module M_bdd__qyi11078426090797403070__hashcons [#"bdd.rs" 447 4 447 58] (* Cont [ bb0 = s0 [ s0 = [ &_11 <- n ] s1 | s1 = Context'0.t_Context {self.current} - (fun (ralloc'0:Bump'0.t_Bump) (rhashcons'0:MyHashMap'0.t_MyHashMap (Node'0.t_Node) (Bdd'0.t_Bdd)) (rhashcons_ghost'0:Snapshot.snap_ty (Map.map uint64 (Node'0.t_Node))) (rnot_memo'0:MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd) (Bdd'0.t_Bdd)) (rand_memo'0:MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd, Bdd'0.t_Bdd) (Bdd'0.t_Bdd)) (rcnt'0:uint64) -> + (fun (ralloc'0:Bump'0.t_Bump) (rhashcons'0:MyHashMap'0.t_MyHashMap (Node'0.t_Node) (Bdd'0.t_Bdd)) (rhashcons_ghost'0:Snapshot.snap_ty (Map.map UInt64.t (Node'0.t_Node))) (rnot_memo'0:MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd) (Bdd'0.t_Bdd)) (rand_memo'0:MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd, Bdd'0.t_Bdd) (Bdd'0.t_Bdd)) (rcnt'0:UInt64.t) -> get'0 {rhashcons'0} {_11} (fun (_ret':Option'0.t_Option (Bdd'0.t_Bdd)) -> [ &_8 <- _ret' ] s2)) | s2 = bb1 ] | bb1 = any [ br0 -> {_8 = Option'0.C_None } (! bb4) | br1 (a:Bdd'0.t_Bdd)-> {_8 = Option'0.C_Some a} (! bb2) ] | bb4 = s0 [ s0 = Context'0.t_Context {self.current} - (fun (ralloc'0:Bump'0.t_Bump) (rhashcons'0:MyHashMap'0.t_MyHashMap (Node'0.t_Node) (Bdd'0.t_Bdd)) (rhashcons_ghost'0:Snapshot.snap_ty (Map.map uint64 (Node'0.t_Node))) (rnot_memo'0:MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd) (Bdd'0.t_Bdd)) (rand_memo'0:MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd, Bdd'0.t_Bdd) (Bdd'0.t_Bdd)) (rcnt'0:uint64) -> + (fun (ralloc'0:Bump'0.t_Bump) (rhashcons'0:MyHashMap'0.t_MyHashMap (Node'0.t_Node) (Bdd'0.t_Bdd)) (rhashcons_ghost'0:Snapshot.snap_ty (Map.map UInt64.t (Node'0.t_Node))) (rnot_memo'0:MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd) (Bdd'0.t_Bdd)) (rand_memo'0:MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd, Bdd'0.t_Bdd) (Bdd'0.t_Bdd)) (rcnt'0:UInt64.t) -> alloc'0 {ralloc'0} {n} (fun (_ret':borrowed (Node'0.t_Node)) -> [ &_19 <- _ret' ] s1)) | s1 = bb5 ] | bb5 = s0 [ s0 = Context'0.t_Context {self.current} - (fun (ralloc'0:Bump'0.t_Bump) (rhashcons'0:MyHashMap'0.t_MyHashMap (Node'0.t_Node) (Bdd'0.t_Bdd)) (rhashcons_ghost'0:Snapshot.snap_ty (Map.map uint64 (Node'0.t_Node))) (rnot_memo'0:MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd) (Bdd'0.t_Bdd)) (rand_memo'0:MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd, Bdd'0.t_Bdd) (Bdd'0.t_Bdd)) (rcnt'0:uint64) -> + (fun (ralloc'0:Bump'0.t_Bump) (rhashcons'0:MyHashMap'0.t_MyHashMap (Node'0.t_Node) (Bdd'0.t_Bdd)) (rhashcons_ghost'0:Snapshot.snap_ty (Map.map UInt64.t (Node'0.t_Node))) (rnot_memo'0:MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd) (Bdd'0.t_Bdd)) (rand_memo'0:MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd, Bdd'0.t_Bdd) (Bdd'0.t_Bdd)) (rcnt'0:UInt64.t) -> [ &r1 <- Bdd'0.C_Bdd (_19.current) rcnt'0 ] s1) | s1 = -{resolve'0 _19}- s2 | s2 = Context'0.t_Context {self.current} - (fun (ralloc'1:Bump'0.t_Bump) (rhashcons'1:MyHashMap'0.t_MyHashMap (Node'0.t_Node) (Bdd'0.t_Bdd)) (rhashcons_ghost'1:Snapshot.snap_ty (Map.map uint64 (Node'0.t_Node))) (rnot_memo'1:MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd) (Bdd'0.t_Bdd)) (rand_memo'1:MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd, Bdd'0.t_Bdd) (Bdd'0.t_Bdd)) (rcnt'1:uint64) -> + (fun (ralloc'1:Bump'0.t_Bump) (rhashcons'1:MyHashMap'0.t_MyHashMap (Node'0.t_Node) (Bdd'0.t_Bdd)) (rhashcons_ghost'1:Snapshot.snap_ty (Map.map UInt64.t (Node'0.t_Node))) (rnot_memo'1:MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd) (Bdd'0.t_Bdd)) (rand_memo'1:MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd, Bdd'0.t_Bdd) (Bdd'0.t_Bdd)) (rcnt'1:UInt64.t) -> Borrow.borrow_final {rhashcons'1} @@ -2305,15 +2350,15 @@ module M_bdd__qyi11078426090797403070__hashcons [#"bdd.rs" 447 4 447 58] (* Cont | bb7 = s0 [ s0 = Context'0.t_Context {self.current} - (fun (ralloc'0:Bump'0.t_Bump) (rhashcons'0:MyHashMap'0.t_MyHashMap (Node'0.t_Node) (Bdd'0.t_Bdd)) (rhashcons_ghost'0:Snapshot.snap_ty (Map.map uint64 (Node'0.t_Node))) (rnot_memo'0:MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd) (Bdd'0.t_Bdd)) (rand_memo'0:MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd, Bdd'0.t_Bdd) (Bdd'0.t_Bdd)) (rcnt'0:uint64) -> + (fun (ralloc'0:Bump'0.t_Bump) (rhashcons'0:MyHashMap'0.t_MyHashMap (Node'0.t_Node) (Bdd'0.t_Bdd)) (rhashcons_ghost'0:Snapshot.snap_ty (Map.map UInt64.t (Node'0.t_Node))) (rnot_memo'0:MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd) (Bdd'0.t_Bdd)) (rand_memo'0:MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd, Bdd'0.t_Bdd) (Bdd'0.t_Bdd)) (rcnt'0:UInt64.t) -> [ &self <- { self with current = Context'0.C_Context ralloc'0 rhashcons'0 _27 rnot_memo'0 rand_memo'0 rcnt'0 ; } ] s1) - | s1 = UInt64.sub {[%#sbdd1] (18446744073709551615 : uint64)} {[%#sbdd2] (1 : uint64)} - (fun (_ret':uint64) -> [ &_32 <- _ret' ] s2) + | s1 = UInt64.sub {[%#sbdd2] (18446744073709551615 : UInt64.t)} {[%#sbdd1] (1 : UInt64.t)} + (fun (_ret':UInt64.t) -> [ &_32 <- _ret' ] s2) | s2 = Context'0.t_Context {self.current} - (fun (ralloc'1:Bump'0.t_Bump) (rhashcons'1:MyHashMap'0.t_MyHashMap (Node'0.t_Node) (Bdd'0.t_Bdd)) (rhashcons_ghost'1:Snapshot.snap_ty (Map.map uint64 (Node'0.t_Node))) (rnot_memo'1:MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd) (Bdd'0.t_Bdd)) (rand_memo'1:MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd, Bdd'0.t_Bdd) (Bdd'0.t_Bdd)) (rcnt'1:uint64) -> + (fun (ralloc'1:Bump'0.t_Bump) (rhashcons'1:MyHashMap'0.t_MyHashMap (Node'0.t_Node) (Bdd'0.t_Bdd)) (rhashcons_ghost'1:Snapshot.snap_ty (Map.map UInt64.t (Node'0.t_Node))) (rnot_memo'1:MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd) (Bdd'0.t_Bdd)) (rand_memo'1:MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd, Bdd'0.t_Bdd) (Bdd'0.t_Bdd)) (rcnt'1:UInt64.t) -> UInt64.gt {rcnt'1} {_32} (fun (_ret':bool) -> [ &_30 <- _ret' ] s3)) | s3 = any [ br0 -> {_30 = false} (! bb11) | br1 -> {_30} (! bb8) ] ] @@ -2323,9 +2368,9 @@ module M_bdd__qyi11078426090797403070__hashcons [#"bdd.rs" 447 4 447 58] (* Cont (! s0) [ s0 = bb10 ] [ bb10 = s0 [ s0 = Context'0.t_Context {self.current} - (fun (ralloc'0:Bump'0.t_Bump) (rhashcons'0:MyHashMap'0.t_MyHashMap (Node'0.t_Node) (Bdd'0.t_Bdd)) (rhashcons_ghost'0:Snapshot.snap_ty (Map.map uint64 (Node'0.t_Node))) (rnot_memo'0:MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd) (Bdd'0.t_Bdd)) (rand_memo'0:MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd, Bdd'0.t_Bdd) (Bdd'0.t_Bdd)) (rcnt'0:uint64) -> + (fun (ralloc'0:Bump'0.t_Bump) (rhashcons'0:MyHashMap'0.t_MyHashMap (Node'0.t_Node) (Bdd'0.t_Bdd)) (rhashcons_ghost'0:Snapshot.snap_ty (Map.map UInt64.t (Node'0.t_Node))) (rnot_memo'0:MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd) (Bdd'0.t_Bdd)) (rand_memo'0:MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd, Bdd'0.t_Bdd) (Bdd'0.t_Bdd)) (rcnt'0:UInt64.t) -> Context'0.t_Context {self.current} - (fun (ralloc'1:Bump'0.t_Bump) (rhashcons'1:MyHashMap'0.t_MyHashMap (Node'0.t_Node) (Bdd'0.t_Bdd)) (rhashcons_ghost'1:Snapshot.snap_ty (Map.map uint64 (Node'0.t_Node))) (rnot_memo'1:MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd) (Bdd'0.t_Bdd)) (rand_memo'1:MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd, Bdd'0.t_Bdd) (Bdd'0.t_Bdd)) (rcnt'1:uint64) -> + (fun (ralloc'1:Bump'0.t_Bump) (rhashcons'1:MyHashMap'0.t_MyHashMap (Node'0.t_Node) (Bdd'0.t_Bdd)) (rhashcons_ghost'1:Snapshot.snap_ty (Map.map UInt64.t (Node'0.t_Node))) (rnot_memo'1:MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd) (Bdd'0.t_Bdd)) (rand_memo'1:MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd, Bdd'0.t_Bdd) (Bdd'0.t_Bdd)) (rcnt'1:UInt64.t) -> [ &self <- { self with current = Context'0.C_Context ralloc'1 rhashcons'1 rhashcons_ghost'1 rnot_memo'1 rand_memo'1 rcnt'0 ; } ] @@ -2336,11 +2381,11 @@ module M_bdd__qyi11078426090797403070__hashcons [#"bdd.rs" 447 4 447 58] (* Cont | bb11 = s0 [ s0 = Context'0.t_Context {self.current} - (fun (ralloc'0:Bump'0.t_Bump) (rhashcons'0:MyHashMap'0.t_MyHashMap (Node'0.t_Node) (Bdd'0.t_Bdd)) (rhashcons_ghost'0:Snapshot.snap_ty (Map.map uint64 (Node'0.t_Node))) (rnot_memo'0:MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd) (Bdd'0.t_Bdd)) (rand_memo'0:MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd, Bdd'0.t_Bdd) (Bdd'0.t_Bdd)) (rcnt'0:uint64) -> - UInt64.add {rcnt'0} {[%#sbdd3] (1 : uint64)} - (fun (_ret':uint64) -> + (fun (ralloc'0:Bump'0.t_Bump) (rhashcons'0:MyHashMap'0.t_MyHashMap (Node'0.t_Node) (Bdd'0.t_Bdd)) (rhashcons_ghost'0:Snapshot.snap_ty (Map.map UInt64.t (Node'0.t_Node))) (rnot_memo'0:MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd) (Bdd'0.t_Bdd)) (rand_memo'0:MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd, Bdd'0.t_Bdd) (Bdd'0.t_Bdd)) (rcnt'0:UInt64.t) -> + UInt64.add {rcnt'0} {[%#sbdd3] (1 : UInt64.t)} + (fun (_ret':UInt64.t) -> Context'0.t_Context {self.current} - (fun (ralloc'1:Bump'0.t_Bump) (rhashcons'1:MyHashMap'0.t_MyHashMap (Node'0.t_Node) (Bdd'0.t_Bdd)) (rhashcons_ghost'1:Snapshot.snap_ty (Map.map uint64 (Node'0.t_Node))) (rnot_memo'1:MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd) (Bdd'0.t_Bdd)) (rand_memo'1:MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd, Bdd'0.t_Bdd) (Bdd'0.t_Bdd)) (rcnt'1:uint64) -> + (fun (ralloc'1:Bump'0.t_Bump) (rhashcons'1:MyHashMap'0.t_MyHashMap (Node'0.t_Node) (Bdd'0.t_Bdd)) (rhashcons_ghost'1:Snapshot.snap_ty (Map.map UInt64.t (Node'0.t_Node))) (rnot_memo'1:MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd) (Bdd'0.t_Bdd)) (rand_memo'1:MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd, Bdd'0.t_Bdd) (Bdd'0.t_Bdd)) (rcnt'1:UInt64.t) -> [ &self <- { self with current = Context'0.C_Context ralloc'1 rhashcons'1 rhashcons_ghost'1 rnot_memo'1 rand_memo'1 _ret' ; } ] @@ -2371,9 +2416,9 @@ module M_bdd__qyi11078426090797403070__hashcons [#"bdd.rs" 447 4 447 58] (* Cont | & _19 : borrowed (Node'0.t_Node) = any_l () | & _23 : () = any_l () | & _24 : borrowed (MyHashMap'0.t_MyHashMap (Node'0.t_Node) (Bdd'0.t_Bdd)) = any_l () - | & _27 : Snapshot.snap_ty (Map.map uint64 (Node'0.t_Node)) = any_l () + | & _27 : Snapshot.snap_ty (Map.map UInt64.t (Node'0.t_Node)) = any_l () | & _30 : bool = any_l () - | & _32 : uint64 = any_l () + | & _32 : UInt64.t = any_l () | & old_9_0 : Snapshot.snap_ty (borrowed (Context'0.t_Context)) = any_l () ] [ return' (result:Bdd'0.t_Bdd)-> {[@expl:postcondition] [%#sbdd9] is_valid_bdd'0 self.final result} @@ -2425,7 +2470,7 @@ module M_bdd__qyi11078426090797403070__node [#"bdd.rs" 472 4 472 87] (* Context< use T_bdd__hashmap__MyHashMap as MyHashMap'0 - function view'7 [#"bdd.rs" 50 8 50 37] (self : MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd, Bdd'0.t_Bdd) (Bdd'0.t_Bdd)) : Map.map (uint64, uint64) (Option'0.t_Option (Bdd'0.t_Bdd)) + function view'7 [#"bdd.rs" 50 8 50 37] (self : MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd, Bdd'0.t_Bdd) (Bdd'0.t_Bdd)) : Map.map (UInt64.t, UInt64.t) (Option'0.t_Option (Bdd'0.t_Bdd)) use T_bdd__Context as T_bdd__Context @@ -2436,26 +2481,30 @@ module M_bdd__qyi11078426090797403070__node [#"bdd.rs" 472 4 472 87] (* Context< use T_bdd__hashmap__MyHashMap as MyHashMap'0 - function view'6 [#"bdd.rs" 50 8 50 37] (self : MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd) (Bdd'0.t_Bdd)) : Map.map uint64 (Option'0.t_Option (Bdd'0.t_Bdd)) + function view'6 [#"bdd.rs" 50 8 50 37] (self : MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd) (Bdd'0.t_Bdd)) : Map.map UInt64.t (Option'0.t_Option (Bdd'0.t_Bdd)) use T_bdd__Context as T_bdd__Context - use prelude.prelude.UInt64 + use prelude.prelude.UInt64.to_uint use prelude.prelude.Borrow - function view'3 (self : uint64) : int = + function view'3 (self : UInt64.t) : int = [%#smodel18] UInt64.to_int self - constant v_MAX'0 : uint64 = (18446744073709551615 : uint64) + use prelude.prelude.Int128.to_int + + use prelude.prelude.Int128 + + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) use T_bdd__Node as Node'0 function leastvar'0 [#"bdd.rs" 243 4 243 28] (self : Bdd'0.t_Bdd) : int = [%#sbdd15] match self with - | Bdd'0.C_Bdd (Node'0.C_True) _ -> UInt64.to_int (v_MAX'0 : uint64) + 1 - | Bdd'0.C_Bdd (Node'0.C_False) _ -> UInt64.to_int (v_MAX'0 : uint64) + 1 + | Bdd'0.C_Bdd (Node'0.C_True) _ -> UInt64.to_int (v_MAX'0 : UInt64.t) + Int128.to_int (1 : Int128.t) + | Bdd'0.C_Bdd (Node'0.C_False) _ -> UInt64.to_int (v_MAX'0 : UInt64.t) + Int128.to_int (1 : Int128.t) | Bdd'0.C_Bdd (Node'0.C_If v _ _) _ -> view'3 v end @@ -2463,7 +2512,7 @@ module M_bdd__qyi11078426090797403070__node [#"bdd.rs" 472 4 472 87] (* Context< use map.Map - function interp'0 [#"bdd.rs" 213 4 213 53] (self : Bdd'0.t_Bdd) (vars : Map.map uint64 bool) : bool = + function interp'0 [#"bdd.rs" 213 4 213 53] (self : Bdd'0.t_Bdd) (vars : Map.map UInt64.t bool) : bool = [%#sbdd17] match self with | Bdd'0.C_Bdd (Node'0.C_True) _ -> true | Bdd'0.C_Bdd (Node'0.C_False) _ -> false @@ -2536,18 +2585,18 @@ module M_bdd__qyi11078426090797403070__node [#"bdd.rs" 472 4 472 87] (* Context< = T_bdd__Bdd.t_Bdd__0 b | Option'0.C_None -> true end) - /\ (forall bm : uint64 . match Map.get (view'6 (T_bdd__Context.t_Context__not_memo self)) bm with + /\ (forall bm : UInt64.t . match Map.get (view'6 (T_bdd__Context.t_Context__not_memo self)) bm with | Option'0.C_None -> true | Option'0.C_Some n -> let b = Bdd'0.C_Bdd (Map.get (Snapshot.inner (T_bdd__Context.t_Context__hashcons_ghost self)) bm) bm in is_valid_bdd'0 self n /\ is_valid_bdd'0 self b - /\ (forall v : Map.map uint64 bool . interp'0 n v = (not interp'0 b v)) /\ leastvar'0 b <= leastvar'0 n + /\ (forall v : Map.map UInt64.t bool . interp'0 n v = (not interp'0 b v)) /\ leastvar'0 b <= leastvar'0 n end) - /\ (forall abm : (uint64, uint64) . match Map.get (view'7 (T_bdd__Context.t_Context__and_memo self)) abm with + /\ (forall abm : (UInt64.t, UInt64.t) . match Map.get (view'7 (T_bdd__Context.t_Context__and_memo self)) abm with | Option'0.C_None -> true | Option'0.C_Some n -> let a = Bdd'0.C_Bdd (Map.get (Snapshot.inner (T_bdd__Context.t_Context__hashcons_ghost self)) (let (a, _) = abm in a)) (let (a, _) = abm in a) in let b = Bdd'0.C_Bdd (Map.get (Snapshot.inner (T_bdd__Context.t_Context__hashcons_ghost self)) (let (_, a) = abm in a)) (let (_, a) = abm in a) in is_valid_bdd'0 self n /\ is_valid_bdd'0 self a /\ is_valid_bdd'0 self b - /\ (forall v : Map.map uint64 bool . interp'0 n v = (interp'0 a v /\ interp'0 b v)) + /\ (forall v : Map.map UInt64.t bool . interp'0 n v = (interp'0 a v /\ interp'0 b v)) /\ (leastvar'0 a <= leastvar'0 n \/ leastvar'0 b <= leastvar'0 n) end) @@ -2591,13 +2640,13 @@ module M_bdd__qyi11078426090797403070__node [#"bdd.rs" 472 4 472 87] (* Context< predicate resolve'0 (_1 : borrowed (Context'0.t_Context)) = resolve'1 _1 - function deep_model'0 [#"bdd.rs" 189 4 189 44] (self : Bdd'0.t_Bdd) : uint64 = + function deep_model'0 [#"bdd.rs" 189 4 189 44] (self : Bdd'0.t_Bdd) : UInt64.t = [%#sbdd25] T_bdd__Bdd.t_Bdd__1 self - function view'4 [#"bdd.rs" 199 4 199 33] (self : Bdd'0.t_Bdd) : uint64 = + function view'4 [#"bdd.rs" 199 4 199 33] (self : Bdd'0.t_Bdd) : UInt64.t = [%#sbdd21] deep_model'0 self - function view'0 (self : Bdd'0.t_Bdd) : uint64 = + function view'0 (self : Bdd'0.t_Bdd) : UInt64.t = [%#smodel18] view'4 self let rec eq'0 (self:Bdd'0.t_Bdd) (o:Bdd'0.t_Bdd) (return' (ret:bool))= any @@ -2606,7 +2655,7 @@ module M_bdd__qyi11078426090797403070__node [#"bdd.rs" 472 4 472 87] (* Context< meta "compute_max_steps" 1000000 - let rec node (self:borrowed (Context'0.t_Context)) (x:uint64) (childt:Bdd'0.t_Bdd) (childf:Bdd'0.t_Bdd) (return' (ret:Bdd'0.t_Bdd))= {[%#sbdd3] inv'0 self} + let rec node (self:borrowed (Context'0.t_Context)) (x:UInt64.t) (childt:Bdd'0.t_Bdd) (childf:Bdd'0.t_Bdd) (return' (ret:Bdd'0.t_Bdd))= {[%#sbdd3] inv'0 self} {[%#sbdd2] UInt64.to_int x < leastvar'0 childt /\ UInt64.to_int x < leastvar'0 childf} {[%#sbdd1] is_valid_bdd'0 self.current childf} {[%#sbdd0] is_valid_bdd'0 self.current childt} @@ -2636,7 +2685,7 @@ module M_bdd__qyi11078426090797403070__node [#"bdd.rs" 472 4 472 87] (* Context< ) [ & _0 : Bdd'0.t_Bdd = any_l () | & self : borrowed (Context'0.t_Context) = self - | & x : uint64 = x + | & x : UInt64.t = x | & childt : Bdd'0.t_Bdd = childt | & childf : Bdd'0.t_Bdd = childf | & _13 : bool = any_l () @@ -2644,7 +2693,7 @@ module M_bdd__qyi11078426090797403070__node [#"bdd.rs" 472 4 472 87] (* Context< | & _18 : Node'0.t_Node = any_l () ] [ return' (result:Bdd'0.t_Bdd)-> {[@expl:postcondition] [%#sbdd7] UInt64.to_int x <= leastvar'0 result} - {[@expl:postcondition] [%#sbdd6] forall v : Map.map uint64 bool . interp'0 result v + {[@expl:postcondition] [%#sbdd6] forall v : Map.map UInt64.t bool . interp'0 result v = (if Map.get v x then interp'0 childt v else interp'0 childf v)} {[@expl:postcondition] [%#sbdd5] is_valid_bdd'0 self.final result} {[@expl:postcondition] [%#sbdd4] grows'0 self} @@ -2701,7 +2750,7 @@ module M_bdd__qyi11078426090797403070__trueqy95z [#"bdd.rs" 483 4 483 42] (* Con use T_bdd__hashmap__MyHashMap as MyHashMap'0 - function view'5 [#"bdd.rs" 50 8 50 37] (self : MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd, Bdd'0.t_Bdd) (Bdd'0.t_Bdd)) : Map.map (uint64, uint64) (Option'0.t_Option (Bdd'0.t_Bdd)) + function view'5 [#"bdd.rs" 50 8 50 37] (self : MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd, Bdd'0.t_Bdd) (Bdd'0.t_Bdd)) : Map.map (UInt64.t, UInt64.t) (Option'0.t_Option (Bdd'0.t_Bdd)) use T_bdd__Context as T_bdd__Context @@ -2712,24 +2761,28 @@ module M_bdd__qyi11078426090797403070__trueqy95z [#"bdd.rs" 483 4 483 42] (* Con use T_bdd__hashmap__MyHashMap as MyHashMap'0 - function view'4 [#"bdd.rs" 50 8 50 37] (self : MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd) (Bdd'0.t_Bdd)) : Map.map uint64 (Option'0.t_Option (Bdd'0.t_Bdd)) + function view'4 [#"bdd.rs" 50 8 50 37] (self : MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd) (Bdd'0.t_Bdd)) : Map.map UInt64.t (Option'0.t_Option (Bdd'0.t_Bdd)) use T_bdd__Context as T_bdd__Context - use prelude.prelude.UInt64 + use prelude.prelude.UInt64.to_uint - function view'2 (self : uint64) : int = + function view'2 (self : UInt64.t) : int = [%#smodel16] UInt64.to_int self - constant v_MAX'0 : uint64 = (18446744073709551615 : uint64) + use prelude.prelude.Int128.to_int + + use prelude.prelude.Int128 + + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) use T_bdd__Node as Node'0 function leastvar'0 [#"bdd.rs" 243 4 243 28] (self : Bdd'0.t_Bdd) : int = [%#sbdd13] match self with - | Bdd'0.C_Bdd (Node'0.C_True) _ -> UInt64.to_int (v_MAX'0 : uint64) + 1 - | Bdd'0.C_Bdd (Node'0.C_False) _ -> UInt64.to_int (v_MAX'0 : uint64) + 1 + | Bdd'0.C_Bdd (Node'0.C_True) _ -> UInt64.to_int (v_MAX'0 : UInt64.t) + Int128.to_int (1 : Int128.t) + | Bdd'0.C_Bdd (Node'0.C_False) _ -> UInt64.to_int (v_MAX'0 : UInt64.t) + Int128.to_int (1 : Int128.t) | Bdd'0.C_Bdd (Node'0.C_If v _ _) _ -> view'2 v end @@ -2737,7 +2790,7 @@ module M_bdd__qyi11078426090797403070__trueqy95z [#"bdd.rs" 483 4 483 42] (* Con use map.Map - function interp'0 [#"bdd.rs" 213 4 213 53] (self : Bdd'0.t_Bdd) (vars : Map.map uint64 bool) : bool = + function interp'0 [#"bdd.rs" 213 4 213 53] (self : Bdd'0.t_Bdd) (vars : Map.map UInt64.t bool) : bool = [%#sbdd12] match self with | Bdd'0.C_Bdd (Node'0.C_True) _ -> true | Bdd'0.C_Bdd (Node'0.C_False) _ -> false @@ -2808,18 +2861,18 @@ module M_bdd__qyi11078426090797403070__trueqy95z [#"bdd.rs" 483 4 483 42] (* Con = T_bdd__Bdd.t_Bdd__0 b | Option'0.C_None -> true end) - /\ (forall bm : uint64 . match Map.get (view'4 (T_bdd__Context.t_Context__not_memo self)) bm with + /\ (forall bm : UInt64.t . match Map.get (view'4 (T_bdd__Context.t_Context__not_memo self)) bm with | Option'0.C_None -> true | Option'0.C_Some n -> let b = Bdd'0.C_Bdd (Map.get (Snapshot.inner (T_bdd__Context.t_Context__hashcons_ghost self)) bm) bm in is_valid_bdd'0 self n /\ is_valid_bdd'0 self b - /\ (forall v : Map.map uint64 bool . interp'0 n v = (not interp'0 b v)) /\ leastvar'0 b <= leastvar'0 n + /\ (forall v : Map.map UInt64.t bool . interp'0 n v = (not interp'0 b v)) /\ leastvar'0 b <= leastvar'0 n end) - /\ (forall abm : (uint64, uint64) . match Map.get (view'5 (T_bdd__Context.t_Context__and_memo self)) abm with + /\ (forall abm : (UInt64.t, UInt64.t) . match Map.get (view'5 (T_bdd__Context.t_Context__and_memo self)) abm with | Option'0.C_None -> true | Option'0.C_Some n -> let a = Bdd'0.C_Bdd (Map.get (Snapshot.inner (T_bdd__Context.t_Context__hashcons_ghost self)) (let (a, _) = abm in a)) (let (a, _) = abm in a) in let b = Bdd'0.C_Bdd (Map.get (Snapshot.inner (T_bdd__Context.t_Context__hashcons_ghost self)) (let (_, a) = abm in a)) (let (_, a) = abm in a) in is_valid_bdd'0 self n /\ is_valid_bdd'0 self a /\ is_valid_bdd'0 self b - /\ (forall v : Map.map uint64 bool . interp'0 n v = (interp'0 a v /\ interp'0 b v)) + /\ (forall v : Map.map UInt64.t bool . interp'0 n v = (interp'0 a v /\ interp'0 b v)) /\ (leastvar'0 a <= leastvar'0 n \/ leastvar'0 b <= leastvar'0 n) end) @@ -2877,9 +2930,10 @@ module M_bdd__qyi11078426090797403070__trueqy95z [#"bdd.rs" 483 4 483 42] (* Con | & _6 : borrowed (Context'0.t_Context) = any_l () | & _7 : Node'0.t_Node = any_l () ] - [ return' (result:Bdd'0.t_Bdd)-> {[@expl:postcondition] [%#sbdd4] UInt64.to_int (v_MAX'0 : uint64) + 1 + [ return' (result:Bdd'0.t_Bdd)-> {[@expl:postcondition] [%#sbdd4] UInt64.to_int (v_MAX'0 : UInt64.t) + + Int128.to_int (1 : Int128.t) = leastvar'0 result} - {[@expl:postcondition] [%#sbdd3] forall v : Map.map uint64 bool . interp'0 result v} + {[@expl:postcondition] [%#sbdd3] forall v : Map.map UInt64.t bool . interp'0 result v} {[@expl:postcondition] [%#sbdd2] is_valid_bdd'0 self.final result} {[@expl:postcondition] [%#sbdd1] grows'0 self} (! return' {result}) ] @@ -2935,7 +2989,7 @@ module M_bdd__qyi11078426090797403070__falseqy95z [#"bdd.rs" 491 4 491 43] (* Co use T_bdd__hashmap__MyHashMap as MyHashMap'0 - function view'5 [#"bdd.rs" 50 8 50 37] (self : MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd, Bdd'0.t_Bdd) (Bdd'0.t_Bdd)) : Map.map (uint64, uint64) (Option'0.t_Option (Bdd'0.t_Bdd)) + function view'5 [#"bdd.rs" 50 8 50 37] (self : MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd, Bdd'0.t_Bdd) (Bdd'0.t_Bdd)) : Map.map (UInt64.t, UInt64.t) (Option'0.t_Option (Bdd'0.t_Bdd)) use T_bdd__Context as T_bdd__Context @@ -2946,24 +3000,28 @@ module M_bdd__qyi11078426090797403070__falseqy95z [#"bdd.rs" 491 4 491 43] (* Co use T_bdd__hashmap__MyHashMap as MyHashMap'0 - function view'4 [#"bdd.rs" 50 8 50 37] (self : MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd) (Bdd'0.t_Bdd)) : Map.map uint64 (Option'0.t_Option (Bdd'0.t_Bdd)) + function view'4 [#"bdd.rs" 50 8 50 37] (self : MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd) (Bdd'0.t_Bdd)) : Map.map UInt64.t (Option'0.t_Option (Bdd'0.t_Bdd)) use T_bdd__Context as T_bdd__Context - use prelude.prelude.UInt64 + use prelude.prelude.UInt64.to_uint - function view'2 (self : uint64) : int = + function view'2 (self : UInt64.t) : int = [%#smodel16] UInt64.to_int self - constant v_MAX'0 : uint64 = (18446744073709551615 : uint64) + use prelude.prelude.Int128.to_int + + use prelude.prelude.Int128 + + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) use T_bdd__Node as Node'0 function leastvar'0 [#"bdd.rs" 243 4 243 28] (self : Bdd'0.t_Bdd) : int = [%#sbdd13] match self with - | Bdd'0.C_Bdd (Node'0.C_True) _ -> UInt64.to_int (v_MAX'0 : uint64) + 1 - | Bdd'0.C_Bdd (Node'0.C_False) _ -> UInt64.to_int (v_MAX'0 : uint64) + 1 + | Bdd'0.C_Bdd (Node'0.C_True) _ -> UInt64.to_int (v_MAX'0 : UInt64.t) + Int128.to_int (1 : Int128.t) + | Bdd'0.C_Bdd (Node'0.C_False) _ -> UInt64.to_int (v_MAX'0 : UInt64.t) + Int128.to_int (1 : Int128.t) | Bdd'0.C_Bdd (Node'0.C_If v _ _) _ -> view'2 v end @@ -2971,7 +3029,7 @@ module M_bdd__qyi11078426090797403070__falseqy95z [#"bdd.rs" 491 4 491 43] (* Co use map.Map - function interp'0 [#"bdd.rs" 213 4 213 53] (self : Bdd'0.t_Bdd) (vars : Map.map uint64 bool) : bool = + function interp'0 [#"bdd.rs" 213 4 213 53] (self : Bdd'0.t_Bdd) (vars : Map.map UInt64.t bool) : bool = [%#sbdd12] match self with | Bdd'0.C_Bdd (Node'0.C_True) _ -> true | Bdd'0.C_Bdd (Node'0.C_False) _ -> false @@ -3042,18 +3100,18 @@ module M_bdd__qyi11078426090797403070__falseqy95z [#"bdd.rs" 491 4 491 43] (* Co = T_bdd__Bdd.t_Bdd__0 b | Option'0.C_None -> true end) - /\ (forall bm : uint64 . match Map.get (view'4 (T_bdd__Context.t_Context__not_memo self)) bm with + /\ (forall bm : UInt64.t . match Map.get (view'4 (T_bdd__Context.t_Context__not_memo self)) bm with | Option'0.C_None -> true | Option'0.C_Some n -> let b = Bdd'0.C_Bdd (Map.get (Snapshot.inner (T_bdd__Context.t_Context__hashcons_ghost self)) bm) bm in is_valid_bdd'0 self n /\ is_valid_bdd'0 self b - /\ (forall v : Map.map uint64 bool . interp'0 n v = (not interp'0 b v)) /\ leastvar'0 b <= leastvar'0 n + /\ (forall v : Map.map UInt64.t bool . interp'0 n v = (not interp'0 b v)) /\ leastvar'0 b <= leastvar'0 n end) - /\ (forall abm : (uint64, uint64) . match Map.get (view'5 (T_bdd__Context.t_Context__and_memo self)) abm with + /\ (forall abm : (UInt64.t, UInt64.t) . match Map.get (view'5 (T_bdd__Context.t_Context__and_memo self)) abm with | Option'0.C_None -> true | Option'0.C_Some n -> let a = Bdd'0.C_Bdd (Map.get (Snapshot.inner (T_bdd__Context.t_Context__hashcons_ghost self)) (let (a, _) = abm in a)) (let (a, _) = abm in a) in let b = Bdd'0.C_Bdd (Map.get (Snapshot.inner (T_bdd__Context.t_Context__hashcons_ghost self)) (let (_, a) = abm in a)) (let (_, a) = abm in a) in is_valid_bdd'0 self n /\ is_valid_bdd'0 self a /\ is_valid_bdd'0 self b - /\ (forall v : Map.map uint64 bool . interp'0 n v = (interp'0 a v /\ interp'0 b v)) + /\ (forall v : Map.map UInt64.t bool . interp'0 n v = (interp'0 a v /\ interp'0 b v)) /\ (leastvar'0 a <= leastvar'0 n \/ leastvar'0 b <= leastvar'0 n) end) @@ -3111,9 +3169,10 @@ module M_bdd__qyi11078426090797403070__falseqy95z [#"bdd.rs" 491 4 491 43] (* Co | & _6 : borrowed (Context'0.t_Context) = any_l () | & _7 : Node'0.t_Node = any_l () ] - [ return' (result:Bdd'0.t_Bdd)-> {[@expl:postcondition] [%#sbdd4] UInt64.to_int (v_MAX'0 : uint64) + 1 + [ return' (result:Bdd'0.t_Bdd)-> {[@expl:postcondition] [%#sbdd4] UInt64.to_int (v_MAX'0 : UInt64.t) + + Int128.to_int (1 : Int128.t) = leastvar'0 result} - {[@expl:postcondition] [%#sbdd3] forall v : Map.map uint64 bool . not interp'0 result v} + {[@expl:postcondition] [%#sbdd3] forall v : Map.map UInt64.t bool . not interp'0 result v} {[@expl:postcondition] [%#sbdd2] is_valid_bdd'0 self.final result} {[@expl:postcondition] [%#sbdd1] grows'0 self} (! return' {result}) ] @@ -3181,7 +3240,7 @@ module M_bdd__qyi11078426090797403070__v [#"bdd.rs" 498 4 498 46] (* Context<'ar use T_bdd__hashmap__MyHashMap as MyHashMap'0 - function view'5 [#"bdd.rs" 50 8 50 37] (self : MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd, Bdd'0.t_Bdd) (Bdd'0.t_Bdd)) : Map.map (uint64, uint64) (Option'0.t_Option (Bdd'0.t_Bdd)) + function view'5 [#"bdd.rs" 50 8 50 37] (self : MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd, Bdd'0.t_Bdd) (Bdd'0.t_Bdd)) : Map.map (UInt64.t, UInt64.t) (Option'0.t_Option (Bdd'0.t_Bdd)) use T_bdd__Context as T_bdd__Context @@ -3192,24 +3251,28 @@ module M_bdd__qyi11078426090797403070__v [#"bdd.rs" 498 4 498 46] (* Context<'ar use T_bdd__hashmap__MyHashMap as MyHashMap'0 - function view'4 [#"bdd.rs" 50 8 50 37] (self : MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd) (Bdd'0.t_Bdd)) : Map.map uint64 (Option'0.t_Option (Bdd'0.t_Bdd)) + function view'4 [#"bdd.rs" 50 8 50 37] (self : MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd) (Bdd'0.t_Bdd)) : Map.map UInt64.t (Option'0.t_Option (Bdd'0.t_Bdd)) use T_bdd__Context as T_bdd__Context - use prelude.prelude.UInt64 + use prelude.prelude.UInt64.to_uint - function view'2 (self : uint64) : int = + function view'2 (self : UInt64.t) : int = [%#smodel27] UInt64.to_int self - constant v_MAX'0 : uint64 = (18446744073709551615 : uint64) + use prelude.prelude.Int128.to_int + + use prelude.prelude.Int128 + + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) use T_bdd__Node as Node'0 function leastvar'0 [#"bdd.rs" 243 4 243 28] (self : Bdd'0.t_Bdd) : int = [%#sbdd25] match self with - | Bdd'0.C_Bdd (Node'0.C_True) _ -> UInt64.to_int (v_MAX'0 : uint64) + 1 - | Bdd'0.C_Bdd (Node'0.C_False) _ -> UInt64.to_int (v_MAX'0 : uint64) + 1 + | Bdd'0.C_Bdd (Node'0.C_True) _ -> UInt64.to_int (v_MAX'0 : UInt64.t) + Int128.to_int (1 : Int128.t) + | Bdd'0.C_Bdd (Node'0.C_False) _ -> UInt64.to_int (v_MAX'0 : UInt64.t) + Int128.to_int (1 : Int128.t) | Bdd'0.C_Bdd (Node'0.C_If v _ _) _ -> view'2 v end @@ -3217,7 +3280,7 @@ module M_bdd__qyi11078426090797403070__v [#"bdd.rs" 498 4 498 46] (* Context<'ar use map.Map - function interp'0 [#"bdd.rs" 213 4 213 53] (self : Bdd'0.t_Bdd) (vars : Map.map uint64 bool) : bool = + function interp'0 [#"bdd.rs" 213 4 213 53] (self : Bdd'0.t_Bdd) (vars : Map.map UInt64.t bool) : bool = [%#sbdd24] match self with | Bdd'0.C_Bdd (Node'0.C_True) _ -> true | Bdd'0.C_Bdd (Node'0.C_False) _ -> false @@ -3288,18 +3351,18 @@ module M_bdd__qyi11078426090797403070__v [#"bdd.rs" 498 4 498 46] (* Context<'ar = T_bdd__Bdd.t_Bdd__0 b | Option'0.C_None -> true end) - /\ (forall bm : uint64 . match Map.get (view'4 (T_bdd__Context.t_Context__not_memo self)) bm with + /\ (forall bm : UInt64.t . match Map.get (view'4 (T_bdd__Context.t_Context__not_memo self)) bm with | Option'0.C_None -> true | Option'0.C_Some n -> let b = Bdd'0.C_Bdd (Map.get (Snapshot.inner (T_bdd__Context.t_Context__hashcons_ghost self)) bm) bm in is_valid_bdd'0 self n /\ is_valid_bdd'0 self b - /\ (forall v : Map.map uint64 bool . interp'0 n v = (not interp'0 b v)) /\ leastvar'0 b <= leastvar'0 n + /\ (forall v : Map.map UInt64.t bool . interp'0 n v = (not interp'0 b v)) /\ leastvar'0 b <= leastvar'0 n end) - /\ (forall abm : (uint64, uint64) . match Map.get (view'5 (T_bdd__Context.t_Context__and_memo self)) abm with + /\ (forall abm : (UInt64.t, UInt64.t) . match Map.get (view'5 (T_bdd__Context.t_Context__and_memo self)) abm with | Option'0.C_None -> true | Option'0.C_Some n -> let a = Bdd'0.C_Bdd (Map.get (Snapshot.inner (T_bdd__Context.t_Context__hashcons_ghost self)) (let (a, _) = abm in a)) (let (a, _) = abm in a) in let b = Bdd'0.C_Bdd (Map.get (Snapshot.inner (T_bdd__Context.t_Context__hashcons_ghost self)) (let (_, a) = abm in a)) (let (_, a) = abm in a) in is_valid_bdd'0 self n /\ is_valid_bdd'0 self a /\ is_valid_bdd'0 self b - /\ (forall v : Map.map uint64 bool . interp'0 n v = (interp'0 a v /\ interp'0 b v)) + /\ (forall v : Map.map UInt64.t bool . interp'0 n v = (interp'0 a v /\ interp'0 b v)) /\ (leastvar'0 a <= leastvar'0 n \/ leastvar'0 b <= leastvar'0 n) end) @@ -3325,13 +3388,13 @@ module M_bdd__qyi11078426090797403070__v [#"bdd.rs" 498 4 498 46] (* Context<'ar predicate resolve'0 (_1 : borrowed (Context'0.t_Context)) = resolve'1 _1 - let rec node'0 (self:borrowed (Context'0.t_Context)) (x:uint64) (childt:Bdd'0.t_Bdd) (childf:Bdd'0.t_Bdd) (return' (ret:Bdd'0.t_Bdd))= {[@expl:precondition] [%#sbdd17] inv'1 self} + let rec node'0 (self:borrowed (Context'0.t_Context)) (x:UInt64.t) (childt:Bdd'0.t_Bdd) (childf:Bdd'0.t_Bdd) (return' (ret:Bdd'0.t_Bdd))= {[@expl:precondition] [%#sbdd17] inv'1 self} {[@expl:precondition] [%#sbdd16] UInt64.to_int x < leastvar'0 childt /\ UInt64.to_int x < leastvar'0 childf} {[@expl:precondition] [%#sbdd15] is_valid_bdd'0 self.current childf} {[@expl:precondition] [%#sbdd14] is_valid_bdd'0 self.current childt} any [ return' (result:Bdd'0.t_Bdd)-> {[%#sbdd21] UInt64.to_int x <= leastvar'0 result} - {[%#sbdd20] forall v : Map.map uint64 bool . interp'0 result v + {[%#sbdd20] forall v : Map.map UInt64.t bool . interp'0 result v = (if Map.get v x then interp'0 childt v else interp'0 childf v)} {[%#sbdd19] is_valid_bdd'0 self.final result} {[%#sbdd18] grows'0 self} @@ -3340,8 +3403,9 @@ module M_bdd__qyi11078426090797403070__v [#"bdd.rs" 498 4 498 46] (* Context<'ar let rec false_'0 (self:borrowed (Context'0.t_Context)) (return' (ret:Bdd'0.t_Bdd))= {[@expl:precondition] [%#sbdd9] inv'1 self} any - [ return' (result:Bdd'0.t_Bdd)-> {[%#sbdd13] UInt64.to_int (v_MAX'0 : uint64) + 1 = leastvar'0 result} - {[%#sbdd12] forall v : Map.map uint64 bool . not interp'0 result v} + [ return' (result:Bdd'0.t_Bdd)-> {[%#sbdd13] UInt64.to_int (v_MAX'0 : UInt64.t) + Int128.to_int (1 : Int128.t) + = leastvar'0 result} + {[%#sbdd12] forall v : Map.map UInt64.t bool . not interp'0 result v} {[%#sbdd11] is_valid_bdd'0 self.final result} {[%#sbdd10] grows'0 self} (! return' {result}) ] @@ -3349,8 +3413,9 @@ module M_bdd__qyi11078426090797403070__v [#"bdd.rs" 498 4 498 46] (* Context<'ar let rec true_'0 (self:borrowed (Context'0.t_Context)) (return' (ret:Bdd'0.t_Bdd))= {[@expl:precondition] [%#sbdd4] inv'1 self} any - [ return' (result:Bdd'0.t_Bdd)-> {[%#sbdd8] UInt64.to_int (v_MAX'0 : uint64) + 1 = leastvar'0 result} - {[%#sbdd7] forall v : Map.map uint64 bool . interp'0 result v} + [ return' (result:Bdd'0.t_Bdd)-> {[%#sbdd8] UInt64.to_int (v_MAX'0 : UInt64.t) + Int128.to_int (1 : Int128.t) + = leastvar'0 result} + {[%#sbdd7] forall v : Map.map UInt64.t bool . interp'0 result v} {[%#sbdd6] is_valid_bdd'0 self.final result} {[%#sbdd5] grows'0 self} (! return' {result}) ] @@ -3358,7 +3423,7 @@ module M_bdd__qyi11078426090797403070__v [#"bdd.rs" 498 4 498 46] (* Context<'ar meta "compute_max_steps" 1000000 - let rec v (self:borrowed (Context'0.t_Context)) (x:uint64) (return' (ret:Bdd'0.t_Bdd))= {[%#sbdd0] inv'1 self} + let rec v (self:borrowed (Context'0.t_Context)) (x:UInt64.t) (return' (ret:Bdd'0.t_Bdd))= {[%#sbdd0] inv'1 self} (! bb0 [ bb0 = s0 [ s0 = {inv'0 self.current} @@ -3397,14 +3462,14 @@ module M_bdd__qyi11078426090797403070__v [#"bdd.rs" 498 4 498 46] (* Context<'ar ) [ & _0 : Bdd'0.t_Bdd = any_l () | & self : borrowed (Context'0.t_Context) = self - | & x : uint64 = x + | & x : UInt64.t = x | & t : Bdd'0.t_Bdd = any_l () | & _7 : borrowed (Context'0.t_Context) = any_l () | & f : Bdd'0.t_Bdd = any_l () | & _9 : borrowed (Context'0.t_Context) = any_l () | & _10 : borrowed (Context'0.t_Context) = any_l () ] - [ return' (result:Bdd'0.t_Bdd)-> {[@expl:postcondition] [%#sbdd3] forall v : Map.map uint64 bool . interp'0 result v + [ return' (result:Bdd'0.t_Bdd)-> {[@expl:postcondition] [%#sbdd3] forall v : Map.map UInt64.t bool . interp'0 result v = Map.get v x} {[@expl:postcondition] [%#sbdd2] is_valid_bdd'0 self.final result} {[@expl:postcondition] [%#sbdd1] grows'0 self} @@ -3501,7 +3566,7 @@ module M_bdd__qyi11078426090797403070__not [#"bdd.rs" 510 4 510 56] (* Context<' use T_bdd__hashmap__MyHashMap as MyHashMap'0 - function view'7 [#"bdd.rs" 50 8 50 37] (self : MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd, Bdd'0.t_Bdd) (Bdd'0.t_Bdd)) : Map.map (uint64, uint64) (Option'0.t_Option (Bdd'0.t_Bdd)) + function view'7 [#"bdd.rs" 50 8 50 37] (self : MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd, Bdd'0.t_Bdd) (Bdd'0.t_Bdd)) : Map.map (UInt64.t, UInt64.t) (Option'0.t_Option (Bdd'0.t_Bdd)) use T_bdd__Context as T_bdd__Context @@ -3512,24 +3577,28 @@ module M_bdd__qyi11078426090797403070__not [#"bdd.rs" 510 4 510 56] (* Context<' use T_bdd__hashmap__MyHashMap as MyHashMap'0 - function view'1 [#"bdd.rs" 50 8 50 37] (self : MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd) (Bdd'0.t_Bdd)) : Map.map uint64 (Option'0.t_Option (Bdd'0.t_Bdd)) + function view'1 [#"bdd.rs" 50 8 50 37] (self : MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd) (Bdd'0.t_Bdd)) : Map.map UInt64.t (Option'0.t_Option (Bdd'0.t_Bdd)) use T_bdd__Context as T_bdd__Context - use prelude.prelude.UInt64 + use prelude.prelude.UInt64.to_uint - function view'5 (self : uint64) : int = + function view'5 (self : UInt64.t) : int = [%#smodel37] UInt64.to_int self - constant v_MAX'0 : uint64 = (18446744073709551615 : uint64) + use prelude.prelude.Int128.to_int + + use prelude.prelude.Int128 + + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) use T_bdd__Node as Node'0 function leastvar'0 [#"bdd.rs" 243 4 243 28] (self : Bdd'0.t_Bdd) : int = [%#sbdd34] match self with - | Bdd'0.C_Bdd (Node'0.C_True) _ -> UInt64.to_int (v_MAX'0 : uint64) + 1 - | Bdd'0.C_Bdd (Node'0.C_False) _ -> UInt64.to_int (v_MAX'0 : uint64) + 1 + | Bdd'0.C_Bdd (Node'0.C_True) _ -> UInt64.to_int (v_MAX'0 : UInt64.t) + Int128.to_int (1 : Int128.t) + | Bdd'0.C_Bdd (Node'0.C_False) _ -> UInt64.to_int (v_MAX'0 : UInt64.t) + Int128.to_int (1 : Int128.t) | Bdd'0.C_Bdd (Node'0.C_If v _ _) _ -> view'5 v end @@ -3537,7 +3606,7 @@ module M_bdd__qyi11078426090797403070__not [#"bdd.rs" 510 4 510 56] (* Context<' use map.Map - function interp'0 [#"bdd.rs" 213 4 213 53] (self : Bdd'0.t_Bdd) (vars : Map.map uint64 bool) : bool = + function interp'0 [#"bdd.rs" 213 4 213 53] (self : Bdd'0.t_Bdd) (vars : Map.map UInt64.t bool) : bool = [%#sbdd33] match self with | Bdd'0.C_Bdd (Node'0.C_True) _ -> true | Bdd'0.C_Bdd (Node'0.C_False) _ -> false @@ -3608,18 +3677,18 @@ module M_bdd__qyi11078426090797403070__not [#"bdd.rs" 510 4 510 56] (* Context<' = T_bdd__Bdd.t_Bdd__0 b | Option'0.C_None -> true end) - /\ (forall bm : uint64 . match Map.get (view'1 (T_bdd__Context.t_Context__not_memo self)) bm with + /\ (forall bm : UInt64.t . match Map.get (view'1 (T_bdd__Context.t_Context__not_memo self)) bm with | Option'0.C_None -> true | Option'0.C_Some n -> let b = Bdd'0.C_Bdd (Map.get (Snapshot.inner (T_bdd__Context.t_Context__hashcons_ghost self)) bm) bm in is_valid_bdd'0 self n /\ is_valid_bdd'0 self b - /\ (forall v : Map.map uint64 bool . interp'0 n v = (not interp'0 b v)) /\ leastvar'0 b <= leastvar'0 n + /\ (forall v : Map.map UInt64.t bool . interp'0 n v = (not interp'0 b v)) /\ leastvar'0 b <= leastvar'0 n end) - /\ (forall abm : (uint64, uint64) . match Map.get (view'7 (T_bdd__Context.t_Context__and_memo self)) abm with + /\ (forall abm : (UInt64.t, UInt64.t) . match Map.get (view'7 (T_bdd__Context.t_Context__and_memo self)) abm with | Option'0.C_None -> true | Option'0.C_Some n -> let a = Bdd'0.C_Bdd (Map.get (Snapshot.inner (T_bdd__Context.t_Context__hashcons_ghost self)) (let (a, _) = abm in a)) (let (a, _) = abm in a) in let b = Bdd'0.C_Bdd (Map.get (Snapshot.inner (T_bdd__Context.t_Context__hashcons_ghost self)) (let (_, a) = abm in a)) (let (_, a) = abm in a) in is_valid_bdd'0 self n /\ is_valid_bdd'0 self a /\ is_valid_bdd'0 self b - /\ (forall v : Map.map uint64 bool . interp'0 n v = (interp'0 a v /\ interp'0 b v)) + /\ (forall v : Map.map UInt64.t bool . interp'0 n v = (interp'0 a v /\ interp'0 b v)) /\ (leastvar'0 a <= leastvar'0 n \/ leastvar'0 b <= leastvar'0 n) end) @@ -3631,12 +3700,14 @@ module M_bdd__qyi11078426090797403070__not [#"bdd.rs" 510 4 510 56] (* Context<' function size'0 [#"bdd.rs" 228 4 228 24] (self : Bdd'0.t_Bdd) : int = [%#sbdd36] match self with - | Bdd'0.C_Bdd (Node'0.C_True) _ -> 0 - | Bdd'0.C_Bdd (Node'0.C_False) _ -> 0 - | Bdd'0.C_Bdd (Node'0.C_If _ childt childf) _ -> let ht = size'0 childt in let hf = size'0 childf in 1 + ht + hf + | Bdd'0.C_Bdd (Node'0.C_True) _ -> Int128.to_int (0 : Int128.t) + | Bdd'0.C_Bdd (Node'0.C_False) _ -> Int128.to_int (0 : Int128.t) + | Bdd'0.C_Bdd (Node'0.C_If _ childt childf) _ -> let ht = size'0 childt in let hf = size'0 childf in Int128.to_int (1 : Int128.t) + + ht + + hf end - axiom size'0_spec : forall self : Bdd'0.t_Bdd . [%#sbdd35] size'0 self >= 0 + axiom size'0_spec : forall self : Bdd'0.t_Bdd . [%#sbdd35] size'0 self >= Int128.to_int (0 : Int128.t) predicate grows'0 [#"bdd.rs" 300 4 300 35] (self : borrowed (Context'0.t_Context)) = [%#sbdd32] UInt64.to_int (T_bdd__Context.t_Context__cnt self.current) @@ -3654,26 +3725,27 @@ module M_bdd__qyi11078426090797403070__not [#"bdd.rs" 510 4 510 56] (* Context<' predicate resolve'0 (_1 : borrowed (Context'0.t_Context)) = resolve'1 _1 - function view'2 (self : borrowed (MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd) (Bdd'0.t_Bdd))) : Map.map uint64 (Option'0.t_Option (Bdd'0.t_Bdd)) + function view'2 (self : borrowed (MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd) (Bdd'0.t_Bdd))) : Map.map UInt64.t (Option'0.t_Option (Bdd'0.t_Bdd)) = [%#smodel40] view'1 self.current - function deep_model'1 [#"bdd.rs" 189 4 189 44] (self : Bdd'0.t_Bdd) : uint64 = + function deep_model'1 [#"bdd.rs" 189 4 189 44] (self : Bdd'0.t_Bdd) : UInt64.t = [%#sbdd39] T_bdd__Bdd.t_Bdd__1 self let rec add'0 (self:borrowed (MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd) (Bdd'0.t_Bdd))) (key:Bdd'0.t_Bdd) (val':Bdd'0.t_Bdd) (return' (ret:()))= {[@expl:precondition] [%#sbdd29] inv'4 val'} {[@expl:precondition] [%#sbdd28] inv'4 key} any - [ return' (result:())-> {[%#sbdd30] forall i : uint64 . Map.get (view'1 self.final) i + [ return' (result:())-> {[%#sbdd30] forall i : UInt64.t . Map.get (view'1 self.final) i = (if i = deep_model'1 key then Option'0.C_Some val' else Map.get (view'2 self) i)} (! return' {result}) ] let rec true_'0 (self:borrowed (Context'0.t_Context)) (return' (ret:Bdd'0.t_Bdd))= {[@expl:precondition] [%#sbdd23] inv'1 self} any - [ return' (result:Bdd'0.t_Bdd)-> {[%#sbdd27] UInt64.to_int (v_MAX'0 : uint64) + 1 = leastvar'0 result} - {[%#sbdd26] forall v : Map.map uint64 bool . interp'0 result v} + [ return' (result:Bdd'0.t_Bdd)-> {[%#sbdd27] UInt64.to_int (v_MAX'0 : UInt64.t) + Int128.to_int (1 : Int128.t) + = leastvar'0 result} + {[%#sbdd26] forall v : Map.map UInt64.t bool . interp'0 result v} {[%#sbdd25] is_valid_bdd'0 self.final result} {[%#sbdd24] grows'0 self} (! return' {result}) ] @@ -3681,30 +3753,31 @@ module M_bdd__qyi11078426090797403070__not [#"bdd.rs" 510 4 510 56] (* Context<' let rec false_'0 (self:borrowed (Context'0.t_Context)) (return' (ret:Bdd'0.t_Bdd))= {[@expl:precondition] [%#sbdd18] inv'1 self} any - [ return' (result:Bdd'0.t_Bdd)-> {[%#sbdd22] UInt64.to_int (v_MAX'0 : uint64) + 1 = leastvar'0 result} - {[%#sbdd21] forall v : Map.map uint64 bool . not interp'0 result v} + [ return' (result:Bdd'0.t_Bdd)-> {[%#sbdd22] UInt64.to_int (v_MAX'0 : UInt64.t) + Int128.to_int (1 : Int128.t) + = leastvar'0 result} + {[%#sbdd21] forall v : Map.map UInt64.t bool . not interp'0 result v} {[%#sbdd20] is_valid_bdd'0 self.final result} {[%#sbdd19] grows'0 self} (! return' {result}) ] - let rec node'0 (self:borrowed (Context'0.t_Context)) (x:uint64) (childt:Bdd'0.t_Bdd) (childf:Bdd'0.t_Bdd) (return' (ret:Bdd'0.t_Bdd))= {[@expl:precondition] [%#sbdd13] inv'1 self} + let rec node'0 (self:borrowed (Context'0.t_Context)) (x:UInt64.t) (childt:Bdd'0.t_Bdd) (childf:Bdd'0.t_Bdd) (return' (ret:Bdd'0.t_Bdd))= {[@expl:precondition] [%#sbdd13] inv'1 self} {[@expl:precondition] [%#sbdd12] UInt64.to_int x < leastvar'0 childt /\ UInt64.to_int x < leastvar'0 childf} {[@expl:precondition] [%#sbdd11] is_valid_bdd'0 self.current childf} {[@expl:precondition] [%#sbdd10] is_valid_bdd'0 self.current childt} any [ return' (result:Bdd'0.t_Bdd)-> {[%#sbdd17] UInt64.to_int x <= leastvar'0 result} - {[%#sbdd16] forall v : Map.map uint64 bool . interp'0 result v + {[%#sbdd16] forall v : Map.map UInt64.t bool . interp'0 result v = (if Map.get v x then interp'0 childt v else interp'0 childf v)} {[%#sbdd15] is_valid_bdd'0 self.final result} {[%#sbdd14] grows'0 self} (! return' {result}) ] - function deep_model'0 (self : Bdd'0.t_Bdd) : uint64 = + function deep_model'0 (self : Bdd'0.t_Bdd) : UInt64.t = [%#smodel38] deep_model'1 self - function view'0 (self : MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd) (Bdd'0.t_Bdd)) : Map.map uint64 (Option'0.t_Option (Bdd'0.t_Bdd)) + function view'0 (self : MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd) (Bdd'0.t_Bdd)) : Map.map UInt64.t (Option'0.t_Option (Bdd'0.t_Bdd)) = [%#smodel37] view'1 self @@ -3733,31 +3806,31 @@ module M_bdd__qyi11078426090797403070__not [#"bdd.rs" 510 4 510 56] (* Context<' [ bb0 = s0 [ s0 = [ &_13 <- x ] s1 | s1 = Context'0.t_Context {self.current} - (fun (ralloc'0:Bump'0.t_Bump) (rhashcons'0:MyHashMap'0.t_MyHashMap (Node'0.t_Node) (Bdd'0.t_Bdd)) (rhashcons_ghost'0:Snapshot.snap_ty (Map.map uint64 (Node'0.t_Node))) (rnot_memo'0:MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd) (Bdd'0.t_Bdd)) (rand_memo'0:MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd, Bdd'0.t_Bdd) (Bdd'0.t_Bdd)) (rcnt'0:uint64) -> + (fun (ralloc'0:Bump'0.t_Bump) (rhashcons'0:MyHashMap'0.t_MyHashMap (Node'0.t_Node) (Bdd'0.t_Bdd)) (rhashcons_ghost'0:Snapshot.snap_ty (Map.map UInt64.t (Node'0.t_Node))) (rnot_memo'0:MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd) (Bdd'0.t_Bdd)) (rand_memo'0:MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd, Bdd'0.t_Bdd) (Bdd'0.t_Bdd)) (rcnt'0:UInt64.t) -> get'0 {rnot_memo'0} {_13} (fun (_ret':Option'0.t_Option (Bdd'0.t_Bdd)) -> [ &_10 <- _ret' ] s2)) | s2 = bb1 ] | bb1 = any [ br0 -> {_10 = Option'0.C_None } (! bb4) | br1 (a:Bdd'0.t_Bdd)-> {_10 = Option'0.C_Some a} (! bb2) ] | bb4 = Bdd'0.t_Bdd {x} - (fun (r0'0:Node'0.t_Node) (r1'0:uint64) -> + (fun (r0'0:Node'0.t_Node) (r1'0:UInt64.t) -> any [ br0 -> {r0'0 = Node'0.C_False } (! bb7) | br1 -> {r0'0 = Node'0.C_True } (! bb6) - | br2 (a:uint64) (b:Bdd'0.t_Bdd) (c:Bdd'0.t_Bdd)-> {r0'0 = Node'0.C_If a b c} (! bb8) ] + | br2 (a:UInt64.t) (b:Bdd'0.t_Bdd) (c:Bdd'0.t_Bdd)-> {r0'0 = Node'0.C_If a b c} (! bb8) ] ) | bb8 = s0 [ s0 = Bdd'0.t_Bdd {x} - (fun (r0'0:Node'0.t_Node) (r1'0:uint64) -> + (fun (r0'0:Node'0.t_Node) (r1'0:UInt64.t) -> Node'0.v_If {r0'0} - (fun (rv'0:uint64) (rchildt'0:Bdd'0.t_Bdd) (rchildf'0:Bdd'0.t_Bdd) -> [ &v <- rv'0 ] s1)) + (fun (rv'0:UInt64.t) (rchildt'0:Bdd'0.t_Bdd) (rchildf'0:Bdd'0.t_Bdd) -> [ &v <- rv'0 ] s1)) | s1 = Bdd'0.t_Bdd {x} - (fun (r0'1:Node'0.t_Node) (r1'1:uint64) -> + (fun (r0'1:Node'0.t_Node) (r1'1:UInt64.t) -> Node'0.v_If {r0'1} - (fun (rv'1:uint64) (rchildt'1:Bdd'0.t_Bdd) (rchildf'1:Bdd'0.t_Bdd) -> [ &childt <- rchildt'1 ] s2)) + (fun (rv'1:UInt64.t) (rchildt'1:Bdd'0.t_Bdd) (rchildf'1:Bdd'0.t_Bdd) -> [ &childt <- rchildt'1 ] s2)) | s2 = Bdd'0.t_Bdd {x} - (fun (r0'2:Node'0.t_Node) (r1'2:uint64) -> + (fun (r0'2:Node'0.t_Node) (r1'2:UInt64.t) -> Node'0.v_If {r0'2} - (fun (rv'2:uint64) (rchildt'2:Bdd'0.t_Bdd) (rchildf'2:Bdd'0.t_Bdd) -> [ &childf <- rchildf'2 ] s3)) + (fun (rv'2:UInt64.t) (rchildt'2:Bdd'0.t_Bdd) (rchildf'2:Bdd'0.t_Bdd) -> [ &childf <- rchildf'2 ] s3)) | s3 = {inv'0 self.current} Borrow.borrow_mut {self.current} (fun (_ret':borrowed (Context'0.t_Context)) -> @@ -3819,7 +3892,7 @@ module M_bdd__qyi11078426090797403070__not [#"bdd.rs" 510 4 510 56] (* Context<' | bb12 = bb16 | bb16 = s0 [ s0 = Context'0.t_Context {self.current} - (fun (ralloc'0:Bump'0.t_Bump) (rhashcons'0:MyHashMap'0.t_MyHashMap (Node'0.t_Node) (Bdd'0.t_Bdd)) (rhashcons_ghost'0:Snapshot.snap_ty (Map.map uint64 (Node'0.t_Node))) (rnot_memo'0:MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd) (Bdd'0.t_Bdd)) (rand_memo'0:MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd, Bdd'0.t_Bdd) (Bdd'0.t_Bdd)) (rcnt'0:uint64) -> + (fun (ralloc'0:Bump'0.t_Bump) (rhashcons'0:MyHashMap'0.t_MyHashMap (Node'0.t_Node) (Bdd'0.t_Bdd)) (rhashcons_ghost'0:Snapshot.snap_ty (Map.map UInt64.t (Node'0.t_Node))) (rnot_memo'0:MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd) (Bdd'0.t_Bdd)) (rand_memo'0:MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd, Bdd'0.t_Bdd) (Bdd'0.t_Bdd)) (rcnt'0:UInt64.t) -> Borrow.borrow_final {rnot_memo'0} @@ -3855,7 +3928,7 @@ module M_bdd__qyi11078426090797403070__not [#"bdd.rs" 510 4 510 56] (* Context<' | & r1 : Bdd'0.t_Bdd = any_l () | & _19 : borrowed (Context'0.t_Context) = any_l () | & _20 : borrowed (Context'0.t_Context) = any_l () - | & v : uint64 = any_l () + | & v : UInt64.t = any_l () | & childt : Bdd'0.t_Bdd = any_l () | & childf : Bdd'0.t_Bdd = any_l () | & childt1 : Bdd'0.t_Bdd = any_l () @@ -3867,7 +3940,7 @@ module M_bdd__qyi11078426090797403070__not [#"bdd.rs" 510 4 510 56] (* Context<' | & _35 : borrowed (MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd) (Bdd'0.t_Bdd)) = any_l () ] [ return' (result:Bdd'0.t_Bdd)-> {[@expl:postcondition] [%#sbdd5] leastvar'0 x <= leastvar'0 result} - {[@expl:postcondition] [%#sbdd4] forall v : Map.map uint64 bool . interp'0 result v = (not interp'0 x v)} + {[@expl:postcondition] [%#sbdd4] forall v : Map.map UInt64.t bool . interp'0 result v = (not interp'0 x v)} {[@expl:postcondition] [%#sbdd3] is_valid_bdd'0 self.final result} {[@expl:postcondition] [%#sbdd2] grows'0 self} (! return' {result}) ] @@ -4032,7 +4105,7 @@ module M_bdd__qyi11078426090797403070__and [#"bdd.rs" 534 4 534 72] (* Context<' use T_bdd__hashmap__MyHashMap as MyHashMap'0 - function view'1 [#"bdd.rs" 50 8 50 37] (self : MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd, Bdd'0.t_Bdd) (Bdd'0.t_Bdd)) : Map.map (uint64, uint64) (Option'0.t_Option (Bdd'0.t_Bdd)) + function view'1 [#"bdd.rs" 50 8 50 37] (self : MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd, Bdd'0.t_Bdd) (Bdd'0.t_Bdd)) : Map.map (UInt64.t, UInt64.t) (Option'0.t_Option (Bdd'0.t_Bdd)) use T_bdd__Context as T_bdd__Context @@ -4043,24 +4116,28 @@ module M_bdd__qyi11078426090797403070__and [#"bdd.rs" 534 4 534 72] (* Context<' use T_bdd__hashmap__MyHashMap as MyHashMap'0 - function view'7 [#"bdd.rs" 50 8 50 37] (self : MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd) (Bdd'0.t_Bdd)) : Map.map uint64 (Option'0.t_Option (Bdd'0.t_Bdd)) + function view'7 [#"bdd.rs" 50 8 50 37] (self : MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd) (Bdd'0.t_Bdd)) : Map.map UInt64.t (Option'0.t_Option (Bdd'0.t_Bdd)) use T_bdd__Context as T_bdd__Context - use prelude.prelude.UInt64 + use prelude.prelude.UInt64.to_uint - function view'5 (self : uint64) : int = + function view'5 (self : UInt64.t) : int = [%#smodel35] UInt64.to_int self - constant v_MAX'0 : uint64 = (18446744073709551615 : uint64) + use prelude.prelude.Int128.to_int + + use prelude.prelude.Int128 + + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) use T_bdd__Node as Node'0 function leastvar'0 [#"bdd.rs" 243 4 243 28] (self : Bdd'0.t_Bdd) : int = [%#sbdd32] match self with - | Bdd'0.C_Bdd (Node'0.C_True) _ -> UInt64.to_int (v_MAX'0 : uint64) + 1 - | Bdd'0.C_Bdd (Node'0.C_False) _ -> UInt64.to_int (v_MAX'0 : uint64) + 1 + | Bdd'0.C_Bdd (Node'0.C_True) _ -> UInt64.to_int (v_MAX'0 : UInt64.t) + Int128.to_int (1 : Int128.t) + | Bdd'0.C_Bdd (Node'0.C_False) _ -> UInt64.to_int (v_MAX'0 : UInt64.t) + Int128.to_int (1 : Int128.t) | Bdd'0.C_Bdd (Node'0.C_If v _ _) _ -> view'5 v end @@ -4068,7 +4145,7 @@ module M_bdd__qyi11078426090797403070__and [#"bdd.rs" 534 4 534 72] (* Context<' use map.Map - function interp'0 [#"bdd.rs" 213 4 213 53] (self : Bdd'0.t_Bdd) (vars : Map.map uint64 bool) : bool = + function interp'0 [#"bdd.rs" 213 4 213 53] (self : Bdd'0.t_Bdd) (vars : Map.map UInt64.t bool) : bool = [%#sbdd31] match self with | Bdd'0.C_Bdd (Node'0.C_True) _ -> true | Bdd'0.C_Bdd (Node'0.C_False) _ -> false @@ -4141,18 +4218,18 @@ module M_bdd__qyi11078426090797403070__and [#"bdd.rs" 534 4 534 72] (* Context<' = T_bdd__Bdd.t_Bdd__0 b | Option'0.C_None -> true end) - /\ (forall bm : uint64 . match Map.get (view'7 (T_bdd__Context.t_Context__not_memo self)) bm with + /\ (forall bm : UInt64.t . match Map.get (view'7 (T_bdd__Context.t_Context__not_memo self)) bm with | Option'0.C_None -> true | Option'0.C_Some n -> let b = Bdd'0.C_Bdd (Map.get (Snapshot.inner (T_bdd__Context.t_Context__hashcons_ghost self)) bm) bm in is_valid_bdd'0 self n /\ is_valid_bdd'0 self b - /\ (forall v : Map.map uint64 bool . interp'0 n v = (not interp'0 b v)) /\ leastvar'0 b <= leastvar'0 n + /\ (forall v : Map.map UInt64.t bool . interp'0 n v = (not interp'0 b v)) /\ leastvar'0 b <= leastvar'0 n end) - /\ (forall abm : (uint64, uint64) . match Map.get (view'1 (T_bdd__Context.t_Context__and_memo self)) abm with + /\ (forall abm : (UInt64.t, UInt64.t) . match Map.get (view'1 (T_bdd__Context.t_Context__and_memo self)) abm with | Option'0.C_None -> true | Option'0.C_Some n -> let a = Bdd'0.C_Bdd (Map.get (Snapshot.inner (T_bdd__Context.t_Context__hashcons_ghost self)) (let (a, _) = abm in a)) (let (a, _) = abm in a) in let b = Bdd'0.C_Bdd (Map.get (Snapshot.inner (T_bdd__Context.t_Context__hashcons_ghost self)) (let (_, a) = abm in a)) (let (_, a) = abm in a) in is_valid_bdd'0 self n /\ is_valid_bdd'0 self a /\ is_valid_bdd'0 self b - /\ (forall v : Map.map uint64 bool . interp'0 n v = (interp'0 a v /\ interp'0 b v)) + /\ (forall v : Map.map UInt64.t bool . interp'0 n v = (interp'0 a v /\ interp'0 b v)) /\ (leastvar'0 a <= leastvar'0 n \/ leastvar'0 b <= leastvar'0 n) end) @@ -4173,12 +4250,14 @@ module M_bdd__qyi11078426090797403070__and [#"bdd.rs" 534 4 534 72] (* Context<' function size'0 [#"bdd.rs" 228 4 228 24] (self : Bdd'0.t_Bdd) : int = [%#sbdd34] match self with - | Bdd'0.C_Bdd (Node'0.C_True) _ -> 0 - | Bdd'0.C_Bdd (Node'0.C_False) _ -> 0 - | Bdd'0.C_Bdd (Node'0.C_If _ childt childf) _ -> let ht = size'0 childt in let hf = size'0 childf in 1 + ht + hf + | Bdd'0.C_Bdd (Node'0.C_True) _ -> Int128.to_int (0 : Int128.t) + | Bdd'0.C_Bdd (Node'0.C_False) _ -> Int128.to_int (0 : Int128.t) + | Bdd'0.C_Bdd (Node'0.C_If _ childt childf) _ -> let ht = size'0 childt in let hf = size'0 childf in Int128.to_int (1 : Int128.t) + + ht + + hf end - axiom size'0_spec : forall self : Bdd'0.t_Bdd . [%#sbdd33] size'0 self >= 0 + axiom size'0_spec : forall self : Bdd'0.t_Bdd . [%#sbdd33] size'0 self >= Int128.to_int (0 : Int128.t) predicate grows'0 [#"bdd.rs" 300 4 300 35] (self : borrowed (Context'0.t_Context)) = [%#sbdd30] UInt64.to_int (T_bdd__Context.t_Context__cnt self.current) @@ -4190,51 +4269,52 @@ module M_bdd__qyi11078426090797403070__and [#"bdd.rs" 534 4 534 72] (* Context<' use prelude.prelude.Intrinsic - function view'2 (self : borrowed (MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd, Bdd'0.t_Bdd) (Bdd'0.t_Bdd))) : Map.map (uint64, uint64) (Option'0.t_Option (Bdd'0.t_Bdd)) + function view'2 (self : borrowed (MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd, Bdd'0.t_Bdd) (Bdd'0.t_Bdd))) : Map.map (UInt64.t, UInt64.t) (Option'0.t_Option (Bdd'0.t_Bdd)) = [%#smodel41] view'1 self.current - function deep_model'3 [#"bdd.rs" 189 4 189 44] (self : Bdd'0.t_Bdd) : uint64 = + function deep_model'3 [#"bdd.rs" 189 4 189 44] (self : Bdd'0.t_Bdd) : UInt64.t = [%#sbdd57] T_bdd__Bdd.t_Bdd__1 self - function deep_model'2 (self : (Bdd'0.t_Bdd, Bdd'0.t_Bdd)) : (uint64, uint64) = + function deep_model'2 (self : (Bdd'0.t_Bdd, Bdd'0.t_Bdd)) : (UInt64.t, UInt64.t) = [%#stuples40] (deep_model'3 (let (a, _) = self in a), deep_model'3 (let (_, a) = self in a)) let rec add'0 (self:borrowed (MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd, Bdd'0.t_Bdd) (Bdd'0.t_Bdd))) (key:(Bdd'0.t_Bdd, Bdd'0.t_Bdd)) (val':Bdd'0.t_Bdd) (return' (ret:()))= {[@expl:precondition] [%#sbdd27] inv'5 val'} {[@expl:precondition] [%#sbdd26] inv'4 key} any - [ return' (result:())-> {[%#sbdd28] forall i : (uint64, uint64) . Map.get (view'1 self.final) i + [ return' (result:())-> {[%#sbdd28] forall i : (UInt64.t, UInt64.t) . Map.get (view'1 self.final) i = (if i = deep_model'2 key then Option'0.C_Some val' else Map.get (view'2 self) i)} (! return' {result}) ] let rec false_'0 (self:borrowed (Context'0.t_Context)) (return' (ret:Bdd'0.t_Bdd))= {[@expl:precondition] [%#sbdd21] inv'0 self} any - [ return' (result:Bdd'0.t_Bdd)-> {[%#sbdd25] UInt64.to_int (v_MAX'0 : uint64) + 1 = leastvar'0 result} - {[%#sbdd24] forall v : Map.map uint64 bool . not interp'0 result v} + [ return' (result:Bdd'0.t_Bdd)-> {[%#sbdd25] UInt64.to_int (v_MAX'0 : UInt64.t) + Int128.to_int (1 : Int128.t) + = leastvar'0 result} + {[%#sbdd24] forall v : Map.map UInt64.t bool . not interp'0 result v} {[%#sbdd23] is_valid_bdd'0 self.final result} {[%#sbdd22] grows'0 self} (! return' {result}) ] - let rec node'0 (self:borrowed (Context'0.t_Context)) (x:uint64) (childt:Bdd'0.t_Bdd) (childf:Bdd'0.t_Bdd) (return' (ret:Bdd'0.t_Bdd))= {[@expl:precondition] [%#sbdd16] inv'0 self} + let rec node'0 (self:borrowed (Context'0.t_Context)) (x:UInt64.t) (childt:Bdd'0.t_Bdd) (childf:Bdd'0.t_Bdd) (return' (ret:Bdd'0.t_Bdd))= {[@expl:precondition] [%#sbdd16] inv'0 self} {[@expl:precondition] [%#sbdd15] UInt64.to_int x < leastvar'0 childt /\ UInt64.to_int x < leastvar'0 childf} {[@expl:precondition] [%#sbdd14] is_valid_bdd'0 self.current childf} {[@expl:precondition] [%#sbdd13] is_valid_bdd'0 self.current childt} any [ return' (result:Bdd'0.t_Bdd)-> {[%#sbdd20] UInt64.to_int x <= leastvar'0 result} - {[%#sbdd19] forall v : Map.map uint64 bool . interp'0 result v + {[%#sbdd19] forall v : Map.map UInt64.t bool . interp'0 result v = (if Map.get v x then interp'0 childt v else interp'0 childf v)} {[%#sbdd18] is_valid_bdd'0 self.final result} {[%#sbdd17] grows'0 self} (! return' {result}) ] - function deep_model'1 (self : uint64) : int = + function deep_model'1 (self : UInt64.t) : int = [%#snum38] UInt64.to_int self - let rec cmp'0 (self:uint64) (other:uint64) (return' (ret:Ordering'0.t_Ordering))= any + let rec cmp'0 (self:UInt64.t) (other:UInt64.t) (return' (ret:Ordering'0.t_Ordering))= any [ return' (result:Ordering'0.t_Ordering)-> {[%#scmp12] result = cmp_log'0 (deep_model'1 self) (deep_model'1 other)} (! return' {result}) ] @@ -4245,10 +4325,10 @@ module M_bdd__qyi11078426090797403070__and [#"bdd.rs" 534 4 534 72] (* Context<' predicate resolve'0 (_1 : borrowed (Context'0.t_Context)) = resolve'1 _1 - function deep_model'0 (self : (Bdd'0.t_Bdd, Bdd'0.t_Bdd)) : (uint64, uint64) = + function deep_model'0 (self : (Bdd'0.t_Bdd, Bdd'0.t_Bdd)) : (UInt64.t, UInt64.t) = [%#smodel36] deep_model'2 self - function view'0 (self : MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd, Bdd'0.t_Bdd) (Bdd'0.t_Bdd)) : Map.map (uint64, uint64) (Option'0.t_Option (Bdd'0.t_Bdd)) + function view'0 (self : MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd, Bdd'0.t_Bdd) (Bdd'0.t_Bdd)) : Map.map (UInt64.t, UInt64.t) (Option'0.t_Option (Bdd'0.t_Bdd)) = [%#smodel35] view'1 self @@ -4279,57 +4359,57 @@ module M_bdd__qyi11078426090797403070__and [#"bdd.rs" 534 4 534 72] (* Context<' [ s0 = [ &_16 <- (a, b) ] s1 | s1 = [ &_15 <- _16 ] s2 | s2 = Context'0.t_Context {self.current} - (fun (ralloc'0:Bump'0.t_Bump) (rhashcons'0:MyHashMap'0.t_MyHashMap (Node'0.t_Node) (Bdd'0.t_Bdd)) (rhashcons_ghost'0:Snapshot.snap_ty (Map.map uint64 (Node'0.t_Node))) (rnot_memo'0:MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd) (Bdd'0.t_Bdd)) (rand_memo'0:MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd, Bdd'0.t_Bdd) (Bdd'0.t_Bdd)) (rcnt'0:uint64) -> + (fun (ralloc'0:Bump'0.t_Bump) (rhashcons'0:MyHashMap'0.t_MyHashMap (Node'0.t_Node) (Bdd'0.t_Bdd)) (rhashcons_ghost'0:Snapshot.snap_ty (Map.map UInt64.t (Node'0.t_Node))) (rnot_memo'0:MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd) (Bdd'0.t_Bdd)) (rand_memo'0:MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd, Bdd'0.t_Bdd) (Bdd'0.t_Bdd)) (rcnt'0:UInt64.t) -> get'0 {rand_memo'0} {_15} (fun (_ret':Option'0.t_Option (Bdd'0.t_Bdd)) -> [ &_12 <- _ret' ] s3)) | s3 = bb1 ] | bb1 = any [ br0 -> {_12 = Option'0.C_None } (! bb4) | br1 (a:Bdd'0.t_Bdd)-> {_12 = Option'0.C_Some a} (! bb2) ] | bb4 = s0 [ s0 = Bdd'0.t_Bdd {a} - (fun (r0'0:Node'0.t_Node) (r1'0:uint64) -> - Bdd'0.t_Bdd {b} (fun (r0'1:Node'0.t_Node) (r1'1:uint64) -> [ &_23 <- (r0'0, r0'1) ] s1)) + (fun (r0'0:Node'0.t_Node) (r1'0:UInt64.t) -> + Bdd'0.t_Bdd {b} (fun (r0'1:Node'0.t_Node) (r1'1:UInt64.t) -> [ &_23 <- (r0'0, r0'1) ] s1)) | s1 = any [ br0 -> {(let (r'0, _) = _23 in r'0) = Node'0.C_False } (! bb5) | br1 -> {(let (r'0, _) = _23 in r'0) = Node'0.C_True } (! bb6) - | br2 (a:uint64) (b:Bdd'0.t_Bdd) (c:Bdd'0.t_Bdd)-> {(let (r'0, _) = _23 in r'0) = Node'0.C_If a b c} (! bb5) ] + | br2 (a:UInt64.t) (b:Bdd'0.t_Bdd) (c:Bdd'0.t_Bdd)-> {(let (r'0, _) = _23 in r'0) = Node'0.C_If a b c} (! bb5) ] ] | bb5 = any [ br0 -> {(let (_, r'0) = _23 in r'0) = Node'0.C_False } (! bb7) | br1 -> {(let (_, r'0) = _23 in r'0) = Node'0.C_True } (! bb8) - | br2 (a:uint64) (b:Bdd'0.t_Bdd) (c:Bdd'0.t_Bdd)-> {(let (_, r'0) = _23 in r'0) = Node'0.C_If a b c} (! bb7) ] + | br2 (a:UInt64.t) (b:Bdd'0.t_Bdd) (c:Bdd'0.t_Bdd)-> {(let (_, r'0) = _23 in r'0) = Node'0.C_If a b c} (! bb7) ] | bb7 = any [ br0 -> {(let (r'0, _) = _23 in r'0) = Node'0.C_False } (! bb13) | br1 -> {(let (r'0, _) = _23 in r'0) = Node'0.C_True } (! bb9) - | br2 (a:uint64) (b:Bdd'0.t_Bdd) (c:Bdd'0.t_Bdd)-> {(let (r'0, _) = _23 in r'0) = Node'0.C_If a b c} (! bb9) ] + | br2 (a:UInt64.t) (b:Bdd'0.t_Bdd) (c:Bdd'0.t_Bdd)-> {(let (r'0, _) = _23 in r'0) = Node'0.C_If a b c} (! bb9) ] | bb9 = any [ br0 -> {(let (_, r'0) = _23 in r'0) = Node'0.C_False } (! bb13) | br1 -> {(let (_, r'0) = _23 in r'0) = Node'0.C_True } (! bb10) - | br2 (a:uint64) (b:Bdd'0.t_Bdd) (c:Bdd'0.t_Bdd)-> {(let (_, r'0) = _23 in r'0) = Node'0.C_If a b c} (! bb11) ] + | br2 (a:UInt64.t) (b:Bdd'0.t_Bdd) (c:Bdd'0.t_Bdd)-> {(let (_, r'0) = _23 in r'0) = Node'0.C_If a b c} (! bb11) ] | bb11 = any [ br0 -> {(let (r'0, _) = _23 in r'0) = Node'0.C_False } (! bb10) | br1 -> {(let (r'0, _) = _23 in r'0) = Node'0.C_True } (! bb10) - | br2 (a:uint64) (b:Bdd'0.t_Bdd) (c:Bdd'0.t_Bdd)-> {(let (r'0, _) = _23 in r'0) = Node'0.C_If a b c} (! bb12) ] + | br2 (a:UInt64.t) (b:Bdd'0.t_Bdd) (c:Bdd'0.t_Bdd)-> {(let (r'0, _) = _23 in r'0) = Node'0.C_If a b c} (! bb12) ] | bb10 = s0 [ s0 = {[@expl:type invariant] inv'0 self} s1 | s1 = -{resolve'0 self}- s2 | s2 = {[%#sbdd0] false} any ] | bb12 = s0 [ s0 = Node'0.v_If {let (r'0, _) = _23 in r'0} - (fun (rv'0:uint64) (rchildt'0:Bdd'0.t_Bdd) (rchildf'0:Bdd'0.t_Bdd) -> [ &va <- rv'0 ] s1) + (fun (rv'0:UInt64.t) (rchildt'0:Bdd'0.t_Bdd) (rchildf'0:Bdd'0.t_Bdd) -> [ &va <- rv'0 ] s1) | s1 = Node'0.v_If {let (r'1, _) = _23 in r'1} - (fun (rv'1:uint64) (rchildt'1:Bdd'0.t_Bdd) (rchildf'1:Bdd'0.t_Bdd) -> [ &childta <- rchildt'1 ] s2) + (fun (rv'1:UInt64.t) (rchildt'1:Bdd'0.t_Bdd) (rchildf'1:Bdd'0.t_Bdd) -> [ &childta <- rchildt'1 ] s2) | s2 = Node'0.v_If {let (r'2, _) = _23 in r'2} - (fun (rv'2:uint64) (rchildt'2:Bdd'0.t_Bdd) (rchildf'2:Bdd'0.t_Bdd) -> [ &childfa <- rchildf'2 ] s3) + (fun (rv'2:UInt64.t) (rchildt'2:Bdd'0.t_Bdd) (rchildf'2:Bdd'0.t_Bdd) -> [ &childfa <- rchildf'2 ] s3) | s3 = Node'0.v_If {let (_, r'3) = _23 in r'3} - (fun (rv'3:uint64) (rchildt'3:Bdd'0.t_Bdd) (rchildf'3:Bdd'0.t_Bdd) -> [ &vb <- rv'3 ] s4) + (fun (rv'3:UInt64.t) (rchildt'3:Bdd'0.t_Bdd) (rchildf'3:Bdd'0.t_Bdd) -> [ &vb <- rv'3 ] s4) | s4 = Node'0.v_If {let (_, r'4) = _23 in r'4} - (fun (rv'4:uint64) (rchildt'4:Bdd'0.t_Bdd) (rchildf'4:Bdd'0.t_Bdd) -> [ &childtb <- rchildt'4 ] s5) + (fun (rv'4:UInt64.t) (rchildt'4:Bdd'0.t_Bdd) (rchildf'4:Bdd'0.t_Bdd) -> [ &childtb <- rchildt'4 ] s5) | s5 = Node'0.v_If {let (_, r'5) = _23 in r'5} - (fun (rv'5:uint64) (rchildt'5:Bdd'0.t_Bdd) (rchildf'5:Bdd'0.t_Bdd) -> [ &childfb <- rchildf'5 ] s6) + (fun (rv'5:UInt64.t) (rchildt'5:Bdd'0.t_Bdd) (rchildf'5:Bdd'0.t_Bdd) -> [ &childfb <- rchildf'5 ] s6) | s6 = [ &_45 <- vb ] s7 | s7 = cmp'0 {va} {_45} (fun (_ret':Ordering'0.t_Ordering) -> [ &_42 <- _ret' ] s8) | s8 = bb18 ] @@ -4447,7 +4527,7 @@ module M_bdd__qyi11078426090797403070__and [#"bdd.rs" 534 4 534 72] (* Context<' | bb14 = s0 [ s0 = [ &r1 <- b ] s1 | s1 = bb33 ] | bb33 = s0 [ s0 = Context'0.t_Context {self.current} - (fun (ralloc'0:Bump'0.t_Bump) (rhashcons'0:MyHashMap'0.t_MyHashMap (Node'0.t_Node) (Bdd'0.t_Bdd)) (rhashcons_ghost'0:Snapshot.snap_ty (Map.map uint64 (Node'0.t_Node))) (rnot_memo'0:MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd) (Bdd'0.t_Bdd)) (rand_memo'0:MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd, Bdd'0.t_Bdd) (Bdd'0.t_Bdd)) (rcnt'0:uint64) -> + (fun (ralloc'0:Bump'0.t_Bump) (rhashcons'0:MyHashMap'0.t_MyHashMap (Node'0.t_Node) (Bdd'0.t_Bdd)) (rhashcons_ghost'0:Snapshot.snap_ty (Map.map UInt64.t (Node'0.t_Node))) (rnot_memo'0:MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd) (Bdd'0.t_Bdd)) (rand_memo'0:MyHashMap'0.t_MyHashMap (Bdd'0.t_Bdd, Bdd'0.t_Bdd) (Bdd'0.t_Bdd)) (rcnt'0:UInt64.t) -> Borrow.borrow_final {rand_memo'0} @@ -4486,17 +4566,17 @@ module M_bdd__qyi11078426090797403070__and [#"bdd.rs" 534 4 534 72] (* Context<' | & r1 : Bdd'0.t_Bdd = any_l () | & _23 : (Node'0.t_Node, Node'0.t_Node) = any_l () | & _31 : borrowed (Context'0.t_Context) = any_l () - | & va : uint64 = any_l () + | & va : UInt64.t = any_l () | & childta : Bdd'0.t_Bdd = any_l () | & childfa : Bdd'0.t_Bdd = any_l () - | & vb : uint64 = any_l () + | & vb : UInt64.t = any_l () | & childtb : Bdd'0.t_Bdd = any_l () | & childfb : Bdd'0.t_Bdd = any_l () - | & v : uint64 = any_l () + | & v : UInt64.t = any_l () | & childt : Bdd'0.t_Bdd = any_l () | & childf : Bdd'0.t_Bdd = any_l () | & _42 : Ordering'0.t_Ordering = any_l () - | & _45 : uint64 = any_l () + | & _45 : UInt64.t = any_l () | & _48 : Bdd'0.t_Bdd = any_l () | & _49 : borrowed (Context'0.t_Context) = any_l () | & _52 : Bdd'0.t_Bdd = any_l () @@ -4516,7 +4596,7 @@ module M_bdd__qyi11078426090797403070__and [#"bdd.rs" 534 4 534 72] (* Context<' [ return' (result:Bdd'0.t_Bdd)-> {[@expl:postcondition] [%#sbdd7] leastvar'0 a <= leastvar'0 result \/ leastvar'0 b <= leastvar'0 result} - {[@expl:postcondition] [%#sbdd6] forall v : Map.map uint64 bool . interp'0 result v + {[@expl:postcondition] [%#sbdd6] forall v : Map.map UInt64.t bool . interp'0 result v = (interp'0 a v /\ interp'0 b v)} {[@expl:postcondition] [%#sbdd5] is_valid_bdd'0 self.final result} {[@expl:postcondition] [%#sbdd4] grows'0 self} @@ -4562,13 +4642,17 @@ module M_bdd__hashmap__qyi11648407051195780326 [#"bdd.rs" 78 4 78 42] (* <(U, V) axiom inv_axiom'0 [@rewrite] : forall x : (u, v) [inv'0 x] . inv'0 x = invariant'0 x - use prelude.prelude.UInt64 + use prelude.prelude.UInt64.to_uint use prelude.prelude.UInt64 use prelude.prelude.Int - constant v_MAX'0 : uint64 = (18446744073709551615 : uint64) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) + + use prelude.prelude.Int128.to_int + + use prelude.prelude.Int128 type t_DeepModelTy'1 @@ -4580,7 +4664,8 @@ module M_bdd__hashmap__qyi11648407051195780326 [#"bdd.rs" 78 4 78 42] (* <(U, V) function hash_log'0 [#"bdd.rs" 86 8 86 48] (x : (t_DeepModelTy'0, t_DeepModelTy'1)) : int = [%#sbdd2] mod (hash_log'1 (let (a, _) = x in a) - + hash_log'2 (let (_, a) = x in a) * 17) (UInt64.to_int (v_MAX'0 : uint64) + 1) + + hash_log'2 (let (_, a) = x in a) * Int128.to_int (17 : Int128.t)) (UInt64.to_int (v_MAX'0 : UInt64.t) + + Int128.to_int (1 : Int128.t)) function deep_model'3 (self : v) : t_DeepModelTy'1 @@ -4594,7 +4679,7 @@ module M_bdd__hashmap__qyi11648407051195780326 [#"bdd.rs" 78 4 78 42] (* <(U, V) goal hash_refn : [%#sbdd0] forall self : (u, v) . inv'0 self -> inv'0 self - /\ (forall result : uint64 . UInt64.to_int result = hash_log'0 (deep_model'0 self) + /\ (forall result : UInt64.t . UInt64.to_int result = hash_log'0 (deep_model'0 self) -> UInt64.to_int result = hash_log'0 (deep_model'0 self)) end module M_bdd__qyi699402059438633899 [#"bdd.rs" 118 0 118 43] (* as hashmap::Hash> *) @@ -4631,16 +4716,21 @@ module M_bdd__qyi699402059438633899 [#"bdd.rs" 118 0 118 43] (* as use prelude.prelude.Int - constant v_MAX'0 : uint64 = (18446744073709551615 : uint64) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.UInt64 + use prelude.prelude.UInt64.to_uint + + use prelude.prelude.Int128.to_int + + use prelude.prelude.Int128 function hash_log'0 [#"bdd.rs" 132 4 132 44] (x : NodeLog'0.t_NodeLog) : int = [%#sbdd2] match x with - | NodeLog'0.C_False -> 1 - | NodeLog'0.C_True -> 2 - | NodeLog'0.C_If v childt childf -> mod (UInt64.to_int v + UInt64.to_int childt * 5 - + UInt64.to_int childf * 7) (UInt64.to_int (v_MAX'0 : uint64) + 1) + | NodeLog'0.C_False -> Int128.to_int (1 : Int128.t) + | NodeLog'0.C_True -> Int128.to_int (2 : Int128.t) + | NodeLog'0.C_If v childt childf -> mod (UInt64.to_int v + UInt64.to_int childt * Int128.to_int (5 : Int128.t) + + UInt64.to_int childf * Int128.to_int (7 : Int128.t)) (UInt64.to_int (v_MAX'0 : UInt64.t) + + Int128.to_int (1 : Int128.t)) end function view'1 [#"bdd.rs" 179 4 179 33] (self : Node'0.t_Node) : NodeLog'0.t_NodeLog = @@ -4650,7 +4740,7 @@ module M_bdd__qyi699402059438633899 [#"bdd.rs" 118 0 118 43] (* as [%#smodel1] view'1 self goal hash_refn : [%#sbdd0] forall self : Node'0.t_Node . inv'0 self - -> (forall result : uint64 . UInt64.to_int result = hash_log'0 (view'0 self) + -> (forall result : UInt64.t . UInt64.to_int result = hash_log'0 (view'0 self) -> UInt64.to_int result = hash_log'0 (deep_model'0 self)) end module M_bdd__qyi14323183011761258016 [#"bdd.rs" 144 0 144 42] (* as hashmap::Hash> *) @@ -4675,25 +4765,25 @@ module M_bdd__qyi14323183011761258016 [#"bdd.rs" 144 0 144 42] (* a use prelude.prelude.Int - function deep_model'1 [#"bdd.rs" 189 4 189 44] (self : Bdd'0.t_Bdd) : uint64 = + function deep_model'1 [#"bdd.rs" 189 4 189 44] (self : Bdd'0.t_Bdd) : UInt64.t = [%#sbdd5] T_bdd__Bdd.t_Bdd__1 self - function deep_model'0 (self : Bdd'0.t_Bdd) : uint64 = + function deep_model'0 (self : Bdd'0.t_Bdd) : UInt64.t = [%#smodel3] deep_model'1 self - use prelude.prelude.UInt64 + use prelude.prelude.UInt64.to_uint - function hash_log'0 [#"bdd.rs" 152 4 152 44] (x : uint64) : int = + function hash_log'0 [#"bdd.rs" 152 4 152 44] (x : UInt64.t) : int = [%#sbdd2] UInt64.to_int x - function view'1 [#"bdd.rs" 199 4 199 33] (self : Bdd'0.t_Bdd) : uint64 = + function view'1 [#"bdd.rs" 199 4 199 33] (self : Bdd'0.t_Bdd) : UInt64.t = [%#sbdd4] deep_model'1 self - function view'0 (self : Bdd'0.t_Bdd) : uint64 = + function view'0 (self : Bdd'0.t_Bdd) : UInt64.t = [%#smodel1] view'1 self goal hash_refn : [%#sbdd0] forall self : Bdd'0.t_Bdd . inv'0 self - -> (forall result : uint64 . UInt64.to_int result = hash_log'0 (view'0 self) + -> (forall result : UInt64.t . UInt64.to_int result = hash_log'0 (view'0 self) -> UInt64.to_int result = hash_log'0 (deep_model'0 self)) end module M_bdd__qyi2024536649982164874 [#"bdd.rs" 94 9 94 11] (* as std::cmp::Eq> *) @@ -4758,16 +4848,16 @@ module M_bdd__qyi2581120635339165136 [#"bdd.rs" 204 0 204 38] (* as use prelude.prelude.Int - function deep_model'1 [#"bdd.rs" 189 4 189 44] (self : Bdd'0.t_Bdd) : uint64 = + function deep_model'1 [#"bdd.rs" 189 4 189 44] (self : Bdd'0.t_Bdd) : UInt64.t = [%#sbdd4] T_bdd__Bdd.t_Bdd__1 self - function deep_model'0 (self : Bdd'0.t_Bdd) : uint64 = + function deep_model'0 (self : Bdd'0.t_Bdd) : UInt64.t = [%#smodel2] deep_model'1 self - function view'1 [#"bdd.rs" 199 4 199 33] (self : Bdd'0.t_Bdd) : uint64 = + function view'1 [#"bdd.rs" 199 4 199 33] (self : Bdd'0.t_Bdd) : UInt64.t = [%#sbdd3] deep_model'1 self - function view'0 (self : Bdd'0.t_Bdd) : uint64 = + function view'0 (self : Bdd'0.t_Bdd) : UInt64.t = [%#smodel1] view'1 self goal eq_refn : [%#sbdd0] forall self : Bdd'0.t_Bdd . forall other : Bdd'0.t_Bdd . inv'0 other /\ inv'0 self diff --git a/creusot/tests/should_succeed/binary_search.coma b/creusot/tests/should_succeed/binary_search.coma index bca90cf67b..be28163efc 100644 --- a/creusot/tests/should_succeed/binary_search.coma +++ b/creusot/tests/should_succeed/binary_search.coma @@ -23,6 +23,10 @@ module M_binary_search__qyi13868011053250380720__len_logic [#"binary_search.rs" use T_binary_search__List as List'0 + use prelude.prelude.Int128.to_int + + use prelude.prelude.Int128 + use prelude.prelude.Int constant self : List'0.t_List t @@ -30,8 +34,9 @@ module M_binary_search__qyi13868011053250380720__len_logic [#"binary_search.rs" function len_logic [#"binary_search.rs" 22 4 22 29] (self : List'0.t_List t) : int goal vc_len_logic : match self with - | List'0.C_Cons _ ls -> ([%#sbinary_search0] len_logic ls >= 0) -> ([%#sbinary_search0] 1 + len_logic ls >= 0) - | List'0.C_Nil -> [%#sbinary_search0] 0 >= 0 + | List'0.C_Cons _ ls -> ([%#sbinary_search0] len_logic ls >= Int128.to_int (0 : Int128.t)) + -> ([%#sbinary_search0] Int128.to_int (1 : Int128.t) + len_logic ls >= Int128.to_int (0 : Int128.t)) + | List'0.C_Nil -> [%#sbinary_search0] Int128.to_int (0 : Int128.t) >= Int128.to_int (0 : Int128.t) end end module T_core__option__Option @@ -105,36 +110,45 @@ module M_binary_search__qyi13868011053250380720__index [#"binary_search.rs" 45 4 use prelude.prelude.Intrinsic - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 + + use prelude.prelude.Int128.to_int + + use prelude.prelude.Int128 use prelude.prelude.Int function get'0 [#"binary_search.rs" 30 4 30 38] (self : List'0.t_List t) (ix : int) : Option'0.t_Option t = [%#sbinary_search11] match self with - | List'0.C_Cons t ls -> if ix = 0 then Option'0.C_Some t else get'0 ls (ix - 1) + | List'0.C_Cons t ls -> if ix = Int128.to_int (0 : Int128.t) then + Option'0.C_Some t + else + get'0 ls (ix - Int128.to_int (1 : Int128.t)) + | List'0.C_Nil -> Option'0.C_None end function len_logic'0 [#"binary_search.rs" 22 4 22 29] (self : List'0.t_List t) : int = [%#sbinary_search10] match self with - | List'0.C_Cons _ ls -> 1 + len_logic'0 ls - | List'0.C_Nil -> 0 + | List'0.C_Cons _ ls -> Int128.to_int (1 : Int128.t) + len_logic'0 ls + | List'0.C_Nil -> Int128.to_int (0 : Int128.t) end - axiom len_logic'0_spec : forall self : List'0.t_List t . [%#sbinary_search9] len_logic'0 self >= 0 + axiom len_logic'0_spec : forall self : List'0.t_List t . [%#sbinary_search9] len_logic'0 self + >= Int128.to_int (0 : Int128.t) - use prelude.prelude.UIntSize + use prelude.prelude.UInt64.to_uint meta "compute_max_steps" 1000000 - let rec index (self:List'0.t_List t) (ix:usize) (return' (ret:t))= {[%#sbinary_search6] inv'0 self} - {[%#sbinary_search5] UIntSize.to_int ix < len_logic'0 self} + let rec index (self:List'0.t_List t) (ix:UInt64.t) (return' (ret:t))= {[%#sbinary_search6] inv'0 self} + {[%#sbinary_search5] UInt64.to_int ix < len_logic'0 self} (! bb0 [ bb0 = s0 [ s0 = [ &orig_ix <- ix ] s1 | s1 = [ &l <- self ] s2 | s2 = bb1 ] | bb1 = bb1 [ bb1 = {[@expl:loop invariant] [%#sbinary_search2] inv'0 l} - {[@expl:loop invariant] [%#sbinary_search1] get'0 self (UIntSize.to_int orig_ix) = get'0 l (UIntSize.to_int ix)} - {[@expl:loop invariant] [%#sbinary_search0] UIntSize.to_int ix < len_logic'0 l} + {[@expl:loop invariant] [%#sbinary_search1] get'0 self (UInt64.to_int orig_ix) = get'0 l (UInt64.to_int ix)} + {[@expl:loop invariant] [%#sbinary_search0] UInt64.to_int ix < len_logic'0 l} (! s0) [ s0 = bb2 ] [ bb2 = any [ br0 (a:t) (b:List'0.t_List t)-> {l = List'0.C_Cons a b} (! bb3) | br1 -> {l = List'0.C_Nil } (! bb7) ] @@ -143,13 +157,13 @@ module M_binary_search__qyi13868011053250380720__index [#"binary_search.rs" 45 4 | bb4 = s0 [ s0 = List'0.v_Cons {l} (fun (r0'0:t) (r1'0:List'0.t_List t) -> [ &t <- r0'0 ] s1) | s1 = List'0.v_Cons {l} (fun (r0'1:t) (r1'1:List'0.t_List t) -> [ &ls <- r1'1 ] s2) - | s2 = UIntSize.gt {ix} {[%#sbinary_search3] (0 : usize)} (fun (_ret':bool) -> [ &_15 <- _ret' ] s3) + | s2 = UInt64.gt {ix} {[%#sbinary_search3] (0 : UInt64.t)} (fun (_ret':bool) -> [ &_15 <- _ret' ] s3) | s3 = any [ br0 -> {_15 = false} (! bb6) | br1 -> {_15} (! bb5) ] ] | bb5 = s0 [ s0 = [ &_18 <- ls ] s1 | s1 = [ &l <- _18 ] s2 - | s2 = UIntSize.sub {ix} {[%#sbinary_search4] (1 : usize)} (fun (_ret':usize) -> [ &ix <- _ret' ] s3) + | s2 = UInt64.sub {ix} {[%#sbinary_search4] (1 : UInt64.t)} (fun (_ret':UInt64.t) -> [ &ix <- _ret' ] s3) | s3 = bb1 ] ] ] @@ -159,8 +173,8 @@ module M_binary_search__qyi13868011053250380720__index [#"binary_search.rs" 45 4 ) [ & _0 : t = any_l () | & self : List'0.t_List t = self - | & ix : usize = ix - | & orig_ix : usize = any_l () + | & ix : UInt64.t = ix + | & orig_ix : UInt64.t = any_l () | & l : List'0.t_List t = any_l () | & t : t = any_l () | & ls : List'0.t_List t = any_l () @@ -168,7 +182,7 @@ module M_binary_search__qyi13868011053250380720__index [#"binary_search.rs" 45 4 | & _18 : List'0.t_List t = any_l () ] [ return' (result:t)-> {[@expl:postcondition] [%#sbinary_search8] inv'1 result} - {[@expl:postcondition] [%#sbinary_search7] Option'0.C_Some result = get'0 self (UIntSize.to_int ix)} + {[@expl:postcondition] [%#sbinary_search7] Option'0.C_Some result = get'0 self (UInt64.to_int ix)} (! return' {result}) ] end @@ -216,31 +230,36 @@ module M_binary_search__qyi13868011053250380720__len [#"binary_search.rs" 67 4 6 axiom inv_axiom'0 [@rewrite] : forall x : List'0.t_List t [inv'0 x] . inv'0 x = invariant'0 x + use prelude.prelude.Int128.to_int + + use prelude.prelude.Int128 + use prelude.prelude.Intrinsic use prelude.prelude.Int function len_logic'0 [#"binary_search.rs" 22 4 22 29] (self : List'0.t_List t) : int = [%#sbinary_search9] match self with - | List'0.C_Cons _ ls -> 1 + len_logic'0 ls - | List'0.C_Nil -> 0 + | List'0.C_Cons _ ls -> Int128.to_int (1 : Int128.t) + len_logic'0 ls + | List'0.C_Nil -> Int128.to_int (0 : Int128.t) end - axiom len_logic'0_spec : forall self : List'0.t_List t . [%#sbinary_search8] len_logic'0 self >= 0 + axiom len_logic'0_spec : forall self : List'0.t_List t . [%#sbinary_search8] len_logic'0 self + >= Int128.to_int (0 : Int128.t) - use prelude.prelude.UIntSize + use prelude.prelude.UInt64.to_uint - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 meta "compute_max_steps" 1000000 - let rec len (self:List'0.t_List t) (return' (ret:usize))= {[%#sbinary_search5] inv'0 self} - {[%#sbinary_search4] len_logic'0 self <= 1000000} + let rec len (self:List'0.t_List t) (return' (ret:UInt64.t))= {[%#sbinary_search5] inv'0 self} + {[%#sbinary_search4] len_logic'0 self <= Int128.to_int (1000000 : Int128.t)} (! bb0 - [ bb0 = s0 [ s0 = [ &len <- [%#sbinary_search0] (0 : usize) ] s1 | s1 = [ &l <- self ] s2 | s2 = bb1 ] + [ bb0 = s0 [ s0 = [ &len <- [%#sbinary_search0] (0 : UInt64.t) ] s1 | s1 = [ &l <- self ] s2 | s2 = bb1 ] | bb1 = bb1 [ bb1 = {[@expl:loop invariant] [%#sbinary_search2] inv'0 l} - {[@expl:loop invariant] [%#sbinary_search1] UIntSize.to_int len + len_logic'0 l = len_logic'0 self} + {[@expl:loop invariant] [%#sbinary_search1] UInt64.to_int len + len_logic'0 l = len_logic'0 self} (! s0) [ s0 = bb2 ] [ bb2 = any [ br0 (a:t) (b:List'0.t_List t)-> {l = List'0.C_Cons a b} (! bb3) | br1 -> {l = List'0.C_Nil } (! bb5) ] @@ -248,7 +267,7 @@ module M_binary_search__qyi13868011053250380720__len [#"binary_search.rs" 67 4 6 | bb3 = bb4 | bb4 = s0 [ s0 = List'0.v_Cons {l} (fun (r0'0:t) (r1'0:List'0.t_List t) -> [ &ls <- r1'0 ] s1) - | s1 = UIntSize.add {len} {[%#sbinary_search3] (1 : usize)} (fun (_ret':usize) -> [ &len <- _ret' ] s2) + | s1 = UInt64.add {len} {[%#sbinary_search3] (1 : UInt64.t)} (fun (_ret':UInt64.t) -> [ &len <- _ret' ] s2) | s2 = [ &l <- ls ] s3 | s3 = bb1 ] ] @@ -256,14 +275,14 @@ module M_binary_search__qyi13868011053250380720__len [#"binary_search.rs" 67 4 6 | bb5 = s0 [ s0 = [ &_0 <- len ] s1 | s1 = return' {_0} ] ] ) - [ & _0 : usize = any_l () + [ & _0 : UInt64.t = any_l () | & self : List'0.t_List t = self - | & len : usize = any_l () + | & len : UInt64.t = any_l () | & l : List'0.t_List t = any_l () | & ls : List'0.t_List t = any_l () ] - [ return' (result:usize)-> {[@expl:postcondition] [%#sbinary_search7] UIntSize.to_int result = len_logic'0 self} - {[@expl:postcondition] [%#sbinary_search6] result >= (0 : usize)} + [ return' (result:UInt64.t)-> {[@expl:postcondition] [%#sbinary_search7] UInt64.to_int result = len_logic'0 self} + {[@expl:postcondition] [%#sbinary_search6] result >= (0 : UInt64.t)} (! return' {result}) ] end @@ -289,8 +308,8 @@ module M_binary_search__binary_search [#"binary_search.rs" 111 0 111 72] let%span sbinary_search3 = "binary_search.rs" 118 16 118 63 let%span sbinary_search4 = "binary_search.rs" 118 4 118 65 let%span sbinary_search5 = "binary_search.rs" 121 17 121 18 - let%span sbinary_search6 = "binary_search.rs" 122 26 122 27 - let%span sbinary_search7 = "binary_search.rs" 122 19 122 27 + let%span sbinary_search6 = "binary_search.rs" 122 19 122 27 + let%span sbinary_search7 = "binary_search.rs" 122 26 122 27 let%span sbinary_search8 = "binary_search.rs" 133 19 133 20 let%span sbinary_search9 = "binary_search.rs" 104 11 104 39 let%span sbinary_search10 = "binary_search.rs" 105 11 105 26 @@ -317,25 +336,35 @@ module M_binary_search__binary_search [#"binary_search.rs" 111 0 111 72] use prelude.prelude.Borrow - predicate inv'1 (_1 : uint32) + predicate inv'1 (_1 : UInt32.t) - axiom inv_axiom'1 [@rewrite] : forall x : uint32 [inv'1 x] . inv'1 x = true + axiom inv_axiom'1 [@rewrite] : forall x : UInt32.t [inv'1 x] . inv'1 x = true use T_binary_search__List as List'0 - predicate inv'0 (_1 : List'0.t_List uint32) + predicate inv'0 (_1 : List'0.t_List UInt32.t) - axiom inv_axiom'0 [@rewrite] : forall x : List'0.t_List uint32 [inv'0 x] . inv'0 x = true + axiom inv_axiom'0 [@rewrite] : forall x : List'0.t_List UInt32.t [inv'0 x] . inv'0 x = true use T_core__option__Option as Option'0 - function get'0 [#"binary_search.rs" 30 4 30 38] (self : List'0.t_List uint32) (ix : int) : Option'0.t_Option uint32 = + use prelude.prelude.Int128.to_int + + use prelude.prelude.Int128 + + function get'0 [#"binary_search.rs" 30 4 30 38] (self : List'0.t_List UInt32.t) (ix : int) : Option'0.t_Option UInt32.t + + = [%#sbinary_search26] match self with - | List'0.C_Cons t ls -> if ix = 0 then Option'0.C_Some t else get'0 ls (ix - 1) + | List'0.C_Cons t ls -> if ix = Int128.to_int (0 : Int128.t) then + Option'0.C_Some t + else + get'0 ls (ix - Int128.to_int (1 : Int128.t)) + | List'0.C_Nil -> Option'0.C_None end - predicate is_sorted'0 [#"binary_search.rs" 90 4 90 30] (self : List'0.t_List uint32) = + predicate is_sorted'0 [#"binary_search.rs" 90 4 90 30] (self : List'0.t_List UInt32.t) = [%#sbinary_search25] forall x1 : int, x2 : int . x1 <= x2 -> match (get'0 self x1, get'0 self x2) with | (Option'0.C_Some v1, Option'0.C_Some v2) -> v1 <= v2 @@ -345,27 +374,28 @@ module M_binary_search__binary_search [#"binary_search.rs" 111 0 111 72] use prelude.prelude.Intrinsic - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 - function len_logic'0 [#"binary_search.rs" 22 4 22 29] (self : List'0.t_List uint32) : int = + function len_logic'0 [#"binary_search.rs" 22 4 22 29] (self : List'0.t_List UInt32.t) : int = [%#sbinary_search19] match self with - | List'0.C_Cons _ ls -> 1 + len_logic'0 ls - | List'0.C_Nil -> 0 + | List'0.C_Cons _ ls -> Int128.to_int (1 : Int128.t) + len_logic'0 ls + | List'0.C_Nil -> Int128.to_int (0 : Int128.t) end - axiom len_logic'0_spec : forall self : List'0.t_List uint32 . [%#sbinary_search18] len_logic'0 self >= 0 + axiom len_logic'0_spec : forall self : List'0.t_List UInt32.t . [%#sbinary_search18] len_logic'0 self + >= Int128.to_int (0 : Int128.t) - use prelude.prelude.UIntSize + use prelude.prelude.UInt64.to_uint - let rec index'0 (self:List'0.t_List uint32) (ix:usize) (return' (ret:uint32))= {[@expl:precondition] [%#sbinary_search22] inv'0 self} - {[@expl:precondition] [%#sbinary_search21] UIntSize.to_int ix < len_logic'0 self} + let rec index'0 (self:List'0.t_List UInt32.t) (ix:UInt64.t) (return' (ret:UInt32.t))= {[@expl:precondition] [%#sbinary_search22] inv'0 self} + {[@expl:precondition] [%#sbinary_search21] UInt64.to_int ix < len_logic'0 self} any - [ return' (result:uint32)-> {[%#sbinary_search24] inv'1 result} - {[%#sbinary_search23] Option'0.C_Some result = get'0 self (UIntSize.to_int ix)} + [ return' (result:UInt32.t)-> {[%#sbinary_search24] inv'1 result} + {[%#sbinary_search23] Option'0.C_Some result = get'0 self (UInt64.to_int ix)} (! return' {result}) ] - function get_default'0 [#"binary_search.rs" 80 4 80 46] (self : List'0.t_List uint32) (ix : int) (def : uint32) : uint32 + function get_default'0 [#"binary_search.rs" 80 4 80 46] (self : List'0.t_List UInt32.t) (ix : int) (def : UInt32.t) : UInt32.t = [%#sbinary_search20] match get'0 self ix with @@ -375,50 +405,50 @@ module M_binary_search__binary_search [#"binary_search.rs" 111 0 111 72] use T_core__result__Result as Result'0 - let rec len'0 (self:List'0.t_List uint32) (return' (ret:usize))= {[@expl:precondition] [%#sbinary_search15] inv'0 self} - {[@expl:precondition] [%#sbinary_search14] len_logic'0 self <= 1000000} + let rec len'0 (self:List'0.t_List UInt32.t) (return' (ret:UInt64.t))= {[@expl:precondition] [%#sbinary_search15] inv'0 self} + {[@expl:precondition] [%#sbinary_search14] len_logic'0 self <= Int128.to_int (1000000 : Int128.t)} any - [ return' (result:usize)-> {[%#sbinary_search17] UIntSize.to_int result = len_logic'0 self} - {[%#sbinary_search16] result >= (0 : usize)} + [ return' (result:UInt64.t)-> {[%#sbinary_search17] UInt64.to_int result = len_logic'0 self} + {[%#sbinary_search16] result >= (0 : UInt64.t)} (! return' {result}) ] meta "compute_max_steps" 1000000 - let rec binary_search (arr:List'0.t_List uint32) (elem:uint32) (return' (ret:Result'0.t_Result usize usize))= {[%#sbinary_search10] is_sorted'0 arr} - {[%#sbinary_search9] len_logic'0 arr <= 1000000} + let rec binary_search (arr:List'0.t_List UInt32.t) (elem:UInt32.t) (return' (ret:Result'0.t_Result UInt64.t UInt64.t))= {[%#sbinary_search10] is_sorted'0 arr} + {[%#sbinary_search9] len_logic'0 arr <= Int128.to_int (1000000 : Int128.t)} (! bb0 - [ bb0 = s0 [ s0 = len'0 {arr} (fun (_ret':usize) -> [ &_10 <- _ret' ] s1) | s1 = bb1 ] + [ bb0 = s0 [ s0 = len'0 {arr} (fun (_ret':UInt64.t) -> [ &_10 <- _ret' ] s1) | s1 = bb1 ] | bb1 = s0 - [ s0 = UIntSize.eq {_10} {[%#sbinary_search0] (0 : usize)} (fun (_ret':bool) -> [ &_9 <- _ret' ] s1) + [ s0 = UInt64.eq {_10} {[%#sbinary_search0] (0 : UInt64.t)} (fun (_ret':bool) -> [ &_9 <- _ret' ] s1) | s1 = any [ br0 -> {_9 = false} (! bb3) | br1 -> {_9} (! bb2) ] ] - | bb2 = s0 [ s0 = [ &_0 <- Result'0.C_Err ([%#sbinary_search1] (0 : usize)) ] s1 | s1 = bb21 ] - | bb3 = s0 [ s0 = len'0 {arr} (fun (_ret':usize) -> [ &size <- _ret' ] s1) | s1 = bb4 ] - | bb4 = s0 [ s0 = [ &base <- [%#sbinary_search2] (0 : usize) ] s1 | s1 = bb5 ] + | bb2 = s0 [ s0 = [ &_0 <- Result'0.C_Err ([%#sbinary_search1] (0 : UInt64.t)) ] s1 | s1 = bb21 ] + | bb3 = s0 [ s0 = len'0 {arr} (fun (_ret':UInt64.t) -> [ &size <- _ret' ] s1) | s1 = bb4 ] + | bb4 = s0 [ s0 = [ &base <- [%#sbinary_search2] (0 : UInt64.t) ] s1 | s1 = bb5 ] | bb5 = bb5 - [ bb5 = {[@expl:loop invariant] [%#sbinary_search4] forall i : usize . UIntSize.to_int base + UIntSize.to_int size - < UIntSize.to_int i - /\ UIntSize.to_int i < len_logic'0 arr -> elem < get_default'0 arr (UIntSize.to_int i) (0 : uint32)} - {[@expl:loop invariant] [%#sbinary_search4] forall i : usize . i < base - -> get_default'0 arr (UIntSize.to_int i) (0 : uint32) <= elem} - {[@expl:loop invariant] [%#sbinary_search3] 0 < UIntSize.to_int size - /\ UIntSize.to_int size + UIntSize.to_int base <= len_logic'0 arr} + [ bb5 = {[@expl:loop invariant] [%#sbinary_search4] forall i : UInt64.t . UInt64.to_int base + UInt64.to_int size + < UInt64.to_int i + /\ UInt64.to_int i < len_logic'0 arr -> elem < get_default'0 arr (UInt64.to_int i) (0 : UInt32.t)} + {[@expl:loop invariant] [%#sbinary_search4] forall i : UInt64.t . i < base + -> get_default'0 arr (UInt64.to_int i) (0 : UInt32.t) <= elem} + {[@expl:loop invariant] [%#sbinary_search3] Int128.to_int (0 : Int128.t) < UInt64.to_int size + /\ UInt64.to_int size + UInt64.to_int base <= len_logic'0 arr} (! s0) [ s0 = bb6 ] [ bb6 = s0 - [ s0 = UIntSize.gt {size} {[%#sbinary_search5] (1 : usize)} (fun (_ret':bool) -> [ &_21 <- _ret' ] s1) + [ s0 = UInt64.gt {size} {[%#sbinary_search5] (1 : UInt64.t)} (fun (_ret':bool) -> [ &_21 <- _ret' ] s1) | s1 = any [ br0 -> {_21 = false} (! bb13) | br1 -> {_21} (! bb7) ] ] | bb7 = s0 - [ s0 = UIntSize.eq {[%#sbinary_search6] (2 : usize)} {[%#sbinary_search7] (0 : usize)} + [ s0 = UInt64.eq {[%#sbinary_search7] (2 : UInt64.t)} {[%#sbinary_search6] (0 : UInt64.t)} (fun (_ret':bool) -> [ &_25 <- _ret' ] s1) - | s1 = {[@expl:division by zero] [%#sbinary_search7] not _25} s2 + | s1 = {[@expl:division by zero] [%#sbinary_search6] not _25} s2 | s2 = bb8 ] | bb8 = s0 - [ s0 = UIntSize.div {size} {[%#sbinary_search6] (2 : usize)} (fun (_ret':usize) -> [ &half <- _ret' ] s1) - | s1 = UIntSize.add {base} {half} (fun (_ret':usize) -> [ &mid <- _ret' ] s2) - | s2 = index'0 {arr} {mid} (fun (_ret':uint32) -> [ &_32 <- _ret' ] s3) + [ s0 = UInt64.div {size} {[%#sbinary_search7] (2 : UInt64.t)} (fun (_ret':UInt64.t) -> [ &half <- _ret' ] s1) + | s1 = UInt64.add {base} {half} (fun (_ret':UInt64.t) -> [ &mid <- _ret' ] s2) + | s2 = index'0 {arr} {mid} (fun (_ret':UInt32.t) -> [ &_32 <- _ret' ] s3) | s3 = bb9 ] | bb9 = s0 @@ -429,12 +459,12 @@ module M_binary_search__binary_search [#"binary_search.rs" 111 0 111 72] | bb11 = s0 [ s0 = [ &_29 <- mid ] s1 | s1 = bb12 ] | bb12 = s0 [ s0 = [ &base <- _29 ] s1 - | s1 = UIntSize.sub {size} {half} (fun (_ret':usize) -> [ &size <- _ret' ] s2) + | s1 = UInt64.sub {size} {half} (fun (_ret':UInt64.t) -> [ &size <- _ret' ] s2) | s2 = bb5 ] ] ] - | bb13 = s0 [ s0 = index'0 {arr} {base} (fun (_ret':uint32) -> [ &_41 <- _ret' ] s1) | s1 = bb14 ] + | bb13 = s0 [ s0 = index'0 {arr} {base} (fun (_ret':UInt32.t) -> [ &_41 <- _ret' ] s1) | s1 = bb14 ] | bb14 = s0 [ s0 = [ &cmp <- _41 ] s1 | s1 = UInt32.eq {cmp} {elem} (fun (_ret':bool) -> [ &_44 <- _ret' ] s2) @@ -446,7 +476,7 @@ module M_binary_search__binary_search [#"binary_search.rs" 111 0 111 72] | s1 = any [ br0 -> {_48 = false} (! bb18) | br1 -> {_48} (! bb17) ] ] | bb17 = s0 - [ s0 = UIntSize.add {base} {[%#sbinary_search8] (1 : usize)} (fun (_ret':usize) -> [ &_51 <- _ret' ] s1) + [ s0 = UInt64.add {base} {[%#sbinary_search8] (1 : UInt64.t)} (fun (_ret':UInt64.t) -> [ &_51 <- _ret' ] s1) | s1 = [ &_0 <- Result'0.C_Err _51 ] s2 | s2 = bb19 ] @@ -455,35 +485,35 @@ module M_binary_search__binary_search [#"binary_search.rs" 111 0 111 72] | bb20 = bb21 | bb21 = return' {_0} ] ) - [ & _0 : Result'0.t_Result usize usize = any_l () - | & arr : List'0.t_List uint32 = arr - | & elem : uint32 = elem + [ & _0 : Result'0.t_Result UInt64.t UInt64.t = any_l () + | & arr : List'0.t_List UInt32.t = arr + | & elem : UInt32.t = elem | & _9 : bool = any_l () - | & _10 : usize = any_l () - | & size : usize = any_l () - | & base : usize = any_l () + | & _10 : UInt64.t = any_l () + | & size : UInt64.t = any_l () + | & base : UInt64.t = any_l () | & _21 : bool = any_l () - | & half : usize = any_l () + | & half : UInt64.t = any_l () | & _25 : bool = any_l () - | & mid : usize = any_l () - | & _29 : usize = any_l () + | & mid : UInt64.t = any_l () + | & _29 : UInt64.t = any_l () | & _30 : bool = any_l () - | & _32 : uint32 = any_l () - | & cmp : uint32 = any_l () - | & _41 : uint32 = any_l () + | & _32 : UInt32.t = any_l () + | & cmp : UInt32.t = any_l () + | & _41 : UInt32.t = any_l () | & _44 : bool = any_l () | & _48 : bool = any_l () - | & _51 : usize = any_l () ] + | & _51 : UInt64.t = any_l () ] - [ return' (result:Result'0.t_Result usize usize)-> {[@expl:postcondition] [%#sbinary_search13] forall x : usize . result + [ return' (result:Result'0.t_Result UInt64.t UInt64.t)-> {[@expl:postcondition] [%#sbinary_search13] forall x : UInt64.t . result = Result'0.C_Err x - -> (forall i : usize . UIntSize.to_int x < UIntSize.to_int i /\ UIntSize.to_int i < len_logic'0 arr - -> elem < get_default'0 arr (UIntSize.to_int i) (0 : uint32))} - {[@expl:postcondition] [%#sbinary_search12] forall x : usize . result = Result'0.C_Err x - -> (forall i : usize . 0 <= UIntSize.to_int i /\ UIntSize.to_int i < UIntSize.to_int x - -> get_default'0 arr (UIntSize.to_int i) (0 : uint32) <= elem)} - {[@expl:postcondition] [%#sbinary_search11] forall x : usize . result = Result'0.C_Ok x - -> get'0 arr (UIntSize.to_int x) = Option'0.C_Some elem} + -> (forall i : UInt64.t . UInt64.to_int x < UInt64.to_int i /\ UInt64.to_int i < len_logic'0 arr + -> elem < get_default'0 arr (UInt64.to_int i) (0 : UInt32.t))} + {[@expl:postcondition] [%#sbinary_search12] forall x : UInt64.t . result = Result'0.C_Err x + -> (forall i : UInt64.t . Int128.to_int (0 : Int128.t) <= UInt64.to_int i /\ UInt64.to_int i < UInt64.to_int x + -> get_default'0 arr (UInt64.to_int i) (0 : UInt32.t) <= elem)} + {[@expl:postcondition] [%#sbinary_search11] forall x : UInt64.t . result = Result'0.C_Ok x + -> get'0 arr (UInt64.to_int x) = Option'0.C_Some elem} (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/bug/168.coma b/creusot/tests/should_succeed/bug/168.coma index 271a711780..2d5f81fbfb 100644 --- a/creusot/tests/should_succeed/bug/168.coma +++ b/creusot/tests/should_succeed/bug/168.coma @@ -3,13 +3,13 @@ module M_168__max_int [#"168.rs" 3 0 3 25] use prelude.prelude.Intrinsic - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 use prelude.prelude.Int meta "compute_max_steps" 1000000 - let rec max_int (_1:()) (return' (ret:usize))= (! bb0 - [ bb0 = s0 [ s0 = [ &_0 <- [%#s1680] (18446744073709551615 : usize) ] s1 | s1 = return' {_0} ] ] - ) [ & _0 : usize = any_l () ] [ return' (result:usize)-> (! return' {result}) ] + let rec max_int (_1:()) (return' (ret:UInt64.t))= (! bb0 + [ bb0 = s0 [ s0 = [ &_0 <- [%#s1680] (18446744073709551615 : UInt64.t) ] s1 | s1 = return' {_0} ] ] + ) [ & _0 : UInt64.t = any_l () ] [ return' (result:UInt64.t)-> (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/bug/271.coma b/creusot/tests/should_succeed/bug/271.coma index f6aab51321..c4a512c3ef 100644 --- a/creusot/tests/should_succeed/bug/271.coma +++ b/creusot/tests/should_succeed/bug/271.coma @@ -10,8 +10,8 @@ module M_271__ex [#"271.rs" 5 0 5 11] meta "compute_max_steps" 1000000 let rec ex (_1:()) (return' (ret:()))= (! bb0 - [ bb0 = s0 [ s0 = [ &a <- [%#s2710] (0 : int32) ] s1 | s1 = bb4 ] | bb4 = bb5 | bb5 = return' {_0} ] - ) [ & _0 : () = any_l () | & a : int32 = any_l () ] [ return' (result:())-> (! return' {result}) ] + [ bb0 = s0 [ s0 = [ &a <- [%#s2710] (0 : Int32.t) ] s1 | s1 = bb4 ] | bb4 = bb5 | bb5 = return' {_0} ] + ) [ & _0 : () = any_l () | & a : Int32.t = any_l () ] [ return' (result:())-> (! return' {result}) ] end module M_271__ex2 [#"271.rs" 13 0 13 12] let%span s2710 = "271.rs" 14 12 14 13 @@ -26,14 +26,14 @@ module M_271__ex2 [#"271.rs" 13 0 13 12] let rec ex2 (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 - [ s0 = [ &a <- [%#s2710] (0 : int32) ] s1 + [ s0 = [ &a <- [%#s2710] (0 : Int32.t) ] s1 | s1 = any [ br0 -> {a = 0} (! bb3) | br1 -> {a = 1} (! bb3) | default -> (! bb1) ] ] | bb1 = bb6 | bb3 = bb4 | bb4 = bb6 | bb6 = return' {_0} ] - ) [ & _0 : () = any_l () | & a : int32 = any_l () ] [ return' (result:())-> (! return' {result}) ] + ) [ & _0 : () = any_l () | & a : Int32.t = any_l () ] [ return' (result:())-> (! return' {result}) ] end module M_271__ex3 [#"271.rs" 22 0 22 12] let%span s2710 = "271.rs" 23 12 23 13 @@ -48,7 +48,7 @@ module M_271__ex3 [#"271.rs" 22 0 22 12] let rec ex3 (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 - [ s0 = [ &a <- [%#s2710] (0 : int32) ] s1 + [ s0 = [ &a <- [%#s2710] (0 : Int32.t) ] s1 | s1 = any [ br0 -> {a = 0} (! bb2) | br1 -> {a = 1} (! bb2) | br2 -> {a = 2} (! bb3) | default -> (! bb1) ] ] | bb1 = bb6 @@ -57,5 +57,5 @@ module M_271__ex3 [#"271.rs" 22 0 22 12] | bb2 = bb4 | bb4 = bb6 | bb6 = return' {_0} ] - ) [ & _0 : () = any_l () | & a : int32 = any_l () ] [ return' (result:())-> (! return' {result}) ] + ) [ & _0 : () = any_l () | & a : Int32.t = any_l () ] [ return' (result:())-> (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/bug/387.coma b/creusot/tests/should_succeed/bug/387.coma index e969fdf38c..572cb88975 100644 --- a/creusot/tests/should_succeed/bug/387.coma +++ b/creusot/tests/should_succeed/bug/387.coma @@ -20,12 +20,13 @@ module T_387__Node [#"387.rs" 8 0 8 11] use prelude.prelude.Int type t_Node = - | C_Node (t_Tree) uint32 (t_Tree) + | C_Node (t_Tree) UInt32.t (t_Tree) with t_Tree = | C_Tree (Option'0.t_Option (t_Node)) - let rec t_Node (input:t_Node) (ret (left:t_Tree) (val':uint32) (right:t_Tree))= any - [ good (left:t_Tree) (val':uint32) (right:t_Tree)-> {C_Node left val' right = input} (! ret {left} {val'} {right}) ] + let rec t_Node (input:t_Node) (ret (left:t_Tree) (val':UInt32.t) (right:t_Tree))= any + [ good (left:t_Tree) (val':UInt32.t) (right:t_Tree)-> {C_Node left val' right = input} + (! ret {left} {val'} {right}) ] let rec t_Tree (input:t_Tree) (ret (field_0:Option'0.t_Option (t_Node)))= any @@ -62,23 +63,23 @@ module M_387__qyi16446429885017832241__height [#"387.rs" 18 4 18 31] (* Tree *) use prelude.prelude.Int - predicate inv'0 (_1 : uint64) + predicate inv'0 (_1 : UInt64.t) - axiom inv_axiom'0 [@rewrite] : forall x : uint64 [inv'0 x] . inv'0 x = true + axiom inv_axiom'0 [@rewrite] : forall x : UInt64.t [inv'0 x] . inv'0 x = true use prelude.prelude.Borrow use prelude.prelude.Intrinsic - use prelude.prelude.UInt64 + use prelude.prelude.UInt64.to_uint - function deep_model'0 (self : uint64) : int = + function deep_model'0 (self : UInt64.t) : int = [%#snum7] UInt64.to_int self - let rec max'0 (self:uint64) (other:uint64) (return' (ret:uint64))= {[@expl:precondition] inv'0 other} + let rec max'0 (self:UInt64.t) (other:UInt64.t) (return' (ret:UInt64.t))= {[@expl:precondition] inv'0 other} {[@expl:precondition] inv'0 self} any - [ return' (result:uint64)-> {inv'0 result} + [ return' (result:UInt64.t)-> {inv'0 result} {[%#scmp6] deep_model'0 other < deep_model'0 self -> result = self} {[%#scmp5] deep_model'0 self <= deep_model'0 other -> result = other} {[%#scmp4] result = self \/ result = other} @@ -97,7 +98,7 @@ module M_387__qyi16446429885017832241__height [#"387.rs" 18 4 18 31] (* Tree *) meta "compute_max_steps" 1000000 - let rec height (self:Tree'0.t_Tree) (return' (ret:uint64))= (! bb0 + let rec height (self:Tree'0.t_Tree) (return' (ret:UInt64.t))= (! bb0 [ bb0 = Tree'0.t_Tree {self} (fun (r0'0:Option'0.t_Option (Node'0.t_Node)) -> any @@ -108,29 +109,29 @@ module M_387__qyi16446429885017832241__height [#"387.rs" 18 4 18 31] (* Tree *) (fun (r0'0:Option'0.t_Option (Node'0.t_Node)) -> Option'0.v_Some {r0'0} (fun (r0'1:Node'0.t_Node) -> [ &n <- r0'1 ] s1)) | s1 = Node'0.t_Node {n} - (fun (rleft'0:Tree'0.t_Tree) (rval'0:uint32) (rright'0:Tree'0.t_Tree) -> - height {rleft'0} (fun (_ret':uint64) -> [ &_5 <- _ret' ] s2)) + (fun (rleft'0:Tree'0.t_Tree) (rval'0:UInt32.t) (rright'0:Tree'0.t_Tree) -> + height {rleft'0} (fun (_ret':UInt64.t) -> [ &_5 <- _ret' ] s2)) | s2 = bb5 ] | bb5 = s0 [ s0 = Node'0.t_Node {n} - (fun (rleft'0:Tree'0.t_Tree) (rval'0:uint32) (rright'0:Tree'0.t_Tree) -> - height {rright'0} (fun (_ret':uint64) -> [ &_7 <- _ret' ] s1)) + (fun (rleft'0:Tree'0.t_Tree) (rval'0:UInt32.t) (rright'0:Tree'0.t_Tree) -> + height {rright'0} (fun (_ret':UInt64.t) -> [ &_7 <- _ret' ] s1)) | s1 = bb6 ] - | bb6 = s0 [ s0 = max'0 {_5} {_7} (fun (_ret':uint64) -> [ &_4 <- _ret' ] s1) | s1 = bb7 ] + | bb6 = s0 [ s0 = max'0 {_5} {_7} (fun (_ret':UInt64.t) -> [ &_4 <- _ret' ] s1) | s1 = bb7 ] | bb7 = s0 - [ s0 = UInt64.add {_4} {[%#s3870] (1 : uint64)} (fun (_ret':uint64) -> [ &_0 <- _ret' ] s1) | s1 = bb8 ] + [ s0 = UInt64.add {_4} {[%#s3870] (1 : UInt64.t)} (fun (_ret':UInt64.t) -> [ &_0 <- _ret' ] s1) | s1 = bb8 ] | bb2 = bb4 - | bb4 = s0 [ s0 = [ &_0 <- [%#s3871] (0 : uint64) ] s1 | s1 = bb8 ] + | bb4 = s0 [ s0 = [ &_0 <- [%#s3871] (0 : UInt64.t) ] s1 | s1 = bb8 ] | bb8 = return' {_0} ] ) - [ & _0 : uint64 = any_l () + [ & _0 : UInt64.t = any_l () | & self : Tree'0.t_Tree = self | & n : Node'0.t_Node = any_l () - | & _4 : uint64 = any_l () - | & _5 : uint64 = any_l () - | & _7 : uint64 = any_l () ] - [ return' (result:uint64)-> (! return' {result}) ] + | & _4 : UInt64.t = any_l () + | & _5 : UInt64.t = any_l () + | & _7 : UInt64.t = any_l () ] + [ return' (result:UInt64.t)-> (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/bug/545.coma b/creusot/tests/should_succeed/bug/545.coma index 414a87da1b..231798c63e 100644 --- a/creusot/tests/should_succeed/bug/545.coma +++ b/creusot/tests/should_succeed/bug/545.coma @@ -10,6 +10,6 @@ module M_545__negative_is_negative [#"545.rs" 4 0 4 29] meta "compute_max_steps" 1000000 let rec negative_is_negative (_1:()) (return' (ret:()))= (! bb0 - [ bb0 = s0 [ s0 = {[@expl:assertion] [%#s5450] (0 : int32) > (-100 : int32)} s1 | s1 = return' {_0} ] ] + [ bb0 = s0 [ s0 = {[@expl:assertion] [%#s5450] (0 : Int32.t) > (-100 : Int32.t)} s1 | s1 = return' {_0} ] ] ) [ & _0 : () = any_l () ] [ return' (result:())-> (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/bug/594.coma b/creusot/tests/should_succeed/bug/594.coma index 1f1ba4d58a..6e6cb87b13 100644 --- a/creusot/tests/should_succeed/bug/594.coma +++ b/creusot/tests/should_succeed/bug/594.coma @@ -9,10 +9,10 @@ module M_594__test_program [#"594.rs" 11 0 11 46] meta "compute_max_steps" 1000000 - let rec test_program (_1:(uint32, uint32)) (return' (ret:uint32))= (! bb0 + let rec test_program (_1:(UInt32.t, UInt32.t)) (return' (ret:UInt32.t))= (! bb0 [ bb0 = s0 [ s0 = [ &x <- let (r'0, _) = _1 in r'0 ] s1 | s1 = [ &_0 <- x ] s2 | s2 = return' {_0} ] ] - ) [ & _0 : uint32 = any_l () | & _1 : (uint32, uint32) = _1 | & x : uint32 = any_l () ] - [ return' (result:uint32)-> {[@expl:postcondition] [%#s5940] let (x, _) = _1 in result = x} (! return' {result}) ] + ) [ & _0 : UInt32.t = any_l () | & _1 : (UInt32.t, UInt32.t) = _1 | & x : UInt32.t = any_l () ] + [ return' (result:UInt32.t)-> {[@expl:postcondition] [%#s5940] let (x, _) = _1 in result = x} (! return' {result}) ] end module T_594__test_closure__qyClosure0 [#"594.rs" 16 14 16 37] @@ -38,7 +38,7 @@ module M_594__test_closure__qyClosure0 [#"594.rs" 16 14 16 37] meta "compute_max_steps" 1000000 - let rec m_594__test_closure__qyClosure0 (_1:Closure'0.m_594__test_closure__qyClosure0) (_c:int32) (_3:(int32, int32)) (return' (ret:int32))= (! bb0 + let rec m_594__test_closure__qyClosure0 (_1:Closure'0.m_594__test_closure__qyClosure0) (_c:Int32.t) (_3:(Int32.t, Int32.t)) (return' (ret:Int32.t))= (! bb0 [ bb0 = s0 [ s0 = [ &_a <- let (r'0, _) = _3 in r'0 ] s1 | s1 = [ &b <- let (_, r'1) = _3 in r'1 ] s2 @@ -47,12 +47,14 @@ module M_594__test_closure__qyClosure0 [#"594.rs" 16 14 16 37] | s4 = return' {_0} ] ] ) - [ & _0 : int32 = any_l () - | & _3 : (int32, int32) = _3 - | & _a : int32 = any_l () - | & b : int32 = any_l () - | & res : int32 = any_l () ] - [ return' (result:int32)-> {[@expl:postcondition] [%#s5940] let (_a, b) = _3 in result = b} (! return' {result}) ] + [ & _0 : Int32.t = any_l () + | & _3 : (Int32.t, Int32.t) = _3 + | & _a : Int32.t = any_l () + | & b : Int32.t = any_l () + | & res : Int32.t = any_l () ] + + [ return' (result:Int32.t)-> {[@expl:postcondition] [%#s5940] let (_a, b) = _3 in result = b} (! return' {result}) ] + end module T_594__test_closure__qyClosure1 [#"594.rs" 18 14 18 37] type m_594__test_closure__qyClosure1 = @@ -77,7 +79,7 @@ module M_594__test_closure__qyClosure1 [#"594.rs" 18 14 18 37] meta "compute_max_steps" 1000000 - let rec m_594__test_closure__qyClosure1 (_1:Closure'0.m_594__test_closure__qyClosure1) (_2:(int32, int32)) (return' (ret:int32))= (! bb0 + let rec m_594__test_closure__qyClosure1 (_1:Closure'0.m_594__test_closure__qyClosure1) (_2:(Int32.t, Int32.t)) (return' (ret:Int32.t))= (! bb0 [ bb0 = s0 [ s0 = [ &_a <- let (r'0, _) = _2 in r'0 ] s1 | s1 = [ &b <- let (_, r'1) = _2 in r'1 ] s2 @@ -86,12 +88,14 @@ module M_594__test_closure__qyClosure1 [#"594.rs" 18 14 18 37] | s4 = return' {_0} ] ] ) - [ & _0 : int32 = any_l () - | & _2 : (int32, int32) = _2 - | & _a : int32 = any_l () - | & b : int32 = any_l () - | & res : int32 = any_l () ] - [ return' (result:int32)-> {[@expl:postcondition] [%#s5940] let (_a, b) = _2 in result = b} (! return' {result}) ] + [ & _0 : Int32.t = any_l () + | & _2 : (Int32.t, Int32.t) = _2 + | & _a : Int32.t = any_l () + | & b : Int32.t = any_l () + | & res : Int32.t = any_l () ] + + [ return' (result:Int32.t)-> {[@expl:postcondition] [%#s5940] let (_a, b) = _2 in result = b} (! return' {result}) ] + end module M_594__test_closure [#"594.rs" 15 0 15 21] let%span s5940 = "594.rs" 20 23 20 24 @@ -112,14 +116,14 @@ module M_594__test_closure [#"594.rs" 15 0 15 21] use prelude.prelude.Borrow - let rec closure1'0 (_1:Closure'1.m_594__test_closure__qyClosure1) (_2:(int32, int32)) (return' (ret:int32))= any - [ return' (result:int32)-> {[%#s5946] let (_a, b) = _2 in result = b} (! return' {result}) ] + let rec closure1'0 (_1:Closure'1.m_594__test_closure__qyClosure1) (_2:(Int32.t, Int32.t)) (return' (ret:Int32.t))= any + [ return' (result:Int32.t)-> {[%#s5946] let (_a, b) = _2 in result = b} (! return' {result}) ] use T_594__test_closure__qyClosure0 as Closure'0 - let rec closure0'0 (_1:Closure'0.m_594__test_closure__qyClosure0) (_c:int32) (_3:(int32, int32)) (return' (ret:int32))= any - [ return' (result:int32)-> {[%#s5945] let (_a, b) = _3 in result = b} (! return' {result}) ] + let rec closure0'0 (_1:Closure'0.m_594__test_closure__qyClosure0) (_c:Int32.t) (_3:(Int32.t, Int32.t)) (return' (ret:Int32.t))= any + [ return' (result:Int32.t)-> {[%#s5945] let (_a, b) = _3 in result = b} (! return' {result}) ] meta "compute_max_steps" 1000000 @@ -128,16 +132,16 @@ module M_594__test_closure [#"594.rs" 15 0 15 21] [ bb0 = s0 [ s0 = [ &cl1 <- Closure'0.M_594__test_closure__qyClosure0 ] s1 | s1 = [ &cl2 <- Closure'1.M_594__test_closure__qyClosure1 ] s2 - | s2 = [ &_6 <- (([%#s5940] (0 : int32)), ([%#s5941] (3 : int32))) ] s3 - | s3 = [ &_5 <- (([%#s5942] (4 : int32)), _6) ] s4 + | s2 = [ &_6 <- (([%#s5940] (0 : Int32.t)), ([%#s5941] (3 : Int32.t))) ] s3 + | s3 = [ &_5 <- (([%#s5942] (4 : Int32.t)), _6) ] s4 | s4 = closure0'0 {cl1} {let (r'0, _) = _5 in r'0} {let (_, r'1) = _5 in r'1} - (fun (_ret':int32) -> [ &_a <- _ret' ] s5) + (fun (_ret':Int32.t) -> [ &_a <- _ret' ] s5) | s5 = bb1 ] | bb1 = s0 - [ s0 = [ &_10 <- (([%#s5943] (0 : int32)), ([%#s5944] (4 : int32))) ] s1 + [ s0 = [ &_10 <- (([%#s5943] (0 : Int32.t)), ([%#s5944] (4 : Int32.t))) ] s1 | s1 = [ &_9 <- (_10) ] s2 - | s2 = closure1'0 {cl2} {let (r'0) = _9 in r'0} (fun (_ret':int32) -> [ &_b <- _ret' ] s3) + | s2 = closure1'0 {cl2} {let (r'0) = _9 in r'0} (fun (_ret':Int32.t) -> [ &_b <- _ret' ] s3) | s3 = bb2 ] | bb2 = return' {_0} ] @@ -145,12 +149,12 @@ module M_594__test_closure [#"594.rs" 15 0 15 21] [ & _0 : () = any_l () | & cl1 : Closure'0.m_594__test_closure__qyClosure0 = any_l () | & cl2 : Closure'1.m_594__test_closure__qyClosure1 = any_l () - | & _a : int32 = any_l () - | & _5 : (int32, (int32, int32)) = any_l () - | & _6 : (int32, int32) = any_l () - | & _b : int32 = any_l () - | & _9 : (int32, int32) = any_l () - | & _10 : (int32, int32) = any_l () ] + | & _a : Int32.t = any_l () + | & _5 : (Int32.t, (Int32.t, Int32.t)) = any_l () + | & _6 : (Int32.t, Int32.t) = any_l () + | & _b : Int32.t = any_l () + | & _9 : (Int32.t, Int32.t) = any_l () + | & _10 : (Int32.t, Int32.t) = any_l () ] [ return' (result:())-> (! return' {result}) ] end module T_594__T [#"594.rs" 24 0 24 12] @@ -159,10 +163,10 @@ module T_594__T [#"594.rs" 24 0 24 12] use prelude.prelude.Int type t_T = - | C_T uint32 + | C_T UInt32.t - let rec t_T (input:t_T) (ret (field_0:uint32))= any - [ good (field_0:uint32)-> {C_T field_0 = input} (! ret {field_0}) ] + let rec t_T (input:t_T) (ret (field_0:UInt32.t))= any + [ good (field_0:UInt32.t)-> {C_T field_0 = input} (! ret {field_0}) ] end module M_594__qyi1704796797730763899__test_method [#"594.rs" 33 4 33 55] (* T *) @@ -178,9 +182,9 @@ module M_594__qyi1704796797730763899__test_method [#"594.rs" 33 4 33 55] (* T *) meta "compute_max_steps" 1000000 - let rec test_method (self:T'0.t_T) (_2:(uint32, uint32)) (return' (ret:uint32))= (! bb0 + let rec test_method (self:T'0.t_T) (_2:(UInt32.t, UInt32.t)) (return' (ret:UInt32.t))= (! bb0 [ bb0 = s0 [ s0 = [ &x <- let (r'0, _) = _2 in r'0 ] s1 | s1 = [ &_0 <- x ] s2 | s2 = return' {_0} ] ] - ) [ & _0 : uint32 = any_l () | & _2 : (uint32, uint32) = _2 | & x : uint32 = any_l () ] - [ return' (result:uint32)-> {[@expl:postcondition] [%#s5940] let (x, _) = _2 in result = x} (! return' {result}) ] + ) [ & _0 : UInt32.t = any_l () | & _2 : (UInt32.t, UInt32.t) = _2 | & x : UInt32.t = any_l () ] + [ return' (result:UInt32.t)-> {[@expl:postcondition] [%#s5940] let (x, _) = _2 in result = x} (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/bug/final_borrows.coma b/creusot/tests/should_succeed/bug/final_borrows.coma index 2423ff1eab..6e0537af6e 100644 --- a/creusot/tests/should_succeed/bug/final_borrows.coma +++ b/creusot/tests/should_succeed/bug/final_borrows.coma @@ -763,7 +763,11 @@ module M_final_borrows__set_7 [#"final_borrows.rs" 56 0 56 21] let%span sfinal_borrows1 = "final_borrows.rs" 55 10 55 20 let%span sresolve2 = "../../../../creusot-contracts/src/resolve.rs" 41 20 41 34 - use prelude.prelude.Int32 + use prelude.prelude.Int128.to_int + + use prelude.prelude.Int128 + + use prelude.prelude.Int32.to_int use prelude.prelude.Borrow @@ -773,22 +777,24 @@ module M_final_borrows__set_7 [#"final_borrows.rs" 56 0 56 21] use prelude.prelude.Int - predicate resolve'1 (self : borrowed int32) = + predicate resolve'1 (self : borrowed Int32.t) = [%#sresolve2] self.final = self.current - predicate resolve'0 (_1 : borrowed int32) = + predicate resolve'0 (_1 : borrowed Int32.t) = resolve'1 _1 meta "compute_max_steps" 1000000 - let rec set_7 (r:borrowed int32) (return' (ret:()))= (! bb0 + let rec set_7 (r:borrowed Int32.t) (return' (ret:()))= (! bb0 [ bb0 = s0 - [ s0 = [ &r <- { r with current = ([%#sfinal_borrows0] (7 : int32)) ; } ] s1 + [ s0 = [ &r <- { r with current = ([%#sfinal_borrows0] (7 : Int32.t)) ; } ] s1 | s1 = -{resolve'0 r}- s2 | s2 = return' {_0} ] ] - ) [ & _0 : () = any_l () | & r : borrowed int32 = r ] - [ return' (result:())-> {[@expl:postcondition] [%#sfinal_borrows1] Int32.to_int r.final = 7} (! return' {result}) ] + ) [ & _0 : () = any_l () | & r : borrowed Int32.t = r ] + [ return' (result:())-> {[@expl:postcondition] [%#sfinal_borrows1] Int32.to_int r.final + = Int128.to_int (7 : Int128.t)} + (! return' {result}) ] end module M_final_borrows__not_final_borrow_works [#"final_borrows.rs" 61 0 61 38] @@ -798,7 +804,11 @@ module M_final_borrows__not_final_borrow_works [#"final_borrows.rs" 61 0 61 38] let%span sfinal_borrows3 = "final_borrows.rs" 55 10 55 20 let%span sresolve4 = "../../../../creusot-contracts/src/resolve.rs" 41 20 41 34 - use prelude.prelude.Int32 + use prelude.prelude.Int128.to_int + + use prelude.prelude.Int128 + + use prelude.prelude.Int32.to_int use prelude.prelude.Intrinsic @@ -808,47 +818,50 @@ module M_final_borrows__not_final_borrow_works [#"final_borrows.rs" 61 0 61 38] use prelude.prelude.Borrow - predicate resolve'1 (self : borrowed int32) = + predicate resolve'1 (self : borrowed Int32.t) = [%#sresolve4] self.final = self.current - predicate resolve'0 (_1 : borrowed int32) = + predicate resolve'0 (_1 : borrowed Int32.t) = resolve'1 _1 - let rec set_7'0 (r:borrowed int32) (return' (ret:()))= any - [ return' (result:())-> {[%#sfinal_borrows3] Int32.to_int r.final = 7} (! return' {result}) ] + let rec set_7'0 (r:borrowed Int32.t) (return' (ret:()))= any + [ return' (result:())-> {[%#sfinal_borrows3] Int32.to_int r.final = Int128.to_int (7 : Int128.t)} + (! return' {result}) ] meta "compute_max_steps" 1000000 - let rec not_final_borrow_works (_1:()) (return' (ret:int32))= (! bb0 + let rec not_final_borrow_works (_1:()) (return' (ret:Int32.t))= (! bb0 [ bb0 = s0 - [ s0 = [ &x <- [%#sfinal_borrows0] (1 : int32) ] s1 - | s1 = Borrow.borrow_mut {x} (fun (_ret':borrowed int32) -> [ &r <- _ret' ] [ &x <- _ret'.final ] s2) - | s2 = Borrow.borrow_mut {r.current} - (fun (_ret':borrowed int32) -> [ &r1 <- _ret' ] [ &r <- { r with current = _ret'.final ; } ] s3) - | s3 = Borrow.borrow_final {r1.current} {Borrow.get_id r1} - (fun (_ret':borrowed int32) -> [ &_7 <- _ret' ] [ &r1 <- { r1 with current = _ret'.final ; } ] s4) + [ s0 = [ &x <- [%#sfinal_borrows0] (1 : Int32.t) ] s1 + | s1 = Borrow.borrow_mut {x} + (fun (_ret':borrowed Int32.t) -> [ &r <- _ret' ] [ &x <- _ret'.final ] s2) + | s2 = Borrow.borrow_mut {r.current} + (fun (_ret':borrowed Int32.t) -> [ &r1 <- _ret' ] [ &r <- { r with current = _ret'.final ; } ] s3) + | s3 = Borrow.borrow_final {r1.current} {Borrow.get_id r1} + (fun (_ret':borrowed Int32.t) -> [ &_7 <- _ret' ] [ &r1 <- { r1 with current = _ret'.final ; } ] s4) | s4 = set_7'0 {_7} (fun (_ret':()) -> [ &_6 <- _ret' ] s5) | s5 = bb1 ] | bb1 = s0 [ s0 = -{resolve'0 r1}- s1 | s1 = [ &y <- r.current ] s2 - | s2 = [ &r <- { r with current = ([%#sfinal_borrows1] (2 : int32)) ; } ] s3 + | s2 = [ &r <- { r with current = ([%#sfinal_borrows1] (2 : Int32.t)) ; } ] s3 | s3 = -{resolve'0 r}- s4 - | s4 = Int32.add {x} {y} (fun (_ret':int32) -> [ &_0 <- _ret' ] s5) + | s4 = Int32.add {x} {y} (fun (_ret':Int32.t) -> [ &_0 <- _ret' ] s5) | s5 = return' {_0} ] ] ) - [ & _0 : int32 = any_l () - | & x : int32 = any_l () - | & r : borrowed int32 = any_l () - | & r1 : borrowed int32 = any_l () + [ & _0 : Int32.t = any_l () + | & x : Int32.t = any_l () + | & r : borrowed Int32.t = any_l () + | & r1 : borrowed Int32.t = any_l () | & _6 : () = any_l () - | & _7 : borrowed int32 = any_l () - | & y : int32 = any_l () ] + | & _7 : borrowed Int32.t = any_l () + | & y : Int32.t = any_l () ] - [ return' (result:int32)-> {[@expl:postcondition] [%#sfinal_borrows2] Int32.to_int result = 9} + [ return' (result:Int32.t)-> {[@expl:postcondition] [%#sfinal_borrows2] Int32.to_int result + = Int128.to_int (9 : Int128.t)} (! return' {result}) ] end @@ -857,7 +870,11 @@ module M_final_borrows__branching [#"final_borrows.rs" 72 0 72 32] let%span sfinal_borrows1 = "final_borrows.rs" 71 10 71 22 let%span sresolve2 = "../../../../creusot-contracts/src/resolve.rs" 41 20 41 34 - use prelude.prelude.Int32 + use prelude.prelude.Int128.to_int + + use prelude.prelude.Int128 + + use prelude.prelude.Int32.to_int use prelude.prelude.Intrinsic @@ -867,29 +884,31 @@ module M_final_borrows__branching [#"final_borrows.rs" 72 0 72 32] use prelude.prelude.Borrow - predicate resolve'1 (self : borrowed int32) = + predicate resolve'1 (self : borrowed Int32.t) = [%#sresolve2] self.final = self.current - predicate resolve'0 (_1 : borrowed int32) = + predicate resolve'0 (_1 : borrowed Int32.t) = resolve'1 _1 meta "compute_max_steps" 1000000 - let rec branching (b:bool) (return' (ret:int32))= (! bb0 + let rec branching (b:bool) (return' (ret:Int32.t))= (! bb0 [ bb0 = s0 - [ s0 = [ &x <- [%#sfinal_borrows0] (3 : int32) ] s1 - | s1 = Borrow.borrow_mut {x} (fun (_ret':borrowed int32) -> [ &r1 <- _ret' ] [ &x <- _ret'.final ] s2) - | s2 = Borrow.borrow_mut {r1.current} - (fun (_ret':borrowed int32) -> [ &r2 <- _ret' ] [ &r1 <- { r1 with current = _ret'.final ; } ] s3) + [ s0 = [ &x <- [%#sfinal_borrows0] (3 : Int32.t) ] s1 + | s1 = Borrow.borrow_mut {x} + (fun (_ret':borrowed Int32.t) -> [ &r1 <- _ret' ] [ &x <- _ret'.final ] s2) + | s2 = Borrow.borrow_mut {r1.current} + (fun (_ret':borrowed Int32.t) -> [ &r2 <- _ret' ] [ &r1 <- { r1 with current = _ret'.final ; } ] s3) | s3 = -{resolve'0 r2}- s4 | s4 = [ &y <- r2.current ] s5 | s5 = any [ br0 -> {b = false} (! bb2) | br1 -> {b} (! bb1) ] ] | bb1 = s0 [ s0 = -{resolve'0 r1}- s1 - | s1 = Borrow.borrow_mut {y} (fun (_ret':borrowed int32) -> [ &_11 <- _ret' ] [ &y <- _ret'.final ] s2) - | s2 = Borrow.borrow_final {_11.current} {Borrow.get_id _11} - (fun (_ret':borrowed int32) -> [ &_10 <- _ret' ] [ &_11 <- { _11 with current = _ret'.final ; } ] s3) + | s1 = Borrow.borrow_mut {y} + (fun (_ret':borrowed Int32.t) -> [ &_11 <- _ret' ] [ &y <- _ret'.final ] s2) + | s2 = Borrow.borrow_final {_11.current} {Borrow.get_id _11} + (fun (_ret':borrowed Int32.t) -> [ &_10 <- _ret' ] [ &_11 <- { _11 with current = _ret'.final ; } ] s3) | s3 = [ &r1 <- _10 ] s4 | s4 = -{resolve'0 _11}- s5 | s5 = -{resolve'0 r1}- s6 @@ -897,8 +916,8 @@ module M_final_borrows__branching [#"final_borrows.rs" 72 0 72 32] | s7 = bb3 ] | bb2 = s0 - [ s0 = Borrow.borrow_final {r1.current} {Borrow.get_id r1} - (fun (_ret':borrowed int32) -> [ &r21 <- _ret' ] [ &r1 <- { r1 with current = _ret'.final ; } ] s1) + [ s0 = Borrow.borrow_final {r1.current} {Borrow.get_id r1} + (fun (_ret':borrowed Int32.t) -> [ &r21 <- _ret' ] [ &r1 <- { r1 with current = _ret'.final ; } ] s1) | s1 = -{resolve'0 r21}- s2 | s2 = -{resolve'0 r1}- s3 | s3 = [ &y <- r21.current ] s4 @@ -906,17 +925,18 @@ module M_final_borrows__branching [#"final_borrows.rs" 72 0 72 32] | bb3 = s0 [ s0 = [ &_0 <- y ] s1 | s1 = return' {_0} ] ] ) - [ & _0 : int32 = any_l () + [ & _0 : Int32.t = any_l () | & b : bool = b - | & x : int32 = any_l () - | & y : int32 = any_l () - | & r1 : borrowed int32 = any_l () - | & r2 : borrowed int32 = any_l () - | & _10 : borrowed int32 = any_l () - | & _11 : borrowed int32 = any_l () - | & r21 : borrowed int32 = any_l () ] + | & x : Int32.t = any_l () + | & y : Int32.t = any_l () + | & r1 : borrowed Int32.t = any_l () + | & r2 : borrowed Int32.t = any_l () + | & _10 : borrowed Int32.t = any_l () + | & _11 : borrowed Int32.t = any_l () + | & r21 : borrowed Int32.t = any_l () ] - [ return' (result:int32)-> {[@expl:postcondition] [%#sfinal_borrows1] Int32.to_int result = 3} + [ return' (result:Int32.t)-> {[@expl:postcondition] [%#sfinal_borrows1] Int32.to_int result + = Int128.to_int (3 : Int128.t)} (! return' {result}) ] end @@ -1323,7 +1343,11 @@ module M_final_borrows__box_reborrow_in_struct [#"final_borrows.rs" 130 0 130 66 let%span sfinal_borrows1 = "final_borrows.rs" 129 10 129 22 let%span sresolve2 = "../../../../creusot-contracts/src/resolve.rs" 41 20 41 34 - use prelude.prelude.Int32 + use prelude.prelude.Int128.to_int + + use prelude.prelude.Int128 + + use prelude.prelude.Int32.to_int use prelude.prelude.Intrinsic @@ -1333,33 +1357,33 @@ module M_final_borrows__box_reborrow_in_struct [#"final_borrows.rs" 130 0 130 66 use prelude.prelude.Borrow - predicate resolve'3 (self : borrowed (int32, borrowed int32)) = + predicate resolve'3 (self : borrowed (Int32.t, borrowed Int32.t)) = [%#sresolve2] self.final = self.current - predicate resolve'1 (_1 : borrowed (int32, borrowed int32)) = + predicate resolve'1 (_1 : borrowed (Int32.t, borrowed Int32.t)) = resolve'3 _1 - predicate resolve'2 (self : borrowed int32) = + predicate resolve'2 (self : borrowed Int32.t) = [%#sresolve2] self.final = self.current - predicate resolve'0 (_1 : borrowed int32) = + predicate resolve'0 (_1 : borrowed Int32.t) = resolve'2 _1 meta "compute_max_steps" 1000000 - let rec box_reborrow_in_struct (x:borrowed (int32, borrowed int32)) (return' (ret:int32))= {[%#sfinal_borrows0] Int32.to_int (let (_, a) = x.current in a).current - = 3} + let rec box_reborrow_in_struct (x:borrowed (Int32.t, borrowed Int32.t)) (return' (ret:Int32.t))= {[%#sfinal_borrows0] Int32.to_int (let (_, a) = x.current in a).current + = Int128.to_int (3 : Int128.t)} (! bb0 [ bb0 = s0 - [ s0 = Borrow.borrow_mut {(let (_, r'0) = x.current in r'0).current} - (fun (_ret':borrowed int32) -> + [ s0 = Borrow.borrow_mut {(let (_, r'0) = x.current in r'0).current} + (fun (_ret':borrowed Int32.t) -> [ &_5 <- _ret' ] [ &x <- { x with current = (let (r'1, _) = x.current in (r'1, { (let (_, r'0) = x.current in r'0) with current = _ret'.final ; })) ; } ] s1) - | s1 = Borrow.borrow_final {_5.current} {Borrow.get_id _5} - (fun (_ret':borrowed int32) -> [ &borrow <- _ret' ] [ &_5 <- { _5 with current = _ret'.final ; } ] s2) + | s1 = Borrow.borrow_final {_5.current} {Borrow.get_id _5} + (fun (_ret':borrowed Int32.t) -> [ &borrow <- _ret' ] [ &_5 <- { _5 with current = _ret'.final ; } ] s2) | s2 = -{resolve'0 _5}- s3 | s3 = -{resolve'0 borrow}- s4 | s4 = [ &_0 <- borrow.current ] s5 @@ -1367,12 +1391,13 @@ module M_final_borrows__box_reborrow_in_struct [#"final_borrows.rs" 130 0 130 66 | s6 = return' {_0} ] ] ) - [ & _0 : int32 = any_l () - | & x : borrowed (int32, borrowed int32) = x - | & borrow : borrowed int32 = any_l () - | & _5 : borrowed int32 = any_l () ] + [ & _0 : Int32.t = any_l () + | & x : borrowed (Int32.t, borrowed Int32.t) = x + | & borrow : borrowed Int32.t = any_l () + | & _5 : borrowed Int32.t = any_l () ] - [ return' (result:int32)-> {[@expl:postcondition] [%#sfinal_borrows1] Int32.to_int result = 3} + [ return' (result:Int32.t)-> {[@expl:postcondition] [%#sfinal_borrows1] Int32.to_int result + = Int128.to_int (3 : Int128.t)} (! return' {result}) ] end @@ -1472,7 +1497,11 @@ module M_final_borrows__borrow_in_box_tuple_1 [#"final_borrows.rs" 142 0 142 60] let%span sresolve3 = "../../../../creusot-contracts/src/resolve.rs" 55 8 55 23 let%span sresolve4 = "../../../../creusot-contracts/src/resolve.rs" 27 8 27 44 - use prelude.prelude.Int32 + use prelude.prelude.Int128.to_int + + use prelude.prelude.Int128 + + use prelude.prelude.Int32.to_int use prelude.prelude.Intrinsic @@ -1482,41 +1511,41 @@ module M_final_borrows__borrow_in_box_tuple_1 [#"final_borrows.rs" 142 0 142 60] use prelude.prelude.Borrow - predicate resolve'2 (self : borrowed int32) = + predicate resolve'2 (self : borrowed Int32.t) = [%#sresolve2] self.final = self.current - predicate resolve'0 (_1 : borrowed int32) = + predicate resolve'0 (_1 : borrowed Int32.t) = resolve'2 _1 - predicate resolve'6 (_1 : int32) = + predicate resolve'6 (_1 : Int32.t) = true - predicate resolve'5 (self : (int32, borrowed int32)) = + predicate resolve'5 (self : (Int32.t, borrowed Int32.t)) = [%#sresolve4] resolve'6 (let (a, _) = self in a) /\ resolve'0 (let (_, a) = self in a) - predicate resolve'4 (_1 : (int32, borrowed int32)) = + predicate resolve'4 (_1 : (Int32.t, borrowed Int32.t)) = resolve'5 _1 - predicate resolve'3 (self : (int32, borrowed int32)) = + predicate resolve'3 (self : (Int32.t, borrowed Int32.t)) = [%#sresolve3] resolve'4 self - predicate resolve'1 (_1 : (int32, borrowed int32)) = + predicate resolve'1 (_1 : (Int32.t, borrowed Int32.t)) = resolve'3 _1 meta "compute_max_steps" 1000000 - let rec borrow_in_box_tuple_1 (x:(int32, borrowed int32)) (return' (ret:int32))= {[%#sfinal_borrows0] Int32.to_int (let (_, a) = x in a).current - = 2} + let rec borrow_in_box_tuple_1 (x:(Int32.t, borrowed Int32.t)) (return' (ret:Int32.t))= {[%#sfinal_borrows0] Int32.to_int (let (_, a) = x in a).current + = Int128.to_int (2 : Int128.t)} (! bb0 [ bb0 = bb1 | bb1 = s0 - [ s0 = Borrow.borrow_final {(let (_, r'0) = x in r'0).current} {Borrow.get_id (let (_, r'0) = x in r'0)} - (fun (_ret':borrowed int32) -> + [ s0 = Borrow.borrow_final {(let (_, r'0) = x in r'0).current} {Borrow.get_id (let (_, r'0) = x in r'0)} + (fun (_ret':borrowed Int32.t) -> [ &_5 <- _ret' ] [ &x <- let (r'1, _) = x in (r'1, { (let (_, r'0) = x in r'0) with current = _ret'.final ; }) ] s1) - | s1 = Borrow.borrow_final {_5.current} {Borrow.get_id _5} - (fun (_ret':borrowed int32) -> [ &borrow <- _ret' ] [ &_5 <- { _5 with current = _ret'.final ; } ] s2) + | s1 = Borrow.borrow_final {_5.current} {Borrow.get_id _5} + (fun (_ret':borrowed Int32.t) -> [ &borrow <- _ret' ] [ &_5 <- { _5 with current = _ret'.final ; } ] s2) | s2 = -{resolve'0 _5}- s3 | s3 = -{resolve'0 borrow}- s4 | s4 = [ &_0 <- borrow.current ] s5 @@ -1525,12 +1554,13 @@ module M_final_borrows__borrow_in_box_tuple_1 [#"final_borrows.rs" 142 0 142 60] | bb2 = return' {_0} ] ) - [ & _0 : int32 = any_l () - | & x : (int32, borrowed int32) = x - | & borrow : borrowed int32 = any_l () - | & _5 : borrowed int32 = any_l () ] + [ & _0 : Int32.t = any_l () + | & x : (Int32.t, borrowed Int32.t) = x + | & borrow : borrowed Int32.t = any_l () + | & _5 : borrowed Int32.t = any_l () ] - [ return' (result:int32)-> {[@expl:postcondition] [%#sfinal_borrows1] Int32.to_int result = 2} + [ return' (result:Int32.t)-> {[@expl:postcondition] [%#sfinal_borrows1] Int32.to_int result + = Int128.to_int (2 : Int128.t)} (! return' {result}) ] end @@ -1541,7 +1571,11 @@ module M_final_borrows__borrow_in_box_tuple_2 [#"final_borrows.rs" 149 0 149 60] let%span sresolve3 = "../../../../creusot-contracts/src/resolve.rs" 27 8 27 44 let%span sresolve4 = "../../../../creusot-contracts/src/resolve.rs" 55 8 55 23 - use prelude.prelude.Int32 + use prelude.prelude.Int128.to_int + + use prelude.prelude.Int128 + + use prelude.prelude.Int32.to_int use prelude.prelude.Intrinsic @@ -1551,41 +1585,41 @@ module M_final_borrows__borrow_in_box_tuple_2 [#"final_borrows.rs" 149 0 149 60] use prelude.prelude.Borrow - predicate resolve'2 (self : borrowed int32) = + predicate resolve'2 (self : borrowed Int32.t) = [%#sresolve2] self.final = self.current - predicate resolve'0 (_1 : borrowed int32) = + predicate resolve'0 (_1 : borrowed Int32.t) = resolve'2 _1 - predicate resolve'6 (self : borrowed int32) = + predicate resolve'6 (self : borrowed Int32.t) = [%#sresolve4] resolve'0 self - predicate resolve'5 (_1 : borrowed int32) = + predicate resolve'5 (_1 : borrowed Int32.t) = resolve'6 _1 - predicate resolve'4 (_1 : int32) = + predicate resolve'4 (_1 : Int32.t) = true - predicate resolve'3 (self : (int32, borrowed int32)) = + predicate resolve'3 (self : (Int32.t, borrowed Int32.t)) = [%#sresolve3] resolve'4 (let (a, _) = self in a) /\ resolve'5 (let (_, a) = self in a) - predicate resolve'1 (_1 : (int32, borrowed int32)) = + predicate resolve'1 (_1 : (Int32.t, borrowed Int32.t)) = resolve'3 _1 meta "compute_max_steps" 1000000 - let rec borrow_in_box_tuple_2 (x:(int32, borrowed int32)) (return' (ret:int32))= {[%#sfinal_borrows0] Int32.to_int (let (_, a) = x in a).current - = 2} + let rec borrow_in_box_tuple_2 (x:(Int32.t, borrowed Int32.t)) (return' (ret:Int32.t))= {[%#sfinal_borrows0] Int32.to_int (let (_, a) = x in a).current + = Int128.to_int (2 : Int128.t)} (! bb0 [ bb0 = bb1 | bb1 = s0 - [ s0 = Borrow.borrow_final {(let (_, r'0) = x in r'0).current} {Borrow.get_id (let (_, r'0) = x in r'0)} - (fun (_ret':borrowed int32) -> + [ s0 = Borrow.borrow_final {(let (_, r'0) = x in r'0).current} {Borrow.get_id (let (_, r'0) = x in r'0)} + (fun (_ret':borrowed Int32.t) -> [ &_5 <- _ret' ] [ &x <- let (r'1, _) = x in (r'1, { (let (_, r'0) = x in r'0) with current = _ret'.final ; }) ] s1) - | s1 = Borrow.borrow_final {_5.current} {Borrow.get_id _5} - (fun (_ret':borrowed int32) -> [ &borrow <- _ret' ] [ &_5 <- { _5 with current = _ret'.final ; } ] s2) + | s1 = Borrow.borrow_final {_5.current} {Borrow.get_id _5} + (fun (_ret':borrowed Int32.t) -> [ &borrow <- _ret' ] [ &_5 <- { _5 with current = _ret'.final ; } ] s2) | s2 = -{resolve'0 _5}- s3 | s3 = -{resolve'0 borrow}- s4 | s4 = [ &_0 <- borrow.current ] s5 @@ -1594,12 +1628,13 @@ module M_final_borrows__borrow_in_box_tuple_2 [#"final_borrows.rs" 149 0 149 60] | bb2 = return' {_0} ] ) - [ & _0 : int32 = any_l () - | & x : (int32, borrowed int32) = x - | & borrow : borrowed int32 = any_l () - | & _5 : borrowed int32 = any_l () ] + [ & _0 : Int32.t = any_l () + | & x : (Int32.t, borrowed Int32.t) = x + | & borrow : borrowed Int32.t = any_l () + | & _5 : borrowed Int32.t = any_l () ] - [ return' (result:int32)-> {[@expl:postcondition] [%#sfinal_borrows1] Int32.to_int result = 2} + [ return' (result:Int32.t)-> {[@expl:postcondition] [%#sfinal_borrows1] Int32.to_int result + = Int128.to_int (2 : Int128.t)} (! return' {result}) ] end @@ -1899,32 +1934,32 @@ module M_final_borrows__shallow_borrow_no_gen [#"final_borrows.rs" 191 0 191 49] use prelude.prelude.Borrow - predicate resolve'1 (self : borrowed (Option'0.t_Option int32)) = + predicate resolve'1 (self : borrowed (Option'0.t_Option Int32.t)) = [%#sresolve2] self.final = self.current - predicate resolve'0 (_1 : borrowed (Option'0.t_Option int32)) = + predicate resolve'0 (_1 : borrowed (Option'0.t_Option Int32.t)) = resolve'1 _1 meta "compute_max_steps" 1000000 - let rec shallow_borrow_no_gen (x:borrowed (Option'0.t_Option int32)) (return' (ret:()))= (! bb0 + let rec shallow_borrow_no_gen (x:borrowed (Option'0.t_Option Int32.t)) (return' (ret:()))= (! bb0 [ bb0 = s0 - [ s0 = Borrow.borrow_final {x.current} {Borrow.get_id x} - (fun (_ret':borrowed (Option'0.t_Option int32)) -> + [ s0 = Borrow.borrow_final {x.current} {Borrow.get_id x} + (fun (_ret':borrowed (Option'0.t_Option Int32.t)) -> [ &_r <- _ret' ] [ &x <- { x with current = _ret'.final ; } ] s1) | s1 = -{resolve'0 _r}- s2 | s2 = any - [ br0 -> {x.current = Option'0.C_None } (! bb7) | br1 (a:int32)-> {x.current = Option'0.C_Some a} (! bb2) ] + [ br0 -> {x.current = Option'0.C_None } (! bb7) | br1 (a:Int32.t)-> {x.current = Option'0.C_Some a} (! bb2) ] ] | bb7 = s0 [ s0 = -{resolve'0 x}- s1 | s1 = bb1 ] | bb2 = bb3 | bb3 = s0 - [ s0 = Option'0.v_Some {x.current} (fun (r0'0:int32) -> [ &inner <- r0'0 ] s1) + [ s0 = Option'0.v_Some {x.current} (fun (r0'0:Int32.t) -> [ &inner <- r0'0 ] s1) | s1 = [ &inner1 <- inner ] s2 - | s2 = Int32.eq {inner1} {[%#sfinal_borrows0] (2 : int32)} (fun (_ret':bool) -> [ &_8 <- _ret' ] s3) + | s2 = Int32.eq {inner1} {[%#sfinal_borrows0] (2 : Int32.t)} (fun (_ret':bool) -> [ &_8 <- _ret' ] s3) | s3 = any [ br0 -> {_8 = false} (! bb5) | br1 -> {_8} (! bb4) ] ] | bb4 = s0 [ s0 = -{resolve'0 x}- s1 | s1 = {[@expl:assertion] [%#sfinal_borrows1] _r = x} s2 | s2 = bb6 ] @@ -1933,10 +1968,10 @@ module M_final_borrows__shallow_borrow_no_gen [#"final_borrows.rs" 191 0 191 49] | bb6 = return' {_0} ] ) [ & _0 : () = any_l () - | & x : borrowed (Option'0.t_Option int32) = x - | & _r : borrowed (Option'0.t_Option int32) = any_l () - | & inner : int32 = any_l () - | & inner1 : int32 = any_l () + | & x : borrowed (Option'0.t_Option Int32.t) = x + | & _r : borrowed (Option'0.t_Option Int32.t) = any_l () + | & inner : Int32.t = any_l () + | & inner1 : Int32.t = any_l () | & _8 : bool = any_l () ] [ return' (result:())-> (! return' {result}) ] end @@ -1972,12 +2007,16 @@ module M_final_borrows__index_mut_slice [#"final_borrows.rs" 208 0 208 48] use seq.Seq + use prelude.prelude.Int128.to_int + + use prelude.prelude.Int128 + use prelude.prelude.Int use seq.Seq predicate invariant'3 (self : Seq.seq t) = - [%#sseq13] forall i : int . 0 <= i /\ i < Seq.length self -> inv'5 (Seq.get self i) + [%#sseq13] forall i : int . Int128.to_int (0 : Int128.t) <= i /\ i < Seq.length self -> inv'5 (Seq.get self i) predicate inv'4 (_1 : Seq.seq t) @@ -1987,16 +2026,16 @@ module M_final_borrows__index_mut_slice [#"final_borrows.rs" 208 0 208 48] use prelude.prelude.Slice - use prelude.prelude.UIntSize + use prelude.prelude.UInt64.to_uint - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 - constant v_MAX'0 : usize = (18446744073709551615 : usize) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) function view'1 (self : slice t) : Seq.seq t axiom view'1_spec : forall self : slice t . ([%#sslice10] view'1 self = Slice.id self) - && ([%#sslice9] Seq.length (view'1 self) <= UIntSize.to_int (v_MAX'0 : usize)) + && ([%#sslice9] Seq.length (view'1 self) <= UInt64.to_int (v_MAX'0 : UInt64.t)) predicate invariant'2 (self : slice t) = [%#sslice12] inv'4 (view'1 self) @@ -2046,12 +2085,12 @@ module M_final_borrows__index_mut_slice [#"final_borrows.rs" 208 0 208 48] meta "compute_max_steps" 1000000 let rec index_mut_slice (v:borrowed (slice t)) (return' (ret:borrowed t))= {[%#sfinal_borrows3] inv'2 v} - {[%#sfinal_borrows2] Seq.length (view'0 v) = 42} + {[%#sfinal_borrows2] Seq.length (view'0 v) = Int128.to_int (42 : Int128.t)} (! bb0 [ bb0 = s0 - [ s0 = [ &_6 <- [%#sfinal_borrows0] (12 : usize) ] s1 + [ s0 = [ &_6 <- [%#sfinal_borrows0] (12 : UInt64.t) ] s1 | s1 = [ &_7 <- Slice.length v.current ] s2 - | s2 = UIntSize.lt {_6} {_7} (fun (_ret':bool) -> [ &_8 <- _ret' ] s3) + | s2 = UInt64.lt {_6} {_7} (fun (_ret':bool) -> [ &_8 <- _ret' ] s3) | s3 = {[@expl:index in bounds] [%#sfinal_borrows1] _8} s4 | s4 = bb1 ] @@ -2092,13 +2131,13 @@ module M_final_borrows__index_mut_slice [#"final_borrows.rs" 208 0 208 48] | & v : borrowed (slice t) = v | & _2 : borrowed t = any_l () | & _5 : borrowed t = any_l () - | & _6 : usize = any_l () - | & _7 : usize = any_l () + | & _6 : UInt64.t = any_l () + | & _7 : UInt64.t = any_l () | & _8 : bool = any_l () ] [ return' (result:borrowed t)-> {[@expl:postcondition] [%#sfinal_borrows5] inv'1 result} {[@expl:postcondition] [%#sfinal_borrows4] result - = Borrow.borrow_logic (index_logic'0 v.current 12) (index_logic'0 v.final 12) (Borrow.inherit_id (Borrow.get_id v) 12)} + = Borrow.borrow_logic (index_logic'0 v.current (Int128.to_int (12 : Int128.t))) (index_logic'0 v.final (Int128.to_int (12 : Int128.t))) (Borrow.inherit_id (Borrow.get_id v) (Int128.to_int (12 : Int128.t)))} (! return' {result}) ] end @@ -2132,12 +2171,16 @@ module M_final_borrows__index_mut_array [#"final_borrows.rs" 214 0 214 52] use seq.Seq + use prelude.prelude.Int128.to_int + + use prelude.prelude.Int128 + use prelude.prelude.Int use seq.Seq predicate invariant'3 (self : Seq.seq t) = - [%#sseq11] forall i : int . 0 <= i /\ i < Seq.length self -> inv'5 (Seq.get self i) + [%#sseq11] forall i : int . Int128.to_int (0 : Int128.t) <= i /\ i < Seq.length self -> inv'5 (Seq.get self i) predicate inv'4 (_1 : Seq.seq t) @@ -2172,12 +2215,12 @@ module M_final_borrows__index_mut_array [#"final_borrows.rs" 214 0 214 52] use seq.Seq - use prelude.prelude.UIntSize + use prelude.prelude.UInt64.to_uint - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 - function index_logic'0 [@inline:trivial] (self : array t) (ix : usize) : t = - [%#sops7] Seq.get (Slice.id self) (UIntSize.to_int ix) + function index_logic'0 [@inline:trivial] (self : array t) (ix : UInt64.t) : t = + [%#sops7] Seq.get (Slice.id self) (UInt64.to_int ix) function view'0 (self : borrowed (array t)) : Seq.seq t = [%#smodel6] Slice.id self.current @@ -2199,12 +2242,12 @@ module M_final_borrows__index_mut_array [#"final_borrows.rs" 214 0 214 52] meta "compute_max_steps" 1000000 let rec index_mut_array (v:borrowed (array t)) (return' (ret:borrowed t))= {[%#sfinal_borrows3] inv'2 v} - {[%#sfinal_borrows2] Seq.length (view'0 v) = 31} + {[%#sfinal_borrows2] Seq.length (view'0 v) = Int128.to_int (31 : Int128.t)} (! bb0 [ bb0 = s0 - [ s0 = [ &_6 <- [%#sfinal_borrows0] (12 : usize) ] s1 + [ s0 = [ &_6 <- [%#sfinal_borrows0] (12 : UInt64.t) ] s1 | s1 = [ &_7 <- Slice.length v.current ] s2 - | s2 = UIntSize.lt {_6} {_7} (fun (_ret':bool) -> [ &_8 <- _ret' ] s3) + | s2 = UInt64.lt {_6} {_7} (fun (_ret':bool) -> [ &_8 <- _ret' ] s3) | s3 = {[@expl:index in bounds] [%#sfinal_borrows1] _8} s4 | s4 = bb1 ] @@ -2245,13 +2288,13 @@ module M_final_borrows__index_mut_array [#"final_borrows.rs" 214 0 214 52] | & v : borrowed (array t) = v | & _2 : borrowed t = any_l () | & _5 : borrowed t = any_l () - | & _6 : usize = any_l () - | & _7 : usize = any_l () + | & _6 : UInt64.t = any_l () + | & _7 : UInt64.t = any_l () | & _8 : bool = any_l () ] [ return' (result:borrowed t)-> {[@expl:postcondition] [%#sfinal_borrows5] inv'1 result} {[@expl:postcondition] [%#sfinal_borrows4] result - = Borrow.borrow_logic (index_logic'0 v.current (12 : usize)) (index_logic'0 v.final (12 : usize)) (Borrow.inherit_id (Borrow.get_id v) (12 : usize))} + = Borrow.borrow_logic (index_logic'0 v.current (12 : UInt64.t)) (index_logic'0 v.final (12 : UInt64.t)) (Borrow.inherit_id (Borrow.get_id v) (12 : UInt64.t))} (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/swap_borrows.coma b/creusot/tests/should_succeed/swap_borrows.coma index 077c13fa8d..f7d55e7d28 100644 --- a/creusot/tests/should_succeed/swap_borrows.coma +++ b/creusot/tests/should_succeed/swap_borrows.coma @@ -45,21 +45,21 @@ module M_swap_borrows__f [#"swap_borrows.rs" 10 0 10 10] use prelude.prelude.Borrow - predicate inv'0 (_1 : (borrowed uint32, borrowed uint32)) + predicate inv'0 (_1 : (borrowed UInt32.t, borrowed UInt32.t)) - axiom inv_axiom'0 [@rewrite] : forall x : (borrowed uint32, borrowed uint32) [inv'0 x] . inv'0 x = true + axiom inv_axiom'0 [@rewrite] : forall x : (borrowed UInt32.t, borrowed UInt32.t) [inv'0 x] . inv'0 x = true use prelude.prelude.Intrinsic - predicate resolve'1 (self : borrowed uint32) = + predicate resolve'1 (self : borrowed UInt32.t) = [%#sresolve8] self.final = self.current - predicate resolve'0 (_1 : borrowed uint32) = + predicate resolve'0 (_1 : borrowed UInt32.t) = resolve'1 _1 - let rec swap'0 (x:(borrowed uint32, borrowed uint32)) (return' (ret:(borrowed uint32, borrowed uint32)))= {[@expl:precondition] [%#sswap_borrows5] inv'0 x} + let rec swap'0 (x:(borrowed UInt32.t, borrowed UInt32.t)) (return' (ret:(borrowed UInt32.t, borrowed UInt32.t)))= {[@expl:precondition] [%#sswap_borrows5] inv'0 x} any - [ return' (result:(borrowed uint32, borrowed uint32))-> {[%#sswap_borrows7] inv'0 result} + [ return' (result:(borrowed UInt32.t, borrowed UInt32.t))-> {[%#sswap_borrows7] inv'0 result} {[%#sswap_borrows6] result = ((let (_, a) = x in a), (let (a, _) = x in a))} (! return' {result}) ] @@ -68,15 +68,17 @@ module M_swap_borrows__f [#"swap_borrows.rs" 10 0 10 10] let rec f (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 - [ s0 = [ &_3 <- (([%#sswap_borrows0] (0 : uint32)), ([%#sswap_borrows1] (0 : uint32))) ] s1 + [ s0 = [ &_3 <- (([%#sswap_borrows0] (0 : UInt32.t)), ([%#sswap_borrows1] (0 : UInt32.t))) ] s1 | s1 = [ &a <- let (r'0, _) = _3 in r'0 ] s2 | s2 = [ &b <- let (_, r'1) = _3 in r'1 ] s3 - | s3 = Borrow.borrow_mut {a} (fun (_ret':borrowed uint32) -> [ &_6 <- _ret' ] [ &a <- _ret'.final ] s4) - | s4 = Borrow.borrow_mut {b} (fun (_ret':borrowed uint32) -> [ &_8 <- _ret' ] [ &b <- _ret'.final ] s5) - | s5 = Borrow.borrow_final {_8.current} {Borrow.get_id _8} - (fun (_ret':borrowed uint32) -> [ &_7 <- _ret' ] [ &_8 <- { _8 with current = _ret'.final ; } ] s6) + | s3 = Borrow.borrow_mut {a} + (fun (_ret':borrowed UInt32.t) -> [ &_6 <- _ret' ] [ &a <- _ret'.final ] s4) + | s4 = Borrow.borrow_mut {b} + (fun (_ret':borrowed UInt32.t) -> [ &_8 <- _ret' ] [ &b <- _ret'.final ] s5) + | s5 = Borrow.borrow_final {_8.current} {Borrow.get_id _8} + (fun (_ret':borrowed UInt32.t) -> [ &_7 <- _ret' ] [ &_8 <- { _8 with current = _ret'.final ; } ] s6) | s6 = [ &_5 <- (_6, _7) ] s7 - | s7 = swap'0 {_5} (fun (_ret':(borrowed uint32, borrowed uint32)) -> [ &p <- _ret' ] s8) + | s7 = swap'0 {_5} (fun (_ret':(borrowed UInt32.t, borrowed UInt32.t)) -> [ &p <- _ret' ] s8) | s8 = bb1 ] | bb1 = s0 @@ -87,7 +89,7 @@ module M_swap_borrows__f [#"swap_borrows.rs" 10 0 10 10] s1 | s1 = -{resolve'0 _8}- s2 | s2 = - [ &p <- let (_, r'2) = p in ({ (let (r'0, _) = p in r'0) with current = ([%#sswap_borrows2] (10 : uint32)) ; }, r'2) ] + [ &p <- let (_, r'2) = p in ({ (let (r'0, _) = p in r'0) with current = ([%#sswap_borrows2] (10 : UInt32.t)) ; }, r'2) ] s3 | s3 = -{match p with @@ -95,19 +97,19 @@ module M_swap_borrows__f [#"swap_borrows.rs" 10 0 10 10] | _ -> true end}- s4 - | s4 = {[@expl:assertion] [%#sswap_borrows3] b = (10 : uint32)} s5 - | s5 = {[@expl:assertion] [%#sswap_borrows4] a = (0 : uint32)} s6 + | s4 = {[@expl:assertion] [%#sswap_borrows3] b = (10 : UInt32.t)} s5 + | s5 = {[@expl:assertion] [%#sswap_borrows4] a = (0 : UInt32.t)} s6 | s6 = return' {_0} ] ] ) [ & _0 : () = any_l () - | & a : uint32 = any_l () - | & b : uint32 = any_l () - | & _3 : (uint32, uint32) = any_l () - | & p : (borrowed uint32, borrowed uint32) = any_l () - | & _5 : (borrowed uint32, borrowed uint32) = any_l () - | & _6 : borrowed uint32 = any_l () - | & _7 : borrowed uint32 = any_l () - | & _8 : borrowed uint32 = any_l () ] + | & a : UInt32.t = any_l () + | & b : UInt32.t = any_l () + | & _3 : (UInt32.t, UInt32.t) = any_l () + | & p : (borrowed UInt32.t, borrowed UInt32.t) = any_l () + | & _5 : (borrowed UInt32.t, borrowed UInt32.t) = any_l () + | & _6 : borrowed UInt32.t = any_l () + | & _7 : borrowed UInt32.t = any_l () + | & _8 : borrowed UInt32.t = any_l () ] [ return' (result:())-> (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/vector/04_binary_search.coma b/creusot/tests/should_succeed/vector/04_binary_search.coma index 05ff89976f..2fef9b876e 100644 --- a/creusot/tests/should_succeed/vector/04_binary_search.coma +++ b/creusot/tests/should_succeed/vector/04_binary_search.coma @@ -29,15 +29,15 @@ module T_core__ptr__unique__Unique end module T_alloc__raw_vec__Cap - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 use prelude.prelude.Int type t_Cap = - | C_Cap usize + | C_Cap UInt64.t - let rec t_Cap (input:t_Cap) (ret (field_0:usize))= any - [ good (field_0:usize)-> {C_Cap field_0 = input} (! ret {field_0}) ] + let rec t_Cap (input:t_Cap) (ret (field_0:UInt64.t))= any + [ good (field_0:UInt64.t)-> {C_Cap field_0 = input} (! ret {field_0}) ] end module T_alloc__raw_vec__RawVec @@ -54,17 +54,17 @@ module T_alloc__raw_vec__RawVec end module T_alloc__vec__Vec - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 use prelude.prelude.Int use T_alloc__raw_vec__RawVec as RawVec'0 type t_Vec 't 'a = - | C_Vec (RawVec'0.t_RawVec 't 'a) usize + | C_Vec (RawVec'0.t_RawVec 't 'a) UInt64.t - let rec t_Vec < 't > < 'a > (input:t_Vec 't 'a) (ret (buf:RawVec'0.t_RawVec 't 'a) (len:usize))= any - [ good (buf:RawVec'0.t_RawVec 't 'a) (len:usize)-> {C_Vec buf len = input} (! ret {buf} {len}) ] + let rec t_Vec < 't > < 'a > (input:t_Vec 't 'a) (ret (buf:RawVec'0.t_RawVec 't 'a) (len:UInt64.t))= any + [ good (buf:RawVec'0.t_RawVec 't 'a) (len:UInt64.t)-> {C_Vec buf len = input} (! ret {buf} {len}) ] end module T_core__result__Result @@ -95,8 +95,8 @@ module M_04_binary_search__binary_search [#"04_binary_search.rs" 26 0 26 71] let%span s04_binary_search3 = "04_binary_search.rs" 33 16 33 56 let%span s04_binary_search4 = "04_binary_search.rs" 33 4 33 58 let%span s04_binary_search5 = "04_binary_search.rs" 36 17 36 18 - let%span s04_binary_search6 = "04_binary_search.rs" 37 26 37 27 - let%span s04_binary_search7 = "04_binary_search.rs" 37 19 37 27 + let%span s04_binary_search6 = "04_binary_search.rs" 37 19 37 27 + let%span s04_binary_search7 = "04_binary_search.rs" 37 26 37 27 let%span s04_binary_search8 = "04_binary_search.rs" 48 19 48 20 let%span s04_binary_search9 = "04_binary_search.rs" 19 11 19 36 let%span s04_binary_search10 = "04_binary_search.rs" 20 11 20 23 @@ -120,112 +120,117 @@ module M_04_binary_search__binary_search [#"04_binary_search.rs" 26 0 26 71] use prelude.prelude.Borrow - predicate inv'2 (_1 : uint32) + predicate inv'2 (_1 : UInt32.t) - axiom inv_axiom'2 [@rewrite] : forall x : uint32 [inv'2 x] . inv'2 x = true + axiom inv_axiom'2 [@rewrite] : forall x : UInt32.t [inv'2 x] . inv'2 x = true - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 - predicate inv'1 (_1 : usize) + predicate inv'1 (_1 : UInt64.t) - axiom inv_axiom'1 [@rewrite] : forall x : usize [inv'1 x] . inv'1 x = true + axiom inv_axiom'1 [@rewrite] : forall x : UInt64.t [inv'1 x] . inv'1 x = true use T_alloc__alloc__Global as Global'0 use T_alloc__vec__Vec as Vec'0 - predicate inv'0 (_1 : Vec'0.t_Vec uint32 (Global'0.t_Global)) + predicate inv'0 (_1 : Vec'0.t_Vec UInt32.t (Global'0.t_Global)) - axiom inv_axiom'0 [@rewrite] : forall x : Vec'0.t_Vec uint32 (Global'0.t_Global) [inv'0 x] . inv'0 x = true + axiom inv_axiom'0 [@rewrite] : forall x : Vec'0.t_Vec UInt32.t (Global'0.t_Global) [inv'0 x] . inv'0 x = true use seq.Seq use seq.Seq - predicate sorted_range'0 [#"04_binary_search.rs" 8 0 8 52] (s : Seq.seq uint32) (l : int) (u : int) = + predicate sorted_range'0 [#"04_binary_search.rs" 8 0 8 52] (s : Seq.seq UInt32.t) (l : int) (u : int) = [%#s04_binary_search23] forall i : int, j : int . l <= i /\ i < j /\ j < u -> Seq.get s i <= Seq.get s j use seq.Seq - predicate sorted'0 [#"04_binary_search.rs" 15 0 15 30] (s : Seq.seq uint32) = - [%#s04_binary_search19] sorted_range'0 s 0 (Seq.length s) + use prelude.prelude.Int128.to_int - constant v_MAX'0 : usize = (18446744073709551615 : usize) + use prelude.prelude.Int128 + + predicate sorted'0 [#"04_binary_search.rs" 15 0 15 30] (s : Seq.seq UInt32.t) = + [%#s04_binary_search19] sorted_range'0 s (Int128.to_int (0 : Int128.t)) (Seq.length s) + + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) use prelude.prelude.Intrinsic - use prelude.prelude.UIntSize + use prelude.prelude.UInt64.to_uint - predicate has_value'0 [@inline:trivial] (self : usize) (seq : Seq.seq uint32) (out : uint32) = - [%#sslice22] Seq.get seq (UIntSize.to_int self) = out + predicate has_value'0 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq UInt32.t) (out : UInt32.t) = + [%#sslice22] Seq.get seq (UInt64.to_int self) = out - predicate in_bounds'0 [@inline:trivial] (self : usize) (seq : Seq.seq uint32) = - [%#sslice21] UIntSize.to_int self < Seq.length seq + predicate in_bounds'0 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq UInt32.t) = + [%#sslice21] UInt64.to_int self < Seq.length seq - function view'1 (self : Vec'0.t_Vec uint32 (Global'0.t_Global)) : Seq.seq uint32 + function view'1 (self : Vec'0.t_Vec UInt32.t (Global'0.t_Global)) : Seq.seq UInt32.t - axiom view'1_spec : forall self : Vec'0.t_Vec uint32 (Global'0.t_Global) . [%#svec20] Seq.length (view'1 self) - <= UIntSize.to_int (v_MAX'0 : usize) + axiom view'1_spec : forall self : Vec'0.t_Vec UInt32.t (Global'0.t_Global) . [%#svec20] Seq.length (view'1 self) + <= UInt64.to_int (v_MAX'0 : UInt64.t) - function view'0 (self : Vec'0.t_Vec uint32 (Global'0.t_Global)) : Seq.seq uint32 = + function view'0 (self : Vec'0.t_Vec UInt32.t (Global'0.t_Global)) : Seq.seq UInt32.t = [%#smodel15] view'1 self - let rec index'0 (self:Vec'0.t_Vec uint32 (Global'0.t_Global)) (index:usize) (return' (ret:uint32))= {[@expl:precondition] inv'1 index} + let rec index'0 (self:Vec'0.t_Vec UInt32.t (Global'0.t_Global)) (index:UInt64.t) (return' (ret:UInt32.t))= {[@expl:precondition] inv'1 index} {[@expl:precondition] inv'0 self} {[@expl:precondition] [%#svec17] in_bounds'0 index (view'0 self)} any - [ return' (result:uint32)-> {inv'2 result} + [ return' (result:UInt32.t)-> {inv'2 result} {[%#svec18] has_value'0 index (view'0 self) result} (! return' {result}) ] - function index_logic'0 [@inline:trivial] (self : Vec'0.t_Vec uint32 (Global'0.t_Global)) (ix : int) : uint32 = + function index_logic'0 [@inline:trivial] (self : Vec'0.t_Vec UInt32.t (Global'0.t_Global)) (ix : int) : UInt32.t = [%#sops16] Seq.get (view'1 self) ix use T_core__result__Result as Result'0 - let rec len'0 (self:Vec'0.t_Vec uint32 (Global'0.t_Global)) (return' (ret:usize))= {[@expl:precondition] inv'0 self} + let rec len'0 (self:Vec'0.t_Vec UInt32.t (Global'0.t_Global)) (return' (ret:UInt64.t))= {[@expl:precondition] inv'0 self} any - [ return' (result:usize)-> {[%#svec14] UIntSize.to_int result = Seq.length (view'0 self)} (! return' {result}) ] + [ return' (result:UInt64.t)-> {[%#svec14] UInt64.to_int result = Seq.length (view'0 self)} (! return' {result}) ] meta "compute_max_steps" 1000000 - let rec binary_search (arr:Vec'0.t_Vec uint32 (Global'0.t_Global)) (elem:uint32) (return' (ret:Result'0.t_Result usize usize))= {[%#s04_binary_search10] sorted'0 (view'0 arr)} - {[%#s04_binary_search9] Seq.length (view'0 arr) <= UIntSize.to_int (v_MAX'0 : usize)} + let rec binary_search (arr:Vec'0.t_Vec UInt32.t (Global'0.t_Global)) (elem:UInt32.t) (return' (ret:Result'0.t_Result UInt64.t UInt64.t))= {[%#s04_binary_search10] sorted'0 (view'0 arr)} + {[%#s04_binary_search9] Seq.length (view'0 arr) <= UInt64.to_int (v_MAX'0 : UInt64.t)} (! bb0 - [ bb0 = s0 [ s0 = len'0 {arr} (fun (_ret':usize) -> [ &_10 <- _ret' ] s1) | s1 = bb1 ] + [ bb0 = s0 [ s0 = len'0 {arr} (fun (_ret':UInt64.t) -> [ &_10 <- _ret' ] s1) | s1 = bb1 ] | bb1 = s0 - [ s0 = UIntSize.eq {_10} {[%#s04_binary_search0] (0 : usize)} (fun (_ret':bool) -> [ &_9 <- _ret' ] s1) + [ s0 = UInt64.eq {_10} {[%#s04_binary_search0] (0 : UInt64.t)} (fun (_ret':bool) -> [ &_9 <- _ret' ] s1) | s1 = any [ br0 -> {_9 = false} (! bb3) | br1 -> {_9} (! bb2) ] ] - | bb2 = s0 [ s0 = [ &_0 <- Result'0.C_Err ([%#s04_binary_search1] (0 : usize)) ] s1 | s1 = bb21 ] - | bb3 = s0 [ s0 = len'0 {arr} (fun (_ret':usize) -> [ &size <- _ret' ] s1) | s1 = bb4 ] - | bb4 = s0 [ s0 = [ &base <- [%#s04_binary_search2] (0 : usize) ] s1 | s1 = bb5 ] + | bb2 = s0 [ s0 = [ &_0 <- Result'0.C_Err ([%#s04_binary_search1] (0 : UInt64.t)) ] s1 | s1 = bb21 ] + | bb3 = s0 [ s0 = len'0 {arr} (fun (_ret':UInt64.t) -> [ &size <- _ret' ] s1) | s1 = bb4 ] + | bb4 = s0 [ s0 = [ &base <- [%#s04_binary_search2] (0 : UInt64.t) ] s1 | s1 = bb5 ] | bb5 = bb5 - [ bb5 = {[@expl:loop invariant] [%#s04_binary_search4] forall i : usize . UIntSize.to_int base - + UIntSize.to_int size - < UIntSize.to_int i - /\ UIntSize.to_int i < Seq.length (view'0 arr) -> elem < index_logic'0 arr (UIntSize.to_int i)} - {[@expl:loop invariant] [%#s04_binary_search4] forall i : usize . i < base - -> index_logic'0 arr (UIntSize.to_int i) <= elem} - {[@expl:loop invariant] [%#s04_binary_search3] 0 < UIntSize.to_int size - /\ UIntSize.to_int size + UIntSize.to_int base <= Seq.length (view'0 arr)} + [ bb5 = {[@expl:loop invariant] [%#s04_binary_search4] forall i : UInt64.t . UInt64.to_int base + + UInt64.to_int size + < UInt64.to_int i + /\ UInt64.to_int i < Seq.length (view'0 arr) -> elem < index_logic'0 arr (UInt64.to_int i)} + {[@expl:loop invariant] [%#s04_binary_search4] forall i : UInt64.t . i < base + -> index_logic'0 arr (UInt64.to_int i) <= elem} + {[@expl:loop invariant] [%#s04_binary_search3] Int128.to_int (0 : Int128.t) < UInt64.to_int size + /\ UInt64.to_int size + UInt64.to_int base <= Seq.length (view'0 arr)} (! s0) [ s0 = bb6 ] [ bb6 = s0 - [ s0 = UIntSize.gt {size} {[%#s04_binary_search5] (1 : usize)} (fun (_ret':bool) -> [ &_21 <- _ret' ] s1) + [ s0 = UInt64.gt {size} {[%#s04_binary_search5] (1 : UInt64.t)} (fun (_ret':bool) -> [ &_21 <- _ret' ] s1) | s1 = any [ br0 -> {_21 = false} (! bb13) | br1 -> {_21} (! bb7) ] ] | bb7 = s0 - [ s0 = UIntSize.eq {[%#s04_binary_search6] (2 : usize)} {[%#s04_binary_search7] (0 : usize)} + [ s0 = UInt64.eq {[%#s04_binary_search7] (2 : UInt64.t)} {[%#s04_binary_search6] (0 : UInt64.t)} (fun (_ret':bool) -> [ &_25 <- _ret' ] s1) - | s1 = {[@expl:division by zero] [%#s04_binary_search7] not _25} s2 + | s1 = {[@expl:division by zero] [%#s04_binary_search6] not _25} s2 | s2 = bb8 ] | bb8 = s0 - [ s0 = UIntSize.div {size} {[%#s04_binary_search6] (2 : usize)} (fun (_ret':usize) -> [ &half <- _ret' ] s1) - | s1 = UIntSize.add {base} {half} (fun (_ret':usize) -> [ &mid <- _ret' ] s2) - | s2 = index'0 {arr} {mid} (fun (_ret':uint32) -> [ &_32 <- _ret' ] s3) + [ s0 = UInt64.div {size} {[%#s04_binary_search7] (2 : UInt64.t)} + (fun (_ret':UInt64.t) -> [ &half <- _ret' ] s1) + | s1 = UInt64.add {base} {half} (fun (_ret':UInt64.t) -> [ &mid <- _ret' ] s2) + | s2 = index'0 {arr} {mid} (fun (_ret':UInt32.t) -> [ &_32 <- _ret' ] s3) | s3 = bb9 ] | bb9 = s0 @@ -236,12 +241,12 @@ module M_04_binary_search__binary_search [#"04_binary_search.rs" 26 0 26 71] | bb11 = s0 [ s0 = [ &_29 <- mid ] s1 | s1 = bb12 ] | bb12 = s0 [ s0 = [ &base <- _29 ] s1 - | s1 = UIntSize.sub {size} {half} (fun (_ret':usize) -> [ &size <- _ret' ] s2) + | s1 = UInt64.sub {size} {half} (fun (_ret':UInt64.t) -> [ &size <- _ret' ] s2) | s2 = bb5 ] ] ] - | bb13 = s0 [ s0 = index'0 {arr} {base} (fun (_ret':uint32) -> [ &_41 <- _ret' ] s1) | s1 = bb14 ] + | bb13 = s0 [ s0 = index'0 {arr} {base} (fun (_ret':UInt32.t) -> [ &_41 <- _ret' ] s1) | s1 = bb14 ] | bb14 = s0 [ s0 = [ &cmp <- _41 ] s1 | s1 = UInt32.eq {cmp} {elem} (fun (_ret':bool) -> [ &_44 <- _ret' ] s2) @@ -253,7 +258,7 @@ module M_04_binary_search__binary_search [#"04_binary_search.rs" 26 0 26 71] | s1 = any [ br0 -> {_48 = false} (! bb18) | br1 -> {_48} (! bb17) ] ] | bb17 = s0 - [ s0 = UIntSize.add {base} {[%#s04_binary_search8] (1 : usize)} (fun (_ret':usize) -> [ &_51 <- _ret' ] s1) + [ s0 = UInt64.add {base} {[%#s04_binary_search8] (1 : UInt64.t)} (fun (_ret':UInt64.t) -> [ &_51 <- _ret' ] s1) | s1 = [ &_0 <- Result'0.C_Err _51 ] s2 | s2 = bb19 ] @@ -262,34 +267,34 @@ module M_04_binary_search__binary_search [#"04_binary_search.rs" 26 0 26 71] | bb20 = bb21 | bb21 = return' {_0} ] ) - [ & _0 : Result'0.t_Result usize usize = any_l () - | & arr : Vec'0.t_Vec uint32 (Global'0.t_Global) = arr - | & elem : uint32 = elem + [ & _0 : Result'0.t_Result UInt64.t UInt64.t = any_l () + | & arr : Vec'0.t_Vec UInt32.t (Global'0.t_Global) = arr + | & elem : UInt32.t = elem | & _9 : bool = any_l () - | & _10 : usize = any_l () - | & size : usize = any_l () - | & base : usize = any_l () + | & _10 : UInt64.t = any_l () + | & size : UInt64.t = any_l () + | & base : UInt64.t = any_l () | & _21 : bool = any_l () - | & half : usize = any_l () + | & half : UInt64.t = any_l () | & _25 : bool = any_l () - | & mid : usize = any_l () - | & _29 : usize = any_l () + | & mid : UInt64.t = any_l () + | & _29 : UInt64.t = any_l () | & _30 : bool = any_l () - | & _32 : uint32 = any_l () - | & cmp : uint32 = any_l () - | & _41 : uint32 = any_l () + | & _32 : UInt32.t = any_l () + | & cmp : UInt32.t = any_l () + | & _41 : UInt32.t = any_l () | & _44 : bool = any_l () | & _48 : bool = any_l () - | & _51 : usize = any_l () ] + | & _51 : UInt64.t = any_l () ] - [ return' (result:Result'0.t_Result usize usize)-> {[@expl:postcondition] [%#s04_binary_search13] forall x : usize . result + [ return' (result:Result'0.t_Result UInt64.t UInt64.t)-> {[@expl:postcondition] [%#s04_binary_search13] forall x : UInt64.t . result = Result'0.C_Err x - -> (forall i : usize . x < i /\ UIntSize.to_int i < Seq.length (view'0 arr) - -> elem < index_logic'0 arr (UIntSize.to_int i))} - {[@expl:postcondition] [%#s04_binary_search12] forall x : usize . result = Result'0.C_Err x - -> (forall i : usize . i < x -> index_logic'0 arr (UIntSize.to_int i) <= elem)} - {[@expl:postcondition] [%#s04_binary_search11] forall x : usize . result = Result'0.C_Ok x - -> index_logic'0 arr (UIntSize.to_int x) = elem} + -> (forall i : UInt64.t . x < i /\ UInt64.to_int i < Seq.length (view'0 arr) + -> elem < index_logic'0 arr (UInt64.to_int i))} + {[@expl:postcondition] [%#s04_binary_search12] forall x : UInt64.t . result = Result'0.C_Err x + -> (forall i : UInt64.t . i < x -> index_logic'0 arr (UInt64.to_int i) <= elem)} + {[@expl:postcondition] [%#s04_binary_search11] forall x : UInt64.t . result = Result'0.C_Ok x + -> index_logic'0 arr (UInt64.to_int x) = elem} (! return' {result}) ] end diff --git a/prelude/prelude.coma b/prelude/prelude.coma index 5fdfb6638e..d48c4e6f9f 100644 --- a/prelude/prelude.coma +++ b/prelude/prelude.coma @@ -339,6 +339,8 @@ module Int128 end *) + +(* module IntSize use int.Int @@ -392,6 +394,7 @@ module IntSize { [@expl:integer overflow] in_bounds (mod a b) } (ret (result :isize) { result = mod a b }) = any end +*) (* Int *) module UInt8 @@ -482,6 +485,8 @@ module UInt128 (ret (result :uint128) { result = mod a b }) = any end *) + +(* module UIntSize use int.Int @@ -535,7 +540,7 @@ module UIntSize { [@expl:integer overflow] in_bounds (mod a b) } (ret (result : usize) { result = mod a b }) = any end - +*) (* Floats *) module Float32 use export prelude.float.Float32 From c4f371a57e334e1130092abd0b1b0240df276216 Mon Sep 17 00:00:00 2001 From: SCHNEIDER Laurent Date: Mon, 25 Nov 2024 14:41:03 +0100 Subject: [PATCH 07/15] first test ord.rs --- creusot-contracts/src/logic/ord.rs | 94 +- creusot-contracts/src/std/num.rs | 24 +- .../creusot-contracts/creusot-contracts.coma | 3478 +++++++++-------- creusot/tests/should_succeed/bitwise.mlcfg | 100 - creusot/tests/should_succeed/bitwise.rs | 36 - creusot/tests/should_succeed/duration.coma | 268 +- .../should_succeed/duration/why3session.xml | 2 +- .../should_succeed/duration/why3shapes.gz | Bin 418 -> 551 bytes prelude/prelude.coma | 32 +- 9 files changed, 2157 insertions(+), 1877 deletions(-) delete mode 100644 creusot/tests/should_succeed/bitwise.mlcfg delete mode 100644 creusot/tests/should_succeed/bitwise.rs diff --git a/creusot-contracts/src/logic/ord.rs b/creusot-contracts/src/logic/ord.rs index 6515e30cfd..6c2f0fe661 100644 --- a/creusot-contracts/src/logic/ord.rs +++ b/creusot-contracts/src/logic/ord.rs @@ -127,7 +127,7 @@ macro_rules! ord_laws_impl { pub use ord_laws_impl; macro_rules! ord_logic_impl { - ($t:ty) => { + ($t:ty, $module:literal) => { impl OrdLogic for $t { #[logic] #[open] @@ -152,7 +152,8 @@ macro_rules! ord_logic_impl { #[trusted] #[open] #[logic] - #[creusot::builtins = "int.Int.(<)"] + // #[creusot::builtins = "int.Int.(<)"] + #[creusot::builtins = concat!($module, ".(<)")] fn lt_log(self, _: Self) -> bool { true } @@ -178,21 +179,80 @@ macro_rules! ord_logic_impl { }; } -ord_logic_impl!(Int); - -ord_logic_impl!(u8); -ord_logic_impl!(u16); -ord_logic_impl!(u32); -ord_logic_impl!(u64); -ord_logic_impl!(u128); -ord_logic_impl!(usize); - -ord_logic_impl!(i8); -ord_logic_impl!(i16); -ord_logic_impl!(i32); -ord_logic_impl!(i64); -ord_logic_impl!(i128); -ord_logic_impl!(isize); + +macro_rules! ord_logic_impl_test_laurent { + ($t:ty, $module:literal, $signed_sym:expr) => { + impl OrdLogic for $t { + #[logic] + #[open] + fn cmp_log(self, o: Self) -> Ordering { + if self < o { + Ordering::Less + } else if self == o { + Ordering::Equal + } else { + Ordering::Greater + } + } + + #[trusted] + #[open] + #[logic] + #[creusot::builtins = concat!($module, ".", $signed_sym, "le")] + fn le_log(self, _: Self) -> bool { + true + } + + #[trusted] + #[open] + #[logic] + #[creusot::builtins = concat!($module, ".", $signed_sym, "lt")] + fn lt_log(self, _: Self) -> bool { + true + } + + #[trusted] + #[open] + #[logic] + #[creusot::builtins = concat!($module, ".", $signed_sym, "ge")] + fn ge_log(self, _: Self) -> bool { + true + } + + #[trusted] + #[open] + #[logic] + #[creusot::builtins = concat!($module, ".", $signed_sym, "gt")] + fn gt_log(self, _: Self) -> bool { + true + } + + ord_laws_impl! {} + } + }; +} + +ord_logic_impl!(Int, "int.Int"); + +ord_logic_impl!(u8, "int.Int"); +ord_logic_impl!(u16, "int.Int"); +ord_logic_impl_test_laurent!(u32, "prelude.prelude.UInt32", "u"); +ord_logic_impl!(u64, "int.Int"); +ord_logic_impl!(u128, "int.Int"); +ord_logic_impl!(usize, "int.Int"); + +ord_logic_impl!(i8, "int.Int"); +ord_logic_impl!(i16, "int.Int"); +ord_logic_impl!(i32, "int.Int"); +ord_logic_impl!(i64, "int.Int"); +ord_logic_impl!(i128, "int.Int"); + +#[cfg(target_pointer_width = "64")] +ord_logic_impl!(isize, "UInt64"); +#[cfg(target_pointer_width = "32")] +ord_logic_impl!(isize, "UInt32"); +#[cfg(target_pointer_width = "16")] +ord_logic_impl!(isize, "UInt16"); impl OrdLogic for bool { #[open] diff --git a/creusot-contracts/src/std/num.rs b/creusot-contracts/src/std/num.rs index 162e204d0a..9b0a0059d6 100644 --- a/creusot-contracts/src/std/num.rs +++ b/creusot-contracts/src/std/num.rs @@ -33,21 +33,21 @@ macro_rules! mach_int { }; } -mach_int!(u8, "prelude.prelude.UInt8.to_uint", 0u8); -mach_int!(u16, "prelude.prelude.UInt16.to_uint", 0u16); -mach_int!(u32, "prelude.prelude.UInt32.to_uint", 0u32); -mach_int!(u64, "prelude.prelude.UInt64.to_uint", 0u64); -mach_int!(u128, "prelude.prelude.UInt128.to_uint", 0u128); +mach_int!(u8, "prelude.prelude.UInt8", 0u8); +mach_int!(u16, "prelude.prelude.UInt16", 0u16); +mach_int!(u32, "prelude.prelude.UInt32", 0u32); +mach_int!(u64, "prelude.prelude.UInt64", 0u64); +mach_int!(u128, "prelude.prelude.UInt128", 0u128); // mach_int!(usize, "prelude.prelude.UIntSize.to_uint", 0usize); -mach_int!(usize, "prelude.prelude.UInt64.to_uint", 0usize); // TODO laurent +mach_int!(usize, "prelude.prelude.UInt64", 0usize); // TODO laurent -mach_int!(i8, "prelude.prelude.Int8.to_int", 0i8); -mach_int!(i16, "prelude.prelude.Int16.to_int", 0i16); -mach_int!(i32, "prelude.prelude.Int32.to_int", 0i32); -mach_int!(i64, "prelude.prelude.Int64.to_int", 0i64); -mach_int!(i128, "prelude.prelude.Int128.to_int", 0i128); +mach_int!(i8, "prelude.prelude.Int8", 0i8); +mach_int!(i16, "prelude.prelude.Int16", 0i16); +mach_int!(i32, "prelude.prelude.Int32", 0i32); +mach_int!(i64, "prelude.prelude.Int64", 0i64); +mach_int!(i128, "prelude.prelude.Int128", 0i128); // mach_int!(isize, "prelude.prelude.IntSize.to_int", 0isize); -mach_int!(isize, "prelude.prelude.Int64.to_int", 0isize); // TODO laurent +mach_int!(isize, "prelude.prelude.Int64", 0isize); // TODO laurent /// Adds specifications for checked, wrapping, saturating, and overflowing operations on the given /// integer type diff --git a/creusot/tests/creusot-contracts/creusot-contracts.coma b/creusot/tests/creusot-contracts/creusot-contracts.coma index 8e80de0f57..7d960c9533 100644 --- a/creusot/tests/creusot-contracts/creusot-contracts.coma +++ b/creusot/tests/creusot-contracts/creusot-contracts.coma @@ -131,9 +131,13 @@ module M_creusot_contracts__logic__fmap__qyi9892930999379617882__subtract [#"../ use prelude.prelude.Int + use prelude.prelude.Int128.to_int + + use prelude.prelude.Int128 + function len'0 [#"../../../creusot-contracts/src/logic/fmap.rs" 14 4 14 27] (self : FMap'0.t_FMap k v) : int - axiom len'0_spec : forall self : FMap'0.t_FMap k v . [%#sfmap17] len'0 self >= 0 + axiom len'0_spec : forall self : FMap'0.t_FMap k v . [%#sfmap17] len'0 self >= Int128.to_int (0 : Int128.t) function disjoint'0 [#"../../../creusot-contracts/src/logic/fmap.rs" 100 4 100 46] (self : FMap'0.t_FMap k v) (other : FMap'0.t_FMap k v) : bool @@ -198,15 +202,15 @@ module T_core__ptr__unique__Unique end module T_alloc__raw_vec__Cap - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 use prelude.prelude.Int type t_Cap = - | C_Cap usize + | C_Cap UInt64.t - let rec t_Cap (input:t_Cap) (ret (field_0:usize))= any - [ good (field_0:usize)-> {C_Cap field_0 = input} (! ret {field_0}) ] + let rec t_Cap (input:t_Cap) (ret (field_0:UInt64.t))= any + [ good (field_0:UInt64.t)-> {C_Cap field_0 = input} (! ret {field_0}) ] end module T_alloc__raw_vec__RawVec @@ -223,17 +227,17 @@ module T_alloc__raw_vec__RawVec end module T_alloc__vec__Vec - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 use prelude.prelude.Int use T_alloc__raw_vec__RawVec as RawVec'0 type t_Vec 't 'a = - | C_Vec (RawVec'0.t_RawVec 't 'a) usize + | C_Vec (RawVec'0.t_RawVec 't 'a) UInt64.t - let rec t_Vec < 't > < 'a > (input:t_Vec 't 'a) (ret (buf:RawVec'0.t_RawVec 't 'a) (len:usize))= any - [ good (buf:RawVec'0.t_RawVec 't 'a) (len:usize)-> {C_Vec buf len = input} (! ret {buf} {len}) ] + let rec t_Vec < 't > < 'a > (input:t_Vec 't 'a) (ret (buf:RawVec'0.t_RawVec 't 'a) (len:UInt64.t))= any + [ good (buf:RawVec'0.t_RawVec 't 'a) (len:UInt64.t)-> {C_Vec buf len = input} (! ret {buf} {len}) ] end module T_core__cmp__Ordering @@ -460,16 +464,16 @@ module M_creusot_contracts__logic__ord__qyi15418235539824427604__cmp_le_log [#". use prelude.prelude.Int - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint8) (o : uint8) : Ordering'0.t_Ordering + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : UInt8.t) (o : UInt8.t) : Ordering'0.t_Ordering = [%#sord1] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - constant x : uint8 + constant x : UInt8.t - constant y : uint8 + constant y : UInt8.t - function cmp_le_log [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (x : uint8) (y : uint8) : () + function cmp_le_log [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (x : UInt8.t) (y : UInt8.t) : () goal vc_cmp_le_log : [%#sord0] (x <= y) = (cmp_log'0 x y <> Ordering'0.C_Greater) end @@ -483,16 +487,16 @@ module M_creusot_contracts__logic__ord__qyi15418235539824427604__cmp_lt_log [#". use prelude.prelude.Int - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint8) (o : uint8) : Ordering'0.t_Ordering + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : UInt8.t) (o : UInt8.t) : Ordering'0.t_Ordering = [%#sord1] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - constant x : uint8 + constant x : UInt8.t - constant y : uint8 + constant y : UInt8.t - function cmp_lt_log [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (x : uint8) (y : uint8) : () + function cmp_lt_log [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (x : UInt8.t) (y : UInt8.t) : () goal vc_cmp_lt_log : [%#sord0] (x < y) = (cmp_log'0 x y = Ordering'0.C_Less) end @@ -506,16 +510,16 @@ module M_creusot_contracts__logic__ord__qyi15418235539824427604__cmp_ge_log [#". use prelude.prelude.Int - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint8) (o : uint8) : Ordering'0.t_Ordering + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : UInt8.t) (o : UInt8.t) : Ordering'0.t_Ordering = [%#sord1] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - constant x : uint8 + constant x : UInt8.t - constant y : uint8 + constant y : UInt8.t - function cmp_ge_log [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (x : uint8) (y : uint8) : () + function cmp_ge_log [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (x : UInt8.t) (y : UInt8.t) : () goal vc_cmp_ge_log : [%#sord0] (x >= y) = (cmp_log'0 x y <> Ordering'0.C_Less) end @@ -529,16 +533,16 @@ module M_creusot_contracts__logic__ord__qyi15418235539824427604__cmp_gt_log [#". use prelude.prelude.Int - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint8) (o : uint8) : Ordering'0.t_Ordering + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : UInt8.t) (o : UInt8.t) : Ordering'0.t_Ordering = [%#sord1] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - constant x : uint8 + constant x : UInt8.t - constant y : uint8 + constant y : UInt8.t - function cmp_gt_log [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (x : uint8) (y : uint8) : () + function cmp_gt_log [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (x : UInt8.t) (y : UInt8.t) : () goal vc_cmp_gt_log : [%#sord0] (x > y) = (cmp_log'0 x y = Ordering'0.C_Greater) end @@ -552,14 +556,14 @@ module M_creusot_contracts__logic__ord__qyi15418235539824427604__refl [#"../../. use T_core__cmp__Ordering as Ordering'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint8) (o : uint8) : Ordering'0.t_Ordering + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : UInt8.t) (o : UInt8.t) : Ordering'0.t_Ordering = [%#sord1] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - constant x : uint8 + constant x : UInt8.t - function refl [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (x : uint8) : () + function refl [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (x : UInt8.t) : () goal vc_refl : [%#sord0] cmp_log'0 x x = Ordering'0.C_Equal end @@ -575,20 +579,20 @@ module M_creusot_contracts__logic__ord__qyi15418235539824427604__trans [#"../../ use prelude.prelude.Int - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint8) (o : uint8) : Ordering'0.t_Ordering + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : UInt8.t) (o : UInt8.t) : Ordering'0.t_Ordering = [%#sord3] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - constant x : uint8 + constant x : UInt8.t - constant y : uint8 + constant y : UInt8.t - constant z : uint8 + constant z : UInt8.t constant o : Ordering'0.t_Ordering - function trans [#"../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56] (x : uint8) (y : uint8) (z : uint8) (o : Ordering'0.t_Ordering) : () + function trans [#"../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56] (x : UInt8.t) (y : UInt8.t) (z : UInt8.t) (o : Ordering'0.t_Ordering) : () goal vc_trans : ([%#sord1] cmp_log'0 y z = o) -> ([%#sord0] cmp_log'0 x y = o) -> ([%#sord2] cmp_log'0 x z = o) @@ -604,16 +608,16 @@ module M_creusot_contracts__logic__ord__qyi15418235539824427604__antisym1 [#"../ use T_core__cmp__Ordering as Ordering'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint8) (o : uint8) : Ordering'0.t_Ordering + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : UInt8.t) (o : UInt8.t) : Ordering'0.t_Ordering = [%#sord2] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - constant x : uint8 + constant x : UInt8.t - constant y : uint8 + constant y : UInt8.t - function antisym1 [#"../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37] (x : uint8) (y : uint8) : () + function antisym1 [#"../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37] (x : UInt8.t) (y : UInt8.t) : () goal vc_antisym1 : ([%#sord0] cmp_log'0 x y = Ordering'0.C_Less) -> ([%#sord1] cmp_log'0 y x = Ordering'0.C_Greater) end @@ -628,16 +632,16 @@ module M_creusot_contracts__logic__ord__qyi15418235539824427604__antisym2 [#"../ use T_core__cmp__Ordering as Ordering'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint8) (o : uint8) : Ordering'0.t_Ordering + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : UInt8.t) (o : UInt8.t) : Ordering'0.t_Ordering = [%#sord2] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - constant x : uint8 + constant x : UInt8.t - constant y : uint8 + constant y : UInt8.t - function antisym2 [#"../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37] (x : uint8) (y : uint8) : () + function antisym2 [#"../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37] (x : UInt8.t) (y : UInt8.t) : () goal vc_antisym2 : ([%#sord0] cmp_log'0 x y = Ordering'0.C_Greater) -> ([%#sord1] cmp_log'0 y x = Ordering'0.C_Less) end @@ -651,16 +655,16 @@ module M_creusot_contracts__logic__ord__qyi15418235539824427604__eq_cmp [#"../.. use T_core__cmp__Ordering as Ordering'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint8) (o : uint8) : Ordering'0.t_Ordering + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : UInt8.t) (o : UInt8.t) : Ordering'0.t_Ordering = [%#sord1] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - constant x : uint8 + constant x : UInt8.t - constant y : uint8 + constant y : UInt8.t - function eq_cmp [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (x : uint8) (y : uint8) : () + function eq_cmp [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (x : UInt8.t) (y : UInt8.t) : () goal vc_eq_cmp : [%#sord0] (x = y) = (cmp_log'0 x y = Ordering'0.C_Equal) end @@ -674,16 +678,16 @@ module M_creusot_contracts__logic__ord__qyi7305497527599188430__cmp_le_log [#".. use prelude.prelude.Int - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint16) (o : uint16) : Ordering'0.t_Ordering + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : UInt16.t) (o : UInt16.t) : Ordering'0.t_Ordering = [%#sord1] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - constant x : uint16 + constant x : UInt16.t - constant y : uint16 + constant y : UInt16.t - function cmp_le_log [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (x : uint16) (y : uint16) : () + function cmp_le_log [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (x : UInt16.t) (y : UInt16.t) : () goal vc_cmp_le_log : [%#sord0] (x <= y) = (cmp_log'0 x y <> Ordering'0.C_Greater) end @@ -697,16 +701,16 @@ module M_creusot_contracts__logic__ord__qyi7305497527599188430__cmp_lt_log [#".. use prelude.prelude.Int - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint16) (o : uint16) : Ordering'0.t_Ordering + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : UInt16.t) (o : UInt16.t) : Ordering'0.t_Ordering = [%#sord1] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - constant x : uint16 + constant x : UInt16.t - constant y : uint16 + constant y : UInt16.t - function cmp_lt_log [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (x : uint16) (y : uint16) : () + function cmp_lt_log [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (x : UInt16.t) (y : UInt16.t) : () goal vc_cmp_lt_log : [%#sord0] (x < y) = (cmp_log'0 x y = Ordering'0.C_Less) end @@ -720,16 +724,16 @@ module M_creusot_contracts__logic__ord__qyi7305497527599188430__cmp_ge_log [#".. use prelude.prelude.Int - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint16) (o : uint16) : Ordering'0.t_Ordering + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : UInt16.t) (o : UInt16.t) : Ordering'0.t_Ordering = [%#sord1] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - constant x : uint16 + constant x : UInt16.t - constant y : uint16 + constant y : UInt16.t - function cmp_ge_log [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (x : uint16) (y : uint16) : () + function cmp_ge_log [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (x : UInt16.t) (y : UInt16.t) : () goal vc_cmp_ge_log : [%#sord0] (x >= y) = (cmp_log'0 x y <> Ordering'0.C_Less) end @@ -743,16 +747,16 @@ module M_creusot_contracts__logic__ord__qyi7305497527599188430__cmp_gt_log [#".. use prelude.prelude.Int - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint16) (o : uint16) : Ordering'0.t_Ordering + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : UInt16.t) (o : UInt16.t) : Ordering'0.t_Ordering = [%#sord1] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - constant x : uint16 + constant x : UInt16.t - constant y : uint16 + constant y : UInt16.t - function cmp_gt_log [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (x : uint16) (y : uint16) : () + function cmp_gt_log [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (x : UInt16.t) (y : UInt16.t) : () goal vc_cmp_gt_log : [%#sord0] (x > y) = (cmp_log'0 x y = Ordering'0.C_Greater) end @@ -766,14 +770,14 @@ module M_creusot_contracts__logic__ord__qyi7305497527599188430__refl [#"../../.. use T_core__cmp__Ordering as Ordering'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint16) (o : uint16) : Ordering'0.t_Ordering + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : UInt16.t) (o : UInt16.t) : Ordering'0.t_Ordering = [%#sord1] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - constant x : uint16 + constant x : UInt16.t - function refl [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (x : uint16) : () + function refl [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (x : UInt16.t) : () goal vc_refl : [%#sord0] cmp_log'0 x x = Ordering'0.C_Equal end @@ -789,20 +793,20 @@ module M_creusot_contracts__logic__ord__qyi7305497527599188430__trans [#"../../. use prelude.prelude.Int - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint16) (o : uint16) : Ordering'0.t_Ordering + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : UInt16.t) (o : UInt16.t) : Ordering'0.t_Ordering = [%#sord3] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - constant x : uint16 + constant x : UInt16.t - constant y : uint16 + constant y : UInt16.t - constant z : uint16 + constant z : UInt16.t constant o : Ordering'0.t_Ordering - function trans [#"../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56] (x : uint16) (y : uint16) (z : uint16) (o : Ordering'0.t_Ordering) : () + function trans [#"../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56] (x : UInt16.t) (y : UInt16.t) (z : UInt16.t) (o : Ordering'0.t_Ordering) : () goal vc_trans : ([%#sord1] cmp_log'0 y z = o) -> ([%#sord0] cmp_log'0 x y = o) -> ([%#sord2] cmp_log'0 x z = o) @@ -818,16 +822,16 @@ module M_creusot_contracts__logic__ord__qyi7305497527599188430__antisym1 [#"../. use T_core__cmp__Ordering as Ordering'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint16) (o : uint16) : Ordering'0.t_Ordering + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : UInt16.t) (o : UInt16.t) : Ordering'0.t_Ordering = [%#sord2] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - constant x : uint16 + constant x : UInt16.t - constant y : uint16 + constant y : UInt16.t - function antisym1 [#"../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37] (x : uint16) (y : uint16) : () + function antisym1 [#"../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37] (x : UInt16.t) (y : UInt16.t) : () goal vc_antisym1 : ([%#sord0] cmp_log'0 x y = Ordering'0.C_Less) -> ([%#sord1] cmp_log'0 y x = Ordering'0.C_Greater) end @@ -842,16 +846,16 @@ module M_creusot_contracts__logic__ord__qyi7305497527599188430__antisym2 [#"../. use T_core__cmp__Ordering as Ordering'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint16) (o : uint16) : Ordering'0.t_Ordering + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : UInt16.t) (o : UInt16.t) : Ordering'0.t_Ordering = [%#sord2] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - constant x : uint16 + constant x : UInt16.t - constant y : uint16 + constant y : UInt16.t - function antisym2 [#"../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37] (x : uint16) (y : uint16) : () + function antisym2 [#"../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37] (x : UInt16.t) (y : UInt16.t) : () goal vc_antisym2 : ([%#sord0] cmp_log'0 x y = Ordering'0.C_Greater) -> ([%#sord1] cmp_log'0 y x = Ordering'0.C_Less) end @@ -865,16 +869,16 @@ module M_creusot_contracts__logic__ord__qyi7305497527599188430__eq_cmp [#"../../ use T_core__cmp__Ordering as Ordering'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint16) (o : uint16) : Ordering'0.t_Ordering + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : UInt16.t) (o : UInt16.t) : Ordering'0.t_Ordering = [%#sord1] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - constant x : uint16 + constant x : UInt16.t - constant y : uint16 + constant y : UInt16.t - function eq_cmp [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (x : uint16) (y : uint16) : () + function eq_cmp [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (x : UInt16.t) (y : UInt16.t) : () goal vc_eq_cmp : [%#sord0] (x = y) = (cmp_log'0 x y = Ordering'0.C_Equal) end @@ -888,16 +892,16 @@ module M_creusot_contracts__logic__ord__qyi4526525114627399862__cmp_le_log [#".. use prelude.prelude.Int - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint32) (o : uint32) : Ordering'0.t_Ordering + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : UInt32.t) (o : UInt32.t) : Ordering'0.t_Ordering = [%#sord1] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - constant x : uint32 + constant x : UInt32.t - constant y : uint32 + constant y : UInt32.t - function cmp_le_log [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (x : uint32) (y : uint32) : () + function cmp_le_log [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (x : UInt32.t) (y : UInt32.t) : () goal vc_cmp_le_log : [%#sord0] (x <= y) = (cmp_log'0 x y <> Ordering'0.C_Greater) end @@ -911,16 +915,16 @@ module M_creusot_contracts__logic__ord__qyi4526525114627399862__cmp_lt_log [#".. use prelude.prelude.Int - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint32) (o : uint32) : Ordering'0.t_Ordering + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : UInt32.t) (o : UInt32.t) : Ordering'0.t_Ordering = [%#sord1] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - constant x : uint32 + constant x : UInt32.t - constant y : uint32 + constant y : UInt32.t - function cmp_lt_log [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (x : uint32) (y : uint32) : () + function cmp_lt_log [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (x : UInt32.t) (y : UInt32.t) : () goal vc_cmp_lt_log : [%#sord0] (x < y) = (cmp_log'0 x y = Ordering'0.C_Less) end @@ -934,16 +938,16 @@ module M_creusot_contracts__logic__ord__qyi4526525114627399862__cmp_ge_log [#".. use prelude.prelude.Int - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint32) (o : uint32) : Ordering'0.t_Ordering + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : UInt32.t) (o : UInt32.t) : Ordering'0.t_Ordering = [%#sord1] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - constant x : uint32 + constant x : UInt32.t - constant y : uint32 + constant y : UInt32.t - function cmp_ge_log [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (x : uint32) (y : uint32) : () + function cmp_ge_log [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (x : UInt32.t) (y : UInt32.t) : () goal vc_cmp_ge_log : [%#sord0] (x >= y) = (cmp_log'0 x y <> Ordering'0.C_Less) end @@ -957,16 +961,16 @@ module M_creusot_contracts__logic__ord__qyi4526525114627399862__cmp_gt_log [#".. use prelude.prelude.Int - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint32) (o : uint32) : Ordering'0.t_Ordering + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : UInt32.t) (o : UInt32.t) : Ordering'0.t_Ordering = [%#sord1] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - constant x : uint32 + constant x : UInt32.t - constant y : uint32 + constant y : UInt32.t - function cmp_gt_log [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (x : uint32) (y : uint32) : () + function cmp_gt_log [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (x : UInt32.t) (y : UInt32.t) : () goal vc_cmp_gt_log : [%#sord0] (x > y) = (cmp_log'0 x y = Ordering'0.C_Greater) end @@ -980,14 +984,14 @@ module M_creusot_contracts__logic__ord__qyi4526525114627399862__refl [#"../../.. use T_core__cmp__Ordering as Ordering'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint32) (o : uint32) : Ordering'0.t_Ordering + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : UInt32.t) (o : UInt32.t) : Ordering'0.t_Ordering = [%#sord1] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - constant x : uint32 + constant x : UInt32.t - function refl [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (x : uint32) : () + function refl [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (x : UInt32.t) : () goal vc_refl : [%#sord0] cmp_log'0 x x = Ordering'0.C_Equal end @@ -1003,20 +1007,20 @@ module M_creusot_contracts__logic__ord__qyi4526525114627399862__trans [#"../../. use prelude.prelude.Int - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint32) (o : uint32) : Ordering'0.t_Ordering + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : UInt32.t) (o : UInt32.t) : Ordering'0.t_Ordering = [%#sord3] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - constant x : uint32 + constant x : UInt32.t - constant y : uint32 + constant y : UInt32.t - constant z : uint32 + constant z : UInt32.t constant o : Ordering'0.t_Ordering - function trans [#"../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56] (x : uint32) (y : uint32) (z : uint32) (o : Ordering'0.t_Ordering) : () + function trans [#"../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56] (x : UInt32.t) (y : UInt32.t) (z : UInt32.t) (o : Ordering'0.t_Ordering) : () goal vc_trans : ([%#sord1] cmp_log'0 y z = o) -> ([%#sord0] cmp_log'0 x y = o) -> ([%#sord2] cmp_log'0 x z = o) @@ -1032,16 +1036,16 @@ module M_creusot_contracts__logic__ord__qyi4526525114627399862__antisym1 [#"../. use T_core__cmp__Ordering as Ordering'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint32) (o : uint32) : Ordering'0.t_Ordering + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : UInt32.t) (o : UInt32.t) : Ordering'0.t_Ordering = [%#sord2] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - constant x : uint32 + constant x : UInt32.t - constant y : uint32 + constant y : UInt32.t - function antisym1 [#"../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37] (x : uint32) (y : uint32) : () + function antisym1 [#"../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37] (x : UInt32.t) (y : UInt32.t) : () goal vc_antisym1 : ([%#sord0] cmp_log'0 x y = Ordering'0.C_Less) -> ([%#sord1] cmp_log'0 y x = Ordering'0.C_Greater) end @@ -1056,16 +1060,16 @@ module M_creusot_contracts__logic__ord__qyi4526525114627399862__antisym2 [#"../. use T_core__cmp__Ordering as Ordering'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint32) (o : uint32) : Ordering'0.t_Ordering + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : UInt32.t) (o : UInt32.t) : Ordering'0.t_Ordering = [%#sord2] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - constant x : uint32 + constant x : UInt32.t - constant y : uint32 + constant y : UInt32.t - function antisym2 [#"../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37] (x : uint32) (y : uint32) : () + function antisym2 [#"../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37] (x : UInt32.t) (y : UInt32.t) : () goal vc_antisym2 : ([%#sord0] cmp_log'0 x y = Ordering'0.C_Greater) -> ([%#sord1] cmp_log'0 y x = Ordering'0.C_Less) end @@ -1079,16 +1083,16 @@ module M_creusot_contracts__logic__ord__qyi4526525114627399862__eq_cmp [#"../../ use T_core__cmp__Ordering as Ordering'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint32) (o : uint32) : Ordering'0.t_Ordering + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : UInt32.t) (o : UInt32.t) : Ordering'0.t_Ordering = [%#sord1] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - constant x : uint32 + constant x : UInt32.t - constant y : uint32 + constant y : UInt32.t - function eq_cmp [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (x : uint32) (y : uint32) : () + function eq_cmp [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (x : UInt32.t) (y : UInt32.t) : () goal vc_eq_cmp : [%#sord0] (x = y) = (cmp_log'0 x y = Ordering'0.C_Equal) end @@ -1102,16 +1106,16 @@ module M_creusot_contracts__logic__ord__qyi11489483489418918928__cmp_le_log [#". use prelude.prelude.Int - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint64) (o : uint64) : Ordering'0.t_Ordering + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : UInt64.t) (o : UInt64.t) : Ordering'0.t_Ordering = [%#sord1] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - constant x : uint64 + constant x : UInt64.t - constant y : uint64 + constant y : UInt64.t - function cmp_le_log [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (x : uint64) (y : uint64) : () + function cmp_le_log [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (x : UInt64.t) (y : UInt64.t) : () goal vc_cmp_le_log : [%#sord0] (x <= y) = (cmp_log'0 x y <> Ordering'0.C_Greater) end @@ -1125,16 +1129,16 @@ module M_creusot_contracts__logic__ord__qyi11489483489418918928__cmp_lt_log [#". use prelude.prelude.Int - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint64) (o : uint64) : Ordering'0.t_Ordering + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : UInt64.t) (o : UInt64.t) : Ordering'0.t_Ordering = [%#sord1] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - constant x : uint64 + constant x : UInt64.t - constant y : uint64 + constant y : UInt64.t - function cmp_lt_log [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (x : uint64) (y : uint64) : () + function cmp_lt_log [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (x : UInt64.t) (y : UInt64.t) : () goal vc_cmp_lt_log : [%#sord0] (x < y) = (cmp_log'0 x y = Ordering'0.C_Less) end @@ -1148,16 +1152,16 @@ module M_creusot_contracts__logic__ord__qyi11489483489418918928__cmp_ge_log [#". use prelude.prelude.Int - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint64) (o : uint64) : Ordering'0.t_Ordering + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : UInt64.t) (o : UInt64.t) : Ordering'0.t_Ordering = [%#sord1] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - constant x : uint64 + constant x : UInt64.t - constant y : uint64 + constant y : UInt64.t - function cmp_ge_log [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (x : uint64) (y : uint64) : () + function cmp_ge_log [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (x : UInt64.t) (y : UInt64.t) : () goal vc_cmp_ge_log : [%#sord0] (x >= y) = (cmp_log'0 x y <> Ordering'0.C_Less) end @@ -1171,16 +1175,16 @@ module M_creusot_contracts__logic__ord__qyi11489483489418918928__cmp_gt_log [#". use prelude.prelude.Int - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint64) (o : uint64) : Ordering'0.t_Ordering + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : UInt64.t) (o : UInt64.t) : Ordering'0.t_Ordering = [%#sord1] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - constant x : uint64 + constant x : UInt64.t - constant y : uint64 + constant y : UInt64.t - function cmp_gt_log [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (x : uint64) (y : uint64) : () + function cmp_gt_log [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (x : UInt64.t) (y : UInt64.t) : () goal vc_cmp_gt_log : [%#sord0] (x > y) = (cmp_log'0 x y = Ordering'0.C_Greater) end @@ -1194,14 +1198,14 @@ module M_creusot_contracts__logic__ord__qyi11489483489418918928__refl [#"../../. use T_core__cmp__Ordering as Ordering'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint64) (o : uint64) : Ordering'0.t_Ordering + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : UInt64.t) (o : UInt64.t) : Ordering'0.t_Ordering = [%#sord1] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - constant x : uint64 + constant x : UInt64.t - function refl [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (x : uint64) : () + function refl [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (x : UInt64.t) : () goal vc_refl : [%#sord0] cmp_log'0 x x = Ordering'0.C_Equal end @@ -1217,20 +1221,20 @@ module M_creusot_contracts__logic__ord__qyi11489483489418918928__trans [#"../../ use prelude.prelude.Int - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint64) (o : uint64) : Ordering'0.t_Ordering + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : UInt64.t) (o : UInt64.t) : Ordering'0.t_Ordering = [%#sord3] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - constant x : uint64 + constant x : UInt64.t - constant y : uint64 + constant y : UInt64.t - constant z : uint64 + constant z : UInt64.t constant o : Ordering'0.t_Ordering - function trans [#"../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56] (x : uint64) (y : uint64) (z : uint64) (o : Ordering'0.t_Ordering) : () + function trans [#"../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56] (x : UInt64.t) (y : UInt64.t) (z : UInt64.t) (o : Ordering'0.t_Ordering) : () goal vc_trans : ([%#sord1] cmp_log'0 y z = o) -> ([%#sord0] cmp_log'0 x y = o) -> ([%#sord2] cmp_log'0 x z = o) @@ -1246,16 +1250,16 @@ module M_creusot_contracts__logic__ord__qyi11489483489418918928__antisym1 [#"../ use T_core__cmp__Ordering as Ordering'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint64) (o : uint64) : Ordering'0.t_Ordering + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : UInt64.t) (o : UInt64.t) : Ordering'0.t_Ordering = [%#sord2] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - constant x : uint64 + constant x : UInt64.t - constant y : uint64 + constant y : UInt64.t - function antisym1 [#"../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37] (x : uint64) (y : uint64) : () + function antisym1 [#"../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37] (x : UInt64.t) (y : UInt64.t) : () goal vc_antisym1 : ([%#sord0] cmp_log'0 x y = Ordering'0.C_Less) -> ([%#sord1] cmp_log'0 y x = Ordering'0.C_Greater) end @@ -1270,16 +1274,16 @@ module M_creusot_contracts__logic__ord__qyi11489483489418918928__antisym2 [#"../ use T_core__cmp__Ordering as Ordering'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint64) (o : uint64) : Ordering'0.t_Ordering + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : UInt64.t) (o : UInt64.t) : Ordering'0.t_Ordering = [%#sord2] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - constant x : uint64 + constant x : UInt64.t - constant y : uint64 + constant y : UInt64.t - function antisym2 [#"../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37] (x : uint64) (y : uint64) : () + function antisym2 [#"../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37] (x : UInt64.t) (y : UInt64.t) : () goal vc_antisym2 : ([%#sord0] cmp_log'0 x y = Ordering'0.C_Greater) -> ([%#sord1] cmp_log'0 y x = Ordering'0.C_Less) end @@ -1293,16 +1297,16 @@ module M_creusot_contracts__logic__ord__qyi11489483489418918928__eq_cmp [#"../.. use T_core__cmp__Ordering as Ordering'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint64) (o : uint64) : Ordering'0.t_Ordering + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : UInt64.t) (o : UInt64.t) : Ordering'0.t_Ordering = [%#sord1] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - constant x : uint64 + constant x : UInt64.t - constant y : uint64 + constant y : UInt64.t - function eq_cmp [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (x : uint64) (y : uint64) : () + function eq_cmp [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (x : UInt64.t) (y : UInt64.t) : () goal vc_eq_cmp : [%#sord0] (x = y) = (cmp_log'0 x y = Ordering'0.C_Equal) end @@ -1316,16 +1320,16 @@ module M_creusot_contracts__logic__ord__qyi13757098721041279861__cmp_le_log [#". use prelude.prelude.Int - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint128) (o : uint128) : Ordering'0.t_Ordering + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : UInt128.t) (o : UInt128.t) : Ordering'0.t_Ordering = [%#sord1] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - constant x : uint128 + constant x : UInt128.t - constant y : uint128 + constant y : UInt128.t - function cmp_le_log [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (x : uint128) (y : uint128) : () + function cmp_le_log [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (x : UInt128.t) (y : UInt128.t) : () goal vc_cmp_le_log : [%#sord0] (x <= y) = (cmp_log'0 x y <> Ordering'0.C_Greater) end @@ -1339,16 +1343,16 @@ module M_creusot_contracts__logic__ord__qyi13757098721041279861__cmp_lt_log [#". use prelude.prelude.Int - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint128) (o : uint128) : Ordering'0.t_Ordering + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : UInt128.t) (o : UInt128.t) : Ordering'0.t_Ordering = [%#sord1] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - constant x : uint128 + constant x : UInt128.t - constant y : uint128 + constant y : UInt128.t - function cmp_lt_log [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (x : uint128) (y : uint128) : () + function cmp_lt_log [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (x : UInt128.t) (y : UInt128.t) : () goal vc_cmp_lt_log : [%#sord0] (x < y) = (cmp_log'0 x y = Ordering'0.C_Less) end @@ -1362,16 +1366,16 @@ module M_creusot_contracts__logic__ord__qyi13757098721041279861__cmp_ge_log [#". use prelude.prelude.Int - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint128) (o : uint128) : Ordering'0.t_Ordering + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : UInt128.t) (o : UInt128.t) : Ordering'0.t_Ordering = [%#sord1] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - constant x : uint128 + constant x : UInt128.t - constant y : uint128 + constant y : UInt128.t - function cmp_ge_log [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (x : uint128) (y : uint128) : () + function cmp_ge_log [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (x : UInt128.t) (y : UInt128.t) : () goal vc_cmp_ge_log : [%#sord0] (x >= y) = (cmp_log'0 x y <> Ordering'0.C_Less) end @@ -1385,16 +1389,16 @@ module M_creusot_contracts__logic__ord__qyi13757098721041279861__cmp_gt_log [#". use prelude.prelude.Int - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint128) (o : uint128) : Ordering'0.t_Ordering + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : UInt128.t) (o : UInt128.t) : Ordering'0.t_Ordering = [%#sord1] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - constant x : uint128 + constant x : UInt128.t - constant y : uint128 + constant y : UInt128.t - function cmp_gt_log [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (x : uint128) (y : uint128) : () + function cmp_gt_log [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (x : UInt128.t) (y : UInt128.t) : () goal vc_cmp_gt_log : [%#sord0] (x > y) = (cmp_log'0 x y = Ordering'0.C_Greater) end @@ -1408,14 +1412,14 @@ module M_creusot_contracts__logic__ord__qyi13757098721041279861__refl [#"../../. use T_core__cmp__Ordering as Ordering'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint128) (o : uint128) : Ordering'0.t_Ordering + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : UInt128.t) (o : UInt128.t) : Ordering'0.t_Ordering = [%#sord1] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - constant x : uint128 + constant x : UInt128.t - function refl [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (x : uint128) : () + function refl [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (x : UInt128.t) : () goal vc_refl : [%#sord0] cmp_log'0 x x = Ordering'0.C_Equal end @@ -1431,20 +1435,20 @@ module M_creusot_contracts__logic__ord__qyi13757098721041279861__trans [#"../../ use prelude.prelude.Int - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint128) (o : uint128) : Ordering'0.t_Ordering + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : UInt128.t) (o : UInt128.t) : Ordering'0.t_Ordering = [%#sord3] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - constant x : uint128 + constant x : UInt128.t - constant y : uint128 + constant y : UInt128.t - constant z : uint128 + constant z : UInt128.t constant o : Ordering'0.t_Ordering - function trans [#"../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56] (x : uint128) (y : uint128) (z : uint128) (o : Ordering'0.t_Ordering) : () + function trans [#"../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56] (x : UInt128.t) (y : UInt128.t) (z : UInt128.t) (o : Ordering'0.t_Ordering) : () goal vc_trans : ([%#sord1] cmp_log'0 y z = o) -> ([%#sord0] cmp_log'0 x y = o) -> ([%#sord2] cmp_log'0 x z = o) @@ -1460,16 +1464,16 @@ module M_creusot_contracts__logic__ord__qyi13757098721041279861__antisym1 [#"../ use T_core__cmp__Ordering as Ordering'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint128) (o : uint128) : Ordering'0.t_Ordering + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : UInt128.t) (o : UInt128.t) : Ordering'0.t_Ordering = [%#sord2] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - constant x : uint128 + constant x : UInt128.t - constant y : uint128 + constant y : UInt128.t - function antisym1 [#"../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37] (x : uint128) (y : uint128) : () + function antisym1 [#"../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37] (x : UInt128.t) (y : UInt128.t) : () goal vc_antisym1 : ([%#sord0] cmp_log'0 x y = Ordering'0.C_Less) -> ([%#sord1] cmp_log'0 y x = Ordering'0.C_Greater) end @@ -1484,16 +1488,16 @@ module M_creusot_contracts__logic__ord__qyi13757098721041279861__antisym2 [#"../ use T_core__cmp__Ordering as Ordering'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint128) (o : uint128) : Ordering'0.t_Ordering + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : UInt128.t) (o : UInt128.t) : Ordering'0.t_Ordering = [%#sord2] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - constant x : uint128 + constant x : UInt128.t - constant y : uint128 + constant y : UInt128.t - function antisym2 [#"../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37] (x : uint128) (y : uint128) : () + function antisym2 [#"../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37] (x : UInt128.t) (y : UInt128.t) : () goal vc_antisym2 : ([%#sord0] cmp_log'0 x y = Ordering'0.C_Greater) -> ([%#sord1] cmp_log'0 y x = Ordering'0.C_Less) end @@ -1507,16 +1511,16 @@ module M_creusot_contracts__logic__ord__qyi13757098721041279861__eq_cmp [#"../.. use T_core__cmp__Ordering as Ordering'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint128) (o : uint128) : Ordering'0.t_Ordering + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : UInt128.t) (o : UInt128.t) : Ordering'0.t_Ordering = [%#sord1] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - constant x : uint128 + constant x : UInt128.t - constant y : uint128 + constant y : UInt128.t - function eq_cmp [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (x : uint128) (y : uint128) : () + function eq_cmp [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (x : UInt128.t) (y : UInt128.t) : () goal vc_eq_cmp : [%#sord0] (x = y) = (cmp_log'0 x y = Ordering'0.C_Equal) end @@ -1524,22 +1528,22 @@ module M_creusot_contracts__logic__ord__qyi8186105652185060096__cmp_le_log [#".. let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 78 39 78 89 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 use T_core__cmp__Ordering as Ordering'0 use prelude.prelude.Int - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : usize) (o : usize) : Ordering'0.t_Ordering + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : UInt64.t) (o : UInt64.t) : Ordering'0.t_Ordering = [%#sord1] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - constant x : usize + constant x : UInt64.t - constant y : usize + constant y : UInt64.t - function cmp_le_log [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (x : usize) (y : usize) : () + function cmp_le_log [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (x : UInt64.t) (y : UInt64.t) : () goal vc_cmp_le_log : [%#sord0] (x <= y) = (cmp_log'0 x y <> Ordering'0.C_Greater) end @@ -1547,22 +1551,22 @@ module M_creusot_contracts__logic__ord__qyi8186105652185060096__cmp_lt_log [#".. let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 83 39 83 86 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 use T_core__cmp__Ordering as Ordering'0 use prelude.prelude.Int - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : usize) (o : usize) : Ordering'0.t_Ordering + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : UInt64.t) (o : UInt64.t) : Ordering'0.t_Ordering = [%#sord1] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - constant x : usize + constant x : UInt64.t - constant y : usize + constant y : UInt64.t - function cmp_lt_log [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (x : usize) (y : usize) : () + function cmp_lt_log [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (x : UInt64.t) (y : UInt64.t) : () goal vc_cmp_lt_log : [%#sord0] (x < y) = (cmp_log'0 x y = Ordering'0.C_Less) end @@ -1570,22 +1574,22 @@ module M_creusot_contracts__logic__ord__qyi8186105652185060096__cmp_ge_log [#".. let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 88 39 88 86 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 use T_core__cmp__Ordering as Ordering'0 use prelude.prelude.Int - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : usize) (o : usize) : Ordering'0.t_Ordering + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : UInt64.t) (o : UInt64.t) : Ordering'0.t_Ordering = [%#sord1] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - constant x : usize + constant x : UInt64.t - constant y : usize + constant y : UInt64.t - function cmp_ge_log [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (x : usize) (y : usize) : () + function cmp_ge_log [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (x : UInt64.t) (y : UInt64.t) : () goal vc_cmp_ge_log : [%#sord0] (x >= y) = (cmp_log'0 x y <> Ordering'0.C_Less) end @@ -1593,22 +1597,22 @@ module M_creusot_contracts__logic__ord__qyi8186105652185060096__cmp_gt_log [#".. let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 93 39 93 89 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 use T_core__cmp__Ordering as Ordering'0 use prelude.prelude.Int - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : usize) (o : usize) : Ordering'0.t_Ordering + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : UInt64.t) (o : UInt64.t) : Ordering'0.t_Ordering = [%#sord1] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - constant x : usize + constant x : UInt64.t - constant y : usize + constant y : UInt64.t - function cmp_gt_log [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (x : usize) (y : usize) : () + function cmp_gt_log [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (x : UInt64.t) (y : UInt64.t) : () goal vc_cmp_gt_log : [%#sord0] (x > y) = (cmp_log'0 x y = Ordering'0.C_Greater) end @@ -1616,20 +1620,20 @@ module M_creusot_contracts__logic__ord__qyi8186105652185060096__refl [#"../../.. let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 98 39 98 70 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 use prelude.prelude.Int use T_core__cmp__Ordering as Ordering'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : usize) (o : usize) : Ordering'0.t_Ordering + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : UInt64.t) (o : UInt64.t) : Ordering'0.t_Ordering = [%#sord1] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - constant x : usize + constant x : UInt64.t - function refl [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (x : usize) : () + function refl [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (x : UInt64.t) : () goal vc_refl : [%#sord0] cmp_log'0 x x = Ordering'0.C_Equal end @@ -1641,24 +1645,24 @@ module M_creusot_contracts__logic__ord__qyi8186105652185060096__trans [#"../../. use T_core__cmp__Ordering as Ordering'0 - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 use prelude.prelude.Int - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : usize) (o : usize) : Ordering'0.t_Ordering + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : UInt64.t) (o : UInt64.t) : Ordering'0.t_Ordering = [%#sord3] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - constant x : usize + constant x : UInt64.t - constant y : usize + constant y : UInt64.t - constant z : usize + constant z : UInt64.t constant o : Ordering'0.t_Ordering - function trans [#"../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56] (x : usize) (y : usize) (z : usize) (o : Ordering'0.t_Ordering) : () + function trans [#"../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56] (x : UInt64.t) (y : UInt64.t) (z : UInt64.t) (o : Ordering'0.t_Ordering) : () goal vc_trans : ([%#sord1] cmp_log'0 y z = o) -> ([%#sord0] cmp_log'0 x y = o) -> ([%#sord2] cmp_log'0 x z = o) @@ -1668,22 +1672,22 @@ module M_creusot_contracts__logic__ord__qyi8186105652185060096__antisym1 [#"../. let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 111 39 111 72 let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 use prelude.prelude.Int use T_core__cmp__Ordering as Ordering'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : usize) (o : usize) : Ordering'0.t_Ordering + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : UInt64.t) (o : UInt64.t) : Ordering'0.t_Ordering = [%#sord2] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - constant x : usize + constant x : UInt64.t - constant y : usize + constant y : UInt64.t - function antisym1 [#"../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37] (x : usize) (y : usize) : () + function antisym1 [#"../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37] (x : UInt64.t) (y : UInt64.t) : () goal vc_antisym1 : ([%#sord0] cmp_log'0 x y = Ordering'0.C_Less) -> ([%#sord1] cmp_log'0 y x = Ordering'0.C_Greater) end @@ -1692,22 +1696,22 @@ module M_creusot_contracts__logic__ord__qyi8186105652185060096__antisym2 [#"../. let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 117 39 117 69 let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 use prelude.prelude.Int use T_core__cmp__Ordering as Ordering'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : usize) (o : usize) : Ordering'0.t_Ordering + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : UInt64.t) (o : UInt64.t) : Ordering'0.t_Ordering = [%#sord2] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - constant x : usize + constant x : UInt64.t - constant y : usize + constant y : UInt64.t - function antisym2 [#"../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37] (x : usize) (y : usize) : () + function antisym2 [#"../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37] (x : UInt64.t) (y : UInt64.t) : () goal vc_antisym2 : ([%#sord0] cmp_log'0 x y = Ordering'0.C_Greater) -> ([%#sord1] cmp_log'0 y x = Ordering'0.C_Less) end @@ -1715,22 +1719,22 @@ module M_creusot_contracts__logic__ord__qyi8186105652185060096__eq_cmp [#"../../ let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 122 39 122 84 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 use prelude.prelude.Int use T_core__cmp__Ordering as Ordering'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : usize) (o : usize) : Ordering'0.t_Ordering + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : UInt64.t) (o : UInt64.t) : Ordering'0.t_Ordering = [%#sord1] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - constant x : usize + constant x : UInt64.t - constant y : usize + constant y : UInt64.t - function eq_cmp [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (x : usize) (y : usize) : () + function eq_cmp [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (x : UInt64.t) (y : UInt64.t) : () goal vc_eq_cmp : [%#sord0] (x = y) = (cmp_log'0 x y = Ordering'0.C_Equal) end @@ -1744,16 +1748,16 @@ module M_creusot_contracts__logic__ord__qyi18413678402769648790__cmp_le_log [#". use prelude.prelude.Int - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int8) (o : int8) : Ordering'0.t_Ordering + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : Int8.t) (o : Int8.t) : Ordering'0.t_Ordering = [%#sord1] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - constant x : int8 + constant x : Int8.t - constant y : int8 + constant y : Int8.t - function cmp_le_log [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (x : int8) (y : int8) : () + function cmp_le_log [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (x : Int8.t) (y : Int8.t) : () goal vc_cmp_le_log : [%#sord0] (x <= y) = (cmp_log'0 x y <> Ordering'0.C_Greater) end @@ -1767,16 +1771,16 @@ module M_creusot_contracts__logic__ord__qyi18413678402769648790__cmp_lt_log [#". use prelude.prelude.Int - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int8) (o : int8) : Ordering'0.t_Ordering + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : Int8.t) (o : Int8.t) : Ordering'0.t_Ordering = [%#sord1] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - constant x : int8 + constant x : Int8.t - constant y : int8 + constant y : Int8.t - function cmp_lt_log [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (x : int8) (y : int8) : () + function cmp_lt_log [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (x : Int8.t) (y : Int8.t) : () goal vc_cmp_lt_log : [%#sord0] (x < y) = (cmp_log'0 x y = Ordering'0.C_Less) end @@ -1790,16 +1794,16 @@ module M_creusot_contracts__logic__ord__qyi18413678402769648790__cmp_ge_log [#". use prelude.prelude.Int - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int8) (o : int8) : Ordering'0.t_Ordering + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : Int8.t) (o : Int8.t) : Ordering'0.t_Ordering = [%#sord1] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - constant x : int8 + constant x : Int8.t - constant y : int8 + constant y : Int8.t - function cmp_ge_log [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (x : int8) (y : int8) : () + function cmp_ge_log [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (x : Int8.t) (y : Int8.t) : () goal vc_cmp_ge_log : [%#sord0] (x >= y) = (cmp_log'0 x y <> Ordering'0.C_Less) end @@ -1813,16 +1817,16 @@ module M_creusot_contracts__logic__ord__qyi18413678402769648790__cmp_gt_log [#". use prelude.prelude.Int - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int8) (o : int8) : Ordering'0.t_Ordering + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : Int8.t) (o : Int8.t) : Ordering'0.t_Ordering = [%#sord1] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - constant x : int8 + constant x : Int8.t - constant y : int8 + constant y : Int8.t - function cmp_gt_log [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (x : int8) (y : int8) : () + function cmp_gt_log [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (x : Int8.t) (y : Int8.t) : () goal vc_cmp_gt_log : [%#sord0] (x > y) = (cmp_log'0 x y = Ordering'0.C_Greater) end @@ -1836,14 +1840,14 @@ module M_creusot_contracts__logic__ord__qyi18413678402769648790__refl [#"../../. use T_core__cmp__Ordering as Ordering'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int8) (o : int8) : Ordering'0.t_Ordering + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : Int8.t) (o : Int8.t) : Ordering'0.t_Ordering = [%#sord1] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - constant x : int8 + constant x : Int8.t - function refl [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (x : int8) : () + function refl [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (x : Int8.t) : () goal vc_refl : [%#sord0] cmp_log'0 x x = Ordering'0.C_Equal end @@ -1859,20 +1863,20 @@ module M_creusot_contracts__logic__ord__qyi18413678402769648790__trans [#"../../ use prelude.prelude.Int - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int8) (o : int8) : Ordering'0.t_Ordering + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : Int8.t) (o : Int8.t) : Ordering'0.t_Ordering = [%#sord3] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - constant x : int8 + constant x : Int8.t - constant y : int8 + constant y : Int8.t - constant z : int8 + constant z : Int8.t constant o : Ordering'0.t_Ordering - function trans [#"../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56] (x : int8) (y : int8) (z : int8) (o : Ordering'0.t_Ordering) : () + function trans [#"../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56] (x : Int8.t) (y : Int8.t) (z : Int8.t) (o : Ordering'0.t_Ordering) : () goal vc_trans : ([%#sord1] cmp_log'0 y z = o) -> ([%#sord0] cmp_log'0 x y = o) -> ([%#sord2] cmp_log'0 x z = o) @@ -1888,16 +1892,16 @@ module M_creusot_contracts__logic__ord__qyi18413678402769648790__antisym1 [#"../ use T_core__cmp__Ordering as Ordering'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int8) (o : int8) : Ordering'0.t_Ordering + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : Int8.t) (o : Int8.t) : Ordering'0.t_Ordering = [%#sord2] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - constant x : int8 + constant x : Int8.t - constant y : int8 + constant y : Int8.t - function antisym1 [#"../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37] (x : int8) (y : int8) : () + function antisym1 [#"../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37] (x : Int8.t) (y : Int8.t) : () goal vc_antisym1 : ([%#sord0] cmp_log'0 x y = Ordering'0.C_Less) -> ([%#sord1] cmp_log'0 y x = Ordering'0.C_Greater) end @@ -1912,16 +1916,16 @@ module M_creusot_contracts__logic__ord__qyi18413678402769648790__antisym2 [#"../ use T_core__cmp__Ordering as Ordering'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int8) (o : int8) : Ordering'0.t_Ordering + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : Int8.t) (o : Int8.t) : Ordering'0.t_Ordering = [%#sord2] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - constant x : int8 + constant x : Int8.t - constant y : int8 + constant y : Int8.t - function antisym2 [#"../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37] (x : int8) (y : int8) : () + function antisym2 [#"../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37] (x : Int8.t) (y : Int8.t) : () goal vc_antisym2 : ([%#sord0] cmp_log'0 x y = Ordering'0.C_Greater) -> ([%#sord1] cmp_log'0 y x = Ordering'0.C_Less) end @@ -1935,16 +1939,16 @@ module M_creusot_contracts__logic__ord__qyi18413678402769648790__eq_cmp [#"../.. use T_core__cmp__Ordering as Ordering'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int8) (o : int8) : Ordering'0.t_Ordering + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : Int8.t) (o : Int8.t) : Ordering'0.t_Ordering = [%#sord1] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - constant x : int8 + constant x : Int8.t - constant y : int8 + constant y : Int8.t - function eq_cmp [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (x : int8) (y : int8) : () + function eq_cmp [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (x : Int8.t) (y : Int8.t) : () goal vc_eq_cmp : [%#sord0] (x = y) = (cmp_log'0 x y = Ordering'0.C_Equal) end @@ -1958,16 +1962,16 @@ module M_creusot_contracts__logic__ord__qyi8040194823849327911__cmp_le_log [#".. use prelude.prelude.Int - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int16) (o : int16) : Ordering'0.t_Ordering + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : Int16.t) (o : Int16.t) : Ordering'0.t_Ordering = [%#sord1] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - constant x : int16 + constant x : Int16.t - constant y : int16 + constant y : Int16.t - function cmp_le_log [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (x : int16) (y : int16) : () + function cmp_le_log [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (x : Int16.t) (y : Int16.t) : () goal vc_cmp_le_log : [%#sord0] (x <= y) = (cmp_log'0 x y <> Ordering'0.C_Greater) end @@ -1981,16 +1985,16 @@ module M_creusot_contracts__logic__ord__qyi8040194823849327911__cmp_lt_log [#".. use prelude.prelude.Int - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int16) (o : int16) : Ordering'0.t_Ordering + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : Int16.t) (o : Int16.t) : Ordering'0.t_Ordering = [%#sord1] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - constant x : int16 + constant x : Int16.t - constant y : int16 + constant y : Int16.t - function cmp_lt_log [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (x : int16) (y : int16) : () + function cmp_lt_log [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (x : Int16.t) (y : Int16.t) : () goal vc_cmp_lt_log : [%#sord0] (x < y) = (cmp_log'0 x y = Ordering'0.C_Less) end @@ -2004,16 +2008,16 @@ module M_creusot_contracts__logic__ord__qyi8040194823849327911__cmp_ge_log [#".. use prelude.prelude.Int - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int16) (o : int16) : Ordering'0.t_Ordering + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : Int16.t) (o : Int16.t) : Ordering'0.t_Ordering = [%#sord1] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - constant x : int16 + constant x : Int16.t - constant y : int16 + constant y : Int16.t - function cmp_ge_log [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (x : int16) (y : int16) : () + function cmp_ge_log [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (x : Int16.t) (y : Int16.t) : () goal vc_cmp_ge_log : [%#sord0] (x >= y) = (cmp_log'0 x y <> Ordering'0.C_Less) end @@ -2027,16 +2031,16 @@ module M_creusot_contracts__logic__ord__qyi8040194823849327911__cmp_gt_log [#".. use prelude.prelude.Int - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int16) (o : int16) : Ordering'0.t_Ordering + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : Int16.t) (o : Int16.t) : Ordering'0.t_Ordering = [%#sord1] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - constant x : int16 + constant x : Int16.t - constant y : int16 + constant y : Int16.t - function cmp_gt_log [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (x : int16) (y : int16) : () + function cmp_gt_log [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (x : Int16.t) (y : Int16.t) : () goal vc_cmp_gt_log : [%#sord0] (x > y) = (cmp_log'0 x y = Ordering'0.C_Greater) end @@ -2050,14 +2054,14 @@ module M_creusot_contracts__logic__ord__qyi8040194823849327911__refl [#"../../.. use T_core__cmp__Ordering as Ordering'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int16) (o : int16) : Ordering'0.t_Ordering + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : Int16.t) (o : Int16.t) : Ordering'0.t_Ordering = [%#sord1] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - constant x : int16 + constant x : Int16.t - function refl [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (x : int16) : () + function refl [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (x : Int16.t) : () goal vc_refl : [%#sord0] cmp_log'0 x x = Ordering'0.C_Equal end @@ -2073,20 +2077,20 @@ module M_creusot_contracts__logic__ord__qyi8040194823849327911__trans [#"../../. use prelude.prelude.Int - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int16) (o : int16) : Ordering'0.t_Ordering + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : Int16.t) (o : Int16.t) : Ordering'0.t_Ordering = [%#sord3] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - constant x : int16 + constant x : Int16.t - constant y : int16 + constant y : Int16.t - constant z : int16 + constant z : Int16.t constant o : Ordering'0.t_Ordering - function trans [#"../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56] (x : int16) (y : int16) (z : int16) (o : Ordering'0.t_Ordering) : () + function trans [#"../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56] (x : Int16.t) (y : Int16.t) (z : Int16.t) (o : Ordering'0.t_Ordering) : () goal vc_trans : ([%#sord1] cmp_log'0 y z = o) -> ([%#sord0] cmp_log'0 x y = o) -> ([%#sord2] cmp_log'0 x z = o) @@ -2102,16 +2106,16 @@ module M_creusot_contracts__logic__ord__qyi8040194823849327911__antisym1 [#"../. use T_core__cmp__Ordering as Ordering'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int16) (o : int16) : Ordering'0.t_Ordering + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : Int16.t) (o : Int16.t) : Ordering'0.t_Ordering = [%#sord2] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - constant x : int16 + constant x : Int16.t - constant y : int16 + constant y : Int16.t - function antisym1 [#"../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37] (x : int16) (y : int16) : () + function antisym1 [#"../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37] (x : Int16.t) (y : Int16.t) : () goal vc_antisym1 : ([%#sord0] cmp_log'0 x y = Ordering'0.C_Less) -> ([%#sord1] cmp_log'0 y x = Ordering'0.C_Greater) end @@ -2126,16 +2130,16 @@ module M_creusot_contracts__logic__ord__qyi8040194823849327911__antisym2 [#"../. use T_core__cmp__Ordering as Ordering'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int16) (o : int16) : Ordering'0.t_Ordering + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : Int16.t) (o : Int16.t) : Ordering'0.t_Ordering = [%#sord2] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - constant x : int16 + constant x : Int16.t - constant y : int16 + constant y : Int16.t - function antisym2 [#"../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37] (x : int16) (y : int16) : () + function antisym2 [#"../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37] (x : Int16.t) (y : Int16.t) : () goal vc_antisym2 : ([%#sord0] cmp_log'0 x y = Ordering'0.C_Greater) -> ([%#sord1] cmp_log'0 y x = Ordering'0.C_Less) end @@ -2149,16 +2153,16 @@ module M_creusot_contracts__logic__ord__qyi8040194823849327911__eq_cmp [#"../../ use T_core__cmp__Ordering as Ordering'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int16) (o : int16) : Ordering'0.t_Ordering + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : Int16.t) (o : Int16.t) : Ordering'0.t_Ordering = [%#sord1] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - constant x : int16 + constant x : Int16.t - constant y : int16 + constant y : Int16.t - function eq_cmp [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (x : int16) (y : int16) : () + function eq_cmp [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (x : Int16.t) (y : Int16.t) : () goal vc_eq_cmp : [%#sord0] (x = y) = (cmp_log'0 x y = Ordering'0.C_Equal) end @@ -2172,16 +2176,16 @@ module M_creusot_contracts__logic__ord__qyi211457485035727011__cmp_le_log [#"../ use prelude.prelude.Int - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int32) (o : int32) : Ordering'0.t_Ordering + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : Int32.t) (o : Int32.t) : Ordering'0.t_Ordering = [%#sord1] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - constant x : int32 + constant x : Int32.t - constant y : int32 + constant y : Int32.t - function cmp_le_log [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (x : int32) (y : int32) : () + function cmp_le_log [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (x : Int32.t) (y : Int32.t) : () goal vc_cmp_le_log : [%#sord0] (x <= y) = (cmp_log'0 x y <> Ordering'0.C_Greater) end @@ -2195,16 +2199,16 @@ module M_creusot_contracts__logic__ord__qyi211457485035727011__cmp_lt_log [#"../ use prelude.prelude.Int - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int32) (o : int32) : Ordering'0.t_Ordering + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : Int32.t) (o : Int32.t) : Ordering'0.t_Ordering = [%#sord1] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - constant x : int32 + constant x : Int32.t - constant y : int32 + constant y : Int32.t - function cmp_lt_log [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (x : int32) (y : int32) : () + function cmp_lt_log [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (x : Int32.t) (y : Int32.t) : () goal vc_cmp_lt_log : [%#sord0] (x < y) = (cmp_log'0 x y = Ordering'0.C_Less) end @@ -2218,16 +2222,16 @@ module M_creusot_contracts__logic__ord__qyi211457485035727011__cmp_ge_log [#"../ use prelude.prelude.Int - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int32) (o : int32) : Ordering'0.t_Ordering + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : Int32.t) (o : Int32.t) : Ordering'0.t_Ordering = [%#sord1] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - constant x : int32 + constant x : Int32.t - constant y : int32 + constant y : Int32.t - function cmp_ge_log [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (x : int32) (y : int32) : () + function cmp_ge_log [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (x : Int32.t) (y : Int32.t) : () goal vc_cmp_ge_log : [%#sord0] (x >= y) = (cmp_log'0 x y <> Ordering'0.C_Less) end @@ -2241,16 +2245,16 @@ module M_creusot_contracts__logic__ord__qyi211457485035727011__cmp_gt_log [#"../ use prelude.prelude.Int - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int32) (o : int32) : Ordering'0.t_Ordering + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : Int32.t) (o : Int32.t) : Ordering'0.t_Ordering = [%#sord1] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - constant x : int32 + constant x : Int32.t - constant y : int32 + constant y : Int32.t - function cmp_gt_log [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (x : int32) (y : int32) : () + function cmp_gt_log [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (x : Int32.t) (y : Int32.t) : () goal vc_cmp_gt_log : [%#sord0] (x > y) = (cmp_log'0 x y = Ordering'0.C_Greater) end @@ -2264,14 +2268,14 @@ module M_creusot_contracts__logic__ord__qyi211457485035727011__refl [#"../../../ use T_core__cmp__Ordering as Ordering'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int32) (o : int32) : Ordering'0.t_Ordering + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : Int32.t) (o : Int32.t) : Ordering'0.t_Ordering = [%#sord1] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - constant x : int32 + constant x : Int32.t - function refl [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (x : int32) : () + function refl [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (x : Int32.t) : () goal vc_refl : [%#sord0] cmp_log'0 x x = Ordering'0.C_Equal end @@ -2287,20 +2291,20 @@ module M_creusot_contracts__logic__ord__qyi211457485035727011__trans [#"../../.. use prelude.prelude.Int - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int32) (o : int32) : Ordering'0.t_Ordering + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : Int32.t) (o : Int32.t) : Ordering'0.t_Ordering = [%#sord3] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - constant x : int32 + constant x : Int32.t - constant y : int32 + constant y : Int32.t - constant z : int32 + constant z : Int32.t constant o : Ordering'0.t_Ordering - function trans [#"../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56] (x : int32) (y : int32) (z : int32) (o : Ordering'0.t_Ordering) : () + function trans [#"../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56] (x : Int32.t) (y : Int32.t) (z : Int32.t) (o : Ordering'0.t_Ordering) : () goal vc_trans : ([%#sord1] cmp_log'0 y z = o) -> ([%#sord0] cmp_log'0 x y = o) -> ([%#sord2] cmp_log'0 x z = o) @@ -2316,16 +2320,16 @@ module M_creusot_contracts__logic__ord__qyi211457485035727011__antisym1 [#"../.. use T_core__cmp__Ordering as Ordering'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int32) (o : int32) : Ordering'0.t_Ordering + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : Int32.t) (o : Int32.t) : Ordering'0.t_Ordering = [%#sord2] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - constant x : int32 + constant x : Int32.t - constant y : int32 + constant y : Int32.t - function antisym1 [#"../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37] (x : int32) (y : int32) : () + function antisym1 [#"../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37] (x : Int32.t) (y : Int32.t) : () goal vc_antisym1 : ([%#sord0] cmp_log'0 x y = Ordering'0.C_Less) -> ([%#sord1] cmp_log'0 y x = Ordering'0.C_Greater) end @@ -2340,16 +2344,16 @@ module M_creusot_contracts__logic__ord__qyi211457485035727011__antisym2 [#"../.. use T_core__cmp__Ordering as Ordering'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int32) (o : int32) : Ordering'0.t_Ordering + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : Int32.t) (o : Int32.t) : Ordering'0.t_Ordering = [%#sord2] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - constant x : int32 + constant x : Int32.t - constant y : int32 + constant y : Int32.t - function antisym2 [#"../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37] (x : int32) (y : int32) : () + function antisym2 [#"../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37] (x : Int32.t) (y : Int32.t) : () goal vc_antisym2 : ([%#sord0] cmp_log'0 x y = Ordering'0.C_Greater) -> ([%#sord1] cmp_log'0 y x = Ordering'0.C_Less) end @@ -2363,16 +2367,16 @@ module M_creusot_contracts__logic__ord__qyi211457485035727011__eq_cmp [#"../../. use T_core__cmp__Ordering as Ordering'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int32) (o : int32) : Ordering'0.t_Ordering + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : Int32.t) (o : Int32.t) : Ordering'0.t_Ordering = [%#sord1] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - constant x : int32 + constant x : Int32.t - constant y : int32 + constant y : Int32.t - function eq_cmp [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (x : int32) (y : int32) : () + function eq_cmp [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (x : Int32.t) (y : Int32.t) : () goal vc_eq_cmp : [%#sord0] (x = y) = (cmp_log'0 x y = Ordering'0.C_Equal) end @@ -2386,16 +2390,16 @@ module M_creusot_contracts__logic__ord__qyi2565746305859701215__cmp_le_log [#".. use prelude.prelude.Int - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int64) (o : int64) : Ordering'0.t_Ordering + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : Int64.t) (o : Int64.t) : Ordering'0.t_Ordering = [%#sord1] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - constant x : int64 + constant x : Int64.t - constant y : int64 + constant y : Int64.t - function cmp_le_log [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (x : int64) (y : int64) : () + function cmp_le_log [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (x : Int64.t) (y : Int64.t) : () goal vc_cmp_le_log : [%#sord0] (x <= y) = (cmp_log'0 x y <> Ordering'0.C_Greater) end @@ -2409,16 +2413,16 @@ module M_creusot_contracts__logic__ord__qyi2565746305859701215__cmp_lt_log [#".. use prelude.prelude.Int - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int64) (o : int64) : Ordering'0.t_Ordering + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : Int64.t) (o : Int64.t) : Ordering'0.t_Ordering = [%#sord1] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - constant x : int64 + constant x : Int64.t - constant y : int64 + constant y : Int64.t - function cmp_lt_log [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (x : int64) (y : int64) : () + function cmp_lt_log [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (x : Int64.t) (y : Int64.t) : () goal vc_cmp_lt_log : [%#sord0] (x < y) = (cmp_log'0 x y = Ordering'0.C_Less) end @@ -2432,16 +2436,16 @@ module M_creusot_contracts__logic__ord__qyi2565746305859701215__cmp_ge_log [#".. use prelude.prelude.Int - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int64) (o : int64) : Ordering'0.t_Ordering + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : Int64.t) (o : Int64.t) : Ordering'0.t_Ordering = [%#sord1] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - constant x : int64 + constant x : Int64.t - constant y : int64 + constant y : Int64.t - function cmp_ge_log [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (x : int64) (y : int64) : () + function cmp_ge_log [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (x : Int64.t) (y : Int64.t) : () goal vc_cmp_ge_log : [%#sord0] (x >= y) = (cmp_log'0 x y <> Ordering'0.C_Less) end @@ -2455,16 +2459,16 @@ module M_creusot_contracts__logic__ord__qyi2565746305859701215__cmp_gt_log [#".. use prelude.prelude.Int - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int64) (o : int64) : Ordering'0.t_Ordering + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : Int64.t) (o : Int64.t) : Ordering'0.t_Ordering = [%#sord1] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - constant x : int64 + constant x : Int64.t - constant y : int64 + constant y : Int64.t - function cmp_gt_log [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (x : int64) (y : int64) : () + function cmp_gt_log [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (x : Int64.t) (y : Int64.t) : () goal vc_cmp_gt_log : [%#sord0] (x > y) = (cmp_log'0 x y = Ordering'0.C_Greater) end @@ -2478,14 +2482,14 @@ module M_creusot_contracts__logic__ord__qyi2565746305859701215__refl [#"../../.. use T_core__cmp__Ordering as Ordering'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int64) (o : int64) : Ordering'0.t_Ordering + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : Int64.t) (o : Int64.t) : Ordering'0.t_Ordering = [%#sord1] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - constant x : int64 + constant x : Int64.t - function refl [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (x : int64) : () + function refl [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (x : Int64.t) : () goal vc_refl : [%#sord0] cmp_log'0 x x = Ordering'0.C_Equal end @@ -2501,20 +2505,20 @@ module M_creusot_contracts__logic__ord__qyi2565746305859701215__trans [#"../../. use prelude.prelude.Int - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int64) (o : int64) : Ordering'0.t_Ordering + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : Int64.t) (o : Int64.t) : Ordering'0.t_Ordering = [%#sord3] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - constant x : int64 + constant x : Int64.t - constant y : int64 + constant y : Int64.t - constant z : int64 + constant z : Int64.t constant o : Ordering'0.t_Ordering - function trans [#"../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56] (x : int64) (y : int64) (z : int64) (o : Ordering'0.t_Ordering) : () + function trans [#"../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56] (x : Int64.t) (y : Int64.t) (z : Int64.t) (o : Ordering'0.t_Ordering) : () goal vc_trans : ([%#sord1] cmp_log'0 y z = o) -> ([%#sord0] cmp_log'0 x y = o) -> ([%#sord2] cmp_log'0 x z = o) @@ -2530,16 +2534,16 @@ module M_creusot_contracts__logic__ord__qyi2565746305859701215__antisym1 [#"../. use T_core__cmp__Ordering as Ordering'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int64) (o : int64) : Ordering'0.t_Ordering + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : Int64.t) (o : Int64.t) : Ordering'0.t_Ordering = [%#sord2] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - constant x : int64 + constant x : Int64.t - constant y : int64 + constant y : Int64.t - function antisym1 [#"../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37] (x : int64) (y : int64) : () + function antisym1 [#"../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37] (x : Int64.t) (y : Int64.t) : () goal vc_antisym1 : ([%#sord0] cmp_log'0 x y = Ordering'0.C_Less) -> ([%#sord1] cmp_log'0 y x = Ordering'0.C_Greater) end @@ -2554,16 +2558,16 @@ module M_creusot_contracts__logic__ord__qyi2565746305859701215__antisym2 [#"../. use T_core__cmp__Ordering as Ordering'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int64) (o : int64) : Ordering'0.t_Ordering + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : Int64.t) (o : Int64.t) : Ordering'0.t_Ordering = [%#sord2] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - constant x : int64 + constant x : Int64.t - constant y : int64 + constant y : Int64.t - function antisym2 [#"../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37] (x : int64) (y : int64) : () + function antisym2 [#"../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37] (x : Int64.t) (y : Int64.t) : () goal vc_antisym2 : ([%#sord0] cmp_log'0 x y = Ordering'0.C_Greater) -> ([%#sord1] cmp_log'0 y x = Ordering'0.C_Less) end @@ -2577,16 +2581,16 @@ module M_creusot_contracts__logic__ord__qyi2565746305859701215__eq_cmp [#"../../ use T_core__cmp__Ordering as Ordering'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int64) (o : int64) : Ordering'0.t_Ordering + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : Int64.t) (o : Int64.t) : Ordering'0.t_Ordering = [%#sord1] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - constant x : int64 + constant x : Int64.t - constant y : int64 + constant y : Int64.t - function eq_cmp [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (x : int64) (y : int64) : () + function eq_cmp [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (x : Int64.t) (y : Int64.t) : () goal vc_eq_cmp : [%#sord0] (x = y) = (cmp_log'0 x y = Ordering'0.C_Equal) end @@ -2600,16 +2604,16 @@ module M_creusot_contracts__logic__ord__qyi2364657485180829964__cmp_le_log [#".. use prelude.prelude.Int - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int128) (o : int128) : Ordering'0.t_Ordering + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : Int128.t) (o : Int128.t) : Ordering'0.t_Ordering = [%#sord1] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - constant x : int128 + constant x : Int128.t - constant y : int128 + constant y : Int128.t - function cmp_le_log [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (x : int128) (y : int128) : () + function cmp_le_log [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (x : Int128.t) (y : Int128.t) : () goal vc_cmp_le_log : [%#sord0] (x <= y) = (cmp_log'0 x y <> Ordering'0.C_Greater) end @@ -2623,16 +2627,16 @@ module M_creusot_contracts__logic__ord__qyi2364657485180829964__cmp_lt_log [#".. use prelude.prelude.Int - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int128) (o : int128) : Ordering'0.t_Ordering + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : Int128.t) (o : Int128.t) : Ordering'0.t_Ordering = [%#sord1] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - constant x : int128 + constant x : Int128.t - constant y : int128 + constant y : Int128.t - function cmp_lt_log [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (x : int128) (y : int128) : () + function cmp_lt_log [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (x : Int128.t) (y : Int128.t) : () goal vc_cmp_lt_log : [%#sord0] (x < y) = (cmp_log'0 x y = Ordering'0.C_Less) end @@ -2646,16 +2650,16 @@ module M_creusot_contracts__logic__ord__qyi2364657485180829964__cmp_ge_log [#".. use prelude.prelude.Int - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int128) (o : int128) : Ordering'0.t_Ordering + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : Int128.t) (o : Int128.t) : Ordering'0.t_Ordering = [%#sord1] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - constant x : int128 + constant x : Int128.t - constant y : int128 + constant y : Int128.t - function cmp_ge_log [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (x : int128) (y : int128) : () + function cmp_ge_log [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (x : Int128.t) (y : Int128.t) : () goal vc_cmp_ge_log : [%#sord0] (x >= y) = (cmp_log'0 x y <> Ordering'0.C_Less) end @@ -2669,16 +2673,16 @@ module M_creusot_contracts__logic__ord__qyi2364657485180829964__cmp_gt_log [#".. use prelude.prelude.Int - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int128) (o : int128) : Ordering'0.t_Ordering + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : Int128.t) (o : Int128.t) : Ordering'0.t_Ordering = [%#sord1] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - constant x : int128 + constant x : Int128.t - constant y : int128 + constant y : Int128.t - function cmp_gt_log [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (x : int128) (y : int128) : () + function cmp_gt_log [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (x : Int128.t) (y : Int128.t) : () goal vc_cmp_gt_log : [%#sord0] (x > y) = (cmp_log'0 x y = Ordering'0.C_Greater) end @@ -2692,14 +2696,14 @@ module M_creusot_contracts__logic__ord__qyi2364657485180829964__refl [#"../../.. use T_core__cmp__Ordering as Ordering'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int128) (o : int128) : Ordering'0.t_Ordering + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : Int128.t) (o : Int128.t) : Ordering'0.t_Ordering = [%#sord1] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - constant x : int128 + constant x : Int128.t - function refl [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (x : int128) : () + function refl [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (x : Int128.t) : () goal vc_refl : [%#sord0] cmp_log'0 x x = Ordering'0.C_Equal end @@ -2715,20 +2719,20 @@ module M_creusot_contracts__logic__ord__qyi2364657485180829964__trans [#"../../. use prelude.prelude.Int - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int128) (o : int128) : Ordering'0.t_Ordering + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : Int128.t) (o : Int128.t) : Ordering'0.t_Ordering = [%#sord3] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - constant x : int128 + constant x : Int128.t - constant y : int128 + constant y : Int128.t - constant z : int128 + constant z : Int128.t constant o : Ordering'0.t_Ordering - function trans [#"../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56] (x : int128) (y : int128) (z : int128) (o : Ordering'0.t_Ordering) : () + function trans [#"../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56] (x : Int128.t) (y : Int128.t) (z : Int128.t) (o : Ordering'0.t_Ordering) : () goal vc_trans : ([%#sord1] cmp_log'0 y z = o) -> ([%#sord0] cmp_log'0 x y = o) -> ([%#sord2] cmp_log'0 x z = o) @@ -2744,16 +2748,16 @@ module M_creusot_contracts__logic__ord__qyi2364657485180829964__antisym1 [#"../. use T_core__cmp__Ordering as Ordering'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int128) (o : int128) : Ordering'0.t_Ordering + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : Int128.t) (o : Int128.t) : Ordering'0.t_Ordering = [%#sord2] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - constant x : int128 + constant x : Int128.t - constant y : int128 + constant y : Int128.t - function antisym1 [#"../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37] (x : int128) (y : int128) : () + function antisym1 [#"../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37] (x : Int128.t) (y : Int128.t) : () goal vc_antisym1 : ([%#sord0] cmp_log'0 x y = Ordering'0.C_Less) -> ([%#sord1] cmp_log'0 y x = Ordering'0.C_Greater) end @@ -2768,16 +2772,16 @@ module M_creusot_contracts__logic__ord__qyi2364657485180829964__antisym2 [#"../. use T_core__cmp__Ordering as Ordering'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int128) (o : int128) : Ordering'0.t_Ordering + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : Int128.t) (o : Int128.t) : Ordering'0.t_Ordering = [%#sord2] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - constant x : int128 + constant x : Int128.t - constant y : int128 + constant y : Int128.t - function antisym2 [#"../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37] (x : int128) (y : int128) : () + function antisym2 [#"../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37] (x : Int128.t) (y : Int128.t) : () goal vc_antisym2 : ([%#sord0] cmp_log'0 x y = Ordering'0.C_Greater) -> ([%#sord1] cmp_log'0 y x = Ordering'0.C_Less) end @@ -2791,16 +2795,16 @@ module M_creusot_contracts__logic__ord__qyi2364657485180829964__eq_cmp [#"../../ use T_core__cmp__Ordering as Ordering'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int128) (o : int128) : Ordering'0.t_Ordering + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : Int128.t) (o : Int128.t) : Ordering'0.t_Ordering = [%#sord1] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - constant x : int128 + constant x : Int128.t - constant y : int128 + constant y : Int128.t - function eq_cmp [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (x : int128) (y : int128) : () + function eq_cmp [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (x : Int128.t) (y : Int128.t) : () goal vc_eq_cmp : [%#sord0] (x = y) = (cmp_log'0 x y = Ordering'0.C_Equal) end @@ -2808,22 +2812,22 @@ module M_creusot_contracts__logic__ord__qyi8047313880300482848__cmp_le_log [#".. let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 78 39 78 89 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 - use prelude.prelude.IntSize + use prelude.prelude.Int64 use T_core__cmp__Ordering as Ordering'0 use prelude.prelude.Int - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : isize) (o : isize) : Ordering'0.t_Ordering + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : Int64.t) (o : Int64.t) : Ordering'0.t_Ordering = [%#sord1] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - constant x : isize + constant x : Int64.t - constant y : isize + constant y : Int64.t - function cmp_le_log [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (x : isize) (y : isize) : () + function cmp_le_log [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (x : Int64.t) (y : Int64.t) : () goal vc_cmp_le_log : [%#sord0] (x <= y) = (cmp_log'0 x y <> Ordering'0.C_Greater) end @@ -2831,22 +2835,22 @@ module M_creusot_contracts__logic__ord__qyi8047313880300482848__cmp_lt_log [#".. let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 83 39 83 86 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 - use prelude.prelude.IntSize + use prelude.prelude.Int64 use T_core__cmp__Ordering as Ordering'0 use prelude.prelude.Int - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : isize) (o : isize) : Ordering'0.t_Ordering + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : Int64.t) (o : Int64.t) : Ordering'0.t_Ordering = [%#sord1] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - constant x : isize + constant x : Int64.t - constant y : isize + constant y : Int64.t - function cmp_lt_log [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (x : isize) (y : isize) : () + function cmp_lt_log [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (x : Int64.t) (y : Int64.t) : () goal vc_cmp_lt_log : [%#sord0] (x < y) = (cmp_log'0 x y = Ordering'0.C_Less) end @@ -2854,22 +2858,22 @@ module M_creusot_contracts__logic__ord__qyi8047313880300482848__cmp_ge_log [#".. let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 88 39 88 86 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 - use prelude.prelude.IntSize + use prelude.prelude.Int64 use T_core__cmp__Ordering as Ordering'0 use prelude.prelude.Int - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : isize) (o : isize) : Ordering'0.t_Ordering + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : Int64.t) (o : Int64.t) : Ordering'0.t_Ordering = [%#sord1] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - constant x : isize + constant x : Int64.t - constant y : isize + constant y : Int64.t - function cmp_ge_log [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (x : isize) (y : isize) : () + function cmp_ge_log [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (x : Int64.t) (y : Int64.t) : () goal vc_cmp_ge_log : [%#sord0] (x >= y) = (cmp_log'0 x y <> Ordering'0.C_Less) end @@ -2877,22 +2881,22 @@ module M_creusot_contracts__logic__ord__qyi8047313880300482848__cmp_gt_log [#".. let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 93 39 93 89 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 - use prelude.prelude.IntSize + use prelude.prelude.Int64 use T_core__cmp__Ordering as Ordering'0 use prelude.prelude.Int - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : isize) (o : isize) : Ordering'0.t_Ordering + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : Int64.t) (o : Int64.t) : Ordering'0.t_Ordering = [%#sord1] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - constant x : isize + constant x : Int64.t - constant y : isize + constant y : Int64.t - function cmp_gt_log [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (x : isize) (y : isize) : () + function cmp_gt_log [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (x : Int64.t) (y : Int64.t) : () goal vc_cmp_gt_log : [%#sord0] (x > y) = (cmp_log'0 x y = Ordering'0.C_Greater) end @@ -2900,20 +2904,20 @@ module M_creusot_contracts__logic__ord__qyi8047313880300482848__refl [#"../../.. let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 98 39 98 70 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 - use prelude.prelude.IntSize + use prelude.prelude.Int64 use prelude.prelude.Int use T_core__cmp__Ordering as Ordering'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : isize) (o : isize) : Ordering'0.t_Ordering + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : Int64.t) (o : Int64.t) : Ordering'0.t_Ordering = [%#sord1] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - constant x : isize + constant x : Int64.t - function refl [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (x : isize) : () + function refl [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (x : Int64.t) : () goal vc_refl : [%#sord0] cmp_log'0 x x = Ordering'0.C_Equal end @@ -2925,24 +2929,24 @@ module M_creusot_contracts__logic__ord__qyi8047313880300482848__trans [#"../../. use T_core__cmp__Ordering as Ordering'0 - use prelude.prelude.IntSize + use prelude.prelude.Int64 use prelude.prelude.Int - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : isize) (o : isize) : Ordering'0.t_Ordering + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : Int64.t) (o : Int64.t) : Ordering'0.t_Ordering = [%#sord3] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - constant x : isize + constant x : Int64.t - constant y : isize + constant y : Int64.t - constant z : isize + constant z : Int64.t constant o : Ordering'0.t_Ordering - function trans [#"../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56] (x : isize) (y : isize) (z : isize) (o : Ordering'0.t_Ordering) : () + function trans [#"../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56] (x : Int64.t) (y : Int64.t) (z : Int64.t) (o : Ordering'0.t_Ordering) : () goal vc_trans : ([%#sord1] cmp_log'0 y z = o) -> ([%#sord0] cmp_log'0 x y = o) -> ([%#sord2] cmp_log'0 x z = o) @@ -2952,22 +2956,22 @@ module M_creusot_contracts__logic__ord__qyi8047313880300482848__antisym1 [#"../. let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 111 39 111 72 let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 - use prelude.prelude.IntSize + use prelude.prelude.Int64 use prelude.prelude.Int use T_core__cmp__Ordering as Ordering'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : isize) (o : isize) : Ordering'0.t_Ordering + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : Int64.t) (o : Int64.t) : Ordering'0.t_Ordering = [%#sord2] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - constant x : isize + constant x : Int64.t - constant y : isize + constant y : Int64.t - function antisym1 [#"../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37] (x : isize) (y : isize) : () + function antisym1 [#"../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37] (x : Int64.t) (y : Int64.t) : () goal vc_antisym1 : ([%#sord0] cmp_log'0 x y = Ordering'0.C_Less) -> ([%#sord1] cmp_log'0 y x = Ordering'0.C_Greater) end @@ -2976,22 +2980,22 @@ module M_creusot_contracts__logic__ord__qyi8047313880300482848__antisym2 [#"../. let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 117 39 117 69 let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 - use prelude.prelude.IntSize + use prelude.prelude.Int64 use prelude.prelude.Int use T_core__cmp__Ordering as Ordering'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : isize) (o : isize) : Ordering'0.t_Ordering + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : Int64.t) (o : Int64.t) : Ordering'0.t_Ordering = [%#sord2] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - constant x : isize + constant x : Int64.t - constant y : isize + constant y : Int64.t - function antisym2 [#"../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37] (x : isize) (y : isize) : () + function antisym2 [#"../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37] (x : Int64.t) (y : Int64.t) : () goal vc_antisym2 : ([%#sord0] cmp_log'0 x y = Ordering'0.C_Greater) -> ([%#sord1] cmp_log'0 y x = Ordering'0.C_Less) end @@ -2999,22 +3003,22 @@ module M_creusot_contracts__logic__ord__qyi8047313880300482848__eq_cmp [#"../../ let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 122 39 122 84 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 - use prelude.prelude.IntSize + use prelude.prelude.Int64 use prelude.prelude.Int use T_core__cmp__Ordering as Ordering'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : isize) (o : isize) : Ordering'0.t_Ordering + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : Int64.t) (o : Int64.t) : Ordering'0.t_Ordering = [%#sord1] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - constant x : isize + constant x : Int64.t - constant y : isize + constant y : Int64.t - function eq_cmp [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (x : isize) (y : isize) : () + function eq_cmp [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (x : Int64.t) (y : Int64.t) : () goal vc_eq_cmp : [%#sord0] (x = y) = (cmp_log'0 x y = Ordering'0.C_Equal) end @@ -6169,15 +6173,15 @@ end module T_alloc__collections__vec_deque__VecDeque use T_alloc__raw_vec__RawVec as RawVec'0 - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 use prelude.prelude.Int type t_VecDeque 't 'a = - | C_VecDeque usize usize (RawVec'0.t_RawVec 't 'a) + | C_VecDeque UInt64.t UInt64.t (RawVec'0.t_RawVec 't 'a) - let rec t_VecDeque < 't > < 'a > (input:t_VecDeque 't 'a) (ret (head:usize) (len:usize) (buf:RawVec'0.t_RawVec 't 'a))= any - [ good (head:usize) (len:usize) (buf:RawVec'0.t_RawVec 't 'a)-> {C_VecDeque head len buf = input} + let rec t_VecDeque < 't > < 'a > (input:t_VecDeque 't 'a) (ret (head:UInt64.t) (len:UInt64.t) (buf:RawVec'0.t_RawVec 't 'a))= any + [ good (head:UInt64.t) (len:UInt64.t) (buf:RawVec'0.t_RawVec 't 'a)-> {C_VecDeque head len buf = input} (! ret {head} {len} {buf}) ] end @@ -6244,20 +6248,20 @@ module M_creusot_contracts__stdqy35z1__deque__qyi3159098507555769709__produces_r use prelude.prelude.Slice - use prelude.prelude.UIntSize + use prelude.prelude.UInt64.to_uint - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 use prelude.prelude.Int - constant v_MAX'0 : usize = (18446744073709551615 : usize) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) use seq.Seq function view'2 [#"../../../creusot-contracts/src/std/slice.rs" 31 4 31 33] (self : slice t) : Seq.seq t axiom view'2_spec : forall self : slice t . ([%#sslice8] view'2 self = Slice.id self) - && ([%#sslice7] Seq.length (view'2 self) <= UIntSize.to_int (v_MAX'0 : usize)) + && ([%#sslice7] Seq.length (view'2 self) <= UInt64.to_int (v_MAX'0 : UInt64.t)) function index_logic'0 [@inline:trivial] [#"../../../creusot-contracts/src/logic/ops.rs" 41 4 41 47] (self : slice t) (ix : int) : t @@ -6266,6 +6270,10 @@ module M_creusot_contracts__stdqy35z1__deque__qyi3159098507555769709__produces_r use seq.Seq + use prelude.prelude.Int128.to_int + + use prelude.prelude.Int128 + function view'1 [#"../../../creusot-contracts/src/model.rs" 90 4 90 33] (self : slice t) : Seq.seq t = [%#smodel5] view'2 self @@ -6273,7 +6281,7 @@ module M_creusot_contracts__stdqy35z1__deque__qyi3159098507555769709__produces_r function to_ref_seq'0 [#"../../../creusot-contracts/src/std/slice.rs" 102 4 102 35] (self : slice t) : Seq.seq t - axiom to_ref_seq'0_spec : forall self : slice t . ([%#sslice4] forall i : int . 0 <= i + axiom to_ref_seq'0_spec : forall self : slice t . ([%#sslice4] forall i : int . Int128.to_int (0 : Int128.t) <= i /\ i < Seq.length (to_ref_seq'0 self) -> Seq.get (to_ref_seq'0 self) i = index_logic'0 self i) && ([%#sslice3] Seq.length (to_ref_seq'0 self) = Seq.length (view'1 self)) @@ -6323,20 +6331,20 @@ module M_creusot_contracts__stdqy35z1__deque__qyi3159098507555769709__produces_t use prelude.prelude.Slice - use prelude.prelude.UIntSize + use prelude.prelude.UInt64.to_uint - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 use prelude.prelude.Int - constant v_MAX'0 : usize = (18446744073709551615 : usize) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) use seq.Seq function view'2 [#"../../../creusot-contracts/src/std/slice.rs" 31 4 31 33] (self : slice t) : Seq.seq t axiom view'2_spec : forall self : slice t . ([%#sslice10] view'2 self = Slice.id self) - && ([%#sslice9] Seq.length (view'2 self) <= UIntSize.to_int (v_MAX'0 : usize)) + && ([%#sslice9] Seq.length (view'2 self) <= UInt64.to_int (v_MAX'0 : UInt64.t)) function index_logic'0 [@inline:trivial] [#"../../../creusot-contracts/src/logic/ops.rs" 41 4 41 47] (self : slice t) (ix : int) : t @@ -6345,6 +6353,10 @@ module M_creusot_contracts__stdqy35z1__deque__qyi3159098507555769709__produces_t use seq.Seq + use prelude.prelude.Int128.to_int + + use prelude.prelude.Int128 + function view'1 [#"../../../creusot-contracts/src/model.rs" 90 4 90 33] (self : slice t) : Seq.seq t = [%#smodel7] view'2 self @@ -6352,7 +6364,7 @@ module M_creusot_contracts__stdqy35z1__deque__qyi3159098507555769709__produces_t function to_ref_seq'0 [#"../../../creusot-contracts/src/std/slice.rs" 102 4 102 35] (self : slice t) : Seq.seq t - axiom to_ref_seq'0_spec : forall self : slice t . ([%#sslice6] forall i : int . 0 <= i + axiom to_ref_seq'0_spec : forall self : slice t . ([%#sslice6] forall i : int . Int128.to_int (0 : Int128.t) <= i /\ i < Seq.length (to_ref_seq'0 self) -> Seq.get (to_ref_seq'0 self) i = index_logic'0 self i) && ([%#sslice5] Seq.length (to_ref_seq'0 self) = Seq.length (view'1 self)) @@ -6454,10 +6466,14 @@ module M_creusot_contracts__stdqy35z1__iter__cloned__qyi10472681371035856984__pr use seq.Seq + use prelude.prelude.Int128.to_int + + use prelude.prelude.Int128 + use prelude.prelude.Int predicate invariant'0 [#"../../../creusot-contracts/src/logic/seq.rs" 197 4 197 30] (self : Seq.seq t) = - [%#sseq13] forall i : int . 0 <= i /\ i < Seq.length self -> inv'3 (Seq.get self i) + [%#sseq13] forall i : int . Int128.to_int (0 : Int128.t) <= i /\ i < Seq.length self -> inv'3 (Seq.get self i) predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t) @@ -6490,7 +6506,7 @@ module M_creusot_contracts__stdqy35z1__iter__cloned__qyi10472681371035856984__pr [%#scloned2] exists s : Seq.seq t . inv'1 s /\ produces'1 (iter'0 self) s (iter'0 o) /\ Seq.length visited = Seq.length s - /\ (forall i : int . 0 <= i /\ i < Seq.length s -> Seq.get visited i = Seq.get s i) + /\ (forall i : int . Int128.to_int (0 : Int128.t) <= i /\ i < Seq.length s -> Seq.get visited i = Seq.get s i) use seq.Seq @@ -6574,10 +6590,14 @@ module M_creusot_contracts__stdqy35z1__iter__cloned__qyi10472681371035856984__pr use seq.Seq + use prelude.prelude.Int128.to_int + + use prelude.prelude.Int128 + use prelude.prelude.Int predicate invariant'0 [#"../../../creusot-contracts/src/logic/seq.rs" 197 4 197 30] (self : Seq.seq t) = - [%#sseq17] forall i : int . 0 <= i /\ i < Seq.length self -> inv'3 (Seq.get self i) + [%#sseq17] forall i : int . Int128.to_int (0 : Int128.t) <= i /\ i < Seq.length self -> inv'3 (Seq.get self i) predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t) @@ -6612,7 +6632,7 @@ module M_creusot_contracts__stdqy35z1__iter__cloned__qyi10472681371035856984__pr [%#scloned6] exists s : Seq.seq t . inv'1 s /\ produces'1 (iter'0 self) s (iter'0 o) /\ Seq.length visited = Seq.length s - /\ (forall i : int . 0 <= i /\ i < Seq.length s -> Seq.get visited i = Seq.get s i) + /\ (forall i : int . Int128.to_int (0 : Int128.t) <= i /\ i < Seq.length s -> Seq.get visited i = Seq.get s i) constant a : Cloned'0.t_Cloned i @@ -6707,10 +6727,14 @@ module M_creusot_contracts__stdqy35z1__iter__copied__qyi18224474876607687026__pr use seq.Seq + use prelude.prelude.Int128.to_int + + use prelude.prelude.Int128 + use prelude.prelude.Int predicate invariant'0 [#"../../../creusot-contracts/src/logic/seq.rs" 197 4 197 30] (self : Seq.seq t) = - [%#sseq13] forall i : int . 0 <= i /\ i < Seq.length self -> inv'3 (Seq.get self i) + [%#sseq13] forall i : int . Int128.to_int (0 : Int128.t) <= i /\ i < Seq.length self -> inv'3 (Seq.get self i) predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t) @@ -6743,7 +6767,7 @@ module M_creusot_contracts__stdqy35z1__iter__copied__qyi18224474876607687026__pr [%#scopied2] exists s : Seq.seq t . inv'1 s /\ produces'1 (iter'0 self) s (iter'0 o) /\ Seq.length visited = Seq.length s - /\ (forall i : int . 0 <= i /\ i < Seq.length s -> Seq.get visited i = Seq.get s i) + /\ (forall i : int . Int128.to_int (0 : Int128.t) <= i /\ i < Seq.length s -> Seq.get visited i = Seq.get s i) use seq.Seq @@ -6827,10 +6851,14 @@ module M_creusot_contracts__stdqy35z1__iter__copied__qyi18224474876607687026__pr use seq.Seq + use prelude.prelude.Int128.to_int + + use prelude.prelude.Int128 + use prelude.prelude.Int predicate invariant'0 [#"../../../creusot-contracts/src/logic/seq.rs" 197 4 197 30] (self : Seq.seq t) = - [%#sseq17] forall i : int . 0 <= i /\ i < Seq.length self -> inv'3 (Seq.get self i) + [%#sseq17] forall i : int . Int128.to_int (0 : Int128.t) <= i /\ i < Seq.length self -> inv'3 (Seq.get self i) predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t) @@ -6865,7 +6893,7 @@ module M_creusot_contracts__stdqy35z1__iter__copied__qyi18224474876607687026__pr [%#scopied6] exists s : Seq.seq t . inv'1 s /\ produces'1 (iter'0 self) s (iter'0 o) /\ Seq.length visited = Seq.length s - /\ (forall i : int . 0 <= i /\ i < Seq.length s -> Seq.get visited i = Seq.get s i) + /\ (forall i : int . Int128.to_int (0 : Int128.t) <= i /\ i < Seq.length s -> Seq.get visited i = Seq.get s i) constant a : Copied'0.t_Copied i @@ -6973,15 +7001,15 @@ module M_creusot_contracts__stdqy35z1__iter__empty__qyi10605201058978801838__pro -> ([%#sempty1] inv'0 b) -> ([%#sempty0] inv'0 a) -> ([%#sempty5] produces'0 a (Seq.(++) ab bc) c) end module T_core__iter__adapters__enumerate__Enumerate - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 use prelude.prelude.Int type t_Enumerate 'i = - | C_Enumerate 'i usize + | C_Enumerate 'i UInt64.t - let rec t_Enumerate < 'i > (input:t_Enumerate 'i) (ret (iter:'i) (count:usize))= any - [ good (iter:'i) (count:usize)-> {C_Enumerate iter count = input} (! ret {iter} {count}) ] + let rec t_Enumerate < 'i > (input:t_Enumerate 'i) (ret (iter:'i) (count:UInt64.t))= any + [ good (iter:'i) (count:UInt64.t)-> {C_Enumerate iter count = input} (! ret {iter} {count}) ] end module M_creusot_contracts__stdqy35z1__iter__enumerate__qyi2718914205750388896__produces_refl [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 89 4 89 26] (* as std::iter::Iterator> *) @@ -7045,10 +7073,14 @@ module M_creusot_contracts__stdqy35z1__iter__enumerate__qyi2718914205750388896__ use seq.Seq + use prelude.prelude.Int128.to_int + + use prelude.prelude.Int128 + use prelude.prelude.Int predicate invariant'1 [#"../../../creusot-contracts/src/logic/seq.rs" 197 4 197 30] (self : Seq.seq t_Item'0) = - [%#sseq15] forall i : int . 0 <= i /\ i < Seq.length self -> inv'3 (Seq.get self i) + [%#sseq15] forall i : int . Int128.to_int (0 : Int128.t) <= i /\ i < Seq.length self -> inv'3 (Seq.get self i) predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t_Item'0) @@ -7058,11 +7090,11 @@ module M_creusot_contracts__stdqy35z1__iter__enumerate__qyi2718914205750388896__ predicate completed'0 [#"../../../creusot-contracts/src/std/iter.rs" 35 4 35 36] (self : borrowed i) - use prelude.prelude.UIntSize + use prelude.prelude.UInt64.to_uint - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 - constant v_MAX'0 : usize = (18446744073709551615 : usize) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) use T_core__iter__adapters__enumerate__Enumerate as Enumerate'0 @@ -7080,7 +7112,7 @@ module M_creusot_contracts__stdqy35z1__iter__enumerate__qyi2718914205750388896__ = [%#senumerate6] (forall s : Seq.seq t_Item'0, i : i [produces'1 (iter'0 self) s i] . inv'1 s - /\ inv'2 i /\ produces'1 (iter'0 self) s i -> n'0 self + Seq.length s < UIntSize.to_int v_MAX'0) + /\ inv'2 i /\ produces'1 (iter'0 self) s i -> n'0 self + Seq.length s < UInt64.to_int v_MAX'0) /\ (forall i : borrowed i . completed'0 i -> produces'1 i.current (Seq.empty : Seq.seq t_Item'0) i.final) axiom inv_axiom'0 [@rewrite] : forall x : Enumerate'0.t_Enumerate i [inv'0 x] . inv'0 x @@ -7097,15 +7129,15 @@ module M_creusot_contracts__stdqy35z1__iter__enumerate__qyi2718914205750388896__ use seq.Seq - predicate produces'0 [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 75 4 75 64] (self : Enumerate'0.t_Enumerate i) (visited : Seq.seq (usize, t_Item'0)) (o : Enumerate'0.t_Enumerate i) + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 75 4 75 64] (self : Enumerate'0.t_Enumerate i) (visited : Seq.seq (UInt64.t, t_Item'0)) (o : Enumerate'0.t_Enumerate i) = [%#senumerate2] Seq.length visited = n'0 o - n'0 self /\ (exists s : Seq.seq t_Item'0 . inv'1 s /\ produces'1 (iter'0 self) s (iter'0 o) /\ Seq.length visited = Seq.length s - /\ (forall i : int . 0 <= i /\ i < Seq.length s - -> UIntSize.to_int (let (a, _) = Seq.get visited i in a) = n'0 self + i + /\ (forall i : int . Int128.to_int (0 : Int128.t) <= i /\ i < Seq.length s + -> UInt64.to_int (let (a, _) = Seq.get visited i in a) = n'0 self + i /\ (let (_, a) = Seq.get visited i in a) = Seq.get s i)) use seq.Seq @@ -7116,7 +7148,7 @@ module M_creusot_contracts__stdqy35z1__iter__enumerate__qyi2718914205750388896__ goal vc_produces_refl : ([%#senumerate0] inv'0 self) - -> ([%#senumerate1] produces'0 self (Seq.empty : Seq.seq (usize, t_Item'0)) self) + -> ([%#senumerate1] produces'0 self (Seq.empty : Seq.seq (UInt64.t, t_Item'0)) self) end module M_creusot_contracts__stdqy35z1__iter__enumerate__qyi2718914205750388896__produces_trans [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 99 4 99 90] (* as std::iter::Iterator> *) type i @@ -7183,10 +7215,14 @@ module M_creusot_contracts__stdqy35z1__iter__enumerate__qyi2718914205750388896__ use seq.Seq + use prelude.prelude.Int128.to_int + + use prelude.prelude.Int128 + use prelude.prelude.Int predicate invariant'1 [#"../../../creusot-contracts/src/logic/seq.rs" 197 4 197 30] (self : Seq.seq t_Item'0) = - [%#sseq19] forall i : int . 0 <= i /\ i < Seq.length self -> inv'3 (Seq.get self i) + [%#sseq19] forall i : int . Int128.to_int (0 : Int128.t) <= i /\ i < Seq.length self -> inv'3 (Seq.get self i) predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t_Item'0) @@ -7196,11 +7232,11 @@ module M_creusot_contracts__stdqy35z1__iter__enumerate__qyi2718914205750388896__ predicate completed'0 [#"../../../creusot-contracts/src/std/iter.rs" 35 4 35 36] (self : borrowed i) - use prelude.prelude.UIntSize + use prelude.prelude.UInt64.to_uint - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 - constant v_MAX'0 : usize = (18446744073709551615 : usize) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) use T_core__iter__adapters__enumerate__Enumerate as Enumerate'0 @@ -7218,7 +7254,7 @@ module M_creusot_contracts__stdqy35z1__iter__enumerate__qyi2718914205750388896__ = [%#senumerate10] (forall s : Seq.seq t_Item'0, i : i [produces'1 (iter'0 self) s i] . inv'1 s - /\ inv'2 i /\ produces'1 (iter'0 self) s i -> n'0 self + Seq.length s < UIntSize.to_int v_MAX'0) + /\ inv'2 i /\ produces'1 (iter'0 self) s i -> n'0 self + Seq.length s < UInt64.to_int v_MAX'0) /\ (forall i : borrowed i . completed'0 i -> produces'1 i.current (Seq.empty : Seq.seq t_Item'0) i.final) axiom inv_axiom'0 [@rewrite] : forall x : Enumerate'0.t_Enumerate i [inv'0 x] . inv'0 x @@ -7237,28 +7273,28 @@ module M_creusot_contracts__stdqy35z1__iter__enumerate__qyi2718914205750388896__ use seq.Seq - predicate produces'0 [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 75 4 75 64] (self : Enumerate'0.t_Enumerate i) (visited : Seq.seq (usize, t_Item'0)) (o : Enumerate'0.t_Enumerate i) + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 75 4 75 64] (self : Enumerate'0.t_Enumerate i) (visited : Seq.seq (UInt64.t, t_Item'0)) (o : Enumerate'0.t_Enumerate i) = [%#senumerate6] Seq.length visited = n'0 o - n'0 self /\ (exists s : Seq.seq t_Item'0 . inv'1 s /\ produces'1 (iter'0 self) s (iter'0 o) /\ Seq.length visited = Seq.length s - /\ (forall i : int . 0 <= i /\ i < Seq.length s - -> UIntSize.to_int (let (a, _) = Seq.get visited i in a) = n'0 self + i + /\ (forall i : int . Int128.to_int (0 : Int128.t) <= i /\ i < Seq.length s + -> UInt64.to_int (let (a, _) = Seq.get visited i in a) = n'0 self + i /\ (let (_, a) = Seq.get visited i in a) = Seq.get s i)) constant a : Enumerate'0.t_Enumerate i - constant ab : Seq.seq (usize, t_Item'0) + constant ab : Seq.seq (UInt64.t, t_Item'0) constant b : Enumerate'0.t_Enumerate i - constant bc : Seq.seq (usize, t_Item'0) + constant bc : Seq.seq (UInt64.t, t_Item'0) constant c : Enumerate'0.t_Enumerate i - function produces_trans [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 99 4 99 90] (a : Enumerate'0.t_Enumerate i) (ab : Seq.seq (usize, t_Item'0)) (b : Enumerate'0.t_Enumerate i) (bc : Seq.seq (usize, t_Item'0)) (c : Enumerate'0.t_Enumerate i) : () + function produces_trans [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 99 4 99 90] (a : Enumerate'0.t_Enumerate i) (ab : Seq.seq (UInt64.t, t_Item'0)) (b : Enumerate'0.t_Enumerate i) (bc : Seq.seq (UInt64.t, t_Item'0)) (c : Enumerate'0.t_Enumerate i) : () goal vc_produces_trans : ([%#senumerate4] produces'0 b bc c) @@ -7391,6 +7427,10 @@ module M_creusot_contracts__stdqy35z1__iter__filter__qyi9573749579793237160__pro use seq.Seq + use prelude.prelude.Int128.to_int + + use prelude.prelude.Int128 + function iter'0 [#"../../../creusot-contracts/src/std/iter/filter.rs" 20 4 20 22] (self : Filter'0.t_Filter i f) : i axiom iter'0_spec : forall self : Filter'0.t_Filter i f . [%#sfilter5] inv'0 self -> inv'1 (iter'0 self) @@ -7408,12 +7448,13 @@ module M_creusot_contracts__stdqy35z1__iter__filter__qyi9573749579793237160__pro = [%#sfilter2] unnest'0 (func'0 self) (func'0 succ) /\ (exists s : Seq.seq t_Item'0, f : Map.map int int . produces'1 (iter'0 self) s (iter'0 succ) - /\ (forall i : int, j : int . 0 <= i /\ i <= j /\ j < Seq.length visited - -> 0 <= Map.get f i /\ Map.get f i <= Map.get f j /\ Map.get f j < Seq.length s) - /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> Seq.get visited i = Seq.get s (Map.get f i)) + /\ (forall i : int, j : int . Int128.to_int (0 : Int128.t) <= i /\ i <= j /\ j < Seq.length visited + -> Int128.to_int (0 : Int128.t) <= Map.get f i /\ Map.get f i <= Map.get f j /\ Map.get f j < Seq.length s) + /\ (forall i : int . Int128.to_int (0 : Int128.t) <= i /\ i < Seq.length visited + -> Seq.get visited i = Seq.get s (Map.get f i)) /\ (forall bor_f : borrowed f, i : int . bor_f.current = func'0 self /\ bor_f.final = func'0 self - -> 0 <= i /\ i < Seq.length s - -> (exists j : int . 0 <= j /\ j < Seq.length visited /\ Map.get f j = i) + -> Int128.to_int (0 : Int128.t) <= i /\ i < Seq.length s + -> (exists j : int . Int128.to_int (0 : Int128.t) <= j /\ j < Seq.length visited /\ Map.get f j = i) = postcondition_mut'0 bor_f (Seq.get s i) true)) constant self : Filter'0.t_Filter i f @@ -7719,10 +7760,14 @@ module M_creusot_contracts__stdqy35z1__iter__map__qyi6597778842032428791__produc use seq.Seq + use prelude.prelude.Int128.to_int + + use prelude.prelude.Int128 + use prelude.prelude.Int predicate invariant'1 [#"../../../creusot-contracts/src/logic/seq.rs" 197 4 197 30] (self : Seq.seq t_Item'0) = - [%#sseq22] forall i : int . 0 <= i /\ i < Seq.length self -> inv'6 (Seq.get self i) + [%#sseq22] forall i : int . Int128.to_int (0 : Int128.t) <= i /\ i < Seq.length self -> inv'6 (Seq.get self i) predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t_Item'0) @@ -7735,7 +7780,7 @@ module M_creusot_contracts__stdqy35z1__iter__map__qyi6597778842032428791__produc use seq.Seq predicate invariant'0 [#"../../../creusot-contracts/src/logic/seq.rs" 197 4 197 30] (self : Seq.seq (borrowed f)) = - [%#sseq22] forall i : int . 0 <= i /\ i < Seq.length self -> inv'5 (Seq.get self i) + [%#sseq22] forall i : int . Int128.to_int (0 : Int128.t) <= i /\ i < Seq.length self -> inv'5 (Seq.get self i) predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq (borrowed f)) @@ -7810,13 +7855,15 @@ module M_creusot_contracts__stdqy35z1__iter__map__qyi6597778842032428791__produc /\ (exists s : Seq.seq t_Item'0 [produces'1 (iter'0 self) s (iter'0 succ)] . inv'2 s /\ Seq.length s = Seq.length visited /\ produces'1 (iter'0 self) s (iter'0 succ) - /\ (forall i : int . 1 <= i /\ i < Seq.length fs -> (Seq.get fs (i - 1)).final = (Seq.get fs i).current) - /\ (if Seq.length visited = 0 then + /\ (forall i : int . Int128.to_int (1 : Int128.t) <= i /\ i < Seq.length fs + -> (Seq.get fs (i - Int128.to_int (1 : Int128.t))).final = (Seq.get fs i).current) + /\ (if Seq.length visited = Int128.to_int (0 : Int128.t) then func'0 self = func'0 succ else - (Seq.get fs 0).current = func'0 self /\ (Seq.get fs (Seq.length visited - 1)).final = func'0 succ + (Seq.get fs (Int128.to_int (0 : Int128.t))).current = func'0 self + /\ (Seq.get fs (Seq.length visited - Int128.to_int (1 : Int128.t))).final = func'0 succ ) - /\ (forall i : int . 0 <= i /\ i < Seq.length visited + /\ (forall i : int . Int128.to_int (0 : Int128.t) <= i /\ i < Seq.length visited -> unnest'0 (func'0 self) (Seq.get fs i).current /\ precondition'0 (Seq.get fs i).current (Seq.get s i) /\ postcondition_mut'0 (Seq.get fs i) (Seq.get s i) (Seq.get visited i)))) @@ -7953,12 +8000,16 @@ module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi4413682431414748756__ne use seq.Seq + use prelude.prelude.Int128.to_int + + use prelude.prelude.Int128 + use prelude.prelude.Int use seq.Seq predicate invariant'5 [#"../../../creusot-contracts/src/logic/seq.rs" 197 4 197 30] (self : Seq.seq (borrowed f)) = - [%#sseq59] forall i : int . 0 <= i /\ i < Seq.length self -> inv'14 (Seq.get self i) + [%#sseq59] forall i : int . Int128.to_int (0 : Int128.t) <= i /\ i < Seq.length self -> inv'14 (Seq.get self i) predicate inv'12 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq (borrowed f)) @@ -7971,7 +8022,7 @@ module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi4413682431414748756__ne use seq.Seq predicate invariant'4 [#"../../../creusot-contracts/src/logic/seq.rs" 197 4 197 30] (self : Seq.seq t_Item'0) = - [%#sseq59] forall i : int . 0 <= i /\ i < Seq.length self -> inv'13 (Seq.get self i) + [%#sseq59] forall i : int . Int128.to_int (0 : Int128.t) <= i /\ i < Seq.length self -> inv'13 (Seq.get self i) predicate inv'11 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t_Item'0) @@ -8169,19 +8220,21 @@ module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi4413682431414748756__ne /\ produces'0 (T_creusot_contracts__stdqy35z1__iter__map_inv__MapInv.t_MapInv__iter self) s (T_creusot_contracts__stdqy35z1__iter__map_inv__MapInv.t_MapInv__iter succ) /\ Snapshot.inner (T_creusot_contracts__stdqy35z1__iter__map_inv__MapInv.t_MapInv__produced succ) = Seq.(++) (Snapshot.inner (T_creusot_contracts__stdqy35z1__iter__map_inv__MapInv.t_MapInv__produced self)) s - /\ (forall i : int . 1 <= i /\ i < Seq.length fs -> (Seq.get fs (i - 1)).final = (Seq.get fs i).current) - /\ (if Seq.length visited = 0 then + /\ (forall i : int . Int128.to_int (1 : Int128.t) <= i /\ i < Seq.length fs + -> (Seq.get fs (i - Int128.to_int (1 : Int128.t))).final = (Seq.get fs i).current) + /\ (if Seq.length visited = Int128.to_int (0 : Int128.t) then T_creusot_contracts__stdqy35z1__iter__map_inv__MapInv.t_MapInv__func self = T_creusot_contracts__stdqy35z1__iter__map_inv__MapInv.t_MapInv__func succ else - (Seq.get fs 0).current = T_creusot_contracts__stdqy35z1__iter__map_inv__MapInv.t_MapInv__func self - /\ (Seq.get fs (Seq.length visited - 1)).final + (Seq.get fs (Int128.to_int (0 : Int128.t))).current + = T_creusot_contracts__stdqy35z1__iter__map_inv__MapInv.t_MapInv__func self + /\ (Seq.get fs (Seq.length visited - Int128.to_int (1 : Int128.t))).final = T_creusot_contracts__stdqy35z1__iter__map_inv__MapInv.t_MapInv__func succ ) - /\ (forall i : int . 0 <= i /\ i < Seq.length visited + /\ (forall i : int . Int128.to_int (0 : Int128.t) <= i /\ i < Seq.length visited -> unnest'0 (T_creusot_contracts__stdqy35z1__iter__map_inv__MapInv.t_MapInv__func self) (Seq.get fs i).current - /\ precondition'0 (Seq.get fs i).current (Seq.get s i, Snapshot.new (Seq.(++) (Snapshot.inner (T_creusot_contracts__stdqy35z1__iter__map_inv__MapInv.t_MapInv__produced self)) (Seq.([..]) s 0 i))) - /\ postcondition_mut'0 (Seq.get fs i) (Seq.get s i, Snapshot.new (Seq.(++) (Snapshot.inner (T_creusot_contracts__stdqy35z1__iter__map_inv__MapInv.t_MapInv__produced self)) (Seq.([..]) s 0 i))) (Seq.get visited i)))) + /\ precondition'0 (Seq.get fs i).current (Seq.get s i, Snapshot.new (Seq.(++) (Snapshot.inner (T_creusot_contracts__stdqy35z1__iter__map_inv__MapInv.t_MapInv__produced self)) (Seq.([..]) s (Int128.to_int (0 : Int128.t)) i))) + /\ postcondition_mut'0 (Seq.get fs i) (Seq.get s i, Snapshot.new (Seq.(++) (Snapshot.inner (T_creusot_contracts__stdqy35z1__iter__map_inv__MapInv.t_MapInv__produced self)) (Seq.([..]) s (Int128.to_int (0 : Int128.t)) i))) (Seq.get visited i)))) function produces_trans'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 39 4 39 90] (a : MapInv'0.t_MapInv i t_Item'0 f) (ab : Seq.seq b) (b : MapInv'0.t_MapInv i t_Item'0 f) (bc : Seq.seq b) (c : MapInv'0.t_MapInv i t_Item'0 f) : () @@ -8623,6 +8676,10 @@ module M_creusot_contracts__stdqy35z1__iter__range__qyi16860283617022118777__pro use seq.Seq + use prelude.prelude.Int128.to_int + + use prelude.prelude.Int128 + use seq.Seq use prelude.prelude.Int @@ -8641,13 +8698,13 @@ module M_creusot_contracts__stdqy35z1__iter__range__qyi16860283617022118777__pro [%#srange2] T_core__ops__range__Range.t_Range__end self = T_core__ops__range__Range.t_Range__end o /\ deep_model'0 (T_core__ops__range__Range.t_Range__start self) <= deep_model'0 (T_core__ops__range__Range.t_Range__start o) - /\ (Seq.length visited > 0 + /\ (Seq.length visited > Int128.to_int (0 : Int128.t) -> deep_model'0 (T_core__ops__range__Range.t_Range__start o) <= deep_model'0 (T_core__ops__range__Range.t_Range__end o)) /\ Seq.length visited = deep_model'0 (T_core__ops__range__Range.t_Range__start o) - deep_model'0 (T_core__ops__range__Range.t_Range__start self) - /\ (forall i : int . 0 <= i /\ i < Seq.length visited + /\ (forall i : int . Int128.to_int (0 : Int128.t) <= i /\ i < Seq.length visited -> deep_model'0 (Seq.get visited i) = deep_model'0 (T_core__ops__range__Range.t_Range__start self) + i) use seq.Seq @@ -8687,6 +8744,10 @@ module M_creusot_contracts__stdqy35z1__iter__range__qyi16860283617022118777__pro use seq.Seq + use prelude.prelude.Int128.to_int + + use prelude.prelude.Int128 + use seq.Seq use prelude.prelude.Int @@ -8703,13 +8764,13 @@ module M_creusot_contracts__stdqy35z1__iter__range__qyi16860283617022118777__pro [%#srange6] T_core__ops__range__Range.t_Range__end self = T_core__ops__range__Range.t_Range__end o /\ deep_model'0 (T_core__ops__range__Range.t_Range__start self) <= deep_model'0 (T_core__ops__range__Range.t_Range__start o) - /\ (Seq.length visited > 0 + /\ (Seq.length visited > Int128.to_int (0 : Int128.t) -> deep_model'0 (T_core__ops__range__Range.t_Range__start o) <= deep_model'0 (T_core__ops__range__Range.t_Range__end o)) /\ Seq.length visited = deep_model'0 (T_core__ops__range__Range.t_Range__start o) - deep_model'0 (T_core__ops__range__Range.t_Range__start self) - /\ (forall i : int . 0 <= i /\ i < Seq.length visited + /\ (forall i : int . Int128.to_int (0 : Int128.t) <= i /\ i < Seq.length visited -> deep_model'0 (Seq.get visited i) = deep_model'0 (T_core__ops__range__Range.t_Range__start self) + i) constant a : Range'0.t_Range idx @@ -8757,6 +8818,10 @@ module M_creusot_contracts__stdqy35z1__iter__range__range_inclusive_len [#"../.. function start_log'0 [#"../../../creusot-contracts/src/std/ops.rs" 195 4 195 29] (self : RangeInclusive'0.t_RangeInclusive idx) : idx + use prelude.prelude.Int128.to_int + + use prelude.prelude.Int128 + function is_empty_log'0 [#"../../../creusot-contracts/src/std/ops.rs" 210 4 213 35] (self : RangeInclusive'0.t_RangeInclusive idx) : bool @@ -8771,9 +8836,11 @@ module M_creusot_contracts__stdqy35z1__iter__range__range_inclusive_len [#"../.. goal vc_range_inclusive_len : ([%#sops1] not is_empty_log'0 r -> deep_model'0 (start_log'0 r) <= deep_model'0 (end_log'0 r)) -> (if is_empty_log'0 r then - [%#srange0] is_empty_log'0 r = (0 = 0) + [%#srange0] is_empty_log'0 r = (Int128.to_int (0 : Int128.t) = Int128.to_int (0 : Int128.t)) else - [%#srange0] is_empty_log'0 r = (deep_model'0 (end_log'0 r) - deep_model'0 (start_log'0 r) + 1 = 0) + [%#srange0] is_empty_log'0 r + = (deep_model'0 (end_log'0 r) - deep_model'0 (start_log'0 r) + Int128.to_int (1 : Int128.t) + = Int128.to_int (0 : Int128.t)) ) end module M_creusot_contracts__stdqy35z1__iter__range__qyi11108913944999844411__produces_refl [#"../../../creusot-contracts/src/std/iter/range.rs" 82 4 82 26] (* as std::iter::Iterator> *) @@ -8796,6 +8863,10 @@ module M_creusot_contracts__stdqy35z1__iter__range__qyi11108913944999844411__pro use seq.Seq + use prelude.prelude.Int128.to_int + + use prelude.prelude.Int128 + function end_log'0 [#"../../../creusot-contracts/src/std/ops.rs" 202 4 202 27] (self : RangeInclusive'0.t_RangeInclusive idx) : idx @@ -8808,10 +8879,14 @@ module M_creusot_contracts__stdqy35z1__iter__range__qyi11108913944999844411__pro function range_inclusive_len'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 51 0 51 92] (r : RangeInclusive'0.t_RangeInclusive idx) : int = - [%#srange3] if is_empty_log'0 r then 0 else deep_model'0 (end_log'0 r) - deep_model'0 (start_log'0 r) + 1 + [%#srange3] if is_empty_log'0 r then + Int128.to_int (0 : Int128.t) + else + deep_model'0 (end_log'0 r) - deep_model'0 (start_log'0 r) + Int128.to_int (1 : Int128.t) + axiom range_inclusive_len'0_spec : forall r : RangeInclusive'0.t_RangeInclusive idx . [%#srange2] is_empty_log'0 r - = (range_inclusive_len'0 r = 0) + = (range_inclusive_len'0 r = Int128.to_int (0 : Int128.t)) use seq.Seq @@ -8823,7 +8898,7 @@ module M_creusot_contracts__stdqy35z1__iter__range__qyi11108913944999844411__pro [%#srange1] Seq.length visited = range_inclusive_len'0 self - range_inclusive_len'0 o /\ (is_empty_log'0 self -> is_empty_log'0 o) /\ (is_empty_log'0 o \/ end_log'0 self = end_log'0 o) - /\ (forall i : int . 0 <= i /\ i < Seq.length visited + /\ (forall i : int . Int128.to_int (0 : Int128.t) <= i /\ i < Seq.length visited -> deep_model'0 (Seq.get visited i) = deep_model'0 (start_log'0 self) + i) use seq.Seq @@ -8861,6 +8936,10 @@ module M_creusot_contracts__stdqy35z1__iter__range__qyi11108913944999844411__pro use seq.Seq + use prelude.prelude.Int128.to_int + + use prelude.prelude.Int128 + function end_log'0 [#"../../../creusot-contracts/src/std/ops.rs" 202 4 202 27] (self : RangeInclusive'0.t_RangeInclusive idx) : idx @@ -8873,10 +8952,14 @@ module M_creusot_contracts__stdqy35z1__iter__range__qyi11108913944999844411__pro function range_inclusive_len'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 51 0 51 92] (r : RangeInclusive'0.t_RangeInclusive idx) : int = - [%#srange5] if is_empty_log'0 r then 0 else deep_model'0 (end_log'0 r) - deep_model'0 (start_log'0 r) + 1 + [%#srange5] if is_empty_log'0 r then + Int128.to_int (0 : Int128.t) + else + deep_model'0 (end_log'0 r) - deep_model'0 (start_log'0 r) + Int128.to_int (1 : Int128.t) + axiom range_inclusive_len'0_spec : forall r : RangeInclusive'0.t_RangeInclusive idx . [%#srange4] is_empty_log'0 r - = (range_inclusive_len'0 r = 0) + = (range_inclusive_len'0 r = Int128.to_int (0 : Int128.t)) use seq.Seq @@ -8886,7 +8969,7 @@ module M_creusot_contracts__stdqy35z1__iter__range__qyi11108913944999844411__pro [%#srange3] Seq.length visited = range_inclusive_len'0 self - range_inclusive_len'0 o /\ (is_empty_log'0 self -> is_empty_log'0 o) /\ (is_empty_log'0 o \/ end_log'0 self = end_log'0 o) - /\ (forall i : int . 0 <= i /\ i < Seq.length visited + /\ (forall i : int . Int128.to_int (0 : Int128.t) <= i /\ i < Seq.length visited -> deep_model'0 (Seq.get visited i) = deep_model'0 (start_log'0 self) + i) constant a : RangeInclusive'0.t_RangeInclusive idx @@ -8938,6 +9021,10 @@ module M_creusot_contracts__stdqy35z1__iter__repeat__qyi8658929399712466629__pro use seq.Seq + use prelude.prelude.Int128.to_int + + use prelude.prelude.Int128 + use prelude.prelude.Int use seq.Seq @@ -8945,7 +9032,9 @@ module M_creusot_contracts__stdqy35z1__iter__repeat__qyi8658929399712466629__pro predicate produces'0 [#"../../../creusot-contracts/src/std/iter/repeat.rs" 23 4 23 64] (self : Repeat'0.t_Repeat t) (visited : Seq.seq t) (o : Repeat'0.t_Repeat t) = - [%#srepeat2] self = o /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> Seq.get visited i = view'0 self) + [%#srepeat2] self = o + /\ (forall i : int . Int128.to_int (0 : Int128.t) <= i /\ i < Seq.length visited + -> Seq.get visited i = view'0 self) use seq.Seq @@ -8989,12 +9078,18 @@ module M_creusot_contracts__stdqy35z1__iter__repeat__qyi8658929399712466629__pro use seq.Seq + use prelude.prelude.Int128.to_int + + use prelude.prelude.Int128 + use prelude.prelude.Int predicate produces'0 [#"../../../creusot-contracts/src/std/iter/repeat.rs" 23 4 23 64] (self : Repeat'0.t_Repeat t) (visited : Seq.seq t) (o : Repeat'0.t_Repeat t) = - [%#srepeat6] self = o /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> Seq.get visited i = view'0 self) + [%#srepeat6] self = o + /\ (forall i : int . Int128.to_int (0 : Int128.t) <= i /\ i < Seq.length visited + -> Seq.get visited i = view'0 self) constant a : Repeat'0.t_Repeat t @@ -9015,15 +9110,15 @@ module M_creusot_contracts__stdqy35z1__iter__repeat__qyi8658929399712466629__pro -> ([%#srepeat1] inv'0 b) -> ([%#srepeat0] inv'0 a) -> ([%#srepeat5] produces'0 a (Seq.(++) ab bc) c) end module T_core__iter__adapters__skip__Skip - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 use prelude.prelude.Int type t_Skip 'i = - | C_Skip 'i usize + | C_Skip 'i UInt64.t - let rec t_Skip < 'i > (input:t_Skip 'i) (ret (iter:'i) (n:usize))= any - [ good (iter:'i) (n:usize)-> {C_Skip iter n = input} (! ret {iter} {n}) ] + let rec t_Skip < 'i > (input:t_Skip 'i) (ret (iter:'i) (n:UInt64.t))= any + [ good (iter:'i) (n:UInt64.t)-> {C_Skip iter n = input} (! ret {iter} {n}) ] end module M_creusot_contracts__stdqy35z1__iter__skip__qyi3195031491774060502__produces_refl [#"../../../creusot-contracts/src/std/iter/skip.rs" 78 4 78 26] (* as std::iter::Iterator> *) @@ -9087,10 +9182,14 @@ module M_creusot_contracts__stdqy35z1__iter__skip__qyi3195031491774060502__produ use seq.Seq + use prelude.prelude.Int128.to_int + + use prelude.prelude.Int128 + use prelude.prelude.Int predicate invariant'0 [#"../../../creusot-contracts/src/logic/seq.rs" 197 4 197 30] (self : Seq.seq t_Item'0) = - [%#sseq15] forall i : int . 0 <= i /\ i < Seq.length self -> inv'3 (Seq.get self i) + [%#sseq15] forall i : int . Int128.to_int (0 : Int128.t) <= i /\ i < Seq.length self -> inv'3 (Seq.get self i) predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t_Item'0) @@ -9115,27 +9214,27 @@ module M_creusot_contracts__stdqy35z1__iter__skip__qyi3195031491774060502__produ axiom iter'0_spec : forall self : Skip'0.t_Skip i . [%#sskip5] inv'0 self -> inv'2 (iter'0 self) - use prelude.prelude.UIntSize + use prelude.prelude.UInt64.to_uint - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 - constant v_MAX'0 : usize = (18446744073709551615 : usize) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) function n'0 [#"../../../creusot-contracts/src/std/iter/skip.rs" 24 4 24 21] (self : Skip'0.t_Skip i) : int - axiom n'0_spec : forall self : Skip'0.t_Skip i . [%#sskip3] n'0 self >= 0 - /\ n'0 self <= UIntSize.to_int (v_MAX'0 : usize) + axiom n'0_spec : forall self : Skip'0.t_Skip i . [%#sskip3] n'0 self >= Int128.to_int (0 : Int128.t) + /\ n'0 self <= UInt64.to_int (v_MAX'0 : UInt64.t) predicate produces'0 [#"../../../creusot-contracts/src/std/iter/skip.rs" 63 4 63 64] (self : Skip'0.t_Skip i) (visited : Seq.seq t_Item'0) (o : Skip'0.t_Skip i) = [%#sskip2] visited = (Seq.empty : Seq.seq t_Item'0) /\ self = o - \/ n'0 o = 0 - /\ Seq.length visited > 0 + \/ n'0 o = Int128.to_int (0 : Int128.t) + /\ Seq.length visited > Int128.to_int (0 : Int128.t) /\ (exists s : Seq.seq t_Item'0 . inv'1 s /\ Seq.length s = n'0 self /\ produces'1 (iter'0 self) (Seq.(++) s visited) (iter'0 o) - /\ (forall i : int . 0 <= i /\ i < Seq.length s -> resolve'0 (Seq.get s i))) + /\ (forall i : int . Int128.to_int (0 : Int128.t) <= i /\ i < Seq.length s -> resolve'0 (Seq.get s i))) constant self : Skip'0.t_Skip i @@ -9144,15 +9243,15 @@ module M_creusot_contracts__stdqy35z1__iter__skip__qyi3195031491774060502__produ goal vc_produces_refl : ([%#sskip0] inv'0 self) -> ([%#sskip1] produces'0 self (Seq.empty : Seq.seq t_Item'0) self) end module T_core__iter__adapters__take__Take - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 use prelude.prelude.Int type t_Take 'i = - | C_Take 'i usize + | C_Take 'i UInt64.t - let rec t_Take < 'i > (input:t_Take 'i) (ret (iter:'i) (n:usize))= any - [ good (iter:'i) (n:usize)-> {C_Take iter n = input} (! ret {iter} {n}) ] + let rec t_Take < 'i > (input:t_Take 'i) (ret (iter:'i) (n:UInt64.t))= any + [ good (iter:'i) (n:UInt64.t)-> {C_Take iter n = input} (! ret {iter} {n}) ] end module M_creusot_contracts__stdqy35z1__iter__take__qyi12344256497067751022__produces_refl [#"../../../creusot-contracts/src/std/iter/take.rs" 77 4 77 26] (* as std::iter::Iterator> *) @@ -9218,16 +9317,20 @@ module M_creusot_contracts__stdqy35z1__iter__take__qyi12344256497067751022__prod use seq.Seq - use prelude.prelude.UIntSize + use prelude.prelude.UInt64.to_uint + + use prelude.prelude.UInt64 + + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.UIntSize + use prelude.prelude.Int128.to_int - constant v_MAX'0 : usize = (18446744073709551615 : usize) + use prelude.prelude.Int128 function n'0 [#"../../../creusot-contracts/src/std/iter/take.rs" 35 4 35 21] (self : Take'0.t_Take i) : int - axiom n'0_spec : forall self : Take'0.t_Take i . [%#stake3] n'0 self >= 0 - /\ n'0 self <= UIntSize.to_int (v_MAX'0 : usize) + axiom n'0_spec : forall self : Take'0.t_Take i . [%#stake3] n'0 self >= Int128.to_int (0 : Int128.t) + /\ n'0 self <= UInt64.to_int (v_MAX'0 : UInt64.t) predicate produces'0 [#"../../../creusot-contracts/src/std/iter/take.rs" 67 4 67 64] (self : Take'0.t_Take i) (visited : Seq.seq t_Item'0) (o : Take'0.t_Take i) @@ -9307,16 +9410,20 @@ module M_creusot_contracts__stdqy35z1__iter__take__qyi12344256497067751022__prod use seq.Seq - use prelude.prelude.UIntSize + use prelude.prelude.UInt64.to_uint + + use prelude.prelude.UInt64 + + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.UIntSize + use prelude.prelude.Int128.to_int - constant v_MAX'0 : usize = (18446744073709551615 : usize) + use prelude.prelude.Int128 function n'0 [#"../../../creusot-contracts/src/std/iter/take.rs" 35 4 35 21] (self : Take'0.t_Take i) : int - axiom n'0_spec : forall self : Take'0.t_Take i . [%#stake7] n'0 self >= 0 - /\ n'0 self <= UIntSize.to_int (v_MAX'0 : usize) + axiom n'0_spec : forall self : Take'0.t_Take i . [%#stake7] n'0 self >= Int128.to_int (0 : Int128.t) + /\ n'0 self <= UInt64.to_int (v_MAX'0 : UInt64.t) predicate produces'0 [#"../../../creusot-contracts/src/std/iter/take.rs" 67 4 67 64] (self : Take'0.t_Take i) (visited : Seq.seq t_Item'0) (o : Take'0.t_Take i) @@ -9342,15 +9449,15 @@ module M_creusot_contracts__stdqy35z1__iter__take__qyi12344256497067751022__prod -> ([%#stake1] inv'0 b) -> ([%#stake0] inv'0 a) -> ([%#stake5] produces'0 a (Seq.(++) ab bc) c) end module T_core__iter__adapters__zip__Zip - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 use prelude.prelude.Int type t_Zip 'a 'b = - | C_Zip 'a 'b usize usize usize + | C_Zip 'a 'b UInt64.t UInt64.t UInt64.t - let rec t_Zip < 'a > < 'b > (input:t_Zip 'a 'b) (ret (a:'a) (b:'b) (index:usize) (len:usize) (a_len:usize))= any - [ good (a:'a) (b:'b) (index:usize) (len:usize) (a_len:usize)-> {C_Zip a b index len a_len = input} + let rec t_Zip < 'a > < 'b > (input:t_Zip 'a 'b) (ret (a:'a) (b:'b) (index:UInt64.t) (len:UInt64.t) (a_len:UInt64.t))= any + [ good (a:'a) (b:'b) (index:UInt64.t) (len:UInt64.t) (a_len:UInt64.t)-> {C_Zip a b index len a_len = input} (! ret {a} {b} {index} {len} {a_len}) ] end @@ -9453,10 +9560,14 @@ module M_creusot_contracts__stdqy35z1__iter__zip__qyi2281060687216883844__produc use seq.Seq + use prelude.prelude.Int128.to_int + + use prelude.prelude.Int128 + use prelude.prelude.Int predicate invariant'1 [#"../../../creusot-contracts/src/logic/seq.rs" 197 4 197 30] (self : Seq.seq t_Item'1) = - [%#sseq15] forall i : int . 0 <= i /\ i < Seq.length self -> inv'6 (Seq.get self i) + [%#sseq15] forall i : int . Int128.to_int (0 : Int128.t) <= i /\ i < Seq.length self -> inv'6 (Seq.get self i) predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t_Item'1) @@ -9467,7 +9578,7 @@ module M_creusot_contracts__stdqy35z1__iter__zip__qyi2281060687216883844__produc use seq.Seq predicate invariant'0 [#"../../../creusot-contracts/src/logic/seq.rs" 197 4 197 30] (self : Seq.seq t_Item'0) = - [%#sseq15] forall i : int . 0 <= i /\ i < Seq.length self -> inv'5 (Seq.get self i) + [%#sseq15] forall i : int . Int128.to_int (0 : Int128.t) <= i /\ i < Seq.length self -> inv'5 (Seq.get self i) predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t_Item'0) @@ -9507,7 +9618,8 @@ module M_creusot_contracts__stdqy35z1__iter__zip__qyi2281060687216883844__produc /\ inv'2 p2 /\ Seq.length p1 = Seq.length p2 /\ Seq.length p2 = Seq.length visited - /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> Seq.get visited i = (Seq.get p1 i, Seq.get p2 i)) + /\ (forall i : int . Int128.to_int (0 : Int128.t) <= i /\ i < Seq.length visited + -> Seq.get visited i = (Seq.get p1 i, Seq.get p2 i)) /\ produces'1 (itera'0 self) p1 (itera'0 o) /\ produces'2 (iterb'0 self) p2 (iterb'0 o) use seq.Seq @@ -12492,20 +12604,20 @@ module M_creusot_contracts__stdqy35z1__slice__qyi7128337469104663169__produces_r use prelude.prelude.Slice - use prelude.prelude.UIntSize + use prelude.prelude.UInt64.to_uint - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 use prelude.prelude.Int - constant v_MAX'0 : usize = (18446744073709551615 : usize) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) use seq.Seq function view'1 [#"../../../creusot-contracts/src/std/slice.rs" 31 4 31 33] (self : slice t) : Seq.seq t axiom view'1_spec : forall self : slice t . ([%#sslice9] view'1 self = Slice.id self) - && ([%#sslice8] Seq.length (view'1 self) <= UIntSize.to_int (v_MAX'0 : usize)) + && ([%#sslice8] Seq.length (view'1 self) <= UInt64.to_int (v_MAX'0 : UInt64.t)) function index_logic'0 [@inline:trivial] [#"../../../creusot-contracts/src/logic/ops.rs" 41 4 41 47] (self : slice t) (ix : int) : t @@ -12516,6 +12628,10 @@ module M_creusot_contracts__stdqy35z1__slice__qyi7128337469104663169__produces_r use seq.Seq + use prelude.prelude.Int128.to_int + + use prelude.prelude.Int128 + function view'2 [#"../../../creusot-contracts/src/model.rs" 108 4 108 33] (self : borrowed (slice t)) : Seq.seq t = [%#smodel11] view'1 self.current @@ -12524,7 +12640,8 @@ module M_creusot_contracts__stdqy35z1__slice__qyi7128337469104663169__produces_r function to_mut_seq'0 [#"../../../creusot-contracts/src/std/slice.rs" 93 4 93 43] (self : borrowed (slice t)) : Seq.seq (borrowed t) - axiom to_mut_seq'0_spec : forall self : borrowed (slice t) . ([%#sslice6] forall i : int . 0 <= i + axiom to_mut_seq'0_spec : forall self : borrowed (slice t) . ([%#sslice6] forall i : int . Int128.to_int (0 : Int128.t) + <= i /\ i < Seq.length (to_mut_seq'0 self) -> Seq.get (to_mut_seq'0 self) i = Borrow.borrow_logic (index_logic'0 self.current i) (index_logic'0 self.final i) (Borrow.inherit_id (Borrow.get_id self) i)) @@ -12592,20 +12709,20 @@ module M_creusot_contracts__stdqy35z1__slice__qyi7128337469104663169__produces_t use prelude.prelude.Slice - use prelude.prelude.UIntSize + use prelude.prelude.UInt64.to_uint - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 use prelude.prelude.Int - constant v_MAX'0 : usize = (18446744073709551615 : usize) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) use seq.Seq function view'1 [#"../../../creusot-contracts/src/std/slice.rs" 31 4 31 33] (self : slice t) : Seq.seq t axiom view'1_spec : forall self : slice t . ([%#sslice13] view'1 self = Slice.id self) - && ([%#sslice12] Seq.length (view'1 self) <= UIntSize.to_int (v_MAX'0 : usize)) + && ([%#sslice12] Seq.length (view'1 self) <= UInt64.to_int (v_MAX'0 : UInt64.t)) function index_logic'0 [@inline:trivial] [#"../../../creusot-contracts/src/logic/ops.rs" 41 4 41 47] (self : slice t) (ix : int) : t @@ -12614,6 +12731,10 @@ module M_creusot_contracts__stdqy35z1__slice__qyi7128337469104663169__produces_t use seq.Seq + use prelude.prelude.Int128.to_int + + use prelude.prelude.Int128 + function view'2 [#"../../../creusot-contracts/src/model.rs" 108 4 108 33] (self : borrowed (slice t)) : Seq.seq t = [%#smodel15] view'1 self.current @@ -12622,7 +12743,8 @@ module M_creusot_contracts__stdqy35z1__slice__qyi7128337469104663169__produces_t function to_mut_seq'0 [#"../../../creusot-contracts/src/std/slice.rs" 93 4 93 43] (self : borrowed (slice t)) : Seq.seq (borrowed t) - axiom to_mut_seq'0_spec : forall self : borrowed (slice t) . ([%#sslice10] forall i : int . 0 <= i + axiom to_mut_seq'0_spec : forall self : borrowed (slice t) . ([%#sslice10] forall i : int . Int128.to_int (0 : Int128.t) + <= i /\ i < Seq.length (to_mut_seq'0 self) -> Seq.get (to_mut_seq'0 self) i = Borrow.borrow_logic (index_logic'0 self.current i) (index_logic'0 self.final i) (Borrow.inherit_id (Borrow.get_id self) i)) @@ -12663,10 +12785,10 @@ module T_core__time__Nanoseconds use prelude.prelude.Int type t_Nanoseconds = - | C_Nanoseconds uint32 + | C_Nanoseconds UInt32.t - let rec t_Nanoseconds (input:t_Nanoseconds) (ret (field_0:uint32))= any - [ good (field_0:uint32)-> {C_Nanoseconds field_0 = input} (! ret {field_0}) ] + let rec t_Nanoseconds (input:t_Nanoseconds) (ret (field_0:UInt32.t))= any + [ good (field_0:UInt32.t)-> {C_Nanoseconds field_0 = input} (! ret {field_0}) ] end module T_core__time__Duration @@ -12677,10 +12799,11 @@ module T_core__time__Duration use prelude.prelude.Int type t_Duration = - | C_Duration uint64 (Nanoseconds'0.t_Nanoseconds) + | C_Duration UInt64.t (Nanoseconds'0.t_Nanoseconds) - let rec t_Duration (input:t_Duration) (ret (secs:uint64) (nanos:Nanoseconds'0.t_Nanoseconds))= any - [ good (secs:uint64) (nanos:Nanoseconds'0.t_Nanoseconds)-> {C_Duration secs nanos = input} (! ret {secs} {nanos}) ] + let rec t_Duration (input:t_Duration) (ret (secs:UInt64.t) (nanos:Nanoseconds'0.t_Nanoseconds))= any + [ good (secs:UInt64.t) (nanos:Nanoseconds'0.t_Nanoseconds)-> {C_Duration secs nanos = input} + (! ret {secs} {nanos}) ] end module T_std__sys__pal__unix__time__Nanoseconds @@ -12689,10 +12812,10 @@ module T_std__sys__pal__unix__time__Nanoseconds use prelude.prelude.Int type t_Nanoseconds = - | C_Nanoseconds uint32 + | C_Nanoseconds UInt32.t - let rec t_Nanoseconds (input:t_Nanoseconds) (ret (field_0:uint32))= any - [ good (field_0:uint32)-> {C_Nanoseconds field_0 = input} (! ret {field_0}) ] + let rec t_Nanoseconds (input:t_Nanoseconds) (ret (field_0:UInt32.t))= any + [ good (field_0:UInt32.t)-> {C_Nanoseconds field_0 = input} (! ret {field_0}) ] end module T_std__sys__pal__unix__time__Timespec @@ -12703,10 +12826,10 @@ module T_std__sys__pal__unix__time__Timespec use prelude.prelude.Int type t_Timespec = - | C_Timespec int64 (Nanoseconds'0.t_Nanoseconds) + | C_Timespec Int64.t (Nanoseconds'0.t_Nanoseconds) - let rec t_Timespec (input:t_Timespec) (ret (tv_sec:int64) (tv_nsec:Nanoseconds'0.t_Nanoseconds))= any - [ good (tv_sec:int64) (tv_nsec:Nanoseconds'0.t_Nanoseconds)-> {C_Timespec tv_sec tv_nsec = input} + let rec t_Timespec (input:t_Timespec) (ret (tv_sec:Int64.t) (tv_nsec:Nanoseconds'0.t_Nanoseconds))= any + [ good (tv_sec:Int64.t) (tv_nsec:Nanoseconds'0.t_Nanoseconds)-> {C_Timespec tv_sec tv_nsec = input} (! ret {tv_sec} {tv_nsec}) ] end @@ -12743,7 +12866,7 @@ module T_alloc__vec__into_iter__IntoIter use T_core__mem__manually_drop__ManuallyDrop as ManuallyDrop'0 - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 use prelude.prelude.Int @@ -12752,10 +12875,10 @@ module T_alloc__vec__into_iter__IntoIter use T_core__ptr__non_null__NonNull as NonNull'0 type t_IntoIter 't 'a = - | C_IntoIter (NonNull'0.t_NonNull 't) (PhantomData'0.t_PhantomData 't) usize (ManuallyDrop'0.t_ManuallyDrop 'a) (NonNull'0.t_NonNull 't) opaque_ptr + | C_IntoIter (NonNull'0.t_NonNull 't) (PhantomData'0.t_PhantomData 't) UInt64.t (ManuallyDrop'0.t_ManuallyDrop 'a) (NonNull'0.t_NonNull 't) opaque_ptr - let rec t_IntoIter < 't > < 'a > (input:t_IntoIter 't 'a) (ret (buf:NonNull'0.t_NonNull 't) (phantom:PhantomData'0.t_PhantomData 't) (cap:usize) (alloc:ManuallyDrop'0.t_ManuallyDrop 'a) (ptr:NonNull'0.t_NonNull 't) (end':opaque_ptr))= any - [ good (buf:NonNull'0.t_NonNull 't) (phantom:PhantomData'0.t_PhantomData 't) (cap:usize) (alloc:ManuallyDrop'0.t_ManuallyDrop 'a) (ptr:NonNull'0.t_NonNull 't) (end':opaque_ptr)-> {C_IntoIter buf phantom cap alloc ptr end' + let rec t_IntoIter < 't > < 'a > (input:t_IntoIter 't 'a) (ret (buf:NonNull'0.t_NonNull 't) (phantom:PhantomData'0.t_PhantomData 't) (cap:UInt64.t) (alloc:ManuallyDrop'0.t_ManuallyDrop 'a) (ptr:NonNull'0.t_NonNull 't) (end':opaque_ptr))= any + [ good (buf:NonNull'0.t_NonNull 't) (phantom:PhantomData'0.t_PhantomData 't) (cap:UInt64.t) (alloc:ManuallyDrop'0.t_ManuallyDrop 'a) (ptr:NonNull'0.t_NonNull 't) (end':opaque_ptr)-> {C_IntoIter buf phantom cap alloc ptr end' = input} (! ret {buf} {phantom} {cap} {alloc} {ptr} {end'}) ] @@ -12792,7 +12915,7 @@ module M_creusot_contracts__stdqy35z1__vec__qyi12862303518309667396__produces_re goal vc_produces_refl : [%#svec0] produces'0 self (Seq.empty : Seq.seq t) self end -module T_num_rational__Ratio [#"../../../../../../../../.cargo/registry/src/index.crates.io-6f17d22bba15001f/num-rational-0.3.2/src/lib.rs" 52 0 52 19] +module T_num_rational__Ratio [#"../../../../../../../.cargo/registry/src/index.crates.io-6f17d22bba15001f/num-rational-0.3.2/src/lib.rs" 52 0 52 19] type t_Ratio 't = | C_Ratio 't 't @@ -12800,7 +12923,7 @@ module T_num_rational__Ratio [#"../../../../../../../../.cargo/registry/src/inde [ good (numer:'t) (denom:'t)-> {C_Ratio numer denom = input} (! ret {numer} {denom}) ] end -module T_num_bigint__bigint__Sign [#"../../../../../../../../.cargo/registry/src/index.crates.io-6f17d22bba15001f/num-bigint-0.3.3/src/bigint.rs" 41 0 41 13] +module T_num_bigint__bigint__Sign [#"../../../../../../../.cargo/registry/src/index.crates.io-6f17d22bba15001f/num-bigint-0.3.3/src/bigint.rs" 41 0 41 13] type t_Sign = | C_Minus | C_NoSign @@ -12818,7 +12941,7 @@ module T_num_bigint__bigint__Sign [#"../../../../../../../../.cargo/registry/src [ good -> {C_Plus = input} (! ret) | bad -> {C_Plus <> input} (! {false} any) ] end -module T_num_bigint__biguint__BigUint [#"../../../../../../../../.cargo/registry/src/index.crates.io-6f17d22bba15001f/num-bigint-0.3.3/src/biguint.rs" 39 0 39 18] +module T_num_bigint__biguint__BigUint [#"../../../../../../../.cargo/registry/src/index.crates.io-6f17d22bba15001f/num-bigint-0.3.3/src/biguint.rs" 39 0 39 18] use T_alloc__alloc__Global as Global'0 use prelude.prelude.UInt64 @@ -12828,13 +12951,13 @@ module T_num_bigint__biguint__BigUint [#"../../../../../../../../.cargo/registry use T_alloc__vec__Vec as Vec'0 type t_BigUint = - | C_BigUint (Vec'0.t_Vec uint64 (Global'0.t_Global)) + | C_BigUint (Vec'0.t_Vec UInt64.t (Global'0.t_Global)) - let rec t_BigUint (input:t_BigUint) (ret (data:Vec'0.t_Vec uint64 (Global'0.t_Global)))= any - [ good (data:Vec'0.t_Vec uint64 (Global'0.t_Global))-> {C_BigUint data = input} (! ret {data}) ] + let rec t_BigUint (input:t_BigUint) (ret (data:Vec'0.t_Vec UInt64.t (Global'0.t_Global)))= any + [ good (data:Vec'0.t_Vec UInt64.t (Global'0.t_Global))-> {C_BigUint data = input} (! ret {data}) ] end -module T_num_bigint__bigint__BigInt [#"../../../../../../../../.cargo/registry/src/index.crates.io-6f17d22bba15001f/num-bigint-0.3.3/src/bigint.rs" 63 0 63 17] +module T_num_bigint__bigint__BigInt [#"../../../../../../../.cargo/registry/src/index.crates.io-6f17d22bba15001f/num-bigint-0.3.3/src/bigint.rs" 63 0 63 17] use T_num_bigint__biguint__BigUint as BigUint'0 use T_num_bigint__bigint__Sign as Sign'0 @@ -13739,6 +13862,10 @@ module M_creusot_contracts__ghost_ptr__qyi14556734806454041375__are_eq [#"../../ use T_creusot_contracts__ghost_ptr__GhostPtrToken as GhostPtrToken'0 + use prelude.prelude.Int128.to_int + + use prelude.prelude.Int128 + use prelude.prelude.Int function addr_logic'0 [#"../../../creusot-contracts/src/ghost_ptr.rs" 158 4 158 30] (self : opaque_ptr) : int @@ -13747,7 +13874,7 @@ module M_creusot_contracts__ghost_ptr__qyi14556734806454041375__are_eq [#"../../ axiom null_logic'0_spec : forall _1 : () . ([%#sghost_ptr11] forall ptr : opaque_ptr . addr_logic'0 ptr = addr_logic'0 (null_logic'0 _1) -> ptr = null_logic'0 _1) - && ([%#sghost_ptr10] addr_logic'0 (null_logic'0 _1) = 0) + && ([%#sghost_ptr10] addr_logic'0 (null_logic'0 _1) = Int128.to_int (0 : Int128.t)) function view'1 [#"../../../creusot-contracts/src/ghost_ptr.rs" 36 4 36 33] (self : GhostPtrToken'0.t_GhostPtrToken t) : FMap'0.t_FMap opaque_ptr t @@ -13787,12 +13914,12 @@ module M_creusot_contracts__ghost_ptr__qyi14556734806454041375__are_eq [#"../../ use prelude.prelude.Intrinsic - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 - use prelude.prelude.UIntSize + use prelude.prelude.UInt64.to_uint - let rec addr'0 (self:opaque_ptr) (return' (ret:usize))= any - [ return' (result:usize)-> {[%#sghost_ptr7] UIntSize.to_int result = addr_logic'0 self} (! return' {result}) ] + let rec addr'0 (self:opaque_ptr) (return' (ret:UInt64.t))= any + [ return' (result:UInt64.t)-> {[%#sghost_ptr7] UInt64.to_int result = addr_logic'0 self} (! return' {result}) ] let rec injective_lemma'0 (self:GhostPtrToken'0.t_GhostPtrToken t) (return' (ret:()))= {[@expl:precondition] [%#sghost_ptr5] inv'0 self} @@ -13809,17 +13936,17 @@ module M_creusot_contracts__ghost_ptr__qyi14556734806454041375__are_eq [#"../../ {[%#sghost_ptr0] contains'0 (view'0 self) ptr1 \/ ptr1 = null_logic'0 ()} (! bb0 [ bb0 = s0 [ s0 = injective_lemma'0 {self} (fun (_ret':()) -> [ &_8 <- _ret' ] s1) | s1 = bb1 ] - | bb1 = s0 [ s0 = addr'0 {ptr1} (fun (_ret':usize) -> [ &_10 <- _ret' ] s1) | s1 = bb2 ] - | bb2 = s0 [ s0 = addr'0 {ptr2} (fun (_ret':usize) -> [ &_12 <- _ret' ] s1) | s1 = bb3 ] - | bb3 = s0 [ s0 = UIntSize.eq {_10} {_12} (fun (_ret':bool) -> [ &_0 <- _ret' ] s1) | s1 = return' {_0} ] ] + | bb1 = s0 [ s0 = addr'0 {ptr1} (fun (_ret':UInt64.t) -> [ &_10 <- _ret' ] s1) | s1 = bb2 ] + | bb2 = s0 [ s0 = addr'0 {ptr2} (fun (_ret':UInt64.t) -> [ &_12 <- _ret' ] s1) | s1 = bb3 ] + | bb3 = s0 [ s0 = UInt64.eq {_10} {_12} (fun (_ret':bool) -> [ &_0 <- _ret' ] s1) | s1 = return' {_0} ] ] ) [ & _0 : bool = any_l () | & self : GhostPtrToken'0.t_GhostPtrToken t = self | & ptr1 : opaque_ptr = ptr1 | & ptr2 : opaque_ptr = ptr2 | & _8 : () = any_l () - | & _10 : usize = any_l () - | & _12 : usize = any_l () ] + | & _10 : UInt64.t = any_l () + | & _12 : UInt64.t = any_l () ] [ return' (result:bool)-> {[@expl:postcondition] [%#sghost_ptr4] result = (ptr1 = ptr2)} {[@expl:postcondition] [%#sghost_ptr3] result = (addr_logic'0 ptr1 = addr_logic'0 ptr2)} @@ -13839,6 +13966,12 @@ module M_creusot_contracts__util__unwrap [#"../../../creusot-contracts/src/util. let%span sutil4 = "../../../creusot-contracts/src/util.rs" 27 10 27 11 let%span sutil5 = "../../../creusot-contracts/src/util.rs" 29 4 29 17 + use prelude.prelude.Int128.to_int + + use prelude.prelude.Int128 + + use prelude.prelude.Int + function unreachable'0 [#"../../../creusot-contracts/src/util.rs" 28 0 28 28] (_1 : ()) : t axiom unreachable'0_def : forall _1 : () . unreachable'0 _1 = ([%#sutil5] unreachable'0 ()) @@ -13953,6 +14086,10 @@ module M_creusot_contracts__ghost_ptr__qyi14556734806454041375__ptr_as_mut [#".. = [%#sfmap30] Map.get (view'2 self) k + use prelude.prelude.Int128.to_int + + use prelude.prelude.Int128 + use prelude.prelude.Int function addr_logic'0 [#"../../../creusot-contracts/src/ghost_ptr.rs" 158 4 158 30] (self : opaque_ptr) : int @@ -13961,7 +14098,7 @@ module M_creusot_contracts__ghost_ptr__qyi14556734806454041375__ptr_as_mut [#".. axiom null_logic'0_spec : forall _1 : () . ([%#sghost_ptr32] forall ptr : opaque_ptr . addr_logic'0 ptr = addr_logic'0 (null_logic'0 _1) -> ptr = null_logic'0 _1) - && ([%#sghost_ptr31] addr_logic'0 (null_logic'0 _1) = 0) + && ([%#sghost_ptr31] addr_logic'0 (null_logic'0 _1) = Int128.to_int (0 : Int128.t)) function view'1 [#"../../../creusot-contracts/src/ghost_ptr.rs" 36 4 36 33] (self : GhostPtrToken'0.t_GhostPtrToken t) : FMap'0.t_FMap opaque_ptr t @@ -13978,7 +14115,7 @@ module M_creusot_contracts__ghost_ptr__qyi14556734806454041375__ptr_as_mut [#".. function len'0 [#"../../../creusot-contracts/src/logic/fmap.rs" 14 4 14 27] (self : FMap'0.t_FMap opaque_ptr t) : int - axiom len'0_spec : forall self : FMap'0.t_FMap opaque_ptr t . [%#sfmap38] len'0 self >= 0 + axiom len'0_spec : forall self : FMap'0.t_FMap opaque_ptr t . [%#sfmap38] len'0 self >= Int128.to_int (0 : Int128.t) function contains'0 [@inline:trivial] [#"../../../creusot-contracts/src/logic/fmap.rs" 79 4 79 39] (self : FMap'0.t_FMap opaque_ptr t) (k : opaque_ptr) : bool @@ -13995,7 +14132,7 @@ module M_creusot_contracts__ghost_ptr__qyi14556734806454041375__ptr_as_mut [#".. axiom insert'0_spec : forall self : FMap'0.t_FMap opaque_ptr t, k : opaque_ptr, v : t . ([%#sfmap21] not contains'0 self k - -> len'0 (insert'0 self k v) = len'0 self + 1) + -> len'0 (insert'0 self k v) = len'0 self + Int128.to_int (1 : Int128.t)) && ([%#sfmap20] contains'0 self k -> len'0 (insert'0 self k v) = len'0 self) && ([%#sfmap19] view'2 (insert'0 self k v) = Map.set (view'2 self) k (Option'0.C_Some (make_sized'0 v))) @@ -14060,7 +14197,7 @@ module M_creusot_contracts__ghost_ptr__qyi14556734806454041375__ptr_as_mut [#".. axiom remove'0_spec : forall self : FMap'0.t_FMap opaque_ptr t, k : opaque_ptr . ([%#sfmap27] len'0 (remove'0 self k) - = (if contains'0 self k then len'0 self - 1 else len'0 self)) + = (if contains'0 self k then len'0 self - Int128.to_int (1 : Int128.t) else len'0 self)) && ([%#sfmap26] view'2 (remove'0 self k) = Map.set (view'2 self) k (Option'0.C_None)) let rec take_mut'0 (self:borrowed (GhostPtrTokenMut'0.t_GhostPtrTokenMut t)) (ptr:opaque_ptr) (return' (ret:borrowed t))= {[@expl:precondition] [%#sghost_ptr8] contains'0 (cur'0 self.current) ptr} @@ -14194,6 +14331,10 @@ module M_creusot_contracts__ghost_ptr__qyi14556734806454041375__drop [#"../../.. use T_creusot_contracts__ghost_ptr__GhostPtrToken as GhostPtrToken'0 + use prelude.prelude.Int128.to_int + + use prelude.prelude.Int128 + use prelude.prelude.Int function addr_logic'0 [#"../../../creusot-contracts/src/ghost_ptr.rs" 158 4 158 30] (self : opaque_ptr) : int @@ -14202,7 +14343,7 @@ module M_creusot_contracts__ghost_ptr__qyi14556734806454041375__drop [#"../../.. axiom null_logic'0_spec : forall _1 : () . ([%#sghost_ptr6] forall ptr : opaque_ptr . addr_logic'0 ptr = addr_logic'0 (null_logic'0 _1) -> ptr = null_logic'0 _1) - && ([%#sghost_ptr5] addr_logic'0 (null_logic'0 _1) = 0) + && ([%#sghost_ptr5] addr_logic'0 (null_logic'0 _1) = Int128.to_int (0 : Int128.t)) function view'0 [#"../../../creusot-contracts/src/ghost_ptr.rs" 36 4 36 33] (self : GhostPtrToken'0.t_GhostPtrToken t) : FMap'0.t_FMap opaque_ptr t @@ -14232,12 +14373,12 @@ module M_creusot_contracts__ghost_ptr__qyi14556734806454041375__drop [#"../../.. function len'0 [#"../../../creusot-contracts/src/logic/fmap.rs" 14 4 14 27] (self : FMap'0.t_FMap opaque_ptr t) : int - axiom len'0_spec : forall self : FMap'0.t_FMap opaque_ptr t . [%#sfmap17] len'0 self >= 0 + axiom len'0_spec : forall self : FMap'0.t_FMap opaque_ptr t . [%#sfmap17] len'0 self >= Int128.to_int (0 : Int128.t) function empty'0 [#"../../../creusot-contracts/src/logic/fmap.rs" 88 4 88 26] (_1 : ()) : FMap'0.t_FMap opaque_ptr t axiom empty'0_spec : forall _1 : () . ([%#sfmap10] view'1 (empty'0 _1) = Const.const (Option'0.C_None)) - && ([%#sfmap9] len'0 (empty'0 _1) = 0) + && ([%#sfmap9] len'0 (empty'0 _1) = Int128.to_int (0 : Int128.t)) function is_empty'0 [#"../../../creusot-contracts/src/logic/fmap.rs" 94 4 94 33] (self : FMap'0.t_FMap opaque_ptr t) : bool @@ -14305,6 +14446,10 @@ module M_creusot_contracts__ghost_ptr__qyi12069901807935209935__deref [#"../../. use T_creusot_contracts__ghost_ptr__GhostPtrToken as GhostPtrToken'0 + use prelude.prelude.Int128.to_int + + use prelude.prelude.Int128 + use prelude.prelude.Int function addr_logic'0 [#"../../../creusot-contracts/src/ghost_ptr.rs" 158 4 158 30] (self : opaque_ptr) : int @@ -14313,7 +14458,7 @@ module M_creusot_contracts__ghost_ptr__qyi12069901807935209935__deref [#"../../. axiom null_logic'0_spec : forall _1 : () . ([%#sghost_ptr10] forall ptr : opaque_ptr . addr_logic'0 ptr = addr_logic'0 (null_logic'0 _1) -> ptr = null_logic'0 _1) - && ([%#sghost_ptr9] addr_logic'0 (null_logic'0 _1) = 0) + && ([%#sghost_ptr9] addr_logic'0 (null_logic'0 _1) = Int128.to_int (0 : Int128.t)) function view'3 [#"../../../creusot-contracts/src/ghost_ptr.rs" 36 4 36 33] (self : GhostPtrToken'0.t_GhostPtrToken t) : FMap'0.t_FMap opaque_ptr t @@ -14426,17 +14571,18 @@ module T_core__cell__Cell end module T_alloc__rc__RcBox - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 use prelude.prelude.Int use T_core__cell__Cell as Cell'0 type t_RcBox 't = - | C_RcBox (Cell'0.t_Cell usize) (Cell'0.t_Cell usize) 't + | C_RcBox (Cell'0.t_Cell UInt64.t) (Cell'0.t_Cell UInt64.t) 't - let rec t_RcBox < 't > (input:t_RcBox 't) (ret (strong:Cell'0.t_Cell usize) (weak:Cell'0.t_Cell usize) (value:'t))= any - [ good (strong:Cell'0.t_Cell usize) (weak:Cell'0.t_Cell usize) (value:'t)-> {C_RcBox strong weak value = input} + let rec t_RcBox < 't > (input:t_RcBox 't) (ret (strong:Cell'0.t_Cell UInt64.t) (weak:Cell'0.t_Cell UInt64.t) (value:'t))= any + [ good (strong:Cell'0.t_Cell UInt64.t) (weak:Cell'0.t_Cell UInt64.t) (value:'t)-> {C_RcBox strong weak value + = input} (! ret {strong} {weak} {value}) ] end @@ -14457,17 +14603,17 @@ module T_alloc__rc__Rc end module T_core__sync__atomic__AtomicUsize - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 use prelude.prelude.Int use T_core__cell__UnsafeCell as UnsafeCell'0 type t_AtomicUsize = - | C_AtomicUsize (UnsafeCell'0.t_UnsafeCell usize) + | C_AtomicUsize (UnsafeCell'0.t_UnsafeCell UInt64.t) - let rec t_AtomicUsize (input:t_AtomicUsize) (ret (v:UnsafeCell'0.t_UnsafeCell usize))= any - [ good (v:UnsafeCell'0.t_UnsafeCell usize)-> {C_AtomicUsize v = input} (! ret {v}) ] + let rec t_AtomicUsize (input:t_AtomicUsize) (ret (v:UnsafeCell'0.t_UnsafeCell UInt64.t))= any + [ good (v:UnsafeCell'0.t_UnsafeCell UInt64.t)-> {C_AtomicUsize v = input} (! ret {v}) ] end module T_alloc__sync__ArcInner @@ -14508,10 +14654,10 @@ module T_alloc__string__String use T_alloc__vec__Vec as Vec'0 type t_String = - | C_String (Vec'0.t_Vec uint8 (Global'0.t_Global)) + | C_String (Vec'0.t_Vec UInt8.t (Global'0.t_Global)) - let rec t_String (input:t_String) (ret (vec:Vec'0.t_Vec uint8 (Global'0.t_Global)))= any - [ good (vec:Vec'0.t_Vec uint8 (Global'0.t_Global))-> {C_String vec = input} (! ret {vec}) ] + let rec t_String (input:t_String) (ret (vec:Vec'0.t_Vec UInt8.t (Global'0.t_Global)))= any + [ good (vec:Vec'0.t_Vec UInt8.t (Global'0.t_Global))-> {C_String vec = input} (! ret {vec}) ] end module M_creusot_contracts__resolve__qyi4855891653524509355__resolve_coherence [#"../../../creusot-contracts/src/resolve.rs" 34 4 34 31] (* <(T1, T2) as resolve::Resolve> *) @@ -14728,15 +14874,15 @@ module M_creusot_contracts__stdqy35z1__deque__qyi10402007893065000312 [#"../../. type a end module M_creusot_contracts__logic__ord__qyi8355372356285216375 [#"../../../creusot-contracts/src/logic/ord.rs" 131 8 131 28] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35 - let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37 - let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39 - let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37 - let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39 + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24 + let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37 + let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39 + let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37 + let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39 let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 use T_core__cmp__Ordering as Ordering'0 @@ -14748,47 +14894,47 @@ module M_creusot_contracts__logic__ord__qyi8355372356285216375 [#"../../../creus = [%#sord9] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - goal cmp_le_log_refn : [%#sord0] forall x : int . forall y : int . forall result : () . (x <= y) - = (cmp_log'0 x y <> Ordering'0.C_Greater) -> (x <= y) = (cmp_log'0 x y <> Ordering'0.C_Greater) + goal eq_cmp_refn : [%#sord0] forall x : int . forall y : int . forall result : () . (x = y) + = (cmp_log'0 x y = Ordering'0.C_Equal) -> (x = y) = (cmp_log'0 x y = Ordering'0.C_Equal) + + goal cmp_lt_log_refn : [%#sord1] forall x : int . forall y : int . forall result : () . (x < y) + = (cmp_log'0 x y = Ordering'0.C_Less) -> (x < y) = (cmp_log'0 x y = Ordering'0.C_Less) + + goal cmp_ge_log_refn : [%#sord2] forall x : int . forall y : int . forall result : () . (x >= y) + = (cmp_log'0 x y <> Ordering'0.C_Less) -> (x >= y) = (cmp_log'0 x y <> Ordering'0.C_Less) - goal trans_refn : [%#sord1] forall x : int . forall y : int . forall z : int . forall o : Ordering'0.t_Ordering . cmp_log'0 y z + goal trans_refn : [%#sord3] forall x : int . forall y : int . forall z : int . forall o : Ordering'0.t_Ordering . cmp_log'0 y z = o /\ cmp_log'0 x y = o -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) - goal refl_refn : [%#sord2] forall x : int . forall result : () . cmp_log'0 x x = Ordering'0.C_Equal + goal refl_refn : [%#sord4] forall x : int . forall result : () . cmp_log'0 x x = Ordering'0.C_Equal -> cmp_log'0 x x = Ordering'0.C_Equal - goal cmp_gt_log_refn : [%#sord3] forall x : int . forall y : int . forall result : () . (x > y) - = (cmp_log'0 x y = Ordering'0.C_Greater) -> (x > y) = (cmp_log'0 x y = Ordering'0.C_Greater) + goal antisym2_refn : [%#sord5] forall x : int . forall y : int . cmp_log'0 x y = Ordering'0.C_Greater + -> cmp_log'0 x y = Ordering'0.C_Greater + /\ (forall result : () . cmp_log'0 y x = Ordering'0.C_Less -> cmp_log'0 y x = Ordering'0.C_Less) - goal eq_cmp_refn : [%#sord4] forall x : int . forall y : int . forall result : () . (x = y) - = (cmp_log'0 x y = Ordering'0.C_Equal) -> (x = y) = (cmp_log'0 x y = Ordering'0.C_Equal) + goal cmp_le_log_refn : [%#sord6] forall x : int . forall y : int . forall result : () . (x <= y) + = (cmp_log'0 x y <> Ordering'0.C_Greater) -> (x <= y) = (cmp_log'0 x y <> Ordering'0.C_Greater) - goal antisym1_refn : [%#sord5] forall x : int . forall y : int . cmp_log'0 x y = Ordering'0.C_Less + goal antisym1_refn : [%#sord7] forall x : int . forall y : int . cmp_log'0 x y = Ordering'0.C_Less -> cmp_log'0 x y = Ordering'0.C_Less /\ (forall result : () . cmp_log'0 y x = Ordering'0.C_Greater -> cmp_log'0 y x = Ordering'0.C_Greater) - goal cmp_ge_log_refn : [%#sord6] forall x : int . forall y : int . forall result : () . (x >= y) - = (cmp_log'0 x y <> Ordering'0.C_Less) -> (x >= y) = (cmp_log'0 x y <> Ordering'0.C_Less) - - goal antisym2_refn : [%#sord7] forall x : int . forall y : int . cmp_log'0 x y = Ordering'0.C_Greater - -> cmp_log'0 x y = Ordering'0.C_Greater - /\ (forall result : () . cmp_log'0 y x = Ordering'0.C_Less -> cmp_log'0 y x = Ordering'0.C_Less) - - goal cmp_lt_log_refn : [%#sord8] forall x : int . forall y : int . forall result : () . (x < y) - = (cmp_log'0 x y = Ordering'0.C_Less) -> (x < y) = (cmp_log'0 x y = Ordering'0.C_Less) + goal cmp_gt_log_refn : [%#sord8] forall x : int . forall y : int . forall result : () . (x > y) + = (cmp_log'0 x y = Ordering'0.C_Greater) -> (x > y) = (cmp_log'0 x y = Ordering'0.C_Greater) end module M_creusot_contracts__logic__ord__qyi15418235539824427604 [#"../../../creusot-contracts/src/logic/ord.rs" 131 8 131 28] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35 - let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37 - let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39 - let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37 - let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39 + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24 + let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37 + let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39 + let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37 + let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39 let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 use T_core__cmp__Ordering as Ordering'0 @@ -14797,52 +14943,52 @@ module M_creusot_contracts__logic__ord__qyi15418235539824427604 [#"../../../creu use prelude.prelude.Int - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint8) (o : uint8) : Ordering'0.t_Ordering + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : UInt8.t) (o : UInt8.t) : Ordering'0.t_Ordering = [%#sord9] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - goal cmp_le_log_refn : [%#sord0] forall x : uint8 . forall y : uint8 . forall result : () . (x <= y) - = (cmp_log'0 x y <> Ordering'0.C_Greater) -> (x <= y) = (cmp_log'0 x y <> Ordering'0.C_Greater) + goal eq_cmp_refn : [%#sord0] forall x : UInt8.t . forall y : UInt8.t . forall result : () . (x = y) + = (cmp_log'0 x y = Ordering'0.C_Equal) -> (x = y) = (cmp_log'0 x y = Ordering'0.C_Equal) + + goal cmp_lt_log_refn : [%#sord1] forall x : UInt8.t . forall y : UInt8.t . forall result : () . (x < y) + = (cmp_log'0 x y = Ordering'0.C_Less) -> (x < y) = (cmp_log'0 x y = Ordering'0.C_Less) + + goal cmp_ge_log_refn : [%#sord2] forall x : UInt8.t . forall y : UInt8.t . forall result : () . (x >= y) + = (cmp_log'0 x y <> Ordering'0.C_Less) -> (x >= y) = (cmp_log'0 x y <> Ordering'0.C_Less) - goal trans_refn : [%#sord1] forall x : uint8 . forall y : uint8 . forall z : uint8 . forall o : Ordering'0.t_Ordering . cmp_log'0 y z + goal trans_refn : [%#sord3] forall x : UInt8.t . forall y : UInt8.t . forall z : UInt8.t . forall o : Ordering'0.t_Ordering . cmp_log'0 y z = o /\ cmp_log'0 x y = o -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) - goal refl_refn : [%#sord2] forall x : uint8 . forall result : () . cmp_log'0 x x = Ordering'0.C_Equal + goal refl_refn : [%#sord4] forall x : UInt8.t . forall result : () . cmp_log'0 x x = Ordering'0.C_Equal -> cmp_log'0 x x = Ordering'0.C_Equal - goal cmp_gt_log_refn : [%#sord3] forall x : uint8 . forall y : uint8 . forall result : () . (x > y) - = (cmp_log'0 x y = Ordering'0.C_Greater) -> (x > y) = (cmp_log'0 x y = Ordering'0.C_Greater) + goal antisym2_refn : [%#sord5] forall x : UInt8.t . forall y : UInt8.t . cmp_log'0 x y = Ordering'0.C_Greater + -> cmp_log'0 x y = Ordering'0.C_Greater + /\ (forall result : () . cmp_log'0 y x = Ordering'0.C_Less -> cmp_log'0 y x = Ordering'0.C_Less) - goal eq_cmp_refn : [%#sord4] forall x : uint8 . forall y : uint8 . forall result : () . (x = y) - = (cmp_log'0 x y = Ordering'0.C_Equal) -> (x = y) = (cmp_log'0 x y = Ordering'0.C_Equal) + goal cmp_le_log_refn : [%#sord6] forall x : UInt8.t . forall y : UInt8.t . forall result : () . (x <= y) + = (cmp_log'0 x y <> Ordering'0.C_Greater) -> (x <= y) = (cmp_log'0 x y <> Ordering'0.C_Greater) - goal antisym1_refn : [%#sord5] forall x : uint8 . forall y : uint8 . cmp_log'0 x y = Ordering'0.C_Less + goal antisym1_refn : [%#sord7] forall x : UInt8.t . forall y : UInt8.t . cmp_log'0 x y = Ordering'0.C_Less -> cmp_log'0 x y = Ordering'0.C_Less /\ (forall result : () . cmp_log'0 y x = Ordering'0.C_Greater -> cmp_log'0 y x = Ordering'0.C_Greater) - goal cmp_ge_log_refn : [%#sord6] forall x : uint8 . forall y : uint8 . forall result : () . (x >= y) - = (cmp_log'0 x y <> Ordering'0.C_Less) -> (x >= y) = (cmp_log'0 x y <> Ordering'0.C_Less) - - goal antisym2_refn : [%#sord7] forall x : uint8 . forall y : uint8 . cmp_log'0 x y = Ordering'0.C_Greater - -> cmp_log'0 x y = Ordering'0.C_Greater - /\ (forall result : () . cmp_log'0 y x = Ordering'0.C_Less -> cmp_log'0 y x = Ordering'0.C_Less) - - goal cmp_lt_log_refn : [%#sord8] forall x : uint8 . forall y : uint8 . forall result : () . (x < y) - = (cmp_log'0 x y = Ordering'0.C_Less) -> (x < y) = (cmp_log'0 x y = Ordering'0.C_Less) + goal cmp_gt_log_refn : [%#sord8] forall x : UInt8.t . forall y : UInt8.t . forall result : () . (x > y) + = (cmp_log'0 x y = Ordering'0.C_Greater) -> (x > y) = (cmp_log'0 x y = Ordering'0.C_Greater) end module M_creusot_contracts__logic__ord__qyi7305497527599188430 [#"../../../creusot-contracts/src/logic/ord.rs" 131 8 131 28] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35 - let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37 - let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39 - let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37 - let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39 + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24 + let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37 + let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39 + let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37 + let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39 let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 use T_core__cmp__Ordering as Ordering'0 @@ -14851,52 +14997,52 @@ module M_creusot_contracts__logic__ord__qyi7305497527599188430 [#"../../../creus use prelude.prelude.Int - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint16) (o : uint16) : Ordering'0.t_Ordering + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : UInt16.t) (o : UInt16.t) : Ordering'0.t_Ordering = [%#sord9] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - goal cmp_le_log_refn : [%#sord0] forall x : uint16 . forall y : uint16 . forall result : () . (x <= y) - = (cmp_log'0 x y <> Ordering'0.C_Greater) -> (x <= y) = (cmp_log'0 x y <> Ordering'0.C_Greater) + goal eq_cmp_refn : [%#sord0] forall x : UInt16.t . forall y : UInt16.t . forall result : () . (x = y) + = (cmp_log'0 x y = Ordering'0.C_Equal) -> (x = y) = (cmp_log'0 x y = Ordering'0.C_Equal) + + goal cmp_lt_log_refn : [%#sord1] forall x : UInt16.t . forall y : UInt16.t . forall result : () . (x < y) + = (cmp_log'0 x y = Ordering'0.C_Less) -> (x < y) = (cmp_log'0 x y = Ordering'0.C_Less) + + goal cmp_ge_log_refn : [%#sord2] forall x : UInt16.t . forall y : UInt16.t . forall result : () . (x >= y) + = (cmp_log'0 x y <> Ordering'0.C_Less) -> (x >= y) = (cmp_log'0 x y <> Ordering'0.C_Less) - goal trans_refn : [%#sord1] forall x : uint16 . forall y : uint16 . forall z : uint16 . forall o : Ordering'0.t_Ordering . cmp_log'0 y z + goal trans_refn : [%#sord3] forall x : UInt16.t . forall y : UInt16.t . forall z : UInt16.t . forall o : Ordering'0.t_Ordering . cmp_log'0 y z = o /\ cmp_log'0 x y = o -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) - goal refl_refn : [%#sord2] forall x : uint16 . forall result : () . cmp_log'0 x x = Ordering'0.C_Equal + goal refl_refn : [%#sord4] forall x : UInt16.t . forall result : () . cmp_log'0 x x = Ordering'0.C_Equal -> cmp_log'0 x x = Ordering'0.C_Equal - goal cmp_gt_log_refn : [%#sord3] forall x : uint16 . forall y : uint16 . forall result : () . (x > y) - = (cmp_log'0 x y = Ordering'0.C_Greater) -> (x > y) = (cmp_log'0 x y = Ordering'0.C_Greater) + goal antisym2_refn : [%#sord5] forall x : UInt16.t . forall y : UInt16.t . cmp_log'0 x y = Ordering'0.C_Greater + -> cmp_log'0 x y = Ordering'0.C_Greater + /\ (forall result : () . cmp_log'0 y x = Ordering'0.C_Less -> cmp_log'0 y x = Ordering'0.C_Less) - goal eq_cmp_refn : [%#sord4] forall x : uint16 . forall y : uint16 . forall result : () . (x = y) - = (cmp_log'0 x y = Ordering'0.C_Equal) -> (x = y) = (cmp_log'0 x y = Ordering'0.C_Equal) + goal cmp_le_log_refn : [%#sord6] forall x : UInt16.t . forall y : UInt16.t . forall result : () . (x <= y) + = (cmp_log'0 x y <> Ordering'0.C_Greater) -> (x <= y) = (cmp_log'0 x y <> Ordering'0.C_Greater) - goal antisym1_refn : [%#sord5] forall x : uint16 . forall y : uint16 . cmp_log'0 x y = Ordering'0.C_Less + goal antisym1_refn : [%#sord7] forall x : UInt16.t . forall y : UInt16.t . cmp_log'0 x y = Ordering'0.C_Less -> cmp_log'0 x y = Ordering'0.C_Less /\ (forall result : () . cmp_log'0 y x = Ordering'0.C_Greater -> cmp_log'0 y x = Ordering'0.C_Greater) - goal cmp_ge_log_refn : [%#sord6] forall x : uint16 . forall y : uint16 . forall result : () . (x >= y) - = (cmp_log'0 x y <> Ordering'0.C_Less) -> (x >= y) = (cmp_log'0 x y <> Ordering'0.C_Less) - - goal antisym2_refn : [%#sord7] forall x : uint16 . forall y : uint16 . cmp_log'0 x y = Ordering'0.C_Greater - -> cmp_log'0 x y = Ordering'0.C_Greater - /\ (forall result : () . cmp_log'0 y x = Ordering'0.C_Less -> cmp_log'0 y x = Ordering'0.C_Less) - - goal cmp_lt_log_refn : [%#sord8] forall x : uint16 . forall y : uint16 . forall result : () . (x < y) - = (cmp_log'0 x y = Ordering'0.C_Less) -> (x < y) = (cmp_log'0 x y = Ordering'0.C_Less) + goal cmp_gt_log_refn : [%#sord8] forall x : UInt16.t . forall y : UInt16.t . forall result : () . (x > y) + = (cmp_log'0 x y = Ordering'0.C_Greater) -> (x > y) = (cmp_log'0 x y = Ordering'0.C_Greater) end module M_creusot_contracts__logic__ord__qyi4526525114627399862 [#"../../../creusot-contracts/src/logic/ord.rs" 131 8 131 28] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35 - let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37 - let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39 - let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37 - let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39 + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24 + let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37 + let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39 + let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37 + let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39 let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 use T_core__cmp__Ordering as Ordering'0 @@ -14905,52 +15051,52 @@ module M_creusot_contracts__logic__ord__qyi4526525114627399862 [#"../../../creus use prelude.prelude.Int - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint32) (o : uint32) : Ordering'0.t_Ordering + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : UInt32.t) (o : UInt32.t) : Ordering'0.t_Ordering = [%#sord9] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - goal cmp_le_log_refn : [%#sord0] forall x : uint32 . forall y : uint32 . forall result : () . (x <= y) - = (cmp_log'0 x y <> Ordering'0.C_Greater) -> (x <= y) = (cmp_log'0 x y <> Ordering'0.C_Greater) + goal eq_cmp_refn : [%#sord0] forall x : UInt32.t . forall y : UInt32.t . forall result : () . (x = y) + = (cmp_log'0 x y = Ordering'0.C_Equal) -> (x = y) = (cmp_log'0 x y = Ordering'0.C_Equal) + + goal cmp_lt_log_refn : [%#sord1] forall x : UInt32.t . forall y : UInt32.t . forall result : () . (x < y) + = (cmp_log'0 x y = Ordering'0.C_Less) -> (x < y) = (cmp_log'0 x y = Ordering'0.C_Less) + + goal cmp_ge_log_refn : [%#sord2] forall x : UInt32.t . forall y : UInt32.t . forall result : () . (x >= y) + = (cmp_log'0 x y <> Ordering'0.C_Less) -> (x >= y) = (cmp_log'0 x y <> Ordering'0.C_Less) - goal trans_refn : [%#sord1] forall x : uint32 . forall y : uint32 . forall z : uint32 . forall o : Ordering'0.t_Ordering . cmp_log'0 y z + goal trans_refn : [%#sord3] forall x : UInt32.t . forall y : UInt32.t . forall z : UInt32.t . forall o : Ordering'0.t_Ordering . cmp_log'0 y z = o /\ cmp_log'0 x y = o -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) - goal refl_refn : [%#sord2] forall x : uint32 . forall result : () . cmp_log'0 x x = Ordering'0.C_Equal + goal refl_refn : [%#sord4] forall x : UInt32.t . forall result : () . cmp_log'0 x x = Ordering'0.C_Equal -> cmp_log'0 x x = Ordering'0.C_Equal - goal cmp_gt_log_refn : [%#sord3] forall x : uint32 . forall y : uint32 . forall result : () . (x > y) - = (cmp_log'0 x y = Ordering'0.C_Greater) -> (x > y) = (cmp_log'0 x y = Ordering'0.C_Greater) + goal antisym2_refn : [%#sord5] forall x : UInt32.t . forall y : UInt32.t . cmp_log'0 x y = Ordering'0.C_Greater + -> cmp_log'0 x y = Ordering'0.C_Greater + /\ (forall result : () . cmp_log'0 y x = Ordering'0.C_Less -> cmp_log'0 y x = Ordering'0.C_Less) - goal eq_cmp_refn : [%#sord4] forall x : uint32 . forall y : uint32 . forall result : () . (x = y) - = (cmp_log'0 x y = Ordering'0.C_Equal) -> (x = y) = (cmp_log'0 x y = Ordering'0.C_Equal) + goal cmp_le_log_refn : [%#sord6] forall x : UInt32.t . forall y : UInt32.t . forall result : () . (x <= y) + = (cmp_log'0 x y <> Ordering'0.C_Greater) -> (x <= y) = (cmp_log'0 x y <> Ordering'0.C_Greater) - goal antisym1_refn : [%#sord5] forall x : uint32 . forall y : uint32 . cmp_log'0 x y = Ordering'0.C_Less + goal antisym1_refn : [%#sord7] forall x : UInt32.t . forall y : UInt32.t . cmp_log'0 x y = Ordering'0.C_Less -> cmp_log'0 x y = Ordering'0.C_Less /\ (forall result : () . cmp_log'0 y x = Ordering'0.C_Greater -> cmp_log'0 y x = Ordering'0.C_Greater) - goal cmp_ge_log_refn : [%#sord6] forall x : uint32 . forall y : uint32 . forall result : () . (x >= y) - = (cmp_log'0 x y <> Ordering'0.C_Less) -> (x >= y) = (cmp_log'0 x y <> Ordering'0.C_Less) - - goal antisym2_refn : [%#sord7] forall x : uint32 . forall y : uint32 . cmp_log'0 x y = Ordering'0.C_Greater - -> cmp_log'0 x y = Ordering'0.C_Greater - /\ (forall result : () . cmp_log'0 y x = Ordering'0.C_Less -> cmp_log'0 y x = Ordering'0.C_Less) - - goal cmp_lt_log_refn : [%#sord8] forall x : uint32 . forall y : uint32 . forall result : () . (x < y) - = (cmp_log'0 x y = Ordering'0.C_Less) -> (x < y) = (cmp_log'0 x y = Ordering'0.C_Less) + goal cmp_gt_log_refn : [%#sord8] forall x : UInt32.t . forall y : UInt32.t . forall result : () . (x > y) + = (cmp_log'0 x y = Ordering'0.C_Greater) -> (x > y) = (cmp_log'0 x y = Ordering'0.C_Greater) end module M_creusot_contracts__logic__ord__qyi11489483489418918928 [#"../../../creusot-contracts/src/logic/ord.rs" 131 8 131 28] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35 - let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37 - let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39 - let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37 - let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39 + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24 + let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37 + let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39 + let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37 + let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39 let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 use T_core__cmp__Ordering as Ordering'0 @@ -14959,52 +15105,52 @@ module M_creusot_contracts__logic__ord__qyi11489483489418918928 [#"../../../creu use prelude.prelude.Int - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint64) (o : uint64) : Ordering'0.t_Ordering + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : UInt64.t) (o : UInt64.t) : Ordering'0.t_Ordering = [%#sord9] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - goal cmp_le_log_refn : [%#sord0] forall x : uint64 . forall y : uint64 . forall result : () . (x <= y) - = (cmp_log'0 x y <> Ordering'0.C_Greater) -> (x <= y) = (cmp_log'0 x y <> Ordering'0.C_Greater) + goal eq_cmp_refn : [%#sord0] forall x : UInt64.t . forall y : UInt64.t . forall result : () . (x = y) + = (cmp_log'0 x y = Ordering'0.C_Equal) -> (x = y) = (cmp_log'0 x y = Ordering'0.C_Equal) + + goal cmp_lt_log_refn : [%#sord1] forall x : UInt64.t . forall y : UInt64.t . forall result : () . (x < y) + = (cmp_log'0 x y = Ordering'0.C_Less) -> (x < y) = (cmp_log'0 x y = Ordering'0.C_Less) + + goal cmp_ge_log_refn : [%#sord2] forall x : UInt64.t . forall y : UInt64.t . forall result : () . (x >= y) + = (cmp_log'0 x y <> Ordering'0.C_Less) -> (x >= y) = (cmp_log'0 x y <> Ordering'0.C_Less) - goal trans_refn : [%#sord1] forall x : uint64 . forall y : uint64 . forall z : uint64 . forall o : Ordering'0.t_Ordering . cmp_log'0 y z + goal trans_refn : [%#sord3] forall x : UInt64.t . forall y : UInt64.t . forall z : UInt64.t . forall o : Ordering'0.t_Ordering . cmp_log'0 y z = o /\ cmp_log'0 x y = o -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) - goal refl_refn : [%#sord2] forall x : uint64 . forall result : () . cmp_log'0 x x = Ordering'0.C_Equal + goal refl_refn : [%#sord4] forall x : UInt64.t . forall result : () . cmp_log'0 x x = Ordering'0.C_Equal -> cmp_log'0 x x = Ordering'0.C_Equal - goal cmp_gt_log_refn : [%#sord3] forall x : uint64 . forall y : uint64 . forall result : () . (x > y) - = (cmp_log'0 x y = Ordering'0.C_Greater) -> (x > y) = (cmp_log'0 x y = Ordering'0.C_Greater) + goal antisym2_refn : [%#sord5] forall x : UInt64.t . forall y : UInt64.t . cmp_log'0 x y = Ordering'0.C_Greater + -> cmp_log'0 x y = Ordering'0.C_Greater + /\ (forall result : () . cmp_log'0 y x = Ordering'0.C_Less -> cmp_log'0 y x = Ordering'0.C_Less) - goal eq_cmp_refn : [%#sord4] forall x : uint64 . forall y : uint64 . forall result : () . (x = y) - = (cmp_log'0 x y = Ordering'0.C_Equal) -> (x = y) = (cmp_log'0 x y = Ordering'0.C_Equal) + goal cmp_le_log_refn : [%#sord6] forall x : UInt64.t . forall y : UInt64.t . forall result : () . (x <= y) + = (cmp_log'0 x y <> Ordering'0.C_Greater) -> (x <= y) = (cmp_log'0 x y <> Ordering'0.C_Greater) - goal antisym1_refn : [%#sord5] forall x : uint64 . forall y : uint64 . cmp_log'0 x y = Ordering'0.C_Less + goal antisym1_refn : [%#sord7] forall x : UInt64.t . forall y : UInt64.t . cmp_log'0 x y = Ordering'0.C_Less -> cmp_log'0 x y = Ordering'0.C_Less /\ (forall result : () . cmp_log'0 y x = Ordering'0.C_Greater -> cmp_log'0 y x = Ordering'0.C_Greater) - goal cmp_ge_log_refn : [%#sord6] forall x : uint64 . forall y : uint64 . forall result : () . (x >= y) - = (cmp_log'0 x y <> Ordering'0.C_Less) -> (x >= y) = (cmp_log'0 x y <> Ordering'0.C_Less) - - goal antisym2_refn : [%#sord7] forall x : uint64 . forall y : uint64 . cmp_log'0 x y = Ordering'0.C_Greater - -> cmp_log'0 x y = Ordering'0.C_Greater - /\ (forall result : () . cmp_log'0 y x = Ordering'0.C_Less -> cmp_log'0 y x = Ordering'0.C_Less) - - goal cmp_lt_log_refn : [%#sord8] forall x : uint64 . forall y : uint64 . forall result : () . (x < y) - = (cmp_log'0 x y = Ordering'0.C_Less) -> (x < y) = (cmp_log'0 x y = Ordering'0.C_Less) + goal cmp_gt_log_refn : [%#sord8] forall x : UInt64.t . forall y : UInt64.t . forall result : () . (x > y) + = (cmp_log'0 x y = Ordering'0.C_Greater) -> (x > y) = (cmp_log'0 x y = Ordering'0.C_Greater) end module M_creusot_contracts__logic__ord__qyi13757098721041279861 [#"../../../creusot-contracts/src/logic/ord.rs" 131 8 131 28] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35 - let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37 - let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39 - let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37 - let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39 + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24 + let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37 + let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39 + let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37 + let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39 let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 use T_core__cmp__Ordering as Ordering'0 @@ -15013,106 +15159,106 @@ module M_creusot_contracts__logic__ord__qyi13757098721041279861 [#"../../../creu use prelude.prelude.Int - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint128) (o : uint128) : Ordering'0.t_Ordering + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : UInt128.t) (o : UInt128.t) : Ordering'0.t_Ordering = [%#sord9] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - goal cmp_le_log_refn : [%#sord0] forall x : uint128 . forall y : uint128 . forall result : () . (x <= y) - = (cmp_log'0 x y <> Ordering'0.C_Greater) -> (x <= y) = (cmp_log'0 x y <> Ordering'0.C_Greater) + goal eq_cmp_refn : [%#sord0] forall x : UInt128.t . forall y : UInt128.t . forall result : () . (x = y) + = (cmp_log'0 x y = Ordering'0.C_Equal) -> (x = y) = (cmp_log'0 x y = Ordering'0.C_Equal) + + goal cmp_lt_log_refn : [%#sord1] forall x : UInt128.t . forall y : UInt128.t . forall result : () . (x < y) + = (cmp_log'0 x y = Ordering'0.C_Less) -> (x < y) = (cmp_log'0 x y = Ordering'0.C_Less) + + goal cmp_ge_log_refn : [%#sord2] forall x : UInt128.t . forall y : UInt128.t . forall result : () . (x >= y) + = (cmp_log'0 x y <> Ordering'0.C_Less) -> (x >= y) = (cmp_log'0 x y <> Ordering'0.C_Less) - goal trans_refn : [%#sord1] forall x : uint128 . forall y : uint128 . forall z : uint128 . forall o : Ordering'0.t_Ordering . cmp_log'0 y z + goal trans_refn : [%#sord3] forall x : UInt128.t . forall y : UInt128.t . forall z : UInt128.t . forall o : Ordering'0.t_Ordering . cmp_log'0 y z = o /\ cmp_log'0 x y = o -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) - goal refl_refn : [%#sord2] forall x : uint128 . forall result : () . cmp_log'0 x x = Ordering'0.C_Equal + goal refl_refn : [%#sord4] forall x : UInt128.t . forall result : () . cmp_log'0 x x = Ordering'0.C_Equal -> cmp_log'0 x x = Ordering'0.C_Equal - goal cmp_gt_log_refn : [%#sord3] forall x : uint128 . forall y : uint128 . forall result : () . (x > y) - = (cmp_log'0 x y = Ordering'0.C_Greater) -> (x > y) = (cmp_log'0 x y = Ordering'0.C_Greater) + goal antisym2_refn : [%#sord5] forall x : UInt128.t . forall y : UInt128.t . cmp_log'0 x y = Ordering'0.C_Greater + -> cmp_log'0 x y = Ordering'0.C_Greater + /\ (forall result : () . cmp_log'0 y x = Ordering'0.C_Less -> cmp_log'0 y x = Ordering'0.C_Less) - goal eq_cmp_refn : [%#sord4] forall x : uint128 . forall y : uint128 . forall result : () . (x = y) - = (cmp_log'0 x y = Ordering'0.C_Equal) -> (x = y) = (cmp_log'0 x y = Ordering'0.C_Equal) + goal cmp_le_log_refn : [%#sord6] forall x : UInt128.t . forall y : UInt128.t . forall result : () . (x <= y) + = (cmp_log'0 x y <> Ordering'0.C_Greater) -> (x <= y) = (cmp_log'0 x y <> Ordering'0.C_Greater) - goal antisym1_refn : [%#sord5] forall x : uint128 . forall y : uint128 . cmp_log'0 x y = Ordering'0.C_Less + goal antisym1_refn : [%#sord7] forall x : UInt128.t . forall y : UInt128.t . cmp_log'0 x y = Ordering'0.C_Less -> cmp_log'0 x y = Ordering'0.C_Less /\ (forall result : () . cmp_log'0 y x = Ordering'0.C_Greater -> cmp_log'0 y x = Ordering'0.C_Greater) - goal cmp_ge_log_refn : [%#sord6] forall x : uint128 . forall y : uint128 . forall result : () . (x >= y) - = (cmp_log'0 x y <> Ordering'0.C_Less) -> (x >= y) = (cmp_log'0 x y <> Ordering'0.C_Less) - - goal antisym2_refn : [%#sord7] forall x : uint128 . forall y : uint128 . cmp_log'0 x y = Ordering'0.C_Greater - -> cmp_log'0 x y = Ordering'0.C_Greater - /\ (forall result : () . cmp_log'0 y x = Ordering'0.C_Less -> cmp_log'0 y x = Ordering'0.C_Less) - - goal cmp_lt_log_refn : [%#sord8] forall x : uint128 . forall y : uint128 . forall result : () . (x < y) - = (cmp_log'0 x y = Ordering'0.C_Less) -> (x < y) = (cmp_log'0 x y = Ordering'0.C_Less) + goal cmp_gt_log_refn : [%#sord8] forall x : UInt128.t . forall y : UInt128.t . forall result : () . (x > y) + = (cmp_log'0 x y = Ordering'0.C_Greater) -> (x > y) = (cmp_log'0 x y = Ordering'0.C_Greater) end module M_creusot_contracts__logic__ord__qyi8186105652185060096 [#"../../../creusot-contracts/src/logic/ord.rs" 131 8 131 28] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35 - let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37 - let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39 - let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37 - let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39 + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24 + let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37 + let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39 + let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37 + let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39 let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 use T_core__cmp__Ordering as Ordering'0 - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 use prelude.prelude.Int - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : usize) (o : usize) : Ordering'0.t_Ordering + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : UInt64.t) (o : UInt64.t) : Ordering'0.t_Ordering = [%#sord9] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - goal cmp_le_log_refn : [%#sord0] forall x : usize . forall y : usize . forall result : () . (x <= y) - = (cmp_log'0 x y <> Ordering'0.C_Greater) -> (x <= y) = (cmp_log'0 x y <> Ordering'0.C_Greater) + goal eq_cmp_refn : [%#sord0] forall x : UInt64.t . forall y : UInt64.t . forall result : () . (x = y) + = (cmp_log'0 x y = Ordering'0.C_Equal) -> (x = y) = (cmp_log'0 x y = Ordering'0.C_Equal) + + goal cmp_lt_log_refn : [%#sord1] forall x : UInt64.t . forall y : UInt64.t . forall result : () . (x < y) + = (cmp_log'0 x y = Ordering'0.C_Less) -> (x < y) = (cmp_log'0 x y = Ordering'0.C_Less) - goal trans_refn : [%#sord1] forall x : usize . forall y : usize . forall z : usize . forall o : Ordering'0.t_Ordering . cmp_log'0 y z + goal cmp_ge_log_refn : [%#sord2] forall x : UInt64.t . forall y : UInt64.t . forall result : () . (x >= y) + = (cmp_log'0 x y <> Ordering'0.C_Less) -> (x >= y) = (cmp_log'0 x y <> Ordering'0.C_Less) + + goal trans_refn : [%#sord3] forall x : UInt64.t . forall y : UInt64.t . forall z : UInt64.t . forall o : Ordering'0.t_Ordering . cmp_log'0 y z = o /\ cmp_log'0 x y = o -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) - goal refl_refn : [%#sord2] forall x : usize . forall result : () . cmp_log'0 x x = Ordering'0.C_Equal + goal refl_refn : [%#sord4] forall x : UInt64.t . forall result : () . cmp_log'0 x x = Ordering'0.C_Equal -> cmp_log'0 x x = Ordering'0.C_Equal - goal cmp_gt_log_refn : [%#sord3] forall x : usize . forall y : usize . forall result : () . (x > y) - = (cmp_log'0 x y = Ordering'0.C_Greater) -> (x > y) = (cmp_log'0 x y = Ordering'0.C_Greater) + goal antisym2_refn : [%#sord5] forall x : UInt64.t . forall y : UInt64.t . cmp_log'0 x y = Ordering'0.C_Greater + -> cmp_log'0 x y = Ordering'0.C_Greater + /\ (forall result : () . cmp_log'0 y x = Ordering'0.C_Less -> cmp_log'0 y x = Ordering'0.C_Less) - goal eq_cmp_refn : [%#sord4] forall x : usize . forall y : usize . forall result : () . (x = y) - = (cmp_log'0 x y = Ordering'0.C_Equal) -> (x = y) = (cmp_log'0 x y = Ordering'0.C_Equal) + goal cmp_le_log_refn : [%#sord6] forall x : UInt64.t . forall y : UInt64.t . forall result : () . (x <= y) + = (cmp_log'0 x y <> Ordering'0.C_Greater) -> (x <= y) = (cmp_log'0 x y <> Ordering'0.C_Greater) - goal antisym1_refn : [%#sord5] forall x : usize . forall y : usize . cmp_log'0 x y = Ordering'0.C_Less + goal antisym1_refn : [%#sord7] forall x : UInt64.t . forall y : UInt64.t . cmp_log'0 x y = Ordering'0.C_Less -> cmp_log'0 x y = Ordering'0.C_Less /\ (forall result : () . cmp_log'0 y x = Ordering'0.C_Greater -> cmp_log'0 y x = Ordering'0.C_Greater) - goal cmp_ge_log_refn : [%#sord6] forall x : usize . forall y : usize . forall result : () . (x >= y) - = (cmp_log'0 x y <> Ordering'0.C_Less) -> (x >= y) = (cmp_log'0 x y <> Ordering'0.C_Less) - - goal antisym2_refn : [%#sord7] forall x : usize . forall y : usize . cmp_log'0 x y = Ordering'0.C_Greater - -> cmp_log'0 x y = Ordering'0.C_Greater - /\ (forall result : () . cmp_log'0 y x = Ordering'0.C_Less -> cmp_log'0 y x = Ordering'0.C_Less) - - goal cmp_lt_log_refn : [%#sord8] forall x : usize . forall y : usize . forall result : () . (x < y) - = (cmp_log'0 x y = Ordering'0.C_Less) -> (x < y) = (cmp_log'0 x y = Ordering'0.C_Less) + goal cmp_gt_log_refn : [%#sord8] forall x : UInt64.t . forall y : UInt64.t . forall result : () . (x > y) + = (cmp_log'0 x y = Ordering'0.C_Greater) -> (x > y) = (cmp_log'0 x y = Ordering'0.C_Greater) end module M_creusot_contracts__logic__ord__qyi18413678402769648790 [#"../../../creusot-contracts/src/logic/ord.rs" 131 8 131 28] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35 - let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37 - let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39 - let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37 - let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39 + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24 + let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37 + let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39 + let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37 + let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39 let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 use T_core__cmp__Ordering as Ordering'0 @@ -15121,52 +15267,52 @@ module M_creusot_contracts__logic__ord__qyi18413678402769648790 [#"../../../creu use prelude.prelude.Int - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int8) (o : int8) : Ordering'0.t_Ordering + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : Int8.t) (o : Int8.t) : Ordering'0.t_Ordering = [%#sord9] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - goal cmp_le_log_refn : [%#sord0] forall x : int8 . forall y : int8 . forall result : () . (x <= y) - = (cmp_log'0 x y <> Ordering'0.C_Greater) -> (x <= y) = (cmp_log'0 x y <> Ordering'0.C_Greater) + goal eq_cmp_refn : [%#sord0] forall x : Int8.t . forall y : Int8.t . forall result : () . (x = y) + = (cmp_log'0 x y = Ordering'0.C_Equal) -> (x = y) = (cmp_log'0 x y = Ordering'0.C_Equal) + + goal cmp_lt_log_refn : [%#sord1] forall x : Int8.t . forall y : Int8.t . forall result : () . (x < y) + = (cmp_log'0 x y = Ordering'0.C_Less) -> (x < y) = (cmp_log'0 x y = Ordering'0.C_Less) - goal trans_refn : [%#sord1] forall x : int8 . forall y : int8 . forall z : int8 . forall o : Ordering'0.t_Ordering . cmp_log'0 y z + goal cmp_ge_log_refn : [%#sord2] forall x : Int8.t . forall y : Int8.t . forall result : () . (x >= y) + = (cmp_log'0 x y <> Ordering'0.C_Less) -> (x >= y) = (cmp_log'0 x y <> Ordering'0.C_Less) + + goal trans_refn : [%#sord3] forall x : Int8.t . forall y : Int8.t . forall z : Int8.t . forall o : Ordering'0.t_Ordering . cmp_log'0 y z = o /\ cmp_log'0 x y = o -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) - goal refl_refn : [%#sord2] forall x : int8 . forall result : () . cmp_log'0 x x = Ordering'0.C_Equal + goal refl_refn : [%#sord4] forall x : Int8.t . forall result : () . cmp_log'0 x x = Ordering'0.C_Equal -> cmp_log'0 x x = Ordering'0.C_Equal - goal cmp_gt_log_refn : [%#sord3] forall x : int8 . forall y : int8 . forall result : () . (x > y) - = (cmp_log'0 x y = Ordering'0.C_Greater) -> (x > y) = (cmp_log'0 x y = Ordering'0.C_Greater) + goal antisym2_refn : [%#sord5] forall x : Int8.t . forall y : Int8.t . cmp_log'0 x y = Ordering'0.C_Greater + -> cmp_log'0 x y = Ordering'0.C_Greater + /\ (forall result : () . cmp_log'0 y x = Ordering'0.C_Less -> cmp_log'0 y x = Ordering'0.C_Less) - goal eq_cmp_refn : [%#sord4] forall x : int8 . forall y : int8 . forall result : () . (x = y) - = (cmp_log'0 x y = Ordering'0.C_Equal) -> (x = y) = (cmp_log'0 x y = Ordering'0.C_Equal) + goal cmp_le_log_refn : [%#sord6] forall x : Int8.t . forall y : Int8.t . forall result : () . (x <= y) + = (cmp_log'0 x y <> Ordering'0.C_Greater) -> (x <= y) = (cmp_log'0 x y <> Ordering'0.C_Greater) - goal antisym1_refn : [%#sord5] forall x : int8 . forall y : int8 . cmp_log'0 x y = Ordering'0.C_Less + goal antisym1_refn : [%#sord7] forall x : Int8.t . forall y : Int8.t . cmp_log'0 x y = Ordering'0.C_Less -> cmp_log'0 x y = Ordering'0.C_Less /\ (forall result : () . cmp_log'0 y x = Ordering'0.C_Greater -> cmp_log'0 y x = Ordering'0.C_Greater) - goal cmp_ge_log_refn : [%#sord6] forall x : int8 . forall y : int8 . forall result : () . (x >= y) - = (cmp_log'0 x y <> Ordering'0.C_Less) -> (x >= y) = (cmp_log'0 x y <> Ordering'0.C_Less) - - goal antisym2_refn : [%#sord7] forall x : int8 . forall y : int8 . cmp_log'0 x y = Ordering'0.C_Greater - -> cmp_log'0 x y = Ordering'0.C_Greater - /\ (forall result : () . cmp_log'0 y x = Ordering'0.C_Less -> cmp_log'0 y x = Ordering'0.C_Less) - - goal cmp_lt_log_refn : [%#sord8] forall x : int8 . forall y : int8 . forall result : () . (x < y) - = (cmp_log'0 x y = Ordering'0.C_Less) -> (x < y) = (cmp_log'0 x y = Ordering'0.C_Less) + goal cmp_gt_log_refn : [%#sord8] forall x : Int8.t . forall y : Int8.t . forall result : () . (x > y) + = (cmp_log'0 x y = Ordering'0.C_Greater) -> (x > y) = (cmp_log'0 x y = Ordering'0.C_Greater) end module M_creusot_contracts__logic__ord__qyi8040194823849327911 [#"../../../creusot-contracts/src/logic/ord.rs" 131 8 131 28] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35 - let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37 - let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39 - let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37 - let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39 + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24 + let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37 + let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39 + let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37 + let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39 let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 use T_core__cmp__Ordering as Ordering'0 @@ -15175,52 +15321,52 @@ module M_creusot_contracts__logic__ord__qyi8040194823849327911 [#"../../../creus use prelude.prelude.Int - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int16) (o : int16) : Ordering'0.t_Ordering + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : Int16.t) (o : Int16.t) : Ordering'0.t_Ordering = [%#sord9] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - goal cmp_le_log_refn : [%#sord0] forall x : int16 . forall y : int16 . forall result : () . (x <= y) - = (cmp_log'0 x y <> Ordering'0.C_Greater) -> (x <= y) = (cmp_log'0 x y <> Ordering'0.C_Greater) + goal eq_cmp_refn : [%#sord0] forall x : Int16.t . forall y : Int16.t . forall result : () . (x = y) + = (cmp_log'0 x y = Ordering'0.C_Equal) -> (x = y) = (cmp_log'0 x y = Ordering'0.C_Equal) - goal trans_refn : [%#sord1] forall x : int16 . forall y : int16 . forall z : int16 . forall o : Ordering'0.t_Ordering . cmp_log'0 y z + goal cmp_lt_log_refn : [%#sord1] forall x : Int16.t . forall y : Int16.t . forall result : () . (x < y) + = (cmp_log'0 x y = Ordering'0.C_Less) -> (x < y) = (cmp_log'0 x y = Ordering'0.C_Less) + + goal cmp_ge_log_refn : [%#sord2] forall x : Int16.t . forall y : Int16.t . forall result : () . (x >= y) + = (cmp_log'0 x y <> Ordering'0.C_Less) -> (x >= y) = (cmp_log'0 x y <> Ordering'0.C_Less) + + goal trans_refn : [%#sord3] forall x : Int16.t . forall y : Int16.t . forall z : Int16.t . forall o : Ordering'0.t_Ordering . cmp_log'0 y z = o /\ cmp_log'0 x y = o -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) - goal refl_refn : [%#sord2] forall x : int16 . forall result : () . cmp_log'0 x x = Ordering'0.C_Equal + goal refl_refn : [%#sord4] forall x : Int16.t . forall result : () . cmp_log'0 x x = Ordering'0.C_Equal -> cmp_log'0 x x = Ordering'0.C_Equal - goal cmp_gt_log_refn : [%#sord3] forall x : int16 . forall y : int16 . forall result : () . (x > y) - = (cmp_log'0 x y = Ordering'0.C_Greater) -> (x > y) = (cmp_log'0 x y = Ordering'0.C_Greater) + goal antisym2_refn : [%#sord5] forall x : Int16.t . forall y : Int16.t . cmp_log'0 x y = Ordering'0.C_Greater + -> cmp_log'0 x y = Ordering'0.C_Greater + /\ (forall result : () . cmp_log'0 y x = Ordering'0.C_Less -> cmp_log'0 y x = Ordering'0.C_Less) - goal eq_cmp_refn : [%#sord4] forall x : int16 . forall y : int16 . forall result : () . (x = y) - = (cmp_log'0 x y = Ordering'0.C_Equal) -> (x = y) = (cmp_log'0 x y = Ordering'0.C_Equal) + goal cmp_le_log_refn : [%#sord6] forall x : Int16.t . forall y : Int16.t . forall result : () . (x <= y) + = (cmp_log'0 x y <> Ordering'0.C_Greater) -> (x <= y) = (cmp_log'0 x y <> Ordering'0.C_Greater) - goal antisym1_refn : [%#sord5] forall x : int16 . forall y : int16 . cmp_log'0 x y = Ordering'0.C_Less + goal antisym1_refn : [%#sord7] forall x : Int16.t . forall y : Int16.t . cmp_log'0 x y = Ordering'0.C_Less -> cmp_log'0 x y = Ordering'0.C_Less /\ (forall result : () . cmp_log'0 y x = Ordering'0.C_Greater -> cmp_log'0 y x = Ordering'0.C_Greater) - goal cmp_ge_log_refn : [%#sord6] forall x : int16 . forall y : int16 . forall result : () . (x >= y) - = (cmp_log'0 x y <> Ordering'0.C_Less) -> (x >= y) = (cmp_log'0 x y <> Ordering'0.C_Less) - - goal antisym2_refn : [%#sord7] forall x : int16 . forall y : int16 . cmp_log'0 x y = Ordering'0.C_Greater - -> cmp_log'0 x y = Ordering'0.C_Greater - /\ (forall result : () . cmp_log'0 y x = Ordering'0.C_Less -> cmp_log'0 y x = Ordering'0.C_Less) - - goal cmp_lt_log_refn : [%#sord8] forall x : int16 . forall y : int16 . forall result : () . (x < y) - = (cmp_log'0 x y = Ordering'0.C_Less) -> (x < y) = (cmp_log'0 x y = Ordering'0.C_Less) + goal cmp_gt_log_refn : [%#sord8] forall x : Int16.t . forall y : Int16.t . forall result : () . (x > y) + = (cmp_log'0 x y = Ordering'0.C_Greater) -> (x > y) = (cmp_log'0 x y = Ordering'0.C_Greater) end module M_creusot_contracts__logic__ord__qyi211457485035727011 [#"../../../creusot-contracts/src/logic/ord.rs" 131 8 131 28] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35 - let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37 - let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39 - let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37 - let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39 + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24 + let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37 + let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39 + let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37 + let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39 let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 use T_core__cmp__Ordering as Ordering'0 @@ -15229,52 +15375,52 @@ module M_creusot_contracts__logic__ord__qyi211457485035727011 [#"../../../creuso use prelude.prelude.Int - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int32) (o : int32) : Ordering'0.t_Ordering + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : Int32.t) (o : Int32.t) : Ordering'0.t_Ordering = [%#sord9] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - goal cmp_le_log_refn : [%#sord0] forall x : int32 . forall y : int32 . forall result : () . (x <= y) - = (cmp_log'0 x y <> Ordering'0.C_Greater) -> (x <= y) = (cmp_log'0 x y <> Ordering'0.C_Greater) + goal eq_cmp_refn : [%#sord0] forall x : Int32.t . forall y : Int32.t . forall result : () . (x = y) + = (cmp_log'0 x y = Ordering'0.C_Equal) -> (x = y) = (cmp_log'0 x y = Ordering'0.C_Equal) + + goal cmp_lt_log_refn : [%#sord1] forall x : Int32.t . forall y : Int32.t . forall result : () . (x < y) + = (cmp_log'0 x y = Ordering'0.C_Less) -> (x < y) = (cmp_log'0 x y = Ordering'0.C_Less) + + goal cmp_ge_log_refn : [%#sord2] forall x : Int32.t . forall y : Int32.t . forall result : () . (x >= y) + = (cmp_log'0 x y <> Ordering'0.C_Less) -> (x >= y) = (cmp_log'0 x y <> Ordering'0.C_Less) - goal trans_refn : [%#sord1] forall x : int32 . forall y : int32 . forall z : int32 . forall o : Ordering'0.t_Ordering . cmp_log'0 y z + goal trans_refn : [%#sord3] forall x : Int32.t . forall y : Int32.t . forall z : Int32.t . forall o : Ordering'0.t_Ordering . cmp_log'0 y z = o /\ cmp_log'0 x y = o -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) - goal refl_refn : [%#sord2] forall x : int32 . forall result : () . cmp_log'0 x x = Ordering'0.C_Equal + goal refl_refn : [%#sord4] forall x : Int32.t . forall result : () . cmp_log'0 x x = Ordering'0.C_Equal -> cmp_log'0 x x = Ordering'0.C_Equal - goal cmp_gt_log_refn : [%#sord3] forall x : int32 . forall y : int32 . forall result : () . (x > y) - = (cmp_log'0 x y = Ordering'0.C_Greater) -> (x > y) = (cmp_log'0 x y = Ordering'0.C_Greater) + goal antisym2_refn : [%#sord5] forall x : Int32.t . forall y : Int32.t . cmp_log'0 x y = Ordering'0.C_Greater + -> cmp_log'0 x y = Ordering'0.C_Greater + /\ (forall result : () . cmp_log'0 y x = Ordering'0.C_Less -> cmp_log'0 y x = Ordering'0.C_Less) - goal eq_cmp_refn : [%#sord4] forall x : int32 . forall y : int32 . forall result : () . (x = y) - = (cmp_log'0 x y = Ordering'0.C_Equal) -> (x = y) = (cmp_log'0 x y = Ordering'0.C_Equal) + goal cmp_le_log_refn : [%#sord6] forall x : Int32.t . forall y : Int32.t . forall result : () . (x <= y) + = (cmp_log'0 x y <> Ordering'0.C_Greater) -> (x <= y) = (cmp_log'0 x y <> Ordering'0.C_Greater) - goal antisym1_refn : [%#sord5] forall x : int32 . forall y : int32 . cmp_log'0 x y = Ordering'0.C_Less + goal antisym1_refn : [%#sord7] forall x : Int32.t . forall y : Int32.t . cmp_log'0 x y = Ordering'0.C_Less -> cmp_log'0 x y = Ordering'0.C_Less /\ (forall result : () . cmp_log'0 y x = Ordering'0.C_Greater -> cmp_log'0 y x = Ordering'0.C_Greater) - goal cmp_ge_log_refn : [%#sord6] forall x : int32 . forall y : int32 . forall result : () . (x >= y) - = (cmp_log'0 x y <> Ordering'0.C_Less) -> (x >= y) = (cmp_log'0 x y <> Ordering'0.C_Less) - - goal antisym2_refn : [%#sord7] forall x : int32 . forall y : int32 . cmp_log'0 x y = Ordering'0.C_Greater - -> cmp_log'0 x y = Ordering'0.C_Greater - /\ (forall result : () . cmp_log'0 y x = Ordering'0.C_Less -> cmp_log'0 y x = Ordering'0.C_Less) - - goal cmp_lt_log_refn : [%#sord8] forall x : int32 . forall y : int32 . forall result : () . (x < y) - = (cmp_log'0 x y = Ordering'0.C_Less) -> (x < y) = (cmp_log'0 x y = Ordering'0.C_Less) + goal cmp_gt_log_refn : [%#sord8] forall x : Int32.t . forall y : Int32.t . forall result : () . (x > y) + = (cmp_log'0 x y = Ordering'0.C_Greater) -> (x > y) = (cmp_log'0 x y = Ordering'0.C_Greater) end module M_creusot_contracts__logic__ord__qyi2565746305859701215 [#"../../../creusot-contracts/src/logic/ord.rs" 131 8 131 28] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35 - let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37 - let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39 - let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37 - let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39 + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24 + let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37 + let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39 + let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37 + let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39 let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 use T_core__cmp__Ordering as Ordering'0 @@ -15283,52 +15429,52 @@ module M_creusot_contracts__logic__ord__qyi2565746305859701215 [#"../../../creus use prelude.prelude.Int - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int64) (o : int64) : Ordering'0.t_Ordering + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : Int64.t) (o : Int64.t) : Ordering'0.t_Ordering = [%#sord9] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - goal cmp_le_log_refn : [%#sord0] forall x : int64 . forall y : int64 . forall result : () . (x <= y) - = (cmp_log'0 x y <> Ordering'0.C_Greater) -> (x <= y) = (cmp_log'0 x y <> Ordering'0.C_Greater) + goal eq_cmp_refn : [%#sord0] forall x : Int64.t . forall y : Int64.t . forall result : () . (x = y) + = (cmp_log'0 x y = Ordering'0.C_Equal) -> (x = y) = (cmp_log'0 x y = Ordering'0.C_Equal) + + goal cmp_lt_log_refn : [%#sord1] forall x : Int64.t . forall y : Int64.t . forall result : () . (x < y) + = (cmp_log'0 x y = Ordering'0.C_Less) -> (x < y) = (cmp_log'0 x y = Ordering'0.C_Less) - goal trans_refn : [%#sord1] forall x : int64 . forall y : int64 . forall z : int64 . forall o : Ordering'0.t_Ordering . cmp_log'0 y z + goal cmp_ge_log_refn : [%#sord2] forall x : Int64.t . forall y : Int64.t . forall result : () . (x >= y) + = (cmp_log'0 x y <> Ordering'0.C_Less) -> (x >= y) = (cmp_log'0 x y <> Ordering'0.C_Less) + + goal trans_refn : [%#sord3] forall x : Int64.t . forall y : Int64.t . forall z : Int64.t . forall o : Ordering'0.t_Ordering . cmp_log'0 y z = o /\ cmp_log'0 x y = o -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) - goal refl_refn : [%#sord2] forall x : int64 . forall result : () . cmp_log'0 x x = Ordering'0.C_Equal + goal refl_refn : [%#sord4] forall x : Int64.t . forall result : () . cmp_log'0 x x = Ordering'0.C_Equal -> cmp_log'0 x x = Ordering'0.C_Equal - goal cmp_gt_log_refn : [%#sord3] forall x : int64 . forall y : int64 . forall result : () . (x > y) - = (cmp_log'0 x y = Ordering'0.C_Greater) -> (x > y) = (cmp_log'0 x y = Ordering'0.C_Greater) + goal antisym2_refn : [%#sord5] forall x : Int64.t . forall y : Int64.t . cmp_log'0 x y = Ordering'0.C_Greater + -> cmp_log'0 x y = Ordering'0.C_Greater + /\ (forall result : () . cmp_log'0 y x = Ordering'0.C_Less -> cmp_log'0 y x = Ordering'0.C_Less) - goal eq_cmp_refn : [%#sord4] forall x : int64 . forall y : int64 . forall result : () . (x = y) - = (cmp_log'0 x y = Ordering'0.C_Equal) -> (x = y) = (cmp_log'0 x y = Ordering'0.C_Equal) + goal cmp_le_log_refn : [%#sord6] forall x : Int64.t . forall y : Int64.t . forall result : () . (x <= y) + = (cmp_log'0 x y <> Ordering'0.C_Greater) -> (x <= y) = (cmp_log'0 x y <> Ordering'0.C_Greater) - goal antisym1_refn : [%#sord5] forall x : int64 . forall y : int64 . cmp_log'0 x y = Ordering'0.C_Less + goal antisym1_refn : [%#sord7] forall x : Int64.t . forall y : Int64.t . cmp_log'0 x y = Ordering'0.C_Less -> cmp_log'0 x y = Ordering'0.C_Less /\ (forall result : () . cmp_log'0 y x = Ordering'0.C_Greater -> cmp_log'0 y x = Ordering'0.C_Greater) - goal cmp_ge_log_refn : [%#sord6] forall x : int64 . forall y : int64 . forall result : () . (x >= y) - = (cmp_log'0 x y <> Ordering'0.C_Less) -> (x >= y) = (cmp_log'0 x y <> Ordering'0.C_Less) - - goal antisym2_refn : [%#sord7] forall x : int64 . forall y : int64 . cmp_log'0 x y = Ordering'0.C_Greater - -> cmp_log'0 x y = Ordering'0.C_Greater - /\ (forall result : () . cmp_log'0 y x = Ordering'0.C_Less -> cmp_log'0 y x = Ordering'0.C_Less) - - goal cmp_lt_log_refn : [%#sord8] forall x : int64 . forall y : int64 . forall result : () . (x < y) - = (cmp_log'0 x y = Ordering'0.C_Less) -> (x < y) = (cmp_log'0 x y = Ordering'0.C_Less) + goal cmp_gt_log_refn : [%#sord8] forall x : Int64.t . forall y : Int64.t . forall result : () . (x > y) + = (cmp_log'0 x y = Ordering'0.C_Greater) -> (x > y) = (cmp_log'0 x y = Ordering'0.C_Greater) end module M_creusot_contracts__logic__ord__qyi2364657485180829964 [#"../../../creusot-contracts/src/logic/ord.rs" 131 8 131 28] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35 - let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37 - let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39 - let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37 - let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39 + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24 + let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37 + let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39 + let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37 + let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39 let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 use T_core__cmp__Ordering as Ordering'0 @@ -15337,211 +15483,218 @@ module M_creusot_contracts__logic__ord__qyi2364657485180829964 [#"../../../creus use prelude.prelude.Int - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int128) (o : int128) : Ordering'0.t_Ordering + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : Int128.t) (o : Int128.t) : Ordering'0.t_Ordering = [%#sord9] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - goal cmp_le_log_refn : [%#sord0] forall x : int128 . forall y : int128 . forall result : () . (x <= y) - = (cmp_log'0 x y <> Ordering'0.C_Greater) -> (x <= y) = (cmp_log'0 x y <> Ordering'0.C_Greater) + goal eq_cmp_refn : [%#sord0] forall x : Int128.t . forall y : Int128.t . forall result : () . (x = y) + = (cmp_log'0 x y = Ordering'0.C_Equal) -> (x = y) = (cmp_log'0 x y = Ordering'0.C_Equal) - goal trans_refn : [%#sord1] forall x : int128 . forall y : int128 . forall z : int128 . forall o : Ordering'0.t_Ordering . cmp_log'0 y z + goal cmp_lt_log_refn : [%#sord1] forall x : Int128.t . forall y : Int128.t . forall result : () . (x < y) + = (cmp_log'0 x y = Ordering'0.C_Less) -> (x < y) = (cmp_log'0 x y = Ordering'0.C_Less) + + goal cmp_ge_log_refn : [%#sord2] forall x : Int128.t . forall y : Int128.t . forall result : () . (x >= y) + = (cmp_log'0 x y <> Ordering'0.C_Less) -> (x >= y) = (cmp_log'0 x y <> Ordering'0.C_Less) + + goal trans_refn : [%#sord3] forall x : Int128.t . forall y : Int128.t . forall z : Int128.t . forall o : Ordering'0.t_Ordering . cmp_log'0 y z = o /\ cmp_log'0 x y = o -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) - goal refl_refn : [%#sord2] forall x : int128 . forall result : () . cmp_log'0 x x = Ordering'0.C_Equal + goal refl_refn : [%#sord4] forall x : Int128.t . forall result : () . cmp_log'0 x x = Ordering'0.C_Equal -> cmp_log'0 x x = Ordering'0.C_Equal - goal cmp_gt_log_refn : [%#sord3] forall x : int128 . forall y : int128 . forall result : () . (x > y) - = (cmp_log'0 x y = Ordering'0.C_Greater) -> (x > y) = (cmp_log'0 x y = Ordering'0.C_Greater) + goal antisym2_refn : [%#sord5] forall x : Int128.t . forall y : Int128.t . cmp_log'0 x y = Ordering'0.C_Greater + -> cmp_log'0 x y = Ordering'0.C_Greater + /\ (forall result : () . cmp_log'0 y x = Ordering'0.C_Less -> cmp_log'0 y x = Ordering'0.C_Less) - goal eq_cmp_refn : [%#sord4] forall x : int128 . forall y : int128 . forall result : () . (x = y) - = (cmp_log'0 x y = Ordering'0.C_Equal) -> (x = y) = (cmp_log'0 x y = Ordering'0.C_Equal) + goal cmp_le_log_refn : [%#sord6] forall x : Int128.t . forall y : Int128.t . forall result : () . (x <= y) + = (cmp_log'0 x y <> Ordering'0.C_Greater) -> (x <= y) = (cmp_log'0 x y <> Ordering'0.C_Greater) - goal antisym1_refn : [%#sord5] forall x : int128 . forall y : int128 . cmp_log'0 x y = Ordering'0.C_Less + goal antisym1_refn : [%#sord7] forall x : Int128.t . forall y : Int128.t . cmp_log'0 x y = Ordering'0.C_Less -> cmp_log'0 x y = Ordering'0.C_Less /\ (forall result : () . cmp_log'0 y x = Ordering'0.C_Greater -> cmp_log'0 y x = Ordering'0.C_Greater) - goal cmp_ge_log_refn : [%#sord6] forall x : int128 . forall y : int128 . forall result : () . (x >= y) - = (cmp_log'0 x y <> Ordering'0.C_Less) -> (x >= y) = (cmp_log'0 x y <> Ordering'0.C_Less) - - goal antisym2_refn : [%#sord7] forall x : int128 . forall y : int128 . cmp_log'0 x y = Ordering'0.C_Greater - -> cmp_log'0 x y = Ordering'0.C_Greater - /\ (forall result : () . cmp_log'0 y x = Ordering'0.C_Less -> cmp_log'0 y x = Ordering'0.C_Less) - - goal cmp_lt_log_refn : [%#sord8] forall x : int128 . forall y : int128 . forall result : () . (x < y) - = (cmp_log'0 x y = Ordering'0.C_Less) -> (x < y) = (cmp_log'0 x y = Ordering'0.C_Less) + goal cmp_gt_log_refn : [%#sord8] forall x : Int128.t . forall y : Int128.t . forall result : () . (x > y) + = (cmp_log'0 x y = Ordering'0.C_Greater) -> (x > y) = (cmp_log'0 x y = Ordering'0.C_Greater) end module M_creusot_contracts__logic__ord__qyi8047313880300482848 [#"../../../creusot-contracts/src/logic/ord.rs" 131 8 131 28] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35 - let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37 - let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39 - let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37 - let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39 + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24 + let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37 + let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39 + let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37 + let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39 let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 use T_core__cmp__Ordering as Ordering'0 - use prelude.prelude.IntSize + use prelude.prelude.Int64 use prelude.prelude.Int - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : isize) (o : isize) : Ordering'0.t_Ordering + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : Int64.t) (o : Int64.t) : Ordering'0.t_Ordering = [%#sord9] if self < o then Ordering'0.C_Less else if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - goal cmp_le_log_refn : [%#sord0] forall x : isize . forall y : isize . forall result : () . (x <= y) - = (cmp_log'0 x y <> Ordering'0.C_Greater) -> (x <= y) = (cmp_log'0 x y <> Ordering'0.C_Greater) + goal eq_cmp_refn : [%#sord0] forall x : Int64.t . forall y : Int64.t . forall result : () . (x = y) + = (cmp_log'0 x y = Ordering'0.C_Equal) -> (x = y) = (cmp_log'0 x y = Ordering'0.C_Equal) + + goal cmp_lt_log_refn : [%#sord1] forall x : Int64.t . forall y : Int64.t . forall result : () . (x < y) + = (cmp_log'0 x y = Ordering'0.C_Less) -> (x < y) = (cmp_log'0 x y = Ordering'0.C_Less) - goal trans_refn : [%#sord1] forall x : isize . forall y : isize . forall z : isize . forall o : Ordering'0.t_Ordering . cmp_log'0 y z + goal cmp_ge_log_refn : [%#sord2] forall x : Int64.t . forall y : Int64.t . forall result : () . (x >= y) + = (cmp_log'0 x y <> Ordering'0.C_Less) -> (x >= y) = (cmp_log'0 x y <> Ordering'0.C_Less) + + goal trans_refn : [%#sord3] forall x : Int64.t . forall y : Int64.t . forall z : Int64.t . forall o : Ordering'0.t_Ordering . cmp_log'0 y z = o /\ cmp_log'0 x y = o -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) - goal refl_refn : [%#sord2] forall x : isize . forall result : () . cmp_log'0 x x = Ordering'0.C_Equal + goal refl_refn : [%#sord4] forall x : Int64.t . forall result : () . cmp_log'0 x x = Ordering'0.C_Equal -> cmp_log'0 x x = Ordering'0.C_Equal - goal cmp_gt_log_refn : [%#sord3] forall x : isize . forall y : isize . forall result : () . (x > y) - = (cmp_log'0 x y = Ordering'0.C_Greater) -> (x > y) = (cmp_log'0 x y = Ordering'0.C_Greater) + goal antisym2_refn : [%#sord5] forall x : Int64.t . forall y : Int64.t . cmp_log'0 x y = Ordering'0.C_Greater + -> cmp_log'0 x y = Ordering'0.C_Greater + /\ (forall result : () . cmp_log'0 y x = Ordering'0.C_Less -> cmp_log'0 y x = Ordering'0.C_Less) - goal eq_cmp_refn : [%#sord4] forall x : isize . forall y : isize . forall result : () . (x = y) - = (cmp_log'0 x y = Ordering'0.C_Equal) -> (x = y) = (cmp_log'0 x y = Ordering'0.C_Equal) + goal cmp_le_log_refn : [%#sord6] forall x : Int64.t . forall y : Int64.t . forall result : () . (x <= y) + = (cmp_log'0 x y <> Ordering'0.C_Greater) -> (x <= y) = (cmp_log'0 x y <> Ordering'0.C_Greater) - goal antisym1_refn : [%#sord5] forall x : isize . forall y : isize . cmp_log'0 x y = Ordering'0.C_Less + goal antisym1_refn : [%#sord7] forall x : Int64.t . forall y : Int64.t . cmp_log'0 x y = Ordering'0.C_Less -> cmp_log'0 x y = Ordering'0.C_Less /\ (forall result : () . cmp_log'0 y x = Ordering'0.C_Greater -> cmp_log'0 y x = Ordering'0.C_Greater) - goal cmp_ge_log_refn : [%#sord6] forall x : isize . forall y : isize . forall result : () . (x >= y) - = (cmp_log'0 x y <> Ordering'0.C_Less) -> (x >= y) = (cmp_log'0 x y <> Ordering'0.C_Less) - - goal antisym2_refn : [%#sord7] forall x : isize . forall y : isize . cmp_log'0 x y = Ordering'0.C_Greater - -> cmp_log'0 x y = Ordering'0.C_Greater - /\ (forall result : () . cmp_log'0 y x = Ordering'0.C_Less -> cmp_log'0 y x = Ordering'0.C_Less) - - goal cmp_lt_log_refn : [%#sord8] forall x : isize . forall y : isize . forall result : () . (x < y) - = (cmp_log'0 x y = Ordering'0.C_Less) -> (x < y) = (cmp_log'0 x y = Ordering'0.C_Less) + goal cmp_gt_log_refn : [%#sord8] forall x : Int64.t . forall y : Int64.t . forall result : () . (x > y) + = (cmp_log'0 x y = Ordering'0.C_Greater) -> (x > y) = (cmp_log'0 x y = Ordering'0.C_Greater) end module M_creusot_contracts__logic__ord__qyi17836724837647357586 [#"../../../creusot-contracts/src/logic/ord.rs" 197 0 197 22] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35 - let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37 - let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39 - let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37 - let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39 - let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 11 20 11 56 - let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 201 8 206 9 - let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 41 20 41 56 - let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 31 20 31 53 - let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 21 20 21 53 + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24 + let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37 + let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39 + let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37 + let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39 + let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 201 8 206 9 + let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 21 20 21 53 + let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 31 20 31 53 + let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 11 20 11 56 + let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 41 20 41 56 use T_core__cmp__Ordering as Ordering'0 function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 200 4 200 41] (self : bool) (o : bool) : Ordering'0.t_Ordering = - [%#sord10] match (self, o) with + [%#sord9] match (self, o) with | (False, False) -> Ordering'0.C_Equal | (True, True) -> Ordering'0.C_Equal | (False, True) -> Ordering'0.C_Less | (True, False) -> Ordering'0.C_Greater end - function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 20 4 20 36] (self : bool) (o : bool) : bool = - [%#sord13] cmp_log'0 self o = Ordering'0.C_Less + function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 40 4 40 36] (self : bool) (o : bool) : bool = + [%#sord13] cmp_log'0 self o = Ordering'0.C_Greater + + function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 10 4 10 36] (self : bool) (o : bool) : bool = + [%#sord12] cmp_log'0 self o <> Ordering'0.C_Greater function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (self : bool) (o : bool) : bool = - [%#sord12] cmp_log'0 self o <> Ordering'0.C_Less + [%#sord11] cmp_log'0 self o <> Ordering'0.C_Less - function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 40 4 40 36] (self : bool) (o : bool) : bool = - [%#sord11] cmp_log'0 self o = Ordering'0.C_Greater + function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 20 4 20 36] (self : bool) (o : bool) : bool = + [%#sord10] cmp_log'0 self o = Ordering'0.C_Less - function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 10 4 10 36] (self : bool) (o : bool) : bool = - [%#sord9] cmp_log'0 self o <> Ordering'0.C_Greater + goal eq_cmp_refn : [%#sord0] forall x : bool . forall y : bool . forall result : () . (x = y) + = (cmp_log'0 x y = Ordering'0.C_Equal) -> (x = y) = (cmp_log'0 x y = Ordering'0.C_Equal) - goal cmp_le_log_refn : [%#sord0] forall x : bool . forall y : bool . forall result : () . le_log'0 x y - = (cmp_log'0 x y <> Ordering'0.C_Greater) -> le_log'0 x y = (cmp_log'0 x y <> Ordering'0.C_Greater) + goal cmp_lt_log_refn : [%#sord1] forall x : bool . forall y : bool . forall result : () . lt_log'0 x y + = (cmp_log'0 x y = Ordering'0.C_Less) -> lt_log'0 x y = (cmp_log'0 x y = Ordering'0.C_Less) + + goal cmp_ge_log_refn : [%#sord2] forall x : bool . forall y : bool . forall result : () . ge_log'0 x y + = (cmp_log'0 x y <> Ordering'0.C_Less) -> ge_log'0 x y = (cmp_log'0 x y <> Ordering'0.C_Less) - goal trans_refn : [%#sord1] forall x : bool . forall y : bool . forall z : bool . forall o : Ordering'0.t_Ordering . cmp_log'0 y z + goal trans_refn : [%#sord3] forall x : bool . forall y : bool . forall z : bool . forall o : Ordering'0.t_Ordering . cmp_log'0 y z = o /\ cmp_log'0 x y = o -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) - goal refl_refn : [%#sord2] forall x : bool . forall result : () . cmp_log'0 x x = Ordering'0.C_Equal + goal refl_refn : [%#sord4] forall x : bool . forall result : () . cmp_log'0 x x = Ordering'0.C_Equal -> cmp_log'0 x x = Ordering'0.C_Equal - goal cmp_gt_log_refn : [%#sord3] forall x : bool . forall y : bool . forall result : () . gt_log'0 x y - = (cmp_log'0 x y = Ordering'0.C_Greater) -> gt_log'0 x y = (cmp_log'0 x y = Ordering'0.C_Greater) + goal antisym2_refn : [%#sord5] forall x : bool . forall y : bool . cmp_log'0 x y = Ordering'0.C_Greater + -> cmp_log'0 x y = Ordering'0.C_Greater + /\ (forall result : () . cmp_log'0 y x = Ordering'0.C_Less -> cmp_log'0 y x = Ordering'0.C_Less) - goal eq_cmp_refn : [%#sord4] forall x : bool . forall y : bool . forall result : () . (x = y) - = (cmp_log'0 x y = Ordering'0.C_Equal) -> (x = y) = (cmp_log'0 x y = Ordering'0.C_Equal) + goal cmp_le_log_refn : [%#sord6] forall x : bool . forall y : bool . forall result : () . le_log'0 x y + = (cmp_log'0 x y <> Ordering'0.C_Greater) -> le_log'0 x y = (cmp_log'0 x y <> Ordering'0.C_Greater) - goal antisym1_refn : [%#sord5] forall x : bool . forall y : bool . cmp_log'0 x y = Ordering'0.C_Less + goal antisym1_refn : [%#sord7] forall x : bool . forall y : bool . cmp_log'0 x y = Ordering'0.C_Less -> cmp_log'0 x y = Ordering'0.C_Less /\ (forall result : () . cmp_log'0 y x = Ordering'0.C_Greater -> cmp_log'0 y x = Ordering'0.C_Greater) - goal cmp_ge_log_refn : [%#sord6] forall x : bool . forall y : bool . forall result : () . ge_log'0 x y - = (cmp_log'0 x y <> Ordering'0.C_Less) -> ge_log'0 x y = (cmp_log'0 x y <> Ordering'0.C_Less) - - goal antisym2_refn : [%#sord7] forall x : bool . forall y : bool . cmp_log'0 x y = Ordering'0.C_Greater - -> cmp_log'0 x y = Ordering'0.C_Greater - /\ (forall result : () . cmp_log'0 y x = Ordering'0.C_Less -> cmp_log'0 y x = Ordering'0.C_Less) - - goal cmp_lt_log_refn : [%#sord8] forall x : bool . forall y : bool . forall result : () . lt_log'0 x y - = (cmp_log'0 x y = Ordering'0.C_Less) -> lt_log'0 x y = (cmp_log'0 x y = Ordering'0.C_Less) + goal cmp_gt_log_refn : [%#sord8] forall x : bool . forall y : bool . forall result : () . gt_log'0 x y + = (cmp_log'0 x y = Ordering'0.C_Greater) -> gt_log'0 x y = (cmp_log'0 x y = Ordering'0.C_Greater) end module M_creusot_contracts__logic__ord__qyi1910662420989811789 [#"../../../creusot-contracts/src/logic/ord.rs" 212 0 212 50] (* <(A, B) as logic::ord::OrdLogic> *) type a type b - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35 - let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37 - let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39 - let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37 - let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39 - let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 229 20 229 68 - let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 216 8 223 11 - let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 247 20 247 67 - let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 241 20 241 68 - let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 235 20 235 67 + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24 + let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37 + let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39 + let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37 + let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39 + let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 216 8 223 11 + let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 235 20 235 67 + let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 241 20 241 68 + let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 229 20 229 68 + let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 247 20 247 67 - function lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 20 4 20 36] (self : a) (o : a) : bool + function gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 40 4 40 36] (self : a) (o : a) : bool - function lt_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 20 4 20 36] (self : b) (o : b) : bool + function gt_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 40 4 40 36] (self : b) (o : b) : bool - function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 234 4 234 36] (self : (a, b)) (o : (a, b)) : bool = + function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 246 4 246 36] (self : (a, b)) (o : (a, b)) : bool = [%#sord13] (let (a, _) = self in a) = (let (a, _) = o in a) - /\ lt_log'2 (let (_, a) = self in a) (let (_, a) = o in a) - \/ lt_log'1 (let (a, _) = self in a) (let (a, _) = o in a) + /\ gt_log'2 (let (_, a) = self in a) (let (_, a) = o in a) + \/ gt_log'1 (let (a, _) = self in a) (let (a, _) = o in a) - function gt_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 40 4 40 36] (self : a) (o : a) : bool + function lt_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 20 4 20 36] (self : a) (o : a) : bool + + function le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 10 4 10 36] (self : b) (o : b) : bool + + function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 228 4 228 36] (self : (a, b)) (o : (a, b)) : bool = + [%#sord12] (let (a, _) = self in a) = (let (a, _) = o in a) + /\ le_log'1 (let (_, a) = self in a) (let (_, a) = o in a) + \/ lt_log'2 (let (a, _) = self in a) (let (a, _) = o in a) function ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (self : b) (o : b) : bool function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 240 4 240 36] (self : (a, b)) (o : (a, b)) : bool = - [%#sord12] (let (a, _) = self in a) = (let (a, _) = o in a) + [%#sord11] (let (a, _) = self in a) = (let (a, _) = o in a) /\ ge_log'1 (let (_, a) = self in a) (let (_, a) = o in a) - \/ gt_log'2 (let (a, _) = self in a) (let (a, _) = o in a) + \/ gt_log'1 (let (a, _) = self in a) (let (a, _) = o in a) - function gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 40 4 40 36] (self : b) (o : b) : bool + function lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 20 4 20 36] (self : b) (o : b) : bool - function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 246 4 246 36] (self : (a, b)) (o : (a, b)) : bool = - [%#sord11] (let (a, _) = self in a) = (let (a, _) = o in a) - /\ gt_log'1 (let (_, a) = self in a) (let (_, a) = o in a) - \/ gt_log'2 (let (a, _) = self in a) (let (a, _) = o in a) + function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 234 4 234 36] (self : (a, b)) (o : (a, b)) : bool = + [%#sord10] (let (a, _) = self in a) = (let (a, _) = o in a) + /\ lt_log'1 (let (_, a) = self in a) (let (_, a) = o in a) + \/ lt_log'2 (let (a, _) = self in a) (let (a, _) = o in a) use T_core__cmp__Ordering as Ordering'0 @@ -15554,67 +15707,60 @@ module M_creusot_contracts__logic__ord__qyi1910662420989811789 [#"../../../creus function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 215 4 215 41] (self : (a, b)) (o : (a, b)) : Ordering'0.t_Ordering = - [%#sord10] let r = cmp_log'1 (let (a, _) = self in a) (let (a, _) = o in a) in if r = Ordering'0.C_Equal then + [%#sord9] let r = cmp_log'1 (let (a, _) = self in a) (let (a, _) = o in a) in if r = Ordering'0.C_Equal then cmp_log'2 (let (_, a) = self in a) (let (_, a) = o in a) else r - function le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 10 4 10 36] (self : b) (o : b) : bool + goal eq_cmp_refn : [%#sord0] forall x : (a, b) . forall y : (a, b) . forall result : () . (x = y) + = (cmp_log'0 x y = Ordering'0.C_Equal) -> (x = y) = (cmp_log'0 x y = Ordering'0.C_Equal) - function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 228 4 228 36] (self : (a, b)) (o : (a, b)) : bool = - [%#sord9] (let (a, _) = self in a) = (let (a, _) = o in a) - /\ le_log'1 (let (_, a) = self in a) (let (_, a) = o in a) - \/ lt_log'1 (let (a, _) = self in a) (let (a, _) = o in a) + goal cmp_lt_log_refn : [%#sord1] forall x : (a, b) . forall y : (a, b) . forall result : () . lt_log'0 x y + = (cmp_log'0 x y = Ordering'0.C_Less) -> lt_log'0 x y = (cmp_log'0 x y = Ordering'0.C_Less) - goal cmp_le_log_refn : [%#sord0] forall x : (a, b) . forall y : (a, b) . forall result : () . le_log'0 x y - = (cmp_log'0 x y <> Ordering'0.C_Greater) -> le_log'0 x y = (cmp_log'0 x y <> Ordering'0.C_Greater) + goal cmp_ge_log_refn : [%#sord2] forall x : (a, b) . forall y : (a, b) . forall result : () . ge_log'0 x y + = (cmp_log'0 x y <> Ordering'0.C_Less) -> ge_log'0 x y = (cmp_log'0 x y <> Ordering'0.C_Less) - goal trans_refn : [%#sord1] forall x : (a, b) . forall y : (a, b) . forall z : (a, b) . forall o : Ordering'0.t_Ordering . cmp_log'0 y z + goal trans_refn : [%#sord3] forall x : (a, b) . forall y : (a, b) . forall z : (a, b) . forall o : Ordering'0.t_Ordering . cmp_log'0 y z = o /\ cmp_log'0 x y = o -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) - goal refl_refn : [%#sord2] forall x : (a, b) . forall result : () . cmp_log'0 x x = Ordering'0.C_Equal + goal refl_refn : [%#sord4] forall x : (a, b) . forall result : () . cmp_log'0 x x = Ordering'0.C_Equal -> cmp_log'0 x x = Ordering'0.C_Equal - goal cmp_gt_log_refn : [%#sord3] forall x : (a, b) . forall y : (a, b) . forall result : () . gt_log'0 x y - = (cmp_log'0 x y = Ordering'0.C_Greater) -> gt_log'0 x y = (cmp_log'0 x y = Ordering'0.C_Greater) + goal antisym2_refn : [%#sord5] forall x : (a, b) . forall y : (a, b) . cmp_log'0 x y = Ordering'0.C_Greater + -> cmp_log'0 x y = Ordering'0.C_Greater + /\ (forall result : () . cmp_log'0 y x = Ordering'0.C_Less -> cmp_log'0 y x = Ordering'0.C_Less) - goal eq_cmp_refn : [%#sord4] forall x : (a, b) . forall y : (a, b) . forall result : () . (x = y) - = (cmp_log'0 x y = Ordering'0.C_Equal) -> (x = y) = (cmp_log'0 x y = Ordering'0.C_Equal) + goal cmp_le_log_refn : [%#sord6] forall x : (a, b) . forall y : (a, b) . forall result : () . le_log'0 x y + = (cmp_log'0 x y <> Ordering'0.C_Greater) -> le_log'0 x y = (cmp_log'0 x y <> Ordering'0.C_Greater) - goal antisym1_refn : [%#sord5] forall x : (a, b) . forall y : (a, b) . cmp_log'0 x y = Ordering'0.C_Less + goal antisym1_refn : [%#sord7] forall x : (a, b) . forall y : (a, b) . cmp_log'0 x y = Ordering'0.C_Less -> cmp_log'0 x y = Ordering'0.C_Less /\ (forall result : () . cmp_log'0 y x = Ordering'0.C_Greater -> cmp_log'0 y x = Ordering'0.C_Greater) - goal cmp_ge_log_refn : [%#sord6] forall x : (a, b) . forall y : (a, b) . forall result : () . ge_log'0 x y - = (cmp_log'0 x y <> Ordering'0.C_Less) -> ge_log'0 x y = (cmp_log'0 x y <> Ordering'0.C_Less) - - goal antisym2_refn : [%#sord7] forall x : (a, b) . forall y : (a, b) . cmp_log'0 x y = Ordering'0.C_Greater - -> cmp_log'0 x y = Ordering'0.C_Greater - /\ (forall result : () . cmp_log'0 y x = Ordering'0.C_Less -> cmp_log'0 y x = Ordering'0.C_Less) - - goal cmp_lt_log_refn : [%#sord8] forall x : (a, b) . forall y : (a, b) . forall result : () . lt_log'0 x y - = (cmp_log'0 x y = Ordering'0.C_Less) -> lt_log'0 x y = (cmp_log'0 x y = Ordering'0.C_Less) + goal cmp_gt_log_refn : [%#sord8] forall x : (a, b) . forall y : (a, b) . forall result : () . gt_log'0 x y + = (cmp_log'0 x y = Ordering'0.C_Greater) -> gt_log'0 x y = (cmp_log'0 x y = Ordering'0.C_Greater) end module M_creusot_contracts__stdqy35z1__cmp__qyi16241606109483467814 [#"../../../creusot-contracts/src/std/cmp.rs" 74 0 74 41] (* as logic::ord::OrdLogic> *) type t - let%span scmp0 = "../../../creusot-contracts/src/std/cmp.rs" 88 4 88 35 - let%span scmp1 = "../../../creusot-contracts/src/std/cmp.rs" 115 4 115 52 - let%span scmp2 = "../../../creusot-contracts/src/std/cmp.rs" 108 4 108 20 - let%span scmp3 = "../../../creusot-contracts/src/std/cmp.rs" 103 4 103 35 - let%span scmp4 = "../../../creusot-contracts/src/std/cmp.rs" 132 4 132 31 - let%span scmp5 = "../../../creusot-contracts/src/std/cmp.rs" 121 4 121 33 - let%span scmp6 = "../../../creusot-contracts/src/std/cmp.rs" 98 4 98 35 - let%span scmp7 = "../../../creusot-contracts/src/std/cmp.rs" 127 4 127 33 - let%span scmp8 = "../../../creusot-contracts/src/std/cmp.rs" 93 4 93 35 - let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 11 20 11 56 - let%span scmp10 = "../../../creusot-contracts/src/std/cmp.rs" 78 8 82 9 - let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 41 20 41 56 - let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 31 20 31 53 - let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 21 20 21 53 + let%span scmp0 = "../../../creusot-contracts/src/std/cmp.rs" 132 4 132 31 + let%span scmp1 = "../../../creusot-contracts/src/std/cmp.rs" 93 4 93 35 + let%span scmp2 = "../../../creusot-contracts/src/std/cmp.rs" 98 4 98 35 + let%span scmp3 = "../../../creusot-contracts/src/std/cmp.rs" 115 4 115 52 + let%span scmp4 = "../../../creusot-contracts/src/std/cmp.rs" 108 4 108 20 + let%span scmp5 = "../../../creusot-contracts/src/std/cmp.rs" 127 4 127 33 + let%span scmp6 = "../../../creusot-contracts/src/std/cmp.rs" 88 4 88 35 + let%span scmp7 = "../../../creusot-contracts/src/std/cmp.rs" 121 4 121 33 + let%span scmp8 = "../../../creusot-contracts/src/std/cmp.rs" 103 4 103 35 + let%span scmp9 = "../../../creusot-contracts/src/std/cmp.rs" 78 8 82 9 + let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 21 20 21 53 + let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 31 20 31 53 + let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 11 20 11 56 + let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 41 20 41 56 use T_core__cmp__Ordering as Ordering'0 @@ -15628,83 +15774,83 @@ module M_creusot_contracts__stdqy35z1__cmp__qyi16241606109483467814 [#"../../../ function cmp_log'0 [#"../../../creusot-contracts/src/std/cmp.rs" 77 4 77 41] (self : Reverse'0.t_Reverse t) (o : Reverse'0.t_Reverse t) : Ordering'0.t_Ordering = - [%#scmp10] match cmp_log'1 (T_core__cmp__Reverse.t_Reverse__0 self) (T_core__cmp__Reverse.t_Reverse__0 o) with + [%#scmp9] match cmp_log'1 (T_core__cmp__Reverse.t_Reverse__0 self) (T_core__cmp__Reverse.t_Reverse__0 o) with | Ordering'0.C_Equal -> Ordering'0.C_Equal | Ordering'0.C_Less -> Ordering'0.C_Greater | Ordering'0.C_Greater -> Ordering'0.C_Less end - function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 20 4 20 36] (self : Reverse'0.t_Reverse t) (o : Reverse'0.t_Reverse t) : bool + function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 40 4 40 36] (self : Reverse'0.t_Reverse t) (o : Reverse'0.t_Reverse t) : bool = - [%#sord13] cmp_log'0 self o = Ordering'0.C_Less + [%#sord13] cmp_log'0 self o = Ordering'0.C_Greater - function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (self : Reverse'0.t_Reverse t) (o : Reverse'0.t_Reverse t) : bool + function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 10 4 10 36] (self : Reverse'0.t_Reverse t) (o : Reverse'0.t_Reverse t) : bool = - [%#sord12] cmp_log'0 self o <> Ordering'0.C_Less + [%#sord12] cmp_log'0 self o <> Ordering'0.C_Greater - function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 40 4 40 36] (self : Reverse'0.t_Reverse t) (o : Reverse'0.t_Reverse t) : bool + function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (self : Reverse'0.t_Reverse t) (o : Reverse'0.t_Reverse t) : bool = - [%#sord11] cmp_log'0 self o = Ordering'0.C_Greater + [%#sord11] cmp_log'0 self o <> Ordering'0.C_Less - function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 10 4 10 36] (self : Reverse'0.t_Reverse t) (o : Reverse'0.t_Reverse t) : bool + function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 20 4 20 36] (self : Reverse'0.t_Reverse t) (o : Reverse'0.t_Reverse t) : bool = - [%#sord9] cmp_log'0 self o <> Ordering'0.C_Greater + [%#sord10] cmp_log'0 self o = Ordering'0.C_Less - goal cmp_le_log_refn : [%#scmp0] forall x : Reverse'0.t_Reverse t . forall y : Reverse'0.t_Reverse t . forall result : () . le_log'0 x y - = (cmp_log'0 x y <> Ordering'0.C_Greater) -> le_log'0 x y = (cmp_log'0 x y <> Ordering'0.C_Greater) + goal eq_cmp_refn : [%#scmp0] forall x : Reverse'0.t_Reverse t . forall y : Reverse'0.t_Reverse t . forall result : () . (x + = y) + = (cmp_log'0 x y = Ordering'0.C_Equal) -> (x = y) = (cmp_log'0 x y = Ordering'0.C_Equal) + + goal cmp_lt_log_refn : [%#scmp1] forall x : Reverse'0.t_Reverse t . forall y : Reverse'0.t_Reverse t . forall result : () . lt_log'0 x y + = (cmp_log'0 x y = Ordering'0.C_Less) -> lt_log'0 x y = (cmp_log'0 x y = Ordering'0.C_Less) + + goal cmp_ge_log_refn : [%#scmp2] forall x : Reverse'0.t_Reverse t . forall y : Reverse'0.t_Reverse t . forall result : () . ge_log'0 x y + = (cmp_log'0 x y <> Ordering'0.C_Less) -> ge_log'0 x y = (cmp_log'0 x y <> Ordering'0.C_Less) - goal trans_refn : [%#scmp1] forall x : Reverse'0.t_Reverse t . forall y : Reverse'0.t_Reverse t . forall z : Reverse'0.t_Reverse t . forall o : Ordering'0.t_Ordering . cmp_log'0 y z + goal trans_refn : [%#scmp3] forall x : Reverse'0.t_Reverse t . forall y : Reverse'0.t_Reverse t . forall z : Reverse'0.t_Reverse t . forall o : Ordering'0.t_Ordering . cmp_log'0 y z = o /\ cmp_log'0 x y = o -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) - goal refl_refn : [%#scmp2] forall x : Reverse'0.t_Reverse t . forall result : () . cmp_log'0 x x = Ordering'0.C_Equal + goal refl_refn : [%#scmp4] forall x : Reverse'0.t_Reverse t . forall result : () . cmp_log'0 x x = Ordering'0.C_Equal -> cmp_log'0 x x = Ordering'0.C_Equal - goal cmp_gt_log_refn : [%#scmp3] forall x : Reverse'0.t_Reverse t . forall y : Reverse'0.t_Reverse t . forall result : () . gt_log'0 x y - = (cmp_log'0 x y = Ordering'0.C_Greater) -> gt_log'0 x y = (cmp_log'0 x y = Ordering'0.C_Greater) + goal antisym2_refn : [%#scmp5] forall x : Reverse'0.t_Reverse t . forall y : Reverse'0.t_Reverse t . cmp_log'0 x y + = Ordering'0.C_Greater + -> cmp_log'0 x y = Ordering'0.C_Greater + /\ (forall result : () . cmp_log'0 y x = Ordering'0.C_Less -> cmp_log'0 y x = Ordering'0.C_Less) - goal eq_cmp_refn : [%#scmp4] forall x : Reverse'0.t_Reverse t . forall y : Reverse'0.t_Reverse t . forall result : () . (x - = y) - = (cmp_log'0 x y = Ordering'0.C_Equal) -> (x = y) = (cmp_log'0 x y = Ordering'0.C_Equal) + goal cmp_le_log_refn : [%#scmp6] forall x : Reverse'0.t_Reverse t . forall y : Reverse'0.t_Reverse t . forall result : () . le_log'0 x y + = (cmp_log'0 x y <> Ordering'0.C_Greater) -> le_log'0 x y = (cmp_log'0 x y <> Ordering'0.C_Greater) - goal antisym1_refn : [%#scmp5] forall x : Reverse'0.t_Reverse t . forall y : Reverse'0.t_Reverse t . cmp_log'0 x y + goal antisym1_refn : [%#scmp7] forall x : Reverse'0.t_Reverse t . forall y : Reverse'0.t_Reverse t . cmp_log'0 x y = Ordering'0.C_Less -> cmp_log'0 x y = Ordering'0.C_Less /\ (forall result : () . cmp_log'0 y x = Ordering'0.C_Greater -> cmp_log'0 y x = Ordering'0.C_Greater) - goal cmp_ge_log_refn : [%#scmp6] forall x : Reverse'0.t_Reverse t . forall y : Reverse'0.t_Reverse t . forall result : () . ge_log'0 x y - = (cmp_log'0 x y <> Ordering'0.C_Less) -> ge_log'0 x y = (cmp_log'0 x y <> Ordering'0.C_Less) - - goal antisym2_refn : [%#scmp7] forall x : Reverse'0.t_Reverse t . forall y : Reverse'0.t_Reverse t . cmp_log'0 x y - = Ordering'0.C_Greater - -> cmp_log'0 x y = Ordering'0.C_Greater - /\ (forall result : () . cmp_log'0 y x = Ordering'0.C_Less -> cmp_log'0 y x = Ordering'0.C_Less) - - goal cmp_lt_log_refn : [%#scmp8] forall x : Reverse'0.t_Reverse t . forall y : Reverse'0.t_Reverse t . forall result : () . lt_log'0 x y - = (cmp_log'0 x y = Ordering'0.C_Less) -> lt_log'0 x y = (cmp_log'0 x y = Ordering'0.C_Less) + goal cmp_gt_log_refn : [%#scmp8] forall x : Reverse'0.t_Reverse t . forall y : Reverse'0.t_Reverse t . forall result : () . gt_log'0 x y + = (cmp_log'0 x y = Ordering'0.C_Greater) -> gt_log'0 x y = (cmp_log'0 x y = Ordering'0.C_Greater) end module M_creusot_contracts__stdqy35z1__option__qyi10751279649878241649 [#"../../../creusot-contracts/src/std/option.rs" 433 0 433 40] (* as logic::ord::OrdLogic> *) type t - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35 - let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37 - let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39 - let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37 - let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39 - let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 11 20 11 56 - let%span soption10 = "../../../creusot-contracts/src/std/option.rs" 437 8 442 9 - let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 41 20 41 56 - let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 31 20 31 53 - let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 21 20 21 53 + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24 + let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37 + let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39 + let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37 + let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39 + let%span soption9 = "../../../creusot-contracts/src/std/option.rs" 437 8 442 9 + let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 21 20 21 53 + let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 31 20 31 53 + let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 11 20 11 56 + let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 41 20 41 56 use T_core__cmp__Ordering as Ordering'0 @@ -15716,77 +15862,77 @@ module M_creusot_contracts__stdqy35z1__option__qyi10751279649878241649 [#"../../ function cmp_log'0 [#"../../../creusot-contracts/src/std/option.rs" 436 4 436 41] (self : Option'0.t_Option t) (o : Option'0.t_Option t) : Ordering'0.t_Ordering = - [%#soption10] match (self, o) with + [%#soption9] match (self, o) with | (Option'0.C_None, Option'0.C_None) -> Ordering'0.C_Equal | (Option'0.C_None, Option'0.C_Some _) -> Ordering'0.C_Less | (Option'0.C_Some _, Option'0.C_None) -> Ordering'0.C_Greater | (Option'0.C_Some x, Option'0.C_Some y) -> cmp_log'1 x y end - function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 20 4 20 36] (self : Option'0.t_Option t) (o : Option'0.t_Option t) : bool + function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 40 4 40 36] (self : Option'0.t_Option t) (o : Option'0.t_Option t) : bool = - [%#sord13] cmp_log'0 self o = Ordering'0.C_Less + [%#sord13] cmp_log'0 self o = Ordering'0.C_Greater - function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (self : Option'0.t_Option t) (o : Option'0.t_Option t) : bool + function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 10 4 10 36] (self : Option'0.t_Option t) (o : Option'0.t_Option t) : bool = - [%#sord12] cmp_log'0 self o <> Ordering'0.C_Less + [%#sord12] cmp_log'0 self o <> Ordering'0.C_Greater - function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 40 4 40 36] (self : Option'0.t_Option t) (o : Option'0.t_Option t) : bool + function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (self : Option'0.t_Option t) (o : Option'0.t_Option t) : bool = - [%#sord11] cmp_log'0 self o = Ordering'0.C_Greater + [%#sord11] cmp_log'0 self o <> Ordering'0.C_Less - function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 10 4 10 36] (self : Option'0.t_Option t) (o : Option'0.t_Option t) : bool + function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 20 4 20 36] (self : Option'0.t_Option t) (o : Option'0.t_Option t) : bool = - [%#sord9] cmp_log'0 self o <> Ordering'0.C_Greater + [%#sord10] cmp_log'0 self o = Ordering'0.C_Less - goal cmp_le_log_refn : [%#sord0] forall x : Option'0.t_Option t . forall y : Option'0.t_Option t . forall result : () . le_log'0 x y - = (cmp_log'0 x y <> Ordering'0.C_Greater) -> le_log'0 x y = (cmp_log'0 x y <> Ordering'0.C_Greater) + goal eq_cmp_refn : [%#sord0] forall x : Option'0.t_Option t . forall y : Option'0.t_Option t . forall result : () . (x + = y) + = (cmp_log'0 x y = Ordering'0.C_Equal) -> (x = y) = (cmp_log'0 x y = Ordering'0.C_Equal) - goal trans_refn : [%#sord1] forall x : Option'0.t_Option t . forall y : Option'0.t_Option t . forall z : Option'0.t_Option t . forall o : Ordering'0.t_Ordering . cmp_log'0 y z + goal cmp_lt_log_refn : [%#sord1] forall x : Option'0.t_Option t . forall y : Option'0.t_Option t . forall result : () . lt_log'0 x y + = (cmp_log'0 x y = Ordering'0.C_Less) -> lt_log'0 x y = (cmp_log'0 x y = Ordering'0.C_Less) + + goal cmp_ge_log_refn : [%#sord2] forall x : Option'0.t_Option t . forall y : Option'0.t_Option t . forall result : () . ge_log'0 x y + = (cmp_log'0 x y <> Ordering'0.C_Less) -> ge_log'0 x y = (cmp_log'0 x y <> Ordering'0.C_Less) + + goal trans_refn : [%#sord3] forall x : Option'0.t_Option t . forall y : Option'0.t_Option t . forall z : Option'0.t_Option t . forall o : Ordering'0.t_Ordering . cmp_log'0 y z = o /\ cmp_log'0 x y = o -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) - goal refl_refn : [%#sord2] forall x : Option'0.t_Option t . forall result : () . cmp_log'0 x x = Ordering'0.C_Equal + goal refl_refn : [%#sord4] forall x : Option'0.t_Option t . forall result : () . cmp_log'0 x x = Ordering'0.C_Equal -> cmp_log'0 x x = Ordering'0.C_Equal - goal cmp_gt_log_refn : [%#sord3] forall x : Option'0.t_Option t . forall y : Option'0.t_Option t . forall result : () . gt_log'0 x y - = (cmp_log'0 x y = Ordering'0.C_Greater) -> gt_log'0 x y = (cmp_log'0 x y = Ordering'0.C_Greater) + goal antisym2_refn : [%#sord5] forall x : Option'0.t_Option t . forall y : Option'0.t_Option t . cmp_log'0 x y + = Ordering'0.C_Greater + -> cmp_log'0 x y = Ordering'0.C_Greater + /\ (forall result : () . cmp_log'0 y x = Ordering'0.C_Less -> cmp_log'0 y x = Ordering'0.C_Less) - goal eq_cmp_refn : [%#sord4] forall x : Option'0.t_Option t . forall y : Option'0.t_Option t . forall result : () . (x - = y) - = (cmp_log'0 x y = Ordering'0.C_Equal) -> (x = y) = (cmp_log'0 x y = Ordering'0.C_Equal) + goal cmp_le_log_refn : [%#sord6] forall x : Option'0.t_Option t . forall y : Option'0.t_Option t . forall result : () . le_log'0 x y + = (cmp_log'0 x y <> Ordering'0.C_Greater) -> le_log'0 x y = (cmp_log'0 x y <> Ordering'0.C_Greater) - goal antisym1_refn : [%#sord5] forall x : Option'0.t_Option t . forall y : Option'0.t_Option t . cmp_log'0 x y + goal antisym1_refn : [%#sord7] forall x : Option'0.t_Option t . forall y : Option'0.t_Option t . cmp_log'0 x y = Ordering'0.C_Less -> cmp_log'0 x y = Ordering'0.C_Less /\ (forall result : () . cmp_log'0 y x = Ordering'0.C_Greater -> cmp_log'0 y x = Ordering'0.C_Greater) - goal cmp_ge_log_refn : [%#sord6] forall x : Option'0.t_Option t . forall y : Option'0.t_Option t . forall result : () . ge_log'0 x y - = (cmp_log'0 x y <> Ordering'0.C_Less) -> ge_log'0 x y = (cmp_log'0 x y <> Ordering'0.C_Less) - - goal antisym2_refn : [%#sord7] forall x : Option'0.t_Option t . forall y : Option'0.t_Option t . cmp_log'0 x y - = Ordering'0.C_Greater - -> cmp_log'0 x y = Ordering'0.C_Greater - /\ (forall result : () . cmp_log'0 y x = Ordering'0.C_Less -> cmp_log'0 y x = Ordering'0.C_Less) - - goal cmp_lt_log_refn : [%#sord8] forall x : Option'0.t_Option t . forall y : Option'0.t_Option t . forall result : () . lt_log'0 x y - = (cmp_log'0 x y = Ordering'0.C_Less) -> lt_log'0 x y = (cmp_log'0 x y = Ordering'0.C_Less) + goal cmp_gt_log_refn : [%#sord8] forall x : Option'0.t_Option t . forall y : Option'0.t_Option t . forall result : () . gt_log'0 x y + = (cmp_log'0 x y = Ordering'0.C_Greater) -> gt_log'0 x y = (cmp_log'0 x y = Ordering'0.C_Greater) end module M_creusot_contracts__num_rational__qyi7156484438548626841 [#"../../../creusot-contracts/src/num_rational.rs" 32 0 32 22] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35 - let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37 - let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39 - let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37 - let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39 + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24 + let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37 + let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39 + let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37 + let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39 let%span snum_rational9 = "../../../creusot-contracts/src/num_rational.rs" 33 4 33 12 use prelude.prelude.Real @@ -15795,6 +15941,8 @@ module M_creusot_contracts__num_rational__qyi7156484438548626841 [#"../../../cre use prelude.prelude.Real + use prelude.prelude.Real + use T_core__cmp__Ordering as Ordering'0 use prelude.prelude.Real @@ -15808,38 +15956,36 @@ module M_creusot_contracts__num_rational__qyi7156484438548626841 [#"../../../cre if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater - use prelude.prelude.Real + goal eq_cmp_refn : [%#sord0] forall x : Real.real . forall y : Real.real . forall result : () . (x = y) + = (cmp_log'0 x y = Ordering'0.C_Equal) -> (x = y) = (cmp_log'0 x y = Ordering'0.C_Equal) - goal cmp_le_log_refn : [%#sord0] forall x : Real.real . forall y : Real.real . forall result : () . Real.(<=) x y - = (cmp_log'0 x y <> Ordering'0.C_Greater) -> Real.(<=) x y = (cmp_log'0 x y <> Ordering'0.C_Greater) + goal cmp_lt_log_refn : [%#sord1] forall x : Real.real . forall y : Real.real . forall result : () . Real.(<) x y + = (cmp_log'0 x y = Ordering'0.C_Less) -> Real.(<) x y = (cmp_log'0 x y = Ordering'0.C_Less) - goal trans_refn : [%#sord1] forall x : Real.real . forall y : Real.real . forall z : Real.real . forall o : Ordering'0.t_Ordering . cmp_log'0 y z + goal cmp_ge_log_refn : [%#sord2] forall x : Real.real . forall y : Real.real . forall result : () . Real.(>=) x y + = (cmp_log'0 x y <> Ordering'0.C_Less) -> Real.(>=) x y = (cmp_log'0 x y <> Ordering'0.C_Less) + + goal trans_refn : [%#sord3] forall x : Real.real . forall y : Real.real . forall z : Real.real . forall o : Ordering'0.t_Ordering . cmp_log'0 y z = o /\ cmp_log'0 x y = o -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) - goal refl_refn : [%#sord2] forall x : Real.real . forall result : () . cmp_log'0 x x = Ordering'0.C_Equal + goal refl_refn : [%#sord4] forall x : Real.real . forall result : () . cmp_log'0 x x = Ordering'0.C_Equal -> cmp_log'0 x x = Ordering'0.C_Equal - goal cmp_gt_log_refn : [%#sord3] forall x : Real.real . forall y : Real.real . forall result : () . Real.(>) x y - = (cmp_log'0 x y = Ordering'0.C_Greater) -> Real.(>) x y = (cmp_log'0 x y = Ordering'0.C_Greater) + goal antisym2_refn : [%#sord5] forall x : Real.real . forall y : Real.real . cmp_log'0 x y = Ordering'0.C_Greater + -> cmp_log'0 x y = Ordering'0.C_Greater + /\ (forall result : () . cmp_log'0 y x = Ordering'0.C_Less -> cmp_log'0 y x = Ordering'0.C_Less) - goal eq_cmp_refn : [%#sord4] forall x : Real.real . forall y : Real.real . forall result : () . (x = y) - = (cmp_log'0 x y = Ordering'0.C_Equal) -> (x = y) = (cmp_log'0 x y = Ordering'0.C_Equal) + goal cmp_le_log_refn : [%#sord6] forall x : Real.real . forall y : Real.real . forall result : () . Real.(<=) x y + = (cmp_log'0 x y <> Ordering'0.C_Greater) -> Real.(<=) x y = (cmp_log'0 x y <> Ordering'0.C_Greater) - goal antisym1_refn : [%#sord5] forall x : Real.real . forall y : Real.real . cmp_log'0 x y = Ordering'0.C_Less + goal antisym1_refn : [%#sord7] forall x : Real.real . forall y : Real.real . cmp_log'0 x y = Ordering'0.C_Less -> cmp_log'0 x y = Ordering'0.C_Less /\ (forall result : () . cmp_log'0 y x = Ordering'0.C_Greater -> cmp_log'0 y x = Ordering'0.C_Greater) - goal cmp_ge_log_refn : [%#sord6] forall x : Real.real . forall y : Real.real . forall result : () . Real.(>=) x y - = (cmp_log'0 x y <> Ordering'0.C_Less) -> Real.(>=) x y = (cmp_log'0 x y <> Ordering'0.C_Less) - - goal antisym2_refn : [%#sord7] forall x : Real.real . forall y : Real.real . cmp_log'0 x y = Ordering'0.C_Greater - -> cmp_log'0 x y = Ordering'0.C_Greater - /\ (forall result : () . cmp_log'0 y x = Ordering'0.C_Less -> cmp_log'0 y x = Ordering'0.C_Less) - - goal cmp_lt_log_refn : [%#sord8] forall x : Real.real . forall y : Real.real . forall result : () . Real.(<) x y - = (cmp_log'0 x y = Ordering'0.C_Less) -> Real.(<) x y = (cmp_log'0 x y = Ordering'0.C_Less) + goal cmp_gt_log_refn : [%#sord8] forall x : Real.real . forall y : Real.real . forall result : () . Real.(>) x y + = (cmp_log'0 x y = Ordering'0.C_Greater) -> Real.(>) x y = (cmp_log'0 x y = Ordering'0.C_Greater) end module M_creusot_contracts__logic__seq__qyi11415422055223021362 [#"../../../creusot-contracts/src/logic/seq.rs" 192 0 192 36] (* as invariant::Invariant> *) type t @@ -16523,13 +16669,13 @@ module M_creusot_contracts__stdqy35z1__deque__qyi8367101395671471553 [#"../../.. use seq.Seq - use prelude.prelude.UIntSize + use prelude.prelude.UInt64.to_uint - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 use prelude.prelude.Int - constant v_MAX'0 : usize = (18446744073709551615 : usize) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) use seq.Seq @@ -16537,19 +16683,24 @@ module M_creusot_contracts__stdqy35z1__deque__qyi8367101395671471553 [#"../../.. axiom view'0_spec : forall self : VecDeque'0.t_VecDeque t (Global'0.t_Global) . [%#sdeque2] Seq.length (view'0 self) - <= UIntSize.to_int (v_MAX'0 : usize) + <= UInt64.to_int (v_MAX'0 : UInt64.t) function index_logic'0 [@inline:trivial] [#"../../../creusot-contracts/src/std/deque.rs" 40 4 40 47] (self : VecDeque'0.t_VecDeque t (Global'0.t_Global)) (ix : int) : t = [%#sdeque4] Seq.get (view'0 self) ix + use prelude.prelude.Int128.to_int + + use prelude.prelude.Int128 + predicate resolve'0 [#"../../../creusot-contracts/src/std/deque.rs" 59 4 59 28] (self : VecDeque'0.t_VecDeque t (Global'0.t_Global)) = - [%#sdeque1] forall i : int . 0 <= i /\ i < Seq.length (view'0 self) -> resolve'3 (index_logic'0 self i) + [%#sdeque1] forall i : int . Int128.to_int (0 : Int128.t) <= i /\ i < Seq.length (view'0 self) + -> resolve'3 (index_logic'0 self i) - predicate resolve'2 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : usize) = + predicate resolve'2 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : UInt64.t) = true use T_alloc__raw_vec__RawVec as RawVec'0 @@ -16700,11 +16851,11 @@ module M_creusot_contracts__stdqy35z1__iter__enumerate__qyi2208779330486735413 [ = [%#senumerate1] resolve'2 (iter'0 self) - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 use prelude.prelude.Int - predicate resolve'1 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : usize) = + predicate resolve'1 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : UInt64.t) = true predicate structural_resolve'0 (x : Enumerate'0.t_Enumerate i) = @@ -16873,11 +17024,11 @@ module M_creusot_contracts__stdqy35z1__iter__skip__qyi14372835745621067113 [#".. predicate resolve'0 [#"../../../creusot-contracts/src/std/iter/skip.rs" 32 4 32 28] (self : Skip'0.t_Skip i) = [%#sskip1] resolve'2 (iter'0 self) - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 use prelude.prelude.Int - predicate resolve'1 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : usize) = + predicate resolve'1 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : UInt64.t) = true predicate structural_resolve'0 (x : Skip'0.t_Skip i) = @@ -16926,11 +17077,11 @@ module M_creusot_contracts__stdqy35z1__iter__take__qyi11550387566643656565 [#".. predicate resolve'0 [#"../../../creusot-contracts/src/std/iter/take.rs" 43 4 43 28] (self : Take'0.t_Take i) = [%#stake1] resolve'2 (iter'0 self) - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 use prelude.prelude.Int - predicate resolve'1 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : usize) = + predicate resolve'1 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : UInt64.t) = true predicate structural_resolve'0 (x : Take'0.t_Take i) = @@ -16968,18 +17119,18 @@ module M_creusot_contracts__stdqy35z1__slice__qyi4472237099583716627 [#"../../.. use prelude.prelude.Slice - use prelude.prelude.UIntSize + use prelude.prelude.UInt64.to_uint - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 use prelude.prelude.Int - constant v_MAX'0 : usize = (18446744073709551615 : usize) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) function view'1 [#"../../../creusot-contracts/src/std/slice.rs" 31 4 31 33] (self : slice t) : Seq.seq t axiom view'1_spec : forall self : slice t . ([%#sslice5] view'1 self = Slice.id self) - && ([%#sslice4] Seq.length (view'1 self) <= UIntSize.to_int (v_MAX'0 : usize)) + && ([%#sslice4] Seq.length (view'1 self) <= UInt64.to_int (v_MAX'0 : UInt64.t)) function view'0 [#"../../../creusot-contracts/src/std/slice.rs" 438 4 438 33] (self : IterMut'0.t_IterMut t) : borrowed (slice t) @@ -17043,12 +17194,16 @@ module M_creusot_contracts__stdqy35z1__vec__qyi6844585276173866460 [#"../../../c use seq.Seq + use prelude.prelude.Int128.to_int + + use prelude.prelude.Int128 + use prelude.prelude.Int use seq.Seq predicate invariant'2 [#"../../../creusot-contracts/src/logic/seq.rs" 197 4 197 30] (self : Seq.seq t) = - [%#sseq7] forall i : int . 0 <= i /\ i < Seq.length self -> inv'3 (Seq.get self i) + [%#sseq7] forall i : int . Int128.to_int (0 : Int128.t) <= i /\ i < Seq.length self -> inv'3 (Seq.get self i) predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t) @@ -17056,16 +17211,16 @@ module M_creusot_contracts__stdqy35z1__vec__qyi6844585276173866460 [#"../../../c use T_alloc__vec__Vec as Vec'0 - use prelude.prelude.UIntSize + use prelude.prelude.UInt64.to_uint - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 - constant v_MAX'0 : usize = (18446744073709551615 : usize) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) function view'0 [#"../../../creusot-contracts/src/std/vec.rs" 20 4 20 27] (self : Vec'0.t_Vec t a) : Seq.seq t axiom view'0_spec : forall self : Vec'0.t_Vec t a . [%#svec2] Seq.length (view'0 self) - <= UIntSize.to_int (v_MAX'0 : usize) + <= UInt64.to_int (v_MAX'0 : UInt64.t) predicate invariant'1 [#"../../../creusot-contracts/src/std/vec.rs" 67 4 67 30] (self : Vec'0.t_Vec t a) = [%#svec6] inv'2 (view'0 self) @@ -17093,14 +17248,15 @@ module M_creusot_contracts__stdqy35z1__vec__qyi6844585276173866460 [#"../../../c [%#sops4] Seq.get (view'0 self) ix predicate resolve'0 [#"../../../creusot-contracts/src/std/vec.rs" 50 4 50 28] (self : Vec'0.t_Vec t a) = - [%#svec1] forall i : int . 0 <= i /\ i < Seq.length (view'0 self) -> resolve'3 (index_logic'0 self i) + [%#svec1] forall i : int . Int128.to_int (0 : Int128.t) <= i /\ i < Seq.length (view'0 self) + -> resolve'3 (index_logic'0 self i) use T_alloc__raw_vec__RawVec as RawVec'0 predicate resolve'2 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : RawVec'0.t_RawVec t a) = true - predicate resolve'1 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : usize) = + predicate resolve'1 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : UInt64.t) = true predicate structural_resolve'0 (x : Vec'0.t_Vec t a) = @@ -17161,19 +17317,24 @@ module M_creusot_contracts__stdqy35z1__vec__qyi8594830193745006303 [#"../../../c function view'0 [#"../../../creusot-contracts/src/std/vec.rs" 238 4 238 33] (self : IntoIter'0.t_IntoIter t a) : Seq.seq t + use prelude.prelude.Int128.to_int + + use prelude.prelude.Int128 + use prelude.prelude.Int predicate resolve'0 [#"../../../creusot-contracts/src/std/vec.rs" 246 4 246 28] (self : IntoIter'0.t_IntoIter t a) = - [%#svec1] forall i : int . 0 <= i /\ i < Seq.length (view'0 self) -> resolve'6 (Seq.get (view'0 self) i) + [%#svec1] forall i : int . Int128.to_int (0 : Int128.t) <= i /\ i < Seq.length (view'0 self) + -> resolve'6 (Seq.get (view'0 self) i) use T_core__marker__PhantomData as PhantomData'0 predicate resolve'5 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : PhantomData'0.t_PhantomData t) = true - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 - predicate resolve'4 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : usize) = + predicate resolve'4 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : UInt64.t) = true predicate resolve'3 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : ManuallyDrop'0.t_ManuallyDrop a) = @@ -17306,6 +17467,10 @@ module M_creusot_contracts__ghost_ptr__qyi9310404846416116048 [#"../../../creuso = [%#sfmap9] Map.get (view'0 self) k + use prelude.prelude.Int128.to_int + + use prelude.prelude.Int128 + use prelude.prelude.Int function addr_logic'0 [#"../../../creusot-contracts/src/ghost_ptr.rs" 158 4 158 30] (self : opaque_ptr) : int @@ -17314,7 +17479,7 @@ module M_creusot_contracts__ghost_ptr__qyi9310404846416116048 [#"../../../creuso axiom null_logic'0_spec : forall _1 : () . ([%#sghost_ptr7] forall ptr : opaque_ptr . addr_logic'0 ptr = addr_logic'0 (null_logic'0 _1) -> ptr = null_logic'0 _1) - && ([%#sghost_ptr6] addr_logic'0 (null_logic'0 _1) = 0) + && ([%#sghost_ptr6] addr_logic'0 (null_logic'0 _1) = Int128.to_int (0 : Int128.t)) function fin'0 [#"../../../creusot-contracts/src/ghost_ptr.rs" 223 4 223 44] (self : GhostPtrTokenMut'0.t_GhostPtrTokenMut t) : FMap'0.t_FMap opaque_ptr t @@ -17537,8 +17702,8 @@ end module M_creusot_contracts__stdqy35z1__deque__qyi3159098507555769709 [#"../../../creusot-contracts/src/std/deque.rs" 164 0 164 36] (* as std::iter::Iterator> *) type t - let%span sdeque0 = "../../../creusot-contracts/src/std/deque.rs" 189 4 189 90 - let%span sdeque1 = "../../../creusot-contracts/src/std/deque.rs" 182 4 182 26 + let%span sdeque0 = "../../../creusot-contracts/src/std/deque.rs" 182 4 182 26 + let%span sdeque1 = "../../../creusot-contracts/src/std/deque.rs" 189 4 189 90 let%span sdeque2 = "../../../creusot-contracts/src/std/deque.rs" 175 12 175 66 let%span sdeque3 = "../../../creusot-contracts/src/std/deque.rs" 160 8 160 14 let%span sslice4 = "../../../creusot-contracts/src/std/slice.rs" 100 14 100 41 @@ -17558,8 +17723,6 @@ module M_creusot_contracts__stdqy35z1__deque__qyi3159098507555769709 [#"../../.. use seq.Seq - use seq.Seq - use prelude.prelude.Slice use prelude.prelude.Borrow @@ -17570,20 +17733,20 @@ module M_creusot_contracts__stdqy35z1__deque__qyi3159098507555769709 [#"../../.. use prelude.prelude.Slice - use prelude.prelude.UIntSize + use prelude.prelude.UInt64.to_uint - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 use prelude.prelude.Int - constant v_MAX'0 : usize = (18446744073709551615 : usize) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) use seq.Seq function view'2 [#"../../../creusot-contracts/src/std/slice.rs" 31 4 31 33] (self : slice t) : Seq.seq t axiom view'2_spec : forall self : slice t . ([%#sslice9] view'2 self = Slice.id self) - && ([%#sslice8] Seq.length (view'2 self) <= UIntSize.to_int (v_MAX'0 : usize)) + && ([%#sslice8] Seq.length (view'2 self) <= UInt64.to_int (v_MAX'0 : UInt64.t)) function index_logic'0 [@inline:trivial] [#"../../../creusot-contracts/src/logic/ops.rs" 41 4 41 47] (self : slice t) (ix : int) : t @@ -17592,6 +17755,10 @@ module M_creusot_contracts__stdqy35z1__deque__qyi3159098507555769709 [#"../../.. use seq.Seq + use prelude.prelude.Int128.to_int + + use prelude.prelude.Int128 + function view'1 [#"../../../creusot-contracts/src/model.rs" 90 4 90 33] (self : slice t) : Seq.seq t = [%#smodel6] view'2 self @@ -17599,7 +17766,7 @@ module M_creusot_contracts__stdqy35z1__deque__qyi3159098507555769709 [#"../../.. function to_ref_seq'0 [#"../../../creusot-contracts/src/std/slice.rs" 102 4 102 35] (self : slice t) : Seq.seq t - axiom to_ref_seq'0_spec : forall self : slice t . ([%#sslice5] forall i : int . 0 <= i + axiom to_ref_seq'0_spec : forall self : slice t . ([%#sslice5] forall i : int . Int128.to_int (0 : Int128.t) <= i /\ i < Seq.length (to_ref_seq'0 self) -> Seq.get (to_ref_seq'0 self) i = index_logic'0 self i) && ([%#sslice4] Seq.length (to_ref_seq'0 self) = Seq.length (view'1 self)) @@ -17610,22 +17777,24 @@ module M_creusot_contracts__stdqy35z1__deque__qyi3159098507555769709 [#"../../.. = [%#sdeque2] to_ref_seq'0 (view'0 self) = Seq.(++) visited (to_ref_seq'0 (view'0 tl)) - goal produces_trans_refn : [%#sdeque0] forall a : Iter'0.t_Iter t . forall ab : Seq.seq t . forall b : Iter'0.t_Iter t . forall bc : Seq.seq t . forall c : Iter'0.t_Iter t . produces'0 b bc c - /\ produces'0 a ab b /\ inv'0 c /\ inv'0 b /\ inv'0 a - -> produces'0 b bc c - /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) + use seq.Seq - goal produces_refl_refn : [%#sdeque1] forall self : Iter'0.t_Iter t . inv'0 self + goal produces_refl_refn : [%#sdeque0] forall self : Iter'0.t_Iter t . inv'0 self -> (forall result : () . produces'0 self (Seq.empty : Seq.seq t) self -> produces'0 self (Seq.empty : Seq.seq t) self) + + goal produces_trans_refn : [%#sdeque1] forall a : Iter'0.t_Iter t . forall ab : Seq.seq t . forall b : Iter'0.t_Iter t . forall bc : Seq.seq t . forall c : Iter'0.t_Iter t . produces'0 b bc c + /\ produces'0 a ab b /\ inv'0 c /\ inv'0 b /\ inv'0 a + -> produces'0 b bc c + /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) end module M_creusot_contracts__stdqy35z1__iter__cloned__qyi10472681371035856984 [#"../../../creusot-contracts/src/std/iter/cloned.rs" 33 0 36 13] (* as std::iter::Iterator> *) type i type t - let%span scloned0 = "../../../creusot-contracts/src/std/iter/cloned.rs" 74 4 74 90 - let%span scloned1 = "../../../creusot-contracts/src/std/iter/cloned.rs" 64 4 64 26 + let%span scloned0 = "../../../creusot-contracts/src/std/iter/cloned.rs" 64 4 64 26 + let%span scloned1 = "../../../creusot-contracts/src/std/iter/cloned.rs" 74 4 74 90 let%span scloned2 = "../../../creusot-contracts/src/std/iter/cloned.rs" 52 8 57 9 let%span scloned3 = "../../../creusot-contracts/src/std/iter/cloned.rs" 12 4 12 41 let%span scloned4 = "../../../creusot-contracts/src/std/iter/cloned.rs" 14 20 14 26 @@ -17655,12 +17824,16 @@ module M_creusot_contracts__stdqy35z1__iter__cloned__qyi10472681371035856984 [#" use seq.Seq + use prelude.prelude.Int128.to_int + + use prelude.prelude.Int128 + use prelude.prelude.Int use seq.Seq predicate invariant'0 [#"../../../creusot-contracts/src/logic/seq.rs" 197 4 197 30] (self : Seq.seq t) = - [%#sseq5] forall i : int . 0 <= i /\ i < Seq.length self -> inv'3 (Seq.get self i) + [%#sseq5] forall i : int . Int128.to_int (0 : Int128.t) <= i /\ i < Seq.length self -> inv'3 (Seq.get self i) predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t) @@ -17685,8 +17858,6 @@ module M_creusot_contracts__stdqy35z1__iter__cloned__qyi10472681371035856984 [#" use seq.Seq - use seq.Seq - predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : i) (visited : Seq.seq t) (o : i) @@ -17702,27 +17873,29 @@ module M_creusot_contracts__stdqy35z1__iter__cloned__qyi10472681371035856984 [#" [%#scloned2] exists s : Seq.seq t . inv'1 s /\ produces'1 (iter'0 self) s (iter'0 o) /\ Seq.length visited = Seq.length s - /\ (forall i : int . 0 <= i /\ i < Seq.length s -> Seq.get visited i = Seq.get s i) + /\ (forall i : int . Int128.to_int (0 : Int128.t) <= i /\ i < Seq.length s -> Seq.get visited i = Seq.get s i) - goal produces_trans_refn : [%#scloned0] forall a : Cloned'0.t_Cloned i . forall ab : Seq.seq t . forall b : Cloned'0.t_Cloned i . forall bc : Seq.seq t . forall c : Cloned'0.t_Cloned i . produces'0 b bc c + use seq.Seq + + goal produces_refl_refn : [%#scloned0] forall self : Cloned'0.t_Cloned i . inv'0 self + -> inv'0 self + /\ (forall result : () . produces'0 self (Seq.empty : Seq.seq t) self + -> produces'0 self (Seq.empty : Seq.seq t) self) + + goal produces_trans_refn : [%#scloned1] forall a : Cloned'0.t_Cloned i . forall ab : Seq.seq t . forall b : Cloned'0.t_Cloned i . forall bc : Seq.seq t . forall c : Cloned'0.t_Cloned i . produces'0 b bc c /\ produces'0 a ab b /\ inv'0 c /\ inv'0 b /\ inv'0 a -> produces'0 b bc c /\ produces'0 a ab b /\ inv'0 c /\ inv'0 b /\ inv'0 a /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) - - goal produces_refl_refn : [%#scloned1] forall self : Cloned'0.t_Cloned i . inv'0 self - -> inv'0 self - /\ (forall result : () . produces'0 self (Seq.empty : Seq.seq t) self - -> produces'0 self (Seq.empty : Seq.seq t) self) end module M_creusot_contracts__stdqy35z1__iter__copied__qyi18224474876607687026 [#"../../../creusot-contracts/src/std/iter/copied.rs" 33 0 36 12] (* as std::iter::Iterator> *) type i type t - let%span scopied0 = "../../../creusot-contracts/src/std/iter/copied.rs" 74 4 74 90 - let%span scopied1 = "../../../creusot-contracts/src/std/iter/copied.rs" 64 4 64 26 + let%span scopied0 = "../../../creusot-contracts/src/std/iter/copied.rs" 64 4 64 26 + let%span scopied1 = "../../../creusot-contracts/src/std/iter/copied.rs" 74 4 74 90 let%span scopied2 = "../../../creusot-contracts/src/std/iter/copied.rs" 52 8 57 9 let%span scopied3 = "../../../creusot-contracts/src/std/iter/copied.rs" 12 4 12 41 let%span scopied4 = "../../../creusot-contracts/src/std/iter/copied.rs" 14 20 14 26 @@ -17752,12 +17925,16 @@ module M_creusot_contracts__stdqy35z1__iter__copied__qyi18224474876607687026 [#" use seq.Seq + use prelude.prelude.Int128.to_int + + use prelude.prelude.Int128 + use prelude.prelude.Int use seq.Seq predicate invariant'0 [#"../../../creusot-contracts/src/logic/seq.rs" 197 4 197 30] (self : Seq.seq t) = - [%#sseq5] forall i : int . 0 <= i /\ i < Seq.length self -> inv'3 (Seq.get self i) + [%#sseq5] forall i : int . Int128.to_int (0 : Int128.t) <= i /\ i < Seq.length self -> inv'3 (Seq.get self i) predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t) @@ -17782,8 +17959,6 @@ module M_creusot_contracts__stdqy35z1__iter__copied__qyi18224474876607687026 [#" use seq.Seq - use seq.Seq - predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : i) (visited : Seq.seq t) (o : i) @@ -17799,25 +17974,27 @@ module M_creusot_contracts__stdqy35z1__iter__copied__qyi18224474876607687026 [#" [%#scopied2] exists s : Seq.seq t . inv'1 s /\ produces'1 (iter'0 self) s (iter'0 o) /\ Seq.length visited = Seq.length s - /\ (forall i : int . 0 <= i /\ i < Seq.length s -> Seq.get visited i = Seq.get s i) + /\ (forall i : int . Int128.to_int (0 : Int128.t) <= i /\ i < Seq.length s -> Seq.get visited i = Seq.get s i) + + use seq.Seq + + goal produces_refl_refn : [%#scopied0] forall self : Copied'0.t_Copied i . inv'0 self + -> inv'0 self + /\ (forall result : () . produces'0 self (Seq.empty : Seq.seq t) self + -> produces'0 self (Seq.empty : Seq.seq t) self) - goal produces_trans_refn : [%#scopied0] forall a : Copied'0.t_Copied i . forall ab : Seq.seq t . forall b : Copied'0.t_Copied i . forall bc : Seq.seq t . forall c : Copied'0.t_Copied i . produces'0 b bc c + goal produces_trans_refn : [%#scopied1] forall a : Copied'0.t_Copied i . forall ab : Seq.seq t . forall b : Copied'0.t_Copied i . forall bc : Seq.seq t . forall c : Copied'0.t_Copied i . produces'0 b bc c /\ produces'0 a ab b /\ inv'0 c /\ inv'0 b /\ inv'0 a -> produces'0 b bc c /\ produces'0 a ab b /\ inv'0 c /\ inv'0 b /\ inv'0 a /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) - - goal produces_refl_refn : [%#scopied1] forall self : Copied'0.t_Copied i . inv'0 self - -> inv'0 self - /\ (forall result : () . produces'0 self (Seq.empty : Seq.seq t) self - -> produces'0 self (Seq.empty : Seq.seq t) self) end module M_creusot_contracts__stdqy35z1__iter__empty__qyi10605201058978801838 [#"../../../creusot-contracts/src/std/iter/empty.rs" 3 0 3 29] (* as std::iter::Iterator> *) type t - let%span sempty0 = "../../../creusot-contracts/src/std/iter/empty.rs" 30 4 30 90 - let%span sempty1 = "../../../creusot-contracts/src/std/iter/empty.rs" 20 4 20 26 + let%span sempty0 = "../../../creusot-contracts/src/std/iter/empty.rs" 20 4 20 26 + let%span sempty1 = "../../../creusot-contracts/src/std/iter/empty.rs" 30 4 30 90 let%span sempty2 = "../../../creusot-contracts/src/std/iter/empty.rs" 13 20 13 54 use T_core__iter__sources__empty__Empty as Empty'0 @@ -17837,23 +18014,23 @@ module M_creusot_contracts__stdqy35z1__iter__empty__qyi10605201058978801838 [#". = [%#sempty2] visited = (Seq.empty : Seq.seq t) /\ self = o - goal produces_trans_refn : [%#sempty0] forall a : Empty'0.t_Empty t . forall ab : Seq.seq t . forall b : Empty'0.t_Empty t . forall bc : Seq.seq t . forall c : Empty'0.t_Empty t . produces'0 b bc c + goal produces_refl_refn : [%#sempty0] forall self : Empty'0.t_Empty t . inv'0 self + -> inv'0 self + /\ (forall result : () . produces'0 self (Seq.empty : Seq.seq t) self + -> produces'0 self (Seq.empty : Seq.seq t) self) + + goal produces_trans_refn : [%#sempty1] forall a : Empty'0.t_Empty t . forall ab : Seq.seq t . forall b : Empty'0.t_Empty t . forall bc : Seq.seq t . forall c : Empty'0.t_Empty t . produces'0 b bc c /\ produces'0 a ab b /\ inv'0 c /\ inv'0 b /\ inv'0 a -> produces'0 b bc c /\ produces'0 a ab b /\ inv'0 c /\ inv'0 b /\ inv'0 a /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) - - goal produces_refl_refn : [%#sempty1] forall self : Empty'0.t_Empty t . inv'0 self - -> inv'0 self - /\ (forall result : () . produces'0 self (Seq.empty : Seq.seq t) self - -> produces'0 self (Seq.empty : Seq.seq t) self) end module M_creusot_contracts__stdqy35z1__iter__enumerate__qyi2718914205750388896 [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 57 0 59 16] (* as std::iter::Iterator> *) type i - let%span senumerate0 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 99 4 99 90 - let%span senumerate1 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 89 4 89 26 + let%span senumerate0 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 89 4 89 26 + let%span senumerate1 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 99 4 99 90 let%span senumerate2 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 76 8 82 9 let%span senumerate3 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 24 8 24 14 let%span senumerate4 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 15 4 15 41 @@ -17877,12 +18054,16 @@ module M_creusot_contracts__stdqy35z1__iter__enumerate__qyi2718914205750388896 [ use seq.Seq + use prelude.prelude.Int128.to_int + + use prelude.prelude.Int128 + use prelude.prelude.Int use seq.Seq predicate invariant'1 [#"../../../creusot-contracts/src/logic/seq.rs" 197 4 197 30] (self : Seq.seq t_Item'0) = - [%#sseq7] forall i : int . 0 <= i /\ i < Seq.length self -> inv'3 (Seq.get self i) + [%#sseq7] forall i : int . Int128.to_int (0 : Int128.t) <= i /\ i < Seq.length self -> inv'3 (Seq.get self i) predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t_Item'0) @@ -17896,11 +18077,11 @@ module M_creusot_contracts__stdqy35z1__iter__enumerate__qyi2718914205750388896 [ predicate completed'0 [#"../../../creusot-contracts/src/std/iter.rs" 35 4 35 36] (self : borrowed i) - use prelude.prelude.UIntSize + use prelude.prelude.UInt64.to_uint - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 - constant v_MAX'0 : usize = (18446744073709551615 : usize) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) use T_core__iter__adapters__enumerate__Enumerate as Enumerate'0 @@ -17921,7 +18102,7 @@ module M_creusot_contracts__stdqy35z1__iter__enumerate__qyi2718914205750388896 [ = [%#senumerate6] (forall s : Seq.seq t_Item'0, i : i [produces'1 (iter'0 self) s i] . inv'1 s - /\ inv'2 i /\ produces'1 (iter'0 self) s i -> n'0 self + Seq.length s < UIntSize.to_int v_MAX'0) + /\ inv'2 i /\ produces'1 (iter'0 self) s i -> n'0 self + Seq.length s < UInt64.to_int v_MAX'0) /\ (forall i : borrowed i . completed'0 i -> produces'1 i.current (Seq.empty : Seq.seq t_Item'0) i.final) axiom inv_axiom'0 [@rewrite] : forall x : Enumerate'0.t_Enumerate i [inv'0 x] . inv'0 x @@ -17940,38 +18121,38 @@ module M_creusot_contracts__stdqy35z1__iter__enumerate__qyi2718914205750388896 [ use seq.Seq - use seq.Seq - - predicate produces'0 [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 75 4 75 64] (self : Enumerate'0.t_Enumerate i) (visited : Seq.seq (usize, t_Item'0)) (o : Enumerate'0.t_Enumerate i) + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 75 4 75 64] (self : Enumerate'0.t_Enumerate i) (visited : Seq.seq (UInt64.t, t_Item'0)) (o : Enumerate'0.t_Enumerate i) = [%#senumerate2] Seq.length visited = n'0 o - n'0 self /\ (exists s : Seq.seq t_Item'0 . inv'1 s /\ produces'1 (iter'0 self) s (iter'0 o) /\ Seq.length visited = Seq.length s - /\ (forall i : int . 0 <= i /\ i < Seq.length s - -> UIntSize.to_int (let (a, _) = Seq.get visited i in a) = n'0 self + i + /\ (forall i : int . Int128.to_int (0 : Int128.t) <= i /\ i < Seq.length s + -> UInt64.to_int (let (a, _) = Seq.get visited i in a) = n'0 self + i /\ (let (_, a) = Seq.get visited i in a) = Seq.get s i)) - goal produces_trans_refn : [%#senumerate0] forall a : Enumerate'0.t_Enumerate i . forall ab : Seq.seq (usize, t_Item'0) . forall b : Enumerate'0.t_Enumerate i . forall bc : Seq.seq (usize, t_Item'0) . forall c : Enumerate'0.t_Enumerate i . produces'0 b bc c + use seq.Seq + + goal produces_refl_refn : [%#senumerate0] forall self : Enumerate'0.t_Enumerate i . inv'0 self + -> inv'0 self + /\ (forall result : () . produces'0 self (Seq.empty : Seq.seq (UInt64.t, t_Item'0)) self + -> produces'0 self (Seq.empty : Seq.seq (UInt64.t, t_Item'0)) self) + + goal produces_trans_refn : [%#senumerate1] forall a : Enumerate'0.t_Enumerate i . forall ab : Seq.seq (UInt64.t, t_Item'0) . forall b : Enumerate'0.t_Enumerate i . forall bc : Seq.seq (UInt64.t, t_Item'0) . forall c : Enumerate'0.t_Enumerate i . produces'0 b bc c /\ produces'0 a ab b /\ inv'0 c /\ inv'0 b /\ inv'0 a -> produces'0 b bc c /\ produces'0 a ab b /\ inv'0 c /\ inv'0 b /\ inv'0 a /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) - - goal produces_refl_refn : [%#senumerate1] forall self : Enumerate'0.t_Enumerate i . inv'0 self - -> inv'0 self - /\ (forall result : () . produces'0 self (Seq.empty : Seq.seq (usize, t_Item'0)) self - -> produces'0 self (Seq.empty : Seq.seq (usize, t_Item'0)) self) end module M_creusot_contracts__stdqy35z1__iter__filter__qyi9573749579793237160 [#"../../../creusot-contracts/src/std/iter/filter.rs" 93 0 96 31] (* as std::iter::Iterator> *) type i type f - let%span sfilter0 = "../../../creusot-contracts/src/std/iter/filter.rs" 143 4 143 90 - let%span sfilter1 = "../../../creusot-contracts/src/std/iter/filter.rs" 131 4 131 26 + let%span sfilter0 = "../../../creusot-contracts/src/std/iter/filter.rs" 131 4 131 26 + let%span sfilter1 = "../../../creusot-contracts/src/std/iter/filter.rs" 143 4 143 90 let%span sfilter2 = "../../../creusot-contracts/src/std/iter/filter.rs" 111 8 124 9 let%span sfilter3 = "../../../creusot-contracts/src/std/iter/filter.rs" 27 4 27 41 let%span sfilter4 = "../../../creusot-contracts/src/std/iter/filter.rs" 29 8 29 14 @@ -17979,9 +18160,9 @@ module M_creusot_contracts__stdqy35z1__iter__filter__qyi9573749579793237160 [#". let%span sfilter6 = "../../../creusot-contracts/src/std/iter/filter.rs" 21 8 21 14 let%span sfilter7 = "../../../creusot-contracts/src/std/iter/filter.rs" 46 8 58 9 - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : f) + predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : f) - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : i) + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : i) type t_Item'0 @@ -18009,19 +18190,21 @@ module M_creusot_contracts__stdqy35z1__iter__filter__qyi9573749579793237160 [#". axiom inv_axiom'0 [@rewrite] : forall x : Filter'0.t_Filter i f [inv'0 x] . inv'0 x = (invariant'0 x /\ match x with - | Filter'0.C_Filter iter predicate' -> inv'2 iter /\ inv'1 predicate' + | Filter'0.C_Filter iter predicate' -> inv'1 iter /\ inv'2 predicate' end) use seq.Seq use seq.Seq - use seq.Seq - use map.Map use seq.Seq + use prelude.prelude.Int128.to_int + + use prelude.prelude.Int128 + use seq.Seq predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : i) (visited : Seq.seq t_Item'0) (o : i) @@ -18029,7 +18212,7 @@ module M_creusot_contracts__stdqy35z1__iter__filter__qyi9573749579793237160 [#". function iter'0 [#"../../../creusot-contracts/src/std/iter/filter.rs" 20 4 20 22] (self : Filter'0.t_Filter i f) : i - axiom iter'0_spec : forall self : Filter'0.t_Filter i f . [%#sfilter5] inv'0 self -> inv'2 (iter'0 self) + axiom iter'0_spec : forall self : Filter'0.t_Filter i f . [%#sfilter5] inv'0 self -> inv'1 (iter'0 self) use prelude.prelude.Int @@ -18037,38 +18220,41 @@ module M_creusot_contracts__stdqy35z1__iter__filter__qyi9573749579793237160 [#". function func'0 [#"../../../creusot-contracts/src/std/iter/filter.rs" 28 4 28 22] (self : Filter'0.t_Filter i f) : f - axiom func'0_spec : forall self : Filter'0.t_Filter i f . [%#sfilter3] inv'0 self -> inv'1 (func'0 self) + axiom func'0_spec : forall self : Filter'0.t_Filter i f . [%#sfilter3] inv'0 self -> inv'2 (func'0 self) predicate produces'0 [#"../../../creusot-contracts/src/std/iter/filter.rs" 110 4 110 67] (self : Filter'0.t_Filter i f) (visited : Seq.seq t_Item'0) (succ : Filter'0.t_Filter i f) = [%#sfilter2] unnest'0 (func'0 self) (func'0 succ) /\ (exists s : Seq.seq t_Item'0, f : Map.map int int . produces'1 (iter'0 self) s (iter'0 succ) - /\ (forall i : int, j : int . 0 <= i /\ i <= j /\ j < Seq.length visited - -> 0 <= Map.get f i /\ Map.get f i <= Map.get f j /\ Map.get f j < Seq.length s) - /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> Seq.get visited i = Seq.get s (Map.get f i)) + /\ (forall i : int, j : int . Int128.to_int (0 : Int128.t) <= i /\ i <= j /\ j < Seq.length visited + -> Int128.to_int (0 : Int128.t) <= Map.get f i /\ Map.get f i <= Map.get f j /\ Map.get f j < Seq.length s) + /\ (forall i : int . Int128.to_int (0 : Int128.t) <= i /\ i < Seq.length visited + -> Seq.get visited i = Seq.get s (Map.get f i)) /\ (forall bor_f : borrowed f, i : int . bor_f.current = func'0 self /\ bor_f.final = func'0 self - -> 0 <= i /\ i < Seq.length s - -> (exists j : int . 0 <= j /\ j < Seq.length visited /\ Map.get f j = i) + -> Int128.to_int (0 : Int128.t) <= i /\ i < Seq.length s + -> (exists j : int . Int128.to_int (0 : Int128.t) <= j /\ j < Seq.length visited /\ Map.get f j = i) = postcondition_mut'0 bor_f (Seq.get s i) true)) - goal produces_trans_refn : [%#sfilter0] forall a : Filter'0.t_Filter i f . forall ab : Seq.seq t_Item'0 . forall b : Filter'0.t_Filter i f . forall bc : Seq.seq t_Item'0 . forall c : Filter'0.t_Filter i f . produces'0 b bc c + use seq.Seq + + goal produces_refl_refn : [%#sfilter0] forall self : Filter'0.t_Filter i f . inv'0 self + -> inv'0 self + /\ (forall result : () . produces'0 self (Seq.empty : Seq.seq t_Item'0) self + -> produces'0 self (Seq.empty : Seq.seq t_Item'0) self) + + goal produces_trans_refn : [%#sfilter1] forall a : Filter'0.t_Filter i f . forall ab : Seq.seq t_Item'0 . forall b : Filter'0.t_Filter i f . forall bc : Seq.seq t_Item'0 . forall c : Filter'0.t_Filter i f . produces'0 b bc c /\ produces'0 a ab b /\ inv'0 c /\ inv'0 b /\ inv'0 a -> produces'0 b bc c /\ produces'0 a ab b /\ inv'0 c /\ inv'0 b /\ inv'0 a /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) - - goal produces_refl_refn : [%#sfilter1] forall self : Filter'0.t_Filter i f . inv'0 self - -> inv'0 self - /\ (forall result : () . produces'0 self (Seq.empty : Seq.seq t_Item'0) self - -> produces'0 self (Seq.empty : Seq.seq t_Item'0) self) end module M_creusot_contracts__stdqy35z1__iter__fuse__qyi10730559947553418603 [#"../../../creusot-contracts/src/std/iter/fuse.rs" 15 0 15 38] (* as std::iter::Iterator> *) type i - let%span sfuse0 = "../../../creusot-contracts/src/std/iter/fuse.rs" 54 4 54 90 - let%span sfuse1 = "../../../creusot-contracts/src/std/iter/fuse.rs" 44 4 44 26 + let%span sfuse0 = "../../../creusot-contracts/src/std/iter/fuse.rs" 44 4 44 26 + let%span sfuse1 = "../../../creusot-contracts/src/std/iter/fuse.rs" 54 4 54 90 let%span sfuse2 = "../../../creusot-contracts/src/std/iter/fuse.rs" 30 12 36 13 let%span sfuse3 = "../../../creusot-contracts/src/std/iter/fuse.rs" 9 4 9 41 let%span sfuse4 = "../../../creusot-contracts/src/std/iter/fuse.rs" 11 20 11 26 @@ -18096,8 +18282,6 @@ module M_creusot_contracts__stdqy35z1__iter__fuse__qyi10730559947553418603 [#".. use seq.Seq - use seq.Seq - type t_Item'0 use seq.Seq @@ -18110,6 +18294,8 @@ module M_creusot_contracts__stdqy35z1__iter__fuse__qyi10730559947553418603 [#".. axiom view'0_spec : forall self : Fuse'0.t_Fuse i . [%#sfuse3] inv'0 self -> inv'1 (view'0 self) + use seq.Seq + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/fuse.rs" 28 4 28 65] (self : Fuse'0.t_Fuse i) (prod : Seq.seq t_Item'0) (other : Fuse'0.t_Fuse i) = @@ -18121,17 +18307,17 @@ module M_creusot_contracts__stdqy35z1__iter__fuse__qyi10730559947553418603 [#".. end end - goal produces_trans_refn : [%#sfuse0] forall a : Fuse'0.t_Fuse i . forall ab : Seq.seq t_Item'0 . forall b : Fuse'0.t_Fuse i . forall bc : Seq.seq t_Item'0 . forall c : Fuse'0.t_Fuse i . produces'0 b bc c + goal produces_refl_refn : [%#sfuse0] forall self : Fuse'0.t_Fuse i . inv'0 self + -> inv'0 self + /\ (forall result : () . produces'0 self (Seq.empty : Seq.seq t_Item'0) self + -> produces'0 self (Seq.empty : Seq.seq t_Item'0) self) + + goal produces_trans_refn : [%#sfuse1] forall a : Fuse'0.t_Fuse i . forall ab : Seq.seq t_Item'0 . forall b : Fuse'0.t_Fuse i . forall bc : Seq.seq t_Item'0 . forall c : Fuse'0.t_Fuse i . produces'0 b bc c /\ produces'0 a ab b /\ inv'0 c /\ inv'0 b /\ inv'0 a -> produces'0 b bc c /\ produces'0 a ab b /\ inv'0 c /\ inv'0 b /\ inv'0 a /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) - - goal produces_refl_refn : [%#sfuse1] forall self : Fuse'0.t_Fuse i . inv'0 self - -> inv'0 self - /\ (forall result : () . produces'0 self (Seq.empty : Seq.seq t_Item'0) self - -> produces'0 self (Seq.empty : Seq.seq t_Item'0) self) end module M_creusot_contracts__stdqy35z1__iter__map__qyi6597778842032428791 [#"../../../creusot-contracts/src/std/iter/map.rs" 47 0 51 27] (* as std::iter::Iterator> *) type b @@ -18140,8 +18326,8 @@ module M_creusot_contracts__stdqy35z1__iter__map__qyi6597778842032428791 [#"../. type f - let%span smap0 = "../../../creusot-contracts/src/std/iter/map.rs" 97 4 97 90 - let%span smap1 = "../../../creusot-contracts/src/std/iter/map.rs" 85 4 85 26 + let%span smap0 = "../../../creusot-contracts/src/std/iter/map.rs" 85 4 85 26 + let%span smap1 = "../../../creusot-contracts/src/std/iter/map.rs" 97 4 97 90 let%span smap2 = "../../../creusot-contracts/src/std/iter/map.rs" 65 8 78 9 let%span smap3 = "../../../creusot-contracts/src/std/iter/map.rs" 26 4 26 41 let%span smap4 = "../../../creusot-contracts/src/std/iter/map.rs" 28 8 28 14 @@ -18151,12 +18337,12 @@ module M_creusot_contracts__stdqy35z1__iter__map__qyi6597778842032428791 [#"../. let%span sboxed8 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 let%span sinvariant9 = "../../../creusot-contracts/src/invariant.rs" 34 20 34 44 - predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : f) + predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : f) use prelude.prelude.Borrow predicate invariant'4 [#"../../../creusot-contracts/src/invariant.rs" 33 4 33 30] (self : borrowed f) = - [%#sinvariant9] inv'3 self.current /\ inv'3 self.final + [%#sinvariant9] inv'4 self.current /\ inv'4 self.final predicate inv'7 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : borrowed f) @@ -18184,12 +18370,16 @@ module M_creusot_contracts__stdqy35z1__iter__map__qyi6597778842032428791 [#"../. use seq.Seq + use prelude.prelude.Int128.to_int + + use prelude.prelude.Int128 + use prelude.prelude.Int use seq.Seq predicate invariant'1 [#"../../../creusot-contracts/src/logic/seq.rs" 197 4 197 30] (self : Seq.seq t_Item'0) = - [%#sseq7] forall i : int . 0 <= i /\ i < Seq.length self -> inv'6 (Seq.get self i) + [%#sseq7] forall i : int . Int128.to_int (0 : Int128.t) <= i /\ i < Seq.length self -> inv'6 (Seq.get self i) predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t_Item'0) @@ -18202,13 +18392,13 @@ module M_creusot_contracts__stdqy35z1__iter__map__qyi6597778842032428791 [#"../. use seq.Seq predicate invariant'0 [#"../../../creusot-contracts/src/logic/seq.rs" 197 4 197 30] (self : Seq.seq (borrowed f)) = - [%#sseq7] forall i : int . 0 <= i /\ i < Seq.length self -> inv'5 (Seq.get self i) + [%#sseq7] forall i : int . Int128.to_int (0 : Int128.t) <= i /\ i < Seq.length self -> inv'5 (Seq.get self i) predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq (borrowed f)) axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq (borrowed f) [inv'1 x] . inv'1 x = invariant'0 x - predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : i) + predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : i) use T_core__iter__adapters__map__Map as Map'0 @@ -18216,13 +18406,11 @@ module M_creusot_contracts__stdqy35z1__iter__map__qyi6597778842032428791 [#"../. axiom inv_axiom'0 [@rewrite] : forall x : Map'0.t_Map i f [inv'0 x] . inv'0 x = match x with - | Map'0.C_Map iter f -> inv'4 iter /\ inv'3 f + | Map'0.C_Map iter f -> inv'3 iter /\ inv'4 f end use seq.Seq - use seq.Seq - predicate postcondition_mut'0 [#"../../../creusot-contracts/src/std/ops.rs" 89 4 89 69] (self : borrowed f) (_2 : t_Item'0) (_3 : b) @@ -18239,7 +18427,7 @@ module M_creusot_contracts__stdqy35z1__iter__map__qyi6597778842032428791 [#"../. function iter'0 [#"../../../creusot-contracts/src/std/iter/map.rs" 19 4 19 22] (self : Map'0.t_Map i f) : i - axiom iter'0_spec : forall self : Map'0.t_Map i f . [%#smap5] inv'0 self -> inv'4 (iter'0 self) + axiom iter'0_spec : forall self : Map'0.t_Map i f . [%#smap5] inv'0 self -> inv'3 (iter'0 self) use seq.Seq @@ -18247,7 +18435,7 @@ module M_creusot_contracts__stdqy35z1__iter__map__qyi6597778842032428791 [#"../. function func'0 [#"../../../creusot-contracts/src/std/iter/map.rs" 27 4 27 22] (self : Map'0.t_Map i f) : f - axiom func'0_spec : forall self : Map'0.t_Map i f . [%#smap3] inv'0 self -> inv'3 (func'0 self) + axiom func'0_spec : forall self : Map'0.t_Map i f . [%#smap3] inv'0 self -> inv'4 (func'0 self) use seq.Seq @@ -18260,28 +18448,32 @@ module M_creusot_contracts__stdqy35z1__iter__map__qyi6597778842032428791 [#"../. /\ (exists s : Seq.seq t_Item'0 [produces'1 (iter'0 self) s (iter'0 succ)] . inv'2 s /\ Seq.length s = Seq.length visited /\ produces'1 (iter'0 self) s (iter'0 succ) - /\ (forall i : int . 1 <= i /\ i < Seq.length fs -> (Seq.get fs (i - 1)).final = (Seq.get fs i).current) - /\ (if Seq.length visited = 0 then + /\ (forall i : int . Int128.to_int (1 : Int128.t) <= i /\ i < Seq.length fs + -> (Seq.get fs (i - Int128.to_int (1 : Int128.t))).final = (Seq.get fs i).current) + /\ (if Seq.length visited = Int128.to_int (0 : Int128.t) then func'0 self = func'0 succ else - (Seq.get fs 0).current = func'0 self /\ (Seq.get fs (Seq.length visited - 1)).final = func'0 succ + (Seq.get fs (Int128.to_int (0 : Int128.t))).current = func'0 self + /\ (Seq.get fs (Seq.length visited - Int128.to_int (1 : Int128.t))).final = func'0 succ ) - /\ (forall i : int . 0 <= i /\ i < Seq.length visited + /\ (forall i : int . Int128.to_int (0 : Int128.t) <= i /\ i < Seq.length visited -> unnest'0 (func'0 self) (Seq.get fs i).current /\ precondition'0 (Seq.get fs i).current (Seq.get s i) /\ postcondition_mut'0 (Seq.get fs i) (Seq.get s i) (Seq.get visited i)))) - goal produces_trans_refn : [%#smap0] forall a : Map'0.t_Map i f . forall ab : Seq.seq b . forall b : Map'0.t_Map i f . forall bc : Seq.seq b . forall c : Map'0.t_Map i f . produces'0 b bc c - /\ produces'0 a ab b /\ inv'0 c /\ inv'0 b /\ inv'0 a - -> produces'0 b bc c - /\ produces'0 a ab b - /\ inv'0 c - /\ inv'0 b /\ inv'0 a /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) + use seq.Seq - goal produces_refl_refn : [%#smap1] forall self : Map'0.t_Map i f . inv'0 self + goal produces_refl_refn : [%#smap0] forall self : Map'0.t_Map i f . inv'0 self -> inv'0 self /\ (forall result : () . produces'0 self (Seq.empty : Seq.seq b) self -> produces'0 self (Seq.empty : Seq.seq b) self) + + goal produces_trans_refn : [%#smap1] forall a : Map'0.t_Map i f . forall ab : Seq.seq b . forall b : Map'0.t_Map i f . forall bc : Seq.seq b . forall c : Map'0.t_Map i f . produces'0 b bc c + /\ produces'0 a ab b /\ inv'0 c /\ inv'0 b /\ inv'0 a + -> produces'0 b bc c + /\ produces'0 a ab b + /\ inv'0 c + /\ inv'0 b /\ inv'0 a /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) end module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi9026772487048432788 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 9 0 10 29] (* ::Item, F> as std::iter::Iterator> *) type i @@ -18290,67 +18482,71 @@ module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi9026772487048432788 [#" type f - let%span smap_inv0 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 39 4 39 90 - let%span smap_inv1 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 27 4 27 26 + let%span smap_inv0 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 27 4 27 26 + let%span smap_inv1 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 39 4 39 90 let%span smap_inv2 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 45 8 58 9 let%span smap_inv3 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 85 12 87 73 - let%span sseq4 = "../../../creusot-contracts/src/logic/seq.rs" 198 8 198 97 - let%span smap_inv5 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 165 8 171 9 - let%span smap_inv6 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 137 4 137 83 - let%span smap_inv7 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 139 8 146 9 - let%span smap_inv8 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 127 8 131 9 + let%span smap_inv4 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 165 8 171 9 + let%span smap_inv5 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 137 4 137 83 + let%span smap_inv6 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 139 8 146 9 + let%span smap_inv7 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 127 8 131 9 + let%span sseq8 = "../../../creusot-contracts/src/logic/seq.rs" 198 8 198 97 let%span smap_inv9 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 152 8 159 9 - let%span sboxed10 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 - let%span sinvariant11 = "../../../creusot-contracts/src/invariant.rs" 34 20 34 44 + let%span sinvariant10 = "../../../creusot-contracts/src/invariant.rs" 34 20 34 44 + let%span sboxed11 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 - predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : f) + type t_Item'0 - use prelude.prelude.Borrow + predicate inv'6 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) - predicate invariant'6 [#"../../../creusot-contracts/src/invariant.rs" 33 4 33 30] (self : borrowed f) = - [%#sinvariant11] inv'4 self.current /\ inv'4 self.final + predicate invariant'6 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : t_Item'0) = + [%#sboxed11] inv'6 self - predicate inv'9 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : borrowed f) + predicate inv'10 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) - axiom inv_axiom'6 [@rewrite] : forall x : borrowed f [inv'9 x] . inv'9 x = invariant'6 x + axiom inv_axiom'6 [@rewrite] : forall x : t_Item'0 [inv'10 x] . inv'10 x = invariant'6 x - predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : i) + use prelude.prelude.Borrow - predicate invariant'5 [#"../../../creusot-contracts/src/invariant.rs" 33 4 33 30] (self : borrowed i) = - [%#sinvariant11] inv'3 self.current /\ inv'3 self.final + predicate inv'7 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : borrowed f) - predicate inv'7 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : borrowed i) + predicate invariant'5 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : borrowed f) = + [%#sboxed11] inv'7 self - axiom inv_axiom'5 [@rewrite] : forall x : borrowed i [inv'7 x] . inv'7 x = invariant'5 x + predicate inv'9 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : borrowed f) - type t_Item'0 + axiom inv_axiom'5 [@rewrite] : forall x : borrowed f [inv'9 x] . inv'9 x = invariant'5 x - predicate inv'8 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) + predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : f) - predicate invariant'4 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : t_Item'0) = - [%#sboxed10] inv'8 self + predicate invariant'4 [#"../../../creusot-contracts/src/invariant.rs" 33 4 33 30] (self : borrowed f) = + [%#sinvariant10] inv'4 self.current /\ inv'4 self.final - predicate inv'6 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) + axiom inv_axiom'4 [@rewrite] : forall x : borrowed f [inv'7 x] . inv'7 x = invariant'4 x - axiom inv_axiom'4 [@rewrite] : forall x : t_Item'0 [inv'6 x] . inv'6 x = invariant'4 x + predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : i) - predicate invariant'3 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : borrowed f) = - [%#sboxed10] inv'9 self + predicate invariant'3 [#"../../../creusot-contracts/src/invariant.rs" 33 4 33 30] (self : borrowed i) = + [%#sinvariant10] inv'3 self.current /\ inv'3 self.final - predicate inv'5 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : borrowed f) + predicate inv'5 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : borrowed i) - axiom inv_axiom'3 [@rewrite] : forall x : borrowed f [inv'5 x] . inv'5 x = invariant'3 x + axiom inv_axiom'3 [@rewrite] : forall x : borrowed i [inv'5 x] . inv'5 x = invariant'3 x use seq.Seq use seq.Seq + use prelude.prelude.Int128.to_int + + use prelude.prelude.Int128 + use prelude.prelude.Int use seq.Seq predicate invariant'2 [#"../../../creusot-contracts/src/logic/seq.rs" 197 4 197 30] (self : Seq.seq t_Item'0) = - [%#sseq4] forall i : int . 0 <= i /\ i < Seq.length self -> inv'6 (Seq.get self i) + [%#sseq8] forall i : int . Int128.to_int (0 : Int128.t) <= i /\ i < Seq.length self -> inv'10 (Seq.get self i) predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t_Item'0) @@ -18363,7 +18559,7 @@ module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi9026772487048432788 [#" use seq.Seq predicate invariant'1 [#"../../../creusot-contracts/src/logic/seq.rs" 197 4 197 30] (self : Seq.seq (borrowed f)) = - [%#sseq4] forall i : int . 0 <= i /\ i < Seq.length self -> inv'5 (Seq.get self i) + [%#sseq8] forall i : int . Int128.to_int (0 : Int128.t) <= i /\ i < Seq.length self -> inv'9 (Seq.get self i) predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq (borrowed f)) @@ -18384,7 +18580,7 @@ module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi9026772487048432788 [#" predicate next_precondition'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 126 4 126 78] (iter : i) (func : f) (produced : Seq.seq t_Item'0) = - [%#smap_inv8] forall e : t_Item'0, i : i . inv'8 e /\ inv'3 i /\ produces'1 iter (Seq.singleton e) i + [%#smap_inv7] forall e : t_Item'0, i : i . inv'6 e /\ inv'3 i /\ produces'1 iter (Seq.singleton e) i -> precondition'0 func (e, Snapshot.new produced) predicate postcondition_mut'0 [#"../../../creusot-contracts/src/std/ops.rs" 89 4 89 69] (self : borrowed f) (_2 : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (_3 : b) @@ -18396,11 +18592,11 @@ module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi9026772487048432788 [#" predicate unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 97 4 97 36] (self : f) (_2 : f) - predicate inv'10 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : b) + predicate inv'8 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : b) predicate preservation'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 151 4 151 49] (iter : i) (func : f) = [%#smap_inv9] forall s : Seq.seq t_Item'0, e1 : t_Item'0, e2 : t_Item'0, f : borrowed f, b : b, i : i . inv'2 s - /\ inv'8 e1 /\ inv'8 e2 /\ inv'9 f /\ inv'10 b /\ inv'3 i /\ unnest'0 func f.current + /\ inv'6 e1 /\ inv'6 e2 /\ inv'7 f /\ inv'8 b /\ inv'3 i /\ unnest'0 func f.current -> produces'1 iter (Seq.snoc (Seq.snoc s e1) e2) i -> precondition'0 f.current (e1, Snapshot.new s) -> postcondition_mut'0 f (e1, Snapshot.new s) b -> precondition'0 f.final (e2, Snapshot.new (Seq.snoc s e1)) @@ -18410,14 +18606,14 @@ module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi9026772487048432788 [#" predicate preservation_inv'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 138 4 138 73] (iter : i) (func : f) (produced : Seq.seq t_Item'0) = - [%#smap_inv7] forall s : Seq.seq t_Item'0, e1 : t_Item'0, e2 : t_Item'0, f : borrowed f, b : b, i : i . inv'2 s - /\ inv'8 e1 /\ inv'8 e2 /\ inv'9 f /\ inv'10 b /\ inv'3 i /\ unnest'0 func f.current + [%#smap_inv6] forall s : Seq.seq t_Item'0, e1 : t_Item'0, e2 : t_Item'0, f : borrowed f, b : b, i : i . inv'2 s + /\ inv'6 e1 /\ inv'6 e2 /\ inv'7 f /\ inv'8 b /\ inv'3 i /\ unnest'0 func f.current -> produces'1 iter (Seq.snoc (Seq.snoc s e1) e2) i -> precondition'0 f.current (e1, Snapshot.new (Seq.(++) produced s)) -> postcondition_mut'0 f (e1, Snapshot.new (Seq.(++) produced s)) b -> precondition'0 f.final (e2, Snapshot.new (Seq.snoc (Seq.(++) produced s) e1)) - axiom preservation_inv'0_spec : forall iter : i, func : f, produced : Seq.seq t_Item'0 . [%#smap_inv6] produced + axiom preservation_inv'0_spec : forall iter : i, func : f, produced : Seq.seq t_Item'0 . [%#smap_inv5] produced = (Seq.empty : Seq.seq t_Item'0) -> preservation_inv'0 iter func produced = preservation'0 iter func use prelude.prelude.Snapshot @@ -18431,7 +18627,7 @@ module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi9026772487048432788 [#" predicate completed'0 [#"../../../creusot-contracts/src/std/iter.rs" 35 4 35 36] (self : borrowed i) predicate reinitialize'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 164 4 164 33] (_1 : ()) = - [%#smap_inv5] forall iter : borrowed i, func : f . inv'7 iter /\ inv'4 func + [%#smap_inv4] forall iter : borrowed i, func : f . inv'5 iter /\ inv'4 func -> completed'0 iter -> next_precondition'0 iter.final func (Seq.empty : Seq.seq t_Item'0) /\ preservation'0 iter.final func @@ -18462,8 +18658,6 @@ module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi9026772487048432788 [#" use seq.Seq - use seq.Seq - use prelude.prelude.Snapshot use seq.Seq @@ -18481,37 +18675,41 @@ module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi9026772487048432788 [#" /\ produces'1 (T_creusot_contracts__stdqy35z1__iter__map_inv__MapInv.t_MapInv__iter self) s (T_creusot_contracts__stdqy35z1__iter__map_inv__MapInv.t_MapInv__iter succ) /\ Snapshot.inner (T_creusot_contracts__stdqy35z1__iter__map_inv__MapInv.t_MapInv__produced succ) = Seq.(++) (Snapshot.inner (T_creusot_contracts__stdqy35z1__iter__map_inv__MapInv.t_MapInv__produced self)) s - /\ (forall i : int . 1 <= i /\ i < Seq.length fs -> (Seq.get fs (i - 1)).final = (Seq.get fs i).current) - /\ (if Seq.length visited = 0 then + /\ (forall i : int . Int128.to_int (1 : Int128.t) <= i /\ i < Seq.length fs + -> (Seq.get fs (i - Int128.to_int (1 : Int128.t))).final = (Seq.get fs i).current) + /\ (if Seq.length visited = Int128.to_int (0 : Int128.t) then T_creusot_contracts__stdqy35z1__iter__map_inv__MapInv.t_MapInv__func self = T_creusot_contracts__stdqy35z1__iter__map_inv__MapInv.t_MapInv__func succ else - (Seq.get fs 0).current = T_creusot_contracts__stdqy35z1__iter__map_inv__MapInv.t_MapInv__func self - /\ (Seq.get fs (Seq.length visited - 1)).final + (Seq.get fs (Int128.to_int (0 : Int128.t))).current + = T_creusot_contracts__stdqy35z1__iter__map_inv__MapInv.t_MapInv__func self + /\ (Seq.get fs (Seq.length visited - Int128.to_int (1 : Int128.t))).final = T_creusot_contracts__stdqy35z1__iter__map_inv__MapInv.t_MapInv__func succ ) - /\ (forall i : int . 0 <= i /\ i < Seq.length visited + /\ (forall i : int . Int128.to_int (0 : Int128.t) <= i /\ i < Seq.length visited -> unnest'0 (T_creusot_contracts__stdqy35z1__iter__map_inv__MapInv.t_MapInv__func self) (Seq.get fs i).current - /\ precondition'0 (Seq.get fs i).current (Seq.get s i, Snapshot.new (Seq.(++) (Snapshot.inner (T_creusot_contracts__stdqy35z1__iter__map_inv__MapInv.t_MapInv__produced self)) (Seq.([..]) s 0 i))) - /\ postcondition_mut'0 (Seq.get fs i) (Seq.get s i, Snapshot.new (Seq.(++) (Snapshot.inner (T_creusot_contracts__stdqy35z1__iter__map_inv__MapInv.t_MapInv__produced self)) (Seq.([..]) s 0 i))) (Seq.get visited i)))) + /\ precondition'0 (Seq.get fs i).current (Seq.get s i, Snapshot.new (Seq.(++) (Snapshot.inner (T_creusot_contracts__stdqy35z1__iter__map_inv__MapInv.t_MapInv__produced self)) (Seq.([..]) s (Int128.to_int (0 : Int128.t)) i))) + /\ postcondition_mut'0 (Seq.get fs i) (Seq.get s i, Snapshot.new (Seq.(++) (Snapshot.inner (T_creusot_contracts__stdqy35z1__iter__map_inv__MapInv.t_MapInv__produced self)) (Seq.([..]) s (Int128.to_int (0 : Int128.t)) i))) (Seq.get visited i)))) + + use seq.Seq + + goal produces_refl_refn : [%#smap_inv0] forall self : MapInv'0.t_MapInv i t_Item'0 f . inv'0 self + -> inv'0 self + /\ (forall result : () . produces'0 self (Seq.empty : Seq.seq b) self + -> produces'0 self (Seq.empty : Seq.seq b) self) - goal produces_trans_refn : [%#smap_inv0] forall a : MapInv'0.t_MapInv i t_Item'0 f . forall ab : Seq.seq b . forall b : MapInv'0.t_MapInv i t_Item'0 f . forall bc : Seq.seq b . forall c : MapInv'0.t_MapInv i t_Item'0 f . produces'0 b bc c + goal produces_trans_refn : [%#smap_inv1] forall a : MapInv'0.t_MapInv i t_Item'0 f . forall ab : Seq.seq b . forall b : MapInv'0.t_MapInv i t_Item'0 f . forall bc : Seq.seq b . forall c : MapInv'0.t_MapInv i t_Item'0 f . produces'0 b bc c /\ produces'0 a ab b /\ inv'0 c /\ inv'0 b /\ inv'0 a -> produces'0 b bc c /\ produces'0 a ab b /\ inv'0 c /\ inv'0 b /\ inv'0 a /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) - - goal produces_refl_refn : [%#smap_inv1] forall self : MapInv'0.t_MapInv i t_Item'0 f . inv'0 self - -> inv'0 self - /\ (forall result : () . produces'0 self (Seq.empty : Seq.seq b) self - -> produces'0 self (Seq.empty : Seq.seq b) self) end module M_creusot_contracts__stdqy35z1__iter__once__qyi8116812009287608646 [#"../../../creusot-contracts/src/std/iter/once.rs" 14 0 14 28] (* as std::iter::Iterator> *) type t - let%span sonce0 = "../../../creusot-contracts/src/std/iter/once.rs" 44 4 44 90 - let%span sonce1 = "../../../creusot-contracts/src/std/iter/once.rs" 34 4 34 26 + let%span sonce0 = "../../../creusot-contracts/src/std/iter/once.rs" 34 4 34 26 + let%span sonce1 = "../../../creusot-contracts/src/std/iter/once.rs" 44 4 44 90 let%span sonce2 = "../../../creusot-contracts/src/std/iter/once.rs" 24 8 27 9 let%span sonce3 = "../../../creusot-contracts/src/std/iter/once.rs" 10 20 10 26 @@ -18558,11 +18756,11 @@ module M_creusot_contracts__stdqy35z1__iter__once__qyi8116812009287608646 [#"../ use seq.Seq - use seq.Seq - function view'0 [#"../../../creusot-contracts/src/std/iter/once.rs" 9 4 9 30] (self : Once'0.t_Once t) : Option'0.t_Option t + use seq.Seq + use seq.Seq predicate produces'0 [#"../../../creusot-contracts/src/std/iter/once.rs" 23 4 23 64] (self : Once'0.t_Once t) (visited : Seq.seq t) (o : Once'0.t_Once t) @@ -18572,23 +18770,23 @@ module M_creusot_contracts__stdqy35z1__iter__once__qyi8116812009287608646 [#"../ \/ (exists e : t . inv'1 e /\ view'0 self = Option'0.C_Some e /\ visited = Seq.singleton e /\ view'0 o = Option'0.C_None) - goal produces_trans_refn : [%#sonce0] forall a : Once'0.t_Once t . forall ab : Seq.seq t . forall b : Once'0.t_Once t . forall bc : Seq.seq t . forall c : Once'0.t_Once t . produces'0 b bc c + goal produces_refl_refn : [%#sonce0] forall self : Once'0.t_Once t . inv'0 self + -> inv'0 self + /\ (forall result : () . produces'0 self (Seq.empty : Seq.seq t) self + -> produces'0 self (Seq.empty : Seq.seq t) self) + + goal produces_trans_refn : [%#sonce1] forall a : Once'0.t_Once t . forall ab : Seq.seq t . forall b : Once'0.t_Once t . forall bc : Seq.seq t . forall c : Once'0.t_Once t . produces'0 b bc c /\ produces'0 a ab b /\ inv'0 c /\ inv'0 b /\ inv'0 a -> produces'0 b bc c /\ produces'0 a ab b /\ inv'0 c /\ inv'0 b /\ inv'0 a /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) - - goal produces_refl_refn : [%#sonce1] forall self : Once'0.t_Once t . inv'0 self - -> inv'0 self - /\ (forall result : () . produces'0 self (Seq.empty : Seq.seq t) self - -> produces'0 self (Seq.empty : Seq.seq t) self) end module M_creusot_contracts__stdqy35z1__iter__range__qyi16860283617022118777 [#"../../../creusot-contracts/src/std/iter/range.rs" 10 0 10 70] (* as std::iter::Iterator> *) type idx - let%span srange0 = "../../../creusot-contracts/src/std/iter/range.rs" 45 4 45 90 - let%span srange1 = "../../../creusot-contracts/src/std/iter/range.rs" 35 4 35 26 + let%span srange0 = "../../../creusot-contracts/src/std/iter/range.rs" 35 4 35 26 + let%span srange1 = "../../../creusot-contracts/src/std/iter/range.rs" 45 4 45 90 let%span srange2 = "../../../creusot-contracts/src/std/iter/range.rs" 22 8 28 9 predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : idx) @@ -18606,7 +18804,9 @@ module M_creusot_contracts__stdqy35z1__iter__range__qyi16860283617022118777 [#". use seq.Seq - use seq.Seq + use prelude.prelude.Int128.to_int + + use prelude.prelude.Int128 use seq.Seq @@ -18626,32 +18826,34 @@ module M_creusot_contracts__stdqy35z1__iter__range__qyi16860283617022118777 [#". [%#srange2] T_core__ops__range__Range.t_Range__end self = T_core__ops__range__Range.t_Range__end o /\ deep_model'0 (T_core__ops__range__Range.t_Range__start self) <= deep_model'0 (T_core__ops__range__Range.t_Range__start o) - /\ (Seq.length visited > 0 + /\ (Seq.length visited > Int128.to_int (0 : Int128.t) -> deep_model'0 (T_core__ops__range__Range.t_Range__start o) <= deep_model'0 (T_core__ops__range__Range.t_Range__end o)) /\ Seq.length visited = deep_model'0 (T_core__ops__range__Range.t_Range__start o) - deep_model'0 (T_core__ops__range__Range.t_Range__start self) - /\ (forall i : int . 0 <= i /\ i < Seq.length visited + /\ (forall i : int . Int128.to_int (0 : Int128.t) <= i /\ i < Seq.length visited -> deep_model'0 (Seq.get visited i) = deep_model'0 (T_core__ops__range__Range.t_Range__start self) + i) - goal produces_trans_refn : [%#srange0] forall a : Range'0.t_Range idx . forall ab : Seq.seq idx . forall b : Range'0.t_Range idx . forall bc : Seq.seq idx . forall c : Range'0.t_Range idx . produces'0 b bc c + use seq.Seq + + goal produces_refl_refn : [%#srange0] forall self : Range'0.t_Range idx . inv'0 self + -> inv'0 self + /\ (forall result : () . produces'0 self (Seq.empty : Seq.seq idx) self + -> produces'0 self (Seq.empty : Seq.seq idx) self) + + goal produces_trans_refn : [%#srange1] forall a : Range'0.t_Range idx . forall ab : Seq.seq idx . forall b : Range'0.t_Range idx . forall bc : Seq.seq idx . forall c : Range'0.t_Range idx . produces'0 b bc c /\ produces'0 a ab b /\ inv'0 c /\ inv'0 b /\ inv'0 a -> produces'0 b bc c /\ produces'0 a ab b /\ inv'0 c /\ inv'0 b /\ inv'0 a /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) - - goal produces_refl_refn : [%#srange1] forall self : Range'0.t_Range idx . inv'0 self - -> inv'0 self - /\ (forall result : () . produces'0 self (Seq.empty : Seq.seq idx) self - -> produces'0 self (Seq.empty : Seq.seq idx) self) end module M_creusot_contracts__stdqy35z1__iter__range__qyi11108913944999844411 [#"../../../creusot-contracts/src/std/iter/range.rs" 58 0 58 79] (* as std::iter::Iterator> *) type idx - let%span srange0 = "../../../creusot-contracts/src/std/iter/range.rs" 89 4 89 90 - let%span srange1 = "../../../creusot-contracts/src/std/iter/range.rs" 82 4 82 26 + let%span srange0 = "../../../creusot-contracts/src/std/iter/range.rs" 82 4 82 26 + let%span srange1 = "../../../creusot-contracts/src/std/iter/range.rs" 89 4 89 90 let%span srange2 = "../../../creusot-contracts/src/std/iter/range.rs" 70 8 76 9 let%span srange3 = "../../../creusot-contracts/src/std/iter/range.rs" 50 10 50 43 let%span srange4 = "../../../creusot-contracts/src/std/iter/range.rs" 52 4 55 5 @@ -18671,8 +18873,6 @@ module M_creusot_contracts__stdqy35z1__iter__range__qyi11108913944999844411 [#". use seq.Seq - use seq.Seq - function start_log'0 [#"../../../creusot-contracts/src/std/ops.rs" 195 4 195 29] (self : RangeInclusive'0.t_RangeInclusive idx) : idx @@ -18682,6 +18882,10 @@ module M_creusot_contracts__stdqy35z1__iter__range__qyi11108913944999844411 [#". use seq.Seq + use prelude.prelude.Int128.to_int + + use prelude.prelude.Int128 + function end_log'0 [#"../../../creusot-contracts/src/std/ops.rs" 202 4 202 27] (self : RangeInclusive'0.t_RangeInclusive idx) : idx @@ -18694,10 +18898,14 @@ module M_creusot_contracts__stdqy35z1__iter__range__qyi11108913944999844411 [#". function range_inclusive_len'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 51 0 51 92] (r : RangeInclusive'0.t_RangeInclusive idx) : int = - [%#srange4] if is_empty_log'0 r then 0 else deep_model'0 (end_log'0 r) - deep_model'0 (start_log'0 r) + 1 + [%#srange4] if is_empty_log'0 r then + Int128.to_int (0 : Int128.t) + else + deep_model'0 (end_log'0 r) - deep_model'0 (start_log'0 r) + Int128.to_int (1 : Int128.t) + axiom range_inclusive_len'0_spec : forall r : RangeInclusive'0.t_RangeInclusive idx . [%#srange3] is_empty_log'0 r - = (range_inclusive_len'0 r = 0) + = (range_inclusive_len'0 r = Int128.to_int (0 : Int128.t)) use seq.Seq @@ -18709,23 +18917,25 @@ module M_creusot_contracts__stdqy35z1__iter__range__qyi11108913944999844411 [#". [%#srange2] Seq.length visited = range_inclusive_len'0 self - range_inclusive_len'0 o /\ (is_empty_log'0 self -> is_empty_log'0 o) /\ (is_empty_log'0 o \/ end_log'0 self = end_log'0 o) - /\ (forall i : int . 0 <= i /\ i < Seq.length visited + /\ (forall i : int . Int128.to_int (0 : Int128.t) <= i /\ i < Seq.length visited -> deep_model'0 (Seq.get visited i) = deep_model'0 (start_log'0 self) + i) - goal produces_trans_refn : [%#srange0] forall a : RangeInclusive'0.t_RangeInclusive idx . forall ab : Seq.seq idx . forall b : RangeInclusive'0.t_RangeInclusive idx . forall bc : Seq.seq idx . forall c : RangeInclusive'0.t_RangeInclusive idx . produces'0 b bc c - /\ produces'0 a ab b /\ inv'0 c /\ inv'0 b /\ inv'0 a - -> produces'0 b bc c - /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) + use seq.Seq - goal produces_refl_refn : [%#srange1] forall self : RangeInclusive'0.t_RangeInclusive idx . inv'0 self + goal produces_refl_refn : [%#srange0] forall self : RangeInclusive'0.t_RangeInclusive idx . inv'0 self -> (forall result : () . produces'0 self (Seq.empty : Seq.seq idx) self -> produces'0 self (Seq.empty : Seq.seq idx) self) + + goal produces_trans_refn : [%#srange1] forall a : RangeInclusive'0.t_RangeInclusive idx . forall ab : Seq.seq idx . forall b : RangeInclusive'0.t_RangeInclusive idx . forall bc : Seq.seq idx . forall c : RangeInclusive'0.t_RangeInclusive idx . produces'0 b bc c + /\ produces'0 a ab b /\ inv'0 c /\ inv'0 b /\ inv'0 a + -> produces'0 b bc c + /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) end module M_creusot_contracts__stdqy35z1__iter__repeat__qyi8658929399712466629 [#"../../../creusot-contracts/src/std/iter/repeat.rs" 14 0 14 37] (* as std::iter::Iterator> *) type t - let%span srepeat0 = "../../../creusot-contracts/src/std/iter/repeat.rs" 44 4 44 90 - let%span srepeat1 = "../../../creusot-contracts/src/std/iter/repeat.rs" 34 4 34 26 + let%span srepeat0 = "../../../creusot-contracts/src/std/iter/repeat.rs" 34 4 34 26 + let%span srepeat1 = "../../../creusot-contracts/src/std/iter/repeat.rs" 44 4 44 90 let%span srepeat2 = "../../../creusot-contracts/src/std/iter/repeat.rs" 24 8 27 9 let%span srepeat3 = "../../../creusot-contracts/src/std/iter/repeat.rs" 10 20 10 26 @@ -18742,14 +18952,16 @@ module M_creusot_contracts__stdqy35z1__iter__repeat__qyi8658929399712466629 [#". use seq.Seq - use seq.Seq - function view'0 [#"../../../creusot-contracts/src/std/iter/repeat.rs" 9 4 9 22] (self : Repeat'0.t_Repeat t) : t use seq.Seq use seq.Seq + use prelude.prelude.Int128.to_int + + use prelude.prelude.Int128 + use prelude.prelude.Int use seq.Seq @@ -18757,25 +18969,29 @@ module M_creusot_contracts__stdqy35z1__iter__repeat__qyi8658929399712466629 [#". predicate produces'0 [#"../../../creusot-contracts/src/std/iter/repeat.rs" 23 4 23 64] (self : Repeat'0.t_Repeat t) (visited : Seq.seq t) (o : Repeat'0.t_Repeat t) = - [%#srepeat2] self = o /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> Seq.get visited i = view'0 self) + [%#srepeat2] self = o + /\ (forall i : int . Int128.to_int (0 : Int128.t) <= i /\ i < Seq.length visited + -> Seq.get visited i = view'0 self) + + use seq.Seq + + goal produces_refl_refn : [%#srepeat0] forall self : Repeat'0.t_Repeat t . inv'0 self + -> inv'0 self + /\ (forall result : () . produces'0 self (Seq.empty : Seq.seq t) self + -> produces'0 self (Seq.empty : Seq.seq t) self) - goal produces_trans_refn : [%#srepeat0] forall a : Repeat'0.t_Repeat t . forall ab : Seq.seq t . forall b : Repeat'0.t_Repeat t . forall bc : Seq.seq t . forall c : Repeat'0.t_Repeat t . produces'0 b bc c + goal produces_trans_refn : [%#srepeat1] forall a : Repeat'0.t_Repeat t . forall ab : Seq.seq t . forall b : Repeat'0.t_Repeat t . forall bc : Seq.seq t . forall c : Repeat'0.t_Repeat t . produces'0 b bc c /\ produces'0 a ab b /\ inv'0 c /\ inv'0 b /\ inv'0 a -> produces'0 b bc c /\ produces'0 a ab b /\ inv'0 c /\ inv'0 b /\ inv'0 a /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) - - goal produces_refl_refn : [%#srepeat1] forall self : Repeat'0.t_Repeat t . inv'0 self - -> inv'0 self - /\ (forall result : () . produces'0 self (Seq.empty : Seq.seq t) self - -> produces'0 self (Seq.empty : Seq.seq t) self) end module M_creusot_contracts__stdqy35z1__iter__skip__qyi3195031491774060502 [#"../../../creusot-contracts/src/std/iter/skip.rs" 46 0 46 38] (* as std::iter::Iterator> *) type i - let%span sskip0 = "../../../creusot-contracts/src/std/iter/skip.rs" 90 4 90 90 - let%span sskip1 = "../../../creusot-contracts/src/std/iter/skip.rs" 78 4 78 26 + let%span sskip0 = "../../../creusot-contracts/src/std/iter/skip.rs" 78 4 78 26 + let%span sskip1 = "../../../creusot-contracts/src/std/iter/skip.rs" 90 4 90 90 let%span sskip2 = "../../../creusot-contracts/src/std/iter/skip.rs" 64 8 71 9 let%span sskip3 = "../../../creusot-contracts/src/std/iter/skip.rs" 23 14 23 50 let%span sskip4 = "../../../creusot-contracts/src/std/iter/skip.rs" 25 20 25 26 @@ -18799,12 +19015,16 @@ module M_creusot_contracts__stdqy35z1__iter__skip__qyi3195031491774060502 [#"../ use seq.Seq + use prelude.prelude.Int128.to_int + + use prelude.prelude.Int128 + use prelude.prelude.Int use seq.Seq predicate invariant'0 [#"../../../creusot-contracts/src/logic/seq.rs" 197 4 197 30] (self : Seq.seq t_Item'0) = - [%#sseq7] forall i : int . 0 <= i /\ i < Seq.length self -> inv'3 (Seq.get self i) + [%#sseq7] forall i : int . Int128.to_int (0 : Int128.t) <= i /\ i < Seq.length self -> inv'3 (Seq.get self i) predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t_Item'0) @@ -18823,8 +19043,6 @@ module M_creusot_contracts__stdqy35z1__iter__skip__qyi3195031491774060502 [#"../ use seq.Seq - use seq.Seq - use prelude.prelude.Borrow predicate resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_Item'0) @@ -18838,45 +19056,47 @@ module M_creusot_contracts__stdqy35z1__iter__skip__qyi3195031491774060502 [#"../ axiom iter'0_spec : forall self : Skip'0.t_Skip i . [%#sskip5] inv'0 self -> inv'2 (iter'0 self) - use prelude.prelude.UIntSize + use prelude.prelude.UInt64.to_uint - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 - constant v_MAX'0 : usize = (18446744073709551615 : usize) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) function n'0 [#"../../../creusot-contracts/src/std/iter/skip.rs" 24 4 24 21] (self : Skip'0.t_Skip i) : int - axiom n'0_spec : forall self : Skip'0.t_Skip i . [%#sskip3] n'0 self >= 0 - /\ n'0 self <= UIntSize.to_int (v_MAX'0 : usize) + axiom n'0_spec : forall self : Skip'0.t_Skip i . [%#sskip3] n'0 self >= Int128.to_int (0 : Int128.t) + /\ n'0 self <= UInt64.to_int (v_MAX'0 : UInt64.t) + + use seq.Seq predicate produces'0 [#"../../../creusot-contracts/src/std/iter/skip.rs" 63 4 63 64] (self : Skip'0.t_Skip i) (visited : Seq.seq t_Item'0) (o : Skip'0.t_Skip i) = [%#sskip2] visited = (Seq.empty : Seq.seq t_Item'0) /\ self = o - \/ n'0 o = 0 - /\ Seq.length visited > 0 + \/ n'0 o = Int128.to_int (0 : Int128.t) + /\ Seq.length visited > Int128.to_int (0 : Int128.t) /\ (exists s : Seq.seq t_Item'0 . inv'1 s /\ Seq.length s = n'0 self /\ produces'1 (iter'0 self) (Seq.(++) s visited) (iter'0 o) - /\ (forall i : int . 0 <= i /\ i < Seq.length s -> resolve'0 (Seq.get s i))) + /\ (forall i : int . Int128.to_int (0 : Int128.t) <= i /\ i < Seq.length s -> resolve'0 (Seq.get s i))) + + goal produces_refl_refn : [%#sskip0] forall self : Skip'0.t_Skip i . inv'0 self + -> inv'0 self + /\ (forall result : () . produces'0 self (Seq.empty : Seq.seq t_Item'0) self + -> produces'0 self (Seq.empty : Seq.seq t_Item'0) self) - goal produces_trans_refn : [%#sskip0] forall a : Skip'0.t_Skip i . forall ab : Seq.seq t_Item'0 . forall b : Skip'0.t_Skip i . forall bc : Seq.seq t_Item'0 . forall c : Skip'0.t_Skip i . produces'0 b bc c + goal produces_trans_refn : [%#sskip1] forall a : Skip'0.t_Skip i . forall ab : Seq.seq t_Item'0 . forall b : Skip'0.t_Skip i . forall bc : Seq.seq t_Item'0 . forall c : Skip'0.t_Skip i . produces'0 b bc c /\ produces'0 a ab b /\ inv'0 c /\ inv'0 b /\ inv'0 a -> produces'0 b bc c /\ produces'0 a ab b /\ inv'0 c /\ inv'0 b /\ inv'0 a /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) - - goal produces_refl_refn : [%#sskip1] forall self : Skip'0.t_Skip i . inv'0 self - -> inv'0 self - /\ (forall result : () . produces'0 self (Seq.empty : Seq.seq t_Item'0) self - -> produces'0 self (Seq.empty : Seq.seq t_Item'0) self) end module M_creusot_contracts__stdqy35z1__iter__take__qyi12344256497067751022 [#"../../../creusot-contracts/src/std/iter/take.rs" 55 0 55 38] (* as std::iter::Iterator> *) type i - let%span stake0 = "../../../creusot-contracts/src/std/iter/take.rs" 87 4 87 90 - let%span stake1 = "../../../creusot-contracts/src/std/iter/take.rs" 77 4 77 26 + let%span stake0 = "../../../creusot-contracts/src/std/iter/take.rs" 77 4 77 26 + let%span stake1 = "../../../creusot-contracts/src/std/iter/take.rs" 87 4 87 90 let%span stake2 = "../../../creusot-contracts/src/std/iter/take.rs" 69 12 69 88 let%span stake3 = "../../../creusot-contracts/src/std/iter/take.rs" 34 14 34 50 let%span stake4 = "../../../creusot-contracts/src/std/iter/take.rs" 36 20 36 26 @@ -18896,8 +19116,6 @@ module M_creusot_contracts__stdqy35z1__iter__take__qyi12344256497067751022 [#".. use seq.Seq - use seq.Seq - type t_Item'0 use seq.Seq @@ -18913,41 +19131,47 @@ module M_creusot_contracts__stdqy35z1__iter__take__qyi12344256497067751022 [#".. use seq.Seq - use prelude.prelude.UIntSize + use prelude.prelude.UInt64.to_uint + + use prelude.prelude.UInt64 + + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.UIntSize + use prelude.prelude.Int128.to_int - constant v_MAX'0 : usize = (18446744073709551615 : usize) + use prelude.prelude.Int128 function n'0 [#"../../../creusot-contracts/src/std/iter/take.rs" 35 4 35 21] (self : Take'0.t_Take i) : int - axiom n'0_spec : forall self : Take'0.t_Take i . [%#stake3] n'0 self >= 0 - /\ n'0 self <= UIntSize.to_int (v_MAX'0 : usize) + axiom n'0_spec : forall self : Take'0.t_Take i . [%#stake3] n'0 self >= Int128.to_int (0 : Int128.t) + /\ n'0 self <= UInt64.to_int (v_MAX'0 : UInt64.t) predicate produces'0 [#"../../../creusot-contracts/src/std/iter/take.rs" 67 4 67 64] (self : Take'0.t_Take i) (visited : Seq.seq t_Item'0) (o : Take'0.t_Take i) = [%#stake2] n'0 self = n'0 o + Seq.length visited /\ produces'1 (iter'0 self) visited (iter'0 o) - goal produces_trans_refn : [%#stake0] forall a : Take'0.t_Take i . forall ab : Seq.seq t_Item'0 . forall b : Take'0.t_Take i . forall bc : Seq.seq t_Item'0 . forall c : Take'0.t_Take i . produces'0 b bc c + use seq.Seq + + goal produces_refl_refn : [%#stake0] forall self : Take'0.t_Take i . inv'0 self + -> inv'0 self + /\ (forall result : () . produces'0 self (Seq.empty : Seq.seq t_Item'0) self + -> produces'0 self (Seq.empty : Seq.seq t_Item'0) self) + + goal produces_trans_refn : [%#stake1] forall a : Take'0.t_Take i . forall ab : Seq.seq t_Item'0 . forall b : Take'0.t_Take i . forall bc : Seq.seq t_Item'0 . forall c : Take'0.t_Take i . produces'0 b bc c /\ produces'0 a ab b /\ inv'0 c /\ inv'0 b /\ inv'0 a -> produces'0 b bc c /\ produces'0 a ab b /\ inv'0 c /\ inv'0 b /\ inv'0 a /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) - - goal produces_refl_refn : [%#stake1] forall self : Take'0.t_Take i . inv'0 self - -> inv'0 self - /\ (forall result : () . produces'0 self (Seq.empty : Seq.seq t_Item'0) self - -> produces'0 self (Seq.empty : Seq.seq t_Item'0) self) end module M_creusot_contracts__stdqy35z1__iter__zip__qyi2281060687216883844 [#"../../../creusot-contracts/src/std/iter/zip.rs" 29 0 29 53] (* as std::iter::Iterator> *) type a type b - let%span szip0 = "../../../creusot-contracts/src/std/iter/zip.rs" 71 4 71 90 - let%span szip1 = "../../../creusot-contracts/src/std/iter/zip.rs" 59 4 59 26 + let%span szip0 = "../../../creusot-contracts/src/std/iter/zip.rs" 59 4 59 26 + let%span szip1 = "../../../creusot-contracts/src/std/iter/zip.rs" 71 4 71 90 let%span szip2 = "../../../creusot-contracts/src/std/iter/zip.rs" 46 8 52 9 let%span szip3 = "../../../creusot-contracts/src/std/iter/zip.rs" 15 4 15 41 let%span szip4 = "../../../creusot-contracts/src/std/iter/zip.rs" 17 20 17 26 @@ -18982,12 +19206,16 @@ module M_creusot_contracts__stdqy35z1__iter__zip__qyi2281060687216883844 [#"../. use seq.Seq + use prelude.prelude.Int128.to_int + + use prelude.prelude.Int128 + use prelude.prelude.Int use seq.Seq predicate invariant'1 [#"../../../creusot-contracts/src/logic/seq.rs" 197 4 197 30] (self : Seq.seq t_Item'1) = - [%#sseq7] forall i : int . 0 <= i /\ i < Seq.length self -> inv'6 (Seq.get self i) + [%#sseq7] forall i : int . Int128.to_int (0 : Int128.t) <= i /\ i < Seq.length self -> inv'6 (Seq.get self i) predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t_Item'1) @@ -19000,7 +19228,7 @@ module M_creusot_contracts__stdqy35z1__iter__zip__qyi2281060687216883844 [#"../. use seq.Seq predicate invariant'0 [#"../../../creusot-contracts/src/logic/seq.rs" 197 4 197 30] (self : Seq.seq t_Item'0) = - [%#sseq7] forall i : int . 0 <= i /\ i < Seq.length self -> inv'5 (Seq.get self i) + [%#sseq7] forall i : int . Int128.to_int (0 : Int128.t) <= i /\ i < Seq.length self -> inv'5 (Seq.get self i) predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t_Item'0) @@ -19021,8 +19249,6 @@ module M_creusot_contracts__stdqy35z1__iter__zip__qyi2281060687216883844 [#"../. use seq.Seq - use seq.Seq - predicate produces'2 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : b) (visited : Seq.seq t_Item'1) (o : b) @@ -19054,26 +19280,29 @@ module M_creusot_contracts__stdqy35z1__iter__zip__qyi2281060687216883844 [#"../. /\ inv'2 p2 /\ Seq.length p1 = Seq.length p2 /\ Seq.length p2 = Seq.length visited - /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> Seq.get visited i = (Seq.get p1 i, Seq.get p2 i)) + /\ (forall i : int . Int128.to_int (0 : Int128.t) <= i /\ i < Seq.length visited + -> Seq.get visited i = (Seq.get p1 i, Seq.get p2 i)) /\ produces'1 (itera'0 self) p1 (itera'0 o) /\ produces'2 (iterb'0 self) p2 (iterb'0 o) - goal produces_trans_refn : [%#szip0] forall a : Zip'0.t_Zip a b . forall ab : Seq.seq (t_Item'0, t_Item'1) . forall b : Zip'0.t_Zip a b . forall bc : Seq.seq (t_Item'0, t_Item'1) . forall c : Zip'0.t_Zip a b . produces'0 b bc c + use seq.Seq + + goal produces_refl_refn : [%#szip0] forall self : Zip'0.t_Zip a b . inv'0 self + -> inv'0 self + /\ (forall result : () . produces'0 self (Seq.empty : Seq.seq (t_Item'0, t_Item'1)) self + -> produces'0 self (Seq.empty : Seq.seq (t_Item'0, t_Item'1)) self) + + goal produces_trans_refn : [%#szip1] forall a : Zip'0.t_Zip a b . forall ab : Seq.seq (t_Item'0, t_Item'1) . forall b : Zip'0.t_Zip a b . forall bc : Seq.seq (t_Item'0, t_Item'1) . forall c : Zip'0.t_Zip a b . produces'0 b bc c /\ produces'0 a ab b /\ inv'0 c /\ inv'0 b /\ inv'0 a -> produces'0 b bc c /\ produces'0 a ab b /\ inv'0 c /\ inv'0 b /\ inv'0 a /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) - - goal produces_refl_refn : [%#szip1] forall self : Zip'0.t_Zip a b . inv'0 self - -> inv'0 self - /\ (forall result : () . produces'0 self (Seq.empty : Seq.seq (t_Item'0, t_Item'1)) self - -> produces'0 self (Seq.empty : Seq.seq (t_Item'0, t_Item'1)) self) end module M_creusot_contracts__stdqy35z1__option__qyi15354566128244900690 [#"../../../creusot-contracts/src/std/option.rs" 459 0 459 32] (* as std::iter::Iterator> *) type t - let%span soption0 = "../../../creusot-contracts/src/std/option.rs" 485 4 485 90 - let%span soption1 = "../../../creusot-contracts/src/std/option.rs" 478 4 478 26 + let%span soption0 = "../../../creusot-contracts/src/std/option.rs" 478 4 478 26 + let%span soption1 = "../../../creusot-contracts/src/std/option.rs" 485 4 485 90 let%span soption2 = "../../../creusot-contracts/src/std/option.rs" 469 8 472 9 let%span soption3 = "../../../creusot-contracts/src/std/option.rs" 455 20 455 26 @@ -19111,11 +19340,11 @@ module M_creusot_contracts__stdqy35z1__option__qyi15354566128244900690 [#"../../ use seq.Seq - use seq.Seq - function view'0 [#"../../../creusot-contracts/src/std/option.rs" 454 4 454 30] (self : IntoIter'0.t_IntoIter t) : Option'0.t_Option t + use seq.Seq + use seq.Seq predicate produces'0 [#"../../../creusot-contracts/src/std/option.rs" 468 4 468 64] (self : IntoIter'0.t_IntoIter t) (visited : Seq.seq t) (o : IntoIter'0.t_IntoIter t) @@ -19124,20 +19353,20 @@ module M_creusot_contracts__stdqy35z1__option__qyi15354566128244900690 [#"../../ [%#soption2] visited = (Seq.empty : Seq.seq t) /\ self = o \/ (exists e : t . view'0 self = Option'0.C_Some e /\ visited = Seq.singleton e /\ view'0 o = Option'0.C_None) - goal produces_trans_refn : [%#soption0] forall a : IntoIter'0.t_IntoIter t . forall ab : Seq.seq t . forall b : IntoIter'0.t_IntoIter t . forall bc : Seq.seq t . forall c : IntoIter'0.t_IntoIter t . produces'0 b bc c + goal produces_refl_refn : [%#soption0] forall self : IntoIter'0.t_IntoIter t . inv'0 self + -> (forall result : () . produces'0 self (Seq.empty : Seq.seq t) self + -> produces'0 self (Seq.empty : Seq.seq t) self) + + goal produces_trans_refn : [%#soption1] forall a : IntoIter'0.t_IntoIter t . forall ab : Seq.seq t . forall b : IntoIter'0.t_IntoIter t . forall bc : Seq.seq t . forall c : IntoIter'0.t_IntoIter t . produces'0 b bc c /\ produces'0 a ab b /\ inv'0 c /\ inv'0 b /\ inv'0 a -> produces'0 b bc c /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) - - goal produces_refl_refn : [%#soption1] forall self : IntoIter'0.t_IntoIter t . inv'0 self - -> (forall result : () . produces'0 self (Seq.empty : Seq.seq t) self - -> produces'0 self (Seq.empty : Seq.seq t) self) end module M_creusot_contracts__stdqy35z1__option__qyi15411423289202690388 [#"../../../creusot-contracts/src/std/option.rs" 513 0 513 36] (* as std::iter::Iterator> *) type t - let%span soption0 = "../../../creusot-contracts/src/std/option.rs" 539 4 539 90 - let%span soption1 = "../../../creusot-contracts/src/std/option.rs" 532 4 532 26 + let%span soption0 = "../../../creusot-contracts/src/std/option.rs" 532 4 532 26 + let%span soption1 = "../../../creusot-contracts/src/std/option.rs" 539 4 539 90 let%span soption2 = "../../../creusot-contracts/src/std/option.rs" 523 8 526 9 let%span soption3 = "../../../creusot-contracts/src/std/option.rs" 509 20 509 26 let%span sinvariant4 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 @@ -19185,11 +19414,11 @@ module M_creusot_contracts__stdqy35z1__option__qyi15411423289202690388 [#"../../ use seq.Seq - use seq.Seq - function view'0 [#"../../../creusot-contracts/src/std/option.rs" 508 4 508 34] (self : Iter'0.t_Iter t) : Option'0.t_Option t + use seq.Seq + use seq.Seq predicate produces'0 [#"../../../creusot-contracts/src/std/option.rs" 522 4 522 64] (self : Iter'0.t_Iter t) (visited : Seq.seq t) (o : Iter'0.t_Iter t) @@ -19198,20 +19427,20 @@ module M_creusot_contracts__stdqy35z1__option__qyi15411423289202690388 [#"../../ [%#soption2] visited = (Seq.empty : Seq.seq t) /\ self = o \/ (exists e : t . view'0 self = Option'0.C_Some e /\ visited = Seq.singleton e /\ view'0 o = Option'0.C_None) - goal produces_trans_refn : [%#soption0] forall a : Iter'0.t_Iter t . forall ab : Seq.seq t . forall b : Iter'0.t_Iter t . forall bc : Seq.seq t . forall c : Iter'0.t_Iter t . produces'0 b bc c + goal produces_refl_refn : [%#soption0] forall self : Iter'0.t_Iter t . inv'0 self + -> (forall result : () . produces'0 self (Seq.empty : Seq.seq t) self + -> produces'0 self (Seq.empty : Seq.seq t) self) + + goal produces_trans_refn : [%#soption1] forall a : Iter'0.t_Iter t . forall ab : Seq.seq t . forall b : Iter'0.t_Iter t . forall bc : Seq.seq t . forall c : Iter'0.t_Iter t . produces'0 b bc c /\ produces'0 a ab b /\ inv'0 c /\ inv'0 b /\ inv'0 a -> produces'0 b bc c /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) - - goal produces_refl_refn : [%#soption1] forall self : Iter'0.t_Iter t . inv'0 self - -> (forall result : () . produces'0 self (Seq.empty : Seq.seq t) self - -> produces'0 self (Seq.empty : Seq.seq t) self) end module M_creusot_contracts__stdqy35z1__option__qyi6601631924869095363 [#"../../../creusot-contracts/src/std/option.rs" 570 0 570 39] (* as std::iter::Iterator> *) type t - let%span soption0 = "../../../creusot-contracts/src/std/option.rs" 596 4 596 90 - let%span soption1 = "../../../creusot-contracts/src/std/option.rs" 589 4 589 26 + let%span soption0 = "../../../creusot-contracts/src/std/option.rs" 589 4 589 26 + let%span soption1 = "../../../creusot-contracts/src/std/option.rs" 596 4 596 90 let%span soption2 = "../../../creusot-contracts/src/std/option.rs" 580 8 583 9 let%span soption3 = "../../../creusot-contracts/src/std/option.rs" 566 20 566 26 let%span sinvariant4 = "../../../creusot-contracts/src/invariant.rs" 34 20 34 44 @@ -19259,11 +19488,11 @@ module M_creusot_contracts__stdqy35z1__option__qyi6601631924869095363 [#"../../. use seq.Seq - use seq.Seq - function view'0 [#"../../../creusot-contracts/src/std/option.rs" 565 4 565 38] (self : IterMut'0.t_IterMut t) : Option'0.t_Option (borrowed t) + use seq.Seq + use seq.Seq predicate produces'0 [#"../../../creusot-contracts/src/std/option.rs" 579 4 579 64] (self : IterMut'0.t_IterMut t) (visited : Seq.seq (borrowed t)) (o : IterMut'0.t_IterMut t) @@ -19273,20 +19502,20 @@ module M_creusot_contracts__stdqy35z1__option__qyi6601631924869095363 [#"../../. \/ (exists e : borrowed t . view'0 self = Option'0.C_Some e /\ visited = Seq.singleton e /\ view'0 o = Option'0.C_None) - goal produces_trans_refn : [%#soption0] forall a : IterMut'0.t_IterMut t . forall ab : Seq.seq (borrowed t) . forall b : IterMut'0.t_IterMut t . forall bc : Seq.seq (borrowed t) . forall c : IterMut'0.t_IterMut t . produces'0 b bc c + goal produces_refl_refn : [%#soption0] forall self : IterMut'0.t_IterMut t . inv'0 self + -> (forall result : () . produces'0 self (Seq.empty : Seq.seq (borrowed t)) self + -> produces'0 self (Seq.empty : Seq.seq (borrowed t)) self) + + goal produces_trans_refn : [%#soption1] forall a : IterMut'0.t_IterMut t . forall ab : Seq.seq (borrowed t) . forall b : IterMut'0.t_IterMut t . forall bc : Seq.seq (borrowed t) . forall c : IterMut'0.t_IterMut t . produces'0 b bc c /\ produces'0 a ab b /\ inv'0 c /\ inv'0 b /\ inv'0 a -> produces'0 b bc c /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) - - goal produces_refl_refn : [%#soption1] forall self : IterMut'0.t_IterMut t . inv'0 self - -> (forall result : () . produces'0 self (Seq.empty : Seq.seq (borrowed t)) self - -> produces'0 self (Seq.empty : Seq.seq (borrowed t)) self) end module M_creusot_contracts__stdqy35z1__slice__qyi8256668011736225471 [#"../../../creusot-contracts/src/std/slice.rs" 399 0 399 36] (* as std::iter::Iterator> *) type t - let%span sslice0 = "../../../creusot-contracts/src/std/slice.rs" 428 4 428 90 - let%span sslice1 = "../../../creusot-contracts/src/std/slice.rs" 419 4 419 26 + let%span sslice0 = "../../../creusot-contracts/src/std/slice.rs" 419 4 419 26 + let%span sslice1 = "../../../creusot-contracts/src/std/slice.rs" 428 4 428 90 let%span sslice2 = "../../../creusot-contracts/src/std/slice.rs" 410 12 410 66 let%span sslice3 = "../../../creusot-contracts/src/std/slice.rs" 395 8 395 14 let%span sslice4 = "../../../creusot-contracts/src/std/slice.rs" 100 14 100 41 @@ -19308,8 +19537,6 @@ module M_creusot_contracts__stdqy35z1__slice__qyi8256668011736225471 [#"../../.. use seq.Seq - use seq.Seq - use prelude.prelude.Slice use prelude.prelude.Borrow @@ -19320,20 +19547,20 @@ module M_creusot_contracts__stdqy35z1__slice__qyi8256668011736225471 [#"../../.. use prelude.prelude.Slice - use prelude.prelude.UIntSize + use prelude.prelude.UInt64.to_uint - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 use prelude.prelude.Int - constant v_MAX'0 : usize = (18446744073709551615 : usize) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) use seq.Seq function view'2 [#"../../../creusot-contracts/src/std/slice.rs" 31 4 31 33] (self : slice t) : Seq.seq t axiom view'2_spec : forall self : slice t . ([%#sslice10] view'2 self = Slice.id self) - && ([%#sslice9] Seq.length (view'2 self) <= UIntSize.to_int (v_MAX'0 : usize)) + && ([%#sslice9] Seq.length (view'2 self) <= UInt64.to_int (v_MAX'0 : UInt64.t)) function index_logic'0 [@inline:trivial] [#"../../../creusot-contracts/src/logic/ops.rs" 41 4 41 47] (self : slice t) (ix : int) : t @@ -19342,6 +19569,10 @@ module M_creusot_contracts__stdqy35z1__slice__qyi8256668011736225471 [#"../../.. use seq.Seq + use prelude.prelude.Int128.to_int + + use prelude.prelude.Int128 + function view'1 [#"../../../creusot-contracts/src/model.rs" 90 4 90 33] (self : slice t) : Seq.seq t = [%#smodel7] view'2 self @@ -19349,7 +19580,7 @@ module M_creusot_contracts__stdqy35z1__slice__qyi8256668011736225471 [#"../../.. function to_ref_seq'0 [#"../../../creusot-contracts/src/std/slice.rs" 102 4 102 35] (self : slice t) : Seq.seq t - axiom to_ref_seq'0_spec : forall self : slice t . ([%#sslice5] forall i : int . 0 <= i + axiom to_ref_seq'0_spec : forall self : slice t . ([%#sslice5] forall i : int . Int128.to_int (0 : Int128.t) <= i /\ i < Seq.length (to_ref_seq'0 self) -> Seq.get (to_ref_seq'0 self) i = index_logic'0 self i) && ([%#sslice4] Seq.length (to_ref_seq'0 self) = Seq.length (view'1 self)) @@ -19360,20 +19591,22 @@ module M_creusot_contracts__stdqy35z1__slice__qyi8256668011736225471 [#"../../.. = [%#sslice2] to_ref_seq'0 (view'0 self) = Seq.(++) visited (to_ref_seq'0 (view'0 tl)) - goal produces_trans_refn : [%#sslice0] forall a : Iter'0.t_Iter t . forall ab : Seq.seq t . forall b : Iter'0.t_Iter t . forall bc : Seq.seq t . forall c : Iter'0.t_Iter t . produces'0 b bc c - /\ produces'0 a ab b /\ inv'0 c /\ inv'0 b /\ inv'0 a - -> produces'0 b bc c - /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) + use seq.Seq - goal produces_refl_refn : [%#sslice1] forall self : Iter'0.t_Iter t . inv'0 self + goal produces_refl_refn : [%#sslice0] forall self : Iter'0.t_Iter t . inv'0 self -> (forall result : () . produces'0 self (Seq.empty : Seq.seq t) self -> produces'0 self (Seq.empty : Seq.seq t) self) + + goal produces_trans_refn : [%#sslice1] forall a : Iter'0.t_Iter t . forall ab : Seq.seq t . forall b : Iter'0.t_Iter t . forall bc : Seq.seq t . forall c : Iter'0.t_Iter t . produces'0 b bc c + /\ produces'0 a ab b /\ inv'0 c /\ inv'0 b /\ inv'0 a + -> produces'0 b bc c + /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) end module M_creusot_contracts__stdqy35z1__slice__qyi7128337469104663169 [#"../../../creusot-contracts/src/std/slice.rs" 458 0 458 39] (* as std::iter::Iterator> *) type t - let%span sslice0 = "../../../creusot-contracts/src/std/slice.rs" 487 4 487 90 - let%span sslice1 = "../../../creusot-contracts/src/std/slice.rs" 477 4 477 26 + let%span sslice0 = "../../../creusot-contracts/src/std/slice.rs" 477 4 477 26 + let%span sslice1 = "../../../creusot-contracts/src/std/slice.rs" 487 4 487 90 let%span sslice2 = "../../../creusot-contracts/src/std/slice.rs" 469 12 469 66 let%span sslice3 = "../../../creusot-contracts/src/std/slice.rs" 437 14 437 50 let%span sslice4 = "../../../creusot-contracts/src/std/slice.rs" 434 4 434 12 @@ -19396,8 +19629,6 @@ module M_creusot_contracts__stdqy35z1__slice__qyi7128337469104663169 [#"../../.. use seq.Seq - use seq.Seq - use prelude.prelude.Slice use seq.Seq @@ -19406,20 +19637,20 @@ module M_creusot_contracts__stdqy35z1__slice__qyi7128337469104663169 [#"../../.. use prelude.prelude.Slice - use prelude.prelude.UIntSize + use prelude.prelude.UInt64.to_uint - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 use prelude.prelude.Int - constant v_MAX'0 : usize = (18446744073709551615 : usize) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) use seq.Seq function view'1 [#"../../../creusot-contracts/src/std/slice.rs" 31 4 31 33] (self : slice t) : Seq.seq t axiom view'1_spec : forall self : slice t . ([%#sslice9] view'1 self = Slice.id self) - && ([%#sslice8] Seq.length (view'1 self) <= UIntSize.to_int (v_MAX'0 : usize)) + && ([%#sslice8] Seq.length (view'1 self) <= UInt64.to_int (v_MAX'0 : UInt64.t)) function index_logic'0 [@inline:trivial] [#"../../../creusot-contracts/src/logic/ops.rs" 41 4 41 47] (self : slice t) (ix : int) : t @@ -19430,6 +19661,10 @@ module M_creusot_contracts__stdqy35z1__slice__qyi7128337469104663169 [#"../../.. use seq.Seq + use prelude.prelude.Int128.to_int + + use prelude.prelude.Int128 + function view'2 [#"../../../creusot-contracts/src/model.rs" 108 4 108 33] (self : borrowed (slice t)) : Seq.seq t = [%#smodel11] view'1 self.current @@ -19438,7 +19673,8 @@ module M_creusot_contracts__stdqy35z1__slice__qyi7128337469104663169 [#"../../.. function to_mut_seq'0 [#"../../../creusot-contracts/src/std/slice.rs" 93 4 93 43] (self : borrowed (slice t)) : Seq.seq (borrowed t) - axiom to_mut_seq'0_spec : forall self : borrowed (slice t) . ([%#sslice6] forall i : int . 0 <= i + axiom to_mut_seq'0_spec : forall self : borrowed (slice t) . ([%#sslice6] forall i : int . Int128.to_int (0 : Int128.t) + <= i /\ i < Seq.length (to_mut_seq'0 self) -> Seq.get (to_mut_seq'0 self) i = Borrow.borrow_logic (index_logic'0 self.current i) (index_logic'0 self.final i) (Borrow.inherit_id (Borrow.get_id self) i)) @@ -19455,25 +19691,27 @@ module M_creusot_contracts__stdqy35z1__slice__qyi7128337469104663169 [#"../../.. = [%#sslice2] to_mut_seq'0 (view'0 self) = Seq.(++) visited (to_mut_seq'0 (view'0 tl)) - goal produces_trans_refn : [%#sslice0] forall a : IterMut'0.t_IterMut t . forall ab : Seq.seq (borrowed t) . forall b : IterMut'0.t_IterMut t . forall bc : Seq.seq (borrowed t) . forall c : IterMut'0.t_IterMut t . produces'0 b bc c + use seq.Seq + + goal produces_refl_refn : [%#sslice0] forall self : IterMut'0.t_IterMut t . inv'0 self + -> inv'0 self + /\ (forall result : () . produces'0 self (Seq.empty : Seq.seq (borrowed t)) self + -> produces'0 self (Seq.empty : Seq.seq (borrowed t)) self) + + goal produces_trans_refn : [%#sslice1] forall a : IterMut'0.t_IterMut t . forall ab : Seq.seq (borrowed t) . forall b : IterMut'0.t_IterMut t . forall bc : Seq.seq (borrowed t) . forall c : IterMut'0.t_IterMut t . produces'0 b bc c /\ produces'0 a ab b /\ inv'0 c /\ inv'0 b /\ inv'0 a -> produces'0 b bc c /\ produces'0 a ab b /\ inv'0 c /\ inv'0 b /\ inv'0 a /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) - - goal produces_refl_refn : [%#sslice1] forall self : IterMut'0.t_IterMut t . inv'0 self - -> inv'0 self - /\ (forall result : () . produces'0 self (Seq.empty : Seq.seq (borrowed t)) self - -> produces'0 self (Seq.empty : Seq.seq (borrowed t)) self) end module M_creusot_contracts__stdqy35z1__vec__qyi12862303518309667396 [#"../../../creusot-contracts/src/std/vec.rs" 258 0 258 59] (* as std::iter::Iterator> *) type t type a - let%span svec0 = "../../../creusot-contracts/src/std/vec.rs" 285 4 285 72 - let%span svec1 = "../../../creusot-contracts/src/std/vec.rs" 276 4 276 26 + let%span svec0 = "../../../creusot-contracts/src/std/vec.rs" 276 4 276 26 + let%span svec1 = "../../../creusot-contracts/src/std/vec.rs" 285 4 285 72 let%span svec2 = "../../../creusot-contracts/src/std/vec.rs" 269 12 269 41 let%span svec3 = "../../../creusot-contracts/src/std/vec.rs" 239 8 239 14 @@ -19501,8 +19739,6 @@ module M_creusot_contracts__stdqy35z1__vec__qyi12862303518309667396 [#"../../../ use seq.Seq - use seq.Seq - function view'0 [#"../../../creusot-contracts/src/std/vec.rs" 238 4 238 33] (self : IntoIter'0.t_IntoIter t a) : Seq.seq t @@ -19511,14 +19747,16 @@ module M_creusot_contracts__stdqy35z1__vec__qyi12862303518309667396 [#"../../../ = [%#svec2] view'0 self = Seq.(++) visited (view'0 rhs) - goal produces_trans_refn : [%#svec0] forall a : IntoIter'0.t_IntoIter t a . forall ab : Seq.seq t . forall b : IntoIter'0.t_IntoIter t a . forall bc : Seq.seq t . forall c : IntoIter'0.t_IntoIter t a . produces'0 b bc c - /\ produces'0 a ab b /\ inv'0 c /\ inv'0 b /\ inv'0 a - -> produces'0 b bc c - /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) + use seq.Seq - goal produces_refl_refn : [%#svec1] forall self : IntoIter'0.t_IntoIter t a . inv'0 self + goal produces_refl_refn : [%#svec0] forall self : IntoIter'0.t_IntoIter t a . inv'0 self -> (forall result : () . produces'0 self (Seq.empty : Seq.seq t) self -> produces'0 self (Seq.empty : Seq.seq t) self) + + goal produces_trans_refn : [%#svec1] forall a : IntoIter'0.t_IntoIter t a . forall ab : Seq.seq t . forall b : IntoIter'0.t_IntoIter t a . forall bc : Seq.seq t . forall c : IntoIter'0.t_IntoIter t a . produces'0 b bc c + /\ produces'0 a ab b /\ inv'0 c /\ inv'0 b /\ inv'0 a + -> produces'0 b bc c + /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) end module M_creusot_contracts__stdqy35z1__iter__cloned__qyi6712012543989784202 [#"../../../creusot-contracts/src/std/iter/cloned.rs" 8 0 8 34] (* as std::iter::cloned::ClonedExt> *) type i @@ -19600,12 +19838,16 @@ module M_creusot_contracts__stdqy35z1__iter__fuse__qyi7691061398646472980 [#"../ use seq.Seq + use prelude.prelude.Int128.to_int + + use prelude.prelude.Int128 + use prelude.prelude.Int use seq.Seq predicate invariant'0 [#"../../../creusot-contracts/src/logic/seq.rs" 197 4 197 30] (self : Seq.seq t_Item'0) = - [%#sseq6] forall i : int . 0 <= i /\ i < Seq.length self -> inv'5 (Seq.get self i) + [%#sseq6] forall i : int . Int128.to_int (0 : Int128.t) <= i /\ i < Seq.length self -> inv'5 (Seq.get self i) predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t_Item'0) @@ -19807,10 +20049,14 @@ module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi4413682431414748756 [#" use seq.Seq + use prelude.prelude.Int128.to_int + + use prelude.prelude.Int128 + use prelude.prelude.Int predicate invariant'3 [#"../../../creusot-contracts/src/logic/seq.rs" 197 4 197 30] (self : Seq.seq t_Item'0) = - [%#sseq6] forall i : int . 0 <= i /\ i < Seq.length self -> inv'10 (Seq.get self i) + [%#sseq6] forall i : int . Int128.to_int (0 : Int128.t) <= i /\ i < Seq.length self -> inv'10 (Seq.get self i) axiom inv_axiom'4 [@rewrite] : forall x : Seq.seq t_Item'0 [inv'5 x] . inv'5 x = invariant'3 x @@ -19821,7 +20067,7 @@ module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi4413682431414748756 [#" use seq.Seq predicate invariant'2 [#"../../../creusot-contracts/src/logic/seq.rs" 197 4 197 30] (self : Seq.seq (borrowed f)) = - [%#sseq6] forall i : int . 0 <= i /\ i < Seq.length self -> inv'9 (Seq.get self i) + [%#sseq6] forall i : int . Int128.to_int (0 : Int128.t) <= i /\ i < Seq.length self -> inv'9 (Seq.get self i) predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq (borrowed f)) @@ -19878,19 +20124,21 @@ module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi4413682431414748756 [#" /\ produces'1 (T_creusot_contracts__stdqy35z1__iter__map_inv__MapInv.t_MapInv__iter self) s (T_creusot_contracts__stdqy35z1__iter__map_inv__MapInv.t_MapInv__iter succ) /\ Snapshot.inner (T_creusot_contracts__stdqy35z1__iter__map_inv__MapInv.t_MapInv__produced succ) = Seq.(++) (Snapshot.inner (T_creusot_contracts__stdqy35z1__iter__map_inv__MapInv.t_MapInv__produced self)) s - /\ (forall i : int . 1 <= i /\ i < Seq.length fs -> (Seq.get fs (i - 1)).final = (Seq.get fs i).current) - /\ (if Seq.length visited = 0 then + /\ (forall i : int . Int128.to_int (1 : Int128.t) <= i /\ i < Seq.length fs + -> (Seq.get fs (i - Int128.to_int (1 : Int128.t))).final = (Seq.get fs i).current) + /\ (if Seq.length visited = Int128.to_int (0 : Int128.t) then T_creusot_contracts__stdqy35z1__iter__map_inv__MapInv.t_MapInv__func self = T_creusot_contracts__stdqy35z1__iter__map_inv__MapInv.t_MapInv__func succ else - (Seq.get fs 0).current = T_creusot_contracts__stdqy35z1__iter__map_inv__MapInv.t_MapInv__func self - /\ (Seq.get fs (Seq.length visited - 1)).final + (Seq.get fs (Int128.to_int (0 : Int128.t))).current + = T_creusot_contracts__stdqy35z1__iter__map_inv__MapInv.t_MapInv__func self + /\ (Seq.get fs (Seq.length visited - Int128.to_int (1 : Int128.t))).final = T_creusot_contracts__stdqy35z1__iter__map_inv__MapInv.t_MapInv__func succ ) - /\ (forall i : int . 0 <= i /\ i < Seq.length visited + /\ (forall i : int . Int128.to_int (0 : Int128.t) <= i /\ i < Seq.length visited -> unnest'0 (T_creusot_contracts__stdqy35z1__iter__map_inv__MapInv.t_MapInv__func self) (Seq.get fs i).current - /\ precondition'0 (Seq.get fs i).current (Seq.get s i, Snapshot.new (Seq.(++) (Snapshot.inner (T_creusot_contracts__stdqy35z1__iter__map_inv__MapInv.t_MapInv__produced self)) (Seq.([..]) s 0 i))) - /\ postcondition_mut'0 (Seq.get fs i) (Seq.get s i, Snapshot.new (Seq.(++) (Snapshot.inner (T_creusot_contracts__stdqy35z1__iter__map_inv__MapInv.t_MapInv__produced self)) (Seq.([..]) s 0 i))) (Seq.get visited i)))) + /\ precondition'0 (Seq.get fs i).current (Seq.get s i, Snapshot.new (Seq.(++) (Snapshot.inner (T_creusot_contracts__stdqy35z1__iter__map_inv__MapInv.t_MapInv__produced self)) (Seq.([..]) s (Int128.to_int (0 : Int128.t)) i))) + /\ postcondition_mut'0 (Seq.get fs i) (Seq.get s i, Snapshot.new (Seq.(++) (Snapshot.inner (T_creusot_contracts__stdqy35z1__iter__map_inv__MapInv.t_MapInv__produced self)) (Seq.([..]) s (Int128.to_int (0 : Int128.t)) i))) (Seq.get visited i)))) use seq.Seq @@ -19953,15 +20201,13 @@ module M_creusot_contracts__stdqy35z1__ops__qyi14194840286170235833 [#"../../../ type f - let%span sops0 = "../../../creusot-contracts/src/std/ops.rs" 126 4 126 55 + let%span sops0 = "../../../creusot-contracts/src/std/ops.rs" 106 4 106 73 let%span sops1 = "../../../creusot-contracts/src/std/ops.rs" 120 4 120 43 let%span sops2 = "../../../creusot-contracts/src/std/ops.rs" 112 4 112 24 - let%span sops3 = "../../../creusot-contracts/src/std/ops.rs" 106 4 106 73 - let%span sops4 = "../../../creusot-contracts/src/std/ops.rs" 80 8 80 14 - let%span sops5 = "../../../creusot-contracts/src/std/ops.rs" 90 8 90 14 - let%span sops6 = "../../../creusot-contracts/src/std/ops.rs" 98 8 98 14 - - predicate unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 97 4 97 36] (self : f) (_2 : f) + let%span sops3 = "../../../creusot-contracts/src/std/ops.rs" 126 4 126 55 + let%span sops4 = "../../../creusot-contracts/src/std/ops.rs" 90 8 90 14 + let%span sops5 = "../../../creusot-contracts/src/std/ops.rs" 98 8 98 14 + let%span sops6 = "../../../creusot-contracts/src/std/ops.rs" 80 8 80 14 use prelude.prelude.Borrow @@ -19969,66 +20215,68 @@ module M_creusot_contracts__stdqy35z1__ops__qyi14194840286170235833 [#"../../../ type t_Output'0 - predicate postcondition_mut'0 [#"../../../creusot-contracts/src/std/ops.rs" 89 4 89 69] (self : borrowed f) (_2 : args) (_3 : t_Output'0) + predicate postcondition_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 79 4 79 65] (self : f) (_2 : args) (_3 : t_Output'0) - predicate postcondition_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 79 4 79 65] (self : f) (_2 : args) (_3 : t_Output'0) + predicate unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 97 4 97 36] (self : f) (_2 : f) + + predicate postcondition_mut'0 [#"../../../creusot-contracts/src/std/ops.rs" 89 4 89 69] (self : borrowed f) (_2 : args) (_3 : t_Output'0) - goal fn_mut_once_refn : [%#sops0] forall self : f . forall args : args . forall res : t_Output'0 . forall result : () . postcondition_once'0 self args res - = (exists s : borrowed f . s.current = self /\ postcondition_mut'0 s args res /\ resolve'0 s.final) - -> postcondition_once'0 self args res - = (exists s : borrowed f . s.current = self /\ postcondition_mut'0 s args res /\ resolve'0 s.final) + goal postcondition_mut_unnest_refn : [%#sops0] forall self : borrowed f . forall args : args . forall res : t_Output'0 . postcondition_mut'0 self args res + -> postcondition_mut'0 self args res + /\ (forall result : () . unnest'0 self.current self.final -> unnest'0 self.current self.final) goal unnest_trans_refn : [%#sops1] forall self : f . forall b : f . forall c : f . unnest'0 b c /\ unnest'0 self b -> unnest'0 b c /\ unnest'0 self b /\ (forall result : () . unnest'0 self c -> unnest'0 self c) goal unnest_refl_refn : [%#sops2] forall self : f . forall result : () . unnest'0 self self -> unnest'0 self self - goal postcondition_mut_unnest_refn : [%#sops3] forall self : borrowed f . forall args : args . forall res : t_Output'0 . postcondition_mut'0 self args res - -> postcondition_mut'0 self args res - /\ (forall result : () . unnest'0 self.current self.final -> unnest'0 self.current self.final) + goal fn_mut_once_refn : [%#sops3] forall self : f . forall args : args . forall res : t_Output'0 . forall result : () . postcondition_once'0 self args res + = (exists s : borrowed f . s.current = self /\ postcondition_mut'0 s args res /\ resolve'0 s.final) + -> postcondition_once'0 self args res + = (exists s : borrowed f . s.current = self /\ postcondition_mut'0 s args res /\ resolve'0 s.final) end module M_creusot_contracts__stdqy35z1__ops__qyi10441027020636586103 [#"../../../creusot-contracts/src/std/ops.rs" 129 0 129 48] (* > *) type args type f - let%span sops0 = "../../../creusot-contracts/src/std/ops.rs" 142 4 142 55 - let%span sops1 = "../../../creusot-contracts/src/std/ops.rs" 148 4 148 51 - let%span sops2 = "../../../creusot-contracts/src/std/ops.rs" 90 8 90 14 - let%span sresolve3 = "../../../creusot-contracts/src/resolve.rs" 41 20 41 34 - let%span sops4 = "../../../creusot-contracts/src/std/ops.rs" 135 8 135 14 - let%span sops5 = "../../../creusot-contracts/src/std/ops.rs" 80 8 80 14 + let%span sops0 = "../../../creusot-contracts/src/std/ops.rs" 148 4 148 51 + let%span sops1 = "../../../creusot-contracts/src/std/ops.rs" 142 4 142 55 + let%span sops2 = "../../../creusot-contracts/src/std/ops.rs" 80 8 80 14 + let%span sops3 = "../../../creusot-contracts/src/std/ops.rs" 135 8 135 14 + let%span sops4 = "../../../creusot-contracts/src/std/ops.rs" 90 8 90 14 + let%span sresolve5 = "../../../creusot-contracts/src/resolve.rs" 41 20 41 34 use prelude.prelude.Borrow - predicate resolve'2 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : f) + predicate resolve'1 [#"../../../creusot-contracts/src/resolve.rs" 40 4 40 28] (self : borrowed f) = + [%#sresolve5] self.final = self.current + + predicate resolve'2 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : borrowed f) = + resolve'1 _1 type t_Output'0 - predicate postcondition_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 79 4 79 65] (self : f) (_2 : args) (_3 : t_Output'0) + predicate postcondition_mut'0 [#"../../../creusot-contracts/src/std/ops.rs" 89 4 89 69] (self : borrowed f) (_2 : args) (_3 : t_Output'0) - predicate resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 40 4 40 28] (self : borrowed f) = - [%#sresolve3] self.final = self.current - - predicate resolve'1 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : borrowed f) = - resolve'0 _1 - predicate postcondition'0 [#"../../../creusot-contracts/src/std/ops.rs" 134 4 134 61] (self : f) (_2 : args) (_3 : t_Output'0) - predicate postcondition_mut'0 [#"../../../creusot-contracts/src/std/ops.rs" 89 4 89 69] (self : borrowed f) (_2 : args) (_3 : t_Output'0) + predicate resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : f) + + predicate postcondition_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 79 4 79 65] (self : f) (_2 : args) (_3 : t_Output'0) - goal fn_mut_refn : [%#sops0] forall self : borrowed f . forall args : args . forall res : t_Output'0 . forall result : () . postcondition_mut'0 self args res - = (resolve'0 self /\ postcondition'0 self.current args res) - -> postcondition_mut'0 self args res = (resolve'1 self /\ postcondition'0 self.current args res) + goal fn_once_refn : [%#sops0] forall self : f . forall args : args . forall res : t_Output'0 . forall result : () . postcondition_once'0 self args res + = (resolve'0 self /\ postcondition'0 self args res) + -> postcondition_once'0 self args res = (resolve'0 self /\ postcondition'0 self args res) - goal fn_once_refn : [%#sops1] forall self : f . forall args : args . forall res : t_Output'0 . forall result : () . postcondition_once'0 self args res - = (resolve'2 self /\ postcondition'0 self args res) - -> postcondition_once'0 self args res = (resolve'2 self /\ postcondition'0 self args res) + goal fn_mut_refn : [%#sops1] forall self : borrowed f . forall args : args . forall res : t_Output'0 . forall result : () . postcondition_mut'0 self args res + = (resolve'1 self /\ postcondition'0 self.current args res) + -> postcondition_mut'0 self args res = (resolve'2 self /\ postcondition'0 self.current args res) end module M_creusot_contracts__stdqy35z1__ops__qyi2719475894322958352 [#"../../../creusot-contracts/src/std/ops.rs" 191 0 191 56] (* as std::ops::RangeInclusiveExt> *) type idx @@ -20233,6 +20481,10 @@ module M_creusot_contracts__ghost_ptr__qyi12069901807935209935 [#"../../../creus use T_creusot_contracts__ghost_ptr__GhostPtrToken as GhostPtrToken'0 + use prelude.prelude.Int128.to_int + + use prelude.prelude.Int128 + use prelude.prelude.Int function addr_logic'0 [#"../../../creusot-contracts/src/ghost_ptr.rs" 158 4 158 30] (self : opaque_ptr) : int @@ -20241,7 +20493,7 @@ module M_creusot_contracts__ghost_ptr__qyi12069901807935209935 [#"../../../creus axiom null_logic'0_spec : forall _1 : () . ([%#sghost_ptr8] forall ptr : opaque_ptr . addr_logic'0 ptr = addr_logic'0 (null_logic'0 _1) -> ptr = null_logic'0 _1) - && ([%#sghost_ptr7] addr_logic'0 (null_logic'0 _1) = 0) + && ([%#sghost_ptr7] addr_logic'0 (null_logic'0 _1) = Int128.to_int (0 : Int128.t)) function view'2 [#"../../../creusot-contracts/src/ghost_ptr.rs" 36 4 36 33] (self : GhostPtrToken'0.t_GhostPtrToken t) : FMap'0.t_FMap opaque_ptr t @@ -20340,6 +20592,10 @@ module M_creusot_contracts__ghost_ptr__qyi2050065802908022022 [#"../../../creuso use T_creusot_contracts__ghost_ptr__GhostPtrToken as GhostPtrToken'0 + use prelude.prelude.Int128.to_int + + use prelude.prelude.Int128 + use prelude.prelude.Int function addr_logic'0 [#"../../../creusot-contracts/src/ghost_ptr.rs" 158 4 158 30] (self : opaque_ptr) : int @@ -20348,7 +20604,7 @@ module M_creusot_contracts__ghost_ptr__qyi2050065802908022022 [#"../../../creuso axiom null_logic'0_spec : forall _1 : () . ([%#sghost_ptr7] forall ptr : opaque_ptr . addr_logic'0 ptr = addr_logic'0 (null_logic'0 _1) -> ptr = null_logic'0 _1) - && ([%#sghost_ptr6] addr_logic'0 (null_logic'0 _1) = 0) + && ([%#sghost_ptr6] addr_logic'0 (null_logic'0 _1) = Int128.to_int (0 : Int128.t)) function view'1 [#"../../../creusot-contracts/src/ghost_ptr.rs" 36 4 36 33] (self : GhostPtrToken'0.t_GhostPtrToken t) : FMap'0.t_FMap opaque_ptr t @@ -20495,6 +20751,10 @@ module M_creusot_contracts__ghost_ptr__qyi11706120906342127713 [#"../../../creus use T_creusot_contracts__ghost_ptr__GhostPtrToken as GhostPtrToken'0 + use prelude.prelude.Int128.to_int + + use prelude.prelude.Int128 + use prelude.prelude.Int function addr_logic'0 [#"../../../creusot-contracts/src/ghost_ptr.rs" 158 4 158 30] (self : opaque_ptr) : int @@ -20503,7 +20763,7 @@ module M_creusot_contracts__ghost_ptr__qyi11706120906342127713 [#"../../../creus axiom null_logic'0_spec : forall _1 : () . ([%#sghost_ptr8] forall ptr : opaque_ptr . addr_logic'0 ptr = addr_logic'0 (null_logic'0 _1) -> ptr = null_logic'0 _1) - && ([%#sghost_ptr7] addr_logic'0 (null_logic'0 _1) = 0) + && ([%#sghost_ptr7] addr_logic'0 (null_logic'0 _1) = Int128.to_int (0 : Int128.t)) function view'0 [#"../../../creusot-contracts/src/ghost_ptr.rs" 36 4 36 33] (self : GhostPtrToken'0.t_GhostPtrToken t) : FMap'0.t_FMap opaque_ptr t diff --git a/creusot/tests/should_succeed/bitwise.mlcfg b/creusot/tests/should_succeed/bitwise.mlcfg deleted file mode 100644 index dcd63b8fd3..0000000000 --- a/creusot/tests/should_succeed/bitwise.mlcfg +++ /dev/null @@ -1,100 +0,0 @@ - -module Bitwise_TestBitXorI64 - use prelude.Int64 - use prelude.Int - let rec cfg test_bit_xor_i64 [#"../bitwise.rs" 9 0 9 46] [@cfg:stackify] [@cfg:subregion_analysis] (a : int64) (b : int64) : int64 - ensures { [#"../bitwise.rs" 8 10 8 25] result = bw_xor a b } - - = [@vc:do_not_keep_trace] [@vc:sp] - var _0 : int64; - var a : int64 = a; - var b : int64 = b; - { - goto BB0 - } - BB0 { - [#"../bitwise.rs" 10 4 10 9] _0 <- ([#"../bitwise.rs" 10 4 10 9] bw_xor ([#"../bitwise.rs" 10 4 10 5] a) ([#"../bitwise.rs" 10 8 10 9] b)); - return _0 - } - -end -module Bitwise_TestBitAndU16 - use prelude.UInt16 - use prelude.Int - let rec cfg test_bit_and_u16 [#"../bitwise.rs" 14 0 14 46] [@cfg:stackify] [@cfg:subregion_analysis] (a : uint16) (b : uint16) : uint16 - ensures { [#"../bitwise.rs" 13 10 13 25] result = bw_and a b } - - = [@vc:do_not_keep_trace] [@vc:sp] - var _0 : uint16; - var a : uint16 = a; - var b : uint16 = b; - { - goto BB0 - } - BB0 { - [#"../bitwise.rs" 15 4 15 9] _0 <- ([#"../bitwise.rs" 15 4 15 9] bw_and ([#"../bitwise.rs" 15 4 15 5] a) ([#"../bitwise.rs" 15 8 15 9] b)); - return _0 - } - -end -module Bitwise_TestBitOrI32 - use prelude.Int32 - use prelude.Int - let rec cfg test_bit_or_i32 [#"../bitwise.rs" 19 0 19 45] [@cfg:stackify] [@cfg:subregion_analysis] (a : int32) (b : int32) : int32 - ensures { [#"../bitwise.rs" 18 10 18 25] result = bw_or a b } - - = [@vc:do_not_keep_trace] [@vc:sp] - var _0 : int32; - var a : int32 = a; - var b : int32 = b; - { - goto BB0 - } - BB0 { - [#"../bitwise.rs" 20 4 20 9] _0 <- ([#"../bitwise.rs" 20 4 20 9] bw_or ([#"../bitwise.rs" 20 4 20 5] a) ([#"../bitwise.rs" 20 8 20 9] b)); - return _0 - } - -end -module Bitwise_TestAddUsize - use prelude.UIntSize - use prelude.UIntSize - use prelude.Int - let rec cfg test_add_usize [#"../bitwise.rs" 26 0 26 50] [@cfg:stackify] [@cfg:subregion_analysis] (a : usize) (b : usize) : usize - ensures { [#"../bitwise.rs" 24 10 24 28] UIntSize.to_uint result = UIntSize.to_uint a + UIntSize.to_uint b } - ensures { [#"../bitwise.rs" 25 10 25 25] result = a + b } - - = [@vc:do_not_keep_trace] [@vc:sp] - var _0 : usize; - var a : usize = a; - var b : usize = b; - { - goto BB0 - } - BB0 { - [#"../bitwise.rs" 27 4 27 9] _0 <- ([#"../bitwise.rs" 27 4 27 9] u_add ([#"../bitwise.rs" 27 4 27 5] a) ([#"../bitwise.rs" 27 8 27 9] b)); - return _0 - } - -end -module Bitwise_TestMulI8 - use prelude.Int8 - use prelude.Int8 - use prelude.Int - let rec cfg test_mul_i8 [#"../bitwise.rs" 33 0 33 38] [@cfg:stackify] [@cfg:subregion_analysis] (a : int8) (b : int8) : int8 - ensures { [#"../bitwise.rs" 31 10 31 28] Int8.to_int result = Int8.to_int a * Int8.to_int b } - ensures { [#"../bitwise.rs" 32 10 32 25] result = a * b } - - = [@vc:do_not_keep_trace] [@vc:sp] - var _0 : int8; - var a : int8 = a; - var b : int8 = b; - { - goto BB0 - } - BB0 { - [#"../bitwise.rs" 34 4 34 9] _0 <- ([#"../bitwise.rs" 34 4 34 9] s_mul ([#"../bitwise.rs" 34 4 34 5] a) ([#"../bitwise.rs" 34 8 34 9] b)); - return _0 - } - -end diff --git a/creusot/tests/should_succeed/bitwise.rs b/creusot/tests/should_succeed/bitwise.rs deleted file mode 100644 index d69c57d830..0000000000 --- a/creusot/tests/should_succeed/bitwise.rs +++ /dev/null @@ -1,36 +0,0 @@ -extern crate creusot_contracts; -use creusot_contracts::*; - -#[ensures(result == a ^ b)] -pub fn test_bit_xor_i64(a: i64, b: i64) -> i64 { - a ^ b -} - -#[ensures(result == a & b)] -pub fn test_bit_and_u16(a: u16, b: u16) -> u16 { - a & b -} - -#[ensures(result == a | b)] -pub fn test_bit_or_i32(a: i32, b: i32) -> i32 { - a | b -} - - -#[ensures(result@ == a@ + b@)] -#[ensures(result == a + b)] -pub fn test_add_usize(a: usize, b: usize) -> usize { - a + b -} - - -#[ensures(result@ == a@ * b@)] -#[ensures(result == a * b)] -pub fn test_mul_i8(a: i8, b: i8) -> i8 { - a * b -} - -#[ensures(result == (a <= 100))] -pub fn test_literal_i32(a: i32) -> bool { - a <= 100 -} \ No newline at end of file diff --git a/creusot/tests/should_succeed/duration.coma b/creusot/tests/should_succeed/duration.coma index e18d629fd4..137fbd8767 100644 --- a/creusot/tests/should_succeed/duration.coma +++ b/creusot/tests/should_succeed/duration.coma @@ -4,10 +4,10 @@ module T_core__time__Nanoseconds use prelude.prelude.Int type t_Nanoseconds = - | C_Nanoseconds uint32 + | C_Nanoseconds UInt32.t - let rec t_Nanoseconds (input:t_Nanoseconds) (ret (field_0:uint32))= any - [ good (field_0:uint32)-> {C_Nanoseconds field_0 = input} (! ret {field_0}) ] + let rec t_Nanoseconds (input:t_Nanoseconds) (ret (field_0:UInt32.t))= any + [ good (field_0:UInt32.t)-> {C_Nanoseconds field_0 = input} (! ret {field_0}) ] end module T_core__time__Duration @@ -18,10 +18,11 @@ module T_core__time__Duration use prelude.prelude.Int type t_Duration = - | C_Duration uint64 (Nanoseconds'0.t_Nanoseconds) + | C_Duration UInt64.t (Nanoseconds'0.t_Nanoseconds) - let rec t_Duration (input:t_Duration) (ret (secs:uint64) (nanos:Nanoseconds'0.t_Nanoseconds))= any - [ good (secs:uint64) (nanos:Nanoseconds'0.t_Nanoseconds)-> {C_Duration secs nanos = input} (! ret {secs} {nanos}) ] + let rec t_Duration (input:t_Duration) (ret (secs:UInt64.t) (nanos:Nanoseconds'0.t_Nanoseconds))= any + [ good (secs:UInt64.t) (nanos:Nanoseconds'0.t_Nanoseconds)-> {C_Duration secs nanos = input} + (! ret {secs} {nanos}) ] end module T_core__option__Option @@ -37,6 +38,24 @@ module T_core__option__Option [ good (field_0:'t)-> {C_Some field_0 = input} (! ret {field_0}) | bad -> {forall field_0 : 't [C_Some field_0 : t_Option 't] . C_Some field_0 <> input} (! {false} any) ] +end +module T_core__cmp__Ordering + type t_Ordering = + | C_Less + | C_Equal + | C_Greater + + let rec v_Less (input:t_Ordering) (ret )= any + [ good -> {C_Less = input} (! ret) | bad -> {C_Less <> input} (! {false} any) ] + + + let rec v_Equal (input:t_Ordering) (ret )= any + [ good -> {C_Equal = input} (! ret) | bad -> {C_Equal <> input} (! {false} any) ] + + + let rec v_Greater (input:t_Ordering) (ret )= any + [ good -> {C_Greater = input} (! ret) | bad -> {C_Greater <> input} (! {false} any) ] + end module M_duration__test_duration [#"duration.rs" 7 0 7 22] let%span sduration0 = "duration.rs" 8 29 8 30 @@ -118,7 +137,21 @@ module M_duration__test_duration [#"duration.rs" 7 0 7 22] let%span stime76 = "../../../creusot-contracts/src/std/time.rs" 37 4 37 21 let%span stime77 = "../../../creusot-contracts/src/std/time.rs" 32 4 32 17 let%span soption78 = "../../../creusot-contracts/src/std/option.rs" 11 8 14 9 - let%span stime79 = "../../../creusot-contracts/src/std/time.rs" 25 8 25 19 + let%span sord79 = "../../../creusot-contracts/src/logic/ord.rs" 78 39 78 89 + let%span sord80 = "../../../creusot-contracts/src/logic/ord.rs" 83 39 83 86 + let%span sord81 = "../../../creusot-contracts/src/logic/ord.rs" 88 39 88 86 + let%span sord82 = "../../../creusot-contracts/src/logic/ord.rs" 93 39 93 89 + let%span sord83 = "../../../creusot-contracts/src/logic/ord.rs" 98 39 98 70 + let%span sord84 = "../../../creusot-contracts/src/logic/ord.rs" 103 40 103 57 + let%span sord85 = "../../../creusot-contracts/src/logic/ord.rs" 104 40 104 57 + let%span sord86 = "../../../creusot-contracts/src/logic/ord.rs" 105 39 105 56 + let%span sord87 = "../../../creusot-contracts/src/logic/ord.rs" 110 40 110 70 + let%span sord88 = "../../../creusot-contracts/src/logic/ord.rs" 111 39 111 72 + let%span sord89 = "../../../creusot-contracts/src/logic/ord.rs" 116 40 116 73 + let%span sord90 = "../../../creusot-contracts/src/logic/ord.rs" 117 39 117 69 + let%span sord91 = "../../../creusot-contracts/src/logic/ord.rs" 122 39 122 84 + let%span stime92 = "../../../creusot-contracts/src/std/time.rs" 25 8 25 19 + let%span sord93 = "../../../creusot-contracts/src/logic/ord.rs" 189 16 195 17 use T_core__time__Duration as Duration'0 @@ -130,10 +163,72 @@ module M_duration__test_duration [#"duration.rs" 7 0 7 22] axiom inv_axiom'0 [@rewrite] : forall x : Option'0.t_Option (Duration'0.t_Duration) [inv'0 x] . inv'0 x = true - use prelude.prelude.Intrinsic + use prelude.prelude.UInt32 use prelude.prelude.Int + use T_core__cmp__Ordering as Ordering'0 + + use prelude.prelude.UInt32 + + function cmp_log'0 (self : UInt32.t) (o : UInt32.t) : Ordering'0.t_Ordering = + [%#sord93] if UInt32.ult self o then + Ordering'0.C_Less + else + if self = o then Ordering'0.C_Equal else Ordering'0.C_Greater + + + function eq_cmp'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom eq_cmp'0_spec : forall x : UInt32.t, y : UInt32.t . [%#sord91] (x = y) = (cmp_log'0 x y = Ordering'0.C_Equal) + + function antisym2'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom antisym2'0_spec : forall x : UInt32.t, y : UInt32.t . ([%#sord89] cmp_log'0 x y = Ordering'0.C_Greater) + -> ([%#sord90] cmp_log'0 y x = Ordering'0.C_Less) + + function antisym1'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom antisym1'0_spec : forall x : UInt32.t, y : UInt32.t . ([%#sord87] cmp_log'0 x y = Ordering'0.C_Less) + -> ([%#sord88] cmp_log'0 y x = Ordering'0.C_Greater) + + function trans'0 (x : UInt32.t) (y : UInt32.t) (z : UInt32.t) (o : Ordering'0.t_Ordering) : () + + axiom trans'0_spec : forall x : UInt32.t, y : UInt32.t, z : UInt32.t, o : Ordering'0.t_Ordering . ([%#sord84] cmp_log'0 x y + = o) -> ([%#sord85] cmp_log'0 y z = o) -> ([%#sord86] cmp_log'0 x z = o) + + function refl'0 (x : UInt32.t) : () + + axiom refl'0_spec : forall x : UInt32.t . [%#sord83] cmp_log'0 x x = Ordering'0.C_Equal + + use prelude.prelude.UInt32 + + function cmp_gt_log'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom cmp_gt_log'0_spec : forall x : UInt32.t, y : UInt32.t . [%#sord82] UInt32.ugt x y + = (cmp_log'0 x y = Ordering'0.C_Greater) + + use prelude.prelude.UInt32 + + function cmp_ge_log'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom cmp_ge_log'0_spec : forall x : UInt32.t, y : UInt32.t . [%#sord81] UInt32.uge x y + = (cmp_log'0 x y <> Ordering'0.C_Less) + + function cmp_lt_log'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom cmp_lt_log'0_spec : forall x : UInt32.t, y : UInt32.t . [%#sord80] UInt32.ult x y + = (cmp_log'0 x y = Ordering'0.C_Less) + + use prelude.prelude.UInt32 + + function cmp_le_log'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom cmp_le_log'0_spec : forall x : UInt32.t, y : UInt32.t . [%#sord79] UInt32.ule x y + = (cmp_log'0 x y <> Ordering'0.C_Greater) + + use prelude.prelude.Intrinsic + function secs_to_nanos'0 (secs : int) : int = [%#stime74] secs * 1000000000 @@ -141,12 +236,12 @@ module M_duration__test_duration [#"duration.rs" 7 0 7 22] use prelude.prelude.UInt64 - constant v_MAX'0 : uint64 = (18446744073709551615 : uint64) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) function view'0 (self : Duration'0.t_Duration) : int axiom view'0_spec : forall self : Duration'0.t_Duration . [%#stime44] view'0 self >= 0 - /\ view'0 self <= secs_to_nanos'0 (UInt64.to_int (v_MAX'0 : uint64)) + 999999999 + /\ view'0 self <= secs_to_nanos'0 (UInt64.to_int (v_MAX'0 : UInt64.t)) + 999999999 let rec sub'0 (self:Duration'0.t_Duration) (rhs:Duration'0.t_Duration) (return' (ret:Duration'0.t_Duration))= {[@expl:precondition] [%#stime72] view'0 self - view'0 rhs @@ -158,7 +253,7 @@ module M_duration__test_duration [#"duration.rs" 7 0 7 22] let rec add'0 (self:Duration'0.t_Duration) (rhs:Duration'0.t_Duration) (return' (ret:Duration'0.t_Duration))= {[@expl:precondition] [%#stime72] view'0 self + view'0 rhs - <= secs_to_nanos'0 (UInt64.to_int (v_MAX'0 : uint64)) + 999999999} + <= secs_to_nanos'0 (UInt64.to_int (v_MAX'0 : UInt64.t)) + 999999999} any [ return' (result:Duration'0.t_Duration)-> {[%#stime72] view'0 self + view'0 rhs = view'0 result} (! return' {result}) ] @@ -169,7 +264,7 @@ module M_duration__test_duration [#"duration.rs" 7 0 7 22] use prelude.prelude.UInt32 function deep_model'1 (self : Duration'0.t_Duration) : int = - [%#stime79] view'0 self + [%#stime92] view'0 self function deep_model'0 (self : Option'0.t_Option (Duration'0.t_Duration)) : Option'0.t_Option int = [%#soption78] match self with @@ -177,23 +272,21 @@ module M_duration__test_duration [#"duration.rs" 7 0 7 22] | Option'0.C_None -> Option'0.C_None end - use prelude.prelude.UInt32 - - let rec checked_div'0 (self:Duration'0.t_Duration) (rhs:uint32) (return' (ret:Option'0.t_Option (Duration'0.t_Duration)))= any - [ return' (result:Option'0.t_Option (Duration'0.t_Duration))-> {[%#stime71] rhs <> (0 : uint32) + let rec checked_div'0 (self:Duration'0.t_Duration) (rhs:UInt32.t) (return' (ret:Option'0.t_Option (Duration'0.t_Duration)))= any + [ return' (result:Option'0.t_Option (Duration'0.t_Duration))-> {[%#stime71] rhs <> (0 : UInt32.t) -> deep_model'0 result = Option'0.C_Some (div (view'0 self) (UInt32.to_int rhs))} - {[%#stime70] rhs = (0 : uint32) -> result = Option'0.C_None} + {[%#stime70] rhs = (0 : UInt32.t) -> result = Option'0.C_None} (! return' {result}) ] function nanos_to_secs'0 (nanos : int) : int = [%#stime73] div nanos 1000000000 - let rec checked_mul'0 (self:Duration'0.t_Duration) (rhs:uint32) (return' (ret:Option'0.t_Option (Duration'0.t_Duration)))= any + let rec checked_mul'0 (self:Duration'0.t_Duration) (rhs:UInt32.t) (return' (ret:Option'0.t_Option (Duration'0.t_Duration)))= any [ return' (result:Option'0.t_Option (Duration'0.t_Duration))-> {[%#stime69] nanos_to_secs'0 (view'0 self * UInt32.to_int rhs) - <= UInt64.to_int (v_MAX'0 : uint64) -> deep_model'0 result = Option'0.C_Some (view'0 self * UInt32.to_int rhs)} - {[%#stime68] nanos_to_secs'0 (view'0 self * UInt32.to_int rhs) > UInt64.to_int (v_MAX'0 : uint64) + <= UInt64.to_int (v_MAX'0 : UInt64.t) -> deep_model'0 result = Option'0.C_Some (view'0 self * UInt32.to_int rhs)} + {[%#stime68] nanos_to_secs'0 (view'0 self * UInt32.to_int rhs) > UInt64.to_int (v_MAX'0 : UInt64.t) -> result = Option'0.C_None} (! return' {result}) ] @@ -214,8 +307,8 @@ module M_duration__test_duration [#"duration.rs" 7 0 7 22] let rec checked_add'0 (self:Duration'0.t_Duration) (rhs:Duration'0.t_Duration) (return' (ret:Option'0.t_Option (Duration'0.t_Duration)))= any [ return' (result:Option'0.t_Option (Duration'0.t_Duration))-> {[%#stime63] nanos_to_secs'0 (view'0 self + view'0 rhs) - <= UInt64.to_int (v_MAX'0 : uint64) -> deep_model'0 result = Option'0.C_Some (view'0 self + view'0 rhs)} - {[%#stime62] nanos_to_secs'0 (view'0 self + view'0 rhs) > UInt64.to_int (v_MAX'0 : uint64) + <= UInt64.to_int (v_MAX'0 : UInt64.t) -> deep_model'0 result = Option'0.C_Some (view'0 self + view'0 rhs)} + {[%#stime62] nanos_to_secs'0 (view'0 self + view'0 rhs) > UInt64.to_int (v_MAX'0 : UInt64.t) -> result = Option'0.C_None} (! return' {result}) ] @@ -230,39 +323,39 @@ module M_duration__test_duration [#"duration.rs" 7 0 7 22] use prelude.prelude.UInt128 - let rec as_micros'0 (self:Duration'0.t_Duration) (return' (ret:uint128))= any - [ return' (result:uint128)-> {[%#stime61] UInt128.to_int result = nanos_to_micros'0 (view'1 self)} + let rec as_micros'0 (self:Duration'0.t_Duration) (return' (ret:UInt128.t))= any + [ return' (result:UInt128.t)-> {[%#stime61] UInt128.to_int result = nanos_to_micros'0 (view'1 self)} (! return' {result}) ] function nanos_to_millis'0 (nanos : int) : int = [%#stime76] div nanos 1000000 - let rec as_millis'0 (self:Duration'0.t_Duration) (return' (ret:uint128))= any - [ return' (result:uint128)-> {[%#stime60] UInt128.to_int result = nanos_to_millis'0 (view'1 self)} + let rec as_millis'0 (self:Duration'0.t_Duration) (return' (ret:UInt128.t))= any + [ return' (result:UInt128.t)-> {[%#stime60] UInt128.to_int result = nanos_to_millis'0 (view'1 self)} (! return' {result}) ] - let rec subsec_nanos'0 (self:Duration'0.t_Duration) (return' (ret:uint32))= any - [ return' (result:uint32)-> {[%#stime59] result < (1000000000 : uint32)} + let rec subsec_nanos'0 (self:Duration'0.t_Duration) (return' (ret:UInt32.t))= any + [ return' (result:UInt32.t)-> {[%#stime59] UInt32.ult result (1000000000 : UInt32.t)} {[%#stime58] UInt32.to_int result = mod (view'1 self) 1000000000} (! return' {result}) ] - let rec subsec_micros'0 (self:Duration'0.t_Duration) (return' (ret:uint32))= any - [ return' (result:uint32)-> {[%#stime57] result < (1000000 : uint32)} + let rec subsec_micros'0 (self:Duration'0.t_Duration) (return' (ret:UInt32.t))= any + [ return' (result:UInt32.t)-> {[%#stime57] UInt32.ult result (1000000 : UInt32.t)} {[%#stime56] UInt32.to_int result = mod (nanos_to_micros'0 (view'1 self)) 1000000} (! return' {result}) ] - let rec subsec_millis'0 (self:Duration'0.t_Duration) (return' (ret:uint32))= any - [ return' (result:uint32)-> {[%#stime55] result < (1000 : uint32)} + let rec subsec_millis'0 (self:Duration'0.t_Duration) (return' (ret:UInt32.t))= any + [ return' (result:UInt32.t)-> {[%#stime55] UInt32.ult result (1000 : UInt32.t)} {[%#stime54] UInt32.to_int result = mod (nanos_to_millis'0 (view'1 self)) 1000} (! return' {result}) ] - let rec as_secs'0 (self:Duration'0.t_Duration) (return' (ret:uint64))= any - [ return' (result:uint64)-> {[%#stime53] UInt64.to_int result = nanos_to_secs'0 (view'1 self)} + let rec as_secs'0 (self:Duration'0.t_Duration) (return' (ret:UInt64.t))= any + [ return' (result:UInt64.t)-> {[%#stime53] UInt64.to_int result = nanos_to_secs'0 (view'1 self)} (! return' {result}) ] @@ -272,35 +365,35 @@ module M_duration__test_duration [#"duration.rs" 7 0 7 22] (! return' {result}) ] - let rec from_nanos'0 (nanos:uint64) (return' (ret:Duration'0.t_Duration))= any + let rec from_nanos'0 (nanos:UInt64.t) (return' (ret:Duration'0.t_Duration))= any [ return' (result:Duration'0.t_Duration)-> {[%#stime50] view'0 result = UInt64.to_int nanos} (! return' {result}) ] - let rec from_micros'0 (micros:uint64) (return' (ret:Duration'0.t_Duration))= any + let rec from_micros'0 (micros:UInt64.t) (return' (ret:Duration'0.t_Duration))= any [ return' (result:Duration'0.t_Duration)-> {[%#stime49] view'0 result = UInt64.to_int micros * 1000} (! return' {result}) ] - let rec from_millis'0 (millis:uint64) (return' (ret:Duration'0.t_Duration))= any + let rec from_millis'0 (millis:UInt64.t) (return' (ret:Duration'0.t_Duration))= any [ return' (result:Duration'0.t_Duration)-> {[%#stime48] view'0 result = UInt64.to_int millis * 1000000} (! return' {result}) ] - let rec from_secs'0 (secs:uint64) (return' (ret:Duration'0.t_Duration))= any + let rec from_secs'0 (secs:UInt64.t) (return' (ret:Duration'0.t_Duration))= any [ return' (result:Duration'0.t_Duration)-> {[%#stime47] view'0 result = secs_to_nanos'0 (UInt64.to_int secs)} (! return' {result}) ] - let rec as_nanos'0 (self:Duration'0.t_Duration) (return' (ret:uint128))= any - [ return' (result:uint128)-> {[%#stime46] UInt128.to_int result - <= secs_to_nanos'0 (UInt64.to_int (v_MAX'0 : uint64)) + 999999999} + let rec as_nanos'0 (self:Duration'0.t_Duration) (return' (ret:UInt128.t))= any + [ return' (result:UInt128.t)-> {[%#stime46] UInt128.to_int result + <= secs_to_nanos'0 (UInt64.to_int (v_MAX'0 : UInt64.t)) + 999999999} {[%#stime45] UInt128.to_int result = view'1 self} (! return' {result}) ] - let rec new'0 (secs:uint64) (nanos:uint32) (return' (ret:Duration'0.t_Duration))= {[@expl:precondition] [%#stime42] UInt64.to_int secs + let rec new'0 (secs:UInt64.t) (nanos:UInt32.t) (return' (ret:Duration'0.t_Duration))= {[@expl:precondition] [%#stime42] UInt64.to_int secs + nanos_to_secs'0 (UInt32.to_int nanos) - <= UInt64.to_int (v_MAX'0 : uint64)} + <= UInt64.to_int (v_MAX'0 : UInt64.t)} any [ return' (result:Duration'0.t_Duration)-> {[%#stime43] view'0 result = secs_to_nanos'0 (UInt64.to_int secs) + UInt32.to_int nanos} @@ -311,43 +404,43 @@ module M_duration__test_duration [#"duration.rs" 7 0 7 22] let rec test_duration (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 - [ s0 = new'0 {[%#sduration0] (0 : uint64)} {[%#sduration1] (0 : uint32)} + [ s0 = new'0 {[%#sduration0] (0 : UInt64.t)} {[%#sduration1] (0 : UInt32.t)} (fun (_ret':Duration'0.t_Duration) -> [ &zero <- _ret' ] s1) | s1 = bb1 ] | bb1 = s0 [ s0 = {[@expl:assertion] [%#sduration2] view'0 zero = 0} s1 - | s1 = as_nanos'0 {zero} (fun (_ret':uint128) -> [ &_6 <- _ret' ] s2) + | s1 = as_nanos'0 {zero} (fun (_ret':UInt128.t) -> [ &_6 <- _ret' ] s2) | s2 = bb2 ] | bb2 = s0 - [ s0 = UInt128.eq {_6} {[%#sduration3] (0 : uint128)} (fun (_ret':bool) -> [ &_5 <- _ret' ] s1) + [ s0 = UInt128.eq {_6} {[%#sduration3] (0 : UInt128.t)} (fun (_ret':bool) -> [ &_5 <- _ret' ] s1) | s1 = any [ br0 -> {_5 = false} (! bb4) | br1 -> {_5} (! bb3) ] ] | bb3 = s0 - [ s0 = new'0 {[%#sduration4] (18446744073709551615 : uint64)} {[%#sduration5] (999999999 : uint32)} + [ s0 = new'0 {[%#sduration4] (18446744073709551615 : UInt64.t)} {[%#sduration5] (999999999 : UInt32.t)} (fun (_ret':Duration'0.t_Duration) -> [ &max <- _ret' ] s1) | s1 = bb5 ] | bb5 = s0 - [ s0 = from_secs'0 {[%#sduration6] (1 : uint64)} (fun (_ret':Duration'0.t_Duration) -> [ &d_secs <- _ret' ] s1) + [ s0 = from_secs'0 {[%#sduration6] (1 : UInt64.t)} (fun (_ret':Duration'0.t_Duration) -> [ &d_secs <- _ret' ] s1) | s1 = bb6 ] | bb6 = s0 [ s0 = {[@expl:assertion] [%#sduration7] view'0 d_secs = 1000000000} s1 - | s1 = from_millis'0 {[%#sduration8] (1 : uint64)} + | s1 = from_millis'0 {[%#sduration8] (1 : UInt64.t)} (fun (_ret':Duration'0.t_Duration) -> [ &d_millis <- _ret' ] s2) | s2 = bb7 ] | bb7 = s0 [ s0 = {[@expl:assertion] [%#sduration9] view'0 d_millis = 1000000} s1 - | s1 = from_micros'0 {[%#sduration10] (1 : uint64)} + | s1 = from_micros'0 {[%#sduration10] (1 : UInt64.t)} (fun (_ret':Duration'0.t_Duration) -> [ &d_micros <- _ret' ] s2) | s2 = bb8 ] | bb8 = s0 [ s0 = {[@expl:assertion] [%#sduration11] view'0 d_micros = 1000} s1 - | s1 = from_nanos'0 {[%#sduration12] (1 : uint64)} + | s1 = from_nanos'0 {[%#sduration12] (1 : UInt64.t)} (fun (_ret':Duration'0.t_Duration) -> [ &d_nanos <- _ret' ] s2) | s2 = bb9 ] @@ -360,50 +453,53 @@ module M_duration__test_duration [#"duration.rs" 7 0 7 22] | bb11 = s0 [ s0 = is_zero'0 {d_secs} (fun (_ret':bool) -> [ &_27 <- _ret' ] s1) | s1 = bb13 ] | bb13 = any [ br0 -> {_27 = false} (! bb15) | br1 -> {_27} (! bb14) ] | bb14 = {[%#sduration14] false} any - | bb15 = s0 [ s0 = as_secs'0 {d_secs} (fun (_ret':uint64) -> [ &_32 <- _ret' ] s1) | s1 = bb16 ] + | bb15 = s0 [ s0 = as_secs'0 {d_secs} (fun (_ret':UInt64.t) -> [ &_32 <- _ret' ] s1) | s1 = bb16 ] | bb16 = s0 - [ s0 = UInt64.eq {[%#sduration15] (1 : uint64)} {_32} (fun (_ret':bool) -> [ &_31 <- _ret' ] s1) + [ s0 = UInt64.eq {[%#sduration15] (1 : UInt64.t)} {_32} (fun (_ret':bool) -> [ &_31 <- _ret' ] s1) | s1 = any [ br0 -> {_31 = false} (! bb18) | br1 -> {_31} (! bb17) ] ] - | bb17 = s0 [ s0 = subsec_millis'0 {d_secs} (fun (_ret':uint32) -> [ &_37 <- _ret' ] s1) | s1 = bb19 ] + | bb17 = s0 [ s0 = subsec_millis'0 {d_secs} (fun (_ret':UInt32.t) -> [ &_37 <- _ret' ] s1) | s1 = bb19 ] | bb19 = s0 - [ s0 = UInt32.eq {[%#sduration16] (0 : uint32)} {_37} (fun (_ret':bool) -> [ &_36 <- _ret' ] s1) + [ s0 = UInt32.eq {[%#sduration16] (0 : UInt32.t)} {_37} (fun (_ret':bool) -> [ &_36 <- _ret' ] s1) | s1 = any [ br0 -> {_36 = false} (! bb21) | br1 -> {_36} (! bb20) ] ] - | bb20 = s0 [ s0 = subsec_micros'0 {d_secs} (fun (_ret':uint32) -> [ &_42 <- _ret' ] s1) | s1 = bb22 ] + | bb20 = s0 [ s0 = subsec_micros'0 {d_secs} (fun (_ret':UInt32.t) -> [ &_42 <- _ret' ] s1) | s1 = bb22 ] | bb22 = s0 - [ s0 = UInt32.eq {[%#sduration17] (0 : uint32)} {_42} (fun (_ret':bool) -> [ &_41 <- _ret' ] s1) + [ s0 = UInt32.eq {[%#sduration17] (0 : UInt32.t)} {_42} (fun (_ret':bool) -> [ &_41 <- _ret' ] s1) | s1 = any [ br0 -> {_41 = false} (! bb24) | br1 -> {_41} (! bb23) ] ] - | bb23 = s0 [ s0 = subsec_nanos'0 {d_secs} (fun (_ret':uint32) -> [ &_47 <- _ret' ] s1) | s1 = bb25 ] + | bb23 = s0 [ s0 = subsec_nanos'0 {d_secs} (fun (_ret':UInt32.t) -> [ &_47 <- _ret' ] s1) | s1 = bb25 ] | bb25 = s0 - [ s0 = UInt32.eq {[%#sduration18] (0 : uint32)} {_47} (fun (_ret':bool) -> [ &_46 <- _ret' ] s1) + [ s0 = UInt32.eq {[%#sduration18] (0 : UInt32.t)} {_47} (fun (_ret':bool) -> [ &_46 <- _ret' ] s1) | s1 = any [ br0 -> {_46 = false} (! bb27) | br1 -> {_46} (! bb26) ] ] - | bb26 = s0 [ s0 = subsec_millis'0 {d_millis} (fun (_ret':uint32) -> [ &_53 <- _ret' ] s1) | s1 = bb28 ] + | bb26 = s0 [ s0 = subsec_millis'0 {d_millis} (fun (_ret':UInt32.t) -> [ &_53 <- _ret' ] s1) | s1 = bb28 ] | bb28 = s0 - [ s0 = UInt128.of_int {UInt32.to_int _53} (fun (_res:uint128) -> [ &_52 <- _res ] s1) - | s1 = as_millis'0 {d_millis} (fun (_ret':uint128) -> [ &_55 <- _ret' ] s2) + [ s0 = UInt32.to_bv256 {_53} + (fun (_ret_to:BV256.t) -> UInt128.of_bv256 {_ret_to} (fun (_ret_from:UInt128.t) -> [ &_52 <- _ret_from ] s1)) + | s1 = as_millis'0 {d_millis} (fun (_ret':UInt128.t) -> [ &_55 <- _ret' ] s2) | s2 = bb29 ] | bb29 = s0 [ s0 = UInt128.eq {_52} {_55} (fun (_ret':bool) -> [ &_51 <- _ret' ] s1) | s1 = any [ br0 -> {_51 = false} (! bb31) | br1 -> {_51} (! bb30) ] ] - | bb30 = s0 [ s0 = subsec_micros'0 {d_micros} (fun (_ret':uint32) -> [ &_61 <- _ret' ] s1) | s1 = bb32 ] + | bb30 = s0 [ s0 = subsec_micros'0 {d_micros} (fun (_ret':UInt32.t) -> [ &_61 <- _ret' ] s1) | s1 = bb32 ] | bb32 = s0 - [ s0 = UInt128.of_int {UInt32.to_int _61} (fun (_res:uint128) -> [ &_60 <- _res ] s1) - | s1 = as_micros'0 {d_micros} (fun (_ret':uint128) -> [ &_63 <- _ret' ] s2) + [ s0 = UInt32.to_bv256 {_61} + (fun (_ret_to:BV256.t) -> UInt128.of_bv256 {_ret_to} (fun (_ret_from:UInt128.t) -> [ &_60 <- _ret_from ] s1)) + | s1 = as_micros'0 {d_micros} (fun (_ret':UInt128.t) -> [ &_63 <- _ret' ] s2) | s2 = bb33 ] | bb33 = s0 [ s0 = UInt128.eq {_60} {_63} (fun (_ret':bool) -> [ &_59 <- _ret' ] s1) | s1 = any [ br0 -> {_59 = false} (! bb35) | br1 -> {_59} (! bb34) ] ] - | bb34 = s0 [ s0 = subsec_nanos'0 {d_nanos} (fun (_ret':uint32) -> [ &_69 <- _ret' ] s1) | s1 = bb36 ] + | bb34 = s0 [ s0 = subsec_nanos'0 {d_nanos} (fun (_ret':UInt32.t) -> [ &_69 <- _ret' ] s1) | s1 = bb36 ] | bb36 = s0 - [ s0 = UInt128.of_int {UInt32.to_int _69} (fun (_res:uint128) -> [ &_68 <- _res ] s1) - | s1 = as_nanos'0 {d_nanos} (fun (_ret':uint128) -> [ &_71 <- _ret' ] s2) + [ s0 = UInt32.to_bv256 {_69} + (fun (_ret_to:BV256.t) -> UInt128.of_bv256 {_ret_to} (fun (_ret_from:UInt128.t) -> [ &_68 <- _ret_from ] s1)) + | s1 = as_nanos'0 {d_nanos} (fun (_ret':UInt128.t) -> [ &_71 <- _ret' ] s2) | s2 = bb37 ] | bb37 = s0 @@ -439,28 +535,28 @@ module M_duration__test_duration [#"duration.rs" 7 0 7 22] | bb52 = s0 [ s0 = is_some'0 {_98} (fun (_ret':bool) -> [ &_96 <- _ret' ] s1) | s1 = bb53 ] | bb53 = any [ br0 -> {_96 = false} (! bb55) | br1 -> {_96} (! bb54) ] | bb54 = s0 - [ s0 = checked_mul'0 {max} {[%#sduration19] (2 : uint32)} + [ s0 = checked_mul'0 {max} {[%#sduration19] (2 : UInt32.t)} (fun (_ret':Option'0.t_Option (Duration'0.t_Duration)) -> [ &_105 <- _ret' ] s1) | s1 = bb56 ] | bb56 = s0 [ s0 = is_none'0 {_105} (fun (_ret':bool) -> [ &_103 <- _ret' ] s1) | s1 = bb57 ] | bb57 = any [ br0 -> {_103 = false} (! bb59) | br1 -> {_103} (! bb58) ] | bb58 = s0 - [ s0 = checked_mul'0 {d_secs} {[%#sduration20] (10 : uint32)} + [ s0 = checked_mul'0 {d_secs} {[%#sduration20] (10 : UInt32.t)} (fun (_ret':Option'0.t_Option (Duration'0.t_Duration)) -> [ &_111 <- _ret' ] s1) | s1 = bb60 ] | bb60 = s0 [ s0 = is_some'0 {_111} (fun (_ret':bool) -> [ &_109 <- _ret' ] s1) | s1 = bb61 ] | bb61 = any [ br0 -> {_109 = false} (! bb63) | br1 -> {_109} (! bb62) ] | bb62 = s0 - [ s0 = checked_div'0 {d_secs} {[%#sduration21] (0 : uint32)} + [ s0 = checked_div'0 {d_secs} {[%#sduration21] (0 : UInt32.t)} (fun (_ret':Option'0.t_Option (Duration'0.t_Duration)) -> [ &_117 <- _ret' ] s1) | s1 = bb64 ] | bb64 = s0 [ s0 = is_none'0 {_117} (fun (_ret':bool) -> [ &_115 <- _ret' ] s1) | s1 = bb65 ] | bb65 = any [ br0 -> {_115 = false} (! bb67) | br1 -> {_115} (! bb66) ] | bb66 = s0 - [ s0 = checked_div'0 {d_secs} {[%#sduration22] (10 : uint32)} + [ s0 = checked_div'0 {d_secs} {[%#sduration22] (10 : UInt32.t)} (fun (_ret':Option'0.t_Option (Duration'0.t_Duration)) -> [ &_123 <- _ret' ] s1) | s1 = bb68 ] @@ -499,7 +595,7 @@ module M_duration__test_duration [#"duration.rs" 7 0 7 22] [ & _0 : () = any_l () | & zero : Duration'0.t_Duration = any_l () | & _5 : bool = any_l () - | & _6 : uint128 = any_l () + | & _6 : UInt128.t = any_l () | & max : Duration'0.t_Duration = any_l () | & d_secs : Duration'0.t_Duration = any_l () | & d_millis : Duration'0.t_Duration = any_l () @@ -508,25 +604,25 @@ module M_duration__test_duration [#"duration.rs" 7 0 7 22] | & _23 : bool = any_l () | & _27 : bool = any_l () | & _31 : bool = any_l () - | & _32 : uint64 = any_l () + | & _32 : UInt64.t = any_l () | & _36 : bool = any_l () - | & _37 : uint32 = any_l () + | & _37 : UInt32.t = any_l () | & _41 : bool = any_l () - | & _42 : uint32 = any_l () + | & _42 : UInt32.t = any_l () | & _46 : bool = any_l () - | & _47 : uint32 = any_l () + | & _47 : UInt32.t = any_l () | & _51 : bool = any_l () - | & _52 : uint128 = any_l () - | & _53 : uint32 = any_l () - | & _55 : uint128 = any_l () + | & _52 : UInt128.t = any_l () + | & _53 : UInt32.t = any_l () + | & _55 : UInt128.t = any_l () | & _59 : bool = any_l () - | & _60 : uint128 = any_l () - | & _61 : uint32 = any_l () - | & _63 : uint128 = any_l () + | & _60 : UInt128.t = any_l () + | & _61 : UInt32.t = any_l () + | & _63 : UInt128.t = any_l () | & _67 : bool = any_l () - | & _68 : uint128 = any_l () - | & _69 : uint32 = any_l () - | & _71 : uint128 = any_l () + | & _68 : UInt128.t = any_l () + | & _69 : UInt32.t = any_l () + | & _71 : UInt128.t = any_l () | & _75 : bool = any_l () | & _77 : Option'0.t_Option (Duration'0.t_Duration) = any_l () | & _82 : bool = any_l () diff --git a/creusot/tests/should_succeed/duration/why3session.xml b/creusot/tests/should_succeed/duration/why3session.xml index eb697175aa..d862570a4f 100644 --- a/creusot/tests/should_succeed/duration/why3session.xml +++ b/creusot/tests/should_succeed/duration/why3session.xml @@ -7,7 +7,7 @@ - + diff --git a/creusot/tests/should_succeed/duration/why3shapes.gz b/creusot/tests/should_succeed/duration/why3shapes.gz index 8e84e97a2c00ed5f45b089df632551a8c26e30f2..16a90912ab568413f162c1e75a1246d2cb69c9e3 100644 GIT binary patch literal 551 zcmV+?0@(c@iwFP!00000|D9C9j+-zLz4H~hrOm362e3)1%}P;KYNR%oR#tClLY!?R z0wIu8{re7vfFar4s))mQ{NBuaW6ZnRr2K_PT~03gRPOWa<3vnm@13f^eRi2L#lmag z;1ZL=F;4SmT7q)%Q~bF&V_M*{UWP+}uRH>L)nyqC@}BZ3|K+5y(x(weDBkZ4X^&Xda+3Vi~a~VEhsgp9U@;JjRFQ*JC+-DVD;%}>;Q@}1@~zg#_>gaPYH)=3o*y)B_m@s1 zZxsQN>RyH$nu^R)!&)^}(eGRp^o z6+D{ejb&5PSiaAX>XZAgR%Svxu-pc%+d3Au*kOtWeNA^2Tk;Cz8q zN*{8;@CFNti>S<_470qL0Ln7WO01%X)$;^mue(;b9DFhO#s(K5WB7D@rxo_MY`3-m zfW9YU1|WYB$j#esTXcmxn0?h|L=r3S%>}QJ-ubxX@07AhXgdwmrm21078Iz(4DX{& zp3z}Y$)?RsS~1ow96CPDxFk3<~zb9t-6R#8;D6y-AY+~^@p|=#%{xu zhv7~aVCWm#T=Q@pz|sNu34j&ok^q;erd5xv9-nM69m{(%%X46>10J;p^+Wqlqh>rz zLuD;$U4u@_PDtUK x = y type array 'a = slice 'a - function length (s : slice 'a) : usize - axiom spec : forall s : slice 'a . (length s) = Seq.length s.elts + function length (s : slice 'a) : UInt64.t + axiom spec : forall s : slice 'a . (UInt64.to_uint (length s)) = Seq.length s.elts (* : usize = of_int (Seq.length s.elts) *) - let get < 'a > (s : slice 'a) (ix : usize) (ret (res : 'a)) = - { ix < Seq.length s.elts } + let get < 'a > (s : slice 'a) (ix : UInt64.t) (ret (res : 'a)) = + { UInt64.to_uint ix < Seq.length s.elts } ret {Seq.get s.elts (to_int ix)} - let set < 'a > (s : slice 'a) (ix : usize) (v : 'a) - { 0 <= ix < Seq.length s.elts } + let set < 'a > (s : slice 'a) (ix : UInt64.t) (v : 'a) + { 0 <= UInt64.to_uint ix < Seq.length s.elts } (ret (result : slice 'a) { Seq.length result.elts = Seq.length s.elts } - { result.elts[ix] = v } - { forall j. 0 <= j < Seq.length s.elts /\ j <> ix -> result.elts[j] = s.elts[j] } + { result.elts[UInt64.to_uint ix] = v } + { forall j. 0 <= j < Seq.length s.elts /\ j <> UInt64.to_uint ix -> result.elts[j] = s.elts[j] } ) = any - let create < 'a > (len : usize) (f : int -> 'a) - { 0 <= len } + let create < 'a > (len : UInt64.t) (f : int -> 'a) + { 0 <= UInt64.to_uint len } (ret (result : slice 'a ) - { Seq.length result.elts = len } - { forall i . 0 <= i < len -> result.elts[i] = f i } + { Seq.length result.elts = UInt64.to_uint len } + { forall i . 0 <= i < UInt64.to_uint len -> result.elts[i] = f i } ) = any (* - let function get < 'a > (s : slice 'a) (ix : usize) : 'a = + let function get < 'a > (s : slice 'a) (ix : UInt64.t) : 'a = requires { ix < Seq.length s.elts } Seq.get s.elts (to_int ix) - let set (s : slice 'a) (ix : usize) (v : 'a) : slice 'a = + let set (s : slice 'a) (ix : UInt64.t) (v : 'a) : slice 'a = requires { 0 <= ix < Seq.length s.elts } ensures { Seq.length result.elts = Seq.length s.elts } ensures { result.elts[ix] = v } From 7fe3cf43f6ecad503cf9fa121371686cfd34dfe2 Mon Sep 17 00:00:00 2001 From: SCHNEIDER Laurent Date: Mon, 25 Nov 2024 16:39:12 +0100 Subject: [PATCH 08/15] merge master --- creusot-deps.opam | 8 +- creusot/src/backend/term.rs | 4 +- creusot/src/backend/ty.rs | 61 +++++-- creusot/tests/should_succeed/duration.coma | 171 +++++++++++++----- .../should_succeed/duration/why3session.xml | 2 +- .../should_succeed/duration/why3shapes.gz | Bin 551 -> 555 bytes prelude/int.coma | 10 +- 7 files changed, 182 insertions(+), 74 deletions(-) diff --git a/creusot-deps.opam b/creusot-deps.opam index 7cd9f6443c..32fd48c86d 100644 --- a/creusot-deps.opam +++ b/creusot-deps.opam @@ -4,8 +4,8 @@ opam-version: "2.0" maintainer: "Armaël Guéneau " authors: "the creusot authors" depends: [ - "why3" {= "git-ec97"} - "why3-ide" {= "git-ec97" & !?in-creusot-ci} + "why3" {= "git-fd81"} + "why3-ide" {= "git-fd81" & !?in-creusot-ci} # optional dependencies of why3 "ocamlgraph" "camlzip" @@ -14,6 +14,6 @@ depends: [ # When updating the hash and git-XXX below, don't forget to update them in the # depends: field above! pin-depends: [ - [ "why3.git-ec97" "git+https://gitlab.inria.fr/why3/why3.git#ec97d9abc" ] - [ "why3-ide.git-ec97" "git+https://gitlab.inria.fr/why3/why3.git#ec97d9abc" ] + [ "why3.git-fd81" "git+https://gitlab.inria.fr/why3/why3.git#ec97d9abc" ] + [ "why3-ide.git-fd81" "git+https://gitlab.inria.fr/why3/why3.git#ec97d9abc" ] ] diff --git a/creusot/src/backend/term.rs b/creusot/src/backend/term.rs index 4e26da84df..a29db47969 100644 --- a/creusot/src/backend/term.rs +++ b/creusot/src/backend/term.rs @@ -331,11 +331,11 @@ pub(crate) fn lower_literal<'tcx, N: Namer<'tcx>>( match *lit { Literal::Integer(i) => Constant::Int(i, None).into(), Literal::MachSigned(u, intty) => { - let why_ty = intty_to_ty(names, intty); + let why_ty = intty_to_ty(names, &intty); Constant::Int(u, Some(why_ty)).into() } Literal::MachUnsigned(u, uty) => { - let why_ty = uintty_to_ty(names, uty); + let why_ty = uintty_to_ty(names, &uty); Constant::Uint(u, Some(why_ty)).into() } diff --git a/creusot/src/backend/ty.rs b/creusot/src/backend/ty.rs index a0124e5e54..dcf5bc8325 100644 --- a/creusot/src/backend/ty.rs +++ b/creusot/src/backend/ty.rs @@ -1,6 +1,6 @@ use crate::{ backend::{ - program::{floatty_to_prelude, int_to_prelude, uint_to_prelude}, + program::floatty_to_prelude, Why3Generator, }, contracts_items::{get_builtin, get_int_ty, is_int_ty, is_logic, is_trusted}, @@ -10,7 +10,7 @@ use rustc_hir::{def::DefKind, def_id::DefId}; use rustc_middle::ty::{AliasTy, AliasTyKind, GenericArgsRef, ParamEnv, Ty, TyCtxt, TyKind}; use rustc_span::{Span, DUMMY_SP}; use rustc_target::{abi::VariantIdx, spec::HasTargetSpec}; -use rustc_type_ir::{FloatTy, IntTy, TyKind::*, UintTy}; +use rustc_type_ir::{FloatTy, TyKind::*}; use why3::{ declaration::{AdtDecl, ConstructorDecl, Decl, FieldDecl, SumRecord, TyDecl}, exp::{Exp, Trigger}, @@ -31,8 +31,8 @@ pub(crate) fn translate_ty<'tcx, N: Namer<'tcx>>( names.import_prelude_module(PreludeModule::Char); MlT::Char } - Int(ity) => intty_to_ty(names, *ity), - Uint(uity) => uintty_to_ty(names, *uity), + Int(ity) => intty_to_ty(names, ity), + Uint(uity) => uintty_to_ty(names, uity), Float(flty) => floatty_to_ty(names, *flty), Adt(def, s) => { if def.is_box() { @@ -342,6 +342,51 @@ pub(crate) fn constructor<'tcx, N: Namer<'tcx>>( } } + +pub(crate) fn concret_intty(ity: rustc_middle::ty::IntTy, pointer_width: u32) -> rustc_middle::ty::IntTy { + use rustc_middle::ty::IntTy::*; + + fn int_ty (ity: rustc_middle::ty::IntTy, pointer_width: u32) -> rustc_middle::ty::IntTy { + match ity { + Isize => { + match pointer_width { + 8 => int_ty(I8, pointer_width), + 16 =>int_ty(I16, pointer_width), + 32 =>int_ty(I32, pointer_width), + 64 =>int_ty(I64, pointer_width), + 128 =>int_ty(I128, pointer_width), + w => panic!("concret_intty unknwon pointer width for isize: {w}"), + } + } + i => i + } + } + + int_ty(ity, pointer_width) +} + +pub(crate) fn concret_uintty(uty: rustc_middle::ty::UintTy, pointer_width: u32) -> rustc_middle::ty::UintTy { + use rustc_middle::ty::UintTy::*; + + fn uint_ty (uty: rustc_middle::ty::UintTy, pointer_width: u32) -> rustc_middle::ty::UintTy { + match uty { + Usize => { + match pointer_width { + 8 => uint_ty(U8, pointer_width), + 16 =>uint_ty(U16, pointer_width), + 32 =>uint_ty(U32, pointer_width), + 64 =>uint_ty(U64, pointer_width), + 128 =>uint_ty(U128, pointer_width), + w => panic!("concret_uintty unknwon pointer width for usize: {w}"), + } + } + i => i + } + } + + uint_ty(uty, pointer_width) +} + pub(crate) fn intty_to_ty<'tcx, N: Namer<'tcx>>( names: &mut N, ity: &rustc_middle::ty::IntTy, @@ -455,14 +500,6 @@ pub fn int_ty<'tcx, N: Namer<'tcx>>(ctx: &mut Why3Generator<'tcx>, names: &mut N translate_ty(ctx, names, DUMMY_SP, ty) } -pub(crate) fn double_ty() -> MlT { - MlT::TConstructor(QName::from_string("Float64.t")) -} - -pub(crate) fn single_ty() -> MlT { - MlT::TConstructor(QName::from_string("Float32.t")) -} - pub(crate) fn u8_ty() -> MlT { MlT::TConstructor(QName::from_string("UInt8.t")) } diff --git a/creusot/tests/should_succeed/duration.coma b/creusot/tests/should_succeed/duration.coma index 35427bbaef..c97197321e 100644 --- a/creusot/tests/should_succeed/duration.coma +++ b/creusot/tests/should_succeed/duration.coma @@ -75,7 +75,23 @@ module M_duration__test_duration [#"duration.rs" 7 0 7 22] let%span stime73 = "../../../creusot-contracts/src/std/time.rs" 36 4 36 21 let%span stime74 = "../../../creusot-contracts/src/std/time.rs" 31 4 31 17 let%span soption75 = "../../../creusot-contracts/src/std/option.rs" 11 8 14 9 - let%span stime76 = "../../../creusot-contracts/src/std/time.rs" 24 8 24 19 + let%span sord76 = "../../../creusot-contracts/src/logic/ord.rs" 78 39 78 89 + let%span sord77 = "../../../creusot-contracts/src/logic/ord.rs" 83 39 83 86 + let%span sord78 = "../../../creusot-contracts/src/logic/ord.rs" 88 39 88 86 + let%span sord79 = "../../../creusot-contracts/src/logic/ord.rs" 93 39 93 89 + let%span sord80 = "../../../creusot-contracts/src/logic/ord.rs" 98 39 98 70 + let%span sord81 = "../../../creusot-contracts/src/logic/ord.rs" 103 40 103 57 + let%span sord82 = "../../../creusot-contracts/src/logic/ord.rs" 104 40 104 57 + let%span sord83 = "../../../creusot-contracts/src/logic/ord.rs" 105 39 105 56 + let%span sord84 = "../../../creusot-contracts/src/logic/ord.rs" 110 40 110 70 + let%span sord85 = "../../../creusot-contracts/src/logic/ord.rs" 111 39 111 72 + let%span sord86 = "../../../creusot-contracts/src/logic/ord.rs" 116 40 116 73 + let%span sord87 = "../../../creusot-contracts/src/logic/ord.rs" 117 39 117 69 + let%span sord88 = "../../../creusot-contracts/src/logic/ord.rs" 122 39 122 84 + let%span stime89 = "../../../creusot-contracts/src/std/time.rs" 24 8 24 19 + let%span sord90 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.UInt64 @@ -85,8 +101,6 @@ module M_duration__test_duration [#"duration.rs" 7 0 7 22] use prelude.prelude.UInt32 - use prelude.prelude.Int - function nanos_to_secs'0 (nanos : int) : int = [%#stime70] div nanos 1000000000 @@ -96,17 +110,17 @@ module M_duration__test_duration [#"duration.rs" 7 0 7 22] [%#stime71] secs * 1000000000 type t_Nanoseconds'0 = - { t_Nanoseconds__0'0: uint32 } + { t_Nanoseconds__0'0: UInt32.t } type t_Duration'0 = - { t_Duration__secs'0: uint64; t_Duration__nanos'0: t_Nanoseconds'0 } + { t_Duration__secs'0: UInt64.t; t_Duration__nanos'0: t_Nanoseconds'0 } function view'0 (self : t_Duration'0) : int axiom view'0_spec : forall self : t_Duration'0 . [%#stime44] view'0 self >= 0 - /\ view'0 self <= secs_to_nanos'0 (UInt64.to_int (v_MAX'0 : uint64)) + 999999999 + /\ view'0 self <= secs_to_nanos'0 (UInt64.to_int (v_MAX'0 : UInt64.t)) + 999999999 - let rec new'0 (secs:uint64) (nanos:uint32) (return' (ret:t_Duration'0))= {[@expl:new requires] [%#stime42] UInt64.to_int secs + let rec new'0 (secs:UInt64.t) (nanos:UInt32.t) (return' (ret:t_Duration'0))= {[@expl:new requires] [%#stime42] UInt64.to_int secs + nanos_to_secs'0 (UInt32.to_int nanos) <= UInt64.to_int (v_MAX'0 : UInt64.t)} any @@ -124,27 +138,27 @@ module M_duration__test_duration [#"duration.rs" 7 0 7 22] use prelude.prelude.UInt128 - let rec as_nanos'0 (self:t_Duration'0) (return' (ret:uint128))= any - [ return' (result:uint128)-> {[%#stime45] UInt128.to_int result = view'1 self} - {[%#stime46] UInt128.to_int result <= secs_to_nanos'0 (UInt64.to_int (v_MAX'0 : uint64)) + 999999999} + let rec as_nanos'0 (self:t_Duration'0) (return' (ret:UInt128.t))= any + [ return' (result:UInt128.t)-> {[%#stime45] UInt128.to_int result = view'1 self} + {[%#stime46] UInt128.to_int result <= secs_to_nanos'0 (UInt64.to_int (v_MAX'0 : UInt64.t)) + 999999999} (! return' {result}) ] - let rec from_secs'0 (secs:uint64) (return' (ret:t_Duration'0))= any + let rec from_secs'0 (secs:UInt64.t) (return' (ret:t_Duration'0))= any [ return' (result:t_Duration'0)-> {[%#stime47] view'0 result = secs_to_nanos'0 (UInt64.to_int secs)} (! return' {result}) ] - let rec from_millis'0 (millis:uint64) (return' (ret:t_Duration'0))= any + let rec from_millis'0 (millis:UInt64.t) (return' (ret:t_Duration'0))= any [ return' (result:t_Duration'0)-> {[%#stime48] view'0 result = UInt64.to_int millis * 1000000} (! return' {result}) ] - let rec from_micros'0 (micros:uint64) (return' (ret:t_Duration'0))= any + let rec from_micros'0 (micros:UInt64.t) (return' (ret:t_Duration'0))= any [ return' (result:t_Duration'0)-> {[%#stime49] view'0 result = UInt64.to_int micros * 1000} (! return' {result}) ] - let rec from_nanos'0 (nanos:uint64) (return' (ret:t_Duration'0))= any + let rec from_nanos'0 (nanos:UInt64.t) (return' (ret:t_Duration'0))= any [ return' (result:t_Duration'0)-> {[%#stime50] view'0 result = UInt64.to_int nanos} (! return' {result}) ] @@ -154,42 +168,99 @@ module M_duration__test_duration [#"duration.rs" 7 0 7 22] (! return' {result}) ] - let rec as_secs'0 (self:t_Duration'0) (return' (ret:uint64))= any - [ return' (result:uint64)-> {[%#stime52] UInt64.to_int result = nanos_to_secs'0 (view'1 self)} + let rec as_secs'0 (self:t_Duration'0) (return' (ret:UInt64.t))= any + [ return' (result:UInt64.t)-> {[%#stime52] UInt64.to_int result = nanos_to_secs'0 (view'1 self)} (! return' {result}) ] function nanos_to_millis'0 (nanos : int) : int = [%#stime73] div nanos 1000000 - let rec subsec_millis'0 (self:t_Duration'0) (return' (ret:uint32))= any - [ return' (result:uint32)-> {[%#stime53] UInt32.to_int result = mod (nanos_to_millis'0 (view'1 self)) 1000} - {[%#stime54] result < (1000 : uint32)} + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 + + use prelude.prelude.UInt32 + + function cmp_log'0 (self : UInt32.t) (o : UInt32.t) : t_Ordering'0 = + [%#sord90] if UInt32.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + + function eq_cmp'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom eq_cmp'0_spec : forall x : UInt32.t, y : UInt32.t . [%#sord88] (x = y) = (cmp_log'0 x y = C_Equal'0) + + function antisym2'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom antisym2'0_spec : forall x : UInt32.t, y : UInt32.t . ([%#sord86] cmp_log'0 x y = C_Greater'0) + -> ([%#sord87] cmp_log'0 y x = C_Less'0) + + function antisym1'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom antisym1'0_spec : forall x : UInt32.t, y : UInt32.t . ([%#sord84] cmp_log'0 x y = C_Less'0) + -> ([%#sord85] cmp_log'0 y x = C_Greater'0) + + function trans'0 (x : UInt32.t) (y : UInt32.t) (z : UInt32.t) (o : t_Ordering'0) : () + + axiom trans'0_spec : forall x : UInt32.t, y : UInt32.t, z : UInt32.t, o : t_Ordering'0 . ([%#sord81] cmp_log'0 x y + = o) -> ([%#sord82] cmp_log'0 y z = o) -> ([%#sord83] cmp_log'0 x z = o) + + function refl'0 (x : UInt32.t) : () + + axiom refl'0_spec : forall x : UInt32.t . [%#sord80] cmp_log'0 x x = C_Equal'0 + + use prelude.prelude.UInt32 + + function cmp_gt_log'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom cmp_gt_log'0_spec : forall x : UInt32.t, y : UInt32.t . [%#sord79] UInt32.ugt x y + = (cmp_log'0 x y = C_Greater'0) + + use prelude.prelude.UInt32 + + function cmp_ge_log'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom cmp_ge_log'0_spec : forall x : UInt32.t, y : UInt32.t . [%#sord78] UInt32.uge x y = (cmp_log'0 x y <> C_Less'0) + + function cmp_lt_log'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom cmp_lt_log'0_spec : forall x : UInt32.t, y : UInt32.t . [%#sord77] UInt32.ult x y = (cmp_log'0 x y = C_Less'0) + + use prelude.prelude.UInt32 + + function cmp_le_log'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom cmp_le_log'0_spec : forall x : UInt32.t, y : UInt32.t . [%#sord76] UInt32.ule x y + = (cmp_log'0 x y <> C_Greater'0) + + let rec subsec_millis'0 (self:t_Duration'0) (return' (ret:UInt32.t))= any + [ return' (result:UInt32.t)-> {[%#stime53] UInt32.to_int result = mod (nanos_to_millis'0 (view'1 self)) 1000} + {[%#stime54] UInt32.ult result (1000 : UInt32.t)} (! return' {result}) ] function nanos_to_micros'0 (nanos : int) : int = [%#stime74] div nanos 1000 - let rec subsec_micros'0 (self:t_Duration'0) (return' (ret:uint32))= any - [ return' (result:uint32)-> {[%#stime55] UInt32.to_int result = mod (nanos_to_micros'0 (view'1 self)) 1000000} - {[%#stime56] result < (1000000 : uint32)} + let rec subsec_micros'0 (self:t_Duration'0) (return' (ret:UInt32.t))= any + [ return' (result:UInt32.t)-> {[%#stime55] UInt32.to_int result = mod (nanos_to_micros'0 (view'1 self)) 1000000} + {[%#stime56] UInt32.ult result (1000000 : UInt32.t)} (! return' {result}) ] - let rec subsec_nanos'0 (self:t_Duration'0) (return' (ret:uint32))= any - [ return' (result:uint32)-> {[%#stime57] UInt32.to_int result = mod (view'1 self) 1000000000} - {[%#stime58] result < (1000000000 : uint32)} + let rec subsec_nanos'0 (self:t_Duration'0) (return' (ret:UInt32.t))= any + [ return' (result:UInt32.t)-> {[%#stime57] UInt32.to_int result = mod (view'1 self) 1000000000} + {[%#stime58] UInt32.ult result (1000000000 : UInt32.t)} (! return' {result}) ] - let rec as_millis'0 (self:t_Duration'0) (return' (ret:uint128))= any - [ return' (result:uint128)-> {[%#stime59] UInt128.to_int result = nanos_to_millis'0 (view'1 self)} + let rec as_millis'0 (self:t_Duration'0) (return' (ret:UInt128.t))= any + [ return' (result:UInt128.t)-> {[%#stime59] UInt128.to_int result = nanos_to_millis'0 (view'1 self)} (! return' {result}) ] - let rec as_micros'0 (self:t_Duration'0) (return' (ret:uint128))= any - [ return' (result:uint128)-> {[%#stime60] UInt128.to_int result = nanos_to_micros'0 (view'1 self)} + let rec as_micros'0 (self:t_Duration'0) (return' (ret:UInt128.t))= any + [ return' (result:UInt128.t)-> {[%#stime60] UInt128.to_int result = nanos_to_micros'0 (view'1 self)} (! return' {result}) ] @@ -202,7 +273,7 @@ module M_duration__test_duration [#"duration.rs" 7 0 7 22] | C_Some'0 int function deep_model'1 (self : t_Duration'0) : int = - [%#stime76] view'0 self + [%#stime89] view'0 self function deep_model'0 (self : t_Option'0) : t_Option'1 = [%#soption75] match self with @@ -212,8 +283,8 @@ module M_duration__test_duration [#"duration.rs" 7 0 7 22] let rec checked_add'0 (self:t_Duration'0) (rhs:t_Duration'0) (return' (ret:t_Option'0))= any [ return' (result:t_Option'0)-> {[%#stime61] nanos_to_secs'0 (view'0 self + view'0 rhs) - > UInt64.to_int (v_MAX'0 : uint64) -> result = C_None'0} - {[%#stime62] nanos_to_secs'0 (view'0 self + view'0 rhs) <= UInt64.to_int (v_MAX'0 : uint64) + > UInt64.to_int (v_MAX'0 : UInt64.t) -> result = C_None'0} + {[%#stime62] nanos_to_secs'0 (view'0 self + view'0 rhs) <= UInt64.to_int (v_MAX'0 : UInt64.t) -> deep_model'0 result = C_Some'0 (view'0 self + view'0 rhs)} (! return' {result}) ] @@ -234,23 +305,23 @@ module M_duration__test_duration [#"duration.rs" 7 0 7 22] (! return' {result}) ] - let rec checked_mul'0 (self:t_Duration'0) (rhs:uint32) (return' (ret:t_Option'0))= any + let rec checked_mul'0 (self:t_Duration'0) (rhs:UInt32.t) (return' (ret:t_Option'0))= any [ return' (result:t_Option'0)-> {[%#stime65] nanos_to_secs'0 (view'0 self * UInt32.to_int rhs) - > UInt64.to_int (v_MAX'0 : uint64) -> result = C_None'0} - {[%#stime66] nanos_to_secs'0 (view'0 self * UInt32.to_int rhs) <= UInt64.to_int (v_MAX'0 : uint64) + > UInt64.to_int (v_MAX'0 : UInt64.t) -> result = C_None'0} + {[%#stime66] nanos_to_secs'0 (view'0 self * UInt32.to_int rhs) <= UInt64.to_int (v_MAX'0 : UInt64.t) -> deep_model'0 result = C_Some'0 (view'0 self * UInt32.to_int rhs)} (! return' {result}) ] - let rec checked_div'0 (self:t_Duration'0) (rhs:uint32) (return' (ret:t_Option'0))= any - [ return' (result:t_Option'0)-> {[%#stime67] rhs = (0 : uint32) -> result = C_None'0} - {[%#stime68] rhs <> (0 : uint32) -> deep_model'0 result = C_Some'0 (div (view'0 self) (UInt32.to_int rhs))} + let rec checked_div'0 (self:t_Duration'0) (rhs:UInt32.t) (return' (ret:t_Option'0))= any + [ return' (result:t_Option'0)-> {[%#stime67] rhs = (0 : UInt32.t) -> result = C_None'0} + {[%#stime68] rhs <> (0 : UInt32.t) -> deep_model'0 result = C_Some'0 (div (view'0 self) (UInt32.to_int rhs))} (! return' {result}) ] let rec add'0 (self:t_Duration'0) (rhs:t_Duration'0) (return' (ret:t_Duration'0))= {[@expl:add requires] [%#stime69] view'0 self + view'0 rhs - <= secs_to_nanos'0 (UInt64.to_int (v_MAX'0 : uint64)) + 999999999} + <= secs_to_nanos'0 (UInt64.to_int (v_MAX'0 : UInt64.t)) + 999999999} any [ return' (result:t_Duration'0)-> {[%#stime69] view'0 self + view'0 rhs = view'0 result} (! return' {result}) ] let rec sub'0 (self:t_Duration'0) (rhs:t_Duration'0) (return' (ret:t_Duration'0))= {[@expl:sub requires] [%#stime69] view'0 self @@ -264,7 +335,7 @@ module M_duration__test_duration [#"duration.rs" 7 0 7 22] let rec test_duration'0 (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 - [ s0 = new'0 {[%#sduration0] (0 : uint64)} {[%#sduration1] (0 : uint32)} + [ s0 = new'0 {[%#sduration0] (0 : UInt64.t)} {[%#sduration1] (0 : UInt32.t)} (fun (_ret':t_Duration'0) -> [ &zero <- _ret' ] s1) | s1 = bb1 ] @@ -278,27 +349,27 @@ module M_duration__test_duration [#"duration.rs" 7 0 7 22] | s1 = any [ br0 -> {_5 = false} (! bb4) | br1 -> {_5} (! bb3) ] ] | bb3 = s0 - [ s0 = new'0 {[%#sduration4] (18446744073709551615 : uint64)} {[%#sduration5] (999999999 : uint32)} + [ s0 = new'0 {[%#sduration4] (18446744073709551615 : UInt64.t)} {[%#sduration5] (999999999 : UInt32.t)} (fun (_ret':t_Duration'0) -> [ &max <- _ret' ] s1) | s1 = bb5 ] | bb5 = s0 - [ s0 = from_secs'0 {[%#sduration6] (1 : uint64)} (fun (_ret':t_Duration'0) -> [ &d_secs <- _ret' ] s1) + [ s0 = from_secs'0 {[%#sduration6] (1 : UInt64.t)} (fun (_ret':t_Duration'0) -> [ &d_secs <- _ret' ] s1) | s1 = bb6 ] | bb6 = s0 [ s0 = {[@expl:assertion] [%#sduration7] view'0 d_secs = 1000000000} s1 - | s1 = from_millis'0 {[%#sduration8] (1 : uint64)} (fun (_ret':t_Duration'0) -> [ &d_millis <- _ret' ] s2) + | s1 = from_millis'0 {[%#sduration8] (1 : UInt64.t)} (fun (_ret':t_Duration'0) -> [ &d_millis <- _ret' ] s2) | s2 = bb7 ] | bb7 = s0 [ s0 = {[@expl:assertion] [%#sduration9] view'0 d_millis = 1000000} s1 - | s1 = from_micros'0 {[%#sduration10] (1 : uint64)} (fun (_ret':t_Duration'0) -> [ &d_micros <- _ret' ] s2) + | s1 = from_micros'0 {[%#sduration10] (1 : UInt64.t)} (fun (_ret':t_Duration'0) -> [ &d_micros <- _ret' ] s2) | s2 = bb8 ] | bb8 = s0 [ s0 = {[@expl:assertion] [%#sduration11] view'0 d_micros = 1000} s1 - | s1 = from_nanos'0 {[%#sduration12] (1 : uint64)} (fun (_ret':t_Duration'0) -> [ &d_nanos <- _ret' ] s2) + | s1 = from_nanos'0 {[%#sduration12] (1 : UInt64.t)} (fun (_ret':t_Duration'0) -> [ &d_nanos <- _ret' ] s2) | s2 = bb9 ] | bb9 = s0 @@ -378,25 +449,25 @@ module M_duration__test_duration [#"duration.rs" 7 0 7 22] | bb52 = s0 [ s0 = is_some'0 {_98} (fun (_ret':bool) -> [ &_96 <- _ret' ] s1) | s1 = bb53 ] | bb53 = any [ br0 -> {_96 = false} (! bb55) | br1 -> {_96} (! bb54) ] | bb54 = s0 - [ s0 = checked_mul'0 {max} {[%#sduration19] (2 : uint32)} (fun (_ret':t_Option'0) -> [ &_105 <- _ret' ] s1) + [ s0 = checked_mul'0 {max} {[%#sduration19] (2 : UInt32.t)} (fun (_ret':t_Option'0) -> [ &_105 <- _ret' ] s1) | s1 = bb56 ] | bb56 = s0 [ s0 = is_none'0 {_105} (fun (_ret':bool) -> [ &_103 <- _ret' ] s1) | s1 = bb57 ] | bb57 = any [ br0 -> {_103 = false} (! bb59) | br1 -> {_103} (! bb58) ] | bb58 = s0 - [ s0 = checked_mul'0 {d_secs} {[%#sduration20] (10 : uint32)} (fun (_ret':t_Option'0) -> [ &_111 <- _ret' ] s1) + [ s0 = checked_mul'0 {d_secs} {[%#sduration20] (10 : UInt32.t)} (fun (_ret':t_Option'0) -> [ &_111 <- _ret' ] s1) | s1 = bb60 ] | bb60 = s0 [ s0 = is_some'0 {_111} (fun (_ret':bool) -> [ &_109 <- _ret' ] s1) | s1 = bb61 ] | bb61 = any [ br0 -> {_109 = false} (! bb63) | br1 -> {_109} (! bb62) ] | bb62 = s0 - [ s0 = checked_div'0 {d_secs} {[%#sduration21] (0 : uint32)} (fun (_ret':t_Option'0) -> [ &_117 <- _ret' ] s1) + [ s0 = checked_div'0 {d_secs} {[%#sduration21] (0 : UInt32.t)} (fun (_ret':t_Option'0) -> [ &_117 <- _ret' ] s1) | s1 = bb64 ] | bb64 = s0 [ s0 = is_none'0 {_117} (fun (_ret':bool) -> [ &_115 <- _ret' ] s1) | s1 = bb65 ] | bb65 = any [ br0 -> {_115 = false} (! bb67) | br1 -> {_115} (! bb66) ] | bb66 = s0 - [ s0 = checked_div'0 {d_secs} {[%#sduration22] (10 : uint32)} (fun (_ret':t_Option'0) -> [ &_123 <- _ret' ] s1) + [ s0 = checked_div'0 {d_secs} {[%#sduration22] (10 : UInt32.t)} (fun (_ret':t_Option'0) -> [ &_123 <- _ret' ] s1) | s1 = bb68 ] | bb68 = s0 [ s0 = is_some'0 {_123} (fun (_ret':bool) -> [ &_121 <- _ret' ] s1) | s1 = bb69 ] @@ -431,7 +502,7 @@ module M_duration__test_duration [#"duration.rs" 7 0 7 22] [ & _0 : () = any_l () | & zero : t_Duration'0 = any_l () | & _5 : bool = any_l () - | & _6 : uint128 = any_l () + | & _6 : UInt128.t = any_l () | & max : t_Duration'0 = any_l () | & d_secs : t_Duration'0 = any_l () | & d_millis : t_Duration'0 = any_l () diff --git a/creusot/tests/should_succeed/duration/why3session.xml b/creusot/tests/should_succeed/duration/why3session.xml index 95d0c43240..9f81199fdd 100644 --- a/creusot/tests/should_succeed/duration/why3session.xml +++ b/creusot/tests/should_succeed/duration/why3session.xml @@ -7,7 +7,7 @@ - + diff --git a/creusot/tests/should_succeed/duration/why3shapes.gz b/creusot/tests/should_succeed/duration/why3shapes.gz index 16a90912ab568413f162c1e75a1246d2cb69c9e3..ceb525fffa9932a468104155298ef862d8453feb 100644 GIT binary patch literal 555 zcmV+`0@VELNq1b~ZWcx#!m#M)f`))gJ)aT!TGvM+9ET&sA( zgZ0xBjaLJSL$|3ToL}okj=lBJOC+XUkH)APZCsN{%w1nzH`=72ZZ{fjo~uTVz4{2d z;-YNuNV1@TTQ_kGd8HEj!<^!}EL8Jawm!XaGaH6Yn;WGL>Au{k+)6s*Te;U6 zu-RR@mT21m)&nx7^_PWow@6w!wmNcpLTyj=v0u4%;igL(^;tUZN$6rg()v0Qx|opI zjFx16o5RfC&esgu4E(NjH2!4RQ3B8ZSI16@a)+6>%qC_-WIjS>Q)G4vnRNRH{~&gp zw}9Cjf$x`Tc&Won-7_XbU^)UOQ()2qKRN^Nu2f>KsHgUa`gdyo4?Iubvp^xvw=aZp t5<<8Q7h8A3!I6&xfw90yL}DShV1f!FLZMZGygyuT*b!I;007_s7i9nd literal 551 zcmV+?0@(c@iwFP!00000|D9C9j+-zLz4H~hrOm362e3)1%}P;KYNR%oR#tClLY!?R z0wIu8{re7vfFar4s))mQ{NBuaW6ZnRr2K_PT~03gRPOWa<3vnm@13f^eRi2L#lmag z;1ZL=F;4SmT7q)%Q~bF&V_M*{UWP+}uRH>L)nyqC@}BZ3|K+5y(x(weDBkZ4X^&Xda+3Vi~a~VEhsgp9U@;JjRFQ*JC+-DVD;%}>;Q@}1@~zg#_>gaPYH)=3o*y)B_m@s1 zZxsQN>RyH$nu^R)!&)^}(eGRp^o z6+D{ejb&5PSiaAX>XZAgR%Svxu-pc%+d3Au* Date: Thu, 28 Nov 2024 14:35:21 +0100 Subject: [PATCH 09/15] try test --- creusot-contracts/src/logic/ord.rs | 50 +++++++++++++++++--------- creusot-contracts/src/std/num.rs | 57 +++++++++++++++++++++++++----- creusot/src/backend/place.rs | 8 ++--- creusot/src/backend/program.rs | 16 +++++++-- creusot/src/backend/ty.rs | 27 ++++++++++++++ prelude/prelude.coma | 48 +++++++++++++++++++++++++ 6 files changed, 175 insertions(+), 31 deletions(-) diff --git a/creusot-contracts/src/logic/ord.rs b/creusot-contracts/src/logic/ord.rs index b9342465f7..fe1a8951bd 100644 --- a/creusot-contracts/src/logic/ord.rs +++ b/creusot-contracts/src/logic/ord.rs @@ -175,8 +175,8 @@ macro_rules! ord_logic_impl { }; } - -macro_rules! ord_logic_impl_test_laurent { +// laurent voir si on garde ord_logic_impl_with_signed et ord_logic_impl_with_signed_symbol. +macro_rules! ord_logic_impl_with_signed_symbol { ($t:ty, $module:literal, $signed_sym:expr) => { impl OrdLogic for $t { #[logic] @@ -228,27 +228,45 @@ macro_rules! ord_logic_impl_test_laurent { }; } +macro_rules! ord_logic_unsigned_impl { + ($t:ty, $module:literal) => { + ord_logic_impl_with_signed_symbol!($t, $module, "u"); + } +} + + +macro_rules! ord_logic_signed_impl { + ($t:ty, $module:literal) => { + ord_logic_impl_with_signed_symbol!($t, $module, "s"); + } +} + ord_logic_impl!(Int, "int.Int"); -ord_logic_impl!(u8, "int.Int"); -ord_logic_impl!(u16, "int.Int"); -ord_logic_impl_test_laurent!(u32, "prelude.prelude.UInt32", "u"); -ord_logic_impl!(u64, "int.Int"); -ord_logic_impl!(u128, "int.Int"); -ord_logic_impl!(usize, "int.Int"); +ord_logic_unsigned_impl!(u8, "prelude.prelude.UInt8"); +ord_logic_unsigned_impl!(u16, "prelude.prelude.UInt16"); +ord_logic_unsigned_impl!(u32, "prelude.prelude.UInt32"); +ord_logic_unsigned_impl!(u64, "prelude.prelude.UInt64"); +ord_logic_unsigned_impl!(u128, "prelude.prelude.UInt128"); +#[cfg(target_pointer_width = "64")] +ord_logic_unsigned_impl!(usize, "prelude.prelude.UInt64"); +#[cfg(target_pointer_width = "32")] +ord_logic_unsigned_impl!(usize, "prelude.prelude.UInt32"); +#[cfg(target_pointer_width = "16")] +ord_logic_unsigned_impl!(usize, "prelude.prelude.UInt16"); -ord_logic_impl!(i8, "int.Int"); -ord_logic_impl!(i16, "int.Int"); -ord_logic_impl!(i32, "int.Int"); -ord_logic_impl!(i64, "int.Int"); -ord_logic_impl!(i128, "int.Int"); +ord_logic_signed_impl!(i8, "prelude.prelude.Int8"); +ord_logic_signed_impl!(i16, "prelude.prelude.Int16"); +ord_logic_signed_impl!(i32, "prelude.prelude.Int32"); +ord_logic_signed_impl!(i64, "prelude.prelude.Int64"); +ord_logic_signed_impl!(i128, "prelude.prelude.Int128"); #[cfg(target_pointer_width = "64")] -ord_logic_impl!(isize, "UInt64"); +ord_logic_signed_impl!(isize, "prelude.prelude.Int64"); #[cfg(target_pointer_width = "32")] -ord_logic_impl!(isize, "UInt32"); +ord_logic_signed_impl!(isize, "prelude.prelude.Int32"); #[cfg(target_pointer_width = "16")] -ord_logic_impl!(isize, "UInt16"); +ord_logic_signed_impl!(isize, "prelude.prelude.Int16"); impl OrdLogic for bool { #[open] diff --git a/creusot-contracts/src/std/num.rs b/creusot-contracts/src/std/num.rs index 3801e3c07a..5dc8dfbe8f 100644 --- a/creusot-contracts/src/std/num.rs +++ b/creusot-contracts/src/std/num.rs @@ -32,21 +32,62 @@ macro_rules! mach_int { }; } -mach_int!(u8, "prelude.prelude.UInt8", 0u8); -mach_int!(u16, "prelude.prelude.UInt16", 0u16); -mach_int!(u32, "prelude.prelude.UInt32", 0u32); -mach_int!(u64, "prelude.prelude.UInt64", 0u64); -mach_int!(u128, "prelude.prelude.UInt128", 0u128); +macro_rules! mach_uint { // TODO laurent factoriser avec mach_int + ($t:ty, $ty_nm:expr, $zero:expr) => { + impl View for $t { + type ViewTy = Int; + #[logic] + #[trusted] + #[creusot::builtins = concat!($ty_nm, ".to_uint")] + fn view(self) -> Self::ViewTy { + dead + } + } + + impl DeepModel for $t { + type DeepModelTy = Int; + #[logic] + #[open] + fn deep_model(self) -> Self::DeepModelTy { + pearlite! { self@ } + } + } + + impl Default for $t { + #[predicate] + #[open] + fn is_default(self) -> bool { + pearlite! { self == $zero } + } + } + }; +} + +mach_uint!(u8, "prelude.prelude.UInt8", 0u8); +mach_uint!(u16, "prelude.prelude.UInt16", 0u16); +mach_uint!(u32, "prelude.prelude.UInt32", 0u32); +mach_uint!(u64, "prelude.prelude.UInt64", 0u64); +mach_uint!(u128, "prelude.prelude.UInt128", 0u128); // mach_int!(usize, "prelude.prelude.UIntSize.to_uint", 0usize); -mach_int!(usize, "prelude.prelude.UInt64", 0usize); // TODO laurent +#[cfg(target_pointer_width = "64")] +mach_uint!(usize, "prelude.prelude.UInt64", 0usize); // laurent voir si on garde 0usize +#[cfg(target_pointer_width = "32")] +mach_uint!(usize, "prelude.prelude.UInt64", 0usize); // laurent voir si on garde 0usize +#[cfg(target_pointer_width = "16")] +mach_uint!(usize, "prelude.prelude.UInt64", 0usize); // laurent voir si on garde 0usize mach_int!(i8, "prelude.prelude.Int8", 0i8); mach_int!(i16, "prelude.prelude.Int16", 0i16); mach_int!(i32, "prelude.prelude.Int32", 0i32); mach_int!(i64, "prelude.prelude.Int64", 0i64); mach_int!(i128, "prelude.prelude.Int128", 0i128); -// mach_int!(isize, "prelude.prelude.IntSize.to_int", 0isize); -mach_int!(isize, "prelude.prelude.Int64", 0isize); // TODO laurent +#[cfg(target_pointer_width = "64")] +mach_int!(isize, "prelude.prelude.Int64", 0isize); // laurent voir si on garde 0isize +#[cfg(target_pointer_width = "32")] +mach_int!(isize, "prelude.prelude.Int64", 0isize); // laurent voir si on garde 0isize +#[cfg(target_pointer_width = "16")] +mach_int!(isize, "prelude.prelude.Int64", 0isize); // laurent voir si on garde 0isize + /// Adds specifications for checked, wrapping, saturating, and overflowing operations on the given /// integer type diff --git a/creusot/src/backend/place.rs b/creusot/src/backend/place.rs index 9342c666d9..37e14ac8e7 100644 --- a/creusot/src/backend/place.rs +++ b/creusot/src/backend/place.rs @@ -1,4 +1,4 @@ -use crate::{backend::Namer, fmir::Place, naming::ident_of}; +use crate::{backend::{ty::{slice_get_qname, slice_set_qname}, Namer}, fmir::Place, naming::ident_of}; use rustc_middle::{ mir::{self, tcx::PlaceTy, ProjectionElem}, ty::{self, Ty, TyCtxt, TyKind}, @@ -11,7 +11,7 @@ use why3::{ Exp::{self, *}, Pattern::*, }, - Ident, QName, + Ident, }; use super::program::{IntermediateStmt, LoweringState}; @@ -218,7 +218,7 @@ pub(crate) fn projections_to_expr<'tcx, 'a, N: Namer<'tcx>>( let foc = focus.call(is); is.push(IntermediateStmt::Call( vec![Param::Term(result.clone(), elt_ty1.clone())], - Expr::Symbol(QName::from_string("Slice.get")), + Expr::Symbol(slice_get_qname()), vec![Arg::Ty(elt_ty1), Arg::Term(foc), Arg::Term(ix_exp1)], )); @@ -232,7 +232,7 @@ pub(crate) fn projections_to_expr<'tcx, 'a, N: Namer<'tcx>>( is.push(IntermediateStmt::Call( vec![Param::Term(out.clone(), ty)], - Expr::Symbol(QName::from_string("Slice.set")), + Expr::Symbol(slice_set_qname()), vec![Arg::Ty(elt_ty), Arg::Term(foc), Arg::Term(ix_exp), Arg::Term(rhs)], )); constructor(is, Exp::qvar(out.into())) diff --git a/creusot/src/backend/program.rs b/creusot/src/backend/program.rs index 6a188ebeee..8c44b97373 100644 --- a/creusot/src/backend/program.rs +++ b/creusot/src/backend/program.rs @@ -1,4 +1,4 @@ -use self::ty::{concret_intty, concret_uintty}; +use self::ty::{concret_intty, concret_uintty, slice_create_qname}; use crate::{ backend::{ @@ -48,6 +48,8 @@ use why3::{ Ident, QName, }; + + pub(crate) fn translate_function<'tcx, 'sess>( ctx: &mut Why3Generator<'tcx>, def_id: DefId, @@ -347,7 +349,15 @@ impl<'tcx> RValue<'tcx> { // convert the right operand to an logical integer let mut module = prelude.qname(); - module.push_ident("to_int"); + + // todo laurent valider l'approche + match r_ty.kind() { + TyKind::Int(_) => module.push_ident("to_int"), + TyKind::Uint(_) => module.push_ident("to_uint"), + _ => unreachable!("right operande, non-integer type for binary operation {op:?} {ty:?}"), + } + + module = module.without_search_path(); // build the expression for this convertion @@ -518,7 +528,7 @@ impl<'tcx> RValue<'tcx> { Exp::var(id) } RValue::Repeat(e, len) => { - let slice_create = QName::from_string("Slice.create"); + let slice_create = slice_create_qname(); let param_ty = lower.ty(e.ty(lower.ctx.tcx, lower.locals)); let args = vec![ Arg::Ty(param_ty), diff --git a/creusot/src/backend/ty.rs b/creusot/src/backend/ty.rs index dcf5bc8325..4e6e1df836 100644 --- a/creusot/src/backend/ty.rs +++ b/creusot/src/backend/ty.rs @@ -539,3 +539,30 @@ pub(crate) fn i64_ty() -> MlT { pub(crate) fn i128_ty() -> MlT { MlT::TConstructor(QName::from_string("Int128.t")) } + +pub(crate) fn slice_create_qname() -> QName { + #[cfg(target_pointer_width = "64")] + return QName::from_string("Slice64.create"); + #[cfg(target_pointer_width = "32")] + return QName::from_string("Slice32.create"); + #[cfg(target_pointer_width = "16")] + return QName::from_string("Slice16.create"); +} + +pub(crate)fn slice_get_qname() -> QName { + #[cfg(target_pointer_width = "64")] + return QName::from_string("Slice64.get"); + #[cfg(target_pointer_width = "32")] + return QName::from_string("Slice32.get"); + #[cfg(target_pointer_width = "16")] + return QName::from_string("Slice16.get"); +} + +pub(crate) fn slice_set_qname() -> QName { + #[cfg(target_pointer_width = "64")] + return QName::from_string("Slice64.set"); + #[cfg(target_pointer_width = "32")] + return QName::from_string("Slice32.set"); + #[cfg(target_pointer_width = "16")] + return QName::from_string("Slice16.set"); +} \ No newline at end of file diff --git a/prelude/prelude.coma b/prelude/prelude.coma index 0ebbadf39e..86f02d6b1a 100644 --- a/prelude/prelude.coma +++ b/prelude/prelude.coma @@ -34,6 +34,10 @@ module Bool function to_int (b : bool) : int = if b then 1 else 0 +(* + function to_BV256 (x: t) : BV256.t = if b then toBig 1 else toBig 0 + function of_BV256 (x: BV256.t) : t = if b = 0 then false else true + *) end module Borrow @@ -581,6 +585,48 @@ module Snapshot axiom inner_spec [@rewrite]: forall x: snap_ty 't [inner x]. new (inner x) = x end + +module Slic64 + use seq.Seq + use UInt64 + use int.Int + + type slice 'a = + { elts : seq 'a } + invariant { Seq.length elts <= UInt64.to_uint UInt64.max_uint } + axiom slice_ext : + forall x y: slice 'a. x.elts = y.elts -> x = y + + type array 'a = slice 'a + + function length (s : slice 'a) : UInt64.t + axiom spec : forall s : slice 'a . (UInt64.to_uint (length s)) = Seq.length s.elts + + + let get < 'a > (s : slice 'a) (ix : UInt64.t) (ret (res : 'a)) = + { UInt64.to_uint ix < Seq.length s.elts } + ret {Seq.get s.elts (to_int ix)} + + + let set < 'a > (s : slice 'a) (ix : UInt64.t) (v : 'a) + { 0 <= UInt64.to_uint ix < Seq.length s.elts } + (ret (result : slice 'a) + { Seq.length result.elts = Seq.length s.elts } + { result.elts[UInt64.to_uint ix] = v } + { forall j. 0 <= j < Seq.length s.elts /\ j <> UInt64.to_uint ix -> result.elts[j] = s.elts[j] } + ) = any + + + let create < 'a > (len : UInt64.t) (f : int -> 'a) + { 0 <= UInt64.to_uint len } + (ret (result : slice 'a ) + { Seq.length result.elts = UInt64.to_uint len } + { forall i . 0 <= i < UInt64.to_uint len -> result.elts[i] = f i } + ) = any + +end + +(* module Slice use seq.Seq use UInt64 @@ -636,3 +682,5 @@ module Slice *) function id (s : slice 'a) : seq 'a = s.elts end + +*) From 7cfd501f911a4bd45a215fb87637a0da5cd8c44c Mon Sep 17 00:00:00 2001 From: SCHNEIDER Laurent Date: Thu, 28 Nov 2024 16:21:08 +0100 Subject: [PATCH 10/15] try test --- creusot-contracts/src/std/array.rs | 27 +- creusot-contracts/src/std/slice.rs | 20 +- creusot-deps.opam | 10 +- creusot/src/backend/clone_map.rs | 4 +- .../creusot-contracts/creusot-contracts.coma | 3974 ++++++++++------- .../bug/01_resolve_unsoundness.coma | 101 +- .../01_resolve_unsoundness/why3session.xml | 28 +- .../bug/01_resolve_unsoundness/why3shapes.gz | Bin 619 -> 837 bytes creusot/tests/should_fail/bug/222.coma | 4 - creusot/tests/should_fail/bug/492.coma | 49 +- .../tests/should_fail/bug/492/why3session.xml | 12 +- .../tests/should_fail/bug/492/why3shapes.gz | Bin 460 -> 459 bytes creusot/tests/should_fail/bug/692.coma | 178 +- .../tests/should_fail/bug/692/why3session.xml | 6 +- .../tests/should_fail/bug/692/why3shapes.gz | Bin 791 -> 983 bytes creusot/tests/should_fail/bug/695.coma | 181 +- creusot/tests/should_fail/bug/878.coma | 116 +- creusot/tests/should_fail/bug/specialize.coma | 44 +- creusot/tests/should_fail/bug/subregion.coma | 8 +- creusot/tests/should_fail/final_borrows.coma | 29 +- .../traits/17_impl_refinement.coma | 42 +- .../should_fail/type_invariants/borrows.coma | 301 +- creusot/tests/should_succeed/100doors.coma | 101 +- .../should_succeed/100doors/why3session.xml | 2 +- .../should_succeed/100doors/why3shapes.gz | Bin 571 -> 595 bytes creusot/tests/should_succeed/all_zero.coma | 36 +- .../should_succeed/all_zero/why3session.xml | 2 +- .../should_succeed/all_zero/why3shapes.gz | Bin 396 -> 398 bytes creusot/tests/should_succeed/bdd.coma | 1947 +++++--- .../tests/should_succeed/binary_search.coma | 352 +- creusot/tests/should_succeed/bug/168.coma | 10 +- creusot/tests/should_succeed/bug/173.coma | 8 +- .../should_succeed/bug/173/why3session.xml | 4 +- .../should_succeed/bug/173/why3shapes.gz | Bin 114 -> 111 bytes .../tests/should_succeed/bug/181_ident.coma | 18 +- .../bug/181_ident/why3session.xml | 4 +- .../bug/181_ident/why3shapes.gz | Bin 147 -> 158 bytes creusot/tests/should_succeed/bug/206.coma | 36 +- .../should_succeed/bug/206/why3session.xml | 2 +- .../should_succeed/bug/206/why3shapes.gz | Bin 144 -> 145 bytes creusot/tests/should_succeed/bug/256.coma | 16 +- .../should_succeed/bug/256/why3session.xml | 4 +- .../should_succeed/bug/256/why3shapes.gz | Bin 117 -> 153 bytes creusot/tests/should_succeed/bug/258.coma | 12 +- creusot/tests/should_succeed/bug/271.coma | 10 +- creusot/tests/should_succeed/bug/387.coma | 42 +- creusot/tests/should_succeed/bug/395.coma | 26 +- creusot/tests/should_succeed/bug/463.coma | 24 +- .../should_succeed/bug/463/why3session.xml | 6 +- .../should_succeed/bug/463/why3shapes.gz | Bin 182 -> 220 bytes creusot/tests/should_succeed/bug/486.coma | 12 +- .../should_succeed/bug/486/why3session.xml | 4 +- .../should_succeed/bug/486/why3shapes.gz | Bin 137 -> 139 bytes creusot/tests/should_succeed/bug/510.coma | 35 - creusot/tests/should_succeed/bug/510.stderr | 4 +- creusot/tests/should_succeed/bug/511.coma | 72 +- creusot/tests/should_succeed/bug/545.coma | 73 +- creusot/tests/should_succeed/bug/564.coma | 4 + .../should_succeed/bug/564/why3session.xml | 8 +- .../should_succeed/bug/564/why3shapes.gz | Bin 94 -> 94 bytes creusot/tests/should_succeed/bug/570.coma | 10 +- creusot/tests/should_succeed/bug/594.coma | 66 +- .../should_succeed/bug/594/why3session.xml | 12 +- .../should_succeed/bug/594/why3shapes.gz | Bin 140 -> 141 bytes creusot/tests/should_succeed/bug/653.coma | 18 +- creusot/tests/should_succeed/bug/682.coma | 189 +- creusot/tests/should_succeed/bug/691.coma | 6 +- creusot/tests/should_succeed/bug/693.coma | 10 +- .../should_succeed/bug/693/why3session.xml | 6 +- .../should_succeed/bug/693/why3shapes.gz | Bin 144 -> 144 bytes creusot/tests/should_succeed/bug/789.coma | 6 +- creusot/tests/should_succeed/bug/874.coma | 94 +- creusot/tests/should_succeed/bug/922.coma | 176 +- .../should_succeed/bug/922/why3session.xml | 10 +- .../should_succeed/bug/922/why3shapes.gz | Bin 293 -> 293 bytes creusot/tests/should_succeed/bug/949.coma | 34 +- .../should_succeed/bug/949/why3session.xml | 2 +- .../should_succeed/bug/949/why3shapes.gz | Bin 486 -> 548 bytes creusot/tests/should_succeed/bug/991.coma | 22 +- .../bug/box_borrow_resolve.coma | 34 +- .../bug/box_borrow_resolve/why3session.xml | 4 +- .../bug/box_borrow_resolve/why3shapes.gz | Bin 173 -> 173 bytes .../should_succeed/bug/final_borrows.coma | 195 +- .../tests/should_succeed/bug/two_phase.coma | 42 +- .../bug/two_phase/why3session.xml | 2 +- .../bug/two_phase/why3shapes.gz | Bin 259 -> 260 bytes creusot/tests/should_succeed/cell/01.coma | 32 +- creusot/tests/should_succeed/cell/02.coma | 98 +- creusot/tests/should_succeed/checked_ops.coma | 3901 ++++++++-------- creusot/tests/should_succeed/clones/03.coma | 14 +- .../should_succeed/clones/03/why3session.xml | 2 +- .../should_succeed/clones/03/why3shapes.gz | Bin 205 -> 206 bytes creusot/tests/should_succeed/clones/04.coma | 88 +- .../should_succeed/closures/01_basic.coma | 75 +- .../closures/03_generic_bound.coma | 44 +- .../should_succeed/closures/06_fn_specs.coma | 34 +- .../closures/06_fn_specs/why3session.xml | 4 +- .../closures/06_fn_specs/why3shapes.gz | Bin 534 -> 531 bytes .../closures/07_mutable_capture.coma | 64 +- .../07_mutable_capture/why3session.xml | 4 +- .../closures/07_mutable_capture/why3shapes.gz | Bin 394 -> 436 bytes .../closures/08_multiple_calls.coma | 56 +- .../08_multiple_calls/why3session.xml | 2 +- .../closures/08_multiple_calls/why3shapes.gz | Bin 413 -> 412 bytes .../closures/09_fnonce_resolve.coma | 52 +- .../09_fnonce_resolve/why3session.xml | 6 +- .../closures/09_fnonce_resolve/why3shapes.gz | Bin 333 -> 381 bytes .../should_succeed/closures/10_tyinv.coma | 34 +- .../closures/10_tyinv/why3session.xml | 6 +- .../closures/10_tyinv/why3shapes.gz | Bin 348 -> 348 bytes .../closures/11_proof_assert_in_closure.coma | 72 +- .../why3session.xml | 12 +- .../11_proof_assert_in_closure/why3shapes.gz | Bin 461 -> 460 bytes .../closures/12_borrow_instances.coma | 81 +- .../12_borrow_instances/why3session.xml | 4 +- .../12_borrow_instances/why3shapes.gz | Bin 466 -> 467 bytes .../should_succeed/constrained_types.coma | 34 +- .../constrained_types/why3session.xml | 2 +- .../constrained_types/why3shapes.gz | Bin 396 -> 393 bytes creusot/tests/should_succeed/drop_pair.coma | 46 +- .../should_succeed/drop_pair/why3session.xml | 2 +- .../should_succeed/drop_pair/why3shapes.gz | Bin 145 -> 144 bytes creusot/tests/should_succeed/duration.coma | 50 +- .../should_succeed/duration/why3session.xml | 2 +- .../should_succeed/duration/why3shapes.gz | Bin 555 -> 550 bytes .../tests/should_succeed/filter_positive.coma | 196 +- .../should_succeed/ghost/assert_in_ghost.coma | 58 +- .../ghost/assert_in_ghost/why3session.xml | 6 +- .../ghost/assert_in_ghost/why3shapes.gz | Bin 416 -> 413 bytes .../tests/should_succeed/ghost/ghost_map.coma | 141 +- .../ghost/ghost_map/why3session.xml | 2 +- .../ghost/ghost_map/why3shapes.gz | Bin 697 -> 696 bytes .../tests/should_succeed/ghost/ghost_set.coma | 176 +- .../ghost/ghost_set/why3session.xml | 2 +- .../ghost/ghost_set/why3shapes.gz | Bin 421 -> 417 bytes .../tests/should_succeed/ghost/ghost_vec.coma | 296 +- .../tests/should_succeed/ghost/typing.coma | 30 +- .../ghost/typing/why3session.xml | 4 +- .../should_succeed/ghost/typing/why3shapes.gz | Bin 451 -> 452 bytes .../tests/should_succeed/ghost_ptr_token.coma | 156 +- .../ghost_ptr_token/why3session.xml | 2 +- .../ghost_ptr_token/why3shapes.gz | Bin 685 -> 681 bytes creusot/tests/should_succeed/hashmap.coma | 387 +- .../should_succeed/heapsort_generic.coma | 269 +- creusot/tests/should_succeed/hillel.coma | 507 +-- creusot/tests/should_succeed/immut.coma | 20 +- creusot/tests/should_succeed/index_range.coma | 1536 ++++--- .../should_succeed/inferred_invariants.coma | 200 +- .../inferred_invariants/why3session.xml | 6 +- .../inferred_invariants/why3shapes.gz | Bin 1124 -> 1257 bytes .../tests/should_succeed/insertion_sort.coma | 327 +- creusot/tests/should_succeed/instant.coma | 20 +- .../should_succeed/instant/why3session.xml | 2 +- .../should_succeed/instant/why3shapes.gz | Bin 693 -> 687 bytes .../tests/should_succeed/invariant_moves.coma | 24 +- .../invariant_moves/why3session.xml | 2 +- .../invariant_moves/why3shapes.gz | Bin 174 -> 177 bytes .../tests/should_succeed/ite_normalize.coma | 154 +- .../ite_normalize/why3session.xml | 12 +- .../ite_normalize/why3shapes.gz | Bin 954 -> 963 bytes .../should_succeed/iterators/01_range.coma | 718 ++- .../should_succeed/iterators/02_iter_mut.coma | 260 +- .../iterators/03_std_iterators.coma | 1081 +++-- .../should_succeed/iterators/04_skip.coma | 140 +- .../iterators/06_map_precond.coma | 472 +- .../iterators/08_collect_extend.coma | 118 +- .../08_collect_extend/why3session.xml | 8 +- .../iterators/08_collect_extend/why3shapes.gz | Bin 1176 -> 1179 bytes .../iterators/15_enumerate.coma | 178 +- .../should_succeed/iterators/16_take.coma | 90 +- .../should_succeed/iterators/17_filter.coma | 275 +- .../iterators/17_filter/why3session.xml | 36 +- .../iterators/17_filter/why3shapes.gz | Bin 6557 -> 6830 bytes creusot/tests/should_succeed/knapsack.coma | 308 +- .../tests/should_succeed/knapsack_full.coma | 407 +- .../should_succeed/lang/branch_borrow_2.coma | 109 +- creusot/tests/should_succeed/lang/const.coma | 12 +- .../tests/should_succeed/lang/float_ops.coma | 36 +- .../tests/should_succeed/lang/literals.coma | 6 +- .../should_succeed/lang/module_paths.coma | 6 +- .../tests/should_succeed/lang/move_path.coma | 21 +- .../should_succeed/lang/multiple_scopes.coma | 10 +- .../lang/promoted_constants.coma | 46 +- .../lang/promoted_constants/why3session.xml | 8 +- .../lang/promoted_constants/why3shapes.gz | Bin 177 -> 278 bytes creusot/tests/should_succeed/lang/unions.coma | 8 +- .../tests/should_succeed/lang/while_let.coma | 8 +- .../lang/while_let/why3session.xml | 4 +- .../lang/while_let/why3shapes.gz | Bin 162 -> 162 bytes .../tests/should_succeed/list_index_mut.coma | 206 +- .../list_index_mut/why3session.xml | 6 +- .../list_index_mut/why3shapes.gz | Bin 628 -> 760 bytes .../should_succeed/list_reversal_lasso.coma | 811 ++-- creusot/tests/should_succeed/loop.coma | 15 +- .../tests/should_succeed/mapping_test.coma | 18 +- creusot/tests/should_succeed/match_int.coma | 10 +- creusot/tests/should_succeed/mc91.coma | 96 +- creusot/tests/should_succeed/mutex.coma | 52 +- .../tests/should_succeed/one_side_update.coma | 10 +- creusot/tests/should_succeed/open_inv.coma | 24 +- .../should_succeed/open_inv/why3session.xml | 8 +- .../should_succeed/open_inv/why3shapes.gz | Bin 117 -> 184 bytes creusot/tests/should_succeed/option.coma | 1407 +++--- creusot/tests/should_succeed/ord_trait.coma | 14 +- .../should_succeed/ord_trait/why3session.xml | 2 +- .../should_succeed/ord_trait/why3shapes.gz | Bin 408 -> 412 bytes creusot/tests/should_succeed/printing.coma | 18 +- .../should_succeed/projection_toggle.coma | 55 +- .../projection_toggle/why3session.xml | 2 +- .../projection_toggle/why3shapes.gz | Bin 404 -> 478 bytes creusot/tests/should_succeed/projections.coma | 93 +- .../projections/why3session.xml | 8 +- .../should_succeed/projections/why3shapes.gz | Bin 192 -> 191 bytes creusot/tests/should_succeed/prophecy.coma | 15 +- creusot/tests/should_succeed/replace.coma | 4 +- .../tests/should_succeed/resolve_drop.coma | 21 +- .../tests/should_succeed/resolve_uninit.coma | 52 +- .../tests/should_succeed/result/result.coma | 425 +- .../should_succeed/rusthorn/inc_max.coma | 231 +- .../should_succeed/rusthorn/inc_max_3.coma | 299 +- .../should_succeed/rusthorn/inc_max_many.coma | 239 +- .../rusthorn/inc_max_repeat.coma | 300 +- .../rusthorn/inc_some_2_list.coma | 164 +- .../rusthorn/inc_some_2_tree.coma | 176 +- .../rusthorn/inc_some_list.coma | 180 +- .../rusthorn/inc_some_tree.coma | 204 +- .../selection_sort_generic.coma | 144 +- creusot/tests/should_succeed/slices/01.coma | 130 +- .../tests/should_succeed/slices/02_std.coma | 193 +- .../tests/should_succeed/sparse_array.coma | 524 +-- creusot/tests/should_succeed/spec_tests.coma | 8 +- .../specification/division.coma | 20 +- .../should_succeed/specification/forall.coma | 4 +- .../specification/logic_call.coma | 12 +- .../should_succeed/specification/model.coma | 21 +- .../should_succeed/specification/trusted.coma | 38 +- .../tests/should_succeed/split_borrow.coma | 26 +- creusot/tests/should_succeed/std_types.coma | 4 +- creusot/tests/should_succeed/sum.coma | 76 +- creusot/tests/should_succeed/sum_of_odds.coma | 89 +- .../tests/should_succeed/swap_borrows.coma | 18 +- creusot/tests/should_succeed/switch.coma | 38 +- .../tests/should_succeed/switch_struct.coma | 30 +- .../should_succeed/syntax/02_operators.coma | 238 +- .../should_succeed/syntax/04_assoc_prec.coma | 11 +- .../should_succeed/syntax/05_pearlite.coma | 52 +- .../should_succeed/syntax/07_extern_spec.coma | 10 +- .../should_succeed/syntax/09_maintains.coma | 26 +- .../syntax/10_mutual_rec_types.coma | 46 +- .../should_succeed/syntax/11_array_types.coma | 65 +- .../should_succeed/syntax/12_ghost_code.coma | 113 +- .../should_succeed/syntax/13_vec_macro.coma | 68 +- .../should_succeed/syntax/14_const_fns.coma | 8 +- .../syntax/derive_macros/mixed.coma | 44 +- .../tests/should_succeed/take_first_mut.coma | 20 +- creusot/tests/should_succeed/trait_impl.coma | 4 +- creusot/tests/should_succeed/traits/01.coma | 16 +- creusot/tests/should_succeed/traits/03.coma | 42 +- creusot/tests/should_succeed/traits/06.coma | 8 +- creusot/tests/should_succeed/traits/07.coma | 24 +- creusot/tests/should_succeed/traits/09.coma | 9 +- .../traits/12_default_method.coma | 28 +- .../traits/16_impl_cloning.coma | 16 +- creusot/tests/should_succeed/trigger2.coma | 32 +- .../type_invariants/generated.coma | 14 +- .../type_invariants/non_zero.coma | 52 +- .../type_invariants/vec_inv.coma | 18 +- creusot/tests/should_succeed/unnest.coma | 28 +- .../tests/should_succeed/unused_in_loop.coma | 10 +- creusot/tests/should_succeed/vecdeque.coma | 70 +- creusot/tests/should_succeed/vector/01.coma | 126 +- .../tests/should_succeed/vector/02_gnome.coma | 89 +- .../vector/03_knuth_shuffle.coma | 116 +- .../vector/04_binary_search.coma | 256 +- .../vector/05_binary_search_generic.coma | 217 +- .../vector/06_knights_tour.coma | 1041 +++-- .../should_succeed/vector/07_read_write.coma | 48 +- .../should_succeed/vector/08_haystack.coma | 176 +- .../should_succeed/vector/09_capacity.coma | 44 +- 279 files changed, 18639 insertions(+), 13753 deletions(-) delete mode 100644 creusot/tests/should_succeed/bug/510.coma diff --git a/creusot-contracts/src/std/array.rs b/creusot-contracts/src/std/array.rs index 09d78167dd..13756e454b 100644 --- a/creusot-contracts/src/std/array.rs +++ b/creusot-contracts/src/std/array.rs @@ -13,9 +13,34 @@ impl Invariant for [T; N] { impl View for [T; N] { type ViewTy = Seq; + //TODO laurent valider l'approche de separation en 3 block + + #[cfg(target_pointer_width = "64")] #[logic] #[trusted] - #[creusot::builtins = "prelude.prelude.Slice.id"] + #[creusot::builtins = "prelude.prelude.Slice64.id"] + // TODO: + // #[ensures(result.len() == N@)] + // Warning: #[ensures] and #[trusted] are incompatible, so this might require + fn view(self) -> Self::ViewTy { + dead + } + + #[cfg(target_pointer_width = "32")] + #[logic] + #[trusted] + #[creusot::builtins = "prelude.prelude.Slice32.id"] + // TODO: + // #[ensures(result.len() == N@)] + // Warning: #[ensures] and #[trusted] are incompatible, so this might require + fn view(self) -> Self::ViewTy { + dead + } + + #[cfg(target_pointer_width = "16")] + #[logic] + #[trusted] + #[creusot::builtins = "prelude.prelude.Slice16.id"] // TODO: // #[ensures(result.len() == N@)] // Warning: #[ensures] and #[trusted] are incompatible, so this might require diff --git a/creusot-contracts/src/std/slice.rs b/creusot-contracts/src/std/slice.rs index b4a73bb24d..b171fc3090 100644 --- a/creusot-contracts/src/std/slice.rs +++ b/creusot-contracts/src/std/slice.rs @@ -44,9 +44,27 @@ impl DeepModel for [T] { } } +//TODO laurent valider l'approche de separation en 3 block +#[cfg(target_pointer_width = "64")] #[logic] #[trusted] -#[creusot::builtins = "prelude.prelude.Slice.id"] +#[creusot::builtins = "prelude.prelude.Slice64.id"] +fn slice_model(_: &[T]) -> Seq { + dead +} + +#[cfg(target_pointer_width = "32")] +#[logic] +#[trusted] +#[creusot::builtins = "prelude.prelude.Slice32.id"] +fn slice_model(_: &[T]) -> Seq { + dead +} + +#[cfg(target_pointer_width = "16")] +#[logic] +#[trusted] +#[creusot::builtins = "prelude.prelude.Slice16.id"] fn slice_model(_: &[T]) -> Seq { dead } diff --git a/creusot-deps.opam b/creusot-deps.opam index 32fd48c86d..54d6cd3c69 100644 --- a/creusot-deps.opam +++ b/creusot-deps.opam @@ -4,8 +4,8 @@ opam-version: "2.0" maintainer: "Armaël Guéneau " authors: "the creusot authors" depends: [ - "why3" {= "git-fd81"} - "why3-ide" {= "git-fd81" & !?in-creusot-ci} + "why3" {= "git-ec97"} + "why3-ide" {= "git-ec97" & !?in-creusot-ci} # optional dependencies of why3 "ocamlgraph" "camlzip" @@ -14,6 +14,6 @@ depends: [ # When updating the hash and git-XXX below, don't forget to update them in the # depends: field above! pin-depends: [ - [ "why3.git-fd81" "git+https://gitlab.inria.fr/why3/why3.git#ec97d9abc" ] - [ "why3-ide.git-fd81" "git+https://gitlab.inria.fr/why3/why3.git#ec97d9abc" ] -] + [ "why3.git-ec97" "git+https://gitlab.inria.fr/why3/why3.git#ec97d9abc" ] + [ "why3-ide.git-ec97" "git+https://gitlab.inria.fr/why3/why3.git#ec97d9abc" ] +] \ No newline at end of file diff --git a/creusot/src/backend/clone_map.rs b/creusot/src/backend/clone_map.rs index ae20fcbc14..b8da6309a8 100644 --- a/creusot/src/backend/clone_map.rs +++ b/creusot/src/backend/clone_map.rs @@ -24,6 +24,8 @@ use why3::{ Ident, QName, }; +use super::ty::slice_create_qname; + mod elaborator; // Prelude modules @@ -70,7 +72,7 @@ impl PreludeModule { PreludeModule::Opaque => QName::from_string("prelude.prelude.Opaque"), PreludeModule::Bool => QName::from_string("prelude.prelude.Bool"), PreludeModule::Borrow => QName::from_string("prelude.prelude.Borrow"), - PreludeModule::Slice => QName::from_string("prelude.prelude.Slice"), + PreludeModule::Slice => slice_create_qname(), PreludeModule::Intrinsic => QName::from_string("prelude.prelude.Intrinsic"), } } diff --git a/creusot/tests/creusot-contracts/creusot-contracts.coma b/creusot/tests/creusot-contracts/creusot-contracts.coma index 1174233977..bda84c3ee0 100644 --- a/creusot/tests/creusot-contracts/creusot-contracts.coma +++ b/creusot/tests/creusot-contracts/creusot-contracts.coma @@ -515,7 +515,9 @@ end module M_creusot_contracts__logic__ord__qyi15418235539824427604__cmp_le_log [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 78 39 78 89 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 76 8 76 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.UInt8 use prelude.prelude.Int @@ -526,23 +528,27 @@ module M_creusot_contracts__logic__ord__qyi15418235539824427604__cmp_le_log [#". | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint8) (o : uint8) : t_Ordering'0 + use prelude.prelude.UInt8 + + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : UInt8.t) (o : UInt8.t) : t_Ordering'0 = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord2] if UInt8.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 constant x : UInt8.t constant y : UInt8.t - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (x : uint8) (y : uint8) : () + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (x : UInt8.t) (y : UInt8.t) : () - goal vc_cmp_le_log'0 : [%#sord0] (x <= y) = (cmp_log'0 x y <> C_Greater'0) + goal vc_cmp_le_log'0 : [%#sord0] UInt8.ule x y = (cmp_log'0 x y <> C_Greater'0) end module M_creusot_contracts__logic__ord__qyi15418235539824427604__cmp_lt_log [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 83 39 83 86 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 81 8 81 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.UInt8 use prelude.prelude.Int @@ -553,23 +559,25 @@ module M_creusot_contracts__logic__ord__qyi15418235539824427604__cmp_lt_log [#". | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint8) (o : uint8) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : UInt8.t) (o : UInt8.t) : t_Ordering'0 = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord2] if UInt8.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 constant x : UInt8.t constant y : UInt8.t - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (x : uint8) (y : uint8) : () + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (x : UInt8.t) (y : UInt8.t) : () - goal vc_cmp_lt_log'0 : [%#sord0] (x < y) = (cmp_log'0 x y = C_Less'0) + goal vc_cmp_lt_log'0 : [%#sord0] UInt8.ult x y = (cmp_log'0 x y = C_Less'0) end module M_creusot_contracts__logic__ord__qyi15418235539824427604__cmp_ge_log [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 88 39 88 86 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 86 8 86 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.UInt8 use prelude.prelude.Int @@ -580,23 +588,27 @@ module M_creusot_contracts__logic__ord__qyi15418235539824427604__cmp_ge_log [#". | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint8) (o : uint8) : t_Ordering'0 + use prelude.prelude.UInt8 + + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : UInt8.t) (o : UInt8.t) : t_Ordering'0 = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord2] if UInt8.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 constant x : UInt8.t constant y : UInt8.t - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (x : uint8) (y : uint8) : () + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (x : UInt8.t) (y : UInt8.t) : () - goal vc_cmp_ge_log'0 : [%#sord0] (x >= y) = (cmp_log'0 x y <> C_Less'0) + goal vc_cmp_ge_log'0 : [%#sord0] UInt8.uge x y = (cmp_log'0 x y <> C_Less'0) end module M_creusot_contracts__logic__ord__qyi15418235539824427604__cmp_gt_log [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 93 39 93 89 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 91 8 91 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.UInt8 use prelude.prelude.Int @@ -607,23 +619,27 @@ module M_creusot_contracts__logic__ord__qyi15418235539824427604__cmp_gt_log [#". | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint8) (o : uint8) : t_Ordering'0 + use prelude.prelude.UInt8 + + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : UInt8.t) (o : UInt8.t) : t_Ordering'0 = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord2] if UInt8.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 constant x : UInt8.t constant y : UInt8.t - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (x : uint8) (y : uint8) : () + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (x : UInt8.t) (y : UInt8.t) : () - goal vc_cmp_gt_log'0 : [%#sord0] (x > y) = (cmp_log'0 x y = C_Greater'0) + goal vc_cmp_gt_log'0 : [%#sord0] UInt8.ugt x y = (cmp_log'0 x y = C_Greater'0) end module M_creusot_contracts__logic__ord__qyi15418235539824427604__refl [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 98 39 98 70 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 96 8 96 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.UInt8 @@ -632,16 +648,16 @@ module M_creusot_contracts__logic__ord__qyi15418235539824427604__refl [#"../../. | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.UInt8 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint8) (o : uint8) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : UInt8.t) (o : UInt8.t) : t_Ordering'0 = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord2] if UInt8.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 constant x : UInt8.t - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (x : uint8) : () + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (x : UInt8.t) : () goal vc_refl'0 : [%#sord0] cmp_log'0 x x = C_Equal'0 end @@ -650,7 +666,9 @@ module M_creusot_contracts__logic__ord__qyi15418235539824427604__trans [#"../../ let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 104 40 104 57 let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 105 39 105 56 let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 101 8 101 35 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.UInt8 @@ -659,12 +677,12 @@ module M_creusot_contracts__logic__ord__qyi15418235539824427604__trans [#"../../ | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.UInt8 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint8) (o : uint8) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : UInt8.t) (o : UInt8.t) : t_Ordering'0 = - [%#sord4] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord4] if UInt8.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 constant x : UInt8.t @@ -674,7 +692,7 @@ module M_creusot_contracts__logic__ord__qyi15418235539824427604__trans [#"../../ constant o : t_Ordering'0 - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56] (x : uint8) (y : uint8) (z : uint8) (o : t_Ordering'0) : () + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56] (x : UInt8.t) (y : UInt8.t) (z : UInt8.t) (o : t_Ordering'0) : () goal vc_trans'0 : ([%#sord1] cmp_log'0 y z = o) -> ([%#sord0] cmp_log'0 x y = o) -> ([%#sord2] cmp_log'0 x z = o) @@ -683,7 +701,9 @@ module M_creusot_contracts__logic__ord__qyi15418235539824427604__antisym1 [#"../ let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 110 40 110 70 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 111 39 111 72 let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 108 8 108 35 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.UInt8 @@ -692,18 +712,18 @@ module M_creusot_contracts__logic__ord__qyi15418235539824427604__antisym1 [#"../ | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.UInt8 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint8) (o : uint8) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : UInt8.t) (o : UInt8.t) : t_Ordering'0 = - [%#sord3] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord3] if UInt8.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 constant x : UInt8.t constant y : UInt8.t - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37] (x : uint8) (y : uint8) : () + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37] (x : UInt8.t) (y : UInt8.t) : () goal vc_antisym1'0 : ([%#sord0] cmp_log'0 x y = C_Less'0) -> ([%#sord1] cmp_log'0 y x = C_Greater'0) end @@ -711,7 +731,9 @@ module M_creusot_contracts__logic__ord__qyi15418235539824427604__antisym2 [#"../ let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 116 40 116 73 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 117 39 117 69 let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 114 8 114 35 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.UInt8 @@ -720,25 +742,27 @@ module M_creusot_contracts__logic__ord__qyi15418235539824427604__antisym2 [#"../ | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.UInt8 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint8) (o : uint8) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : UInt8.t) (o : UInt8.t) : t_Ordering'0 = - [%#sord3] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord3] if UInt8.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - constant x : uint8 + constant x : UInt8.t - constant y : uint8 + constant y : UInt8.t - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37] (x : uint8) (y : uint8) : () + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37] (x : UInt8.t) (y : UInt8.t) : () goal vc_antisym2'0 : ([%#sord0] cmp_log'0 x y = C_Greater'0) -> ([%#sord1] cmp_log'0 y x = C_Less'0) end module M_creusot_contracts__logic__ord__qyi15418235539824427604__eq_cmp [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 122 39 122 84 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 120 8 120 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.UInt8 @@ -747,25 +771,27 @@ module M_creusot_contracts__logic__ord__qyi15418235539824427604__eq_cmp [#"../.. | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.UInt8 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint8) (o : uint8) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : UInt8.t) (o : UInt8.t) : t_Ordering'0 = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord2] if UInt8.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 constant x : UInt8.t constant y : UInt8.t - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (x : uint8) (y : uint8) : () + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (x : UInt8.t) (y : UInt8.t) : () goal vc_eq_cmp'0 : [%#sord0] (x = y) = (cmp_log'0 x y = C_Equal'0) end module M_creusot_contracts__logic__ord__qyi7305497527599188430__cmp_le_log [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 78 39 78 89 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 76 8 76 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.UInt16 use prelude.prelude.Int @@ -776,23 +802,27 @@ module M_creusot_contracts__logic__ord__qyi7305497527599188430__cmp_le_log [#".. | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint16) (o : uint16) : t_Ordering'0 + use prelude.prelude.UInt16 + + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : UInt16.t) (o : UInt16.t) : t_Ordering'0 = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord2] if UInt16.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 constant x : UInt16.t constant y : UInt16.t - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (x : uint16) (y : uint16) : () + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (x : UInt16.t) (y : UInt16.t) : () - goal vc_cmp_le_log'0 : [%#sord0] (x <= y) = (cmp_log'0 x y <> C_Greater'0) + goal vc_cmp_le_log'0 : [%#sord0] UInt16.ule x y = (cmp_log'0 x y <> C_Greater'0) end module M_creusot_contracts__logic__ord__qyi7305497527599188430__cmp_lt_log [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 83 39 83 86 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 81 8 81 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.UInt16 use prelude.prelude.Int @@ -803,23 +833,25 @@ module M_creusot_contracts__logic__ord__qyi7305497527599188430__cmp_lt_log [#".. | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint16) (o : uint16) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : UInt16.t) (o : UInt16.t) : t_Ordering'0 = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord2] if UInt16.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 constant x : UInt16.t constant y : UInt16.t - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (x : uint16) (y : uint16) : () + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (x : UInt16.t) (y : UInt16.t) : () - goal vc_cmp_lt_log'0 : [%#sord0] (x < y) = (cmp_log'0 x y = C_Less'0) + goal vc_cmp_lt_log'0 : [%#sord0] UInt16.ult x y = (cmp_log'0 x y = C_Less'0) end module M_creusot_contracts__logic__ord__qyi7305497527599188430__cmp_ge_log [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 88 39 88 86 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 86 8 86 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.UInt16 use prelude.prelude.Int @@ -830,23 +862,27 @@ module M_creusot_contracts__logic__ord__qyi7305497527599188430__cmp_ge_log [#".. | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint16) (o : uint16) : t_Ordering'0 + use prelude.prelude.UInt16 + + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : UInt16.t) (o : UInt16.t) : t_Ordering'0 = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord2] if UInt16.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 constant x : UInt16.t constant y : UInt16.t - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (x : uint16) (y : uint16) : () + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (x : UInt16.t) (y : UInt16.t) : () - goal vc_cmp_ge_log'0 : [%#sord0] (x >= y) = (cmp_log'0 x y <> C_Less'0) + goal vc_cmp_ge_log'0 : [%#sord0] UInt16.uge x y = (cmp_log'0 x y <> C_Less'0) end module M_creusot_contracts__logic__ord__qyi7305497527599188430__cmp_gt_log [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 93 39 93 89 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 91 8 91 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.UInt16 use prelude.prelude.Int @@ -857,23 +893,27 @@ module M_creusot_contracts__logic__ord__qyi7305497527599188430__cmp_gt_log [#".. | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint16) (o : uint16) : t_Ordering'0 + use prelude.prelude.UInt16 + + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : UInt16.t) (o : UInt16.t) : t_Ordering'0 = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord2] if UInt16.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 constant x : UInt16.t constant y : UInt16.t - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (x : uint16) (y : uint16) : () + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (x : UInt16.t) (y : UInt16.t) : () - goal vc_cmp_gt_log'0 : [%#sord0] (x > y) = (cmp_log'0 x y = C_Greater'0) + goal vc_cmp_gt_log'0 : [%#sord0] UInt16.ugt x y = (cmp_log'0 x y = C_Greater'0) end module M_creusot_contracts__logic__ord__qyi7305497527599188430__refl [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 98 39 98 70 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 96 8 96 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.UInt16 @@ -882,16 +922,16 @@ module M_creusot_contracts__logic__ord__qyi7305497527599188430__refl [#"../../.. | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.UInt16 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint16) (o : uint16) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : UInt16.t) (o : UInt16.t) : t_Ordering'0 = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord2] if UInt16.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 constant x : UInt16.t - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (x : uint16) : () + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (x : UInt16.t) : () goal vc_refl'0 : [%#sord0] cmp_log'0 x x = C_Equal'0 end @@ -900,7 +940,9 @@ module M_creusot_contracts__logic__ord__qyi7305497527599188430__trans [#"../../. let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 104 40 104 57 let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 105 39 105 56 let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 101 8 101 35 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.UInt16 @@ -909,12 +951,12 @@ module M_creusot_contracts__logic__ord__qyi7305497527599188430__trans [#"../../. | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.UInt16 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint16) (o : uint16) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : UInt16.t) (o : UInt16.t) : t_Ordering'0 = - [%#sord4] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord4] if UInt16.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 constant x : UInt16.t @@ -924,7 +966,7 @@ module M_creusot_contracts__logic__ord__qyi7305497527599188430__trans [#"../../. constant o : t_Ordering'0 - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56] (x : uint16) (y : uint16) (z : uint16) (o : t_Ordering'0) : () + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56] (x : UInt16.t) (y : UInt16.t) (z : UInt16.t) (o : t_Ordering'0) : () goal vc_trans'0 : ([%#sord1] cmp_log'0 y z = o) -> ([%#sord0] cmp_log'0 x y = o) -> ([%#sord2] cmp_log'0 x z = o) @@ -933,7 +975,9 @@ module M_creusot_contracts__logic__ord__qyi7305497527599188430__antisym1 [#"../. let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 110 40 110 70 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 111 39 111 72 let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 108 8 108 35 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.UInt16 @@ -942,18 +986,18 @@ module M_creusot_contracts__logic__ord__qyi7305497527599188430__antisym1 [#"../. | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.UInt16 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint16) (o : uint16) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : UInt16.t) (o : UInt16.t) : t_Ordering'0 = - [%#sord3] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord3] if UInt16.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 constant x : UInt16.t constant y : UInt16.t - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37] (x : uint16) (y : uint16) : () + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37] (x : UInt16.t) (y : UInt16.t) : () goal vc_antisym1'0 : ([%#sord0] cmp_log'0 x y = C_Less'0) -> ([%#sord1] cmp_log'0 y x = C_Greater'0) end @@ -961,7 +1005,9 @@ module M_creusot_contracts__logic__ord__qyi7305497527599188430__antisym2 [#"../. let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 116 40 116 73 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 117 39 117 69 let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 114 8 114 35 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.UInt16 @@ -970,25 +1016,27 @@ module M_creusot_contracts__logic__ord__qyi7305497527599188430__antisym2 [#"../. | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.UInt16 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint16) (o : uint16) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : UInt16.t) (o : UInt16.t) : t_Ordering'0 = - [%#sord3] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord3] if UInt16.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - constant x : uint16 + constant x : UInt16.t - constant y : uint16 + constant y : UInt16.t - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37] (x : uint16) (y : uint16) : () + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37] (x : UInt16.t) (y : UInt16.t) : () goal vc_antisym2'0 : ([%#sord0] cmp_log'0 x y = C_Greater'0) -> ([%#sord1] cmp_log'0 y x = C_Less'0) end module M_creusot_contracts__logic__ord__qyi7305497527599188430__eq_cmp [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 122 39 122 84 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 120 8 120 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.UInt16 @@ -997,25 +1045,27 @@ module M_creusot_contracts__logic__ord__qyi7305497527599188430__eq_cmp [#"../../ | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.UInt16 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint16) (o : uint16) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : UInt16.t) (o : UInt16.t) : t_Ordering'0 = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord2] if UInt16.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 constant x : UInt16.t constant y : UInt16.t - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (x : uint16) (y : uint16) : () + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (x : UInt16.t) (y : UInt16.t) : () goal vc_eq_cmp'0 : [%#sord0] (x = y) = (cmp_log'0 x y = C_Equal'0) end module M_creusot_contracts__logic__ord__qyi4526525114627399862__cmp_le_log [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 78 39 78 89 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 76 8 76 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.UInt32 use prelude.prelude.Int @@ -1026,23 +1076,27 @@ module M_creusot_contracts__logic__ord__qyi4526525114627399862__cmp_le_log [#".. | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint32) (o : uint32) : t_Ordering'0 + use prelude.prelude.UInt32 + + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : UInt32.t) (o : UInt32.t) : t_Ordering'0 = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord2] if UInt32.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 constant x : UInt32.t constant y : UInt32.t - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (x : uint32) (y : uint32) : () + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (x : UInt32.t) (y : UInt32.t) : () - goal vc_cmp_le_log'0 : [%#sord0] (x <= y) = (cmp_log'0 x y <> C_Greater'0) + goal vc_cmp_le_log'0 : [%#sord0] UInt32.ule x y = (cmp_log'0 x y <> C_Greater'0) end module M_creusot_contracts__logic__ord__qyi4526525114627399862__cmp_lt_log [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 83 39 83 86 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 81 8 81 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.UInt32 use prelude.prelude.Int @@ -1053,23 +1107,25 @@ module M_creusot_contracts__logic__ord__qyi4526525114627399862__cmp_lt_log [#".. | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint32) (o : uint32) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : UInt32.t) (o : UInt32.t) : t_Ordering'0 = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord2] if UInt32.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 constant x : UInt32.t constant y : UInt32.t - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (x : uint32) (y : uint32) : () + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (x : UInt32.t) (y : UInt32.t) : () - goal vc_cmp_lt_log'0 : [%#sord0] (x < y) = (cmp_log'0 x y = C_Less'0) + goal vc_cmp_lt_log'0 : [%#sord0] UInt32.ult x y = (cmp_log'0 x y = C_Less'0) end module M_creusot_contracts__logic__ord__qyi4526525114627399862__cmp_ge_log [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 88 39 88 86 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 86 8 86 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.UInt32 use prelude.prelude.Int @@ -1080,23 +1136,27 @@ module M_creusot_contracts__logic__ord__qyi4526525114627399862__cmp_ge_log [#".. | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint32) (o : uint32) : t_Ordering'0 + use prelude.prelude.UInt32 + + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : UInt32.t) (o : UInt32.t) : t_Ordering'0 = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord2] if UInt32.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 constant x : UInt32.t constant y : UInt32.t - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (x : uint32) (y : uint32) : () + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (x : UInt32.t) (y : UInt32.t) : () - goal vc_cmp_ge_log'0 : [%#sord0] (x >= y) = (cmp_log'0 x y <> C_Less'0) + goal vc_cmp_ge_log'0 : [%#sord0] UInt32.uge x y = (cmp_log'0 x y <> C_Less'0) end module M_creusot_contracts__logic__ord__qyi4526525114627399862__cmp_gt_log [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 93 39 93 89 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 91 8 91 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.UInt32 use prelude.prelude.Int @@ -1107,23 +1167,27 @@ module M_creusot_contracts__logic__ord__qyi4526525114627399862__cmp_gt_log [#".. | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint32) (o : uint32) : t_Ordering'0 + use prelude.prelude.UInt32 + + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : UInt32.t) (o : UInt32.t) : t_Ordering'0 = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord2] if UInt32.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 constant x : UInt32.t constant y : UInt32.t - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (x : uint32) (y : uint32) : () + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (x : UInt32.t) (y : UInt32.t) : () - goal vc_cmp_gt_log'0 : [%#sord0] (x > y) = (cmp_log'0 x y = C_Greater'0) + goal vc_cmp_gt_log'0 : [%#sord0] UInt32.ugt x y = (cmp_log'0 x y = C_Greater'0) end module M_creusot_contracts__logic__ord__qyi4526525114627399862__refl [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 98 39 98 70 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 96 8 96 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.UInt32 @@ -1132,16 +1196,16 @@ module M_creusot_contracts__logic__ord__qyi4526525114627399862__refl [#"../../.. | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.UInt32 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint32) (o : uint32) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : UInt32.t) (o : UInt32.t) : t_Ordering'0 = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord2] if UInt32.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 constant x : UInt32.t - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (x : uint32) : () + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (x : UInt32.t) : () goal vc_refl'0 : [%#sord0] cmp_log'0 x x = C_Equal'0 end @@ -1150,7 +1214,9 @@ module M_creusot_contracts__logic__ord__qyi4526525114627399862__trans [#"../../. let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 104 40 104 57 let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 105 39 105 56 let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 101 8 101 35 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.UInt32 @@ -1159,12 +1225,12 @@ module M_creusot_contracts__logic__ord__qyi4526525114627399862__trans [#"../../. | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.UInt32 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint32) (o : uint32) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : UInt32.t) (o : UInt32.t) : t_Ordering'0 = - [%#sord4] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord4] if UInt32.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 constant x : UInt32.t @@ -1174,7 +1240,7 @@ module M_creusot_contracts__logic__ord__qyi4526525114627399862__trans [#"../../. constant o : t_Ordering'0 - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56] (x : uint32) (y : uint32) (z : uint32) (o : t_Ordering'0) : () + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56] (x : UInt32.t) (y : UInt32.t) (z : UInt32.t) (o : t_Ordering'0) : () goal vc_trans'0 : ([%#sord1] cmp_log'0 y z = o) -> ([%#sord0] cmp_log'0 x y = o) -> ([%#sord2] cmp_log'0 x z = o) @@ -1183,7 +1249,9 @@ module M_creusot_contracts__logic__ord__qyi4526525114627399862__antisym1 [#"../. let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 110 40 110 70 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 111 39 111 72 let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 108 8 108 35 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.UInt32 @@ -1192,18 +1260,18 @@ module M_creusot_contracts__logic__ord__qyi4526525114627399862__antisym1 [#"../. | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.UInt32 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint32) (o : uint32) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : UInt32.t) (o : UInt32.t) : t_Ordering'0 = - [%#sord3] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord3] if UInt32.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 constant x : UInt32.t constant y : UInt32.t - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37] (x : uint32) (y : uint32) : () + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37] (x : UInt32.t) (y : UInt32.t) : () goal vc_antisym1'0 : ([%#sord0] cmp_log'0 x y = C_Less'0) -> ([%#sord1] cmp_log'0 y x = C_Greater'0) end @@ -1211,7 +1279,9 @@ module M_creusot_contracts__logic__ord__qyi4526525114627399862__antisym2 [#"../. let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 116 40 116 73 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 117 39 117 69 let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 114 8 114 35 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.UInt32 @@ -1220,25 +1290,27 @@ module M_creusot_contracts__logic__ord__qyi4526525114627399862__antisym2 [#"../. | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.UInt32 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint32) (o : uint32) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : UInt32.t) (o : UInt32.t) : t_Ordering'0 = - [%#sord3] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord3] if UInt32.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - constant x : uint32 + constant x : UInt32.t - constant y : uint32 + constant y : UInt32.t - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37] (x : uint32) (y : uint32) : () + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37] (x : UInt32.t) (y : UInt32.t) : () goal vc_antisym2'0 : ([%#sord0] cmp_log'0 x y = C_Greater'0) -> ([%#sord1] cmp_log'0 y x = C_Less'0) end module M_creusot_contracts__logic__ord__qyi4526525114627399862__eq_cmp [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 122 39 122 84 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 120 8 120 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.UInt32 @@ -1247,25 +1319,27 @@ module M_creusot_contracts__logic__ord__qyi4526525114627399862__eq_cmp [#"../../ | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.UInt32 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint32) (o : uint32) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : UInt32.t) (o : UInt32.t) : t_Ordering'0 = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord2] if UInt32.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 constant x : UInt32.t constant y : UInt32.t - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (x : uint32) (y : uint32) : () + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (x : UInt32.t) (y : UInt32.t) : () goal vc_eq_cmp'0 : [%#sord0] (x = y) = (cmp_log'0 x y = C_Equal'0) end module M_creusot_contracts__logic__ord__qyi11489483489418918928__cmp_le_log [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 78 39 78 89 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 76 8 76 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.UInt64 use prelude.prelude.Int @@ -1276,23 +1350,27 @@ module M_creusot_contracts__logic__ord__qyi11489483489418918928__cmp_le_log [#". | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint64) (o : uint64) : t_Ordering'0 + use prelude.prelude.UInt64 + + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : UInt64.t) (o : UInt64.t) : t_Ordering'0 = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord2] if UInt64.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 constant x : UInt64.t constant y : UInt64.t - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (x : uint64) (y : uint64) : () + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (x : UInt64.t) (y : UInt64.t) : () - goal vc_cmp_le_log'0 : [%#sord0] (x <= y) = (cmp_log'0 x y <> C_Greater'0) + goal vc_cmp_le_log'0 : [%#sord0] UInt64.ule x y = (cmp_log'0 x y <> C_Greater'0) end module M_creusot_contracts__logic__ord__qyi11489483489418918928__cmp_lt_log [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 83 39 83 86 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 81 8 81 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.UInt64 use prelude.prelude.Int @@ -1303,23 +1381,25 @@ module M_creusot_contracts__logic__ord__qyi11489483489418918928__cmp_lt_log [#". | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint64) (o : uint64) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : UInt64.t) (o : UInt64.t) : t_Ordering'0 = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord2] if UInt64.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 constant x : UInt64.t constant y : UInt64.t - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (x : uint64) (y : uint64) : () + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (x : UInt64.t) (y : UInt64.t) : () - goal vc_cmp_lt_log'0 : [%#sord0] (x < y) = (cmp_log'0 x y = C_Less'0) + goal vc_cmp_lt_log'0 : [%#sord0] UInt64.ult x y = (cmp_log'0 x y = C_Less'0) end module M_creusot_contracts__logic__ord__qyi11489483489418918928__cmp_ge_log [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 88 39 88 86 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 86 8 86 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.UInt64 use prelude.prelude.Int @@ -1330,23 +1410,27 @@ module M_creusot_contracts__logic__ord__qyi11489483489418918928__cmp_ge_log [#". | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint64) (o : uint64) : t_Ordering'0 + use prelude.prelude.UInt64 + + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : UInt64.t) (o : UInt64.t) : t_Ordering'0 = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord2] if UInt64.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 constant x : UInt64.t constant y : UInt64.t - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (x : uint64) (y : uint64) : () + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (x : UInt64.t) (y : UInt64.t) : () - goal vc_cmp_ge_log'0 : [%#sord0] (x >= y) = (cmp_log'0 x y <> C_Less'0) + goal vc_cmp_ge_log'0 : [%#sord0] UInt64.uge x y = (cmp_log'0 x y <> C_Less'0) end module M_creusot_contracts__logic__ord__qyi11489483489418918928__cmp_gt_log [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 93 39 93 89 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 91 8 91 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.UInt64 use prelude.prelude.Int @@ -1357,23 +1441,27 @@ module M_creusot_contracts__logic__ord__qyi11489483489418918928__cmp_gt_log [#". | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint64) (o : uint64) : t_Ordering'0 + use prelude.prelude.UInt64 + + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : UInt64.t) (o : UInt64.t) : t_Ordering'0 = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord2] if UInt64.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 constant x : UInt64.t constant y : UInt64.t - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (x : uint64) (y : uint64) : () + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (x : UInt64.t) (y : UInt64.t) : () - goal vc_cmp_gt_log'0 : [%#sord0] (x > y) = (cmp_log'0 x y = C_Greater'0) + goal vc_cmp_gt_log'0 : [%#sord0] UInt64.ugt x y = (cmp_log'0 x y = C_Greater'0) end module M_creusot_contracts__logic__ord__qyi11489483489418918928__refl [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 98 39 98 70 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 96 8 96 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.UInt64 @@ -1382,16 +1470,16 @@ module M_creusot_contracts__logic__ord__qyi11489483489418918928__refl [#"../../. | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.UInt64 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint64) (o : uint64) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : UInt64.t) (o : UInt64.t) : t_Ordering'0 = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord2] if UInt64.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 constant x : UInt64.t - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (x : uint64) : () + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (x : UInt64.t) : () goal vc_refl'0 : [%#sord0] cmp_log'0 x x = C_Equal'0 end @@ -1400,7 +1488,9 @@ module M_creusot_contracts__logic__ord__qyi11489483489418918928__trans [#"../../ let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 104 40 104 57 let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 105 39 105 56 let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 101 8 101 35 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.UInt64 @@ -1409,12 +1499,12 @@ module M_creusot_contracts__logic__ord__qyi11489483489418918928__trans [#"../../ | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.UInt64 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint64) (o : uint64) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : UInt64.t) (o : UInt64.t) : t_Ordering'0 = - [%#sord4] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord4] if UInt64.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 constant x : UInt64.t @@ -1424,7 +1514,7 @@ module M_creusot_contracts__logic__ord__qyi11489483489418918928__trans [#"../../ constant o : t_Ordering'0 - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56] (x : uint64) (y : uint64) (z : uint64) (o : t_Ordering'0) : () + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56] (x : UInt64.t) (y : UInt64.t) (z : UInt64.t) (o : t_Ordering'0) : () goal vc_trans'0 : ([%#sord1] cmp_log'0 y z = o) -> ([%#sord0] cmp_log'0 x y = o) -> ([%#sord2] cmp_log'0 x z = o) @@ -1433,7 +1523,9 @@ module M_creusot_contracts__logic__ord__qyi11489483489418918928__antisym1 [#"../ let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 110 40 110 70 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 111 39 111 72 let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 108 8 108 35 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.UInt64 @@ -1442,18 +1534,18 @@ module M_creusot_contracts__logic__ord__qyi11489483489418918928__antisym1 [#"../ | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.UInt64 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint64) (o : uint64) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : UInt64.t) (o : UInt64.t) : t_Ordering'0 = - [%#sord3] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord3] if UInt64.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 constant x : UInt64.t constant y : UInt64.t - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37] (x : uint64) (y : uint64) : () + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37] (x : UInt64.t) (y : UInt64.t) : () goal vc_antisym1'0 : ([%#sord0] cmp_log'0 x y = C_Less'0) -> ([%#sord1] cmp_log'0 y x = C_Greater'0) end @@ -1461,7 +1553,9 @@ module M_creusot_contracts__logic__ord__qyi11489483489418918928__antisym2 [#"../ let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 116 40 116 73 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 117 39 117 69 let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 114 8 114 35 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.UInt64 @@ -1470,25 +1564,27 @@ module M_creusot_contracts__logic__ord__qyi11489483489418918928__antisym2 [#"../ | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.UInt64 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint64) (o : uint64) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : UInt64.t) (o : UInt64.t) : t_Ordering'0 = - [%#sord3] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord3] if UInt64.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - constant x : uint64 + constant x : UInt64.t - constant y : uint64 + constant y : UInt64.t - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37] (x : uint64) (y : uint64) : () + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37] (x : UInt64.t) (y : UInt64.t) : () goal vc_antisym2'0 : ([%#sord0] cmp_log'0 x y = C_Greater'0) -> ([%#sord1] cmp_log'0 y x = C_Less'0) end module M_creusot_contracts__logic__ord__qyi11489483489418918928__eq_cmp [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 122 39 122 84 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 120 8 120 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.UInt64 @@ -1497,25 +1593,27 @@ module M_creusot_contracts__logic__ord__qyi11489483489418918928__eq_cmp [#"../.. | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.UInt64 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint64) (o : uint64) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : UInt64.t) (o : UInt64.t) : t_Ordering'0 = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord2] if UInt64.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 constant x : UInt64.t constant y : UInt64.t - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (x : uint64) (y : uint64) : () + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (x : UInt64.t) (y : UInt64.t) : () goal vc_eq_cmp'0 : [%#sord0] (x = y) = (cmp_log'0 x y = C_Equal'0) end module M_creusot_contracts__logic__ord__qyi13757098721041279861__cmp_le_log [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 78 39 78 89 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 76 8 76 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.UInt128 use prelude.prelude.Int @@ -1526,23 +1624,27 @@ module M_creusot_contracts__logic__ord__qyi13757098721041279861__cmp_le_log [#". | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint128) (o : uint128) : t_Ordering'0 + use prelude.prelude.UInt128 + + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : UInt128.t) (o : UInt128.t) : t_Ordering'0 = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord2] if UInt128.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 constant x : UInt128.t constant y : UInt128.t - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (x : uint128) (y : uint128) : () + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (x : UInt128.t) (y : UInt128.t) : () - goal vc_cmp_le_log'0 : [%#sord0] (x <= y) = (cmp_log'0 x y <> C_Greater'0) + goal vc_cmp_le_log'0 : [%#sord0] UInt128.ule x y = (cmp_log'0 x y <> C_Greater'0) end module M_creusot_contracts__logic__ord__qyi13757098721041279861__cmp_lt_log [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 83 39 83 86 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 81 8 81 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.UInt128 use prelude.prelude.Int @@ -1553,23 +1655,25 @@ module M_creusot_contracts__logic__ord__qyi13757098721041279861__cmp_lt_log [#". | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint128) (o : uint128) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : UInt128.t) (o : UInt128.t) : t_Ordering'0 = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord2] if UInt128.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 constant x : UInt128.t constant y : UInt128.t - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (x : uint128) (y : uint128) : () + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (x : UInt128.t) (y : UInt128.t) : () - goal vc_cmp_lt_log'0 : [%#sord0] (x < y) = (cmp_log'0 x y = C_Less'0) + goal vc_cmp_lt_log'0 : [%#sord0] UInt128.ult x y = (cmp_log'0 x y = C_Less'0) end module M_creusot_contracts__logic__ord__qyi13757098721041279861__cmp_ge_log [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 88 39 88 86 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 86 8 86 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.UInt128 use prelude.prelude.Int @@ -1580,23 +1684,27 @@ module M_creusot_contracts__logic__ord__qyi13757098721041279861__cmp_ge_log [#". | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint128) (o : uint128) : t_Ordering'0 + use prelude.prelude.UInt128 + + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : UInt128.t) (o : UInt128.t) : t_Ordering'0 = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord2] if UInt128.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 constant x : UInt128.t constant y : UInt128.t - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (x : uint128) (y : uint128) : () + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (x : UInt128.t) (y : UInt128.t) : () - goal vc_cmp_ge_log'0 : [%#sord0] (x >= y) = (cmp_log'0 x y <> C_Less'0) + goal vc_cmp_ge_log'0 : [%#sord0] UInt128.uge x y = (cmp_log'0 x y <> C_Less'0) end module M_creusot_contracts__logic__ord__qyi13757098721041279861__cmp_gt_log [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 93 39 93 89 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 91 8 91 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.UInt128 use prelude.prelude.Int @@ -1607,23 +1715,27 @@ module M_creusot_contracts__logic__ord__qyi13757098721041279861__cmp_gt_log [#". | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint128) (o : uint128) : t_Ordering'0 + use prelude.prelude.UInt128 + + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : UInt128.t) (o : UInt128.t) : t_Ordering'0 = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord2] if UInt128.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 constant x : UInt128.t constant y : UInt128.t - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (x : uint128) (y : uint128) : () + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (x : UInt128.t) (y : UInt128.t) : () - goal vc_cmp_gt_log'0 : [%#sord0] (x > y) = (cmp_log'0 x y = C_Greater'0) + goal vc_cmp_gt_log'0 : [%#sord0] UInt128.ugt x y = (cmp_log'0 x y = C_Greater'0) end module M_creusot_contracts__logic__ord__qyi13757098721041279861__refl [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 98 39 98 70 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 96 8 96 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.UInt128 @@ -1632,16 +1744,16 @@ module M_creusot_contracts__logic__ord__qyi13757098721041279861__refl [#"../../. | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.UInt128 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint128) (o : uint128) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : UInt128.t) (o : UInt128.t) : t_Ordering'0 = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord2] if UInt128.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 constant x : UInt128.t - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (x : uint128) : () + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (x : UInt128.t) : () goal vc_refl'0 : [%#sord0] cmp_log'0 x x = C_Equal'0 end @@ -1650,7 +1762,9 @@ module M_creusot_contracts__logic__ord__qyi13757098721041279861__trans [#"../../ let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 104 40 104 57 let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 105 39 105 56 let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 101 8 101 35 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.UInt128 @@ -1659,12 +1773,12 @@ module M_creusot_contracts__logic__ord__qyi13757098721041279861__trans [#"../../ | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.UInt128 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint128) (o : uint128) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : UInt128.t) (o : UInt128.t) : t_Ordering'0 = - [%#sord4] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord4] if UInt128.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 constant x : UInt128.t @@ -1674,7 +1788,7 @@ module M_creusot_contracts__logic__ord__qyi13757098721041279861__trans [#"../../ constant o : t_Ordering'0 - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56] (x : uint128) (y : uint128) (z : uint128) (o : t_Ordering'0) : () + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56] (x : UInt128.t) (y : UInt128.t) (z : UInt128.t) (o : t_Ordering'0) : () goal vc_trans'0 : ([%#sord1] cmp_log'0 y z = o) -> ([%#sord0] cmp_log'0 x y = o) -> ([%#sord2] cmp_log'0 x z = o) @@ -1683,7 +1797,9 @@ module M_creusot_contracts__logic__ord__qyi13757098721041279861__antisym1 [#"../ let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 110 40 110 70 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 111 39 111 72 let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 108 8 108 35 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.UInt128 @@ -1692,18 +1808,18 @@ module M_creusot_contracts__logic__ord__qyi13757098721041279861__antisym1 [#"../ | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.UInt128 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint128) (o : uint128) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : UInt128.t) (o : UInt128.t) : t_Ordering'0 = - [%#sord3] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord3] if UInt128.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 constant x : UInt128.t constant y : UInt128.t - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37] (x : uint128) (y : uint128) : () + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37] (x : UInt128.t) (y : UInt128.t) : () goal vc_antisym1'0 : ([%#sord0] cmp_log'0 x y = C_Less'0) -> ([%#sord1] cmp_log'0 y x = C_Greater'0) end @@ -1711,7 +1827,9 @@ module M_creusot_contracts__logic__ord__qyi13757098721041279861__antisym2 [#"../ let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 116 40 116 73 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 117 39 117 69 let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 114 8 114 35 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.UInt128 @@ -1720,25 +1838,27 @@ module M_creusot_contracts__logic__ord__qyi13757098721041279861__antisym2 [#"../ | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.UInt128 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint128) (o : uint128) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : UInt128.t) (o : UInt128.t) : t_Ordering'0 = - [%#sord3] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord3] if UInt128.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - constant x : uint128 + constant x : UInt128.t - constant y : uint128 + constant y : UInt128.t - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37] (x : uint128) (y : uint128) : () + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37] (x : UInt128.t) (y : UInt128.t) : () goal vc_antisym2'0 : ([%#sord0] cmp_log'0 x y = C_Greater'0) -> ([%#sord1] cmp_log'0 y x = C_Less'0) end module M_creusot_contracts__logic__ord__qyi13757098721041279861__eq_cmp [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 122 39 122 84 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 120 8 120 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.UInt128 @@ -1747,133 +1867,149 @@ module M_creusot_contracts__logic__ord__qyi13757098721041279861__eq_cmp [#"../.. | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.UInt128 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint128) (o : uint128) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : UInt128.t) (o : UInt128.t) : t_Ordering'0 = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord2] if UInt128.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 constant x : UInt128.t constant y : UInt128.t - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (x : uint128) (y : uint128) : () + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (x : UInt128.t) (y : UInt128.t) : () goal vc_eq_cmp'0 : [%#sord0] (x = y) = (cmp_log'0 x y = C_Equal'0) end module M_creusot_contracts__logic__ord__qyi8186105652185060096__cmp_le_log [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 78 39 78 89 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 76 8 76 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.UInt64 use prelude.prelude.Int - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : usize) (o : usize) : t_Ordering'0 + use prelude.prelude.UInt64 + + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : UInt64.t) (o : UInt64.t) : t_Ordering'0 = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord2] if UInt64.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 constant x : UInt64.t constant y : UInt64.t - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (x : usize) (y : usize) : () + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (x : UInt64.t) (y : UInt64.t) : () - goal vc_cmp_le_log'0 : [%#sord0] (x <= y) = (cmp_log'0 x y <> C_Greater'0) + goal vc_cmp_le_log'0 : [%#sord0] UInt64.ule x y = (cmp_log'0 x y <> C_Greater'0) end module M_creusot_contracts__logic__ord__qyi8186105652185060096__cmp_lt_log [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 83 39 83 86 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 81 8 81 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.UInt64 use prelude.prelude.Int - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : usize) (o : usize) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : UInt64.t) (o : UInt64.t) : t_Ordering'0 = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord2] if UInt64.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 constant x : UInt64.t constant y : UInt64.t - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (x : usize) (y : usize) : () + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (x : UInt64.t) (y : UInt64.t) : () - goal vc_cmp_lt_log'0 : [%#sord0] (x < y) = (cmp_log'0 x y = C_Less'0) + goal vc_cmp_lt_log'0 : [%#sord0] UInt64.ult x y = (cmp_log'0 x y = C_Less'0) end module M_creusot_contracts__logic__ord__qyi8186105652185060096__cmp_ge_log [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 88 39 88 86 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 86 8 86 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.UInt64 use prelude.prelude.Int - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : usize) (o : usize) : t_Ordering'0 + use prelude.prelude.UInt64 + + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : UInt64.t) (o : UInt64.t) : t_Ordering'0 = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord2] if UInt64.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 constant x : UInt64.t constant y : UInt64.t - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (x : usize) (y : usize) : () + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (x : UInt64.t) (y : UInt64.t) : () - goal vc_cmp_ge_log'0 : [%#sord0] (x >= y) = (cmp_log'0 x y <> C_Less'0) + goal vc_cmp_ge_log'0 : [%#sord0] UInt64.uge x y = (cmp_log'0 x y <> C_Less'0) end module M_creusot_contracts__logic__ord__qyi8186105652185060096__cmp_gt_log [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 93 39 93 89 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 91 8 91 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.UInt64 use prelude.prelude.Int - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : usize) (o : usize) : t_Ordering'0 + use prelude.prelude.UInt64 + + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : UInt64.t) (o : UInt64.t) : t_Ordering'0 = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord2] if UInt64.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 constant x : UInt64.t constant y : UInt64.t - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (x : usize) (y : usize) : () + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (x : UInt64.t) (y : UInt64.t) : () - goal vc_cmp_gt_log'0 : [%#sord0] (x > y) = (cmp_log'0 x y = C_Greater'0) + goal vc_cmp_gt_log'0 : [%#sord0] UInt64.ugt x y = (cmp_log'0 x y = C_Greater'0) end module M_creusot_contracts__logic__ord__qyi8186105652185060096__refl [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 98 39 98 70 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 96 8 96 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.UInt64 @@ -1882,16 +2018,16 @@ module M_creusot_contracts__logic__ord__qyi8186105652185060096__refl [#"../../.. | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.UInt64 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : usize) (o : usize) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : UInt64.t) (o : UInt64.t) : t_Ordering'0 = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord2] if UInt64.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 constant x : UInt64.t - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (x : usize) : () + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (x : UInt64.t) : () goal vc_refl'0 : [%#sord0] cmp_log'0 x x = C_Equal'0 end @@ -1900,7 +2036,9 @@ module M_creusot_contracts__logic__ord__qyi8186105652185060096__trans [#"../../. let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 104 40 104 57 let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 105 39 105 56 let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 101 8 101 35 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.UInt64 @@ -1909,12 +2047,12 @@ module M_creusot_contracts__logic__ord__qyi8186105652185060096__trans [#"../../. | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.UInt64 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : usize) (o : usize) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : UInt64.t) (o : UInt64.t) : t_Ordering'0 = - [%#sord4] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord4] if UInt64.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 constant x : UInt64.t @@ -1924,7 +2062,7 @@ module M_creusot_contracts__logic__ord__qyi8186105652185060096__trans [#"../../. constant o : t_Ordering'0 - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56] (x : usize) (y : usize) (z : usize) (o : t_Ordering'0) : () + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56] (x : UInt64.t) (y : UInt64.t) (z : UInt64.t) (o : t_Ordering'0) : () goal vc_trans'0 : ([%#sord1] cmp_log'0 y z = o) -> ([%#sord0] cmp_log'0 x y = o) -> ([%#sord2] cmp_log'0 x z = o) @@ -1933,7 +2071,9 @@ module M_creusot_contracts__logic__ord__qyi8186105652185060096__antisym1 [#"../. let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 110 40 110 70 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 111 39 111 72 let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 108 8 108 35 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.UInt64 @@ -1942,18 +2082,18 @@ module M_creusot_contracts__logic__ord__qyi8186105652185060096__antisym1 [#"../. | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.UInt64 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : usize) (o : usize) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : UInt64.t) (o : UInt64.t) : t_Ordering'0 = - [%#sord3] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord3] if UInt64.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 constant x : UInt64.t constant y : UInt64.t - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37] (x : usize) (y : usize) : () + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37] (x : UInt64.t) (y : UInt64.t) : () goal vc_antisym1'0 : ([%#sord0] cmp_log'0 x y = C_Less'0) -> ([%#sord1] cmp_log'0 y x = C_Greater'0) end @@ -1961,34 +2101,38 @@ module M_creusot_contracts__logic__ord__qyi8186105652185060096__antisym2 [#"../. let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 116 40 116 73 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 117 39 117 69 let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 114 8 114 35 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.UInt64 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : usize) (o : usize) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : UInt64.t) (o : UInt64.t) : t_Ordering'0 = - [%#sord3] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord3] if UInt64.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - constant x : usize + constant x : UInt64.t - constant y : usize + constant y : UInt64.t - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37] (x : usize) (y : usize) : () + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37] (x : UInt64.t) (y : UInt64.t) : () goal vc_antisym2'0 : ([%#sord0] cmp_log'0 x y = C_Greater'0) -> ([%#sord1] cmp_log'0 y x = C_Less'0) end module M_creusot_contracts__logic__ord__qyi8186105652185060096__eq_cmp [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 122 39 122 84 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 120 8 120 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.UInt64 @@ -1997,25 +2141,27 @@ module M_creusot_contracts__logic__ord__qyi8186105652185060096__eq_cmp [#"../../ | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.UInt64 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : usize) (o : usize) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : UInt64.t) (o : UInt64.t) : t_Ordering'0 = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord2] if UInt64.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 constant x : UInt64.t constant y : UInt64.t - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (x : usize) (y : usize) : () + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (x : UInt64.t) (y : UInt64.t) : () goal vc_eq_cmp'0 : [%#sord0] (x = y) = (cmp_log'0 x y = C_Equal'0) end module M_creusot_contracts__logic__ord__qyi18413678402769648790__cmp_le_log [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 78 39 78 89 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 76 8 76 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int8 use prelude.prelude.Int @@ -2026,23 +2172,27 @@ module M_creusot_contracts__logic__ord__qyi18413678402769648790__cmp_le_log [#". | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int8) (o : int8) : t_Ordering'0 + use prelude.prelude.Int8 + + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : Int8.t) (o : Int8.t) : t_Ordering'0 = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord2] if Int8.slt self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 constant x : Int8.t constant y : Int8.t - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (x : int8) (y : int8) : () + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (x : Int8.t) (y : Int8.t) : () - goal vc_cmp_le_log'0 : [%#sord0] (x <= y) = (cmp_log'0 x y <> C_Greater'0) + goal vc_cmp_le_log'0 : [%#sord0] Int8.sle x y = (cmp_log'0 x y <> C_Greater'0) end module M_creusot_contracts__logic__ord__qyi18413678402769648790__cmp_lt_log [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 83 39 83 86 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 81 8 81 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int8 use prelude.prelude.Int @@ -2053,23 +2203,25 @@ module M_creusot_contracts__logic__ord__qyi18413678402769648790__cmp_lt_log [#". | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int8) (o : int8) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : Int8.t) (o : Int8.t) : t_Ordering'0 = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord2] if Int8.slt self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 constant x : Int8.t constant y : Int8.t - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (x : int8) (y : int8) : () + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (x : Int8.t) (y : Int8.t) : () - goal vc_cmp_lt_log'0 : [%#sord0] (x < y) = (cmp_log'0 x y = C_Less'0) + goal vc_cmp_lt_log'0 : [%#sord0] Int8.slt x y = (cmp_log'0 x y = C_Less'0) end module M_creusot_contracts__logic__ord__qyi18413678402769648790__cmp_ge_log [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 88 39 88 86 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 86 8 86 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int8 use prelude.prelude.Int @@ -2080,23 +2232,27 @@ module M_creusot_contracts__logic__ord__qyi18413678402769648790__cmp_ge_log [#". | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int8) (o : int8) : t_Ordering'0 + use prelude.prelude.Int8 + + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : Int8.t) (o : Int8.t) : t_Ordering'0 = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord2] if Int8.slt self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 constant x : Int8.t constant y : Int8.t - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (x : int8) (y : int8) : () + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (x : Int8.t) (y : Int8.t) : () - goal vc_cmp_ge_log'0 : [%#sord0] (x >= y) = (cmp_log'0 x y <> C_Less'0) + goal vc_cmp_ge_log'0 : [%#sord0] Int8.sge x y = (cmp_log'0 x y <> C_Less'0) end module M_creusot_contracts__logic__ord__qyi18413678402769648790__cmp_gt_log [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 93 39 93 89 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 91 8 91 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int8 use prelude.prelude.Int @@ -2107,23 +2263,27 @@ module M_creusot_contracts__logic__ord__qyi18413678402769648790__cmp_gt_log [#". | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int8) (o : int8) : t_Ordering'0 + use prelude.prelude.Int8 + + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : Int8.t) (o : Int8.t) : t_Ordering'0 = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord2] if Int8.slt self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 constant x : Int8.t constant y : Int8.t - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (x : int8) (y : int8) : () + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (x : Int8.t) (y : Int8.t) : () - goal vc_cmp_gt_log'0 : [%#sord0] (x > y) = (cmp_log'0 x y = C_Greater'0) + goal vc_cmp_gt_log'0 : [%#sord0] Int8.sgt x y = (cmp_log'0 x y = C_Greater'0) end module M_creusot_contracts__logic__ord__qyi18413678402769648790__refl [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 98 39 98 70 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 96 8 96 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.Int8 @@ -2132,16 +2292,16 @@ module M_creusot_contracts__logic__ord__qyi18413678402769648790__refl [#"../../. | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.Int8 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int8) (o : int8) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : Int8.t) (o : Int8.t) : t_Ordering'0 = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord2] if Int8.slt self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 constant x : Int8.t - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (x : int8) : () + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (x : Int8.t) : () goal vc_refl'0 : [%#sord0] cmp_log'0 x x = C_Equal'0 end @@ -2150,7 +2310,9 @@ module M_creusot_contracts__logic__ord__qyi18413678402769648790__trans [#"../../ let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 104 40 104 57 let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 105 39 105 56 let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 101 8 101 35 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.Int8 @@ -2159,12 +2321,12 @@ module M_creusot_contracts__logic__ord__qyi18413678402769648790__trans [#"../../ | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.Int8 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int8) (o : int8) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : Int8.t) (o : Int8.t) : t_Ordering'0 = - [%#sord4] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord4] if Int8.slt self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 constant x : Int8.t @@ -2174,7 +2336,7 @@ module M_creusot_contracts__logic__ord__qyi18413678402769648790__trans [#"../../ constant o : t_Ordering'0 - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56] (x : int8) (y : int8) (z : int8) (o : t_Ordering'0) : () + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56] (x : Int8.t) (y : Int8.t) (z : Int8.t) (o : t_Ordering'0) : () goal vc_trans'0 : ([%#sord1] cmp_log'0 y z = o) -> ([%#sord0] cmp_log'0 x y = o) -> ([%#sord2] cmp_log'0 x z = o) @@ -2183,7 +2345,9 @@ module M_creusot_contracts__logic__ord__qyi18413678402769648790__antisym1 [#"../ let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 110 40 110 70 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 111 39 111 72 let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 108 8 108 35 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.Int8 @@ -2192,18 +2356,18 @@ module M_creusot_contracts__logic__ord__qyi18413678402769648790__antisym1 [#"../ | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.Int8 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int8) (o : int8) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : Int8.t) (o : Int8.t) : t_Ordering'0 = - [%#sord3] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord3] if Int8.slt self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 constant x : Int8.t constant y : Int8.t - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37] (x : int8) (y : int8) : () + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37] (x : Int8.t) (y : Int8.t) : () goal vc_antisym1'0 : ([%#sord0] cmp_log'0 x y = C_Less'0) -> ([%#sord1] cmp_log'0 y x = C_Greater'0) end @@ -2211,7 +2375,9 @@ module M_creusot_contracts__logic__ord__qyi18413678402769648790__antisym2 [#"../ let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 116 40 116 73 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 117 39 117 69 let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 114 8 114 35 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.Int8 @@ -2220,25 +2386,27 @@ module M_creusot_contracts__logic__ord__qyi18413678402769648790__antisym2 [#"../ | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.Int8 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int8) (o : int8) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : Int8.t) (o : Int8.t) : t_Ordering'0 = - [%#sord3] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord3] if Int8.slt self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - constant x : int8 + constant x : Int8.t - constant y : int8 + constant y : Int8.t - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37] (x : int8) (y : int8) : () + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37] (x : Int8.t) (y : Int8.t) : () goal vc_antisym2'0 : ([%#sord0] cmp_log'0 x y = C_Greater'0) -> ([%#sord1] cmp_log'0 y x = C_Less'0) end module M_creusot_contracts__logic__ord__qyi18413678402769648790__eq_cmp [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 122 39 122 84 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 120 8 120 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.Int8 @@ -2247,25 +2415,27 @@ module M_creusot_contracts__logic__ord__qyi18413678402769648790__eq_cmp [#"../.. | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.Int8 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int8) (o : int8) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : Int8.t) (o : Int8.t) : t_Ordering'0 = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord2] if Int8.slt self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 constant x : Int8.t constant y : Int8.t - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (x : int8) (y : int8) : () + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (x : Int8.t) (y : Int8.t) : () goal vc_eq_cmp'0 : [%#sord0] (x = y) = (cmp_log'0 x y = C_Equal'0) end module M_creusot_contracts__logic__ord__qyi8040194823849327911__cmp_le_log [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 78 39 78 89 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 76 8 76 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int16 use prelude.prelude.Int @@ -2276,23 +2446,27 @@ module M_creusot_contracts__logic__ord__qyi8040194823849327911__cmp_le_log [#".. | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int16) (o : int16) : t_Ordering'0 + use prelude.prelude.Int16 + + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : Int16.t) (o : Int16.t) : t_Ordering'0 = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord2] if Int16.slt self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 constant x : Int16.t constant y : Int16.t - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (x : int16) (y : int16) : () + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (x : Int16.t) (y : Int16.t) : () - goal vc_cmp_le_log'0 : [%#sord0] (x <= y) = (cmp_log'0 x y <> C_Greater'0) + goal vc_cmp_le_log'0 : [%#sord0] Int16.sle x y = (cmp_log'0 x y <> C_Greater'0) end module M_creusot_contracts__logic__ord__qyi8040194823849327911__cmp_lt_log [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 83 39 83 86 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 81 8 81 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int16 use prelude.prelude.Int @@ -2303,23 +2477,25 @@ module M_creusot_contracts__logic__ord__qyi8040194823849327911__cmp_lt_log [#".. | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int16) (o : int16) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : Int16.t) (o : Int16.t) : t_Ordering'0 = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord2] if Int16.slt self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 constant x : Int16.t constant y : Int16.t - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (x : int16) (y : int16) : () + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (x : Int16.t) (y : Int16.t) : () - goal vc_cmp_lt_log'0 : [%#sord0] (x < y) = (cmp_log'0 x y = C_Less'0) + goal vc_cmp_lt_log'0 : [%#sord0] Int16.slt x y = (cmp_log'0 x y = C_Less'0) end module M_creusot_contracts__logic__ord__qyi8040194823849327911__cmp_ge_log [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 88 39 88 86 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 86 8 86 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int16 use prelude.prelude.Int @@ -2330,23 +2506,27 @@ module M_creusot_contracts__logic__ord__qyi8040194823849327911__cmp_ge_log [#".. | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int16) (o : int16) : t_Ordering'0 + use prelude.prelude.Int16 + + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : Int16.t) (o : Int16.t) : t_Ordering'0 = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord2] if Int16.slt self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 constant x : Int16.t constant y : Int16.t - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (x : int16) (y : int16) : () + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (x : Int16.t) (y : Int16.t) : () - goal vc_cmp_ge_log'0 : [%#sord0] (x >= y) = (cmp_log'0 x y <> C_Less'0) + goal vc_cmp_ge_log'0 : [%#sord0] Int16.sge x y = (cmp_log'0 x y <> C_Less'0) end module M_creusot_contracts__logic__ord__qyi8040194823849327911__cmp_gt_log [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 93 39 93 89 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 91 8 91 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int16 use prelude.prelude.Int @@ -2357,23 +2537,27 @@ module M_creusot_contracts__logic__ord__qyi8040194823849327911__cmp_gt_log [#".. | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int16) (o : int16) : t_Ordering'0 + use prelude.prelude.Int16 + + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : Int16.t) (o : Int16.t) : t_Ordering'0 = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord2] if Int16.slt self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 constant x : Int16.t constant y : Int16.t - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (x : int16) (y : int16) : () + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (x : Int16.t) (y : Int16.t) : () - goal vc_cmp_gt_log'0 : [%#sord0] (x > y) = (cmp_log'0 x y = C_Greater'0) + goal vc_cmp_gt_log'0 : [%#sord0] Int16.sgt x y = (cmp_log'0 x y = C_Greater'0) end module M_creusot_contracts__logic__ord__qyi8040194823849327911__refl [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 98 39 98 70 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 96 8 96 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.Int16 @@ -2382,16 +2566,16 @@ module M_creusot_contracts__logic__ord__qyi8040194823849327911__refl [#"../../.. | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.Int16 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int16) (o : int16) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : Int16.t) (o : Int16.t) : t_Ordering'0 = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord2] if Int16.slt self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 constant x : Int16.t - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (x : int16) : () + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (x : Int16.t) : () goal vc_refl'0 : [%#sord0] cmp_log'0 x x = C_Equal'0 end @@ -2400,7 +2584,9 @@ module M_creusot_contracts__logic__ord__qyi8040194823849327911__trans [#"../../. let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 104 40 104 57 let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 105 39 105 56 let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 101 8 101 35 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.Int16 @@ -2409,12 +2595,12 @@ module M_creusot_contracts__logic__ord__qyi8040194823849327911__trans [#"../../. | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.Int16 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int16) (o : int16) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : Int16.t) (o : Int16.t) : t_Ordering'0 = - [%#sord4] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord4] if Int16.slt self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 constant x : Int16.t @@ -2424,7 +2610,7 @@ module M_creusot_contracts__logic__ord__qyi8040194823849327911__trans [#"../../. constant o : t_Ordering'0 - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56] (x : int16) (y : int16) (z : int16) (o : t_Ordering'0) : () + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56] (x : Int16.t) (y : Int16.t) (z : Int16.t) (o : t_Ordering'0) : () goal vc_trans'0 : ([%#sord1] cmp_log'0 y z = o) -> ([%#sord0] cmp_log'0 x y = o) -> ([%#sord2] cmp_log'0 x z = o) @@ -2433,7 +2619,9 @@ module M_creusot_contracts__logic__ord__qyi8040194823849327911__antisym1 [#"../. let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 110 40 110 70 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 111 39 111 72 let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 108 8 108 35 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.Int16 @@ -2442,18 +2630,18 @@ module M_creusot_contracts__logic__ord__qyi8040194823849327911__antisym1 [#"../. | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.Int16 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int16) (o : int16) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : Int16.t) (o : Int16.t) : t_Ordering'0 = - [%#sord3] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord3] if Int16.slt self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 constant x : Int16.t constant y : Int16.t - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37] (x : int16) (y : int16) : () + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37] (x : Int16.t) (y : Int16.t) : () goal vc_antisym1'0 : ([%#sord0] cmp_log'0 x y = C_Less'0) -> ([%#sord1] cmp_log'0 y x = C_Greater'0) end @@ -2461,7 +2649,9 @@ module M_creusot_contracts__logic__ord__qyi8040194823849327911__antisym2 [#"../. let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 116 40 116 73 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 117 39 117 69 let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 114 8 114 35 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.Int16 @@ -2470,25 +2660,27 @@ module M_creusot_contracts__logic__ord__qyi8040194823849327911__antisym2 [#"../. | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.Int16 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int16) (o : int16) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : Int16.t) (o : Int16.t) : t_Ordering'0 = - [%#sord3] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord3] if Int16.slt self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - constant x : int16 + constant x : Int16.t - constant y : int16 + constant y : Int16.t - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37] (x : int16) (y : int16) : () + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37] (x : Int16.t) (y : Int16.t) : () goal vc_antisym2'0 : ([%#sord0] cmp_log'0 x y = C_Greater'0) -> ([%#sord1] cmp_log'0 y x = C_Less'0) end module M_creusot_contracts__logic__ord__qyi8040194823849327911__eq_cmp [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 122 39 122 84 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 120 8 120 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.Int16 @@ -2497,25 +2689,27 @@ module M_creusot_contracts__logic__ord__qyi8040194823849327911__eq_cmp [#"../../ | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.Int16 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int16) (o : int16) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : Int16.t) (o : Int16.t) : t_Ordering'0 = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord2] if Int16.slt self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 constant x : Int16.t constant y : Int16.t - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (x : int16) (y : int16) : () + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (x : Int16.t) (y : Int16.t) : () goal vc_eq_cmp'0 : [%#sord0] (x = y) = (cmp_log'0 x y = C_Equal'0) end module M_creusot_contracts__logic__ord__qyi211457485035727011__cmp_le_log [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 78 39 78 89 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 76 8 76 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int32 use prelude.prelude.Int @@ -2526,23 +2720,27 @@ module M_creusot_contracts__logic__ord__qyi211457485035727011__cmp_le_log [#"../ | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int32) (o : int32) : t_Ordering'0 + use prelude.prelude.Int32 + + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : Int32.t) (o : Int32.t) : t_Ordering'0 = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord2] if Int32.slt self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 constant x : Int32.t constant y : Int32.t - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (x : int32) (y : int32) : () + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (x : Int32.t) (y : Int32.t) : () - goal vc_cmp_le_log'0 : [%#sord0] (x <= y) = (cmp_log'0 x y <> C_Greater'0) + goal vc_cmp_le_log'0 : [%#sord0] Int32.sle x y = (cmp_log'0 x y <> C_Greater'0) end module M_creusot_contracts__logic__ord__qyi211457485035727011__cmp_lt_log [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 83 39 83 86 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 81 8 81 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int32 use prelude.prelude.Int @@ -2553,23 +2751,25 @@ module M_creusot_contracts__logic__ord__qyi211457485035727011__cmp_lt_log [#"../ | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int32) (o : int32) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : Int32.t) (o : Int32.t) : t_Ordering'0 = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord2] if Int32.slt self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 constant x : Int32.t constant y : Int32.t - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (x : int32) (y : int32) : () + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (x : Int32.t) (y : Int32.t) : () - goal vc_cmp_lt_log'0 : [%#sord0] (x < y) = (cmp_log'0 x y = C_Less'0) + goal vc_cmp_lt_log'0 : [%#sord0] Int32.slt x y = (cmp_log'0 x y = C_Less'0) end module M_creusot_contracts__logic__ord__qyi211457485035727011__cmp_ge_log [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 88 39 88 86 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 86 8 86 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int32 use prelude.prelude.Int @@ -2580,23 +2780,27 @@ module M_creusot_contracts__logic__ord__qyi211457485035727011__cmp_ge_log [#"../ | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int32) (o : int32) : t_Ordering'0 + use prelude.prelude.Int32 + + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : Int32.t) (o : Int32.t) : t_Ordering'0 = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord2] if Int32.slt self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 constant x : Int32.t constant y : Int32.t - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (x : int32) (y : int32) : () + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (x : Int32.t) (y : Int32.t) : () - goal vc_cmp_ge_log'0 : [%#sord0] (x >= y) = (cmp_log'0 x y <> C_Less'0) + goal vc_cmp_ge_log'0 : [%#sord0] Int32.sge x y = (cmp_log'0 x y <> C_Less'0) end module M_creusot_contracts__logic__ord__qyi211457485035727011__cmp_gt_log [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 93 39 93 89 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 91 8 91 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int32 use prelude.prelude.Int @@ -2607,23 +2811,27 @@ module M_creusot_contracts__logic__ord__qyi211457485035727011__cmp_gt_log [#"../ | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int32) (o : int32) : t_Ordering'0 + use prelude.prelude.Int32 + + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : Int32.t) (o : Int32.t) : t_Ordering'0 = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord2] if Int32.slt self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 constant x : Int32.t constant y : Int32.t - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (x : int32) (y : int32) : () + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (x : Int32.t) (y : Int32.t) : () - goal vc_cmp_gt_log'0 : [%#sord0] (x > y) = (cmp_log'0 x y = C_Greater'0) + goal vc_cmp_gt_log'0 : [%#sord0] Int32.sgt x y = (cmp_log'0 x y = C_Greater'0) end module M_creusot_contracts__logic__ord__qyi211457485035727011__refl [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 98 39 98 70 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 96 8 96 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.Int32 @@ -2632,16 +2840,16 @@ module M_creusot_contracts__logic__ord__qyi211457485035727011__refl [#"../../../ | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.Int32 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int32) (o : int32) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : Int32.t) (o : Int32.t) : t_Ordering'0 = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord2] if Int32.slt self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 constant x : Int32.t - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (x : int32) : () + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (x : Int32.t) : () goal vc_refl'0 : [%#sord0] cmp_log'0 x x = C_Equal'0 end @@ -2650,7 +2858,9 @@ module M_creusot_contracts__logic__ord__qyi211457485035727011__trans [#"../../.. let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 104 40 104 57 let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 105 39 105 56 let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 101 8 101 35 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.Int32 @@ -2659,12 +2869,12 @@ module M_creusot_contracts__logic__ord__qyi211457485035727011__trans [#"../../.. | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.Int32 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int32) (o : int32) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : Int32.t) (o : Int32.t) : t_Ordering'0 = - [%#sord4] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord4] if Int32.slt self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 constant x : Int32.t @@ -2674,7 +2884,7 @@ module M_creusot_contracts__logic__ord__qyi211457485035727011__trans [#"../../.. constant o : t_Ordering'0 - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56] (x : int32) (y : int32) (z : int32) (o : t_Ordering'0) : () + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56] (x : Int32.t) (y : Int32.t) (z : Int32.t) (o : t_Ordering'0) : () goal vc_trans'0 : ([%#sord1] cmp_log'0 y z = o) -> ([%#sord0] cmp_log'0 x y = o) -> ([%#sord2] cmp_log'0 x z = o) @@ -2683,7 +2893,9 @@ module M_creusot_contracts__logic__ord__qyi211457485035727011__antisym1 [#"../.. let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 110 40 110 70 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 111 39 111 72 let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 108 8 108 35 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.Int32 @@ -2692,18 +2904,18 @@ module M_creusot_contracts__logic__ord__qyi211457485035727011__antisym1 [#"../.. | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.Int32 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int32) (o : int32) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : Int32.t) (o : Int32.t) : t_Ordering'0 = - [%#sord3] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord3] if Int32.slt self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 constant x : Int32.t constant y : Int32.t - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37] (x : int32) (y : int32) : () + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37] (x : Int32.t) (y : Int32.t) : () goal vc_antisym1'0 : ([%#sord0] cmp_log'0 x y = C_Less'0) -> ([%#sord1] cmp_log'0 y x = C_Greater'0) end @@ -2711,7 +2923,9 @@ module M_creusot_contracts__logic__ord__qyi211457485035727011__antisym2 [#"../.. let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 116 40 116 73 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 117 39 117 69 let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 114 8 114 35 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.Int32 @@ -2720,25 +2934,27 @@ module M_creusot_contracts__logic__ord__qyi211457485035727011__antisym2 [#"../.. | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.Int32 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int32) (o : int32) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : Int32.t) (o : Int32.t) : t_Ordering'0 = - [%#sord3] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord3] if Int32.slt self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - constant x : int32 + constant x : Int32.t - constant y : int32 + constant y : Int32.t - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37] (x : int32) (y : int32) : () + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37] (x : Int32.t) (y : Int32.t) : () goal vc_antisym2'0 : ([%#sord0] cmp_log'0 x y = C_Greater'0) -> ([%#sord1] cmp_log'0 y x = C_Less'0) end module M_creusot_contracts__logic__ord__qyi211457485035727011__eq_cmp [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 122 39 122 84 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 120 8 120 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.Int32 @@ -2747,25 +2963,27 @@ module M_creusot_contracts__logic__ord__qyi211457485035727011__eq_cmp [#"../../. | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.Int32 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int32) (o : int32) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : Int32.t) (o : Int32.t) : t_Ordering'0 = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord2] if Int32.slt self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 constant x : Int32.t constant y : Int32.t - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (x : int32) (y : int32) : () + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (x : Int32.t) (y : Int32.t) : () goal vc_eq_cmp'0 : [%#sord0] (x = y) = (cmp_log'0 x y = C_Equal'0) end module M_creusot_contracts__logic__ord__qyi2565746305859701215__cmp_le_log [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 78 39 78 89 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 76 8 76 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int64 use prelude.prelude.Int @@ -2776,23 +2994,27 @@ module M_creusot_contracts__logic__ord__qyi2565746305859701215__cmp_le_log [#".. | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int64) (o : int64) : t_Ordering'0 + use prelude.prelude.Int64 + + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : Int64.t) (o : Int64.t) : t_Ordering'0 = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord2] if Int64.slt self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 constant x : Int64.t constant y : Int64.t - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (x : int64) (y : int64) : () + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (x : Int64.t) (y : Int64.t) : () - goal vc_cmp_le_log'0 : [%#sord0] (x <= y) = (cmp_log'0 x y <> C_Greater'0) + goal vc_cmp_le_log'0 : [%#sord0] Int64.sle x y = (cmp_log'0 x y <> C_Greater'0) end module M_creusot_contracts__logic__ord__qyi2565746305859701215__cmp_lt_log [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 83 39 83 86 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 81 8 81 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int64 use prelude.prelude.Int @@ -2803,23 +3025,25 @@ module M_creusot_contracts__logic__ord__qyi2565746305859701215__cmp_lt_log [#".. | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int64) (o : int64) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : Int64.t) (o : Int64.t) : t_Ordering'0 = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord2] if Int64.slt self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 constant x : Int64.t constant y : Int64.t - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (x : int64) (y : int64) : () + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (x : Int64.t) (y : Int64.t) : () - goal vc_cmp_lt_log'0 : [%#sord0] (x < y) = (cmp_log'0 x y = C_Less'0) + goal vc_cmp_lt_log'0 : [%#sord0] Int64.slt x y = (cmp_log'0 x y = C_Less'0) end module M_creusot_contracts__logic__ord__qyi2565746305859701215__cmp_ge_log [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 88 39 88 86 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 86 8 86 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int64 use prelude.prelude.Int @@ -2830,23 +3054,27 @@ module M_creusot_contracts__logic__ord__qyi2565746305859701215__cmp_ge_log [#".. | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int64) (o : int64) : t_Ordering'0 + use prelude.prelude.Int64 + + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : Int64.t) (o : Int64.t) : t_Ordering'0 = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord2] if Int64.slt self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 constant x : Int64.t constant y : Int64.t - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (x : int64) (y : int64) : () + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (x : Int64.t) (y : Int64.t) : () - goal vc_cmp_ge_log'0 : [%#sord0] (x >= y) = (cmp_log'0 x y <> C_Less'0) + goal vc_cmp_ge_log'0 : [%#sord0] Int64.sge x y = (cmp_log'0 x y <> C_Less'0) end module M_creusot_contracts__logic__ord__qyi2565746305859701215__cmp_gt_log [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 93 39 93 89 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 91 8 91 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int64 use prelude.prelude.Int @@ -2857,23 +3085,27 @@ module M_creusot_contracts__logic__ord__qyi2565746305859701215__cmp_gt_log [#".. | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int64) (o : int64) : t_Ordering'0 + use prelude.prelude.Int64 + + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : Int64.t) (o : Int64.t) : t_Ordering'0 = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord2] if Int64.slt self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 constant x : Int64.t constant y : Int64.t - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (x : int64) (y : int64) : () + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (x : Int64.t) (y : Int64.t) : () - goal vc_cmp_gt_log'0 : [%#sord0] (x > y) = (cmp_log'0 x y = C_Greater'0) + goal vc_cmp_gt_log'0 : [%#sord0] Int64.sgt x y = (cmp_log'0 x y = C_Greater'0) end module M_creusot_contracts__logic__ord__qyi2565746305859701215__refl [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 98 39 98 70 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 96 8 96 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.Int64 @@ -2882,16 +3114,16 @@ module M_creusot_contracts__logic__ord__qyi2565746305859701215__refl [#"../../.. | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.Int64 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int64) (o : int64) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : Int64.t) (o : Int64.t) : t_Ordering'0 = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord2] if Int64.slt self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 constant x : Int64.t - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (x : int64) : () + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (x : Int64.t) : () goal vc_refl'0 : [%#sord0] cmp_log'0 x x = C_Equal'0 end @@ -2900,7 +3132,9 @@ module M_creusot_contracts__logic__ord__qyi2565746305859701215__trans [#"../../. let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 104 40 104 57 let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 105 39 105 56 let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 101 8 101 35 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.Int64 @@ -2909,12 +3143,12 @@ module M_creusot_contracts__logic__ord__qyi2565746305859701215__trans [#"../../. | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.Int64 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int64) (o : int64) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : Int64.t) (o : Int64.t) : t_Ordering'0 = - [%#sord4] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord4] if Int64.slt self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 constant x : Int64.t @@ -2924,7 +3158,7 @@ module M_creusot_contracts__logic__ord__qyi2565746305859701215__trans [#"../../. constant o : t_Ordering'0 - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56] (x : int64) (y : int64) (z : int64) (o : t_Ordering'0) : () + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56] (x : Int64.t) (y : Int64.t) (z : Int64.t) (o : t_Ordering'0) : () goal vc_trans'0 : ([%#sord1] cmp_log'0 y z = o) -> ([%#sord0] cmp_log'0 x y = o) -> ([%#sord2] cmp_log'0 x z = o) @@ -2933,7 +3167,9 @@ module M_creusot_contracts__logic__ord__qyi2565746305859701215__antisym1 [#"../. let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 110 40 110 70 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 111 39 111 72 let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 108 8 108 35 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.Int64 @@ -2942,18 +3178,18 @@ module M_creusot_contracts__logic__ord__qyi2565746305859701215__antisym1 [#"../. | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.Int64 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int64) (o : int64) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : Int64.t) (o : Int64.t) : t_Ordering'0 = - [%#sord3] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord3] if Int64.slt self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 constant x : Int64.t constant y : Int64.t - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37] (x : int64) (y : int64) : () + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37] (x : Int64.t) (y : Int64.t) : () goal vc_antisym1'0 : ([%#sord0] cmp_log'0 x y = C_Less'0) -> ([%#sord1] cmp_log'0 y x = C_Greater'0) end @@ -2961,7 +3197,9 @@ module M_creusot_contracts__logic__ord__qyi2565746305859701215__antisym2 [#"../. let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 116 40 116 73 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 117 39 117 69 let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 114 8 114 35 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.Int64 @@ -2970,25 +3208,27 @@ module M_creusot_contracts__logic__ord__qyi2565746305859701215__antisym2 [#"../. | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.Int64 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int64) (o : int64) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : Int64.t) (o : Int64.t) : t_Ordering'0 = - [%#sord3] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord3] if Int64.slt self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - constant x : int64 + constant x : Int64.t - constant y : int64 + constant y : Int64.t - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37] (x : int64) (y : int64) : () + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37] (x : Int64.t) (y : Int64.t) : () goal vc_antisym2'0 : ([%#sord0] cmp_log'0 x y = C_Greater'0) -> ([%#sord1] cmp_log'0 y x = C_Less'0) end module M_creusot_contracts__logic__ord__qyi2565746305859701215__eq_cmp [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 122 39 122 84 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 120 8 120 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.Int64 @@ -2997,25 +3237,27 @@ module M_creusot_contracts__logic__ord__qyi2565746305859701215__eq_cmp [#"../../ | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.Int64 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int64) (o : int64) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : Int64.t) (o : Int64.t) : t_Ordering'0 = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord2] if Int64.slt self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 constant x : Int64.t constant y : Int64.t - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (x : int64) (y : int64) : () + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (x : Int64.t) (y : Int64.t) : () goal vc_eq_cmp'0 : [%#sord0] (x = y) = (cmp_log'0 x y = C_Equal'0) end module M_creusot_contracts__logic__ord__qyi2364657485180829964__cmp_le_log [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 78 39 78 89 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 76 8 76 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int128 use prelude.prelude.Int @@ -3026,23 +3268,27 @@ module M_creusot_contracts__logic__ord__qyi2364657485180829964__cmp_le_log [#".. | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int128) (o : int128) : t_Ordering'0 + use prelude.prelude.Int128 + + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : Int128.t) (o : Int128.t) : t_Ordering'0 = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord2] if Int128.slt self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 constant x : Int128.t constant y : Int128.t - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (x : int128) (y : int128) : () + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (x : Int128.t) (y : Int128.t) : () - goal vc_cmp_le_log'0 : [%#sord0] (x <= y) = (cmp_log'0 x y <> C_Greater'0) + goal vc_cmp_le_log'0 : [%#sord0] Int128.sle x y = (cmp_log'0 x y <> C_Greater'0) end module M_creusot_contracts__logic__ord__qyi2364657485180829964__cmp_lt_log [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 83 39 83 86 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 81 8 81 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int128 use prelude.prelude.Int @@ -3053,23 +3299,25 @@ module M_creusot_contracts__logic__ord__qyi2364657485180829964__cmp_lt_log [#".. | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int128) (o : int128) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : Int128.t) (o : Int128.t) : t_Ordering'0 = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord2] if Int128.slt self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 constant x : Int128.t constant y : Int128.t - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (x : int128) (y : int128) : () + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (x : Int128.t) (y : Int128.t) : () - goal vc_cmp_lt_log'0 : [%#sord0] (x < y) = (cmp_log'0 x y = C_Less'0) + goal vc_cmp_lt_log'0 : [%#sord0] Int128.slt x y = (cmp_log'0 x y = C_Less'0) end module M_creusot_contracts__logic__ord__qyi2364657485180829964__cmp_ge_log [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 88 39 88 86 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 86 8 86 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int128 use prelude.prelude.Int @@ -3080,23 +3328,27 @@ module M_creusot_contracts__logic__ord__qyi2364657485180829964__cmp_ge_log [#".. | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int128) (o : int128) : t_Ordering'0 + use prelude.prelude.Int128 + + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : Int128.t) (o : Int128.t) : t_Ordering'0 = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord2] if Int128.slt self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 constant x : Int128.t constant y : Int128.t - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (x : int128) (y : int128) : () + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (x : Int128.t) (y : Int128.t) : () - goal vc_cmp_ge_log'0 : [%#sord0] (x >= y) = (cmp_log'0 x y <> C_Less'0) + goal vc_cmp_ge_log'0 : [%#sord0] Int128.sge x y = (cmp_log'0 x y <> C_Less'0) end module M_creusot_contracts__logic__ord__qyi2364657485180829964__cmp_gt_log [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 93 39 93 89 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 91 8 91 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int128 use prelude.prelude.Int @@ -3107,23 +3359,27 @@ module M_creusot_contracts__logic__ord__qyi2364657485180829964__cmp_gt_log [#".. | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int128) (o : int128) : t_Ordering'0 + use prelude.prelude.Int128 + + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : Int128.t) (o : Int128.t) : t_Ordering'0 = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord2] if Int128.slt self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 constant x : Int128.t constant y : Int128.t - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (x : int128) (y : int128) : () + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (x : Int128.t) (y : Int128.t) : () - goal vc_cmp_gt_log'0 : [%#sord0] (x > y) = (cmp_log'0 x y = C_Greater'0) + goal vc_cmp_gt_log'0 : [%#sord0] Int128.sgt x y = (cmp_log'0 x y = C_Greater'0) end module M_creusot_contracts__logic__ord__qyi2364657485180829964__refl [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 98 39 98 70 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 96 8 96 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.Int128 @@ -3132,16 +3388,16 @@ module M_creusot_contracts__logic__ord__qyi2364657485180829964__refl [#"../../.. | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.Int128 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int128) (o : int128) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : Int128.t) (o : Int128.t) : t_Ordering'0 = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord2] if Int128.slt self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 constant x : Int128.t - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (x : int128) : () + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (x : Int128.t) : () goal vc_refl'0 : [%#sord0] cmp_log'0 x x = C_Equal'0 end @@ -3150,7 +3406,9 @@ module M_creusot_contracts__logic__ord__qyi2364657485180829964__trans [#"../../. let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 104 40 104 57 let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 105 39 105 56 let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 101 8 101 35 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.Int128 @@ -3159,12 +3417,12 @@ module M_creusot_contracts__logic__ord__qyi2364657485180829964__trans [#"../../. | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.Int128 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int128) (o : int128) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : Int128.t) (o : Int128.t) : t_Ordering'0 = - [%#sord4] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord4] if Int128.slt self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 constant x : Int128.t @@ -3174,7 +3432,7 @@ module M_creusot_contracts__logic__ord__qyi2364657485180829964__trans [#"../../. constant o : t_Ordering'0 - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56] (x : int128) (y : int128) (z : int128) (o : t_Ordering'0) : () + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56] (x : Int128.t) (y : Int128.t) (z : Int128.t) (o : t_Ordering'0) : () goal vc_trans'0 : ([%#sord1] cmp_log'0 y z = o) -> ([%#sord0] cmp_log'0 x y = o) -> ([%#sord2] cmp_log'0 x z = o) @@ -3183,7 +3441,9 @@ module M_creusot_contracts__logic__ord__qyi2364657485180829964__antisym1 [#"../. let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 110 40 110 70 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 111 39 111 72 let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 108 8 108 35 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.Int128 @@ -3192,18 +3452,18 @@ module M_creusot_contracts__logic__ord__qyi2364657485180829964__antisym1 [#"../. | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.Int128 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int128) (o : int128) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : Int128.t) (o : Int128.t) : t_Ordering'0 = - [%#sord3] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord3] if Int128.slt self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 constant x : Int128.t constant y : Int128.t - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37] (x : int128) (y : int128) : () + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37] (x : Int128.t) (y : Int128.t) : () goal vc_antisym1'0 : ([%#sord0] cmp_log'0 x y = C_Less'0) -> ([%#sord1] cmp_log'0 y x = C_Greater'0) end @@ -3211,7 +3471,9 @@ module M_creusot_contracts__logic__ord__qyi2364657485180829964__antisym2 [#"../. let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 116 40 116 73 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 117 39 117 69 let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 114 8 114 35 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.Int128 @@ -3220,25 +3482,27 @@ module M_creusot_contracts__logic__ord__qyi2364657485180829964__antisym2 [#"../. | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.Int128 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int128) (o : int128) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : Int128.t) (o : Int128.t) : t_Ordering'0 = - [%#sord3] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord3] if Int128.slt self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - constant x : int128 + constant x : Int128.t - constant y : int128 + constant y : Int128.t - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37] (x : int128) (y : int128) : () + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37] (x : Int128.t) (y : Int128.t) : () goal vc_antisym2'0 : ([%#sord0] cmp_log'0 x y = C_Greater'0) -> ([%#sord1] cmp_log'0 y x = C_Less'0) end module M_creusot_contracts__logic__ord__qyi2364657485180829964__eq_cmp [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 122 39 122 84 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 120 8 120 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.Int128 @@ -3247,133 +3511,149 @@ module M_creusot_contracts__logic__ord__qyi2364657485180829964__eq_cmp [#"../../ | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.Int128 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int128) (o : int128) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : Int128.t) (o : Int128.t) : t_Ordering'0 = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord2] if Int128.slt self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 constant x : Int128.t constant y : Int128.t - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (x : int128) (y : int128) : () + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (x : Int128.t) (y : Int128.t) : () goal vc_eq_cmp'0 : [%#sord0] (x = y) = (cmp_log'0 x y = C_Equal'0) end module M_creusot_contracts__logic__ord__qyi8047313880300482848__cmp_le_log [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 78 39 78 89 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 76 8 76 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int64 use prelude.prelude.Int - use prelude.prelude.IntSize + use prelude.prelude.Int64 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : isize) (o : isize) : t_Ordering'0 + use prelude.prelude.Int64 + + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : Int64.t) (o : Int64.t) : t_Ordering'0 = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord2] if Int64.slt self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 constant x : Int64.t constant y : Int64.t - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (x : isize) (y : isize) : () + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (x : Int64.t) (y : Int64.t) : () - goal vc_cmp_le_log'0 : [%#sord0] (x <= y) = (cmp_log'0 x y <> C_Greater'0) + goal vc_cmp_le_log'0 : [%#sord0] Int64.sle x y = (cmp_log'0 x y <> C_Greater'0) end module M_creusot_contracts__logic__ord__qyi8047313880300482848__cmp_lt_log [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 83 39 83 86 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 81 8 81 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int64 use prelude.prelude.Int - use prelude.prelude.IntSize + use prelude.prelude.Int64 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : isize) (o : isize) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : Int64.t) (o : Int64.t) : t_Ordering'0 = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord2] if Int64.slt self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 constant x : Int64.t constant y : Int64.t - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (x : isize) (y : isize) : () + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (x : Int64.t) (y : Int64.t) : () - goal vc_cmp_lt_log'0 : [%#sord0] (x < y) = (cmp_log'0 x y = C_Less'0) + goal vc_cmp_lt_log'0 : [%#sord0] Int64.slt x y = (cmp_log'0 x y = C_Less'0) end module M_creusot_contracts__logic__ord__qyi8047313880300482848__cmp_ge_log [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 88 39 88 86 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 86 8 86 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int64 use prelude.prelude.Int - use prelude.prelude.IntSize + use prelude.prelude.Int64 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : isize) (o : isize) : t_Ordering'0 + use prelude.prelude.Int64 + + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : Int64.t) (o : Int64.t) : t_Ordering'0 = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord2] if Int64.slt self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 constant x : Int64.t constant y : Int64.t - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (x : isize) (y : isize) : () + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (x : Int64.t) (y : Int64.t) : () - goal vc_cmp_ge_log'0 : [%#sord0] (x >= y) = (cmp_log'0 x y <> C_Less'0) + goal vc_cmp_ge_log'0 : [%#sord0] Int64.sge x y = (cmp_log'0 x y <> C_Less'0) end module M_creusot_contracts__logic__ord__qyi8047313880300482848__cmp_gt_log [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 93 39 93 89 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 91 8 91 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int64 use prelude.prelude.Int - use prelude.prelude.IntSize + use prelude.prelude.Int64 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : isize) (o : isize) : t_Ordering'0 + use prelude.prelude.Int64 + + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : Int64.t) (o : Int64.t) : t_Ordering'0 = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord2] if Int64.slt self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 constant x : Int64.t constant y : Int64.t - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (x : isize) (y : isize) : () + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (x : Int64.t) (y : Int64.t) : () - goal vc_cmp_gt_log'0 : [%#sord0] (x > y) = (cmp_log'0 x y = C_Greater'0) + goal vc_cmp_gt_log'0 : [%#sord0] Int64.sgt x y = (cmp_log'0 x y = C_Greater'0) end module M_creusot_contracts__logic__ord__qyi8047313880300482848__refl [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 98 39 98 70 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 96 8 96 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.Int64 @@ -3382,16 +3662,16 @@ module M_creusot_contracts__logic__ord__qyi8047313880300482848__refl [#"../../.. | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.Int64 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : isize) (o : isize) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : Int64.t) (o : Int64.t) : t_Ordering'0 = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord2] if Int64.slt self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 constant x : Int64.t - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (x : isize) : () + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (x : Int64.t) : () goal vc_refl'0 : [%#sord0] cmp_log'0 x x = C_Equal'0 end @@ -3400,7 +3680,9 @@ module M_creusot_contracts__logic__ord__qyi8047313880300482848__trans [#"../../. let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 104 40 104 57 let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 105 39 105 56 let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 101 8 101 35 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.Int64 @@ -3409,12 +3691,12 @@ module M_creusot_contracts__logic__ord__qyi8047313880300482848__trans [#"../../. | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.Int64 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : isize) (o : isize) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : Int64.t) (o : Int64.t) : t_Ordering'0 = - [%#sord4] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord4] if Int64.slt self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 constant x : Int64.t @@ -3424,7 +3706,7 @@ module M_creusot_contracts__logic__ord__qyi8047313880300482848__trans [#"../../. constant o : t_Ordering'0 - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56] (x : isize) (y : isize) (z : isize) (o : t_Ordering'0) : () + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56] (x : Int64.t) (y : Int64.t) (z : Int64.t) (o : t_Ordering'0) : () goal vc_trans'0 : ([%#sord1] cmp_log'0 y z = o) -> ([%#sord0] cmp_log'0 x y = o) -> ([%#sord2] cmp_log'0 x z = o) @@ -3433,7 +3715,9 @@ module M_creusot_contracts__logic__ord__qyi8047313880300482848__antisym1 [#"../. let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 110 40 110 70 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 111 39 111 72 let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 108 8 108 35 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.Int64 @@ -3442,18 +3726,18 @@ module M_creusot_contracts__logic__ord__qyi8047313880300482848__antisym1 [#"../. | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.Int64 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : isize) (o : isize) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : Int64.t) (o : Int64.t) : t_Ordering'0 = - [%#sord3] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord3] if Int64.slt self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 constant x : Int64.t constant y : Int64.t - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37] (x : isize) (y : isize) : () + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37] (x : Int64.t) (y : Int64.t) : () goal vc_antisym1'0 : ([%#sord0] cmp_log'0 x y = C_Less'0) -> ([%#sord1] cmp_log'0 y x = C_Greater'0) end @@ -3461,34 +3745,38 @@ module M_creusot_contracts__logic__ord__qyi8047313880300482848__antisym2 [#"../. let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 116 40 116 73 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 117 39 117 69 let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 114 8 114 35 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 - use prelude.prelude.IntSize + use prelude.prelude.Int + + use prelude.prelude.Int64 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.Int64 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : isize) (o : isize) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : Int64.t) (o : Int64.t) : t_Ordering'0 = - [%#sord3] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord3] if Int64.slt self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - constant x : isize + constant x : Int64.t - constant y : isize + constant y : Int64.t - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37] (x : isize) (y : isize) : () + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37] (x : Int64.t) (y : Int64.t) : () goal vc_antisym2'0 : ([%#sord0] cmp_log'0 x y = C_Greater'0) -> ([%#sord1] cmp_log'0 y x = C_Less'0) end module M_creusot_contracts__logic__ord__qyi8047313880300482848__eq_cmp [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 122 39 122 84 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 120 8 120 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.Int64 @@ -3497,18 +3785,18 @@ module M_creusot_contracts__logic__ord__qyi8047313880300482848__eq_cmp [#"../../ | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.Int64 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : isize) (o : isize) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : Int64.t) (o : Int64.t) : t_Ordering'0 = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord2] if Int64.slt self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 constant x : Int64.t constant y : Int64.t - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (x : isize) (y : isize) : () + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (x : Int64.t) (y : Int64.t) : () goal vc_eq_cmp'0 : [%#sord0] (x = y) = (cmp_log'0 x y = C_Equal'0) end @@ -3516,14 +3804,14 @@ module M_creusot_contracts__logic__ord__qyi17836724837647357586__cmp_le_log [#". let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 78 39 78 89 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 76 8 76 35 let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 11 20 11 56 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 197 8 202 9 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 275 8 280 9 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 196 4 196 41] (self : bool) (o : bool) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 274 4 274 41] (self : bool) (o : bool) : t_Ordering'0 = [%#sord3] match (self, o) with @@ -3548,14 +3836,14 @@ module M_creusot_contracts__logic__ord__qyi17836724837647357586__cmp_lt_log [#". let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 83 39 83 86 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 81 8 81 35 let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 21 20 21 53 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 197 8 202 9 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 275 8 280 9 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 196 4 196 41] (self : bool) (o : bool) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 274 4 274 41] (self : bool) (o : bool) : t_Ordering'0 = [%#sord3] match (self, o) with @@ -3580,14 +3868,14 @@ module M_creusot_contracts__logic__ord__qyi17836724837647357586__cmp_ge_log [#". let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 88 39 88 86 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 86 8 86 35 let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 31 20 31 53 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 197 8 202 9 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 275 8 280 9 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 196 4 196 41] (self : bool) (o : bool) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 274 4 274 41] (self : bool) (o : bool) : t_Ordering'0 = [%#sord3] match (self, o) with @@ -3612,14 +3900,14 @@ module M_creusot_contracts__logic__ord__qyi17836724837647357586__cmp_gt_log [#". let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 93 39 93 89 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 91 8 91 35 let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 41 20 41 56 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 197 8 202 9 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 275 8 280 9 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 196 4 196 41] (self : bool) (o : bool) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 274 4 274 41] (self : bool) (o : bool) : t_Ordering'0 = [%#sord3] match (self, o) with @@ -3643,14 +3931,14 @@ end module M_creusot_contracts__logic__ord__qyi17836724837647357586__refl [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 98 39 98 70 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 96 8 96 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 197 8 202 9 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 275 8 280 9 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 196 4 196 41] (self : bool) (o : bool) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 274 4 274 41] (self : bool) (o : bool) : t_Ordering'0 = [%#sord2] match (self, o) with @@ -3671,14 +3959,14 @@ module M_creusot_contracts__logic__ord__qyi17836724837647357586__trans [#"../../ let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 104 40 104 57 let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 105 39 105 56 let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 101 8 101 35 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 197 8 202 9 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 275 8 280 9 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 196 4 196 41] (self : bool) (o : bool) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 274 4 274 41] (self : bool) (o : bool) : t_Ordering'0 = [%#sord4] match (self, o) with @@ -3705,14 +3993,14 @@ module M_creusot_contracts__logic__ord__qyi17836724837647357586__antisym1 [#"../ let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 110 40 110 70 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 111 39 111 72 let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 108 8 108 35 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 197 8 202 9 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 275 8 280 9 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 196 4 196 41] (self : bool) (o : bool) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 274 4 274 41] (self : bool) (o : bool) : t_Ordering'0 = [%#sord3] match (self, o) with @@ -3734,14 +4022,14 @@ module M_creusot_contracts__logic__ord__qyi17836724837647357586__antisym2 [#"../ let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 116 40 116 73 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 117 39 117 69 let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 114 8 114 35 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 197 8 202 9 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 275 8 280 9 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 196 4 196 41] (self : bool) (o : bool) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 274 4 274 41] (self : bool) (o : bool) : t_Ordering'0 = [%#sord3] match (self, o) with @@ -3762,14 +4050,14 @@ end module M_creusot_contracts__logic__ord__qyi17836724837647357586__eq_cmp [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 122 39 122 84 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 120 8 120 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 197 8 202 9 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 275 8 280 9 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 196 4 196 41] (self : bool) (o : bool) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 274 4 274 41] (self : bool) (o : bool) : t_Ordering'0 = [%#sord2] match (self, o) with @@ -3790,8 +4078,8 @@ end module M_creusot_contracts__logic__ord__qyi1910662420989811789__cmp_le_log [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (* <(A, B) as logic::ord::OrdLogic> *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 78 39 78 89 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 76 8 76 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 225 20 225 68 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 212 8 219 11 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 303 20 303 68 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 290 8 297 11 let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 15 14 15 64 let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 25 14 25 61 let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 35 14 35 61 @@ -3917,14 +4205,14 @@ module M_creusot_contracts__logic__ord__qyi1910662420989811789__cmp_le_log [#".. axiom cmp_le_log'2_spec : forall x : t_A'0, y : t_A'0 . [%#sord4] le_log'2 x y = (cmp_log'1 x y <> C_Greater'0) - function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 224 4 224 36] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : bool + function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 302 4 302 36] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : bool = [%#sord2] (let (a, _) = self in a) = (let (a, _) = o in a) /\ le_log'1 (let (_, a) = self in a) (let (_, a) = o in a) \/ lt_log'0 (let (a, _) = self in a) (let (a, _) = o in a) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 211 4 211 41] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 289 4 289 41] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : t_Ordering'0 = [%#sord3] let r = cmp_log'1 (let (a, _) = self in a) (let (a, _) = o in a) in if r = C_Equal'0 then @@ -3945,8 +4233,8 @@ end module M_creusot_contracts__logic__ord__qyi1910662420989811789__cmp_lt_log [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (* <(A, B) as logic::ord::OrdLogic> *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 83 39 83 86 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 81 8 81 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 231 20 231 67 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 212 8 219 11 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 309 20 309 67 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 290 8 297 11 let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 15 14 15 64 let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 25 14 25 61 let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 35 14 35 61 @@ -4072,14 +4360,14 @@ module M_creusot_contracts__logic__ord__qyi1910662420989811789__cmp_lt_log [#".. axiom cmp_le_log'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord4] le_log'1 x y = (cmp_log'1 x y <> C_Greater'0) - function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 230 4 230 36] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : bool + function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 308 4 308 36] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : bool = [%#sord2] (let (a, _) = self in a) = (let (a, _) = o in a) /\ lt_log'1 (let (_, a) = self in a) (let (_, a) = o in a) \/ lt_log'2 (let (a, _) = self in a) (let (a, _) = o in a) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 211 4 211 41] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 289 4 289 41] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : t_Ordering'0 = [%#sord3] let r = cmp_log'1 (let (a, _) = self in a) (let (a, _) = o in a) in if r = C_Equal'0 then @@ -4100,8 +4388,8 @@ end module M_creusot_contracts__logic__ord__qyi1910662420989811789__cmp_ge_log [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (* <(A, B) as logic::ord::OrdLogic> *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 88 39 88 86 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 86 8 86 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 237 20 237 68 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 212 8 219 11 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 315 20 315 68 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 290 8 297 11 let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 15 14 15 64 let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 25 14 25 61 let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 35 14 35 61 @@ -4227,14 +4515,14 @@ module M_creusot_contracts__logic__ord__qyi1910662420989811789__cmp_ge_log [#".. axiom cmp_le_log'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord4] le_log'1 x y = (cmp_log'1 x y <> C_Greater'0) - function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 236 4 236 36] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : bool + function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 314 4 314 36] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : bool = [%#sord2] (let (a, _) = self in a) = (let (a, _) = o in a) /\ ge_log'1 (let (_, a) = self in a) (let (_, a) = o in a) \/ gt_log'0 (let (a, _) = self in a) (let (a, _) = o in a) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 211 4 211 41] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 289 4 289 41] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : t_Ordering'0 = [%#sord3] let r = cmp_log'1 (let (a, _) = self in a) (let (a, _) = o in a) in if r = C_Equal'0 then @@ -4255,8 +4543,8 @@ end module M_creusot_contracts__logic__ord__qyi1910662420989811789__cmp_gt_log [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (* <(A, B) as logic::ord::OrdLogic> *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 93 39 93 89 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 91 8 91 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 243 20 243 67 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 212 8 219 11 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 321 20 321 67 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 290 8 297 11 let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 15 14 15 64 let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 25 14 25 61 let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 35 14 35 61 @@ -4382,14 +4670,14 @@ module M_creusot_contracts__logic__ord__qyi1910662420989811789__cmp_gt_log [#".. axiom cmp_le_log'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord4] le_log'1 x y = (cmp_log'1 x y <> C_Greater'0) - function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 242 4 242 36] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : bool + function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 320 4 320 36] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : bool = [%#sord2] (let (a, _) = self in a) = (let (a, _) = o in a) /\ gt_log'1 (let (_, a) = self in a) (let (_, a) = o in a) \/ gt_log'2 (let (a, _) = self in a) (let (a, _) = o in a) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 211 4 211 41] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 289 4 289 41] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : t_Ordering'0 = [%#sord3] let r = cmp_log'1 (let (a, _) = self in a) (let (a, _) = o in a) in if r = C_Equal'0 then @@ -4410,7 +4698,7 @@ end module M_creusot_contracts__logic__ord__qyi1910662420989811789__refl [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (* <(A, B) as logic::ord::OrdLogic> *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 98 39 98 70 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 96 8 96 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 212 8 219 11 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 290 8 297 11 let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 15 14 15 64 let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 25 14 25 61 let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 35 14 35 61 @@ -4536,7 +4824,7 @@ module M_creusot_contracts__logic__ord__qyi1910662420989811789__refl [#"../../.. axiom cmp_le_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord3] le_log'1 x y = (cmp_log'2 x y <> C_Greater'0) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 211 4 211 41] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 289 4 289 41] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : t_Ordering'0 = [%#sord2] let r = cmp_log'1 (let (a, _) = self in a) (let (a, _) = o in a) in if r = C_Equal'0 then @@ -4556,7 +4844,7 @@ module M_creusot_contracts__logic__ord__qyi1910662420989811789__trans [#"../../. let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 104 40 104 57 let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 105 39 105 56 let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 101 8 101 35 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 212 8 219 11 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 290 8 297 11 let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 15 14 15 64 let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 25 14 25 61 let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 35 14 35 61 @@ -4682,7 +4970,7 @@ module M_creusot_contracts__logic__ord__qyi1910662420989811789__trans [#"../../. axiom cmp_le_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord5] le_log'1 x y = (cmp_log'2 x y <> C_Greater'0) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 211 4 211 41] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 289 4 289 41] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : t_Ordering'0 = [%#sord4] let r = cmp_log'1 (let (a, _) = self in a) (let (a, _) = o in a) in if r = C_Equal'0 then @@ -4708,7 +4996,7 @@ module M_creusot_contracts__logic__ord__qyi1910662420989811789__antisym1 [#"../. let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 110 40 110 70 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 111 39 111 72 let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 108 8 108 35 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 212 8 219 11 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 290 8 297 11 let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 15 14 15 64 let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 25 14 25 61 let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 35 14 35 61 @@ -4834,7 +5122,7 @@ module M_creusot_contracts__logic__ord__qyi1910662420989811789__antisym1 [#"../. axiom cmp_le_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord4] le_log'1 x y = (cmp_log'2 x y <> C_Greater'0) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 211 4 211 41] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 289 4 289 41] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : t_Ordering'0 = [%#sord3] let r = cmp_log'1 (let (a, _) = self in a) (let (a, _) = o in a) in if r = C_Equal'0 then @@ -4856,7 +5144,7 @@ module M_creusot_contracts__logic__ord__qyi1910662420989811789__antisym2 [#"../. let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 116 40 116 73 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 117 39 117 69 let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 114 8 114 35 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 212 8 219 11 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 290 8 297 11 let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 15 14 15 64 let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 25 14 25 61 let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 35 14 35 61 @@ -4982,7 +5270,7 @@ module M_creusot_contracts__logic__ord__qyi1910662420989811789__antisym2 [#"../. axiom cmp_le_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord4] le_log'1 x y = (cmp_log'2 x y <> C_Greater'0) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 211 4 211 41] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 289 4 289 41] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : t_Ordering'0 = [%#sord3] let r = cmp_log'1 (let (a, _) = self in a) (let (a, _) = o in a) in if r = C_Equal'0 then @@ -5003,7 +5291,7 @@ end module M_creusot_contracts__logic__ord__qyi1910662420989811789__eq_cmp [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (* <(A, B) as logic::ord::OrdLogic> *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 122 39 122 84 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 120 8 120 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 212 8 219 11 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 290 8 297 11 let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 15 14 15 64 let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 25 14 25 61 let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 35 14 35 61 @@ -5129,7 +5417,7 @@ module M_creusot_contracts__logic__ord__qyi1910662420989811789__eq_cmp [#"../../ axiom cmp_le_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord3] le_log'1 x y = (cmp_log'2 x y <> C_Greater'0) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 211 4 211 41] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 289 4 289 41] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : t_Ordering'0 = [%#sord2] let r = cmp_log'1 (let (a, _) = self in a) (let (a, _) = o in a) in if r = C_Equal'0 then @@ -6052,8 +6340,8 @@ module M_creusot_contracts__stdqy35z1__deque__qyi3159098507555769709__produces_r let%span sdeque0 = "../../../creusot-contracts/src/std/deque.rs" 177 14 177 45 let%span sdeque1 = "../../../creusot-contracts/src/std/deque.rs" 175 4 175 10 let%span sdeque2 = "../../../creusot-contracts/src/std/deque.rs" 171 12 171 66 - let%span sslice3 = "../../../creusot-contracts/src/std/slice.rs" 96 14 96 41 - let%span sslice4 = "../../../creusot-contracts/src/std/slice.rs" 97 14 97 80 + let%span sslice3 = "../../../creusot-contracts/src/std/slice.rs" 114 14 114 41 + let%span sslice4 = "../../../creusot-contracts/src/std/slice.rs" 115 14 115 80 let%span smodel5 = "../../../creusot-contracts/src/model.rs" 88 8 88 22 let%span sops6 = "../../../creusot-contracts/src/logic/ops.rs" 42 8 42 31 let%span sslice7 = "../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 @@ -6078,7 +6366,7 @@ module M_creusot_contracts__stdqy35z1__deque__qyi3159098507555769709__produces_r type t_Iter'0 = { t_Iter__i1'0: t_Iter'1; t_Iter__i2'0: t_Iter'1 } - use prelude.prelude.Slice + use Slice64.create function view'0 [#"../../../creusot-contracts/src/std/deque.rs" 155 4 155 33] (self : t_Iter'0) : slice t_T'0 @@ -6088,21 +6376,21 @@ module M_creusot_contracts__stdqy35z1__deque__qyi3159098507555769709__produces_r use seq.Seq - use prelude.prelude.UInt64.to_uint + use prelude.prelude.Int - constant v_MAX'0 : usize = (18446744073709551615 : usize) + use prelude.prelude.UInt64 - use prelude.prelude.UIntSize + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.Int + use prelude.prelude.UInt64 - use prelude.prelude.Slice + use prelude.prelude.Slice64 function view'2 [#"../../../creusot-contracts/src/std/slice.rs" 30 4 30 33] (self : slice t_T'0) : Seq.seq t_T'0 axiom view'2_spec : forall self : slice t_T'0 . ([%#sslice7] Seq.length (view'2 self) - <= UIntSize.to_int (v_MAX'0 : usize)) - && ([%#sslice8] view'2 self = Slice.id self) + <= UInt64.to_uint (v_MAX'0 : UInt64.t)) + && ([%#sslice8] view'2 self = Slice64.id self) function view'1 [#"../../../creusot-contracts/src/model.rs" 87 4 87 33] (self : slice t_T'0) : Seq.seq t_T'0 = [%#smodel5] view'2 self @@ -6116,7 +6404,8 @@ module M_creusot_contracts__stdqy35z1__deque__qyi3159098507555769709__produces_r = [%#sops6] Seq.get (view'2 self) ix - function to_ref_seq'0 [#"../../../creusot-contracts/src/std/slice.rs" 98 4 98 35] (self : slice t_T'0) : Seq.seq t_T'0 + function to_ref_seq'0 [#"../../../creusot-contracts/src/std/slice.rs" 116 4 116 35] (self : slice t_T'0) : Seq.seq t_T'0 + axiom to_ref_seq'0_spec : forall self : slice t_T'0 . ([%#sslice3] Seq.length (to_ref_seq'0 self) = Seq.length (view'1 self)) @@ -6142,8 +6431,8 @@ module M_creusot_contracts__stdqy35z1__deque__qyi3159098507555769709__produces_t let%span sdeque2 = "../../../creusot-contracts/src/std/deque.rs" 184 14 184 42 let%span sdeque3 = "../../../creusot-contracts/src/std/deque.rs" 180 4 180 10 let%span sdeque4 = "../../../creusot-contracts/src/std/deque.rs" 171 12 171 66 - let%span sslice5 = "../../../creusot-contracts/src/std/slice.rs" 96 14 96 41 - let%span sslice6 = "../../../creusot-contracts/src/std/slice.rs" 97 14 97 80 + let%span sslice5 = "../../../creusot-contracts/src/std/slice.rs" 114 14 114 41 + let%span sslice6 = "../../../creusot-contracts/src/std/slice.rs" 115 14 115 80 let%span smodel7 = "../../../creusot-contracts/src/model.rs" 88 8 88 22 let%span sops8 = "../../../creusot-contracts/src/logic/ops.rs" 42 8 42 31 let%span sslice9 = "../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 @@ -6166,7 +6455,7 @@ module M_creusot_contracts__stdqy35z1__deque__qyi3159098507555769709__produces_t use seq.Seq - use prelude.prelude.Slice + use Slice64.create function view'0 [#"../../../creusot-contracts/src/std/deque.rs" 155 4 155 33] (self : t_Iter'0) : slice t_T'0 @@ -6176,21 +6465,21 @@ module M_creusot_contracts__stdqy35z1__deque__qyi3159098507555769709__produces_t use seq.Seq - use prelude.prelude.UInt64.to_uint + use prelude.prelude.Int - constant v_MAX'0 : usize = (18446744073709551615 : usize) + use prelude.prelude.UInt64 - use prelude.prelude.UIntSize + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.Int + use prelude.prelude.UInt64 - use prelude.prelude.Slice + use prelude.prelude.Slice64 function view'2 [#"../../../creusot-contracts/src/std/slice.rs" 30 4 30 33] (self : slice t_T'0) : Seq.seq t_T'0 axiom view'2_spec : forall self : slice t_T'0 . ([%#sslice9] Seq.length (view'2 self) - <= UIntSize.to_int (v_MAX'0 : usize)) - && ([%#sslice10] view'2 self = Slice.id self) + <= UInt64.to_uint (v_MAX'0 : UInt64.t)) + && ([%#sslice10] view'2 self = Slice64.id self) function view'1 [#"../../../creusot-contracts/src/model.rs" 87 4 87 33] (self : slice t_T'0) : Seq.seq t_T'0 = [%#smodel7] view'2 self @@ -6204,7 +6493,8 @@ module M_creusot_contracts__stdqy35z1__deque__qyi3159098507555769709__produces_t = [%#sops8] Seq.get (view'2 self) ix - function to_ref_seq'0 [#"../../../creusot-contracts/src/std/slice.rs" 98 4 98 35] (self : slice t_T'0) : Seq.seq t_T'0 + function to_ref_seq'0 [#"../../../creusot-contracts/src/std/slice.rs" 116 4 116 35] (self : slice t_T'0) : Seq.seq t_T'0 + axiom to_ref_seq'0_spec : forall self : slice t_T'0 . ([%#sslice5] Seq.length (to_ref_seq'0 self) = Seq.length (view'1 self)) @@ -6276,10 +6566,6 @@ module M_creusot_contracts__stdqy35z1__iter__cloned__qyi10472681371035856984__pr use seq.Seq - use prelude.prelude.Int128.to_int - - use prelude.prelude.Int128 - use prelude.prelude.Int use seq.Seq @@ -6346,7 +6632,7 @@ module M_creusot_contracts__stdqy35z1__iter__cloned__qyi10472681371035856984__pr [%#scloned3] exists s : Seq.seq t_T'0 . inv'1 s /\ produces'1 (iter'0 self) s (iter'0 o) /\ Seq.length visited = Seq.length s - /\ (forall i : int . Int128.to_int (0 : Int128.t) <= i /\ i < Seq.length s -> Seq.get visited i = Seq.get s i) + /\ (forall i : int . 0 <= i /\ i < Seq.length s -> Seq.get visited i = Seq.get s i) constant self : t_Cloned'0 @@ -6399,10 +6685,6 @@ module M_creusot_contracts__stdqy35z1__iter__cloned__qyi10472681371035856984__pr use seq.Seq - use prelude.prelude.Int128.to_int - - use prelude.prelude.Int128 - use prelude.prelude.Int use seq.Seq @@ -6469,7 +6751,7 @@ module M_creusot_contracts__stdqy35z1__iter__cloned__qyi10472681371035856984__pr [%#scloned7] exists s : Seq.seq t_T'0 . inv'1 s /\ produces'1 (iter'0 self) s (iter'0 o) /\ Seq.length visited = Seq.length s - /\ (forall i : int . Int128.to_int (0 : Int128.t) <= i /\ i < Seq.length s -> Seq.get visited i = Seq.get s i) + /\ (forall i : int . 0 <= i /\ i < Seq.length s -> Seq.get visited i = Seq.get s i) use seq.Seq @@ -6533,10 +6815,6 @@ module M_creusot_contracts__stdqy35z1__iter__copied__qyi18224474876607687026__pr use seq.Seq - use prelude.prelude.Int128.to_int - - use prelude.prelude.Int128 - use prelude.prelude.Int use seq.Seq @@ -6603,7 +6881,7 @@ module M_creusot_contracts__stdqy35z1__iter__copied__qyi18224474876607687026__pr [%#scopied3] exists s : Seq.seq t_T'0 . inv'1 s /\ produces'1 (iter'0 self) s (iter'0 o) /\ Seq.length visited = Seq.length s - /\ (forall i : int . Int128.to_int (0 : Int128.t) <= i /\ i < Seq.length s -> Seq.get visited i = Seq.get s i) + /\ (forall i : int . 0 <= i /\ i < Seq.length s -> Seq.get visited i = Seq.get s i) constant self : t_Copied'0 @@ -6656,10 +6934,6 @@ module M_creusot_contracts__stdqy35z1__iter__copied__qyi18224474876607687026__pr use seq.Seq - use prelude.prelude.Int128.to_int - - use prelude.prelude.Int128 - use prelude.prelude.Int use seq.Seq @@ -6726,7 +7000,7 @@ module M_creusot_contracts__stdqy35z1__iter__copied__qyi18224474876607687026__pr [%#scopied7] exists s : Seq.seq t_T'0 . inv'1 s /\ produces'1 (iter'0 self) s (iter'0 o) /\ Seq.length visited = Seq.length s - /\ (forall i : int . Int128.to_int (0 : Int128.t) <= i /\ i < Seq.length s -> Seq.get visited i = Seq.get s i) + /\ (forall i : int . 0 <= i /\ i < Seq.length s -> Seq.get visited i = Seq.get s i) use seq.Seq @@ -6846,17 +7120,17 @@ module M_creusot_contracts__stdqy35z1__iter__enumerate__qyi2718914205750388896__ type t_I'0 - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 type t_Enumerate'0 = - { t_Enumerate__iter'0: t_I'0; t_Enumerate__count'0: usize } + { t_Enumerate__iter'0: t_I'0; t_Enumerate__count'0: UInt64.t } type t_Item'0 use seq.Seq - use prelude.prelude.Int - use seq.Seq use seq.Seq @@ -6904,7 +7178,7 @@ module M_creusot_contracts__stdqy35z1__iter__enumerate__qyi2718914205750388896__ constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 use prelude.prelude.Borrow @@ -6918,7 +7192,7 @@ module M_creusot_contracts__stdqy35z1__iter__enumerate__qyi2718914205750388896__ predicate invariant'0 [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 43 4 43 30] (self : t_Enumerate'0) = [%#senumerate5] (forall s : Seq.seq t_Item'0, i : t_I'0 [produces'1 (iter'0 self) s i] . inv'1 s - /\ inv'2 i /\ produces'1 (iter'0 self) s i -> n'0 self + Seq.length s < UIntSize.to_int v_MAX'0) + /\ inv'2 i /\ produces'1 (iter'0 self) s i -> n'0 self + Seq.length s < UInt64.to_uint v_MAX'0) /\ (forall i : borrowed t_I'0 . completed'0 i -> produces'1 i.current (Seq.empty : Seq.seq t_Item'0) i.final) axiom inv_axiom'0 [@rewrite] : forall x : t_Enumerate'0 [inv'0 x] . inv'0 x @@ -6937,15 +7211,15 @@ module M_creusot_contracts__stdqy35z1__iter__enumerate__qyi2718914205750388896__ use seq.Seq - predicate produces'0 [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 72 4 72 64] (self : t_Enumerate'0) (visited : Seq.seq (usize, t_Item'0)) (o : t_Enumerate'0) + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 72 4 72 64] (self : t_Enumerate'0) (visited : Seq.seq (UInt64.t, t_Item'0)) (o : t_Enumerate'0) = [%#senumerate3] Seq.length visited = n'0 o - n'0 self /\ (exists s : Seq.seq t_Item'0 . inv'1 s /\ produces'1 (iter'0 self) s (iter'0 o) /\ Seq.length visited = Seq.length s - /\ (forall i : int . Int128.to_int (0 : Int128.t) <= i /\ i < Seq.length s - -> UInt64.to_int (let (a, _) = Seq.get visited i in a) = n'0 self + i + /\ (forall i : int . 0 <= i /\ i < Seq.length s + -> UInt64.to_uint (let (a, _) = Seq.get visited i in a) = n'0 self + i /\ (let (_, a) = Seq.get visited i in a) = Seq.get s i)) constant self : t_Enumerate'0 @@ -6954,7 +7228,7 @@ module M_creusot_contracts__stdqy35z1__iter__enumerate__qyi2718914205750388896__ goal vc_produces_refl'0 : ([%#senumerate0] inv'0 self) - -> ([%#senumerate1] produces'0 self (Seq.empty : Seq.seq (usize, t_Item'0)) self) + -> ([%#senumerate1] produces'0 self (Seq.empty : Seq.seq (UInt64.t, t_Item'0)) self) end module M_creusot_contracts__stdqy35z1__iter__enumerate__qyi2718914205750388896__produces_trans [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 96 4 96 90] (* as std::iter::Iterator> *) let%span senumerate0 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 90 15 90 21 @@ -6980,21 +7254,17 @@ module M_creusot_contracts__stdqy35z1__iter__enumerate__qyi2718914205750388896__ type t_I'0 - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 type t_Enumerate'0 = - { t_Enumerate__iter'0: t_I'0; t_Enumerate__count'0: usize } + { t_Enumerate__iter'0: t_I'0; t_Enumerate__count'0: UInt64.t } type t_Item'0 use seq.Seq - use prelude.prelude.Int128.to_int - - use prelude.prelude.Int128 - - use prelude.prelude.Int - use seq.Seq use seq.Seq @@ -7042,7 +7312,7 @@ module M_creusot_contracts__stdqy35z1__iter__enumerate__qyi2718914205750388896__ constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 use prelude.prelude.Borrow @@ -7056,7 +7326,7 @@ module M_creusot_contracts__stdqy35z1__iter__enumerate__qyi2718914205750388896__ predicate invariant'0 [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 43 4 43 30] (self : t_Enumerate'0) = [%#senumerate9] (forall s : Seq.seq t_Item'0, i : t_I'0 [produces'1 (iter'0 self) s i] . inv'1 s - /\ inv'2 i /\ produces'1 (iter'0 self) s i -> n'0 self + Seq.length s < UIntSize.to_int v_MAX'0) + /\ inv'2 i /\ produces'1 (iter'0 self) s i -> n'0 self + Seq.length s < UInt64.to_uint v_MAX'0) /\ (forall i : borrowed t_I'0 . completed'0 i -> produces'1 i.current (Seq.empty : Seq.seq t_Item'0) i.final) axiom inv_axiom'0 [@rewrite] : forall x : t_Enumerate'0 [inv'0 x] . inv'0 x @@ -7073,15 +7343,15 @@ module M_creusot_contracts__stdqy35z1__iter__enumerate__qyi2718914205750388896__ use seq.Seq - predicate produces'0 [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 72 4 72 64] (self : t_Enumerate'0) (visited : Seq.seq (usize, t_Item'0)) (o : t_Enumerate'0) + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 72 4 72 64] (self : t_Enumerate'0) (visited : Seq.seq (UInt64.t, t_Item'0)) (o : t_Enumerate'0) = [%#senumerate7] Seq.length visited = n'0 o - n'0 self /\ (exists s : Seq.seq t_Item'0 . inv'1 s /\ produces'1 (iter'0 self) s (iter'0 o) /\ Seq.length visited = Seq.length s - /\ (forall i : int . Int128.to_int (0 : Int128.t) <= i /\ i < Seq.length s - -> UInt64.to_int (let (a, _) = Seq.get visited i in a) = n'0 self + i + /\ (forall i : int . 0 <= i /\ i < Seq.length s + -> UInt64.to_uint (let (a, _) = Seq.get visited i in a) = n'0 self + i /\ (let (_, a) = Seq.get visited i in a) = Seq.get s i)) use seq.Seq @@ -7096,7 +7366,7 @@ module M_creusot_contracts__stdqy35z1__iter__enumerate__qyi2718914205750388896__ constant c : t_Enumerate'0 - function produces_trans'0 [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 96 4 96 90] (a : t_Enumerate'0) (ab : Seq.seq (usize, t_Item'0)) (b : t_Enumerate'0) (bc : Seq.seq (usize, t_Item'0)) (c : t_Enumerate'0) : () + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 96 4 96 90] (a : t_Enumerate'0) (ab : Seq.seq (UInt64.t, t_Item'0)) (b : t_Enumerate'0) (bc : Seq.seq (UInt64.t, t_Item'0)) (c : t_Enumerate'0) : () goal vc_produces_trans'0 : ([%#senumerate4] produces'0 b bc c) @@ -7682,10 +7952,6 @@ module M_creusot_contracts__stdqy35z1__iter__fuse__qyi7691061398646472980__is_fu use seq.Seq - use prelude.prelude.Int128.to_int - - use prelude.prelude.Int128 - use prelude.prelude.Int use seq.Seq @@ -7980,15 +8246,13 @@ module M_creusot_contracts__stdqy35z1__iter__map__qyi6597778842032428791__produc /\ (exists s : Seq.seq t_Item'0 [produces'1 (iter'0 self) s (iter'0 succ)] . inv'2 s /\ Seq.length s = Seq.length visited /\ produces'1 (iter'0 self) s (iter'0 succ) - /\ (forall i : int . Int128.to_int (1 : Int128.t) <= i /\ i < Seq.length fs - -> (Seq.get fs (i - Int128.to_int (1 : Int128.t))).final = (Seq.get fs i).current) - /\ (if Seq.length visited = Int128.to_int (0 : Int128.t) then + /\ (forall i : int . 1 <= i /\ i < Seq.length fs -> (Seq.get fs (i - 1)).final = (Seq.get fs i).current) + /\ (if Seq.length visited = 0 then func'0 self = func'0 succ else - (Seq.get fs (Int128.to_int (0 : Int128.t))).current = func'0 self - /\ (Seq.get fs (Seq.length visited - Int128.to_int (1 : Int128.t))).final = func'0 succ + (Seq.get fs 0).current = func'0 self /\ (Seq.get fs (Seq.length visited - 1)).final = func'0 succ ) - /\ (forall i : int . Int128.to_int (0 : Int128.t) <= i /\ i < Seq.length visited + /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> unnest'0 (func'0 self) (Seq.get fs i).current /\ precondition'0 (Seq.get fs i).current (Seq.get s i) /\ postcondition_mut'0 (Seq.get fs i).current (Seq.get s i) (Seq.get fs i).final (Seq.get visited i)))) @@ -8093,10 +8357,6 @@ module M_creusot_contracts__stdqy35z1__iter__map__qyi6597778842032428791__produc use seq.Seq - use prelude.prelude.Int128.to_int - - use prelude.prelude.Int128 - use prelude.prelude.Int use seq.Seq @@ -9995,10 +10255,6 @@ module M_creusot_contracts__stdqy35z1__iter__range__qyi16860283617022118777__pro use seq.Seq - use prelude.prelude.Int128.to_int - - use prelude.prelude.Int128 - use seq.Seq use prelude.prelude.Int @@ -10121,11 +10377,9 @@ module M_creusot_contracts__stdqy35z1__iter__range__range_inclusive_len [#"../.. goal vc_range_inclusive_len'0 : ([%#sops1] not is_empty_log'0 r -> deep_model'0 (start_log'0 r) <= deep_model'0 (end_log'0 r)) -> (if is_empty_log'0 r then - [%#srange0] is_empty_log'0 r = (Int128.to_int (0 : Int128.t) = Int128.to_int (0 : Int128.t)) + [%#srange0] is_empty_log'0 r = (0 = 0) else - [%#srange0] is_empty_log'0 r - = (deep_model'0 (end_log'0 r) - deep_model'0 (start_log'0 r) + Int128.to_int (1 : Int128.t) - = Int128.to_int (0 : Int128.t)) + [%#srange0] is_empty_log'0 r = (deep_model'0 (end_log'0 r) - deep_model'0 (start_log'0 r) + 1 = 0) ) end module M_creusot_contracts__stdqy35z1__iter__range__qyi11108913944999844411__produces_refl [#"../../../creusot-contracts/src/std/iter/range.rs" 82 4 82 26] (* as std::iter::Iterator> *) @@ -10176,7 +10430,7 @@ module M_creusot_contracts__stdqy35z1__iter__range__qyi11108913944999844411__pro [%#srange2] Seq.length visited = range_inclusive_len'0 self - range_inclusive_len'0 o /\ (is_empty_log'0 self -> is_empty_log'0 o) /\ (is_empty_log'0 o \/ end_log'0 self = end_log'0 o) - /\ (forall i : int . Int128.to_int (0 : Int128.t) <= i /\ i < Seq.length visited + /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> deep_model'0 (Seq.get visited i) = deep_model'0 (start_log'0 self) + i) constant self : t_RangeInclusive'0 @@ -10234,7 +10488,7 @@ module M_creusot_contracts__stdqy35z1__iter__range__qyi11108913944999844411__pro [%#srange4] Seq.length visited = range_inclusive_len'0 self - range_inclusive_len'0 o /\ (is_empty_log'0 self -> is_empty_log'0 o) /\ (is_empty_log'0 o \/ end_log'0 self = end_log'0 o) - /\ (forall i : int . Int128.to_int (0 : Int128.t) <= i /\ i < Seq.length visited + /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> deep_model'0 (Seq.get visited i) = deep_model'0 (start_log'0 self) + i) use seq.Seq @@ -10279,11 +10533,7 @@ module M_creusot_contracts__stdqy35z1__iter__repeat__qyi8658929399712466629__pro use seq.Seq - use prelude.prelude.Int128.to_int - - use prelude.prelude.Int128 - - use prelude.prelude.Int + use prelude.prelude.Int use seq.Seq @@ -10382,10 +10632,12 @@ module M_creusot_contracts__stdqy35z1__iter__skip__qyi3195031491774060502__produ type t_I'0 - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 type t_Skip'0 = - { t_Skip__iter'0: t_I'0; t_Skip__n'0: usize } + { t_Skip__iter'0: t_I'0; t_Skip__n'0: UInt64.t } predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) @@ -10402,15 +10654,13 @@ module M_creusot_contracts__stdqy35z1__iter__skip__qyi3195031491774060502__produ use seq.Seq - use prelude.prelude.Int - - constant v_MAX'0 : usize = (18446744073709551615 : usize) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 function n'0 [#"../../../creusot-contracts/src/std/iter/skip.rs" 22 4 22 21] (self : t_Skip'0) : int - axiom n'0_spec : forall self : t_Skip'0 . [%#sskip4] n'0 self >= 0 /\ n'0 self <= UIntSize.to_int (v_MAX'0 : usize) + axiom n'0_spec : forall self : t_Skip'0 . [%#sskip4] n'0 self >= 0 /\ n'0 self <= UInt64.to_uint (v_MAX'0 : UInt64.t) use seq.Seq @@ -10470,7 +10720,7 @@ module M_creusot_contracts__stdqy35z1__iter__skip__qyi3195031491774060502__produ /\ (exists s : Seq.seq t_Item'0 . inv'1 s /\ Seq.length s = n'0 self /\ produces'1 (iter'0 self) (Seq.(++) s visited) (iter'0 o) - /\ (forall i : int . Int128.to_int (0 : Int128.t) <= i /\ i < Seq.length s -> resolve'0 (Seq.get s i))) + /\ (forall i : int . 0 <= i /\ i < Seq.length s -> resolve'0 (Seq.get s i))) constant self : t_Skip'0 @@ -10503,10 +10753,12 @@ module M_creusot_contracts__stdqy35z1__iter__skip__qyi3195031491774060502__produ type t_I'0 - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 type t_Skip'0 = - { t_Skip__iter'0: t_I'0; t_Skip__n'0: usize } + { t_Skip__iter'0: t_I'0; t_Skip__n'0: UInt64.t } predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) @@ -10523,15 +10775,13 @@ module M_creusot_contracts__stdqy35z1__iter__skip__qyi3195031491774060502__produ use seq.Seq - use prelude.prelude.Int - - constant v_MAX'0 : usize = (18446744073709551615 : usize) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 function n'0 [#"../../../creusot-contracts/src/std/iter/skip.rs" 22 4 22 21] (self : t_Skip'0) : int - axiom n'0_spec : forall self : t_Skip'0 . [%#sskip8] n'0 self >= 0 /\ n'0 self <= UIntSize.to_int (v_MAX'0 : usize) + axiom n'0_spec : forall self : t_Skip'0 . [%#sskip8] n'0 self >= 0 /\ n'0 self <= UInt64.to_uint (v_MAX'0 : UInt64.t) use seq.Seq @@ -10629,10 +10879,12 @@ module M_creusot_contracts__stdqy35z1__iter__take__qyi12344256497067751022__prod type t_I'0 - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 type t_Take'0 = - { t_Take__iter'0: t_I'0; t_Take__n'0: usize } + { t_Take__iter'0: t_I'0; t_Take__n'0: UInt64.t } predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) @@ -10649,15 +10901,13 @@ module M_creusot_contracts__stdqy35z1__iter__take__qyi12344256497067751022__prod use seq.Seq - use prelude.prelude.Int - - constant v_MAX'0 : usize = (18446744073709551615 : usize) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 function n'0 [#"../../../creusot-contracts/src/std/iter/take.rs" 32 4 32 21] (self : t_Take'0) : int - axiom n'0_spec : forall self : t_Take'0 . [%#stake4] n'0 self >= 0 /\ n'0 self <= UIntSize.to_int (v_MAX'0 : usize) + axiom n'0_spec : forall self : t_Take'0 . [%#stake4] n'0 self >= 0 /\ n'0 self <= UInt64.to_uint (v_MAX'0 : UInt64.t) use seq.Seq @@ -10718,10 +10968,12 @@ module M_creusot_contracts__stdqy35z1__iter__take__qyi12344256497067751022__prod type t_I'0 - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 type t_Take'0 = - { t_Take__iter'0: t_I'0; t_Take__n'0: usize } + { t_Take__iter'0: t_I'0; t_Take__n'0: UInt64.t } predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) @@ -10736,15 +10988,13 @@ module M_creusot_contracts__stdqy35z1__iter__take__qyi12344256497067751022__prod use seq.Seq - use prelude.prelude.Int - - constant v_MAX'0 : usize = (18446744073709551615 : usize) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 function n'0 [#"../../../creusot-contracts/src/std/iter/take.rs" 32 4 32 21] (self : t_Take'0) : int - axiom n'0_spec : forall self : t_Take'0 . [%#stake8] n'0 self >= 0 /\ n'0 self <= UIntSize.to_int (v_MAX'0 : usize) + axiom n'0_spec : forall self : t_Take'0 . [%#stake8] n'0 self >= 0 /\ n'0 self <= UInt64.to_uint (v_MAX'0 : UInt64.t) use seq.Seq @@ -10818,10 +11068,12 @@ module M_creusot_contracts__stdqy35z1__iter__zip__qyi2281060687216883844__produc type t_B'0 - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 type t_Zip'0 = - { t_Zip__a'0: t_A'0; t_Zip__b'0: t_B'0; t_Zip__index'0: usize; t_Zip__len'0: usize; t_Zip__a_len'0: usize } + { t_Zip__a'0: t_A'0; t_Zip__b'0: t_B'0; t_Zip__index'0: UInt64.t; t_Zip__len'0: UInt64.t; t_Zip__a_len'0: UInt64.t } predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_A'0) @@ -10847,8 +11099,6 @@ module M_creusot_contracts__stdqy35z1__iter__zip__qyi2281060687216883844__produc use seq.Seq - use prelude.prelude.Int - use seq.Seq use seq.Seq @@ -10990,10 +11240,12 @@ module M_creusot_contracts__stdqy35z1__iter__zip__qyi2281060687216883844__produc type t_B'0 - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 type t_Zip'0 = - { t_Zip__a'0: t_A'0; t_Zip__b'0: t_B'0; t_Zip__index'0: usize; t_Zip__len'0: usize; t_Zip__a_len'0: usize } + { t_Zip__a'0: t_A'0; t_Zip__b'0: t_B'0; t_Zip__index'0: UInt64.t; t_Zip__len'0: UInt64.t; t_Zip__a_len'0: UInt64.t } predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_A'0) @@ -11017,8 +11269,6 @@ module M_creusot_contracts__stdqy35z1__iter__zip__qyi2281060687216883844__produc use seq.Seq - use prelude.prelude.Int - use seq.Seq use seq.Seq @@ -11124,8 +11374,7 @@ module M_creusot_contracts__stdqy35z1__iter__zip__qyi2281060687216883844__produc /\ inv'2 p2 /\ Seq.length p1 = Seq.length p2 /\ Seq.length p2 = Seq.length visited - /\ (forall i : int . Int128.to_int (0 : Int128.t) <= i /\ i < Seq.length visited - -> Seq.get visited i = (Seq.get p1 i, Seq.get p2 i)) + /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> Seq.get visited i = (Seq.get p1 i, Seq.get p2 i)) /\ produces'1 (itera'0 self) p1 (itera'0 o) /\ produces'2 (iterb'0 self) p2 (iterb'0 o) use seq.Seq @@ -13774,12 +14023,12 @@ module M_creusot_contracts__stdqy35z1__option__qyi6601631924869095363__produces_ goal vc_produces_trans'0 : ([%#soption1] produces'0 b bc c) -> ([%#soption0] produces'0 a ab b) -> ([%#soption2] produces'0 a (Seq.(++) ab bc) c) end -module M_creusot_contracts__stdqy35z1__slice__qyi8256668011736225471__produces_refl [#"../../../creusot-contracts/src/std/slice.rs" 412 4 412 26] (* as std::iter::Iterator> *) - let%span sslice0 = "../../../creusot-contracts/src/std/slice.rs" 411 14 411 45 - let%span sslice1 = "../../../creusot-contracts/src/std/slice.rs" 409 4 409 10 - let%span sslice2 = "../../../creusot-contracts/src/std/slice.rs" 405 12 405 66 - let%span sslice3 = "../../../creusot-contracts/src/std/slice.rs" 96 14 96 41 - let%span sslice4 = "../../../creusot-contracts/src/std/slice.rs" 97 14 97 80 +module M_creusot_contracts__stdqy35z1__slice__qyi8256668011736225471__produces_refl [#"../../../creusot-contracts/src/std/slice.rs" 430 4 430 26] (* as std::iter::Iterator> *) + let%span sslice0 = "../../../creusot-contracts/src/std/slice.rs" 429 14 429 45 + let%span sslice1 = "../../../creusot-contracts/src/std/slice.rs" 427 4 427 10 + let%span sslice2 = "../../../creusot-contracts/src/std/slice.rs" 423 12 423 66 + let%span sslice3 = "../../../creusot-contracts/src/std/slice.rs" 114 14 114 41 + let%span sslice4 = "../../../creusot-contracts/src/std/slice.rs" 115 14 115 80 let%span smodel5 = "../../../creusot-contracts/src/model.rs" 88 8 88 22 let%span sops6 = "../../../creusot-contracts/src/logic/ops.rs" 42 8 42 31 let%span sslice7 = "../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 @@ -13801,9 +14050,9 @@ module M_creusot_contracts__stdqy35z1__slice__qyi8256668011736225471__produces_r type t_Iter'0 = { t_Iter__ptr'0: t_NonNull'0; t_Iter__end_or_len'0: opaque_ptr; t_Iter__qy95zmarker'0: () } - use prelude.prelude.Slice + use Slice64.create - function view'0 [#"../../../creusot-contracts/src/std/slice.rs" 389 4 389 33] (self : t_Iter'0) : slice t_T'0 + function view'0 [#"../../../creusot-contracts/src/std/slice.rs" 407 4 407 33] (self : t_Iter'0) : slice t_T'0 use seq.Seq @@ -13811,21 +14060,21 @@ module M_creusot_contracts__stdqy35z1__slice__qyi8256668011736225471__produces_r use seq.Seq - use prelude.prelude.UIntSize + use prelude.prelude.Int - constant v_MAX'0 : usize = (18446744073709551615 : usize) + use prelude.prelude.UInt64 - use prelude.prelude.UIntSize + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.Int + use prelude.prelude.UInt64 - use prelude.prelude.Slice + use prelude.prelude.Slice64 function view'2 [#"../../../creusot-contracts/src/std/slice.rs" 30 4 30 33] (self : slice t_T'0) : Seq.seq t_T'0 axiom view'2_spec : forall self : slice t_T'0 . ([%#sslice7] Seq.length (view'2 self) - <= UIntSize.to_int (v_MAX'0 : usize)) - && ([%#sslice8] view'2 self = Slice.id self) + <= UInt64.to_uint (v_MAX'0 : UInt64.t)) + && ([%#sslice8] view'2 self = Slice64.id self) function view'1 [#"../../../creusot-contracts/src/model.rs" 87 4 87 33] (self : slice t_T'0) : Seq.seq t_T'0 = [%#smodel5] view'2 self @@ -13839,7 +14088,8 @@ module M_creusot_contracts__stdqy35z1__slice__qyi8256668011736225471__produces_r = [%#sops6] Seq.get (view'2 self) ix - function to_ref_seq'0 [#"../../../creusot-contracts/src/std/slice.rs" 98 4 98 35] (self : slice t_T'0) : Seq.seq t_T'0 + function to_ref_seq'0 [#"../../../creusot-contracts/src/std/slice.rs" 116 4 116 35] (self : slice t_T'0) : Seq.seq t_T'0 + axiom to_ref_seq'0_spec : forall self : slice t_T'0 . ([%#sslice3] Seq.length (to_ref_seq'0 self) = Seq.length (view'1 self)) @@ -13848,25 +14098,25 @@ module M_creusot_contracts__stdqy35z1__slice__qyi8256668011736225471__produces_r use seq.Seq - predicate produces'0 [#"../../../creusot-contracts/src/std/slice.rs" 403 4 403 65] (self : t_Iter'0) (visited : Seq.seq t_T'0) (tl : t_Iter'0) + predicate produces'0 [#"../../../creusot-contracts/src/std/slice.rs" 421 4 421 65] (self : t_Iter'0) (visited : Seq.seq t_T'0) (tl : t_Iter'0) = [%#sslice2] to_ref_seq'0 (view'0 self) = Seq.(++) visited (to_ref_seq'0 (view'0 tl)) constant self : t_Iter'0 - function produces_refl'0 [#"../../../creusot-contracts/src/std/slice.rs" 412 4 412 26] (self : t_Iter'0) : () + function produces_refl'0 [#"../../../creusot-contracts/src/std/slice.rs" 430 4 430 26] (self : t_Iter'0) : () goal vc_produces_refl'0 : [%#sslice0] produces'0 self (Seq.empty : Seq.seq t_T'0) self end -module M_creusot_contracts__stdqy35z1__slice__qyi8256668011736225471__produces_trans [#"../../../creusot-contracts/src/std/slice.rs" 419 4 419 90] (* as std::iter::Iterator> *) - let%span sslice0 = "../../../creusot-contracts/src/std/slice.rs" 416 15 416 32 - let%span sslice1 = "../../../creusot-contracts/src/std/slice.rs" 417 15 417 32 - let%span sslice2 = "../../../creusot-contracts/src/std/slice.rs" 418 14 418 42 - let%span sslice3 = "../../../creusot-contracts/src/std/slice.rs" 414 4 414 10 - let%span sslice4 = "../../../creusot-contracts/src/std/slice.rs" 405 12 405 66 - let%span sslice5 = "../../../creusot-contracts/src/std/slice.rs" 96 14 96 41 - let%span sslice6 = "../../../creusot-contracts/src/std/slice.rs" 97 14 97 80 +module M_creusot_contracts__stdqy35z1__slice__qyi8256668011736225471__produces_trans [#"../../../creusot-contracts/src/std/slice.rs" 437 4 437 90] (* as std::iter::Iterator> *) + let%span sslice0 = "../../../creusot-contracts/src/std/slice.rs" 434 15 434 32 + let%span sslice1 = "../../../creusot-contracts/src/std/slice.rs" 435 15 435 32 + let%span sslice2 = "../../../creusot-contracts/src/std/slice.rs" 436 14 436 42 + let%span sslice3 = "../../../creusot-contracts/src/std/slice.rs" 432 4 432 10 + let%span sslice4 = "../../../creusot-contracts/src/std/slice.rs" 423 12 423 66 + let%span sslice5 = "../../../creusot-contracts/src/std/slice.rs" 114 14 114 41 + let%span sslice6 = "../../../creusot-contracts/src/std/slice.rs" 115 14 115 80 let%span smodel7 = "../../../creusot-contracts/src/model.rs" 88 8 88 22 let%span sops8 = "../../../creusot-contracts/src/logic/ops.rs" 42 8 42 31 let%span sslice9 = "../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 @@ -13886,9 +14136,9 @@ module M_creusot_contracts__stdqy35z1__slice__qyi8256668011736225471__produces_t use seq.Seq - use prelude.prelude.Slice + use Slice64.create - function view'0 [#"../../../creusot-contracts/src/std/slice.rs" 389 4 389 33] (self : t_Iter'0) : slice t_T'0 + function view'0 [#"../../../creusot-contracts/src/std/slice.rs" 407 4 407 33] (self : t_Iter'0) : slice t_T'0 use seq.Seq @@ -13896,21 +14146,21 @@ module M_creusot_contracts__stdqy35z1__slice__qyi8256668011736225471__produces_t use seq.Seq - use prelude.prelude.UIntSize + use prelude.prelude.Int - constant v_MAX'0 : usize = (18446744073709551615 : usize) + use prelude.prelude.UInt64 - use prelude.prelude.UIntSize + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.Int + use prelude.prelude.UInt64 - use prelude.prelude.Slice + use prelude.prelude.Slice64 function view'2 [#"../../../creusot-contracts/src/std/slice.rs" 30 4 30 33] (self : slice t_T'0) : Seq.seq t_T'0 axiom view'2_spec : forall self : slice t_T'0 . ([%#sslice9] Seq.length (view'2 self) - <= UIntSize.to_int (v_MAX'0 : usize)) - && ([%#sslice10] view'2 self = Slice.id self) + <= UInt64.to_uint (v_MAX'0 : UInt64.t)) + && ([%#sslice10] view'2 self = Slice64.id self) function view'1 [#"../../../creusot-contracts/src/model.rs" 87 4 87 33] (self : slice t_T'0) : Seq.seq t_T'0 = [%#smodel7] view'2 self @@ -13924,7 +14174,8 @@ module M_creusot_contracts__stdqy35z1__slice__qyi8256668011736225471__produces_t = [%#sops8] Seq.get (view'2 self) ix - function to_ref_seq'0 [#"../../../creusot-contracts/src/std/slice.rs" 98 4 98 35] (self : slice t_T'0) : Seq.seq t_T'0 + function to_ref_seq'0 [#"../../../creusot-contracts/src/std/slice.rs" 116 4 116 35] (self : slice t_T'0) : Seq.seq t_T'0 + axiom to_ref_seq'0_spec : forall self : slice t_T'0 . ([%#sslice5] Seq.length (to_ref_seq'0 self) = Seq.length (view'1 self)) @@ -13933,7 +14184,7 @@ module M_creusot_contracts__stdqy35z1__slice__qyi8256668011736225471__produces_t use seq.Seq - predicate produces'0 [#"../../../creusot-contracts/src/std/slice.rs" 403 4 403 65] (self : t_Iter'0) (visited : Seq.seq t_T'0) (tl : t_Iter'0) + predicate produces'0 [#"../../../creusot-contracts/src/std/slice.rs" 421 4 421 65] (self : t_Iter'0) (visited : Seq.seq t_T'0) (tl : t_Iter'0) = [%#sslice4] to_ref_seq'0 (view'0 self) = Seq.(++) visited (to_ref_seq'0 (view'0 tl)) @@ -13948,20 +14199,20 @@ module M_creusot_contracts__stdqy35z1__slice__qyi8256668011736225471__produces_t constant c : t_Iter'0 - function produces_trans'0 [#"../../../creusot-contracts/src/std/slice.rs" 419 4 419 90] (a : t_Iter'0) (ab : Seq.seq t_T'0) (b : t_Iter'0) (bc : Seq.seq t_T'0) (c : t_Iter'0) : () + function produces_trans'0 [#"../../../creusot-contracts/src/std/slice.rs" 437 4 437 90] (a : t_Iter'0) (ab : Seq.seq t_T'0) (b : t_Iter'0) (bc : Seq.seq t_T'0) (c : t_Iter'0) : () goal vc_produces_trans'0 : ([%#sslice1] produces'0 b bc c) -> ([%#sslice0] produces'0 a ab b) -> ([%#sslice2] produces'0 a (Seq.(++) ab bc) c) end -module M_creusot_contracts__stdqy35z1__slice__qyi7128337469104663169__produces_refl [#"../../../creusot-contracts/src/std/slice.rs" 467 4 467 26] (* as std::iter::Iterator> *) - let%span sslice0 = "../../../creusot-contracts/src/std/slice.rs" 465 15 465 24 - let%span sslice1 = "../../../creusot-contracts/src/std/slice.rs" 466 14 466 45 - let%span sslice2 = "../../../creusot-contracts/src/std/slice.rs" 463 4 463 10 - let%span sslice3 = "../../../creusot-contracts/src/std/slice.rs" 459 12 459 66 - let%span sslice4 = "../../../creusot-contracts/src/std/slice.rs" 427 14 427 50 - let%span sslice5 = "../../../creusot-contracts/src/std/slice.rs" 87 14 87 41 - let%span sslice6 = "../../../creusot-contracts/src/std/slice.rs" 88 14 88 84 +module M_creusot_contracts__stdqy35z1__slice__qyi7128337469104663169__produces_refl [#"../../../creusot-contracts/src/std/slice.rs" 485 4 485 26] (* as std::iter::Iterator> *) + let%span sslice0 = "../../../creusot-contracts/src/std/slice.rs" 483 15 483 24 + let%span sslice1 = "../../../creusot-contracts/src/std/slice.rs" 484 14 484 45 + let%span sslice2 = "../../../creusot-contracts/src/std/slice.rs" 481 4 481 10 + let%span sslice3 = "../../../creusot-contracts/src/std/slice.rs" 477 12 477 66 + let%span sslice4 = "../../../creusot-contracts/src/std/slice.rs" 445 14 445 50 + let%span sslice5 = "../../../creusot-contracts/src/std/slice.rs" 105 14 105 41 + let%span sslice6 = "../../../creusot-contracts/src/std/slice.rs" 106 14 106 84 let%span sslice7 = "../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 let%span sslice8 = "../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 let%span smodel9 = "../../../creusot-contracts/src/model.rs" 106 8 106 22 @@ -13989,27 +14240,27 @@ module M_creusot_contracts__stdqy35z1__slice__qyi7128337469104663169__produces_r use seq.Seq - use prelude.prelude.UIntSize + use prelude.prelude.Int - constant v_MAX'0 : usize = (18446744073709551615 : usize) + use prelude.prelude.UInt64 - use prelude.prelude.UIntSize + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.Int + use prelude.prelude.UInt64 - use prelude.prelude.Slice + use prelude.prelude.Slice64 - use prelude.prelude.Slice + use Slice64.create use seq.Seq function view'1 [#"../../../creusot-contracts/src/std/slice.rs" 30 4 30 33] (self : slice t_T'0) : Seq.seq t_T'0 axiom view'1_spec : forall self : slice t_T'0 . ([%#sslice7] Seq.length (view'1 self) - <= UIntSize.to_int (v_MAX'0 : usize)) - && ([%#sslice8] view'1 self = Slice.id self) + <= UInt64.to_uint (v_MAX'0 : UInt64.t)) + && ([%#sslice8] view'1 self = Slice64.id self) - function view'0 [#"../../../creusot-contracts/src/std/slice.rs" 428 4 428 33] (self : t_IterMut'0) : borrowed (slice t_T'0) + function view'0 [#"../../../creusot-contracts/src/std/slice.rs" 446 4 446 33] (self : t_IterMut'0) : borrowed (slice t_T'0) axiom view'0_spec : forall self : t_IterMut'0 . [%#sslice4] Seq.length (view'1 (view'0 self).final) @@ -14031,7 +14282,7 @@ module M_creusot_contracts__stdqy35z1__slice__qyi7128337469104663169__produces_r = [%#sops10] Seq.get (view'1 self) ix - function to_mut_seq'0 [#"../../../creusot-contracts/src/std/slice.rs" 90 4 90 43] (self : borrowed (slice t_T'0)) : Seq.seq (borrowed t_T'0) + function to_mut_seq'0 [#"../../../creusot-contracts/src/std/slice.rs" 108 4 108 43] (self : borrowed (slice t_T'0)) : Seq.seq (borrowed t_T'0) axiom to_mut_seq'0_spec : forall self : borrowed (slice t_T'0) . ([%#sslice5] Seq.length (to_mut_seq'0 self) @@ -14042,30 +14293,30 @@ module M_creusot_contracts__stdqy35z1__slice__qyi7128337469104663169__produces_r use seq.Seq - predicate produces'0 [#"../../../creusot-contracts/src/std/slice.rs" 457 4 457 65] (self : t_IterMut'0) (visited : Seq.seq (borrowed t_T'0)) (tl : t_IterMut'0) + predicate produces'0 [#"../../../creusot-contracts/src/std/slice.rs" 475 4 475 65] (self : t_IterMut'0) (visited : Seq.seq (borrowed t_T'0)) (tl : t_IterMut'0) = [%#sslice3] to_mut_seq'0 (view'0 self) = Seq.(++) visited (to_mut_seq'0 (view'0 tl)) constant self : t_IterMut'0 - function produces_refl'0 [#"../../../creusot-contracts/src/std/slice.rs" 467 4 467 26] (self : t_IterMut'0) : () + function produces_refl'0 [#"../../../creusot-contracts/src/std/slice.rs" 485 4 485 26] (self : t_IterMut'0) : () goal vc_produces_refl'0 : ([%#sslice0] inv'0 self) -> ([%#sslice1] produces'0 self (Seq.empty : Seq.seq (borrowed t_T'0)) self) end -module M_creusot_contracts__stdqy35z1__slice__qyi7128337469104663169__produces_trans [#"../../../creusot-contracts/src/std/slice.rs" 477 4 477 90] (* as std::iter::Iterator> *) - let%span sslice0 = "../../../creusot-contracts/src/std/slice.rs" 471 15 471 21 - let%span sslice1 = "../../../creusot-contracts/src/std/slice.rs" 472 15 472 21 - let%span sslice2 = "../../../creusot-contracts/src/std/slice.rs" 473 15 473 21 - let%span sslice3 = "../../../creusot-contracts/src/std/slice.rs" 474 15 474 32 - let%span sslice4 = "../../../creusot-contracts/src/std/slice.rs" 475 15 475 32 - let%span sslice5 = "../../../creusot-contracts/src/std/slice.rs" 476 14 476 42 - let%span sslice6 = "../../../creusot-contracts/src/std/slice.rs" 469 4 469 10 - let%span sslice7 = "../../../creusot-contracts/src/std/slice.rs" 459 12 459 66 - let%span sslice8 = "../../../creusot-contracts/src/std/slice.rs" 427 14 427 50 - let%span sslice9 = "../../../creusot-contracts/src/std/slice.rs" 87 14 87 41 - let%span sslice10 = "../../../creusot-contracts/src/std/slice.rs" 88 14 88 84 +module M_creusot_contracts__stdqy35z1__slice__qyi7128337469104663169__produces_trans [#"../../../creusot-contracts/src/std/slice.rs" 495 4 495 90] (* as std::iter::Iterator> *) + let%span sslice0 = "../../../creusot-contracts/src/std/slice.rs" 489 15 489 21 + let%span sslice1 = "../../../creusot-contracts/src/std/slice.rs" 490 15 490 21 + let%span sslice2 = "../../../creusot-contracts/src/std/slice.rs" 491 15 491 21 + let%span sslice3 = "../../../creusot-contracts/src/std/slice.rs" 492 15 492 32 + let%span sslice4 = "../../../creusot-contracts/src/std/slice.rs" 493 15 493 32 + let%span sslice5 = "../../../creusot-contracts/src/std/slice.rs" 494 14 494 42 + let%span sslice6 = "../../../creusot-contracts/src/std/slice.rs" 487 4 487 10 + let%span sslice7 = "../../../creusot-contracts/src/std/slice.rs" 477 12 477 66 + let%span sslice8 = "../../../creusot-contracts/src/std/slice.rs" 445 14 445 50 + let%span sslice9 = "../../../creusot-contracts/src/std/slice.rs" 105 14 105 41 + let%span sslice10 = "../../../creusot-contracts/src/std/slice.rs" 106 14 106 84 let%span sslice11 = "../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 let%span sslice12 = "../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 let%span smodel13 = "../../../creusot-contracts/src/model.rs" 106 8 106 22 @@ -14091,27 +14342,27 @@ module M_creusot_contracts__stdqy35z1__slice__qyi7128337469104663169__produces_t use seq.Seq - use prelude.prelude.UIntSize + use prelude.prelude.Int - constant v_MAX'0 : usize = (18446744073709551615 : usize) + use prelude.prelude.UInt64 - use prelude.prelude.UIntSize + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.Int + use prelude.prelude.UInt64 - use prelude.prelude.Slice + use prelude.prelude.Slice64 - use prelude.prelude.Slice + use Slice64.create use seq.Seq function view'1 [#"../../../creusot-contracts/src/std/slice.rs" 30 4 30 33] (self : slice t_T'0) : Seq.seq t_T'0 axiom view'1_spec : forall self : slice t_T'0 . ([%#sslice11] Seq.length (view'1 self) - <= UIntSize.to_int (v_MAX'0 : usize)) - && ([%#sslice12] view'1 self = Slice.id self) + <= UInt64.to_uint (v_MAX'0 : UInt64.t)) + && ([%#sslice12] view'1 self = Slice64.id self) - function view'0 [#"../../../creusot-contracts/src/std/slice.rs" 428 4 428 33] (self : t_IterMut'0) : borrowed (slice t_T'0) + function view'0 [#"../../../creusot-contracts/src/std/slice.rs" 446 4 446 33] (self : t_IterMut'0) : borrowed (slice t_T'0) axiom view'0_spec : forall self : t_IterMut'0 . [%#sslice8] Seq.length (view'1 (view'0 self).final) @@ -14133,7 +14384,7 @@ module M_creusot_contracts__stdqy35z1__slice__qyi7128337469104663169__produces_t = [%#sops14] Seq.get (view'1 self) ix - function to_mut_seq'0 [#"../../../creusot-contracts/src/std/slice.rs" 90 4 90 43] (self : borrowed (slice t_T'0)) : Seq.seq (borrowed t_T'0) + function to_mut_seq'0 [#"../../../creusot-contracts/src/std/slice.rs" 108 4 108 43] (self : borrowed (slice t_T'0)) : Seq.seq (borrowed t_T'0) axiom to_mut_seq'0_spec : forall self : borrowed (slice t_T'0) . ([%#sslice9] Seq.length (to_mut_seq'0 self) @@ -14144,7 +14395,7 @@ module M_creusot_contracts__stdqy35z1__slice__qyi7128337469104663169__produces_t use seq.Seq - predicate produces'0 [#"../../../creusot-contracts/src/std/slice.rs" 457 4 457 65] (self : t_IterMut'0) (visited : Seq.seq (borrowed t_T'0)) (tl : t_IterMut'0) + predicate produces'0 [#"../../../creusot-contracts/src/std/slice.rs" 475 4 475 65] (self : t_IterMut'0) (visited : Seq.seq (borrowed t_T'0)) (tl : t_IterMut'0) = [%#sslice7] to_mut_seq'0 (view'0 self) = Seq.(++) visited (to_mut_seq'0 (view'0 tl)) @@ -14159,7 +14410,7 @@ module M_creusot_contracts__stdqy35z1__slice__qyi7128337469104663169__produces_t constant c : t_IterMut'0 - function produces_trans'0 [#"../../../creusot-contracts/src/std/slice.rs" 477 4 477 90] (a : t_IterMut'0) (ab : Seq.seq (borrowed t_T'0)) (b : t_IterMut'0) (bc : Seq.seq (borrowed t_T'0)) (c : t_IterMut'0) : () + function produces_trans'0 [#"../../../creusot-contracts/src/std/slice.rs" 495 4 495 90] (a : t_IterMut'0) (ab : Seq.seq (borrowed t_T'0)) (b : t_IterMut'0) (bc : Seq.seq (borrowed t_T'0)) (c : t_IterMut'0) : () goal vc_produces_trans'0 : ([%#sslice4] produces'0 b bc c) @@ -14183,7 +14434,9 @@ module M_creusot_contracts__stdqy35z1__vec__qyi12862303518309667396__produces_re type t_NonNull'0 = { t_NonNull__pointer'0: opaque_ptr } - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 type t_A'0 @@ -14193,7 +14446,7 @@ module M_creusot_contracts__stdqy35z1__vec__qyi12862303518309667396__produces_re type t_IntoIter'0 = { t_IntoIter__buf'0: t_NonNull'0; t_IntoIter__phantom'0: (); - t_IntoIter__cap'0: usize; + t_IntoIter__cap'0: UInt64.t; t_IntoIter__alloc'0: t_ManuallyDrop'0; t_IntoIter__ptr'0: t_NonNull'0; t_IntoIter__end'0: opaque_ptr } @@ -14225,7 +14478,9 @@ module M_creusot_contracts__stdqy35z1__vec__qyi12862303518309667396__produces_tr type t_NonNull'0 = { t_NonNull__pointer'0: opaque_ptr } - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 type t_A'0 @@ -14235,7 +14490,7 @@ module M_creusot_contracts__stdqy35z1__vec__qyi12862303518309667396__produces_tr type t_IntoIter'0 = { t_IntoIter__buf'0: t_NonNull'0; t_IntoIter__phantom'0: (); - t_IntoIter__cap'0: usize; + t_IntoIter__cap'0: UInt64.t; t_IntoIter__alloc'0: t_ManuallyDrop'0; t_IntoIter__ptr'0: t_NonNull'0; t_IntoIter__end'0: opaque_ptr } @@ -15171,12 +15426,12 @@ module M_creusot_contracts__ghost_ptr__qyi14556734806454041375__are_eq [#"../../ (! return' {result}) ] - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 - let rec addr'0 (self:opaque_ptr) (return' (ret:usize))= any - [ return' (result:usize)-> {[%#sghost_ptr7] UIntSize.to_int result = addr_logic'0 self} (! return' {result}) ] + let rec addr'0 (self:opaque_ptr) (return' (ret:UInt64.t))= any + [ return' (result:UInt64.t)-> {[%#sghost_ptr7] UInt64.to_uint result = addr_logic'0 self} (! return' {result}) ] use prelude.prelude.Intrinsic @@ -15188,17 +15443,17 @@ module M_creusot_contracts__ghost_ptr__qyi14556734806454041375__are_eq [#"../../ {[@expl:are_eq requires #1] [%#sghost_ptr2] contains'0 (view'0 self) ptr2 \/ ptr2 = null_logic'0 ()} (! bb0 [ bb0 = s0 [ s0 = injective_lemma'0 {self} (fun (_ret':()) -> [ &_8 <- _ret' ] s1) | s1 = bb1 ] - | bb1 = s0 [ s0 = addr'0 {ptr1} (fun (_ret':usize) -> [ &_10 <- _ret' ] s1) | s1 = bb2 ] - | bb2 = s0 [ s0 = addr'0 {ptr2} (fun (_ret':usize) -> [ &_12 <- _ret' ] s1) | s1 = bb3 ] - | bb3 = s0 [ s0 = UIntSize.eq {_10} {_12} (fun (_ret':bool) -> [ &_0 <- _ret' ] s1) | s1 = return' {_0} ] ] + | bb1 = s0 [ s0 = addr'0 {ptr1} (fun (_ret':UInt64.t) -> [ &_10 <- _ret' ] s1) | s1 = bb2 ] + | bb2 = s0 [ s0 = addr'0 {ptr2} (fun (_ret':UInt64.t) -> [ &_12 <- _ret' ] s1) | s1 = bb3 ] + | bb3 = s0 [ s0 = UInt64.eq {_10} {_12} (fun (_ret':bool) -> [ &_0 <- _ret' ] s1) | s1 = return' {_0} ] ] ) [ & _0 : bool = any_l () | & self : t_GhostPtrToken'0 = self | & ptr1 : opaque_ptr = ptr1 | & ptr2 : opaque_ptr = ptr2 | & _8 : () = any_l () - | & _10 : usize = any_l () - | & _12 : usize = any_l () ] + | & _10 : UInt64.t = any_l () + | & _12 : UInt64.t = any_l () ] [ return' (result:bool)-> {[@expl:are_eq ensures #0] [%#sghost_ptr3] result = (addr_logic'0 ptr1 = addr_logic'0 ptr2)} @@ -16185,7 +16440,9 @@ module M_creusot_contracts__logic__ord__qyi8355372356285216375__trans__refines [ end module M_creusot_contracts__logic__ord__qyi15418235539824427604__eq_cmp__refines [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.UInt8 @@ -16194,40 +16451,46 @@ module M_creusot_contracts__logic__ord__qyi15418235539824427604__eq_cmp__refines | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.UInt8 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint8) (o : uint8) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : UInt8.t) (o : UInt8.t) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord1] if UInt8.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : uint8 . forall y : uint8 . forall result : () . (x = y) + goal refines : [%#sord0] forall x : UInt8.t . forall y : UInt8.t . forall result : () . (x = y) = (cmp_log'0 x y = C_Equal'0) -> (x = y) = (cmp_log'0 x y = C_Equal'0) end module M_creusot_contracts__logic__ord__qyi15418235539824427604__cmp_gt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.UInt8 - use prelude.prelude.Int + use prelude.prelude.UInt8 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint8) (o : uint8) : t_Ordering'0 + use prelude.prelude.UInt8 + + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : UInt8.t) (o : UInt8.t) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord1] if UInt8.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : uint8 . forall y : uint8 . forall result : () . (x > y) - = (cmp_log'0 x y = C_Greater'0) -> (x > y) = (cmp_log'0 x y = C_Greater'0) + goal refines : [%#sord0] forall x : UInt8.t . forall y : UInt8.t . forall result : () . UInt8.ugt x y + = (cmp_log'0 x y = C_Greater'0) -> UInt8.ugt x y = (cmp_log'0 x y = C_Greater'0) end module M_creusot_contracts__logic__ord__qyi15418235539824427604__trans__refines [#"../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.UInt8 @@ -16236,21 +16499,23 @@ module M_creusot_contracts__logic__ord__qyi15418235539824427604__trans__refines | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.UInt8 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint8) (o : uint8) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : UInt8.t) (o : UInt8.t) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord1] if UInt8.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : uint8 . forall y : uint8 . forall z : uint8 . forall o : t_Ordering'0 . cmp_log'0 y z + goal refines : [%#sord0] forall x : UInt8.t . forall y : UInt8.t . forall z : UInt8.t . forall o : t_Ordering'0 . cmp_log'0 y z = o /\ cmp_log'0 x y = o -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) end module M_creusot_contracts__logic__ord__qyi15418235539824427604__antisym2__refines [#"../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.UInt8 @@ -16259,82 +16524,94 @@ module M_creusot_contracts__logic__ord__qyi15418235539824427604__antisym2__refin | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.UInt8 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint8) (o : uint8) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : UInt8.t) (o : UInt8.t) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord1] if UInt8.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : uint8 . forall y : uint8 . cmp_log'0 x y = C_Greater'0 + goal refines : [%#sord0] forall x : UInt8.t . forall y : UInt8.t . cmp_log'0 x y = C_Greater'0 -> cmp_log'0 x y = C_Greater'0 /\ (forall result : () . cmp_log'0 y x = C_Less'0 -> cmp_log'0 y x = C_Less'0) end module M_creusot_contracts__logic__ord__qyi15418235539824427604__cmp_le_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.UInt8 - use prelude.prelude.Int + use prelude.prelude.UInt8 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint8) (o : uint8) : t_Ordering'0 + use prelude.prelude.UInt8 + + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : UInt8.t) (o : UInt8.t) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord1] if UInt8.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : uint8 . forall y : uint8 . forall result : () . (x <= y) - = (cmp_log'0 x y <> C_Greater'0) -> (x <= y) = (cmp_log'0 x y <> C_Greater'0) + goal refines : [%#sord0] forall x : UInt8.t . forall y : UInt8.t . forall result : () . UInt8.ule x y + = (cmp_log'0 x y <> C_Greater'0) -> UInt8.ule x y = (cmp_log'0 x y <> C_Greater'0) end module M_creusot_contracts__logic__ord__qyi15418235539824427604__cmp_lt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.UInt8 - use prelude.prelude.Int + use prelude.prelude.UInt8 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint8) (o : uint8) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : UInt8.t) (o : UInt8.t) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord1] if UInt8.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : uint8 . forall y : uint8 . forall result : () . (x < y) - = (cmp_log'0 x y = C_Less'0) -> (x < y) = (cmp_log'0 x y = C_Less'0) + goal refines : [%#sord0] forall x : UInt8.t . forall y : UInt8.t . forall result : () . UInt8.ult x y + = (cmp_log'0 x y = C_Less'0) -> UInt8.ult x y = (cmp_log'0 x y = C_Less'0) end module M_creusot_contracts__logic__ord__qyi15418235539824427604__cmp_ge_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.UInt8 - use prelude.prelude.Int + use prelude.prelude.UInt8 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint8) (o : uint8) : t_Ordering'0 + use prelude.prelude.UInt8 + + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : UInt8.t) (o : UInt8.t) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord1] if UInt8.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : uint8 . forall y : uint8 . forall result : () . (x >= y) - = (cmp_log'0 x y <> C_Less'0) -> (x >= y) = (cmp_log'0 x y <> C_Less'0) + goal refines : [%#sord0] forall x : UInt8.t . forall y : UInt8.t . forall result : () . UInt8.uge x y + = (cmp_log'0 x y <> C_Less'0) -> UInt8.uge x y = (cmp_log'0 x y <> C_Less'0) end module M_creusot_contracts__logic__ord__qyi15418235539824427604__antisym1__refines [#"../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.UInt8 @@ -16343,19 +16620,21 @@ module M_creusot_contracts__logic__ord__qyi15418235539824427604__antisym1__refin | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.UInt8 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint8) (o : uint8) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : UInt8.t) (o : UInt8.t) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord1] if UInt8.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : uint8 . forall y : uint8 . cmp_log'0 x y = C_Less'0 + goal refines : [%#sord0] forall x : UInt8.t . forall y : UInt8.t . cmp_log'0 x y = C_Less'0 -> cmp_log'0 x y = C_Less'0 /\ (forall result : () . cmp_log'0 y x = C_Greater'0 -> cmp_log'0 y x = C_Greater'0) end module M_creusot_contracts__logic__ord__qyi15418235539824427604__refl__refines [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.UInt8 @@ -16364,19 +16643,21 @@ module M_creusot_contracts__logic__ord__qyi15418235539824427604__refl__refines [ | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.UInt8 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint8) (o : uint8) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : UInt8.t) (o : UInt8.t) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord1] if UInt8.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : uint8 . forall result : () . cmp_log'0 x x = C_Equal'0 + goal refines : [%#sord0] forall x : UInt8.t . forall result : () . cmp_log'0 x x = C_Equal'0 -> cmp_log'0 x x = C_Equal'0 end module M_creusot_contracts__logic__ord__qyi7305497527599188430__antisym2__refines [#"../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.UInt16 @@ -16385,40 +16666,46 @@ module M_creusot_contracts__logic__ord__qyi7305497527599188430__antisym2__refine | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.UInt16 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint16) (o : uint16) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : UInt16.t) (o : UInt16.t) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord1] if UInt16.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : uint16 . forall y : uint16 . cmp_log'0 x y = C_Greater'0 + goal refines : [%#sord0] forall x : UInt16.t . forall y : UInt16.t . cmp_log'0 x y = C_Greater'0 -> cmp_log'0 x y = C_Greater'0 /\ (forall result : () . cmp_log'0 y x = C_Less'0 -> cmp_log'0 y x = C_Less'0) end module M_creusot_contracts__logic__ord__qyi7305497527599188430__cmp_ge_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.UInt16 - use prelude.prelude.Int + use prelude.prelude.UInt16 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint16) (o : uint16) : t_Ordering'0 + use prelude.prelude.UInt16 + + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : UInt16.t) (o : UInt16.t) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord1] if UInt16.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : uint16 . forall y : uint16 . forall result : () . (x >= y) - = (cmp_log'0 x y <> C_Less'0) -> (x >= y) = (cmp_log'0 x y <> C_Less'0) + goal refines : [%#sord0] forall x : UInt16.t . forall y : UInt16.t . forall result : () . UInt16.uge x y + = (cmp_log'0 x y <> C_Less'0) -> UInt16.uge x y = (cmp_log'0 x y <> C_Less'0) end module M_creusot_contracts__logic__ord__qyi7305497527599188430__refl__refines [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.UInt16 @@ -16427,61 +16714,69 @@ module M_creusot_contracts__logic__ord__qyi7305497527599188430__refl__refines [# | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.UInt16 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint16) (o : uint16) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : UInt16.t) (o : UInt16.t) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord1] if UInt16.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : uint16 . forall result : () . cmp_log'0 x x = C_Equal'0 + goal refines : [%#sord0] forall x : UInt16.t . forall result : () . cmp_log'0 x x = C_Equal'0 -> cmp_log'0 x x = C_Equal'0 end module M_creusot_contracts__logic__ord__qyi7305497527599188430__cmp_lt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.UInt16 - use prelude.prelude.Int + use prelude.prelude.UInt16 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint16) (o : uint16) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : UInt16.t) (o : UInt16.t) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord1] if UInt16.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : uint16 . forall y : uint16 . forall result : () . (x < y) - = (cmp_log'0 x y = C_Less'0) -> (x < y) = (cmp_log'0 x y = C_Less'0) + goal refines : [%#sord0] forall x : UInt16.t . forall y : UInt16.t . forall result : () . UInt16.ult x y + = (cmp_log'0 x y = C_Less'0) -> UInt16.ult x y = (cmp_log'0 x y = C_Less'0) end module M_creusot_contracts__logic__ord__qyi7305497527599188430__cmp_le_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.UInt16 - use prelude.prelude.Int + use prelude.prelude.UInt16 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint16) (o : uint16) : t_Ordering'0 + use prelude.prelude.UInt16 + + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : UInt16.t) (o : UInt16.t) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord1] if UInt16.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : uint16 . forall y : uint16 . forall result : () . (x <= y) - = (cmp_log'0 x y <> C_Greater'0) -> (x <= y) = (cmp_log'0 x y <> C_Greater'0) + goal refines : [%#sord0] forall x : UInt16.t . forall y : UInt16.t . forall result : () . UInt16.ule x y + = (cmp_log'0 x y <> C_Greater'0) -> UInt16.ule x y = (cmp_log'0 x y <> C_Greater'0) end module M_creusot_contracts__logic__ord__qyi7305497527599188430__antisym1__refines [#"../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.UInt16 @@ -16490,19 +16785,21 @@ module M_creusot_contracts__logic__ord__qyi7305497527599188430__antisym1__refine | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.UInt16 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint16) (o : uint16) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : UInt16.t) (o : UInt16.t) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord1] if UInt16.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : uint16 . forall y : uint16 . cmp_log'0 x y = C_Less'0 + goal refines : [%#sord0] forall x : UInt16.t . forall y : UInt16.t . cmp_log'0 x y = C_Less'0 -> cmp_log'0 x y = C_Less'0 /\ (forall result : () . cmp_log'0 y x = C_Greater'0 -> cmp_log'0 y x = C_Greater'0) end module M_creusot_contracts__logic__ord__qyi7305497527599188430__trans__refines [#"../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.UInt16 @@ -16511,21 +16808,23 @@ module M_creusot_contracts__logic__ord__qyi7305497527599188430__trans__refines [ | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.UInt16 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint16) (o : uint16) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : UInt16.t) (o : UInt16.t) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord1] if UInt16.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : uint16 . forall y : uint16 . forall z : uint16 . forall o : t_Ordering'0 . cmp_log'0 y z + goal refines : [%#sord0] forall x : UInt16.t . forall y : UInt16.t . forall z : UInt16.t . forall o : t_Ordering'0 . cmp_log'0 y z = o /\ cmp_log'0 x y = o -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) end module M_creusot_contracts__logic__ord__qyi7305497527599188430__eq_cmp__refines [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.UInt16 @@ -16534,61 +16833,71 @@ module M_creusot_contracts__logic__ord__qyi7305497527599188430__eq_cmp__refines | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.UInt16 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint16) (o : uint16) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : UInt16.t) (o : UInt16.t) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord1] if UInt16.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : uint16 . forall y : uint16 . forall result : () . (x = y) + goal refines : [%#sord0] forall x : UInt16.t . forall y : UInt16.t . forall result : () . (x = y) = (cmp_log'0 x y = C_Equal'0) -> (x = y) = (cmp_log'0 x y = C_Equal'0) end module M_creusot_contracts__logic__ord__qyi7305497527599188430__cmp_gt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.UInt16 - use prelude.prelude.Int + use prelude.prelude.UInt16 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint16) (o : uint16) : t_Ordering'0 + use prelude.prelude.UInt16 + + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : UInt16.t) (o : UInt16.t) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord1] if UInt16.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : uint16 . forall y : uint16 . forall result : () . (x > y) - = (cmp_log'0 x y = C_Greater'0) -> (x > y) = (cmp_log'0 x y = C_Greater'0) + goal refines : [%#sord0] forall x : UInt16.t . forall y : UInt16.t . forall result : () . UInt16.ugt x y + = (cmp_log'0 x y = C_Greater'0) -> UInt16.ugt x y = (cmp_log'0 x y = C_Greater'0) end module M_creusot_contracts__logic__ord__qyi4526525114627399862__cmp_gt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.UInt32 - use prelude.prelude.Int + use prelude.prelude.UInt32 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint32) (o : uint32) : t_Ordering'0 + use prelude.prelude.UInt32 + + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : UInt32.t) (o : UInt32.t) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord1] if UInt32.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : uint32 . forall y : uint32 . forall result : () . (x > y) - = (cmp_log'0 x y = C_Greater'0) -> (x > y) = (cmp_log'0 x y = C_Greater'0) + goal refines : [%#sord0] forall x : UInt32.t . forall y : UInt32.t . forall result : () . UInt32.ugt x y + = (cmp_log'0 x y = C_Greater'0) -> UInt32.ugt x y = (cmp_log'0 x y = C_Greater'0) end module M_creusot_contracts__logic__ord__qyi4526525114627399862__trans__refines [#"../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.UInt32 @@ -16597,84 +16906,96 @@ module M_creusot_contracts__logic__ord__qyi4526525114627399862__trans__refines [ | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.UInt32 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint32) (o : uint32) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : UInt32.t) (o : UInt32.t) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord1] if UInt32.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : uint32 . forall y : uint32 . forall z : uint32 . forall o : t_Ordering'0 . cmp_log'0 y z + goal refines : [%#sord0] forall x : UInt32.t . forall y : UInt32.t . forall z : UInt32.t . forall o : t_Ordering'0 . cmp_log'0 y z = o /\ cmp_log'0 x y = o -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) end module M_creusot_contracts__logic__ord__qyi4526525114627399862__cmp_lt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.UInt32 - use prelude.prelude.Int + use prelude.prelude.UInt32 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint32) (o : uint32) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : UInt32.t) (o : UInt32.t) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord1] if UInt32.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : uint32 . forall y : uint32 . forall result : () . (x < y) - = (cmp_log'0 x y = C_Less'0) -> (x < y) = (cmp_log'0 x y = C_Less'0) + goal refines : [%#sord0] forall x : UInt32.t . forall y : UInt32.t . forall result : () . UInt32.ult x y + = (cmp_log'0 x y = C_Less'0) -> UInt32.ult x y = (cmp_log'0 x y = C_Less'0) end module M_creusot_contracts__logic__ord__qyi4526525114627399862__cmp_ge_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.UInt32 - use prelude.prelude.Int + use prelude.prelude.UInt32 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint32) (o : uint32) : t_Ordering'0 + use prelude.prelude.UInt32 + + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : UInt32.t) (o : UInt32.t) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord1] if UInt32.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : uint32 . forall y : uint32 . forall result : () . (x >= y) - = (cmp_log'0 x y <> C_Less'0) -> (x >= y) = (cmp_log'0 x y <> C_Less'0) + goal refines : [%#sord0] forall x : UInt32.t . forall y : UInt32.t . forall result : () . UInt32.uge x y + = (cmp_log'0 x y <> C_Less'0) -> UInt32.uge x y = (cmp_log'0 x y <> C_Less'0) end module M_creusot_contracts__logic__ord__qyi4526525114627399862__cmp_le_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.UInt32 - use prelude.prelude.Int + use prelude.prelude.UInt32 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint32) (o : uint32) : t_Ordering'0 + use prelude.prelude.UInt32 + + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : UInt32.t) (o : UInt32.t) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord1] if UInt32.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : uint32 . forall y : uint32 . forall result : () . (x <= y) - = (cmp_log'0 x y <> C_Greater'0) -> (x <= y) = (cmp_log'0 x y <> C_Greater'0) + goal refines : [%#sord0] forall x : UInt32.t . forall y : UInt32.t . forall result : () . UInt32.ule x y + = (cmp_log'0 x y <> C_Greater'0) -> UInt32.ule x y = (cmp_log'0 x y <> C_Greater'0) end module M_creusot_contracts__logic__ord__qyi4526525114627399862__antisym2__refines [#"../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.UInt32 @@ -16683,19 +17004,21 @@ module M_creusot_contracts__logic__ord__qyi4526525114627399862__antisym2__refine | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.UInt32 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint32) (o : uint32) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : UInt32.t) (o : UInt32.t) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord1] if UInt32.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : uint32 . forall y : uint32 . cmp_log'0 x y = C_Greater'0 + goal refines : [%#sord0] forall x : UInt32.t . forall y : UInt32.t . cmp_log'0 x y = C_Greater'0 -> cmp_log'0 x y = C_Greater'0 /\ (forall result : () . cmp_log'0 y x = C_Less'0 -> cmp_log'0 y x = C_Less'0) end module M_creusot_contracts__logic__ord__qyi4526525114627399862__refl__refines [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.UInt32 @@ -16704,19 +17027,21 @@ module M_creusot_contracts__logic__ord__qyi4526525114627399862__refl__refines [# | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.UInt32 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint32) (o : uint32) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : UInt32.t) (o : UInt32.t) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord1] if UInt32.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : uint32 . forall result : () . cmp_log'0 x x = C_Equal'0 + goal refines : [%#sord0] forall x : UInt32.t . forall result : () . cmp_log'0 x x = C_Equal'0 -> cmp_log'0 x x = C_Equal'0 end module M_creusot_contracts__logic__ord__qyi4526525114627399862__eq_cmp__refines [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.UInt32 @@ -16725,19 +17050,21 @@ module M_creusot_contracts__logic__ord__qyi4526525114627399862__eq_cmp__refines | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.UInt32 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint32) (o : uint32) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : UInt32.t) (o : UInt32.t) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord1] if UInt32.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : uint32 . forall y : uint32 . forall result : () . (x = y) + goal refines : [%#sord0] forall x : UInt32.t . forall y : UInt32.t . forall result : () . (x = y) = (cmp_log'0 x y = C_Equal'0) -> (x = y) = (cmp_log'0 x y = C_Equal'0) end module M_creusot_contracts__logic__ord__qyi4526525114627399862__antisym1__refines [#"../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.UInt32 @@ -16746,19 +17073,21 @@ module M_creusot_contracts__logic__ord__qyi4526525114627399862__antisym1__refine | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.UInt32 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint32) (o : uint32) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : UInt32.t) (o : UInt32.t) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord1] if UInt32.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : uint32 . forall y : uint32 . cmp_log'0 x y = C_Less'0 + goal refines : [%#sord0] forall x : UInt32.t . forall y : UInt32.t . cmp_log'0 x y = C_Less'0 -> cmp_log'0 x y = C_Less'0 /\ (forall result : () . cmp_log'0 y x = C_Greater'0 -> cmp_log'0 y x = C_Greater'0) end module M_creusot_contracts__logic__ord__qyi11489483489418918928__trans__refines [#"../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.UInt64 @@ -16767,21 +17096,23 @@ module M_creusot_contracts__logic__ord__qyi11489483489418918928__trans__refines | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.UInt64 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint64) (o : uint64) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : UInt64.t) (o : UInt64.t) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord1] if UInt64.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : uint64 . forall y : uint64 . forall z : uint64 . forall o : t_Ordering'0 . cmp_log'0 y z + goal refines : [%#sord0] forall x : UInt64.t . forall y : UInt64.t . forall z : UInt64.t . forall o : t_Ordering'0 . cmp_log'0 y z = o /\ cmp_log'0 x y = o -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) end module M_creusot_contracts__logic__ord__qyi11489483489418918928__eq_cmp__refines [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.UInt64 @@ -16790,19 +17121,21 @@ module M_creusot_contracts__logic__ord__qyi11489483489418918928__eq_cmp__refines | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.UInt64 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint64) (o : uint64) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : UInt64.t) (o : UInt64.t) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord1] if UInt64.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : uint64 . forall y : uint64 . forall result : () . (x = y) + goal refines : [%#sord0] forall x : UInt64.t . forall y : UInt64.t . forall result : () . (x = y) = (cmp_log'0 x y = C_Equal'0) -> (x = y) = (cmp_log'0 x y = C_Equal'0) end module M_creusot_contracts__logic__ord__qyi11489483489418918928__antisym1__refines [#"../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.UInt64 @@ -16811,19 +17144,21 @@ module M_creusot_contracts__logic__ord__qyi11489483489418918928__antisym1__refin | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.UInt64 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint64) (o : uint64) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : UInt64.t) (o : UInt64.t) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord1] if UInt64.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : uint64 . forall y : uint64 . cmp_log'0 x y = C_Less'0 + goal refines : [%#sord0] forall x : UInt64.t . forall y : UInt64.t . cmp_log'0 x y = C_Less'0 -> cmp_log'0 x y = C_Less'0 /\ (forall result : () . cmp_log'0 y x = C_Greater'0 -> cmp_log'0 y x = C_Greater'0) end module M_creusot_contracts__logic__ord__qyi11489483489418918928__refl__refines [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.UInt64 @@ -16832,61 +17167,71 @@ module M_creusot_contracts__logic__ord__qyi11489483489418918928__refl__refines [ | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.UInt64 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint64) (o : uint64) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : UInt64.t) (o : UInt64.t) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord1] if UInt64.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : uint64 . forall result : () . cmp_log'0 x x = C_Equal'0 + goal refines : [%#sord0] forall x : UInt64.t . forall result : () . cmp_log'0 x x = C_Equal'0 -> cmp_log'0 x x = C_Equal'0 end module M_creusot_contracts__logic__ord__qyi11489483489418918928__cmp_le_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.UInt64 - use prelude.prelude.Int + use prelude.prelude.UInt64 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint64) (o : uint64) : t_Ordering'0 + use prelude.prelude.UInt64 + + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : UInt64.t) (o : UInt64.t) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord1] if UInt64.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : uint64 . forall y : uint64 . forall result : () . (x <= y) - = (cmp_log'0 x y <> C_Greater'0) -> (x <= y) = (cmp_log'0 x y <> C_Greater'0) + goal refines : [%#sord0] forall x : UInt64.t . forall y : UInt64.t . forall result : () . UInt64.ule x y + = (cmp_log'0 x y <> C_Greater'0) -> UInt64.ule x y = (cmp_log'0 x y <> C_Greater'0) end module M_creusot_contracts__logic__ord__qyi11489483489418918928__cmp_ge_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.UInt64 - use prelude.prelude.Int + use prelude.prelude.UInt64 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint64) (o : uint64) : t_Ordering'0 + use prelude.prelude.UInt64 + + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : UInt64.t) (o : UInt64.t) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord1] if UInt64.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : uint64 . forall y : uint64 . forall result : () . (x >= y) - = (cmp_log'0 x y <> C_Less'0) -> (x >= y) = (cmp_log'0 x y <> C_Less'0) + goal refines : [%#sord0] forall x : UInt64.t . forall y : UInt64.t . forall result : () . UInt64.uge x y + = (cmp_log'0 x y <> C_Less'0) -> UInt64.uge x y = (cmp_log'0 x y <> C_Less'0) end module M_creusot_contracts__logic__ord__qyi11489483489418918928__antisym2__refines [#"../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.UInt64 @@ -16895,61 +17240,69 @@ module M_creusot_contracts__logic__ord__qyi11489483489418918928__antisym2__refin | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.UInt64 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint64) (o : uint64) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : UInt64.t) (o : UInt64.t) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord1] if UInt64.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : uint64 . forall y : uint64 . cmp_log'0 x y = C_Greater'0 + goal refines : [%#sord0] forall x : UInt64.t . forall y : UInt64.t . cmp_log'0 x y = C_Greater'0 -> cmp_log'0 x y = C_Greater'0 /\ (forall result : () . cmp_log'0 y x = C_Less'0 -> cmp_log'0 y x = C_Less'0) end module M_creusot_contracts__logic__ord__qyi11489483489418918928__cmp_gt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.UInt64 - use prelude.prelude.Int + use prelude.prelude.UInt64 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint64) (o : uint64) : t_Ordering'0 + use prelude.prelude.UInt64 + + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : UInt64.t) (o : UInt64.t) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord1] if UInt64.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : uint64 . forall y : uint64 . forall result : () . (x > y) - = (cmp_log'0 x y = C_Greater'0) -> (x > y) = (cmp_log'0 x y = C_Greater'0) + goal refines : [%#sord0] forall x : UInt64.t . forall y : UInt64.t . forall result : () . UInt64.ugt x y + = (cmp_log'0 x y = C_Greater'0) -> UInt64.ugt x y = (cmp_log'0 x y = C_Greater'0) end module M_creusot_contracts__logic__ord__qyi11489483489418918928__cmp_lt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.UInt64 - use prelude.prelude.Int + use prelude.prelude.UInt64 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint64) (o : uint64) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : UInt64.t) (o : UInt64.t) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord1] if UInt64.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : uint64 . forall y : uint64 . forall result : () . (x < y) - = (cmp_log'0 x y = C_Less'0) -> (x < y) = (cmp_log'0 x y = C_Less'0) + goal refines : [%#sord0] forall x : UInt64.t . forall y : UInt64.t . forall result : () . UInt64.ult x y + = (cmp_log'0 x y = C_Less'0) -> UInt64.ult x y = (cmp_log'0 x y = C_Less'0) end module M_creusot_contracts__logic__ord__qyi13757098721041279861__antisym2__refines [#"../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.UInt128 @@ -16958,40 +17311,46 @@ module M_creusot_contracts__logic__ord__qyi13757098721041279861__antisym2__refin | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.UInt128 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint128) (o : uint128) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : UInt128.t) (o : UInt128.t) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord1] if UInt128.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : uint128 . forall y : uint128 . cmp_log'0 x y = C_Greater'0 + goal refines : [%#sord0] forall x : UInt128.t . forall y : UInt128.t . cmp_log'0 x y = C_Greater'0 -> cmp_log'0 x y = C_Greater'0 /\ (forall result : () . cmp_log'0 y x = C_Less'0 -> cmp_log'0 y x = C_Less'0) end module M_creusot_contracts__logic__ord__qyi13757098721041279861__cmp_le_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.UInt128 - use prelude.prelude.Int + use prelude.prelude.UInt128 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint128) (o : uint128) : t_Ordering'0 + use prelude.prelude.UInt128 + + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : UInt128.t) (o : UInt128.t) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord1] if UInt128.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : uint128 . forall y : uint128 . forall result : () . (x <= y) - = (cmp_log'0 x y <> C_Greater'0) -> (x <= y) = (cmp_log'0 x y <> C_Greater'0) + goal refines : [%#sord0] forall x : UInt128.t . forall y : UInt128.t . forall result : () . UInt128.ule x y + = (cmp_log'0 x y <> C_Greater'0) -> UInt128.ule x y = (cmp_log'0 x y <> C_Greater'0) end module M_creusot_contracts__logic__ord__qyi13757098721041279861__antisym1__refines [#"../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.UInt128 @@ -17000,19 +17359,21 @@ module M_creusot_contracts__logic__ord__qyi13757098721041279861__antisym1__refin | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.UInt128 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint128) (o : uint128) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : UInt128.t) (o : UInt128.t) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord1] if UInt128.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : uint128 . forall y : uint128 . cmp_log'0 x y = C_Less'0 + goal refines : [%#sord0] forall x : UInt128.t . forall y : UInt128.t . cmp_log'0 x y = C_Less'0 -> cmp_log'0 x y = C_Less'0 /\ (forall result : () . cmp_log'0 y x = C_Greater'0 -> cmp_log'0 y x = C_Greater'0) end module M_creusot_contracts__logic__ord__qyi13757098721041279861__trans__refines [#"../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.UInt128 @@ -17021,21 +17382,23 @@ module M_creusot_contracts__logic__ord__qyi13757098721041279861__trans__refines | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.UInt128 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint128) (o : uint128) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : UInt128.t) (o : UInt128.t) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord1] if UInt128.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : uint128 . forall y : uint128 . forall z : uint128 . forall o : t_Ordering'0 . cmp_log'0 y z + goal refines : [%#sord0] forall x : UInt128.t . forall y : UInt128.t . forall z : UInt128.t . forall o : t_Ordering'0 . cmp_log'0 y z = o /\ cmp_log'0 x y = o -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) end module M_creusot_contracts__logic__ord__qyi13757098721041279861__refl__refines [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.UInt128 @@ -17044,40 +17407,46 @@ module M_creusot_contracts__logic__ord__qyi13757098721041279861__refl__refines [ | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.UInt128 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint128) (o : uint128) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : UInt128.t) (o : UInt128.t) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord1] if UInt128.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : uint128 . forall result : () . cmp_log'0 x x = C_Equal'0 + goal refines : [%#sord0] forall x : UInt128.t . forall result : () . cmp_log'0 x x = C_Equal'0 -> cmp_log'0 x x = C_Equal'0 end module M_creusot_contracts__logic__ord__qyi13757098721041279861__cmp_ge_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.UInt128 - use prelude.prelude.Int + use prelude.prelude.UInt128 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint128) (o : uint128) : t_Ordering'0 + use prelude.prelude.UInt128 + + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : UInt128.t) (o : UInt128.t) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord1] if UInt128.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : uint128 . forall y : uint128 . forall result : () . (x >= y) - = (cmp_log'0 x y <> C_Less'0) -> (x >= y) = (cmp_log'0 x y <> C_Less'0) + goal refines : [%#sord0] forall x : UInt128.t . forall y : UInt128.t . forall result : () . UInt128.uge x y + = (cmp_log'0 x y <> C_Less'0) -> UInt128.uge x y = (cmp_log'0 x y <> C_Less'0) end module M_creusot_contracts__logic__ord__qyi13757098721041279861__eq_cmp__refines [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.UInt128 @@ -17086,294 +17455,332 @@ module M_creusot_contracts__logic__ord__qyi13757098721041279861__eq_cmp__refines | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.UInt128 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint128) (o : uint128) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : UInt128.t) (o : UInt128.t) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord1] if UInt128.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : uint128 . forall y : uint128 . forall result : () . (x = y) + goal refines : [%#sord0] forall x : UInt128.t . forall y : UInt128.t . forall result : () . (x = y) = (cmp_log'0 x y = C_Equal'0) -> (x = y) = (cmp_log'0 x y = C_Equal'0) end module M_creusot_contracts__logic__ord__qyi13757098721041279861__cmp_gt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.UInt128 - use prelude.prelude.Int + use prelude.prelude.UInt128 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint128) (o : uint128) : t_Ordering'0 + use prelude.prelude.UInt128 + + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : UInt128.t) (o : UInt128.t) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord1] if UInt128.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : uint128 . forall y : uint128 . forall result : () . (x > y) - = (cmp_log'0 x y = C_Greater'0) -> (x > y) = (cmp_log'0 x y = C_Greater'0) + goal refines : [%#sord0] forall x : UInt128.t . forall y : UInt128.t . forall result : () . UInt128.ugt x y + = (cmp_log'0 x y = C_Greater'0) -> UInt128.ugt x y = (cmp_log'0 x y = C_Greater'0) end module M_creusot_contracts__logic__ord__qyi13757098721041279861__cmp_lt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.UInt128 - use prelude.prelude.Int + use prelude.prelude.UInt128 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint128) (o : uint128) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : UInt128.t) (o : UInt128.t) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord1] if UInt128.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : uint128 . forall y : uint128 . forall result : () . (x < y) - = (cmp_log'0 x y = C_Less'0) -> (x < y) = (cmp_log'0 x y = C_Less'0) + goal refines : [%#sord0] forall x : UInt128.t . forall y : UInt128.t . forall result : () . UInt128.ult x y + = (cmp_log'0 x y = C_Less'0) -> UInt128.ult x y = (cmp_log'0 x y = C_Less'0) end module M_creusot_contracts__logic__ord__qyi8186105652185060096__antisym1__refines [#"../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.UInt64 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : usize) (o : usize) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : UInt64.t) (o : UInt64.t) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord1] if UInt64.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : usize . forall y : usize . cmp_log'0 x y = C_Less'0 + goal refines : [%#sord0] forall x : UInt64.t . forall y : UInt64.t . cmp_log'0 x y = C_Less'0 -> cmp_log'0 x y = C_Less'0 /\ (forall result : () . cmp_log'0 y x = C_Greater'0 -> cmp_log'0 y x = C_Greater'0) end module M_creusot_contracts__logic__ord__qyi8186105652185060096__cmp_ge_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 - - use prelude.prelude.UIntSize + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 use prelude.prelude.Int + use prelude.prelude.UInt64 + + use prelude.prelude.UInt64 + type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : usize) (o : usize) : t_Ordering'0 + use prelude.prelude.UInt64 + + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : UInt64.t) (o : UInt64.t) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord1] if UInt64.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : usize . forall y : usize . forall result : () . (x >= y) - = (cmp_log'0 x y <> C_Less'0) -> (x >= y) = (cmp_log'0 x y <> C_Less'0) + goal refines : [%#sord0] forall x : UInt64.t . forall y : UInt64.t . forall result : () . UInt64.uge x y + = (cmp_log'0 x y <> C_Less'0) -> UInt64.uge x y = (cmp_log'0 x y <> C_Less'0) end module M_creusot_contracts__logic__ord__qyi8186105652185060096__cmp_le_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 - - use prelude.prelude.UIntSize + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 use prelude.prelude.Int + use prelude.prelude.UInt64 + + use prelude.prelude.UInt64 + type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : usize) (o : usize) : t_Ordering'0 + use prelude.prelude.UInt64 + + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : UInt64.t) (o : UInt64.t) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord1] if UInt64.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : usize . forall y : usize . forall result : () . (x <= y) - = (cmp_log'0 x y <> C_Greater'0) -> (x <= y) = (cmp_log'0 x y <> C_Greater'0) + goal refines : [%#sord0] forall x : UInt64.t . forall y : UInt64.t . forall result : () . UInt64.ule x y + = (cmp_log'0 x y <> C_Greater'0) -> UInt64.ule x y = (cmp_log'0 x y <> C_Greater'0) end module M_creusot_contracts__logic__ord__qyi8186105652185060096__cmp_lt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 - - use prelude.prelude.UIntSize + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 use prelude.prelude.Int + use prelude.prelude.UInt64 + + use prelude.prelude.UInt64 + type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : usize) (o : usize) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : UInt64.t) (o : UInt64.t) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord1] if UInt64.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : usize . forall y : usize . forall result : () . (x < y) - = (cmp_log'0 x y = C_Less'0) -> (x < y) = (cmp_log'0 x y = C_Less'0) + goal refines : [%#sord0] forall x : UInt64.t . forall y : UInt64.t . forall result : () . UInt64.ult x y + = (cmp_log'0 x y = C_Less'0) -> UInt64.ult x y = (cmp_log'0 x y = C_Less'0) end module M_creusot_contracts__logic__ord__qyi8186105652185060096__cmp_gt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 - - use prelude.prelude.UIntSize + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 use prelude.prelude.Int + use prelude.prelude.UInt64 + + use prelude.prelude.UInt64 + type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : usize) (o : usize) : t_Ordering'0 + use prelude.prelude.UInt64 + + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : UInt64.t) (o : UInt64.t) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord1] if UInt64.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : usize . forall y : usize . forall result : () . (x > y) - = (cmp_log'0 x y = C_Greater'0) -> (x > y) = (cmp_log'0 x y = C_Greater'0) + goal refines : [%#sord0] forall x : UInt64.t . forall y : UInt64.t . forall result : () . UInt64.ugt x y + = (cmp_log'0 x y = C_Greater'0) -> UInt64.ugt x y = (cmp_log'0 x y = C_Greater'0) end module M_creusot_contracts__logic__ord__qyi8186105652185060096__trans__refines [#"../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.UInt64 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : usize) (o : usize) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : UInt64.t) (o : UInt64.t) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord1] if UInt64.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : usize . forall y : usize . forall z : usize . forall o : t_Ordering'0 . cmp_log'0 y z + goal refines : [%#sord0] forall x : UInt64.t . forall y : UInt64.t . forall z : UInt64.t . forall o : t_Ordering'0 . cmp_log'0 y z = o /\ cmp_log'0 x y = o -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) end module M_creusot_contracts__logic__ord__qyi8186105652185060096__eq_cmp__refines [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.UInt64 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : usize) (o : usize) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : UInt64.t) (o : UInt64.t) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord1] if UInt64.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : usize . forall y : usize . forall result : () . (x = y) + goal refines : [%#sord0] forall x : UInt64.t . forall y : UInt64.t . forall result : () . (x = y) = (cmp_log'0 x y = C_Equal'0) -> (x = y) = (cmp_log'0 x y = C_Equal'0) end module M_creusot_contracts__logic__ord__qyi8186105652185060096__antisym2__refines [#"../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.UInt64 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : usize) (o : usize) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : UInt64.t) (o : UInt64.t) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord1] if UInt64.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : usize . forall y : usize . cmp_log'0 x y = C_Greater'0 + goal refines : [%#sord0] forall x : UInt64.t . forall y : UInt64.t . cmp_log'0 x y = C_Greater'0 -> cmp_log'0 x y = C_Greater'0 /\ (forall result : () . cmp_log'0 y x = C_Less'0 -> cmp_log'0 y x = C_Less'0) end module M_creusot_contracts__logic__ord__qyi8186105652185060096__refl__refines [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.UInt64 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : usize) (o : usize) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : UInt64.t) (o : UInt64.t) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord1] if UInt64.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : usize . forall result : () . cmp_log'0 x x = C_Equal'0 + goal refines : [%#sord0] forall x : UInt64.t . forall result : () . cmp_log'0 x x = C_Equal'0 -> cmp_log'0 x x = C_Equal'0 end module M_creusot_contracts__logic__ord__qyi18413678402769648790__cmp_lt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.Int8 - use prelude.prelude.Int + use prelude.prelude.Int8 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int8) (o : int8) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : Int8.t) (o : Int8.t) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord1] if Int8.slt self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : int8 . forall y : int8 . forall result : () . (x < y) = (cmp_log'0 x y = C_Less'0) - -> (x < y) = (cmp_log'0 x y = C_Less'0) + goal refines : [%#sord0] forall x : Int8.t . forall y : Int8.t . forall result : () . Int8.slt x y + = (cmp_log'0 x y = C_Less'0) -> Int8.slt x y = (cmp_log'0 x y = C_Less'0) end module M_creusot_contracts__logic__ord__qyi18413678402769648790__cmp_ge_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.Int8 - use prelude.prelude.Int + use prelude.prelude.Int8 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int8) (o : int8) : t_Ordering'0 + use prelude.prelude.Int8 + + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : Int8.t) (o : Int8.t) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord1] if Int8.slt self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : int8 . forall y : int8 . forall result : () . (x >= y) - = (cmp_log'0 x y <> C_Less'0) -> (x >= y) = (cmp_log'0 x y <> C_Less'0) + goal refines : [%#sord0] forall x : Int8.t . forall y : Int8.t . forall result : () . Int8.sge x y + = (cmp_log'0 x y <> C_Less'0) -> Int8.sge x y = (cmp_log'0 x y <> C_Less'0) end module M_creusot_contracts__logic__ord__qyi18413678402769648790__trans__refines [#"../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.Int8 @@ -17382,21 +17789,23 @@ module M_creusot_contracts__logic__ord__qyi18413678402769648790__trans__refines | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.Int8 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int8) (o : int8) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : Int8.t) (o : Int8.t) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord1] if Int8.slt self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : int8 . forall y : int8 . forall z : int8 . forall o : t_Ordering'0 . cmp_log'0 y z + goal refines : [%#sord0] forall x : Int8.t . forall y : Int8.t . forall z : Int8.t . forall o : t_Ordering'0 . cmp_log'0 y z = o /\ cmp_log'0 x y = o -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) end module M_creusot_contracts__logic__ord__qyi18413678402769648790__refl__refines [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.Int8 @@ -17405,19 +17814,21 @@ module M_creusot_contracts__logic__ord__qyi18413678402769648790__refl__refines [ | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.Int8 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int8) (o : int8) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : Int8.t) (o : Int8.t) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord1] if Int8.slt self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : int8 . forall result : () . cmp_log'0 x x = C_Equal'0 + goal refines : [%#sord0] forall x : Int8.t . forall result : () . cmp_log'0 x x = C_Equal'0 -> cmp_log'0 x x = C_Equal'0 end module M_creusot_contracts__logic__ord__qyi18413678402769648790__antisym1__refines [#"../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.Int8 @@ -17426,40 +17837,46 @@ module M_creusot_contracts__logic__ord__qyi18413678402769648790__antisym1__refin | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.Int8 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int8) (o : int8) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : Int8.t) (o : Int8.t) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord1] if Int8.slt self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : int8 . forall y : int8 . cmp_log'0 x y = C_Less'0 + goal refines : [%#sord0] forall x : Int8.t . forall y : Int8.t . cmp_log'0 x y = C_Less'0 -> cmp_log'0 x y = C_Less'0 /\ (forall result : () . cmp_log'0 y x = C_Greater'0 -> cmp_log'0 y x = C_Greater'0) end module M_creusot_contracts__logic__ord__qyi18413678402769648790__cmp_gt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.Int8 - use prelude.prelude.Int + use prelude.prelude.Int8 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int8) (o : int8) : t_Ordering'0 + use prelude.prelude.Int8 + + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : Int8.t) (o : Int8.t) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord1] if Int8.slt self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : int8 . forall y : int8 . forall result : () . (x > y) - = (cmp_log'0 x y = C_Greater'0) -> (x > y) = (cmp_log'0 x y = C_Greater'0) + goal refines : [%#sord0] forall x : Int8.t . forall y : Int8.t . forall result : () . Int8.sgt x y + = (cmp_log'0 x y = C_Greater'0) -> Int8.sgt x y = (cmp_log'0 x y = C_Greater'0) end module M_creusot_contracts__logic__ord__qyi18413678402769648790__eq_cmp__refines [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.Int8 @@ -17468,19 +17885,21 @@ module M_creusot_contracts__logic__ord__qyi18413678402769648790__eq_cmp__refines | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.Int8 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int8) (o : int8) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : Int8.t) (o : Int8.t) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord1] if Int8.slt self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : int8 . forall y : int8 . forall result : () . (x = y) + goal refines : [%#sord0] forall x : Int8.t . forall y : Int8.t . forall result : () . (x = y) = (cmp_log'0 x y = C_Equal'0) -> (x = y) = (cmp_log'0 x y = C_Equal'0) end module M_creusot_contracts__logic__ord__qyi18413678402769648790__antisym2__refines [#"../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.Int8 @@ -17489,61 +17908,71 @@ module M_creusot_contracts__logic__ord__qyi18413678402769648790__antisym2__refin | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.Int8 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int8) (o : int8) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : Int8.t) (o : Int8.t) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord1] if Int8.slt self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : int8 . forall y : int8 . cmp_log'0 x y = C_Greater'0 + goal refines : [%#sord0] forall x : Int8.t . forall y : Int8.t . cmp_log'0 x y = C_Greater'0 -> cmp_log'0 x y = C_Greater'0 /\ (forall result : () . cmp_log'0 y x = C_Less'0 -> cmp_log'0 y x = C_Less'0) end module M_creusot_contracts__logic__ord__qyi18413678402769648790__cmp_le_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.Int8 - use prelude.prelude.Int + use prelude.prelude.Int8 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int8) (o : int8) : t_Ordering'0 + use prelude.prelude.Int8 + + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : Int8.t) (o : Int8.t) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord1] if Int8.slt self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : int8 . forall y : int8 . forall result : () . (x <= y) - = (cmp_log'0 x y <> C_Greater'0) -> (x <= y) = (cmp_log'0 x y <> C_Greater'0) + goal refines : [%#sord0] forall x : Int8.t . forall y : Int8.t . forall result : () . Int8.sle x y + = (cmp_log'0 x y <> C_Greater'0) -> Int8.sle x y = (cmp_log'0 x y <> C_Greater'0) end module M_creusot_contracts__logic__ord__qyi8040194823849327911__cmp_ge_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.Int16 - use prelude.prelude.Int + use prelude.prelude.Int16 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int16) (o : int16) : t_Ordering'0 + use prelude.prelude.Int16 + + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : Int16.t) (o : Int16.t) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord1] if Int16.slt self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : int16 . forall y : int16 . forall result : () . (x >= y) - = (cmp_log'0 x y <> C_Less'0) -> (x >= y) = (cmp_log'0 x y <> C_Less'0) + goal refines : [%#sord0] forall x : Int16.t . forall y : Int16.t . forall result : () . Int16.sge x y + = (cmp_log'0 x y <> C_Less'0) -> Int16.sge x y = (cmp_log'0 x y <> C_Less'0) end module M_creusot_contracts__logic__ord__qyi8040194823849327911__trans__refines [#"../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.Int16 @@ -17552,42 +17981,48 @@ module M_creusot_contracts__logic__ord__qyi8040194823849327911__trans__refines [ | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.Int16 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int16) (o : int16) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : Int16.t) (o : Int16.t) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord1] if Int16.slt self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : int16 . forall y : int16 . forall z : int16 . forall o : t_Ordering'0 . cmp_log'0 y z + goal refines : [%#sord0] forall x : Int16.t . forall y : Int16.t . forall z : Int16.t . forall o : t_Ordering'0 . cmp_log'0 y z = o /\ cmp_log'0 x y = o -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) end module M_creusot_contracts__logic__ord__qyi8040194823849327911__cmp_le_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.Int16 - use prelude.prelude.Int + use prelude.prelude.Int16 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int16) (o : int16) : t_Ordering'0 + use prelude.prelude.Int16 + + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : Int16.t) (o : Int16.t) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord1] if Int16.slt self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : int16 . forall y : int16 . forall result : () . (x <= y) - = (cmp_log'0 x y <> C_Greater'0) -> (x <= y) = (cmp_log'0 x y <> C_Greater'0) + goal refines : [%#sord0] forall x : Int16.t . forall y : Int16.t . forall result : () . Int16.sle x y + = (cmp_log'0 x y <> C_Greater'0) -> Int16.sle x y = (cmp_log'0 x y <> C_Greater'0) end module M_creusot_contracts__logic__ord__qyi8040194823849327911__refl__refines [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.Int16 @@ -17596,19 +18031,21 @@ module M_creusot_contracts__logic__ord__qyi8040194823849327911__refl__refines [# | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.Int16 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int16) (o : int16) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : Int16.t) (o : Int16.t) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord1] if Int16.slt self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : int16 . forall result : () . cmp_log'0 x x = C_Equal'0 + goal refines : [%#sord0] forall x : Int16.t . forall result : () . cmp_log'0 x x = C_Equal'0 -> cmp_log'0 x x = C_Equal'0 end module M_creusot_contracts__logic__ord__qyi8040194823849327911__eq_cmp__refines [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.Int16 @@ -17617,40 +18054,44 @@ module M_creusot_contracts__logic__ord__qyi8040194823849327911__eq_cmp__refines | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.Int16 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int16) (o : int16) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : Int16.t) (o : Int16.t) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord1] if Int16.slt self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : int16 . forall y : int16 . forall result : () . (x = y) + goal refines : [%#sord0] forall x : Int16.t . forall y : Int16.t . forall result : () . (x = y) = (cmp_log'0 x y = C_Equal'0) -> (x = y) = (cmp_log'0 x y = C_Equal'0) end module M_creusot_contracts__logic__ord__qyi8040194823849327911__cmp_lt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.Int16 - use prelude.prelude.Int + use prelude.prelude.Int16 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int16) (o : int16) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : Int16.t) (o : Int16.t) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord1] if Int16.slt self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : int16 . forall y : int16 . forall result : () . (x < y) - = (cmp_log'0 x y = C_Less'0) -> (x < y) = (cmp_log'0 x y = C_Less'0) + goal refines : [%#sord0] forall x : Int16.t . forall y : Int16.t . forall result : () . Int16.slt x y + = (cmp_log'0 x y = C_Less'0) -> Int16.slt x y = (cmp_log'0 x y = C_Less'0) end module M_creusot_contracts__logic__ord__qyi8040194823849327911__antisym2__refines [#"../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.Int16 @@ -17659,40 +18100,46 @@ module M_creusot_contracts__logic__ord__qyi8040194823849327911__antisym2__refine | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.Int16 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int16) (o : int16) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : Int16.t) (o : Int16.t) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord1] if Int16.slt self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : int16 . forall y : int16 . cmp_log'0 x y = C_Greater'0 + goal refines : [%#sord0] forall x : Int16.t . forall y : Int16.t . cmp_log'0 x y = C_Greater'0 -> cmp_log'0 x y = C_Greater'0 /\ (forall result : () . cmp_log'0 y x = C_Less'0 -> cmp_log'0 y x = C_Less'0) end module M_creusot_contracts__logic__ord__qyi8040194823849327911__cmp_gt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.Int16 - use prelude.prelude.Int + use prelude.prelude.Int16 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int16) (o : int16) : t_Ordering'0 + use prelude.prelude.Int16 + + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : Int16.t) (o : Int16.t) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord1] if Int16.slt self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : int16 . forall y : int16 . forall result : () . (x > y) - = (cmp_log'0 x y = C_Greater'0) -> (x > y) = (cmp_log'0 x y = C_Greater'0) + goal refines : [%#sord0] forall x : Int16.t . forall y : Int16.t . forall result : () . Int16.sgt x y + = (cmp_log'0 x y = C_Greater'0) -> Int16.sgt x y = (cmp_log'0 x y = C_Greater'0) end module M_creusot_contracts__logic__ord__qyi8040194823849327911__antisym1__refines [#"../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.Int16 @@ -17701,40 +18148,46 @@ module M_creusot_contracts__logic__ord__qyi8040194823849327911__antisym1__refine | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.Int16 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int16) (o : int16) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : Int16.t) (o : Int16.t) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord1] if Int16.slt self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : int16 . forall y : int16 . cmp_log'0 x y = C_Less'0 + goal refines : [%#sord0] forall x : Int16.t . forall y : Int16.t . cmp_log'0 x y = C_Less'0 -> cmp_log'0 x y = C_Less'0 /\ (forall result : () . cmp_log'0 y x = C_Greater'0 -> cmp_log'0 y x = C_Greater'0) end module M_creusot_contracts__logic__ord__qyi211457485035727011__cmp_le_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.Int32 - use prelude.prelude.Int + use prelude.prelude.Int32 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int32) (o : int32) : t_Ordering'0 + use prelude.prelude.Int32 + + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : Int32.t) (o : Int32.t) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord1] if Int32.slt self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : int32 . forall y : int32 . forall result : () . (x <= y) - = (cmp_log'0 x y <> C_Greater'0) -> (x <= y) = (cmp_log'0 x y <> C_Greater'0) + goal refines : [%#sord0] forall x : Int32.t . forall y : Int32.t . forall result : () . Int32.sle x y + = (cmp_log'0 x y <> C_Greater'0) -> Int32.sle x y = (cmp_log'0 x y <> C_Greater'0) end module M_creusot_contracts__logic__ord__qyi211457485035727011__trans__refines [#"../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.Int32 @@ -17743,84 +18196,96 @@ module M_creusot_contracts__logic__ord__qyi211457485035727011__trans__refines [# | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.Int32 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int32) (o : int32) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : Int32.t) (o : Int32.t) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord1] if Int32.slt self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : int32 . forall y : int32 . forall z : int32 . forall o : t_Ordering'0 . cmp_log'0 y z + goal refines : [%#sord0] forall x : Int32.t . forall y : Int32.t . forall z : Int32.t . forall o : t_Ordering'0 . cmp_log'0 y z = o /\ cmp_log'0 x y = o -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) end module M_creusot_contracts__logic__ord__qyi211457485035727011__cmp_gt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.Int32 - use prelude.prelude.Int + use prelude.prelude.Int32 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int32) (o : int32) : t_Ordering'0 + use prelude.prelude.Int32 + + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : Int32.t) (o : Int32.t) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord1] if Int32.slt self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : int32 . forall y : int32 . forall result : () . (x > y) - = (cmp_log'0 x y = C_Greater'0) -> (x > y) = (cmp_log'0 x y = C_Greater'0) + goal refines : [%#sord0] forall x : Int32.t . forall y : Int32.t . forall result : () . Int32.sgt x y + = (cmp_log'0 x y = C_Greater'0) -> Int32.sgt x y = (cmp_log'0 x y = C_Greater'0) end module M_creusot_contracts__logic__ord__qyi211457485035727011__cmp_lt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.Int32 - use prelude.prelude.Int + use prelude.prelude.Int32 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int32) (o : int32) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : Int32.t) (o : Int32.t) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord1] if Int32.slt self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : int32 . forall y : int32 . forall result : () . (x < y) - = (cmp_log'0 x y = C_Less'0) -> (x < y) = (cmp_log'0 x y = C_Less'0) + goal refines : [%#sord0] forall x : Int32.t . forall y : Int32.t . forall result : () . Int32.slt x y + = (cmp_log'0 x y = C_Less'0) -> Int32.slt x y = (cmp_log'0 x y = C_Less'0) end module M_creusot_contracts__logic__ord__qyi211457485035727011__cmp_ge_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.Int32 - use prelude.prelude.Int + use prelude.prelude.Int32 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int32) (o : int32) : t_Ordering'0 + use prelude.prelude.Int32 + + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : Int32.t) (o : Int32.t) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord1] if Int32.slt self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : int32 . forall y : int32 . forall result : () . (x >= y) - = (cmp_log'0 x y <> C_Less'0) -> (x >= y) = (cmp_log'0 x y <> C_Less'0) + goal refines : [%#sord0] forall x : Int32.t . forall y : Int32.t . forall result : () . Int32.sge x y + = (cmp_log'0 x y <> C_Less'0) -> Int32.sge x y = (cmp_log'0 x y <> C_Less'0) end module M_creusot_contracts__logic__ord__qyi211457485035727011__antisym1__refines [#"../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.Int32 @@ -17829,19 +18294,21 @@ module M_creusot_contracts__logic__ord__qyi211457485035727011__antisym1__refines | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.Int32 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int32) (o : int32) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : Int32.t) (o : Int32.t) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord1] if Int32.slt self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : int32 . forall y : int32 . cmp_log'0 x y = C_Less'0 + goal refines : [%#sord0] forall x : Int32.t . forall y : Int32.t . cmp_log'0 x y = C_Less'0 -> cmp_log'0 x y = C_Less'0 /\ (forall result : () . cmp_log'0 y x = C_Greater'0 -> cmp_log'0 y x = C_Greater'0) end module M_creusot_contracts__logic__ord__qyi211457485035727011__antisym2__refines [#"../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.Int32 @@ -17850,19 +18317,21 @@ module M_creusot_contracts__logic__ord__qyi211457485035727011__antisym2__refines | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.Int32 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int32) (o : int32) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : Int32.t) (o : Int32.t) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord1] if Int32.slt self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : int32 . forall y : int32 . cmp_log'0 x y = C_Greater'0 + goal refines : [%#sord0] forall x : Int32.t . forall y : Int32.t . cmp_log'0 x y = C_Greater'0 -> cmp_log'0 x y = C_Greater'0 /\ (forall result : () . cmp_log'0 y x = C_Less'0 -> cmp_log'0 y x = C_Less'0) end module M_creusot_contracts__logic__ord__qyi211457485035727011__refl__refines [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.Int32 @@ -17871,19 +18340,21 @@ module M_creusot_contracts__logic__ord__qyi211457485035727011__refl__refines [#" | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.Int32 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int32) (o : int32) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : Int32.t) (o : Int32.t) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord1] if Int32.slt self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : int32 . forall result : () . cmp_log'0 x x = C_Equal'0 + goal refines : [%#sord0] forall x : Int32.t . forall result : () . cmp_log'0 x x = C_Equal'0 -> cmp_log'0 x x = C_Equal'0 end module M_creusot_contracts__logic__ord__qyi211457485035727011__eq_cmp__refines [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.Int32 @@ -17892,19 +18363,21 @@ module M_creusot_contracts__logic__ord__qyi211457485035727011__eq_cmp__refines [ | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.Int32 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int32) (o : int32) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : Int32.t) (o : Int32.t) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord1] if Int32.slt self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : int32 . forall y : int32 . forall result : () . (x = y) + goal refines : [%#sord0] forall x : Int32.t . forall y : Int32.t . forall result : () . (x = y) = (cmp_log'0 x y = C_Equal'0) -> (x = y) = (cmp_log'0 x y = C_Equal'0) end module M_creusot_contracts__logic__ord__qyi2565746305859701215__refl__refines [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.Int64 @@ -17913,40 +18386,44 @@ module M_creusot_contracts__logic__ord__qyi2565746305859701215__refl__refines [# | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.Int64 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int64) (o : int64) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : Int64.t) (o : Int64.t) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord1] if Int64.slt self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : int64 . forall result : () . cmp_log'0 x x = C_Equal'0 + goal refines : [%#sord0] forall x : Int64.t . forall result : () . cmp_log'0 x x = C_Equal'0 -> cmp_log'0 x x = C_Equal'0 end module M_creusot_contracts__logic__ord__qyi2565746305859701215__cmp_lt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.Int64 - use prelude.prelude.Int + use prelude.prelude.Int64 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int64) (o : int64) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : Int64.t) (o : Int64.t) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord1] if Int64.slt self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : int64 . forall y : int64 . forall result : () . (x < y) - = (cmp_log'0 x y = C_Less'0) -> (x < y) = (cmp_log'0 x y = C_Less'0) + goal refines : [%#sord0] forall x : Int64.t . forall y : Int64.t . forall result : () . Int64.slt x y + = (cmp_log'0 x y = C_Less'0) -> Int64.slt x y = (cmp_log'0 x y = C_Less'0) end module M_creusot_contracts__logic__ord__qyi2565746305859701215__antisym1__refines [#"../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.Int64 @@ -17955,19 +18432,21 @@ module M_creusot_contracts__logic__ord__qyi2565746305859701215__antisym1__refine | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.Int64 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int64) (o : int64) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : Int64.t) (o : Int64.t) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord1] if Int64.slt self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : int64 . forall y : int64 . cmp_log'0 x y = C_Less'0 + goal refines : [%#sord0] forall x : Int64.t . forall y : Int64.t . cmp_log'0 x y = C_Less'0 -> cmp_log'0 x y = C_Less'0 /\ (forall result : () . cmp_log'0 y x = C_Greater'0 -> cmp_log'0 y x = C_Greater'0) end module M_creusot_contracts__logic__ord__qyi2565746305859701215__trans__refines [#"../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.Int64 @@ -17976,21 +18455,23 @@ module M_creusot_contracts__logic__ord__qyi2565746305859701215__trans__refines [ | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.Int64 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int64) (o : int64) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : Int64.t) (o : Int64.t) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord1] if Int64.slt self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : int64 . forall y : int64 . forall z : int64 . forall o : t_Ordering'0 . cmp_log'0 y z + goal refines : [%#sord0] forall x : Int64.t . forall y : Int64.t . forall z : Int64.t . forall o : t_Ordering'0 . cmp_log'0 y z = o /\ cmp_log'0 x y = o -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) end module M_creusot_contracts__logic__ord__qyi2565746305859701215__eq_cmp__refines [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.Int64 @@ -17999,19 +18480,21 @@ module M_creusot_contracts__logic__ord__qyi2565746305859701215__eq_cmp__refines | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.Int64 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int64) (o : int64) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : Int64.t) (o : Int64.t) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord1] if Int64.slt self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : int64 . forall y : int64 . forall result : () . (x = y) + goal refines : [%#sord0] forall x : Int64.t . forall y : Int64.t . forall result : () . (x = y) = (cmp_log'0 x y = C_Equal'0) -> (x = y) = (cmp_log'0 x y = C_Equal'0) end module M_creusot_contracts__logic__ord__qyi2565746305859701215__antisym2__refines [#"../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.Int64 @@ -18020,82 +18503,96 @@ module M_creusot_contracts__logic__ord__qyi2565746305859701215__antisym2__refine | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.Int64 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int64) (o : int64) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : Int64.t) (o : Int64.t) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord1] if Int64.slt self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : int64 . forall y : int64 . cmp_log'0 x y = C_Greater'0 + goal refines : [%#sord0] forall x : Int64.t . forall y : Int64.t . cmp_log'0 x y = C_Greater'0 -> cmp_log'0 x y = C_Greater'0 /\ (forall result : () . cmp_log'0 y x = C_Less'0 -> cmp_log'0 y x = C_Less'0) end module M_creusot_contracts__logic__ord__qyi2565746305859701215__cmp_gt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.Int64 - use prelude.prelude.Int + use prelude.prelude.Int64 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int64) (o : int64) : t_Ordering'0 + use prelude.prelude.Int64 + + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : Int64.t) (o : Int64.t) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord1] if Int64.slt self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : int64 . forall y : int64 . forall result : () . (x > y) - = (cmp_log'0 x y = C_Greater'0) -> (x > y) = (cmp_log'0 x y = C_Greater'0) + goal refines : [%#sord0] forall x : Int64.t . forall y : Int64.t . forall result : () . Int64.sgt x y + = (cmp_log'0 x y = C_Greater'0) -> Int64.sgt x y = (cmp_log'0 x y = C_Greater'0) end module M_creusot_contracts__logic__ord__qyi2565746305859701215__cmp_le_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.Int64 - use prelude.prelude.Int + use prelude.prelude.Int64 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int64) (o : int64) : t_Ordering'0 + use prelude.prelude.Int64 + + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : Int64.t) (o : Int64.t) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord1] if Int64.slt self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : int64 . forall y : int64 . forall result : () . (x <= y) - = (cmp_log'0 x y <> C_Greater'0) -> (x <= y) = (cmp_log'0 x y <> C_Greater'0) + goal refines : [%#sord0] forall x : Int64.t . forall y : Int64.t . forall result : () . Int64.sle x y + = (cmp_log'0 x y <> C_Greater'0) -> Int64.sle x y = (cmp_log'0 x y <> C_Greater'0) end module M_creusot_contracts__logic__ord__qyi2565746305859701215__cmp_ge_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.Int64 - use prelude.prelude.Int + use prelude.prelude.Int64 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int64) (o : int64) : t_Ordering'0 + use prelude.prelude.Int64 + + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : Int64.t) (o : Int64.t) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord1] if Int64.slt self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : int64 . forall y : int64 . forall result : () . (x >= y) - = (cmp_log'0 x y <> C_Less'0) -> (x >= y) = (cmp_log'0 x y <> C_Less'0) + goal refines : [%#sord0] forall x : Int64.t . forall y : Int64.t . forall result : () . Int64.sge x y + = (cmp_log'0 x y <> C_Less'0) -> Int64.sge x y = (cmp_log'0 x y <> C_Less'0) end module M_creusot_contracts__logic__ord__qyi2364657485180829964__antisym1__refines [#"../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.Int128 @@ -18104,19 +18601,21 @@ module M_creusot_contracts__logic__ord__qyi2364657485180829964__antisym1__refine | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.Int128 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int128) (o : int128) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : Int128.t) (o : Int128.t) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord1] if Int128.slt self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : int128 . forall y : int128 . cmp_log'0 x y = C_Less'0 + goal refines : [%#sord0] forall x : Int128.t . forall y : Int128.t . cmp_log'0 x y = C_Less'0 -> cmp_log'0 x y = C_Less'0 /\ (forall result : () . cmp_log'0 y x = C_Greater'0 -> cmp_log'0 y x = C_Greater'0) end module M_creusot_contracts__logic__ord__qyi2364657485180829964__eq_cmp__refines [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.Int128 @@ -18125,19 +18624,21 @@ module M_creusot_contracts__logic__ord__qyi2364657485180829964__eq_cmp__refines | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.Int128 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int128) (o : int128) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : Int128.t) (o : Int128.t) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord1] if Int128.slt self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : int128 . forall y : int128 . forall result : () . (x = y) + goal refines : [%#sord0] forall x : Int128.t . forall y : Int128.t . forall result : () . (x = y) = (cmp_log'0 x y = C_Equal'0) -> (x = y) = (cmp_log'0 x y = C_Equal'0) end module M_creusot_contracts__logic__ord__qyi2364657485180829964__antisym2__refines [#"../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.Int128 @@ -18146,40 +18647,46 @@ module M_creusot_contracts__logic__ord__qyi2364657485180829964__antisym2__refine | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.Int128 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int128) (o : int128) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : Int128.t) (o : Int128.t) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord1] if Int128.slt self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : int128 . forall y : int128 . cmp_log'0 x y = C_Greater'0 + goal refines : [%#sord0] forall x : Int128.t . forall y : Int128.t . cmp_log'0 x y = C_Greater'0 -> cmp_log'0 x y = C_Greater'0 /\ (forall result : () . cmp_log'0 y x = C_Less'0 -> cmp_log'0 y x = C_Less'0) end module M_creusot_contracts__logic__ord__qyi2364657485180829964__cmp_gt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.Int128 - use prelude.prelude.Int + use prelude.prelude.Int128 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int128) (o : int128) : t_Ordering'0 + use prelude.prelude.Int128 + + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : Int128.t) (o : Int128.t) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord1] if Int128.slt self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : int128 . forall y : int128 . forall result : () . (x > y) - = (cmp_log'0 x y = C_Greater'0) -> (x > y) = (cmp_log'0 x y = C_Greater'0) + goal refines : [%#sord0] forall x : Int128.t . forall y : Int128.t . forall result : () . Int128.sgt x y + = (cmp_log'0 x y = C_Greater'0) -> Int128.sgt x y = (cmp_log'0 x y = C_Greater'0) end module M_creusot_contracts__logic__ord__qyi2364657485180829964__refl__refines [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.Int128 @@ -18188,82 +18695,94 @@ module M_creusot_contracts__logic__ord__qyi2364657485180829964__refl__refines [# | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.Int128 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int128) (o : int128) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : Int128.t) (o : Int128.t) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord1] if Int128.slt self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : int128 . forall result : () . cmp_log'0 x x = C_Equal'0 + goal refines : [%#sord0] forall x : Int128.t . forall result : () . cmp_log'0 x x = C_Equal'0 -> cmp_log'0 x x = C_Equal'0 end module M_creusot_contracts__logic__ord__qyi2364657485180829964__cmp_ge_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.Int128 - use prelude.prelude.Int + use prelude.prelude.Int128 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int128) (o : int128) : t_Ordering'0 + use prelude.prelude.Int128 + + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : Int128.t) (o : Int128.t) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord1] if Int128.slt self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : int128 . forall y : int128 . forall result : () . (x >= y) - = (cmp_log'0 x y <> C_Less'0) -> (x >= y) = (cmp_log'0 x y <> C_Less'0) + goal refines : [%#sord0] forall x : Int128.t . forall y : Int128.t . forall result : () . Int128.sge x y + = (cmp_log'0 x y <> C_Less'0) -> Int128.sge x y = (cmp_log'0 x y <> C_Less'0) end module M_creusot_contracts__logic__ord__qyi2364657485180829964__cmp_lt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.Int128 - use prelude.prelude.Int + use prelude.prelude.Int128 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int128) (o : int128) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : Int128.t) (o : Int128.t) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord1] if Int128.slt self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : int128 . forall y : int128 . forall result : () . (x < y) - = (cmp_log'0 x y = C_Less'0) -> (x < y) = (cmp_log'0 x y = C_Less'0) + goal refines : [%#sord0] forall x : Int128.t . forall y : Int128.t . forall result : () . Int128.slt x y + = (cmp_log'0 x y = C_Less'0) -> Int128.slt x y = (cmp_log'0 x y = C_Less'0) end module M_creusot_contracts__logic__ord__qyi2364657485180829964__cmp_le_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.Int128 - use prelude.prelude.Int + use prelude.prelude.Int128 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int128) (o : int128) : t_Ordering'0 + use prelude.prelude.Int128 + + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : Int128.t) (o : Int128.t) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord1] if Int128.slt self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : int128 . forall y : int128 . forall result : () . (x <= y) - = (cmp_log'0 x y <> C_Greater'0) -> (x <= y) = (cmp_log'0 x y <> C_Greater'0) + goal refines : [%#sord0] forall x : Int128.t . forall y : Int128.t . forall result : () . Int128.sle x y + = (cmp_log'0 x y <> C_Greater'0) -> Int128.sle x y = (cmp_log'0 x y <> C_Greater'0) end module M_creusot_contracts__logic__ord__qyi2364657485180829964__trans__refines [#"../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.Int128 @@ -18272,220 +18791,244 @@ module M_creusot_contracts__logic__ord__qyi2364657485180829964__trans__refines [ | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.Int128 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int128) (o : int128) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : Int128.t) (o : Int128.t) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord1] if Int128.slt self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : int128 . forall y : int128 . forall z : int128 . forall o : t_Ordering'0 . cmp_log'0 y z + goal refines : [%#sord0] forall x : Int128.t . forall y : Int128.t . forall z : Int128.t . forall o : t_Ordering'0 . cmp_log'0 y z = o /\ cmp_log'0 x y = o -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) end module M_creusot_contracts__logic__ord__qyi8047313880300482848__antisym1__refines [#"../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int - use prelude.prelude.IntSize + use prelude.prelude.Int64 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.Int64 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : isize) (o : isize) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : Int64.t) (o : Int64.t) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord1] if Int64.slt self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : isize . forall y : isize . cmp_log'0 x y = C_Less'0 + goal refines : [%#sord0] forall x : Int64.t . forall y : Int64.t . cmp_log'0 x y = C_Less'0 -> cmp_log'0 x y = C_Less'0 /\ (forall result : () . cmp_log'0 y x = C_Greater'0 -> cmp_log'0 y x = C_Greater'0) end module M_creusot_contracts__logic__ord__qyi8047313880300482848__antisym2__refines [#"../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 - use prelude.prelude.IntSize + use prelude.prelude.Int + + use prelude.prelude.Int64 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.Int64 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : isize) (o : isize) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : Int64.t) (o : Int64.t) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord1] if Int64.slt self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : isize . forall y : isize . cmp_log'0 x y = C_Greater'0 + goal refines : [%#sord0] forall x : Int64.t . forall y : Int64.t . cmp_log'0 x y = C_Greater'0 -> cmp_log'0 x y = C_Greater'0 /\ (forall result : () . cmp_log'0 y x = C_Less'0 -> cmp_log'0 y x = C_Less'0) end module M_creusot_contracts__logic__ord__qyi8047313880300482848__cmp_ge_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 - - use prelude.prelude.IntSize + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 use prelude.prelude.Int + use prelude.prelude.Int64 + + use prelude.prelude.Int64 + type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : isize) (o : isize) : t_Ordering'0 + use prelude.prelude.Int64 + + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : Int64.t) (o : Int64.t) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord1] if Int64.slt self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : isize . forall y : isize . forall result : () . (x >= y) - = (cmp_log'0 x y <> C_Less'0) -> (x >= y) = (cmp_log'0 x y <> C_Less'0) + goal refines : [%#sord0] forall x : Int64.t . forall y : Int64.t . forall result : () . Int64.sge x y + = (cmp_log'0 x y <> C_Less'0) -> Int64.sge x y = (cmp_log'0 x y <> C_Less'0) end module M_creusot_contracts__logic__ord__qyi8047313880300482848__cmp_lt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 - - use prelude.prelude.IntSize + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 use prelude.prelude.Int + use prelude.prelude.Int64 + + use prelude.prelude.Int64 + type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : isize) (o : isize) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : Int64.t) (o : Int64.t) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord1] if Int64.slt self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : isize . forall y : isize . forall result : () . (x < y) - = (cmp_log'0 x y = C_Less'0) -> (x < y) = (cmp_log'0 x y = C_Less'0) + goal refines : [%#sord0] forall x : Int64.t . forall y : Int64.t . forall result : () . Int64.slt x y + = (cmp_log'0 x y = C_Less'0) -> Int64.slt x y = (cmp_log'0 x y = C_Less'0) end module M_creusot_contracts__logic__ord__qyi8047313880300482848__trans__refines [#"../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int - use prelude.prelude.IntSize + use prelude.prelude.Int64 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.Int64 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : isize) (o : isize) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : Int64.t) (o : Int64.t) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord1] if Int64.slt self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : isize . forall y : isize . forall z : isize . forall o : t_Ordering'0 . cmp_log'0 y z + goal refines : [%#sord0] forall x : Int64.t . forall y : Int64.t . forall z : Int64.t . forall o : t_Ordering'0 . cmp_log'0 y z = o /\ cmp_log'0 x y = o -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) end module M_creusot_contracts__logic__ord__qyi8047313880300482848__eq_cmp__refines [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int - use prelude.prelude.IntSize + use prelude.prelude.Int64 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.Int64 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : isize) (o : isize) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : Int64.t) (o : Int64.t) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord1] if Int64.slt self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : isize . forall y : isize . forall result : () . (x = y) + goal refines : [%#sord0] forall x : Int64.t . forall y : Int64.t . forall result : () . (x = y) = (cmp_log'0 x y = C_Equal'0) -> (x = y) = (cmp_log'0 x y = C_Equal'0) end module M_creusot_contracts__logic__ord__qyi8047313880300482848__refl__refines [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int - use prelude.prelude.IntSize + use prelude.prelude.Int64 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.Int64 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : isize) (o : isize) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : Int64.t) (o : Int64.t) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord1] if Int64.slt self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : isize . forall result : () . cmp_log'0 x x = C_Equal'0 + goal refines : [%#sord0] forall x : Int64.t . forall result : () . cmp_log'0 x x = C_Equal'0 -> cmp_log'0 x x = C_Equal'0 end module M_creusot_contracts__logic__ord__qyi8047313880300482848__cmp_gt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 - - use prelude.prelude.IntSize + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 use prelude.prelude.Int + use prelude.prelude.Int64 + + use prelude.prelude.Int64 + type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : isize) (o : isize) : t_Ordering'0 + use prelude.prelude.Int64 + + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : Int64.t) (o : Int64.t) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord1] if Int64.slt self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : isize . forall y : isize . forall result : () . (x > y) - = (cmp_log'0 x y = C_Greater'0) -> (x > y) = (cmp_log'0 x y = C_Greater'0) + goal refines : [%#sord0] forall x : Int64.t . forall y : Int64.t . forall result : () . Int64.sgt x y + = (cmp_log'0 x y = C_Greater'0) -> Int64.sgt x y = (cmp_log'0 x y = C_Greater'0) end module M_creusot_contracts__logic__ord__qyi8047313880300482848__cmp_le_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 - - use prelude.prelude.IntSize + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 use prelude.prelude.Int + use prelude.prelude.Int64 + + use prelude.prelude.Int64 + type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : isize) (o : isize) : t_Ordering'0 + use prelude.prelude.Int64 + + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 184 12 184 49] (self : Int64.t) (o : Int64.t) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord1] if Int64.slt self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : isize . forall y : isize . forall result : () . (x <= y) - = (cmp_log'0 x y <> C_Greater'0) -> (x <= y) = (cmp_log'0 x y <> C_Greater'0) + goal refines : [%#sord0] forall x : Int64.t . forall y : Int64.t . forall result : () . Int64.sle x y + = (cmp_log'0 x y <> C_Greater'0) -> Int64.sle x y = (cmp_log'0 x y <> C_Greater'0) end module M_creusot_contracts__logic__ord__qyi17836724837647357586__cmp_ge_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 31 20 31 53 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 197 8 202 9 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 275 8 280 9 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 196 4 196 41] (self : bool) (o : bool) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 274 4 274 41] (self : bool) (o : bool) : t_Ordering'0 = [%#sord2] match (self, o) with @@ -18503,14 +19046,14 @@ module M_creusot_contracts__logic__ord__qyi17836724837647357586__cmp_ge_log__ref end module M_creusot_contracts__logic__ord__qyi17836724837647357586__refl__refines [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 197 8 202 9 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 275 8 280 9 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 196 4 196 41] (self : bool) (o : bool) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 274 4 274 41] (self : bool) (o : bool) : t_Ordering'0 = [%#sord1] match (self, o) with @@ -18525,14 +19068,14 @@ module M_creusot_contracts__logic__ord__qyi17836724837647357586__refl__refines [ end module M_creusot_contracts__logic__ord__qyi17836724837647357586__antisym1__refines [#"../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 197 8 202 9 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 275 8 280 9 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 196 4 196 41] (self : bool) (o : bool) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 274 4 274 41] (self : bool) (o : bool) : t_Ordering'0 = [%#sord1] match (self, o) with @@ -18548,14 +19091,14 @@ end module M_creusot_contracts__logic__ord__qyi17836724837647357586__cmp_gt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 41 20 41 56 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 197 8 202 9 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 275 8 280 9 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 196 4 196 41] (self : bool) (o : bool) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 274 4 274 41] (self : bool) (o : bool) : t_Ordering'0 = [%#sord2] match (self, o) with @@ -18574,14 +19117,14 @@ end module M_creusot_contracts__logic__ord__qyi17836724837647357586__cmp_le_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 11 20 11 56 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 197 8 202 9 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 275 8 280 9 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 196 4 196 41] (self : bool) (o : bool) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 274 4 274 41] (self : bool) (o : bool) : t_Ordering'0 = [%#sord2] match (self, o) with @@ -18600,14 +19143,14 @@ end module M_creusot_contracts__logic__ord__qyi17836724837647357586__cmp_lt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39 let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 21 20 21 53 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 197 8 202 9 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 275 8 280 9 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 196 4 196 41] (self : bool) (o : bool) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 274 4 274 41] (self : bool) (o : bool) : t_Ordering'0 = [%#sord2] match (self, o) with @@ -18625,14 +19168,14 @@ module M_creusot_contracts__logic__ord__qyi17836724837647357586__cmp_lt_log__ref end module M_creusot_contracts__logic__ord__qyi17836724837647357586__eq_cmp__refines [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 197 8 202 9 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 275 8 280 9 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 196 4 196 41] (self : bool) (o : bool) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 274 4 274 41] (self : bool) (o : bool) : t_Ordering'0 = [%#sord1] match (self, o) with @@ -18647,14 +19190,14 @@ module M_creusot_contracts__logic__ord__qyi17836724837647357586__eq_cmp__refines end module M_creusot_contracts__logic__ord__qyi17836724837647357586__antisym2__refines [#"../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 197 8 202 9 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 275 8 280 9 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 196 4 196 41] (self : bool) (o : bool) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 274 4 274 41] (self : bool) (o : bool) : t_Ordering'0 = [%#sord1] match (self, o) with @@ -18669,14 +19212,14 @@ module M_creusot_contracts__logic__ord__qyi17836724837647357586__antisym2__refin end module M_creusot_contracts__logic__ord__qyi17836724837647357586__trans__refines [#"../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 197 8 202 9 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 275 8 280 9 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 196 4 196 41] (self : bool) (o : bool) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 274 4 274 41] (self : bool) (o : bool) : t_Ordering'0 = [%#sord1] match (self, o) with @@ -18693,8 +19236,8 @@ module M_creusot_contracts__logic__ord__qyi17836724837647357586__trans__refines end module M_creusot_contracts__logic__ord__qyi1910662420989811789__cmp_gt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (* <(A, B) as logic::ord::OrdLogic> *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 243 20 243 67 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 212 8 219 11 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 321 20 321 67 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 290 8 297 11 let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 15 14 15 64 let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 25 14 25 61 let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 35 14 35 61 @@ -18820,14 +19363,14 @@ module M_creusot_contracts__logic__ord__qyi1910662420989811789__cmp_gt_log__refi axiom cmp_le_log'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord3] le_log'1 x y = (cmp_log'1 x y <> C_Greater'0) - function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 242 4 242 36] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : bool + function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 320 4 320 36] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : bool = [%#sord1] (let (a, _) = self in a) = (let (a, _) = o in a) /\ gt_log'1 (let (_, a) = self in a) (let (_, a) = o in a) \/ gt_log'2 (let (a, _) = self in a) (let (a, _) = o in a) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 211 4 211 41] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 289 4 289 41] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : t_Ordering'0 = [%#sord2] let r = cmp_log'1 (let (a, _) = self in a) (let (a, _) = o in a) in if r = C_Equal'0 then @@ -18841,8 +19384,8 @@ module M_creusot_contracts__logic__ord__qyi1910662420989811789__cmp_gt_log__refi end module M_creusot_contracts__logic__ord__qyi1910662420989811789__cmp_ge_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (* <(A, B) as logic::ord::OrdLogic> *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 237 20 237 68 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 212 8 219 11 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 315 20 315 68 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 290 8 297 11 let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 15 14 15 64 let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 25 14 25 61 let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 35 14 35 61 @@ -18968,14 +19511,14 @@ module M_creusot_contracts__logic__ord__qyi1910662420989811789__cmp_ge_log__refi axiom cmp_le_log'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord3] le_log'1 x y = (cmp_log'1 x y <> C_Greater'0) - function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 236 4 236 36] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : bool + function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 314 4 314 36] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : bool = [%#sord1] (let (a, _) = self in a) = (let (a, _) = o in a) /\ ge_log'1 (let (_, a) = self in a) (let (_, a) = o in a) \/ gt_log'0 (let (a, _) = self in a) (let (a, _) = o in a) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 211 4 211 41] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 289 4 289 41] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : t_Ordering'0 = [%#sord2] let r = cmp_log'1 (let (a, _) = self in a) (let (a, _) = o in a) in if r = C_Equal'0 then @@ -18989,7 +19532,7 @@ module M_creusot_contracts__logic__ord__qyi1910662420989811789__cmp_ge_log__refi end module M_creusot_contracts__logic__ord__qyi1910662420989811789__antisym2__refines [#"../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37] (* <(A, B) as logic::ord::OrdLogic> *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 212 8 219 11 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 290 8 297 11 let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 15 14 15 64 let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 25 14 25 61 let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 35 14 35 61 @@ -19115,7 +19658,7 @@ module M_creusot_contracts__logic__ord__qyi1910662420989811789__antisym2__refine axiom cmp_le_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord2] le_log'1 x y = (cmp_log'2 x y <> C_Greater'0) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 211 4 211 41] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 289 4 289 41] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : t_Ordering'0 = [%#sord1] let r = cmp_log'1 (let (a, _) = self in a) (let (a, _) = o in a) in if r = C_Equal'0 then @@ -19129,7 +19672,7 @@ module M_creusot_contracts__logic__ord__qyi1910662420989811789__antisym2__refine end module M_creusot_contracts__logic__ord__qyi1910662420989811789__eq_cmp__refines [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (* <(A, B) as logic::ord::OrdLogic> *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 212 8 219 11 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 290 8 297 11 let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 15 14 15 64 let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 25 14 25 61 let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 35 14 35 61 @@ -19255,7 +19798,7 @@ module M_creusot_contracts__logic__ord__qyi1910662420989811789__eq_cmp__refines axiom cmp_le_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord2] le_log'1 x y = (cmp_log'2 x y <> C_Greater'0) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 211 4 211 41] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 289 4 289 41] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : t_Ordering'0 = [%#sord1] let r = cmp_log'1 (let (a, _) = self in a) (let (a, _) = o in a) in if r = C_Equal'0 then @@ -19269,8 +19812,8 @@ module M_creusot_contracts__logic__ord__qyi1910662420989811789__eq_cmp__refines end module M_creusot_contracts__logic__ord__qyi1910662420989811789__cmp_le_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (* <(A, B) as logic::ord::OrdLogic> *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 225 20 225 68 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 212 8 219 11 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 303 20 303 68 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 290 8 297 11 let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 15 14 15 64 let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 25 14 25 61 let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 35 14 35 61 @@ -19396,14 +19939,14 @@ module M_creusot_contracts__logic__ord__qyi1910662420989811789__cmp_le_log__refi axiom cmp_le_log'2_spec : forall x : t_A'0, y : t_A'0 . [%#sord3] le_log'2 x y = (cmp_log'1 x y <> C_Greater'0) - function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 224 4 224 36] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : bool + function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 302 4 302 36] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : bool = [%#sord1] (let (a, _) = self in a) = (let (a, _) = o in a) /\ le_log'1 (let (_, a) = self in a) (let (_, a) = o in a) \/ lt_log'0 (let (a, _) = self in a) (let (a, _) = o in a) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 211 4 211 41] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 289 4 289 41] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : t_Ordering'0 = [%#sord2] let r = cmp_log'1 (let (a, _) = self in a) (let (a, _) = o in a) in if r = C_Equal'0 then @@ -19417,7 +19960,7 @@ module M_creusot_contracts__logic__ord__qyi1910662420989811789__cmp_le_log__refi end module M_creusot_contracts__logic__ord__qyi1910662420989811789__refl__refines [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (* <(A, B) as logic::ord::OrdLogic> *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 212 8 219 11 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 290 8 297 11 let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 15 14 15 64 let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 25 14 25 61 let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 35 14 35 61 @@ -19543,7 +20086,7 @@ module M_creusot_contracts__logic__ord__qyi1910662420989811789__refl__refines [# axiom cmp_le_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord2] le_log'1 x y = (cmp_log'2 x y <> C_Greater'0) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 211 4 211 41] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 289 4 289 41] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : t_Ordering'0 = [%#sord1] let r = cmp_log'1 (let (a, _) = self in a) (let (a, _) = o in a) in if r = C_Equal'0 then @@ -19557,7 +20100,7 @@ module M_creusot_contracts__logic__ord__qyi1910662420989811789__refl__refines [# end module M_creusot_contracts__logic__ord__qyi1910662420989811789__trans__refines [#"../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56] (* <(A, B) as logic::ord::OrdLogic> *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 212 8 219 11 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 290 8 297 11 let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 15 14 15 64 let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 25 14 25 61 let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 35 14 35 61 @@ -19683,7 +20226,7 @@ module M_creusot_contracts__logic__ord__qyi1910662420989811789__trans__refines [ axiom cmp_le_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord2] le_log'1 x y = (cmp_log'2 x y <> C_Greater'0) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 211 4 211 41] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 289 4 289 41] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : t_Ordering'0 = [%#sord1] let r = cmp_log'1 (let (a, _) = self in a) (let (a, _) = o in a) in if r = C_Equal'0 then @@ -19699,8 +20242,8 @@ module M_creusot_contracts__logic__ord__qyi1910662420989811789__trans__refines [ end module M_creusot_contracts__logic__ord__qyi1910662420989811789__cmp_lt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (* <(A, B) as logic::ord::OrdLogic> *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 231 20 231 67 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 212 8 219 11 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 309 20 309 67 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 290 8 297 11 let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 15 14 15 64 let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 25 14 25 61 let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 35 14 35 61 @@ -19826,14 +20369,14 @@ module M_creusot_contracts__logic__ord__qyi1910662420989811789__cmp_lt_log__refi axiom cmp_le_log'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord3] le_log'1 x y = (cmp_log'1 x y <> C_Greater'0) - function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 230 4 230 36] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : bool + function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 308 4 308 36] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : bool = [%#sord1] (let (a, _) = self in a) = (let (a, _) = o in a) /\ lt_log'1 (let (_, a) = self in a) (let (_, a) = o in a) \/ lt_log'2 (let (a, _) = self in a) (let (a, _) = o in a) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 211 4 211 41] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 289 4 289 41] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : t_Ordering'0 = [%#sord2] let r = cmp_log'1 (let (a, _) = self in a) (let (a, _) = o in a) in if r = C_Equal'0 then @@ -19847,7 +20390,7 @@ module M_creusot_contracts__logic__ord__qyi1910662420989811789__cmp_lt_log__refi end module M_creusot_contracts__logic__ord__qyi1910662420989811789__antisym1__refines [#"../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37] (* <(A, B) as logic::ord::OrdLogic> *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 212 8 219 11 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 290 8 297 11 let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 15 14 15 64 let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 25 14 25 61 let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 35 14 35 61 @@ -19973,7 +20516,7 @@ module M_creusot_contracts__logic__ord__qyi1910662420989811789__antisym1__refine axiom cmp_le_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord2] le_log'1 x y = (cmp_log'2 x y <> C_Greater'0) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 211 4 211 41] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 289 4 289 41] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : t_Ordering'0 = [%#sord1] let r = cmp_log'1 (let (a, _) = self in a) (let (a, _) = o in a) in if r = C_Equal'0 then @@ -21880,7 +22423,9 @@ module M_creusot_contracts__stdqy35z1__deque__qyi8367101395671471553__resolve_co use prelude.prelude.Borrow - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 use prelude.prelude.Opaque @@ -21891,13 +22436,13 @@ module M_creusot_contracts__stdqy35z1__deque__qyi8367101395671471553__resolve_co { t_Unique__pointer'0: t_NonNull'0; t_Unique__qy95zmarker'0: () } type t_Cap'0 = - { t_Cap__0'0: usize } + { t_Cap__0'0: UInt64.t } type t_RawVec'0 = { t_RawVec__ptr'0: t_Unique'0; t_RawVec__cap'0: t_Cap'0; t_RawVec__alloc'0: () } type t_VecDeque'0 = - { t_VecDeque__head'0: usize; t_VecDeque__len'0: usize; t_VecDeque__buf'0: t_RawVec'0 } + { t_VecDeque__head'0: UInt64.t; t_VecDeque__len'0: UInt64.t; t_VecDeque__buf'0: t_RawVec'0 } predicate resolve'1 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_RawVec'0) = true @@ -21915,11 +22460,9 @@ module M_creusot_contracts__stdqy35z1__deque__qyi8367101395671471553__resolve_co axiom inv_axiom'0 [@rewrite] : forall x : t_VecDeque'0 [inv'0 x] . inv'0 x = true - use prelude.prelude.Int - use seq.Seq - constant v_MAX'0 : usize = (18446744073709551615 : usize) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) use prelude.prelude.UInt64 @@ -21930,7 +22473,7 @@ module M_creusot_contracts__stdqy35z1__deque__qyi8367101395671471553__resolve_co function view'0 [#"../../../creusot-contracts/src/std/deque.rs" 14 4 14 27] (self : t_VecDeque'0) : Seq.seq t_T'0 axiom view'0_spec : forall self : t_VecDeque'0 . [%#sdeque2] Seq.length (view'0 self) - <= UIntSize.to_int (v_MAX'0 : usize) + <= UInt64.to_uint (v_MAX'0 : UInt64.t) use seq.Seq @@ -22049,10 +22592,12 @@ module M_creusot_contracts__stdqy35z1__iter__enumerate__qyi2208779330486735413__ type t_I'0 - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 type t_Enumerate'0 = - { t_Enumerate__iter'0: t_I'0; t_Enumerate__count'0: usize } + { t_Enumerate__iter'0: t_I'0; t_Enumerate__count'0: UInt64.t } predicate resolve'1 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : UInt64.t) = true @@ -22215,12 +22760,14 @@ module M_creusot_contracts__stdqy35z1__iter__skip__qyi14372835745621067113__reso type t_I'0 - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 type t_Skip'0 = - { t_Skip__iter'0: t_I'0; t_Skip__n'0: usize } + { t_Skip__iter'0: t_I'0; t_Skip__n'0: UInt64.t } - predicate resolve'1 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : usize) = + predicate resolve'1 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : UInt64.t) = true predicate resolve'2 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_I'0) @@ -22266,10 +22813,12 @@ module M_creusot_contracts__stdqy35z1__iter__take__qyi11550387566643656565__reso type t_I'0 - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 type t_Take'0 = - { t_Take__iter'0: t_I'0; t_Take__n'0: usize } + { t_Take__iter'0: t_I'0; t_Take__n'0: UInt64.t } predicate resolve'1 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : UInt64.t) = true @@ -22307,10 +22856,10 @@ module M_creusot_contracts__stdqy35z1__iter__take__qyi11550387566643656565__reso goal refines : [%#stake0] forall self : t_Take'0 . structural_resolve'0 self /\ inv'0 self -> structural_resolve'0 self /\ (forall result : () . resolve'0 self -> resolve'0 self) end -module M_creusot_contracts__stdqy35z1__slice__qyi4472237099583716627__resolve_coherence__refines [#"../../../creusot-contracts/src/std/slice.rs" 445 4 445 31] (* as resolve::Resolve> *) - let%span sslice0 = "../../../creusot-contracts/src/std/slice.rs" 445 4 445 31 - let%span sslice1 = "../../../creusot-contracts/src/std/slice.rs" 437 20 437 36 - let%span sslice2 = "../../../creusot-contracts/src/std/slice.rs" 427 14 427 50 +module M_creusot_contracts__stdqy35z1__slice__qyi4472237099583716627__resolve_coherence__refines [#"../../../creusot-contracts/src/std/slice.rs" 463 4 463 31] (* as resolve::Resolve> *) + let%span sslice0 = "../../../creusot-contracts/src/std/slice.rs" 463 4 463 31 + let%span sslice1 = "../../../creusot-contracts/src/std/slice.rs" 455 20 455 36 + let%span sslice2 = "../../../creusot-contracts/src/std/slice.rs" 445 14 445 50 let%span sslice3 = "../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 let%span sslice4 = "../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 @@ -22345,17 +22894,17 @@ module M_creusot_contracts__stdqy35z1__slice__qyi4472237099583716627__resolve_co use seq.Seq - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.UIntSize - - use prelude.prelude.Int + use prelude.prelude.UInt64 - use prelude.prelude.Slice + use prelude.prelude.Slice64 - use prelude.prelude.Slice + use Slice64.create type t_T'0 @@ -22364,16 +22913,16 @@ module M_creusot_contracts__stdqy35z1__slice__qyi4472237099583716627__resolve_co function view'1 [#"../../../creusot-contracts/src/std/slice.rs" 30 4 30 33] (self : slice t_T'0) : Seq.seq t_T'0 axiom view'1_spec : forall self : slice t_T'0 . ([%#sslice3] Seq.length (view'1 self) - <= UIntSize.to_int (v_MAX'0 : usize)) - && ([%#sslice4] view'1 self = Slice.id self) + <= UInt64.to_uint (v_MAX'0 : UInt64.t)) + && ([%#sslice4] view'1 self = Slice64.id self) - function view'0 [#"../../../creusot-contracts/src/std/slice.rs" 428 4 428 33] (self : t_IterMut'0) : borrowed (slice t_T'0) + function view'0 [#"../../../creusot-contracts/src/std/slice.rs" 446 4 446 33] (self : t_IterMut'0) : borrowed (slice t_T'0) axiom view'0_spec : forall self : t_IterMut'0 . [%#sslice2] Seq.length (view'1 (view'0 self).final) = Seq.length (view'1 (view'0 self).current) - predicate resolve'0 [#"../../../creusot-contracts/src/std/slice.rs" 436 4 436 28] (self : t_IterMut'0) = + predicate resolve'0 [#"../../../creusot-contracts/src/std/slice.rs" 454 4 454 28] (self : t_IterMut'0) = [%#sslice1] (view'0 self).current = (view'0 self).final goal refines : [%#sslice0] forall self : t_IterMut'0 . structural_resolve'0 self /\ inv'0 self @@ -22399,10 +22948,12 @@ module M_creusot_contracts__stdqy35z1__vec__qyi6844585276173866460__resolve_cohe type t_Unique'0 = { t_Unique__pointer'0: t_NonNull'0; t_Unique__qy95zmarker'0: () } - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 type t_Cap'0 = - { t_Cap__0'0: usize } + { t_Cap__0'0: UInt64.t } type t_A'0 @@ -22410,7 +22961,7 @@ module M_creusot_contracts__stdqy35z1__vec__qyi6844585276173866460__resolve_cohe { t_RawVec__ptr'0: t_Unique'0; t_RawVec__cap'0: t_Cap'0; t_RawVec__alloc'0: t_A'0 } type t_Vec'0 = - { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: usize } + { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: UInt64.t } predicate resolve'1 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : UInt64.t) = true @@ -22425,19 +22976,17 @@ module M_creusot_contracts__stdqy35z1__vec__qyi6844585276173866460__resolve_cohe use seq.Seq - constant v_MAX'0 : usize = (18446744073709551615 : usize) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) use prelude.prelude.UInt64 - use prelude.prelude.Int - type t_T'0 use seq.Seq function view'0 [#"../../../creusot-contracts/src/std/vec.rs" 19 4 19 27] (self : t_Vec'0) : Seq.seq t_T'0 - axiom view'0_spec : forall self : t_Vec'0 . [%#svec2] Seq.length (view'0 self) <= UIntSize.to_int (v_MAX'0 : usize) + axiom view'0_spec : forall self : t_Vec'0 . [%#svec2] Seq.length (view'0 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) use seq.Seq @@ -22498,7 +23047,9 @@ module M_creusot_contracts__stdqy35z1__vec__qyi8594830193745006303__resolve_cohe type t_NonNull'0 = { t_NonNull__pointer'0: opaque_ptr } - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 type t_A'0 @@ -22508,7 +23059,7 @@ module M_creusot_contracts__stdqy35z1__vec__qyi8594830193745006303__resolve_cohe type t_IntoIter'0 = { t_IntoIter__buf'0: t_NonNull'0; t_IntoIter__phantom'0: (); - t_IntoIter__cap'0: usize; + t_IntoIter__cap'0: UInt64.t; t_IntoIter__alloc'0: t_ManuallyDrop'0; t_IntoIter__ptr'0: t_NonNull'0; t_IntoIter__end'0: opaque_ptr } @@ -22522,7 +23073,7 @@ module M_creusot_contracts__stdqy35z1__vec__qyi8594830193745006303__resolve_cohe predicate resolve'3 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_ManuallyDrop'0) = true - predicate resolve'4 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : usize) = + predicate resolve'4 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : UInt64.t) = true predicate resolve'5 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : ()) = @@ -22557,8 +23108,6 @@ module M_creusot_contracts__stdqy35z1__vec__qyi8594830193745006303__resolve_cohe axiom inv_axiom'0 [@rewrite] : forall x : t_IntoIter'0 [inv'0 x] . inv'0 x = invariant'0 x - use prelude.prelude.Int - type t_T'0 use seq.Seq @@ -22873,8 +23422,8 @@ end module M_creusot_contracts__stdqy35z1__deque__qyi3159098507555769709__produces_refl__refines [#"../../../creusot-contracts/src/std/deque.rs" 178 4 178 26] (* as std::iter::Iterator> *) let%span sdeque0 = "../../../creusot-contracts/src/std/deque.rs" 178 4 178 26 let%span sdeque1 = "../../../creusot-contracts/src/std/deque.rs" 171 12 171 66 - let%span sslice2 = "../../../creusot-contracts/src/std/slice.rs" 96 14 96 41 - let%span sslice3 = "../../../creusot-contracts/src/std/slice.rs" 97 14 97 80 + let%span sslice2 = "../../../creusot-contracts/src/std/slice.rs" 114 14 114 41 + let%span sslice3 = "../../../creusot-contracts/src/std/slice.rs" 115 14 115 80 let%span smodel4 = "../../../creusot-contracts/src/model.rs" 88 8 88 22 let%span sops5 = "../../../creusot-contracts/src/logic/ops.rs" 42 8 42 31 let%span sslice6 = "../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 @@ -22903,7 +23452,7 @@ module M_creusot_contracts__stdqy35z1__deque__qyi3159098507555769709__produces_r use seq.Seq - use prelude.prelude.Slice + use Slice64.create function view'0 [#"../../../creusot-contracts/src/std/deque.rs" 155 4 155 33] (self : t_Iter'0) : slice t_T'0 @@ -22913,21 +23462,21 @@ module M_creusot_contracts__stdqy35z1__deque__qyi3159098507555769709__produces_r use seq.Seq - use prelude.prelude.UInt64 + use prelude.prelude.Int - constant v_MAX'0 : usize = (18446744073709551615 : usize) + use prelude.prelude.UInt64 - use prelude.prelude.UIntSize + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.Int + use prelude.prelude.UInt64 - use prelude.prelude.Slice + use prelude.prelude.Slice64 function view'2 [#"../../../creusot-contracts/src/std/slice.rs" 30 4 30 33] (self : slice t_T'0) : Seq.seq t_T'0 axiom view'2_spec : forall self : slice t_T'0 . ([%#sslice6] Seq.length (view'2 self) - <= UIntSize.to_int (v_MAX'0 : usize)) - && ([%#sslice7] view'2 self = Slice.id self) + <= UInt64.to_uint (v_MAX'0 : UInt64.t)) + && ([%#sslice7] view'2 self = Slice64.id self) function view'1 [#"../../../creusot-contracts/src/model.rs" 87 4 87 33] (self : slice t_T'0) : Seq.seq t_T'0 = [%#smodel4] view'2 self @@ -22941,7 +23490,8 @@ module M_creusot_contracts__stdqy35z1__deque__qyi3159098507555769709__produces_r = [%#sops5] Seq.get (view'2 self) ix - function to_ref_seq'0 [#"../../../creusot-contracts/src/std/slice.rs" 98 4 98 35] (self : slice t_T'0) : Seq.seq t_T'0 + function to_ref_seq'0 [#"../../../creusot-contracts/src/std/slice.rs" 116 4 116 35] (self : slice t_T'0) : Seq.seq t_T'0 + axiom to_ref_seq'0_spec : forall self : slice t_T'0 . ([%#sslice2] Seq.length (to_ref_seq'0 self) = Seq.length (view'1 self)) @@ -22962,8 +23512,8 @@ end module M_creusot_contracts__stdqy35z1__deque__qyi3159098507555769709__produces_trans__refines [#"../../../creusot-contracts/src/std/deque.rs" 185 4 185 90] (* as std::iter::Iterator> *) let%span sdeque0 = "../../../creusot-contracts/src/std/deque.rs" 185 4 185 90 let%span sdeque1 = "../../../creusot-contracts/src/std/deque.rs" 171 12 171 66 - let%span sslice2 = "../../../creusot-contracts/src/std/slice.rs" 96 14 96 41 - let%span sslice3 = "../../../creusot-contracts/src/std/slice.rs" 97 14 97 80 + let%span sslice2 = "../../../creusot-contracts/src/std/slice.rs" 114 14 114 41 + let%span sslice3 = "../../../creusot-contracts/src/std/slice.rs" 115 14 115 80 let%span smodel4 = "../../../creusot-contracts/src/model.rs" 88 8 88 22 let%span sops5 = "../../../creusot-contracts/src/logic/ops.rs" 42 8 42 31 let%span sslice6 = "../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 @@ -22986,7 +23536,7 @@ module M_creusot_contracts__stdqy35z1__deque__qyi3159098507555769709__produces_t use seq.Seq - use prelude.prelude.Slice + use Slice64.create function view'0 [#"../../../creusot-contracts/src/std/deque.rs" 155 4 155 33] (self : t_Iter'0) : slice t_T'0 @@ -22996,21 +23546,21 @@ module M_creusot_contracts__stdqy35z1__deque__qyi3159098507555769709__produces_t use seq.Seq - use prelude.prelude.UIntSize + use prelude.prelude.Int - constant v_MAX'0 : usize = (18446744073709551615 : usize) + use prelude.prelude.UInt64 - use prelude.prelude.UIntSize + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.Int + use prelude.prelude.UInt64 - use prelude.prelude.Slice + use prelude.prelude.Slice64 function view'2 [#"../../../creusot-contracts/src/std/slice.rs" 30 4 30 33] (self : slice t_T'0) : Seq.seq t_T'0 axiom view'2_spec : forall self : slice t_T'0 . ([%#sslice6] Seq.length (view'2 self) - <= UIntSize.to_int (v_MAX'0 : usize)) - && ([%#sslice7] view'2 self = Slice.id self) + <= UInt64.to_uint (v_MAX'0 : UInt64.t)) + && ([%#sslice7] view'2 self = Slice64.id self) function view'1 [#"../../../creusot-contracts/src/model.rs" 87 4 87 33] (self : slice t_T'0) : Seq.seq t_T'0 = [%#smodel4] view'2 self @@ -23024,7 +23574,8 @@ module M_creusot_contracts__stdqy35z1__deque__qyi3159098507555769709__produces_t = [%#sops5] Seq.get (view'2 self) ix - function to_ref_seq'0 [#"../../../creusot-contracts/src/std/slice.rs" 98 4 98 35] (self : slice t_T'0) : Seq.seq t_T'0 + function to_ref_seq'0 [#"../../../creusot-contracts/src/std/slice.rs" 116 4 116 35] (self : slice t_T'0) : Seq.seq t_T'0 + axiom to_ref_seq'0_spec : forall self : slice t_T'0 . ([%#sslice2] Seq.length (to_ref_seq'0 self) = Seq.length (view'1 self)) @@ -23076,10 +23627,6 @@ module M_creusot_contracts__stdqy35z1__iter__cloned__qyi10472681371035856984__pr use seq.Seq - use prelude.prelude.Int128.to_int - - use prelude.prelude.Int128 - use prelude.prelude.Int use seq.Seq @@ -23155,7 +23702,7 @@ module M_creusot_contracts__stdqy35z1__iter__cloned__qyi10472681371035856984__pr [%#scloned1] exists s : Seq.seq t_T'0 . inv'1 s /\ produces'1 (iter'0 self) s (iter'0 o) /\ Seq.length visited = Seq.length s - /\ (forall i : int . Int128.to_int (0 : Int128.t) <= i /\ i < Seq.length s -> Seq.get visited i = Seq.get s i) + /\ (forall i : int . 0 <= i /\ i < Seq.length s -> Seq.get visited i = Seq.get s i) use seq.Seq @@ -23206,10 +23753,6 @@ module M_creusot_contracts__stdqy35z1__iter__cloned__qyi10472681371035856984__pr use seq.Seq - use prelude.prelude.Int128.to_int - - use prelude.prelude.Int128 - use prelude.prelude.Int use seq.Seq @@ -23276,7 +23819,7 @@ module M_creusot_contracts__stdqy35z1__iter__cloned__qyi10472681371035856984__pr [%#scloned1] exists s : Seq.seq t_T'0 . inv'1 s /\ produces'1 (iter'0 self) s (iter'0 o) /\ Seq.length visited = Seq.length s - /\ (forall i : int . Int128.to_int (0 : Int128.t) <= i /\ i < Seq.length s -> Seq.get visited i = Seq.get s i) + /\ (forall i : int . 0 <= i /\ i < Seq.length s -> Seq.get visited i = Seq.get s i) goal refines : [%#scloned0] forall self : t_Cloned'0 . inv'0 self -> inv'0 self @@ -23587,10 +24130,12 @@ module M_creusot_contracts__stdqy35z1__iter__enumerate__qyi2718914205750388896__ type t_I'0 - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 type t_Enumerate'0 = - { t_Enumerate__iter'0: t_I'0; t_Enumerate__count'0: usize } + { t_Enumerate__iter'0: t_I'0; t_Enumerate__count'0: UInt64.t } type t_Item'0 @@ -23598,8 +24143,6 @@ module M_creusot_contracts__stdqy35z1__iter__enumerate__qyi2718914205750388896__ use seq.Seq - use prelude.prelude.Int - function n'0 [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 21 4 21 21] (self : t_Enumerate'0) : int use seq.Seq @@ -23649,7 +24192,7 @@ module M_creusot_contracts__stdqy35z1__iter__enumerate__qyi2718914205750388896__ constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 use prelude.prelude.Borrow @@ -23663,7 +24206,7 @@ module M_creusot_contracts__stdqy35z1__iter__enumerate__qyi2718914205750388896__ predicate invariant'0 [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 43 4 43 30] (self : t_Enumerate'0) = [%#senumerate11] (forall s : Seq.seq t_Item'0, i : t_I'0 [produces'1 (iter'0 self) s i] . inv'1 s - /\ inv'2 i /\ produces'1 (iter'0 self) s i -> n'0 self + Seq.length s < UIntSize.to_int v_MAX'0) + /\ inv'2 i /\ produces'1 (iter'0 self) s i -> n'0 self + Seq.length s < UInt64.to_uint v_MAX'0) /\ (forall i : borrowed t_I'0 . completed'0 i -> produces'1 i.current (Seq.empty : Seq.seq t_Item'0) i.final) axiom inv_axiom'0 [@rewrite] : forall x : t_Enumerate'0 [inv'0 x] . inv'0 x @@ -23676,20 +24219,20 @@ module M_creusot_contracts__stdqy35z1__iter__enumerate__qyi2718914205750388896__ use seq.Seq - predicate produces'0 [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 72 4 72 64] (self : t_Enumerate'0) (visited : Seq.seq (usize, t_Item'0)) (o : t_Enumerate'0) + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 72 4 72 64] (self : t_Enumerate'0) (visited : Seq.seq (UInt64.t, t_Item'0)) (o : t_Enumerate'0) = [%#senumerate1] Seq.length visited = n'0 o - n'0 self /\ (exists s : Seq.seq t_Item'0 . inv'1 s /\ produces'1 (iter'0 self) s (iter'0 o) /\ Seq.length visited = Seq.length s - /\ (forall i : int . Int128.to_int (0 : Int128.t) <= i /\ i < Seq.length s - -> UInt64.to_int (let (a, _) = Seq.get visited i in a) = n'0 self + i + /\ (forall i : int . 0 <= i /\ i < Seq.length s + -> UInt64.to_uint (let (a, _) = Seq.get visited i in a) = n'0 self + i /\ (let (_, a) = Seq.get visited i in a) = Seq.get s i)) use seq.Seq - goal refines : [%#senumerate0] forall a : t_Enumerate'0 . forall ab : Seq.seq (usize, t_Item'0) . forall b : t_Enumerate'0 . forall bc : Seq.seq (usize, t_Item'0) . forall c : t_Enumerate'0 . produces'0 b bc c + goal refines : [%#senumerate0] forall a : t_Enumerate'0 . forall ab : Seq.seq (UInt64.t, t_Item'0) . forall b : t_Enumerate'0 . forall bc : Seq.seq (UInt64.t, t_Item'0) . forall c : t_Enumerate'0 . produces'0 b bc c /\ produces'0 a ab b /\ inv'0 c /\ inv'0 b /\ inv'0 a -> produces'0 b bc c /\ produces'0 a ab b @@ -23714,17 +24257,17 @@ module M_creusot_contracts__stdqy35z1__iter__enumerate__qyi2718914205750388896__ type t_I'0 - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 type t_Enumerate'0 = - { t_Enumerate__iter'0: t_I'0; t_Enumerate__count'0: usize } + { t_Enumerate__iter'0: t_I'0; t_Enumerate__count'0: UInt64.t } type t_Item'0 use seq.Seq - use prelude.prelude.Int - use seq.Seq use seq.Seq @@ -23770,9 +24313,9 @@ module M_creusot_contracts__stdqy35z1__iter__enumerate__qyi2718914205750388896__ function n'0 [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 21 4 21 21] (self : t_Enumerate'0) : int - constant v_MAX'0 : usize = (18446744073709551615 : usize) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 use prelude.prelude.Borrow @@ -23786,7 +24329,7 @@ module M_creusot_contracts__stdqy35z1__iter__enumerate__qyi2718914205750388896__ predicate invariant'0 [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 43 4 43 30] (self : t_Enumerate'0) = [%#senumerate3] (forall s : Seq.seq t_Item'0, i : t_I'0 [produces'1 (iter'0 self) s i] . inv'1 s - /\ inv'2 i /\ produces'1 (iter'0 self) s i -> n'0 self + Seq.length s < UIntSize.to_int v_MAX'0) + /\ inv'2 i /\ produces'1 (iter'0 self) s i -> n'0 self + Seq.length s < UInt64.to_uint v_MAX'0) /\ (forall i : borrowed t_I'0 . completed'0 i -> produces'1 i.current (Seq.empty : Seq.seq t_Item'0) i.final) axiom inv_axiom'0 [@rewrite] : forall x : t_Enumerate'0 [inv'0 x] . inv'0 x @@ -23803,13 +24346,9 @@ module M_creusot_contracts__stdqy35z1__iter__enumerate__qyi2718914205750388896__ use seq.Seq - use prelude.prelude.Int128.to_int - - use prelude.prelude.Int128 - use seq.Seq - predicate produces'0 [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 72 4 72 64] (self : t_Enumerate'0) (visited : Seq.seq (usize, t_Item'0)) (o : t_Enumerate'0) + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 72 4 72 64] (self : t_Enumerate'0) (visited : Seq.seq (UInt64.t, t_Item'0)) (o : t_Enumerate'0) = [%#senumerate1] Seq.length visited = n'0 o - n'0 self @@ -23817,13 +24356,13 @@ module M_creusot_contracts__stdqy35z1__iter__enumerate__qyi2718914205750388896__ /\ produces'1 (iter'0 self) s (iter'0 o) /\ Seq.length visited = Seq.length s /\ (forall i : int . 0 <= i /\ i < Seq.length s - -> UIntSize.to_int (let (a, _) = Seq.get visited i in a) = n'0 self + i + -> UInt64.to_uint (let (a, _) = Seq.get visited i in a) = n'0 self + i /\ (let (_, a) = Seq.get visited i in a) = Seq.get s i)) goal refines : [%#senumerate0] forall self : t_Enumerate'0 . inv'0 self -> inv'0 self - /\ (forall result : () . produces'0 self (Seq.empty : Seq.seq (usize, t_Item'0)) self - -> produces'0 self (Seq.empty : Seq.seq (usize, t_Item'0)) self) + /\ (forall result : () . produces'0 self (Seq.empty : Seq.seq (UInt64.t, t_Item'0)) self + -> produces'0 self (Seq.empty : Seq.seq (UInt64.t, t_Item'0)) self) end module M_creusot_contracts__stdqy35z1__iter__filter__qyi9573749579793237160__produces_refl__refines [#"../../../creusot-contracts/src/std/iter/filter.rs" 106 4 106 26] (* as std::iter::Iterator> *) let%span sfilter0 = "../../../creusot-contracts/src/std/iter/filter.rs" 106 4 106 26 @@ -24471,15 +25010,13 @@ module M_creusot_contracts__stdqy35z1__iter__map__qyi6597778842032428791__produc /\ (exists s : Seq.seq t_Item'0 [produces'1 (iter'0 self) s (iter'0 succ)] . inv'2 s /\ Seq.length s = Seq.length visited /\ produces'1 (iter'0 self) s (iter'0 succ) - /\ (forall i : int . Int128.to_int (1 : Int128.t) <= i /\ i < Seq.length fs - -> (Seq.get fs (i - Int128.to_int (1 : Int128.t))).final = (Seq.get fs i).current) - /\ (if Seq.length visited = Int128.to_int (0 : Int128.t) then + /\ (forall i : int . 1 <= i /\ i < Seq.length fs -> (Seq.get fs (i - 1)).final = (Seq.get fs i).current) + /\ (if Seq.length visited = 0 then func'0 self = func'0 succ else - (Seq.get fs (Int128.to_int (0 : Int128.t))).current = func'0 self - /\ (Seq.get fs (Seq.length visited - Int128.to_int (1 : Int128.t))).final = func'0 succ + (Seq.get fs 0).current = func'0 self /\ (Seq.get fs (Seq.length visited - 1)).final = func'0 succ ) - /\ (forall i : int . Int128.to_int (0 : Int128.t) <= i /\ i < Seq.length visited + /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> unnest'0 (func'0 self) (Seq.get fs i).current /\ precondition'0 (Seq.get fs i).current (Seq.get s i) /\ postcondition_mut'0 (Seq.get fs i).current (Seq.get s i) (Seq.get fs i).final (Seq.get visited i)))) @@ -24577,10 +25114,6 @@ module M_creusot_contracts__stdqy35z1__iter__map__qyi6597778842032428791__produc use seq.Seq - use prelude.prelude.Int128.to_int - - use prelude.prelude.Int128 - use prelude.prelude.Int use seq.Seq @@ -25504,7 +26037,7 @@ module M_creusot_contracts__stdqy35z1__iter__range__qyi11108913944999844411__pro [%#srange1] Seq.length visited = range_inclusive_len'0 self - range_inclusive_len'0 o /\ (is_empty_log'0 self -> is_empty_log'0 o) /\ (is_empty_log'0 o \/ end_log'0 self = end_log'0 o) - /\ (forall i : int . Int128.to_int (0 : Int128.t) <= i /\ i < Seq.length visited + /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> deep_model'0 (Seq.get visited i) = deep_model'0 (start_log'0 self) + i) predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Idx'0) @@ -25610,10 +26143,6 @@ module M_creusot_contracts__stdqy35z1__iter__repeat__qyi8658929399712466629__pro use seq.Seq - use prelude.prelude.Int128.to_int - - use prelude.prelude.Int128 - use prelude.prelude.Int use seq.Seq @@ -25692,10 +26221,12 @@ module M_creusot_contracts__stdqy35z1__iter__skip__qyi3195031491774060502__produ type t_I'0 - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 type t_Skip'0 = - { t_Skip__iter'0: t_I'0; t_Skip__n'0: usize } + { t_Skip__iter'0: t_I'0; t_Skip__n'0: UInt64.t } type t_Item'0 @@ -25703,19 +26234,13 @@ module M_creusot_contracts__stdqy35z1__iter__skip__qyi3195031491774060502__produ use seq.Seq - use prelude.prelude.Int128.to_int - - use prelude.prelude.Int128 - - use prelude.prelude.Int - - constant v_MAX'0 : usize = (18446744073709551615 : usize) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 function n'0 [#"../../../creusot-contracts/src/std/iter/skip.rs" 22 4 22 21] (self : t_Skip'0) : int - axiom n'0_spec : forall self : t_Skip'0 . [%#sskip2] n'0 self >= 0 /\ n'0 self <= UIntSize.to_int (v_MAX'0 : usize) + axiom n'0_spec : forall self : t_Skip'0 . [%#sskip2] n'0 self >= 0 /\ n'0 self <= UInt64.to_uint (v_MAX'0 : UInt64.t) use seq.Seq @@ -25784,7 +26309,7 @@ module M_creusot_contracts__stdqy35z1__iter__skip__qyi3195031491774060502__produ /\ (exists s : Seq.seq t_Item'0 . inv'1 s /\ Seq.length s = n'0 self /\ produces'1 (iter'0 self) (Seq.(++) s visited) (iter'0 o) - /\ (forall i : int . Int128.to_int (0 : Int128.t) <= i /\ i < Seq.length s -> resolve'0 (Seq.get s i))) + /\ (forall i : int . 0 <= i /\ i < Seq.length s -> resolve'0 (Seq.get s i))) goal refines : [%#sskip0] forall a : t_Skip'0 . forall ab : Seq.seq t_Item'0 . forall b : t_Skip'0 . forall bc : Seq.seq t_Item'0 . forall c : t_Skip'0 . produces'0 b bc c /\ produces'0 a ab b /\ inv'0 c /\ inv'0 b /\ inv'0 a @@ -25811,10 +26336,12 @@ module M_creusot_contracts__stdqy35z1__iter__skip__qyi3195031491774060502__produ type t_I'0 - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 type t_Skip'0 = - { t_Skip__iter'0: t_I'0; t_Skip__n'0: usize } + { t_Skip__iter'0: t_I'0; t_Skip__n'0: UInt64.t } predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) @@ -25831,15 +26358,13 @@ module M_creusot_contracts__stdqy35z1__iter__skip__qyi3195031491774060502__produ use seq.Seq - use prelude.prelude.Int - - constant v_MAX'0 : usize = (18446744073709551615 : usize) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 function n'0 [#"../../../creusot-contracts/src/std/iter/skip.rs" 22 4 22 21] (self : t_Skip'0) : int - axiom n'0_spec : forall self : t_Skip'0 . [%#sskip2] n'0 self >= 0 /\ n'0 self <= UIntSize.to_int (v_MAX'0 : usize) + axiom n'0_spec : forall self : t_Skip'0 . [%#sskip2] n'0 self >= 0 /\ n'0 self <= UInt64.to_uint (v_MAX'0 : UInt64.t) use seq.Seq @@ -25922,10 +26447,12 @@ module M_creusot_contracts__stdqy35z1__iter__take__qyi12344256497067751022__prod type t_I'0 - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 type t_Take'0 = - { t_Take__iter'0: t_I'0; t_Take__n'0: usize } + { t_Take__iter'0: t_I'0; t_Take__n'0: UInt64.t } predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) @@ -25942,15 +26469,13 @@ module M_creusot_contracts__stdqy35z1__iter__take__qyi12344256497067751022__prod use seq.Seq - use prelude.prelude.Int - - constant v_MAX'0 : usize = (18446744073709551615 : usize) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 function n'0 [#"../../../creusot-contracts/src/std/iter/take.rs" 32 4 32 21] (self : t_Take'0) : int - axiom n'0_spec : forall self : t_Take'0 . [%#stake2] n'0 self >= 0 /\ n'0 self <= UIntSize.to_int (v_MAX'0 : usize) + axiom n'0_spec : forall self : t_Take'0 . [%#stake2] n'0 self >= 0 /\ n'0 self <= UInt64.to_uint (v_MAX'0 : UInt64.t) use seq.Seq @@ -26003,24 +26528,24 @@ module M_creusot_contracts__stdqy35z1__iter__take__qyi12344256497067751022__prod type t_I'0 - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 type t_Take'0 = - { t_Take__iter'0: t_I'0; t_Take__n'0: usize } + { t_Take__iter'0: t_I'0; t_Take__n'0: UInt64.t } type t_Item'0 use seq.Seq - use prelude.prelude.Int - - constant v_MAX'0 : usize = (18446744073709551615 : usize) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 function n'0 [#"../../../creusot-contracts/src/std/iter/take.rs" 32 4 32 21] (self : t_Take'0) : int - axiom n'0_spec : forall self : t_Take'0 . [%#stake2] n'0 self >= 0 /\ n'0 self <= UIntSize.to_int (v_MAX'0 : usize) + axiom n'0_spec : forall self : t_Take'0 . [%#stake2] n'0 self >= 0 /\ n'0 self <= UInt64.to_uint (v_MAX'0 : UInt64.t) use seq.Seq @@ -26090,10 +26615,12 @@ module M_creusot_contracts__stdqy35z1__iter__zip__qyi2281060687216883844__produc type t_B'0 - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 type t_Zip'0 = - { t_Zip__a'0: t_A'0; t_Zip__b'0: t_B'0; t_Zip__index'0: usize; t_Zip__len'0: usize; t_Zip__a_len'0: usize } + { t_Zip__a'0: t_A'0; t_Zip__b'0: t_B'0; t_Zip__index'0: UInt64.t; t_Zip__len'0: UInt64.t; t_Zip__a_len'0: UInt64.t } type t_Item'0 @@ -26105,8 +26632,6 @@ module M_creusot_contracts__stdqy35z1__iter__zip__qyi2281060687216883844__produc use seq.Seq - use prelude.prelude.Int - use seq.Seq use seq.Seq @@ -26224,8 +26749,7 @@ module M_creusot_contracts__stdqy35z1__iter__zip__qyi2281060687216883844__produc /\ inv'2 p2 /\ Seq.length p1 = Seq.length p2 /\ Seq.length p2 = Seq.length visited - /\ (forall i : int . Int128.to_int (0 : Int128.t) <= i /\ i < Seq.length visited - -> Seq.get visited i = (Seq.get p1 i, Seq.get p2 i)) + /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> Seq.get visited i = (Seq.get p1 i, Seq.get p2 i)) /\ produces'1 (itera'0 self) p1 (itera'0 o) /\ produces'2 (iterb'0 self) p2 (iterb'0 o) use seq.Seq @@ -26257,10 +26781,12 @@ module M_creusot_contracts__stdqy35z1__iter__zip__qyi2281060687216883844__produc type t_B'0 - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 type t_Zip'0 = - { t_Zip__a'0: t_A'0; t_Zip__b'0: t_B'0; t_Zip__index'0: usize; t_Zip__len'0: usize; t_Zip__a_len'0: usize } + { t_Zip__a'0: t_A'0; t_Zip__b'0: t_B'0; t_Zip__index'0: UInt64.t; t_Zip__len'0: UInt64.t; t_Zip__a_len'0: UInt64.t } predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_A'0) @@ -26286,8 +26812,6 @@ module M_creusot_contracts__stdqy35z1__iter__zip__qyi2281060687216883844__produc use seq.Seq - use prelude.prelude.Int - use seq.Seq use seq.Seq @@ -26798,11 +27322,11 @@ module M_creusot_contracts__stdqy35z1__option__qyi6601631924869095363__produces_ -> (forall result : () . produces'0 self (Seq.empty : Seq.seq (borrowed t_T'0)) self -> produces'0 self (Seq.empty : Seq.seq (borrowed t_T'0)) self) end -module M_creusot_contracts__stdqy35z1__slice__qyi8256668011736225471__produces_trans__refines [#"../../../creusot-contracts/src/std/slice.rs" 419 4 419 90] (* as std::iter::Iterator> *) - let%span sslice0 = "../../../creusot-contracts/src/std/slice.rs" 419 4 419 90 - let%span sslice1 = "../../../creusot-contracts/src/std/slice.rs" 405 12 405 66 - let%span sslice2 = "../../../creusot-contracts/src/std/slice.rs" 96 14 96 41 - let%span sslice3 = "../../../creusot-contracts/src/std/slice.rs" 97 14 97 80 +module M_creusot_contracts__stdqy35z1__slice__qyi8256668011736225471__produces_trans__refines [#"../../../creusot-contracts/src/std/slice.rs" 437 4 437 90] (* as std::iter::Iterator> *) + let%span sslice0 = "../../../creusot-contracts/src/std/slice.rs" 437 4 437 90 + let%span sslice1 = "../../../creusot-contracts/src/std/slice.rs" 423 12 423 66 + let%span sslice2 = "../../../creusot-contracts/src/std/slice.rs" 114 14 114 41 + let%span sslice3 = "../../../creusot-contracts/src/std/slice.rs" 115 14 115 80 let%span smodel4 = "../../../creusot-contracts/src/model.rs" 88 8 88 22 let%span sops5 = "../../../creusot-contracts/src/logic/ops.rs" 42 8 42 31 let%span sslice6 = "../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 @@ -26822,9 +27346,9 @@ module M_creusot_contracts__stdqy35z1__slice__qyi8256668011736225471__produces_t use seq.Seq - use prelude.prelude.Slice + use Slice64.create - function view'0 [#"../../../creusot-contracts/src/std/slice.rs" 389 4 389 33] (self : t_Iter'0) : slice t_T'0 + function view'0 [#"../../../creusot-contracts/src/std/slice.rs" 407 4 407 33] (self : t_Iter'0) : slice t_T'0 use seq.Seq @@ -26832,21 +27356,21 @@ module M_creusot_contracts__stdqy35z1__slice__qyi8256668011736225471__produces_t use seq.Seq - use prelude.prelude.UIntSize + use prelude.prelude.Int - constant v_MAX'0 : usize = (18446744073709551615 : usize) + use prelude.prelude.UInt64 - use prelude.prelude.UIntSize + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.Int + use prelude.prelude.UInt64 - use prelude.prelude.Slice + use prelude.prelude.Slice64 function view'2 [#"../../../creusot-contracts/src/std/slice.rs" 30 4 30 33] (self : slice t_T'0) : Seq.seq t_T'0 axiom view'2_spec : forall self : slice t_T'0 . ([%#sslice6] Seq.length (view'2 self) - <= UIntSize.to_int (v_MAX'0 : usize)) - && ([%#sslice7] view'2 self = Slice.id self) + <= UInt64.to_uint (v_MAX'0 : UInt64.t)) + && ([%#sslice7] view'2 self = Slice64.id self) function view'1 [#"../../../creusot-contracts/src/model.rs" 87 4 87 33] (self : slice t_T'0) : Seq.seq t_T'0 = [%#smodel4] view'2 self @@ -26860,7 +27384,8 @@ module M_creusot_contracts__stdqy35z1__slice__qyi8256668011736225471__produces_t = [%#sops5] Seq.get (view'2 self) ix - function to_ref_seq'0 [#"../../../creusot-contracts/src/std/slice.rs" 98 4 98 35] (self : slice t_T'0) : Seq.seq t_T'0 + function to_ref_seq'0 [#"../../../creusot-contracts/src/std/slice.rs" 116 4 116 35] (self : slice t_T'0) : Seq.seq t_T'0 + axiom to_ref_seq'0_spec : forall self : slice t_T'0 . ([%#sslice2] Seq.length (to_ref_seq'0 self) = Seq.length (view'1 self)) @@ -26869,7 +27394,7 @@ module M_creusot_contracts__stdqy35z1__slice__qyi8256668011736225471__produces_t use seq.Seq - predicate produces'0 [#"../../../creusot-contracts/src/std/slice.rs" 403 4 403 65] (self : t_Iter'0) (visited : Seq.seq t_T'0) (tl : t_Iter'0) + predicate produces'0 [#"../../../creusot-contracts/src/std/slice.rs" 421 4 421 65] (self : t_Iter'0) (visited : Seq.seq t_T'0) (tl : t_Iter'0) = [%#sslice1] to_ref_seq'0 (view'0 self) = Seq.(++) visited (to_ref_seq'0 (view'0 tl)) @@ -26883,11 +27408,11 @@ module M_creusot_contracts__stdqy35z1__slice__qyi8256668011736225471__produces_t -> produces'0 b bc c /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) end -module M_creusot_contracts__stdqy35z1__slice__qyi8256668011736225471__produces_refl__refines [#"../../../creusot-contracts/src/std/slice.rs" 412 4 412 26] (* as std::iter::Iterator> *) - let%span sslice0 = "../../../creusot-contracts/src/std/slice.rs" 412 4 412 26 - let%span sslice1 = "../../../creusot-contracts/src/std/slice.rs" 405 12 405 66 - let%span sslice2 = "../../../creusot-contracts/src/std/slice.rs" 96 14 96 41 - let%span sslice3 = "../../../creusot-contracts/src/std/slice.rs" 97 14 97 80 +module M_creusot_contracts__stdqy35z1__slice__qyi8256668011736225471__produces_refl__refines [#"../../../creusot-contracts/src/std/slice.rs" 430 4 430 26] (* as std::iter::Iterator> *) + let%span sslice0 = "../../../creusot-contracts/src/std/slice.rs" 430 4 430 26 + let%span sslice1 = "../../../creusot-contracts/src/std/slice.rs" 423 12 423 66 + let%span sslice2 = "../../../creusot-contracts/src/std/slice.rs" 114 14 114 41 + let%span sslice3 = "../../../creusot-contracts/src/std/slice.rs" 115 14 115 80 let%span smodel4 = "../../../creusot-contracts/src/model.rs" 88 8 88 22 let%span sops5 = "../../../creusot-contracts/src/logic/ops.rs" 42 8 42 31 let%span sslice6 = "../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 @@ -26913,9 +27438,9 @@ module M_creusot_contracts__stdqy35z1__slice__qyi8256668011736225471__produces_r use seq.Seq - use prelude.prelude.Slice + use Slice64.create - function view'0 [#"../../../creusot-contracts/src/std/slice.rs" 389 4 389 33] (self : t_Iter'0) : slice t_T'0 + function view'0 [#"../../../creusot-contracts/src/std/slice.rs" 407 4 407 33] (self : t_Iter'0) : slice t_T'0 use seq.Seq @@ -26923,21 +27448,21 @@ module M_creusot_contracts__stdqy35z1__slice__qyi8256668011736225471__produces_r use seq.Seq - use prelude.prelude.UIntSize + use prelude.prelude.Int - constant v_MAX'0 : usize = (18446744073709551615 : usize) + use prelude.prelude.UInt64 - use prelude.prelude.UIntSize + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.Int + use prelude.prelude.UInt64 - use prelude.prelude.Slice + use prelude.prelude.Slice64 function view'2 [#"../../../creusot-contracts/src/std/slice.rs" 30 4 30 33] (self : slice t_T'0) : Seq.seq t_T'0 axiom view'2_spec : forall self : slice t_T'0 . ([%#sslice6] Seq.length (view'2 self) - <= UIntSize.to_int (v_MAX'0 : usize)) - && ([%#sslice7] view'2 self = Slice.id self) + <= UInt64.to_uint (v_MAX'0 : UInt64.t)) + && ([%#sslice7] view'2 self = Slice64.id self) function view'1 [#"../../../creusot-contracts/src/model.rs" 87 4 87 33] (self : slice t_T'0) : Seq.seq t_T'0 = [%#smodel4] view'2 self @@ -26951,7 +27476,8 @@ module M_creusot_contracts__stdqy35z1__slice__qyi8256668011736225471__produces_r = [%#sops5] Seq.get (view'2 self) ix - function to_ref_seq'0 [#"../../../creusot-contracts/src/std/slice.rs" 98 4 98 35] (self : slice t_T'0) : Seq.seq t_T'0 + function to_ref_seq'0 [#"../../../creusot-contracts/src/std/slice.rs" 116 4 116 35] (self : slice t_T'0) : Seq.seq t_T'0 + axiom to_ref_seq'0_spec : forall self : slice t_T'0 . ([%#sslice2] Seq.length (to_ref_seq'0 self) = Seq.length (view'1 self)) @@ -26960,7 +27486,7 @@ module M_creusot_contracts__stdqy35z1__slice__qyi8256668011736225471__produces_r use seq.Seq - predicate produces'0 [#"../../../creusot-contracts/src/std/slice.rs" 403 4 403 65] (self : t_Iter'0) (visited : Seq.seq t_T'0) (tl : t_Iter'0) + predicate produces'0 [#"../../../creusot-contracts/src/std/slice.rs" 421 4 421 65] (self : t_Iter'0) (visited : Seq.seq t_T'0) (tl : t_Iter'0) = [%#sslice1] to_ref_seq'0 (view'0 self) = Seq.(++) visited (to_ref_seq'0 (view'0 tl)) @@ -26969,12 +27495,12 @@ module M_creusot_contracts__stdqy35z1__slice__qyi8256668011736225471__produces_r -> (forall result : () . produces'0 self (Seq.empty : Seq.seq t_T'0) self -> produces'0 self (Seq.empty : Seq.seq t_T'0) self) end -module M_creusot_contracts__stdqy35z1__slice__qyi7128337469104663169__produces_refl__refines [#"../../../creusot-contracts/src/std/slice.rs" 467 4 467 26] (* as std::iter::Iterator> *) - let%span sslice0 = "../../../creusot-contracts/src/std/slice.rs" 467 4 467 26 - let%span sslice1 = "../../../creusot-contracts/src/std/slice.rs" 459 12 459 66 - let%span sslice2 = "../../../creusot-contracts/src/std/slice.rs" 427 14 427 50 - let%span sslice3 = "../../../creusot-contracts/src/std/slice.rs" 87 14 87 41 - let%span sslice4 = "../../../creusot-contracts/src/std/slice.rs" 88 14 88 84 +module M_creusot_contracts__stdqy35z1__slice__qyi7128337469104663169__produces_refl__refines [#"../../../creusot-contracts/src/std/slice.rs" 485 4 485 26] (* as std::iter::Iterator> *) + let%span sslice0 = "../../../creusot-contracts/src/std/slice.rs" 485 4 485 26 + let%span sslice1 = "../../../creusot-contracts/src/std/slice.rs" 477 12 477 66 + let%span sslice2 = "../../../creusot-contracts/src/std/slice.rs" 445 14 445 50 + let%span sslice3 = "../../../creusot-contracts/src/std/slice.rs" 105 14 105 41 + let%span sslice4 = "../../../creusot-contracts/src/std/slice.rs" 106 14 106 84 let%span sslice5 = "../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 let%span sslice6 = "../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 let%span smodel7 = "../../../creusot-contracts/src/model.rs" 106 8 106 22 @@ -27002,27 +27528,27 @@ module M_creusot_contracts__stdqy35z1__slice__qyi7128337469104663169__produces_r use seq.Seq - use prelude.prelude.UInt64.to_uint + use prelude.prelude.Int - constant v_MAX'0 : usize = (18446744073709551615 : usize) + use prelude.prelude.UInt64 - use prelude.prelude.UIntSize + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.Int + use prelude.prelude.UInt64 - use prelude.prelude.Slice + use prelude.prelude.Slice64 - use prelude.prelude.Slice + use Slice64.create use seq.Seq function view'1 [#"../../../creusot-contracts/src/std/slice.rs" 30 4 30 33] (self : slice t_T'0) : Seq.seq t_T'0 axiom view'1_spec : forall self : slice t_T'0 . ([%#sslice5] Seq.length (view'1 self) - <= UIntSize.to_int (v_MAX'0 : usize)) - && ([%#sslice6] view'1 self = Slice.id self) + <= UInt64.to_uint (v_MAX'0 : UInt64.t)) + && ([%#sslice6] view'1 self = Slice64.id self) - function view'0 [#"../../../creusot-contracts/src/std/slice.rs" 428 4 428 33] (self : t_IterMut'0) : borrowed (slice t_T'0) + function view'0 [#"../../../creusot-contracts/src/std/slice.rs" 446 4 446 33] (self : t_IterMut'0) : borrowed (slice t_T'0) axiom view'0_spec : forall self : t_IterMut'0 . [%#sslice2] Seq.length (view'1 (view'0 self).final) @@ -27044,7 +27570,7 @@ module M_creusot_contracts__stdqy35z1__slice__qyi7128337469104663169__produces_r = [%#sops8] Seq.get (view'1 self) ix - function to_mut_seq'0 [#"../../../creusot-contracts/src/std/slice.rs" 90 4 90 43] (self : borrowed (slice t_T'0)) : Seq.seq (borrowed t_T'0) + function to_mut_seq'0 [#"../../../creusot-contracts/src/std/slice.rs" 108 4 108 43] (self : borrowed (slice t_T'0)) : Seq.seq (borrowed t_T'0) axiom to_mut_seq'0_spec : forall self : borrowed (slice t_T'0) . ([%#sslice3] Seq.length (to_mut_seq'0 self) @@ -27055,7 +27581,7 @@ module M_creusot_contracts__stdqy35z1__slice__qyi7128337469104663169__produces_r use seq.Seq - predicate produces'0 [#"../../../creusot-contracts/src/std/slice.rs" 457 4 457 65] (self : t_IterMut'0) (visited : Seq.seq (borrowed t_T'0)) (tl : t_IterMut'0) + predicate produces'0 [#"../../../creusot-contracts/src/std/slice.rs" 475 4 475 65] (self : t_IterMut'0) (visited : Seq.seq (borrowed t_T'0)) (tl : t_IterMut'0) = [%#sslice1] to_mut_seq'0 (view'0 self) = Seq.(++) visited (to_mut_seq'0 (view'0 tl)) @@ -27065,12 +27591,12 @@ module M_creusot_contracts__stdqy35z1__slice__qyi7128337469104663169__produces_r /\ (forall result : () . produces'0 self (Seq.empty : Seq.seq (borrowed t_T'0)) self -> produces'0 self (Seq.empty : Seq.seq (borrowed t_T'0)) self) end -module M_creusot_contracts__stdqy35z1__slice__qyi7128337469104663169__produces_trans__refines [#"../../../creusot-contracts/src/std/slice.rs" 477 4 477 90] (* as std::iter::Iterator> *) - let%span sslice0 = "../../../creusot-contracts/src/std/slice.rs" 477 4 477 90 - let%span sslice1 = "../../../creusot-contracts/src/std/slice.rs" 459 12 459 66 - let%span sslice2 = "../../../creusot-contracts/src/std/slice.rs" 427 14 427 50 - let%span sslice3 = "../../../creusot-contracts/src/std/slice.rs" 87 14 87 41 - let%span sslice4 = "../../../creusot-contracts/src/std/slice.rs" 88 14 88 84 +module M_creusot_contracts__stdqy35z1__slice__qyi7128337469104663169__produces_trans__refines [#"../../../creusot-contracts/src/std/slice.rs" 495 4 495 90] (* as std::iter::Iterator> *) + let%span sslice0 = "../../../creusot-contracts/src/std/slice.rs" 495 4 495 90 + let%span sslice1 = "../../../creusot-contracts/src/std/slice.rs" 477 12 477 66 + let%span sslice2 = "../../../creusot-contracts/src/std/slice.rs" 445 14 445 50 + let%span sslice3 = "../../../creusot-contracts/src/std/slice.rs" 105 14 105 41 + let%span sslice4 = "../../../creusot-contracts/src/std/slice.rs" 106 14 106 84 let%span sslice5 = "../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 let%span sslice6 = "../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 let%span smodel7 = "../../../creusot-contracts/src/model.rs" 106 8 106 22 @@ -27092,27 +27618,27 @@ module M_creusot_contracts__stdqy35z1__slice__qyi7128337469104663169__produces_t use seq.Seq - use prelude.prelude.UIntSize + use prelude.prelude.Int - constant v_MAX'0 : usize = (18446744073709551615 : usize) + use prelude.prelude.UInt64 - use prelude.prelude.UIntSize + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.Int + use prelude.prelude.UInt64 - use prelude.prelude.Slice + use prelude.prelude.Slice64 - use prelude.prelude.Slice + use Slice64.create use seq.Seq function view'1 [#"../../../creusot-contracts/src/std/slice.rs" 30 4 30 33] (self : slice t_T'0) : Seq.seq t_T'0 axiom view'1_spec : forall self : slice t_T'0 . ([%#sslice5] Seq.length (view'1 self) - <= UIntSize.to_int (v_MAX'0 : usize)) - && ([%#sslice6] view'1 self = Slice.id self) + <= UInt64.to_uint (v_MAX'0 : UInt64.t)) + && ([%#sslice6] view'1 self = Slice64.id self) - function view'0 [#"../../../creusot-contracts/src/std/slice.rs" 428 4 428 33] (self : t_IterMut'0) : borrowed (slice t_T'0) + function view'0 [#"../../../creusot-contracts/src/std/slice.rs" 446 4 446 33] (self : t_IterMut'0) : borrowed (slice t_T'0) axiom view'0_spec : forall self : t_IterMut'0 . [%#sslice2] Seq.length (view'1 (view'0 self).final) @@ -27134,7 +27660,7 @@ module M_creusot_contracts__stdqy35z1__slice__qyi7128337469104663169__produces_t = [%#sops8] Seq.get (view'1 self) ix - function to_mut_seq'0 [#"../../../creusot-contracts/src/std/slice.rs" 90 4 90 43] (self : borrowed (slice t_T'0)) : Seq.seq (borrowed t_T'0) + function to_mut_seq'0 [#"../../../creusot-contracts/src/std/slice.rs" 108 4 108 43] (self : borrowed (slice t_T'0)) : Seq.seq (borrowed t_T'0) axiom to_mut_seq'0_spec : forall self : borrowed (slice t_T'0) . ([%#sslice3] Seq.length (to_mut_seq'0 self) @@ -27145,7 +27671,7 @@ module M_creusot_contracts__stdqy35z1__slice__qyi7128337469104663169__produces_t use seq.Seq - predicate produces'0 [#"../../../creusot-contracts/src/std/slice.rs" 457 4 457 65] (self : t_IterMut'0) (visited : Seq.seq (borrowed t_T'0)) (tl : t_IterMut'0) + predicate produces'0 [#"../../../creusot-contracts/src/std/slice.rs" 475 4 475 65] (self : t_IterMut'0) (visited : Seq.seq (borrowed t_T'0)) (tl : t_IterMut'0) = [%#sslice1] to_mut_seq'0 (view'0 self) = Seq.(++) visited (to_mut_seq'0 (view'0 tl)) @@ -27170,7 +27696,9 @@ module M_creusot_contracts__stdqy35z1__vec__qyi12862303518309667396__produces_tr type t_NonNull'0 = { t_NonNull__pointer'0: opaque_ptr } - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 type t_A'0 @@ -27180,7 +27708,7 @@ module M_creusot_contracts__stdqy35z1__vec__qyi12862303518309667396__produces_tr type t_IntoIter'0 = { t_IntoIter__buf'0: t_NonNull'0; t_IntoIter__phantom'0: (); - t_IntoIter__cap'0: usize; + t_IntoIter__cap'0: UInt64.t; t_IntoIter__alloc'0: t_ManuallyDrop'0; t_IntoIter__ptr'0: t_NonNull'0; t_IntoIter__end'0: opaque_ptr } @@ -27228,7 +27756,9 @@ module M_creusot_contracts__stdqy35z1__vec__qyi12862303518309667396__produces_re type t_NonNull'0 = { t_NonNull__pointer'0: opaque_ptr } - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 type t_A'0 @@ -27238,7 +27768,7 @@ module M_creusot_contracts__stdqy35z1__vec__qyi12862303518309667396__produces_re type t_IntoIter'0 = { t_IntoIter__buf'0: t_NonNull'0; t_IntoIter__phantom'0: (); - t_IntoIter__cap'0: usize; + t_IntoIter__cap'0: UInt64.t; t_IntoIter__alloc'0: t_ManuallyDrop'0; t_IntoIter__ptr'0: t_NonNull'0; t_IntoIter__end'0: opaque_ptr } diff --git a/creusot/tests/should_fail/bug/01_resolve_unsoundness.coma b/creusot/tests/should_fail/bug/01_resolve_unsoundness.coma index 4e56b65d36..e7268c5d74 100644 --- a/creusot/tests/should_fail/bug/01_resolve_unsoundness.coma +++ b/creusot/tests/should_fail/bug/01_resolve_unsoundness.coma @@ -8,7 +8,21 @@ module M_01_resolve_unsoundness__make_vec_of_size [#"01_resolve_unsoundness.rs" let%span svec6 = "../../../../creusot-contracts/src/std/vec.rs" 74 26 74 44 let%span svec7 = "../../../../creusot-contracts/src/std/vec.rs" 87 26 87 56 let%span svec8 = "../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - let%span smodel9 = "../../../../creusot-contracts/src/model.rs" 106 8 106 22 + let%span sord9 = "../../../../creusot-contracts/src/logic/ord.rs" 78 39 78 89 + let%span sord10 = "../../../../creusot-contracts/src/logic/ord.rs" 83 39 83 86 + let%span sord11 = "../../../../creusot-contracts/src/logic/ord.rs" 88 39 88 86 + let%span sord12 = "../../../../creusot-contracts/src/logic/ord.rs" 93 39 93 89 + let%span sord13 = "../../../../creusot-contracts/src/logic/ord.rs" 98 39 98 70 + let%span sord14 = "../../../../creusot-contracts/src/logic/ord.rs" 103 40 103 57 + let%span sord15 = "../../../../creusot-contracts/src/logic/ord.rs" 104 40 104 57 + let%span sord16 = "../../../../creusot-contracts/src/logic/ord.rs" 105 39 105 56 + let%span sord17 = "../../../../creusot-contracts/src/logic/ord.rs" 110 40 110 70 + let%span sord18 = "../../../../creusot-contracts/src/logic/ord.rs" 111 39 111 72 + let%span sord19 = "../../../../creusot-contracts/src/logic/ord.rs" 116 40 116 73 + let%span sord20 = "../../../../creusot-contracts/src/logic/ord.rs" 117 39 117 69 + let%span sord21 = "../../../../creusot-contracts/src/logic/ord.rs" 122 39 122 84 + let%span smodel22 = "../../../../creusot-contracts/src/model.rs" 106 8 106 22 + let%span sord23 = "../../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 use prelude.prelude.Opaque @@ -18,16 +32,18 @@ module M_01_resolve_unsoundness__make_vec_of_size [#"01_resolve_unsoundness.rs" type t_Unique'0 = { t_Unique__pointer'0: t_NonNull'0; t_Unique__qy95zmarker'0: () } - use prelude.prelude.UInt64.to_uint + use prelude.prelude.Int + + use prelude.prelude.UInt64 type t_Cap'0 = - { t_Cap__0'0: usize } + { t_Cap__0'0: UInt64.t } type t_RawVec'0 = { t_RawVec__ptr'0: t_Unique'0; t_RawVec__cap'0: t_Cap'0; t_RawVec__alloc'0: () } type t_Vec'0 = - { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: usize } + { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: UInt64.t } predicate inv'0 (_1 : t_Vec'0) @@ -35,22 +51,77 @@ module M_01_resolve_unsoundness__make_vec_of_size [#"01_resolve_unsoundness.rs" use seq.Seq - constant v_MAX'0 : usize = (18446744073709551615 : usize) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.UIntSize - - use prelude.prelude.Int + use prelude.prelude.UInt64 use seq.Seq function view'0 (self : t_Vec'0) : Seq.seq bool - axiom view'0_spec : forall self : t_Vec'0 . [%#svec8] Seq.length (view'0 self) <= UIntSize.to_int (v_MAX'0 : usize) + axiom view'0_spec : forall self : t_Vec'0 . [%#svec8] Seq.length (view'0 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) let rec new'0 (_1:()) (return' (ret:t_Vec'0))= any [ return' (result:t_Vec'0)-> {inv'0 result} {[%#svec6] Seq.length (view'0 result) = 0} (! return' {result}) ] + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 + + use prelude.prelude.UInt64 + + function cmp_log'0 (self : UInt64.t) (o : UInt64.t) : t_Ordering'0 = + [%#sord23] if UInt64.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + + function eq_cmp'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom eq_cmp'0_spec : forall x : UInt64.t, y : UInt64.t . [%#sord21] (x = y) = (cmp_log'0 x y = C_Equal'0) + + function antisym2'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom antisym2'0_spec : forall x : UInt64.t, y : UInt64.t . ([%#sord19] cmp_log'0 x y = C_Greater'0) + -> ([%#sord20] cmp_log'0 y x = C_Less'0) + + function antisym1'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom antisym1'0_spec : forall x : UInt64.t, y : UInt64.t . ([%#sord17] cmp_log'0 x y = C_Less'0) + -> ([%#sord18] cmp_log'0 y x = C_Greater'0) + + function trans'0 (x : UInt64.t) (y : UInt64.t) (z : UInt64.t) (o : t_Ordering'0) : () + + axiom trans'0_spec : forall x : UInt64.t, y : UInt64.t, z : UInt64.t, o : t_Ordering'0 . ([%#sord14] cmp_log'0 x y + = o) -> ([%#sord15] cmp_log'0 y z = o) -> ([%#sord16] cmp_log'0 x z = o) + + function refl'0 (x : UInt64.t) : () + + axiom refl'0_spec : forall x : UInt64.t . [%#sord13] cmp_log'0 x x = C_Equal'0 + + use prelude.prelude.UInt64 + + function cmp_gt_log'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom cmp_gt_log'0_spec : forall x : UInt64.t, y : UInt64.t . [%#sord12] UInt64.ugt x y + = (cmp_log'0 x y = C_Greater'0) + + use prelude.prelude.UInt64 + + function cmp_ge_log'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom cmp_ge_log'0_spec : forall x : UInt64.t, y : UInt64.t . [%#sord11] UInt64.uge x y = (cmp_log'0 x y <> C_Less'0) + + function cmp_lt_log'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom cmp_lt_log'0_spec : forall x : UInt64.t, y : UInt64.t . [%#sord10] UInt64.ult x y = (cmp_log'0 x y = C_Less'0) + + use prelude.prelude.UInt64 + + function cmp_le_log'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom cmp_le_log'0_spec : forall x : UInt64.t, y : UInt64.t . [%#sord9] UInt64.ule x y + = (cmp_log'0 x y <> C_Greater'0) + use prelude.prelude.Borrow predicate inv'1 (_1 : borrowed (t_Vec'0)) @@ -62,7 +133,7 @@ module M_01_resolve_unsoundness__make_vec_of_size [#"01_resolve_unsoundness.rs" axiom inv_axiom'2 [@rewrite] : forall x : bool [inv'2 x] . inv'2 x = true function view'1 (self : borrowed (t_Vec'0)) : Seq.seq bool = - [%#smodel9] view'0 self.current + [%#smodel22] view'0 self.current use seq.Seq @@ -74,13 +145,13 @@ module M_01_resolve_unsoundness__make_vec_of_size [#"01_resolve_unsoundness.rs" meta "compute_max_steps" 1000000 - let rec make_vec_of_size'0 (n:usize) (return' (ret:t_Vec'0))= (! bb0 + let rec make_vec_of_size'0 (n:UInt64.t) (return' (ret:t_Vec'0))= (! bb0 [ bb0 = s0 [ s0 = new'0 {[%#s01_resolve_unsoundness0] ()} (fun (_ret':t_Vec'0) -> [ &out <- _ret' ] s1) | s1 = bb1 ] | bb1 = s0 [ s0 = [ &i <- [%#s01_resolve_unsoundness1] (0 : UInt64.t) ] s1 | s1 = bb2 ] | bb2 = bb2 - [ bb2 = {[@expl:loop invariant] [%#s01_resolve_unsoundness2] (0 : UInt64.t) <= i /\ i <= n} + [ bb2 = {[@expl:loop invariant] [%#s01_resolve_unsoundness2] UInt64.ule (0 : UInt64.t) i /\ UInt64.ule i n} (! s0) [ s0 = bb3 ] [ bb3 = s0 [ s0 = UInt64.le {i} {n} (fun (_ret':bool) -> [ &_9 <- _ret' ] s1) @@ -103,15 +174,15 @@ module M_01_resolve_unsoundness__make_vec_of_size [#"01_resolve_unsoundness.rs" | bb7 = return' {_0} ] ) [ & _0 : t_Vec'0 = any_l () - | & n : usize = n + | & n : UInt64.t = n | & out : t_Vec'0 = any_l () - | & i : usize = any_l () + | & i : UInt64.t = any_l () | & _9 : bool = any_l () | & _12 : () = any_l () | & _13 : borrowed (t_Vec'0) = any_l () ] [ return' (result:t_Vec'0)-> {[@expl:make_vec_of_size ensures] [%#s01_resolve_unsoundness5] Seq.length (view'0 result) - = UIntSize.to_int n} + = UInt64.to_uint n} (! return' {result}) ] end diff --git a/creusot/tests/should_fail/bug/01_resolve_unsoundness/why3session.xml b/creusot/tests/should_fail/bug/01_resolve_unsoundness/why3session.xml index 73a374bab3..16dc1f2fc4 100644 --- a/creusot/tests/should_fail/bug/01_resolve_unsoundness/why3session.xml +++ b/creusot/tests/should_fail/bug/01_resolve_unsoundness/why3session.xml @@ -3,7 +3,7 @@ "https://www.why3.org/why3session.dtd"> - + @@ -12,28 +12,28 @@ - + - + - + - + - - - - - + + + + + - - - - + + + + diff --git a/creusot/tests/should_fail/bug/01_resolve_unsoundness/why3shapes.gz b/creusot/tests/should_fail/bug/01_resolve_unsoundness/why3shapes.gz index 1d35cebd5c716e8cc2e589b8dc8bd8f091c8ac30..2d1d891a85050702a30426f09b96363fed275352 100644 GIT binary patch literal 837 zcmV-L1G@YliwFP!00000|D9FIj^j2Ez3VG$3>qYb~&g2m4hFgC6DbS2C+=T-V zze`W|UXg>mF6$K!&%+F7(I2;5l|!;rITC5c?lpA|=9++=#dE&ek#TVOw9f8u-m;c?1=I=pqoE+pDdqliLX!^@V2 z+Q(gZ{#DbxjYXa#$CP!5`lQypp)+OK@CjJFIS(b~TwM7lXmguq!Y+xz@ser13;>q4 zPlPWU!HwG83^vPBa&A7ilb{&9IZx+}tgkn|e!MpeJ==_*JU!j7_5D2!tV@C7#GE8I z)4S!NN%49S*jzoGtB!6-*;VXmKt`_w2cfvHla8l+BQ&MgPanT6DXv7o<1m7yc= zn5j~YE|rx^6uA;aN#GoSkGZm3S}wj$RhML>GQf?b#3x!3Rm8M(0?GR-=GyY)8-%HH z#uGCs2~4F^WDJIPBBgPO<5I_hS)N*MzE)U^6p@!uB`KC+uEeAyCXy1gQZi-Zo&>i7 PzCrsxblhqvaR>kaG-{`c literal 619 zcmV-x0+jt9iwFP!00000|9w=kZrd;r-SrjR+@=eUq)0KS2QLCWbSs2z#*sQELLAAF zWCiKh7q%=zjpc0Q>AiRF-Vyrtz`AEVP{#&pyQ--lnPv~)ll~2>dRXy-=hGpP|^E}7l3`UtLh$y-LK7`70)Lg6e6DvQ%w{ypAN|=iY;}=eV^bb;Y&S?J;xq_ zPtEGhLN)MY-!unS)dRK_*8Pl%)t6MPma%WRz8C@g-5x2K-E-V`bnCl0_E&oHiZ8Sq zDD0ZJ>#D!RsP2v}b;*tHIVto_+cxi1u3lfxLb0l`DwD&pduFSS_Ho7fj|0s|JjZ!4 zGvWr^AL$mjo*bS;ySfSE{a({)zN+5&=2({<{`j0vfTXH>dZLy!1GRDAyr0@!P~&`J zkv0o^f_=H33uwkGV0w9lTA~yHTbzR@8-=;r$Tthq&AxB1nHBb4Vudbj0ennrGvCJM zcBdC`zQuKsofp6P{C*039cx6LwYIat%@y!=mC2U@i@}(DvAhTle0yUsJr&0vLYn6Z zy&n3H-T4oaB%ouI#z0D?BI8Aj6hOu-*l2|gnhE8EbkYe2jwd{$)M}|MVrhKJORF*- zG9Msn4AC;OeV=H%u=xiq_bmlumv08bUPSNh$BWP{6=A(09nz3-U1t?jZv$ zxR6>9Hzjh9r7cq?xC84TTOyn2vy3aB5mz8m1xnfz3pMe;wP3~x;RM{F{{vu8BRts! F0093dD6jwk diff --git a/creusot/tests/should_fail/bug/222.coma b/creusot/tests/should_fail/bug/222.coma index 809dab8acb..f20c26634e 100644 --- a/creusot/tests/should_fail/bug/222.coma +++ b/creusot/tests/should_fail/bug/222.coma @@ -1,10 +1,6 @@ module M_222__A__is_true [#"222.rs" 14 4 14 16] let%span s2220 = "222.rs" 13 14 13 34 - use prelude.prelude.Int128.to_int - - use prelude.prelude.Int128 - use prelude.prelude.Int function mktrue'0 [#"222.rs" 7 4 7 22] (_1 : ()) : int diff --git a/creusot/tests/should_fail/bug/492.coma b/creusot/tests/should_fail/bug/492.coma index c013901ca7..59839df8af 100644 --- a/creusot/tests/should_fail/bug/492.coma +++ b/creusot/tests/should_fail/bug/492.coma @@ -12,6 +12,8 @@ module M_492__reborrow_tuple [#"492.rs" 5 0 5 52] predicate inv'0 (_1 : t_T'0) + use prelude.prelude.Int + use prelude.prelude.UInt32 predicate invariant'0 (self : borrowed t_T'0) = @@ -29,14 +31,14 @@ module M_492__reborrow_tuple [#"492.rs" 5 0 5 52] use prelude.prelude.Intrinsic - predicate inv'2 (_1 : (borrowed t_T'0, uint32)) + predicate inv'2 (_1 : (borrowed t_T'0, UInt32.t)) - axiom inv_axiom'1 [@rewrite] : forall x : (borrowed t_T'0, uint32) [inv'2 x] . inv'2 x + axiom inv_axiom'1 [@rewrite] : forall x : (borrowed t_T'0, UInt32.t) [inv'2 x] . inv'2 x = (let (x0, x1) = x in inv'1 x0) meta "compute_max_steps" 1000000 - let rec reborrow_tuple'0 (x:borrowed t_T'0) (return' (ret:(borrowed t_T'0, uint32)))= {[@expl:reborrow_tuple 'x' type invariant] [%#s4921] inv'1 x} + let rec reborrow_tuple'0 (x:borrowed t_T'0) (return' (ret:(borrowed t_T'0, UInt32.t)))= {[@expl:reborrow_tuple 'x' type invariant] [%#s4921] inv'1 x} (! bb0 [ bb0 = s0 [ s0 = {inv'0 x.current} @@ -51,8 +53,8 @@ module M_492__reborrow_tuple [#"492.rs" 5 0 5 52] | s3 = -{resolve'0 x}- s4 | s4 = return' {_0} ] ] - ) [ & _0 : (borrowed t_T'0, uint32) = any_l () | & x : borrowed t_T'0 = x | & _3 : borrowed t_T'0 = any_l () ] - [ return' (result:(borrowed t_T'0, uint32))-> {[@expl:reborrow_tuple result type invariant] [%#s4922] inv'2 result} + ) [ & _0 : (borrowed t_T'0, UInt32.t) = any_l () | & x : borrowed t_T'0 = x | & _3 : borrowed t_T'0 = any_l () ] + [ return' (result:(borrowed t_T'0, UInt32.t))-> {[@expl:reborrow_tuple result type invariant] [%#s4922] inv'2 result} {[@expl:reborrow_tuple ensures] [%#s4923] (let (a, _) = result in a).current = x.current} (! return' {result}) ] @@ -67,23 +69,25 @@ module M_492__test [#"492.rs" 10 0 10 13] let%span s4926 = "492.rs" 4 10 4 27 let%span sresolve7 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 + use prelude.prelude.Int + use prelude.prelude.Int32 use prelude.prelude.Borrow - predicate inv'0 (_1 : borrowed int32) + predicate inv'0 (_1 : borrowed Int32.t) axiom inv_axiom'0 [@rewrite] : forall x : borrowed Int32.t [inv'0 x] . inv'0 x = true use prelude.prelude.UInt32 - predicate inv'1 (_1 : (borrowed int32, uint32)) + predicate inv'1 (_1 : (borrowed Int32.t, UInt32.t)) - axiom inv_axiom'1 [@rewrite] : forall x : (borrowed int32, uint32) [inv'1 x] . inv'1 x = true + axiom inv_axiom'1 [@rewrite] : forall x : (borrowed Int32.t, UInt32.t) [inv'1 x] . inv'1 x = true - let rec reborrow_tuple'0 (x:borrowed int32) (return' (ret:(borrowed int32, uint32)))= {[@expl:reborrow_tuple 'x' type invariant] [%#s4924] inv'0 x} + let rec reborrow_tuple'0 (x:borrowed Int32.t) (return' (ret:(borrowed Int32.t, UInt32.t)))= {[@expl:reborrow_tuple 'x' type invariant] [%#s4924] inv'0 x} any - [ return' (result:(borrowed int32, uint32))-> {[%#s4925] inv'1 result} + [ return' (result:(borrowed Int32.t, UInt32.t))-> {[%#s4925] inv'1 result} {[%#s4926] (let (a, _) = result in a).current = x.current} (! return' {result}) ] @@ -100,27 +104,28 @@ module M_492__test [#"492.rs" 10 0 10 13] let rec test'0 (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 - [ s0 = [ &x <- [%#s4920] (5 : int32) ] s1 - | s1 = Borrow.borrow_mut {x} (fun (_ret':borrowed int32) -> [ &_6 <- _ret' ] [ &x <- _ret'.final ] s2) - | s2 = Borrow.borrow_final {_6.current} {Borrow.get_id _6} - (fun (_ret':borrowed int32) -> [ &_5 <- _ret' ] [ &_6 <- { _6 with current = _ret'.final } ] s3) - | s3 = reborrow_tuple'0 {_5} (fun (_ret':(borrowed int32, uint32)) -> [ &_4 <- _ret' ] s4) + [ s0 = [ &x <- [%#s4920] (5 : Int32.t) ] s1 + | s1 = Borrow.borrow_mut {x} + (fun (_ret':borrowed Int32.t) -> [ &_6 <- _ret' ] [ &x <- _ret'.final ] s2) + | s2 = Borrow.borrow_final {_6.current} {Borrow.get_id _6} + (fun (_ret':borrowed Int32.t) -> [ &_5 <- _ret' ] [ &_6 <- { _6 with current = _ret'.final } ] s3) + | s3 = reborrow_tuple'0 {_5} (fun (_ret':(borrowed Int32.t, UInt32.t)) -> [ &_4 <- _ret' ] s4) | s4 = bb1 ] | bb1 = s0 [ s0 = [ &res <- let (r'0, _) = _4 in r'0 ] s1 | s1 = -{resolve'0 _6}- s2 - | s2 = {[@expl:assertion] [%#s4921] res.final = (5 : int32)} s3 - | s3 = [ &res <- { res with current = ([%#s4922] (10 : int32)) } ] s4 + | s2 = {[@expl:assertion] [%#s4921] res.final = (5 : Int32.t)} s3 + | s3 = [ &res <- { res with current = ([%#s4922] (10 : Int32.t)) } ] s4 | s4 = -{resolve'0 res}- s5 | s5 = return' {_0} ] ] ) [ & _0 : () = any_l () - | & x : int32 = any_l () - | & res : borrowed int32 = any_l () - | & _4 : (borrowed int32, uint32) = any_l () - | & _5 : borrowed int32 = any_l () - | & _6 : borrowed int32 = any_l () ] + | & x : Int32.t = any_l () + | & res : borrowed Int32.t = any_l () + | & _4 : (borrowed Int32.t, UInt32.t) = any_l () + | & _5 : borrowed Int32.t = any_l () + | & _6 : borrowed Int32.t = any_l () ] [ return' (result:())-> {[@expl:test ensures] [%#s4923] false} (! return' {result}) ] end diff --git a/creusot/tests/should_fail/bug/492/why3session.xml b/creusot/tests/should_fail/bug/492/why3session.xml index a34e075b27..624ba8c5ca 100644 --- a/creusot/tests/should_fail/bug/492/why3session.xml +++ b/creusot/tests/should_fail/bug/492/why3session.xml @@ -9,22 +9,22 @@ - + - + - - - + + + - + diff --git a/creusot/tests/should_fail/bug/492/why3shapes.gz b/creusot/tests/should_fail/bug/492/why3shapes.gz index abafdc9a89a17acf30c56cda1abce8d6778f2378..5033daecf79d5aaa849fc482b8dd444185bda93f 100644 GIT binary patch delta 449 zcmV;y0Y3iB1Iq)D6n}VAn-iBWkp*%H3JCJ0r-E05;-eMf$c{w2&EJ=jsKjaA_N38r zW@mTy!yTT!+f$hEC5%&l96n)*?>-{i4;MT3c1RU5sDG=yO5Tem$QKff{3A zrBMUT22grfVPVszyczDw@Vr6c>6BjfO9m)C7fIPOgRKVJQW>Dq?#kM&*6S93 zK0qD_jbW|t(;Nk^epWcWoC1DL8kLnwR5^w7A(c-yz2D|9B`47Bq?S=O*DPB?xe`rN z7*jqq`f^+EfPcKxulFw1eB)bT z&mEfvA>tWhysJSH!aCPM2vS=asppbw4VbmGg_a<}iDk@3E4=m)YvmPn5j3lbo_k~> z@K&@OG3EkcHb_-xUhTc+I&u%xlA1eBaox&=D4b)w_Bx#vTDeGtvRtspc<>4wQGg*^ rLkpzUty&a80P#)%kf>#z(u=5hr#y8MRFumQ>^IFX<%Z*|xdQ+I%1+s* delta 450 zcmV;z0X_c91Iz=E6n}J6o6{~|q6*{?6cFf3PX({W@}X9!BRP`nHh*8pq7tWd+7p+{ znVp^Chr43>PRBGA=QK{;(0?j)arco?*Pm(ZsGm!4@U&b@bkJ-C`NT3%ZwsFjN|Y##q#k7h0{2ues7o7}(?|*1a({MPa60YG+QQP%& zaFQ0_Iv4+e*j*6dRI_5?RdAP=mkmpg$N71G$$-sInUZ~igRO^~DRjv4xGU+fO0O>d zen9FX8`Ij~&r1|V`Kv7E=VK~fl4jXbj%rNP=`iO58QpLD=T=bcc2bvBHdVS`L%AYN zQyS-P=-HRs{C|M(hC^M%T>h8h)RMh=*kqjw>b(z@jyth?^|fNJGjPi3m*0Dns*^Xv zUM4mTV_vt4t12M!XjCPV7X}ihDrg-9Kp`x*Xn{oqvXY!C1tF0Mq6R@IyvD#$3ttF} z(kd&Nsv?)tkOCu+zz9OqdZkgf(L_&0W%UKv1^_M+7duo-Zd%iZHU#js@O530X$#~Q s(IVK|nhQf?tOaPOPy~aaMIq|wy`WUpiOaAoA^za}24<}=$hiXm0EQUdod5s; diff --git a/creusot/tests/should_fail/bug/692.coma b/creusot/tests/should_fail/bug/692.coma index d994e1399d..767fb05634 100644 --- a/creusot/tests/should_fail/bug/692.coma +++ b/creusot/tests/should_fail/bug/692.coma @@ -104,16 +104,32 @@ module M_692__valid_normal [#"692.rs" 11 0 11 34] let%span s6928 = "692.rs" 8 66 8 72 let%span s6929 = "692.rs" 5 11 6 84 let%span s69210 = "692.rs" 7 10 7 15 - let%span sresolve11 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 - let%span sops12 = "../../../../creusot-contracts/src/std/ops.rs" 105 15 105 59 - let%span sops13 = "../../../../creusot-contracts/src/std/ops.rs" 106 14 106 36 - let%span sops14 = "../../../../creusot-contracts/src/std/ops.rs" 111 14 111 31 - let%span sops15 = "../../../../creusot-contracts/src/std/ops.rs" 116 15 116 29 - let%span sops16 = "../../../../creusot-contracts/src/std/ops.rs" 117 15 117 26 - let%span sops17 = "../../../../creusot-contracts/src/std/ops.rs" 118 14 118 28 - let%span sops18 = "../../../../creusot-contracts/src/std/ops.rs" 123 14 124 105 - let%span sops19 = "../../../../creusot-contracts/src/std/ops.rs" 139 14 139 114 - let%span sops20 = "../../../../creusot-contracts/src/std/ops.rs" 144 14 144 101 + let%span sord11 = "../../../../creusot-contracts/src/logic/ord.rs" 78 39 78 89 + let%span sord12 = "../../../../creusot-contracts/src/logic/ord.rs" 83 39 83 86 + let%span sord13 = "../../../../creusot-contracts/src/logic/ord.rs" 88 39 88 86 + let%span sord14 = "../../../../creusot-contracts/src/logic/ord.rs" 93 39 93 89 + let%span sord15 = "../../../../creusot-contracts/src/logic/ord.rs" 98 39 98 70 + let%span sord16 = "../../../../creusot-contracts/src/logic/ord.rs" 103 40 103 57 + let%span sord17 = "../../../../creusot-contracts/src/logic/ord.rs" 104 40 104 57 + let%span sord18 = "../../../../creusot-contracts/src/logic/ord.rs" 105 39 105 56 + let%span sord19 = "../../../../creusot-contracts/src/logic/ord.rs" 110 40 110 70 + let%span sord20 = "../../../../creusot-contracts/src/logic/ord.rs" 111 39 111 72 + let%span sord21 = "../../../../creusot-contracts/src/logic/ord.rs" 116 40 116 73 + let%span sord22 = "../../../../creusot-contracts/src/logic/ord.rs" 117 39 117 69 + let%span sord23 = "../../../../creusot-contracts/src/logic/ord.rs" 122 39 122 84 + let%span sresolve24 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 + let%span sops25 = "../../../../creusot-contracts/src/std/ops.rs" 105 15 105 59 + let%span sops26 = "../../../../creusot-contracts/src/std/ops.rs" 106 14 106 36 + let%span sops27 = "../../../../creusot-contracts/src/std/ops.rs" 111 14 111 31 + let%span sops28 = "../../../../creusot-contracts/src/std/ops.rs" 116 15 116 29 + let%span sops29 = "../../../../creusot-contracts/src/std/ops.rs" 117 15 117 26 + let%span sops30 = "../../../../creusot-contracts/src/std/ops.rs" 118 14 118 28 + let%span sops31 = "../../../../creusot-contracts/src/std/ops.rs" 123 14 124 105 + let%span sops32 = "../../../../creusot-contracts/src/std/ops.rs" 139 14 139 114 + let%span sops33 = "../../../../creusot-contracts/src/std/ops.rs" 144 14 144 101 + let%span sord34 = "../../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.UInt32 @@ -122,38 +138,93 @@ module M_692__valid_normal [#"692.rs" 11 0 11 34] use prelude.prelude.Borrow type closure1'1 = - { field_0'0: uint32 } + { field_0'0: UInt32.t } - use prelude.prelude.Int + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 + + use prelude.prelude.UInt32 + + function cmp_log'0 (self : UInt32.t) (o : UInt32.t) : t_Ordering'0 = + [%#sord34] if UInt32.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + + function eq_cmp'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom eq_cmp'0_spec : forall x : UInt32.t, y : UInt32.t . [%#sord23] (x = y) = (cmp_log'0 x y = C_Equal'0) + + function antisym2'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom antisym2'0_spec : forall x : UInt32.t, y : UInt32.t . ([%#sord21] cmp_log'0 x y = C_Greater'0) + -> ([%#sord22] cmp_log'0 y x = C_Less'0) + + function antisym1'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom antisym1'0_spec : forall x : UInt32.t, y : UInt32.t . ([%#sord19] cmp_log'0 x y = C_Less'0) + -> ([%#sord20] cmp_log'0 y x = C_Greater'0) + + function trans'0 (x : UInt32.t) (y : UInt32.t) (z : UInt32.t) (o : t_Ordering'0) : () + + axiom trans'0_spec : forall x : UInt32.t, y : UInt32.t, z : UInt32.t, o : t_Ordering'0 . ([%#sord16] cmp_log'0 x y + = o) -> ([%#sord17] cmp_log'0 y z = o) -> ([%#sord18] cmp_log'0 x z = o) + + function refl'0 (x : UInt32.t) : () + + axiom refl'0_spec : forall x : UInt32.t . [%#sord15] cmp_log'0 x x = C_Equal'0 + + use prelude.prelude.UInt32 + + function cmp_gt_log'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom cmp_gt_log'0_spec : forall x : UInt32.t, y : UInt32.t . [%#sord14] UInt32.ugt x y + = (cmp_log'0 x y = C_Greater'0) + + use prelude.prelude.UInt32 + + function cmp_ge_log'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom cmp_ge_log'0_spec : forall x : UInt32.t, y : UInt32.t . [%#sord13] UInt32.uge x y = (cmp_log'0 x y <> C_Less'0) + + function cmp_lt_log'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom cmp_lt_log'0_spec : forall x : UInt32.t, y : UInt32.t . [%#sord12] UInt32.ult x y = (cmp_log'0 x y = C_Less'0) + + use prelude.prelude.UInt32 + + function cmp_le_log'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom cmp_le_log'0_spec : forall x : UInt32.t, y : UInt32.t . [%#sord11] UInt32.ule x y + = (cmp_log'0 x y <> C_Greater'0) let rec closure1'0 (_1:closure1'1) (return' (ret:bool))= (! bb0 [ bb0 = s0 - [ s0 = UInt32.gt {_1.field_0'0} {[%#s6922] (7 : uint32)} (fun (_ret':bool) -> [ &res <- _ret' ] s1) + [ s0 = UInt32.gt {_1.field_0'0} {[%#s6922] (7 : UInt32.t)} (fun (_ret':bool) -> [ &res <- _ret' ] s1) | s1 = [ &_0 <- res ] s2 | s2 = return' {_0} ] ] ) [ & _0 : bool = any_l () | & _1 : closure1'1 = _1 | & res : bool = any_l () ] - [ return' (result:bool)-> {[@expl:closure ensures] [%#s6923] result = (_1.field_0'0 > (7 : uint32))} + [ return' (result:bool)-> {[@expl:closure ensures] [%#s6923] result = UInt32.ugt _1.field_0'0 (7 : UInt32.t)} (! return' {result}) ] type closure2'1 = - { field_0'1: borrowed uint32 } + { field_0'1: borrowed UInt32.t } predicate resolve'1 (self : borrowed closure2'1) = - [%#sresolve11] self.final = self.current + [%#sresolve24] self.final = self.current predicate resolve'0 (_1 : borrowed closure2'1) = resolve'1 _1 predicate postcondition_once'0 (self : closure2'1) (args : bool) (result : ()) = - [%#s6926] let (b) = args in b /\ (self.field_0'1).final = (2 : uint32) - \/ not b /\ (self.field_0'1).final = (1 : uint32) + [%#s6926] let (b) = args in b /\ (self.field_0'1).final = (2 : UInt32.t) + \/ not b /\ (self.field_0'1).final = (1 : UInt32.t) - predicate resolve'5 (self : borrowed uint32) = - [%#sresolve11] self.final = self.current + predicate resolve'5 (self : borrowed UInt32.t) = + [%#sresolve24] self.final = self.current - predicate resolve'4 (_1 : borrowed uint32) = + predicate resolve'4 (_1 : borrowed UInt32.t) = resolve'5 _1 predicate resolve'2 (_1 : closure2'1) = @@ -163,41 +234,41 @@ module M_692__valid_normal [#"692.rs" 11 0 11 34] (_2.field_0'1).final = (self.field_0'1).final predicate postcondition_mut'0 (self : closure2'1) (args : bool) (result_state : closure2'1) (result : ()) = - (let (b) = args in b /\ (result_state.field_0'1).current = (2 : uint32) - \/ not b /\ (result_state.field_0'1).current = (1 : uint32)) + (let (b) = args in b /\ (result_state.field_0'1).current = (2 : UInt32.t) + \/ not b /\ (result_state.field_0'1).current = (1 : UInt32.t)) /\ unnest'0 self result_state function fn_mut_once'0 (self : closure2'1) (args : bool) (res : ()) : () - axiom fn_mut_once'0_spec : forall self : closure2'1, args : bool, res : () . [%#sops18] postcondition_once'0 self args res + axiom fn_mut_once'0_spec : forall self : closure2'1, args : bool, res : () . [%#sops31] postcondition_once'0 self args res = (exists res_state : closure2'1 . postcondition_mut'0 self args res_state res /\ resolve'2 res_state) function unnest_trans'0 (self : closure2'1) (b : closure2'1) (c : closure2'1) : () - axiom unnest_trans'0_spec : forall self : closure2'1, b : closure2'1, c : closure2'1 . ([%#sops15] unnest'0 self b) - -> ([%#sops16] unnest'0 b c) -> ([%#sops17] unnest'0 self c) + axiom unnest_trans'0_spec : forall self : closure2'1, b : closure2'1, c : closure2'1 . ([%#sops28] unnest'0 self b) + -> ([%#sops29] unnest'0 b c) -> ([%#sops30] unnest'0 self c) function unnest_refl'0 (self : closure2'1) : () - axiom unnest_refl'0_spec : forall self : closure2'1 . [%#sops14] unnest'0 self self + axiom unnest_refl'0_spec : forall self : closure2'1 . [%#sops27] unnest'0 self self function postcondition_mut_unnest'0 (self : closure2'1) (args : bool) (res_state : closure2'1) (res : ()) : () - axiom postcondition_mut_unnest'0_spec : forall self : closure2'1, args : bool, res_state : closure2'1, res : () . ([%#sops12] postcondition_mut'0 self args res_state res) - -> ([%#sops13] unnest'0 self res_state) + axiom postcondition_mut_unnest'0_spec : forall self : closure2'1, args : bool, res_state : closure2'1, res : () . ([%#sops25] postcondition_mut'0 self args res_state res) + -> ([%#sops26] unnest'0 self res_state) let rec closure2'0 (_1:borrowed closure2'1) (b:bool) (return' (ret:()))= (! bb0 [ bb0 = any [ br0 -> {b = false} (! bb2) | br1 -> {b} (! bb1) ] - | bb1 = s0 [ s0 = [ &_4 <- [%#s6924] (2 : uint32) ] s1 | s1 = bb3 ] - | bb2 = s0 [ s0 = [ &_4 <- [%#s6925] (1 : uint32) ] s1 | s1 = bb3 ] + | bb1 = s0 [ s0 = [ &_4 <- [%#s6924] (2 : UInt32.t) ] s1 | s1 = bb3 ] + | bb2 = s0 [ s0 = [ &_4 <- [%#s6925] (1 : UInt32.t) ] s1 | s1 = bb3 ] | bb3 = s0 [ s0 = [ &_1 <- { _1 with current = { field_0'1 = { (_1.current).field_0'1 with current = _4 } } } ] s1 | s1 = -{resolve'0 _1}- s2 | s2 = return' {_0} ] ] - ) [ & _0 : () = any_l () | & _1 : borrowed closure2'1 = _1 | & b : bool = b | & _4 : uint32 = any_l () ] - [ return' (result:())-> {[@expl:closure ensures] [%#s6926] b /\ ((_1.final).field_0'1).current = (2 : uint32) - \/ not b /\ ((_1.final).field_0'1).current = (1 : uint32)} + ) [ & _0 : () = any_l () | & _1 : borrowed closure2'1 = _1 | & b : bool = b | & _4 : UInt32.t = any_l () ] + [ return' (result:())-> {[@expl:closure ensures] [%#s6926] b /\ ((_1.final).field_0'1).current = (2 : UInt32.t) + \/ not b /\ ((_1.final).field_0'1).current = (1 : UInt32.t)} {[@expl:closure unnest] unnest'0 _1.current _1.final} (! return' {result}) ] @@ -217,7 +288,7 @@ module M_692__valid_normal [#"692.rs" 11 0 11 34] let (b) = args in true predicate postcondition_once'1 (self : closure1'1) (args : ()) (result : bool) = - [%#s6923] let () = args in result = (self.field_0'0 > (7 : uint32)) + [%#s6923] let () = args in result = UInt32.ugt self.field_0'0 (7 : UInt32.t) predicate resolve'3 (_1 : closure1'1) = true @@ -226,38 +297,38 @@ module M_692__valid_normal [#"692.rs" 11 0 11 34] _2.field_0'0 = self.field_0'0 predicate postcondition_mut'1 (self : closure1'1) (args : ()) (result_state : closure1'1) (result : bool) = - (let () = args in result = (result_state.field_0'0 > (7 : uint32))) /\ unnest'1 self result_state + (let () = args in result = UInt32.ugt result_state.field_0'0 (7 : UInt32.t)) /\ unnest'1 self result_state function fn_mut_once'1 (self : closure1'1) (args : ()) (res : bool) : () - axiom fn_mut_once'1_spec : forall self : closure1'1, args : (), res : bool . [%#sops18] postcondition_once'1 self args res + axiom fn_mut_once'1_spec : forall self : closure1'1, args : (), res : bool . [%#sops31] postcondition_once'1 self args res = (exists res_state : closure1'1 . postcondition_mut'1 self args res_state res /\ resolve'3 res_state) function unnest_trans'1 (self : closure1'1) (b : closure1'1) (c : closure1'1) : () - axiom unnest_trans'1_spec : forall self : closure1'1, b : closure1'1, c : closure1'1 . ([%#sops15] unnest'1 self b) - -> ([%#sops16] unnest'1 b c) -> ([%#sops17] unnest'1 self c) + axiom unnest_trans'1_spec : forall self : closure1'1, b : closure1'1, c : closure1'1 . ([%#sops28] unnest'1 self b) + -> ([%#sops29] unnest'1 b c) -> ([%#sops30] unnest'1 self c) function unnest_refl'1 (self : closure1'1) : () - axiom unnest_refl'1_spec : forall self : closure1'1 . [%#sops14] unnest'1 self self + axiom unnest_refl'1_spec : forall self : closure1'1 . [%#sops27] unnest'1 self self function postcondition_mut_unnest'1 (self : closure1'1) (args : ()) (res_state : closure1'1) (res : bool) : () - axiom postcondition_mut_unnest'1_spec : forall self : closure1'1, args : (), res_state : closure1'1, res : bool . ([%#sops12] postcondition_mut'1 self args res_state res) - -> ([%#sops13] unnest'1 self res_state) + axiom postcondition_mut_unnest'1_spec : forall self : closure1'1, args : (), res_state : closure1'1, res : bool . ([%#sops25] postcondition_mut'1 self args res_state res) + -> ([%#sops26] unnest'1 self res_state) predicate postcondition'0 (self : closure1'1) (args : ()) (result : bool) = - [%#s6923] let () = args in result = (self.field_0'0 > (7 : uint32)) + [%#s6923] let () = args in result = UInt32.ugt self.field_0'0 (7 : UInt32.t) function fn_once'0 (self : closure1'1) (args : ()) (res : bool) : () - axiom fn_once'0_spec : forall self : closure1'1, args : (), res : bool . [%#sops20] postcondition_once'1 self args res + axiom fn_once'0_spec : forall self : closure1'1, args : (), res : bool . [%#sops33] postcondition_once'1 self args res = (resolve'3 self /\ postcondition'0 self args res) function fn_mut'0 (self : closure1'1) (args : ()) (res_state : closure1'1) (res : bool) : () - axiom fn_mut'0_spec : forall self : closure1'1, args : (), res_state : closure1'1, res : bool . [%#sops19] postcondition_mut'1 self args res_state res + axiom fn_mut'0_spec : forall self : closure1'1, args : (), res_state : closure1'1, res : bool . [%#sops32] postcondition_mut'1 self args res_state res = (self = res_state /\ postcondition'0 self args res) let rec incorrect'0 (cond:closure1'1) (branch:closure2'1) (return' (ret:()))= {[@expl:incorrect 'cond' type invariant] [%#s6927] inv'0 cond} @@ -269,23 +340,24 @@ module M_692__valid_normal [#"692.rs" 11 0 11 34] meta "compute_max_steps" 1000000 - let rec valid_normal'0 (n:uint32) (return' (ret:uint32))= (! bb0 + let rec valid_normal'0 (n:UInt32.t) (return' (ret:UInt32.t))= (! bb0 [ bb0 = s0 - [ s0 = [ &r <- [%#s6920] (0 : uint32) ] s1 + [ s0 = [ &r <- [%#s6920] (0 : UInt32.t) ] s1 | s1 = [ &cond <- { field_0'0 = n } ] s2 - | s2 = Borrow.borrow_mut {r} (fun (_ret':borrowed uint32) -> [ &_7 <- _ret' ] [ &r <- _ret'.final ] s3) + | s2 = Borrow.borrow_mut {r} + (fun (_ret':borrowed UInt32.t) -> [ &_7 <- _ret' ] [ &r <- _ret'.final ] s3) | s3 = [ &branch <- { field_0'1 = _7 } ] s4 | s4 = incorrect'0 {cond} {branch} (fun (_ret':()) -> [ &_8 <- _ret' ] s5) | s5 = bb1 ] | bb1 = s0 [ s0 = [ &_0 <- r ] s1 | s1 = return' {_0} ] ] ) - [ & _0 : uint32 = any_l () - | & n : uint32 = n - | & r : uint32 = any_l () + [ & _0 : UInt32.t = any_l () + | & n : UInt32.t = n + | & r : UInt32.t = any_l () | & cond : closure1'1 = any_l () | & branch : closure2'1 = any_l () - | & _7 : borrowed uint32 = any_l () + | & _7 : borrowed UInt32.t = any_l () | & _8 : () = any_l () ] - [ return' (result:uint32)-> {[@expl:valid_normal ensures] [%#s6921] false} (! return' {result}) ] + [ return' (result:UInt32.t)-> {[@expl:valid_normal ensures] [%#s6921] false} (! return' {result}) ] end diff --git a/creusot/tests/should_fail/bug/692/why3session.xml b/creusot/tests/should_fail/bug/692/why3session.xml index b93ee6f20f..6859b0049c 100644 --- a/creusot/tests/should_fail/bug/692/why3session.xml +++ b/creusot/tests/should_fail/bug/692/why3session.xml @@ -28,13 +28,13 @@ - + - + - + diff --git a/creusot/tests/should_fail/bug/692/why3shapes.gz b/creusot/tests/should_fail/bug/692/why3shapes.gz index 3a7586b29478ed3f781548778343702d23975840..17e0b0d68482a2be07a20b562d4dde06c71d1dab 100644 GIT binary patch literal 983 zcmV;|11S6-iwFP!00000|J7AZkJ~m7z57@A<~An|zZD<>gkn`12--`)t3gpzVpJ=6 zWqFJI`wk`B`mlD}9s_uV;k-A)8S?G$mk--$Zd@DAP4yaf zU|H%;&AIbUT^u`P9G)-Tj#y$5vh?X?fi|@dSD0oScd6@ej(l$Aeq4#!id!+IDyybT zZGr4pYtS}9%mN^Nh9d^l0<*x=Nh?6#sP;x)%OfmE3p#b5dRr}145eIY3YnPXSikPT zMb2Oom$$C=-#3_q;=wHYK|-|M*UPC21S#1Qo_ZTb0$ej#NU{Yqi`{fTPGO6Cy7uVm zZoJ5Q34e?SGE^9zPu-70FM}zFJEcP-Xzj;5SpDE9eIM8m%78vJghBUq*kd~w8{1sA zGDhtud)%tPll|oU^XX7E-v*7j-wsbN7gz1b3s!=T1qDk(%9n6H?_#YJgj$Bk?`?2h zXm?~0CoG?$^H7xQJ?SD&MorGy>d__9xojrtn2hZ#(J0<&MKA91tsC4K-r9^Cm3%KS z62o2HGhUSJlvj0w?;&AS^(M4pfCr_Ib&=a6l>m+LTMkln4D7oS0z z-K|l-%rd#AUt}S~5w%RL>-SEXJd5a4mL>biS})d!>uCVTQAK7B{INCt4iH7u^0h~h z<2;m>t8~&G7jM*lBd_JrmM2z3aYS2?wZ{~0G#tbIJhwtwAy=Nv;m)DIb1UfWy%B2V z`FvX-7{IK+p)OWl*7YsY+YA41Nv|*ELmnJ-8=`d~O2{=4M9YLJDP-W11WuA7@pKE+ z05igH!wi~+Y|27~LOWL~U_K~tAt5Dm%!AH}(`1_%Wi-6uK-mVIq{$=cG_MQKXd8i(JR^jMTg2`pTYlA9PVT8CP zw=8!se;-(0HR`7-p2p{#V#RTTB$Neq|La08MydTmGfJ+AgUp=JW)E49SeOk5MD-SJq z<2=Y4g)j35IWtVp`|pt#KnmANk8gAJL<(CsBIdS^)$5@6JELEpWOe@FswSYUx;>Q<6{->V-3hhR_na@=hI^ z54c~!OMN^^L2?@C$%dtK30D}9JpD`?l8&TZIEv?)!!&b}@_JFETR4y(FNh$iNNSR1 z;dU-RQC@HOzcszw!gqbDswjkWjm}Uzp@lPETBA);MkFPC<0GyB1IVC*3Nm1TAd1}B z)HvpBLB?c(lNVXCjNod)PON;e!37)4n=+8fn?@V!j1?fQ1yN^4uZ+qF%CCGd0mNdh zY+@F!5vlePoR&GuI-2NY9g|}X6HEBGK6zG+Qz|Migl!Z{EgDhVTzh4eiBr8QvPR9; zS_@6xm>9v<$!VW$@>V3|31%)`K^N$9GDb ([%#sord23] cmp_log'0 y x = C_Less'0) + + function antisym1'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom antisym1'0_spec : forall x : UInt32.t, y : UInt32.t . ([%#sord20] cmp_log'0 x y = C_Less'0) + -> ([%#sord21] cmp_log'0 y x = C_Greater'0) + + function trans'0 (x : UInt32.t) (y : UInt32.t) (z : UInt32.t) (o : t_Ordering'0) : () + + axiom trans'0_spec : forall x : UInt32.t, y : UInt32.t, z : UInt32.t, o : t_Ordering'0 . ([%#sord17] cmp_log'0 x y + = o) -> ([%#sord18] cmp_log'0 y z = o) -> ([%#sord19] cmp_log'0 x z = o) + + function refl'0 (x : UInt32.t) : () + + axiom refl'0_spec : forall x : UInt32.t . [%#sord16] cmp_log'0 x x = C_Equal'0 + + use prelude.prelude.UInt32 + + function cmp_gt_log'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom cmp_gt_log'0_spec : forall x : UInt32.t, y : UInt32.t . [%#sord15] UInt32.ugt x y + = (cmp_log'0 x y = C_Greater'0) + + use prelude.prelude.UInt32 + + function cmp_ge_log'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom cmp_ge_log'0_spec : forall x : UInt32.t, y : UInt32.t . [%#sord14] UInt32.uge x y = (cmp_log'0 x y <> C_Less'0) + + function cmp_lt_log'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom cmp_lt_log'0_spec : forall x : UInt32.t, y : UInt32.t . [%#sord13] UInt32.ult x y = (cmp_log'0 x y = C_Less'0) + + use prelude.prelude.UInt32 + + function cmp_le_log'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom cmp_le_log'0_spec : forall x : UInt32.t, y : UInt32.t . [%#sord12] UInt32.ule x y + = (cmp_log'0 x y <> C_Greater'0) let rec closure1'0 (_1:closure1'1) (return' (ret:bool))= (! bb0 [ bb0 = s0 - [ s0 = UInt32.gt {_1.field_0'0} {[%#s6953] (7 : uint32)} (fun (_ret':bool) -> [ &res <- _ret' ] s1) + [ s0 = UInt32.gt {_1.field_0'0} {[%#s6953] (7 : UInt32.t)} (fun (_ret':bool) -> [ &res <- _ret' ] s1) | s1 = [ &_0 <- res ] s2 | s2 = return' {_0} ] ] ) [ & _0 : bool = any_l () | & _1 : closure1'1 = _1 | & res : bool = any_l () ] - [ return' (result:bool)-> {[@expl:closure ensures] [%#s6954] result = (_1.field_0'0 > (7 : uint32))} + [ return' (result:bool)-> {[@expl:closure ensures] [%#s6954] result = UInt32.ugt _1.field_0'0 (7 : UInt32.t)} (! return' {result}) ] type closure2'1 = - { field_0'1: borrowed uint32 } + { field_0'1: borrowed UInt32.t } predicate resolve'1 (self : borrowed closure2'1) = - [%#sresolve12] self.final = self.current + [%#sresolve25] self.final = self.current predicate resolve'0 (_1 : borrowed closure2'1) = resolve'1 _1 predicate postcondition_once'0 (self : closure2'1) (args : bool) (result : ()) = - [%#s6957] let (b) = args in b /\ (self.field_0'1).final = (2 : uint32) - \/ not b /\ (self.field_0'1).final = (1 : uint32) + [%#s6957] let (b) = args in b /\ (self.field_0'1).final = (2 : UInt32.t) + \/ not b /\ (self.field_0'1).final = (1 : UInt32.t) - predicate resolve'5 (self : borrowed uint32) = - [%#sresolve12] self.final = self.current + predicate resolve'5 (self : borrowed UInt32.t) = + [%#sresolve25] self.final = self.current - predicate resolve'4 (_1 : borrowed uint32) = + predicate resolve'4 (_1 : borrowed UInt32.t) = resolve'5 _1 predicate resolve'2 (_1 : closure2'1) = @@ -220,41 +291,41 @@ module M_695__valid [#"695.rs" 15 0 15 27] (_2.field_0'1).final = (self.field_0'1).final predicate postcondition_mut'0 (self : closure2'1) (args : bool) (result_state : closure2'1) (result : ()) = - (let (b) = args in b /\ (result_state.field_0'1).current = (2 : uint32) - \/ not b /\ (result_state.field_0'1).current = (1 : uint32)) + (let (b) = args in b /\ (result_state.field_0'1).current = (2 : UInt32.t) + \/ not b /\ (result_state.field_0'1).current = (1 : UInt32.t)) /\ unnest'0 self result_state function fn_mut_once'0 (self : closure2'1) (args : bool) (res : ()) : () - axiom fn_mut_once'0_spec : forall self : closure2'1, args : bool, res : () . [%#sops19] postcondition_once'0 self args res + axiom fn_mut_once'0_spec : forall self : closure2'1, args : bool, res : () . [%#sops32] postcondition_once'0 self args res = (exists res_state : closure2'1 . postcondition_mut'0 self args res_state res /\ resolve'2 res_state) function unnest_trans'0 (self : closure2'1) (b : closure2'1) (c : closure2'1) : () - axiom unnest_trans'0_spec : forall self : closure2'1, b : closure2'1, c : closure2'1 . ([%#sops16] unnest'0 self b) - -> ([%#sops17] unnest'0 b c) -> ([%#sops18] unnest'0 self c) + axiom unnest_trans'0_spec : forall self : closure2'1, b : closure2'1, c : closure2'1 . ([%#sops29] unnest'0 self b) + -> ([%#sops30] unnest'0 b c) -> ([%#sops31] unnest'0 self c) function unnest_refl'0 (self : closure2'1) : () - axiom unnest_refl'0_spec : forall self : closure2'1 . [%#sops15] unnest'0 self self + axiom unnest_refl'0_spec : forall self : closure2'1 . [%#sops28] unnest'0 self self function postcondition_mut_unnest'0 (self : closure2'1) (args : bool) (res_state : closure2'1) (res : ()) : () - axiom postcondition_mut_unnest'0_spec : forall self : closure2'1, args : bool, res_state : closure2'1, res : () . ([%#sops13] postcondition_mut'0 self args res_state res) - -> ([%#sops14] unnest'0 self res_state) + axiom postcondition_mut_unnest'0_spec : forall self : closure2'1, args : bool, res_state : closure2'1, res : () . ([%#sops26] postcondition_mut'0 self args res_state res) + -> ([%#sops27] unnest'0 self res_state) let rec closure2'0 (_1:borrowed closure2'1) (b:bool) (return' (ret:()))= (! bb0 [ bb0 = any [ br0 -> {b = false} (! bb2) | br1 -> {b} (! bb1) ] - | bb1 = s0 [ s0 = [ &_4 <- [%#s6955] (2 : uint32) ] s1 | s1 = bb3 ] - | bb2 = s0 [ s0 = [ &_4 <- [%#s6956] (1 : uint32) ] s1 | s1 = bb3 ] + | bb1 = s0 [ s0 = [ &_4 <- [%#s6955] (2 : UInt32.t) ] s1 | s1 = bb3 ] + | bb2 = s0 [ s0 = [ &_4 <- [%#s6956] (1 : UInt32.t) ] s1 | s1 = bb3 ] | bb3 = s0 [ s0 = [ &_1 <- { _1 with current = { field_0'1 = { (_1.current).field_0'1 with current = _4 } } } ] s1 | s1 = -{resolve'0 _1}- s2 | s2 = return' {_0} ] ] - ) [ & _0 : () = any_l () | & _1 : borrowed closure2'1 = _1 | & b : bool = b | & _4 : uint32 = any_l () ] - [ return' (result:())-> {[@expl:closure ensures] [%#s6957] b /\ ((_1.final).field_0'1).current = (2 : uint32) - \/ not b /\ ((_1.final).field_0'1).current = (1 : uint32)} + ) [ & _0 : () = any_l () | & _1 : borrowed closure2'1 = _1 | & b : bool = b | & _4 : UInt32.t = any_l () ] + [ return' (result:())-> {[@expl:closure ensures] [%#s6957] b /\ ((_1.final).field_0'1).current = (2 : UInt32.t) + \/ not b /\ ((_1.final).field_0'1).current = (1 : UInt32.t)} {[@expl:closure unnest] unnest'0 _1.current _1.final} (! return' {result}) ] @@ -274,7 +345,7 @@ module M_695__valid [#"695.rs" 15 0 15 27] let (b) = args in true predicate postcondition_once'1 (self : closure1'1) (args : ()) (result : bool) = - [%#s6954] let () = args in result = (self.field_0'0 > (7 : uint32)) + [%#s6954] let () = args in result = UInt32.ugt self.field_0'0 (7 : UInt32.t) predicate resolve'3 (_1 : closure1'1) = true @@ -283,38 +354,38 @@ module M_695__valid [#"695.rs" 15 0 15 27] _2.field_0'0 = self.field_0'0 predicate postcondition_mut'1 (self : closure1'1) (args : ()) (result_state : closure1'1) (result : bool) = - (let () = args in result = (result_state.field_0'0 > (7 : uint32))) /\ unnest'1 self result_state + (let () = args in result = UInt32.ugt result_state.field_0'0 (7 : UInt32.t)) /\ unnest'1 self result_state function fn_mut_once'1 (self : closure1'1) (args : ()) (res : bool) : () - axiom fn_mut_once'1_spec : forall self : closure1'1, args : (), res : bool . [%#sops19] postcondition_once'1 self args res + axiom fn_mut_once'1_spec : forall self : closure1'1, args : (), res : bool . [%#sops32] postcondition_once'1 self args res = (exists res_state : closure1'1 . postcondition_mut'1 self args res_state res /\ resolve'3 res_state) function unnest_trans'1 (self : closure1'1) (b : closure1'1) (c : closure1'1) : () - axiom unnest_trans'1_spec : forall self : closure1'1, b : closure1'1, c : closure1'1 . ([%#sops16] unnest'1 self b) - -> ([%#sops17] unnest'1 b c) -> ([%#sops18] unnest'1 self c) + axiom unnest_trans'1_spec : forall self : closure1'1, b : closure1'1, c : closure1'1 . ([%#sops29] unnest'1 self b) + -> ([%#sops30] unnest'1 b c) -> ([%#sops31] unnest'1 self c) function unnest_refl'1 (self : closure1'1) : () - axiom unnest_refl'1_spec : forall self : closure1'1 . [%#sops15] unnest'1 self self + axiom unnest_refl'1_spec : forall self : closure1'1 . [%#sops28] unnest'1 self self function postcondition_mut_unnest'1 (self : closure1'1) (args : ()) (res_state : closure1'1) (res : bool) : () - axiom postcondition_mut_unnest'1_spec : forall self : closure1'1, args : (), res_state : closure1'1, res : bool . ([%#sops13] postcondition_mut'1 self args res_state res) - -> ([%#sops14] unnest'1 self res_state) + axiom postcondition_mut_unnest'1_spec : forall self : closure1'1, args : (), res_state : closure1'1, res : bool . ([%#sops26] postcondition_mut'1 self args res_state res) + -> ([%#sops27] unnest'1 self res_state) predicate postcondition'0 (self : closure1'1) (args : ()) (result : bool) = - [%#s6954] let () = args in result = (self.field_0'0 > (7 : uint32)) + [%#s6954] let () = args in result = UInt32.ugt self.field_0'0 (7 : UInt32.t) function fn_once'0 (self : closure1'1) (args : ()) (res : bool) : () - axiom fn_once'0_spec : forall self : closure1'1, args : (), res : bool . [%#sops21] postcondition_once'1 self args res + axiom fn_once'0_spec : forall self : closure1'1, args : (), res : bool . [%#sops34] postcondition_once'1 self args res = (resolve'3 self /\ postcondition'0 self args res) function fn_mut'0 (self : closure1'1) (args : ()) (res_state : closure1'1) (res : bool) : () - axiom fn_mut'0_spec : forall self : closure1'1, args : (), res_state : closure1'1, res : bool . [%#sops20] postcondition_mut'1 self args res_state res + axiom fn_mut'0_spec : forall self : closure1'1, args : (), res_state : closure1'1, res : bool . [%#sops33] postcondition_mut'1 self args res_state res = (self = res_state /\ postcondition'0 self args res) let rec inversed_if'0 (cond:closure1'1) (branch:closure2'1) (return' (ret:()))= {[@expl:inversed_if 'cond' type invariant] [%#s6958] inv'0 cond} @@ -328,27 +399,29 @@ module M_695__valid [#"695.rs" 15 0 15 27] meta "compute_max_steps" 1000000 - let rec valid'0 (n:uint32) (return' (ret:uint32))= (! bb0 + let rec valid'0 (n:UInt32.t) (return' (ret:UInt32.t))= (! bb0 [ bb0 = s0 - [ s0 = [ &r <- [%#s6950] (0 : uint32) ] s1 + [ s0 = [ &r <- [%#s6950] (0 : UInt32.t) ] s1 | s1 = [ &cond <- { field_0'0 = n } ] s2 - | s2 = Borrow.borrow_mut {r} (fun (_ret':borrowed uint32) -> [ &_7 <- _ret' ] [ &r <- _ret'.final ] s3) + | s2 = Borrow.borrow_mut {r} + (fun (_ret':borrowed UInt32.t) -> [ &_7 <- _ret' ] [ &r <- _ret'.final ] s3) | s3 = [ &branch <- { field_0'1 = _7 } ] s4 | s4 = inversed_if'0 {cond} {branch} (fun (_ret':()) -> [ &_8 <- _ret' ] s5) | s5 = bb1 ] | bb1 = s0 [ s0 = {[@expl:assertion] [%#s6951] false} s1 | s1 = [ &_0 <- r ] s2 | s2 = return' {_0} ] ] ) - [ & _0 : uint32 = any_l () - | & n : uint32 = n - | & r : uint32 = any_l () + [ & _0 : UInt32.t = any_l () + | & n : UInt32.t = n + | & r : UInt32.t = any_l () | & cond : closure1'1 = any_l () | & branch : closure2'1 = any_l () - | & _7 : borrowed uint32 = any_l () + | & _7 : borrowed UInt32.t = any_l () | & _8 : () = any_l () ] - [ return' (result:uint32)-> {[@expl:valid ensures] [%#s6952] n > (7 : uint32) /\ result = (2 : uint32) - \/ n <= (7 : uint32) /\ result = (1 : uint32)} + [ return' (result:UInt32.t)-> {[@expl:valid ensures] [%#s6952] UInt32.ugt n (7 : UInt32.t) + /\ result = (2 : UInt32.t) + \/ UInt32.ule n (7 : UInt32.t) /\ result = (1 : UInt32.t)} (! return' {result}) ] end diff --git a/creusot/tests/should_fail/bug/878.coma b/creusot/tests/should_fail/bug/878.coma index b55d15cbc4..5104371c41 100644 --- a/creusot/tests/should_fail/bug/878.coma +++ b/creusot/tests/should_fail/bug/878.coma @@ -4,19 +4,21 @@ module M_878__test [#"878.rs" 4 0 4 13] let%span s8782 = "878.rs" 5 27 5 28 let%span s8783 = "878.rs" 5 30 5 31 let%span s8784 = "878.rs" 6 4 6 13 - let%span sslice5 = "../../../../creusot-contracts/src/std/slice.rs" 332 18 332 35 + let%span sslice5 = "../../../../creusot-contracts/src/std/slice.rs" 350 18 350 35 let%span svec6 = "../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 let%span sboxed7 = "../../../../creusot-contracts/src/std/boxed.rs" 18 8 18 22 let%span sslice8 = "../../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 let%span sslice9 = "../../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 - use prelude.prelude.Slice + use Slice64.create + + use prelude.prelude.Int use prelude.prelude.Int32 - predicate inv'0 (_1 : slice int32) + predicate inv'0 (_1 : slice Int32.t) - axiom inv_axiom'0 [@rewrite] : forall x : slice int32 [inv'0 x] . inv'0 x = true + axiom inv_axiom'0 [@rewrite] : forall x : slice Int32.t [inv'0 x] . inv'0 x = true use prelude.prelude.Opaque @@ -26,16 +28,16 @@ module M_878__test [#"878.rs" 4 0 4 13] type t_Unique'0 = { t_Unique__pointer'0: t_NonNull'0; t_Unique__qy95zmarker'0: () } - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 type t_Cap'0 = - { t_Cap__0'0: usize } + { t_Cap__0'0: UInt64.t } type t_RawVec'0 = { t_RawVec__ptr'0: t_Unique'0; t_RawVec__cap'0: t_Cap'0; t_RawVec__alloc'0: () } type t_Vec'0 = - { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: usize } + { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: UInt64.t } predicate inv'1 (_1 : t_Vec'0) @@ -43,30 +45,28 @@ module M_878__test [#"878.rs" 4 0 4 13] use seq.Seq - constant v_MAX'0 : usize = (18446744073709551615 : usize) - - use prelude.prelude.UIntSize + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.Int + use prelude.prelude.UInt64 use seq.Seq - function view'0 (self : t_Vec'0) : Seq.seq int32 + function view'0 (self : t_Vec'0) : Seq.seq Int32.t - axiom view'0_spec : forall self : t_Vec'0 . [%#svec6] Seq.length (view'0 self) <= UIntSize.to_int (v_MAX'0 : usize) + axiom view'0_spec : forall self : t_Vec'0 . [%#svec6] Seq.length (view'0 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) - use prelude.prelude.Slice + use prelude.prelude.Slice64 - function view'2 (self : slice int32) : Seq.seq int32 + function view'2 (self : slice Int32.t) : Seq.seq Int32.t - axiom view'2_spec : forall self : slice int32 . ([%#sslice8] Seq.length (view'2 self) - <= UIntSize.to_int (v_MAX'0 : usize)) - && ([%#sslice9] view'2 self = Slice.id self) + axiom view'2_spec : forall self : slice Int32.t . ([%#sslice8] Seq.length (view'2 self) + <= UInt64.to_uint (v_MAX'0 : UInt64.t)) + && ([%#sslice9] view'2 self = Slice64.id self) - function view'1 (self : slice int32) : Seq.seq int32 = + function view'1 (self : slice Int32.t) : Seq.seq Int32.t = [%#sboxed7] view'2 self - let rec into_vec'0 (self:slice int32) (return' (ret:t_Vec'0))= {[@expl:into_vec 'self' type invariant] inv'0 self} + let rec into_vec'0 (self:slice Int32.t) (return' (ret:t_Vec'0))= {[@expl:into_vec 'self' type invariant] inv'0 self} any [ return' (result:t_Vec'0)-> {inv'1 result} {[%#sslice5] view'0 result = view'1 self} (! return' {result}) ] use prelude.prelude.Borrow @@ -78,10 +78,10 @@ module M_878__test [#"878.rs" 4 0 4 13] let rec test'0 (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = any - [ any_ (__arr_temp:array int32)-> (! -{Seq.get __arr_temp.elts 0 = ([%#s8780] (1 : int32)) - /\ Seq.get __arr_temp.elts 1 = ([%#s8781] (2 : int32)) - /\ Seq.get __arr_temp.elts 2 = ([%#s8782] (2 : int32)) - /\ Seq.get __arr_temp.elts 3 = ([%#s8783] (3 : int32)) /\ Seq.length __arr_temp.elts = 4}- + [ any_ (__arr_temp:array Int32.t)-> (! -{Seq.get __arr_temp.elts 0 = ([%#s8780] (1 : Int32.t)) + /\ Seq.get __arr_temp.elts 1 = ([%#s8781] (2 : Int32.t)) + /\ Seq.get __arr_temp.elts 2 = ([%#s8782] (2 : Int32.t)) + /\ Seq.get __arr_temp.elts 3 = ([%#s8783] (3 : Int32.t)) /\ Seq.length __arr_temp.elts = 4}- [ &_4 <- __arr_temp ] s1) ] @@ -97,14 +97,14 @@ module M_878__test [#"878.rs" 4 0 4 13] ) [ & _0 : () = any_l () | & v : t_Vec'0 = any_l () - | & _4 : array int32 = any_l () + | & _4 : array Int32.t = any_l () | & _6 : borrowed (t_Vec'0) = any_l () ] [ return' (result:())-> (! return' {result}) ] end module M_878__test2 [#"878.rs" 19 0 19 14] let%span s8780 = "878.rs" 20 19 20 20 let%span s8781 = "878.rs" 21 13 21 25 - let%span sslice2 = "../../../../creusot-contracts/src/std/slice.rs" 332 18 332 35 + let%span sslice2 = "../../../../creusot-contracts/src/std/slice.rs" 350 18 350 35 let%span svec3 = "../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 let%span sboxed4 = "../../../../creusot-contracts/src/std/boxed.rs" 18 8 18 22 let%span sslice5 = "../../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 @@ -115,37 +115,37 @@ module M_878__test2 [#"878.rs" 19 0 19 14] let%span sseq10 = "../../../../creusot-contracts/src/logic/seq.rs" 451 20 451 95 let%span s87811 = "878.rs" 15 8 15 22 + use prelude.prelude.Int + use prelude.prelude.UInt32 type t_S'0 = - { t_S__0'0: uint32 } + { t_S__0'0: UInt32.t } - use prelude.prelude.Slice + use Slice64.create use seq.Seq - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 - constant v_MAX'0 : usize = (18446744073709551615 : usize) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 - use prelude.prelude.Int - - use prelude.prelude.Slice + use prelude.prelude.Slice64 use seq.Seq function view'2 (self : slice (t_S'0)) : Seq.seq (t_S'0) axiom view'2_spec : forall self : slice (t_S'0) . ([%#sslice5] Seq.length (view'2 self) - <= UIntSize.to_int (v_MAX'0 : usize)) - && ([%#sslice6] view'2 self = Slice.id self) + <= UInt64.to_uint (v_MAX'0 : UInt64.t)) + && ([%#sslice6] view'2 self = Slice64.id self) use seq.Seq predicate invariant'5 [#"878.rs" 14 4 14 30] (self : t_S'0) = - [%#s87811] self.t_S__0'0 = (0 : uint32) + [%#s87811] self.t_S__0'0 = (0 : UInt32.t) predicate inv'5 (_1 : t_S'0) @@ -192,17 +192,17 @@ module M_878__test2 [#"878.rs" 19 0 19 14] { t_Unique__pointer'0: t_NonNull'0; t_Unique__qy95zmarker'0: () } type t_Cap'0 = - { t_Cap__0'0: usize } + { t_Cap__0'0: UInt64.t } type t_RawVec'0 = { t_RawVec__ptr'0: t_Unique'0; t_RawVec__cap'0: t_Cap'0; t_RawVec__alloc'0: () } type t_Vec'0 = - { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: usize } + { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: UInt64.t } function view'0 (self : t_Vec'0) : Seq.seq (t_S'0) - axiom view'0_spec : forall self : t_Vec'0 . [%#svec3] Seq.length (view'0 self) <= UIntSize.to_int (v_MAX'0 : usize) + axiom view'0_spec : forall self : t_Vec'0 . [%#svec3] Seq.length (view'0 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) predicate invariant'1 (self : t_Vec'0) = [%#svec8] inv'3 (view'0 self) @@ -223,7 +223,7 @@ module M_878__test2 [#"878.rs" 19 0 19 14] let rec test2'0 (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 - [ s0 = [ &_5 <- { t_S__0'0 = ([%#s8780] (0 : uint32)) } ] s1 + [ s0 = [ &_5 <- { t_S__0'0 = ([%#s8780] (0 : UInt32.t)) } ] s1 | s1 = any [ any_ (__arr_temp:array (t_S'0))-> (! -{Seq.get __arr_temp.elts 0 = _5 /\ Seq.length __arr_temp.elts = 1}- [ &_4 <- __arr_temp ] @@ -246,7 +246,7 @@ end module M_878__test3 [#"878.rs" 25 0 25 14] let%span s8780 = "878.rs" 26 19 26 20 let%span s8781 = "878.rs" 27 20 27 35 - let%span sslice2 = "../../../../creusot-contracts/src/std/slice.rs" 332 18 332 35 + let%span sslice2 = "../../../../creusot-contracts/src/std/slice.rs" 350 18 350 35 let%span svec3 = "../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 let%span sboxed4 = "../../../../creusot-contracts/src/std/boxed.rs" 18 8 18 22 let%span sslice5 = "../../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 @@ -257,37 +257,37 @@ module M_878__test3 [#"878.rs" 25 0 25 14] let%span sseq10 = "../../../../creusot-contracts/src/logic/seq.rs" 451 20 451 95 let%span s87811 = "878.rs" 15 8 15 22 + use prelude.prelude.Int + use prelude.prelude.UInt32 type t_S'0 = - { t_S__0'0: uint32 } + { t_S__0'0: UInt32.t } - use prelude.prelude.Slice + use Slice64.create use seq.Seq - use prelude.prelude.UIntSize - - constant v_MAX'0 : usize = (18446744073709551615 : usize) + use prelude.prelude.UInt64 - use prelude.prelude.UIntSize + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.Int + use prelude.prelude.UInt64 - use prelude.prelude.Slice + use prelude.prelude.Slice64 use seq.Seq function view'2 (self : slice (t_S'0)) : Seq.seq (t_S'0) axiom view'2_spec : forall self : slice (t_S'0) . ([%#sslice5] Seq.length (view'2 self) - <= UIntSize.to_int (v_MAX'0 : usize)) - && ([%#sslice6] view'2 self = Slice.id self) + <= UInt64.to_uint (v_MAX'0 : UInt64.t)) + && ([%#sslice6] view'2 self = Slice64.id self) use seq.Seq predicate invariant'5 [#"878.rs" 14 4 14 30] (self : t_S'0) = - [%#s87811] self.t_S__0'0 = (0 : uint32) + [%#s87811] self.t_S__0'0 = (0 : UInt32.t) predicate inv'5 (_1 : t_S'0) @@ -334,17 +334,17 @@ module M_878__test3 [#"878.rs" 25 0 25 14] { t_Unique__pointer'0: t_NonNull'0; t_Unique__qy95zmarker'0: () } type t_Cap'0 = - { t_Cap__0'0: usize } + { t_Cap__0'0: UInt64.t } type t_RawVec'0 = { t_RawVec__ptr'0: t_Unique'0; t_RawVec__cap'0: t_Cap'0; t_RawVec__alloc'0: () } type t_Vec'0 = - { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: usize } + { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: UInt64.t } function view'0 (self : t_Vec'0) : Seq.seq (t_S'0) - axiom view'0_spec : forall self : t_Vec'0 . [%#svec3] Seq.length (view'0 self) <= UIntSize.to_int (v_MAX'0 : usize) + axiom view'0_spec : forall self : t_Vec'0 . [%#svec3] Seq.length (view'0 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) predicate invariant'1 (self : t_Vec'0) = [%#svec8] inv'3 (view'0 self) @@ -367,7 +367,7 @@ module M_878__test3 [#"878.rs" 25 0 25 14] let rec test3'0 (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 - [ s0 = [ &_5 <- { t_S__0'0 = ([%#s8780] (0 : uint32)) } ] s1 + [ s0 = [ &_5 <- { t_S__0'0 = ([%#s8780] (0 : UInt32.t)) } ] s1 | s1 = any [ any_ (__arr_temp:array (t_S'0))-> (! -{Seq.get __arr_temp.elts 0 = _5 /\ Seq.length __arr_temp.elts = 1}- [ &_4 <- __arr_temp ] @@ -377,7 +377,7 @@ module M_878__test3 [#"878.rs" 25 0 25 14] | bb1 = bb2 | bb2 = s0 [ s0 = into_vec'0 {_4} (fun (_ret':t_Vec'0) -> [ &v <- _ret' ] s1) | s1 = bb3 ] - | bb3 = s0 [ s0 = {[@expl:assertion] [%#s8781] (Seq.get (view'0 v) 0).t_S__0'0 = (0 : uint32)} s1 | s1 = bb4 ] + | bb3 = s0 [ s0 = {[@expl:assertion] [%#s8781] (Seq.get (view'0 v) 0).t_S__0'0 = (0 : UInt32.t)} s1 | s1 = bb4 ] | bb4 = bb5 | bb5 = return' {_0} ] ) [ & _0 : () = any_l () | & v : t_Vec'0 = any_l () | & _4 : array (t_S'0) = any_l () | & _5 : t_S'0 = any_l () ] diff --git a/creusot/tests/should_fail/bug/specialize.coma b/creusot/tests/should_fail/bug/specialize.coma index d0f9f447d7..2a7406b120 100644 --- a/creusot/tests/should_fail/bug/specialize.coma +++ b/creusot/tests/should_fail/bug/specialize.coma @@ -10,16 +10,18 @@ module M_specialize__f [#"specialize.rs" 21 0 21 17] type t_Unique'0 = { t_Unique__pointer'0: t_NonNull'0; t_Unique__qy95zmarker'0: () } - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 type t_Cap'0 = - { t_Cap__0'0: usize } + { t_Cap__0'0: UInt64.t } type t_RawVec'0 = { t_RawVec__ptr'0: t_Unique'0; t_RawVec__cap'0: t_Cap'0; t_RawVec__alloc'0: () } type t_Vec'0 = - { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: usize } + { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: UInt64.t } let rec x'0 (self:t_Vec'0) (return' (ret:()))= any [ return' (result:())-> {[%#sspecialize1] true} (! return' {result}) ] @@ -54,24 +56,24 @@ module M_specialize__g [#"specialize.rs" 27 0 27 18] type t_Unique'0 = { t_Unique__pointer'0: t_NonNull'0; t_Unique__qy95zmarker'0: () } - use prelude.prelude.UInt64.to_uint + use prelude.prelude.Int + + use prelude.prelude.UInt64 type t_Cap'0 = - { t_Cap__0'0: usize } + { t_Cap__0'0: UInt64.t } type t_RawVec'0 = { t_RawVec__ptr'0: t_Unique'0; t_RawVec__cap'0: t_Cap'0; t_RawVec__alloc'0: () } type t_Vec'0 = - { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: usize } + { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: UInt64.t } use seq.Seq constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.UIntSize - - use prelude.prelude.Int + use prelude.prelude.UInt64 type t_T'0 @@ -79,7 +81,7 @@ module M_specialize__g [#"specialize.rs" 27 0 27 18] function view'0 (self : t_Vec'0) : Seq.seq t_T'0 - axiom view'0_spec : forall self : t_Vec'0 . [%#svec4] Seq.length (view'0 self) <= UIntSize.to_int (v_MAX'0 : usize) + axiom view'0_spec : forall self : t_Vec'0 . [%#svec4] Seq.length (view'0 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) use seq.Seq @@ -135,16 +137,18 @@ module M_specialize__h [#"specialize.rs" 34 0 34 17] type t_Unique'0 = { t_Unique__pointer'0: t_NonNull'0; t_Unique__qy95zmarker'0: () } - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 type t_Cap'0 = - { t_Cap__0'0: usize } + { t_Cap__0'0: UInt64.t } type t_RawVec'0 = { t_RawVec__ptr'0: t_Unique'0; t_RawVec__cap'0: t_Cap'0; t_RawVec__alloc'0: () } type t_Vec'0 = - { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: usize } + { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: UInt64.t } predicate inv'0 (_1 : t_Vec'0) @@ -180,24 +184,24 @@ module M_specialize__qyi2463200954251793265__x__refines [#"specialize.rs" 12 4 1 type t_Unique'0 = { t_Unique__pointer'0: t_NonNull'0; t_Unique__qy95zmarker'0: () } - use prelude.prelude.UInt64.to_uint + use prelude.prelude.Int + + use prelude.prelude.UInt64 type t_Cap'0 = - { t_Cap__0'0: usize } + { t_Cap__0'0: UInt64.t } type t_RawVec'0 = { t_RawVec__ptr'0: t_Unique'0; t_RawVec__cap'0: t_Cap'0; t_RawVec__alloc'0: () } type t_Vec'0 = - { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: usize } + { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: UInt64.t } use seq.Seq constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.UIntSize - - use prelude.prelude.Int + use prelude.prelude.UInt64 type t_U'0 @@ -205,7 +209,7 @@ module M_specialize__qyi2463200954251793265__x__refines [#"specialize.rs" 12 4 1 function view'0 (self : t_Vec'0) : Seq.seq t_U'0 - axiom view'0_spec : forall self : t_Vec'0 . [%#svec2] Seq.length (view'0 self) <= UIntSize.to_int (v_MAX'0 : usize) + axiom view'0_spec : forall self : t_Vec'0 . [%#svec2] Seq.length (view'0 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) use seq.Seq diff --git a/creusot/tests/should_fail/bug/subregion.coma b/creusot/tests/should_fail/bug/subregion.coma index c0a361d8f2..822b2f34a9 100644 --- a/creusot/tests/should_fail/bug/subregion.coma +++ b/creusot/tests/should_fail/bug/subregion.coma @@ -4,14 +4,16 @@ module M_subregion__list_reversal_h [#"subregion.rs" 3 0 3 37] let%span ssubregion2 = "subregion.rs" 6 15 6 16 let%span ssubregion3 = "subregion.rs" 7 22 7 27 - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 use prelude.prelude.Intrinsic meta "compute_max_steps" 1000000 - let rec list_reversal_h'0 (l:usize) (return' (ret:usize))= (! bb0 - [ bb0 = s0 [ s0 = [ &r <- [%#ssubregion0] (0 : usize) ] s1 | s1 = bb1 ] + let rec list_reversal_h'0 (l:UInt64.t) (return' (ret:UInt64.t))= (! bb0 + [ bb0 = s0 [ s0 = [ &r <- [%#ssubregion0] (0 : UInt64.t) ] s1 | s1 = bb1 ] | bb1 = bb1 [ bb1 = {[@expl:loop invariant] [%#ssubregion1] true} (! s0) [ s0 = bb2 ] diff --git a/creusot/tests/should_fail/final_borrows.coma b/creusot/tests/should_fail/final_borrows.coma index 6777d24766..ad9f69e3c8 100644 --- a/creusot/tests/should_fail/final_borrows.coma +++ b/creusot/tests/should_fail/final_borrows.coma @@ -182,23 +182,20 @@ module M_final_borrows__call_changes_prophecy [#"final_borrows.rs" 27 0 27 43] use prelude.prelude.Borrow - use prelude.prelude.Int32 - - use prelude.prelude.Int128.to_int + use prelude.prelude.Int - use prelude.prelude.Int128 + use prelude.prelude.Int32 - use prelude.prelude.Int32.to_int + use prelude.prelude.Int32 let rec inner'0 (_1:()) (return' (ret:Int32.t))= any - [ return' (result:Int32.t)-> {[%#sfinal_borrows5] Int32.to_int result = Int128.to_int (2 : Int128.t)} - (! return' {result}) ] + [ return' (result:Int32.t)-> {[%#sfinal_borrows5] Int32.to_int result = 2} (! return' {result}) ] - predicate resolve'1 (self : borrowed int32) = + predicate resolve'1 (self : borrowed Int32.t) = [%#sresolve6] self.final = self.current - predicate resolve'0 (_1 : borrowed int32) = + predicate resolve'0 (_1 : borrowed Int32.t) = resolve'1 _1 use prelude.prelude.Snapshot @@ -209,11 +206,11 @@ module M_final_borrows__call_changes_prophecy [#"final_borrows.rs" 27 0 27 43] meta "compute_max_steps" 1000000 - let rec call_changes_prophecy'0 (bor:borrowed int32) (return' (ret:()))= (! bb0 + let rec call_changes_prophecy'0 (bor:borrowed Int32.t) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &bor_snap <- [%#sfinal_borrows0] Snapshot.new bor ] s1 | s1 = bb1 ] | bb1 = s0 - [ s0 = Borrow.borrow_mut {bor.current} - (fun (_ret':borrowed int32) -> [ &b1 <- _ret' ] [ &bor <- { bor with current = _ret'.final } ] s1) + [ s0 = Borrow.borrow_mut {bor.current} + (fun (_ret':borrowed Int32.t) -> [ &b1 <- _ret' ] [ &bor <- { bor with current = _ret'.final } ] s1) | s1 = [ &b1_snap <- [%#sfinal_borrows1] Snapshot.new b1 ] s2 | s2 = bb2 ] @@ -245,20 +242,22 @@ module M_final_borrows__unnesting_fails [#"final_borrows.rs" 42 0 42 24] let%span sfinal_borrows1 = "final_borrows.rs" 49 18 49 34 let%span sresolve2 = "../../../creusot-contracts/src/resolve.rs" 54 20 54 34 + use prelude.prelude.Int + use prelude.prelude.Int32 use prelude.prelude.Borrow - predicate resolve'2 (self : borrowed int32) = + predicate resolve'2 (self : borrowed Int32.t) = [%#sresolve2] self.final = self.current predicate resolve'0 (_1 : borrowed Int32.t) = resolve'2 _1 - predicate resolve'3 (self : borrowed (borrowed int32)) = + predicate resolve'3 (self : borrowed (borrowed Int32.t)) = [%#sresolve2] self.final = self.current - predicate resolve'1 (_1 : borrowed (borrowed int32)) = + predicate resolve'1 (_1 : borrowed (borrowed Int32.t)) = resolve'3 _1 use prelude.prelude.Intrinsic diff --git a/creusot/tests/should_fail/traits/17_impl_refinement.coma b/creusot/tests/should_fail/traits/17_impl_refinement.coma index 0f225f4585..d5f3a679cd 100644 --- a/creusot/tests/should_fail/traits/17_impl_refinement.coma +++ b/creusot/tests/should_fail/traits/17_impl_refinement.coma @@ -3,23 +3,23 @@ module M_17_impl_refinement__qyi14398438181735515246__my_function [#"17_impl_ref let%span s17_impl_refinement1 = "17_impl_refinement.rs" 12 15 12 19 let%span s17_impl_refinement2 = "17_impl_refinement.rs" 13 14 13 27 - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 use prelude.prelude.Intrinsic use prelude.prelude.UInt64 - use prelude.prelude.Int - use prelude.prelude.Borrow meta "compute_max_steps" 1000000 - let rec my_function'0 (self:()) (return' (ret:usize))= {[@expl:my_function requires] [%#s17_impl_refinement1] true} - (! bb0 [ bb0 = s0 [ s0 = [ &_0 <- [%#s17_impl_refinement0] (20 : usize) ] s1 | s1 = return' {_0} ] ] ) - [ & _0 : usize = any_l () ] + let rec my_function'0 (self:()) (return' (ret:UInt64.t))= {[@expl:my_function requires] [%#s17_impl_refinement1] true} + (! bb0 [ bb0 = s0 [ s0 = [ &_0 <- [%#s17_impl_refinement0] (20 : UInt64.t) ] s1 | s1 = return' {_0} ] ] ) + [ & _0 : UInt64.t = any_l () ] - [ return' (result:usize)-> {[@expl:my_function ensures] [%#s17_impl_refinement2] UIntSize.to_int result >= 15} + [ return' (result:UInt64.t)-> {[@expl:my_function ensures] [%#s17_impl_refinement2] UInt64.to_uint result >= 15} (! return' {result}) ] end @@ -29,17 +29,13 @@ module M_17_impl_refinement__qyi15782060473717464421__need_false [#"17_impl_refi use prelude.prelude.UInt64 - use prelude.prelude.Int128.to_int - - use prelude.prelude.Int128 - use prelude.prelude.Int - use prelude.prelude.UInt64.to_uint + use prelude.prelude.UInt64 constant y : UInt64.t - function need_false'0 [#"17_impl_refinement.rs" 29 4 29 25] (y : uint64) : () + function need_false'0 [#"17_impl_refinement.rs" 29 4 29 25] (y : UInt64.t) : () goal vc_need_false'0 : true end @@ -52,31 +48,23 @@ module M_17_impl_refinement__qyi14398438181735515246__my_function__refines [#"17 axiom inv_axiom'0 [@rewrite] : forall x : () [inv'0 x] . inv'0 x = true - use prelude.prelude.Int128.to_int - - use prelude.prelude.Int128 - - use prelude.prelude.UInt64.to_uint + use prelude.prelude.Int use prelude.prelude.UInt64 - use prelude.prelude.Int + use prelude.prelude.UInt64 goal refines : [%#s17_impl_refinement0] forall self : () . inv'0 self - -> (forall result : usize . UIntSize.to_int result >= 15 -> UIntSize.to_int result >= 10) + -> (forall result : UInt64.t . UInt64.to_uint result >= 15 -> UInt64.to_uint result >= 10) end module M_17_impl_refinement__qyi15782060473717464421__need_false__refines [#"17_impl_refinement.rs" 29 4 29 25] (* <() as ReqFalse> *) let%span s17_impl_refinement0 = "17_impl_refinement.rs" 29 4 29 25 - use prelude.prelude.Int128.to_int - - use prelude.prelude.Int128 - - use prelude.prelude.UInt64.to_uint + use prelude.prelude.Int use prelude.prelude.UInt64 - use prelude.prelude.Int + use prelude.prelude.UInt64 - goal refines : [%#s17_impl_refinement0] forall x : uint64 . UInt64.to_int x >= 10 -> UInt64.to_int x >= 15 + goal refines : [%#s17_impl_refinement0] forall x : UInt64.t . UInt64.to_uint x >= 10 -> UInt64.to_uint x >= 15 end diff --git a/creusot/tests/should_fail/type_invariants/borrows.coma b/creusot/tests/should_fail/type_invariants/borrows.coma index f6b60cb41e..6657914d1b 100644 --- a/creusot/tests/should_fail/type_invariants/borrows.coma +++ b/creusot/tests/should_fail/type_invariants/borrows.coma @@ -4,16 +4,12 @@ module M_borrows__qyi5649894289181344863__new [#"borrows.rs" 17 4 17 30] (* NonZ let%span sborrows2 = "borrows.rs" 16 14 16 27 let%span sborrows3 = "borrows.rs" 10 20 10 32 - use prelude.prelude.Int128.to_int - - use prelude.prelude.Int128 - use prelude.prelude.Int - use prelude.prelude.Int32.to_int + use prelude.prelude.Int32 type t_NonZero'0 = - { t_NonZero__0'0: int32 } + { t_NonZero__0'0: Int32.t } use prelude.prelude.Intrinsic @@ -32,9 +28,9 @@ module M_borrows__qyi5649894289181344863__new [#"borrows.rs" 17 4 17 30] (* NonZ meta "compute_max_steps" 1000000 - let rec new'0 (n:int32) (return' (ret:t_NonZero'0))= {[@expl:new requires] [%#sborrows0] Int32.to_int n <> 0} + let rec new'0 (n:Int32.t) (return' (ret:t_NonZero'0))= {[@expl:new requires] [%#sborrows0] Int32.to_int n <> 0} (! bb0 [ bb0 = s0 [ s0 = [ &_0 <- { t_NonZero__0'0 = n } ] s1 | s1 = return' {_0} ] ] ) - [ & _0 : t_NonZero'0 = any_l () | & n : int32 = n ] + [ & _0 : t_NonZero'0 = any_l () | & n : Int32.t = n ] [ return' (result:t_NonZero'0)-> {[@expl:new result type invariant] [%#sborrows1] inv'0 result} {[@expl:new ensures] [%#sborrows2] result.t_NonZero__0'0 = n} @@ -51,12 +47,14 @@ module M_borrows__qyi5649894289181344863__inner_mut [#"borrows.rs" 23 4 23 43] ( use prelude.prelude.Borrow + use prelude.prelude.Int + use prelude.prelude.Int32 type t_NonZero'0 = - { t_NonZero__0'0: int32 } + { t_NonZero__0'0: Int32.t } - predicate resolve'2 (self : borrowed int32) = + predicate resolve'2 (self : borrowed Int32.t) = [%#sresolve3] self.final = self.current predicate resolve'0 (_1 : borrowed Int32.t) = @@ -92,18 +90,18 @@ module M_borrows__qyi5649894289181344863__inner_mut [#"borrows.rs" 23 4 23 43] ( meta "compute_max_steps" 1000000 - let rec inner_mut'0 (self:borrowed (t_NonZero'0)) (return' (ret:borrowed int32))= {[@expl:inner_mut 'self' type invariant] [%#sborrows0] inv'0 self} + let rec inner_mut'0 (self:borrowed (t_NonZero'0)) (return' (ret:borrowed Int32.t))= {[@expl:inner_mut 'self' type invariant] [%#sborrows0] inv'0 self} (! bb0 [ bb0 = s0 - [ s0 = Borrow.borrow_final {(self.current).t_NonZero__0'0} {Borrow.inherit_id (Borrow.get_id self) 1} - (fun (_ret':borrowed int32) -> + [ s0 = Borrow.borrow_final {(self.current).t_NonZero__0'0} {Borrow.inherit_id (Borrow.get_id self) 1} + (fun (_ret':borrowed Int32.t) -> [ &_5 <- _ret' ] [ &self <- { self with current = { t_NonZero__0'0 = _ret'.final } } ] s1) - | s1 = Borrow.borrow_final {_5.current} {Borrow.get_id _5} - (fun (_ret':borrowed int32) -> [ &_2 <- _ret' ] [ &_5 <- { _5 with current = _ret'.final } ] s2) - | s2 = Borrow.borrow_final {_2.current} {Borrow.get_id _2} - (fun (_ret':borrowed int32) -> [ &_0 <- _ret' ] [ &_2 <- { _2 with current = _ret'.final } ] s3) + | s1 = Borrow.borrow_final {_5.current} {Borrow.get_id _5} + (fun (_ret':borrowed Int32.t) -> [ &_2 <- _ret' ] [ &_5 <- { _5 with current = _ret'.final } ] s2) + | s2 = Borrow.borrow_final {_2.current} {Borrow.get_id _2} + (fun (_ret':borrowed Int32.t) -> [ &_0 <- _ret' ] [ &_2 <- { _2 with current = _ret'.final } ] s3) | s3 = -{resolve'0 _5}- s4 | s4 = -{resolve'0 _2}- s5 | s5 = {[@expl:type invariant] inv'0 self} s6 @@ -111,12 +109,12 @@ module M_borrows__qyi5649894289181344863__inner_mut [#"borrows.rs" 23 4 23 43] ( | s7 = return' {_0} ] ] ) - [ & _0 : borrowed int32 = any_l () + [ & _0 : borrowed Int32.t = any_l () | & self : borrowed (t_NonZero'0) = self - | & _2 : borrowed int32 = any_l () - | & _5 : borrowed int32 = any_l () ] + | & _2 : borrowed Int32.t = any_l () + | & _5 : borrowed Int32.t = any_l () ] - [ return' (result:borrowed int32)-> {[@expl:inner_mut ensures #0] [%#sborrows1] Int32.to_int (self.current).t_NonZero__0'0 + [ return' (result:borrowed Int32.t)-> {[@expl:inner_mut ensures #0] [%#sborrows1] Int32.to_int (self.current).t_NonZero__0'0 = Int32.to_int result.current} {[@expl:inner_mut ensures #1] [%#sborrows2] Int32.to_int (self.final).t_NonZero__0'0 = Int32.to_int result.final} (! return' {result}) ] @@ -135,22 +133,22 @@ module M_borrows__simple [#"borrows.rs" 31 0 31 30] use prelude.prelude.Borrow + use prelude.prelude.Int + use prelude.prelude.Int32 type t_NonZero'0 = - { t_NonZero__0'0: int32 } - - use prelude.prelude.Int + { t_NonZero__0'0: Int32.t } use prelude.prelude.Int32 - function view'0 (self : borrowed int32) : int = + function view'0 (self : borrowed Int32.t) : int = [%#smodel5] Int32.to_int self.current - constant v_MAX'0 : int32 = (2147483647 : int32) + constant v_MAX'0 : Int32.t = (2147483647 : Int32.t) - let rec inc'0 (x:borrowed int32) (return' (ret:()))= {[@expl:inc requires] [%#sborrows3] view'0 x - < Int32.to_int (v_MAX'0 : int32)} + let rec inc'0 (x:borrowed Int32.t) (return' (ret:()))= {[@expl:inc requires] [%#sborrows3] view'0 x + < Int32.to_int (v_MAX'0 : Int32.t)} any [ return' (result:())-> {[%#sborrows4] Int32.to_int x.final = view'0 x + 1} (! return' {result}) ] predicate resolve'2 (self : borrowed Int32.t) = @@ -188,17 +186,18 @@ module M_borrows__simple [#"borrows.rs" 31 0 31 30] meta "compute_max_steps" 1000000 let rec simple'0 (x:borrowed (t_NonZero'0)) (return' (ret:()))= {[@expl:simple 'x' type invariant] [%#sborrows0] inv'0 x} - {[@expl:simple requires #0] [%#sborrows1] Int32.to_int (x.current).t_NonZero__0'0 < Int32.to_int (v_MAX'0 : int32)} + {[@expl:simple requires #0] [%#sborrows1] Int32.to_int (x.current).t_NonZero__0'0 + < Int32.to_int (v_MAX'0 : Int32.t)} {[@expl:simple requires #1] [%#sborrows2] Int32.to_int (x.current).t_NonZero__0'0 <> - 1} (! bb0 [ bb0 = s0 - [ s0 = Borrow.borrow_final {(x.current).t_NonZero__0'0} {Borrow.inherit_id (Borrow.get_id x) 1} - (fun (_ret':borrowed int32) -> + [ s0 = Borrow.borrow_final {(x.current).t_NonZero__0'0} {Borrow.inherit_id (Borrow.get_id x) 1} + (fun (_ret':borrowed Int32.t) -> [ &_6 <- _ret' ] [ &x <- { x with current = { t_NonZero__0'0 = _ret'.final } } ] s1) - | s1 = Borrow.borrow_final {_6.current} {Borrow.get_id _6} - (fun (_ret':borrowed int32) -> [ &_5 <- _ret' ] [ &_6 <- { _6 with current = _ret'.final } ] s2) + | s1 = Borrow.borrow_final {_6.current} {Borrow.get_id _6} + (fun (_ret':borrowed Int32.t) -> [ &_5 <- _ret' ] [ &_6 <- { _6 with current = _ret'.final } ] s2) | s2 = inc'0 {_5} (fun (_ret':()) -> [ &_4 <- _ret' ] s3) | s3 = bb1 ] @@ -232,18 +231,14 @@ module M_borrows__hard [#"borrows.rs" 38 0 38 28] use prelude.prelude.Borrow + use prelude.prelude.Int + use prelude.prelude.Int32 type t_NonZero'0 = - { t_NonZero__0'0: int32 } - - use prelude.prelude.Int128.to_int - - use prelude.prelude.Int128 - - use prelude.prelude.Int + { t_NonZero__0'0: Int32.t } - use prelude.prelude.Int32.to_int + use prelude.prelude.Int32 predicate invariant'0 [#"borrows.rs" 9 4 9 30] (self : t_NonZero'0) = [%#sborrows10] Int32.to_int self.t_NonZero__0'0 <> 0 @@ -263,23 +258,21 @@ module M_borrows__hard [#"borrows.rs" 38 0 38 28] axiom inv_axiom'1 [@rewrite] : forall x : borrowed (t_NonZero'0) [inv'1 x] . inv'1 x = invariant'1 x - let rec inner_mut'0 (self:borrowed (t_NonZero'0)) (return' (ret:borrowed int32))= {[@expl:inner_mut 'self' type invariant] [%#sborrows3] inv'1 self} + let rec inner_mut'0 (self:borrowed (t_NonZero'0)) (return' (ret:borrowed Int32.t))= {[@expl:inner_mut 'self' type invariant] [%#sborrows3] inv'1 self} any - [ return' (result:borrowed int32)-> {[%#sborrows4] Int32.to_int (self.current).t_NonZero__0'0 + [ return' (result:borrowed Int32.t)-> {[%#sborrows4] Int32.to_int (self.current).t_NonZero__0'0 = Int32.to_int result.current} {[%#sborrows5] Int32.to_int (self.final).t_NonZero__0'0 = Int32.to_int result.final} (! return' {result}) ] - use prelude.prelude.Int - - function view'0 (self : borrowed int32) : int = + function view'0 (self : borrowed Int32.t) : int = [%#smodel8] Int32.to_int self.current - constant v_MAX'0 : int32 = (2147483647 : int32) + constant v_MAX'0 : Int32.t = (2147483647 : Int32.t) - let rec inc'0 (x:borrowed int32) (return' (ret:()))= {[@expl:inc requires] [%#sborrows6] view'0 x - < Int32.to_int (v_MAX'0 : int32)} + let rec inc'0 (x:borrowed Int32.t) (return' (ret:()))= {[@expl:inc requires] [%#sborrows6] view'0 x + < Int32.to_int (v_MAX'0 : Int32.t)} any [ return' (result:())-> {[%#sborrows7] Int32.to_int x.final = view'0 x + 1} (! return' {result}) ] predicate resolve'2 (self : borrowed Int32.t) = @@ -299,7 +292,7 @@ module M_borrows__hard [#"borrows.rs" 38 0 38 28] meta "compute_max_steps" 1000000 let rec hard'0 (x:borrowed (t_NonZero'0)) (return' (ret:()))= {[@expl:hard 'x' type invariant] [%#sborrows0] inv'1 x} - {[@expl:hard requires #0] [%#sborrows1] Int32.to_int (x.current).t_NonZero__0'0 < Int32.to_int (v_MAX'0 : int32)} + {[@expl:hard requires #0] [%#sborrows1] Int32.to_int (x.current).t_NonZero__0'0 < Int32.to_int (v_MAX'0 : Int32.t)} {[@expl:hard requires #1] [%#sborrows2] Int32.to_int (x.current).t_NonZero__0'0 <> - 1} (! bb0 [ bb0 = s0 @@ -314,8 +307,8 @@ module M_borrows__hard [#"borrows.rs" 38 0 38 28] | s2 = bb1 ] | bb1 = s0 - [ s0 = Borrow.borrow_final {_6.current} {Borrow.get_id _6} - (fun (_ret':borrowed int32) -> [ &_5 <- _ret' ] [ &_6 <- { _6 with current = _ret'.final } ] s1) + [ s0 = Borrow.borrow_final {_6.current} {Borrow.get_id _6} + (fun (_ret':borrowed Int32.t) -> [ &_5 <- _ret' ] [ &_6 <- { _6 with current = _ret'.final } ] s1) | s1 = inc'0 {_5} (fun (_ret':()) -> [ &_4 <- _ret' ] s2) | s2 = bb2 ] @@ -329,8 +322,8 @@ module M_borrows__hard [#"borrows.rs" 38 0 38 28] [ & _0 : () = any_l () | & x : borrowed (t_NonZero'0) = x | & _4 : () = any_l () - | & _5 : borrowed int32 = any_l () - | & _6 : borrowed int32 = any_l () + | & _5 : borrowed Int32.t = any_l () + | & _6 : borrowed Int32.t = any_l () | & _7 : borrowed (t_NonZero'0) = any_l () ] [ return' (result:())-> (! return' {result}) ] end @@ -347,24 +340,24 @@ module M_borrows__tuple [#"borrows.rs" 45 0 45 44] let%span sborrows9 = "borrows.rs" 10 20 10 32 let%span sinvariant10 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 + use prelude.prelude.Int + use prelude.prelude.Int32 type t_NonZero'0 = - { t_NonZero__0'0: int32 } + { t_NonZero__0'0: Int32.t } use prelude.prelude.Borrow - use prelude.prelude.Int - use prelude.prelude.Int32 - function view'0 (self : borrowed int32) : int = + function view'0 (self : borrowed Int32.t) : int = [%#smodel6] Int32.to_int self.current - constant v_MAX'0 : int32 = (2147483647 : int32) + constant v_MAX'0 : Int32.t = (2147483647 : Int32.t) - let rec inc'0 (x:borrowed int32) (return' (ret:()))= {[@expl:inc requires] [%#sborrows4] view'0 x - < Int32.to_int (v_MAX'0 : int32)} + let rec inc'0 (x:borrowed Int32.t) (return' (ret:()))= {[@expl:inc requires] [%#sborrows4] view'0 x + < Int32.to_int (v_MAX'0 : Int32.t)} any [ return' (result:())-> {[%#sborrows5] Int32.to_int x.final = view'0 x + 1} (! return' {result}) ] predicate resolve'2 (self : borrowed Int32.t) = @@ -417,23 +410,23 @@ module M_borrows__tuple [#"borrows.rs" 45 0 45 44] let rec tuple'0 (x:(t_NonZero'0, borrowed (t_NonZero'0))) (return' (ret:()))= {[@expl:tuple 'x' type invariant] [%#sborrows1] inv'0 x} {[@expl:tuple requires #0] [%#sborrows2] Int32.to_int ((let (_, a) = x in a).current).t_NonZero__0'0 - < Int32.to_int (v_MAX'0 : int32)} + < Int32.to_int (v_MAX'0 : Int32.t)} {[@expl:tuple requires #1] [%#sborrows3] Int32.to_int ((let (_, a) = x in a).current).t_NonZero__0'0 <> - 1} (! bb0 [ bb0 = s0 - [ s0 = [ &x <- let (_, r'1) = x in ({ t_NonZero__0'0 = ([%#sborrows0] (0 : int32)) }, r'1) ] s1 + [ s0 = [ &x <- let (_, r'1) = x in ({ t_NonZero__0'0 = ([%#sborrows0] (0 : Int32.t)) }, r'1) ] s1 | s1 = Borrow.borrow_final - + {((let (_, r'2) = x in r'2).current).t_NonZero__0'0} {Borrow.inherit_id (Borrow.get_id (let (_, r'2) = x in r'2)) 1} - (fun (_ret':borrowed int32) -> + (fun (_ret':borrowed Int32.t) -> [ &_6 <- _ret' ] [ &x <- let (r'3, _) = x in (r'3, { (let (_, r'2) = x in r'2) with current = { t_NonZero__0'0 = _ret'.final } }) ] s2) - | s2 = Borrow.borrow_final {_6.current} {Borrow.get_id _6} - (fun (_ret':borrowed int32) -> [ &_5 <- _ret' ] [ &_6 <- { _6 with current = _ret'.final } ] s3) + | s2 = Borrow.borrow_final {_6.current} {Borrow.get_id _6} + (fun (_ret':borrowed Int32.t) -> [ &_5 <- _ret' ] [ &_6 <- { _6 with current = _ret'.final } ] s3) | s3 = inc'0 {_5} (fun (_ret':()) -> [ &_4 <- _ret' ] s4) | s4 = bb1 ] @@ -465,22 +458,22 @@ module M_borrows__partial_move [#"borrows.rs" 53 0 53 47] use prelude.prelude.Borrow + use prelude.prelude.Int + use prelude.prelude.Int32 type t_NonZero'0 = - { t_NonZero__0'0: int32 } - - use prelude.prelude.Int + { t_NonZero__0'0: Int32.t } use prelude.prelude.Int32 - function view'0 (self : borrowed int32) : int = + function view'0 (self : borrowed Int32.t) : int = [%#smodel6] Int32.to_int self.current - constant v_MAX'0 : int32 = (2147483647 : int32) + constant v_MAX'0 : Int32.t = (2147483647 : Int32.t) - let rec inc'0 (x:borrowed int32) (return' (ret:()))= {[@expl:inc requires] [%#sborrows4] view'0 x - < Int32.to_int (v_MAX'0 : int32)} + let rec inc'0 (x:borrowed Int32.t) (return' (ret:()))= {[@expl:inc requires] [%#sborrows4] view'0 x + < Int32.to_int (v_MAX'0 : Int32.t)} any [ return' (result:())-> {[%#sborrows5] Int32.to_int x.final = view'0 x + 1} (! return' {result}) ] predicate resolve'2 (self : borrowed Int32.t) = @@ -524,23 +517,23 @@ module M_borrows__partial_move [#"borrows.rs" 53 0 53 47] let rec partial_move'0 (x:(t_NonZero'0, borrowed (t_NonZero'0))) (return' (ret:()))= {[@expl:partial_move 'x' type invariant] [%#sborrows1] inv'1 x} {[@expl:partial_move requires #0] [%#sborrows2] Int32.to_int ((let (_, a) = x in a).current).t_NonZero__0'0 - < Int32.to_int (v_MAX'0 : int32)} + < Int32.to_int (v_MAX'0 : Int32.t)} {[@expl:partial_move requires #1] [%#sborrows3] Int32.to_int ((let (_, a) = x in a).current).t_NonZero__0'0 <> - 1} (! bb0 [ bb0 = s0 [ s0 = [ &a <- let (r'0, _) = x in r'0 ] s1 | s1 = Borrow.borrow_final - + {((let (_, r'1) = x in r'1).current).t_NonZero__0'0} {Borrow.inherit_id (Borrow.get_id (let (_, r'1) = x in r'1)) 1} - (fun (_ret':borrowed int32) -> + (fun (_ret':borrowed Int32.t) -> [ &_7 <- _ret' ] [ &x <- let (r'2, _) = x in (r'2, { (let (_, r'1) = x in r'1) with current = { t_NonZero__0'0 = _ret'.final } }) ] s2) - | s2 = Borrow.borrow_final {_7.current} {Borrow.get_id _7} - (fun (_ret':borrowed int32) -> [ &_6 <- _ret' ] [ &_7 <- { _7 with current = _ret'.final } ] s3) + | s2 = Borrow.borrow_final {_7.current} {Borrow.get_id _7} + (fun (_ret':borrowed Int32.t) -> [ &_6 <- _ret' ] [ &_7 <- { _7 with current = _ret'.final } ] s3) | s3 = inc'0 {_6} (fun (_ret':()) -> [ &_5 <- _ret' ] s4) | s4 = bb1 ] @@ -556,7 +549,7 @@ module M_borrows__partial_move [#"borrows.rs" 53 0 53 47] | _ -> true end}- s3 - | s3 = [ &a <- { t_NonZero__0'0 = ([%#sborrows0] (0 : int32)) } ] s4 + | s3 = [ &a <- { t_NonZero__0'0 = ([%#sborrows0] (0 : Int32.t)) } ] s4 | s4 = return' {_0} ] ] ) @@ -580,30 +573,24 @@ module M_borrows__destruct [#"borrows.rs" 61 0 61 43] let%span sinvariant8 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 let%span sborrows9 = "borrows.rs" 10 20 10 32 - use prelude.prelude.Int128.to_int - - use prelude.prelude.Int128 - use prelude.prelude.Int - use prelude.prelude.Int32.to_int + use prelude.prelude.Int32 type t_NonZero'0 = - { t_NonZero__0'0: int32 } + { t_NonZero__0'0: Int32.t } use prelude.prelude.Borrow - use prelude.prelude.Int - use prelude.prelude.Int32 - function view'0 (self : borrowed int32) : int = + function view'0 (self : borrowed Int32.t) : int = [%#smodel6] Int32.to_int self.current - constant v_MAX'0 : int32 = (2147483647 : int32) + constant v_MAX'0 : Int32.t = (2147483647 : Int32.t) - let rec inc'0 (x:borrowed int32) (return' (ret:()))= {[@expl:inc requires] [%#sborrows4] view'0 x - < Int32.to_int (v_MAX'0 : int32)} + let rec inc'0 (x:borrowed Int32.t) (return' (ret:()))= {[@expl:inc requires] [%#sborrows4] view'0 x + < Int32.to_int (v_MAX'0 : Int32.t)} any [ return' (result:())-> {[%#sborrows5] Int32.to_int x.final = view'0 x + 1} (! return' {result}) ] predicate resolve'2 (self : borrowed Int32.t) = @@ -647,20 +634,20 @@ module M_borrows__destruct [#"borrows.rs" 61 0 61 43] let rec destruct'0 (x:(t_NonZero'0, borrowed (t_NonZero'0))) (return' (ret:()))= {[@expl:destruct 'x' type invariant] [%#sborrows1] inv'1 x} {[@expl:destruct requires #0] [%#sborrows2] Int32.to_int ((let (_, a) = x in a).current).t_NonZero__0'0 - < Int32.to_int (v_MAX'0 : int32)} + < Int32.to_int (v_MAX'0 : Int32.t)} {[@expl:destruct requires #1] [%#sborrows3] Int32.to_int ((let (_, a) = x in a).current).t_NonZero__0'0 <> - 1} (! bb0 [ bb0 = s0 [ s0 = [ &a <- let (r'0, _) = x in r'0 ] s1 | s1 = [ &b <- let (_, r'1) = x in r'1 ] s2 - | s2 = [ &a <- { t_NonZero__0'0 = ([%#sborrows0] (0 : int32)) } ] s3 - | s3 = Borrow.borrow_final {(b.current).t_NonZero__0'0} {Borrow.inherit_id (Borrow.get_id b) 1} - (fun (_ret':borrowed int32) -> + | s2 = [ &a <- { t_NonZero__0'0 = ([%#sborrows0] (0 : Int32.t)) } ] s3 + | s3 = Borrow.borrow_final {(b.current).t_NonZero__0'0} {Borrow.inherit_id (Borrow.get_id b) 1} + (fun (_ret':borrowed Int32.t) -> [ &_8 <- _ret' ] [ &b <- { b with current = { t_NonZero__0'0 = _ret'.final } } ] s4) - | s4 = Borrow.borrow_final {_8.current} {Borrow.get_id _8} - (fun (_ret':borrowed int32) -> [ &_7 <- _ret' ] [ &_8 <- { _8 with current = _ret'.final } ] s5) + | s4 = Borrow.borrow_final {_8.current} {Borrow.get_id _8} + (fun (_ret':borrowed Int32.t) -> [ &_7 <- _ret' ] [ &_8 <- { _8 with current = _ret'.final } ] s5) | s5 = inc'0 {_7} (fun (_ret':()) -> [ &_6 <- _ret' ] s6) | s6 = bb1 ] @@ -694,18 +681,14 @@ module M_borrows__frozen_dead [#"borrows.rs" 69 0 69 66] use prelude.prelude.Borrow + use prelude.prelude.Int + use prelude.prelude.Int32 type t_NonZero'0 = - { t_NonZero__0'0: int32 } + { t_NonZero__0'0: Int32.t } - use prelude.prelude.Int128.to_int - - use prelude.prelude.Int128 - - use prelude.prelude.Int - - use prelude.prelude.Int32.to_int + use prelude.prelude.Int32 predicate invariant'0 [#"borrows.rs" 9 4 9 30] (self : t_NonZero'0) = [%#sborrows8] Int32.to_int self.t_NonZero__0'0 <> 0 @@ -731,15 +714,13 @@ module M_borrows__frozen_dead [#"borrows.rs" 69 0 69 66] predicate resolve'0 (_1 : borrowed (t_NonZero'0)) = resolve'2 _1 - use prelude.prelude.Int - - function view'0 (self : borrowed int32) : int = + function view'0 (self : borrowed Int32.t) : int = [%#smodel7] Int32.to_int self.current - constant v_MAX'0 : int32 = (2147483647 : int32) + constant v_MAX'0 : Int32.t = (2147483647 : Int32.t) - let rec inc'0 (x:borrowed int32) (return' (ret:()))= {[@expl:inc requires] [%#sborrows4] view'0 x - < Int32.to_int (v_MAX'0 : int32)} + let rec inc'0 (x:borrowed Int32.t) (return' (ret:()))= {[@expl:inc requires] [%#sborrows4] view'0 x + < Int32.to_int (v_MAX'0 : Int32.t)} any [ return' (result:())-> {[%#sborrows5] Int32.to_int x.final = view'0 x + 1} (! return' {result}) ] predicate resolve'3 (self : borrowed Int32.t) = @@ -755,12 +736,12 @@ module M_borrows__frozen_dead [#"borrows.rs" 69 0 69 66] let rec frozen_dead'0 (x:borrowed (t_NonZero'0)) (y:borrowed (t_NonZero'0)) (return' (ret:()))= {[@expl:frozen_dead 'x' type invariant] [%#sborrows0] inv'1 x} {[@expl:frozen_dead 'y' type invariant] [%#sborrows1] inv'1 y} {[@expl:frozen_dead requires #0] [%#sborrows2] Int32.to_int (x.current).t_NonZero__0'0 - < Int32.to_int (v_MAX'0 : int32)} + < Int32.to_int (v_MAX'0 : Int32.t)} {[@expl:frozen_dead requires #1] [%#sborrows3] Int32.to_int (x.current).t_NonZero__0'0 <> - 1} (! bb0 [ bb0 = s0 - [ s0 = Borrow.borrow_final {(x.current).t_NonZero__0'0} {Borrow.inherit_id (Borrow.get_id x) 1} - (fun (_ret':borrowed int32) -> + [ s0 = Borrow.borrow_final {(x.current).t_NonZero__0'0} {Borrow.inherit_id (Borrow.get_id x) 1} + (fun (_ret':borrowed Int32.t) -> [ &_a <- _ret' ] [ &x <- { x with current = { t_NonZero__0'0 = _ret'.final } } ] s1) @@ -776,8 +757,8 @@ module M_borrows__frozen_dead [#"borrows.rs" 69 0 69 66] | s4 = [ &x <- _6 ] s5 | s5 = {[@expl:type invariant] inv'1 x} s6 | s6 = -{resolve'0 x}- s7 - | s7 = Borrow.borrow_final {_a.current} {Borrow.get_id _a} - (fun (_ret':borrowed int32) -> [ &_8 <- _ret' ] [ &_a <- { _a with current = _ret'.final } ] s8) + | s7 = Borrow.borrow_final {_a.current} {Borrow.get_id _a} + (fun (_ret':borrowed Int32.t) -> [ &_8 <- _ret' ] [ &_a <- { _a with current = _ret'.final } ] s8) | s8 = inc'0 {_8} (fun (_ret':()) -> [ &_7 <- _ret' ] s9) | s9 = bb1 ] @@ -791,7 +772,7 @@ module M_borrows__frozen_dead [#"borrows.rs" 69 0 69 66] [ & _0 : () = any_l () | & x : borrowed (t_NonZero'0) = x | & y : borrowed (t_NonZero'0) = y - | & _a : borrowed int32 = any_l () + | & _a : borrowed Int32.t = any_l () | & _6 : borrowed (t_NonZero'0) = any_l () | & _7 : () = any_l () | & _8 : borrowed Int32.t = any_l () ] @@ -811,22 +792,22 @@ module M_borrows__qyi5556307355051076399__foo [#"borrows.rs" 93 4 93 25] (* SumT use prelude.prelude.Borrow + use prelude.prelude.Int + use prelude.prelude.Int32 type t_SumTo10'0 = - { t_SumTo10__a'0: int32; t_SumTo10__b'0: int32 } - - use prelude.prelude.Int + { t_SumTo10__a'0: Int32.t; t_SumTo10__b'0: Int32.t } use prelude.prelude.Int32 function view'0 (self : borrowed Int32.t) : int = [%#smodel6] Int32.to_int self.current - constant v_MAX'0 : int32 = (2147483647 : int32) + constant v_MAX'0 : Int32.t = (2147483647 : Int32.t) - let rec inc'0 (x:borrowed int32) (return' (ret:()))= {[@expl:inc requires] [%#sborrows2] view'0 x - < Int32.to_int (v_MAX'0 : int32)} + let rec inc'0 (x:borrowed Int32.t) (return' (ret:()))= {[@expl:inc requires] [%#sborrows2] view'0 x + < Int32.to_int (v_MAX'0 : Int32.t)} any [ return' (result:())-> {[%#sborrows3] Int32.to_int x.final = view'0 x + 1} (! return' {result}) ] predicate resolve'2 (self : borrowed Int32.t) = @@ -835,10 +816,10 @@ module M_borrows__qyi5556307355051076399__foo [#"borrows.rs" 93 4 93 25] (* SumT predicate resolve'0 (_1 : borrowed Int32.t) = resolve'2 _1 - constant v_MIN'0 : int32 = (-2147483648 : int32) + constant v_MIN'0 : Int32.t = (-2147483648 : Int32.t) - let rec dec'0 (x:borrowed int32) (return' (ret:()))= {[@expl:dec requires] [%#sborrows4] view'0 x - > Int32.to_int (v_MIN'0 : int32)} + let rec dec'0 (x:borrowed Int32.t) (return' (ret:()))= {[@expl:dec requires] [%#sborrows4] view'0 x + > Int32.to_int (v_MIN'0 : Int32.t)} any [ return' (result:())-> {[%#sborrows5] Int32.to_int x.final = view'0 x - 1} (! return' {result}) ] predicate invariant'1 [#"borrows.rs" 86 4 86 30] (self : t_SumTo10'0) = @@ -870,28 +851,28 @@ module M_borrows__qyi5556307355051076399__foo [#"borrows.rs" 93 4 93 25] (* SumT meta "compute_max_steps" 1000000 let rec foo'0 (self:borrowed (t_SumTo10'0)) (return' (ret:()))= {[@expl:foo 'self' type invariant] [%#sborrows0] inv'0 self} - {[@expl:foo requires] [%#sborrows1] Int32.to_int (self.current).t_SumTo10__a'0 < Int32.to_int (v_MAX'0 : int32)} + {[@expl:foo requires] [%#sborrows1] Int32.to_int (self.current).t_SumTo10__a'0 < Int32.to_int (v_MAX'0 : Int32.t)} (! bb0 [ bb0 = s0 - [ s0 = Borrow.borrow_final {(self.current).t_SumTo10__a'0} {Borrow.inherit_id (Borrow.get_id self) 1} - (fun (_ret':borrowed int32) -> + [ s0 = Borrow.borrow_final {(self.current).t_SumTo10__a'0} {Borrow.inherit_id (Borrow.get_id self) 1} + (fun (_ret':borrowed Int32.t) -> [ &_5 <- _ret' ] [ &self <- { self with current = { self.current with t_SumTo10__a'0 = _ret'.final } } ] s1) - | s1 = Borrow.borrow_final {_5.current} {Borrow.get_id _5} - (fun (_ret':borrowed int32) -> [ &_4 <- _ret' ] [ &_5 <- { _5 with current = _ret'.final } ] s2) + | s1 = Borrow.borrow_final {_5.current} {Borrow.get_id _5} + (fun (_ret':borrowed Int32.t) -> [ &_4 <- _ret' ] [ &_5 <- { _5 with current = _ret'.final } ] s2) | s2 = inc'0 {_4} (fun (_ret':()) -> [ &_3 <- _ret' ] s3) | s3 = bb1 ] | bb1 = s0 [ s0 = -{resolve'0 _5}- s1 - | s1 = Borrow.borrow_final {(self.current).t_SumTo10__b'0} {Borrow.inherit_id (Borrow.get_id self) 2} - (fun (_ret':borrowed int32) -> + | s1 = Borrow.borrow_final {(self.current).t_SumTo10__b'0} {Borrow.inherit_id (Borrow.get_id self) 2} + (fun (_ret':borrowed Int32.t) -> [ &_8 <- _ret' ] [ &self <- { self with current = { self.current with t_SumTo10__b'0 = _ret'.final } } ] s2) - | s2 = Borrow.borrow_final {_8.current} {Borrow.get_id _8} - (fun (_ret':borrowed int32) -> [ &_7 <- _ret' ] [ &_8 <- { _8 with current = _ret'.final } ] s3) + | s2 = Borrow.borrow_final {_8.current} {Borrow.get_id _8} + (fun (_ret':borrowed Int32.t) -> [ &_7 <- _ret' ] [ &_8 <- { _8 with current = _ret'.final } ] s3) | s3 = dec'0 {_7} (fun (_ret':()) -> [ &_6 <- _ret' ] s4) | s4 = bb2 ] @@ -919,15 +900,13 @@ module M_borrows__inc [#"borrows.rs" 101 0 101 23] let%span smodel3 = "../../../../creusot-contracts/src/model.rs" 106 8 106 22 let%span sresolve4 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 - use prelude.prelude.Int128.to_int - - use prelude.prelude.Int128 + use prelude.prelude.Int32 - use prelude.prelude.Int32.to_int + use prelude.prelude.Int use prelude.prelude.Borrow - predicate resolve'1 (self : borrowed int32) = + predicate resolve'1 (self : borrowed Int32.t) = [%#sresolve4] self.final = self.current predicate resolve'0 (_1 : borrowed Int32.t) = @@ -935,27 +914,25 @@ module M_borrows__inc [#"borrows.rs" 101 0 101 23] use prelude.prelude.Intrinsic - use prelude.prelude.Int - use prelude.prelude.Int32 - function view'0 (self : borrowed int32) : int = + function view'0 (self : borrowed Int32.t) : int = [%#smodel3] Int32.to_int self.current - constant v_MAX'0 : int32 = (2147483647 : int32) + constant v_MAX'0 : Int32.t = (2147483647 : Int32.t) meta "compute_max_steps" 1000000 - let rec inc'0 (x:borrowed int32) (return' (ret:()))= {[@expl:inc requires] [%#sborrows1] view'0 x - < Int32.to_int (v_MAX'0 : int32)} + let rec inc'0 (x:borrowed Int32.t) (return' (ret:()))= {[@expl:inc requires] [%#sborrows1] view'0 x + < Int32.to_int (v_MAX'0 : Int32.t)} (! bb0 [ bb0 = s0 - [ s0 = Int32.add {x.current} {[%#sborrows0] (1 : int32)} - (fun (_ret':int32) -> [ &x <- { x with current = _ret' } ] s1) + [ s0 = Int32.add {x.current} {[%#sborrows0] (1 : Int32.t)} + (fun (_ret':Int32.t) -> [ &x <- { x with current = _ret' } ] s1) | s1 = -{resolve'0 x}- s2 | s2 = return' {_0} ] ] - ) [ & _0 : () = any_l () | & x : borrowed int32 = x ] + ) [ & _0 : () = any_l () | & x : borrowed Int32.t = x ] [ return' (result:())-> {[@expl:inc ensures] [%#sborrows2] Int32.to_int x.final = view'0 x + 1} (! return' {result}) ] @@ -967,15 +944,13 @@ module M_borrows__dec [#"borrows.rs" 107 0 107 23] let%span smodel3 = "../../../../creusot-contracts/src/model.rs" 106 8 106 22 let%span sresolve4 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 - use prelude.prelude.Int128.to_int - - use prelude.prelude.Int128 + use prelude.prelude.Int32 - use prelude.prelude.Int32.to_int + use prelude.prelude.Int use prelude.prelude.Borrow - predicate resolve'1 (self : borrowed int32) = + predicate resolve'1 (self : borrowed Int32.t) = [%#sresolve4] self.final = self.current predicate resolve'0 (_1 : borrowed Int32.t) = @@ -983,27 +958,25 @@ module M_borrows__dec [#"borrows.rs" 107 0 107 23] use prelude.prelude.Intrinsic - use prelude.prelude.Int - use prelude.prelude.Int32 - function view'0 (self : borrowed int32) : int = + function view'0 (self : borrowed Int32.t) : int = [%#smodel3] Int32.to_int self.current - constant v_MIN'0 : int32 = (-2147483648 : int32) + constant v_MIN'0 : Int32.t = (-2147483648 : Int32.t) meta "compute_max_steps" 1000000 - let rec dec'0 (x:borrowed int32) (return' (ret:()))= {[@expl:dec requires] [%#sborrows1] view'0 x - > Int32.to_int (v_MIN'0 : int32)} + let rec dec'0 (x:borrowed Int32.t) (return' (ret:()))= {[@expl:dec requires] [%#sborrows1] view'0 x + > Int32.to_int (v_MIN'0 : Int32.t)} (! bb0 [ bb0 = s0 - [ s0 = Int32.sub {x.current} {[%#sborrows0] (1 : int32)} - (fun (_ret':int32) -> [ &x <- { x with current = _ret' } ] s1) + [ s0 = Int32.sub {x.current} {[%#sborrows0] (1 : Int32.t)} + (fun (_ret':Int32.t) -> [ &x <- { x with current = _ret' } ] s1) | s1 = -{resolve'0 x}- s2 | s2 = return' {_0} ] ] - ) [ & _0 : () = any_l () | & x : borrowed int32 = x ] + ) [ & _0 : () = any_l () | & x : borrowed Int32.t = x ] [ return' (result:())-> {[@expl:dec ensures] [%#sborrows2] Int32.to_int x.final = view'0 x - 1} (! return' {result}) ] diff --git a/creusot/tests/should_succeed/100doors.coma b/creusot/tests/should_succeed/100doors.coma index 4dc28cce31..0911156d2a 100644 --- a/creusot/tests/should_succeed/100doors.coma +++ b/creusot/tests/should_succeed/100doors.coma @@ -37,14 +37,16 @@ module M_100doors__f [#"100doors.rs" 18 0 18 10] let%span srange35 = "../../../creusot-contracts/src/std/iter/range.rs" 42 15 42 32 let%span srange36 = "../../../creusot-contracts/src/std/iter/range.rs" 43 15 43 32 let%span srange37 = "../../../creusot-contracts/src/std/iter/range.rs" 44 14 44 42 - let%span snum38 = "../../../creusot-contracts/src/std/num.rs" 21 28 21 33 + let%span snum38 = "../../../creusot-contracts/src/std/num.rs" 52 28 52 33 let%span srange39 = "../../../creusot-contracts/src/std/iter/range.rs" 15 12 15 78 let%span sresolve40 = "../../../creusot-contracts/src/resolve.rs" 54 20 54 34 let%span smodel41 = "../../../creusot-contracts/src/model.rs" 88 8 88 22 - let%span sslice42 = "../../../creusot-contracts/src/std/slice.rs" 122 20 122 37 - let%span sslice43 = "../../../creusot-contracts/src/std/slice.rs" 129 20 129 37 + let%span sslice42 = "../../../creusot-contracts/src/std/slice.rs" 140 20 140 37 + let%span sslice43 = "../../../creusot-contracts/src/std/slice.rs" 147 20 147 37 let%span smodel44 = "../../../creusot-contracts/src/model.rs" 106 8 106 22 - let%span sslice45 = "../../../creusot-contracts/src/std/slice.rs" 136 20 136 94 + let%span sslice45 = "../../../creusot-contracts/src/std/slice.rs" 154 20 154 94 + + use prelude.prelude.Int use prelude.prelude.UInt64 @@ -61,13 +63,13 @@ module M_100doors__f [#"100doors.rs" 18 0 18 10] { t_Unique__pointer'0: t_NonNull'0; t_Unique__qy95zmarker'0: () } type t_Cap'0 = - { t_Cap__0'0: usize } + { t_Cap__0'0: UInt64.t } type t_RawVec'0 = { t_RawVec__ptr'0: t_Unique'0; t_RawVec__cap'0: t_Cap'0; t_RawVec__alloc'0: () } type t_Vec'0 = - { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: usize } + { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: UInt64.t } predicate inv'3 (_1 : t_Vec'0) @@ -75,33 +77,31 @@ module M_100doors__f [#"100doors.rs" 18 0 18 10] use seq.Seq - constant v_MAX'0 : usize = (18446744073709551615 : usize) - - use prelude.prelude.UInt64.to_uint + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.Int + use prelude.prelude.UInt64 use seq.Seq function view'0 (self : t_Vec'0) : Seq.seq bool - axiom view'0_spec : forall self : t_Vec'0 . [%#svec17] Seq.length (view'0 self) <= UIntSize.to_int (v_MAX'0 : usize) + axiom view'0_spec : forall self : t_Vec'0 . [%#svec17] Seq.length (view'0 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) use seq.Seq function index_logic'0 [@inline:trivial] (self : t_Vec'0) (ix : int) : bool = [%#sops27] Seq.get (view'0 self) ix - let rec from_elem'0 (elem:bool) (n:usize) (return' (ret:t_Vec'0))= {[@expl:from_elem 'elem' type invariant] inv'2 elem} + let rec from_elem'0 (elem:bool) (n:UInt64.t) (return' (ret:t_Vec'0))= {[@expl:from_elem 'elem' type invariant] inv'2 elem} any [ return' (result:t_Vec'0)-> {inv'3 result} - {[%#svec14] Seq.length (view'0 result) = UIntSize.to_int n} - {[%#svec15] forall i : int . 0 <= i /\ i < UIntSize.to_int n -> index_logic'0 result i = elem} + {[%#svec14] Seq.length (view'0 result) = UInt64.to_uint n} + {[%#svec15] forall i : int . 0 <= i /\ i < UInt64.to_uint n -> index_logic'0 result i = elem} (! return' {result}) ] type t_Range'0 = - { t_Range__start'0: usize; t_Range__end'0: usize } + { t_Range__start'0: UInt64.t; t_Range__end'0: UInt64.t } predicate inv'0 (_1 : t_Range'0) @@ -131,14 +131,14 @@ module M_100doors__f [#"100doors.rs" 18 0 18 10] use seq.Seq - function deep_model'0 (self : usize) : int = - [%#snum38] UIntSize.to_int self + function deep_model'0 (self : UInt64.t) : int = + [%#snum38] UInt64.to_uint self use seq.Seq use seq.Seq - predicate produces'0 (self : t_Range'0) (visited : Seq.seq usize) (o : t_Range'0) = + predicate produces'0 (self : t_Range'0) (visited : Seq.seq UInt64.t) (o : t_Range'0) = [%#srange18] self.t_Range__end'0 = o.t_Range__end'0 /\ deep_model'0 self.t_Range__start'0 <= deep_model'0 o.t_Range__start'0 /\ (Seq.length visited > 0 -> deep_model'0 o.t_Range__start'0 <= deep_model'0 o.t_Range__end'0) @@ -146,10 +146,10 @@ module M_100doors__f [#"100doors.rs" 18 0 18 10] /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> deep_model'0 (Seq.get visited i) = deep_model'0 self.t_Range__start'0 + i) - function produces_trans'0 (a : t_Range'0) (ab : Seq.seq usize) (b : t_Range'0) (bc : Seq.seq usize) (c : t_Range'0) : () + function produces_trans'0 (a : t_Range'0) (ab : Seq.seq UInt64.t) (b : t_Range'0) (bc : Seq.seq UInt64.t) (c : t_Range'0) : () - axiom produces_trans'0_spec : forall a : t_Range'0, ab : Seq.seq usize, b : t_Range'0, bc : Seq.seq usize, c : t_Range'0 . ([%#srange32] inv'0 a) + axiom produces_trans'0_spec : forall a : t_Range'0, ab : Seq.seq UInt64.t, b : t_Range'0, bc : Seq.seq UInt64.t, c : t_Range'0 . ([%#srange32] inv'0 a) -> ([%#srange33] inv'0 b) -> ([%#srange34] inv'0 c) -> ([%#srange35] produces'0 a ab b) @@ -158,13 +158,13 @@ module M_100doors__f [#"100doors.rs" 18 0 18 10] function produces_refl'0 (self : t_Range'0) : () axiom produces_refl'0_spec : forall self : t_Range'0 . ([%#srange30] inv'0 self) - -> ([%#srange31] produces'0 self (Seq.empty : Seq.seq usize) self) + -> ([%#srange31] produces'0 self (Seq.empty : Seq.seq UInt64.t) self) use prelude.prelude.Snapshot - predicate inv'1 (_1 : Seq.seq usize) + predicate inv'1 (_1 : Seq.seq UInt64.t) - axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq usize [inv'1 x] . inv'1 x = true + axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq UInt64.t [inv'1 x] . inv'1 x = true use prelude.prelude.Borrow @@ -174,7 +174,7 @@ module M_100doors__f [#"100doors.rs" 18 0 18 10] type t_Option'0 = | C_None'0 - | C_Some'0 usize + | C_Some'0 UInt64.t predicate inv'5 (_1 : t_Option'0) @@ -202,33 +202,33 @@ module M_100doors__f [#"100doors.rs" 18 0 18 10] predicate resolve'0 (_1 : borrowed (t_Range'0)) = resolve'2 _1 - let rec v_Some'0 (input:t_Option'0) (ret (field_0:usize))= any - [ good (field_0:usize)-> {C_Some'0 field_0 = input} (! ret {field_0}) - | bad -> {forall field_0 : usize [C_Some'0 field_0 : t_Option'0] . C_Some'0 field_0 <> input} (! {false} any) ] + let rec v_Some'0 (input:t_Option'0) (ret (field_0:UInt64.t))= any + [ good (field_0:UInt64.t)-> {C_Some'0 field_0 = input} (! ret {field_0}) + | bad -> {forall field_0 : UInt64.t [C_Some'0 field_0 : t_Option'0] . C_Some'0 field_0 <> input} (! {false} any) ] predicate inv'6 (_1 : t_Vec'0) axiom inv_axiom'6 [@rewrite] : forall x : t_Vec'0 [inv'6 x] . inv'6 x = true - predicate inv'7 (_1 : usize) + predicate inv'7 (_1 : UInt64.t) - axiom inv_axiom'7 [@rewrite] : forall x : usize [inv'7 x] . inv'7 x = true + axiom inv_axiom'7 [@rewrite] : forall x : UInt64.t [inv'7 x] . inv'7 x = true function view'1 (self : t_Vec'0) : Seq.seq bool = [%#smodel41] view'0 self - predicate in_bounds'0 [@inline:trivial] (self : usize) (seq : Seq.seq bool) = - [%#sslice42] UIntSize.to_int self < Seq.length seq + predicate in_bounds'0 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq bool) = + [%#sslice42] UInt64.to_uint self < Seq.length seq predicate inv'8 (_1 : bool) axiom inv_axiom'8 [@rewrite] : forall x : bool [inv'8 x] . inv'8 x = true - predicate has_value'0 [@inline:trivial] (self : usize) (seq : Seq.seq bool) (out : bool) = - [%#sslice43] Seq.get seq (UIntSize.to_int self) = out + predicate has_value'0 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq bool) (out : bool) = + [%#sslice43] Seq.get seq (UInt64.to_uint self) = out - let rec index'0 (self:t_Vec'0) (index:usize) (return' (ret:bool))= {[@expl:index 'self' type invariant] inv'6 self} + let rec index'0 (self:t_Vec'0) (index:UInt64.t) (return' (ret:bool))= {[@expl:index 'self' type invariant] inv'6 self} {[@expl:index 'index' type invariant] inv'7 index} {[@expl:index requires] [%#svec20] in_bounds'0 index (view'1 self)} any @@ -246,11 +246,11 @@ module M_100doors__f [#"100doors.rs" 18 0 18 10] axiom inv_axiom'10 [@rewrite] : forall x : borrowed bool [inv'10 x] . inv'10 x = true - predicate resolve_elswhere'0 [@inline:trivial] (self : usize) (old' : Seq.seq bool) (fin : Seq.seq bool) = - [%#sslice45] forall i : int . 0 <= i /\ i <> UIntSize.to_int self /\ i < Seq.length old' + predicate resolve_elswhere'0 [@inline:trivial] (self : UInt64.t) (old' : Seq.seq bool) (fin : Seq.seq bool) = + [%#sslice45] forall i : int . 0 <= i /\ i <> UInt64.to_uint self /\ i < Seq.length old' -> Seq.get old' i = Seq.get fin i - let rec index_mut'0 (self:borrowed (t_Vec'0)) (index:usize) (return' (ret:borrowed bool))= {[@expl:index_mut 'self' type invariant] inv'9 self} + let rec index_mut'0 (self:borrowed (t_Vec'0)) (index:UInt64.t) (return' (ret:borrowed bool))= {[@expl:index_mut 'self' type invariant] inv'9 self} {[@expl:index_mut 'index' type invariant] inv'7 index} {[@expl:index_mut requires] [%#svec22] in_bounds'0 index (view'2 self)} any @@ -278,13 +278,14 @@ module M_100doors__f [#"100doors.rs" 18 0 18 10] let rec f'0 (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 - [ s0 = from_elem'0 {[%#s100doors0] false} {[%#s100doors1] (100 : usize)} + [ s0 = from_elem'0 {[%#s100doors0] false} {[%#s100doors1] (100 : UInt64.t)} (fun (_ret':t_Vec'0) -> [ &door_open <- _ret' ] s1) | s1 = bb1 ] | bb1 = s0 [ s0 = - [ &_3 <- { t_Range__start'0 = ([%#s100doors2] (1 : usize)); t_Range__end'0 = ([%#s100doors3] (101 : usize)) } ] + [ &_3 <- { t_Range__start'0 = ([%#s100doors2] (1 : UInt64.t)); + t_Range__end'0 = ([%#s100doors3] (101 : UInt64.t)) } ] s1 | s1 = into_iter'0 {_3} (fun (_ret':t_Range'0) -> [ &iter <- _ret' ] s2) @@ -313,11 +314,11 @@ module M_100doors__f [#"100doors.rs" 18 0 18 10] | bb8 = s0 [ s0 = -{resolve'0 _15}- s1 - | s1 = any [ br0 -> {_13 = C_None'0 } (! bb11) | br1 (x0:usize)-> {_13 = C_Some'0 x0} (! bb10) ] ] + | s1 = any [ br0 -> {_13 = C_None'0 } (! bb11) | br1 (x0:UInt64.t)-> {_13 = C_Some'0 x0} (! bb10) ] ] | bb10 = bb12 | bb12 = s0 - [ s0 = v_Some'0 {_13} (fun (r0'0:usize) -> [ &__creusot_proc_iter_elem <- r0'0 ] s1) + [ s0 = v_Some'0 {_13} (fun (r0'0:UInt64.t) -> [ &__creusot_proc_iter_elem <- r0'0 ] s1) | s1 = [ &_18 <- [%#s100doors8] Snapshot.new (Seq.(++) (Snapshot.inner produced) (Seq.singleton __creusot_proc_iter_elem)) ] @@ -332,8 +333,8 @@ module M_100doors__f [#"100doors.rs" 18 0 18 10] | bb14 = bb15 | bb15 = bb15 - [ bb15 = {[@expl:loop invariant #0] [%#s100doors10] 1 <= UIntSize.to_int door - /\ UIntSize.to_int door <= 100 + UIntSize.to_int pass} + [ bb15 = {[@expl:loop invariant #0] [%#s100doors10] 1 <= UInt64.to_uint door + /\ UInt64.to_uint door <= 100 + UInt64.to_uint pass} {[@expl:loop invariant #1] [%#s100doors9] Seq.length (view'0 door_open) = 100} (! s0) [ s0 = bb16 ] [ bb16 = s0 @@ -348,7 +349,7 @@ module M_100doors__f [#"100doors.rs" 18 0 18 10] | bb18 = s0 [ s0 = Borrow.borrow_mut {door_open} (fun (_ret':borrowed (t_Vec'0)) -> [ &_32 <- _ret' ] [ &door_open <- _ret'.final ] s1) - | s1 = UIntSize.sub {door} {[%#s100doors13] (1 : usize)} (fun (_ret':usize) -> [ &_33 <- _ret' ] s2) + | s1 = UInt64.sub {door} {[%#s100doors13] (1 : UInt64.t)} (fun (_ret':UInt64.t) -> [ &_33 <- _ret' ] s2) | s2 = index_mut'0 {_32} {_33} (fun (_ret':borrowed bool) -> [ &_31 <- _ret' ] s3) | s3 = bb19 ] @@ -371,19 +372,19 @@ module M_100doors__f [#"100doors.rs" 18 0 18 10] | & iter : t_Range'0 = any_l () | & _3 : t_Range'0 = any_l () | & iter_old : Snapshot.snap_ty (t_Range'0) = any_l () - | & produced : Snapshot.snap_ty (Seq.seq usize) = any_l () + | & produced : Snapshot.snap_ty (Seq.seq UInt64.t) = any_l () | & _13 : t_Option'0 = any_l () | & _14 : borrowed (t_Range'0) = any_l () | & _15 : borrowed (t_Range'0) = any_l () - | & __creusot_proc_iter_elem : usize = any_l () - | & _18 : Snapshot.snap_ty (Seq.seq usize) = any_l () - | & pass : usize = any_l () - | & door : usize = any_l () + | & __creusot_proc_iter_elem : UInt64.t = any_l () + | & _18 : Snapshot.snap_ty (Seq.seq UInt64.t) = any_l () + | & pass : UInt64.t = any_l () + | & door : UInt64.t = any_l () | & _24 : bool = any_l () | & _27 : bool = any_l () | & _29 : UInt64.t = any_l () | & _31 : borrowed bool = any_l () | & _32 : borrowed (t_Vec'0) = any_l () - | & _33 : usize = any_l () ] + | & _33 : UInt64.t = any_l () ] [ return' (result:())-> (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/100doors/why3session.xml b/creusot/tests/should_succeed/100doors/why3session.xml index 3ca0cf89c3..f56a58b1dd 100644 --- a/creusot/tests/should_succeed/100doors/why3session.xml +++ b/creusot/tests/should_succeed/100doors/why3session.xml @@ -7,7 +7,7 @@ - + diff --git a/creusot/tests/should_succeed/100doors/why3shapes.gz b/creusot/tests/should_succeed/100doors/why3shapes.gz index a61fbaff788afed87a89bc02a45c5ed940ea16a1..e04b8d59890f65c7ea05c7298f3d8283f9a81cee 100644 GIT binary patch literal 595 zcmV-Z0<8TXiwFP!00000|E*L_kJB&^z2{f-R@fDi$Id6(MJh;^b71!X8gYxJt-Fm# zlah}X`1ROnoVK)Eap3mm`OSD{Jf1gqlV(j@-As16Zt|*pKM5yyZ@u;h<>hY5kx2&} zClI6q9z8r#q05(cO}kw0rwlo@Ro3NYOS|mz?Aw${=g3e<2Rz!=)v{aY##lbx-(!Fg z#_1^?UNF8@T#m@GA;M6N zMUIUSd^sY=#t4BNkz*5tP>yKKj3Gqw2)(B#dZbU;mujPJcVpzn>%^YX-!CBi1u!$*{d^Z4&*aE zycUkyeU)viy{@w+|E*K1byF2PJq4Oqb!`ro)6MssBo&ROuXU$Qk5Gsn(kd^hKoL@I zvJTTL?Kva(X-pLM97QnRndze0uXSyjO-(m9iJETRa6I0U(%RIzqoTX??Xz%+-V(lY z$)c-kZQC}?z8Mt}%9+90yz0tj^N)dMhglu92RnJCCC7;vW52udf;LR|qI6Hp$w~-_XoFjvi0}{007H%AC>?B literal 571 zcmV-B0>u3viwFP!00000|D9A#kDD+Mz4I$_OS@4ekIk2>=71_$=Fq*g8tn~Dh`T{0 zkOe~2e_uf`kSx2cdV7AJ8Ncy7`@_SkKG4b3tJYL?Ru-RE{_5eQ)4Whtv}=w`SztMV zpe%6c%a(FeJU0hwGjmxp3Js>=O2HT9aIOPdXP7+@IB zY5x`DqKAGw)CesY8CTtum1K^m<~K^aFGneWF!a?S%en|dXC1Pvhrrc{EbAi--E_#Z z0fMVWWZ4kGQzNphMDW#!Mr8~kP!n_>A8AWplkerxbe9_<_tktI(ft5~mjYu^H<{}s zP)OQzoLzI-?WQp8$8-}sVwh4?L|KvS%5$-=mm^}TOkL)!Sp)6LswyvLzdruTNKsxJ z`ca+DBW+Q*J*1ymK{<+$vOS70Ug+b7;PaX&x_uP>cxGbq`f@N;cPk=zFJ-D9(}C)w zrTje4>QA=fmP6hsoSv)7beA%C6Bvqces6y*5e?=M!4=6jnx3W=(5F|kNa1E!ivf3y ziK{B;&v4_xt-`%mKZ_f+ifDKUg3XnQ|5Fxs7U8``7QD@_-kzR0Wkq2sD$E5zP7B&> zt_$Rx>a2LqO;Z-gCGtTo8xj0N+Mud;ay)-plW@jfCh2Oy&%O4$r 1 + len'0 ls @@ -31,7 +31,7 @@ module M_all_zero__all_zero [#"all_zero.rs" 34 0 34 29] type t_Option'0 = | C_None'0 - | C_Some'0 uint32 + | C_Some'0 UInt32.t function get'0 [#"all_zero.rs" 21 4 21 40] (self : t_List'0) (ix : int) : t_Option'0 = [%#sall_zero7] match self with @@ -39,15 +39,15 @@ module M_all_zero__all_zero [#"all_zero.rs" 34 0 34 29] | C_Nil'0 -> C_None'0 end - let rec v_Cons'0 (input:t_List'0) (ret (field_0:uint32) (field_1:t_List'0))= any - [ good (field_0:uint32) (field_1:t_List'0)-> {C_Cons'0 field_0 field_1 = input} (! ret {field_0} {field_1}) - | bad -> {forall field_0 : uint32, field_1 : t_List'0 [C_Cons'0 field_0 field_1 : t_List'0] . C_Cons'0 field_0 field_1 + let rec v_Cons'0 (input:t_List'0) (ret (field_0:UInt32.t) (field_1:t_List'0))= any + [ good (field_0:UInt32.t) (field_1:t_List'0)-> {C_Cons'0 field_0 field_1 = input} (! ret {field_0} {field_1}) + | bad -> {forall field_0 : UInt32.t, field_1 : t_List'0 [C_Cons'0 field_0 field_1 : t_List'0] . C_Cons'0 field_0 field_1 <> input} (! {false} any) ] - predicate resolve'3 (self : borrowed uint32) = + predicate resolve'3 (self : borrowed UInt32.t) = [%#sresolve8] self.final = self.current predicate resolve'0 (_1 : borrowed UInt32.t) = @@ -76,33 +76,33 @@ module M_all_zero__all_zero [#"all_zero.rs" 34 0 34 29] | bb1 = s0 [ s0 = [ &loop_l <- l ] s1 | s1 = bb2 ] | bb2 = bb2 [ bb2 = {[@expl:loop invariant #0] [%#sall_zero2] (forall i : int . 0 <= i /\ i < len'0 loop_l.current - -> get'0 loop_l.final i = C_Some'0 (0 : uint32)) + -> get'0 loop_l.final i = C_Some'0 (0 : UInt32.t)) -> (forall i : int . 0 <= i /\ i < len'0 (Snapshot.inner old_l).current - -> get'0 (Snapshot.inner old_l).final i = C_Some'0 (0 : uint32))} + -> get'0 (Snapshot.inner old_l).final i = C_Some'0 (0 : UInt32.t))} {[@expl:loop invariant #1] [%#sall_zero1] len'0 loop_l.final = len'0 loop_l.current -> len'0 (Snapshot.inner old_l).final = len'0 (Snapshot.inner old_l).current} (! s0) [ s0 = bb3 ] [ bb3 = any - [ br0 (x0:uint32) (x1:t_List'0)-> {loop_l.current = C_Cons'0 x0 x1} (! bb4) + [ br0 (x0:UInt32.t) (x1:t_List'0)-> {loop_l.current = C_Cons'0 x0 x1} (! bb4) | br1 -> {loop_l.current = C_Nil'0 } (! bb6) ] | bb4 = bb5 | bb5 = s0 [ s0 = v_Cons'0 {loop_l.current} - (fun (r0'0:uint32) (r1'0:t_List'0) -> - Borrow.borrow_final {r0'0} {Borrow.inherit_id (Borrow.get_id loop_l) 1} - (fun (_ret':borrowed uint32) -> + (fun (r0'0:UInt32.t) (r1'0:t_List'0) -> + Borrow.borrow_final {r0'0} {Borrow.inherit_id (Borrow.get_id loop_l) 1} + (fun (_ret':borrowed UInt32.t) -> [ &value <- _ret' ] [ &loop_l <- { loop_l with current = C_Cons'0 _ret'.final r1'0 } ] s1)) | s1 = v_Cons'0 {loop_l.current} - (fun (r0'1:uint32) (r1'1:t_List'0) -> + (fun (r0'1:UInt32.t) (r1'1:t_List'0) -> Borrow.borrow_final {r1'1} {Borrow.inherit_id (Borrow.get_id loop_l) 2} (fun (_ret':borrowed (t_List'0)) -> [ &next <- _ret' ] [ &loop_l <- { loop_l with current = C_Cons'0 r0'1 _ret'.final } ] s2)) - | s2 = [ &value <- { value with current = ([%#sall_zero3] (0 : uint32)) } ] s3 + | s2 = [ &value <- { value with current = ([%#sall_zero3] (0 : UInt32.t)) } ] s3 | s3 = -{resolve'0 value}- s4 | s4 = Borrow.borrow_final {next.current} {Borrow.get_id next} (fun (_ret':borrowed (t_List'0)) -> @@ -122,12 +122,12 @@ module M_all_zero__all_zero [#"all_zero.rs" 34 0 34 29] | & l : borrowed (t_List'0) = l | & old_l : Snapshot.snap_ty (borrowed (t_List'0)) = any_l () | & loop_l : borrowed (t_List'0) = any_l () - | & value : borrowed uint32 = any_l () + | & value : borrowed UInt32.t = any_l () | & next : borrowed (t_List'0) = any_l () | & _13 : borrowed (t_List'0) = any_l () ] [ return' (result:())-> {[@expl:all_zero ensures #0] [%#sall_zero4] forall i : int . 0 <= i /\ i < len'0 l.current - -> get'0 l.final i = C_Some'0 (0 : uint32)} + -> get'0 l.final i = C_Some'0 (0 : UInt32.t)} {[@expl:all_zero ensures #1] [%#sall_zero5] len'0 l.current = len'0 l.final} (! return' {result}) ] diff --git a/creusot/tests/should_succeed/all_zero/why3session.xml b/creusot/tests/should_succeed/all_zero/why3session.xml index ad7e773d23..ed042a53a1 100644 --- a/creusot/tests/should_succeed/all_zero/why3session.xml +++ b/creusot/tests/should_succeed/all_zero/why3session.xml @@ -7,7 +7,7 @@ - + diff --git a/creusot/tests/should_succeed/all_zero/why3shapes.gz b/creusot/tests/should_succeed/all_zero/why3shapes.gz index 0cf5c3d6c4c586c414374ba8ce22a1ea5e18aaa7..e28f0e05aa3dce2eec448e41f4ccdc3857cef957 100644 GIT binary patch literal 398 zcmV;90df8xiwFP!00000|D{wtZ-X!p-T4)4w3&P)fL$d6iiFCNrIJ_VfYYE76B(MQ z|GozW;y6t^WHNVt_wM7Jd78P+UL0lPo}_NdTD`cTJ9~D-N>oyLMC6}ZOVx5R*t=4R zijx=t@3Or(xG&b(TYZoo$w?}fXj=raSgvx!C8^M|sjHLpfJ2HzBLt9QQ&t{{Hyd=X zvvsW+kMMwp7ff>H?~xpU)3`ecXU0960P)mHU#TdSl3FNvo?05H&6{)#;t-4~_#M9)WRyb87_5`s7J^B-2oz~Ph~=YL{RE~Q5telk+Fp$T zH0O&XeMr=)i|Y-A^e=&_Ee`!(V47Hz95) s_ABdu5RMZth{#Utg!H#jSVRRa1TaD%rvam+aN(6W-+5NnK~Mw$0KTiZ(f|Me literal 396 zcmV;70dxKziwFP!00000|D{y1Zi6rs-1!PN+D?8Z7+jSBA)&Hlsq|L#YMd4|F%hJR z`u7zSi0d}(kjY@*o!`B)eRJpcue8^_f7D&ywC3Iy{@txdDQ&e07^(NJ)8>F|`rkB$ zw#YI{=|vyT6UZsAp4y!bm|`V8Aa?~adPo&RUX;}7zTF;m00y*3C9x*?LVW z zM-YyE5SP`bPJk%NSrQ>ah+U1?+WU(VTixUI+;&}i(si(V8wFO>m{;93hpMRu-C?jW z=gvq>rr>~@8bNU@l;0`92Ys7lmBMU}VkmzWf}jRQiV#j=ag@c_fn|>v6Dw%GVc?jjMwQ<1ONb^)4H($ diff --git a/creusot/tests/should_succeed/bdd.coma b/creusot/tests/should_succeed/bdd.coma index 72be419124..5880baf3b8 100644 --- a/creusot/tests/should_succeed/bdd.coma +++ b/creusot/tests/should_succeed/bdd.coma @@ -4,14 +4,14 @@ module M_bdd__hashmap__qyi11648407051195780326__hash [#"bdd.rs" 79 8 79 29] (* < let%span sbdd2 = "bdd.rs" 78 18 78 62 let%span sbdd3 = "bdd.rs" 35 17 35 21 let%span sbdd4 = "bdd.rs" 34 18 34 62 - let%span snum5 = "../../../creusot-contracts/src/std/num.rs" 140 20 140 93 - let%span snum6 = "../../../creusot-contracts/src/std/num.rs" 144 20 145 51 - let%span snum7 = "../../../creusot-contracts/src/std/num.rs" 151 20 153 92 - let%span snum8 = "../../../creusot-contracts/src/std/num.rs" 156 20 158 92 - let%span snum9 = "../../../creusot-contracts/src/std/num.rs" 140 20 140 93 - let%span snum10 = "../../../creusot-contracts/src/std/num.rs" 144 20 145 51 - let%span snum11 = "../../../creusot-contracts/src/std/num.rs" 151 20 153 92 - let%span snum12 = "../../../creusot-contracts/src/std/num.rs" 156 20 158 92 + let%span snum5 = "../../../creusot-contracts/src/std/num.rs" 183 20 183 93 + let%span snum6 = "../../../creusot-contracts/src/std/num.rs" 187 20 188 51 + let%span snum7 = "../../../creusot-contracts/src/std/num.rs" 194 20 196 92 + let%span snum8 = "../../../creusot-contracts/src/std/num.rs" 199 20 201 92 + let%span snum9 = "../../../creusot-contracts/src/std/num.rs" 183 20 183 93 + let%span snum10 = "../../../creusot-contracts/src/std/num.rs" 187 20 188 51 + let%span snum11 = "../../../creusot-contracts/src/std/num.rs" 194 20 196 92 + let%span snum12 = "../../../creusot-contracts/src/std/num.rs" 199 20 201 92 let%span smodel13 = "../../../creusot-contracts/src/model.rs" 79 8 79 28 let%span sbdd14 = "bdd.rs" 86 24 86 84 let%span stuples15 = "../../../creusot-contracts/src/std/tuples.rs" 29 28 29 57 @@ -30,7 +30,7 @@ module M_bdd__hashmap__qyi11648407051195780326__hash [#"bdd.rs" 79 8 79 29] (* < axiom inv_axiom'1 [@rewrite] : forall x : t_U'0 [inv'1 x] . inv'1 x = invariant'1 x - use prelude.prelude.UInt64.to_uint + use prelude.prelude.UInt64 type t_DeepModelTy'0 @@ -45,9 +45,10 @@ module M_bdd__hashmap__qyi11648407051195780326__hash [#"bdd.rs" 79 8 79 29] (* < use prelude.prelude.UInt64 - let rec hash'1 (self:t_U'0) (return' (ret:uint64))= {[@expl:hash 'self' type invariant] [%#sbdd3] inv'1 self} + let rec hash'1 (self:t_U'0) (return' (ret:UInt64.t))= {[@expl:hash 'self' type invariant] [%#sbdd3] inv'1 self} any - [ return' (result:uint64)-> {[%#sbdd4] UInt64.to_int result = hash_log'1 (deep_model'1 self)} (! return' {result}) ] + [ return' (result:UInt64.t)-> {[%#sbdd4] UInt64.to_uint result = hash_log'1 (deep_model'1 self)} + (! return' {result}) ] type t_V'0 @@ -70,9 +71,10 @@ module M_bdd__hashmap__qyi11648407051195780326__hash [#"bdd.rs" 79 8 79 29] (* < function hash_log'2 [#"bdd.rs" 38 8 38 49] (_1 : t_DeepModelTy'1) : int - let rec hash'2 (self:t_V'0) (return' (ret:uint64))= {[@expl:hash 'self' type invariant] [%#sbdd3] inv'2 self} + let rec hash'2 (self:t_V'0) (return' (ret:UInt64.t))= {[@expl:hash 'self' type invariant] [%#sbdd3] inv'2 self} any - [ return' (result:uint64)-> {[%#sbdd4] UInt64.to_int result = hash_log'2 (deep_model'2 self)} (! return' {result}) ] + [ return' (result:UInt64.t)-> {[%#sbdd4] UInt64.to_uint result = hash_log'2 (deep_model'2 self)} + (! return' {result}) ] use prelude.prelude.UInt32 @@ -85,49 +87,49 @@ module M_bdd__hashmap__qyi11648407051195780326__hash [#"bdd.rs" 79 8 79 29] (* < use int.EuclideanDivision - constant v_MIN'0 : uint64 = (0 : uint64) + constant v_MIN'0 : UInt64.t = (0 : UInt64.t) - constant v_MAX'0 : uint64 = (18446744073709551615 : uint64) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - let rec wrapping_mul'0 (self:uint64) (rhs:uint64) (return' (ret:uint64))= any - [ return' (result:uint64)-> {[%#snum5] UInt64.to_int result - = EuclideanDivision.mod (UInt64.to_int self - * UInt64.to_int rhs) (Power.power 2 (UInt32.to_int (v_BITS'0 : uint32))) - + UInt64.to_int (v_MIN'0 : uint64)} - {[%#snum6] UInt64.to_int self * UInt64.to_int rhs >= UInt64.to_int (v_MIN'0 : uint64) - /\ UInt64.to_int self * UInt64.to_int rhs <= UInt64.to_int (v_MAX'0 : uint64) - -> UInt64.to_int result = UInt64.to_int self * UInt64.to_int rhs} - {[%#snum7] UInt64.to_int self * UInt64.to_int rhs < UInt64.to_int (v_MIN'0 : uint64) + let rec wrapping_mul'0 (self:UInt64.t) (rhs:UInt64.t) (return' (ret:UInt64.t))= any + [ return' (result:UInt64.t)-> {[%#snum5] UInt64.to_uint result + = EuclideanDivision.mod (UInt64.to_uint self + * UInt64.to_uint rhs) (Power.power 2 (UInt32.to_uint (v_BITS'0 : UInt32.t))) + + UInt64.to_uint (v_MIN'0 : UInt64.t)} + {[%#snum6] UInt64.to_uint self * UInt64.to_uint rhs >= UInt64.to_uint (v_MIN'0 : UInt64.t) + /\ UInt64.to_uint self * UInt64.to_uint rhs <= UInt64.to_uint (v_MAX'0 : UInt64.t) + -> UInt64.to_uint result = UInt64.to_uint self * UInt64.to_uint rhs} + {[%#snum7] UInt64.to_uint self * UInt64.to_uint rhs < UInt64.to_uint (v_MIN'0 : UInt64.t) -> (exists k : int . k > 0 - /\ UInt64.to_int result - = UInt64.to_int self * UInt64.to_int rhs - + k * (UInt64.to_int (v_MAX'0 : uint64) - UInt64.to_int (v_MIN'0 : uint64) + 1))} - {[%#snum8] UInt64.to_int self * UInt64.to_int rhs > UInt64.to_int (v_MAX'0 : uint64) + /\ UInt64.to_uint result + = UInt64.to_uint self * UInt64.to_uint rhs + + k * (UInt64.to_uint (v_MAX'0 : UInt64.t) - UInt64.to_uint (v_MIN'0 : UInt64.t) + 1))} + {[%#snum8] UInt64.to_uint self * UInt64.to_uint rhs > UInt64.to_uint (v_MAX'0 : UInt64.t) -> (exists k : int . k > 0 - /\ UInt64.to_int result - = UInt64.to_int self * UInt64.to_int rhs - - k * (UInt64.to_int (v_MAX'0 : uint64) - UInt64.to_int (v_MIN'0 : uint64) + 1))} + /\ UInt64.to_uint result + = UInt64.to_uint self * UInt64.to_uint rhs + - k * (UInt64.to_uint (v_MAX'0 : UInt64.t) - UInt64.to_uint (v_MIN'0 : UInt64.t) + 1))} (! return' {result}) ] - let rec wrapping_add'0 (self:uint64) (rhs:uint64) (return' (ret:uint64))= any - [ return' (result:uint64)-> {[%#snum9] UInt64.to_int result - = EuclideanDivision.mod (UInt64.to_int self - + UInt64.to_int rhs) (Power.power 2 (UInt32.to_int (v_BITS'0 : uint32))) - + UInt64.to_int (v_MIN'0 : uint64)} - {[%#snum10] UInt64.to_int self + UInt64.to_int rhs >= UInt64.to_int (v_MIN'0 : uint64) - /\ UInt64.to_int self + UInt64.to_int rhs <= UInt64.to_int (v_MAX'0 : uint64) - -> UInt64.to_int result = UInt64.to_int self + UInt64.to_int rhs} - {[%#snum11] UInt64.to_int self + UInt64.to_int rhs < UInt64.to_int (v_MIN'0 : uint64) + let rec wrapping_add'0 (self:UInt64.t) (rhs:UInt64.t) (return' (ret:UInt64.t))= any + [ return' (result:UInt64.t)-> {[%#snum9] UInt64.to_uint result + = EuclideanDivision.mod (UInt64.to_uint self + + UInt64.to_uint rhs) (Power.power 2 (UInt32.to_uint (v_BITS'0 : UInt32.t))) + + UInt64.to_uint (v_MIN'0 : UInt64.t)} + {[%#snum10] UInt64.to_uint self + UInt64.to_uint rhs >= UInt64.to_uint (v_MIN'0 : UInt64.t) + /\ UInt64.to_uint self + UInt64.to_uint rhs <= UInt64.to_uint (v_MAX'0 : UInt64.t) + -> UInt64.to_uint result = UInt64.to_uint self + UInt64.to_uint rhs} + {[%#snum11] UInt64.to_uint self + UInt64.to_uint rhs < UInt64.to_uint (v_MIN'0 : UInt64.t) -> (exists k : int . k > 0 - /\ UInt64.to_int result - = UInt64.to_int self + UInt64.to_int rhs - + k * (UInt64.to_int (v_MAX'0 : uint64) - UInt64.to_int (v_MIN'0 : uint64) + 1))} - {[%#snum12] UInt64.to_int self + UInt64.to_int rhs > UInt64.to_int (v_MAX'0 : uint64) + /\ UInt64.to_uint result + = UInt64.to_uint self + UInt64.to_uint rhs + + k * (UInt64.to_uint (v_MAX'0 : UInt64.t) - UInt64.to_uint (v_MIN'0 : UInt64.t) + 1))} + {[%#snum12] UInt64.to_uint self + UInt64.to_uint rhs > UInt64.to_uint (v_MAX'0 : UInt64.t) -> (exists k : int . k > 0 - /\ UInt64.to_int result - = UInt64.to_int self + UInt64.to_int rhs - - k * (UInt64.to_int (v_MAX'0 : uint64) - UInt64.to_int (v_MIN'0 : uint64) + 1))} + /\ UInt64.to_uint result + = UInt64.to_uint self + UInt64.to_uint rhs + - k * (UInt64.to_uint (v_MAX'0 : UInt64.t) - UInt64.to_uint (v_MIN'0 : UInt64.t) + 1))} (! return' {result}) ] @@ -153,27 +155,28 @@ module M_bdd__hashmap__qyi11648407051195780326__hash [#"bdd.rs" 79 8 79 29] (* < function hash_log'0 [#"bdd.rs" 85 8 85 48] (x : (t_DeepModelTy'0, t_DeepModelTy'1)) : int = [%#sbdd14] mod (hash_log'1 (let (a, _) = x in a) - + hash_log'2 (let (_, a) = x in a) * 17) (UInt64.to_int (v_MAX'0 : uint64) + 1) + + hash_log'2 (let (_, a) = x in a) * 17) (UInt64.to_uint (v_MAX'0 : UInt64.t) + 1) meta "compute_max_steps" 1000000 - let rec hash'0 (self:(t_U'0, t_V'0)) (return' (ret:uint64))= {[@expl:hash 'self' type invariant] [%#sbdd1] inv'0 self} + let rec hash'0 (self:(t_U'0, t_V'0)) (return' (ret:UInt64.t))= {[@expl:hash 'self' type invariant] [%#sbdd1] inv'0 self} (! bb0 - [ bb0 = s0 [ s0 = hash'1 {let (r'0, _) = self in r'0} (fun (_ret':uint64) -> [ &_3 <- _ret' ] s1) | s1 = bb1 ] - | bb1 = s0 [ s0 = hash'2 {let (_, r'0) = self in r'0} (fun (_ret':uint64) -> [ &_6 <- _ret' ] s1) | s1 = bb2 ] + [ bb0 = s0 [ s0 = hash'1 {let (r'0, _) = self in r'0} (fun (_ret':UInt64.t) -> [ &_3 <- _ret' ] s1) | s1 = bb1 ] + | bb1 = s0 [ s0 = hash'2 {let (_, r'0) = self in r'0} (fun (_ret':UInt64.t) -> [ &_6 <- _ret' ] s1) | s1 = bb2 ] | bb2 = s0 [ s0 = wrapping_mul'0 {_6} {[%#sbdd0] (17 : UInt64.t)} (fun (_ret':UInt64.t) -> [ &_5 <- _ret' ] s1) | s1 = bb3 ] | bb3 = s0 [ s0 = wrapping_add'0 {_3} {_5} (fun (_ret':UInt64.t) -> [ &_0 <- _ret' ] s1) | s1 = bb4 ] | bb4 = return' {_0} ] ) - [ & _0 : uint64 = any_l () + [ & _0 : UInt64.t = any_l () | & self : (t_U'0, t_V'0) = self - | & _3 : uint64 = any_l () - | & _5 : uint64 = any_l () - | & _6 : uint64 = any_l () ] + | & _3 : UInt64.t = any_l () + | & _5 : UInt64.t = any_l () + | & _6 : UInt64.t = any_l () ] - [ return' (result:uint64)-> {[@expl:hash ensures] [%#sbdd2] UInt64.to_int result = hash_log'0 (deep_model'0 self)} + [ return' (result:UInt64.t)-> {[@expl:hash ensures] [%#sbdd2] UInt64.to_uint result + = hash_log'0 (deep_model'0 self)} (! return' {result}) ] end @@ -182,14 +185,16 @@ module M_bdd__qyi2024536649982164874__assert_receiver_is_total_eq [#"bdd.rs" 93 use prelude.prelude.Borrow + use prelude.prelude.Int + use prelude.prelude.UInt64 type t_Bdd'0 = - { t_Bdd__0'0: t_Node'0; t_Bdd__1'0: uint64 } + { t_Bdd__0'0: t_Node'0; t_Bdd__1'0: UInt64.t } with t_Node'0 = | C_False'0 | C_True'0 - | C_If'0 uint64 (t_Bdd'0) (t_Bdd'0) + | C_If'0 UInt64.t (t_Bdd'0) (t_Bdd'0) meta "compute_max_steps" 1000000 @@ -205,52 +210,53 @@ module M_bdd__qyi4854841669736991510__eq [#"bdd.rs" 93 13 93 22] (* {C_If'0 v childt childf = input} (! ret {v} {childt} {childf}) - | bad -> {forall v : uint64, childt : t_Bdd'0, childf : t_Bdd'0 [C_If'0 v childt childf : t_Node'0] . C_If'0 v childt childf + let rec v_If'0 (input:t_Node'0) (ret (v:UInt64.t) (childt:t_Bdd'0) (childf:t_Bdd'0))= any + [ good (v:UInt64.t) (childt:t_Bdd'0) (childf:t_Bdd'0)-> {C_If'0 v childt childf = input} + (! ret {v} {childt} {childf}) + | bad -> {forall v : UInt64.t, childt : t_Bdd'0, childf : t_Bdd'0 [C_If'0 v childt childf : t_Node'0] . C_If'0 v childt childf <> input} (! {false} any) ] - function deep_model'4 [#"bdd.rs" 188 4 188 44] (self : t_Bdd'0) : uint64 = + function deep_model'4 [#"bdd.rs" 188 4 188 44] (self : t_Bdd'0) : UInt64.t = [%#sbdd8] self.t_Bdd__1'0 - function view'1 [#"bdd.rs" 198 4 198 33] (self : t_Bdd'0) : uint64 = + function view'1 [#"bdd.rs" 198 4 198 33] (self : t_Bdd'0) : UInt64.t = [%#sbdd6] deep_model'4 self - function view'0 (self : t_Bdd'0) : uint64 = + function view'0 (self : t_Bdd'0) : UInt64.t = [%#smodel4] view'1 self let rec eq'1 (self:t_Bdd'0) (o:t_Bdd'0) (return' (ret:bool))= any [ return' (result:bool)-> {[%#sbdd1] result = (view'0 self = view'0 o)} (! return' {result}) ] - use prelude.prelude.Int - - use prelude.prelude.UInt64.to_uint + use prelude.prelude.UInt64 function deep_model'3 (self : UInt64.t) : int = - [%#snum7] UInt64.to_int self + [%#snum7] UInt64.to_uint self function deep_model'1 (self : UInt64.t) : int = [%#smodel3] deep_model'3 self - let rec eq'2 (self:uint64) (other:uint64) (return' (ret:bool))= any + let rec eq'2 (self:UInt64.t) (other:UInt64.t) (return' (ret:bool))= any [ return' (result:bool)-> {[%#scmp2] result = (deep_model'1 self = deep_model'1 other)} (! return' {result}) ] @@ -259,7 +265,7 @@ module M_bdd__qyi4854841669736991510__eq [#"bdd.rs" 93 13 93 22] (* {(let (r'0, _) = _4 in r'0) = C_False'0 } (! bb2) | br1 -> {(let (r'0, _) = _4 in r'0) = C_True'0 } (! bb4) - | br2 (x0:uint64) (x1:t_Bdd'0) (x2:t_Bdd'0)-> {(let (r'0, _) = _4 in r'0) = C_If'0 x0 x1 x2} (! bb6) ] + | br2 (x0:UInt64.t) (x1:t_Bdd'0) (x2:t_Bdd'0)-> {(let (r'0, _) = _4 in r'0) = C_If'0 x0 x1 x2} (! bb6) ] ] | bb6 = any [ br0 -> {(let (_, r'0) = _4 in r'0) = C_False'0 } (! bb25) | br1 -> {(let (_, r'0) = _4 in r'0) = C_True'0 } (! bb25) - | br2 (x0:uint64) (x1:t_Bdd'0) (x2:t_Bdd'0)-> {(let (_, r'0) = _4 in r'0) = C_If'0 x0 x1 x2} (! bb7) ] + | br2 (x0:UInt64.t) (x1:t_Bdd'0) (x2:t_Bdd'0)-> {(let (_, r'0) = _4 in r'0) = C_If'0 x0 x1 x2} (! bb7) ] | bb25 = bb1 | bb7 = bb10 | bb10 = s0 [ s0 = v_If'0 {let (r'0, _) = _4 in r'0} - (fun (rv'0:uint64) (rchildt'0:t_Bdd'0) (rchildf'0:t_Bdd'0) -> [ &v_1 <- rv'0 ] s1) + (fun (rv'0:UInt64.t) (rchildt'0:t_Bdd'0) (rchildf'0:t_Bdd'0) -> [ &v_1 <- rv'0 ] s1) | s1 = v_If'0 {let (r'1, _) = _4 in r'1} - (fun (rv'1:uint64) (rchildt'1:t_Bdd'0) (rchildf'1:t_Bdd'0) -> [ &childt_1 <- rchildt'1 ] s2) + (fun (rv'1:UInt64.t) (rchildt'1:t_Bdd'0) (rchildf'1:t_Bdd'0) -> [ &childt_1 <- rchildt'1 ] s2) | s2 = v_If'0 {let (r'2, _) = _4 in r'2} - (fun (rv'2:uint64) (rchildt'2:t_Bdd'0) (rchildf'2:t_Bdd'0) -> [ &childf_1 <- rchildf'2 ] s3) + (fun (rv'2:UInt64.t) (rchildt'2:t_Bdd'0) (rchildf'2:t_Bdd'0) -> [ &childf_1 <- rchildf'2 ] s3) | s3 = v_If'0 {let (_, r'3) = _4 in r'3} - (fun (rv'3:uint64) (rchildt'3:t_Bdd'0) (rchildf'3:t_Bdd'0) -> [ &v_2 <- rv'3 ] s4) + (fun (rv'3:UInt64.t) (rchildt'3:t_Bdd'0) (rchildf'3:t_Bdd'0) -> [ &v_2 <- rv'3 ] s4) | s4 = v_If'0 {let (_, r'4) = _4 in r'4} - (fun (rv'4:uint64) (rchildt'4:t_Bdd'0) (rchildf'4:t_Bdd'0) -> [ &childt_2 <- rchildt'4 ] s5) + (fun (rv'4:UInt64.t) (rchildt'4:t_Bdd'0) (rchildf'4:t_Bdd'0) -> [ &childt_2 <- rchildt'4 ] s5) | s5 = v_If'0 {let (_, r'5) = _4 in r'5} - (fun (rv'5:uint64) (rchildt'5:t_Bdd'0) (rchildf'5:t_Bdd'0) -> [ &childf_2 <- rchildf'5 ] s6) + (fun (rv'5:UInt64.t) (rchildt'5:t_Bdd'0) (rchildf'5:t_Bdd'0) -> [ &childf_2 <- rchildf'5 ] s6) | s6 = eq'1 {childf_1} {childf_2} (fun (_ret':bool) -> [ &_17 <- _ret' ] s7) | s7 = bb11 ] @@ -319,14 +325,14 @@ module M_bdd__qyi4854841669736991510__eq [#"bdd.rs" 93 13 93 22] (* {(let (_, r'0) = _4 in r'0) = C_False'0 } (! bb1) | br1 -> {(let (_, r'0) = _4 in r'0) = C_True'0 } (! bb5) - | br2 (x0:uint64) (x1:t_Bdd'0) (x2:t_Bdd'0)-> {(let (_, r'0) = _4 in r'0) = C_If'0 x0 x1 x2} (! bb1) ] + | br2 (x0:UInt64.t) (x1:t_Bdd'0) (x2:t_Bdd'0)-> {(let (_, r'0) = _4 in r'0) = C_If'0 x0 x1 x2} (! bb1) ] | bb5 = bb9 | bb9 = s0 [ s0 = [ &_0 <- [%#sbdd0] true ] s1 | s1 = bb22 ] | bb2 = any [ br0 -> {(let (_, r'0) = _4 in r'0) = C_False'0 } (! bb3) | br1 -> {(let (_, r'0) = _4 in r'0) = C_True'0 } (! bb1) - | br2 (x0:uint64) (x1:t_Bdd'0) (x2:t_Bdd'0)-> {(let (_, r'0) = _4 in r'0) = C_If'0 x0 x1 x2} (! bb1) ] + | br2 (x0:UInt64.t) (x1:t_Bdd'0) (x2:t_Bdd'0)-> {(let (_, r'0) = _4 in r'0) = C_If'0 x0 x1 x2} (! bb1) ] | bb1 = s0 [ s0 = [ &_0 <- [%#sbdd0] false ] s1 | s1 = bb22 ] | bb3 = bb8 @@ -337,10 +343,10 @@ module M_bdd__qyi4854841669736991510__eq [#"bdd.rs" 93 13 93 22] (* {C_If'0 v childt childf = input} (! ret {v} {childt} {childf}) - | bad -> {forall v : uint64, childt : t_Bdd'0, childf : t_Bdd'0 [C_If'0 v childt childf : t_Node'0] . C_If'0 v childt childf + let rec v_If'0 (input:t_Node'0) (ret (v:UInt64.t) (childt:t_Bdd'0) (childf:t_Bdd'0))= any + [ good (v:UInt64.t) (childt:t_Bdd'0) (childf:t_Bdd'0)-> {C_If'0 v childt childf = input} + (! ret {v} {childt} {childf}) + | bad -> {forall v : UInt64.t, childt : t_Bdd'0, childf : t_Bdd'0 [C_If'0 v childt childf : t_Node'0] . C_If'0 v childt childf <> input} (! {false} any) ] - let rec clone'1 (self:uint64) (return' (ret:uint64))= any - [ return' (result:uint64)-> {[%#sclone1] result = self} (! return' {result}) ] + let rec clone'1 (self:UInt64.t) (return' (ret:UInt64.t))= any + [ return' (result:UInt64.t)-> {[%#sclone1] result = self} (! return' {result}) ] let rec clone'2 (self:t_Bdd'0) (return' (ret:t_Bdd'0))= any @@ -391,14 +400,16 @@ module M_bdd__qyi17981791245757283426__clone [#"bdd.rs" 93 24 93 29] (* {self = C_False'0 } (! bb2) | br1 -> {self = C_True'0 } (! bb3) - | br2 (x0:uint64) (x1:t_Bdd'0) (x2:t_Bdd'0)-> {self = C_If'0 x0 x1 x2} (! bb4) ] + | br2 (x0:UInt64.t) (x1:t_Bdd'0) (x2:t_Bdd'0)-> {self = C_If'0 x0 x1 x2} (! bb4) ] | bb4 = s0 - [ s0 = v_If'0 {self} (fun (rv'0:uint64) (rchildt'0:t_Bdd'0) (rchildf'0:t_Bdd'0) -> [ &v_1 <- rv'0 ] s1) - | s1 = v_If'0 {self} (fun (rv'1:uint64) (rchildt'1:t_Bdd'0) (rchildf'1:t_Bdd'0) -> [ &childt_1 <- rchildt'1 ] s2) - | s2 = v_If'0 {self} (fun (rv'2:uint64) (rchildt'2:t_Bdd'0) (rchildf'2:t_Bdd'0) -> [ &childf_1 <- rchildf'2 ] s3) + [ s0 = v_If'0 {self} (fun (rv'0:UInt64.t) (rchildt'0:t_Bdd'0) (rchildf'0:t_Bdd'0) -> [ &v_1 <- rv'0 ] s1) + | s1 = v_If'0 {self} + (fun (rv'1:UInt64.t) (rchildt'1:t_Bdd'0) (rchildf'1:t_Bdd'0) -> [ &childt_1 <- rchildt'1 ] s2) + | s2 = v_If'0 {self} + (fun (rv'2:UInt64.t) (rchildt'2:t_Bdd'0) (rchildf'2:t_Bdd'0) -> [ &childf_1 <- rchildf'2 ] s3) | s3 = [ &_9 <- v_1 ] s4 - | s4 = clone'1 {_9} (fun (_ret':uint64) -> [ &_7 <- _ret' ] s5) + | s4 = clone'1 {_9} (fun (_ret':UInt64.t) -> [ &_7 <- _ret' ] s5) | s5 = bb7 ] | bb7 = s0 @@ -416,11 +427,11 @@ module M_bdd__qyi17981791245757283426__clone [#"bdd.rs" 93 24 93 29] (* {C_If'0 v childt childf = input} (! ret {v} {childt} {childf}) - | bad -> {forall v : uint64, childt : t_Bdd'0, childf : t_Bdd'0 [C_If'0 v childt childf : t_Node'0] . C_If'0 v childt childf + let rec v_If'0 (input:t_Node'0) (ret (v:UInt64.t) (childt:t_Bdd'0) (childf:t_Bdd'0))= any + [ good (v:UInt64.t) (childt:t_Bdd'0) (childf:t_Bdd'0)-> {C_If'0 v childt childf = input} + (! ret {v} {childt} {childf}) + | bad -> {forall v : UInt64.t, childt : t_Bdd'0, childf : t_Bdd'0 [C_If'0 v childt childf : t_Node'0] . C_If'0 v childt childf <> input} (! {false} any) ] @@ -511,8 +529,6 @@ module M_bdd__qyi699402059438633899__hash [#"bdd.rs" 119 4 119 25] (* {[%#snum5] UInt64.to_int result - = EuclideanDivision.mod (UInt64.to_int self - * UInt64.to_int rhs) (Power.power 2 (UInt32.to_int (v_BITS'0 : uint32))) - + UInt64.to_int (v_MIN'0 : uint64)} - {[%#snum6] UInt64.to_int self * UInt64.to_int rhs >= UInt64.to_int (v_MIN'0 : uint64) - /\ UInt64.to_int self * UInt64.to_int rhs <= UInt64.to_int (v_MAX'0 : uint64) - -> UInt64.to_int result = UInt64.to_int self * UInt64.to_int rhs} - {[%#snum7] UInt64.to_int self * UInt64.to_int rhs < UInt64.to_int (v_MIN'0 : uint64) + let rec wrapping_mul'0 (self:UInt64.t) (rhs:UInt64.t) (return' (ret:UInt64.t))= any + [ return' (result:UInt64.t)-> {[%#snum5] UInt64.to_uint result + = EuclideanDivision.mod (UInt64.to_uint self + * UInt64.to_uint rhs) (Power.power 2 (UInt32.to_uint (v_BITS'0 : UInt32.t))) + + UInt64.to_uint (v_MIN'0 : UInt64.t)} + {[%#snum6] UInt64.to_uint self * UInt64.to_uint rhs >= UInt64.to_uint (v_MIN'0 : UInt64.t) + /\ UInt64.to_uint self * UInt64.to_uint rhs <= UInt64.to_uint (v_MAX'0 : UInt64.t) + -> UInt64.to_uint result = UInt64.to_uint self * UInt64.to_uint rhs} + {[%#snum7] UInt64.to_uint self * UInt64.to_uint rhs < UInt64.to_uint (v_MIN'0 : UInt64.t) -> (exists k : int . k > 0 - /\ UInt64.to_int result - = UInt64.to_int self * UInt64.to_int rhs - + k * (UInt64.to_int (v_MAX'0 : uint64) - UInt64.to_int (v_MIN'0 : uint64) + 1))} - {[%#snum8] UInt64.to_int self * UInt64.to_int rhs > UInt64.to_int (v_MAX'0 : uint64) + /\ UInt64.to_uint result + = UInt64.to_uint self * UInt64.to_uint rhs + + k * (UInt64.to_uint (v_MAX'0 : UInt64.t) - UInt64.to_uint (v_MIN'0 : UInt64.t) + 1))} + {[%#snum8] UInt64.to_uint self * UInt64.to_uint rhs > UInt64.to_uint (v_MAX'0 : UInt64.t) -> (exists k : int . k > 0 - /\ UInt64.to_int result - = UInt64.to_int self * UInt64.to_int rhs - - k * (UInt64.to_int (v_MAX'0 : uint64) - UInt64.to_int (v_MIN'0 : uint64) + 1))} + /\ UInt64.to_uint result + = UInt64.to_uint self * UInt64.to_uint rhs + - k * (UInt64.to_uint (v_MAX'0 : UInt64.t) - UInt64.to_uint (v_MIN'0 : UInt64.t) + 1))} (! return' {result}) ] - let rec wrapping_add'0 (self:uint64) (rhs:uint64) (return' (ret:uint64))= any - [ return' (result:uint64)-> {[%#snum9] UInt64.to_int result - = EuclideanDivision.mod (UInt64.to_int self - + UInt64.to_int rhs) (Power.power 2 (UInt32.to_int (v_BITS'0 : uint32))) - + UInt64.to_int (v_MIN'0 : uint64)} - {[%#snum10] UInt64.to_int self + UInt64.to_int rhs >= UInt64.to_int (v_MIN'0 : uint64) - /\ UInt64.to_int self + UInt64.to_int rhs <= UInt64.to_int (v_MAX'0 : uint64) - -> UInt64.to_int result = UInt64.to_int self + UInt64.to_int rhs} - {[%#snum11] UInt64.to_int self + UInt64.to_int rhs < UInt64.to_int (v_MIN'0 : uint64) + let rec wrapping_add'0 (self:UInt64.t) (rhs:UInt64.t) (return' (ret:UInt64.t))= any + [ return' (result:UInt64.t)-> {[%#snum9] UInt64.to_uint result + = EuclideanDivision.mod (UInt64.to_uint self + + UInt64.to_uint rhs) (Power.power 2 (UInt32.to_uint (v_BITS'0 : UInt32.t))) + + UInt64.to_uint (v_MIN'0 : UInt64.t)} + {[%#snum10] UInt64.to_uint self + UInt64.to_uint rhs >= UInt64.to_uint (v_MIN'0 : UInt64.t) + /\ UInt64.to_uint self + UInt64.to_uint rhs <= UInt64.to_uint (v_MAX'0 : UInt64.t) + -> UInt64.to_uint result = UInt64.to_uint self + UInt64.to_uint rhs} + {[%#snum11] UInt64.to_uint self + UInt64.to_uint rhs < UInt64.to_uint (v_MIN'0 : UInt64.t) -> (exists k : int . k > 0 - /\ UInt64.to_int result - = UInt64.to_int self + UInt64.to_int rhs - + k * (UInt64.to_int (v_MAX'0 : uint64) - UInt64.to_int (v_MIN'0 : uint64) + 1))} - {[%#snum12] UInt64.to_int self + UInt64.to_int rhs > UInt64.to_int (v_MAX'0 : uint64) + /\ UInt64.to_uint result + = UInt64.to_uint self + UInt64.to_uint rhs + + k * (UInt64.to_uint (v_MAX'0 : UInt64.t) - UInt64.to_uint (v_MIN'0 : UInt64.t) + 1))} + {[%#snum12] UInt64.to_uint self + UInt64.to_uint rhs > UInt64.to_uint (v_MAX'0 : UInt64.t) -> (exists k : int . k > 0 - /\ UInt64.to_int result - = UInt64.to_int self + UInt64.to_int rhs - - k * (UInt64.to_int (v_MAX'0 : uint64) - UInt64.to_int (v_MIN'0 : uint64) + 1))} + /\ UInt64.to_uint result + = UInt64.to_uint self + UInt64.to_uint rhs + - k * (UInt64.to_uint (v_MAX'0 : UInt64.t) - UInt64.to_uint (v_MIN'0 : UInt64.t) + 1))} (! return' {result}) ] @@ -574,7 +590,7 @@ module M_bdd__qyi699402059438633899__hash [#"bdd.rs" 119 4 119 25] (* 1 | C_True'1 -> 2 - | C_If'1 v childt childf -> mod (UInt64.to_int v + UInt64.to_int childt * 5 - + UInt64.to_int childf * 7) (UInt64.to_int (v_MAX'0 : uint64) + 1) + | C_If'1 v childt childf -> mod (UInt64.to_uint v + UInt64.to_uint childt * 5 + + UInt64.to_uint childf * 7) (UInt64.to_uint (v_MAX'0 : UInt64.t) + 1) end meta "compute_max_steps" 1000000 - let rec hash'0 (self:t_Node'0) (return' (ret:uint64))= (! bb0 + let rec hash'0 (self:t_Node'0) (return' (ret:UInt64.t))= (! bb0 [ bb0 = any [ br0 -> {self = C_False'0 } (! bb2) | br1 -> {self = C_True'0 } (! bb3) - | br2 (x0:uint64) (x1:t_Bdd'0) (x2:t_Bdd'0)-> {self = C_If'0 x0 x1 x2} (! bb4) ] + | br2 (x0:UInt64.t) (x1:t_Bdd'0) (x2:t_Bdd'0)-> {self = C_If'0 x0 x1 x2} (! bb4) ] | bb4 = s0 - [ s0 = v_If'0 {self} (fun (rv'0:uint64) (rchildt'0:t_Bdd'0) (rchildf'0:t_Bdd'0) -> [ &v <- rv'0 ] s1) - | s1 = v_If'0 {self} (fun (rv'1:uint64) (rchildt'1:t_Bdd'0) (rchildf'1:t_Bdd'0) -> [ &childt <- rchildt'1 ] s2) - | s2 = v_If'0 {self} (fun (rv'2:uint64) (rchildt'2:t_Bdd'0) (rchildf'2:t_Bdd'0) -> [ &childf <- rchildf'2 ] s3) - | s3 = wrapping_mul'0 {childt.t_Bdd__1'0} {[%#sbdd0] (5 : uint64)} (fun (_ret':uint64) -> [ &_9 <- _ret' ] s4) + [ s0 = v_If'0 {self} (fun (rv'0:UInt64.t) (rchildt'0:t_Bdd'0) (rchildf'0:t_Bdd'0) -> [ &v <- rv'0 ] s1) + | s1 = v_If'0 {self} (fun (rv'1:UInt64.t) (rchildt'1:t_Bdd'0) (rchildf'1:t_Bdd'0) -> [ &childt <- rchildt'1 ] s2) + | s2 = v_If'0 {self} (fun (rv'2:UInt64.t) (rchildt'2:t_Bdd'0) (rchildf'2:t_Bdd'0) -> [ &childf <- rchildf'2 ] s3) + | s3 = wrapping_mul'0 {childt.t_Bdd__1'0} {[%#sbdd0] (5 : UInt64.t)} + (fun (_ret':UInt64.t) -> [ &_9 <- _ret' ] s4) | s4 = bb7 ] | bb7 = s0 [ s0 = wrapping_add'0 {v} {_9} (fun (_ret':UInt64.t) -> [ &_7 <- _ret' ] s1) | s1 = bb8 ] | bb8 = s0 - [ s0 = wrapping_mul'0 {childf.t_Bdd__1'0} {[%#sbdd1] (7 : uint64)} (fun (_ret':uint64) -> [ &_11 <- _ret' ] s1) + [ s0 = wrapping_mul'0 {childf.t_Bdd__1'0} {[%#sbdd1] (7 : UInt64.t)} + (fun (_ret':UInt64.t) -> [ &_11 <- _ret' ] s1) | s1 = bb9 ] | bb9 = s0 [ s0 = wrapping_add'0 {_7} {_11} (fun (_ret':UInt64.t) -> [ &_0 <- _ret' ] s1) | s1 = bb10 ] @@ -625,16 +643,16 @@ module M_bdd__qyi699402059438633899__hash [#"bdd.rs" 119 4 119 25] (* {[@expl:hash ensures] [%#sbdd4] UInt64.to_int result = hash_log'0 (view'0 self)} + [ return' (result:UInt64.t)-> {[@expl:hash ensures] [%#sbdd4] UInt64.to_uint result = hash_log'0 (view'0 self)} (! return' {result}) ] end @@ -647,39 +665,39 @@ module M_bdd__qyi14323183011761258016__hash [#"bdd.rs" 145 4 145 25] (* {[@expl:hash ensures] [%#sbdd0] UInt64.to_int result = hash_log'0 (view'0 self)} + ) [ & _0 : UInt64.t = any_l () | & self : t_Bdd'0 = self ] + [ return' (result:UInt64.t)-> {[@expl:hash ensures] [%#sbdd0] UInt64.to_uint result = hash_log'0 (view'0 self)} (! return' {result}) ] end @@ -693,22 +711,24 @@ module M_bdd__qyi2581120635339165136__eq [#"bdd.rs" 205 4 205 34] (* Map.get (view'0 (self.final).t_Context__hashcons'0) n = C_Some'0 b | C_None'0 -> true @@ -858,14 +874,16 @@ module M_bdd__qyi11078426090797403070__grows_trans [#"bdd.rs" 348 4 348 62] (* C type t_MyHashMap'0 - use prelude.prelude.UInt64.to_uint + use prelude.prelude.Int + + use prelude.prelude.UInt64 type t_Bdd'0 = - { t_Bdd__0'0: t_Node'0; t_Bdd__1'0: uint64 } + { t_Bdd__0'0: t_Node'0; t_Bdd__1'0: UInt64.t } with t_Node'0 = | C_False'1 | C_True'1 - | C_If'1 uint64 (t_Bdd'0) (t_Bdd'0) + | C_If'1 UInt64.t (t_Bdd'0) (t_Bdd'0) use map.Map @@ -878,19 +896,17 @@ module M_bdd__qyi11078426090797403070__grows_trans [#"bdd.rs" 348 4 348 62] (* C type t_Context'0 = { t_Context__alloc'0: (); t_Context__hashcons'0: t_MyHashMap'0; - t_Context__hashcons_ghost'0: Snapshot.snap_ty (Map.map uint64 (t_Node'0)); + t_Context__hashcons_ghost'0: Snapshot.snap_ty (Map.map UInt64.t (t_Node'0)); t_Context__not_memo'0: t_MyHashMap'1; t_Context__and_memo'0: t_MyHashMap'2; - t_Context__cnt'0: uint64 } + t_Context__cnt'0: UInt64.t } use prelude.prelude.UInt64 - use prelude.prelude.Int - type t_NodeLog'0 = | C_False'0 | C_True'0 - | C_If'0 uint64 uint64 uint64 + | C_If'0 UInt64.t UInt64.t UInt64.t type t_Option'0 = | C_None'0 @@ -903,7 +919,7 @@ module M_bdd__qyi11078426090797403070__grows_trans [#"bdd.rs" 348 4 348 62] (* C use map.Map predicate grows'0 [#"bdd.rs" 299 4 299 35] (self : borrowed (t_Context'0)) = - [%#sbdd6] UInt64.to_int (self.current).t_Context__cnt'0 <= UInt64.to_int (self.final).t_Context__cnt'0 + [%#sbdd6] UInt64.to_uint (self.current).t_Context__cnt'0 <= UInt64.to_uint (self.final).t_Context__cnt'0 /\ (forall n : t_NodeLog'0 . match Map.get (view'0 (self.current).t_Context__hashcons'0) n with | C_Some'0 b -> Map.get (view'0 (self.final).t_Context__hashcons'0) n = C_Some'0 b | C_None'0 -> true @@ -936,19 +952,35 @@ module M_bdd__qyi11078426090797403070__set_irrelevent_var [#"bdd.rs" 355 4 355 8 let%span sbdd10 = "bdd.rs" 179 20 179 37 let%span sbdd11 = "bdd.rs" 321 12 330 13 let%span sbdd12 = "bdd.rs" 163 12 167 13 + let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 78 39 78 89 + let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 83 39 83 86 + let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 88 39 88 86 + let%span sord16 = "../../../creusot-contracts/src/logic/ord.rs" 93 39 93 89 + let%span sord17 = "../../../creusot-contracts/src/logic/ord.rs" 98 39 98 70 + let%span sord18 = "../../../creusot-contracts/src/logic/ord.rs" 103 40 103 57 + let%span sord19 = "../../../creusot-contracts/src/logic/ord.rs" 104 40 104 57 + let%span sord20 = "../../../creusot-contracts/src/logic/ord.rs" 105 39 105 56 + let%span sord21 = "../../../creusot-contracts/src/logic/ord.rs" 110 40 110 70 + let%span sord22 = "../../../creusot-contracts/src/logic/ord.rs" 111 39 111 72 + let%span sord23 = "../../../creusot-contracts/src/logic/ord.rs" 116 40 116 73 + let%span sord24 = "../../../creusot-contracts/src/logic/ord.rs" 117 39 117 69 + let%span sord25 = "../../../creusot-contracts/src/logic/ord.rs" 122 39 122 84 + let%span sord26 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 use prelude.prelude.Borrow type t_MyHashMap'0 + use prelude.prelude.Int + use prelude.prelude.UInt64 type t_Bdd'0 = - { t_Bdd__0'0: t_Node'0; t_Bdd__1'0: uint64 } + { t_Bdd__0'0: t_Node'0; t_Bdd__1'0: UInt64.t } with t_Node'0 = | C_False'0 | C_True'0 - | C_If'0 uint64 (t_Bdd'0) (t_Bdd'0) + | C_If'0 UInt64.t (t_Bdd'0) (t_Bdd'0) use map.Map @@ -961,15 +993,15 @@ module M_bdd__qyi11078426090797403070__set_irrelevent_var [#"bdd.rs" 355 4 355 8 type t_Context'0 = { t_Context__alloc'0: (); t_Context__hashcons'0: t_MyHashMap'0; - t_Context__hashcons_ghost'0: Snapshot.snap_ty (Map.map uint64 (t_Node'0)); + t_Context__hashcons_ghost'0: Snapshot.snap_ty (Map.map UInt64.t (t_Node'0)); t_Context__not_memo'0: t_MyHashMap'1; t_Context__and_memo'0: t_MyHashMap'2; - t_Context__cnt'0: uint64 } + t_Context__cnt'0: UInt64.t } type t_NodeLog'0 = | C_False'1 | C_True'1 - | C_If'1 uint64 uint64 uint64 + | C_If'1 UInt64.t UInt64.t UInt64.t type t_Option'0 = | C_None'0 @@ -999,17 +1031,15 @@ module M_bdd__qyi11078426090797403070__set_irrelevent_var [#"bdd.rs" 355 4 355 8 use prelude.prelude.UInt64 - use prelude.prelude.Int - - constant v_MAX'0 : uint64 = (18446744073709551615 : uint64) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) function view'2 (self : UInt64.t) : int = - [%#smodel8] UInt64.to_int self + [%#smodel8] UInt64.to_uint self function leastvar'0 [#"bdd.rs" 242 4 242 28] (self : t_Bdd'0) : int = [%#sbdd6] match self with - | {t_Bdd__0'0 = C_True'0} -> UInt64.to_int (v_MAX'0 : uint64) + 1 - | {t_Bdd__0'0 = C_False'0} -> UInt64.to_int (v_MAX'0 : uint64) + 1 + | {t_Bdd__0'0 = C_True'0} -> UInt64.to_uint (v_MAX'0 : UInt64.t) + 1 + | {t_Bdd__0'0 = C_False'0} -> UInt64.to_uint (v_MAX'0 : UInt64.t) + 1 | {t_Bdd__0'0 = C_If'0 v _ _} -> view'2 v end @@ -1019,9 +1049,66 @@ module M_bdd__qyi11078426090797403070__set_irrelevent_var [#"bdd.rs" 355 4 355 8 | C_False'0 -> true | C_If'0 v childt childf -> childt.t_Bdd__0'0 <> childf.t_Bdd__0'0 /\ is_valid_bdd'0 self childt - /\ is_valid_bdd'0 self childf /\ UInt64.to_int v < leastvar'0 childt /\ UInt64.to_int v < leastvar'0 childf + /\ is_valid_bdd'0 self childf /\ UInt64.to_uint v < leastvar'0 childt /\ UInt64.to_uint v < leastvar'0 childf end + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 + + use prelude.prelude.UInt64 + + function cmp_log'0 (self : UInt64.t) (o : UInt64.t) : t_Ordering'0 = + [%#sord26] if UInt64.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + + function eq_cmp'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom eq_cmp'0_spec : forall x : UInt64.t, y : UInt64.t . [%#sord25] (x = y) = (cmp_log'0 x y = C_Equal'0) + + function antisym2'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom antisym2'0_spec : forall x : UInt64.t, y : UInt64.t . ([%#sord23] cmp_log'0 x y = C_Greater'0) + -> ([%#sord24] cmp_log'0 y x = C_Less'0) + + function antisym1'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom antisym1'0_spec : forall x : UInt64.t, y : UInt64.t . ([%#sord21] cmp_log'0 x y = C_Less'0) + -> ([%#sord22] cmp_log'0 y x = C_Greater'0) + + function trans'0 (x : UInt64.t) (y : UInt64.t) (z : UInt64.t) (o : t_Ordering'0) : () + + axiom trans'0_spec : forall x : UInt64.t, y : UInt64.t, z : UInt64.t, o : t_Ordering'0 . ([%#sord18] cmp_log'0 x y + = o) -> ([%#sord19] cmp_log'0 y z = o) -> ([%#sord20] cmp_log'0 x z = o) + + function refl'0 (x : UInt64.t) : () + + axiom refl'0_spec : forall x : UInt64.t . [%#sord17] cmp_log'0 x x = C_Equal'0 + + use prelude.prelude.UInt64 + + function cmp_gt_log'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom cmp_gt_log'0_spec : forall x : UInt64.t, y : UInt64.t . [%#sord16] UInt64.ugt x y + = (cmp_log'0 x y = C_Greater'0) + + use prelude.prelude.UInt64 + + function cmp_ge_log'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom cmp_ge_log'0_spec : forall x : UInt64.t, y : UInt64.t . [%#sord15] UInt64.uge x y = (cmp_log'0 x y <> C_Less'0) + + function cmp_lt_log'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom cmp_lt_log'0_spec : forall x : UInt64.t, y : UInt64.t . [%#sord14] UInt64.ult x y = (cmp_log'0 x y = C_Less'0) + + use prelude.prelude.UInt64 + + function cmp_le_log'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom cmp_le_log'0_spec : forall x : UInt64.t, y : UInt64.t . [%#sord13] UInt64.ule x y + = (cmp_log'0 x y <> C_Greater'0) + use prelude.prelude.Snapshot use map.Map @@ -1030,7 +1117,7 @@ module M_bdd__qyi11078426090797403070__set_irrelevent_var [#"bdd.rs" 355 4 355 8 use map.Map - function interp'0 [#"bdd.rs" 212 4 212 53] (self : t_Bdd'0) (vars : Map.map uint64 bool) : bool = + function interp'0 [#"bdd.rs" 212 4 212 53] (self : t_Bdd'0) (vars : Map.map UInt64.t bool) : bool = [%#sbdd7] match self with | {t_Bdd__0'0 = C_True'0} -> true | {t_Bdd__0'0 = C_False'0} -> false @@ -1039,13 +1126,13 @@ module M_bdd__qyi11078426090797403070__set_irrelevent_var [#"bdd.rs" 355 4 355 8 use map.Map - function view'4 [#"bdd.rs" 49 8 49 37] (self : t_MyHashMap'1) : Map.map uint64 (t_Option'0) + function view'4 [#"bdd.rs" 49 8 49 37] (self : t_MyHashMap'1) : Map.map UInt64.t (t_Option'0) use map.Map use map.Map - function view'5 [#"bdd.rs" 49 8 49 37] (self : t_MyHashMap'2) : Map.map (uint64, uint64) (t_Option'0) + function view'5 [#"bdd.rs" 49 8 49 37] (self : t_MyHashMap'2) : Map.map (UInt64.t, UInt64.t) (t_Option'0) use map.Map @@ -1053,18 +1140,18 @@ module M_bdd__qyi11078426090797403070__set_irrelevent_var [#"bdd.rs" 355 4 355 8 [%#sbdd9] (forall n : t_NodeLog'0 . match Map.get (view'0 self.t_Context__hashcons'0) n with | C_Some'0 b -> view'1 b.t_Bdd__0'0 = n /\ is_valid_node'0 self b.t_Bdd__0'0 - /\ b.t_Bdd__1'0 < self.t_Context__cnt'0 + /\ UInt64.ult b.t_Bdd__1'0 self.t_Context__cnt'0 /\ Map.get (Snapshot.inner self.t_Context__hashcons_ghost'0) b.t_Bdd__1'0 = b.t_Bdd__0'0 | C_None'0 -> true end) - /\ (forall bm : uint64 . match Map.get (view'4 self.t_Context__not_memo'0) bm with + /\ (forall bm : UInt64.t . match Map.get (view'4 self.t_Context__not_memo'0) bm with | C_None'0 -> true | C_Some'0 n -> let b = { t_Bdd__0'0 = Map.get (Snapshot.inner self.t_Context__hashcons_ghost'0) bm; t_Bdd__1'0 = bm } in is_valid_bdd'0 self n /\ is_valid_bdd'0 self b /\ (forall v : Map.map UInt64.t bool . interp'0 n v = (not interp'0 b v)) /\ leastvar'0 b <= leastvar'0 n end) - /\ (forall abm : (uint64, uint64) . match Map.get (view'5 self.t_Context__and_memo'0) abm with + /\ (forall abm : (UInt64.t, UInt64.t) . match Map.get (view'5 self.t_Context__and_memo'0) abm with | C_None'0 -> true | C_Some'0 n -> let a = { t_Bdd__0'0 = Map.get (Snapshot.inner self.t_Context__hashcons_ghost'0) (let (a, _) = abm in a); t_Bdd__1'0 = (let (a, _) = abm in a) } in let b = { t_Bdd__0'0 = Map.get (Snapshot.inner self.t_Context__hashcons_ghost'0) (let (_, a) = abm in a); @@ -1095,20 +1182,20 @@ module M_bdd__qyi11078426090797403070__set_irrelevent_var [#"bdd.rs" 355 4 355 8 constant b : bool - function set_irrelevent_var'0 [#"bdd.rs" 355 4 355 87] (self : t_Context'0) (a : t_Bdd'0) (x : uint64) (v : Map.map uint64 bool) (b : bool) : () + function set_irrelevent_var'0 [#"bdd.rs" 355 4 355 87] (self : t_Context'0) (a : t_Bdd'0) (x : UInt64.t) (v : Map.map UInt64.t bool) (b : bool) : () - goal vc_set_irrelevent_var'0 : ([%#sbdd2] UInt64.to_int x < leastvar'0 a) + goal vc_set_irrelevent_var'0 : ([%#sbdd2] UInt64.to_uint x < leastvar'0 a) -> ([%#sbdd1] is_valid_bdd'0 self a) -> ([%#sbdd0] inv'0 self) -> match a with | {t_Bdd__0'0 = C_If'0 _ childt childf} -> (([@expl:set_irrelevent_var requires #0] [%#sbdd0] inv'0 self) && ([@expl:set_irrelevent_var requires #1] [%#sbdd1] is_valid_bdd'0 self childt) - && ([@expl:set_irrelevent_var requires #2] [%#sbdd2] UInt64.to_int x < leastvar'0 childt)) + && ([@expl:set_irrelevent_var requires #2] [%#sbdd2] UInt64.to_uint x < leastvar'0 childt)) /\ (([%#sbdd3] interp'0 childt v = interp'0 childt (Map.set v x b)) -> (let _ = set_irrelevent_var'0 self childt x v b in (([@expl:set_irrelevent_var requires #0] [%#sbdd0] inv'0 self) && ([@expl:set_irrelevent_var requires #1] [%#sbdd1] is_valid_bdd'0 self childf) - && ([@expl:set_irrelevent_var requires #2] [%#sbdd2] UInt64.to_int x < leastvar'0 childf)) + && ([@expl:set_irrelevent_var requires #2] [%#sbdd2] UInt64.to_uint x < leastvar'0 childf)) /\ (([%#sbdd3] interp'0 childf v = interp'0 childf (Map.set v x b)) -> (let _ = set_irrelevent_var'0 self childf x v b in [%#sbdd3] interp'0 a v = interp'0 a (Map.set v x b))))) | _ -> [%#sbdd3] interp'0 a v = interp'0 a (Map.set v x b) @@ -1137,19 +1224,35 @@ module M_bdd__qyi11078426090797403070__discr_valuation [#"bdd.rs" 375 4 375 82] let%span sbdd19 = "bdd.rs" 179 20 179 37 let%span sbdd20 = "bdd.rs" 321 12 330 13 let%span sbdd21 = "bdd.rs" 163 12 167 13 + let%span sord22 = "../../../creusot-contracts/src/logic/ord.rs" 78 39 78 89 + let%span sord23 = "../../../creusot-contracts/src/logic/ord.rs" 83 39 83 86 + let%span sord24 = "../../../creusot-contracts/src/logic/ord.rs" 88 39 88 86 + let%span sord25 = "../../../creusot-contracts/src/logic/ord.rs" 93 39 93 89 + let%span sord26 = "../../../creusot-contracts/src/logic/ord.rs" 98 39 98 70 + let%span sord27 = "../../../creusot-contracts/src/logic/ord.rs" 103 40 103 57 + let%span sord28 = "../../../creusot-contracts/src/logic/ord.rs" 104 40 104 57 + let%span sord29 = "../../../creusot-contracts/src/logic/ord.rs" 105 39 105 56 + let%span sord30 = "../../../creusot-contracts/src/logic/ord.rs" 110 40 110 70 + let%span sord31 = "../../../creusot-contracts/src/logic/ord.rs" 111 39 111 72 + let%span sord32 = "../../../creusot-contracts/src/logic/ord.rs" 116 40 116 73 + let%span sord33 = "../../../creusot-contracts/src/logic/ord.rs" 117 39 117 69 + let%span sord34 = "../../../creusot-contracts/src/logic/ord.rs" 122 39 122 84 + let%span sord35 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 use prelude.prelude.Borrow type t_MyHashMap'0 + use prelude.prelude.Int + use prelude.prelude.UInt64 type t_Bdd'0 = - { t_Bdd__0'0: t_Node'0; t_Bdd__1'0: uint64 } + { t_Bdd__0'0: t_Node'0; t_Bdd__1'0: UInt64.t } with t_Node'0 = | C_False'0 | C_True'0 - | C_If'0 uint64 (t_Bdd'0) (t_Bdd'0) + | C_If'0 UInt64.t (t_Bdd'0) (t_Bdd'0) use map.Map @@ -1162,15 +1265,15 @@ module M_bdd__qyi11078426090797403070__discr_valuation [#"bdd.rs" 375 4 375 82] type t_Context'0 = { t_Context__alloc'0: (); t_Context__hashcons'0: t_MyHashMap'0; - t_Context__hashcons_ghost'0: Snapshot.snap_ty (Map.map uint64 (t_Node'0)); + t_Context__hashcons_ghost'0: Snapshot.snap_ty (Map.map UInt64.t (t_Node'0)); t_Context__not_memo'0: t_MyHashMap'1; t_Context__and_memo'0: t_MyHashMap'2; - t_Context__cnt'0: uint64 } + t_Context__cnt'0: UInt64.t } type t_NodeLog'0 = | C_False'1 | C_True'1 - | C_If'1 uint64 uint64 uint64 + | C_If'1 UInt64.t UInt64.t UInt64.t type t_Option'0 = | C_None'0 @@ -1200,17 +1303,15 @@ module M_bdd__qyi11078426090797403070__discr_valuation [#"bdd.rs" 375 4 375 82] use prelude.prelude.UInt64 - use prelude.prelude.Int - - constant v_MAX'0 : uint64 = (18446744073709551615 : uint64) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - function view'2 (self : uint64) : int = - [%#smodel17] UInt64.to_int self + function view'2 (self : UInt64.t) : int = + [%#smodel17] UInt64.to_uint self function leastvar'0 [#"bdd.rs" 242 4 242 28] (self : t_Bdd'0) : int = [%#sbdd16] match self with - | {t_Bdd__0'0 = C_True'0} -> UInt64.to_int (v_MAX'0 : uint64) + 1 - | {t_Bdd__0'0 = C_False'0} -> UInt64.to_int (v_MAX'0 : uint64) + 1 + | {t_Bdd__0'0 = C_True'0} -> UInt64.to_uint (v_MAX'0 : UInt64.t) + 1 + | {t_Bdd__0'0 = C_False'0} -> UInt64.to_uint (v_MAX'0 : UInt64.t) + 1 | {t_Bdd__0'0 = C_If'0 v _ _} -> view'2 v end @@ -1220,9 +1321,66 @@ module M_bdd__qyi11078426090797403070__discr_valuation [#"bdd.rs" 375 4 375 82] | C_False'0 -> true | C_If'0 v childt childf -> childt.t_Bdd__0'0 <> childf.t_Bdd__0'0 /\ is_valid_bdd'0 self childt - /\ is_valid_bdd'0 self childf /\ UInt64.to_int v < leastvar'0 childt /\ UInt64.to_int v < leastvar'0 childf + /\ is_valid_bdd'0 self childf /\ UInt64.to_uint v < leastvar'0 childt /\ UInt64.to_uint v < leastvar'0 childf end + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 + + use prelude.prelude.UInt64 + + function cmp_log'0 (self : UInt64.t) (o : UInt64.t) : t_Ordering'0 = + [%#sord35] if UInt64.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + + function eq_cmp'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom eq_cmp'0_spec : forall x : UInt64.t, y : UInt64.t . [%#sord34] (x = y) = (cmp_log'0 x y = C_Equal'0) + + function antisym2'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom antisym2'0_spec : forall x : UInt64.t, y : UInt64.t . ([%#sord32] cmp_log'0 x y = C_Greater'0) + -> ([%#sord33] cmp_log'0 y x = C_Less'0) + + function antisym1'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom antisym1'0_spec : forall x : UInt64.t, y : UInt64.t . ([%#sord30] cmp_log'0 x y = C_Less'0) + -> ([%#sord31] cmp_log'0 y x = C_Greater'0) + + function trans'0 (x : UInt64.t) (y : UInt64.t) (z : UInt64.t) (o : t_Ordering'0) : () + + axiom trans'0_spec : forall x : UInt64.t, y : UInt64.t, z : UInt64.t, o : t_Ordering'0 . ([%#sord27] cmp_log'0 x y + = o) -> ([%#sord28] cmp_log'0 y z = o) -> ([%#sord29] cmp_log'0 x z = o) + + function refl'0 (x : UInt64.t) : () + + axiom refl'0_spec : forall x : UInt64.t . [%#sord26] cmp_log'0 x x = C_Equal'0 + + use prelude.prelude.UInt64 + + function cmp_gt_log'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom cmp_gt_log'0_spec : forall x : UInt64.t, y : UInt64.t . [%#sord25] UInt64.ugt x y + = (cmp_log'0 x y = C_Greater'0) + + use prelude.prelude.UInt64 + + function cmp_ge_log'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom cmp_ge_log'0_spec : forall x : UInt64.t, y : UInt64.t . [%#sord24] UInt64.uge x y = (cmp_log'0 x y <> C_Less'0) + + function cmp_lt_log'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom cmp_lt_log'0_spec : forall x : UInt64.t, y : UInt64.t . [%#sord23] UInt64.ult x y = (cmp_log'0 x y = C_Less'0) + + use prelude.prelude.UInt64 + + function cmp_le_log'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom cmp_le_log'0_spec : forall x : UInt64.t, y : UInt64.t . [%#sord22] UInt64.ule x y + = (cmp_log'0 x y <> C_Greater'0) + use prelude.prelude.Snapshot use map.Map @@ -1231,7 +1389,7 @@ module M_bdd__qyi11078426090797403070__discr_valuation [#"bdd.rs" 375 4 375 82] use map.Map - function interp'0 [#"bdd.rs" 212 4 212 53] (self : t_Bdd'0) (vars : Map.map uint64 bool) : bool = + function interp'0 [#"bdd.rs" 212 4 212 53] (self : t_Bdd'0) (vars : Map.map UInt64.t bool) : bool = [%#sbdd8] match self with | {t_Bdd__0'0 = C_True'0} -> true | {t_Bdd__0'0 = C_False'0} -> false @@ -1240,13 +1398,13 @@ module M_bdd__qyi11078426090797403070__discr_valuation [#"bdd.rs" 375 4 375 82] use map.Map - function view'4 [#"bdd.rs" 49 8 49 37] (self : t_MyHashMap'1) : Map.map uint64 (t_Option'0) + function view'4 [#"bdd.rs" 49 8 49 37] (self : t_MyHashMap'1) : Map.map UInt64.t (t_Option'0) use map.Map use map.Map - function view'5 [#"bdd.rs" 49 8 49 37] (self : t_MyHashMap'2) : Map.map (uint64, uint64) (t_Option'0) + function view'5 [#"bdd.rs" 49 8 49 37] (self : t_MyHashMap'2) : Map.map (UInt64.t, UInt64.t) (t_Option'0) use map.Map @@ -1254,18 +1412,18 @@ module M_bdd__qyi11078426090797403070__discr_valuation [#"bdd.rs" 375 4 375 82] [%#sbdd18] (forall n : t_NodeLog'0 . match Map.get (view'0 self.t_Context__hashcons'0) n with | C_Some'0 b -> view'1 b.t_Bdd__0'0 = n /\ is_valid_node'0 self b.t_Bdd__0'0 - /\ b.t_Bdd__1'0 < self.t_Context__cnt'0 + /\ UInt64.ult b.t_Bdd__1'0 self.t_Context__cnt'0 /\ Map.get (Snapshot.inner self.t_Context__hashcons_ghost'0) b.t_Bdd__1'0 = b.t_Bdd__0'0 | C_None'0 -> true end) - /\ (forall bm : uint64 . match Map.get (view'4 self.t_Context__not_memo'0) bm with + /\ (forall bm : UInt64.t . match Map.get (view'4 self.t_Context__not_memo'0) bm with | C_None'0 -> true | C_Some'0 n -> let b = { t_Bdd__0'0 = Map.get (Snapshot.inner self.t_Context__hashcons_ghost'0) bm; t_Bdd__1'0 = bm } in is_valid_bdd'0 self n /\ is_valid_bdd'0 self b /\ (forall v : Map.map UInt64.t bool . interp'0 n v = (not interp'0 b v)) /\ leastvar'0 b <= leastvar'0 n end) - /\ (forall abm : (uint64, uint64) . match Map.get (view'5 self.t_Context__and_memo'0) abm with + /\ (forall abm : (UInt64.t, UInt64.t) . match Map.get (view'5 self.t_Context__and_memo'0) abm with | C_None'0 -> true | C_Some'0 n -> let a = { t_Bdd__0'0 = Map.get (Snapshot.inner self.t_Context__hashcons_ghost'0) (let (a, _) = abm in a); t_Bdd__1'0 = (let (a, _) = abm in a) } in let b = { t_Bdd__0'0 = Map.get (Snapshot.inner self.t_Context__hashcons_ghost'0) (let (_, a) = abm in a); @@ -1295,7 +1453,7 @@ module M_bdd__qyi11078426090797403070__discr_valuation [#"bdd.rs" 375 4 375 82] use map.Map - function set_irrelevent_var'0 [#"bdd.rs" 355 4 355 87] (self : t_Context'0) (a : t_Bdd'0) (x : uint64) (v : Map.map uint64 bool) (b : bool) : () + function set_irrelevent_var'0 [#"bdd.rs" 355 4 355 87] (self : t_Context'0) (a : t_Bdd'0) (x : UInt64.t) (v : Map.map UInt64.t bool) (b : bool) : () = [%#sbdd15] match a with @@ -1303,9 +1461,9 @@ module M_bdd__qyi11078426090797403070__discr_valuation [#"bdd.rs" 375 4 375 82] | _ -> () end - axiom set_irrelevent_var'0_spec : forall self : t_Context'0, a : t_Bdd'0, x : uint64, v : Map.map uint64 bool, b : bool . ([%#sbdd11] inv'0 self) + axiom set_irrelevent_var'0_spec : forall self : t_Context'0, a : t_Bdd'0, x : UInt64.t, v : Map.map UInt64.t bool, b : bool . ([%#sbdd11] inv'0 self) -> ([%#sbdd12] is_valid_bdd'0 self a) - -> ([%#sbdd13] UInt64.to_int x < leastvar'0 a) -> ([%#sbdd14] interp'0 a v = interp'0 a (Map.set v x b)) + -> ([%#sbdd13] UInt64.to_uint x < leastvar'0 a) -> ([%#sbdd14] interp'0 a v = interp'0 a (Map.set v x b)) use map.Const @@ -1315,7 +1473,7 @@ module M_bdd__qyi11078426090797403070__discr_valuation [#"bdd.rs" 375 4 375 82] constant b : t_Bdd'0 - function discr_valuation'0 [#"bdd.rs" 375 4 375 82] (self : t_Context'0) (a : t_Bdd'0) (b : t_Bdd'0) : Map.map uint64 bool + function discr_valuation'0 [#"bdd.rs" 375 4 375 82] (self : t_Context'0) (a : t_Bdd'0) (b : t_Bdd'0) : Map.map UInt64.t bool goal vc_discr_valuation'0 : ([%#sbdd3] a <> b) @@ -1439,19 +1597,35 @@ module M_bdd__qyi11078426090797403070__bdd_canonical [#"bdd.rs" 424 4 424 62] (* let%span sbdd25 = "bdd.rs" 179 20 179 37 let%span sbdd26 = "bdd.rs" 321 12 330 13 let%span sbdd27 = "bdd.rs" 163 12 167 13 + let%span sord28 = "../../../creusot-contracts/src/logic/ord.rs" 78 39 78 89 + let%span sord29 = "../../../creusot-contracts/src/logic/ord.rs" 83 39 83 86 + let%span sord30 = "../../../creusot-contracts/src/logic/ord.rs" 88 39 88 86 + let%span sord31 = "../../../creusot-contracts/src/logic/ord.rs" 93 39 93 89 + let%span sord32 = "../../../creusot-contracts/src/logic/ord.rs" 98 39 98 70 + let%span sord33 = "../../../creusot-contracts/src/logic/ord.rs" 103 40 103 57 + let%span sord34 = "../../../creusot-contracts/src/logic/ord.rs" 104 40 104 57 + let%span sord35 = "../../../creusot-contracts/src/logic/ord.rs" 105 39 105 56 + let%span sord36 = "../../../creusot-contracts/src/logic/ord.rs" 110 40 110 70 + let%span sord37 = "../../../creusot-contracts/src/logic/ord.rs" 111 39 111 72 + let%span sord38 = "../../../creusot-contracts/src/logic/ord.rs" 116 40 116 73 + let%span sord39 = "../../../creusot-contracts/src/logic/ord.rs" 117 39 117 69 + let%span sord40 = "../../../creusot-contracts/src/logic/ord.rs" 122 39 122 84 + let%span sord41 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 use prelude.prelude.Borrow type t_MyHashMap'0 + use prelude.prelude.Int + use prelude.prelude.UInt64 type t_Bdd'0 = - { t_Bdd__0'0: t_Node'0; t_Bdd__1'0: uint64 } + { t_Bdd__0'0: t_Node'0; t_Bdd__1'0: UInt64.t } with t_Node'0 = | C_False'0 | C_True'0 - | C_If'0 uint64 (t_Bdd'0) (t_Bdd'0) + | C_If'0 UInt64.t (t_Bdd'0) (t_Bdd'0) use map.Map @@ -1464,15 +1638,15 @@ module M_bdd__qyi11078426090797403070__bdd_canonical [#"bdd.rs" 424 4 424 62] (* type t_Context'0 = { t_Context__alloc'0: (); t_Context__hashcons'0: t_MyHashMap'0; - t_Context__hashcons_ghost'0: Snapshot.snap_ty (Map.map uint64 (t_Node'0)); + t_Context__hashcons_ghost'0: Snapshot.snap_ty (Map.map UInt64.t (t_Node'0)); t_Context__not_memo'0: t_MyHashMap'1; t_Context__and_memo'0: t_MyHashMap'2; - t_Context__cnt'0: uint64 } + t_Context__cnt'0: UInt64.t } type t_NodeLog'0 = | C_False'1 | C_True'1 - | C_If'1 uint64 uint64 uint64 + | C_If'1 UInt64.t UInt64.t UInt64.t type t_Option'0 = | C_None'0 @@ -1502,17 +1676,15 @@ module M_bdd__qyi11078426090797403070__bdd_canonical [#"bdd.rs" 424 4 424 62] (* use prelude.prelude.UInt64 - use prelude.prelude.Int - - constant v_MAX'0 : uint64 = (18446744073709551615 : uint64) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - function view'3 (self : uint64) : int = - [%#smodel15] UInt64.to_int self + function view'3 (self : UInt64.t) : int = + [%#smodel15] UInt64.to_uint self function leastvar'0 [#"bdd.rs" 242 4 242 28] (self : t_Bdd'0) : int = [%#sbdd23] match self with - | {t_Bdd__0'0 = C_True'0} -> UInt64.to_int (v_MAX'0 : uint64) + 1 - | {t_Bdd__0'0 = C_False'0} -> UInt64.to_int (v_MAX'0 : uint64) + 1 + | {t_Bdd__0'0 = C_True'0} -> UInt64.to_uint (v_MAX'0 : UInt64.t) + 1 + | {t_Bdd__0'0 = C_False'0} -> UInt64.to_uint (v_MAX'0 : UInt64.t) + 1 | {t_Bdd__0'0 = C_If'0 v _ _} -> view'3 v end @@ -1522,9 +1694,66 @@ module M_bdd__qyi11078426090797403070__bdd_canonical [#"bdd.rs" 424 4 424 62] (* | C_False'0 -> true | C_If'0 v childt childf -> childt.t_Bdd__0'0 <> childf.t_Bdd__0'0 /\ is_valid_bdd'0 self childt - /\ is_valid_bdd'0 self childf /\ UInt64.to_int v < leastvar'0 childt /\ UInt64.to_int v < leastvar'0 childf + /\ is_valid_bdd'0 self childf /\ UInt64.to_uint v < leastvar'0 childt /\ UInt64.to_uint v < leastvar'0 childf end + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 + + use prelude.prelude.UInt64 + + function cmp_log'0 (self : UInt64.t) (o : UInt64.t) : t_Ordering'0 = + [%#sord41] if UInt64.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + + function eq_cmp'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom eq_cmp'0_spec : forall x : UInt64.t, y : UInt64.t . [%#sord40] (x = y) = (cmp_log'0 x y = C_Equal'0) + + function antisym2'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom antisym2'0_spec : forall x : UInt64.t, y : UInt64.t . ([%#sord38] cmp_log'0 x y = C_Greater'0) + -> ([%#sord39] cmp_log'0 y x = C_Less'0) + + function antisym1'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom antisym1'0_spec : forall x : UInt64.t, y : UInt64.t . ([%#sord36] cmp_log'0 x y = C_Less'0) + -> ([%#sord37] cmp_log'0 y x = C_Greater'0) + + function trans'0 (x : UInt64.t) (y : UInt64.t) (z : UInt64.t) (o : t_Ordering'0) : () + + axiom trans'0_spec : forall x : UInt64.t, y : UInt64.t, z : UInt64.t, o : t_Ordering'0 . ([%#sord33] cmp_log'0 x y + = o) -> ([%#sord34] cmp_log'0 y z = o) -> ([%#sord35] cmp_log'0 x z = o) + + function refl'0 (x : UInt64.t) : () + + axiom refl'0_spec : forall x : UInt64.t . [%#sord32] cmp_log'0 x x = C_Equal'0 + + use prelude.prelude.UInt64 + + function cmp_gt_log'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom cmp_gt_log'0_spec : forall x : UInt64.t, y : UInt64.t . [%#sord31] UInt64.ugt x y + = (cmp_log'0 x y = C_Greater'0) + + use prelude.prelude.UInt64 + + function cmp_ge_log'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom cmp_ge_log'0_spec : forall x : UInt64.t, y : UInt64.t . [%#sord30] UInt64.uge x y = (cmp_log'0 x y <> C_Less'0) + + function cmp_lt_log'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom cmp_lt_log'0_spec : forall x : UInt64.t, y : UInt64.t . [%#sord29] UInt64.ult x y = (cmp_log'0 x y = C_Less'0) + + use prelude.prelude.UInt64 + + function cmp_le_log'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom cmp_le_log'0_spec : forall x : UInt64.t, y : UInt64.t . [%#sord28] UInt64.ule x y + = (cmp_log'0 x y <> C_Greater'0) + use prelude.prelude.Snapshot use map.Map @@ -1533,7 +1762,7 @@ module M_bdd__qyi11078426090797403070__bdd_canonical [#"bdd.rs" 424 4 424 62] (* use map.Map - function interp'0 [#"bdd.rs" 212 4 212 53] (self : t_Bdd'0) (vars : Map.map uint64 bool) : bool = + function interp'0 [#"bdd.rs" 212 4 212 53] (self : t_Bdd'0) (vars : Map.map UInt64.t bool) : bool = [%#sbdd7] match self with | {t_Bdd__0'0 = C_True'0} -> true | {t_Bdd__0'0 = C_False'0} -> false @@ -1542,13 +1771,13 @@ module M_bdd__qyi11078426090797403070__bdd_canonical [#"bdd.rs" 424 4 424 62] (* use map.Map - function view'4 [#"bdd.rs" 49 8 49 37] (self : t_MyHashMap'1) : Map.map uint64 (t_Option'0) + function view'4 [#"bdd.rs" 49 8 49 37] (self : t_MyHashMap'1) : Map.map UInt64.t (t_Option'0) use map.Map use map.Map - function view'5 [#"bdd.rs" 49 8 49 37] (self : t_MyHashMap'2) : Map.map (uint64, uint64) (t_Option'0) + function view'5 [#"bdd.rs" 49 8 49 37] (self : t_MyHashMap'2) : Map.map (UInt64.t, UInt64.t) (t_Option'0) use map.Map @@ -1556,18 +1785,18 @@ module M_bdd__qyi11078426090797403070__bdd_canonical [#"bdd.rs" 424 4 424 62] (* [%#sbdd24] (forall n : t_NodeLog'0 . match Map.get (view'0 self.t_Context__hashcons'0) n with | C_Some'0 b -> view'1 b.t_Bdd__0'0 = n /\ is_valid_node'0 self b.t_Bdd__0'0 - /\ b.t_Bdd__1'0 < self.t_Context__cnt'0 + /\ UInt64.ult b.t_Bdd__1'0 self.t_Context__cnt'0 /\ Map.get (Snapshot.inner self.t_Context__hashcons_ghost'0) b.t_Bdd__1'0 = b.t_Bdd__0'0 | C_None'0 -> true end) - /\ (forall bm : uint64 . match Map.get (view'4 self.t_Context__not_memo'0) bm with + /\ (forall bm : UInt64.t . match Map.get (view'4 self.t_Context__not_memo'0) bm with | C_None'0 -> true | C_Some'0 n -> let b = { t_Bdd__0'0 = Map.get (Snapshot.inner self.t_Context__hashcons_ghost'0) bm; t_Bdd__1'0 = bm } in is_valid_bdd'0 self n /\ is_valid_bdd'0 self b /\ (forall v : Map.map UInt64.t bool . interp'0 n v = (not interp'0 b v)) /\ leastvar'0 b <= leastvar'0 n end) - /\ (forall abm : (uint64, uint64) . match Map.get (view'5 self.t_Context__and_memo'0) abm with + /\ (forall abm : (UInt64.t, UInt64.t) . match Map.get (view'5 self.t_Context__and_memo'0) abm with | C_None'0 -> true | C_Some'0 n -> let a = { t_Bdd__0'0 = Map.get (Snapshot.inner self.t_Context__hashcons_ghost'0) (let (a, _) = abm in a); t_Bdd__1'0 = (let (a, _) = abm in a) } in let b = { t_Bdd__0'0 = Map.get (Snapshot.inner self.t_Context__hashcons_ghost'0) (let (_, a) = abm in a); @@ -1597,7 +1826,7 @@ module M_bdd__qyi11078426090797403070__bdd_canonical [#"bdd.rs" 424 4 424 62] (* use map.Map - function set_irrelevent_var'0 [#"bdd.rs" 355 4 355 87] (self : t_Context'0) (a : t_Bdd'0) (x : uint64) (v : Map.map uint64 bool) (b : bool) : () + function set_irrelevent_var'0 [#"bdd.rs" 355 4 355 87] (self : t_Context'0) (a : t_Bdd'0) (x : UInt64.t) (v : Map.map UInt64.t bool) (b : bool) : () = [%#sbdd22] match a with @@ -1605,13 +1834,13 @@ module M_bdd__qyi11078426090797403070__bdd_canonical [#"bdd.rs" 424 4 424 62] (* | _ -> () end - axiom set_irrelevent_var'0_spec : forall self : t_Context'0, a : t_Bdd'0, x : uint64, v : Map.map uint64 bool, b : bool . ([%#sbdd18] inv'0 self) + axiom set_irrelevent_var'0_spec : forall self : t_Context'0, a : t_Bdd'0, x : UInt64.t, v : Map.map UInt64.t bool, b : bool . ([%#sbdd18] inv'0 self) -> ([%#sbdd19] is_valid_bdd'0 self a) - -> ([%#sbdd20] UInt64.to_int x < leastvar'0 a) -> ([%#sbdd21] interp'0 a v = interp'0 a (Map.set v x b)) + -> ([%#sbdd20] UInt64.to_uint x < leastvar'0 a) -> ([%#sbdd21] interp'0 a v = interp'0 a (Map.set v x b)) use map.Const - function discr_valuation'0 [#"bdd.rs" 375 4 375 82] (self : t_Context'0) (a : t_Bdd'0) (b : t_Bdd'0) : Map.map uint64 bool + function discr_valuation'0 [#"bdd.rs" 375 4 375 82] (self : t_Context'0) (a : t_Bdd'0) (b : t_Bdd'0) : Map.map UInt64.t bool axiom discr_valuation'0_def : forall self : t_Context'0, a : t_Bdd'0, b : t_Bdd'0 . ([%#sbdd8] inv'0 self) @@ -1667,7 +1896,7 @@ module M_bdd__qyi11078426090797403070__bdd_canonical [#"bdd.rs" 424 4 424 62] (* function bdd_canonical'0 [#"bdd.rs" 424 4 424 62] (self : t_Context'0) (a : t_Bdd'0) (b : t_Bdd'0) : () - goal vc_bdd_canonical'0 : ([%#sbdd3] forall v : Map.map uint64 bool . interp'0 a v = interp'0 b v) + goal vc_bdd_canonical'0 : ([%#sbdd3] forall v : Map.map UInt64.t bool . interp'0 a v = interp'0 b v) -> ([%#sbdd2] is_valid_bdd'0 self b) -> ([%#sbdd1] is_valid_bdd'0 self a) -> ([%#sbdd0] inv'0 self) -> (let _ = discr_valuation'0 in [%#sbdd4] a = b) end @@ -1686,18 +1915,34 @@ module M_bdd__qyi11078426090797403070__new [#"bdd.rs" 430 4 430 52] (* Context<' let%span sbdd11 = "bdd.rs" 214 12 221 13 let%span sbdd12 = "bdd.rs" 244 12 248 13 let%span sbdd13 = "bdd.rs" 179 20 179 37 - let%span sbdd14 = "bdd.rs" 163 12 167 13 + let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 78 39 78 89 + let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 83 39 83 86 + let%span sord16 = "../../../creusot-contracts/src/logic/ord.rs" 88 39 88 86 + let%span sord17 = "../../../creusot-contracts/src/logic/ord.rs" 93 39 93 89 + let%span sord18 = "../../../creusot-contracts/src/logic/ord.rs" 98 39 98 70 + let%span sord19 = "../../../creusot-contracts/src/logic/ord.rs" 103 40 103 57 + let%span sord20 = "../../../creusot-contracts/src/logic/ord.rs" 104 40 104 57 + let%span sord21 = "../../../creusot-contracts/src/logic/ord.rs" 105 39 105 56 + let%span sord22 = "../../../creusot-contracts/src/logic/ord.rs" 110 40 110 70 + let%span sord23 = "../../../creusot-contracts/src/logic/ord.rs" 111 39 111 72 + let%span sord24 = "../../../creusot-contracts/src/logic/ord.rs" 116 40 116 73 + let%span sord25 = "../../../creusot-contracts/src/logic/ord.rs" 117 39 117 69 + let%span sord26 = "../../../creusot-contracts/src/logic/ord.rs" 122 39 122 84 + let%span sbdd27 = "bdd.rs" 163 12 167 13 + let%span sord28 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.UInt64 use prelude.prelude.Borrow type t_Bdd'0 = - { t_Bdd__0'0: t_Node'0; t_Bdd__1'0: uint64 } + { t_Bdd__0'0: t_Node'0; t_Bdd__1'0: UInt64.t } with t_Node'0 = | C_False'0 | C_True'0 - | C_If'0 uint64 (t_Bdd'0) (t_Bdd'0) + | C_If'0 UInt64.t (t_Bdd'0) (t_Bdd'0) use prelude.prelude.Intrinsic @@ -1710,7 +1955,7 @@ module M_bdd__qyi11078426090797403070__new [#"bdd.rs" 430 4 430 52] (* Context<' type t_NodeLog'0 = | C_False'1 | C_True'1 - | C_If'1 uint64 uint64 uint64 + | C_If'1 UInt64.t UInt64.t UInt64.t type t_Option'0 = | C_None'0 @@ -1734,7 +1979,7 @@ module M_bdd__qyi11078426090797403070__new [#"bdd.rs" 430 4 430 52] (* Context<' use map.Map - function view'1 [#"bdd.rs" 49 8 49 37] (self : t_MyHashMap'1) : Map.map uint64 (t_Option'0) + function view'1 [#"bdd.rs" 49 8 49 37] (self : t_MyHashMap'1) : Map.map UInt64.t (t_Option'0) use map.Const @@ -1746,7 +1991,7 @@ module M_bdd__qyi11078426090797403070__new [#"bdd.rs" 430 4 430 52] (* Context<' use map.Map - function view'2 [#"bdd.rs" 49 8 49 37] (self : t_MyHashMap'2) : Map.map (uint64, uint64) (t_Option'0) + function view'2 [#"bdd.rs" 49 8 49 37] (self : t_MyHashMap'2) : Map.map (UInt64.t, UInt64.t) (t_Option'0) use map.Const @@ -1761,13 +2006,13 @@ module M_bdd__qyi11078426090797403070__new [#"bdd.rs" 430 4 430 52] (* Context<' type t_Context'0 = { t_Context__alloc'0: (); t_Context__hashcons'0: t_MyHashMap'0; - t_Context__hashcons_ghost'0: Snapshot.snap_ty (Map.map uint64 (t_Node'0)); + t_Context__hashcons_ghost'0: Snapshot.snap_ty (Map.map UInt64.t (t_Node'0)); t_Context__not_memo'0: t_MyHashMap'1; t_Context__and_memo'0: t_MyHashMap'2; - t_Context__cnt'0: uint64 } + t_Context__cnt'0: UInt64.t } function deep_model'0 [#"bdd.rs" 161 4 161 44] (self : t_Node'0) : t_NodeLog'0 = - [%#sbdd14] match self with + [%#sbdd27] match self with | C_False'0 -> C_False'1 | C_True'0 -> C_True'1 | C_If'0 v childt childf -> C_If'1 v (childt.t_Bdd__1'0) (childf.t_Bdd__1'0) @@ -1786,17 +2031,15 @@ module M_bdd__qyi11078426090797403070__new [#"bdd.rs" 430 4 430 52] (* Context<' use prelude.prelude.UInt64 - use prelude.prelude.Int - - constant v_MAX'0 : uint64 = (18446744073709551615 : uint64) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) function view'5 (self : UInt64.t) : int = - [%#smodel8] UInt64.to_int self + [%#smodel8] UInt64.to_uint self function leastvar'0 [#"bdd.rs" 242 4 242 28] (self : t_Bdd'0) : int = [%#sbdd12] match self with - | {t_Bdd__0'0 = C_True'0} -> UInt64.to_int (v_MAX'0 : uint64) + 1 - | {t_Bdd__0'0 = C_False'0} -> UInt64.to_int (v_MAX'0 : uint64) + 1 + | {t_Bdd__0'0 = C_True'0} -> UInt64.to_uint (v_MAX'0 : UInt64.t) + 1 + | {t_Bdd__0'0 = C_False'0} -> UInt64.to_uint (v_MAX'0 : UInt64.t) + 1 | {t_Bdd__0'0 = C_If'0 v _ _} -> view'5 v end @@ -1806,9 +2049,66 @@ module M_bdd__qyi11078426090797403070__new [#"bdd.rs" 430 4 430 52] (* Context<' | C_False'0 -> true | C_If'0 v childt childf -> childt.t_Bdd__0'0 <> childf.t_Bdd__0'0 /\ is_valid_bdd'0 self childt - /\ is_valid_bdd'0 self childf /\ UInt64.to_int v < leastvar'0 childt /\ UInt64.to_int v < leastvar'0 childf + /\ is_valid_bdd'0 self childf /\ UInt64.to_uint v < leastvar'0 childt /\ UInt64.to_uint v < leastvar'0 childf end + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 + + use prelude.prelude.UInt64 + + function cmp_log'0 (self : UInt64.t) (o : UInt64.t) : t_Ordering'0 = + [%#sord28] if UInt64.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + + function eq_cmp'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom eq_cmp'0_spec : forall x : UInt64.t, y : UInt64.t . [%#sord26] (x = y) = (cmp_log'0 x y = C_Equal'0) + + function antisym2'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom antisym2'0_spec : forall x : UInt64.t, y : UInt64.t . ([%#sord24] cmp_log'0 x y = C_Greater'0) + -> ([%#sord25] cmp_log'0 y x = C_Less'0) + + function antisym1'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom antisym1'0_spec : forall x : UInt64.t, y : UInt64.t . ([%#sord22] cmp_log'0 x y = C_Less'0) + -> ([%#sord23] cmp_log'0 y x = C_Greater'0) + + function trans'0 (x : UInt64.t) (y : UInt64.t) (z : UInt64.t) (o : t_Ordering'0) : () + + axiom trans'0_spec : forall x : UInt64.t, y : UInt64.t, z : UInt64.t, o : t_Ordering'0 . ([%#sord19] cmp_log'0 x y + = o) -> ([%#sord20] cmp_log'0 y z = o) -> ([%#sord21] cmp_log'0 x z = o) + + function refl'0 (x : UInt64.t) : () + + axiom refl'0_spec : forall x : UInt64.t . [%#sord18] cmp_log'0 x x = C_Equal'0 + + use prelude.prelude.UInt64 + + function cmp_gt_log'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom cmp_gt_log'0_spec : forall x : UInt64.t, y : UInt64.t . [%#sord17] UInt64.ugt x y + = (cmp_log'0 x y = C_Greater'0) + + use prelude.prelude.UInt64 + + function cmp_ge_log'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom cmp_ge_log'0_spec : forall x : UInt64.t, y : UInt64.t . [%#sord16] UInt64.uge x y = (cmp_log'0 x y <> C_Less'0) + + function cmp_lt_log'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom cmp_lt_log'0_spec : forall x : UInt64.t, y : UInt64.t . [%#sord15] UInt64.ult x y = (cmp_log'0 x y = C_Less'0) + + use prelude.prelude.UInt64 + + function cmp_le_log'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom cmp_le_log'0_spec : forall x : UInt64.t, y : UInt64.t . [%#sord14] UInt64.ule x y + = (cmp_log'0 x y <> C_Greater'0) + use prelude.prelude.Snapshot use map.Map @@ -1817,7 +2117,7 @@ module M_bdd__qyi11078426090797403070__new [#"bdd.rs" 430 4 430 52] (* Context<' use map.Map - function interp'0 [#"bdd.rs" 212 4 212 53] (self : t_Bdd'0) (vars : Map.map uint64 bool) : bool = + function interp'0 [#"bdd.rs" 212 4 212 53] (self : t_Bdd'0) (vars : Map.map UInt64.t bool) : bool = [%#sbdd11] match self with | {t_Bdd__0'0 = C_True'0} -> true | {t_Bdd__0'0 = C_False'0} -> false @@ -1832,18 +2132,18 @@ module M_bdd__qyi11078426090797403070__new [#"bdd.rs" 430 4 430 52] (* Context<' [%#sbdd7] (forall n : t_NodeLog'0 . match Map.get (view'0 self.t_Context__hashcons'0) n with | C_Some'0 b -> view'3 b.t_Bdd__0'0 = n /\ is_valid_node'0 self b.t_Bdd__0'0 - /\ b.t_Bdd__1'0 < self.t_Context__cnt'0 + /\ UInt64.ult b.t_Bdd__1'0 self.t_Context__cnt'0 /\ Map.get (Snapshot.inner self.t_Context__hashcons_ghost'0) b.t_Bdd__1'0 = b.t_Bdd__0'0 | C_None'0 -> true end) - /\ (forall bm : uint64 . match Map.get (view'1 self.t_Context__not_memo'0) bm with + /\ (forall bm : UInt64.t . match Map.get (view'1 self.t_Context__not_memo'0) bm with | C_None'0 -> true | C_Some'0 n -> let b = { t_Bdd__0'0 = Map.get (Snapshot.inner self.t_Context__hashcons_ghost'0) bm; t_Bdd__1'0 = bm } in is_valid_bdd'0 self n /\ is_valid_bdd'0 self b /\ (forall v : Map.map UInt64.t bool . interp'0 n v = (not interp'0 b v)) /\ leastvar'0 b <= leastvar'0 n end) - /\ (forall abm : (uint64, uint64) . match Map.get (view'2 self.t_Context__and_memo'0) abm with + /\ (forall abm : (UInt64.t, UInt64.t) . match Map.get (view'2 self.t_Context__and_memo'0) abm with | C_None'0 -> true | C_Some'0 n -> let a = { t_Bdd__0'0 = Map.get (Snapshot.inner self.t_Context__hashcons_ghost'0) (let (a, _) = abm in a); t_Bdd__1'0 = (let (a, _) = abm in a) } in let b = { t_Bdd__0'0 = Map.get (Snapshot.inner self.t_Context__hashcons_ghost'0) (let (_, a) = abm in a); @@ -1881,7 +2181,7 @@ module M_bdd__qyi11078426090797403070__new [#"bdd.rs" 430 4 430 52] (* Context<' t_Context__hashcons_ghost'0 = _6; t_Context__not_memo'0 = _8; t_Context__and_memo'0 = _9; - t_Context__cnt'0 = ([%#sbdd4] (0 : uint64)) } ] + t_Context__cnt'0 = ([%#sbdd4] (0 : UInt64.t)) } ] s1 | s1 = return' {_0} ] @@ -1891,7 +2191,7 @@ module M_bdd__qyi11078426090797403070__new [#"bdd.rs" 430 4 430 52] (* Context<' | & alloc : () = alloc | & t : t_Node'0 = any_l () | & _5 : t_MyHashMap'0 = any_l () - | & _6 : Snapshot.snap_ty (Map.map uint64 (t_Node'0)) = any_l () + | & _6 : Snapshot.snap_ty (Map.map UInt64.t (t_Node'0)) = any_l () | & _8 : t_MyHashMap'1 = any_l () | & _9 : t_MyHashMap'2 = any_l () | & _10 : t_Node'0 = any_l () ] @@ -1899,8 +2199,8 @@ module M_bdd__qyi11078426090797403070__new [#"bdd.rs" 430 4 430 52] (* Context<' end module M_bdd__qyi11078426090797403070__hashcons [#"bdd.rs" 446 4 446 58] (* Context<'arena> *) let%span sbdd0 = "bdd.rs" 453 30 453 77 - let%span sbdd1 = "bdd.rs" 454 22 454 30 - let%span sbdd2 = "bdd.rs" 454 33 454 34 + let%span sbdd1 = "bdd.rs" 454 33 454 34 + let%span sbdd2 = "bdd.rs" 454 22 454 30 let%span sbdd3 = "bdd.rs" 460 20 460 21 let%span sbdd4 = "bdd.rs" 448 28 448 38 let%span sbdd5 = "bdd.rs" 446 21 446 25 @@ -1930,19 +2230,35 @@ module M_bdd__qyi11078426090797403070__hashcons [#"bdd.rs" 446 4 446 58] (* Cont let%span sinvariant29 = "../../../creusot-contracts/src/invariant.rs" 34 20 34 44 let%span sbdd30 = "bdd.rs" 267 12 291 19 let%span sbdd31 = "bdd.rs" 214 12 221 13 + let%span sord32 = "../../../creusot-contracts/src/logic/ord.rs" 78 39 78 89 + let%span sord33 = "../../../creusot-contracts/src/logic/ord.rs" 83 39 83 86 + let%span sord34 = "../../../creusot-contracts/src/logic/ord.rs" 88 39 88 86 + let%span sord35 = "../../../creusot-contracts/src/logic/ord.rs" 93 39 93 89 + let%span sord36 = "../../../creusot-contracts/src/logic/ord.rs" 98 39 98 70 + let%span sord37 = "../../../creusot-contracts/src/logic/ord.rs" 103 40 103 57 + let%span sord38 = "../../../creusot-contracts/src/logic/ord.rs" 104 40 104 57 + let%span sord39 = "../../../creusot-contracts/src/logic/ord.rs" 105 39 105 56 + let%span sord40 = "../../../creusot-contracts/src/logic/ord.rs" 110 40 110 70 + let%span sord41 = "../../../creusot-contracts/src/logic/ord.rs" 111 39 111 72 + let%span sord42 = "../../../creusot-contracts/src/logic/ord.rs" 116 40 116 73 + let%span sord43 = "../../../creusot-contracts/src/logic/ord.rs" 117 39 117 69 + let%span sord44 = "../../../creusot-contracts/src/logic/ord.rs" 122 39 122 84 + let%span sord45 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 use prelude.prelude.Borrow type t_MyHashMap'0 + use prelude.prelude.Int + use prelude.prelude.UInt64 type t_Bdd'0 = - { t_Bdd__0'0: t_Node'0; t_Bdd__1'0: uint64 } + { t_Bdd__0'0: t_Node'0; t_Bdd__1'0: UInt64.t } with t_Node'0 = | C_False'0 | C_True'0 - | C_If'0 uint64 (t_Bdd'0) (t_Bdd'0) + | C_If'0 UInt64.t (t_Bdd'0) (t_Bdd'0) use map.Map @@ -1955,10 +2271,10 @@ module M_bdd__qyi11078426090797403070__hashcons [#"bdd.rs" 446 4 446 58] (* Cont type t_Context'0 = { t_Context__alloc'0: (); t_Context__hashcons'0: t_MyHashMap'0; - t_Context__hashcons_ghost'0: Snapshot.snap_ty (Map.map uint64 (t_Node'0)); + t_Context__hashcons_ghost'0: Snapshot.snap_ty (Map.map UInt64.t (t_Node'0)); t_Context__not_memo'0: t_MyHashMap'1; t_Context__and_memo'0: t_MyHashMap'2; - t_Context__cnt'0: uint64 } + t_Context__cnt'0: UInt64.t } predicate inv'1 (_1 : t_Node'0) @@ -1975,7 +2291,7 @@ module M_bdd__qyi11078426090797403070__hashcons [#"bdd.rs" 446 4 446 58] (* Cont type t_NodeLog'0 = | C_False'1 | C_True'1 - | C_If'1 uint64 uint64 uint64 + | C_If'1 UInt64.t UInt64.t UInt64.t type t_Option'1 = | C_None'1 @@ -2067,17 +2383,15 @@ module M_bdd__qyi11078426090797403070__hashcons [#"bdd.rs" 446 4 446 58] (* Cont use prelude.prelude.UInt64 - use prelude.prelude.Int - - constant v_MAX'0 : uint64 = (18446744073709551615 : uint64) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) function view'5 (self : UInt64.t) : int = - [%#smodel19] UInt64.to_int self + [%#smodel19] UInt64.to_uint self function leastvar'0 [#"bdd.rs" 242 4 242 28] (self : t_Bdd'0) : int = [%#sbdd28] match self with - | {t_Bdd__0'0 = C_True'0} -> UInt64.to_int (v_MAX'0 : uint64) + 1 - | {t_Bdd__0'0 = C_False'0} -> UInt64.to_int (v_MAX'0 : uint64) + 1 + | {t_Bdd__0'0 = C_True'0} -> UInt64.to_uint (v_MAX'0 : UInt64.t) + 1 + | {t_Bdd__0'0 = C_False'0} -> UInt64.to_uint (v_MAX'0 : UInt64.t) + 1 | {t_Bdd__0'0 = C_If'0 v _ _} -> view'5 v end @@ -2087,16 +2401,73 @@ module M_bdd__qyi11078426090797403070__hashcons [#"bdd.rs" 446 4 446 58] (* Cont | C_False'0 -> true | C_If'0 v childt childf -> childt.t_Bdd__0'0 <> childf.t_Bdd__0'0 /\ is_valid_bdd'0 self childt - /\ is_valid_bdd'0 self childf /\ UInt64.to_int v < leastvar'0 childt /\ UInt64.to_int v < leastvar'0 childf + /\ is_valid_bdd'0 self childf /\ UInt64.to_uint v < leastvar'0 childt /\ UInt64.to_uint v < leastvar'0 childf end + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 + + use prelude.prelude.UInt64 + + function cmp_log'0 (self : UInt64.t) (o : UInt64.t) : t_Ordering'0 = + [%#sord45] if UInt64.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + + function eq_cmp'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom eq_cmp'0_spec : forall x : UInt64.t, y : UInt64.t . [%#sord44] (x = y) = (cmp_log'0 x y = C_Equal'0) + + function antisym2'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom antisym2'0_spec : forall x : UInt64.t, y : UInt64.t . ([%#sord42] cmp_log'0 x y = C_Greater'0) + -> ([%#sord43] cmp_log'0 y x = C_Less'0) + + function antisym1'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom antisym1'0_spec : forall x : UInt64.t, y : UInt64.t . ([%#sord40] cmp_log'0 x y = C_Less'0) + -> ([%#sord41] cmp_log'0 y x = C_Greater'0) + + function trans'0 (x : UInt64.t) (y : UInt64.t) (z : UInt64.t) (o : t_Ordering'0) : () + + axiom trans'0_spec : forall x : UInt64.t, y : UInt64.t, z : UInt64.t, o : t_Ordering'0 . ([%#sord37] cmp_log'0 x y + = o) -> ([%#sord38] cmp_log'0 y z = o) -> ([%#sord39] cmp_log'0 x z = o) + + function refl'0 (x : UInt64.t) : () + + axiom refl'0_spec : forall x : UInt64.t . [%#sord36] cmp_log'0 x x = C_Equal'0 + + use prelude.prelude.UInt64 + + function cmp_gt_log'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom cmp_gt_log'0_spec : forall x : UInt64.t, y : UInt64.t . [%#sord35] UInt64.ugt x y + = (cmp_log'0 x y = C_Greater'0) + + use prelude.prelude.UInt64 + + function cmp_ge_log'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom cmp_ge_log'0_spec : forall x : UInt64.t, y : UInt64.t . [%#sord34] UInt64.uge x y = (cmp_log'0 x y <> C_Less'0) + + function cmp_lt_log'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom cmp_lt_log'0_spec : forall x : UInt64.t, y : UInt64.t . [%#sord33] UInt64.ult x y = (cmp_log'0 x y = C_Less'0) + + use prelude.prelude.UInt64 + + function cmp_le_log'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom cmp_le_log'0_spec : forall x : UInt64.t, y : UInt64.t . [%#sord32] UInt64.ule x y + = (cmp_log'0 x y <> C_Greater'0) + use map.Map use map.Map use map.Map - function interp'0 [#"bdd.rs" 212 4 212 53] (self : t_Bdd'0) (vars : Map.map uint64 bool) : bool = + function interp'0 [#"bdd.rs" 212 4 212 53] (self : t_Bdd'0) (vars : Map.map UInt64.t bool) : bool = [%#sbdd31] match self with | {t_Bdd__0'0 = C_True'0} -> true | {t_Bdd__0'0 = C_False'0} -> false @@ -2105,13 +2476,13 @@ module M_bdd__qyi11078426090797403070__hashcons [#"bdd.rs" 446 4 446 58] (* Cont use map.Map - function view'6 [#"bdd.rs" 49 8 49 37] (self : t_MyHashMap'1) : Map.map uint64 (t_Option'1) + function view'6 [#"bdd.rs" 49 8 49 37] (self : t_MyHashMap'1) : Map.map UInt64.t (t_Option'1) use map.Map use map.Map - function view'7 [#"bdd.rs" 49 8 49 37] (self : t_MyHashMap'2) : Map.map (uint64, uint64) (t_Option'1) + function view'7 [#"bdd.rs" 49 8 49 37] (self : t_MyHashMap'2) : Map.map (UInt64.t, UInt64.t) (t_Option'1) use map.Map @@ -2119,18 +2490,18 @@ module M_bdd__qyi11078426090797403070__hashcons [#"bdd.rs" 446 4 446 58] (* Cont [%#sbdd30] (forall n : t_NodeLog'0 . match Map.get (view'3 self.t_Context__hashcons'0) n with | C_Some'1 b -> view'0 b.t_Bdd__0'0 = n /\ is_valid_node'0 self b.t_Bdd__0'0 - /\ b.t_Bdd__1'0 < self.t_Context__cnt'0 + /\ UInt64.ult b.t_Bdd__1'0 self.t_Context__cnt'0 /\ Map.get (Snapshot.inner self.t_Context__hashcons_ghost'0) b.t_Bdd__1'0 = b.t_Bdd__0'0 | C_None'1 -> true end) - /\ (forall bm : uint64 . match Map.get (view'6 self.t_Context__not_memo'0) bm with + /\ (forall bm : UInt64.t . match Map.get (view'6 self.t_Context__not_memo'0) bm with | C_None'1 -> true | C_Some'1 n -> let b = { t_Bdd__0'0 = Map.get (Snapshot.inner self.t_Context__hashcons_ghost'0) bm; t_Bdd__1'0 = bm } in is_valid_bdd'0 self n /\ is_valid_bdd'0 self b /\ (forall v : Map.map UInt64.t bool . interp'0 n v = (not interp'0 b v)) /\ leastvar'0 b <= leastvar'0 n end) - /\ (forall abm : (uint64, uint64) . match Map.get (view'7 self.t_Context__and_memo'0) abm with + /\ (forall abm : (UInt64.t, UInt64.t) . match Map.get (view'7 self.t_Context__and_memo'0) abm with | C_None'1 -> true | C_Some'1 n -> let a = { t_Bdd__0'0 = Map.get (Snapshot.inner self.t_Context__hashcons_ghost'0) (let (a, _) = abm in a); t_Bdd__1'0 = (let (a, _) = abm in a) } in let b = { t_Bdd__0'0 = Map.get (Snapshot.inner self.t_Context__hashcons_ghost'0) (let (_, a) = abm in a); @@ -2172,7 +2543,7 @@ module M_bdd__qyi11078426090797403070__hashcons [#"bdd.rs" 446 4 446 58] (* Cont use prelude.prelude.Snapshot predicate grows'0 [#"bdd.rs" 299 4 299 35] (self : borrowed (t_Context'0)) = - [%#sbdd22] UInt64.to_int (self.current).t_Context__cnt'0 <= UInt64.to_int (self.final).t_Context__cnt'0 + [%#sbdd22] UInt64.to_uint (self.current).t_Context__cnt'0 <= UInt64.to_uint (self.final).t_Context__cnt'0 /\ (forall n : t_NodeLog'0 . match Map.get (view'3 (self.current).t_Context__hashcons'0) n with | C_Some'1 b -> Map.get (view'3 (self.final).t_Context__hashcons'0) n = C_Some'1 b | C_None'1 -> true @@ -2216,8 +2587,8 @@ module M_bdd__qyi11078426090797403070__hashcons [#"bdd.rs" 446 4 446 58] (* Cont | bb7 = s0 [ s0 = [ &self <- { self with current = { self.current with t_Context__hashcons_ghost'0 = _27 } } ] s1 - | s1 = UInt64.sub {[%#sbdd1] (18446744073709551615 : uint64)} {[%#sbdd2] (1 : uint64)} - (fun (_ret':uint64) -> [ &_32 <- _ret' ] s2) + | s1 = UInt64.sub {[%#sbdd2] (18446744073709551615 : UInt64.t)} {[%#sbdd1] (1 : UInt64.t)} + (fun (_ret':UInt64.t) -> [ &_32 <- _ret' ] s2) | s2 = UInt64.gt {(self.current).t_Context__cnt'0} {_32} (fun (_ret':bool) -> [ &_30 <- _ret' ] s3) | s3 = any [ br0 -> {_30 = false} (! bb11) | br1 -> {_30} (! bb8) ] ] @@ -2235,8 +2606,8 @@ module M_bdd__qyi11078426090797403070__hashcons [#"bdd.rs" 446 4 446 58] (* Cont ] | bb11 = s0 - [ s0 = UInt64.add {(self.current).t_Context__cnt'0} {[%#sbdd3] (1 : uint64)} - (fun (_ret':uint64) -> + [ s0 = UInt64.add {(self.current).t_Context__cnt'0} {[%#sbdd3] (1 : UInt64.t)} + (fun (_ret':UInt64.t) -> [ &self <- { self with current = { self.current with t_Context__cnt'0 = _ret' } } ] s1) | s1 = {[@expl:type invariant] inv'0 self} s2 @@ -2265,9 +2636,9 @@ module M_bdd__qyi11078426090797403070__hashcons [#"bdd.rs" 446 4 446 58] (* Cont | & _19 : borrowed (t_Node'0) = any_l () | & _23 : () = any_l () | & _24 : borrowed (t_MyHashMap'0) = any_l () - | & _27 : Snapshot.snap_ty (Map.map uint64 (t_Node'0)) = any_l () + | & _27 : Snapshot.snap_ty (Map.map UInt64.t (t_Node'0)) = any_l () | & _30 : bool = any_l () - | & _32 : uint64 = any_l () + | & _32 : UInt64.t = any_l () | & old_9_0 : Snapshot.snap_ty (borrowed (t_Context'0)) = any_l () ] [ return' (result:t_Bdd'0)-> {[@expl:hashcons ensures #0] [%#sbdd7] result.t_Bdd__0'0 = n} @@ -2304,25 +2675,41 @@ module M_bdd__qyi11078426090797403070__node [#"bdd.rs" 471 4 471 87] (* Context< let%span sbdd24 = "bdd.rs" 179 20 179 37 let%span sbdd25 = "bdd.rs" 189 20 189 26 let%span sbdd26 = "bdd.rs" 163 12 167 13 + let%span sord27 = "../../../creusot-contracts/src/logic/ord.rs" 78 39 78 89 + let%span sord28 = "../../../creusot-contracts/src/logic/ord.rs" 83 39 83 86 + let%span sord29 = "../../../creusot-contracts/src/logic/ord.rs" 88 39 88 86 + let%span sord30 = "../../../creusot-contracts/src/logic/ord.rs" 93 39 93 89 + let%span sord31 = "../../../creusot-contracts/src/logic/ord.rs" 98 39 98 70 + let%span sord32 = "../../../creusot-contracts/src/logic/ord.rs" 103 40 103 57 + let%span sord33 = "../../../creusot-contracts/src/logic/ord.rs" 104 40 104 57 + let%span sord34 = "../../../creusot-contracts/src/logic/ord.rs" 105 39 105 56 + let%span sord35 = "../../../creusot-contracts/src/logic/ord.rs" 110 40 110 70 + let%span sord36 = "../../../creusot-contracts/src/logic/ord.rs" 111 39 111 72 + let%span sord37 = "../../../creusot-contracts/src/logic/ord.rs" 116 40 116 73 + let%span sord38 = "../../../creusot-contracts/src/logic/ord.rs" 117 39 117 69 + let%span sord39 = "../../../creusot-contracts/src/logic/ord.rs" 122 39 122 84 + let%span sord40 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 use prelude.prelude.Borrow + use prelude.prelude.Int + use prelude.prelude.UInt64 type t_Node'0 = | C_False'0 | C_True'0 - | C_If'0 uint64 (t_Bdd'0) (t_Bdd'0) + | C_If'0 UInt64.t (t_Bdd'0) (t_Bdd'0) with t_Bdd'0 = - { t_Bdd__0'0: t_Node'0; t_Bdd__1'0: uint64 } + { t_Bdd__0'0: t_Node'0; t_Bdd__1'0: UInt64.t } - function deep_model'0 [#"bdd.rs" 188 4 188 44] (self : t_Bdd'0) : uint64 = + function deep_model'0 [#"bdd.rs" 188 4 188 44] (self : t_Bdd'0) : UInt64.t = [%#sbdd25] self.t_Bdd__1'0 - function view'4 [#"bdd.rs" 198 4 198 33] (self : t_Bdd'0) : uint64 = + function view'4 [#"bdd.rs" 198 4 198 33] (self : t_Bdd'0) : UInt64.t = [%#sbdd21] deep_model'0 self - function view'0 (self : t_Bdd'0) : uint64 = + function view'0 (self : t_Bdd'0) : UInt64.t = [%#smodel18] view'4 self let rec eq'0 (self:t_Bdd'0) (o:t_Bdd'0) (return' (ret:bool))= any @@ -2342,15 +2729,15 @@ module M_bdd__qyi11078426090797403070__node [#"bdd.rs" 471 4 471 87] (* Context< type t_Context'0 = { t_Context__alloc'0: (); t_Context__hashcons'0: t_MyHashMap'0; - t_Context__hashcons_ghost'0: Snapshot.snap_ty (Map.map uint64 (t_Node'0)); + t_Context__hashcons_ghost'0: Snapshot.snap_ty (Map.map UInt64.t (t_Node'0)); t_Context__not_memo'0: t_MyHashMap'1; t_Context__and_memo'0: t_MyHashMap'2; - t_Context__cnt'0: uint64 } + t_Context__cnt'0: UInt64.t } type t_NodeLog'0 = | C_False'1 | C_True'1 - | C_If'1 uint64 uint64 uint64 + | C_If'1 UInt64.t UInt64.t UInt64.t type t_Option'0 = | C_None'0 @@ -2380,17 +2767,15 @@ module M_bdd__qyi11078426090797403070__node [#"bdd.rs" 471 4 471 87] (* Context< use prelude.prelude.UInt64 - use prelude.prelude.Int - - constant v_MAX'0 : uint64 = (18446744073709551615 : uint64) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - function view'3 (self : uint64) : int = - [%#smodel18] UInt64.to_int self + function view'3 (self : UInt64.t) : int = + [%#smodel18] UInt64.to_uint self function leastvar'0 [#"bdd.rs" 242 4 242 28] (self : t_Bdd'0) : int = [%#sbdd15] match self with - | {t_Bdd__0'0 = C_True'0} -> UInt64.to_int (v_MAX'0 : uint64) + 1 - | {t_Bdd__0'0 = C_False'0} -> UInt64.to_int (v_MAX'0 : uint64) + 1 + | {t_Bdd__0'0 = C_True'0} -> UInt64.to_uint (v_MAX'0 : UInt64.t) + 1 + | {t_Bdd__0'0 = C_False'0} -> UInt64.to_uint (v_MAX'0 : UInt64.t) + 1 | {t_Bdd__0'0 = C_If'0 v _ _} -> view'3 v end @@ -2400,9 +2785,66 @@ module M_bdd__qyi11078426090797403070__node [#"bdd.rs" 471 4 471 87] (* Context< | C_False'0 -> true | C_If'0 v childt childf -> childt.t_Bdd__0'0 <> childf.t_Bdd__0'0 /\ is_valid_bdd'0 self childt - /\ is_valid_bdd'0 self childf /\ UInt64.to_int v < leastvar'0 childt /\ UInt64.to_int v < leastvar'0 childf + /\ is_valid_bdd'0 self childf /\ UInt64.to_uint v < leastvar'0 childt /\ UInt64.to_uint v < leastvar'0 childf end + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 + + use prelude.prelude.UInt64 + + function cmp_log'0 (self : UInt64.t) (o : UInt64.t) : t_Ordering'0 = + [%#sord40] if UInt64.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + + function eq_cmp'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom eq_cmp'0_spec : forall x : UInt64.t, y : UInt64.t . [%#sord39] (x = y) = (cmp_log'0 x y = C_Equal'0) + + function antisym2'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom antisym2'0_spec : forall x : UInt64.t, y : UInt64.t . ([%#sord37] cmp_log'0 x y = C_Greater'0) + -> ([%#sord38] cmp_log'0 y x = C_Less'0) + + function antisym1'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom antisym1'0_spec : forall x : UInt64.t, y : UInt64.t . ([%#sord35] cmp_log'0 x y = C_Less'0) + -> ([%#sord36] cmp_log'0 y x = C_Greater'0) + + function trans'0 (x : UInt64.t) (y : UInt64.t) (z : UInt64.t) (o : t_Ordering'0) : () + + axiom trans'0_spec : forall x : UInt64.t, y : UInt64.t, z : UInt64.t, o : t_Ordering'0 . ([%#sord32] cmp_log'0 x y + = o) -> ([%#sord33] cmp_log'0 y z = o) -> ([%#sord34] cmp_log'0 x z = o) + + function refl'0 (x : UInt64.t) : () + + axiom refl'0_spec : forall x : UInt64.t . [%#sord31] cmp_log'0 x x = C_Equal'0 + + use prelude.prelude.UInt64 + + function cmp_gt_log'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom cmp_gt_log'0_spec : forall x : UInt64.t, y : UInt64.t . [%#sord30] UInt64.ugt x y + = (cmp_log'0 x y = C_Greater'0) + + use prelude.prelude.UInt64 + + function cmp_ge_log'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom cmp_ge_log'0_spec : forall x : UInt64.t, y : UInt64.t . [%#sord29] UInt64.uge x y = (cmp_log'0 x y <> C_Less'0) + + function cmp_lt_log'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom cmp_lt_log'0_spec : forall x : UInt64.t, y : UInt64.t . [%#sord28] UInt64.ult x y = (cmp_log'0 x y = C_Less'0) + + use prelude.prelude.UInt64 + + function cmp_le_log'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom cmp_le_log'0_spec : forall x : UInt64.t, y : UInt64.t . [%#sord27] UInt64.ule x y + = (cmp_log'0 x y <> C_Greater'0) + use prelude.prelude.Snapshot use map.Map @@ -2411,7 +2853,7 @@ module M_bdd__qyi11078426090797403070__node [#"bdd.rs" 471 4 471 87] (* Context< use map.Map - function interp'0 [#"bdd.rs" 212 4 212 53] (self : t_Bdd'0) (vars : Map.map uint64 bool) : bool = + function interp'0 [#"bdd.rs" 212 4 212 53] (self : t_Bdd'0) (vars : Map.map UInt64.t bool) : bool = [%#sbdd17] match self with | {t_Bdd__0'0 = C_True'0} -> true | {t_Bdd__0'0 = C_False'0} -> false @@ -2420,13 +2862,13 @@ module M_bdd__qyi11078426090797403070__node [#"bdd.rs" 471 4 471 87] (* Context< use map.Map - function view'6 [#"bdd.rs" 49 8 49 37] (self : t_MyHashMap'1) : Map.map uint64 (t_Option'0) + function view'6 [#"bdd.rs" 49 8 49 37] (self : t_MyHashMap'1) : Map.map UInt64.t (t_Option'0) use map.Map use map.Map - function view'7 [#"bdd.rs" 49 8 49 37] (self : t_MyHashMap'2) : Map.map (uint64, uint64) (t_Option'0) + function view'7 [#"bdd.rs" 49 8 49 37] (self : t_MyHashMap'2) : Map.map (UInt64.t, UInt64.t) (t_Option'0) use map.Map @@ -2434,18 +2876,18 @@ module M_bdd__qyi11078426090797403070__node [#"bdd.rs" 471 4 471 87] (* Context< [%#sbdd23] (forall n : t_NodeLog'0 . match Map.get (view'1 self.t_Context__hashcons'0) n with | C_Some'0 b -> view'2 b.t_Bdd__0'0 = n /\ is_valid_node'0 self b.t_Bdd__0'0 - /\ b.t_Bdd__1'0 < self.t_Context__cnt'0 + /\ UInt64.ult b.t_Bdd__1'0 self.t_Context__cnt'0 /\ Map.get (Snapshot.inner self.t_Context__hashcons_ghost'0) b.t_Bdd__1'0 = b.t_Bdd__0'0 | C_None'0 -> true end) - /\ (forall bm : uint64 . match Map.get (view'6 self.t_Context__not_memo'0) bm with + /\ (forall bm : UInt64.t . match Map.get (view'6 self.t_Context__not_memo'0) bm with | C_None'0 -> true | C_Some'0 n -> let b = { t_Bdd__0'0 = Map.get (Snapshot.inner self.t_Context__hashcons_ghost'0) bm; t_Bdd__1'0 = bm } in is_valid_bdd'0 self n /\ is_valid_bdd'0 self b /\ (forall v : Map.map UInt64.t bool . interp'0 n v = (not interp'0 b v)) /\ leastvar'0 b <= leastvar'0 n end) - /\ (forall abm : (uint64, uint64) . match Map.get (view'7 self.t_Context__and_memo'0) abm with + /\ (forall abm : (UInt64.t, UInt64.t) . match Map.get (view'7 self.t_Context__and_memo'0) abm with | C_None'0 -> true | C_Some'0 n -> let a = { t_Bdd__0'0 = Map.get (Snapshot.inner self.t_Context__hashcons_ghost'0) (let (a, _) = abm in a); t_Bdd__1'0 = (let (a, _) = abm in a) } in let b = { t_Bdd__0'0 = Map.get (Snapshot.inner self.t_Context__hashcons_ghost'0) (let (_, a) = abm in a); @@ -2478,7 +2920,7 @@ module M_bdd__qyi11078426090797403070__node [#"bdd.rs" 471 4 471 87] (* Context< resolve'1 _1 predicate grows'0 [#"bdd.rs" 299 4 299 35] (self : borrowed (t_Context'0)) = - [%#sbdd16] UInt64.to_int (self.current).t_Context__cnt'0 <= UInt64.to_int (self.final).t_Context__cnt'0 + [%#sbdd16] UInt64.to_uint (self.current).t_Context__cnt'0 <= UInt64.to_uint (self.final).t_Context__cnt'0 /\ (forall n : t_NodeLog'0 . match Map.get (view'1 (self.current).t_Context__hashcons'0) n with | C_Some'0 b -> Map.get (view'1 (self.final).t_Context__hashcons'0) n = C_Some'0 b | C_None'0 -> true @@ -2497,10 +2939,10 @@ module M_bdd__qyi11078426090797403070__node [#"bdd.rs" 471 4 471 87] (* Context< meta "compute_max_steps" 1000000 - let rec node'0 (self:borrowed (t_Context'0)) (x:uint64) (childt:t_Bdd'0) (childf:t_Bdd'0) (return' (ret:t_Bdd'0))= {[@expl:node 'self' type invariant] [%#sbdd0] inv'0 self} + let rec node'0 (self:borrowed (t_Context'0)) (x:UInt64.t) (childt:t_Bdd'0) (childf:t_Bdd'0) (return' (ret:t_Bdd'0))= {[@expl:node 'self' type invariant] [%#sbdd0] inv'0 self} {[@expl:node requires #0] [%#sbdd1] is_valid_bdd'0 self.current childt} {[@expl:node requires #1] [%#sbdd2] is_valid_bdd'0 self.current childf} - {[@expl:node requires #2] [%#sbdd3] UInt64.to_int x < leastvar'0 childt /\ UInt64.to_int x < leastvar'0 childf} + {[@expl:node requires #2] [%#sbdd3] UInt64.to_uint x < leastvar'0 childt /\ UInt64.to_uint x < leastvar'0 childf} (! bb0 [ bb0 = s0 [ s0 = eq'0 {childt} {childf} (fun (_ret':bool) -> [ &_13 <- _ret' ] s1) | s1 = bb1 ] | bb1 = any [ br0 -> {_13 = false} (! bb3) | br1 -> {_13} (! bb2) ] @@ -2527,7 +2969,7 @@ module M_bdd__qyi11078426090797403070__node [#"bdd.rs" 471 4 471 87] (* Context< ) [ & _0 : t_Bdd'0 = any_l () | & self : borrowed (t_Context'0) = self - | & x : uint64 = x + | & x : UInt64.t = x | & childt : t_Bdd'0 = childt | & childf : t_Bdd'0 = childf | & _13 : bool = any_l () @@ -2536,9 +2978,9 @@ module M_bdd__qyi11078426090797403070__node [#"bdd.rs" 471 4 471 87] (* Context< [ return' (result:t_Bdd'0)-> {[@expl:node ensures #0] [%#sbdd4] grows'0 self} {[@expl:node ensures #1] [%#sbdd5] is_valid_bdd'0 self.final result} - {[@expl:node ensures #2] [%#sbdd6] forall v : Map.map uint64 bool . interp'0 result v + {[@expl:node ensures #2] [%#sbdd6] forall v : Map.map UInt64.t bool . interp'0 result v = (if Map.get v x then interp'0 childt v else interp'0 childf v)} - {[@expl:node ensures #3] [%#sbdd7] UInt64.to_int x <= leastvar'0 result} + {[@expl:node ensures #3] [%#sbdd7] UInt64.to_uint x <= leastvar'0 result} (! return' {result}) ] end @@ -2564,19 +3006,35 @@ module M_bdd__qyi11078426090797403070__trueqy95z [#"bdd.rs" 482 4 482 42] (* Con let%span sinvariant18 = "../../../creusot-contracts/src/invariant.rs" 34 20 34 44 let%span sbdd19 = "bdd.rs" 179 20 179 37 let%span sbdd20 = "bdd.rs" 163 12 167 13 + let%span sord21 = "../../../creusot-contracts/src/logic/ord.rs" 78 39 78 89 + let%span sord22 = "../../../creusot-contracts/src/logic/ord.rs" 83 39 83 86 + let%span sord23 = "../../../creusot-contracts/src/logic/ord.rs" 88 39 88 86 + let%span sord24 = "../../../creusot-contracts/src/logic/ord.rs" 93 39 93 89 + let%span sord25 = "../../../creusot-contracts/src/logic/ord.rs" 98 39 98 70 + let%span sord26 = "../../../creusot-contracts/src/logic/ord.rs" 103 40 103 57 + let%span sord27 = "../../../creusot-contracts/src/logic/ord.rs" 104 40 104 57 + let%span sord28 = "../../../creusot-contracts/src/logic/ord.rs" 105 39 105 56 + let%span sord29 = "../../../creusot-contracts/src/logic/ord.rs" 110 40 110 70 + let%span sord30 = "../../../creusot-contracts/src/logic/ord.rs" 111 39 111 72 + let%span sord31 = "../../../creusot-contracts/src/logic/ord.rs" 116 40 116 73 + let%span sord32 = "../../../creusot-contracts/src/logic/ord.rs" 117 39 117 69 + let%span sord33 = "../../../creusot-contracts/src/logic/ord.rs" 122 39 122 84 + let%span sord34 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 use prelude.prelude.Borrow type t_MyHashMap'0 + use prelude.prelude.Int + use prelude.prelude.UInt64 type t_Bdd'0 = - { t_Bdd__0'0: t_Node'0; t_Bdd__1'0: uint64 } + { t_Bdd__0'0: t_Node'0; t_Bdd__1'0: UInt64.t } with t_Node'0 = | C_False'0 | C_True'0 - | C_If'0 uint64 (t_Bdd'0) (t_Bdd'0) + | C_If'0 UInt64.t (t_Bdd'0) (t_Bdd'0) use map.Map @@ -2589,15 +3047,15 @@ module M_bdd__qyi11078426090797403070__trueqy95z [#"bdd.rs" 482 4 482 42] (* Con type t_Context'0 = { t_Context__alloc'0: (); t_Context__hashcons'0: t_MyHashMap'0; - t_Context__hashcons_ghost'0: Snapshot.snap_ty (Map.map uint64 (t_Node'0)); + t_Context__hashcons_ghost'0: Snapshot.snap_ty (Map.map UInt64.t (t_Node'0)); t_Context__not_memo'0: t_MyHashMap'1; t_Context__and_memo'0: t_MyHashMap'2; - t_Context__cnt'0: uint64 } + t_Context__cnt'0: UInt64.t } type t_NodeLog'0 = | C_False'1 | C_True'1 - | C_If'1 uint64 uint64 uint64 + | C_If'1 UInt64.t UInt64.t UInt64.t type t_Option'0 = | C_None'0 @@ -2627,17 +3085,15 @@ module M_bdd__qyi11078426090797403070__trueqy95z [#"bdd.rs" 482 4 482 42] (* Con use prelude.prelude.UInt64 - use prelude.prelude.Int - - constant v_MAX'0 : uint64 = (18446744073709551615 : uint64) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - function view'2 (self : uint64) : int = - [%#smodel16] UInt64.to_int self + function view'2 (self : UInt64.t) : int = + [%#smodel16] UInt64.to_uint self function leastvar'0 [#"bdd.rs" 242 4 242 28] (self : t_Bdd'0) : int = [%#sbdd13] match self with - | {t_Bdd__0'0 = C_True'0} -> UInt64.to_int (v_MAX'0 : uint64) + 1 - | {t_Bdd__0'0 = C_False'0} -> UInt64.to_int (v_MAX'0 : uint64) + 1 + | {t_Bdd__0'0 = C_True'0} -> UInt64.to_uint (v_MAX'0 : UInt64.t) + 1 + | {t_Bdd__0'0 = C_False'0} -> UInt64.to_uint (v_MAX'0 : UInt64.t) + 1 | {t_Bdd__0'0 = C_If'0 v _ _} -> view'2 v end @@ -2647,9 +3103,66 @@ module M_bdd__qyi11078426090797403070__trueqy95z [#"bdd.rs" 482 4 482 42] (* Con | C_False'0 -> true | C_If'0 v childt childf -> childt.t_Bdd__0'0 <> childf.t_Bdd__0'0 /\ is_valid_bdd'0 self childt - /\ is_valid_bdd'0 self childf /\ UInt64.to_int v < leastvar'0 childt /\ UInt64.to_int v < leastvar'0 childf + /\ is_valid_bdd'0 self childf /\ UInt64.to_uint v < leastvar'0 childt /\ UInt64.to_uint v < leastvar'0 childf end + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 + + use prelude.prelude.UInt64 + + function cmp_log'0 (self : UInt64.t) (o : UInt64.t) : t_Ordering'0 = + [%#sord34] if UInt64.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + + function eq_cmp'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom eq_cmp'0_spec : forall x : UInt64.t, y : UInt64.t . [%#sord33] (x = y) = (cmp_log'0 x y = C_Equal'0) + + function antisym2'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom antisym2'0_spec : forall x : UInt64.t, y : UInt64.t . ([%#sord31] cmp_log'0 x y = C_Greater'0) + -> ([%#sord32] cmp_log'0 y x = C_Less'0) + + function antisym1'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom antisym1'0_spec : forall x : UInt64.t, y : UInt64.t . ([%#sord29] cmp_log'0 x y = C_Less'0) + -> ([%#sord30] cmp_log'0 y x = C_Greater'0) + + function trans'0 (x : UInt64.t) (y : UInt64.t) (z : UInt64.t) (o : t_Ordering'0) : () + + axiom trans'0_spec : forall x : UInt64.t, y : UInt64.t, z : UInt64.t, o : t_Ordering'0 . ([%#sord26] cmp_log'0 x y + = o) -> ([%#sord27] cmp_log'0 y z = o) -> ([%#sord28] cmp_log'0 x z = o) + + function refl'0 (x : UInt64.t) : () + + axiom refl'0_spec : forall x : UInt64.t . [%#sord25] cmp_log'0 x x = C_Equal'0 + + use prelude.prelude.UInt64 + + function cmp_gt_log'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom cmp_gt_log'0_spec : forall x : UInt64.t, y : UInt64.t . [%#sord24] UInt64.ugt x y + = (cmp_log'0 x y = C_Greater'0) + + use prelude.prelude.UInt64 + + function cmp_ge_log'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom cmp_ge_log'0_spec : forall x : UInt64.t, y : UInt64.t . [%#sord23] UInt64.uge x y = (cmp_log'0 x y <> C_Less'0) + + function cmp_lt_log'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom cmp_lt_log'0_spec : forall x : UInt64.t, y : UInt64.t . [%#sord22] UInt64.ult x y = (cmp_log'0 x y = C_Less'0) + + use prelude.prelude.UInt64 + + function cmp_le_log'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom cmp_le_log'0_spec : forall x : UInt64.t, y : UInt64.t . [%#sord21] UInt64.ule x y + = (cmp_log'0 x y <> C_Greater'0) + use prelude.prelude.Snapshot use map.Map @@ -2658,7 +3171,7 @@ module M_bdd__qyi11078426090797403070__trueqy95z [#"bdd.rs" 482 4 482 42] (* Con use map.Map - function interp'0 [#"bdd.rs" 212 4 212 53] (self : t_Bdd'0) (vars : Map.map uint64 bool) : bool = + function interp'0 [#"bdd.rs" 212 4 212 53] (self : t_Bdd'0) (vars : Map.map UInt64.t bool) : bool = [%#sbdd12] match self with | {t_Bdd__0'0 = C_True'0} -> true | {t_Bdd__0'0 = C_False'0} -> false @@ -2667,13 +3180,13 @@ module M_bdd__qyi11078426090797403070__trueqy95z [#"bdd.rs" 482 4 482 42] (* Con use map.Map - function view'4 [#"bdd.rs" 49 8 49 37] (self : t_MyHashMap'1) : Map.map uint64 (t_Option'0) + function view'4 [#"bdd.rs" 49 8 49 37] (self : t_MyHashMap'1) : Map.map UInt64.t (t_Option'0) use map.Map use map.Map - function view'5 [#"bdd.rs" 49 8 49 37] (self : t_MyHashMap'2) : Map.map (uint64, uint64) (t_Option'0) + function view'5 [#"bdd.rs" 49 8 49 37] (self : t_MyHashMap'2) : Map.map (UInt64.t, UInt64.t) (t_Option'0) use map.Map @@ -2681,18 +3194,18 @@ module M_bdd__qyi11078426090797403070__trueqy95z [#"bdd.rs" 482 4 482 42] (* Con [%#sbdd17] (forall n : t_NodeLog'0 . match Map.get (view'0 self.t_Context__hashcons'0) n with | C_Some'0 b -> view'1 b.t_Bdd__0'0 = n /\ is_valid_node'0 self b.t_Bdd__0'0 - /\ b.t_Bdd__1'0 < self.t_Context__cnt'0 + /\ UInt64.ult b.t_Bdd__1'0 self.t_Context__cnt'0 /\ Map.get (Snapshot.inner self.t_Context__hashcons_ghost'0) b.t_Bdd__1'0 = b.t_Bdd__0'0 | C_None'0 -> true end) - /\ (forall bm : uint64 . match Map.get (view'4 self.t_Context__not_memo'0) bm with + /\ (forall bm : UInt64.t . match Map.get (view'4 self.t_Context__not_memo'0) bm with | C_None'0 -> true | C_Some'0 n -> let b = { t_Bdd__0'0 = Map.get (Snapshot.inner self.t_Context__hashcons_ghost'0) bm; t_Bdd__1'0 = bm } in is_valid_bdd'0 self n /\ is_valid_bdd'0 self b /\ (forall v : Map.map UInt64.t bool . interp'0 n v = (not interp'0 b v)) /\ leastvar'0 b <= leastvar'0 n end) - /\ (forall abm : (uint64, uint64) . match Map.get (view'5 self.t_Context__and_memo'0) abm with + /\ (forall abm : (UInt64.t, UInt64.t) . match Map.get (view'5 self.t_Context__and_memo'0) abm with | C_None'0 -> true | C_Some'0 n -> let a = { t_Bdd__0'0 = Map.get (Snapshot.inner self.t_Context__hashcons_ghost'0) (let (a, _) = abm in a); t_Bdd__1'0 = (let (a, _) = abm in a) } in let b = { t_Bdd__0'0 = Map.get (Snapshot.inner self.t_Context__hashcons_ghost'0) (let (_, a) = abm in a); @@ -2719,7 +3232,7 @@ module M_bdd__qyi11078426090797403070__trueqy95z [#"bdd.rs" 482 4 482 42] (* Con axiom inv_axiom'1 [@rewrite] : forall x : borrowed (t_Context'0) [inv'1 x] . inv'1 x = invariant'1 x predicate grows'0 [#"bdd.rs" 299 4 299 35] (self : borrowed (t_Context'0)) = - [%#sbdd10] UInt64.to_int (self.current).t_Context__cnt'0 <= UInt64.to_int (self.final).t_Context__cnt'0 + [%#sbdd10] UInt64.to_uint (self.current).t_Context__cnt'0 <= UInt64.to_uint (self.final).t_Context__cnt'0 /\ (forall n : t_NodeLog'0 . match Map.get (view'0 (self.current).t_Context__hashcons'0) n with | C_Some'0 b -> Map.get (view'0 (self.final).t_Context__hashcons'0) n = C_Some'0 b | C_None'0 -> true @@ -2767,8 +3280,8 @@ module M_bdd__qyi11078426090797403070__trueqy95z [#"bdd.rs" 482 4 482 42] (* Con [ return' (result:t_Bdd'0)-> {[@expl:true_ ensures #0] [%#sbdd1] grows'0 self} {[@expl:true_ ensures #1] [%#sbdd2] is_valid_bdd'0 self.final result} - {[@expl:true_ ensures #2] [%#sbdd3] forall v : Map.map uint64 bool . interp'0 result v} - {[@expl:true_ ensures #3] [%#sbdd4] UInt64.to_int (v_MAX'0 : uint64) + 1 = leastvar'0 result} + {[@expl:true_ ensures #2] [%#sbdd3] forall v : Map.map UInt64.t bool . interp'0 result v} + {[@expl:true_ ensures #3] [%#sbdd4] UInt64.to_uint (v_MAX'0 : UInt64.t) + 1 = leastvar'0 result} (! return' {result}) ] end @@ -2794,19 +3307,35 @@ module M_bdd__qyi11078426090797403070__falseqy95z [#"bdd.rs" 490 4 490 43] (* Co let%span sinvariant18 = "../../../creusot-contracts/src/invariant.rs" 34 20 34 44 let%span sbdd19 = "bdd.rs" 179 20 179 37 let%span sbdd20 = "bdd.rs" 163 12 167 13 + let%span sord21 = "../../../creusot-contracts/src/logic/ord.rs" 78 39 78 89 + let%span sord22 = "../../../creusot-contracts/src/logic/ord.rs" 83 39 83 86 + let%span sord23 = "../../../creusot-contracts/src/logic/ord.rs" 88 39 88 86 + let%span sord24 = "../../../creusot-contracts/src/logic/ord.rs" 93 39 93 89 + let%span sord25 = "../../../creusot-contracts/src/logic/ord.rs" 98 39 98 70 + let%span sord26 = "../../../creusot-contracts/src/logic/ord.rs" 103 40 103 57 + let%span sord27 = "../../../creusot-contracts/src/logic/ord.rs" 104 40 104 57 + let%span sord28 = "../../../creusot-contracts/src/logic/ord.rs" 105 39 105 56 + let%span sord29 = "../../../creusot-contracts/src/logic/ord.rs" 110 40 110 70 + let%span sord30 = "../../../creusot-contracts/src/logic/ord.rs" 111 39 111 72 + let%span sord31 = "../../../creusot-contracts/src/logic/ord.rs" 116 40 116 73 + let%span sord32 = "../../../creusot-contracts/src/logic/ord.rs" 117 39 117 69 + let%span sord33 = "../../../creusot-contracts/src/logic/ord.rs" 122 39 122 84 + let%span sord34 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 use prelude.prelude.Borrow type t_MyHashMap'0 + use prelude.prelude.Int + use prelude.prelude.UInt64 type t_Bdd'0 = - { t_Bdd__0'0: t_Node'0; t_Bdd__1'0: uint64 } + { t_Bdd__0'0: t_Node'0; t_Bdd__1'0: UInt64.t } with t_Node'0 = | C_False'0 | C_True'0 - | C_If'0 uint64 (t_Bdd'0) (t_Bdd'0) + | C_If'0 UInt64.t (t_Bdd'0) (t_Bdd'0) use map.Map @@ -2819,15 +3348,15 @@ module M_bdd__qyi11078426090797403070__falseqy95z [#"bdd.rs" 490 4 490 43] (* Co type t_Context'0 = { t_Context__alloc'0: (); t_Context__hashcons'0: t_MyHashMap'0; - t_Context__hashcons_ghost'0: Snapshot.snap_ty (Map.map uint64 (t_Node'0)); + t_Context__hashcons_ghost'0: Snapshot.snap_ty (Map.map UInt64.t (t_Node'0)); t_Context__not_memo'0: t_MyHashMap'1; t_Context__and_memo'0: t_MyHashMap'2; - t_Context__cnt'0: uint64 } + t_Context__cnt'0: UInt64.t } type t_NodeLog'0 = | C_False'1 | C_True'1 - | C_If'1 uint64 uint64 uint64 + | C_If'1 UInt64.t UInt64.t UInt64.t type t_Option'0 = | C_None'0 @@ -2857,17 +3386,15 @@ module M_bdd__qyi11078426090797403070__falseqy95z [#"bdd.rs" 490 4 490 43] (* Co use prelude.prelude.UInt64 - use prelude.prelude.Int - - constant v_MAX'0 : uint64 = (18446744073709551615 : uint64) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - function view'2 (self : uint64) : int = - [%#smodel16] UInt64.to_int self + function view'2 (self : UInt64.t) : int = + [%#smodel16] UInt64.to_uint self function leastvar'0 [#"bdd.rs" 242 4 242 28] (self : t_Bdd'0) : int = [%#sbdd13] match self with - | {t_Bdd__0'0 = C_True'0} -> UInt64.to_int (v_MAX'0 : uint64) + 1 - | {t_Bdd__0'0 = C_False'0} -> UInt64.to_int (v_MAX'0 : uint64) + 1 + | {t_Bdd__0'0 = C_True'0} -> UInt64.to_uint (v_MAX'0 : UInt64.t) + 1 + | {t_Bdd__0'0 = C_False'0} -> UInt64.to_uint (v_MAX'0 : UInt64.t) + 1 | {t_Bdd__0'0 = C_If'0 v _ _} -> view'2 v end @@ -2877,9 +3404,66 @@ module M_bdd__qyi11078426090797403070__falseqy95z [#"bdd.rs" 490 4 490 43] (* Co | C_False'0 -> true | C_If'0 v childt childf -> childt.t_Bdd__0'0 <> childf.t_Bdd__0'0 /\ is_valid_bdd'0 self childt - /\ is_valid_bdd'0 self childf /\ UInt64.to_int v < leastvar'0 childt /\ UInt64.to_int v < leastvar'0 childf + /\ is_valid_bdd'0 self childf /\ UInt64.to_uint v < leastvar'0 childt /\ UInt64.to_uint v < leastvar'0 childf end + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 + + use prelude.prelude.UInt64 + + function cmp_log'0 (self : UInt64.t) (o : UInt64.t) : t_Ordering'0 = + [%#sord34] if UInt64.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + + function eq_cmp'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom eq_cmp'0_spec : forall x : UInt64.t, y : UInt64.t . [%#sord33] (x = y) = (cmp_log'0 x y = C_Equal'0) + + function antisym2'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom antisym2'0_spec : forall x : UInt64.t, y : UInt64.t . ([%#sord31] cmp_log'0 x y = C_Greater'0) + -> ([%#sord32] cmp_log'0 y x = C_Less'0) + + function antisym1'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom antisym1'0_spec : forall x : UInt64.t, y : UInt64.t . ([%#sord29] cmp_log'0 x y = C_Less'0) + -> ([%#sord30] cmp_log'0 y x = C_Greater'0) + + function trans'0 (x : UInt64.t) (y : UInt64.t) (z : UInt64.t) (o : t_Ordering'0) : () + + axiom trans'0_spec : forall x : UInt64.t, y : UInt64.t, z : UInt64.t, o : t_Ordering'0 . ([%#sord26] cmp_log'0 x y + = o) -> ([%#sord27] cmp_log'0 y z = o) -> ([%#sord28] cmp_log'0 x z = o) + + function refl'0 (x : UInt64.t) : () + + axiom refl'0_spec : forall x : UInt64.t . [%#sord25] cmp_log'0 x x = C_Equal'0 + + use prelude.prelude.UInt64 + + function cmp_gt_log'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom cmp_gt_log'0_spec : forall x : UInt64.t, y : UInt64.t . [%#sord24] UInt64.ugt x y + = (cmp_log'0 x y = C_Greater'0) + + use prelude.prelude.UInt64 + + function cmp_ge_log'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom cmp_ge_log'0_spec : forall x : UInt64.t, y : UInt64.t . [%#sord23] UInt64.uge x y = (cmp_log'0 x y <> C_Less'0) + + function cmp_lt_log'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom cmp_lt_log'0_spec : forall x : UInt64.t, y : UInt64.t . [%#sord22] UInt64.ult x y = (cmp_log'0 x y = C_Less'0) + + use prelude.prelude.UInt64 + + function cmp_le_log'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom cmp_le_log'0_spec : forall x : UInt64.t, y : UInt64.t . [%#sord21] UInt64.ule x y + = (cmp_log'0 x y <> C_Greater'0) + use prelude.prelude.Snapshot use map.Map @@ -2888,7 +3472,7 @@ module M_bdd__qyi11078426090797403070__falseqy95z [#"bdd.rs" 490 4 490 43] (* Co use map.Map - function interp'0 [#"bdd.rs" 212 4 212 53] (self : t_Bdd'0) (vars : Map.map uint64 bool) : bool = + function interp'0 [#"bdd.rs" 212 4 212 53] (self : t_Bdd'0) (vars : Map.map UInt64.t bool) : bool = [%#sbdd12] match self with | {t_Bdd__0'0 = C_True'0} -> true | {t_Bdd__0'0 = C_False'0} -> false @@ -2897,13 +3481,13 @@ module M_bdd__qyi11078426090797403070__falseqy95z [#"bdd.rs" 490 4 490 43] (* Co use map.Map - function view'4 [#"bdd.rs" 49 8 49 37] (self : t_MyHashMap'1) : Map.map uint64 (t_Option'0) + function view'4 [#"bdd.rs" 49 8 49 37] (self : t_MyHashMap'1) : Map.map UInt64.t (t_Option'0) use map.Map use map.Map - function view'5 [#"bdd.rs" 49 8 49 37] (self : t_MyHashMap'2) : Map.map (uint64, uint64) (t_Option'0) + function view'5 [#"bdd.rs" 49 8 49 37] (self : t_MyHashMap'2) : Map.map (UInt64.t, UInt64.t) (t_Option'0) use map.Map @@ -2911,18 +3495,18 @@ module M_bdd__qyi11078426090797403070__falseqy95z [#"bdd.rs" 490 4 490 43] (* Co [%#sbdd17] (forall n : t_NodeLog'0 . match Map.get (view'0 self.t_Context__hashcons'0) n with | C_Some'0 b -> view'1 b.t_Bdd__0'0 = n /\ is_valid_node'0 self b.t_Bdd__0'0 - /\ b.t_Bdd__1'0 < self.t_Context__cnt'0 + /\ UInt64.ult b.t_Bdd__1'0 self.t_Context__cnt'0 /\ Map.get (Snapshot.inner self.t_Context__hashcons_ghost'0) b.t_Bdd__1'0 = b.t_Bdd__0'0 | C_None'0 -> true end) - /\ (forall bm : uint64 . match Map.get (view'4 self.t_Context__not_memo'0) bm with + /\ (forall bm : UInt64.t . match Map.get (view'4 self.t_Context__not_memo'0) bm with | C_None'0 -> true | C_Some'0 n -> let b = { t_Bdd__0'0 = Map.get (Snapshot.inner self.t_Context__hashcons_ghost'0) bm; t_Bdd__1'0 = bm } in is_valid_bdd'0 self n /\ is_valid_bdd'0 self b /\ (forall v : Map.map UInt64.t bool . interp'0 n v = (not interp'0 b v)) /\ leastvar'0 b <= leastvar'0 n end) - /\ (forall abm : (uint64, uint64) . match Map.get (view'5 self.t_Context__and_memo'0) abm with + /\ (forall abm : (UInt64.t, UInt64.t) . match Map.get (view'5 self.t_Context__and_memo'0) abm with | C_None'0 -> true | C_Some'0 n -> let a = { t_Bdd__0'0 = Map.get (Snapshot.inner self.t_Context__hashcons_ghost'0) (let (a, _) = abm in a); t_Bdd__1'0 = (let (a, _) = abm in a) } in let b = { t_Bdd__0'0 = Map.get (Snapshot.inner self.t_Context__hashcons_ghost'0) (let (_, a) = abm in a); @@ -2949,7 +3533,7 @@ module M_bdd__qyi11078426090797403070__falseqy95z [#"bdd.rs" 490 4 490 43] (* Co axiom inv_axiom'1 [@rewrite] : forall x : borrowed (t_Context'0) [inv'1 x] . inv'1 x = invariant'1 x predicate grows'0 [#"bdd.rs" 299 4 299 35] (self : borrowed (t_Context'0)) = - [%#sbdd10] UInt64.to_int (self.current).t_Context__cnt'0 <= UInt64.to_int (self.final).t_Context__cnt'0 + [%#sbdd10] UInt64.to_uint (self.current).t_Context__cnt'0 <= UInt64.to_uint (self.final).t_Context__cnt'0 /\ (forall n : t_NodeLog'0 . match Map.get (view'0 (self.current).t_Context__hashcons'0) n with | C_Some'0 b -> Map.get (view'0 (self.final).t_Context__hashcons'0) n = C_Some'0 b | C_None'0 -> true @@ -2997,8 +3581,8 @@ module M_bdd__qyi11078426090797403070__falseqy95z [#"bdd.rs" 490 4 490 43] (* Co [ return' (result:t_Bdd'0)-> {[@expl:false_ ensures #0] [%#sbdd1] grows'0 self} {[@expl:false_ ensures #1] [%#sbdd2] is_valid_bdd'0 self.final result} - {[@expl:false_ ensures #2] [%#sbdd3] forall v : Map.map uint64 bool . not interp'0 result v} - {[@expl:false_ ensures #3] [%#sbdd4] UInt64.to_int (v_MAX'0 : uint64) + 1 = leastvar'0 result} + {[@expl:false_ ensures #2] [%#sbdd3] forall v : Map.map UInt64.t bool . not interp'0 result v} + {[@expl:false_ ensures #3] [%#sbdd4] UInt64.to_uint (v_MAX'0 : UInt64.t) + 1 = leastvar'0 result} (! return' {result}) ] end @@ -3036,19 +3620,35 @@ module M_bdd__qyi11078426090797403070__v [#"bdd.rs" 497 4 497 46] (* Context<'ar let%span sbdd30 = "bdd.rs" 179 20 179 37 let%span sbdd31 = "bdd.rs" 321 12 330 13 let%span sbdd32 = "bdd.rs" 163 12 167 13 + let%span sord33 = "../../../creusot-contracts/src/logic/ord.rs" 78 39 78 89 + let%span sord34 = "../../../creusot-contracts/src/logic/ord.rs" 83 39 83 86 + let%span sord35 = "../../../creusot-contracts/src/logic/ord.rs" 88 39 88 86 + let%span sord36 = "../../../creusot-contracts/src/logic/ord.rs" 93 39 93 89 + let%span sord37 = "../../../creusot-contracts/src/logic/ord.rs" 98 39 98 70 + let%span sord38 = "../../../creusot-contracts/src/logic/ord.rs" 103 40 103 57 + let%span sord39 = "../../../creusot-contracts/src/logic/ord.rs" 104 40 104 57 + let%span sord40 = "../../../creusot-contracts/src/logic/ord.rs" 105 39 105 56 + let%span sord41 = "../../../creusot-contracts/src/logic/ord.rs" 110 40 110 70 + let%span sord42 = "../../../creusot-contracts/src/logic/ord.rs" 111 39 111 72 + let%span sord43 = "../../../creusot-contracts/src/logic/ord.rs" 116 40 116 73 + let%span sord44 = "../../../creusot-contracts/src/logic/ord.rs" 117 39 117 69 + let%span sord45 = "../../../creusot-contracts/src/logic/ord.rs" 122 39 122 84 + let%span sord46 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 use prelude.prelude.Borrow type t_MyHashMap'0 + use prelude.prelude.Int + use prelude.prelude.UInt64 type t_Bdd'0 = - { t_Bdd__0'0: t_Node'0; t_Bdd__1'0: uint64 } + { t_Bdd__0'0: t_Node'0; t_Bdd__1'0: UInt64.t } with t_Node'0 = | C_False'0 | C_True'0 - | C_If'0 uint64 (t_Bdd'0) (t_Bdd'0) + | C_If'0 UInt64.t (t_Bdd'0) (t_Bdd'0) use map.Map @@ -3061,15 +3661,15 @@ module M_bdd__qyi11078426090797403070__v [#"bdd.rs" 497 4 497 46] (* Context<'ar type t_Context'0 = { t_Context__alloc'0: (); t_Context__hashcons'0: t_MyHashMap'0; - t_Context__hashcons_ghost'0: Snapshot.snap_ty (Map.map uint64 (t_Node'0)); + t_Context__hashcons_ghost'0: Snapshot.snap_ty (Map.map UInt64.t (t_Node'0)); t_Context__not_memo'0: t_MyHashMap'1; t_Context__and_memo'0: t_MyHashMap'2; - t_Context__cnt'0: uint64 } + t_Context__cnt'0: UInt64.t } type t_NodeLog'0 = | C_False'1 | C_True'1 - | C_If'1 uint64 uint64 uint64 + | C_If'1 UInt64.t UInt64.t UInt64.t type t_Option'0 = | C_None'0 @@ -3099,17 +3699,15 @@ module M_bdd__qyi11078426090797403070__v [#"bdd.rs" 497 4 497 46] (* Context<'ar use prelude.prelude.UInt64 - use prelude.prelude.Int - - constant v_MAX'0 : uint64 = (18446744073709551615 : uint64) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) function view'2 (self : UInt64.t) : int = - [%#smodel27] UInt64.to_int self + [%#smodel27] UInt64.to_uint self function leastvar'0 [#"bdd.rs" 242 4 242 28] (self : t_Bdd'0) : int = [%#sbdd25] match self with - | {t_Bdd__0'0 = C_True'0} -> UInt64.to_int (v_MAX'0 : uint64) + 1 - | {t_Bdd__0'0 = C_False'0} -> UInt64.to_int (v_MAX'0 : uint64) + 1 + | {t_Bdd__0'0 = C_True'0} -> UInt64.to_uint (v_MAX'0 : UInt64.t) + 1 + | {t_Bdd__0'0 = C_False'0} -> UInt64.to_uint (v_MAX'0 : UInt64.t) + 1 | {t_Bdd__0'0 = C_If'0 v _ _} -> view'2 v end @@ -3119,9 +3717,66 @@ module M_bdd__qyi11078426090797403070__v [#"bdd.rs" 497 4 497 46] (* Context<'ar | C_False'0 -> true | C_If'0 v childt childf -> childt.t_Bdd__0'0 <> childf.t_Bdd__0'0 /\ is_valid_bdd'0 self childt - /\ is_valid_bdd'0 self childf /\ UInt64.to_int v < leastvar'0 childt /\ UInt64.to_int v < leastvar'0 childf + /\ is_valid_bdd'0 self childf /\ UInt64.to_uint v < leastvar'0 childt /\ UInt64.to_uint v < leastvar'0 childf end + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 + + use prelude.prelude.UInt64 + + function cmp_log'0 (self : UInt64.t) (o : UInt64.t) : t_Ordering'0 = + [%#sord46] if UInt64.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + + function eq_cmp'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom eq_cmp'0_spec : forall x : UInt64.t, y : UInt64.t . [%#sord45] (x = y) = (cmp_log'0 x y = C_Equal'0) + + function antisym2'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom antisym2'0_spec : forall x : UInt64.t, y : UInt64.t . ([%#sord43] cmp_log'0 x y = C_Greater'0) + -> ([%#sord44] cmp_log'0 y x = C_Less'0) + + function antisym1'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom antisym1'0_spec : forall x : UInt64.t, y : UInt64.t . ([%#sord41] cmp_log'0 x y = C_Less'0) + -> ([%#sord42] cmp_log'0 y x = C_Greater'0) + + function trans'0 (x : UInt64.t) (y : UInt64.t) (z : UInt64.t) (o : t_Ordering'0) : () + + axiom trans'0_spec : forall x : UInt64.t, y : UInt64.t, z : UInt64.t, o : t_Ordering'0 . ([%#sord38] cmp_log'0 x y + = o) -> ([%#sord39] cmp_log'0 y z = o) -> ([%#sord40] cmp_log'0 x z = o) + + function refl'0 (x : UInt64.t) : () + + axiom refl'0_spec : forall x : UInt64.t . [%#sord37] cmp_log'0 x x = C_Equal'0 + + use prelude.prelude.UInt64 + + function cmp_gt_log'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom cmp_gt_log'0_spec : forall x : UInt64.t, y : UInt64.t . [%#sord36] UInt64.ugt x y + = (cmp_log'0 x y = C_Greater'0) + + use prelude.prelude.UInt64 + + function cmp_ge_log'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom cmp_ge_log'0_spec : forall x : UInt64.t, y : UInt64.t . [%#sord35] UInt64.uge x y = (cmp_log'0 x y <> C_Less'0) + + function cmp_lt_log'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom cmp_lt_log'0_spec : forall x : UInt64.t, y : UInt64.t . [%#sord34] UInt64.ult x y = (cmp_log'0 x y = C_Less'0) + + use prelude.prelude.UInt64 + + function cmp_le_log'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom cmp_le_log'0_spec : forall x : UInt64.t, y : UInt64.t . [%#sord33] UInt64.ule x y + = (cmp_log'0 x y <> C_Greater'0) + use prelude.prelude.Snapshot use map.Map @@ -3130,7 +3785,7 @@ module M_bdd__qyi11078426090797403070__v [#"bdd.rs" 497 4 497 46] (* Context<'ar use map.Map - function interp'0 [#"bdd.rs" 212 4 212 53] (self : t_Bdd'0) (vars : Map.map uint64 bool) : bool = + function interp'0 [#"bdd.rs" 212 4 212 53] (self : t_Bdd'0) (vars : Map.map UInt64.t bool) : bool = [%#sbdd24] match self with | {t_Bdd__0'0 = C_True'0} -> true | {t_Bdd__0'0 = C_False'0} -> false @@ -3139,13 +3794,13 @@ module M_bdd__qyi11078426090797403070__v [#"bdd.rs" 497 4 497 46] (* Context<'ar use map.Map - function view'4 [#"bdd.rs" 49 8 49 37] (self : t_MyHashMap'1) : Map.map uint64 (t_Option'0) + function view'4 [#"bdd.rs" 49 8 49 37] (self : t_MyHashMap'1) : Map.map UInt64.t (t_Option'0) use map.Map use map.Map - function view'5 [#"bdd.rs" 49 8 49 37] (self : t_MyHashMap'2) : Map.map (uint64, uint64) (t_Option'0) + function view'5 [#"bdd.rs" 49 8 49 37] (self : t_MyHashMap'2) : Map.map (UInt64.t, UInt64.t) (t_Option'0) use map.Map @@ -3153,18 +3808,18 @@ module M_bdd__qyi11078426090797403070__v [#"bdd.rs" 497 4 497 46] (* Context<'ar [%#sbdd28] (forall n : t_NodeLog'0 . match Map.get (view'0 self.t_Context__hashcons'0) n with | C_Some'0 b -> view'1 b.t_Bdd__0'0 = n /\ is_valid_node'0 self b.t_Bdd__0'0 - /\ b.t_Bdd__1'0 < self.t_Context__cnt'0 + /\ UInt64.ult b.t_Bdd__1'0 self.t_Context__cnt'0 /\ Map.get (Snapshot.inner self.t_Context__hashcons_ghost'0) b.t_Bdd__1'0 = b.t_Bdd__0'0 | C_None'0 -> true end) - /\ (forall bm : uint64 . match Map.get (view'4 self.t_Context__not_memo'0) bm with + /\ (forall bm : UInt64.t . match Map.get (view'4 self.t_Context__not_memo'0) bm with | C_None'0 -> true | C_Some'0 n -> let b = { t_Bdd__0'0 = Map.get (Snapshot.inner self.t_Context__hashcons_ghost'0) bm; t_Bdd__1'0 = bm } in is_valid_bdd'0 self n /\ is_valid_bdd'0 self b /\ (forall v : Map.map UInt64.t bool . interp'0 n v = (not interp'0 b v)) /\ leastvar'0 b <= leastvar'0 n end) - /\ (forall abm : (uint64, uint64) . match Map.get (view'5 self.t_Context__and_memo'0) abm with + /\ (forall abm : (UInt64.t, UInt64.t) . match Map.get (view'5 self.t_Context__and_memo'0) abm with | C_None'0 -> true | C_Some'0 n -> let a = { t_Bdd__0'0 = Map.get (Snapshot.inner self.t_Context__hashcons_ghost'0) (let (a, _) = abm in a); t_Bdd__1'0 = (let (a, _) = abm in a) } in let b = { t_Bdd__0'0 = Map.get (Snapshot.inner self.t_Context__hashcons_ghost'0) (let (_, a) = abm in a); @@ -3191,7 +3846,7 @@ module M_bdd__qyi11078426090797403070__v [#"bdd.rs" 497 4 497 46] (* Context<'ar axiom inv_axiom'1 [@rewrite] : forall x : borrowed (t_Context'0) [inv'1 x] . inv'1 x = invariant'1 x predicate grows'0 [#"bdd.rs" 299 4 299 35] (self : borrowed (t_Context'0)) = - [%#sbdd22] UInt64.to_int (self.current).t_Context__cnt'0 <= UInt64.to_int (self.final).t_Context__cnt'0 + [%#sbdd22] UInt64.to_uint (self.current).t_Context__cnt'0 <= UInt64.to_uint (self.final).t_Context__cnt'0 /\ (forall n : t_NodeLog'0 . match Map.get (view'0 (self.current).t_Context__hashcons'0) n with | C_Some'0 b -> Map.get (view'0 (self.final).t_Context__hashcons'0) n = C_Some'0 b | C_None'0 -> true @@ -3201,8 +3856,8 @@ module M_bdd__qyi11078426090797403070__v [#"bdd.rs" 497 4 497 46] (* Context<'ar any [ return' (result:t_Bdd'0)-> {[%#sbdd5] grows'0 self} {[%#sbdd6] is_valid_bdd'0 self.final result} - {[%#sbdd7] forall v : Map.map uint64 bool . interp'0 result v} - {[%#sbdd8] UInt64.to_int (v_MAX'0 : uint64) + 1 = leastvar'0 result} + {[%#sbdd7] forall v : Map.map UInt64.t bool . interp'0 result v} + {[%#sbdd8] UInt64.to_uint (v_MAX'0 : UInt64.t) + 1 = leastvar'0 result} (! return' {result}) ] @@ -3210,21 +3865,21 @@ module M_bdd__qyi11078426090797403070__v [#"bdd.rs" 497 4 497 46] (* Context<'ar any [ return' (result:t_Bdd'0)-> {[%#sbdd10] grows'0 self} {[%#sbdd11] is_valid_bdd'0 self.final result} - {[%#sbdd12] forall v : Map.map uint64 bool . not interp'0 result v} - {[%#sbdd13] UInt64.to_int (v_MAX'0 : uint64) + 1 = leastvar'0 result} + {[%#sbdd12] forall v : Map.map UInt64.t bool . not interp'0 result v} + {[%#sbdd13] UInt64.to_uint (v_MAX'0 : UInt64.t) + 1 = leastvar'0 result} (! return' {result}) ] - let rec node'0 (self:borrowed (t_Context'0)) (x:uint64) (childt:t_Bdd'0) (childf:t_Bdd'0) (return' (ret:t_Bdd'0))= {[@expl:node 'self' type invariant] [%#sbdd14] inv'1 self} + let rec node'0 (self:borrowed (t_Context'0)) (x:UInt64.t) (childt:t_Bdd'0) (childf:t_Bdd'0) (return' (ret:t_Bdd'0))= {[@expl:node 'self' type invariant] [%#sbdd14] inv'1 self} {[@expl:node requires #0] [%#sbdd15] is_valid_bdd'0 self.current childt} {[@expl:node requires #1] [%#sbdd16] is_valid_bdd'0 self.current childf} - {[@expl:node requires #2] [%#sbdd17] UInt64.to_int x < leastvar'0 childt /\ UInt64.to_int x < leastvar'0 childf} + {[@expl:node requires #2] [%#sbdd17] UInt64.to_uint x < leastvar'0 childt /\ UInt64.to_uint x < leastvar'0 childf} any [ return' (result:t_Bdd'0)-> {[%#sbdd18] grows'0 self} {[%#sbdd19] is_valid_bdd'0 self.final result} - {[%#sbdd20] forall v : Map.map uint64 bool . interp'0 result v + {[%#sbdd20] forall v : Map.map UInt64.t bool . interp'0 result v = (if Map.get v x then interp'0 childt v else interp'0 childf v)} - {[%#sbdd21] UInt64.to_int x <= leastvar'0 result} + {[%#sbdd21] UInt64.to_uint x <= leastvar'0 result} (! return' {result}) ] @@ -3238,7 +3893,7 @@ module M_bdd__qyi11078426090797403070__v [#"bdd.rs" 497 4 497 46] (* Context<'ar meta "compute_max_steps" 1000000 - let rec v'0 (self:borrowed (t_Context'0)) (x:uint64) (return' (ret:t_Bdd'0))= {[@expl:v 'self' type invariant] [%#sbdd0] inv'1 self} + let rec v'0 (self:borrowed (t_Context'0)) (x:UInt64.t) (return' (ret:t_Bdd'0))= {[@expl:v 'self' type invariant] [%#sbdd0] inv'1 self} (! bb0 [ bb0 = s0 [ s0 = {inv'0 self.current} @@ -3277,7 +3932,7 @@ module M_bdd__qyi11078426090797403070__v [#"bdd.rs" 497 4 497 46] (* Context<'ar ) [ & _0 : t_Bdd'0 = any_l () | & self : borrowed (t_Context'0) = self - | & x : uint64 = x + | & x : UInt64.t = x | & t : t_Bdd'0 = any_l () | & _7 : borrowed (t_Context'0) = any_l () | & f : t_Bdd'0 = any_l () @@ -3286,7 +3941,7 @@ module M_bdd__qyi11078426090797403070__v [#"bdd.rs" 497 4 497 46] (* Context<'ar [ return' (result:t_Bdd'0)-> {[@expl:v ensures #0] [%#sbdd1] grows'0 self} {[@expl:v ensures #1] [%#sbdd2] is_valid_bdd'0 self.final result} - {[@expl:v ensures #2] [%#sbdd3] forall v : Map.map uint64 bool . interp'0 result v = Map.get v x} + {[@expl:v ensures #2] [%#sbdd3] forall v : Map.map UInt64.t bool . interp'0 result v = Map.get v x} (! return' {result}) ] end @@ -3338,19 +3993,35 @@ module M_bdd__qyi11078426090797403070__not [#"bdd.rs" 509 4 509 56] (* Context<' let%span sbdd44 = "bdd.rs" 179 20 179 37 let%span sbdd45 = "bdd.rs" 321 12 330 13 let%span sbdd46 = "bdd.rs" 163 12 167 13 + let%span sord47 = "../../../creusot-contracts/src/logic/ord.rs" 78 39 78 89 + let%span sord48 = "../../../creusot-contracts/src/logic/ord.rs" 83 39 83 86 + let%span sord49 = "../../../creusot-contracts/src/logic/ord.rs" 88 39 88 86 + let%span sord50 = "../../../creusot-contracts/src/logic/ord.rs" 93 39 93 89 + let%span sord51 = "../../../creusot-contracts/src/logic/ord.rs" 98 39 98 70 + let%span sord52 = "../../../creusot-contracts/src/logic/ord.rs" 103 40 103 57 + let%span sord53 = "../../../creusot-contracts/src/logic/ord.rs" 104 40 104 57 + let%span sord54 = "../../../creusot-contracts/src/logic/ord.rs" 105 39 105 56 + let%span sord55 = "../../../creusot-contracts/src/logic/ord.rs" 110 40 110 70 + let%span sord56 = "../../../creusot-contracts/src/logic/ord.rs" 111 39 111 72 + let%span sord57 = "../../../creusot-contracts/src/logic/ord.rs" 116 40 116 73 + let%span sord58 = "../../../creusot-contracts/src/logic/ord.rs" 117 39 117 69 + let%span sord59 = "../../../creusot-contracts/src/logic/ord.rs" 122 39 122 84 + let%span sord60 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 use prelude.prelude.Borrow type t_MyHashMap'1 + use prelude.prelude.Int + use prelude.prelude.UInt64 type t_Bdd'0 = - { t_Bdd__0'0: t_Node'0; t_Bdd__1'0: uint64 } + { t_Bdd__0'0: t_Node'0; t_Bdd__1'0: UInt64.t } with t_Node'0 = | C_False'0 | C_True'0 - | C_If'0 uint64 (t_Bdd'0) (t_Bdd'0) + | C_If'0 UInt64.t (t_Bdd'0) (t_Bdd'0) use map.Map @@ -3363,10 +4034,10 @@ module M_bdd__qyi11078426090797403070__not [#"bdd.rs" 509 4 509 56] (* Context<' type t_Context'0 = { t_Context__alloc'0: (); t_Context__hashcons'0: t_MyHashMap'1; - t_Context__hashcons_ghost'0: Snapshot.snap_ty (Map.map uint64 (t_Node'0)); + t_Context__hashcons_ghost'0: Snapshot.snap_ty (Map.map UInt64.t (t_Node'0)); t_Context__not_memo'0: t_MyHashMap'0; t_Context__and_memo'0: t_MyHashMap'2; - t_Context__cnt'0: uint64 } + t_Context__cnt'0: UInt64.t } predicate inv'2 (_1 : t_Bdd'0) @@ -3386,15 +4057,15 @@ module M_bdd__qyi11078426090797403070__not [#"bdd.rs" 509 4 509 56] (* Context<' use map.Map - function view'1 [#"bdd.rs" 49 8 49 37] (self : t_MyHashMap'0) : Map.map uint64 (t_Option'1) + function view'1 [#"bdd.rs" 49 8 49 37] (self : t_MyHashMap'0) : Map.map UInt64.t (t_Option'1) - function view'0 (self : t_MyHashMap'0) : Map.map uint64 (t_Option'1) = + function view'0 (self : t_MyHashMap'0) : Map.map UInt64.t (t_Option'1) = [%#smodel37] view'1 self - function deep_model'1 [#"bdd.rs" 188 4 188 44] (self : t_Bdd'0) : uint64 = + function deep_model'1 [#"bdd.rs" 188 4 188 44] (self : t_Bdd'0) : UInt64.t = [%#sbdd39] self.t_Bdd__1'0 - function deep_model'0 (self : t_Bdd'0) : uint64 = + function deep_model'0 (self : t_Bdd'0) : UInt64.t = [%#smodel38] deep_model'1 self use map.Map @@ -3409,9 +4080,10 @@ module M_bdd__qyi11078426090797403070__not [#"bdd.rs" 509 4 509 56] (* Context<' (! return' {result}) ] - let rec v_If'0 (input:t_Node'0) (ret (v:uint64) (childt:t_Bdd'0) (childf:t_Bdd'0))= any - [ good (v:uint64) (childt:t_Bdd'0) (childf:t_Bdd'0)-> {C_If'0 v childt childf = input} (! ret {v} {childt} {childf}) - | bad -> {forall v : uint64, childt : t_Bdd'0, childf : t_Bdd'0 [C_If'0 v childt childf : t_Node'0] . C_If'0 v childt childf + let rec v_If'0 (input:t_Node'0) (ret (v:UInt64.t) (childt:t_Bdd'0) (childf:t_Bdd'0))= any + [ good (v:UInt64.t) (childt:t_Bdd'0) (childf:t_Bdd'0)-> {C_If'0 v childt childf = input} + (! ret {v} {childt} {childf}) + | bad -> {forall v : UInt64.t, childt : t_Bdd'0, childf : t_Bdd'0 [C_If'0 v childt childf : t_Node'0] . C_If'0 v childt childf <> input} (! {false} any) ] @@ -3420,7 +4092,7 @@ module M_bdd__qyi11078426090797403070__not [#"bdd.rs" 509 4 509 56] (* Context<' type t_NodeLog'0 = | C_False'1 | C_True'1 - | C_If'1 uint64 uint64 uint64 + | C_If'1 UInt64.t UInt64.t UInt64.t function deep_model'2 [#"bdd.rs" 161 4 161 44] (self : t_Node'0) : t_NodeLog'0 = [%#sbdd46] match self with @@ -3446,17 +4118,15 @@ module M_bdd__qyi11078426090797403070__not [#"bdd.rs" 509 4 509 56] (* Context<' use prelude.prelude.UInt64 - use prelude.prelude.Int - - constant v_MAX'0 : uint64 = (18446744073709551615 : uint64) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) function view'5 (self : UInt64.t) : int = - [%#smodel37] UInt64.to_int self + [%#smodel37] UInt64.to_uint self function leastvar'0 [#"bdd.rs" 242 4 242 28] (self : t_Bdd'0) : int = [%#sbdd34] match self with - | {t_Bdd__0'0 = C_True'0} -> UInt64.to_int (v_MAX'0 : uint64) + 1 - | {t_Bdd__0'0 = C_False'0} -> UInt64.to_int (v_MAX'0 : uint64) + 1 + | {t_Bdd__0'0 = C_True'0} -> UInt64.to_uint (v_MAX'0 : UInt64.t) + 1 + | {t_Bdd__0'0 = C_False'0} -> UInt64.to_uint (v_MAX'0 : UInt64.t) + 1 | {t_Bdd__0'0 = C_If'0 v _ _} -> view'5 v end @@ -3466,9 +4136,66 @@ module M_bdd__qyi11078426090797403070__not [#"bdd.rs" 509 4 509 56] (* Context<' | C_False'0 -> true | C_If'0 v childt childf -> childt.t_Bdd__0'0 <> childf.t_Bdd__0'0 /\ is_valid_bdd'0 self childt - /\ is_valid_bdd'0 self childf /\ UInt64.to_int v < leastvar'0 childt /\ UInt64.to_int v < leastvar'0 childf + /\ is_valid_bdd'0 self childf /\ UInt64.to_uint v < leastvar'0 childt /\ UInt64.to_uint v < leastvar'0 childf end + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 + + use prelude.prelude.UInt64 + + function cmp_log'0 (self : UInt64.t) (o : UInt64.t) : t_Ordering'0 = + [%#sord60] if UInt64.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + + function eq_cmp'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom eq_cmp'0_spec : forall x : UInt64.t, y : UInt64.t . [%#sord59] (x = y) = (cmp_log'0 x y = C_Equal'0) + + function antisym2'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom antisym2'0_spec : forall x : UInt64.t, y : UInt64.t . ([%#sord57] cmp_log'0 x y = C_Greater'0) + -> ([%#sord58] cmp_log'0 y x = C_Less'0) + + function antisym1'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom antisym1'0_spec : forall x : UInt64.t, y : UInt64.t . ([%#sord55] cmp_log'0 x y = C_Less'0) + -> ([%#sord56] cmp_log'0 y x = C_Greater'0) + + function trans'0 (x : UInt64.t) (y : UInt64.t) (z : UInt64.t) (o : t_Ordering'0) : () + + axiom trans'0_spec : forall x : UInt64.t, y : UInt64.t, z : UInt64.t, o : t_Ordering'0 . ([%#sord52] cmp_log'0 x y + = o) -> ([%#sord53] cmp_log'0 y z = o) -> ([%#sord54] cmp_log'0 x z = o) + + function refl'0 (x : UInt64.t) : () + + axiom refl'0_spec : forall x : UInt64.t . [%#sord51] cmp_log'0 x x = C_Equal'0 + + use prelude.prelude.UInt64 + + function cmp_gt_log'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom cmp_gt_log'0_spec : forall x : UInt64.t, y : UInt64.t . [%#sord50] UInt64.ugt x y + = (cmp_log'0 x y = C_Greater'0) + + use prelude.prelude.UInt64 + + function cmp_ge_log'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom cmp_ge_log'0_spec : forall x : UInt64.t, y : UInt64.t . [%#sord49] UInt64.uge x y = (cmp_log'0 x y <> C_Less'0) + + function cmp_lt_log'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom cmp_lt_log'0_spec : forall x : UInt64.t, y : UInt64.t . [%#sord48] UInt64.ult x y = (cmp_log'0 x y = C_Less'0) + + use prelude.prelude.UInt64 + + function cmp_le_log'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom cmp_le_log'0_spec : forall x : UInt64.t, y : UInt64.t . [%#sord47] UInt64.ule x y + = (cmp_log'0 x y <> C_Greater'0) + use prelude.prelude.Snapshot use map.Map @@ -3477,7 +4204,7 @@ module M_bdd__qyi11078426090797403070__not [#"bdd.rs" 509 4 509 56] (* Context<' use map.Map - function interp'0 [#"bdd.rs" 212 4 212 53] (self : t_Bdd'0) (vars : Map.map uint64 bool) : bool = + function interp'0 [#"bdd.rs" 212 4 212 53] (self : t_Bdd'0) (vars : Map.map UInt64.t bool) : bool = [%#sbdd33] match self with | {t_Bdd__0'0 = C_True'0} -> true | {t_Bdd__0'0 = C_False'0} -> false @@ -3486,7 +4213,7 @@ module M_bdd__qyi11078426090797403070__not [#"bdd.rs" 509 4 509 56] (* Context<' use map.Map - function view'7 [#"bdd.rs" 49 8 49 37] (self : t_MyHashMap'2) : Map.map (uint64, uint64) (t_Option'1) + function view'7 [#"bdd.rs" 49 8 49 37] (self : t_MyHashMap'2) : Map.map (UInt64.t, UInt64.t) (t_Option'1) use map.Map @@ -3494,18 +4221,18 @@ module M_bdd__qyi11078426090797403070__not [#"bdd.rs" 509 4 509 56] (* Context<' [%#sbdd42] (forall n : t_NodeLog'0 . match Map.get (view'3 self.t_Context__hashcons'0) n with | C_Some'1 b -> view'4 b.t_Bdd__0'0 = n /\ is_valid_node'0 self b.t_Bdd__0'0 - /\ b.t_Bdd__1'0 < self.t_Context__cnt'0 + /\ UInt64.ult b.t_Bdd__1'0 self.t_Context__cnt'0 /\ Map.get (Snapshot.inner self.t_Context__hashcons_ghost'0) b.t_Bdd__1'0 = b.t_Bdd__0'0 | C_None'1 -> true end) - /\ (forall bm : uint64 . match Map.get (view'1 self.t_Context__not_memo'0) bm with + /\ (forall bm : UInt64.t . match Map.get (view'1 self.t_Context__not_memo'0) bm with | C_None'1 -> true | C_Some'1 n -> let b = { t_Bdd__0'0 = Map.get (Snapshot.inner self.t_Context__hashcons_ghost'0) bm; t_Bdd__1'0 = bm } in is_valid_bdd'0 self n /\ is_valid_bdd'0 self b /\ (forall v : Map.map UInt64.t bool . interp'0 n v = (not interp'0 b v)) /\ leastvar'0 b <= leastvar'0 n end) - /\ (forall abm : (uint64, uint64) . match Map.get (view'7 self.t_Context__and_memo'0) abm with + /\ (forall abm : (UInt64.t, UInt64.t) . match Map.get (view'7 self.t_Context__and_memo'0) abm with | C_None'1 -> true | C_Some'1 n -> let a = { t_Bdd__0'0 = Map.get (Snapshot.inner self.t_Context__hashcons_ghost'0) (let (a, _) = abm in a); t_Bdd__1'0 = (let (a, _) = abm in a) } in let b = { t_Bdd__0'0 = Map.get (Snapshot.inner self.t_Context__hashcons_ghost'0) (let (_, a) = abm in a); @@ -3532,22 +4259,22 @@ module M_bdd__qyi11078426090797403070__not [#"bdd.rs" 509 4 509 56] (* Context<' axiom inv_axiom'1 [@rewrite] : forall x : borrowed (t_Context'0) [inv'1 x] . inv'1 x = invariant'1 x predicate grows'0 [#"bdd.rs" 299 4 299 35] (self : borrowed (t_Context'0)) = - [%#sbdd32] UInt64.to_int (self.current).t_Context__cnt'0 <= UInt64.to_int (self.final).t_Context__cnt'0 + [%#sbdd32] UInt64.to_uint (self.current).t_Context__cnt'0 <= UInt64.to_uint (self.final).t_Context__cnt'0 /\ (forall n : t_NodeLog'0 . match Map.get (view'3 (self.current).t_Context__hashcons'0) n with | C_Some'1 b -> Map.get (view'3 (self.final).t_Context__hashcons'0) n = C_Some'1 b | C_None'1 -> true end) - let rec node'0 (self:borrowed (t_Context'0)) (x:uint64) (childt:t_Bdd'0) (childf:t_Bdd'0) (return' (ret:t_Bdd'0))= {[@expl:node 'self' type invariant] [%#sbdd10] inv'1 self} + let rec node'0 (self:borrowed (t_Context'0)) (x:UInt64.t) (childt:t_Bdd'0) (childf:t_Bdd'0) (return' (ret:t_Bdd'0))= {[@expl:node 'self' type invariant] [%#sbdd10] inv'1 self} {[@expl:node requires #0] [%#sbdd11] is_valid_bdd'0 self.current childt} {[@expl:node requires #1] [%#sbdd12] is_valid_bdd'0 self.current childf} - {[@expl:node requires #2] [%#sbdd13] UInt64.to_int x < leastvar'0 childt /\ UInt64.to_int x < leastvar'0 childf} + {[@expl:node requires #2] [%#sbdd13] UInt64.to_uint x < leastvar'0 childt /\ UInt64.to_uint x < leastvar'0 childf} any [ return' (result:t_Bdd'0)-> {[%#sbdd14] grows'0 self} {[%#sbdd15] is_valid_bdd'0 self.final result} - {[%#sbdd16] forall v : Map.map uint64 bool . interp'0 result v + {[%#sbdd16] forall v : Map.map UInt64.t bool . interp'0 result v = (if Map.get v x then interp'0 childt v else interp'0 childf v)} - {[%#sbdd17] UInt64.to_int x <= leastvar'0 result} + {[%#sbdd17] UInt64.to_uint x <= leastvar'0 result} (! return' {result}) ] @@ -3555,8 +4282,8 @@ module M_bdd__qyi11078426090797403070__not [#"bdd.rs" 509 4 509 56] (* Context<' any [ return' (result:t_Bdd'0)-> {[%#sbdd19] grows'0 self} {[%#sbdd20] is_valid_bdd'0 self.final result} - {[%#sbdd21] forall v : Map.map uint64 bool . not interp'0 result v} - {[%#sbdd22] UInt64.to_int (v_MAX'0 : uint64) + 1 = leastvar'0 result} + {[%#sbdd21] forall v : Map.map UInt64.t bool . not interp'0 result v} + {[%#sbdd22] UInt64.to_uint (v_MAX'0 : UInt64.t) + 1 = leastvar'0 result} (! return' {result}) ] @@ -3564,8 +4291,8 @@ module M_bdd__qyi11078426090797403070__not [#"bdd.rs" 509 4 509 56] (* Context<' any [ return' (result:t_Bdd'0)-> {[%#sbdd24] grows'0 self} {[%#sbdd25] is_valid_bdd'0 self.final result} - {[%#sbdd26] forall v : Map.map uint64 bool . interp'0 result v} - {[%#sbdd27] UInt64.to_int (v_MAX'0 : uint64) + 1 = leastvar'0 result} + {[%#sbdd26] forall v : Map.map UInt64.t bool . interp'0 result v} + {[%#sbdd27] UInt64.to_uint (v_MAX'0 : UInt64.t) + 1 = leastvar'0 result} (! return' {result}) ] @@ -3573,13 +4300,13 @@ module M_bdd__qyi11078426090797403070__not [#"bdd.rs" 509 4 509 56] (* Context<' axiom inv_axiom'4 [@rewrite] : forall x : t_Bdd'0 [inv'4 x] . inv'4 x = true - function view'2 (self : borrowed (t_MyHashMap'0)) : Map.map uint64 (t_Option'1) = + function view'2 (self : borrowed (t_MyHashMap'0)) : Map.map UInt64.t (t_Option'1) = [%#smodel40] view'1 self.current let rec add'0 (self:borrowed (t_MyHashMap'0)) (key:t_Bdd'0) (val':t_Bdd'0) (return' (ret:()))= {[@expl:add 'key' type invariant] [%#sbdd28] inv'4 key} {[@expl:add 'val' type invariant] [%#sbdd29] inv'4 val'} any - [ return' (result:())-> {[%#sbdd30] forall i : uint64 . Map.get (view'1 self.final) i + [ return' (result:())-> {[%#sbdd30] forall i : UInt64.t . Map.get (view'1 self.final) i = (if i = deep_model'1 key then C_Some'1 val' else Map.get (view'2 self) i)} (! return' {result}) ] @@ -3620,14 +4347,14 @@ module M_bdd__qyi11078426090797403070__not [#"bdd.rs" 509 4 509 56] (* Context<' | bb4 = any [ br0 -> {x.t_Bdd__0'0 = C_False'0 } (! bb7) | br1 -> {x.t_Bdd__0'0 = C_True'0 } (! bb6) - | br2 (x0:uint64) (x1:t_Bdd'0) (x2:t_Bdd'0)-> {x.t_Bdd__0'0 = C_If'0 x0 x1 x2} (! bb8) ] + | br2 (x0:UInt64.t) (x1:t_Bdd'0) (x2:t_Bdd'0)-> {x.t_Bdd__0'0 = C_If'0 x0 x1 x2} (! bb8) ] | bb8 = s0 - [ s0 = v_If'0 {x.t_Bdd__0'0} (fun (rv'0:uint64) (rchildt'0:t_Bdd'0) (rchildf'0:t_Bdd'0) -> [ &v <- rv'0 ] s1) + [ s0 = v_If'0 {x.t_Bdd__0'0} (fun (rv'0:UInt64.t) (rchildt'0:t_Bdd'0) (rchildf'0:t_Bdd'0) -> [ &v <- rv'0 ] s1) | s1 = v_If'0 {x.t_Bdd__0'0} - (fun (rv'1:uint64) (rchildt'1:t_Bdd'0) (rchildf'1:t_Bdd'0) -> [ &childt <- rchildt'1 ] s2) + (fun (rv'1:UInt64.t) (rchildt'1:t_Bdd'0) (rchildf'1:t_Bdd'0) -> [ &childt <- rchildt'1 ] s2) | s2 = v_If'0 {x.t_Bdd__0'0} - (fun (rv'2:uint64) (rchildt'2:t_Bdd'0) (rchildf'2:t_Bdd'0) -> [ &childf <- rchildf'2 ] s3) + (fun (rv'2:UInt64.t) (rchildt'2:t_Bdd'0) (rchildf'2:t_Bdd'0) -> [ &childf <- rchildf'2 ] s3) | s3 = {inv'0 self.current} Borrow.borrow_mut {self.current} (fun (_ret':borrowed (t_Context'0)) -> @@ -3721,7 +4448,7 @@ module M_bdd__qyi11078426090797403070__not [#"bdd.rs" 509 4 509 56] (* Context<' | & r1 : t_Bdd'0 = any_l () | & _19 : borrowed (t_Context'0) = any_l () | & _20 : borrowed (t_Context'0) = any_l () - | & v : uint64 = any_l () + | & v : UInt64.t = any_l () | & childt : t_Bdd'0 = any_l () | & childf : t_Bdd'0 = any_l () | & childt1 : t_Bdd'0 = any_l () @@ -3734,7 +4461,7 @@ module M_bdd__qyi11078426090797403070__not [#"bdd.rs" 509 4 509 56] (* Context<' [ return' (result:t_Bdd'0)-> {[@expl:not ensures #0] [%#sbdd2] grows'0 self} {[@expl:not ensures #1] [%#sbdd3] is_valid_bdd'0 self.final result} - {[@expl:not ensures #2] [%#sbdd4] forall v : Map.map uint64 bool . interp'0 result v = (not interp'0 x v)} + {[@expl:not ensures #2] [%#sbdd4] forall v : Map.map UInt64.t bool . interp'0 result v = (not interp'0 x v)} {[@expl:not ensures #3] [%#sbdd5] leastvar'0 x <= leastvar'0 result} (! return' {result}) ] @@ -3778,7 +4505,7 @@ module M_bdd__qyi11078426090797403070__and [#"bdd.rs" 533 4 533 72] (* Context<' let%span smodel35 = "../../../creusot-contracts/src/model.rs" 88 8 88 22 let%span smodel36 = "../../../creusot-contracts/src/model.rs" 79 8 79 28 let%span sresolve37 = "../../../creusot-contracts/src/resolve.rs" 54 20 54 34 - let%span snum38 = "../../../creusot-contracts/src/std/num.rs" 21 28 21 33 + let%span snum38 = "../../../creusot-contracts/src/std/num.rs" 52 28 52 33 let%span sord39 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 let%span stuples40 = "../../../creusot-contracts/src/std/tuples.rs" 29 28 29 57 let%span smodel41 = "../../../creusot-contracts/src/model.rs" 106 8 106 22 @@ -3801,19 +4528,35 @@ module M_bdd__qyi11078426090797403070__and [#"bdd.rs" 533 4 533 72] (* Context<' let%span sbdd58 = "bdd.rs" 179 20 179 37 let%span sbdd59 = "bdd.rs" 321 12 330 13 let%span sbdd60 = "bdd.rs" 163 12 167 13 + let%span sord61 = "../../../creusot-contracts/src/logic/ord.rs" 78 39 78 89 + let%span sord62 = "../../../creusot-contracts/src/logic/ord.rs" 83 39 83 86 + let%span sord63 = "../../../creusot-contracts/src/logic/ord.rs" 88 39 88 86 + let%span sord64 = "../../../creusot-contracts/src/logic/ord.rs" 93 39 93 89 + let%span sord65 = "../../../creusot-contracts/src/logic/ord.rs" 98 39 98 70 + let%span sord66 = "../../../creusot-contracts/src/logic/ord.rs" 103 40 103 57 + let%span sord67 = "../../../creusot-contracts/src/logic/ord.rs" 104 40 104 57 + let%span sord68 = "../../../creusot-contracts/src/logic/ord.rs" 105 39 105 56 + let%span sord69 = "../../../creusot-contracts/src/logic/ord.rs" 110 40 110 70 + let%span sord70 = "../../../creusot-contracts/src/logic/ord.rs" 111 39 111 72 + let%span sord71 = "../../../creusot-contracts/src/logic/ord.rs" 116 40 116 73 + let%span sord72 = "../../../creusot-contracts/src/logic/ord.rs" 117 39 117 69 + let%span sord73 = "../../../creusot-contracts/src/logic/ord.rs" 122 39 122 84 + let%span sord74 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 use prelude.prelude.Borrow type t_MyHashMap'1 + use prelude.prelude.Int + use prelude.prelude.UInt64 type t_Bdd'0 = - { t_Bdd__0'0: t_Node'0; t_Bdd__1'0: uint64 } + { t_Bdd__0'0: t_Node'0; t_Bdd__1'0: UInt64.t } with t_Node'0 = | C_False'0 | C_True'0 - | C_If'0 uint64 (t_Bdd'0) (t_Bdd'0) + | C_If'0 UInt64.t (t_Bdd'0) (t_Bdd'0) use map.Map @@ -3826,10 +4569,10 @@ module M_bdd__qyi11078426090797403070__and [#"bdd.rs" 533 4 533 72] (* Context<' type t_Context'0 = { t_Context__alloc'0: (); t_Context__hashcons'0: t_MyHashMap'1; - t_Context__hashcons_ghost'0: Snapshot.snap_ty (Map.map uint64 (t_Node'0)); + t_Context__hashcons_ghost'0: Snapshot.snap_ty (Map.map UInt64.t (t_Node'0)); t_Context__not_memo'0: t_MyHashMap'2; t_Context__and_memo'0: t_MyHashMap'0; - t_Context__cnt'0: uint64 } + t_Context__cnt'0: UInt64.t } predicate inv'2 (_1 : (t_Bdd'0, t_Bdd'0)) @@ -3849,18 +4592,18 @@ module M_bdd__qyi11078426090797403070__and [#"bdd.rs" 533 4 533 72] (* Context<' use map.Map - function view'1 [#"bdd.rs" 49 8 49 37] (self : t_MyHashMap'0) : Map.map (uint64, uint64) (t_Option'1) + function view'1 [#"bdd.rs" 49 8 49 37] (self : t_MyHashMap'0) : Map.map (UInt64.t, UInt64.t) (t_Option'1) - function view'0 (self : t_MyHashMap'0) : Map.map (uint64, uint64) (t_Option'1) = + function view'0 (self : t_MyHashMap'0) : Map.map (UInt64.t, UInt64.t) (t_Option'1) = [%#smodel35] view'1 self - function deep_model'3 [#"bdd.rs" 188 4 188 44] (self : t_Bdd'0) : uint64 = + function deep_model'3 [#"bdd.rs" 188 4 188 44] (self : t_Bdd'0) : UInt64.t = [%#sbdd57] self.t_Bdd__1'0 - function deep_model'2 (self : (t_Bdd'0, t_Bdd'0)) : (uint64, uint64) = + function deep_model'2 (self : (t_Bdd'0, t_Bdd'0)) : (UInt64.t, UInt64.t) = [%#stuples40] (deep_model'3 (let (a, _) = self in a), deep_model'3 (let (_, a) = self in a)) - function deep_model'0 (self : (t_Bdd'0, t_Bdd'0)) : (uint64, uint64) = + function deep_model'0 (self : (t_Bdd'0, t_Bdd'0)) : (UInt64.t, UInt64.t) = [%#smodel36] deep_model'2 self use map.Map @@ -3878,7 +4621,7 @@ module M_bdd__qyi11078426090797403070__and [#"bdd.rs" 533 4 533 72] (* Context<' type t_NodeLog'0 = | C_False'1 | C_True'1 - | C_If'1 uint64 uint64 uint64 + | C_If'1 UInt64.t UInt64.t UInt64.t function deep_model'4 [#"bdd.rs" 161 4 161 44] (self : t_Node'0) : t_NodeLog'0 = [%#sbdd60] match self with @@ -3904,17 +4647,15 @@ module M_bdd__qyi11078426090797403070__and [#"bdd.rs" 533 4 533 72] (* Context<' use prelude.prelude.UInt64 - use prelude.prelude.Int - - constant v_MAX'0 : uint64 = (18446744073709551615 : uint64) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - function view'5 (self : uint64) : int = - [%#smodel35] UInt64.to_int self + function view'5 (self : UInt64.t) : int = + [%#smodel35] UInt64.to_uint self function leastvar'0 [#"bdd.rs" 242 4 242 28] (self : t_Bdd'0) : int = [%#sbdd32] match self with - | {t_Bdd__0'0 = C_True'0} -> UInt64.to_int (v_MAX'0 : uint64) + 1 - | {t_Bdd__0'0 = C_False'0} -> UInt64.to_int (v_MAX'0 : uint64) + 1 + | {t_Bdd__0'0 = C_True'0} -> UInt64.to_uint (v_MAX'0 : UInt64.t) + 1 + | {t_Bdd__0'0 = C_False'0} -> UInt64.to_uint (v_MAX'0 : UInt64.t) + 1 | {t_Bdd__0'0 = C_If'0 v _ _} -> view'5 v end @@ -3924,9 +4665,66 @@ module M_bdd__qyi11078426090797403070__and [#"bdd.rs" 533 4 533 72] (* Context<' | C_False'0 -> true | C_If'0 v childt childf -> childt.t_Bdd__0'0 <> childf.t_Bdd__0'0 /\ is_valid_bdd'0 self childt - /\ is_valid_bdd'0 self childf /\ UInt64.to_int v < leastvar'0 childt /\ UInt64.to_int v < leastvar'0 childf + /\ is_valid_bdd'0 self childf /\ UInt64.to_uint v < leastvar'0 childt /\ UInt64.to_uint v < leastvar'0 childf end + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 + + use prelude.prelude.UInt64 + + function cmp_log'1 (self : UInt64.t) (o : UInt64.t) : t_Ordering'0 = + [%#sord74] if UInt64.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + + function eq_cmp'1 (x : UInt64.t) (y : UInt64.t) : () + + axiom eq_cmp'1_spec : forall x : UInt64.t, y : UInt64.t . [%#sord73] (x = y) = (cmp_log'1 x y = C_Equal'0) + + function antisym2'1 (x : UInt64.t) (y : UInt64.t) : () + + axiom antisym2'1_spec : forall x : UInt64.t, y : UInt64.t . ([%#sord71] cmp_log'1 x y = C_Greater'0) + -> ([%#sord72] cmp_log'1 y x = C_Less'0) + + function antisym1'1 (x : UInt64.t) (y : UInt64.t) : () + + axiom antisym1'1_spec : forall x : UInt64.t, y : UInt64.t . ([%#sord69] cmp_log'1 x y = C_Less'0) + -> ([%#sord70] cmp_log'1 y x = C_Greater'0) + + function trans'1 (x : UInt64.t) (y : UInt64.t) (z : UInt64.t) (o : t_Ordering'0) : () + + axiom trans'1_spec : forall x : UInt64.t, y : UInt64.t, z : UInt64.t, o : t_Ordering'0 . ([%#sord66] cmp_log'1 x y + = o) -> ([%#sord67] cmp_log'1 y z = o) -> ([%#sord68] cmp_log'1 x z = o) + + function refl'1 (x : UInt64.t) : () + + axiom refl'1_spec : forall x : UInt64.t . [%#sord65] cmp_log'1 x x = C_Equal'0 + + use prelude.prelude.UInt64 + + function cmp_gt_log'1 (x : UInt64.t) (y : UInt64.t) : () + + axiom cmp_gt_log'1_spec : forall x : UInt64.t, y : UInt64.t . [%#sord64] UInt64.ugt x y + = (cmp_log'1 x y = C_Greater'0) + + use prelude.prelude.UInt64 + + function cmp_ge_log'1 (x : UInt64.t) (y : UInt64.t) : () + + axiom cmp_ge_log'1_spec : forall x : UInt64.t, y : UInt64.t . [%#sord63] UInt64.uge x y = (cmp_log'1 x y <> C_Less'0) + + function cmp_lt_log'1 (x : UInt64.t) (y : UInt64.t) : () + + axiom cmp_lt_log'1_spec : forall x : UInt64.t, y : UInt64.t . [%#sord62] UInt64.ult x y = (cmp_log'1 x y = C_Less'0) + + use prelude.prelude.UInt64 + + function cmp_le_log'1 (x : UInt64.t) (y : UInt64.t) : () + + axiom cmp_le_log'1_spec : forall x : UInt64.t, y : UInt64.t . [%#sord61] UInt64.ule x y + = (cmp_log'1 x y <> C_Greater'0) + use prelude.prelude.Snapshot use map.Map @@ -3935,7 +4733,7 @@ module M_bdd__qyi11078426090797403070__and [#"bdd.rs" 533 4 533 72] (* Context<' use map.Map - function interp'0 [#"bdd.rs" 212 4 212 53] (self : t_Bdd'0) (vars : Map.map uint64 bool) : bool = + function interp'0 [#"bdd.rs" 212 4 212 53] (self : t_Bdd'0) (vars : Map.map UInt64.t bool) : bool = [%#sbdd31] match self with | {t_Bdd__0'0 = C_True'0} -> true | {t_Bdd__0'0 = C_False'0} -> false @@ -3944,7 +4742,7 @@ module M_bdd__qyi11078426090797403070__and [#"bdd.rs" 533 4 533 72] (* Context<' use map.Map - function view'7 [#"bdd.rs" 49 8 49 37] (self : t_MyHashMap'2) : Map.map uint64 (t_Option'1) + function view'7 [#"bdd.rs" 49 8 49 37] (self : t_MyHashMap'2) : Map.map UInt64.t (t_Option'1) use map.Map @@ -3952,18 +4750,18 @@ module M_bdd__qyi11078426090797403070__and [#"bdd.rs" 533 4 533 72] (* Context<' [%#sbdd56] (forall n : t_NodeLog'0 . match Map.get (view'3 self.t_Context__hashcons'0) n with | C_Some'1 b -> view'4 b.t_Bdd__0'0 = n /\ is_valid_node'0 self b.t_Bdd__0'0 - /\ b.t_Bdd__1'0 < self.t_Context__cnt'0 + /\ UInt64.ult b.t_Bdd__1'0 self.t_Context__cnt'0 /\ Map.get (Snapshot.inner self.t_Context__hashcons_ghost'0) b.t_Bdd__1'0 = b.t_Bdd__0'0 | C_None'1 -> true end) - /\ (forall bm : uint64 . match Map.get (view'7 self.t_Context__not_memo'0) bm with + /\ (forall bm : UInt64.t . match Map.get (view'7 self.t_Context__not_memo'0) bm with | C_None'1 -> true | C_Some'1 n -> let b = { t_Bdd__0'0 = Map.get (Snapshot.inner self.t_Context__hashcons_ghost'0) bm; t_Bdd__1'0 = bm } in is_valid_bdd'0 self n /\ is_valid_bdd'0 self b /\ (forall v : Map.map UInt64.t bool . interp'0 n v = (not interp'0 b v)) /\ leastvar'0 b <= leastvar'0 n end) - /\ (forall abm : (uint64, uint64) . match Map.get (view'1 self.t_Context__and_memo'0) abm with + /\ (forall abm : (UInt64.t, UInt64.t) . match Map.get (view'1 self.t_Context__and_memo'0) abm with | C_None'1 -> true | C_Some'1 n -> let a = { t_Bdd__0'0 = Map.get (Snapshot.inner self.t_Context__hashcons_ghost'0) (let (a, _) = abm in a); t_Bdd__1'0 = (let (a, _) = abm in a) } in let b = { t_Bdd__0'0 = Map.get (Snapshot.inner self.t_Context__hashcons_ghost'0) (let (_, a) = abm in a); @@ -3995,21 +4793,17 @@ module M_bdd__qyi11078426090797403070__and [#"bdd.rs" 533 4 533 72] (* Context<' predicate resolve'0 (_1 : borrowed (t_Context'0)) = resolve'1 _1 - let rec v_If'0 (input:t_Node'0) (ret (v:uint64) (childt:t_Bdd'0) (childf:t_Bdd'0))= any - [ good (v:uint64) (childt:t_Bdd'0) (childf:t_Bdd'0)-> {C_If'0 v childt childf = input} (! ret {v} {childt} {childf}) - | bad -> {forall v : uint64, childt : t_Bdd'0, childf : t_Bdd'0 [C_If'0 v childt childf : t_Node'0] . C_If'0 v childt childf + let rec v_If'0 (input:t_Node'0) (ret (v:UInt64.t) (childt:t_Bdd'0) (childf:t_Bdd'0))= any + [ good (v:UInt64.t) (childt:t_Bdd'0) (childf:t_Bdd'0)-> {C_If'0 v childt childf = input} + (! ret {v} {childt} {childf}) + | bad -> {forall v : UInt64.t, childt : t_Bdd'0, childf : t_Bdd'0 [C_If'0 v childt childf : t_Node'0] . C_If'0 v childt childf <> input} (! {false} any) ] function deep_model'1 (self : UInt64.t) : int = - [%#snum38] UInt64.to_int self - - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + [%#snum38] UInt64.to_uint self function cmp_log'0 (self : int) (o : int) : t_Ordering'0 = [%#sord39] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 @@ -4053,28 +4847,28 @@ module M_bdd__qyi11078426090797403070__and [#"bdd.rs" 533 4 533 72] (* Context<' axiom cmp_le_log'0_spec : forall x : int, y : int . [%#sord43] (x <= y) = (cmp_log'0 x y <> C_Greater'0) - let rec cmp'0 (self:uint64) (other:uint64) (return' (ret:t_Ordering'0))= any + let rec cmp'0 (self:UInt64.t) (other:UInt64.t) (return' (ret:t_Ordering'0))= any [ return' (result:t_Ordering'0)-> {[%#scmp12] result = cmp_log'0 (deep_model'1 self) (deep_model'1 other)} (! return' {result}) ] predicate grows'0 [#"bdd.rs" 299 4 299 35] (self : borrowed (t_Context'0)) = - [%#sbdd30] UInt64.to_int (self.current).t_Context__cnt'0 <= UInt64.to_int (self.final).t_Context__cnt'0 + [%#sbdd30] UInt64.to_uint (self.current).t_Context__cnt'0 <= UInt64.to_uint (self.final).t_Context__cnt'0 /\ (forall n : t_NodeLog'0 . match Map.get (view'3 (self.current).t_Context__hashcons'0) n with | C_Some'1 b -> Map.get (view'3 (self.final).t_Context__hashcons'0) n = C_Some'1 b | C_None'1 -> true end) - let rec node'0 (self:borrowed (t_Context'0)) (x:uint64) (childt:t_Bdd'0) (childf:t_Bdd'0) (return' (ret:t_Bdd'0))= {[@expl:node 'self' type invariant] [%#sbdd13] inv'0 self} + let rec node'0 (self:borrowed (t_Context'0)) (x:UInt64.t) (childt:t_Bdd'0) (childf:t_Bdd'0) (return' (ret:t_Bdd'0))= {[@expl:node 'self' type invariant] [%#sbdd13] inv'0 self} {[@expl:node requires #0] [%#sbdd14] is_valid_bdd'0 self.current childt} {[@expl:node requires #1] [%#sbdd15] is_valid_bdd'0 self.current childf} - {[@expl:node requires #2] [%#sbdd16] UInt64.to_int x < leastvar'0 childt /\ UInt64.to_int x < leastvar'0 childf} + {[@expl:node requires #2] [%#sbdd16] UInt64.to_uint x < leastvar'0 childt /\ UInt64.to_uint x < leastvar'0 childf} any [ return' (result:t_Bdd'0)-> {[%#sbdd17] grows'0 self} {[%#sbdd18] is_valid_bdd'0 self.final result} - {[%#sbdd19] forall v : Map.map uint64 bool . interp'0 result v + {[%#sbdd19] forall v : Map.map UInt64.t bool . interp'0 result v = (if Map.get v x then interp'0 childt v else interp'0 childf v)} - {[%#sbdd20] UInt64.to_int x <= leastvar'0 result} + {[%#sbdd20] UInt64.to_uint x <= leastvar'0 result} (! return' {result}) ] @@ -4082,8 +4876,8 @@ module M_bdd__qyi11078426090797403070__and [#"bdd.rs" 533 4 533 72] (* Context<' any [ return' (result:t_Bdd'0)-> {[%#sbdd22] grows'0 self} {[%#sbdd23] is_valid_bdd'0 self.final result} - {[%#sbdd24] forall v : Map.map uint64 bool . not interp'0 result v} - {[%#sbdd25] UInt64.to_int (v_MAX'0 : uint64) + 1 = leastvar'0 result} + {[%#sbdd24] forall v : Map.map UInt64.t bool . not interp'0 result v} + {[%#sbdd25] UInt64.to_uint (v_MAX'0 : UInt64.t) + 1 = leastvar'0 result} (! return' {result}) ] @@ -4095,13 +4889,13 @@ module M_bdd__qyi11078426090797403070__and [#"bdd.rs" 533 4 533 72] (* Context<' axiom inv_axiom'5 [@rewrite] : forall x : t_Bdd'0 [inv'5 x] . inv'5 x = true - function view'2 (self : borrowed (t_MyHashMap'0)) : Map.map (uint64, uint64) (t_Option'1) = + function view'2 (self : borrowed (t_MyHashMap'0)) : Map.map (UInt64.t, UInt64.t) (t_Option'1) = [%#smodel41] view'1 self.current let rec add'0 (self:borrowed (t_MyHashMap'0)) (key:(t_Bdd'0, t_Bdd'0)) (val':t_Bdd'0) (return' (ret:()))= {[@expl:add 'key' type invariant] [%#sbdd26] inv'4 key} {[@expl:add 'val' type invariant] [%#sbdd27] inv'5 val'} any - [ return' (result:())-> {[%#sbdd28] forall i : (uint64, uint64) . Map.get (view'1 self.final) i + [ return' (result:())-> {[%#sbdd28] forall i : (UInt64.t, UInt64.t) . Map.get (view'1 self.final) i = (if i = deep_model'2 key then C_Some'1 val' else Map.get (view'2 self) i)} (! return' {result}) ] @@ -4140,45 +4934,45 @@ module M_bdd__qyi11078426090797403070__and [#"bdd.rs" 533 4 533 72] (* Context<' | s1 = any [ br0 -> {(let (r'0, _) = _23 in r'0) = C_False'0 } (! bb5) | br1 -> {(let (r'0, _) = _23 in r'0) = C_True'0 } (! bb6) - | br2 (x0:uint64) (x1:t_Bdd'0) (x2:t_Bdd'0)-> {(let (r'0, _) = _23 in r'0) = C_If'0 x0 x1 x2} (! bb5) ] + | br2 (x0:UInt64.t) (x1:t_Bdd'0) (x2:t_Bdd'0)-> {(let (r'0, _) = _23 in r'0) = C_If'0 x0 x1 x2} (! bb5) ] ] | bb5 = any [ br0 -> {(let (_, r'0) = _23 in r'0) = C_False'0 } (! bb7) | br1 -> {(let (_, r'0) = _23 in r'0) = C_True'0 } (! bb8) - | br2 (x0:uint64) (x1:t_Bdd'0) (x2:t_Bdd'0)-> {(let (_, r'0) = _23 in r'0) = C_If'0 x0 x1 x2} (! bb7) ] + | br2 (x0:UInt64.t) (x1:t_Bdd'0) (x2:t_Bdd'0)-> {(let (_, r'0) = _23 in r'0) = C_If'0 x0 x1 x2} (! bb7) ] | bb7 = any [ br0 -> {(let (r'0, _) = _23 in r'0) = C_False'0 } (! bb13) | br1 -> {(let (r'0, _) = _23 in r'0) = C_True'0 } (! bb9) - | br2 (x0:uint64) (x1:t_Bdd'0) (x2:t_Bdd'0)-> {(let (r'0, _) = _23 in r'0) = C_If'0 x0 x1 x2} (! bb9) ] + | br2 (x0:UInt64.t) (x1:t_Bdd'0) (x2:t_Bdd'0)-> {(let (r'0, _) = _23 in r'0) = C_If'0 x0 x1 x2} (! bb9) ] | bb9 = any [ br0 -> {(let (_, r'0) = _23 in r'0) = C_False'0 } (! bb13) | br1 -> {(let (_, r'0) = _23 in r'0) = C_True'0 } (! bb10) - | br2 (x0:uint64) (x1:t_Bdd'0) (x2:t_Bdd'0)-> {(let (_, r'0) = _23 in r'0) = C_If'0 x0 x1 x2} (! bb11) ] + | br2 (x0:UInt64.t) (x1:t_Bdd'0) (x2:t_Bdd'0)-> {(let (_, r'0) = _23 in r'0) = C_If'0 x0 x1 x2} (! bb11) ] | bb11 = any [ br0 -> {(let (r'0, _) = _23 in r'0) = C_False'0 } (! bb10) | br1 -> {(let (r'0, _) = _23 in r'0) = C_True'0 } (! bb10) - | br2 (x0:uint64) (x1:t_Bdd'0) (x2:t_Bdd'0)-> {(let (r'0, _) = _23 in r'0) = C_If'0 x0 x1 x2} (! bb12) ] + | br2 (x0:UInt64.t) (x1:t_Bdd'0) (x2:t_Bdd'0)-> {(let (r'0, _) = _23 in r'0) = C_If'0 x0 x1 x2} (! bb12) ] | bb10 = s0 [ s0 = {[@expl:type invariant] inv'0 self} s1 | s1 = -{resolve'0 self}- s2 | s2 = {[%#sbdd0] false} any ] | bb12 = s0 [ s0 = v_If'0 {let (r'0, _) = _23 in r'0} - (fun (rv'0:uint64) (rchildt'0:t_Bdd'0) (rchildf'0:t_Bdd'0) -> [ &va <- rv'0 ] s1) + (fun (rv'0:UInt64.t) (rchildt'0:t_Bdd'0) (rchildf'0:t_Bdd'0) -> [ &va <- rv'0 ] s1) | s1 = v_If'0 {let (r'1, _) = _23 in r'1} - (fun (rv'1:uint64) (rchildt'1:t_Bdd'0) (rchildf'1:t_Bdd'0) -> [ &childta <- rchildt'1 ] s2) + (fun (rv'1:UInt64.t) (rchildt'1:t_Bdd'0) (rchildf'1:t_Bdd'0) -> [ &childta <- rchildt'1 ] s2) | s2 = v_If'0 {let (r'2, _) = _23 in r'2} - (fun (rv'2:uint64) (rchildt'2:t_Bdd'0) (rchildf'2:t_Bdd'0) -> [ &childfa <- rchildf'2 ] s3) + (fun (rv'2:UInt64.t) (rchildt'2:t_Bdd'0) (rchildf'2:t_Bdd'0) -> [ &childfa <- rchildf'2 ] s3) | s3 = v_If'0 {let (_, r'3) = _23 in r'3} - (fun (rv'3:uint64) (rchildt'3:t_Bdd'0) (rchildf'3:t_Bdd'0) -> [ &vb <- rv'3 ] s4) + (fun (rv'3:UInt64.t) (rchildt'3:t_Bdd'0) (rchildf'3:t_Bdd'0) -> [ &vb <- rv'3 ] s4) | s4 = v_If'0 {let (_, r'4) = _23 in r'4} - (fun (rv'4:uint64) (rchildt'4:t_Bdd'0) (rchildf'4:t_Bdd'0) -> [ &childtb <- rchildt'4 ] s5) + (fun (rv'4:UInt64.t) (rchildt'4:t_Bdd'0) (rchildf'4:t_Bdd'0) -> [ &childtb <- rchildt'4 ] s5) | s5 = v_If'0 {let (_, r'5) = _23 in r'5} - (fun (rv'5:uint64) (rchildt'5:t_Bdd'0) (rchildf'5:t_Bdd'0) -> [ &childfb <- rchildf'5 ] s6) + (fun (rv'5:UInt64.t) (rchildt'5:t_Bdd'0) (rchildf'5:t_Bdd'0) -> [ &childfb <- rchildf'5 ] s6) | s6 = [ &_45 <- vb ] s7 | s7 = cmp'0 {va} {_45} (fun (_ret':t_Ordering'0) -> [ &_42 <- _ret' ] s8) | s8 = bb18 ] @@ -4329,17 +5123,17 @@ module M_bdd__qyi11078426090797403070__and [#"bdd.rs" 533 4 533 72] (* Context<' | & r1 : t_Bdd'0 = any_l () | & _23 : (t_Node'0, t_Node'0) = any_l () | & _31 : borrowed (t_Context'0) = any_l () - | & va : uint64 = any_l () + | & va : UInt64.t = any_l () | & childta : t_Bdd'0 = any_l () | & childfa : t_Bdd'0 = any_l () - | & vb : uint64 = any_l () + | & vb : UInt64.t = any_l () | & childtb : t_Bdd'0 = any_l () | & childfb : t_Bdd'0 = any_l () - | & v : uint64 = any_l () + | & v : UInt64.t = any_l () | & childt : t_Bdd'0 = any_l () | & childf : t_Bdd'0 = any_l () | & _42 : t_Ordering'0 = any_l () - | & _45 : uint64 = any_l () + | & _45 : UInt64.t = any_l () | & _48 : t_Bdd'0 = any_l () | & _49 : borrowed (t_Context'0) = any_l () | & _52 : t_Bdd'0 = any_l () @@ -4359,7 +5153,7 @@ module M_bdd__qyi11078426090797403070__and [#"bdd.rs" 533 4 533 72] (* Context<' [ return' (result:t_Bdd'0)-> {[@expl:and ensures #0] [%#sbdd4] grows'0 self} {[@expl:and ensures #1] [%#sbdd5] is_valid_bdd'0 self.final result} - {[@expl:and ensures #2] [%#sbdd6] forall v : Map.map uint64 bool . interp'0 result v + {[@expl:and ensures #2] [%#sbdd6] forall v : Map.map UInt64.t bool . interp'0 result v = (interp'0 a v /\ interp'0 b v)} {[@expl:and ensures #3] [%#sbdd7] leastvar'0 a <= leastvar'0 result \/ leastvar'0 b <= leastvar'0 result} (! return' {result}) ] @@ -4394,7 +5188,9 @@ module M_bdd__hashmap__qyi11648407051195780326__hash__refines [#"bdd.rs" 79 8 79 axiom inv_axiom'0 [@rewrite] : forall x : (t_U'0, t_V'0) [inv'0 x] . inv'0 x = invariant'0 x - use prelude.prelude.UInt64.to_uint + use prelude.prelude.Int + + use prelude.prelude.UInt64 use prelude.prelude.UInt64 @@ -4412,23 +5208,20 @@ module M_bdd__hashmap__qyi11648407051195780326__hash__refines [#"bdd.rs" 79 8 79 function deep_model'0 (self : (t_U'0, t_V'0)) : (t_DeepModelTy'0, t_DeepModelTy'1) = [%#smodel1] deep_model'1 self - use prelude.prelude.Int - function hash_log'1 [#"bdd.rs" 38 8 38 49] (_1 : t_DeepModelTy'0) : int function hash_log'2 [#"bdd.rs" 38 8 38 49] (_1 : t_DeepModelTy'1) : int - constant v_MAX'0 : uint64 = (18446744073709551615 : uint64) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) function hash_log'0 [#"bdd.rs" 85 8 85 48] (x : (t_DeepModelTy'0, t_DeepModelTy'1)) : int = [%#sbdd2] mod (hash_log'1 (let (a, _) = x in a) - + hash_log'2 (let (_, a) = x in a) * Int128.to_int (17 : Int128.t)) (UInt64.to_int (v_MAX'0 : UInt64.t) - + Int128.to_int (1 : Int128.t)) + + hash_log'2 (let (_, a) = x in a) * 17) (UInt64.to_uint (v_MAX'0 : UInt64.t) + 1) goal refines : [%#sbdd0] forall self : (t_U'0, t_V'0) . inv'0 self -> inv'0 self - /\ (forall result : UInt64.t . UInt64.to_int result = hash_log'0 (deep_model'0 self) - -> UInt64.to_int result = hash_log'0 (deep_model'0 self)) + /\ (forall result : UInt64.t . UInt64.to_uint result = hash_log'0 (deep_model'0 self) + -> UInt64.to_uint result = hash_log'0 (deep_model'0 self)) end module M_bdd__qyi699402059438633899__hash__refines [#"bdd.rs" 119 4 119 25] (* as hashmap::Hash> *) let%span sbdd0 = "bdd.rs" 119 4 119 25 @@ -4440,14 +5233,16 @@ module M_bdd__qyi699402059438633899__hash__refines [#"bdd.rs" 119 4 119 25] (* < use prelude.prelude.Borrow + use prelude.prelude.Int + use prelude.prelude.UInt64 type t_Bdd'0 = - { t_Bdd__0'0: t_Node'0; t_Bdd__1'0: uint64 } + { t_Bdd__0'0: t_Node'0; t_Bdd__1'0: UInt64.t } with t_Node'0 = | C_False'0 | C_True'0 - | C_If'0 uint64 (t_Bdd'0) (t_Bdd'0) + | C_If'0 UInt64.t (t_Bdd'0) (t_Bdd'0) predicate inv'0 (_1 : t_Node'0) @@ -4458,7 +5253,7 @@ module M_bdd__qyi699402059438633899__hash__refines [#"bdd.rs" 119 4 119 25] (* < type t_NodeLog'0 = | C_False'1 | C_True'1 - | C_If'1 uint64 uint64 uint64 + | C_If'1 UInt64.t UInt64.t UInt64.t function deep_model'1 [#"bdd.rs" 161 4 161 44] (self : t_Node'0) : t_NodeLog'0 = [%#sbdd5] match self with @@ -4473,24 +5268,22 @@ module M_bdd__qyi699402059438633899__hash__refines [#"bdd.rs" 119 4 119 25] (* < function view'0 (self : t_Node'0) : t_NodeLog'0 = [%#smodel1] view'1 self - use prelude.prelude.Int - constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) function hash_log'0 [#"bdd.rs" 131 4 131 44] (x : t_NodeLog'0) : int = [%#sbdd2] match x with | C_False'1 -> 1 | C_True'1 -> 2 - | C_If'1 v childt childf -> mod (UInt64.to_int v + UInt64.to_int childt * 5 - + UInt64.to_int childf * 7) (UInt64.to_int (v_MAX'0 : uint64) + 1) + | C_If'1 v childt childf -> mod (UInt64.to_uint v + UInt64.to_uint childt * 5 + + UInt64.to_uint childf * 7) (UInt64.to_uint (v_MAX'0 : UInt64.t) + 1) end function deep_model'0 (self : t_Node'0) : t_NodeLog'0 = [%#smodel3] deep_model'1 self goal refines : [%#sbdd0] forall self : t_Node'0 . inv'0 self - -> (forall result : uint64 . UInt64.to_int result = hash_log'0 (view'0 self) - -> UInt64.to_int result = hash_log'0 (deep_model'0 self)) + -> (forall result : UInt64.t . UInt64.to_uint result = hash_log'0 (view'0 self) + -> UInt64.to_uint result = hash_log'0 (deep_model'0 self)) end module M_bdd__qyi14323183011761258016__hash__refines [#"bdd.rs" 145 4 145 25] (* as hashmap::Hash> *) let%span sbdd0 = "bdd.rs" 145 4 145 25 @@ -4502,14 +5295,16 @@ module M_bdd__qyi14323183011761258016__hash__refines [#"bdd.rs" 145 4 145 25] (* use prelude.prelude.Borrow + use prelude.prelude.Int + use prelude.prelude.UInt64 type t_Node'0 = | C_False'0 | C_True'0 - | C_If'0 uint64 (t_Bdd'0) (t_Bdd'0) + | C_If'0 UInt64.t (t_Bdd'0) (t_Bdd'0) with t_Bdd'0 = - { t_Bdd__0'0: t_Node'0; t_Bdd__1'0: uint64 } + { t_Bdd__0'0: t_Node'0; t_Bdd__1'0: UInt64.t } predicate inv'0 (_1 : t_Bdd'0) @@ -4517,26 +5312,24 @@ module M_bdd__qyi14323183011761258016__hash__refines [#"bdd.rs" 145 4 145 25] (* use prelude.prelude.UInt64 - function deep_model'1 [#"bdd.rs" 188 4 188 44] (self : t_Bdd'0) : uint64 = + function deep_model'1 [#"bdd.rs" 188 4 188 44] (self : t_Bdd'0) : UInt64.t = [%#sbdd5] self.t_Bdd__1'0 - function view'1 [#"bdd.rs" 198 4 198 33] (self : t_Bdd'0) : uint64 = + function view'1 [#"bdd.rs" 198 4 198 33] (self : t_Bdd'0) : UInt64.t = [%#sbdd4] deep_model'1 self - function view'0 (self : t_Bdd'0) : uint64 = + function view'0 (self : t_Bdd'0) : UInt64.t = [%#smodel1] view'1 self - use prelude.prelude.Int - - function hash_log'0 [#"bdd.rs" 151 4 151 44] (x : uint64) : int = - [%#sbdd2] UInt64.to_int x + function hash_log'0 [#"bdd.rs" 151 4 151 44] (x : UInt64.t) : int = + [%#sbdd2] UInt64.to_uint x - function deep_model'0 (self : t_Bdd'0) : uint64 = + function deep_model'0 (self : t_Bdd'0) : UInt64.t = [%#smodel3] deep_model'1 self goal refines : [%#sbdd0] forall self : t_Bdd'0 . inv'0 self - -> (forall result : uint64 . UInt64.to_int result = hash_log'0 (view'0 self) - -> UInt64.to_int result = hash_log'0 (deep_model'0 self)) + -> (forall result : UInt64.t . UInt64.to_uint result = hash_log'0 (view'0 self) + -> UInt64.to_uint result = hash_log'0 (deep_model'0 self)) end module M_bdd__qyi2024536649982164874__assert_receiver_is_total_eq__refines [#"bdd.rs" 93 9 93 11] (* as std::cmp::Eq> *) let%span sbdd0 = "bdd.rs" 93 9 93 11 @@ -4555,14 +5348,16 @@ module M_bdd__qyi4854841669736991510__eq__refines [#"bdd.rs" 93 13 93 22] (* {l = C_Cons'0 x0 x1} (! bb3) | br1 -> {l = C_Nil'0 } (! bb7) ] @@ -125,7 +125,7 @@ module M_binary_search__qyi13868011053250380720__index [#"binary_search.rs" 45 4 | bb4 = s0 [ s0 = v_Cons'0 {l} (fun (r0'0:t_T'0) (r1'0:t_List'0) -> [ &t <- r0'0 ] s1) | s1 = v_Cons'0 {l} (fun (r0'1:t_T'0) (r1'1:t_List'0) -> [ &ls <- r1'1 ] s2) - | s2 = UIntSize.gt {ix} {[%#sbinary_search3] (0 : usize)} (fun (_ret':bool) -> [ &_15 <- _ret' ] s3) + | s2 = UInt64.gt {ix} {[%#sbinary_search3] (0 : UInt64.t)} (fun (_ret':bool) -> [ &_15 <- _ret' ] s3) | s3 = any [ br0 -> {_15 = false} (! bb6) | br1 -> {_15} (! bb5) ] ] | bb5 = s0 @@ -141,8 +141,8 @@ module M_binary_search__qyi13868011053250380720__index [#"binary_search.rs" 45 4 ) [ & _0 : t_T'0 = any_l () | & self : t_List'0 = self - | & ix : usize = ix - | & orig_ix : usize = any_l () + | & ix : UInt64.t = ix + | & orig_ix : UInt64.t = any_l () | & l : t_List'0 = any_l () | & t : t_T'0 = any_l () | & ls : t_List'0 = any_l () @@ -150,7 +150,7 @@ module M_binary_search__qyi13868011053250380720__index [#"binary_search.rs" 45 4 | & _18 : t_List'0 = any_l () ] [ return' (result:t_T'0)-> {[@expl:index result type invariant] [%#sbinary_search7] inv'1 result} - {[@expl:index ensures] [%#sbinary_search8] C_Some'0 result = get'0 self (UIntSize.to_int ix)} + {[@expl:index ensures] [%#sbinary_search8] C_Some'0 result = get'0 self (UInt64.to_uint ix)} (! return' {result}) ] end @@ -165,10 +165,26 @@ module M_binary_search__qyi13868011053250380720__len [#"binary_search.rs" 67 4 6 let%span sbinary_search7 = "binary_search.rs" 66 14 66 41 let%span sbinary_search8 = "binary_search.rs" 21 14 21 25 let%span sbinary_search9 = "binary_search.rs" 23 8 26 9 - let%span sinvariant10 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 - let%span sboxed11 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 + let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 78 39 78 89 + let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 83 39 83 86 + let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 88 39 88 86 + let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 93 39 93 89 + let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 98 39 98 70 + let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 103 40 103 57 + let%span sord16 = "../../../creusot-contracts/src/logic/ord.rs" 104 40 104 57 + let%span sord17 = "../../../creusot-contracts/src/logic/ord.rs" 105 39 105 56 + let%span sord18 = "../../../creusot-contracts/src/logic/ord.rs" 110 40 110 70 + let%span sord19 = "../../../creusot-contracts/src/logic/ord.rs" 111 39 111 72 + let%span sord20 = "../../../creusot-contracts/src/logic/ord.rs" 116 40 116 73 + let%span sord21 = "../../../creusot-contracts/src/logic/ord.rs" 117 39 117 69 + let%span sord22 = "../../../creusot-contracts/src/logic/ord.rs" 122 39 122 84 + let%span sinvariant23 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 + let%span sord24 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + let%span sboxed25 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 use prelude.prelude.Borrow @@ -183,7 +199,7 @@ module M_binary_search__qyi13868011053250380720__len [#"binary_search.rs" 67 4 6 predicate inv'1 (_1 : t_List'0) predicate invariant'1 (self : t_List'0) = - [%#sboxed11] inv'1 self + [%#sboxed25] inv'1 self predicate inv'3 (_1 : t_List'0) @@ -196,15 +212,13 @@ module M_binary_search__qyi13868011053250380720__len [#"binary_search.rs" 67 4 6 end predicate invariant'0 (self : t_List'0) = - [%#sinvariant10] inv'1 self + [%#sinvariant23] inv'1 self predicate inv'0 (_1 : t_List'0) axiom inv_axiom'0 [@rewrite] : forall x : t_List'0 [inv'0 x] . inv'0 x = invariant'0 x - use prelude.prelude.UIntSize - - use prelude.prelude.Int + use prelude.prelude.UInt64 function len_logic'0 [#"binary_search.rs" 22 4 22 29] (self : t_List'0) : int = [%#sbinary_search9] match self with @@ -224,21 +238,78 @@ module M_binary_search__qyi13868011053250380720__len [#"binary_search.rs" 67 4 6 use prelude.prelude.Intrinsic + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 + + use prelude.prelude.UInt64 + + function cmp_log'0 (self : UInt64.t) (o : UInt64.t) : t_Ordering'0 = + [%#sord24] if UInt64.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + + function eq_cmp'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom eq_cmp'0_spec : forall x : UInt64.t, y : UInt64.t . [%#sord22] (x = y) = (cmp_log'0 x y = C_Equal'0) + + function antisym2'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom antisym2'0_spec : forall x : UInt64.t, y : UInt64.t . ([%#sord20] cmp_log'0 x y = C_Greater'0) + -> ([%#sord21] cmp_log'0 y x = C_Less'0) + + function antisym1'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom antisym1'0_spec : forall x : UInt64.t, y : UInt64.t . ([%#sord18] cmp_log'0 x y = C_Less'0) + -> ([%#sord19] cmp_log'0 y x = C_Greater'0) + + function trans'0 (x : UInt64.t) (y : UInt64.t) (z : UInt64.t) (o : t_Ordering'0) : () + + axiom trans'0_spec : forall x : UInt64.t, y : UInt64.t, z : UInt64.t, o : t_Ordering'0 . ([%#sord15] cmp_log'0 x y + = o) -> ([%#sord16] cmp_log'0 y z = o) -> ([%#sord17] cmp_log'0 x z = o) + + function refl'0 (x : UInt64.t) : () + + axiom refl'0_spec : forall x : UInt64.t . [%#sord14] cmp_log'0 x x = C_Equal'0 + + use prelude.prelude.UInt64 + + function cmp_gt_log'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom cmp_gt_log'0_spec : forall x : UInt64.t, y : UInt64.t . [%#sord13] UInt64.ugt x y + = (cmp_log'0 x y = C_Greater'0) + + use prelude.prelude.UInt64 + + function cmp_ge_log'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom cmp_ge_log'0_spec : forall x : UInt64.t, y : UInt64.t . [%#sord12] UInt64.uge x y = (cmp_log'0 x y <> C_Less'0) + + function cmp_lt_log'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom cmp_lt_log'0_spec : forall x : UInt64.t, y : UInt64.t . [%#sord11] UInt64.ult x y = (cmp_log'0 x y = C_Less'0) + + use prelude.prelude.UInt64 + + function cmp_le_log'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom cmp_le_log'0_spec : forall x : UInt64.t, y : UInt64.t . [%#sord10] UInt64.ule x y + = (cmp_log'0 x y <> C_Greater'0) + meta "compute_max_steps" 1000000 - let rec len'0 (self:t_List'0) (return' (ret:usize))= {[@expl:len 'self' type invariant] [%#sbinary_search4] inv'0 self} + let rec len'0 (self:t_List'0) (return' (ret:UInt64.t))= {[@expl:len 'self' type invariant] [%#sbinary_search4] inv'0 self} {[@expl:len requires] [%#sbinary_search5] len_logic'0 self <= 1000000} (! bb0 [ bb0 = s0 [ s0 = [ &len <- [%#sbinary_search0] (0 : UInt64.t) ] s1 | s1 = [ &l <- self ] s2 | s2 = bb1 ] | bb1 = bb1 - [ bb1 = {[@expl:loop invariant #0] [%#sbinary_search2] UIntSize.to_int len + len_logic'0 l = len_logic'0 self} + [ bb1 = {[@expl:loop invariant #0] [%#sbinary_search2] UInt64.to_uint len + len_logic'0 l = len_logic'0 self} {[@expl:loop invariant #1] [%#sbinary_search1] inv'0 l} (! s0) [ s0 = bb2 ] [ bb2 = any [ br0 (x0:t_T'0) (x1:t_List'0)-> {l = C_Cons'0 x0 x1} (! bb3) | br1 -> {l = C_Nil'0 } (! bb5) ] | bb3 = bb4 | bb4 = s0 [ s0 = v_Cons'0 {l} (fun (r0'0:t_T'0) (r1'0:t_List'0) -> [ &ls <- r1'0 ] s1) - | s1 = UIntSize.add {len} {[%#sbinary_search3] (1 : usize)} (fun (_ret':usize) -> [ &len <- _ret' ] s2) + | s1 = UInt64.add {len} {[%#sbinary_search3] (1 : UInt64.t)} (fun (_ret':UInt64.t) -> [ &len <- _ret' ] s2) | s2 = [ &l <- ls ] s3 | s3 = bb1 ] ] @@ -246,14 +317,14 @@ module M_binary_search__qyi13868011053250380720__len [#"binary_search.rs" 67 4 6 | bb5 = s0 [ s0 = [ &_0 <- len ] s1 | s1 = return' {_0} ] ] ) - [ & _0 : usize = any_l () + [ & _0 : UInt64.t = any_l () | & self : t_List'0 = self - | & len : usize = any_l () + | & len : UInt64.t = any_l () | & l : t_List'0 = any_l () | & ls : t_List'0 = any_l () ] - [ return' (result:usize)-> {[@expl:len ensures #0] [%#sbinary_search6] result >= (0 : usize)} - {[@expl:len ensures #1] [%#sbinary_search7] UIntSize.to_int result = len_logic'0 self} + [ return' (result:UInt64.t)-> {[@expl:len ensures #0] [%#sbinary_search6] UInt64.uge result (0 : UInt64.t)} + {[@expl:len ensures #1] [%#sbinary_search7] UInt64.to_uint result = len_logic'0 self} (! return' {result}) ] end @@ -265,8 +336,8 @@ module M_binary_search__binary_search [#"binary_search.rs" 111 0 111 72] let%span sbinary_search4 = "binary_search.rs" 119 16 119 82 let%span sbinary_search5 = "binary_search.rs" 118 16 118 63 let%span sbinary_search6 = "binary_search.rs" 121 17 121 18 - let%span sbinary_search7 = "binary_search.rs" 122 26 122 27 - let%span sbinary_search8 = "binary_search.rs" 122 19 122 27 + let%span sbinary_search7 = "binary_search.rs" 122 19 122 27 + let%span sbinary_search8 = "binary_search.rs" 122 26 122 27 let%span sbinary_search9 = "binary_search.rs" 133 19 133 20 let%span sbinary_search10 = "binary_search.rs" 104 11 104 39 let%span sbinary_search11 = "binary_search.rs" 105 11 105 26 @@ -286,21 +357,49 @@ module M_binary_search__binary_search [#"binary_search.rs" 111 0 111 72] let%span sbinary_search25 = "binary_search.rs" 44 14 44 44 let%span sbinary_search26 = "binary_search.rs" 93 16 98 17 let%span sbinary_search27 = "binary_search.rs" 31 8 40 9 + let%span sord28 = "../../../creusot-contracts/src/logic/ord.rs" 78 39 78 89 + let%span sord29 = "../../../creusot-contracts/src/logic/ord.rs" 83 39 83 86 + let%span sord30 = "../../../creusot-contracts/src/logic/ord.rs" 88 39 88 86 + let%span sord31 = "../../../creusot-contracts/src/logic/ord.rs" 93 39 93 89 + let%span sord32 = "../../../creusot-contracts/src/logic/ord.rs" 98 39 98 70 + let%span sord33 = "../../../creusot-contracts/src/logic/ord.rs" 103 40 103 57 + let%span sord34 = "../../../creusot-contracts/src/logic/ord.rs" 104 40 104 57 + let%span sord35 = "../../../creusot-contracts/src/logic/ord.rs" 105 39 105 56 + let%span sord36 = "../../../creusot-contracts/src/logic/ord.rs" 110 40 110 70 + let%span sord37 = "../../../creusot-contracts/src/logic/ord.rs" 111 39 111 72 + let%span sord38 = "../../../creusot-contracts/src/logic/ord.rs" 116 40 116 73 + let%span sord39 = "../../../creusot-contracts/src/logic/ord.rs" 117 39 117 69 + let%span sord40 = "../../../creusot-contracts/src/logic/ord.rs" 122 39 122 84 + let%span sord41 = "../../../creusot-contracts/src/logic/ord.rs" 78 39 78 89 + let%span sord42 = "../../../creusot-contracts/src/logic/ord.rs" 83 39 83 86 + let%span sord43 = "../../../creusot-contracts/src/logic/ord.rs" 88 39 88 86 + let%span sord44 = "../../../creusot-contracts/src/logic/ord.rs" 93 39 93 89 + let%span sord45 = "../../../creusot-contracts/src/logic/ord.rs" 98 39 98 70 + let%span sord46 = "../../../creusot-contracts/src/logic/ord.rs" 103 40 103 57 + let%span sord47 = "../../../creusot-contracts/src/logic/ord.rs" 104 40 104 57 + let%span sord48 = "../../../creusot-contracts/src/logic/ord.rs" 105 39 105 56 + let%span sord49 = "../../../creusot-contracts/src/logic/ord.rs" 110 40 110 70 + let%span sord50 = "../../../creusot-contracts/src/logic/ord.rs" 111 39 111 72 + let%span sord51 = "../../../creusot-contracts/src/logic/ord.rs" 116 40 116 73 + let%span sord52 = "../../../creusot-contracts/src/logic/ord.rs" 117 39 117 69 + let%span sord53 = "../../../creusot-contracts/src/logic/ord.rs" 122 39 122 84 + let%span sord54 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + let%span sord55 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 use prelude.prelude.Borrow + use prelude.prelude.Int + use prelude.prelude.UInt32 type t_List'0 = - | C_Cons'0 uint32 (t_List'0) + | C_Cons'0 UInt32.t (t_List'0) | C_Nil'0 predicate inv'0 (_1 : t_List'0) axiom inv_axiom'0 [@rewrite] : forall x : t_List'0 [inv'0 x] . inv'0 x = true - use prelude.prelude.Int - function len_logic'0 [#"binary_search.rs" 22 4 22 29] (self : t_List'0) : int = [%#sbinary_search20] match self with | C_Cons'0 _ ls -> 1 + len_logic'0 ls @@ -309,25 +408,82 @@ module M_binary_search__binary_search [#"binary_search.rs" 111 0 111 72] axiom len_logic'0_spec : forall self : t_List'0 . [%#sbinary_search19] len_logic'0 self >= 0 - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 + + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 + + use prelude.prelude.UInt64 + + function cmp_log'1 (self : UInt64.t) (o : UInt64.t) : t_Ordering'0 = + [%#sord55] if UInt64.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + + function eq_cmp'1 (x : UInt64.t) (y : UInt64.t) : () + + axiom eq_cmp'1_spec : forall x : UInt64.t, y : UInt64.t . [%#sord53] (x = y) = (cmp_log'1 x y = C_Equal'0) + + function antisym2'1 (x : UInt64.t) (y : UInt64.t) : () + + axiom antisym2'1_spec : forall x : UInt64.t, y : UInt64.t . ([%#sord51] cmp_log'1 x y = C_Greater'0) + -> ([%#sord52] cmp_log'1 y x = C_Less'0) + + function antisym1'1 (x : UInt64.t) (y : UInt64.t) : () + + axiom antisym1'1_spec : forall x : UInt64.t, y : UInt64.t . ([%#sord49] cmp_log'1 x y = C_Less'0) + -> ([%#sord50] cmp_log'1 y x = C_Greater'0) + + function trans'1 (x : UInt64.t) (y : UInt64.t) (z : UInt64.t) (o : t_Ordering'0) : () - use prelude.prelude.UIntSize + axiom trans'1_spec : forall x : UInt64.t, y : UInt64.t, z : UInt64.t, o : t_Ordering'0 . ([%#sord46] cmp_log'1 x y + = o) -> ([%#sord47] cmp_log'1 y z = o) -> ([%#sord48] cmp_log'1 x z = o) - let rec len'0 (self:t_List'0) (return' (ret:usize))= {[@expl:len 'self' type invariant] [%#sbinary_search15] inv'0 self} + function refl'1 (x : UInt64.t) : () + + axiom refl'1_spec : forall x : UInt64.t . [%#sord45] cmp_log'1 x x = C_Equal'0 + + use prelude.prelude.UInt64 + + function cmp_gt_log'1 (x : UInt64.t) (y : UInt64.t) : () + + axiom cmp_gt_log'1_spec : forall x : UInt64.t, y : UInt64.t . [%#sord44] UInt64.ugt x y + = (cmp_log'1 x y = C_Greater'0) + + use prelude.prelude.UInt64 + + function cmp_ge_log'1 (x : UInt64.t) (y : UInt64.t) : () + + axiom cmp_ge_log'1_spec : forall x : UInt64.t, y : UInt64.t . [%#sord43] UInt64.uge x y = (cmp_log'1 x y <> C_Less'0) + + function cmp_lt_log'1 (x : UInt64.t) (y : UInt64.t) : () + + axiom cmp_lt_log'1_spec : forall x : UInt64.t, y : UInt64.t . [%#sord42] UInt64.ult x y = (cmp_log'1 x y = C_Less'0) + + use prelude.prelude.UInt64 + + function cmp_le_log'1 (x : UInt64.t) (y : UInt64.t) : () + + axiom cmp_le_log'1_spec : forall x : UInt64.t, y : UInt64.t . [%#sord41] UInt64.ule x y + = (cmp_log'1 x y <> C_Greater'0) + + use prelude.prelude.UInt64 + + let rec len'0 (self:t_List'0) (return' (ret:UInt64.t))= {[@expl:len 'self' type invariant] [%#sbinary_search15] inv'0 self} {[@expl:len requires] [%#sbinary_search16] len_logic'0 self <= 1000000} any - [ return' (result:usize)-> {[%#sbinary_search17] result >= (0 : usize)} - {[%#sbinary_search18] UIntSize.to_int result = len_logic'0 self} + [ return' (result:UInt64.t)-> {[%#sbinary_search17] UInt64.uge result (0 : UInt64.t)} + {[%#sbinary_search18] UInt64.to_uint result = len_logic'0 self} (! return' {result}) ] type t_Result'0 = - | C_Ok'0 usize - | C_Err'0 usize + | C_Ok'0 UInt64.t + | C_Err'0 UInt64.t type t_Option'0 = | C_None'0 - | C_Some'0 uint32 + | C_Some'0 UInt32.t function get'0 [#"binary_search.rs" 30 4 30 38] (self : t_List'0) (ix : int) : t_Option'0 = [%#sbinary_search27] match self with @@ -335,21 +491,73 @@ module M_binary_search__binary_search [#"binary_search.rs" 111 0 111 72] | C_Nil'0 -> C_None'0 end - function get_default'0 [#"binary_search.rs" 80 4 80 46] (self : t_List'0) (ix : int) (def : uint32) : uint32 = + function get_default'0 [#"binary_search.rs" 80 4 80 46] (self : t_List'0) (ix : int) (def : UInt32.t) : UInt32.t = [%#sbinary_search21] match get'0 self ix with | C_Some'0 v -> v | C_None'0 -> def end + use prelude.prelude.UInt32 + + function cmp_log'0 (self : UInt32.t) (o : UInt32.t) : t_Ordering'0 = + [%#sord54] if UInt32.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + + function eq_cmp'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom eq_cmp'0_spec : forall x : UInt32.t, y : UInt32.t . [%#sord40] (x = y) = (cmp_log'0 x y = C_Equal'0) + + function antisym2'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom antisym2'0_spec : forall x : UInt32.t, y : UInt32.t . ([%#sord38] cmp_log'0 x y = C_Greater'0) + -> ([%#sord39] cmp_log'0 y x = C_Less'0) + + function antisym1'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom antisym1'0_spec : forall x : UInt32.t, y : UInt32.t . ([%#sord36] cmp_log'0 x y = C_Less'0) + -> ([%#sord37] cmp_log'0 y x = C_Greater'0) + + function trans'0 (x : UInt32.t) (y : UInt32.t) (z : UInt32.t) (o : t_Ordering'0) : () + + axiom trans'0_spec : forall x : UInt32.t, y : UInt32.t, z : UInt32.t, o : t_Ordering'0 . ([%#sord33] cmp_log'0 x y + = o) -> ([%#sord34] cmp_log'0 y z = o) -> ([%#sord35] cmp_log'0 x z = o) + + function refl'0 (x : UInt32.t) : () + + axiom refl'0_spec : forall x : UInt32.t . [%#sord32] cmp_log'0 x x = C_Equal'0 + + use prelude.prelude.UInt32 + + function cmp_gt_log'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom cmp_gt_log'0_spec : forall x : UInt32.t, y : UInt32.t . [%#sord31] UInt32.ugt x y + = (cmp_log'0 x y = C_Greater'0) + + use prelude.prelude.UInt32 + + function cmp_ge_log'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom cmp_ge_log'0_spec : forall x : UInt32.t, y : UInt32.t . [%#sord30] UInt32.uge x y = (cmp_log'0 x y <> C_Less'0) + + function cmp_lt_log'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom cmp_lt_log'0_spec : forall x : UInt32.t, y : UInt32.t . [%#sord29] UInt32.ult x y = (cmp_log'0 x y = C_Less'0) + + use prelude.prelude.UInt32 + + function cmp_le_log'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom cmp_le_log'0_spec : forall x : UInt32.t, y : UInt32.t . [%#sord28] UInt32.ule x y + = (cmp_log'0 x y <> C_Greater'0) + predicate inv'1 (_1 : UInt32.t) axiom inv_axiom'1 [@rewrite] : forall x : UInt32.t [inv'1 x] . inv'1 x = true - let rec index'0 (self:t_List'0) (ix:usize) (return' (ret:uint32))= {[@expl:index 'self' type invariant] [%#sbinary_search22] inv'0 self} - {[@expl:index requires] [%#sbinary_search23] UIntSize.to_int ix < len_logic'0 self} + let rec index'0 (self:t_List'0) (ix:UInt64.t) (return' (ret:UInt32.t))= {[@expl:index 'self' type invariant] [%#sbinary_search22] inv'0 self} + {[@expl:index requires] [%#sbinary_search23] UInt64.to_uint ix < len_logic'0 self} any - [ return' (result:uint32)-> {[%#sbinary_search24] inv'1 result} - {[%#sbinary_search25] C_Some'0 result = get'0 self (UIntSize.to_int ix)} + [ return' (result:UInt32.t)-> {[%#sbinary_search24] inv'1 result} + {[%#sbinary_search25] C_Some'0 result = get'0 self (UInt64.to_uint ix)} (! return' {result}) ] @@ -358,14 +566,14 @@ module M_binary_search__binary_search [#"binary_search.rs" 111 0 111 72] predicate is_sorted'0 [#"binary_search.rs" 90 4 90 30] (self : t_List'0) = [%#sbinary_search26] forall x1 : int, x2 : int . x1 <= x2 -> match (get'0 self x1, get'0 self x2) with - | (C_Some'0 v1, C_Some'0 v2) -> v1 <= v2 + | (C_Some'0 v1, C_Some'0 v2) -> UInt32.ule v1 v2 | (C_None'0, C_None'0) -> true | _ -> false end meta "compute_max_steps" 1000000 - let rec binary_search'0 (arr:t_List'0) (elem:uint32) (return' (ret:t_Result'0))= {[@expl:binary_search requires #0] [%#sbinary_search10] len_logic'0 arr + let rec binary_search'0 (arr:t_List'0) (elem:UInt32.t) (return' (ret:t_Result'0))= {[@expl:binary_search requires #0] [%#sbinary_search10] len_logic'0 arr <= 1000000} {[@expl:binary_search requires #1] [%#sbinary_search11] is_sorted'0 arr} (! bb0 @@ -374,32 +582,32 @@ module M_binary_search__binary_search [#"binary_search.rs" 111 0 111 72] [ s0 = UInt64.eq {_10} {[%#sbinary_search0] (0 : UInt64.t)} (fun (_ret':bool) -> [ &_9 <- _ret' ] s1) | s1 = any [ br0 -> {_9 = false} (! bb3) | br1 -> {_9} (! bb2) ] ] - | bb2 = s0 [ s0 = [ &_0 <- C_Err'0 ([%#sbinary_search1] (0 : usize)) ] s1 | s1 = bb21 ] - | bb3 = s0 [ s0 = len'0 {arr} (fun (_ret':usize) -> [ &size <- _ret' ] s1) | s1 = bb4 ] - | bb4 = s0 [ s0 = [ &base <- [%#sbinary_search2] (0 : usize) ] s1 | s1 = bb5 ] + | bb2 = s0 [ s0 = [ &_0 <- C_Err'0 ([%#sbinary_search1] (0 : UInt64.t)) ] s1 | s1 = bb21 ] + | bb3 = s0 [ s0 = len'0 {arr} (fun (_ret':UInt64.t) -> [ &size <- _ret' ] s1) | s1 = bb4 ] + | bb4 = s0 [ s0 = [ &base <- [%#sbinary_search2] (0 : UInt64.t) ] s1 | s1 = bb5 ] | bb5 = bb5 - [ bb5 = {[@expl:loop invariant #0] [%#sbinary_search5] 0 < UIntSize.to_int size - /\ UIntSize.to_int size + UIntSize.to_int base <= len_logic'0 arr} - {[@expl:loop invariant #1] [%#sbinary_search4] forall i : usize . i < base - -> get_default'0 arr (UIntSize.to_int i) (0 : uint32) <= elem} - {[@expl:loop invariant #2] [%#sbinary_search3] forall i : usize . UIntSize.to_int base + UIntSize.to_int size - < UIntSize.to_int i - /\ UIntSize.to_int i < len_logic'0 arr -> elem < get_default'0 arr (UIntSize.to_int i) (0 : uint32)} + [ bb5 = {[@expl:loop invariant #0] [%#sbinary_search5] 0 < UInt64.to_uint size + /\ UInt64.to_uint size + UInt64.to_uint base <= len_logic'0 arr} + {[@expl:loop invariant #1] [%#sbinary_search4] forall i : UInt64.t . UInt64.ult i base + -> UInt32.ule (get_default'0 arr (UInt64.to_uint i) (0 : UInt32.t)) elem} + {[@expl:loop invariant #2] [%#sbinary_search3] forall i : UInt64.t . UInt64.to_uint base + UInt64.to_uint size + < UInt64.to_uint i + /\ UInt64.to_uint i < len_logic'0 arr -> UInt32.ult elem (get_default'0 arr (UInt64.to_uint i) (0 : UInt32.t))} (! s0) [ s0 = bb6 ] [ bb6 = s0 - [ s0 = UIntSize.gt {size} {[%#sbinary_search6] (1 : usize)} (fun (_ret':bool) -> [ &_21 <- _ret' ] s1) + [ s0 = UInt64.gt {size} {[%#sbinary_search6] (1 : UInt64.t)} (fun (_ret':bool) -> [ &_21 <- _ret' ] s1) | s1 = any [ br0 -> {_21 = false} (! bb13) | br1 -> {_21} (! bb7) ] ] | bb7 = s0 - [ s0 = UIntSize.eq {[%#sbinary_search7] (2 : usize)} {[%#sbinary_search8] (0 : usize)} + [ s0 = UInt64.eq {[%#sbinary_search8] (2 : UInt64.t)} {[%#sbinary_search7] (0 : UInt64.t)} (fun (_ret':bool) -> [ &_25 <- _ret' ] s1) - | s1 = {[@expl:division by zero] [%#sbinary_search8] not _25} s2 + | s1 = {[@expl:division by zero] [%#sbinary_search7] not _25} s2 | s2 = bb8 ] | bb8 = s0 - [ s0 = UIntSize.div {size} {[%#sbinary_search7] (2 : usize)} (fun (_ret':usize) -> [ &half <- _ret' ] s1) - | s1 = UIntSize.add {base} {half} (fun (_ret':usize) -> [ &mid <- _ret' ] s2) - | s2 = index'0 {arr} {mid} (fun (_ret':uint32) -> [ &_32 <- _ret' ] s3) + [ s0 = UInt64.div {size} {[%#sbinary_search8] (2 : UInt64.t)} (fun (_ret':UInt64.t) -> [ &half <- _ret' ] s1) + | s1 = UInt64.add {base} {half} (fun (_ret':UInt64.t) -> [ &mid <- _ret' ] s2) + | s2 = index'0 {arr} {mid} (fun (_ret':UInt32.t) -> [ &_32 <- _ret' ] s3) | s3 = bb9 ] | bb9 = s0 @@ -427,7 +635,7 @@ module M_binary_search__binary_search [#"binary_search.rs" 111 0 111 72] | s1 = any [ br0 -> {_48 = false} (! bb18) | br1 -> {_48} (! bb17) ] ] | bb17 = s0 - [ s0 = UIntSize.add {base} {[%#sbinary_search9] (1 : usize)} (fun (_ret':usize) -> [ &_51 <- _ret' ] s1) + [ s0 = UInt64.add {base} {[%#sbinary_search9] (1 : UInt64.t)} (fun (_ret':UInt64.t) -> [ &_51 <- _ret' ] s1) | s1 = [ &_0 <- C_Err'0 _51 ] s2 | s2 = bb19 ] @@ -438,7 +646,7 @@ module M_binary_search__binary_search [#"binary_search.rs" 111 0 111 72] ) [ & _0 : t_Result'0 = any_l () | & arr : t_List'0 = arr - | & elem : uint32 = elem + | & elem : UInt32.t = elem | & _9 : bool = any_l () | & _10 : UInt64.t = any_l () | & size : UInt64.t = any_l () @@ -456,14 +664,14 @@ module M_binary_search__binary_search [#"binary_search.rs" 111 0 111 72] | & _48 : bool = any_l () | & _51 : UInt64.t = any_l () ] - [ return' (result:t_Result'0)-> {[@expl:binary_search ensures #0] [%#sbinary_search12] forall x : usize . result - = C_Ok'0 x -> get'0 arr (UIntSize.to_int x) = C_Some'0 elem} - {[@expl:binary_search ensures #1] [%#sbinary_search13] forall x : usize . result = C_Err'0 x - -> (forall i : usize . 0 <= UIntSize.to_int i /\ UIntSize.to_int i < UIntSize.to_int x - -> get_default'0 arr (UIntSize.to_int i) (0 : uint32) <= elem)} - {[@expl:binary_search ensures #2] [%#sbinary_search14] forall x : usize . result = C_Err'0 x - -> (forall i : usize . UIntSize.to_int x < UIntSize.to_int i /\ UIntSize.to_int i < len_logic'0 arr - -> elem < get_default'0 arr (UIntSize.to_int i) (0 : uint32))} + [ return' (result:t_Result'0)-> {[@expl:binary_search ensures #0] [%#sbinary_search12] forall x : UInt64.t . result + = C_Ok'0 x -> get'0 arr (UInt64.to_uint x) = C_Some'0 elem} + {[@expl:binary_search ensures #1] [%#sbinary_search13] forall x : UInt64.t . result = C_Err'0 x + -> (forall i : UInt64.t . 0 <= UInt64.to_uint i /\ UInt64.to_uint i < UInt64.to_uint x + -> UInt32.ule (get_default'0 arr (UInt64.to_uint i) (0 : UInt32.t)) elem)} + {[@expl:binary_search ensures #2] [%#sbinary_search14] forall x : UInt64.t . result = C_Err'0 x + -> (forall i : UInt64.t . UInt64.to_uint x < UInt64.to_uint i /\ UInt64.to_uint i < len_logic'0 arr + -> UInt32.ult elem (get_default'0 arr (UInt64.to_uint i) (0 : UInt32.t)))} (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/bug/168.coma b/creusot/tests/should_succeed/bug/168.coma index dc497c2b68..67ce672015 100644 --- a/creusot/tests/should_succeed/bug/168.coma +++ b/creusot/tests/should_succeed/bug/168.coma @@ -1,13 +1,15 @@ module M_168__max_int [#"168.rs" 3 0 3 25] let%span s1680 = "168.rs" 4 4 4 14 - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 use prelude.prelude.Intrinsic meta "compute_max_steps" 1000000 - let rec max_int'0 (_1:()) (return' (ret:usize))= (! bb0 - [ bb0 = s0 [ s0 = [ &_0 <- [%#s1680] (18446744073709551615 : usize) ] s1 | s1 = return' {_0} ] ] - ) [ & _0 : usize = any_l () ] [ return' (result:usize)-> (! return' {result}) ] + let rec max_int'0 (_1:()) (return' (ret:UInt64.t))= (! bb0 + [ bb0 = s0 [ s0 = [ &_0 <- [%#s1680] (18446744073709551615 : UInt64.t) ] s1 | s1 = return' {_0} ] ] + ) [ & _0 : UInt64.t = any_l () ] [ return' (result:UInt64.t)-> (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/bug/173.coma b/creusot/tests/should_succeed/bug/173.coma index 1fdfdf8470..70fba06c2f 100644 --- a/creusot/tests/should_succeed/bug/173.coma +++ b/creusot/tests/should_succeed/bug/173.coma @@ -4,6 +4,8 @@ module M_173__test_233 [#"173.rs" 19 0 19 17] let%span s1732 = "173.rs" 22 12 22 14 let%span s1733 = "173.rs" 23 19 23 27 + use prelude.prelude.Int + use prelude.prelude.Int32 use prelude.prelude.Int32 @@ -14,13 +16,13 @@ module M_173__test_233 [#"173.rs" 19 0 19 17] let rec test_233'0 (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 - [ s0 = [ &x <- [%#s1730] (17 : int32) ] s1 + [ s0 = [ &x <- [%#s1730] (17 : Int32.t) ] s1 | s1 = {[@expl:assertion] [%#s1731] Int32.to_int x = 17} s2 - | s2 = [ &x1 <- [%#s1732] (42 : int32) ] s3 + | s2 = [ &x1 <- [%#s1732] (42 : Int32.t) ] s3 | s3 = {[@expl:assertion] [%#s1733] Int32.to_int x1 = 42} s4 | s4 = return' {_0} ] ] - ) [ & _0 : () = any_l () | & x : int32 = any_l () | & x1 : int32 = any_l () ] + ) [ & _0 : () = any_l () | & x : Int32.t = any_l () | & x1 : Int32.t = any_l () ] [ return' (result:())-> (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/bug/173/why3session.xml b/creusot/tests/should_succeed/bug/173/why3session.xml index 3ef2d8c45b..fa98af946f 100644 --- a/creusot/tests/should_succeed/bug/173/why3session.xml +++ b/creusot/tests/should_succeed/bug/173/why3session.xml @@ -6,8 +6,8 @@ - - + + diff --git a/creusot/tests/should_succeed/bug/173/why3shapes.gz b/creusot/tests/should_succeed/bug/173/why3shapes.gz index 0b857ea887f2ecdcee6ec2ee55438bf5a7386b70..577b4c11db2b567eee96d772a0543c823d09f7c3 100644 GIT binary patch delta 70 zcmV-M0J;BiZ;&oQ0wPBQ-_RV0xKeWqN-E>QTDiCq4U^0bQj84^49rZ-4NXmw(k#qU clTt0r3=)k~O_R(N3_T3E0FWh~8fpLl0K5AcRsaA1 delta 73 zcmV-P0Ji^ca*!@WN;WZaMDPvGlMT(eQgaJRD&xUgxwuSB%*-v4Q_>8L5>w1fElf>Q f)6$ZROw0`pQ&KGrj4TxlJq)-2NtMHBY5)KLZ+{$8 diff --git a/creusot/tests/should_succeed/bug/181_ident.coma b/creusot/tests/should_succeed/bug/181_ident.coma index afec2f4e52..4b4e74313e 100644 --- a/creusot/tests/should_succeed/bug/181_ident.coma +++ b/creusot/tests/should_succeed/bug/181_ident.coma @@ -2,30 +2,30 @@ module M_181_ident__max_usize [#"181_ident.rs" 17 0 17 45] let%span s181_ident0 = "181_ident.rs" 16 10 16 36 let%span s181_ident1 = "181_ident.rs" 6 0 6 8 - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 - use prelude.prelude.Intrinsic + use prelude.prelude.Int - use prelude.prelude.UIntSize + use prelude.prelude.Intrinsic - use prelude.prelude.Int + use prelude.prelude.UInt64 function max_int'0 [#"181_ident.rs" 8 0 8 37] (a : int) (b : int) : int = [%#s181_ident1] if a < b then b else a meta "compute_max_steps" 1000000 - let rec max_usize'0 (a:usize) (b:usize) (return' (ret:usize))= (! bb0 + let rec max_usize'0 (a:UInt64.t) (b:UInt64.t) (return' (ret:UInt64.t))= (! bb0 [ bb0 = s0 - [ s0 = UIntSize.lt {a} {b} (fun (_ret':bool) -> [ &_4 <- _ret' ] s1) + [ s0 = UInt64.lt {a} {b} (fun (_ret':bool) -> [ &_4 <- _ret' ] s1) | s1 = any [ br0 -> {_4 = false} (! bb2) | br1 -> {_4} (! bb1) ] ] | bb1 = s0 [ s0 = [ &_0 <- b ] s1 | s1 = bb3 ] | bb2 = s0 [ s0 = [ &_0 <- a ] s1 | s1 = bb3 ] | bb3 = return' {_0} ] - ) [ & _0 : usize = any_l () | & a : usize = a | & b : usize = b | & _4 : bool = any_l () ] - [ return' (result:usize)-> {[@expl:max_usize ensures] [%#s181_ident0] UIntSize.to_int result - = max_int'0 (UIntSize.to_int a) (UIntSize.to_int b)} + ) [ & _0 : UInt64.t = any_l () | & a : UInt64.t = a | & b : UInt64.t = b | & _4 : bool = any_l () ] + [ return' (result:UInt64.t)-> {[@expl:max_usize ensures] [%#s181_ident0] UInt64.to_uint result + = max_int'0 (UInt64.to_uint a) (UInt64.to_uint b)} (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/bug/181_ident/why3session.xml b/creusot/tests/should_succeed/bug/181_ident/why3session.xml index 63b8c90bb4..7d7e9d21a7 100644 --- a/creusot/tests/should_succeed/bug/181_ident/why3session.xml +++ b/creusot/tests/should_succeed/bug/181_ident/why3session.xml @@ -6,8 +6,8 @@ - - + + diff --git a/creusot/tests/should_succeed/bug/181_ident/why3shapes.gz b/creusot/tests/should_succeed/bug/181_ident/why3shapes.gz index 3e67eefbdd4b3cb29819b8d5272b9860bfc00dbf..eb0c9336d8a29a246c7a9d8a29cccba4869c0b5e 100644 GIT binary patch literal 158 zcmV;P0Ac?hiwFP!00000|Ba443&JoMg!lZ4Y-*=`)F{OcF2U@QHM}7&Sm>8cBKq$w z4y}WO+i`c#aod8%8;ls~1E<&weMJ>5b_8ljgUd~yEQb!BZdMz%c&p+DYAfJ6WjudD z>>o%&8__^+=gji^GGyTN3t9_W6YR$Ha-Z*n@PJSX4^p5E`*8H77fdN+o=M~fPx*zB MH~J$Y$Ljz90Bqz&>;M1& literal 147 zcmb2|=3oGW|CcWWX`J)W@z4#^@YdBjcjo-&AcNowm!5cS@zpumfBuX%r?Jl&-!%*y zuka=~6|^l(Uz9r|Fv%k@bCt4FJ7c13UZ>^JmGe5yW_)Tb5Wah7M^G`hm)7Hhd`})3 y8F~5nY%%fk@$@zG^)oRr_cbx{Ha7AxH8uA%_3<$cH~3=kfQeygZZOvcpj!YJEI5w< diff --git a/creusot/tests/should_succeed/bug/206.coma b/creusot/tests/should_succeed/bug/206.coma index a826b27bbb..0ff101a8ed 100644 --- a/creusot/tests/should_succeed/bug/206.coma +++ b/creusot/tests/should_succeed/bug/206.coma @@ -11,33 +11,33 @@ module M_206__u2 [#"206.rs" 9 0 9 11] type t_Unique'0 = { t_Unique__pointer'0: t_NonNull'0; t_Unique__qy95zmarker'0: () } - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 type t_Cap'0 = - { t_Cap__0'0: usize } + { t_Cap__0'0: UInt64.t } type t_RawVec'0 = { t_RawVec__ptr'0: t_Unique'0; t_RawVec__cap'0: t_Cap'0; t_RawVec__alloc'0: () } type t_Vec'0 = - { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: usize } + { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: UInt64.t } type t_A'0 = { t_A__0'0: t_Vec'0 } use seq.Seq - constant v_MAX'0 : usize = (18446744073709551615 : usize) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.UIntSize - - use prelude.prelude.Int + use prelude.prelude.UInt64 use seq.Seq - function view'0 (self : t_Vec'0) : Seq.seq usize + function view'0 (self : t_Vec'0) : Seq.seq UInt64.t - axiom view'0_spec : forall self : t_Vec'0 . [%#svec2] Seq.length (view'0 self) <= UIntSize.to_int (v_MAX'0 : usize) + axiom view'0_spec : forall self : t_Vec'0 . [%#svec2] Seq.length (view'0 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) constant a : t_A'0 @@ -62,33 +62,33 @@ module M_206__ex [#"206.rs" 20 0 20 16] type t_Unique'0 = { t_Unique__pointer'0: t_NonNull'0; t_Unique__qy95zmarker'0: () } - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 type t_Cap'0 = - { t_Cap__0'0: usize } + { t_Cap__0'0: UInt64.t } type t_RawVec'0 = { t_RawVec__ptr'0: t_Unique'0; t_RawVec__cap'0: t_Cap'0; t_RawVec__alloc'0: () } type t_Vec'0 = - { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: usize } + { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: UInt64.t } type t_A'0 = { t_A__0'0: t_Vec'0 } use seq.Seq - constant v_MAX'0 : usize = (18446744073709551615 : usize) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.UIntSize - - use prelude.prelude.Int + use prelude.prelude.UInt64 use seq.Seq - function view'0 (self : t_Vec'0) : Seq.seq usize + function view'0 (self : t_Vec'0) : Seq.seq UInt64.t - axiom view'0_spec : forall self : t_Vec'0 . [%#svec4] Seq.length (view'0 self) <= UIntSize.to_int (v_MAX'0 : usize) + axiom view'0_spec : forall self : t_Vec'0 . [%#svec4] Seq.length (view'0 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) function u2'0 [#"206.rs" 9 0 9 11] (a : t_A'0) : () = [%#s2063] () diff --git a/creusot/tests/should_succeed/bug/206/why3session.xml b/creusot/tests/should_succeed/bug/206/why3session.xml index 751f7aa0f9..de4ec02a07 100644 --- a/creusot/tests/should_succeed/bug/206/why3session.xml +++ b/creusot/tests/should_succeed/bug/206/why3session.xml @@ -7,7 +7,7 @@ - + diff --git a/creusot/tests/should_succeed/bug/206/why3shapes.gz b/creusot/tests/should_succeed/bug/206/why3shapes.gz index 8a98a64aafeb849c4559ca305454df8b347c49dd..fdd93f280188e6e92dfe2aa3d657553786922f19 100644 GIT binary patch literal 145 zcmb2|=3oGW|Eawj`3@>%KPiMqBn{?6{@)Y;cBb5lx6jIoev#z)T(|=u(-U?R&)n@Ufo3Dtu8+p x|Cv9?E3Ud&&b%NrzgO05ms^PTVx4)fyQ-UmUO9$&t?(=3$UhYP)@BCKB><}NKWP8} literal 144 zcmV;B0B`>viwFP!00000|7Fdw4#FT9Md6*NV5@feDGdZ;hc2dzt8pWjKrM;VMhM2Y zH!*Im=Nrzh<$1vtGOyv8cmRu [ &_2 <- _ret' ] s1) | s1 = return' {_0} ] + [ s0 = UInt8.add {u} {[%#s2560] (0 : UInt8.t)} (fun (_ret':UInt8.t) -> [ &_2 <- _ret' ] s1) | s1 = return' {_0} ] ] - ) [ & _0 : () = any_l () | & u : uint8 = u | & _2 : uint8 = any_l () ] + ) [ & _0 : () = any_l () | & u : UInt8.t = u | & _2 : UInt8.t = any_l () ] [ return' (result:())-> (! return' {result}) ] end @@ -26,16 +28,18 @@ module M_256__bug_256 [#"256.rs" 8 0 8 26] type t_Unique'0 = { t_Unique__pointer'0: t_NonNull'0; t_Unique__qy95zmarker'0: () } - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 type t_Cap'0 = - { t_Cap__0'0: usize } + { t_Cap__0'0: UInt64.t } type t_RawVec'0 = { t_RawVec__ptr'0: t_Unique'0; t_RawVec__cap'0: t_Cap'0; t_RawVec__alloc'0: () } type t_Vec'0 = - { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: usize } + { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: UInt64.t } type t_String'0 = { t_String__vec'0: t_Vec'0 } diff --git a/creusot/tests/should_succeed/bug/256/why3session.xml b/creusot/tests/should_succeed/bug/256/why3session.xml index 64fd309aeb..17c9f1bc94 100644 --- a/creusot/tests/should_succeed/bug/256/why3session.xml +++ b/creusot/tests/should_succeed/bug/256/why3session.xml @@ -6,8 +6,8 @@ - - + + diff --git a/creusot/tests/should_succeed/bug/256/why3shapes.gz b/creusot/tests/should_succeed/bug/256/why3shapes.gz index 35b8f2c4a69cc7e3850eea4074ec9ece290e093a..da62230e8ee19409fba02e118baaa4e23dcf56ee 100644 GIT binary patch literal 153 zcmV;K0A~LmiwFP!00000|2>Vd4uUWg0QY`HN5!QUXu&u+7&kZ8mxq0gO@ICAZ0VxZ_BHKWGZh4+pMzwq-bXglG4r?!su6#@3GDF+vl}8{SltzmxJyN{ zYn$ks#>KAH${6LgYL%^3QI-OQw6bb#k=M1>TG-t1{Y9`3=47$& HqyPW_0;fgw literal 117 zcmb2|=3oGW|CcWWX`J)W@z4#^@YdBjcjo-&AcNowm!5c?In(WbO8>04rr#Amos<3N z&uDWRHyBOgy|W{znA=P1@xiE_JA#CGC+VCO_C3=xS?FwUug@7>ol8N&XL}~=@&xPj Uob3_ivE|vpu>DbDV;0ah02m4|82|tP diff --git a/creusot/tests/should_succeed/bug/258.coma b/creusot/tests/should_succeed/bug/258.coma index 23d86683df..0cddf5d860 100644 --- a/creusot/tests/should_succeed/bug/258.coma +++ b/creusot/tests/should_succeed/bug/258.coma @@ -1,22 +1,26 @@ module M_258__err [#"258.rs" 3 0 3 22] use prelude.prelude.Intrinsic - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 meta "compute_max_steps" 1000000 - let rec err'0 (_to:usize) (return' (ret:()))= (! bb0 [ bb0 = return' {_0} ] ) [ & _0 : () = any_l () ] + let rec err'0 (_to:UInt64.t) (return' (ret:()))= (! bb0 [ bb0 = return' {_0} ] ) [ & _0 : () = any_l () ] [ return' (result:())-> (! return' {result}) ] end module M_258__err2 [#"258.rs" 5 0 5 24] use prelude.prelude.Intrinsic - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 meta "compute_max_steps" 1000000 - let rec err2'0 (_bbb:usize) (return' (ret:()))= (! bb0 [ bb0 = return' {_0} ] ) [ & _0 : () = any_l () ] + let rec err2'0 (_bbb:UInt64.t) (return' (ret:()))= (! bb0 [ bb0 = return' {_0} ] ) [ & _0 : () = any_l () ] [ return' (result:())-> (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/bug/271.coma b/creusot/tests/should_succeed/bug/271.coma index 462bdab208..7bfc7fc6fe 100644 --- a/creusot/tests/should_succeed/bug/271.coma +++ b/creusot/tests/should_succeed/bug/271.coma @@ -1,6 +1,8 @@ module M_271__ex [#"271.rs" 5 0 5 11] let%span s2710 = "271.rs" 6 12 6 13 + use prelude.prelude.Int + use prelude.prelude.Int32 use prelude.prelude.Intrinsic @@ -8,12 +10,14 @@ module M_271__ex [#"271.rs" 5 0 5 11] meta "compute_max_steps" 1000000 let rec ex'0 (_1:()) (return' (ret:()))= (! bb0 - [ bb0 = s0 [ s0 = [ &a <- [%#s2710] (0 : int32) ] s1 | s1 = bb4 ] | bb4 = bb5 | bb5 = return' {_0} ] - ) [ & _0 : () = any_l () | & a : int32 = any_l () ] [ return' (result:())-> (! return' {result}) ] + [ bb0 = s0 [ s0 = [ &a <- [%#s2710] (0 : Int32.t) ] s1 | s1 = bb4 ] | bb4 = bb5 | bb5 = return' {_0} ] + ) [ & _0 : () = any_l () | & a : Int32.t = any_l () ] [ return' (result:())-> (! return' {result}) ] end module M_271__ex2 [#"271.rs" 13 0 13 12] let%span s2710 = "271.rs" 14 12 14 13 + use prelude.prelude.Int + use prelude.prelude.Int32 use prelude.prelude.Intrinsic @@ -34,6 +38,8 @@ end module M_271__ex3 [#"271.rs" 22 0 22 12] let%span s2710 = "271.rs" 23 12 23 13 + use prelude.prelude.Int + use prelude.prelude.Int32 use prelude.prelude.Intrinsic diff --git a/creusot/tests/should_succeed/bug/387.coma b/creusot/tests/should_succeed/bug/387.coma index 8ed071e22e..1b1777fcbb 100644 --- a/creusot/tests/should_succeed/bug/387.coma +++ b/creusot/tests/should_succeed/bug/387.coma @@ -3,10 +3,12 @@ module M_387__use_tree [#"387.rs" 15 0 15 25] use prelude.prelude.Borrow + use prelude.prelude.Int + use prelude.prelude.UInt32 type t_Node'0 = - { t_Node__left'0: t_Tree'0; t_Node__val'0: uint32; t_Node__right'0: t_Tree'0 } + { t_Node__left'0: t_Tree'0; t_Node__val'0: UInt32.t; t_Node__right'0: t_Tree'0 } with t_Option'0 = | C_None'0 | C_Some'0 (t_Node'0) @@ -25,14 +27,16 @@ module M_387__qyi16446429885017832241__height [#"387.rs" 18 4 18 31] (* Tree *) let%span scmp2 = "../../../../creusot-contracts/src/std/cmp.rs" 53 26 53 66 let%span scmp3 = "../../../../creusot-contracts/src/std/cmp.rs" 54 26 54 63 let%span scmp4 = "../../../../creusot-contracts/src/std/cmp.rs" 7 0 62 1 - let%span snum5 = "../../../../creusot-contracts/src/std/num.rs" 21 28 21 33 + let%span snum5 = "../../../../creusot-contracts/src/std/num.rs" 52 28 52 33 + + use prelude.prelude.Int use prelude.prelude.UInt32 type t_Tree'0 = { t_Tree__0'0: t_Option'0 } with t_Node'0 = - { t_Node__left'0: t_Tree'0; t_Node__val'0: uint32; t_Node__right'0: t_Tree'0 } + { t_Node__left'0: t_Tree'0; t_Node__val'0: UInt32.t; t_Node__right'0: t_Tree'0 } with t_Option'0 = | C_None'0 | C_Some'0 (t_Node'0) @@ -44,21 +48,19 @@ module M_387__qyi16446429885017832241__height [#"387.rs" 18 4 18 31] (* Tree *) use prelude.prelude.UInt64 - predicate inv'0 (_1 : uint64) + predicate inv'0 (_1 : UInt64.t) axiom inv_axiom'0 [@rewrite] : forall x : UInt64.t [inv'0 x] . inv'0 x = true - use prelude.prelude.Int - - use prelude.prelude.UInt64.to_uint + use prelude.prelude.UInt64 - function deep_model'0 (self : uint64) : int = - [%#snum5] UInt64.to_int self + function deep_model'0 (self : UInt64.t) : int = + [%#snum5] UInt64.to_uint self - let rec max'0 (self:uint64) (other:uint64) (return' (ret:uint64))= {[@expl:max 'self' type invariant] inv'0 self} + let rec max'0 (self:UInt64.t) (other:UInt64.t) (return' (ret:UInt64.t))= {[@expl:max 'self' type invariant] inv'0 self} {[@expl:max 'other' type invariant] inv'0 other} any - [ return' (result:uint64)-> {inv'0 result} + [ return' (result:UInt64.t)-> {inv'0 result} {[%#scmp2] deep_model'0 result >= deep_model'0 self} {[%#scmp3] deep_model'0 result >= deep_model'0 other} {[%#scmp4] result = self \/ result = other} @@ -73,17 +75,17 @@ module M_387__qyi16446429885017832241__height [#"387.rs" 18 4 18 31] (* Tree *) meta "compute_max_steps" 1000000 - let rec height'0 (self:t_Tree'0) (return' (ret:uint64))= (! bb0 + let rec height'0 (self:t_Tree'0) (return' (ret:UInt64.t))= (! bb0 [ bb0 = any [ br0 -> {self.t_Tree__0'0 = C_None'0 } (! bb2) | br1 (x0:t_Node'0)-> {self.t_Tree__0'0 = C_Some'0 x0} (! bb3) ] | bb3 = s0 [ s0 = v_Some'0 {self.t_Tree__0'0} (fun (r0'0:t_Node'0) -> [ &n <- r0'0 ] s1) - | s1 = height'0 {n.t_Node__left'0} (fun (_ret':uint64) -> [ &_5 <- _ret' ] s2) + | s1 = height'0 {n.t_Node__left'0} (fun (_ret':UInt64.t) -> [ &_5 <- _ret' ] s2) | s2 = bb5 ] - | bb5 = s0 [ s0 = height'0 {n.t_Node__right'0} (fun (_ret':uint64) -> [ &_7 <- _ret' ] s1) | s1 = bb6 ] - | bb6 = s0 [ s0 = max'0 {_5} {_7} (fun (_ret':uint64) -> [ &_4 <- _ret' ] s1) | s1 = bb7 ] + | bb5 = s0 [ s0 = height'0 {n.t_Node__right'0} (fun (_ret':UInt64.t) -> [ &_7 <- _ret' ] s1) | s1 = bb6 ] + | bb6 = s0 [ s0 = max'0 {_5} {_7} (fun (_ret':UInt64.t) -> [ &_4 <- _ret' ] s1) | s1 = bb7 ] | bb7 = s0 [ s0 = UInt64.add {_4} {[%#s3870] (1 : UInt64.t)} (fun (_ret':UInt64.t) -> [ &_0 <- _ret' ] s1) | s1 = bb8 ] @@ -91,11 +93,11 @@ module M_387__qyi16446429885017832241__height [#"387.rs" 18 4 18 31] (* Tree *) | bb4 = s0 [ s0 = [ &_0 <- [%#s3871] (0 : UInt64.t) ] s1 | s1 = bb8 ] | bb8 = return' {_0} ] ) - [ & _0 : uint64 = any_l () + [ & _0 : UInt64.t = any_l () | & self : t_Tree'0 = self | & n : t_Node'0 = any_l () - | & _4 : uint64 = any_l () - | & _5 : uint64 = any_l () - | & _7 : uint64 = any_l () ] - [ return' (result:uint64)-> (! return' {result}) ] + | & _4 : UInt64.t = any_l () + | & _5 : UInt64.t = any_l () + | & _7 : UInt64.t = any_l () ] + [ return' (result:UInt64.t)-> (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/bug/395.coma b/creusot/tests/should_succeed/bug/395.coma index 2f4fd406dd..23b7c07039 100644 --- a/creusot/tests/should_succeed/bug/395.coma +++ b/creusot/tests/should_succeed/bug/395.coma @@ -5,6 +5,8 @@ module M_395__signed_division [#"395.rs" 3 0 3 24] let%span s3953 = "395.rs" 7 21 7 23 let%span s3954 = "395.rs" 7 4 7 24 + use prelude.prelude.Int + use prelude.prelude.Int32 use prelude.prelude.Intrinsic @@ -13,36 +15,36 @@ module M_395__signed_division [#"395.rs" 3 0 3 24] let rec signed_division'0 (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 - [ s0 = [ &x <- [%#s3950] (10 : int32) ] s1 - | s1 = [ &y <- [%#s3951] (1 : int32) ] s2 + [ s0 = [ &x <- [%#s3950] (10 : Int32.t) ] s1 + | s1 = [ &y <- [%#s3951] (1 : Int32.t) ] s2 | s2 = [ &_6 <- x ] s3 | s3 = [ &_7 <- y ] s4 - | s4 = Int32.eq {_7} {[%#s3952] (0 : int32)} (fun (_ret':bool) -> [ &_8 <- _ret' ] s5) + | s4 = Int32.eq {_7} {[%#s3952] (0 : Int32.t)} (fun (_ret':bool) -> [ &_8 <- _ret' ] s5) | s5 = {[@expl:division by zero] [%#s3952] not _8} s6 | s6 = bb1 ] | bb1 = s0 - [ s0 = Int32.eq {_7} {[%#s3952] (-1 : int32)} (fun (_ret':bool) -> [ &_9 <- _ret' ] s1) - | s1 = Int32.eq {_6} {[%#s3952] (-2147483648 : int32)} (fun (_ret':bool) -> [ &_10 <- _ret' ] s2) + [ s0 = Int32.eq {_7} {[%#s3952] (-1 : Int32.t)} (fun (_ret':bool) -> [ &_9 <- _ret' ] s1) + | s1 = Int32.eq {_6} {[%#s3952] (-2147483648 : Int32.t)} (fun (_ret':bool) -> [ &_10 <- _ret' ] s2) | s2 = [ &_11 <- _9 && _10 ] s3 | s3 = {[@expl:Div overflow] [%#s3952] not _11} s4 | s4 = bb2 ] | bb2 = s0 - [ s0 = Int32.div {_6} {_7} (fun (_ret':int32) -> [ &_5 <- _ret' ] s1) - | s1 = Int32.eq {_5} {[%#s3953] (10 : int32)} (fun (_ret':bool) -> [ &_4 <- _ret' ] s2) + [ s0 = Int32.div {_6} {_7} (fun (_ret':Int32.t) -> [ &_5 <- _ret' ] s1) + | s1 = Int32.eq {_5} {[%#s3953] (10 : Int32.t)} (fun (_ret':bool) -> [ &_4 <- _ret' ] s2) | s2 = any [ br0 -> {_4 = false} (! bb4) | br1 -> {_4} (! bb3) ] ] | bb3 = return' {_0} | bb4 = {[%#s3954] false} any ] ) [ & _0 : () = any_l () - | & x : int32 = any_l () - | & y : int32 = any_l () + | & x : Int32.t = any_l () + | & y : Int32.t = any_l () | & _4 : bool = any_l () - | & _5 : int32 = any_l () - | & _6 : int32 = any_l () - | & _7 : int32 = any_l () + | & _5 : Int32.t = any_l () + | & _6 : Int32.t = any_l () + | & _7 : Int32.t = any_l () | & _8 : bool = any_l () | & _9 : bool = any_l () | & _10 : bool = any_l () diff --git a/creusot/tests/should_succeed/bug/463.coma b/creusot/tests/should_succeed/bug/463.coma index d9f3b7f1bc..c88c955a20 100644 --- a/creusot/tests/should_succeed/bug/463.coma +++ b/creusot/tests/should_succeed/bug/463.coma @@ -5,27 +5,27 @@ module M_463__test [#"463.rs" 3 0 3 13] let%span s4633 = "463.rs" 5 19 5 28 let%span s4634 = "463.rs" 6 18 6 35 - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 - use prelude.prelude.Intrinsic + use prelude.prelude.Int - use prelude.prelude.UIntSize + use prelude.prelude.Intrinsic - use prelude.prelude.Int + use prelude.prelude.UInt64 use prelude.prelude.Borrow - let rec closure0'0 (_1:()) (x:usize) (return' (ret:usize))= {[@expl:closure requires] [%#s4633] UIntSize.to_int x + let rec closure0'0 (_1:()) (x:UInt64.t) (return' (ret:UInt64.t))= {[@expl:closure requires] [%#s4633] UInt64.to_uint x < 1000} (! bb0 [ bb0 = s0 - [ s0 = UIntSize.add {x} {[%#s4632] (1 : usize)} (fun (_ret':usize) -> [ &res1 <- _ret' ] s1) + [ s0 = UInt64.add {x} {[%#s4632] (1 : UInt64.t)} (fun (_ret':UInt64.t) -> [ &res1 <- _ret' ] s1) | s1 = [ &res <- res1 ] s2 | s2 = [ &_0 <- res ] s3 | s3 = return' {_0} ] ] - ) [ & _0 : usize = any_l () | & x : usize = x | & res : usize = any_l () | & res1 : usize = any_l () ] - [ return' (result:usize)-> {[@expl:closure ensures] [%#s4634] UIntSize.to_int result = UIntSize.to_int x + 1} + ) [ & _0 : UInt64.t = any_l () | & x : UInt64.t = x | & res : UInt64.t = any_l () | & res1 : UInt64.t = any_l () ] + [ return' (result:UInt64.t)-> {[@expl:closure ensures] [%#s4634] UInt64.to_uint result = UInt64.to_uint x + 1} (! return' {result}) ] @@ -34,12 +34,12 @@ module M_463__test [#"463.rs" 3 0 3 13] let rec test'0 (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &c <- () ] s1 - | s1 = [ &_4 <- (([%#s4630] (2 : usize))) ] s2 - | s2 = closure0'0 {c} {let (r'0) = _4 in r'0} (fun (_ret':usize) -> [ &y <- _ret' ] s3) + | s1 = [ &_4 <- (([%#s4630] (2 : UInt64.t))) ] s2 + | s2 = closure0'0 {c} {let (r'0) = _4 in r'0} (fun (_ret':UInt64.t) -> [ &y <- _ret' ] s3) | s3 = bb1 ] - | bb1 = s0 [ s0 = {[@expl:assertion] [%#s4631] UIntSize.to_int y = 3} s1 | s1 = return' {_0} ] ] - ) [ & _0 : () = any_l () | & c : () = any_l () | & y : usize = any_l () | & _4 : usize = any_l () ] + | bb1 = s0 [ s0 = {[@expl:assertion] [%#s4631] UInt64.to_uint y = 3} s1 | s1 = return' {_0} ] ] + ) [ & _0 : () = any_l () | & c : () = any_l () | & y : UInt64.t = any_l () | & _4 : UInt64.t = any_l () ] [ return' (result:())-> (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/bug/463/why3session.xml b/creusot/tests/should_succeed/bug/463/why3session.xml index b68077ed87..7616954322 100644 --- a/creusot/tests/should_succeed/bug/463/why3session.xml +++ b/creusot/tests/should_succeed/bug/463/why3session.xml @@ -7,10 +7,10 @@ - + - - + + diff --git a/creusot/tests/should_succeed/bug/463/why3shapes.gz b/creusot/tests/should_succeed/bug/463/why3shapes.gz index 7c9818732525a57ccaa0711deb0cdc31bd0a79b3..0f4581f5e60b09740c3ebf04cc6c0b5d56cf104d 100644 GIT binary patch literal 220 zcmV<203-h&iwFP!00000|9y`;55h1Eg!lZ4j64>nZ4y8*z<}t)#u_<^D=Go4NO}Hx z(jr6$#OAyEe6j~49`;yM;8!|_vO3MU;-ewM1vZtrl&1#K`yDuegq;k6Ury$k?UOq0Bc6ax_OxHquvWK zPV>I}_PfN1_43=)>e$5Cv_Oxkop@VFj8-9)wj{Jpbyg^lTx@`eM9WlYhZ&J~)`GPP WREBcu;(~(+CF}*(J!1)D0RRA=qimP} literal 182 zcmV;n07?HJiwFP!00000|80)F4uU`sg!_AnD;1mFW0AvPVME{rY{}jak-~#`XyV(O z5H(lO&191An_VX3jb|U_%Rk~cg_AtWY%loC%hZoyxgsBa5iEAw!#7xLE!RCnz{w%9jNu5*x5TbHE2O6|SE*Mb}4_+S~RcxFxLnW~V kQEKI^q1@?`h&&Zac^XW?wzP&=OKg?+01dDaTN42Q0HobehyVZp diff --git a/creusot/tests/should_succeed/bug/486.coma b/creusot/tests/should_succeed/bug/486.coma index cb71356164..33d165be0e 100644 --- a/creusot/tests/should_succeed/bug/486.coma +++ b/creusot/tests/should_succeed/bug/486.coma @@ -3,17 +3,19 @@ module M_486__test [#"486.rs" 7 0 7 34] let%span s4861 = "486.rs" 6 10 6 22 let%span sresolve2 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 + use prelude.prelude.Int + use prelude.prelude.UInt32 use prelude.prelude.Borrow type t_HasMutRef'0 = - { t_HasMutRef__0'0: borrowed uint32 } + { t_HasMutRef__0'0: borrowed UInt32.t } - predicate resolve'1 (self : borrowed uint32) = + predicate resolve'1 (self : borrowed UInt32.t) = [%#sresolve2] self.final = self.current - predicate resolve'0 (_1 : borrowed uint32) = + predicate resolve'0 (_1 : borrowed UInt32.t) = resolve'1 _1 use prelude.prelude.Intrinsic @@ -24,7 +26,7 @@ module M_486__test [#"486.rs" 7 0 7 34] let rec test'0 (x:t_HasMutRef'0) (return' (ret:()))= (! bb0 [ bb0 = s0 - [ s0 = [ &x <- { t_HasMutRef__0'0 = { x.t_HasMutRef__0'0 with current = ([%#s4860] (5 : uint32)) } } ] s1 + [ s0 = [ &x <- { t_HasMutRef__0'0 = { x.t_HasMutRef__0'0 with current = ([%#s4860] (5 : UInt32.t)) } } ] s1 | s1 = -{match x with | {t_HasMutRef__0'0 = x'0} -> resolve'0 x'0 | _ -> true @@ -33,7 +35,7 @@ module M_486__test [#"486.rs" 7 0 7 34] | s2 = return' {_0} ] ] ) [ & _0 : () = any_l () | & x : t_HasMutRef'0 = x ] - [ return' (result:())-> {[@expl:test ensures] [%#s4861] UInt32.to_int (x.t_HasMutRef__0'0).final = 5} + [ return' (result:())-> {[@expl:test ensures] [%#s4861] UInt32.to_uint (x.t_HasMutRef__0'0).final = 5} (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/bug/486/why3session.xml b/creusot/tests/should_succeed/bug/486/why3session.xml index b365ba0f8b..92e371eaef 100644 --- a/creusot/tests/should_succeed/bug/486/why3session.xml +++ b/creusot/tests/should_succeed/bug/486/why3session.xml @@ -6,8 +6,8 @@ - - + + diff --git a/creusot/tests/should_succeed/bug/486/why3shapes.gz b/creusot/tests/should_succeed/bug/486/why3shapes.gz index a65d7a7fd01b3d9f88cbb14431da3883297be564..c365110a315d295c1cde6eee697316605e24a57d 100644 GIT binary patch literal 139 zcmV;60CfK!iwFP!00000|25393c@fD0MPxuB3o;xOEKCAuA)ECwOo=52HT`0X~n-6 z1oy{lJ5iprauGY{5>mW~ljsgWSE^~+LagLNq@007D5K%xKu literal 137 zcmV;40CxW$iwFP!00000|251(3c@fD1<-v?kzKW`X*Det+=^bH+cHW2V6aU}5-Q$a z5ZpiBq1O4y8?xS!vX5cVovx3HuUz8fLt*iOmyw)#a6*pDj*8gEl;Rt6wZ5GB6ZZ2+ rH-&X8pXs+MWzW5Ur~`z=p>0mYh5>FbB(^uYxs&<=)*rFZg#Z8m0;58! diff --git a/creusot/tests/should_succeed/bug/510.coma b/creusot/tests/should_succeed/bug/510.coma deleted file mode 100644 index 1391845ec6..0000000000 --- a/creusot/tests/should_succeed/bug/510.coma +++ /dev/null @@ -1,35 +0,0 @@ -module M_510__test_bool [#"510.rs" 3 0 3 27] - use prelude.prelude.Bool - - use prelude.prelude.UInt8 - - use prelude.prelude.Intrinsic - - meta "compute_max_steps" 1000000 - - let rec test_bool'0 (inp:bool) (return' (ret:()))= (! bb0 - [ bb0 = s0 - [ s0 = UInt8.of_int {Bool.to_int inp} (fun (_res:uint8) -> [ &_bing <- _res ] s1) | s1 = return' {_0} ] - ] - ) [ & _0 : () = any_l () | & inp : bool = inp | & _bing : uint8 = any_l () ] - [ return' (result:())-> (! return' {result}) ] - -end -module M_510__test_char [#"510.rs" 7 0 7 18] - let%span s5100 = "510.rs" 8 4 8 6 - - use prelude.prelude.UInt8 - - use prelude.prelude.Char - - use prelude.prelude.Intrinsic - - meta "compute_max_steps" 1000000 - - let rec test_char'0 (_1:()) (return' (ret:()))= (! bb0 - [ bb0 = s0 - [ s0 = Char.chr {UInt8.to_int ([%#s5100] (22 : uint8))} (fun (_res:char) -> [ &_1 <- _res ] s1) - | s1 = return' {_0} ] - ] - ) [ & _0 : () = any_l () | & _1 : char = any_l () ] [ return' (result:())-> (! return' {result}) ] -end diff --git a/creusot/tests/should_succeed/bug/510.stderr b/creusot/tests/should_succeed/bug/510.stderr index 642aa22a4a..ef7721b88e 100644 --- a/creusot/tests/should_succeed/bug/510.stderr +++ b/creusot/tests/should_succeed/bug/510.stderr @@ -6,5 +6,7 @@ warning: support for string types is limited and experimental | = note: `#[warn(creusot::experimental)]` on by default -warning: 1 warning emitted +error: Non integral casts are currently unsupported + +error: aborting due to 1 previous error; 1 warning emitted diff --git a/creusot/tests/should_succeed/bug/511.coma b/creusot/tests/should_succeed/bug/511.coma index 86756dac10..2ac7ad4b9c 100644 --- a/creusot/tests/should_succeed/bug/511.coma +++ b/creusot/tests/should_succeed/bug/511.coma @@ -1,102 +1,126 @@ module M_511__test_u8 [#"511.rs" 5 0 5 23] use prelude.prelude.UInt8 - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 use prelude.prelude.Intrinsic meta "compute_max_steps" 1000000 - let rec test_u8'0 (inp:uint8) (return' (ret:()))= (! bb0 + let rec test_u8'0 (inp:UInt8.t) (return' (ret:()))= (! bb0 [ bb0 = s0 - [ s0 = UIntSize.of_int {UInt8.to_int inp} (fun (_res:usize) -> [ &_bing <- _res ] s1) | s1 = return' {_0} ] + [ s0 = UInt8.to_bv256 {inp} + (fun (_ret_to:BV256.t) -> UInt64.of_bv256 {_ret_to} (fun (_ret_from:UInt64.t) -> [ &_bing <- _ret_from ] s1)) + | s1 = return' {_0} ] ] - ) [ & _0 : () = any_l () | & inp : uint8 = inp | & _bing : usize = any_l () ] + ) [ & _0 : () = any_l () | & inp : UInt8.t = inp | & _bing : UInt64.t = any_l () ] [ return' (result:())-> (! return' {result}) ] end module M_511__test_u16 [#"511.rs" 9 0 9 25] use prelude.prelude.UInt16 - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 use prelude.prelude.Intrinsic meta "compute_max_steps" 1000000 - let rec test_u16'0 (inp:uint16) (return' (ret:()))= (! bb0 + let rec test_u16'0 (inp:UInt16.t) (return' (ret:()))= (! bb0 [ bb0 = s0 - [ s0 = UIntSize.of_int {UInt16.to_int inp} (fun (_res:usize) -> [ &_bing <- _res ] s1) | s1 = return' {_0} ] + [ s0 = UInt16.to_bv256 {inp} + (fun (_ret_to:BV256.t) -> UInt64.of_bv256 {_ret_to} (fun (_ret_from:UInt64.t) -> [ &_bing <- _ret_from ] s1)) + | s1 = return' {_0} ] ] - ) [ & _0 : () = any_l () | & inp : uint16 = inp | & _bing : usize = any_l () ] + ) [ & _0 : () = any_l () | & inp : UInt16.t = inp | & _bing : UInt64.t = any_l () ] [ return' (result:())-> (! return' {result}) ] end module M_511__test_u128 [#"511.rs" 13 0 13 27] use prelude.prelude.UInt128 - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 use prelude.prelude.Intrinsic meta "compute_max_steps" 1000000 - let rec test_u128'0 (inp:uint128) (return' (ret:()))= (! bb0 + let rec test_u128'0 (inp:UInt128.t) (return' (ret:()))= (! bb0 [ bb0 = s0 - [ s0 = UIntSize.of_int {UInt128.to_int inp} (fun (_res:usize) -> [ &_bing <- _res ] s1) | s1 = return' {_0} ] + [ s0 = UInt128.to_bv256 {inp} + (fun (_ret_to:BV256.t) -> UInt64.of_bv256 {_ret_to} (fun (_ret_from:UInt64.t) -> [ &_bing <- _ret_from ] s1)) + | s1 = return' {_0} ] ] - ) [ & _0 : () = any_l () | & inp : uint128 = inp | & _bing : usize = any_l () ] + ) [ & _0 : () = any_l () | & inp : UInt128.t = inp | & _bing : UInt64.t = any_l () ] [ return' (result:())-> (! return' {result}) ] end module M_511__test_i8 [#"511.rs" 17 0 17 23] use prelude.prelude.Int8 - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 use prelude.prelude.Intrinsic meta "compute_max_steps" 1000000 - let rec test_i8'0 (inp:int8) (return' (ret:()))= (! bb0 + let rec test_i8'0 (inp:Int8.t) (return' (ret:()))= (! bb0 [ bb0 = s0 - [ s0 = UIntSize.of_int {Int8.to_int inp} (fun (_res:usize) -> [ &_bing <- _res ] s1) | s1 = return' {_0} ] + [ s0 = Int8.to_bv256 {inp} + (fun (_ret_to:BV256.t) -> UInt64.of_bv256 {_ret_to} (fun (_ret_from:UInt64.t) -> [ &_bing <- _ret_from ] s1)) + | s1 = return' {_0} ] ] - ) [ & _0 : () = any_l () | & inp : int8 = inp | & _bing : usize = any_l () ] + ) [ & _0 : () = any_l () | & inp : Int8.t = inp | & _bing : UInt64.t = any_l () ] [ return' (result:())-> (! return' {result}) ] end module M_511__test_i16 [#"511.rs" 21 0 21 25] use prelude.prelude.Int16 - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 use prelude.prelude.Intrinsic meta "compute_max_steps" 1000000 - let rec test_i16'0 (inp:int16) (return' (ret:()))= (! bb0 + let rec test_i16'0 (inp:Int16.t) (return' (ret:()))= (! bb0 [ bb0 = s0 - [ s0 = UIntSize.of_int {Int16.to_int inp} (fun (_res:usize) -> [ &_bing <- _res ] s1) | s1 = return' {_0} ] + [ s0 = Int16.to_bv256 {inp} + (fun (_ret_to:BV256.t) -> UInt64.of_bv256 {_ret_to} (fun (_ret_from:UInt64.t) -> [ &_bing <- _ret_from ] s1)) + | s1 = return' {_0} ] ] - ) [ & _0 : () = any_l () | & inp : int16 = inp | & _bing : usize = any_l () ] + ) [ & _0 : () = any_l () | & inp : Int16.t = inp | & _bing : UInt64.t = any_l () ] [ return' (result:())-> (! return' {result}) ] end module M_511__test_i128 [#"511.rs" 25 0 25 27] use prelude.prelude.Int128 - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 use prelude.prelude.Intrinsic meta "compute_max_steps" 1000000 - let rec test_i128'0 (inp:int128) (return' (ret:()))= (! bb0 + let rec test_i128'0 (inp:Int128.t) (return' (ret:()))= (! bb0 [ bb0 = s0 - [ s0 = UIntSize.of_int {Int128.to_int inp} (fun (_res:usize) -> [ &_bing <- _res ] s1) | s1 = return' {_0} ] + [ s0 = Int128.to_bv256 {inp} + (fun (_ret_to:BV256.t) -> UInt64.of_bv256 {_ret_to} (fun (_ret_from:UInt64.t) -> [ &_bing <- _ret_from ] s1)) + | s1 = return' {_0} ] ] - ) [ & _0 : () = any_l () | & inp : int128 = inp | & _bing : usize = any_l () ] + ) [ & _0 : () = any_l () | & inp : Int128.t = inp | & _bing : UInt64.t = any_l () ] [ return' (result:())-> (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/bug/545.coma b/creusot/tests/should_succeed/bug/545.coma index 4db4c532b5..1a5b67063c 100644 --- a/creusot/tests/should_succeed/bug/545.coma +++ b/creusot/tests/should_succeed/bug/545.coma @@ -1,15 +1,84 @@ module M_545__negative_is_negative [#"545.rs" 4 0 4 29] let%span s5450 = "545.rs" 5 18 5 32 + let%span sord1 = "../../../../creusot-contracts/src/logic/ord.rs" 78 39 78 89 + let%span sord2 = "../../../../creusot-contracts/src/logic/ord.rs" 83 39 83 86 + let%span sord3 = "../../../../creusot-contracts/src/logic/ord.rs" 88 39 88 86 + let%span sord4 = "../../../../creusot-contracts/src/logic/ord.rs" 93 39 93 89 + let%span sord5 = "../../../../creusot-contracts/src/logic/ord.rs" 98 39 98 70 + let%span sord6 = "../../../../creusot-contracts/src/logic/ord.rs" 103 40 103 57 + let%span sord7 = "../../../../creusot-contracts/src/logic/ord.rs" 104 40 104 57 + let%span sord8 = "../../../../creusot-contracts/src/logic/ord.rs" 105 39 105 56 + let%span sord9 = "../../../../creusot-contracts/src/logic/ord.rs" 110 40 110 70 + let%span sord10 = "../../../../creusot-contracts/src/logic/ord.rs" 111 39 111 72 + let%span sord11 = "../../../../creusot-contracts/src/logic/ord.rs" 116 40 116 73 + let%span sord12 = "../../../../creusot-contracts/src/logic/ord.rs" 117 39 117 69 + let%span sord13 = "../../../../creusot-contracts/src/logic/ord.rs" 122 39 122 84 + let%span sord14 = "../../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.Int32 - use prelude.prelude.Int + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 + + use prelude.prelude.Int32 + + function cmp_log'0 (self : Int32.t) (o : Int32.t) : t_Ordering'0 = + [%#sord14] if Int32.slt self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + + function eq_cmp'0 (x : Int32.t) (y : Int32.t) : () + + axiom eq_cmp'0_spec : forall x : Int32.t, y : Int32.t . [%#sord13] (x = y) = (cmp_log'0 x y = C_Equal'0) + + function antisym2'0 (x : Int32.t) (y : Int32.t) : () + + axiom antisym2'0_spec : forall x : Int32.t, y : Int32.t . ([%#sord11] cmp_log'0 x y = C_Greater'0) + -> ([%#sord12] cmp_log'0 y x = C_Less'0) + + function antisym1'0 (x : Int32.t) (y : Int32.t) : () + + axiom antisym1'0_spec : forall x : Int32.t, y : Int32.t . ([%#sord9] cmp_log'0 x y = C_Less'0) + -> ([%#sord10] cmp_log'0 y x = C_Greater'0) + + function trans'0 (x : Int32.t) (y : Int32.t) (z : Int32.t) (o : t_Ordering'0) : () + + axiom trans'0_spec : forall x : Int32.t, y : Int32.t, z : Int32.t, o : t_Ordering'0 . ([%#sord6] cmp_log'0 x y = o) + -> ([%#sord7] cmp_log'0 y z = o) -> ([%#sord8] cmp_log'0 x z = o) + + function refl'0 (x : Int32.t) : () + + axiom refl'0_spec : forall x : Int32.t . [%#sord5] cmp_log'0 x x = C_Equal'0 + + use prelude.prelude.Int32 + + function cmp_gt_log'0 (x : Int32.t) (y : Int32.t) : () + + axiom cmp_gt_log'0_spec : forall x : Int32.t, y : Int32.t . [%#sord4] Int32.sgt x y = (cmp_log'0 x y = C_Greater'0) + + use prelude.prelude.Int32 + + function cmp_ge_log'0 (x : Int32.t) (y : Int32.t) : () + + axiom cmp_ge_log'0_spec : forall x : Int32.t, y : Int32.t . [%#sord3] Int32.sge x y = (cmp_log'0 x y <> C_Less'0) + + function cmp_lt_log'0 (x : Int32.t) (y : Int32.t) : () + + axiom cmp_lt_log'0_spec : forall x : Int32.t, y : Int32.t . [%#sord2] Int32.slt x y = (cmp_log'0 x y = C_Less'0) + + use prelude.prelude.Int32 + + function cmp_le_log'0 (x : Int32.t) (y : Int32.t) : () + + axiom cmp_le_log'0_spec : forall x : Int32.t, y : Int32.t . [%#sord1] Int32.sle x y = (cmp_log'0 x y <> C_Greater'0) use prelude.prelude.Intrinsic meta "compute_max_steps" 1000000 let rec negative_is_negative'0 (_1:()) (return' (ret:()))= (! bb0 - [ bb0 = s0 [ s0 = {[@expl:assertion] [%#s5450] (0 : int32) > (-100 : int32)} s1 | s1 = return' {_0} ] ] + [ bb0 = s0 [ s0 = {[@expl:assertion] [%#s5450] Int32.sgt (0 : Int32.t) (-100 : Int32.t)} s1 | s1 = return' {_0} ] ] ) [ & _0 : () = any_l () ] [ return' (result:())-> (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/bug/564.coma b/creusot/tests/should_succeed/bug/564.coma index ae869a1747..e67073eba5 100644 --- a/creusot/tests/should_succeed/bug/564.coma +++ b/creusot/tests/should_succeed/bug/564.coma @@ -6,6 +6,8 @@ module M_564__emits_pure_eq [#"564.rs" 7 0 7 30] function invariants'0 [#"564.rs" 23 0 23 23] (_1 : ()) : bool = [%#s5642] true + use prelude.prelude.Int + use prelude.prelude.Int32 constant _1 : () @@ -22,6 +24,8 @@ module M_564__emits_pure_implies [#"564.rs" 16 0 16 35] function invariants'0 [#"564.rs" 23 0 23 23] (_1 : ()) : bool = [%#s5642] true + use prelude.prelude.Int + use prelude.prelude.Int32 constant _1 : () diff --git a/creusot/tests/should_succeed/bug/564/why3session.xml b/creusot/tests/should_succeed/bug/564/why3session.xml index e3da7a307f..4ff5366042 100644 --- a/creusot/tests/should_succeed/bug/564/why3session.xml +++ b/creusot/tests/should_succeed/bug/564/why3session.xml @@ -6,13 +6,13 @@ - - + + - - + + diff --git a/creusot/tests/should_succeed/bug/564/why3shapes.gz b/creusot/tests/should_succeed/bug/564/why3shapes.gz index 02c6a744d42f343bcda3ce3e0ecf164112bad72f..d68b597a62789c7a0ed44dc71f3982962dc333a2 100644 GIT binary patch delta 52 zcmV-40L%YgUXU*@S(>I9SXx*br6yWf7^WnqB_*bq8=0CX8K)Q~rKFiF7vn8cwNY0dymQq)XmWY;6nH?cDTYaXgrbLy5z;X@-ry2DR I3KQZsQ>@~ diff --git a/creusot/tests/should_succeed/bug/570.coma b/creusot/tests/should_succeed/bug/570.coma index 5bc97fd34b..c040b663c8 100644 --- a/creusot/tests/should_succeed/bug/570.coma +++ b/creusot/tests/should_succeed/bug/570.coma @@ -1,10 +1,12 @@ module M_570__test_program [#"570.rs" 12 0 12 26] use prelude.prelude.Intrinsic + use prelude.prelude.Int + use prelude.prelude.Int32 type t_S1'0 = - { t_S1__f'0: int32 } + { t_S1__f'0: Int32.t } type t_S2'0 = { t_S2__s1'0: t_S1'0 } @@ -18,10 +20,12 @@ end module M_570__test_assign [#"570.rs" 16 0 16 29] let%span s5700 = "570.rs" 17 13 17 14 + use prelude.prelude.Int + use prelude.prelude.Int32 type t_S1'0 = - { t_S1__f'0: int32 } + { t_S1__f'0: Int32.t } type t_S2'0 = { t_S2__s1'0: t_S1'0 } @@ -31,6 +35,6 @@ module M_570__test_assign [#"570.rs" 16 0 16 29] meta "compute_max_steps" 1000000 let rec test_assign'0 (s:t_S2'0) (return' (ret:()))= (! bb0 - [ bb0 = s0 [ s0 = [ &s <- { t_S2__s1'0 = { t_S1__f'0 = ([%#s5700] (2 : int32)) } } ] s1 | s1 = return' {_0} ] ] + [ bb0 = s0 [ s0 = [ &s <- { t_S2__s1'0 = { t_S1__f'0 = ([%#s5700] (2 : Int32.t)) } } ] s1 | s1 = return' {_0} ] ] ) [ & _0 : () = any_l () | & s : t_S2'0 = s ] [ return' (result:())-> (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/bug/594.coma b/creusot/tests/should_succeed/bug/594.coma index 9234b9419a..2c92350720 100644 --- a/creusot/tests/should_succeed/bug/594.coma +++ b/creusot/tests/should_succeed/bug/594.coma @@ -1,16 +1,18 @@ module M_594__test_program [#"594.rs" 11 0 11 46] let%span s5940 = "594.rs" 10 10 10 21 + use prelude.prelude.Int + use prelude.prelude.UInt32 use prelude.prelude.Intrinsic meta "compute_max_steps" 1000000 - let rec test_program'0 (_1:(uint32, uint32)) (return' (ret:uint32))= (! bb0 + let rec test_program'0 (_1:(UInt32.t, UInt32.t)) (return' (ret:UInt32.t))= (! bb0 [ bb0 = s0 [ s0 = [ &x <- let (r'0, _) = _1 in r'0 ] s1 | s1 = [ &_0 <- x ] s2 | s2 = return' {_0} ] ] - ) [ & _0 : uint32 = any_l () | & _1 : (uint32, uint32) = _1 | & x : uint32 = any_l () ] - [ return' (result:uint32)-> {[@expl:test_program ensures] [%#s5940] let (x, _) = _1 in result = x} + ) [ & _0 : UInt32.t = any_l () | & _1 : (UInt32.t, UInt32.t) = _1 | & x : UInt32.t = any_l () ] + [ return' (result:UInt32.t)-> {[@expl:test_program ensures] [%#s5940] let (x, _) = _1 in result = x} (! return' {result}) ] end @@ -23,13 +25,15 @@ module M_594__test_closure [#"594.rs" 15 0 15 21] let%span s5945 = "594.rs" 16 24 16 35 let%span s5946 = "594.rs" 18 24 18 35 + use prelude.prelude.Int + use prelude.prelude.Int32 use prelude.prelude.Intrinsic use prelude.prelude.Borrow - let rec closure0'0 (_1:()) (_c:int32) (_3:(int32, int32)) (return' (ret:int32))= (! bb0 + let rec closure0'0 (_1:()) (_c:Int32.t) (_3:(Int32.t, Int32.t)) (return' (ret:Int32.t))= (! bb0 [ bb0 = s0 [ s0 = [ &_a <- let (r'0, _) = _3 in r'0 ] s1 | s1 = [ &b <- let (_, r'1) = _3 in r'1 ] s2 @@ -38,16 +42,17 @@ module M_594__test_closure [#"594.rs" 15 0 15 21] | s4 = return' {_0} ] ] ) - [ & _0 : int32 = any_l () - | & _3 : (int32, int32) = _3 - | & _a : int32 = any_l () - | & b : int32 = any_l () - | & res : int32 = any_l () ] + [ & _0 : Int32.t = any_l () + | & _3 : (Int32.t, Int32.t) = _3 + | & _a : Int32.t = any_l () + | & b : Int32.t = any_l () + | & res : Int32.t = any_l () ] - [ return' (result:int32)-> {[@expl:closure ensures] [%#s5945] let (_a, b) = _3 in result = b} (! return' {result}) ] + [ return' (result:Int32.t)-> {[@expl:closure ensures] [%#s5945] let (_a, b) = _3 in result = b} + (! return' {result}) ] - let rec closure1'0 (_1:()) (_2:(int32, int32)) (return' (ret:int32))= (! bb0 + let rec closure1'0 (_1:()) (_2:(Int32.t, Int32.t)) (return' (ret:Int32.t))= (! bb0 [ bb0 = s0 [ s0 = [ &_a <- let (r'0, _) = _2 in r'0 ] s1 | s1 = [ &b <- let (_, r'1) = _2 in r'1 ] s2 @@ -56,13 +61,14 @@ module M_594__test_closure [#"594.rs" 15 0 15 21] | s4 = return' {_0} ] ] ) - [ & _0 : int32 = any_l () - | & _2 : (int32, int32) = _2 - | & _a : int32 = any_l () - | & b : int32 = any_l () - | & res : int32 = any_l () ] + [ & _0 : Int32.t = any_l () + | & _2 : (Int32.t, Int32.t) = _2 + | & _a : Int32.t = any_l () + | & b : Int32.t = any_l () + | & res : Int32.t = any_l () ] - [ return' (result:int32)-> {[@expl:closure ensures] [%#s5946] let (_a, b) = _2 in result = b} (! return' {result}) ] + [ return' (result:Int32.t)-> {[@expl:closure ensures] [%#s5946] let (_a, b) = _2 in result = b} + (! return' {result}) ] meta "compute_max_steps" 1000000 @@ -71,8 +77,8 @@ module M_594__test_closure [#"594.rs" 15 0 15 21] [ bb0 = s0 [ s0 = [ &cl1 <- () ] s1 | s1 = [ &cl2 <- () ] s2 - | s2 = [ &_6 <- (([%#s5940] (0 : int32)), ([%#s5941] (3 : int32))) ] s3 - | s3 = [ &_5 <- (([%#s5942] (4 : int32)), _6) ] s4 + | s2 = [ &_6 <- (([%#s5940] (0 : Int32.t)), ([%#s5941] (3 : Int32.t))) ] s3 + | s3 = [ &_5 <- (([%#s5942] (4 : Int32.t)), _6) ] s4 | s4 = closure0'0 {cl1} {let (r'0, _) = _5 in r'0} {let (_, r'1) = _5 in r'1} (fun (_ret':Int32.t) -> [ &_a <- _ret' ] s5) | s5 = bb1 ] @@ -88,30 +94,32 @@ module M_594__test_closure [#"594.rs" 15 0 15 21] [ & _0 : () = any_l () | & cl1 : () = any_l () | & cl2 : () = any_l () - | & _a : int32 = any_l () - | & _5 : (int32, (int32, int32)) = any_l () - | & _6 : (int32, int32) = any_l () - | & _b : int32 = any_l () - | & _9 : (int32, int32) = any_l () - | & _10 : (int32, int32) = any_l () ] + | & _a : Int32.t = any_l () + | & _5 : (Int32.t, (Int32.t, Int32.t)) = any_l () + | & _6 : (Int32.t, Int32.t) = any_l () + | & _b : Int32.t = any_l () + | & _9 : (Int32.t, Int32.t) = any_l () + | & _10 : (Int32.t, Int32.t) = any_l () ] [ return' (result:())-> (! return' {result}) ] end module M_594__qyi1704796797730763899__test_method [#"594.rs" 33 4 33 55] (* T *) let%span s5940 = "594.rs" 32 14 32 25 + use prelude.prelude.Int + use prelude.prelude.UInt32 use prelude.prelude.Intrinsic type t_T'0 = - { t_T__0'0: uint32 } + { t_T__0'0: UInt32.t } meta "compute_max_steps" 1000000 - let rec test_method'0 (self:t_T'0) (_2:(uint32, uint32)) (return' (ret:uint32))= (! bb0 + let rec test_method'0 (self:t_T'0) (_2:(UInt32.t, UInt32.t)) (return' (ret:UInt32.t))= (! bb0 [ bb0 = s0 [ s0 = [ &x <- let (r'0, _) = _2 in r'0 ] s1 | s1 = [ &_0 <- x ] s2 | s2 = return' {_0} ] ] - ) [ & _0 : uint32 = any_l () | & _2 : (uint32, uint32) = _2 | & x : uint32 = any_l () ] - [ return' (result:uint32)-> {[@expl:test_method ensures] [%#s5940] let (x, _) = _2 in result = x} + ) [ & _0 : UInt32.t = any_l () | & _2 : (UInt32.t, UInt32.t) = _2 | & x : UInt32.t = any_l () ] + [ return' (result:UInt32.t)-> {[@expl:test_method ensures] [%#s5940] let (x, _) = _2 in result = x} (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/bug/594/why3session.xml b/creusot/tests/should_succeed/bug/594/why3session.xml index 6ed713abb9..d8b8b0512e 100644 --- a/creusot/tests/should_succeed/bug/594/why3session.xml +++ b/creusot/tests/should_succeed/bug/594/why3session.xml @@ -8,21 +8,21 @@ - - + + - + - + - - + + diff --git a/creusot/tests/should_succeed/bug/594/why3shapes.gz b/creusot/tests/should_succeed/bug/594/why3shapes.gz index fd8081d94f71f208d5600b3f57bcbf9419ba28c5..8d15a770efd851252ad4f264e4663ba4db698b54 100644 GIT binary patch literal 141 zcmV;80CN8yiwFP!00000|BcE!4#F@D0MI?B$OxSr+evLsz%7u|*n)wNXobY>k$M8= z_YPBDulDjafBe1Po{v**c{-*o`TezhFFU5x7$rQA0enP7!a7hGNr#v~$>j`5O`8>j vR(0_X7IUxe$kv5=c>h1SFon&+qYydQKEn{zSQwi&8hiQyDv446y8r+HWF>~q sCK(~xdZyv|xBmNIwGf^pwM5bF(W$Azd=s9v8ohhT?&NQrz8mNW0Cw& {[@expl:omg ensures] [%#s6530] UIntSize.to_int result - = div (UIntSize.to_int n * (UIntSize.to_int n + 1)) 2} + let rec omg'0 (n:UInt64.t) (return' (ret:UInt64.t))= (! bb0 + [ bb0 = s0 [ s0 = [ &_0 <- n ] s1 | s1 = return' {_0} ] ] + ) [ & _0 : UInt64.t = any_l () | & n : UInt64.t = n ] + [ return' (result:UInt64.t)-> {[@expl:omg ensures] [%#s6530] UInt64.to_uint result + = div (UInt64.to_uint n * (UInt64.to_uint n + 1)) 2} (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/bug/682.coma b/creusot/tests/should_succeed/bug/682.coma index 628e011596..e8ed6bce64 100644 --- a/creusot/tests/should_succeed/bug/682.coma +++ b/creusot/tests/should_succeed/bug/682.coma @@ -3,36 +3,105 @@ module M_682__add_some [#"682.rs" 6 0 6 24] let%span s6821 = "682.rs" 4 11 4 32 let%span s6822 = "682.rs" 5 10 5 17 let%span sresolve3 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 + let%span sord4 = "../../../../creusot-contracts/src/logic/ord.rs" 78 39 78 89 + let%span sord5 = "../../../../creusot-contracts/src/logic/ord.rs" 83 39 83 86 + let%span sord6 = "../../../../creusot-contracts/src/logic/ord.rs" 88 39 88 86 + let%span sord7 = "../../../../creusot-contracts/src/logic/ord.rs" 93 39 93 89 + let%span sord8 = "../../../../creusot-contracts/src/logic/ord.rs" 98 39 98 70 + let%span sord9 = "../../../../creusot-contracts/src/logic/ord.rs" 103 40 103 57 + let%span sord10 = "../../../../creusot-contracts/src/logic/ord.rs" 104 40 104 57 + let%span sord11 = "../../../../creusot-contracts/src/logic/ord.rs" 105 39 105 56 + let%span sord12 = "../../../../creusot-contracts/src/logic/ord.rs" 110 40 110 70 + let%span sord13 = "../../../../creusot-contracts/src/logic/ord.rs" 111 39 111 72 + let%span sord14 = "../../../../creusot-contracts/src/logic/ord.rs" 116 40 116 73 + let%span sord15 = "../../../../creusot-contracts/src/logic/ord.rs" 117 39 117 69 + let%span sord16 = "../../../../creusot-contracts/src/logic/ord.rs" 122 39 122 84 + let%span sord17 = "../../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 use prelude.prelude.UInt64 + use prelude.prelude.Int + use prelude.prelude.Borrow - predicate resolve'1 (self : borrowed uint64) = + predicate resolve'1 (self : borrowed UInt64.t) = [%#sresolve3] self.final = self.current - predicate resolve'0 (_1 : borrowed uint64) = + predicate resolve'0 (_1 : borrowed UInt64.t) = resolve'1 _1 use prelude.prelude.Intrinsic - constant v_MAX'0 : uint64 = (18446744073709551615 : uint64) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.Int + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 + + use prelude.prelude.UInt64 + + function cmp_log'0 (self : UInt64.t) (o : UInt64.t) : t_Ordering'0 = + [%#sord17] if UInt64.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + + function eq_cmp'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom eq_cmp'0_spec : forall x : UInt64.t, y : UInt64.t . [%#sord16] (x = y) = (cmp_log'0 x y = C_Equal'0) + + function antisym2'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom antisym2'0_spec : forall x : UInt64.t, y : UInt64.t . ([%#sord14] cmp_log'0 x y = C_Greater'0) + -> ([%#sord15] cmp_log'0 y x = C_Less'0) + + function antisym1'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom antisym1'0_spec : forall x : UInt64.t, y : UInt64.t . ([%#sord12] cmp_log'0 x y = C_Less'0) + -> ([%#sord13] cmp_log'0 y x = C_Greater'0) + + function trans'0 (x : UInt64.t) (y : UInt64.t) (z : UInt64.t) (o : t_Ordering'0) : () + + axiom trans'0_spec : forall x : UInt64.t, y : UInt64.t, z : UInt64.t, o : t_Ordering'0 . ([%#sord9] cmp_log'0 x y = o) + -> ([%#sord10] cmp_log'0 y z = o) -> ([%#sord11] cmp_log'0 x z = o) + + function refl'0 (x : UInt64.t) : () + + axiom refl'0_spec : forall x : UInt64.t . [%#sord8] cmp_log'0 x x = C_Equal'0 + + use prelude.prelude.UInt64 + + function cmp_gt_log'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom cmp_gt_log'0_spec : forall x : UInt64.t, y : UInt64.t . [%#sord7] UInt64.ugt x y = (cmp_log'0 x y = C_Greater'0) + + use prelude.prelude.UInt64 + + function cmp_ge_log'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom cmp_ge_log'0_spec : forall x : UInt64.t, y : UInt64.t . [%#sord6] UInt64.uge x y = (cmp_log'0 x y <> C_Less'0) + + function cmp_lt_log'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom cmp_lt_log'0_spec : forall x : UInt64.t, y : UInt64.t . [%#sord5] UInt64.ult x y = (cmp_log'0 x y = C_Less'0) + + use prelude.prelude.UInt64 + + function cmp_le_log'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom cmp_le_log'0_spec : forall x : UInt64.t, y : UInt64.t . [%#sord4] UInt64.ule x y + = (cmp_log'0 x y <> C_Greater'0) meta "compute_max_steps" 1000000 - let rec add_some'0 (a:borrowed uint64) (return' (ret:()))= {[@expl:add_some requires] [%#s6821] a.current - <= div (v_MAX'0 : uint64) (2 : uint64)} + let rec add_some'0 (a:borrowed UInt64.t) (return' (ret:()))= {[@expl:add_some requires] [%#s6821] UInt64.ule a.current (div (v_MAX'0 : UInt64.t) (2 : UInt64.t))} (! bb0 [ bb0 = s0 - [ s0 = UInt64.add {a.current} {[%#s6820] (1 : uint64)} - (fun (_ret':uint64) -> [ &a <- { a with current = _ret' } ] s1) + [ s0 = UInt64.add {a.current} {[%#s6820] (1 : UInt64.t)} + (fun (_ret':UInt64.t) -> [ &a <- { a with current = _ret' } ] s1) | s1 = -{resolve'0 a}- s2 | s2 = return' {_0} ] ] - ) [ & _0 : () = any_l () | & a : borrowed uint64 = a ] - [ return' (result:())-> {[@expl:add_some ensures] [%#s6822] a.final > a.current} (! return' {result}) ] + ) [ & _0 : () = any_l () | & a : borrowed UInt64.t = a ] + [ return' (result:())-> {[@expl:add_some ensures] [%#s6822] UInt64.ugt a.final a.current} (! return' {result}) ] end module M_682__foo [#"682.rs" 12 0 12 23] @@ -43,25 +112,95 @@ module M_682__foo [#"682.rs" 12 0 12 23] let%span s6824 = "682.rs" 4 11 4 32 let%span s6825 = "682.rs" 5 10 5 17 let%span sresolve6 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 + let%span sord7 = "../../../../creusot-contracts/src/logic/ord.rs" 78 39 78 89 + let%span sord8 = "../../../../creusot-contracts/src/logic/ord.rs" 83 39 83 86 + let%span sord9 = "../../../../creusot-contracts/src/logic/ord.rs" 88 39 88 86 + let%span sord10 = "../../../../creusot-contracts/src/logic/ord.rs" 93 39 93 89 + let%span sord11 = "../../../../creusot-contracts/src/logic/ord.rs" 98 39 98 70 + let%span sord12 = "../../../../creusot-contracts/src/logic/ord.rs" 103 40 103 57 + let%span sord13 = "../../../../creusot-contracts/src/logic/ord.rs" 104 40 104 57 + let%span sord14 = "../../../../creusot-contracts/src/logic/ord.rs" 105 39 105 56 + let%span sord15 = "../../../../creusot-contracts/src/logic/ord.rs" 110 40 110 70 + let%span sord16 = "../../../../creusot-contracts/src/logic/ord.rs" 111 39 111 72 + let%span sord17 = "../../../../creusot-contracts/src/logic/ord.rs" 116 40 116 73 + let%span sord18 = "../../../../creusot-contracts/src/logic/ord.rs" 117 39 117 69 + let%span sord19 = "../../../../creusot-contracts/src/logic/ord.rs" 122 39 122 84 + let%span sord20 = "../../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 use prelude.prelude.Borrow use prelude.prelude.Snapshot + use prelude.prelude.Int + use prelude.prelude.UInt64 - constant v_MAX'0 : uint64 = (18446744073709551615 : uint64) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.Int + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 + + use prelude.prelude.UInt64 + + function cmp_log'0 (self : UInt64.t) (o : UInt64.t) : t_Ordering'0 = + [%#sord20] if UInt64.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + + function eq_cmp'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom eq_cmp'0_spec : forall x : UInt64.t, y : UInt64.t . [%#sord19] (x = y) = (cmp_log'0 x y = C_Equal'0) + + function antisym2'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom antisym2'0_spec : forall x : UInt64.t, y : UInt64.t . ([%#sord17] cmp_log'0 x y = C_Greater'0) + -> ([%#sord18] cmp_log'0 y x = C_Less'0) + + function antisym1'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom antisym1'0_spec : forall x : UInt64.t, y : UInt64.t . ([%#sord15] cmp_log'0 x y = C_Less'0) + -> ([%#sord16] cmp_log'0 y x = C_Greater'0) + + function trans'0 (x : UInt64.t) (y : UInt64.t) (z : UInt64.t) (o : t_Ordering'0) : () + + axiom trans'0_spec : forall x : UInt64.t, y : UInt64.t, z : UInt64.t, o : t_Ordering'0 . ([%#sord12] cmp_log'0 x y + = o) -> ([%#sord13] cmp_log'0 y z = o) -> ([%#sord14] cmp_log'0 x z = o) + + function refl'0 (x : UInt64.t) : () + + axiom refl'0_spec : forall x : UInt64.t . [%#sord11] cmp_log'0 x x = C_Equal'0 + + use prelude.prelude.UInt64 + + function cmp_gt_log'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom cmp_gt_log'0_spec : forall x : UInt64.t, y : UInt64.t . [%#sord10] UInt64.ugt x y + = (cmp_log'0 x y = C_Greater'0) + + use prelude.prelude.UInt64 + + function cmp_ge_log'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom cmp_ge_log'0_spec : forall x : UInt64.t, y : UInt64.t . [%#sord9] UInt64.uge x y = (cmp_log'0 x y <> C_Less'0) + + function cmp_lt_log'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom cmp_lt_log'0_spec : forall x : UInt64.t, y : UInt64.t . [%#sord8] UInt64.ult x y = (cmp_log'0 x y = C_Less'0) + + use prelude.prelude.UInt64 + + function cmp_le_log'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom cmp_le_log'0_spec : forall x : UInt64.t, y : UInt64.t . [%#sord7] UInt64.ule x y + = (cmp_log'0 x y <> C_Greater'0) - let rec add_some'0 (a:borrowed uint64) (return' (ret:()))= {[@expl:add_some requires] [%#s6824] a.current - <= div (v_MAX'0 : uint64) (2 : uint64)} - any [ return' (result:())-> {[%#s6825] a.final > a.current} (! return' {result}) ] + let rec add_some'0 (a:borrowed UInt64.t) (return' (ret:()))= {[@expl:add_some requires] [%#s6824] UInt64.ule a.current (div (v_MAX'0 : UInt64.t) (2 : UInt64.t))} + any [ return' (result:())-> {[%#s6825] UInt64.ugt a.final a.current} (! return' {result}) ] - predicate resolve'1 (self : borrowed uint64) = + predicate resolve'1 (self : borrowed UInt64.t) = [%#sresolve6] self.final = self.current - predicate resolve'0 (_1 : borrowed uint64) = + predicate resolve'0 (_1 : borrowed UInt64.t) = resolve'1 _1 use prelude.prelude.Snapshot @@ -72,25 +211,25 @@ module M_682__foo [#"682.rs" 12 0 12 23] meta "compute_max_steps" 1000000 - let rec foo'0 (a:borrowed uint64) (return' (ret:()))= {[@expl:foo requires] [%#s6822] a.current = (3 : uint64)} + let rec foo'0 (a:borrowed UInt64.t) (return' (ret:()))= {[@expl:foo requires] [%#s6822] a.current = (3 : UInt64.t)} (! bb0 [ bb0 = s0 [ s0 = [ &a_p <- [%#s6820] Snapshot.new a.current ] s1 | s1 = bb1 ] | bb1 = s0 - [ s0 = Borrow.borrow_final {a.current} {Borrow.get_id a} - (fun (_ret':borrowed uint64) -> [ &_7 <- _ret' ] [ &a <- { a with current = _ret'.final } ] s1) + [ s0 = Borrow.borrow_final {a.current} {Borrow.get_id a} + (fun (_ret':borrowed UInt64.t) -> [ &_7 <- _ret' ] [ &a <- { a with current = _ret'.final } ] s1) | s1 = add_some'0 {_7} (fun (_ret':()) -> [ &_6 <- _ret' ] s2) | s2 = bb2 ] | bb2 = s0 [ s0 = -{resolve'0 a}- s1 - | s1 = {[@expl:assertion] [%#s6821] a.current > Snapshot.inner a_p} s2 + | s1 = {[@expl:assertion] [%#s6821] UInt64.ugt a.current (Snapshot.inner a_p)} s2 | s2 = return' {_0} ] ] ) [ & _0 : () = any_l () - | & a : borrowed uint64 = a - | & a_p : Snapshot.snap_ty uint64 = any_l () + | & a : borrowed UInt64.t = a + | & a_p : Snapshot.snap_ty UInt64.t = any_l () | & _6 : () = any_l () - | & _7 : borrowed uint64 = any_l () ] - [ return' (result:())-> {[@expl:foo ensures] [%#s6823] a.final > a.current} (! return' {result}) ] + | & _7 : borrowed UInt64.t = any_l () ] + [ return' (result:())-> {[@expl:foo ensures] [%#s6823] UInt64.ugt a.final a.current} (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/bug/691.coma b/creusot/tests/should_succeed/bug/691.coma index b5f4424eee..716a0c1022 100644 --- a/creusot/tests/should_succeed/bug/691.coma +++ b/creusot/tests/should_succeed/bug/691.coma @@ -1,16 +1,18 @@ module M_691__example [#"691.rs" 8 0 8 16] let%span s6910 = "691.rs" 9 23 9 27 + use prelude.prelude.Int + use prelude.prelude.UInt32 type t_Foo'0 = - { t_Foo__bar'0: uint32 } + { t_Foo__bar'0: UInt32.t } use prelude.prelude.Intrinsic meta "compute_max_steps" 1000000 let rec example'0 (_1:()) (return' (ret:()))= (! bb0 - [ bb0 = s0 [ s0 = [ &c <- { t_Foo__bar'0 = ([%#s6910] (2 : uint32)) } ] s1 | s1 = return' {_0} ] ] + [ bb0 = s0 [ s0 = [ &c <- { t_Foo__bar'0 = ([%#s6910] (2 : UInt32.t)) } ] s1 | s1 = return' {_0} ] ] ) [ & _0 : () = any_l () | & c : t_Foo'0 = any_l () ] [ return' (result:())-> (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/bug/693.coma b/creusot/tests/should_succeed/bug/693.coma index 46dfeaf657..ab7500f64e 100644 --- a/creusot/tests/should_succeed/bug/693.coma +++ b/creusot/tests/should_succeed/bug/693.coma @@ -20,13 +20,15 @@ end module M_693__g [#"693.rs" 5 0 5 10] let%span s6930 = "693.rs" 6 6 6 7 + use prelude.prelude.Int + use prelude.prelude.Int32 - predicate inv'0 (_1 : int32) + predicate inv'0 (_1 : Int32.t) - axiom inv_axiom'0 [@rewrite] : forall x : int32 [inv'0 x] . inv'0 x = true + axiom inv_axiom'0 [@rewrite] : forall x : Int32.t [inv'0 x] . inv'0 x = true - let rec f'0 (_1:int32) (return' (ret:()))= {[@expl:f '_1' type invariant] inv'0 _1} + let rec f'0 (_1:Int32.t) (return' (ret:()))= {[@expl:f '_1' type invariant] inv'0 _1} any [ return' (result:())-> (! return' {result}) ] use prelude.prelude.Intrinsic @@ -34,7 +36,7 @@ module M_693__g [#"693.rs" 5 0 5 10] meta "compute_max_steps" 1000000 let rec g'0 (_1:()) (return' (ret:()))= (! bb0 - [ bb0 = s0 [ s0 = f'0 {[%#s6930] (0 : int32)} (fun (_ret':()) -> [ &_0 <- _ret' ] s1) | s1 = bb1 ] + [ bb0 = s0 [ s0 = f'0 {[%#s6930] (0 : Int32.t)} (fun (_ret':()) -> [ &_0 <- _ret' ] s1) | s1 = bb1 ] | bb1 = return' {_0} ] ) [ & _0 : () = any_l () ] [ return' (result:())-> (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/bug/693/why3session.xml b/creusot/tests/should_succeed/bug/693/why3session.xml index 9dbc9e9414..f744d89bb6 100644 --- a/creusot/tests/should_succeed/bug/693/why3session.xml +++ b/creusot/tests/should_succeed/bug/693/why3session.xml @@ -6,13 +6,13 @@ - + - - + + diff --git a/creusot/tests/should_succeed/bug/693/why3shapes.gz b/creusot/tests/should_succeed/bug/693/why3shapes.gz index 2384825ce7370c1546d70bbadeaaadfbd14afe69..9a6db0823e72a3c4664e0c30c42e29d3d10a246e 100644 GIT binary patch literal 144 zcmV;B0B`>viwFP!00000|2>O24#F@H0Q-G~J0R8WI`P2+Q1}2X^05{vNCJ)`@p}*= zbfeMCzESlSW~pkGXC0>TsEle35QcHx;RVkdoIvjL^16O&SRQ}B!EZ?jP*U>R88#eU yVhp8o65HHaVrz{?MLmL-R&yjv#rT|Adl3@j$Of00lmA4zXLtj!r}B@X0002{yFUj2 literal 144 zcmV;B0B`>viwFP!00000|2>OA4#FT10Pp(>ZfZ}G(sb7^WVuQooWqhi$^Adb_z!wa4_I6=A3%lrDRVR`=j2ERoRpo)0on3$3i y!dQD(lFj{~X&Bg`(gDF{^oFDOnyRbb5L@eOww#j{AyGP*K=1*swyun!0002C2Sbbi diff --git a/creusot/tests/should_succeed/bug/789.coma b/creusot/tests/should_succeed/bug/789.coma index a599ea1c8f..3ba8cbf4fa 100644 --- a/creusot/tests/should_succeed/bug/789.coma +++ b/creusot/tests/should_succeed/bug/789.coma @@ -1,11 +1,13 @@ module M_789__meta [#"789.rs" 3 0 3 22] use prelude.prelude.Intrinsic - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 meta "compute_max_steps" 1000000 - let rec meta'0 (_x:usize) (return' (ret:()))= (! bb0 [ bb0 = return' {_0} ] ) [ & _0 : () = any_l () ] + let rec meta'0 (_x:UInt64.t) (return' (ret:()))= (! bb0 [ bb0 = return' {_0} ] ) [ & _0 : () = any_l () ] [ return' (result:())-> (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/bug/874.coma b/creusot/tests/should_succeed/bug/874.coma index 565d8f6a4e..68473eee6e 100644 --- a/creusot/tests/should_succeed/bug/874.coma +++ b/creusot/tests/should_succeed/bug/874.coma @@ -12,7 +12,7 @@ module M_874__can_extend [#"874.rs" 4 0 4 19] let%span s87410 = "874.rs" 9 29 9 30 let%span s87411 = "874.rs" 9 32 9 33 let%span s87412 = "874.rs" 10 18 10 31 - let%span sslice13 = "../../../../creusot-contracts/src/std/slice.rs" 332 18 332 35 + let%span sslice13 = "../../../../creusot-contracts/src/std/slice.rs" 350 18 350 35 let%span svec14 = "../../../../creusot-contracts/src/std/vec.rs" 139 27 139 47 let%span svec15 = "../../../../creusot-contracts/src/std/vec.rs" 140 26 143 102 let%span svec16 = "../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 @@ -32,13 +32,15 @@ module M_874__can_extend [#"874.rs" 4 0 4 19] let%span svec30 = "../../../../creusot-contracts/src/std/vec.rs" 273 4 273 10 let%span sresolve31 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 - use prelude.prelude.Slice + use Slice64.create + + use prelude.prelude.Int use prelude.prelude.Int32 - predicate inv'0 (_1 : slice int32) + predicate inv'0 (_1 : slice Int32.t) - axiom inv_axiom'0 [@rewrite] : forall x : slice int32 [inv'0 x] . inv'0 x = true + axiom inv_axiom'0 [@rewrite] : forall x : slice Int32.t [inv'0 x] . inv'0 x = true use prelude.prelude.Opaque @@ -48,16 +50,16 @@ module M_874__can_extend [#"874.rs" 4 0 4 19] type t_Unique'0 = { t_Unique__pointer'0: t_NonNull'0; t_Unique__qy95zmarker'0: () } - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 type t_Cap'0 = - { t_Cap__0'0: usize } + { t_Cap__0'0: UInt64.t } type t_RawVec'0 = { t_RawVec__ptr'0: t_Unique'0; t_RawVec__cap'0: t_Cap'0; t_RawVec__alloc'0: () } type t_Vec'0 = - { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: usize } + { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: UInt64.t } predicate inv'1 (_1 : t_Vec'0) @@ -65,30 +67,28 @@ module M_874__can_extend [#"874.rs" 4 0 4 19] use seq.Seq - constant v_MAX'0 : usize = (18446744073709551615 : usize) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.UIntSize - - use prelude.prelude.Int + use prelude.prelude.UInt64 use seq.Seq - function view'0 (self : t_Vec'0) : Seq.seq int32 + function view'0 (self : t_Vec'0) : Seq.seq Int32.t - axiom view'0_spec : forall self : t_Vec'0 . [%#svec16] Seq.length (view'0 self) <= UIntSize.to_int (v_MAX'0 : usize) + axiom view'0_spec : forall self : t_Vec'0 . [%#svec16] Seq.length (view'0 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) - use prelude.prelude.Slice + use prelude.prelude.Slice64 - function view'3 (self : slice int32) : Seq.seq int32 + function view'3 (self : slice Int32.t) : Seq.seq Int32.t - axiom view'3_spec : forall self : slice int32 . ([%#sslice23] Seq.length (view'3 self) - <= UIntSize.to_int (v_MAX'0 : usize)) - && ([%#sslice24] view'3 self = Slice.id self) + axiom view'3_spec : forall self : slice Int32.t . ([%#sslice23] Seq.length (view'3 self) + <= UInt64.to_uint (v_MAX'0 : UInt64.t)) + && ([%#sslice24] view'3 self = Slice64.id self) - function view'1 (self : slice int32) : Seq.seq int32 = + function view'1 (self : slice Int32.t) : Seq.seq Int32.t = [%#sboxed17] view'3 self - let rec into_vec'0 (self:slice int32) (return' (ret:t_Vec'0))= {[@expl:into_vec 'self' type invariant] inv'0 self} + let rec into_vec'0 (self:slice Int32.t) (return' (ret:t_Vec'0))= {[@expl:into_vec 'self' type invariant] inv'0 self} any [ return' (result:t_Vec'0)-> {inv'1 result} {[%#sslice13] view'0 result = view'1 self} (! return' {result}) ] use prelude.prelude.Borrow @@ -106,7 +106,7 @@ module M_874__can_extend [#"874.rs" 4 0 4 19] type t_IntoIter'0 = { t_IntoIter__buf'0: t_NonNull'0; t_IntoIter__phantom'0: (); - t_IntoIter__cap'0: usize; + t_IntoIter__cap'0: UInt64.t; t_IntoIter__alloc'0: t_ManuallyDrop'0; t_IntoIter__ptr'0: t_NonNull'0; t_IntoIter__end'0: opaque_ptr } @@ -119,11 +119,11 @@ module M_874__can_extend [#"874.rs" 4 0 4 19] axiom inv_axiom'4 [@rewrite] : forall x : borrowed (t_IntoIter'0) [inv'4 x] . inv'4 x = true - predicate inv'5 (_1 : Seq.seq int32) + predicate inv'5 (_1 : Seq.seq Int32.t) - axiom inv_axiom'5 [@rewrite] : forall x : Seq.seq int32 [inv'5 x] . inv'5 x = true + axiom inv_axiom'5 [@rewrite] : forall x : Seq.seq Int32.t [inv'5 x] . inv'5 x = true - function view'4 (self : t_IntoIter'0) : Seq.seq int32 + function view'4 (self : t_IntoIter'0) : Seq.seq Int32.t predicate into_iter_post'0 (self : t_Vec'0) (res : t_IntoIter'0) = [%#svec19] view'0 self = view'4 res @@ -132,39 +132,39 @@ module M_874__can_extend [#"874.rs" 4 0 4 19] use seq.Seq - predicate produces'0 (self : t_IntoIter'0) (visited : Seq.seq int32) (rhs : t_IntoIter'0) = + predicate produces'0 (self : t_IntoIter'0) (visited : Seq.seq Int32.t) (rhs : t_IntoIter'0) = [%#svec21] view'4 self = Seq.(++) visited (view'4 rhs) - function produces_trans'0 (a : t_IntoIter'0) (ab : Seq.seq int32) (b : t_IntoIter'0) (bc : Seq.seq int32) (c : t_IntoIter'0) : () + function produces_trans'0 (a : t_IntoIter'0) (ab : Seq.seq Int32.t) (b : t_IntoIter'0) (bc : Seq.seq Int32.t) (c : t_IntoIter'0) : () = [%#svec30] () - axiom produces_trans'0_spec : forall a : t_IntoIter'0, ab : Seq.seq int32, b : t_IntoIter'0, bc : Seq.seq int32, c : t_IntoIter'0 . ([%#svec27] produces'0 a ab b) + axiom produces_trans'0_spec : forall a : t_IntoIter'0, ab : Seq.seq Int32.t, b : t_IntoIter'0, bc : Seq.seq Int32.t, c : t_IntoIter'0 . ([%#svec27] produces'0 a ab b) -> ([%#svec28] produces'0 b bc c) -> ([%#svec29] produces'0 a (Seq.(++) ab bc) c) function produces_refl'0 (self : t_IntoIter'0) : () = [%#svec26] () - axiom produces_refl'0_spec : forall self : t_IntoIter'0 . [%#svec25] produces'0 self (Seq.empty : Seq.seq int32) self + axiom produces_refl'0_spec : forall self : t_IntoIter'0 . [%#svec25] produces'0 self (Seq.empty : Seq.seq Int32.t) self predicate resolve'0 (self : borrowed (t_IntoIter'0)) = [%#sresolve31] self.final = self.current - function view'5 (self : borrowed (t_IntoIter'0)) : Seq.seq int32 = + function view'5 (self : borrowed (t_IntoIter'0)) : Seq.seq Int32.t = [%#smodel22] view'4 self.current predicate completed'0 (self : borrowed (t_IntoIter'0)) = - [%#svec20] resolve'0 self /\ view'5 self = (Seq.empty : Seq.seq int32) + [%#svec20] resolve'0 self /\ view'5 self = (Seq.empty : Seq.seq Int32.t) - function view'2 (self : borrowed (t_Vec'0)) : Seq.seq int32 = + function view'2 (self : borrowed (t_Vec'0)) : Seq.seq Int32.t = [%#smodel22] view'0 self.current let rec extend'0 (self:borrowed (t_Vec'0)) (iter:t_Vec'0) (return' (ret:()))= {[@expl:extend 'self' type invariant] inv'2 self} {[@expl:extend 'iter' type invariant] inv'1 iter} {[@expl:extend requires] [%#svec14] into_iter_pre'0 iter} any - [ return' (result:())-> {[%#svec15] exists start_ : t_IntoIter'0, done' : borrowed (t_IntoIter'0), prod : Seq.seq int32 . inv'3 start_ + [ return' (result:())-> {[%#svec15] exists start_ : t_IntoIter'0, done' : borrowed (t_IntoIter'0), prod : Seq.seq Int32.t . inv'3 start_ /\ inv'4 done' /\ inv'5 prod /\ into_iter_post'0 iter start_ @@ -181,9 +181,9 @@ module M_874__can_extend [#"874.rs" 4 0 4 19] let rec can_extend'0 (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = any - [ any_ (__arr_temp:array int32)-> (! -{Seq.get __arr_temp.elts 0 = ([%#s8740] (1 : int32)) - /\ Seq.get __arr_temp.elts 1 = ([%#s8741] (2 : int32)) - /\ Seq.get __arr_temp.elts 2 = ([%#s8742] (3 : int32)) /\ Seq.length __arr_temp.elts = 3}- + [ any_ (__arr_temp:array Int32.t)-> (! -{Seq.get __arr_temp.elts 0 = ([%#s8740] (1 : Int32.t)) + /\ Seq.get __arr_temp.elts 1 = ([%#s8741] (2 : Int32.t)) + /\ Seq.get __arr_temp.elts 2 = ([%#s8742] (3 : Int32.t)) /\ Seq.length __arr_temp.elts = 3}- [ &_4 <- __arr_temp ] s1) ] @@ -193,9 +193,9 @@ module M_874__can_extend [#"874.rs" 4 0 4 19] | bb2 = s0 [ s0 = into_vec'0 {_4} (fun (_ret':t_Vec'0) -> [ &v <- _ret' ] s1) | s1 = bb3 ] | bb3 = s0 [ s0 = any - [ any_ (__arr_temp:array int32)-> (! -{Seq.get __arr_temp.elts 0 = ([%#s8743] (4 : int32)) - /\ Seq.get __arr_temp.elts 1 = ([%#s8744] (5 : int32)) - /\ Seq.get __arr_temp.elts 2 = ([%#s8745] (6 : int32)) /\ Seq.length __arr_temp.elts = 3}- + [ any_ (__arr_temp:array Int32.t)-> (! -{Seq.get __arr_temp.elts 0 = ([%#s8743] (4 : Int32.t)) + /\ Seq.get __arr_temp.elts 1 = ([%#s8744] (5 : Int32.t)) + /\ Seq.get __arr_temp.elts 2 = ([%#s8745] (6 : Int32.t)) /\ Seq.length __arr_temp.elts = 3}- [ &_8 <- __arr_temp ] s1) ] @@ -211,12 +211,12 @@ module M_874__can_extend [#"874.rs" 4 0 4 19] | bb7 = s0 [ s0 = any - [ any_ (__arr_temp:array int32)-> (! -{Seq.get __arr_temp.elts 0 = ([%#s8746] (1 : int32)) - /\ Seq.get __arr_temp.elts 1 = ([%#s8747] (2 : int32)) - /\ Seq.get __arr_temp.elts 2 = ([%#s8748] (3 : int32)) - /\ Seq.get __arr_temp.elts 3 = ([%#s8749] (4 : int32)) - /\ Seq.get __arr_temp.elts 4 = ([%#s87410] (5 : int32)) - /\ Seq.get __arr_temp.elts 5 = ([%#s87411] (6 : int32)) /\ Seq.length __arr_temp.elts = 6}- + [ any_ (__arr_temp:array Int32.t)-> (! -{Seq.get __arr_temp.elts 0 = ([%#s8746] (1 : Int32.t)) + /\ Seq.get __arr_temp.elts 1 = ([%#s8747] (2 : Int32.t)) + /\ Seq.get __arr_temp.elts 2 = ([%#s8748] (3 : Int32.t)) + /\ Seq.get __arr_temp.elts 3 = ([%#s8749] (4 : Int32.t)) + /\ Seq.get __arr_temp.elts 4 = ([%#s87410] (5 : Int32.t)) + /\ Seq.get __arr_temp.elts 5 = ([%#s87411] (6 : Int32.t)) /\ Seq.length __arr_temp.elts = 6}- [ &_15 <- __arr_temp ] s1) ] @@ -232,12 +232,12 @@ module M_874__can_extend [#"874.rs" 4 0 4 19] ) [ & _0 : () = any_l () | & v : t_Vec'0 = any_l () - | & _4 : array int32 = any_l () + | & _4 : array Int32.t = any_l () | & w : t_Vec'0 = any_l () - | & _8 : array int32 = any_l () + | & _8 : array Int32.t = any_l () | & _9 : () = any_l () | & _10 : borrowed (t_Vec'0) = any_l () | & z : t_Vec'0 = any_l () - | & _15 : array int32 = any_l () ] + | & _15 : array Int32.t = any_l () ] [ return' (result:())-> (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/bug/922.coma b/creusot/tests/should_succeed/bug/922.coma index a1c7c8da04..449a1cc839 100644 --- a/creusot/tests/should_succeed/bug/922.coma +++ b/creusot/tests/should_succeed/bug/922.coma @@ -5,61 +5,63 @@ module M_922__g [#"922.rs" 5 0 5 57] use prelude.prelude.Borrow + use prelude.prelude.Int + use prelude.prelude.Int32 - predicate resolve'2 (self : borrowed int32) = + predicate resolve'2 (self : borrowed Int32.t) = [%#sresolve1] self.final = self.current - predicate resolve'0 (_1 : borrowed int32) = + predicate resolve'0 (_1 : borrowed Int32.t) = resolve'2 _1 - predicate resolve'5 (_1 : int32) = + predicate resolve'5 (_1 : Int32.t) = true - predicate resolve'6 (self : (int32, borrowed int32)) = + predicate resolve'6 (self : (Int32.t, borrowed Int32.t)) = [%#sresolve2] resolve'5 (let (a, _) = self in a) /\ resolve'0 (let (_, a) = self in a) - predicate resolve'4 (_1 : (int32, borrowed int32)) = + predicate resolve'4 (_1 : (Int32.t, borrowed Int32.t)) = resolve'6 _1 - predicate resolve'3 (self : ((int32, borrowed int32), int32)) = + predicate resolve'3 (self : ((Int32.t, borrowed Int32.t), Int32.t)) = [%#sresolve2] resolve'4 (let (a, _) = self in a) /\ resolve'5 (let (_, a) = self in a) - predicate resolve'1 (_1 : ((int32, borrowed int32), int32)) = + predicate resolve'1 (_1 : ((Int32.t, borrowed Int32.t), Int32.t)) = resolve'3 _1 use prelude.prelude.Intrinsic meta "compute_max_steps" 1000000 - let rec g'0 (x:((int32, borrowed int32), int32)) (return' (ret:borrowed int32))= (! bb0 + let rec g'0 (x:((Int32.t, borrowed Int32.t), Int32.t)) (return' (ret:borrowed Int32.t))= (! bb0 [ bb0 = s0 [ s0 = Borrow.borrow_final - + {(let (_, r'0) = let (r'1, _) = x in r'1 in r'0).current} {Borrow.get_id (let (_, r'0) = let (r'1, _) = x in r'1 in r'0)} - (fun (_ret':borrowed int32) -> + (fun (_ret':borrowed Int32.t) -> [ &_4 <- _ret' ] [ &x <- let (_, r'5) = x in ((let (r'2, _) = let (r'1, _) = x in r'1 in (r'2, { (let (_, r'0) = let (r'1, _) = x in r'1 in r'0) with current = _ret'.final })), r'5) ] s1) - | s1 = Borrow.borrow_final {_4.current} {Borrow.get_id _4} - (fun (_ret':borrowed int32) -> [ &_2 <- _ret' ] [ &_4 <- { _4 with current = _ret'.final } ] s2) - | s2 = Borrow.borrow_final {_2.current} {Borrow.get_id _2} - (fun (_ret':borrowed int32) -> [ &_0 <- _ret' ] [ &_2 <- { _2 with current = _ret'.final } ] s3) + | s1 = Borrow.borrow_final {_4.current} {Borrow.get_id _4} + (fun (_ret':borrowed Int32.t) -> [ &_2 <- _ret' ] [ &_4 <- { _4 with current = _ret'.final } ] s2) + | s2 = Borrow.borrow_final {_2.current} {Borrow.get_id _2} + (fun (_ret':borrowed Int32.t) -> [ &_0 <- _ret' ] [ &_2 <- { _2 with current = _ret'.final } ] s3) | s3 = -{resolve'0 _4}- s4 | s4 = -{resolve'0 _2}- s5 | s5 = -{resolve'1 x}- s6 | s6 = return' {_0} ] ] ) - [ & _0 : borrowed int32 = any_l () - | & x : ((int32, borrowed int32), int32) = x - | & _2 : borrowed int32 = any_l () - | & _4 : borrowed int32 = any_l () ] + [ & _0 : borrowed Int32.t = any_l () + | & x : ((Int32.t, borrowed Int32.t), Int32.t) = x + | & _2 : borrowed Int32.t = any_l () + | & _4 : borrowed Int32.t = any_l () ] - [ return' (result:borrowed int32)-> {[@expl:g ensures] [%#s9220] result = (let (_, a) = let (a, _) = x in a in a)} + [ return' (result:borrowed Int32.t)-> {[@expl:g ensures] [%#s9220] result = (let (_, a) = let (a, _) = x in a in a)} (! return' {result}) ] end @@ -71,49 +73,51 @@ module M_922__f1 [#"922.rs" 12 0 12 59] use prelude.prelude.Borrow + use prelude.prelude.Int + use prelude.prelude.Int32 - predicate resolve'2 (self : borrowed int32) = + predicate resolve'2 (self : borrowed Int32.t) = [%#sresolve3] self.final = self.current - predicate resolve'0 (_1 : borrowed int32) = + predicate resolve'0 (_1 : borrowed Int32.t) = resolve'2 _1 - predicate resolve'3 (self : borrowed (int32, borrowed int32)) = + predicate resolve'3 (self : borrowed (Int32.t, borrowed Int32.t)) = [%#sresolve3] self.final = self.current - predicate resolve'1 (_1 : borrowed (int32, borrowed int32)) = + predicate resolve'1 (_1 : borrowed (Int32.t, borrowed Int32.t)) = resolve'3 _1 use prelude.prelude.Intrinsic meta "compute_max_steps" 1000000 - let rec f1'0 (b:borrowed (int32, borrowed int32)) (return' (ret:borrowed int32))= (! bb0 + let rec f1'0 (b:borrowed (Int32.t, borrowed Int32.t)) (return' (ret:borrowed Int32.t))= (! bb0 [ bb0 = s0 - [ s0 = Borrow.borrow_mut {(let (_, r'0) = b.current in r'0).current} - (fun (_ret':borrowed int32) -> + [ s0 = Borrow.borrow_mut {(let (_, r'0) = b.current in r'0).current} + (fun (_ret':borrowed Int32.t) -> [ &_6 <- _ret' ] [ &b <- { b with current = (let (r'1, _) = b.current in (r'1, { (let (_, r'0) = b.current in r'0) with current = _ret'.final })) } ] s1) - | s1 = Borrow.borrow_final {_6.current} {Borrow.get_id _6} - (fun (_ret':borrowed int32) -> [ &_2 <- _ret' ] [ &_6 <- { _6 with current = _ret'.final } ] s2) - | s2 = Borrow.borrow_final {_2.current} {Borrow.get_id _2} - (fun (_ret':borrowed int32) -> [ &_0 <- _ret' ] [ &_2 <- { _2 with current = _ret'.final } ] s3) + | s1 = Borrow.borrow_final {_6.current} {Borrow.get_id _6} + (fun (_ret':borrowed Int32.t) -> [ &_2 <- _ret' ] [ &_6 <- { _6 with current = _ret'.final } ] s2) + | s2 = Borrow.borrow_final {_2.current} {Borrow.get_id _2} + (fun (_ret':borrowed Int32.t) -> [ &_0 <- _ret' ] [ &_2 <- { _2 with current = _ret'.final } ] s3) | s3 = -{resolve'0 _6}- s4 | s4 = -{resolve'0 _2}- s5 | s5 = -{resolve'1 b}- s6 | s6 = return' {_0} ] ] ) - [ & _0 : borrowed int32 = any_l () - | & b : borrowed (int32, borrowed int32) = b - | & _2 : borrowed int32 = any_l () - | & _6 : borrowed int32 = any_l () ] + [ & _0 : borrowed Int32.t = any_l () + | & b : borrowed (Int32.t, borrowed Int32.t) = b + | & _2 : borrowed Int32.t = any_l () + | & _6 : borrowed Int32.t = any_l () ] - [ return' (result:borrowed int32)-> {[@expl:f1 ensures #0] [%#s9220] result.current + [ return' (result:borrowed Int32.t)-> {[@expl:f1 ensures #0] [%#s9220] result.current = (let (_, a) = b.current in a).current} {[@expl:f1 ensures #1] [%#s9221] result.final = (let (_, a) = b.final in a).current} {[@expl:f1 ensures #2] [%#s9222] (let (_, a) = b.current in a).final = (let (_, a) = b.final in a).final} @@ -128,49 +132,51 @@ module M_922__f2 [#"922.rs" 19 0 19 60] use prelude.prelude.Borrow + use prelude.prelude.Int + use prelude.prelude.Int32 - predicate resolve'2 (self : borrowed int32) = + predicate resolve'2 (self : borrowed Int32.t) = [%#sresolve3] self.final = self.current - predicate resolve'0 (_1 : borrowed int32) = + predicate resolve'0 (_1 : borrowed Int32.t) = resolve'2 _1 - predicate resolve'3 (self : borrowed (int32, borrowed int32)) = + predicate resolve'3 (self : borrowed (Int32.t, borrowed Int32.t)) = [%#sresolve3] self.final = self.current - predicate resolve'1 (_1 : borrowed (int32, borrowed int32)) = + predicate resolve'1 (_1 : borrowed (Int32.t, borrowed Int32.t)) = resolve'3 _1 use prelude.prelude.Intrinsic meta "compute_max_steps" 1000000 - let rec f2'0 (x0:borrowed (int32, borrowed int32)) (return' (ret:borrowed int32))= (! bb0 + let rec f2'0 (x0:borrowed (Int32.t, borrowed Int32.t)) (return' (ret:borrowed Int32.t))= (! bb0 [ bb0 = s0 - [ s0 = Borrow.borrow_mut {(let (_, r'0) = x0.current in r'0).current} - (fun (_ret':borrowed int32) -> + [ s0 = Borrow.borrow_mut {(let (_, r'0) = x0.current in r'0).current} + (fun (_ret':borrowed Int32.t) -> [ &_6 <- _ret' ] [ &x0 <- { x0 with current = (let (r'1, _) = x0.current in (r'1, { (let (_, r'0) = x0.current in r'0) with current = _ret'.final })) } ] s1) - | s1 = Borrow.borrow_final {_6.current} {Borrow.get_id _6} - (fun (_ret':borrowed int32) -> [ &_2 <- _ret' ] [ &_6 <- { _6 with current = _ret'.final } ] s2) - | s2 = Borrow.borrow_final {_2.current} {Borrow.get_id _2} - (fun (_ret':borrowed int32) -> [ &_0 <- _ret' ] [ &_2 <- { _2 with current = _ret'.final } ] s3) + | s1 = Borrow.borrow_final {_6.current} {Borrow.get_id _6} + (fun (_ret':borrowed Int32.t) -> [ &_2 <- _ret' ] [ &_6 <- { _6 with current = _ret'.final } ] s2) + | s2 = Borrow.borrow_final {_2.current} {Borrow.get_id _2} + (fun (_ret':borrowed Int32.t) -> [ &_0 <- _ret' ] [ &_2 <- { _2 with current = _ret'.final } ] s3) | s3 = -{resolve'0 _6}- s4 | s4 = -{resolve'0 _2}- s5 | s5 = -{resolve'1 x0}- s6 | s6 = return' {_0} ] ] ) - [ & _0 : borrowed int32 = any_l () - | & x0 : borrowed (int32, borrowed int32) = x0 - | & _2 : borrowed int32 = any_l () - | & _6 : borrowed int32 = any_l () ] + [ & _0 : borrowed Int32.t = any_l () + | & x0 : borrowed (Int32.t, borrowed Int32.t) = x0 + | & _2 : borrowed Int32.t = any_l () + | & _6 : borrowed Int32.t = any_l () ] - [ return' (result:borrowed int32)-> {[@expl:f2 ensures #0] [%#s9220] result.current + [ return' (result:borrowed Int32.t)-> {[@expl:f2 ensures #0] [%#s9220] result.current = (let (_, a) = x0.current in a).current} {[@expl:f2 ensures #1] [%#s9221] result.final = (let (_, a) = x0.final in a).current} {[@expl:f2 ensures #2] [%#s9222] (let (_, a) = x0.current in a).final = (let (_, a) = x0.final in a).final} @@ -185,49 +191,51 @@ module M_922__f3 [#"922.rs" 26 0 26 60] use prelude.prelude.Borrow + use prelude.prelude.Int + use prelude.prelude.Int32 - predicate resolve'2 (self : borrowed int32) = + predicate resolve'2 (self : borrowed Int32.t) = [%#sresolve3] self.final = self.current - predicate resolve'0 (_1 : borrowed int32) = + predicate resolve'0 (_1 : borrowed Int32.t) = resolve'2 _1 - predicate resolve'3 (self : borrowed (int32, borrowed int32)) = + predicate resolve'3 (self : borrowed (Int32.t, borrowed Int32.t)) = [%#sresolve3] self.final = self.current - predicate resolve'1 (_1 : borrowed (int32, borrowed int32)) = + predicate resolve'1 (_1 : borrowed (Int32.t, borrowed Int32.t)) = resolve'3 _1 use prelude.prelude.Intrinsic meta "compute_max_steps" 1000000 - let rec f3'0 (x1:borrowed (int32, borrowed int32)) (return' (ret:borrowed int32))= (! bb0 + let rec f3'0 (x1:borrowed (Int32.t, borrowed Int32.t)) (return' (ret:borrowed Int32.t))= (! bb0 [ bb0 = s0 - [ s0 = Borrow.borrow_mut {(let (_, r'0) = x1.current in r'0).current} - (fun (_ret':borrowed int32) -> + [ s0 = Borrow.borrow_mut {(let (_, r'0) = x1.current in r'0).current} + (fun (_ret':borrowed Int32.t) -> [ &_6 <- _ret' ] [ &x1 <- { x1 with current = (let (r'1, _) = x1.current in (r'1, { (let (_, r'0) = x1.current in r'0) with current = _ret'.final })) } ] s1) - | s1 = Borrow.borrow_final {_6.current} {Borrow.get_id _6} - (fun (_ret':borrowed int32) -> [ &_2 <- _ret' ] [ &_6 <- { _6 with current = _ret'.final } ] s2) - | s2 = Borrow.borrow_final {_2.current} {Borrow.get_id _2} - (fun (_ret':borrowed int32) -> [ &_0 <- _ret' ] [ &_2 <- { _2 with current = _ret'.final } ] s3) + | s1 = Borrow.borrow_final {_6.current} {Borrow.get_id _6} + (fun (_ret':borrowed Int32.t) -> [ &_2 <- _ret' ] [ &_6 <- { _6 with current = _ret'.final } ] s2) + | s2 = Borrow.borrow_final {_2.current} {Borrow.get_id _2} + (fun (_ret':borrowed Int32.t) -> [ &_0 <- _ret' ] [ &_2 <- { _2 with current = _ret'.final } ] s3) | s3 = -{resolve'0 _6}- s4 | s4 = -{resolve'0 _2}- s5 | s5 = -{resolve'1 x1}- s6 | s6 = return' {_0} ] ] ) - [ & _0 : borrowed int32 = any_l () - | & x1 : borrowed (int32, borrowed int32) = x1 - | & _2 : borrowed int32 = any_l () - | & _6 : borrowed int32 = any_l () ] + [ & _0 : borrowed Int32.t = any_l () + | & x1 : borrowed (Int32.t, borrowed Int32.t) = x1 + | & _2 : borrowed Int32.t = any_l () + | & _6 : borrowed Int32.t = any_l () ] - [ return' (result:borrowed int32)-> {[@expl:f3 ensures #0] [%#s9220] result.current + [ return' (result:borrowed Int32.t)-> {[@expl:f3 ensures #0] [%#s9220] result.current = (let (_, a) = x1.current in a).current} {[@expl:f3 ensures #1] [%#s9221] result.final = (let (_, a) = x1.final in a).current} {[@expl:f3 ensures #2] [%#s9222] (let (_, a) = x1.current in a).final = (let (_, a) = x1.final in a).final} @@ -242,49 +250,51 @@ module M_922__f4 [#"922.rs" 33 0 33 60] use prelude.prelude.Borrow + use prelude.prelude.Int + use prelude.prelude.Int32 - predicate resolve'2 (self : borrowed int32) = + predicate resolve'2 (self : borrowed Int32.t) = [%#sresolve3] self.final = self.current - predicate resolve'0 (_1 : borrowed int32) = + predicate resolve'0 (_1 : borrowed Int32.t) = resolve'2 _1 - predicate resolve'3 (self : borrowed (int32, borrowed int32)) = + predicate resolve'3 (self : borrowed (Int32.t, borrowed Int32.t)) = [%#sresolve3] self.final = self.current - predicate resolve'1 (_1 : borrowed (int32, borrowed int32)) = + predicate resolve'1 (_1 : borrowed (Int32.t, borrowed Int32.t)) = resolve'3 _1 use prelude.prelude.Intrinsic meta "compute_max_steps" 1000000 - let rec f4'0 (x2:borrowed (int32, borrowed int32)) (return' (ret:borrowed int32))= (! bb0 + let rec f4'0 (x2:borrowed (Int32.t, borrowed Int32.t)) (return' (ret:borrowed Int32.t))= (! bb0 [ bb0 = s0 - [ s0 = Borrow.borrow_mut {(let (_, r'0) = x2.current in r'0).current} - (fun (_ret':borrowed int32) -> + [ s0 = Borrow.borrow_mut {(let (_, r'0) = x2.current in r'0).current} + (fun (_ret':borrowed Int32.t) -> [ &_6 <- _ret' ] [ &x2 <- { x2 with current = (let (r'1, _) = x2.current in (r'1, { (let (_, r'0) = x2.current in r'0) with current = _ret'.final })) } ] s1) - | s1 = Borrow.borrow_final {_6.current} {Borrow.get_id _6} - (fun (_ret':borrowed int32) -> [ &_2 <- _ret' ] [ &_6 <- { _6 with current = _ret'.final } ] s2) - | s2 = Borrow.borrow_final {_2.current} {Borrow.get_id _2} - (fun (_ret':borrowed int32) -> [ &_0 <- _ret' ] [ &_2 <- { _2 with current = _ret'.final } ] s3) + | s1 = Borrow.borrow_final {_6.current} {Borrow.get_id _6} + (fun (_ret':borrowed Int32.t) -> [ &_2 <- _ret' ] [ &_6 <- { _6 with current = _ret'.final } ] s2) + | s2 = Borrow.borrow_final {_2.current} {Borrow.get_id _2} + (fun (_ret':borrowed Int32.t) -> [ &_0 <- _ret' ] [ &_2 <- { _2 with current = _ret'.final } ] s3) | s3 = -{resolve'0 _6}- s4 | s4 = -{resolve'0 _2}- s5 | s5 = -{resolve'1 x2}- s6 | s6 = return' {_0} ] ] ) - [ & _0 : borrowed int32 = any_l () - | & x2 : borrowed (int32, borrowed int32) = x2 - | & _2 : borrowed int32 = any_l () - | & _6 : borrowed int32 = any_l () ] + [ & _0 : borrowed Int32.t = any_l () + | & x2 : borrowed (Int32.t, borrowed Int32.t) = x2 + | & _2 : borrowed Int32.t = any_l () + | & _6 : borrowed Int32.t = any_l () ] - [ return' (result:borrowed int32)-> {[@expl:f4 ensures #0] [%#s9220] result.current + [ return' (result:borrowed Int32.t)-> {[@expl:f4 ensures #0] [%#s9220] result.current = (let (_, a) = x2.current in a).current} {[@expl:f4 ensures #1] [%#s9221] result.final = (let (_, a) = x2.final in a).current} {[@expl:f4 ensures #2] [%#s9222] (let (_, a) = x2.current in a).final = (let (_, a) = x2.final in a).final} diff --git a/creusot/tests/should_succeed/bug/922/why3session.xml b/creusot/tests/should_succeed/bug/922/why3session.xml index 8458e1db03..01b4d77aff 100644 --- a/creusot/tests/should_succeed/bug/922/why3session.xml +++ b/creusot/tests/should_succeed/bug/922/why3session.xml @@ -9,27 +9,27 @@ - + - + - + - + - + diff --git a/creusot/tests/should_succeed/bug/922/why3shapes.gz b/creusot/tests/should_succeed/bug/922/why3shapes.gz index b140e29b3c622991167022674dac20a3e0f4342a..213b75be307f91c9f1acb2711615621f265452e6 100644 GIT binary patch literal 293 zcmV+=0owi_iwFP!00000|GkmTPQx$|gztHZ+zLH;ZRZcE2NVf`#1Z*gIrbVN(j;=y zM!Y>vnvxXK!UtcgX_HX>6Q{{(zspi1B@7XEv`xsCVo}%XeFBLf}

|e zqfVA(S;WhA`?2T^bxL}Wl*|CSqwm{cpG^+g7dAZF8R>m7rTBNDJ@DW$Pr4T}J)y*5 zm~=vt=adl60S(*TPey`n2e%!Z)0h(Cna8gEi|WGOX5<{i%I6Z4i*q$qUKcTYZ;(-e rG+N*sBBc`snE+^8B$J|W0A5PtyjCnB&jrrqf0sT1Z5b-VCj$Tg=k|-6 diff --git a/creusot/tests/should_succeed/bug/949.coma b/creusot/tests/should_succeed/bug/949.coma index e35fc344fe..ab374b3bd4 100644 --- a/creusot/tests/should_succeed/bug/949.coma +++ b/creusot/tests/should_succeed/bug/949.coma @@ -56,7 +56,7 @@ module M_949__main [#"949.rs" 4 0 4 13] type t_Option'0 = | C_None'0 - | C_Some'0 int32 + | C_Some'0 Int32.t use map.Map @@ -99,27 +99,27 @@ module M_949__main [#"949.rs" 4 0 4 13] axiom inv_axiom'1 [@rewrite] : forall x : borrowed (t_GhostPtrToken'0) [inv'1 x] . inv'1 x = true - predicate inv'2 (_1 : int32) + predicate inv'2 (_1 : Int32.t) - axiom inv_axiom'2 [@rewrite] : forall x : int32 [inv'2 x] . inv'2 x = true + axiom inv_axiom'2 [@rewrite] : forall x : Int32.t [inv'2 x] . inv'2 x = true function contains'0 [@inline:trivial] (self : t_FMap'0) (k : opaque_ptr) : bool = [%#sfmap17] get_unsized'0 self k <> C_None'0 - function make_sized'0 (self : int32) : int32 + function make_sized'0 (self : Int32.t) : Int32.t - axiom make_sized'0_spec : forall self : int32 . [%#sutil29] make_sized'0 self = self + axiom make_sized'0_spec : forall self : Int32.t . [%#sutil29] make_sized'0 self = self use map.Map - function insert'0 (self : t_FMap'0) (k : opaque_ptr) (v : int32) : t_FMap'0 + function insert'0 (self : t_FMap'0) (k : opaque_ptr) (v : Int32.t) : t_FMap'0 - axiom insert'0_spec : forall self : t_FMap'0, k : opaque_ptr, v : int32 . ([%#sfmap18] view'1 (insert'0 self k v) + axiom insert'0_spec : forall self : t_FMap'0, k : opaque_ptr, v : Int32.t . ([%#sfmap18] view'1 (insert'0 self k v) = Map.set (view'1 self) k (C_Some'0 (make_sized'0 v))) && ([%#sfmap19] contains'0 self k -> len'0 (insert'0 self k v) = len'0 self) && ([%#sfmap20] not contains'0 self k -> len'0 (insert'0 self k v) = len'0 self + 1) - let rec ptr_from_box'0 (self:borrowed (t_GhostPtrToken'0)) (val':int32) (return' (ret:opaque_ptr))= {[@expl:ptr_from_box 'self' type invariant] [%#sghost_ptr5] inv'1 self} + let rec ptr_from_box'0 (self:borrowed (t_GhostPtrToken'0)) (val':Int32.t) (return' (ret:opaque_ptr))= {[@expl:ptr_from_box 'self' type invariant] [%#sghost_ptr5] inv'1 self} {[@expl:ptr_from_box 'val' type invariant] [%#sghost_ptr6] inv'2 val'} any [ return' (result:opaque_ptr)-> {[%#sghost_ptr7] not contains'0 (view'0 self.current) result} @@ -127,12 +127,12 @@ module M_949__main [#"949.rs" 4 0 4 13] (! return' {result}) ] - function unwrap'0 (op : t_Option'0) : int32 + function unwrap'0 (op : t_Option'0) : Int32.t axiom unwrap'0_spec : forall op : t_Option'0 . ([%#sutil30] op <> C_None'0) -> ([%#sutil31] C_Some'0 (unwrap'0 op) = op) - function lookup_unsized'0 [@inline:trivial] (self : t_FMap'0) (k : opaque_ptr) : int32 = + function lookup_unsized'0 [@inline:trivial] (self : t_FMap'0) (k : opaque_ptr) : Int32.t = [%#sfmap21] unwrap'0 (get_unsized'0 self k) function remove'0 (self : t_FMap'0) (k : opaque_ptr) : t_FMap'0 @@ -141,10 +141,10 @@ module M_949__main [#"949.rs" 4 0 4 13] = Map.set (view'1 self) k (C_None'0)) && ([%#sfmap23] len'0 (remove'0 self k) = (if contains'0 self k then len'0 self - 1 else len'0 self)) - let rec ptr_to_box'0 (self:borrowed (t_GhostPtrToken'0)) (ptr:opaque_ptr) (return' (ret:int32))= {[@expl:ptr_to_box 'self' type invariant] [%#sghost_ptr9] inv'1 self} + let rec ptr_to_box'0 (self:borrowed (t_GhostPtrToken'0)) (ptr:opaque_ptr) (return' (ret:Int32.t))= {[@expl:ptr_to_box 'self' type invariant] [%#sghost_ptr9] inv'1 self} {[@expl:ptr_to_box requires] [%#sghost_ptr10] contains'0 (view'0 self.current) ptr} any - [ return' (result:int32)-> {[%#sghost_ptr11] inv'2 result} + [ return' (result:Int32.t)-> {[%#sghost_ptr11] inv'2 result} {[%#sghost_ptr12] result = lookup_unsized'0 (view'0 self.current) ptr} {[%#sghost_ptr13] view'0 self.final = remove'0 (view'0 self.current) ptr} (! return' {result}) ] @@ -156,7 +156,7 @@ module M_949__main [#"949.rs" 4 0 4 13] let rec main'0 (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = new'0 {[%#s9490] ()} (fun (_ret':t_GhostPtrToken'0) -> [ &tok <- _ret' ] s1) | s1 = bb1 ] - | bb1 = s0 [ s0 = [ &b <- [%#s9491] (1 : int32) ] s1 | s1 = bb2 ] + | bb1 = s0 [ s0 = [ &b <- [%#s9491] (1 : Int32.t) ] s1 | s1 = bb2 ] | bb2 = s0 [ s0 = Borrow.borrow_mut {tok} (fun (_ret':borrowed (t_GhostPtrToken'0)) -> [ &_4 <- _ret' ] [ &tok <- _ret'.final ] s1) @@ -166,19 +166,19 @@ module M_949__main [#"949.rs" 4 0 4 13] | bb3 = s0 [ s0 = Borrow.borrow_mut {tok} (fun (_ret':borrowed (t_GhostPtrToken'0)) -> [ &_7 <- _ret' ] [ &tok <- _ret'.final ] s1) - | s1 = ptr_to_box'0 {_7} {p} (fun (_ret':int32) -> [ &r <- _ret' ] s2) + | s1 = ptr_to_box'0 {_7} {p} (fun (_ret':Int32.t) -> [ &r <- _ret' ] s2) | s2 = bb4 ] - | bb4 = s0 [ s0 = Int32.add {r} {[%#s9492] (5 : int32)} (fun (_ret':int32) -> [ &r <- _ret' ] s1) | s1 = bb5 ] + | bb4 = s0 [ s0 = Int32.add {r} {[%#s9492] (5 : Int32.t)} (fun (_ret':Int32.t) -> [ &r <- _ret' ] s1) | s1 = bb5 ] | bb5 = bb6 | bb6 = return' {_0} ] ) [ & _0 : () = any_l () | & tok : t_GhostPtrToken'0 = any_l () - | & b : int32 = any_l () + | & b : Int32.t = any_l () | & p : opaque_ptr = any_l () | & _4 : borrowed (t_GhostPtrToken'0) = any_l () - | & r : int32 = any_l () + | & r : Int32.t = any_l () | & _7 : borrowed (t_GhostPtrToken'0) = any_l () ] [ return' (result:())-> (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/bug/949/why3session.xml b/creusot/tests/should_succeed/bug/949/why3session.xml index 5930be4fbe..634aac299d 100644 --- a/creusot/tests/should_succeed/bug/949/why3session.xml +++ b/creusot/tests/should_succeed/bug/949/why3session.xml @@ -7,7 +7,7 @@ - + diff --git a/creusot/tests/should_succeed/bug/949/why3shapes.gz b/creusot/tests/should_succeed/bug/949/why3shapes.gz index 3a1327cc5d4cef3148a300a21b325b22398e8d57..fae10e022b5743cdc39f6e20f424f45fa0ad703f 100644 GIT binary patch literal 548 zcmV+<0^9u`iwFP!00000|CLnRj?*v@eeYNFt*{6w(P5SO&|xw~OvO=GAfK2q&_G z1#ShysxOM9P%n8(7{s_m%(7-e*lc>ij&>LHi+JipB!cCEBF9{wRv=vA8tg@ONnf@3 zFPYh(BfMEYKJ|4W9ehY0RV7!t*2gUtvLdEGmL962EbHzk!2zbKYP%^#`!flz44pVO z14J0vfyJ0uM|NPm<3T2)O|cOhqdJt#t5!ChUMGDZfZ@B*9XKh(k3=Llo#t5*J~h4E z-Kb#m<6Ft&qOY@C+1Wl184t-l2Bc z8UQSmI`sARS%Xl(W}>D37rdwaqdArPcM_3OAG?!EYITy0X>CGo`ZgiwJG|dgPyQDE zU!B-?j;`bDCd|0;aAt28+|9OTt~KnCxeT~hO+&V`Re8`+MzRo{nSgLQdlM8;k*h;L ziyDb&&|oS2Q7kZS)-$od-rey%h{yK}f@onPiFxoA3nslVgXa|eYy;1syI${IZ|{5H mpyL5^mf&(=9DswvH+;=Q9&n#~+~tIFXYm^)I}ols1polGF9zcP literal 486 zcmV- z{QMDl9QvN!s?MMDz<4WunxhKYd<@`jimBM^OG77Hh!7%c93i?scJH@QM{`ydxI~C6 z?{-Pwr%=L;bBnxnKJPQL?Gjhgl`eLs*JVpD)S05v9o5Dh`qTaPzzQK9K{C$097F!) ze1^@3i+&HH_sph<2uF%te*q@nEZ*A&2bB1gxeDn^FlvdbcUFs*}hD4KCro zVu^FJo{1%X;m1dmkB=UbEO3>={Uw4xvLudoDoPZWaxd4g2U_kVD`{7jk=!pJ62Jw3 c047qg7Auj6SS&>(xB$U|f91t;?QsME0O5r3PXGV_ diff --git a/creusot/tests/should_succeed/bug/991.coma b/creusot/tests/should_succeed/bug/991.coma index ecf1219ca4..37ccd8c808 100644 --- a/creusot/tests/should_succeed/bug/991.coma +++ b/creusot/tests/should_succeed/bug/991.coma @@ -16,16 +16,18 @@ module M_991__qyi6256438357931963096__love_and_hope [#"991.rs" 22 4 22 27] (* Fo type t_Unique'0 = { t_Unique__pointer'0: t_NonNull'0; t_Unique__qy95zmarker'0: () } - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 type t_Cap'0 = - { t_Cap__0'0: usize } + { t_Cap__0'0: UInt64.t } type t_RawVec'0 = { t_RawVec__ptr'0: t_Unique'0; t_RawVec__cap'0: t_Cap'0; t_RawVec__alloc'0: () } type t_Vec'0 = - { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: usize } + { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: UInt64.t } type t_Formula'0 = { t_Formula__vec'0: t_Vec'0; t_Formula__b'0: bool } @@ -34,20 +36,18 @@ module M_991__qyi6256438357931963096__love_and_hope [#"991.rs" 22 4 22 27] (* Fo use seq.Seq - constant v_MAX'0 : usize = (18446744073709551615 : usize) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.UIntSize - - use prelude.prelude.Int + use prelude.prelude.UInt64 - function view'2 (self : t_Vec'0) : Seq.seq usize + function view'2 (self : t_Vec'0) : Seq.seq UInt64.t - axiom view'2_spec : forall self : t_Vec'0 . [%#svec3] Seq.length (view'2 self) <= UIntSize.to_int (v_MAX'0 : usize) + axiom view'2_spec : forall self : t_Vec'0 . [%#svec3] Seq.length (view'2 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) - function view'1 [#"991.rs" 15 4 15 33] (self : t_Formula'0) : (Seq.seq usize, bool) = + function view'1 [#"991.rs" 15 4 15 33] (self : t_Formula'0) : (Seq.seq UInt64.t, bool) = [%#s9912] (view'2 self.t_Formula__vec'0, self.t_Formula__b'0) - function view'0 (self : t_Formula'0) : (Seq.seq usize, bool) = + function view'0 (self : t_Formula'0) : (Seq.seq UInt64.t, bool) = [%#smodel1] view'1 self meta "compute_max_steps" 1000000 diff --git a/creusot/tests/should_succeed/bug/box_borrow_resolve.coma b/creusot/tests/should_succeed/bug/box_borrow_resolve.coma index eb81bfa1e9..9326be1042 100644 --- a/creusot/tests/should_succeed/bug/box_borrow_resolve.coma +++ b/creusot/tests/should_succeed/bug/box_borrow_resolve.coma @@ -5,32 +5,34 @@ module M_box_borrow_resolve__borrow_in_box [#"box_borrow_resolve.rs" 6 0 6 50] use prelude.prelude.Borrow + use prelude.prelude.Int + use prelude.prelude.Int32 - predicate resolve'2 (self : borrowed int32) = + predicate resolve'2 (self : borrowed Int32.t) = [%#sresolve1] self.final = self.current - predicate resolve'0 (_1 : borrowed int32) = + predicate resolve'0 (_1 : borrowed Int32.t) = resolve'2 _1 - predicate resolve'3 (self : borrowed int32) = + predicate resolve'3 (self : borrowed Int32.t) = [%#sresolve2] resolve'0 self - predicate resolve'1 (_1 : borrowed int32) = + predicate resolve'1 (_1 : borrowed Int32.t) = resolve'3 _1 use prelude.prelude.Intrinsic meta "compute_max_steps" 1000000 - let rec borrow_in_box'0 (x:borrowed int32) (return' (ret:borrowed int32))= (! bb0 + let rec borrow_in_box'0 (x:borrowed Int32.t) (return' (ret:borrowed Int32.t))= (! bb0 [ bb0 = s0 - [ s0 = Borrow.borrow_final {x.current} {Borrow.get_id x} - (fun (_ret':borrowed int32) -> [ &_4 <- _ret' ] [ &x <- { x with current = _ret'.final } ] s1) - | s1 = Borrow.borrow_final {_4.current} {Borrow.get_id _4} - (fun (_ret':borrowed int32) -> [ &_2 <- _ret' ] [ &_4 <- { _4 with current = _ret'.final } ] s2) - | s2 = Borrow.borrow_final {_2.current} {Borrow.get_id _2} - (fun (_ret':borrowed int32) -> [ &_0 <- _ret' ] [ &_2 <- { _2 with current = _ret'.final } ] s3) + [ s0 = Borrow.borrow_final {x.current} {Borrow.get_id x} + (fun (_ret':borrowed Int32.t) -> [ &_4 <- _ret' ] [ &x <- { x with current = _ret'.final } ] s1) + | s1 = Borrow.borrow_final {_4.current} {Borrow.get_id _4} + (fun (_ret':borrowed Int32.t) -> [ &_2 <- _ret' ] [ &_4 <- { _4 with current = _ret'.final } ] s2) + | s2 = Borrow.borrow_final {_2.current} {Borrow.get_id _2} + (fun (_ret':borrowed Int32.t) -> [ &_0 <- _ret' ] [ &_2 <- { _2 with current = _ret'.final } ] s3) | s3 = -{resolve'0 _4}- s4 | s4 = -{resolve'0 _2}- s5 | s5 = -{resolve'1 x}- s6 @@ -38,12 +40,12 @@ module M_box_borrow_resolve__borrow_in_box [#"box_borrow_resolve.rs" 6 0 6 50] | bb1 = return' {_0} ] ) - [ & _0 : borrowed int32 = any_l () - | & x : borrowed int32 = x - | & _2 : borrowed int32 = any_l () - | & _4 : borrowed int32 = any_l () ] + [ & _0 : borrowed Int32.t = any_l () + | & x : borrowed Int32.t = x + | & _2 : borrowed Int32.t = any_l () + | & _4 : borrowed Int32.t = any_l () ] - [ return' (result:borrowed int32)-> {[@expl:borrow_in_box ensures] [%#sbox_borrow_resolve0] result = x} + [ return' (result:borrowed Int32.t)-> {[@expl:borrow_in_box ensures] [%#sbox_borrow_resolve0] result = x} (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/bug/box_borrow_resolve/why3session.xml b/creusot/tests/should_succeed/bug/box_borrow_resolve/why3session.xml index e928d0206a..4c2d14643f 100644 --- a/creusot/tests/should_succeed/bug/box_borrow_resolve/why3session.xml +++ b/creusot/tests/should_succeed/bug/box_borrow_resolve/why3session.xml @@ -6,8 +6,8 @@ - - + + diff --git a/creusot/tests/should_succeed/bug/box_borrow_resolve/why3shapes.gz b/creusot/tests/should_succeed/bug/box_borrow_resolve/why3shapes.gz index 29921c08a32bc3daf615621f081e9897bd05d88a..ebf068a3d7cc65a7a8a5da049ae44f69b7611e65 100644 GIT binary patch literal 173 zcmV;e08;-SiwFP!00000|BcYW3W7io2H^WX#ojDWGpnWqU87#WtBmeglDe{MMsMF1 zL3S{j)4>1n56mi*?o0zaIk9z(>9=wt!?mCtmBw0gV;yuCs;<^@Kjx4}bmFmS^g^tD z$M}x@3P-Z+OgnLabL~yt^wj1+Pxn#qrK0~&Emf$Q+4~XP4dcCd{X+r}6+oOxJb-urDs-GwKLG#$As13; literal 173 zcmV;e08;-SiwFP!00000|BcYG4uUWc#__#R(M@H#D?+G=YojmFl^k#=5h!U9 {[@expl:set_7 ensures] [%#sfinal_borrows1] Int32.to_int r.final = 7} (! return' {result}) ] end @@ -795,21 +793,19 @@ module M_final_borrows__not_final_borrow_works [#"final_borrows.rs" 61 0 61 38] let%span sfinal_borrows3 = "final_borrows.rs" 55 10 55 20 let%span sresolve4 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 - use prelude.prelude.Int128.to_int - - use prelude.prelude.Int128 + use prelude.prelude.Int - use prelude.prelude.Int32.to_int + use prelude.prelude.Int32 use prelude.prelude.Borrow use prelude.prelude.Int32 - let rec set_7'0 (r:borrowed int32) (return' (ret:()))= any + let rec set_7'0 (r:borrowed Int32.t) (return' (ret:()))= any [ return' (result:())-> {[%#sfinal_borrows3] Int32.to_int r.final = 7} (! return' {result}) ] - predicate resolve'1 (self : borrowed int32) = + predicate resolve'1 (self : borrowed Int32.t) = [%#sresolve4] self.final = self.current predicate resolve'0 (_1 : borrowed Int32.t) = @@ -819,21 +815,22 @@ module M_final_borrows__not_final_borrow_works [#"final_borrows.rs" 61 0 61 38] meta "compute_max_steps" 1000000 - let rec not_final_borrow_works'0 (_1:()) (return' (ret:int32))= (! bb0 + let rec not_final_borrow_works'0 (_1:()) (return' (ret:Int32.t))= (! bb0 [ bb0 = s0 - [ s0 = [ &x <- [%#sfinal_borrows0] (1 : int32) ] s1 - | s1 = Borrow.borrow_mut {x} (fun (_ret':borrowed int32) -> [ &r <- _ret' ] [ &x <- _ret'.final ] s2) - | s2 = Borrow.borrow_mut {r.current} - (fun (_ret':borrowed int32) -> [ &r1 <- _ret' ] [ &r <- { r with current = _ret'.final } ] s3) - | s3 = Borrow.borrow_final {r1.current} {Borrow.get_id r1} - (fun (_ret':borrowed int32) -> [ &_7 <- _ret' ] [ &r1 <- { r1 with current = _ret'.final } ] s4) + [ s0 = [ &x <- [%#sfinal_borrows0] (1 : Int32.t) ] s1 + | s1 = Borrow.borrow_mut {x} + (fun (_ret':borrowed Int32.t) -> [ &r <- _ret' ] [ &x <- _ret'.final ] s2) + | s2 = Borrow.borrow_mut {r.current} + (fun (_ret':borrowed Int32.t) -> [ &r1 <- _ret' ] [ &r <- { r with current = _ret'.final } ] s3) + | s3 = Borrow.borrow_final {r1.current} {Borrow.get_id r1} + (fun (_ret':borrowed Int32.t) -> [ &_7 <- _ret' ] [ &r1 <- { r1 with current = _ret'.final } ] s4) | s4 = set_7'0 {_7} (fun (_ret':()) -> [ &_6 <- _ret' ] s5) | s5 = bb1 ] | bb1 = s0 [ s0 = -{resolve'0 r1}- s1 | s1 = [ &y <- r.current ] s2 - | s2 = [ &r <- { r with current = ([%#sfinal_borrows1] (2 : int32)) } ] s3 + | s2 = [ &r <- { r with current = ([%#sfinal_borrows1] (2 : Int32.t)) } ] s3 | s3 = -{resolve'0 r}- s4 | s4 = Int32.add {x} {y} (fun (_ret':Int32.t) -> [ &_0 <- _ret' ] s5) | s5 = return' {_0} ] @@ -847,7 +844,7 @@ module M_final_borrows__not_final_borrow_works [#"final_borrows.rs" 61 0 61 38] | & _7 : borrowed Int32.t = any_l () | & y : Int32.t = any_l () ] - [ return' (result:int32)-> {[@expl:not_final_borrow_works ensures] [%#sfinal_borrows2] Int32.to_int result = 9} + [ return' (result:Int32.t)-> {[@expl:not_final_borrow_works ensures] [%#sfinal_borrows2] Int32.to_int result = 9} (! return' {result}) ] end @@ -856,11 +853,9 @@ module M_final_borrows__branching [#"final_borrows.rs" 72 0 72 32] let%span sfinal_borrows1 = "final_borrows.rs" 71 10 71 22 let%span sresolve2 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 - use prelude.prelude.Int128.to_int - - use prelude.prelude.Int128 + use prelude.prelude.Int - use prelude.prelude.Int32.to_int + use prelude.prelude.Int32 use prelude.prelude.Borrow @@ -876,21 +871,23 @@ module M_final_borrows__branching [#"final_borrows.rs" 72 0 72 32] meta "compute_max_steps" 1000000 - let rec branching'0 (b:bool) (return' (ret:int32))= (! bb0 + let rec branching'0 (b:bool) (return' (ret:Int32.t))= (! bb0 [ bb0 = s0 - [ s0 = [ &x <- [%#sfinal_borrows0] (3 : int32) ] s1 - | s1 = Borrow.borrow_mut {x} (fun (_ret':borrowed int32) -> [ &r1 <- _ret' ] [ &x <- _ret'.final ] s2) - | s2 = Borrow.borrow_mut {r1.current} - (fun (_ret':borrowed int32) -> [ &r2 <- _ret' ] [ &r1 <- { r1 with current = _ret'.final } ] s3) + [ s0 = [ &x <- [%#sfinal_borrows0] (3 : Int32.t) ] s1 + | s1 = Borrow.borrow_mut {x} + (fun (_ret':borrowed Int32.t) -> [ &r1 <- _ret' ] [ &x <- _ret'.final ] s2) + | s2 = Borrow.borrow_mut {r1.current} + (fun (_ret':borrowed Int32.t) -> [ &r2 <- _ret' ] [ &r1 <- { r1 with current = _ret'.final } ] s3) | s3 = -{resolve'0 r2}- s4 | s4 = [ &y <- r2.current ] s5 | s5 = any [ br0 -> {b = false} (! bb2) | br1 -> {b} (! bb1) ] ] | bb1 = s0 [ s0 = -{resolve'0 r1}- s1 - | s1 = Borrow.borrow_mut {y} (fun (_ret':borrowed int32) -> [ &_11 <- _ret' ] [ &y <- _ret'.final ] s2) - | s2 = Borrow.borrow_final {_11.current} {Borrow.get_id _11} - (fun (_ret':borrowed int32) -> [ &_10 <- _ret' ] [ &_11 <- { _11 with current = _ret'.final } ] s3) + | s1 = Borrow.borrow_mut {y} + (fun (_ret':borrowed Int32.t) -> [ &_11 <- _ret' ] [ &y <- _ret'.final ] s2) + | s2 = Borrow.borrow_final {_11.current} {Borrow.get_id _11} + (fun (_ret':borrowed Int32.t) -> [ &_10 <- _ret' ] [ &_11 <- { _11 with current = _ret'.final } ] s3) | s3 = [ &r1 <- _10 ] s4 | s4 = -{resolve'0 _11}- s5 | s5 = -{resolve'0 r1}- s6 @@ -898,8 +895,8 @@ module M_final_borrows__branching [#"final_borrows.rs" 72 0 72 32] | s7 = bb3 ] | bb2 = s0 - [ s0 = Borrow.borrow_final {r1.current} {Borrow.get_id r1} - (fun (_ret':borrowed int32) -> [ &r21 <- _ret' ] [ &r1 <- { r1 with current = _ret'.final } ] s1) + [ s0 = Borrow.borrow_final {r1.current} {Borrow.get_id r1} + (fun (_ret':borrowed Int32.t) -> [ &r21 <- _ret' ] [ &r1 <- { r1 with current = _ret'.final } ] s1) | s1 = -{resolve'0 r21}- s2 | s2 = -{resolve'0 r1}- s3 | s3 = [ &y <- r21.current ] s4 @@ -917,7 +914,7 @@ module M_final_borrows__branching [#"final_borrows.rs" 72 0 72 32] | & _11 : borrowed Int32.t = any_l () | & r21 : borrowed Int32.t = any_l () ] - [ return' (result:int32)-> {[@expl:branching ensures] [%#sfinal_borrows1] Int32.to_int result = 3} + [ return' (result:Int32.t)-> {[@expl:branching ensures] [%#sfinal_borrows1] Int32.to_int result = 3} (! return' {result}) ] end @@ -1331,6 +1328,8 @@ module M_final_borrows__box_reborrow_in_struct [#"final_borrows.rs" 130 0 130 66 use prelude.prelude.Borrow + use prelude.prelude.Int + use prelude.prelude.Int32 predicate resolve'2 (self : borrowed Int32.t) = @@ -1339,10 +1338,10 @@ module M_final_borrows__box_reborrow_in_struct [#"final_borrows.rs" 130 0 130 66 predicate resolve'0 (_1 : borrowed Int32.t) = resolve'2 _1 - predicate resolve'3 (self : borrowed (int32, borrowed int32)) = + predicate resolve'3 (self : borrowed (Int32.t, borrowed Int32.t)) = [%#sresolve2] self.final = self.current - predicate resolve'1 (_1 : borrowed (int32, borrowed int32)) = + predicate resolve'1 (_1 : borrowed (Int32.t, borrowed Int32.t)) = resolve'3 _1 use prelude.prelude.Intrinsic @@ -1351,7 +1350,7 @@ module M_final_borrows__box_reborrow_in_struct [#"final_borrows.rs" 130 0 130 66 meta "compute_max_steps" 1000000 - let rec box_reborrow_in_struct'0 (x:borrowed (int32, borrowed int32)) (return' (ret:int32))= {[@expl:box_reborrow_in_struct requires] [%#sfinal_borrows0] Int32.to_int (let (_, a) = x.current in a).current + let rec box_reborrow_in_struct'0 (x:borrowed (Int32.t, borrowed Int32.t)) (return' (ret:Int32.t))= {[@expl:box_reborrow_in_struct requires] [%#sfinal_borrows0] Int32.to_int (let (_, a) = x.current in a).current = 3} (! bb0 [ bb0 = s0 @@ -1362,8 +1361,8 @@ module M_final_borrows__box_reborrow_in_struct [#"final_borrows.rs" 130 0 130 66 [ &x <- { x with current = (let (r'1, _) = x.current in (r'1, { (let (_, r'0) = x.current in r'0) with current = _ret'.final })) } ] s1) - | s1 = Borrow.borrow_final {_5.current} {Borrow.get_id _5} - (fun (_ret':borrowed int32) -> [ &borrow <- _ret' ] [ &_5 <- { _5 with current = _ret'.final } ] s2) + | s1 = Borrow.borrow_final {_5.current} {Borrow.get_id _5} + (fun (_ret':borrowed Int32.t) -> [ &borrow <- _ret' ] [ &_5 <- { _5 with current = _ret'.final } ] s2) | s2 = -{resolve'0 _5}- s3 | s3 = -{resolve'0 borrow}- s4 | s4 = [ &_0 <- borrow.current ] s5 @@ -1376,7 +1375,7 @@ module M_final_borrows__box_reborrow_in_struct [#"final_borrows.rs" 130 0 130 66 | & borrow : borrowed Int32.t = any_l () | & _5 : borrowed Int32.t = any_l () ] - [ return' (result:int32)-> {[@expl:box_reborrow_in_struct ensures] [%#sfinal_borrows1] Int32.to_int result = 3} + [ return' (result:Int32.t)-> {[@expl:box_reborrow_in_struct ensures] [%#sfinal_borrows1] Int32.to_int result = 3} (! return' {result}) ] end @@ -1478,9 +1477,11 @@ module M_final_borrows__borrow_in_box_tuple_1 [#"final_borrows.rs" 142 0 142 60] use prelude.prelude.Borrow + use prelude.prelude.Int + use prelude.prelude.Int32 - predicate resolve'2 (self : borrowed int32) = + predicate resolve'2 (self : borrowed Int32.t) = [%#sresolve2] self.final = self.current predicate resolve'0 (_1 : borrowed Int32.t) = @@ -1507,7 +1508,7 @@ module M_final_borrows__borrow_in_box_tuple_1 [#"final_borrows.rs" 142 0 142 60] meta "compute_max_steps" 1000000 - let rec borrow_in_box_tuple_1'0 (x:(int32, borrowed int32)) (return' (ret:int32))= {[@expl:borrow_in_box_tuple_1 requires] [%#sfinal_borrows0] Int32.to_int (let (_, a) = x in a).current + let rec borrow_in_box_tuple_1'0 (x:(Int32.t, borrowed Int32.t)) (return' (ret:Int32.t))= {[@expl:borrow_in_box_tuple_1 requires] [%#sfinal_borrows0] Int32.to_int (let (_, a) = x in a).current = 2} (! bb0 [ bb0 = bb1 @@ -1517,8 +1518,8 @@ module M_final_borrows__borrow_in_box_tuple_1 [#"final_borrows.rs" 142 0 142 60] [ &_5 <- _ret' ] [ &x <- let (r'1, _) = x in (r'1, { (let (_, r'0) = x in r'0) with current = _ret'.final }) ] s1) - | s1 = Borrow.borrow_final {_5.current} {Borrow.get_id _5} - (fun (_ret':borrowed int32) -> [ &borrow <- _ret' ] [ &_5 <- { _5 with current = _ret'.final } ] s2) + | s1 = Borrow.borrow_final {_5.current} {Borrow.get_id _5} + (fun (_ret':borrowed Int32.t) -> [ &borrow <- _ret' ] [ &_5 <- { _5 with current = _ret'.final } ] s2) | s2 = -{resolve'0 _5}- s3 | s3 = -{resolve'0 borrow}- s4 | s4 = [ &_0 <- borrow.current ] s5 @@ -1532,7 +1533,7 @@ module M_final_borrows__borrow_in_box_tuple_1 [#"final_borrows.rs" 142 0 142 60] | & borrow : borrowed Int32.t = any_l () | & _5 : borrowed Int32.t = any_l () ] - [ return' (result:int32)-> {[@expl:borrow_in_box_tuple_1 ensures] [%#sfinal_borrows1] Int32.to_int result = 2} + [ return' (result:Int32.t)-> {[@expl:borrow_in_box_tuple_1 ensures] [%#sfinal_borrows1] Int32.to_int result = 2} (! return' {result}) ] end @@ -1545,24 +1546,26 @@ module M_final_borrows__borrow_in_box_tuple_2 [#"final_borrows.rs" 149 0 149 60] use prelude.prelude.Borrow + use prelude.prelude.Int + use prelude.prelude.Int32 - predicate resolve'2 (self : borrowed int32) = + predicate resolve'2 (self : borrowed Int32.t) = [%#sresolve2] self.final = self.current predicate resolve'0 (_1 : borrowed Int32.t) = resolve'2 _1 - predicate resolve'4 (_1 : int32) = + predicate resolve'4 (_1 : Int32.t) = true - predicate resolve'6 (self : borrowed int32) = + predicate resolve'6 (self : borrowed Int32.t) = [%#sresolve4] resolve'0 self predicate resolve'5 (_1 : borrowed Int32.t) = resolve'6 _1 - predicate resolve'3 (self : (int32, borrowed int32)) = + predicate resolve'3 (self : (Int32.t, borrowed Int32.t)) = [%#sresolve3] resolve'4 (let (a, _) = self in a) /\ resolve'5 (let (_, a) = self in a) predicate resolve'1 (_1 : (Int32.t, borrowed Int32.t)) = @@ -1574,7 +1577,7 @@ module M_final_borrows__borrow_in_box_tuple_2 [#"final_borrows.rs" 149 0 149 60] meta "compute_max_steps" 1000000 - let rec borrow_in_box_tuple_2'0 (x:(int32, borrowed int32)) (return' (ret:int32))= {[@expl:borrow_in_box_tuple_2 requires] [%#sfinal_borrows0] Int32.to_int (let (_, a) = x in a).current + let rec borrow_in_box_tuple_2'0 (x:(Int32.t, borrowed Int32.t)) (return' (ret:Int32.t))= {[@expl:borrow_in_box_tuple_2 requires] [%#sfinal_borrows0] Int32.to_int (let (_, a) = x in a).current = 2} (! bb0 [ bb0 = bb1 @@ -1584,8 +1587,8 @@ module M_final_borrows__borrow_in_box_tuple_2 [#"final_borrows.rs" 149 0 149 60] [ &_5 <- _ret' ] [ &x <- let (r'1, _) = x in (r'1, { (let (_, r'0) = x in r'0) with current = _ret'.final }) ] s1) - | s1 = Borrow.borrow_final {_5.current} {Borrow.get_id _5} - (fun (_ret':borrowed int32) -> [ &borrow <- _ret' ] [ &_5 <- { _5 with current = _ret'.final } ] s2) + | s1 = Borrow.borrow_final {_5.current} {Borrow.get_id _5} + (fun (_ret':borrowed Int32.t) -> [ &borrow <- _ret' ] [ &_5 <- { _5 with current = _ret'.final } ] s2) | s2 = -{resolve'0 _5}- s3 | s3 = -{resolve'0 borrow}- s4 | s4 = [ &_0 <- borrow.current ] s5 @@ -1599,7 +1602,7 @@ module M_final_borrows__borrow_in_box_tuple_2 [#"final_borrows.rs" 149 0 149 60] | & borrow : borrowed Int32.t = any_l () | & _5 : borrowed Int32.t = any_l () ] - [ return' (result:int32)-> {[@expl:borrow_in_box_tuple_2 ensures] [%#sfinal_borrows1] Int32.to_int result = 2} + [ return' (result:Int32.t)-> {[@expl:borrow_in_box_tuple_2 ensures] [%#sfinal_borrows1] Int32.to_int result = 2} (! return' {result}) ] end @@ -1890,11 +1893,13 @@ module M_final_borrows__shallow_borrow_no_gen [#"final_borrows.rs" 191 0 191 49] let%span sfinal_borrows1 = "final_borrows.rs" 196 26 196 33 let%span sresolve2 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 + use prelude.prelude.Int + use prelude.prelude.Int32 type t_Option'0 = | C_None'0 - | C_Some'0 int32 + | C_Some'0 Int32.t use prelude.prelude.Borrow @@ -1904,9 +1909,9 @@ module M_final_borrows__shallow_borrow_no_gen [#"final_borrows.rs" 191 0 191 49] predicate resolve'0 (_1 : borrowed (t_Option'0)) = resolve'1 _1 - let rec v_Some'0 (input:t_Option'0) (ret (field_0:int32))= any - [ good (field_0:int32)-> {C_Some'0 field_0 = input} (! ret {field_0}) - | bad -> {forall field_0 : int32 [C_Some'0 field_0 : t_Option'0] . C_Some'0 field_0 <> input} (! {false} any) ] + let rec v_Some'0 (input:t_Option'0) (ret (field_0:Int32.t))= any + [ good (field_0:Int32.t)-> {C_Some'0 field_0 = input} (! ret {field_0}) + | bad -> {forall field_0 : Int32.t [C_Some'0 field_0 : t_Option'0] . C_Some'0 field_0 <> input} (! {false} any) ] use prelude.prelude.Intrinsic @@ -1918,12 +1923,12 @@ module M_final_borrows__shallow_borrow_no_gen [#"final_borrows.rs" 191 0 191 49] [ s0 = Borrow.borrow_final {x.current} {Borrow.get_id x} (fun (_ret':borrowed (t_Option'0)) -> [ &_r <- _ret' ] [ &x <- { x with current = _ret'.final } ] s1) | s1 = -{resolve'0 _r}- s2 - | s2 = any [ br0 -> {x.current = C_None'0 } (! bb7) | br1 (x0:int32)-> {x.current = C_Some'0 x0} (! bb2) ] ] + | s2 = any [ br0 -> {x.current = C_None'0 } (! bb7) | br1 (x0:Int32.t)-> {x.current = C_Some'0 x0} (! bb2) ] ] | bb7 = s0 [ s0 = -{resolve'0 x}- s1 | s1 = bb1 ] | bb2 = bb3 | bb3 = s0 - [ s0 = v_Some'0 {x.current} (fun (r0'0:int32) -> [ &inner <- r0'0 ] s1) + [ s0 = v_Some'0 {x.current} (fun (r0'0:Int32.t) -> [ &inner <- r0'0 ] s1) | s1 = [ &inner1 <- inner ] s2 | s2 = Int32.eq {inner1} {[%#sfinal_borrows0] (2 : Int32.t)} (fun (_ret':bool) -> [ &_8 <- _ret' ] s3) | s3 = any [ br0 -> {_8 = false} (! bb5) | br1 -> {_8} (! bb4) ] ] @@ -1936,8 +1941,8 @@ module M_final_borrows__shallow_borrow_no_gen [#"final_borrows.rs" 191 0 191 49] [ & _0 : () = any_l () | & x : borrowed (t_Option'0) = x | & _r : borrowed (t_Option'0) = any_l () - | & inner : int32 = any_l () - | & inner1 : int32 = any_l () + | & inner : Int32.t = any_l () + | & inner1 : Int32.t = any_l () | & _8 : bool = any_l () ] [ return' (result:())-> (! return' {result}) ] end @@ -1958,7 +1963,9 @@ module M_final_borrows__index_mut_slice [#"final_borrows.rs" 208 0 208 48] let%span sseq13 = "../../../../creusot-contracts/src/logic/seq.rs" 451 20 451 95 let%span sboxed14 = "../../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 use prelude.prelude.Borrow @@ -1966,7 +1973,7 @@ module M_final_borrows__index_mut_slice [#"final_borrows.rs" 208 0 208 48] predicate inv'0 (_1 : t_T'0) - use prelude.prelude.Slice + use Slice64.create predicate invariant'0 (self : borrowed t_T'0) = [%#sinvariant11] inv'0 self.current /\ inv'0 self.final @@ -1983,21 +1990,19 @@ module M_final_borrows__index_mut_slice [#"final_borrows.rs" 208 0 208 48] use seq.Seq - constant v_MAX'0 : usize = (18446744073709551615 : usize) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 - use prelude.prelude.Int - - use prelude.prelude.Slice + use prelude.prelude.Slice64 use seq.Seq function view'1 (self : slice t_T'0) : Seq.seq t_T'0 axiom view'1_spec : forall self : slice t_T'0 . ([%#sslice9] Seq.length (view'1 self) - <= UIntSize.to_int (v_MAX'0 : usize)) - && ([%#sslice10] view'1 self = Slice.id self) + <= UInt64.to_uint (v_MAX'0 : UInt64.t)) + && ([%#sslice10] view'1 self = Slice64.id self) use seq.Seq @@ -2058,14 +2063,14 @@ module M_final_borrows__index_mut_slice [#"final_borrows.rs" 208 0 208 48] | s4 = bb1 ] | bb1 = s0 - [ s0 = Slice.get {v.current} {_6} + [ s0 = Slice64.get {v.current} {_6} (fun (r'0:t_T'0) -> {inv'0 r'0} Borrow.borrow_final {r'0} {Borrow.inherit_id (Borrow.get_id v) _6} (fun (_ret':borrowed t_T'0) -> [ &_5 <- _ret' ] -{inv'0 _ret'.final}- - Slice.set {v.current} {_6} {_ret'.final} + Slice64.set {v.current} {_6} {_ret'.final} (fun (r'1:slice t_T'0) -> [ &v <- { v with current = r'1 } ] s1))) | s1 = {inv'0 _5.current} Borrow.borrow_final {_5.current} {Borrow.get_id _5} @@ -2094,8 +2099,8 @@ module M_final_borrows__index_mut_slice [#"final_borrows.rs" 208 0 208 48] | & v : borrowed (slice t_T'0) = v | & _2 : borrowed t_T'0 = any_l () | & _5 : borrowed t_T'0 = any_l () - | & _6 : usize = any_l () - | & _7 : usize = any_l () + | & _6 : UInt64.t = any_l () + | & _7 : UInt64.t = any_l () | & _8 : bool = any_l () ] [ return' (result:borrowed t_T'0)-> {[@expl:index_mut_slice result type invariant] [%#sfinal_borrows4] inv'1 result} @@ -2119,7 +2124,9 @@ module M_final_borrows__index_mut_array [#"final_borrows.rs" 214 0 214 52] let%span sseq11 = "../../../../creusot-contracts/src/logic/seq.rs" 451 20 451 95 let%span sboxed12 = "../../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 use prelude.prelude.Borrow @@ -2127,7 +2134,7 @@ module M_final_borrows__index_mut_array [#"final_borrows.rs" 214 0 214 52] predicate inv'0 (_1 : t_T'0) - use prelude.prelude.Slice + use Slice64.create predicate invariant'0 (self : borrowed t_T'0) = [%#sinvariant9] inv'0 self.current /\ inv'0 self.final @@ -2142,16 +2149,10 @@ module M_final_borrows__index_mut_array [#"final_borrows.rs" 214 0 214 52] predicate resolve'0 (_1 : borrowed t_T'0) = resolve'2 _1 - use prelude.prelude.Slice + use prelude.prelude.Slice64 use seq.Seq - use prelude.prelude.Int128.to_int - - use prelude.prelude.Int128 - - use prelude.prelude.Int - use seq.Seq use seq.Seq @@ -2171,7 +2172,7 @@ module M_final_borrows__index_mut_array [#"final_borrows.rs" 214 0 214 52] axiom inv_axiom'3 [@rewrite] : forall x : Seq.seq t_T'0 [inv'4 x] . inv'4 x = invariant'3 x predicate invariant'2 (self : array t_T'0) = - [%#sarray10] inv'4 (Slice.id self) + [%#sarray10] inv'4 (Slice64.id self) predicate inv'3 (_1 : array t_T'0) @@ -2193,14 +2194,14 @@ module M_final_borrows__index_mut_array [#"final_borrows.rs" 214 0 214 52] use prelude.prelude.Intrinsic function view'0 (self : borrowed (array t_T'0)) : Seq.seq t_T'0 = - [%#smodel6] Slice.id self.current + [%#smodel6] Slice64.id self.current - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 use seq.Seq - function index_logic'0 [@inline:trivial] (self : array t_T'0) (ix : usize) : t_T'0 = - [%#sops7] Seq.get (Slice.id self) (UIntSize.to_int ix) + function index_logic'0 [@inline:trivial] (self : array t_T'0) (ix : UInt64.t) : t_T'0 = + [%#sops7] Seq.get (Slice64.id self) (UInt64.to_uint ix) meta "compute_max_steps" 1000000 @@ -2215,14 +2216,14 @@ module M_final_borrows__index_mut_array [#"final_borrows.rs" 214 0 214 52] | s4 = bb1 ] | bb1 = s0 - [ s0 = Slice.get {v.current} {_6} + [ s0 = Slice64.get {v.current} {_6} (fun (r'0:t_T'0) -> {inv'0 r'0} Borrow.borrow_final {r'0} {Borrow.inherit_id (Borrow.get_id v) _6} (fun (_ret':borrowed t_T'0) -> [ &_5 <- _ret' ] -{inv'0 _ret'.final}- - Slice.set {v.current} {_6} {_ret'.final} + Slice64.set {v.current} {_6} {_ret'.final} (fun (r'1:array t_T'0) -> [ &v <- { v with current = r'1 } ] s1))) | s1 = {inv'0 _5.current} Borrow.borrow_final {_5.current} {Borrow.get_id _5} @@ -2251,13 +2252,13 @@ module M_final_borrows__index_mut_array [#"final_borrows.rs" 214 0 214 52] | & v : borrowed (array t_T'0) = v | & _2 : borrowed t_T'0 = any_l () | & _5 : borrowed t_T'0 = any_l () - | & _6 : usize = any_l () - | & _7 : usize = any_l () + | & _6 : UInt64.t = any_l () + | & _7 : UInt64.t = any_l () | & _8 : bool = any_l () ] [ return' (result:borrowed t_T'0)-> {[@expl:index_mut_array result type invariant] [%#sfinal_borrows4] inv'1 result} {[@expl:index_mut_array ensures] [%#sfinal_borrows5] result - = Borrow.borrow_logic (index_logic'0 v.current (12 : usize)) (index_logic'0 v.final (12 : usize)) (Borrow.inherit_id (Borrow.get_id v) (12 : usize))} + = Borrow.borrow_logic (index_logic'0 v.current (12 : UInt64.t)) (index_logic'0 v.final (12 : UInt64.t)) (Borrow.inherit_id (Borrow.get_id v) (12 : UInt64.t))} (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/bug/two_phase.coma b/creusot/tests/should_succeed/bug/two_phase.coma index d613080415..d201302f31 100644 --- a/creusot/tests/should_succeed/bug/two_phase.coma +++ b/creusot/tests/should_succeed/bug/two_phase.coma @@ -18,55 +18,57 @@ module M_two_phase__test [#"two_phase.rs" 6 0 6 31] type t_Unique'0 = { t_Unique__pointer'0: t_NonNull'0; t_Unique__qy95zmarker'0: () } - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 type t_Cap'0 = - { t_Cap__0'0: usize } + { t_Cap__0'0: UInt64.t } type t_RawVec'0 = { t_RawVec__ptr'0: t_Unique'0; t_RawVec__cap'0: t_Cap'0; t_RawVec__alloc'0: () } type t_Vec'0 = - { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: usize } + { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: UInt64.t } predicate inv'0 (_1 : t_Vec'0) axiom inv_axiom'0 [@rewrite] : forall x : t_Vec'0 [inv'0 x] . inv'0 x = true - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 use seq.Seq use seq.Seq - constant v_MAX'0 : usize = (18446744073709551615 : usize) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.Int + function view'2 (self : t_Vec'0) : Seq.seq UInt64.t - function view'2 (self : t_Vec'0) : Seq.seq usize + axiom view'2_spec : forall self : t_Vec'0 . [%#svec6] Seq.length (view'2 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) - axiom view'2_spec : forall self : t_Vec'0 . [%#svec6] Seq.length (view'2 self) <= UIntSize.to_int (v_MAX'0 : usize) - - function view'1 (self : t_Vec'0) : Seq.seq usize = + function view'1 (self : t_Vec'0) : Seq.seq UInt64.t = [%#smodel5] view'2 self - let rec len'0 (self:t_Vec'0) (return' (ret:usize))= {[@expl:len 'self' type invariant] inv'0 self} - any [ return' (result:usize)-> {[%#svec1] UIntSize.to_int result = Seq.length (view'1 self)} (! return' {result}) ] + let rec len'0 (self:t_Vec'0) (return' (ret:UInt64.t))= {[@expl:len 'self' type invariant] inv'0 self} + any + [ return' (result:UInt64.t)-> {[%#svec1] UInt64.to_uint result = Seq.length (view'1 self)} (! return' {result}) ] + predicate inv'1 (_1 : borrowed (t_Vec'0)) axiom inv_axiom'1 [@rewrite] : forall x : borrowed (t_Vec'0) [inv'1 x] . inv'1 x = true - predicate inv'2 (_1 : usize) + predicate inv'2 (_1 : UInt64.t) - axiom inv_axiom'2 [@rewrite] : forall x : usize [inv'2 x] . inv'2 x = true + axiom inv_axiom'2 [@rewrite] : forall x : UInt64.t [inv'2 x] . inv'2 x = true - function view'0 (self : borrowed (t_Vec'0)) : Seq.seq usize = + function view'0 (self : borrowed (t_Vec'0)) : Seq.seq UInt64.t = [%#smodel3] view'2 self.current use seq.Seq - let rec push'0 (self:borrowed (t_Vec'0)) (value:usize) (return' (ret:()))= {[@expl:push 'self' type invariant] inv'1 self} + let rec push'0 (self:borrowed (t_Vec'0)) (value:UInt64.t) (return' (ret:()))= {[@expl:push 'self' type invariant] inv'1 self} {[@expl:push 'value' type invariant] inv'2 value} any [ return' (result:())-> {[%#svec2] view'2 self.final = Seq.snoc (view'0 self) value} (! return' {result}) ] @@ -80,7 +82,7 @@ module M_two_phase__test [#"two_phase.rs" 6 0 6 31] use seq.Seq - function index_logic'0 [@inline:trivial] (self : t_Vec'0) (ix : int) : usize = + function index_logic'0 [@inline:trivial] (self : t_Vec'0) (ix : int) : UInt64.t = [%#sops4] Seq.get (view'2 self) ix meta "compute_max_steps" 1000000 @@ -89,7 +91,7 @@ module M_two_phase__test [#"two_phase.rs" 6 0 6 31] [ bb0 = s0 [ s0 = Borrow.borrow_final {v.current} {Borrow.get_id v} (fun (_ret':borrowed (t_Vec'0)) -> [ &_4 <- _ret' ] [ &v <- { v with current = _ret'.final } ] s1) - | s1 = len'0 {_4.current} (fun (_ret':usize) -> [ &_5 <- _ret' ] s2) + | s1 = len'0 {_4.current} (fun (_ret':UInt64.t) -> [ &_5 <- _ret' ] s2) | s2 = bb1 ] | bb1 = s0 [ s0 = push'0 {_4} {_5} (fun (_ret':()) -> [ &_3 <- _ret' ] s1) | s1 = bb2 ] @@ -99,9 +101,9 @@ module M_two_phase__test [#"two_phase.rs" 6 0 6 31] | & v : borrowed (t_Vec'0) = v | & _3 : () = any_l () | & _4 : borrowed (t_Vec'0) = any_l () - | & _5 : usize = any_l () ] + | & _5 : UInt64.t = any_l () ] - [ return' (result:())-> {[@expl:test ensures] [%#stwo_phase0] UIntSize.to_int (index_logic'0 v.final (Seq.length (view'0 v))) + [ return' (result:())-> {[@expl:test ensures] [%#stwo_phase0] UInt64.to_uint (index_logic'0 v.final (Seq.length (view'0 v))) = Seq.length (view'0 v)} (! return' {result}) ] diff --git a/creusot/tests/should_succeed/bug/two_phase/why3session.xml b/creusot/tests/should_succeed/bug/two_phase/why3session.xml index 29335bb5e3..a0a0a3ad75 100644 --- a/creusot/tests/should_succeed/bug/two_phase/why3session.xml +++ b/creusot/tests/should_succeed/bug/two_phase/why3session.xml @@ -7,7 +7,7 @@ - + diff --git a/creusot/tests/should_succeed/bug/two_phase/why3shapes.gz b/creusot/tests/should_succeed/bug/two_phase/why3shapes.gz index e2ba2796461d1063de3711275726f78a20456fb0..832d7cf75d8249abe10e426e9a2a26681568ea1f 100644 GIT binary patch literal 260 zcmV+f0sH>x9CQp^MKQSbc0cHBnL@sa+g5 zg>O#_asM1cw{fzje2 z6NW?d)!w=YWA(Ot&zMReH$o+mdcw?A5(LUKYh8n1Rqs1nXAD~Fpf~bn6Z>DUAmHHp z5s%2)hu{y`WZMsup9k3HiN8jm-iLrL8hP||7^@R#isck_68tW*x}0Q+ zo4EYqSAWykRYwur?&5d#`v*c8uQ|t7$fjjb2w2EP&KdCMr(!MITGCugJ=a2W&BzZN Kk!Ewh0RRBcK73;U literal 259 zcmV+e0sQ_SiwFP!00000|Amn;Z-X!pg?Il7Hn*9KF;1z6sofwC- z|Gr9#(?lJ*y*s_{?w#&ol}tN0;FQehC*$mMB9ql42}dw?rc5&x1%a0mMzllN!EEqM zxlSRt+SmYd{knOhOhqo$TtyLkTxTi@0%b&v?eL=>-C$bEpf?sqE$;TPzx5V8PHvo$ zGH9Il?u;GXzw7)uz;qW^8I$HPS=TQ7EduSyd$d6dox^~kzJOY8mZXbF|3$Xfi?qB; zoBrC>&oFk=Q3Usg@L7L9fsky?d)cr1f{TVX*a!qBI)+8@BpFJP {[%#s014] inv'1 result} {[%#s015] inv'2 result} (! return' {result}) ] + let rec get'0 (self:t_Cell'0) (return' (ret:UInt32.t))= {[@expl:get 'self' type invariant] [%#s013] inv'0 self} + any [ return' (result:UInt32.t)-> {[%#s014] inv'1 result} {[%#s015] inv'2 result} (! return' {result}) ] - let rec set'0 (self:t_Cell'0) (v:uint32) (return' (ret:()))= {[@expl:set 'self' type invariant] [%#s016] inv'0 self} + let rec set'0 (self:t_Cell'0) (v:UInt32.t) (return' (ret:()))= {[@expl:set 'self' type invariant] [%#s016] inv'0 self} {[@expl:set 'v' type invariant] [%#s017] inv'1 v} {[@expl:set requires] [%#s018] inv'2 v} any [ return' (result:())-> (! return' {result}) ] @@ -49,27 +49,27 @@ module M_01__adds_two [#"01.rs" 40 0 40 36] meta "compute_max_steps" 1000000 let rec adds_two'0 (c:t_Cell'0) (return' (ret:()))= (! bb0 - [ bb0 = s0 [ s0 = get'0 {c} (fun (_ret':uint32) -> [ &v <- _ret' ] s1) | s1 = bb1 ] + [ bb0 = s0 [ s0 = get'0 {c} (fun (_ret':UInt32.t) -> [ &v <- _ret' ] s1) | s1 = bb1 ] | bb1 = s0 - [ s0 = UInt32.lt {v} {[%#s010] (100000 : uint32)} (fun (_ret':bool) -> [ &_4 <- _ret' ] s1) + [ s0 = UInt32.lt {v} {[%#s010] (100000 : UInt32.t)} (fun (_ret':bool) -> [ &_4 <- _ret' ] s1) | s1 = any [ br0 -> {_4 = false} (! bb4) | br1 -> {_4} (! bb2) ] ] | bb2 = s0 - [ s0 = UInt32.add {v} {[%#s011] (2 : uint32)} (fun (_ret':uint32) -> [ &_8 <- _ret' ] s1) + [ s0 = UInt32.add {v} {[%#s011] (2 : UInt32.t)} (fun (_ret':UInt32.t) -> [ &_8 <- _ret' ] s1) | s1 = set'0 {c} {_8} (fun (_ret':()) -> [ &_6 <- _ret' ] s2) | s2 = bb3 ] | bb3 = bb6 - | bb4 = s0 [ s0 = set'0 {c} {[%#s012] (0 : uint32)} (fun (_ret':()) -> [ &_10 <- _ret' ] s1) | s1 = bb5 ] + | bb4 = s0 [ s0 = set'0 {c} {[%#s012] (0 : UInt32.t)} (fun (_ret':()) -> [ &_10 <- _ret' ] s1) | s1 = bb5 ] | bb5 = bb6 | bb6 = return' {_0} ] ) [ & _0 : () = any_l () | & c : t_Cell'0 = c - | & v : uint32 = any_l () + | & v : UInt32.t = any_l () | & _4 : bool = any_l () | & _6 : () = any_l () - | & _8 : uint32 = any_l () + | & _8 : UInt32.t = any_l () | & _10 : () = any_l () ] [ return' (result:())-> (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/cell/02.coma b/creusot/tests/should_succeed/cell/02.coma index 17596c3734..08739fd5ce 100644 --- a/creusot/tests/should_succeed/cell/02.coma +++ b/creusot/tests/should_succeed/cell/02.coma @@ -85,8 +85,8 @@ module M_02__fib_memo [#"02.rs" 95 0 95 50] let%span s0227 = "02.rs" 23 4 23 38 let%span s0228 = "02.rs" 86 8 86 47 let%span smodel29 = "../../../../creusot-contracts/src/model.rs" 88 8 88 22 - let%span sslice30 = "../../../../creusot-contracts/src/std/slice.rs" 122 20 122 37 - let%span sslice31 = "../../../../creusot-contracts/src/std/slice.rs" 129 20 129 37 + let%span sslice30 = "../../../../creusot-contracts/src/std/slice.rs" 140 20 140 37 + let%span sslice31 = "../../../../creusot-contracts/src/std/slice.rs" 147 20 147 37 let%span s0232 = "02.rs" 72 12 75 13 let%span sops33 = "../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 let%span svec34 = "../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 @@ -101,28 +101,30 @@ module M_02__fib_memo [#"02.rs" 95 0 95 50] type t_Unique'0 = { t_Unique__pointer'0: t_NonNull'0; t_Unique__qy95zmarker'0: () } - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 type t_Cap'0 = - { t_Cap__0'0: usize } + { t_Cap__0'0: UInt64.t } type t_RawVec'0 = { t_RawVec__ptr'0: t_Unique'0; t_RawVec__cap'0: t_Cap'0; t_RawVec__alloc'0: () } type t_Vec'0 = - { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: usize } + { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: UInt64.t } predicate inv'0 (_1 : t_Vec'0) axiom inv_axiom'0 [@rewrite] : forall x : t_Vec'0 [inv'0 x] . inv'0 x = true - predicate inv'1 (_1 : usize) + predicate inv'1 (_1 : UInt64.t) - axiom inv_axiom'1 [@rewrite] : forall x : usize [inv'1 x] . inv'1 x = true + axiom inv_axiom'1 [@rewrite] : forall x : UInt64.t [inv'1 x] . inv'1 x = true type t_Option'0 = | C_None'0 - | C_Some'0 usize + | C_Some'0 UInt64.t type t_UnsafeCell'0 = { t_UnsafeCell__value'0: t_Option'0 } @@ -131,7 +133,7 @@ module M_02__fib_memo [#"02.rs" 95 0 95 50] { t_Cell__value'0: t_UnsafeCell'0 } type t_Fib'0 = - { t_Fib__ix'0: usize } + { t_Fib__ix'0: UInt64.t } type t_Cell'0 = { t_Cell__inner'0: t_Cell'1; t_Cell__ghost_inv'0: t_Fib'0 } @@ -140,21 +142,19 @@ module M_02__fib_memo [#"02.rs" 95 0 95 50] use seq.Seq - constant v_MAX'0 : usize = (18446744073709551615 : usize) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.UIntSize - - use prelude.prelude.Int + use prelude.prelude.UInt64 function view'1 (self : t_Vec'0) : Seq.seq (t_Cell'0) - axiom view'1_spec : forall self : t_Vec'0 . [%#svec34] Seq.length (view'1 self) <= UIntSize.to_int (v_MAX'0 : usize) + axiom view'1_spec : forall self : t_Vec'0 . [%#svec34] Seq.length (view'1 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) function view'0 (self : t_Vec'0) : Seq.seq (t_Cell'0) = [%#smodel29] view'1 self - predicate in_bounds'0 [@inline:trivial] (self : usize) (seq : Seq.seq (t_Cell'0)) = - [%#sslice30] UIntSize.to_int self < Seq.length seq + predicate in_bounds'0 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq (t_Cell'0)) = + [%#sslice30] UInt64.to_uint self < Seq.length seq predicate inv'2 (_1 : t_Cell'0) @@ -162,10 +162,10 @@ module M_02__fib_memo [#"02.rs" 95 0 95 50] use seq.Seq - predicate has_value'0 [@inline:trivial] (self : usize) (seq : Seq.seq (t_Cell'0)) (out : t_Cell'0) = - [%#sslice31] Seq.get seq (UIntSize.to_int self) = out + predicate has_value'0 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq (t_Cell'0)) (out : t_Cell'0) = + [%#sslice31] Seq.get seq (UInt64.to_uint self) = out - let rec index'0 (self:t_Vec'0) (index:usize) (return' (ret:t_Cell'0))= {[@expl:index 'self' type invariant] inv'0 self} + let rec index'0 (self:t_Vec'0) (index:UInt64.t) (return' (ret:t_Cell'0))= {[@expl:index 'self' type invariant] inv'0 self} {[@expl:index 'index' type invariant] inv'1 index} {[@expl:index requires] [%#svec13] in_bounds'0 index (view'0 self)} any @@ -186,7 +186,7 @@ module M_02__fib_memo [#"02.rs" 95 0 95 50] predicate inv'4 [#"02.rs" 70 4 70 43] (self : t_Fib'0) (v : t_Option'0) = [%#s0232] match v with | C_None'0 -> true - | C_Some'0 i -> UIntSize.to_int i = fib'0 (UIntSize.to_int self.t_Fib__ix'0) + | C_Some'0 i -> UInt64.to_uint i = fib'0 (UInt64.to_uint self.t_Fib__ix'0) end let rec get'0 (self:t_Cell'0) (return' (ret:t_Option'0))= {[@expl:get 'self' type invariant] [%#s0215] inv'2 self} @@ -196,9 +196,9 @@ module M_02__fib_memo [#"02.rs" 95 0 95 50] (! return' {result}) ] - let rec v_Some'0 (input:t_Option'0) (ret (field_0:usize))= any - [ good (field_0:usize)-> {C_Some'0 field_0 = input} (! ret {field_0}) - | bad -> {forall field_0 : usize [C_Some'0 field_0 : t_Option'0] . C_Some'0 field_0 <> input} (! {false} any) ] + let rec v_Some'0 (input:t_Option'0) (ret (field_0:UInt64.t))= any + [ good (field_0:UInt64.t)-> {C_Some'0 field_0 = input} (! ret {field_0}) + | bad -> {forall field_0 : UInt64.t [C_Some'0 field_0 : t_Option'0] . C_Some'0 field_0 <> input} (! {false} any) ] use int.Power @@ -206,7 +206,7 @@ module M_02__fib_memo [#"02.rs" 95 0 95 50] function lemma_max_int'0 [#"02.rs" 62 0 62 22] (_1 : ()) : () axiom lemma_max_int'0_spec : forall _1 : () . [%#s0218] Power.power 2 63 - < UIntSize.to_int (18446744073709551615 : usize) + < UInt64.to_uint (18446744073709551615 : UInt64.t) use prelude.prelude.Snapshot @@ -239,45 +239,45 @@ module M_02__fib_memo [#"02.rs" 95 0 95 50] [%#sops33] Seq.get (view'1 self) ix predicate fib_cell'0 [#"02.rs" 84 0 84 32] (v : t_Vec'0) = - [%#s0228] forall i : int . UIntSize.to_int ((index_logic'0 v i).t_Cell__ghost_inv'0).t_Fib__ix'0 = i + [%#s0228] forall i : int . UInt64.to_uint ((index_logic'0 v i).t_Cell__ghost_inv'0).t_Fib__ix'0 = i meta "compute_max_steps" 1000000 - let rec fib_memo'0 (mem:t_Vec'0) (i:usize) (return' (ret:usize))= {[@expl:fib_memo requires #0] [%#s029] fib_cell'0 mem} - {[@expl:fib_memo requires #1] [%#s0210] UIntSize.to_int i < Seq.length (view'0 mem)} - {[@expl:fib_memo requires #2] [%#s0211] UIntSize.to_int i <= 63} + let rec fib_memo'0 (mem:t_Vec'0) (i:UInt64.t) (return' (ret:UInt64.t))= {[@expl:fib_memo requires #0] [%#s029] fib_cell'0 mem} + {[@expl:fib_memo requires #1] [%#s0210] UInt64.to_uint i < Seq.length (view'0 mem)} + {[@expl:fib_memo requires #2] [%#s0211] UInt64.to_uint i <= 63} (! bb0 [ bb0 = s0 [ s0 = index'0 {mem} {i} (fun (_ret':t_Cell'0) -> [ &_9 <- _ret' ] s1) | s1 = bb1 ] | bb1 = s0 [ s0 = get'0 {_9} (fun (_ret':t_Option'0) -> [ &_7 <- _ret' ] s1) | s1 = bb2 ] - | bb2 = any [ br0 -> {_7 = C_None'0 } (! bb5) | br1 (x0:usize)-> {_7 = C_Some'0 x0} (! bb4) ] + | bb2 = any [ br0 -> {_7 = C_None'0 } (! bb5) | br1 (x0:UInt64.t)-> {_7 = C_Some'0 x0} (! bb4) ] | bb4 = bb6 - | bb6 = s0 [ s0 = v_Some'0 {_7} (fun (r0'0:usize) -> [ &v <- r0'0 ] s1) | s1 = [ &_0 <- v ] s2 | s2 = bb19 ] + | bb6 = s0 [ s0 = v_Some'0 {_7} (fun (r0'0:UInt64.t) -> [ &v <- r0'0 ] s1) | s1 = [ &_0 <- v ] s2 | s2 = bb19 ] | bb5 = s0 - [ s0 = UIntSize.eq {i} {[%#s020] (0 : usize)} (fun (_ret':bool) -> [ &_15 <- _ret' ] s1) + [ s0 = UInt64.eq {i} {[%#s020] (0 : UInt64.t)} (fun (_ret':bool) -> [ &_15 <- _ret' ] s1) | s1 = any [ br0 -> {_15 = false} (! bb8) | br1 -> {_15} (! bb7) ] ] - | bb7 = s0 [ s0 = [ &fib_i <- [%#s021] (0 : usize) ] s1 | s1 = bb16 ] + | bb7 = s0 [ s0 = [ &fib_i <- [%#s021] (0 : UInt64.t) ] s1 | s1 = bb16 ] | bb8 = s0 - [ s0 = UIntSize.eq {i} {[%#s022] (1 : usize)} (fun (_ret':bool) -> [ &_17 <- _ret' ] s1) + [ s0 = UInt64.eq {i} {[%#s022] (1 : UInt64.t)} (fun (_ret':bool) -> [ &_17 <- _ret' ] s1) | s1 = any [ br0 -> {_17 = false} (! bb10) | br1 -> {_17} (! bb9) ] ] - | bb9 = s0 [ s0 = [ &fib_i <- [%#s023] (1 : usize) ] s1 | s1 = bb15 ] + | bb9 = s0 [ s0 = [ &fib_i <- [%#s023] (1 : UInt64.t) ] s1 | s1 = bb15 ] | bb10 = s0 [ s0 = [ &_19 <- [%#s024] Snapshot.new () ] s1 | s1 = bb11 ] | bb11 = s0 [ s0 = [ &_21 <- [%#s025] Snapshot.new () ] s1 | s1 = bb12 ] | bb12 = s0 - [ s0 = UIntSize.sub {i} {[%#s026] (1 : usize)} (fun (_ret':usize) -> [ &_25 <- _ret' ] s1) - | s1 = fib_memo'0 {mem} {_25} (fun (_ret':usize) -> [ &_23 <- _ret' ] s2) + [ s0 = UInt64.sub {i} {[%#s026] (1 : UInt64.t)} (fun (_ret':UInt64.t) -> [ &_25 <- _ret' ] s1) + | s1 = fib_memo'0 {mem} {_25} (fun (_ret':UInt64.t) -> [ &_23 <- _ret' ] s2) | s2 = bb13 ] | bb13 = s0 - [ s0 = UIntSize.sub {i} {[%#s027] (2 : usize)} (fun (_ret':usize) -> [ &_29 <- _ret' ] s1) - | s1 = fib_memo'0 {mem} {_29} (fun (_ret':usize) -> [ &_27 <- _ret' ] s2) + [ s0 = UInt64.sub {i} {[%#s027] (2 : UInt64.t)} (fun (_ret':UInt64.t) -> [ &_29 <- _ret' ] s1) + | s1 = fib_memo'0 {mem} {_29} (fun (_ret':UInt64.t) -> [ &_27 <- _ret' ] s2) | s2 = bb14 ] - | bb14 = s0 [ s0 = UIntSize.add {_23} {_27} (fun (_ret':usize) -> [ &fib_i <- _ret' ] s1) | s1 = bb15 ] + | bb14 = s0 [ s0 = UInt64.add {_23} {_27} (fun (_ret':UInt64.t) -> [ &fib_i <- _ret' ] s1) | s1 = bb15 ] | bb15 = bb16 | bb16 = s0 - [ s0 = {[@expl:assertion] [%#s028] UIntSize.to_int fib_i = fib'0 (UIntSize.to_int i)} s1 + [ s0 = {[@expl:assertion] [%#s028] UInt64.to_uint fib_i = fib'0 (UInt64.to_uint i)} s1 | s1 = index'0 {mem} {i} (fun (_ret':t_Cell'0) -> [ &_35 <- _ret' ] s2) | s2 = bb17 ] @@ -289,26 +289,26 @@ module M_02__fib_memo [#"02.rs" 95 0 95 50] | bb18 = s0 [ s0 = [ &_0 <- fib_i ] s1 | s1 = bb19 ] | bb19 = return' {_0} ] ) - [ & _0 : usize = any_l () + [ & _0 : UInt64.t = any_l () | & mem : t_Vec'0 = mem - | & i : usize = i + | & i : UInt64.t = i | & _7 : t_Option'0 = any_l () | & _9 : t_Cell'0 = any_l () - | & v : usize = any_l () - | & fib_i : usize = any_l () + | & v : UInt64.t = any_l () + | & fib_i : UInt64.t = any_l () | & _15 : bool = any_l () | & _17 : bool = any_l () | & _19 : Snapshot.snap_ty () = any_l () | & _21 : Snapshot.snap_ty () = any_l () - | & _23 : usize = any_l () - | & _25 : usize = any_l () - | & _27 : usize = any_l () - | & _29 : usize = any_l () + | & _23 : UInt64.t = any_l () + | & _25 : UInt64.t = any_l () + | & _27 : UInt64.t = any_l () + | & _29 : UInt64.t = any_l () | & _33 : () = any_l () | & _35 : t_Cell'0 = any_l () | & _38 : t_Option'0 = any_l () ] - [ return' (result:usize)-> {[@expl:fib_memo ensures] [%#s0212] UIntSize.to_int result = fib'0 (UIntSize.to_int i)} + [ return' (result:UInt64.t)-> {[@expl:fib_memo ensures] [%#s0212] UInt64.to_uint result = fib'0 (UInt64.to_uint i)} (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/checked_ops.coma b/creusot/tests/should_succeed/checked_ops.coma index 8fd3732e41..f6590a22e3 100644 --- a/creusot/tests/should_succeed/checked_ops.coma +++ b/creusot/tests/should_succeed/checked_ops.coma @@ -32,42 +32,42 @@ module M_checked_ops__test_u8_add_example [#"checked_ops.rs" 5 0 5 28] let%span schecked_ops30 = "checked_ops.rs" 9 4 9 39 let%span schecked_ops31 = "checked_ops.rs" 7 4 7 44 let%span schecked_ops32 = "checked_ops.rs" 6 4 6 47 - let%span snum33 = "../../../creusot-contracts/src/std/num.rs" 128 20 129 89 - let%span snum34 = "../../../creusot-contracts/src/std/num.rs" 132 26 132 87 + let%span snum33 = "../../../creusot-contracts/src/std/num.rs" 171 20 172 89 + let%span snum34 = "../../../creusot-contracts/src/std/num.rs" 175 26 175 87 let%span soption35 = "../../../creusot-contracts/src/std/option.rs" 31 0 423 1 let%span soption36 = "../../../creusot-contracts/src/std/option.rs" 51 26 51 51 - let%span snum37 = "../../../creusot-contracts/src/std/num.rs" 140 20 140 93 - let%span snum38 = "../../../creusot-contracts/src/std/num.rs" 144 20 145 51 - let%span snum39 = "../../../creusot-contracts/src/std/num.rs" 151 20 153 92 - let%span snum40 = "../../../creusot-contracts/src/std/num.rs" 156 20 158 92 - let%span snum41 = "../../../creusot-contracts/src/std/num.rs" 168 20 169 51 - let%span snum42 = "../../../creusot-contracts/src/std/num.rs" 172 26 172 83 - let%span snum43 = "../../../creusot-contracts/src/std/num.rs" 173 26 173 83 - let%span snum44 = "../../../creusot-contracts/src/std/num.rs" 182 20 182 95 - let%span snum45 = "../../../creusot-contracts/src/std/num.rs" 186 20 187 53 - let%span snum46 = "../../../creusot-contracts/src/std/num.rs" 193 20 195 94 - let%span snum47 = "../../../creusot-contracts/src/std/num.rs" 198 20 200 94 - let%span snum48 = "../../../creusot-contracts/src/std/num.rs" 204 20 204 98 + let%span snum37 = "../../../creusot-contracts/src/std/num.rs" 183 20 183 93 + let%span snum38 = "../../../creusot-contracts/src/std/num.rs" 187 20 188 51 + let%span snum39 = "../../../creusot-contracts/src/std/num.rs" 194 20 196 92 + let%span snum40 = "../../../creusot-contracts/src/std/num.rs" 199 20 201 92 + let%span snum41 = "../../../creusot-contracts/src/std/num.rs" 211 20 212 51 + let%span snum42 = "../../../creusot-contracts/src/std/num.rs" 215 26 215 83 + let%span snum43 = "../../../creusot-contracts/src/std/num.rs" 216 26 216 83 + let%span snum44 = "../../../creusot-contracts/src/std/num.rs" 225 20 225 95 + let%span snum45 = "../../../creusot-contracts/src/std/num.rs" 229 20 230 53 + let%span snum46 = "../../../creusot-contracts/src/std/num.rs" 236 20 238 94 + let%span snum47 = "../../../creusot-contracts/src/std/num.rs" 241 20 243 94 + let%span snum48 = "../../../creusot-contracts/src/std/num.rs" 247 20 247 98 + + use prelude.prelude.Int use prelude.prelude.UInt8 type t_Option'0 = | C_None'0 - | C_Some'0 uint8 + | C_Some'0 UInt8.t use prelude.prelude.UInt8 - use prelude.prelude.Int - - constant v_MIN'0 : uint8 = (0 : uint8) + constant v_MIN'0 : UInt8.t = (0 : UInt8.t) - constant v_MAX'0 : uint8 = (255 : uint8) + constant v_MAX'0 : UInt8.t = (255 : UInt8.t) - let rec checked_add'0 (self:uint8) (rhs:uint8) (return' (ret:t_Option'0))= any + let rec checked_add'0 (self:UInt8.t) (rhs:UInt8.t) (return' (ret:t_Option'0))= any [ return' (result:t_Option'0)-> {[%#snum33] (result = C_None'0) - = (UInt8.to_int self + UInt8.to_int rhs < UInt8.to_int (v_MIN'0 : uint8) - \/ UInt8.to_int self + UInt8.to_int rhs > UInt8.to_int (v_MAX'0 : uint8))} - {[%#snum34] forall r : uint8 . result = C_Some'0 r -> UInt8.to_int r = UInt8.to_int self + UInt8.to_int rhs} + = (UInt8.to_uint self + UInt8.to_uint rhs < UInt8.to_uint (v_MIN'0 : UInt8.t) + \/ UInt8.to_uint self + UInt8.to_uint rhs > UInt8.to_uint (v_MAX'0 : UInt8.t))} + {[%#snum34] forall r : UInt8.t . result = C_Some'0 r -> UInt8.to_uint r = UInt8.to_uint self + UInt8.to_uint rhs} (! return' {result}) ] @@ -75,13 +75,13 @@ module M_checked_ops__test_u8_add_example [#"checked_ops.rs" 5 0 5 28] axiom inv_axiom'0 [@rewrite] : forall x : t_Option'0 [inv'0 x] . inv'0 x = true - predicate inv'1 (_1 : uint8) + predicate inv'1 (_1 : UInt8.t) - axiom inv_axiom'1 [@rewrite] : forall x : uint8 [inv'1 x] . inv'1 x = true + axiom inv_axiom'1 [@rewrite] : forall x : UInt8.t [inv'1 x] . inv'1 x = true - let rec unwrap'0 (self:t_Option'0) (return' (ret:uint8))= {[@expl:unwrap 'self' type invariant] inv'0 self} + let rec unwrap'0 (self:t_Option'0) (return' (ret:UInt8.t))= {[@expl:unwrap 'self' type invariant] inv'0 self} {[@expl:unwrap requires] [%#soption35] self <> C_None'0} - any [ return' (result:uint8)-> {inv'1 result} {[%#soption35] C_Some'0 result = self} (! return' {result}) ] + any [ return' (result:UInt8.t)-> {inv'1 result} {[%#soption35] C_Some'0 result = self} (! return' {result}) ] use prelude.prelude.Borrow @@ -94,7 +94,7 @@ module M_checked_ops__test_u8_add_example [#"checked_ops.rs" 5 0 5 28] use prelude.prelude.UInt32 - constant v_BITS'0 : uint32 = (8 : uint32) + constant v_BITS'0 : UInt32.t = (8 : UInt32.t) use prelude.prelude.UInt32 @@ -102,57 +102,59 @@ module M_checked_ops__test_u8_add_example [#"checked_ops.rs" 5 0 5 28] use int.EuclideanDivision - let rec wrapping_add'0 (self:uint8) (rhs:uint8) (return' (ret:uint8))= any - [ return' (result:uint8)-> {[%#snum37] UInt8.to_int result - = EuclideanDivision.mod (UInt8.to_int self + UInt8.to_int rhs) (Power.power 2 (UInt32.to_int (v_BITS'0 : uint32))) - + UInt8.to_int (v_MIN'0 : uint8)} - {[%#snum38] UInt8.to_int self + UInt8.to_int rhs >= UInt8.to_int (v_MIN'0 : uint8) - /\ UInt8.to_int self + UInt8.to_int rhs <= UInt8.to_int (v_MAX'0 : uint8) - -> UInt8.to_int result = UInt8.to_int self + UInt8.to_int rhs} - {[%#snum39] UInt8.to_int self + UInt8.to_int rhs < UInt8.to_int (v_MIN'0 : uint8) + let rec wrapping_add'0 (self:UInt8.t) (rhs:UInt8.t) (return' (ret:UInt8.t))= any + [ return' (result:UInt8.t)-> {[%#snum37] UInt8.to_uint result + = EuclideanDivision.mod (UInt8.to_uint self + + UInt8.to_uint rhs) (Power.power 2 (UInt32.to_uint (v_BITS'0 : UInt32.t))) + + UInt8.to_uint (v_MIN'0 : UInt8.t)} + {[%#snum38] UInt8.to_uint self + UInt8.to_uint rhs >= UInt8.to_uint (v_MIN'0 : UInt8.t) + /\ UInt8.to_uint self + UInt8.to_uint rhs <= UInt8.to_uint (v_MAX'0 : UInt8.t) + -> UInt8.to_uint result = UInt8.to_uint self + UInt8.to_uint rhs} + {[%#snum39] UInt8.to_uint self + UInt8.to_uint rhs < UInt8.to_uint (v_MIN'0 : UInt8.t) -> (exists k : int . k > 0 - /\ UInt8.to_int result - = UInt8.to_int self + UInt8.to_int rhs - + k * (UInt8.to_int (v_MAX'0 : uint8) - UInt8.to_int (v_MIN'0 : uint8) + 1))} - {[%#snum40] UInt8.to_int self + UInt8.to_int rhs > UInt8.to_int (v_MAX'0 : uint8) + /\ UInt8.to_uint result + = UInt8.to_uint self + UInt8.to_uint rhs + + k * (UInt8.to_uint (v_MAX'0 : UInt8.t) - UInt8.to_uint (v_MIN'0 : UInt8.t) + 1))} + {[%#snum40] UInt8.to_uint self + UInt8.to_uint rhs > UInt8.to_uint (v_MAX'0 : UInt8.t) -> (exists k : int . k > 0 - /\ UInt8.to_int result - = UInt8.to_int self + UInt8.to_int rhs - - k * (UInt8.to_int (v_MAX'0 : uint8) - UInt8.to_int (v_MIN'0 : uint8) + 1))} + /\ UInt8.to_uint result + = UInt8.to_uint self + UInt8.to_uint rhs + - k * (UInt8.to_uint (v_MAX'0 : UInt8.t) - UInt8.to_uint (v_MIN'0 : UInt8.t) + 1))} (! return' {result}) ] - let rec saturating_add'0 (self:uint8) (rhs:uint8) (return' (ret:uint8))= any - [ return' (result:uint8)-> {[%#snum41] UInt8.to_int self + UInt8.to_int rhs >= UInt8.to_int (v_MIN'0 : uint8) - /\ UInt8.to_int self + UInt8.to_int rhs <= UInt8.to_int (v_MAX'0 : uint8) - -> UInt8.to_int result = UInt8.to_int self + UInt8.to_int rhs} - {[%#snum42] UInt8.to_int self + UInt8.to_int rhs < UInt8.to_int (v_MIN'0 : uint8) - -> UInt8.to_int result = UInt8.to_int (v_MIN'0 : uint8)} - {[%#snum43] UInt8.to_int self + UInt8.to_int rhs > UInt8.to_int (v_MAX'0 : uint8) - -> UInt8.to_int result = UInt8.to_int (v_MAX'0 : uint8)} + let rec saturating_add'0 (self:UInt8.t) (rhs:UInt8.t) (return' (ret:UInt8.t))= any + [ return' (result:UInt8.t)-> {[%#snum41] UInt8.to_uint self + UInt8.to_uint rhs >= UInt8.to_uint (v_MIN'0 : UInt8.t) + /\ UInt8.to_uint self + UInt8.to_uint rhs <= UInt8.to_uint (v_MAX'0 : UInt8.t) + -> UInt8.to_uint result = UInt8.to_uint self + UInt8.to_uint rhs} + {[%#snum42] UInt8.to_uint self + UInt8.to_uint rhs < UInt8.to_uint (v_MIN'0 : UInt8.t) + -> UInt8.to_uint result = UInt8.to_uint (v_MIN'0 : UInt8.t)} + {[%#snum43] UInt8.to_uint self + UInt8.to_uint rhs > UInt8.to_uint (v_MAX'0 : UInt8.t) + -> UInt8.to_uint result = UInt8.to_uint (v_MAX'0 : UInt8.t)} (! return' {result}) ] - let rec overflowing_add'0 (self:uint8) (rhs:uint8) (return' (ret:(uint8, bool)))= any - [ return' (result:(uint8, bool))-> {[%#snum44] UInt8.to_int (let (a, _) = result in a) - = EuclideanDivision.mod (UInt8.to_int self + UInt8.to_int rhs) (Power.power 2 (UInt32.to_int (v_BITS'0 : uint32))) - + UInt8.to_int (v_MIN'0 : uint8)} - {[%#snum45] UInt8.to_int self + UInt8.to_int rhs >= UInt8.to_int (v_MIN'0 : uint8) - /\ UInt8.to_int self + UInt8.to_int rhs <= UInt8.to_int (v_MAX'0 : uint8) - -> UInt8.to_int (let (a, _) = result in a) = UInt8.to_int self + UInt8.to_int rhs} - {[%#snum46] UInt8.to_int self + UInt8.to_int rhs < UInt8.to_int (v_MIN'0 : uint8) + let rec overflowing_add'0 (self:UInt8.t) (rhs:UInt8.t) (return' (ret:(UInt8.t, bool)))= any + [ return' (result:(UInt8.t, bool))-> {[%#snum44] UInt8.to_uint (let (a, _) = result in a) + = EuclideanDivision.mod (UInt8.to_uint self + + UInt8.to_uint rhs) (Power.power 2 (UInt32.to_uint (v_BITS'0 : UInt32.t))) + + UInt8.to_uint (v_MIN'0 : UInt8.t)} + {[%#snum45] UInt8.to_uint self + UInt8.to_uint rhs >= UInt8.to_uint (v_MIN'0 : UInt8.t) + /\ UInt8.to_uint self + UInt8.to_uint rhs <= UInt8.to_uint (v_MAX'0 : UInt8.t) + -> UInt8.to_uint (let (a, _) = result in a) = UInt8.to_uint self + UInt8.to_uint rhs} + {[%#snum46] UInt8.to_uint self + UInt8.to_uint rhs < UInt8.to_uint (v_MIN'0 : UInt8.t) -> (exists k : int . k > 0 - /\ UInt8.to_int (let (a, _) = result in a) - = UInt8.to_int self + UInt8.to_int rhs - + k * (UInt8.to_int (v_MAX'0 : uint8) - UInt8.to_int (v_MIN'0 : uint8) + 1))} - {[%#snum47] UInt8.to_int self + UInt8.to_int rhs > UInt8.to_int (v_MAX'0 : uint8) + /\ UInt8.to_uint (let (a, _) = result in a) + = UInt8.to_uint self + UInt8.to_uint rhs + + k * (UInt8.to_uint (v_MAX'0 : UInt8.t) - UInt8.to_uint (v_MIN'0 : UInt8.t) + 1))} + {[%#snum47] UInt8.to_uint self + UInt8.to_uint rhs > UInt8.to_uint (v_MAX'0 : UInt8.t) -> (exists k : int . k > 0 - /\ UInt8.to_int (let (a, _) = result in a) - = UInt8.to_int self + UInt8.to_int rhs - - k * (UInt8.to_int (v_MAX'0 : uint8) - UInt8.to_int (v_MIN'0 : uint8) + 1))} + /\ UInt8.to_uint (let (a, _) = result in a) + = UInt8.to_uint self + UInt8.to_uint rhs + - k * (UInt8.to_uint (v_MAX'0 : UInt8.t) - UInt8.to_uint (v_MIN'0 : UInt8.t) + 1))} {[%#snum48] (let (_, a) = result in a) - = (UInt8.to_int self + UInt8.to_int rhs < UInt8.to_int (v_MIN'0 : uint8) - \/ UInt8.to_int self + UInt8.to_int rhs > UInt8.to_int (v_MAX'0 : uint8))} + = (UInt8.to_uint self + UInt8.to_uint rhs < UInt8.to_uint (v_MIN'0 : UInt8.t) + \/ UInt8.to_uint self + UInt8.to_uint rhs > UInt8.to_uint (v_MAX'0 : UInt8.t))} (! return' {result}) ] @@ -164,65 +166,65 @@ module M_checked_ops__test_u8_add_example [#"checked_ops.rs" 5 0 5 28] let rec test_u8_add_example'0 (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 - [ s0 = checked_add'0 {[%#schecked_ops0] (5 : uint8)} {[%#schecked_ops1] (10 : uint8)} + [ s0 = checked_add'0 {[%#schecked_ops0] (5 : UInt8.t)} {[%#schecked_ops1] (10 : UInt8.t)} (fun (_ret':t_Option'0) -> [ &_4 <- _ret' ] s1) | s1 = bb1 ] - | bb1 = s0 [ s0 = unwrap'0 {_4} (fun (_ret':uint8) -> [ &_3 <- _ret' ] s1) | s1 = bb2 ] + | bb1 = s0 [ s0 = unwrap'0 {_4} (fun (_ret':UInt8.t) -> [ &_3 <- _ret' ] s1) | s1 = bb2 ] | bb2 = s0 - [ s0 = UInt8.eq {_3} {[%#schecked_ops2] (15 : uint8)} (fun (_ret':bool) -> [ &_2 <- _ret' ] s1) + [ s0 = UInt8.eq {_3} {[%#schecked_ops2] (15 : UInt8.t)} (fun (_ret':bool) -> [ &_2 <- _ret' ] s1) | s1 = any [ br0 -> {_2 = false} (! bb4) | br1 -> {_2} (! bb3) ] ] | bb3 = s0 - [ s0 = checked_add'0 {[%#schecked_ops3] (250 : uint8)} {[%#schecked_ops4] (10 : uint8)} + [ s0 = checked_add'0 {[%#schecked_ops3] (250 : UInt8.t)} {[%#schecked_ops4] (10 : UInt8.t)} (fun (_ret':t_Option'0) -> [ &_9 <- _ret' ] s1) | s1 = bb5 ] | bb5 = s0 [ s0 = is_none'0 {_9} (fun (_ret':bool) -> [ &_7 <- _ret' ] s1) | s1 = bb6 ] | bb6 = any [ br0 -> {_7 = false} (! bb8) | br1 -> {_7} (! bb7) ] | bb7 = s0 - [ s0 = wrapping_add'0 {[%#schecked_ops5] (5 : uint8)} {[%#schecked_ops6] (10 : uint8)} - (fun (_ret':uint8) -> [ &_13 <- _ret' ] s1) + [ s0 = wrapping_add'0 {[%#schecked_ops5] (5 : UInt8.t)} {[%#schecked_ops6] (10 : UInt8.t)} + (fun (_ret':UInt8.t) -> [ &_13 <- _ret' ] s1) | s1 = bb9 ] | bb9 = s0 - [ s0 = UInt8.eq {_13} {[%#schecked_ops7] (15 : uint8)} (fun (_ret':bool) -> [ &_12 <- _ret' ] s1) + [ s0 = UInt8.eq {_13} {[%#schecked_ops7] (15 : UInt8.t)} (fun (_ret':bool) -> [ &_12 <- _ret' ] s1) | s1 = any [ br0 -> {_12 = false} (! bb11) | br1 -> {_12} (! bb10) ] ] | bb10 = s0 - [ s0 = wrapping_add'0 {[%#schecked_ops8] (250 : uint8)} {[%#schecked_ops9] (10 : uint8)} - (fun (_ret':uint8) -> [ &_17 <- _ret' ] s1) + [ s0 = wrapping_add'0 {[%#schecked_ops8] (250 : UInt8.t)} {[%#schecked_ops9] (10 : UInt8.t)} + (fun (_ret':UInt8.t) -> [ &_17 <- _ret' ] s1) | s1 = bb12 ] | bb12 = s0 - [ s0 = UInt8.eq {_17} {[%#schecked_ops10] (4 : uint8)} (fun (_ret':bool) -> [ &_16 <- _ret' ] s1) + [ s0 = UInt8.eq {_17} {[%#schecked_ops10] (4 : UInt8.t)} (fun (_ret':bool) -> [ &_16 <- _ret' ] s1) | s1 = any [ br0 -> {_16 = false} (! bb14) | br1 -> {_16} (! bb13) ] ] | bb13 = s0 - [ s0 = saturating_add'0 {[%#schecked_ops11] (5 : uint8)} {[%#schecked_ops12] (10 : uint8)} - (fun (_ret':uint8) -> [ &_21 <- _ret' ] s1) + [ s0 = saturating_add'0 {[%#schecked_ops11] (5 : UInt8.t)} {[%#schecked_ops12] (10 : UInt8.t)} + (fun (_ret':UInt8.t) -> [ &_21 <- _ret' ] s1) | s1 = bb15 ] | bb15 = s0 - [ s0 = UInt8.eq {_21} {[%#schecked_ops13] (15 : uint8)} (fun (_ret':bool) -> [ &_20 <- _ret' ] s1) + [ s0 = UInt8.eq {_21} {[%#schecked_ops13] (15 : UInt8.t)} (fun (_ret':bool) -> [ &_20 <- _ret' ] s1) | s1 = any [ br0 -> {_20 = false} (! bb17) | br1 -> {_20} (! bb16) ] ] | bb16 = s0 - [ s0 = saturating_add'0 {[%#schecked_ops14] (250 : uint8)} {[%#schecked_ops15] (10 : uint8)} - (fun (_ret':uint8) -> [ &_25 <- _ret' ] s1) + [ s0 = saturating_add'0 {[%#schecked_ops14] (250 : UInt8.t)} {[%#schecked_ops15] (10 : UInt8.t)} + (fun (_ret':UInt8.t) -> [ &_25 <- _ret' ] s1) | s1 = bb18 ] | bb18 = s0 - [ s0 = UInt8.eq {_25} {[%#schecked_ops16] (255 : uint8)} (fun (_ret':bool) -> [ &_24 <- _ret' ] s1) + [ s0 = UInt8.eq {_25} {[%#schecked_ops16] (255 : UInt8.t)} (fun (_ret':bool) -> [ &_24 <- _ret' ] s1) | s1 = any [ br0 -> {_24 = false} (! bb20) | br1 -> {_24} (! bb19) ] ] | bb19 = s0 - [ s0 = overflowing_add'0 {[%#schecked_ops17] (5 : uint8)} {[%#schecked_ops18] (10 : uint8)} - (fun (_ret':(uint8, bool)) -> [ &res <- _ret' ] s1) + [ s0 = overflowing_add'0 {[%#schecked_ops17] (5 : UInt8.t)} {[%#schecked_ops18] (10 : UInt8.t)} + (fun (_ret':(UInt8.t, bool)) -> [ &res <- _ret' ] s1) | s1 = bb21 ] | bb21 = s0 - [ s0 = UInt8.eq {let (r'0, _) = res in r'0} {[%#schecked_ops19] (15 : uint8)} + [ s0 = UInt8.eq {let (r'0, _) = res in r'0} {[%#schecked_ops19] (15 : UInt8.t)} (fun (_ret':bool) -> [ &_29 <- _ret' ] s1) | s1 = any [ br0 -> {_29 = false} (! bb25) | br1 -> {_29} (! bb22) ] ] @@ -231,12 +233,12 @@ module M_checked_ops__test_u8_add_example [#"checked_ops.rs" 5 0 5 28] | s1 = any [ br0 -> {_31 = false} (! bb24) | br1 -> {_31} (! bb23) ] ] | bb23 = s0 - [ s0 = overflowing_add'0 {[%#schecked_ops21] (250 : uint8)} {[%#schecked_ops22] (10 : uint8)} - (fun (_ret':(uint8, bool)) -> [ &res1 <- _ret' ] s1) + [ s0 = overflowing_add'0 {[%#schecked_ops21] (250 : UInt8.t)} {[%#schecked_ops22] (10 : UInt8.t)} + (fun (_ret':(UInt8.t, bool)) -> [ &res1 <- _ret' ] s1) | s1 = bb27 ] | bb27 = s0 - [ s0 = UInt8.eq {let (r'0, _) = res1 in r'0} {[%#schecked_ops23] (4 : uint8)} + [ s0 = UInt8.eq {let (r'0, _) = res1 in r'0} {[%#schecked_ops23] (4 : UInt8.t)} (fun (_ret':bool) -> [ &_36 <- _ret' ] s1) | s1 = any [ br0 -> {_36 = false} (! bb31) | br1 -> {_36} (! bb28) ] ] @@ -260,22 +262,22 @@ module M_checked_ops__test_u8_add_example [#"checked_ops.rs" 5 0 5 28] ) [ & _0 : () = any_l () | & _2 : bool = any_l () - | & _3 : uint8 = any_l () + | & _3 : UInt8.t = any_l () | & _4 : t_Option'0 = any_l () | & _7 : bool = any_l () | & _9 : t_Option'0 = any_l () | & _12 : bool = any_l () - | & _13 : uint8 = any_l () + | & _13 : UInt8.t = any_l () | & _16 : bool = any_l () - | & _17 : uint8 = any_l () + | & _17 : UInt8.t = any_l () | & _20 : bool = any_l () - | & _21 : uint8 = any_l () + | & _21 : UInt8.t = any_l () | & _24 : bool = any_l () - | & _25 : uint8 = any_l () - | & res : (uint8, bool) = any_l () + | & _25 : UInt8.t = any_l () + | & res : (UInt8.t, bool) = any_l () | & _29 : bool = any_l () | & _31 : bool = any_l () - | & res1 : (uint8, bool) = any_l () + | & res1 : (UInt8.t, bool) = any_l () | & _36 : bool = any_l () | & _38 : bool = any_l () ] [ return' (result:())-> (! return' {result}) ] @@ -294,41 +296,41 @@ module M_checked_ops__test_u8_add_overflow [#"checked_ops.rs" 23 0 23 34] let%span schecked_ops10 = "checked_ops.rs" 25 4 25 43 let%span schecked_ops11 = "checked_ops.rs" 24 4 24 43 let%span schecked_ops12 = "checked_ops.rs" 22 11 22 18 - let%span snum13 = "../../../creusot-contracts/src/std/num.rs" 128 20 129 89 - let%span snum14 = "../../../creusot-contracts/src/std/num.rs" 132 26 132 87 + let%span snum13 = "../../../creusot-contracts/src/std/num.rs" 171 20 172 89 + let%span snum14 = "../../../creusot-contracts/src/std/num.rs" 175 26 175 87 let%span soption15 = "../../../creusot-contracts/src/std/option.rs" 51 26 51 51 - let%span snum16 = "../../../creusot-contracts/src/std/num.rs" 140 20 140 93 - let%span snum17 = "../../../creusot-contracts/src/std/num.rs" 144 20 145 51 - let%span snum18 = "../../../creusot-contracts/src/std/num.rs" 151 20 153 92 - let%span snum19 = "../../../creusot-contracts/src/std/num.rs" 156 20 158 92 - let%span snum20 = "../../../creusot-contracts/src/std/num.rs" 168 20 169 51 - let%span snum21 = "../../../creusot-contracts/src/std/num.rs" 172 26 172 83 - let%span snum22 = "../../../creusot-contracts/src/std/num.rs" 173 26 173 83 - let%span snum23 = "../../../creusot-contracts/src/std/num.rs" 182 20 182 95 - let%span snum24 = "../../../creusot-contracts/src/std/num.rs" 186 20 187 53 - let%span snum25 = "../../../creusot-contracts/src/std/num.rs" 193 20 195 94 - let%span snum26 = "../../../creusot-contracts/src/std/num.rs" 198 20 200 94 - let%span snum27 = "../../../creusot-contracts/src/std/num.rs" 204 20 204 98 + let%span snum16 = "../../../creusot-contracts/src/std/num.rs" 183 20 183 93 + let%span snum17 = "../../../creusot-contracts/src/std/num.rs" 187 20 188 51 + let%span snum18 = "../../../creusot-contracts/src/std/num.rs" 194 20 196 92 + let%span snum19 = "../../../creusot-contracts/src/std/num.rs" 199 20 201 92 + let%span snum20 = "../../../creusot-contracts/src/std/num.rs" 211 20 212 51 + let%span snum21 = "../../../creusot-contracts/src/std/num.rs" 215 26 215 83 + let%span snum22 = "../../../creusot-contracts/src/std/num.rs" 216 26 216 83 + let%span snum23 = "../../../creusot-contracts/src/std/num.rs" 225 20 225 95 + let%span snum24 = "../../../creusot-contracts/src/std/num.rs" 229 20 230 53 + let%span snum25 = "../../../creusot-contracts/src/std/num.rs" 236 20 238 94 + let%span snum26 = "../../../creusot-contracts/src/std/num.rs" 241 20 243 94 + let%span snum27 = "../../../creusot-contracts/src/std/num.rs" 247 20 247 98 + + use prelude.prelude.Int use prelude.prelude.UInt8 type t_Option'0 = | C_None'0 - | C_Some'0 uint8 + | C_Some'0 UInt8.t use prelude.prelude.UInt8 - use prelude.prelude.Int - - constant v_MIN'0 : uint8 = (0 : uint8) + constant v_MIN'0 : UInt8.t = (0 : UInt8.t) - constant v_MAX'0 : uint8 = (255 : uint8) + constant v_MAX'0 : UInt8.t = (255 : UInt8.t) - let rec checked_add'0 (self:uint8) (rhs:uint8) (return' (ret:t_Option'0))= any + let rec checked_add'0 (self:UInt8.t) (rhs:UInt8.t) (return' (ret:t_Option'0))= any [ return' (result:t_Option'0)-> {[%#snum13] (result = C_None'0) - = (UInt8.to_int self + UInt8.to_int rhs < UInt8.to_int (v_MIN'0 : uint8) - \/ UInt8.to_int self + UInt8.to_int rhs > UInt8.to_int (v_MAX'0 : uint8))} - {[%#snum14] forall r : uint8 . result = C_Some'0 r -> UInt8.to_int r = UInt8.to_int self + UInt8.to_int rhs} + = (UInt8.to_uint self + UInt8.to_uint rhs < UInt8.to_uint (v_MIN'0 : UInt8.t) + \/ UInt8.to_uint self + UInt8.to_uint rhs > UInt8.to_uint (v_MAX'0 : UInt8.t))} + {[%#snum14] forall r : UInt8.t . result = C_Some'0 r -> UInt8.to_uint r = UInt8.to_uint self + UInt8.to_uint rhs} (! return' {result}) ] @@ -343,7 +345,7 @@ module M_checked_ops__test_u8_add_overflow [#"checked_ops.rs" 23 0 23 34] use prelude.prelude.UInt32 - constant v_BITS'0 : uint32 = (8 : uint32) + constant v_BITS'0 : UInt32.t = (8 : UInt32.t) use prelude.prelude.UInt32 @@ -351,57 +353,59 @@ module M_checked_ops__test_u8_add_overflow [#"checked_ops.rs" 23 0 23 34] use int.EuclideanDivision - let rec wrapping_add'0 (self:uint8) (rhs:uint8) (return' (ret:uint8))= any - [ return' (result:uint8)-> {[%#snum16] UInt8.to_int result - = EuclideanDivision.mod (UInt8.to_int self + UInt8.to_int rhs) (Power.power 2 (UInt32.to_int (v_BITS'0 : uint32))) - + UInt8.to_int (v_MIN'0 : uint8)} - {[%#snum17] UInt8.to_int self + UInt8.to_int rhs >= UInt8.to_int (v_MIN'0 : uint8) - /\ UInt8.to_int self + UInt8.to_int rhs <= UInt8.to_int (v_MAX'0 : uint8) - -> UInt8.to_int result = UInt8.to_int self + UInt8.to_int rhs} - {[%#snum18] UInt8.to_int self + UInt8.to_int rhs < UInt8.to_int (v_MIN'0 : uint8) + let rec wrapping_add'0 (self:UInt8.t) (rhs:UInt8.t) (return' (ret:UInt8.t))= any + [ return' (result:UInt8.t)-> {[%#snum16] UInt8.to_uint result + = EuclideanDivision.mod (UInt8.to_uint self + + UInt8.to_uint rhs) (Power.power 2 (UInt32.to_uint (v_BITS'0 : UInt32.t))) + + UInt8.to_uint (v_MIN'0 : UInt8.t)} + {[%#snum17] UInt8.to_uint self + UInt8.to_uint rhs >= UInt8.to_uint (v_MIN'0 : UInt8.t) + /\ UInt8.to_uint self + UInt8.to_uint rhs <= UInt8.to_uint (v_MAX'0 : UInt8.t) + -> UInt8.to_uint result = UInt8.to_uint self + UInt8.to_uint rhs} + {[%#snum18] UInt8.to_uint self + UInt8.to_uint rhs < UInt8.to_uint (v_MIN'0 : UInt8.t) -> (exists k : int . k > 0 - /\ UInt8.to_int result - = UInt8.to_int self + UInt8.to_int rhs - + k * (UInt8.to_int (v_MAX'0 : uint8) - UInt8.to_int (v_MIN'0 : uint8) + 1))} - {[%#snum19] UInt8.to_int self + UInt8.to_int rhs > UInt8.to_int (v_MAX'0 : uint8) + /\ UInt8.to_uint result + = UInt8.to_uint self + UInt8.to_uint rhs + + k * (UInt8.to_uint (v_MAX'0 : UInt8.t) - UInt8.to_uint (v_MIN'0 : UInt8.t) + 1))} + {[%#snum19] UInt8.to_uint self + UInt8.to_uint rhs > UInt8.to_uint (v_MAX'0 : UInt8.t) -> (exists k : int . k > 0 - /\ UInt8.to_int result - = UInt8.to_int self + UInt8.to_int rhs - - k * (UInt8.to_int (v_MAX'0 : uint8) - UInt8.to_int (v_MIN'0 : uint8) + 1))} + /\ UInt8.to_uint result + = UInt8.to_uint self + UInt8.to_uint rhs + - k * (UInt8.to_uint (v_MAX'0 : UInt8.t) - UInt8.to_uint (v_MIN'0 : UInt8.t) + 1))} (! return' {result}) ] - let rec saturating_add'0 (self:uint8) (rhs:uint8) (return' (ret:uint8))= any - [ return' (result:uint8)-> {[%#snum20] UInt8.to_int self + UInt8.to_int rhs >= UInt8.to_int (v_MIN'0 : uint8) - /\ UInt8.to_int self + UInt8.to_int rhs <= UInt8.to_int (v_MAX'0 : uint8) - -> UInt8.to_int result = UInt8.to_int self + UInt8.to_int rhs} - {[%#snum21] UInt8.to_int self + UInt8.to_int rhs < UInt8.to_int (v_MIN'0 : uint8) - -> UInt8.to_int result = UInt8.to_int (v_MIN'0 : uint8)} - {[%#snum22] UInt8.to_int self + UInt8.to_int rhs > UInt8.to_int (v_MAX'0 : uint8) - -> UInt8.to_int result = UInt8.to_int (v_MAX'0 : uint8)} + let rec saturating_add'0 (self:UInt8.t) (rhs:UInt8.t) (return' (ret:UInt8.t))= any + [ return' (result:UInt8.t)-> {[%#snum20] UInt8.to_uint self + UInt8.to_uint rhs >= UInt8.to_uint (v_MIN'0 : UInt8.t) + /\ UInt8.to_uint self + UInt8.to_uint rhs <= UInt8.to_uint (v_MAX'0 : UInt8.t) + -> UInt8.to_uint result = UInt8.to_uint self + UInt8.to_uint rhs} + {[%#snum21] UInt8.to_uint self + UInt8.to_uint rhs < UInt8.to_uint (v_MIN'0 : UInt8.t) + -> UInt8.to_uint result = UInt8.to_uint (v_MIN'0 : UInt8.t)} + {[%#snum22] UInt8.to_uint self + UInt8.to_uint rhs > UInt8.to_uint (v_MAX'0 : UInt8.t) + -> UInt8.to_uint result = UInt8.to_uint (v_MAX'0 : UInt8.t)} (! return' {result}) ] - let rec overflowing_add'0 (self:uint8) (rhs:uint8) (return' (ret:(uint8, bool)))= any - [ return' (result:(uint8, bool))-> {[%#snum23] UInt8.to_int (let (a, _) = result in a) - = EuclideanDivision.mod (UInt8.to_int self + UInt8.to_int rhs) (Power.power 2 (UInt32.to_int (v_BITS'0 : uint32))) - + UInt8.to_int (v_MIN'0 : uint8)} - {[%#snum24] UInt8.to_int self + UInt8.to_int rhs >= UInt8.to_int (v_MIN'0 : uint8) - /\ UInt8.to_int self + UInt8.to_int rhs <= UInt8.to_int (v_MAX'0 : uint8) - -> UInt8.to_int (let (a, _) = result in a) = UInt8.to_int self + UInt8.to_int rhs} - {[%#snum25] UInt8.to_int self + UInt8.to_int rhs < UInt8.to_int (v_MIN'0 : uint8) + let rec overflowing_add'0 (self:UInt8.t) (rhs:UInt8.t) (return' (ret:(UInt8.t, bool)))= any + [ return' (result:(UInt8.t, bool))-> {[%#snum23] UInt8.to_uint (let (a, _) = result in a) + = EuclideanDivision.mod (UInt8.to_uint self + + UInt8.to_uint rhs) (Power.power 2 (UInt32.to_uint (v_BITS'0 : UInt32.t))) + + UInt8.to_uint (v_MIN'0 : UInt8.t)} + {[%#snum24] UInt8.to_uint self + UInt8.to_uint rhs >= UInt8.to_uint (v_MIN'0 : UInt8.t) + /\ UInt8.to_uint self + UInt8.to_uint rhs <= UInt8.to_uint (v_MAX'0 : UInt8.t) + -> UInt8.to_uint (let (a, _) = result in a) = UInt8.to_uint self + UInt8.to_uint rhs} + {[%#snum25] UInt8.to_uint self + UInt8.to_uint rhs < UInt8.to_uint (v_MIN'0 : UInt8.t) -> (exists k : int . k > 0 - /\ UInt8.to_int (let (a, _) = result in a) - = UInt8.to_int self + UInt8.to_int rhs - + k * (UInt8.to_int (v_MAX'0 : uint8) - UInt8.to_int (v_MIN'0 : uint8) + 1))} - {[%#snum26] UInt8.to_int self + UInt8.to_int rhs > UInt8.to_int (v_MAX'0 : uint8) + /\ UInt8.to_uint (let (a, _) = result in a) + = UInt8.to_uint self + UInt8.to_uint rhs + + k * (UInt8.to_uint (v_MAX'0 : UInt8.t) - UInt8.to_uint (v_MIN'0 : UInt8.t) + 1))} + {[%#snum26] UInt8.to_uint self + UInt8.to_uint rhs > UInt8.to_uint (v_MAX'0 : UInt8.t) -> (exists k : int . k > 0 - /\ UInt8.to_int (let (a, _) = result in a) - = UInt8.to_int self + UInt8.to_int rhs - - k * (UInt8.to_int (v_MAX'0 : uint8) - UInt8.to_int (v_MIN'0 : uint8) + 1))} + /\ UInt8.to_uint (let (a, _) = result in a) + = UInt8.to_uint self + UInt8.to_uint rhs + - k * (UInt8.to_uint (v_MAX'0 : UInt8.t) - UInt8.to_uint (v_MIN'0 : UInt8.t) + 1))} {[%#snum27] (let (_, a) = result in a) - = (UInt8.to_int self + UInt8.to_int rhs < UInt8.to_int (v_MIN'0 : uint8) - \/ UInt8.to_int self + UInt8.to_int rhs > UInt8.to_int (v_MAX'0 : uint8))} + = (UInt8.to_uint self + UInt8.to_uint rhs < UInt8.to_uint (v_MIN'0 : UInt8.t) + \/ UInt8.to_uint self + UInt8.to_uint rhs > UInt8.to_uint (v_MAX'0 : UInt8.t))} (! return' {result}) ] @@ -411,39 +415,39 @@ module M_checked_ops__test_u8_add_overflow [#"checked_ops.rs" 23 0 23 34] meta "compute_max_steps" 1000000 - let rec test_u8_add_overflow'0 (a:uint8) (return' (ret:()))= {[@expl:test_u8_add_overflow requires] [%#schecked_ops12] UInt8.to_int a + let rec test_u8_add_overflow'0 (a:UInt8.t) (return' (ret:()))= {[@expl:test_u8_add_overflow requires] [%#schecked_ops12] UInt8.to_uint a <> 0} (! bb0 [ bb0 = s0 - [ s0 = checked_add'0 {[%#schecked_ops0] (255 : uint8)} {a} (fun (_ret':t_Option'0) -> [ &_6 <- _ret' ] s1) + [ s0 = checked_add'0 {[%#schecked_ops0] (255 : UInt8.t)} {a} (fun (_ret':t_Option'0) -> [ &_6 <- _ret' ] s1) | s1 = bb1 ] | bb1 = s0 [ s0 = is_none'0 {_6} (fun (_ret':bool) -> [ &_4 <- _ret' ] s1) | s1 = bb2 ] | bb2 = any [ br0 -> {_4 = false} (! bb4) | br1 -> {_4} (! bb3) ] | bb3 = s0 - [ s0 = wrapping_add'0 {[%#schecked_ops1] (255 : uint8)} {a} (fun (_ret':uint8) -> [ &_11 <- _ret' ] s1) + [ s0 = wrapping_add'0 {[%#schecked_ops1] (255 : UInt8.t)} {a} (fun (_ret':UInt8.t) -> [ &_11 <- _ret' ] s1) | s1 = bb5 ] | bb5 = s0 - [ s0 = UInt8.sub {a} {[%#schecked_ops2] (1 : uint8)} (fun (_ret':uint8) -> [ &_13 <- _ret' ] s1) + [ s0 = UInt8.sub {a} {[%#schecked_ops2] (1 : UInt8.t)} (fun (_ret':UInt8.t) -> [ &_13 <- _ret' ] s1) | s1 = UInt8.eq {_11} {_13} (fun (_ret':bool) -> [ &_10 <- _ret' ] s2) | s2 = any [ br0 -> {_10 = false} (! bb7) | br1 -> {_10} (! bb6) ] ] | bb6 = s0 - [ s0 = saturating_add'0 {[%#schecked_ops3] (255 : uint8)} {a} (fun (_ret':uint8) -> [ &_18 <- _ret' ] s1) + [ s0 = saturating_add'0 {[%#schecked_ops3] (255 : UInt8.t)} {a} (fun (_ret':UInt8.t) -> [ &_18 <- _ret' ] s1) | s1 = bb8 ] | bb8 = s0 - [ s0 = UInt8.eq {_18} {[%#schecked_ops4] (255 : uint8)} (fun (_ret':bool) -> [ &_17 <- _ret' ] s1) + [ s0 = UInt8.eq {_18} {[%#schecked_ops4] (255 : UInt8.t)} (fun (_ret':bool) -> [ &_17 <- _ret' ] s1) | s1 = any [ br0 -> {_17 = false} (! bb10) | br1 -> {_17} (! bb9) ] ] | bb9 = s0 - [ s0 = overflowing_add'0 {[%#schecked_ops5] (255 : uint8)} {a} - (fun (_ret':(uint8, bool)) -> [ &res <- _ret' ] s1) + [ s0 = overflowing_add'0 {[%#schecked_ops5] (255 : UInt8.t)} {a} + (fun (_ret':(UInt8.t, bool)) -> [ &res <- _ret' ] s1) | s1 = bb11 ] | bb11 = s0 - [ s0 = UInt8.sub {a} {[%#schecked_ops6] (1 : uint8)} (fun (_ret':uint8) -> [ &_26 <- _ret' ] s1) + [ s0 = UInt8.sub {a} {[%#schecked_ops6] (1 : UInt8.t)} (fun (_ret':UInt8.t) -> [ &_26 <- _ret' ] s1) | s1 = UInt8.eq {let (r'0, _) = res in r'0} {_26} (fun (_ret':bool) -> [ &_24 <- _ret' ] s2) | s2 = any [ br0 -> {_24 = false} (! bb15) | br1 -> {_24} (! bb12) ] ] @@ -460,26 +464,26 @@ module M_checked_ops__test_u8_add_overflow [#"checked_ops.rs" 23 0 23 34] | bb4 = {[%#schecked_ops11] false} any ] ) [ & _0 : () = any_l () - | & a : uint8 = a + | & a : UInt8.t = a | & _4 : bool = any_l () | & _6 : t_Option'0 = any_l () | & _10 : bool = any_l () - | & _11 : uint8 = any_l () - | & _13 : uint8 = any_l () + | & _11 : UInt8.t = any_l () + | & _13 : UInt8.t = any_l () | & _17 : bool = any_l () - | & _18 : uint8 = any_l () - | & res : (uint8, bool) = any_l () + | & _18 : UInt8.t = any_l () + | & res : (UInt8.t, bool) = any_l () | & _24 : bool = any_l () - | & _26 : uint8 = any_l () + | & _26 : UInt8.t = any_l () | & _28 : bool = any_l () ] [ return' (result:())-> (! return' {result}) ] end module M_checked_ops__test_u8_wrapping_add [#"checked_ops.rs" 34 0 34 47] let%span schecked_ops0 = "checked_ops.rs" 33 10 33 56 - let%span snum1 = "../../../creusot-contracts/src/std/num.rs" 140 20 140 93 - let%span snum2 = "../../../creusot-contracts/src/std/num.rs" 144 20 145 51 - let%span snum3 = "../../../creusot-contracts/src/std/num.rs" 151 20 153 92 - let%span snum4 = "../../../creusot-contracts/src/std/num.rs" 156 20 158 92 + let%span snum1 = "../../../creusot-contracts/src/std/num.rs" 183 20 183 93 + let%span snum2 = "../../../creusot-contracts/src/std/num.rs" 187 20 188 51 + let%span snum3 = "../../../creusot-contracts/src/std/num.rs" 194 20 196 92 + let%span snum4 = "../../../creusot-contracts/src/std/num.rs" 199 20 201 92 use prelude.prelude.UInt8 @@ -487,7 +491,7 @@ module M_checked_ops__test_u8_wrapping_add [#"checked_ops.rs" 34 0 34 47] use prelude.prelude.UInt32 - constant v_BITS'0 : uint32 = (8 : uint32) + constant v_BITS'0 : UInt32.t = (8 : UInt32.t) use prelude.prelude.UInt32 @@ -497,27 +501,28 @@ module M_checked_ops__test_u8_wrapping_add [#"checked_ops.rs" 34 0 34 47] use prelude.prelude.UInt8 - constant v_MIN'0 : uint8 = (0 : uint8) + constant v_MIN'0 : UInt8.t = (0 : UInt8.t) - constant v_MAX'0 : uint8 = (255 : uint8) + constant v_MAX'0 : UInt8.t = (255 : UInt8.t) - let rec wrapping_add'0 (self:uint8) (rhs:uint8) (return' (ret:uint8))= any - [ return' (result:uint8)-> {[%#snum1] UInt8.to_int result - = EuclideanDivision.mod (UInt8.to_int self + UInt8.to_int rhs) (Power.power 2 (UInt32.to_int (v_BITS'0 : uint32))) - + UInt8.to_int (v_MIN'0 : uint8)} - {[%#snum2] UInt8.to_int self + UInt8.to_int rhs >= UInt8.to_int (v_MIN'0 : uint8) - /\ UInt8.to_int self + UInt8.to_int rhs <= UInt8.to_int (v_MAX'0 : uint8) - -> UInt8.to_int result = UInt8.to_int self + UInt8.to_int rhs} - {[%#snum3] UInt8.to_int self + UInt8.to_int rhs < UInt8.to_int (v_MIN'0 : uint8) + let rec wrapping_add'0 (self:UInt8.t) (rhs:UInt8.t) (return' (ret:UInt8.t))= any + [ return' (result:UInt8.t)-> {[%#snum1] UInt8.to_uint result + = EuclideanDivision.mod (UInt8.to_uint self + + UInt8.to_uint rhs) (Power.power 2 (UInt32.to_uint (v_BITS'0 : UInt32.t))) + + UInt8.to_uint (v_MIN'0 : UInt8.t)} + {[%#snum2] UInt8.to_uint self + UInt8.to_uint rhs >= UInt8.to_uint (v_MIN'0 : UInt8.t) + /\ UInt8.to_uint self + UInt8.to_uint rhs <= UInt8.to_uint (v_MAX'0 : UInt8.t) + -> UInt8.to_uint result = UInt8.to_uint self + UInt8.to_uint rhs} + {[%#snum3] UInt8.to_uint self + UInt8.to_uint rhs < UInt8.to_uint (v_MIN'0 : UInt8.t) -> (exists k : int . k > 0 - /\ UInt8.to_int result - = UInt8.to_int self + UInt8.to_int rhs - + k * (UInt8.to_int (v_MAX'0 : uint8) - UInt8.to_int (v_MIN'0 : uint8) + 1))} - {[%#snum4] UInt8.to_int self + UInt8.to_int rhs > UInt8.to_int (v_MAX'0 : uint8) + /\ UInt8.to_uint result + = UInt8.to_uint self + UInt8.to_uint rhs + + k * (UInt8.to_uint (v_MAX'0 : UInt8.t) - UInt8.to_uint (v_MIN'0 : UInt8.t) + 1))} + {[%#snum4] UInt8.to_uint self + UInt8.to_uint rhs > UInt8.to_uint (v_MAX'0 : UInt8.t) -> (exists k : int . k > 0 - /\ UInt8.to_int result - = UInt8.to_int self + UInt8.to_int rhs - - k * (UInt8.to_int (v_MAX'0 : uint8) - UInt8.to_int (v_MIN'0 : uint8) + 1))} + /\ UInt8.to_uint result + = UInt8.to_uint self + UInt8.to_uint rhs + - k * (UInt8.to_uint (v_MAX'0 : UInt8.t) - UInt8.to_uint (v_MIN'0 : UInt8.t) + 1))} (! return' {result}) ] @@ -525,30 +530,30 @@ module M_checked_ops__test_u8_wrapping_add [#"checked_ops.rs" 34 0 34 47] meta "compute_max_steps" 1000000 - let rec test_u8_wrapping_add'0 (a:uint8) (b:uint8) (return' (ret:uint8))= (! bb0 - [ bb0 = s0 [ s0 = wrapping_add'0 {a} {b} (fun (_ret':uint8) -> [ &_0 <- _ret' ] s1) | s1 = bb1 ] + let rec test_u8_wrapping_add'0 (a:UInt8.t) (b:UInt8.t) (return' (ret:UInt8.t))= (! bb0 + [ bb0 = s0 [ s0 = wrapping_add'0 {a} {b} (fun (_ret':UInt8.t) -> [ &_0 <- _ret' ] s1) | s1 = bb1 ] | bb1 = return' {_0} ] - ) [ & _0 : uint8 = any_l () | & a : uint8 = a | & b : uint8 = b ] - [ return' (result:uint8)-> {[@expl:test_u8_wrapping_add ensures] [%#schecked_ops0] UInt8.to_int result - = UInt8.to_int a + UInt8.to_int b - \/ UInt8.to_int result = UInt8.to_int a + UInt8.to_int b - 256} + ) [ & _0 : UInt8.t = any_l () | & a : UInt8.t = a | & b : UInt8.t = b ] + [ return' (result:UInt8.t)-> {[@expl:test_u8_wrapping_add ensures] [%#schecked_ops0] UInt8.to_uint result + = UInt8.to_uint a + UInt8.to_uint b + \/ UInt8.to_uint result = UInt8.to_uint a + UInt8.to_uint b - 256} (! return' {result}) ] end module M_checked_ops__test_u8_overflowing_add [#"checked_ops.rs" 39 0 39 44] let%span schecked_ops0 = "checked_ops.rs" 41 4 41 65 let%span schecked_ops1 = "checked_ops.rs" 40 4 40 56 - let%span snum2 = "../../../creusot-contracts/src/std/num.rs" 182 20 182 95 - let%span snum3 = "../../../creusot-contracts/src/std/num.rs" 186 20 187 53 - let%span snum4 = "../../../creusot-contracts/src/std/num.rs" 193 20 195 94 - let%span snum5 = "../../../creusot-contracts/src/std/num.rs" 198 20 200 94 - let%span snum6 = "../../../creusot-contracts/src/std/num.rs" 204 20 204 98 - let%span snum7 = "../../../creusot-contracts/src/std/num.rs" 140 20 140 93 - let%span snum8 = "../../../creusot-contracts/src/std/num.rs" 144 20 145 51 - let%span snum9 = "../../../creusot-contracts/src/std/num.rs" 151 20 153 92 - let%span snum10 = "../../../creusot-contracts/src/std/num.rs" 156 20 158 92 - let%span snum11 = "../../../creusot-contracts/src/std/num.rs" 128 20 129 89 - let%span snum12 = "../../../creusot-contracts/src/std/num.rs" 132 26 132 87 + let%span snum2 = "../../../creusot-contracts/src/std/num.rs" 225 20 225 95 + let%span snum3 = "../../../creusot-contracts/src/std/num.rs" 229 20 230 53 + let%span snum4 = "../../../creusot-contracts/src/std/num.rs" 236 20 238 94 + let%span snum5 = "../../../creusot-contracts/src/std/num.rs" 241 20 243 94 + let%span snum6 = "../../../creusot-contracts/src/std/num.rs" 247 20 247 98 + let%span snum7 = "../../../creusot-contracts/src/std/num.rs" 183 20 183 93 + let%span snum8 = "../../../creusot-contracts/src/std/num.rs" 187 20 188 51 + let%span snum9 = "../../../creusot-contracts/src/std/num.rs" 194 20 196 92 + let%span snum10 = "../../../creusot-contracts/src/std/num.rs" 199 20 201 92 + let%span snum11 = "../../../creusot-contracts/src/std/num.rs" 171 20 172 89 + let%span snum12 = "../../../creusot-contracts/src/std/num.rs" 175 26 175 87 let%span soption13 = "../../../creusot-contracts/src/std/option.rs" 51 26 51 51 use prelude.prelude.UInt8 @@ -557,7 +562,7 @@ module M_checked_ops__test_u8_overflowing_add [#"checked_ops.rs" 39 0 39 44] use prelude.prelude.UInt32 - constant v_BITS'0 : uint32 = (8 : uint32) + constant v_BITS'0 : UInt32.t = (8 : UInt32.t) use prelude.prelude.UInt32 @@ -567,62 +572,64 @@ module M_checked_ops__test_u8_overflowing_add [#"checked_ops.rs" 39 0 39 44] use prelude.prelude.UInt8 - constant v_MIN'0 : uint8 = (0 : uint8) + constant v_MIN'0 : UInt8.t = (0 : UInt8.t) - constant v_MAX'0 : uint8 = (255 : uint8) + constant v_MAX'0 : UInt8.t = (255 : UInt8.t) - let rec overflowing_add'0 (self:uint8) (rhs:uint8) (return' (ret:(uint8, bool)))= any - [ return' (result:(uint8, bool))-> {[%#snum2] UInt8.to_int (let (a, _) = result in a) - = EuclideanDivision.mod (UInt8.to_int self + UInt8.to_int rhs) (Power.power 2 (UInt32.to_int (v_BITS'0 : uint32))) - + UInt8.to_int (v_MIN'0 : uint8)} - {[%#snum3] UInt8.to_int self + UInt8.to_int rhs >= UInt8.to_int (v_MIN'0 : uint8) - /\ UInt8.to_int self + UInt8.to_int rhs <= UInt8.to_int (v_MAX'0 : uint8) - -> UInt8.to_int (let (a, _) = result in a) = UInt8.to_int self + UInt8.to_int rhs} - {[%#snum4] UInt8.to_int self + UInt8.to_int rhs < UInt8.to_int (v_MIN'0 : uint8) + let rec overflowing_add'0 (self:UInt8.t) (rhs:UInt8.t) (return' (ret:(UInt8.t, bool)))= any + [ return' (result:(UInt8.t, bool))-> {[%#snum2] UInt8.to_uint (let (a, _) = result in a) + = EuclideanDivision.mod (UInt8.to_uint self + + UInt8.to_uint rhs) (Power.power 2 (UInt32.to_uint (v_BITS'0 : UInt32.t))) + + UInt8.to_uint (v_MIN'0 : UInt8.t)} + {[%#snum3] UInt8.to_uint self + UInt8.to_uint rhs >= UInt8.to_uint (v_MIN'0 : UInt8.t) + /\ UInt8.to_uint self + UInt8.to_uint rhs <= UInt8.to_uint (v_MAX'0 : UInt8.t) + -> UInt8.to_uint (let (a, _) = result in a) = UInt8.to_uint self + UInt8.to_uint rhs} + {[%#snum4] UInt8.to_uint self + UInt8.to_uint rhs < UInt8.to_uint (v_MIN'0 : UInt8.t) -> (exists k : int . k > 0 - /\ UInt8.to_int (let (a, _) = result in a) - = UInt8.to_int self + UInt8.to_int rhs - + k * (UInt8.to_int (v_MAX'0 : uint8) - UInt8.to_int (v_MIN'0 : uint8) + 1))} - {[%#snum5] UInt8.to_int self + UInt8.to_int rhs > UInt8.to_int (v_MAX'0 : uint8) + /\ UInt8.to_uint (let (a, _) = result in a) + = UInt8.to_uint self + UInt8.to_uint rhs + + k * (UInt8.to_uint (v_MAX'0 : UInt8.t) - UInt8.to_uint (v_MIN'0 : UInt8.t) + 1))} + {[%#snum5] UInt8.to_uint self + UInt8.to_uint rhs > UInt8.to_uint (v_MAX'0 : UInt8.t) -> (exists k : int . k > 0 - /\ UInt8.to_int (let (a, _) = result in a) - = UInt8.to_int self + UInt8.to_int rhs - - k * (UInt8.to_int (v_MAX'0 : uint8) - UInt8.to_int (v_MIN'0 : uint8) + 1))} + /\ UInt8.to_uint (let (a, _) = result in a) + = UInt8.to_uint self + UInt8.to_uint rhs + - k * (UInt8.to_uint (v_MAX'0 : UInt8.t) - UInt8.to_uint (v_MIN'0 : UInt8.t) + 1))} {[%#snum6] (let (_, a) = result in a) - = (UInt8.to_int self + UInt8.to_int rhs < UInt8.to_int (v_MIN'0 : uint8) - \/ UInt8.to_int self + UInt8.to_int rhs > UInt8.to_int (v_MAX'0 : uint8))} + = (UInt8.to_uint self + UInt8.to_uint rhs < UInt8.to_uint (v_MIN'0 : UInt8.t) + \/ UInt8.to_uint self + UInt8.to_uint rhs > UInt8.to_uint (v_MAX'0 : UInt8.t))} (! return' {result}) ] - let rec wrapping_add'0 (self:uint8) (rhs:uint8) (return' (ret:uint8))= any - [ return' (result:uint8)-> {[%#snum7] UInt8.to_int result - = EuclideanDivision.mod (UInt8.to_int self + UInt8.to_int rhs) (Power.power 2 (UInt32.to_int (v_BITS'0 : uint32))) - + UInt8.to_int (v_MIN'0 : uint8)} - {[%#snum8] UInt8.to_int self + UInt8.to_int rhs >= UInt8.to_int (v_MIN'0 : uint8) - /\ UInt8.to_int self + UInt8.to_int rhs <= UInt8.to_int (v_MAX'0 : uint8) - -> UInt8.to_int result = UInt8.to_int self + UInt8.to_int rhs} - {[%#snum9] UInt8.to_int self + UInt8.to_int rhs < UInt8.to_int (v_MIN'0 : uint8) + let rec wrapping_add'0 (self:UInt8.t) (rhs:UInt8.t) (return' (ret:UInt8.t))= any + [ return' (result:UInt8.t)-> {[%#snum7] UInt8.to_uint result + = EuclideanDivision.mod (UInt8.to_uint self + + UInt8.to_uint rhs) (Power.power 2 (UInt32.to_uint (v_BITS'0 : UInt32.t))) + + UInt8.to_uint (v_MIN'0 : UInt8.t)} + {[%#snum8] UInt8.to_uint self + UInt8.to_uint rhs >= UInt8.to_uint (v_MIN'0 : UInt8.t) + /\ UInt8.to_uint self + UInt8.to_uint rhs <= UInt8.to_uint (v_MAX'0 : UInt8.t) + -> UInt8.to_uint result = UInt8.to_uint self + UInt8.to_uint rhs} + {[%#snum9] UInt8.to_uint self + UInt8.to_uint rhs < UInt8.to_uint (v_MIN'0 : UInt8.t) -> (exists k : int . k > 0 - /\ UInt8.to_int result - = UInt8.to_int self + UInt8.to_int rhs - + k * (UInt8.to_int (v_MAX'0 : uint8) - UInt8.to_int (v_MIN'0 : uint8) + 1))} - {[%#snum10] UInt8.to_int self + UInt8.to_int rhs > UInt8.to_int (v_MAX'0 : uint8) + /\ UInt8.to_uint result + = UInt8.to_uint self + UInt8.to_uint rhs + + k * (UInt8.to_uint (v_MAX'0 : UInt8.t) - UInt8.to_uint (v_MIN'0 : UInt8.t) + 1))} + {[%#snum10] UInt8.to_uint self + UInt8.to_uint rhs > UInt8.to_uint (v_MAX'0 : UInt8.t) -> (exists k : int . k > 0 - /\ UInt8.to_int result - = UInt8.to_int self + UInt8.to_int rhs - - k * (UInt8.to_int (v_MAX'0 : uint8) - UInt8.to_int (v_MIN'0 : uint8) + 1))} + /\ UInt8.to_uint result + = UInt8.to_uint self + UInt8.to_uint rhs + - k * (UInt8.to_uint (v_MAX'0 : UInt8.t) - UInt8.to_uint (v_MIN'0 : UInt8.t) + 1))} (! return' {result}) ] type t_Option'0 = | C_None'0 - | C_Some'0 uint8 + | C_Some'0 UInt8.t - let rec checked_add'0 (self:uint8) (rhs:uint8) (return' (ret:t_Option'0))= any + let rec checked_add'0 (self:UInt8.t) (rhs:UInt8.t) (return' (ret:t_Option'0))= any [ return' (result:t_Option'0)-> {[%#snum11] (result = C_None'0) - = (UInt8.to_int self + UInt8.to_int rhs < UInt8.to_int (v_MIN'0 : uint8) - \/ UInt8.to_int self + UInt8.to_int rhs > UInt8.to_int (v_MAX'0 : uint8))} - {[%#snum12] forall r : uint8 . result = C_Some'0 r -> UInt8.to_int r = UInt8.to_int self + UInt8.to_int rhs} + = (UInt8.to_uint self + UInt8.to_uint rhs < UInt8.to_uint (v_MIN'0 : UInt8.t) + \/ UInt8.to_uint self + UInt8.to_uint rhs > UInt8.to_uint (v_MAX'0 : UInt8.t))} + {[%#snum12] forall r : UInt8.t . result = C_Some'0 r -> UInt8.to_uint r = UInt8.to_uint self + UInt8.to_uint rhs} (! return' {result}) ] @@ -641,14 +648,14 @@ module M_checked_ops__test_u8_overflowing_add [#"checked_ops.rs" 39 0 39 44] meta "compute_max_steps" 1000000 - let rec test_u8_overflowing_add'0 (a:uint8) (b:uint8) (return' (ret:()))= (! bb0 - [ bb0 = s0 [ s0 = overflowing_add'0 {a} {b} (fun (_ret':(uint8, bool)) -> [ &_6 <- _ret' ] s1) | s1 = bb1 ] - | bb1 = s0 [ s0 = wrapping_add'0 {a} {b} (fun (_ret':uint8) -> [ &_9 <- _ret' ] s1) | s1 = bb2 ] + let rec test_u8_overflowing_add'0 (a:UInt8.t) (b:UInt8.t) (return' (ret:()))= (! bb0 + [ bb0 = s0 [ s0 = overflowing_add'0 {a} {b} (fun (_ret':(UInt8.t, bool)) -> [ &_6 <- _ret' ] s1) | s1 = bb1 ] + | bb1 = s0 [ s0 = wrapping_add'0 {a} {b} (fun (_ret':UInt8.t) -> [ &_9 <- _ret' ] s1) | s1 = bb2 ] | bb2 = s0 [ s0 = UInt8.eq {let (r'0, _) = _6 in r'0} {_9} (fun (_ret':bool) -> [ &_4 <- _ret' ] s1) | s1 = any [ br0 -> {_4 = false} (! bb4) | br1 -> {_4} (! bb3) ] ] - | bb3 = s0 [ s0 = overflowing_add'0 {a} {b} (fun (_ret':(uint8, bool)) -> [ &_16 <- _ret' ] s1) | s1 = bb5 ] + | bb3 = s0 [ s0 = overflowing_add'0 {a} {b} (fun (_ret':(UInt8.t, bool)) -> [ &_16 <- _ret' ] s1) | s1 = bb5 ] | bb5 = s0 [ s0 = checked_add'0 {a} {b} (fun (_ret':t_Option'0) -> [ &_21 <- _ret' ] s1) | s1 = bb6 ] | bb6 = s0 [ s0 = is_none'0 {_21} (fun (_ret':bool) -> [ &_19 <- _ret' ] s1) | s1 = bb7 ] | bb7 = s0 @@ -660,13 +667,13 @@ module M_checked_ops__test_u8_overflowing_add [#"checked_ops.rs" 39 0 39 44] | bb4 = {[%#schecked_ops1] false} any ] ) [ & _0 : () = any_l () - | & a : uint8 = a - | & b : uint8 = b + | & a : UInt8.t = a + | & b : UInt8.t = b | & _4 : bool = any_l () - | & _6 : (uint8, bool) = any_l () - | & _9 : uint8 = any_l () + | & _6 : (UInt8.t, bool) = any_l () + | & _9 : UInt8.t = any_l () | & _14 : bool = any_l () - | & _16 : (uint8, bool) = any_l () + | & _16 : (UInt8.t, bool) = any_l () | & _19 : bool = any_l () | & _21 : t_Option'0 = any_l () ] [ return' (result:())-> (! return' {result}) ] @@ -705,42 +712,42 @@ module M_checked_ops__test_u8_sub_example [#"checked_ops.rs" 45 0 45 28] let%span schecked_ops30 = "checked_ops.rs" 49 4 49 40 let%span schecked_ops31 = "checked_ops.rs" 47 4 47 50 let%span schecked_ops32 = "checked_ops.rs" 46 4 46 42 - let%span snum33 = "../../../creusot-contracts/src/std/num.rs" 128 20 129 89 - let%span snum34 = "../../../creusot-contracts/src/std/num.rs" 132 26 132 87 + let%span snum33 = "../../../creusot-contracts/src/std/num.rs" 171 20 172 89 + let%span snum34 = "../../../creusot-contracts/src/std/num.rs" 175 26 175 87 let%span soption35 = "../../../creusot-contracts/src/std/option.rs" 51 26 51 51 let%span soption36 = "../../../creusot-contracts/src/std/option.rs" 31 0 423 1 - let%span snum37 = "../../../creusot-contracts/src/std/num.rs" 140 20 140 93 - let%span snum38 = "../../../creusot-contracts/src/std/num.rs" 144 20 145 51 - let%span snum39 = "../../../creusot-contracts/src/std/num.rs" 151 20 153 92 - let%span snum40 = "../../../creusot-contracts/src/std/num.rs" 156 20 158 92 - let%span snum41 = "../../../creusot-contracts/src/std/num.rs" 168 20 169 51 - let%span snum42 = "../../../creusot-contracts/src/std/num.rs" 172 26 172 83 - let%span snum43 = "../../../creusot-contracts/src/std/num.rs" 173 26 173 83 - let%span snum44 = "../../../creusot-contracts/src/std/num.rs" 182 20 182 95 - let%span snum45 = "../../../creusot-contracts/src/std/num.rs" 186 20 187 53 - let%span snum46 = "../../../creusot-contracts/src/std/num.rs" 193 20 195 94 - let%span snum47 = "../../../creusot-contracts/src/std/num.rs" 198 20 200 94 - let%span snum48 = "../../../creusot-contracts/src/std/num.rs" 204 20 204 98 + let%span snum37 = "../../../creusot-contracts/src/std/num.rs" 183 20 183 93 + let%span snum38 = "../../../creusot-contracts/src/std/num.rs" 187 20 188 51 + let%span snum39 = "../../../creusot-contracts/src/std/num.rs" 194 20 196 92 + let%span snum40 = "../../../creusot-contracts/src/std/num.rs" 199 20 201 92 + let%span snum41 = "../../../creusot-contracts/src/std/num.rs" 211 20 212 51 + let%span snum42 = "../../../creusot-contracts/src/std/num.rs" 215 26 215 83 + let%span snum43 = "../../../creusot-contracts/src/std/num.rs" 216 26 216 83 + let%span snum44 = "../../../creusot-contracts/src/std/num.rs" 225 20 225 95 + let%span snum45 = "../../../creusot-contracts/src/std/num.rs" 229 20 230 53 + let%span snum46 = "../../../creusot-contracts/src/std/num.rs" 236 20 238 94 + let%span snum47 = "../../../creusot-contracts/src/std/num.rs" 241 20 243 94 + let%span snum48 = "../../../creusot-contracts/src/std/num.rs" 247 20 247 98 + + use prelude.prelude.Int use prelude.prelude.UInt8 type t_Option'0 = | C_None'0 - | C_Some'0 uint8 + | C_Some'0 UInt8.t use prelude.prelude.UInt8 - use prelude.prelude.Int + constant v_MIN'0 : UInt8.t = (0 : UInt8.t) - constant v_MIN'0 : uint8 = (0 : uint8) + constant v_MAX'0 : UInt8.t = (255 : UInt8.t) - constant v_MAX'0 : uint8 = (255 : uint8) - - let rec checked_sub'0 (self:uint8) (rhs:uint8) (return' (ret:t_Option'0))= any + let rec checked_sub'0 (self:UInt8.t) (rhs:UInt8.t) (return' (ret:t_Option'0))= any [ return' (result:t_Option'0)-> {[%#snum33] (result = C_None'0) - = (UInt8.to_int self - UInt8.to_int rhs < UInt8.to_int (v_MIN'0 : uint8) - \/ UInt8.to_int self - UInt8.to_int rhs > UInt8.to_int (v_MAX'0 : uint8))} - {[%#snum34] forall r : uint8 . result = C_Some'0 r -> UInt8.to_int r = UInt8.to_int self - UInt8.to_int rhs} + = (UInt8.to_uint self - UInt8.to_uint rhs < UInt8.to_uint (v_MIN'0 : UInt8.t) + \/ UInt8.to_uint self - UInt8.to_uint rhs > UInt8.to_uint (v_MAX'0 : UInt8.t))} + {[%#snum34] forall r : UInt8.t . result = C_Some'0 r -> UInt8.to_uint r = UInt8.to_uint self - UInt8.to_uint rhs} (! return' {result}) ] @@ -757,17 +764,17 @@ module M_checked_ops__test_u8_sub_example [#"checked_ops.rs" 45 0 45 28] axiom inv_axiom'1 [@rewrite] : forall x : t_Option'0 [inv'1 x] . inv'1 x = true - predicate inv'2 (_1 : uint8) + predicate inv'2 (_1 : UInt8.t) - axiom inv_axiom'2 [@rewrite] : forall x : uint8 [inv'2 x] . inv'2 x = true + axiom inv_axiom'2 [@rewrite] : forall x : UInt8.t [inv'2 x] . inv'2 x = true - let rec unwrap'0 (self:t_Option'0) (return' (ret:uint8))= {[@expl:unwrap 'self' type invariant] inv'1 self} + let rec unwrap'0 (self:t_Option'0) (return' (ret:UInt8.t))= {[@expl:unwrap 'self' type invariant] inv'1 self} {[@expl:unwrap requires] [%#soption36] self <> C_None'0} - any [ return' (result:uint8)-> {inv'2 result} {[%#soption36] C_Some'0 result = self} (! return' {result}) ] + any [ return' (result:UInt8.t)-> {inv'2 result} {[%#soption36] C_Some'0 result = self} (! return' {result}) ] use prelude.prelude.UInt32 - constant v_BITS'0 : uint32 = (8 : uint32) + constant v_BITS'0 : UInt32.t = (8 : UInt32.t) use prelude.prelude.UInt32 @@ -775,57 +782,59 @@ module M_checked_ops__test_u8_sub_example [#"checked_ops.rs" 45 0 45 28] use int.EuclideanDivision - let rec wrapping_sub'0 (self:uint8) (rhs:uint8) (return' (ret:uint8))= any - [ return' (result:uint8)-> {[%#snum37] UInt8.to_int result - = EuclideanDivision.mod (UInt8.to_int self - UInt8.to_int rhs) (Power.power 2 (UInt32.to_int (v_BITS'0 : uint32))) - + UInt8.to_int (v_MIN'0 : uint8)} - {[%#snum38] UInt8.to_int self - UInt8.to_int rhs >= UInt8.to_int (v_MIN'0 : uint8) - /\ UInt8.to_int self - UInt8.to_int rhs <= UInt8.to_int (v_MAX'0 : uint8) - -> UInt8.to_int result = UInt8.to_int self - UInt8.to_int rhs} - {[%#snum39] UInt8.to_int self - UInt8.to_int rhs < UInt8.to_int (v_MIN'0 : uint8) + let rec wrapping_sub'0 (self:UInt8.t) (rhs:UInt8.t) (return' (ret:UInt8.t))= any + [ return' (result:UInt8.t)-> {[%#snum37] UInt8.to_uint result + = EuclideanDivision.mod (UInt8.to_uint self + - UInt8.to_uint rhs) (Power.power 2 (UInt32.to_uint (v_BITS'0 : UInt32.t))) + + UInt8.to_uint (v_MIN'0 : UInt8.t)} + {[%#snum38] UInt8.to_uint self - UInt8.to_uint rhs >= UInt8.to_uint (v_MIN'0 : UInt8.t) + /\ UInt8.to_uint self - UInt8.to_uint rhs <= UInt8.to_uint (v_MAX'0 : UInt8.t) + -> UInt8.to_uint result = UInt8.to_uint self - UInt8.to_uint rhs} + {[%#snum39] UInt8.to_uint self - UInt8.to_uint rhs < UInt8.to_uint (v_MIN'0 : UInt8.t) -> (exists k : int . k > 0 - /\ UInt8.to_int result - = UInt8.to_int self - UInt8.to_int rhs - + k * (UInt8.to_int (v_MAX'0 : uint8) - UInt8.to_int (v_MIN'0 : uint8) + 1))} - {[%#snum40] UInt8.to_int self - UInt8.to_int rhs > UInt8.to_int (v_MAX'0 : uint8) + /\ UInt8.to_uint result + = UInt8.to_uint self - UInt8.to_uint rhs + + k * (UInt8.to_uint (v_MAX'0 : UInt8.t) - UInt8.to_uint (v_MIN'0 : UInt8.t) + 1))} + {[%#snum40] UInt8.to_uint self - UInt8.to_uint rhs > UInt8.to_uint (v_MAX'0 : UInt8.t) -> (exists k : int . k > 0 - /\ UInt8.to_int result - = UInt8.to_int self - UInt8.to_int rhs - - k * (UInt8.to_int (v_MAX'0 : uint8) - UInt8.to_int (v_MIN'0 : uint8) + 1))} + /\ UInt8.to_uint result + = UInt8.to_uint self - UInt8.to_uint rhs + - k * (UInt8.to_uint (v_MAX'0 : UInt8.t) - UInt8.to_uint (v_MIN'0 : UInt8.t) + 1))} (! return' {result}) ] - let rec saturating_sub'0 (self:uint8) (rhs:uint8) (return' (ret:uint8))= any - [ return' (result:uint8)-> {[%#snum41] UInt8.to_int self - UInt8.to_int rhs >= UInt8.to_int (v_MIN'0 : uint8) - /\ UInt8.to_int self - UInt8.to_int rhs <= UInt8.to_int (v_MAX'0 : uint8) - -> UInt8.to_int result = UInt8.to_int self - UInt8.to_int rhs} - {[%#snum42] UInt8.to_int self - UInt8.to_int rhs < UInt8.to_int (v_MIN'0 : uint8) - -> UInt8.to_int result = UInt8.to_int (v_MIN'0 : uint8)} - {[%#snum43] UInt8.to_int self - UInt8.to_int rhs > UInt8.to_int (v_MAX'0 : uint8) - -> UInt8.to_int result = UInt8.to_int (v_MAX'0 : uint8)} + let rec saturating_sub'0 (self:UInt8.t) (rhs:UInt8.t) (return' (ret:UInt8.t))= any + [ return' (result:UInt8.t)-> {[%#snum41] UInt8.to_uint self - UInt8.to_uint rhs >= UInt8.to_uint (v_MIN'0 : UInt8.t) + /\ UInt8.to_uint self - UInt8.to_uint rhs <= UInt8.to_uint (v_MAX'0 : UInt8.t) + -> UInt8.to_uint result = UInt8.to_uint self - UInt8.to_uint rhs} + {[%#snum42] UInt8.to_uint self - UInt8.to_uint rhs < UInt8.to_uint (v_MIN'0 : UInt8.t) + -> UInt8.to_uint result = UInt8.to_uint (v_MIN'0 : UInt8.t)} + {[%#snum43] UInt8.to_uint self - UInt8.to_uint rhs > UInt8.to_uint (v_MAX'0 : UInt8.t) + -> UInt8.to_uint result = UInt8.to_uint (v_MAX'0 : UInt8.t)} (! return' {result}) ] - let rec overflowing_sub'0 (self:uint8) (rhs:uint8) (return' (ret:(uint8, bool)))= any - [ return' (result:(uint8, bool))-> {[%#snum44] UInt8.to_int (let (a, _) = result in a) - = EuclideanDivision.mod (UInt8.to_int self - UInt8.to_int rhs) (Power.power 2 (UInt32.to_int (v_BITS'0 : uint32))) - + UInt8.to_int (v_MIN'0 : uint8)} - {[%#snum45] UInt8.to_int self - UInt8.to_int rhs >= UInt8.to_int (v_MIN'0 : uint8) - /\ UInt8.to_int self - UInt8.to_int rhs <= UInt8.to_int (v_MAX'0 : uint8) - -> UInt8.to_int (let (a, _) = result in a) = UInt8.to_int self - UInt8.to_int rhs} - {[%#snum46] UInt8.to_int self - UInt8.to_int rhs < UInt8.to_int (v_MIN'0 : uint8) + let rec overflowing_sub'0 (self:UInt8.t) (rhs:UInt8.t) (return' (ret:(UInt8.t, bool)))= any + [ return' (result:(UInt8.t, bool))-> {[%#snum44] UInt8.to_uint (let (a, _) = result in a) + = EuclideanDivision.mod (UInt8.to_uint self + - UInt8.to_uint rhs) (Power.power 2 (UInt32.to_uint (v_BITS'0 : UInt32.t))) + + UInt8.to_uint (v_MIN'0 : UInt8.t)} + {[%#snum45] UInt8.to_uint self - UInt8.to_uint rhs >= UInt8.to_uint (v_MIN'0 : UInt8.t) + /\ UInt8.to_uint self - UInt8.to_uint rhs <= UInt8.to_uint (v_MAX'0 : UInt8.t) + -> UInt8.to_uint (let (a, _) = result in a) = UInt8.to_uint self - UInt8.to_uint rhs} + {[%#snum46] UInt8.to_uint self - UInt8.to_uint rhs < UInt8.to_uint (v_MIN'0 : UInt8.t) -> (exists k : int . k > 0 - /\ UInt8.to_int (let (a, _) = result in a) - = UInt8.to_int self - UInt8.to_int rhs - + k * (UInt8.to_int (v_MAX'0 : uint8) - UInt8.to_int (v_MIN'0 : uint8) + 1))} - {[%#snum47] UInt8.to_int self - UInt8.to_int rhs > UInt8.to_int (v_MAX'0 : uint8) + /\ UInt8.to_uint (let (a, _) = result in a) + = UInt8.to_uint self - UInt8.to_uint rhs + + k * (UInt8.to_uint (v_MAX'0 : UInt8.t) - UInt8.to_uint (v_MIN'0 : UInt8.t) + 1))} + {[%#snum47] UInt8.to_uint self - UInt8.to_uint rhs > UInt8.to_uint (v_MAX'0 : UInt8.t) -> (exists k : int . k > 0 - /\ UInt8.to_int (let (a, _) = result in a) - = UInt8.to_int self - UInt8.to_int rhs - - k * (UInt8.to_int (v_MAX'0 : uint8) - UInt8.to_int (v_MIN'0 : uint8) + 1))} + /\ UInt8.to_uint (let (a, _) = result in a) + = UInt8.to_uint self - UInt8.to_uint rhs + - k * (UInt8.to_uint (v_MAX'0 : UInt8.t) - UInt8.to_uint (v_MIN'0 : UInt8.t) + 1))} {[%#snum48] (let (_, a) = result in a) - = (UInt8.to_int self - UInt8.to_int rhs < UInt8.to_int (v_MIN'0 : uint8) - \/ UInt8.to_int self - UInt8.to_int rhs > UInt8.to_int (v_MAX'0 : uint8))} + = (UInt8.to_uint self - UInt8.to_uint rhs < UInt8.to_uint (v_MIN'0 : UInt8.t) + \/ UInt8.to_uint self - UInt8.to_uint rhs > UInt8.to_uint (v_MAX'0 : UInt8.t))} (! return' {result}) ] @@ -837,65 +846,65 @@ module M_checked_ops__test_u8_sub_example [#"checked_ops.rs" 45 0 45 28] let rec test_u8_sub_example'0 (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 - [ s0 = checked_sub'0 {[%#schecked_ops0] (5 : uint8)} {[%#schecked_ops1] (10 : uint8)} + [ s0 = checked_sub'0 {[%#schecked_ops0] (5 : UInt8.t)} {[%#schecked_ops1] (10 : UInt8.t)} (fun (_ret':t_Option'0) -> [ &_4 <- _ret' ] s1) | s1 = bb1 ] | bb1 = s0 [ s0 = is_none'0 {_4} (fun (_ret':bool) -> [ &_2 <- _ret' ] s1) | s1 = bb2 ] | bb2 = any [ br0 -> {_2 = false} (! bb4) | br1 -> {_2} (! bb3) ] | bb3 = s0 - [ s0 = checked_sub'0 {[%#schecked_ops2] (250 : uint8)} {[%#schecked_ops3] (10 : uint8)} + [ s0 = checked_sub'0 {[%#schecked_ops2] (250 : UInt8.t)} {[%#schecked_ops3] (10 : UInt8.t)} (fun (_ret':t_Option'0) -> [ &_9 <- _ret' ] s1) | s1 = bb5 ] - | bb5 = s0 [ s0 = unwrap'0 {_9} (fun (_ret':uint8) -> [ &_8 <- _ret' ] s1) | s1 = bb6 ] + | bb5 = s0 [ s0 = unwrap'0 {_9} (fun (_ret':UInt8.t) -> [ &_8 <- _ret' ] s1) | s1 = bb6 ] | bb6 = s0 - [ s0 = UInt8.eq {_8} {[%#schecked_ops4] (240 : uint8)} (fun (_ret':bool) -> [ &_7 <- _ret' ] s1) + [ s0 = UInt8.eq {_8} {[%#schecked_ops4] (240 : UInt8.t)} (fun (_ret':bool) -> [ &_7 <- _ret' ] s1) | s1 = any [ br0 -> {_7 = false} (! bb8) | br1 -> {_7} (! bb7) ] ] | bb7 = s0 - [ s0 = wrapping_sub'0 {[%#schecked_ops5] (5 : uint8)} {[%#schecked_ops6] (10 : uint8)} - (fun (_ret':uint8) -> [ &_13 <- _ret' ] s1) + [ s0 = wrapping_sub'0 {[%#schecked_ops5] (5 : UInt8.t)} {[%#schecked_ops6] (10 : UInt8.t)} + (fun (_ret':UInt8.t) -> [ &_13 <- _ret' ] s1) | s1 = bb9 ] | bb9 = s0 - [ s0 = UInt8.eq {_13} {[%#schecked_ops7] (251 : uint8)} (fun (_ret':bool) -> [ &_12 <- _ret' ] s1) + [ s0 = UInt8.eq {_13} {[%#schecked_ops7] (251 : UInt8.t)} (fun (_ret':bool) -> [ &_12 <- _ret' ] s1) | s1 = any [ br0 -> {_12 = false} (! bb11) | br1 -> {_12} (! bb10) ] ] | bb10 = s0 - [ s0 = wrapping_sub'0 {[%#schecked_ops8] (250 : uint8)} {[%#schecked_ops9] (10 : uint8)} - (fun (_ret':uint8) -> [ &_17 <- _ret' ] s1) + [ s0 = wrapping_sub'0 {[%#schecked_ops8] (250 : UInt8.t)} {[%#schecked_ops9] (10 : UInt8.t)} + (fun (_ret':UInt8.t) -> [ &_17 <- _ret' ] s1) | s1 = bb12 ] | bb12 = s0 - [ s0 = UInt8.eq {_17} {[%#schecked_ops10] (240 : uint8)} (fun (_ret':bool) -> [ &_16 <- _ret' ] s1) + [ s0 = UInt8.eq {_17} {[%#schecked_ops10] (240 : UInt8.t)} (fun (_ret':bool) -> [ &_16 <- _ret' ] s1) | s1 = any [ br0 -> {_16 = false} (! bb14) | br1 -> {_16} (! bb13) ] ] | bb13 = s0 - [ s0 = saturating_sub'0 {[%#schecked_ops11] (5 : uint8)} {[%#schecked_ops12] (10 : uint8)} - (fun (_ret':uint8) -> [ &_21 <- _ret' ] s1) + [ s0 = saturating_sub'0 {[%#schecked_ops11] (5 : UInt8.t)} {[%#schecked_ops12] (10 : UInt8.t)} + (fun (_ret':UInt8.t) -> [ &_21 <- _ret' ] s1) | s1 = bb15 ] | bb15 = s0 - [ s0 = UInt8.eq {_21} {[%#schecked_ops13] (0 : uint8)} (fun (_ret':bool) -> [ &_20 <- _ret' ] s1) + [ s0 = UInt8.eq {_21} {[%#schecked_ops13] (0 : UInt8.t)} (fun (_ret':bool) -> [ &_20 <- _ret' ] s1) | s1 = any [ br0 -> {_20 = false} (! bb17) | br1 -> {_20} (! bb16) ] ] | bb16 = s0 - [ s0 = saturating_sub'0 {[%#schecked_ops14] (250 : uint8)} {[%#schecked_ops15] (10 : uint8)} - (fun (_ret':uint8) -> [ &_25 <- _ret' ] s1) + [ s0 = saturating_sub'0 {[%#schecked_ops14] (250 : UInt8.t)} {[%#schecked_ops15] (10 : UInt8.t)} + (fun (_ret':UInt8.t) -> [ &_25 <- _ret' ] s1) | s1 = bb18 ] | bb18 = s0 - [ s0 = UInt8.eq {_25} {[%#schecked_ops16] (240 : uint8)} (fun (_ret':bool) -> [ &_24 <- _ret' ] s1) + [ s0 = UInt8.eq {_25} {[%#schecked_ops16] (240 : UInt8.t)} (fun (_ret':bool) -> [ &_24 <- _ret' ] s1) | s1 = any [ br0 -> {_24 = false} (! bb20) | br1 -> {_24} (! bb19) ] ] | bb19 = s0 - [ s0 = overflowing_sub'0 {[%#schecked_ops17] (5 : uint8)} {[%#schecked_ops18] (10 : uint8)} - (fun (_ret':(uint8, bool)) -> [ &res <- _ret' ] s1) + [ s0 = overflowing_sub'0 {[%#schecked_ops17] (5 : UInt8.t)} {[%#schecked_ops18] (10 : UInt8.t)} + (fun (_ret':(UInt8.t, bool)) -> [ &res <- _ret' ] s1) | s1 = bb21 ] | bb21 = s0 - [ s0 = UInt8.eq {let (r'0, _) = res in r'0} {[%#schecked_ops19] (251 : uint8)} + [ s0 = UInt8.eq {let (r'0, _) = res in r'0} {[%#schecked_ops19] (251 : UInt8.t)} (fun (_ret':bool) -> [ &_29 <- _ret' ] s1) | s1 = any [ br0 -> {_29 = false} (! bb25) | br1 -> {_29} (! bb22) ] ] @@ -904,12 +913,12 @@ module M_checked_ops__test_u8_sub_example [#"checked_ops.rs" 45 0 45 28] | s1 = any [ br0 -> {_31 = false} (! bb24) | br1 -> {_31} (! bb23) ] ] | bb23 = s0 - [ s0 = overflowing_sub'0 {[%#schecked_ops21] (250 : uint8)} {[%#schecked_ops22] (10 : uint8)} - (fun (_ret':(uint8, bool)) -> [ &res1 <- _ret' ] s1) + [ s0 = overflowing_sub'0 {[%#schecked_ops21] (250 : UInt8.t)} {[%#schecked_ops22] (10 : UInt8.t)} + (fun (_ret':(UInt8.t, bool)) -> [ &res1 <- _ret' ] s1) | s1 = bb27 ] | bb27 = s0 - [ s0 = UInt8.eq {let (r'0, _) = res1 in r'0} {[%#schecked_ops23] (240 : uint8)} + [ s0 = UInt8.eq {let (r'0, _) = res1 in r'0} {[%#schecked_ops23] (240 : UInt8.t)} (fun (_ret':bool) -> [ &_36 <- _ret' ] s1) | s1 = any [ br0 -> {_36 = false} (! bb31) | br1 -> {_36} (! bb28) ] ] @@ -935,20 +944,20 @@ module M_checked_ops__test_u8_sub_example [#"checked_ops.rs" 45 0 45 28] | & _2 : bool = any_l () | & _4 : t_Option'0 = any_l () | & _7 : bool = any_l () - | & _8 : uint8 = any_l () + | & _8 : UInt8.t = any_l () | & _9 : t_Option'0 = any_l () | & _12 : bool = any_l () - | & _13 : uint8 = any_l () + | & _13 : UInt8.t = any_l () | & _16 : bool = any_l () - | & _17 : uint8 = any_l () + | & _17 : UInt8.t = any_l () | & _20 : bool = any_l () - | & _21 : uint8 = any_l () + | & _21 : UInt8.t = any_l () | & _24 : bool = any_l () - | & _25 : uint8 = any_l () - | & res : (uint8, bool) = any_l () + | & _25 : UInt8.t = any_l () + | & res : (UInt8.t, bool) = any_l () | & _29 : bool = any_l () | & _31 : bool = any_l () - | & res1 : (uint8, bool) = any_l () + | & res1 : (UInt8.t, bool) = any_l () | & _36 : bool = any_l () | & _38 : bool = any_l () ] [ return' (result:())-> (! return' {result}) ] @@ -969,41 +978,41 @@ module M_checked_ops__test_u8_sub_overflow [#"checked_ops.rs" 63 0 63 34] let%span schecked_ops12 = "checked_ops.rs" 65 4 65 47 let%span schecked_ops13 = "checked_ops.rs" 64 4 64 41 let%span schecked_ops14 = "checked_ops.rs" 62 11 62 18 - let%span snum15 = "../../../creusot-contracts/src/std/num.rs" 128 20 129 89 - let%span snum16 = "../../../creusot-contracts/src/std/num.rs" 132 26 132 87 + let%span snum15 = "../../../creusot-contracts/src/std/num.rs" 171 20 172 89 + let%span snum16 = "../../../creusot-contracts/src/std/num.rs" 175 26 175 87 let%span soption17 = "../../../creusot-contracts/src/std/option.rs" 51 26 51 51 - let%span snum18 = "../../../creusot-contracts/src/std/num.rs" 140 20 140 93 - let%span snum19 = "../../../creusot-contracts/src/std/num.rs" 144 20 145 51 - let%span snum20 = "../../../creusot-contracts/src/std/num.rs" 151 20 153 92 - let%span snum21 = "../../../creusot-contracts/src/std/num.rs" 156 20 158 92 - let%span snum22 = "../../../creusot-contracts/src/std/num.rs" 168 20 169 51 - let%span snum23 = "../../../creusot-contracts/src/std/num.rs" 172 26 172 83 - let%span snum24 = "../../../creusot-contracts/src/std/num.rs" 173 26 173 83 - let%span snum25 = "../../../creusot-contracts/src/std/num.rs" 182 20 182 95 - let%span snum26 = "../../../creusot-contracts/src/std/num.rs" 186 20 187 53 - let%span snum27 = "../../../creusot-contracts/src/std/num.rs" 193 20 195 94 - let%span snum28 = "../../../creusot-contracts/src/std/num.rs" 198 20 200 94 - let%span snum29 = "../../../creusot-contracts/src/std/num.rs" 204 20 204 98 + let%span snum18 = "../../../creusot-contracts/src/std/num.rs" 183 20 183 93 + let%span snum19 = "../../../creusot-contracts/src/std/num.rs" 187 20 188 51 + let%span snum20 = "../../../creusot-contracts/src/std/num.rs" 194 20 196 92 + let%span snum21 = "../../../creusot-contracts/src/std/num.rs" 199 20 201 92 + let%span snum22 = "../../../creusot-contracts/src/std/num.rs" 211 20 212 51 + let%span snum23 = "../../../creusot-contracts/src/std/num.rs" 215 26 215 83 + let%span snum24 = "../../../creusot-contracts/src/std/num.rs" 216 26 216 83 + let%span snum25 = "../../../creusot-contracts/src/std/num.rs" 225 20 225 95 + let%span snum26 = "../../../creusot-contracts/src/std/num.rs" 229 20 230 53 + let%span snum27 = "../../../creusot-contracts/src/std/num.rs" 236 20 238 94 + let%span snum28 = "../../../creusot-contracts/src/std/num.rs" 241 20 243 94 + let%span snum29 = "../../../creusot-contracts/src/std/num.rs" 247 20 247 98 + + use prelude.prelude.Int use prelude.prelude.UInt8 type t_Option'0 = | C_None'0 - | C_Some'0 uint8 + | C_Some'0 UInt8.t use prelude.prelude.UInt8 - use prelude.prelude.Int - - constant v_MIN'0 : uint8 = (0 : uint8) + constant v_MIN'0 : UInt8.t = (0 : UInt8.t) - constant v_MAX'0 : uint8 = (255 : uint8) + constant v_MAX'0 : UInt8.t = (255 : UInt8.t) - let rec checked_sub'0 (self:uint8) (rhs:uint8) (return' (ret:t_Option'0))= any + let rec checked_sub'0 (self:UInt8.t) (rhs:UInt8.t) (return' (ret:t_Option'0))= any [ return' (result:t_Option'0)-> {[%#snum15] (result = C_None'0) - = (UInt8.to_int self - UInt8.to_int rhs < UInt8.to_int (v_MIN'0 : uint8) - \/ UInt8.to_int self - UInt8.to_int rhs > UInt8.to_int (v_MAX'0 : uint8))} - {[%#snum16] forall r : uint8 . result = C_Some'0 r -> UInt8.to_int r = UInt8.to_int self - UInt8.to_int rhs} + = (UInt8.to_uint self - UInt8.to_uint rhs < UInt8.to_uint (v_MIN'0 : UInt8.t) + \/ UInt8.to_uint self - UInt8.to_uint rhs > UInt8.to_uint (v_MAX'0 : UInt8.t))} + {[%#snum16] forall r : UInt8.t . result = C_Some'0 r -> UInt8.to_uint r = UInt8.to_uint self - UInt8.to_uint rhs} (! return' {result}) ] @@ -1018,7 +1027,7 @@ module M_checked_ops__test_u8_sub_overflow [#"checked_ops.rs" 63 0 63 34] use prelude.prelude.UInt32 - constant v_BITS'0 : uint32 = (8 : uint32) + constant v_BITS'0 : UInt32.t = (8 : UInt32.t) use prelude.prelude.UInt32 @@ -1026,57 +1035,59 @@ module M_checked_ops__test_u8_sub_overflow [#"checked_ops.rs" 63 0 63 34] use int.EuclideanDivision - let rec wrapping_sub'0 (self:uint8) (rhs:uint8) (return' (ret:uint8))= any - [ return' (result:uint8)-> {[%#snum18] UInt8.to_int result - = EuclideanDivision.mod (UInt8.to_int self - UInt8.to_int rhs) (Power.power 2 (UInt32.to_int (v_BITS'0 : uint32))) - + UInt8.to_int (v_MIN'0 : uint8)} - {[%#snum19] UInt8.to_int self - UInt8.to_int rhs >= UInt8.to_int (v_MIN'0 : uint8) - /\ UInt8.to_int self - UInt8.to_int rhs <= UInt8.to_int (v_MAX'0 : uint8) - -> UInt8.to_int result = UInt8.to_int self - UInt8.to_int rhs} - {[%#snum20] UInt8.to_int self - UInt8.to_int rhs < UInt8.to_int (v_MIN'0 : uint8) + let rec wrapping_sub'0 (self:UInt8.t) (rhs:UInt8.t) (return' (ret:UInt8.t))= any + [ return' (result:UInt8.t)-> {[%#snum18] UInt8.to_uint result + = EuclideanDivision.mod (UInt8.to_uint self + - UInt8.to_uint rhs) (Power.power 2 (UInt32.to_uint (v_BITS'0 : UInt32.t))) + + UInt8.to_uint (v_MIN'0 : UInt8.t)} + {[%#snum19] UInt8.to_uint self - UInt8.to_uint rhs >= UInt8.to_uint (v_MIN'0 : UInt8.t) + /\ UInt8.to_uint self - UInt8.to_uint rhs <= UInt8.to_uint (v_MAX'0 : UInt8.t) + -> UInt8.to_uint result = UInt8.to_uint self - UInt8.to_uint rhs} + {[%#snum20] UInt8.to_uint self - UInt8.to_uint rhs < UInt8.to_uint (v_MIN'0 : UInt8.t) -> (exists k : int . k > 0 - /\ UInt8.to_int result - = UInt8.to_int self - UInt8.to_int rhs - + k * (UInt8.to_int (v_MAX'0 : uint8) - UInt8.to_int (v_MIN'0 : uint8) + 1))} - {[%#snum21] UInt8.to_int self - UInt8.to_int rhs > UInt8.to_int (v_MAX'0 : uint8) + /\ UInt8.to_uint result + = UInt8.to_uint self - UInt8.to_uint rhs + + k * (UInt8.to_uint (v_MAX'0 : UInt8.t) - UInt8.to_uint (v_MIN'0 : UInt8.t) + 1))} + {[%#snum21] UInt8.to_uint self - UInt8.to_uint rhs > UInt8.to_uint (v_MAX'0 : UInt8.t) -> (exists k : int . k > 0 - /\ UInt8.to_int result - = UInt8.to_int self - UInt8.to_int rhs - - k * (UInt8.to_int (v_MAX'0 : uint8) - UInt8.to_int (v_MIN'0 : uint8) + 1))} + /\ UInt8.to_uint result + = UInt8.to_uint self - UInt8.to_uint rhs + - k * (UInt8.to_uint (v_MAX'0 : UInt8.t) - UInt8.to_uint (v_MIN'0 : UInt8.t) + 1))} (! return' {result}) ] - let rec saturating_sub'0 (self:uint8) (rhs:uint8) (return' (ret:uint8))= any - [ return' (result:uint8)-> {[%#snum22] UInt8.to_int self - UInt8.to_int rhs >= UInt8.to_int (v_MIN'0 : uint8) - /\ UInt8.to_int self - UInt8.to_int rhs <= UInt8.to_int (v_MAX'0 : uint8) - -> UInt8.to_int result = UInt8.to_int self - UInt8.to_int rhs} - {[%#snum23] UInt8.to_int self - UInt8.to_int rhs < UInt8.to_int (v_MIN'0 : uint8) - -> UInt8.to_int result = UInt8.to_int (v_MIN'0 : uint8)} - {[%#snum24] UInt8.to_int self - UInt8.to_int rhs > UInt8.to_int (v_MAX'0 : uint8) - -> UInt8.to_int result = UInt8.to_int (v_MAX'0 : uint8)} + let rec saturating_sub'0 (self:UInt8.t) (rhs:UInt8.t) (return' (ret:UInt8.t))= any + [ return' (result:UInt8.t)-> {[%#snum22] UInt8.to_uint self - UInt8.to_uint rhs >= UInt8.to_uint (v_MIN'0 : UInt8.t) + /\ UInt8.to_uint self - UInt8.to_uint rhs <= UInt8.to_uint (v_MAX'0 : UInt8.t) + -> UInt8.to_uint result = UInt8.to_uint self - UInt8.to_uint rhs} + {[%#snum23] UInt8.to_uint self - UInt8.to_uint rhs < UInt8.to_uint (v_MIN'0 : UInt8.t) + -> UInt8.to_uint result = UInt8.to_uint (v_MIN'0 : UInt8.t)} + {[%#snum24] UInt8.to_uint self - UInt8.to_uint rhs > UInt8.to_uint (v_MAX'0 : UInt8.t) + -> UInt8.to_uint result = UInt8.to_uint (v_MAX'0 : UInt8.t)} (! return' {result}) ] - let rec overflowing_sub'0 (self:uint8) (rhs:uint8) (return' (ret:(uint8, bool)))= any - [ return' (result:(uint8, bool))-> {[%#snum25] UInt8.to_int (let (a, _) = result in a) - = EuclideanDivision.mod (UInt8.to_int self - UInt8.to_int rhs) (Power.power 2 (UInt32.to_int (v_BITS'0 : uint32))) - + UInt8.to_int (v_MIN'0 : uint8)} - {[%#snum26] UInt8.to_int self - UInt8.to_int rhs >= UInt8.to_int (v_MIN'0 : uint8) - /\ UInt8.to_int self - UInt8.to_int rhs <= UInt8.to_int (v_MAX'0 : uint8) - -> UInt8.to_int (let (a, _) = result in a) = UInt8.to_int self - UInt8.to_int rhs} - {[%#snum27] UInt8.to_int self - UInt8.to_int rhs < UInt8.to_int (v_MIN'0 : uint8) + let rec overflowing_sub'0 (self:UInt8.t) (rhs:UInt8.t) (return' (ret:(UInt8.t, bool)))= any + [ return' (result:(UInt8.t, bool))-> {[%#snum25] UInt8.to_uint (let (a, _) = result in a) + = EuclideanDivision.mod (UInt8.to_uint self + - UInt8.to_uint rhs) (Power.power 2 (UInt32.to_uint (v_BITS'0 : UInt32.t))) + + UInt8.to_uint (v_MIN'0 : UInt8.t)} + {[%#snum26] UInt8.to_uint self - UInt8.to_uint rhs >= UInt8.to_uint (v_MIN'0 : UInt8.t) + /\ UInt8.to_uint self - UInt8.to_uint rhs <= UInt8.to_uint (v_MAX'0 : UInt8.t) + -> UInt8.to_uint (let (a, _) = result in a) = UInt8.to_uint self - UInt8.to_uint rhs} + {[%#snum27] UInt8.to_uint self - UInt8.to_uint rhs < UInt8.to_uint (v_MIN'0 : UInt8.t) -> (exists k : int . k > 0 - /\ UInt8.to_int (let (a, _) = result in a) - = UInt8.to_int self - UInt8.to_int rhs - + k * (UInt8.to_int (v_MAX'0 : uint8) - UInt8.to_int (v_MIN'0 : uint8) + 1))} - {[%#snum28] UInt8.to_int self - UInt8.to_int rhs > UInt8.to_int (v_MAX'0 : uint8) + /\ UInt8.to_uint (let (a, _) = result in a) + = UInt8.to_uint self - UInt8.to_uint rhs + + k * (UInt8.to_uint (v_MAX'0 : UInt8.t) - UInt8.to_uint (v_MIN'0 : UInt8.t) + 1))} + {[%#snum28] UInt8.to_uint self - UInt8.to_uint rhs > UInt8.to_uint (v_MAX'0 : UInt8.t) -> (exists k : int . k > 0 - /\ UInt8.to_int (let (a, _) = result in a) - = UInt8.to_int self - UInt8.to_int rhs - - k * (UInt8.to_int (v_MAX'0 : uint8) - UInt8.to_int (v_MIN'0 : uint8) + 1))} + /\ UInt8.to_uint (let (a, _) = result in a) + = UInt8.to_uint self - UInt8.to_uint rhs + - k * (UInt8.to_uint (v_MAX'0 : UInt8.t) - UInt8.to_uint (v_MIN'0 : UInt8.t) + 1))} {[%#snum29] (let (_, a) = result in a) - = (UInt8.to_int self - UInt8.to_int rhs < UInt8.to_int (v_MIN'0 : uint8) - \/ UInt8.to_int self - UInt8.to_int rhs > UInt8.to_int (v_MAX'0 : uint8))} + = (UInt8.to_uint self - UInt8.to_uint rhs < UInt8.to_uint (v_MIN'0 : UInt8.t) + \/ UInt8.to_uint self - UInt8.to_uint rhs > UInt8.to_uint (v_MAX'0 : UInt8.t))} (! return' {result}) ] @@ -1086,40 +1097,41 @@ module M_checked_ops__test_u8_sub_overflow [#"checked_ops.rs" 63 0 63 34] meta "compute_max_steps" 1000000 - let rec test_u8_sub_overflow'0 (a:uint8) (return' (ret:()))= {[@expl:test_u8_sub_overflow requires] [%#schecked_ops14] UInt8.to_int a + let rec test_u8_sub_overflow'0 (a:UInt8.t) (return' (ret:()))= {[@expl:test_u8_sub_overflow requires] [%#schecked_ops14] UInt8.to_uint a <> 0} (! bb0 [ bb0 = s0 - [ s0 = checked_sub'0 {[%#schecked_ops0] (0 : uint8)} {a} (fun (_ret':t_Option'0) -> [ &_6 <- _ret' ] s1) + [ s0 = checked_sub'0 {[%#schecked_ops0] (0 : UInt8.t)} {a} (fun (_ret':t_Option'0) -> [ &_6 <- _ret' ] s1) | s1 = bb1 ] | bb1 = s0 [ s0 = is_none'0 {_6} (fun (_ret':bool) -> [ &_4 <- _ret' ] s1) | s1 = bb2 ] | bb2 = any [ br0 -> {_4 = false} (! bb4) | br1 -> {_4} (! bb3) ] | bb3 = s0 - [ s0 = wrapping_sub'0 {[%#schecked_ops1] (0 : uint8)} {a} (fun (_ret':uint8) -> [ &_11 <- _ret' ] s1) + [ s0 = wrapping_sub'0 {[%#schecked_ops1] (0 : UInt8.t)} {a} (fun (_ret':UInt8.t) -> [ &_11 <- _ret' ] s1) | s1 = bb5 ] | bb5 = s0 - [ s0 = UInt8.sub {[%#schecked_ops2] (255 : uint8)} {a} (fun (_ret':uint8) -> [ &_14 <- _ret' ] s1) - | s1 = UInt8.add {_14} {[%#schecked_ops3] (1 : uint8)} (fun (_ret':uint8) -> [ &_13 <- _ret' ] s2) + [ s0 = UInt8.sub {[%#schecked_ops2] (255 : UInt8.t)} {a} (fun (_ret':UInt8.t) -> [ &_14 <- _ret' ] s1) + | s1 = UInt8.add {_14} {[%#schecked_ops3] (1 : UInt8.t)} (fun (_ret':UInt8.t) -> [ &_13 <- _ret' ] s2) | s2 = UInt8.eq {_11} {_13} (fun (_ret':bool) -> [ &_10 <- _ret' ] s3) | s3 = any [ br0 -> {_10 = false} (! bb7) | br1 -> {_10} (! bb6) ] ] | bb6 = s0 - [ s0 = saturating_sub'0 {[%#schecked_ops4] (0 : uint8)} {a} (fun (_ret':uint8) -> [ &_19 <- _ret' ] s1) + [ s0 = saturating_sub'0 {[%#schecked_ops4] (0 : UInt8.t)} {a} (fun (_ret':UInt8.t) -> [ &_19 <- _ret' ] s1) | s1 = bb8 ] | bb8 = s0 - [ s0 = UInt8.eq {_19} {[%#schecked_ops5] (0 : uint8)} (fun (_ret':bool) -> [ &_18 <- _ret' ] s1) + [ s0 = UInt8.eq {_19} {[%#schecked_ops5] (0 : UInt8.t)} (fun (_ret':bool) -> [ &_18 <- _ret' ] s1) | s1 = any [ br0 -> {_18 = false} (! bb10) | br1 -> {_18} (! bb9) ] ] | bb9 = s0 - [ s0 = overflowing_sub'0 {[%#schecked_ops6] (0 : uint8)} {a} (fun (_ret':(uint8, bool)) -> [ &res <- _ret' ] s1) + [ s0 = overflowing_sub'0 {[%#schecked_ops6] (0 : UInt8.t)} {a} + (fun (_ret':(UInt8.t, bool)) -> [ &res <- _ret' ] s1) | s1 = bb11 ] | bb11 = s0 - [ s0 = UInt8.sub {[%#schecked_ops7] (255 : uint8)} {a} (fun (_ret':uint8) -> [ &_28 <- _ret' ] s1) - | s1 = UInt8.add {_28} {[%#schecked_ops8] (1 : uint8)} (fun (_ret':uint8) -> [ &_27 <- _ret' ] s2) + [ s0 = UInt8.sub {[%#schecked_ops7] (255 : UInt8.t)} {a} (fun (_ret':UInt8.t) -> [ &_28 <- _ret' ] s1) + | s1 = UInt8.add {_28} {[%#schecked_ops8] (1 : UInt8.t)} (fun (_ret':UInt8.t) -> [ &_27 <- _ret' ] s2) | s2 = UInt8.eq {let (r'0, _) = res in r'0} {_27} (fun (_ret':bool) -> [ &_25 <- _ret' ] s3) | s3 = any [ br0 -> {_25 = false} (! bb15) | br1 -> {_25} (! bb12) ] ] @@ -1136,28 +1148,28 @@ module M_checked_ops__test_u8_sub_overflow [#"checked_ops.rs" 63 0 63 34] | bb4 = {[%#schecked_ops13] false} any ] ) [ & _0 : () = any_l () - | & a : uint8 = a + | & a : UInt8.t = a | & _4 : bool = any_l () | & _6 : t_Option'0 = any_l () | & _10 : bool = any_l () - | & _11 : uint8 = any_l () - | & _13 : uint8 = any_l () - | & _14 : uint8 = any_l () + | & _11 : UInt8.t = any_l () + | & _13 : UInt8.t = any_l () + | & _14 : UInt8.t = any_l () | & _18 : bool = any_l () - | & _19 : uint8 = any_l () - | & res : (uint8, bool) = any_l () + | & _19 : UInt8.t = any_l () + | & res : (UInt8.t, bool) = any_l () | & _25 : bool = any_l () - | & _27 : uint8 = any_l () - | & _28 : uint8 = any_l () + | & _27 : UInt8.t = any_l () + | & _28 : UInt8.t = any_l () | & _30 : bool = any_l () ] [ return' (result:())-> (! return' {result}) ] end module M_checked_ops__test_u8_wrapping_sub [#"checked_ops.rs" 74 0 74 47] let%span schecked_ops0 = "checked_ops.rs" 73 10 73 56 - let%span snum1 = "../../../creusot-contracts/src/std/num.rs" 140 20 140 93 - let%span snum2 = "../../../creusot-contracts/src/std/num.rs" 144 20 145 51 - let%span snum3 = "../../../creusot-contracts/src/std/num.rs" 151 20 153 92 - let%span snum4 = "../../../creusot-contracts/src/std/num.rs" 156 20 158 92 + let%span snum1 = "../../../creusot-contracts/src/std/num.rs" 183 20 183 93 + let%span snum2 = "../../../creusot-contracts/src/std/num.rs" 187 20 188 51 + let%span snum3 = "../../../creusot-contracts/src/std/num.rs" 194 20 196 92 + let%span snum4 = "../../../creusot-contracts/src/std/num.rs" 199 20 201 92 use prelude.prelude.UInt8 @@ -1165,7 +1177,7 @@ module M_checked_ops__test_u8_wrapping_sub [#"checked_ops.rs" 74 0 74 47] use prelude.prelude.UInt32 - constant v_BITS'0 : uint32 = (8 : uint32) + constant v_BITS'0 : UInt32.t = (8 : UInt32.t) use prelude.prelude.UInt32 @@ -1175,27 +1187,28 @@ module M_checked_ops__test_u8_wrapping_sub [#"checked_ops.rs" 74 0 74 47] use prelude.prelude.UInt8 - constant v_MIN'0 : uint8 = (0 : uint8) + constant v_MIN'0 : UInt8.t = (0 : UInt8.t) - constant v_MAX'0 : uint8 = (255 : uint8) + constant v_MAX'0 : UInt8.t = (255 : UInt8.t) - let rec wrapping_sub'0 (self:uint8) (rhs:uint8) (return' (ret:uint8))= any - [ return' (result:uint8)-> {[%#snum1] UInt8.to_int result - = EuclideanDivision.mod (UInt8.to_int self - UInt8.to_int rhs) (Power.power 2 (UInt32.to_int (v_BITS'0 : uint32))) - + UInt8.to_int (v_MIN'0 : uint8)} - {[%#snum2] UInt8.to_int self - UInt8.to_int rhs >= UInt8.to_int (v_MIN'0 : uint8) - /\ UInt8.to_int self - UInt8.to_int rhs <= UInt8.to_int (v_MAX'0 : uint8) - -> UInt8.to_int result = UInt8.to_int self - UInt8.to_int rhs} - {[%#snum3] UInt8.to_int self - UInt8.to_int rhs < UInt8.to_int (v_MIN'0 : uint8) + let rec wrapping_sub'0 (self:UInt8.t) (rhs:UInt8.t) (return' (ret:UInt8.t))= any + [ return' (result:UInt8.t)-> {[%#snum1] UInt8.to_uint result + = EuclideanDivision.mod (UInt8.to_uint self + - UInt8.to_uint rhs) (Power.power 2 (UInt32.to_uint (v_BITS'0 : UInt32.t))) + + UInt8.to_uint (v_MIN'0 : UInt8.t)} + {[%#snum2] UInt8.to_uint self - UInt8.to_uint rhs >= UInt8.to_uint (v_MIN'0 : UInt8.t) + /\ UInt8.to_uint self - UInt8.to_uint rhs <= UInt8.to_uint (v_MAX'0 : UInt8.t) + -> UInt8.to_uint result = UInt8.to_uint self - UInt8.to_uint rhs} + {[%#snum3] UInt8.to_uint self - UInt8.to_uint rhs < UInt8.to_uint (v_MIN'0 : UInt8.t) -> (exists k : int . k > 0 - /\ UInt8.to_int result - = UInt8.to_int self - UInt8.to_int rhs - + k * (UInt8.to_int (v_MAX'0 : uint8) - UInt8.to_int (v_MIN'0 : uint8) + 1))} - {[%#snum4] UInt8.to_int self - UInt8.to_int rhs > UInt8.to_int (v_MAX'0 : uint8) + /\ UInt8.to_uint result + = UInt8.to_uint self - UInt8.to_uint rhs + + k * (UInt8.to_uint (v_MAX'0 : UInt8.t) - UInt8.to_uint (v_MIN'0 : UInt8.t) + 1))} + {[%#snum4] UInt8.to_uint self - UInt8.to_uint rhs > UInt8.to_uint (v_MAX'0 : UInt8.t) -> (exists k : int . k > 0 - /\ UInt8.to_int result - = UInt8.to_int self - UInt8.to_int rhs - - k * (UInt8.to_int (v_MAX'0 : uint8) - UInt8.to_int (v_MIN'0 : uint8) + 1))} + /\ UInt8.to_uint result + = UInt8.to_uint self - UInt8.to_uint rhs + - k * (UInt8.to_uint (v_MAX'0 : UInt8.t) - UInt8.to_uint (v_MIN'0 : UInt8.t) + 1))} (! return' {result}) ] @@ -1203,30 +1216,30 @@ module M_checked_ops__test_u8_wrapping_sub [#"checked_ops.rs" 74 0 74 47] meta "compute_max_steps" 1000000 - let rec test_u8_wrapping_sub'0 (a:uint8) (b:uint8) (return' (ret:uint8))= (! bb0 - [ bb0 = s0 [ s0 = wrapping_sub'0 {a} {b} (fun (_ret':uint8) -> [ &_0 <- _ret' ] s1) | s1 = bb1 ] + let rec test_u8_wrapping_sub'0 (a:UInt8.t) (b:UInt8.t) (return' (ret:UInt8.t))= (! bb0 + [ bb0 = s0 [ s0 = wrapping_sub'0 {a} {b} (fun (_ret':UInt8.t) -> [ &_0 <- _ret' ] s1) | s1 = bb1 ] | bb1 = return' {_0} ] - ) [ & _0 : uint8 = any_l () | & a : uint8 = a | & b : uint8 = b ] - [ return' (result:uint8)-> {[@expl:test_u8_wrapping_sub ensures] [%#schecked_ops0] UInt8.to_int result - = UInt8.to_int a - UInt8.to_int b - \/ UInt8.to_int result = UInt8.to_int a - UInt8.to_int b + 256} + ) [ & _0 : UInt8.t = any_l () | & a : UInt8.t = a | & b : UInt8.t = b ] + [ return' (result:UInt8.t)-> {[@expl:test_u8_wrapping_sub ensures] [%#schecked_ops0] UInt8.to_uint result + = UInt8.to_uint a - UInt8.to_uint b + \/ UInt8.to_uint result = UInt8.to_uint a - UInt8.to_uint b + 256} (! return' {result}) ] end module M_checked_ops__test_u8_overflowing_sub [#"checked_ops.rs" 79 0 79 44] let%span schecked_ops0 = "checked_ops.rs" 81 4 81 65 let%span schecked_ops1 = "checked_ops.rs" 80 4 80 56 - let%span snum2 = "../../../creusot-contracts/src/std/num.rs" 182 20 182 95 - let%span snum3 = "../../../creusot-contracts/src/std/num.rs" 186 20 187 53 - let%span snum4 = "../../../creusot-contracts/src/std/num.rs" 193 20 195 94 - let%span snum5 = "../../../creusot-contracts/src/std/num.rs" 198 20 200 94 - let%span snum6 = "../../../creusot-contracts/src/std/num.rs" 204 20 204 98 - let%span snum7 = "../../../creusot-contracts/src/std/num.rs" 140 20 140 93 - let%span snum8 = "../../../creusot-contracts/src/std/num.rs" 144 20 145 51 - let%span snum9 = "../../../creusot-contracts/src/std/num.rs" 151 20 153 92 - let%span snum10 = "../../../creusot-contracts/src/std/num.rs" 156 20 158 92 - let%span snum11 = "../../../creusot-contracts/src/std/num.rs" 128 20 129 89 - let%span snum12 = "../../../creusot-contracts/src/std/num.rs" 132 26 132 87 + let%span snum2 = "../../../creusot-contracts/src/std/num.rs" 225 20 225 95 + let%span snum3 = "../../../creusot-contracts/src/std/num.rs" 229 20 230 53 + let%span snum4 = "../../../creusot-contracts/src/std/num.rs" 236 20 238 94 + let%span snum5 = "../../../creusot-contracts/src/std/num.rs" 241 20 243 94 + let%span snum6 = "../../../creusot-contracts/src/std/num.rs" 247 20 247 98 + let%span snum7 = "../../../creusot-contracts/src/std/num.rs" 183 20 183 93 + let%span snum8 = "../../../creusot-contracts/src/std/num.rs" 187 20 188 51 + let%span snum9 = "../../../creusot-contracts/src/std/num.rs" 194 20 196 92 + let%span snum10 = "../../../creusot-contracts/src/std/num.rs" 199 20 201 92 + let%span snum11 = "../../../creusot-contracts/src/std/num.rs" 171 20 172 89 + let%span snum12 = "../../../creusot-contracts/src/std/num.rs" 175 26 175 87 let%span soption13 = "../../../creusot-contracts/src/std/option.rs" 51 26 51 51 use prelude.prelude.UInt8 @@ -1235,7 +1248,7 @@ module M_checked_ops__test_u8_overflowing_sub [#"checked_ops.rs" 79 0 79 44] use prelude.prelude.UInt32 - constant v_BITS'0 : uint32 = (8 : uint32) + constant v_BITS'0 : UInt32.t = (8 : UInt32.t) use prelude.prelude.UInt32 @@ -1245,62 +1258,64 @@ module M_checked_ops__test_u8_overflowing_sub [#"checked_ops.rs" 79 0 79 44] use prelude.prelude.UInt8 - constant v_MIN'0 : uint8 = (0 : uint8) + constant v_MIN'0 : UInt8.t = (0 : UInt8.t) - constant v_MAX'0 : uint8 = (255 : uint8) + constant v_MAX'0 : UInt8.t = (255 : UInt8.t) - let rec overflowing_sub'0 (self:uint8) (rhs:uint8) (return' (ret:(uint8, bool)))= any - [ return' (result:(uint8, bool))-> {[%#snum2] UInt8.to_int (let (a, _) = result in a) - = EuclideanDivision.mod (UInt8.to_int self - UInt8.to_int rhs) (Power.power 2 (UInt32.to_int (v_BITS'0 : uint32))) - + UInt8.to_int (v_MIN'0 : uint8)} - {[%#snum3] UInt8.to_int self - UInt8.to_int rhs >= UInt8.to_int (v_MIN'0 : uint8) - /\ UInt8.to_int self - UInt8.to_int rhs <= UInt8.to_int (v_MAX'0 : uint8) - -> UInt8.to_int (let (a, _) = result in a) = UInt8.to_int self - UInt8.to_int rhs} - {[%#snum4] UInt8.to_int self - UInt8.to_int rhs < UInt8.to_int (v_MIN'0 : uint8) + let rec overflowing_sub'0 (self:UInt8.t) (rhs:UInt8.t) (return' (ret:(UInt8.t, bool)))= any + [ return' (result:(UInt8.t, bool))-> {[%#snum2] UInt8.to_uint (let (a, _) = result in a) + = EuclideanDivision.mod (UInt8.to_uint self + - UInt8.to_uint rhs) (Power.power 2 (UInt32.to_uint (v_BITS'0 : UInt32.t))) + + UInt8.to_uint (v_MIN'0 : UInt8.t)} + {[%#snum3] UInt8.to_uint self - UInt8.to_uint rhs >= UInt8.to_uint (v_MIN'0 : UInt8.t) + /\ UInt8.to_uint self - UInt8.to_uint rhs <= UInt8.to_uint (v_MAX'0 : UInt8.t) + -> UInt8.to_uint (let (a, _) = result in a) = UInt8.to_uint self - UInt8.to_uint rhs} + {[%#snum4] UInt8.to_uint self - UInt8.to_uint rhs < UInt8.to_uint (v_MIN'0 : UInt8.t) -> (exists k : int . k > 0 - /\ UInt8.to_int (let (a, _) = result in a) - = UInt8.to_int self - UInt8.to_int rhs - + k * (UInt8.to_int (v_MAX'0 : uint8) - UInt8.to_int (v_MIN'0 : uint8) + 1))} - {[%#snum5] UInt8.to_int self - UInt8.to_int rhs > UInt8.to_int (v_MAX'0 : uint8) + /\ UInt8.to_uint (let (a, _) = result in a) + = UInt8.to_uint self - UInt8.to_uint rhs + + k * (UInt8.to_uint (v_MAX'0 : UInt8.t) - UInt8.to_uint (v_MIN'0 : UInt8.t) + 1))} + {[%#snum5] UInt8.to_uint self - UInt8.to_uint rhs > UInt8.to_uint (v_MAX'0 : UInt8.t) -> (exists k : int . k > 0 - /\ UInt8.to_int (let (a, _) = result in a) - = UInt8.to_int self - UInt8.to_int rhs - - k * (UInt8.to_int (v_MAX'0 : uint8) - UInt8.to_int (v_MIN'0 : uint8) + 1))} + /\ UInt8.to_uint (let (a, _) = result in a) + = UInt8.to_uint self - UInt8.to_uint rhs + - k * (UInt8.to_uint (v_MAX'0 : UInt8.t) - UInt8.to_uint (v_MIN'0 : UInt8.t) + 1))} {[%#snum6] (let (_, a) = result in a) - = (UInt8.to_int self - UInt8.to_int rhs < UInt8.to_int (v_MIN'0 : uint8) - \/ UInt8.to_int self - UInt8.to_int rhs > UInt8.to_int (v_MAX'0 : uint8))} + = (UInt8.to_uint self - UInt8.to_uint rhs < UInt8.to_uint (v_MIN'0 : UInt8.t) + \/ UInt8.to_uint self - UInt8.to_uint rhs > UInt8.to_uint (v_MAX'0 : UInt8.t))} (! return' {result}) ] - let rec wrapping_sub'0 (self:uint8) (rhs:uint8) (return' (ret:uint8))= any - [ return' (result:uint8)-> {[%#snum7] UInt8.to_int result - = EuclideanDivision.mod (UInt8.to_int self - UInt8.to_int rhs) (Power.power 2 (UInt32.to_int (v_BITS'0 : uint32))) - + UInt8.to_int (v_MIN'0 : uint8)} - {[%#snum8] UInt8.to_int self - UInt8.to_int rhs >= UInt8.to_int (v_MIN'0 : uint8) - /\ UInt8.to_int self - UInt8.to_int rhs <= UInt8.to_int (v_MAX'0 : uint8) - -> UInt8.to_int result = UInt8.to_int self - UInt8.to_int rhs} - {[%#snum9] UInt8.to_int self - UInt8.to_int rhs < UInt8.to_int (v_MIN'0 : uint8) + let rec wrapping_sub'0 (self:UInt8.t) (rhs:UInt8.t) (return' (ret:UInt8.t))= any + [ return' (result:UInt8.t)-> {[%#snum7] UInt8.to_uint result + = EuclideanDivision.mod (UInt8.to_uint self + - UInt8.to_uint rhs) (Power.power 2 (UInt32.to_uint (v_BITS'0 : UInt32.t))) + + UInt8.to_uint (v_MIN'0 : UInt8.t)} + {[%#snum8] UInt8.to_uint self - UInt8.to_uint rhs >= UInt8.to_uint (v_MIN'0 : UInt8.t) + /\ UInt8.to_uint self - UInt8.to_uint rhs <= UInt8.to_uint (v_MAX'0 : UInt8.t) + -> UInt8.to_uint result = UInt8.to_uint self - UInt8.to_uint rhs} + {[%#snum9] UInt8.to_uint self - UInt8.to_uint rhs < UInt8.to_uint (v_MIN'0 : UInt8.t) -> (exists k : int . k > 0 - /\ UInt8.to_int result - = UInt8.to_int self - UInt8.to_int rhs - + k * (UInt8.to_int (v_MAX'0 : uint8) - UInt8.to_int (v_MIN'0 : uint8) + 1))} - {[%#snum10] UInt8.to_int self - UInt8.to_int rhs > UInt8.to_int (v_MAX'0 : uint8) + /\ UInt8.to_uint result + = UInt8.to_uint self - UInt8.to_uint rhs + + k * (UInt8.to_uint (v_MAX'0 : UInt8.t) - UInt8.to_uint (v_MIN'0 : UInt8.t) + 1))} + {[%#snum10] UInt8.to_uint self - UInt8.to_uint rhs > UInt8.to_uint (v_MAX'0 : UInt8.t) -> (exists k : int . k > 0 - /\ UInt8.to_int result - = UInt8.to_int self - UInt8.to_int rhs - - k * (UInt8.to_int (v_MAX'0 : uint8) - UInt8.to_int (v_MIN'0 : uint8) + 1))} + /\ UInt8.to_uint result + = UInt8.to_uint self - UInt8.to_uint rhs + - k * (UInt8.to_uint (v_MAX'0 : UInt8.t) - UInt8.to_uint (v_MIN'0 : UInt8.t) + 1))} (! return' {result}) ] type t_Option'0 = | C_None'0 - | C_Some'0 uint8 + | C_Some'0 UInt8.t - let rec checked_sub'0 (self:uint8) (rhs:uint8) (return' (ret:t_Option'0))= any + let rec checked_sub'0 (self:UInt8.t) (rhs:UInt8.t) (return' (ret:t_Option'0))= any [ return' (result:t_Option'0)-> {[%#snum11] (result = C_None'0) - = (UInt8.to_int self - UInt8.to_int rhs < UInt8.to_int (v_MIN'0 : uint8) - \/ UInt8.to_int self - UInt8.to_int rhs > UInt8.to_int (v_MAX'0 : uint8))} - {[%#snum12] forall r : uint8 . result = C_Some'0 r -> UInt8.to_int r = UInt8.to_int self - UInt8.to_int rhs} + = (UInt8.to_uint self - UInt8.to_uint rhs < UInt8.to_uint (v_MIN'0 : UInt8.t) + \/ UInt8.to_uint self - UInt8.to_uint rhs > UInt8.to_uint (v_MAX'0 : UInt8.t))} + {[%#snum12] forall r : UInt8.t . result = C_Some'0 r -> UInt8.to_uint r = UInt8.to_uint self - UInt8.to_uint rhs} (! return' {result}) ] @@ -1319,14 +1334,14 @@ module M_checked_ops__test_u8_overflowing_sub [#"checked_ops.rs" 79 0 79 44] meta "compute_max_steps" 1000000 - let rec test_u8_overflowing_sub'0 (a:uint8) (b:uint8) (return' (ret:()))= (! bb0 - [ bb0 = s0 [ s0 = overflowing_sub'0 {a} {b} (fun (_ret':(uint8, bool)) -> [ &_6 <- _ret' ] s1) | s1 = bb1 ] - | bb1 = s0 [ s0 = wrapping_sub'0 {a} {b} (fun (_ret':uint8) -> [ &_9 <- _ret' ] s1) | s1 = bb2 ] + let rec test_u8_overflowing_sub'0 (a:UInt8.t) (b:UInt8.t) (return' (ret:()))= (! bb0 + [ bb0 = s0 [ s0 = overflowing_sub'0 {a} {b} (fun (_ret':(UInt8.t, bool)) -> [ &_6 <- _ret' ] s1) | s1 = bb1 ] + | bb1 = s0 [ s0 = wrapping_sub'0 {a} {b} (fun (_ret':UInt8.t) -> [ &_9 <- _ret' ] s1) | s1 = bb2 ] | bb2 = s0 [ s0 = UInt8.eq {let (r'0, _) = _6 in r'0} {_9} (fun (_ret':bool) -> [ &_4 <- _ret' ] s1) | s1 = any [ br0 -> {_4 = false} (! bb4) | br1 -> {_4} (! bb3) ] ] - | bb3 = s0 [ s0 = overflowing_sub'0 {a} {b} (fun (_ret':(uint8, bool)) -> [ &_16 <- _ret' ] s1) | s1 = bb5 ] + | bb3 = s0 [ s0 = overflowing_sub'0 {a} {b} (fun (_ret':(UInt8.t, bool)) -> [ &_16 <- _ret' ] s1) | s1 = bb5 ] | bb5 = s0 [ s0 = checked_sub'0 {a} {b} (fun (_ret':t_Option'0) -> [ &_21 <- _ret' ] s1) | s1 = bb6 ] | bb6 = s0 [ s0 = is_none'0 {_21} (fun (_ret':bool) -> [ &_19 <- _ret' ] s1) | s1 = bb7 ] | bb7 = s0 @@ -1338,13 +1353,13 @@ module M_checked_ops__test_u8_overflowing_sub [#"checked_ops.rs" 79 0 79 44] | bb4 = {[%#schecked_ops1] false} any ] ) [ & _0 : () = any_l () - | & a : uint8 = a - | & b : uint8 = b + | & a : UInt8.t = a + | & b : UInt8.t = b | & _4 : bool = any_l () - | & _6 : (uint8, bool) = any_l () - | & _9 : uint8 = any_l () + | & _6 : (UInt8.t, bool) = any_l () + | & _9 : UInt8.t = any_l () | & _14 : bool = any_l () - | & _16 : (uint8, bool) = any_l () + | & _16 : (UInt8.t, bool) = any_l () | & _19 : bool = any_l () | & _21 : t_Option'0 = any_l () ] [ return' (result:())-> (! return' {result}) ] @@ -1383,42 +1398,42 @@ module M_checked_ops__test_u8_mul_example [#"checked_ops.rs" 85 0 85 28] let%span schecked_ops30 = "checked_ops.rs" 89 4 89 39 let%span schecked_ops31 = "checked_ops.rs" 87 4 87 43 let%span schecked_ops32 = "checked_ops.rs" 86 4 86 47 - let%span snum33 = "../../../creusot-contracts/src/std/num.rs" 128 20 129 89 - let%span snum34 = "../../../creusot-contracts/src/std/num.rs" 132 26 132 87 + let%span snum33 = "../../../creusot-contracts/src/std/num.rs" 171 20 172 89 + let%span snum34 = "../../../creusot-contracts/src/std/num.rs" 175 26 175 87 let%span soption35 = "../../../creusot-contracts/src/std/option.rs" 31 0 423 1 let%span soption36 = "../../../creusot-contracts/src/std/option.rs" 51 26 51 51 - let%span snum37 = "../../../creusot-contracts/src/std/num.rs" 140 20 140 93 - let%span snum38 = "../../../creusot-contracts/src/std/num.rs" 144 20 145 51 - let%span snum39 = "../../../creusot-contracts/src/std/num.rs" 151 20 153 92 - let%span snum40 = "../../../creusot-contracts/src/std/num.rs" 156 20 158 92 - let%span snum41 = "../../../creusot-contracts/src/std/num.rs" 168 20 169 51 - let%span snum42 = "../../../creusot-contracts/src/std/num.rs" 172 26 172 83 - let%span snum43 = "../../../creusot-contracts/src/std/num.rs" 173 26 173 83 - let%span snum44 = "../../../creusot-contracts/src/std/num.rs" 182 20 182 95 - let%span snum45 = "../../../creusot-contracts/src/std/num.rs" 186 20 187 53 - let%span snum46 = "../../../creusot-contracts/src/std/num.rs" 193 20 195 94 - let%span snum47 = "../../../creusot-contracts/src/std/num.rs" 198 20 200 94 - let%span snum48 = "../../../creusot-contracts/src/std/num.rs" 204 20 204 98 + let%span snum37 = "../../../creusot-contracts/src/std/num.rs" 183 20 183 93 + let%span snum38 = "../../../creusot-contracts/src/std/num.rs" 187 20 188 51 + let%span snum39 = "../../../creusot-contracts/src/std/num.rs" 194 20 196 92 + let%span snum40 = "../../../creusot-contracts/src/std/num.rs" 199 20 201 92 + let%span snum41 = "../../../creusot-contracts/src/std/num.rs" 211 20 212 51 + let%span snum42 = "../../../creusot-contracts/src/std/num.rs" 215 26 215 83 + let%span snum43 = "../../../creusot-contracts/src/std/num.rs" 216 26 216 83 + let%span snum44 = "../../../creusot-contracts/src/std/num.rs" 225 20 225 95 + let%span snum45 = "../../../creusot-contracts/src/std/num.rs" 229 20 230 53 + let%span snum46 = "../../../creusot-contracts/src/std/num.rs" 236 20 238 94 + let%span snum47 = "../../../creusot-contracts/src/std/num.rs" 241 20 243 94 + let%span snum48 = "../../../creusot-contracts/src/std/num.rs" 247 20 247 98 + + use prelude.prelude.Int use prelude.prelude.UInt8 type t_Option'0 = | C_None'0 - | C_Some'0 uint8 + | C_Some'0 UInt8.t use prelude.prelude.UInt8 - use prelude.prelude.Int + constant v_MIN'0 : UInt8.t = (0 : UInt8.t) - constant v_MIN'0 : uint8 = (0 : uint8) + constant v_MAX'0 : UInt8.t = (255 : UInt8.t) - constant v_MAX'0 : uint8 = (255 : uint8) - - let rec checked_mul'0 (self:uint8) (rhs:uint8) (return' (ret:t_Option'0))= any + let rec checked_mul'0 (self:UInt8.t) (rhs:UInt8.t) (return' (ret:t_Option'0))= any [ return' (result:t_Option'0)-> {[%#snum33] (result = C_None'0) - = (UInt8.to_int self * UInt8.to_int rhs < UInt8.to_int (v_MIN'0 : uint8) - \/ UInt8.to_int self * UInt8.to_int rhs > UInt8.to_int (v_MAX'0 : uint8))} - {[%#snum34] forall r : uint8 . result = C_Some'0 r -> UInt8.to_int r = UInt8.to_int self * UInt8.to_int rhs} + = (UInt8.to_uint self * UInt8.to_uint rhs < UInt8.to_uint (v_MIN'0 : UInt8.t) + \/ UInt8.to_uint self * UInt8.to_uint rhs > UInt8.to_uint (v_MAX'0 : UInt8.t))} + {[%#snum34] forall r : UInt8.t . result = C_Some'0 r -> UInt8.to_uint r = UInt8.to_uint self * UInt8.to_uint rhs} (! return' {result}) ] @@ -1426,13 +1441,13 @@ module M_checked_ops__test_u8_mul_example [#"checked_ops.rs" 85 0 85 28] axiom inv_axiom'0 [@rewrite] : forall x : t_Option'0 [inv'0 x] . inv'0 x = true - predicate inv'1 (_1 : uint8) + predicate inv'1 (_1 : UInt8.t) - axiom inv_axiom'1 [@rewrite] : forall x : uint8 [inv'1 x] . inv'1 x = true + axiom inv_axiom'1 [@rewrite] : forall x : UInt8.t [inv'1 x] . inv'1 x = true - let rec unwrap'0 (self:t_Option'0) (return' (ret:uint8))= {[@expl:unwrap 'self' type invariant] inv'0 self} + let rec unwrap'0 (self:t_Option'0) (return' (ret:UInt8.t))= {[@expl:unwrap 'self' type invariant] inv'0 self} {[@expl:unwrap requires] [%#soption35] self <> C_None'0} - any [ return' (result:uint8)-> {inv'1 result} {[%#soption35] C_Some'0 result = self} (! return' {result}) ] + any [ return' (result:UInt8.t)-> {inv'1 result} {[%#soption35] C_Some'0 result = self} (! return' {result}) ] use prelude.prelude.Borrow @@ -1445,7 +1460,7 @@ module M_checked_ops__test_u8_mul_example [#"checked_ops.rs" 85 0 85 28] use prelude.prelude.UInt32 - constant v_BITS'0 : uint32 = (8 : uint32) + constant v_BITS'0 : UInt32.t = (8 : UInt32.t) use prelude.prelude.UInt32 @@ -1453,57 +1468,59 @@ module M_checked_ops__test_u8_mul_example [#"checked_ops.rs" 85 0 85 28] use int.EuclideanDivision - let rec wrapping_mul'0 (self:uint8) (rhs:uint8) (return' (ret:uint8))= any - [ return' (result:uint8)-> {[%#snum37] UInt8.to_int result - = EuclideanDivision.mod (UInt8.to_int self * UInt8.to_int rhs) (Power.power 2 (UInt32.to_int (v_BITS'0 : uint32))) - + UInt8.to_int (v_MIN'0 : uint8)} - {[%#snum38] UInt8.to_int self * UInt8.to_int rhs >= UInt8.to_int (v_MIN'0 : uint8) - /\ UInt8.to_int self * UInt8.to_int rhs <= UInt8.to_int (v_MAX'0 : uint8) - -> UInt8.to_int result = UInt8.to_int self * UInt8.to_int rhs} - {[%#snum39] UInt8.to_int self * UInt8.to_int rhs < UInt8.to_int (v_MIN'0 : uint8) + let rec wrapping_mul'0 (self:UInt8.t) (rhs:UInt8.t) (return' (ret:UInt8.t))= any + [ return' (result:UInt8.t)-> {[%#snum37] UInt8.to_uint result + = EuclideanDivision.mod (UInt8.to_uint self + * UInt8.to_uint rhs) (Power.power 2 (UInt32.to_uint (v_BITS'0 : UInt32.t))) + + UInt8.to_uint (v_MIN'0 : UInt8.t)} + {[%#snum38] UInt8.to_uint self * UInt8.to_uint rhs >= UInt8.to_uint (v_MIN'0 : UInt8.t) + /\ UInt8.to_uint self * UInt8.to_uint rhs <= UInt8.to_uint (v_MAX'0 : UInt8.t) + -> UInt8.to_uint result = UInt8.to_uint self * UInt8.to_uint rhs} + {[%#snum39] UInt8.to_uint self * UInt8.to_uint rhs < UInt8.to_uint (v_MIN'0 : UInt8.t) -> (exists k : int . k > 0 - /\ UInt8.to_int result - = UInt8.to_int self * UInt8.to_int rhs - + k * (UInt8.to_int (v_MAX'0 : uint8) - UInt8.to_int (v_MIN'0 : uint8) + 1))} - {[%#snum40] UInt8.to_int self * UInt8.to_int rhs > UInt8.to_int (v_MAX'0 : uint8) + /\ UInt8.to_uint result + = UInt8.to_uint self * UInt8.to_uint rhs + + k * (UInt8.to_uint (v_MAX'0 : UInt8.t) - UInt8.to_uint (v_MIN'0 : UInt8.t) + 1))} + {[%#snum40] UInt8.to_uint self * UInt8.to_uint rhs > UInt8.to_uint (v_MAX'0 : UInt8.t) -> (exists k : int . k > 0 - /\ UInt8.to_int result - = UInt8.to_int self * UInt8.to_int rhs - - k * (UInt8.to_int (v_MAX'0 : uint8) - UInt8.to_int (v_MIN'0 : uint8) + 1))} + /\ UInt8.to_uint result + = UInt8.to_uint self * UInt8.to_uint rhs + - k * (UInt8.to_uint (v_MAX'0 : UInt8.t) - UInt8.to_uint (v_MIN'0 : UInt8.t) + 1))} (! return' {result}) ] - let rec saturating_mul'0 (self:uint8) (rhs:uint8) (return' (ret:uint8))= any - [ return' (result:uint8)-> {[%#snum41] UInt8.to_int self * UInt8.to_int rhs >= UInt8.to_int (v_MIN'0 : uint8) - /\ UInt8.to_int self * UInt8.to_int rhs <= UInt8.to_int (v_MAX'0 : uint8) - -> UInt8.to_int result = UInt8.to_int self * UInt8.to_int rhs} - {[%#snum42] UInt8.to_int self * UInt8.to_int rhs < UInt8.to_int (v_MIN'0 : uint8) - -> UInt8.to_int result = UInt8.to_int (v_MIN'0 : uint8)} - {[%#snum43] UInt8.to_int self * UInt8.to_int rhs > UInt8.to_int (v_MAX'0 : uint8) - -> UInt8.to_int result = UInt8.to_int (v_MAX'0 : uint8)} + let rec saturating_mul'0 (self:UInt8.t) (rhs:UInt8.t) (return' (ret:UInt8.t))= any + [ return' (result:UInt8.t)-> {[%#snum41] UInt8.to_uint self * UInt8.to_uint rhs >= UInt8.to_uint (v_MIN'0 : UInt8.t) + /\ UInt8.to_uint self * UInt8.to_uint rhs <= UInt8.to_uint (v_MAX'0 : UInt8.t) + -> UInt8.to_uint result = UInt8.to_uint self * UInt8.to_uint rhs} + {[%#snum42] UInt8.to_uint self * UInt8.to_uint rhs < UInt8.to_uint (v_MIN'0 : UInt8.t) + -> UInt8.to_uint result = UInt8.to_uint (v_MIN'0 : UInt8.t)} + {[%#snum43] UInt8.to_uint self * UInt8.to_uint rhs > UInt8.to_uint (v_MAX'0 : UInt8.t) + -> UInt8.to_uint result = UInt8.to_uint (v_MAX'0 : UInt8.t)} (! return' {result}) ] - let rec overflowing_mul'0 (self:uint8) (rhs:uint8) (return' (ret:(uint8, bool)))= any - [ return' (result:(uint8, bool))-> {[%#snum44] UInt8.to_int (let (a, _) = result in a) - = EuclideanDivision.mod (UInt8.to_int self * UInt8.to_int rhs) (Power.power 2 (UInt32.to_int (v_BITS'0 : uint32))) - + UInt8.to_int (v_MIN'0 : uint8)} - {[%#snum45] UInt8.to_int self * UInt8.to_int rhs >= UInt8.to_int (v_MIN'0 : uint8) - /\ UInt8.to_int self * UInt8.to_int rhs <= UInt8.to_int (v_MAX'0 : uint8) - -> UInt8.to_int (let (a, _) = result in a) = UInt8.to_int self * UInt8.to_int rhs} - {[%#snum46] UInt8.to_int self * UInt8.to_int rhs < UInt8.to_int (v_MIN'0 : uint8) + let rec overflowing_mul'0 (self:UInt8.t) (rhs:UInt8.t) (return' (ret:(UInt8.t, bool)))= any + [ return' (result:(UInt8.t, bool))-> {[%#snum44] UInt8.to_uint (let (a, _) = result in a) + = EuclideanDivision.mod (UInt8.to_uint self + * UInt8.to_uint rhs) (Power.power 2 (UInt32.to_uint (v_BITS'0 : UInt32.t))) + + UInt8.to_uint (v_MIN'0 : UInt8.t)} + {[%#snum45] UInt8.to_uint self * UInt8.to_uint rhs >= UInt8.to_uint (v_MIN'0 : UInt8.t) + /\ UInt8.to_uint self * UInt8.to_uint rhs <= UInt8.to_uint (v_MAX'0 : UInt8.t) + -> UInt8.to_uint (let (a, _) = result in a) = UInt8.to_uint self * UInt8.to_uint rhs} + {[%#snum46] UInt8.to_uint self * UInt8.to_uint rhs < UInt8.to_uint (v_MIN'0 : UInt8.t) -> (exists k : int . k > 0 - /\ UInt8.to_int (let (a, _) = result in a) - = UInt8.to_int self * UInt8.to_int rhs - + k * (UInt8.to_int (v_MAX'0 : uint8) - UInt8.to_int (v_MIN'0 : uint8) + 1))} - {[%#snum47] UInt8.to_int self * UInt8.to_int rhs > UInt8.to_int (v_MAX'0 : uint8) + /\ UInt8.to_uint (let (a, _) = result in a) + = UInt8.to_uint self * UInt8.to_uint rhs + + k * (UInt8.to_uint (v_MAX'0 : UInt8.t) - UInt8.to_uint (v_MIN'0 : UInt8.t) + 1))} + {[%#snum47] UInt8.to_uint self * UInt8.to_uint rhs > UInt8.to_uint (v_MAX'0 : UInt8.t) -> (exists k : int . k > 0 - /\ UInt8.to_int (let (a, _) = result in a) - = UInt8.to_int self * UInt8.to_int rhs - - k * (UInt8.to_int (v_MAX'0 : uint8) - UInt8.to_int (v_MIN'0 : uint8) + 1))} + /\ UInt8.to_uint (let (a, _) = result in a) + = UInt8.to_uint self * UInt8.to_uint rhs + - k * (UInt8.to_uint (v_MAX'0 : UInt8.t) - UInt8.to_uint (v_MIN'0 : UInt8.t) + 1))} {[%#snum48] (let (_, a) = result in a) - = (UInt8.to_int self * UInt8.to_int rhs < UInt8.to_int (v_MIN'0 : uint8) - \/ UInt8.to_int self * UInt8.to_int rhs > UInt8.to_int (v_MAX'0 : uint8))} + = (UInt8.to_uint self * UInt8.to_uint rhs < UInt8.to_uint (v_MIN'0 : UInt8.t) + \/ UInt8.to_uint self * UInt8.to_uint rhs > UInt8.to_uint (v_MAX'0 : UInt8.t))} (! return' {result}) ] @@ -1515,65 +1532,65 @@ module M_checked_ops__test_u8_mul_example [#"checked_ops.rs" 85 0 85 28] let rec test_u8_mul_example'0 (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 - [ s0 = checked_mul'0 {[%#schecked_ops0] (5 : uint8)} {[%#schecked_ops1] (10 : uint8)} + [ s0 = checked_mul'0 {[%#schecked_ops0] (5 : UInt8.t)} {[%#schecked_ops1] (10 : UInt8.t)} (fun (_ret':t_Option'0) -> [ &_4 <- _ret' ] s1) | s1 = bb1 ] - | bb1 = s0 [ s0 = unwrap'0 {_4} (fun (_ret':uint8) -> [ &_3 <- _ret' ] s1) | s1 = bb2 ] + | bb1 = s0 [ s0 = unwrap'0 {_4} (fun (_ret':UInt8.t) -> [ &_3 <- _ret' ] s1) | s1 = bb2 ] | bb2 = s0 - [ s0 = UInt8.eq {_3} {[%#schecked_ops2] (50 : uint8)} (fun (_ret':bool) -> [ &_2 <- _ret' ] s1) + [ s0 = UInt8.eq {_3} {[%#schecked_ops2] (50 : UInt8.t)} (fun (_ret':bool) -> [ &_2 <- _ret' ] s1) | s1 = any [ br0 -> {_2 = false} (! bb4) | br1 -> {_2} (! bb3) ] ] | bb3 = s0 - [ s0 = checked_mul'0 {[%#schecked_ops3] (50 : uint8)} {[%#schecked_ops4] (10 : uint8)} + [ s0 = checked_mul'0 {[%#schecked_ops3] (50 : UInt8.t)} {[%#schecked_ops4] (10 : UInt8.t)} (fun (_ret':t_Option'0) -> [ &_9 <- _ret' ] s1) | s1 = bb5 ] | bb5 = s0 [ s0 = is_none'0 {_9} (fun (_ret':bool) -> [ &_7 <- _ret' ] s1) | s1 = bb6 ] | bb6 = any [ br0 -> {_7 = false} (! bb8) | br1 -> {_7} (! bb7) ] | bb7 = s0 - [ s0 = wrapping_mul'0 {[%#schecked_ops5] (5 : uint8)} {[%#schecked_ops6] (10 : uint8)} - (fun (_ret':uint8) -> [ &_13 <- _ret' ] s1) + [ s0 = wrapping_mul'0 {[%#schecked_ops5] (5 : UInt8.t)} {[%#schecked_ops6] (10 : UInt8.t)} + (fun (_ret':UInt8.t) -> [ &_13 <- _ret' ] s1) | s1 = bb9 ] | bb9 = s0 - [ s0 = UInt8.eq {_13} {[%#schecked_ops7] (50 : uint8)} (fun (_ret':bool) -> [ &_12 <- _ret' ] s1) + [ s0 = UInt8.eq {_13} {[%#schecked_ops7] (50 : UInt8.t)} (fun (_ret':bool) -> [ &_12 <- _ret' ] s1) | s1 = any [ br0 -> {_12 = false} (! bb11) | br1 -> {_12} (! bb10) ] ] | bb10 = s0 - [ s0 = wrapping_mul'0 {[%#schecked_ops8] (50 : uint8)} {[%#schecked_ops9] (10 : uint8)} - (fun (_ret':uint8) -> [ &_17 <- _ret' ] s1) + [ s0 = wrapping_mul'0 {[%#schecked_ops8] (50 : UInt8.t)} {[%#schecked_ops9] (10 : UInt8.t)} + (fun (_ret':UInt8.t) -> [ &_17 <- _ret' ] s1) | s1 = bb12 ] | bb12 = s0 - [ s0 = UInt8.eq {_17} {[%#schecked_ops10] (244 : uint8)} (fun (_ret':bool) -> [ &_16 <- _ret' ] s1) + [ s0 = UInt8.eq {_17} {[%#schecked_ops10] (244 : UInt8.t)} (fun (_ret':bool) -> [ &_16 <- _ret' ] s1) | s1 = any [ br0 -> {_16 = false} (! bb14) | br1 -> {_16} (! bb13) ] ] | bb13 = s0 - [ s0 = saturating_mul'0 {[%#schecked_ops11] (5 : uint8)} {[%#schecked_ops12] (10 : uint8)} - (fun (_ret':uint8) -> [ &_21 <- _ret' ] s1) + [ s0 = saturating_mul'0 {[%#schecked_ops11] (5 : UInt8.t)} {[%#schecked_ops12] (10 : UInt8.t)} + (fun (_ret':UInt8.t) -> [ &_21 <- _ret' ] s1) | s1 = bb15 ] | bb15 = s0 - [ s0 = UInt8.eq {_21} {[%#schecked_ops13] (50 : uint8)} (fun (_ret':bool) -> [ &_20 <- _ret' ] s1) + [ s0 = UInt8.eq {_21} {[%#schecked_ops13] (50 : UInt8.t)} (fun (_ret':bool) -> [ &_20 <- _ret' ] s1) | s1 = any [ br0 -> {_20 = false} (! bb17) | br1 -> {_20} (! bb16) ] ] | bb16 = s0 - [ s0 = saturating_mul'0 {[%#schecked_ops14] (50 : uint8)} {[%#schecked_ops15] (10 : uint8)} - (fun (_ret':uint8) -> [ &_25 <- _ret' ] s1) + [ s0 = saturating_mul'0 {[%#schecked_ops14] (50 : UInt8.t)} {[%#schecked_ops15] (10 : UInt8.t)} + (fun (_ret':UInt8.t) -> [ &_25 <- _ret' ] s1) | s1 = bb18 ] | bb18 = s0 - [ s0 = UInt8.eq {_25} {[%#schecked_ops16] (255 : uint8)} (fun (_ret':bool) -> [ &_24 <- _ret' ] s1) + [ s0 = UInt8.eq {_25} {[%#schecked_ops16] (255 : UInt8.t)} (fun (_ret':bool) -> [ &_24 <- _ret' ] s1) | s1 = any [ br0 -> {_24 = false} (! bb20) | br1 -> {_24} (! bb19) ] ] | bb19 = s0 - [ s0 = overflowing_mul'0 {[%#schecked_ops17] (5 : uint8)} {[%#schecked_ops18] (10 : uint8)} - (fun (_ret':(uint8, bool)) -> [ &res <- _ret' ] s1) + [ s0 = overflowing_mul'0 {[%#schecked_ops17] (5 : UInt8.t)} {[%#schecked_ops18] (10 : UInt8.t)} + (fun (_ret':(UInt8.t, bool)) -> [ &res <- _ret' ] s1) | s1 = bb21 ] | bb21 = s0 - [ s0 = UInt8.eq {let (r'0, _) = res in r'0} {[%#schecked_ops19] (50 : uint8)} + [ s0 = UInt8.eq {let (r'0, _) = res in r'0} {[%#schecked_ops19] (50 : UInt8.t)} (fun (_ret':bool) -> [ &_29 <- _ret' ] s1) | s1 = any [ br0 -> {_29 = false} (! bb25) | br1 -> {_29} (! bb22) ] ] @@ -1582,12 +1599,12 @@ module M_checked_ops__test_u8_mul_example [#"checked_ops.rs" 85 0 85 28] | s1 = any [ br0 -> {_31 = false} (! bb24) | br1 -> {_31} (! bb23) ] ] | bb23 = s0 - [ s0 = overflowing_mul'0 {[%#schecked_ops21] (50 : uint8)} {[%#schecked_ops22] (10 : uint8)} - (fun (_ret':(uint8, bool)) -> [ &res1 <- _ret' ] s1) + [ s0 = overflowing_mul'0 {[%#schecked_ops21] (50 : UInt8.t)} {[%#schecked_ops22] (10 : UInt8.t)} + (fun (_ret':(UInt8.t, bool)) -> [ &res1 <- _ret' ] s1) | s1 = bb27 ] | bb27 = s0 - [ s0 = UInt8.eq {let (r'0, _) = res1 in r'0} {[%#schecked_ops23] (244 : uint8)} + [ s0 = UInt8.eq {let (r'0, _) = res1 in r'0} {[%#schecked_ops23] (244 : UInt8.t)} (fun (_ret':bool) -> [ &_36 <- _ret' ] s1) | s1 = any [ br0 -> {_36 = false} (! bb31) | br1 -> {_36} (! bb28) ] ] @@ -1611,22 +1628,22 @@ module M_checked_ops__test_u8_mul_example [#"checked_ops.rs" 85 0 85 28] ) [ & _0 : () = any_l () | & _2 : bool = any_l () - | & _3 : uint8 = any_l () + | & _3 : UInt8.t = any_l () | & _4 : t_Option'0 = any_l () | & _7 : bool = any_l () | & _9 : t_Option'0 = any_l () | & _12 : bool = any_l () - | & _13 : uint8 = any_l () + | & _13 : UInt8.t = any_l () | & _16 : bool = any_l () - | & _17 : uint8 = any_l () + | & _17 : UInt8.t = any_l () | & _20 : bool = any_l () - | & _21 : uint8 = any_l () + | & _21 : UInt8.t = any_l () | & _24 : bool = any_l () - | & _25 : uint8 = any_l () - | & res : (uint8, bool) = any_l () + | & _25 : UInt8.t = any_l () + | & res : (UInt8.t, bool) = any_l () | & _29 : bool = any_l () | & _31 : bool = any_l () - | & res1 : (uint8, bool) = any_l () + | & res1 : (UInt8.t, bool) = any_l () | & _36 : bool = any_l () | & _38 : bool = any_l () ] [ return' (result:())-> (! return' {result}) ] @@ -1645,41 +1662,41 @@ module M_checked_ops__test_u8_mul_zero [#"checked_ops.rs" 102 0 102 30] let%span schecked_ops10 = "checked_ops.rs" 105 4 105 39 let%span schecked_ops11 = "checked_ops.rs" 104 4 104 37 let%span schecked_ops12 = "checked_ops.rs" 103 4 103 45 - let%span snum13 = "../../../creusot-contracts/src/std/num.rs" 128 20 129 89 - let%span snum14 = "../../../creusot-contracts/src/std/num.rs" 132 26 132 87 + let%span snum13 = "../../../creusot-contracts/src/std/num.rs" 171 20 172 89 + let%span snum14 = "../../../creusot-contracts/src/std/num.rs" 175 26 175 87 let%span soption15 = "../../../creusot-contracts/src/std/option.rs" 31 0 423 1 - let%span snum16 = "../../../creusot-contracts/src/std/num.rs" 140 20 140 93 - let%span snum17 = "../../../creusot-contracts/src/std/num.rs" 144 20 145 51 - let%span snum18 = "../../../creusot-contracts/src/std/num.rs" 151 20 153 92 - let%span snum19 = "../../../creusot-contracts/src/std/num.rs" 156 20 158 92 - let%span snum20 = "../../../creusot-contracts/src/std/num.rs" 168 20 169 51 - let%span snum21 = "../../../creusot-contracts/src/std/num.rs" 172 26 172 83 - let%span snum22 = "../../../creusot-contracts/src/std/num.rs" 173 26 173 83 - let%span snum23 = "../../../creusot-contracts/src/std/num.rs" 182 20 182 95 - let%span snum24 = "../../../creusot-contracts/src/std/num.rs" 186 20 187 53 - let%span snum25 = "../../../creusot-contracts/src/std/num.rs" 193 20 195 94 - let%span snum26 = "../../../creusot-contracts/src/std/num.rs" 198 20 200 94 - let%span snum27 = "../../../creusot-contracts/src/std/num.rs" 204 20 204 98 + let%span snum16 = "../../../creusot-contracts/src/std/num.rs" 183 20 183 93 + let%span snum17 = "../../../creusot-contracts/src/std/num.rs" 187 20 188 51 + let%span snum18 = "../../../creusot-contracts/src/std/num.rs" 194 20 196 92 + let%span snum19 = "../../../creusot-contracts/src/std/num.rs" 199 20 201 92 + let%span snum20 = "../../../creusot-contracts/src/std/num.rs" 211 20 212 51 + let%span snum21 = "../../../creusot-contracts/src/std/num.rs" 215 26 215 83 + let%span snum22 = "../../../creusot-contracts/src/std/num.rs" 216 26 216 83 + let%span snum23 = "../../../creusot-contracts/src/std/num.rs" 225 20 225 95 + let%span snum24 = "../../../creusot-contracts/src/std/num.rs" 229 20 230 53 + let%span snum25 = "../../../creusot-contracts/src/std/num.rs" 236 20 238 94 + let%span snum26 = "../../../creusot-contracts/src/std/num.rs" 241 20 243 94 + let%span snum27 = "../../../creusot-contracts/src/std/num.rs" 247 20 247 98 + + use prelude.prelude.Int use prelude.prelude.UInt8 type t_Option'0 = | C_None'0 - | C_Some'0 uint8 + | C_Some'0 UInt8.t use prelude.prelude.UInt8 - use prelude.prelude.Int - - constant v_MIN'0 : uint8 = (0 : uint8) + constant v_MIN'0 : UInt8.t = (0 : UInt8.t) - constant v_MAX'0 : uint8 = (255 : uint8) + constant v_MAX'0 : UInt8.t = (255 : UInt8.t) - let rec checked_mul'0 (self:uint8) (rhs:uint8) (return' (ret:t_Option'0))= any + let rec checked_mul'0 (self:UInt8.t) (rhs:UInt8.t) (return' (ret:t_Option'0))= any [ return' (result:t_Option'0)-> {[%#snum13] (result = C_None'0) - = (UInt8.to_int self * UInt8.to_int rhs < UInt8.to_int (v_MIN'0 : uint8) - \/ UInt8.to_int self * UInt8.to_int rhs > UInt8.to_int (v_MAX'0 : uint8))} - {[%#snum14] forall r : uint8 . result = C_Some'0 r -> UInt8.to_int r = UInt8.to_int self * UInt8.to_int rhs} + = (UInt8.to_uint self * UInt8.to_uint rhs < UInt8.to_uint (v_MIN'0 : UInt8.t) + \/ UInt8.to_uint self * UInt8.to_uint rhs > UInt8.to_uint (v_MAX'0 : UInt8.t))} + {[%#snum14] forall r : UInt8.t . result = C_Some'0 r -> UInt8.to_uint r = UInt8.to_uint self * UInt8.to_uint rhs} (! return' {result}) ] @@ -1687,17 +1704,17 @@ module M_checked_ops__test_u8_mul_zero [#"checked_ops.rs" 102 0 102 30] axiom inv_axiom'0 [@rewrite] : forall x : t_Option'0 [inv'0 x] . inv'0 x = true - predicate inv'1 (_1 : uint8) + predicate inv'1 (_1 : UInt8.t) - axiom inv_axiom'1 [@rewrite] : forall x : uint8 [inv'1 x] . inv'1 x = true + axiom inv_axiom'1 [@rewrite] : forall x : UInt8.t [inv'1 x] . inv'1 x = true - let rec unwrap'0 (self:t_Option'0) (return' (ret:uint8))= {[@expl:unwrap 'self' type invariant] inv'0 self} + let rec unwrap'0 (self:t_Option'0) (return' (ret:UInt8.t))= {[@expl:unwrap 'self' type invariant] inv'0 self} {[@expl:unwrap requires] [%#soption15] self <> C_None'0} - any [ return' (result:uint8)-> {inv'1 result} {[%#soption15] C_Some'0 result = self} (! return' {result}) ] + any [ return' (result:UInt8.t)-> {inv'1 result} {[%#soption15] C_Some'0 result = self} (! return' {result}) ] use prelude.prelude.UInt32 - constant v_BITS'0 : uint32 = (8 : uint32) + constant v_BITS'0 : UInt32.t = (8 : UInt32.t) use prelude.prelude.UInt32 @@ -1705,57 +1722,59 @@ module M_checked_ops__test_u8_mul_zero [#"checked_ops.rs" 102 0 102 30] use int.EuclideanDivision - let rec wrapping_mul'0 (self:uint8) (rhs:uint8) (return' (ret:uint8))= any - [ return' (result:uint8)-> {[%#snum16] UInt8.to_int result - = EuclideanDivision.mod (UInt8.to_int self * UInt8.to_int rhs) (Power.power 2 (UInt32.to_int (v_BITS'0 : uint32))) - + UInt8.to_int (v_MIN'0 : uint8)} - {[%#snum17] UInt8.to_int self * UInt8.to_int rhs >= UInt8.to_int (v_MIN'0 : uint8) - /\ UInt8.to_int self * UInt8.to_int rhs <= UInt8.to_int (v_MAX'0 : uint8) - -> UInt8.to_int result = UInt8.to_int self * UInt8.to_int rhs} - {[%#snum18] UInt8.to_int self * UInt8.to_int rhs < UInt8.to_int (v_MIN'0 : uint8) + let rec wrapping_mul'0 (self:UInt8.t) (rhs:UInt8.t) (return' (ret:UInt8.t))= any + [ return' (result:UInt8.t)-> {[%#snum16] UInt8.to_uint result + = EuclideanDivision.mod (UInt8.to_uint self + * UInt8.to_uint rhs) (Power.power 2 (UInt32.to_uint (v_BITS'0 : UInt32.t))) + + UInt8.to_uint (v_MIN'0 : UInt8.t)} + {[%#snum17] UInt8.to_uint self * UInt8.to_uint rhs >= UInt8.to_uint (v_MIN'0 : UInt8.t) + /\ UInt8.to_uint self * UInt8.to_uint rhs <= UInt8.to_uint (v_MAX'0 : UInt8.t) + -> UInt8.to_uint result = UInt8.to_uint self * UInt8.to_uint rhs} + {[%#snum18] UInt8.to_uint self * UInt8.to_uint rhs < UInt8.to_uint (v_MIN'0 : UInt8.t) -> (exists k : int . k > 0 - /\ UInt8.to_int result - = UInt8.to_int self * UInt8.to_int rhs - + k * (UInt8.to_int (v_MAX'0 : uint8) - UInt8.to_int (v_MIN'0 : uint8) + 1))} - {[%#snum19] UInt8.to_int self * UInt8.to_int rhs > UInt8.to_int (v_MAX'0 : uint8) + /\ UInt8.to_uint result + = UInt8.to_uint self * UInt8.to_uint rhs + + k * (UInt8.to_uint (v_MAX'0 : UInt8.t) - UInt8.to_uint (v_MIN'0 : UInt8.t) + 1))} + {[%#snum19] UInt8.to_uint self * UInt8.to_uint rhs > UInt8.to_uint (v_MAX'0 : UInt8.t) -> (exists k : int . k > 0 - /\ UInt8.to_int result - = UInt8.to_int self * UInt8.to_int rhs - - k * (UInt8.to_int (v_MAX'0 : uint8) - UInt8.to_int (v_MIN'0 : uint8) + 1))} + /\ UInt8.to_uint result + = UInt8.to_uint self * UInt8.to_uint rhs + - k * (UInt8.to_uint (v_MAX'0 : UInt8.t) - UInt8.to_uint (v_MIN'0 : UInt8.t) + 1))} (! return' {result}) ] - let rec saturating_mul'0 (self:uint8) (rhs:uint8) (return' (ret:uint8))= any - [ return' (result:uint8)-> {[%#snum20] UInt8.to_int self * UInt8.to_int rhs >= UInt8.to_int (v_MIN'0 : uint8) - /\ UInt8.to_int self * UInt8.to_int rhs <= UInt8.to_int (v_MAX'0 : uint8) - -> UInt8.to_int result = UInt8.to_int self * UInt8.to_int rhs} - {[%#snum21] UInt8.to_int self * UInt8.to_int rhs < UInt8.to_int (v_MIN'0 : uint8) - -> UInt8.to_int result = UInt8.to_int (v_MIN'0 : uint8)} - {[%#snum22] UInt8.to_int self * UInt8.to_int rhs > UInt8.to_int (v_MAX'0 : uint8) - -> UInt8.to_int result = UInt8.to_int (v_MAX'0 : uint8)} + let rec saturating_mul'0 (self:UInt8.t) (rhs:UInt8.t) (return' (ret:UInt8.t))= any + [ return' (result:UInt8.t)-> {[%#snum20] UInt8.to_uint self * UInt8.to_uint rhs >= UInt8.to_uint (v_MIN'0 : UInt8.t) + /\ UInt8.to_uint self * UInt8.to_uint rhs <= UInt8.to_uint (v_MAX'0 : UInt8.t) + -> UInt8.to_uint result = UInt8.to_uint self * UInt8.to_uint rhs} + {[%#snum21] UInt8.to_uint self * UInt8.to_uint rhs < UInt8.to_uint (v_MIN'0 : UInt8.t) + -> UInt8.to_uint result = UInt8.to_uint (v_MIN'0 : UInt8.t)} + {[%#snum22] UInt8.to_uint self * UInt8.to_uint rhs > UInt8.to_uint (v_MAX'0 : UInt8.t) + -> UInt8.to_uint result = UInt8.to_uint (v_MAX'0 : UInt8.t)} (! return' {result}) ] - let rec overflowing_mul'0 (self:uint8) (rhs:uint8) (return' (ret:(uint8, bool)))= any - [ return' (result:(uint8, bool))-> {[%#snum23] UInt8.to_int (let (a, _) = result in a) - = EuclideanDivision.mod (UInt8.to_int self * UInt8.to_int rhs) (Power.power 2 (UInt32.to_int (v_BITS'0 : uint32))) - + UInt8.to_int (v_MIN'0 : uint8)} - {[%#snum24] UInt8.to_int self * UInt8.to_int rhs >= UInt8.to_int (v_MIN'0 : uint8) - /\ UInt8.to_int self * UInt8.to_int rhs <= UInt8.to_int (v_MAX'0 : uint8) - -> UInt8.to_int (let (a, _) = result in a) = UInt8.to_int self * UInt8.to_int rhs} - {[%#snum25] UInt8.to_int self * UInt8.to_int rhs < UInt8.to_int (v_MIN'0 : uint8) + let rec overflowing_mul'0 (self:UInt8.t) (rhs:UInt8.t) (return' (ret:(UInt8.t, bool)))= any + [ return' (result:(UInt8.t, bool))-> {[%#snum23] UInt8.to_uint (let (a, _) = result in a) + = EuclideanDivision.mod (UInt8.to_uint self + * UInt8.to_uint rhs) (Power.power 2 (UInt32.to_uint (v_BITS'0 : UInt32.t))) + + UInt8.to_uint (v_MIN'0 : UInt8.t)} + {[%#snum24] UInt8.to_uint self * UInt8.to_uint rhs >= UInt8.to_uint (v_MIN'0 : UInt8.t) + /\ UInt8.to_uint self * UInt8.to_uint rhs <= UInt8.to_uint (v_MAX'0 : UInt8.t) + -> UInt8.to_uint (let (a, _) = result in a) = UInt8.to_uint self * UInt8.to_uint rhs} + {[%#snum25] UInt8.to_uint self * UInt8.to_uint rhs < UInt8.to_uint (v_MIN'0 : UInt8.t) -> (exists k : int . k > 0 - /\ UInt8.to_int (let (a, _) = result in a) - = UInt8.to_int self * UInt8.to_int rhs - + k * (UInt8.to_int (v_MAX'0 : uint8) - UInt8.to_int (v_MIN'0 : uint8) + 1))} - {[%#snum26] UInt8.to_int self * UInt8.to_int rhs > UInt8.to_int (v_MAX'0 : uint8) + /\ UInt8.to_uint (let (a, _) = result in a) + = UInt8.to_uint self * UInt8.to_uint rhs + + k * (UInt8.to_uint (v_MAX'0 : UInt8.t) - UInt8.to_uint (v_MIN'0 : UInt8.t) + 1))} + {[%#snum26] UInt8.to_uint self * UInt8.to_uint rhs > UInt8.to_uint (v_MAX'0 : UInt8.t) -> (exists k : int . k > 0 - /\ UInt8.to_int (let (a, _) = result in a) - = UInt8.to_int self * UInt8.to_int rhs - - k * (UInt8.to_int (v_MAX'0 : uint8) - UInt8.to_int (v_MIN'0 : uint8) + 1))} + /\ UInt8.to_uint (let (a, _) = result in a) + = UInt8.to_uint self * UInt8.to_uint rhs + - k * (UInt8.to_uint (v_MAX'0 : UInt8.t) - UInt8.to_uint (v_MIN'0 : UInt8.t) + 1))} {[%#snum27] (let (_, a) = result in a) - = (UInt8.to_int self * UInt8.to_int rhs < UInt8.to_int (v_MIN'0 : uint8) - \/ UInt8.to_int self * UInt8.to_int rhs > UInt8.to_int (v_MAX'0 : uint8))} + = (UInt8.to_uint self * UInt8.to_uint rhs < UInt8.to_uint (v_MIN'0 : UInt8.t) + \/ UInt8.to_uint self * UInt8.to_uint rhs > UInt8.to_uint (v_MAX'0 : UInt8.t))} (! return' {result}) ] @@ -1765,38 +1784,39 @@ module M_checked_ops__test_u8_mul_zero [#"checked_ops.rs" 102 0 102 30] meta "compute_max_steps" 1000000 - let rec test_u8_mul_zero'0 (a:uint8) (return' (ret:()))= (! bb0 + let rec test_u8_mul_zero'0 (a:UInt8.t) (return' (ret:()))= (! bb0 [ bb0 = s0 - [ s0 = checked_mul'0 {[%#schecked_ops0] (0 : uint8)} {a} (fun (_ret':t_Option'0) -> [ &_5 <- _ret' ] s1) + [ s0 = checked_mul'0 {[%#schecked_ops0] (0 : UInt8.t)} {a} (fun (_ret':t_Option'0) -> [ &_5 <- _ret' ] s1) | s1 = bb1 ] - | bb1 = s0 [ s0 = unwrap'0 {_5} (fun (_ret':uint8) -> [ &_4 <- _ret' ] s1) | s1 = bb2 ] + | bb1 = s0 [ s0 = unwrap'0 {_5} (fun (_ret':UInt8.t) -> [ &_4 <- _ret' ] s1) | s1 = bb2 ] | bb2 = s0 - [ s0 = UInt8.eq {_4} {[%#schecked_ops1] (0 : uint8)} (fun (_ret':bool) -> [ &_3 <- _ret' ] s1) + [ s0 = UInt8.eq {_4} {[%#schecked_ops1] (0 : UInt8.t)} (fun (_ret':bool) -> [ &_3 <- _ret' ] s1) | s1 = any [ br0 -> {_3 = false} (! bb4) | br1 -> {_3} (! bb3) ] ] | bb3 = s0 - [ s0 = wrapping_mul'0 {[%#schecked_ops2] (0 : uint8)} {a} (fun (_ret':uint8) -> [ &_10 <- _ret' ] s1) + [ s0 = wrapping_mul'0 {[%#schecked_ops2] (0 : UInt8.t)} {a} (fun (_ret':UInt8.t) -> [ &_10 <- _ret' ] s1) | s1 = bb5 ] | bb5 = s0 - [ s0 = UInt8.eq {_10} {[%#schecked_ops3] (0 : uint8)} (fun (_ret':bool) -> [ &_9 <- _ret' ] s1) + [ s0 = UInt8.eq {_10} {[%#schecked_ops3] (0 : UInt8.t)} (fun (_ret':bool) -> [ &_9 <- _ret' ] s1) | s1 = any [ br0 -> {_9 = false} (! bb7) | br1 -> {_9} (! bb6) ] ] | bb6 = s0 - [ s0 = saturating_mul'0 {[%#schecked_ops4] (0 : uint8)} {a} (fun (_ret':uint8) -> [ &_15 <- _ret' ] s1) + [ s0 = saturating_mul'0 {[%#schecked_ops4] (0 : UInt8.t)} {a} (fun (_ret':UInt8.t) -> [ &_15 <- _ret' ] s1) | s1 = bb8 ] | bb8 = s0 - [ s0 = UInt8.eq {_15} {[%#schecked_ops5] (0 : uint8)} (fun (_ret':bool) -> [ &_14 <- _ret' ] s1) + [ s0 = UInt8.eq {_15} {[%#schecked_ops5] (0 : UInt8.t)} (fun (_ret':bool) -> [ &_14 <- _ret' ] s1) | s1 = any [ br0 -> {_14 = false} (! bb10) | br1 -> {_14} (! bb9) ] ] | bb9 = s0 - [ s0 = overflowing_mul'0 {[%#schecked_ops6] (0 : uint8)} {a} (fun (_ret':(uint8, bool)) -> [ &res <- _ret' ] s1) + [ s0 = overflowing_mul'0 {[%#schecked_ops6] (0 : UInt8.t)} {a} + (fun (_ret':(UInt8.t, bool)) -> [ &res <- _ret' ] s1) | s1 = bb11 ] | bb11 = s0 - [ s0 = UInt8.eq {let (r'0, _) = res in r'0} {[%#schecked_ops7] (0 : uint8)} + [ s0 = UInt8.eq {let (r'0, _) = res in r'0} {[%#schecked_ops7] (0 : UInt8.t)} (fun (_ret':bool) -> [ &_21 <- _ret' ] s1) | s1 = any [ br0 -> {_21 = false} (! bb15) | br1 -> {_21} (! bb12) ] ] @@ -1813,15 +1833,15 @@ module M_checked_ops__test_u8_mul_zero [#"checked_ops.rs" 102 0 102 30] | bb4 = {[%#schecked_ops12] false} any ] ) [ & _0 : () = any_l () - | & a : uint8 = a + | & a : UInt8.t = a | & _3 : bool = any_l () - | & _4 : uint8 = any_l () + | & _4 : UInt8.t = any_l () | & _5 : t_Option'0 = any_l () | & _9 : bool = any_l () - | & _10 : uint8 = any_l () + | & _10 : UInt8.t = any_l () | & _14 : bool = any_l () - | & _15 : uint8 = any_l () - | & res : (uint8, bool) = any_l () + | & _15 : UInt8.t = any_l () + | & res : (UInt8.t, bool) = any_l () | & _21 : bool = any_l () | & _23 : bool = any_l () ] [ return' (result:())-> (! return' {result}) ] @@ -1829,17 +1849,17 @@ end module M_checked_ops__test_u8_overflowing_mul [#"checked_ops.rs" 111 0 111 44] let%span schecked_ops0 = "checked_ops.rs" 113 4 113 65 let%span schecked_ops1 = "checked_ops.rs" 112 4 112 56 - let%span snum2 = "../../../creusot-contracts/src/std/num.rs" 182 20 182 95 - let%span snum3 = "../../../creusot-contracts/src/std/num.rs" 186 20 187 53 - let%span snum4 = "../../../creusot-contracts/src/std/num.rs" 193 20 195 94 - let%span snum5 = "../../../creusot-contracts/src/std/num.rs" 198 20 200 94 - let%span snum6 = "../../../creusot-contracts/src/std/num.rs" 204 20 204 98 - let%span snum7 = "../../../creusot-contracts/src/std/num.rs" 140 20 140 93 - let%span snum8 = "../../../creusot-contracts/src/std/num.rs" 144 20 145 51 - let%span snum9 = "../../../creusot-contracts/src/std/num.rs" 151 20 153 92 - let%span snum10 = "../../../creusot-contracts/src/std/num.rs" 156 20 158 92 - let%span snum11 = "../../../creusot-contracts/src/std/num.rs" 128 20 129 89 - let%span snum12 = "../../../creusot-contracts/src/std/num.rs" 132 26 132 87 + let%span snum2 = "../../../creusot-contracts/src/std/num.rs" 225 20 225 95 + let%span snum3 = "../../../creusot-contracts/src/std/num.rs" 229 20 230 53 + let%span snum4 = "../../../creusot-contracts/src/std/num.rs" 236 20 238 94 + let%span snum5 = "../../../creusot-contracts/src/std/num.rs" 241 20 243 94 + let%span snum6 = "../../../creusot-contracts/src/std/num.rs" 247 20 247 98 + let%span snum7 = "../../../creusot-contracts/src/std/num.rs" 183 20 183 93 + let%span snum8 = "../../../creusot-contracts/src/std/num.rs" 187 20 188 51 + let%span snum9 = "../../../creusot-contracts/src/std/num.rs" 194 20 196 92 + let%span snum10 = "../../../creusot-contracts/src/std/num.rs" 199 20 201 92 + let%span snum11 = "../../../creusot-contracts/src/std/num.rs" 171 20 172 89 + let%span snum12 = "../../../creusot-contracts/src/std/num.rs" 175 26 175 87 let%span soption13 = "../../../creusot-contracts/src/std/option.rs" 51 26 51 51 use prelude.prelude.UInt8 @@ -1848,7 +1868,7 @@ module M_checked_ops__test_u8_overflowing_mul [#"checked_ops.rs" 111 0 111 44] use prelude.prelude.UInt32 - constant v_BITS'0 : uint32 = (8 : uint32) + constant v_BITS'0 : UInt32.t = (8 : UInt32.t) use prelude.prelude.UInt32 @@ -1858,62 +1878,64 @@ module M_checked_ops__test_u8_overflowing_mul [#"checked_ops.rs" 111 0 111 44] use prelude.prelude.UInt8 - constant v_MIN'0 : uint8 = (0 : uint8) + constant v_MIN'0 : UInt8.t = (0 : UInt8.t) - constant v_MAX'0 : uint8 = (255 : uint8) + constant v_MAX'0 : UInt8.t = (255 : UInt8.t) - let rec overflowing_mul'0 (self:uint8) (rhs:uint8) (return' (ret:(uint8, bool)))= any - [ return' (result:(uint8, bool))-> {[%#snum2] UInt8.to_int (let (a, _) = result in a) - = EuclideanDivision.mod (UInt8.to_int self * UInt8.to_int rhs) (Power.power 2 (UInt32.to_int (v_BITS'0 : uint32))) - + UInt8.to_int (v_MIN'0 : uint8)} - {[%#snum3] UInt8.to_int self * UInt8.to_int rhs >= UInt8.to_int (v_MIN'0 : uint8) - /\ UInt8.to_int self * UInt8.to_int rhs <= UInt8.to_int (v_MAX'0 : uint8) - -> UInt8.to_int (let (a, _) = result in a) = UInt8.to_int self * UInt8.to_int rhs} - {[%#snum4] UInt8.to_int self * UInt8.to_int rhs < UInt8.to_int (v_MIN'0 : uint8) + let rec overflowing_mul'0 (self:UInt8.t) (rhs:UInt8.t) (return' (ret:(UInt8.t, bool)))= any + [ return' (result:(UInt8.t, bool))-> {[%#snum2] UInt8.to_uint (let (a, _) = result in a) + = EuclideanDivision.mod (UInt8.to_uint self + * UInt8.to_uint rhs) (Power.power 2 (UInt32.to_uint (v_BITS'0 : UInt32.t))) + + UInt8.to_uint (v_MIN'0 : UInt8.t)} + {[%#snum3] UInt8.to_uint self * UInt8.to_uint rhs >= UInt8.to_uint (v_MIN'0 : UInt8.t) + /\ UInt8.to_uint self * UInt8.to_uint rhs <= UInt8.to_uint (v_MAX'0 : UInt8.t) + -> UInt8.to_uint (let (a, _) = result in a) = UInt8.to_uint self * UInt8.to_uint rhs} + {[%#snum4] UInt8.to_uint self * UInt8.to_uint rhs < UInt8.to_uint (v_MIN'0 : UInt8.t) -> (exists k : int . k > 0 - /\ UInt8.to_int (let (a, _) = result in a) - = UInt8.to_int self * UInt8.to_int rhs - + k * (UInt8.to_int (v_MAX'0 : uint8) - UInt8.to_int (v_MIN'0 : uint8) + 1))} - {[%#snum5] UInt8.to_int self * UInt8.to_int rhs > UInt8.to_int (v_MAX'0 : uint8) + /\ UInt8.to_uint (let (a, _) = result in a) + = UInt8.to_uint self * UInt8.to_uint rhs + + k * (UInt8.to_uint (v_MAX'0 : UInt8.t) - UInt8.to_uint (v_MIN'0 : UInt8.t) + 1))} + {[%#snum5] UInt8.to_uint self * UInt8.to_uint rhs > UInt8.to_uint (v_MAX'0 : UInt8.t) -> (exists k : int . k > 0 - /\ UInt8.to_int (let (a, _) = result in a) - = UInt8.to_int self * UInt8.to_int rhs - - k * (UInt8.to_int (v_MAX'0 : uint8) - UInt8.to_int (v_MIN'0 : uint8) + 1))} + /\ UInt8.to_uint (let (a, _) = result in a) + = UInt8.to_uint self * UInt8.to_uint rhs + - k * (UInt8.to_uint (v_MAX'0 : UInt8.t) - UInt8.to_uint (v_MIN'0 : UInt8.t) + 1))} {[%#snum6] (let (_, a) = result in a) - = (UInt8.to_int self * UInt8.to_int rhs < UInt8.to_int (v_MIN'0 : uint8) - \/ UInt8.to_int self * UInt8.to_int rhs > UInt8.to_int (v_MAX'0 : uint8))} + = (UInt8.to_uint self * UInt8.to_uint rhs < UInt8.to_uint (v_MIN'0 : UInt8.t) + \/ UInt8.to_uint self * UInt8.to_uint rhs > UInt8.to_uint (v_MAX'0 : UInt8.t))} (! return' {result}) ] - let rec wrapping_mul'0 (self:uint8) (rhs:uint8) (return' (ret:uint8))= any - [ return' (result:uint8)-> {[%#snum7] UInt8.to_int result - = EuclideanDivision.mod (UInt8.to_int self * UInt8.to_int rhs) (Power.power 2 (UInt32.to_int (v_BITS'0 : uint32))) - + UInt8.to_int (v_MIN'0 : uint8)} - {[%#snum8] UInt8.to_int self * UInt8.to_int rhs >= UInt8.to_int (v_MIN'0 : uint8) - /\ UInt8.to_int self * UInt8.to_int rhs <= UInt8.to_int (v_MAX'0 : uint8) - -> UInt8.to_int result = UInt8.to_int self * UInt8.to_int rhs} - {[%#snum9] UInt8.to_int self * UInt8.to_int rhs < UInt8.to_int (v_MIN'0 : uint8) + let rec wrapping_mul'0 (self:UInt8.t) (rhs:UInt8.t) (return' (ret:UInt8.t))= any + [ return' (result:UInt8.t)-> {[%#snum7] UInt8.to_uint result + = EuclideanDivision.mod (UInt8.to_uint self + * UInt8.to_uint rhs) (Power.power 2 (UInt32.to_uint (v_BITS'0 : UInt32.t))) + + UInt8.to_uint (v_MIN'0 : UInt8.t)} + {[%#snum8] UInt8.to_uint self * UInt8.to_uint rhs >= UInt8.to_uint (v_MIN'0 : UInt8.t) + /\ UInt8.to_uint self * UInt8.to_uint rhs <= UInt8.to_uint (v_MAX'0 : UInt8.t) + -> UInt8.to_uint result = UInt8.to_uint self * UInt8.to_uint rhs} + {[%#snum9] UInt8.to_uint self * UInt8.to_uint rhs < UInt8.to_uint (v_MIN'0 : UInt8.t) -> (exists k : int . k > 0 - /\ UInt8.to_int result - = UInt8.to_int self * UInt8.to_int rhs - + k * (UInt8.to_int (v_MAX'0 : uint8) - UInt8.to_int (v_MIN'0 : uint8) + 1))} - {[%#snum10] UInt8.to_int self * UInt8.to_int rhs > UInt8.to_int (v_MAX'0 : uint8) + /\ UInt8.to_uint result + = UInt8.to_uint self * UInt8.to_uint rhs + + k * (UInt8.to_uint (v_MAX'0 : UInt8.t) - UInt8.to_uint (v_MIN'0 : UInt8.t) + 1))} + {[%#snum10] UInt8.to_uint self * UInt8.to_uint rhs > UInt8.to_uint (v_MAX'0 : UInt8.t) -> (exists k : int . k > 0 - /\ UInt8.to_int result - = UInt8.to_int self * UInt8.to_int rhs - - k * (UInt8.to_int (v_MAX'0 : uint8) - UInt8.to_int (v_MIN'0 : uint8) + 1))} + /\ UInt8.to_uint result + = UInt8.to_uint self * UInt8.to_uint rhs + - k * (UInt8.to_uint (v_MAX'0 : UInt8.t) - UInt8.to_uint (v_MIN'0 : UInt8.t) + 1))} (! return' {result}) ] type t_Option'0 = | C_None'0 - | C_Some'0 uint8 + | C_Some'0 UInt8.t - let rec checked_mul'0 (self:uint8) (rhs:uint8) (return' (ret:t_Option'0))= any + let rec checked_mul'0 (self:UInt8.t) (rhs:UInt8.t) (return' (ret:t_Option'0))= any [ return' (result:t_Option'0)-> {[%#snum11] (result = C_None'0) - = (UInt8.to_int self * UInt8.to_int rhs < UInt8.to_int (v_MIN'0 : uint8) - \/ UInt8.to_int self * UInt8.to_int rhs > UInt8.to_int (v_MAX'0 : uint8))} - {[%#snum12] forall r : uint8 . result = C_Some'0 r -> UInt8.to_int r = UInt8.to_int self * UInt8.to_int rhs} + = (UInt8.to_uint self * UInt8.to_uint rhs < UInt8.to_uint (v_MIN'0 : UInt8.t) + \/ UInt8.to_uint self * UInt8.to_uint rhs > UInt8.to_uint (v_MAX'0 : UInt8.t))} + {[%#snum12] forall r : UInt8.t . result = C_Some'0 r -> UInt8.to_uint r = UInt8.to_uint self * UInt8.to_uint rhs} (! return' {result}) ] @@ -1932,14 +1954,14 @@ module M_checked_ops__test_u8_overflowing_mul [#"checked_ops.rs" 111 0 111 44] meta "compute_max_steps" 1000000 - let rec test_u8_overflowing_mul'0 (a:uint8) (b:uint8) (return' (ret:()))= (! bb0 - [ bb0 = s0 [ s0 = overflowing_mul'0 {a} {b} (fun (_ret':(uint8, bool)) -> [ &_6 <- _ret' ] s1) | s1 = bb1 ] - | bb1 = s0 [ s0 = wrapping_mul'0 {a} {b} (fun (_ret':uint8) -> [ &_9 <- _ret' ] s1) | s1 = bb2 ] + let rec test_u8_overflowing_mul'0 (a:UInt8.t) (b:UInt8.t) (return' (ret:()))= (! bb0 + [ bb0 = s0 [ s0 = overflowing_mul'0 {a} {b} (fun (_ret':(UInt8.t, bool)) -> [ &_6 <- _ret' ] s1) | s1 = bb1 ] + | bb1 = s0 [ s0 = wrapping_mul'0 {a} {b} (fun (_ret':UInt8.t) -> [ &_9 <- _ret' ] s1) | s1 = bb2 ] | bb2 = s0 [ s0 = UInt8.eq {let (r'0, _) = _6 in r'0} {_9} (fun (_ret':bool) -> [ &_4 <- _ret' ] s1) | s1 = any [ br0 -> {_4 = false} (! bb4) | br1 -> {_4} (! bb3) ] ] - | bb3 = s0 [ s0 = overflowing_mul'0 {a} {b} (fun (_ret':(uint8, bool)) -> [ &_16 <- _ret' ] s1) | s1 = bb5 ] + | bb3 = s0 [ s0 = overflowing_mul'0 {a} {b} (fun (_ret':(UInt8.t, bool)) -> [ &_16 <- _ret' ] s1) | s1 = bb5 ] | bb5 = s0 [ s0 = checked_mul'0 {a} {b} (fun (_ret':t_Option'0) -> [ &_21 <- _ret' ] s1) | s1 = bb6 ] | bb6 = s0 [ s0 = is_none'0 {_21} (fun (_ret':bool) -> [ &_19 <- _ret' ] s1) | s1 = bb7 ] | bb7 = s0 @@ -1951,13 +1973,13 @@ module M_checked_ops__test_u8_overflowing_mul [#"checked_ops.rs" 111 0 111 44] | bb4 = {[%#schecked_ops1] false} any ] ) [ & _0 : () = any_l () - | & a : uint8 = a - | & b : uint8 = b + | & a : UInt8.t = a + | & b : UInt8.t = b | & _4 : bool = any_l () - | & _6 : (uint8, bool) = any_l () - | & _9 : uint8 = any_l () + | & _6 : (UInt8.t, bool) = any_l () + | & _9 : UInt8.t = any_l () | & _14 : bool = any_l () - | & _16 : (uint8, bool) = any_l () + | & _16 : (UInt8.t, bool) = any_l () | & _19 : bool = any_l () | & _21 : t_Option'0 = any_l () ] [ return' (result:())-> (! return' {result}) ] @@ -1983,38 +2005,38 @@ module M_checked_ops__test_u8_div_example [#"checked_ops.rs" 117 0 117 28] let%span schecked_ops17 = "checked_ops.rs" 120 4 120 37 let%span schecked_ops18 = "checked_ops.rs" 119 4 119 45 let%span schecked_ops19 = "checked_ops.rs" 118 4 118 41 - let%span snum20 = "../../../creusot-contracts/src/std/num.rs" 66 26 66 97 - let%span snum21 = "../../../creusot-contracts/src/std/num.rs" 68 26 68 83 + let%span snum20 = "../../../creusot-contracts/src/std/num.rs" 109 26 109 97 + let%span snum21 = "../../../creusot-contracts/src/std/num.rs" 111 26 111 83 let%span soption22 = "../../../creusot-contracts/src/std/option.rs" 51 26 51 51 let%span soption23 = "../../../creusot-contracts/src/std/option.rs" 31 0 423 1 - let%span snum24 = "../../../creusot-contracts/src/std/num.rs" 74 27 74 36 - let%span snum25 = "../../../creusot-contracts/src/std/num.rs" 76 26 76 83 - let%span snum26 = "../../../creusot-contracts/src/std/num.rs" 78 26 78 89 - let%span snum27 = "../../../creusot-contracts/src/std/num.rs" 84 27 84 36 - let%span snum28 = "../../../creusot-contracts/src/std/num.rs" 86 26 86 89 - let%span snum29 = "../../../creusot-contracts/src/std/num.rs" 88 26 88 89 - let%span snum30 = "../../../creusot-contracts/src/std/num.rs" 94 27 94 36 - let%span snum31 = "../../../creusot-contracts/src/std/num.rs" 96 26 96 85 - let%span snum32 = "../../../creusot-contracts/src/std/num.rs" 98 26 98 91 - let%span snum33 = "../../../creusot-contracts/src/std/num.rs" 100 26 100 74 + let%span snum24 = "../../../creusot-contracts/src/std/num.rs" 117 27 117 36 + let%span snum25 = "../../../creusot-contracts/src/std/num.rs" 119 26 119 83 + let%span snum26 = "../../../creusot-contracts/src/std/num.rs" 121 26 121 89 + let%span snum27 = "../../../creusot-contracts/src/std/num.rs" 127 27 127 36 + let%span snum28 = "../../../creusot-contracts/src/std/num.rs" 129 26 129 89 + let%span snum29 = "../../../creusot-contracts/src/std/num.rs" 131 26 131 89 + let%span snum30 = "../../../creusot-contracts/src/std/num.rs" 137 27 137 36 + let%span snum31 = "../../../creusot-contracts/src/std/num.rs" 139 26 139 85 + let%span snum32 = "../../../creusot-contracts/src/std/num.rs" 141 26 141 91 + let%span snum33 = "../../../creusot-contracts/src/std/num.rs" 143 26 143 74 + + use prelude.prelude.Int use prelude.prelude.UInt8 type t_Option'0 = | C_None'0 - | C_Some'0 uint8 + | C_Some'0 UInt8.t use prelude.prelude.UInt8 - constant v_MIN'0 : uint8 = (0 : uint8) + constant v_MIN'0 : UInt8.t = (0 : UInt8.t) - use prelude.prelude.Int - - let rec checked_div'0 (self:uint8) (rhs:uint8) (return' (ret:t_Option'0))= any + let rec checked_div'0 (self:UInt8.t) (rhs:UInt8.t) (return' (ret:t_Option'0))= any [ return' (result:t_Option'0)-> {[%#snum20] (result = C_None'0) - = (UInt8.to_int rhs = 0 \/ UInt8.to_int self = UInt8.to_int (v_MIN'0 : uint8) /\ UInt8.to_int rhs = - 1)} - {[%#snum21] forall r : uint8 . result = C_Some'0 r - -> UInt8.to_int r = div (UInt8.to_int self) (UInt8.to_int rhs)} + = (UInt8.to_uint rhs = 0 \/ UInt8.to_uint self = UInt8.to_uint (v_MIN'0 : UInt8.t) /\ UInt8.to_uint rhs = - 1)} + {[%#snum21] forall r : UInt8.t . result = C_Some'0 r + -> UInt8.to_uint r = div (UInt8.to_uint self) (UInt8.to_uint rhs)} (! return' {result}) ] @@ -2031,43 +2053,43 @@ module M_checked_ops__test_u8_div_example [#"checked_ops.rs" 117 0 117 28] axiom inv_axiom'1 [@rewrite] : forall x : t_Option'0 [inv'1 x] . inv'1 x = true - predicate inv'2 (_1 : uint8) + predicate inv'2 (_1 : UInt8.t) - axiom inv_axiom'2 [@rewrite] : forall x : uint8 [inv'2 x] . inv'2 x = true + axiom inv_axiom'2 [@rewrite] : forall x : UInt8.t [inv'2 x] . inv'2 x = true - let rec unwrap'0 (self:t_Option'0) (return' (ret:uint8))= {[@expl:unwrap 'self' type invariant] inv'1 self} + let rec unwrap'0 (self:t_Option'0) (return' (ret:UInt8.t))= {[@expl:unwrap 'self' type invariant] inv'1 self} {[@expl:unwrap requires] [%#soption23] self <> C_None'0} - any [ return' (result:uint8)-> {inv'2 result} {[%#soption23] C_Some'0 result = self} (! return' {result}) ] + any [ return' (result:UInt8.t)-> {inv'2 result} {[%#soption23] C_Some'0 result = self} (! return' {result}) ] - let rec wrapping_div'0 (self:uint8) (rhs:uint8) (return' (ret:uint8))= {[@expl:wrapping_div requires] [%#snum24] UInt8.to_int rhs + let rec wrapping_div'0 (self:UInt8.t) (rhs:UInt8.t) (return' (ret:UInt8.t))= {[@expl:wrapping_div requires] [%#snum24] UInt8.to_uint rhs <> 0} any - [ return' (result:uint8)-> {[%#snum25] UInt8.to_int self = UInt8.to_int (v_MIN'0 : uint8) /\ UInt8.to_int rhs = - 1 - -> UInt8.to_int result = UInt8.to_int self} - {[%#snum26] UInt8.to_int self = UInt8.to_int (v_MIN'0 : uint8) /\ UInt8.to_int rhs = - 1 - \/ UInt8.to_int result = div (UInt8.to_int self) (UInt8.to_int rhs)} + [ return' (result:UInt8.t)-> {[%#snum25] UInt8.to_uint self = UInt8.to_uint (v_MIN'0 : UInt8.t) + /\ UInt8.to_uint rhs = - 1 -> UInt8.to_uint result = UInt8.to_uint self} + {[%#snum26] UInt8.to_uint self = UInt8.to_uint (v_MIN'0 : UInt8.t) /\ UInt8.to_uint rhs = - 1 + \/ UInt8.to_uint result = div (UInt8.to_uint self) (UInt8.to_uint rhs)} (! return' {result}) ] - let rec saturating_div'0 (self:uint8) (rhs:uint8) (return' (ret:uint8))= {[@expl:saturating_div requires] [%#snum27] UInt8.to_int rhs + let rec saturating_div'0 (self:UInt8.t) (rhs:UInt8.t) (return' (ret:UInt8.t))= {[@expl:saturating_div requires] [%#snum27] UInt8.to_uint rhs <> 0} any - [ return' (result:uint8)-> {[%#snum28] UInt8.to_int self = UInt8.to_int (v_MIN'0 : uint8) /\ UInt8.to_int rhs = - 1 - -> UInt8.to_int result = UInt8.to_int (v_MIN'0 : uint8)} - {[%#snum29] UInt8.to_int self = UInt8.to_int (v_MIN'0 : uint8) /\ UInt8.to_int rhs = - 1 - \/ UInt8.to_int result = div (UInt8.to_int self) (UInt8.to_int rhs)} + [ return' (result:UInt8.t)-> {[%#snum28] UInt8.to_uint self = UInt8.to_uint (v_MIN'0 : UInt8.t) + /\ UInt8.to_uint rhs = - 1 -> UInt8.to_uint result = UInt8.to_uint (v_MIN'0 : UInt8.t)} + {[%#snum29] UInt8.to_uint self = UInt8.to_uint (v_MIN'0 : UInt8.t) /\ UInt8.to_uint rhs = - 1 + \/ UInt8.to_uint result = div (UInt8.to_uint self) (UInt8.to_uint rhs)} (! return' {result}) ] - let rec overflowing_div'0 (self:uint8) (rhs:uint8) (return' (ret:(uint8, bool)))= {[@expl:overflowing_div requires] [%#snum30] UInt8.to_int rhs + let rec overflowing_div'0 (self:UInt8.t) (rhs:UInt8.t) (return' (ret:(UInt8.t, bool)))= {[@expl:overflowing_div requires] [%#snum30] UInt8.to_uint rhs <> 0} any - [ return' (result:(uint8, bool))-> {[%#snum31] UInt8.to_int self = UInt8.to_int (v_MIN'0 : uint8) - /\ UInt8.to_int rhs = - 1 -> UInt8.to_int (let (a, _) = result in a) = UInt8.to_int self} - {[%#snum32] UInt8.to_int self = UInt8.to_int (v_MIN'0 : uint8) /\ UInt8.to_int rhs = - 1 - \/ UInt8.to_int (let (a, _) = result in a) = div (UInt8.to_int self) (UInt8.to_int rhs)} + [ return' (result:(UInt8.t, bool))-> {[%#snum31] UInt8.to_uint self = UInt8.to_uint (v_MIN'0 : UInt8.t) + /\ UInt8.to_uint rhs = - 1 -> UInt8.to_uint (let (a, _) = result in a) = UInt8.to_uint self} + {[%#snum32] UInt8.to_uint self = UInt8.to_uint (v_MIN'0 : UInt8.t) /\ UInt8.to_uint rhs = - 1 + \/ UInt8.to_uint (let (a, _) = result in a) = div (UInt8.to_uint self) (UInt8.to_uint rhs)} {[%#snum33] (let (_, a) = result in a) - = (UInt8.to_int self = UInt8.to_int (v_MIN'0 : uint8) /\ UInt8.to_int rhs = - 1)} + = (UInt8.to_uint self = UInt8.to_uint (v_MIN'0 : UInt8.t) /\ UInt8.to_uint rhs = - 1)} (! return' {result}) ] @@ -2079,47 +2101,47 @@ module M_checked_ops__test_u8_div_example [#"checked_ops.rs" 117 0 117 28] let rec test_u8_div_example'0 (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 - [ s0 = checked_div'0 {[%#schecked_ops0] (5 : uint8)} {[%#schecked_ops1] (0 : uint8)} + [ s0 = checked_div'0 {[%#schecked_ops0] (5 : UInt8.t)} {[%#schecked_ops1] (0 : UInt8.t)} (fun (_ret':t_Option'0) -> [ &_4 <- _ret' ] s1) | s1 = bb1 ] | bb1 = s0 [ s0 = is_none'0 {_4} (fun (_ret':bool) -> [ &_2 <- _ret' ] s1) | s1 = bb2 ] | bb2 = any [ br0 -> {_2 = false} (! bb4) | br1 -> {_2} (! bb3) ] | bb3 = s0 - [ s0 = checked_div'0 {[%#schecked_ops2] (5 : uint8)} {[%#schecked_ops3] (2 : uint8)} + [ s0 = checked_div'0 {[%#schecked_ops2] (5 : UInt8.t)} {[%#schecked_ops3] (2 : UInt8.t)} (fun (_ret':t_Option'0) -> [ &_9 <- _ret' ] s1) | s1 = bb5 ] - | bb5 = s0 [ s0 = unwrap'0 {_9} (fun (_ret':uint8) -> [ &_8 <- _ret' ] s1) | s1 = bb6 ] + | bb5 = s0 [ s0 = unwrap'0 {_9} (fun (_ret':UInt8.t) -> [ &_8 <- _ret' ] s1) | s1 = bb6 ] | bb6 = s0 - [ s0 = UInt8.eq {_8} {[%#schecked_ops4] (2 : uint8)} (fun (_ret':bool) -> [ &_7 <- _ret' ] s1) + [ s0 = UInt8.eq {_8} {[%#schecked_ops4] (2 : UInt8.t)} (fun (_ret':bool) -> [ &_7 <- _ret' ] s1) | s1 = any [ br0 -> {_7 = false} (! bb8) | br1 -> {_7} (! bb7) ] ] | bb7 = s0 - [ s0 = wrapping_div'0 {[%#schecked_ops5] (5 : uint8)} {[%#schecked_ops6] (2 : uint8)} - (fun (_ret':uint8) -> [ &_13 <- _ret' ] s1) + [ s0 = wrapping_div'0 {[%#schecked_ops5] (5 : UInt8.t)} {[%#schecked_ops6] (2 : UInt8.t)} + (fun (_ret':UInt8.t) -> [ &_13 <- _ret' ] s1) | s1 = bb9 ] | bb9 = s0 - [ s0 = UInt8.eq {_13} {[%#schecked_ops7] (2 : uint8)} (fun (_ret':bool) -> [ &_12 <- _ret' ] s1) + [ s0 = UInt8.eq {_13} {[%#schecked_ops7] (2 : UInt8.t)} (fun (_ret':bool) -> [ &_12 <- _ret' ] s1) | s1 = any [ br0 -> {_12 = false} (! bb11) | br1 -> {_12} (! bb10) ] ] | bb10 = s0 - [ s0 = saturating_div'0 {[%#schecked_ops8] (5 : uint8)} {[%#schecked_ops9] (2 : uint8)} - (fun (_ret':uint8) -> [ &_17 <- _ret' ] s1) + [ s0 = saturating_div'0 {[%#schecked_ops8] (5 : UInt8.t)} {[%#schecked_ops9] (2 : UInt8.t)} + (fun (_ret':UInt8.t) -> [ &_17 <- _ret' ] s1) | s1 = bb12 ] | bb12 = s0 - [ s0 = UInt8.eq {_17} {[%#schecked_ops10] (2 : uint8)} (fun (_ret':bool) -> [ &_16 <- _ret' ] s1) + [ s0 = UInt8.eq {_17} {[%#schecked_ops10] (2 : UInt8.t)} (fun (_ret':bool) -> [ &_16 <- _ret' ] s1) | s1 = any [ br0 -> {_16 = false} (! bb14) | br1 -> {_16} (! bb13) ] ] | bb13 = s0 - [ s0 = overflowing_div'0 {[%#schecked_ops11] (5 : uint8)} {[%#schecked_ops12] (2 : uint8)} - (fun (_ret':(uint8, bool)) -> [ &res <- _ret' ] s1) + [ s0 = overflowing_div'0 {[%#schecked_ops11] (5 : UInt8.t)} {[%#schecked_ops12] (2 : UInt8.t)} + (fun (_ret':(UInt8.t, bool)) -> [ &res <- _ret' ] s1) | s1 = bb15 ] | bb15 = s0 - [ s0 = UInt8.eq {let (r'0, _) = res in r'0} {[%#schecked_ops13] (2 : uint8)} + [ s0 = UInt8.eq {let (r'0, _) = res in r'0} {[%#schecked_ops13] (2 : UInt8.t)} (fun (_ret':bool) -> [ &_21 <- _ret' ] s1) | s1 = any [ br0 -> {_21 = false} (! bb19) | br1 -> {_21} (! bb16) ] ] @@ -2140,13 +2162,13 @@ module M_checked_ops__test_u8_div_example [#"checked_ops.rs" 117 0 117 28] | & _2 : bool = any_l () | & _4 : t_Option'0 = any_l () | & _7 : bool = any_l () - | & _8 : uint8 = any_l () + | & _8 : UInt8.t = any_l () | & _9 : t_Option'0 = any_l () | & _12 : bool = any_l () - | & _13 : uint8 = any_l () + | & _13 : UInt8.t = any_l () | & _16 : bool = any_l () - | & _17 : uint8 = any_l () - | & res : (uint8, bool) = any_l () + | & _17 : UInt8.t = any_l () + | & res : (UInt8.t, bool) = any_l () | & _21 : bool = any_l () | & _23 : bool = any_l () ] [ return' (result:())-> (! return' {result}) ] @@ -2162,37 +2184,37 @@ module M_checked_ops__test_u8_div_no_overflow [#"checked_ops.rs" 128 0 128 44] let%span schecked_ops7 = "checked_ops.rs" 130 4 130 39 let%span schecked_ops8 = "checked_ops.rs" 129 4 129 47 let%span schecked_ops9 = "checked_ops.rs" 127 11 127 18 - let%span snum10 = "../../../creusot-contracts/src/std/num.rs" 66 26 66 97 - let%span snum11 = "../../../creusot-contracts/src/std/num.rs" 68 26 68 83 + let%span snum10 = "../../../creusot-contracts/src/std/num.rs" 109 26 109 97 + let%span snum11 = "../../../creusot-contracts/src/std/num.rs" 111 26 111 83 let%span soption12 = "../../../creusot-contracts/src/std/option.rs" 31 0 423 1 - let%span snum13 = "../../../creusot-contracts/src/std/num.rs" 74 27 74 36 - let%span snum14 = "../../../creusot-contracts/src/std/num.rs" 76 26 76 83 - let%span snum15 = "../../../creusot-contracts/src/std/num.rs" 78 26 78 89 - let%span snum16 = "../../../creusot-contracts/src/std/num.rs" 84 27 84 36 - let%span snum17 = "../../../creusot-contracts/src/std/num.rs" 86 26 86 89 - let%span snum18 = "../../../creusot-contracts/src/std/num.rs" 88 26 88 89 - let%span snum19 = "../../../creusot-contracts/src/std/num.rs" 94 27 94 36 - let%span snum20 = "../../../creusot-contracts/src/std/num.rs" 96 26 96 85 - let%span snum21 = "../../../creusot-contracts/src/std/num.rs" 98 26 98 91 - let%span snum22 = "../../../creusot-contracts/src/std/num.rs" 100 26 100 74 + let%span snum13 = "../../../creusot-contracts/src/std/num.rs" 117 27 117 36 + let%span snum14 = "../../../creusot-contracts/src/std/num.rs" 119 26 119 83 + let%span snum15 = "../../../creusot-contracts/src/std/num.rs" 121 26 121 89 + let%span snum16 = "../../../creusot-contracts/src/std/num.rs" 127 27 127 36 + let%span snum17 = "../../../creusot-contracts/src/std/num.rs" 129 26 129 89 + let%span snum18 = "../../../creusot-contracts/src/std/num.rs" 131 26 131 89 + let%span snum19 = "../../../creusot-contracts/src/std/num.rs" 137 27 137 36 + let%span snum20 = "../../../creusot-contracts/src/std/num.rs" 139 26 139 85 + let%span snum21 = "../../../creusot-contracts/src/std/num.rs" 141 26 141 91 + let%span snum22 = "../../../creusot-contracts/src/std/num.rs" 143 26 143 74 + + use prelude.prelude.Int use prelude.prelude.UInt8 type t_Option'0 = | C_None'0 - | C_Some'0 uint8 + | C_Some'0 UInt8.t use prelude.prelude.UInt8 - constant v_MIN'0 : uint8 = (0 : uint8) - - use prelude.prelude.Int + constant v_MIN'0 : UInt8.t = (0 : UInt8.t) - let rec checked_div'0 (self:uint8) (rhs:uint8) (return' (ret:t_Option'0))= any + let rec checked_div'0 (self:UInt8.t) (rhs:UInt8.t) (return' (ret:t_Option'0))= any [ return' (result:t_Option'0)-> {[%#snum10] (result = C_None'0) - = (UInt8.to_int rhs = 0 \/ UInt8.to_int self = UInt8.to_int (v_MIN'0 : uint8) /\ UInt8.to_int rhs = - 1)} - {[%#snum11] forall r : uint8 . result = C_Some'0 r - -> UInt8.to_int r = div (UInt8.to_int self) (UInt8.to_int rhs)} + = (UInt8.to_uint rhs = 0 \/ UInt8.to_uint self = UInt8.to_uint (v_MIN'0 : UInt8.t) /\ UInt8.to_uint rhs = - 1)} + {[%#snum11] forall r : UInt8.t . result = C_Some'0 r + -> UInt8.to_uint r = div (UInt8.to_uint self) (UInt8.to_uint rhs)} (! return' {result}) ] @@ -2200,43 +2222,43 @@ module M_checked_ops__test_u8_div_no_overflow [#"checked_ops.rs" 128 0 128 44] axiom inv_axiom'0 [@rewrite] : forall x : t_Option'0 [inv'0 x] . inv'0 x = true - predicate inv'1 (_1 : uint8) + predicate inv'1 (_1 : UInt8.t) - axiom inv_axiom'1 [@rewrite] : forall x : uint8 [inv'1 x] . inv'1 x = true + axiom inv_axiom'1 [@rewrite] : forall x : UInt8.t [inv'1 x] . inv'1 x = true - let rec unwrap'0 (self:t_Option'0) (return' (ret:uint8))= {[@expl:unwrap 'self' type invariant] inv'0 self} + let rec unwrap'0 (self:t_Option'0) (return' (ret:UInt8.t))= {[@expl:unwrap 'self' type invariant] inv'0 self} {[@expl:unwrap requires] [%#soption12] self <> C_None'0} - any [ return' (result:uint8)-> {inv'1 result} {[%#soption12] C_Some'0 result = self} (! return' {result}) ] + any [ return' (result:UInt8.t)-> {inv'1 result} {[%#soption12] C_Some'0 result = self} (! return' {result}) ] - let rec wrapping_div'0 (self:uint8) (rhs:uint8) (return' (ret:uint8))= {[@expl:wrapping_div requires] [%#snum13] UInt8.to_int rhs + let rec wrapping_div'0 (self:UInt8.t) (rhs:UInt8.t) (return' (ret:UInt8.t))= {[@expl:wrapping_div requires] [%#snum13] UInt8.to_uint rhs <> 0} any - [ return' (result:uint8)-> {[%#snum14] UInt8.to_int self = UInt8.to_int (v_MIN'0 : uint8) /\ UInt8.to_int rhs = - 1 - -> UInt8.to_int result = UInt8.to_int self} - {[%#snum15] UInt8.to_int self = UInt8.to_int (v_MIN'0 : uint8) /\ UInt8.to_int rhs = - 1 - \/ UInt8.to_int result = div (UInt8.to_int self) (UInt8.to_int rhs)} + [ return' (result:UInt8.t)-> {[%#snum14] UInt8.to_uint self = UInt8.to_uint (v_MIN'0 : UInt8.t) + /\ UInt8.to_uint rhs = - 1 -> UInt8.to_uint result = UInt8.to_uint self} + {[%#snum15] UInt8.to_uint self = UInt8.to_uint (v_MIN'0 : UInt8.t) /\ UInt8.to_uint rhs = - 1 + \/ UInt8.to_uint result = div (UInt8.to_uint self) (UInt8.to_uint rhs)} (! return' {result}) ] - let rec saturating_div'0 (self:uint8) (rhs:uint8) (return' (ret:uint8))= {[@expl:saturating_div requires] [%#snum16] UInt8.to_int rhs + let rec saturating_div'0 (self:UInt8.t) (rhs:UInt8.t) (return' (ret:UInt8.t))= {[@expl:saturating_div requires] [%#snum16] UInt8.to_uint rhs <> 0} any - [ return' (result:uint8)-> {[%#snum17] UInt8.to_int self = UInt8.to_int (v_MIN'0 : uint8) /\ UInt8.to_int rhs = - 1 - -> UInt8.to_int result = UInt8.to_int (v_MIN'0 : uint8)} - {[%#snum18] UInt8.to_int self = UInt8.to_int (v_MIN'0 : uint8) /\ UInt8.to_int rhs = - 1 - \/ UInt8.to_int result = div (UInt8.to_int self) (UInt8.to_int rhs)} + [ return' (result:UInt8.t)-> {[%#snum17] UInt8.to_uint self = UInt8.to_uint (v_MIN'0 : UInt8.t) + /\ UInt8.to_uint rhs = - 1 -> UInt8.to_uint result = UInt8.to_uint (v_MIN'0 : UInt8.t)} + {[%#snum18] UInt8.to_uint self = UInt8.to_uint (v_MIN'0 : UInt8.t) /\ UInt8.to_uint rhs = - 1 + \/ UInt8.to_uint result = div (UInt8.to_uint self) (UInt8.to_uint rhs)} (! return' {result}) ] - let rec overflowing_div'0 (self:uint8) (rhs:uint8) (return' (ret:(uint8, bool)))= {[@expl:overflowing_div requires] [%#snum19] UInt8.to_int rhs + let rec overflowing_div'0 (self:UInt8.t) (rhs:UInt8.t) (return' (ret:(UInt8.t, bool)))= {[@expl:overflowing_div requires] [%#snum19] UInt8.to_uint rhs <> 0} any - [ return' (result:(uint8, bool))-> {[%#snum20] UInt8.to_int self = UInt8.to_int (v_MIN'0 : uint8) - /\ UInt8.to_int rhs = - 1 -> UInt8.to_int (let (a, _) = result in a) = UInt8.to_int self} - {[%#snum21] UInt8.to_int self = UInt8.to_int (v_MIN'0 : uint8) /\ UInt8.to_int rhs = - 1 - \/ UInt8.to_int (let (a, _) = result in a) = div (UInt8.to_int self) (UInt8.to_int rhs)} + [ return' (result:(UInt8.t, bool))-> {[%#snum20] UInt8.to_uint self = UInt8.to_uint (v_MIN'0 : UInt8.t) + /\ UInt8.to_uint rhs = - 1 -> UInt8.to_uint (let (a, _) = result in a) = UInt8.to_uint self} + {[%#snum21] UInt8.to_uint self = UInt8.to_uint (v_MIN'0 : UInt8.t) /\ UInt8.to_uint rhs = - 1 + \/ UInt8.to_uint (let (a, _) = result in a) = div (UInt8.to_uint self) (UInt8.to_uint rhs)} {[%#snum22] (let (_, a) = result in a) - = (UInt8.to_int self = UInt8.to_int (v_MIN'0 : uint8) /\ UInt8.to_int rhs = - 1)} + = (UInt8.to_uint self = UInt8.to_uint (v_MIN'0 : UInt8.t) /\ UInt8.to_uint rhs = - 1)} (! return' {result}) ] @@ -2246,55 +2268,55 @@ module M_checked_ops__test_u8_div_no_overflow [#"checked_ops.rs" 128 0 128 44] meta "compute_max_steps" 1000000 - let rec test_u8_div_no_overflow'0 (a:uint8) (b:uint8) (return' (ret:()))= {[@expl:test_u8_div_no_overflow requires] [%#schecked_ops9] UInt8.to_int b + let rec test_u8_div_no_overflow'0 (a:UInt8.t) (b:UInt8.t) (return' (ret:()))= {[@expl:test_u8_div_no_overflow requires] [%#schecked_ops9] UInt8.to_uint b <> 0} (! bb0 [ bb0 = s0 [ s0 = checked_div'0 {a} {b} (fun (_ret':t_Option'0) -> [ &_7 <- _ret' ] s1) | s1 = bb1 ] - | bb1 = s0 [ s0 = unwrap'0 {_7} (fun (_ret':uint8) -> [ &_6 <- _ret' ] s1) | s1 = bb2 ] + | bb1 = s0 [ s0 = unwrap'0 {_7} (fun (_ret':UInt8.t) -> [ &_6 <- _ret' ] s1) | s1 = bb2 ] | bb2 = s0 [ s0 = [ &_12 <- b ] s1 - | s1 = UInt8.eq {_12} {[%#schecked_ops0] (0 : uint8)} (fun (_ret':bool) -> [ &_13 <- _ret' ] s2) + | s1 = UInt8.eq {_12} {[%#schecked_ops0] (0 : UInt8.t)} (fun (_ret':bool) -> [ &_13 <- _ret' ] s2) | s2 = {[@expl:division by zero] [%#schecked_ops0] not _13} s3 | s3 = bb3 ] | bb3 = s0 - [ s0 = UInt8.div {a} {_12} (fun (_ret':uint8) -> [ &_10 <- _ret' ] s1) + [ s0 = UInt8.div {a} {_12} (fun (_ret':UInt8.t) -> [ &_10 <- _ret' ] s1) | s1 = UInt8.eq {_6} {_10} (fun (_ret':bool) -> [ &_5 <- _ret' ] s2) | s2 = any [ br0 -> {_5 = false} (! bb5) | br1 -> {_5} (! bb4) ] ] - | bb4 = s0 [ s0 = wrapping_div'0 {a} {b} (fun (_ret':uint8) -> [ &_17 <- _ret' ] s1) | s1 = bb6 ] + | bb4 = s0 [ s0 = wrapping_div'0 {a} {b} (fun (_ret':UInt8.t) -> [ &_17 <- _ret' ] s1) | s1 = bb6 ] | bb6 = s0 [ s0 = [ &_22 <- b ] s1 - | s1 = UInt8.eq {_22} {[%#schecked_ops1] (0 : uint8)} (fun (_ret':bool) -> [ &_23 <- _ret' ] s2) + | s1 = UInt8.eq {_22} {[%#schecked_ops1] (0 : UInt8.t)} (fun (_ret':bool) -> [ &_23 <- _ret' ] s2) | s2 = {[@expl:division by zero] [%#schecked_ops1] not _23} s3 | s3 = bb7 ] | bb7 = s0 - [ s0 = UInt8.div {a} {_22} (fun (_ret':uint8) -> [ &_20 <- _ret' ] s1) + [ s0 = UInt8.div {a} {_22} (fun (_ret':UInt8.t) -> [ &_20 <- _ret' ] s1) | s1 = UInt8.eq {_17} {_20} (fun (_ret':bool) -> [ &_16 <- _ret' ] s2) | s2 = any [ br0 -> {_16 = false} (! bb9) | br1 -> {_16} (! bb8) ] ] - | bb8 = s0 [ s0 = saturating_div'0 {a} {b} (fun (_ret':uint8) -> [ &_27 <- _ret' ] s1) | s1 = bb10 ] + | bb8 = s0 [ s0 = saturating_div'0 {a} {b} (fun (_ret':UInt8.t) -> [ &_27 <- _ret' ] s1) | s1 = bb10 ] | bb10 = s0 [ s0 = [ &_32 <- b ] s1 - | s1 = UInt8.eq {_32} {[%#schecked_ops2] (0 : uint8)} (fun (_ret':bool) -> [ &_33 <- _ret' ] s2) + | s1 = UInt8.eq {_32} {[%#schecked_ops2] (0 : UInt8.t)} (fun (_ret':bool) -> [ &_33 <- _ret' ] s2) | s2 = {[@expl:division by zero] [%#schecked_ops2] not _33} s3 | s3 = bb11 ] | bb11 = s0 - [ s0 = UInt8.div {a} {_32} (fun (_ret':uint8) -> [ &_30 <- _ret' ] s1) + [ s0 = UInt8.div {a} {_32} (fun (_ret':UInt8.t) -> [ &_30 <- _ret' ] s1) | s1 = UInt8.eq {_27} {_30} (fun (_ret':bool) -> [ &_26 <- _ret' ] s2) | s2 = any [ br0 -> {_26 = false} (! bb13) | br1 -> {_26} (! bb12) ] ] - | bb12 = s0 [ s0 = overflowing_div'0 {a} {b} (fun (_ret':(uint8, bool)) -> [ &res <- _ret' ] s1) | s1 = bb14 ] + | bb12 = s0 [ s0 = overflowing_div'0 {a} {b} (fun (_ret':(UInt8.t, bool)) -> [ &res <- _ret' ] s1) | s1 = bb14 ] | bb14 = s0 [ s0 = [ &_43 <- b ] s1 - | s1 = UInt8.eq {_43} {[%#schecked_ops3] (0 : uint8)} (fun (_ret':bool) -> [ &_44 <- _ret' ] s2) + | s1 = UInt8.eq {_43} {[%#schecked_ops3] (0 : UInt8.t)} (fun (_ret':bool) -> [ &_44 <- _ret' ] s2) | s2 = {[@expl:division by zero] [%#schecked_ops3] not _44} s3 | s3 = bb15 ] | bb15 = s0 - [ s0 = UInt8.div {a} {_43} (fun (_ret':uint8) -> [ &_41 <- _ret' ] s1) + [ s0 = UInt8.div {a} {_43} (fun (_ret':UInt8.t) -> [ &_41 <- _ret' ] s1) | s1 = UInt8.eq {let (r'0, _) = res in r'0} {_41} (fun (_ret':bool) -> [ &_39 <- _ret' ] s2) | s2 = any [ br0 -> {_39 = false} (! bb19) | br1 -> {_39} (! bb16) ] ] @@ -2311,28 +2333,28 @@ module M_checked_ops__test_u8_div_no_overflow [#"checked_ops.rs" 128 0 128 44] | bb5 = {[%#schecked_ops8] false} any ] ) [ & _0 : () = any_l () - | & a : uint8 = a - | & b : uint8 = b + | & a : UInt8.t = a + | & b : UInt8.t = b | & _5 : bool = any_l () - | & _6 : uint8 = any_l () + | & _6 : UInt8.t = any_l () | & _7 : t_Option'0 = any_l () - | & _10 : uint8 = any_l () - | & _12 : uint8 = any_l () + | & _10 : UInt8.t = any_l () + | & _12 : UInt8.t = any_l () | & _13 : bool = any_l () | & _16 : bool = any_l () - | & _17 : uint8 = any_l () - | & _20 : uint8 = any_l () - | & _22 : uint8 = any_l () + | & _17 : UInt8.t = any_l () + | & _20 : UInt8.t = any_l () + | & _22 : UInt8.t = any_l () | & _23 : bool = any_l () | & _26 : bool = any_l () - | & _27 : uint8 = any_l () - | & _30 : uint8 = any_l () - | & _32 : uint8 = any_l () + | & _27 : UInt8.t = any_l () + | & _30 : UInt8.t = any_l () + | & _32 : UInt8.t = any_l () | & _33 : bool = any_l () - | & res : (uint8, bool) = any_l () + | & res : (UInt8.t, bool) = any_l () | & _39 : bool = any_l () - | & _41 : uint8 = any_l () - | & _43 : uint8 = any_l () + | & _41 : UInt8.t = any_l () + | & _43 : UInt8.t = any_l () | & _44 : bool = any_l () | & _45 : bool = any_l () ] [ return' (result:())-> (! return' {result}) ] @@ -2340,26 +2362,27 @@ end module M_checked_ops__test_u8_div_zero [#"checked_ops.rs" 137 0 137 30] let%span schecked_ops0 = "checked_ops.rs" 138 26 138 27 let%span schecked_ops1 = "checked_ops.rs" 138 4 138 39 - let%span snum2 = "../../../creusot-contracts/src/std/num.rs" 66 26 66 97 - let%span snum3 = "../../../creusot-contracts/src/std/num.rs" 68 26 68 83 + let%span snum2 = "../../../creusot-contracts/src/std/num.rs" 109 26 109 97 + let%span snum3 = "../../../creusot-contracts/src/std/num.rs" 111 26 111 83 let%span soption4 = "../../../creusot-contracts/src/std/option.rs" 51 26 51 51 + use prelude.prelude.Int + use prelude.prelude.UInt8 type t_Option'0 = | C_None'0 - | C_Some'0 uint8 + | C_Some'0 UInt8.t use prelude.prelude.UInt8 - constant v_MIN'0 : uint8 = (0 : uint8) - - use prelude.prelude.Int + constant v_MIN'0 : UInt8.t = (0 : UInt8.t) - let rec checked_div'0 (self:uint8) (rhs:uint8) (return' (ret:t_Option'0))= any + let rec checked_div'0 (self:UInt8.t) (rhs:UInt8.t) (return' (ret:t_Option'0))= any [ return' (result:t_Option'0)-> {[%#snum2] (result = C_None'0) - = (UInt8.to_int rhs = 0 \/ UInt8.to_int self = UInt8.to_int (v_MIN'0 : uint8) /\ UInt8.to_int rhs = - 1)} - {[%#snum3] forall r : uint8 . result = C_Some'0 r -> UInt8.to_int r = div (UInt8.to_int self) (UInt8.to_int rhs)} + = (UInt8.to_uint rhs = 0 \/ UInt8.to_uint self = UInt8.to_uint (v_MIN'0 : UInt8.t) /\ UInt8.to_uint rhs = - 1)} + {[%#snum3] forall r : UInt8.t . result = C_Some'0 r + -> UInt8.to_uint r = div (UInt8.to_uint self) (UInt8.to_uint rhs)} (! return' {result}) ] @@ -2376,16 +2399,16 @@ module M_checked_ops__test_u8_div_zero [#"checked_ops.rs" 137 0 137 30] meta "compute_max_steps" 1000000 - let rec test_u8_div_zero'0 (a:uint8) (return' (ret:()))= (! bb0 + let rec test_u8_div_zero'0 (a:UInt8.t) (return' (ret:()))= (! bb0 [ bb0 = s0 - [ s0 = checked_div'0 {a} {[%#schecked_ops0] (0 : uint8)} (fun (_ret':t_Option'0) -> [ &_5 <- _ret' ] s1) + [ s0 = checked_div'0 {a} {[%#schecked_ops0] (0 : UInt8.t)} (fun (_ret':t_Option'0) -> [ &_5 <- _ret' ] s1) | s1 = bb1 ] | bb1 = s0 [ s0 = is_none'0 {_5} (fun (_ret':bool) -> [ &_3 <- _ret' ] s1) | s1 = bb2 ] | bb2 = any [ br0 -> {_3 = false} (! bb4) | br1 -> {_3} (! bb3) ] | bb3 = return' {_0} | bb4 = {[%#schecked_ops1] false} any ] - ) [ & _0 : () = any_l () | & a : uint8 = a | & _3 : bool = any_l () | & _5 : t_Option'0 = any_l () ] + ) [ & _0 : () = any_l () | & a : UInt8.t = a | & _3 : bool = any_l () | & _5 : t_Option'0 = any_l () ] [ return' (result:())-> (! return' {result}) ] end @@ -2439,42 +2462,42 @@ module M_checked_ops__test_i8_add_example [#"checked_ops.rs" 142 0 142 28] let%span schecked_ops46 = "checked_ops.rs" 145 4 145 48 let%span schecked_ops47 = "checked_ops.rs" 144 4 144 44 let%span schecked_ops48 = "checked_ops.rs" 143 4 143 47 - let%span snum49 = "../../../creusot-contracts/src/std/num.rs" 128 20 129 89 - let%span snum50 = "../../../creusot-contracts/src/std/num.rs" 132 26 132 87 + let%span snum49 = "../../../creusot-contracts/src/std/num.rs" 171 20 172 89 + let%span snum50 = "../../../creusot-contracts/src/std/num.rs" 175 26 175 87 let%span soption51 = "../../../creusot-contracts/src/std/option.rs" 31 0 423 1 let%span soption52 = "../../../creusot-contracts/src/std/option.rs" 51 26 51 51 - let%span snum53 = "../../../creusot-contracts/src/std/num.rs" 140 20 140 93 - let%span snum54 = "../../../creusot-contracts/src/std/num.rs" 144 20 145 51 - let%span snum55 = "../../../creusot-contracts/src/std/num.rs" 151 20 153 92 - let%span snum56 = "../../../creusot-contracts/src/std/num.rs" 156 20 158 92 - let%span snum57 = "../../../creusot-contracts/src/std/num.rs" 168 20 169 51 - let%span snum58 = "../../../creusot-contracts/src/std/num.rs" 172 26 172 83 - let%span snum59 = "../../../creusot-contracts/src/std/num.rs" 173 26 173 83 - let%span snum60 = "../../../creusot-contracts/src/std/num.rs" 182 20 182 95 - let%span snum61 = "../../../creusot-contracts/src/std/num.rs" 186 20 187 53 - let%span snum62 = "../../../creusot-contracts/src/std/num.rs" 193 20 195 94 - let%span snum63 = "../../../creusot-contracts/src/std/num.rs" 198 20 200 94 - let%span snum64 = "../../../creusot-contracts/src/std/num.rs" 204 20 204 98 + let%span snum53 = "../../../creusot-contracts/src/std/num.rs" 183 20 183 93 + let%span snum54 = "../../../creusot-contracts/src/std/num.rs" 187 20 188 51 + let%span snum55 = "../../../creusot-contracts/src/std/num.rs" 194 20 196 92 + let%span snum56 = "../../../creusot-contracts/src/std/num.rs" 199 20 201 92 + let%span snum57 = "../../../creusot-contracts/src/std/num.rs" 211 20 212 51 + let%span snum58 = "../../../creusot-contracts/src/std/num.rs" 215 26 215 83 + let%span snum59 = "../../../creusot-contracts/src/std/num.rs" 216 26 216 83 + let%span snum60 = "../../../creusot-contracts/src/std/num.rs" 225 20 225 95 + let%span snum61 = "../../../creusot-contracts/src/std/num.rs" 229 20 230 53 + let%span snum62 = "../../../creusot-contracts/src/std/num.rs" 236 20 238 94 + let%span snum63 = "../../../creusot-contracts/src/std/num.rs" 241 20 243 94 + let%span snum64 = "../../../creusot-contracts/src/std/num.rs" 247 20 247 98 + + use prelude.prelude.Int use prelude.prelude.Int8 type t_Option'0 = | C_None'0 - | C_Some'0 int8 + | C_Some'0 Int8.t use prelude.prelude.Int8 - use prelude.prelude.Int + constant v_MIN'0 : Int8.t = (-128 : Int8.t) - constant v_MIN'0 : int8 = (-128 : int8) + constant v_MAX'0 : Int8.t = (127 : Int8.t) - constant v_MAX'0 : int8 = (127 : int8) - - let rec checked_add'0 (self:int8) (rhs:int8) (return' (ret:t_Option'0))= any + let rec checked_add'0 (self:Int8.t) (rhs:Int8.t) (return' (ret:t_Option'0))= any [ return' (result:t_Option'0)-> {[%#snum49] (result = C_None'0) - = (Int8.to_int self + Int8.to_int rhs < Int8.to_int (v_MIN'0 : int8) - \/ Int8.to_int self + Int8.to_int rhs > Int8.to_int (v_MAX'0 : int8))} - {[%#snum50] forall r : int8 . result = C_Some'0 r -> Int8.to_int r = Int8.to_int self + Int8.to_int rhs} + = (Int8.to_int self + Int8.to_int rhs < Int8.to_int (v_MIN'0 : Int8.t) + \/ Int8.to_int self + Int8.to_int rhs > Int8.to_int (v_MAX'0 : Int8.t))} + {[%#snum50] forall r : Int8.t . result = C_Some'0 r -> Int8.to_int r = Int8.to_int self + Int8.to_int rhs} (! return' {result}) ] @@ -2482,13 +2505,13 @@ module M_checked_ops__test_i8_add_example [#"checked_ops.rs" 142 0 142 28] axiom inv_axiom'0 [@rewrite] : forall x : t_Option'0 [inv'0 x] . inv'0 x = true - predicate inv'1 (_1 : int8) + predicate inv'1 (_1 : Int8.t) - axiom inv_axiom'1 [@rewrite] : forall x : int8 [inv'1 x] . inv'1 x = true + axiom inv_axiom'1 [@rewrite] : forall x : Int8.t [inv'1 x] . inv'1 x = true - let rec unwrap'0 (self:t_Option'0) (return' (ret:int8))= {[@expl:unwrap 'self' type invariant] inv'0 self} + let rec unwrap'0 (self:t_Option'0) (return' (ret:Int8.t))= {[@expl:unwrap 'self' type invariant] inv'0 self} {[@expl:unwrap requires] [%#soption51] self <> C_None'0} - any [ return' (result:int8)-> {inv'1 result} {[%#soption51] C_Some'0 result = self} (! return' {result}) ] + any [ return' (result:Int8.t)-> {inv'1 result} {[%#soption51] C_Some'0 result = self} (! return' {result}) ] use prelude.prelude.Borrow @@ -2501,7 +2524,7 @@ module M_checked_ops__test_i8_add_example [#"checked_ops.rs" 142 0 142 28] use prelude.prelude.UInt32 - constant v_BITS'0 : uint32 = (8 : uint32) + constant v_BITS'0 : UInt32.t = (8 : UInt32.t) use prelude.prelude.UInt32 @@ -2509,53 +2532,55 @@ module M_checked_ops__test_i8_add_example [#"checked_ops.rs" 142 0 142 28] use int.EuclideanDivision - let rec wrapping_add'0 (self:int8) (rhs:int8) (return' (ret:int8))= any - [ return' (result:int8)-> {[%#snum53] Int8.to_int result - = EuclideanDivision.mod (Int8.to_int self + Int8.to_int rhs) (Power.power 2 (UInt32.to_int (v_BITS'0 : uint32))) - + Int8.to_int (v_MIN'0 : int8)} - {[%#snum54] Int8.to_int self + Int8.to_int rhs >= Int8.to_int (v_MIN'0 : int8) - /\ Int8.to_int self + Int8.to_int rhs <= Int8.to_int (v_MAX'0 : int8) + let rec wrapping_add'0 (self:Int8.t) (rhs:Int8.t) (return' (ret:Int8.t))= any + [ return' (result:Int8.t)-> {[%#snum53] Int8.to_int result + = EuclideanDivision.mod (Int8.to_int self + + Int8.to_int rhs) (Power.power 2 (UInt32.to_uint (v_BITS'0 : UInt32.t))) + + Int8.to_int (v_MIN'0 : Int8.t)} + {[%#snum54] Int8.to_int self + Int8.to_int rhs >= Int8.to_int (v_MIN'0 : Int8.t) + /\ Int8.to_int self + Int8.to_int rhs <= Int8.to_int (v_MAX'0 : Int8.t) -> Int8.to_int result = Int8.to_int self + Int8.to_int rhs} - {[%#snum55] Int8.to_int self + Int8.to_int rhs < Int8.to_int (v_MIN'0 : int8) + {[%#snum55] Int8.to_int self + Int8.to_int rhs < Int8.to_int (v_MIN'0 : Int8.t) -> (exists k : int . k > 0 /\ Int8.to_int result - = Int8.to_int self + Int8.to_int rhs + k * (Int8.to_int (v_MAX'0 : int8) - Int8.to_int (v_MIN'0 : int8) + 1))} - {[%#snum56] Int8.to_int self + Int8.to_int rhs > Int8.to_int (v_MAX'0 : int8) + = Int8.to_int self + Int8.to_int rhs + k * (Int8.to_int (v_MAX'0 : Int8.t) - Int8.to_int (v_MIN'0 : Int8.t) + 1))} + {[%#snum56] Int8.to_int self + Int8.to_int rhs > Int8.to_int (v_MAX'0 : Int8.t) -> (exists k : int . k > 0 /\ Int8.to_int result - = Int8.to_int self + Int8.to_int rhs - k * (Int8.to_int (v_MAX'0 : int8) - Int8.to_int (v_MIN'0 : int8) + 1))} + = Int8.to_int self + Int8.to_int rhs - k * (Int8.to_int (v_MAX'0 : Int8.t) - Int8.to_int (v_MIN'0 : Int8.t) + 1))} (! return' {result}) ] - let rec saturating_add'0 (self:int8) (rhs:int8) (return' (ret:int8))= any - [ return' (result:int8)-> {[%#snum57] Int8.to_int self + Int8.to_int rhs >= Int8.to_int (v_MIN'0 : int8) - /\ Int8.to_int self + Int8.to_int rhs <= Int8.to_int (v_MAX'0 : int8) + let rec saturating_add'0 (self:Int8.t) (rhs:Int8.t) (return' (ret:Int8.t))= any + [ return' (result:Int8.t)-> {[%#snum57] Int8.to_int self + Int8.to_int rhs >= Int8.to_int (v_MIN'0 : Int8.t) + /\ Int8.to_int self + Int8.to_int rhs <= Int8.to_int (v_MAX'0 : Int8.t) -> Int8.to_int result = Int8.to_int self + Int8.to_int rhs} - {[%#snum58] Int8.to_int self + Int8.to_int rhs < Int8.to_int (v_MIN'0 : int8) - -> Int8.to_int result = Int8.to_int (v_MIN'0 : int8)} - {[%#snum59] Int8.to_int self + Int8.to_int rhs > Int8.to_int (v_MAX'0 : int8) - -> Int8.to_int result = Int8.to_int (v_MAX'0 : int8)} + {[%#snum58] Int8.to_int self + Int8.to_int rhs < Int8.to_int (v_MIN'0 : Int8.t) + -> Int8.to_int result = Int8.to_int (v_MIN'0 : Int8.t)} + {[%#snum59] Int8.to_int self + Int8.to_int rhs > Int8.to_int (v_MAX'0 : Int8.t) + -> Int8.to_int result = Int8.to_int (v_MAX'0 : Int8.t)} (! return' {result}) ] - let rec overflowing_add'0 (self:int8) (rhs:int8) (return' (ret:(int8, bool)))= any - [ return' (result:(int8, bool))-> {[%#snum60] Int8.to_int (let (a, _) = result in a) - = EuclideanDivision.mod (Int8.to_int self + Int8.to_int rhs) (Power.power 2 (UInt32.to_int (v_BITS'0 : uint32))) - + Int8.to_int (v_MIN'0 : int8)} - {[%#snum61] Int8.to_int self + Int8.to_int rhs >= Int8.to_int (v_MIN'0 : int8) - /\ Int8.to_int self + Int8.to_int rhs <= Int8.to_int (v_MAX'0 : int8) + let rec overflowing_add'0 (self:Int8.t) (rhs:Int8.t) (return' (ret:(Int8.t, bool)))= any + [ return' (result:(Int8.t, bool))-> {[%#snum60] Int8.to_int (let (a, _) = result in a) + = EuclideanDivision.mod (Int8.to_int self + + Int8.to_int rhs) (Power.power 2 (UInt32.to_uint (v_BITS'0 : UInt32.t))) + + Int8.to_int (v_MIN'0 : Int8.t)} + {[%#snum61] Int8.to_int self + Int8.to_int rhs >= Int8.to_int (v_MIN'0 : Int8.t) + /\ Int8.to_int self + Int8.to_int rhs <= Int8.to_int (v_MAX'0 : Int8.t) -> Int8.to_int (let (a, _) = result in a) = Int8.to_int self + Int8.to_int rhs} - {[%#snum62] Int8.to_int self + Int8.to_int rhs < Int8.to_int (v_MIN'0 : int8) + {[%#snum62] Int8.to_int self + Int8.to_int rhs < Int8.to_int (v_MIN'0 : Int8.t) -> (exists k : int . k > 0 /\ Int8.to_int (let (a, _) = result in a) - = Int8.to_int self + Int8.to_int rhs + k * (Int8.to_int (v_MAX'0 : int8) - Int8.to_int (v_MIN'0 : int8) + 1))} - {[%#snum63] Int8.to_int self + Int8.to_int rhs > Int8.to_int (v_MAX'0 : int8) + = Int8.to_int self + Int8.to_int rhs + k * (Int8.to_int (v_MAX'0 : Int8.t) - Int8.to_int (v_MIN'0 : Int8.t) + 1))} + {[%#snum63] Int8.to_int self + Int8.to_int rhs > Int8.to_int (v_MAX'0 : Int8.t) -> (exists k : int . k > 0 /\ Int8.to_int (let (a, _) = result in a) - = Int8.to_int self + Int8.to_int rhs - k * (Int8.to_int (v_MAX'0 : int8) - Int8.to_int (v_MIN'0 : int8) + 1))} + = Int8.to_int self + Int8.to_int rhs - k * (Int8.to_int (v_MAX'0 : Int8.t) - Int8.to_int (v_MIN'0 : Int8.t) + 1))} {[%#snum64] (let (_, a) = result in a) - = (Int8.to_int self + Int8.to_int rhs < Int8.to_int (v_MIN'0 : int8) - \/ Int8.to_int self + Int8.to_int rhs > Int8.to_int (v_MAX'0 : int8))} + = (Int8.to_int self + Int8.to_int rhs < Int8.to_int (v_MIN'0 : Int8.t) + \/ Int8.to_int self + Int8.to_int rhs > Int8.to_int (v_MAX'0 : Int8.t))} (! return' {result}) ] @@ -2567,90 +2592,90 @@ module M_checked_ops__test_i8_add_example [#"checked_ops.rs" 142 0 142 28] let rec test_i8_add_example'0 (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 - [ s0 = checked_add'0 {[%#schecked_ops0] (5 : int8)} {[%#schecked_ops1] (10 : int8)} + [ s0 = checked_add'0 {[%#schecked_ops0] (5 : Int8.t)} {[%#schecked_ops1] (10 : Int8.t)} (fun (_ret':t_Option'0) -> [ &_4 <- _ret' ] s1) | s1 = bb1 ] - | bb1 = s0 [ s0 = unwrap'0 {_4} (fun (_ret':int8) -> [ &_3 <- _ret' ] s1) | s1 = bb2 ] + | bb1 = s0 [ s0 = unwrap'0 {_4} (fun (_ret':Int8.t) -> [ &_3 <- _ret' ] s1) | s1 = bb2 ] | bb2 = s0 - [ s0 = Int8.eq {_3} {[%#schecked_ops2] (15 : int8)} (fun (_ret':bool) -> [ &_2 <- _ret' ] s1) + [ s0 = Int8.eq {_3} {[%#schecked_ops2] (15 : Int8.t)} (fun (_ret':bool) -> [ &_2 <- _ret' ] s1) | s1 = any [ br0 -> {_2 = false} (! bb4) | br1 -> {_2} (! bb3) ] ] | bb3 = s0 - [ s0 = checked_add'0 {[%#schecked_ops3] (120 : int8)} {[%#schecked_ops4] (10 : int8)} + [ s0 = checked_add'0 {[%#schecked_ops3] (120 : Int8.t)} {[%#schecked_ops4] (10 : Int8.t)} (fun (_ret':t_Option'0) -> [ &_9 <- _ret' ] s1) | s1 = bb5 ] | bb5 = s0 [ s0 = is_none'0 {_9} (fun (_ret':bool) -> [ &_7 <- _ret' ] s1) | s1 = bb6 ] | bb6 = any [ br0 -> {_7 = false} (! bb8) | br1 -> {_7} (! bb7) ] | bb7 = s0 - [ s0 = checked_add'0 {[%#schecked_ops5] (-120 : int8)} {[%#schecked_ops6] (-10 : int8)} + [ s0 = checked_add'0 {[%#schecked_ops5] (-120 : Int8.t)} {[%#schecked_ops6] (-10 : Int8.t)} (fun (_ret':t_Option'0) -> [ &_14 <- _ret' ] s1) | s1 = bb9 ] | bb9 = s0 [ s0 = is_none'0 {_14} (fun (_ret':bool) -> [ &_12 <- _ret' ] s1) | s1 = bb10 ] | bb10 = any [ br0 -> {_12 = false} (! bb12) | br1 -> {_12} (! bb11) ] | bb11 = s0 - [ s0 = wrapping_add'0 {[%#schecked_ops7] (5 : int8)} {[%#schecked_ops8] (10 : int8)} - (fun (_ret':int8) -> [ &_18 <- _ret' ] s1) + [ s0 = wrapping_add'0 {[%#schecked_ops7] (5 : Int8.t)} {[%#schecked_ops8] (10 : Int8.t)} + (fun (_ret':Int8.t) -> [ &_18 <- _ret' ] s1) | s1 = bb13 ] | bb13 = s0 - [ s0 = Int8.eq {_18} {[%#schecked_ops9] (15 : int8)} (fun (_ret':bool) -> [ &_17 <- _ret' ] s1) + [ s0 = Int8.eq {_18} {[%#schecked_ops9] (15 : Int8.t)} (fun (_ret':bool) -> [ &_17 <- _ret' ] s1) | s1 = any [ br0 -> {_17 = false} (! bb15) | br1 -> {_17} (! bb14) ] ] | bb14 = s0 - [ s0 = wrapping_add'0 {[%#schecked_ops10] (120 : int8)} {[%#schecked_ops11] (10 : int8)} - (fun (_ret':int8) -> [ &_22 <- _ret' ] s1) + [ s0 = wrapping_add'0 {[%#schecked_ops10] (120 : Int8.t)} {[%#schecked_ops11] (10 : Int8.t)} + (fun (_ret':Int8.t) -> [ &_22 <- _ret' ] s1) | s1 = bb16 ] | bb16 = s0 - [ s0 = Int8.eq {_22} {[%#schecked_ops12] (-126 : int8)} (fun (_ret':bool) -> [ &_21 <- _ret' ] s1) + [ s0 = Int8.eq {_22} {[%#schecked_ops12] (-126 : Int8.t)} (fun (_ret':bool) -> [ &_21 <- _ret' ] s1) | s1 = any [ br0 -> {_21 = false} (! bb18) | br1 -> {_21} (! bb17) ] ] | bb17 = s0 - [ s0 = wrapping_add'0 {[%#schecked_ops13] (-120 : int8)} {[%#schecked_ops14] (-10 : int8)} - (fun (_ret':int8) -> [ &_26 <- _ret' ] s1) + [ s0 = wrapping_add'0 {[%#schecked_ops13] (-120 : Int8.t)} {[%#schecked_ops14] (-10 : Int8.t)} + (fun (_ret':Int8.t) -> [ &_26 <- _ret' ] s1) | s1 = bb19 ] | bb19 = s0 - [ s0 = Int8.eq {_26} {[%#schecked_ops15] (126 : int8)} (fun (_ret':bool) -> [ &_25 <- _ret' ] s1) + [ s0 = Int8.eq {_26} {[%#schecked_ops15] (126 : Int8.t)} (fun (_ret':bool) -> [ &_25 <- _ret' ] s1) | s1 = any [ br0 -> {_25 = false} (! bb21) | br1 -> {_25} (! bb20) ] ] | bb20 = s0 - [ s0 = saturating_add'0 {[%#schecked_ops16] (5 : int8)} {[%#schecked_ops17] (10 : int8)} - (fun (_ret':int8) -> [ &_30 <- _ret' ] s1) + [ s0 = saturating_add'0 {[%#schecked_ops16] (5 : Int8.t)} {[%#schecked_ops17] (10 : Int8.t)} + (fun (_ret':Int8.t) -> [ &_30 <- _ret' ] s1) | s1 = bb22 ] | bb22 = s0 - [ s0 = Int8.eq {_30} {[%#schecked_ops18] (15 : int8)} (fun (_ret':bool) -> [ &_29 <- _ret' ] s1) + [ s0 = Int8.eq {_30} {[%#schecked_ops18] (15 : Int8.t)} (fun (_ret':bool) -> [ &_29 <- _ret' ] s1) | s1 = any [ br0 -> {_29 = false} (! bb24) | br1 -> {_29} (! bb23) ] ] | bb23 = s0 - [ s0 = saturating_add'0 {[%#schecked_ops19] (120 : int8)} {[%#schecked_ops20] (10 : int8)} - (fun (_ret':int8) -> [ &_34 <- _ret' ] s1) + [ s0 = saturating_add'0 {[%#schecked_ops19] (120 : Int8.t)} {[%#schecked_ops20] (10 : Int8.t)} + (fun (_ret':Int8.t) -> [ &_34 <- _ret' ] s1) | s1 = bb25 ] | bb25 = s0 - [ s0 = Int8.eq {_34} {[%#schecked_ops21] (127 : int8)} (fun (_ret':bool) -> [ &_33 <- _ret' ] s1) + [ s0 = Int8.eq {_34} {[%#schecked_ops21] (127 : Int8.t)} (fun (_ret':bool) -> [ &_33 <- _ret' ] s1) | s1 = any [ br0 -> {_33 = false} (! bb27) | br1 -> {_33} (! bb26) ] ] | bb26 = s0 - [ s0 = saturating_add'0 {[%#schecked_ops22] (-120 : int8)} {[%#schecked_ops23] (-10 : int8)} - (fun (_ret':int8) -> [ &_38 <- _ret' ] s1) + [ s0 = saturating_add'0 {[%#schecked_ops22] (-120 : Int8.t)} {[%#schecked_ops23] (-10 : Int8.t)} + (fun (_ret':Int8.t) -> [ &_38 <- _ret' ] s1) | s1 = bb28 ] | bb28 = s0 - [ s0 = Int8.eq {_38} {[%#schecked_ops24] (-128 : int8)} (fun (_ret':bool) -> [ &_37 <- _ret' ] s1) + [ s0 = Int8.eq {_38} {[%#schecked_ops24] (-128 : Int8.t)} (fun (_ret':bool) -> [ &_37 <- _ret' ] s1) | s1 = any [ br0 -> {_37 = false} (! bb30) | br1 -> {_37} (! bb29) ] ] | bb29 = s0 - [ s0 = overflowing_add'0 {[%#schecked_ops25] (5 : int8)} {[%#schecked_ops26] (10 : int8)} - (fun (_ret':(int8, bool)) -> [ &res <- _ret' ] s1) + [ s0 = overflowing_add'0 {[%#schecked_ops25] (5 : Int8.t)} {[%#schecked_ops26] (10 : Int8.t)} + (fun (_ret':(Int8.t, bool)) -> [ &res <- _ret' ] s1) | s1 = bb31 ] | bb31 = s0 - [ s0 = Int8.eq {let (r'0, _) = res in r'0} {[%#schecked_ops27] (15 : int8)} + [ s0 = Int8.eq {let (r'0, _) = res in r'0} {[%#schecked_ops27] (15 : Int8.t)} (fun (_ret':bool) -> [ &_42 <- _ret' ] s1) | s1 = any [ br0 -> {_42 = false} (! bb35) | br1 -> {_42} (! bb32) ] ] @@ -2659,12 +2684,12 @@ module M_checked_ops__test_i8_add_example [#"checked_ops.rs" 142 0 142 28] | s1 = any [ br0 -> {_44 = false} (! bb34) | br1 -> {_44} (! bb33) ] ] | bb33 = s0 - [ s0 = overflowing_add'0 {[%#schecked_ops29] (120 : int8)} {[%#schecked_ops30] (10 : int8)} - (fun (_ret':(int8, bool)) -> [ &res1 <- _ret' ] s1) + [ s0 = overflowing_add'0 {[%#schecked_ops29] (120 : Int8.t)} {[%#schecked_ops30] (10 : Int8.t)} + (fun (_ret':(Int8.t, bool)) -> [ &res1 <- _ret' ] s1) | s1 = bb37 ] | bb37 = s0 - [ s0 = Int8.eq {let (r'0, _) = res1 in r'0} {[%#schecked_ops31] (-126 : int8)} + [ s0 = Int8.eq {let (r'0, _) = res1 in r'0} {[%#schecked_ops31] (-126 : Int8.t)} (fun (_ret':bool) -> [ &_49 <- _ret' ] s1) | s1 = any [ br0 -> {_49 = false} (! bb41) | br1 -> {_49} (! bb38) ] ] @@ -2673,12 +2698,12 @@ module M_checked_ops__test_i8_add_example [#"checked_ops.rs" 142 0 142 28] | s1 = any [ br0 -> {_51 = false} (! bb40) | br1 -> {_51} (! bb39) ] ] | bb39 = s0 - [ s0 = overflowing_add'0 {[%#schecked_ops33] (-120 : int8)} {[%#schecked_ops34] (-10 : int8)} - (fun (_ret':(int8, bool)) -> [ &res2 <- _ret' ] s1) + [ s0 = overflowing_add'0 {[%#schecked_ops33] (-120 : Int8.t)} {[%#schecked_ops34] (-10 : Int8.t)} + (fun (_ret':(Int8.t, bool)) -> [ &res2 <- _ret' ] s1) | s1 = bb43 ] | bb43 = s0 - [ s0 = Int8.eq {let (r'0, _) = res2 in r'0} {[%#schecked_ops35] (126 : int8)} + [ s0 = Int8.eq {let (r'0, _) = res2 in r'0} {[%#schecked_ops35] (126 : Int8.t)} (fun (_ret':bool) -> [ &_56 <- _ret' ] s1) | s1 = any [ br0 -> {_56 = false} (! bb47) | br1 -> {_56} (! bb44) ] ] @@ -2708,31 +2733,31 @@ module M_checked_ops__test_i8_add_example [#"checked_ops.rs" 142 0 142 28] ) [ & _0 : () = any_l () | & _2 : bool = any_l () - | & _3 : int8 = any_l () + | & _3 : Int8.t = any_l () | & _4 : t_Option'0 = any_l () | & _7 : bool = any_l () | & _9 : t_Option'0 = any_l () | & _12 : bool = any_l () | & _14 : t_Option'0 = any_l () | & _17 : bool = any_l () - | & _18 : int8 = any_l () + | & _18 : Int8.t = any_l () | & _21 : bool = any_l () - | & _22 : int8 = any_l () + | & _22 : Int8.t = any_l () | & _25 : bool = any_l () - | & _26 : int8 = any_l () + | & _26 : Int8.t = any_l () | & _29 : bool = any_l () - | & _30 : int8 = any_l () + | & _30 : Int8.t = any_l () | & _33 : bool = any_l () - | & _34 : int8 = any_l () + | & _34 : Int8.t = any_l () | & _37 : bool = any_l () - | & _38 : int8 = any_l () - | & res : (int8, bool) = any_l () + | & _38 : Int8.t = any_l () + | & res : (Int8.t, bool) = any_l () | & _42 : bool = any_l () | & _44 : bool = any_l () - | & res1 : (int8, bool) = any_l () + | & res1 : (Int8.t, bool) = any_l () | & _49 : bool = any_l () | & _51 : bool = any_l () - | & res2 : (int8, bool) = any_l () + | & res2 : (Int8.t, bool) = any_l () | & _56 : bool = any_l () | & _58 : bool = any_l () ] [ return' (result:())-> (! return' {result}) ] @@ -2753,41 +2778,41 @@ module M_checked_ops__test_i8_add_overflow_pos [#"checked_ops.rs" 165 0 165 38] let%span schecked_ops12 = "checked_ops.rs" 167 4 167 49 let%span schecked_ops13 = "checked_ops.rs" 166 4 166 43 let%span schecked_ops14 = "checked_ops.rs" 164 11 164 17 - let%span snum15 = "../../../creusot-contracts/src/std/num.rs" 128 20 129 89 - let%span snum16 = "../../../creusot-contracts/src/std/num.rs" 132 26 132 87 + let%span snum15 = "../../../creusot-contracts/src/std/num.rs" 171 20 172 89 + let%span snum16 = "../../../creusot-contracts/src/std/num.rs" 175 26 175 87 let%span soption17 = "../../../creusot-contracts/src/std/option.rs" 51 26 51 51 - let%span snum18 = "../../../creusot-contracts/src/std/num.rs" 140 20 140 93 - let%span snum19 = "../../../creusot-contracts/src/std/num.rs" 144 20 145 51 - let%span snum20 = "../../../creusot-contracts/src/std/num.rs" 151 20 153 92 - let%span snum21 = "../../../creusot-contracts/src/std/num.rs" 156 20 158 92 - let%span snum22 = "../../../creusot-contracts/src/std/num.rs" 168 20 169 51 - let%span snum23 = "../../../creusot-contracts/src/std/num.rs" 172 26 172 83 - let%span snum24 = "../../../creusot-contracts/src/std/num.rs" 173 26 173 83 - let%span snum25 = "../../../creusot-contracts/src/std/num.rs" 182 20 182 95 - let%span snum26 = "../../../creusot-contracts/src/std/num.rs" 186 20 187 53 - let%span snum27 = "../../../creusot-contracts/src/std/num.rs" 193 20 195 94 - let%span snum28 = "../../../creusot-contracts/src/std/num.rs" 198 20 200 94 - let%span snum29 = "../../../creusot-contracts/src/std/num.rs" 204 20 204 98 + let%span snum18 = "../../../creusot-contracts/src/std/num.rs" 183 20 183 93 + let%span snum19 = "../../../creusot-contracts/src/std/num.rs" 187 20 188 51 + let%span snum20 = "../../../creusot-contracts/src/std/num.rs" 194 20 196 92 + let%span snum21 = "../../../creusot-contracts/src/std/num.rs" 199 20 201 92 + let%span snum22 = "../../../creusot-contracts/src/std/num.rs" 211 20 212 51 + let%span snum23 = "../../../creusot-contracts/src/std/num.rs" 215 26 215 83 + let%span snum24 = "../../../creusot-contracts/src/std/num.rs" 216 26 216 83 + let%span snum25 = "../../../creusot-contracts/src/std/num.rs" 225 20 225 95 + let%span snum26 = "../../../creusot-contracts/src/std/num.rs" 229 20 230 53 + let%span snum27 = "../../../creusot-contracts/src/std/num.rs" 236 20 238 94 + let%span snum28 = "../../../creusot-contracts/src/std/num.rs" 241 20 243 94 + let%span snum29 = "../../../creusot-contracts/src/std/num.rs" 247 20 247 98 + + use prelude.prelude.Int use prelude.prelude.Int8 type t_Option'0 = | C_None'0 - | C_Some'0 int8 + | C_Some'0 Int8.t use prelude.prelude.Int8 - use prelude.prelude.Int - - constant v_MIN'0 : int8 = (-128 : int8) + constant v_MIN'0 : Int8.t = (-128 : Int8.t) - constant v_MAX'0 : int8 = (127 : int8) + constant v_MAX'0 : Int8.t = (127 : Int8.t) - let rec checked_add'0 (self:int8) (rhs:int8) (return' (ret:t_Option'0))= any + let rec checked_add'0 (self:Int8.t) (rhs:Int8.t) (return' (ret:t_Option'0))= any [ return' (result:t_Option'0)-> {[%#snum15] (result = C_None'0) - = (Int8.to_int self + Int8.to_int rhs < Int8.to_int (v_MIN'0 : int8) - \/ Int8.to_int self + Int8.to_int rhs > Int8.to_int (v_MAX'0 : int8))} - {[%#snum16] forall r : int8 . result = C_Some'0 r -> Int8.to_int r = Int8.to_int self + Int8.to_int rhs} + = (Int8.to_int self + Int8.to_int rhs < Int8.to_int (v_MIN'0 : Int8.t) + \/ Int8.to_int self + Int8.to_int rhs > Int8.to_int (v_MAX'0 : Int8.t))} + {[%#snum16] forall r : Int8.t . result = C_Some'0 r -> Int8.to_int r = Int8.to_int self + Int8.to_int rhs} (! return' {result}) ] @@ -2802,7 +2827,7 @@ module M_checked_ops__test_i8_add_overflow_pos [#"checked_ops.rs" 165 0 165 38] use prelude.prelude.UInt32 - constant v_BITS'0 : uint32 = (8 : uint32) + constant v_BITS'0 : UInt32.t = (8 : UInt32.t) use prelude.prelude.UInt32 @@ -2810,53 +2835,55 @@ module M_checked_ops__test_i8_add_overflow_pos [#"checked_ops.rs" 165 0 165 38] use int.EuclideanDivision - let rec wrapping_add'0 (self:int8) (rhs:int8) (return' (ret:int8))= any - [ return' (result:int8)-> {[%#snum18] Int8.to_int result - = EuclideanDivision.mod (Int8.to_int self + Int8.to_int rhs) (Power.power 2 (UInt32.to_int (v_BITS'0 : uint32))) - + Int8.to_int (v_MIN'0 : int8)} - {[%#snum19] Int8.to_int self + Int8.to_int rhs >= Int8.to_int (v_MIN'0 : int8) - /\ Int8.to_int self + Int8.to_int rhs <= Int8.to_int (v_MAX'0 : int8) + let rec wrapping_add'0 (self:Int8.t) (rhs:Int8.t) (return' (ret:Int8.t))= any + [ return' (result:Int8.t)-> {[%#snum18] Int8.to_int result + = EuclideanDivision.mod (Int8.to_int self + + Int8.to_int rhs) (Power.power 2 (UInt32.to_uint (v_BITS'0 : UInt32.t))) + + Int8.to_int (v_MIN'0 : Int8.t)} + {[%#snum19] Int8.to_int self + Int8.to_int rhs >= Int8.to_int (v_MIN'0 : Int8.t) + /\ Int8.to_int self + Int8.to_int rhs <= Int8.to_int (v_MAX'0 : Int8.t) -> Int8.to_int result = Int8.to_int self + Int8.to_int rhs} - {[%#snum20] Int8.to_int self + Int8.to_int rhs < Int8.to_int (v_MIN'0 : int8) + {[%#snum20] Int8.to_int self + Int8.to_int rhs < Int8.to_int (v_MIN'0 : Int8.t) -> (exists k : int . k > 0 /\ Int8.to_int result - = Int8.to_int self + Int8.to_int rhs + k * (Int8.to_int (v_MAX'0 : int8) - Int8.to_int (v_MIN'0 : int8) + 1))} - {[%#snum21] Int8.to_int self + Int8.to_int rhs > Int8.to_int (v_MAX'0 : int8) + = Int8.to_int self + Int8.to_int rhs + k * (Int8.to_int (v_MAX'0 : Int8.t) - Int8.to_int (v_MIN'0 : Int8.t) + 1))} + {[%#snum21] Int8.to_int self + Int8.to_int rhs > Int8.to_int (v_MAX'0 : Int8.t) -> (exists k : int . k > 0 /\ Int8.to_int result - = Int8.to_int self + Int8.to_int rhs - k * (Int8.to_int (v_MAX'0 : int8) - Int8.to_int (v_MIN'0 : int8) + 1))} + = Int8.to_int self + Int8.to_int rhs - k * (Int8.to_int (v_MAX'0 : Int8.t) - Int8.to_int (v_MIN'0 : Int8.t) + 1))} (! return' {result}) ] - let rec saturating_add'0 (self:int8) (rhs:int8) (return' (ret:int8))= any - [ return' (result:int8)-> {[%#snum22] Int8.to_int self + Int8.to_int rhs >= Int8.to_int (v_MIN'0 : int8) - /\ Int8.to_int self + Int8.to_int rhs <= Int8.to_int (v_MAX'0 : int8) + let rec saturating_add'0 (self:Int8.t) (rhs:Int8.t) (return' (ret:Int8.t))= any + [ return' (result:Int8.t)-> {[%#snum22] Int8.to_int self + Int8.to_int rhs >= Int8.to_int (v_MIN'0 : Int8.t) + /\ Int8.to_int self + Int8.to_int rhs <= Int8.to_int (v_MAX'0 : Int8.t) -> Int8.to_int result = Int8.to_int self + Int8.to_int rhs} - {[%#snum23] Int8.to_int self + Int8.to_int rhs < Int8.to_int (v_MIN'0 : int8) - -> Int8.to_int result = Int8.to_int (v_MIN'0 : int8)} - {[%#snum24] Int8.to_int self + Int8.to_int rhs > Int8.to_int (v_MAX'0 : int8) - -> Int8.to_int result = Int8.to_int (v_MAX'0 : int8)} + {[%#snum23] Int8.to_int self + Int8.to_int rhs < Int8.to_int (v_MIN'0 : Int8.t) + -> Int8.to_int result = Int8.to_int (v_MIN'0 : Int8.t)} + {[%#snum24] Int8.to_int self + Int8.to_int rhs > Int8.to_int (v_MAX'0 : Int8.t) + -> Int8.to_int result = Int8.to_int (v_MAX'0 : Int8.t)} (! return' {result}) ] - let rec overflowing_add'0 (self:int8) (rhs:int8) (return' (ret:(int8, bool)))= any - [ return' (result:(int8, bool))-> {[%#snum25] Int8.to_int (let (a, _) = result in a) - = EuclideanDivision.mod (Int8.to_int self + Int8.to_int rhs) (Power.power 2 (UInt32.to_int (v_BITS'0 : uint32))) - + Int8.to_int (v_MIN'0 : int8)} - {[%#snum26] Int8.to_int self + Int8.to_int rhs >= Int8.to_int (v_MIN'0 : int8) - /\ Int8.to_int self + Int8.to_int rhs <= Int8.to_int (v_MAX'0 : int8) + let rec overflowing_add'0 (self:Int8.t) (rhs:Int8.t) (return' (ret:(Int8.t, bool)))= any + [ return' (result:(Int8.t, bool))-> {[%#snum25] Int8.to_int (let (a, _) = result in a) + = EuclideanDivision.mod (Int8.to_int self + + Int8.to_int rhs) (Power.power 2 (UInt32.to_uint (v_BITS'0 : UInt32.t))) + + Int8.to_int (v_MIN'0 : Int8.t)} + {[%#snum26] Int8.to_int self + Int8.to_int rhs >= Int8.to_int (v_MIN'0 : Int8.t) + /\ Int8.to_int self + Int8.to_int rhs <= Int8.to_int (v_MAX'0 : Int8.t) -> Int8.to_int (let (a, _) = result in a) = Int8.to_int self + Int8.to_int rhs} - {[%#snum27] Int8.to_int self + Int8.to_int rhs < Int8.to_int (v_MIN'0 : int8) + {[%#snum27] Int8.to_int self + Int8.to_int rhs < Int8.to_int (v_MIN'0 : Int8.t) -> (exists k : int . k > 0 /\ Int8.to_int (let (a, _) = result in a) - = Int8.to_int self + Int8.to_int rhs + k * (Int8.to_int (v_MAX'0 : int8) - Int8.to_int (v_MIN'0 : int8) + 1))} - {[%#snum28] Int8.to_int self + Int8.to_int rhs > Int8.to_int (v_MAX'0 : int8) + = Int8.to_int self + Int8.to_int rhs + k * (Int8.to_int (v_MAX'0 : Int8.t) - Int8.to_int (v_MIN'0 : Int8.t) + 1))} + {[%#snum28] Int8.to_int self + Int8.to_int rhs > Int8.to_int (v_MAX'0 : Int8.t) -> (exists k : int . k > 0 /\ Int8.to_int (let (a, _) = result in a) - = Int8.to_int self + Int8.to_int rhs - k * (Int8.to_int (v_MAX'0 : int8) - Int8.to_int (v_MIN'0 : int8) + 1))} + = Int8.to_int self + Int8.to_int rhs - k * (Int8.to_int (v_MAX'0 : Int8.t) - Int8.to_int (v_MIN'0 : Int8.t) + 1))} {[%#snum29] (let (_, a) = result in a) - = (Int8.to_int self + Int8.to_int rhs < Int8.to_int (v_MIN'0 : int8) - \/ Int8.to_int self + Int8.to_int rhs > Int8.to_int (v_MAX'0 : int8))} + = (Int8.to_int self + Int8.to_int rhs < Int8.to_int (v_MIN'0 : Int8.t) + \/ Int8.to_int self + Int8.to_int rhs > Int8.to_int (v_MAX'0 : Int8.t))} (! return' {result}) ] @@ -2866,40 +2893,41 @@ module M_checked_ops__test_i8_add_overflow_pos [#"checked_ops.rs" 165 0 165 38] meta "compute_max_steps" 1000000 - let rec test_i8_add_overflow_pos'0 (a:int8) (return' (ret:()))= {[@expl:test_i8_add_overflow_pos requires] [%#schecked_ops14] Int8.to_int a + let rec test_i8_add_overflow_pos'0 (a:Int8.t) (return' (ret:()))= {[@expl:test_i8_add_overflow_pos requires] [%#schecked_ops14] Int8.to_int a > 0} (! bb0 [ bb0 = s0 - [ s0 = checked_add'0 {[%#schecked_ops0] (127 : int8)} {a} (fun (_ret':t_Option'0) -> [ &_6 <- _ret' ] s1) + [ s0 = checked_add'0 {[%#schecked_ops0] (127 : Int8.t)} {a} (fun (_ret':t_Option'0) -> [ &_6 <- _ret' ] s1) | s1 = bb1 ] | bb1 = s0 [ s0 = is_none'0 {_6} (fun (_ret':bool) -> [ &_4 <- _ret' ] s1) | s1 = bb2 ] | bb2 = any [ br0 -> {_4 = false} (! bb4) | br1 -> {_4} (! bb3) ] | bb3 = s0 - [ s0 = wrapping_add'0 {[%#schecked_ops1] (127 : int8)} {a} (fun (_ret':int8) -> [ &_11 <- _ret' ] s1) + [ s0 = wrapping_add'0 {[%#schecked_ops1] (127 : Int8.t)} {a} (fun (_ret':Int8.t) -> [ &_11 <- _ret' ] s1) | s1 = bb5 ] | bb5 = s0 - [ s0 = Int8.sub {a} {[%#schecked_ops2] (127 : int8)} (fun (_ret':int8) -> [ &_14 <- _ret' ] s1) - | s1 = Int8.sub {_14} {[%#schecked_ops3] (2 : int8)} (fun (_ret':int8) -> [ &_13 <- _ret' ] s2) + [ s0 = Int8.sub {a} {[%#schecked_ops2] (127 : Int8.t)} (fun (_ret':Int8.t) -> [ &_14 <- _ret' ] s1) + | s1 = Int8.sub {_14} {[%#schecked_ops3] (2 : Int8.t)} (fun (_ret':Int8.t) -> [ &_13 <- _ret' ] s2) | s2 = Int8.eq {_11} {_13} (fun (_ret':bool) -> [ &_10 <- _ret' ] s3) | s3 = any [ br0 -> {_10 = false} (! bb7) | br1 -> {_10} (! bb6) ] ] | bb6 = s0 - [ s0 = saturating_add'0 {[%#schecked_ops4] (127 : int8)} {a} (fun (_ret':int8) -> [ &_19 <- _ret' ] s1) + [ s0 = saturating_add'0 {[%#schecked_ops4] (127 : Int8.t)} {a} (fun (_ret':Int8.t) -> [ &_19 <- _ret' ] s1) | s1 = bb8 ] | bb8 = s0 - [ s0 = Int8.eq {_19} {[%#schecked_ops5] (127 : int8)} (fun (_ret':bool) -> [ &_18 <- _ret' ] s1) + [ s0 = Int8.eq {_19} {[%#schecked_ops5] (127 : Int8.t)} (fun (_ret':bool) -> [ &_18 <- _ret' ] s1) | s1 = any [ br0 -> {_18 = false} (! bb10) | br1 -> {_18} (! bb9) ] ] | bb9 = s0 - [ s0 = overflowing_add'0 {[%#schecked_ops6] (127 : int8)} {a} (fun (_ret':(int8, bool)) -> [ &res <- _ret' ] s1) + [ s0 = overflowing_add'0 {[%#schecked_ops6] (127 : Int8.t)} {a} + (fun (_ret':(Int8.t, bool)) -> [ &res <- _ret' ] s1) | s1 = bb11 ] | bb11 = s0 - [ s0 = Int8.sub {a} {[%#schecked_ops7] (127 : int8)} (fun (_ret':int8) -> [ &_28 <- _ret' ] s1) - | s1 = Int8.sub {_28} {[%#schecked_ops8] (2 : int8)} (fun (_ret':int8) -> [ &_27 <- _ret' ] s2) + [ s0 = Int8.sub {a} {[%#schecked_ops7] (127 : Int8.t)} (fun (_ret':Int8.t) -> [ &_28 <- _ret' ] s1) + | s1 = Int8.sub {_28} {[%#schecked_ops8] (2 : Int8.t)} (fun (_ret':Int8.t) -> [ &_27 <- _ret' ] s2) | s2 = Int8.eq {let (r'0, _) = res in r'0} {_27} (fun (_ret':bool) -> [ &_25 <- _ret' ] s3) | s3 = any [ br0 -> {_25 = false} (! bb15) | br1 -> {_25} (! bb12) ] ] @@ -2916,19 +2944,19 @@ module M_checked_ops__test_i8_add_overflow_pos [#"checked_ops.rs" 165 0 165 38] | bb4 = {[%#schecked_ops13] false} any ] ) [ & _0 : () = any_l () - | & a : int8 = a + | & a : Int8.t = a | & _4 : bool = any_l () | & _6 : t_Option'0 = any_l () | & _10 : bool = any_l () - | & _11 : int8 = any_l () - | & _13 : int8 = any_l () - | & _14 : int8 = any_l () + | & _11 : Int8.t = any_l () + | & _13 : Int8.t = any_l () + | & _14 : Int8.t = any_l () | & _18 : bool = any_l () - | & _19 : int8 = any_l () - | & res : (int8, bool) = any_l () + | & _19 : Int8.t = any_l () + | & res : (Int8.t, bool) = any_l () | & _25 : bool = any_l () - | & _27 : int8 = any_l () - | & _28 : int8 = any_l () + | & _27 : Int8.t = any_l () + | & _28 : Int8.t = any_l () | & _30 : bool = any_l () ] [ return' (result:())-> (! return' {result}) ] end @@ -2948,41 +2976,41 @@ module M_checked_ops__test_i8_add_overflow_neg [#"checked_ops.rs" 175 0 175 38] let%span schecked_ops12 = "checked_ops.rs" 177 4 177 52 let%span schecked_ops13 = "checked_ops.rs" 176 4 176 46 let%span schecked_ops14 = "checked_ops.rs" 174 11 174 17 - let%span snum15 = "../../../creusot-contracts/src/std/num.rs" 128 20 129 89 - let%span snum16 = "../../../creusot-contracts/src/std/num.rs" 132 26 132 87 + let%span snum15 = "../../../creusot-contracts/src/std/num.rs" 171 20 172 89 + let%span snum16 = "../../../creusot-contracts/src/std/num.rs" 175 26 175 87 let%span soption17 = "../../../creusot-contracts/src/std/option.rs" 51 26 51 51 - let%span snum18 = "../../../creusot-contracts/src/std/num.rs" 140 20 140 93 - let%span snum19 = "../../../creusot-contracts/src/std/num.rs" 144 20 145 51 - let%span snum20 = "../../../creusot-contracts/src/std/num.rs" 151 20 153 92 - let%span snum21 = "../../../creusot-contracts/src/std/num.rs" 156 20 158 92 - let%span snum22 = "../../../creusot-contracts/src/std/num.rs" 168 20 169 51 - let%span snum23 = "../../../creusot-contracts/src/std/num.rs" 172 26 172 83 - let%span snum24 = "../../../creusot-contracts/src/std/num.rs" 173 26 173 83 - let%span snum25 = "../../../creusot-contracts/src/std/num.rs" 182 20 182 95 - let%span snum26 = "../../../creusot-contracts/src/std/num.rs" 186 20 187 53 - let%span snum27 = "../../../creusot-contracts/src/std/num.rs" 193 20 195 94 - let%span snum28 = "../../../creusot-contracts/src/std/num.rs" 198 20 200 94 - let%span snum29 = "../../../creusot-contracts/src/std/num.rs" 204 20 204 98 + let%span snum18 = "../../../creusot-contracts/src/std/num.rs" 183 20 183 93 + let%span snum19 = "../../../creusot-contracts/src/std/num.rs" 187 20 188 51 + let%span snum20 = "../../../creusot-contracts/src/std/num.rs" 194 20 196 92 + let%span snum21 = "../../../creusot-contracts/src/std/num.rs" 199 20 201 92 + let%span snum22 = "../../../creusot-contracts/src/std/num.rs" 211 20 212 51 + let%span snum23 = "../../../creusot-contracts/src/std/num.rs" 215 26 215 83 + let%span snum24 = "../../../creusot-contracts/src/std/num.rs" 216 26 216 83 + let%span snum25 = "../../../creusot-contracts/src/std/num.rs" 225 20 225 95 + let%span snum26 = "../../../creusot-contracts/src/std/num.rs" 229 20 230 53 + let%span snum27 = "../../../creusot-contracts/src/std/num.rs" 236 20 238 94 + let%span snum28 = "../../../creusot-contracts/src/std/num.rs" 241 20 243 94 + let%span snum29 = "../../../creusot-contracts/src/std/num.rs" 247 20 247 98 + + use prelude.prelude.Int use prelude.prelude.Int8 type t_Option'0 = | C_None'0 - | C_Some'0 int8 + | C_Some'0 Int8.t use prelude.prelude.Int8 - use prelude.prelude.Int - - constant v_MIN'0 : int8 = (-128 : int8) + constant v_MIN'0 : Int8.t = (-128 : Int8.t) - constant v_MAX'0 : int8 = (127 : int8) + constant v_MAX'0 : Int8.t = (127 : Int8.t) - let rec checked_add'0 (self:int8) (rhs:int8) (return' (ret:t_Option'0))= any + let rec checked_add'0 (self:Int8.t) (rhs:Int8.t) (return' (ret:t_Option'0))= any [ return' (result:t_Option'0)-> {[%#snum15] (result = C_None'0) - = (Int8.to_int self + Int8.to_int rhs < Int8.to_int (v_MIN'0 : int8) - \/ Int8.to_int self + Int8.to_int rhs > Int8.to_int (v_MAX'0 : int8))} - {[%#snum16] forall r : int8 . result = C_Some'0 r -> Int8.to_int r = Int8.to_int self + Int8.to_int rhs} + = (Int8.to_int self + Int8.to_int rhs < Int8.to_int (v_MIN'0 : Int8.t) + \/ Int8.to_int self + Int8.to_int rhs > Int8.to_int (v_MAX'0 : Int8.t))} + {[%#snum16] forall r : Int8.t . result = C_Some'0 r -> Int8.to_int r = Int8.to_int self + Int8.to_int rhs} (! return' {result}) ] @@ -2997,7 +3025,7 @@ module M_checked_ops__test_i8_add_overflow_neg [#"checked_ops.rs" 175 0 175 38] use prelude.prelude.UInt32 - constant v_BITS'0 : uint32 = (8 : uint32) + constant v_BITS'0 : UInt32.t = (8 : UInt32.t) use prelude.prelude.UInt32 @@ -3005,53 +3033,55 @@ module M_checked_ops__test_i8_add_overflow_neg [#"checked_ops.rs" 175 0 175 38] use int.EuclideanDivision - let rec wrapping_add'0 (self:int8) (rhs:int8) (return' (ret:int8))= any - [ return' (result:int8)-> {[%#snum18] Int8.to_int result - = EuclideanDivision.mod (Int8.to_int self + Int8.to_int rhs) (Power.power 2 (UInt32.to_int (v_BITS'0 : uint32))) - + Int8.to_int (v_MIN'0 : int8)} - {[%#snum19] Int8.to_int self + Int8.to_int rhs >= Int8.to_int (v_MIN'0 : int8) - /\ Int8.to_int self + Int8.to_int rhs <= Int8.to_int (v_MAX'0 : int8) + let rec wrapping_add'0 (self:Int8.t) (rhs:Int8.t) (return' (ret:Int8.t))= any + [ return' (result:Int8.t)-> {[%#snum18] Int8.to_int result + = EuclideanDivision.mod (Int8.to_int self + + Int8.to_int rhs) (Power.power 2 (UInt32.to_uint (v_BITS'0 : UInt32.t))) + + Int8.to_int (v_MIN'0 : Int8.t)} + {[%#snum19] Int8.to_int self + Int8.to_int rhs >= Int8.to_int (v_MIN'0 : Int8.t) + /\ Int8.to_int self + Int8.to_int rhs <= Int8.to_int (v_MAX'0 : Int8.t) -> Int8.to_int result = Int8.to_int self + Int8.to_int rhs} - {[%#snum20] Int8.to_int self + Int8.to_int rhs < Int8.to_int (v_MIN'0 : int8) + {[%#snum20] Int8.to_int self + Int8.to_int rhs < Int8.to_int (v_MIN'0 : Int8.t) -> (exists k : int . k > 0 /\ Int8.to_int result - = Int8.to_int self + Int8.to_int rhs + k * (Int8.to_int (v_MAX'0 : int8) - Int8.to_int (v_MIN'0 : int8) + 1))} - {[%#snum21] Int8.to_int self + Int8.to_int rhs > Int8.to_int (v_MAX'0 : int8) + = Int8.to_int self + Int8.to_int rhs + k * (Int8.to_int (v_MAX'0 : Int8.t) - Int8.to_int (v_MIN'0 : Int8.t) + 1))} + {[%#snum21] Int8.to_int self + Int8.to_int rhs > Int8.to_int (v_MAX'0 : Int8.t) -> (exists k : int . k > 0 /\ Int8.to_int result - = Int8.to_int self + Int8.to_int rhs - k * (Int8.to_int (v_MAX'0 : int8) - Int8.to_int (v_MIN'0 : int8) + 1))} + = Int8.to_int self + Int8.to_int rhs - k * (Int8.to_int (v_MAX'0 : Int8.t) - Int8.to_int (v_MIN'0 : Int8.t) + 1))} (! return' {result}) ] - let rec saturating_add'0 (self:int8) (rhs:int8) (return' (ret:int8))= any - [ return' (result:int8)-> {[%#snum22] Int8.to_int self + Int8.to_int rhs >= Int8.to_int (v_MIN'0 : int8) - /\ Int8.to_int self + Int8.to_int rhs <= Int8.to_int (v_MAX'0 : int8) + let rec saturating_add'0 (self:Int8.t) (rhs:Int8.t) (return' (ret:Int8.t))= any + [ return' (result:Int8.t)-> {[%#snum22] Int8.to_int self + Int8.to_int rhs >= Int8.to_int (v_MIN'0 : Int8.t) + /\ Int8.to_int self + Int8.to_int rhs <= Int8.to_int (v_MAX'0 : Int8.t) -> Int8.to_int result = Int8.to_int self + Int8.to_int rhs} - {[%#snum23] Int8.to_int self + Int8.to_int rhs < Int8.to_int (v_MIN'0 : int8) - -> Int8.to_int result = Int8.to_int (v_MIN'0 : int8)} - {[%#snum24] Int8.to_int self + Int8.to_int rhs > Int8.to_int (v_MAX'0 : int8) - -> Int8.to_int result = Int8.to_int (v_MAX'0 : int8)} + {[%#snum23] Int8.to_int self + Int8.to_int rhs < Int8.to_int (v_MIN'0 : Int8.t) + -> Int8.to_int result = Int8.to_int (v_MIN'0 : Int8.t)} + {[%#snum24] Int8.to_int self + Int8.to_int rhs > Int8.to_int (v_MAX'0 : Int8.t) + -> Int8.to_int result = Int8.to_int (v_MAX'0 : Int8.t)} (! return' {result}) ] - let rec overflowing_add'0 (self:int8) (rhs:int8) (return' (ret:(int8, bool)))= any - [ return' (result:(int8, bool))-> {[%#snum25] Int8.to_int (let (a, _) = result in a) - = EuclideanDivision.mod (Int8.to_int self + Int8.to_int rhs) (Power.power 2 (UInt32.to_int (v_BITS'0 : uint32))) - + Int8.to_int (v_MIN'0 : int8)} - {[%#snum26] Int8.to_int self + Int8.to_int rhs >= Int8.to_int (v_MIN'0 : int8) - /\ Int8.to_int self + Int8.to_int rhs <= Int8.to_int (v_MAX'0 : int8) + let rec overflowing_add'0 (self:Int8.t) (rhs:Int8.t) (return' (ret:(Int8.t, bool)))= any + [ return' (result:(Int8.t, bool))-> {[%#snum25] Int8.to_int (let (a, _) = result in a) + = EuclideanDivision.mod (Int8.to_int self + + Int8.to_int rhs) (Power.power 2 (UInt32.to_uint (v_BITS'0 : UInt32.t))) + + Int8.to_int (v_MIN'0 : Int8.t)} + {[%#snum26] Int8.to_int self + Int8.to_int rhs >= Int8.to_int (v_MIN'0 : Int8.t) + /\ Int8.to_int self + Int8.to_int rhs <= Int8.to_int (v_MAX'0 : Int8.t) -> Int8.to_int (let (a, _) = result in a) = Int8.to_int self + Int8.to_int rhs} - {[%#snum27] Int8.to_int self + Int8.to_int rhs < Int8.to_int (v_MIN'0 : int8) + {[%#snum27] Int8.to_int self + Int8.to_int rhs < Int8.to_int (v_MIN'0 : Int8.t) -> (exists k : int . k > 0 /\ Int8.to_int (let (a, _) = result in a) - = Int8.to_int self + Int8.to_int rhs + k * (Int8.to_int (v_MAX'0 : int8) - Int8.to_int (v_MIN'0 : int8) + 1))} - {[%#snum28] Int8.to_int self + Int8.to_int rhs > Int8.to_int (v_MAX'0 : int8) + = Int8.to_int self + Int8.to_int rhs + k * (Int8.to_int (v_MAX'0 : Int8.t) - Int8.to_int (v_MIN'0 : Int8.t) + 1))} + {[%#snum28] Int8.to_int self + Int8.to_int rhs > Int8.to_int (v_MAX'0 : Int8.t) -> (exists k : int . k > 0 /\ Int8.to_int (let (a, _) = result in a) - = Int8.to_int self + Int8.to_int rhs - k * (Int8.to_int (v_MAX'0 : int8) - Int8.to_int (v_MIN'0 : int8) + 1))} + = Int8.to_int self + Int8.to_int rhs - k * (Int8.to_int (v_MAX'0 : Int8.t) - Int8.to_int (v_MIN'0 : Int8.t) + 1))} {[%#snum29] (let (_, a) = result in a) - = (Int8.to_int self + Int8.to_int rhs < Int8.to_int (v_MIN'0 : int8) - \/ Int8.to_int self + Int8.to_int rhs > Int8.to_int (v_MAX'0 : int8))} + = (Int8.to_int self + Int8.to_int rhs < Int8.to_int (v_MIN'0 : Int8.t) + \/ Int8.to_int self + Int8.to_int rhs > Int8.to_int (v_MAX'0 : Int8.t))} (! return' {result}) ] @@ -3061,40 +3091,41 @@ module M_checked_ops__test_i8_add_overflow_neg [#"checked_ops.rs" 175 0 175 38] meta "compute_max_steps" 1000000 - let rec test_i8_add_overflow_neg'0 (a:int8) (return' (ret:()))= {[@expl:test_i8_add_overflow_neg requires] [%#schecked_ops14] Int8.to_int a + let rec test_i8_add_overflow_neg'0 (a:Int8.t) (return' (ret:()))= {[@expl:test_i8_add_overflow_neg requires] [%#schecked_ops14] Int8.to_int a < 0} (! bb0 [ bb0 = s0 - [ s0 = checked_add'0 {[%#schecked_ops0] (-128 : int8)} {a} (fun (_ret':t_Option'0) -> [ &_6 <- _ret' ] s1) + [ s0 = checked_add'0 {[%#schecked_ops0] (-128 : Int8.t)} {a} (fun (_ret':t_Option'0) -> [ &_6 <- _ret' ] s1) | s1 = bb1 ] | bb1 = s0 [ s0 = is_none'0 {_6} (fun (_ret':bool) -> [ &_4 <- _ret' ] s1) | s1 = bb2 ] | bb2 = any [ br0 -> {_4 = false} (! bb4) | br1 -> {_4} (! bb3) ] | bb3 = s0 - [ s0 = wrapping_add'0 {[%#schecked_ops1] (-128 : int8)} {a} (fun (_ret':int8) -> [ &_11 <- _ret' ] s1) + [ s0 = wrapping_add'0 {[%#schecked_ops1] (-128 : Int8.t)} {a} (fun (_ret':Int8.t) -> [ &_11 <- _ret' ] s1) | s1 = bb5 ] | bb5 = s0 - [ s0 = Int8.add {a} {[%#schecked_ops2] (127 : int8)} (fun (_ret':int8) -> [ &_14 <- _ret' ] s1) - | s1 = Int8.add {_14} {[%#schecked_ops3] (1 : int8)} (fun (_ret':int8) -> [ &_13 <- _ret' ] s2) + [ s0 = Int8.add {a} {[%#schecked_ops2] (127 : Int8.t)} (fun (_ret':Int8.t) -> [ &_14 <- _ret' ] s1) + | s1 = Int8.add {_14} {[%#schecked_ops3] (1 : Int8.t)} (fun (_ret':Int8.t) -> [ &_13 <- _ret' ] s2) | s2 = Int8.eq {_11} {_13} (fun (_ret':bool) -> [ &_10 <- _ret' ] s3) | s3 = any [ br0 -> {_10 = false} (! bb7) | br1 -> {_10} (! bb6) ] ] | bb6 = s0 - [ s0 = saturating_add'0 {[%#schecked_ops4] (-128 : int8)} {a} (fun (_ret':int8) -> [ &_19 <- _ret' ] s1) + [ s0 = saturating_add'0 {[%#schecked_ops4] (-128 : Int8.t)} {a} (fun (_ret':Int8.t) -> [ &_19 <- _ret' ] s1) | s1 = bb8 ] | bb8 = s0 - [ s0 = Int8.eq {_19} {[%#schecked_ops5] (-128 : int8)} (fun (_ret':bool) -> [ &_18 <- _ret' ] s1) + [ s0 = Int8.eq {_19} {[%#schecked_ops5] (-128 : Int8.t)} (fun (_ret':bool) -> [ &_18 <- _ret' ] s1) | s1 = any [ br0 -> {_18 = false} (! bb10) | br1 -> {_18} (! bb9) ] ] | bb9 = s0 - [ s0 = overflowing_add'0 {[%#schecked_ops6] (-128 : int8)} {a} (fun (_ret':(int8, bool)) -> [ &res <- _ret' ] s1) + [ s0 = overflowing_add'0 {[%#schecked_ops6] (-128 : Int8.t)} {a} + (fun (_ret':(Int8.t, bool)) -> [ &res <- _ret' ] s1) | s1 = bb11 ] | bb11 = s0 - [ s0 = Int8.add {a} {[%#schecked_ops7] (127 : int8)} (fun (_ret':int8) -> [ &_28 <- _ret' ] s1) - | s1 = Int8.add {_28} {[%#schecked_ops8] (1 : int8)} (fun (_ret':int8) -> [ &_27 <- _ret' ] s2) + [ s0 = Int8.add {a} {[%#schecked_ops7] (127 : Int8.t)} (fun (_ret':Int8.t) -> [ &_28 <- _ret' ] s1) + | s1 = Int8.add {_28} {[%#schecked_ops8] (1 : Int8.t)} (fun (_ret':Int8.t) -> [ &_27 <- _ret' ] s2) | s2 = Int8.eq {let (r'0, _) = res in r'0} {_27} (fun (_ret':bool) -> [ &_25 <- _ret' ] s3) | s3 = any [ br0 -> {_25 = false} (! bb15) | br1 -> {_25} (! bb12) ] ] @@ -3111,28 +3142,28 @@ module M_checked_ops__test_i8_add_overflow_neg [#"checked_ops.rs" 175 0 175 38] | bb4 = {[%#schecked_ops13] false} any ] ) [ & _0 : () = any_l () - | & a : int8 = a + | & a : Int8.t = a | & _4 : bool = any_l () | & _6 : t_Option'0 = any_l () | & _10 : bool = any_l () - | & _11 : int8 = any_l () - | & _13 : int8 = any_l () - | & _14 : int8 = any_l () + | & _11 : Int8.t = any_l () + | & _13 : Int8.t = any_l () + | & _14 : Int8.t = any_l () | & _18 : bool = any_l () - | & _19 : int8 = any_l () - | & res : (int8, bool) = any_l () + | & _19 : Int8.t = any_l () + | & res : (Int8.t, bool) = any_l () | & _25 : bool = any_l () - | & _27 : int8 = any_l () - | & _28 : int8 = any_l () + | & _27 : Int8.t = any_l () + | & _28 : Int8.t = any_l () | & _30 : bool = any_l () ] [ return' (result:())-> (! return' {result}) ] end module M_checked_ops__test_i8_wrapping_add [#"checked_ops.rs" 186 0 186 47] let%span schecked_ops0 = "checked_ops.rs" 185 10 185 84 - let%span snum1 = "../../../creusot-contracts/src/std/num.rs" 140 20 140 93 - let%span snum2 = "../../../creusot-contracts/src/std/num.rs" 144 20 145 51 - let%span snum3 = "../../../creusot-contracts/src/std/num.rs" 151 20 153 92 - let%span snum4 = "../../../creusot-contracts/src/std/num.rs" 156 20 158 92 + let%span snum1 = "../../../creusot-contracts/src/std/num.rs" 183 20 183 93 + let%span snum2 = "../../../creusot-contracts/src/std/num.rs" 187 20 188 51 + let%span snum3 = "../../../creusot-contracts/src/std/num.rs" 194 20 196 92 + let%span snum4 = "../../../creusot-contracts/src/std/num.rs" 199 20 201 92 use prelude.prelude.Int8 @@ -3140,7 +3171,7 @@ module M_checked_ops__test_i8_wrapping_add [#"checked_ops.rs" 186 0 186 47] use prelude.prelude.UInt32 - constant v_BITS'0 : uint32 = (8 : uint32) + constant v_BITS'0 : UInt32.t = (8 : UInt32.t) use prelude.prelude.UInt32 @@ -3150,25 +3181,26 @@ module M_checked_ops__test_i8_wrapping_add [#"checked_ops.rs" 186 0 186 47] use prelude.prelude.Int8 - constant v_MIN'0 : int8 = (-128 : int8) + constant v_MIN'0 : Int8.t = (-128 : Int8.t) - constant v_MAX'0 : int8 = (127 : int8) + constant v_MAX'0 : Int8.t = (127 : Int8.t) - let rec wrapping_add'0 (self:int8) (rhs:int8) (return' (ret:int8))= any - [ return' (result:int8)-> {[%#snum1] Int8.to_int result - = EuclideanDivision.mod (Int8.to_int self + Int8.to_int rhs) (Power.power 2 (UInt32.to_int (v_BITS'0 : uint32))) - + Int8.to_int (v_MIN'0 : int8)} - {[%#snum2] Int8.to_int self + Int8.to_int rhs >= Int8.to_int (v_MIN'0 : int8) - /\ Int8.to_int self + Int8.to_int rhs <= Int8.to_int (v_MAX'0 : int8) + let rec wrapping_add'0 (self:Int8.t) (rhs:Int8.t) (return' (ret:Int8.t))= any + [ return' (result:Int8.t)-> {[%#snum1] Int8.to_int result + = EuclideanDivision.mod (Int8.to_int self + + Int8.to_int rhs) (Power.power 2 (UInt32.to_uint (v_BITS'0 : UInt32.t))) + + Int8.to_int (v_MIN'0 : Int8.t)} + {[%#snum2] Int8.to_int self + Int8.to_int rhs >= Int8.to_int (v_MIN'0 : Int8.t) + /\ Int8.to_int self + Int8.to_int rhs <= Int8.to_int (v_MAX'0 : Int8.t) -> Int8.to_int result = Int8.to_int self + Int8.to_int rhs} - {[%#snum3] Int8.to_int self + Int8.to_int rhs < Int8.to_int (v_MIN'0 : int8) + {[%#snum3] Int8.to_int self + Int8.to_int rhs < Int8.to_int (v_MIN'0 : Int8.t) -> (exists k : int . k > 0 /\ Int8.to_int result - = Int8.to_int self + Int8.to_int rhs + k * (Int8.to_int (v_MAX'0 : int8) - Int8.to_int (v_MIN'0 : int8) + 1))} - {[%#snum4] Int8.to_int self + Int8.to_int rhs > Int8.to_int (v_MAX'0 : int8) + = Int8.to_int self + Int8.to_int rhs + k * (Int8.to_int (v_MAX'0 : Int8.t) - Int8.to_int (v_MIN'0 : Int8.t) + 1))} + {[%#snum4] Int8.to_int self + Int8.to_int rhs > Int8.to_int (v_MAX'0 : Int8.t) -> (exists k : int . k > 0 /\ Int8.to_int result - = Int8.to_int self + Int8.to_int rhs - k * (Int8.to_int (v_MAX'0 : int8) - Int8.to_int (v_MIN'0 : int8) + 1))} + = Int8.to_int self + Int8.to_int rhs - k * (Int8.to_int (v_MAX'0 : Int8.t) - Int8.to_int (v_MIN'0 : Int8.t) + 1))} (! return' {result}) ] @@ -3176,11 +3208,11 @@ module M_checked_ops__test_i8_wrapping_add [#"checked_ops.rs" 186 0 186 47] meta "compute_max_steps" 1000000 - let rec test_i8_wrapping_add'0 (a:int8) (b:int8) (return' (ret:int8))= (! bb0 - [ bb0 = s0 [ s0 = wrapping_add'0 {a} {b} (fun (_ret':int8) -> [ &_0 <- _ret' ] s1) | s1 = bb1 ] + let rec test_i8_wrapping_add'0 (a:Int8.t) (b:Int8.t) (return' (ret:Int8.t))= (! bb0 + [ bb0 = s0 [ s0 = wrapping_add'0 {a} {b} (fun (_ret':Int8.t) -> [ &_0 <- _ret' ] s1) | s1 = bb1 ] | bb1 = return' {_0} ] - ) [ & _0 : int8 = any_l () | & a : int8 = a | & b : int8 = b ] - [ return' (result:int8)-> {[@expl:test_i8_wrapping_add ensures] [%#schecked_ops0] Int8.to_int result + ) [ & _0 : Int8.t = any_l () | & a : Int8.t = a | & b : Int8.t = b ] + [ return' (result:Int8.t)-> {[@expl:test_i8_wrapping_add ensures] [%#schecked_ops0] Int8.to_int result = Int8.to_int a + Int8.to_int b \/ Int8.to_int result = Int8.to_int a + Int8.to_int b - 256 \/ Int8.to_int result = Int8.to_int a + Int8.to_int b + 256} @@ -3190,17 +3222,17 @@ end module M_checked_ops__test_i8_overflowing_add [#"checked_ops.rs" 191 0 191 44] let%span schecked_ops0 = "checked_ops.rs" 193 4 193 65 let%span schecked_ops1 = "checked_ops.rs" 192 4 192 56 - let%span snum2 = "../../../creusot-contracts/src/std/num.rs" 182 20 182 95 - let%span snum3 = "../../../creusot-contracts/src/std/num.rs" 186 20 187 53 - let%span snum4 = "../../../creusot-contracts/src/std/num.rs" 193 20 195 94 - let%span snum5 = "../../../creusot-contracts/src/std/num.rs" 198 20 200 94 - let%span snum6 = "../../../creusot-contracts/src/std/num.rs" 204 20 204 98 - let%span snum7 = "../../../creusot-contracts/src/std/num.rs" 140 20 140 93 - let%span snum8 = "../../../creusot-contracts/src/std/num.rs" 144 20 145 51 - let%span snum9 = "../../../creusot-contracts/src/std/num.rs" 151 20 153 92 - let%span snum10 = "../../../creusot-contracts/src/std/num.rs" 156 20 158 92 - let%span snum11 = "../../../creusot-contracts/src/std/num.rs" 128 20 129 89 - let%span snum12 = "../../../creusot-contracts/src/std/num.rs" 132 26 132 87 + let%span snum2 = "../../../creusot-contracts/src/std/num.rs" 225 20 225 95 + let%span snum3 = "../../../creusot-contracts/src/std/num.rs" 229 20 230 53 + let%span snum4 = "../../../creusot-contracts/src/std/num.rs" 236 20 238 94 + let%span snum5 = "../../../creusot-contracts/src/std/num.rs" 241 20 243 94 + let%span snum6 = "../../../creusot-contracts/src/std/num.rs" 247 20 247 98 + let%span snum7 = "../../../creusot-contracts/src/std/num.rs" 183 20 183 93 + let%span snum8 = "../../../creusot-contracts/src/std/num.rs" 187 20 188 51 + let%span snum9 = "../../../creusot-contracts/src/std/num.rs" 194 20 196 92 + let%span snum10 = "../../../creusot-contracts/src/std/num.rs" 199 20 201 92 + let%span snum11 = "../../../creusot-contracts/src/std/num.rs" 171 20 172 89 + let%span snum12 = "../../../creusot-contracts/src/std/num.rs" 175 26 175 87 let%span soption13 = "../../../creusot-contracts/src/std/option.rs" 51 26 51 51 use prelude.prelude.Int8 @@ -3209,7 +3241,7 @@ module M_checked_ops__test_i8_overflowing_add [#"checked_ops.rs" 191 0 191 44] use prelude.prelude.UInt32 - constant v_BITS'0 : uint32 = (8 : uint32) + constant v_BITS'0 : UInt32.t = (8 : UInt32.t) use prelude.prelude.UInt32 @@ -3219,58 +3251,60 @@ module M_checked_ops__test_i8_overflowing_add [#"checked_ops.rs" 191 0 191 44] use prelude.prelude.Int8 - constant v_MIN'0 : int8 = (-128 : int8) + constant v_MIN'0 : Int8.t = (-128 : Int8.t) - constant v_MAX'0 : int8 = (127 : int8) + constant v_MAX'0 : Int8.t = (127 : Int8.t) - let rec overflowing_add'0 (self:int8) (rhs:int8) (return' (ret:(int8, bool)))= any - [ return' (result:(int8, bool))-> {[%#snum2] Int8.to_int (let (a, _) = result in a) - = EuclideanDivision.mod (Int8.to_int self + Int8.to_int rhs) (Power.power 2 (UInt32.to_int (v_BITS'0 : uint32))) - + Int8.to_int (v_MIN'0 : int8)} - {[%#snum3] Int8.to_int self + Int8.to_int rhs >= Int8.to_int (v_MIN'0 : int8) - /\ Int8.to_int self + Int8.to_int rhs <= Int8.to_int (v_MAX'0 : int8) + let rec overflowing_add'0 (self:Int8.t) (rhs:Int8.t) (return' (ret:(Int8.t, bool)))= any + [ return' (result:(Int8.t, bool))-> {[%#snum2] Int8.to_int (let (a, _) = result in a) + = EuclideanDivision.mod (Int8.to_int self + + Int8.to_int rhs) (Power.power 2 (UInt32.to_uint (v_BITS'0 : UInt32.t))) + + Int8.to_int (v_MIN'0 : Int8.t)} + {[%#snum3] Int8.to_int self + Int8.to_int rhs >= Int8.to_int (v_MIN'0 : Int8.t) + /\ Int8.to_int self + Int8.to_int rhs <= Int8.to_int (v_MAX'0 : Int8.t) -> Int8.to_int (let (a, _) = result in a) = Int8.to_int self + Int8.to_int rhs} - {[%#snum4] Int8.to_int self + Int8.to_int rhs < Int8.to_int (v_MIN'0 : int8) + {[%#snum4] Int8.to_int self + Int8.to_int rhs < Int8.to_int (v_MIN'0 : Int8.t) -> (exists k : int . k > 0 /\ Int8.to_int (let (a, _) = result in a) - = Int8.to_int self + Int8.to_int rhs + k * (Int8.to_int (v_MAX'0 : int8) - Int8.to_int (v_MIN'0 : int8) + 1))} - {[%#snum5] Int8.to_int self + Int8.to_int rhs > Int8.to_int (v_MAX'0 : int8) + = Int8.to_int self + Int8.to_int rhs + k * (Int8.to_int (v_MAX'0 : Int8.t) - Int8.to_int (v_MIN'0 : Int8.t) + 1))} + {[%#snum5] Int8.to_int self + Int8.to_int rhs > Int8.to_int (v_MAX'0 : Int8.t) -> (exists k : int . k > 0 /\ Int8.to_int (let (a, _) = result in a) - = Int8.to_int self + Int8.to_int rhs - k * (Int8.to_int (v_MAX'0 : int8) - Int8.to_int (v_MIN'0 : int8) + 1))} + = Int8.to_int self + Int8.to_int rhs - k * (Int8.to_int (v_MAX'0 : Int8.t) - Int8.to_int (v_MIN'0 : Int8.t) + 1))} {[%#snum6] (let (_, a) = result in a) - = (Int8.to_int self + Int8.to_int rhs < Int8.to_int (v_MIN'0 : int8) - \/ Int8.to_int self + Int8.to_int rhs > Int8.to_int (v_MAX'0 : int8))} + = (Int8.to_int self + Int8.to_int rhs < Int8.to_int (v_MIN'0 : Int8.t) + \/ Int8.to_int self + Int8.to_int rhs > Int8.to_int (v_MAX'0 : Int8.t))} (! return' {result}) ] - let rec wrapping_add'0 (self:int8) (rhs:int8) (return' (ret:int8))= any - [ return' (result:int8)-> {[%#snum7] Int8.to_int result - = EuclideanDivision.mod (Int8.to_int self + Int8.to_int rhs) (Power.power 2 (UInt32.to_int (v_BITS'0 : uint32))) - + Int8.to_int (v_MIN'0 : int8)} - {[%#snum8] Int8.to_int self + Int8.to_int rhs >= Int8.to_int (v_MIN'0 : int8) - /\ Int8.to_int self + Int8.to_int rhs <= Int8.to_int (v_MAX'0 : int8) + let rec wrapping_add'0 (self:Int8.t) (rhs:Int8.t) (return' (ret:Int8.t))= any + [ return' (result:Int8.t)-> {[%#snum7] Int8.to_int result + = EuclideanDivision.mod (Int8.to_int self + + Int8.to_int rhs) (Power.power 2 (UInt32.to_uint (v_BITS'0 : UInt32.t))) + + Int8.to_int (v_MIN'0 : Int8.t)} + {[%#snum8] Int8.to_int self + Int8.to_int rhs >= Int8.to_int (v_MIN'0 : Int8.t) + /\ Int8.to_int self + Int8.to_int rhs <= Int8.to_int (v_MAX'0 : Int8.t) -> Int8.to_int result = Int8.to_int self + Int8.to_int rhs} - {[%#snum9] Int8.to_int self + Int8.to_int rhs < Int8.to_int (v_MIN'0 : int8) + {[%#snum9] Int8.to_int self + Int8.to_int rhs < Int8.to_int (v_MIN'0 : Int8.t) -> (exists k : int . k > 0 /\ Int8.to_int result - = Int8.to_int self + Int8.to_int rhs + k * (Int8.to_int (v_MAX'0 : int8) - Int8.to_int (v_MIN'0 : int8) + 1))} - {[%#snum10] Int8.to_int self + Int8.to_int rhs > Int8.to_int (v_MAX'0 : int8) + = Int8.to_int self + Int8.to_int rhs + k * (Int8.to_int (v_MAX'0 : Int8.t) - Int8.to_int (v_MIN'0 : Int8.t) + 1))} + {[%#snum10] Int8.to_int self + Int8.to_int rhs > Int8.to_int (v_MAX'0 : Int8.t) -> (exists k : int . k > 0 /\ Int8.to_int result - = Int8.to_int self + Int8.to_int rhs - k * (Int8.to_int (v_MAX'0 : int8) - Int8.to_int (v_MIN'0 : int8) + 1))} + = Int8.to_int self + Int8.to_int rhs - k * (Int8.to_int (v_MAX'0 : Int8.t) - Int8.to_int (v_MIN'0 : Int8.t) + 1))} (! return' {result}) ] type t_Option'0 = | C_None'0 - | C_Some'0 int8 + | C_Some'0 Int8.t - let rec checked_add'0 (self:int8) (rhs:int8) (return' (ret:t_Option'0))= any + let rec checked_add'0 (self:Int8.t) (rhs:Int8.t) (return' (ret:t_Option'0))= any [ return' (result:t_Option'0)-> {[%#snum11] (result = C_None'0) - = (Int8.to_int self + Int8.to_int rhs < Int8.to_int (v_MIN'0 : int8) - \/ Int8.to_int self + Int8.to_int rhs > Int8.to_int (v_MAX'0 : int8))} - {[%#snum12] forall r : int8 . result = C_Some'0 r -> Int8.to_int r = Int8.to_int self + Int8.to_int rhs} + = (Int8.to_int self + Int8.to_int rhs < Int8.to_int (v_MIN'0 : Int8.t) + \/ Int8.to_int self + Int8.to_int rhs > Int8.to_int (v_MAX'0 : Int8.t))} + {[%#snum12] forall r : Int8.t . result = C_Some'0 r -> Int8.to_int r = Int8.to_int self + Int8.to_int rhs} (! return' {result}) ] @@ -3289,14 +3323,14 @@ module M_checked_ops__test_i8_overflowing_add [#"checked_ops.rs" 191 0 191 44] meta "compute_max_steps" 1000000 - let rec test_i8_overflowing_add'0 (a:int8) (b:int8) (return' (ret:()))= (! bb0 - [ bb0 = s0 [ s0 = overflowing_add'0 {a} {b} (fun (_ret':(int8, bool)) -> [ &_6 <- _ret' ] s1) | s1 = bb1 ] - | bb1 = s0 [ s0 = wrapping_add'0 {a} {b} (fun (_ret':int8) -> [ &_9 <- _ret' ] s1) | s1 = bb2 ] + let rec test_i8_overflowing_add'0 (a:Int8.t) (b:Int8.t) (return' (ret:()))= (! bb0 + [ bb0 = s0 [ s0 = overflowing_add'0 {a} {b} (fun (_ret':(Int8.t, bool)) -> [ &_6 <- _ret' ] s1) | s1 = bb1 ] + | bb1 = s0 [ s0 = wrapping_add'0 {a} {b} (fun (_ret':Int8.t) -> [ &_9 <- _ret' ] s1) | s1 = bb2 ] | bb2 = s0 [ s0 = Int8.eq {let (r'0, _) = _6 in r'0} {_9} (fun (_ret':bool) -> [ &_4 <- _ret' ] s1) | s1 = any [ br0 -> {_4 = false} (! bb4) | br1 -> {_4} (! bb3) ] ] - | bb3 = s0 [ s0 = overflowing_add'0 {a} {b} (fun (_ret':(int8, bool)) -> [ &_16 <- _ret' ] s1) | s1 = bb5 ] + | bb3 = s0 [ s0 = overflowing_add'0 {a} {b} (fun (_ret':(Int8.t, bool)) -> [ &_16 <- _ret' ] s1) | s1 = bb5 ] | bb5 = s0 [ s0 = checked_add'0 {a} {b} (fun (_ret':t_Option'0) -> [ &_21 <- _ret' ] s1) | s1 = bb6 ] | bb6 = s0 [ s0 = is_none'0 {_21} (fun (_ret':bool) -> [ &_19 <- _ret' ] s1) | s1 = bb7 ] | bb7 = s0 @@ -3308,13 +3342,13 @@ module M_checked_ops__test_i8_overflowing_add [#"checked_ops.rs" 191 0 191 44] | bb4 = {[%#schecked_ops1] false} any ] ) [ & _0 : () = any_l () - | & a : int8 = a - | & b : int8 = b + | & a : Int8.t = a + | & b : Int8.t = b | & _4 : bool = any_l () - | & _6 : (int8, bool) = any_l () - | & _9 : int8 = any_l () + | & _6 : (Int8.t, bool) = any_l () + | & _9 : Int8.t = any_l () | & _14 : bool = any_l () - | & _16 : (int8, bool) = any_l () + | & _16 : (Int8.t, bool) = any_l () | & _19 : bool = any_l () | & _21 : t_Option'0 = any_l () ] [ return' (result:())-> (! return' {result}) ] @@ -3370,42 +3404,42 @@ module M_checked_ops__test_i8_sub_example [#"checked_ops.rs" 197 0 197 28] let%span schecked_ops47 = "checked_ops.rs" 200 4 200 47 let%span schecked_ops48 = "checked_ops.rs" 199 4 199 50 let%span schecked_ops49 = "checked_ops.rs" 198 4 198 47 - let%span snum50 = "../../../creusot-contracts/src/std/num.rs" 128 20 129 89 - let%span snum51 = "../../../creusot-contracts/src/std/num.rs" 132 26 132 87 + let%span snum50 = "../../../creusot-contracts/src/std/num.rs" 171 20 172 89 + let%span snum51 = "../../../creusot-contracts/src/std/num.rs" 175 26 175 87 let%span soption52 = "../../../creusot-contracts/src/std/option.rs" 31 0 423 1 let%span soption53 = "../../../creusot-contracts/src/std/option.rs" 51 26 51 51 - let%span snum54 = "../../../creusot-contracts/src/std/num.rs" 140 20 140 93 - let%span snum55 = "../../../creusot-contracts/src/std/num.rs" 144 20 145 51 - let%span snum56 = "../../../creusot-contracts/src/std/num.rs" 151 20 153 92 - let%span snum57 = "../../../creusot-contracts/src/std/num.rs" 156 20 158 92 - let%span snum58 = "../../../creusot-contracts/src/std/num.rs" 168 20 169 51 - let%span snum59 = "../../../creusot-contracts/src/std/num.rs" 172 26 172 83 - let%span snum60 = "../../../creusot-contracts/src/std/num.rs" 173 26 173 83 - let%span snum61 = "../../../creusot-contracts/src/std/num.rs" 182 20 182 95 - let%span snum62 = "../../../creusot-contracts/src/std/num.rs" 186 20 187 53 - let%span snum63 = "../../../creusot-contracts/src/std/num.rs" 193 20 195 94 - let%span snum64 = "../../../creusot-contracts/src/std/num.rs" 198 20 200 94 - let%span snum65 = "../../../creusot-contracts/src/std/num.rs" 204 20 204 98 + let%span snum54 = "../../../creusot-contracts/src/std/num.rs" 183 20 183 93 + let%span snum55 = "../../../creusot-contracts/src/std/num.rs" 187 20 188 51 + let%span snum56 = "../../../creusot-contracts/src/std/num.rs" 194 20 196 92 + let%span snum57 = "../../../creusot-contracts/src/std/num.rs" 199 20 201 92 + let%span snum58 = "../../../creusot-contracts/src/std/num.rs" 211 20 212 51 + let%span snum59 = "../../../creusot-contracts/src/std/num.rs" 215 26 215 83 + let%span snum60 = "../../../creusot-contracts/src/std/num.rs" 216 26 216 83 + let%span snum61 = "../../../creusot-contracts/src/std/num.rs" 225 20 225 95 + let%span snum62 = "../../../creusot-contracts/src/std/num.rs" 229 20 230 53 + let%span snum63 = "../../../creusot-contracts/src/std/num.rs" 236 20 238 94 + let%span snum64 = "../../../creusot-contracts/src/std/num.rs" 241 20 243 94 + let%span snum65 = "../../../creusot-contracts/src/std/num.rs" 247 20 247 98 + + use prelude.prelude.Int use prelude.prelude.Int8 type t_Option'0 = | C_None'0 - | C_Some'0 int8 + | C_Some'0 Int8.t use prelude.prelude.Int8 - use prelude.prelude.Int - - constant v_MIN'0 : int8 = (-128 : int8) + constant v_MIN'0 : Int8.t = (-128 : Int8.t) - constant v_MAX'0 : int8 = (127 : int8) + constant v_MAX'0 : Int8.t = (127 : Int8.t) - let rec checked_sub'0 (self:int8) (rhs:int8) (return' (ret:t_Option'0))= any + let rec checked_sub'0 (self:Int8.t) (rhs:Int8.t) (return' (ret:t_Option'0))= any [ return' (result:t_Option'0)-> {[%#snum50] (result = C_None'0) - = (Int8.to_int self - Int8.to_int rhs < Int8.to_int (v_MIN'0 : int8) - \/ Int8.to_int self - Int8.to_int rhs > Int8.to_int (v_MAX'0 : int8))} - {[%#snum51] forall r : int8 . result = C_Some'0 r -> Int8.to_int r = Int8.to_int self - Int8.to_int rhs} + = (Int8.to_int self - Int8.to_int rhs < Int8.to_int (v_MIN'0 : Int8.t) + \/ Int8.to_int self - Int8.to_int rhs > Int8.to_int (v_MAX'0 : Int8.t))} + {[%#snum51] forall r : Int8.t . result = C_Some'0 r -> Int8.to_int r = Int8.to_int self - Int8.to_int rhs} (! return' {result}) ] @@ -3413,13 +3447,13 @@ module M_checked_ops__test_i8_sub_example [#"checked_ops.rs" 197 0 197 28] axiom inv_axiom'0 [@rewrite] : forall x : t_Option'0 [inv'0 x] . inv'0 x = true - predicate inv'1 (_1 : int8) + predicate inv'1 (_1 : Int8.t) - axiom inv_axiom'1 [@rewrite] : forall x : int8 [inv'1 x] . inv'1 x = true + axiom inv_axiom'1 [@rewrite] : forall x : Int8.t [inv'1 x] . inv'1 x = true - let rec unwrap'0 (self:t_Option'0) (return' (ret:int8))= {[@expl:unwrap 'self' type invariant] inv'0 self} + let rec unwrap'0 (self:t_Option'0) (return' (ret:Int8.t))= {[@expl:unwrap 'self' type invariant] inv'0 self} {[@expl:unwrap requires] [%#soption52] self <> C_None'0} - any [ return' (result:int8)-> {inv'1 result} {[%#soption52] C_Some'0 result = self} (! return' {result}) ] + any [ return' (result:Int8.t)-> {inv'1 result} {[%#soption52] C_Some'0 result = self} (! return' {result}) ] use prelude.prelude.Borrow @@ -3432,7 +3466,7 @@ module M_checked_ops__test_i8_sub_example [#"checked_ops.rs" 197 0 197 28] use prelude.prelude.UInt32 - constant v_BITS'0 : uint32 = (8 : uint32) + constant v_BITS'0 : UInt32.t = (8 : UInt32.t) use prelude.prelude.UInt32 @@ -3440,53 +3474,55 @@ module M_checked_ops__test_i8_sub_example [#"checked_ops.rs" 197 0 197 28] use int.EuclideanDivision - let rec wrapping_sub'0 (self:int8) (rhs:int8) (return' (ret:int8))= any - [ return' (result:int8)-> {[%#snum54] Int8.to_int result - = EuclideanDivision.mod (Int8.to_int self - Int8.to_int rhs) (Power.power 2 (UInt32.to_int (v_BITS'0 : uint32))) - + Int8.to_int (v_MIN'0 : int8)} - {[%#snum55] Int8.to_int self - Int8.to_int rhs >= Int8.to_int (v_MIN'0 : int8) - /\ Int8.to_int self - Int8.to_int rhs <= Int8.to_int (v_MAX'0 : int8) + let rec wrapping_sub'0 (self:Int8.t) (rhs:Int8.t) (return' (ret:Int8.t))= any + [ return' (result:Int8.t)-> {[%#snum54] Int8.to_int result + = EuclideanDivision.mod (Int8.to_int self + - Int8.to_int rhs) (Power.power 2 (UInt32.to_uint (v_BITS'0 : UInt32.t))) + + Int8.to_int (v_MIN'0 : Int8.t)} + {[%#snum55] Int8.to_int self - Int8.to_int rhs >= Int8.to_int (v_MIN'0 : Int8.t) + /\ Int8.to_int self - Int8.to_int rhs <= Int8.to_int (v_MAX'0 : Int8.t) -> Int8.to_int result = Int8.to_int self - Int8.to_int rhs} - {[%#snum56] Int8.to_int self - Int8.to_int rhs < Int8.to_int (v_MIN'0 : int8) + {[%#snum56] Int8.to_int self - Int8.to_int rhs < Int8.to_int (v_MIN'0 : Int8.t) -> (exists k : int . k > 0 /\ Int8.to_int result - = Int8.to_int self - Int8.to_int rhs + k * (Int8.to_int (v_MAX'0 : int8) - Int8.to_int (v_MIN'0 : int8) + 1))} - {[%#snum57] Int8.to_int self - Int8.to_int rhs > Int8.to_int (v_MAX'0 : int8) + = Int8.to_int self - Int8.to_int rhs + k * (Int8.to_int (v_MAX'0 : Int8.t) - Int8.to_int (v_MIN'0 : Int8.t) + 1))} + {[%#snum57] Int8.to_int self - Int8.to_int rhs > Int8.to_int (v_MAX'0 : Int8.t) -> (exists k : int . k > 0 /\ Int8.to_int result - = Int8.to_int self - Int8.to_int rhs - k * (Int8.to_int (v_MAX'0 : int8) - Int8.to_int (v_MIN'0 : int8) + 1))} + = Int8.to_int self - Int8.to_int rhs - k * (Int8.to_int (v_MAX'0 : Int8.t) - Int8.to_int (v_MIN'0 : Int8.t) + 1))} (! return' {result}) ] - let rec saturating_sub'0 (self:int8) (rhs:int8) (return' (ret:int8))= any - [ return' (result:int8)-> {[%#snum58] Int8.to_int self - Int8.to_int rhs >= Int8.to_int (v_MIN'0 : int8) - /\ Int8.to_int self - Int8.to_int rhs <= Int8.to_int (v_MAX'0 : int8) + let rec saturating_sub'0 (self:Int8.t) (rhs:Int8.t) (return' (ret:Int8.t))= any + [ return' (result:Int8.t)-> {[%#snum58] Int8.to_int self - Int8.to_int rhs >= Int8.to_int (v_MIN'0 : Int8.t) + /\ Int8.to_int self - Int8.to_int rhs <= Int8.to_int (v_MAX'0 : Int8.t) -> Int8.to_int result = Int8.to_int self - Int8.to_int rhs} - {[%#snum59] Int8.to_int self - Int8.to_int rhs < Int8.to_int (v_MIN'0 : int8) - -> Int8.to_int result = Int8.to_int (v_MIN'0 : int8)} - {[%#snum60] Int8.to_int self - Int8.to_int rhs > Int8.to_int (v_MAX'0 : int8) - -> Int8.to_int result = Int8.to_int (v_MAX'0 : int8)} + {[%#snum59] Int8.to_int self - Int8.to_int rhs < Int8.to_int (v_MIN'0 : Int8.t) + -> Int8.to_int result = Int8.to_int (v_MIN'0 : Int8.t)} + {[%#snum60] Int8.to_int self - Int8.to_int rhs > Int8.to_int (v_MAX'0 : Int8.t) + -> Int8.to_int result = Int8.to_int (v_MAX'0 : Int8.t)} (! return' {result}) ] - let rec overflowing_sub'0 (self:int8) (rhs:int8) (return' (ret:(int8, bool)))= any - [ return' (result:(int8, bool))-> {[%#snum61] Int8.to_int (let (a, _) = result in a) - = EuclideanDivision.mod (Int8.to_int self - Int8.to_int rhs) (Power.power 2 (UInt32.to_int (v_BITS'0 : uint32))) - + Int8.to_int (v_MIN'0 : int8)} - {[%#snum62] Int8.to_int self - Int8.to_int rhs >= Int8.to_int (v_MIN'0 : int8) - /\ Int8.to_int self - Int8.to_int rhs <= Int8.to_int (v_MAX'0 : int8) + let rec overflowing_sub'0 (self:Int8.t) (rhs:Int8.t) (return' (ret:(Int8.t, bool)))= any + [ return' (result:(Int8.t, bool))-> {[%#snum61] Int8.to_int (let (a, _) = result in a) + = EuclideanDivision.mod (Int8.to_int self + - Int8.to_int rhs) (Power.power 2 (UInt32.to_uint (v_BITS'0 : UInt32.t))) + + Int8.to_int (v_MIN'0 : Int8.t)} + {[%#snum62] Int8.to_int self - Int8.to_int rhs >= Int8.to_int (v_MIN'0 : Int8.t) + /\ Int8.to_int self - Int8.to_int rhs <= Int8.to_int (v_MAX'0 : Int8.t) -> Int8.to_int (let (a, _) = result in a) = Int8.to_int self - Int8.to_int rhs} - {[%#snum63] Int8.to_int self - Int8.to_int rhs < Int8.to_int (v_MIN'0 : int8) + {[%#snum63] Int8.to_int self - Int8.to_int rhs < Int8.to_int (v_MIN'0 : Int8.t) -> (exists k : int . k > 0 /\ Int8.to_int (let (a, _) = result in a) - = Int8.to_int self - Int8.to_int rhs + k * (Int8.to_int (v_MAX'0 : int8) - Int8.to_int (v_MIN'0 : int8) + 1))} - {[%#snum64] Int8.to_int self - Int8.to_int rhs > Int8.to_int (v_MAX'0 : int8) + = Int8.to_int self - Int8.to_int rhs + k * (Int8.to_int (v_MAX'0 : Int8.t) - Int8.to_int (v_MIN'0 : Int8.t) + 1))} + {[%#snum64] Int8.to_int self - Int8.to_int rhs > Int8.to_int (v_MAX'0 : Int8.t) -> (exists k : int . k > 0 /\ Int8.to_int (let (a, _) = result in a) - = Int8.to_int self - Int8.to_int rhs - k * (Int8.to_int (v_MAX'0 : int8) - Int8.to_int (v_MIN'0 : int8) + 1))} + = Int8.to_int self - Int8.to_int rhs - k * (Int8.to_int (v_MAX'0 : Int8.t) - Int8.to_int (v_MIN'0 : Int8.t) + 1))} {[%#snum65] (let (_, a) = result in a) - = (Int8.to_int self - Int8.to_int rhs < Int8.to_int (v_MIN'0 : int8) - \/ Int8.to_int self - Int8.to_int rhs > Int8.to_int (v_MAX'0 : int8))} + = (Int8.to_int self - Int8.to_int rhs < Int8.to_int (v_MIN'0 : Int8.t) + \/ Int8.to_int self - Int8.to_int rhs > Int8.to_int (v_MAX'0 : Int8.t))} (! return' {result}) ] @@ -3498,93 +3534,93 @@ module M_checked_ops__test_i8_sub_example [#"checked_ops.rs" 197 0 197 28] let rec test_i8_sub_example'0 (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 - [ s0 = checked_sub'0 {[%#schecked_ops0] (5 : int8)} {[%#schecked_ops1] (10 : int8)} + [ s0 = checked_sub'0 {[%#schecked_ops0] (5 : Int8.t)} {[%#schecked_ops1] (10 : Int8.t)} (fun (_ret':t_Option'0) -> [ &_4 <- _ret' ] s1) | s1 = bb1 ] - | bb1 = s0 [ s0 = unwrap'0 {_4} (fun (_ret':int8) -> [ &_3 <- _ret' ] s1) | s1 = bb2 ] + | bb1 = s0 [ s0 = unwrap'0 {_4} (fun (_ret':Int8.t) -> [ &_3 <- _ret' ] s1) | s1 = bb2 ] | bb2 = s0 - [ s0 = Int8.eq {_3} {[%#schecked_ops2] (-5 : int8)} (fun (_ret':bool) -> [ &_2 <- _ret' ] s1) + [ s0 = Int8.eq {_3} {[%#schecked_ops2] (-5 : Int8.t)} (fun (_ret':bool) -> [ &_2 <- _ret' ] s1) | s1 = any [ br0 -> {_2 = false} (! bb4) | br1 -> {_2} (! bb3) ] ] | bb3 = s0 - [ s0 = checked_sub'0 {[%#schecked_ops3] (120 : int8)} {[%#schecked_ops4] (10 : int8)} + [ s0 = checked_sub'0 {[%#schecked_ops3] (120 : Int8.t)} {[%#schecked_ops4] (10 : Int8.t)} (fun (_ret':t_Option'0) -> [ &_9 <- _ret' ] s1) | s1 = bb5 ] - | bb5 = s0 [ s0 = unwrap'0 {_9} (fun (_ret':int8) -> [ &_8 <- _ret' ] s1) | s1 = bb6 ] + | bb5 = s0 [ s0 = unwrap'0 {_9} (fun (_ret':Int8.t) -> [ &_8 <- _ret' ] s1) | s1 = bb6 ] | bb6 = s0 - [ s0 = Int8.eq {_8} {[%#schecked_ops5] (110 : int8)} (fun (_ret':bool) -> [ &_7 <- _ret' ] s1) + [ s0 = Int8.eq {_8} {[%#schecked_ops5] (110 : Int8.t)} (fun (_ret':bool) -> [ &_7 <- _ret' ] s1) | s1 = any [ br0 -> {_7 = false} (! bb8) | br1 -> {_7} (! bb7) ] ] | bb7 = s0 - [ s0 = checked_sub'0 {[%#schecked_ops6] (-120 : int8)} {[%#schecked_ops7] (10 : int8)} + [ s0 = checked_sub'0 {[%#schecked_ops6] (-120 : Int8.t)} {[%#schecked_ops7] (10 : Int8.t)} (fun (_ret':t_Option'0) -> [ &_14 <- _ret' ] s1) | s1 = bb9 ] | bb9 = s0 [ s0 = is_none'0 {_14} (fun (_ret':bool) -> [ &_12 <- _ret' ] s1) | s1 = bb10 ] | bb10 = any [ br0 -> {_12 = false} (! bb12) | br1 -> {_12} (! bb11) ] | bb11 = s0 - [ s0 = wrapping_sub'0 {[%#schecked_ops8] (5 : int8)} {[%#schecked_ops9] (10 : int8)} - (fun (_ret':int8) -> [ &_18 <- _ret' ] s1) + [ s0 = wrapping_sub'0 {[%#schecked_ops8] (5 : Int8.t)} {[%#schecked_ops9] (10 : Int8.t)} + (fun (_ret':Int8.t) -> [ &_18 <- _ret' ] s1) | s1 = bb13 ] | bb13 = s0 - [ s0 = Int8.eq {_18} {[%#schecked_ops10] (-5 : int8)} (fun (_ret':bool) -> [ &_17 <- _ret' ] s1) + [ s0 = Int8.eq {_18} {[%#schecked_ops10] (-5 : Int8.t)} (fun (_ret':bool) -> [ &_17 <- _ret' ] s1) | s1 = any [ br0 -> {_17 = false} (! bb15) | br1 -> {_17} (! bb14) ] ] | bb14 = s0 - [ s0 = wrapping_sub'0 {[%#schecked_ops11] (120 : int8)} {[%#schecked_ops12] (10 : int8)} - (fun (_ret':int8) -> [ &_22 <- _ret' ] s1) + [ s0 = wrapping_sub'0 {[%#schecked_ops11] (120 : Int8.t)} {[%#schecked_ops12] (10 : Int8.t)} + (fun (_ret':Int8.t) -> [ &_22 <- _ret' ] s1) | s1 = bb16 ] | bb16 = s0 - [ s0 = Int8.eq {_22} {[%#schecked_ops13] (110 : int8)} (fun (_ret':bool) -> [ &_21 <- _ret' ] s1) + [ s0 = Int8.eq {_22} {[%#schecked_ops13] (110 : Int8.t)} (fun (_ret':bool) -> [ &_21 <- _ret' ] s1) | s1 = any [ br0 -> {_21 = false} (! bb18) | br1 -> {_21} (! bb17) ] ] | bb17 = s0 - [ s0 = wrapping_sub'0 {[%#schecked_ops14] (-120 : int8)} {[%#schecked_ops15] (10 : int8)} - (fun (_ret':int8) -> [ &_26 <- _ret' ] s1) + [ s0 = wrapping_sub'0 {[%#schecked_ops14] (-120 : Int8.t)} {[%#schecked_ops15] (10 : Int8.t)} + (fun (_ret':Int8.t) -> [ &_26 <- _ret' ] s1) | s1 = bb19 ] | bb19 = s0 - [ s0 = Int8.eq {_26} {[%#schecked_ops16] (126 : int8)} (fun (_ret':bool) -> [ &_25 <- _ret' ] s1) + [ s0 = Int8.eq {_26} {[%#schecked_ops16] (126 : Int8.t)} (fun (_ret':bool) -> [ &_25 <- _ret' ] s1) | s1 = any [ br0 -> {_25 = false} (! bb21) | br1 -> {_25} (! bb20) ] ] | bb20 = s0 - [ s0 = saturating_sub'0 {[%#schecked_ops17] (5 : int8)} {[%#schecked_ops18] (10 : int8)} - (fun (_ret':int8) -> [ &_30 <- _ret' ] s1) + [ s0 = saturating_sub'0 {[%#schecked_ops17] (5 : Int8.t)} {[%#schecked_ops18] (10 : Int8.t)} + (fun (_ret':Int8.t) -> [ &_30 <- _ret' ] s1) | s1 = bb22 ] | bb22 = s0 - [ s0 = Int8.eq {_30} {[%#schecked_ops19] (-5 : int8)} (fun (_ret':bool) -> [ &_29 <- _ret' ] s1) + [ s0 = Int8.eq {_30} {[%#schecked_ops19] (-5 : Int8.t)} (fun (_ret':bool) -> [ &_29 <- _ret' ] s1) | s1 = any [ br0 -> {_29 = false} (! bb24) | br1 -> {_29} (! bb23) ] ] | bb23 = s0 - [ s0 = saturating_sub'0 {[%#schecked_ops20] (120 : int8)} {[%#schecked_ops21] (10 : int8)} - (fun (_ret':int8) -> [ &_34 <- _ret' ] s1) + [ s0 = saturating_sub'0 {[%#schecked_ops20] (120 : Int8.t)} {[%#schecked_ops21] (10 : Int8.t)} + (fun (_ret':Int8.t) -> [ &_34 <- _ret' ] s1) | s1 = bb25 ] | bb25 = s0 - [ s0 = Int8.eq {_34} {[%#schecked_ops22] (110 : int8)} (fun (_ret':bool) -> [ &_33 <- _ret' ] s1) + [ s0 = Int8.eq {_34} {[%#schecked_ops22] (110 : Int8.t)} (fun (_ret':bool) -> [ &_33 <- _ret' ] s1) | s1 = any [ br0 -> {_33 = false} (! bb27) | br1 -> {_33} (! bb26) ] ] | bb26 = s0 - [ s0 = saturating_sub'0 {[%#schecked_ops23] (-120 : int8)} {[%#schecked_ops24] (10 : int8)} - (fun (_ret':int8) -> [ &_38 <- _ret' ] s1) + [ s0 = saturating_sub'0 {[%#schecked_ops23] (-120 : Int8.t)} {[%#schecked_ops24] (10 : Int8.t)} + (fun (_ret':Int8.t) -> [ &_38 <- _ret' ] s1) | s1 = bb28 ] | bb28 = s0 - [ s0 = Int8.eq {_38} {[%#schecked_ops25] (-128 : int8)} (fun (_ret':bool) -> [ &_37 <- _ret' ] s1) + [ s0 = Int8.eq {_38} {[%#schecked_ops25] (-128 : Int8.t)} (fun (_ret':bool) -> [ &_37 <- _ret' ] s1) | s1 = any [ br0 -> {_37 = false} (! bb30) | br1 -> {_37} (! bb29) ] ] | bb29 = s0 - [ s0 = overflowing_sub'0 {[%#schecked_ops26] (5 : int8)} {[%#schecked_ops27] (10 : int8)} - (fun (_ret':(int8, bool)) -> [ &res <- _ret' ] s1) + [ s0 = overflowing_sub'0 {[%#schecked_ops26] (5 : Int8.t)} {[%#schecked_ops27] (10 : Int8.t)} + (fun (_ret':(Int8.t, bool)) -> [ &res <- _ret' ] s1) | s1 = bb31 ] | bb31 = s0 - [ s0 = Int8.eq {let (r'0, _) = res in r'0} {[%#schecked_ops28] (-5 : int8)} + [ s0 = Int8.eq {let (r'0, _) = res in r'0} {[%#schecked_ops28] (-5 : Int8.t)} (fun (_ret':bool) -> [ &_42 <- _ret' ] s1) | s1 = any [ br0 -> {_42 = false} (! bb35) | br1 -> {_42} (! bb32) ] ] @@ -3593,12 +3629,12 @@ module M_checked_ops__test_i8_sub_example [#"checked_ops.rs" 197 0 197 28] | s1 = any [ br0 -> {_44 = false} (! bb34) | br1 -> {_44} (! bb33) ] ] | bb33 = s0 - [ s0 = overflowing_sub'0 {[%#schecked_ops30] (120 : int8)} {[%#schecked_ops31] (10 : int8)} - (fun (_ret':(int8, bool)) -> [ &res1 <- _ret' ] s1) + [ s0 = overflowing_sub'0 {[%#schecked_ops30] (120 : Int8.t)} {[%#schecked_ops31] (10 : Int8.t)} + (fun (_ret':(Int8.t, bool)) -> [ &res1 <- _ret' ] s1) | s1 = bb37 ] | bb37 = s0 - [ s0 = Int8.eq {let (r'0, _) = res1 in r'0} {[%#schecked_ops32] (110 : int8)} + [ s0 = Int8.eq {let (r'0, _) = res1 in r'0} {[%#schecked_ops32] (110 : Int8.t)} (fun (_ret':bool) -> [ &_49 <- _ret' ] s1) | s1 = any [ br0 -> {_49 = false} (! bb41) | br1 -> {_49} (! bb38) ] ] @@ -3607,12 +3643,12 @@ module M_checked_ops__test_i8_sub_example [#"checked_ops.rs" 197 0 197 28] | s1 = any [ br0 -> {_51 = false} (! bb40) | br1 -> {_51} (! bb39) ] ] | bb39 = s0 - [ s0 = overflowing_sub'0 {[%#schecked_ops34] (-120 : int8)} {[%#schecked_ops35] (10 : int8)} - (fun (_ret':(int8, bool)) -> [ &res2 <- _ret' ] s1) + [ s0 = overflowing_sub'0 {[%#schecked_ops34] (-120 : Int8.t)} {[%#schecked_ops35] (10 : Int8.t)} + (fun (_ret':(Int8.t, bool)) -> [ &res2 <- _ret' ] s1) | s1 = bb43 ] | bb43 = s0 - [ s0 = Int8.eq {let (r'0, _) = res2 in r'0} {[%#schecked_ops36] (126 : int8)} + [ s0 = Int8.eq {let (r'0, _) = res2 in r'0} {[%#schecked_ops36] (126 : Int8.t)} (fun (_ret':bool) -> [ &_56 <- _ret' ] s1) | s1 = any [ br0 -> {_56 = false} (! bb47) | br1 -> {_56} (! bb44) ] ] @@ -3642,32 +3678,32 @@ module M_checked_ops__test_i8_sub_example [#"checked_ops.rs" 197 0 197 28] ) [ & _0 : () = any_l () | & _2 : bool = any_l () - | & _3 : int8 = any_l () + | & _3 : Int8.t = any_l () | & _4 : t_Option'0 = any_l () | & _7 : bool = any_l () - | & _8 : int8 = any_l () + | & _8 : Int8.t = any_l () | & _9 : t_Option'0 = any_l () | & _12 : bool = any_l () | & _14 : t_Option'0 = any_l () | & _17 : bool = any_l () - | & _18 : int8 = any_l () + | & _18 : Int8.t = any_l () | & _21 : bool = any_l () - | & _22 : int8 = any_l () + | & _22 : Int8.t = any_l () | & _25 : bool = any_l () - | & _26 : int8 = any_l () + | & _26 : Int8.t = any_l () | & _29 : bool = any_l () - | & _30 : int8 = any_l () + | & _30 : Int8.t = any_l () | & _33 : bool = any_l () - | & _34 : int8 = any_l () + | & _34 : Int8.t = any_l () | & _37 : bool = any_l () - | & _38 : int8 = any_l () - | & res : (int8, bool) = any_l () + | & _38 : Int8.t = any_l () + | & res : (Int8.t, bool) = any_l () | & _42 : bool = any_l () | & _44 : bool = any_l () - | & res1 : (int8, bool) = any_l () + | & res1 : (Int8.t, bool) = any_l () | & _49 : bool = any_l () | & _51 : bool = any_l () - | & res2 : (int8, bool) = any_l () + | & res2 : (Int8.t, bool) = any_l () | & _56 : bool = any_l () | & _58 : bool = any_l () ] [ return' (result:())-> (! return' {result}) ] @@ -3688,41 +3724,41 @@ module M_checked_ops__test_i8_sub_overflow_pos [#"checked_ops.rs" 220 0 220 38] let%span schecked_ops12 = "checked_ops.rs" 222 4 222 52 let%span schecked_ops13 = "checked_ops.rs" 221 4 221 46 let%span schecked_ops14 = "checked_ops.rs" 219 11 219 17 - let%span snum15 = "../../../creusot-contracts/src/std/num.rs" 128 20 129 89 - let%span snum16 = "../../../creusot-contracts/src/std/num.rs" 132 26 132 87 + let%span snum15 = "../../../creusot-contracts/src/std/num.rs" 171 20 172 89 + let%span snum16 = "../../../creusot-contracts/src/std/num.rs" 175 26 175 87 let%span soption17 = "../../../creusot-contracts/src/std/option.rs" 51 26 51 51 - let%span snum18 = "../../../creusot-contracts/src/std/num.rs" 140 20 140 93 - let%span snum19 = "../../../creusot-contracts/src/std/num.rs" 144 20 145 51 - let%span snum20 = "../../../creusot-contracts/src/std/num.rs" 151 20 153 92 - let%span snum21 = "../../../creusot-contracts/src/std/num.rs" 156 20 158 92 - let%span snum22 = "../../../creusot-contracts/src/std/num.rs" 168 20 169 51 - let%span snum23 = "../../../creusot-contracts/src/std/num.rs" 172 26 172 83 - let%span snum24 = "../../../creusot-contracts/src/std/num.rs" 173 26 173 83 - let%span snum25 = "../../../creusot-contracts/src/std/num.rs" 182 20 182 95 - let%span snum26 = "../../../creusot-contracts/src/std/num.rs" 186 20 187 53 - let%span snum27 = "../../../creusot-contracts/src/std/num.rs" 193 20 195 94 - let%span snum28 = "../../../creusot-contracts/src/std/num.rs" 198 20 200 94 - let%span snum29 = "../../../creusot-contracts/src/std/num.rs" 204 20 204 98 + let%span snum18 = "../../../creusot-contracts/src/std/num.rs" 183 20 183 93 + let%span snum19 = "../../../creusot-contracts/src/std/num.rs" 187 20 188 51 + let%span snum20 = "../../../creusot-contracts/src/std/num.rs" 194 20 196 92 + let%span snum21 = "../../../creusot-contracts/src/std/num.rs" 199 20 201 92 + let%span snum22 = "../../../creusot-contracts/src/std/num.rs" 211 20 212 51 + let%span snum23 = "../../../creusot-contracts/src/std/num.rs" 215 26 215 83 + let%span snum24 = "../../../creusot-contracts/src/std/num.rs" 216 26 216 83 + let%span snum25 = "../../../creusot-contracts/src/std/num.rs" 225 20 225 95 + let%span snum26 = "../../../creusot-contracts/src/std/num.rs" 229 20 230 53 + let%span snum27 = "../../../creusot-contracts/src/std/num.rs" 236 20 238 94 + let%span snum28 = "../../../creusot-contracts/src/std/num.rs" 241 20 243 94 + let%span snum29 = "../../../creusot-contracts/src/std/num.rs" 247 20 247 98 + + use prelude.prelude.Int use prelude.prelude.Int8 type t_Option'0 = | C_None'0 - | C_Some'0 int8 + | C_Some'0 Int8.t use prelude.prelude.Int8 - use prelude.prelude.Int - - constant v_MIN'0 : int8 = (-128 : int8) + constant v_MIN'0 : Int8.t = (-128 : Int8.t) - constant v_MAX'0 : int8 = (127 : int8) + constant v_MAX'0 : Int8.t = (127 : Int8.t) - let rec checked_sub'0 (self:int8) (rhs:int8) (return' (ret:t_Option'0))= any + let rec checked_sub'0 (self:Int8.t) (rhs:Int8.t) (return' (ret:t_Option'0))= any [ return' (result:t_Option'0)-> {[%#snum15] (result = C_None'0) - = (Int8.to_int self - Int8.to_int rhs < Int8.to_int (v_MIN'0 : int8) - \/ Int8.to_int self - Int8.to_int rhs > Int8.to_int (v_MAX'0 : int8))} - {[%#snum16] forall r : int8 . result = C_Some'0 r -> Int8.to_int r = Int8.to_int self - Int8.to_int rhs} + = (Int8.to_int self - Int8.to_int rhs < Int8.to_int (v_MIN'0 : Int8.t) + \/ Int8.to_int self - Int8.to_int rhs > Int8.to_int (v_MAX'0 : Int8.t))} + {[%#snum16] forall r : Int8.t . result = C_Some'0 r -> Int8.to_int r = Int8.to_int self - Int8.to_int rhs} (! return' {result}) ] @@ -3737,7 +3773,7 @@ module M_checked_ops__test_i8_sub_overflow_pos [#"checked_ops.rs" 220 0 220 38] use prelude.prelude.UInt32 - constant v_BITS'0 : uint32 = (8 : uint32) + constant v_BITS'0 : UInt32.t = (8 : UInt32.t) use prelude.prelude.UInt32 @@ -3745,53 +3781,55 @@ module M_checked_ops__test_i8_sub_overflow_pos [#"checked_ops.rs" 220 0 220 38] use int.EuclideanDivision - let rec wrapping_sub'0 (self:int8) (rhs:int8) (return' (ret:int8))= any - [ return' (result:int8)-> {[%#snum18] Int8.to_int result - = EuclideanDivision.mod (Int8.to_int self - Int8.to_int rhs) (Power.power 2 (UInt32.to_int (v_BITS'0 : uint32))) - + Int8.to_int (v_MIN'0 : int8)} - {[%#snum19] Int8.to_int self - Int8.to_int rhs >= Int8.to_int (v_MIN'0 : int8) - /\ Int8.to_int self - Int8.to_int rhs <= Int8.to_int (v_MAX'0 : int8) + let rec wrapping_sub'0 (self:Int8.t) (rhs:Int8.t) (return' (ret:Int8.t))= any + [ return' (result:Int8.t)-> {[%#snum18] Int8.to_int result + = EuclideanDivision.mod (Int8.to_int self + - Int8.to_int rhs) (Power.power 2 (UInt32.to_uint (v_BITS'0 : UInt32.t))) + + Int8.to_int (v_MIN'0 : Int8.t)} + {[%#snum19] Int8.to_int self - Int8.to_int rhs >= Int8.to_int (v_MIN'0 : Int8.t) + /\ Int8.to_int self - Int8.to_int rhs <= Int8.to_int (v_MAX'0 : Int8.t) -> Int8.to_int result = Int8.to_int self - Int8.to_int rhs} - {[%#snum20] Int8.to_int self - Int8.to_int rhs < Int8.to_int (v_MIN'0 : int8) + {[%#snum20] Int8.to_int self - Int8.to_int rhs < Int8.to_int (v_MIN'0 : Int8.t) -> (exists k : int . k > 0 /\ Int8.to_int result - = Int8.to_int self - Int8.to_int rhs + k * (Int8.to_int (v_MAX'0 : int8) - Int8.to_int (v_MIN'0 : int8) + 1))} - {[%#snum21] Int8.to_int self - Int8.to_int rhs > Int8.to_int (v_MAX'0 : int8) + = Int8.to_int self - Int8.to_int rhs + k * (Int8.to_int (v_MAX'0 : Int8.t) - Int8.to_int (v_MIN'0 : Int8.t) + 1))} + {[%#snum21] Int8.to_int self - Int8.to_int rhs > Int8.to_int (v_MAX'0 : Int8.t) -> (exists k : int . k > 0 /\ Int8.to_int result - = Int8.to_int self - Int8.to_int rhs - k * (Int8.to_int (v_MAX'0 : int8) - Int8.to_int (v_MIN'0 : int8) + 1))} + = Int8.to_int self - Int8.to_int rhs - k * (Int8.to_int (v_MAX'0 : Int8.t) - Int8.to_int (v_MIN'0 : Int8.t) + 1))} (! return' {result}) ] - let rec saturating_sub'0 (self:int8) (rhs:int8) (return' (ret:int8))= any - [ return' (result:int8)-> {[%#snum22] Int8.to_int self - Int8.to_int rhs >= Int8.to_int (v_MIN'0 : int8) - /\ Int8.to_int self - Int8.to_int rhs <= Int8.to_int (v_MAX'0 : int8) + let rec saturating_sub'0 (self:Int8.t) (rhs:Int8.t) (return' (ret:Int8.t))= any + [ return' (result:Int8.t)-> {[%#snum22] Int8.to_int self - Int8.to_int rhs >= Int8.to_int (v_MIN'0 : Int8.t) + /\ Int8.to_int self - Int8.to_int rhs <= Int8.to_int (v_MAX'0 : Int8.t) -> Int8.to_int result = Int8.to_int self - Int8.to_int rhs} - {[%#snum23] Int8.to_int self - Int8.to_int rhs < Int8.to_int (v_MIN'0 : int8) - -> Int8.to_int result = Int8.to_int (v_MIN'0 : int8)} - {[%#snum24] Int8.to_int self - Int8.to_int rhs > Int8.to_int (v_MAX'0 : int8) - -> Int8.to_int result = Int8.to_int (v_MAX'0 : int8)} + {[%#snum23] Int8.to_int self - Int8.to_int rhs < Int8.to_int (v_MIN'0 : Int8.t) + -> Int8.to_int result = Int8.to_int (v_MIN'0 : Int8.t)} + {[%#snum24] Int8.to_int self - Int8.to_int rhs > Int8.to_int (v_MAX'0 : Int8.t) + -> Int8.to_int result = Int8.to_int (v_MAX'0 : Int8.t)} (! return' {result}) ] - let rec overflowing_sub'0 (self:int8) (rhs:int8) (return' (ret:(int8, bool)))= any - [ return' (result:(int8, bool))-> {[%#snum25] Int8.to_int (let (a, _) = result in a) - = EuclideanDivision.mod (Int8.to_int self - Int8.to_int rhs) (Power.power 2 (UInt32.to_int (v_BITS'0 : uint32))) - + Int8.to_int (v_MIN'0 : int8)} - {[%#snum26] Int8.to_int self - Int8.to_int rhs >= Int8.to_int (v_MIN'0 : int8) - /\ Int8.to_int self - Int8.to_int rhs <= Int8.to_int (v_MAX'0 : int8) + let rec overflowing_sub'0 (self:Int8.t) (rhs:Int8.t) (return' (ret:(Int8.t, bool)))= any + [ return' (result:(Int8.t, bool))-> {[%#snum25] Int8.to_int (let (a, _) = result in a) + = EuclideanDivision.mod (Int8.to_int self + - Int8.to_int rhs) (Power.power 2 (UInt32.to_uint (v_BITS'0 : UInt32.t))) + + Int8.to_int (v_MIN'0 : Int8.t)} + {[%#snum26] Int8.to_int self - Int8.to_int rhs >= Int8.to_int (v_MIN'0 : Int8.t) + /\ Int8.to_int self - Int8.to_int rhs <= Int8.to_int (v_MAX'0 : Int8.t) -> Int8.to_int (let (a, _) = result in a) = Int8.to_int self - Int8.to_int rhs} - {[%#snum27] Int8.to_int self - Int8.to_int rhs < Int8.to_int (v_MIN'0 : int8) + {[%#snum27] Int8.to_int self - Int8.to_int rhs < Int8.to_int (v_MIN'0 : Int8.t) -> (exists k : int . k > 0 /\ Int8.to_int (let (a, _) = result in a) - = Int8.to_int self - Int8.to_int rhs + k * (Int8.to_int (v_MAX'0 : int8) - Int8.to_int (v_MIN'0 : int8) + 1))} - {[%#snum28] Int8.to_int self - Int8.to_int rhs > Int8.to_int (v_MAX'0 : int8) + = Int8.to_int self - Int8.to_int rhs + k * (Int8.to_int (v_MAX'0 : Int8.t) - Int8.to_int (v_MIN'0 : Int8.t) + 1))} + {[%#snum28] Int8.to_int self - Int8.to_int rhs > Int8.to_int (v_MAX'0 : Int8.t) -> (exists k : int . k > 0 /\ Int8.to_int (let (a, _) = result in a) - = Int8.to_int self - Int8.to_int rhs - k * (Int8.to_int (v_MAX'0 : int8) - Int8.to_int (v_MIN'0 : int8) + 1))} + = Int8.to_int self - Int8.to_int rhs - k * (Int8.to_int (v_MAX'0 : Int8.t) - Int8.to_int (v_MIN'0 : Int8.t) + 1))} {[%#snum29] (let (_, a) = result in a) - = (Int8.to_int self - Int8.to_int rhs < Int8.to_int (v_MIN'0 : int8) - \/ Int8.to_int self - Int8.to_int rhs > Int8.to_int (v_MAX'0 : int8))} + = (Int8.to_int self - Int8.to_int rhs < Int8.to_int (v_MIN'0 : Int8.t) + \/ Int8.to_int self - Int8.to_int rhs > Int8.to_int (v_MAX'0 : Int8.t))} (! return' {result}) ] @@ -3801,40 +3839,41 @@ module M_checked_ops__test_i8_sub_overflow_pos [#"checked_ops.rs" 220 0 220 38] meta "compute_max_steps" 1000000 - let rec test_i8_sub_overflow_pos'0 (a:int8) (return' (ret:()))= {[@expl:test_i8_sub_overflow_pos requires] [%#schecked_ops14] Int8.to_int a + let rec test_i8_sub_overflow_pos'0 (a:Int8.t) (return' (ret:()))= {[@expl:test_i8_sub_overflow_pos requires] [%#schecked_ops14] Int8.to_int a > 0} (! bb0 [ bb0 = s0 - [ s0 = checked_sub'0 {[%#schecked_ops0] (-128 : int8)} {a} (fun (_ret':t_Option'0) -> [ &_6 <- _ret' ] s1) + [ s0 = checked_sub'0 {[%#schecked_ops0] (-128 : Int8.t)} {a} (fun (_ret':t_Option'0) -> [ &_6 <- _ret' ] s1) | s1 = bb1 ] | bb1 = s0 [ s0 = is_none'0 {_6} (fun (_ret':bool) -> [ &_4 <- _ret' ] s1) | s1 = bb2 ] | bb2 = any [ br0 -> {_4 = false} (! bb4) | br1 -> {_4} (! bb3) ] | bb3 = s0 - [ s0 = wrapping_sub'0 {[%#schecked_ops1] (-128 : int8)} {a} (fun (_ret':int8) -> [ &_11 <- _ret' ] s1) + [ s0 = wrapping_sub'0 {[%#schecked_ops1] (-128 : Int8.t)} {a} (fun (_ret':Int8.t) -> [ &_11 <- _ret' ] s1) | s1 = bb5 ] | bb5 = s0 - [ s0 = Int8.sub {[%#schecked_ops2] (127 : int8)} {a} (fun (_ret':int8) -> [ &_14 <- _ret' ] s1) - | s1 = Int8.add {_14} {[%#schecked_ops3] (1 : int8)} (fun (_ret':int8) -> [ &_13 <- _ret' ] s2) + [ s0 = Int8.sub {[%#schecked_ops2] (127 : Int8.t)} {a} (fun (_ret':Int8.t) -> [ &_14 <- _ret' ] s1) + | s1 = Int8.add {_14} {[%#schecked_ops3] (1 : Int8.t)} (fun (_ret':Int8.t) -> [ &_13 <- _ret' ] s2) | s2 = Int8.eq {_11} {_13} (fun (_ret':bool) -> [ &_10 <- _ret' ] s3) | s3 = any [ br0 -> {_10 = false} (! bb7) | br1 -> {_10} (! bb6) ] ] | bb6 = s0 - [ s0 = saturating_sub'0 {[%#schecked_ops4] (-128 : int8)} {a} (fun (_ret':int8) -> [ &_19 <- _ret' ] s1) + [ s0 = saturating_sub'0 {[%#schecked_ops4] (-128 : Int8.t)} {a} (fun (_ret':Int8.t) -> [ &_19 <- _ret' ] s1) | s1 = bb8 ] | bb8 = s0 - [ s0 = Int8.eq {_19} {[%#schecked_ops5] (-128 : int8)} (fun (_ret':bool) -> [ &_18 <- _ret' ] s1) + [ s0 = Int8.eq {_19} {[%#schecked_ops5] (-128 : Int8.t)} (fun (_ret':bool) -> [ &_18 <- _ret' ] s1) | s1 = any [ br0 -> {_18 = false} (! bb10) | br1 -> {_18} (! bb9) ] ] | bb9 = s0 - [ s0 = overflowing_sub'0 {[%#schecked_ops6] (-128 : int8)} {a} (fun (_ret':(int8, bool)) -> [ &res <- _ret' ] s1) + [ s0 = overflowing_sub'0 {[%#schecked_ops6] (-128 : Int8.t)} {a} + (fun (_ret':(Int8.t, bool)) -> [ &res <- _ret' ] s1) | s1 = bb11 ] | bb11 = s0 - [ s0 = Int8.sub {[%#schecked_ops7] (127 : int8)} {a} (fun (_ret':int8) -> [ &_28 <- _ret' ] s1) - | s1 = Int8.add {_28} {[%#schecked_ops8] (1 : int8)} (fun (_ret':int8) -> [ &_27 <- _ret' ] s2) + [ s0 = Int8.sub {[%#schecked_ops7] (127 : Int8.t)} {a} (fun (_ret':Int8.t) -> [ &_28 <- _ret' ] s1) + | s1 = Int8.add {_28} {[%#schecked_ops8] (1 : Int8.t)} (fun (_ret':Int8.t) -> [ &_27 <- _ret' ] s2) | s2 = Int8.eq {let (r'0, _) = res in r'0} {_27} (fun (_ret':bool) -> [ &_25 <- _ret' ] s3) | s3 = any [ br0 -> {_25 = false} (! bb15) | br1 -> {_25} (! bb12) ] ] @@ -3851,19 +3890,19 @@ module M_checked_ops__test_i8_sub_overflow_pos [#"checked_ops.rs" 220 0 220 38] | bb4 = {[%#schecked_ops13] false} any ] ) [ & _0 : () = any_l () - | & a : int8 = a + | & a : Int8.t = a | & _4 : bool = any_l () | & _6 : t_Option'0 = any_l () | & _10 : bool = any_l () - | & _11 : int8 = any_l () - | & _13 : int8 = any_l () - | & _14 : int8 = any_l () + | & _11 : Int8.t = any_l () + | & _13 : Int8.t = any_l () + | & _14 : Int8.t = any_l () | & _18 : bool = any_l () - | & _19 : int8 = any_l () - | & res : (int8, bool) = any_l () + | & _19 : Int8.t = any_l () + | & res : (Int8.t, bool) = any_l () | & _25 : bool = any_l () - | & _27 : int8 = any_l () - | & _28 : int8 = any_l () + | & _27 : Int8.t = any_l () + | & _28 : Int8.t = any_l () | & _30 : bool = any_l () ] [ return' (result:())-> (! return' {result}) ] end @@ -3883,41 +3922,41 @@ module M_checked_ops__test_i8_sub_overflow_neg [#"checked_ops.rs" 230 0 230 38] let%span schecked_ops12 = "checked_ops.rs" 232 4 232 52 let%span schecked_ops13 = "checked_ops.rs" 231 4 231 43 let%span schecked_ops14 = "checked_ops.rs" 229 11 229 17 - let%span snum15 = "../../../creusot-contracts/src/std/num.rs" 128 20 129 89 - let%span snum16 = "../../../creusot-contracts/src/std/num.rs" 132 26 132 87 + let%span snum15 = "../../../creusot-contracts/src/std/num.rs" 171 20 172 89 + let%span snum16 = "../../../creusot-contracts/src/std/num.rs" 175 26 175 87 let%span soption17 = "../../../creusot-contracts/src/std/option.rs" 51 26 51 51 - let%span snum18 = "../../../creusot-contracts/src/std/num.rs" 140 20 140 93 - let%span snum19 = "../../../creusot-contracts/src/std/num.rs" 144 20 145 51 - let%span snum20 = "../../../creusot-contracts/src/std/num.rs" 151 20 153 92 - let%span snum21 = "../../../creusot-contracts/src/std/num.rs" 156 20 158 92 - let%span snum22 = "../../../creusot-contracts/src/std/num.rs" 168 20 169 51 - let%span snum23 = "../../../creusot-contracts/src/std/num.rs" 172 26 172 83 - let%span snum24 = "../../../creusot-contracts/src/std/num.rs" 173 26 173 83 - let%span snum25 = "../../../creusot-contracts/src/std/num.rs" 182 20 182 95 - let%span snum26 = "../../../creusot-contracts/src/std/num.rs" 186 20 187 53 - let%span snum27 = "../../../creusot-contracts/src/std/num.rs" 193 20 195 94 - let%span snum28 = "../../../creusot-contracts/src/std/num.rs" 198 20 200 94 - let%span snum29 = "../../../creusot-contracts/src/std/num.rs" 204 20 204 98 + let%span snum18 = "../../../creusot-contracts/src/std/num.rs" 183 20 183 93 + let%span snum19 = "../../../creusot-contracts/src/std/num.rs" 187 20 188 51 + let%span snum20 = "../../../creusot-contracts/src/std/num.rs" 194 20 196 92 + let%span snum21 = "../../../creusot-contracts/src/std/num.rs" 199 20 201 92 + let%span snum22 = "../../../creusot-contracts/src/std/num.rs" 211 20 212 51 + let%span snum23 = "../../../creusot-contracts/src/std/num.rs" 215 26 215 83 + let%span snum24 = "../../../creusot-contracts/src/std/num.rs" 216 26 216 83 + let%span snum25 = "../../../creusot-contracts/src/std/num.rs" 225 20 225 95 + let%span snum26 = "../../../creusot-contracts/src/std/num.rs" 229 20 230 53 + let%span snum27 = "../../../creusot-contracts/src/std/num.rs" 236 20 238 94 + let%span snum28 = "../../../creusot-contracts/src/std/num.rs" 241 20 243 94 + let%span snum29 = "../../../creusot-contracts/src/std/num.rs" 247 20 247 98 + + use prelude.prelude.Int use prelude.prelude.Int8 type t_Option'0 = | C_None'0 - | C_Some'0 int8 + | C_Some'0 Int8.t use prelude.prelude.Int8 - use prelude.prelude.Int + constant v_MIN'0 : Int8.t = (-128 : Int8.t) - constant v_MIN'0 : int8 = (-128 : int8) + constant v_MAX'0 : Int8.t = (127 : Int8.t) - constant v_MAX'0 : int8 = (127 : int8) - - let rec checked_sub'0 (self:int8) (rhs:int8) (return' (ret:t_Option'0))= any + let rec checked_sub'0 (self:Int8.t) (rhs:Int8.t) (return' (ret:t_Option'0))= any [ return' (result:t_Option'0)-> {[%#snum15] (result = C_None'0) - = (Int8.to_int self - Int8.to_int rhs < Int8.to_int (v_MIN'0 : int8) - \/ Int8.to_int self - Int8.to_int rhs > Int8.to_int (v_MAX'0 : int8))} - {[%#snum16] forall r : int8 . result = C_Some'0 r -> Int8.to_int r = Int8.to_int self - Int8.to_int rhs} + = (Int8.to_int self - Int8.to_int rhs < Int8.to_int (v_MIN'0 : Int8.t) + \/ Int8.to_int self - Int8.to_int rhs > Int8.to_int (v_MAX'0 : Int8.t))} + {[%#snum16] forall r : Int8.t . result = C_Some'0 r -> Int8.to_int r = Int8.to_int self - Int8.to_int rhs} (! return' {result}) ] @@ -3932,7 +3971,7 @@ module M_checked_ops__test_i8_sub_overflow_neg [#"checked_ops.rs" 230 0 230 38] use prelude.prelude.UInt32 - constant v_BITS'0 : uint32 = (8 : uint32) + constant v_BITS'0 : UInt32.t = (8 : UInt32.t) use prelude.prelude.UInt32 @@ -3940,53 +3979,55 @@ module M_checked_ops__test_i8_sub_overflow_neg [#"checked_ops.rs" 230 0 230 38] use int.EuclideanDivision - let rec wrapping_sub'0 (self:int8) (rhs:int8) (return' (ret:int8))= any - [ return' (result:int8)-> {[%#snum18] Int8.to_int result - = EuclideanDivision.mod (Int8.to_int self - Int8.to_int rhs) (Power.power 2 (UInt32.to_int (v_BITS'0 : uint32))) - + Int8.to_int (v_MIN'0 : int8)} - {[%#snum19] Int8.to_int self - Int8.to_int rhs >= Int8.to_int (v_MIN'0 : int8) - /\ Int8.to_int self - Int8.to_int rhs <= Int8.to_int (v_MAX'0 : int8) + let rec wrapping_sub'0 (self:Int8.t) (rhs:Int8.t) (return' (ret:Int8.t))= any + [ return' (result:Int8.t)-> {[%#snum18] Int8.to_int result + = EuclideanDivision.mod (Int8.to_int self + - Int8.to_int rhs) (Power.power 2 (UInt32.to_uint (v_BITS'0 : UInt32.t))) + + Int8.to_int (v_MIN'0 : Int8.t)} + {[%#snum19] Int8.to_int self - Int8.to_int rhs >= Int8.to_int (v_MIN'0 : Int8.t) + /\ Int8.to_int self - Int8.to_int rhs <= Int8.to_int (v_MAX'0 : Int8.t) -> Int8.to_int result = Int8.to_int self - Int8.to_int rhs} - {[%#snum20] Int8.to_int self - Int8.to_int rhs < Int8.to_int (v_MIN'0 : int8) + {[%#snum20] Int8.to_int self - Int8.to_int rhs < Int8.to_int (v_MIN'0 : Int8.t) -> (exists k : int . k > 0 /\ Int8.to_int result - = Int8.to_int self - Int8.to_int rhs + k * (Int8.to_int (v_MAX'0 : int8) - Int8.to_int (v_MIN'0 : int8) + 1))} - {[%#snum21] Int8.to_int self - Int8.to_int rhs > Int8.to_int (v_MAX'0 : int8) + = Int8.to_int self - Int8.to_int rhs + k * (Int8.to_int (v_MAX'0 : Int8.t) - Int8.to_int (v_MIN'0 : Int8.t) + 1))} + {[%#snum21] Int8.to_int self - Int8.to_int rhs > Int8.to_int (v_MAX'0 : Int8.t) -> (exists k : int . k > 0 /\ Int8.to_int result - = Int8.to_int self - Int8.to_int rhs - k * (Int8.to_int (v_MAX'0 : int8) - Int8.to_int (v_MIN'0 : int8) + 1))} + = Int8.to_int self - Int8.to_int rhs - k * (Int8.to_int (v_MAX'0 : Int8.t) - Int8.to_int (v_MIN'0 : Int8.t) + 1))} (! return' {result}) ] - let rec saturating_sub'0 (self:int8) (rhs:int8) (return' (ret:int8))= any - [ return' (result:int8)-> {[%#snum22] Int8.to_int self - Int8.to_int rhs >= Int8.to_int (v_MIN'0 : int8) - /\ Int8.to_int self - Int8.to_int rhs <= Int8.to_int (v_MAX'0 : int8) + let rec saturating_sub'0 (self:Int8.t) (rhs:Int8.t) (return' (ret:Int8.t))= any + [ return' (result:Int8.t)-> {[%#snum22] Int8.to_int self - Int8.to_int rhs >= Int8.to_int (v_MIN'0 : Int8.t) + /\ Int8.to_int self - Int8.to_int rhs <= Int8.to_int (v_MAX'0 : Int8.t) -> Int8.to_int result = Int8.to_int self - Int8.to_int rhs} - {[%#snum23] Int8.to_int self - Int8.to_int rhs < Int8.to_int (v_MIN'0 : int8) - -> Int8.to_int result = Int8.to_int (v_MIN'0 : int8)} - {[%#snum24] Int8.to_int self - Int8.to_int rhs > Int8.to_int (v_MAX'0 : int8) - -> Int8.to_int result = Int8.to_int (v_MAX'0 : int8)} + {[%#snum23] Int8.to_int self - Int8.to_int rhs < Int8.to_int (v_MIN'0 : Int8.t) + -> Int8.to_int result = Int8.to_int (v_MIN'0 : Int8.t)} + {[%#snum24] Int8.to_int self - Int8.to_int rhs > Int8.to_int (v_MAX'0 : Int8.t) + -> Int8.to_int result = Int8.to_int (v_MAX'0 : Int8.t)} (! return' {result}) ] - let rec overflowing_sub'0 (self:int8) (rhs:int8) (return' (ret:(int8, bool)))= any - [ return' (result:(int8, bool))-> {[%#snum25] Int8.to_int (let (a, _) = result in a) - = EuclideanDivision.mod (Int8.to_int self - Int8.to_int rhs) (Power.power 2 (UInt32.to_int (v_BITS'0 : uint32))) - + Int8.to_int (v_MIN'0 : int8)} - {[%#snum26] Int8.to_int self - Int8.to_int rhs >= Int8.to_int (v_MIN'0 : int8) - /\ Int8.to_int self - Int8.to_int rhs <= Int8.to_int (v_MAX'0 : int8) + let rec overflowing_sub'0 (self:Int8.t) (rhs:Int8.t) (return' (ret:(Int8.t, bool)))= any + [ return' (result:(Int8.t, bool))-> {[%#snum25] Int8.to_int (let (a, _) = result in a) + = EuclideanDivision.mod (Int8.to_int self + - Int8.to_int rhs) (Power.power 2 (UInt32.to_uint (v_BITS'0 : UInt32.t))) + + Int8.to_int (v_MIN'0 : Int8.t)} + {[%#snum26] Int8.to_int self - Int8.to_int rhs >= Int8.to_int (v_MIN'0 : Int8.t) + /\ Int8.to_int self - Int8.to_int rhs <= Int8.to_int (v_MAX'0 : Int8.t) -> Int8.to_int (let (a, _) = result in a) = Int8.to_int self - Int8.to_int rhs} - {[%#snum27] Int8.to_int self - Int8.to_int rhs < Int8.to_int (v_MIN'0 : int8) + {[%#snum27] Int8.to_int self - Int8.to_int rhs < Int8.to_int (v_MIN'0 : Int8.t) -> (exists k : int . k > 0 /\ Int8.to_int (let (a, _) = result in a) - = Int8.to_int self - Int8.to_int rhs + k * (Int8.to_int (v_MAX'0 : int8) - Int8.to_int (v_MIN'0 : int8) + 1))} - {[%#snum28] Int8.to_int self - Int8.to_int rhs > Int8.to_int (v_MAX'0 : int8) + = Int8.to_int self - Int8.to_int rhs + k * (Int8.to_int (v_MAX'0 : Int8.t) - Int8.to_int (v_MIN'0 : Int8.t) + 1))} + {[%#snum28] Int8.to_int self - Int8.to_int rhs > Int8.to_int (v_MAX'0 : Int8.t) -> (exists k : int . k > 0 /\ Int8.to_int (let (a, _) = result in a) - = Int8.to_int self - Int8.to_int rhs - k * (Int8.to_int (v_MAX'0 : int8) - Int8.to_int (v_MIN'0 : int8) + 1))} + = Int8.to_int self - Int8.to_int rhs - k * (Int8.to_int (v_MAX'0 : Int8.t) - Int8.to_int (v_MIN'0 : Int8.t) + 1))} {[%#snum29] (let (_, a) = result in a) - = (Int8.to_int self - Int8.to_int rhs < Int8.to_int (v_MIN'0 : int8) - \/ Int8.to_int self - Int8.to_int rhs > Int8.to_int (v_MAX'0 : int8))} + = (Int8.to_int self - Int8.to_int rhs < Int8.to_int (v_MIN'0 : Int8.t) + \/ Int8.to_int self - Int8.to_int rhs > Int8.to_int (v_MAX'0 : Int8.t))} (! return' {result}) ] @@ -3996,42 +4037,43 @@ module M_checked_ops__test_i8_sub_overflow_neg [#"checked_ops.rs" 230 0 230 38] meta "compute_max_steps" 1000000 - let rec test_i8_sub_overflow_neg'0 (a:int8) (return' (ret:()))= {[@expl:test_i8_sub_overflow_neg requires] [%#schecked_ops14] Int8.to_int a + let rec test_i8_sub_overflow_neg'0 (a:Int8.t) (return' (ret:()))= {[@expl:test_i8_sub_overflow_neg requires] [%#schecked_ops14] Int8.to_int a < 0} (! bb0 [ bb0 = s0 - [ s0 = checked_sub'0 {[%#schecked_ops0] (127 : int8)} {a} (fun (_ret':t_Option'0) -> [ &_6 <- _ret' ] s1) + [ s0 = checked_sub'0 {[%#schecked_ops0] (127 : Int8.t)} {a} (fun (_ret':t_Option'0) -> [ &_6 <- _ret' ] s1) | s1 = bb1 ] | bb1 = s0 [ s0 = is_none'0 {_6} (fun (_ret':bool) -> [ &_4 <- _ret' ] s1) | s1 = bb2 ] | bb2 = any [ br0 -> {_4 = false} (! bb4) | br1 -> {_4} (! bb3) ] | bb3 = s0 - [ s0 = wrapping_sub'0 {[%#schecked_ops1] (127 : int8)} {a} (fun (_ret':int8) -> [ &_11 <- _ret' ] s1) + [ s0 = wrapping_sub'0 {[%#schecked_ops1] (127 : Int8.t)} {a} (fun (_ret':Int8.t) -> [ &_11 <- _ret' ] s1) | s1 = bb5 ] | bb5 = s0 - [ s0 = Int8.add {[%#schecked_ops2] (2 : int8)} {a} (fun (_ret':int8) -> [ &_15 <- _ret' ] s1) - | s1 = Int8.neg {_15} (fun (_ret:int8) -> [ &_14 <- _ret ] s2) - | s2 = Int8.sub {_14} {[%#schecked_ops3] (127 : int8)} (fun (_ret':int8) -> [ &_13 <- _ret' ] s3) + [ s0 = Int8.add {[%#schecked_ops2] (2 : Int8.t)} {a} (fun (_ret':Int8.t) -> [ &_15 <- _ret' ] s1) + | s1 = Int8.neg {_15} (fun (_ret:Int8.t) -> [ &_14 <- _ret ] s2) + | s2 = Int8.sub {_14} {[%#schecked_ops3] (127 : Int8.t)} (fun (_ret':Int8.t) -> [ &_13 <- _ret' ] s3) | s3 = Int8.eq {_11} {_13} (fun (_ret':bool) -> [ &_10 <- _ret' ] s4) | s4 = any [ br0 -> {_10 = false} (! bb7) | br1 -> {_10} (! bb6) ] ] | bb6 = s0 - [ s0 = saturating_sub'0 {[%#schecked_ops4] (127 : int8)} {a} (fun (_ret':int8) -> [ &_20 <- _ret' ] s1) + [ s0 = saturating_sub'0 {[%#schecked_ops4] (127 : Int8.t)} {a} (fun (_ret':Int8.t) -> [ &_20 <- _ret' ] s1) | s1 = bb8 ] | bb8 = s0 - [ s0 = Int8.eq {_20} {[%#schecked_ops5] (127 : int8)} (fun (_ret':bool) -> [ &_19 <- _ret' ] s1) + [ s0 = Int8.eq {_20} {[%#schecked_ops5] (127 : Int8.t)} (fun (_ret':bool) -> [ &_19 <- _ret' ] s1) | s1 = any [ br0 -> {_19 = false} (! bb10) | br1 -> {_19} (! bb9) ] ] | bb9 = s0 - [ s0 = overflowing_sub'0 {[%#schecked_ops6] (127 : int8)} {a} (fun (_ret':(int8, bool)) -> [ &res <- _ret' ] s1) + [ s0 = overflowing_sub'0 {[%#schecked_ops6] (127 : Int8.t)} {a} + (fun (_ret':(Int8.t, bool)) -> [ &res <- _ret' ] s1) | s1 = bb11 ] | bb11 = s0 - [ s0 = Int8.add {[%#schecked_ops7] (2 : int8)} {a} (fun (_ret':int8) -> [ &_30 <- _ret' ] s1) - | s1 = Int8.neg {_30} (fun (_ret:int8) -> [ &_29 <- _ret ] s2) - | s2 = Int8.sub {_29} {[%#schecked_ops8] (127 : int8)} (fun (_ret':int8) -> [ &_28 <- _ret' ] s3) + [ s0 = Int8.add {[%#schecked_ops7] (2 : Int8.t)} {a} (fun (_ret':Int8.t) -> [ &_30 <- _ret' ] s1) + | s1 = Int8.neg {_30} (fun (_ret:Int8.t) -> [ &_29 <- _ret ] s2) + | s2 = Int8.sub {_29} {[%#schecked_ops8] (127 : Int8.t)} (fun (_ret':Int8.t) -> [ &_28 <- _ret' ] s3) | s3 = Int8.eq {let (r'0, _) = res in r'0} {_28} (fun (_ret':bool) -> [ &_26 <- _ret' ] s4) | s4 = any [ br0 -> {_26 = false} (! bb15) | br1 -> {_26} (! bb12) ] ] @@ -4048,30 +4090,30 @@ module M_checked_ops__test_i8_sub_overflow_neg [#"checked_ops.rs" 230 0 230 38] | bb4 = {[%#schecked_ops13] false} any ] ) [ & _0 : () = any_l () - | & a : int8 = a + | & a : Int8.t = a | & _4 : bool = any_l () | & _6 : t_Option'0 = any_l () | & _10 : bool = any_l () - | & _11 : int8 = any_l () - | & _13 : int8 = any_l () - | & _14 : int8 = any_l () - | & _15 : int8 = any_l () + | & _11 : Int8.t = any_l () + | & _13 : Int8.t = any_l () + | & _14 : Int8.t = any_l () + | & _15 : Int8.t = any_l () | & _19 : bool = any_l () - | & _20 : int8 = any_l () - | & res : (int8, bool) = any_l () + | & _20 : Int8.t = any_l () + | & res : (Int8.t, bool) = any_l () | & _26 : bool = any_l () - | & _28 : int8 = any_l () - | & _29 : int8 = any_l () - | & _30 : int8 = any_l () + | & _28 : Int8.t = any_l () + | & _29 : Int8.t = any_l () + | & _30 : Int8.t = any_l () | & _32 : bool = any_l () ] [ return' (result:())-> (! return' {result}) ] end module M_checked_ops__test_i8_wrapping_sub [#"checked_ops.rs" 241 0 241 47] let%span schecked_ops0 = "checked_ops.rs" 240 10 240 84 - let%span snum1 = "../../../creusot-contracts/src/std/num.rs" 140 20 140 93 - let%span snum2 = "../../../creusot-contracts/src/std/num.rs" 144 20 145 51 - let%span snum3 = "../../../creusot-contracts/src/std/num.rs" 151 20 153 92 - let%span snum4 = "../../../creusot-contracts/src/std/num.rs" 156 20 158 92 + let%span snum1 = "../../../creusot-contracts/src/std/num.rs" 183 20 183 93 + let%span snum2 = "../../../creusot-contracts/src/std/num.rs" 187 20 188 51 + let%span snum3 = "../../../creusot-contracts/src/std/num.rs" 194 20 196 92 + let%span snum4 = "../../../creusot-contracts/src/std/num.rs" 199 20 201 92 use prelude.prelude.Int8 @@ -4079,7 +4121,7 @@ module M_checked_ops__test_i8_wrapping_sub [#"checked_ops.rs" 241 0 241 47] use prelude.prelude.UInt32 - constant v_BITS'0 : uint32 = (8 : uint32) + constant v_BITS'0 : UInt32.t = (8 : UInt32.t) use prelude.prelude.UInt32 @@ -4089,25 +4131,26 @@ module M_checked_ops__test_i8_wrapping_sub [#"checked_ops.rs" 241 0 241 47] use prelude.prelude.Int8 - constant v_MIN'0 : int8 = (-128 : int8) + constant v_MIN'0 : Int8.t = (-128 : Int8.t) - constant v_MAX'0 : int8 = (127 : int8) + constant v_MAX'0 : Int8.t = (127 : Int8.t) - let rec wrapping_sub'0 (self:int8) (rhs:int8) (return' (ret:int8))= any - [ return' (result:int8)-> {[%#snum1] Int8.to_int result - = EuclideanDivision.mod (Int8.to_int self - Int8.to_int rhs) (Power.power 2 (UInt32.to_int (v_BITS'0 : uint32))) - + Int8.to_int (v_MIN'0 : int8)} - {[%#snum2] Int8.to_int self - Int8.to_int rhs >= Int8.to_int (v_MIN'0 : int8) - /\ Int8.to_int self - Int8.to_int rhs <= Int8.to_int (v_MAX'0 : int8) + let rec wrapping_sub'0 (self:Int8.t) (rhs:Int8.t) (return' (ret:Int8.t))= any + [ return' (result:Int8.t)-> {[%#snum1] Int8.to_int result + = EuclideanDivision.mod (Int8.to_int self + - Int8.to_int rhs) (Power.power 2 (UInt32.to_uint (v_BITS'0 : UInt32.t))) + + Int8.to_int (v_MIN'0 : Int8.t)} + {[%#snum2] Int8.to_int self - Int8.to_int rhs >= Int8.to_int (v_MIN'0 : Int8.t) + /\ Int8.to_int self - Int8.to_int rhs <= Int8.to_int (v_MAX'0 : Int8.t) -> Int8.to_int result = Int8.to_int self - Int8.to_int rhs} - {[%#snum3] Int8.to_int self - Int8.to_int rhs < Int8.to_int (v_MIN'0 : int8) + {[%#snum3] Int8.to_int self - Int8.to_int rhs < Int8.to_int (v_MIN'0 : Int8.t) -> (exists k : int . k > 0 /\ Int8.to_int result - = Int8.to_int self - Int8.to_int rhs + k * (Int8.to_int (v_MAX'0 : int8) - Int8.to_int (v_MIN'0 : int8) + 1))} - {[%#snum4] Int8.to_int self - Int8.to_int rhs > Int8.to_int (v_MAX'0 : int8) + = Int8.to_int self - Int8.to_int rhs + k * (Int8.to_int (v_MAX'0 : Int8.t) - Int8.to_int (v_MIN'0 : Int8.t) + 1))} + {[%#snum4] Int8.to_int self - Int8.to_int rhs > Int8.to_int (v_MAX'0 : Int8.t) -> (exists k : int . k > 0 /\ Int8.to_int result - = Int8.to_int self - Int8.to_int rhs - k * (Int8.to_int (v_MAX'0 : int8) - Int8.to_int (v_MIN'0 : int8) + 1))} + = Int8.to_int self - Int8.to_int rhs - k * (Int8.to_int (v_MAX'0 : Int8.t) - Int8.to_int (v_MIN'0 : Int8.t) + 1))} (! return' {result}) ] @@ -4115,11 +4158,11 @@ module M_checked_ops__test_i8_wrapping_sub [#"checked_ops.rs" 241 0 241 47] meta "compute_max_steps" 1000000 - let rec test_i8_wrapping_sub'0 (a:int8) (b:int8) (return' (ret:int8))= (! bb0 - [ bb0 = s0 [ s0 = wrapping_sub'0 {a} {b} (fun (_ret':int8) -> [ &_0 <- _ret' ] s1) | s1 = bb1 ] + let rec test_i8_wrapping_sub'0 (a:Int8.t) (b:Int8.t) (return' (ret:Int8.t))= (! bb0 + [ bb0 = s0 [ s0 = wrapping_sub'0 {a} {b} (fun (_ret':Int8.t) -> [ &_0 <- _ret' ] s1) | s1 = bb1 ] | bb1 = return' {_0} ] - ) [ & _0 : int8 = any_l () | & a : int8 = a | & b : int8 = b ] - [ return' (result:int8)-> {[@expl:test_i8_wrapping_sub ensures] [%#schecked_ops0] Int8.to_int result + ) [ & _0 : Int8.t = any_l () | & a : Int8.t = a | & b : Int8.t = b ] + [ return' (result:Int8.t)-> {[@expl:test_i8_wrapping_sub ensures] [%#schecked_ops0] Int8.to_int result = Int8.to_int a - Int8.to_int b \/ Int8.to_int result = Int8.to_int a - Int8.to_int b + 256 \/ Int8.to_int result = Int8.to_int a - Int8.to_int b - 256} @@ -4129,17 +4172,17 @@ end module M_checked_ops__test_i8_overflowing_sub [#"checked_ops.rs" 246 0 246 44] let%span schecked_ops0 = "checked_ops.rs" 248 4 248 65 let%span schecked_ops1 = "checked_ops.rs" 247 4 247 56 - let%span snum2 = "../../../creusot-contracts/src/std/num.rs" 182 20 182 95 - let%span snum3 = "../../../creusot-contracts/src/std/num.rs" 186 20 187 53 - let%span snum4 = "../../../creusot-contracts/src/std/num.rs" 193 20 195 94 - let%span snum5 = "../../../creusot-contracts/src/std/num.rs" 198 20 200 94 - let%span snum6 = "../../../creusot-contracts/src/std/num.rs" 204 20 204 98 - let%span snum7 = "../../../creusot-contracts/src/std/num.rs" 140 20 140 93 - let%span snum8 = "../../../creusot-contracts/src/std/num.rs" 144 20 145 51 - let%span snum9 = "../../../creusot-contracts/src/std/num.rs" 151 20 153 92 - let%span snum10 = "../../../creusot-contracts/src/std/num.rs" 156 20 158 92 - let%span snum11 = "../../../creusot-contracts/src/std/num.rs" 128 20 129 89 - let%span snum12 = "../../../creusot-contracts/src/std/num.rs" 132 26 132 87 + let%span snum2 = "../../../creusot-contracts/src/std/num.rs" 225 20 225 95 + let%span snum3 = "../../../creusot-contracts/src/std/num.rs" 229 20 230 53 + let%span snum4 = "../../../creusot-contracts/src/std/num.rs" 236 20 238 94 + let%span snum5 = "../../../creusot-contracts/src/std/num.rs" 241 20 243 94 + let%span snum6 = "../../../creusot-contracts/src/std/num.rs" 247 20 247 98 + let%span snum7 = "../../../creusot-contracts/src/std/num.rs" 183 20 183 93 + let%span snum8 = "../../../creusot-contracts/src/std/num.rs" 187 20 188 51 + let%span snum9 = "../../../creusot-contracts/src/std/num.rs" 194 20 196 92 + let%span snum10 = "../../../creusot-contracts/src/std/num.rs" 199 20 201 92 + let%span snum11 = "../../../creusot-contracts/src/std/num.rs" 171 20 172 89 + let%span snum12 = "../../../creusot-contracts/src/std/num.rs" 175 26 175 87 let%span soption13 = "../../../creusot-contracts/src/std/option.rs" 51 26 51 51 use prelude.prelude.Int8 @@ -4148,7 +4191,7 @@ module M_checked_ops__test_i8_overflowing_sub [#"checked_ops.rs" 246 0 246 44] use prelude.prelude.UInt32 - constant v_BITS'0 : uint32 = (8 : uint32) + constant v_BITS'0 : UInt32.t = (8 : UInt32.t) use prelude.prelude.UInt32 @@ -4158,58 +4201,60 @@ module M_checked_ops__test_i8_overflowing_sub [#"checked_ops.rs" 246 0 246 44] use prelude.prelude.Int8 - constant v_MIN'0 : int8 = (-128 : int8) + constant v_MIN'0 : Int8.t = (-128 : Int8.t) - constant v_MAX'0 : int8 = (127 : int8) + constant v_MAX'0 : Int8.t = (127 : Int8.t) - let rec overflowing_sub'0 (self:int8) (rhs:int8) (return' (ret:(int8, bool)))= any - [ return' (result:(int8, bool))-> {[%#snum2] Int8.to_int (let (a, _) = result in a) - = EuclideanDivision.mod (Int8.to_int self - Int8.to_int rhs) (Power.power 2 (UInt32.to_int (v_BITS'0 : uint32))) - + Int8.to_int (v_MIN'0 : int8)} - {[%#snum3] Int8.to_int self - Int8.to_int rhs >= Int8.to_int (v_MIN'0 : int8) - /\ Int8.to_int self - Int8.to_int rhs <= Int8.to_int (v_MAX'0 : int8) + let rec overflowing_sub'0 (self:Int8.t) (rhs:Int8.t) (return' (ret:(Int8.t, bool)))= any + [ return' (result:(Int8.t, bool))-> {[%#snum2] Int8.to_int (let (a, _) = result in a) + = EuclideanDivision.mod (Int8.to_int self + - Int8.to_int rhs) (Power.power 2 (UInt32.to_uint (v_BITS'0 : UInt32.t))) + + Int8.to_int (v_MIN'0 : Int8.t)} + {[%#snum3] Int8.to_int self - Int8.to_int rhs >= Int8.to_int (v_MIN'0 : Int8.t) + /\ Int8.to_int self - Int8.to_int rhs <= Int8.to_int (v_MAX'0 : Int8.t) -> Int8.to_int (let (a, _) = result in a) = Int8.to_int self - Int8.to_int rhs} - {[%#snum4] Int8.to_int self - Int8.to_int rhs < Int8.to_int (v_MIN'0 : int8) + {[%#snum4] Int8.to_int self - Int8.to_int rhs < Int8.to_int (v_MIN'0 : Int8.t) -> (exists k : int . k > 0 /\ Int8.to_int (let (a, _) = result in a) - = Int8.to_int self - Int8.to_int rhs + k * (Int8.to_int (v_MAX'0 : int8) - Int8.to_int (v_MIN'0 : int8) + 1))} - {[%#snum5] Int8.to_int self - Int8.to_int rhs > Int8.to_int (v_MAX'0 : int8) + = Int8.to_int self - Int8.to_int rhs + k * (Int8.to_int (v_MAX'0 : Int8.t) - Int8.to_int (v_MIN'0 : Int8.t) + 1))} + {[%#snum5] Int8.to_int self - Int8.to_int rhs > Int8.to_int (v_MAX'0 : Int8.t) -> (exists k : int . k > 0 /\ Int8.to_int (let (a, _) = result in a) - = Int8.to_int self - Int8.to_int rhs - k * (Int8.to_int (v_MAX'0 : int8) - Int8.to_int (v_MIN'0 : int8) + 1))} + = Int8.to_int self - Int8.to_int rhs - k * (Int8.to_int (v_MAX'0 : Int8.t) - Int8.to_int (v_MIN'0 : Int8.t) + 1))} {[%#snum6] (let (_, a) = result in a) - = (Int8.to_int self - Int8.to_int rhs < Int8.to_int (v_MIN'0 : int8) - \/ Int8.to_int self - Int8.to_int rhs > Int8.to_int (v_MAX'0 : int8))} + = (Int8.to_int self - Int8.to_int rhs < Int8.to_int (v_MIN'0 : Int8.t) + \/ Int8.to_int self - Int8.to_int rhs > Int8.to_int (v_MAX'0 : Int8.t))} (! return' {result}) ] - let rec wrapping_sub'0 (self:int8) (rhs:int8) (return' (ret:int8))= any - [ return' (result:int8)-> {[%#snum7] Int8.to_int result - = EuclideanDivision.mod (Int8.to_int self - Int8.to_int rhs) (Power.power 2 (UInt32.to_int (v_BITS'0 : uint32))) - + Int8.to_int (v_MIN'0 : int8)} - {[%#snum8] Int8.to_int self - Int8.to_int rhs >= Int8.to_int (v_MIN'0 : int8) - /\ Int8.to_int self - Int8.to_int rhs <= Int8.to_int (v_MAX'0 : int8) + let rec wrapping_sub'0 (self:Int8.t) (rhs:Int8.t) (return' (ret:Int8.t))= any + [ return' (result:Int8.t)-> {[%#snum7] Int8.to_int result + = EuclideanDivision.mod (Int8.to_int self + - Int8.to_int rhs) (Power.power 2 (UInt32.to_uint (v_BITS'0 : UInt32.t))) + + Int8.to_int (v_MIN'0 : Int8.t)} + {[%#snum8] Int8.to_int self - Int8.to_int rhs >= Int8.to_int (v_MIN'0 : Int8.t) + /\ Int8.to_int self - Int8.to_int rhs <= Int8.to_int (v_MAX'0 : Int8.t) -> Int8.to_int result = Int8.to_int self - Int8.to_int rhs} - {[%#snum9] Int8.to_int self - Int8.to_int rhs < Int8.to_int (v_MIN'0 : int8) + {[%#snum9] Int8.to_int self - Int8.to_int rhs < Int8.to_int (v_MIN'0 : Int8.t) -> (exists k : int . k > 0 /\ Int8.to_int result - = Int8.to_int self - Int8.to_int rhs + k * (Int8.to_int (v_MAX'0 : int8) - Int8.to_int (v_MIN'0 : int8) + 1))} - {[%#snum10] Int8.to_int self - Int8.to_int rhs > Int8.to_int (v_MAX'0 : int8) + = Int8.to_int self - Int8.to_int rhs + k * (Int8.to_int (v_MAX'0 : Int8.t) - Int8.to_int (v_MIN'0 : Int8.t) + 1))} + {[%#snum10] Int8.to_int self - Int8.to_int rhs > Int8.to_int (v_MAX'0 : Int8.t) -> (exists k : int . k > 0 /\ Int8.to_int result - = Int8.to_int self - Int8.to_int rhs - k * (Int8.to_int (v_MAX'0 : int8) - Int8.to_int (v_MIN'0 : int8) + 1))} + = Int8.to_int self - Int8.to_int rhs - k * (Int8.to_int (v_MAX'0 : Int8.t) - Int8.to_int (v_MIN'0 : Int8.t) + 1))} (! return' {result}) ] type t_Option'0 = | C_None'0 - | C_Some'0 int8 + | C_Some'0 Int8.t - let rec checked_sub'0 (self:int8) (rhs:int8) (return' (ret:t_Option'0))= any + let rec checked_sub'0 (self:Int8.t) (rhs:Int8.t) (return' (ret:t_Option'0))= any [ return' (result:t_Option'0)-> {[%#snum11] (result = C_None'0) - = (Int8.to_int self - Int8.to_int rhs < Int8.to_int (v_MIN'0 : int8) - \/ Int8.to_int self - Int8.to_int rhs > Int8.to_int (v_MAX'0 : int8))} - {[%#snum12] forall r : int8 . result = C_Some'0 r -> Int8.to_int r = Int8.to_int self - Int8.to_int rhs} + = (Int8.to_int self - Int8.to_int rhs < Int8.to_int (v_MIN'0 : Int8.t) + \/ Int8.to_int self - Int8.to_int rhs > Int8.to_int (v_MAX'0 : Int8.t))} + {[%#snum12] forall r : Int8.t . result = C_Some'0 r -> Int8.to_int r = Int8.to_int self - Int8.to_int rhs} (! return' {result}) ] @@ -4228,14 +4273,14 @@ module M_checked_ops__test_i8_overflowing_sub [#"checked_ops.rs" 246 0 246 44] meta "compute_max_steps" 1000000 - let rec test_i8_overflowing_sub'0 (a:int8) (b:int8) (return' (ret:()))= (! bb0 - [ bb0 = s0 [ s0 = overflowing_sub'0 {a} {b} (fun (_ret':(int8, bool)) -> [ &_6 <- _ret' ] s1) | s1 = bb1 ] - | bb1 = s0 [ s0 = wrapping_sub'0 {a} {b} (fun (_ret':int8) -> [ &_9 <- _ret' ] s1) | s1 = bb2 ] + let rec test_i8_overflowing_sub'0 (a:Int8.t) (b:Int8.t) (return' (ret:()))= (! bb0 + [ bb0 = s0 [ s0 = overflowing_sub'0 {a} {b} (fun (_ret':(Int8.t, bool)) -> [ &_6 <- _ret' ] s1) | s1 = bb1 ] + | bb1 = s0 [ s0 = wrapping_sub'0 {a} {b} (fun (_ret':Int8.t) -> [ &_9 <- _ret' ] s1) | s1 = bb2 ] | bb2 = s0 [ s0 = Int8.eq {let (r'0, _) = _6 in r'0} {_9} (fun (_ret':bool) -> [ &_4 <- _ret' ] s1) | s1 = any [ br0 -> {_4 = false} (! bb4) | br1 -> {_4} (! bb3) ] ] - | bb3 = s0 [ s0 = overflowing_sub'0 {a} {b} (fun (_ret':(int8, bool)) -> [ &_16 <- _ret' ] s1) | s1 = bb5 ] + | bb3 = s0 [ s0 = overflowing_sub'0 {a} {b} (fun (_ret':(Int8.t, bool)) -> [ &_16 <- _ret' ] s1) | s1 = bb5 ] | bb5 = s0 [ s0 = checked_sub'0 {a} {b} (fun (_ret':t_Option'0) -> [ &_21 <- _ret' ] s1) | s1 = bb6 ] | bb6 = s0 [ s0 = is_none'0 {_21} (fun (_ret':bool) -> [ &_19 <- _ret' ] s1) | s1 = bb7 ] | bb7 = s0 @@ -4247,13 +4292,13 @@ module M_checked_ops__test_i8_overflowing_sub [#"checked_ops.rs" 246 0 246 44] | bb4 = {[%#schecked_ops1] false} any ] ) [ & _0 : () = any_l () - | & a : int8 = a - | & b : int8 = b + | & a : Int8.t = a + | & b : Int8.t = b | & _4 : bool = any_l () - | & _6 : (int8, bool) = any_l () - | & _9 : int8 = any_l () + | & _6 : (Int8.t, bool) = any_l () + | & _9 : Int8.t = any_l () | & _14 : bool = any_l () - | & _16 : (int8, bool) = any_l () + | & _16 : (Int8.t, bool) = any_l () | & _19 : bool = any_l () | & _21 : t_Option'0 = any_l () ] [ return' (result:())-> (! return' {result}) ] @@ -4308,42 +4353,42 @@ module M_checked_ops__test_i8_mul_example [#"checked_ops.rs" 252 0 252 28] let%span schecked_ops46 = "checked_ops.rs" 255 4 255 44 let%span schecked_ops47 = "checked_ops.rs" 254 4 254 43 let%span schecked_ops48 = "checked_ops.rs" 253 4 253 47 - let%span snum49 = "../../../creusot-contracts/src/std/num.rs" 128 20 129 89 - let%span snum50 = "../../../creusot-contracts/src/std/num.rs" 132 26 132 87 + let%span snum49 = "../../../creusot-contracts/src/std/num.rs" 171 20 172 89 + let%span snum50 = "../../../creusot-contracts/src/std/num.rs" 175 26 175 87 let%span soption51 = "../../../creusot-contracts/src/std/option.rs" 31 0 423 1 let%span soption52 = "../../../creusot-contracts/src/std/option.rs" 51 26 51 51 - let%span snum53 = "../../../creusot-contracts/src/std/num.rs" 140 20 140 93 - let%span snum54 = "../../../creusot-contracts/src/std/num.rs" 144 20 145 51 - let%span snum55 = "../../../creusot-contracts/src/std/num.rs" 151 20 153 92 - let%span snum56 = "../../../creusot-contracts/src/std/num.rs" 156 20 158 92 - let%span snum57 = "../../../creusot-contracts/src/std/num.rs" 168 20 169 51 - let%span snum58 = "../../../creusot-contracts/src/std/num.rs" 172 26 172 83 - let%span snum59 = "../../../creusot-contracts/src/std/num.rs" 173 26 173 83 - let%span snum60 = "../../../creusot-contracts/src/std/num.rs" 182 20 182 95 - let%span snum61 = "../../../creusot-contracts/src/std/num.rs" 186 20 187 53 - let%span snum62 = "../../../creusot-contracts/src/std/num.rs" 193 20 195 94 - let%span snum63 = "../../../creusot-contracts/src/std/num.rs" 198 20 200 94 - let%span snum64 = "../../../creusot-contracts/src/std/num.rs" 204 20 204 98 + let%span snum53 = "../../../creusot-contracts/src/std/num.rs" 183 20 183 93 + let%span snum54 = "../../../creusot-contracts/src/std/num.rs" 187 20 188 51 + let%span snum55 = "../../../creusot-contracts/src/std/num.rs" 194 20 196 92 + let%span snum56 = "../../../creusot-contracts/src/std/num.rs" 199 20 201 92 + let%span snum57 = "../../../creusot-contracts/src/std/num.rs" 211 20 212 51 + let%span snum58 = "../../../creusot-contracts/src/std/num.rs" 215 26 215 83 + let%span snum59 = "../../../creusot-contracts/src/std/num.rs" 216 26 216 83 + let%span snum60 = "../../../creusot-contracts/src/std/num.rs" 225 20 225 95 + let%span snum61 = "../../../creusot-contracts/src/std/num.rs" 229 20 230 53 + let%span snum62 = "../../../creusot-contracts/src/std/num.rs" 236 20 238 94 + let%span snum63 = "../../../creusot-contracts/src/std/num.rs" 241 20 243 94 + let%span snum64 = "../../../creusot-contracts/src/std/num.rs" 247 20 247 98 + + use prelude.prelude.Int use prelude.prelude.Int8 type t_Option'0 = | C_None'0 - | C_Some'0 int8 + | C_Some'0 Int8.t use prelude.prelude.Int8 - use prelude.prelude.Int - - constant v_MIN'0 : int8 = (-128 : int8) + constant v_MIN'0 : Int8.t = (-128 : Int8.t) - constant v_MAX'0 : int8 = (127 : int8) + constant v_MAX'0 : Int8.t = (127 : Int8.t) - let rec checked_mul'0 (self:int8) (rhs:int8) (return' (ret:t_Option'0))= any + let rec checked_mul'0 (self:Int8.t) (rhs:Int8.t) (return' (ret:t_Option'0))= any [ return' (result:t_Option'0)-> {[%#snum49] (result = C_None'0) - = (Int8.to_int self * Int8.to_int rhs < Int8.to_int (v_MIN'0 : int8) - \/ Int8.to_int self * Int8.to_int rhs > Int8.to_int (v_MAX'0 : int8))} - {[%#snum50] forall r : int8 . result = C_Some'0 r -> Int8.to_int r = Int8.to_int self * Int8.to_int rhs} + = (Int8.to_int self * Int8.to_int rhs < Int8.to_int (v_MIN'0 : Int8.t) + \/ Int8.to_int self * Int8.to_int rhs > Int8.to_int (v_MAX'0 : Int8.t))} + {[%#snum50] forall r : Int8.t . result = C_Some'0 r -> Int8.to_int r = Int8.to_int self * Int8.to_int rhs} (! return' {result}) ] @@ -4351,13 +4396,13 @@ module M_checked_ops__test_i8_mul_example [#"checked_ops.rs" 252 0 252 28] axiom inv_axiom'0 [@rewrite] : forall x : t_Option'0 [inv'0 x] . inv'0 x = true - predicate inv'1 (_1 : int8) + predicate inv'1 (_1 : Int8.t) - axiom inv_axiom'1 [@rewrite] : forall x : int8 [inv'1 x] . inv'1 x = true + axiom inv_axiom'1 [@rewrite] : forall x : Int8.t [inv'1 x] . inv'1 x = true - let rec unwrap'0 (self:t_Option'0) (return' (ret:int8))= {[@expl:unwrap 'self' type invariant] inv'0 self} + let rec unwrap'0 (self:t_Option'0) (return' (ret:Int8.t))= {[@expl:unwrap 'self' type invariant] inv'0 self} {[@expl:unwrap requires] [%#soption51] self <> C_None'0} - any [ return' (result:int8)-> {inv'1 result} {[%#soption51] C_Some'0 result = self} (! return' {result}) ] + any [ return' (result:Int8.t)-> {inv'1 result} {[%#soption51] C_Some'0 result = self} (! return' {result}) ] use prelude.prelude.Borrow @@ -4370,7 +4415,7 @@ module M_checked_ops__test_i8_mul_example [#"checked_ops.rs" 252 0 252 28] use prelude.prelude.UInt32 - constant v_BITS'0 : uint32 = (8 : uint32) + constant v_BITS'0 : UInt32.t = (8 : UInt32.t) use prelude.prelude.UInt32 @@ -4378,53 +4423,55 @@ module M_checked_ops__test_i8_mul_example [#"checked_ops.rs" 252 0 252 28] use int.EuclideanDivision - let rec wrapping_mul'0 (self:int8) (rhs:int8) (return' (ret:int8))= any - [ return' (result:int8)-> {[%#snum53] Int8.to_int result - = EuclideanDivision.mod (Int8.to_int self * Int8.to_int rhs) (Power.power 2 (UInt32.to_int (v_BITS'0 : uint32))) - + Int8.to_int (v_MIN'0 : int8)} - {[%#snum54] Int8.to_int self * Int8.to_int rhs >= Int8.to_int (v_MIN'0 : int8) - /\ Int8.to_int self * Int8.to_int rhs <= Int8.to_int (v_MAX'0 : int8) + let rec wrapping_mul'0 (self:Int8.t) (rhs:Int8.t) (return' (ret:Int8.t))= any + [ return' (result:Int8.t)-> {[%#snum53] Int8.to_int result + = EuclideanDivision.mod (Int8.to_int self + * Int8.to_int rhs) (Power.power 2 (UInt32.to_uint (v_BITS'0 : UInt32.t))) + + Int8.to_int (v_MIN'0 : Int8.t)} + {[%#snum54] Int8.to_int self * Int8.to_int rhs >= Int8.to_int (v_MIN'0 : Int8.t) + /\ Int8.to_int self * Int8.to_int rhs <= Int8.to_int (v_MAX'0 : Int8.t) -> Int8.to_int result = Int8.to_int self * Int8.to_int rhs} - {[%#snum55] Int8.to_int self * Int8.to_int rhs < Int8.to_int (v_MIN'0 : int8) + {[%#snum55] Int8.to_int self * Int8.to_int rhs < Int8.to_int (v_MIN'0 : Int8.t) -> (exists k : int . k > 0 /\ Int8.to_int result - = Int8.to_int self * Int8.to_int rhs + k * (Int8.to_int (v_MAX'0 : int8) - Int8.to_int (v_MIN'0 : int8) + 1))} - {[%#snum56] Int8.to_int self * Int8.to_int rhs > Int8.to_int (v_MAX'0 : int8) + = Int8.to_int self * Int8.to_int rhs + k * (Int8.to_int (v_MAX'0 : Int8.t) - Int8.to_int (v_MIN'0 : Int8.t) + 1))} + {[%#snum56] Int8.to_int self * Int8.to_int rhs > Int8.to_int (v_MAX'0 : Int8.t) -> (exists k : int . k > 0 /\ Int8.to_int result - = Int8.to_int self * Int8.to_int rhs - k * (Int8.to_int (v_MAX'0 : int8) - Int8.to_int (v_MIN'0 : int8) + 1))} + = Int8.to_int self * Int8.to_int rhs - k * (Int8.to_int (v_MAX'0 : Int8.t) - Int8.to_int (v_MIN'0 : Int8.t) + 1))} (! return' {result}) ] - let rec saturating_mul'0 (self:int8) (rhs:int8) (return' (ret:int8))= any - [ return' (result:int8)-> {[%#snum57] Int8.to_int self * Int8.to_int rhs >= Int8.to_int (v_MIN'0 : int8) - /\ Int8.to_int self * Int8.to_int rhs <= Int8.to_int (v_MAX'0 : int8) + let rec saturating_mul'0 (self:Int8.t) (rhs:Int8.t) (return' (ret:Int8.t))= any + [ return' (result:Int8.t)-> {[%#snum57] Int8.to_int self * Int8.to_int rhs >= Int8.to_int (v_MIN'0 : Int8.t) + /\ Int8.to_int self * Int8.to_int rhs <= Int8.to_int (v_MAX'0 : Int8.t) -> Int8.to_int result = Int8.to_int self * Int8.to_int rhs} - {[%#snum58] Int8.to_int self * Int8.to_int rhs < Int8.to_int (v_MIN'0 : int8) - -> Int8.to_int result = Int8.to_int (v_MIN'0 : int8)} - {[%#snum59] Int8.to_int self * Int8.to_int rhs > Int8.to_int (v_MAX'0 : int8) - -> Int8.to_int result = Int8.to_int (v_MAX'0 : int8)} + {[%#snum58] Int8.to_int self * Int8.to_int rhs < Int8.to_int (v_MIN'0 : Int8.t) + -> Int8.to_int result = Int8.to_int (v_MIN'0 : Int8.t)} + {[%#snum59] Int8.to_int self * Int8.to_int rhs > Int8.to_int (v_MAX'0 : Int8.t) + -> Int8.to_int result = Int8.to_int (v_MAX'0 : Int8.t)} (! return' {result}) ] - let rec overflowing_mul'0 (self:int8) (rhs:int8) (return' (ret:(int8, bool)))= any - [ return' (result:(int8, bool))-> {[%#snum60] Int8.to_int (let (a, _) = result in a) - = EuclideanDivision.mod (Int8.to_int self * Int8.to_int rhs) (Power.power 2 (UInt32.to_int (v_BITS'0 : uint32))) - + Int8.to_int (v_MIN'0 : int8)} - {[%#snum61] Int8.to_int self * Int8.to_int rhs >= Int8.to_int (v_MIN'0 : int8) - /\ Int8.to_int self * Int8.to_int rhs <= Int8.to_int (v_MAX'0 : int8) + let rec overflowing_mul'0 (self:Int8.t) (rhs:Int8.t) (return' (ret:(Int8.t, bool)))= any + [ return' (result:(Int8.t, bool))-> {[%#snum60] Int8.to_int (let (a, _) = result in a) + = EuclideanDivision.mod (Int8.to_int self + * Int8.to_int rhs) (Power.power 2 (UInt32.to_uint (v_BITS'0 : UInt32.t))) + + Int8.to_int (v_MIN'0 : Int8.t)} + {[%#snum61] Int8.to_int self * Int8.to_int rhs >= Int8.to_int (v_MIN'0 : Int8.t) + /\ Int8.to_int self * Int8.to_int rhs <= Int8.to_int (v_MAX'0 : Int8.t) -> Int8.to_int (let (a, _) = result in a) = Int8.to_int self * Int8.to_int rhs} - {[%#snum62] Int8.to_int self * Int8.to_int rhs < Int8.to_int (v_MIN'0 : int8) + {[%#snum62] Int8.to_int self * Int8.to_int rhs < Int8.to_int (v_MIN'0 : Int8.t) -> (exists k : int . k > 0 /\ Int8.to_int (let (a, _) = result in a) - = Int8.to_int self * Int8.to_int rhs + k * (Int8.to_int (v_MAX'0 : int8) - Int8.to_int (v_MIN'0 : int8) + 1))} - {[%#snum63] Int8.to_int self * Int8.to_int rhs > Int8.to_int (v_MAX'0 : int8) + = Int8.to_int self * Int8.to_int rhs + k * (Int8.to_int (v_MAX'0 : Int8.t) - Int8.to_int (v_MIN'0 : Int8.t) + 1))} + {[%#snum63] Int8.to_int self * Int8.to_int rhs > Int8.to_int (v_MAX'0 : Int8.t) -> (exists k : int . k > 0 /\ Int8.to_int (let (a, _) = result in a) - = Int8.to_int self * Int8.to_int rhs - k * (Int8.to_int (v_MAX'0 : int8) - Int8.to_int (v_MIN'0 : int8) + 1))} + = Int8.to_int self * Int8.to_int rhs - k * (Int8.to_int (v_MAX'0 : Int8.t) - Int8.to_int (v_MIN'0 : Int8.t) + 1))} {[%#snum64] (let (_, a) = result in a) - = (Int8.to_int self * Int8.to_int rhs < Int8.to_int (v_MIN'0 : int8) - \/ Int8.to_int self * Int8.to_int rhs > Int8.to_int (v_MAX'0 : int8))} + = (Int8.to_int self * Int8.to_int rhs < Int8.to_int (v_MIN'0 : Int8.t) + \/ Int8.to_int self * Int8.to_int rhs > Int8.to_int (v_MAX'0 : Int8.t))} (! return' {result}) ] @@ -4436,90 +4483,90 @@ module M_checked_ops__test_i8_mul_example [#"checked_ops.rs" 252 0 252 28] let rec test_i8_mul_example'0 (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 - [ s0 = checked_mul'0 {[%#schecked_ops0] (5 : int8)} {[%#schecked_ops1] (10 : int8)} + [ s0 = checked_mul'0 {[%#schecked_ops0] (5 : Int8.t)} {[%#schecked_ops1] (10 : Int8.t)} (fun (_ret':t_Option'0) -> [ &_4 <- _ret' ] s1) | s1 = bb1 ] - | bb1 = s0 [ s0 = unwrap'0 {_4} (fun (_ret':int8) -> [ &_3 <- _ret' ] s1) | s1 = bb2 ] + | bb1 = s0 [ s0 = unwrap'0 {_4} (fun (_ret':Int8.t) -> [ &_3 <- _ret' ] s1) | s1 = bb2 ] | bb2 = s0 - [ s0 = Int8.eq {_3} {[%#schecked_ops2] (50 : int8)} (fun (_ret':bool) -> [ &_2 <- _ret' ] s1) + [ s0 = Int8.eq {_3} {[%#schecked_ops2] (50 : Int8.t)} (fun (_ret':bool) -> [ &_2 <- _ret' ] s1) | s1 = any [ br0 -> {_2 = false} (! bb4) | br1 -> {_2} (! bb3) ] ] | bb3 = s0 - [ s0 = checked_mul'0 {[%#schecked_ops3] (50 : int8)} {[%#schecked_ops4] (10 : int8)} + [ s0 = checked_mul'0 {[%#schecked_ops3] (50 : Int8.t)} {[%#schecked_ops4] (10 : Int8.t)} (fun (_ret':t_Option'0) -> [ &_9 <- _ret' ] s1) | s1 = bb5 ] | bb5 = s0 [ s0 = is_none'0 {_9} (fun (_ret':bool) -> [ &_7 <- _ret' ] s1) | s1 = bb6 ] | bb6 = any [ br0 -> {_7 = false} (! bb8) | br1 -> {_7} (! bb7) ] | bb7 = s0 - [ s0 = checked_mul'0 {[%#schecked_ops5] (50 : int8)} {[%#schecked_ops6] (-10 : int8)} + [ s0 = checked_mul'0 {[%#schecked_ops5] (50 : Int8.t)} {[%#schecked_ops6] (-10 : Int8.t)} (fun (_ret':t_Option'0) -> [ &_14 <- _ret' ] s1) | s1 = bb9 ] | bb9 = s0 [ s0 = is_none'0 {_14} (fun (_ret':bool) -> [ &_12 <- _ret' ] s1) | s1 = bb10 ] | bb10 = any [ br0 -> {_12 = false} (! bb12) | br1 -> {_12} (! bb11) ] | bb11 = s0 - [ s0 = wrapping_mul'0 {[%#schecked_ops7] (5 : int8)} {[%#schecked_ops8] (10 : int8)} - (fun (_ret':int8) -> [ &_18 <- _ret' ] s1) + [ s0 = wrapping_mul'0 {[%#schecked_ops7] (5 : Int8.t)} {[%#schecked_ops8] (10 : Int8.t)} + (fun (_ret':Int8.t) -> [ &_18 <- _ret' ] s1) | s1 = bb13 ] | bb13 = s0 - [ s0 = Int8.eq {_18} {[%#schecked_ops9] (50 : int8)} (fun (_ret':bool) -> [ &_17 <- _ret' ] s1) + [ s0 = Int8.eq {_18} {[%#schecked_ops9] (50 : Int8.t)} (fun (_ret':bool) -> [ &_17 <- _ret' ] s1) | s1 = any [ br0 -> {_17 = false} (! bb15) | br1 -> {_17} (! bb14) ] ] | bb14 = s0 - [ s0 = wrapping_mul'0 {[%#schecked_ops10] (50 : int8)} {[%#schecked_ops11] (10 : int8)} - (fun (_ret':int8) -> [ &_22 <- _ret' ] s1) + [ s0 = wrapping_mul'0 {[%#schecked_ops10] (50 : Int8.t)} {[%#schecked_ops11] (10 : Int8.t)} + (fun (_ret':Int8.t) -> [ &_22 <- _ret' ] s1) | s1 = bb16 ] | bb16 = s0 - [ s0 = Int8.eq {_22} {[%#schecked_ops12] (-12 : int8)} (fun (_ret':bool) -> [ &_21 <- _ret' ] s1) + [ s0 = Int8.eq {_22} {[%#schecked_ops12] (-12 : Int8.t)} (fun (_ret':bool) -> [ &_21 <- _ret' ] s1) | s1 = any [ br0 -> {_21 = false} (! bb18) | br1 -> {_21} (! bb17) ] ] | bb17 = s0 - [ s0 = wrapping_mul'0 {[%#schecked_ops13] (50 : int8)} {[%#schecked_ops14] (-10 : int8)} - (fun (_ret':int8) -> [ &_26 <- _ret' ] s1) + [ s0 = wrapping_mul'0 {[%#schecked_ops13] (50 : Int8.t)} {[%#schecked_ops14] (-10 : Int8.t)} + (fun (_ret':Int8.t) -> [ &_26 <- _ret' ] s1) | s1 = bb19 ] | bb19 = s0 - [ s0 = Int8.eq {_26} {[%#schecked_ops15] (12 : int8)} (fun (_ret':bool) -> [ &_25 <- _ret' ] s1) + [ s0 = Int8.eq {_26} {[%#schecked_ops15] (12 : Int8.t)} (fun (_ret':bool) -> [ &_25 <- _ret' ] s1) | s1 = any [ br0 -> {_25 = false} (! bb21) | br1 -> {_25} (! bb20) ] ] | bb20 = s0 - [ s0 = saturating_mul'0 {[%#schecked_ops16] (5 : int8)} {[%#schecked_ops17] (10 : int8)} - (fun (_ret':int8) -> [ &_30 <- _ret' ] s1) + [ s0 = saturating_mul'0 {[%#schecked_ops16] (5 : Int8.t)} {[%#schecked_ops17] (10 : Int8.t)} + (fun (_ret':Int8.t) -> [ &_30 <- _ret' ] s1) | s1 = bb22 ] | bb22 = s0 - [ s0 = Int8.eq {_30} {[%#schecked_ops18] (50 : int8)} (fun (_ret':bool) -> [ &_29 <- _ret' ] s1) + [ s0 = Int8.eq {_30} {[%#schecked_ops18] (50 : Int8.t)} (fun (_ret':bool) -> [ &_29 <- _ret' ] s1) | s1 = any [ br0 -> {_29 = false} (! bb24) | br1 -> {_29} (! bb23) ] ] | bb23 = s0 - [ s0 = saturating_mul'0 {[%#schecked_ops19] (50 : int8)} {[%#schecked_ops20] (10 : int8)} - (fun (_ret':int8) -> [ &_34 <- _ret' ] s1) + [ s0 = saturating_mul'0 {[%#schecked_ops19] (50 : Int8.t)} {[%#schecked_ops20] (10 : Int8.t)} + (fun (_ret':Int8.t) -> [ &_34 <- _ret' ] s1) | s1 = bb25 ] | bb25 = s0 - [ s0 = Int8.eq {_34} {[%#schecked_ops21] (127 : int8)} (fun (_ret':bool) -> [ &_33 <- _ret' ] s1) + [ s0 = Int8.eq {_34} {[%#schecked_ops21] (127 : Int8.t)} (fun (_ret':bool) -> [ &_33 <- _ret' ] s1) | s1 = any [ br0 -> {_33 = false} (! bb27) | br1 -> {_33} (! bb26) ] ] | bb26 = s0 - [ s0 = saturating_mul'0 {[%#schecked_ops22] (50 : int8)} {[%#schecked_ops23] (-10 : int8)} - (fun (_ret':int8) -> [ &_38 <- _ret' ] s1) + [ s0 = saturating_mul'0 {[%#schecked_ops22] (50 : Int8.t)} {[%#schecked_ops23] (-10 : Int8.t)} + (fun (_ret':Int8.t) -> [ &_38 <- _ret' ] s1) | s1 = bb28 ] | bb28 = s0 - [ s0 = Int8.eq {_38} {[%#schecked_ops24] (-128 : int8)} (fun (_ret':bool) -> [ &_37 <- _ret' ] s1) + [ s0 = Int8.eq {_38} {[%#schecked_ops24] (-128 : Int8.t)} (fun (_ret':bool) -> [ &_37 <- _ret' ] s1) | s1 = any [ br0 -> {_37 = false} (! bb30) | br1 -> {_37} (! bb29) ] ] | bb29 = s0 - [ s0 = overflowing_mul'0 {[%#schecked_ops25] (5 : int8)} {[%#schecked_ops26] (10 : int8)} - (fun (_ret':(int8, bool)) -> [ &res <- _ret' ] s1) + [ s0 = overflowing_mul'0 {[%#schecked_ops25] (5 : Int8.t)} {[%#schecked_ops26] (10 : Int8.t)} + (fun (_ret':(Int8.t, bool)) -> [ &res <- _ret' ] s1) | s1 = bb31 ] | bb31 = s0 - [ s0 = Int8.eq {let (r'0, _) = res in r'0} {[%#schecked_ops27] (50 : int8)} + [ s0 = Int8.eq {let (r'0, _) = res in r'0} {[%#schecked_ops27] (50 : Int8.t)} (fun (_ret':bool) -> [ &_42 <- _ret' ] s1) | s1 = any [ br0 -> {_42 = false} (! bb35) | br1 -> {_42} (! bb32) ] ] @@ -4528,12 +4575,12 @@ module M_checked_ops__test_i8_mul_example [#"checked_ops.rs" 252 0 252 28] | s1 = any [ br0 -> {_44 = false} (! bb34) | br1 -> {_44} (! bb33) ] ] | bb33 = s0 - [ s0 = overflowing_mul'0 {[%#schecked_ops29] (50 : int8)} {[%#schecked_ops30] (10 : int8)} - (fun (_ret':(int8, bool)) -> [ &res1 <- _ret' ] s1) + [ s0 = overflowing_mul'0 {[%#schecked_ops29] (50 : Int8.t)} {[%#schecked_ops30] (10 : Int8.t)} + (fun (_ret':(Int8.t, bool)) -> [ &res1 <- _ret' ] s1) | s1 = bb37 ] | bb37 = s0 - [ s0 = Int8.eq {let (r'0, _) = res1 in r'0} {[%#schecked_ops31] (-12 : int8)} + [ s0 = Int8.eq {let (r'0, _) = res1 in r'0} {[%#schecked_ops31] (-12 : Int8.t)} (fun (_ret':bool) -> [ &_49 <- _ret' ] s1) | s1 = any [ br0 -> {_49 = false} (! bb41) | br1 -> {_49} (! bb38) ] ] @@ -4542,12 +4589,12 @@ module M_checked_ops__test_i8_mul_example [#"checked_ops.rs" 252 0 252 28] | s1 = any [ br0 -> {_51 = false} (! bb40) | br1 -> {_51} (! bb39) ] ] | bb39 = s0 - [ s0 = overflowing_mul'0 {[%#schecked_ops33] (50 : int8)} {[%#schecked_ops34] (-10 : int8)} - (fun (_ret':(int8, bool)) -> [ &res2 <- _ret' ] s1) + [ s0 = overflowing_mul'0 {[%#schecked_ops33] (50 : Int8.t)} {[%#schecked_ops34] (-10 : Int8.t)} + (fun (_ret':(Int8.t, bool)) -> [ &res2 <- _ret' ] s1) | s1 = bb43 ] | bb43 = s0 - [ s0 = Int8.eq {let (r'0, _) = res2 in r'0} {[%#schecked_ops35] (12 : int8)} + [ s0 = Int8.eq {let (r'0, _) = res2 in r'0} {[%#schecked_ops35] (12 : Int8.t)} (fun (_ret':bool) -> [ &_56 <- _ret' ] s1) | s1 = any [ br0 -> {_56 = false} (! bb47) | br1 -> {_56} (! bb44) ] ] @@ -4577,31 +4624,31 @@ module M_checked_ops__test_i8_mul_example [#"checked_ops.rs" 252 0 252 28] ) [ & _0 : () = any_l () | & _2 : bool = any_l () - | & _3 : int8 = any_l () + | & _3 : Int8.t = any_l () | & _4 : t_Option'0 = any_l () | & _7 : bool = any_l () | & _9 : t_Option'0 = any_l () | & _12 : bool = any_l () | & _14 : t_Option'0 = any_l () | & _17 : bool = any_l () - | & _18 : int8 = any_l () + | & _18 : Int8.t = any_l () | & _21 : bool = any_l () - | & _22 : int8 = any_l () + | & _22 : Int8.t = any_l () | & _25 : bool = any_l () - | & _26 : int8 = any_l () + | & _26 : Int8.t = any_l () | & _29 : bool = any_l () - | & _30 : int8 = any_l () + | & _30 : Int8.t = any_l () | & _33 : bool = any_l () - | & _34 : int8 = any_l () + | & _34 : Int8.t = any_l () | & _37 : bool = any_l () - | & _38 : int8 = any_l () - | & res : (int8, bool) = any_l () + | & _38 : Int8.t = any_l () + | & res : (Int8.t, bool) = any_l () | & _42 : bool = any_l () | & _44 : bool = any_l () - | & res1 : (int8, bool) = any_l () + | & res1 : (Int8.t, bool) = any_l () | & _49 : bool = any_l () | & _51 : bool = any_l () - | & res2 : (int8, bool) = any_l () + | & res2 : (Int8.t, bool) = any_l () | & _56 : bool = any_l () | & _58 : bool = any_l () ] [ return' (result:())-> (! return' {result}) ] @@ -4620,41 +4667,41 @@ module M_checked_ops__test_i8_mul_zero [#"checked_ops.rs" 274 0 274 30] let%span schecked_ops10 = "checked_ops.rs" 277 4 277 39 let%span schecked_ops11 = "checked_ops.rs" 276 4 276 37 let%span schecked_ops12 = "checked_ops.rs" 275 4 275 45 - let%span snum13 = "../../../creusot-contracts/src/std/num.rs" 128 20 129 89 - let%span snum14 = "../../../creusot-contracts/src/std/num.rs" 132 26 132 87 + let%span snum13 = "../../../creusot-contracts/src/std/num.rs" 171 20 172 89 + let%span snum14 = "../../../creusot-contracts/src/std/num.rs" 175 26 175 87 let%span soption15 = "../../../creusot-contracts/src/std/option.rs" 31 0 423 1 - let%span snum16 = "../../../creusot-contracts/src/std/num.rs" 140 20 140 93 - let%span snum17 = "../../../creusot-contracts/src/std/num.rs" 144 20 145 51 - let%span snum18 = "../../../creusot-contracts/src/std/num.rs" 151 20 153 92 - let%span snum19 = "../../../creusot-contracts/src/std/num.rs" 156 20 158 92 - let%span snum20 = "../../../creusot-contracts/src/std/num.rs" 168 20 169 51 - let%span snum21 = "../../../creusot-contracts/src/std/num.rs" 172 26 172 83 - let%span snum22 = "../../../creusot-contracts/src/std/num.rs" 173 26 173 83 - let%span snum23 = "../../../creusot-contracts/src/std/num.rs" 182 20 182 95 - let%span snum24 = "../../../creusot-contracts/src/std/num.rs" 186 20 187 53 - let%span snum25 = "../../../creusot-contracts/src/std/num.rs" 193 20 195 94 - let%span snum26 = "../../../creusot-contracts/src/std/num.rs" 198 20 200 94 - let%span snum27 = "../../../creusot-contracts/src/std/num.rs" 204 20 204 98 + let%span snum16 = "../../../creusot-contracts/src/std/num.rs" 183 20 183 93 + let%span snum17 = "../../../creusot-contracts/src/std/num.rs" 187 20 188 51 + let%span snum18 = "../../../creusot-contracts/src/std/num.rs" 194 20 196 92 + let%span snum19 = "../../../creusot-contracts/src/std/num.rs" 199 20 201 92 + let%span snum20 = "../../../creusot-contracts/src/std/num.rs" 211 20 212 51 + let%span snum21 = "../../../creusot-contracts/src/std/num.rs" 215 26 215 83 + let%span snum22 = "../../../creusot-contracts/src/std/num.rs" 216 26 216 83 + let%span snum23 = "../../../creusot-contracts/src/std/num.rs" 225 20 225 95 + let%span snum24 = "../../../creusot-contracts/src/std/num.rs" 229 20 230 53 + let%span snum25 = "../../../creusot-contracts/src/std/num.rs" 236 20 238 94 + let%span snum26 = "../../../creusot-contracts/src/std/num.rs" 241 20 243 94 + let%span snum27 = "../../../creusot-contracts/src/std/num.rs" 247 20 247 98 + + use prelude.prelude.Int use prelude.prelude.Int8 type t_Option'0 = | C_None'0 - | C_Some'0 int8 + | C_Some'0 Int8.t use prelude.prelude.Int8 - use prelude.prelude.Int - - constant v_MIN'0 : int8 = (-128 : int8) + constant v_MIN'0 : Int8.t = (-128 : Int8.t) - constant v_MAX'0 : int8 = (127 : int8) + constant v_MAX'0 : Int8.t = (127 : Int8.t) - let rec checked_mul'0 (self:int8) (rhs:int8) (return' (ret:t_Option'0))= any + let rec checked_mul'0 (self:Int8.t) (rhs:Int8.t) (return' (ret:t_Option'0))= any [ return' (result:t_Option'0)-> {[%#snum13] (result = C_None'0) - = (Int8.to_int self * Int8.to_int rhs < Int8.to_int (v_MIN'0 : int8) - \/ Int8.to_int self * Int8.to_int rhs > Int8.to_int (v_MAX'0 : int8))} - {[%#snum14] forall r : int8 . result = C_Some'0 r -> Int8.to_int r = Int8.to_int self * Int8.to_int rhs} + = (Int8.to_int self * Int8.to_int rhs < Int8.to_int (v_MIN'0 : Int8.t) + \/ Int8.to_int self * Int8.to_int rhs > Int8.to_int (v_MAX'0 : Int8.t))} + {[%#snum14] forall r : Int8.t . result = C_Some'0 r -> Int8.to_int r = Int8.to_int self * Int8.to_int rhs} (! return' {result}) ] @@ -4662,17 +4709,17 @@ module M_checked_ops__test_i8_mul_zero [#"checked_ops.rs" 274 0 274 30] axiom inv_axiom'0 [@rewrite] : forall x : t_Option'0 [inv'0 x] . inv'0 x = true - predicate inv'1 (_1 : int8) + predicate inv'1 (_1 : Int8.t) - axiom inv_axiom'1 [@rewrite] : forall x : int8 [inv'1 x] . inv'1 x = true + axiom inv_axiom'1 [@rewrite] : forall x : Int8.t [inv'1 x] . inv'1 x = true - let rec unwrap'0 (self:t_Option'0) (return' (ret:int8))= {[@expl:unwrap 'self' type invariant] inv'0 self} + let rec unwrap'0 (self:t_Option'0) (return' (ret:Int8.t))= {[@expl:unwrap 'self' type invariant] inv'0 self} {[@expl:unwrap requires] [%#soption15] self <> C_None'0} - any [ return' (result:int8)-> {inv'1 result} {[%#soption15] C_Some'0 result = self} (! return' {result}) ] + any [ return' (result:Int8.t)-> {inv'1 result} {[%#soption15] C_Some'0 result = self} (! return' {result}) ] use prelude.prelude.UInt32 - constant v_BITS'0 : uint32 = (8 : uint32) + constant v_BITS'0 : UInt32.t = (8 : UInt32.t) use prelude.prelude.UInt32 @@ -4680,53 +4727,55 @@ module M_checked_ops__test_i8_mul_zero [#"checked_ops.rs" 274 0 274 30] use int.EuclideanDivision - let rec wrapping_mul'0 (self:int8) (rhs:int8) (return' (ret:int8))= any - [ return' (result:int8)-> {[%#snum16] Int8.to_int result - = EuclideanDivision.mod (Int8.to_int self * Int8.to_int rhs) (Power.power 2 (UInt32.to_int (v_BITS'0 : uint32))) - + Int8.to_int (v_MIN'0 : int8)} - {[%#snum17] Int8.to_int self * Int8.to_int rhs >= Int8.to_int (v_MIN'0 : int8) - /\ Int8.to_int self * Int8.to_int rhs <= Int8.to_int (v_MAX'0 : int8) + let rec wrapping_mul'0 (self:Int8.t) (rhs:Int8.t) (return' (ret:Int8.t))= any + [ return' (result:Int8.t)-> {[%#snum16] Int8.to_int result + = EuclideanDivision.mod (Int8.to_int self + * Int8.to_int rhs) (Power.power 2 (UInt32.to_uint (v_BITS'0 : UInt32.t))) + + Int8.to_int (v_MIN'0 : Int8.t)} + {[%#snum17] Int8.to_int self * Int8.to_int rhs >= Int8.to_int (v_MIN'0 : Int8.t) + /\ Int8.to_int self * Int8.to_int rhs <= Int8.to_int (v_MAX'0 : Int8.t) -> Int8.to_int result = Int8.to_int self * Int8.to_int rhs} - {[%#snum18] Int8.to_int self * Int8.to_int rhs < Int8.to_int (v_MIN'0 : int8) + {[%#snum18] Int8.to_int self * Int8.to_int rhs < Int8.to_int (v_MIN'0 : Int8.t) -> (exists k : int . k > 0 /\ Int8.to_int result - = Int8.to_int self * Int8.to_int rhs + k * (Int8.to_int (v_MAX'0 : int8) - Int8.to_int (v_MIN'0 : int8) + 1))} - {[%#snum19] Int8.to_int self * Int8.to_int rhs > Int8.to_int (v_MAX'0 : int8) + = Int8.to_int self * Int8.to_int rhs + k * (Int8.to_int (v_MAX'0 : Int8.t) - Int8.to_int (v_MIN'0 : Int8.t) + 1))} + {[%#snum19] Int8.to_int self * Int8.to_int rhs > Int8.to_int (v_MAX'0 : Int8.t) -> (exists k : int . k > 0 /\ Int8.to_int result - = Int8.to_int self * Int8.to_int rhs - k * (Int8.to_int (v_MAX'0 : int8) - Int8.to_int (v_MIN'0 : int8) + 1))} + = Int8.to_int self * Int8.to_int rhs - k * (Int8.to_int (v_MAX'0 : Int8.t) - Int8.to_int (v_MIN'0 : Int8.t) + 1))} (! return' {result}) ] - let rec saturating_mul'0 (self:int8) (rhs:int8) (return' (ret:int8))= any - [ return' (result:int8)-> {[%#snum20] Int8.to_int self * Int8.to_int rhs >= Int8.to_int (v_MIN'0 : int8) - /\ Int8.to_int self * Int8.to_int rhs <= Int8.to_int (v_MAX'0 : int8) + let rec saturating_mul'0 (self:Int8.t) (rhs:Int8.t) (return' (ret:Int8.t))= any + [ return' (result:Int8.t)-> {[%#snum20] Int8.to_int self * Int8.to_int rhs >= Int8.to_int (v_MIN'0 : Int8.t) + /\ Int8.to_int self * Int8.to_int rhs <= Int8.to_int (v_MAX'0 : Int8.t) -> Int8.to_int result = Int8.to_int self * Int8.to_int rhs} - {[%#snum21] Int8.to_int self * Int8.to_int rhs < Int8.to_int (v_MIN'0 : int8) - -> Int8.to_int result = Int8.to_int (v_MIN'0 : int8)} - {[%#snum22] Int8.to_int self * Int8.to_int rhs > Int8.to_int (v_MAX'0 : int8) - -> Int8.to_int result = Int8.to_int (v_MAX'0 : int8)} + {[%#snum21] Int8.to_int self * Int8.to_int rhs < Int8.to_int (v_MIN'0 : Int8.t) + -> Int8.to_int result = Int8.to_int (v_MIN'0 : Int8.t)} + {[%#snum22] Int8.to_int self * Int8.to_int rhs > Int8.to_int (v_MAX'0 : Int8.t) + -> Int8.to_int result = Int8.to_int (v_MAX'0 : Int8.t)} (! return' {result}) ] - let rec overflowing_mul'0 (self:int8) (rhs:int8) (return' (ret:(int8, bool)))= any - [ return' (result:(int8, bool))-> {[%#snum23] Int8.to_int (let (a, _) = result in a) - = EuclideanDivision.mod (Int8.to_int self * Int8.to_int rhs) (Power.power 2 (UInt32.to_int (v_BITS'0 : uint32))) - + Int8.to_int (v_MIN'0 : int8)} - {[%#snum24] Int8.to_int self * Int8.to_int rhs >= Int8.to_int (v_MIN'0 : int8) - /\ Int8.to_int self * Int8.to_int rhs <= Int8.to_int (v_MAX'0 : int8) + let rec overflowing_mul'0 (self:Int8.t) (rhs:Int8.t) (return' (ret:(Int8.t, bool)))= any + [ return' (result:(Int8.t, bool))-> {[%#snum23] Int8.to_int (let (a, _) = result in a) + = EuclideanDivision.mod (Int8.to_int self + * Int8.to_int rhs) (Power.power 2 (UInt32.to_uint (v_BITS'0 : UInt32.t))) + + Int8.to_int (v_MIN'0 : Int8.t)} + {[%#snum24] Int8.to_int self * Int8.to_int rhs >= Int8.to_int (v_MIN'0 : Int8.t) + /\ Int8.to_int self * Int8.to_int rhs <= Int8.to_int (v_MAX'0 : Int8.t) -> Int8.to_int (let (a, _) = result in a) = Int8.to_int self * Int8.to_int rhs} - {[%#snum25] Int8.to_int self * Int8.to_int rhs < Int8.to_int (v_MIN'0 : int8) + {[%#snum25] Int8.to_int self * Int8.to_int rhs < Int8.to_int (v_MIN'0 : Int8.t) -> (exists k : int . k > 0 /\ Int8.to_int (let (a, _) = result in a) - = Int8.to_int self * Int8.to_int rhs + k * (Int8.to_int (v_MAX'0 : int8) - Int8.to_int (v_MIN'0 : int8) + 1))} - {[%#snum26] Int8.to_int self * Int8.to_int rhs > Int8.to_int (v_MAX'0 : int8) + = Int8.to_int self * Int8.to_int rhs + k * (Int8.to_int (v_MAX'0 : Int8.t) - Int8.to_int (v_MIN'0 : Int8.t) + 1))} + {[%#snum26] Int8.to_int self * Int8.to_int rhs > Int8.to_int (v_MAX'0 : Int8.t) -> (exists k : int . k > 0 /\ Int8.to_int (let (a, _) = result in a) - = Int8.to_int self * Int8.to_int rhs - k * (Int8.to_int (v_MAX'0 : int8) - Int8.to_int (v_MIN'0 : int8) + 1))} + = Int8.to_int self * Int8.to_int rhs - k * (Int8.to_int (v_MAX'0 : Int8.t) - Int8.to_int (v_MIN'0 : Int8.t) + 1))} {[%#snum27] (let (_, a) = result in a) - = (Int8.to_int self * Int8.to_int rhs < Int8.to_int (v_MIN'0 : int8) - \/ Int8.to_int self * Int8.to_int rhs > Int8.to_int (v_MAX'0 : int8))} + = (Int8.to_int self * Int8.to_int rhs < Int8.to_int (v_MIN'0 : Int8.t) + \/ Int8.to_int self * Int8.to_int rhs > Int8.to_int (v_MAX'0 : Int8.t))} (! return' {result}) ] @@ -4736,37 +4785,39 @@ module M_checked_ops__test_i8_mul_zero [#"checked_ops.rs" 274 0 274 30] meta "compute_max_steps" 1000000 - let rec test_i8_mul_zero'0 (a:int8) (return' (ret:()))= (! bb0 + let rec test_i8_mul_zero'0 (a:Int8.t) (return' (ret:()))= (! bb0 [ bb0 = s0 - [ s0 = checked_mul'0 {[%#schecked_ops0] (0 : int8)} {a} (fun (_ret':t_Option'0) -> [ &_5 <- _ret' ] s1) + [ s0 = checked_mul'0 {[%#schecked_ops0] (0 : Int8.t)} {a} (fun (_ret':t_Option'0) -> [ &_5 <- _ret' ] s1) | s1 = bb1 ] - | bb1 = s0 [ s0 = unwrap'0 {_5} (fun (_ret':int8) -> [ &_4 <- _ret' ] s1) | s1 = bb2 ] + | bb1 = s0 [ s0 = unwrap'0 {_5} (fun (_ret':Int8.t) -> [ &_4 <- _ret' ] s1) | s1 = bb2 ] | bb2 = s0 - [ s0 = Int8.eq {_4} {[%#schecked_ops1] (0 : int8)} (fun (_ret':bool) -> [ &_3 <- _ret' ] s1) + [ s0 = Int8.eq {_4} {[%#schecked_ops1] (0 : Int8.t)} (fun (_ret':bool) -> [ &_3 <- _ret' ] s1) | s1 = any [ br0 -> {_3 = false} (! bb4) | br1 -> {_3} (! bb3) ] ] | bb3 = s0 - [ s0 = wrapping_mul'0 {[%#schecked_ops2] (0 : int8)} {a} (fun (_ret':int8) -> [ &_10 <- _ret' ] s1) | s1 = bb5 ] + [ s0 = wrapping_mul'0 {[%#schecked_ops2] (0 : Int8.t)} {a} (fun (_ret':Int8.t) -> [ &_10 <- _ret' ] s1) + | s1 = bb5 ] | bb5 = s0 - [ s0 = Int8.eq {_10} {[%#schecked_ops3] (0 : int8)} (fun (_ret':bool) -> [ &_9 <- _ret' ] s1) + [ s0 = Int8.eq {_10} {[%#schecked_ops3] (0 : Int8.t)} (fun (_ret':bool) -> [ &_9 <- _ret' ] s1) | s1 = any [ br0 -> {_9 = false} (! bb7) | br1 -> {_9} (! bb6) ] ] | bb6 = s0 - [ s0 = saturating_mul'0 {[%#schecked_ops4] (0 : int8)} {a} (fun (_ret':int8) -> [ &_15 <- _ret' ] s1) + [ s0 = saturating_mul'0 {[%#schecked_ops4] (0 : Int8.t)} {a} (fun (_ret':Int8.t) -> [ &_15 <- _ret' ] s1) | s1 = bb8 ] | bb8 = s0 - [ s0 = Int8.eq {_15} {[%#schecked_ops5] (0 : int8)} (fun (_ret':bool) -> [ &_14 <- _ret' ] s1) + [ s0 = Int8.eq {_15} {[%#schecked_ops5] (0 : Int8.t)} (fun (_ret':bool) -> [ &_14 <- _ret' ] s1) | s1 = any [ br0 -> {_14 = false} (! bb10) | br1 -> {_14} (! bb9) ] ] | bb9 = s0 - [ s0 = overflowing_mul'0 {[%#schecked_ops6] (0 : int8)} {a} (fun (_ret':(int8, bool)) -> [ &res <- _ret' ] s1) + [ s0 = overflowing_mul'0 {[%#schecked_ops6] (0 : Int8.t)} {a} + (fun (_ret':(Int8.t, bool)) -> [ &res <- _ret' ] s1) | s1 = bb11 ] | bb11 = s0 - [ s0 = Int8.eq {let (r'0, _) = res in r'0} {[%#schecked_ops7] (0 : int8)} + [ s0 = Int8.eq {let (r'0, _) = res in r'0} {[%#schecked_ops7] (0 : Int8.t)} (fun (_ret':bool) -> [ &_21 <- _ret' ] s1) | s1 = any [ br0 -> {_21 = false} (! bb15) | br1 -> {_21} (! bb12) ] ] @@ -4783,15 +4834,15 @@ module M_checked_ops__test_i8_mul_zero [#"checked_ops.rs" 274 0 274 30] | bb4 = {[%#schecked_ops12] false} any ] ) [ & _0 : () = any_l () - | & a : int8 = a + | & a : Int8.t = a | & _3 : bool = any_l () - | & _4 : int8 = any_l () + | & _4 : Int8.t = any_l () | & _5 : t_Option'0 = any_l () | & _9 : bool = any_l () - | & _10 : int8 = any_l () + | & _10 : Int8.t = any_l () | & _14 : bool = any_l () - | & _15 : int8 = any_l () - | & res : (int8, bool) = any_l () + | & _15 : Int8.t = any_l () + | & res : (Int8.t, bool) = any_l () | & _21 : bool = any_l () | & _23 : bool = any_l () ] [ return' (result:())-> (! return' {result}) ] @@ -4799,17 +4850,17 @@ end module M_checked_ops__test_i8_overflowing_mul [#"checked_ops.rs" 283 0 283 44] let%span schecked_ops0 = "checked_ops.rs" 285 4 285 65 let%span schecked_ops1 = "checked_ops.rs" 284 4 284 56 - let%span snum2 = "../../../creusot-contracts/src/std/num.rs" 182 20 182 95 - let%span snum3 = "../../../creusot-contracts/src/std/num.rs" 186 20 187 53 - let%span snum4 = "../../../creusot-contracts/src/std/num.rs" 193 20 195 94 - let%span snum5 = "../../../creusot-contracts/src/std/num.rs" 198 20 200 94 - let%span snum6 = "../../../creusot-contracts/src/std/num.rs" 204 20 204 98 - let%span snum7 = "../../../creusot-contracts/src/std/num.rs" 140 20 140 93 - let%span snum8 = "../../../creusot-contracts/src/std/num.rs" 144 20 145 51 - let%span snum9 = "../../../creusot-contracts/src/std/num.rs" 151 20 153 92 - let%span snum10 = "../../../creusot-contracts/src/std/num.rs" 156 20 158 92 - let%span snum11 = "../../../creusot-contracts/src/std/num.rs" 128 20 129 89 - let%span snum12 = "../../../creusot-contracts/src/std/num.rs" 132 26 132 87 + let%span snum2 = "../../../creusot-contracts/src/std/num.rs" 225 20 225 95 + let%span snum3 = "../../../creusot-contracts/src/std/num.rs" 229 20 230 53 + let%span snum4 = "../../../creusot-contracts/src/std/num.rs" 236 20 238 94 + let%span snum5 = "../../../creusot-contracts/src/std/num.rs" 241 20 243 94 + let%span snum6 = "../../../creusot-contracts/src/std/num.rs" 247 20 247 98 + let%span snum7 = "../../../creusot-contracts/src/std/num.rs" 183 20 183 93 + let%span snum8 = "../../../creusot-contracts/src/std/num.rs" 187 20 188 51 + let%span snum9 = "../../../creusot-contracts/src/std/num.rs" 194 20 196 92 + let%span snum10 = "../../../creusot-contracts/src/std/num.rs" 199 20 201 92 + let%span snum11 = "../../../creusot-contracts/src/std/num.rs" 171 20 172 89 + let%span snum12 = "../../../creusot-contracts/src/std/num.rs" 175 26 175 87 let%span soption13 = "../../../creusot-contracts/src/std/option.rs" 51 26 51 51 use prelude.prelude.Int8 @@ -4818,7 +4869,7 @@ module M_checked_ops__test_i8_overflowing_mul [#"checked_ops.rs" 283 0 283 44] use prelude.prelude.UInt32 - constant v_BITS'0 : uint32 = (8 : uint32) + constant v_BITS'0 : UInt32.t = (8 : UInt32.t) use prelude.prelude.UInt32 @@ -4828,58 +4879,60 @@ module M_checked_ops__test_i8_overflowing_mul [#"checked_ops.rs" 283 0 283 44] use prelude.prelude.Int8 - constant v_MIN'0 : int8 = (-128 : int8) + constant v_MIN'0 : Int8.t = (-128 : Int8.t) - constant v_MAX'0 : int8 = (127 : int8) + constant v_MAX'0 : Int8.t = (127 : Int8.t) - let rec overflowing_mul'0 (self:int8) (rhs:int8) (return' (ret:(int8, bool)))= any - [ return' (result:(int8, bool))-> {[%#snum2] Int8.to_int (let (a, _) = result in a) - = EuclideanDivision.mod (Int8.to_int self * Int8.to_int rhs) (Power.power 2 (UInt32.to_int (v_BITS'0 : uint32))) - + Int8.to_int (v_MIN'0 : int8)} - {[%#snum3] Int8.to_int self * Int8.to_int rhs >= Int8.to_int (v_MIN'0 : int8) - /\ Int8.to_int self * Int8.to_int rhs <= Int8.to_int (v_MAX'0 : int8) + let rec overflowing_mul'0 (self:Int8.t) (rhs:Int8.t) (return' (ret:(Int8.t, bool)))= any + [ return' (result:(Int8.t, bool))-> {[%#snum2] Int8.to_int (let (a, _) = result in a) + = EuclideanDivision.mod (Int8.to_int self + * Int8.to_int rhs) (Power.power 2 (UInt32.to_uint (v_BITS'0 : UInt32.t))) + + Int8.to_int (v_MIN'0 : Int8.t)} + {[%#snum3] Int8.to_int self * Int8.to_int rhs >= Int8.to_int (v_MIN'0 : Int8.t) + /\ Int8.to_int self * Int8.to_int rhs <= Int8.to_int (v_MAX'0 : Int8.t) -> Int8.to_int (let (a, _) = result in a) = Int8.to_int self * Int8.to_int rhs} - {[%#snum4] Int8.to_int self * Int8.to_int rhs < Int8.to_int (v_MIN'0 : int8) + {[%#snum4] Int8.to_int self * Int8.to_int rhs < Int8.to_int (v_MIN'0 : Int8.t) -> (exists k : int . k > 0 /\ Int8.to_int (let (a, _) = result in a) - = Int8.to_int self * Int8.to_int rhs + k * (Int8.to_int (v_MAX'0 : int8) - Int8.to_int (v_MIN'0 : int8) + 1))} - {[%#snum5] Int8.to_int self * Int8.to_int rhs > Int8.to_int (v_MAX'0 : int8) + = Int8.to_int self * Int8.to_int rhs + k * (Int8.to_int (v_MAX'0 : Int8.t) - Int8.to_int (v_MIN'0 : Int8.t) + 1))} + {[%#snum5] Int8.to_int self * Int8.to_int rhs > Int8.to_int (v_MAX'0 : Int8.t) -> (exists k : int . k > 0 /\ Int8.to_int (let (a, _) = result in a) - = Int8.to_int self * Int8.to_int rhs - k * (Int8.to_int (v_MAX'0 : int8) - Int8.to_int (v_MIN'0 : int8) + 1))} + = Int8.to_int self * Int8.to_int rhs - k * (Int8.to_int (v_MAX'0 : Int8.t) - Int8.to_int (v_MIN'0 : Int8.t) + 1))} {[%#snum6] (let (_, a) = result in a) - = (Int8.to_int self * Int8.to_int rhs < Int8.to_int (v_MIN'0 : int8) - \/ Int8.to_int self * Int8.to_int rhs > Int8.to_int (v_MAX'0 : int8))} + = (Int8.to_int self * Int8.to_int rhs < Int8.to_int (v_MIN'0 : Int8.t) + \/ Int8.to_int self * Int8.to_int rhs > Int8.to_int (v_MAX'0 : Int8.t))} (! return' {result}) ] - let rec wrapping_mul'0 (self:int8) (rhs:int8) (return' (ret:int8))= any - [ return' (result:int8)-> {[%#snum7] Int8.to_int result - = EuclideanDivision.mod (Int8.to_int self * Int8.to_int rhs) (Power.power 2 (UInt32.to_int (v_BITS'0 : uint32))) - + Int8.to_int (v_MIN'0 : int8)} - {[%#snum8] Int8.to_int self * Int8.to_int rhs >= Int8.to_int (v_MIN'0 : int8) - /\ Int8.to_int self * Int8.to_int rhs <= Int8.to_int (v_MAX'0 : int8) + let rec wrapping_mul'0 (self:Int8.t) (rhs:Int8.t) (return' (ret:Int8.t))= any + [ return' (result:Int8.t)-> {[%#snum7] Int8.to_int result + = EuclideanDivision.mod (Int8.to_int self + * Int8.to_int rhs) (Power.power 2 (UInt32.to_uint (v_BITS'0 : UInt32.t))) + + Int8.to_int (v_MIN'0 : Int8.t)} + {[%#snum8] Int8.to_int self * Int8.to_int rhs >= Int8.to_int (v_MIN'0 : Int8.t) + /\ Int8.to_int self * Int8.to_int rhs <= Int8.to_int (v_MAX'0 : Int8.t) -> Int8.to_int result = Int8.to_int self * Int8.to_int rhs} - {[%#snum9] Int8.to_int self * Int8.to_int rhs < Int8.to_int (v_MIN'0 : int8) + {[%#snum9] Int8.to_int self * Int8.to_int rhs < Int8.to_int (v_MIN'0 : Int8.t) -> (exists k : int . k > 0 /\ Int8.to_int result - = Int8.to_int self * Int8.to_int rhs + k * (Int8.to_int (v_MAX'0 : int8) - Int8.to_int (v_MIN'0 : int8) + 1))} - {[%#snum10] Int8.to_int self * Int8.to_int rhs > Int8.to_int (v_MAX'0 : int8) + = Int8.to_int self * Int8.to_int rhs + k * (Int8.to_int (v_MAX'0 : Int8.t) - Int8.to_int (v_MIN'0 : Int8.t) + 1))} + {[%#snum10] Int8.to_int self * Int8.to_int rhs > Int8.to_int (v_MAX'0 : Int8.t) -> (exists k : int . k > 0 /\ Int8.to_int result - = Int8.to_int self * Int8.to_int rhs - k * (Int8.to_int (v_MAX'0 : int8) - Int8.to_int (v_MIN'0 : int8) + 1))} + = Int8.to_int self * Int8.to_int rhs - k * (Int8.to_int (v_MAX'0 : Int8.t) - Int8.to_int (v_MIN'0 : Int8.t) + 1))} (! return' {result}) ] type t_Option'0 = | C_None'0 - | C_Some'0 int8 + | C_Some'0 Int8.t - let rec checked_mul'0 (self:int8) (rhs:int8) (return' (ret:t_Option'0))= any + let rec checked_mul'0 (self:Int8.t) (rhs:Int8.t) (return' (ret:t_Option'0))= any [ return' (result:t_Option'0)-> {[%#snum11] (result = C_None'0) - = (Int8.to_int self * Int8.to_int rhs < Int8.to_int (v_MIN'0 : int8) - \/ Int8.to_int self * Int8.to_int rhs > Int8.to_int (v_MAX'0 : int8))} - {[%#snum12] forall r : int8 . result = C_Some'0 r -> Int8.to_int r = Int8.to_int self * Int8.to_int rhs} + = (Int8.to_int self * Int8.to_int rhs < Int8.to_int (v_MIN'0 : Int8.t) + \/ Int8.to_int self * Int8.to_int rhs > Int8.to_int (v_MAX'0 : Int8.t))} + {[%#snum12] forall r : Int8.t . result = C_Some'0 r -> Int8.to_int r = Int8.to_int self * Int8.to_int rhs} (! return' {result}) ] @@ -4898,14 +4951,14 @@ module M_checked_ops__test_i8_overflowing_mul [#"checked_ops.rs" 283 0 283 44] meta "compute_max_steps" 1000000 - let rec test_i8_overflowing_mul'0 (a:int8) (b:int8) (return' (ret:()))= (! bb0 - [ bb0 = s0 [ s0 = overflowing_mul'0 {a} {b} (fun (_ret':(int8, bool)) -> [ &_6 <- _ret' ] s1) | s1 = bb1 ] - | bb1 = s0 [ s0 = wrapping_mul'0 {a} {b} (fun (_ret':int8) -> [ &_9 <- _ret' ] s1) | s1 = bb2 ] + let rec test_i8_overflowing_mul'0 (a:Int8.t) (b:Int8.t) (return' (ret:()))= (! bb0 + [ bb0 = s0 [ s0 = overflowing_mul'0 {a} {b} (fun (_ret':(Int8.t, bool)) -> [ &_6 <- _ret' ] s1) | s1 = bb1 ] + | bb1 = s0 [ s0 = wrapping_mul'0 {a} {b} (fun (_ret':Int8.t) -> [ &_9 <- _ret' ] s1) | s1 = bb2 ] | bb2 = s0 [ s0 = Int8.eq {let (r'0, _) = _6 in r'0} {_9} (fun (_ret':bool) -> [ &_4 <- _ret' ] s1) | s1 = any [ br0 -> {_4 = false} (! bb4) | br1 -> {_4} (! bb3) ] ] - | bb3 = s0 [ s0 = overflowing_mul'0 {a} {b} (fun (_ret':(int8, bool)) -> [ &_16 <- _ret' ] s1) | s1 = bb5 ] + | bb3 = s0 [ s0 = overflowing_mul'0 {a} {b} (fun (_ret':(Int8.t, bool)) -> [ &_16 <- _ret' ] s1) | s1 = bb5 ] | bb5 = s0 [ s0 = checked_mul'0 {a} {b} (fun (_ret':t_Option'0) -> [ &_21 <- _ret' ] s1) | s1 = bb6 ] | bb6 = s0 [ s0 = is_none'0 {_21} (fun (_ret':bool) -> [ &_19 <- _ret' ] s1) | s1 = bb7 ] | bb7 = s0 @@ -4917,13 +4970,13 @@ module M_checked_ops__test_i8_overflowing_mul [#"checked_ops.rs" 283 0 283 44] | bb4 = {[%#schecked_ops1] false} any ] ) [ & _0 : () = any_l () - | & a : int8 = a - | & b : int8 = b + | & a : Int8.t = a + | & b : Int8.t = b | & _4 : bool = any_l () - | & _6 : (int8, bool) = any_l () - | & _9 : int8 = any_l () + | & _6 : (Int8.t, bool) = any_l () + | & _9 : Int8.t = any_l () | & _14 : bool = any_l () - | & _16 : (int8, bool) = any_l () + | & _16 : (Int8.t, bool) = any_l () | & _19 : bool = any_l () | & _21 : t_Option'0 = any_l () ] [ return' (result:())-> (! return' {result}) ] @@ -4982,37 +5035,37 @@ module M_checked_ops__test_i8_div_example [#"checked_ops.rs" 289 0 289 28] let%span schecked_ops50 = "checked_ops.rs" 292 4 292 47 let%span schecked_ops51 = "checked_ops.rs" 291 4 291 45 let%span schecked_ops52 = "checked_ops.rs" 290 4 290 41 - let%span snum53 = "../../../creusot-contracts/src/std/num.rs" 66 26 66 97 - let%span snum54 = "../../../creusot-contracts/src/std/num.rs" 68 26 68 83 + let%span snum53 = "../../../creusot-contracts/src/std/num.rs" 109 26 109 97 + let%span snum54 = "../../../creusot-contracts/src/std/num.rs" 111 26 111 83 let%span soption55 = "../../../creusot-contracts/src/std/option.rs" 51 26 51 51 let%span soption56 = "../../../creusot-contracts/src/std/option.rs" 31 0 423 1 - let%span snum57 = "../../../creusot-contracts/src/std/num.rs" 74 27 74 36 - let%span snum58 = "../../../creusot-contracts/src/std/num.rs" 76 26 76 83 - let%span snum59 = "../../../creusot-contracts/src/std/num.rs" 78 26 78 89 - let%span snum60 = "../../../creusot-contracts/src/std/num.rs" 84 27 84 36 - let%span snum61 = "../../../creusot-contracts/src/std/num.rs" 86 26 86 89 - let%span snum62 = "../../../creusot-contracts/src/std/num.rs" 88 26 88 89 - let%span snum63 = "../../../creusot-contracts/src/std/num.rs" 94 27 94 36 - let%span snum64 = "../../../creusot-contracts/src/std/num.rs" 96 26 96 85 - let%span snum65 = "../../../creusot-contracts/src/std/num.rs" 98 26 98 91 - let%span snum66 = "../../../creusot-contracts/src/std/num.rs" 100 26 100 74 + let%span snum57 = "../../../creusot-contracts/src/std/num.rs" 117 27 117 36 + let%span snum58 = "../../../creusot-contracts/src/std/num.rs" 119 26 119 83 + let%span snum59 = "../../../creusot-contracts/src/std/num.rs" 121 26 121 89 + let%span snum60 = "../../../creusot-contracts/src/std/num.rs" 127 27 127 36 + let%span snum61 = "../../../creusot-contracts/src/std/num.rs" 129 26 129 89 + let%span snum62 = "../../../creusot-contracts/src/std/num.rs" 131 26 131 89 + let%span snum63 = "../../../creusot-contracts/src/std/num.rs" 137 27 137 36 + let%span snum64 = "../../../creusot-contracts/src/std/num.rs" 139 26 139 85 + let%span snum65 = "../../../creusot-contracts/src/std/num.rs" 141 26 141 91 + let%span snum66 = "../../../creusot-contracts/src/std/num.rs" 143 26 143 74 + + use prelude.prelude.Int use prelude.prelude.Int8 type t_Option'0 = | C_None'0 - | C_Some'0 int8 + | C_Some'0 Int8.t use prelude.prelude.Int8 - constant v_MIN'0 : int8 = (-128 : int8) + constant v_MIN'0 : Int8.t = (-128 : Int8.t) - use prelude.prelude.Int - - let rec checked_div'0 (self:int8) (rhs:int8) (return' (ret:t_Option'0))= any + let rec checked_div'0 (self:Int8.t) (rhs:Int8.t) (return' (ret:t_Option'0))= any [ return' (result:t_Option'0)-> {[%#snum53] (result = C_None'0) - = (Int8.to_int rhs = 0 \/ Int8.to_int self = Int8.to_int (v_MIN'0 : int8) /\ Int8.to_int rhs = - 1)} - {[%#snum54] forall r : int8 . result = C_Some'0 r -> Int8.to_int r = div (Int8.to_int self) (Int8.to_int rhs)} + = (Int8.to_int rhs = 0 \/ Int8.to_int self = Int8.to_int (v_MIN'0 : Int8.t) /\ Int8.to_int rhs = - 1)} + {[%#snum54] forall r : Int8.t . result = C_Some'0 r -> Int8.to_int r = div (Int8.to_int self) (Int8.to_int rhs)} (! return' {result}) ] @@ -5029,43 +5082,43 @@ module M_checked_ops__test_i8_div_example [#"checked_ops.rs" 289 0 289 28] axiom inv_axiom'1 [@rewrite] : forall x : t_Option'0 [inv'1 x] . inv'1 x = true - predicate inv'2 (_1 : int8) + predicate inv'2 (_1 : Int8.t) - axiom inv_axiom'2 [@rewrite] : forall x : int8 [inv'2 x] . inv'2 x = true + axiom inv_axiom'2 [@rewrite] : forall x : Int8.t [inv'2 x] . inv'2 x = true - let rec unwrap'0 (self:t_Option'0) (return' (ret:int8))= {[@expl:unwrap 'self' type invariant] inv'1 self} + let rec unwrap'0 (self:t_Option'0) (return' (ret:Int8.t))= {[@expl:unwrap 'self' type invariant] inv'1 self} {[@expl:unwrap requires] [%#soption56] self <> C_None'0} - any [ return' (result:int8)-> {inv'2 result} {[%#soption56] C_Some'0 result = self} (! return' {result}) ] + any [ return' (result:Int8.t)-> {inv'2 result} {[%#soption56] C_Some'0 result = self} (! return' {result}) ] - let rec wrapping_div'0 (self:int8) (rhs:int8) (return' (ret:int8))= {[@expl:wrapping_div requires] [%#snum57] Int8.to_int rhs + let rec wrapping_div'0 (self:Int8.t) (rhs:Int8.t) (return' (ret:Int8.t))= {[@expl:wrapping_div requires] [%#snum57] Int8.to_int rhs <> 0} any - [ return' (result:int8)-> {[%#snum58] Int8.to_int self = Int8.to_int (v_MIN'0 : int8) /\ Int8.to_int rhs = - 1 + [ return' (result:Int8.t)-> {[%#snum58] Int8.to_int self = Int8.to_int (v_MIN'0 : Int8.t) /\ Int8.to_int rhs = - 1 -> Int8.to_int result = Int8.to_int self} - {[%#snum59] Int8.to_int self = Int8.to_int (v_MIN'0 : int8) /\ Int8.to_int rhs = - 1 + {[%#snum59] Int8.to_int self = Int8.to_int (v_MIN'0 : Int8.t) /\ Int8.to_int rhs = - 1 \/ Int8.to_int result = div (Int8.to_int self) (Int8.to_int rhs)} (! return' {result}) ] - let rec saturating_div'0 (self:int8) (rhs:int8) (return' (ret:int8))= {[@expl:saturating_div requires] [%#snum60] Int8.to_int rhs + let rec saturating_div'0 (self:Int8.t) (rhs:Int8.t) (return' (ret:Int8.t))= {[@expl:saturating_div requires] [%#snum60] Int8.to_int rhs <> 0} any - [ return' (result:int8)-> {[%#snum61] Int8.to_int self = Int8.to_int (v_MIN'0 : int8) /\ Int8.to_int rhs = - 1 - -> Int8.to_int result = Int8.to_int (v_MIN'0 : int8)} - {[%#snum62] Int8.to_int self = Int8.to_int (v_MIN'0 : int8) /\ Int8.to_int rhs = - 1 + [ return' (result:Int8.t)-> {[%#snum61] Int8.to_int self = Int8.to_int (v_MIN'0 : Int8.t) /\ Int8.to_int rhs = - 1 + -> Int8.to_int result = Int8.to_int (v_MIN'0 : Int8.t)} + {[%#snum62] Int8.to_int self = Int8.to_int (v_MIN'0 : Int8.t) /\ Int8.to_int rhs = - 1 \/ Int8.to_int result = div (Int8.to_int self) (Int8.to_int rhs)} (! return' {result}) ] - let rec overflowing_div'0 (self:int8) (rhs:int8) (return' (ret:(int8, bool)))= {[@expl:overflowing_div requires] [%#snum63] Int8.to_int rhs + let rec overflowing_div'0 (self:Int8.t) (rhs:Int8.t) (return' (ret:(Int8.t, bool)))= {[@expl:overflowing_div requires] [%#snum63] Int8.to_int rhs <> 0} any - [ return' (result:(int8, bool))-> {[%#snum64] Int8.to_int self = Int8.to_int (v_MIN'0 : int8) + [ return' (result:(Int8.t, bool))-> {[%#snum64] Int8.to_int self = Int8.to_int (v_MIN'0 : Int8.t) /\ Int8.to_int rhs = - 1 -> Int8.to_int (let (a, _) = result in a) = Int8.to_int self} - {[%#snum65] Int8.to_int self = Int8.to_int (v_MIN'0 : int8) /\ Int8.to_int rhs = - 1 + {[%#snum65] Int8.to_int self = Int8.to_int (v_MIN'0 : Int8.t) /\ Int8.to_int rhs = - 1 \/ Int8.to_int (let (a, _) = result in a) = div (Int8.to_int self) (Int8.to_int rhs)} {[%#snum66] (let (_, a) = result in a) - = (Int8.to_int self = Int8.to_int (v_MIN'0 : int8) /\ Int8.to_int rhs = - 1)} + = (Int8.to_int self = Int8.to_int (v_MIN'0 : Int8.t) /\ Int8.to_int rhs = - 1)} (! return' {result}) ] @@ -5077,100 +5130,100 @@ module M_checked_ops__test_i8_div_example [#"checked_ops.rs" 289 0 289 28] let rec test_i8_div_example'0 (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 - [ s0 = checked_div'0 {[%#schecked_ops0] (5 : int8)} {[%#schecked_ops1] (0 : int8)} + [ s0 = checked_div'0 {[%#schecked_ops0] (5 : Int8.t)} {[%#schecked_ops1] (0 : Int8.t)} (fun (_ret':t_Option'0) -> [ &_4 <- _ret' ] s1) | s1 = bb1 ] | bb1 = s0 [ s0 = is_none'0 {_4} (fun (_ret':bool) -> [ &_2 <- _ret' ] s1) | s1 = bb2 ] | bb2 = any [ br0 -> {_2 = false} (! bb4) | br1 -> {_2} (! bb3) ] | bb3 = s0 - [ s0 = checked_div'0 {[%#schecked_ops2] (5 : int8)} {[%#schecked_ops3] (2 : int8)} + [ s0 = checked_div'0 {[%#schecked_ops2] (5 : Int8.t)} {[%#schecked_ops3] (2 : Int8.t)} (fun (_ret':t_Option'0) -> [ &_9 <- _ret' ] s1) | s1 = bb5 ] - | bb5 = s0 [ s0 = unwrap'0 {_9} (fun (_ret':int8) -> [ &_8 <- _ret' ] s1) | s1 = bb6 ] + | bb5 = s0 [ s0 = unwrap'0 {_9} (fun (_ret':Int8.t) -> [ &_8 <- _ret' ] s1) | s1 = bb6 ] | bb6 = s0 - [ s0 = Int8.eq {_8} {[%#schecked_ops4] (2 : int8)} (fun (_ret':bool) -> [ &_7 <- _ret' ] s1) + [ s0 = Int8.eq {_8} {[%#schecked_ops4] (2 : Int8.t)} (fun (_ret':bool) -> [ &_7 <- _ret' ] s1) | s1 = any [ br0 -> {_7 = false} (! bb8) | br1 -> {_7} (! bb7) ] ] | bb7 = s0 - [ s0 = checked_div'0 {[%#schecked_ops5] (5 : int8)} {[%#schecked_ops6] (-2 : int8)} + [ s0 = checked_div'0 {[%#schecked_ops5] (5 : Int8.t)} {[%#schecked_ops6] (-2 : Int8.t)} (fun (_ret':t_Option'0) -> [ &_14 <- _ret' ] s1) | s1 = bb9 ] - | bb9 = s0 [ s0 = unwrap'0 {_14} (fun (_ret':int8) -> [ &_13 <- _ret' ] s1) | s1 = bb10 ] + | bb9 = s0 [ s0 = unwrap'0 {_14} (fun (_ret':Int8.t) -> [ &_13 <- _ret' ] s1) | s1 = bb10 ] | bb10 = s0 - [ s0 = Int8.eq {_13} {[%#schecked_ops7] (-2 : int8)} (fun (_ret':bool) -> [ &_12 <- _ret' ] s1) + [ s0 = Int8.eq {_13} {[%#schecked_ops7] (-2 : Int8.t)} (fun (_ret':bool) -> [ &_12 <- _ret' ] s1) | s1 = any [ br0 -> {_12 = false} (! bb12) | br1 -> {_12} (! bb11) ] ] | bb11 = s0 - [ s0 = checked_div'0 {[%#schecked_ops8] (-128 : int8)} {[%#schecked_ops9] (-1 : int8)} + [ s0 = checked_div'0 {[%#schecked_ops8] (-128 : Int8.t)} {[%#schecked_ops9] (-1 : Int8.t)} (fun (_ret':t_Option'0) -> [ &_19 <- _ret' ] s1) | s1 = bb13 ] | bb13 = s0 [ s0 = is_none'0 {_19} (fun (_ret':bool) -> [ &_17 <- _ret' ] s1) | s1 = bb14 ] | bb14 = any [ br0 -> {_17 = false} (! bb16) | br1 -> {_17} (! bb15) ] | bb15 = s0 - [ s0 = wrapping_div'0 {[%#schecked_ops10] (5 : int8)} {[%#schecked_ops11] (2 : int8)} - (fun (_ret':int8) -> [ &_23 <- _ret' ] s1) + [ s0 = wrapping_div'0 {[%#schecked_ops10] (5 : Int8.t)} {[%#schecked_ops11] (2 : Int8.t)} + (fun (_ret':Int8.t) -> [ &_23 <- _ret' ] s1) | s1 = bb17 ] | bb17 = s0 - [ s0 = Int8.eq {_23} {[%#schecked_ops12] (2 : int8)} (fun (_ret':bool) -> [ &_22 <- _ret' ] s1) + [ s0 = Int8.eq {_23} {[%#schecked_ops12] (2 : Int8.t)} (fun (_ret':bool) -> [ &_22 <- _ret' ] s1) | s1 = any [ br0 -> {_22 = false} (! bb19) | br1 -> {_22} (! bb18) ] ] | bb18 = s0 - [ s0 = wrapping_div'0 {[%#schecked_ops13] (5 : int8)} {[%#schecked_ops14] (-2 : int8)} - (fun (_ret':int8) -> [ &_27 <- _ret' ] s1) + [ s0 = wrapping_div'0 {[%#schecked_ops13] (5 : Int8.t)} {[%#schecked_ops14] (-2 : Int8.t)} + (fun (_ret':Int8.t) -> [ &_27 <- _ret' ] s1) | s1 = bb20 ] | bb20 = s0 - [ s0 = Int8.eq {_27} {[%#schecked_ops15] (-2 : int8)} (fun (_ret':bool) -> [ &_26 <- _ret' ] s1) + [ s0 = Int8.eq {_27} {[%#schecked_ops15] (-2 : Int8.t)} (fun (_ret':bool) -> [ &_26 <- _ret' ] s1) | s1 = any [ br0 -> {_26 = false} (! bb22) | br1 -> {_26} (! bb21) ] ] | bb21 = s0 - [ s0 = wrapping_div'0 {[%#schecked_ops16] (-128 : int8)} {[%#schecked_ops17] (-1 : int8)} - (fun (_ret':int8) -> [ &_31 <- _ret' ] s1) + [ s0 = wrapping_div'0 {[%#schecked_ops16] (-128 : Int8.t)} {[%#schecked_ops17] (-1 : Int8.t)} + (fun (_ret':Int8.t) -> [ &_31 <- _ret' ] s1) | s1 = bb23 ] | bb23 = s0 - [ s0 = Int8.eq {_31} {[%#schecked_ops18] (-128 : int8)} (fun (_ret':bool) -> [ &_30 <- _ret' ] s1) + [ s0 = Int8.eq {_31} {[%#schecked_ops18] (-128 : Int8.t)} (fun (_ret':bool) -> [ &_30 <- _ret' ] s1) | s1 = any [ br0 -> {_30 = false} (! bb25) | br1 -> {_30} (! bb24) ] ] | bb24 = s0 - [ s0 = saturating_div'0 {[%#schecked_ops19] (5 : int8)} {[%#schecked_ops20] (2 : int8)} - (fun (_ret':int8) -> [ &_35 <- _ret' ] s1) + [ s0 = saturating_div'0 {[%#schecked_ops19] (5 : Int8.t)} {[%#schecked_ops20] (2 : Int8.t)} + (fun (_ret':Int8.t) -> [ &_35 <- _ret' ] s1) | s1 = bb26 ] | bb26 = s0 - [ s0 = Int8.eq {_35} {[%#schecked_ops21] (2 : int8)} (fun (_ret':bool) -> [ &_34 <- _ret' ] s1) + [ s0 = Int8.eq {_35} {[%#schecked_ops21] (2 : Int8.t)} (fun (_ret':bool) -> [ &_34 <- _ret' ] s1) | s1 = any [ br0 -> {_34 = false} (! bb28) | br1 -> {_34} (! bb27) ] ] | bb27 = s0 - [ s0 = saturating_div'0 {[%#schecked_ops22] (5 : int8)} {[%#schecked_ops23] (-2 : int8)} - (fun (_ret':int8) -> [ &_39 <- _ret' ] s1) + [ s0 = saturating_div'0 {[%#schecked_ops22] (5 : Int8.t)} {[%#schecked_ops23] (-2 : Int8.t)} + (fun (_ret':Int8.t) -> [ &_39 <- _ret' ] s1) | s1 = bb29 ] | bb29 = s0 - [ s0 = Int8.eq {_39} {[%#schecked_ops24] (-2 : int8)} (fun (_ret':bool) -> [ &_38 <- _ret' ] s1) + [ s0 = Int8.eq {_39} {[%#schecked_ops24] (-2 : Int8.t)} (fun (_ret':bool) -> [ &_38 <- _ret' ] s1) | s1 = any [ br0 -> {_38 = false} (! bb31) | br1 -> {_38} (! bb30) ] ] | bb30 = s0 - [ s0 = saturating_div'0 {[%#schecked_ops25] (-128 : int8)} {[%#schecked_ops26] (-1 : int8)} - (fun (_ret':int8) -> [ &_43 <- _ret' ] s1) + [ s0 = saturating_div'0 {[%#schecked_ops25] (-128 : Int8.t)} {[%#schecked_ops26] (-1 : Int8.t)} + (fun (_ret':Int8.t) -> [ &_43 <- _ret' ] s1) | s1 = bb32 ] | bb32 = s0 - [ s0 = Int8.eq {_43} {[%#schecked_ops27] (-128 : int8)} (fun (_ret':bool) -> [ &_42 <- _ret' ] s1) + [ s0 = Int8.eq {_43} {[%#schecked_ops27] (-128 : Int8.t)} (fun (_ret':bool) -> [ &_42 <- _ret' ] s1) | s1 = any [ br0 -> {_42 = false} (! bb34) | br1 -> {_42} (! bb33) ] ] | bb33 = s0 - [ s0 = overflowing_div'0 {[%#schecked_ops28] (5 : int8)} {[%#schecked_ops29] (2 : int8)} - (fun (_ret':(int8, bool)) -> [ &res <- _ret' ] s1) + [ s0 = overflowing_div'0 {[%#schecked_ops28] (5 : Int8.t)} {[%#schecked_ops29] (2 : Int8.t)} + (fun (_ret':(Int8.t, bool)) -> [ &res <- _ret' ] s1) | s1 = bb35 ] | bb35 = s0 - [ s0 = Int8.eq {let (r'0, _) = res in r'0} {[%#schecked_ops30] (2 : int8)} + [ s0 = Int8.eq {let (r'0, _) = res in r'0} {[%#schecked_ops30] (2 : Int8.t)} (fun (_ret':bool) -> [ &_47 <- _ret' ] s1) | s1 = any [ br0 -> {_47 = false} (! bb39) | br1 -> {_47} (! bb36) ] ] @@ -5179,12 +5232,12 @@ module M_checked_ops__test_i8_div_example [#"checked_ops.rs" 289 0 289 28] | s1 = any [ br0 -> {_49 = false} (! bb38) | br1 -> {_49} (! bb37) ] ] | bb37 = s0 - [ s0 = overflowing_div'0 {[%#schecked_ops32] (5 : int8)} {[%#schecked_ops33] (-2 : int8)} - (fun (_ret':(int8, bool)) -> [ &res1 <- _ret' ] s1) + [ s0 = overflowing_div'0 {[%#schecked_ops32] (5 : Int8.t)} {[%#schecked_ops33] (-2 : Int8.t)} + (fun (_ret':(Int8.t, bool)) -> [ &res1 <- _ret' ] s1) | s1 = bb41 ] | bb41 = s0 - [ s0 = Int8.eq {let (r'0, _) = res1 in r'0} {[%#schecked_ops34] (-2 : int8)} + [ s0 = Int8.eq {let (r'0, _) = res1 in r'0} {[%#schecked_ops34] (-2 : Int8.t)} (fun (_ret':bool) -> [ &_54 <- _ret' ] s1) | s1 = any [ br0 -> {_54 = false} (! bb45) | br1 -> {_54} (! bb42) ] ] @@ -5193,12 +5246,12 @@ module M_checked_ops__test_i8_div_example [#"checked_ops.rs" 289 0 289 28] | s1 = any [ br0 -> {_56 = false} (! bb44) | br1 -> {_56} (! bb43) ] ] | bb43 = s0 - [ s0 = overflowing_div'0 {[%#schecked_ops36] (-128 : int8)} {[%#schecked_ops37] (-1 : int8)} - (fun (_ret':(int8, bool)) -> [ &res2 <- _ret' ] s1) + [ s0 = overflowing_div'0 {[%#schecked_ops36] (-128 : Int8.t)} {[%#schecked_ops37] (-1 : Int8.t)} + (fun (_ret':(Int8.t, bool)) -> [ &res2 <- _ret' ] s1) | s1 = bb47 ] | bb47 = s0 - [ s0 = Int8.eq {let (r'0, _) = res2 in r'0} {[%#schecked_ops38] (-128 : int8)} + [ s0 = Int8.eq {let (r'0, _) = res2 in r'0} {[%#schecked_ops38] (-128 : Int8.t)} (fun (_ret':bool) -> [ &_61 <- _ret' ] s1) | s1 = any [ br0 -> {_61 = false} (! bb51) | br1 -> {_61} (! bb48) ] ] @@ -5231,32 +5284,32 @@ module M_checked_ops__test_i8_div_example [#"checked_ops.rs" 289 0 289 28] | & _2 : bool = any_l () | & _4 : t_Option'0 = any_l () | & _7 : bool = any_l () - | & _8 : int8 = any_l () + | & _8 : Int8.t = any_l () | & _9 : t_Option'0 = any_l () | & _12 : bool = any_l () - | & _13 : int8 = any_l () + | & _13 : Int8.t = any_l () | & _14 : t_Option'0 = any_l () | & _17 : bool = any_l () | & _19 : t_Option'0 = any_l () | & _22 : bool = any_l () - | & _23 : int8 = any_l () + | & _23 : Int8.t = any_l () | & _26 : bool = any_l () - | & _27 : int8 = any_l () + | & _27 : Int8.t = any_l () | & _30 : bool = any_l () - | & _31 : int8 = any_l () + | & _31 : Int8.t = any_l () | & _34 : bool = any_l () - | & _35 : int8 = any_l () + | & _35 : Int8.t = any_l () | & _38 : bool = any_l () - | & _39 : int8 = any_l () + | & _39 : Int8.t = any_l () | & _42 : bool = any_l () - | & _43 : int8 = any_l () - | & res : (int8, bool) = any_l () + | & _43 : Int8.t = any_l () + | & res : (Int8.t, bool) = any_l () | & _47 : bool = any_l () | & _49 : bool = any_l () - | & res1 : (int8, bool) = any_l () + | & res1 : (Int8.t, bool) = any_l () | & _54 : bool = any_l () | & _56 : bool = any_l () - | & res2 : (int8, bool) = any_l () + | & res2 : (Int8.t, bool) = any_l () | & _61 : bool = any_l () | & _63 : bool = any_l () ] [ return' (result:())-> (! return' {result}) ] @@ -5272,36 +5325,36 @@ module M_checked_ops__test_i8_div_no_overflow [#"checked_ops.rs" 313 0 313 44] let%span schecked_ops7 = "checked_ops.rs" 315 4 315 39 let%span schecked_ops8 = "checked_ops.rs" 314 4 314 47 let%span schecked_ops9 = "checked_ops.rs" 312 11 312 46 - let%span snum10 = "../../../creusot-contracts/src/std/num.rs" 66 26 66 97 - let%span snum11 = "../../../creusot-contracts/src/std/num.rs" 68 26 68 83 + let%span snum10 = "../../../creusot-contracts/src/std/num.rs" 109 26 109 97 + let%span snum11 = "../../../creusot-contracts/src/std/num.rs" 111 26 111 83 let%span soption12 = "../../../creusot-contracts/src/std/option.rs" 31 0 423 1 - let%span snum13 = "../../../creusot-contracts/src/std/num.rs" 74 27 74 36 - let%span snum14 = "../../../creusot-contracts/src/std/num.rs" 76 26 76 83 - let%span snum15 = "../../../creusot-contracts/src/std/num.rs" 78 26 78 89 - let%span snum16 = "../../../creusot-contracts/src/std/num.rs" 84 27 84 36 - let%span snum17 = "../../../creusot-contracts/src/std/num.rs" 86 26 86 89 - let%span snum18 = "../../../creusot-contracts/src/std/num.rs" 88 26 88 89 - let%span snum19 = "../../../creusot-contracts/src/std/num.rs" 94 27 94 36 - let%span snum20 = "../../../creusot-contracts/src/std/num.rs" 96 26 96 85 - let%span snum21 = "../../../creusot-contracts/src/std/num.rs" 98 26 98 91 - let%span snum22 = "../../../creusot-contracts/src/std/num.rs" 100 26 100 74 + let%span snum13 = "../../../creusot-contracts/src/std/num.rs" 117 27 117 36 + let%span snum14 = "../../../creusot-contracts/src/std/num.rs" 119 26 119 83 + let%span snum15 = "../../../creusot-contracts/src/std/num.rs" 121 26 121 89 + let%span snum16 = "../../../creusot-contracts/src/std/num.rs" 127 27 127 36 + let%span snum17 = "../../../creusot-contracts/src/std/num.rs" 129 26 129 89 + let%span snum18 = "../../../creusot-contracts/src/std/num.rs" 131 26 131 89 + let%span snum19 = "../../../creusot-contracts/src/std/num.rs" 137 27 137 36 + let%span snum20 = "../../../creusot-contracts/src/std/num.rs" 139 26 139 85 + let%span snum21 = "../../../creusot-contracts/src/std/num.rs" 141 26 141 91 + let%span snum22 = "../../../creusot-contracts/src/std/num.rs" 143 26 143 74 + + use prelude.prelude.Int use prelude.prelude.Int8 type t_Option'0 = | C_None'0 - | C_Some'0 int8 + | C_Some'0 Int8.t use prelude.prelude.Int8 - constant v_MIN'0 : int8 = (-128 : int8) - - use prelude.prelude.Int + constant v_MIN'0 : Int8.t = (-128 : Int8.t) - let rec checked_div'0 (self:int8) (rhs:int8) (return' (ret:t_Option'0))= any + let rec checked_div'0 (self:Int8.t) (rhs:Int8.t) (return' (ret:t_Option'0))= any [ return' (result:t_Option'0)-> {[%#snum10] (result = C_None'0) - = (Int8.to_int rhs = 0 \/ Int8.to_int self = Int8.to_int (v_MIN'0 : int8) /\ Int8.to_int rhs = - 1)} - {[%#snum11] forall r : int8 . result = C_Some'0 r -> Int8.to_int r = div (Int8.to_int self) (Int8.to_int rhs)} + = (Int8.to_int rhs = 0 \/ Int8.to_int self = Int8.to_int (v_MIN'0 : Int8.t) /\ Int8.to_int rhs = - 1)} + {[%#snum11] forall r : Int8.t . result = C_Some'0 r -> Int8.to_int r = div (Int8.to_int self) (Int8.to_int rhs)} (! return' {result}) ] @@ -5309,43 +5362,43 @@ module M_checked_ops__test_i8_div_no_overflow [#"checked_ops.rs" 313 0 313 44] axiom inv_axiom'0 [@rewrite] : forall x : t_Option'0 [inv'0 x] . inv'0 x = true - predicate inv'1 (_1 : int8) + predicate inv'1 (_1 : Int8.t) - axiom inv_axiom'1 [@rewrite] : forall x : int8 [inv'1 x] . inv'1 x = true + axiom inv_axiom'1 [@rewrite] : forall x : Int8.t [inv'1 x] . inv'1 x = true - let rec unwrap'0 (self:t_Option'0) (return' (ret:int8))= {[@expl:unwrap 'self' type invariant] inv'0 self} + let rec unwrap'0 (self:t_Option'0) (return' (ret:Int8.t))= {[@expl:unwrap 'self' type invariant] inv'0 self} {[@expl:unwrap requires] [%#soption12] self <> C_None'0} - any [ return' (result:int8)-> {inv'1 result} {[%#soption12] C_Some'0 result = self} (! return' {result}) ] + any [ return' (result:Int8.t)-> {inv'1 result} {[%#soption12] C_Some'0 result = self} (! return' {result}) ] - let rec wrapping_div'0 (self:int8) (rhs:int8) (return' (ret:int8))= {[@expl:wrapping_div requires] [%#snum13] Int8.to_int rhs + let rec wrapping_div'0 (self:Int8.t) (rhs:Int8.t) (return' (ret:Int8.t))= {[@expl:wrapping_div requires] [%#snum13] Int8.to_int rhs <> 0} any - [ return' (result:int8)-> {[%#snum14] Int8.to_int self = Int8.to_int (v_MIN'0 : int8) /\ Int8.to_int rhs = - 1 + [ return' (result:Int8.t)-> {[%#snum14] Int8.to_int self = Int8.to_int (v_MIN'0 : Int8.t) /\ Int8.to_int rhs = - 1 -> Int8.to_int result = Int8.to_int self} - {[%#snum15] Int8.to_int self = Int8.to_int (v_MIN'0 : int8) /\ Int8.to_int rhs = - 1 + {[%#snum15] Int8.to_int self = Int8.to_int (v_MIN'0 : Int8.t) /\ Int8.to_int rhs = - 1 \/ Int8.to_int result = div (Int8.to_int self) (Int8.to_int rhs)} (! return' {result}) ] - let rec saturating_div'0 (self:int8) (rhs:int8) (return' (ret:int8))= {[@expl:saturating_div requires] [%#snum16] Int8.to_int rhs + let rec saturating_div'0 (self:Int8.t) (rhs:Int8.t) (return' (ret:Int8.t))= {[@expl:saturating_div requires] [%#snum16] Int8.to_int rhs <> 0} any - [ return' (result:int8)-> {[%#snum17] Int8.to_int self = Int8.to_int (v_MIN'0 : int8) /\ Int8.to_int rhs = - 1 - -> Int8.to_int result = Int8.to_int (v_MIN'0 : int8)} - {[%#snum18] Int8.to_int self = Int8.to_int (v_MIN'0 : int8) /\ Int8.to_int rhs = - 1 + [ return' (result:Int8.t)-> {[%#snum17] Int8.to_int self = Int8.to_int (v_MIN'0 : Int8.t) /\ Int8.to_int rhs = - 1 + -> Int8.to_int result = Int8.to_int (v_MIN'0 : Int8.t)} + {[%#snum18] Int8.to_int self = Int8.to_int (v_MIN'0 : Int8.t) /\ Int8.to_int rhs = - 1 \/ Int8.to_int result = div (Int8.to_int self) (Int8.to_int rhs)} (! return' {result}) ] - let rec overflowing_div'0 (self:int8) (rhs:int8) (return' (ret:(int8, bool)))= {[@expl:overflowing_div requires] [%#snum19] Int8.to_int rhs + let rec overflowing_div'0 (self:Int8.t) (rhs:Int8.t) (return' (ret:(Int8.t, bool)))= {[@expl:overflowing_div requires] [%#snum19] Int8.to_int rhs <> 0} any - [ return' (result:(int8, bool))-> {[%#snum20] Int8.to_int self = Int8.to_int (v_MIN'0 : int8) + [ return' (result:(Int8.t, bool))-> {[%#snum20] Int8.to_int self = Int8.to_int (v_MIN'0 : Int8.t) /\ Int8.to_int rhs = - 1 -> Int8.to_int (let (a, _) = result in a) = Int8.to_int self} - {[%#snum21] Int8.to_int self = Int8.to_int (v_MIN'0 : int8) /\ Int8.to_int rhs = - 1 + {[%#snum21] Int8.to_int self = Int8.to_int (v_MIN'0 : Int8.t) /\ Int8.to_int rhs = - 1 \/ Int8.to_int (let (a, _) = result in a) = div (Int8.to_int self) (Int8.to_int rhs)} {[%#snum22] (let (_, a) = result in a) - = (Int8.to_int self = Int8.to_int (v_MIN'0 : int8) /\ Int8.to_int rhs = - 1)} + = (Int8.to_int self = Int8.to_int (v_MIN'0 : Int8.t) /\ Int8.to_int rhs = - 1)} (! return' {result}) ] @@ -5355,88 +5408,88 @@ module M_checked_ops__test_i8_div_no_overflow [#"checked_ops.rs" 313 0 313 44] meta "compute_max_steps" 1000000 - let rec test_i8_div_no_overflow'0 (a:int8) (b:int8) (return' (ret:()))= {[@expl:test_i8_div_no_overflow requires] [%#schecked_ops9] Int8.to_int b + let rec test_i8_div_no_overflow'0 (a:Int8.t) (b:Int8.t) (return' (ret:()))= {[@expl:test_i8_div_no_overflow requires] [%#schecked_ops9] Int8.to_int b <> 0 /\ (Int8.to_int a <> - 128 \/ Int8.to_int b <> - 1)} (! bb0 [ bb0 = s0 [ s0 = checked_div'0 {a} {b} (fun (_ret':t_Option'0) -> [ &_7 <- _ret' ] s1) | s1 = bb1 ] - | bb1 = s0 [ s0 = unwrap'0 {_7} (fun (_ret':int8) -> [ &_6 <- _ret' ] s1) | s1 = bb2 ] + | bb1 = s0 [ s0 = unwrap'0 {_7} (fun (_ret':Int8.t) -> [ &_6 <- _ret' ] s1) | s1 = bb2 ] | bb2 = s0 [ s0 = [ &_11 <- a ] s1 | s1 = [ &_12 <- b ] s2 - | s2 = Int8.eq {_12} {[%#schecked_ops0] (0 : int8)} (fun (_ret':bool) -> [ &_13 <- _ret' ] s3) + | s2 = Int8.eq {_12} {[%#schecked_ops0] (0 : Int8.t)} (fun (_ret':bool) -> [ &_13 <- _ret' ] s3) | s3 = {[@expl:division by zero] [%#schecked_ops0] not _13} s4 | s4 = bb3 ] | bb3 = s0 - [ s0 = Int8.eq {_12} {[%#schecked_ops0] (-1 : int8)} (fun (_ret':bool) -> [ &_14 <- _ret' ] s1) - | s1 = Int8.eq {_11} {[%#schecked_ops0] (-128 : int8)} (fun (_ret':bool) -> [ &_15 <- _ret' ] s2) + [ s0 = Int8.eq {_12} {[%#schecked_ops0] (-1 : Int8.t)} (fun (_ret':bool) -> [ &_14 <- _ret' ] s1) + | s1 = Int8.eq {_11} {[%#schecked_ops0] (-128 : Int8.t)} (fun (_ret':bool) -> [ &_15 <- _ret' ] s2) | s2 = [ &_16 <- _14 && _15 ] s3 | s3 = {[@expl:Div overflow] [%#schecked_ops0] not _16} s4 | s4 = bb4 ] | bb4 = s0 - [ s0 = Int8.div {_11} {_12} (fun (_ret':int8) -> [ &_10 <- _ret' ] s1) + [ s0 = Int8.div {_11} {_12} (fun (_ret':Int8.t) -> [ &_10 <- _ret' ] s1) | s1 = Int8.eq {_6} {_10} (fun (_ret':bool) -> [ &_5 <- _ret' ] s2) | s2 = any [ br0 -> {_5 = false} (! bb6) | br1 -> {_5} (! bb5) ] ] - | bb5 = s0 [ s0 = wrapping_div'0 {a} {b} (fun (_ret':int8) -> [ &_20 <- _ret' ] s1) | s1 = bb7 ] + | bb5 = s0 [ s0 = wrapping_div'0 {a} {b} (fun (_ret':Int8.t) -> [ &_20 <- _ret' ] s1) | s1 = bb7 ] | bb7 = s0 [ s0 = [ &_24 <- a ] s1 | s1 = [ &_25 <- b ] s2 - | s2 = Int8.eq {_25} {[%#schecked_ops1] (0 : int8)} (fun (_ret':bool) -> [ &_26 <- _ret' ] s3) + | s2 = Int8.eq {_25} {[%#schecked_ops1] (0 : Int8.t)} (fun (_ret':bool) -> [ &_26 <- _ret' ] s3) | s3 = {[@expl:division by zero] [%#schecked_ops1] not _26} s4 | s4 = bb8 ] | bb8 = s0 - [ s0 = Int8.eq {_25} {[%#schecked_ops1] (-1 : int8)} (fun (_ret':bool) -> [ &_27 <- _ret' ] s1) - | s1 = Int8.eq {_24} {[%#schecked_ops1] (-128 : int8)} (fun (_ret':bool) -> [ &_28 <- _ret' ] s2) + [ s0 = Int8.eq {_25} {[%#schecked_ops1] (-1 : Int8.t)} (fun (_ret':bool) -> [ &_27 <- _ret' ] s1) + | s1 = Int8.eq {_24} {[%#schecked_ops1] (-128 : Int8.t)} (fun (_ret':bool) -> [ &_28 <- _ret' ] s2) | s2 = [ &_29 <- _27 && _28 ] s3 | s3 = {[@expl:Div overflow] [%#schecked_ops1] not _29} s4 | s4 = bb9 ] | bb9 = s0 - [ s0 = Int8.div {_24} {_25} (fun (_ret':int8) -> [ &_23 <- _ret' ] s1) + [ s0 = Int8.div {_24} {_25} (fun (_ret':Int8.t) -> [ &_23 <- _ret' ] s1) | s1 = Int8.eq {_20} {_23} (fun (_ret':bool) -> [ &_19 <- _ret' ] s2) | s2 = any [ br0 -> {_19 = false} (! bb11) | br1 -> {_19} (! bb10) ] ] - | bb10 = s0 [ s0 = saturating_div'0 {a} {b} (fun (_ret':int8) -> [ &_33 <- _ret' ] s1) | s1 = bb12 ] + | bb10 = s0 [ s0 = saturating_div'0 {a} {b} (fun (_ret':Int8.t) -> [ &_33 <- _ret' ] s1) | s1 = bb12 ] | bb12 = s0 [ s0 = [ &_37 <- a ] s1 | s1 = [ &_38 <- b ] s2 - | s2 = Int8.eq {_38} {[%#schecked_ops2] (0 : int8)} (fun (_ret':bool) -> [ &_39 <- _ret' ] s3) + | s2 = Int8.eq {_38} {[%#schecked_ops2] (0 : Int8.t)} (fun (_ret':bool) -> [ &_39 <- _ret' ] s3) | s3 = {[@expl:division by zero] [%#schecked_ops2] not _39} s4 | s4 = bb13 ] | bb13 = s0 - [ s0 = Int8.eq {_38} {[%#schecked_ops2] (-1 : int8)} (fun (_ret':bool) -> [ &_40 <- _ret' ] s1) - | s1 = Int8.eq {_37} {[%#schecked_ops2] (-128 : int8)} (fun (_ret':bool) -> [ &_41 <- _ret' ] s2) + [ s0 = Int8.eq {_38} {[%#schecked_ops2] (-1 : Int8.t)} (fun (_ret':bool) -> [ &_40 <- _ret' ] s1) + | s1 = Int8.eq {_37} {[%#schecked_ops2] (-128 : Int8.t)} (fun (_ret':bool) -> [ &_41 <- _ret' ] s2) | s2 = [ &_42 <- _40 && _41 ] s3 | s3 = {[@expl:Div overflow] [%#schecked_ops2] not _42} s4 | s4 = bb14 ] | bb14 = s0 - [ s0 = Int8.div {_37} {_38} (fun (_ret':int8) -> [ &_36 <- _ret' ] s1) + [ s0 = Int8.div {_37} {_38} (fun (_ret':Int8.t) -> [ &_36 <- _ret' ] s1) | s1 = Int8.eq {_33} {_36} (fun (_ret':bool) -> [ &_32 <- _ret' ] s2) | s2 = any [ br0 -> {_32 = false} (! bb16) | br1 -> {_32} (! bb15) ] ] - | bb15 = s0 [ s0 = overflowing_div'0 {a} {b} (fun (_ret':(int8, bool)) -> [ &res <- _ret' ] s1) | s1 = bb17 ] + | bb15 = s0 [ s0 = overflowing_div'0 {a} {b} (fun (_ret':(Int8.t, bool)) -> [ &res <- _ret' ] s1) | s1 = bb17 ] | bb17 = s0 [ s0 = [ &_51 <- a ] s1 | s1 = [ &_52 <- b ] s2 - | s2 = Int8.eq {_52} {[%#schecked_ops3] (0 : int8)} (fun (_ret':bool) -> [ &_53 <- _ret' ] s3) + | s2 = Int8.eq {_52} {[%#schecked_ops3] (0 : Int8.t)} (fun (_ret':bool) -> [ &_53 <- _ret' ] s3) | s3 = {[@expl:division by zero] [%#schecked_ops3] not _53} s4 | s4 = bb18 ] | bb18 = s0 - [ s0 = Int8.eq {_52} {[%#schecked_ops3] (-1 : int8)} (fun (_ret':bool) -> [ &_54 <- _ret' ] s1) - | s1 = Int8.eq {_51} {[%#schecked_ops3] (-128 : int8)} (fun (_ret':bool) -> [ &_55 <- _ret' ] s2) + [ s0 = Int8.eq {_52} {[%#schecked_ops3] (-1 : Int8.t)} (fun (_ret':bool) -> [ &_54 <- _ret' ] s1) + | s1 = Int8.eq {_51} {[%#schecked_ops3] (-128 : Int8.t)} (fun (_ret':bool) -> [ &_55 <- _ret' ] s2) | s2 = [ &_56 <- _54 && _55 ] s3 | s3 = {[@expl:Div overflow] [%#schecked_ops3] not _56} s4 | s4 = bb19 ] | bb19 = s0 - [ s0 = Int8.div {_51} {_52} (fun (_ret':int8) -> [ &_50 <- _ret' ] s1) + [ s0 = Int8.div {_51} {_52} (fun (_ret':Int8.t) -> [ &_50 <- _ret' ] s1) | s1 = Int8.eq {let (r'0, _) = res in r'0} {_50} (fun (_ret':bool) -> [ &_48 <- _ret' ] s2) | s2 = any [ br0 -> {_48 = false} (! bb23) | br1 -> {_48} (! bb20) ] ] @@ -5453,41 +5506,41 @@ module M_checked_ops__test_i8_div_no_overflow [#"checked_ops.rs" 313 0 313 44] | bb6 = {[%#schecked_ops8] false} any ] ) [ & _0 : () = any_l () - | & a : int8 = a - | & b : int8 = b + | & a : Int8.t = a + | & b : Int8.t = b | & _5 : bool = any_l () - | & _6 : int8 = any_l () + | & _6 : Int8.t = any_l () | & _7 : t_Option'0 = any_l () - | & _10 : int8 = any_l () - | & _11 : int8 = any_l () - | & _12 : int8 = any_l () + | & _10 : Int8.t = any_l () + | & _11 : Int8.t = any_l () + | & _12 : Int8.t = any_l () | & _13 : bool = any_l () | & _14 : bool = any_l () | & _15 : bool = any_l () | & _16 : bool = any_l () | & _19 : bool = any_l () - | & _20 : int8 = any_l () - | & _23 : int8 = any_l () - | & _24 : int8 = any_l () - | & _25 : int8 = any_l () + | & _20 : Int8.t = any_l () + | & _23 : Int8.t = any_l () + | & _24 : Int8.t = any_l () + | & _25 : Int8.t = any_l () | & _26 : bool = any_l () | & _27 : bool = any_l () | & _28 : bool = any_l () | & _29 : bool = any_l () | & _32 : bool = any_l () - | & _33 : int8 = any_l () - | & _36 : int8 = any_l () - | & _37 : int8 = any_l () - | & _38 : int8 = any_l () + | & _33 : Int8.t = any_l () + | & _36 : Int8.t = any_l () + | & _37 : Int8.t = any_l () + | & _38 : Int8.t = any_l () | & _39 : bool = any_l () | & _40 : bool = any_l () | & _41 : bool = any_l () | & _42 : bool = any_l () - | & res : (int8, bool) = any_l () + | & res : (Int8.t, bool) = any_l () | & _48 : bool = any_l () - | & _50 : int8 = any_l () - | & _51 : int8 = any_l () - | & _52 : int8 = any_l () + | & _50 : Int8.t = any_l () + | & _51 : Int8.t = any_l () + | & _52 : Int8.t = any_l () | & _53 : bool = any_l () | & _54 : bool = any_l () | & _55 : bool = any_l () @@ -5498,26 +5551,26 @@ end module M_checked_ops__test_i8_div_zero [#"checked_ops.rs" 322 0 322 30] let%span schecked_ops0 = "checked_ops.rs" 323 26 323 27 let%span schecked_ops1 = "checked_ops.rs" 323 4 323 39 - let%span snum2 = "../../../creusot-contracts/src/std/num.rs" 66 26 66 97 - let%span snum3 = "../../../creusot-contracts/src/std/num.rs" 68 26 68 83 + let%span snum2 = "../../../creusot-contracts/src/std/num.rs" 109 26 109 97 + let%span snum3 = "../../../creusot-contracts/src/std/num.rs" 111 26 111 83 let%span soption4 = "../../../creusot-contracts/src/std/option.rs" 51 26 51 51 + use prelude.prelude.Int + use prelude.prelude.Int8 type t_Option'0 = | C_None'0 - | C_Some'0 int8 + | C_Some'0 Int8.t use prelude.prelude.Int8 - constant v_MIN'0 : int8 = (-128 : int8) - - use prelude.prelude.Int + constant v_MIN'0 : Int8.t = (-128 : Int8.t) - let rec checked_div'0 (self:int8) (rhs:int8) (return' (ret:t_Option'0))= any + let rec checked_div'0 (self:Int8.t) (rhs:Int8.t) (return' (ret:t_Option'0))= any [ return' (result:t_Option'0)-> {[%#snum2] (result = C_None'0) - = (Int8.to_int rhs = 0 \/ Int8.to_int self = Int8.to_int (v_MIN'0 : int8) /\ Int8.to_int rhs = - 1)} - {[%#snum3] forall r : int8 . result = C_Some'0 r -> Int8.to_int r = div (Int8.to_int self) (Int8.to_int rhs)} + = (Int8.to_int rhs = 0 \/ Int8.to_int self = Int8.to_int (v_MIN'0 : Int8.t) /\ Int8.to_int rhs = - 1)} + {[%#snum3] forall r : Int8.t . result = C_Some'0 r -> Int8.to_int r = div (Int8.to_int self) (Int8.to_int rhs)} (! return' {result}) ] @@ -5534,16 +5587,16 @@ module M_checked_ops__test_i8_div_zero [#"checked_ops.rs" 322 0 322 30] meta "compute_max_steps" 1000000 - let rec test_i8_div_zero'0 (a:int8) (return' (ret:()))= (! bb0 + let rec test_i8_div_zero'0 (a:Int8.t) (return' (ret:()))= (! bb0 [ bb0 = s0 - [ s0 = checked_div'0 {a} {[%#schecked_ops0] (0 : int8)} (fun (_ret':t_Option'0) -> [ &_5 <- _ret' ] s1) + [ s0 = checked_div'0 {a} {[%#schecked_ops0] (0 : Int8.t)} (fun (_ret':t_Option'0) -> [ &_5 <- _ret' ] s1) | s1 = bb1 ] | bb1 = s0 [ s0 = is_none'0 {_5} (fun (_ret':bool) -> [ &_3 <- _ret' ] s1) | s1 = bb2 ] | bb2 = any [ br0 -> {_3 = false} (! bb4) | br1 -> {_3} (! bb3) ] | bb3 = return' {_0} | bb4 = {[%#schecked_ops1] false} any ] - ) [ & _0 : () = any_l () | & a : int8 = a | & _3 : bool = any_l () | & _5 : t_Option'0 = any_l () ] + ) [ & _0 : () = any_l () | & a : Int8.t = a | & _3 : bool = any_l () | & _5 : t_Option'0 = any_l () ] [ return' (result:())-> (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/clones/03.coma b/creusot/tests/should_succeed/clones/03.coma index 37230209cf..b849ca0b49 100644 --- a/creusot/tests/should_succeed/clones/03.coma +++ b/creusot/tests/should_succeed/clones/03.coma @@ -34,29 +34,29 @@ module M_03__prog2 [#"03.rs" 14 0 14 14] let%span s033 = "03.rs" 10 10 10 16 let%span s034 = "03.rs" 7 4 7 8 + use prelude.prelude.Int + use prelude.prelude.Int32 - predicate inv'0 (_1 : int32) + predicate inv'0 (_1 : Int32.t) - axiom inv_axiom'0 [@rewrite] : forall x : int32 [inv'0 x] . inv'0 x = true + axiom inv_axiom'0 [@rewrite] : forall x : Int32.t [inv'0 x] . inv'0 x = true - function omg'1 [#"03.rs" 6 0 6 24] (_x : int32) : bool = + function omg'1 [#"03.rs" 6 0 6 24] (_x : Int32.t) : bool = [%#s034] true - let rec prog'0 (x:int32) (return' (ret:()))= {[@expl:prog 'x' type invariant] [%#s032] inv'0 x} + let rec prog'0 (x:Int32.t) (return' (ret:()))= {[@expl:prog 'x' type invariant] [%#s032] inv'0 x} any [ return' (result:())-> {[%#s033] omg'1 x} (! return' {result}) ] use prelude.prelude.Intrinsic - use prelude.prelude.Int - function omg'0 [#"03.rs" 6 0 6 24] (_x : int) : bool = [%#s034] true meta "compute_max_steps" 1000000 let rec prog2'0 (_1:()) (return' (ret:()))= (! bb0 - [ bb0 = s0 [ s0 = prog'0 {[%#s030] (0 : int32)} (fun (_ret':()) -> [ &_2 <- _ret' ] s1) | s1 = bb1 ] + [ bb0 = s0 [ s0 = prog'0 {[%#s030] (0 : Int32.t)} (fun (_ret':()) -> [ &_2 <- _ret' ] s1) | s1 = bb1 ] | bb1 = return' {_0} ] ) [ & _0 : () = any_l () | & _2 : () = any_l () ] [ return' (result:())-> {[@expl:prog2 ensures] [%#s031] omg'0 0} (! return' {result}) ] diff --git a/creusot/tests/should_succeed/clones/03/why3session.xml b/creusot/tests/should_succeed/clones/03/why3session.xml index c37eba58a7..2a9b6bb1dc 100644 --- a/creusot/tests/should_succeed/clones/03/why3session.xml +++ b/creusot/tests/should_succeed/clones/03/why3session.xml @@ -13,7 +13,7 @@ - + diff --git a/creusot/tests/should_succeed/clones/03/why3shapes.gz b/creusot/tests/should_succeed/clones/03/why3shapes.gz index c8f6f1fb4970a8128a2f05f447b78b45cd98f257..ca832c8102b1566b266e5e82f589c9b2d367c32d 100644 GIT binary patch literal 206 zcmV;<05Sg`iwFP!00000|3!?uP6I&@R>3~%ByoE$TgOWa?MfTW3A|=^nH(80l zX9L;LoqK(K9#?kUQLm$&bQt&D>DeZ`dNTAv-SP7Q-hsBmMK?6)*c~RlHm|flO;^|~ z@MiSbpT9qTRp$J4?-#iH>f-y$c*{3s{U6fy(jU~-<-?d9MF`k&h$OkD)&gdR=rBfK zSS+r=c;><$3xrUSVkU3_CHYn>H>NU={Ms2HiACys)Icd?f*_uoxQHsgrFj<24}8vv I6dVBn04rr>IsgCw literal 205 zcmV;;05bm{iwFP!00000|3!?sj>13?MDzKI$vC3!Iqj7QNRY|Vrl@DS%_0FdHdx~C zkrxcvt5VgQFLnP%t@L`3u0J-HA06~^p=d?T`7ncDpj~&DEp^g2r$NSMO~=bH!ghj< zl5=}|?Eh8jcK!4de0+KGy)wS@TbaK@+TGiem^?j{ik_JundCfi%%QFw#suD=_qIr^ zu>zG-0f`7hNrK4*EK7)JGTR(W>w?D0Rz?A_FF1p7;wVH6;Mk^`jYnZyk29y9w%oh+ H9033Td$(lb diff --git a/creusot/tests/should_succeed/clones/04.coma b/creusot/tests/should_succeed/clones/04.coma index 85f601db3b..4fad163248 100644 --- a/creusot/tests/should_succeed/clones/04.coma +++ b/creusot/tests/should_succeed/clones/04.coma @@ -2,25 +2,95 @@ module M_04__f [#"04.rs" 21 0 21 16] let%span s040 = "04.rs" 20 11 20 15 let%span s041 = "04.rs" 17 4 17 21 let%span s042 = "04.rs" 12 4 12 21 - let%span s043 = "04.rs" 7 4 7 12 + let%span sord3 = "../../../../creusot-contracts/src/logic/ord.rs" 78 39 78 89 + let%span sord4 = "../../../../creusot-contracts/src/logic/ord.rs" 83 39 83 86 + let%span sord5 = "../../../../creusot-contracts/src/logic/ord.rs" 88 39 88 86 + let%span sord6 = "../../../../creusot-contracts/src/logic/ord.rs" 93 39 93 89 + let%span sord7 = "../../../../creusot-contracts/src/logic/ord.rs" 98 39 98 70 + let%span sord8 = "../../../../creusot-contracts/src/logic/ord.rs" 103 40 103 57 + let%span sord9 = "../../../../creusot-contracts/src/logic/ord.rs" 104 40 104 57 + let%span sord10 = "../../../../creusot-contracts/src/logic/ord.rs" 105 39 105 56 + let%span sord11 = "../../../../creusot-contracts/src/logic/ord.rs" 110 40 110 70 + let%span sord12 = "../../../../creusot-contracts/src/logic/ord.rs" 111 39 111 72 + let%span sord13 = "../../../../creusot-contracts/src/logic/ord.rs" 116 40 116 73 + let%span sord14 = "../../../../creusot-contracts/src/logic/ord.rs" 117 39 117 69 + let%span sord15 = "../../../../creusot-contracts/src/logic/ord.rs" 122 39 122 84 + let%span s0416 = "04.rs" 7 4 7 12 + let%span sord17 = "../../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 use prelude.prelude.Intrinsic + use prelude.prelude.Int + use prelude.prelude.UInt32 - use prelude.prelude.Int + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 + + use prelude.prelude.UInt32 + + function cmp_log'0 (self : UInt32.t) (o : UInt32.t) : t_Ordering'0 = + [%#sord17] if UInt32.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + + function eq_cmp'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom eq_cmp'0_spec : forall x : UInt32.t, y : UInt32.t . [%#sord15] (x = y) = (cmp_log'0 x y = C_Equal'0) + + function antisym2'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom antisym2'0_spec : forall x : UInt32.t, y : UInt32.t . ([%#sord13] cmp_log'0 x y = C_Greater'0) + -> ([%#sord14] cmp_log'0 y x = C_Less'0) + + function antisym1'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom antisym1'0_spec : forall x : UInt32.t, y : UInt32.t . ([%#sord11] cmp_log'0 x y = C_Less'0) + -> ([%#sord12] cmp_log'0 y x = C_Greater'0) + + function trans'0 (x : UInt32.t) (y : UInt32.t) (z : UInt32.t) (o : t_Ordering'0) : () + + axiom trans'0_spec : forall x : UInt32.t, y : UInt32.t, z : UInt32.t, o : t_Ordering'0 . ([%#sord8] cmp_log'0 x y = o) + -> ([%#sord9] cmp_log'0 y z = o) -> ([%#sord10] cmp_log'0 x z = o) + + function refl'0 (x : UInt32.t) : () + + axiom refl'0_spec : forall x : UInt32.t . [%#sord7] cmp_log'0 x x = C_Equal'0 + + use prelude.prelude.UInt32 + + function cmp_gt_log'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom cmp_gt_log'0_spec : forall x : UInt32.t, y : UInt32.t . [%#sord6] UInt32.ugt x y = (cmp_log'0 x y = C_Greater'0) + + use prelude.prelude.UInt32 + + function cmp_ge_log'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom cmp_ge_log'0_spec : forall x : UInt32.t, y : UInt32.t . [%#sord5] UInt32.uge x y = (cmp_log'0 x y <> C_Less'0) + + function cmp_lt_log'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom cmp_lt_log'0_spec : forall x : UInt32.t, y : UInt32.t . [%#sord4] UInt32.ult x y = (cmp_log'0 x y = C_Less'0) + + use prelude.prelude.UInt32 + + function cmp_le_log'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom cmp_le_log'0_spec : forall x : UInt32.t, y : UInt32.t . [%#sord3] UInt32.ule x y + = (cmp_log'0 x y <> C_Greater'0) - function a'0 [#"04.rs" 6 0 6 20] (x : uint32) : bool = - [%#s043] x > (0 : uint32) + function a'0 [#"04.rs" 6 0 6 20] (x : UInt32.t) : bool = + [%#s0416] UInt32.ugt x (0 : UInt32.t) - function b'0 [#"04.rs" 11 0 11 20] (x : uint32) : bool = - [%#s042] x > (10 : uint32) /\ a'0 x + function b'0 [#"04.rs" 11 0 11 20] (x : UInt32.t) : bool = + [%#s042] UInt32.ugt x (10 : UInt32.t) /\ a'0 x - function c'0 [#"04.rs" 16 0 16 20] (x : uint32) : bool = - [%#s041] x < (50 : uint32) /\ b'0 x + function c'0 [#"04.rs" 16 0 16 20] (x : UInt32.t) : bool = + [%#s041] UInt32.ult x (50 : UInt32.t) /\ b'0 x meta "compute_max_steps" 1000000 - let rec f'0 (x:uint32) (return' (ret:()))= {[@expl:f requires] [%#s040] c'0 x} + let rec f'0 (x:UInt32.t) (return' (ret:()))= {[@expl:f requires] [%#s040] c'0 x} (! bb0 [ bb0 = return' {_0} ] ) [ & _0 : () = any_l () ] [ return' (result:())-> (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/closures/01_basic.coma b/creusot/tests/should_succeed/closures/01_basic.coma index bc3f9b2969..0a549d8a5f 100644 --- a/creusot/tests/should_succeed/closures/01_basic.coma +++ b/creusot/tests/should_succeed/closures/01_basic.coma @@ -36,14 +36,16 @@ module M_01_basic__multi_arg [#"01_basic.rs" 11 0 11 18] use prelude.prelude.Int32 + use prelude.prelude.Int + use prelude.prelude.Intrinsic use prelude.prelude.Borrow - let rec closure0'0 (_1:()) (a:int32) (b:int32) (return' (ret:int32))= (! bb0 - [ bb0 = s0 [ s0 = Int32.add {a} {b} (fun (_ret':int32) -> [ &_0 <- _ret' ] s1) | s1 = return' {_0} ] ] - ) [ & _0 : int32 = any_l () | & a : int32 = a | & b : int32 = b ] - [ return' (result:int32)-> (! return' {result}) ] + let rec closure0'0 (_1:()) (a:Int32.t) (b:Int32.t) (return' (ret:Int32.t))= (! bb0 + [ bb0 = s0 [ s0 = Int32.add {a} {b} (fun (_ret':Int32.t) -> [ &_0 <- _ret' ] s1) | s1 = return' {_0} ] ] + ) [ & _0 : Int32.t = any_l () | & a : Int32.t = a | & b : Int32.t = b ] + [ return' (result:Int32.t)-> (! return' {result}) ] meta "compute_max_steps" 1000000 @@ -51,13 +53,13 @@ module M_01_basic__multi_arg [#"01_basic.rs" 11 0 11 18] let rec multi_arg'0 (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &x <- () ] s1 - | s1 = [ &_4 <- (([%#s01_basic0] (0 : int32)), ([%#s01_basic1] (3 : int32))) ] s2 + | s1 = [ &_4 <- (([%#s01_basic0] (0 : Int32.t)), ([%#s01_basic1] (3 : Int32.t))) ] s2 | s2 = closure0'0 {x} {let (r'0, _) = _4 in r'0} {let (_, r'1) = _4 in r'1} - (fun (_ret':int32) -> [ &_a <- _ret' ] s3) + (fun (_ret':Int32.t) -> [ &_a <- _ret' ] s3) | s3 = bb1 ] | bb1 = return' {_0} ] - ) [ & _0 : () = any_l () | & x : () = any_l () | & _a : int32 = any_l () | & _4 : (int32, int32) = any_l () ] + ) [ & _0 : () = any_l () | & x : () = any_l () | & _a : Int32.t = any_l () | & _4 : (Int32.t, Int32.t) = any_l () ] [ return' (result:())-> (! return' {result}) ] end @@ -73,12 +75,14 @@ module M_01_basic__move_closure [#"01_basic.rs" 18 0 18 21] let%span sops8 = "../../../../creusot-contracts/src/std/ops.rs" 118 14 118 28 let%span sops9 = "../../../../creusot-contracts/src/std/ops.rs" 123 14 124 105 + use prelude.prelude.Int + use prelude.prelude.Int32 use prelude.prelude.Borrow type closure0'1 = - { field_0'0: borrowed int32 } + { field_0'0: borrowed Int32.t } predicate resolve'3 (self : borrowed closure0'1) = [%#sresolve2] self.final = self.current @@ -91,10 +95,10 @@ module M_01_basic__move_closure [#"01_basic.rs" 18 0 18 21] predicate postcondition_once'0 (self : closure0'1) (args : ()) (result : ()) = let () = args in true - predicate resolve'4 (self : borrowed int32) = + predicate resolve'4 (self : borrowed Int32.t) = [%#sresolve2] self.final = self.current - predicate resolve'2 (_1 : borrowed int32) = + predicate resolve'2 (_1 : borrowed Int32.t) = resolve'4 _1 predicate resolve'0 (_1 : closure0'1) = @@ -127,8 +131,8 @@ module M_01_basic__move_closure [#"01_basic.rs" 18 0 18 21] let rec closure0'0 (_1:borrowed closure0'1) (return' (ret:()))= (! bb0 [ bb0 = s0 - [ s0 = Int32.add {((_1.current).field_0'0).current} {[%#s01_basic1] (1 : int32)} - (fun (_ret':int32) -> + [ s0 = Int32.add {((_1.current).field_0'0).current} {[%#s01_basic1] (1 : Int32.t)} + (fun (_ret':Int32.t) -> [ &_1 <- { _1 with current = { field_0'0 = { (_1.current).field_0'0 with current = _ret' } } } ] s1) | s1 = -{resolve'1 _1}- s2 @@ -142,8 +146,9 @@ module M_01_basic__move_closure [#"01_basic.rs" 18 0 18 21] let rec move_closure'0 (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 - [ s0 = [ &_2 <- [%#s01_basic0] (0 : int32) ] s1 - | s1 = Borrow.borrow_mut {_2} (fun (_ret':borrowed int32) -> [ &a <- _ret' ] [ &_2 <- _ret'.final ] s2) + [ s0 = [ &_2 <- [%#s01_basic0] (0 : Int32.t) ] s1 + | s1 = Borrow.borrow_mut {_2} + (fun (_ret':borrowed Int32.t) -> [ &a <- _ret' ] [ &_2 <- _ret'.final ] s2) | s2 = [ &x <- { field_0'0 = a } ] s3 | s3 = Borrow.borrow_mut {x} (fun (_ret':borrowed closure0'1) -> [ &_5 <- _ret' ] [ &x <- _ret'.final ] s4) @@ -159,8 +164,8 @@ module M_01_basic__move_closure [#"01_basic.rs" 18 0 18 21] | bb2 = s0 [ s0 = -{resolve'0 x}- s1 | s1 = return' {_0} ] ] ) [ & _0 : () = any_l () - | & a : borrowed int32 = any_l () - | & _2 : int32 = any_l () + | & a : borrowed Int32.t = any_l () + | & _2 : Int32.t = any_l () | & x : closure0'1 = any_l () | & _4 : () = any_l () | & _5 : borrowed closure0'1 = any_l () @@ -183,26 +188,28 @@ module M_01_basic__move_mut [#"01_basic.rs" 34 0 34 17] let%span sops9 = "../../../../creusot-contracts/src/std/ops.rs" 118 14 118 28 let%span sops10 = "../../../../creusot-contracts/src/std/ops.rs" 123 14 124 105 + use prelude.prelude.Int + use prelude.prelude.UInt32 use prelude.prelude.Borrow - predicate inv'0 (_1 : borrowed uint32) + predicate inv'0 (_1 : borrowed UInt32.t) - axiom inv_axiom'0 [@rewrite] : forall x : borrowed uint32 [inv'0 x] . inv'0 x = true + axiom inv_axiom'0 [@rewrite] : forall x : borrowed UInt32.t [inv'0 x] . inv'0 x = true - let rec new_ref'0 (_1:()) (return' (ret:borrowed uint32))= any - [ return' (result:borrowed uint32)-> {[%#s01_basic2] inv'0 result} (! return' {result}) ] + let rec new_ref'0 (_1:()) (return' (ret:borrowed UInt32.t))= any + [ return' (result:borrowed UInt32.t)-> {[%#s01_basic2] inv'0 result} (! return' {result}) ] - predicate resolve'3 (self : borrowed uint32) = + predicate resolve'3 (self : borrowed UInt32.t) = [%#sresolve3] self.final = self.current - predicate resolve'1 (_1 : borrowed uint32) = + predicate resolve'1 (_1 : borrowed UInt32.t) = resolve'3 _1 type closure0'1 = - { field_0'0: borrowed uint32 } + { field_0'0: borrowed UInt32.t } predicate resolve'4 (self : borrowed closure0'1) = [%#sresolve3] self.final = self.current @@ -244,10 +251,12 @@ module M_01_basic__move_mut [#"01_basic.rs" 34 0 34 17] -> ([%#sops5] unnest'0 self res_state) let rec closure0'0 (_1:borrowed closure0'1) (return' (ret:()))= (! bb0 - [ bb0 = s0 [ s0 = new_ref'0 {[%#s01_basic1] ()} (fun (_ret':borrowed uint32) -> [ &_3 <- _ret' ] s1) | s1 = bb1 ] + [ bb0 = s0 + [ s0 = new_ref'0 {[%#s01_basic1] ()} (fun (_ret':borrowed UInt32.t) -> [ &_3 <- _ret' ] s1) | s1 = bb1 ] + | bb1 = s0 - [ s0 = Borrow.borrow_final {_3.current} {Borrow.get_id _3} - (fun (_ret':borrowed uint32) -> [ &_2 <- _ret' ] [ &_3 <- { _3 with current = _ret'.final } ] s1) + [ s0 = Borrow.borrow_final {_3.current} {Borrow.get_id _3} + (fun (_ret':borrowed UInt32.t) -> [ &_2 <- _ret' ] [ &_3 <- { _3 with current = _ret'.final } ] s1) | s1 = -{match _1 with | {current = {field_0'0 = x'0}} -> resolve'1 x'0 | _ -> true @@ -261,17 +270,17 @@ module M_01_basic__move_mut [#"01_basic.rs" 34 0 34 17] ) [ & _0 : () = any_l () | & _1 : borrowed closure0'1 = _1 - | & _2 : borrowed uint32 = any_l () - | & _3 : borrowed uint32 = any_l () ] + | & _2 : borrowed UInt32.t = any_l () + | & _3 : borrowed UInt32.t = any_l () ] [ return' (result:())-> {[@expl:closure unnest] unnest'0 _1.current _1.final} (! return' {result}) ] meta "compute_max_steps" 1000000 let rec move_mut'0 (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 - [ s0 = [ &_2 <- [%#s01_basic0] (0 : uint32) ] s1 - | s1 = Borrow.borrow_mut {_2} - (fun (_ret':borrowed uint32) -> [ &x <- _ret' ] [ &_2 <- _ret'.final ] s2) + [ s0 = [ &_2 <- [%#s01_basic0] (0 : UInt32.t) ] s1 + | s1 = Borrow.borrow_mut {_2} + (fun (_ret':borrowed UInt32.t) -> [ &x <- _ret' ] [ &_2 <- _ret'.final ] s2) | s2 = [ &a <- { field_0'0 = x } ] s3 | s3 = Borrow.borrow_mut {a} (fun (_ret':borrowed closure0'1) -> [ &_5 <- _ret' ] [ &a <- _ret'.final ] s4) @@ -287,8 +296,8 @@ module M_01_basic__move_mut [#"01_basic.rs" 34 0 34 17] | bb2 = s0 [ s0 = -{resolve'0 a}- s1 | s1 = return' {_0} ] ] ) [ & _0 : () = any_l () - | & x : borrowed uint32 = any_l () - | & _2 : uint32 = any_l () + | & x : borrowed UInt32.t = any_l () + | & _2 : UInt32.t = any_l () | & a : closure0'1 = any_l () | & _4 : () = any_l () | & _5 : borrowed closure0'1 = any_l () diff --git a/creusot/tests/should_succeed/closures/03_generic_bound.coma b/creusot/tests/should_succeed/closures/03_generic_bound.coma index f682e8700e..436286fc72 100644 --- a/creusot/tests/should_succeed/closures/03_generic_bound.coma +++ b/creusot/tests/should_succeed/closures/03_generic_bound.coma @@ -14,6 +14,8 @@ module M_03_generic_bound__closure_param [#"03_generic_bound.rs" 5 0 5 34] let%span sops12 = "../../../../creusot-contracts/src/std/ops.rs" 118 14 118 28 let%span sops13 = "../../../../creusot-contracts/src/std/ops.rs" 123 14 124 105 + use prelude.prelude.Int + use prelude.prelude.UInt32 use prelude.prelude.Borrow @@ -29,25 +31,25 @@ module M_03_generic_bound__closure_param [#"03_generic_bound.rs" 5 0 5 34] axiom inv_axiom'0 [@rewrite] : forall x : t_F'0 [inv'1 x] . inv'1 x = invariant'0 x - predicate inv'2 (_1 : uint32) + predicate inv'2 (_1 : UInt32.t) - axiom inv_axiom'1 [@rewrite] : forall x : uint32 [inv'2 x] . inv'2 x = true + axiom inv_axiom'1 [@rewrite] : forall x : UInt32.t [inv'2 x] . inv'2 x = true - predicate precondition'0 (self : t_F'0) (args : uint32) + predicate precondition'0 (self : t_F'0) (args : UInt32.t) predicate inv'3 (_1 : ()) axiom inv_axiom'2 [@rewrite] : forall x : () [inv'3 x] . inv'3 x = true - predicate postcondition_once'0 (self : t_F'0) (args : uint32) (result : ()) + predicate postcondition_once'0 (self : t_F'0) (args : UInt32.t) (result : ()) predicate resolve'0 (_1 : t_F'0) - predicate postcondition_mut'0 (self : t_F'0) (args : uint32) (result_state : t_F'0) (result : ()) + predicate postcondition_mut'0 (self : t_F'0) (args : UInt32.t) (result_state : t_F'0) (result : ()) - function fn_mut_once'0 (self : t_F'0) (args : uint32) (res : ()) : () + function fn_mut_once'0 (self : t_F'0) (args : UInt32.t) (res : ()) : () - axiom fn_mut_once'0_spec : forall self : t_F'0, args : uint32, res : () . [%#sops13] postcondition_once'0 self args res + axiom fn_mut_once'0_spec : forall self : t_F'0, args : UInt32.t, res : () . [%#sops13] postcondition_once'0 self args res = (exists res_state : t_F'0 . postcondition_mut'0 self args res_state res /\ resolve'0 res_state) predicate unnest'0 (self : t_F'0) (_2 : t_F'0) @@ -61,24 +63,24 @@ module M_03_generic_bound__closure_param [#"03_generic_bound.rs" 5 0 5 34] axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops9] unnest'0 self self - function postcondition_mut_unnest'0 (self : t_F'0) (args : uint32) (res_state : t_F'0) (res : ()) : () + function postcondition_mut_unnest'0 (self : t_F'0) (args : UInt32.t) (res_state : t_F'0) (res : ()) : () - axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : uint32, res_state : t_F'0, res : () . ([%#sops7] postcondition_mut'0 self args res_state res) + axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : UInt32.t, res_state : t_F'0, res : () . ([%#sops7] postcondition_mut'0 self args res_state res) -> ([%#sops8] unnest'0 self res_state) - predicate postcondition'0 (self : t_F'0) (args : uint32) (result : ()) + predicate postcondition'0 (self : t_F'0) (args : UInt32.t) (result : ()) - function fn_once'0 (self : t_F'0) (args : uint32) (res : ()) : () + function fn_once'0 (self : t_F'0) (args : UInt32.t) (res : ()) : () - axiom fn_once'0_spec : forall self : t_F'0, args : uint32, res : () . [%#sops5] postcondition_once'0 self args res + axiom fn_once'0_spec : forall self : t_F'0, args : UInt32.t, res : () . [%#sops5] postcondition_once'0 self args res = (resolve'0 self /\ postcondition'0 self args res) - function fn_mut'0 (self : t_F'0) (args : uint32) (res_state : t_F'0) (res : ()) : () + function fn_mut'0 (self : t_F'0) (args : UInt32.t) (res_state : t_F'0) (res : ()) : () - axiom fn_mut'0_spec : forall self : t_F'0, args : uint32, res_state : t_F'0, res : () . [%#sops4] postcondition_mut'0 self args res_state res + axiom fn_mut'0_spec : forall self : t_F'0, args : UInt32.t, res_state : t_F'0, res : () . [%#sops4] postcondition_mut'0 self args res_state res = (self = res_state /\ postcondition'0 self args res) - let rec call'0 (self:t_F'0) (args:uint32) (return' (ret:()))= {[@expl:call 'self' type invariant] inv'1 self} + let rec call'0 (self:t_F'0) (args:UInt32.t) (return' (ret:()))= {[@expl:call 'self' type invariant] inv'1 self} {[@expl:call 'args' type invariant] inv'2 args} {[@expl:call requires] [%#sops2] precondition'0 self args} any [ return' (result:())-> {inv'3 result} {[%#sops3] postcondition'0 self args result} (! return' {result}) ] @@ -90,13 +92,13 @@ module M_03_generic_bound__closure_param [#"03_generic_bound.rs" 5 0 5 34] let rec closure_param'0 (f:t_F'0) (return' (ret:()))= {[@expl:closure_param 'f' type invariant] [%#s03_generic_bound1] inv'0 f} (! bb0 [ bb0 = s0 - [ s0 = [ &_3 <- (([%#s03_generic_bound0] (0 : uint32))) ] s1 + [ s0 = [ &_3 <- (([%#s03_generic_bound0] (0 : UInt32.t))) ] s1 | s1 = call'0 {f} {_3} (fun (_ret':()) -> [ &_0 <- _ret' ] s2) | s2 = bb1 ] | bb1 = s0 [ s0 = {[@expl:type invariant] inv'0 f} s1 | s1 = -{resolve'0 f}- s2 | s2 = bb2 ] | bb2 = return' {_0} ] - ) [ & _0 : () = any_l () | & f : t_F'0 = f | & _3 : uint32 = any_l () ] + ) [ & _0 : () = any_l () | & f : t_F'0 = f | & _3 : UInt32.t = any_l () ] [ return' (result:())-> (! return' {result}) ] end @@ -107,11 +109,13 @@ module M_03_generic_bound__caller [#"03_generic_bound.rs" 9 0 9 15] use prelude.prelude.Borrow + use prelude.prelude.Int + use prelude.prelude.UInt32 - let rec closure0'0 (_1:()) (_x:uint32) (return' (ret:()))= (! bb0 [ bb0 = return' {_0} ] ) [ & _0 : () = any_l () ] - [ return' (result:())-> (! return' {result}) ] - + let rec closure0'0 (_1:()) (_x:UInt32.t) (return' (ret:()))= (! bb0 [ bb0 = return' {_0} ] ) + [ & _0 : () = any_l () ] + [ return' (result:())-> (! return' {result}) ] predicate inv'0 (_1 : ()) diff --git a/creusot/tests/should_succeed/closures/06_fn_specs.coma b/creusot/tests/should_succeed/closures/06_fn_specs.coma index 5d9e9c909a..2a820601c0 100644 --- a/creusot/tests/should_succeed/closures/06_fn_specs.coma +++ b/creusot/tests/should_succeed/closures/06_fn_specs.coma @@ -254,25 +254,27 @@ module M_06_fn_specs__fn_once_user [#"06_fn_specs.rs" 26 0 26 43] let%span s06_fn_specs2 = "06_fn_specs.rs" 25 11 25 36 let%span sops3 = "../../../../creusot-contracts/src/std/ops.rs" 148 0 170 1 - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 type t_F'0 predicate inv'0 (_1 : t_F'0) - predicate inv'1 (_1 : usize) + predicate inv'1 (_1 : UInt64.t) - axiom inv_axiom'0 [@rewrite] : forall x : usize [inv'1 x] . inv'1 x = true + axiom inv_axiom'0 [@rewrite] : forall x : UInt64.t [inv'1 x] . inv'1 x = true - predicate precondition'0 (self : t_F'0) (args : usize) + predicate precondition'0 (self : t_F'0) (args : UInt64.t) predicate inv'2 (_1 : ()) axiom inv_axiom'1 [@rewrite] : forall x : () [inv'2 x] . inv'2 x = true - predicate postcondition_once'0 (self : t_F'0) (args : usize) (result : ()) + predicate postcondition_once'0 (self : t_F'0) (args : UInt64.t) (result : ()) - let rec call_once'0 (self:t_F'0) (args:usize) (return' (ret:()))= {[@expl:call_once 'self' type invariant] inv'0 self} + let rec call_once'0 (self:t_F'0) (args:UInt64.t) (return' (ret:()))= {[@expl:call_once 'self' type invariant] inv'0 self} {[@expl:call_once 'args' type invariant] inv'1 args} {[@expl:call_once requires] [%#sops3] precondition'0 self args} any [ return' (result:())-> {inv'2 result} {[%#sops3] postcondition_once'0 self args result} (! return' {result}) ] @@ -282,17 +284,17 @@ module M_06_fn_specs__fn_once_user [#"06_fn_specs.rs" 26 0 26 43] meta "compute_max_steps" 1000000 let rec fn_once_user'0 (f:t_F'0) (return' (ret:()))= {[@expl:fn_once_user 'f' type invariant] [%#s06_fn_specs1] inv'0 f} - {[@expl:fn_once_user requires] [%#s06_fn_specs2] precondition'0 f ((0 : usize))} + {[@expl:fn_once_user requires] [%#s06_fn_specs2] precondition'0 f ((0 : UInt64.t))} (! bb0 [ bb0 = bb1 | bb1 = s0 - [ s0 = [ &_4 <- (([%#s06_fn_specs0] (0 : usize))) ] s1 + [ s0 = [ &_4 <- (([%#s06_fn_specs0] (0 : UInt64.t))) ] s1 | s1 = call_once'0 {f} {_4} (fun (_ret':()) -> [ &_0 <- _ret' ] s2) | s2 = bb2 ] | bb2 = bb3 | bb3 = return' {_0} ] - ) [ & _0 : () = any_l () | & f : t_F'0 = f | & _4 : usize = any_l () ] + ) [ & _0 : () = any_l () | & f : t_F'0 = f | & _4 : UInt64.t = any_l () ] [ return' (result:())-> (! return' {result}) ] end @@ -302,21 +304,23 @@ module M_06_fn_specs__caller [#"06_fn_specs.rs" 30 0 30 15] use prelude.prelude.Intrinsic - use prelude.prelude.UIntSize + use prelude.prelude.Int - let rec closure0'0 (_1:()) (_2:usize) (return' (ret:()))= (! bb0 [ bb0 = return' {_0} ] ) [ & _0 : () = any_l () ] - [ return' (result:())-> (! return' {result}) ] - + use prelude.prelude.UInt64 + + let rec closure0'0 (_1:()) (_2:UInt64.t) (return' (ret:()))= (! bb0 [ bb0 = return' {_0} ] ) + [ & _0 : () = any_l () ] + [ return' (result:())-> (! return' {result}) ] predicate inv'0 (_1 : ()) axiom inv_axiom'0 [@rewrite] : forall x : () [inv'0 x] . inv'0 x = true - predicate precondition'0 (self : ()) (args : usize) = + predicate precondition'0 (self : ()) (args : UInt64.t) = let (_2) = args in true let rec fn_once_user'0 (f:()) (return' (ret:()))= {[@expl:fn_once_user 'f' type invariant] [%#s06_fn_specs0] inv'0 f} - {[@expl:fn_once_user requires] [%#s06_fn_specs1] precondition'0 f ((0 : usize))} + {[@expl:fn_once_user requires] [%#s06_fn_specs1] precondition'0 f ((0 : UInt64.t))} any [ return' (result:())-> (! return' {result}) ] meta "compute_max_steps" 1000000 diff --git a/creusot/tests/should_succeed/closures/06_fn_specs/why3session.xml b/creusot/tests/should_succeed/closures/06_fn_specs/why3session.xml index 5a7e0690a3..3aef1f4aaa 100644 --- a/creusot/tests/should_succeed/closures/06_fn_specs/why3session.xml +++ b/creusot/tests/should_succeed/closures/06_fn_specs/why3session.xml @@ -23,12 +23,12 @@ - + - + diff --git a/creusot/tests/should_succeed/closures/06_fn_specs/why3shapes.gz b/creusot/tests/should_succeed/closures/06_fn_specs/why3shapes.gz index d2a2a5b82bb702a5bf6e69d7a3ce174038effce5..14a20289fbee4602fefa1283ac3273b010394d76 100644 GIT binary patch literal 531 zcmV+u0_^=CiwFP!00000|AmsfjvFxyMSFe4ben8NQSSgLT-ccD1GNk4F^GZPvDYsk ze;hqxKi z`cR0skK>`F!E-M>EH@8RYIdo4wSno>B zb6)VfdZ}^rTzD=QH=}U;!tDe<(@~yl&+USKo?|nYxLCPjrjXA>oJa7;7qlKuFIb}P z#uno96<=?S__C`vR|VeX2lb0IuhE$9o|0W9yGpKD{@5P=yq!P8?dx;(g}2Mb%G7c> zO~vK>nP%(lD)?lGk(q{=qA~qA#7K6PtV7^@@ppf*uKo*;XQ*!Z(O;=ocau4I@K&hm zY%&HbcKEy|VKoI)t_-u90ydY!IK6AE&-%EKLQTD}_JXNb3Ff-=>$rW-P&Kb-#z+OD ztx_=tLe(2*4J8UdfD}-f#yuVUh+xYFTVaY; zIuuqUpgtL)waq$2>5|o%Box@OWK`@eBr`U(f)ZDKP)2}u=!6|1UgUVof%UPdfeczj z4NjRpMF&cUoK*m8!pO>&3r50HUkKS#GO@>)g>!*Gge+B5pT2 VaUyMYqWQmj_7}O_G!#t*002*#310vJ literal 534 zcmV+x0_pu9iwFP!00000|AmrGZ`&{ohVS|nzGdr)q`n92kV6dnKImFdAI1W-PMV|z z_U{L`v6eUqb|a}ruU?Y+_S77I^S&ILk8(I}cjJ%7G*90JAIfp}@=;b0oUK_Fc7cKldT zAnY$}5#1m0`PPJQ`g*fn^Zrn7)W4*$MpL=JOZJuQE7^+jxLbY7eV!V9??=&$na}#qkm2aDv$i9-b30e;R>Mz#OKk)bo)hXZlgMiiDYz}U` zLBQ&4HU_OYy`78D&cR%xfbATJr5vSsuc@x}b|94MCaJy!^IH&Lsms6K_b&yi<~bLF zb+pE5ol<1dgZ0jG<_HYLk+f}WXFA=fPIlB`2f`c5+GYdJqteVVTk?L$MiUc(Yi#E# z%*iQF(#Z@wWGjtv#l)n1cBZg`#&%w4X)yYd(M8TCa)hW^mZ4y=#ivOTsYC1#1WOAl z<(Mo1Vf5Y%F%o&Qj*C`$VpWGyuyj0t*J|Kw(?F?6?<0eZMd_qtBcx-AMmlGelAM4H Y0HPioWaWyN&HvqtzX@TCBTWSW01n#`n*aa+ diff --git a/creusot/tests/should_succeed/closures/07_mutable_capture.coma b/creusot/tests/should_succeed/closures/07_mutable_capture.coma index 5d8ec79685..a48c1db4a9 100644 --- a/creusot/tests/should_succeed/closures/07_mutable_capture.coma +++ b/creusot/tests/should_succeed/closures/07_mutable_capture.coma @@ -16,10 +16,12 @@ module M_07_mutable_capture__test_fnmut [#"07_mutable_capture.rs" 5 0 5 29] use prelude.prelude.Borrow + use prelude.prelude.Int + use prelude.prelude.UInt32 type closure1'1 = - { field_0'0: borrowed uint32 } + { field_0'0: borrowed UInt32.t } predicate resolve'3 (self : borrowed closure1'1) = [%#sresolve6] self.final = self.current @@ -33,16 +35,14 @@ module M_07_mutable_capture__test_fnmut [#"07_mutable_capture.rs" 5 0 5 29] use prelude.prelude.UInt32 - use prelude.prelude.Int - - predicate postcondition_once'0 (self : closure1'1) (args : ()) (result : int32) = - [%#s07_mutable_capture5] let () = args in UInt32.to_int (self.field_0'0).final - = UInt32.to_int (self.field_0'0).current + 1 + predicate postcondition_once'0 (self : closure1'1) (args : ()) (result : Int32.t) = + [%#s07_mutable_capture5] let () = args in UInt32.to_uint (self.field_0'0).final + = UInt32.to_uint (self.field_0'0).current + 1 - predicate resolve'4 (self : borrowed uint32) = + predicate resolve'4 (self : borrowed UInt32.t) = [%#sresolve6] self.final = self.current - predicate resolve'2 (_1 : borrowed uint32) = + predicate resolve'2 (_1 : borrowed UInt32.t) = resolve'4 _1 predicate resolve'0 (_1 : closure1'1) = @@ -51,13 +51,13 @@ module M_07_mutable_capture__test_fnmut [#"07_mutable_capture.rs" 5 0 5 29] predicate unnest'0 (self : closure1'1) (_2 : closure1'1) = (_2.field_0'0).final = (self.field_0'0).final - predicate postcondition_mut'0 (self : closure1'1) (args : ()) (result_state : closure1'1) (result : int32) = - (let () = args in UInt32.to_int (result_state.field_0'0).current = UInt32.to_int (self.field_0'0).current + 1) + predicate postcondition_mut'0 (self : closure1'1) (args : ()) (result_state : closure1'1) (result : Int32.t) = + (let () = args in UInt32.to_uint (result_state.field_0'0).current = UInt32.to_uint (self.field_0'0).current + 1) /\ unnest'0 self result_state - function fn_mut_once'0 (self : closure1'1) (args : ()) (res : int32) : () + function fn_mut_once'0 (self : closure1'1) (args : ()) (res : Int32.t) : () - axiom fn_mut_once'0_spec : forall self : closure1'1, args : (), res : int32 . [%#sops13] postcondition_once'0 self args res + axiom fn_mut_once'0_spec : forall self : closure1'1, args : (), res : Int32.t . [%#sops13] postcondition_once'0 self args res = (exists res_state : closure1'1 . postcondition_mut'0 self args res_state res /\ resolve'0 res_state) function unnest_trans'0 (self : closure1'1) (b : closure1'1) (c : closure1'1) : () @@ -69,67 +69,71 @@ module M_07_mutable_capture__test_fnmut [#"07_mutable_capture.rs" 5 0 5 29] axiom unnest_refl'0_spec : forall self : closure1'1 . [%#sops9] unnest'0 self self - function postcondition_mut_unnest'0 (self : closure1'1) (args : ()) (res_state : closure1'1) (res : int32) : () + function postcondition_mut_unnest'0 (self : closure1'1) (args : ()) (res_state : closure1'1) (res : Int32.t) : () - axiom postcondition_mut_unnest'0_spec : forall self : closure1'1, args : (), res_state : closure1'1, res : int32 . ([%#sops7] postcondition_mut'0 self args res_state res) + axiom postcondition_mut_unnest'0_spec : forall self : closure1'1, args : (), res_state : closure1'1, res : Int32.t . ([%#sops7] postcondition_mut'0 self args res_state res) -> ([%#sops8] unnest'0 self res_state) - let rec closure1'0 (_1:borrowed closure1'1) (return' (ret:int32))= {[@expl:closure requires] [%#s07_mutable_capture4] UInt32.to_int ((_1.current).field_0'0).current + let rec closure1'0 (_1:borrowed closure1'1) (return' (ret:Int32.t))= {[@expl:closure requires] [%#s07_mutable_capture4] UInt32.to_uint ((_1.current).field_0'0).current < 1000000} (! bb0 [ bb0 = s0 - [ s0 = UInt32.add {((_1.current).field_0'0).current} {[%#s07_mutable_capture2] (1 : uint32)} - (fun (_ret':uint32) -> + [ s0 = UInt32.add {((_1.current).field_0'0).current} {[%#s07_mutable_capture2] (1 : UInt32.t)} + (fun (_ret':UInt32.t) -> [ &_1 <- { _1 with current = { field_0'0 = { (_1.current).field_0'0 with current = _ret' } } } ] s1) | s1 = -{resolve'1 _1}- s2 - | s2 = [ &res1 <- [%#s07_mutable_capture3] (5 : int32) ] s3 + | s2 = [ &res1 <- [%#s07_mutable_capture3] (5 : Int32.t) ] s3 | s3 = [ &res <- res1 ] s4 | s4 = [ &_0 <- res ] s5 | s5 = return' {_0} ] ] ) - [ & _0 : int32 = any_l () | & _1 : borrowed closure1'1 = _1 | & res : int32 = any_l () | & res1 : int32 = any_l () ] + [ & _0 : Int32.t = any_l () + | & _1 : borrowed closure1'1 = _1 + | & res : Int32.t = any_l () + | & res1 : Int32.t = any_l () ] - [ return' (result:int32)-> {[@expl:closure ensures] [%#s07_mutable_capture5] UInt32.to_int ((_1.final).field_0'0).current - = UInt32.to_int ((_1.current).field_0'0).current + 1} + [ return' (result:Int32.t)-> {[@expl:closure ensures] [%#s07_mutable_capture5] UInt32.to_uint ((_1.final).field_0'0).current + = UInt32.to_uint ((_1.current).field_0'0).current + 1} {[@expl:closure unnest] unnest'0 _1.current _1.final} (! return' {result}) ] meta "compute_max_steps" 1000000 - let rec test_fnmut'0 (x:uint32) (return' (ret:()))= {[@expl:test_fnmut requires] [%#s07_mutable_capture1] UInt32.to_int x + let rec test_fnmut'0 (x:UInt32.t) (return' (ret:()))= {[@expl:test_fnmut requires] [%#s07_mutable_capture1] UInt32.to_uint x = 100000} (! bb0 [ bb0 = s0 - [ s0 = Borrow.borrow_mut {x} (fun (_ret':borrowed uint32) -> [ &_4 <- _ret' ] [ &x <- _ret'.final ] s1) + [ s0 = Borrow.borrow_mut {x} + (fun (_ret':borrowed UInt32.t) -> [ &_4 <- _ret' ] [ &x <- _ret'.final ] s1) | s1 = [ &c <- { field_0'0 = _4 } ] s2 | s2 = Borrow.borrow_mut {c} (fun (_ret':borrowed closure1'1) -> [ &_6 <- _ret' ] [ &c <- _ret'.final ] s3) - | s3 = closure1'0 {_6} (fun (_ret':int32) -> [ &_5 <- _ret' ] s4) + | s3 = closure1'0 {_6} (fun (_ret':Int32.t) -> [ &_5 <- _ret' ] s4) | s4 = bb1 ] | bb1 = s0 [ s0 = Borrow.borrow_mut {c} (fun (_ret':borrowed closure1'1) -> [ &_9 <- _ret' ] [ &c <- _ret'.final ] s1) - | s1 = closure1'0 {_9} (fun (_ret':int32) -> [ &_8 <- _ret' ] s2) + | s1 = closure1'0 {_9} (fun (_ret':Int32.t) -> [ &_8 <- _ret' ] s2) | s2 = bb2 ] | bb2 = s0 [ s0 = -{resolve'0 c}- s1 - | s1 = {[@expl:assertion] [%#s07_mutable_capture0] UInt32.to_int x = 100002} s2 + | s1 = {[@expl:assertion] [%#s07_mutable_capture0] UInt32.to_uint x = 100002} s2 | s2 = return' {_0} ] ] ) [ & _0 : () = any_l () - | & x : uint32 = x + | & x : UInt32.t = x | & c : closure1'1 = any_l () - | & _4 : borrowed uint32 = any_l () - | & _5 : int32 = any_l () + | & _4 : borrowed UInt32.t = any_l () + | & _5 : Int32.t = any_l () | & _6 : borrowed closure1'1 = any_l () | & _7 : () = any_l () - | & _8 : int32 = any_l () + | & _8 : Int32.t = any_l () | & _9 : borrowed closure1'1 = any_l () | & _10 : () = any_l () ] [ return' (result:())-> (! return' {result}) ] diff --git a/creusot/tests/should_succeed/closures/07_mutable_capture/why3session.xml b/creusot/tests/should_succeed/closures/07_mutable_capture/why3session.xml index d0063ee730..26214f9641 100644 --- a/creusot/tests/should_succeed/closures/07_mutable_capture/why3session.xml +++ b/creusot/tests/should_succeed/closures/07_mutable_capture/why3session.xml @@ -7,10 +7,10 @@ - + - + diff --git a/creusot/tests/should_succeed/closures/07_mutable_capture/why3shapes.gz b/creusot/tests/should_succeed/closures/07_mutable_capture/why3shapes.gz index 45615284576f77c429e43ad9b20f401529be846a..c8fe027bc4131ca50e25bc2cf30d20a99f4e865d 100644 GIT binary patch literal 436 zcmV;l0ZaZLiwFP!00000|CN$WZ=5g?hVT3eZri3858#iD+QU{V0x42&zM@%sqN1>P z%SY1o*VnKmIN5Ep<$#!($K!Wi=G{%)f5Rj7@gsG8?b_Q|#5eCF?5KCmBW;*YcX)LD zU|ehK!4uVC9DJH-(5X(oe1BDSt)V~VB#&@xTk0o1)1q7>{vygW4^gRQ7%B~{yr@Cx zt*>c-07o-+9kqjo1n=t>8~?GxPdK=0tlMEJ`x-U2V*bEF;fH@fYgYs1vpax$*LCiR z?B?)*rg8n)5o}inaCcyNlQ=b%K&I80(4~t{ZQG4D4`hXle{o?z2v~ zc=O~;`MVDIWA0L6f69HukN+(IhbLDZy@y@Z*T1OrEw1}PY<}{H4#(kVH7|Iydgbjs zAxRmmIjCSELCo>l)@YFDQ)u9mS!d$r{7K5)%iZv8@-o=izwM15#*5XEc|jM|@Kwz` zc%ULM;_P;w=Vj=}LgrBnxCjoB!Ate<6kQxI4lrYebu4B4FW@e z2q!ZSgYy#tr>^(3L*QGwrzteOpH5lodbhI;%h(Fh-S^D7rh$6x4Nx0~A-p)7?f;S4 zg>fDnWN?h441zdaBB{3s^6_fvv&j+S^(uWV@FTeo#z48H-ZyQSy&eDaXia~9)(5tH zW#aaS>9tw5D2bKd30_C51VuD-$d~x*WDxX)F@iF%y%1Y|ziT{xZa;!9>u4pu9}Pzk z2ofQ`rlMAr<;iD-r~?;QtFnw|cLK{K(b}>$Zws|y!kSLmuH)KDDZv>oM4PHgR-)n+ oR4mC2=ea6?8QpH6XrXXYGazLI11Maos(gjt06`k|q{ssR04#dD&Hw-a diff --git a/creusot/tests/should_succeed/closures/08_multiple_calls.coma b/creusot/tests/should_succeed/closures/08_multiple_calls.coma index a012da28fa..566b4ff3f0 100644 --- a/creusot/tests/should_succeed/closures/08_multiple_calls.coma +++ b/creusot/tests/should_succeed/closures/08_multiple_calls.coma @@ -16,6 +16,8 @@ module M_08_multiple_calls__multi_use [#"08_multiple_calls.rs" 4 0 4 26] let%span sops14 = "../../../../creusot-contracts/src/std/ops.rs" 118 14 118 28 let%span sops15 = "../../../../creusot-contracts/src/std/ops.rs" 123 14 124 105 + use prelude.prelude.Int + use prelude.prelude.UInt32 use prelude.prelude.Intrinsic @@ -54,18 +56,20 @@ module M_08_multiple_calls__multi_use [#"08_multiple_calls.rs" 4 0 4 26] axiom inv_axiom'1 [@rewrite] : forall x : closure0'1 [inv'1 x] . inv'1 x = invariant'1 x - let rec closure0'0 (_1:closure0'1) (return' (ret:uint32))= {[@expl:closure '_1' type invariant] inv'1 _1} + let rec closure0'0 (_1:closure0'1) (return' (ret:UInt32.t))= {[@expl:closure '_1' type invariant] inv'1 _1} {[@expl:closure requires] [%#s08_multiple_calls2] _1.field_0'0 = _1.field_0'0} (! bb0 [ bb0 = s0 - [ s0 = [ &res <- [%#s08_multiple_calls1] (0 : uint32) ] s1 | s1 = [ &_0 <- res ] s2 | s2 = return' {_0} ] + [ s0 = [ &res <- [%#s08_multiple_calls1] (0 : UInt32.t) ] s1 | s1 = [ &_0 <- res ] s2 | s2 = return' {_0} ] ] - ) [ & _0 : uint32 = any_l () | & res : uint32 = any_l () ] [ return' (result:uint32)-> (! return' {result}) ] + ) [ & _0 : UInt32.t = any_l () | & res : UInt32.t = any_l () ] + [ return' (result:UInt32.t)-> (! return' {result}) ] + predicate precondition'0 (self : closure0'1) (args : ()) = [%#s08_multiple_calls2] let () = args in self.field_0'0 = self.field_0'0 - predicate postcondition_once'1 (self : closure0'1) (args : ()) (result : uint32) = + predicate postcondition_once'1 (self : closure0'1) (args : ()) (result : UInt32.t) = let () = args in true predicate resolve'2 (_1 : t_T'0) @@ -76,12 +80,12 @@ module M_08_multiple_calls__multi_use [#"08_multiple_calls.rs" 4 0 4 26] predicate unnest'1 (self : closure0'1) (_2 : closure0'1) = _2.field_0'0 = self.field_0'0 - predicate postcondition_mut'1 (self : closure0'1) (args : ()) (result_state : closure0'1) (result : uint32) = + predicate postcondition_mut'1 (self : closure0'1) (args : ()) (result_state : closure0'1) (result : UInt32.t) = (let () = args in true) /\ unnest'1 self result_state - function fn_mut_once'1 (self : closure0'1) (args : ()) (res : uint32) : () + function fn_mut_once'1 (self : closure0'1) (args : ()) (res : UInt32.t) : () - axiom fn_mut_once'1_spec : forall self : closure0'1, args : (), res : uint32 . [%#sops15] postcondition_once'1 self args res + axiom fn_mut_once'1_spec : forall self : closure0'1, args : (), res : UInt32.t . [%#sops15] postcondition_once'1 self args res = (exists res_state : closure0'1 . postcondition_mut'1 self args res_state res /\ resolve'1 res_state) function unnest_trans'1 (self : closure0'1) (b : closure0'1) (c : closure0'1) : () @@ -93,36 +97,36 @@ module M_08_multiple_calls__multi_use [#"08_multiple_calls.rs" 4 0 4 26] axiom unnest_refl'1_spec : forall self : closure0'1 . [%#sops11] unnest'1 self self - function postcondition_mut_unnest'1 (self : closure0'1) (args : ()) (res_state : closure0'1) (res : uint32) : () + function postcondition_mut_unnest'1 (self : closure0'1) (args : ()) (res_state : closure0'1) (res : UInt32.t) : () - axiom postcondition_mut_unnest'1_spec : forall self : closure0'1, args : (), res_state : closure0'1, res : uint32 . ([%#sops9] postcondition_mut'1 self args res_state res) + axiom postcondition_mut_unnest'1_spec : forall self : closure0'1, args : (), res_state : closure0'1, res : UInt32.t . ([%#sops9] postcondition_mut'1 self args res_state res) -> ([%#sops10] unnest'1 self res_state) - predicate postcondition'1 (self : closure0'1) (args : ()) (result : uint32) = + predicate postcondition'1 (self : closure0'1) (args : ()) (result : UInt32.t) = let () = args in true - function fn_once'1 (self : closure0'1) (args : ()) (res : uint32) : () + function fn_once'1 (self : closure0'1) (args : ()) (res : UInt32.t) : () - axiom fn_once'1_spec : forall self : closure0'1, args : (), res : uint32 . [%#sops7] postcondition_once'1 self args res + axiom fn_once'1_spec : forall self : closure0'1, args : (), res : UInt32.t . [%#sops7] postcondition_once'1 self args res = (resolve'1 self /\ postcondition'1 self args res) - function fn_mut'1 (self : closure0'1) (args : ()) (res_state : closure0'1) (res : uint32) : () + function fn_mut'1 (self : closure0'1) (args : ()) (res_state : closure0'1) (res : UInt32.t) : () - axiom fn_mut'1_spec : forall self : closure0'1, args : (), res_state : closure0'1, res : uint32 . [%#sops6] postcondition_mut'1 self args res_state res + axiom fn_mut'1_spec : forall self : closure0'1, args : (), res_state : closure0'1, res : UInt32.t . [%#sops6] postcondition_mut'1 self args res_state res = (self = res_state /\ postcondition'1 self args res) - predicate postcondition_once'0 (self : closure0'1) (args : ()) (result : uint32) = + predicate postcondition_once'0 (self : closure0'1) (args : ()) (result : UInt32.t) = postcondition'1 self args result predicate resolve'0 (_1 : closure0'1) = true - predicate postcondition_mut'0 (self : closure0'1) (args : ()) (result_state : closure0'1) (result : uint32) = + predicate postcondition_mut'0 (self : closure0'1) (args : ()) (result_state : closure0'1) (result : UInt32.t) = postcondition'1 self args result /\ self = result_state - function fn_mut_once'0 (self : closure0'1) (args : ()) (res : uint32) : () + function fn_mut_once'0 (self : closure0'1) (args : ()) (res : UInt32.t) : () - axiom fn_mut_once'0_spec : forall self : closure0'1, args : (), res : uint32 . [%#sops15] postcondition_once'0 self args res + axiom fn_mut_once'0_spec : forall self : closure0'1, args : (), res : UInt32.t . [%#sops15] postcondition_once'0 self args res = (exists res_state : closure0'1 . postcondition_mut'0 self args res_state res /\ resolve'0 res_state) predicate unnest'0 (self : closure0'1) (_2 : closure0'1) @@ -136,28 +140,28 @@ module M_08_multiple_calls__multi_use [#"08_multiple_calls.rs" 4 0 4 26] axiom unnest_refl'0_spec : forall self : closure0'1 . [%#sops11] unnest'0 self self - function postcondition_mut_unnest'0 (self : closure0'1) (args : ()) (res_state : closure0'1) (res : uint32) : () + function postcondition_mut_unnest'0 (self : closure0'1) (args : ()) (res_state : closure0'1) (res : UInt32.t) : () - axiom postcondition_mut_unnest'0_spec : forall self : closure0'1, args : (), res_state : closure0'1, res : uint32 . ([%#sops9] postcondition_mut'0 self args res_state res) + axiom postcondition_mut_unnest'0_spec : forall self : closure0'1, args : (), res_state : closure0'1, res : UInt32.t . ([%#sops9] postcondition_mut'0 self args res_state res) -> ([%#sops10] unnest'0 self res_state) - predicate postcondition'0 (self : closure0'1) (args : ()) (result : uint32) = + predicate postcondition'0 (self : closure0'1) (args : ()) (result : UInt32.t) = postcondition'1 self args result - function fn_once'0 (self : closure0'1) (args : ()) (res : uint32) : () + function fn_once'0 (self : closure0'1) (args : ()) (res : UInt32.t) : () - axiom fn_once'0_spec : forall self : closure0'1, args : (), res : uint32 . [%#sops7] postcondition_once'0 self args res + axiom fn_once'0_spec : forall self : closure0'1, args : (), res : UInt32.t . [%#sops7] postcondition_once'0 self args res = (resolve'0 self /\ postcondition'0 self args res) - function fn_mut'0 (self : closure0'1) (args : ()) (res_state : closure0'1) (res : uint32) : () + function fn_mut'0 (self : closure0'1) (args : ()) (res_state : closure0'1) (res : UInt32.t) : () - axiom fn_mut'0_spec : forall self : closure0'1, args : (), res_state : closure0'1, res : uint32 . [%#sops6] postcondition_mut'0 self args res_state res + axiom fn_mut'0_spec : forall self : closure0'1, args : (), res_state : closure0'1, res : UInt32.t . [%#sops6] postcondition_mut'0 self args res_state res = (self = res_state /\ postcondition'0 self args res) let rec uses_fn'0 (f:closure0'1) (return' (ret:()))= {[@expl:uses_fn 'f' type invariant] [%#s08_multiple_calls3] inv'2 f} {[@expl:uses_fn requires] [%#s08_multiple_calls4] precondition'0 f ()} any - [ return' (result:())-> {[%#s08_multiple_calls5] exists f2 : closure0'1, r : uint32 . f2 = f + [ return' (result:())-> {[%#s08_multiple_calls5] exists f2 : closure0'1, r : UInt32.t . f2 = f /\ postcondition'0 f2 () r} (! return' {result}) ] diff --git a/creusot/tests/should_succeed/closures/08_multiple_calls/why3session.xml b/creusot/tests/should_succeed/closures/08_multiple_calls/why3session.xml index 08385e9b1c..8a7c113978 100644 --- a/creusot/tests/should_succeed/closures/08_multiple_calls/why3session.xml +++ b/creusot/tests/should_succeed/closures/08_multiple_calls/why3session.xml @@ -7,7 +7,7 @@ - + diff --git a/creusot/tests/should_succeed/closures/08_multiple_calls/why3shapes.gz b/creusot/tests/should_succeed/closures/08_multiple_calls/why3shapes.gz index c408d076a9b87a72b70049d9347894e0166a8024..0c3b4c8bde56a9239e1b7cc058c9449cef7a6af9 100644 GIT binary patch literal 412 zcmV;N0b~9jiwFP!00000|8-MMZ-X!lz4I%$b?Yh4CrsJ_O+(>6`C3IZ)vC2Xp{=xk zKc_%TTPC6C+3&@&AI{4%?!H~)yZG$eZd+Gxv5uFok=s^h*KS>PTrgyZ5C)KsU@G7U zy+9!3BZxi*BwV?xyHo4g0v7upMBa-z@_Yo-YJjpA5XeUmxz=~}?(8W@GS}4Iv8=20 z_DCJC_NQ=5p~eKw=iz~^tI`j&$s>2FD&GZtiU7qe1a==2&8BjoDfwN3hE&CDD}j>4 zB51mCrwFV;ND$I&G8348+8)I-bvQ##r^wv<1@p%eeKUiMTo(DwMoOAFA1N=9D`JuB zc`vULeY1md2?|zB;`AX-C^fwxfWEr~M(N>0iXj(t1@v!SsxUW;Q^DOH({fRDy_ay1x_H-$tc{GpSkM-f1!+N8;1<9Fv#Cw2vDzvtt+14}Ecye`Rx!8b G0{{S@w!{Je literal 413 zcmV;O0b>3iiwFP!00000|8Z^s4Xdy zZJ=*oD6(SNQEs!GkBjAC`RySeUSpSr{G9rsZkr#u%^$vJv2M<>uVZuED5$rw97Q#Y zCBUEw5KuLX?AJv}-0j=p)F-u}&EYS=6U^Xh7Rzn~Jplw=%_56^8ruCiZ3w=MT{|3i zZS!0o>$Z73oW@%Q79Q^R+nw7syL7Q#mBmxjq+#R>5N)p|soS~$sU=Pf;+q2jneFN* zqoqLxWUK6!7+nYQprTy7iQE@s&+tkgR$u~48GpWOzHc!NbHNxa)ip*1c568*um&5j z1Kag1KM;G3LxDX+Z5MTMS9@@=ydVUjn*)aEwLm9JAR1ym1)(4o;vl|UyiV*Fv(NBa zp8{Gz^BCx;X)VwXjG)JT==!wiakuMQ;-6EuPpX_Y{gb`D{3k6{mJZ$V-{bpl%ra#S z+hm{E`(&P8+)FCNk~~|NyxtWmCl|;DGJ$j;3B-XYkP1cc!37&k&_MzR3M%^#;)~t( H [ &bx2 <- { bx2 with current = _ret' } ] s3) + | s2 = Int32.add {bx2.current} {[%#s09_fnonce_resolve3] (1 : Int32.t)} + (fun (_ret':Int32.t) -> [ &bx2 <- { bx2 with current = _ret' } ] s3) | s3 = -{resolve'1 bx2}- s4 | s4 = bb2 ] @@ -65,8 +65,8 @@ module M_09_fnonce_resolve__f [#"09_fnonce_resolve.rs" 4 0 4 17] end}- s1 | s1 = [ &by2 <- _1.field_2'0 ] s2 - | s2 = Int32.add {by2.current} {[%#s09_fnonce_resolve4] (1 : int32)} - (fun (_ret':int32) -> [ &by2 <- { by2 with current = _ret' } ] s3) + | s2 = Int32.add {by2.current} {[%#s09_fnonce_resolve4] (1 : Int32.t)} + (fun (_ret':Int32.t) -> [ &by2 <- { by2 with current = _ret' } ] s3) | s3 = -{resolve'1 by2}- s4 | s4 = bb4 ] @@ -77,8 +77,8 @@ module M_09_fnonce_resolve__f [#"09_fnonce_resolve.rs" 4 0 4 17] ) [ & _0 : () = any_l () | & _1 : closure0'1 = _1 - | & bx2 : borrowed int32 = any_l () - | & by2 : borrowed int32 = any_l () ] + | & bx2 : borrowed Int32.t = any_l () + | & by2 : borrowed Int32.t = any_l () ] [ return' (result:())-> {[@expl:closure ensures] [%#s09_fnonce_resolve6] Int32.to_int (_1.field_1'0).final + Int32.to_int (_1.field_2'0).final @@ -90,14 +90,16 @@ module M_09_fnonce_resolve__f [#"09_fnonce_resolve.rs" 4 0 4 17] let rec f'0 (c:bool) (return' (ret:()))= (! bb0 [ bb0 = s0 - [ s0 = [ &x <- [%#s09_fnonce_resolve0] (1 : int32) ] s1 - | s1 = [ &y <- [%#s09_fnonce_resolve1] (1 : int32) ] s2 - | s2 = Borrow.borrow_mut {x} (fun (_ret':borrowed int32) -> [ &_5 <- _ret' ] [ &x <- _ret'.final ] s3) + [ s0 = [ &x <- [%#s09_fnonce_resolve0] (1 : Int32.t) ] s1 + | s1 = [ &y <- [%#s09_fnonce_resolve1] (1 : Int32.t) ] s2 + | s2 = Borrow.borrow_mut {x} + (fun (_ret':borrowed Int32.t) -> [ &_5 <- _ret' ] [ &x <- _ret'.final ] s3) | s3 = [ &bx <- _5 ] s4 | s4 = bb1 ] | bb1 = s0 - [ s0 = Borrow.borrow_mut {y} (fun (_ret':borrowed int32) -> [ &_8 <- _ret' ] [ &y <- _ret'.final ] s1) + [ s0 = Borrow.borrow_mut {y} + (fun (_ret':borrowed Int32.t) -> [ &_8 <- _ret' ] [ &y <- _ret'.final ] s1) | s1 = bb2 ] | bb2 = s0 [ s0 = [ &by' <- _8 ] s1 | s1 = bb3 ] @@ -113,12 +115,12 @@ module M_09_fnonce_resolve__f [#"09_fnonce_resolve.rs" 4 0 4 17] ) [ & _0 : () = any_l () | & c : bool = c - | & x : int32 = any_l () - | & y : int32 = any_l () - | & bx : borrowed int32 = any_l () - | & _5 : borrowed int32 = any_l () - | & by' : borrowed int32 = any_l () - | & _8 : borrowed int32 = any_l () + | & x : Int32.t = any_l () + | & y : Int32.t = any_l () + | & bx : borrowed Int32.t = any_l () + | & _5 : borrowed Int32.t = any_l () + | & by' : borrowed Int32.t = any_l () + | & _8 : borrowed Int32.t = any_l () | & f : closure0'1 = any_l () | & _10 : () = any_l () | & _12 : () = any_l () ] diff --git a/creusot/tests/should_succeed/closures/09_fnonce_resolve/why3session.xml b/creusot/tests/should_succeed/closures/09_fnonce_resolve/why3session.xml index 0f98a459c7..03326d22a2 100644 --- a/creusot/tests/should_succeed/closures/09_fnonce_resolve/why3session.xml +++ b/creusot/tests/should_succeed/closures/09_fnonce_resolve/why3session.xml @@ -7,10 +7,10 @@ - + - - + + diff --git a/creusot/tests/should_succeed/closures/09_fnonce_resolve/why3shapes.gz b/creusot/tests/should_succeed/closures/09_fnonce_resolve/why3shapes.gz index 2a806edcab0af2c256fb88e62e73938993ec90ec..b013a91b5109fbebc8525c4c97cf21e98a3fdfe5 100644 GIT binary patch literal 381 zcmV-@0fPP?iwFP!00000|Fx9COT#b}#_#$0Hzuzz4z?cvaSXaN2Aj6lNz)GZBtE^a-6+Srev@|A z4*4i)x&)h|psUsXszgy8c6w+fP3xN}UG~+Hvkv6! z969?JIlGLUbs!IiBM&blXTy=Rt0HH8$e9@bLN2N<20<0JhI_rtQ5`=R2YJ07%8fh<~*8)QKWqOOuX?%O)1r!auw=u bLda~x`2;xd8Mp$vN6h;HmHh`)!UO;S0|L0N literal 333 zcmV-T0kZxdiwFP!00000|E-cwZ-PJ&#qWFyZnXBYe}vU09!wLW_hzq~+1()}0;>y1 z^wT$}5z|7_Ha*U~-Fa_*nWtG;f50B=@QA+7UG*9!;p{np6}&*>R9-cZ8| zxp=($7T5ocjembUU}Imf@hJ%G*Vxz;HYVqP#U{HkY$+5q4oi&XFmyeo)2p5aSnivX zx}5Uk?cSG=w1+$)4C4)bH0!H04T8noBtmN;v}VLWYy~nzA+#_?#Ds=)Ljt7nJhlm- fT`VjY3F4A)rbWiMupp9 {[@expl:closure ensures] [%#s10_tyinv5] UInt32.to_int result = 0} (! return' {result}) ] + ) [ & _0 : UInt32.t = any_l () | & _1 : closure1'1 = _1 | & res : UInt32.t = any_l () ] + [ return' (result:UInt32.t)-> {[@expl:closure ensures] [%#s10_tyinv5] UInt32.to_uint result = 0} + (! return' {result}) ] type closure0'1 = @@ -82,24 +85,25 @@ module M_10_tyinv__f [#"10_tyinv.rs" 14 0 14 35] axiom inv_axiom'1 [@rewrite] : forall x : closure0'1 [inv'1 x] . inv'1 x = invariant'1 x - let rec closure0'0 (_1:closure0'1) (return' (ret:uint32))= {[@expl:closure '_1' type invariant] inv'1 _1} + let rec closure0'0 (_1:closure0'1) (return' (ret:UInt32.t))= {[@expl:closure '_1' type invariant] inv'1 _1} (! bb0 [ bb0 = s0 - [ s0 = {[@expl:assertion] [%#s10_tyinv2] UInt32.to_int (_1.field_0'0).t_Zero__0'0 = 0} s1 + [ s0 = {[@expl:assertion] [%#s10_tyinv2] UInt32.to_uint (_1.field_0'0).t_Zero__0'0 = 0} s1 | s1 = [ &clos2 <- { field_0'1 = _1.field_1'0 } ] s2 - | s2 = closure1'0 {clos2} (fun (_ret':uint32) -> [ &_7 <- _ret' ] s3) + | s2 = closure1'0 {clos2} (fun (_ret':UInt32.t) -> [ &_7 <- _ret' ] s3) | s3 = bb1 ] | bb1 = s0 [ s0 = [ &res <- (_1.field_0'0).t_Zero__0'0 ] s1 | s1 = [ &_0 <- res ] s2 | s2 = return' {_0} ] ] ) - [ & _0 : uint32 = any_l () + [ & _0 : UInt32.t = any_l () | & _1 : closure0'1 = _1 - | & res : uint32 = any_l () + | & res : UInt32.t = any_l () | & clos2 : closure1'1 = any_l () - | & _7 : uint32 = any_l () + | & _7 : UInt32.t = any_l () | & _9 : () = any_l () ] - [ return' (result:uint32)-> {[@expl:closure ensures] [%#s10_tyinv3] UInt32.to_int result = 0} (! return' {result}) ] + [ return' (result:UInt32.t)-> {[@expl:closure ensures] [%#s10_tyinv3] UInt32.to_uint result = 0} + (! return' {result}) ] meta "compute_max_steps" 1000000 @@ -109,7 +113,7 @@ module M_10_tyinv__f [#"10_tyinv.rs" 14 0 14 35] (! bb0 [ bb0 = s0 [ s0 = [ &clos <- { field_0'0 = x; field_1'0 = y } ] s1 - | s1 = closure0'0 {clos} (fun (_ret':uint32) -> [ &_6 <- _ret' ] s2) + | s1 = closure0'0 {clos} (fun (_ret':UInt32.t) -> [ &_6 <- _ret' ] s2) | s2 = bb1 ] | bb1 = s0 [ s0 = {[@expl:type invariant] inv'0 y} s1 | s1 = {[@expl:type invariant] inv'0 x} s2 | s2 = bb2 ] @@ -120,7 +124,7 @@ module M_10_tyinv__f [#"10_tyinv.rs" 14 0 14 35] | & x : t_Zero'0 = x | & y : t_Zero'0 = y | & clos : closure0'1 = any_l () - | & _6 : uint32 = any_l () + | & _6 : UInt32.t = any_l () | & _8 : () = any_l () ] [ return' (result:())-> (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/closures/10_tyinv/why3session.xml b/creusot/tests/should_succeed/closures/10_tyinv/why3session.xml index 252096eccc..7d14f30a83 100644 --- a/creusot/tests/should_succeed/closures/10_tyinv/why3session.xml +++ b/creusot/tests/should_succeed/closures/10_tyinv/why3session.xml @@ -8,13 +8,13 @@ - + - + - + diff --git a/creusot/tests/should_succeed/closures/10_tyinv/why3shapes.gz b/creusot/tests/should_succeed/closures/10_tyinv/why3shapes.gz index e45961fda22fb139dd9319f62f00e7e8b3014967..098d94895e1612a4c010af7c8e94285a43a6812a 100644 GIT binary patch literal 348 zcmV-i0i*sOiwFP!00000|8YR8yc{yF75m<8BXKv*#cq!ng?Fk9M`%6&JSdIvE~(~~)z+QckyJq@j#10Ku* zjGk%iic`~$LA5Bj_fVx*y?gXJ*MA8p!`$IGeihS`te)96fL`)E2wOD^CBC}AwJ}%- zFLWWZ(j9548@I0}M}UjunzDc;H{1WLLkXtRot6I#4kBP!__j+m5Z>G?)_dXC_5f4% zr?pHnj7eE*fn4&kMk!RK5`a`fMH#vsI1#0Jl8YR3$T`zat6i;;5^|N+T-Oe?bGuS0 uM~ImZ>s;k>El93?pwd|-vII3@N={3a$|}uBAo@afQ}_lF!kcjB0ssI;RH5Sl literal 348 zcmV-i0i*sOiwFP!00000|81a1+>4Thv!MD8}EIc#=^kA1`nr*<`)H7U1<%Qit~HV86q z5e47#xNC>)m`U3fDj*wR{qM`;9R4-lx+1>5ji2pwkTYeo&Z1uYka5Y*IEt)W#3e5h z=KGwKJFDx+oQAmRCq%>(<6Sp=b<*rq+$_lI~>9h?b2`5tQvX u*}l}i_STzoK!t=&qdS1k_NiALbS!F>RD!6RkV@^FAAv8a=k1u_0ssIRF|d~a diff --git a/creusot/tests/should_succeed/closures/11_proof_assert_in_closure.coma b/creusot/tests/should_succeed/closures/11_proof_assert_in_closure.coma index fc495e1bf5..339084d1b9 100644 --- a/creusot/tests/should_succeed/closures/11_proof_assert_in_closure.coma +++ b/creusot/tests/should_succeed/closures/11_proof_assert_in_closure.coma @@ -3,6 +3,8 @@ module M_11_proof_assert_in_closure__immutable_capture [#"11_proof_assert_in_clo let%span s11_proof_assert_in_closure1 = "11_proof_assert_in_closure.rs" 8 22 8 31 let%span s11_proof_assert_in_closure2 = "11_proof_assert_in_closure.rs" 6 16 6 25 + use prelude.prelude.Int + use prelude.prelude.Int32 use prelude.prelude.Intrinsic @@ -10,13 +12,13 @@ module M_11_proof_assert_in_closure__immutable_capture [#"11_proof_assert_in_clo use prelude.prelude.Borrow type closure0'1 = - { field_0'0: int32 } + { field_0'0: Int32.t } let rec closure0'0 (_1:closure0'1) (return' (ret:()))= {[@expl:closure requires] [%#s11_proof_assert_in_closure2] _1.field_0'0 - = (1 : int32)} + = (1 : Int32.t)} (! bb0 [ bb0 = s0 - [ s0 = {[@expl:assertion] [%#s11_proof_assert_in_closure1] _1.field_0'0 = (1 : int32)} s1 | s1 = return' {_0} ] + [ s0 = {[@expl:assertion] [%#s11_proof_assert_in_closure1] _1.field_0'0 = (1 : Int32.t)} s1 | s1 = return' {_0} ] ] ) [ & _0 : () = any_l () | & _1 : closure0'1 = _1 ] [ return' (result:())-> (! return' {result}) ] @@ -24,7 +26,7 @@ module M_11_proof_assert_in_closure__immutable_capture [#"11_proof_assert_in_clo let rec immutable_capture'0 (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 - [ s0 = [ &x <- [%#s11_proof_assert_in_closure0] (1 : int32) ] s1 + [ s0 = [ &x <- [%#s11_proof_assert_in_closure0] (1 : Int32.t) ] s1 | s1 = [ &_4 <- { field_0'0 = x } ] s2 | s2 = closure0'0 {_4} (fun (_ret':()) -> [ &_2 <- _ret' ] s3) | s3 = bb1 ] @@ -32,7 +34,7 @@ module M_11_proof_assert_in_closure__immutable_capture [#"11_proof_assert_in_clo | bb1 = return' {_0} ] ) [ & _0 : () = any_l () - | & x : int32 = any_l () + | & x : Int32.t = any_l () | & _2 : () = any_l () | & _4 : closure0'1 = any_l () | & _6 : () = any_l () ] @@ -53,12 +55,14 @@ module M_11_proof_assert_in_closure__mutable_capture [#"11_proof_assert_in_closu let%span sops11 = "../../../../creusot-contracts/src/std/ops.rs" 118 14 118 28 let%span sops12 = "../../../../creusot-contracts/src/std/ops.rs" 123 14 124 105 + use prelude.prelude.Int + use prelude.prelude.Int32 use prelude.prelude.Borrow type closure0'1 = - { field_0'0: borrowed int32 } + { field_0'0: borrowed Int32.t } predicate resolve'3 (self : borrowed closure0'1) = [%#sresolve5] self.final = self.current @@ -71,10 +75,10 @@ module M_11_proof_assert_in_closure__mutable_capture [#"11_proof_assert_in_closu predicate postcondition_once'0 (self : closure0'1) (args : ()) (result : ()) = let () = args in true - predicate resolve'4 (self : borrowed int32) = + predicate resolve'4 (self : borrowed Int32.t) = [%#sresolve5] self.final = self.current - predicate resolve'2 (_1 : borrowed int32) = + predicate resolve'2 (_1 : borrowed Int32.t) = resolve'4 _1 predicate resolve'0 (_1 : closure0'1) = @@ -106,16 +110,16 @@ module M_11_proof_assert_in_closure__mutable_capture [#"11_proof_assert_in_closu -> ([%#sops7] unnest'0 self res_state) let rec closure0'0 (_1:borrowed closure0'1) (return' (ret:()))= {[@expl:closure requires] [%#s11_proof_assert_in_closure4] ((_1.current).field_0'0).current - = (1 : int32)} + = (1 : Int32.t)} (! bb0 [ bb0 = s0 - [ s0 = {[@expl:assertion] [%#s11_proof_assert_in_closure1] ((_1.current).field_0'0).current = (1 : int32)} s1 + [ s0 = {[@expl:assertion] [%#s11_proof_assert_in_closure1] ((_1.current).field_0'0).current = (1 : Int32.t)} s1 | s1 = - [ &_1 <- { _1 with current = { field_0'0 = { (_1.current).field_0'0 with current = ([%#s11_proof_assert_in_closure2] (2 : int32)) } } } ] + [ &_1 <- { _1 with current = { field_0'0 = { (_1.current).field_0'0 with current = ([%#s11_proof_assert_in_closure2] (2 : Int32.t)) } } } ] s2 | s2 = -{resolve'1 _1}- s3 - | s3 = {[@expl:assertion] [%#s11_proof_assert_in_closure3] ((_1.current).field_0'0).current = (2 : int32)} s4 + | s3 = {[@expl:assertion] [%#s11_proof_assert_in_closure3] ((_1.current).field_0'0).current = (2 : Int32.t)} s4 | s4 = return' {_0} ] ] ) [ & _0 : () = any_l () | & _1 : borrowed closure0'1 = _1 ] @@ -126,8 +130,9 @@ module M_11_proof_assert_in_closure__mutable_capture [#"11_proof_assert_in_closu let rec mutable_capture'0 (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 - [ s0 = [ &x <- [%#s11_proof_assert_in_closure0] (1 : int32) ] s1 - | s1 = Borrow.borrow_mut {x} (fun (_ret':borrowed int32) -> [ &_5 <- _ret' ] [ &x <- _ret'.final ] s2) + [ s0 = [ &x <- [%#s11_proof_assert_in_closure0] (1 : Int32.t) ] s1 + | s1 = Borrow.borrow_mut {x} + (fun (_ret':borrowed Int32.t) -> [ &_5 <- _ret' ] [ &x <- _ret'.final ] s2) | s2 = [ &_4 <- { field_0'0 = _5 } ] s3 | s3 = Borrow.borrow_mut {_4} (fun (_ret':borrowed closure0'1) -> [ &_3 <- _ret' ] [ &_4 <- _ret'.final ] s4) @@ -137,11 +142,11 @@ module M_11_proof_assert_in_closure__mutable_capture [#"11_proof_assert_in_closu | bb1 = s0 [ s0 = -{resolve'0 _4}- s1 | s1 = return' {_0} ] ] ) [ & _0 : () = any_l () - | & x : int32 = any_l () + | & x : Int32.t = any_l () | & _2 : () = any_l () | & _3 : borrowed closure0'1 = any_l () | & _4 : closure0'1 = any_l () - | & _5 : borrowed int32 = any_l () + | & _5 : borrowed Int32.t = any_l () | & _6 : () = any_l () ] [ return' (result:())-> (! return' {result}) ] end @@ -165,12 +170,14 @@ module M_11_proof_assert_in_closure__captures_and_call [#"11_proof_assert_in_clo let%span sops16 = "../../../../creusot-contracts/src/std/ops.rs" 118 14 118 28 let%span sops17 = "../../../../creusot-contracts/src/std/ops.rs" 123 14 124 105 + use prelude.prelude.Int + use prelude.prelude.Int32 use prelude.prelude.Borrow type closure0'1 = - { field_0'0: borrowed int32 } + { field_0'0: borrowed Int32.t } predicate resolve'1 (self : borrowed closure0'1) = [%#sresolve10] self.final = self.current @@ -181,12 +188,12 @@ module M_11_proof_assert_in_closure__captures_and_call [#"11_proof_assert_in_clo use prelude.prelude.Intrinsic predicate postcondition_once'0 (self : closure0'1) (args : ()) (result : ()) = - [%#s11_proof_assert_in_closure6] let () = args in (self.field_0'0).final = (2 : int32) + [%#s11_proof_assert_in_closure6] let () = args in (self.field_0'0).final = (2 : Int32.t) - predicate resolve'4 (self : borrowed int32) = + predicate resolve'4 (self : borrowed Int32.t) = [%#sresolve10] self.final = self.current - predicate resolve'3 (_1 : borrowed int32) = + predicate resolve'3 (_1 : borrowed Int32.t) = resolve'4 _1 predicate resolve'2 (_1 : closure0'1) = @@ -196,7 +203,7 @@ module M_11_proof_assert_in_closure__captures_and_call [#"11_proof_assert_in_clo (_2.field_0'0).final = (self.field_0'0).final predicate postcondition_mut'0 (self : closure0'1) (args : ()) (result_state : closure0'1) (result : ()) = - (let () = args in (result_state.field_0'0).current = (2 : int32)) /\ unnest'0 self result_state + (let () = args in (result_state.field_0'0).current = (2 : Int32.t)) /\ unnest'0 self result_state function fn_mut_once'0 (self : closure0'1) (args : ()) (res : ()) : () @@ -218,21 +225,21 @@ module M_11_proof_assert_in_closure__captures_and_call [#"11_proof_assert_in_clo -> ([%#sops12] unnest'0 self res_state) let rec closure0'0 (_1:borrowed closure0'1) (return' (ret:()))= {[@expl:closure requires] [%#s11_proof_assert_in_closure5] ((_1.current).field_0'0).current - = (1 : int32)} + = (1 : Int32.t)} (! bb0 [ bb0 = s0 - [ s0 = {[@expl:assertion] [%#s11_proof_assert_in_closure2] ((_1.current).field_0'0).current = (1 : int32)} s1 + [ s0 = {[@expl:assertion] [%#s11_proof_assert_in_closure2] ((_1.current).field_0'0).current = (1 : Int32.t)} s1 | s1 = - [ &_1 <- { _1 with current = { field_0'0 = { (_1.current).field_0'0 with current = ([%#s11_proof_assert_in_closure3] (2 : int32)) } } } ] + [ &_1 <- { _1 with current = { field_0'0 = { (_1.current).field_0'0 with current = ([%#s11_proof_assert_in_closure3] (2 : Int32.t)) } } } ] s2 | s2 = -{resolve'0 _1}- s3 - | s3 = {[@expl:assertion] [%#s11_proof_assert_in_closure4] ((_1.current).field_0'0).current = (2 : int32)} s4 + | s3 = {[@expl:assertion] [%#s11_proof_assert_in_closure4] ((_1.current).field_0'0).current = (2 : Int32.t)} s4 | s4 = return' {_0} ] ] ) [ & _0 : () = any_l () | & _1 : borrowed closure0'1 = _1 ] [ return' (result:())-> {[@expl:closure ensures] [%#s11_proof_assert_in_closure6] ((_1.final).field_0'0).current - = (2 : int32)} + = (2 : Int32.t)} {[@expl:closure unnest] unnest'0 _1.current _1.final} (! return' {result}) ] @@ -242,7 +249,7 @@ module M_11_proof_assert_in_closure__captures_and_call [#"11_proof_assert_in_clo axiom inv_axiom'0 [@rewrite] : forall x : closure0'1 [inv'0 x] . inv'0 x = true predicate precondition'0 (self : closure0'1) (args : ()) = - [%#s11_proof_assert_in_closure5] let () = args in (self.field_0'0).current = (1 : int32) + [%#s11_proof_assert_in_closure5] let () = args in (self.field_0'0).current = (1 : Int32.t) let rec calls_closure'0 (f:closure0'1) (return' (ret:()))= {[@expl:calls_closure 'f' type invariant] [%#s11_proof_assert_in_closure7] inv'0 f} {[@expl:calls_closure requires] [%#s11_proof_assert_in_closure8] precondition'0 f ()} @@ -252,18 +259,19 @@ module M_11_proof_assert_in_closure__captures_and_call [#"11_proof_assert_in_clo let rec captures_and_call'0 (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 - [ s0 = [ &x <- [%#s11_proof_assert_in_closure0] (1 : int32) ] s1 - | s1 = Borrow.borrow_mut {x} (fun (_ret':borrowed int32) -> [ &_3 <- _ret' ] [ &x <- _ret'.final ] s2) + [ s0 = [ &x <- [%#s11_proof_assert_in_closure0] (1 : Int32.t) ] s1 + | s1 = Borrow.borrow_mut {x} + (fun (_ret':borrowed Int32.t) -> [ &_3 <- _ret' ] [ &x <- _ret'.final ] s2) | s2 = [ &clos <- { field_0'0 = _3 } ] s3 | s3 = calls_closure'0 {clos} (fun (_ret':()) -> [ &_4 <- _ret' ] s4) | s4 = bb1 ] - | bb1 = s0 [ s0 = {[@expl:assertion] [%#s11_proof_assert_in_closure1] x = (2 : int32)} s1 | s1 = return' {_0} ] ] + | bb1 = s0 [ s0 = {[@expl:assertion] [%#s11_proof_assert_in_closure1] x = (2 : Int32.t)} s1 | s1 = return' {_0} ] ] ) [ & _0 : () = any_l () - | & x : int32 = any_l () + | & x : Int32.t = any_l () | & clos : closure0'1 = any_l () - | & _3 : borrowed int32 = any_l () + | & _3 : borrowed Int32.t = any_l () | & _4 : () = any_l () ] [ return' (result:())-> (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/closures/11_proof_assert_in_closure/why3session.xml b/creusot/tests/should_succeed/closures/11_proof_assert_in_closure/why3session.xml index 96ccc50383..e8d936c5cd 100644 --- a/creusot/tests/should_succeed/closures/11_proof_assert_in_closure/why3session.xml +++ b/creusot/tests/should_succeed/closures/11_proof_assert_in_closure/why3session.xml @@ -10,26 +10,26 @@ - + - + - + - + - + - + diff --git a/creusot/tests/should_succeed/closures/11_proof_assert_in_closure/why3shapes.gz b/creusot/tests/should_succeed/closures/11_proof_assert_in_closure/why3shapes.gz index 9308e9f6c7260365ea070f01eba8d2f799c98abe..2b61134f7712f5ce1bef02b8c603777f47ec27e4 100644 GIT binary patch literal 460 zcmV;-0WYlFAM4F7q02%K1!HM6&nwTo7W(us8-C!PhS`z&q3PN$Gc$Ym%YR3QqOVi@EP8Q>OY6viPec%0}Jm3Aq zwC#pNPkaui=q8gUwZtaZ_qQ6;HgEX-Pn;pKz{lt0UHt6#JH+zEeDROWzw61}LY}kf zm1q3__iTK^raji)K`f`)>5PL+;_d0V*z}i1pvnR${C?PPiC>5MD|(tX`G9_LDd>HE z$(RFM03s%D5?NWY&Jc4k#cSh~pc$+<^AT*0=wyo80e6OcwvGgNmoW1aBv_6{^~K~08>3PXMPB=`f=Y@k`N1ONaY CD(b-i literal 461 zcmV;;0W$s{iwFP!00000|ILz3Z`&{ohVT9rzGdr)6eU?2&_fOj9AL*m*MO2K%vfTl zwv%E1e#l4NvH@<0?hG#YfDjOGa88F|kZua7IJX^d1FGe;o)uq*?5K za@zLeVGvm0DZ5e9Tut0I0qGm(R<_Ls?tgKH)RG^c#k=^~?{|pRi}~t<%)jf&-9et! z^vW~%|2>vZEtNxi+Ei%ox71Ork)&EF6Et-v)bc|XY9OiDilysl*xz9Z?$8-jj-ijxdu%?_=e}pmMInS`|8j69L_T zlFGRzX9GHuBa7f0ffDPgwza8sO$CdpY>G-VM5ir-POOtfHW8Cc>eO+DjY^tHWvz1} zVDB72WNWj_IT~e4to;>sMPn ([%#sops7] unnest'1 self res_state) - predicate postcondition'1 (self : t_F'0) (args : uint32) (result : bool) + predicate postcondition'1 (self : t_F'0) (args : UInt32.t) (result : bool) - function fn_once'1 (self : t_F'0) (args : uint32) (res : bool) : () + function fn_once'1 (self : t_F'0) (args : UInt32.t) (res : bool) : () - axiom fn_once'1_spec : forall self : t_F'0, args : uint32, res : bool . [%#sops5] postcondition_once'1 self args res + axiom fn_once'1_spec : forall self : t_F'0, args : UInt32.t, res : bool . [%#sops5] postcondition_once'1 self args res = (resolve'1 self /\ postcondition'1 self args res) - function fn_mut'1 (self : t_F'0) (args : uint32) (res_state : t_F'0) (res : bool) : () + function fn_mut'1 (self : t_F'0) (args : UInt32.t) (res_state : t_F'0) (res : bool) : () - axiom fn_mut'1_spec : forall self : t_F'0, args : uint32, res_state : t_F'0, res : bool . [%#sops4] postcondition_mut'1 self args res_state res + axiom fn_mut'1_spec : forall self : t_F'0, args : UInt32.t, res_state : t_F'0, res : bool . [%#sops4] postcondition_mut'1 self args res_state res = (self = res_state /\ postcondition'1 self args res) - predicate postcondition_once'0 (self : t_F'0) (args : uint32) (result : bool) = + predicate postcondition_once'0 (self : t_F'0) (args : UInt32.t) (result : bool) = postcondition'1 self args result predicate resolve'0 (_1 : t_F'0) - predicate postcondition_mut'0 (self : t_F'0) (args : uint32) (result_state : t_F'0) (result : bool) = + predicate postcondition_mut'0 (self : t_F'0) (args : UInt32.t) (result_state : t_F'0) (result : bool) = postcondition'1 self args result /\ self = result_state - function fn_mut_once'0 (self : t_F'0) (args : uint32) (res : bool) : () + function fn_mut_once'0 (self : t_F'0) (args : UInt32.t) (res : bool) : () - axiom fn_mut_once'0_spec : forall self : t_F'0, args : uint32, res : bool . [%#sops12] postcondition_once'0 self args res + axiom fn_mut_once'0_spec : forall self : t_F'0, args : UInt32.t, res : bool . [%#sops12] postcondition_once'0 self args res = (exists res_state : t_F'0 . postcondition_mut'0 self args res_state res /\ resolve'0 res_state) predicate unnest'0 (self : t_F'0) (_2 : t_F'0) @@ -82,31 +84,31 @@ module M_12_borrow_instances__test1 [#"12_borrow_instances.rs" 9 0 9 59] axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops8] unnest'0 self self - function postcondition_mut_unnest'0 (self : t_F'0) (args : uint32) (res_state : t_F'0) (res : bool) : () + function postcondition_mut_unnest'0 (self : t_F'0) (args : UInt32.t) (res_state : t_F'0) (res : bool) : () - axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : uint32, res_state : t_F'0, res : bool . ([%#sops6] postcondition_mut'0 self args res_state res) + axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : UInt32.t, res_state : t_F'0, res : bool . ([%#sops6] postcondition_mut'0 self args res_state res) -> ([%#sops7] unnest'0 self res_state) - predicate postcondition'0 (self : t_F'0) (args : uint32) (result : bool) = + predicate postcondition'0 (self : t_F'0) (args : UInt32.t) (result : bool) = postcondition'1 self args result - function fn_once'0 (self : t_F'0) (args : uint32) (res : bool) : () + function fn_once'0 (self : t_F'0) (args : UInt32.t) (res : bool) : () - axiom fn_once'0_spec : forall self : t_F'0, args : uint32, res : bool . [%#sops5] postcondition_once'0 self args res + axiom fn_once'0_spec : forall self : t_F'0, args : UInt32.t, res : bool . [%#sops5] postcondition_once'0 self args res = (resolve'0 self /\ postcondition'0 self args res) - function fn_mut'0 (self : t_F'0) (args : uint32) (res_state : t_F'0) (res : bool) : () + function fn_mut'0 (self : t_F'0) (args : UInt32.t) (res_state : t_F'0) (res : bool) : () - axiom fn_mut'0_spec : forall self : t_F'0, args : uint32, res_state : t_F'0, res : bool . [%#sops4] postcondition_mut'0 self args res_state res + axiom fn_mut'0_spec : forall self : t_F'0, args : UInt32.t, res_state : t_F'0, res : bool . [%#sops4] postcondition_mut'0 self args res_state res = (self = res_state /\ postcondition'0 self args res) constant x : t_F'0 - constant n : uint32 + constant n : UInt32.t constant r : bool - function test1'0 [#"12_borrow_instances.rs" 9 0 9 59] (x : t_F'0) (n : uint32) (r : bool) : () + function test1'0 [#"12_borrow_instances.rs" 9 0 9 59] (x : t_F'0) (n : UInt32.t) (r : bool) : () goal vc_test1'0 : ([%#s12_borrow_instances0] postcondition'0 x n r = postcondition'1 x n r) && ([%#s12_borrow_instances1] forall xx : t_F'0 . postcondition_mut'0 x n xx r = (postcondition'1 x n r /\ x = xx)) @@ -129,17 +131,19 @@ module M_12_borrow_instances__test2 [#"12_borrow_instances.rs" 15 0 15 66] type t_F'0 + use prelude.prelude.Int + use prelude.prelude.UInt32 - predicate postcondition_once'1 (self : t_F'0) (args : uint32) (result : bool) + predicate postcondition_once'1 (self : t_F'0) (args : UInt32.t) (result : bool) predicate resolve'1 (_1 : t_F'0) - predicate postcondition_mut'1 (self : t_F'0) (args : uint32) (result_state : t_F'0) (result : bool) + predicate postcondition_mut'1 (self : t_F'0) (args : UInt32.t) (result_state : t_F'0) (result : bool) - function fn_mut_once'1 (self : t_F'0) (args : uint32) (res : bool) : () + function fn_mut_once'1 (self : t_F'0) (args : UInt32.t) (res : bool) : () - axiom fn_mut_once'1_spec : forall self : t_F'0, args : uint32, res : bool . [%#sops9] postcondition_once'1 self args res + axiom fn_mut_once'1_spec : forall self : t_F'0, args : UInt32.t, res : bool . [%#sops9] postcondition_once'1 self args res = (exists res_state : t_F'0 . postcondition_mut'1 self args res_state res /\ resolve'1 res_state) predicate unnest'1 (self : t_F'0) (_2 : t_F'0) @@ -153,12 +157,12 @@ module M_12_borrow_instances__test2 [#"12_borrow_instances.rs" 15 0 15 66] axiom unnest_refl'1_spec : forall self : t_F'0 . [%#sops5] unnest'1 self self - function postcondition_mut_unnest'1 (self : t_F'0) (args : uint32) (res_state : t_F'0) (res : bool) : () + function postcondition_mut_unnest'1 (self : t_F'0) (args : UInt32.t) (res_state : t_F'0) (res : bool) : () - axiom postcondition_mut_unnest'1_spec : forall self : t_F'0, args : uint32, res_state : t_F'0, res : bool . ([%#sops3] postcondition_mut'1 self args res_state res) + axiom postcondition_mut_unnest'1_spec : forall self : t_F'0, args : UInt32.t, res_state : t_F'0, res : bool . ([%#sops3] postcondition_mut'1 self args res_state res) -> ([%#sops4] unnest'1 self res_state) - predicate postcondition_once'0 (self : borrowed t_F'0) (args : uint32) (result : bool) = + predicate postcondition_once'0 (self : borrowed t_F'0) (args : UInt32.t) (result : bool) = postcondition_mut'1 self.current args self.final result predicate resolve'2 (self : borrowed t_F'0) = @@ -167,13 +171,14 @@ module M_12_borrow_instances__test2 [#"12_borrow_instances.rs" 15 0 15 66] predicate resolve'0 (_1 : borrowed t_F'0) = resolve'2 _1 - predicate postcondition_mut'0 (self : borrowed t_F'0) (args : uint32) (result_state : borrowed t_F'0) (result : bool) + predicate postcondition_mut'0 (self : borrowed t_F'0) (args : UInt32.t) (result_state : borrowed t_F'0) (result : bool) + = postcondition_mut'1 self.current args result_state.current result /\ self.final = result_state.final - function fn_mut_once'0 (self : borrowed t_F'0) (args : uint32) (res : bool) : () + function fn_mut_once'0 (self : borrowed t_F'0) (args : UInt32.t) (res : bool) : () - axiom fn_mut_once'0_spec : forall self : borrowed t_F'0, args : uint32, res : bool . [%#sops9] postcondition_once'0 self args res + axiom fn_mut_once'0_spec : forall self : borrowed t_F'0, args : UInt32.t, res : bool . [%#sops9] postcondition_once'0 self args res = (exists res_state : borrowed t_F'0 . postcondition_mut'0 self args res_state res /\ resolve'0 res_state) predicate unnest'0 (self : borrowed t_F'0) (_2 : borrowed t_F'0) @@ -187,19 +192,19 @@ module M_12_borrow_instances__test2 [#"12_borrow_instances.rs" 15 0 15 66] axiom unnest_refl'0_spec : forall self : borrowed t_F'0 . [%#sops5] unnest'0 self self - function postcondition_mut_unnest'0 (self : borrowed t_F'0) (args : uint32) (res_state : borrowed t_F'0) (res : bool) : () + function postcondition_mut_unnest'0 (self : borrowed t_F'0) (args : UInt32.t) (res_state : borrowed t_F'0) (res : bool) : () - axiom postcondition_mut_unnest'0_spec : forall self : borrowed t_F'0, args : uint32, res_state : borrowed t_F'0, res : bool . ([%#sops3] postcondition_mut'0 self args res_state res) + axiom postcondition_mut_unnest'0_spec : forall self : borrowed t_F'0, args : UInt32.t, res_state : borrowed t_F'0, res : bool . ([%#sops3] postcondition_mut'0 self args res_state res) -> ([%#sops4] unnest'0 self res_state) constant x : borrowed t_F'0 - constant n : uint32 + constant n : UInt32.t constant r : bool - function test2'0 [#"12_borrow_instances.rs" 15 0 15 66] (x : borrowed t_F'0) (n : uint32) (r : bool) : () + function test2'0 [#"12_borrow_instances.rs" 15 0 15 66] (x : borrowed t_F'0) (n : UInt32.t) (r : bool) : () goal vc_test2'0 : ([%#s12_borrow_instances0] forall xx : borrowed t_F'0 . postcondition_mut'0 x n xx r = (postcondition_mut'1 x.current n xx.current r /\ x.final = xx.final)) diff --git a/creusot/tests/should_succeed/closures/12_borrow_instances/why3session.xml b/creusot/tests/should_succeed/closures/12_borrow_instances/why3session.xml index ef1b77ee05..d7d93753f3 100644 --- a/creusot/tests/should_succeed/closures/12_borrow_instances/why3session.xml +++ b/creusot/tests/should_succeed/closures/12_borrow_instances/why3session.xml @@ -7,12 +7,12 @@ - + - + diff --git a/creusot/tests/should_succeed/closures/12_borrow_instances/why3shapes.gz b/creusot/tests/should_succeed/closures/12_borrow_instances/why3shapes.gz index ef1eebec5c1b51fc14eb1df61ea4aea284bd6f9d..1f085b6730d8c5ff4797ae4d0280f336fb0eb335 100644 GIT binary patch delta 456 zcmV;(0XP2A1JeVL6@RtelgHn#)B}e`&L5cTYBn)yq+LjXthWEY10(?w(yoMr$M4N} zJnzBRr@Z||$JFNUsc8>&^*y)w)3=P8)Yh->=?kDL=vcSiuCDfnjv3Eyr;fJ;GKBKy z?;EtPcIgbuO-84xN^Q^AXtz^j7Li6Xr#f`=&?AWLY7ZU*V}A(1^aaisNCbtTi`i8` zKIryBUaMmeEP^lS$FO#{CB|0HG{?-%G(CY*u8og-4k&vRC9IF|N`Yw>9P!A_b{6ZK zm~p*Gu>34G9LlgZ&JpsAq7rw55U5yhiAoi-+bMX^`-Qw#N24;RTtCo$ZPx~RrCDa) zt3n@CQL}#bh<|Z)`atE2&!rA$_7JB~v-w=s<*Y2d9lJlz!-q829?S#nN4K$K^h50@ zLtd2|Y&g?;Fxz&CyF~(j9but;@3;rr_f8x9c&FLuaN3=kCRN>VL`E3f`5!G$=y z*_x~Wl11tBnz{c{sYf?iM&5cL8|Xy@>8-UYSmns6kU;`@(mALIG6F;pF+?9-w9!Nz yRpi|$GHHV|R+UZ|U&^x7WRfq#i`(z5*=aEp@DW@D8^J`FQvU+1-Dlc61poj^km*wZ delta 455 zcmV;&0XY8C1JVPK6@R7OlV`?XRN4cFBIggxb!9n5jkF6XkX8EcD#WwwnO?#}XAE{1Xz9+tkZTD; z{(eB~D#R;{MdHs@72BRKS?{MxEh@=sPBm=irDYKN)iYSm7=Hu<6v-0b0Ru7+gUn}F z0o*w4jl4ETF=z&x``2M@9!HEvxzY@SEhhB@Bd*CO7&68lWrTGJ?-ZD{5RAmA_On_( z)Wj$k4VqCeUKqw~P0kUrj2V-75<)Nm6EaagyB)#C*>B{vIg&{+nO@L-t=9y-(=?NL zcEw+O<(u`rM}I8$ul~Yh^RKlId-f2M^-b}$uG?No{5W-g-i8lp?megt@5i($2D$0| z6v(@CLkwqL4`JIcakFU17_x=;ed0E}?~^v<@yW9>;Xa(3CRW{WkhcYpc61vldG zWR$D_lEvujno<7Cr5-Jkzz9V008(W*V_O9 diff --git a/creusot/tests/should_succeed/constrained_types.coma b/creusot/tests/should_succeed/constrained_types.coma index ffa88a81c6..7356c921ab 100644 --- a/creusot/tests/should_succeed/constrained_types.coma +++ b/creusot/tests/should_succeed/constrained_types.coma @@ -1,7 +1,7 @@ module M_constrained_types__uses_concrete_instance [#"constrained_types.rs" 14 0 14 67] let%span sconstrained_types0 = "constrained_types.rs" 9 18 9 68 let%span smodel1 = "../../../creusot-contracts/src/model.rs" 79 8 79 28 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 231 20 231 67 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 309 20 309 67 let%span stuples3 = "../../../creusot-contracts/src/std/tuples.rs" 29 28 29 57 let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 78 39 78 89 let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 83 39 83 86 @@ -16,11 +16,11 @@ module M_constrained_types__uses_concrete_instance [#"constrained_types.rs" 14 0 let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 116 40 116 73 let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 117 39 117 69 let%span sord16 = "../../../creusot-contracts/src/logic/ord.rs" 122 39 122 84 - let%span snum17 = "../../../creusot-contracts/src/std/num.rs" 21 28 21 33 - let%span sord18 = "../../../creusot-contracts/src/logic/ord.rs" 225 20 225 68 - let%span sord19 = "../../../creusot-contracts/src/logic/ord.rs" 212 8 219 11 - let%span sord20 = "../../../creusot-contracts/src/logic/ord.rs" 237 20 237 68 - let%span sord21 = "../../../creusot-contracts/src/logic/ord.rs" 243 20 243 67 + let%span snum17 = "../../../creusot-contracts/src/std/num.rs" 52 28 52 33 + let%span sord18 = "../../../creusot-contracts/src/logic/ord.rs" 303 20 303 68 + let%span sord19 = "../../../creusot-contracts/src/logic/ord.rs" 290 8 297 11 + let%span sord20 = "../../../creusot-contracts/src/logic/ord.rs" 315 20 315 68 + let%span sord21 = "../../../creusot-contracts/src/logic/ord.rs" 321 20 321 67 let%span sord22 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 let%span sord23 = "../../../creusot-contracts/src/logic/ord.rs" 78 39 78 89 let%span sord24 = "../../../creusot-contracts/src/logic/ord.rs" 83 39 83 86 @@ -38,23 +38,23 @@ module M_constrained_types__uses_concrete_instance [#"constrained_types.rs" 14 0 use prelude.prelude.Borrow - use prelude.prelude.UInt32 + use prelude.prelude.Int - predicate inv'0 (_1 : (uint32, uint32)) + use prelude.prelude.UInt32 - axiom inv_axiom'0 [@rewrite] : forall x : (uint32, uint32) [inv'0 x] . inv'0 x = true + predicate inv'0 (_1 : (UInt32.t, UInt32.t)) - use prelude.prelude.Int + axiom inv_axiom'0 [@rewrite] : forall x : (UInt32.t, UInt32.t) [inv'0 x] . inv'0 x = true use prelude.prelude.UInt32 - function deep_model'2 (self : uint32) : int = - [%#snum17] UInt32.to_int self + function deep_model'2 (self : UInt32.t) : int = + [%#snum17] UInt32.to_uint self - function deep_model'1 (self : (uint32, uint32)) : (int, int) = + function deep_model'1 (self : (UInt32.t, UInt32.t)) : (int, int) = [%#stuples3] (deep_model'2 (let (a, _) = self in a), deep_model'2 (let (_, a) = self in a)) - function deep_model'0 (self : (uint32, uint32)) : (int, int) = + function deep_model'0 (self : (UInt32.t, UInt32.t)) : (int, int) = [%#smodel1] deep_model'1 self type t_Ordering'0 = @@ -168,7 +168,7 @@ module M_constrained_types__uses_concrete_instance [#"constrained_types.rs" 14 0 axiom cmp_le_log'0_spec : forall x : (int, int), y : (int, int) . [%#sord4] le_log'0 x y = (cmp_log'0 x y <> C_Greater'0) - let rec lt'0 (self:(uint32, uint32)) (other:(uint32, uint32)) (return' (ret:bool))= {[@expl:lt 'self' type invariant] inv'0 self} + let rec lt'0 (self:(UInt32.t, UInt32.t)) (other:(UInt32.t, UInt32.t)) (return' (ret:bool))= {[@expl:lt 'self' type invariant] inv'0 self} {[@expl:lt 'other' type invariant] inv'0 other} any [ return' (result:bool)-> {[%#sconstrained_types0] result = lt_log'0 (deep_model'0 self) (deep_model'0 other)} @@ -179,9 +179,9 @@ module M_constrained_types__uses_concrete_instance [#"constrained_types.rs" 14 0 meta "compute_max_steps" 1000000 - let rec uses_concrete_instance'0 (x:(uint32, uint32)) (y:(uint32, uint32)) (return' (ret:bool))= (! bb0 + let rec uses_concrete_instance'0 (x:(UInt32.t, UInt32.t)) (y:(UInt32.t, UInt32.t)) (return' (ret:bool))= (! bb0 [ bb0 = s0 [ s0 = lt'0 {x} {y} (fun (_ret':bool) -> [ &_0 <- _ret' ] s1) | s1 = bb1 ] | bb1 = return' {_0} ] - ) [ & _0 : bool = any_l () | & x : (uint32, uint32) = x | & y : (uint32, uint32) = y ] + ) [ & _0 : bool = any_l () | & x : (UInt32.t, UInt32.t) = x | & y : (UInt32.t, UInt32.t) = y ] [ return' (result:bool)-> (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/constrained_types/why3session.xml b/creusot/tests/should_succeed/constrained_types/why3session.xml index bf06988e89..e1bb9f0de9 100644 --- a/creusot/tests/should_succeed/constrained_types/why3session.xml +++ b/creusot/tests/should_succeed/constrained_types/why3session.xml @@ -7,7 +7,7 @@ - + diff --git a/creusot/tests/should_succeed/constrained_types/why3shapes.gz b/creusot/tests/should_succeed/constrained_types/why3shapes.gz index bf8464ecee2b063abf86e70557023e9fb8e183f5..961339b23d2a83dd409e4a0cfba64a487259c19d 100644 GIT binary patch literal 393 zcmV;40e1c$iwFP!00000|8;kMje#VF(Aw(G@#0t%}GQ};G0<=wv z#NRV*c+@79yom0(cRcpQCue2%5>~M*KjNlazQ3K9wmds6`gK^oeN=+Pp8%Bdt!hfS@+TxKY*aL4HED zTSq3ui2o{?-c%D7eL^2M+nC-k6GciN41z;3K|?6b7*aOLw0(j`H*%!vyumgm^n0)U zgA0$_RU0K~en|2v)s!dA7Z6`p{pWQ5ev87*m3DJKk3I$we0bKz&7zs>08h^{s!|FB nk5D5x1dCu0G=f5q2!J5aV~q|i8q}zeRTRY+-Y+<7}^uCO(jM-Y`X7pnkx8~FsvqQy03>A=6I+e^EtJbY-+XY z-il^EuZ?0RuU9aywPJ3@)A_$q&XOWu4mF0m1>6=tQl(L}ZxfE;u3ezKpi}f0vfBlD zSFKiT(!RItf+ht)36wBR+~uom=!PS6S(K^7!I6a;Cc7B5b$7-1nnf#MIN&f0n)1ONb&!NV~C diff --git a/creusot/tests/should_succeed/drop_pair.coma b/creusot/tests/should_succeed/drop_pair.coma index 6d254fe0fa..7d0c762120 100644 --- a/creusot/tests/should_succeed/drop_pair.coma +++ b/creusot/tests/should_succeed/drop_pair.coma @@ -7,27 +7,29 @@ module M_drop_pair__drop_pair [#"drop_pair.rs" 7 0 7 42] use prelude.prelude.Borrow + use prelude.prelude.Int + use prelude.prelude.UInt32 - predicate resolve'3 (self : borrowed uint32) = + predicate resolve'3 (self : borrowed UInt32.t) = [%#sresolve4] self.final = self.current - predicate resolve'2 (_1 : borrowed uint32) = + predicate resolve'2 (_1 : borrowed UInt32.t) = resolve'3 _1 - predicate resolve'1 (self : (borrowed uint32, borrowed uint32)) = + predicate resolve'1 (self : (borrowed UInt32.t, borrowed UInt32.t)) = [%#sresolve3] resolve'2 (let (a, _) = self in a) /\ resolve'2 (let (_, a) = self in a) - predicate resolve'0 (_1 : (borrowed uint32, borrowed uint32)) = + predicate resolve'0 (_1 : (borrowed UInt32.t, borrowed UInt32.t)) = resolve'1 _1 use prelude.prelude.Intrinsic meta "compute_max_steps" 1000000 - let rec drop_pair'0 (_x:(borrowed uint32, borrowed uint32)) (return' (ret:()))= (! bb0 + let rec drop_pair'0 (_x:(borrowed UInt32.t, borrowed UInt32.t)) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = -{resolve'0 _x}- s1 | s1 = return' {_0} ] ] - ) [ & _0 : () = any_l () | & _x : (borrowed uint32, borrowed uint32) = _x ] + ) [ & _0 : () = any_l () | & _x : (borrowed UInt32.t, borrowed UInt32.t) = _x ] [ return' (result:())-> {[@expl:drop_pair ensures #0] [%#sdrop_pair0] resolve'0 _x} {[@expl:drop_pair ensures #1] [%#sdrop_pair1] (let (a, _) = _x in a).final = (let (a, _) = _x in a).current} {[@expl:drop_pair ensures #2] [%#sdrop_pair2] (let (_, a) = _x in a).final = (let (_, a) = _x in a).current} @@ -40,27 +42,29 @@ module M_drop_pair__drop_pair2 [#"drop_pair.rs" 9 0 9 42] use prelude.prelude.Borrow + use prelude.prelude.Int + use prelude.prelude.UInt32 - predicate resolve'3 (self : borrowed uint32) = + predicate resolve'3 (self : borrowed UInt32.t) = [%#sresolve1] self.final = self.current - predicate resolve'2 (_1 : borrowed uint32) = + predicate resolve'2 (_1 : borrowed UInt32.t) = resolve'3 _1 - predicate resolve'1 (self : (borrowed uint32, borrowed uint32)) = + predicate resolve'1 (self : (borrowed UInt32.t, borrowed UInt32.t)) = [%#sresolve0] resolve'2 (let (a, _) = self in a) /\ resolve'2 (let (_, a) = self in a) - predicate resolve'0 (_1 : (borrowed uint32, borrowed uint32)) = + predicate resolve'0 (_1 : (borrowed UInt32.t, borrowed UInt32.t)) = resolve'1 _1 use prelude.prelude.Intrinsic meta "compute_max_steps" 1000000 - let rec drop_pair2'0 (x:(borrowed uint32, borrowed uint32)) (return' (ret:()))= (! bb0 + let rec drop_pair2'0 (x:(borrowed UInt32.t, borrowed UInt32.t)) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = -{resolve'0 x}- s1 | s1 = return' {_0} ] ] - ) [ & _0 : () = any_l () | & x : (borrowed uint32, borrowed uint32) = x ] + ) [ & _0 : () = any_l () | & x : (borrowed UInt32.t, borrowed UInt32.t) = x ] [ return' (result:())-> (! return' {result}) ] end @@ -69,23 +73,25 @@ module M_drop_pair__drop [#"drop_pair.rs" 15 0 15 52] use prelude.prelude.Borrow + use prelude.prelude.Int + use prelude.prelude.UInt32 - predicate resolve'1 (self : borrowed uint32) = + predicate resolve'1 (self : borrowed UInt32.t) = [%#sresolve0] self.final = self.current - predicate resolve'0 (_1 : borrowed uint32) = + predicate resolve'0 (_1 : borrowed UInt32.t) = resolve'1 _1 use prelude.prelude.Intrinsic meta "compute_max_steps" 1000000 - let rec drop'0 (_x:borrowed uint32) (y:borrowed uint32) (return' (ret:()))= (! bb0 + let rec drop'0 (_x:borrowed UInt32.t) (y:borrowed UInt32.t) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = -{resolve'0 _x}- s1 - | s1 = Borrow.borrow_final {y.current} {Borrow.get_id y} - (fun (_ret':borrowed uint32) -> [ &_3 <- _ret' ] [ &y <- { y with current = _ret'.final } ] s2) + | s1 = Borrow.borrow_final {y.current} {Borrow.get_id y} + (fun (_ret':borrowed UInt32.t) -> [ &_3 <- _ret' ] [ &y <- { y with current = _ret'.final } ] s2) | s2 = [ &_x <- _3 ] s3 | s3 = -{resolve'0 _x}- s4 | s4 = -{resolve'0 y}- s5 @@ -93,8 +99,8 @@ module M_drop_pair__drop [#"drop_pair.rs" 15 0 15 52] ] ) [ & _0 : () = any_l () - | & _x : borrowed uint32 = _x - | & y : borrowed uint32 = y - | & _3 : borrowed uint32 = any_l () ] + | & _x : borrowed UInt32.t = _x + | & y : borrowed UInt32.t = y + | & _3 : borrowed UInt32.t = any_l () ] [ return' (result:())-> (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/drop_pair/why3session.xml b/creusot/tests/should_succeed/drop_pair/why3session.xml index 5ee43475d4..8b5b8fee2f 100644 --- a/creusot/tests/should_succeed/drop_pair/why3session.xml +++ b/creusot/tests/should_succeed/drop_pair/why3session.xml @@ -7,7 +7,7 @@ - + diff --git a/creusot/tests/should_succeed/drop_pair/why3shapes.gz b/creusot/tests/should_succeed/drop_pair/why3shapes.gz index 66afd032d33179b8e70d2d899c972afb354a3c40..1cbb20879c3d73d09a7c53150a564e38e193d024 100644 GIT binary patch literal 144 zcmV;B0B`>viwFP!00000|4q%Y3c@fHM&UhAkxlKCKiF6Whc2SvC|Ttuz0yKVL(&#} zd%>YNo^LtZN|v4y7rAgQ!x&G}$Z99(Os^qQupmF@%yF`4S5zyimNJ(yEWCl$xBs}) yV@`p!RTdY)?=*d$zn2iE^B%Q!Fq#e;1T^04UE_|mhVLM8RpJZo*jb310001itU(3< literal 145 zcmV;C0B-*uiwFP!00000|4q%Y3c@fDfZ;t)ahuvHmui~|4qZgSQL@UJT(A(+khBHg zUT`Rm|F`_x3d)NT7g#u#VT?y;pxOyKksl%jgJkENIZg)q73GSur_5yx3vbY<>wnzn zKBvISNP}m=?=*cLzn2hLE6-&0-nr%}UDs-j-rM>>-f`Djz>5@Ln6Y@Yn*aa+B~?Us diff --git a/creusot/tests/should_succeed/duration.coma b/creusot/tests/should_succeed/duration.coma index c97197321e..a3dd31dd1e 100644 --- a/creusot/tests/should_succeed/duration.coma +++ b/creusot/tests/should_succeed/duration.coma @@ -118,14 +118,14 @@ module M_duration__test_duration [#"duration.rs" 7 0 7 22] function view'0 (self : t_Duration'0) : int axiom view'0_spec : forall self : t_Duration'0 . [%#stime44] view'0 self >= 0 - /\ view'0 self <= secs_to_nanos'0 (UInt64.to_int (v_MAX'0 : UInt64.t)) + 999999999 + /\ view'0 self <= secs_to_nanos'0 (UInt64.to_uint (v_MAX'0 : UInt64.t)) + 999999999 - let rec new'0 (secs:UInt64.t) (nanos:UInt32.t) (return' (ret:t_Duration'0))= {[@expl:new requires] [%#stime42] UInt64.to_int secs - + nanos_to_secs'0 (UInt32.to_int nanos) - <= UInt64.to_int (v_MAX'0 : UInt64.t)} + let rec new'0 (secs:UInt64.t) (nanos:UInt32.t) (return' (ret:t_Duration'0))= {[@expl:new requires] [%#stime42] UInt64.to_uint secs + + nanos_to_secs'0 (UInt32.to_uint nanos) + <= UInt64.to_uint (v_MAX'0 : UInt64.t)} any [ return' (result:t_Duration'0)-> {[%#stime43] view'0 result - = secs_to_nanos'0 (UInt64.to_int secs) + UInt32.to_int nanos} + = secs_to_nanos'0 (UInt64.to_uint secs) + UInt32.to_uint nanos} (! return' {result}) ] @@ -139,27 +139,27 @@ module M_duration__test_duration [#"duration.rs" 7 0 7 22] use prelude.prelude.UInt128 let rec as_nanos'0 (self:t_Duration'0) (return' (ret:UInt128.t))= any - [ return' (result:UInt128.t)-> {[%#stime45] UInt128.to_int result = view'1 self} - {[%#stime46] UInt128.to_int result <= secs_to_nanos'0 (UInt64.to_int (v_MAX'0 : UInt64.t)) + 999999999} + [ return' (result:UInt128.t)-> {[%#stime45] UInt128.to_uint result = view'1 self} + {[%#stime46] UInt128.to_uint result <= secs_to_nanos'0 (UInt64.to_uint (v_MAX'0 : UInt64.t)) + 999999999} (! return' {result}) ] let rec from_secs'0 (secs:UInt64.t) (return' (ret:t_Duration'0))= any - [ return' (result:t_Duration'0)-> {[%#stime47] view'0 result = secs_to_nanos'0 (UInt64.to_int secs)} + [ return' (result:t_Duration'0)-> {[%#stime47] view'0 result = secs_to_nanos'0 (UInt64.to_uint secs)} (! return' {result}) ] let rec from_millis'0 (millis:UInt64.t) (return' (ret:t_Duration'0))= any - [ return' (result:t_Duration'0)-> {[%#stime48] view'0 result = UInt64.to_int millis * 1000000} + [ return' (result:t_Duration'0)-> {[%#stime48] view'0 result = UInt64.to_uint millis * 1000000} (! return' {result}) ] let rec from_micros'0 (micros:UInt64.t) (return' (ret:t_Duration'0))= any - [ return' (result:t_Duration'0)-> {[%#stime49] view'0 result = UInt64.to_int micros * 1000} (! return' {result}) ] + [ return' (result:t_Duration'0)-> {[%#stime49] view'0 result = UInt64.to_uint micros * 1000} (! return' {result}) ] let rec from_nanos'0 (nanos:UInt64.t) (return' (ret:t_Duration'0))= any - [ return' (result:t_Duration'0)-> {[%#stime50] view'0 result = UInt64.to_int nanos} (! return' {result}) ] + [ return' (result:t_Duration'0)-> {[%#stime50] view'0 result = UInt64.to_uint nanos} (! return' {result}) ] let rec is_zero'0 (self:t_Duration'0) (return' (ret:bool))= any @@ -169,7 +169,7 @@ module M_duration__test_duration [#"duration.rs" 7 0 7 22] let rec as_secs'0 (self:t_Duration'0) (return' (ret:UInt64.t))= any - [ return' (result:UInt64.t)-> {[%#stime52] UInt64.to_int result = nanos_to_secs'0 (view'1 self)} + [ return' (result:UInt64.t)-> {[%#stime52] UInt64.to_uint result = nanos_to_secs'0 (view'1 self)} (! return' {result}) ] @@ -234,7 +234,7 @@ module M_duration__test_duration [#"duration.rs" 7 0 7 22] = (cmp_log'0 x y <> C_Greater'0) let rec subsec_millis'0 (self:t_Duration'0) (return' (ret:UInt32.t))= any - [ return' (result:UInt32.t)-> {[%#stime53] UInt32.to_int result = mod (nanos_to_millis'0 (view'1 self)) 1000} + [ return' (result:UInt32.t)-> {[%#stime53] UInt32.to_uint result = mod (nanos_to_millis'0 (view'1 self)) 1000} {[%#stime54] UInt32.ult result (1000 : UInt32.t)} (! return' {result}) ] @@ -243,24 +243,24 @@ module M_duration__test_duration [#"duration.rs" 7 0 7 22] [%#stime74] div nanos 1000 let rec subsec_micros'0 (self:t_Duration'0) (return' (ret:UInt32.t))= any - [ return' (result:UInt32.t)-> {[%#stime55] UInt32.to_int result = mod (nanos_to_micros'0 (view'1 self)) 1000000} + [ return' (result:UInt32.t)-> {[%#stime55] UInt32.to_uint result = mod (nanos_to_micros'0 (view'1 self)) 1000000} {[%#stime56] UInt32.ult result (1000000 : UInt32.t)} (! return' {result}) ] let rec subsec_nanos'0 (self:t_Duration'0) (return' (ret:UInt32.t))= any - [ return' (result:UInt32.t)-> {[%#stime57] UInt32.to_int result = mod (view'1 self) 1000000000} + [ return' (result:UInt32.t)-> {[%#stime57] UInt32.to_uint result = mod (view'1 self) 1000000000} {[%#stime58] UInt32.ult result (1000000000 : UInt32.t)} (! return' {result}) ] let rec as_millis'0 (self:t_Duration'0) (return' (ret:UInt128.t))= any - [ return' (result:UInt128.t)-> {[%#stime59] UInt128.to_int result = nanos_to_millis'0 (view'1 self)} + [ return' (result:UInt128.t)-> {[%#stime59] UInt128.to_uint result = nanos_to_millis'0 (view'1 self)} (! return' {result}) ] let rec as_micros'0 (self:t_Duration'0) (return' (ret:UInt128.t))= any - [ return' (result:UInt128.t)-> {[%#stime60] UInt128.to_int result = nanos_to_micros'0 (view'1 self)} + [ return' (result:UInt128.t)-> {[%#stime60] UInt128.to_uint result = nanos_to_micros'0 (view'1 self)} (! return' {result}) ] @@ -283,8 +283,8 @@ module M_duration__test_duration [#"duration.rs" 7 0 7 22] let rec checked_add'0 (self:t_Duration'0) (rhs:t_Duration'0) (return' (ret:t_Option'0))= any [ return' (result:t_Option'0)-> {[%#stime61] nanos_to_secs'0 (view'0 self + view'0 rhs) - > UInt64.to_int (v_MAX'0 : UInt64.t) -> result = C_None'0} - {[%#stime62] nanos_to_secs'0 (view'0 self + view'0 rhs) <= UInt64.to_int (v_MAX'0 : UInt64.t) + > UInt64.to_uint (v_MAX'0 : UInt64.t) -> result = C_None'0} + {[%#stime62] nanos_to_secs'0 (view'0 self + view'0 rhs) <= UInt64.to_uint (v_MAX'0 : UInt64.t) -> deep_model'0 result = C_Some'0 (view'0 self + view'0 rhs)} (! return' {result}) ] @@ -306,22 +306,22 @@ module M_duration__test_duration [#"duration.rs" 7 0 7 22] let rec checked_mul'0 (self:t_Duration'0) (rhs:UInt32.t) (return' (ret:t_Option'0))= any - [ return' (result:t_Option'0)-> {[%#stime65] nanos_to_secs'0 (view'0 self * UInt32.to_int rhs) - > UInt64.to_int (v_MAX'0 : UInt64.t) -> result = C_None'0} - {[%#stime66] nanos_to_secs'0 (view'0 self * UInt32.to_int rhs) <= UInt64.to_int (v_MAX'0 : UInt64.t) - -> deep_model'0 result = C_Some'0 (view'0 self * UInt32.to_int rhs)} + [ return' (result:t_Option'0)-> {[%#stime65] nanos_to_secs'0 (view'0 self * UInt32.to_uint rhs) + > UInt64.to_uint (v_MAX'0 : UInt64.t) -> result = C_None'0} + {[%#stime66] nanos_to_secs'0 (view'0 self * UInt32.to_uint rhs) <= UInt64.to_uint (v_MAX'0 : UInt64.t) + -> deep_model'0 result = C_Some'0 (view'0 self * UInt32.to_uint rhs)} (! return' {result}) ] let rec checked_div'0 (self:t_Duration'0) (rhs:UInt32.t) (return' (ret:t_Option'0))= any [ return' (result:t_Option'0)-> {[%#stime67] rhs = (0 : UInt32.t) -> result = C_None'0} - {[%#stime68] rhs <> (0 : UInt32.t) -> deep_model'0 result = C_Some'0 (div (view'0 self) (UInt32.to_int rhs))} + {[%#stime68] rhs <> (0 : UInt32.t) -> deep_model'0 result = C_Some'0 (div (view'0 self) (UInt32.to_uint rhs))} (! return' {result}) ] let rec add'0 (self:t_Duration'0) (rhs:t_Duration'0) (return' (ret:t_Duration'0))= {[@expl:add requires] [%#stime69] view'0 self + view'0 rhs - <= secs_to_nanos'0 (UInt64.to_int (v_MAX'0 : UInt64.t)) + 999999999} + <= secs_to_nanos'0 (UInt64.to_uint (v_MAX'0 : UInt64.t)) + 999999999} any [ return' (result:t_Duration'0)-> {[%#stime69] view'0 self + view'0 rhs = view'0 result} (! return' {result}) ] let rec sub'0 (self:t_Duration'0) (rhs:t_Duration'0) (return' (ret:t_Duration'0))= {[@expl:sub requires] [%#stime69] view'0 self diff --git a/creusot/tests/should_succeed/duration/why3session.xml b/creusot/tests/should_succeed/duration/why3session.xml index 9f81199fdd..3e94a5ba34 100644 --- a/creusot/tests/should_succeed/duration/why3session.xml +++ b/creusot/tests/should_succeed/duration/why3session.xml @@ -7,7 +7,7 @@ - + diff --git a/creusot/tests/should_succeed/duration/why3shapes.gz b/creusot/tests/should_succeed/duration/why3shapes.gz index ceb525fffa9932a468104155298ef862d8453feb..6b1412630e2d35ac11e3cd7f8b57b91c15bcefd8 100644 GIT binary patch literal 550 zcmV+>0@?i^iwFP!00000|DBb=j+-zLhVMK@ZfUbx$p+hyYO_*Ql^UtdWh<*UG$rmf z5`iQTs=j?~L%^71yWI#Wli&Z0=bJ&wyTz>f1qWHp8hNUAW$|IgW{dY8JglJE$=`D% z5Zpl}vns92w1A?l<_J`H-W4@8>DTr5Im(uo&l(uw##|XrWT^ zga@lR*t>R*h>VaeUI8GTg|P>1P*OqUbot$plWyNT%OBTj=lN_ zyP{DxAH{v7D~JHWx6@g!p>`Y0UIWAjp6HDxCM?#28- zEf-nHx!EJe7Nu z0oz^E_e3upU^OCLTYVW!`;MfOW1}OhDbzJpABU4m8+N*&%OOj}0}72sD4nlIq0t1z zWOOKt8z6cGX2g2ddgiyi?h2A|Qwco2wUQYZ4K47n1J^MdbB7K$n{u;j++^s${|B~h zy-LkqN&Qlx7Mfbn)ZR83Q&WeUOsUC0eQ(XZjXb$O)PGX*r{H-%ND%rFg^0jUK$H<6 o0YQw08D$J3Im153m}A73JmMi|oN~egu2hb^zv^u`!(9dd0Nfu3Bme*a literal 555 zcmV+`0@VELNq1b~ZWcx#!m#M)f`))gJ)aT!TGvM+9ET&sA( zgZ0xBjaLJSL$|3ToL}okj=lBJOC+XUkH)APZCsN{%w1nzH`=72ZZ{fjo~uTVz4{2d z;-YNuNV1@TTQ_kGd8HEj!<^!}EL8Jawm!XaGaH6Yn;WGL>Au{k+)6s*Te;U6 zu-RR@mT21m)&nx7^_PWow@6w!wmNcpLTyj=v0u4%;igL(^;tUZN$6rg()v0Qx|opI zjFx16o5RfC&esgu4E(NjH2!4RQ3B8ZSI16@a)+6>%qC_-WIjS>Q)G4vnRNRH{~&gp zw}9Cjf$x`Tc&Won-7_XbU^)UOQ()2qKRN^Nu2f>KsHgUa`gdyo4?Iubvp^xvw=aZp t5<<8Q7h8A3!I6&xfw90yL}DShV1f!FLZMZGygyuT*b!I;007_s7i9nd diff --git a/creusot/tests/should_succeed/filter_positive.coma b/creusot/tests/should_succeed/filter_positive.coma index 172ea4a6e2..35d7a066a9 100644 --- a/creusot/tests/should_succeed/filter_positive.coma +++ b/creusot/tests/should_succeed/filter_positive.coma @@ -16,9 +16,9 @@ module M_filter_positive__num_of_pos [#"filter_positive.rs" 37 0 37 49] constant j : int - constant t : Seq.seq int32 + constant t : Seq.seq Int32.t - function num_of_pos'0 [#"filter_positive.rs" 37 0 37 49] (i : int) (j : int) (t : Seq.seq int32) : int + function num_of_pos'0 [#"filter_positive.rs" 37 0 37 49] (i : int) (j : int) (t : Seq.seq Int32.t) : int goal vc_num_of_pos'0 : if i >= j then true @@ -48,9 +48,9 @@ module M_filter_positive__lemma_num_of_pos_increasing [#"filter_positive.rs" 65 use prelude.prelude.Int32 - function num_of_pos'0 [#"filter_positive.rs" 37 0 37 49] (i : int) (j : int) (t : Seq.seq int32) : int + function num_of_pos'0 [#"filter_positive.rs" 37 0 37 49] (i : int) (j : int) (t : Seq.seq Int32.t) : int - axiom num_of_pos'0_def : forall i : int, j : int, t : Seq.seq int32 . num_of_pos'0 i j t + axiom num_of_pos'0_def : forall i : int, j : int, t : Seq.seq Int32.t . num_of_pos'0 i j t = ([%#sfilter_positive5] if i >= j then 0 else @@ -63,9 +63,9 @@ module M_filter_positive__lemma_num_of_pos_increasing [#"filter_positive.rs" 65 constant k : int - constant t : Seq.seq int32 + constant t : Seq.seq Int32.t - function lemma_num_of_pos_increasing'0 [#"filter_positive.rs" 65 0 65 67] (i : int) (j : int) (k : int) (t : Seq.seq int32) : () + function lemma_num_of_pos_increasing'0 [#"filter_positive.rs" 65 0 65 67] (i : int) (j : int) (k : int) (t : Seq.seq Int32.t) : () goal vc_lemma_num_of_pos_increasing'0 : ([%#sfilter_positive0] j <= k) @@ -98,9 +98,9 @@ module M_filter_positive__lemma_num_of_pos_strictly_increasing [#"filter_positiv use seq.Seq - function num_of_pos'0 [#"filter_positive.rs" 37 0 37 49] (i : int) (j : int) (t : Seq.seq int32) : int + function num_of_pos'0 [#"filter_positive.rs" 37 0 37 49] (i : int) (j : int) (t : Seq.seq Int32.t) : int - axiom num_of_pos'0_def : forall i : int, j : int, t : Seq.seq int32 . num_of_pos'0 i j t + axiom num_of_pos'0_def : forall i : int, j : int, t : Seq.seq Int32.t . num_of_pos'0 i j t = ([%#sfilter_positive5] if i >= j then 0 else @@ -109,9 +109,10 @@ module M_filter_positive__lemma_num_of_pos_strictly_increasing [#"filter_positiv constant i : int - constant t : Seq.seq int32 + constant t : Seq.seq Int32.t - function lemma_num_of_pos_strictly_increasing'0 [#"filter_positive.rs" 79 0 79 60] (i : int) (t : Seq.seq int32) : () + function lemma_num_of_pos_strictly_increasing'0 [#"filter_positive.rs" 79 0 79 60] (i : int) (t : Seq.seq Int32.t) : () + goal vc_lemma_num_of_pos_strictly_increasing'0 : ([%#sfilter_positive1] Int32.to_int (Seq.get t i) > 0) -> ([%#sfilter_positive0] 0 <= i /\ i < Seq.length t) @@ -158,22 +159,22 @@ module M_filter_positive__m [#"filter_positive.rs" 82 0 82 33] let%span svec37 = "../../../creusot-contracts/src/std/vec.rs" 155 26 155 62 let%span svec38 = "../../../creusot-contracts/src/std/vec.rs" 156 26 156 55 let%span smodel39 = "../../../creusot-contracts/src/model.rs" 88 8 88 22 - let%span sslice40 = "../../../creusot-contracts/src/std/slice.rs" 122 20 122 37 - let%span sslice41 = "../../../creusot-contracts/src/std/slice.rs" 129 20 129 37 + let%span sslice40 = "../../../creusot-contracts/src/std/slice.rs" 140 20 140 37 + let%span sslice41 = "../../../creusot-contracts/src/std/slice.rs" 147 20 147 37 let%span sops42 = "../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 let%span smodel43 = "../../../creusot-contracts/src/model.rs" 106 8 106 22 - let%span sslice44 = "../../../creusot-contracts/src/std/slice.rs" 136 20 136 94 + let%span sslice44 = "../../../creusot-contracts/src/std/slice.rs" 154 20 154 94 let%span sresolve45 = "../../../creusot-contracts/src/resolve.rs" 54 20 54 34 - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 use seq.Seq - constant v_MAX'0 : usize = (18446744073709551615 : usize) - - use prelude.prelude.Int + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) use prelude.prelude.Opaque @@ -184,29 +185,29 @@ module M_filter_positive__m [#"filter_positive.rs" 82 0 82 33] { t_Unique__pointer'0: t_NonNull'0; t_Unique__qy95zmarker'0: () } type t_Cap'0 = - { t_Cap__0'0: usize } + { t_Cap__0'0: UInt64.t } type t_RawVec'0 = { t_RawVec__ptr'0: t_Unique'0; t_RawVec__cap'0: t_Cap'0; t_RawVec__alloc'0: () } type t_Vec'0 = - { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: usize } + { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: UInt64.t } use prelude.prelude.Int32 use seq.Seq - function view'0 (self : t_Vec'0) : Seq.seq int32 + function view'0 (self : t_Vec'0) : Seq.seq Int32.t - axiom view'0_spec : forall self : t_Vec'0 . [%#svec18] Seq.length (view'0 self) <= UIntSize.to_int (v_MAX'0 : usize) + axiom view'0_spec : forall self : t_Vec'0 . [%#svec18] Seq.length (view'0 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) use seq.Seq use prelude.prelude.Int32 - function num_of_pos'0 [#"filter_positive.rs" 37 0 37 49] (i : int) (j : int) (t : Seq.seq int32) : int + function num_of_pos'0 [#"filter_positive.rs" 37 0 37 49] (i : int) (j : int) (t : Seq.seq Int32.t) : int - axiom num_of_pos'0_def : forall i : int, j : int, t : Seq.seq int32 . num_of_pos'0 i j t + axiom num_of_pos'0_def : forall i : int, j : int, t : Seq.seq Int32.t . num_of_pos'0 i j t = ([%#sfilter_positive20] if i >= j then 0 else @@ -219,94 +220,98 @@ module M_filter_positive__m [#"filter_positive.rs" 82 0 82 33] axiom inv_axiom'0 [@rewrite] : forall x : t_Vec'0 [inv'0 x] . inv'0 x = true - function view'1 (self : t_Vec'0) : Seq.seq int32 = + function view'1 (self : t_Vec'0) : Seq.seq Int32.t = [%#smodel39] view'0 self - let rec len'0 (self:t_Vec'0) (return' (ret:usize))= {[@expl:len 'self' type invariant] inv'0 self} + let rec len'0 (self:t_Vec'0) (return' (ret:UInt64.t))= {[@expl:len 'self' type invariant] inv'0 self} any - [ return' (result:usize)-> {[%#svec21] UIntSize.to_int result = Seq.length (view'1 self)} (! return' {result}) ] + [ return' (result:UInt64.t)-> {[%#svec21] UInt64.to_uint result = Seq.length (view'1 self)} (! return' {result}) ] - predicate inv'1 (_1 : usize) + predicate inv'1 (_1 : UInt64.t) - axiom inv_axiom'1 [@rewrite] : forall x : usize [inv'1 x] . inv'1 x = true + axiom inv_axiom'1 [@rewrite] : forall x : UInt64.t [inv'1 x] . inv'1 x = true - predicate in_bounds'0 [@inline:trivial] (self : usize) (seq : Seq.seq int32) = - [%#sslice40] UIntSize.to_int self < Seq.length seq + predicate in_bounds'0 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq Int32.t) = + [%#sslice40] UInt64.to_uint self < Seq.length seq - predicate inv'2 (_1 : int32) + predicate inv'2 (_1 : Int32.t) - axiom inv_axiom'2 [@rewrite] : forall x : int32 [inv'2 x] . inv'2 x = true + axiom inv_axiom'2 [@rewrite] : forall x : Int32.t [inv'2 x] . inv'2 x = true - predicate has_value'0 [@inline:trivial] (self : usize) (seq : Seq.seq int32) (out : int32) = - [%#sslice41] Seq.get seq (UIntSize.to_int self) = out + predicate has_value'0 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq Int32.t) (out : Int32.t) = + [%#sslice41] Seq.get seq (UInt64.to_uint self) = out - let rec index'0 (self:t_Vec'0) (index:usize) (return' (ret:int32))= {[@expl:index 'self' type invariant] inv'0 self} + let rec index'0 (self:t_Vec'0) (index:UInt64.t) (return' (ret:Int32.t))= {[@expl:index 'self' type invariant] inv'0 self} {[@expl:index 'index' type invariant] inv'1 index} {[@expl:index requires] [%#svec22] in_bounds'0 index (view'1 self)} any - [ return' (result:int32)-> {inv'2 result} {[%#svec23] has_value'0 index (view'1 self) result} (! return' {result}) ] + [ return' (result:Int32.t)-> {inv'2 result} + {[%#svec23] has_value'0 index (view'1 self) result} + (! return' {result}) ] - predicate inv'3 (_1 : int32) + predicate inv'3 (_1 : Int32.t) - axiom inv_axiom'3 [@rewrite] : forall x : int32 [inv'3 x] . inv'3 x = true + axiom inv_axiom'3 [@rewrite] : forall x : Int32.t [inv'3 x] . inv'3 x = true predicate inv'4 (_1 : t_Vec'0) axiom inv_axiom'4 [@rewrite] : forall x : t_Vec'0 [inv'4 x] . inv'4 x = true - function index_logic'0 [@inline:trivial] (self : t_Vec'0) (ix : int) : int32 = + function index_logic'0 [@inline:trivial] (self : t_Vec'0) (ix : int) : Int32.t = [%#sops42] Seq.get (view'0 self) ix - let rec from_elem'0 (elem:int32) (n:usize) (return' (ret:t_Vec'0))= {[@expl:from_elem 'elem' type invariant] inv'3 elem} + let rec from_elem'0 (elem:Int32.t) (n:UInt64.t) (return' (ret:t_Vec'0))= {[@expl:from_elem 'elem' type invariant] inv'3 elem} any [ return' (result:t_Vec'0)-> {inv'4 result} - {[%#svec24] Seq.length (view'0 result) = UIntSize.to_int n} - {[%#svec25] forall i : int . 0 <= i /\ i < UIntSize.to_int n -> index_logic'0 result i = elem} + {[%#svec24] Seq.length (view'0 result) = UInt64.to_uint n} + {[%#svec25] forall i : int . 0 <= i /\ i < UInt64.to_uint n -> index_logic'0 result i = elem} (! return' {result}) ] - function lemma_num_of_pos_strictly_increasing'0 [#"filter_positive.rs" 79 0 79 60] (i : int) (t : Seq.seq int32) : () + function lemma_num_of_pos_strictly_increasing'0 [#"filter_positive.rs" 79 0 79 60] (i : int) (t : Seq.seq Int32.t) : () + = [%#sfilter_positive29] () - axiom lemma_num_of_pos_strictly_increasing'0_spec : forall i : int, t : Seq.seq int32 . ([%#sfilter_positive26] 0 <= i + axiom lemma_num_of_pos_strictly_increasing'0_spec : forall i : int, t : Seq.seq Int32.t . ([%#sfilter_positive26] 0 + <= i /\ i < Seq.length t) -> ([%#sfilter_positive27] Int32.to_int (Seq.get t i) > 0) -> ([%#sfilter_positive28] num_of_pos'0 0 i t < num_of_pos'0 0 (i + 1) t) - function lemma_num_of_pos_increasing'0 [#"filter_positive.rs" 65 0 65 67] (i : int) (j : int) (k : int) (t : Seq.seq int32) : () + function lemma_num_of_pos_increasing'0 [#"filter_positive.rs" 65 0 65 67] (i : int) (j : int) (k : int) (t : Seq.seq Int32.t) : () - axiom lemma_num_of_pos_increasing'0_def : forall i : int, j : int, k : int, t : Seq.seq int32 . ([%#sfilter_positive30] j + axiom lemma_num_of_pos_increasing'0_def : forall i : int, j : int, k : int, t : Seq.seq Int32.t . ([%#sfilter_positive30] j <= k) -> lemma_num_of_pos_increasing'0 i j k t = ([%#sfilter_positive33] if j < k then lemma_num_of_pos_increasing'0 i (j + 1) k t else ()) - axiom lemma_num_of_pos_increasing'0_spec : forall i : int, j : int, k : int, t : Seq.seq int32 . ([%#sfilter_positive30] j + axiom lemma_num_of_pos_increasing'0_spec : forall i : int, j : int, k : int, t : Seq.seq Int32.t . ([%#sfilter_positive30] j <= k) -> ([%#sfilter_positive31] num_of_pos'0 i j t <= num_of_pos'0 i k t) predicate inv'5 (_1 : borrowed (t_Vec'0)) axiom inv_axiom'5 [@rewrite] : forall x : borrowed (t_Vec'0) [inv'5 x] . inv'5 x = true - function view'2 (self : borrowed (t_Vec'0)) : Seq.seq int32 = + function view'2 (self : borrowed (t_Vec'0)) : Seq.seq Int32.t = [%#smodel43] view'0 self.current - predicate inv'6 (_1 : borrowed int32) + predicate inv'6 (_1 : borrowed Int32.t) - axiom inv_axiom'6 [@rewrite] : forall x : borrowed int32 [inv'6 x] . inv'6 x = true + axiom inv_axiom'6 [@rewrite] : forall x : borrowed Int32.t [inv'6 x] . inv'6 x = true - predicate resolve_elswhere'0 [@inline:trivial] (self : usize) (old' : Seq.seq int32) (fin : Seq.seq int32) = - [%#sslice44] forall i : int . 0 <= i /\ i <> UIntSize.to_int self /\ i < Seq.length old' + predicate resolve_elswhere'0 [@inline:trivial] (self : UInt64.t) (old' : Seq.seq Int32.t) (fin : Seq.seq Int32.t) = + [%#sslice44] forall i : int . 0 <= i /\ i <> UInt64.to_uint self /\ i < Seq.length old' -> Seq.get old' i = Seq.get fin i - let rec index_mut'0 (self:borrowed (t_Vec'0)) (index:usize) (return' (ret:borrowed int32))= {[@expl:index_mut 'self' type invariant] inv'5 self} + let rec index_mut'0 (self:borrowed (t_Vec'0)) (index:UInt64.t) (return' (ret:borrowed Int32.t))= {[@expl:index_mut 'self' type invariant] inv'5 self} {[@expl:index_mut 'index' type invariant] inv'1 index} {[@expl:index_mut requires] [%#svec34] in_bounds'0 index (view'2 self)} any - [ return' (result:borrowed int32)-> {inv'6 result} + [ return' (result:borrowed Int32.t)-> {inv'6 result} {[%#svec35] has_value'0 index (view'2 self) result.current} {[%#svec36] has_value'0 index (view'0 self.final) result.final} {[%#svec37] resolve_elswhere'0 index (view'2 self) (view'0 self.final)} @@ -314,10 +319,10 @@ module M_filter_positive__m [#"filter_positive.rs" 82 0 82 33] (! return' {result}) ] - predicate resolve'1 (self : borrowed int32) = + predicate resolve'1 (self : borrowed Int32.t) = [%#sresolve45] self.final = self.current - predicate resolve'0 (_1 : borrowed int32) = + predicate resolve'0 (_1 : borrowed Int32.t) = resolve'1 _1 use prelude.prelude.Intrinsic @@ -326,95 +331,96 @@ module M_filter_positive__m [#"filter_positive.rs" 82 0 82 33] let rec m'0 (t:t_Vec'0) (return' (ret:t_Vec'0))= (! bb0 [ bb0 = s0 - [ s0 = [ &count <- [%#sfilter_positive0] (0 : usize) ] s1 - | s1 = [ &i <- [%#sfilter_positive1] (0 : usize) ] s2 + [ s0 = [ &count <- [%#sfilter_positive0] (0 : UInt64.t) ] s1 + | s1 = [ &i <- [%#sfilter_positive1] (0 : UInt64.t) ] s2 | s2 = bb1 ] | bb1 = bb2 | bb2 = bb3 | bb3 = bb3 - [ bb3 = {[@expl:loop invariant #0] [%#sfilter_positive4] UIntSize.to_int i <= Seq.length (view'0 t)} - {[@expl:loop invariant #1] [%#sfilter_positive3] UIntSize.to_int count <= UIntSize.to_int i} - {[@expl:loop invariant #2] [%#sfilter_positive2] UIntSize.to_int count - = num_of_pos'0 0 (UIntSize.to_int i) (view'0 t)} + [ bb3 = {[@expl:loop invariant #0] [%#sfilter_positive4] UInt64.to_uint i <= Seq.length (view'0 t)} + {[@expl:loop invariant #1] [%#sfilter_positive3] UInt64.to_uint count <= UInt64.to_uint i} + {[@expl:loop invariant #2] [%#sfilter_positive2] UInt64.to_uint count + = num_of_pos'0 0 (UInt64.to_uint i) (view'0 t)} (! s0) [ s0 = bb4 ] - [ bb4 = s0 [ s0 = len'0 {t} (fun (_ret':usize) -> [ &_12 <- _ret' ] s1) | s1 = bb5 ] + [ bb4 = s0 [ s0 = len'0 {t} (fun (_ret':UInt64.t) -> [ &_12 <- _ret' ] s1) | s1 = bb5 ] | bb5 = s0 - [ s0 = UIntSize.lt {i} {_12} (fun (_ret':bool) -> [ &_10 <- _ret' ] s1) + [ s0 = UInt64.lt {i} {_12} (fun (_ret':bool) -> [ &_10 <- _ret' ] s1) | s1 = any [ br0 -> {_10 = false} (! bb11) | br1 -> {_10} (! bb6) ] ] - | bb6 = s0 [ s0 = index'0 {t} {i} (fun (_ret':int32) -> [ &_17 <- _ret' ] s1) | s1 = bb7 ] + | bb6 = s0 [ s0 = index'0 {t} {i} (fun (_ret':Int32.t) -> [ &_17 <- _ret' ] s1) | s1 = bb7 ] | bb7 = s0 - [ s0 = Int32.gt {_17} {[%#sfilter_positive5] (0 : int32)} (fun (_ret':bool) -> [ &_15 <- _ret' ] s1) + [ s0 = Int32.gt {_17} {[%#sfilter_positive5] (0 : Int32.t)} (fun (_ret':bool) -> [ &_15 <- _ret' ] s1) | s1 = any [ br0 -> {_15 = false} (! bb9) | br1 -> {_15} (! bb8) ] ] | bb8 = s0 - [ s0 = UIntSize.add {count} {[%#sfilter_positive6] (1 : usize)} (fun (_ret':usize) -> [ &count <- _ret' ] s1) + [ s0 = UInt64.add {count} {[%#sfilter_positive6] (1 : UInt64.t)} + (fun (_ret':UInt64.t) -> [ &count <- _ret' ] s1) | s1 = bb10 ] | bb9 = bb10 | bb10 = s0 - [ s0 = UIntSize.add {i} {[%#sfilter_positive7] (1 : usize)} (fun (_ret':usize) -> [ &i <- _ret' ] s1) + [ s0 = UInt64.add {i} {[%#sfilter_positive7] (1 : UInt64.t)} (fun (_ret':UInt64.t) -> [ &i <- _ret' ] s1) | s1 = bb3 ] ] ] | bb11 = s0 - [ s0 = from_elem'0 {[%#sfilter_positive8] (0 : int32)} {count} (fun (_ret':t_Vec'0) -> [ &u <- _ret' ] s1) + [ s0 = from_elem'0 {[%#sfilter_positive8] (0 : Int32.t)} {count} (fun (_ret':t_Vec'0) -> [ &u <- _ret' ] s1) | s1 = bb12 ] | bb12 = s0 - [ s0 = [ &count <- [%#sfilter_positive9] (0 : usize) ] s1 - | s1 = [ &i <- [%#sfilter_positive10] (0 : usize) ] s2 + [ s0 = [ &count <- [%#sfilter_positive9] (0 : UInt64.t) ] s1 + | s1 = [ &i <- [%#sfilter_positive10] (0 : UInt64.t) ] s2 | s2 = bb13 ] | bb13 = bb14 | bb14 = bb15 | bb15 = bb15 - [ bb15 = {[@expl:loop invariant #0] [%#sfilter_positive12] UIntSize.to_int count - = num_of_pos'0 0 (UIntSize.to_int i) (view'0 t)} + [ bb15 = {[@expl:loop invariant #0] [%#sfilter_positive12] UInt64.to_uint count + = num_of_pos'0 0 (UInt64.to_uint i) (view'0 t)} {[@expl:loop invariant #1] [%#sfilter_positive11] Seq.length (view'0 u) = num_of_pos'0 0 (Seq.length (view'0 t)) (view'0 t)} (! s0) [ s0 = bb16 ] - [ bb16 = s0 [ s0 = len'0 {t} (fun (_ret':usize) -> [ &_30 <- _ret' ] s1) | s1 = bb17 ] + [ bb16 = s0 [ s0 = len'0 {t} (fun (_ret':UInt64.t) -> [ &_30 <- _ret' ] s1) | s1 = bb17 ] | bb17 = s0 - [ s0 = UIntSize.lt {i} {_30} (fun (_ret':bool) -> [ &_28 <- _ret' ] s1) + [ s0 = UInt64.lt {i} {_30} (fun (_ret':bool) -> [ &_28 <- _ret' ] s1) | s1 = any [ br0 -> {_28 = false} (! bb27) | br1 -> {_28} (! bb18) ] ] - | bb18 = s0 [ s0 = index'0 {t} {i} (fun (_ret':int32) -> [ &_35 <- _ret' ] s1) | s1 = bb19 ] + | bb18 = s0 [ s0 = index'0 {t} {i} (fun (_ret':Int32.t) -> [ &_35 <- _ret' ] s1) | s1 = bb19 ] | bb19 = s0 - [ s0 = Int32.gt {_35} {[%#sfilter_positive13] (0 : int32)} (fun (_ret':bool) -> [ &_33 <- _ret' ] s1) + [ s0 = Int32.gt {_35} {[%#sfilter_positive13] (0 : Int32.t)} (fun (_ret':bool) -> [ &_33 <- _ret' ] s1) | s1 = any [ br0 -> {_33 = false} (! bb25) | br1 -> {_33} (! bb20) ] ] | bb20 = s0 - [ s0 = {[@expl:assertion] [%#sfilter_positive14] let _ = lemma_num_of_pos_strictly_increasing'0 (UIntSize.to_int i) (view'0 u) in num_of_pos'0 0 (UIntSize.to_int i) (view'0 t) - < num_of_pos'0 0 (UIntSize.to_int i + 1) (view'0 t)} + [ s0 = {[@expl:assertion] [%#sfilter_positive14] let _ = lemma_num_of_pos_strictly_increasing'0 (UInt64.to_uint i) (view'0 u) in num_of_pos'0 0 (UInt64.to_uint i) (view'0 t) + < num_of_pos'0 0 (UInt64.to_uint i + 1) (view'0 t)} s1 | s1 = bb21 ] | bb21 = s0 - [ s0 = {[@expl:assertion] [%#sfilter_positive15] let _ = lemma_num_of_pos_increasing'0 0 (UIntSize.to_int i - + 1) (Seq.length (view'0 t)) (view'0 t) in UIntSize.to_int count < Seq.length (view'0 u)} + [ s0 = {[@expl:assertion] [%#sfilter_positive15] let _ = lemma_num_of_pos_increasing'0 0 (UInt64.to_uint i + + 1) (Seq.length (view'0 t)) (view'0 t) in UInt64.to_uint count < Seq.length (view'0 u)} s1 | s1 = bb22 ] - | bb22 = s0 [ s0 = index'0 {t} {i} (fun (_ret':int32) -> [ &_43 <- _ret' ] s1) | s1 = bb23 ] + | bb22 = s0 [ s0 = index'0 {t} {i} (fun (_ret':Int32.t) -> [ &_43 <- _ret' ] s1) | s1 = bb23 ] | bb23 = s0 [ s0 = Borrow.borrow_mut {u} (fun (_ret':borrowed (t_Vec'0)) -> [ &_47 <- _ret' ] [ &u <- _ret'.final ] s1) - | s1 = index_mut'0 {_47} {count} (fun (_ret':borrowed int32) -> [ &_46 <- _ret' ] s2) + | s1 = index_mut'0 {_47} {count} (fun (_ret':borrowed Int32.t) -> [ &_46 <- _ret' ] s2) | s2 = bb24 ] | bb24 = s0 [ s0 = [ &_46 <- { _46 with current = _43 } ] s1 | s1 = -{resolve'0 _46}- s2 - | s2 = UIntSize.add {count} {[%#sfilter_positive16] (1 : usize)} - (fun (_ret':usize) -> [ &count <- _ret' ] s3) + | s2 = UInt64.add {count} {[%#sfilter_positive16] (1 : UInt64.t)} + (fun (_ret':UInt64.t) -> [ &count <- _ret' ] s3) | s3 = bb26 ] | bb25 = bb26 | bb26 = s0 - [ s0 = UIntSize.add {i} {[%#sfilter_positive17] (1 : usize)} (fun (_ret':usize) -> [ &i <- _ret' ] s1) + [ s0 = UInt64.add {i} {[%#sfilter_positive17] (1 : UInt64.t)} (fun (_ret':UInt64.t) -> [ &i <- _ret' ] s1) | s1 = bb15 ] ] ] @@ -425,19 +431,19 @@ module M_filter_positive__m [#"filter_positive.rs" 82 0 82 33] ) [ & _0 : t_Vec'0 = any_l () | & t : t_Vec'0 = t - | & count : usize = any_l () - | & i : usize = any_l () + | & count : UInt64.t = any_l () + | & i : UInt64.t = any_l () | & _10 : bool = any_l () - | & _12 : usize = any_l () + | & _12 : UInt64.t = any_l () | & _15 : bool = any_l () - | & _17 : int32 = any_l () + | & _17 : Int32.t = any_l () | & u : t_Vec'0 = any_l () | & _28 : bool = any_l () - | & _30 : usize = any_l () + | & _30 : UInt64.t = any_l () | & _33 : bool = any_l () - | & _35 : int32 = any_l () - | & _43 : int32 = any_l () - | & _46 : borrowed int32 = any_l () + | & _35 : Int32.t = any_l () + | & _43 : Int32.t = any_l () + | & _46 : borrowed Int32.t = any_l () | & _47 : borrowed (t_Vec'0) = any_l () ] [ return' (result:t_Vec'0)-> (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/ghost/assert_in_ghost.coma b/creusot/tests/should_succeed/ghost/assert_in_ghost.coma index 7b70cff893..dd7ee3c9f3 100644 --- a/creusot/tests/should_succeed/ghost/assert_in_ghost.coma +++ b/creusot/tests/should_succeed/ghost/assert_in_ghost.coma @@ -5,6 +5,8 @@ module M_assert_in_ghost__ghost_only [#"assert_in_ghost.rs" 4 0 4 19] let%span sghost3 = "../../../../creusot-contracts/src/ghost.rs" 147 4 147 28 let%span sghost4 = "../../../../creusot-contracts/src/ghost.rs" 145 14 145 28 + use prelude.prelude.Int + use prelude.prelude.Int32 predicate inv'0 (_1 : ()) @@ -29,13 +31,13 @@ module M_assert_in_ghost__ghost_only [#"assert_in_ghost.rs" 4 0 4 19] let rec closure0'0 (_1:()) (return' (ret:t_GhostBox'0))= bb0 [ bb0 = s0 - [ s0 = [ &x <- [%#sassert_in_ghost0] (1 : int32) ] s1 - | s1 = {[@expl:assertion] [%#sassert_in_ghost1] x = (1 : int32)} s2 + [ s0 = [ &x <- [%#sassert_in_ghost0] (1 : Int32.t) ] s1 + | s1 = {[@expl:assertion] [%#sassert_in_ghost1] x = (1 : Int32.t)} s2 | s2 = new'0 {_2} (fun (_ret':t_GhostBox'0) -> [ &_0 <- _ret' ] s3) | s3 = bb1 ] | bb1 = return' {_0} ] - [ & _0 : t_GhostBox'0 = any_l () | & _2 : () = any_l () | & x : int32 = any_l () ] + [ & _0 : t_GhostBox'0 = any_l () | & _2 : () = any_l () | & x : Int32.t = any_l () ] [ return' (result:t_GhostBox'0)-> return' {result} ] @@ -58,6 +60,8 @@ module M_assert_in_ghost__ghost_capture [#"assert_in_ghost.rs" 11 0 11 22] let%span sghost3 = "../../../../creusot-contracts/src/ghost.rs" 147 4 147 28 let%span sghost4 = "../../../../creusot-contracts/src/ghost.rs" 145 14 145 28 + use prelude.prelude.Int + use prelude.prelude.Int32 predicate inv'0 (_1 : ()) @@ -83,17 +87,17 @@ module M_assert_in_ghost__ghost_capture [#"assert_in_ghost.rs" 11 0 11 22] use prelude.prelude.Borrow type closure0'1 = - { field_0'0: int32 } + { field_0'0: Int32.t } let rec closure0'0 (_1:closure0'1) (return' (ret:t_GhostBox'0))= bb0 [ bb0 = s0 [ s0 = [ &y <- _1.field_0'0 ] s1 - | s1 = {[@expl:assertion] [%#sassert_in_ghost1] y = (42 : int32)} s2 + | s1 = {[@expl:assertion] [%#sassert_in_ghost1] y = (42 : Int32.t)} s2 | s2 = new'0 {_2} (fun (_ret':t_GhostBox'0) -> [ &_0 <- _ret' ] s3) | s3 = bb1 ] | bb1 = return' {_0} ] - [ & _0 : t_GhostBox'0 = any_l () | & _1 : closure0'1 = _1 | & _2 : () = any_l () | & y : int32 = any_l () ] + [ & _0 : t_GhostBox'0 = any_l () | & _1 : closure0'1 = _1 | & _2 : () = any_l () | & y : Int32.t = any_l () ] [ return' (result:t_GhostBox'0)-> return' {result} ] @@ -101,7 +105,7 @@ module M_assert_in_ghost__ghost_capture [#"assert_in_ghost.rs" 11 0 11 22] let rec ghost_capture'0 (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 - [ s0 = [ &x <- [%#sassert_in_ghost0] (42 : int32) ] s1 + [ s0 = [ &x <- [%#sassert_in_ghost0] (42 : Int32.t) ] s1 | s1 = [ &_3 <- { field_0'0 = x } ] s2 | s2 = closure0'0 {_3} (fun (_ret':t_GhostBox'0) -> [ &_2 <- _ret' ] s3) | s3 = bb1 ] @@ -110,7 +114,7 @@ module M_assert_in_ghost__ghost_capture [#"assert_in_ghost.rs" 11 0 11 22] | bb2 = return' {_0} ] ) [ & _0 : () = any_l () - | & x : int32 = any_l () + | & x : Int32.t = any_l () | & _2 : t_GhostBox'0 = any_l () | & _3 : closure0'1 = any_l () | & _5 : () = any_l () ] @@ -131,20 +135,22 @@ module M_assert_in_ghost__ghost_mutate [#"assert_in_ghost.rs" 20 0 20 21] let%span sghost11 = "../../../../creusot-contracts/src/ghost.rs" 183 9 183 15 let%span sresolve12 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 + use prelude.prelude.Int + use prelude.prelude.Int32 - predicate inv'0 (_1 : (int32, int32)) + predicate inv'0 (_1 : (Int32.t, Int32.t)) - axiom inv_axiom'0 [@rewrite] : forall x : (int32, int32) [inv'0 x] . inv'0 x = true + axiom inv_axiom'0 [@rewrite] : forall x : (Int32.t, Int32.t) [inv'0 x] . inv'0 x = true type t_GhostBox'0 = - { t_GhostBox__0'0: (int32, int32) } + { t_GhostBox__0'0: (Int32.t, Int32.t) } predicate inv'1 (_1 : t_GhostBox'0) axiom inv_axiom'1 [@rewrite] : forall x : t_GhostBox'0 [inv'1 x] . inv'1 x = true - let rec new'0 (x:(int32, int32)) (return' (ret:t_GhostBox'0))= {[@expl:new 'x' type invariant] [%#sghost5] inv'0 x} + let rec new'0 (x:(Int32.t, Int32.t)) (return' (ret:t_GhostBox'0))= {[@expl:new 'x' type invariant] [%#sghost5] inv'0 x} any [ return' (result:t_GhostBox'0)-> {[%#sghost6] inv'1 result} {[%#sghost7] result.t_GhostBox__0'0 = x} @@ -155,12 +161,12 @@ module M_assert_in_ghost__ghost_mutate [#"assert_in_ghost.rs" 20 0 20 21] let rec closure0'0 (_1:()) (return' (ret:t_GhostBox'0))= bb0 [ bb0 = s0 - [ s0 = [ &_2 <- (([%#sassert_in_ghost0] (2 : int32)), ([%#sassert_in_ghost1] (3 : int32))) ] s1 + [ s0 = [ &_2 <- (([%#sassert_in_ghost0] (2 : Int32.t)), ([%#sassert_in_ghost1] (3 : Int32.t))) ] s1 | s1 = new'0 {_2} (fun (_ret':t_GhostBox'0) -> [ &_0 <- _ret' ] s2) | s2 = bb1 ] | bb1 = return' {_0} ] - [ & _0 : t_GhostBox'0 = any_l () | & _2 : (int32, int32) = any_l () ] + [ & _0 : t_GhostBox'0 = any_l () | & _2 : (Int32.t, Int32.t) = any_l () ] [ return' (result:t_GhostBox'0)-> return' {result} ] @@ -170,22 +176,22 @@ module M_assert_in_ghost__ghost_mutate [#"assert_in_ghost.rs" 20 0 20 21] axiom inv_axiom'2 [@rewrite] : forall x : borrowed (t_GhostBox'0) [inv'2 x] . inv'2 x = true - predicate inv'3 (_1 : borrowed (int32, int32)) + predicate inv'3 (_1 : borrowed (Int32.t, Int32.t)) - axiom inv_axiom'3 [@rewrite] : forall x : borrowed (int32, int32) [inv'3 x] . inv'3 x = true + axiom inv_axiom'3 [@rewrite] : forall x : borrowed (Int32.t, Int32.t) [inv'3 x] . inv'3 x = true - let rec deref_mut'0 (self:borrowed (t_GhostBox'0)) (return' (ret:borrowed (int32, int32)))= {[@expl:deref_mut 'self' type invariant] [%#sghost8] inv'2 self} + let rec deref_mut'0 (self:borrowed (t_GhostBox'0)) (return' (ret:borrowed (Int32.t, Int32.t)))= {[@expl:deref_mut 'self' type invariant] [%#sghost8] inv'2 self} any - [ return' (result:borrowed (int32, int32))-> {[%#sghost9] inv'3 result} + [ return' (result:borrowed (Int32.t, Int32.t))-> {[%#sghost9] inv'3 result} {[%#sghost10] result = Borrow.borrow_logic (self.current).t_GhostBox__0'0 (self.final).t_GhostBox__0'0 (Borrow.inherit_id (Borrow.get_id self) 1)} (! return' {result}) ] - predicate resolve'2 (self : borrowed (int32, int32)) = + predicate resolve'2 (self : borrowed (Int32.t, Int32.t)) = [%#sresolve12] self.final = self.current - predicate resolve'0 (_1 : borrowed (int32, int32)) = + predicate resolve'0 (_1 : borrowed (Int32.t, Int32.t)) = resolve'2 _1 type closure1'1 = @@ -225,12 +231,12 @@ module M_assert_in_ghost__ghost_mutate [#"assert_in_ghost.rs" 20 0 20 21] [ &_4 <- _ret' ] [ &_1 <- { field_0'0 = { _1.field_0'0 with current = _ret'.final } } ] s1) - | s1 = deref_mut'0 {_4} (fun (_ret':borrowed (int32, int32)) -> [ &_3 <- _ret' ] s2) + | s1 = deref_mut'0 {_4} (fun (_ret':borrowed (Int32.t, Int32.t)) -> [ &_3 <- _ret' ] s2) | s2 = bb1 ] | bb1 = s0 [ s0 = - [ &_3 <- { _3 with current = (let (_, r'1) = _3.current in (([%#sassert_in_ghost2] (4 : int32)), r'1)) } ] + [ &_3 <- { _3 with current = (let (_, r'1) = _3.current in (([%#sassert_in_ghost2] (4 : Int32.t)), r'1)) } ] s1 | s1 = -{resolve'0 _3}- s2 @@ -243,11 +249,11 @@ module M_assert_in_ghost__ghost_mutate [#"assert_in_ghost.rs" 20 0 20 21] [ & _0 : t_GhostBox'1 = any_l () | & _1 : closure1'1 = _1 | & _2 : () = any_l () - | & _3 : borrowed (int32, int32) = any_l () + | & _3 : borrowed (Int32.t, Int32.t) = any_l () | & _4 : borrowed (t_GhostBox'0) = any_l () ] [ return' (result:t_GhostBox'1)-> return' {result} ] - function inner_logic'0 (self : t_GhostBox'0) : (int32, int32) = + function inner_logic'0 (self : t_GhostBox'0) : (Int32.t, Int32.t) = [%#sghost11] self.t_GhostBox__0'0 type closure2'1 = @@ -255,8 +261,8 @@ module M_assert_in_ghost__ghost_mutate [#"assert_in_ghost.rs" 20 0 20 21] let rec closure2'0 (_1:closure2'1) (return' (ret:t_GhostBox'1))= bb0 [ bb0 = s0 - [ s0 = {[@expl:assertion] [%#sassert_in_ghost3] (let (a, _) = inner_logic'0 _1.field_0'1 in a) = (4 : int32)} s1 - | s1 = {[@expl:assertion] [%#sassert_in_ghost4] (let (_, a) = inner_logic'0 _1.field_0'1 in a) = (3 : int32)} s2 + [ s0 = {[@expl:assertion] [%#sassert_in_ghost3] (let (a, _) = inner_logic'0 _1.field_0'1 in a) = (4 : Int32.t)} s1 + | s1 = {[@expl:assertion] [%#sassert_in_ghost4] (let (_, a) = inner_logic'0 _1.field_0'1 in a) = (3 : Int32.t)} s2 | s2 = new'1 {_2} (fun (_ret':t_GhostBox'1) -> [ &_0 <- _ret' ] s3) | s3 = bb1 ] diff --git a/creusot/tests/should_succeed/ghost/assert_in_ghost/why3session.xml b/creusot/tests/should_succeed/ghost/assert_in_ghost/why3session.xml index e4fceec135..4d1ee34f56 100644 --- a/creusot/tests/should_succeed/ghost/assert_in_ghost/why3session.xml +++ b/creusot/tests/should_succeed/ghost/assert_in_ghost/why3session.xml @@ -8,17 +8,17 @@ - + - + - + diff --git a/creusot/tests/should_succeed/ghost/assert_in_ghost/why3shapes.gz b/creusot/tests/should_succeed/ghost/assert_in_ghost/why3shapes.gz index b3be12f83675182c7cc8ba2c97ac36cd570b106c..5b452fda9f7ee3f85c2cb1935cd687e60a3f10bf 100644 GIT binary patch literal 413 zcmV;O0b>3iiwFP!00000|GiU9PwOxcyysWsR^XKN`Xff-07xd4-Vym4Z5)?Igrp>C zfq(x(6PF_Bfdia8+L@hQ%j2_)xL?!8_wmkmebqLXv5YUyqv4sVX17ReVgd*?uwVj+ zCX%Rm%WJydZfc)I{%JG3<$K%j`0F7!G0RK-M2?Gi#+)0Rmd!<7#W)RYP8t^x*f$ z@dD|%!ioC(UJhtgHB|r2r~~o4bEe0{KbbW}gZ-rG-*L*4L(1lb%t>00IW}W{t(wv- z9b3--FFn~b-q&2upKs0@a~MS&3!!*YDojyBA&?U%O;AYC(wAwB8OtC`B7~AwsZyvV z^H8i>K_A|50;< Ha|8eYLhi`Y literal 416 zcmV;R0bl+fiwFP!00000|GiVej+-zLz4H~^((cJ)8{1UMVOxoU)MGVQG?-z7mOu(5 z+x`100jF8DIrPvy`DxzFdt>?e!$Umn=)hBa;&Ez+{!?t?hmXR-!_z8?=Ai-`A!`L(>r{*8Z}gOWs<1rTZqRTe;~Y1CN&p_X8h1+cj2w=T3r z5MG_n)a!z_EAghQSR`mJzwU-<{yhBLz-Iq^)%a7lppmDcJMjj{cf)iX8J3x97{}p- z>&^ZdAwiG`@Vi^w@?RD)={15`@e7hajwAQ;+F5qPQ|nh24cY)fA!us*9gpo?wlzKR z<+xqIAtZO|=e;~o)ArQ8kJXjLfKt9MG#p*TeM4> zjhDsx|J>angEo6yKi`@)=~Wa}71vT~W4+_XI_X4XsfG$%>Qk#tta6z{E+X9|#LfAt zKJkVDyn@sks@W2IFJhJJOCx*dv`aNNiK|pvsmemFYg;R>l;R{-d78W2<|a=r1HS;R K4|^$d1ONbq`P5|q diff --git a/creusot/tests/should_succeed/ghost/ghost_map.coma b/creusot/tests/should_succeed/ghost/ghost_map.coma index b0c758801c..5edc801c24 100644 --- a/creusot/tests/should_succeed/ghost/ghost_map.coma +++ b/creusot/tests/should_succeed/ghost/ghost_map.coma @@ -101,13 +101,13 @@ module M_ghost_map__ghost_map [#"ghost_map.rs" 4 0 4 18] type t_Option'3 = | C_None'3 - | C_Some'3 int32 + | C_Some'3 Int32.t use map.Map - function mk'0 (_m : Map.map int32 (t_Option'3)) : t_FMap'0 + function mk'0 (_m : Map.map Int32.t (t_Option'3)) : t_FMap'0 - function view'0 (self : t_FMap'0) : Map.map int32 (t_Option'3) + function view'0 (self : t_FMap'0) : Map.map Int32.t (t_Option'3) axiom view'0_spec : forall self : t_FMap'0 . [%#sfmap79] mk'0 (view'0 self) = self @@ -120,14 +120,14 @@ module M_ghost_map__ghost_map [#"ghost_map.rs" 4 0 4 18] use map.Map - function get_unsized'0 [@inline:trivial] (self : t_FMap'0) (k : int32) : t_Option'3 = + function get_unsized'0 [@inline:trivial] (self : t_FMap'0) (k : Int32.t) : t_Option'3 = [%#sfmap70] Map.get (view'0 self) k function ext_eq'0 (self : t_FMap'0) (other : t_FMap'0) : bool = [%#sfmap69] view'0 self = view'0 other axiom ext_eq'0_spec : forall self : t_FMap'0, other : t_FMap'0 . ([%#sfmap67] ext_eq'0 self other -> self = other) - && ([%#sfmap68] (forall k : int32 . get_unsized'0 self k = get_unsized'0 other k) -> ext_eq'0 self other) + && ([%#sfmap68] (forall k : Int32.t . get_unsized'0 self k = get_unsized'0 other k) -> ext_eq'0 self other) function is_empty'0 (self : t_FMap'0) : bool = [%#sfmap32] ext_eq'0 self (empty'0 ()) @@ -138,7 +138,7 @@ module M_ghost_map__ghost_map [#"ghost_map.rs" 4 0 4 18] use prelude.prelude.Borrow - function contains'0 [@inline:trivial] (self : t_FMap'0) (k : int32) : bool = + function contains'0 [@inline:trivial] (self : t_FMap'0) (k : Int32.t) : bool = [%#sfmap33] get_unsized'0 self k <> C_None'3 predicate inv'0 (_1 : borrowed (t_GhostBox'0)) @@ -157,38 +157,38 @@ module M_ghost_map__ghost_map [#"ghost_map.rs" 4 0 4 18] (! return' {result}) ] - predicate inv'2 (_1 : int32) + predicate inv'2 (_1 : Int32.t) - axiom inv_axiom'2 [@rewrite] : forall x : int32 [inv'2 x] . inv'2 x = true + axiom inv_axiom'2 [@rewrite] : forall x : Int32.t [inv'2 x] . inv'2 x = true type t_Option'0 = | C_None'1 - | C_Some'1 int32 + | C_Some'1 Int32.t predicate inv'3 (_1 : t_Option'0) axiom inv_axiom'3 [@rewrite] : forall x : t_Option'0 [inv'3 x] . inv'3 x = true - function make_sized'0 (self : int32) : int32 + function make_sized'0 (self : Int32.t) : Int32.t - axiom make_sized'0_spec : forall self : int32 . [%#sutil80] make_sized'0 self = self + axiom make_sized'0_spec : forall self : Int32.t . [%#sutil80] make_sized'0 self = self use map.Map - function insert'0 (self : t_FMap'0) (k : int32) (v : int32) : t_FMap'0 + function insert'0 (self : t_FMap'0) (k : Int32.t) (v : Int32.t) : t_FMap'0 - axiom insert'0_spec : forall self : t_FMap'0, k : int32, v : int32 . ([%#sfmap71] view'0 (insert'0 self k v) + axiom insert'0_spec : forall self : t_FMap'0, k : Int32.t, v : Int32.t . ([%#sfmap71] view'0 (insert'0 self k v) = Map.set (view'0 self) k (C_Some'3 (make_sized'0 v))) && ([%#sfmap72] contains'0 self k -> len'0 (insert'0 self k v) = len'0 self) && ([%#sfmap73] not contains'0 self k -> len'0 (insert'0 self k v) = len'0 self + 1) - function get'0 [@inline:trivial] (self : t_FMap'0) (k : int32) : t_Option'0 = + function get'0 [@inline:trivial] (self : t_FMap'0) (k : Int32.t) : t_Option'0 = [%#sfmap56] match get_unsized'0 self k with | C_None'3 -> C_None'1 | C_Some'3 x -> C_Some'1 x end - let rec insert_ghost'0 (self:borrowed (t_FMap'0)) (key:int32) (value:int32) (return' (ret:t_Option'0))= {[@expl:insert_ghost 'key' type invariant] [%#sfmap37] inv'2 key} + let rec insert_ghost'0 (self:borrowed (t_FMap'0)) (key:Int32.t) (value:Int32.t) (return' (ret:t_Option'0))= {[@expl:insert_ghost 'key' type invariant] [%#sfmap37] inv'2 key} {[@expl:insert_ghost 'value' type invariant] [%#sfmap38] inv'2 value} any [ return' (result:t_Option'0)-> {[%#sfmap39] inv'3 result} @@ -222,30 +222,30 @@ module M_ghost_map__ghost_map [#"ghost_map.rs" 4 0 4 18] [ return' (result:int)-> {[%#sfmap45] result = len'0 self} (! return' {result}) ] - function unwrap'0 (op : t_Option'3) : int32 + function unwrap'0 (op : t_Option'3) : Int32.t axiom unwrap'0_spec : forall op : t_Option'3 . ([%#sutil81] op <> C_None'3) -> ([%#sutil82] C_Some'3 (unwrap'0 op) = op) - function lookup_unsized'0 [@inline:trivial] (self : t_FMap'0) (k : int32) : int32 = + function lookup_unsized'0 [@inline:trivial] (self : t_FMap'0) (k : Int32.t) : Int32.t = [%#sfmap76] unwrap'0 (get_unsized'0 self k) - function lookup'0 [@inline:trivial] (self : t_FMap'0) (k : int32) : int32 = + function lookup'0 [@inline:trivial] (self : t_FMap'0) (k : Int32.t) : Int32.t = [%#sfmap46] lookup_unsized'0 self k - predicate inv'6 (_1 : int32) + predicate inv'6 (_1 : Int32.t) - axiom inv_axiom'6 [@rewrite] : forall x : int32 [inv'6 x] . inv'6 x = true + axiom inv_axiom'6 [@rewrite] : forall x : Int32.t [inv'6 x] . inv'6 x = true type t_Option'1 = | C_None'0 - | C_Some'0 (borrowed int32) + | C_Some'0 (borrowed Int32.t) predicate inv'7 (_1 : t_Option'1) axiom inv_axiom'7 [@rewrite] : forall x : t_Option'1 [inv'7 x] . inv'7 x = true - let rec get_mut_ghost'0 (self:borrowed (t_FMap'0)) (key:int32) (return' (ret:t_Option'1))= {[@expl:get_mut_ghost 'key' type invariant] [%#sfmap47] inv'6 key} + let rec get_mut_ghost'0 (self:borrowed (t_FMap'0)) (key:Int32.t) (return' (ret:t_Option'1))= {[@expl:get_mut_ghost 'key' type invariant] [%#sfmap47] inv'6 key} any [ return' (result:t_Option'1)-> {[%#sfmap48] inv'7 result} {[%#sfmap49] if contains'0 self.current key then @@ -257,31 +257,31 @@ module M_ghost_map__ghost_map [#"ghost_map.rs" 4 0 4 18] else result = C_None'0 /\ self.current = self.final } - {[%#sfmap50] forall k : int32 . k <> key -> get_unsized'0 self.current k = get_unsized'0 self.final k} + {[%#sfmap50] forall k : Int32.t . k <> key -> get_unsized'0 self.current k = get_unsized'0 self.final k} {[%#sfmap51] len'0 self.current = len'0 self.final} (! return' {result}) ] - predicate resolve'4 (self : borrowed int32) = + predicate resolve'4 (self : borrowed Int32.t) = [%#sresolve74] self.final = self.current - predicate resolve'1 (_1 : borrowed int32) = + predicate resolve'1 (_1 : borrowed Int32.t) = resolve'4 _1 - let rec v_Some'0 (input:t_Option'1) (ret (field_0:borrowed int32))= any - [ good (field_0:borrowed int32)-> {C_Some'0 field_0 = input} (! ret {field_0}) - | bad -> {forall field_0 : borrowed int32 [C_Some'0 field_0 : t_Option'1] . C_Some'0 field_0 <> input} + let rec v_Some'0 (input:t_Option'1) (ret (field_0:borrowed Int32.t))= any + [ good (field_0:borrowed Int32.t)-> {C_Some'0 field_0 = input} (! ret {field_0}) + | bad -> {forall field_0 : borrowed Int32.t [C_Some'0 field_0 : t_Option'1] . C_Some'0 field_0 <> input} (! {false} any) ] - function remove'0 (self : t_FMap'0) (k : int32) : t_FMap'0 + function remove'0 (self : t_FMap'0) (k : Int32.t) : t_FMap'0 - axiom remove'0_spec : forall self : t_FMap'0, k : int32 . ([%#sfmap77] view'0 (remove'0 self k) + axiom remove'0_spec : forall self : t_FMap'0, k : Int32.t . ([%#sfmap77] view'0 (remove'0 self k) = Map.set (view'0 self) k (C_None'3)) && ([%#sfmap78] len'0 (remove'0 self k) = (if contains'0 self k then len'0 self - 1 else len'0 self)) - let rec remove_ghost'0 (self:borrowed (t_FMap'0)) (key:int32) (return' (ret:t_Option'0))= {[@expl:remove_ghost 'key' type invariant] [%#sfmap52] inv'6 key} + let rec remove_ghost'0 (self:borrowed (t_FMap'0)) (key:Int32.t) (return' (ret:t_Option'0))= {[@expl:remove_ghost 'key' type invariant] [%#sfmap52] inv'6 key} any [ return' (result:t_Option'0)-> {[%#sfmap53] inv'3 result} {[%#sfmap54] self.final = remove'0 self.current key} @@ -289,18 +289,18 @@ module M_ghost_map__ghost_map [#"ghost_map.rs" 4 0 4 18] (! return' {result}) ] - let rec contains_ghost'0 (self:t_FMap'0) (key:int32) (return' (ret:bool))= {[@expl:contains_ghost 'key' type invariant] [%#sfmap57] inv'6 key} + let rec contains_ghost'0 (self:t_FMap'0) (key:Int32.t) (return' (ret:bool))= {[@expl:contains_ghost 'key' type invariant] [%#sfmap57] inv'6 key} any [ return' (result:bool)-> {[%#sfmap58] result = contains'0 self key} (! return' {result}) ] type t_Option'2 = | C_None'2 - | C_Some'2 int32 + | C_Some'2 Int32.t predicate inv'8 (_1 : t_Option'2) axiom inv_axiom'8 [@rewrite] : forall x : t_Option'2 [inv'8 x] . inv'8 x = true - let rec get_ghost'0 (self:t_FMap'0) (key:int32) (return' (ret:t_Option'2))= {[@expl:get_ghost 'key' type invariant] [%#sfmap59] inv'6 key} + let rec get_ghost'0 (self:t_FMap'0) (key:Int32.t) (return' (ret:t_Option'2))= {[@expl:get_ghost 'key' type invariant] [%#sfmap59] inv'6 key} any [ return' (result:t_Option'2)-> {[%#sfmap60] inv'8 result} {[%#sfmap61] if contains'0 self key then @@ -348,7 +348,7 @@ module M_ghost_map__ghost_map [#"ghost_map.rs" 4 0 4 18] let rec closure0'0 (_1:closure0'1) (return' (ret:t_GhostBox'1))= bb0 [ bb0 = s0 - [ s0 = {[@expl:assertion] [%#sghost_map2] forall k : int32 . not contains'0 (inner_logic'0 (_1.field_0'0).current) k} + [ s0 = {[@expl:assertion] [%#sghost_map2] forall k : Int32.t . not contains'0 (inner_logic'0 (_1.field_0'0).current) k} s1 | s1 = Borrow.borrow_mut {(_1.field_0'0).current} (fun (_ret':borrowed (t_GhostBox'0)) -> @@ -361,7 +361,7 @@ module M_ghost_map__ghost_map [#"ghost_map.rs" 4 0 4 18] | bb1 = s0 [ s0 = Borrow.borrow_final {_7.current} {Borrow.get_id _7} (fun (_ret':borrowed (t_FMap'0)) -> [ &_6 <- _ret' ] [ &_7 <- { _7 with current = _ret'.final } ] s1) - | s1 = insert_ghost'0 {_6} {[%#sghost_map3] (1 : int32)} {[%#sghost_map4] (21 : int32)} + | s1 = insert_ghost'0 {_6} {[%#sghost_map3] (1 : Int32.t)} {[%#sghost_map4] (21 : Int32.t)} (fun (_ret':t_Option'0) -> [ &_5 <- _ret' ] s2) | s2 = bb2 ] @@ -372,11 +372,13 @@ module M_ghost_map__ghost_map [#"ghost_map.rs" 4 0 4 18] | bb3 = s0 [ s0 = len_ghost'0 {_11} (fun (_ret':int) -> [ &length1 <- _ret' ] s1) | s1 = bb4 ] | bb4 = s0 - [ s0 = {[@expl:assertion] [%#sghost_map5] lookup'0 (inner_logic'0 (_1.field_0'0).current) (1 : int32) - = (21 : int32)} + [ s0 = {[@expl:assertion] [%#sghost_map5] lookup'0 (inner_logic'0 (_1.field_0'0).current) (1 : Int32.t) + = (21 : Int32.t)} s1 | s1 = {[@expl:assertion] [%#sghost_map6] length1 = 1} s2 - | s2 = [ &_20 <- (([%#sghost_map7] (1 : int32)), ([%#sghost_map8] (2 : int32)), ([%#sghost_map9] (3 : int32))) ] + | s2 = + [ &_20 <- (([%#sghost_map7] (1 : Int32.t)), ([%#sghost_map8] (2 : Int32.t)), ([%#sghost_map9] (3 : Int32.t))) ] + s3 | s3 = [ &x1 <- let (r'0, _, _) = _20 in r'0 ] s4 | s4 = [ &x2 <- let (_, r'1, _) = _20 in r'1 ] s5 @@ -396,7 +398,7 @@ module M_ghost_map__ghost_map [#"ghost_map.rs" 4 0 4 18] | s2 = get_mut_ghost'0 {_23} {_27} (fun (_ret':t_Option'1) -> [ &_22 <- _ret' ] s3) | s3 = bb6 ] - | bb6 = any [ br0 -> {_22 = C_None'0 } (! bb9) | br1 (x0:borrowed int32)-> {_22 = C_Some'0 x0} (! bb7) ] + | bb6 = any [ br0 -> {_22 = C_None'0 } (! bb9) | br1 (x0:borrowed Int32.t)-> {_22 = C_Some'0 x0} (! bb7) ] | bb9 = s0 [ s0 = -{match _22 with | C_Some'0 x'0 -> resolve'1 x'0 @@ -408,15 +410,15 @@ module M_ghost_map__ghost_map [#"ghost_map.rs" 4 0 4 18] | bb7 = bb8 | bb8 = s0 - [ s0 = v_Some'0 {_22} (fun (r0'0:borrowed int32) -> [ &x <- r0'0 ] s1) - | s1 = [ &x <- { x with current = ([%#sghost_map10] (42 : int32)) } ] s2 + [ s0 = v_Some'0 {_22} (fun (r0'0:borrowed Int32.t) -> [ &x <- r0'0 ] s1) + | s1 = [ &x <- { x with current = ([%#sghost_map10] (42 : Int32.t)) } ] s2 | s2 = -{resolve'1 x}- s3 | s3 = -{resolve'0 _24}- s4 | s4 = bb10 ] | bb10 = s0 - [ s0 = {[@expl:assertion] [%#sghost_map11] lookup'0 (inner_logic'0 (_1.field_0'0).current) (1 : int32) - = (42 : int32)} + [ s0 = {[@expl:assertion] [%#sghost_map11] lookup'0 (inner_logic'0 (_1.field_0'0).current) (1 : Int32.t) + = (42 : Int32.t)} s1 | s1 = Borrow.borrow_mut {(_1.field_0'0).current} (fun (_ret':borrowed (t_GhostBox'0)) -> @@ -429,7 +431,7 @@ module M_ghost_map__ghost_map [#"ghost_map.rs" 4 0 4 18] | bb11 = s0 [ s0 = Borrow.borrow_final {_34.current} {Borrow.get_id _34} (fun (_ret':borrowed (t_FMap'0)) -> [ &_33 <- _ret' ] [ &_34 <- { _34 with current = _ret'.final } ] s1) - | s1 = insert_ghost'0 {_33} {[%#sghost_map12] (2 : int32)} {[%#sghost_map13] (50 : int32)} + | s1 = insert_ghost'0 {_33} {[%#sghost_map12] (2 : Int32.t)} {[%#sghost_map13] (50 : Int32.t)} (fun (_ret':t_Option'0) -> [ &inserted_none <- _ret' ] s2) | s2 = bb12 ] @@ -446,7 +448,7 @@ module M_ghost_map__ghost_map [#"ghost_map.rs" 4 0 4 18] | bb13 = s0 [ s0 = Borrow.borrow_final {_38.current} {Borrow.get_id _38} (fun (_ret':borrowed (t_FMap'0)) -> [ &_37 <- _ret' ] [ &_38 <- { _38 with current = _ret'.final } ] s1) - | s1 = insert_ghost'0 {_37} {[%#sghost_map14] (2 : int32)} {[%#sghost_map15] (100 : int32)} + | s1 = insert_ghost'0 {_37} {[%#sghost_map14] (2 : Int32.t)} {[%#sghost_map15] (100 : Int32.t)} (fun (_ret':t_Option'0) -> [ &inserted_some <- _ret' ] s2) | s2 = bb14 ] @@ -458,13 +460,13 @@ module M_ghost_map__ghost_map [#"ghost_map.rs" 4 0 4 18] | bb15 = s0 [ s0 = len_ghost'0 {_42} (fun (_ret':int) -> [ &length2 <- _ret' ] s1) | s1 = bb16 ] | bb16 = s0 [ s0 = {[@expl:assertion] [%#sghost_map16] inserted_none = C_None'1} s1 - | s1 = {[@expl:assertion] [%#sghost_map17] inserted_some = C_Some'1 (50 : int32)} s2 + | s1 = {[@expl:assertion] [%#sghost_map17] inserted_some = C_Some'1 (50 : Int32.t)} s2 | s2 = {[@expl:assertion] [%#sghost_map18] length2 = 2} s3 - | s3 = {[@expl:assertion] [%#sghost_map19] lookup'0 (inner_logic'0 (_1.field_0'0).current) (2 : int32) - = (100 : int32)} + | s3 = {[@expl:assertion] [%#sghost_map19] lookup'0 (inner_logic'0 (_1.field_0'0).current) (2 : Int32.t) + = (100 : Int32.t)} s4 - | s4 = {[@expl:assertion] [%#sghost_map20] lookup'0 (inner_logic'0 (_1.field_0'0).current) (1 : int32) - = (42 : int32)} + | s4 = {[@expl:assertion] [%#sghost_map20] lookup'0 (inner_logic'0 (_1.field_0'0).current) (1 : Int32.t) + = (42 : Int32.t)} s5 | s5 = Borrow.borrow_mut {(_1.field_0'0).current} (fun (_ret':borrowed (t_GhostBox'0)) -> @@ -518,9 +520,10 @@ module M_ghost_map__ghost_map [#"ghost_map.rs" 4 0 4 18] | bb22 = s0 [ s0 = -{resolve'0 _68}- s1 | s1 = {[@expl:assertion] [%#sghost_map21] remove_none1 = C_None'1} s2 - | s2 = {[@expl:assertion] [%#sghost_map22] remove_some = C_Some'1 (100 : int32)} s3 + | s2 = {[@expl:assertion] [%#sghost_map22] remove_some = C_Some'1 (100 : Int32.t)} s3 | s3 = {[@expl:assertion] [%#sghost_map23] remove_none2 = C_None'1} s4 - | s4 = {[@expl:assertion] [%#sghost_map24] get'0 (inner_logic'0 (_1.field_0'0).current) (2 : int32) = C_None'1} s5 + | s4 = {[@expl:assertion] [%#sghost_map24] get'0 (inner_logic'0 (_1.field_0'0).current) (2 : Int32.t) = C_None'1} + s5 | s5 = deref'0 {(_1.field_0'0).current} (fun (_ret':t_FMap'0) -> [ &_82 <- _ret' ] s6) | s6 = bb23 ] @@ -567,7 +570,7 @@ module M_ghost_map__ghost_map [#"ghost_map.rs" 4 0 4 18] | bb34 = s0 [ s0 = -{resolve'2 _1}- s1 - | s1 = {[@expl:assertion] [%#sghost_map28] get1 = C_Some'2 (42 : int32)} s2 + | s1 = {[@expl:assertion] [%#sghost_map28] get1 = C_Some'2 (42 : Int32.t)} s2 | s2 = {[@expl:assertion] [%#sghost_map29] get2 = C_None'2} s3 | s3 = {[@expl:assertion] [%#sghost_map30] get3 = C_None'2} s4 | s4 = new'1 {_2} (fun (_ret':t_GhostBox'1) -> [ &_0 <- _ret' ] s5) @@ -584,16 +587,16 @@ module M_ghost_map__ghost_map [#"ghost_map.rs" 4 0 4 18] | & _8 : borrowed (t_GhostBox'0) = any_l () | & length1 : int = any_l () | & _11 : t_FMap'0 = any_l () - | & x1 : int32 = any_l () - | & x2 : int32 = any_l () - | & x3 : int32 = any_l () - | & _20 : (int32, int32, int32) = any_l () + | & x1 : Int32.t = any_l () + | & x2 : Int32.t = any_l () + | & x3 : Int32.t = any_l () + | & _20 : (Int32.t, Int32.t, Int32.t) = any_l () | & _22 : t_Option'1 = any_l () | & _23 : borrowed (t_FMap'0) = any_l () | & _24 : borrowed (t_FMap'0) = any_l () | & _25 : borrowed (t_GhostBox'0) = any_l () - | & _27 : int32 = any_l () - | & x : borrowed int32 = any_l () + | & _27 : Int32.t = any_l () + | & x : borrowed Int32.t = any_l () | & inserted_none : t_Option'0 = any_l () | & _33 : borrowed (t_FMap'0) = any_l () | & _34 : borrowed (t_FMap'0) = any_l () @@ -608,35 +611,35 @@ module M_ghost_map__ghost_map [#"ghost_map.rs" 4 0 4 18] | & _55 : borrowed (t_FMap'0) = any_l () | & _56 : borrowed (t_FMap'0) = any_l () | & _57 : borrowed (t_GhostBox'0) = any_l () - | & _59 : int32 = any_l () + | & _59 : Int32.t = any_l () | & remove_some : t_Option'0 = any_l () | & _61 : borrowed (t_FMap'0) = any_l () | & _62 : borrowed (t_FMap'0) = any_l () | & _63 : borrowed (t_GhostBox'0) = any_l () - | & _65 : int32 = any_l () + | & _65 : Int32.t = any_l () | & remove_none2 : t_Option'0 = any_l () | & _67 : borrowed (t_FMap'0) = any_l () | & _68 : borrowed (t_FMap'0) = any_l () | & _69 : borrowed (t_GhostBox'0) = any_l () - | & _71 : int32 = any_l () + | & _71 : Int32.t = any_l () | & contains1 : bool = any_l () | & _82 : t_FMap'0 = any_l () - | & _85 : int32 = any_l () + | & _85 : Int32.t = any_l () | & contains2 : bool = any_l () | & _88 : t_FMap'0 = any_l () - | & _91 : int32 = any_l () + | & _91 : Int32.t = any_l () | & contains3 : bool = any_l () | & _94 : t_FMap'0 = any_l () - | & _97 : int32 = any_l () + | & _97 : Int32.t = any_l () | & get1 : t_Option'2 = any_l () | & _106 : t_FMap'0 = any_l () - | & _109 : int32 = any_l () + | & _109 : Int32.t = any_l () | & get2 : t_Option'2 = any_l () | & _112 : t_FMap'0 = any_l () - | & _115 : int32 = any_l () + | & _115 : Int32.t = any_l () | & get3 : t_Option'2 = any_l () | & _118 : t_FMap'0 = any_l () - | & _121 : int32 = any_l () ] + | & _121 : Int32.t = any_l () ] [ return' (result:t_GhostBox'1)-> return' {result} ] meta "compute_max_steps" 1000000 diff --git a/creusot/tests/should_succeed/ghost/ghost_map/why3session.xml b/creusot/tests/should_succeed/ghost/ghost_map/why3session.xml index 0d1c83d176..cf943b0c9a 100644 --- a/creusot/tests/should_succeed/ghost/ghost_map/why3session.xml +++ b/creusot/tests/should_succeed/ghost/ghost_map/why3session.xml @@ -7,7 +7,7 @@ - + diff --git a/creusot/tests/should_succeed/ghost/ghost_map/why3shapes.gz b/creusot/tests/should_succeed/ghost/ghost_map/why3shapes.gz index 1c3d87bd873d397a440a61a355f5d89eb8f2c8b7..7769cd69a8c882107da34085d711e897447d7db4 100644 GIT binary patch delta 687 zcmV;g0#N~+(Yb@g+?CO6*$_3KWpbu}fD6eJ7Oo!YFXMD0uch8Re& zSU*&Hv+dpyrmCo`wo~`{LtW`09bAiJ`nPx7q+g2-`I|X1KyMcaN zW!37YGZW|tl@O{QgKGc<%pWij9qCM-OR`F57Z}|7`K85!@u#a>-T6bZEAI2(^#;%4 zXd|IFE0PdpK7Vp(EFsQ(WOnR{cGX*>wuXe^V>XF@{>(iuP7aQn$e~=q;JJwoPBwZ| z@3kRKB_*YEAyv0NEa1oylX>jOm}g{%1x{opl0xPqhhi?xeB^rw8#v4kVbEtNRlVnH z^|;%vH8Bm!QdfuCVKN?a=Ory7I!DQEy++M=d)9TkYkxGE!gRAzPj%DOZ+Kjrm1MD6 zmX%sdnyPYvzw>fj=YHu!<7r*5cH0kEhea|>BqzSIG>b=e+LYlg_I9uouUmhBVKN_@ zfkm^SSy&aK6#1`_M}|MJOh7Ck5)cZY0zd!}sYnDD VOvEA*p+HoS;2&S&Ybm7%006?>L}>s3 delta 688 zcmV;h0#E(81-S)~6@RhYRV9xB8&=9nQ6=PDdf95OXiD4`C4m%3y4|l|*}+ap(qt=f zc#Owy-aL=t+s&kVp^fe)JKc6wQ~#WZ$<6nGeobkm>yRNUSsu`o*2|F5uF`KILqM>x z{VVD9rhg9^aw?m;>*=nzZ)zPzGa5(^83URA(--cfiFsrnv(y7GahiG97!OZT;5L#*hdEVVXn`{>(kEKo}f1$VDZ>;JHBuCtJO4 zcG{3;$XVrF$mrI?5{?`(na7Tdc}8~Fz=_NhIpiL>Xoj5U9{Cw!$fNuKgM9{3{a&o- zVY^vrW(HJbt`4`a>G)MTFL@dBIkmcLRy!SXDpyUnZGSZjAzUx%v1!}pO)tXr5=BB! zRZT188C479*}NLpxqI@^c-l0}?dHSP5iv$7O6Du0**vn-rVMv+Z->b8*>HeSIv<8X z#Is>oM6wr=eno^t2_HqIry}H7M0yY*KNlgtB0`|#A4SMh5n?Pt9z=+9B4+oWnR#wS z`l&rz^?$PIm)*D`bN`jK)k^Ms0w1Pw+qSyyhuJGu&2v?vFzHm)FS@PzqFUI`aUyz3;qF!m+LpB2LJ%aiADkd diff --git a/creusot/tests/should_succeed/ghost/ghost_set.coma b/creusot/tests/should_succeed/ghost/ghost_set.coma index affca7157c..5dac945045 100644 --- a/creusot/tests/should_succeed/ghost/ghost_set.coma +++ b/creusot/tests/should_succeed/ghost/ghost_set.coma @@ -43,14 +43,16 @@ module M_ghost_set__ghost_map [#"ghost_set.rs" 4 0 4 18] let%span sresolve41 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 let%span sfset42 = "../../../../creusot-contracts/src/logic/fset.rs" 79 8 79 26 + use prelude.prelude.Int + use prelude.prelude.Int32 use set.Fset type t_GhostBox'0 = - { t_GhostBox__0'0: Fset.fset int32 } + { t_GhostBox__0'0: Fset.fset Int32.t } - function inner_logic'0 (self : t_GhostBox'0) : Fset.fset int32 = + function inner_logic'0 (self : t_GhostBox'0) : Fset.fset Int32.t = [%#sghost20] self.t_GhostBox__0'0 use set.Fset @@ -63,87 +65,85 @@ module M_ghost_set__ghost_map [#"ghost_set.rs" 4 0 4 18] use set.Fset - predicate contains'0 [@inline:trivial] (self : Fset.fset int32) (e : int32) = + predicate contains'0 [@inline:trivial] (self : Fset.fset Int32.t) (e : Int32.t) = [%#sfset21] Fset.mem e self predicate inv'0 (_1 : borrowed (t_GhostBox'0)) axiom inv_axiom'0 [@rewrite] : forall x : borrowed (t_GhostBox'0) [inv'0 x] . inv'0 x = true - predicate inv'1 (_1 : borrowed (Fset.fset int32)) + predicate inv'1 (_1 : borrowed (Fset.fset Int32.t)) - axiom inv_axiom'1 [@rewrite] : forall x : borrowed (Fset.fset int32) [inv'1 x] . inv'1 x = true + axiom inv_axiom'1 [@rewrite] : forall x : borrowed (Fset.fset Int32.t) [inv'1 x] . inv'1 x = true - let rec deref_mut'0 (self:borrowed (t_GhostBox'0)) (return' (ret:borrowed (Fset.fset int32)))= {[@expl:deref_mut 'self' type invariant] [%#sghost22] inv'0 self} + let rec deref_mut'0 (self:borrowed (t_GhostBox'0)) (return' (ret:borrowed (Fset.fset Int32.t)))= {[@expl:deref_mut 'self' type invariant] [%#sghost22] inv'0 self} any - [ return' (result:borrowed (Fset.fset int32))-> {[%#sghost23] inv'1 result} + [ return' (result:borrowed (Fset.fset Int32.t))-> {[%#sghost23] inv'1 result} {[%#sghost24] result = Borrow.borrow_logic (self.current).t_GhostBox__0'0 (self.final).t_GhostBox__0'0 (Borrow.inherit_id (Borrow.get_id self) 1)} (! return' {result}) ] - predicate inv'2 (_1 : int32) + predicate inv'2 (_1 : Int32.t) - axiom inv_axiom'2 [@rewrite] : forall x : int32 [inv'2 x] . inv'2 x = true + axiom inv_axiom'2 [@rewrite] : forall x : Int32.t [inv'2 x] . inv'2 x = true use set.Fset - function insert'0 [@inline:trivial] (self : Fset.fset int32) (e : int32) : Fset.fset int32 = + function insert'0 [@inline:trivial] (self : Fset.fset Int32.t) (e : Int32.t) : Fset.fset Int32.t = [%#sfset40] Fset.add e self - let rec insert_ghost'0 (self:borrowed (Fset.fset int32)) (value:int32) (return' (ret:bool))= {[@expl:insert_ghost 'value' type invariant] [%#sfset25] inv'2 value} + let rec insert_ghost'0 (self:borrowed (Fset.fset Int32.t)) (value:Int32.t) (return' (ret:bool))= {[@expl:insert_ghost 'value' type invariant] [%#sfset25] inv'2 value} any [ return' (result:bool)-> {[%#sfset26] self.final = insert'0 self.current value} {[%#sfset27] result = (not contains'0 self.current value)} (! return' {result}) ] - predicate resolve'2 (self : borrowed (Fset.fset int32)) = + predicate resolve'2 (self : borrowed (Fset.fset Int32.t)) = [%#sresolve41] self.final = self.current - predicate resolve'0 (_1 : borrowed (Fset.fset int32)) = + predicate resolve'0 (_1 : borrowed (Fset.fset Int32.t)) = resolve'2 _1 predicate inv'3 (_1 : t_GhostBox'0) axiom inv_axiom'3 [@rewrite] : forall x : t_GhostBox'0 [inv'3 x] . inv'3 x = true - predicate inv'4 (_1 : Fset.fset int32) + predicate inv'4 (_1 : Fset.fset Int32.t) - axiom inv_axiom'4 [@rewrite] : forall x : Fset.fset int32 [inv'4 x] . inv'4 x = true + axiom inv_axiom'4 [@rewrite] : forall x : Fset.fset Int32.t [inv'4 x] . inv'4 x = true - let rec deref'0 (self:t_GhostBox'0) (return' (ret:Fset.fset int32))= {[@expl:deref 'self' type invariant] [%#sghost28] inv'3 self} + let rec deref'0 (self:t_GhostBox'0) (return' (ret:Fset.fset Int32.t))= {[@expl:deref 'self' type invariant] [%#sghost28] inv'3 self} any - [ return' (result:Fset.fset int32)-> {[%#sghost29] inv'4 result} + [ return' (result:Fset.fset Int32.t)-> {[%#sghost29] inv'4 result} {[%#sghost30] self.t_GhostBox__0'0 = result} (! return' {result}) ] use set.Fset - use prelude.prelude.Int - - let rec len_ghost'0 (self:Fset.fset int32) (return' (ret:int))= any + let rec len_ghost'0 (self:Fset.fset Int32.t) (return' (ret:int))= any [ return' (result:int)-> {[%#sfset31] result = Fset.cardinal self} (! return' {result}) ] - predicate inv'5 (_1 : int32) + predicate inv'5 (_1 : Int32.t) - axiom inv_axiom'5 [@rewrite] : forall x : int32 [inv'5 x] . inv'5 x = true + axiom inv_axiom'5 [@rewrite] : forall x : Int32.t [inv'5 x] . inv'5 x = true use set.Fset - function remove'0 [@inline:trivial] (self : Fset.fset int32) (a : int32) : Fset.fset int32 = + function remove'0 [@inline:trivial] (self : Fset.fset Int32.t) (a : Int32.t) : Fset.fset Int32.t = [%#sfset42] Fset.remove a self - let rec remove_ghost'0 (self:borrowed (Fset.fset int32)) (value:int32) (return' (ret:bool))= {[@expl:remove_ghost 'value' type invariant] [%#sfset32] inv'5 value} + let rec remove_ghost'0 (self:borrowed (Fset.fset Int32.t)) (value:Int32.t) (return' (ret:bool))= {[@expl:remove_ghost 'value' type invariant] [%#sfset32] inv'5 value} any [ return' (result:bool)-> {[%#sfset33] self.final = remove'0 self.current value} {[%#sfset34] result = contains'0 self.current value} (! return' {result}) ] - let rec contains_ghost'0 (self:Fset.fset int32) (value:int32) (return' (ret:bool))= {[@expl:contains_ghost 'value' type invariant] [%#sfset35] inv'5 value} + let rec contains_ghost'0 (self:Fset.fset Int32.t) (value:Int32.t) (return' (ret:bool))= {[@expl:contains_ghost 'value' type invariant] [%#sfset35] inv'5 value} any [ return' (result:bool)-> {[%#sfset36] result = contains'0 self value} (! return' {result}) ] type closure0'1 = @@ -180,34 +180,39 @@ module M_ghost_set__ghost_map [#"ghost_set.rs" 4 0 4 18] let rec closure0'0 (_1:closure0'1) (return' (ret:t_GhostBox'1))= bb0 [ bb0 = s0 - [ s0 = {[@expl:assertion] [%#sghost_set2] forall k : int32 . not contains'0 (inner_logic'0 (_1.field_0'0).current) k} + [ s0 = {[@expl:assertion] [%#sghost_set2] forall k : Int32.t . not contains'0 (inner_logic'0 (_1.field_0'0).current) k} s1 | s1 = Borrow.borrow_mut {(_1.field_0'0).current} (fun (_ret':borrowed (t_GhostBox'0)) -> [ &_8 <- _ret' ] [ &_1 <- { field_0'0 = { _1.field_0'0 with current = _ret'.final } } ] s2) - | s2 = deref_mut'0 {_8} (fun (_ret':borrowed (Fset.fset int32)) -> [ &_7 <- _ret' ] s3) + | s2 = deref_mut'0 {_8} (fun (_ret':borrowed (Fset.fset Int32.t)) -> [ &_7 <- _ret' ] s3) | s3 = bb1 ] | bb1 = s0 - [ s0 = Borrow.borrow_final {_7.current} {Borrow.get_id _7} - (fun (_ret':borrowed (Fset.fset int32)) -> [ &_6 <- _ret' ] [ &_7 <- { _7 with current = _ret'.final } ] s1) - | s1 = insert_ghost'0 {_6} {[%#sghost_set3] (1 : int32)} (fun (_ret':bool) -> [ &_5 <- _ret' ] s2) + [ s0 = Borrow.borrow_final {_7.current} {Borrow.get_id _7} + (fun (_ret':borrowed (Fset.fset Int32.t)) -> + [ &_6 <- _ret' ] + [ &_7 <- { _7 with current = _ret'.final } ] + s1) + | s1 = insert_ghost'0 {_6} {[%#sghost_set3] (1 : Int32.t)} (fun (_ret':bool) -> [ &_5 <- _ret' ] s2) | s2 = bb2 ] | bb2 = s0 [ s0 = -{resolve'0 _7}- s1 - | s1 = deref'0 {(_1.field_0'0).current} (fun (_ret':Fset.fset int32) -> [ &_11 <- _ret' ] s2) + | s1 = deref'0 {(_1.field_0'0).current} (fun (_ret':Fset.fset Int32.t) -> [ &_11 <- _ret' ] s2) | s2 = bb3 ] | bb3 = s0 [ s0 = len_ghost'0 {_11} (fun (_ret':int) -> [ &length1 <- _ret' ] s1) | s1 = bb4 ] | bb4 = s0 - [ s0 = {[@expl:assertion] [%#sghost_set4] contains'0 (inner_logic'0 (_1.field_0'0).current) (1 : int32) - /\ not contains'0 (inner_logic'0 (_1.field_0'0).current) (2 : int32)} + [ s0 = {[@expl:assertion] [%#sghost_set4] contains'0 (inner_logic'0 (_1.field_0'0).current) (1 : Int32.t) + /\ not contains'0 (inner_logic'0 (_1.field_0'0).current) (2 : Int32.t)} s1 | s1 = {[@expl:assertion] [%#sghost_set5] length1 = 1} s2 - | s2 = [ &_20 <- (([%#sghost_set6] (1 : int32)), ([%#sghost_set7] (2 : int32)), ([%#sghost_set8] (3 : int32))) ] + | s2 = + [ &_20 <- (([%#sghost_set6] (1 : Int32.t)), ([%#sghost_set7] (2 : Int32.t)), ([%#sghost_set8] (3 : Int32.t))) ] + s3 | s3 = [ &x1 <- let (r'0, _, _) = _20 in r'0 ] s4 | s4 = [ &x2 <- let (_, r'1, _) = _20 in r'1 ] s5 @@ -217,16 +222,16 @@ module M_ghost_set__ghost_map [#"ghost_set.rs" 4 0 4 18] [ &_24 <- _ret' ] [ &_1 <- { field_0'0 = { _1.field_0'0 with current = _ret'.final } } ] s7) - | s7 = deref_mut'0 {_24} (fun (_ret':borrowed (Fset.fset int32)) -> [ &_23 <- _ret' ] s8) + | s7 = deref_mut'0 {_24} (fun (_ret':borrowed (Fset.fset Int32.t)) -> [ &_23 <- _ret' ] s8) | s8 = bb5 ] | bb5 = s0 - [ s0 = Borrow.borrow_final {_23.current} {Borrow.get_id _23} - (fun (_ret':borrowed (Fset.fset int32)) -> + [ s0 = Borrow.borrow_final {_23.current} {Borrow.get_id _23} + (fun (_ret':borrowed (Fset.fset Int32.t)) -> [ &_22 <- _ret' ] [ &_23 <- { _23 with current = _ret'.final } ] s1) - | s1 = insert_ghost'0 {_22} {[%#sghost_set9] (2 : int32)} (fun (_ret':bool) -> [ &inserted_true <- _ret' ] s2) + | s1 = insert_ghost'0 {_22} {[%#sghost_set9] (2 : Int32.t)} (fun (_ret':bool) -> [ &inserted_true <- _ret' ] s2) | s2 = bb6 ] | bb6 = s0 @@ -236,41 +241,42 @@ module M_ghost_set__ghost_map [#"ghost_set.rs" 4 0 4 18] [ &_28 <- _ret' ] [ &_1 <- { field_0'0 = { _1.field_0'0 with current = _ret'.final } } ] s2) - | s2 = deref_mut'0 {_28} (fun (_ret':borrowed (Fset.fset int32)) -> [ &_27 <- _ret' ] s3) + | s2 = deref_mut'0 {_28} (fun (_ret':borrowed (Fset.fset Int32.t)) -> [ &_27 <- _ret' ] s3) | s3 = bb7 ] | bb7 = s0 - [ s0 = Borrow.borrow_final {_27.current} {Borrow.get_id _27} - (fun (_ret':borrowed (Fset.fset int32)) -> + [ s0 = Borrow.borrow_final {_27.current} {Borrow.get_id _27} + (fun (_ret':borrowed (Fset.fset Int32.t)) -> [ &_26 <- _ret' ] [ &_27 <- { _27 with current = _ret'.final } ] s1) - | s1 = insert_ghost'0 {_26} {[%#sghost_set10] (2 : int32)} (fun (_ret':bool) -> [ &inserted_false <- _ret' ] s2) + | s1 = insert_ghost'0 {_26} {[%#sghost_set10] (2 : Int32.t)} + (fun (_ret':bool) -> [ &inserted_false <- _ret' ] s2) | s2 = bb8 ] | bb8 = s0 [ s0 = -{resolve'0 _27}- s1 - | s1 = deref'0 {(_1.field_0'0).current} (fun (_ret':Fset.fset int32) -> [ &_31 <- _ret' ] s2) + | s1 = deref'0 {(_1.field_0'0).current} (fun (_ret':Fset.fset Int32.t) -> [ &_31 <- _ret' ] s2) | s2 = bb9 ] | bb9 = s0 [ s0 = len_ghost'0 {_31} (fun (_ret':int) -> [ &length2 <- _ret' ] s1) | s1 = bb10 ] | bb10 = s0 [ s0 = {[@expl:assertion] [%#sghost_set11] inserted_true /\ not inserted_false} s1 | s1 = {[@expl:assertion] [%#sghost_set12] length2 = 2} s2 - | s2 = {[@expl:assertion] [%#sghost_set13] contains'0 (inner_logic'0 (_1.field_0'0).current) (1 : int32) - /\ contains'0 (inner_logic'0 (_1.field_0'0).current) (2 : int32)} + | s2 = {[@expl:assertion] [%#sghost_set13] contains'0 (inner_logic'0 (_1.field_0'0).current) (1 : Int32.t) + /\ contains'0 (inner_logic'0 (_1.field_0'0).current) (2 : Int32.t)} s3 | s3 = Borrow.borrow_mut {(_1.field_0'0).current} (fun (_ret':borrowed (t_GhostBox'0)) -> [ &_42 <- _ret' ] [ &_1 <- { field_0'0 = { _1.field_0'0 with current = _ret'.final } } ] s4) - | s4 = deref_mut'0 {_42} (fun (_ret':borrowed (Fset.fset int32)) -> [ &_41 <- _ret' ] s5) + | s4 = deref_mut'0 {_42} (fun (_ret':borrowed (Fset.fset Int32.t)) -> [ &_41 <- _ret' ] s5) | s5 = bb11 ] | bb11 = s0 - [ s0 = Borrow.borrow_final {_41.current} {Borrow.get_id _41} - (fun (_ret':borrowed (Fset.fset int32)) -> + [ s0 = Borrow.borrow_final {_41.current} {Borrow.get_id _41} + (fun (_ret':borrowed (Fset.fset Int32.t)) -> [ &_40 <- _ret' ] [ &_41 <- { _41 with current = _ret'.final } ] s1) @@ -285,12 +291,12 @@ module M_ghost_set__ghost_map [#"ghost_set.rs" 4 0 4 18] [ &_48 <- _ret' ] [ &_1 <- { field_0'0 = { _1.field_0'0 with current = _ret'.final } } ] s2) - | s2 = deref_mut'0 {_48} (fun (_ret':borrowed (Fset.fset int32)) -> [ &_47 <- _ret' ] s3) + | s2 = deref_mut'0 {_48} (fun (_ret':borrowed (Fset.fset Int32.t)) -> [ &_47 <- _ret' ] s3) | s3 = bb13 ] | bb13 = s0 - [ s0 = Borrow.borrow_final {_47.current} {Borrow.get_id _47} - (fun (_ret':borrowed (Fset.fset int32)) -> + [ s0 = Borrow.borrow_final {_47.current} {Borrow.get_id _47} + (fun (_ret':borrowed (Fset.fset Int32.t)) -> [ &_46 <- _ret' ] [ &_47 <- { _47 with current = _ret'.final } ] s1) @@ -305,12 +311,12 @@ module M_ghost_set__ghost_map [#"ghost_set.rs" 4 0 4 18] [ &_54 <- _ret' ] [ &_1 <- { field_0'0 = { _1.field_0'0 with current = _ret'.final } } ] s2) - | s2 = deref_mut'0 {_54} (fun (_ret':borrowed (Fset.fset int32)) -> [ &_53 <- _ret' ] s3) + | s2 = deref_mut'0 {_54} (fun (_ret':borrowed (Fset.fset Int32.t)) -> [ &_53 <- _ret' ] s3) | s3 = bb15 ] | bb15 = s0 - [ s0 = Borrow.borrow_final {_53.current} {Borrow.get_id _53} - (fun (_ret':borrowed (Fset.fset int32)) -> + [ s0 = Borrow.borrow_final {_53.current} {Borrow.get_id _53} + (fun (_ret':borrowed (Fset.fset Int32.t)) -> [ &_52 <- _ret' ] [ &_53 <- { _53 with current = _ret'.final } ] s1) @@ -321,9 +327,9 @@ module M_ghost_set__ghost_map [#"ghost_set.rs" 4 0 4 18] | bb16 = s0 [ s0 = -{resolve'0 _53}- s1 | s1 = {[@expl:assertion] [%#sghost_set14] not remove_false1 /\ remove_true /\ not remove_false2} s2 - | s2 = {[@expl:assertion] [%#sghost_set15] not contains'0 (inner_logic'0 (_1.field_0'0).current) (2 : int32)} s3 + | s2 = {[@expl:assertion] [%#sghost_set15] not contains'0 (inner_logic'0 (_1.field_0'0).current) (2 : Int32.t)} s3 | s3 = {[@expl:assertion] [%#sghost_set16] Fset.cardinal (inner_logic'0 (_1.field_0'0).current) = 1} s4 - | s4 = deref'0 {(_1.field_0'0).current} (fun (_ret':Fset.fset int32) -> [ &_65 <- _ret' ] s5) + | s4 = deref'0 {(_1.field_0'0).current} (fun (_ret':Fset.fset Int32.t) -> [ &_65 <- _ret' ] s5) | s5 = bb17 ] | bb17 = s0 @@ -332,7 +338,7 @@ module M_ghost_set__ghost_map [#"ghost_set.rs" 4 0 4 18] | s2 = bb18 ] | bb18 = s0 - [ s0 = deref'0 {(_1.field_0'0).current} (fun (_ret':Fset.fset int32) -> [ &_71 <- _ret' ] s1) | s1 = bb19 ] + [ s0 = deref'0 {(_1.field_0'0).current} (fun (_ret':Fset.fset Int32.t) -> [ &_71 <- _ret' ] s1) | s1 = bb19 ] | bb19 = s0 [ s0 = [ &_74 <- x2 ] s1 @@ -340,7 +346,7 @@ module M_ghost_set__ghost_map [#"ghost_set.rs" 4 0 4 18] | s2 = bb20 ] | bb20 = s0 - [ s0 = deref'0 {(_1.field_0'0).current} (fun (_ret':Fset.fset int32) -> [ &_77 <- _ret' ] s1) | s1 = bb21 ] + [ s0 = deref'0 {(_1.field_0'0).current} (fun (_ret':Fset.fset Int32.t) -> [ &_77 <- _ret' ] s1) | s1 = bb21 ] | bb21 = s0 [ s0 = [ &_80 <- x3 ] s1 @@ -361,49 +367,49 @@ module M_ghost_set__ghost_map [#"ghost_set.rs" 4 0 4 18] | & _1 : closure0'1 = _1 | & _2 : () = any_l () | & _5 : bool = any_l () - | & _6 : borrowed (Fset.fset int32) = any_l () - | & _7 : borrowed (Fset.fset int32) = any_l () + | & _6 : borrowed (Fset.fset Int32.t) = any_l () + | & _7 : borrowed (Fset.fset Int32.t) = any_l () | & _8 : borrowed (t_GhostBox'0) = any_l () | & length1 : int = any_l () - | & _11 : Fset.fset int32 = any_l () - | & x1 : int32 = any_l () - | & x2 : int32 = any_l () - | & x3 : int32 = any_l () - | & _20 : (int32, int32, int32) = any_l () + | & _11 : Fset.fset Int32.t = any_l () + | & x1 : Int32.t = any_l () + | & x2 : Int32.t = any_l () + | & x3 : Int32.t = any_l () + | & _20 : (Int32.t, Int32.t, Int32.t) = any_l () | & inserted_true : bool = any_l () - | & _22 : borrowed (Fset.fset int32) = any_l () - | & _23 : borrowed (Fset.fset int32) = any_l () + | & _22 : borrowed (Fset.fset Int32.t) = any_l () + | & _23 : borrowed (Fset.fset Int32.t) = any_l () | & _24 : borrowed (t_GhostBox'0) = any_l () | & inserted_false : bool = any_l () - | & _26 : borrowed (Fset.fset int32) = any_l () - | & _27 : borrowed (Fset.fset int32) = any_l () + | & _26 : borrowed (Fset.fset Int32.t) = any_l () + | & _27 : borrowed (Fset.fset Int32.t) = any_l () | & _28 : borrowed (t_GhostBox'0) = any_l () | & length2 : int = any_l () - | & _31 : Fset.fset int32 = any_l () + | & _31 : Fset.fset Int32.t = any_l () | & remove_false1 : bool = any_l () - | & _40 : borrowed (Fset.fset int32) = any_l () - | & _41 : borrowed (Fset.fset int32) = any_l () + | & _40 : borrowed (Fset.fset Int32.t) = any_l () + | & _41 : borrowed (Fset.fset Int32.t) = any_l () | & _42 : borrowed (t_GhostBox'0) = any_l () - | & _44 : int32 = any_l () + | & _44 : Int32.t = any_l () | & remove_true : bool = any_l () - | & _46 : borrowed (Fset.fset int32) = any_l () - | & _47 : borrowed (Fset.fset int32) = any_l () + | & _46 : borrowed (Fset.fset Int32.t) = any_l () + | & _47 : borrowed (Fset.fset Int32.t) = any_l () | & _48 : borrowed (t_GhostBox'0) = any_l () - | & _50 : int32 = any_l () + | & _50 : Int32.t = any_l () | & remove_false2 : bool = any_l () - | & _52 : borrowed (Fset.fset int32) = any_l () - | & _53 : borrowed (Fset.fset int32) = any_l () + | & _52 : borrowed (Fset.fset Int32.t) = any_l () + | & _53 : borrowed (Fset.fset Int32.t) = any_l () | & _54 : borrowed (t_GhostBox'0) = any_l () - | & _56 : int32 = any_l () + | & _56 : Int32.t = any_l () | & contains1 : bool = any_l () - | & _65 : Fset.fset int32 = any_l () - | & _68 : int32 = any_l () + | & _65 : Fset.fset Int32.t = any_l () + | & _68 : Int32.t = any_l () | & contains2 : bool = any_l () - | & _71 : Fset.fset int32 = any_l () - | & _74 : int32 = any_l () + | & _71 : Fset.fset Int32.t = any_l () + | & _74 : Int32.t = any_l () | & contains3 : bool = any_l () - | & _77 : Fset.fset int32 = any_l () - | & _80 : int32 = any_l () ] + | & _77 : Fset.fset Int32.t = any_l () + | & _80 : Int32.t = any_l () ] [ return' (result:t_GhostBox'1)-> return' {result} ] meta "compute_max_steps" 1000000 diff --git a/creusot/tests/should_succeed/ghost/ghost_set/why3session.xml b/creusot/tests/should_succeed/ghost/ghost_set/why3session.xml index cbca4290d7..e0842d299c 100644 --- a/creusot/tests/should_succeed/ghost/ghost_set/why3session.xml +++ b/creusot/tests/should_succeed/ghost/ghost_set/why3session.xml @@ -7,7 +7,7 @@ - + diff --git a/creusot/tests/should_succeed/ghost/ghost_set/why3shapes.gz b/creusot/tests/should_succeed/ghost/ghost_set/why3shapes.gz index ee3c4c000c2114287bc62048a5a8332da9073cfa..edeab4f1e4c2cf41fab76958040542aa10be87da 100644 GIT binary patch literal 417 zcmV;S0bc$eiwFP!00000|Fu-hPQx$|yyq)&3vlwrc_MKr2jfbJ6Y@3MIxdY!aT7RodTj}QBPyD-EuUli)Yy%<)bHH&RfH~l} zP=w3@$5BC<1CEPC#2j#3EMn$>;}VfD2OO7*lsVuHMa1T-sPT2Psuh{M;Dd-Fd^H<2 zU^?I(40||5qgq{WRRAb!-ENE`0R+o;oM~h9hbk==G#3yGfGJAdbk?c0wo^PP!OUfkP@Z9mArh z36Y~rB7*bX%X_k@^;;zcwZ@q>SSV9W`x|W82(?LLajPJXHSo-JfBi+!&+m z?HWe=4-ESVA9isWwbXr#*EJs3i49u;S1}q~$lqko*cDF;-FA=qGa!8>W0y9JCg(OR z%T9&z^&c5B+2E<705)wX>Mv+&_Q=yz1NhlnAQ9=yhp zOAlU)F_s>@1_;uF*Ah&m2d|}=N)KMkFq0mZ{*t+x5Tf--rzrA-~%& z$gXWzED+$z_<`AM`}b=2cLf2@g@&ZyB1?0C#Zs(zRxENbg(=v|h_FyX {[%#sseq3] inv'0 result} - {[%#sseq4] inner_logic'0 result = (Seq.empty : Seq.seq int32)} + {[%#sseq4] inner_logic'0 result = (Seq.empty : Seq.seq Int32.t)} (! return' {result}) ] - use prelude.prelude.Int - type t_Option'0 = | C_None'0 - | C_Some'0 int32 + | C_Some'0 Int32.t use seq.Seq use seq.Seq - function get'0 (self : Seq.seq int32) (ix : int) : t_Option'0 = + function get'0 (self : Seq.seq Int32.t) (ix : int) : t_Option'0 = [%#sseq6] if 0 <= ix /\ ix < Seq.length self then C_Some'0 (Seq.get self ix) else C_None'0 use prelude.prelude.Borrow @@ -108,50 +108,50 @@ module M_ghost_vec__ghost_vec [#"ghost_vec.rs" 4 0 4 18] axiom inv_axiom'1 [@rewrite] : forall x : borrowed (t_GhostBox'0) [inv'1 x] . inv'1 x = true - predicate inv'2 (_1 : borrowed (Seq.seq int32)) + predicate inv'2 (_1 : borrowed (Seq.seq Int32.t)) - axiom inv_axiom'2 [@rewrite] : forall x : borrowed (Seq.seq int32) [inv'2 x] . inv'2 x = true + axiom inv_axiom'2 [@rewrite] : forall x : borrowed (Seq.seq Int32.t) [inv'2 x] . inv'2 x = true - let rec deref_mut'0 (self:borrowed (t_GhostBox'0)) (return' (ret:borrowed (Seq.seq int32)))= {[@expl:deref_mut 'self' type invariant] [%#sghost33] inv'1 self} + let rec deref_mut'0 (self:borrowed (t_GhostBox'0)) (return' (ret:borrowed (Seq.seq Int32.t)))= {[@expl:deref_mut 'self' type invariant] [%#sghost33] inv'1 self} any - [ return' (result:borrowed (Seq.seq int32))-> {[%#sghost34] inv'2 result} + [ return' (result:borrowed (Seq.seq Int32.t))-> {[%#sghost34] inv'2 result} {[%#sghost35] result = Borrow.borrow_logic (self.current).t_GhostBox__0'0 (self.final).t_GhostBox__0'0 (Borrow.inherit_id (Borrow.get_id self) 1)} (! return' {result}) ] - predicate inv'3 (_1 : int32) + predicate inv'3 (_1 : Int32.t) - axiom inv_axiom'3 [@rewrite] : forall x : int32 [inv'3 x] . inv'3 x = true + axiom inv_axiom'3 [@rewrite] : forall x : Int32.t [inv'3 x] . inv'3 x = true use seq.Seq - let rec push_back_ghost'0 (self:borrowed (Seq.seq int32)) (x:int32) (return' (ret:()))= {[@expl:push_back_ghost 'self' type invariant] [%#sseq36] inv'2 self} + let rec push_back_ghost'0 (self:borrowed (Seq.seq Int32.t)) (x:Int32.t) (return' (ret:()))= {[@expl:push_back_ghost 'self' type invariant] [%#sseq36] inv'2 self} {[@expl:push_back_ghost 'x' type invariant] [%#sseq37] inv'3 x} any [ return' (result:())-> {[%#sseq38] self.final = Seq.snoc self.current x} (! return' {result}) ] - predicate resolve'4 (self : borrowed (Seq.seq int32)) = + predicate resolve'4 (self : borrowed (Seq.seq Int32.t)) = [%#sresolve65] self.final = self.current - predicate resolve'0 (_1 : borrowed (Seq.seq int32)) = + predicate resolve'0 (_1 : borrowed (Seq.seq Int32.t)) = resolve'4 _1 predicate inv'4 (_1 : t_GhostBox'0) axiom inv_axiom'4 [@rewrite] : forall x : t_GhostBox'0 [inv'4 x] . inv'4 x = true - predicate inv'5 (_1 : Seq.seq int32) + predicate inv'5 (_1 : Seq.seq Int32.t) - axiom inv_axiom'5 [@rewrite] : forall x : Seq.seq int32 [inv'5 x] . inv'5 x = true + axiom inv_axiom'5 [@rewrite] : forall x : Seq.seq Int32.t [inv'5 x] . inv'5 x = true - let rec deref'0 (self:t_GhostBox'0) (return' (ret:Seq.seq int32))= {[@expl:deref 'self' type invariant] [%#sghost39] inv'4 self} + let rec deref'0 (self:t_GhostBox'0) (return' (ret:Seq.seq Int32.t))= {[@expl:deref 'self' type invariant] [%#sghost39] inv'4 self} any - [ return' (result:Seq.seq int32)-> {[%#sghost40] inv'5 result} + [ return' (result:Seq.seq Int32.t)-> {[%#sghost40] inv'5 result} {[%#sghost41] self.t_GhostBox__0'0 = result} (! return' {result}) ] - let rec len_ghost'0 (self:Seq.seq int32) (return' (ret:int))= {[@expl:len_ghost 'self' type invariant] [%#sseq42] inv'5 self} + let rec len_ghost'0 (self:Seq.seq Int32.t) (return' (ret:int))= {[@expl:len_ghost 'self' type invariant] [%#sseq42] inv'5 self} any [ return' (result:int)-> {[%#sseq43] result = Seq.length self} (! return' {result}) ] use prelude.prelude.Int128 @@ -164,7 +164,7 @@ module M_ghost_vec__ghost_vec [#"ghost_vec.rs" 4 0 4 18] use prelude.prelude.Int128 - let rec new'1 (value:int128) (return' (ret:t_GhostBox'2))= any + let rec new'1 (value:Int128.t) (return' (ret:t_GhostBox'2))= any [ return' (result:t_GhostBox'2)-> {[%#sint44] inner_logic'1 result = Int128.to_int value} (! return' {result}) ] @@ -185,13 +185,13 @@ module M_ghost_vec__ghost_vec [#"ghost_vec.rs" 4 0 4 18] type t_Option'1 = | C_None'1 - | C_Some'1 int32 + | C_Some'1 Int32.t predicate inv'8 (_1 : t_Option'1) axiom inv_axiom'8 [@rewrite] : forall x : t_Option'1 [inv'8 x] . inv'8 x = true - let rec get_ghost'0 (self:Seq.seq int32) (index:int) (return' (ret:t_Option'1))= {[@expl:get_ghost 'self' type invariant] [%#sseq45] inv'5 self} + let rec get_ghost'0 (self:Seq.seq Int32.t) (index:int) (return' (ret:t_Option'1))= {[@expl:get_ghost 'self' type invariant] [%#sseq45] inv'5 self} any [ return' (result:t_Option'1)-> {[%#sseq46] inv'8 result} {[%#sseq47] match get'0 self index with @@ -203,13 +203,13 @@ module M_ghost_vec__ghost_vec [#"ghost_vec.rs" 4 0 4 18] type t_Option'2 = | C_None'2 - | C_Some'2 (borrowed int32) + | C_Some'2 (borrowed Int32.t) predicate inv'9 (_1 : t_Option'2) axiom inv_axiom'9 [@rewrite] : forall x : t_Option'2 [inv'9 x] . inv'9 x = true - let rec get_mut_ghost'0 (self:borrowed (Seq.seq int32)) (index:int) (return' (ret:t_Option'2))= {[@expl:get_mut_ghost 'self' type invariant] [%#sseq48] inv'2 self} + let rec get_mut_ghost'0 (self:borrowed (Seq.seq Int32.t)) (index:int) (return' (ret:t_Option'2))= {[@expl:get_mut_ghost 'self' type invariant] [%#sseq48] inv'2 self} any [ return' (result:t_Option'2)-> {[%#sseq49] inv'9 result} {[%#sseq50] match result with @@ -221,15 +221,15 @@ module M_ghost_vec__ghost_vec [#"ghost_vec.rs" 4 0 4 18] (! return' {result}) ] - predicate resolve'5 (self : borrowed int32) = + predicate resolve'5 (self : borrowed Int32.t) = [%#sresolve65] self.final = self.current - predicate resolve'1 (_1 : borrowed int32) = + predicate resolve'1 (_1 : borrowed Int32.t) = resolve'5 _1 - let rec v_Some'0 (input:t_Option'2) (ret (field_0:borrowed int32))= any - [ good (field_0:borrowed int32)-> {C_Some'2 field_0 = input} (! ret {field_0}) - | bad -> {forall field_0 : borrowed int32 [C_Some'2 field_0 : t_Option'2] . C_Some'2 field_0 <> input} + let rec v_Some'0 (input:t_Option'2) (ret (field_0:borrowed Int32.t))= any + [ good (field_0:borrowed Int32.t)-> {C_Some'2 field_0 = input} (! ret {field_0}) + | bad -> {forall field_0 : borrowed Int32.t [C_Some'2 field_0 : t_Option'2] . C_Some'2 field_0 <> input} (! {false} any) ] @@ -238,11 +238,11 @@ module M_ghost_vec__ghost_vec [#"ghost_vec.rs" 4 0 4 18] axiom inv_axiom'10 [@rewrite] : forall x : t_Option'0 [inv'10 x] . inv'10 x = true - let rec pop_back_ghost'0 (self:borrowed (Seq.seq int32)) (return' (ret:t_Option'0))= {[@expl:pop_back_ghost 'self' type invariant] [%#sseq53] inv'2 self} + let rec pop_back_ghost'0 (self:borrowed (Seq.seq Int32.t)) (return' (ret:t_Option'0))= {[@expl:pop_back_ghost 'self' type invariant] [%#sseq53] inv'2 self} any [ return' (result:t_Option'0)-> {[%#sseq54] inv'10 result} {[%#sseq55] match result with - | C_None'0 -> self.current = (Seq.empty : Seq.seq int32) /\ self.current = self.final + | C_None'0 -> self.current = (Seq.empty : Seq.seq Int32.t) /\ self.current = self.final | C_Some'0 r -> self.current = Seq.snoc self.final r end} (! return' {result}) ] @@ -287,34 +287,34 @@ module M_ghost_vec__ghost_vec [#"ghost_vec.rs" 4 0 4 18] [ &_6 <- _ret' ] [ &_1 <- { field_0'0 = { _1.field_0'0 with current = _ret'.final } } ] s1) - | s1 = deref_mut'0 {_6} (fun (_ret':borrowed (Seq.seq int32)) -> [ &_5 <- _ret' ] s2) + | s1 = deref_mut'0 {_6} (fun (_ret':borrowed (Seq.seq Int32.t)) -> [ &_5 <- _ret' ] s2) | s2 = bb1 ] | bb1 = s0 - [ s0 = Borrow.borrow_final {_5.current} {Borrow.get_id _5} - (fun (_ret':borrowed (Seq.seq int32)) -> [ &_4 <- _ret' ] [ &_5 <- { _5 with current = _ret'.final } ] s1) - | s1 = push_back_ghost'0 {_4} {[%#sghost_vec7] (21 : int32)} (fun (_ret':()) -> [ &_3 <- _ret' ] s2) + [ s0 = Borrow.borrow_final {_5.current} {Borrow.get_id _5} + (fun (_ret':borrowed (Seq.seq Int32.t)) -> [ &_4 <- _ret' ] [ &_5 <- { _5 with current = _ret'.final } ] s1) + | s1 = push_back_ghost'0 {_4} {[%#sghost_vec7] (21 : Int32.t)} (fun (_ret':()) -> [ &_3 <- _ret' ] s2) | s2 = bb2 ] | bb2 = s0 [ s0 = -{resolve'0 _5}- s1 - | s1 = {[@expl:assertion] [%#sghost_vec8] Seq.get (inner_logic'0 (_1.field_0'0).current) 0 = (21 : int32)} s2 + | s1 = {[@expl:assertion] [%#sghost_vec8] Seq.get (inner_logic'0 (_1.field_0'0).current) 0 = (21 : Int32.t)} s2 | s2 = {[@expl:assertion] [%#sghost_vec9] Seq.length (inner_logic'0 (_1.field_0'0).current) = 1} s3 | s3 = Borrow.borrow_mut {(_1.field_0'0).current} (fun (_ret':borrowed (t_GhostBox'0)) -> [ &_14 <- _ret' ] [ &_1 <- { field_0'0 = { _1.field_0'0 with current = _ret'.final } } ] s4) - | s4 = deref_mut'0 {_14} (fun (_ret':borrowed (Seq.seq int32)) -> [ &_13 <- _ret' ] s5) + | s4 = deref_mut'0 {_14} (fun (_ret':borrowed (Seq.seq Int32.t)) -> [ &_13 <- _ret' ] s5) | s5 = bb3 ] | bb3 = s0 - [ s0 = Borrow.borrow_final {_13.current} {Borrow.get_id _13} - (fun (_ret':borrowed (Seq.seq int32)) -> + [ s0 = Borrow.borrow_final {_13.current} {Borrow.get_id _13} + (fun (_ret':borrowed (Seq.seq Int32.t)) -> [ &_12 <- _ret' ] [ &_13 <- { _13 with current = _ret'.final } ] s1) - | s1 = push_back_ghost'0 {_12} {[%#sghost_vec10] (10 : int32)} (fun (_ret':()) -> [ &_11 <- _ret' ] s2) + | s1 = push_back_ghost'0 {_12} {[%#sghost_vec10] (10 : Int32.t)} (fun (_ret':()) -> [ &_11 <- _ret' ] s2) | s2 = bb4 ] | bb4 = s0 @@ -324,71 +324,71 @@ module M_ghost_vec__ghost_vec [#"ghost_vec.rs" 4 0 4 18] [ &_18 <- _ret' ] [ &_1 <- { field_0'0 = { _1.field_0'0 with current = _ret'.final } } ] s2) - | s2 = deref_mut'0 {_18} (fun (_ret':borrowed (Seq.seq int32)) -> [ &_17 <- _ret' ] s3) + | s2 = deref_mut'0 {_18} (fun (_ret':borrowed (Seq.seq Int32.t)) -> [ &_17 <- _ret' ] s3) | s3 = bb5 ] | bb5 = s0 - [ s0 = Borrow.borrow_final {_17.current} {Borrow.get_id _17} - (fun (_ret':borrowed (Seq.seq int32)) -> + [ s0 = Borrow.borrow_final {_17.current} {Borrow.get_id _17} + (fun (_ret':borrowed (Seq.seq Int32.t)) -> [ &_16 <- _ret' ] [ &_17 <- { _17 with current = _ret'.final } ] s1) - | s1 = push_back_ghost'0 {_16} {[%#sghost_vec11] (30 : int32)} (fun (_ret':()) -> [ &_15 <- _ret' ] s2) + | s1 = push_back_ghost'0 {_16} {[%#sghost_vec11] (30 : Int32.t)} (fun (_ret':()) -> [ &_15 <- _ret' ] s2) | s2 = bb6 ] | bb6 = s0 [ s0 = -{resolve'0 _17}- s1 - | s1 = deref'0 {(_1.field_0'0).current} (fun (_ret':Seq.seq int32) -> [ &_21 <- _ret' ] s2) + | s1 = deref'0 {(_1.field_0'0).current} (fun (_ret':Seq.seq Int32.t) -> [ &_21 <- _ret' ] s2) | s2 = bb7 ] | bb7 = s0 [ s0 = len_ghost'0 {_21} (fun (_ret':int) -> [ &len <- _ret' ] s1) | s1 = bb8 ] | bb8 = s0 [ s0 = {[@expl:assertion] [%#sghost_vec12] len = 3} s1 - | s1 = {[@expl:assertion] [%#sghost_vec13] Seq.get (inner_logic'0 (_1.field_0'0).current) 0 = (21 : int32) - /\ Seq.get (inner_logic'0 (_1.field_0'0).current) 1 = (10 : int32) - /\ Seq.get (inner_logic'0 (_1.field_0'0).current) 2 = (30 : int32)} + | s1 = {[@expl:assertion] [%#sghost_vec13] Seq.get (inner_logic'0 (_1.field_0'0).current) 0 = (21 : Int32.t) + /\ Seq.get (inner_logic'0 (_1.field_0'0).current) 1 = (10 : Int32.t) + /\ Seq.get (inner_logic'0 (_1.field_0'0).current) 2 = (30 : Int32.t)} s2 - | s2 = deref'0 {(_1.field_0'0).current} (fun (_ret':Seq.seq int32) -> [ &_29 <- _ret' ] s3) + | s2 = deref'0 {(_1.field_0'0).current} (fun (_ret':Seq.seq Int32.t) -> [ &_29 <- _ret' ] s3) | s3 = bb9 ] | bb9 = s0 - [ s0 = new'1 {[%#sghost_vec14] (1 : int128)} (fun (_ret':t_GhostBox'2) -> [ &_34 <- _ret' ] s1) | s1 = bb10 ] + [ s0 = new'1 {[%#sghost_vec14] (1 : Int128.t)} (fun (_ret':t_GhostBox'2) -> [ &_34 <- _ret' ] s1) | s1 = bb10 ] | bb10 = s0 [ s0 = deref'1 {_34} (fun (_ret':int) -> [ &_32 <- _ret' ] s1) | s1 = bb11 ] | bb11 = s0 [ s0 = get_ghost'0 {_29} {_32} (fun (_ret':t_Option'1) -> [ &get1 <- _ret' ] s1) | s1 = bb12 ] | bb12 = bb13 | bb13 = s0 - [ s0 = deref'0 {(_1.field_0'0).current} (fun (_ret':Seq.seq int32) -> [ &_37 <- _ret' ] s1) | s1 = bb14 ] + [ s0 = deref'0 {(_1.field_0'0).current} (fun (_ret':Seq.seq Int32.t) -> [ &_37 <- _ret' ] s1) | s1 = bb14 ] | bb14 = s0 - [ s0 = new'1 {[%#sghost_vec15] (3 : int128)} (fun (_ret':t_GhostBox'2) -> [ &_42 <- _ret' ] s1) | s1 = bb15 ] + [ s0 = new'1 {[%#sghost_vec15] (3 : Int128.t)} (fun (_ret':t_GhostBox'2) -> [ &_42 <- _ret' ] s1) | s1 = bb15 ] | bb15 = s0 [ s0 = deref'1 {_42} (fun (_ret':int) -> [ &_40 <- _ret' ] s1) | s1 = bb16 ] | bb16 = s0 [ s0 = get_ghost'0 {_37} {_40} (fun (_ret':t_Option'1) -> [ &get2 <- _ret' ] s1) | s1 = bb17 ] | bb17 = bb18 | bb18 = s0 - [ s0 = {[@expl:assertion] [%#sghost_vec16] get1 = C_Some'1 (10 : int32)} s1 + [ s0 = {[@expl:assertion] [%#sghost_vec16] get1 = C_Some'1 (10 : Int32.t)} s1 | s1 = {[@expl:assertion] [%#sghost_vec17] get2 = C_None'1} s2 | s2 = Borrow.borrow_mut {(_1.field_0'0).current} (fun (_ret':borrowed (t_GhostBox'0)) -> [ &_51 <- _ret' ] [ &_1 <- { field_0'0 = { _1.field_0'0 with current = _ret'.final } } ] s3) - | s3 = deref_mut'0 {_51} (fun (_ret':borrowed (Seq.seq int32)) -> [ &_50 <- _ret' ] s4) + | s3 = deref_mut'0 {_51} (fun (_ret':borrowed (Seq.seq Int32.t)) -> [ &_50 <- _ret' ] s4) | s4 = bb19 ] | bb19 = s0 - [ s0 = Borrow.borrow_final {_50.current} {Borrow.get_id _50} - (fun (_ret':borrowed (Seq.seq int32)) -> + [ s0 = Borrow.borrow_final {_50.current} {Borrow.get_id _50} + (fun (_ret':borrowed (Seq.seq Int32.t)) -> [ &_49 <- _ret' ] [ &_50 <- { _50 with current = _ret'.final } ] s1) - | s1 = new'1 {[%#sghost_vec18] (0 : int128)} (fun (_ret':t_GhostBox'2) -> [ &_55 <- _ret' ] s2) + | s1 = new'1 {[%#sghost_vec18] (0 : Int128.t)} (fun (_ret':t_GhostBox'2) -> [ &_55 <- _ret' ] s2) | s2 = bb20 ] | bb20 = s0 [ s0 = deref'1 {_55} (fun (_ret':int) -> [ &_53 <- _ret' ] s1) | s1 = bb21 ] | bb21 = s0 [ s0 = get_mut_ghost'0 {_49} {_53} (fun (_ret':t_Option'2) -> [ &_48 <- _ret' ] s1) | s1 = bb22 ] - | bb22 = any [ br0 -> {_48 = C_None'2 } (! bb25) | br1 (x0:borrowed int32)-> {_48 = C_Some'2 x0} (! bb23) ] + | bb22 = any [ br0 -> {_48 = C_None'2 } (! bb25) | br1 (x0:borrowed Int32.t)-> {_48 = C_Some'2 x0} (! bb23) ] | bb25 = s0 [ s0 = -{match _48 with | C_Some'2 x'0 -> resolve'1 x'0 @@ -400,26 +400,26 @@ module M_ghost_vec__ghost_vec [#"ghost_vec.rs" 4 0 4 18] | bb23 = bb24 | bb24 = s0 - [ s0 = v_Some'0 {_48} (fun (r0'0:borrowed int32) -> [ &x <- r0'0 ] s1) - | s1 = [ &x <- { x with current = ([%#sghost_vec19] (42 : int32)) } ] s2 + [ s0 = v_Some'0 {_48} (fun (r0'0:borrowed Int32.t) -> [ &x <- r0'0 ] s1) + | s1 = [ &x <- { x with current = ([%#sghost_vec19] (42 : Int32.t)) } ] s2 | s2 = -{resolve'1 x}- s3 | s3 = -{resolve'0 _50}- s4 | s4 = bb26 ] | bb26 = bb27 | bb27 = s0 - [ s0 = {[@expl:assertion] [%#sghost_vec20] Seq.get (inner_logic'0 (_1.field_0'0).current) 0 = (42 : int32)} s1 + [ s0 = {[@expl:assertion] [%#sghost_vec20] Seq.get (inner_logic'0 (_1.field_0'0).current) 0 = (42 : Int32.t)} s1 | s1 = Borrow.borrow_mut {(_1.field_0'0).current} (fun (_ret':borrowed (t_GhostBox'0)) -> [ &_63 <- _ret' ] [ &_1 <- { field_0'0 = { _1.field_0'0 with current = _ret'.final } } ] s2) - | s2 = deref_mut'0 {_63} (fun (_ret':borrowed (Seq.seq int32)) -> [ &_62 <- _ret' ] s3) + | s2 = deref_mut'0 {_63} (fun (_ret':borrowed (Seq.seq Int32.t)) -> [ &_62 <- _ret' ] s3) | s3 = bb28 ] | bb28 = s0 - [ s0 = Borrow.borrow_final {_62.current} {Borrow.get_id _62} - (fun (_ret':borrowed (Seq.seq int32)) -> + [ s0 = Borrow.borrow_final {_62.current} {Borrow.get_id _62} + (fun (_ret':borrowed (Seq.seq Int32.t)) -> [ &_61 <- _ret' ] [ &_62 <- { _62 with current = _ret'.final } ] s1) @@ -433,12 +433,12 @@ module M_ghost_vec__ghost_vec [#"ghost_vec.rs" 4 0 4 18] [ &_67 <- _ret' ] [ &_1 <- { field_0'0 = { _1.field_0'0 with current = _ret'.final } } ] s2) - | s2 = deref_mut'0 {_67} (fun (_ret':borrowed (Seq.seq int32)) -> [ &_66 <- _ret' ] s3) + | s2 = deref_mut'0 {_67} (fun (_ret':borrowed (Seq.seq Int32.t)) -> [ &_66 <- _ret' ] s3) | s3 = bb30 ] | bb30 = s0 - [ s0 = Borrow.borrow_final {_66.current} {Borrow.get_id _66} - (fun (_ret':borrowed (Seq.seq int32)) -> + [ s0 = Borrow.borrow_final {_66.current} {Borrow.get_id _66} + (fun (_ret':borrowed (Seq.seq Int32.t)) -> [ &_65 <- _ret' ] [ &_66 <- { _66 with current = _ret'.final } ] s1) @@ -452,12 +452,12 @@ module M_ghost_vec__ghost_vec [#"ghost_vec.rs" 4 0 4 18] [ &_71 <- _ret' ] [ &_1 <- { field_0'0 = { _1.field_0'0 with current = _ret'.final } } ] s2) - | s2 = deref_mut'0 {_71} (fun (_ret':borrowed (Seq.seq int32)) -> [ &_70 <- _ret' ] s3) + | s2 = deref_mut'0 {_71} (fun (_ret':borrowed (Seq.seq Int32.t)) -> [ &_70 <- _ret' ] s3) | s3 = bb32 ] | bb32 = s0 - [ s0 = Borrow.borrow_final {_70.current} {Borrow.get_id _70} - (fun (_ret':borrowed (Seq.seq int32)) -> + [ s0 = Borrow.borrow_final {_70.current} {Borrow.get_id _70} + (fun (_ret':borrowed (Seq.seq Int32.t)) -> [ &_69 <- _ret' ] [ &_70 <- { _70 with current = _ret'.final } ] s1) @@ -471,12 +471,12 @@ module M_ghost_vec__ghost_vec [#"ghost_vec.rs" 4 0 4 18] [ &_75 <- _ret' ] [ &_1 <- { field_0'0 = { _1.field_0'0 with current = _ret'.final } } ] s2) - | s2 = deref_mut'0 {_75} (fun (_ret':borrowed (Seq.seq int32)) -> [ &_74 <- _ret' ] s3) + | s2 = deref_mut'0 {_75} (fun (_ret':borrowed (Seq.seq Int32.t)) -> [ &_74 <- _ret' ] s3) | s3 = bb34 ] | bb34 = s0 - [ s0 = Borrow.borrow_final {_74.current} {Borrow.get_id _74} - (fun (_ret':borrowed (Seq.seq int32)) -> + [ s0 = Borrow.borrow_final {_74.current} {Borrow.get_id _74} + (fun (_ret':borrowed (Seq.seq Int32.t)) -> [ &_73 <- _ret' ] [ &_74 <- { _74 with current = _ret'.final } ] s1) @@ -490,12 +490,12 @@ module M_ghost_vec__ghost_vec [#"ghost_vec.rs" 4 0 4 18] [ &_79 <- _ret' ] [ &_1 <- { field_0'0 = { _1.field_0'0 with current = _ret'.final } } ] s2) - | s2 = deref_mut'0 {_79} (fun (_ret':borrowed (Seq.seq int32)) -> [ &_78 <- _ret' ] s3) + | s2 = deref_mut'0 {_79} (fun (_ret':borrowed (Seq.seq Int32.t)) -> [ &_78 <- _ret' ] s3) | s3 = bb36 ] | bb36 = s0 - [ s0 = Borrow.borrow_final {_78.current} {Borrow.get_id _78} - (fun (_ret':borrowed (Seq.seq int32)) -> + [ s0 = Borrow.borrow_final {_78.current} {Borrow.get_id _78} + (fun (_ret':borrowed (Seq.seq Int32.t)) -> [ &_77 <- _ret' ] [ &_78 <- { _78 with current = _ret'.final } ] s1) @@ -505,9 +505,9 @@ module M_ghost_vec__ghost_vec [#"ghost_vec.rs" 4 0 4 18] | bb37 = s0 [ s0 = -{resolve'0 _78}- s1 | s1 = -{resolve'2 _1}- s2 - | s2 = {[@expl:assertion] [%#sghost_vec21] pop1 = C_Some'0 (30 : int32)} s3 - | s3 = {[@expl:assertion] [%#sghost_vec22] pop2 = C_Some'0 (10 : int32)} s4 - | s4 = {[@expl:assertion] [%#sghost_vec23] pop3 = C_Some'0 (42 : int32)} s5 + | s2 = {[@expl:assertion] [%#sghost_vec21] pop1 = C_Some'0 (30 : Int32.t)} s3 + | s3 = {[@expl:assertion] [%#sghost_vec22] pop2 = C_Some'0 (10 : Int32.t)} s4 + | s4 = {[@expl:assertion] [%#sghost_vec23] pop3 = C_Some'0 (42 : Int32.t)} s5 | s5 = {[@expl:assertion] [%#sghost_vec24] pop4 = C_None'0} s6 | s6 = {[@expl:assertion] [%#sghost_vec25] pop5 = C_None'0} s7 | s7 = new'2 {_2} (fun (_ret':t_GhostBox'1) -> [ &_0 <- _ret' ] s8) @@ -519,70 +519,70 @@ module M_ghost_vec__ghost_vec [#"ghost_vec.rs" 4 0 4 18] | & _1 : closure1'1 = _1 | & _2 : () = any_l () | & _3 : () = any_l () - | & _4 : borrowed (Seq.seq int32) = any_l () - | & _5 : borrowed (Seq.seq int32) = any_l () + | & _4 : borrowed (Seq.seq Int32.t) = any_l () + | & _5 : borrowed (Seq.seq Int32.t) = any_l () | & _6 : borrowed (t_GhostBox'0) = any_l () | & _11 : () = any_l () - | & _12 : borrowed (Seq.seq int32) = any_l () - | & _13 : borrowed (Seq.seq int32) = any_l () + | & _12 : borrowed (Seq.seq Int32.t) = any_l () + | & _13 : borrowed (Seq.seq Int32.t) = any_l () | & _14 : borrowed (t_GhostBox'0) = any_l () | & _15 : () = any_l () - | & _16 : borrowed (Seq.seq int32) = any_l () - | & _17 : borrowed (Seq.seq int32) = any_l () + | & _16 : borrowed (Seq.seq Int32.t) = any_l () + | & _17 : borrowed (Seq.seq Int32.t) = any_l () | & _18 : borrowed (t_GhostBox'0) = any_l () | & len : int = any_l () - | & _21 : Seq.seq int32 = any_l () + | & _21 : Seq.seq Int32.t = any_l () | & get1 : t_Option'1 = any_l () - | & _29 : Seq.seq int32 = any_l () + | & _29 : Seq.seq Int32.t = any_l () | & _32 : int = any_l () | & _34 : t_GhostBox'2 = any_l () | & get2 : t_Option'1 = any_l () - | & _37 : Seq.seq int32 = any_l () + | & _37 : Seq.seq Int32.t = any_l () | & _40 : int = any_l () | & _42 : t_GhostBox'2 = any_l () | & _48 : t_Option'2 = any_l () - | & _49 : borrowed (Seq.seq int32) = any_l () - | & _50 : borrowed (Seq.seq int32) = any_l () + | & _49 : borrowed (Seq.seq Int32.t) = any_l () + | & _50 : borrowed (Seq.seq Int32.t) = any_l () | & _51 : borrowed (t_GhostBox'0) = any_l () | & _53 : int = any_l () | & _55 : t_GhostBox'2 = any_l () - | & x : borrowed int32 = any_l () + | & x : borrowed Int32.t = any_l () | & pop1 : t_Option'0 = any_l () - | & _61 : borrowed (Seq.seq int32) = any_l () - | & _62 : borrowed (Seq.seq int32) = any_l () + | & _61 : borrowed (Seq.seq Int32.t) = any_l () + | & _62 : borrowed (Seq.seq Int32.t) = any_l () | & _63 : borrowed (t_GhostBox'0) = any_l () | & pop2 : t_Option'0 = any_l () - | & _65 : borrowed (Seq.seq int32) = any_l () - | & _66 : borrowed (Seq.seq int32) = any_l () + | & _65 : borrowed (Seq.seq Int32.t) = any_l () + | & _66 : borrowed (Seq.seq Int32.t) = any_l () | & _67 : borrowed (t_GhostBox'0) = any_l () | & pop3 : t_Option'0 = any_l () - | & _69 : borrowed (Seq.seq int32) = any_l () - | & _70 : borrowed (Seq.seq int32) = any_l () + | & _69 : borrowed (Seq.seq Int32.t) = any_l () + | & _70 : borrowed (Seq.seq Int32.t) = any_l () | & _71 : borrowed (t_GhostBox'0) = any_l () | & pop4 : t_Option'0 = any_l () - | & _73 : borrowed (Seq.seq int32) = any_l () - | & _74 : borrowed (Seq.seq int32) = any_l () + | & _73 : borrowed (Seq.seq Int32.t) = any_l () + | & _74 : borrowed (Seq.seq Int32.t) = any_l () | & _75 : borrowed (t_GhostBox'0) = any_l () | & pop5 : t_Option'0 = any_l () - | & _77 : borrowed (Seq.seq int32) = any_l () - | & _78 : borrowed (Seq.seq int32) = any_l () + | & _77 : borrowed (Seq.seq Int32.t) = any_l () + | & _78 : borrowed (Seq.seq Int32.t) = any_l () | & _79 : borrowed (t_GhostBox'0) = any_l () ] [ return' (result:t_GhostBox'1)-> return' {result} ] use seq.Seq - function push_front'0 [@inline:trivial] (self : Seq.seq int32) (x : int32) : Seq.seq int32 = + function push_front'0 [@inline:trivial] (self : Seq.seq Int32.t) (x : Int32.t) : Seq.seq Int32.t = [%#sseq66] Seq.cons x self - let rec push_front_ghost'0 (self:borrowed (Seq.seq int32)) (x:int32) (return' (ret:()))= {[@expl:push_front_ghost 'self' type invariant] [%#sseq59] inv'2 self} + let rec push_front_ghost'0 (self:borrowed (Seq.seq Int32.t)) (x:Int32.t) (return' (ret:()))= {[@expl:push_front_ghost 'self' type invariant] [%#sseq59] inv'2 self} {[@expl:push_front_ghost 'x' type invariant] [%#sseq60] inv'3 x} any [ return' (result:())-> {[%#sseq61] self.final = push_front'0 self.current x} (! return' {result}) ] - let rec pop_front_ghost'0 (self:borrowed (Seq.seq int32)) (return' (ret:t_Option'0))= {[@expl:pop_front_ghost 'self' type invariant] [%#sseq62] inv'2 self} + let rec pop_front_ghost'0 (self:borrowed (Seq.seq Int32.t)) (return' (ret:t_Option'0))= {[@expl:pop_front_ghost 'self' type invariant] [%#sseq62] inv'2 self} any [ return' (result:t_Option'0)-> {[%#sseq63] inv'10 result} {[%#sseq64] match result with - | C_None'0 -> self.current = (Seq.empty : Seq.seq int32) /\ self.current = self.final + | C_None'0 -> self.current = (Seq.empty : Seq.seq Int32.t) /\ self.current = self.final | C_Some'0 r -> self.current = push_front'0 self.final r end} (! return' {result}) ] @@ -601,13 +601,13 @@ module M_ghost_vec__ghost_vec [#"ghost_vec.rs" 4 0 4 18] [ &_6 <- _ret' ] [ &_1 <- { field_0'1 = { _1.field_0'1 with current = _ret'.final } } ] s1) - | s1 = deref_mut'0 {_6} (fun (_ret':borrowed (Seq.seq int32)) -> [ &_5 <- _ret' ] s2) + | s1 = deref_mut'0 {_6} (fun (_ret':borrowed (Seq.seq Int32.t)) -> [ &_5 <- _ret' ] s2) | s2 = bb1 ] | bb1 = s0 - [ s0 = Borrow.borrow_final {_5.current} {Borrow.get_id _5} - (fun (_ret':borrowed (Seq.seq int32)) -> [ &_4 <- _ret' ] [ &_5 <- { _5 with current = _ret'.final } ] s1) - | s1 = push_front_ghost'0 {_4} {[%#sghost_vec26] (1 : int32)} (fun (_ret':()) -> [ &_3 <- _ret' ] s2) + [ s0 = Borrow.borrow_final {_5.current} {Borrow.get_id _5} + (fun (_ret':borrowed (Seq.seq Int32.t)) -> [ &_4 <- _ret' ] [ &_5 <- { _5 with current = _ret'.final } ] s1) + | s1 = push_front_ghost'0 {_4} {[%#sghost_vec26] (1 : Int32.t)} (fun (_ret':()) -> [ &_3 <- _ret' ] s2) | s2 = bb2 ] | bb2 = s0 @@ -617,13 +617,13 @@ module M_ghost_vec__ghost_vec [#"ghost_vec.rs" 4 0 4 18] [ &_10 <- _ret' ] [ &_1 <- { field_0'1 = { _1.field_0'1 with current = _ret'.final } } ] s2) - | s2 = deref_mut'0 {_10} (fun (_ret':borrowed (Seq.seq int32)) -> [ &_9 <- _ret' ] s3) + | s2 = deref_mut'0 {_10} (fun (_ret':borrowed (Seq.seq Int32.t)) -> [ &_9 <- _ret' ] s3) | s3 = bb3 ] | bb3 = s0 - [ s0 = Borrow.borrow_final {_9.current} {Borrow.get_id _9} - (fun (_ret':borrowed (Seq.seq int32)) -> [ &_8 <- _ret' ] [ &_9 <- { _9 with current = _ret'.final } ] s1) - | s1 = push_front_ghost'0 {_8} {[%#sghost_vec27] (2 : int32)} (fun (_ret':()) -> [ &_7 <- _ret' ] s2) + [ s0 = Borrow.borrow_final {_9.current} {Borrow.get_id _9} + (fun (_ret':borrowed (Seq.seq Int32.t)) -> [ &_8 <- _ret' ] [ &_9 <- { _9 with current = _ret'.final } ] s1) + | s1 = push_front_ghost'0 {_8} {[%#sghost_vec27] (2 : Int32.t)} (fun (_ret':()) -> [ &_7 <- _ret' ] s2) | s2 = bb4 ] | bb4 = s0 @@ -633,16 +633,16 @@ module M_ghost_vec__ghost_vec [#"ghost_vec.rs" 4 0 4 18] [ &_14 <- _ret' ] [ &_1 <- { field_0'1 = { _1.field_0'1 with current = _ret'.final } } ] s2) - | s2 = deref_mut'0 {_14} (fun (_ret':borrowed (Seq.seq int32)) -> [ &_13 <- _ret' ] s3) + | s2 = deref_mut'0 {_14} (fun (_ret':borrowed (Seq.seq Int32.t)) -> [ &_13 <- _ret' ] s3) | s3 = bb5 ] | bb5 = s0 - [ s0 = Borrow.borrow_final {_13.current} {Borrow.get_id _13} - (fun (_ret':borrowed (Seq.seq int32)) -> + [ s0 = Borrow.borrow_final {_13.current} {Borrow.get_id _13} + (fun (_ret':borrowed (Seq.seq Int32.t)) -> [ &_12 <- _ret' ] [ &_13 <- { _13 with current = _ret'.final } ] s1) - | s1 = push_front_ghost'0 {_12} {[%#sghost_vec28] (3 : int32)} (fun (_ret':()) -> [ &_11 <- _ret' ] s2) + | s1 = push_front_ghost'0 {_12} {[%#sghost_vec28] (3 : Int32.t)} (fun (_ret':()) -> [ &_11 <- _ret' ] s2) | s2 = bb6 ] | bb6 = s0 @@ -652,12 +652,12 @@ module M_ghost_vec__ghost_vec [#"ghost_vec.rs" 4 0 4 18] [ &_18 <- _ret' ] [ &_1 <- { field_0'1 = { _1.field_0'1 with current = _ret'.final } } ] s2) - | s2 = deref_mut'0 {_18} (fun (_ret':borrowed (Seq.seq int32)) -> [ &_17 <- _ret' ] s3) + | s2 = deref_mut'0 {_18} (fun (_ret':borrowed (Seq.seq Int32.t)) -> [ &_17 <- _ret' ] s3) | s3 = bb7 ] | bb7 = s0 - [ s0 = Borrow.borrow_final {_17.current} {Borrow.get_id _17} - (fun (_ret':borrowed (Seq.seq int32)) -> + [ s0 = Borrow.borrow_final {_17.current} {Borrow.get_id _17} + (fun (_ret':borrowed (Seq.seq Int32.t)) -> [ &_16 <- _ret' ] [ &_17 <- { _17 with current = _ret'.final } ] s1) @@ -671,12 +671,12 @@ module M_ghost_vec__ghost_vec [#"ghost_vec.rs" 4 0 4 18] [ &_22 <- _ret' ] [ &_1 <- { field_0'1 = { _1.field_0'1 with current = _ret'.final } } ] s2) - | s2 = deref_mut'0 {_22} (fun (_ret':borrowed (Seq.seq int32)) -> [ &_21 <- _ret' ] s3) + | s2 = deref_mut'0 {_22} (fun (_ret':borrowed (Seq.seq Int32.t)) -> [ &_21 <- _ret' ] s3) | s3 = bb9 ] | bb9 = s0 - [ s0 = Borrow.borrow_final {_21.current} {Borrow.get_id _21} - (fun (_ret':borrowed (Seq.seq int32)) -> + [ s0 = Borrow.borrow_final {_21.current} {Borrow.get_id _21} + (fun (_ret':borrowed (Seq.seq Int32.t)) -> [ &_20 <- _ret' ] [ &_21 <- { _21 with current = _ret'.final } ] s1) @@ -690,12 +690,12 @@ module M_ghost_vec__ghost_vec [#"ghost_vec.rs" 4 0 4 18] [ &_26 <- _ret' ] [ &_1 <- { field_0'1 = { _1.field_0'1 with current = _ret'.final } } ] s2) - | s2 = deref_mut'0 {_26} (fun (_ret':borrowed (Seq.seq int32)) -> [ &_25 <- _ret' ] s3) + | s2 = deref_mut'0 {_26} (fun (_ret':borrowed (Seq.seq Int32.t)) -> [ &_25 <- _ret' ] s3) | s3 = bb11 ] | bb11 = s0 - [ s0 = Borrow.borrow_final {_25.current} {Borrow.get_id _25} - (fun (_ret':borrowed (Seq.seq int32)) -> + [ s0 = Borrow.borrow_final {_25.current} {Borrow.get_id _25} + (fun (_ret':borrowed (Seq.seq Int32.t)) -> [ &_24 <- _ret' ] [ &_25 <- { _25 with current = _ret'.final } ] s1) @@ -709,12 +709,12 @@ module M_ghost_vec__ghost_vec [#"ghost_vec.rs" 4 0 4 18] [ &_30 <- _ret' ] [ &_1 <- { field_0'1 = { _1.field_0'1 with current = _ret'.final } } ] s2) - | s2 = deref_mut'0 {_30} (fun (_ret':borrowed (Seq.seq int32)) -> [ &_29 <- _ret' ] s3) + | s2 = deref_mut'0 {_30} (fun (_ret':borrowed (Seq.seq Int32.t)) -> [ &_29 <- _ret' ] s3) | s3 = bb13 ] | bb13 = s0 - [ s0 = Borrow.borrow_final {_29.current} {Borrow.get_id _29} - (fun (_ret':borrowed (Seq.seq int32)) -> + [ s0 = Borrow.borrow_final {_29.current} {Borrow.get_id _29} + (fun (_ret':borrowed (Seq.seq Int32.t)) -> [ &_28 <- _ret' ] [ &_29 <- { _29 with current = _ret'.final } ] s1) @@ -724,9 +724,9 @@ module M_ghost_vec__ghost_vec [#"ghost_vec.rs" 4 0 4 18] | bb14 = s0 [ s0 = -{resolve'0 _29}- s1 | s1 = -{resolve'3 _1}- s2 - | s2 = {[@expl:assertion] [%#sghost_vec29] pop1 = C_Some'0 (3 : int32)} s3 - | s3 = {[@expl:assertion] [%#sghost_vec30] pop2 = C_Some'0 (2 : int32)} s4 - | s4 = {[@expl:assertion] [%#sghost_vec31] pop3 = C_Some'0 (1 : int32)} s5 + | s2 = {[@expl:assertion] [%#sghost_vec29] pop1 = C_Some'0 (3 : Int32.t)} s3 + | s3 = {[@expl:assertion] [%#sghost_vec30] pop2 = C_Some'0 (2 : Int32.t)} s4 + | s4 = {[@expl:assertion] [%#sghost_vec31] pop3 = C_Some'0 (1 : Int32.t)} s5 | s5 = {[@expl:assertion] [%#sghost_vec32] pop4 = C_None'0} s6 | s6 = new'2 {_2} (fun (_ret':t_GhostBox'1) -> [ &_0 <- _ret' ] s7) | s7 = bb15 ] @@ -737,32 +737,32 @@ module M_ghost_vec__ghost_vec [#"ghost_vec.rs" 4 0 4 18] | & _1 : closure2'1 = _1 | & _2 : () = any_l () | & _3 : () = any_l () - | & _4 : borrowed (Seq.seq int32) = any_l () - | & _5 : borrowed (Seq.seq int32) = any_l () + | & _4 : borrowed (Seq.seq Int32.t) = any_l () + | & _5 : borrowed (Seq.seq Int32.t) = any_l () | & _6 : borrowed (t_GhostBox'0) = any_l () | & _7 : () = any_l () - | & _8 : borrowed (Seq.seq int32) = any_l () - | & _9 : borrowed (Seq.seq int32) = any_l () + | & _8 : borrowed (Seq.seq Int32.t) = any_l () + | & _9 : borrowed (Seq.seq Int32.t) = any_l () | & _10 : borrowed (t_GhostBox'0) = any_l () | & _11 : () = any_l () - | & _12 : borrowed (Seq.seq int32) = any_l () - | & _13 : borrowed (Seq.seq int32) = any_l () + | & _12 : borrowed (Seq.seq Int32.t) = any_l () + | & _13 : borrowed (Seq.seq Int32.t) = any_l () | & _14 : borrowed (t_GhostBox'0) = any_l () | & pop1 : t_Option'0 = any_l () - | & _16 : borrowed (Seq.seq int32) = any_l () - | & _17 : borrowed (Seq.seq int32) = any_l () + | & _16 : borrowed (Seq.seq Int32.t) = any_l () + | & _17 : borrowed (Seq.seq Int32.t) = any_l () | & _18 : borrowed (t_GhostBox'0) = any_l () | & pop2 : t_Option'0 = any_l () - | & _20 : borrowed (Seq.seq int32) = any_l () - | & _21 : borrowed (Seq.seq int32) = any_l () + | & _20 : borrowed (Seq.seq Int32.t) = any_l () + | & _21 : borrowed (Seq.seq Int32.t) = any_l () | & _22 : borrowed (t_GhostBox'0) = any_l () | & pop3 : t_Option'0 = any_l () - | & _24 : borrowed (Seq.seq int32) = any_l () - | & _25 : borrowed (Seq.seq int32) = any_l () + | & _24 : borrowed (Seq.seq Int32.t) = any_l () + | & _25 : borrowed (Seq.seq Int32.t) = any_l () | & _26 : borrowed (t_GhostBox'0) = any_l () | & pop4 : t_Option'0 = any_l () - | & _28 : borrowed (Seq.seq int32) = any_l () - | & _29 : borrowed (Seq.seq int32) = any_l () + | & _28 : borrowed (Seq.seq Int32.t) = any_l () + | & _29 : borrowed (Seq.seq Int32.t) = any_l () | & _30 : borrowed (t_GhostBox'0) = any_l () ] [ return' (result:t_GhostBox'1)-> return' {result} ] diff --git a/creusot/tests/should_succeed/ghost/typing.coma b/creusot/tests/should_succeed/ghost/typing.coma index c12c773753..6748798add 100644 --- a/creusot/tests/should_succeed/ghost/typing.coma +++ b/creusot/tests/should_succeed/ghost/typing.coma @@ -19,10 +19,12 @@ module M_typing__ghost_enter_ghost [#"typing.rs" 14 0 14 26] let%span sresolve17 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 let%span styping18 = "typing.rs" 10 20 10 27 + use prelude.prelude.Int + use prelude.prelude.Int32 type t_NonCopy'0 = - { t_NonCopy__0'0: int32 } + { t_NonCopy__0'0: Int32.t } predicate inv'0 (_1 : t_NonCopy'0) @@ -46,7 +48,7 @@ module M_typing__ghost_enter_ghost [#"typing.rs" 14 0 14 26] let rec closure0'0 (_1:()) (return' (ret:t_GhostBox'0))= bb0 [ bb0 = s0 - [ s0 = [ &_2 <- { t_NonCopy__0'0 = ([%#styping2] (1 : int32)) } ] s1 + [ s0 = [ &_2 <- { t_NonCopy__0'0 = ([%#styping2] (1 : Int32.t)) } ] s1 | s1 = new'0 {_2} (fun (_ret':t_GhostBox'0) -> [ &_0 <- _ret' ] s2) | s2 = bb1 ] @@ -57,7 +59,7 @@ module M_typing__ghost_enter_ghost [#"typing.rs" 14 0 14 26] let rec closure1'0 (_1:()) (return' (ret:t_GhostBox'0))= bb0 [ bb0 = s0 - [ s0 = [ &_2 <- { t_NonCopy__0'0 = ([%#styping3] (2 : int32)) } ] s1 + [ s0 = [ &_2 <- { t_NonCopy__0'0 = ([%#styping3] (2 : Int32.t)) } ] s1 | s1 = new'0 {_2} (fun (_ret':t_GhostBox'0) -> [ &_0 <- _ret' ] s2) | s2 = bb1 ] @@ -68,7 +70,7 @@ module M_typing__ghost_enter_ghost [#"typing.rs" 14 0 14 26] let rec closure2'0 (_1:()) (return' (ret:t_GhostBox'0))= bb0 [ bb0 = s0 - [ s0 = [ &_2 <- { t_NonCopy__0'0 = ([%#styping4] (3 : int32)) } ] s1 + [ s0 = [ &_2 <- { t_NonCopy__0'0 = ([%#styping4] (3 : Int32.t)) } ] s1 | s1 = new'0 {_2} (fun (_ret':t_GhostBox'0) -> [ &_0 <- _ret' ] s2) | s2 = bb1 ] @@ -149,7 +151,7 @@ module M_typing__ghost_enter_ghost [#"typing.rs" 14 0 14 26] let rec closure3'0 (_1:closure3'1) (return' (ret:t_GhostBox'1))= bb0 [ bb0 = s0 [ s0 = deref'0 {_1.field_0'0} (fun (_ret':t_NonCopy'0) -> [ &_3 <- _ret' ] s1) | s1 = bb1 ] | bb1 = s0 - [ s0 = [ &_5 <- { t_NonCopy__0'0 = ([%#styping5] (4 : int32)) } ] s1 + [ s0 = [ &_5 <- { t_NonCopy__0'0 = ([%#styping5] (4 : Int32.t)) } ] s1 | s1 = Borrow.borrow_final {(_1.field_1'0).current} {Borrow.get_id _1.field_1'0} (fun (_ret':borrowed (t_GhostBox'0)) -> [ &_7 <- _ret' ] @@ -176,8 +178,6 @@ module M_typing__ghost_enter_ghost [#"typing.rs" 14 0 14 26] | & _7 : borrowed (t_GhostBox'0) = any_l () ] [ return' (result:t_GhostBox'1)-> return' {result} ] - use prelude.prelude.Int - use prelude.prelude.Int32 function view'2 [#"typing.rs" 9 4 9 33] (self : t_NonCopy'0) : int = @@ -246,6 +246,8 @@ module M_typing__copy_enter_ghost [#"typing.rs" 29 0 29 25] let%span sghost6 = "../../../../creusot-contracts/src/ghost.rs" 147 4 147 28 let%span sghost7 = "../../../../creusot-contracts/src/ghost.rs" 145 14 145 28 + use prelude.prelude.Int + use prelude.prelude.Int32 predicate inv'0 (_1 : ()) @@ -271,7 +273,7 @@ module M_typing__copy_enter_ghost [#"typing.rs" 29 0 29 25] use prelude.prelude.Borrow type closure0'1 = - { field_0'0: int32; field_1'0: (); field_2'0: (int32, int32) } + { field_0'0: Int32.t; field_1'0: (); field_2'0: (Int32.t, Int32.t) } let rec closure0'0 (_1:closure0'1) (return' (ret:t_GhostBox'0))= bb0 [ bb0 = s0 @@ -285,8 +287,8 @@ module M_typing__copy_enter_ghost [#"typing.rs" 29 0 29 25] [ & _0 : t_GhostBox'0 = any_l () | & _1 : closure0'1 = _1 | & _2 : () = any_l () - | & _x : int32 = any_l () - | & _pair : (int32, int32) = any_l () ] + | & _x : Int32.t = any_l () + | & _pair : (Int32.t, Int32.t) = any_l () ] [ return' (result:t_GhostBox'0)-> return' {result} ] use prelude.prelude.Int32 @@ -295,8 +297,8 @@ module M_typing__copy_enter_ghost [#"typing.rs" 29 0 29 25] let rec copy_enter_ghost'0 (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 - [ s0 = [ &x <- [%#styping0] (2 : int32) ] s1 - | s1 = [ &pair <- (([%#styping1] (6 : int32)), ([%#styping2] (42 : int32))) ] s2 + [ s0 = [ &x <- [%#styping0] (2 : Int32.t) ] s1 + | s1 = [ &pair <- (([%#styping1] (6 : Int32.t)), ([%#styping2] (42 : Int32.t))) ] s2 | s2 = [ &_5 <- { field_0'0 = x; field_1'0 = unit; field_2'0 = pair } ] s3 | s3 = closure0'0 {_5} (fun (_ret':t_GhostBox'0) -> [ &_4 <- _ret' ] s4) | s4 = bb1 ] @@ -311,9 +313,9 @@ module M_typing__copy_enter_ghost [#"typing.rs" 29 0 29 25] ] ) [ & _0 : () = any_l () - | & x : int32 = any_l () + | & x : Int32.t = any_l () | & unit : () = any_l () - | & pair : (int32, int32) = any_l () + | & pair : (Int32.t, Int32.t) = any_l () | & _4 : t_GhostBox'0 = any_l () | & _5 : closure0'1 = any_l () | & _9 : () = any_l () ] diff --git a/creusot/tests/should_succeed/ghost/typing/why3session.xml b/creusot/tests/should_succeed/ghost/typing/why3session.xml index 728d737caa..1fea3c3f97 100644 --- a/creusot/tests/should_succeed/ghost/typing/why3session.xml +++ b/creusot/tests/should_succeed/ghost/typing/why3session.xml @@ -8,12 +8,12 @@ - + - + diff --git a/creusot/tests/should_succeed/ghost/typing/why3shapes.gz b/creusot/tests/should_succeed/ghost/typing/why3shapes.gz index 8ec97dfeb831c00c2933640205539e6867601d67..1e6d34164c5d9a4ab5c2139471a2dcf250af8646 100644 GIT binary patch literal 452 zcmV;#0XzO5iwFP!00000|HV{IZ=5g?z4I%$k>oV~1Xs#o8_8j%s;A0VWQ;e9O7I5A zru*;f1>BHbt+u^15)yCTd_ChCZtmiKt9Q1K_qOY6*M5n4e0LiSFS>5`2`G>O1P&=A z0|*>eSOyR{qKFJ2a8ywlK;W2SGJwEw#bp42OI0cZi1fYQ*Y?fpLfp{R!bAqIz4_yH z*I3ZHJrvDstfy=}6pvfi4`1D{1SQWuXYXq2caqWB-ZguhAZ;4gzjl_4Ilhf9UDvrc zTa9MsbtuG?cu#?4gm3!YwGVE0NWhzh>P_A1W)3MD_f(sc7=`c|lX{U`+tou+SNh40 zuMawimvYH*6ljqCdV~w zlN+)QJ4LQ%VLA1H)3G9BH8`%oTSoq2=qcc6rUH+I6MI3}qH&v;Dq^#7HwZd{NQi?!u#7QjjEKhTu uvz+E6$2rO&5+t*X7$c}oVPk-2)|McEWo5~5wed*^#>n3w9snsz1pok+#^CM% literal 451 zcmV;!0X+U6iwFP!00000|HV{IZ<|06z4I%$(dM+X-$e4kt+d5b)l;=sG+s6_3T9m( zPW|sIz}q;sET@;|#G5zsW(H=4Pj_j*!JY5Zz3=)uwD+k@?>;BPFRa^rMl3NAL=G&N z2qH%YQV zlc_C83&Q5F5^@@WL-`}LU&HQ@k!<_qI6l-ZHph^%36Hfqi?Kj27=?Aa@m)QXb%l?9 zdc5g_SKfXee+`M=4&pDqcxoSy|{=2v1Dp5rD_3vfFPH!ECN zppLELO|jc5YUUc`e684&jf^L7%=V5R$hBe7}13FH$$_1xHF(k}suF|~Fg(_qr t3SO{+7Eq9cQVG5iLgtmDTr;oux)NFms@A;HqX@_p`3DvU9Op{~001Xl*~$O_ diff --git a/creusot/tests/should_succeed/ghost_ptr_token.coma b/creusot/tests/should_succeed/ghost_ptr_token.coma index 19a0486316..8b429c8556 100644 --- a/creusot/tests/should_succeed/ghost_ptr_token.coma +++ b/creusot/tests/should_succeed/ghost_ptr_token.coma @@ -75,7 +75,7 @@ module M_ghost_ptr_token__test [#"ghost_ptr_token.rs" 3 0 3 13] type t_Option'0 = | C_None'0 - | C_Some'0 int32 + | C_Some'0 Int32.t use map.Map @@ -118,27 +118,27 @@ module M_ghost_ptr_token__test [#"ghost_ptr_token.rs" 3 0 3 13] axiom inv_axiom'1 [@rewrite] : forall x : borrowed (t_GhostPtrToken'0) [inv'1 x] . inv'1 x = true - predicate inv'2 (_1 : int32) + predicate inv'2 (_1 : Int32.t) - axiom inv_axiom'2 [@rewrite] : forall x : int32 [inv'2 x] . inv'2 x = true + axiom inv_axiom'2 [@rewrite] : forall x : Int32.t [inv'2 x] . inv'2 x = true function contains'0 [@inline:trivial] (self : t_FMap'0) (k : opaque_ptr) : bool = [%#sfmap31] get_unsized'0 self k <> C_None'0 - function make_sized'0 (self : int32) : int32 + function make_sized'0 (self : Int32.t) : Int32.t - axiom make_sized'0_spec : forall self : int32 . [%#sutil48] make_sized'0 self = self + axiom make_sized'0_spec : forall self : Int32.t . [%#sutil48] make_sized'0 self = self use map.Map - function insert'0 (self : t_FMap'0) (k : opaque_ptr) (v : int32) : t_FMap'0 + function insert'0 (self : t_FMap'0) (k : opaque_ptr) (v : Int32.t) : t_FMap'0 - axiom insert'0_spec : forall self : t_FMap'0, k : opaque_ptr, v : int32 . ([%#sfmap32] view'2 (insert'0 self k v) + axiom insert'0_spec : forall self : t_FMap'0, k : opaque_ptr, v : Int32.t . ([%#sfmap32] view'2 (insert'0 self k v) = Map.set (view'2 self) k (C_Some'0 (make_sized'0 v))) && ([%#sfmap33] contains'0 self k -> len'0 (insert'0 self k v) = len'0 self) && ([%#sfmap34] not contains'0 self k -> len'0 (insert'0 self k v) = len'0 self + 1) - let rec ptr_from_box'0 (self:borrowed (t_GhostPtrToken'0)) (val':int32) (return' (ret:opaque_ptr))= {[@expl:ptr_from_box 'self' type invariant] [%#sghost_ptr5] inv'1 self} + let rec ptr_from_box'0 (self:borrowed (t_GhostPtrToken'0)) (val':Int32.t) (return' (ret:opaque_ptr))= {[@expl:ptr_from_box 'self' type invariant] [%#sghost_ptr5] inv'1 self} {[@expl:ptr_from_box 'val' type invariant] [%#sghost_ptr6] inv'2 val'} any [ return' (result:opaque_ptr)-> {[%#sghost_ptr7] not contains'0 (view'0 self.current) result} @@ -165,16 +165,16 @@ module M_ghost_ptr_token__test [#"ghost_ptr_token.rs" 3 0 3 13] (! return' {result}) ] - predicate inv'3 (_1 : borrowed int32) + predicate inv'3 (_1 : borrowed Int32.t) - axiom inv_axiom'3 [@rewrite] : forall x : borrowed int32 [inv'3 x] . inv'3 x = true + axiom inv_axiom'3 [@rewrite] : forall x : borrowed Int32.t [inv'3 x] . inv'3 x = true - function unwrap'0 (op : t_Option'0) : int32 + function unwrap'0 (op : t_Option'0) : Int32.t axiom unwrap'0_spec : forall op : t_Option'0 . ([%#sutil49] op <> C_None'0) -> ([%#sutil50] C_Some'0 (unwrap'0 op) = op) - function lookup_unsized'0 [@inline:trivial] (self : t_FMap'0) (k : opaque_ptr) : int32 = + function lookup_unsized'0 [@inline:trivial] (self : t_FMap'0) (k : opaque_ptr) : Int32.t = [%#sfmap37] unwrap'0 (get_unsized'0 self k) function remove'0 (self : t_FMap'0) (k : opaque_ptr) : t_FMap'0 @@ -183,9 +183,9 @@ module M_ghost_ptr_token__test [#"ghost_ptr_token.rs" 3 0 3 13] = Map.set (view'2 self) k (C_None'0)) && ([%#sfmap39] len'0 (remove'0 self k) = (if contains'0 self k then len'0 self - 1 else len'0 self)) - let rec take_mut'0 (self:borrowed (t_GhostPtrTokenMut'0)) (ptr:opaque_ptr) (return' (ret:borrowed int32))= {[@expl:take_mut requires] [%#sghost_ptr12] contains'0 (cur'0 self.current) ptr} + let rec take_mut'0 (self:borrowed (t_GhostPtrTokenMut'0)) (ptr:opaque_ptr) (return' (ret:borrowed Int32.t))= {[@expl:take_mut requires] [%#sghost_ptr12] contains'0 (cur'0 self.current) ptr} any - [ return' (result:borrowed int32)-> {[%#sghost_ptr13] inv'3 result} + [ return' (result:borrowed Int32.t)-> {[%#sghost_ptr13] inv'3 result} {[%#sghost_ptr14] result.current = lookup_unsized'0 (cur'0 self.current) ptr} {[%#sghost_ptr15] cur'0 self.final = remove'0 (cur'0 self.current) ptr} {[%#sghost_ptr16] fin'0 self.current = insert'0 (fin'0 self.final) ptr result.final} @@ -201,24 +201,24 @@ module M_ghost_ptr_token__test [#"ghost_ptr_token.rs" 3 0 3 13] use prelude.prelude.Intrinsic - let rec promoted3__test'0 (return' (ret:int32))= bb0 - [ bb0 = s0 [ s0 = [ &_0 <- [%#sghost_ptr_token18] (1 : int32) ] s1 | s1 = return' {_0} ] ] - [ & _0 : int32 = any_l () ] [ return' (result:int32)-> return' {result} ] + let rec promoted3__test'0 (return' (ret:Int32.t))= bb0 + [ bb0 = s0 [ s0 = [ &_0 <- [%#sghost_ptr_token18] (1 : Int32.t) ] s1 | s1 = return' {_0} ] ] + [ & _0 : Int32.t = any_l () ] [ return' (result:Int32.t)-> return' {result} ] - let rec promoted2__test'0 (return' (ret:int32))= bb0 - [ bb0 = s0 [ s0 = [ &_0 <- [%#sghost_ptr_token19] (2 : int32) ] s1 | s1 = return' {_0} ] ] - [ & _0 : int32 = any_l () ] [ return' (result:int32)-> return' {result} ] + let rec promoted2__test'0 (return' (ret:Int32.t))= bb0 + [ bb0 = s0 [ s0 = [ &_0 <- [%#sghost_ptr_token19] (2 : Int32.t) ] s1 | s1 = return' {_0} ] ] + [ & _0 : Int32.t = any_l () ] [ return' (result:Int32.t)-> return' {result} ] - let rec swap'0 (x:borrowed int32) (y:borrowed int32) (return' (ret:()))= {[@expl:swap 'x' type invariant] inv'3 x} + let rec swap'0 (x:borrowed Int32.t) (y:borrowed Int32.t) (return' (ret:()))= {[@expl:swap 'x' type invariant] inv'3 x} {[@expl:swap 'y' type invariant] inv'3 y} any [ return' (result:())-> {[%#smem20] x.final = y.current} {[%#smem21] y.final = x.current} (! return' {result}) ] - predicate resolve'3 (self : borrowed int32) = + predicate resolve'3 (self : borrowed Int32.t) = [%#sresolve41] self.final = self.current - predicate resolve'1 (_1 : borrowed int32) = + predicate resolve'1 (_1 : borrowed Int32.t) = resolve'3 _1 predicate inv'4 (_1 : t_GhostPtrToken'0) @@ -228,25 +228,25 @@ module M_ghost_ptr_token__test [#"ghost_ptr_token.rs" 3 0 3 13] function view'1 (self : t_GhostPtrToken'0) : t_FMap'0 = [%#smodel42] view'0 self - predicate inv'5 (_1 : int32) + predicate inv'5 (_1 : Int32.t) - axiom inv_axiom'5 [@rewrite] : forall x : int32 [inv'5 x] . inv'5 x = true + axiom inv_axiom'5 [@rewrite] : forall x : Int32.t [inv'5 x] . inv'5 x = true - let rec ptr_as_ref'0 (self:t_GhostPtrToken'0) (ptr:opaque_ptr) (return' (ret:int32))= {[@expl:ptr_as_ref 'self' type invariant] [%#sghost_ptr22] inv'4 self} + let rec ptr_as_ref'0 (self:t_GhostPtrToken'0) (ptr:opaque_ptr) (return' (ret:Int32.t))= {[@expl:ptr_as_ref 'self' type invariant] [%#sghost_ptr22] inv'4 self} {[@expl:ptr_as_ref requires] [%#sghost_ptr23] contains'0 (view'1 self) ptr} any - [ return' (result:int32)-> {[%#sghost_ptr24] inv'5 result} + [ return' (result:Int32.t)-> {[%#sghost_ptr24] inv'5 result} {[%#sghost_ptr25] result = lookup_unsized'0 (view'1 self) ptr} (! return' {result}) ] - let rec promoted1__test'0 (return' (ret:int32))= bb0 - [ bb0 = s0 [ s0 = [ &_0 <- [%#sghost_ptr_token26] (2 : int32) ] s1 | s1 = return' {_0} ] ] - [ & _0 : int32 = any_l () ] [ return' (result:int32)-> return' {result} ] + let rec promoted1__test'0 (return' (ret:Int32.t))= bb0 + [ bb0 = s0 [ s0 = [ &_0 <- [%#sghost_ptr_token26] (2 : Int32.t) ] s1 | s1 = return' {_0} ] ] + [ & _0 : Int32.t = any_l () ] [ return' (result:Int32.t)-> return' {result} ] - let rec promoted0__test'0 (return' (ret:int32))= bb0 - [ bb0 = s0 [ s0 = [ &_0 <- [%#sghost_ptr_token27] (1 : int32) ] s1 | s1 = return' {_0} ] ] - [ & _0 : int32 = any_l () ] [ return' (result:int32)-> return' {result} ] + let rec promoted0__test'0 (return' (ret:Int32.t))= bb0 + [ bb0 = s0 [ s0 = [ &_0 <- [%#sghost_ptr_token27] (1 : Int32.t) ] s1 | s1 = return' {_0} ] ] + [ & _0 : Int32.t = any_l () ] [ return' (result:Int32.t)-> return' {result} ] type t_AssertKind'0 = | C_Eq'0 @@ -265,7 +265,8 @@ module M_ghost_ptr_token__test [#"ghost_ptr_token.rs" 3 0 3 13] | s1 = bb2 ] | bb2 = s0 - [ s0 = ptr_from_box'0 {_3} {[%#sghost_ptr_token1] (1 : int32)} (fun (_ret':opaque_ptr) -> [ &ptr1 <- _ret' ] s1) + [ s0 = ptr_from_box'0 {_3} {[%#sghost_ptr_token1] (1 : Int32.t)} + (fun (_ret':opaque_ptr) -> [ &ptr1 <- _ret' ] s1) | s1 = bb3 ] | bb3 = s0 @@ -274,7 +275,8 @@ module M_ghost_ptr_token__test [#"ghost_ptr_token.rs" 3 0 3 13] | s1 = bb4 ] | bb4 = s0 - [ s0 = ptr_from_box'0 {_6} {[%#sghost_ptr_token2] (2 : int32)} (fun (_ret':opaque_ptr) -> [ &ptr2 <- _ret' ] s1) + [ s0 = ptr_from_box'0 {_6} {[%#sghost_ptr_token2] (2 : Int32.t)} + (fun (_ret':opaque_ptr) -> [ &ptr2 <- _ret' ] s1) | s1 = bb5 ] | bb5 = s0 @@ -286,18 +288,18 @@ module M_ghost_ptr_token__test [#"ghost_ptr_token.rs" 3 0 3 13] | bb6 = s0 [ s0 = Borrow.borrow_mut {token_mut} (fun (_ret':borrowed (t_GhostPtrTokenMut'0)) -> [ &_11 <- _ret' ] [ &token_mut <- _ret'.final ] s1) - | s1 = take_mut'0 {_11} {ptr1} (fun (_ret':borrowed int32) -> [ &m1 <- _ret' ] s2) + | s1 = take_mut'0 {_11} {ptr1} (fun (_ret':borrowed Int32.t) -> [ &m1 <- _ret' ] s2) | s2 = bb7 ] | bb7 = s0 [ s0 = Borrow.borrow_mut {token_mut} (fun (_ret':borrowed (t_GhostPtrTokenMut'0)) -> [ &_14 <- _ret' ] [ &token_mut <- _ret'.final ] s1) - | s1 = take_mut'0 {_14} {ptr2} (fun (_ret':borrowed int32) -> [ &m2 <- _ret' ] s2) + | s1 = take_mut'0 {_14} {ptr2} (fun (_ret':borrowed Int32.t) -> [ &m2 <- _ret' ] s2) | s2 = bb8 ] | bb8 = s0 [ s0 = -{resolve'0 token_mut}- s1 - | s1 = promoted3__test'0 (fun (pr3:int32) -> [ &_104 <- pr3 ] s2) + | s1 = promoted3__test'0 (fun (pr3:Int32.t) -> [ &_104 <- pr3 ] s2) | s2 = [ &_17 <- (m1.current, _104) ] s3 | s3 = [ &left_val <- let (r'0, _) = _17 in r'0 ] s4 | s4 = [ &right_val <- let (_, r'1) = _17 in r'1 ] s5 @@ -305,7 +307,7 @@ module M_ghost_ptr_token__test [#"ghost_ptr_token.rs" 3 0 3 13] | s6 = any [ br0 -> {_23 = false} (! bb10) | br1 -> {_23} (! bb9) ] ] | bb9 = s0 - [ s0 = promoted2__test'0 (fun (pr2:int32) -> [ &_103 <- pr2 ] s1) + [ s0 = promoted2__test'0 (fun (pr2:Int32.t) -> [ &_103 <- pr2 ] s1) | s1 = [ &_36 <- (m2.current, _103) ] s2 | s2 = [ &left_val1 <- let (r'0, _) = _36 in r'0 ] s3 | s3 = [ &right_val1 <- let (_, r'1) = _36 in r'1 ] s4 @@ -313,30 +315,30 @@ module M_ghost_ptr_token__test [#"ghost_ptr_token.rs" 3 0 3 13] | s5 = any [ br0 -> {_42 = false} (! bb12) | br1 -> {_42} (! bb11) ] ] | bb11 = s0 - [ s0 = Borrow.borrow_final {m1.current} {Borrow.get_id m1} - (fun (_ret':borrowed int32) -> [ &_55 <- _ret' ] [ &m1 <- { m1 with current = _ret'.final } ] s1) - | s1 = Borrow.borrow_final {m2.current} {Borrow.get_id m2} - (fun (_ret':borrowed int32) -> [ &_56 <- _ret' ] [ &m2 <- { m2 with current = _ret'.final } ] s2) + [ s0 = Borrow.borrow_final {m1.current} {Borrow.get_id m1} + (fun (_ret':borrowed Int32.t) -> [ &_55 <- _ret' ] [ &m1 <- { m1 with current = _ret'.final } ] s1) + | s1 = Borrow.borrow_final {m2.current} {Borrow.get_id m2} + (fun (_ret':borrowed Int32.t) -> [ &_56 <- _ret' ] [ &m2 <- { m2 with current = _ret'.final } ] s2) | s2 = swap'0 {_55} {_56} (fun (_ret':()) -> [ &_54 <- _ret' ] s3) | s3 = bb13 ] | bb13 = s0 [ s0 = -{resolve'1 m2}- s1 | s1 = -{resolve'1 m1}- s2 - | s2 = ptr_as_ref'0 {token} {ptr1} (fun (_ret':int32) -> [ &_60 <- _ret' ] s3) + | s2 = ptr_as_ref'0 {token} {ptr1} (fun (_ret':Int32.t) -> [ &_60 <- _ret' ] s3) | s3 = bb14 ] | bb14 = s0 - [ s0 = promoted1__test'0 (fun (pr1:int32) -> [ &_102 <- pr1 ] s1) + [ s0 = promoted1__test'0 (fun (pr1:Int32.t) -> [ &_102 <- pr1 ] s1) | s1 = [ &_58 <- (_60, _102) ] s2 | s2 = [ &left_val2 <- let (r'0, _) = _58 in r'0 ] s3 | s3 = [ &right_val2 <- let (_, r'1) = _58 in r'1 ] s4 | s4 = Int32.eq {left_val2} {right_val2} (fun (_ret':bool) -> [ &_67 <- _ret' ] s5) | s5 = any [ br0 -> {_67 = false} (! bb16) | br1 -> {_67} (! bb15) ] ] - | bb15 = s0 [ s0 = ptr_as_ref'0 {token} {ptr2} (fun (_ret':int32) -> [ &_82 <- _ret' ] s1) | s1 = bb17 ] + | bb15 = s0 [ s0 = ptr_as_ref'0 {token} {ptr2} (fun (_ret':Int32.t) -> [ &_82 <- _ret' ] s1) | s1 = bb17 ] | bb17 = s0 - [ s0 = promoted0__test'0 (fun (pr0:int32) -> [ &_101 <- pr0 ] s1) + [ s0 = promoted0__test'0 (fun (pr0:Int32.t) -> [ &_101 <- pr0 ] s1) | s1 = [ &_80 <- (_82, _101) ] s2 | s2 = [ &left_val3 <- let (r'0, _) = _80 in r'0 ] s3 | s3 = [ &right_val3 <- let (_, r'1) = _80 in r'1 ] s4 @@ -379,46 +381,46 @@ module M_ghost_ptr_token__test [#"ghost_ptr_token.rs" 3 0 3 13] | & _6 : borrowed (t_GhostPtrToken'0) = any_l () | & token_mut : t_GhostPtrTokenMut'0 = any_l () | & _9 : borrowed (t_GhostPtrToken'0) = any_l () - | & m1 : borrowed int32 = any_l () + | & m1 : borrowed Int32.t = any_l () | & _11 : borrowed (t_GhostPtrTokenMut'0) = any_l () - | & m2 : borrowed int32 = any_l () + | & m2 : borrowed Int32.t = any_l () | & _14 : borrowed (t_GhostPtrTokenMut'0) = any_l () - | & _17 : (int32, int32) = any_l () - | & left_val : int32 = any_l () - | & right_val : int32 = any_l () + | & _17 : (Int32.t, Int32.t) = any_l () + | & left_val : Int32.t = any_l () + | & right_val : Int32.t = any_l () | & _23 : bool = any_l () | & kind : t_AssertKind'0 = any_l () - | & _31 : int32 = any_l () - | & _33 : int32 = any_l () - | & _36 : (int32, int32) = any_l () - | & left_val1 : int32 = any_l () - | & right_val1 : int32 = any_l () + | & _31 : Int32.t = any_l () + | & _33 : Int32.t = any_l () + | & _36 : (Int32.t, Int32.t) = any_l () + | & left_val1 : Int32.t = any_l () + | & right_val1 : Int32.t = any_l () | & _42 : bool = any_l () | & kind1 : t_AssertKind'0 = any_l () - | & _50 : int32 = any_l () - | & _52 : int32 = any_l () + | & _50 : Int32.t = any_l () + | & _52 : Int32.t = any_l () | & _54 : () = any_l () - | & _55 : borrowed int32 = any_l () - | & _56 : borrowed int32 = any_l () - | & _58 : (int32, int32) = any_l () - | & _60 : int32 = any_l () - | & left_val2 : int32 = any_l () - | & right_val2 : int32 = any_l () + | & _55 : borrowed Int32.t = any_l () + | & _56 : borrowed Int32.t = any_l () + | & _58 : (Int32.t, Int32.t) = any_l () + | & _60 : Int32.t = any_l () + | & left_val2 : Int32.t = any_l () + | & right_val2 : Int32.t = any_l () | & _67 : bool = any_l () | & kind2 : t_AssertKind'0 = any_l () - | & _75 : int32 = any_l () - | & _77 : int32 = any_l () - | & _80 : (int32, int32) = any_l () - | & _82 : int32 = any_l () - | & left_val3 : int32 = any_l () - | & right_val3 : int32 = any_l () + | & _75 : Int32.t = any_l () + | & _77 : Int32.t = any_l () + | & _80 : (Int32.t, Int32.t) = any_l () + | & _82 : Int32.t = any_l () + | & left_val3 : Int32.t = any_l () + | & right_val3 : Int32.t = any_l () | & _89 : bool = any_l () | & kind3 : t_AssertKind'0 = any_l () - | & _97 : int32 = any_l () - | & _99 : int32 = any_l () - | & _101 : int32 = any_l () - | & _102 : int32 = any_l () - | & _103 : int32 = any_l () - | & _104 : int32 = any_l () ] + | & _97 : Int32.t = any_l () + | & _99 : Int32.t = any_l () + | & _101 : Int32.t = any_l () + | & _102 : Int32.t = any_l () + | & _103 : Int32.t = any_l () + | & _104 : Int32.t = any_l () ] [ return' (result:())-> (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/ghost_ptr_token/why3session.xml b/creusot/tests/should_succeed/ghost_ptr_token/why3session.xml index be4711fb71..1da0cfd137 100644 --- a/creusot/tests/should_succeed/ghost_ptr_token/why3session.xml +++ b/creusot/tests/should_succeed/ghost_ptr_token/why3session.xml @@ -7,7 +7,7 @@ - + diff --git a/creusot/tests/should_succeed/ghost_ptr_token/why3shapes.gz b/creusot/tests/should_succeed/ghost_ptr_token/why3shapes.gz index 87ea04173962bd73395b9cd86bb518a90aa44c0a..c1fa922e6597784ebec991c48055af258902a510 100644 GIT binary patch literal 681 zcmV;a0#^MWiwFP!00000|BY44j@mF3-RCRV(M~mzUwKf8N@yg@Y}j<y%C5d zN1|+tA}!QMo@pOki=`0TZPk0w=+teZZ>=(7O>!UVcz zKpsPW^!#BJsnigCK+JjRtBpjlp@4c&%Ew zy2Ie(*Y|>5(bv(nY^NBGeQrg87NRs3jluDzJUkoJ~g z>m|13xe^D%73q&@pZ*zV?z&dVy*fz)j5$nl-?Lae_htqs{WHjE|HeF{=2^#;c*5a= z_LldC9JxDXtiX)DP-@p6ruz*!N;uNmj_+o?jY@MZ@GjPYx)7VFB5 zR>1M1b8b4DilUb52l7dVjzj1d>ma_4%UJrAipb{`k*kU-S*t=%6pA-hRqCwC_B)Pa zv!kNmSYMf~{{9r0cp$MrVtbUBn^DQKv5`wd*E>j;9beL1oSI;BSuELIC^EDjiYT>- zB0rs8u9pxEvl_Cw=0?-O42ba*B0mLfhc{9YcXFKy>3tlcZlyxQ;toJMG#+q_Cl5&X zAi>!0s^N7$*gxw=C_gPH&ieaX?LB%~;&G#{7j6XY9!{9h$?9EzTsb!j2<)3CwJ+fy z2r-BWiroAM8B*=hyaPRkZk1)CJe?5Mhu1w5(Y7Yh(X98U<;P8m_;mPgkh$= P3-vj3QIfv~ctBCWP%gb};5A?zr8DB# ziS4A=e*GZXvSX)Bd!wnxM?R90zdS6PKXla1@}lb|ugV|GVEOQM(Vi$TFCIgdI%7cz zaw^Y7u`a5YJo6aBiV~vjwjMlu@;O7Nk2Cn}JY(sC5<2WXMweW_dK?7`>wD4d`dl{o zKfQH_4CN%AexHwpX7sdvu1f70uAd1Ny7UY%mMyWGw?X=hHzD$fUwplyMyliyc8l4OQ5IBA7s{@w7>X{N#O>1xtM8E5^ ze!Ror;#c>Ad(pSijc#3^yNIXtuj-&ZHkASVjS*z$+8l|GMlg@t<+kFFM%TAjAo%HE z8MdLsbNO1+(QpL_foUH?FwNX`t=5O?q75)ah;rAnkiHLQ2DAPd!f$3 z^Jqm0inwz=cXmoeqp$p{&*_j(2meTi%=l@fPd}qbzOP8$D5`Z+6&LLRZK}GiUiH>H z>`{bfL8(B&Dc_>t?*bzSlolv$FCud-YF)NAGBI?6Lw4E4HOLsUO=l?Al@MIbDwxk|%s&~-=zC^xM>r}Yn4+IawZIMsi;KKfC z*7hg7SVS?!JCI_-!p%koG26v{w52GEf(_Tczl2CZs31__E079=0 [ &_0 <- _res ] s1) | s1 = return' {_0} ] + [ s0 = UInt64.to_bv256 {self} + (fun (_ret_to:BV256.t) -> UInt64.of_bv256 {_ret_to} (fun (_ret_from:UInt64.t) -> [ &_0 <- _ret_from ] s1)) + | s1 = return' {_0} ] ] - ) [ & _0 : uint64 = any_l () | & self : usize = self ] - [ return' (result:uint64)-> {[@expl:hash ensures] [%#shashmap0] UInt64.to_int result + ) [ & _0 : UInt64.t = any_l () | & self : UInt64.t = self ] + [ return' (result:UInt64.t)-> {[@expl:hash ensures] [%#shashmap0] UInt64.to_uint result = hash_log'0 (deep_model'0 self)} (! return' {result}) ] @@ -98,30 +98,30 @@ module M_hashmap__qyi7664122466964245986__new [#"hashmap.rs" 116 4 116 46] (* My type t_Unique'0 = { t_Unique__pointer'0: t_NonNull'0; t_Unique__qy95zmarker'0: () } - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 type t_Cap'0 = - { t_Cap__0'0: usize } + { t_Cap__0'0: UInt64.t } type t_RawVec'0 = { t_RawVec__ptr'0: t_Unique'0; t_RawVec__cap'0: t_Cap'0; t_RawVec__alloc'0: () } type t_Vec'0 = - { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: usize } + { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: UInt64.t } use seq.Seq - constant v_MAX'0 : usize = (18446744073709551615 : usize) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.UIntSize - - use prelude.prelude.Int + use prelude.prelude.UInt64 use seq.Seq function view'1 (self : t_Vec'0) : Seq.seq (t_List'0) - axiom view'1_spec : forall self : t_Vec'0 . [%#svec6] Seq.length (view'1 self) <= UIntSize.to_int (v_MAX'0 : usize) + axiom view'1_spec : forall self : t_Vec'0 . [%#svec6] Seq.length (view'1 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) use seq.Seq @@ -144,11 +144,11 @@ module M_hashmap__qyi7664122466964245986__new [#"hashmap.rs" 116 4 116 46] (* My function index_logic'0 [@inline:trivial] (self : t_Vec'0) (ix : int) : t_List'0 = [%#sops7] Seq.get (view'1 self) ix - let rec from_elem'0 (elem:t_List'0) (n:usize) (return' (ret:t_Vec'0))= {[@expl:from_elem 'elem' type invariant] inv'1 elem} + let rec from_elem'0 (elem:t_List'0) (n:UInt64.t) (return' (ret:t_Vec'0))= {[@expl:from_elem 'elem' type invariant] inv'1 elem} any [ return' (result:t_Vec'0)-> {inv'2 result} - {[%#svec3] Seq.length (view'1 result) = UIntSize.to_int n} - {[%#svec4] forall i : int . 0 <= i /\ i < UIntSize.to_int n -> index_logic'0 result i = elem} + {[%#svec3] Seq.length (view'1 result) = UInt64.to_uint n} + {[%#svec4] forall i : int . 0 <= i /\ i < UInt64.to_uint n -> index_logic'0 result i = elem} (! return' {result}) ] @@ -215,8 +215,8 @@ module M_hashmap__qyi7664122466964245986__new [#"hashmap.rs" 116 4 116 46] (* My meta "compute_max_steps" 1000000 - let rec new'0 (size:usize) (return' (ret:t_MyHashMap'0))= {[@expl:new requires] [%#shashmap0] 0 - < UIntSize.to_int size} + let rec new'0 (size:UInt64.t) (return' (ret:t_MyHashMap'0))= {[@expl:new requires] [%#shashmap0] 0 + < UInt64.to_uint size} (! bb0 [ bb0 = s0 [ s0 = [ &_6 <- C_Nil'0 ] s1 @@ -228,7 +228,7 @@ module M_hashmap__qyi7664122466964245986__new [#"hashmap.rs" 116 4 116 46] (* My | bb3 = return' {_0} ] ) [ & _0 : t_MyHashMap'0 = any_l () - | & size : usize = size + | & size : UInt64.t = size | & res : t_MyHashMap'0 = any_l () | & _5 : t_Vec'0 = any_l () | & _6 : t_List'0 = any_l () ] @@ -269,10 +269,10 @@ module M_hashmap__qyi7664122466964245986__add [#"hashmap.rs" 122 4 122 41] (* My let%span smodel27 = "../../../creusot-contracts/src/model.rs" 106 8 106 22 let%span smodel28 = "../../../creusot-contracts/src/model.rs" 88 8 88 22 let%span smodel29 = "../../../creusot-contracts/src/model.rs" 79 8 79 28 - let%span sslice30 = "../../../creusot-contracts/src/std/slice.rs" 122 20 122 37 - let%span sslice31 = "../../../creusot-contracts/src/std/slice.rs" 129 20 129 37 + let%span sslice30 = "../../../creusot-contracts/src/std/slice.rs" 140 20 140 37 + let%span sslice31 = "../../../creusot-contracts/src/std/slice.rs" 147 20 147 37 let%span svec32 = "../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - let%span sslice33 = "../../../creusot-contracts/src/std/slice.rs" 136 20 136 94 + let%span sslice33 = "../../../creusot-contracts/src/std/slice.rs" 154 20 154 94 let%span sresolve34 = "../../../creusot-contracts/src/resolve.rs" 54 20 54 34 let%span shashmap35 = "hashmap.rs" 91 20 91 66 let%span shashmap36 = "hashmap.rs" 86 8 86 53 @@ -294,16 +294,18 @@ module M_hashmap__qyi7664122466964245986__add [#"hashmap.rs" 122 4 122 41] (* My type t_Unique'0 = { t_Unique__pointer'0: t_NonNull'0; t_Unique__qy95zmarker'0: () } - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 type t_Cap'0 = - { t_Cap__0'0: usize } + { t_Cap__0'0: UInt64.t } type t_RawVec'0 = { t_RawVec__ptr'0: t_Unique'0; t_RawVec__cap'0: t_Cap'0; t_RawVec__alloc'0: () } type t_Vec'0 = - { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: usize } + { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: UInt64.t } type t_MyHashMap'0 = { t_MyHashMap__buckets'0: t_Vec'0 } @@ -312,11 +314,9 @@ module M_hashmap__qyi7664122466964245986__add [#"hashmap.rs" 122 4 122 41] (* My use seq.Seq - constant v_MAX'0 : usize = (18446744073709551615 : usize) - - use prelude.prelude.UIntSize + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.Int + use prelude.prelude.UInt64 type t_K'0 @@ -330,7 +330,7 @@ module M_hashmap__qyi7664122466964245986__add [#"hashmap.rs" 122 4 122 41] (* My function view'4 (self : t_Vec'0) : Seq.seq (t_List'0) - axiom view'4_spec : forall self : t_Vec'0 . [%#svec32] Seq.length (view'4 self) <= UIntSize.to_int (v_MAX'0 : usize) + axiom view'4_spec : forall self : t_Vec'0 . [%#svec32] Seq.length (view'4 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) use seq.Seq @@ -382,9 +382,9 @@ module M_hashmap__qyi7664122466964245986__add [#"hashmap.rs" 122 4 122 41] (* My function view'2 (self : t_Vec'0) : Seq.seq (t_List'0) = [%#smodel28] view'4 self - let rec len'0 (self:t_Vec'0) (return' (ret:usize))= {[@expl:len 'self' type invariant] inv'10 self} + let rec len'0 (self:t_Vec'0) (return' (ret:UInt64.t))= {[@expl:len 'self' type invariant] inv'10 self} any - [ return' (result:usize)-> {[%#svec14] UIntSize.to_int result = Seq.length (view'2 self)} (! return' {result}) ] + [ return' (result:UInt64.t)-> {[%#svec14] UInt64.to_uint result = Seq.length (view'2 self)} (! return' {result}) ] predicate invariant'8 (self : t_K'0) = @@ -405,11 +405,9 @@ module M_hashmap__qyi7664122466964245986__add [#"hashmap.rs" 122 4 122 41] (* My function hash_log'0 [#"hashmap.rs" 55 4 55 45] (_1 : t_DeepModelTy'0) : int - use prelude.prelude.UInt64 - - let rec hash'0 (self:t_K'0) (return' (ret:uint64))= {[@expl:hash 'self' type invariant] [%#shashmap15] inv'11 self} + let rec hash'0 (self:t_K'0) (return' (ret:UInt64.t))= {[@expl:hash 'self' type invariant] [%#shashmap15] inv'11 self} any - [ return' (result:uint64)-> {[%#shashmap16] UInt64.to_int result = hash_log'0 (deep_model'1 self)} + [ return' (result:UInt64.t)-> {[%#shashmap16] UInt64.to_uint result = hash_log'0 (deep_model'1 self)} (! return' {result}) ] @@ -420,15 +418,15 @@ module M_hashmap__qyi7664122466964245986__add [#"hashmap.rs" 122 4 122 41] (* My axiom inv_axiom'10 [@rewrite] : forall x : borrowed (t_Vec'0) [inv'12 x] . inv'12 x = invariant'9 x - predicate inv'13 (_1 : usize) + predicate inv'13 (_1 : UInt64.t) - axiom inv_axiom'11 [@rewrite] : forall x : usize [inv'13 x] . inv'13 x = true + axiom inv_axiom'11 [@rewrite] : forall x : UInt64.t [inv'13 x] . inv'13 x = true function view'3 (self : borrowed (t_Vec'0)) : Seq.seq (t_List'0) = [%#smodel27] view'4 self.current - predicate in_bounds'0 [@inline:trivial] (self : usize) (seq : Seq.seq (t_List'0)) = - [%#sslice30] UIntSize.to_int self < Seq.length seq + predicate in_bounds'0 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq (t_List'0)) = + [%#sslice30] UInt64.to_uint self < Seq.length seq predicate invariant'1 (self : borrowed (t_List'0)) = [%#sinvariant38] inv'1 self.current /\ inv'1 self.final @@ -439,14 +437,16 @@ module M_hashmap__qyi7664122466964245986__add [#"hashmap.rs" 122 4 122 41] (* My use seq.Seq - predicate has_value'0 [@inline:trivial] (self : usize) (seq : Seq.seq (t_List'0)) (out : t_List'0) = - [%#sslice31] Seq.get seq (UIntSize.to_int self) = out + predicate has_value'0 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq (t_List'0)) (out : t_List'0) = + [%#sslice31] Seq.get seq (UInt64.to_uint self) = out - predicate resolve_elswhere'0 [@inline:trivial] (self : usize) (old' : Seq.seq (t_List'0)) (fin : Seq.seq (t_List'0)) = - [%#sslice33] forall i : int . 0 <= i /\ i <> UIntSize.to_int self /\ i < Seq.length old' + predicate resolve_elswhere'0 [@inline:trivial] (self : UInt64.t) (old' : Seq.seq (t_List'0)) (fin : Seq.seq (t_List'0)) + + = + [%#sslice33] forall i : int . 0 <= i /\ i <> UInt64.to_uint self /\ i < Seq.length old' -> Seq.get old' i = Seq.get fin i - let rec index_mut'0 (self:borrowed (t_Vec'0)) (index:usize) (return' (ret:borrowed (t_List'0)))= {[@expl:index_mut 'self' type invariant] inv'12 self} + let rec index_mut'0 (self:borrowed (t_Vec'0)) (index:UInt64.t) (return' (ret:borrowed (t_List'0)))= {[@expl:index_mut 'self' type invariant] inv'12 self} {[@expl:index_mut 'index' type invariant] inv'13 index} {[@expl:index_mut requires] [%#svec17] in_bounds'0 index (view'3 self)} any @@ -606,18 +606,20 @@ module M_hashmap__qyi7664122466964245986__add [#"hashmap.rs" 122 4 122 41] (* My (! bb0 [ bb0 = s0 [ s0 = [ &old_self <- [%#shashmap0] Snapshot.new self ] s1 | s1 = bb1 ] | bb1 = s0 - [ s0 = len'0 {(self.current).t_MyHashMap__buckets'0} (fun (_ret':usize) -> [ &length <- _ret' ] s1) | s1 = bb2 ] + [ s0 = len'0 {(self.current).t_MyHashMap__buckets'0} (fun (_ret':UInt64.t) -> [ &length <- _ret' ] s1) + | s1 = bb2 ] - | bb2 = s0 [ s0 = hash'0 {key} (fun (_ret':uint64) -> [ &_11 <- _ret' ] s1) | s1 = bb3 ] + | bb2 = s0 [ s0 = hash'0 {key} (fun (_ret':UInt64.t) -> [ &_11 <- _ret' ] s1) | s1 = bb3 ] | bb3 = s0 - [ s0 = UIntSize.of_int {UInt64.to_int _11} (fun (_res:usize) -> [ &_10 <- _res ] s1) + [ s0 = UInt64.to_bv256 {_11} + (fun (_ret_to:BV256.t) -> UInt64.of_bv256 {_ret_to} (fun (_ret_from:UInt64.t) -> [ &_10 <- _ret_from ] s1)) | s1 = [ &_13 <- length ] s2 - | s2 = UIntSize.eq {_13} {[%#shashmap1] (0 : usize)} (fun (_ret':bool) -> [ &_14 <- _ret' ] s3) + | s2 = UInt64.eq {_13} {[%#shashmap1] (0 : UInt64.t)} (fun (_ret':bool) -> [ &_14 <- _ret' ] s3) | s3 = {[@expl:remainder by zero] [%#shashmap1] not _14} s4 | s4 = bb4 ] | bb4 = s0 - [ s0 = UIntSize.rem {_10} {_13} (fun (_ret':usize) -> [ &index <- _ret' ] s1) + [ s0 = UInt64.rem {_10} {_13} (fun (_ret':UInt64.t) -> [ &index <- _ret' ] s1) | s1 = {inv'0 (self.current).t_MyHashMap__buckets'0} Borrow.borrow_final {(self.current).t_MyHashMap__buckets'0} {Borrow.inherit_id (Borrow.get_id self) 1} (fun (_ret':borrowed (t_Vec'0)) -> @@ -651,9 +653,9 @@ module M_hashmap__qyi7664122466964245986__add [#"hashmap.rs" 122 4 122 41] (* My | bb6 = bb7 | bb7 = bb7 [ bb7 = {[@expl:loop invariant #0] [%#shashmap9] inv'2 l} - {[@expl:loop invariant #1] [%#shashmap8] good_bucket'0 (Snapshot.inner old_self).current l.current (UIntSize.to_int index)} - {[@expl:loop invariant #2] [%#shashmap7] good_bucket'0 (Snapshot.inner old_self).current l.final (UIntSize.to_int index) - -> good_bucket'0 (Snapshot.inner old_self).current (Snapshot.inner old_l).final (UIntSize.to_int index)} + {[@expl:loop invariant #1] [%#shashmap8] good_bucket'0 (Snapshot.inner old_self).current l.current (UInt64.to_uint index)} + {[@expl:loop invariant #2] [%#shashmap7] good_bucket'0 (Snapshot.inner old_self).current l.final (UInt64.to_uint index) + -> good_bucket'0 (Snapshot.inner old_self).current (Snapshot.inner old_l).final (UInt64.to_uint index)} {[@expl:loop invariant #3] [%#shashmap6] get'0 l.final (deep_model'0 key) = C_Some'0 val' -> get'0 (Snapshot.inner old_l).final (deep_model'0 key) = C_Some'0 val'} {[@expl:loop invariant #4] [%#shashmap5] forall i : t_DeepModelTy'0 . get'0 l.final i = get'0 l.current i @@ -779,11 +781,11 @@ module M_hashmap__qyi7664122466964245986__add [#"hashmap.rs" 122 4 122 41] (* My | & key : t_K'0 = key | & val' : t_V'0 = val' | & old_self : Snapshot.snap_ty (borrowed (t_MyHashMap'0)) = any_l () - | & length : usize = any_l () - | & index : usize = any_l () - | & _10 : usize = any_l () - | & _11 : uint64 = any_l () - | & _13 : usize = any_l () + | & length : UInt64.t = any_l () + | & index : UInt64.t = any_l () + | & _10 : UInt64.t = any_l () + | & _11 : UInt64.t = any_l () + | & _13 : UInt64.t = any_l () | & _14 : bool = any_l () | & l : borrowed (t_List'0) = any_l () | & _16 : borrowed (t_List'0) = any_l () @@ -824,8 +826,8 @@ module M_hashmap__qyi7664122466964245986__get [#"hashmap.rs" 154 4 154 43] (* My let%span scmp14 = "../../../creusot-contracts/src/std/cmp.rs" 11 26 11 75 let%span smodel15 = "../../../creusot-contracts/src/model.rs" 88 8 88 22 let%span smodel16 = "../../../creusot-contracts/src/model.rs" 79 8 79 28 - let%span sslice17 = "../../../creusot-contracts/src/std/slice.rs" 122 20 122 37 - let%span sslice18 = "../../../creusot-contracts/src/std/slice.rs" 129 20 129 37 + let%span sslice17 = "../../../creusot-contracts/src/std/slice.rs" 140 20 140 37 + let%span sslice18 = "../../../creusot-contracts/src/std/slice.rs" 147 20 147 37 let%span shashmap19 = "hashmap.rs" 91 20 91 66 let%span sops20 = "../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 let%span shashmap21 = "hashmap.rs" 80 8 80 33 @@ -866,14 +868,12 @@ module M_hashmap__qyi7664122466964245986__get [#"hashmap.rs" 154 4 154 43] (* My use prelude.prelude.UInt64 - let rec hash'0 (self:t_K'0) (return' (ret:uint64))= {[@expl:hash 'self' type invariant] [%#shashmap7] inv'4 self} + let rec hash'0 (self:t_K'0) (return' (ret:UInt64.t))= {[@expl:hash 'self' type invariant] [%#shashmap7] inv'4 self} any - [ return' (result:uint64)-> {[%#shashmap8] UInt64.to_int result = hash_log'0 (deep_model'1 self)} + [ return' (result:UInt64.t)-> {[%#shashmap8] UInt64.to_uint result = hash_log'0 (deep_model'1 self)} (! return' {result}) ] - use prelude.prelude.UIntSize - use prelude.prelude.Opaque type t_NonNull'0 = @@ -883,22 +883,22 @@ module M_hashmap__qyi7664122466964245986__get [#"hashmap.rs" 154 4 154 43] (* My { t_Unique__pointer'0: t_NonNull'0; t_Unique__qy95zmarker'0: () } type t_Cap'0 = - { t_Cap__0'0: usize } + { t_Cap__0'0: UInt64.t } type t_RawVec'0 = { t_RawVec__ptr'0: t_Unique'0; t_RawVec__cap'0: t_Cap'0; t_RawVec__alloc'0: () } type t_Vec'0 = - { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: usize } + { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: UInt64.t } type t_MyHashMap'0 = { t_MyHashMap__buckets'0: t_Vec'0 } use seq.Seq - constant v_MAX'0 : usize = (18446744073709551615 : usize) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 type t_V'0 @@ -910,7 +910,7 @@ module M_hashmap__qyi7664122466964245986__get [#"hashmap.rs" 154 4 154 43] (* My function view'3 (self : t_Vec'0) : Seq.seq (t_List'0) - axiom view'3_spec : forall self : t_Vec'0 . [%#svec22] Seq.length (view'3 self) <= UIntSize.to_int (v_MAX'0 : usize) + axiom view'3_spec : forall self : t_Vec'0 . [%#svec22] Seq.length (view'3 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) use seq.Seq @@ -960,15 +960,17 @@ module M_hashmap__qyi7664122466964245986__get [#"hashmap.rs" 154 4 154 43] (* My function view'1 (self : t_Vec'0) : Seq.seq (t_List'0) = [%#smodel15] view'3 self - let rec len'0 (self:t_Vec'0) (return' (ret:usize))= {[@expl:len 'self' type invariant] inv'5 self} - any [ return' (result:usize)-> {[%#svec9] UIntSize.to_int result = Seq.length (view'1 self)} (! return' {result}) ] + let rec len'0 (self:t_Vec'0) (return' (ret:UInt64.t))= {[@expl:len 'self' type invariant] inv'5 self} + any + [ return' (result:UInt64.t)-> {[%#svec9] UInt64.to_uint result = Seq.length (view'1 self)} (! return' {result}) ] + - predicate inv'6 (_1 : usize) + predicate inv'6 (_1 : UInt64.t) - axiom inv_axiom'5 [@rewrite] : forall x : usize [inv'6 x] . inv'6 x = true + axiom inv_axiom'5 [@rewrite] : forall x : UInt64.t [inv'6 x] . inv'6 x = true - predicate in_bounds'0 [@inline:trivial] (self : usize) (seq : Seq.seq (t_List'0)) = - [%#sslice17] UIntSize.to_int self < Seq.length seq + predicate in_bounds'0 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq (t_List'0)) = + [%#sslice17] UInt64.to_uint self < Seq.length seq predicate invariant'0 (self : t_List'0) = [%#sinvariant23] inv'8 self @@ -979,10 +981,10 @@ module M_hashmap__qyi7664122466964245986__get [#"hashmap.rs" 154 4 154 43] (* My use seq.Seq - predicate has_value'0 [@inline:trivial] (self : usize) (seq : Seq.seq (t_List'0)) (out : t_List'0) = - [%#sslice18] Seq.get seq (UIntSize.to_int self) = out + predicate has_value'0 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq (t_List'0)) (out : t_List'0) = + [%#sslice18] Seq.get seq (UInt64.to_uint self) = out - let rec index'0 (self:t_Vec'0) (index:usize) (return' (ret:t_List'0))= {[@expl:index 'self' type invariant] inv'5 self} + let rec index'0 (self:t_Vec'0) (index:UInt64.t) (return' (ret:t_List'0))= {[@expl:index 'self' type invariant] inv'5 self} {[@expl:index 'index' type invariant] inv'6 index} {[@expl:index requires] [%#svec10] in_bounds'0 index (view'1 self)} any @@ -1092,19 +1094,20 @@ module M_hashmap__qyi7664122466964245986__get [#"hashmap.rs" 154 4 154 43] (* My let rec get'0 (self:t_MyHashMap'0) (key:t_K'0) (return' (ret:t_Option'0))= {[@expl:get 'self' type invariant] [%#shashmap3] inv'1 self} {[@expl:get 'key' type invariant] [%#shashmap4] inv'2 key} (! bb0 - [ bb0 = s0 [ s0 = hash'0 {key} (fun (_ret':uint64) -> [ &_7 <- _ret' ] s1) | s1 = bb1 ] + [ bb0 = s0 [ s0 = hash'0 {key} (fun (_ret':UInt64.t) -> [ &_7 <- _ret' ] s1) | s1 = bb1 ] | bb1 = s0 - [ s0 = UIntSize.of_int {UInt64.to_int _7} (fun (_res:usize) -> [ &_6 <- _res ] s1) - | s1 = len'0 {self.t_MyHashMap__buckets'0} (fun (_ret':usize) -> [ &_9 <- _ret' ] s2) + [ s0 = UInt64.to_bv256 {_7} + (fun (_ret_to:BV256.t) -> UInt64.of_bv256 {_ret_to} (fun (_ret_from:UInt64.t) -> [ &_6 <- _ret_from ] s1)) + | s1 = len'0 {self.t_MyHashMap__buckets'0} (fun (_ret':UInt64.t) -> [ &_9 <- _ret' ] s2) | s2 = bb2 ] | bb2 = s0 - [ s0 = UIntSize.eq {_9} {[%#shashmap0] (0 : usize)} (fun (_ret':bool) -> [ &_11 <- _ret' ] s1) + [ s0 = UInt64.eq {_9} {[%#shashmap0] (0 : UInt64.t)} (fun (_ret':bool) -> [ &_11 <- _ret' ] s1) | s1 = {[@expl:remainder by zero] [%#shashmap0] not _11} s2 | s2 = bb3 ] | bb3 = s0 - [ s0 = UIntSize.rem {_6} {_9} (fun (_ret':usize) -> [ &index <- _ret' ] s1) + [ s0 = UInt64.rem {_6} {_9} (fun (_ret':UInt64.t) -> [ &index <- _ret' ] s1) | s1 = index'0 {self.t_MyHashMap__buckets'0} {index} (fun (_ret':t_List'0) -> [ &_13 <- _ret' ] s2) | s2 = bb4 ] @@ -1136,10 +1139,10 @@ module M_hashmap__qyi7664122466964245986__get [#"hashmap.rs" 154 4 154 43] (* My [ & _0 : t_Option'0 = any_l () | & self : t_MyHashMap'0 = self | & key : t_K'0 = key - | & index : usize = any_l () - | & _6 : usize = any_l () - | & _7 : uint64 = any_l () - | & _9 : usize = any_l () + | & index : UInt64.t = any_l () + | & _6 : UInt64.t = any_l () + | & _7 : UInt64.t = any_l () + | & _9 : UInt64.t = any_l () | & _11 : bool = any_l () | & l : t_List'0 = any_l () | & _13 : t_List'0 = any_l () @@ -1206,9 +1209,9 @@ module M_hashmap__qyi7664122466964245986__resize [#"hashmap.rs" 173 4 173 24] (* let%span smodel45 = "../../../creusot-contracts/src/model.rs" 106 8 106 22 let%span smodel46 = "../../../creusot-contracts/src/model.rs" 88 8 88 22 let%span shashmap47 = "hashmap.rs" 86 8 86 53 - let%span sslice48 = "../../../creusot-contracts/src/std/slice.rs" 122 20 122 37 - let%span sslice49 = "../../../creusot-contracts/src/std/slice.rs" 129 20 129 37 - let%span sslice50 = "../../../creusot-contracts/src/std/slice.rs" 136 20 136 94 + let%span sslice48 = "../../../creusot-contracts/src/std/slice.rs" 140 20 140 37 + let%span sslice49 = "../../../creusot-contracts/src/std/slice.rs" 147 20 147 37 + let%span sslice50 = "../../../creusot-contracts/src/std/slice.rs" 154 20 154 94 let%span sresolve51 = "../../../creusot-contracts/src/resolve.rs" 54 20 54 34 let%span shashmap52 = "hashmap.rs" 107 12 108 139 let%span sinvariant53 = "../../../creusot-contracts/src/invariant.rs" 34 20 34 44 @@ -1227,16 +1230,18 @@ module M_hashmap__qyi7664122466964245986__resize [#"hashmap.rs" 173 4 173 24] (* type t_Unique'0 = { t_Unique__pointer'0: t_NonNull'0; t_Unique__qy95zmarker'0: () } - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 type t_Cap'0 = - { t_Cap__0'0: usize } + { t_Cap__0'0: UInt64.t } type t_RawVec'0 = { t_RawVec__ptr'0: t_Unique'0; t_RawVec__cap'0: t_Cap'0; t_RawVec__alloc'0: () } type t_Vec'0 = - { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: usize } + { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: UInt64.t } type t_MyHashMap'0 = { t_MyHashMap__buckets'0: t_Vec'0 } @@ -1245,11 +1250,9 @@ module M_hashmap__qyi7664122466964245986__resize [#"hashmap.rs" 173 4 173 24] (* use seq.Seq - constant v_MAX'0 : usize = (18446744073709551615 : usize) - - use prelude.prelude.UIntSize + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.Int + use prelude.prelude.UInt64 type t_K'0 @@ -1263,7 +1266,7 @@ module M_hashmap__qyi7664122466964245986__resize [#"hashmap.rs" 173 4 173 24] (* function view'0 (self : t_Vec'0) : Seq.seq (t_List'0) - axiom view'0_spec : forall self : t_Vec'0 . [%#svec26] Seq.length (view'0 self) <= UIntSize.to_int (v_MAX'0 : usize) + axiom view'0_spec : forall self : t_Vec'0 . [%#svec26] Seq.length (view'0 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) use seq.Seq @@ -1315,9 +1318,9 @@ module M_hashmap__qyi7664122466964245986__resize [#"hashmap.rs" 173 4 173 24] (* function view'4 (self : t_Vec'0) : Seq.seq (t_List'0) = [%#smodel46] view'0 self - let rec len'0 (self:t_Vec'0) (return' (ret:usize))= {[@expl:len 'self' type invariant] inv'5 self} + let rec len'0 (self:t_Vec'0) (return' (ret:UInt64.t))= {[@expl:len 'self' type invariant] inv'5 self} any - [ return' (result:usize)-> {[%#svec22] UIntSize.to_int result = Seq.length (view'4 self)} (! return' {result}) ] + [ return' (result:UInt64.t)-> {[%#svec22] UInt64.to_uint result = Seq.length (view'4 self)} (! return' {result}) ] use seq.Seq @@ -1381,8 +1384,8 @@ module M_hashmap__qyi7664122466964245986__resize [#"hashmap.rs" 173 4 173 24] (* use map.Map - let rec new'0 (size:usize) (return' (ret:t_MyHashMap'0))= {[@expl:new requires] [%#shashmap23] 0 - < UIntSize.to_int size} + let rec new'0 (size:UInt64.t) (return' (ret:t_MyHashMap'0))= {[@expl:new requires] [%#shashmap23] 0 + < UInt64.to_uint size} any [ return' (result:t_MyHashMap'0)-> {[%#shashmap24] inv'0 result} {[%#shashmap25] forall i : t_DeepModelTy'0 . Map.get (view'1 result) i = C_None'0} @@ -1416,15 +1419,15 @@ module M_hashmap__qyi7664122466964245986__resize [#"hashmap.rs" 173 4 173 24] (* axiom inv_axiom'6 [@rewrite] : forall x : borrowed (t_Vec'0) [inv'6 x] . inv'6 x = invariant'5 x - predicate inv'7 (_1 : usize) + predicate inv'7 (_1 : UInt64.t) - axiom inv_axiom'7 [@rewrite] : forall x : usize [inv'7 x] . inv'7 x = true + axiom inv_axiom'7 [@rewrite] : forall x : UInt64.t [inv'7 x] . inv'7 x = true function view'6 (self : borrowed (t_Vec'0)) : Seq.seq (t_List'0) = [%#smodel45] view'0 self.current - predicate in_bounds'0 [@inline:trivial] (self : usize) (seq : Seq.seq (t_List'0)) = - [%#sslice48] UIntSize.to_int self < Seq.length seq + predicate in_bounds'0 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq (t_List'0)) = + [%#sslice48] UInt64.to_uint self < Seq.length seq predicate invariant'3 (self : borrowed (t_List'0)) = [%#sinvariant53] inv'3 self.current /\ inv'3 self.final @@ -1433,14 +1436,16 @@ module M_hashmap__qyi7664122466964245986__resize [#"hashmap.rs" 173 4 173 24] (* axiom inv_axiom'4 [@rewrite] : forall x : borrowed (t_List'0) [inv'4 x] . inv'4 x = invariant'3 x - predicate has_value'0 [@inline:trivial] (self : usize) (seq : Seq.seq (t_List'0)) (out : t_List'0) = - [%#sslice49] Seq.get seq (UIntSize.to_int self) = out + predicate has_value'0 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq (t_List'0)) (out : t_List'0) = + [%#sslice49] Seq.get seq (UInt64.to_uint self) = out - predicate resolve_elswhere'0 [@inline:trivial] (self : usize) (old' : Seq.seq (t_List'0)) (fin : Seq.seq (t_List'0)) = - [%#sslice50] forall i : int . 0 <= i /\ i <> UIntSize.to_int self /\ i < Seq.length old' + predicate resolve_elswhere'0 [@inline:trivial] (self : UInt64.t) (old' : Seq.seq (t_List'0)) (fin : Seq.seq (t_List'0)) + + = + [%#sslice50] forall i : int . 0 <= i /\ i <> UInt64.to_uint self /\ i < Seq.length old' -> Seq.get old' i = Seq.get fin i - let rec index_mut'0 (self:borrowed (t_Vec'0)) (index:usize) (return' (ret:borrowed (t_List'0)))= {[@expl:index_mut 'self' type invariant] inv'6 self} + let rec index_mut'0 (self:borrowed (t_Vec'0)) (index:UInt64.t) (return' (ret:borrowed (t_List'0)))= {[@expl:index_mut 'self' type invariant] inv'6 self} {[@expl:index_mut 'index' type invariant] inv'7 index} {[@expl:index_mut requires] [%#svec31] in_bounds'0 index (view'6 self)} any @@ -1499,14 +1504,14 @@ module M_hashmap__qyi7664122466964245986__resize [#"hashmap.rs" 173 4 173 24] (* (! bb0 [ bb0 = s0 [ s0 = [ &old_self <- [%#shashmap0] Snapshot.new self ] s1 | s1 = bb1 ] | bb1 = s0 - [ s0 = len'0 {(self.current).t_MyHashMap__buckets'0} (fun (_ret':usize) -> [ &_8 <- _ret' ] s1) | s1 = bb2 ] + [ s0 = len'0 {(self.current).t_MyHashMap__buckets'0} (fun (_ret':UInt64.t) -> [ &_8 <- _ret' ] s1) | s1 = bb2 ] | bb2 = s0 - [ s0 = UIntSize.mul {_8} {[%#shashmap1] (2 : usize)} (fun (_ret':usize) -> [ &_7 <- _ret' ] s1) + [ s0 = UInt64.mul {_8} {[%#shashmap1] (2 : UInt64.t)} (fun (_ret':UInt64.t) -> [ &_7 <- _ret' ] s1) | s1 = new'0 {_7} (fun (_ret':t_MyHashMap'0) -> [ &new <- _ret' ] s2) | s2 = bb3 ] - | bb3 = s0 [ s0 = [ &i <- [%#shashmap2] (0 : usize) ] s1 | s1 = bb4 ] + | bb3 = s0 [ s0 = [ &i <- [%#shashmap2] (0 : UInt64.t) ] s1 | s1 = bb4 ] | bb4 = bb5 | bb5 = bb6 | bb6 = s0 [ s0 = [ &old_7_0 <- Snapshot.new self ] s1 | s1 = bb7 ] @@ -1515,26 +1520,27 @@ module M_hashmap__qyi7664122466964245986__resize [#"hashmap.rs" 173 4 173 24] (* {[@expl:loop invariant #0] [%#shashmap9] inv'1 self} {[@expl:loop invariant #1] [%#shashmap8] inv'0 new} {[@expl:loop invariant #2] [%#shashmap7] forall k : t_DeepModelTy'0 . bucket_ix'0 (Snapshot.inner old_self).current k - < UIntSize.to_int i -> Map.get (view'2 old_self) k = Map.get (view'1 new) k} - {[@expl:loop invariant #3] [%#shashmap6] forall k : t_DeepModelTy'0 . UIntSize.to_int i + < UInt64.to_uint i -> Map.get (view'2 old_self) k = Map.get (view'1 new) k} + {[@expl:loop invariant #3] [%#shashmap6] forall k : t_DeepModelTy'0 . UInt64.to_uint i <= bucket_ix'0 (Snapshot.inner old_self).current k /\ bucket_ix'0 (Snapshot.inner old_self).current k <= Seq.length (view'0 ((Snapshot.inner old_self).current).t_MyHashMap__buckets'0) -> Map.get (view'1 new) k = C_None'0} - {[@expl:loop invariant #4] [%#shashmap5] forall j : int . UIntSize.to_int i <= j + {[@expl:loop invariant #4] [%#shashmap5] forall j : int . UInt64.to_uint i <= j /\ j < Seq.length (view'0 ((Snapshot.inner old_self).current).t_MyHashMap__buckets'0) -> index_logic'0 (self.current).t_MyHashMap__buckets'0 j = index_logic'0 ((Snapshot.inner old_self).current).t_MyHashMap__buckets'0 j} {[@expl:loop invariant #5] [%#shashmap4] Seq.length (view'0 ((Snapshot.inner old_self).current).t_MyHashMap__buckets'0) = Seq.length (view'0 (self.current).t_MyHashMap__buckets'0)} - {[@expl:loop invariant #6] [%#shashmap3] UIntSize.to_int i + {[@expl:loop invariant #6] [%#shashmap3] UInt64.to_uint i <= Seq.length (view'0 (self.current).t_MyHashMap__buckets'0)} (! s0) [ s0 = bb8 ] [ bb8 = s0 - [ s0 = len'0 {(self.current).t_MyHashMap__buckets'0} (fun (_ret':usize) -> [ &_22 <- _ret' ] s1) | s1 = bb9 ] + [ s0 = len'0 {(self.current).t_MyHashMap__buckets'0} (fun (_ret':UInt64.t) -> [ &_22 <- _ret' ] s1) + | s1 = bb9 ] | bb9 = s0 - [ s0 = UIntSize.lt {i} {_22} (fun (_ret':bool) -> [ &_20 <- _ret' ] s1) + [ s0 = UInt64.lt {i} {_22} (fun (_ret':bool) -> [ &_20 <- _ret' ] s1) | s1 = any [ br0 -> {_20 = false} (! bb32) | br1 -> {_20} (! bb10) ] ] | bb10 = s0 @@ -1585,21 +1591,21 @@ module M_hashmap__qyi7664122466964245986__resize [#"hashmap.rs" 173 4 173 24] (* [ bb20 = {[@expl:loop invariant #0] [%#shashmap16] inv'0 new} {[@expl:loop invariant #1] [%#shashmap15] inv'3 l} {[@expl:loop invariant #2] [%#shashmap14] forall k : t_DeepModelTy'0 . bucket_ix'0 (Snapshot.inner old_self).current k - < UIntSize.to_int i -> Map.get (view'2 old_self) k = Map.get (view'1 new) k} - {[@expl:loop invariant #3] [%#shashmap13] forall k : t_DeepModelTy'0 . UIntSize.to_int i + < UInt64.to_uint i -> Map.get (view'2 old_self) k = Map.get (view'1 new) k} + {[@expl:loop invariant #3] [%#shashmap13] forall k : t_DeepModelTy'0 . UInt64.to_uint i < bucket_ix'0 (Snapshot.inner old_self).current k /\ bucket_ix'0 (Snapshot.inner old_self).current k <= Seq.length (view'0 ((Snapshot.inner old_self).current).t_MyHashMap__buckets'0) -> Map.get (view'1 new) k = C_None'0} {[@expl:loop invariant #4] [%#shashmap12] forall k : t_DeepModelTy'0 . bucket_ix'0 (Snapshot.inner old_self).current k - = UIntSize.to_int i + = UInt64.to_uint i -> Map.get (view'2 old_self) k = match get'0 l k with | C_None'0 -> Map.get (view'1 new) k | C_Some'0 v -> C_Some'0 v end} {[@expl:loop invariant #5] [%#shashmap11] no_double_binding'0 l} - {[@expl:loop invariant #6] [%#shashmap10] good_bucket'0 (Snapshot.inner old_self).current l (UIntSize.to_int i)} + {[@expl:loop invariant #6] [%#shashmap10] good_bucket'0 (Snapshot.inner old_self).current l (UInt64.to_uint i)} (! s0) [ s0 = bb21 ] [ bb21 = any [ br0 -> {l = C_Nil'0 } (! bb28) | br1 (x0:(t_K'0, t_V'0)) (x1:t_List'0)-> {l = C_Cons'0 x0 x1} (! bb22) ] @@ -1630,12 +1636,13 @@ module M_hashmap__qyi7664122466964245986__resize [#"hashmap.rs" 173 4 173 24] (* | bb28 = s0 [ s0 = {[@expl:type invariant] inv'3 l} s1 | s1 = {[@expl:assertion] [%#shashmap17] forall k : t_DeepModelTy'0 . bucket_ix'0 (Snapshot.inner old_self).current k - = UIntSize.to_int i -> Map.get (view'2 old_self) k = Map.get (view'1 new) k} + = UInt64.to_uint i -> Map.get (view'2 old_self) k = Map.get (view'1 new) k} s2 | s2 = bb30 ] | bb30 = s0 - [ s0 = UIntSize.add {i} {[%#shashmap18] (1 : usize)} (fun (_ret':usize) -> [ &i <- _ret' ] s1) | s1 = bb31 ] + [ s0 = UInt64.add {i} {[%#shashmap18] (1 : UInt64.t)} (fun (_ret':UInt64.t) -> [ &i <- _ret' ] s1) + | s1 = bb31 ] | bb31 = bb7 ] ] @@ -1659,11 +1666,11 @@ module M_hashmap__qyi7664122466964245986__resize [#"hashmap.rs" 173 4 173 24] (* | & self : borrowed (t_MyHashMap'0) = self | & old_self : Snapshot.snap_ty (borrowed (t_MyHashMap'0)) = any_l () | & new : t_MyHashMap'0 = any_l () - | & _7 : usize = any_l () - | & _8 : usize = any_l () - | & i : usize = any_l () + | & _7 : UInt64.t = any_l () + | & _8 : UInt64.t = any_l () + | & i : UInt64.t = any_l () | & _20 : bool = any_l () - | & _22 : usize = any_l () + | & _22 : UInt64.t = any_l () | & l : t_List'0 = any_l () | & _25 : borrowed (t_List'0) = any_l () | & _26 : borrowed (t_List'0) = any_l () @@ -1714,7 +1721,7 @@ module M_hashmap__main [#"hashmap.rs" 213 0 213 13] let%span shashmap28 = "hashmap.rs" 121 14 121 122 let%span shashmap29 = "hashmap.rs" 80 8 80 33 let%span smodel30 = "../../../creusot-contracts/src/model.rs" 88 8 88 22 - let%span snum31 = "../../../creusot-contracts/src/std/num.rs" 21 28 21 33 + let%span snum31 = "../../../creusot-contracts/src/std/num.rs" 52 28 52 33 let%span smodel32 = "../../../creusot-contracts/src/model.rs" 106 8 106 22 let%span shashmap33 = "hashmap.rs" 86 8 86 53 let%span shashmap34 = "hashmap.rs" 31 12 34 13 @@ -1728,11 +1735,11 @@ module M_hashmap__main [#"hashmap.rs" 213 0 213 13] let%span sinvariant42 = "../../../creusot-contracts/src/invariant.rs" 34 20 34 44 let%span shashmap43 = "hashmap.rs" 66 20 66 21 - use prelude.prelude.UIntSize + use prelude.prelude.Int - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 - use prelude.prelude.Int + use prelude.prelude.UInt64 use prelude.prelude.Opaque @@ -1743,32 +1750,32 @@ module M_hashmap__main [#"hashmap.rs" 213 0 213 13] { t_Unique__pointer'0: t_NonNull'0; t_Unique__qy95zmarker'0: () } type t_Cap'0 = - { t_Cap__0'0: usize } + { t_Cap__0'0: UInt64.t } type t_RawVec'0 = { t_RawVec__ptr'0: t_Unique'0; t_RawVec__cap'0: t_Cap'0; t_RawVec__alloc'0: () } type t_Vec'0 = - { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: usize } + { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: UInt64.t } type t_MyHashMap'0 = { t_MyHashMap__buckets'0: t_Vec'0 } use seq.Seq - constant v_MAX'0 : usize = (18446744073709551615 : usize) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.IntSize + use prelude.prelude.Int64 type t_List'0 = | C_Nil'0 - | C_Cons'0 (usize, isize) (t_List'0) + | C_Cons'0 (UInt64.t, Int64.t) (t_List'0) use seq.Seq function view'3 (self : t_Vec'0) : Seq.seq (t_List'0) - axiom view'3_spec : forall self : t_Vec'0 . [%#svec39] Seq.length (view'3 self) <= UIntSize.to_int (v_MAX'0 : usize) + axiom view'3_spec : forall self : t_Vec'0 . [%#svec39] Seq.length (view'3 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) use seq.Seq @@ -1777,10 +1784,10 @@ module M_hashmap__main [#"hashmap.rs" 213 0 213 13] type t_Option'1 = | C_None'0 - | C_Some'1 isize + | C_Some'1 Int64.t - function deep_model'0 (self : usize) : int = - [%#snum31] UIntSize.to_int self + function deep_model'0 (self : UInt64.t) : int = + [%#snum31] UInt64.to_uint self function get'1 [#"hashmap.rs" 29 4 29 56] (self : t_List'0) (index : int) : t_Option'1 = [%#shashmap34] match self with @@ -1797,7 +1804,7 @@ module M_hashmap__main [#"hashmap.rs" 213 0 213 13] [%#shashmap36] EuclideanDivision.mod (hash_log'0 k) (Seq.length (view'3 self.t_MyHashMap__buckets'0)) predicate good_bucket'0 [#"hashmap.rs" 95 4 95 57] (self : t_MyHashMap'0) (l : t_List'0) (h : int) = - [%#shashmap40] forall k : int, v : isize . get'1 l k = C_Some'1 v -> bucket_ix'0 self k = h + [%#shashmap40] forall k : int, v : Int64.t . get'1 l k = C_Some'1 v -> bucket_ix'0 self k = h predicate no_double_binding'0 [#"hashmap.rs" 39 4 39 38] (self : t_List'0) = [%#shashmap41] match self with @@ -1831,8 +1838,8 @@ module M_hashmap__main [#"hashmap.rs" 213 0 213 13] use map.Map - let rec new'0 (size:usize) (return' (ret:t_MyHashMap'0))= {[@expl:new requires] [%#shashmap18] 0 - < UIntSize.to_int size} + let rec new'0 (size:UInt64.t) (return' (ret:t_MyHashMap'0))= {[@expl:new requires] [%#shashmap18] 0 + < UInt64.to_uint size} any [ return' (result:t_MyHashMap'0)-> {[%#shashmap19] inv'0 result} {[%#shashmap20] forall i : int . Map.get (view'0 result) i = C_None'0} @@ -1848,13 +1855,13 @@ module M_hashmap__main [#"hashmap.rs" 213 0 213 13] axiom inv_axiom'1 [@rewrite] : forall x : t_MyHashMap'0 [inv'1 x] . inv'1 x = invariant'1 x - predicate inv'2 (_1 : usize) + predicate inv'2 (_1 : UInt64.t) - axiom inv_axiom'2 [@rewrite] : forall x : usize [inv'2 x] . inv'2 x = true + axiom inv_axiom'2 [@rewrite] : forall x : UInt64.t [inv'2 x] . inv'2 x = true type t_Option'0 = | C_None'1 - | C_Some'0 isize + | C_Some'0 Int64.t predicate inv'3 (_1 : t_Option'0) @@ -1863,7 +1870,7 @@ module M_hashmap__main [#"hashmap.rs" 213 0 213 13] function view'1 (self : t_MyHashMap'0) : Map.map int (t_Option'1) = [%#smodel30] view'0 self - let rec get'0 (self:t_MyHashMap'0) (key:usize) (return' (ret:t_Option'0))= {[@expl:get 'self' type invariant] [%#shashmap21] inv'1 self} + let rec get'0 (self:t_MyHashMap'0) (key:UInt64.t) (return' (ret:t_Option'0))= {[@expl:get 'self' type invariant] [%#shashmap21] inv'1 self} {[@expl:get 'key' type invariant] [%#shashmap22] inv'2 key} any [ return' (result:t_Option'0)-> {[%#shashmap23] inv'3 result} @@ -1881,14 +1888,14 @@ module M_hashmap__main [#"hashmap.rs" 213 0 213 13] axiom inv_axiom'4 [@rewrite] : forall x : borrowed (t_MyHashMap'0) [inv'4 x] . inv'4 x = invariant'2 x - predicate inv'5 (_1 : isize) + predicate inv'5 (_1 : Int64.t) - axiom inv_axiom'5 [@rewrite] : forall x : isize [inv'5 x] . inv'5 x = true + axiom inv_axiom'5 [@rewrite] : forall x : Int64.t [inv'5 x] . inv'5 x = true function view'2 (self : borrowed (t_MyHashMap'0)) : Map.map int (t_Option'1) = [%#smodel32] view'0 self.current - let rec add'0 (self:borrowed (t_MyHashMap'0)) (key:usize) (val':isize) (return' (ret:()))= {[@expl:add 'self' type invariant] [%#shashmap25] inv'4 self} + let rec add'0 (self:borrowed (t_MyHashMap'0)) (key:UInt64.t) (val':Int64.t) (return' (ret:()))= {[@expl:add 'self' type invariant] [%#shashmap25] inv'4 self} {[@expl:add 'key' type invariant] [%#shashmap26] inv'2 key} {[@expl:add 'val' type invariant] [%#shashmap27] inv'5 val'} any @@ -1903,47 +1910,47 @@ module M_hashmap__main [#"hashmap.rs" 213 0 213 13] let rec main'0 (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 - [ s0 = new'0 {[%#shashmap0] (17 : usize)} (fun (_ret':t_MyHashMap'0) -> [ &h1 <- _ret' ] s1) | s1 = bb1 ] + [ s0 = new'0 {[%#shashmap0] (17 : UInt64.t)} (fun (_ret':t_MyHashMap'0) -> [ &h1 <- _ret' ] s1) | s1 = bb1 ] | bb1 = s0 - [ s0 = new'0 {[%#shashmap1] (42 : usize)} (fun (_ret':t_MyHashMap'0) -> [ &h2 <- _ret' ] s1) | s1 = bb2 ] + [ s0 = new'0 {[%#shashmap1] (42 : UInt64.t)} (fun (_ret':t_MyHashMap'0) -> [ &h2 <- _ret' ] s1) | s1 = bb2 ] | bb2 = s0 - [ s0 = get'0 {h1} {[%#shashmap2] (1 : usize)} (fun (_ret':t_Option'0) -> [ &_x <- _ret' ] s1) | s1 = bb3 ] + [ s0 = get'0 {h1} {[%#shashmap2] (1 : UInt64.t)} (fun (_ret':t_Option'0) -> [ &_x <- _ret' ] s1) | s1 = bb3 ] | bb3 = s0 - [ s0 = get'0 {h1} {[%#shashmap3] (2 : usize)} (fun (_ret':t_Option'0) -> [ &_y <- _ret' ] s1) | s1 = bb4 ] + [ s0 = get'0 {h1} {[%#shashmap3] (2 : UInt64.t)} (fun (_ret':t_Option'0) -> [ &_y <- _ret' ] s1) | s1 = bb4 ] | bb4 = s0 - [ s0 = get'0 {h2} {[%#shashmap4] (1 : usize)} (fun (_ret':t_Option'0) -> [ &_z <- _ret' ] s1) | s1 = bb5 ] + [ s0 = get'0 {h2} {[%#shashmap4] (1 : UInt64.t)} (fun (_ret':t_Option'0) -> [ &_z <- _ret' ] s1) | s1 = bb5 ] | bb5 = s0 - [ s0 = get'0 {h2} {[%#shashmap5] (2 : usize)} (fun (_ret':t_Option'0) -> [ &_t <- _ret' ] s1) | s1 = bb6 ] + [ s0 = get'0 {h2} {[%#shashmap5] (2 : UInt64.t)} (fun (_ret':t_Option'0) -> [ &_t <- _ret' ] s1) | s1 = bb6 ] | bb6 = s0 [ s0 = {inv'0 h1} Borrow.borrow_mut {h1} (fun (_ret':borrowed (t_MyHashMap'0)) -> [ &_12 <- _ret' ] -{inv'0 _ret'.final}- [ &h1 <- _ret'.final ] s1) - | s1 = add'0 {_12} {[%#shashmap6] (1 : usize)} {[%#shashmap7] (17 : isize)} + | s1 = add'0 {_12} {[%#shashmap6] (1 : UInt64.t)} {[%#shashmap7] (17 : Int64.t)} (fun (_ret':()) -> [ &_11 <- _ret' ] s2) | s2 = bb7 ] | bb7 = s0 - [ s0 = get'0 {h1} {[%#shashmap8] (1 : usize)} (fun (_ret':t_Option'0) -> [ &_13 <- _ret' ] s1) | s1 = bb8 ] + [ s0 = get'0 {h1} {[%#shashmap8] (1 : UInt64.t)} (fun (_ret':t_Option'0) -> [ &_13 <- _ret' ] s1) | s1 = bb8 ] | bb8 = s0 [ s0 = [ &_x <- _13 ] s1 - | s1 = get'0 {h1} {[%#shashmap9] (2 : usize)} (fun (_ret':t_Option'0) -> [ &_15 <- _ret' ] s2) + | s1 = get'0 {h1} {[%#shashmap9] (2 : UInt64.t)} (fun (_ret':t_Option'0) -> [ &_15 <- _ret' ] s2) | s2 = bb9 ] | bb9 = s0 [ s0 = [ &_y <- _15 ] s1 - | s1 = get'0 {h2} {[%#shashmap10] (1 : usize)} (fun (_ret':t_Option'0) -> [ &_17 <- _ret' ] s2) + | s1 = get'0 {h2} {[%#shashmap10] (1 : UInt64.t)} (fun (_ret':t_Option'0) -> [ &_17 <- _ret' ] s2) | s2 = bb10 ] | bb10 = s0 [ s0 = [ &_z <- _17 ] s1 - | s1 = get'0 {h2} {[%#shashmap11] (2 : usize)} (fun (_ret':t_Option'0) -> [ &_19 <- _ret' ] s2) + | s1 = get'0 {h2} {[%#shashmap11] (2 : UInt64.t)} (fun (_ret':t_Option'0) -> [ &_19 <- _ret' ] s2) | s2 = bb11 ] | bb11 = s0 @@ -1951,26 +1958,26 @@ module M_hashmap__main [#"hashmap.rs" 213 0 213 13] | s1 = {inv'0 h2} Borrow.borrow_mut {h2} (fun (_ret':borrowed (t_MyHashMap'0)) -> [ &_22 <- _ret' ] -{inv'0 _ret'.final}- [ &h2 <- _ret'.final ] s2) - | s2 = add'0 {_22} {[%#shashmap12] (1 : usize)} {[%#shashmap13] (42 : isize)} + | s2 = add'0 {_22} {[%#shashmap12] (1 : UInt64.t)} {[%#shashmap13] (42 : Int64.t)} (fun (_ret':()) -> [ &_21 <- _ret' ] s3) | s3 = bb12 ] | bb12 = s0 - [ s0 = get'0 {h1} {[%#shashmap14] (1 : usize)} (fun (_ret':t_Option'0) -> [ &_23 <- _ret' ] s1) | s1 = bb13 ] + [ s0 = get'0 {h1} {[%#shashmap14] (1 : UInt64.t)} (fun (_ret':t_Option'0) -> [ &_23 <- _ret' ] s1) | s1 = bb13 ] | bb13 = s0 [ s0 = [ &_x <- _23 ] s1 - | s1 = get'0 {h1} {[%#shashmap15] (2 : usize)} (fun (_ret':t_Option'0) -> [ &_25 <- _ret' ] s2) + | s1 = get'0 {h1} {[%#shashmap15] (2 : UInt64.t)} (fun (_ret':t_Option'0) -> [ &_25 <- _ret' ] s2) | s2 = bb14 ] | bb14 = s0 [ s0 = [ &_y <- _25 ] s1 - | s1 = get'0 {h2} {[%#shashmap16] (1 : usize)} (fun (_ret':t_Option'0) -> [ &_27 <- _ret' ] s2) + | s1 = get'0 {h2} {[%#shashmap16] (1 : UInt64.t)} (fun (_ret':t_Option'0) -> [ &_27 <- _ret' ] s2) | s2 = bb15 ] | bb15 = s0 [ s0 = [ &_z <- _27 ] s1 - | s1 = get'0 {h2} {[%#shashmap17] (2 : usize)} (fun (_ret':t_Option'0) -> [ &_29 <- _ret' ] s2) + | s1 = get'0 {h2} {[%#shashmap17] (2 : UInt64.t)} (fun (_ret':t_Option'0) -> [ &_29 <- _ret' ] s2) | s2 = bb16 ] | bb16 = s0 [ s0 = [ &_t <- _29 ] s1 | s1 = bb17 ] @@ -2042,34 +2049,32 @@ module M_hashmap__qyi9060063638777358169__hash__refines [#"hashmap.rs" 60 4 60 2 let%span shashmap0 = "hashmap.rs" 60 4 60 25 let%span smodel1 = "../../../creusot-contracts/src/model.rs" 79 8 79 28 let%span shashmap2 = "hashmap.rs" 66 20 66 21 - let%span snum3 = "../../../creusot-contracts/src/std/num.rs" 21 28 21 33 + let%span snum3 = "../../../creusot-contracts/src/std/num.rs" 52 28 52 33 use prelude.prelude.Borrow - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 - predicate inv'0 (_1 : usize) + predicate inv'0 (_1 : UInt64.t) - axiom inv_axiom'0 [@rewrite] : forall x : usize [inv'0 x] . inv'0 x = true + axiom inv_axiom'0 [@rewrite] : forall x : UInt64.t [inv'0 x] . inv'0 x = true use prelude.prelude.UInt64 use prelude.prelude.UInt64 - use prelude.prelude.Int - - use prelude.prelude.UIntSize - - function deep_model'1 (self : usize) : int = - [%#snum3] UIntSize.to_int self + function deep_model'1 (self : UInt64.t) : int = + [%#snum3] UInt64.to_uint self - function deep_model'0 (self : usize) : int = + function deep_model'0 (self : UInt64.t) : int = [%#smodel1] deep_model'1 self function hash_log'0 [#"hashmap.rs" 65 4 65 30] (x : int) : int = [%#shashmap2] x - goal refines : [%#shashmap0] forall self : usize . inv'0 self - -> (forall result : uint64 . UInt64.to_int result = hash_log'0 (deep_model'0 self) - -> UInt64.to_int result = hash_log'0 (deep_model'0 self)) + goal refines : [%#shashmap0] forall self : UInt64.t . inv'0 self + -> (forall result : UInt64.t . UInt64.to_uint result = hash_log'0 (deep_model'0 self) + -> UInt64.to_uint result = hash_log'0 (deep_model'0 self)) end diff --git a/creusot/tests/should_succeed/heapsort_generic.coma b/creusot/tests/should_succeed/heapsort_generic.coma index 4a80b4715e..50d315ce82 100644 --- a/creusot/tests/should_succeed/heapsort_generic.coma +++ b/creusot/tests/should_succeed/heapsort_generic.coma @@ -118,8 +118,8 @@ module M_heapsort_generic__sift_down [#"heapsort_generic.rs" 41 0 43 29] let%span sheapsort_generic5 = "heapsort_generic.rs" 50 16 50 41 let%span sheapsort_generic6 = "heapsort_generic.rs" 49 16 49 41 let%span sheapsort_generic7 = "heapsort_generic.rs" 48 16 48 22 - let%span sheapsort_generic8 = "heapsort_generic.rs" 61 22 61 23 - let%span sheapsort_generic9 = "heapsort_generic.rs" 61 16 61 23 + let%span sheapsort_generic8 = "heapsort_generic.rs" 61 16 61 23 + let%span sheapsort_generic9 = "heapsort_generic.rs" 61 22 61 23 let%span sheapsort_generic10 = "heapsort_generic.rs" 65 24 65 25 let%span sheapsort_generic11 = "heapsort_generic.rs" 65 32 65 33 let%span sheapsort_generic12 = "heapsort_generic.rs" 66 19 66 20 @@ -145,9 +145,9 @@ module M_heapsort_generic__sift_down [#"heapsort_generic.rs" 41 0 43 29] let%span scmp32 = "../../../creusot-contracts/src/std/cmp.rs" 36 26 36 77 let%span svec33 = "../../../creusot-contracts/src/std/vec.rs" 175 26 175 42 let%span svec34 = "../../../creusot-contracts/src/std/vec.rs" 176 26 176 48 - let%span sslice35 = "../../../creusot-contracts/src/std/slice.rs" 257 19 257 35 - let%span sslice36 = "../../../creusot-contracts/src/std/slice.rs" 258 19 258 35 - let%span sslice37 = "../../../creusot-contracts/src/std/slice.rs" 259 18 259 50 + let%span sslice35 = "../../../creusot-contracts/src/std/slice.rs" 275 19 275 35 + let%span sslice36 = "../../../creusot-contracts/src/std/slice.rs" 276 19 276 35 + let%span sslice37 = "../../../creusot-contracts/src/std/slice.rs" 277 18 277 50 let%span sheapsort_generic38 = "heapsort_generic.rs" 16 16 17 24 let%span svec39 = "../../../creusot-contracts/src/std/vec.rs" 29 14 29 47 let%span svec40 = "../../../creusot-contracts/src/std/vec.rs" 30 14 31 51 @@ -166,8 +166,8 @@ module M_heapsort_generic__sift_down [#"heapsort_generic.rs" 41 0 43 29] let%span sord53 = "../../../creusot-contracts/src/logic/ord.rs" 65 14 65 44 let%span sord54 = "../../../creusot-contracts/src/logic/ord.rs" 69 14 69 59 let%span smodel55 = "../../../creusot-contracts/src/model.rs" 88 8 88 22 - let%span sslice56 = "../../../creusot-contracts/src/std/slice.rs" 122 20 122 37 - let%span sslice57 = "../../../creusot-contracts/src/std/slice.rs" 129 20 129 37 + let%span sslice56 = "../../../creusot-contracts/src/std/slice.rs" 140 20 140 37 + let%span sslice57 = "../../../creusot-contracts/src/std/slice.rs" 147 20 147 37 let%span smodel58 = "../../../creusot-contracts/src/model.rs" 79 8 79 28 let%span sslice59 = "../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 let%span sslice60 = "../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 @@ -181,7 +181,7 @@ module M_heapsort_generic__sift_down [#"heapsort_generic.rs" 41 0 43 29] use prelude.prelude.Snapshot - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 use prelude.prelude.Int @@ -198,16 +198,16 @@ module M_heapsort_generic__sift_down [#"heapsort_generic.rs" 41 0 43 29] type t_Unique'0 = { t_Unique__pointer'0: t_NonNull'0; t_Unique__qy95zmarker'0: () } - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 type t_Cap'0 = - { t_Cap__0'0: usize } + { t_Cap__0'0: UInt64.t } type t_RawVec'0 = { t_RawVec__ptr'0: t_Unique'0; t_RawVec__cap'0: t_Cap'0; t_RawVec__alloc'0: () } type t_Vec'0 = - { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: usize } + { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: UInt64.t } type t_DeepModelTy'0 @@ -215,7 +215,7 @@ module M_heapsort_generic__sift_down [#"heapsort_generic.rs" 41 0 43 29] use seq.Seq - constant v_MAX'0 : usize = (18446744073709551615 : usize) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) type t_T'0 @@ -223,7 +223,7 @@ module M_heapsort_generic__sift_down [#"heapsort_generic.rs" 41 0 43 29] function view'2 (self : t_Vec'0) : Seq.seq t_T'0 - axiom view'2_spec : forall self : t_Vec'0 . [%#svec41] Seq.length (view'2 self) <= UIntSize.to_int (v_MAX'0 : usize) + axiom view'2_spec : forall self : t_Vec'0 . [%#svec41] Seq.length (view'2 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) use seq.Seq @@ -362,15 +362,15 @@ module M_heapsort_generic__sift_down [#"heapsort_generic.rs" 41 0 43 29] axiom inv_axiom'4 [@rewrite] : forall x : t_Vec'0 [inv'4 x] . inv'4 x = invariant'4 x - predicate inv'5 (_1 : usize) + predicate inv'5 (_1 : UInt64.t) - axiom inv_axiom'5 [@rewrite] : forall x : usize [inv'5 x] . inv'5 x = true + axiom inv_axiom'5 [@rewrite] : forall x : UInt64.t [inv'5 x] . inv'5 x = true function view'4 (self : t_Vec'0) : Seq.seq t_T'0 = [%#smodel55] view'2 self - predicate in_bounds'0 [@inline:trivial] (self : usize) (seq : Seq.seq t_T'0) = - [%#sslice56] UIntSize.to_int self < Seq.length seq + predicate in_bounds'0 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq t_T'0) = + [%#sslice56] UInt64.to_uint self < Seq.length seq predicate invariant'5 (self : t_T'0) = [%#sinvariant65] inv'8 self @@ -379,10 +379,10 @@ module M_heapsort_generic__sift_down [#"heapsort_generic.rs" 41 0 43 29] axiom inv_axiom'6 [@rewrite] : forall x : t_T'0 [inv'6 x] . inv'6 x = invariant'5 x - predicate has_value'0 [@inline:trivial] (self : usize) (seq : Seq.seq t_T'0) (out : t_T'0) = - [%#sslice57] Seq.get seq (UIntSize.to_int self) = out + predicate has_value'0 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq t_T'0) (out : t_T'0) = + [%#sslice57] Seq.get seq (UInt64.to_uint self) = out - let rec index'0 (self:t_Vec'0) (index:usize) (return' (ret:t_T'0))= {[@expl:index 'self' type invariant] inv'4 self} + let rec index'0 (self:t_Vec'0) (index:UInt64.t) (return' (ret:t_T'0))= {[@expl:index 'self' type invariant] inv'4 self} {[@expl:index 'index' type invariant] inv'5 index} {[@expl:index requires] [%#svec29] in_bounds'0 index (view'4 self)} any @@ -406,15 +406,15 @@ module M_heapsort_generic__sift_down [#"heapsort_generic.rs" 41 0 43 29] (! return' {result}) ] - use prelude.prelude.Slice + use Slice64.create - use prelude.prelude.Slice + use prelude.prelude.Slice64 function view'6 (self : slice t_T'0) : Seq.seq t_T'0 axiom view'6_spec : forall self : slice t_T'0 . ([%#sslice59] Seq.length (view'6 self) - <= UIntSize.to_int (v_MAX'0 : usize)) - && ([%#sslice60] view'6 self = Slice.id self) + <= UInt64.to_uint (v_MAX'0 : UInt64.t)) + && ([%#sslice60] view'6 self = Slice64.id self) predicate invariant'2 (self : slice t_T'0) = [%#sslice64] inv'7 (view'6 self) @@ -443,11 +443,11 @@ module M_heapsort_generic__sift_down [#"heapsort_generic.rs" 41 0 43 29] use seq.Permut - let rec swap'0 (self:borrowed (slice t_T'0)) (a:usize) (b:usize) (return' (ret:()))= {[@expl:swap 'self' type invariant] inv'3 self} - {[@expl:swap requires #0] [%#sslice35] UIntSize.to_int a < Seq.length (view'5 self)} - {[@expl:swap requires #1] [%#sslice36] UIntSize.to_int b < Seq.length (view'5 self)} + let rec swap'0 (self:borrowed (slice t_T'0)) (a:UInt64.t) (b:UInt64.t) (return' (ret:()))= {[@expl:swap 'self' type invariant] inv'3 self} + {[@expl:swap requires #0] [%#sslice35] UInt64.to_uint a < Seq.length (view'5 self)} + {[@expl:swap requires #1] [%#sslice36] UInt64.to_uint b < Seq.length (view'5 self)} any - [ return' (result:())-> {[%#sslice37] Permut.exchange (view'6 self.final) (view'5 self) (UIntSize.to_int a) (UIntSize.to_int b)} + [ return' (result:())-> {[%#sslice37] Permut.exchange (view'6 self.final) (view'5 self) (UInt64.to_uint a) (UInt64.to_uint b)} (! return' {result}) ] @@ -471,11 +471,11 @@ module M_heapsort_generic__sift_down [#"heapsort_generic.rs" 41 0 43 29] meta "compute_max_steps" 1000000 - let rec sift_down'0 (v:borrowed (t_Vec'0)) (start:usize) (end':usize) (return' (ret:()))= {[@expl:sift_down 'v' type invariant] [%#sheapsort_generic15] inv'0 v} - {[@expl:sift_down requires #0] [%#sheapsort_generic16] heap_frag'0 (deep_model'0 v) (UIntSize.to_int start - + 1) (UIntSize.to_int end')} - {[@expl:sift_down requires #1] [%#sheapsort_generic17] UIntSize.to_int start < UIntSize.to_int end'} - {[@expl:sift_down requires #2] [%#sheapsort_generic18] UIntSize.to_int end' <= Seq.length (view'0 v)} + let rec sift_down'0 (v:borrowed (t_Vec'0)) (start:UInt64.t) (end':UInt64.t) (return' (ret:()))= {[@expl:sift_down 'v' type invariant] [%#sheapsort_generic15] inv'0 v} + {[@expl:sift_down requires #0] [%#sheapsort_generic16] heap_frag'0 (deep_model'0 v) (UInt64.to_uint start + + 1) (UInt64.to_uint end')} + {[@expl:sift_down requires #1] [%#sheapsort_generic17] UInt64.to_uint start < UInt64.to_uint end'} + {[@expl:sift_down requires #2] [%#sheapsort_generic18] UInt64.to_uint end' <= Seq.length (view'0 v)} (! bb0 [ bb0 = s0 [ s0 = [ &old_v <- [%#sheapsort_generic0] Snapshot.new v ] s1 | s1 = bb1 ] | bb1 = s0 [ s0 = [ &i <- start ] s1 | s1 = [ &old_2_0 <- Snapshot.new v ] s2 | s2 = bb2 ] @@ -483,55 +483,59 @@ module M_heapsort_generic__sift_down [#"heapsort_generic.rs" 41 0 43 29] [ bb2 = {[@expl:mut invariant] (Snapshot.inner old_2_0).final = v.final} {[@expl:loop invariant #0] [%#sheapsort_generic7] inv'0 v} {[@expl:loop invariant #1] [%#sheapsort_generic6] permutation_of'0 (view'0 v) (view'1 old_v)} - {[@expl:loop invariant #2] [%#sheapsort_generic5] UIntSize.to_int start <= UIntSize.to_int i - /\ UIntSize.to_int i < UIntSize.to_int end'} - {[@expl:loop invariant #3] [%#sheapsort_generic4] forall j : int . 0 <= j /\ j < UIntSize.to_int start - \/ UIntSize.to_int end' <= j /\ j < Seq.length (view'0 v) + {[@expl:loop invariant #2] [%#sheapsort_generic5] UInt64.to_uint start <= UInt64.to_uint i + /\ UInt64.to_uint i < UInt64.to_uint end'} + {[@expl:loop invariant #3] [%#sheapsort_generic4] forall j : int . 0 <= j /\ j < UInt64.to_uint start + \/ UInt64.to_uint end' <= j /\ j < Seq.length (view'0 v) -> index_logic'0 (Snapshot.inner old_v).current j = index_logic'0 v.current j} - {[@expl:loop invariant #4] [%#sheapsort_generic3] forall m : t_DeepModelTy'0 . (forall j : int . UIntSize.to_int start + {[@expl:loop invariant #4] [%#sheapsort_generic3] forall m : t_DeepModelTy'0 . (forall j : int . UInt64.to_uint start <= j - /\ j < UIntSize.to_int end' -> le_log'0 (Seq.get (deep_model'0 (Snapshot.inner old_v)) j) m) - -> (forall j : int . UIntSize.to_int start <= j /\ j < UIntSize.to_int end' + /\ j < UInt64.to_uint end' -> le_log'0 (Seq.get (deep_model'0 (Snapshot.inner old_v)) j) m) + -> (forall j : int . UInt64.to_uint start <= j /\ j < UInt64.to_uint end' -> le_log'0 (Seq.get (deep_model'0 v) j) m)} - {[@expl:loop invariant #5] [%#sheapsort_generic2] forall j : int . UIntSize.to_int start <= parent'0 j - /\ j < UIntSize.to_int end' /\ UIntSize.to_int i <> parent'0 j + {[@expl:loop invariant #5] [%#sheapsort_generic2] forall j : int . UInt64.to_uint start <= parent'0 j + /\ j < UInt64.to_uint end' /\ UInt64.to_uint i <> parent'0 j -> le_log'0 (Seq.get (deep_model'0 v) j) (Seq.get (deep_model'0 v) (parent'0 j))} - {[@expl:loop invariant #6] [%#sheapsort_generic1] let c = 2 * UIntSize.to_int i + 1 in c < UIntSize.to_int end' - /\ UIntSize.to_int start <= parent'0 (UIntSize.to_int i) + {[@expl:loop invariant #6] [%#sheapsort_generic1] let c = 2 * UInt64.to_uint i + 1 in c < UInt64.to_uint end' + /\ UInt64.to_uint start <= parent'0 (UInt64.to_uint i) -> le_log'0 (Seq.get (deep_model'0 v) c) (Seq.get (deep_model'0 v) (parent'0 (parent'0 c)))} - {[@expl:loop invariant #7] [%#sheapsort_generic1] let c = 2 * UIntSize.to_int i + 2 in c < UIntSize.to_int end' - /\ UIntSize.to_int start <= parent'0 (UIntSize.to_int i) + {[@expl:loop invariant #7] [%#sheapsort_generic1] let c = 2 * UInt64.to_uint i + 2 in c < UInt64.to_uint end' + /\ UInt64.to_uint start <= parent'0 (UInt64.to_uint i) -> le_log'0 (Seq.get (deep_model'0 v) c) (Seq.get (deep_model'0 v) (parent'0 (parent'0 c)))} (! s0) [ s0 = bb3 ] [ bb3 = s0 - [ s0 = UIntSize.eq {[%#sheapsort_generic8] (2 : usize)} {[%#sheapsort_generic9] (0 : usize)} + [ s0 = UInt64.eq {[%#sheapsort_generic9] (2 : UInt64.t)} {[%#sheapsort_generic8] (0 : UInt64.t)} (fun (_ret':bool) -> [ &_29 <- _ret' ] s1) - | s1 = {[@expl:division by zero] [%#sheapsort_generic9] not _29} s2 + | s1 = {[@expl:division by zero] [%#sheapsort_generic8] not _29} s2 | s2 = bb4 ] | bb4 = s0 - [ s0 = UIntSize.div {end'} {[%#sheapsort_generic8] (2 : usize)} (fun (_ret':usize) -> [ &_27 <- _ret' ] s1) - | s1 = UIntSize.ge {i} {_27} (fun (_ret':bool) -> [ &_25 <- _ret' ] s2) + [ s0 = UInt64.div {end'} {[%#sheapsort_generic9] (2 : UInt64.t)} + (fun (_ret':UInt64.t) -> [ &_27 <- _ret' ] s1) + | s1 = UInt64.ge {i} {_27} (fun (_ret':bool) -> [ &_25 <- _ret' ] s2) | s2 = any [ br0 -> {_25 = false} (! bb6) | br1 -> {_25} (! bb5) ] ] | bb6 = s0 - [ s0 = UIntSize.mul {[%#sheapsort_generic10] (2 : usize)} {i} (fun (_ret':usize) -> [ &_32 <- _ret' ] s1) - | s1 = UIntSize.add {_32} {[%#sheapsort_generic11] (1 : usize)} (fun (_ret':usize) -> [ &child <- _ret' ] s2) - | s2 = UIntSize.add {child} {[%#sheapsort_generic12] (1 : usize)} (fun (_ret':usize) -> [ &_36 <- _ret' ] s3) - | s3 = UIntSize.lt {_36} {end'} (fun (_ret':bool) -> [ &_35 <- _ret' ] s4) + [ s0 = UInt64.mul {[%#sheapsort_generic10] (2 : UInt64.t)} {i} (fun (_ret':UInt64.t) -> [ &_32 <- _ret' ] s1) + | s1 = UInt64.add {_32} {[%#sheapsort_generic11] (1 : UInt64.t)} + (fun (_ret':UInt64.t) -> [ &child <- _ret' ] s2) + | s2 = UInt64.add {child} {[%#sheapsort_generic12] (1 : UInt64.t)} + (fun (_ret':UInt64.t) -> [ &_36 <- _ret' ] s3) + | s3 = UInt64.lt {_36} {end'} (fun (_ret':bool) -> [ &_35 <- _ret' ] s4) | s4 = any [ br0 -> {_35 = false} (! bb8) | br1 -> {_35} (! bb7) ] ] | bb7 = s0 [ s0 = index'0 {v.current} {child} (fun (_ret':t_T'0) -> [ &_41 <- _ret' ] s1) | s1 = bb9 ] | bb9 = s0 - [ s0 = UIntSize.add {child} {[%#sheapsort_generic13] (1 : usize)} (fun (_ret':usize) -> [ &_47 <- _ret' ] s1) + [ s0 = UInt64.add {child} {[%#sheapsort_generic13] (1 : UInt64.t)} + (fun (_ret':UInt64.t) -> [ &_47 <- _ret' ] s1) | s1 = index'0 {v.current} {_47} (fun (_ret':t_T'0) -> [ &_45 <- _ret' ] s2) | s2 = bb10 ] | bb10 = s0 [ s0 = lt'0 {_41} {_45} (fun (_ret':bool) -> [ &_39 <- _ret' ] s1) | s1 = bb11 ] | bb11 = any [ br0 -> {_39 = false} (! bb13) | br1 -> {_39} (! bb12) ] | bb12 = s0 - [ s0 = UIntSize.add {child} {[%#sheapsort_generic14] (1 : usize)} - (fun (_ret':usize) -> [ &child <- _ret' ] s1) + [ s0 = UInt64.add {child} {[%#sheapsort_generic14] (1 : UInt64.t)} + (fun (_ret':UInt64.t) -> [ &child <- _ret' ] s1) | s1 = bb15 ] | bb13 = bb14 @@ -577,21 +581,21 @@ module M_heapsort_generic__sift_down [#"heapsort_generic.rs" 41 0 43 29] ) [ & _0 : () = any_l () | & v : borrowed (t_Vec'0) = v - | & start : usize = start - | & end' : usize = end' + | & start : UInt64.t = start + | & end' : UInt64.t = end' | & old_v : Snapshot.snap_ty (borrowed (t_Vec'0)) = any_l () - | & i : usize = any_l () + | & i : UInt64.t = any_l () | & _25 : bool = any_l () - | & _27 : usize = any_l () + | & _27 : UInt64.t = any_l () | & _29 : bool = any_l () - | & child : usize = any_l () - | & _32 : usize = any_l () + | & child : UInt64.t = any_l () + | & _32 : UInt64.t = any_l () | & _35 : bool = any_l () - | & _36 : usize = any_l () + | & _36 : UInt64.t = any_l () | & _39 : bool = any_l () | & _41 : t_T'0 = any_l () | & _45 : t_T'0 = any_l () - | & _47 : usize = any_l () + | & _47 : UInt64.t = any_l () | & _50 : bool = any_l () | & _52 : t_T'0 = any_l () | & _56 : t_T'0 = any_l () @@ -601,22 +605,22 @@ module M_heapsort_generic__sift_down [#"heapsort_generic.rs" 41 0 43 29] | & _63 : borrowed (t_Vec'0) = any_l () | & old_2_0 : Snapshot.snap_ty (borrowed (t_Vec'0)) = any_l () ] - [ return' (result:())-> {[@expl:sift_down ensures #0] [%#sheapsort_generic19] heap_frag'0 (deep_model'1 v.final) (UIntSize.to_int start) (UIntSize.to_int end')} + [ return' (result:())-> {[@expl:sift_down ensures #0] [%#sheapsort_generic19] heap_frag'0 (deep_model'1 v.final) (UInt64.to_uint start) (UInt64.to_uint end')} {[@expl:sift_down ensures #1] [%#sheapsort_generic20] permutation_of'0 (view'2 v.final) (view'0 v)} - {[@expl:sift_down ensures #2] [%#sheapsort_generic21] forall i : int . 0 <= i /\ i < UIntSize.to_int start - \/ UIntSize.to_int end' <= i /\ i < Seq.length (view'0 v) -> index_logic'0 v.current i = index_logic'0 v.final i} - {[@expl:sift_down ensures #3] [%#sheapsort_generic22] forall m : t_DeepModelTy'0 . (forall j : int . UIntSize.to_int start + {[@expl:sift_down ensures #2] [%#sheapsort_generic21] forall i : int . 0 <= i /\ i < UInt64.to_uint start + \/ UInt64.to_uint end' <= i /\ i < Seq.length (view'0 v) -> index_logic'0 v.current i = index_logic'0 v.final i} + {[@expl:sift_down ensures #3] [%#sheapsort_generic22] forall m : t_DeepModelTy'0 . (forall j : int . UInt64.to_uint start <= j - /\ j < UIntSize.to_int end' -> le_log'0 (Seq.get (deep_model'0 v) j) m) - -> (forall j : int . UIntSize.to_int start <= j /\ j < UIntSize.to_int end' + /\ j < UInt64.to_uint end' -> le_log'0 (Seq.get (deep_model'0 v) j) m) + -> (forall j : int . UInt64.to_uint start <= j /\ j < UInt64.to_uint end' -> le_log'0 (Seq.get (deep_model'1 v.final) j) m)} (! return' {result}) ] end module M_heapsort_generic__heap_sort [#"heapsort_generic.rs" 94 0 96 29] let%span sheapsort_generic0 = "heapsort_generic.rs" 98 16 98 31 - let%span sheapsort_generic1 = "heapsort_generic.rs" 100 30 100 31 - let%span sheapsort_generic2 = "heapsort_generic.rs" 100 20 100 31 + let%span sheapsort_generic1 = "heapsort_generic.rs" 100 20 100 31 + let%span sheapsort_generic2 = "heapsort_generic.rs" 100 30 100 31 let%span sheapsort_generic3 = "heapsort_generic.rs" 104 16 104 36 let%span sheapsort_generic4 = "heapsort_generic.rs" 103 16 103 59 let%span sheapsort_generic5 = "heapsort_generic.rs" 102 16 102 41 @@ -654,9 +658,9 @@ module M_heapsort_generic__heap_sort [#"heapsort_generic.rs" 94 0 96 29] let%span sheapsort_generic37 = "heapsort_generic.rs" 80 8 80 72 let%span svec38 = "../../../creusot-contracts/src/std/vec.rs" 175 26 175 42 let%span svec39 = "../../../creusot-contracts/src/std/vec.rs" 176 26 176 48 - let%span sslice40 = "../../../creusot-contracts/src/std/slice.rs" 257 19 257 35 - let%span sslice41 = "../../../creusot-contracts/src/std/slice.rs" 258 19 258 35 - let%span sslice42 = "../../../creusot-contracts/src/std/slice.rs" 259 18 259 50 + let%span sslice40 = "../../../creusot-contracts/src/std/slice.rs" 275 19 275 35 + let%span sslice41 = "../../../creusot-contracts/src/std/slice.rs" 276 19 276 35 + let%span sslice42 = "../../../creusot-contracts/src/std/slice.rs" 277 18 277 50 let%span sheapsort_generic43 = "heapsort_generic.rs" 21 11 21 31 let%span sheapsort_generic44 = "heapsort_generic.rs" 22 11 22 28 let%span sheapsort_generic45 = "heapsort_generic.rs" 23 10 23 22 @@ -704,24 +708,24 @@ module M_heapsort_generic__heap_sort [#"heapsort_generic.rs" 94 0 96 29] type t_Unique'0 = { t_Unique__pointer'0: t_NonNull'0; t_Unique__qy95zmarker'0: () } - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 type t_Cap'0 = - { t_Cap__0'0: usize } + { t_Cap__0'0: UInt64.t } type t_RawVec'0 = { t_RawVec__ptr'0: t_Unique'0; t_RawVec__cap'0: t_Cap'0; t_RawVec__alloc'0: () } type t_Vec'0 = - { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: usize } + { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: UInt64.t } use seq.Seq - constant v_MAX'1 : usize = (18446744073709551615 : usize) + constant v_MAX'1 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.UIntSize - - use prelude.prelude.Int + use prelude.prelude.UInt64 type t_T'0 @@ -729,7 +733,7 @@ module M_heapsort_generic__heap_sort [#"heapsort_generic.rs" 94 0 96 29] function view'2 (self : t_Vec'0) : Seq.seq t_T'0 - axiom view'2_spec : forall self : t_Vec'0 . [%#svec51] Seq.length (view'2 self) <= UIntSize.to_int (v_MAX'1 : usize) + axiom view'2_spec : forall self : t_Vec'0 . [%#svec51] Seq.length (view'2 self) <= UInt64.to_uint (v_MAX'1 : UInt64.t) use seq.Seq @@ -766,9 +770,9 @@ module M_heapsort_generic__heap_sort [#"heapsort_generic.rs" 94 0 96 29] function view'3 (self : t_Vec'0) : Seq.seq t_T'0 = [%#smodel52] view'2 self - let rec len'0 (self:t_Vec'0) (return' (ret:usize))= {[@expl:len 'self' type invariant] inv'4 self} + let rec len'0 (self:t_Vec'0) (return' (ret:UInt64.t))= {[@expl:len 'self' type invariant] inv'4 self} any - [ return' (result:usize)-> {[%#svec23] UIntSize.to_int result = Seq.length (view'3 self)} (! return' {result}) ] + [ return' (result:UInt64.t)-> {[%#svec23] UInt64.to_uint result = Seq.length (view'3 self)} (! return' {result}) ] function view'0 (self : borrowed (t_Vec'0)) : Seq.seq t_T'0 = @@ -887,19 +891,19 @@ module M_heapsort_generic__heap_sort [#"heapsort_generic.rs" 94 0 96 29] axiom inv_axiom'1 [@rewrite] : forall x : borrowed (t_Vec'0) [inv'1 x] . inv'1 x = invariant'1 x - let rec sift_down'0 (v:borrowed (t_Vec'0)) (start:usize) (end':usize) (return' (ret:()))= {[@expl:sift_down 'v' type invariant] [%#sheapsort_generic29] inv'1 v} - {[@expl:sift_down requires #0] [%#sheapsort_generic30] heap_frag'0 (deep_model'0 v) (UIntSize.to_int start - + 1) (UIntSize.to_int end')} - {[@expl:sift_down requires #1] [%#sheapsort_generic31] UIntSize.to_int start < UIntSize.to_int end'} - {[@expl:sift_down requires #2] [%#sheapsort_generic32] UIntSize.to_int end' <= Seq.length (view'0 v)} + let rec sift_down'0 (v:borrowed (t_Vec'0)) (start:UInt64.t) (end':UInt64.t) (return' (ret:()))= {[@expl:sift_down 'v' type invariant] [%#sheapsort_generic29] inv'1 v} + {[@expl:sift_down requires #0] [%#sheapsort_generic30] heap_frag'0 (deep_model'0 v) (UInt64.to_uint start + + 1) (UInt64.to_uint end')} + {[@expl:sift_down requires #1] [%#sheapsort_generic31] UInt64.to_uint start < UInt64.to_uint end'} + {[@expl:sift_down requires #2] [%#sheapsort_generic32] UInt64.to_uint end' <= Seq.length (view'0 v)} any - [ return' (result:())-> {[%#sheapsort_generic33] heap_frag'0 (deep_model'1 v.final) (UIntSize.to_int start) (UIntSize.to_int end')} + [ return' (result:())-> {[%#sheapsort_generic33] heap_frag'0 (deep_model'1 v.final) (UInt64.to_uint start) (UInt64.to_uint end')} {[%#sheapsort_generic34] permutation_of'0 (view'2 v.final) (view'0 v)} - {[%#sheapsort_generic35] forall i : int . 0 <= i /\ i < UIntSize.to_int start - \/ UIntSize.to_int end' <= i /\ i < Seq.length (view'0 v) -> index_logic'0 v.current i = index_logic'0 v.final i} - {[%#sheapsort_generic36] forall m : t_DeepModelTy'0 . (forall j : int . UIntSize.to_int start <= j - /\ j < UIntSize.to_int end' -> le_log'0 (Seq.get (deep_model'0 v) j) m) - -> (forall j : int . UIntSize.to_int start <= j /\ j < UIntSize.to_int end' + {[%#sheapsort_generic35] forall i : int . 0 <= i /\ i < UInt64.to_uint start + \/ UInt64.to_uint end' <= i /\ i < Seq.length (view'0 v) -> index_logic'0 v.current i = index_logic'0 v.final i} + {[%#sheapsort_generic36] forall m : t_DeepModelTy'0 . (forall j : int . UInt64.to_uint start <= j + /\ j < UInt64.to_uint end' -> le_log'0 (Seq.get (deep_model'0 v) j) m) + -> (forall j : int . UInt64.to_uint start <= j /\ j < UInt64.to_uint end' -> le_log'0 (Seq.get (deep_model'1 v.final) j) m)} (! return' {result}) ] @@ -907,15 +911,15 @@ module M_heapsort_generic__heap_sort [#"heapsort_generic.rs" 94 0 96 29] predicate sorted_range'0 [#"heapsort_generic.rs" 78 0 78 63] (s : Seq.seq t_DeepModelTy'0) (l : int) (u : int) = [%#sheapsort_generic37] forall i : int, j : int . l <= i /\ i < j /\ j < u -> le_log'0 (Seq.get s i) (Seq.get s j) - use prelude.prelude.Slice + use Slice64.create - use prelude.prelude.Slice + use prelude.prelude.Slice64 function view'6 (self : slice t_T'0) : Seq.seq t_T'0 axiom view'6_spec : forall self : slice t_T'0 . ([%#sslice68] Seq.length (view'6 self) - <= UIntSize.to_int (v_MAX'1 : usize)) - && ([%#sslice69] view'6 self = Slice.id self) + <= UInt64.to_uint (v_MAX'1 : UInt64.t)) + && ([%#sslice69] view'6 self = Slice64.id self) predicate invariant'2 (self : slice t_T'0) = [%#sslice73] inv'5 (view'6 self) @@ -944,11 +948,11 @@ module M_heapsort_generic__heap_sort [#"heapsort_generic.rs" 94 0 96 29] use seq.Permut - let rec swap'0 (self:borrowed (slice t_T'0)) (a:usize) (b:usize) (return' (ret:()))= {[@expl:swap 'self' type invariant] inv'3 self} - {[@expl:swap requires #0] [%#sslice40] UIntSize.to_int a < Seq.length (view'5 self)} - {[@expl:swap requires #1] [%#sslice41] UIntSize.to_int b < Seq.length (view'5 self)} + let rec swap'0 (self:borrowed (slice t_T'0)) (a:UInt64.t) (b:UInt64.t) (return' (ret:()))= {[@expl:swap 'self' type invariant] inv'3 self} + {[@expl:swap requires #0] [%#sslice40] UInt64.to_uint a < Seq.length (view'5 self)} + {[@expl:swap requires #1] [%#sslice41] UInt64.to_uint b < Seq.length (view'5 self)} any - [ return' (result:())-> {[%#sslice42] Permut.exchange (view'6 self.final) (view'5 self) (UIntSize.to_int a) (UIntSize.to_int b)} + [ return' (result:())-> {[%#sslice42] Permut.exchange (view'6 self.final) (view'5 self) (UInt64.to_uint a) (UInt64.to_uint b)} (! return' {result}) ] @@ -975,7 +979,7 @@ module M_heapsort_generic__heap_sort [#"heapsort_generic.rs" 94 0 96 29] use prelude.prelude.Intrinsic - constant v_MAX'0 : usize = (18446744073709551615 : usize) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) predicate sorted'0 [#"heapsort_generic.rs" 85 0 85 41] (s : Seq.seq t_DeepModelTy'0) = [%#sheapsort_generic50] sorted_range'0 s 0 (Seq.length s) @@ -983,34 +987,34 @@ module M_heapsort_generic__heap_sort [#"heapsort_generic.rs" 94 0 96 29] meta "compute_max_steps" 1000000 let rec heap_sort'0 (v:borrowed (t_Vec'0)) (return' (ret:()))= {[@expl:heap_sort 'v' type invariant] [%#sheapsort_generic19] inv'1 v} - {[@expl:heap_sort requires] [%#sheapsort_generic20] Seq.length (view'0 v) < div (UIntSize.to_int v_MAX'0) 2} + {[@expl:heap_sort requires] [%#sheapsort_generic20] Seq.length (view'0 v) < div (UInt64.to_uint v_MAX'0) 2} (! bb0 [ bb0 = s0 [ s0 = [ &old_v <- [%#sheapsort_generic0] Snapshot.new v ] s1 | s1 = bb1 ] - | bb1 = s0 [ s0 = len'0 {v.current} (fun (_ret':usize) -> [ &_8 <- _ret' ] s1) | s1 = bb2 ] + | bb1 = s0 [ s0 = len'0 {v.current} (fun (_ret':UInt64.t) -> [ &_8 <- _ret' ] s1) | s1 = bb2 ] | bb2 = s0 - [ s0 = UIntSize.eq {[%#sheapsort_generic1] (2 : usize)} {[%#sheapsort_generic2] (0 : usize)} + [ s0 = UInt64.eq {[%#sheapsort_generic2] (2 : UInt64.t)} {[%#sheapsort_generic1] (0 : UInt64.t)} (fun (_ret':bool) -> [ &_10 <- _ret' ] s1) - | s1 = {[@expl:division by zero] [%#sheapsort_generic2] not _10} s2 + | s1 = {[@expl:division by zero] [%#sheapsort_generic1] not _10} s2 | s2 = bb3 ] | bb3 = s0 - [ s0 = UIntSize.div {_8} {[%#sheapsort_generic1] (2 : usize)} (fun (_ret':usize) -> [ &start <- _ret' ] s1) + [ s0 = UInt64.div {_8} {[%#sheapsort_generic2] (2 : UInt64.t)} (fun (_ret':UInt64.t) -> [ &start <- _ret' ] s1) | s1 = [ &old_4_0 <- Snapshot.new v ] s2 | s2 = bb4 ] | bb4 = bb4 [ bb4 = {[@expl:mut invariant] (Snapshot.inner old_4_0).final = v.final} {[@expl:loop invariant #0] [%#sheapsort_generic5] permutation_of'0 (view'0 v) (view'1 old_v)} - {[@expl:loop invariant #1] [%#sheapsort_generic4] heap_frag'0 (deep_model'0 v) (UIntSize.to_int start) (Seq.length (view'0 v))} - {[@expl:loop invariant #2] [%#sheapsort_generic3] UIntSize.to_int start <= div (Seq.length (view'0 v)) 2} + {[@expl:loop invariant #1] [%#sheapsort_generic4] heap_frag'0 (deep_model'0 v) (UInt64.to_uint start) (Seq.length (view'0 v))} + {[@expl:loop invariant #2] [%#sheapsort_generic3] UInt64.to_uint start <= div (Seq.length (view'0 v)) 2} (! s0) [ s0 = bb5 ] [ bb5 = s0 - [ s0 = UIntSize.gt {start} {[%#sheapsort_generic6] (0 : usize)} (fun (_ret':bool) -> [ &_16 <- _ret' ] s1) + [ s0 = UInt64.gt {start} {[%#sheapsort_generic6] (0 : UInt64.t)} (fun (_ret':bool) -> [ &_16 <- _ret' ] s1) | s1 = any [ br0 -> {_16 = false} (! bb9) | br1 -> {_16} (! bb6) ] ] | bb6 = s0 - [ s0 = UIntSize.sub {start} {[%#sheapsort_generic7] (1 : usize)} - (fun (_ret':usize) -> [ &start <- _ret' ] s1) + [ s0 = UInt64.sub {start} {[%#sheapsort_generic7] (1 : UInt64.t)} + (fun (_ret':UInt64.t) -> [ &start <- _ret' ] s1) | s1 = {inv'0 v.current} Borrow.borrow_mut {v.current} (fun (_ret':borrowed (t_Vec'0)) -> @@ -1018,32 +1022,33 @@ module M_heapsort_generic__heap_sort [#"heapsort_generic.rs" 94 0 96 29] -{inv'0 _ret'.final}- [ &v <- { v with current = _ret'.final } ] s2) - | s2 = len'0 {_19.current} (fun (_ret':usize) -> [ &_21 <- _ret' ] s3) + | s2 = len'0 {_19.current} (fun (_ret':UInt64.t) -> [ &_21 <- _ret' ] s3) | s3 = bb7 ] | bb7 = s0 [ s0 = sift_down'0 {_19} {start} {_21} (fun (_ret':()) -> [ &_18 <- _ret' ] s1) | s1 = bb8 ] | bb8 = bb4 ] ] - | bb9 = s0 [ s0 = len'0 {v.current} (fun (_ret':usize) -> [ &end' <- _ret' ] s1) | s1 = bb10 ] + | bb9 = s0 [ s0 = len'0 {v.current} (fun (_ret':UInt64.t) -> [ &end' <- _ret' ] s1) | s1 = bb10 ] | bb10 = s0 [ s0 = [ &old_11_0 <- Snapshot.new v ] s1 | s1 = bb11 ] | bb11 = bb11 [ bb11 = {[@expl:mut invariant] (Snapshot.inner old_11_0).final = v.final} {[@expl:loop invariant #0] [%#sheapsort_generic13] inv'1 v} - {[@expl:loop invariant #1] [%#sheapsort_generic12] UIntSize.to_int end' <= Seq.length (view'0 v)} + {[@expl:loop invariant #1] [%#sheapsort_generic12] UInt64.to_uint end' <= Seq.length (view'0 v)} {[@expl:loop invariant #2] [%#sheapsort_generic11] permutation_of'0 (view'0 v) (view'1 old_v)} - {[@expl:loop invariant #3] [%#sheapsort_generic10] heap_frag'0 (deep_model'0 v) 0 (UIntSize.to_int end')} - {[@expl:loop invariant #4] [%#sheapsort_generic9] sorted_range'0 (deep_model'0 v) (UIntSize.to_int end') (Seq.length (view'0 v))} + {[@expl:loop invariant #3] [%#sheapsort_generic10] heap_frag'0 (deep_model'0 v) 0 (UInt64.to_uint end')} + {[@expl:loop invariant #4] [%#sheapsort_generic9] sorted_range'0 (deep_model'0 v) (UInt64.to_uint end') (Seq.length (view'0 v))} {[@expl:loop invariant #5] [%#sheapsort_generic8] forall i : int, j : int . 0 <= i - /\ i < UIntSize.to_int end' /\ UIntSize.to_int end' <= j /\ j < Seq.length (view'0 v) + /\ i < UInt64.to_uint end' /\ UInt64.to_uint end' <= j /\ j < Seq.length (view'0 v) -> le_log'0 (Seq.get (deep_model'0 v) i) (Seq.get (deep_model'0 v) j)} (! s0) [ s0 = bb12 ] [ bb12 = s0 - [ s0 = UIntSize.gt {end'} {[%#sheapsort_generic14] (1 : usize)} (fun (_ret':bool) -> [ &_34 <- _ret' ] s1) + [ s0 = UInt64.gt {end'} {[%#sheapsort_generic14] (1 : UInt64.t)} (fun (_ret':bool) -> [ &_34 <- _ret' ] s1) | s1 = any [ br0 -> {_34 = false} (! bb17) | br1 -> {_34} (! bb13) ] ] | bb13 = s0 - [ s0 = UIntSize.sub {end'} {[%#sheapsort_generic15] (1 : usize)} (fun (_ret':usize) -> [ &end' <- _ret' ] s1) + [ s0 = UInt64.sub {end'} {[%#sheapsort_generic15] (1 : UInt64.t)} + (fun (_ret':UInt64.t) -> [ &end' <- _ret' ] s1) | s1 = {inv'0 v.current} Borrow.borrow_mut {v.current} (fun (_ret':borrowed (t_Vec'0)) -> @@ -1062,15 +1067,15 @@ module M_heapsort_generic__heap_sort [#"heapsort_generic.rs" 94 0 96 29] -{inv'2 _ret'.final}- [ &_38 <- { _38 with current = _ret'.final } ] s1) - | s1 = swap'0 {_37} {[%#sheapsort_generic16] (0 : usize)} {end'} (fun (_ret':()) -> [ &_36 <- _ret' ] s2) + | s1 = swap'0 {_37} {[%#sheapsort_generic16] (0 : UInt64.t)} {end'} (fun (_ret':()) -> [ &_36 <- _ret' ] s2) | s2 = bb15 ] | bb15 = s0 [ s0 = {[@expl:type invariant] inv'3 _38} s1 | s1 = -{resolve'0 _38}- s2 - | s2 = {[@expl:assertion] [%#sheapsort_generic17] let _ = heap_frag_max'0 (deep_model'0 v) 0 (UIntSize.to_int end') in forall i : int, j : int . 0 + | s2 = {[@expl:assertion] [%#sheapsort_generic17] let _ = heap_frag_max'0 (deep_model'0 v) 0 (UInt64.to_uint end') in forall i : int, j : int . 0 <= i - /\ i < UIntSize.to_int end' /\ UIntSize.to_int end' <= j /\ j < Seq.length (view'0 v) + /\ i < UInt64.to_uint end' /\ UInt64.to_uint end' <= j /\ j < Seq.length (view'0 v) -> le_log'0 (Seq.get (deep_model'0 v) i) (Seq.get (deep_model'0 v) j)} s3 | s3 = {inv'0 v.current} @@ -1080,7 +1085,7 @@ module M_heapsort_generic__heap_sort [#"heapsort_generic.rs" 94 0 96 29] -{inv'0 _ret'.final}- [ &v <- { v with current = _ret'.final } ] s4) - | s4 = sift_down'0 {_44} {[%#sheapsort_generic18] (0 : usize)} {end'} + | s4 = sift_down'0 {_44} {[%#sheapsort_generic18] (0 : UInt64.t)} {end'} (fun (_ret':()) -> [ &_43 <- _ret' ] s5) | s5 = bb16 ] @@ -1092,14 +1097,14 @@ module M_heapsort_generic__heap_sort [#"heapsort_generic.rs" 94 0 96 29] [ & _0 : () = any_l () | & v : borrowed (t_Vec'0) = v | & old_v : Snapshot.snap_ty (borrowed (t_Vec'0)) = any_l () - | & start : usize = any_l () - | & _8 : usize = any_l () + | & start : UInt64.t = any_l () + | & _8 : UInt64.t = any_l () | & _10 : bool = any_l () | & _16 : bool = any_l () | & _18 : () = any_l () | & _19 : borrowed (t_Vec'0) = any_l () - | & _21 : usize = any_l () - | & end' : usize = any_l () + | & _21 : UInt64.t = any_l () + | & end' : UInt64.t = any_l () | & _34 : bool = any_l () | & _36 : () = any_l () | & _37 : borrowed (slice t_T'0) = any_l () diff --git a/creusot/tests/should_succeed/hillel.coma b/creusot/tests/should_succeed/hillel.coma index 8fe971e76f..7efc380260 100644 --- a/creusot/tests/should_succeed/hillel.coma +++ b/creusot/tests/should_succeed/hillel.coma @@ -41,16 +41,16 @@ module M_hillel__right_pad [#"hillel.rs" 17 0 17 59] type t_Unique'0 = { t_Unique__pointer'0: t_NonNull'0; t_Unique__qy95zmarker'0: () } - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 type t_Cap'0 = - { t_Cap__0'0: usize } + { t_Cap__0'0: UInt64.t } type t_RawVec'0 = { t_RawVec__ptr'0: t_Unique'0; t_RawVec__cap'0: t_Cap'0; t_RawVec__alloc'0: () } type t_Vec'0 = - { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: usize } + { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: UInt64.t } use prelude.prelude.Snapshot @@ -62,13 +62,13 @@ module M_hillel__right_pad [#"hillel.rs" 17 0 17 59] use seq.Seq - constant v_MAX'0 : usize = (18446744073709551615 : usize) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 function view'2 (self : t_Vec'0) : Seq.seq t_T'0 - axiom view'2_spec : forall self : t_Vec'0 . [%#svec19] Seq.length (view'2 self) <= UIntSize.to_int (v_MAX'0 : usize) + axiom view'2_spec : forall self : t_Vec'0 . [%#svec19] Seq.length (view'2 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) function view'1 (self : borrowed (t_Vec'0)) : Seq.seq t_T'0 = [%#smodel15] view'2 self.current @@ -119,9 +119,9 @@ module M_hillel__right_pad [#"hillel.rs" 17 0 17 59] function view'4 (self : t_Vec'0) : Seq.seq t_T'0 = [%#smodel20] view'2 self - let rec len'0 (self:t_Vec'0) (return' (ret:usize))= {[@expl:len 'self' type invariant] inv'3 self} + let rec len'0 (self:t_Vec'0) (return' (ret:UInt64.t))= {[@expl:len 'self' type invariant] inv'3 self} any - [ return' (result:usize)-> {[%#svec17] UIntSize.to_int result = Seq.length (view'4 self)} (! return' {result}) ] + [ return' (result:UInt64.t)-> {[%#svec17] UInt64.to_uint result = Seq.length (view'4 self)} (! return' {result}) ] predicate invariant'1 (self : borrowed (t_Vec'0)) = @@ -147,7 +147,7 @@ module M_hillel__right_pad [#"hillel.rs" 17 0 17 59] meta "compute_max_steps" 1000000 - let rec right_pad'0 (str:borrowed (t_Vec'0)) (len:usize) (pad:t_T'0) (return' (ret:()))= {[@expl:right_pad 'str' type invariant] [%#shillel6] inv'1 str} + let rec right_pad'0 (str:borrowed (t_Vec'0)) (len:UInt64.t) (pad:t_T'0) (return' (ret:()))= {[@expl:right_pad 'str' type invariant] [%#shillel6] inv'1 str} {[@expl:right_pad 'pad' type invariant] [%#shillel7] inv'2 pad} (! bb0 [ bb0 = s0 [ s0 = [ &old_str <- [%#shillel0] Snapshot.new str ] s1 | s1 = bb1 ] @@ -155,18 +155,18 @@ module M_hillel__right_pad [#"hillel.rs" 17 0 17 59] | bb2 = bb2 [ bb2 = {[@expl:mut invariant] (Snapshot.inner old_2_0).final = str.final} {[@expl:loop invariant #0] [%#shillel5] Seq.length (view'0 old_str) <= Seq.length (view'1 str)} - {[@expl:loop invariant #1] [%#shillel4] Seq.length (view'0 old_str) < UIntSize.to_int len - -> Seq.length (view'1 str) <= UIntSize.to_int len} - {[@expl:loop invariant #2] [%#shillel3] Seq.length (view'1 str) > UIntSize.to_int len + {[@expl:loop invariant #1] [%#shillel4] Seq.length (view'0 old_str) < UInt64.to_uint len + -> Seq.length (view'1 str) <= UInt64.to_uint len} + {[@expl:loop invariant #2] [%#shillel3] Seq.length (view'1 str) > UInt64.to_uint len -> Seq.length (view'1 str) = Seq.length (view'0 old_str)} {[@expl:loop invariant #3] [%#shillel2] forall i : int . 0 <= i /\ i < Seq.length (view'0 old_str) -> index_logic'0 str.current i = index_logic'0 (Snapshot.inner old_str).current i} {[@expl:loop invariant #4] [%#shillel1] forall i : int . Seq.length (view'0 old_str) <= i /\ i < Seq.length (view'1 str) -> index_logic'0 str.current i = pad} (! s0) [ s0 = bb3 ] - [ bb3 = s0 [ s0 = len'0 {str.current} (fun (_ret':usize) -> [ &_19 <- _ret' ] s1) | s1 = bb4 ] + [ bb3 = s0 [ s0 = len'0 {str.current} (fun (_ret':UInt64.t) -> [ &_19 <- _ret' ] s1) | s1 = bb4 ] | bb4 = s0 - [ s0 = UIntSize.lt {_19} {len} (fun (_ret':bool) -> [ &_18 <- _ret' ] s1) + [ s0 = UInt64.lt {_19} {len} (fun (_ret':bool) -> [ &_18 <- _ret' ] s1) | s1 = any [ br0 -> {_18 = false} (! bb7) | br1 -> {_18} (! bb5) ] ] | bb5 = s0 @@ -187,28 +187,28 @@ module M_hillel__right_pad [#"hillel.rs" 17 0 17 59] ) [ & _0 : () = any_l () | & str : borrowed (t_Vec'0) = str - | & len : usize = len + | & len : UInt64.t = len | & pad : t_T'0 = pad | & old_str : Snapshot.snap_ty (borrowed (t_Vec'0)) = any_l () | & _18 : bool = any_l () - | & _19 : usize = any_l () + | & _19 : UInt64.t = any_l () | & _22 : () = any_l () | & _23 : borrowed (t_Vec'0) = any_l () | & old_2_0 : Snapshot.snap_ty (borrowed (t_Vec'0)) = any_l () ] [ return' (result:())-> {[@expl:right_pad ensures #0] [%#shillel8] Seq.length (view'2 str.final) - >= UIntSize.to_int len + >= UInt64.to_uint len /\ Seq.length (view'2 str.final) >= Seq.length (view'1 str)} - {[@expl:right_pad ensures #1] [%#shillel9] Seq.length (view'2 str.final) = UIntSize.to_int len + {[@expl:right_pad ensures #1] [%#shillel9] Seq.length (view'2 str.final) = UInt64.to_uint len \/ Seq.length (view'2 str.final) = Seq.length (view'1 str)} - {[@expl:right_pad ensures #2] [%#shillel10] UIntSize.to_int len <= Seq.length (view'1 str) + {[@expl:right_pad ensures #2] [%#shillel10] UInt64.to_uint len <= Seq.length (view'1 str) -> Seq.length (view'2 str.final) = Seq.length (view'1 str)} - {[@expl:right_pad ensures #3] [%#shillel11] UIntSize.to_int len > Seq.length (view'1 str) - -> Seq.length (view'2 str.final) = UIntSize.to_int len} + {[@expl:right_pad ensures #3] [%#shillel11] UInt64.to_uint len > Seq.length (view'1 str) + -> Seq.length (view'2 str.final) = UInt64.to_uint len} {[@expl:right_pad ensures #4] [%#shillel12] forall i : int . 0 <= i /\ i < Seq.length (view'1 str) -> index_logic'0 str.final i = index_logic'0 str.current i} {[@expl:right_pad ensures #5] [%#shillel13] forall i : int . Seq.length (view'1 str) <= i - /\ i < UIntSize.to_int len -> index_logic'0 str.final i = pad} + /\ i < UInt64.to_uint len -> index_logic'0 str.final i = pad} (! return' {result}) ] end @@ -264,30 +264,30 @@ module M_hillel__left_pad [#"hillel.rs" 34 0 34 58] type t_Unique'0 = { t_Unique__pointer'0: t_NonNull'0; t_Unique__qy95zmarker'0: () } - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 type t_Cap'0 = - { t_Cap__0'0: usize } + { t_Cap__0'0: UInt64.t } type t_RawVec'0 = { t_RawVec__ptr'0: t_Unique'0; t_RawVec__cap'0: t_Cap'0; t_RawVec__alloc'0: () } type t_Vec'0 = - { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: usize } + { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: UInt64.t } type t_T'0 use seq.Seq - constant v_MAX'0 : usize = (18446744073709551615 : usize) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 use seq.Seq function view'2 (self : t_Vec'0) : Seq.seq t_T'0 - axiom view'2_spec : forall self : t_Vec'0 . [%#svec24] Seq.length (view'2 self) <= UIntSize.to_int (v_MAX'0 : usize) + axiom view'2_spec : forall self : t_Vec'0 . [%#svec24] Seq.length (view'2 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) use seq.Seq @@ -342,9 +342,9 @@ module M_hillel__left_pad [#"hillel.rs" 34 0 34 58] function view'4 (self : t_Vec'0) : Seq.seq t_T'0 = [%#smodel25] view'2 self - let rec len'0 (self:t_Vec'0) (return' (ret:usize))= {[@expl:len 'self' type invariant] inv'3 self} + let rec len'0 (self:t_Vec'0) (return' (ret:UInt64.t))= {[@expl:len 'self' type invariant] inv'3 self} any - [ return' (result:usize)-> {[%#svec19] UIntSize.to_int result = Seq.length (view'4 self)} (! return' {result}) ] + [ return' (result:UInt64.t)-> {[%#svec19] UInt64.to_uint result = Seq.length (view'4 self)} (! return' {result}) ] predicate invariant'1 (self : borrowed (t_Vec'0)) = @@ -354,14 +354,14 @@ module M_hillel__left_pad [#"hillel.rs" 34 0 34 58] axiom inv_axiom'1 [@rewrite] : forall x : borrowed (t_Vec'0) [inv'1 x] . inv'1 x = invariant'1 x - let rec insert'0 (self:borrowed (t_Vec'0)) (index:usize) (element:t_T'0) (return' (ret:()))= {[@expl:insert 'self' type invariant] inv'1 self} + let rec insert'0 (self:borrowed (t_Vec'0)) (index:UInt64.t) (element:t_T'0) (return' (ret:()))= {[@expl:insert 'self' type invariant] inv'1 self} {[@expl:insert 'element' type invariant] inv'2 element} any [ return' (result:())-> {[%#svec20] Seq.length (view'2 self.final) = Seq.length (view'0 self) + 1} - {[%#svec21] forall i : int . 0 <= i /\ i < UIntSize.to_int index + {[%#svec21] forall i : int . 0 <= i /\ i < UInt64.to_uint index -> index_logic'0 self.final i = index_logic'0 self.current i} - {[%#svec22] index_logic'0 self.final (UIntSize.to_int index) = element} - {[%#svec23] forall i : int . UIntSize.to_int index < i /\ i < Seq.length (view'2 self.final) + {[%#svec22] index_logic'0 self.final (UInt64.to_uint index) = element} + {[%#svec23] forall i : int . UInt64.to_uint index < i /\ i < Seq.length (view'2 self.final) -> index_logic'0 self.final i = index_logic'0 self.current (i - 1)} (! return' {result}) ] @@ -378,7 +378,7 @@ module M_hillel__left_pad [#"hillel.rs" 34 0 34 58] meta "compute_max_steps" 1000000 - let rec left_pad'0 (str:borrowed (t_Vec'0)) (len:usize) (pad:t_T'0) (return' (ret:()))= {[@expl:left_pad 'str' type invariant] [%#shillel10] inv'1 str} + let rec left_pad'0 (str:borrowed (t_Vec'0)) (len:UInt64.t) (pad:t_T'0) (return' (ret:()))= {[@expl:left_pad 'str' type invariant] [%#shillel10] inv'1 str} {[@expl:left_pad 'pad' type invariant] [%#shillel11] inv'2 pad} (! bb0 [ bb0 = s0 [ s0 = [ &old_str <- [%#shillel0] Snapshot.new str ] s1 | s1 = bb1 ] @@ -387,9 +387,9 @@ module M_hillel__left_pad [#"hillel.rs" 34 0 34 58] | bb3 = bb3 [ bb3 = {[@expl:mut invariant] (Snapshot.inner old_3_0).final = str.final} {[@expl:loop invariant #0] [%#shillel7] Seq.length (view'1 old_str) <= Seq.length (view'0 str)} - {[@expl:loop invariant #1] [%#shillel6] Seq.length (view'1 old_str) < UIntSize.to_int len - -> Seq.length (view'0 str) <= UIntSize.to_int len} - {[@expl:loop invariant #2] [%#shillel5] Seq.length (view'0 str) > UIntSize.to_int len + {[@expl:loop invariant #1] [%#shillel6] Seq.length (view'1 old_str) < UInt64.to_uint len + -> Seq.length (view'0 str) <= UInt64.to_uint len} + {[@expl:loop invariant #2] [%#shillel5] Seq.length (view'0 str) > UInt64.to_uint len -> Seq.length (view'0 str) = Seq.length (view'1 old_str)} {[@expl:loop invariant #3] [%#shillel4] Snapshot.inner c = Seq.length (view'0 str) - Seq.length (view'1 old_str)} @@ -398,9 +398,9 @@ module M_hillel__left_pad [#"hillel.rs" 34 0 34 58] {[@expl:loop invariant #5] [%#shillel2] forall i : int . 0 <= i /\ i < Snapshot.inner c -> index_logic'0 str.current i = pad} (! s0) [ s0 = bb4 ] - [ bb4 = s0 [ s0 = len'0 {str.current} (fun (_ret':usize) -> [ &_20 <- _ret' ] s1) | s1 = bb5 ] + [ bb4 = s0 [ s0 = len'0 {str.current} (fun (_ret':UInt64.t) -> [ &_20 <- _ret' ] s1) | s1 = bb5 ] | bb5 = s0 - [ s0 = UIntSize.lt {_20} {len} (fun (_ret':bool) -> [ &_19 <- _ret' ] s1) + [ s0 = UInt64.lt {_20} {len} (fun (_ret':bool) -> [ &_19 <- _ret' ] s1) | s1 = any [ br0 -> {_19 = false} (! bb9) | br1 -> {_19} (! bb6) ] ] | bb6 = s0 @@ -411,7 +411,7 @@ module M_hillel__left_pad [#"hillel.rs" 34 0 34 58] -{inv'0 _ret'.final}- [ &str <- { str with current = _ret'.final } ] s1) - | s1 = insert'0 {_24} {[%#shillel8] (0 : usize)} {pad} (fun (_ret':()) -> [ &_23 <- _ret' ] s2) + | s1 = insert'0 {_24} {[%#shillel8] (0 : UInt64.t)} {pad} (fun (_ret':()) -> [ &_23 <- _ret' ] s2) | s2 = bb7 ] | bb7 = s0 [ s0 = [ &_26 <- [%#shillel9] Snapshot.new (1 + Snapshot.inner c) ] s1 | s1 = bb8 ] @@ -422,21 +422,21 @@ module M_hillel__left_pad [#"hillel.rs" 34 0 34 58] ) [ & _0 : () = any_l () | & str : borrowed (t_Vec'0) = str - | & len : usize = len + | & len : UInt64.t = len | & pad : t_T'0 = pad | & old_str : Snapshot.snap_ty (borrowed (t_Vec'0)) = any_l () | & c : Snapshot.snap_ty int = any_l () | & _19 : bool = any_l () - | & _20 : usize = any_l () + | & _20 : UInt64.t = any_l () | & _23 : () = any_l () | & _24 : borrowed (t_Vec'0) = any_l () | & _26 : Snapshot.snap_ty int = any_l () | & old_3_0 : Snapshot.snap_ty (borrowed (t_Vec'0)) = any_l () ] [ return' (result:())-> {[@expl:left_pad ensures #0] [%#shillel12] Seq.length (view'2 str.final) - >= UIntSize.to_int len + >= UInt64.to_uint len /\ Seq.length (view'2 str.final) >= Seq.length (view'0 str)} - {[@expl:left_pad ensures #1] [%#shillel13] Seq.length (view'2 str.final) = UIntSize.to_int len + {[@expl:left_pad ensures #1] [%#shillel13] Seq.length (view'2 str.final) = UInt64.to_uint len \/ Seq.length (view'2 str.final) = Seq.length (view'0 str)} {[@expl:left_pad ensures #2] [%#shillel14] forall i : int . 0 <= i /\ i < Seq.length (view'2 str.final) - Seq.length (view'0 str) -> index_logic'0 str.final i = pad} @@ -503,11 +503,11 @@ module M_hillel__insert_unique [#"hillel.rs" 80 0 80 62] let%span smodel21 = "../../../creusot-contracts/src/model.rs" 97 8 97 28 let%span shillel22 = "hillel.rs" 67 8 67 72 let%span svec23 = "../../../creusot-contracts/src/std/vec.rs" 169 26 169 42 - let%span sslice24 = "../../../creusot-contracts/src/std/slice.rs" 245 0 354 1 + let%span sslice24 = "../../../creusot-contracts/src/std/slice.rs" 263 0 372 1 let%span siter25 = "../../../creusot-contracts/src/std/iter.rs" 101 0 213 1 let%span sops26 = "../../../creusot-contracts/src/logic/ops.rs" 86 8 86 33 let%span smodel27 = "../../../creusot-contracts/src/model.rs" 79 8 79 28 - let%span sslice28 = "../../../creusot-contracts/src/std/slice.rs" 405 12 405 66 + let%span sslice28 = "../../../creusot-contracts/src/std/slice.rs" 423 12 423 66 let%span siter29 = "../../../creusot-contracts/src/std/iter.rs" 107 26 110 17 let%span sops30 = "../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 let%span scmp31 = "../../../creusot-contracts/src/std/cmp.rs" 11 26 11 75 @@ -519,15 +519,15 @@ module M_hillel__insert_unique [#"hillel.rs" 80 0 80 62] let%span smodel37 = "../../../creusot-contracts/src/model.rs" 88 8 88 22 let%span siter38 = "../../../creusot-contracts/src/std/iter.rs" 86 20 86 24 let%span siter39 = "../../../creusot-contracts/src/std/iter.rs" 92 8 92 19 - let%span sslice40 = "../../../creusot-contracts/src/std/slice.rs" 411 14 411 45 - let%span sslice41 = "../../../creusot-contracts/src/std/slice.rs" 409 4 409 10 - let%span sslice42 = "../../../creusot-contracts/src/std/slice.rs" 416 15 416 32 - let%span sslice43 = "../../../creusot-contracts/src/std/slice.rs" 417 15 417 32 - let%span sslice44 = "../../../creusot-contracts/src/std/slice.rs" 418 14 418 42 - let%span sslice45 = "../../../creusot-contracts/src/std/slice.rs" 414 4 414 10 - let%span sslice46 = "../../../creusot-contracts/src/std/slice.rs" 96 14 96 41 - let%span sslice47 = "../../../creusot-contracts/src/std/slice.rs" 97 14 97 80 - let%span sslice48 = "../../../creusot-contracts/src/std/slice.rs" 398 20 398 61 + let%span sslice40 = "../../../creusot-contracts/src/std/slice.rs" 429 14 429 45 + let%span sslice41 = "../../../creusot-contracts/src/std/slice.rs" 427 4 427 10 + let%span sslice42 = "../../../creusot-contracts/src/std/slice.rs" 434 15 434 32 + let%span sslice43 = "../../../creusot-contracts/src/std/slice.rs" 435 15 435 32 + let%span sslice44 = "../../../creusot-contracts/src/std/slice.rs" 436 14 436 42 + let%span sslice45 = "../../../creusot-contracts/src/std/slice.rs" 432 4 432 10 + let%span sslice46 = "../../../creusot-contracts/src/std/slice.rs" 114 14 114 41 + let%span sslice47 = "../../../creusot-contracts/src/std/slice.rs" 115 14 115 80 + let%span sslice48 = "../../../creusot-contracts/src/std/slice.rs" 416 20 416 61 let%span sresolve49 = "../../../creusot-contracts/src/resolve.rs" 54 20 54 34 let%span svec50 = "../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 let%span smodel51 = "../../../creusot-contracts/src/model.rs" 106 8 106 22 @@ -576,22 +576,22 @@ module M_hillel__insert_unique [#"hillel.rs" 80 0 80 62] type t_Unique'0 = { t_Unique__pointer'0: t_NonNull'0; t_Unique__qy95zmarker'0: () } - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 type t_Cap'0 = - { t_Cap__0'0: usize } + { t_Cap__0'0: UInt64.t } type t_RawVec'0 = { t_RawVec__ptr'0: t_Unique'0; t_RawVec__cap'0: t_Cap'0; t_RawVec__alloc'0: () } type t_Vec'0 = - { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: usize } + { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: UInt64.t } use seq.Seq - constant v_MAX'0 : usize = (18446744073709551615 : usize) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 type t_T'0 @@ -599,7 +599,7 @@ module M_hillel__insert_unique [#"hillel.rs" 80 0 80 62] function view'3 (self : t_Vec'0) : Seq.seq t_T'0 - axiom view'3_spec : forall self : t_Vec'0 . [%#svec50] Seq.length (view'3 self) <= UIntSize.to_int (v_MAX'0 : usize) + axiom view'3_spec : forall self : t_Vec'0 . [%#svec50] Seq.length (view'3 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) use seq.Seq @@ -652,15 +652,15 @@ module M_hillel__insert_unique [#"hillel.rs" 80 0 80 62] axiom inv_axiom'4 [@rewrite] : forall x : t_Vec'0 [inv'5 x] . inv'5 x = invariant'3 x - use prelude.prelude.Slice + use Slice64.create - use prelude.prelude.Slice + use prelude.prelude.Slice64 function view'5 (self : slice t_T'0) : Seq.seq t_T'0 axiom view'5_spec : forall self : slice t_T'0 . ([%#sslice52] Seq.length (view'5 self) - <= UIntSize.to_int (v_MAX'0 : usize)) - && ([%#sslice53] view'5 self = Slice.id self) + <= UInt64.to_uint (v_MAX'0 : UInt64.t)) + && ([%#sslice53] view'5 self = Slice64.id self) predicate invariant'9 (self : slice t_T'0) = [%#sslice60] inv'11 (view'5 self) @@ -1017,7 +1017,7 @@ module M_hillel__unique [#"hillel.rs" 102 0 102 56] let%span shillel18 = "hillel.rs" 100 10 100 58 let%span shillel19 = "hillel.rs" 101 10 101 58 let%span svec20 = "../../../creusot-contracts/src/std/vec.rs" 74 26 74 44 - let%span sslice21 = "../../../creusot-contracts/src/std/slice.rs" 245 0 354 1 + let%span sslice21 = "../../../creusot-contracts/src/std/slice.rs" 263 0 372 1 let%span siter22 = "../../../creusot-contracts/src/std/iter.rs" 101 0 213 1 let%span smodel23 = "../../../creusot-contracts/src/model.rs" 79 8 79 28 let%span svec24 = "../../../creusot-contracts/src/std/vec.rs" 29 14 29 47 @@ -1049,7 +1049,7 @@ module M_hillel__unique [#"hillel.rs" 102 0 102 56] let%span srange50 = "../../../creusot-contracts/src/std/iter/range.rs" 42 15 42 32 let%span srange51 = "../../../creusot-contracts/src/std/iter/range.rs" 43 15 43 32 let%span srange52 = "../../../creusot-contracts/src/std/iter/range.rs" 44 14 44 42 - let%span snum53 = "../../../creusot-contracts/src/std/num.rs" 21 28 21 33 + let%span snum53 = "../../../creusot-contracts/src/std/num.rs" 52 28 52 33 let%span srange54 = "../../../creusot-contracts/src/std/iter/range.rs" 15 12 15 78 let%span sresolve55 = "../../../creusot-contracts/src/resolve.rs" 54 20 54 34 let%span smodel56 = "../../../creusot-contracts/src/model.rs" 97 8 97 28 @@ -1071,24 +1071,24 @@ module M_hillel__unique [#"hillel.rs" 102 0 102 56] type t_Unique'0 = { t_Unique__pointer'0: t_NonNull'0; t_Unique__qy95zmarker'0: () } - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 type t_Cap'0 = - { t_Cap__0'0: usize } + { t_Cap__0'0: UInt64.t } type t_RawVec'0 = { t_RawVec__ptr'0: t_Unique'0; t_RawVec__cap'0: t_Cap'0; t_RawVec__alloc'0: () } type t_Vec'0 = - { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: usize } + { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: UInt64.t } use seq.Seq - constant v_MAX'0 : usize = (18446744073709551615 : usize) - - use prelude.prelude.UIntSize + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.Int + use prelude.prelude.UInt64 type t_T'0 @@ -1096,7 +1096,7 @@ module M_hillel__unique [#"hillel.rs" 102 0 102 56] function view'1 (self : t_Vec'0) : Seq.seq t_T'0 - axiom view'1_spec : forall self : t_Vec'0 . [%#svec38] Seq.length (view'1 self) <= UIntSize.to_int (v_MAX'0 : usize) + axiom view'1_spec : forall self : t_Vec'0 . [%#svec38] Seq.length (view'1 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) use seq.Seq @@ -1133,15 +1133,15 @@ module M_hillel__unique [#"hillel.rs" 102 0 102 56] use prelude.prelude.Borrow - use prelude.prelude.Slice + use Slice64.create - use prelude.prelude.Slice + use prelude.prelude.Slice64 function view'2 (self : slice t_T'0) : Seq.seq t_T'0 axiom view'2_spec : forall self : slice t_T'0 . ([%#sslice57] Seq.length (view'2 self) - <= UIntSize.to_int (v_MAX'0 : usize)) - && ([%#sslice58] view'2 self = Slice.id self) + <= UInt64.to_uint (v_MAX'0 : UInt64.t)) + && ([%#sslice58] view'2 self = Slice64.id self) predicate invariant'4 (self : slice t_T'0) = [%#sslice64] inv'8 (view'2 self) @@ -1160,13 +1160,13 @@ module M_hillel__unique [#"hillel.rs" 102 0 102 56] function view'0 (self : slice t_T'0) : Seq.seq t_T'0 = [%#smodel37] view'2 self - let rec len'0 (self:slice t_T'0) (return' (ret:usize))= {[@expl:len 'self' type invariant] inv'4 self} + let rec len'0 (self:slice t_T'0) (return' (ret:UInt64.t))= {[@expl:len 'self' type invariant] inv'4 self} any - [ return' (result:usize)-> {[%#sslice21] Seq.length (view'0 self) = UIntSize.to_int result} (! return' {result}) ] + [ return' (result:UInt64.t)-> {[%#sslice21] Seq.length (view'0 self) = UInt64.to_uint result} (! return' {result}) ] type t_Range'0 = - { t_Range__start'0: usize; t_Range__end'0: usize } + { t_Range__start'0: UInt64.t; t_Range__end'0: UInt64.t } predicate inv'1 (_1 : t_Range'0) @@ -1247,12 +1247,12 @@ module M_hillel__unique [#"hillel.rs" 102 0 102 56] use seq.Seq - function deep_model'4 (self : usize) : int = - [%#snum53] UIntSize.to_int self + function deep_model'4 (self : UInt64.t) : int = + [%#snum53] UInt64.to_uint self use seq.Seq - predicate produces'0 (self : t_Range'0) (visited : Seq.seq usize) (o : t_Range'0) = + predicate produces'0 (self : t_Range'0) (visited : Seq.seq UInt64.t) (o : t_Range'0) = [%#srange28] self.t_Range__end'0 = o.t_Range__end'0 /\ deep_model'4 self.t_Range__start'0 <= deep_model'4 o.t_Range__start'0 /\ (Seq.length visited > 0 -> deep_model'4 o.t_Range__start'0 <= deep_model'4 o.t_Range__end'0) @@ -1260,10 +1260,10 @@ module M_hillel__unique [#"hillel.rs" 102 0 102 56] /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> deep_model'4 (Seq.get visited i) = deep_model'4 self.t_Range__start'0 + i) - function produces_trans'0 (a : t_Range'0) (ab : Seq.seq usize) (b : t_Range'0) (bc : Seq.seq usize) (c : t_Range'0) : () + function produces_trans'0 (a : t_Range'0) (ab : Seq.seq UInt64.t) (b : t_Range'0) (bc : Seq.seq UInt64.t) (c : t_Range'0) : () - axiom produces_trans'0_spec : forall a : t_Range'0, ab : Seq.seq usize, b : t_Range'0, bc : Seq.seq usize, c : t_Range'0 . ([%#srange47] inv'1 a) + axiom produces_trans'0_spec : forall a : t_Range'0, ab : Seq.seq UInt64.t, b : t_Range'0, bc : Seq.seq UInt64.t, c : t_Range'0 . ([%#srange47] inv'1 a) -> ([%#srange48] inv'1 b) -> ([%#srange49] inv'1 c) -> ([%#srange50] produces'0 a ab b) @@ -1272,11 +1272,11 @@ module M_hillel__unique [#"hillel.rs" 102 0 102 56] function produces_refl'0 (self : t_Range'0) : () axiom produces_refl'0_spec : forall self : t_Range'0 . ([%#srange45] inv'1 self) - -> ([%#srange46] produces'0 self (Seq.empty : Seq.seq usize) self) + -> ([%#srange46] produces'0 self (Seq.empty : Seq.seq UInt64.t) self) - predicate inv'2 (_1 : Seq.seq usize) + predicate inv'2 (_1 : Seq.seq UInt64.t) - axiom inv_axiom'2 [@rewrite] : forall x : Seq.seq usize [inv'2 x] . inv'2 x = true + axiom inv_axiom'2 [@rewrite] : forall x : Seq.seq UInt64.t [inv'2 x] . inv'2 x = true predicate inv'5 (_1 : borrowed (t_Range'0)) @@ -1284,7 +1284,7 @@ module M_hillel__unique [#"hillel.rs" 102 0 102 56] type t_Option'0 = | C_None'0 - | C_Some'0 usize + | C_Some'0 UInt64.t predicate inv'6 (_1 : t_Option'0) @@ -1312,9 +1312,9 @@ module M_hillel__unique [#"hillel.rs" 102 0 102 56] predicate resolve'0 (_1 : borrowed (t_Range'0)) = resolve'2 _1 - let rec v_Some'0 (input:t_Option'0) (ret (field_0:usize))= any - [ good (field_0:usize)-> {C_Some'0 field_0 = input} (! ret {field_0}) - | bad -> {forall field_0 : usize [C_Some'0 field_0 : t_Option'0] . C_Some'0 field_0 <> input} (! {false} any) ] + let rec v_Some'0 (input:t_Option'0) (ret (field_0:UInt64.t))= any + [ good (field_0:UInt64.t)-> {C_Some'0 field_0 = input} (! ret {field_0}) + | bad -> {forall field_0 : UInt64.t [C_Some'0 field_0 : t_Option'0] . C_Some'0 field_0 <> input} (! {false} any) ] predicate invariant'1 (self : borrowed (t_Vec'0)) = @@ -1366,14 +1366,14 @@ module M_hillel__unique [#"hillel.rs" 102 0 102 56] (! bb0 [ bb0 = s0 [ s0 = new'0 {[%#shillel0] ()} (fun (_ret':t_Vec'0) -> [ &unique <- _ret' ] s1) | s1 = bb1 ] | bb1 = s0 [ s0 = [ &sub_str <- [%#shillel1] Snapshot.new (Seq.empty : Seq.seq t_T'0) ] s1 | s1 = bb2 ] - | bb2 = s0 [ s0 = len'0 {str} (fun (_ret':usize) -> [ &_11 <- _ret' ] s1) | s1 = bb3 ] + | bb2 = s0 [ s0 = len'0 {str} (fun (_ret':UInt64.t) -> [ &_11 <- _ret' ] s1) | s1 = bb3 ] | bb3 = s0 - [ s0 = [ &_10 <- { t_Range__start'0 = ([%#shillel2] (0 : usize)); t_Range__end'0 = _11 } ] s1 + [ s0 = [ &_10 <- { t_Range__start'0 = ([%#shillel2] (0 : UInt64.t)); t_Range__end'0 = _11 } ] s1 | s1 = into_iter'0 {_10} (fun (_ret':t_Range'0) -> [ &iter <- _ret' ] s2) | s2 = bb4 ] | bb4 = s0 [ s0 = [ &iter_old <- [%#shillel3] Snapshot.new iter ] s1 | s1 = bb5 ] - | bb5 = s0 [ s0 = [ &produced <- [%#shillel4] Snapshot.new (Seq.empty : Seq.seq usize) ] s1 | s1 = bb6 ] + | bb5 = s0 [ s0 = [ &produced <- [%#shillel4] Snapshot.new (Seq.empty : Seq.seq UInt64.t) ] s1 | s1 = bb6 ] | bb6 = bb7 | bb7 = bb8 | bb8 = bb9 @@ -1401,11 +1401,11 @@ module M_hillel__unique [#"hillel.rs" 102 0 102 56] | bb13 = s0 [ s0 = -{resolve'0 _27}- s1 - | s1 = any [ br0 -> {_25 = C_None'0 } (! bb16) | br1 (x0:usize)-> {_25 = C_Some'0 x0} (! bb15) ] ] + | s1 = any [ br0 -> {_25 = C_None'0 } (! bb16) | br1 (x0:UInt64.t)-> {_25 = C_Some'0 x0} (! bb15) ] ] | bb15 = bb17 | bb17 = s0 - [ s0 = v_Some'0 {_25} (fun (r0'0:usize) -> [ &__creusot_proc_iter_elem <- r0'0 ] s1) + [ s0 = v_Some'0 {_25} (fun (r0'0:UInt64.t) -> [ &__creusot_proc_iter_elem <- r0'0 ] s1) | s1 = [ &_30 <- [%#shillel10] Snapshot.new (Seq.(++) (Snapshot.inner produced) (Seq.singleton __creusot_proc_iter_elem)) ] @@ -1417,12 +1417,12 @@ module M_hillel__unique [#"hillel.rs" 102 0 102 56] | s1 = [ &i <- __creusot_proc_iter_elem ] s2 | s2 = [ &_34 <- i ] s3 | s3 = [ &_35 <- Slice.length str ] s4 - | s4 = UIntSize.lt {_34} {_35} (fun (_ret':bool) -> [ &_36 <- _ret' ] s5) + | s4 = UInt64.lt {_34} {_35} (fun (_ret':bool) -> [ &_36 <- _ret' ] s5) | s5 = {[@expl:index in bounds] [%#shillel11] _36} s6 | s6 = bb19 ] | bb19 = s0 - [ s0 = Slice.get {str} {_34} (fun (r'0:t_T'0) -> [ &elem <- r'0 ] s1) + [ s0 = Slice64.get {str} {_34} (fun (r'0:t_T'0) -> [ &elem <- r'0 ] s1) | s1 = {inv'0 unique} Borrow.borrow_mut {unique} (fun (_ret':borrowed (t_Vec'0)) -> @@ -1468,18 +1468,18 @@ module M_hillel__unique [#"hillel.rs" 102 0 102 56] | & sub_str : Snapshot.snap_ty (Seq.seq t_T'0) = any_l () | & iter : t_Range'0 = any_l () | & _10 : t_Range'0 = any_l () - | & _11 : usize = any_l () + | & _11 : UInt64.t = any_l () | & iter_old : Snapshot.snap_ty (t_Range'0) = any_l () - | & produced : Snapshot.snap_ty (Seq.seq usize) = any_l () + | & produced : Snapshot.snap_ty (Seq.seq UInt64.t) = any_l () | & _25 : t_Option'0 = any_l () | & _26 : borrowed (t_Range'0) = any_l () | & _27 : borrowed (t_Range'0) = any_l () - | & __creusot_proc_iter_elem : usize = any_l () - | & _30 : Snapshot.snap_ty (Seq.seq usize) = any_l () - | & i : usize = any_l () + | & __creusot_proc_iter_elem : UInt64.t = any_l () + | & _30 : Snapshot.snap_ty (Seq.seq UInt64.t) = any_l () + | & i : UInt64.t = any_l () | & elem : t_T'0 = any_l () - | & _34 : usize = any_l () - | & _35 : usize = any_l () + | & _34 : UInt64.t = any_l () + | & _35 : UInt64.t = any_l () | & _36 : bool = any_l () | & _37 : () = any_l () | & _38 : borrowed (t_Vec'0) = any_l () @@ -1511,20 +1511,20 @@ module M_hillel__sum_range [#"hillel.rs" 125 0 125 54] use prelude.prelude.UInt32 - constant seq : Seq.seq uint32 + constant seq : Seq.seq UInt32.t constant from : int constant to' : int - function sum_range'0 [#"hillel.rs" 125 0 125 54] (seq : Seq.seq uint32) (from : int) (to' : int) : int + function sum_range'0 [#"hillel.rs" 125 0 125 54] (seq : Seq.seq UInt32.t) (from : int) (to' : int) : int goal vc_sum_range'0 : ([%#shillel0] 0 <= from /\ from <= to' /\ to' <= Seq.length seq) -> (if to' - from > 0 then (([@expl:sum_range requires] [%#shillel0] 0 <= from + 1 /\ from + 1 <= to' /\ to' <= Seq.length seq) /\ 0 <= ([%#shillel2] to' - from) /\ ([%#shillel2] to' - (from + 1)) < ([%#shillel2] to' - from)) /\ (([%#shillel1] sum_range'0 seq (from + 1) to' >= 0) - -> ([%#shillel1] UInt32.to_int (Seq.get seq from) + sum_range'0 seq (from + 1) to' >= 0)) + -> ([%#shillel1] UInt32.to_uint (Seq.get seq from) + sum_range'0 seq (from + 1) to' >= 0)) else [%#shillel1] 0 >= 0 ) @@ -1551,17 +1551,17 @@ module M_hillel__sum_range_split [#"hillel.rs" 137 0 137 61] use prelude.prelude.UInt32 - function sum_range'0 [#"hillel.rs" 125 0 125 54] (seq : Seq.seq uint32) (from : int) (to' : int) : int + function sum_range'0 [#"hillel.rs" 125 0 125 54] (seq : Seq.seq UInt32.t) (from : int) (to' : int) : int - axiom sum_range'0_def : forall seq : Seq.seq uint32, from : int, to' : int . ([%#shillel4] 0 <= from + axiom sum_range'0_def : forall seq : Seq.seq UInt32.t, from : int, to' : int . ([%#shillel4] 0 <= from /\ from <= to' /\ to' <= Seq.length seq) -> sum_range'0 seq from to' - = ([%#shillel7] if to' - from > 0 then UInt32.to_int (Seq.get seq from) + sum_range'0 seq (from + 1) to' else 0) + = ([%#shillel7] if to' - from > 0 then UInt32.to_uint (Seq.get seq from) + sum_range'0 seq (from + 1) to' else 0) - axiom sum_range'0_spec : forall seq : Seq.seq uint32, from : int, to' : int . ([%#shillel4] 0 <= from + axiom sum_range'0_spec : forall seq : Seq.seq UInt32.t, from : int, to' : int . ([%#shillel4] 0 <= from /\ from <= to' /\ to' <= Seq.length seq) -> ([%#shillel5] sum_range'0 seq from to' >= 0) - constant seq : Seq.seq uint32 + constant seq : Seq.seq UInt32.t constant from : int @@ -1569,7 +1569,8 @@ module M_hillel__sum_range_split [#"hillel.rs" 137 0 137 61] constant i : int - function sum_range_split'0 [#"hillel.rs" 137 0 137 61] (seq : Seq.seq uint32) (from : int) (to' : int) (i : int) : () + function sum_range_split'0 [#"hillel.rs" 137 0 137 61] (seq : Seq.seq UInt32.t) (from : int) (to' : int) (i : int) : () + goal vc_sum_range_split'0 : ([%#shillel0] 0 <= from /\ from <= i /\ i <= to' /\ to' <= Seq.length seq) -> (if i > from then @@ -1609,35 +1610,36 @@ module M_hillel__score [#"hillel.rs" 147 0 147 38] use prelude.prelude.UInt32 - function sum_range'0 [#"hillel.rs" 125 0 125 54] (seq : Seq.seq uint32) (from : int) (to' : int) : int + function sum_range'0 [#"hillel.rs" 125 0 125 54] (seq : Seq.seq UInt32.t) (from : int) (to' : int) : int - axiom sum_range'0_def : forall seq : Seq.seq uint32, from : int, to' : int . ([%#shillel6] 0 <= from + axiom sum_range'0_def : forall seq : Seq.seq UInt32.t, from : int, to' : int . ([%#shillel6] 0 <= from /\ from <= to' /\ to' <= Seq.length seq) -> sum_range'0 seq from to' - = ([%#shillel10] if to' - from > 0 then UInt32.to_int (Seq.get seq from) + sum_range'0 seq (from + 1) to' else 0) + = ([%#shillel10] if to' - from > 0 then UInt32.to_uint (Seq.get seq from) + sum_range'0 seq (from + 1) to' else 0) - axiom sum_range'0_spec : forall seq : Seq.seq uint32, from : int, to' : int . ([%#shillel6] 0 <= from + axiom sum_range'0_spec : forall seq : Seq.seq UInt32.t, from : int, to' : int . ([%#shillel6] 0 <= from /\ from <= to' /\ to' <= Seq.length seq) -> ([%#shillel7] sum_range'0 seq from to' >= 0) - function sum_range_split'0 [#"hillel.rs" 137 0 137 61] (seq : Seq.seq uint32) (from : int) (to' : int) (i : int) : () + function sum_range_split'0 [#"hillel.rs" 137 0 137 61] (seq : Seq.seq UInt32.t) (from : int) (to' : int) (i : int) : () + - axiom sum_range_split'0_def : forall seq : Seq.seq uint32, from : int, to' : int, i : int . ([%#shillel3] 0 <= from + axiom sum_range_split'0_def : forall seq : Seq.seq UInt32.t, from : int, to' : int, i : int . ([%#shillel3] 0 <= from /\ from <= i /\ i <= to' /\ to' <= Seq.length seq) -> sum_range_split'0 seq from to' i = ([%#shillel11] if i > from then let _ = sum_range_split'0 seq (from + 1) to' i in () else ()) - axiom sum_range_split'0_spec : forall seq : Seq.seq uint32, from : int, to' : int, i : int . ([%#shillel3] 0 <= from + axiom sum_range_split'0_spec : forall seq : Seq.seq UInt32.t, from : int, to' : int, i : int . ([%#shillel3] 0 <= from /\ from <= i /\ i <= to' /\ to' <= Seq.length seq) -> ([%#shillel4] sum_range'0 seq from to' = sum_range'0 seq from i + sum_range'0 seq i to') function abs_diff'0 (self : int) (other : int) : int = [%#sint12] if self < other then other - self else self - other - constant seq : Seq.seq uint32 + constant seq : Seq.seq UInt32.t constant i : int - function score'0 [#"hillel.rs" 147 0 147 38] (seq : Seq.seq uint32) (i : int) : int + function score'0 [#"hillel.rs" 147 0 147 38] (seq : Seq.seq UInt32.t) (i : int) : int goal vc_score'0 : ([%#shillel0] 0 <= i /\ i <= Seq.length seq) -> ([@expl:sum_range_split requires] [%#shillel3] 0 <= 0 @@ -1684,28 +1686,28 @@ module M_hillel__fulcrum [#"hillel.rs" 159 0 159 30] let%span shillel28 = "hillel.rs" 124 10 124 21 let%span shillel29 = "hillel.rs" 122 10 122 19 let%span shillel30 = "hillel.rs" 121 0 121 8 - let%span sslice31 = "../../../creusot-contracts/src/std/slice.rs" 405 12 405 66 + let%span sslice31 = "../../../creusot-contracts/src/std/slice.rs" 423 12 423 66 let%span siter32 = "../../../creusot-contracts/src/std/iter.rs" 107 26 110 17 - let%span sslice33 = "../../../creusot-contracts/src/std/slice.rs" 245 0 354 1 + let%span sslice33 = "../../../creusot-contracts/src/std/slice.rs" 263 0 372 1 let%span shillel34 = "hillel.rs" 144 11 144 35 let%span shillel35 = "hillel.rs" 145 10 145 64 let%span shillel36 = "hillel.rs" 146 10 146 77 let%span shillel37 = "hillel.rs" 148 4 148 41 let%span srange38 = "../../../creusot-contracts/src/std/iter/range.rs" 23 12 27 70 - let%span snum39 = "../../../creusot-contracts/src/std/num.rs" 220 26 220 59 - let%span sslice40 = "../../../creusot-contracts/src/std/slice.rs" 360 20 360 24 - let%span sslice41 = "../../../creusot-contracts/src/std/slice.rs" 366 20 366 32 + let%span snum39 = "../../../creusot-contracts/src/std/num.rs" 263 26 263 59 + let%span sslice40 = "../../../creusot-contracts/src/std/slice.rs" 378 20 378 24 + let%span sslice41 = "../../../creusot-contracts/src/std/slice.rs" 384 20 384 32 let%span sslice42 = "../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 let%span sslice43 = "../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 - let%span sslice44 = "../../../creusot-contracts/src/std/slice.rs" 411 14 411 45 - let%span sslice45 = "../../../creusot-contracts/src/std/slice.rs" 409 4 409 10 - let%span sslice46 = "../../../creusot-contracts/src/std/slice.rs" 416 15 416 32 - let%span sslice47 = "../../../creusot-contracts/src/std/slice.rs" 417 15 417 32 - let%span sslice48 = "../../../creusot-contracts/src/std/slice.rs" 418 14 418 42 - let%span sslice49 = "../../../creusot-contracts/src/std/slice.rs" 414 4 414 10 - let%span sslice50 = "../../../creusot-contracts/src/std/slice.rs" 96 14 96 41 - let%span sslice51 = "../../../creusot-contracts/src/std/slice.rs" 97 14 97 80 - let%span sslice52 = "../../../creusot-contracts/src/std/slice.rs" 398 20 398 61 + let%span sslice44 = "../../../creusot-contracts/src/std/slice.rs" 429 14 429 45 + let%span sslice45 = "../../../creusot-contracts/src/std/slice.rs" 427 4 427 10 + let%span sslice46 = "../../../creusot-contracts/src/std/slice.rs" 434 15 434 32 + let%span sslice47 = "../../../creusot-contracts/src/std/slice.rs" 435 15 435 32 + let%span sslice48 = "../../../creusot-contracts/src/std/slice.rs" 436 14 436 42 + let%span sslice49 = "../../../creusot-contracts/src/std/slice.rs" 432 4 432 10 + let%span sslice50 = "../../../creusot-contracts/src/std/slice.rs" 114 14 114 41 + let%span sslice51 = "../../../creusot-contracts/src/std/slice.rs" 115 14 115 80 + let%span sslice52 = "../../../creusot-contracts/src/std/slice.rs" 416 20 416 61 let%span sresolve53 = "../../../creusot-contracts/src/resolve.rs" 54 20 54 34 let%span siter54 = "../../../creusot-contracts/src/std/iter.rs" 86 20 86 24 let%span siter55 = "../../../creusot-contracts/src/std/iter.rs" 92 8 92 19 @@ -1722,22 +1724,24 @@ module M_hillel__fulcrum [#"hillel.rs" 159 0 159 30] let%span srange66 = "../../../creusot-contracts/src/std/iter/range.rs" 42 15 42 32 let%span srange67 = "../../../creusot-contracts/src/std/iter/range.rs" 43 15 43 32 let%span srange68 = "../../../creusot-contracts/src/std/iter/range.rs" 44 14 44 42 - let%span snum69 = "../../../creusot-contracts/src/std/num.rs" 21 28 21 33 + let%span snum69 = "../../../creusot-contracts/src/std/num.rs" 52 28 52 33 let%span srange70 = "../../../creusot-contracts/src/std/iter/range.rs" 15 12 15 78 let%span sops71 = "../../../creusot-contracts/src/logic/ops.rs" 42 8 42 31 let%span smodel72 = "../../../creusot-contracts/src/model.rs" 106 8 106 22 + use prelude.prelude.Int + use prelude.prelude.UInt32 use prelude.prelude.Borrow - use prelude.prelude.Slice + use Slice64.create - predicate inv'4 (_1 : slice uint32) + predicate inv'4 (_1 : slice UInt32.t) - axiom inv_axiom'4 [@rewrite] : forall x : slice uint32 [inv'4 x] . inv'4 x = true + axiom inv_axiom'4 [@rewrite] : forall x : slice UInt32.t [inv'4 x] . inv'4 x = true - predicate into_iter_pre'0 (self : slice uint32) = + predicate into_iter_pre'0 (self : slice UInt32.t) = [%#sslice40] true use prelude.prelude.Opaque @@ -1748,12 +1752,12 @@ module M_hillel__fulcrum [#"hillel.rs" 159 0 159 30] type t_Iter'0 = { t_Iter__ptr'0: t_NonNull'0; t_Iter__end_or_len'0: opaque_ptr; t_Iter__qy95zmarker'0: () } - function view'2 (self : t_Iter'0) : slice uint32 + function view'2 (self : t_Iter'0) : slice UInt32.t - predicate into_iter_post'0 (self : slice uint32) (res : t_Iter'0) = + predicate into_iter_post'0 (self : slice UInt32.t) (res : t_Iter'0) = [%#sslice41] self = view'2 res - let rec into_iter'0 (self:slice uint32) (return' (ret:t_Iter'0))= {[@expl:into_iter 'self' type invariant] inv'4 self} + let rec into_iter'0 (self:slice UInt32.t) (return' (ret:t_Iter'0))= {[@expl:into_iter 'self' type invariant] inv'4 self} {[@expl:into_iter requires] [%#siter25] into_iter_pre'0 self} any [ return' (result:t_Iter'0)-> {[%#siter25] into_iter_post'0 self result} (! return' {result}) ] @@ -1771,35 +1775,33 @@ module M_hillel__fulcrum [#"hillel.rs" 159 0 159 30] use seq.Seq - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 - constant v_MAX'0 : usize = (18446744073709551615 : usize) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 - use prelude.prelude.Int + use prelude.prelude.Slice64 - use prelude.prelude.Slice + function view'1 (self : slice UInt32.t) : Seq.seq UInt32.t - function view'1 (self : slice uint32) : Seq.seq uint32 + axiom view'1_spec : forall self : slice UInt32.t . ([%#sslice42] Seq.length (view'1 self) + <= UInt64.to_uint (v_MAX'0 : UInt64.t)) + && ([%#sslice43] view'1 self = Slice64.id self) - axiom view'1_spec : forall self : slice uint32 . ([%#sslice42] Seq.length (view'1 self) - <= UIntSize.to_int (v_MAX'0 : usize)) - && ([%#sslice43] view'1 self = Slice.id self) - - function view'0 (self : slice uint32) : Seq.seq uint32 = + function view'0 (self : slice UInt32.t) : Seq.seq UInt32.t = [%#smodel26] view'1 self use seq.Seq - function sum_range'0 [#"hillel.rs" 125 0 125 54] (seq : Seq.seq uint32) (from : int) (to' : int) : int + function sum_range'0 [#"hillel.rs" 125 0 125 54] (seq : Seq.seq UInt32.t) (from : int) (to' : int) : int - axiom sum_range'0_def : forall seq : Seq.seq uint32, from : int, to' : int . ([%#shillel27] 0 <= from + axiom sum_range'0_def : forall seq : Seq.seq UInt32.t, from : int, to' : int . ([%#shillel27] 0 <= from /\ from <= to' /\ to' <= Seq.length seq) -> sum_range'0 seq from to' - = ([%#shillel30] if to' - from > 0 then UInt32.to_int (Seq.get seq from) + sum_range'0 seq (from + 1) to' else 0) + = ([%#shillel30] if to' - from > 0 then UInt32.to_uint (Seq.get seq from) + sum_range'0 seq (from + 1) to' else 0) - axiom sum_range'0_spec : forall seq : Seq.seq uint32, from : int, to' : int . ([%#shillel27] 0 <= from + axiom sum_range'0_spec : forall seq : Seq.seq UInt32.t, from : int, to' : int . ([%#shillel27] 0 <= from /\ from <= to' /\ to' <= Seq.length seq) -> ([%#shillel28] sum_range'0 seq from to' >= 0) use prelude.prelude.Snapshot @@ -1814,43 +1816,43 @@ module M_hillel__fulcrum [#"hillel.rs" 159 0 159 30] use seq.Seq - function index_logic'0 [@inline:trivial] (self : slice uint32) (ix : int) : uint32 = + function index_logic'0 [@inline:trivial] (self : slice UInt32.t) (ix : int) : UInt32.t = [%#sops71] Seq.get (view'1 self) ix - function to_ref_seq'0 (self : slice uint32) : Seq.seq uint32 + function to_ref_seq'0 (self : slice UInt32.t) : Seq.seq UInt32.t - axiom to_ref_seq'0_spec : forall self : slice uint32 . ([%#sslice50] Seq.length (to_ref_seq'0 self) + axiom to_ref_seq'0_spec : forall self : slice UInt32.t . ([%#sslice50] Seq.length (to_ref_seq'0 self) = Seq.length (view'0 self)) && ([%#sslice51] forall i : int . 0 <= i /\ i < Seq.length (to_ref_seq'0 self) -> Seq.get (to_ref_seq'0 self) i = index_logic'0 self i) - predicate produces'0 (self : t_Iter'0) (visited : Seq.seq uint32) (tl : t_Iter'0) = + predicate produces'0 (self : t_Iter'0) (visited : Seq.seq UInt32.t) (tl : t_Iter'0) = [%#sslice31] to_ref_seq'0 (view'2 self) = Seq.(++) visited (to_ref_seq'0 (view'2 tl)) - function produces_trans'0 (a : t_Iter'0) (ab : Seq.seq uint32) (b : t_Iter'0) (bc : Seq.seq uint32) (c : t_Iter'0) : () + function produces_trans'0 (a : t_Iter'0) (ab : Seq.seq UInt32.t) (b : t_Iter'0) (bc : Seq.seq UInt32.t) (c : t_Iter'0) : () = [%#sslice49] () - axiom produces_trans'0_spec : forall a : t_Iter'0, ab : Seq.seq uint32, b : t_Iter'0, bc : Seq.seq uint32, c : t_Iter'0 . ([%#sslice46] produces'0 a ab b) + axiom produces_trans'0_spec : forall a : t_Iter'0, ab : Seq.seq UInt32.t, b : t_Iter'0, bc : Seq.seq UInt32.t, c : t_Iter'0 . ([%#sslice46] produces'0 a ab b) -> ([%#sslice47] produces'0 b bc c) -> ([%#sslice48] produces'0 a (Seq.(++) ab bc) c) function produces_refl'0 (self : t_Iter'0) : () = [%#sslice45] () - axiom produces_refl'0_spec : forall self : t_Iter'0 . [%#sslice44] produces'0 self (Seq.empty : Seq.seq uint32) self + axiom produces_refl'0_spec : forall self : t_Iter'0 . [%#sslice44] produces'0 self (Seq.empty : Seq.seq UInt32.t) self predicate inv'0 (_1 : t_Iter'0) axiom inv_axiom'0 [@rewrite] : forall x : t_Iter'0 [inv'0 x] . inv'0 x = true - predicate inv'1 (_1 : Seq.seq uint32) + predicate inv'1 (_1 : Seq.seq UInt32.t) - axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq uint32 [inv'1 x] . inv'1 x = true + axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq UInt32.t [inv'1 x] . inv'1 x = true type t_Option'0 = | C_None'0 - | C_Some'0 uint32 + | C_Some'0 UInt32.t predicate inv'5 (_1 : t_Option'0) @@ -1859,13 +1861,13 @@ module M_hillel__fulcrum [#"hillel.rs" 159 0 159 30] predicate resolve'2 (self : borrowed (t_Iter'0)) = [%#sresolve53] self.final = self.current - function view'3 (self : borrowed (t_Iter'0)) : slice uint32 = + function view'3 (self : borrowed (t_Iter'0)) : slice UInt32.t = [%#smodel72] view'2 self.current use seq.Seq predicate completed'0 (self : borrowed (t_Iter'0)) = - [%#sslice52] resolve'2 self /\ view'1 (view'3 self) = (Seq.empty : Seq.seq uint32) + [%#sslice52] resolve'2 self /\ view'1 (view'3 self) = (Seq.empty : Seq.seq UInt32.t) use seq.Seq @@ -1881,18 +1883,18 @@ module M_hillel__fulcrum [#"hillel.rs" 159 0 159 30] predicate resolve'0 (_1 : borrowed (t_Iter'0)) = resolve'2 _1 - let rec v_Some'0 (input:t_Option'0) (ret (field_0:uint32))= any - [ good (field_0:uint32)-> {C_Some'0 field_0 = input} (! ret {field_0}) - | bad -> {forall field_0 : uint32 [C_Some'0 field_0 : t_Option'0] . C_Some'0 field_0 <> input} (! {false} any) ] + let rec v_Some'0 (input:t_Option'0) (ret (field_0:UInt32.t))= any + [ good (field_0:UInt32.t)-> {C_Some'0 field_0 = input} (! ret {field_0}) + | bad -> {forall field_0 : UInt32.t [C_Some'0 field_0 : t_Option'0] . C_Some'0 field_0 <> input} (! {false} any) ] - let rec len'0 (self:slice uint32) (return' (ret:usize))= {[@expl:len 'self' type invariant] inv'4 self} + let rec len'0 (self:slice UInt32.t) (return' (ret:UInt64.t))= {[@expl:len 'self' type invariant] inv'4 self} any - [ return' (result:usize)-> {[%#sslice33] Seq.length (view'0 self) = UIntSize.to_int result} (! return' {result}) ] + [ return' (result:UInt64.t)-> {[%#sslice33] Seq.length (view'0 self) = UInt64.to_uint result} (! return' {result}) ] type t_Range'0 = - { t_Range__start'0: usize; t_Range__end'0: usize } + { t_Range__start'0: UInt64.t; t_Range__end'0: UInt64.t } predicate inv'2 (_1 : t_Range'0) @@ -1920,24 +1922,26 @@ module M_hillel__fulcrum [#"hillel.rs" 159 0 159 30] use seq.Seq - function sum_range_split'0 [#"hillel.rs" 137 0 137 61] (seq : Seq.seq uint32) (from : int) (to' : int) (i : int) : () + function sum_range_split'0 [#"hillel.rs" 137 0 137 61] (seq : Seq.seq UInt32.t) (from : int) (to' : int) (i : int) : () + - axiom sum_range_split'0_def : forall seq : Seq.seq uint32, from : int, to' : int, i : int . ([%#shillel56] 0 <= from + axiom sum_range_split'0_def : forall seq : Seq.seq UInt32.t, from : int, to' : int, i : int . ([%#shillel56] 0 <= from /\ from <= i /\ i <= to' /\ to' <= Seq.length seq) -> sum_range_split'0 seq from to' i = ([%#shillel59] if i > from then let _ = sum_range_split'0 seq (from + 1) to' i in () else ()) - axiom sum_range_split'0_spec : forall seq : Seq.seq uint32, from : int, to' : int, i : int . ([%#shillel56] 0 <= from + axiom sum_range_split'0_spec : forall seq : Seq.seq UInt32.t, from : int, to' : int, i : int . ([%#shillel56] 0 + <= from /\ from <= i /\ i <= to' /\ to' <= Seq.length seq) -> ([%#shillel57] sum_range'0 seq from to' = sum_range'0 seq from i + sum_range'0 seq i to') function abs_diff'1 (self : int) (other : int) : int = [%#sint60] if self < other then other - self else self - other - function score'0 [#"hillel.rs" 147 0 147 38] (seq : Seq.seq uint32) (i : int) : int = + function score'0 [#"hillel.rs" 147 0 147 38] (seq : Seq.seq UInt32.t) (i : int) : int = [%#shillel37] let _ = sum_range_split'0 seq 0 (Seq.length seq) i in abs_diff'1 (sum_range'0 seq 0 i) (sum_range'0 seq i (Seq.length seq)) - axiom score'0_spec : forall seq : Seq.seq uint32, i : int . ([%#shillel34] 0 <= i /\ i <= Seq.length seq) + axiom score'0_spec : forall seq : Seq.seq UInt32.t, i : int . ([%#shillel34] 0 <= i /\ i <= Seq.length seq) -> ([%#shillel35] 0 <= score'0 seq i /\ score'0 seq i <= sum_range'0 seq 0 (Seq.length seq)) && ([%#shillel36] 0 = i \/ i = Seq.length seq -> score'0 seq i = sum_range'0 seq 0 (Seq.length seq)) @@ -1947,12 +1951,12 @@ module M_hillel__fulcrum [#"hillel.rs" 159 0 159 30] use seq.Seq - function deep_model'0 (self : usize) : int = - [%#snum69] UIntSize.to_int self + function deep_model'0 (self : UInt64.t) : int = + [%#snum69] UInt64.to_uint self use seq.Seq - predicate produces'1 (self : t_Range'0) (visited : Seq.seq usize) (o : t_Range'0) = + predicate produces'1 (self : t_Range'0) (visited : Seq.seq UInt64.t) (o : t_Range'0) = [%#srange38] self.t_Range__end'0 = o.t_Range__end'0 /\ deep_model'0 self.t_Range__start'0 <= deep_model'0 o.t_Range__start'0 /\ (Seq.length visited > 0 -> deep_model'0 o.t_Range__start'0 <= deep_model'0 o.t_Range__end'0) @@ -1960,10 +1964,10 @@ module M_hillel__fulcrum [#"hillel.rs" 159 0 159 30] /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> deep_model'0 (Seq.get visited i) = deep_model'0 self.t_Range__start'0 + i) - function produces_trans'1 (a : t_Range'0) (ab : Seq.seq usize) (b : t_Range'0) (bc : Seq.seq usize) (c : t_Range'0) : () + function produces_trans'1 (a : t_Range'0) (ab : Seq.seq UInt64.t) (b : t_Range'0) (bc : Seq.seq UInt64.t) (c : t_Range'0) : () - axiom produces_trans'1_spec : forall a : t_Range'0, ab : Seq.seq usize, b : t_Range'0, bc : Seq.seq usize, c : t_Range'0 . ([%#srange63] inv'2 a) + axiom produces_trans'1_spec : forall a : t_Range'0, ab : Seq.seq UInt64.t, b : t_Range'0, bc : Seq.seq UInt64.t, c : t_Range'0 . ([%#srange63] inv'2 a) -> ([%#srange64] inv'2 b) -> ([%#srange65] inv'2 c) -> ([%#srange66] produces'1 a ab b) @@ -1972,11 +1976,11 @@ module M_hillel__fulcrum [#"hillel.rs" 159 0 159 30] function produces_refl'1 (self : t_Range'0) : () axiom produces_refl'1_spec : forall self : t_Range'0 . ([%#srange61] inv'2 self) - -> ([%#srange62] produces'1 self (Seq.empty : Seq.seq usize) self) + -> ([%#srange62] produces'1 self (Seq.empty : Seq.seq UInt64.t) self) - predicate inv'3 (_1 : Seq.seq usize) + predicate inv'3 (_1 : Seq.seq UInt64.t) - axiom inv_axiom'3 [@rewrite] : forall x : Seq.seq usize [inv'3 x] . inv'3 x = true + axiom inv_axiom'3 [@rewrite] : forall x : Seq.seq UInt64.t [inv'3 x] . inv'3 x = true predicate inv'6 (_1 : borrowed (t_Range'0)) @@ -1984,7 +1988,7 @@ module M_hillel__fulcrum [#"hillel.rs" 159 0 159 30] type t_Option'1 = | C_None'1 - | C_Some'1 usize + | C_Some'1 UInt64.t predicate inv'7 (_1 : t_Option'1) @@ -2012,14 +2016,14 @@ module M_hillel__fulcrum [#"hillel.rs" 159 0 159 30] predicate resolve'1 (_1 : borrowed (t_Range'0)) = resolve'3 _1 - let rec v_Some'1 (input:t_Option'1) (ret (field_0:usize))= any - [ good (field_0:usize)-> {C_Some'1 field_0 = input} (! ret {field_0}) - | bad -> {forall field_0 : usize [C_Some'1 field_0 : t_Option'1] . C_Some'1 field_0 <> input} (! {false} any) ] + let rec v_Some'1 (input:t_Option'1) (ret (field_0:UInt64.t))= any + [ good (field_0:UInt64.t)-> {C_Some'1 field_0 = input} (! ret {field_0}) + | bad -> {forall field_0 : UInt64.t [C_Some'1 field_0 : t_Option'1] . C_Some'1 field_0 <> input} (! {false} any) ] - let rec abs_diff'0 (self:uint32) (other:uint32) (return' (ret:uint32))= any - [ return' (result:uint32)-> {[%#snum39] UInt32.to_int result - = abs_diff'1 (UInt32.to_int self) (UInt32.to_int other)} + let rec abs_diff'0 (self:UInt32.t) (other:UInt32.t) (return' (ret:UInt32.t))= any + [ return' (result:UInt32.t)-> {[%#snum39] UInt32.to_uint result + = abs_diff'1 (UInt32.to_uint self) (UInt32.to_uint other)} (! return' {result}) ] @@ -2035,25 +2039,26 @@ module M_hillel__fulcrum [#"hillel.rs" 159 0 159 30] meta "compute_max_steps" 1000000 - let rec fulcrum'0 (s:slice uint32) (return' (ret:usize))= {[@expl:fulcrum requires #0] [%#shillel21] sum_range'0 (view'0 s) 0 (Seq.length (view'0 s)) + let rec fulcrum'0 (s:slice UInt32.t) (return' (ret:UInt64.t))= {[@expl:fulcrum requires #0] [%#shillel21] sum_range'0 (view'0 s) 0 (Seq.length (view'0 s)) <= 1000} {[@expl:fulcrum requires #1] [%#shillel22] Seq.length (view'0 s) > 0} (! bb0 [ bb0 = s0 - [ s0 = [ &total <- [%#shillel0] (0 : uint32) ] s1 + [ s0 = [ &total <- [%#shillel0] (0 : UInt32.t) ] s1 | s1 = into_iter'0 {s} (fun (_ret':t_Iter'0) -> [ &iter <- _ret' ] s2) | s2 = bb1 ] | bb1 = s0 [ s0 = [ &iter_old <- [%#shillel1] Snapshot.new iter ] s1 | s1 = bb2 ] - | bb2 = s0 [ s0 = [ &produced <- [%#shillel2] Snapshot.new (Seq.empty : Seq.seq uint32) ] s1 | s1 = bb3 ] + | bb2 = s0 [ s0 = [ &produced <- [%#shillel2] Snapshot.new (Seq.empty : Seq.seq UInt32.t) ] s1 | s1 = bb3 ] | bb3 = bb4 | bb4 = bb4 [ bb4 = {[@expl:for invariant] [%#shillel5] inv'1 (Snapshot.inner produced)} {[@expl:for invariant] [%#shillel5] inv'0 iter} {[@expl:for invariant] [%#shillel5] produces'0 (Snapshot.inner iter_old) (Snapshot.inner produced) iter} - {[@expl:loop invariant #0] [%#shillel4] UInt32.to_int total + {[@expl:loop invariant #0] [%#shillel4] UInt32.to_uint total = sum_range'0 (view'0 s) 0 (Seq.length (Snapshot.inner produced))} - {[@expl:loop invariant #1] [%#shillel3] UInt32.to_int total <= sum_range'0 (view'0 s) 0 (Seq.length (view'0 s))} + {[@expl:loop invariant #1] [%#shillel3] UInt32.to_uint total + <= sum_range'0 (view'0 s) 0 (Seq.length (view'0 s))} (! s0) [ s0 = bb5 ] [ bb5 = s0 [ s0 = Borrow.borrow_mut {iter} @@ -2065,11 +2070,11 @@ module M_hillel__fulcrum [#"hillel.rs" 159 0 159 30] | bb6 = s0 [ s0 = -{resolve'0 _22}- s1 - | s1 = any [ br0 -> {_20 = C_None'0 } (! bb9) | br1 (x0:uint32)-> {_20 = C_Some'0 x0} (! bb8) ] ] + | s1 = any [ br0 -> {_20 = C_None'0 } (! bb9) | br1 (x0:UInt32.t)-> {_20 = C_Some'0 x0} (! bb8) ] ] | bb8 = bb10 | bb10 = s0 - [ s0 = v_Some'0 {_20} (fun (r0'0:uint32) -> [ &__creusot_proc_iter_elem <- r0'0 ] s1) + [ s0 = v_Some'0 {_20} (fun (r0'0:UInt32.t) -> [ &__creusot_proc_iter_elem <- r0'0 ] s1) | s1 = [ &_25 <- [%#shillel6] Snapshot.new (Seq.(++) (Snapshot.inner produced) (Seq.singleton __creusot_proc_iter_elem)) ] @@ -2079,39 +2084,39 @@ module M_hillel__fulcrum [#"hillel.rs" 159 0 159 30] | bb11 = s0 [ s0 = [ &produced <- _25 ] s1 | s1 = [ &x <- __creusot_proc_iter_elem ] s2 - | s2 = UInt32.add {total} {x} (fun (_ret':uint32) -> [ &total <- _ret' ] s3) + | s2 = UInt32.add {total} {x} (fun (_ret':UInt32.t) -> [ &total <- _ret' ] s3) | s3 = bb4 ] ] ] | bb9 = s0 - [ s0 = {[@expl:assertion] [%#shillel7] UInt32.to_int total = sum_range'0 (view'0 s) 0 (Seq.length (view'0 s))} s1 - | s1 = [ &min_i <- [%#shillel8] (0 : usize) ] s2 + [ s0 = {[@expl:assertion] [%#shillel7] UInt32.to_uint total = sum_range'0 (view'0 s) 0 (Seq.length (view'0 s))} s1 + | s1 = [ &min_i <- [%#shillel8] (0 : UInt64.t) ] s2 | s2 = [ &min_dist <- total ] s3 - | s3 = [ &sum <- [%#shillel9] (0 : uint32) ] s4 - | s4 = len'0 {s} (fun (_ret':usize) -> [ &_38 <- _ret' ] s5) + | s3 = [ &sum <- [%#shillel9] (0 : UInt32.t) ] s4 + | s4 = len'0 {s} (fun (_ret':UInt64.t) -> [ &_38 <- _ret' ] s5) | s5 = bb12 ] | bb12 = s0 - [ s0 = [ &_37 <- { t_Range__start'0 = ([%#shillel10] (0 : usize)); t_Range__end'0 = _38 } ] s1 + [ s0 = [ &_37 <- { t_Range__start'0 = ([%#shillel10] (0 : UInt64.t)); t_Range__end'0 = _38 } ] s1 | s1 = into_iter'1 {_37} (fun (_ret':t_Range'0) -> [ &iter1 <- _ret' ] s2) | s2 = bb13 ] | bb13 = s0 [ s0 = [ &iter_old1 <- [%#shillel11] Snapshot.new iter1 ] s1 | s1 = bb14 ] - | bb14 = s0 [ s0 = [ &produced1 <- [%#shillel12] Snapshot.new (Seq.empty : Seq.seq usize) ] s1 | s1 = bb15 ] + | bb14 = s0 [ s0 = [ &produced1 <- [%#shillel12] Snapshot.new (Seq.empty : Seq.seq UInt64.t) ] s1 | s1 = bb15 ] | bb15 = bb16 | bb16 = bb16 [ bb16 = {[@expl:for invariant] [%#shillel18] inv'3 (Snapshot.inner produced1)} {[@expl:for invariant] [%#shillel18] inv'2 iter1} {[@expl:for invariant] [%#shillel18] produces'1 (Snapshot.inner iter_old1) (Snapshot.inner produced1) iter1} - {[@expl:loop invariant #0] [%#shillel17] UInt32.to_int sum + {[@expl:loop invariant #0] [%#shillel17] UInt32.to_uint sum = sum_range'0 (view'0 s) 0 (Seq.length (Snapshot.inner produced1))} - {[@expl:loop invariant #1] [%#shillel16] UInt32.to_int sum <= UInt32.to_int total} - {[@expl:loop invariant #2] [%#shillel15] UIntSize.to_int min_i <= Seq.length (Snapshot.inner produced1) - /\ UIntSize.to_int min_i < Seq.length (view'0 s)} - {[@expl:loop invariant #3] [%#shillel14] UInt32.to_int min_dist = score'0 (view'0 s) (UIntSize.to_int min_i)} + {[@expl:loop invariant #1] [%#shillel16] UInt32.to_uint sum <= UInt32.to_uint total} + {[@expl:loop invariant #2] [%#shillel15] UInt64.to_uint min_i <= Seq.length (Snapshot.inner produced1) + /\ UInt64.to_uint min_i < Seq.length (view'0 s)} + {[@expl:loop invariant #3] [%#shillel14] UInt32.to_uint min_dist = score'0 (view'0 s) (UInt64.to_uint min_i)} {[@expl:loop invariant #4] [%#shillel13] forall j : int . 0 <= j /\ j < Seq.length (Snapshot.inner produced1) - -> score'0 (view'0 s) (UIntSize.to_int min_i) <= score'0 (view'0 s) j} + -> score'0 (view'0 s) (UInt64.to_uint min_i) <= score'0 (view'0 s) j} (! s0) [ s0 = bb17 ] [ bb17 = s0 [ s0 = Borrow.borrow_mut {iter1} @@ -2126,11 +2131,11 @@ module M_hillel__fulcrum [#"hillel.rs" 159 0 159 30] | bb18 = s0 [ s0 = -{resolve'1 _54}- s1 - | s1 = any [ br0 -> {_52 = C_None'1 } (! bb21) | br1 (x0:usize)-> {_52 = C_Some'1 x0} (! bb20) ] ] + | s1 = any [ br0 -> {_52 = C_None'1 } (! bb21) | br1 (x0:UInt64.t)-> {_52 = C_Some'1 x0} (! bb20) ] ] | bb20 = bb22 | bb22 = s0 - [ s0 = v_Some'1 {_52} (fun (r0'0:usize) -> [ &__creusot_proc_iter_elem1 <- r0'0 ] s1) + [ s0 = v_Some'1 {_52} (fun (r0'0:UInt64.t) -> [ &__creusot_proc_iter_elem1 <- r0'0 ] s1) | s1 = [ &_57 <- [%#shillel19] Snapshot.new (Seq.(++) (Snapshot.inner produced1) (Seq.singleton __creusot_proc_iter_elem1)) ] @@ -2140,8 +2145,8 @@ module M_hillel__fulcrum [#"hillel.rs" 159 0 159 30] | bb23 = s0 [ s0 = [ &produced1 <- _57 ] s1 | s1 = [ &i <- __creusot_proc_iter_elem1 ] s2 - | s2 = UInt32.sub {total} {sum} (fun (_ret':uint32) -> [ &_62 <- _ret' ] s3) - | s3 = abs_diff'0 {sum} {_62} (fun (_ret':uint32) -> [ &dist <- _ret' ] s4) + | s2 = UInt32.sub {total} {sum} (fun (_ret':UInt32.t) -> [ &_62 <- _ret' ] s3) + | s3 = abs_diff'0 {sum} {_62} (fun (_ret':UInt32.t) -> [ &dist <- _ret' ] s4) | s4 = bb24 ] | bb24 = s0 @@ -2153,56 +2158,56 @@ module M_hillel__fulcrum [#"hillel.rs" 159 0 159 30] | bb27 = s0 [ s0 = [ &_72 <- i ] s1 | s1 = [ &_73 <- Slice.length s ] s2 - | s2 = UIntSize.lt {_72} {_73} (fun (_ret':bool) -> [ &_74 <- _ret' ] s3) + | s2 = UInt64.lt {_72} {_73} (fun (_ret':bool) -> [ &_74 <- _ret' ] s3) | s3 = {[@expl:index in bounds] [%#shillel20] _74} s4 | s4 = bb28 ] | bb28 = s0 - [ s0 = Slice.get {s} {_72} - (fun (r'0:uint32) -> UInt32.add {sum} {r'0} (fun (_ret':uint32) -> [ &sum <- _ret' ] s1)) + [ s0 = Slice64.get {s} {_72} + (fun (r'0:UInt32.t) -> UInt32.add {sum} {r'0} (fun (_ret':UInt32.t) -> [ &sum <- _ret' ] s1)) | s1 = bb16 ] ] ] | bb21 = s0 [ s0 = [ &_0 <- min_i ] s1 | s1 = return' {_0} ] ] ) - [ & _0 : usize = any_l () - | & s : slice uint32 = s - | & total : uint32 = any_l () + [ & _0 : UInt64.t = any_l () + | & s : slice UInt32.t = s + | & total : UInt32.t = any_l () | & iter : t_Iter'0 = any_l () | & iter_old : Snapshot.snap_ty (t_Iter'0) = any_l () - | & produced : Snapshot.snap_ty (Seq.seq uint32) = any_l () + | & produced : Snapshot.snap_ty (Seq.seq UInt32.t) = any_l () | & _20 : t_Option'0 = any_l () | & _21 : borrowed (t_Iter'0) = any_l () | & _22 : borrowed (t_Iter'0) = any_l () - | & __creusot_proc_iter_elem : uint32 = any_l () - | & _25 : Snapshot.snap_ty (Seq.seq uint32) = any_l () - | & x : uint32 = any_l () - | & min_i : usize = any_l () - | & min_dist : uint32 = any_l () - | & sum : uint32 = any_l () + | & __creusot_proc_iter_elem : UInt32.t = any_l () + | & _25 : Snapshot.snap_ty (Seq.seq UInt32.t) = any_l () + | & x : UInt32.t = any_l () + | & min_i : UInt64.t = any_l () + | & min_dist : UInt32.t = any_l () + | & sum : UInt32.t = any_l () | & iter1 : t_Range'0 = any_l () | & _37 : t_Range'0 = any_l () - | & _38 : usize = any_l () + | & _38 : UInt64.t = any_l () | & iter_old1 : Snapshot.snap_ty (t_Range'0) = any_l () - | & produced1 : Snapshot.snap_ty (Seq.seq usize) = any_l () + | & produced1 : Snapshot.snap_ty (Seq.seq UInt64.t) = any_l () | & _52 : t_Option'1 = any_l () | & _53 : borrowed (t_Range'0) = any_l () | & _54 : borrowed (t_Range'0) = any_l () - | & __creusot_proc_iter_elem1 : usize = any_l () - | & _57 : Snapshot.snap_ty (Seq.seq usize) = any_l () - | & i : usize = any_l () - | & dist : uint32 = any_l () - | & _62 : uint32 = any_l () + | & __creusot_proc_iter_elem1 : UInt64.t = any_l () + | & _57 : Snapshot.snap_ty (Seq.seq UInt64.t) = any_l () + | & i : UInt64.t = any_l () + | & dist : UInt32.t = any_l () + | & _62 : UInt32.t = any_l () | & _66 : bool = any_l () - | & _72 : usize = any_l () - | & _73 : usize = any_l () + | & _72 : UInt64.t = any_l () + | & _73 : UInt64.t = any_l () | & _74 : bool = any_l () ] - [ return' (result:usize)-> {[@expl:fulcrum ensures #0] [%#shillel23] 0 <= UIntSize.to_int result - /\ UIntSize.to_int result < Seq.length (view'0 s)} + [ return' (result:UInt64.t)-> {[@expl:fulcrum ensures #0] [%#shillel23] 0 <= UInt64.to_uint result + /\ UInt64.to_uint result < Seq.length (view'0 s)} {[@expl:fulcrum ensures #1] [%#shillel24] forall i : int . 0 <= i /\ i < Seq.length (view'0 s) - -> score'0 (view'0 s) (UIntSize.to_int result) <= score'0 (view'0 s) i} + -> score'0 (view'0 s) (UInt64.to_uint result) <= score'0 (view'0 s) i} (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/immut.coma b/creusot/tests/should_succeed/immut.coma index 33a24c9ad3..ec746cfb2c 100644 --- a/creusot/tests/should_succeed/immut.coma +++ b/creusot/tests/should_succeed/immut.coma @@ -2,14 +2,16 @@ module M_immut__f [#"immut.rs" 3 0 3 10] let%span simmut0 = "immut.rs" 4 16 4 18 let%span sresolve1 = "../../../creusot-contracts/src/resolve.rs" 54 20 54 34 + use prelude.prelude.Int + use prelude.prelude.UInt32 use prelude.prelude.Borrow - predicate resolve'1 (self : borrowed uint32) = + predicate resolve'1 (self : borrowed UInt32.t) = [%#sresolve1] self.final = self.current - predicate resolve'0 (_1 : borrowed uint32) = + predicate resolve'0 (_1 : borrowed UInt32.t) = resolve'1 _1 use prelude.prelude.Intrinsic @@ -18,13 +20,17 @@ module M_immut__f [#"immut.rs" 3 0 3 10] let rec f'0 (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 - [ s0 = [ &a <- [%#simmut0] (10 : uint32) ] s1 - | s1 = Borrow.borrow_mut {a} (fun (_ret':borrowed uint32) -> [ &b <- _ret' ] [ &a <- _ret'.final ] s2) + [ s0 = [ &a <- [%#simmut0] (10 : UInt32.t) ] s1 + | s1 = Borrow.borrow_mut {a} + (fun (_ret':borrowed UInt32.t) -> [ &b <- _ret' ] [ &a <- _ret'.final ] s2) | s2 = [ &_c <- b.current ] s3 | s3 = -{resolve'0 b}- s4 | s4 = return' {_0} ] ] - ) [ & _0 : () = any_l () | & a : uint32 = any_l () | & b : borrowed uint32 = any_l () | & _c : uint32 = any_l () ] - [ return' (result:())-> (! return' {result}) ] - + ) + [ & _0 : () = any_l () + | & a : UInt32.t = any_l () + | & b : borrowed UInt32.t = any_l () + | & _c : UInt32.t = any_l () ] + [ return' (result:())-> (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/index_range.coma b/creusot/tests/should_succeed/index_range.coma index a0d767ddc0..bac04790f8 100644 --- a/creusot/tests/should_succeed/index_range.coma +++ b/creusot/tests/should_succeed/index_range.coma @@ -20,16 +20,18 @@ module M_index_range__create_arr [#"index_range.rs" 14 0 14 27] type t_Unique'0 = { t_Unique__pointer'0: t_NonNull'0; t_Unique__qy95zmarker'0: () } - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 type t_Cap'0 = - { t_Cap__0'0: usize } + { t_Cap__0'0: UInt64.t } type t_RawVec'0 = { t_RawVec__ptr'0: t_Unique'0; t_RawVec__cap'0: t_Cap'0; t_RawVec__alloc'0: () } type t_Vec'0 = - { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: usize } + { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: UInt64.t } predicate inv'0 (_1 : t_Vec'0) @@ -37,19 +39,17 @@ module M_index_range__create_arr [#"index_range.rs" 14 0 14 27] use seq.Seq - constant v_MAX'0 : usize = (18446744073709551615 : usize) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.UIntSize - - use prelude.prelude.Int + use prelude.prelude.UInt64 use prelude.prelude.Int32 use seq.Seq - function view'0 (self : t_Vec'0) : Seq.seq int32 + function view'0 (self : t_Vec'0) : Seq.seq Int32.t - axiom view'0_spec : forall self : t_Vec'0 . [%#svec9] Seq.length (view'0 self) <= UIntSize.to_int (v_MAX'0 : usize) + axiom view'0_spec : forall self : t_Vec'0 . [%#svec9] Seq.length (view'0 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) let rec new'0 (_1:()) (return' (ret:t_Vec'0))= any [ return' (result:t_Vec'0)-> {inv'0 result} {[%#svec7] Seq.length (view'0 result) = 0} (! return' {result}) ] @@ -61,16 +61,16 @@ module M_index_range__create_arr [#"index_range.rs" 14 0 14 27] axiom inv_axiom'1 [@rewrite] : forall x : borrowed (t_Vec'0) [inv'1 x] . inv'1 x = true - predicate inv'2 (_1 : int32) + predicate inv'2 (_1 : Int32.t) - axiom inv_axiom'2 [@rewrite] : forall x : int32 [inv'2 x] . inv'2 x = true + axiom inv_axiom'2 [@rewrite] : forall x : Int32.t [inv'2 x] . inv'2 x = true - function view'1 (self : borrowed (t_Vec'0)) : Seq.seq int32 = + function view'1 (self : borrowed (t_Vec'0)) : Seq.seq Int32.t = [%#smodel11] view'0 self.current use seq.Seq - let rec push'0 (self:borrowed (t_Vec'0)) (value:int32) (return' (ret:()))= {[@expl:push 'self' type invariant] inv'1 self} + let rec push'0 (self:borrowed (t_Vec'0)) (value:Int32.t) (return' (ret:()))= {[@expl:push 'self' type invariant] inv'1 self} {[@expl:push 'value' type invariant] inv'2 value} any [ return' (result:())-> {[%#svec8] view'0 self.final = Seq.snoc (view'1 self) value} (! return' {result}) ] @@ -78,7 +78,7 @@ module M_index_range__create_arr [#"index_range.rs" 14 0 14 27] use seq.Seq - function index_logic'0 [@inline:trivial] (self : t_Vec'0) (ix : int) : int32 = + function index_logic'0 [@inline:trivial] (self : t_Vec'0) (ix : int) : Int32.t = [%#sops10] Seq.get (view'0 self) ix use prelude.prelude.Int32 @@ -90,31 +90,31 @@ module M_index_range__create_arr [#"index_range.rs" 14 0 14 27] | bb1 = s0 [ s0 = Borrow.borrow_mut {arr} (fun (_ret':borrowed (t_Vec'0)) -> [ &_4 <- _ret' ] [ &arr <- _ret'.final ] s1) - | s1 = push'0 {_4} {[%#sindex_range1] (0 : int32)} (fun (_ret':()) -> [ &_3 <- _ret' ] s2) + | s1 = push'0 {_4} {[%#sindex_range1] (0 : Int32.t)} (fun (_ret':()) -> [ &_3 <- _ret' ] s2) | s2 = bb2 ] | bb2 = s0 [ s0 = Borrow.borrow_mut {arr} (fun (_ret':borrowed (t_Vec'0)) -> [ &_6 <- _ret' ] [ &arr <- _ret'.final ] s1) - | s1 = push'0 {_6} {[%#sindex_range2] (1 : int32)} (fun (_ret':()) -> [ &_5 <- _ret' ] s2) + | s1 = push'0 {_6} {[%#sindex_range2] (1 : Int32.t)} (fun (_ret':()) -> [ &_5 <- _ret' ] s2) | s2 = bb3 ] | bb3 = s0 [ s0 = Borrow.borrow_mut {arr} (fun (_ret':borrowed (t_Vec'0)) -> [ &_8 <- _ret' ] [ &arr <- _ret'.final ] s1) - | s1 = push'0 {_8} {[%#sindex_range3] (2 : int32)} (fun (_ret':()) -> [ &_7 <- _ret' ] s2) + | s1 = push'0 {_8} {[%#sindex_range3] (2 : Int32.t)} (fun (_ret':()) -> [ &_7 <- _ret' ] s2) | s2 = bb4 ] | bb4 = s0 [ s0 = Borrow.borrow_mut {arr} (fun (_ret':borrowed (t_Vec'0)) -> [ &_10 <- _ret' ] [ &arr <- _ret'.final ] s1) - | s1 = push'0 {_10} {[%#sindex_range4] (3 : int32)} (fun (_ret':()) -> [ &_9 <- _ret' ] s2) + | s1 = push'0 {_10} {[%#sindex_range4] (3 : Int32.t)} (fun (_ret':()) -> [ &_9 <- _ret' ] s2) | s2 = bb5 ] | bb5 = s0 [ s0 = Borrow.borrow_mut {arr} (fun (_ret':borrowed (t_Vec'0)) -> [ &_12 <- _ret' ] [ &arr <- _ret'.final ] s1) - | s1 = push'0 {_12} {[%#sindex_range5] (4 : int32)} (fun (_ret':()) -> [ &_11 <- _ret' ] s2) + | s1 = push'0 {_12} {[%#sindex_range5] (4 : Int32.t)} (fun (_ret':()) -> [ &_11 <- _ret' ] s2) | s2 = bb6 ] | bb6 = s0 [ s0 = [ &_0 <- arr ] s1 | s1 = bb7 ] @@ -217,10 +217,10 @@ module M_index_range__test_range [#"index_range.rs" 27 0 27 19] let%span sindex_range72 = "index_range.rs" 7 4 12 22 let%span svec73 = "../../../creusot-contracts/src/std/vec.rs" 162 27 162 46 let%span svec74 = "../../../creusot-contracts/src/std/vec.rs" 163 26 163 54 - let%span sslice75 = "../../../creusot-contracts/src/std/slice.rs" 245 0 354 1 + let%span sslice75 = "../../../creusot-contracts/src/std/slice.rs" 263 0 372 1 let%span svec76 = "../../../creusot-contracts/src/std/vec.rs" 169 26 169 42 - let%span sslice77 = "../../../creusot-contracts/src/std/slice.rs" 262 18 262 100 - let%span sslice78 = "../../../creusot-contracts/src/std/slice.rs" 263 18 263 55 + let%span sslice77 = "../../../creusot-contracts/src/std/slice.rs" 280 18 280 100 + let%span sslice78 = "../../../creusot-contracts/src/std/slice.rs" 281 18 281 55 let%span soption79 = "../../../creusot-contracts/src/std/option.rs" 51 26 51 51 let%span svec80 = "../../../creusot-contracts/src/std/vec.rs" 152 27 152 46 let%span svec81 = "../../../creusot-contracts/src/std/vec.rs" 153 26 153 54 @@ -231,25 +231,25 @@ module M_index_range__test_range [#"index_range.rs" 27 0 27 19] let%span svec86 = "../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 let%span sops87 = "../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 let%span smodel88 = "../../../creusot-contracts/src/model.rs" 88 8 88 22 - let%span sslice89 = "../../../creusot-contracts/src/std/slice.rs" 144 20 144 70 - let%span sslice90 = "../../../creusot-contracts/src/std/slice.rs" 150 20 150 67 + let%span sslice89 = "../../../creusot-contracts/src/std/slice.rs" 162 20 162 70 + let%span sslice90 = "../../../creusot-contracts/src/std/slice.rs" 168 20 168 67 let%span smodel91 = "../../../creusot-contracts/src/model.rs" 106 8 106 22 - let%span sslice92 = "../../../creusot-contracts/src/std/slice.rs" 157 12 158 32 + let%span sslice92 = "../../../creusot-contracts/src/std/slice.rs" 175 12 176 32 let%span sresolve93 = "../../../creusot-contracts/src/resolve.rs" 54 20 54 34 - let%span sslice94 = "../../../creusot-contracts/src/std/slice.rs" 122 20 122 37 - let%span sslice95 = "../../../creusot-contracts/src/std/slice.rs" 129 20 129 37 + let%span sslice94 = "../../../creusot-contracts/src/std/slice.rs" 140 20 140 37 + let%span sslice95 = "../../../creusot-contracts/src/std/slice.rs" 147 20 147 37 let%span sslice96 = "../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 let%span sslice97 = "../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 use seq.Seq - use prelude.prelude.UIntSize + use prelude.prelude.Int - constant v_MAX'0 : usize = (18446744073709551615 : usize) + use prelude.prelude.UInt64 - use prelude.prelude.UIntSize + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.Int + use prelude.prelude.UInt64 use prelude.prelude.Opaque @@ -260,25 +260,25 @@ module M_index_range__test_range [#"index_range.rs" 27 0 27 19] { t_Unique__pointer'0: t_NonNull'0; t_Unique__qy95zmarker'0: () } type t_Cap'0 = - { t_Cap__0'0: usize } + { t_Cap__0'0: UInt64.t } type t_RawVec'0 = { t_RawVec__ptr'0: t_Unique'0; t_RawVec__cap'0: t_Cap'0; t_RawVec__alloc'0: () } type t_Vec'0 = - { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: usize } + { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: UInt64.t } use prelude.prelude.Int32 use seq.Seq - function view'0 (self : t_Vec'0) : Seq.seq int32 + function view'0 (self : t_Vec'0) : Seq.seq Int32.t - axiom view'0_spec : forall self : t_Vec'0 . [%#svec86] Seq.length (view'0 self) <= UIntSize.to_int (v_MAX'0 : usize) + axiom view'0_spec : forall self : t_Vec'0 . [%#svec86] Seq.length (view'0 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) use seq.Seq - function index_logic'0 [@inline:trivial] (self : t_Vec'0) (ix : int) : int32 = + function index_logic'0 [@inline:trivial] (self : t_Vec'0) (ix : int) : Int32.t = [%#sops87] Seq.get (view'0 self) ix use prelude.prelude.Int32 @@ -293,7 +293,7 @@ module M_index_range__test_range [#"index_range.rs" 27 0 27 19] type t_Range'0 = - { t_Range__start'0: usize; t_Range__end'0: usize } + { t_Range__start'0: UInt64.t; t_Range__end'0: UInt64.t } use prelude.prelude.Borrow @@ -305,67 +305,68 @@ module M_index_range__test_range [#"index_range.rs" 27 0 27 19] axiom inv_axiom'1 [@rewrite] : forall x : t_Range'0 [inv'1 x] . inv'1 x = true - function view'1 (self : t_Vec'0) : Seq.seq int32 = + function view'1 (self : t_Vec'0) : Seq.seq Int32.t = [%#smodel88] view'0 self - predicate in_bounds'0 (self : t_Range'0) (seq : Seq.seq int32) = - [%#sslice89] UIntSize.to_int self.t_Range__start'0 <= UIntSize.to_int self.t_Range__end'0 - /\ UIntSize.to_int self.t_Range__end'0 <= Seq.length seq + predicate in_bounds'0 (self : t_Range'0) (seq : Seq.seq Int32.t) = + [%#sslice89] UInt64.to_uint self.t_Range__start'0 <= UInt64.to_uint self.t_Range__end'0 + /\ UInt64.to_uint self.t_Range__end'0 <= Seq.length seq - use prelude.prelude.Slice + use Slice64.create - predicate inv'2 (_1 : slice int32) + predicate inv'2 (_1 : slice Int32.t) - axiom inv_axiom'2 [@rewrite] : forall x : slice int32 [inv'2 x] . inv'2 x = true + axiom inv_axiom'2 [@rewrite] : forall x : slice Int32.t [inv'2 x] . inv'2 x = true use seq.Seq - use prelude.prelude.Slice + use prelude.prelude.Slice64 - function view'4 (self : slice int32) : Seq.seq int32 + function view'4 (self : slice Int32.t) : Seq.seq Int32.t - axiom view'4_spec : forall self : slice int32 . ([%#sslice96] Seq.length (view'4 self) - <= UIntSize.to_int (v_MAX'0 : usize)) - && ([%#sslice97] view'4 self = Slice.id self) + axiom view'4_spec : forall self : slice Int32.t . ([%#sslice96] Seq.length (view'4 self) + <= UInt64.to_uint (v_MAX'0 : UInt64.t)) + && ([%#sslice97] view'4 self = Slice64.id self) - predicate has_value'0 (self : t_Range'0) (seq : Seq.seq int32) (out : slice int32) = - [%#sslice90] Seq.([..]) seq (UIntSize.to_int self.t_Range__start'0) (UIntSize.to_int self.t_Range__end'0) - = view'4 out + predicate has_value'0 (self : t_Range'0) (seq : Seq.seq Int32.t) (out : slice Int32.t) = + [%#sslice90] Seq.([..]) seq (UInt64.to_uint self.t_Range__start'0) (UInt64.to_uint self.t_Range__end'0) = view'4 out - let rec index'0 (self:t_Vec'0) (index:t_Range'0) (return' (ret:slice int32))= {[@expl:index 'self' type invariant] inv'0 self} + let rec index'0 (self:t_Vec'0) (index:t_Range'0) (return' (ret:slice Int32.t))= {[@expl:index 'self' type invariant] inv'0 self} {[@expl:index 'index' type invariant] inv'1 index} {[@expl:index requires] [%#svec73] in_bounds'0 index (view'1 self)} any - [ return' (result:slice int32)-> {inv'2 result} + [ return' (result:slice Int32.t)-> {inv'2 result} {[%#svec74] has_value'0 index (view'1 self) result} (! return' {result}) ] - function view'2 (self : slice int32) : Seq.seq int32 = + function view'2 (self : slice Int32.t) : Seq.seq Int32.t = [%#smodel88] view'4 self - let rec len'0 (self:slice int32) (return' (ret:usize))= {[@expl:len 'self' type invariant] inv'2 self} + let rec len'0 (self:slice Int32.t) (return' (ret:UInt64.t))= {[@expl:len 'self' type invariant] inv'2 self} any - [ return' (result:usize)-> {[%#sslice75] Seq.length (view'2 self) = UIntSize.to_int result} (! return' {result}) ] + [ return' (result:UInt64.t)-> {[%#sslice75] Seq.length (view'2 self) = UInt64.to_uint result} (! return' {result}) ] - let rec deref'0 (self:t_Vec'0) (return' (ret:slice int32))= {[@expl:deref 'self' type invariant] inv'0 self} - any [ return' (result:slice int32)-> {inv'2 result} {[%#svec76] view'2 result = view'1 self} (! return' {result}) ] + let rec deref'0 (self:t_Vec'0) (return' (ret:slice Int32.t))= {[@expl:deref 'self' type invariant] inv'0 self} + any + [ return' (result:slice Int32.t)-> {inv'2 result} {[%#svec76] view'2 result = view'1 self} (! return' {result}) ] + type t_Option'0 = | C_None'0 - | C_Some'0 (slice int32) + | C_Some'0 (slice Int32.t) predicate inv'3 (_1 : t_Option'0) axiom inv_axiom'3 [@rewrite] : forall x : t_Option'0 [inv'3 x] . inv'3 x = true - let rec get'0 (self:slice int32) (index:t_Range'0) (return' (ret:t_Option'0))= {[@expl:get 'self' type invariant] inv'2 self} + let rec get'0 (self:slice Int32.t) (index:t_Range'0) (return' (ret:t_Option'0))= {[@expl:get 'self' type invariant] inv'2 self} {[@expl:get 'index' type invariant] inv'1 index} any [ return' (result:t_Option'0)-> {inv'3 result} {[%#sslice77] in_bounds'0 index (view'2 self) - -> (exists r : slice int32 . result = C_Some'0 r /\ has_value'0 index (view'2 self) r)} + -> (exists r : slice Int32.t . result = C_Some'0 r /\ has_value'0 index (view'2 self) r)} {[%#sslice78] in_bounds'0 index (view'2 self) \/ result = C_None'0} (! return' {result}) ] @@ -381,23 +382,23 @@ module M_index_range__test_range [#"index_range.rs" 27 0 27 19] axiom inv_axiom'5 [@rewrite] : forall x : borrowed (t_Vec'0) [inv'5 x] . inv'5 x = true - function view'3 (self : borrowed (t_Vec'0)) : Seq.seq int32 = + function view'3 (self : borrowed (t_Vec'0)) : Seq.seq Int32.t = [%#smodel91] view'0 self.current - predicate inv'6 (_1 : borrowed (slice int32)) + predicate inv'6 (_1 : borrowed (slice Int32.t)) - axiom inv_axiom'6 [@rewrite] : forall x : borrowed (slice int32) [inv'6 x] . inv'6 x = true + axiom inv_axiom'6 [@rewrite] : forall x : borrowed (slice Int32.t) [inv'6 x] . inv'6 x = true - predicate resolve_elswhere'0 (self : t_Range'0) (old' : Seq.seq int32) (fin : Seq.seq int32) = + predicate resolve_elswhere'0 (self : t_Range'0) (old' : Seq.seq Int32.t) (fin : Seq.seq Int32.t) = [%#sslice92] forall i : int . 0 <= i - /\ (i < UIntSize.to_int self.t_Range__start'0 \/ UIntSize.to_int self.t_Range__end'0 <= i) /\ i < Seq.length old' + /\ (i < UInt64.to_uint self.t_Range__start'0 \/ UInt64.to_uint self.t_Range__end'0 <= i) /\ i < Seq.length old' -> Seq.get old' i = Seq.get fin i - let rec index_mut'0 (self:borrowed (t_Vec'0)) (index:t_Range'0) (return' (ret:borrowed (slice int32)))= {[@expl:index_mut 'self' type invariant] inv'5 self} + let rec index_mut'0 (self:borrowed (t_Vec'0)) (index:t_Range'0) (return' (ret:borrowed (slice Int32.t)))= {[@expl:index_mut 'self' type invariant] inv'5 self} {[@expl:index_mut 'index' type invariant] inv'1 index} {[@expl:index_mut requires] [%#svec80] in_bounds'0 index (view'3 self)} any - [ return' (result:borrowed (slice int32))-> {inv'6 result} + [ return' (result:borrowed (slice Int32.t))-> {inv'6 result} {[%#svec81] has_value'0 index (view'3 self) result.current} {[%#svec82] has_value'0 index (view'0 self.final) result.final} {[%#svec83] resolve_elswhere'0 index (view'3 self) (view'0 self.final)} @@ -405,36 +406,38 @@ module M_index_range__test_range [#"index_range.rs" 27 0 27 19] (! return' {result}) ] - predicate resolve'1 (self : borrowed (slice int32)) = + predicate resolve'1 (self : borrowed (slice Int32.t)) = [%#sresolve93] self.final = self.current - predicate resolve'0 (_1 : borrowed (slice int32)) = + predicate resolve'0 (_1 : borrowed (slice Int32.t)) = resolve'1 _1 - let rec len'1 (self:t_Vec'0) (return' (ret:usize))= {[@expl:len 'self' type invariant] inv'0 self} + let rec len'1 (self:t_Vec'0) (return' (ret:UInt64.t))= {[@expl:len 'self' type invariant] inv'0 self} any - [ return' (result:usize)-> {[%#svec85] UIntSize.to_int result = Seq.length (view'1 self)} (! return' {result}) ] + [ return' (result:UInt64.t)-> {[%#svec85] UInt64.to_uint result = Seq.length (view'1 self)} (! return' {result}) ] - predicate inv'7 (_1 : usize) + predicate inv'7 (_1 : UInt64.t) - axiom inv_axiom'7 [@rewrite] : forall x : usize [inv'7 x] . inv'7 x = true + axiom inv_axiom'7 [@rewrite] : forall x : UInt64.t [inv'7 x] . inv'7 x = true - predicate in_bounds'1 [@inline:trivial] (self : usize) (seq : Seq.seq int32) = - [%#sslice94] UIntSize.to_int self < Seq.length seq + predicate in_bounds'1 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq Int32.t) = + [%#sslice94] UInt64.to_uint self < Seq.length seq - predicate inv'8 (_1 : int32) + predicate inv'8 (_1 : Int32.t) - axiom inv_axiom'8 [@rewrite] : forall x : int32 [inv'8 x] . inv'8 x = true + axiom inv_axiom'8 [@rewrite] : forall x : Int32.t [inv'8 x] . inv'8 x = true - predicate has_value'1 [@inline:trivial] (self : usize) (seq : Seq.seq int32) (out : int32) = - [%#sslice95] Seq.get seq (UIntSize.to_int self) = out + predicate has_value'1 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq Int32.t) (out : Int32.t) = + [%#sslice95] Seq.get seq (UInt64.to_uint self) = out - let rec index'1 (self:t_Vec'0) (index:usize) (return' (ret:int32))= {[@expl:index 'self' type invariant] inv'0 self} + let rec index'1 (self:t_Vec'0) (index:UInt64.t) (return' (ret:Int32.t))= {[@expl:index 'self' type invariant] inv'0 self} {[@expl:index 'index' type invariant] inv'7 index} {[@expl:index requires] [%#svec73] in_bounds'1 index (view'1 self)} any - [ return' (result:int32)-> {inv'8 result} {[%#svec74] has_value'1 index (view'1 self) result} (! return' {result}) ] + [ return' (result:Int32.t)-> {inv'8 result} + {[%#svec74] has_value'1 index (view'1 self) result} + (! return' {result}) ] use prelude.prelude.Intrinsic @@ -445,117 +448,119 @@ module M_index_range__test_range [#"index_range.rs" 27 0 27 19] [ bb0 = s0 [ s0 = create_arr'0 {[%#sindex_range0] ()} (fun (_ret':t_Vec'0) -> [ &arr <- _ret' ] s1) | s1 = bb1 ] | bb1 = s0 [ s0 = - [ &_5 <- { t_Range__start'0 = ([%#sindex_range1] (0 : usize)); - t_Range__end'0 = ([%#sindex_range2] (2 : usize)) } ] + [ &_5 <- { t_Range__start'0 = ([%#sindex_range1] (0 : UInt64.t)); + t_Range__end'0 = ([%#sindex_range2] (2 : UInt64.t)) } ] s1 - | s1 = index'0 {arr} {_5} (fun (_ret':slice int32) -> [ &_3 <- _ret' ] s2) + | s1 = index'0 {arr} {_5} (fun (_ret':slice Int32.t) -> [ &_3 <- _ret' ] s2) | s2 = bb2 ] - | bb2 = s0 [ s0 = [ &s <- _3 ] s1 | s1 = len'0 {s} (fun (_ret':usize) -> [ &_8 <- _ret' ] s2) | s2 = bb3 ] + | bb2 = s0 [ s0 = [ &s <- _3 ] s1 | s1 = len'0 {s} (fun (_ret':UInt64.t) -> [ &_8 <- _ret' ] s2) | s2 = bb3 ] | bb3 = s0 - [ s0 = UIntSize.eq {_8} {[%#sindex_range3] (2 : usize)} (fun (_ret':bool) -> [ &_7 <- _ret' ] s1) + [ s0 = UInt64.eq {_8} {[%#sindex_range3] (2 : UInt64.t)} (fun (_ret':bool) -> [ &_7 <- _ret' ] s1) | s1 = any [ br0 -> {_7 = false} (! bb11) | br1 -> {_7} (! bb4) ] ] | bb4 = s0 - [ s0 = [ &_12 <- [%#sindex_range4] (0 : usize) ] s1 + [ s0 = [ &_12 <- [%#sindex_range4] (0 : UInt64.t) ] s1 | s1 = [ &_13 <- Slice.length s ] s2 - | s2 = UIntSize.lt {_12} {_13} (fun (_ret':bool) -> [ &_14 <- _ret' ] s3) + | s2 = UInt64.lt {_12} {_13} (fun (_ret':bool) -> [ &_14 <- _ret' ] s3) | s3 = {[@expl:index in bounds] [%#sindex_range5] _14} s4 | s4 = bb5 ] | bb5 = s0 - [ s0 = Slice.get {s} {_12} - (fun (r'0:int32) -> - Int32.eq {r'0} {[%#sindex_range6] (0 : int32)} (fun (_ret':bool) -> [ &_10 <- _ret' ] s1)) + [ s0 = Slice64.get {s} {_12} + (fun (r'0:Int32.t) -> + Int32.eq {r'0} {[%#sindex_range6] (0 : Int32.t)} (fun (_ret':bool) -> [ &_10 <- _ret' ] s1)) | s1 = any [ br0 -> {_10 = false} (! bb10) | br1 -> {_10} (! bb6) ] ] | bb6 = s0 - [ s0 = [ &_17 <- [%#sindex_range7] (1 : usize) ] s1 + [ s0 = [ &_17 <- [%#sindex_range7] (1 : UInt64.t) ] s1 | s1 = [ &_18 <- Slice.length s ] s2 - | s2 = UIntSize.lt {_17} {_18} (fun (_ret':bool) -> [ &_19 <- _ret' ] s3) + | s2 = UInt64.lt {_17} {_18} (fun (_ret':bool) -> [ &_19 <- _ret' ] s3) | s3 = {[@expl:index in bounds] [%#sindex_range8] _19} s4 | s4 = bb7 ] | bb7 = s0 - [ s0 = Slice.get {s} {_17} - (fun (r'0:int32) -> - Int32.eq {r'0} {[%#sindex_range9] (1 : int32)} (fun (_ret':bool) -> [ &_15 <- _ret' ] s1)) + [ s0 = Slice64.get {s} {_17} + (fun (r'0:Int32.t) -> + Int32.eq {r'0} {[%#sindex_range9] (1 : Int32.t)} (fun (_ret':bool) -> [ &_15 <- _ret' ] s1)) | s1 = any [ br0 -> {_15 = false} (! bb9) | br1 -> {_15} (! bb8) ] ] | bb8 = s0 [ s0 = - [ &_24 <- { t_Range__start'0 = ([%#sindex_range10] (3 : usize)); - t_Range__end'0 = ([%#sindex_range11] (5 : usize)) } ] + [ &_24 <- { t_Range__start'0 = ([%#sindex_range10] (3 : UInt64.t)); + t_Range__end'0 = ([%#sindex_range11] (5 : UInt64.t)) } ] s1 - | s1 = index'0 {arr} {_24} (fun (_ret':slice int32) -> [ &_22 <- _ret' ] s2) + | s1 = index'0 {arr} {_24} (fun (_ret':slice Int32.t) -> [ &_22 <- _ret' ] s2) | s2 = bb13 ] - | bb13 = s0 [ s0 = [ &s1 <- _22 ] s1 | s1 = len'0 {s1} (fun (_ret':usize) -> [ &_27 <- _ret' ] s2) | s2 = bb14 ] + | bb13 = s0 + [ s0 = [ &s1 <- _22 ] s1 | s1 = len'0 {s1} (fun (_ret':UInt64.t) -> [ &_27 <- _ret' ] s2) | s2 = bb14 ] + | bb14 = s0 - [ s0 = UIntSize.eq {_27} {[%#sindex_range12] (2 : usize)} (fun (_ret':bool) -> [ &_26 <- _ret' ] s1) + [ s0 = UInt64.eq {_27} {[%#sindex_range12] (2 : UInt64.t)} (fun (_ret':bool) -> [ &_26 <- _ret' ] s1) | s1 = any [ br0 -> {_26 = false} (! bb22) | br1 -> {_26} (! bb15) ] ] | bb15 = s0 - [ s0 = [ &_31 <- [%#sindex_range13] (0 : usize) ] s1 + [ s0 = [ &_31 <- [%#sindex_range13] (0 : UInt64.t) ] s1 | s1 = [ &_32 <- Slice.length s1 ] s2 - | s2 = UIntSize.lt {_31} {_32} (fun (_ret':bool) -> [ &_33 <- _ret' ] s3) + | s2 = UInt64.lt {_31} {_32} (fun (_ret':bool) -> [ &_33 <- _ret' ] s3) | s3 = {[@expl:index in bounds] [%#sindex_range14] _33} s4 | s4 = bb16 ] | bb16 = s0 - [ s0 = Slice.get {s1} {_31} - (fun (r'0:int32) -> - Int32.eq {r'0} {[%#sindex_range15] (3 : int32)} (fun (_ret':bool) -> [ &_29 <- _ret' ] s1)) + [ s0 = Slice64.get {s1} {_31} + (fun (r'0:Int32.t) -> + Int32.eq {r'0} {[%#sindex_range15] (3 : Int32.t)} (fun (_ret':bool) -> [ &_29 <- _ret' ] s1)) | s1 = any [ br0 -> {_29 = false} (! bb21) | br1 -> {_29} (! bb17) ] ] | bb17 = s0 - [ s0 = [ &_36 <- [%#sindex_range16] (1 : usize) ] s1 + [ s0 = [ &_36 <- [%#sindex_range16] (1 : UInt64.t) ] s1 | s1 = [ &_37 <- Slice.length s1 ] s2 - | s2 = UIntSize.lt {_36} {_37} (fun (_ret':bool) -> [ &_38 <- _ret' ] s3) + | s2 = UInt64.lt {_36} {_37} (fun (_ret':bool) -> [ &_38 <- _ret' ] s3) | s3 = {[@expl:index in bounds] [%#sindex_range17] _38} s4 | s4 = bb18 ] | bb18 = s0 - [ s0 = Slice.get {s1} {_36} - (fun (r'0:int32) -> - Int32.eq {r'0} {[%#sindex_range18] (4 : int32)} (fun (_ret':bool) -> [ &_34 <- _ret' ] s1)) + [ s0 = Slice64.get {s1} {_36} + (fun (r'0:Int32.t) -> + Int32.eq {r'0} {[%#sindex_range18] (4 : Int32.t)} (fun (_ret':bool) -> [ &_34 <- _ret' ] s1)) | s1 = any [ br0 -> {_34 = false} (! bb20) | br1 -> {_34} (! bb19) ] ] | bb19 = s0 [ s0 = - [ &_46 <- { t_Range__start'0 = ([%#sindex_range19] (2 : usize)); - t_Range__end'0 = ([%#sindex_range20] (2 : usize)) } ] + [ &_46 <- { t_Range__start'0 = ([%#sindex_range19] (2 : UInt64.t)); + t_Range__end'0 = ([%#sindex_range20] (2 : UInt64.t)) } ] s1 - | s1 = index'0 {arr} {_46} (fun (_ret':slice int32) -> [ &_44 <- _ret' ] s2) + | s1 = index'0 {arr} {_46} (fun (_ret':slice Int32.t) -> [ &_44 <- _ret' ] s2) | s2 = bb24 ] - | bb24 = s0 [ s0 = len'0 {_44} (fun (_ret':usize) -> [ &_42 <- _ret' ] s1) | s1 = bb25 ] + | bb24 = s0 [ s0 = len'0 {_44} (fun (_ret':UInt64.t) -> [ &_42 <- _ret' ] s1) | s1 = bb25 ] | bb25 = s0 - [ s0 = UIntSize.eq {_42} {[%#sindex_range21] (0 : usize)} (fun (_ret':bool) -> [ &_41 <- _ret' ] s1) + [ s0 = UInt64.eq {_42} {[%#sindex_range21] (0 : UInt64.t)} (fun (_ret':bool) -> [ &_41 <- _ret' ] s1) | s1 = any [ br0 -> {_41 = false} (! bb27) | br1 -> {_41} (! bb26) ] ] | bb26 = s0 [ s0 = - [ &_54 <- { t_Range__start'0 = ([%#sindex_range22] (5 : usize)); - t_Range__end'0 = ([%#sindex_range23] (5 : usize)) } ] + [ &_54 <- { t_Range__start'0 = ([%#sindex_range22] (5 : UInt64.t)); + t_Range__end'0 = ([%#sindex_range23] (5 : UInt64.t)) } ] s1 - | s1 = index'0 {arr} {_54} (fun (_ret':slice int32) -> [ &_52 <- _ret' ] s2) + | s1 = index'0 {arr} {_54} (fun (_ret':slice Int32.t) -> [ &_52 <- _ret' ] s2) | s2 = bb28 ] - | bb28 = s0 [ s0 = len'0 {_52} (fun (_ret':usize) -> [ &_50 <- _ret' ] s1) | s1 = bb29 ] + | bb28 = s0 [ s0 = len'0 {_52} (fun (_ret':UInt64.t) -> [ &_50 <- _ret' ] s1) | s1 = bb29 ] | bb29 = s0 - [ s0 = UIntSize.eq {_50} {[%#sindex_range24] (0 : usize)} (fun (_ret':bool) -> [ &_49 <- _ret' ] s1) + [ s0 = UInt64.eq {_50} {[%#sindex_range24] (0 : UInt64.t)} (fun (_ret':bool) -> [ &_49 <- _ret' ] s1) | s1 = any [ br0 -> {_49 = false} (! bb31) | br1 -> {_49} (! bb30) ] ] - | bb30 = s0 [ s0 = deref'0 {arr} (fun (_ret':slice int32) -> [ &_61 <- _ret' ] s1) | s1 = bb32 ] + | bb30 = s0 [ s0 = deref'0 {arr} (fun (_ret':slice Int32.t) -> [ &_61 <- _ret' ] s1) | s1 = bb32 ] | bb32 = s0 [ s0 = - [ &_63 <- { t_Range__start'0 = ([%#sindex_range25] (2 : usize)); - t_Range__end'0 = ([%#sindex_range26] (6 : usize)) } ] + [ &_63 <- { t_Range__start'0 = ([%#sindex_range25] (2 : UInt64.t)); + t_Range__end'0 = ([%#sindex_range26] (6 : UInt64.t)) } ] s1 | s1 = get'0 {_61} {_63} (fun (_ret':t_Option'0) -> [ &_59 <- _ret' ] s2) @@ -563,11 +568,11 @@ module M_index_range__test_range [#"index_range.rs" 27 0 27 19] | bb33 = s0 [ s0 = is_none'0 {_59} (fun (_ret':bool) -> [ &_57 <- _ret' ] s1) | s1 = bb34 ] | bb34 = any [ br0 -> {_57 = false} (! bb36) | br1 -> {_57} (! bb35) ] - | bb35 = s0 [ s0 = deref'0 {arr} (fun (_ret':slice int32) -> [ &_70 <- _ret' ] s1) | s1 = bb37 ] + | bb35 = s0 [ s0 = deref'0 {arr} (fun (_ret':slice Int32.t) -> [ &_70 <- _ret' ] s1) | s1 = bb37 ] | bb37 = s0 [ s0 = - [ &_72 <- { t_Range__start'0 = ([%#sindex_range27] (2 : usize)); - t_Range__end'0 = ([%#sindex_range28] (1 : usize)) } ] + [ &_72 <- { t_Range__start'0 = ([%#sindex_range27] (2 : UInt64.t)); + t_Range__end'0 = ([%#sindex_range28] (1 : UInt64.t)) } ] s1 | s1 = get'0 {_70} {_72} (fun (_ret':t_Option'0) -> [ &_68 <- _ret' ] s2) @@ -575,11 +580,11 @@ module M_index_range__test_range [#"index_range.rs" 27 0 27 19] | bb38 = s0 [ s0 = is_none'0 {_68} (fun (_ret':bool) -> [ &_66 <- _ret' ] s1) | s1 = bb39 ] | bb39 = any [ br0 -> {_66 = false} (! bb41) | br1 -> {_66} (! bb40) ] - | bb40 = s0 [ s0 = deref'0 {arr} (fun (_ret':slice int32) -> [ &_79 <- _ret' ] s1) | s1 = bb42 ] + | bb40 = s0 [ s0 = deref'0 {arr} (fun (_ret':slice Int32.t) -> [ &_79 <- _ret' ] s1) | s1 = bb42 ] | bb42 = s0 [ s0 = - [ &_81 <- { t_Range__start'0 = ([%#sindex_range29] (6 : usize)); - t_Range__end'0 = ([%#sindex_range30] (6 : usize)) } ] + [ &_81 <- { t_Range__start'0 = ([%#sindex_range29] (6 : UInt64.t)); + t_Range__end'0 = ([%#sindex_range30] (6 : UInt64.t)) } ] s1 | s1 = get'0 {_79} {_81} (fun (_ret':t_Option'0) -> [ &_77 <- _ret' ] s2) @@ -587,11 +592,11 @@ module M_index_range__test_range [#"index_range.rs" 27 0 27 19] | bb43 = s0 [ s0 = is_none'0 {_77} (fun (_ret':bool) -> [ &_75 <- _ret' ] s1) | s1 = bb44 ] | bb44 = any [ br0 -> {_75 = false} (! bb46) | br1 -> {_75} (! bb45) ] - | bb45 = s0 [ s0 = deref'0 {arr} (fun (_ret':slice int32) -> [ &_88 <- _ret' ] s1) | s1 = bb47 ] + | bb45 = s0 [ s0 = deref'0 {arr} (fun (_ret':slice Int32.t) -> [ &_88 <- _ret' ] s1) | s1 = bb47 ] | bb47 = s0 [ s0 = - [ &_90 <- { t_Range__start'0 = ([%#sindex_range31] (10 : usize)); - t_Range__end'0 = ([%#sindex_range32] (10 : usize)) } ] + [ &_90 <- { t_Range__start'0 = ([%#sindex_range31] (10 : UInt64.t)); + t_Range__end'0 = ([%#sindex_range32] (10 : UInt64.t)) } ] s1 | s1 = get'0 {_88} {_90} (fun (_ret':t_Option'0) -> [ &_86 <- _ret' ] s2) @@ -603,94 +608,99 @@ module M_index_range__test_range [#"index_range.rs" 27 0 27 19] [ s0 = Borrow.borrow_mut {arr} (fun (_ret':borrowed (t_Vec'0)) -> [ &_94 <- _ret' ] [ &arr <- _ret'.final ] s1) | s1 = - [ &_95 <- { t_Range__start'0 = ([%#sindex_range33] (1 : usize)); - t_Range__end'0 = ([%#sindex_range34] (4 : usize)) } ] + [ &_95 <- { t_Range__start'0 = ([%#sindex_range33] (1 : UInt64.t)); + t_Range__end'0 = ([%#sindex_range34] (4 : UInt64.t)) } ] s2 - | s2 = index_mut'0 {_94} {_95} (fun (_ret':borrowed (slice int32)) -> [ &_93 <- _ret' ] s3) + | s2 = index_mut'0 {_94} {_95} (fun (_ret':borrowed (slice Int32.t)) -> [ &_93 <- _ret' ] s3) | s3 = bb52 ] | bb52 = s0 - [ s0 = Borrow.borrow_final {_93.current} {Borrow.get_id _93} - (fun (_ret':borrowed (slice int32)) -> [ &s2 <- _ret' ] [ &_93 <- { _93 with current = _ret'.final } ] s1) - | s1 = len'0 {s2.current} (fun (_ret':usize) -> [ &_98 <- _ret' ] s2) + [ s0 = Borrow.borrow_final {_93.current} {Borrow.get_id _93} + (fun (_ret':borrowed (slice Int32.t)) -> [ &s2 <- _ret' ] [ &_93 <- { _93 with current = _ret'.final } ] s1) + | s1 = len'0 {s2.current} (fun (_ret':UInt64.t) -> [ &_98 <- _ret' ] s2) | s2 = bb53 ] | bb53 = s0 - [ s0 = UIntSize.eq {_98} {[%#sindex_range35] (3 : usize)} (fun (_ret':bool) -> [ &_97 <- _ret' ] s1) + [ s0 = UInt64.eq {_98} {[%#sindex_range35] (3 : UInt64.t)} (fun (_ret':bool) -> [ &_97 <- _ret' ] s1) | s1 = any [ br0 -> {_97 = false} (! bb55) | br1 -> {_97} (! bb54) ] ] | bb54 = s0 - [ s0 = [ &_101 <- [%#sindex_range36] (0 : usize) ] s1 + [ s0 = [ &_101 <- [%#sindex_range36] (0 : UInt64.t) ] s1 | s1 = [ &_102 <- Slice.length s2.current ] s2 - | s2 = UIntSize.lt {_101} {_102} (fun (_ret':bool) -> [ &_103 <- _ret' ] s3) + | s2 = UInt64.lt {_101} {_102} (fun (_ret':bool) -> [ &_103 <- _ret' ] s3) | s3 = {[@expl:index in bounds] [%#sindex_range37] _103} s4 | s4 = bb56 ] | bb56 = s0 - [ s0 = Slice.set {s2.current} {_101} {[%#sindex_range38] (-1 : int32)} - (fun (r'0:slice int32) -> [ &s2 <- { s2 with current = r'0 } ] s1) - | s1 = [ &_104 <- [%#sindex_range39] (1 : usize) ] s2 + [ s0 = Slice64.set {s2.current} {_101} {[%#sindex_range38] (-1 : Int32.t)} + (fun (r'0:slice Int32.t) -> [ &s2 <- { s2 with current = r'0 } ] s1) + | s1 = [ &_104 <- [%#sindex_range39] (1 : UInt64.t) ] s2 | s2 = [ &_105 <- Slice.length s2.current ] s3 - | s3 = UIntSize.lt {_104} {_105} (fun (_ret':bool) -> [ &_106 <- _ret' ] s4) + | s3 = UInt64.lt {_104} {_105} (fun (_ret':bool) -> [ &_106 <- _ret' ] s4) | s4 = {[@expl:index in bounds] [%#sindex_range40] _106} s5 | s5 = bb57 ] | bb57 = s0 - [ s0 = Slice.set {s2.current} {_104} {[%#sindex_range41] (-1 : int32)} - (fun (r'0:slice int32) -> [ &s2 <- { s2 with current = r'0 } ] s1) - | s1 = [ &_110 <- [%#sindex_range42] (2 : usize) ] s2 + [ s0 = Slice64.set {s2.current} {_104} {[%#sindex_range41] (-1 : Int32.t)} + (fun (r'0:slice Int32.t) -> [ &s2 <- { s2 with current = r'0 } ] s1) + | s1 = [ &_110 <- [%#sindex_range42] (2 : UInt64.t) ] s2 | s2 = [ &_111 <- Slice.length s2.current ] s3 - | s3 = UIntSize.lt {_110} {_111} (fun (_ret':bool) -> [ &_112 <- _ret' ] s4) + | s3 = UInt64.lt {_110} {_111} (fun (_ret':bool) -> [ &_112 <- _ret' ] s4) | s4 = {[@expl:index in bounds] [%#sindex_range43] _112} s5 | s5 = bb58 ] | bb58 = s0 [ s0 = -{resolve'0 s2}- s1 | s1 = -{resolve'0 _93}- s2 - | s2 = Slice.get {s2.current} {_110} - (fun (r'0:int32) -> - Int32.eq {r'0} {[%#sindex_range44] (3 : int32)} (fun (_ret':bool) -> [ &_108 <- _ret' ] s3)) + | s2 = Slice64.get {s2.current} {_110} + (fun (r'0:Int32.t) -> + Int32.eq {r'0} {[%#sindex_range44] (3 : Int32.t)} (fun (_ret':bool) -> [ &_108 <- _ret' ] s3)) | s3 = any [ br0 -> {_108 = false} (! bb60) | br1 -> {_108} (! bb59) ] ] - | bb59 = s0 [ s0 = len'1 {arr} (fun (_ret':usize) -> [ &_116 <- _ret' ] s1) | s1 = bb61 ] + | bb59 = s0 [ s0 = len'1 {arr} (fun (_ret':UInt64.t) -> [ &_116 <- _ret' ] s1) | s1 = bb61 ] | bb61 = s0 - [ s0 = UIntSize.eq {_116} {[%#sindex_range45] (5 : usize)} (fun (_ret':bool) -> [ &_115 <- _ret' ] s1) + [ s0 = UInt64.eq {_116} {[%#sindex_range45] (5 : UInt64.t)} (fun (_ret':bool) -> [ &_115 <- _ret' ] s1) | s1 = any [ br0 -> {_115 = false} (! bb63) | br1 -> {_115} (! bb62) ] ] | bb62 = s0 - [ s0 = index'1 {arr} {[%#sindex_range46] (0 : usize)} (fun (_ret':int32) -> [ &_122 <- _ret' ] s1) | s1 = bb64 ] + [ s0 = index'1 {arr} {[%#sindex_range46] (0 : UInt64.t)} (fun (_ret':Int32.t) -> [ &_122 <- _ret' ] s1) + | s1 = bb64 ] | bb64 = s0 - [ s0 = Int32.eq {_122} {[%#sindex_range47] (0 : int32)} (fun (_ret':bool) -> [ &_120 <- _ret' ] s1) + [ s0 = Int32.eq {_122} {[%#sindex_range47] (0 : Int32.t)} (fun (_ret':bool) -> [ &_120 <- _ret' ] s1) | s1 = any [ br0 -> {_120 = false} (! bb66) | br1 -> {_120} (! bb65) ] ] | bb65 = s0 - [ s0 = index'1 {arr} {[%#sindex_range48] (1 : usize)} (fun (_ret':int32) -> [ &_128 <- _ret' ] s1) | s1 = bb67 ] + [ s0 = index'1 {arr} {[%#sindex_range48] (1 : UInt64.t)} (fun (_ret':Int32.t) -> [ &_128 <- _ret' ] s1) + | s1 = bb67 ] | bb67 = s0 - [ s0 = Int32.eq {_128} {[%#sindex_range49] (-1 : int32)} (fun (_ret':bool) -> [ &_126 <- _ret' ] s1) + [ s0 = Int32.eq {_128} {[%#sindex_range49] (-1 : Int32.t)} (fun (_ret':bool) -> [ &_126 <- _ret' ] s1) | s1 = any [ br0 -> {_126 = false} (! bb69) | br1 -> {_126} (! bb68) ] ] | bb68 = s0 - [ s0 = index'1 {arr} {[%#sindex_range50] (2 : usize)} (fun (_ret':int32) -> [ &_134 <- _ret' ] s1) | s1 = bb70 ] + [ s0 = index'1 {arr} {[%#sindex_range50] (2 : UInt64.t)} (fun (_ret':Int32.t) -> [ &_134 <- _ret' ] s1) + | s1 = bb70 ] | bb70 = s0 - [ s0 = Int32.eq {_134} {[%#sindex_range51] (-1 : int32)} (fun (_ret':bool) -> [ &_132 <- _ret' ] s1) + [ s0 = Int32.eq {_134} {[%#sindex_range51] (-1 : Int32.t)} (fun (_ret':bool) -> [ &_132 <- _ret' ] s1) | s1 = any [ br0 -> {_132 = false} (! bb72) | br1 -> {_132} (! bb71) ] ] | bb71 = s0 - [ s0 = index'1 {arr} {[%#sindex_range52] (3 : usize)} (fun (_ret':int32) -> [ &_140 <- _ret' ] s1) | s1 = bb73 ] + [ s0 = index'1 {arr} {[%#sindex_range52] (3 : UInt64.t)} (fun (_ret':Int32.t) -> [ &_140 <- _ret' ] s1) + | s1 = bb73 ] | bb73 = s0 - [ s0 = Int32.eq {_140} {[%#sindex_range53] (3 : int32)} (fun (_ret':bool) -> [ &_138 <- _ret' ] s1) + [ s0 = Int32.eq {_140} {[%#sindex_range53] (3 : Int32.t)} (fun (_ret':bool) -> [ &_138 <- _ret' ] s1) | s1 = any [ br0 -> {_138 = false} (! bb75) | br1 -> {_138} (! bb74) ] ] | bb74 = s0 - [ s0 = index'1 {arr} {[%#sindex_range54] (4 : usize)} (fun (_ret':int32) -> [ &_146 <- _ret' ] s1) | s1 = bb76 ] + [ s0 = index'1 {arr} {[%#sindex_range54] (4 : UInt64.t)} (fun (_ret':Int32.t) -> [ &_146 <- _ret' ] s1) + | s1 = bb76 ] | bb76 = s0 - [ s0 = Int32.eq {_146} {[%#sindex_range55] (4 : int32)} (fun (_ret':bool) -> [ &_144 <- _ret' ] s1) + [ s0 = Int32.eq {_146} {[%#sindex_range55] (4 : Int32.t)} (fun (_ret':bool) -> [ &_144 <- _ret' ] s1) | s1 = any [ br0 -> {_144 = false} (! bb78) | br1 -> {_144} (! bb77) ] ] | bb77 = bb79 @@ -720,84 +730,84 @@ module M_index_range__test_range [#"index_range.rs" 27 0 27 19] ) [ & _0 : () = any_l () | & arr : t_Vec'0 = any_l () - | & s : slice int32 = any_l () - | & _3 : slice int32 = any_l () + | & s : slice Int32.t = any_l () + | & _3 : slice Int32.t = any_l () | & _5 : t_Range'0 = any_l () | & _7 : bool = any_l () - | & _8 : usize = any_l () + | & _8 : UInt64.t = any_l () | & _10 : bool = any_l () - | & _12 : usize = any_l () - | & _13 : usize = any_l () + | & _12 : UInt64.t = any_l () + | & _13 : UInt64.t = any_l () | & _14 : bool = any_l () | & _15 : bool = any_l () - | & _17 : usize = any_l () - | & _18 : usize = any_l () + | & _17 : UInt64.t = any_l () + | & _18 : UInt64.t = any_l () | & _19 : bool = any_l () - | & s1 : slice int32 = any_l () - | & _22 : slice int32 = any_l () + | & s1 : slice Int32.t = any_l () + | & _22 : slice Int32.t = any_l () | & _24 : t_Range'0 = any_l () | & _26 : bool = any_l () - | & _27 : usize = any_l () + | & _27 : UInt64.t = any_l () | & _29 : bool = any_l () - | & _31 : usize = any_l () - | & _32 : usize = any_l () + | & _31 : UInt64.t = any_l () + | & _32 : UInt64.t = any_l () | & _33 : bool = any_l () | & _34 : bool = any_l () - | & _36 : usize = any_l () - | & _37 : usize = any_l () + | & _36 : UInt64.t = any_l () + | & _37 : UInt64.t = any_l () | & _38 : bool = any_l () | & _41 : bool = any_l () - | & _42 : usize = any_l () - | & _44 : slice int32 = any_l () + | & _42 : UInt64.t = any_l () + | & _44 : slice Int32.t = any_l () | & _46 : t_Range'0 = any_l () | & _49 : bool = any_l () - | & _50 : usize = any_l () - | & _52 : slice int32 = any_l () + | & _50 : UInt64.t = any_l () + | & _52 : slice Int32.t = any_l () | & _54 : t_Range'0 = any_l () | & _57 : bool = any_l () | & _59 : t_Option'0 = any_l () - | & _61 : slice int32 = any_l () + | & _61 : slice Int32.t = any_l () | & _63 : t_Range'0 = any_l () | & _66 : bool = any_l () | & _68 : t_Option'0 = any_l () - | & _70 : slice int32 = any_l () + | & _70 : slice Int32.t = any_l () | & _72 : t_Range'0 = any_l () | & _75 : bool = any_l () | & _77 : t_Option'0 = any_l () - | & _79 : slice int32 = any_l () + | & _79 : slice Int32.t = any_l () | & _81 : t_Range'0 = any_l () | & _84 : bool = any_l () | & _86 : t_Option'0 = any_l () - | & _88 : slice int32 = any_l () + | & _88 : slice Int32.t = any_l () | & _90 : t_Range'0 = any_l () - | & s2 : borrowed (slice int32) = any_l () - | & _93 : borrowed (slice int32) = any_l () + | & s2 : borrowed (slice Int32.t) = any_l () + | & _93 : borrowed (slice Int32.t) = any_l () | & _94 : borrowed (t_Vec'0) = any_l () | & _95 : t_Range'0 = any_l () | & _97 : bool = any_l () - | & _98 : usize = any_l () - | & _101 : usize = any_l () - | & _102 : usize = any_l () + | & _98 : UInt64.t = any_l () + | & _101 : UInt64.t = any_l () + | & _102 : UInt64.t = any_l () | & _103 : bool = any_l () - | & _104 : usize = any_l () - | & _105 : usize = any_l () + | & _104 : UInt64.t = any_l () + | & _105 : UInt64.t = any_l () | & _106 : bool = any_l () | & _108 : bool = any_l () - | & _110 : usize = any_l () - | & _111 : usize = any_l () + | & _110 : UInt64.t = any_l () + | & _111 : UInt64.t = any_l () | & _112 : bool = any_l () | & _115 : bool = any_l () - | & _116 : usize = any_l () + | & _116 : UInt64.t = any_l () | & _120 : bool = any_l () - | & _122 : int32 = any_l () + | & _122 : Int32.t = any_l () | & _126 : bool = any_l () - | & _128 : int32 = any_l () + | & _128 : Int32.t = any_l () | & _132 : bool = any_l () - | & _134 : int32 = any_l () + | & _134 : Int32.t = any_l () | & _138 : bool = any_l () - | & _140 : int32 = any_l () + | & _140 : Int32.t = any_l () | & _144 : bool = any_l () - | & _146 : int32 = any_l () ] + | & _146 : Int32.t = any_l () ] [ return' (result:())-> (! return' {result}) ] end module M_index_range__test_range_to [#"index_range.rs" 78 0 78 22] @@ -849,10 +859,10 @@ module M_index_range__test_range_to [#"index_range.rs" 78 0 78 22] let%span sindex_range45 = "index_range.rs" 7 4 12 22 let%span svec46 = "../../../creusot-contracts/src/std/vec.rs" 162 27 162 46 let%span svec47 = "../../../creusot-contracts/src/std/vec.rs" 163 26 163 54 - let%span sslice48 = "../../../creusot-contracts/src/std/slice.rs" 245 0 354 1 + let%span sslice48 = "../../../creusot-contracts/src/std/slice.rs" 263 0 372 1 let%span svec49 = "../../../creusot-contracts/src/std/vec.rs" 169 26 169 42 - let%span sslice50 = "../../../creusot-contracts/src/std/slice.rs" 262 18 262 100 - let%span sslice51 = "../../../creusot-contracts/src/std/slice.rs" 263 18 263 55 + let%span sslice50 = "../../../creusot-contracts/src/std/slice.rs" 280 18 280 100 + let%span sslice51 = "../../../creusot-contracts/src/std/slice.rs" 281 18 281 55 let%span soption52 = "../../../creusot-contracts/src/std/option.rs" 51 26 51 51 let%span svec53 = "../../../creusot-contracts/src/std/vec.rs" 152 27 152 46 let%span svec54 = "../../../creusot-contracts/src/std/vec.rs" 153 26 153 54 @@ -863,25 +873,25 @@ module M_index_range__test_range_to [#"index_range.rs" 78 0 78 22] let%span svec59 = "../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 let%span sops60 = "../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 let%span smodel61 = "../../../creusot-contracts/src/model.rs" 88 8 88 22 - let%span sslice62 = "../../../creusot-contracts/src/std/slice.rs" 167 20 167 42 - let%span sslice63 = "../../../creusot-contracts/src/std/slice.rs" 173 20 173 57 + let%span sslice62 = "../../../creusot-contracts/src/std/slice.rs" 185 20 185 42 + let%span sslice63 = "../../../creusot-contracts/src/std/slice.rs" 191 20 191 57 let%span smodel64 = "../../../creusot-contracts/src/model.rs" 106 8 106 22 - let%span sslice65 = "../../../creusot-contracts/src/std/slice.rs" 179 20 179 88 + let%span sslice65 = "../../../creusot-contracts/src/std/slice.rs" 197 20 197 88 let%span sresolve66 = "../../../creusot-contracts/src/resolve.rs" 54 20 54 34 - let%span sslice67 = "../../../creusot-contracts/src/std/slice.rs" 122 20 122 37 - let%span sslice68 = "../../../creusot-contracts/src/std/slice.rs" 129 20 129 37 + let%span sslice67 = "../../../creusot-contracts/src/std/slice.rs" 140 20 140 37 + let%span sslice68 = "../../../creusot-contracts/src/std/slice.rs" 147 20 147 37 let%span sslice69 = "../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 let%span sslice70 = "../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 use seq.Seq - use prelude.prelude.UIntSize + use prelude.prelude.Int - constant v_MAX'0 : usize = (18446744073709551615 : usize) + use prelude.prelude.UInt64 - use prelude.prelude.UIntSize + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.Int + use prelude.prelude.UInt64 use prelude.prelude.Opaque @@ -892,25 +902,25 @@ module M_index_range__test_range_to [#"index_range.rs" 78 0 78 22] { t_Unique__pointer'0: t_NonNull'0; t_Unique__qy95zmarker'0: () } type t_Cap'0 = - { t_Cap__0'0: usize } + { t_Cap__0'0: UInt64.t } type t_RawVec'0 = { t_RawVec__ptr'0: t_Unique'0; t_RawVec__cap'0: t_Cap'0; t_RawVec__alloc'0: () } type t_Vec'0 = - { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: usize } + { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: UInt64.t } use prelude.prelude.Int32 use seq.Seq - function view'0 (self : t_Vec'0) : Seq.seq int32 + function view'0 (self : t_Vec'0) : Seq.seq Int32.t - axiom view'0_spec : forall self : t_Vec'0 . [%#svec59] Seq.length (view'0 self) <= UIntSize.to_int (v_MAX'0 : usize) + axiom view'0_spec : forall self : t_Vec'0 . [%#svec59] Seq.length (view'0 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) use seq.Seq - function index_logic'0 [@inline:trivial] (self : t_Vec'0) (ix : int) : int32 = + function index_logic'0 [@inline:trivial] (self : t_Vec'0) (ix : int) : Int32.t = [%#sops60] Seq.get (view'0 self) ix use prelude.prelude.Int32 @@ -925,7 +935,7 @@ module M_index_range__test_range_to [#"index_range.rs" 78 0 78 22] type t_RangeTo'0 = - { t_RangeTo__end'0: usize } + { t_RangeTo__end'0: UInt64.t } use prelude.prelude.Borrow @@ -937,65 +947,67 @@ module M_index_range__test_range_to [#"index_range.rs" 78 0 78 22] axiom inv_axiom'1 [@rewrite] : forall x : t_RangeTo'0 [inv'1 x] . inv'1 x = true - function view'1 (self : t_Vec'0) : Seq.seq int32 = + function view'1 (self : t_Vec'0) : Seq.seq Int32.t = [%#smodel61] view'0 self - predicate in_bounds'0 (self : t_RangeTo'0) (seq : Seq.seq int32) = - [%#sslice62] UIntSize.to_int self.t_RangeTo__end'0 <= Seq.length seq + predicate in_bounds'0 (self : t_RangeTo'0) (seq : Seq.seq Int32.t) = + [%#sslice62] UInt64.to_uint self.t_RangeTo__end'0 <= Seq.length seq - use prelude.prelude.Slice + use Slice64.create - predicate inv'2 (_1 : slice int32) + predicate inv'2 (_1 : slice Int32.t) - axiom inv_axiom'2 [@rewrite] : forall x : slice int32 [inv'2 x] . inv'2 x = true + axiom inv_axiom'2 [@rewrite] : forall x : slice Int32.t [inv'2 x] . inv'2 x = true use seq.Seq - use prelude.prelude.Slice + use prelude.prelude.Slice64 - function view'4 (self : slice int32) : Seq.seq int32 + function view'4 (self : slice Int32.t) : Seq.seq Int32.t - axiom view'4_spec : forall self : slice int32 . ([%#sslice69] Seq.length (view'4 self) - <= UIntSize.to_int (v_MAX'0 : usize)) - && ([%#sslice70] view'4 self = Slice.id self) + axiom view'4_spec : forall self : slice Int32.t . ([%#sslice69] Seq.length (view'4 self) + <= UInt64.to_uint (v_MAX'0 : UInt64.t)) + && ([%#sslice70] view'4 self = Slice64.id self) - predicate has_value'0 (self : t_RangeTo'0) (seq : Seq.seq int32) (out : slice int32) = - [%#sslice63] Seq.([..]) seq 0 (UIntSize.to_int self.t_RangeTo__end'0) = view'4 out + predicate has_value'0 (self : t_RangeTo'0) (seq : Seq.seq Int32.t) (out : slice Int32.t) = + [%#sslice63] Seq.([..]) seq 0 (UInt64.to_uint self.t_RangeTo__end'0) = view'4 out - let rec index'0 (self:t_Vec'0) (index:t_RangeTo'0) (return' (ret:slice int32))= {[@expl:index 'self' type invariant] inv'0 self} + let rec index'0 (self:t_Vec'0) (index:t_RangeTo'0) (return' (ret:slice Int32.t))= {[@expl:index 'self' type invariant] inv'0 self} {[@expl:index 'index' type invariant] inv'1 index} {[@expl:index requires] [%#svec46] in_bounds'0 index (view'1 self)} any - [ return' (result:slice int32)-> {inv'2 result} + [ return' (result:slice Int32.t)-> {inv'2 result} {[%#svec47] has_value'0 index (view'1 self) result} (! return' {result}) ] - function view'2 (self : slice int32) : Seq.seq int32 = + function view'2 (self : slice Int32.t) : Seq.seq Int32.t = [%#smodel61] view'4 self - let rec len'0 (self:slice int32) (return' (ret:usize))= {[@expl:len 'self' type invariant] inv'2 self} + let rec len'0 (self:slice Int32.t) (return' (ret:UInt64.t))= {[@expl:len 'self' type invariant] inv'2 self} any - [ return' (result:usize)-> {[%#sslice48] Seq.length (view'2 self) = UIntSize.to_int result} (! return' {result}) ] + [ return' (result:UInt64.t)-> {[%#sslice48] Seq.length (view'2 self) = UInt64.to_uint result} (! return' {result}) ] - let rec deref'0 (self:t_Vec'0) (return' (ret:slice int32))= {[@expl:deref 'self' type invariant] inv'0 self} - any [ return' (result:slice int32)-> {inv'2 result} {[%#svec49] view'2 result = view'1 self} (! return' {result}) ] + let rec deref'0 (self:t_Vec'0) (return' (ret:slice Int32.t))= {[@expl:deref 'self' type invariant] inv'0 self} + any + [ return' (result:slice Int32.t)-> {inv'2 result} {[%#svec49] view'2 result = view'1 self} (! return' {result}) ] + type t_Option'0 = | C_None'0 - | C_Some'0 (slice int32) + | C_Some'0 (slice Int32.t) predicate inv'3 (_1 : t_Option'0) axiom inv_axiom'3 [@rewrite] : forall x : t_Option'0 [inv'3 x] . inv'3 x = true - let rec get'0 (self:slice int32) (index:t_RangeTo'0) (return' (ret:t_Option'0))= {[@expl:get 'self' type invariant] inv'2 self} + let rec get'0 (self:slice Int32.t) (index:t_RangeTo'0) (return' (ret:t_Option'0))= {[@expl:get 'self' type invariant] inv'2 self} {[@expl:get 'index' type invariant] inv'1 index} any [ return' (result:t_Option'0)-> {inv'3 result} {[%#sslice50] in_bounds'0 index (view'2 self) - -> (exists r : slice int32 . result = C_Some'0 r /\ has_value'0 index (view'2 self) r)} + -> (exists r : slice Int32.t . result = C_Some'0 r /\ has_value'0 index (view'2 self) r)} {[%#sslice51] in_bounds'0 index (view'2 self) \/ result = C_None'0} (! return' {result}) ] @@ -1011,22 +1023,22 @@ module M_index_range__test_range_to [#"index_range.rs" 78 0 78 22] axiom inv_axiom'5 [@rewrite] : forall x : borrowed (t_Vec'0) [inv'5 x] . inv'5 x = true - function view'3 (self : borrowed (t_Vec'0)) : Seq.seq int32 = + function view'3 (self : borrowed (t_Vec'0)) : Seq.seq Int32.t = [%#smodel64] view'0 self.current - predicate inv'6 (_1 : borrowed (slice int32)) + predicate inv'6 (_1 : borrowed (slice Int32.t)) - axiom inv_axiom'6 [@rewrite] : forall x : borrowed (slice int32) [inv'6 x] . inv'6 x = true + axiom inv_axiom'6 [@rewrite] : forall x : borrowed (slice Int32.t) [inv'6 x] . inv'6 x = true - predicate resolve_elswhere'0 (self : t_RangeTo'0) (old' : Seq.seq int32) (fin : Seq.seq int32) = - [%#sslice65] forall i : int . UIntSize.to_int self.t_RangeTo__end'0 <= i /\ i < Seq.length old' + predicate resolve_elswhere'0 (self : t_RangeTo'0) (old' : Seq.seq Int32.t) (fin : Seq.seq Int32.t) = + [%#sslice65] forall i : int . UInt64.to_uint self.t_RangeTo__end'0 <= i /\ i < Seq.length old' -> Seq.get old' i = Seq.get fin i - let rec index_mut'0 (self:borrowed (t_Vec'0)) (index:t_RangeTo'0) (return' (ret:borrowed (slice int32)))= {[@expl:index_mut 'self' type invariant] inv'5 self} + let rec index_mut'0 (self:borrowed (t_Vec'0)) (index:t_RangeTo'0) (return' (ret:borrowed (slice Int32.t)))= {[@expl:index_mut 'self' type invariant] inv'5 self} {[@expl:index_mut 'index' type invariant] inv'1 index} {[@expl:index_mut requires] [%#svec53] in_bounds'0 index (view'3 self)} any - [ return' (result:borrowed (slice int32))-> {inv'6 result} + [ return' (result:borrowed (slice Int32.t))-> {inv'6 result} {[%#svec54] has_value'0 index (view'3 self) result.current} {[%#svec55] has_value'0 index (view'0 self.final) result.final} {[%#svec56] resolve_elswhere'0 index (view'3 self) (view'0 self.final)} @@ -1034,36 +1046,38 @@ module M_index_range__test_range_to [#"index_range.rs" 78 0 78 22] (! return' {result}) ] - predicate resolve'1 (self : borrowed (slice int32)) = + predicate resolve'1 (self : borrowed (slice Int32.t)) = [%#sresolve66] self.final = self.current - predicate resolve'0 (_1 : borrowed (slice int32)) = + predicate resolve'0 (_1 : borrowed (slice Int32.t)) = resolve'1 _1 - let rec len'1 (self:t_Vec'0) (return' (ret:usize))= {[@expl:len 'self' type invariant] inv'0 self} + let rec len'1 (self:t_Vec'0) (return' (ret:UInt64.t))= {[@expl:len 'self' type invariant] inv'0 self} any - [ return' (result:usize)-> {[%#svec58] UIntSize.to_int result = Seq.length (view'1 self)} (! return' {result}) ] + [ return' (result:UInt64.t)-> {[%#svec58] UInt64.to_uint result = Seq.length (view'1 self)} (! return' {result}) ] - predicate inv'7 (_1 : usize) + predicate inv'7 (_1 : UInt64.t) - axiom inv_axiom'7 [@rewrite] : forall x : usize [inv'7 x] . inv'7 x = true + axiom inv_axiom'7 [@rewrite] : forall x : UInt64.t [inv'7 x] . inv'7 x = true - predicate in_bounds'1 [@inline:trivial] (self : usize) (seq : Seq.seq int32) = - [%#sslice67] UIntSize.to_int self < Seq.length seq + predicate in_bounds'1 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq Int32.t) = + [%#sslice67] UInt64.to_uint self < Seq.length seq - predicate inv'8 (_1 : int32) + predicate inv'8 (_1 : Int32.t) - axiom inv_axiom'8 [@rewrite] : forall x : int32 [inv'8 x] . inv'8 x = true + axiom inv_axiom'8 [@rewrite] : forall x : Int32.t [inv'8 x] . inv'8 x = true - predicate has_value'1 [@inline:trivial] (self : usize) (seq : Seq.seq int32) (out : int32) = - [%#sslice68] Seq.get seq (UIntSize.to_int self) = out + predicate has_value'1 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq Int32.t) (out : Int32.t) = + [%#sslice68] Seq.get seq (UInt64.to_uint self) = out - let rec index'1 (self:t_Vec'0) (index:usize) (return' (ret:int32))= {[@expl:index 'self' type invariant] inv'0 self} + let rec index'1 (self:t_Vec'0) (index:UInt64.t) (return' (ret:Int32.t))= {[@expl:index 'self' type invariant] inv'0 self} {[@expl:index 'index' type invariant] inv'7 index} {[@expl:index requires] [%#svec46] in_bounds'1 index (view'1 self)} any - [ return' (result:int32)-> {inv'8 result} {[%#svec47] has_value'1 index (view'1 self) result} (! return' {result}) ] + [ return' (result:Int32.t)-> {inv'8 result} + {[%#svec47] has_value'1 index (view'1 self) result} + (! return' {result}) ] use prelude.prelude.Intrinsic @@ -1073,54 +1087,54 @@ module M_index_range__test_range_to [#"index_range.rs" 78 0 78 22] let rec test_range_to'0 (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = create_arr'0 {[%#sindex_range0] ()} (fun (_ret':t_Vec'0) -> [ &arr <- _ret' ] s1) | s1 = bb1 ] | bb1 = s0 - [ s0 = [ &_5 <- { t_RangeTo__end'0 = ([%#sindex_range1] (2 : usize)) } ] s1 - | s1 = index'0 {arr} {_5} (fun (_ret':slice int32) -> [ &_3 <- _ret' ] s2) + [ s0 = [ &_5 <- { t_RangeTo__end'0 = ([%#sindex_range1] (2 : UInt64.t)) } ] s1 + | s1 = index'0 {arr} {_5} (fun (_ret':slice Int32.t) -> [ &_3 <- _ret' ] s2) | s2 = bb2 ] - | bb2 = s0 [ s0 = [ &s <- _3 ] s1 | s1 = len'0 {s} (fun (_ret':usize) -> [ &_8 <- _ret' ] s2) | s2 = bb3 ] + | bb2 = s0 [ s0 = [ &s <- _3 ] s1 | s1 = len'0 {s} (fun (_ret':UInt64.t) -> [ &_8 <- _ret' ] s2) | s2 = bb3 ] | bb3 = s0 - [ s0 = UIntSize.eq {_8} {[%#sindex_range2] (2 : usize)} (fun (_ret':bool) -> [ &_7 <- _ret' ] s1) + [ s0 = UInt64.eq {_8} {[%#sindex_range2] (2 : UInt64.t)} (fun (_ret':bool) -> [ &_7 <- _ret' ] s1) | s1 = any [ br0 -> {_7 = false} (! bb11) | br1 -> {_7} (! bb4) ] ] | bb4 = s0 - [ s0 = [ &_12 <- [%#sindex_range3] (0 : usize) ] s1 + [ s0 = [ &_12 <- [%#sindex_range3] (0 : UInt64.t) ] s1 | s1 = [ &_13 <- Slice.length s ] s2 - | s2 = UIntSize.lt {_12} {_13} (fun (_ret':bool) -> [ &_14 <- _ret' ] s3) + | s2 = UInt64.lt {_12} {_13} (fun (_ret':bool) -> [ &_14 <- _ret' ] s3) | s3 = {[@expl:index in bounds] [%#sindex_range4] _14} s4 | s4 = bb5 ] | bb5 = s0 - [ s0 = Slice.get {s} {_12} - (fun (r'0:int32) -> - Int32.eq {r'0} {[%#sindex_range5] (0 : int32)} (fun (_ret':bool) -> [ &_10 <- _ret' ] s1)) + [ s0 = Slice64.get {s} {_12} + (fun (r'0:Int32.t) -> + Int32.eq {r'0} {[%#sindex_range5] (0 : Int32.t)} (fun (_ret':bool) -> [ &_10 <- _ret' ] s1)) | s1 = any [ br0 -> {_10 = false} (! bb10) | br1 -> {_10} (! bb6) ] ] | bb6 = s0 - [ s0 = [ &_17 <- [%#sindex_range6] (1 : usize) ] s1 + [ s0 = [ &_17 <- [%#sindex_range6] (1 : UInt64.t) ] s1 | s1 = [ &_18 <- Slice.length s ] s2 - | s2 = UIntSize.lt {_17} {_18} (fun (_ret':bool) -> [ &_19 <- _ret' ] s3) + | s2 = UInt64.lt {_17} {_18} (fun (_ret':bool) -> [ &_19 <- _ret' ] s3) | s3 = {[@expl:index in bounds] [%#sindex_range7] _19} s4 | s4 = bb7 ] | bb7 = s0 - [ s0 = Slice.get {s} {_17} - (fun (r'0:int32) -> - Int32.eq {r'0} {[%#sindex_range8] (1 : int32)} (fun (_ret':bool) -> [ &_15 <- _ret' ] s1)) + [ s0 = Slice64.get {s} {_17} + (fun (r'0:Int32.t) -> + Int32.eq {r'0} {[%#sindex_range8] (1 : Int32.t)} (fun (_ret':bool) -> [ &_15 <- _ret' ] s1)) | s1 = any [ br0 -> {_15 = false} (! bb9) | br1 -> {_15} (! bb8) ] ] | bb8 = s0 - [ s0 = [ &_27 <- { t_RangeTo__end'0 = ([%#sindex_range9] (0 : usize)) } ] s1 - | s1 = index'0 {arr} {_27} (fun (_ret':slice int32) -> [ &_25 <- _ret' ] s2) + [ s0 = [ &_27 <- { t_RangeTo__end'0 = ([%#sindex_range9] (0 : UInt64.t)) } ] s1 + | s1 = index'0 {arr} {_27} (fun (_ret':slice Int32.t) -> [ &_25 <- _ret' ] s2) | s2 = bb13 ] - | bb13 = s0 [ s0 = len'0 {_25} (fun (_ret':usize) -> [ &_23 <- _ret' ] s1) | s1 = bb14 ] + | bb13 = s0 [ s0 = len'0 {_25} (fun (_ret':UInt64.t) -> [ &_23 <- _ret' ] s1) | s1 = bb14 ] | bb14 = s0 - [ s0 = UIntSize.eq {_23} {[%#sindex_range10] (0 : usize)} (fun (_ret':bool) -> [ &_22 <- _ret' ] s1) + [ s0 = UInt64.eq {_23} {[%#sindex_range10] (0 : UInt64.t)} (fun (_ret':bool) -> [ &_22 <- _ret' ] s1) | s1 = any [ br0 -> {_22 = false} (! bb16) | br1 -> {_22} (! bb15) ] ] - | bb15 = s0 [ s0 = deref'0 {arr} (fun (_ret':slice int32) -> [ &_34 <- _ret' ] s1) | s1 = bb17 ] + | bb15 = s0 [ s0 = deref'0 {arr} (fun (_ret':slice Int32.t) -> [ &_34 <- _ret' ] s1) | s1 = bb17 ] | bb17 = s0 - [ s0 = [ &_36 <- { t_RangeTo__end'0 = ([%#sindex_range11] (6 : usize)) } ] s1 + [ s0 = [ &_36 <- { t_RangeTo__end'0 = ([%#sindex_range11] (6 : UInt64.t)) } ] s1 | s1 = get'0 {_34} {_36} (fun (_ret':t_Option'0) -> [ &_32 <- _ret' ] s2) | s2 = bb18 ] @@ -1129,91 +1143,96 @@ module M_index_range__test_range_to [#"index_range.rs" 78 0 78 22] | bb20 = s0 [ s0 = Borrow.borrow_mut {arr} (fun (_ret':borrowed (t_Vec'0)) -> [ &_40 <- _ret' ] [ &arr <- _ret'.final ] s1) - | s1 = [ &_41 <- { t_RangeTo__end'0 = ([%#sindex_range12] (3 : usize)) } ] s2 - | s2 = index_mut'0 {_40} {_41} (fun (_ret':borrowed (slice int32)) -> [ &_39 <- _ret' ] s3) + | s1 = [ &_41 <- { t_RangeTo__end'0 = ([%#sindex_range12] (3 : UInt64.t)) } ] s2 + | s2 = index_mut'0 {_40} {_41} (fun (_ret':borrowed (slice Int32.t)) -> [ &_39 <- _ret' ] s3) | s3 = bb22 ] | bb22 = s0 - [ s0 = Borrow.borrow_final {_39.current} {Borrow.get_id _39} - (fun (_ret':borrowed (slice int32)) -> [ &s1 <- _ret' ] [ &_39 <- { _39 with current = _ret'.final } ] s1) - | s1 = len'0 {s1.current} (fun (_ret':usize) -> [ &_44 <- _ret' ] s2) + [ s0 = Borrow.borrow_final {_39.current} {Borrow.get_id _39} + (fun (_ret':borrowed (slice Int32.t)) -> [ &s1 <- _ret' ] [ &_39 <- { _39 with current = _ret'.final } ] s1) + | s1 = len'0 {s1.current} (fun (_ret':UInt64.t) -> [ &_44 <- _ret' ] s2) | s2 = bb23 ] | bb23 = s0 - [ s0 = UIntSize.eq {_44} {[%#sindex_range13] (3 : usize)} (fun (_ret':bool) -> [ &_43 <- _ret' ] s1) + [ s0 = UInt64.eq {_44} {[%#sindex_range13] (3 : UInt64.t)} (fun (_ret':bool) -> [ &_43 <- _ret' ] s1) | s1 = any [ br0 -> {_43 = false} (! bb25) | br1 -> {_43} (! bb24) ] ] | bb24 = s0 - [ s0 = [ &_47 <- [%#sindex_range14] (0 : usize) ] s1 + [ s0 = [ &_47 <- [%#sindex_range14] (0 : UInt64.t) ] s1 | s1 = [ &_48 <- Slice.length s1.current ] s2 - | s2 = UIntSize.lt {_47} {_48} (fun (_ret':bool) -> [ &_49 <- _ret' ] s3) + | s2 = UInt64.lt {_47} {_48} (fun (_ret':bool) -> [ &_49 <- _ret' ] s3) | s3 = {[@expl:index in bounds] [%#sindex_range15] _49} s4 | s4 = bb26 ] | bb26 = s0 - [ s0 = Slice.set {s1.current} {_47} {[%#sindex_range16] (-1 : int32)} - (fun (r'0:slice int32) -> [ &s1 <- { s1 with current = r'0 } ] s1) - | s1 = [ &_50 <- [%#sindex_range17] (2 : usize) ] s2 + [ s0 = Slice64.set {s1.current} {_47} {[%#sindex_range16] (-1 : Int32.t)} + (fun (r'0:slice Int32.t) -> [ &s1 <- { s1 with current = r'0 } ] s1) + | s1 = [ &_50 <- [%#sindex_range17] (2 : UInt64.t) ] s2 | s2 = [ &_51 <- Slice.length s1.current ] s3 - | s3 = UIntSize.lt {_50} {_51} (fun (_ret':bool) -> [ &_52 <- _ret' ] s4) + | s3 = UInt64.lt {_50} {_51} (fun (_ret':bool) -> [ &_52 <- _ret' ] s4) | s4 = {[@expl:index in bounds] [%#sindex_range18] _52} s5 | s5 = bb27 ] | bb27 = s0 - [ s0 = Slice.set {s1.current} {_50} {[%#sindex_range19] (-1 : int32)} - (fun (r'0:slice int32) -> [ &s1 <- { s1 with current = r'0 } ] s1) - | s1 = [ &_56 <- [%#sindex_range20] (1 : usize) ] s2 + [ s0 = Slice64.set {s1.current} {_50} {[%#sindex_range19] (-1 : Int32.t)} + (fun (r'0:slice Int32.t) -> [ &s1 <- { s1 with current = r'0 } ] s1) + | s1 = [ &_56 <- [%#sindex_range20] (1 : UInt64.t) ] s2 | s2 = [ &_57 <- Slice.length s1.current ] s3 - | s3 = UIntSize.lt {_56} {_57} (fun (_ret':bool) -> [ &_58 <- _ret' ] s4) + | s3 = UInt64.lt {_56} {_57} (fun (_ret':bool) -> [ &_58 <- _ret' ] s4) | s4 = {[@expl:index in bounds] [%#sindex_range21] _58} s5 | s5 = bb28 ] | bb28 = s0 [ s0 = -{resolve'0 s1}- s1 | s1 = -{resolve'0 _39}- s2 - | s2 = Slice.get {s1.current} {_56} - (fun (r'0:int32) -> - Int32.eq {r'0} {[%#sindex_range22] (1 : int32)} (fun (_ret':bool) -> [ &_54 <- _ret' ] s3)) + | s2 = Slice64.get {s1.current} {_56} + (fun (r'0:Int32.t) -> + Int32.eq {r'0} {[%#sindex_range22] (1 : Int32.t)} (fun (_ret':bool) -> [ &_54 <- _ret' ] s3)) | s3 = any [ br0 -> {_54 = false} (! bb30) | br1 -> {_54} (! bb29) ] ] - | bb29 = s0 [ s0 = len'1 {arr} (fun (_ret':usize) -> [ &_62 <- _ret' ] s1) | s1 = bb31 ] + | bb29 = s0 [ s0 = len'1 {arr} (fun (_ret':UInt64.t) -> [ &_62 <- _ret' ] s1) | s1 = bb31 ] | bb31 = s0 - [ s0 = UIntSize.eq {_62} {[%#sindex_range23] (5 : usize)} (fun (_ret':bool) -> [ &_61 <- _ret' ] s1) + [ s0 = UInt64.eq {_62} {[%#sindex_range23] (5 : UInt64.t)} (fun (_ret':bool) -> [ &_61 <- _ret' ] s1) | s1 = any [ br0 -> {_61 = false} (! bb33) | br1 -> {_61} (! bb32) ] ] | bb32 = s0 - [ s0 = index'1 {arr} {[%#sindex_range24] (0 : usize)} (fun (_ret':int32) -> [ &_68 <- _ret' ] s1) | s1 = bb34 ] + [ s0 = index'1 {arr} {[%#sindex_range24] (0 : UInt64.t)} (fun (_ret':Int32.t) -> [ &_68 <- _ret' ] s1) + | s1 = bb34 ] | bb34 = s0 - [ s0 = Int32.eq {_68} {[%#sindex_range25] (-1 : int32)} (fun (_ret':bool) -> [ &_66 <- _ret' ] s1) + [ s0 = Int32.eq {_68} {[%#sindex_range25] (-1 : Int32.t)} (fun (_ret':bool) -> [ &_66 <- _ret' ] s1) | s1 = any [ br0 -> {_66 = false} (! bb36) | br1 -> {_66} (! bb35) ] ] | bb35 = s0 - [ s0 = index'1 {arr} {[%#sindex_range26] (1 : usize)} (fun (_ret':int32) -> [ &_74 <- _ret' ] s1) | s1 = bb37 ] + [ s0 = index'1 {arr} {[%#sindex_range26] (1 : UInt64.t)} (fun (_ret':Int32.t) -> [ &_74 <- _ret' ] s1) + | s1 = bb37 ] | bb37 = s0 - [ s0 = Int32.eq {_74} {[%#sindex_range27] (1 : int32)} (fun (_ret':bool) -> [ &_72 <- _ret' ] s1) + [ s0 = Int32.eq {_74} {[%#sindex_range27] (1 : Int32.t)} (fun (_ret':bool) -> [ &_72 <- _ret' ] s1) | s1 = any [ br0 -> {_72 = false} (! bb39) | br1 -> {_72} (! bb38) ] ] | bb38 = s0 - [ s0 = index'1 {arr} {[%#sindex_range28] (2 : usize)} (fun (_ret':int32) -> [ &_80 <- _ret' ] s1) | s1 = bb40 ] + [ s0 = index'1 {arr} {[%#sindex_range28] (2 : UInt64.t)} (fun (_ret':Int32.t) -> [ &_80 <- _ret' ] s1) + | s1 = bb40 ] | bb40 = s0 - [ s0 = Int32.eq {_80} {[%#sindex_range29] (-1 : int32)} (fun (_ret':bool) -> [ &_78 <- _ret' ] s1) + [ s0 = Int32.eq {_80} {[%#sindex_range29] (-1 : Int32.t)} (fun (_ret':bool) -> [ &_78 <- _ret' ] s1) | s1 = any [ br0 -> {_78 = false} (! bb42) | br1 -> {_78} (! bb41) ] ] | bb41 = s0 - [ s0 = index'1 {arr} {[%#sindex_range30] (3 : usize)} (fun (_ret':int32) -> [ &_86 <- _ret' ] s1) | s1 = bb43 ] + [ s0 = index'1 {arr} {[%#sindex_range30] (3 : UInt64.t)} (fun (_ret':Int32.t) -> [ &_86 <- _ret' ] s1) + | s1 = bb43 ] | bb43 = s0 - [ s0 = Int32.eq {_86} {[%#sindex_range31] (3 : int32)} (fun (_ret':bool) -> [ &_84 <- _ret' ] s1) + [ s0 = Int32.eq {_86} {[%#sindex_range31] (3 : Int32.t)} (fun (_ret':bool) -> [ &_84 <- _ret' ] s1) | s1 = any [ br0 -> {_84 = false} (! bb45) | br1 -> {_84} (! bb44) ] ] | bb44 = s0 - [ s0 = index'1 {arr} {[%#sindex_range32] (4 : usize)} (fun (_ret':int32) -> [ &_92 <- _ret' ] s1) | s1 = bb46 ] + [ s0 = index'1 {arr} {[%#sindex_range32] (4 : UInt64.t)} (fun (_ret':Int32.t) -> [ &_92 <- _ret' ] s1) + | s1 = bb46 ] | bb46 = s0 - [ s0 = Int32.eq {_92} {[%#sindex_range33] (4 : int32)} (fun (_ret':bool) -> [ &_90 <- _ret' ] s1) + [ s0 = Int32.eq {_92} {[%#sindex_range33] (4 : Int32.t)} (fun (_ret':bool) -> [ &_90 <- _ret' ] s1) | s1 = any [ br0 -> {_90 = false} (! bb48) | br1 -> {_90} (! bb47) ] ] | bb47 = bb49 @@ -1235,55 +1254,55 @@ module M_index_range__test_range_to [#"index_range.rs" 78 0 78 22] ) [ & _0 : () = any_l () | & arr : t_Vec'0 = any_l () - | & s : slice int32 = any_l () - | & _3 : slice int32 = any_l () + | & s : slice Int32.t = any_l () + | & _3 : slice Int32.t = any_l () | & _5 : t_RangeTo'0 = any_l () | & _7 : bool = any_l () - | & _8 : usize = any_l () + | & _8 : UInt64.t = any_l () | & _10 : bool = any_l () - | & _12 : usize = any_l () - | & _13 : usize = any_l () + | & _12 : UInt64.t = any_l () + | & _13 : UInt64.t = any_l () | & _14 : bool = any_l () | & _15 : bool = any_l () - | & _17 : usize = any_l () - | & _18 : usize = any_l () + | & _17 : UInt64.t = any_l () + | & _18 : UInt64.t = any_l () | & _19 : bool = any_l () | & _22 : bool = any_l () - | & _23 : usize = any_l () - | & _25 : slice int32 = any_l () + | & _23 : UInt64.t = any_l () + | & _25 : slice Int32.t = any_l () | & _27 : t_RangeTo'0 = any_l () | & _30 : bool = any_l () | & _32 : t_Option'0 = any_l () - | & _34 : slice int32 = any_l () + | & _34 : slice Int32.t = any_l () | & _36 : t_RangeTo'0 = any_l () - | & s1 : borrowed (slice int32) = any_l () - | & _39 : borrowed (slice int32) = any_l () + | & s1 : borrowed (slice Int32.t) = any_l () + | & _39 : borrowed (slice Int32.t) = any_l () | & _40 : borrowed (t_Vec'0) = any_l () | & _41 : t_RangeTo'0 = any_l () | & _43 : bool = any_l () - | & _44 : usize = any_l () - | & _47 : usize = any_l () - | & _48 : usize = any_l () + | & _44 : UInt64.t = any_l () + | & _47 : UInt64.t = any_l () + | & _48 : UInt64.t = any_l () | & _49 : bool = any_l () - | & _50 : usize = any_l () - | & _51 : usize = any_l () + | & _50 : UInt64.t = any_l () + | & _51 : UInt64.t = any_l () | & _52 : bool = any_l () | & _54 : bool = any_l () - | & _56 : usize = any_l () - | & _57 : usize = any_l () + | & _56 : UInt64.t = any_l () + | & _57 : UInt64.t = any_l () | & _58 : bool = any_l () | & _61 : bool = any_l () - | & _62 : usize = any_l () + | & _62 : UInt64.t = any_l () | & _66 : bool = any_l () - | & _68 : int32 = any_l () + | & _68 : Int32.t = any_l () | & _72 : bool = any_l () - | & _74 : int32 = any_l () + | & _74 : Int32.t = any_l () | & _78 : bool = any_l () - | & _80 : int32 = any_l () + | & _80 : Int32.t = any_l () | & _84 : bool = any_l () - | & _86 : int32 = any_l () + | & _86 : Int32.t = any_l () | & _90 : bool = any_l () - | & _92 : int32 = any_l () ] + | & _92 : Int32.t = any_l () ] [ return' (result:())-> (! return' {result}) ] end module M_index_range__test_range_from [#"index_range.rs" 115 0 115 24] @@ -1337,10 +1356,10 @@ module M_index_range__test_range_from [#"index_range.rs" 115 0 115 24] let%span sindex_range47 = "index_range.rs" 7 4 12 22 let%span svec48 = "../../../creusot-contracts/src/std/vec.rs" 162 27 162 46 let%span svec49 = "../../../creusot-contracts/src/std/vec.rs" 163 26 163 54 - let%span sslice50 = "../../../creusot-contracts/src/std/slice.rs" 245 0 354 1 + let%span sslice50 = "../../../creusot-contracts/src/std/slice.rs" 263 0 372 1 let%span svec51 = "../../../creusot-contracts/src/std/vec.rs" 169 26 169 42 - let%span sslice52 = "../../../creusot-contracts/src/std/slice.rs" 262 18 262 100 - let%span sslice53 = "../../../creusot-contracts/src/std/slice.rs" 263 18 263 55 + let%span sslice52 = "../../../creusot-contracts/src/std/slice.rs" 280 18 280 100 + let%span sslice53 = "../../../creusot-contracts/src/std/slice.rs" 281 18 281 55 let%span soption54 = "../../../creusot-contracts/src/std/option.rs" 51 26 51 51 let%span svec55 = "../../../creusot-contracts/src/std/vec.rs" 152 27 152 46 let%span svec56 = "../../../creusot-contracts/src/std/vec.rs" 153 26 153 54 @@ -1351,25 +1370,25 @@ module M_index_range__test_range_from [#"index_range.rs" 115 0 115 24] let%span svec61 = "../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 let%span sops62 = "../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 let%span smodel63 = "../../../creusot-contracts/src/model.rs" 88 8 88 22 - let%span sslice64 = "../../../creusot-contracts/src/std/slice.rs" 187 20 187 44 - let%span sslice65 = "../../../creusot-contracts/src/std/slice.rs" 193 20 193 67 + let%span sslice64 = "../../../creusot-contracts/src/std/slice.rs" 205 20 205 44 + let%span sslice65 = "../../../creusot-contracts/src/std/slice.rs" 211 20 211 67 let%span smodel66 = "../../../creusot-contracts/src/model.rs" 106 8 106 22 - let%span sslice67 = "../../../creusot-contracts/src/std/slice.rs" 200 12 200 91 + let%span sslice67 = "../../../creusot-contracts/src/std/slice.rs" 218 12 218 91 let%span sresolve68 = "../../../creusot-contracts/src/resolve.rs" 54 20 54 34 - let%span sslice69 = "../../../creusot-contracts/src/std/slice.rs" 122 20 122 37 - let%span sslice70 = "../../../creusot-contracts/src/std/slice.rs" 129 20 129 37 + let%span sslice69 = "../../../creusot-contracts/src/std/slice.rs" 140 20 140 37 + let%span sslice70 = "../../../creusot-contracts/src/std/slice.rs" 147 20 147 37 let%span sslice71 = "../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 let%span sslice72 = "../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 use seq.Seq - use prelude.prelude.UIntSize + use prelude.prelude.Int - constant v_MAX'0 : usize = (18446744073709551615 : usize) + use prelude.prelude.UInt64 - use prelude.prelude.UIntSize + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.Int + use prelude.prelude.UInt64 use prelude.prelude.Opaque @@ -1380,25 +1399,25 @@ module M_index_range__test_range_from [#"index_range.rs" 115 0 115 24] { t_Unique__pointer'0: t_NonNull'0; t_Unique__qy95zmarker'0: () } type t_Cap'0 = - { t_Cap__0'0: usize } + { t_Cap__0'0: UInt64.t } type t_RawVec'0 = { t_RawVec__ptr'0: t_Unique'0; t_RawVec__cap'0: t_Cap'0; t_RawVec__alloc'0: () } type t_Vec'0 = - { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: usize } + { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: UInt64.t } use prelude.prelude.Int32 use seq.Seq - function view'0 (self : t_Vec'0) : Seq.seq int32 + function view'0 (self : t_Vec'0) : Seq.seq Int32.t - axiom view'0_spec : forall self : t_Vec'0 . [%#svec61] Seq.length (view'0 self) <= UIntSize.to_int (v_MAX'0 : usize) + axiom view'0_spec : forall self : t_Vec'0 . [%#svec61] Seq.length (view'0 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) use seq.Seq - function index_logic'0 [@inline:trivial] (self : t_Vec'0) (ix : int) : int32 = + function index_logic'0 [@inline:trivial] (self : t_Vec'0) (ix : int) : Int32.t = [%#sops62] Seq.get (view'0 self) ix use prelude.prelude.Int32 @@ -1413,7 +1432,7 @@ module M_index_range__test_range_from [#"index_range.rs" 115 0 115 24] type t_RangeFrom'0 = - { t_RangeFrom__start'0: usize } + { t_RangeFrom__start'0: UInt64.t } use prelude.prelude.Borrow @@ -1425,65 +1444,67 @@ module M_index_range__test_range_from [#"index_range.rs" 115 0 115 24] axiom inv_axiom'1 [@rewrite] : forall x : t_RangeFrom'0 [inv'1 x] . inv'1 x = true - function view'1 (self : t_Vec'0) : Seq.seq int32 = + function view'1 (self : t_Vec'0) : Seq.seq Int32.t = [%#smodel63] view'0 self - predicate in_bounds'0 (self : t_RangeFrom'0) (seq : Seq.seq int32) = - [%#sslice64] UIntSize.to_int self.t_RangeFrom__start'0 <= Seq.length seq + predicate in_bounds'0 (self : t_RangeFrom'0) (seq : Seq.seq Int32.t) = + [%#sslice64] UInt64.to_uint self.t_RangeFrom__start'0 <= Seq.length seq - use prelude.prelude.Slice + use Slice64.create - predicate inv'2 (_1 : slice int32) + predicate inv'2 (_1 : slice Int32.t) - axiom inv_axiom'2 [@rewrite] : forall x : slice int32 [inv'2 x] . inv'2 x = true + axiom inv_axiom'2 [@rewrite] : forall x : slice Int32.t [inv'2 x] . inv'2 x = true use seq.Seq - use prelude.prelude.Slice + use prelude.prelude.Slice64 - function view'4 (self : slice int32) : Seq.seq int32 + function view'4 (self : slice Int32.t) : Seq.seq Int32.t - axiom view'4_spec : forall self : slice int32 . ([%#sslice71] Seq.length (view'4 self) - <= UIntSize.to_int (v_MAX'0 : usize)) - && ([%#sslice72] view'4 self = Slice.id self) + axiom view'4_spec : forall self : slice Int32.t . ([%#sslice71] Seq.length (view'4 self) + <= UInt64.to_uint (v_MAX'0 : UInt64.t)) + && ([%#sslice72] view'4 self = Slice64.id self) - predicate has_value'0 (self : t_RangeFrom'0) (seq : Seq.seq int32) (out : slice int32) = - [%#sslice65] Seq.([..]) seq (UIntSize.to_int self.t_RangeFrom__start'0) (Seq.length seq) = view'4 out + predicate has_value'0 (self : t_RangeFrom'0) (seq : Seq.seq Int32.t) (out : slice Int32.t) = + [%#sslice65] Seq.([..]) seq (UInt64.to_uint self.t_RangeFrom__start'0) (Seq.length seq) = view'4 out - let rec index'0 (self:t_Vec'0) (index:t_RangeFrom'0) (return' (ret:slice int32))= {[@expl:index 'self' type invariant] inv'0 self} + let rec index'0 (self:t_Vec'0) (index:t_RangeFrom'0) (return' (ret:slice Int32.t))= {[@expl:index 'self' type invariant] inv'0 self} {[@expl:index 'index' type invariant] inv'1 index} {[@expl:index requires] [%#svec48] in_bounds'0 index (view'1 self)} any - [ return' (result:slice int32)-> {inv'2 result} + [ return' (result:slice Int32.t)-> {inv'2 result} {[%#svec49] has_value'0 index (view'1 self) result} (! return' {result}) ] - function view'2 (self : slice int32) : Seq.seq int32 = + function view'2 (self : slice Int32.t) : Seq.seq Int32.t = [%#smodel63] view'4 self - let rec len'0 (self:slice int32) (return' (ret:usize))= {[@expl:len 'self' type invariant] inv'2 self} + let rec len'0 (self:slice Int32.t) (return' (ret:UInt64.t))= {[@expl:len 'self' type invariant] inv'2 self} any - [ return' (result:usize)-> {[%#sslice50] Seq.length (view'2 self) = UIntSize.to_int result} (! return' {result}) ] + [ return' (result:UInt64.t)-> {[%#sslice50] Seq.length (view'2 self) = UInt64.to_uint result} (! return' {result}) ] - let rec deref'0 (self:t_Vec'0) (return' (ret:slice int32))= {[@expl:deref 'self' type invariant] inv'0 self} - any [ return' (result:slice int32)-> {inv'2 result} {[%#svec51] view'2 result = view'1 self} (! return' {result}) ] + let rec deref'0 (self:t_Vec'0) (return' (ret:slice Int32.t))= {[@expl:deref 'self' type invariant] inv'0 self} + any + [ return' (result:slice Int32.t)-> {inv'2 result} {[%#svec51] view'2 result = view'1 self} (! return' {result}) ] + type t_Option'0 = | C_None'0 - | C_Some'0 (slice int32) + | C_Some'0 (slice Int32.t) predicate inv'3 (_1 : t_Option'0) axiom inv_axiom'3 [@rewrite] : forall x : t_Option'0 [inv'3 x] . inv'3 x = true - let rec get'0 (self:slice int32) (index:t_RangeFrom'0) (return' (ret:t_Option'0))= {[@expl:get 'self' type invariant] inv'2 self} + let rec get'0 (self:slice Int32.t) (index:t_RangeFrom'0) (return' (ret:t_Option'0))= {[@expl:get 'self' type invariant] inv'2 self} {[@expl:get 'index' type invariant] inv'1 index} any [ return' (result:t_Option'0)-> {inv'3 result} {[%#sslice52] in_bounds'0 index (view'2 self) - -> (exists r : slice int32 . result = C_Some'0 r /\ has_value'0 index (view'2 self) r)} + -> (exists r : slice Int32.t . result = C_Some'0 r /\ has_value'0 index (view'2 self) r)} {[%#sslice53] in_bounds'0 index (view'2 self) \/ result = C_None'0} (! return' {result}) ] @@ -1499,22 +1520,22 @@ module M_index_range__test_range_from [#"index_range.rs" 115 0 115 24] axiom inv_axiom'5 [@rewrite] : forall x : borrowed (t_Vec'0) [inv'5 x] . inv'5 x = true - function view'3 (self : borrowed (t_Vec'0)) : Seq.seq int32 = + function view'3 (self : borrowed (t_Vec'0)) : Seq.seq Int32.t = [%#smodel66] view'0 self.current - predicate inv'6 (_1 : borrowed (slice int32)) + predicate inv'6 (_1 : borrowed (slice Int32.t)) - axiom inv_axiom'6 [@rewrite] : forall x : borrowed (slice int32) [inv'6 x] . inv'6 x = true + axiom inv_axiom'6 [@rewrite] : forall x : borrowed (slice Int32.t) [inv'6 x] . inv'6 x = true - predicate resolve_elswhere'0 (self : t_RangeFrom'0) (old' : Seq.seq int32) (fin : Seq.seq int32) = - [%#sslice67] forall i : int . 0 <= i /\ i < UIntSize.to_int self.t_RangeFrom__start'0 /\ i < Seq.length old' + predicate resolve_elswhere'0 (self : t_RangeFrom'0) (old' : Seq.seq Int32.t) (fin : Seq.seq Int32.t) = + [%#sslice67] forall i : int . 0 <= i /\ i < UInt64.to_uint self.t_RangeFrom__start'0 /\ i < Seq.length old' -> Seq.get old' i = Seq.get fin i - let rec index_mut'0 (self:borrowed (t_Vec'0)) (index:t_RangeFrom'0) (return' (ret:borrowed (slice int32)))= {[@expl:index_mut 'self' type invariant] inv'5 self} + let rec index_mut'0 (self:borrowed (t_Vec'0)) (index:t_RangeFrom'0) (return' (ret:borrowed (slice Int32.t)))= {[@expl:index_mut 'self' type invariant] inv'5 self} {[@expl:index_mut 'index' type invariant] inv'1 index} {[@expl:index_mut requires] [%#svec55] in_bounds'0 index (view'3 self)} any - [ return' (result:borrowed (slice int32))-> {inv'6 result} + [ return' (result:borrowed (slice Int32.t))-> {inv'6 result} {[%#svec56] has_value'0 index (view'3 self) result.current} {[%#svec57] has_value'0 index (view'0 self.final) result.final} {[%#svec58] resolve_elswhere'0 index (view'3 self) (view'0 self.final)} @@ -1522,36 +1543,38 @@ module M_index_range__test_range_from [#"index_range.rs" 115 0 115 24] (! return' {result}) ] - predicate resolve'1 (self : borrowed (slice int32)) = + predicate resolve'1 (self : borrowed (slice Int32.t)) = [%#sresolve68] self.final = self.current - predicate resolve'0 (_1 : borrowed (slice int32)) = + predicate resolve'0 (_1 : borrowed (slice Int32.t)) = resolve'1 _1 - let rec len'1 (self:t_Vec'0) (return' (ret:usize))= {[@expl:len 'self' type invariant] inv'0 self} + let rec len'1 (self:t_Vec'0) (return' (ret:UInt64.t))= {[@expl:len 'self' type invariant] inv'0 self} any - [ return' (result:usize)-> {[%#svec60] UIntSize.to_int result = Seq.length (view'1 self)} (! return' {result}) ] + [ return' (result:UInt64.t)-> {[%#svec60] UInt64.to_uint result = Seq.length (view'1 self)} (! return' {result}) ] - predicate inv'7 (_1 : usize) + predicate inv'7 (_1 : UInt64.t) - axiom inv_axiom'7 [@rewrite] : forall x : usize [inv'7 x] . inv'7 x = true + axiom inv_axiom'7 [@rewrite] : forall x : UInt64.t [inv'7 x] . inv'7 x = true - predicate in_bounds'1 [@inline:trivial] (self : usize) (seq : Seq.seq int32) = - [%#sslice69] UIntSize.to_int self < Seq.length seq + predicate in_bounds'1 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq Int32.t) = + [%#sslice69] UInt64.to_uint self < Seq.length seq - predicate inv'8 (_1 : int32) + predicate inv'8 (_1 : Int32.t) - axiom inv_axiom'8 [@rewrite] : forall x : int32 [inv'8 x] . inv'8 x = true + axiom inv_axiom'8 [@rewrite] : forall x : Int32.t [inv'8 x] . inv'8 x = true - predicate has_value'1 [@inline:trivial] (self : usize) (seq : Seq.seq int32) (out : int32) = - [%#sslice70] Seq.get seq (UIntSize.to_int self) = out + predicate has_value'1 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq Int32.t) (out : Int32.t) = + [%#sslice70] Seq.get seq (UInt64.to_uint self) = out - let rec index'1 (self:t_Vec'0) (index:usize) (return' (ret:int32))= {[@expl:index 'self' type invariant] inv'0 self} + let rec index'1 (self:t_Vec'0) (index:UInt64.t) (return' (ret:Int32.t))= {[@expl:index 'self' type invariant] inv'0 self} {[@expl:index 'index' type invariant] inv'7 index} {[@expl:index requires] [%#svec48] in_bounds'1 index (view'1 self)} any - [ return' (result:int32)-> {inv'8 result} {[%#svec49] has_value'1 index (view'1 self) result} (! return' {result}) ] + [ return' (result:Int32.t)-> {inv'8 result} + {[%#svec49] has_value'1 index (view'1 self) result} + (! return' {result}) ] use prelude.prelude.Intrinsic @@ -1561,62 +1584,62 @@ module M_index_range__test_range_from [#"index_range.rs" 115 0 115 24] let rec test_range_from'0 (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = create_arr'0 {[%#sindex_range0] ()} (fun (_ret':t_Vec'0) -> [ &arr <- _ret' ] s1) | s1 = bb1 ] | bb1 = s0 - [ s0 = [ &_5 <- { t_RangeFrom__start'0 = ([%#sindex_range1] (3 : usize)) } ] s1 - | s1 = index'0 {arr} {_5} (fun (_ret':slice int32) -> [ &_3 <- _ret' ] s2) + [ s0 = [ &_5 <- { t_RangeFrom__start'0 = ([%#sindex_range1] (3 : UInt64.t)) } ] s1 + | s1 = index'0 {arr} {_5} (fun (_ret':slice Int32.t) -> [ &_3 <- _ret' ] s2) | s2 = bb2 ] - | bb2 = s0 [ s0 = [ &s <- _3 ] s1 | s1 = len'0 {s} (fun (_ret':usize) -> [ &_8 <- _ret' ] s2) | s2 = bb3 ] + | bb2 = s0 [ s0 = [ &s <- _3 ] s1 | s1 = len'0 {s} (fun (_ret':UInt64.t) -> [ &_8 <- _ret' ] s2) | s2 = bb3 ] | bb3 = s0 - [ s0 = UIntSize.eq {_8} {[%#sindex_range2] (2 : usize)} (fun (_ret':bool) -> [ &_7 <- _ret' ] s1) + [ s0 = UInt64.eq {_8} {[%#sindex_range2] (2 : UInt64.t)} (fun (_ret':bool) -> [ &_7 <- _ret' ] s1) | s1 = any [ br0 -> {_7 = false} (! bb11) | br1 -> {_7} (! bb4) ] ] | bb4 = s0 - [ s0 = [ &_12 <- [%#sindex_range3] (0 : usize) ] s1 + [ s0 = [ &_12 <- [%#sindex_range3] (0 : UInt64.t) ] s1 | s1 = [ &_13 <- Slice.length s ] s2 - | s2 = UIntSize.lt {_12} {_13} (fun (_ret':bool) -> [ &_14 <- _ret' ] s3) + | s2 = UInt64.lt {_12} {_13} (fun (_ret':bool) -> [ &_14 <- _ret' ] s3) | s3 = {[@expl:index in bounds] [%#sindex_range4] _14} s4 | s4 = bb5 ] | bb5 = s0 - [ s0 = Slice.get {s} {_12} - (fun (r'0:int32) -> - Int32.eq {r'0} {[%#sindex_range5] (3 : int32)} (fun (_ret':bool) -> [ &_10 <- _ret' ] s1)) + [ s0 = Slice64.get {s} {_12} + (fun (r'0:Int32.t) -> + Int32.eq {r'0} {[%#sindex_range5] (3 : Int32.t)} (fun (_ret':bool) -> [ &_10 <- _ret' ] s1)) | s1 = any [ br0 -> {_10 = false} (! bb10) | br1 -> {_10} (! bb6) ] ] | bb6 = s0 - [ s0 = [ &_17 <- [%#sindex_range6] (1 : usize) ] s1 + [ s0 = [ &_17 <- [%#sindex_range6] (1 : UInt64.t) ] s1 | s1 = [ &_18 <- Slice.length s ] s2 - | s2 = UIntSize.lt {_17} {_18} (fun (_ret':bool) -> [ &_19 <- _ret' ] s3) + | s2 = UInt64.lt {_17} {_18} (fun (_ret':bool) -> [ &_19 <- _ret' ] s3) | s3 = {[@expl:index in bounds] [%#sindex_range7] _19} s4 | s4 = bb7 ] | bb7 = s0 - [ s0 = Slice.get {s} {_17} - (fun (r'0:int32) -> - Int32.eq {r'0} {[%#sindex_range8] (4 : int32)} (fun (_ret':bool) -> [ &_15 <- _ret' ] s1)) + [ s0 = Slice64.get {s} {_17} + (fun (r'0:Int32.t) -> + Int32.eq {r'0} {[%#sindex_range8] (4 : Int32.t)} (fun (_ret':bool) -> [ &_15 <- _ret' ] s1)) | s1 = any [ br0 -> {_15 = false} (! bb9) | br1 -> {_15} (! bb8) ] ] | bb8 = s0 - [ s0 = [ &_27 <- { t_RangeFrom__start'0 = ([%#sindex_range9] (5 : usize)) } ] s1 - | s1 = index'0 {arr} {_27} (fun (_ret':slice int32) -> [ &_25 <- _ret' ] s2) + [ s0 = [ &_27 <- { t_RangeFrom__start'0 = ([%#sindex_range9] (5 : UInt64.t)) } ] s1 + | s1 = index'0 {arr} {_27} (fun (_ret':slice Int32.t) -> [ &_25 <- _ret' ] s2) | s2 = bb13 ] - | bb13 = s0 [ s0 = len'0 {_25} (fun (_ret':usize) -> [ &_23 <- _ret' ] s1) | s1 = bb14 ] + | bb13 = s0 [ s0 = len'0 {_25} (fun (_ret':UInt64.t) -> [ &_23 <- _ret' ] s1) | s1 = bb14 ] | bb14 = s0 - [ s0 = UIntSize.eq {_23} {[%#sindex_range10] (0 : usize)} (fun (_ret':bool) -> [ &_22 <- _ret' ] s1) + [ s0 = UInt64.eq {_23} {[%#sindex_range10] (0 : UInt64.t)} (fun (_ret':bool) -> [ &_22 <- _ret' ] s1) | s1 = any [ br0 -> {_22 = false} (! bb16) | br1 -> {_22} (! bb15) ] ] - | bb15 = s0 [ s0 = deref'0 {arr} (fun (_ret':slice int32) -> [ &_34 <- _ret' ] s1) | s1 = bb17 ] + | bb15 = s0 [ s0 = deref'0 {arr} (fun (_ret':slice Int32.t) -> [ &_34 <- _ret' ] s1) | s1 = bb17 ] | bb17 = s0 - [ s0 = [ &_36 <- { t_RangeFrom__start'0 = ([%#sindex_range11] (6 : usize)) } ] s1 + [ s0 = [ &_36 <- { t_RangeFrom__start'0 = ([%#sindex_range11] (6 : UInt64.t)) } ] s1 | s1 = get'0 {_34} {_36} (fun (_ret':t_Option'0) -> [ &_32 <- _ret' ] s2) | s2 = bb18 ] | bb18 = s0 [ s0 = is_none'0 {_32} (fun (_ret':bool) -> [ &_30 <- _ret' ] s1) | s1 = bb19 ] | bb19 = any [ br0 -> {_30 = false} (! bb21) | br1 -> {_30} (! bb20) ] - | bb20 = s0 [ s0 = deref'0 {arr} (fun (_ret':slice int32) -> [ &_43 <- _ret' ] s1) | s1 = bb22 ] + | bb20 = s0 [ s0 = deref'0 {arr} (fun (_ret':slice Int32.t) -> [ &_43 <- _ret' ] s1) | s1 = bb22 ] | bb22 = s0 - [ s0 = [ &_45 <- { t_RangeFrom__start'0 = ([%#sindex_range12] (10 : usize)) } ] s1 + [ s0 = [ &_45 <- { t_RangeFrom__start'0 = ([%#sindex_range12] (10 : UInt64.t)) } ] s1 | s1 = get'0 {_43} {_45} (fun (_ret':t_Option'0) -> [ &_41 <- _ret' ] s2) | s2 = bb23 ] @@ -1625,91 +1648,96 @@ module M_index_range__test_range_from [#"index_range.rs" 115 0 115 24] | bb25 = s0 [ s0 = Borrow.borrow_mut {arr} (fun (_ret':borrowed (t_Vec'0)) -> [ &_49 <- _ret' ] [ &arr <- _ret'.final ] s1) - | s1 = [ &_50 <- { t_RangeFrom__start'0 = ([%#sindex_range13] (2 : usize)) } ] s2 - | s2 = index_mut'0 {_49} {_50} (fun (_ret':borrowed (slice int32)) -> [ &_48 <- _ret' ] s3) + | s1 = [ &_50 <- { t_RangeFrom__start'0 = ([%#sindex_range13] (2 : UInt64.t)) } ] s2 + | s2 = index_mut'0 {_49} {_50} (fun (_ret':borrowed (slice Int32.t)) -> [ &_48 <- _ret' ] s3) | s3 = bb27 ] | bb27 = s0 - [ s0 = Borrow.borrow_final {_48.current} {Borrow.get_id _48} - (fun (_ret':borrowed (slice int32)) -> [ &s1 <- _ret' ] [ &_48 <- { _48 with current = _ret'.final } ] s1) - | s1 = len'0 {s1.current} (fun (_ret':usize) -> [ &_53 <- _ret' ] s2) + [ s0 = Borrow.borrow_final {_48.current} {Borrow.get_id _48} + (fun (_ret':borrowed (slice Int32.t)) -> [ &s1 <- _ret' ] [ &_48 <- { _48 with current = _ret'.final } ] s1) + | s1 = len'0 {s1.current} (fun (_ret':UInt64.t) -> [ &_53 <- _ret' ] s2) | s2 = bb28 ] | bb28 = s0 - [ s0 = UIntSize.eq {_53} {[%#sindex_range14] (3 : usize)} (fun (_ret':bool) -> [ &_52 <- _ret' ] s1) + [ s0 = UInt64.eq {_53} {[%#sindex_range14] (3 : UInt64.t)} (fun (_ret':bool) -> [ &_52 <- _ret' ] s1) | s1 = any [ br0 -> {_52 = false} (! bb30) | br1 -> {_52} (! bb29) ] ] | bb29 = s0 - [ s0 = [ &_56 <- [%#sindex_range15] (0 : usize) ] s1 + [ s0 = [ &_56 <- [%#sindex_range15] (0 : UInt64.t) ] s1 | s1 = [ &_57 <- Slice.length s1.current ] s2 - | s2 = UIntSize.lt {_56} {_57} (fun (_ret':bool) -> [ &_58 <- _ret' ] s3) + | s2 = UInt64.lt {_56} {_57} (fun (_ret':bool) -> [ &_58 <- _ret' ] s3) | s3 = {[@expl:index in bounds] [%#sindex_range16] _58} s4 | s4 = bb31 ] | bb31 = s0 - [ s0 = Slice.set {s1.current} {_56} {[%#sindex_range17] (-1 : int32)} - (fun (r'0:slice int32) -> [ &s1 <- { s1 with current = r'0 } ] s1) - | s1 = [ &_59 <- [%#sindex_range18] (1 : usize) ] s2 + [ s0 = Slice64.set {s1.current} {_56} {[%#sindex_range17] (-1 : Int32.t)} + (fun (r'0:slice Int32.t) -> [ &s1 <- { s1 with current = r'0 } ] s1) + | s1 = [ &_59 <- [%#sindex_range18] (1 : UInt64.t) ] s2 | s2 = [ &_60 <- Slice.length s1.current ] s3 - | s3 = UIntSize.lt {_59} {_60} (fun (_ret':bool) -> [ &_61 <- _ret' ] s4) + | s3 = UInt64.lt {_59} {_60} (fun (_ret':bool) -> [ &_61 <- _ret' ] s4) | s4 = {[@expl:index in bounds] [%#sindex_range19] _61} s5 | s5 = bb32 ] | bb32 = s0 - [ s0 = Slice.set {s1.current} {_59} {[%#sindex_range20] (-1 : int32)} - (fun (r'0:slice int32) -> [ &s1 <- { s1 with current = r'0 } ] s1) - | s1 = [ &_65 <- [%#sindex_range21] (2 : usize) ] s2 + [ s0 = Slice64.set {s1.current} {_59} {[%#sindex_range20] (-1 : Int32.t)} + (fun (r'0:slice Int32.t) -> [ &s1 <- { s1 with current = r'0 } ] s1) + | s1 = [ &_65 <- [%#sindex_range21] (2 : UInt64.t) ] s2 | s2 = [ &_66 <- Slice.length s1.current ] s3 - | s3 = UIntSize.lt {_65} {_66} (fun (_ret':bool) -> [ &_67 <- _ret' ] s4) + | s3 = UInt64.lt {_65} {_66} (fun (_ret':bool) -> [ &_67 <- _ret' ] s4) | s4 = {[@expl:index in bounds] [%#sindex_range22] _67} s5 | s5 = bb33 ] | bb33 = s0 [ s0 = -{resolve'0 s1}- s1 | s1 = -{resolve'0 _48}- s2 - | s2 = Slice.get {s1.current} {_65} - (fun (r'0:int32) -> - Int32.eq {r'0} {[%#sindex_range23] (4 : int32)} (fun (_ret':bool) -> [ &_63 <- _ret' ] s3)) + | s2 = Slice64.get {s1.current} {_65} + (fun (r'0:Int32.t) -> + Int32.eq {r'0} {[%#sindex_range23] (4 : Int32.t)} (fun (_ret':bool) -> [ &_63 <- _ret' ] s3)) | s3 = any [ br0 -> {_63 = false} (! bb35) | br1 -> {_63} (! bb34) ] ] - | bb34 = s0 [ s0 = len'1 {arr} (fun (_ret':usize) -> [ &_71 <- _ret' ] s1) | s1 = bb36 ] + | bb34 = s0 [ s0 = len'1 {arr} (fun (_ret':UInt64.t) -> [ &_71 <- _ret' ] s1) | s1 = bb36 ] | bb36 = s0 - [ s0 = UIntSize.eq {_71} {[%#sindex_range24] (5 : usize)} (fun (_ret':bool) -> [ &_70 <- _ret' ] s1) + [ s0 = UInt64.eq {_71} {[%#sindex_range24] (5 : UInt64.t)} (fun (_ret':bool) -> [ &_70 <- _ret' ] s1) | s1 = any [ br0 -> {_70 = false} (! bb38) | br1 -> {_70} (! bb37) ] ] | bb37 = s0 - [ s0 = index'1 {arr} {[%#sindex_range25] (0 : usize)} (fun (_ret':int32) -> [ &_77 <- _ret' ] s1) | s1 = bb39 ] + [ s0 = index'1 {arr} {[%#sindex_range25] (0 : UInt64.t)} (fun (_ret':Int32.t) -> [ &_77 <- _ret' ] s1) + | s1 = bb39 ] | bb39 = s0 - [ s0 = Int32.eq {_77} {[%#sindex_range26] (0 : int32)} (fun (_ret':bool) -> [ &_75 <- _ret' ] s1) + [ s0 = Int32.eq {_77} {[%#sindex_range26] (0 : Int32.t)} (fun (_ret':bool) -> [ &_75 <- _ret' ] s1) | s1 = any [ br0 -> {_75 = false} (! bb41) | br1 -> {_75} (! bb40) ] ] | bb40 = s0 - [ s0 = index'1 {arr} {[%#sindex_range27] (1 : usize)} (fun (_ret':int32) -> [ &_83 <- _ret' ] s1) | s1 = bb42 ] + [ s0 = index'1 {arr} {[%#sindex_range27] (1 : UInt64.t)} (fun (_ret':Int32.t) -> [ &_83 <- _ret' ] s1) + | s1 = bb42 ] | bb42 = s0 - [ s0 = Int32.eq {_83} {[%#sindex_range28] (1 : int32)} (fun (_ret':bool) -> [ &_81 <- _ret' ] s1) + [ s0 = Int32.eq {_83} {[%#sindex_range28] (1 : Int32.t)} (fun (_ret':bool) -> [ &_81 <- _ret' ] s1) | s1 = any [ br0 -> {_81 = false} (! bb44) | br1 -> {_81} (! bb43) ] ] | bb43 = s0 - [ s0 = index'1 {arr} {[%#sindex_range29] (2 : usize)} (fun (_ret':int32) -> [ &_89 <- _ret' ] s1) | s1 = bb45 ] + [ s0 = index'1 {arr} {[%#sindex_range29] (2 : UInt64.t)} (fun (_ret':Int32.t) -> [ &_89 <- _ret' ] s1) + | s1 = bb45 ] | bb45 = s0 - [ s0 = Int32.eq {_89} {[%#sindex_range30] (-1 : int32)} (fun (_ret':bool) -> [ &_87 <- _ret' ] s1) + [ s0 = Int32.eq {_89} {[%#sindex_range30] (-1 : Int32.t)} (fun (_ret':bool) -> [ &_87 <- _ret' ] s1) | s1 = any [ br0 -> {_87 = false} (! bb47) | br1 -> {_87} (! bb46) ] ] | bb46 = s0 - [ s0 = index'1 {arr} {[%#sindex_range31] (3 : usize)} (fun (_ret':int32) -> [ &_95 <- _ret' ] s1) | s1 = bb48 ] + [ s0 = index'1 {arr} {[%#sindex_range31] (3 : UInt64.t)} (fun (_ret':Int32.t) -> [ &_95 <- _ret' ] s1) + | s1 = bb48 ] | bb48 = s0 - [ s0 = Int32.eq {_95} {[%#sindex_range32] (-1 : int32)} (fun (_ret':bool) -> [ &_93 <- _ret' ] s1) + [ s0 = Int32.eq {_95} {[%#sindex_range32] (-1 : Int32.t)} (fun (_ret':bool) -> [ &_93 <- _ret' ] s1) | s1 = any [ br0 -> {_93 = false} (! bb50) | br1 -> {_93} (! bb49) ] ] | bb49 = s0 - [ s0 = index'1 {arr} {[%#sindex_range33] (4 : usize)} (fun (_ret':int32) -> [ &_101 <- _ret' ] s1) | s1 = bb51 ] + [ s0 = index'1 {arr} {[%#sindex_range33] (4 : UInt64.t)} (fun (_ret':Int32.t) -> [ &_101 <- _ret' ] s1) + | s1 = bb51 ] | bb51 = s0 - [ s0 = Int32.eq {_101} {[%#sindex_range34] (4 : int32)} (fun (_ret':bool) -> [ &_99 <- _ret' ] s1) + [ s0 = Int32.eq {_101} {[%#sindex_range34] (4 : Int32.t)} (fun (_ret':bool) -> [ &_99 <- _ret' ] s1) | s1 = any [ br0 -> {_99 = false} (! bb53) | br1 -> {_99} (! bb52) ] ] | bb52 = bb54 @@ -1732,59 +1760,59 @@ module M_index_range__test_range_from [#"index_range.rs" 115 0 115 24] ) [ & _0 : () = any_l () | & arr : t_Vec'0 = any_l () - | & s : slice int32 = any_l () - | & _3 : slice int32 = any_l () + | & s : slice Int32.t = any_l () + | & _3 : slice Int32.t = any_l () | & _5 : t_RangeFrom'0 = any_l () | & _7 : bool = any_l () - | & _8 : usize = any_l () + | & _8 : UInt64.t = any_l () | & _10 : bool = any_l () - | & _12 : usize = any_l () - | & _13 : usize = any_l () + | & _12 : UInt64.t = any_l () + | & _13 : UInt64.t = any_l () | & _14 : bool = any_l () | & _15 : bool = any_l () - | & _17 : usize = any_l () - | & _18 : usize = any_l () + | & _17 : UInt64.t = any_l () + | & _18 : UInt64.t = any_l () | & _19 : bool = any_l () | & _22 : bool = any_l () - | & _23 : usize = any_l () - | & _25 : slice int32 = any_l () + | & _23 : UInt64.t = any_l () + | & _25 : slice Int32.t = any_l () | & _27 : t_RangeFrom'0 = any_l () | & _30 : bool = any_l () | & _32 : t_Option'0 = any_l () - | & _34 : slice int32 = any_l () + | & _34 : slice Int32.t = any_l () | & _36 : t_RangeFrom'0 = any_l () | & _39 : bool = any_l () | & _41 : t_Option'0 = any_l () - | & _43 : slice int32 = any_l () + | & _43 : slice Int32.t = any_l () | & _45 : t_RangeFrom'0 = any_l () - | & s1 : borrowed (slice int32) = any_l () - | & _48 : borrowed (slice int32) = any_l () + | & s1 : borrowed (slice Int32.t) = any_l () + | & _48 : borrowed (slice Int32.t) = any_l () | & _49 : borrowed (t_Vec'0) = any_l () | & _50 : t_RangeFrom'0 = any_l () | & _52 : bool = any_l () - | & _53 : usize = any_l () - | & _56 : usize = any_l () - | & _57 : usize = any_l () + | & _53 : UInt64.t = any_l () + | & _56 : UInt64.t = any_l () + | & _57 : UInt64.t = any_l () | & _58 : bool = any_l () - | & _59 : usize = any_l () - | & _60 : usize = any_l () + | & _59 : UInt64.t = any_l () + | & _60 : UInt64.t = any_l () | & _61 : bool = any_l () | & _63 : bool = any_l () - | & _65 : usize = any_l () - | & _66 : usize = any_l () + | & _65 : UInt64.t = any_l () + | & _66 : UInt64.t = any_l () | & _67 : bool = any_l () | & _70 : bool = any_l () - | & _71 : usize = any_l () + | & _71 : UInt64.t = any_l () | & _75 : bool = any_l () - | & _77 : int32 = any_l () + | & _77 : Int32.t = any_l () | & _81 : bool = any_l () - | & _83 : int32 = any_l () + | & _83 : Int32.t = any_l () | & _87 : bool = any_l () - | & _89 : int32 = any_l () + | & _89 : Int32.t = any_l () | & _93 : bool = any_l () - | & _95 : int32 = any_l () + | & _95 : Int32.t = any_l () | & _99 : bool = any_l () - | & _101 : int32 = any_l () ] + | & _101 : Int32.t = any_l () ] [ return' (result:())-> (! return' {result}) ] end module M_index_range__test_range_full [#"index_range.rs" 154 0 154 24] @@ -1834,7 +1862,7 @@ module M_index_range__test_range_full [#"index_range.rs" 154 0 154 24] let%span sindex_range43 = "index_range.rs" 7 4 12 22 let%span svec44 = "../../../creusot-contracts/src/std/vec.rs" 162 27 162 46 let%span svec45 = "../../../creusot-contracts/src/std/vec.rs" 163 26 163 54 - let%span sslice46 = "../../../creusot-contracts/src/std/slice.rs" 245 0 354 1 + let%span sslice46 = "../../../creusot-contracts/src/std/slice.rs" 263 0 372 1 let%span svec47 = "../../../creusot-contracts/src/std/vec.rs" 152 27 152 46 let%span svec48 = "../../../creusot-contracts/src/std/vec.rs" 153 26 153 54 let%span svec49 = "../../../creusot-contracts/src/std/vec.rs" 154 26 154 57 @@ -1844,25 +1872,25 @@ module M_index_range__test_range_full [#"index_range.rs" 154 0 154 24] let%span svec53 = "../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 let%span sops54 = "../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 let%span smodel55 = "../../../creusot-contracts/src/model.rs" 88 8 88 22 - let%span sslice56 = "../../../creusot-contracts/src/std/slice.rs" 209 20 209 24 - let%span sslice57 = "../../../creusot-contracts/src/std/slice.rs" 215 20 215 31 + let%span sslice56 = "../../../creusot-contracts/src/std/slice.rs" 227 20 227 24 + let%span sslice57 = "../../../creusot-contracts/src/std/slice.rs" 233 20 233 31 let%span smodel58 = "../../../creusot-contracts/src/model.rs" 106 8 106 22 - let%span sslice59 = "../../../creusot-contracts/src/std/slice.rs" 221 20 221 24 + let%span sslice59 = "../../../creusot-contracts/src/std/slice.rs" 239 20 239 24 let%span sresolve60 = "../../../creusot-contracts/src/resolve.rs" 54 20 54 34 - let%span sslice61 = "../../../creusot-contracts/src/std/slice.rs" 122 20 122 37 - let%span sslice62 = "../../../creusot-contracts/src/std/slice.rs" 129 20 129 37 + let%span sslice61 = "../../../creusot-contracts/src/std/slice.rs" 140 20 140 37 + let%span sslice62 = "../../../creusot-contracts/src/std/slice.rs" 147 20 147 37 let%span sslice63 = "../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 let%span sslice64 = "../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 use seq.Seq - use prelude.prelude.UIntSize + use prelude.prelude.Int - constant v_MAX'0 : usize = (18446744073709551615 : usize) + use prelude.prelude.UInt64 - use prelude.prelude.UIntSize + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.Int + use prelude.prelude.UInt64 use prelude.prelude.Opaque @@ -1873,25 +1901,25 @@ module M_index_range__test_range_full [#"index_range.rs" 154 0 154 24] { t_Unique__pointer'0: t_NonNull'0; t_Unique__qy95zmarker'0: () } type t_Cap'0 = - { t_Cap__0'0: usize } + { t_Cap__0'0: UInt64.t } type t_RawVec'0 = { t_RawVec__ptr'0: t_Unique'0; t_RawVec__cap'0: t_Cap'0; t_RawVec__alloc'0: () } type t_Vec'0 = - { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: usize } + { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: UInt64.t } use prelude.prelude.Int32 use seq.Seq - function view'0 (self : t_Vec'0) : Seq.seq int32 + function view'0 (self : t_Vec'0) : Seq.seq Int32.t - axiom view'0_spec : forall self : t_Vec'0 . [%#svec53] Seq.length (view'0 self) <= UIntSize.to_int (v_MAX'0 : usize) + axiom view'0_spec : forall self : t_Vec'0 . [%#svec53] Seq.length (view'0 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) use seq.Seq - function index_logic'0 [@inline:trivial] (self : t_Vec'0) (ix : int) : int32 = + function index_logic'0 [@inline:trivial] (self : t_Vec'0) (ix : int) : Int32.t = [%#sops54] Seq.get (view'0 self) ix use prelude.prelude.Int32 @@ -1915,65 +1943,65 @@ module M_index_range__test_range_full [#"index_range.rs" 154 0 154 24] axiom inv_axiom'1 [@rewrite] : forall x : () [inv'1 x] . inv'1 x = true - function view'1 (self : t_Vec'0) : Seq.seq int32 = + function view'1 (self : t_Vec'0) : Seq.seq Int32.t = [%#smodel55] view'0 self - predicate in_bounds'0 (self : ()) (_seq : Seq.seq int32) = + predicate in_bounds'0 (self : ()) (_seq : Seq.seq Int32.t) = [%#sslice56] true - use prelude.prelude.Slice + use Slice64.create - predicate inv'2 (_1 : slice int32) + predicate inv'2 (_1 : slice Int32.t) - axiom inv_axiom'2 [@rewrite] : forall x : slice int32 [inv'2 x] . inv'2 x = true + axiom inv_axiom'2 [@rewrite] : forall x : slice Int32.t [inv'2 x] . inv'2 x = true - use prelude.prelude.Slice + use prelude.prelude.Slice64 - function view'4 (self : slice int32) : Seq.seq int32 + function view'4 (self : slice Int32.t) : Seq.seq Int32.t - axiom view'4_spec : forall self : slice int32 . ([%#sslice63] Seq.length (view'4 self) - <= UIntSize.to_int (v_MAX'0 : usize)) - && ([%#sslice64] view'4 self = Slice.id self) + axiom view'4_spec : forall self : slice Int32.t . ([%#sslice63] Seq.length (view'4 self) + <= UInt64.to_uint (v_MAX'0 : UInt64.t)) + && ([%#sslice64] view'4 self = Slice64.id self) - predicate has_value'0 (self : ()) (seq : Seq.seq int32) (out : slice int32) = + predicate has_value'0 (self : ()) (seq : Seq.seq Int32.t) (out : slice Int32.t) = [%#sslice57] seq = view'4 out - let rec index'0 (self:t_Vec'0) (index:()) (return' (ret:slice int32))= {[@expl:index 'self' type invariant] inv'0 self} + let rec index'0 (self:t_Vec'0) (index:()) (return' (ret:slice Int32.t))= {[@expl:index 'self' type invariant] inv'0 self} {[@expl:index 'index' type invariant] inv'1 index} {[@expl:index requires] [%#svec44] in_bounds'0 index (view'1 self)} any - [ return' (result:slice int32)-> {inv'2 result} + [ return' (result:slice Int32.t)-> {inv'2 result} {[%#svec45] has_value'0 index (view'1 self) result} (! return' {result}) ] - function view'2 (self : slice int32) : Seq.seq int32 = + function view'2 (self : slice Int32.t) : Seq.seq Int32.t = [%#smodel55] view'4 self - let rec len'0 (self:slice int32) (return' (ret:usize))= {[@expl:len 'self' type invariant] inv'2 self} + let rec len'0 (self:slice Int32.t) (return' (ret:UInt64.t))= {[@expl:len 'self' type invariant] inv'2 self} any - [ return' (result:usize)-> {[%#sslice46] Seq.length (view'2 self) = UIntSize.to_int result} (! return' {result}) ] + [ return' (result:UInt64.t)-> {[%#sslice46] Seq.length (view'2 self) = UInt64.to_uint result} (! return' {result}) ] predicate inv'3 (_1 : borrowed (t_Vec'0)) axiom inv_axiom'3 [@rewrite] : forall x : borrowed (t_Vec'0) [inv'3 x] . inv'3 x = true - function view'3 (self : borrowed (t_Vec'0)) : Seq.seq int32 = + function view'3 (self : borrowed (t_Vec'0)) : Seq.seq Int32.t = [%#smodel58] view'0 self.current - predicate inv'4 (_1 : borrowed (slice int32)) + predicate inv'4 (_1 : borrowed (slice Int32.t)) - axiom inv_axiom'4 [@rewrite] : forall x : borrowed (slice int32) [inv'4 x] . inv'4 x = true + axiom inv_axiom'4 [@rewrite] : forall x : borrowed (slice Int32.t) [inv'4 x] . inv'4 x = true - predicate resolve_elswhere'0 (self : ()) (_old : Seq.seq int32) (_fin : Seq.seq int32) = + predicate resolve_elswhere'0 (self : ()) (_old : Seq.seq Int32.t) (_fin : Seq.seq Int32.t) = [%#sslice59] true - let rec index_mut'0 (self:borrowed (t_Vec'0)) (index:()) (return' (ret:borrowed (slice int32)))= {[@expl:index_mut 'self' type invariant] inv'3 self} + let rec index_mut'0 (self:borrowed (t_Vec'0)) (index:()) (return' (ret:borrowed (slice Int32.t)))= {[@expl:index_mut 'self' type invariant] inv'3 self} {[@expl:index_mut 'index' type invariant] inv'1 index} {[@expl:index_mut requires] [%#svec47] in_bounds'0 index (view'3 self)} any - [ return' (result:borrowed (slice int32))-> {inv'4 result} + [ return' (result:borrowed (slice Int32.t))-> {inv'4 result} {[%#svec48] has_value'0 index (view'3 self) result.current} {[%#svec49] has_value'0 index (view'0 self.final) result.final} {[%#svec50] resolve_elswhere'0 index (view'3 self) (view'0 self.final)} @@ -1981,36 +2009,38 @@ module M_index_range__test_range_full [#"index_range.rs" 154 0 154 24] (! return' {result}) ] - predicate resolve'1 (self : borrowed (slice int32)) = + predicate resolve'1 (self : borrowed (slice Int32.t)) = [%#sresolve60] self.final = self.current - predicate resolve'0 (_1 : borrowed (slice int32)) = + predicate resolve'0 (_1 : borrowed (slice Int32.t)) = resolve'1 _1 - let rec len'1 (self:t_Vec'0) (return' (ret:usize))= {[@expl:len 'self' type invariant] inv'0 self} + let rec len'1 (self:t_Vec'0) (return' (ret:UInt64.t))= {[@expl:len 'self' type invariant] inv'0 self} any - [ return' (result:usize)-> {[%#svec52] UIntSize.to_int result = Seq.length (view'1 self)} (! return' {result}) ] + [ return' (result:UInt64.t)-> {[%#svec52] UInt64.to_uint result = Seq.length (view'1 self)} (! return' {result}) ] - predicate inv'5 (_1 : usize) + predicate inv'5 (_1 : UInt64.t) - axiom inv_axiom'5 [@rewrite] : forall x : usize [inv'5 x] . inv'5 x = true + axiom inv_axiom'5 [@rewrite] : forall x : UInt64.t [inv'5 x] . inv'5 x = true - predicate in_bounds'1 [@inline:trivial] (self : usize) (seq : Seq.seq int32) = - [%#sslice61] UIntSize.to_int self < Seq.length seq + predicate in_bounds'1 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq Int32.t) = + [%#sslice61] UInt64.to_uint self < Seq.length seq - predicate inv'6 (_1 : int32) + predicate inv'6 (_1 : Int32.t) - axiom inv_axiom'6 [@rewrite] : forall x : int32 [inv'6 x] . inv'6 x = true + axiom inv_axiom'6 [@rewrite] : forall x : Int32.t [inv'6 x] . inv'6 x = true - predicate has_value'1 [@inline:trivial] (self : usize) (seq : Seq.seq int32) (out : int32) = - [%#sslice62] Seq.get seq (UIntSize.to_int self) = out + predicate has_value'1 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq Int32.t) (out : Int32.t) = + [%#sslice62] Seq.get seq (UInt64.to_uint self) = out - let rec index'1 (self:t_Vec'0) (index:usize) (return' (ret:int32))= {[@expl:index 'self' type invariant] inv'0 self} + let rec index'1 (self:t_Vec'0) (index:UInt64.t) (return' (ret:Int32.t))= {[@expl:index 'self' type invariant] inv'0 self} {[@expl:index 'index' type invariant] inv'5 index} {[@expl:index requires] [%#svec44] in_bounds'1 index (view'1 self)} any - [ return' (result:int32)-> {inv'6 result} {[%#svec45] has_value'1 index (view'1 self) result} (! return' {result}) ] + [ return' (result:Int32.t)-> {inv'6 result} + {[%#svec45] has_value'1 index (view'1 self) result} + (! return' {result}) ] use prelude.prelude.Intrinsic @@ -2020,156 +2050,163 @@ module M_index_range__test_range_full [#"index_range.rs" 154 0 154 24] let rec test_range_full'0 (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = create_arr'0 {[%#sindex_range0] ()} (fun (_ret':t_Vec'0) -> [ &arr <- _ret' ] s1) | s1 = bb1 ] | bb1 = s0 - [ s0 = [ &_5 <- () ] s1 | s1 = index'0 {arr} {_5} (fun (_ret':slice int32) -> [ &_3 <- _ret' ] s2) | s2 = bb2 ] + [ s0 = [ &_5 <- () ] s1 + | s1 = index'0 {arr} {_5} (fun (_ret':slice Int32.t) -> [ &_3 <- _ret' ] s2) + | s2 = bb2 ] - | bb2 = s0 [ s0 = [ &s <- _3 ] s1 | s1 = len'0 {s} (fun (_ret':usize) -> [ &_8 <- _ret' ] s2) | s2 = bb3 ] + | bb2 = s0 [ s0 = [ &s <- _3 ] s1 | s1 = len'0 {s} (fun (_ret':UInt64.t) -> [ &_8 <- _ret' ] s2) | s2 = bb3 ] | bb3 = s0 - [ s0 = UIntSize.eq {_8} {[%#sindex_range1] (5 : usize)} (fun (_ret':bool) -> [ &_7 <- _ret' ] s1) + [ s0 = UInt64.eq {_8} {[%#sindex_range1] (5 : UInt64.t)} (fun (_ret':bool) -> [ &_7 <- _ret' ] s1) | s1 = any [ br0 -> {_7 = false} (! bb20) | br1 -> {_7} (! bb4) ] ] | bb4 = s0 - [ s0 = [ &_12 <- [%#sindex_range2] (0 : usize) ] s1 + [ s0 = [ &_12 <- [%#sindex_range2] (0 : UInt64.t) ] s1 | s1 = [ &_13 <- Slice.length s ] s2 - | s2 = UIntSize.lt {_12} {_13} (fun (_ret':bool) -> [ &_14 <- _ret' ] s3) + | s2 = UInt64.lt {_12} {_13} (fun (_ret':bool) -> [ &_14 <- _ret' ] s3) | s3 = {[@expl:index in bounds] [%#sindex_range3] _14} s4 | s4 = bb5 ] | bb5 = s0 - [ s0 = Slice.get {s} {_12} - (fun (r'0:int32) -> - Int32.eq {r'0} {[%#sindex_range4] (0 : int32)} (fun (_ret':bool) -> [ &_10 <- _ret' ] s1)) + [ s0 = Slice64.get {s} {_12} + (fun (r'0:Int32.t) -> + Int32.eq {r'0} {[%#sindex_range4] (0 : Int32.t)} (fun (_ret':bool) -> [ &_10 <- _ret' ] s1)) | s1 = any [ br0 -> {_10 = false} (! bb19) | br1 -> {_10} (! bb6) ] ] | bb6 = s0 - [ s0 = [ &_17 <- [%#sindex_range5] (1 : usize) ] s1 + [ s0 = [ &_17 <- [%#sindex_range5] (1 : UInt64.t) ] s1 | s1 = [ &_18 <- Slice.length s ] s2 - | s2 = UIntSize.lt {_17} {_18} (fun (_ret':bool) -> [ &_19 <- _ret' ] s3) + | s2 = UInt64.lt {_17} {_18} (fun (_ret':bool) -> [ &_19 <- _ret' ] s3) | s3 = {[@expl:index in bounds] [%#sindex_range6] _19} s4 | s4 = bb7 ] | bb7 = s0 - [ s0 = Slice.get {s} {_17} - (fun (r'0:int32) -> - Int32.eq {r'0} {[%#sindex_range7] (1 : int32)} (fun (_ret':bool) -> [ &_15 <- _ret' ] s1)) + [ s0 = Slice64.get {s} {_17} + (fun (r'0:Int32.t) -> + Int32.eq {r'0} {[%#sindex_range7] (1 : Int32.t)} (fun (_ret':bool) -> [ &_15 <- _ret' ] s1)) | s1 = any [ br0 -> {_15 = false} (! bb18) | br1 -> {_15} (! bb8) ] ] | bb8 = s0 - [ s0 = [ &_22 <- [%#sindex_range8] (2 : usize) ] s1 + [ s0 = [ &_22 <- [%#sindex_range8] (2 : UInt64.t) ] s1 | s1 = [ &_23 <- Slice.length s ] s2 - | s2 = UIntSize.lt {_22} {_23} (fun (_ret':bool) -> [ &_24 <- _ret' ] s3) + | s2 = UInt64.lt {_22} {_23} (fun (_ret':bool) -> [ &_24 <- _ret' ] s3) | s3 = {[@expl:index in bounds] [%#sindex_range9] _24} s4 | s4 = bb9 ] | bb9 = s0 - [ s0 = Slice.get {s} {_22} - (fun (r'0:int32) -> - Int32.eq {r'0} {[%#sindex_range10] (2 : int32)} (fun (_ret':bool) -> [ &_20 <- _ret' ] s1)) + [ s0 = Slice64.get {s} {_22} + (fun (r'0:Int32.t) -> + Int32.eq {r'0} {[%#sindex_range10] (2 : Int32.t)} (fun (_ret':bool) -> [ &_20 <- _ret' ] s1)) | s1 = any [ br0 -> {_20 = false} (! bb17) | br1 -> {_20} (! bb10) ] ] | bb10 = s0 - [ s0 = [ &_27 <- [%#sindex_range11] (3 : usize) ] s1 + [ s0 = [ &_27 <- [%#sindex_range11] (3 : UInt64.t) ] s1 | s1 = [ &_28 <- Slice.length s ] s2 - | s2 = UIntSize.lt {_27} {_28} (fun (_ret':bool) -> [ &_29 <- _ret' ] s3) + | s2 = UInt64.lt {_27} {_28} (fun (_ret':bool) -> [ &_29 <- _ret' ] s3) | s3 = {[@expl:index in bounds] [%#sindex_range12] _29} s4 | s4 = bb11 ] | bb11 = s0 - [ s0 = Slice.get {s} {_27} - (fun (r'0:int32) -> - Int32.eq {r'0} {[%#sindex_range13] (3 : int32)} (fun (_ret':bool) -> [ &_25 <- _ret' ] s1)) + [ s0 = Slice64.get {s} {_27} + (fun (r'0:Int32.t) -> + Int32.eq {r'0} {[%#sindex_range13] (3 : Int32.t)} (fun (_ret':bool) -> [ &_25 <- _ret' ] s1)) | s1 = any [ br0 -> {_25 = false} (! bb16) | br1 -> {_25} (! bb12) ] ] | bb12 = s0 - [ s0 = [ &_32 <- [%#sindex_range14] (4 : usize) ] s1 + [ s0 = [ &_32 <- [%#sindex_range14] (4 : UInt64.t) ] s1 | s1 = [ &_33 <- Slice.length s ] s2 - | s2 = UIntSize.lt {_32} {_33} (fun (_ret':bool) -> [ &_34 <- _ret' ] s3) + | s2 = UInt64.lt {_32} {_33} (fun (_ret':bool) -> [ &_34 <- _ret' ] s3) | s3 = {[@expl:index in bounds] [%#sindex_range15] _34} s4 | s4 = bb13 ] | bb13 = s0 - [ s0 = Slice.get {s} {_32} - (fun (r'0:int32) -> - Int32.eq {r'0} {[%#sindex_range16] (4 : int32)} (fun (_ret':bool) -> [ &_30 <- _ret' ] s1)) + [ s0 = Slice64.get {s} {_32} + (fun (r'0:Int32.t) -> + Int32.eq {r'0} {[%#sindex_range16] (4 : Int32.t)} (fun (_ret':bool) -> [ &_30 <- _ret' ] s1)) | s1 = any [ br0 -> {_30 = false} (! bb15) | br1 -> {_30} (! bb14) ] ] | bb14 = s0 [ s0 = Borrow.borrow_mut {arr} (fun (_ret':borrowed (t_Vec'0)) -> [ &_38 <- _ret' ] [ &arr <- _ret'.final ] s1) | s1 = [ &_39 <- () ] s2 - | s2 = index_mut'0 {_38} {_39} (fun (_ret':borrowed (slice int32)) -> [ &_37 <- _ret' ] s3) + | s2 = index_mut'0 {_38} {_39} (fun (_ret':borrowed (slice Int32.t)) -> [ &_37 <- _ret' ] s3) | s3 = bb22 ] | bb22 = s0 - [ s0 = Borrow.borrow_final {_37.current} {Borrow.get_id _37} - (fun (_ret':borrowed (slice int32)) -> [ &s1 <- _ret' ] [ &_37 <- { _37 with current = _ret'.final } ] s1) - | s1 = len'0 {s1.current} (fun (_ret':usize) -> [ &_42 <- _ret' ] s2) + [ s0 = Borrow.borrow_final {_37.current} {Borrow.get_id _37} + (fun (_ret':borrowed (slice Int32.t)) -> [ &s1 <- _ret' ] [ &_37 <- { _37 with current = _ret'.final } ] s1) + | s1 = len'0 {s1.current} (fun (_ret':UInt64.t) -> [ &_42 <- _ret' ] s2) | s2 = bb23 ] | bb23 = s0 - [ s0 = UIntSize.eq {_42} {[%#sindex_range17] (5 : usize)} (fun (_ret':bool) -> [ &_41 <- _ret' ] s1) + [ s0 = UInt64.eq {_42} {[%#sindex_range17] (5 : UInt64.t)} (fun (_ret':bool) -> [ &_41 <- _ret' ] s1) | s1 = any [ br0 -> {_41 = false} (! bb25) | br1 -> {_41} (! bb24) ] ] | bb24 = s0 - [ s0 = [ &_45 <- [%#sindex_range18] (1 : usize) ] s1 + [ s0 = [ &_45 <- [%#sindex_range18] (1 : UInt64.t) ] s1 | s1 = [ &_46 <- Slice.length s1.current ] s2 - | s2 = UIntSize.lt {_45} {_46} (fun (_ret':bool) -> [ &_47 <- _ret' ] s3) + | s2 = UInt64.lt {_45} {_46} (fun (_ret':bool) -> [ &_47 <- _ret' ] s3) | s3 = {[@expl:index in bounds] [%#sindex_range19] _47} s4 | s4 = bb26 ] | bb26 = s0 - [ s0 = Slice.set {s1.current} {_45} {[%#sindex_range20] (-1 : int32)} - (fun (r'0:slice int32) -> [ &s1 <- { s1 with current = r'0 } ] s1) - | s1 = [ &_48 <- [%#sindex_range21] (3 : usize) ] s2 + [ s0 = Slice64.set {s1.current} {_45} {[%#sindex_range20] (-1 : Int32.t)} + (fun (r'0:slice Int32.t) -> [ &s1 <- { s1 with current = r'0 } ] s1) + | s1 = [ &_48 <- [%#sindex_range21] (3 : UInt64.t) ] s2 | s2 = [ &_49 <- Slice.length s1.current ] s3 - | s3 = UIntSize.lt {_48} {_49} (fun (_ret':bool) -> [ &_50 <- _ret' ] s4) + | s3 = UInt64.lt {_48} {_49} (fun (_ret':bool) -> [ &_50 <- _ret' ] s4) | s4 = {[@expl:index in bounds] [%#sindex_range22] _50} s5 | s5 = bb27 ] | bb27 = s0 - [ s0 = Slice.set {s1.current} {_48} {[%#sindex_range23] (-1 : int32)} - (fun (r'0:slice int32) -> [ &s1 <- { s1 with current = r'0 } ] s1) + [ s0 = Slice64.set {s1.current} {_48} {[%#sindex_range23] (-1 : Int32.t)} + (fun (r'0:slice Int32.t) -> [ &s1 <- { s1 with current = r'0 } ] s1) | s1 = -{resolve'0 s1}- s2 | s2 = -{resolve'0 _37}- s3 - | s3 = len'1 {arr} (fun (_ret':usize) -> [ &_53 <- _ret' ] s4) + | s3 = len'1 {arr} (fun (_ret':UInt64.t) -> [ &_53 <- _ret' ] s4) | s4 = bb28 ] | bb28 = s0 - [ s0 = UIntSize.eq {_53} {[%#sindex_range24] (5 : usize)} (fun (_ret':bool) -> [ &_52 <- _ret' ] s1) + [ s0 = UInt64.eq {_53} {[%#sindex_range24] (5 : UInt64.t)} (fun (_ret':bool) -> [ &_52 <- _ret' ] s1) | s1 = any [ br0 -> {_52 = false} (! bb30) | br1 -> {_52} (! bb29) ] ] | bb29 = s0 - [ s0 = index'1 {arr} {[%#sindex_range25] (0 : usize)} (fun (_ret':int32) -> [ &_59 <- _ret' ] s1) | s1 = bb31 ] + [ s0 = index'1 {arr} {[%#sindex_range25] (0 : UInt64.t)} (fun (_ret':Int32.t) -> [ &_59 <- _ret' ] s1) + | s1 = bb31 ] | bb31 = s0 - [ s0 = Int32.eq {_59} {[%#sindex_range26] (0 : int32)} (fun (_ret':bool) -> [ &_57 <- _ret' ] s1) + [ s0 = Int32.eq {_59} {[%#sindex_range26] (0 : Int32.t)} (fun (_ret':bool) -> [ &_57 <- _ret' ] s1) | s1 = any [ br0 -> {_57 = false} (! bb33) | br1 -> {_57} (! bb32) ] ] | bb32 = s0 - [ s0 = index'1 {arr} {[%#sindex_range27] (1 : usize)} (fun (_ret':int32) -> [ &_65 <- _ret' ] s1) | s1 = bb34 ] + [ s0 = index'1 {arr} {[%#sindex_range27] (1 : UInt64.t)} (fun (_ret':Int32.t) -> [ &_65 <- _ret' ] s1) + | s1 = bb34 ] | bb34 = s0 - [ s0 = Int32.eq {_65} {[%#sindex_range28] (-1 : int32)} (fun (_ret':bool) -> [ &_63 <- _ret' ] s1) + [ s0 = Int32.eq {_65} {[%#sindex_range28] (-1 : Int32.t)} (fun (_ret':bool) -> [ &_63 <- _ret' ] s1) | s1 = any [ br0 -> {_63 = false} (! bb36) | br1 -> {_63} (! bb35) ] ] | bb35 = s0 - [ s0 = index'1 {arr} {[%#sindex_range29] (2 : usize)} (fun (_ret':int32) -> [ &_71 <- _ret' ] s1) | s1 = bb37 ] + [ s0 = index'1 {arr} {[%#sindex_range29] (2 : UInt64.t)} (fun (_ret':Int32.t) -> [ &_71 <- _ret' ] s1) + | s1 = bb37 ] | bb37 = s0 - [ s0 = Int32.eq {_71} {[%#sindex_range30] (2 : int32)} (fun (_ret':bool) -> [ &_69 <- _ret' ] s1) + [ s0 = Int32.eq {_71} {[%#sindex_range30] (2 : Int32.t)} (fun (_ret':bool) -> [ &_69 <- _ret' ] s1) | s1 = any [ br0 -> {_69 = false} (! bb39) | br1 -> {_69} (! bb38) ] ] | bb38 = s0 - [ s0 = index'1 {arr} {[%#sindex_range31] (3 : usize)} (fun (_ret':int32) -> [ &_77 <- _ret' ] s1) | s1 = bb40 ] + [ s0 = index'1 {arr} {[%#sindex_range31] (3 : UInt64.t)} (fun (_ret':Int32.t) -> [ &_77 <- _ret' ] s1) + | s1 = bb40 ] | bb40 = s0 - [ s0 = Int32.eq {_77} {[%#sindex_range32] (-1 : int32)} (fun (_ret':bool) -> [ &_75 <- _ret' ] s1) + [ s0 = Int32.eq {_77} {[%#sindex_range32] (-1 : Int32.t)} (fun (_ret':bool) -> [ &_75 <- _ret' ] s1) | s1 = any [ br0 -> {_75 = false} (! bb42) | br1 -> {_75} (! bb41) ] ] | bb41 = s0 - [ s0 = index'1 {arr} {[%#sindex_range33] (4 : usize)} (fun (_ret':int32) -> [ &_83 <- _ret' ] s1) | s1 = bb43 ] + [ s0 = index'1 {arr} {[%#sindex_range33] (4 : UInt64.t)} (fun (_ret':Int32.t) -> [ &_83 <- _ret' ] s1) + | s1 = bb43 ] | bb43 = s0 - [ s0 = Int32.eq {_83} {[%#sindex_range34] (4 : int32)} (fun (_ret':bool) -> [ &_81 <- _ret' ] s1) + [ s0 = Int32.eq {_83} {[%#sindex_range34] (4 : Int32.t)} (fun (_ret':bool) -> [ &_81 <- _ret' ] s1) | s1 = any [ br0 -> {_81 = false} (! bb45) | br1 -> {_81} (! bb44) ] ] | bb44 = bb46 @@ -2191,55 +2228,55 @@ module M_index_range__test_range_full [#"index_range.rs" 154 0 154 24] ) [ & _0 : () = any_l () | & arr : t_Vec'0 = any_l () - | & s : slice int32 = any_l () - | & _3 : slice int32 = any_l () + | & s : slice Int32.t = any_l () + | & _3 : slice Int32.t = any_l () | & _5 : () = any_l () | & _7 : bool = any_l () - | & _8 : usize = any_l () + | & _8 : UInt64.t = any_l () | & _10 : bool = any_l () - | & _12 : usize = any_l () - | & _13 : usize = any_l () + | & _12 : UInt64.t = any_l () + | & _13 : UInt64.t = any_l () | & _14 : bool = any_l () | & _15 : bool = any_l () - | & _17 : usize = any_l () - | & _18 : usize = any_l () + | & _17 : UInt64.t = any_l () + | & _18 : UInt64.t = any_l () | & _19 : bool = any_l () | & _20 : bool = any_l () - | & _22 : usize = any_l () - | & _23 : usize = any_l () + | & _22 : UInt64.t = any_l () + | & _23 : UInt64.t = any_l () | & _24 : bool = any_l () | & _25 : bool = any_l () - | & _27 : usize = any_l () - | & _28 : usize = any_l () + | & _27 : UInt64.t = any_l () + | & _28 : UInt64.t = any_l () | & _29 : bool = any_l () | & _30 : bool = any_l () - | & _32 : usize = any_l () - | & _33 : usize = any_l () + | & _32 : UInt64.t = any_l () + | & _33 : UInt64.t = any_l () | & _34 : bool = any_l () - | & s1 : borrowed (slice int32) = any_l () - | & _37 : borrowed (slice int32) = any_l () + | & s1 : borrowed (slice Int32.t) = any_l () + | & _37 : borrowed (slice Int32.t) = any_l () | & _38 : borrowed (t_Vec'0) = any_l () | & _39 : () = any_l () | & _41 : bool = any_l () - | & _42 : usize = any_l () - | & _45 : usize = any_l () - | & _46 : usize = any_l () + | & _42 : UInt64.t = any_l () + | & _45 : UInt64.t = any_l () + | & _46 : UInt64.t = any_l () | & _47 : bool = any_l () - | & _48 : usize = any_l () - | & _49 : usize = any_l () + | & _48 : UInt64.t = any_l () + | & _49 : UInt64.t = any_l () | & _50 : bool = any_l () | & _52 : bool = any_l () - | & _53 : usize = any_l () + | & _53 : UInt64.t = any_l () | & _57 : bool = any_l () - | & _59 : int32 = any_l () + | & _59 : Int32.t = any_l () | & _63 : bool = any_l () - | & _65 : int32 = any_l () + | & _65 : Int32.t = any_l () | & _69 : bool = any_l () - | & _71 : int32 = any_l () + | & _71 : Int32.t = any_l () | & _75 : bool = any_l () - | & _77 : int32 = any_l () + | & _77 : Int32.t = any_l () | & _81 : bool = any_l () - | & _83 : int32 = any_l () ] + | & _83 : Int32.t = any_l () ] [ return' (result:())-> (! return' {result}) ] end module M_index_range__test_range_to_inclusive [#"index_range.rs" 179 0 179 32] @@ -2288,10 +2325,10 @@ module M_index_range__test_range_to_inclusive [#"index_range.rs" 179 0 179 32] let%span sindex_range42 = "index_range.rs" 7 4 12 22 let%span svec43 = "../../../creusot-contracts/src/std/vec.rs" 162 27 162 46 let%span svec44 = "../../../creusot-contracts/src/std/vec.rs" 163 26 163 54 - let%span sslice45 = "../../../creusot-contracts/src/std/slice.rs" 245 0 354 1 + let%span sslice45 = "../../../creusot-contracts/src/std/slice.rs" 263 0 372 1 let%span svec46 = "../../../creusot-contracts/src/std/vec.rs" 169 26 169 42 - let%span sslice47 = "../../../creusot-contracts/src/std/slice.rs" 262 18 262 100 - let%span sslice48 = "../../../creusot-contracts/src/std/slice.rs" 263 18 263 55 + let%span sslice47 = "../../../creusot-contracts/src/std/slice.rs" 280 18 280 100 + let%span sslice48 = "../../../creusot-contracts/src/std/slice.rs" 281 18 281 55 let%span soption49 = "../../../creusot-contracts/src/std/option.rs" 51 26 51 51 let%span svec50 = "../../../creusot-contracts/src/std/vec.rs" 152 27 152 46 let%span svec51 = "../../../creusot-contracts/src/std/vec.rs" 153 26 153 54 @@ -2302,25 +2339,25 @@ module M_index_range__test_range_to_inclusive [#"index_range.rs" 179 0 179 32] let%span svec56 = "../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 let%span sops57 = "../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 let%span smodel58 = "../../../creusot-contracts/src/model.rs" 88 8 88 22 - let%span sslice59 = "../../../creusot-contracts/src/std/slice.rs" 229 20 229 41 - let%span sslice60 = "../../../creusot-contracts/src/std/slice.rs" 235 20 235 61 + let%span sslice59 = "../../../creusot-contracts/src/std/slice.rs" 247 20 247 41 + let%span sslice60 = "../../../creusot-contracts/src/std/slice.rs" 253 20 253 61 let%span smodel61 = "../../../creusot-contracts/src/model.rs" 106 8 106 22 - let%span sslice62 = "../../../creusot-contracts/src/std/slice.rs" 241 20 241 87 + let%span sslice62 = "../../../creusot-contracts/src/std/slice.rs" 259 20 259 87 let%span sresolve63 = "../../../creusot-contracts/src/resolve.rs" 54 20 54 34 - let%span sslice64 = "../../../creusot-contracts/src/std/slice.rs" 122 20 122 37 - let%span sslice65 = "../../../creusot-contracts/src/std/slice.rs" 129 20 129 37 + let%span sslice64 = "../../../creusot-contracts/src/std/slice.rs" 140 20 140 37 + let%span sslice65 = "../../../creusot-contracts/src/std/slice.rs" 147 20 147 37 let%span sslice66 = "../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 let%span sslice67 = "../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 use seq.Seq - use prelude.prelude.UIntSize + use prelude.prelude.Int - constant v_MAX'0 : usize = (18446744073709551615 : usize) + use prelude.prelude.UInt64 - use prelude.prelude.UIntSize + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.Int + use prelude.prelude.UInt64 use prelude.prelude.Opaque @@ -2331,25 +2368,25 @@ module M_index_range__test_range_to_inclusive [#"index_range.rs" 179 0 179 32] { t_Unique__pointer'0: t_NonNull'0; t_Unique__qy95zmarker'0: () } type t_Cap'0 = - { t_Cap__0'0: usize } + { t_Cap__0'0: UInt64.t } type t_RawVec'0 = { t_RawVec__ptr'0: t_Unique'0; t_RawVec__cap'0: t_Cap'0; t_RawVec__alloc'0: () } type t_Vec'0 = - { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: usize } + { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: UInt64.t } use prelude.prelude.Int32 use seq.Seq - function view'0 (self : t_Vec'0) : Seq.seq int32 + function view'0 (self : t_Vec'0) : Seq.seq Int32.t - axiom view'0_spec : forall self : t_Vec'0 . [%#svec56] Seq.length (view'0 self) <= UIntSize.to_int (v_MAX'0 : usize) + axiom view'0_spec : forall self : t_Vec'0 . [%#svec56] Seq.length (view'0 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) use seq.Seq - function index_logic'0 [@inline:trivial] (self : t_Vec'0) (ix : int) : int32 = + function index_logic'0 [@inline:trivial] (self : t_Vec'0) (ix : int) : Int32.t = [%#sops57] Seq.get (view'0 self) ix use prelude.prelude.Int32 @@ -2364,7 +2401,7 @@ module M_index_range__test_range_to_inclusive [#"index_range.rs" 179 0 179 32] type t_RangeToInclusive'0 = - { t_RangeToInclusive__end'0: usize } + { t_RangeToInclusive__end'0: UInt64.t } use prelude.prelude.Borrow @@ -2376,65 +2413,67 @@ module M_index_range__test_range_to_inclusive [#"index_range.rs" 179 0 179 32] axiom inv_axiom'1 [@rewrite] : forall x : t_RangeToInclusive'0 [inv'1 x] . inv'1 x = true - function view'1 (self : t_Vec'0) : Seq.seq int32 = + function view'1 (self : t_Vec'0) : Seq.seq Int32.t = [%#smodel58] view'0 self - predicate in_bounds'0 (self : t_RangeToInclusive'0) (seq : Seq.seq int32) = - [%#sslice59] UIntSize.to_int self.t_RangeToInclusive__end'0 < Seq.length seq + predicate in_bounds'0 (self : t_RangeToInclusive'0) (seq : Seq.seq Int32.t) = + [%#sslice59] UInt64.to_uint self.t_RangeToInclusive__end'0 < Seq.length seq - use prelude.prelude.Slice + use Slice64.create - predicate inv'2 (_1 : slice int32) + predicate inv'2 (_1 : slice Int32.t) - axiom inv_axiom'2 [@rewrite] : forall x : slice int32 [inv'2 x] . inv'2 x = true + axiom inv_axiom'2 [@rewrite] : forall x : slice Int32.t [inv'2 x] . inv'2 x = true use seq.Seq - use prelude.prelude.Slice + use prelude.prelude.Slice64 - function view'4 (self : slice int32) : Seq.seq int32 + function view'4 (self : slice Int32.t) : Seq.seq Int32.t - axiom view'4_spec : forall self : slice int32 . ([%#sslice66] Seq.length (view'4 self) - <= UIntSize.to_int (v_MAX'0 : usize)) - && ([%#sslice67] view'4 self = Slice.id self) + axiom view'4_spec : forall self : slice Int32.t . ([%#sslice66] Seq.length (view'4 self) + <= UInt64.to_uint (v_MAX'0 : UInt64.t)) + && ([%#sslice67] view'4 self = Slice64.id self) - predicate has_value'0 (self : t_RangeToInclusive'0) (seq : Seq.seq int32) (out : slice int32) = - [%#sslice60] Seq.([..]) seq 0 (UIntSize.to_int self.t_RangeToInclusive__end'0 + 1) = view'4 out + predicate has_value'0 (self : t_RangeToInclusive'0) (seq : Seq.seq Int32.t) (out : slice Int32.t) = + [%#sslice60] Seq.([..]) seq 0 (UInt64.to_uint self.t_RangeToInclusive__end'0 + 1) = view'4 out - let rec index'0 (self:t_Vec'0) (index:t_RangeToInclusive'0) (return' (ret:slice int32))= {[@expl:index 'self' type invariant] inv'0 self} + let rec index'0 (self:t_Vec'0) (index:t_RangeToInclusive'0) (return' (ret:slice Int32.t))= {[@expl:index 'self' type invariant] inv'0 self} {[@expl:index 'index' type invariant] inv'1 index} {[@expl:index requires] [%#svec43] in_bounds'0 index (view'1 self)} any - [ return' (result:slice int32)-> {inv'2 result} + [ return' (result:slice Int32.t)-> {inv'2 result} {[%#svec44] has_value'0 index (view'1 self) result} (! return' {result}) ] - function view'2 (self : slice int32) : Seq.seq int32 = + function view'2 (self : slice Int32.t) : Seq.seq Int32.t = [%#smodel58] view'4 self - let rec len'0 (self:slice int32) (return' (ret:usize))= {[@expl:len 'self' type invariant] inv'2 self} + let rec len'0 (self:slice Int32.t) (return' (ret:UInt64.t))= {[@expl:len 'self' type invariant] inv'2 self} any - [ return' (result:usize)-> {[%#sslice45] Seq.length (view'2 self) = UIntSize.to_int result} (! return' {result}) ] + [ return' (result:UInt64.t)-> {[%#sslice45] Seq.length (view'2 self) = UInt64.to_uint result} (! return' {result}) ] - let rec deref'0 (self:t_Vec'0) (return' (ret:slice int32))= {[@expl:deref 'self' type invariant] inv'0 self} - any [ return' (result:slice int32)-> {inv'2 result} {[%#svec46] view'2 result = view'1 self} (! return' {result}) ] + let rec deref'0 (self:t_Vec'0) (return' (ret:slice Int32.t))= {[@expl:deref 'self' type invariant] inv'0 self} + any + [ return' (result:slice Int32.t)-> {inv'2 result} {[%#svec46] view'2 result = view'1 self} (! return' {result}) ] + type t_Option'0 = | C_None'0 - | C_Some'0 (slice int32) + | C_Some'0 (slice Int32.t) predicate inv'3 (_1 : t_Option'0) axiom inv_axiom'3 [@rewrite] : forall x : t_Option'0 [inv'3 x] . inv'3 x = true - let rec get'0 (self:slice int32) (index:t_RangeToInclusive'0) (return' (ret:t_Option'0))= {[@expl:get 'self' type invariant] inv'2 self} + let rec get'0 (self:slice Int32.t) (index:t_RangeToInclusive'0) (return' (ret:t_Option'0))= {[@expl:get 'self' type invariant] inv'2 self} {[@expl:get 'index' type invariant] inv'1 index} any [ return' (result:t_Option'0)-> {inv'3 result} {[%#sslice47] in_bounds'0 index (view'2 self) - -> (exists r : slice int32 . result = C_Some'0 r /\ has_value'0 index (view'2 self) r)} + -> (exists r : slice Int32.t . result = C_Some'0 r /\ has_value'0 index (view'2 self) r)} {[%#sslice48] in_bounds'0 index (view'2 self) \/ result = C_None'0} (! return' {result}) ] @@ -2450,22 +2489,22 @@ module M_index_range__test_range_to_inclusive [#"index_range.rs" 179 0 179 32] axiom inv_axiom'5 [@rewrite] : forall x : borrowed (t_Vec'0) [inv'5 x] . inv'5 x = true - function view'3 (self : borrowed (t_Vec'0)) : Seq.seq int32 = + function view'3 (self : borrowed (t_Vec'0)) : Seq.seq Int32.t = [%#smodel61] view'0 self.current - predicate inv'6 (_1 : borrowed (slice int32)) + predicate inv'6 (_1 : borrowed (slice Int32.t)) - axiom inv_axiom'6 [@rewrite] : forall x : borrowed (slice int32) [inv'6 x] . inv'6 x = true + axiom inv_axiom'6 [@rewrite] : forall x : borrowed (slice Int32.t) [inv'6 x] . inv'6 x = true - predicate resolve_elswhere'0 (self : t_RangeToInclusive'0) (old' : Seq.seq int32) (fin : Seq.seq int32) = - [%#sslice62] forall i : int . UIntSize.to_int self.t_RangeToInclusive__end'0 < i /\ i < Seq.length old' + predicate resolve_elswhere'0 (self : t_RangeToInclusive'0) (old' : Seq.seq Int32.t) (fin : Seq.seq Int32.t) = + [%#sslice62] forall i : int . UInt64.to_uint self.t_RangeToInclusive__end'0 < i /\ i < Seq.length old' -> Seq.get old' i = Seq.get fin i - let rec index_mut'0 (self:borrowed (t_Vec'0)) (index:t_RangeToInclusive'0) (return' (ret:borrowed (slice int32)))= {[@expl:index_mut 'self' type invariant] inv'5 self} + let rec index_mut'0 (self:borrowed (t_Vec'0)) (index:t_RangeToInclusive'0) (return' (ret:borrowed (slice Int32.t)))= {[@expl:index_mut 'self' type invariant] inv'5 self} {[@expl:index_mut 'index' type invariant] inv'1 index} {[@expl:index_mut requires] [%#svec50] in_bounds'0 index (view'3 self)} any - [ return' (result:borrowed (slice int32))-> {inv'6 result} + [ return' (result:borrowed (slice Int32.t))-> {inv'6 result} {[%#svec51] has_value'0 index (view'3 self) result.current} {[%#svec52] has_value'0 index (view'0 self.final) result.final} {[%#svec53] resolve_elswhere'0 index (view'3 self) (view'0 self.final)} @@ -2473,36 +2512,38 @@ module M_index_range__test_range_to_inclusive [#"index_range.rs" 179 0 179 32] (! return' {result}) ] - predicate resolve'1 (self : borrowed (slice int32)) = + predicate resolve'1 (self : borrowed (slice Int32.t)) = [%#sresolve63] self.final = self.current - predicate resolve'0 (_1 : borrowed (slice int32)) = + predicate resolve'0 (_1 : borrowed (slice Int32.t)) = resolve'1 _1 - let rec len'1 (self:t_Vec'0) (return' (ret:usize))= {[@expl:len 'self' type invariant] inv'0 self} + let rec len'1 (self:t_Vec'0) (return' (ret:UInt64.t))= {[@expl:len 'self' type invariant] inv'0 self} any - [ return' (result:usize)-> {[%#svec55] UIntSize.to_int result = Seq.length (view'1 self)} (! return' {result}) ] + [ return' (result:UInt64.t)-> {[%#svec55] UInt64.to_uint result = Seq.length (view'1 self)} (! return' {result}) ] - predicate inv'7 (_1 : usize) + predicate inv'7 (_1 : UInt64.t) - axiom inv_axiom'7 [@rewrite] : forall x : usize [inv'7 x] . inv'7 x = true + axiom inv_axiom'7 [@rewrite] : forall x : UInt64.t [inv'7 x] . inv'7 x = true - predicate in_bounds'1 [@inline:trivial] (self : usize) (seq : Seq.seq int32) = - [%#sslice64] UIntSize.to_int self < Seq.length seq + predicate in_bounds'1 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq Int32.t) = + [%#sslice64] UInt64.to_uint self < Seq.length seq - predicate inv'8 (_1 : int32) + predicate inv'8 (_1 : Int32.t) - axiom inv_axiom'8 [@rewrite] : forall x : int32 [inv'8 x] . inv'8 x = true + axiom inv_axiom'8 [@rewrite] : forall x : Int32.t [inv'8 x] . inv'8 x = true - predicate has_value'1 [@inline:trivial] (self : usize) (seq : Seq.seq int32) (out : int32) = - [%#sslice65] Seq.get seq (UIntSize.to_int self) = out + predicate has_value'1 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq Int32.t) (out : Int32.t) = + [%#sslice65] Seq.get seq (UInt64.to_uint self) = out - let rec index'1 (self:t_Vec'0) (index:usize) (return' (ret:int32))= {[@expl:index 'self' type invariant] inv'0 self} + let rec index'1 (self:t_Vec'0) (index:UInt64.t) (return' (ret:Int32.t))= {[@expl:index 'self' type invariant] inv'0 self} {[@expl:index 'index' type invariant] inv'7 index} {[@expl:index requires] [%#svec43] in_bounds'1 index (view'1 self)} any - [ return' (result:int32)-> {inv'8 result} {[%#svec44] has_value'1 index (view'1 self) result} (! return' {result}) ] + [ return' (result:Int32.t)-> {inv'8 result} + {[%#svec44] has_value'1 index (view'1 self) result} + (! return' {result}) ] use prelude.prelude.Intrinsic @@ -2512,44 +2553,44 @@ module M_index_range__test_range_to_inclusive [#"index_range.rs" 179 0 179 32] let rec test_range_to_inclusive'0 (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = create_arr'0 {[%#sindex_range0] ()} (fun (_ret':t_Vec'0) -> [ &arr <- _ret' ] s1) | s1 = bb1 ] | bb1 = s0 - [ s0 = [ &_5 <- { t_RangeToInclusive__end'0 = ([%#sindex_range1] (1 : usize)) } ] s1 - | s1 = index'0 {arr} {_5} (fun (_ret':slice int32) -> [ &_3 <- _ret' ] s2) + [ s0 = [ &_5 <- { t_RangeToInclusive__end'0 = ([%#sindex_range1] (1 : UInt64.t)) } ] s1 + | s1 = index'0 {arr} {_5} (fun (_ret':slice Int32.t) -> [ &_3 <- _ret' ] s2) | s2 = bb2 ] - | bb2 = s0 [ s0 = [ &s <- _3 ] s1 | s1 = len'0 {s} (fun (_ret':usize) -> [ &_8 <- _ret' ] s2) | s2 = bb3 ] + | bb2 = s0 [ s0 = [ &s <- _3 ] s1 | s1 = len'0 {s} (fun (_ret':UInt64.t) -> [ &_8 <- _ret' ] s2) | s2 = bb3 ] | bb3 = s0 - [ s0 = UIntSize.eq {_8} {[%#sindex_range2] (2 : usize)} (fun (_ret':bool) -> [ &_7 <- _ret' ] s1) + [ s0 = UInt64.eq {_8} {[%#sindex_range2] (2 : UInt64.t)} (fun (_ret':bool) -> [ &_7 <- _ret' ] s1) | s1 = any [ br0 -> {_7 = false} (! bb11) | br1 -> {_7} (! bb4) ] ] | bb4 = s0 - [ s0 = [ &_12 <- [%#sindex_range3] (0 : usize) ] s1 + [ s0 = [ &_12 <- [%#sindex_range3] (0 : UInt64.t) ] s1 | s1 = [ &_13 <- Slice.length s ] s2 - | s2 = UIntSize.lt {_12} {_13} (fun (_ret':bool) -> [ &_14 <- _ret' ] s3) + | s2 = UInt64.lt {_12} {_13} (fun (_ret':bool) -> [ &_14 <- _ret' ] s3) | s3 = {[@expl:index in bounds] [%#sindex_range4] _14} s4 | s4 = bb5 ] | bb5 = s0 - [ s0 = Slice.get {s} {_12} - (fun (r'0:int32) -> - Int32.eq {r'0} {[%#sindex_range5] (0 : int32)} (fun (_ret':bool) -> [ &_10 <- _ret' ] s1)) + [ s0 = Slice64.get {s} {_12} + (fun (r'0:Int32.t) -> + Int32.eq {r'0} {[%#sindex_range5] (0 : Int32.t)} (fun (_ret':bool) -> [ &_10 <- _ret' ] s1)) | s1 = any [ br0 -> {_10 = false} (! bb10) | br1 -> {_10} (! bb6) ] ] | bb6 = s0 - [ s0 = [ &_17 <- [%#sindex_range6] (1 : usize) ] s1 + [ s0 = [ &_17 <- [%#sindex_range6] (1 : UInt64.t) ] s1 | s1 = [ &_18 <- Slice.length s ] s2 - | s2 = UIntSize.lt {_17} {_18} (fun (_ret':bool) -> [ &_19 <- _ret' ] s3) + | s2 = UInt64.lt {_17} {_18} (fun (_ret':bool) -> [ &_19 <- _ret' ] s3) | s3 = {[@expl:index in bounds] [%#sindex_range7] _19} s4 | s4 = bb7 ] | bb7 = s0 - [ s0 = Slice.get {s} {_17} - (fun (r'0:int32) -> - Int32.eq {r'0} {[%#sindex_range8] (1 : int32)} (fun (_ret':bool) -> [ &_15 <- _ret' ] s1)) + [ s0 = Slice64.get {s} {_17} + (fun (r'0:Int32.t) -> + Int32.eq {r'0} {[%#sindex_range8] (1 : Int32.t)} (fun (_ret':bool) -> [ &_15 <- _ret' ] s1)) | s1 = any [ br0 -> {_15 = false} (! bb9) | br1 -> {_15} (! bb8) ] ] - | bb8 = s0 [ s0 = deref'0 {arr} (fun (_ret':slice int32) -> [ &_26 <- _ret' ] s1) | s1 = bb13 ] + | bb8 = s0 [ s0 = deref'0 {arr} (fun (_ret':slice Int32.t) -> [ &_26 <- _ret' ] s1) | s1 = bb13 ] | bb13 = s0 - [ s0 = [ &_28 <- { t_RangeToInclusive__end'0 = ([%#sindex_range9] (5 : usize)) } ] s1 + [ s0 = [ &_28 <- { t_RangeToInclusive__end'0 = ([%#sindex_range9] (5 : UInt64.t)) } ] s1 | s1 = get'0 {_26} {_28} (fun (_ret':t_Option'0) -> [ &_24 <- _ret' ] s2) | s2 = bb14 ] @@ -2558,91 +2599,96 @@ module M_index_range__test_range_to_inclusive [#"index_range.rs" 179 0 179 32] | bb16 = s0 [ s0 = Borrow.borrow_mut {arr} (fun (_ret':borrowed (t_Vec'0)) -> [ &_32 <- _ret' ] [ &arr <- _ret'.final ] s1) - | s1 = [ &_33 <- { t_RangeToInclusive__end'0 = ([%#sindex_range10] (2 : usize)) } ] s2 - | s2 = index_mut'0 {_32} {_33} (fun (_ret':borrowed (slice int32)) -> [ &_31 <- _ret' ] s3) + | s1 = [ &_33 <- { t_RangeToInclusive__end'0 = ([%#sindex_range10] (2 : UInt64.t)) } ] s2 + | s2 = index_mut'0 {_32} {_33} (fun (_ret':borrowed (slice Int32.t)) -> [ &_31 <- _ret' ] s3) | s3 = bb18 ] | bb18 = s0 - [ s0 = Borrow.borrow_final {_31.current} {Borrow.get_id _31} - (fun (_ret':borrowed (slice int32)) -> [ &s1 <- _ret' ] [ &_31 <- { _31 with current = _ret'.final } ] s1) - | s1 = len'0 {s1.current} (fun (_ret':usize) -> [ &_36 <- _ret' ] s2) + [ s0 = Borrow.borrow_final {_31.current} {Borrow.get_id _31} + (fun (_ret':borrowed (slice Int32.t)) -> [ &s1 <- _ret' ] [ &_31 <- { _31 with current = _ret'.final } ] s1) + | s1 = len'0 {s1.current} (fun (_ret':UInt64.t) -> [ &_36 <- _ret' ] s2) | s2 = bb19 ] | bb19 = s0 - [ s0 = UIntSize.eq {_36} {[%#sindex_range11] (3 : usize)} (fun (_ret':bool) -> [ &_35 <- _ret' ] s1) + [ s0 = UInt64.eq {_36} {[%#sindex_range11] (3 : UInt64.t)} (fun (_ret':bool) -> [ &_35 <- _ret' ] s1) | s1 = any [ br0 -> {_35 = false} (! bb21) | br1 -> {_35} (! bb20) ] ] | bb20 = s0 - [ s0 = [ &_39 <- [%#sindex_range12] (0 : usize) ] s1 + [ s0 = [ &_39 <- [%#sindex_range12] (0 : UInt64.t) ] s1 | s1 = [ &_40 <- Slice.length s1.current ] s2 - | s2 = UIntSize.lt {_39} {_40} (fun (_ret':bool) -> [ &_41 <- _ret' ] s3) + | s2 = UInt64.lt {_39} {_40} (fun (_ret':bool) -> [ &_41 <- _ret' ] s3) | s3 = {[@expl:index in bounds] [%#sindex_range13] _41} s4 | s4 = bb22 ] | bb22 = s0 - [ s0 = Slice.set {s1.current} {_39} {[%#sindex_range14] (-1 : int32)} - (fun (r'0:slice int32) -> [ &s1 <- { s1 with current = r'0 } ] s1) - | s1 = [ &_42 <- [%#sindex_range15] (2 : usize) ] s2 + [ s0 = Slice64.set {s1.current} {_39} {[%#sindex_range14] (-1 : Int32.t)} + (fun (r'0:slice Int32.t) -> [ &s1 <- { s1 with current = r'0 } ] s1) + | s1 = [ &_42 <- [%#sindex_range15] (2 : UInt64.t) ] s2 | s2 = [ &_43 <- Slice.length s1.current ] s3 - | s3 = UIntSize.lt {_42} {_43} (fun (_ret':bool) -> [ &_44 <- _ret' ] s4) + | s3 = UInt64.lt {_42} {_43} (fun (_ret':bool) -> [ &_44 <- _ret' ] s4) | s4 = {[@expl:index in bounds] [%#sindex_range16] _44} s5 | s5 = bb23 ] | bb23 = s0 - [ s0 = Slice.set {s1.current} {_42} {[%#sindex_range17] (-1 : int32)} - (fun (r'0:slice int32) -> [ &s1 <- { s1 with current = r'0 } ] s1) - | s1 = [ &_48 <- [%#sindex_range18] (1 : usize) ] s2 + [ s0 = Slice64.set {s1.current} {_42} {[%#sindex_range17] (-1 : Int32.t)} + (fun (r'0:slice Int32.t) -> [ &s1 <- { s1 with current = r'0 } ] s1) + | s1 = [ &_48 <- [%#sindex_range18] (1 : UInt64.t) ] s2 | s2 = [ &_49 <- Slice.length s1.current ] s3 - | s3 = UIntSize.lt {_48} {_49} (fun (_ret':bool) -> [ &_50 <- _ret' ] s4) + | s3 = UInt64.lt {_48} {_49} (fun (_ret':bool) -> [ &_50 <- _ret' ] s4) | s4 = {[@expl:index in bounds] [%#sindex_range19] _50} s5 | s5 = bb24 ] | bb24 = s0 [ s0 = -{resolve'0 s1}- s1 | s1 = -{resolve'0 _31}- s2 - | s2 = Slice.get {s1.current} {_48} - (fun (r'0:int32) -> - Int32.eq {r'0} {[%#sindex_range20] (1 : int32)} (fun (_ret':bool) -> [ &_46 <- _ret' ] s3)) + | s2 = Slice64.get {s1.current} {_48} + (fun (r'0:Int32.t) -> + Int32.eq {r'0} {[%#sindex_range20] (1 : Int32.t)} (fun (_ret':bool) -> [ &_46 <- _ret' ] s3)) | s3 = any [ br0 -> {_46 = false} (! bb26) | br1 -> {_46} (! bb25) ] ] - | bb25 = s0 [ s0 = len'1 {arr} (fun (_ret':usize) -> [ &_54 <- _ret' ] s1) | s1 = bb27 ] + | bb25 = s0 [ s0 = len'1 {arr} (fun (_ret':UInt64.t) -> [ &_54 <- _ret' ] s1) | s1 = bb27 ] | bb27 = s0 - [ s0 = UIntSize.eq {_54} {[%#sindex_range21] (5 : usize)} (fun (_ret':bool) -> [ &_53 <- _ret' ] s1) + [ s0 = UInt64.eq {_54} {[%#sindex_range21] (5 : UInt64.t)} (fun (_ret':bool) -> [ &_53 <- _ret' ] s1) | s1 = any [ br0 -> {_53 = false} (! bb29) | br1 -> {_53} (! bb28) ] ] | bb28 = s0 - [ s0 = index'1 {arr} {[%#sindex_range22] (0 : usize)} (fun (_ret':int32) -> [ &_60 <- _ret' ] s1) | s1 = bb30 ] + [ s0 = index'1 {arr} {[%#sindex_range22] (0 : UInt64.t)} (fun (_ret':Int32.t) -> [ &_60 <- _ret' ] s1) + | s1 = bb30 ] | bb30 = s0 - [ s0 = Int32.eq {_60} {[%#sindex_range23] (-1 : int32)} (fun (_ret':bool) -> [ &_58 <- _ret' ] s1) + [ s0 = Int32.eq {_60} {[%#sindex_range23] (-1 : Int32.t)} (fun (_ret':bool) -> [ &_58 <- _ret' ] s1) | s1 = any [ br0 -> {_58 = false} (! bb32) | br1 -> {_58} (! bb31) ] ] | bb31 = s0 - [ s0 = index'1 {arr} {[%#sindex_range24] (1 : usize)} (fun (_ret':int32) -> [ &_66 <- _ret' ] s1) | s1 = bb33 ] + [ s0 = index'1 {arr} {[%#sindex_range24] (1 : UInt64.t)} (fun (_ret':Int32.t) -> [ &_66 <- _ret' ] s1) + | s1 = bb33 ] | bb33 = s0 - [ s0 = Int32.eq {_66} {[%#sindex_range25] (1 : int32)} (fun (_ret':bool) -> [ &_64 <- _ret' ] s1) + [ s0 = Int32.eq {_66} {[%#sindex_range25] (1 : Int32.t)} (fun (_ret':bool) -> [ &_64 <- _ret' ] s1) | s1 = any [ br0 -> {_64 = false} (! bb35) | br1 -> {_64} (! bb34) ] ] | bb34 = s0 - [ s0 = index'1 {arr} {[%#sindex_range26] (2 : usize)} (fun (_ret':int32) -> [ &_72 <- _ret' ] s1) | s1 = bb36 ] + [ s0 = index'1 {arr} {[%#sindex_range26] (2 : UInt64.t)} (fun (_ret':Int32.t) -> [ &_72 <- _ret' ] s1) + | s1 = bb36 ] | bb36 = s0 - [ s0 = Int32.eq {_72} {[%#sindex_range27] (-1 : int32)} (fun (_ret':bool) -> [ &_70 <- _ret' ] s1) + [ s0 = Int32.eq {_72} {[%#sindex_range27] (-1 : Int32.t)} (fun (_ret':bool) -> [ &_70 <- _ret' ] s1) | s1 = any [ br0 -> {_70 = false} (! bb38) | br1 -> {_70} (! bb37) ] ] | bb37 = s0 - [ s0 = index'1 {arr} {[%#sindex_range28] (3 : usize)} (fun (_ret':int32) -> [ &_78 <- _ret' ] s1) | s1 = bb39 ] + [ s0 = index'1 {arr} {[%#sindex_range28] (3 : UInt64.t)} (fun (_ret':Int32.t) -> [ &_78 <- _ret' ] s1) + | s1 = bb39 ] | bb39 = s0 - [ s0 = Int32.eq {_78} {[%#sindex_range29] (3 : int32)} (fun (_ret':bool) -> [ &_76 <- _ret' ] s1) + [ s0 = Int32.eq {_78} {[%#sindex_range29] (3 : Int32.t)} (fun (_ret':bool) -> [ &_76 <- _ret' ] s1) | s1 = any [ br0 -> {_76 = false} (! bb41) | br1 -> {_76} (! bb40) ] ] | bb40 = s0 - [ s0 = index'1 {arr} {[%#sindex_range30] (4 : usize)} (fun (_ret':int32) -> [ &_84 <- _ret' ] s1) | s1 = bb42 ] + [ s0 = index'1 {arr} {[%#sindex_range30] (4 : UInt64.t)} (fun (_ret':Int32.t) -> [ &_84 <- _ret' ] s1) + | s1 = bb42 ] | bb42 = s0 - [ s0 = Int32.eq {_84} {[%#sindex_range31] (4 : int32)} (fun (_ret':bool) -> [ &_82 <- _ret' ] s1) + [ s0 = Int32.eq {_84} {[%#sindex_range31] (4 : Int32.t)} (fun (_ret':bool) -> [ &_82 <- _ret' ] s1) | s1 = any [ br0 -> {_82 = false} (! bb44) | br1 -> {_82} (! bb43) ] ] | bb43 = bb45 @@ -2663,50 +2709,50 @@ module M_index_range__test_range_to_inclusive [#"index_range.rs" 179 0 179 32] ) [ & _0 : () = any_l () | & arr : t_Vec'0 = any_l () - | & s : slice int32 = any_l () - | & _3 : slice int32 = any_l () + | & s : slice Int32.t = any_l () + | & _3 : slice Int32.t = any_l () | & _5 : t_RangeToInclusive'0 = any_l () | & _7 : bool = any_l () - | & _8 : usize = any_l () + | & _8 : UInt64.t = any_l () | & _10 : bool = any_l () - | & _12 : usize = any_l () - | & _13 : usize = any_l () + | & _12 : UInt64.t = any_l () + | & _13 : UInt64.t = any_l () | & _14 : bool = any_l () | & _15 : bool = any_l () - | & _17 : usize = any_l () - | & _18 : usize = any_l () + | & _17 : UInt64.t = any_l () + | & _18 : UInt64.t = any_l () | & _19 : bool = any_l () | & _22 : bool = any_l () | & _24 : t_Option'0 = any_l () - | & _26 : slice int32 = any_l () + | & _26 : slice Int32.t = any_l () | & _28 : t_RangeToInclusive'0 = any_l () - | & s1 : borrowed (slice int32) = any_l () - | & _31 : borrowed (slice int32) = any_l () + | & s1 : borrowed (slice Int32.t) = any_l () + | & _31 : borrowed (slice Int32.t) = any_l () | & _32 : borrowed (t_Vec'0) = any_l () | & _33 : t_RangeToInclusive'0 = any_l () | & _35 : bool = any_l () - | & _36 : usize = any_l () - | & _39 : usize = any_l () - | & _40 : usize = any_l () + | & _36 : UInt64.t = any_l () + | & _39 : UInt64.t = any_l () + | & _40 : UInt64.t = any_l () | & _41 : bool = any_l () - | & _42 : usize = any_l () - | & _43 : usize = any_l () + | & _42 : UInt64.t = any_l () + | & _43 : UInt64.t = any_l () | & _44 : bool = any_l () | & _46 : bool = any_l () - | & _48 : usize = any_l () - | & _49 : usize = any_l () + | & _48 : UInt64.t = any_l () + | & _49 : UInt64.t = any_l () | & _50 : bool = any_l () | & _53 : bool = any_l () - | & _54 : usize = any_l () + | & _54 : UInt64.t = any_l () | & _58 : bool = any_l () - | & _60 : int32 = any_l () + | & _60 : Int32.t = any_l () | & _64 : bool = any_l () - | & _66 : int32 = any_l () + | & _66 : Int32.t = any_l () | & _70 : bool = any_l () - | & _72 : int32 = any_l () + | & _72 : Int32.t = any_l () | & _76 : bool = any_l () - | & _78 : int32 = any_l () + | & _78 : Int32.t = any_l () | & _82 : bool = any_l () - | & _84 : int32 = any_l () ] + | & _84 : Int32.t = any_l () ] [ return' (result:())-> (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/inferred_invariants.coma b/creusot/tests/should_succeed/inferred_invariants.coma index 09fca4a1e0..2279c8e187 100644 --- a/creusot/tests/should_succeed/inferred_invariants.coma +++ b/creusot/tests/should_succeed/inferred_invariants.coma @@ -278,18 +278,18 @@ module M_inferred_invariants__y [#"inferred_invariants.rs" 41 0 41 26] let%span svec14 = "../../../creusot-contracts/src/std/vec.rs" 156 26 156 55 let%span smodel15 = "../../../creusot-contracts/src/model.rs" 88 8 88 22 let%span svec16 = "../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - let%span sslice17 = "../../../creusot-contracts/src/std/slice.rs" 122 20 122 37 - let%span sslice18 = "../../../creusot-contracts/src/std/slice.rs" 129 20 129 37 - let%span sslice19 = "../../../creusot-contracts/src/std/slice.rs" 136 20 136 94 + let%span sslice17 = "../../../creusot-contracts/src/std/slice.rs" 140 20 140 37 + let%span sslice18 = "../../../creusot-contracts/src/std/slice.rs" 147 20 147 37 + let%span sslice19 = "../../../creusot-contracts/src/std/slice.rs" 154 20 154 94 let%span sresolve20 = "../../../creusot-contracts/src/resolve.rs" 54 20 54 34 use prelude.prelude.Snapshot - use prelude.prelude.UIntSize + use prelude.prelude.Int - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 - use prelude.prelude.Int + use prelude.prelude.UInt64 use prelude.prelude.Borrow @@ -302,13 +302,13 @@ module M_inferred_invariants__y [#"inferred_invariants.rs" 41 0 41 26] { t_Unique__pointer'0: t_NonNull'0; t_Unique__qy95zmarker'0: () } type t_Cap'0 = - { t_Cap__0'0: usize } + { t_Cap__0'0: UInt64.t } type t_RawVec'0 = { t_RawVec__ptr'0: t_Unique'0; t_RawVec__cap'0: t_Cap'0; t_RawVec__alloc'0: () } type t_Vec'0 = - { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: usize } + { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: UInt64.t } use prelude.prelude.Snapshot @@ -320,60 +320,62 @@ module M_inferred_invariants__y [#"inferred_invariants.rs" 41 0 41 26] use seq.Seq - constant v_MAX'0 : usize = (18446744073709551615 : usize) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - function view'3 (self : t_Vec'0) : Seq.seq int32 + function view'3 (self : t_Vec'0) : Seq.seq Int32.t - axiom view'3_spec : forall self : t_Vec'0 . [%#svec16] Seq.length (view'3 self) <= UIntSize.to_int (v_MAX'0 : usize) + axiom view'3_spec : forall self : t_Vec'0 . [%#svec16] Seq.length (view'3 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) - function view'1 (self : borrowed (t_Vec'0)) : Seq.seq int32 = + function view'1 (self : borrowed (t_Vec'0)) : Seq.seq Int32.t = [%#smodel8] view'3 self.current - function view'2 (self : borrowed (t_Vec'0)) : Seq.seq int32 = + function view'2 (self : borrowed (t_Vec'0)) : Seq.seq Int32.t = [%#smodel15] view'1 self - function view'0 (self : Snapshot.snap_ty (borrowed (t_Vec'0))) : Seq.seq int32 = + function view'0 (self : Snapshot.snap_ty (borrowed (t_Vec'0))) : Seq.seq Int32.t = [%#ssnapshot7] view'2 (Snapshot.inner self) predicate inv'0 (_1 : t_Vec'0) axiom inv_axiom'0 [@rewrite] : forall x : t_Vec'0 [inv'0 x] . inv'0 x = true - function view'4 (self : t_Vec'0) : Seq.seq int32 = + function view'4 (self : t_Vec'0) : Seq.seq Int32.t = [%#smodel15] view'3 self - let rec len'0 (self:t_Vec'0) (return' (ret:usize))= {[@expl:len 'self' type invariant] inv'0 self} - any [ return' (result:usize)-> {[%#svec9] UIntSize.to_int result = Seq.length (view'4 self)} (! return' {result}) ] + let rec len'0 (self:t_Vec'0) (return' (ret:UInt64.t))= {[@expl:len 'self' type invariant] inv'0 self} + any + [ return' (result:UInt64.t)-> {[%#svec9] UInt64.to_uint result = Seq.length (view'4 self)} (! return' {result}) ] + predicate inv'1 (_1 : borrowed (t_Vec'0)) axiom inv_axiom'1 [@rewrite] : forall x : borrowed (t_Vec'0) [inv'1 x] . inv'1 x = true - predicate inv'2 (_1 : usize) + predicate inv'2 (_1 : UInt64.t) - axiom inv_axiom'2 [@rewrite] : forall x : usize [inv'2 x] . inv'2 x = true + axiom inv_axiom'2 [@rewrite] : forall x : UInt64.t [inv'2 x] . inv'2 x = true - predicate in_bounds'0 [@inline:trivial] (self : usize) (seq : Seq.seq int32) = - [%#sslice17] UIntSize.to_int self < Seq.length seq + predicate in_bounds'0 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq Int32.t) = + [%#sslice17] UInt64.to_uint self < Seq.length seq - predicate inv'3 (_1 : borrowed int32) + predicate inv'3 (_1 : borrowed Int32.t) - axiom inv_axiom'3 [@rewrite] : forall x : borrowed int32 [inv'3 x] . inv'3 x = true + axiom inv_axiom'3 [@rewrite] : forall x : borrowed Int32.t [inv'3 x] . inv'3 x = true use seq.Seq - predicate has_value'0 [@inline:trivial] (self : usize) (seq : Seq.seq int32) (out : int32) = - [%#sslice18] Seq.get seq (UIntSize.to_int self) = out + predicate has_value'0 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq Int32.t) (out : Int32.t) = + [%#sslice18] Seq.get seq (UInt64.to_uint self) = out - predicate resolve_elswhere'0 [@inline:trivial] (self : usize) (old' : Seq.seq int32) (fin : Seq.seq int32) = - [%#sslice19] forall i : int . 0 <= i /\ i <> UIntSize.to_int self /\ i < Seq.length old' + predicate resolve_elswhere'0 [@inline:trivial] (self : UInt64.t) (old' : Seq.seq Int32.t) (fin : Seq.seq Int32.t) = + [%#sslice19] forall i : int . 0 <= i /\ i <> UInt64.to_uint self /\ i < Seq.length old' -> Seq.get old' i = Seq.get fin i - let rec index_mut'0 (self:borrowed (t_Vec'0)) (index:usize) (return' (ret:borrowed int32))= {[@expl:index_mut 'self' type invariant] inv'1 self} + let rec index_mut'0 (self:borrowed (t_Vec'0)) (index:UInt64.t) (return' (ret:borrowed Int32.t))= {[@expl:index_mut 'self' type invariant] inv'1 self} {[@expl:index_mut 'index' type invariant] inv'2 index} {[@expl:index_mut requires] [%#svec10] in_bounds'0 index (view'1 self)} any - [ return' (result:borrowed int32)-> {inv'3 result} + [ return' (result:borrowed Int32.t)-> {inv'3 result} {[%#svec11] has_value'0 index (view'1 self) result.current} {[%#svec12] has_value'0 index (view'3 self.final) result.final} {[%#svec13] resolve_elswhere'0 index (view'1 self) (view'3 self.final)} @@ -381,10 +383,10 @@ module M_inferred_invariants__y [#"inferred_invariants.rs" 41 0 41 26] (! return' {result}) ] - predicate resolve'2 (self : borrowed int32) = + predicate resolve'2 (self : borrowed Int32.t) = [%#sresolve20] self.final = self.current - predicate resolve'0 (_1 : borrowed int32) = + predicate resolve'0 (_1 : borrowed Int32.t) = resolve'2 _1 predicate resolve'3 (self : borrowed (t_Vec'0)) = @@ -400,33 +402,35 @@ module M_inferred_invariants__y [#"inferred_invariants.rs" 41 0 41 26] let rec y'0 (v:borrowed (t_Vec'0)) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &old_v <- [%#sinferred_invariants0] Snapshot.new v ] s1 | s1 = bb1 ] | bb1 = s0 - [ s0 = [ &i <- [%#sinferred_invariants1] (0 : usize) ] s1 | s1 = [ &old_2_0 <- Snapshot.new v ] s2 | s2 = bb2 ] + [ s0 = [ &i <- [%#sinferred_invariants1] (0 : UInt64.t) ] s1 + | s1 = [ &old_2_0 <- Snapshot.new v ] s2 + | s2 = bb2 ] | bb2 = bb2 [ bb2 = {[@expl:mut invariant] (Snapshot.inner old_2_0).final = v.final} {[@expl:loop invariant #0] [%#sinferred_invariants3] Seq.length (view'0 old_v) = Seq.length (view'1 v)} - {[@expl:loop invariant #1] [%#sinferred_invariants2] UIntSize.to_int i <= 10} + {[@expl:loop invariant #1] [%#sinferred_invariants2] UInt64.to_uint i <= 10} (! s0) [ s0 = bb3 ] - [ bb3 = s0 [ s0 = len'0 {v.current} (fun (_ret':usize) -> [ &_11 <- _ret' ] s1) | s1 = bb4 ] + [ bb3 = s0 [ s0 = len'0 {v.current} (fun (_ret':UInt64.t) -> [ &_11 <- _ret' ] s1) | s1 = bb4 ] | bb4 = s0 - [ s0 = UIntSize.lt {i} {_11} (fun (_ret':bool) -> [ &_9 <- _ret' ] s1) + [ s0 = UInt64.lt {i} {_11} (fun (_ret':bool) -> [ &_9 <- _ret' ] s1) | s1 = any [ br0 -> {_9 = false} (! bb7) | br1 -> {_9} (! bb5) ] ] | bb5 = s0 [ s0 = Borrow.borrow_mut {v.current} (fun (_ret':borrowed (t_Vec'0)) -> [ &_14 <- _ret' ] [ &v <- { v with current = _ret'.final } ] s1) - | s1 = index_mut'0 {_14} {i} (fun (_ret':borrowed int32) -> [ &_13 <- _ret' ] s2) + | s1 = index_mut'0 {_14} {i} (fun (_ret':borrowed Int32.t) -> [ &_13 <- _ret' ] s2) | s2 = bb6 ] | bb6 = s0 - [ s0 = [ &_13 <- { _13 with current = ([%#sinferred_invariants4] (0 : int32)) } ] s1 + [ s0 = [ &_13 <- { _13 with current = ([%#sinferred_invariants4] (0 : Int32.t)) } ] s1 | s1 = -{resolve'0 _13}- s2 | s2 = bb8 ] | bb7 = bb8 | bb8 = s0 - [ s0 = UIntSize.add {i} {[%#sinferred_invariants5] (1 : usize)} (fun (_ret':usize) -> [ &i <- _ret' ] s1) - | s1 = UIntSize.gt {i} {[%#sinferred_invariants6] (10 : usize)} (fun (_ret':bool) -> [ &_16 <- _ret' ] s2) + [ s0 = UInt64.add {i} {[%#sinferred_invariants5] (1 : UInt64.t)} (fun (_ret':UInt64.t) -> [ &i <- _ret' ] s1) + | s1 = UInt64.gt {i} {[%#sinferred_invariants6] (10 : UInt64.t)} (fun (_ret':bool) -> [ &_16 <- _ret' ] s2) | s2 = any [ br0 -> {_16 = false} (! bb10) | br1 -> {_16} (! bb9) ] ] | bb10 = bb2 ] @@ -437,10 +441,10 @@ module M_inferred_invariants__y [#"inferred_invariants.rs" 41 0 41 26] [ & _0 : () = any_l () | & v : borrowed (t_Vec'0) = v | & old_v : Snapshot.snap_ty (borrowed (t_Vec'0)) = any_l () - | & i : usize = any_l () + | & i : UInt64.t = any_l () | & _9 : bool = any_l () - | & _11 : usize = any_l () - | & _13 : borrowed int32 = any_l () + | & _11 : UInt64.t = any_l () + | & _13 : borrowed Int32.t = any_l () | & _14 : borrowed (t_Vec'0) = any_l () | & _16 : bool = any_l () | & old_2_0 : Snapshot.snap_ty (borrowed (t_Vec'0)) = any_l () ] @@ -460,6 +464,8 @@ module M_inferred_invariants__nested_loops [#"inferred_invariants.rs" 60 0 60 32 let%span sinferred_invariants10 = "inferred_invariants.rs" 59 10 59 20 let%span sresolve11 = "../../../creusot-contracts/src/resolve.rs" 54 20 54 34 + use prelude.prelude.Int + use prelude.prelude.Int32 use prelude.prelude.Snapshot @@ -468,10 +474,10 @@ module M_inferred_invariants__nested_loops [#"inferred_invariants.rs" 60 0 60 32 use prelude.prelude.Snapshot - predicate resolve'1 (self : borrowed int32) = + predicate resolve'1 (self : borrowed Int32.t) = [%#sresolve11] self.final = self.current - predicate resolve'0 (_1 : borrowed int32) = + predicate resolve'0 (_1 : borrowed Int32.t) = resolve'1 _1 use prelude.prelude.Intrinsic @@ -480,37 +486,40 @@ module M_inferred_invariants__nested_loops [#"inferred_invariants.rs" 60 0 60 32 meta "compute_max_steps" 1000000 - let rec nested_loops'0 (x:borrowed int32) (return' (ret:()))= {[@expl:nested_loops requires] [%#sinferred_invariants9] x.current - = (0 : int32)} + let rec nested_loops'0 (x:borrowed Int32.t) (return' (ret:()))= {[@expl:nested_loops requires] [%#sinferred_invariants9] x.current + = (0 : Int32.t)} (! bb0 [ bb0 = s0 - [ s0 = [ &i <- [%#sinferred_invariants0] (0 : int32) ] s1 | s1 = [ &old_1_0 <- Snapshot.new x ] s2 | s2 = bb1 ] + [ s0 = [ &i <- [%#sinferred_invariants0] (0 : Int32.t) ] s1 + | s1 = [ &old_1_0 <- Snapshot.new x ] s2 + | s2 = bb1 ] | bb1 = bb1 [ bb1 = {[@expl:mut invariant] (Snapshot.inner old_1_0).final = x.final} - {[@expl:loop invariant] [%#sinferred_invariants1] x.current = (0 : int32)} + {[@expl:loop invariant] [%#sinferred_invariants1] x.current = (0 : Int32.t)} (! s0) [ s0 = bb2 ] [ bb2 = s0 - [ s0 = Int32.gt {i} {[%#sinferred_invariants2] (10 : int32)} (fun (_ret':bool) -> [ &_8 <- _ret' ] s1) + [ s0 = Int32.gt {i} {[%#sinferred_invariants2] (10 : Int32.t)} (fun (_ret':bool) -> [ &_8 <- _ret' ] s1) | s1 = any [ br0 -> {_8 = false} (! bb4) | br1 -> {_8} (! bb3) ] ] | bb4 = s0 - [ s0 = Int32.add {i} {[%#sinferred_invariants3] (1 : int32)} (fun (_ret':int32) -> [ &i <- _ret' ] s1) - | s1 = [ &j <- [%#sinferred_invariants4] (0 : int32) ] s2 + [ s0 = Int32.add {i} {[%#sinferred_invariants3] (1 : Int32.t)} (fun (_ret':Int32.t) -> [ &i <- _ret' ] s1) + | s1 = [ &j <- [%#sinferred_invariants4] (0 : Int32.t) ] s2 | s2 = [ &old_5_0 <- Snapshot.new x ] s3 | s3 = bb5 ] | bb5 = bb5 [ bb5 = {[@expl:mut invariant] (Snapshot.inner old_5_0).final = x.final} - {[@expl:loop invariant] [%#sinferred_invariants5] x.current = (0 : int32)} + {[@expl:loop invariant] [%#sinferred_invariants5] x.current = (0 : Int32.t)} (! s0) [ s0 = bb6 ] [ bb6 = s0 - [ s0 = Int32.gt {j} {[%#sinferred_invariants6] (10 : int32)} (fun (_ret':bool) -> [ &_14 <- _ret' ] s1) + [ s0 = Int32.gt {j} {[%#sinferred_invariants6] (10 : Int32.t)} (fun (_ret':bool) -> [ &_14 <- _ret' ] s1) | s1 = any [ br0 -> {_14 = false} (! bb8) | br1 -> {_14} (! bb7) ] ] | bb8 = s0 - [ s0 = Int32.add {j} {[%#sinferred_invariants7] (1 : int32)} (fun (_ret':int32) -> [ &j <- _ret' ] s1) - | s1 = [ &x <- { x with current = ([%#sinferred_invariants8] (0 : int32)) } ] s2 + [ s0 = Int32.add {j} {[%#sinferred_invariants7] (1 : Int32.t)} + (fun (_ret':Int32.t) -> [ &j <- _ret' ] s1) + | s1 = [ &x <- { x with current = ([%#sinferred_invariants8] (0 : Int32.t)) } ] s2 | s2 = bb5 ] ] ] @@ -521,15 +530,15 @@ module M_inferred_invariants__nested_loops [#"inferred_invariants.rs" 60 0 60 32 | bb3 = s0 [ s0 = -{resolve'0 x}- s1 | s1 = return' {_0} ] ] ) [ & _0 : () = any_l () - | & x : borrowed int32 = x - | & i : int32 = any_l () + | & x : borrowed Int32.t = x + | & i : Int32.t = any_l () | & _8 : bool = any_l () - | & j : int32 = any_l () + | & j : Int32.t = any_l () | & _14 : bool = any_l () - | & old_5_0 : Snapshot.snap_ty (borrowed int32) = any_l () - | & old_1_0 : Snapshot.snap_ty (borrowed int32) = any_l () ] + | & old_5_0 : Snapshot.snap_ty (borrowed Int32.t) = any_l () + | & old_1_0 : Snapshot.snap_ty (borrowed Int32.t) = any_l () ] - [ return' (result:())-> {[@expl:nested_loops ensures] [%#sinferred_invariants10] x.final = (0 : int32)} + [ return' (result:())-> {[@expl:nested_loops ensures] [%#sinferred_invariants10] x.final = (0 : Int32.t)} (! return' {result}) ] end @@ -547,6 +556,8 @@ module M_inferred_invariants__nested_borrows [#"inferred_invariants.rs" 86 0 86 let%span smem10 = "../../../creusot-contracts/src/std/mem.rs" 9 22 9 37 let%span sresolve11 = "../../../creusot-contracts/src/resolve.rs" 54 20 54 34 + use prelude.prelude.Int + use prelude.prelude.Int32 use prelude.prelude.Snapshot @@ -559,33 +570,33 @@ module M_inferred_invariants__nested_borrows [#"inferred_invariants.rs" 86 0 86 use prelude.prelude.Snapshot - predicate inv'0 (_1 : borrowed (borrowed int32)) + predicate inv'0 (_1 : borrowed (borrowed Int32.t)) - axiom inv_axiom'0 [@rewrite] : forall x : borrowed (borrowed int32) [inv'0 x] . inv'0 x = true + axiom inv_axiom'0 [@rewrite] : forall x : borrowed (borrowed Int32.t) [inv'0 x] . inv'0 x = true - predicate inv'1 (_1 : borrowed int32) + predicate inv'1 (_1 : borrowed Int32.t) - axiom inv_axiom'1 [@rewrite] : forall x : borrowed int32 [inv'1 x] . inv'1 x = true + axiom inv_axiom'1 [@rewrite] : forall x : borrowed Int32.t [inv'1 x] . inv'1 x = true - let rec replace'0 (dest:borrowed (borrowed int32)) (src:borrowed int32) (return' (ret:borrowed int32))= {[@expl:replace 'dest' type invariant] inv'0 dest} + let rec replace'0 (dest:borrowed (borrowed Int32.t)) (src:borrowed Int32.t) (return' (ret:borrowed Int32.t))= {[@expl:replace 'dest' type invariant] inv'0 dest} {[@expl:replace 'src' type invariant] inv'1 src} any - [ return' (result:borrowed int32)-> {inv'1 result} + [ return' (result:borrowed Int32.t)-> {inv'1 result} {[%#smem9] dest.final = src} {[%#smem10] result = dest.current} (! return' {result}) ] - predicate resolve'2 (self : borrowed (borrowed int32)) = + predicate resolve'2 (self : borrowed (borrowed Int32.t)) = [%#sresolve11] self.final = self.current - predicate resolve'0 (_1 : borrowed (borrowed int32)) = + predicate resolve'0 (_1 : borrowed (borrowed Int32.t)) = resolve'2 _1 - predicate resolve'3 (self : borrowed int32) = + predicate resolve'3 (self : borrowed Int32.t) = [%#sresolve11] self.final = self.current - predicate resolve'1 (_1 : borrowed int32) = + predicate resolve'1 (_1 : borrowed Int32.t) = resolve'3 _1 use prelude.prelude.Intrinsic @@ -596,11 +607,11 @@ module M_inferred_invariants__nested_borrows [#"inferred_invariants.rs" 86 0 86 meta "compute_max_steps" 1000000 - let rec nested_borrows'0 (x:borrowed (borrowed int32)) (y:borrowed int32) (return' (ret:()))= {[@expl:nested_borrows requires] [%#sinferred_invariants6] (x.current).current - = (0 : int32)} + let rec nested_borrows'0 (x:borrowed (borrowed Int32.t)) (y:borrowed Int32.t) (return' (ret:()))= {[@expl:nested_borrows requires] [%#sinferred_invariants6] (x.current).current + = (0 : Int32.t)} (! bb0 [ bb0 = s0 - [ s0 = [ &i <- [%#sinferred_invariants0] (0 : int32) ] s1 + [ s0 = [ &i <- [%#sinferred_invariants0] (0 : Int32.t) ] s1 | s1 = [ &old_1_0 <- Snapshot.new x ] s2 | s2 = [ &old_1_1 <- Snapshot.new x.current ] s3 | s3 = bb1 ] @@ -608,49 +619,50 @@ module M_inferred_invariants__nested_borrows [#"inferred_invariants.rs" 86 0 86 | bb1 = bb1 [ bb1 = {[@expl:mut invariant] (Snapshot.inner old_1_1).final = (x.current).final} {[@expl:mut invariant] (Snapshot.inner old_1_0).final = x.final} - {[@expl:loop invariant] [%#sinferred_invariants1] (x.current).current = (0 : int32)} + {[@expl:loop invariant] [%#sinferred_invariants1] (x.current).current = (0 : Int32.t)} (! s0) [ s0 = bb2 ] [ bb2 = s0 - [ s0 = Int32.gt {i} {[%#sinferred_invariants2] (10 : int32)} (fun (_ret':bool) -> [ &_11 <- _ret' ] s1) + [ s0 = Int32.gt {i} {[%#sinferred_invariants2] (10 : Int32.t)} (fun (_ret':bool) -> [ &_11 <- _ret' ] s1) | s1 = any [ br0 -> {_11 = false} (! bb4) | br1 -> {_11} (! bb3) ] ] | bb4 = s0 - [ s0 = Int32.add {i} {[%#sinferred_invariants3] (1 : int32)} (fun (_ret':int32) -> [ &i <- _ret' ] s1) - | s1 = [ &x <- { x with current = { x.current with current = ([%#sinferred_invariants4] (0 : int32)) } } ] s2 + [ s0 = Int32.add {i} {[%#sinferred_invariants3] (1 : Int32.t)} (fun (_ret':Int32.t) -> [ &i <- _ret' ] s1) + | s1 = [ &x <- { x with current = { x.current with current = ([%#sinferred_invariants4] (0 : Int32.t)) } } ] + s2 | s2 = bb1 ] ] ] | bb3 = s0 - [ s0 = Borrow.borrow_final {x.current} {Borrow.get_id x} - (fun (_ret':borrowed (borrowed int32)) -> [ &_15 <- _ret' ] [ &x <- { x with current = _ret'.final } ] s1) - | s1 = Borrow.borrow_final {y.current} {Borrow.get_id y} - (fun (_ret':borrowed int32) -> [ &_16 <- _ret' ] [ &y <- { y with current = _ret'.final } ] s2) - | s2 = replace'0 {_15} {_16} (fun (_ret':borrowed int32) -> [ &b <- _ret' ] s3) + [ s0 = Borrow.borrow_final {x.current} {Borrow.get_id x} + (fun (_ret':borrowed (borrowed Int32.t)) -> [ &_15 <- _ret' ] [ &x <- { x with current = _ret'.final } ] s1) + | s1 = Borrow.borrow_final {y.current} {Borrow.get_id y} + (fun (_ret':borrowed Int32.t) -> [ &_16 <- _ret' ] [ &y <- { y with current = _ret'.final } ] s2) + | s2 = replace'0 {_15} {_16} (fun (_ret':borrowed Int32.t) -> [ &b <- _ret' ] s3) | s3 = bb5 ] | bb5 = s0 [ s0 = -{resolve'0 x}- s1 - | s1 = Int32.add {b.current} {[%#sinferred_invariants5] (1 : int32)} - (fun (_ret':int32) -> [ &b <- { b with current = _ret' } ] s2) + | s1 = Int32.add {b.current} {[%#sinferred_invariants5] (1 : Int32.t)} + (fun (_ret':Int32.t) -> [ &b <- { b with current = _ret' } ] s2) | s2 = -{resolve'1 b}- s3 | s3 = -{resolve'1 y}- s4 | s4 = return' {_0} ] ] ) [ & _0 : () = any_l () - | & x : borrowed (borrowed int32) = x - | & y : borrowed int32 = y - | & i : int32 = any_l () + | & x : borrowed (borrowed Int32.t) = x + | & y : borrowed Int32.t = y + | & i : Int32.t = any_l () | & _11 : bool = any_l () - | & b : borrowed int32 = any_l () - | & _15 : borrowed (borrowed int32) = any_l () - | & _16 : borrowed int32 = any_l () - | & old_1_0 : Snapshot.snap_ty (borrowed (borrowed int32)) = any_l () - | & old_1_1 : Snapshot.snap_ty (borrowed int32) = any_l () ] + | & b : borrowed Int32.t = any_l () + | & _15 : borrowed (borrowed Int32.t) = any_l () + | & _16 : borrowed Int32.t = any_l () + | & old_1_0 : Snapshot.snap_ty (borrowed (borrowed Int32.t)) = any_l () + | & old_1_1 : Snapshot.snap_ty (borrowed Int32.t) = any_l () ] [ return' (result:())-> {[@expl:nested_borrows ensures #0] [%#sinferred_invariants7] x.final = y} - {[@expl:nested_borrows ensures #1] [%#sinferred_invariants8] (x.current).final = (1 : int32)} + {[@expl:nested_borrows ensures #1] [%#sinferred_invariants8] (x.current).final = (1 : Int32.t)} (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/inferred_invariants/why3session.xml b/creusot/tests/should_succeed/inferred_invariants/why3session.xml index 276e2fec33..8672dbfe04 100644 --- a/creusot/tests/should_succeed/inferred_invariants/why3session.xml +++ b/creusot/tests/should_succeed/inferred_invariants/why3session.xml @@ -33,17 +33,17 @@ - + - + - + diff --git a/creusot/tests/should_succeed/inferred_invariants/why3shapes.gz b/creusot/tests/should_succeed/inferred_invariants/why3shapes.gz index b07e632f6ff7ed6022139f36957a59170da72a38..6164b4a01f84bb2cc2ac8cbef15ae57805577f95 100644 GIT binary patch literal 1257 zcmVzLaD66~{A03*0*j(t`h@gizIJ$DbJ-ZP~vN@XB8{S45xBQ4ki+e3TNOQU9afm99ornmAmu8Ozn<~__$uAujbe}1rAw|lIf?0Mr}@0lUC z+OJQWU1iVf-xj~$lO(DpAg)4oXvhu?Yk0vV2w@GYGYLX{XgI{?xltKpKzzydLm_q1 ziNP9}i{7|218ae-?CG)Z^-!$r&*Rg=ce8&Ljr}pK7}e=6>}l(~N^Sp(p+a7^YZ0xU z?Vq*k+Lo8KZ}#)FD_gzp*DsjMvVtG<>lM(QLOf+D^a6D%bC$lRt+YU z9I90m0x={by%y*@(*t(43tkW1gOW`aeIP0KRt?J4+{4YAQV*3bLZy2kMI-n+FSiaM z@a0_g%emgL&j{3D*{H9ht{{3{q3r>~Lq;87jb2aXdcSjZc7M9LJ>~0i|C)O%TRv9) zV&u?*(lo%KO>aM04Y8gZk$BQi3`{4cHz*D8rhUBW2=Dm)c*kSB=`FnJ|A;po;LZAY z(*{pA#+wfDX4iPbG~R6k9^g&p3xTYLy1kdXH>0;NH-wiP+JfxHhO8Tb{lwB$DGc8e za%1iswgXI8aNT1Xj1KiPXMc+9lV{RAqd|s+!ET7~agbnPFd_ zY+_ZfJl=XQXuxA)vx{WR$>}F0_=2gwtT&wj9d$%t{g#LW-iWsRU(lA1yW+*&R9oyF zbdz~elxHN5b;_NhX(SNl@Hc?F1*eCW2?q6+loiMt?GAAapF!qEONmSs{g_v|u8$PRGjo1HJ^d z1QcKiWT~SZgyL}~vqBfKV4#H1sUyzjv5;v_y^V-8SE*{p`dkSQ4s(DLX&SV literal 1124 zcmV-q1e^OGiwFP!00000|CLuuZ{s!)zUx=`mUesL@F^CX0zwf%0$TL4AbK+>lG+&c z+KH_==)W&0iy|e85X#K`cytYl_ZK%qi4UQPzT<7CanBDMw5ZpjOMa#r0a1Q~C<#aG=75Y>Bog~0cmbpU;xDWqW}F8> z2E#lEax|eTI^#;L@&YRo`i<}PX+9Mn&CO?+U*16P5&!zA_wMk$d)Akodw(Db>F&7Q z9Xfs4{#pF}fXb{}K)4Id!J#=ge8Y;AK?vW7qGb^JnAaEzm;vNxEzJS-)5a#>Kwb6b zGa2X#sMfzluY+U&y|#Yhu;Si`7t8Ee@;z%J`v|hDe(!z7_89G z`nJ3>L-o#P4F;-(x4_tnxbc`Y^5u?Vr7SIM)d4)2h zWy>TtEzhka#5RpXc>^MMOoJvqEYJ!_1-JsJ097(WP77@Sz#uLeL56eMGD5((h7v@) q4a+QRtY``3I!8oWW|~|e3&5Cdb;BC3l~*7t;MsqA^g_*|4*&r7%pJ-A diff --git a/creusot/tests/should_succeed/insertion_sort.coma b/creusot/tests/should_succeed/insertion_sort.coma index 838de3530e..05da8354e1 100644 --- a/creusot/tests/should_succeed/insertion_sort.coma +++ b/creusot/tests/should_succeed/insertion_sort.coma @@ -22,7 +22,7 @@ module M_insertion_sort__insertion_sort [#"insertion_sort.rs" 21 0 21 40] let%span sinsertion_sort20 = "insertion_sort.rs" 44 18 44 55 let%span sinsertion_sort21 = "insertion_sort.rs" 19 10 19 42 let%span sinsertion_sort22 = "insertion_sort.rs" 20 10 20 27 - let%span sslice23 = "../../../creusot-contracts/src/std/slice.rs" 245 0 354 1 + let%span sslice23 = "../../../creusot-contracts/src/std/slice.rs" 263 0 372 1 let%span siter24 = "../../../creusot-contracts/src/std/iter.rs" 101 0 213 1 let%span ssnapshot25 = "../../../creusot-contracts/src/snapshot.rs" 26 20 26 39 let%span smodel26 = "../../../creusot-contracts/src/model.rs" 106 8 106 22 @@ -32,9 +32,9 @@ module M_insertion_sort__insertion_sort [#"insertion_sort.rs" 21 0 21 40] let%span siter30 = "../../../creusot-contracts/src/std/iter.rs" 107 26 110 17 let%span sops31 = "../../../creusot-contracts/src/logic/ops.rs" 53 8 53 32 let%span sops32 = "../../../creusot-contracts/src/logic/ops.rs" 42 8 42 31 - let%span sslice33 = "../../../creusot-contracts/src/std/slice.rs" 257 19 257 35 - let%span sslice34 = "../../../creusot-contracts/src/std/slice.rs" 258 19 258 35 - let%span sslice35 = "../../../creusot-contracts/src/std/slice.rs" 259 18 259 50 + let%span sslice33 = "../../../creusot-contracts/src/std/slice.rs" 275 19 275 35 + let%span sslice34 = "../../../creusot-contracts/src/std/slice.rs" 276 19 276 35 + let%span sslice35 = "../../../creusot-contracts/src/std/slice.rs" 277 18 277 50 let%span sslice36 = "../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 let%span sslice37 = "../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 let%span sinsertion_sort38 = "insertion_sort.rs" 15 8 15 35 @@ -49,52 +49,80 @@ module M_insertion_sort__insertion_sort [#"insertion_sort.rs" 21 0 21 40] let%span srange47 = "../../../creusot-contracts/src/std/iter/range.rs" 42 15 42 32 let%span srange48 = "../../../creusot-contracts/src/std/iter/range.rs" 43 15 43 32 let%span srange49 = "../../../creusot-contracts/src/std/iter/range.rs" 44 14 44 42 - let%span snum50 = "../../../creusot-contracts/src/std/num.rs" 21 28 21 33 + let%span snum50 = "../../../creusot-contracts/src/std/num.rs" 52 28 52 33 let%span srange51 = "../../../creusot-contracts/src/std/iter/range.rs" 15 12 15 78 let%span sresolve52 = "../../../creusot-contracts/src/resolve.rs" 54 20 54 34 + let%span sord53 = "../../../creusot-contracts/src/logic/ord.rs" 78 39 78 89 + let%span sord54 = "../../../creusot-contracts/src/logic/ord.rs" 83 39 83 86 + let%span sord55 = "../../../creusot-contracts/src/logic/ord.rs" 88 39 88 86 + let%span sord56 = "../../../creusot-contracts/src/logic/ord.rs" 93 39 93 89 + let%span sord57 = "../../../creusot-contracts/src/logic/ord.rs" 98 39 98 70 + let%span sord58 = "../../../creusot-contracts/src/logic/ord.rs" 103 40 103 57 + let%span sord59 = "../../../creusot-contracts/src/logic/ord.rs" 104 40 104 57 + let%span sord60 = "../../../creusot-contracts/src/logic/ord.rs" 105 39 105 56 + let%span sord61 = "../../../creusot-contracts/src/logic/ord.rs" 110 40 110 70 + let%span sord62 = "../../../creusot-contracts/src/logic/ord.rs" 111 39 111 72 + let%span sord63 = "../../../creusot-contracts/src/logic/ord.rs" 116 40 116 73 + let%span sord64 = "../../../creusot-contracts/src/logic/ord.rs" 117 39 117 69 + let%span sord65 = "../../../creusot-contracts/src/logic/ord.rs" 122 39 122 84 + let%span sord66 = "../../../creusot-contracts/src/logic/ord.rs" 78 39 78 89 + let%span sord67 = "../../../creusot-contracts/src/logic/ord.rs" 83 39 83 86 + let%span sord68 = "../../../creusot-contracts/src/logic/ord.rs" 88 39 88 86 + let%span sord69 = "../../../creusot-contracts/src/logic/ord.rs" 93 39 93 89 + let%span sord70 = "../../../creusot-contracts/src/logic/ord.rs" 98 39 98 70 + let%span sord71 = "../../../creusot-contracts/src/logic/ord.rs" 103 40 103 57 + let%span sord72 = "../../../creusot-contracts/src/logic/ord.rs" 104 40 104 57 + let%span sord73 = "../../../creusot-contracts/src/logic/ord.rs" 105 39 105 56 + let%span sord74 = "../../../creusot-contracts/src/logic/ord.rs" 110 40 110 70 + let%span sord75 = "../../../creusot-contracts/src/logic/ord.rs" 111 39 111 72 + let%span sord76 = "../../../creusot-contracts/src/logic/ord.rs" 116 40 116 73 + let%span sord77 = "../../../creusot-contracts/src/logic/ord.rs" 117 39 117 69 + let%span sord78 = "../../../creusot-contracts/src/logic/ord.rs" 122 39 122 84 + let%span sord79 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + let%span sord80 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 use prelude.prelude.Snapshot use prelude.prelude.Borrow - use prelude.prelude.Slice + use Slice64.create + + use prelude.prelude.Int use prelude.prelude.Int32 - predicate inv'2 (_1 : slice int32) + predicate inv'2 (_1 : slice Int32.t) - axiom inv_axiom'2 [@rewrite] : forall x : slice int32 [inv'2 x] . inv'2 x = true + axiom inv_axiom'2 [@rewrite] : forall x : slice Int32.t [inv'2 x] . inv'2 x = true use seq.Seq use seq.Seq - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 - constant v_MAX'0 : usize = (18446744073709551615 : usize) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.UIntSize - - use prelude.prelude.Int + use prelude.prelude.UInt64 - use prelude.prelude.Slice + use prelude.prelude.Slice64 - function view'2 (self : slice int32) : Seq.seq int32 + function view'2 (self : slice Int32.t) : Seq.seq Int32.t - axiom view'2_spec : forall self : slice int32 . ([%#sslice36] Seq.length (view'2 self) - <= UIntSize.to_int (v_MAX'0 : usize)) - && ([%#sslice37] view'2 self = Slice.id self) + axiom view'2_spec : forall self : slice Int32.t . ([%#sslice36] Seq.length (view'2 self) + <= UInt64.to_uint (v_MAX'0 : UInt64.t)) + && ([%#sslice37] view'2 self = Slice64.id self) - function view'3 (self : slice int32) : Seq.seq int32 = + function view'3 (self : slice Int32.t) : Seq.seq Int32.t = [%#smodel39] view'2 self - let rec len'0 (self:slice int32) (return' (ret:usize))= {[@expl:len 'self' type invariant] inv'2 self} + let rec len'0 (self:slice Int32.t) (return' (ret:UInt64.t))= {[@expl:len 'self' type invariant] inv'2 self} any - [ return' (result:usize)-> {[%#sslice23] Seq.length (view'3 self) = UIntSize.to_int result} (! return' {result}) ] + [ return' (result:UInt64.t)-> {[%#sslice23] Seq.length (view'3 self) = UInt64.to_uint result} (! return' {result}) ] type t_Range'0 = - { t_Range__start'0: usize; t_Range__end'0: usize } + { t_Range__start'0: UInt64.t; t_Range__end'0: UInt64.t } predicate inv'0 (_1 : t_Range'0) @@ -122,18 +150,18 @@ module M_insertion_sort__insertion_sort [#"insertion_sort.rs" 21 0 21 40] use prelude.prelude.Snapshot - function view'1 (self : borrowed (slice int32)) : Seq.seq int32 = + function view'1 (self : borrowed (slice Int32.t)) : Seq.seq Int32.t = [%#smodel26] view'2 self.current - function view'4 (self : borrowed (slice int32)) : Seq.seq int32 = + function view'4 (self : borrowed (slice Int32.t)) : Seq.seq Int32.t = [%#smodel39] view'1 self - function view'0 (self : Snapshot.snap_ty (borrowed (slice int32))) : Seq.seq int32 = + function view'0 (self : Snapshot.snap_ty (borrowed (slice Int32.t))) : Seq.seq Int32.t = [%#ssnapshot25] view'4 (Snapshot.inner self) use seq.Permut - predicate permutation_of'0 (self : Seq.seq int32) (o : Seq.seq int32) = + predicate permutation_of'0 (self : Seq.seq Int32.t) (o : Seq.seq Int32.t) = [%#sseq27] Permut.permut self o 0 (Seq.length self) use prelude.prelude.Snapshot @@ -142,8 +170,63 @@ module M_insertion_sort__insertion_sort [#"insertion_sort.rs" 21 0 21 40] use seq.Seq - predicate sorted_range'0 [#"insertion_sort.rs" 6 0 6 63] (s : Seq.seq int32) (l : int) (u : int) = - [%#sinsertion_sort28] forall i : int, j : int . l <= i /\ i < j /\ j < u -> Seq.get s i <= Seq.get s j + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 + + use prelude.prelude.Int32 + + function cmp_log'0 (self : Int32.t) (o : Int32.t) : t_Ordering'0 = + [%#sord79] if Int32.slt self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + + function eq_cmp'0 (x : Int32.t) (y : Int32.t) : () + + axiom eq_cmp'0_spec : forall x : Int32.t, y : Int32.t . [%#sord65] (x = y) = (cmp_log'0 x y = C_Equal'0) + + function antisym2'0 (x : Int32.t) (y : Int32.t) : () + + axiom antisym2'0_spec : forall x : Int32.t, y : Int32.t . ([%#sord63] cmp_log'0 x y = C_Greater'0) + -> ([%#sord64] cmp_log'0 y x = C_Less'0) + + function antisym1'0 (x : Int32.t) (y : Int32.t) : () + + axiom antisym1'0_spec : forall x : Int32.t, y : Int32.t . ([%#sord61] cmp_log'0 x y = C_Less'0) + -> ([%#sord62] cmp_log'0 y x = C_Greater'0) + + function trans'0 (x : Int32.t) (y : Int32.t) (z : Int32.t) (o : t_Ordering'0) : () + + axiom trans'0_spec : forall x : Int32.t, y : Int32.t, z : Int32.t, o : t_Ordering'0 . ([%#sord58] cmp_log'0 x y = o) + -> ([%#sord59] cmp_log'0 y z = o) -> ([%#sord60] cmp_log'0 x z = o) + + function refl'0 (x : Int32.t) : () + + axiom refl'0_spec : forall x : Int32.t . [%#sord57] cmp_log'0 x x = C_Equal'0 + + use prelude.prelude.Int32 + + function cmp_gt_log'0 (x : Int32.t) (y : Int32.t) : () + + axiom cmp_gt_log'0_spec : forall x : Int32.t, y : Int32.t . [%#sord56] Int32.sgt x y = (cmp_log'0 x y = C_Greater'0) + + use prelude.prelude.Int32 + + function cmp_ge_log'0 (x : Int32.t) (y : Int32.t) : () + + axiom cmp_ge_log'0_spec : forall x : Int32.t, y : Int32.t . [%#sord55] Int32.sge x y = (cmp_log'0 x y <> C_Less'0) + + function cmp_lt_log'0 (x : Int32.t) (y : Int32.t) : () + + axiom cmp_lt_log'0_spec : forall x : Int32.t, y : Int32.t . [%#sord54] Int32.slt x y = (cmp_log'0 x y = C_Less'0) + + use prelude.prelude.Int32 + + function cmp_le_log'0 (x : Int32.t) (y : Int32.t) : () + + axiom cmp_le_log'0_spec : forall x : Int32.t, y : Int32.t . [%#sord53] Int32.sle x y = (cmp_log'0 x y <> C_Greater'0) + + predicate sorted_range'0 [#"insertion_sort.rs" 6 0 6 63] (s : Seq.seq Int32.t) (l : int) (u : int) = + [%#sinsertion_sort28] forall i : int, j : int . l <= i /\ i < j /\ j < u -> Int32.sle (Seq.get s i) (Seq.get s j) use prelude.prelude.Snapshot @@ -151,12 +234,12 @@ module M_insertion_sort__insertion_sort [#"insertion_sort.rs" 21 0 21 40] use seq.Seq - function deep_model'0 (self : usize) : int = - [%#snum50] UIntSize.to_int self + function deep_model'0 (self : UInt64.t) : int = + [%#snum50] UInt64.to_uint self use seq.Seq - predicate produces'0 (self : t_Range'0) (visited : Seq.seq usize) (o : t_Range'0) = + predicate produces'0 (self : t_Range'0) (visited : Seq.seq UInt64.t) (o : t_Range'0) = [%#srange29] self.t_Range__end'0 = o.t_Range__end'0 /\ deep_model'0 self.t_Range__start'0 <= deep_model'0 o.t_Range__start'0 /\ (Seq.length visited > 0 -> deep_model'0 o.t_Range__start'0 <= deep_model'0 o.t_Range__end'0) @@ -164,10 +247,10 @@ module M_insertion_sort__insertion_sort [#"insertion_sort.rs" 21 0 21 40] /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> deep_model'0 (Seq.get visited i) = deep_model'0 self.t_Range__start'0 + i) - function produces_trans'0 (a : t_Range'0) (ab : Seq.seq usize) (b : t_Range'0) (bc : Seq.seq usize) (c : t_Range'0) : () + function produces_trans'0 (a : t_Range'0) (ab : Seq.seq UInt64.t) (b : t_Range'0) (bc : Seq.seq UInt64.t) (c : t_Range'0) : () - axiom produces_trans'0_spec : forall a : t_Range'0, ab : Seq.seq usize, b : t_Range'0, bc : Seq.seq usize, c : t_Range'0 . ([%#srange44] inv'0 a) + axiom produces_trans'0_spec : forall a : t_Range'0, ab : Seq.seq UInt64.t, b : t_Range'0, bc : Seq.seq UInt64.t, c : t_Range'0 . ([%#srange44] inv'0 a) -> ([%#srange45] inv'0 b) -> ([%#srange46] inv'0 c) -> ([%#srange47] produces'0 a ab b) @@ -176,11 +259,11 @@ module M_insertion_sort__insertion_sort [#"insertion_sort.rs" 21 0 21 40] function produces_refl'0 (self : t_Range'0) : () axiom produces_refl'0_spec : forall self : t_Range'0 . ([%#srange42] inv'0 self) - -> ([%#srange43] produces'0 self (Seq.empty : Seq.seq usize) self) + -> ([%#srange43] produces'0 self (Seq.empty : Seq.seq UInt64.t) self) - predicate inv'1 (_1 : Seq.seq usize) + predicate inv'1 (_1 : Seq.seq UInt64.t) - axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq usize [inv'1 x] . inv'1 x = true + axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq UInt64.t [inv'1 x] . inv'1 x = true predicate inv'3 (_1 : borrowed (t_Range'0)) @@ -188,7 +271,7 @@ module M_insertion_sort__insertion_sort [#"insertion_sort.rs" 21 0 21 40] type t_Option'0 = | C_None'0 - | C_Some'0 usize + | C_Some'0 UInt64.t predicate inv'4 (_1 : t_Option'0) @@ -216,35 +299,87 @@ module M_insertion_sort__insertion_sort [#"insertion_sort.rs" 21 0 21 40] predicate resolve'0 (_1 : borrowed (t_Range'0)) = resolve'2 _1 - let rec v_Some'0 (input:t_Option'0) (ret (field_0:usize))= any - [ good (field_0:usize)-> {C_Some'0 field_0 = input} (! ret {field_0}) - | bad -> {forall field_0 : usize [C_Some'0 field_0 : t_Option'0] . C_Some'0 field_0 <> input} (! {false} any) ] + let rec v_Some'0 (input:t_Option'0) (ret (field_0:UInt64.t))= any + [ good (field_0:UInt64.t)-> {C_Some'0 field_0 = input} (! ret {field_0}) + | bad -> {forall field_0 : UInt64.t [C_Some'0 field_0 : t_Option'0] . C_Some'0 field_0 <> input} (! {false} any) ] - function index_logic'0 [@inline:trivial] (self : slice int32) (ix : usize) : int32 = - [%#sops31] Seq.get (view'2 self) (UIntSize.to_int ix) + function index_logic'0 [@inline:trivial] (self : slice Int32.t) (ix : UInt64.t) : Int32.t = + [%#sops31] Seq.get (view'2 self) (UInt64.to_uint ix) - function index_logic'1 [@inline:trivial] (self : slice int32) (ix : int) : int32 = + function index_logic'1 [@inline:trivial] (self : slice Int32.t) (ix : int) : Int32.t = [%#sops32] Seq.get (view'2 self) ix - predicate inv'5 (_1 : borrowed (slice int32)) + use prelude.prelude.UInt64 + + function cmp_log'1 (self : UInt64.t) (o : UInt64.t) : t_Ordering'0 = + [%#sord80] if UInt64.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + + function eq_cmp'1 (x : UInt64.t) (y : UInt64.t) : () + + axiom eq_cmp'1_spec : forall x : UInt64.t, y : UInt64.t . [%#sord78] (x = y) = (cmp_log'1 x y = C_Equal'0) + + function antisym2'1 (x : UInt64.t) (y : UInt64.t) : () + + axiom antisym2'1_spec : forall x : UInt64.t, y : UInt64.t . ([%#sord76] cmp_log'1 x y = C_Greater'0) + -> ([%#sord77] cmp_log'1 y x = C_Less'0) + + function antisym1'1 (x : UInt64.t) (y : UInt64.t) : () + + axiom antisym1'1_spec : forall x : UInt64.t, y : UInt64.t . ([%#sord74] cmp_log'1 x y = C_Less'0) + -> ([%#sord75] cmp_log'1 y x = C_Greater'0) + + function trans'1 (x : UInt64.t) (y : UInt64.t) (z : UInt64.t) (o : t_Ordering'0) : () + + axiom trans'1_spec : forall x : UInt64.t, y : UInt64.t, z : UInt64.t, o : t_Ordering'0 . ([%#sord71] cmp_log'1 x y + = o) -> ([%#sord72] cmp_log'1 y z = o) -> ([%#sord73] cmp_log'1 x z = o) + + function refl'1 (x : UInt64.t) : () - axiom inv_axiom'5 [@rewrite] : forall x : borrowed (slice int32) [inv'5 x] . inv'5 x = true + axiom refl'1_spec : forall x : UInt64.t . [%#sord70] cmp_log'1 x x = C_Equal'0 + + use prelude.prelude.UInt64 + + function cmp_gt_log'1 (x : UInt64.t) (y : UInt64.t) : () + + axiom cmp_gt_log'1_spec : forall x : UInt64.t, y : UInt64.t . [%#sord69] UInt64.ugt x y + = (cmp_log'1 x y = C_Greater'0) + + use prelude.prelude.UInt64 + + function cmp_ge_log'1 (x : UInt64.t) (y : UInt64.t) : () + + axiom cmp_ge_log'1_spec : forall x : UInt64.t, y : UInt64.t . [%#sord68] UInt64.uge x y = (cmp_log'1 x y <> C_Less'0) + + function cmp_lt_log'1 (x : UInt64.t) (y : UInt64.t) : () + + axiom cmp_lt_log'1_spec : forall x : UInt64.t, y : UInt64.t . [%#sord67] UInt64.ult x y = (cmp_log'1 x y = C_Less'0) + + use prelude.prelude.UInt64 + + function cmp_le_log'1 (x : UInt64.t) (y : UInt64.t) : () + + axiom cmp_le_log'1_spec : forall x : UInt64.t, y : UInt64.t . [%#sord66] UInt64.ule x y + = (cmp_log'1 x y <> C_Greater'0) + + predicate inv'5 (_1 : borrowed (slice Int32.t)) + + axiom inv_axiom'5 [@rewrite] : forall x : borrowed (slice Int32.t) [inv'5 x] . inv'5 x = true use seq.Permut - let rec swap'0 (self:borrowed (slice int32)) (a:usize) (b:usize) (return' (ret:()))= {[@expl:swap 'self' type invariant] inv'5 self} - {[@expl:swap requires #0] [%#sslice33] UIntSize.to_int a < Seq.length (view'1 self)} - {[@expl:swap requires #1] [%#sslice34] UIntSize.to_int b < Seq.length (view'1 self)} + let rec swap'0 (self:borrowed (slice Int32.t)) (a:UInt64.t) (b:UInt64.t) (return' (ret:()))= {[@expl:swap 'self' type invariant] inv'5 self} + {[@expl:swap requires #0] [%#sslice33] UInt64.to_uint a < Seq.length (view'1 self)} + {[@expl:swap requires #1] [%#sslice34] UInt64.to_uint b < Seq.length (view'1 self)} any - [ return' (result:())-> {[%#sslice35] Permut.exchange (view'2 self.final) (view'1 self) (UIntSize.to_int a) (UIntSize.to_int b)} + [ return' (result:())-> {[%#sslice35] Permut.exchange (view'2 self.final) (view'1 self) (UInt64.to_uint a) (UInt64.to_uint b)} (! return' {result}) ] - predicate resolve'3 (self : borrowed (slice int32)) = + predicate resolve'3 (self : borrowed (slice Int32.t)) = [%#sresolve52] self.final = self.current - predicate resolve'1 (_1 : borrowed (slice int32)) = + predicate resolve'1 (_1 : borrowed (slice Int32.t)) = resolve'3 _1 use prelude.prelude.Intrinsic @@ -253,21 +388,23 @@ module M_insertion_sort__insertion_sort [#"insertion_sort.rs" 21 0 21 40] use prelude.prelude.Snapshot - predicate sorted'0 [#"insertion_sort.rs" 13 0 13 41] (s : Seq.seq int32) = + predicate sorted'0 [#"insertion_sort.rs" 13 0 13 41] (s : Seq.seq Int32.t) = [%#sinsertion_sort38] sorted_range'0 s 0 (Seq.length s) meta "compute_max_steps" 1000000 - let rec insertion_sort'0 (array:borrowed (slice int32)) (return' (ret:()))= (! bb0 + let rec insertion_sort'0 (array:borrowed (slice Int32.t)) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &original <- [%#sinsertion_sort0] Snapshot.new array ] s1 | s1 = bb1 ] - | bb1 = s0 [ s0 = len'0 {array.current} (fun (_ret':usize) -> [ &n <- _ret' ] s1) | s1 = bb2 ] + | bb1 = s0 [ s0 = len'0 {array.current} (fun (_ret':UInt64.t) -> [ &n <- _ret' ] s1) | s1 = bb2 ] | bb2 = s0 - [ s0 = [ &_10 <- { t_Range__start'0 = ([%#sinsertion_sort1] (1 : usize)); t_Range__end'0 = n } ] s1 + [ s0 = [ &_10 <- { t_Range__start'0 = ([%#sinsertion_sort1] (1 : UInt64.t)); t_Range__end'0 = n } ] s1 | s1 = into_iter'0 {_10} (fun (_ret':t_Range'0) -> [ &iter <- _ret' ] s2) | s2 = bb3 ] | bb3 = s0 [ s0 = [ &iter_old <- [%#sinsertion_sort2] Snapshot.new iter ] s1 | s1 = bb4 ] - | bb4 = s0 [ s0 = [ &produced <- [%#sinsertion_sort3] Snapshot.new (Seq.empty : Seq.seq usize) ] s1 | s1 = bb5 ] + | bb4 = s0 + [ s0 = [ &produced <- [%#sinsertion_sort3] Snapshot.new (Seq.empty : Seq.seq UInt64.t) ] s1 | s1 = bb5 ] + | bb5 = s0 [ s0 = [ &old_6_0 <- Snapshot.new array ] s1 | s1 = bb6 ] | bb6 = bb6 [ bb6 = {[@expl:mut invariant] (Snapshot.inner old_6_0).final = array.final} @@ -276,7 +413,7 @@ module M_insertion_sort__insertion_sort [#"insertion_sort.rs" 21 0 21 40] {[@expl:for invariant] [%#sinsertion_sort7] produces'0 (Snapshot.inner iter_old) (Snapshot.inner produced) iter} {[@expl:loop invariant #0] [%#sinsertion_sort6] sorted_range'0 (view'1 array) 0 (Seq.length (Snapshot.inner produced) + 1)} - {[@expl:loop invariant #1] [%#sinsertion_sort5] Seq.length (view'1 array) = UIntSize.to_int n} + {[@expl:loop invariant #1] [%#sinsertion_sort5] Seq.length (view'1 array) = UInt64.to_uint n} {[@expl:loop invariant #2] [%#sinsertion_sort4] permutation_of'0 (view'0 original) (view'1 array)} (! s0) [ s0 = bb7 ] [ bb7 = s0 @@ -292,11 +429,11 @@ module M_insertion_sort__insertion_sort [#"insertion_sort.rs" 21 0 21 40] | bb8 = s0 [ s0 = -{resolve'0 _25}- s1 - | s1 = any [ br0 -> {_23 = C_None'0 } (! bb11) | br1 (x0:usize)-> {_23 = C_Some'0 x0} (! bb10) ] ] + | s1 = any [ br0 -> {_23 = C_None'0 } (! bb11) | br1 (x0:UInt64.t)-> {_23 = C_Some'0 x0} (! bb10) ] ] | bb10 = bb12 | bb12 = s0 - [ s0 = v_Some'0 {_23} (fun (r0'0:usize) -> [ &__creusot_proc_iter_elem <- r0'0 ] s1) + [ s0 = v_Some'0 {_23} (fun (r0'0:UInt64.t) -> [ &__creusot_proc_iter_elem <- r0'0 ] s1) | s1 = [ &_28 <- [%#sinsertion_sort8] Snapshot.new (Seq.(++) (Snapshot.inner produced) (Seq.singleton __creusot_proc_iter_elem)) ] @@ -312,53 +449,55 @@ module M_insertion_sort__insertion_sort [#"insertion_sort.rs" 21 0 21 40] | bb14 = bb14 [ bb14 = {[@expl:mut invariant] (Snapshot.inner old_14_0).final = array.final} - {[@expl:loop invariant #0] [%#sinsertion_sort13] j <= i} - {[@expl:loop invariant #1] [%#sinsertion_sort12] Seq.length (view'1 array) = UIntSize.to_int n} + {[@expl:loop invariant #0] [%#sinsertion_sort13] UInt64.ule j i} + {[@expl:loop invariant #1] [%#sinsertion_sort12] Seq.length (view'1 array) = UInt64.to_uint n} {[@expl:loop invariant #2] [%#sinsertion_sort11] permutation_of'0 (view'0 original) (view'1 array)} {[@expl:loop invariant #3] [%#sinsertion_sort10] forall a : int, b : int . 0 <= a - /\ a <= b /\ b <= UIntSize.to_int i - -> a <> UIntSize.to_int j - -> b <> UIntSize.to_int j -> index_logic'1 array.current a <= index_logic'1 array.current b} - {[@expl:loop invariant #4] [%#sinsertion_sort9] forall a : int . UIntSize.to_int j + 1 <= a - /\ a <= UIntSize.to_int i -> index_logic'0 array.current j < index_logic'1 array.current a} + /\ a <= b /\ b <= UInt64.to_uint i + -> a <> UInt64.to_uint j + -> b <> UInt64.to_uint j -> Int32.sle (index_logic'1 array.current a) (index_logic'1 array.current b)} + {[@expl:loop invariant #4] [%#sinsertion_sort9] forall a : int . UInt64.to_uint j + 1 <= a + /\ a <= UInt64.to_uint i -> Int32.slt (index_logic'0 array.current j) (index_logic'1 array.current a)} (! s0) [ s0 = bb15 ] [ bb15 = s0 - [ s0 = UIntSize.gt {j} {[%#sinsertion_sort14] (0 : usize)} (fun (_ret':bool) -> [ &_37 <- _ret' ] s1) + [ s0 = UInt64.gt {j} {[%#sinsertion_sort14] (0 : UInt64.t)} (fun (_ret':bool) -> [ &_37 <- _ret' ] s1) | s1 = any [ br0 -> {_37 = false} (! bb22) | br1 -> {_37} (! bb16) ] ] | bb16 = s0 - [ s0 = UIntSize.sub {j} {[%#sinsertion_sort15] (1 : usize)} (fun (_ret':usize) -> [ &_42 <- _ret' ] s1) + [ s0 = UInt64.sub {j} {[%#sinsertion_sort15] (1 : UInt64.t)} + (fun (_ret':UInt64.t) -> [ &_42 <- _ret' ] s1) | s1 = [ &_44 <- Slice.length array.current ] s2 - | s2 = UIntSize.lt {_42} {_44} (fun (_ret':bool) -> [ &_45 <- _ret' ] s3) + | s2 = UInt64.lt {_42} {_44} (fun (_ret':bool) -> [ &_45 <- _ret' ] s3) | s3 = {[@expl:index in bounds] [%#sinsertion_sort16] _45} s4 | s4 = bb17 ] | bb17 = s0 [ s0 = [ &_47 <- j ] s1 | s1 = [ &_48 <- Slice.length array.current ] s2 - | s2 = UIntSize.lt {_47} {_48} (fun (_ret':bool) -> [ &_49 <- _ret' ] s3) + | s2 = UInt64.lt {_47} {_48} (fun (_ret':bool) -> [ &_49 <- _ret' ] s3) | s3 = {[@expl:index in bounds] [%#sinsertion_sort17] _49} s4 | s4 = bb18 ] | bb18 = s0 - [ s0 = Slice.get {array.current} {_42} - (fun (r'0:int32) -> - Slice.get {array.current} {_47} - (fun (r'1:int32) -> Int32.gt {r'0} {r'1} (fun (_ret':bool) -> [ &_40 <- _ret' ] s1))) + [ s0 = Slice64.get {array.current} {_47} + (fun (r'0:Int32.t) -> + Slice64.get {array.current} {_42} + (fun (r'1:Int32.t) -> Int32.gt {r'1} {r'0} (fun (_ret':bool) -> [ &_40 <- _ret' ] s1))) | s1 = any [ br0 -> {_40 = false} (! bb21) | br1 -> {_40} (! bb19) ] ] | bb19 = s0 - [ s0 = Borrow.borrow_mut {array.current} - (fun (_ret':borrowed (slice int32)) -> + [ s0 = Borrow.borrow_mut {array.current} + (fun (_ret':borrowed (slice Int32.t)) -> [ &_51 <- _ret' ] [ &array <- { array with current = _ret'.final } ] s1) - | s1 = UIntSize.sub {j} {[%#sinsertion_sort18] (1 : usize)} (fun (_ret':usize) -> [ &_52 <- _ret' ] s2) + | s1 = UInt64.sub {j} {[%#sinsertion_sort18] (1 : UInt64.t)} + (fun (_ret':UInt64.t) -> [ &_52 <- _ret' ] s2) | s2 = swap'0 {_51} {_52} {j} (fun (_ret':()) -> [ &_50 <- _ret' ] s3) | s3 = bb20 ] | bb20 = s0 - [ s0 = UIntSize.sub {j} {[%#sinsertion_sort19] (1 : usize)} (fun (_ret':usize) -> [ &j <- _ret' ] s1) + [ s0 = UInt64.sub {j} {[%#sinsertion_sort19] (1 : UInt64.t)} (fun (_ret':UInt64.t) -> [ &j <- _ret' ] s1) | s1 = bb14 ] ] ] @@ -375,33 +514,33 @@ module M_insertion_sort__insertion_sort [#"insertion_sort.rs" 21 0 21 40] ] ) [ & _0 : () = any_l () - | & array : borrowed (slice int32) = array - | & original : Snapshot.snap_ty (borrowed (slice int32)) = any_l () - | & n : usize = any_l () + | & array : borrowed (slice Int32.t) = array + | & original : Snapshot.snap_ty (borrowed (slice Int32.t)) = any_l () + | & n : UInt64.t = any_l () | & iter : t_Range'0 = any_l () | & _10 : t_Range'0 = any_l () | & iter_old : Snapshot.snap_ty (t_Range'0) = any_l () - | & produced : Snapshot.snap_ty (Seq.seq usize) = any_l () + | & produced : Snapshot.snap_ty (Seq.seq UInt64.t) = any_l () | & _23 : t_Option'0 = any_l () | & _24 : borrowed (t_Range'0) = any_l () | & _25 : borrowed (t_Range'0) = any_l () - | & __creusot_proc_iter_elem : usize = any_l () - | & _28 : Snapshot.snap_ty (Seq.seq usize) = any_l () - | & i : usize = any_l () - | & j : usize = any_l () + | & __creusot_proc_iter_elem : UInt64.t = any_l () + | & _28 : Snapshot.snap_ty (Seq.seq UInt64.t) = any_l () + | & i : UInt64.t = any_l () + | & j : UInt64.t = any_l () | & _37 : bool = any_l () | & _40 : bool = any_l () - | & _42 : usize = any_l () - | & _44 : usize = any_l () + | & _42 : UInt64.t = any_l () + | & _44 : UInt64.t = any_l () | & _45 : bool = any_l () - | & _47 : usize = any_l () - | & _48 : usize = any_l () + | & _47 : UInt64.t = any_l () + | & _48 : UInt64.t = any_l () | & _49 : bool = any_l () | & _50 : () = any_l () - | & _51 : borrowed (slice int32) = any_l () - | & _52 : usize = any_l () - | & old_14_0 : Snapshot.snap_ty (borrowed (slice int32)) = any_l () - | & old_6_0 : Snapshot.snap_ty (borrowed (slice int32)) = any_l () ] + | & _51 : borrowed (slice Int32.t) = any_l () + | & _52 : UInt64.t = any_l () + | & old_14_0 : Snapshot.snap_ty (borrowed (slice Int32.t)) = any_l () + | & old_6_0 : Snapshot.snap_ty (borrowed (slice Int32.t)) = any_l () ] [ return' (result:())-> {[@expl:insertion_sort ensures #0] [%#sinsertion_sort21] permutation_of'0 (view'1 array) (view'2 array.final)} {[@expl:insertion_sort ensures #1] [%#sinsertion_sort22] sorted'0 (view'2 array.final)} diff --git a/creusot/tests/should_succeed/instant.coma b/creusot/tests/should_succeed/instant.coma index a5c877ff18..c9690e0de9 100644 --- a/creusot/tests/should_succeed/instant.coma +++ b/creusot/tests/should_succeed/instant.coma @@ -86,10 +86,10 @@ module M_instant__test_instant [#"instant.rs" 7 0 7 21] use prelude.prelude.UInt32 type t_Nanoseconds'1 = - { t_Nanoseconds__0'1: uint32 } + { t_Nanoseconds__0'1: UInt32.t } type t_Timespec'0 = - { t_Timespec__tv_sec'0: int64; t_Timespec__tv_nsec'0: t_Nanoseconds'1 } + { t_Timespec__tv_sec'0: Int64.t; t_Timespec__tv_nsec'0: t_Nanoseconds'1 } type t_Instant'1 = { t_Instant__t'0: t_Timespec'0 } @@ -107,7 +107,7 @@ module M_instant__test_instant [#"instant.rs" 7 0 7 21] use prelude.prelude.UInt64 - constant v_MAX'0 : uint64 = (18446744073709551615 : uint64) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) use prelude.prelude.UInt64 @@ -115,18 +115,18 @@ module M_instant__test_instant [#"instant.rs" 7 0 7 21] [%#stime41] secs * 1000000000 type t_Nanoseconds'0 = - { t_Nanoseconds__0'0: uint32 } + { t_Nanoseconds__0'0: UInt32.t } type t_Duration'0 = - { t_Duration__secs'0: uint64; t_Duration__nanos'0: t_Nanoseconds'0 } + { t_Duration__secs'0: UInt64.t; t_Duration__nanos'0: t_Nanoseconds'0 } function view'1 (self : t_Duration'0) : int axiom view'1_spec : forall self : t_Duration'0 . [%#stime40] view'1 self >= 0 - /\ view'1 self <= secs_to_nanos'0 (UInt64.to_int (v_MAX'0 : uint64)) + 999999999 + /\ view'1 self <= secs_to_nanos'0 (UInt64.to_uint (v_MAX'0 : UInt64.t)) + 999999999 - let rec from_secs'0 (secs:uint64) (return' (ret:t_Duration'0))= any - [ return' (result:t_Duration'0)-> {[%#stime21] view'1 result = secs_to_nanos'0 (UInt64.to_int secs)} + let rec from_secs'0 (secs:UInt64.t) (return' (ret:t_Duration'0))= any + [ return' (result:t_Duration'0)-> {[%#stime21] view'1 result = secs_to_nanos'0 (UInt64.to_uint secs)} (! return' {result}) ] @@ -379,7 +379,7 @@ module M_instant__test_instant [#"instant.rs" 7 0 7 21] let rec test_instant'0 (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = now'0 {[%#sinstant0] ()} (fun (_ret':t_Instant'0) -> [ &instant <- _ret' ] s1) | s1 = bb1 ] | bb1 = s0 - [ s0 = from_secs'0 {[%#sinstant1] (0 : uint64)} (fun (_ret':t_Duration'0) -> [ &zero_dur <- _ret' ] s1) + [ s0 = from_secs'0 {[%#sinstant1] (0 : UInt64.t)} (fun (_ret':t_Duration'0) -> [ &zero_dur <- _ret' ] s1) | s1 = bb2 ] | bb2 = s0 [ s0 = elapsed'0 {instant} (fun (_ret':t_Duration'0) -> [ &_6 <- _ret' ] s1) | s1 = bb3 ] @@ -393,7 +393,7 @@ module M_instant__test_instant [#"instant.rs" 7 0 7 21] | bb12 = s0 [ s0 = eq'0 {_22} {instant} (fun (_ret':bool) -> [ &_20 <- _ret' ] s1) | s1 = bb13 ] | bb13 = any [ br0 -> {_20 = false} (! bb15) | br1 -> {_20} (! bb14) ] | bb14 = s0 - [ s0 = from_secs'0 {[%#sinstant2] (3 : uint64)} (fun (_ret':t_Duration'0) -> [ &three_seconds <- _ret' ] s1) + [ s0 = from_secs'0 {[%#sinstant2] (3 : UInt64.t)} (fun (_ret':t_Duration'0) -> [ &three_seconds <- _ret' ] s1) | s1 = bb16 ] | bb16 = s0 diff --git a/creusot/tests/should_succeed/instant/why3session.xml b/creusot/tests/should_succeed/instant/why3session.xml index 8d531227d9..9ad7803ee4 100644 --- a/creusot/tests/should_succeed/instant/why3session.xml +++ b/creusot/tests/should_succeed/instant/why3session.xml @@ -7,7 +7,7 @@ - + diff --git a/creusot/tests/should_succeed/instant/why3shapes.gz b/creusot/tests/should_succeed/instant/why3shapes.gz index 0446c7e2441bebd300319e7093ea6bd6e486d46a..bc211db56ff73f7f669e29a3ebeede7513129c63 100644 GIT binary patch literal 687 zcmV;g0#N-QiwFP!00000|BY75Zrd;ryz47`bDLhce5+w9KRmKJ@G zxw%`v9Lnwf8ClG7_oe)Le0AF?IlB2JQN$E!1ya8I3U7TMA;L;TzMZ_Q{b@>)I&D>m z#-+;YYty7Iw}9$t%m*@*&6_+;8UVxZ?Wt0fTM(hJqg%AeB3s2wX+d38B5mHL(uUeX z9?)iOChbOX_7LB9HgB_0LrhRhS-h1dmC}Tzd~h>}afC;AgSfI(j%^2FiHza>AgC=P zmO)aI4`y`(q)*5wen&QhD6@>mlbXBdIzoS*UVS`aM1*BBSOgaN2x^Ps8fBS|YPNL* z4c;iXoTLJ`K0@2N?)-t}P+X%vOD*q?(jhZ_@dVeTi_KzNCWwng2xja5y zhTa`}E!Vir+4X(GMIQ-$?-ns_F~lmco7JLug5|1>3%9NOg&#}dZ=~Exi)Hu5;j)i3 z4~6nrsL(etp->(P4Oy*F76@g%P>e7BTJ3j!3db9*6U7itNGN4+WUG|67#wY@1p+P5 zX=yGJOzZ&(w3jMF%=l{&V9O}Pi^S2?(1mLf{ z6pt?VoKY&2&xv?=5=t}iuy$-hg`wO~W+*ij3?&9~1KNNxAPoou+yFB`4S)e+a-)qh V(g?#178x)k`v(im+b*UE0079HODF&U literal 693 zcmV;m0!sZKiwFP!00000|BY75j@m#Fy!$J-IgiV9&(je`LaR7~lyHh#xmg1Y8zh#O zy+rx@2;0Dn*F?*yr@Fdb?yj-;@M%>2b_ZXL&i+(w_PZ}5HTv{1ag*GgH~vq`h%H%> zxN&y|0{7Wfep!|EzTCOpzDk*^_vL0+yL0(t`YUD2?E0JD`T)VDPknTo-8p51#WhG= z?v^iya=U*{fj9~GRDM0ax^2piF24XpOi?7=Q~BLjRmx^jMv`(*<+qb}wLhh-S7%6v z*|=1bxi#(8WduNgF(23vnl(7~8UQEY_qXb21%V8O9o?h_i)0=%6@k8~Ji1BVLj8t@ zAPZ>Y7U_3GMhNk9$9aoJ4H+R4@^~u^)Tc>8F}N8ulzP;WK?_> z>bSlPy}R~CE!ph$`CugEHIioLCNXU?#42VkCnK9Tn9kd{aNEjX_^}l6M#{akn08+r zp{|h;p->SEmF6xc6e=R2A*&V21EKsXG$(WM*L=V8DID*#P827DJ<`mL2S+yV(pQXnQ8%e+sU434i6qqDmho!tf#Z%mt^4R)nPuq|!gWviC< z*j8ExqVxk>>9-EQmk!uUt5B$Vm#wt=zpZrOfBne+deHy+q5pO0fBioHC;sJ7|1Fz; z4N0OG*&4X#N}`b~$^Cl4_&Qs7!PYCa;3Je4g+*==ErLa6A+umCXbZ}Mv>+^S3upl> bFq>IpwN+MHVYx*MmL>lHP=yX~r3e53z}8Zh diff --git a/creusot/tests/should_succeed/invariant_moves.coma b/creusot/tests/should_succeed/invariant_moves.coma index e30f1cdd0f..3774eaf0dc 100644 --- a/creusot/tests/should_succeed/invariant_moves.coma +++ b/creusot/tests/should_succeed/invariant_moves.coma @@ -15,16 +15,18 @@ module M_invariant_moves__test_invariant_move [#"invariant_moves.rs" 5 0 5 43] type t_Unique'0 = { t_Unique__pointer'0: t_NonNull'0; t_Unique__qy95zmarker'0: () } - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 type t_Cap'0 = - { t_Cap__0'0: usize } + { t_Cap__0'0: UInt64.t } type t_RawVec'0 = { t_RawVec__ptr'0: t_Unique'0; t_RawVec__cap'0: t_Cap'0; t_RawVec__alloc'0: () } type t_Vec'0 = - { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: usize } + { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: UInt64.t } predicate inv'0 (_1 : borrowed (t_Vec'0)) @@ -34,7 +36,7 @@ module M_invariant_moves__test_invariant_move [#"invariant_moves.rs" 5 0 5 43] type t_Option'0 = | C_None'0 - | C_Some'0 uint32 + | C_Some'0 UInt32.t predicate inv'1 (_1 : t_Option'0) @@ -42,19 +44,17 @@ module M_invariant_moves__test_invariant_move [#"invariant_moves.rs" 5 0 5 43] use seq.Seq - constant v_MAX'0 : usize = (18446744073709551615 : usize) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.UIntSize - - use prelude.prelude.Int + use prelude.prelude.UInt64 use seq.Seq - function view'0 (self : t_Vec'0) : Seq.seq uint32 + function view'0 (self : t_Vec'0) : Seq.seq UInt32.t - axiom view'0_spec : forall self : t_Vec'0 . [%#svec2] Seq.length (view'0 self) <= UIntSize.to_int (v_MAX'0 : usize) + axiom view'0_spec : forall self : t_Vec'0 . [%#svec2] Seq.length (view'0 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) - function view'1 (self : borrowed (t_Vec'0)) : Seq.seq uint32 = + function view'1 (self : borrowed (t_Vec'0)) : Seq.seq UInt32.t = [%#smodel3] view'0 self.current use seq.Seq @@ -98,7 +98,7 @@ module M_invariant_moves__test_invariant_move [#"invariant_moves.rs" 5 0 5 43] | bb4 = s0 [ s0 = -{resolve'0 _6}- s1 - | s1 = any [ br0 -> {_4 = C_None'0 } (! bb7) | br1 (x0:uint32)-> {_4 = C_Some'0 x0} (! bb5) ] ] + | s1 = any [ br0 -> {_4 = C_None'0 } (! bb7) | br1 (x0:UInt32.t)-> {_4 = C_Some'0 x0} (! bb5) ] ] | bb5 = bb6 | bb6 = bb2 ] diff --git a/creusot/tests/should_succeed/invariant_moves/why3session.xml b/creusot/tests/should_succeed/invariant_moves/why3session.xml index c70ef8eeb6..e079cd9d4e 100644 --- a/creusot/tests/should_succeed/invariant_moves/why3session.xml +++ b/creusot/tests/should_succeed/invariant_moves/why3session.xml @@ -7,7 +7,7 @@ - + diff --git a/creusot/tests/should_succeed/invariant_moves/why3shapes.gz b/creusot/tests/should_succeed/invariant_moves/why3shapes.gz index dde3d49ed51f21e19a998bceb05812593723581a..b2981f6e8f01fad5a6e8b390f3b19b4cec4ab72f 100644 GIT binary patch literal 177 zcmV;i08alOiwFP!00000|6Pu;4#FT5MR&e}t=b7FrPb)*LReghTk{Oi5-rpg+xYhy zO&7P5lbe&f$??>|U?)7=aq=p3BiwChQwOuR%V)TxCQ}F;|6RiYkKMo3}cI&;S4cjvY}D literal 174 zcmV;f08#%RiwFP!00000|6Pu;4#FT50C&EE4ebOif*2iK2#YImBTq|OqJ`QL8vouz z)5Yy_!{s&=o_iSmjEkS {C_Var'0 v = input} (! ret {v}) - | bad -> {forall v : usize [C_Var'0 v : t_Expr'0] . C_Var'0 v <> input} (! {false} any) ] + let rec v_Var'0 (input:t_Expr'0) (ret (v:UInt64.t))= any + [ good (v:UInt64.t)-> {C_Var'0 v = input} (! ret {v}) + | bad -> {forall v : UInt64.t [C_Var'0 v : t_Expr'0] . C_Var'0 v <> input} (! {false} any) ] use prelude.prelude.Borrow - let rec clone'1 (self:usize) (return' (ret:usize))= any - [ return' (result:usize)-> {[%#sclone1] result = self} (! return' {result}) ] + let rec clone'1 (self:UInt64.t) (return' (ret:UInt64.t))= any + [ return' (result:UInt64.t)-> {[%#sclone1] result = self} (! return' {result}) ] let rec v_IfThenElse'0 (input:t_Expr'0) (ret (c:t_Expr'0) (t:t_Expr'0) (e:t_Expr'0))= any @@ -48,7 +50,7 @@ module M_ite_normalize__qyi15119799284333837974__clone [#"ite_normalize.rs" 55 9 let rec clone'0 (self:t_Expr'0) (return' (ret:t_Expr'0))= (! bb0 [ bb0 = any [ br0 (x0:t_Expr'0) (x1:t_Expr'0) (x2:t_Expr'0)-> {self = C_IfThenElse'0 x0 x1 x2} (! bb2) - | br1 (x0:usize)-> {self = C_Var'0 x0} (! bb3) + | br1 (x0:UInt64.t)-> {self = C_Var'0 x0} (! bb3) | br2 -> {self = C_True'0 } (! bb4) | br3 -> {self = C_False'0 } (! bb5) ] @@ -57,9 +59,9 @@ module M_ite_normalize__qyi15119799284333837974__clone [#"ite_normalize.rs" 55 9 | bb15 = s0 [ s0 = [ &_0 <- C_True'0 ] s1 | s1 = bb16 ] | bb3 = bb13 | bb13 = s0 - [ s0 = v_Var'0 {self} (fun (rv'0:usize) -> [ &v_1 <- rv'0 ] s1) + [ s0 = v_Var'0 {self} (fun (rv'0:UInt64.t) -> [ &v_1 <- rv'0 ] s1) | s1 = [ &_19 <- v_1 ] s2 - | s2 = clone'1 {_19} (fun (_ret':usize) -> [ &_17 <- _ret' ] s3) + | s2 = clone'1 {_19} (fun (_ret':UInt64.t) -> [ &_17 <- _ret' ] s3) | s3 = bb14 ] | bb14 = s0 [ s0 = [ &_0 <- C_Var'0 _17 ] s1 | s1 = bb16 ] @@ -95,36 +97,40 @@ module M_ite_normalize__qyi15119799284333837974__clone [#"ite_normalize.rs" 55 9 | & _12 : t_Expr'0 = any_l () | & _13 : t_Expr'0 = any_l () | & _15 : t_Expr'0 = any_l () - | & v_1 : usize = any_l () - | & _17 : usize = any_l () - | & _19 : usize = any_l () ] + | & v_1 : UInt64.t = any_l () + | & _17 : UInt64.t = any_l () + | & _19 : UInt64.t = any_l () ] [ return' (result:t_Expr'0)-> {[@expl:clone ensures] [%#site_normalize0] result = self} (! return' {result}) ] end module M_ite_normalize__qyi12210208226808281580__from [#"ite_normalize.rs" 80 4 80 29] (* > *) - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 type t_Expr'0 = | C_IfThenElse'0 (t_Expr'0) (t_Expr'0) (t_Expr'0) - | C_Var'0 usize + | C_Var'0 UInt64.t | C_True'0 | C_False'0 - let rec variable'0 (v:usize) (return' (ret:t_Expr'0))= any [ return' (result:t_Expr'0)-> (! return' {result}) ] + let rec variable'0 (v:UInt64.t) (return' (ret:t_Expr'0))= any [ return' (result:t_Expr'0)-> (! return' {result}) ] use prelude.prelude.Intrinsic meta "compute_max_steps" 1000000 - let rec from'0 (a:usize) (return' (ret:t_Expr'0))= (! bb0 + let rec from'0 (a:UInt64.t) (return' (ret:t_Expr'0))= (! bb0 [ bb0 = s0 [ s0 = variable'0 {a} (fun (_ret':t_Expr'0) -> [ &_0 <- _ret' ] s1) | s1 = bb1 ] | bb1 = return' {_0} ] - ) [ & _0 : t_Expr'0 = any_l () | & a : usize = a ] [ return' (result:t_Expr'0)-> (! return' {result}) ] + ) [ & _0 : t_Expr'0 = any_l () | & a : UInt64.t = a ] [ return' (result:t_Expr'0)-> (! return' {result}) ] end module M_ite_normalize__qyi1874907776010341903__from [#"ite_normalize.rs" 86 4 86 28] (* > *) - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 type t_Expr'0 = | C_IfThenElse'0 (t_Expr'0) (t_Expr'0) (t_Expr'0) - | C_Var'0 usize + | C_Var'0 UInt64.t | C_True'0 | C_False'0 @@ -142,11 +148,13 @@ end module M_ite_normalize__qyi17570407315987535457__ite [#"ite_normalize.rs" 97 4 97 49] (* Expr *) let%span site_normalize0 = "ite_normalize.rs" 96 14 96 91 - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 type t_Expr'0 = | C_IfThenElse'0 (t_Expr'0) (t_Expr'0) (t_Expr'0) - | C_Var'0 usize + | C_Var'0 UInt64.t | C_True'0 | C_False'0 @@ -172,11 +180,13 @@ module M_ite_normalize__qyi17570407315987535457__ite [#"ite_normalize.rs" 97 4 9 end module M_ite_normalize__qyi17570407315987535457__variable [#"ite_normalize.rs" 101 4 101 37] (* Expr *) - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 type t_Expr'0 = | C_IfThenElse'0 (t_Expr'0) (t_Expr'0) (t_Expr'0) - | C_Var'0 usize + | C_Var'0 UInt64.t | C_True'0 | C_False'0 @@ -184,9 +194,9 @@ module M_ite_normalize__qyi17570407315987535457__variable [#"ite_normalize.rs" 1 meta "compute_max_steps" 1000000 - let rec variable'0 (v:usize) (return' (ret:t_Expr'0))= (! bb0 + let rec variable'0 (v:UInt64.t) (return' (ret:t_Expr'0))= (! bb0 [ bb0 = s0 [ s0 = [ &_0 <- C_Var'0 v ] s1 | s1 = return' {_0} ] ] - ) [ & _0 : t_Expr'0 = any_l () | & v : usize = v ] [ return' (result:t_Expr'0)-> (! return' {result}) ] + ) [ & _0 : t_Expr'0 = any_l () | & v : UInt64.t = v ] [ return' (result:t_Expr'0)-> (! return' {result}) ] end module M_ite_normalize__qyi17570407315987535457__transpose [#"ite_normalize.rs" 110 4 110 52] (* Expr *) let%span site_normalize0 = "ite_normalize.rs" 105 15 105 35 @@ -197,11 +207,13 @@ module M_ite_normalize__qyi17570407315987535457__transpose [#"ite_normalize.rs" let%span site_normalize5 = "ite_normalize.rs" 55 9 55 14 let%span site_normalize6 = "ite_normalize.rs" 127 8 140 9 - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 type t_Expr'0 = | C_IfThenElse'0 (t_Expr'0) (t_Expr'0) (t_Expr'0) - | C_Var'0 usize + | C_Var'0 UInt64.t | C_True'0 | C_False'0 @@ -247,7 +259,7 @@ module M_ite_normalize__qyi17570407315987535457__transpose [#"ite_normalize.rs" | bb3 = bb4 | bb4 = any [ br0 (x0:t_Expr'0) (x1:t_Expr'0) (x2:t_Expr'0)-> {self = C_IfThenElse'0 x0 x1 x2} (! bb6) - | br1 (x0:usize)-> {self = C_Var'0 x0} (! bb7) + | br1 (x0:UInt64.t)-> {self = C_Var'0 x0} (! bb7) | br2 -> {self = C_True'0 } (! bb8) | br3 -> {self = C_False'0 } (! bb9) ] @@ -314,11 +326,13 @@ module M_ite_normalize__qyi17570407315987535457__normalize [#"ite_normalize.rs" let%span site_normalize7 = "ite_normalize.rs" 109 14 109 18 let%span site_normalize8 = "ite_normalize.rs" 127 8 140 9 - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 type t_Expr'0 = | C_IfThenElse'0 (t_Expr'0) (t_Expr'0) (t_Expr'0) - | C_Var'0 usize + | C_Var'0 UInt64.t | C_True'0 | C_False'0 @@ -362,7 +376,7 @@ module M_ite_normalize__qyi17570407315987535457__normalize [#"ite_normalize.rs" let rec normalize'0 (self:t_Expr'0) (return' (ret:t_Expr'0))= (! bb0 [ bb0 = any [ br0 (x0:t_Expr'0) (x1:t_Expr'0) (x2:t_Expr'0)-> {self = C_IfThenElse'0 x0 x1 x2} (! bb2) - | br1 (x0:usize)-> {self = C_Var'0 x0} (! bb1) + | br1 (x0:UInt64.t)-> {self = C_Var'0 x0} (! bb1) | br2 -> {self = C_True'0 } (! bb1) | br3 -> {self = C_False'0 } (! bb1) ] @@ -417,11 +431,13 @@ module M_ite_normalize__qyi17570407315987535457__simplify [#"ite_normalize.rs" 1 let rec new'0 (_1:()) (return' (ret:t_BTreeMap'0))= any [ return' (result:t_BTreeMap'0)-> (! return' {result}) ] - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 type t_Expr'0 = | C_IfThenElse'0 (t_Expr'0) (t_Expr'0) (t_Expr'0) - | C_Var'0 usize + | C_Var'0 UInt64.t | C_True'0 | C_False'0 @@ -439,8 +455,6 @@ module M_ite_normalize__qyi17570407315987535457__simplify [#"ite_normalize.rs" 1 | C_False'0 -> true end - use prelude.prelude.Int - type t_Option'0 = | C_None'0 | C_Some'0 bool @@ -449,11 +463,11 @@ module M_ite_normalize__qyi17570407315987535457__simplify [#"ite_normalize.rs" 1 function view'0 [#"ite_normalize.rs" 50 4 50 33] (self : t_BTreeMap'0) : Map.map int (t_Option'0) - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 use map.Map - predicate does_not_contain'0 [#"ite_normalize.rs" 169 4 169 48] (self : t_Expr'0) (vp : usize) = + predicate does_not_contain'0 [#"ite_normalize.rs" 169 4 169 48] (self : t_Expr'0) (vp : UInt64.t) = [%#site_normalize9] match self with | C_IfThenElse'0 c t e -> does_not_contain'0 c vp /\ does_not_contain'0 t vp /\ does_not_contain'0 e vp | C_Var'0 v -> v <> vp @@ -471,7 +485,7 @@ module M_ite_normalize__qyi17570407315987535457__simplify [#"ite_normalize.rs" 1 let rec simplify_helper'0 (self:t_Expr'0) (state:t_BTreeMap'0) (return' (ret:t_Expr'0))= {[@expl:simplify_helper requires] [%#site_normalize3] is_normalized'0 self} any - [ return' (result:t_Expr'0)-> {[%#site_normalize4] forall i : usize . (exists v : bool . Map.get (view'0 state) (UIntSize.to_int i) + [ return' (result:t_Expr'0)-> {[%#site_normalize4] forall i : UInt64.t . (exists v : bool . Map.get (view'0 state) (UInt64.to_uint i) = C_Some'0 v) -> does_not_contain'0 result i} {[%#site_normalize5] is_simplified'0 result} (! return' {result}) ] @@ -514,27 +528,29 @@ module M_ite_normalize__qyi17570407315987535457__simplify_helper [#"ite_normaliz let%span site_normalize17 = "ite_normalize.rs" 159 8 165 9 let%span smodel18 = "../../../creusot-contracts/src/model.rs" 88 8 88 22 let%span smodel19 = "../../../creusot-contracts/src/model.rs" 79 8 79 28 - let%span snum20 = "../../../creusot-contracts/src/std/num.rs" 21 28 21 33 + let%span snum20 = "../../../creusot-contracts/src/std/num.rs" 52 28 52 33 let%span smodel21 = "../../../creusot-contracts/src/model.rs" 106 8 106 22 - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 type t_Expr'0 = | C_IfThenElse'0 (t_Expr'0) (t_Expr'0) (t_Expr'0) - | C_Var'0 usize + | C_Var'0 UInt64.t | C_True'0 | C_False'0 - let rec v_Var'0 (input:t_Expr'0) (ret (v:usize))= any - [ good (v:usize)-> {C_Var'0 v = input} (! ret {v}) - | bad -> {forall v : usize [C_Var'0 v : t_Expr'0] . C_Var'0 v <> input} (! {false} any) ] + let rec v_Var'0 (input:t_Expr'0) (ret (v:UInt64.t))= any + [ good (v:UInt64.t)-> {C_Var'0 v = input} (! ret {v}) + | bad -> {forall v : UInt64.t [C_Var'0 v : t_Expr'0] . C_Var'0 v <> input} (! {false} any) ] use prelude.prelude.Borrow - predicate inv'0 (_1 : usize) + predicate inv'0 (_1 : UInt64.t) - axiom inv_axiom'0 [@rewrite] : forall x : usize [inv'0 x] . inv'0 x = true + axiom inv_axiom'0 [@rewrite] : forall x : UInt64.t [inv'0 x] . inv'0 x = true type t_Option'0 = | C_None'0 @@ -546,8 +562,6 @@ module M_ite_normalize__qyi17570407315987535457__simplify_helper [#"ite_normaliz type t_BTreeMap'0 - use prelude.prelude.Int - type t_Option'1 = | C_None'1 | C_Some'1 bool @@ -559,17 +573,17 @@ module M_ite_normalize__qyi17570407315987535457__simplify_helper [#"ite_normaliz function view'1 (self : t_BTreeMap'0) : Map.map int (t_Option'1) = [%#smodel18] view'0 self - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 - function deep_model'1 (self : usize) : int = - [%#snum20] UIntSize.to_int self + function deep_model'1 (self : UInt64.t) : int = + [%#snum20] UInt64.to_uint self - function deep_model'0 (self : usize) : int = + function deep_model'0 (self : UInt64.t) : int = [%#smodel19] deep_model'1 self use map.Map - let rec get'0 (self:t_BTreeMap'0) (key:usize) (return' (ret:t_Option'0))= {[@expl:get 'key' type invariant] [%#site_normalize6] inv'0 key} + let rec get'0 (self:t_BTreeMap'0) (key:UInt64.t) (return' (ret:t_Option'0))= {[@expl:get 'key' type invariant] [%#site_normalize6] inv'0 key} any [ return' (result:t_Option'0)-> {[%#site_normalize7] inv'1 result} {[%#site_normalize8] result = C_None'0 -> Map.get (view'1 self) (deep_model'0 key) = C_None'1} @@ -595,9 +609,9 @@ module M_ite_normalize__qyi17570407315987535457__simplify_helper [#"ite_normaliz [ return' (result:t_BTreeMap'0)-> {[%#site_normalize10] self = result} (! return' {result}) ] - predicate inv'2 (_1 : usize) + predicate inv'2 (_1 : UInt64.t) - axiom inv_axiom'2 [@rewrite] : forall x : usize [inv'2 x] . inv'2 x = true + axiom inv_axiom'2 [@rewrite] : forall x : UInt64.t [inv'2 x] . inv'2 x = true predicate inv'3 (_1 : bool) @@ -610,7 +624,7 @@ module M_ite_normalize__qyi17570407315987535457__simplify_helper [#"ite_normaliz function view'2 (self : borrowed (t_BTreeMap'0)) : Map.map int (t_Option'1) = [%#smodel21] view'0 self.current - let rec insert'0 (self:borrowed (t_BTreeMap'0)) (key:usize) (value:bool) (return' (ret:t_Option'1))= {[@expl:insert 'key' type invariant] [%#site_normalize11] inv'2 key} + let rec insert'0 (self:borrowed (t_BTreeMap'0)) (key:UInt64.t) (value:bool) (return' (ret:t_Option'1))= {[@expl:insert 'key' type invariant] [%#site_normalize11] inv'2 key} {[@expl:insert 'value' type invariant] [%#site_normalize12] inv'3 value} any [ return' (result:t_Option'1)-> {[%#site_normalize13] inv'4 result} @@ -635,7 +649,7 @@ module M_ite_normalize__qyi17570407315987535457__simplify_helper [#"ite_normaliz | C_False'0 -> true end - predicate does_not_contain'0 [#"ite_normalize.rs" 169 4 169 48] (self : t_Expr'0) (vp : usize) = + predicate does_not_contain'0 [#"ite_normalize.rs" 169 4 169 48] (self : t_Expr'0) (vp : UInt64.t) = [%#site_normalize16] match self with | C_IfThenElse'0 c t e -> does_not_contain'0 c vp /\ does_not_contain'0 t vp /\ does_not_contain'0 e vp | C_Var'0 v -> v <> vp @@ -660,7 +674,7 @@ module M_ite_normalize__qyi17570407315987535457__simplify_helper [#"ite_normaliz | bb2 = bb3 | bb3 = any [ br0 (x0:t_Expr'0) (x1:t_Expr'0) (x2:t_Expr'0)-> {self = C_IfThenElse'0 x0 x1 x2} (! bb5) - | br1 (x0:usize)-> {self = C_Var'0 x0} (! bb6) + | br1 (x0:UInt64.t)-> {self = C_Var'0 x0} (! bb6) | br2 -> {self = C_True'0 } (! bb4) | br3 -> {self = C_False'0 } (! bb4) ] @@ -668,7 +682,7 @@ module M_ite_normalize__qyi17570407315987535457__simplify_helper [#"ite_normaliz | bb51 = bb52 | bb6 = bb42 | bb42 = s0 - [ s0 = v_Var'0 {self} (fun (rv'0:usize) -> [ &v1 <- rv'0 ] s1) + [ s0 = v_Var'0 {self} (fun (rv'0:UInt64.t) -> [ &v1 <- rv'0 ] s1) | s1 = [ &_52 <- v1 ] s2 | s2 = get'0 {state} {_52} (fun (_ret':t_Option'0) -> [ &_49 <- _ret' ] s3) | s3 = bb43 ] @@ -691,7 +705,7 @@ module M_ite_normalize__qyi17570407315987535457__simplify_helper [#"ite_normaliz | s2 = v_IfThenElse'0 {self} (fun (rc'2:t_Expr'0) (rt'2:t_Expr'0) (re'2:t_Expr'0) -> [ &e <- re'2 ] s3) | s3 = any [ br0 (x0:t_Expr'0) (x1:t_Expr'0) (x2:t_Expr'0)-> {c = C_IfThenElse'0 x0 x1 x2} (! bb8) - | br1 (x0:usize)-> {c = C_Var'0 x0} (! bb9) + | br1 (x0:UInt64.t)-> {c = C_Var'0 x0} (! bb9) | br2 -> {c = C_True'0 } (! bb8) | br3 -> {c = C_False'0 } (! bb8) ] ] @@ -705,7 +719,7 @@ module M_ite_normalize__qyi17570407315987535457__simplify_helper [#"ite_normaliz | bb37 = bb38 | bb9 = bb10 | bb10 = s0 - [ s0 = v_Var'0 {c} (fun (rv'0:usize) -> [ &v <- rv'0 ] s1) + [ s0 = v_Var'0 {c} (fun (rv'0:UInt64.t) -> [ &v <- rv'0 ] s1) | s1 = [ &_16 <- v ] s2 | s2 = get'0 {state} {_16} (fun (_ret':t_Option'0) -> [ &_13 <- _ret' ] s3) | s3 = bb11 ] @@ -762,9 +776,9 @@ module M_ite_normalize__qyi17570407315987535457__simplify_helper [#"ite_normaliz | & c : t_Expr'0 = any_l () | & t : t_Expr'0 = any_l () | & e : t_Expr'0 = any_l () - | & v : usize = any_l () + | & v : UInt64.t = any_l () | & _13 : t_Option'0 = any_l () - | & _16 : usize = any_l () + | & _16 : UInt64.t = any_l () | & b : bool = any_l () | & state_t : t_BTreeMap'0 = any_l () | & _26 : t_Option'1 = any_l () @@ -775,13 +789,13 @@ module M_ite_normalize__qyi17570407315987535457__simplify_helper [#"ite_normaliz | & _35 : borrowed (t_BTreeMap'0) = any_l () | & ep : t_Expr'0 = any_l () | & c1 : t_Expr'0 = any_l () - | & v1 : usize = any_l () + | & v1 : UInt64.t = any_l () | & _49 : t_Option'0 = any_l () - | & _52 : usize = any_l () + | & _52 : UInt64.t = any_l () | & b1 : bool = any_l () | & c2 : t_Expr'0 = any_l () ] - [ return' (result:t_Expr'0)-> {[@expl:simplify_helper ensures #0] [%#site_normalize3] forall i : usize . (exists v : bool . Map.get (view'0 state) (UIntSize.to_int i) + [ return' (result:t_Expr'0)-> {[@expl:simplify_helper ensures #0] [%#site_normalize3] forall i : UInt64.t . (exists v : bool . Map.get (view'0 state) (UInt64.to_uint i) = C_Some'1 v) -> does_not_contain'0 result i} {[@expl:simplify_helper ensures #1] [%#site_normalize4] is_simplified'0 result} (! return' {result}) ] @@ -810,11 +824,13 @@ module M_ite_normalize__qyi15119799284333837974__clone__refines [#"ite_normalize use prelude.prelude.Borrow - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 type t_Expr'0 = | C_IfThenElse'0 (t_Expr'0) (t_Expr'0) (t_Expr'0) - | C_Var'0 usize + | C_Var'0 UInt64.t | C_True'0 | C_False'0 diff --git a/creusot/tests/should_succeed/ite_normalize/why3session.xml b/creusot/tests/should_succeed/ite_normalize/why3session.xml index 01e4bbe517..7f7c3315bf 100644 --- a/creusot/tests/should_succeed/ite_normalize/why3session.xml +++ b/creusot/tests/should_succeed/ite_normalize/why3session.xml @@ -15,12 +15,12 @@ - + - + @@ -35,22 +35,22 @@ - + - + - + - + diff --git a/creusot/tests/should_succeed/ite_normalize/why3shapes.gz b/creusot/tests/should_succeed/ite_normalize/why3shapes.gz index ed4d54cbef6bdb281d5e91f4ef9577f27ddb485f..fa5825d7fb437fea5e7b63fc811bef7497496995 100644 GIT binary patch literal 963 zcmV;!13dg6iwFP!00000|D9G%Z{s!)z57@A*6p5V_$e01!6;0`m+heoUJXeUcMT+V z8hcZ;zrG_%v=wW-4hk4BId8uB_(3^dyZzfQ z5Wtr~v0*@828(eZSM@`XL2T$x1nD2K;?Kh(c(ef@Oo`gu-w zF|0EB_4UU)aG0;Ye9362UkOx{>oQqQ5S;_3Q(qDd7U@f>P5S!1+pmXSTtEnjLtYMH zqfiGl0WA|&AT~}=ArXXR;tI54s)>Lu2-7cdU|N_};noxzx?)3jwu!TCr00E2;#23u zo(gzm136qq+?Gw0CwIc~0*84WX16rFD4nKjH!I5&Zx3li=M67C4{;xMQWdG+ah zEarm9c3wp|o-{^9BgDtq@%%DzBgAa@hlQp&Sur-rN{ulp&L}x~h;mo*;!)!b%%atB ztKSe7y>LPKK_AE6^UKpN?Iy~)HpN5NH+tU-*(;KeLwZ-u>G;y zpMs=ve;%H*g4doQ6&MOgt>g17`Zr@76q}@5t_+Gz(GtpFz7izqGJWSGch$K$caB(E z?-jT9b2boII{LKNgiO-PNm`zg{%Q#>KX(tbc|!F6y?pzBtS%?^k9&T@xxMT5UJvxX zlb2gFZ}R!+)GS)wc@{lCtQigZ)+fYzH6vQH+oywsn>0(f&@6GCrLV8 zYRytUibs5eMboqnx(<@Ct*{ccw%W$1WhHeZHISpqj>5IFOCVh>9kf`vBr4UQFcvX& zv3Jyiqils}b(7G=7Md2S3bjkJi;Y4p8geura{|>E>!@x7tqpXIG#Fzmh0>}@XvxVg zY8Mkqr#lI*O>LKSjFo8`17Is!7&%poNL-}a)k!o~pd%7&v__~Xp-Q@G$;mAgP)9DB l1Z`A}OA!;qx}|)oCUW{rNI&8Y9})6e{{z6sMrm>l001e_+L-_V literal 954 zcmV;r14aBFiwFP!00000|D9G#Z{s!)zUx=`w%a|;aQISz9E^nt`LaE9F;|0nbqyqT zHg;3AzrGM9+KM%9f}TXqH!pttNb2*K)#*ok?oO-M?&Y*U9)4Zf)t6t2^Ut_HynX_P zkO$d@j3Ez-X+Z1vz{F}BA6PMk?G&U!(LFt%|K6n{k~guMd&h_Pbr<5}sT<}g-PN#8 z==YaD-+<$M{q0*qIlg=X)~v#HvYsI(1t~0kb+px?wEH5^7u}$>6t*Kd=lsE_| z`cxL~po)m^py@!O8c|-5qS>$w!Wxz)T$&&(1qts865bKy)nQa0%IY)eSS$sR?6Qh* zI%$H6CP)u4-3smvJz}0N=-0o$w-nsRK6=^@#yIW7EwRm>UV^tm{^BV zAE*7(^W(nX&y;m*YLDH}@Ojr959hc)j2VWie{|>gy6^rP`ibY`Zhts4#jm^Hk55U! zn;>us0s|28>#T++V;W=|F@-$HHqAQZ!Ezx8YpLyY;%*wZxpBnY`JlH=SaN|Nk}+hx zrQ@2FW?5xIhI@s}^wvGFXQhVkpxxn%{(4-0d(Uq?wC}pT6@z2tS(O{%LB713Mnv-? zFQS)MHKAt@u}pAfnQ)V2Z*K0nkCjk&OQ=~1x|WcB-^j2Dvsp%` zb3rAO3-kG+!PyPG?DP5)sqd;;&(y5d*sg{+#7V_2M2Xe%53Rl{b3K!})|YZAa64bS zhGFgL&)Llw@ImTo;?Le`E5lqAy#b@qxgI)Idt+4(Woe)#8(rxeyP`@}SV7@xUpCs2 zX>qf}$+9?Q0Y zx&iOels$EAtaTlu6Eeheb;N(Y1{U-29L^Vv!bdjO4sPRp}K2(uT4+BQQG(9 c+7iK ([%#sord14] cmp_log'0 y x = C_Less'0) + + function antisym1'0 (x : Int64.t) (y : Int64.t) : () + + axiom antisym1'0_spec : forall x : Int64.t, y : Int64.t . ([%#sord11] cmp_log'0 x y = C_Less'0) + -> ([%#sord12] cmp_log'0 y x = C_Greater'0) + + function trans'0 (x : Int64.t) (y : Int64.t) (z : Int64.t) (o : t_Ordering'0) : () + + axiom trans'0_spec : forall x : Int64.t, y : Int64.t, z : Int64.t, o : t_Ordering'0 . ([%#sord8] cmp_log'0 x y = o) + -> ([%#sord9] cmp_log'0 y z = o) -> ([%#sord10] cmp_log'0 x z = o) + + function refl'0 (x : Int64.t) : () + + axiom refl'0_spec : forall x : Int64.t . [%#sord7] cmp_log'0 x x = C_Equal'0 + + use prelude.prelude.Int64 + + function cmp_gt_log'0 (x : Int64.t) (y : Int64.t) : () + + axiom cmp_gt_log'0_spec : forall x : Int64.t, y : Int64.t . [%#sord6] Int64.sgt x y = (cmp_log'0 x y = C_Greater'0) + + use prelude.prelude.Int64 + + function cmp_ge_log'0 (x : Int64.t) (y : Int64.t) : () + + axiom cmp_ge_log'0_spec : forall x : Int64.t, y : Int64.t . [%#sord5] Int64.sge x y = (cmp_log'0 x y <> C_Less'0) + + function cmp_lt_log'0 (x : Int64.t) (y : Int64.t) : () + + axiom cmp_lt_log'0_spec : forall x : Int64.t, y : Int64.t . [%#sord4] Int64.slt x y = (cmp_log'0 x y = C_Less'0) + + use prelude.prelude.Int64 + + function cmp_le_log'0 (x : Int64.t) (y : Int64.t) : () + + axiom cmp_le_log'0_spec : forall x : Int64.t, y : Int64.t . [%#sord3] Int64.sle x y = (cmp_log'0 x y <> C_Greater'0) use seq.Seq - use prelude.prelude.IntSize + use prelude.prelude.Int64 use seq.Seq - predicate produces'0 [#"01_range.rs" 31 4 31 64] (self : t_Range'0) (visited : Seq.seq isize) (o : t_Range'0) = + predicate produces'0 [#"01_range.rs" 31 4 31 64] (self : t_Range'0) (visited : Seq.seq Int64.t) (o : t_Range'0) = [%#s01_range2] self.t_Range__end'0 = o.t_Range__end'0 - /\ self.t_Range__start'0 <= o.t_Range__start'0 - /\ (Seq.length visited > 0 -> o.t_Range__start'0 <= o.t_Range__end'0) - /\ Seq.length visited = IntSize.to_int o.t_Range__start'0 - IntSize.to_int self.t_Range__start'0 + /\ Int64.sle self.t_Range__start'0 o.t_Range__start'0 + /\ (Seq.length visited > 0 -> Int64.sle o.t_Range__start'0 o.t_Range__end'0) + /\ Seq.length visited = Int64.to_int o.t_Range__start'0 - Int64.to_int self.t_Range__start'0 /\ (forall i : int . 0 <= i /\ i < Seq.length visited - -> IntSize.to_int (Seq.get visited i) = IntSize.to_int self.t_Range__start'0 + i) + -> Int64.to_int (Seq.get visited i) = Int64.to_int self.t_Range__start'0 + i) constant self : t_Range'0 function produces_refl'0 [#"01_range.rs" 44 4 44 26] (self : t_Range'0) : () - goal vc_produces_refl'0 : [%#s01_range0] produces'0 self (Seq.empty : Seq.seq isize) self + goal vc_produces_refl'0 : [%#s01_range0] produces'0 self (Seq.empty : Seq.seq Int64.t) self end module M_01_range__qyi16572111325853806140__produces_trans [#"01_range.rs" 51 4 51 90] (* *) let%span s01_range0 = "01_range.rs" 48 15 48 32 @@ -40,43 +109,112 @@ module M_01_range__qyi16572111325853806140__produces_trans [#"01_range.rs" 51 4 let%span s01_range2 = "01_range.rs" 50 14 50 42 let%span s01_range3 = "01_range.rs" 46 4 46 10 let%span s01_range4 = "01_range.rs" 33 12 37 46 + let%span sord5 = "../../../../creusot-contracts/src/logic/ord.rs" 78 39 78 89 + let%span sord6 = "../../../../creusot-contracts/src/logic/ord.rs" 83 39 83 86 + let%span sord7 = "../../../../creusot-contracts/src/logic/ord.rs" 88 39 88 86 + let%span sord8 = "../../../../creusot-contracts/src/logic/ord.rs" 93 39 93 89 + let%span sord9 = "../../../../creusot-contracts/src/logic/ord.rs" 98 39 98 70 + let%span sord10 = "../../../../creusot-contracts/src/logic/ord.rs" 103 40 103 57 + let%span sord11 = "../../../../creusot-contracts/src/logic/ord.rs" 104 40 104 57 + let%span sord12 = "../../../../creusot-contracts/src/logic/ord.rs" 105 39 105 56 + let%span sord13 = "../../../../creusot-contracts/src/logic/ord.rs" 110 40 110 70 + let%span sord14 = "../../../../creusot-contracts/src/logic/ord.rs" 111 39 111 72 + let%span sord15 = "../../../../creusot-contracts/src/logic/ord.rs" 116 40 116 73 + let%span sord16 = "../../../../creusot-contracts/src/logic/ord.rs" 117 39 117 69 + let%span sord17 = "../../../../creusot-contracts/src/logic/ord.rs" 122 39 122 84 + let%span sord18 = "../../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 - use prelude.prelude.IntSize + use prelude.prelude.Int + + use prelude.prelude.Int64 type t_Range'0 = - { t_Range__start'0: isize; t_Range__end'0: isize } + { t_Range__start'0: Int64.t; t_Range__end'0: Int64.t } use seq.Seq - use prelude.prelude.Int + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 + + use prelude.prelude.Int64 + + function cmp_log'0 (self : Int64.t) (o : Int64.t) : t_Ordering'0 = + [%#sord18] if Int64.slt self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + + function eq_cmp'0 (x : Int64.t) (y : Int64.t) : () + + axiom eq_cmp'0_spec : forall x : Int64.t, y : Int64.t . [%#sord17] (x = y) = (cmp_log'0 x y = C_Equal'0) + + function antisym2'0 (x : Int64.t) (y : Int64.t) : () + + axiom antisym2'0_spec : forall x : Int64.t, y : Int64.t . ([%#sord15] cmp_log'0 x y = C_Greater'0) + -> ([%#sord16] cmp_log'0 y x = C_Less'0) + + function antisym1'0 (x : Int64.t) (y : Int64.t) : () + + axiom antisym1'0_spec : forall x : Int64.t, y : Int64.t . ([%#sord13] cmp_log'0 x y = C_Less'0) + -> ([%#sord14] cmp_log'0 y x = C_Greater'0) + + function trans'0 (x : Int64.t) (y : Int64.t) (z : Int64.t) (o : t_Ordering'0) : () + + axiom trans'0_spec : forall x : Int64.t, y : Int64.t, z : Int64.t, o : t_Ordering'0 . ([%#sord10] cmp_log'0 x y = o) + -> ([%#sord11] cmp_log'0 y z = o) -> ([%#sord12] cmp_log'0 x z = o) + + function refl'0 (x : Int64.t) : () + + axiom refl'0_spec : forall x : Int64.t . [%#sord9] cmp_log'0 x x = C_Equal'0 + + use prelude.prelude.Int64 + + function cmp_gt_log'0 (x : Int64.t) (y : Int64.t) : () + + axiom cmp_gt_log'0_spec : forall x : Int64.t, y : Int64.t . [%#sord8] Int64.sgt x y = (cmp_log'0 x y = C_Greater'0) + + use prelude.prelude.Int64 + + function cmp_ge_log'0 (x : Int64.t) (y : Int64.t) : () + + axiom cmp_ge_log'0_spec : forall x : Int64.t, y : Int64.t . [%#sord7] Int64.sge x y = (cmp_log'0 x y <> C_Less'0) + + function cmp_lt_log'0 (x : Int64.t) (y : Int64.t) : () + + axiom cmp_lt_log'0_spec : forall x : Int64.t, y : Int64.t . [%#sord6] Int64.slt x y = (cmp_log'0 x y = C_Less'0) + + use prelude.prelude.Int64 + + function cmp_le_log'0 (x : Int64.t) (y : Int64.t) : () + + axiom cmp_le_log'0_spec : forall x : Int64.t, y : Int64.t . [%#sord5] Int64.sle x y = (cmp_log'0 x y <> C_Greater'0) use seq.Seq - use prelude.prelude.IntSize + use prelude.prelude.Int64 use seq.Seq - predicate produces'0 [#"01_range.rs" 31 4 31 64] (self : t_Range'0) (visited : Seq.seq isize) (o : t_Range'0) = + predicate produces'0 [#"01_range.rs" 31 4 31 64] (self : t_Range'0) (visited : Seq.seq Int64.t) (o : t_Range'0) = [%#s01_range4] self.t_Range__end'0 = o.t_Range__end'0 - /\ self.t_Range__start'0 <= o.t_Range__start'0 - /\ (Seq.length visited > 0 -> o.t_Range__start'0 <= o.t_Range__end'0) - /\ Seq.length visited = IntSize.to_int o.t_Range__start'0 - IntSize.to_int self.t_Range__start'0 + /\ Int64.sle self.t_Range__start'0 o.t_Range__start'0 + /\ (Seq.length visited > 0 -> Int64.sle o.t_Range__start'0 o.t_Range__end'0) + /\ Seq.length visited = Int64.to_int o.t_Range__start'0 - Int64.to_int self.t_Range__start'0 /\ (forall i : int . 0 <= i /\ i < Seq.length visited - -> IntSize.to_int (Seq.get visited i) = IntSize.to_int self.t_Range__start'0 + i) + -> Int64.to_int (Seq.get visited i) = Int64.to_int self.t_Range__start'0 + i) use seq.Seq constant a : t_Range'0 - constant ab : Seq.seq isize + constant ab : Seq.seq Int64.t constant b : t_Range'0 - constant bc : Seq.seq isize + constant bc : Seq.seq Int64.t constant c : t_Range'0 - function produces_trans'0 [#"01_range.rs" 51 4 51 90] (a : t_Range'0) (ab : Seq.seq isize) (b : t_Range'0) (bc : Seq.seq isize) (c : t_Range'0) : () + function produces_trans'0 [#"01_range.rs" 51 4 51 90] (a : t_Range'0) (ab : Seq.seq Int64.t) (b : t_Range'0) (bc : Seq.seq Int64.t) (c : t_Range'0) : () goal vc_produces_trans'0 : ([%#s01_range1] produces'0 b bc c) @@ -88,11 +226,27 @@ module M_01_range__qyi16572111325853806140__next [#"01_range.rs" 57 4 57 39] (* let%span s01_range2 = "01_range.rs" 25 12 25 52 let%span s01_range3 = "01_range.rs" 33 12 37 46 let%span sresolve4 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 + let%span sord5 = "../../../../creusot-contracts/src/logic/ord.rs" 78 39 78 89 + let%span sord6 = "../../../../creusot-contracts/src/logic/ord.rs" 83 39 83 86 + let%span sord7 = "../../../../creusot-contracts/src/logic/ord.rs" 88 39 88 86 + let%span sord8 = "../../../../creusot-contracts/src/logic/ord.rs" 93 39 93 89 + let%span sord9 = "../../../../creusot-contracts/src/logic/ord.rs" 98 39 98 70 + let%span sord10 = "../../../../creusot-contracts/src/logic/ord.rs" 103 40 103 57 + let%span sord11 = "../../../../creusot-contracts/src/logic/ord.rs" 104 40 104 57 + let%span sord12 = "../../../../creusot-contracts/src/logic/ord.rs" 105 39 105 56 + let%span sord13 = "../../../../creusot-contracts/src/logic/ord.rs" 110 40 110 70 + let%span sord14 = "../../../../creusot-contracts/src/logic/ord.rs" 111 39 111 72 + let%span sord15 = "../../../../creusot-contracts/src/logic/ord.rs" 116 40 116 73 + let%span sord16 = "../../../../creusot-contracts/src/logic/ord.rs" 117 39 117 69 + let%span sord17 = "../../../../creusot-contracts/src/logic/ord.rs" 122 39 122 84 + let%span sord18 = "../../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int64 - use prelude.prelude.IntSize + use prelude.prelude.Int type t_Range'0 = - { t_Range__start'0: isize; t_Range__end'0: isize } + { t_Range__start'0: Int64.t; t_Range__end'0: Int64.t } use prelude.prelude.Borrow @@ -104,14 +258,67 @@ module M_01_range__qyi16572111325853806140__next [#"01_range.rs" 57 4 57 39] (* type t_Option'0 = | C_None'0 - | C_Some'0 isize + | C_Some'0 Int64.t use prelude.prelude.Intrinsic - use prelude.prelude.Int + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 + + use prelude.prelude.Int64 + + function cmp_log'0 (self : Int64.t) (o : Int64.t) : t_Ordering'0 = + [%#sord18] if Int64.slt self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + + function eq_cmp'0 (x : Int64.t) (y : Int64.t) : () + + axiom eq_cmp'0_spec : forall x : Int64.t, y : Int64.t . [%#sord17] (x = y) = (cmp_log'0 x y = C_Equal'0) + + function antisym2'0 (x : Int64.t) (y : Int64.t) : () + + axiom antisym2'0_spec : forall x : Int64.t, y : Int64.t . ([%#sord15] cmp_log'0 x y = C_Greater'0) + -> ([%#sord16] cmp_log'0 y x = C_Less'0) + + function antisym1'0 (x : Int64.t) (y : Int64.t) : () + + axiom antisym1'0_spec : forall x : Int64.t, y : Int64.t . ([%#sord13] cmp_log'0 x y = C_Less'0) + -> ([%#sord14] cmp_log'0 y x = C_Greater'0) + + function trans'0 (x : Int64.t) (y : Int64.t) (z : Int64.t) (o : t_Ordering'0) : () + + axiom trans'0_spec : forall x : Int64.t, y : Int64.t, z : Int64.t, o : t_Ordering'0 . ([%#sord10] cmp_log'0 x y = o) + -> ([%#sord11] cmp_log'0 y z = o) -> ([%#sord12] cmp_log'0 x z = o) + + function refl'0 (x : Int64.t) : () + + axiom refl'0_spec : forall x : Int64.t . [%#sord9] cmp_log'0 x x = C_Equal'0 + + use prelude.prelude.Int64 + + function cmp_gt_log'0 (x : Int64.t) (y : Int64.t) : () + + axiom cmp_gt_log'0_spec : forall x : Int64.t, y : Int64.t . [%#sord8] Int64.sgt x y = (cmp_log'0 x y = C_Greater'0) + + use prelude.prelude.Int64 + + function cmp_ge_log'0 (x : Int64.t) (y : Int64.t) : () + + axiom cmp_ge_log'0_spec : forall x : Int64.t, y : Int64.t . [%#sord7] Int64.sge x y = (cmp_log'0 x y <> C_Less'0) + + function cmp_lt_log'0 (x : Int64.t) (y : Int64.t) : () + + axiom cmp_lt_log'0_spec : forall x : Int64.t, y : Int64.t . [%#sord6] Int64.slt x y = (cmp_log'0 x y = C_Less'0) + + use prelude.prelude.Int64 + + function cmp_le_log'0 (x : Int64.t) (y : Int64.t) : () + + axiom cmp_le_log'0_spec : forall x : Int64.t, y : Int64.t . [%#sord5] Int64.sle x y = (cmp_log'0 x y <> C_Greater'0) predicate completed'0 [#"01_range.rs" 23 4 23 35] (self : borrowed (t_Range'0)) = - [%#s01_range2] resolve'1 self /\ (self.current).t_Range__start'0 >= (self.current).t_Range__end'0 + [%#s01_range2] resolve'1 self /\ Int64.sge (self.current).t_Range__start'0 (self.current).t_Range__end'0 use seq.Seq @@ -119,31 +326,33 @@ module M_01_range__qyi16572111325853806140__next [#"01_range.rs" 57 4 57 39] (* use seq.Seq - use prelude.prelude.IntSize + use prelude.prelude.Int64 use seq.Seq - predicate produces'0 [#"01_range.rs" 31 4 31 64] (self : t_Range'0) (visited : Seq.seq isize) (o : t_Range'0) = + predicate produces'0 [#"01_range.rs" 31 4 31 64] (self : t_Range'0) (visited : Seq.seq Int64.t) (o : t_Range'0) = [%#s01_range3] self.t_Range__end'0 = o.t_Range__end'0 - /\ self.t_Range__start'0 <= o.t_Range__start'0 - /\ (Seq.length visited > 0 -> o.t_Range__start'0 <= o.t_Range__end'0) - /\ Seq.length visited = IntSize.to_int o.t_Range__start'0 - IntSize.to_int self.t_Range__start'0 + /\ Int64.sle self.t_Range__start'0 o.t_Range__start'0 + /\ (Seq.length visited > 0 -> Int64.sle o.t_Range__start'0 o.t_Range__end'0) + /\ Seq.length visited = Int64.to_int o.t_Range__start'0 - Int64.to_int self.t_Range__start'0 /\ (forall i : int . 0 <= i /\ i < Seq.length visited - -> IntSize.to_int (Seq.get visited i) = IntSize.to_int self.t_Range__start'0 + i) + -> Int64.to_int (Seq.get visited i) = Int64.to_int self.t_Range__start'0 + i) meta "compute_max_steps" 1000000 let rec next'0 (self:borrowed (t_Range'0)) (return' (ret:t_Option'0))= (! bb0 [ bb0 = s0 - [ s0 = IntSize.ge {(self.current).t_Range__start'0} {(self.current).t_Range__end'0} + [ s0 = Int64.ge {(self.current).t_Range__start'0} {(self.current).t_Range__end'0} (fun (_ret':bool) -> [ &_3 <- _ret' ] s1) | s1 = any [ br0 -> {_3 = false} (! bb2) | br1 -> {_3} (! bb1) ] ] | bb1 = s0 [ s0 = -{resolve'0 self}- s1 | s1 = [ &_0 <- C_None'0 ] s2 | s2 = bb3 ] | bb2 = s0 [ s0 = [ &r <- (self.current).t_Range__start'0 ] s1 - | s1 = IntSize.add {(self.current).t_Range__start'0} {[%#s01_range0] (1 : isize)} - (fun (_ret':isize) -> [ &self <- { self with current = { self.current with t_Range__start'0 = _ret' } } ] s2) + | s1 = Int64.add {(self.current).t_Range__start'0} {[%#s01_range0] (1 : Int64.t)} + (fun (_ret':Int64.t) -> + [ &self <- { self with current = { self.current with t_Range__start'0 = _ret' } } ] + s2) | s2 = -{resolve'0 self}- s3 | s3 = [ &_0 <- C_Some'0 r ] s4 | s4 = bb3 ] @@ -153,7 +362,7 @@ module M_01_range__qyi16572111325853806140__next [#"01_range.rs" 57 4 57 39] (* [ & _0 : t_Option'0 = any_l () | & self : borrowed (t_Range'0) = self | & _3 : bool = any_l () - | & r : isize = any_l () ] + | & r : Int64.t = any_l () ] [ return' (result:t_Option'0)-> {[@expl:next ensures] [%#s01_range1] match result with | C_None'0 -> completed'0 self @@ -165,10 +374,12 @@ end module M_01_range__qyi2180657552132013455__into_iter [#"01_range.rs" 70 4 70 34] (* Range *) let%span s01_range0 = "01_range.rs" 69 14 69 28 - use prelude.prelude.IntSize + use prelude.prelude.Int + + use prelude.prelude.Int64 type t_Range'0 = - { t_Range__start'0: isize; t_Range__end'0: isize } + { t_Range__start'0: Int64.t; t_Range__end'0: Int64.t } use prelude.prelude.Intrinsic @@ -195,19 +406,35 @@ module M_01_range__sum_range [#"01_range.rs" 77 0 77 35] let%span s01_range11 = "01_range.rs" 69 14 69 28 let%span s01_range12 = "01_range.rs" 33 12 37 46 let%span s01_range13 = "01_range.rs" 53 14 56 5 - let%span s01_range14 = "01_range.rs" 43 14 43 45 - let%span s01_range15 = "01_range.rs" 41 4 41 10 - let%span s01_range16 = "01_range.rs" 48 15 48 32 - let%span s01_range17 = "01_range.rs" 49 15 49 32 - let%span s01_range18 = "01_range.rs" 50 14 50 42 - let%span s01_range19 = "01_range.rs" 46 4 46 10 - let%span s01_range20 = "01_range.rs" 25 12 25 52 - let%span sresolve21 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 + let%span sord14 = "../../../../creusot-contracts/src/logic/ord.rs" 78 39 78 89 + let%span sord15 = "../../../../creusot-contracts/src/logic/ord.rs" 83 39 83 86 + let%span sord16 = "../../../../creusot-contracts/src/logic/ord.rs" 88 39 88 86 + let%span sord17 = "../../../../creusot-contracts/src/logic/ord.rs" 93 39 93 89 + let%span sord18 = "../../../../creusot-contracts/src/logic/ord.rs" 98 39 98 70 + let%span sord19 = "../../../../creusot-contracts/src/logic/ord.rs" 103 40 103 57 + let%span sord20 = "../../../../creusot-contracts/src/logic/ord.rs" 104 40 104 57 + let%span sord21 = "../../../../creusot-contracts/src/logic/ord.rs" 105 39 105 56 + let%span sord22 = "../../../../creusot-contracts/src/logic/ord.rs" 110 40 110 70 + let%span sord23 = "../../../../creusot-contracts/src/logic/ord.rs" 111 39 111 72 + let%span sord24 = "../../../../creusot-contracts/src/logic/ord.rs" 116 40 116 73 + let%span sord25 = "../../../../creusot-contracts/src/logic/ord.rs" 117 39 117 69 + let%span sord26 = "../../../../creusot-contracts/src/logic/ord.rs" 122 39 122 84 + let%span s01_range27 = "01_range.rs" 43 14 43 45 + let%span s01_range28 = "01_range.rs" 41 4 41 10 + let%span s01_range29 = "01_range.rs" 48 15 48 32 + let%span s01_range30 = "01_range.rs" 49 15 49 32 + let%span s01_range31 = "01_range.rs" 50 14 50 42 + let%span s01_range32 = "01_range.rs" 46 4 46 10 + let%span s01_range33 = "01_range.rs" 25 12 25 52 + let%span sord34 = "../../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + let%span sresolve35 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 + + use prelude.prelude.Int - use prelude.prelude.IntSize + use prelude.prelude.Int64 type t_Range'0 = - { t_Range__start'0: isize; t_Range__end'0: isize } + { t_Range__start'0: Int64.t; t_Range__end'0: Int64.t } let rec into_iter'0 (self:t_Range'0) (return' (ret:t_Range'0))= any [ return' (result:t_Range'0)-> {[%#s01_range11] result = self} (! return' {result}) ] @@ -221,13 +448,66 @@ module M_01_range__sum_range [#"01_range.rs" 77 0 77 35] use prelude.prelude.Snapshot - use prelude.prelude.IntSize + use prelude.prelude.Int64 use prelude.prelude.Snapshot use seq.Seq - use prelude.prelude.Int + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 + + use prelude.prelude.Int64 + + function cmp_log'0 (self : Int64.t) (o : Int64.t) : t_Ordering'0 = + [%#sord34] if Int64.slt self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + + function eq_cmp'0 (x : Int64.t) (y : Int64.t) : () + + axiom eq_cmp'0_spec : forall x : Int64.t, y : Int64.t . [%#sord26] (x = y) = (cmp_log'0 x y = C_Equal'0) + + function antisym2'0 (x : Int64.t) (y : Int64.t) : () + + axiom antisym2'0_spec : forall x : Int64.t, y : Int64.t . ([%#sord24] cmp_log'0 x y = C_Greater'0) + -> ([%#sord25] cmp_log'0 y x = C_Less'0) + + function antisym1'0 (x : Int64.t) (y : Int64.t) : () + + axiom antisym1'0_spec : forall x : Int64.t, y : Int64.t . ([%#sord22] cmp_log'0 x y = C_Less'0) + -> ([%#sord23] cmp_log'0 y x = C_Greater'0) + + function trans'0 (x : Int64.t) (y : Int64.t) (z : Int64.t) (o : t_Ordering'0) : () + + axiom trans'0_spec : forall x : Int64.t, y : Int64.t, z : Int64.t, o : t_Ordering'0 . ([%#sord19] cmp_log'0 x y = o) + -> ([%#sord20] cmp_log'0 y z = o) -> ([%#sord21] cmp_log'0 x z = o) + + function refl'0 (x : Int64.t) : () + + axiom refl'0_spec : forall x : Int64.t . [%#sord18] cmp_log'0 x x = C_Equal'0 + + use prelude.prelude.Int64 + + function cmp_gt_log'0 (x : Int64.t) (y : Int64.t) : () + + axiom cmp_gt_log'0_spec : forall x : Int64.t, y : Int64.t . [%#sord17] Int64.sgt x y = (cmp_log'0 x y = C_Greater'0) + + use prelude.prelude.Int64 + + function cmp_ge_log'0 (x : Int64.t) (y : Int64.t) : () + + axiom cmp_ge_log'0_spec : forall x : Int64.t, y : Int64.t . [%#sord16] Int64.sge x y = (cmp_log'0 x y <> C_Less'0) + + function cmp_lt_log'0 (x : Int64.t) (y : Int64.t) : () + + axiom cmp_lt_log'0_spec : forall x : Int64.t, y : Int64.t . [%#sord15] Int64.slt x y = (cmp_log'0 x y = C_Less'0) + + use prelude.prelude.Int64 + + function cmp_le_log'0 (x : Int64.t) (y : Int64.t) : () + + axiom cmp_le_log'0_spec : forall x : Int64.t, y : Int64.t . [%#sord14] Int64.sle x y = (cmp_log'0 x y <> C_Greater'0) use prelude.prelude.Snapshot @@ -237,26 +517,26 @@ module M_01_range__sum_range [#"01_range.rs" 77 0 77 35] use seq.Seq - predicate produces'0 [#"01_range.rs" 31 4 31 64] (self : t_Range'0) (visited : Seq.seq isize) (o : t_Range'0) = + predicate produces'0 [#"01_range.rs" 31 4 31 64] (self : t_Range'0) (visited : Seq.seq Int64.t) (o : t_Range'0) = [%#s01_range12] self.t_Range__end'0 = o.t_Range__end'0 - /\ self.t_Range__start'0 <= o.t_Range__start'0 - /\ (Seq.length visited > 0 -> o.t_Range__start'0 <= o.t_Range__end'0) - /\ Seq.length visited = IntSize.to_int o.t_Range__start'0 - IntSize.to_int self.t_Range__start'0 + /\ Int64.sle self.t_Range__start'0 o.t_Range__start'0 + /\ (Seq.length visited > 0 -> Int64.sle o.t_Range__start'0 o.t_Range__end'0) + /\ Seq.length visited = Int64.to_int o.t_Range__start'0 - Int64.to_int self.t_Range__start'0 /\ (forall i : int . 0 <= i /\ i < Seq.length visited - -> IntSize.to_int (Seq.get visited i) = IntSize.to_int self.t_Range__start'0 + i) + -> Int64.to_int (Seq.get visited i) = Int64.to_int self.t_Range__start'0 + i) - function produces_trans'0 [#"01_range.rs" 51 4 51 90] (a : t_Range'0) (ab : Seq.seq isize) (b : t_Range'0) (bc : Seq.seq isize) (c : t_Range'0) : () + function produces_trans'0 [#"01_range.rs" 51 4 51 90] (a : t_Range'0) (ab : Seq.seq Int64.t) (b : t_Range'0) (bc : Seq.seq Int64.t) (c : t_Range'0) : () = - [%#s01_range19] () + [%#s01_range32] () - axiom produces_trans'0_spec : forall a : t_Range'0, ab : Seq.seq isize, b : t_Range'0, bc : Seq.seq isize, c : t_Range'0 . ([%#s01_range16] produces'0 a ab b) - -> ([%#s01_range17] produces'0 b bc c) -> ([%#s01_range18] produces'0 a (Seq.(++) ab bc) c) + axiom produces_trans'0_spec : forall a : t_Range'0, ab : Seq.seq Int64.t, b : t_Range'0, bc : Seq.seq Int64.t, c : t_Range'0 . ([%#s01_range29] produces'0 a ab b) + -> ([%#s01_range30] produces'0 b bc c) -> ([%#s01_range31] produces'0 a (Seq.(++) ab bc) c) function produces_refl'0 [#"01_range.rs" 44 4 44 26] (self : t_Range'0) : () = - [%#s01_range15] () + [%#s01_range28] () - axiom produces_refl'0_spec : forall self : t_Range'0 . [%#s01_range14] produces'0 self (Seq.empty : Seq.seq isize) self + axiom produces_refl'0_spec : forall self : t_Range'0 . [%#s01_range27] produces'0 self (Seq.empty : Seq.seq Int64.t) self predicate inv'0 (_1 : t_Range'0) @@ -266,13 +546,13 @@ module M_01_range__sum_range [#"01_range.rs" 77 0 77 35] type t_Option'0 = | C_None'0 - | C_Some'0 isize + | C_Some'0 Int64.t predicate resolve'0 (self : borrowed (t_Range'0)) = - [%#sresolve21] self.final = self.current + [%#sresolve35] self.final = self.current predicate completed'0 [#"01_range.rs" 23 4 23 35] (self : borrowed (t_Range'0)) = - [%#s01_range20] resolve'0 self /\ (self.current).t_Range__start'0 >= (self.current).t_Range__end'0 + [%#s01_range33] resolve'0 self /\ Int64.sge (self.current).t_Range__start'0 (self.current).t_Range__end'0 use seq.Seq @@ -284,9 +564,9 @@ module M_01_range__sum_range [#"01_range.rs" 77 0 77 35] (! return' {result}) ] - let rec v_Some'0 (input:t_Option'0) (ret (field_0:isize))= any - [ good (field_0:isize)-> {C_Some'0 field_0 = input} (! ret {field_0}) - | bad -> {forall field_0 : isize [C_Some'0 field_0 : t_Option'0] . C_Some'0 field_0 <> input} (! {false} any) ] + let rec v_Some'0 (input:t_Option'0) (ret (field_0:Int64.t))= any + [ good (field_0:Int64.t)-> {C_Some'0 field_0 = input} (! ret {field_0}) + | bad -> {forall field_0 : Int64.t [C_Some'0 field_0 : t_Option'0] . C_Some'0 field_0 <> input} (! {false} any) ] use prelude.prelude.Intrinsic @@ -297,22 +577,23 @@ module M_01_range__sum_range [#"01_range.rs" 77 0 77 35] meta "compute_max_steps" 1000000 - let rec sum_range'0 (n:isize) (return' (ret:isize))= {[@expl:sum_range requires] [%#s01_range9] IntSize.to_int n + let rec sum_range'0 (n:Int64.t) (return' (ret:Int64.t))= {[@expl:sum_range requires] [%#s01_range9] Int64.to_int n >= 0} (! bb0 [ bb0 = s0 - [ s0 = [ &i <- [%#s01_range0] (0 : isize) ] s1 - | s1 = [ &_6 <- { t_Range__start'0 = ([%#s01_range1] (0 : isize)); t_Range__end'0 = n } ] s2 + [ s0 = [ &i <- [%#s01_range0] (0 : Int64.t) ] s1 + | s1 = [ &_6 <- { t_Range__start'0 = ([%#s01_range1] (0 : Int64.t)); t_Range__end'0 = n } ] s2 | s2 = into_iter'0 {_6} (fun (_ret':t_Range'0) -> [ &it <- _ret' ] s3) | s3 = bb1 ] | bb1 = s0 [ s0 = [ &iter_old <- [%#s01_range2] Snapshot.new it ] s1 | s1 = bb2 ] - | bb2 = s0 [ s0 = [ &produced <- [%#s01_range3] Snapshot.new (Seq.empty : Seq.seq isize) ] s1 | s1 = bb3 ] + | bb2 = s0 [ s0 = [ &produced <- [%#s01_range3] Snapshot.new (Seq.empty : Seq.seq Int64.t) ] s1 | s1 = bb3 ] | bb3 = bb4 | bb4 = bb4 [ bb4 = {[@expl:loop invariant #0] [%#s01_range6] inv'0 it} {[@expl:loop invariant #1] [%#s01_range5] produces'0 (Snapshot.inner iter_old) (Snapshot.inner produced) it} - {[@expl:loop invariant #2] [%#s01_range4] IntSize.to_int i = Seq.length (Snapshot.inner produced) /\ i <= n} + {[@expl:loop invariant #2] [%#s01_range4] Int64.to_int i = Seq.length (Snapshot.inner produced) + /\ Int64.sle i n} (! s0) [ s0 = bb5 ] [ bb5 = s0 [ s0 = Borrow.borrow_mut {it} @@ -320,61 +601,130 @@ module M_01_range__sum_range [#"01_range.rs" 77 0 77 35] | s1 = next'0 {_18} (fun (_ret':t_Option'0) -> [ &_17 <- _ret' ] s2) | s2 = bb6 ] - | bb6 = any [ br0 -> {_17 = C_None'0 } (! bb9) | br1 (x0:isize)-> {_17 = C_Some'0 x0} (! bb8) ] + | bb6 = any [ br0 -> {_17 = C_None'0 } (! bb9) | br1 (x0:Int64.t)-> {_17 = C_Some'0 x0} (! bb8) ] | bb8 = bb10 | bb10 = s0 - [ s0 = v_Some'0 {_17} (fun (r0'0:isize) -> [ &x <- r0'0 ] s1) + [ s0 = v_Some'0 {_17} (fun (r0'0:Int64.t) -> [ &x <- r0'0 ] s1) | s1 = [ &_21 <- [%#s01_range7] Snapshot.new (Seq.(++) (Snapshot.inner produced) (Seq.singleton x)) ] s2 | s2 = bb11 ] | bb11 = s0 [ s0 = [ &produced <- _21 ] s1 - | s1 = IntSize.add {i} {[%#s01_range8] (1 : isize)} (fun (_ret':isize) -> [ &i <- _ret' ] s2) + | s1 = Int64.add {i} {[%#s01_range8] (1 : Int64.t)} (fun (_ret':Int64.t) -> [ &i <- _ret' ] s2) | s2 = bb4 ] ] ] | bb9 = s0 [ s0 = [ &_0 <- i ] s1 | s1 = return' {_0} ] ] ) - [ & _0 : isize = any_l () - | & n : isize = n - | & i : isize = any_l () + [ & _0 : Int64.t = any_l () + | & n : Int64.t = n + | & i : Int64.t = any_l () | & it : t_Range'0 = any_l () | & _6 : t_Range'0 = any_l () | & iter_old : Snapshot.snap_ty (t_Range'0) = any_l () - | & produced : Snapshot.snap_ty (Seq.seq isize) = any_l () + | & produced : Snapshot.snap_ty (Seq.seq Int64.t) = any_l () | & _17 : t_Option'0 = any_l () | & _18 : borrowed (t_Range'0) = any_l () - | & x : isize = any_l () - | & _21 : Snapshot.snap_ty (Seq.seq isize) = any_l () ] - [ return' (result:isize)-> {[@expl:sum_range ensures] [%#s01_range10] result = n} (! return' {result}) ] + | & x : Int64.t = any_l () + | & _21 : Snapshot.snap_ty (Seq.seq Int64.t) = any_l () ] + [ return' (result:Int64.t)-> {[@expl:sum_range ensures] [%#s01_range10] result = n} (! return' {result}) ] end module M_01_range__qyi16572111325853806140__produces_trans__refines [#"01_range.rs" 51 4 51 90] (* *) let%span s01_range0 = "01_range.rs" 51 4 51 90 let%span s01_range1 = "01_range.rs" 33 12 37 46 + let%span sord2 = "../../../../creusot-contracts/src/logic/ord.rs" 78 39 78 89 + let%span sord3 = "../../../../creusot-contracts/src/logic/ord.rs" 83 39 83 86 + let%span sord4 = "../../../../creusot-contracts/src/logic/ord.rs" 88 39 88 86 + let%span sord5 = "../../../../creusot-contracts/src/logic/ord.rs" 93 39 93 89 + let%span sord6 = "../../../../creusot-contracts/src/logic/ord.rs" 98 39 98 70 + let%span sord7 = "../../../../creusot-contracts/src/logic/ord.rs" 103 40 103 57 + let%span sord8 = "../../../../creusot-contracts/src/logic/ord.rs" 104 40 104 57 + let%span sord9 = "../../../../creusot-contracts/src/logic/ord.rs" 105 39 105 56 + let%span sord10 = "../../../../creusot-contracts/src/logic/ord.rs" 110 40 110 70 + let%span sord11 = "../../../../creusot-contracts/src/logic/ord.rs" 111 39 111 72 + let%span sord12 = "../../../../creusot-contracts/src/logic/ord.rs" 116 40 116 73 + let%span sord13 = "../../../../creusot-contracts/src/logic/ord.rs" 117 39 117 69 + let%span sord14 = "../../../../creusot-contracts/src/logic/ord.rs" 122 39 122 84 + let%span sord15 = "../../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int - use prelude.prelude.IntSize + use prelude.prelude.Int64 type t_Range'0 = - { t_Range__start'0: isize; t_Range__end'0: isize } + { t_Range__start'0: Int64.t; t_Range__end'0: Int64.t } use seq.Seq - use prelude.prelude.Int + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 + + use prelude.prelude.Int64 + + function cmp_log'0 (self : Int64.t) (o : Int64.t) : t_Ordering'0 = + [%#sord15] if Int64.slt self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + + function eq_cmp'0 (x : Int64.t) (y : Int64.t) : () + + axiom eq_cmp'0_spec : forall x : Int64.t, y : Int64.t . [%#sord14] (x = y) = (cmp_log'0 x y = C_Equal'0) + + function antisym2'0 (x : Int64.t) (y : Int64.t) : () + + axiom antisym2'0_spec : forall x : Int64.t, y : Int64.t . ([%#sord12] cmp_log'0 x y = C_Greater'0) + -> ([%#sord13] cmp_log'0 y x = C_Less'0) + + function antisym1'0 (x : Int64.t) (y : Int64.t) : () + + axiom antisym1'0_spec : forall x : Int64.t, y : Int64.t . ([%#sord10] cmp_log'0 x y = C_Less'0) + -> ([%#sord11] cmp_log'0 y x = C_Greater'0) + + function trans'0 (x : Int64.t) (y : Int64.t) (z : Int64.t) (o : t_Ordering'0) : () + + axiom trans'0_spec : forall x : Int64.t, y : Int64.t, z : Int64.t, o : t_Ordering'0 . ([%#sord7] cmp_log'0 x y = o) + -> ([%#sord8] cmp_log'0 y z = o) -> ([%#sord9] cmp_log'0 x z = o) + + function refl'0 (x : Int64.t) : () + + axiom refl'0_spec : forall x : Int64.t . [%#sord6] cmp_log'0 x x = C_Equal'0 + + use prelude.prelude.Int64 + + function cmp_gt_log'0 (x : Int64.t) (y : Int64.t) : () + + axiom cmp_gt_log'0_spec : forall x : Int64.t, y : Int64.t . [%#sord5] Int64.sgt x y = (cmp_log'0 x y = C_Greater'0) + + use prelude.prelude.Int64 + + function cmp_ge_log'0 (x : Int64.t) (y : Int64.t) : () + + axiom cmp_ge_log'0_spec : forall x : Int64.t, y : Int64.t . [%#sord4] Int64.sge x y = (cmp_log'0 x y <> C_Less'0) + + function cmp_lt_log'0 (x : Int64.t) (y : Int64.t) : () + + axiom cmp_lt_log'0_spec : forall x : Int64.t, y : Int64.t . [%#sord3] Int64.slt x y = (cmp_log'0 x y = C_Less'0) + + use prelude.prelude.Int64 + + function cmp_le_log'0 (x : Int64.t) (y : Int64.t) : () + + axiom cmp_le_log'0_spec : forall x : Int64.t, y : Int64.t . [%#sord2] Int64.sle x y = (cmp_log'0 x y <> C_Greater'0) use seq.Seq - use prelude.prelude.IntSize + use prelude.prelude.Int64 use seq.Seq - predicate produces'0 [#"01_range.rs" 31 4 31 64] (self : t_Range'0) (visited : Seq.seq isize) (o : t_Range'0) = + predicate produces'0 [#"01_range.rs" 31 4 31 64] (self : t_Range'0) (visited : Seq.seq Int64.t) (o : t_Range'0) = [%#s01_range1] self.t_Range__end'0 = o.t_Range__end'0 - /\ self.t_Range__start'0 <= o.t_Range__start'0 - /\ (Seq.length visited > 0 -> o.t_Range__start'0 <= o.t_Range__end'0) - /\ Seq.length visited = IntSize.to_int o.t_Range__start'0 - IntSize.to_int self.t_Range__start'0 + /\ Int64.sle self.t_Range__start'0 o.t_Range__start'0 + /\ (Seq.length visited > 0 -> Int64.sle o.t_Range__start'0 o.t_Range__end'0) + /\ Seq.length visited = Int64.to_int o.t_Range__start'0 - Int64.to_int self.t_Range__start'0 /\ (forall i : int . 0 <= i /\ i < Seq.length visited - -> IntSize.to_int (Seq.get visited i) = IntSize.to_int self.t_Range__start'0 + i) + -> Int64.to_int (Seq.get visited i) = Int64.to_int self.t_Range__start'0 + i) predicate inv'0 (_1 : t_Range'0) @@ -382,7 +732,7 @@ module M_01_range__qyi16572111325853806140__produces_trans__refines [#"01_range. use seq.Seq - goal refines : [%#s01_range0] forall a : t_Range'0 . forall ab : Seq.seq isize . forall b : t_Range'0 . forall bc : Seq.seq isize . forall c : t_Range'0 . produces'0 b bc c + goal refines : [%#s01_range0] forall a : t_Range'0 . forall ab : Seq.seq Int64.t . forall b : t_Range'0 . forall bc : Seq.seq Int64.t . forall c : t_Range'0 . produces'0 b bc c /\ produces'0 a ab b /\ inv'0 c /\ inv'0 b /\ inv'0 a -> produces'0 b bc c /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) @@ -392,13 +742,29 @@ module M_01_range__qyi16572111325853806140__next__refines [#"01_range.rs" 57 4 5 let%span s01_range1 = "01_range.rs" 25 12 25 52 let%span s01_range2 = "01_range.rs" 33 12 37 46 let%span sresolve3 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 + let%span sord4 = "../../../../creusot-contracts/src/logic/ord.rs" 78 39 78 89 + let%span sord5 = "../../../../creusot-contracts/src/logic/ord.rs" 83 39 83 86 + let%span sord6 = "../../../../creusot-contracts/src/logic/ord.rs" 88 39 88 86 + let%span sord7 = "../../../../creusot-contracts/src/logic/ord.rs" 93 39 93 89 + let%span sord8 = "../../../../creusot-contracts/src/logic/ord.rs" 98 39 98 70 + let%span sord9 = "../../../../creusot-contracts/src/logic/ord.rs" 103 40 103 57 + let%span sord10 = "../../../../creusot-contracts/src/logic/ord.rs" 104 40 104 57 + let%span sord11 = "../../../../creusot-contracts/src/logic/ord.rs" 105 39 105 56 + let%span sord12 = "../../../../creusot-contracts/src/logic/ord.rs" 110 40 110 70 + let%span sord13 = "../../../../creusot-contracts/src/logic/ord.rs" 111 39 111 72 + let%span sord14 = "../../../../creusot-contracts/src/logic/ord.rs" 116 40 116 73 + let%span sord15 = "../../../../creusot-contracts/src/logic/ord.rs" 117 39 117 69 + let%span sord16 = "../../../../creusot-contracts/src/logic/ord.rs" 122 39 122 84 + let%span sord17 = "../../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 use prelude.prelude.Borrow - use prelude.prelude.IntSize + use prelude.prelude.Int + + use prelude.prelude.Int64 type t_Range'0 = - { t_Range__start'0: isize; t_Range__end'0: isize } + { t_Range__start'0: Int64.t; t_Range__end'0: Int64.t } predicate inv'0 (_1 : borrowed (t_Range'0)) @@ -406,15 +772,68 @@ module M_01_range__qyi16572111325853806140__next__refines [#"01_range.rs" 57 4 5 type t_Option'0 = | C_None'0 - | C_Some'0 isize + | C_Some'0 Int64.t predicate resolve'0 (self : borrowed (t_Range'0)) = [%#sresolve3] self.final = self.current - use prelude.prelude.Int + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 + + use prelude.prelude.Int64 + + function cmp_log'0 (self : Int64.t) (o : Int64.t) : t_Ordering'0 = + [%#sord17] if Int64.slt self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + + function eq_cmp'0 (x : Int64.t) (y : Int64.t) : () + + axiom eq_cmp'0_spec : forall x : Int64.t, y : Int64.t . [%#sord16] (x = y) = (cmp_log'0 x y = C_Equal'0) + + function antisym2'0 (x : Int64.t) (y : Int64.t) : () + + axiom antisym2'0_spec : forall x : Int64.t, y : Int64.t . ([%#sord14] cmp_log'0 x y = C_Greater'0) + -> ([%#sord15] cmp_log'0 y x = C_Less'0) + + function antisym1'0 (x : Int64.t) (y : Int64.t) : () + + axiom antisym1'0_spec : forall x : Int64.t, y : Int64.t . ([%#sord12] cmp_log'0 x y = C_Less'0) + -> ([%#sord13] cmp_log'0 y x = C_Greater'0) + + function trans'0 (x : Int64.t) (y : Int64.t) (z : Int64.t) (o : t_Ordering'0) : () + + axiom trans'0_spec : forall x : Int64.t, y : Int64.t, z : Int64.t, o : t_Ordering'0 . ([%#sord9] cmp_log'0 x y = o) + -> ([%#sord10] cmp_log'0 y z = o) -> ([%#sord11] cmp_log'0 x z = o) + + function refl'0 (x : Int64.t) : () + + axiom refl'0_spec : forall x : Int64.t . [%#sord8] cmp_log'0 x x = C_Equal'0 + + use prelude.prelude.Int64 + + function cmp_gt_log'0 (x : Int64.t) (y : Int64.t) : () + + axiom cmp_gt_log'0_spec : forall x : Int64.t, y : Int64.t . [%#sord7] Int64.sgt x y = (cmp_log'0 x y = C_Greater'0) + + use prelude.prelude.Int64 + + function cmp_ge_log'0 (x : Int64.t) (y : Int64.t) : () + + axiom cmp_ge_log'0_spec : forall x : Int64.t, y : Int64.t . [%#sord6] Int64.sge x y = (cmp_log'0 x y <> C_Less'0) + + function cmp_lt_log'0 (x : Int64.t) (y : Int64.t) : () + + axiom cmp_lt_log'0_spec : forall x : Int64.t, y : Int64.t . [%#sord5] Int64.slt x y = (cmp_log'0 x y = C_Less'0) + + use prelude.prelude.Int64 + + function cmp_le_log'0 (x : Int64.t) (y : Int64.t) : () + + axiom cmp_le_log'0_spec : forall x : Int64.t, y : Int64.t . [%#sord4] Int64.sle x y = (cmp_log'0 x y <> C_Greater'0) predicate completed'0 [#"01_range.rs" 23 4 23 35] (self : borrowed (t_Range'0)) = - [%#s01_range1] resolve'0 self /\ (self.current).t_Range__start'0 >= (self.current).t_Range__end'0 + [%#s01_range1] resolve'0 self /\ Int64.sge (self.current).t_Range__start'0 (self.current).t_Range__end'0 use seq.Seq @@ -422,17 +841,17 @@ module M_01_range__qyi16572111325853806140__next__refines [#"01_range.rs" 57 4 5 use seq.Seq - use prelude.prelude.IntSize + use prelude.prelude.Int64 use seq.Seq - predicate produces'0 [#"01_range.rs" 31 4 31 64] (self : t_Range'0) (visited : Seq.seq isize) (o : t_Range'0) = + predicate produces'0 [#"01_range.rs" 31 4 31 64] (self : t_Range'0) (visited : Seq.seq Int64.t) (o : t_Range'0) = [%#s01_range2] self.t_Range__end'0 = o.t_Range__end'0 - /\ self.t_Range__start'0 <= o.t_Range__start'0 - /\ (Seq.length visited > 0 -> o.t_Range__start'0 <= o.t_Range__end'0) - /\ Seq.length visited = IntSize.to_int o.t_Range__start'0 - IntSize.to_int self.t_Range__start'0 + /\ Int64.sle self.t_Range__start'0 o.t_Range__start'0 + /\ (Seq.length visited > 0 -> Int64.sle o.t_Range__start'0 o.t_Range__end'0) + /\ Seq.length visited = Int64.to_int o.t_Range__start'0 - Int64.to_int self.t_Range__start'0 /\ (forall i : int . 0 <= i /\ i < Seq.length visited - -> IntSize.to_int (Seq.get visited i) = IntSize.to_int self.t_Range__start'0 + i) + -> Int64.to_int (Seq.get visited i) = Int64.to_int self.t_Range__start'0 + i) predicate inv'1 (_1 : t_Option'0) @@ -452,11 +871,27 @@ end module M_01_range__qyi16572111325853806140__produces_refl__refines [#"01_range.rs" 44 4 44 26] (* *) let%span s01_range0 = "01_range.rs" 44 4 44 26 let%span s01_range1 = "01_range.rs" 33 12 37 46 + let%span sord2 = "../../../../creusot-contracts/src/logic/ord.rs" 78 39 78 89 + let%span sord3 = "../../../../creusot-contracts/src/logic/ord.rs" 83 39 83 86 + let%span sord4 = "../../../../creusot-contracts/src/logic/ord.rs" 88 39 88 86 + let%span sord5 = "../../../../creusot-contracts/src/logic/ord.rs" 93 39 93 89 + let%span sord6 = "../../../../creusot-contracts/src/logic/ord.rs" 98 39 98 70 + let%span sord7 = "../../../../creusot-contracts/src/logic/ord.rs" 103 40 103 57 + let%span sord8 = "../../../../creusot-contracts/src/logic/ord.rs" 104 40 104 57 + let%span sord9 = "../../../../creusot-contracts/src/logic/ord.rs" 105 39 105 56 + let%span sord10 = "../../../../creusot-contracts/src/logic/ord.rs" 110 40 110 70 + let%span sord11 = "../../../../creusot-contracts/src/logic/ord.rs" 111 39 111 72 + let%span sord12 = "../../../../creusot-contracts/src/logic/ord.rs" 116 40 116 73 + let%span sord13 = "../../../../creusot-contracts/src/logic/ord.rs" 117 39 117 69 + let%span sord14 = "../../../../creusot-contracts/src/logic/ord.rs" 122 39 122 84 + let%span sord15 = "../../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int - use prelude.prelude.IntSize + use prelude.prelude.Int64 type t_Range'0 = - { t_Range__start'0: isize; t_Range__end'0: isize } + { t_Range__start'0: Int64.t; t_Range__end'0: Int64.t } predicate inv'0 (_1 : t_Range'0) @@ -466,23 +901,76 @@ module M_01_range__qyi16572111325853806140__produces_refl__refines [#"01_range.r use seq.Seq - use prelude.prelude.Int + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 + + use prelude.prelude.Int64 + + function cmp_log'0 (self : Int64.t) (o : Int64.t) : t_Ordering'0 = + [%#sord15] if Int64.slt self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + + function eq_cmp'0 (x : Int64.t) (y : Int64.t) : () + + axiom eq_cmp'0_spec : forall x : Int64.t, y : Int64.t . [%#sord14] (x = y) = (cmp_log'0 x y = C_Equal'0) + + function antisym2'0 (x : Int64.t) (y : Int64.t) : () + + axiom antisym2'0_spec : forall x : Int64.t, y : Int64.t . ([%#sord12] cmp_log'0 x y = C_Greater'0) + -> ([%#sord13] cmp_log'0 y x = C_Less'0) + + function antisym1'0 (x : Int64.t) (y : Int64.t) : () + + axiom antisym1'0_spec : forall x : Int64.t, y : Int64.t . ([%#sord10] cmp_log'0 x y = C_Less'0) + -> ([%#sord11] cmp_log'0 y x = C_Greater'0) + + function trans'0 (x : Int64.t) (y : Int64.t) (z : Int64.t) (o : t_Ordering'0) : () + + axiom trans'0_spec : forall x : Int64.t, y : Int64.t, z : Int64.t, o : t_Ordering'0 . ([%#sord7] cmp_log'0 x y = o) + -> ([%#sord8] cmp_log'0 y z = o) -> ([%#sord9] cmp_log'0 x z = o) + + function refl'0 (x : Int64.t) : () + + axiom refl'0_spec : forall x : Int64.t . [%#sord6] cmp_log'0 x x = C_Equal'0 + + use prelude.prelude.Int64 + + function cmp_gt_log'0 (x : Int64.t) (y : Int64.t) : () + + axiom cmp_gt_log'0_spec : forall x : Int64.t, y : Int64.t . [%#sord5] Int64.sgt x y = (cmp_log'0 x y = C_Greater'0) + + use prelude.prelude.Int64 + + function cmp_ge_log'0 (x : Int64.t) (y : Int64.t) : () + + axiom cmp_ge_log'0_spec : forall x : Int64.t, y : Int64.t . [%#sord4] Int64.sge x y = (cmp_log'0 x y <> C_Less'0) + + function cmp_lt_log'0 (x : Int64.t) (y : Int64.t) : () + + axiom cmp_lt_log'0_spec : forall x : Int64.t, y : Int64.t . [%#sord3] Int64.slt x y = (cmp_log'0 x y = C_Less'0) + + use prelude.prelude.Int64 + + function cmp_le_log'0 (x : Int64.t) (y : Int64.t) : () + + axiom cmp_le_log'0_spec : forall x : Int64.t, y : Int64.t . [%#sord2] Int64.sle x y = (cmp_log'0 x y <> C_Greater'0) use seq.Seq - use prelude.prelude.IntSize + use prelude.prelude.Int64 use seq.Seq - predicate produces'0 [#"01_range.rs" 31 4 31 64] (self : t_Range'0) (visited : Seq.seq isize) (o : t_Range'0) = + predicate produces'0 [#"01_range.rs" 31 4 31 64] (self : t_Range'0) (visited : Seq.seq Int64.t) (o : t_Range'0) = [%#s01_range1] self.t_Range__end'0 = o.t_Range__end'0 - /\ self.t_Range__start'0 <= o.t_Range__start'0 - /\ (Seq.length visited > 0 -> o.t_Range__start'0 <= o.t_Range__end'0) - /\ Seq.length visited = IntSize.to_int o.t_Range__start'0 - IntSize.to_int self.t_Range__start'0 + /\ Int64.sle self.t_Range__start'0 o.t_Range__start'0 + /\ (Seq.length visited > 0 -> Int64.sle o.t_Range__start'0 o.t_Range__end'0) + /\ Seq.length visited = Int64.to_int o.t_Range__start'0 - Int64.to_int self.t_Range__start'0 /\ (forall i : int . 0 <= i /\ i < Seq.length visited - -> IntSize.to_int (Seq.get visited i) = IntSize.to_int self.t_Range__start'0 + i) + -> Int64.to_int (Seq.get visited i) = Int64.to_int self.t_Range__start'0 + i) goal refines : [%#s01_range0] forall self : t_Range'0 . inv'0 self - -> (forall result : () . produces'0 self (Seq.empty : Seq.seq isize) self - -> produces'0 self (Seq.empty : Seq.seq isize) self) + -> (forall result : () . produces'0 self (Seq.empty : Seq.seq Int64.t) self + -> produces'0 self (Seq.empty : Seq.seq Int64.t) self) end diff --git a/creusot/tests/should_succeed/iterators/02_iter_mut.coma b/creusot/tests/should_succeed/iterators/02_iter_mut.coma index 61538e73a8..185e8105cc 100644 --- a/creusot/tests/should_succeed/iterators/02_iter_mut.coma +++ b/creusot/tests/should_succeed/iterators/02_iter_mut.coma @@ -4,8 +4,8 @@ module M_02_iter_mut__qyi4305820612590367313__produces_refl [#"02_iter_mut.rs" 5 let%span s02_iter_mut2 = "02_iter_mut.rs" 47 4 47 10 let%span s02_iter_mut3 = "02_iter_mut.rs" 39 12 43 13 let%span smodel4 = "../../../../creusot-contracts/src/model.rs" 106 8 106 22 - let%span sslice5 = "../../../../creusot-contracts/src/std/slice.rs" 87 14 87 41 - let%span sslice6 = "../../../../creusot-contracts/src/std/slice.rs" 88 14 88 84 + let%span sslice5 = "../../../../creusot-contracts/src/std/slice.rs" 105 14 105 41 + let%span sslice6 = "../../../../creusot-contracts/src/std/slice.rs" 106 14 106 84 let%span s02_iter_mut7 = "02_iter_mut.rs" 22 20 22 64 let%span sslice8 = "../../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 let%span sslice9 = "../../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 @@ -17,7 +17,7 @@ module M_02_iter_mut__qyi4305820612590367313__produces_refl [#"02_iter_mut.rs" 5 use prelude.prelude.Borrow - use prelude.prelude.Slice + use Slice64.create type t_T'0 @@ -26,23 +26,23 @@ module M_02_iter_mut__qyi4305820612590367313__produces_refl [#"02_iter_mut.rs" 5 use seq.Seq - use prelude.prelude.UIntSize + use prelude.prelude.Int - constant v_MAX'0 : usize = (18446744073709551615 : usize) + use prelude.prelude.UInt64 - use prelude.prelude.UIntSize + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.Int + use prelude.prelude.UInt64 - use prelude.prelude.Slice + use prelude.prelude.Slice64 use seq.Seq function view'1 (self : slice t_T'0) : Seq.seq t_T'0 axiom view'1_spec : forall self : slice t_T'0 . ([%#sslice8] Seq.length (view'1 self) - <= UIntSize.to_int (v_MAX'0 : usize)) - && ([%#sslice9] view'1 self = Slice.id self) + <= UInt64.to_uint (v_MAX'0 : UInt64.t)) + && ([%#sslice9] view'1 self = Slice64.id self) predicate invariant'0 [#"02_iter_mut.rs" 20 4 20 30] (self : t_IterMut'0) = [%#s02_iter_mut7] Seq.length (view'1 (self.t_IterMut__inner'0).final) @@ -142,8 +142,8 @@ module M_02_iter_mut__qyi4305820612590367313__produces_trans [#"02_iter_mut.rs" let%span s02_iter_mut6 = "02_iter_mut.rs" 53 4 53 10 let%span s02_iter_mut7 = "02_iter_mut.rs" 39 12 43 13 let%span smodel8 = "../../../../creusot-contracts/src/model.rs" 106 8 106 22 - let%span sslice9 = "../../../../creusot-contracts/src/std/slice.rs" 87 14 87 41 - let%span sslice10 = "../../../../creusot-contracts/src/std/slice.rs" 88 14 88 84 + let%span sslice9 = "../../../../creusot-contracts/src/std/slice.rs" 105 14 105 41 + let%span sslice10 = "../../../../creusot-contracts/src/std/slice.rs" 106 14 106 84 let%span s02_iter_mut11 = "02_iter_mut.rs" 22 20 22 64 let%span sslice12 = "../../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 let%span sslice13 = "../../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 @@ -155,7 +155,7 @@ module M_02_iter_mut__qyi4305820612590367313__produces_trans [#"02_iter_mut.rs" use prelude.prelude.Borrow - use prelude.prelude.Slice + use Slice64.create type t_T'0 @@ -164,23 +164,23 @@ module M_02_iter_mut__qyi4305820612590367313__produces_trans [#"02_iter_mut.rs" use seq.Seq - use prelude.prelude.UIntSize + use prelude.prelude.Int - constant v_MAX'0 : usize = (18446744073709551615 : usize) + use prelude.prelude.UInt64 - use prelude.prelude.UIntSize + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.Int + use prelude.prelude.UInt64 - use prelude.prelude.Slice + use prelude.prelude.Slice64 use seq.Seq function view'1 (self : slice t_T'0) : Seq.seq t_T'0 axiom view'1_spec : forall self : slice t_T'0 . ([%#sslice12] Seq.length (view'1 self) - <= UIntSize.to_int (v_MAX'0 : usize)) - && ([%#sslice13] view'1 self = Slice.id self) + <= UInt64.to_uint (v_MAX'0 : UInt64.t)) + && ([%#sslice13] view'1 self = Slice64.id self) predicate invariant'0 [#"02_iter_mut.rs" 20 4 20 30] (self : t_IterMut'0) = [%#s02_iter_mut11] Seq.length (view'1 (self.t_IterMut__inner'0).final) @@ -284,7 +284,7 @@ module M_02_iter_mut__qyi4305820612590367313__next [#"02_iter_mut.rs" 67 4 67 44 let%span s02_iter_mut0 = "02_iter_mut.rs" 67 17 67 21 let%span s02_iter_mut1 = "02_iter_mut.rs" 67 26 67 44 let%span s02_iter_mut2 = "02_iter_mut.rs" 63 14 66 5 - let%span sslice3 = "../../../../creusot-contracts/src/std/slice.rs" 291 18 298 9 + let%span sslice3 = "../../../../creusot-contracts/src/std/slice.rs" 309 18 316 9 let%span s02_iter_mut4 = "02_iter_mut.rs" 32 8 32 76 let%span s02_iter_mut5 = "02_iter_mut.rs" 39 12 43 13 let%span sops6 = "../../../../creusot-contracts/src/logic/ops.rs" 42 8 42 31 @@ -293,8 +293,8 @@ module M_02_iter_mut__qyi4305820612590367313__next [#"02_iter_mut.rs" 67 4 67 44 let%span sseq9 = "../../../../creusot-contracts/src/logic/seq.rs" 106 8 106 39 let%span sresolve10 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 let%span smodel11 = "../../../../creusot-contracts/src/model.rs" 106 8 106 22 - let%span sslice12 = "../../../../creusot-contracts/src/std/slice.rs" 87 14 87 41 - let%span sslice13 = "../../../../creusot-contracts/src/std/slice.rs" 88 14 88 84 + let%span sslice12 = "../../../../creusot-contracts/src/std/slice.rs" 105 14 105 41 + let%span sslice13 = "../../../../creusot-contracts/src/std/slice.rs" 106 14 106 84 let%span sinvariant14 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 let%span sslice15 = "../../../../creusot-contracts/src/std/slice.rs" 18 20 18 30 let%span s02_iter_mut16 = "02_iter_mut.rs" 22 20 22 64 @@ -303,29 +303,29 @@ module M_02_iter_mut__qyi4305820612590367313__next [#"02_iter_mut.rs" 67 4 67 44 use prelude.prelude.Borrow - use prelude.prelude.Slice + use Slice64.create type t_T'0 use seq.Seq - use prelude.prelude.UIntSize + use prelude.prelude.Int - constant v_MAX'0 : usize = (18446744073709551615 : usize) + use prelude.prelude.UInt64 - use prelude.prelude.UIntSize + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.Int + use prelude.prelude.UInt64 - use prelude.prelude.Slice + use prelude.prelude.Slice64 use seq.Seq function view'0 (self : slice t_T'0) : Seq.seq t_T'0 axiom view'0_spec : forall self : slice t_T'0 . ([%#sslice7] Seq.length (view'0 self) - <= UIntSize.to_int (v_MAX'0 : usize)) - && ([%#sslice8] view'0 self = Slice.id self) + <= UInt64.to_uint (v_MAX'0 : UInt64.t)) + && ([%#sslice8] view'0 self = Slice64.id self) use seq.Seq @@ -532,7 +532,7 @@ module M_02_iter_mut__qyi7060081090368749043__into_iter [#"02_iter_mut.rs" 74 4 use prelude.prelude.Borrow - use prelude.prelude.Slice + use Slice64.create type t_T'0 @@ -543,23 +543,23 @@ module M_02_iter_mut__qyi7060081090368749043__into_iter [#"02_iter_mut.rs" 74 4 use seq.Seq - use prelude.prelude.UIntSize + use prelude.prelude.Int - constant v_MAX'0 : usize = (18446744073709551615 : usize) + use prelude.prelude.UInt64 - use prelude.prelude.UIntSize + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.Int + use prelude.prelude.UInt64 - use prelude.prelude.Slice + use prelude.prelude.Slice64 use seq.Seq function view'0 (self : slice t_T'0) : Seq.seq t_T'0 axiom view'0_spec : forall self : slice t_T'0 . ([%#sslice4] Seq.length (view'0 self) - <= UIntSize.to_int (v_MAX'0 : usize)) - && ([%#sslice5] view'0 self = Slice.id self) + <= UInt64.to_uint (v_MAX'0 : UInt64.t)) + && ([%#sslice5] view'0 self = Slice64.id self) predicate invariant'0 [#"02_iter_mut.rs" 20 4 20 30] (self : t_IterMut'0) = [%#s02_iter_mut3] Seq.length (view'0 (self.t_IterMut__inner'0).final) @@ -631,9 +631,9 @@ module M_02_iter_mut__iter_mut [#"02_iter_mut.rs" 82 0 82 55] let%span sslice11 = "../../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 let%span sslice12 = "../../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 let%span svec13 = "../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - let%span sslice14 = "../../../../creusot-contracts/src/std/slice.rs" 209 20 209 24 - let%span sslice15 = "../../../../creusot-contracts/src/std/slice.rs" 215 20 215 31 - let%span sslice16 = "../../../../creusot-contracts/src/std/slice.rs" 221 20 221 24 + let%span sslice14 = "../../../../creusot-contracts/src/std/slice.rs" 227 20 227 24 + let%span sslice15 = "../../../../creusot-contracts/src/std/slice.rs" 233 20 233 31 + let%span sslice16 = "../../../../creusot-contracts/src/std/slice.rs" 239 20 239 24 let%span sresolve17 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 let%span svec18 = "../../../../creusot-contracts/src/std/vec.rs" 65 20 65 41 let%span sslice19 = "../../../../creusot-contracts/src/std/slice.rs" 18 20 18 30 @@ -652,24 +652,24 @@ module M_02_iter_mut__iter_mut [#"02_iter_mut.rs" 82 0 82 55] type t_Unique'0 = { t_Unique__pointer'0: t_NonNull'0; t_Unique__qy95zmarker'0: () } - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 type t_Cap'0 = - { t_Cap__0'0: usize } + { t_Cap__0'0: UInt64.t } type t_RawVec'0 = { t_RawVec__ptr'0: t_Unique'0; t_RawVec__cap'0: t_Cap'0; t_RawVec__alloc'0: () } type t_Vec'0 = - { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: usize } + { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: UInt64.t } use seq.Seq - constant v_MAX'0 : usize = (18446744073709551615 : usize) - - use prelude.prelude.UIntSize + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.Int + use prelude.prelude.UInt64 type t_T'0 @@ -677,7 +677,7 @@ module M_02_iter_mut__iter_mut [#"02_iter_mut.rs" 82 0 82 55] function view'3 (self : t_Vec'0) : Seq.seq t_T'0 - axiom view'3_spec : forall self : t_Vec'0 . [%#svec13] Seq.length (view'3 self) <= UIntSize.to_int (v_MAX'0 : usize) + axiom view'3_spec : forall self : t_Vec'0 . [%#svec13] Seq.length (view'3 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) use seq.Seq @@ -721,15 +721,15 @@ module M_02_iter_mut__iter_mut [#"02_iter_mut.rs" 82 0 82 55] predicate in_bounds'0 (self : ()) (_seq : Seq.seq t_T'0) = [%#sslice14] true - use prelude.prelude.Slice + use Slice64.create - use prelude.prelude.Slice + use prelude.prelude.Slice64 function view'2 (self : slice t_T'0) : Seq.seq t_T'0 axiom view'2_spec : forall self : slice t_T'0 . ([%#sslice11] Seq.length (view'2 self) - <= UIntSize.to_int (v_MAX'0 : usize)) - && ([%#sslice12] view'2 self = Slice.id self) + <= UInt64.to_uint (v_MAX'0 : UInt64.t)) + && ([%#sslice12] view'2 self = Slice64.id self) predicate invariant'1 (self : slice t_T'0) = [%#sslice19] inv'6 (view'2 self) @@ -889,8 +889,8 @@ module M_02_iter_mut__all_zero [#"02_iter_mut.rs" 88 0 88 35] let%span s02_iter_mut34 = "02_iter_mut.rs" 59 15 59 32 let%span s02_iter_mut35 = "02_iter_mut.rs" 60 14 60 42 let%span s02_iter_mut36 = "02_iter_mut.rs" 53 4 53 10 - let%span sslice37 = "../../../../creusot-contracts/src/std/slice.rs" 87 14 87 41 - let%span sslice38 = "../../../../creusot-contracts/src/std/slice.rs" 88 14 88 84 + let%span sslice37 = "../../../../creusot-contracts/src/std/slice.rs" 105 14 105 41 + let%span sslice38 = "../../../../creusot-contracts/src/std/slice.rs" 106 14 106 84 let%span s02_iter_mut39 = "02_iter_mut.rs" 32 8 32 76 let%span sresolve40 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 let%span sops41 = "../../../../creusot-contracts/src/logic/ops.rs" 42 8 42 31 @@ -907,43 +907,43 @@ module M_02_iter_mut__all_zero [#"02_iter_mut.rs" 88 0 88 35] type t_Unique'0 = { t_Unique__pointer'0: t_NonNull'0; t_Unique__qy95zmarker'0: () } - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 type t_Cap'0 = - { t_Cap__0'0: usize } + { t_Cap__0'0: UInt64.t } type t_RawVec'0 = { t_RawVec__ptr'0: t_Unique'0; t_RawVec__cap'0: t_Cap'0; t_RawVec__alloc'0: () } type t_Vec'0 = - { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: usize } + { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: UInt64.t } predicate inv'1 (_1 : borrowed (t_Vec'0)) axiom inv_axiom'1 [@rewrite] : forall x : borrowed (t_Vec'0) [inv'1 x] . inv'1 x = true - use prelude.prelude.Slice + use Slice64.create type t_IterMut'0 = - { t_IterMut__inner'0: borrowed (slice usize) } + { t_IterMut__inner'0: borrowed (slice UInt64.t) } use seq.Seq - constant v_MAX'0 : usize = (18446744073709551615 : usize) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 - use prelude.prelude.Int - - use prelude.prelude.Slice + use prelude.prelude.Slice64 use seq.Seq - function view'3 (self : slice usize) : Seq.seq usize + function view'3 (self : slice UInt64.t) : Seq.seq UInt64.t - axiom view'3_spec : forall self : slice usize . ([%#sslice25] Seq.length (view'3 self) - <= UIntSize.to_int (v_MAX'0 : usize)) - && ([%#sslice26] view'3 self = Slice.id self) + axiom view'3_spec : forall self : slice UInt64.t . ([%#sslice25] Seq.length (view'3 self) + <= UInt64.to_uint (v_MAX'0 : UInt64.t)) + && ([%#sslice26] view'3 self = Slice64.id self) predicate invariant'0 [#"02_iter_mut.rs" 20 4 20 30] (self : t_IterMut'0) = [%#s02_iter_mut42] Seq.length (view'3 (self.t_IterMut__inner'0).final) @@ -957,14 +957,14 @@ module M_02_iter_mut__all_zero [#"02_iter_mut.rs" 88 0 88 35] | {t_IterMut__inner'0 = inner} -> true end) - function view'2 (self : borrowed (slice usize)) : Seq.seq usize = + function view'2 (self : borrowed (slice UInt64.t)) : Seq.seq UInt64.t = [%#smodel23] view'3 self.current - function view'0 (self : t_Vec'0) : Seq.seq usize + function view'0 (self : t_Vec'0) : Seq.seq UInt64.t - axiom view'0_spec : forall self : t_Vec'0 . [%#svec22] Seq.length (view'0 self) <= UIntSize.to_int (v_MAX'0 : usize) + axiom view'0_spec : forall self : t_Vec'0 . [%#svec22] Seq.length (view'0 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) - function view'1 (self : borrowed (t_Vec'0)) : Seq.seq usize = + function view'1 (self : borrowed (t_Vec'0)) : Seq.seq UInt64.t = [%#smodel23] view'0 self.current let rec iter_mut'0 (v:borrowed (t_Vec'0)) (return' (ret:t_IterMut'0))= {[@expl:iter_mut 'v' type invariant] [%#s02_iter_mut9] inv'1 v} @@ -999,7 +999,7 @@ module M_02_iter_mut__all_zero [#"02_iter_mut.rs" 88 0 88 35] use seq.Seq - function index_logic'0 [@inline:trivial] (self : Snapshot.snap_ty (Seq.seq (borrowed usize))) (ix : int) : borrowed usize + function index_logic'0 [@inline:trivial] (self : Snapshot.snap_ty (Seq.seq (borrowed UInt64.t))) (ix : int) : borrowed UInt64.t = [%#sops17] Seq.get (Snapshot.inner self) ix @@ -1012,18 +1012,18 @@ module M_02_iter_mut__all_zero [#"02_iter_mut.rs" 88 0 88 35] use seq.Seq - function index_logic'2 [@inline:trivial] (self : slice usize) (ix : int) : usize = + function index_logic'2 [@inline:trivial] (self : slice UInt64.t) (ix : int) : UInt64.t = [%#sops41] Seq.get (view'3 self) ix - function to_mut_seq'0 (self : borrowed (slice usize)) : Seq.seq (borrowed usize) + function to_mut_seq'0 (self : borrowed (slice UInt64.t)) : Seq.seq (borrowed UInt64.t) - axiom to_mut_seq'0_spec : forall self : borrowed (slice usize) . ([%#sslice37] Seq.length (to_mut_seq'0 self) + axiom to_mut_seq'0_spec : forall self : borrowed (slice UInt64.t) . ([%#sslice37] Seq.length (to_mut_seq'0 self) = Seq.length (view'2 self)) && ([%#sslice38] forall i : int . 0 <= i /\ i < Seq.length (to_mut_seq'0 self) -> Seq.get (to_mut_seq'0 self) i = Borrow.borrow_logic (index_logic'2 self.current i) (index_logic'2 self.final i) (Borrow.inherit_id (Borrow.get_id self) i)) - predicate produces'0 [#"02_iter_mut.rs" 37 4 37 65] (self : t_IterMut'0) (visited : Seq.seq (borrowed usize)) (tl : t_IterMut'0) + predicate produces'0 [#"02_iter_mut.rs" 37 4 37 65] (self : t_IterMut'0) (visited : Seq.seq (borrowed UInt64.t)) (tl : t_IterMut'0) = [%#s02_iter_mut18] Seq.length (view'2 self.t_IterMut__inner'0) @@ -1034,12 +1034,12 @@ module M_02_iter_mut__all_zero [#"02_iter_mut.rs" 88 0 88 35] /\ (Seq.get (to_mut_seq'0 self.t_IterMut__inner'0) i).final = (Seq.get (Seq.(++) visited (to_mut_seq'0 tl.t_IterMut__inner'0)) i).final) - function produces_trans'0 [#"02_iter_mut.rs" 61 4 61 90] (a : t_IterMut'0) (ab : Seq.seq (borrowed usize)) (b : t_IterMut'0) (bc : Seq.seq (borrowed usize)) (c : t_IterMut'0) : () + function produces_trans'0 [#"02_iter_mut.rs" 61 4 61 90] (a : t_IterMut'0) (ab : Seq.seq (borrowed UInt64.t)) (b : t_IterMut'0) (bc : Seq.seq (borrowed UInt64.t)) (c : t_IterMut'0) : () = [%#s02_iter_mut36] () - axiom produces_trans'0_spec : forall a : t_IterMut'0, ab : Seq.seq (borrowed usize), b : t_IterMut'0, bc : Seq.seq (borrowed usize), c : t_IterMut'0 . ([%#s02_iter_mut30] inv'0 a) + axiom produces_trans'0_spec : forall a : t_IterMut'0, ab : Seq.seq (borrowed UInt64.t), b : t_IterMut'0, bc : Seq.seq (borrowed UInt64.t), c : t_IterMut'0 . ([%#s02_iter_mut30] inv'0 a) -> ([%#s02_iter_mut31] inv'0 b) -> ([%#s02_iter_mut32] inv'0 c) -> ([%#s02_iter_mut33] produces'0 a ab b) @@ -1049,7 +1049,7 @@ module M_02_iter_mut__all_zero [#"02_iter_mut.rs" 88 0 88 35] [%#s02_iter_mut29] () axiom produces_refl'0_spec : forall self : t_IterMut'0 . ([%#s02_iter_mut27] inv'0 self) - -> ([%#s02_iter_mut28] produces'0 self (Seq.empty : Seq.seq (borrowed usize)) self) + -> ([%#s02_iter_mut28] produces'0 self (Seq.empty : Seq.seq (borrowed UInt64.t)) self) predicate invariant'1 (self : borrowed (t_IterMut'0)) = [%#sinvariant43] inv'0 self.current /\ inv'0 self.final @@ -1060,13 +1060,13 @@ module M_02_iter_mut__all_zero [#"02_iter_mut.rs" 88 0 88 35] type t_Option'0 = | C_None'0 - | C_Some'0 (borrowed usize) + | C_Some'0 (borrowed UInt64.t) predicate inv'3 (_1 : t_Option'0) axiom inv_axiom'3 [@rewrite] : forall x : t_Option'0 [inv'3 x] . inv'3 x = true - predicate resolve'4 (self : borrowed (slice usize)) = + predicate resolve'4 (self : borrowed (slice UInt64.t)) = [%#sresolve40] self.final = self.current use seq.Seq @@ -1075,7 +1075,7 @@ module M_02_iter_mut__all_zero [#"02_iter_mut.rs" 88 0 88 35] predicate completed'0 [#"02_iter_mut.rs" 31 4 31 35] (self : borrowed (t_IterMut'0)) = [%#s02_iter_mut39] resolve'4 (self.current).t_IterMut__inner'0 - /\ Seq.(==) (view'2 (self.current).t_IterMut__inner'0) (Seq.empty : Seq.seq usize) + /\ Seq.(==) (view'2 (self.current).t_IterMut__inner'0) (Seq.empty : Seq.seq UInt64.t) use seq.Seq @@ -1089,17 +1089,17 @@ module M_02_iter_mut__all_zero [#"02_iter_mut.rs" 88 0 88 35] (! return' {result}) ] - let rec v_Some'0 (input:t_Option'0) (ret (field_0:borrowed usize))= any - [ good (field_0:borrowed usize)-> {C_Some'0 field_0 = input} (! ret {field_0}) - | bad -> {forall field_0 : borrowed usize [C_Some'0 field_0 : t_Option'0] . C_Some'0 field_0 <> input} + let rec v_Some'0 (input:t_Option'0) (ret (field_0:borrowed UInt64.t))= any + [ good (field_0:borrowed UInt64.t)-> {C_Some'0 field_0 = input} (! ret {field_0}) + | bad -> {forall field_0 : borrowed UInt64.t [C_Some'0 field_0 : t_Option'0] . C_Some'0 field_0 <> input} (! {false} any) ] - predicate resolve'2 (self : borrowed usize) = + predicate resolve'2 (self : borrowed UInt64.t) = [%#sresolve40] self.final = self.current - predicate resolve'0 (_1 : borrowed usize) = + predicate resolve'0 (_1 : borrowed UInt64.t) = resolve'2 _1 predicate resolve'3 (self : borrowed (t_Vec'0)) = @@ -1112,7 +1112,7 @@ module M_02_iter_mut__all_zero [#"02_iter_mut.rs" 88 0 88 35] use prelude.prelude.Snapshot - function index_logic'1 [@inline:trivial] (self : t_Vec'0) (ix : int) : usize = + function index_logic'1 [@inline:trivial] (self : t_Vec'0) (ix : int) : UInt64.t = [%#sops24] Seq.get (view'0 self) ix meta "compute_max_steps" 1000000 @@ -1127,14 +1127,14 @@ module M_02_iter_mut__all_zero [#"02_iter_mut.rs" 88 0 88 35] | bb1 = s0 [ s0 = into_iter'0 {_5} (fun (_ret':t_IterMut'0) -> [ &it <- _ret' ] s1) | s1 = bb2 ] | bb2 = s0 [ s0 = [ &iter_old <- [%#s02_iter_mut0] Snapshot.new it ] s1 | s1 = bb3 ] | bb3 = s0 - [ s0 = [ &produced <- [%#s02_iter_mut1] Snapshot.new (Seq.empty : Seq.seq (borrowed usize)) ] s1 | s1 = bb4 ] + [ s0 = [ &produced <- [%#s02_iter_mut1] Snapshot.new (Seq.empty : Seq.seq (borrowed UInt64.t)) ] s1 | s1 = bb4 ] | bb4 = bb5 | bb5 = bb5 [ bb5 = {[@expl:loop invariant #0] [%#s02_iter_mut4] inv'0 it} {[@expl:loop invariant #1] [%#s02_iter_mut3] produces'0 (Snapshot.inner iter_old) (Snapshot.inner produced) it} {[@expl:loop invariant #2] [%#s02_iter_mut2] forall i : int . 0 <= i /\ i < Seq.length (Snapshot.inner produced) - -> UIntSize.to_int (index_logic'0 produced i).final = 0} + -> UInt64.to_uint (index_logic'0 produced i).final = 0} (! s0) [ s0 = bb6 ] [ bb6 = s0 [ s0 = {inv'0 it} @@ -1147,16 +1147,16 @@ module M_02_iter_mut__all_zero [#"02_iter_mut.rs" 88 0 88 35] | s1 = next'0 {_16} (fun (_ret':t_Option'0) -> [ &_15 <- _ret' ] s2) | s2 = bb7 ] - | bb7 = any [ br0 -> {_15 = C_None'0 } (! bb10) | br1 (x0:borrowed usize)-> {_15 = C_Some'0 x0} (! bb9) ] + | bb7 = any [ br0 -> {_15 = C_None'0 } (! bb10) | br1 (x0:borrowed UInt64.t)-> {_15 = C_Some'0 x0} (! bb9) ] | bb9 = bb11 | bb11 = s0 - [ s0 = v_Some'0 {_15} (fun (r0'0:borrowed usize) -> [ &x <- r0'0 ] s1) + [ s0 = v_Some'0 {_15} (fun (r0'0:borrowed UInt64.t) -> [ &x <- r0'0 ] s1) | s1 = [ &_19 <- [%#s02_iter_mut5] Snapshot.new (Seq.(++) (Snapshot.inner produced) (Seq.singleton x)) ] s2 | s2 = bb12 ] | bb12 = s0 [ s0 = [ &produced <- _19 ] s1 - | s1 = [ &x <- { x with current = ([%#s02_iter_mut6] (0 : usize)) } ] s2 + | s1 = [ &x <- { x with current = ([%#s02_iter_mut6] (0 : UInt64.t)) } ] s2 | s2 = -{resolve'0 x}- s3 | s3 = bb5 ] ] @@ -1170,16 +1170,16 @@ module M_02_iter_mut__all_zero [#"02_iter_mut.rs" 88 0 88 35] | & _5 : t_IterMut'0 = any_l () | & _6 : borrowed (t_Vec'0) = any_l () | & iter_old : Snapshot.snap_ty (t_IterMut'0) = any_l () - | & produced : Snapshot.snap_ty (Seq.seq (borrowed usize)) = any_l () + | & produced : Snapshot.snap_ty (Seq.seq (borrowed UInt64.t)) = any_l () | & _15 : t_Option'0 = any_l () | & _16 : borrowed (t_IterMut'0) = any_l () - | & x : borrowed usize = any_l () - | & _19 : Snapshot.snap_ty (Seq.seq (borrowed usize)) = any_l () ] + | & x : borrowed UInt64.t = any_l () + | & _19 : Snapshot.snap_ty (Seq.seq (borrowed UInt64.t)) = any_l () ] [ return' (result:())-> {[@expl:all_zero ensures #0] [%#s02_iter_mut7] Seq.length (view'0 v.final) = Seq.length (view'1 v)} {[@expl:all_zero ensures #1] [%#s02_iter_mut8] forall i : int . 0 <= i /\ i < Seq.length (view'1 v) - -> UIntSize.to_int (index_logic'1 v.final i) = 0} + -> UInt64.to_uint (index_logic'1 v.final i) = 0} (! return' {result}) ] end @@ -1187,8 +1187,8 @@ module M_02_iter_mut__qyi4305820612590367313__produces_trans__refines [#"02_iter let%span s02_iter_mut0 = "02_iter_mut.rs" 61 4 61 90 let%span s02_iter_mut1 = "02_iter_mut.rs" 39 12 43 13 let%span smodel2 = "../../../../creusot-contracts/src/model.rs" 106 8 106 22 - let%span sslice3 = "../../../../creusot-contracts/src/std/slice.rs" 87 14 87 41 - let%span sslice4 = "../../../../creusot-contracts/src/std/slice.rs" 88 14 88 84 + let%span sslice3 = "../../../../creusot-contracts/src/std/slice.rs" 105 14 105 41 + let%span sslice4 = "../../../../creusot-contracts/src/std/slice.rs" 106 14 106 84 let%span sslice5 = "../../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 let%span sslice6 = "../../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 let%span sops7 = "../../../../creusot-contracts/src/logic/ops.rs" 42 8 42 31 @@ -1200,7 +1200,7 @@ module M_02_iter_mut__qyi4305820612590367313__produces_trans__refines [#"02_iter use prelude.prelude.Borrow - use prelude.prelude.Slice + use Slice64.create type t_T'0 @@ -1213,21 +1213,21 @@ module M_02_iter_mut__qyi4305820612590367313__produces_trans__refines [#"02_iter use seq.Seq - use prelude.prelude.UIntSize + use prelude.prelude.Int - constant v_MAX'0 : usize = (18446744073709551615 : usize) + use prelude.prelude.UInt64 - use prelude.prelude.UIntSize + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.Int + use prelude.prelude.UInt64 - use prelude.prelude.Slice + use prelude.prelude.Slice64 function view'1 (self : slice t_T'0) : Seq.seq t_T'0 axiom view'1_spec : forall self : slice t_T'0 . ([%#sslice5] Seq.length (view'1 self) - <= UIntSize.to_int (v_MAX'0 : usize)) - && ([%#sslice6] view'1 self = Slice.id self) + <= UInt64.to_uint (v_MAX'0 : UInt64.t)) + && ([%#sslice6] view'1 self = Slice64.id self) function view'0 (self : borrowed (slice t_T'0)) : Seq.seq t_T'0 = [%#smodel2] view'1 self.current @@ -1319,8 +1319,8 @@ module M_02_iter_mut__qyi4305820612590367313__next__refines [#"02_iter_mut.rs" 6 let%span s02_iter_mut2 = "02_iter_mut.rs" 39 12 43 13 let%span sresolve3 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 let%span smodel4 = "../../../../creusot-contracts/src/model.rs" 106 8 106 22 - let%span sslice5 = "../../../../creusot-contracts/src/std/slice.rs" 87 14 87 41 - let%span sslice6 = "../../../../creusot-contracts/src/std/slice.rs" 88 14 88 84 + let%span sslice5 = "../../../../creusot-contracts/src/std/slice.rs" 105 14 105 41 + let%span sslice6 = "../../../../creusot-contracts/src/std/slice.rs" 106 14 106 84 let%span sinvariant7 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 let%span sslice8 = "../../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 let%span sslice9 = "../../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 @@ -1332,7 +1332,7 @@ module M_02_iter_mut__qyi4305820612590367313__next__refines [#"02_iter_mut.rs" 6 use prelude.prelude.Borrow - use prelude.prelude.Slice + use Slice64.create type t_T'0 @@ -1341,23 +1341,23 @@ module M_02_iter_mut__qyi4305820612590367313__next__refines [#"02_iter_mut.rs" 6 use seq.Seq - use prelude.prelude.UIntSize + use prelude.prelude.Int - constant v_MAX'0 : usize = (18446744073709551615 : usize) + use prelude.prelude.UInt64 - use prelude.prelude.UIntSize + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.Int + use prelude.prelude.UInt64 - use prelude.prelude.Slice + use prelude.prelude.Slice64 use seq.Seq function view'1 (self : slice t_T'0) : Seq.seq t_T'0 axiom view'1_spec : forall self : slice t_T'0 . ([%#sslice8] Seq.length (view'1 self) - <= UIntSize.to_int (v_MAX'0 : usize)) - && ([%#sslice9] view'1 self = Slice.id self) + <= UInt64.to_uint (v_MAX'0 : UInt64.t)) + && ([%#sslice9] view'1 self = Slice64.id self) predicate invariant'2 [#"02_iter_mut.rs" 20 4 20 30] (self : t_IterMut'0) = [%#s02_iter_mut11] Seq.length (view'1 (self.t_IterMut__inner'0).final) @@ -1494,8 +1494,8 @@ module M_02_iter_mut__qyi4305820612590367313__produces_refl__refines [#"02_iter_ let%span s02_iter_mut0 = "02_iter_mut.rs" 51 4 51 26 let%span s02_iter_mut1 = "02_iter_mut.rs" 39 12 43 13 let%span smodel2 = "../../../../creusot-contracts/src/model.rs" 106 8 106 22 - let%span sslice3 = "../../../../creusot-contracts/src/std/slice.rs" 87 14 87 41 - let%span sslice4 = "../../../../creusot-contracts/src/std/slice.rs" 88 14 88 84 + let%span sslice3 = "../../../../creusot-contracts/src/std/slice.rs" 105 14 105 41 + let%span sslice4 = "../../../../creusot-contracts/src/std/slice.rs" 106 14 106 84 let%span s02_iter_mut5 = "02_iter_mut.rs" 22 20 22 64 let%span sslice6 = "../../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 let%span sslice7 = "../../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 @@ -1507,7 +1507,7 @@ module M_02_iter_mut__qyi4305820612590367313__produces_refl__refines [#"02_iter_ use prelude.prelude.Borrow - use prelude.prelude.Slice + use Slice64.create type t_T'0 @@ -1516,23 +1516,23 @@ module M_02_iter_mut__qyi4305820612590367313__produces_refl__refines [#"02_iter_ use seq.Seq - use prelude.prelude.UIntSize + use prelude.prelude.Int - constant v_MAX'0 : usize = (18446744073709551615 : usize) + use prelude.prelude.UInt64 - use prelude.prelude.UIntSize + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.Int + use prelude.prelude.UInt64 - use prelude.prelude.Slice + use prelude.prelude.Slice64 use seq.Seq function view'1 (self : slice t_T'0) : Seq.seq t_T'0 axiom view'1_spec : forall self : slice t_T'0 . ([%#sslice6] Seq.length (view'1 self) - <= UIntSize.to_int (v_MAX'0 : usize)) - && ([%#sslice7] view'1 self = Slice.id self) + <= UInt64.to_uint (v_MAX'0 : UInt64.t)) + && ([%#sslice7] view'1 self = Slice64.id self) predicate invariant'0 [#"02_iter_mut.rs" 20 4 20 30] (self : t_IterMut'0) = [%#s02_iter_mut5] Seq.length (view'1 (self.t_IterMut__inner'0).final) diff --git a/creusot/tests/should_succeed/iterators/03_std_iterators.coma b/creusot/tests/should_succeed/iterators/03_std_iterators.coma index 0bc07d0f33..ce59567f37 100644 --- a/creusot/tests/should_succeed/iterators/03_std_iterators.coma +++ b/creusot/tests/should_succeed/iterators/03_std_iterators.coma @@ -9,22 +9,22 @@ module M_03_std_iterators__slice_iter [#"03_std_iterators.rs" 6 0 6 42] let%span s03_std_iterators7 = "03_std_iterators.rs" 6 21 6 26 let%span s03_std_iterators8 = "03_std_iterators.rs" 4 11 4 30 let%span s03_std_iterators9 = "03_std_iterators.rs" 5 10 5 33 - let%span sslice10 = "../../../../creusot-contracts/src/std/slice.rs" 245 0 354 1 + let%span sslice10 = "../../../../creusot-contracts/src/std/slice.rs" 263 0 372 1 let%span siter11 = "../../../../creusot-contracts/src/std/iter.rs" 101 0 213 1 - let%span sslice12 = "../../../../creusot-contracts/src/std/slice.rs" 405 12 405 66 + let%span sslice12 = "../../../../creusot-contracts/src/std/slice.rs" 423 12 423 66 let%span siter13 = "../../../../creusot-contracts/src/std/iter.rs" 107 26 110 17 let%span smodel14 = "../../../../creusot-contracts/src/model.rs" 88 8 88 22 let%span siter15 = "../../../../creusot-contracts/src/std/iter.rs" 86 20 86 24 let%span siter16 = "../../../../creusot-contracts/src/std/iter.rs" 92 8 92 19 - let%span sslice17 = "../../../../creusot-contracts/src/std/slice.rs" 411 14 411 45 - let%span sslice18 = "../../../../creusot-contracts/src/std/slice.rs" 409 4 409 10 - let%span sslice19 = "../../../../creusot-contracts/src/std/slice.rs" 416 15 416 32 - let%span sslice20 = "../../../../creusot-contracts/src/std/slice.rs" 417 15 417 32 - let%span sslice21 = "../../../../creusot-contracts/src/std/slice.rs" 418 14 418 42 - let%span sslice22 = "../../../../creusot-contracts/src/std/slice.rs" 414 4 414 10 - let%span sslice23 = "../../../../creusot-contracts/src/std/slice.rs" 96 14 96 41 - let%span sslice24 = "../../../../creusot-contracts/src/std/slice.rs" 97 14 97 80 - let%span sslice25 = "../../../../creusot-contracts/src/std/slice.rs" 398 20 398 61 + let%span sslice17 = "../../../../creusot-contracts/src/std/slice.rs" 429 14 429 45 + let%span sslice18 = "../../../../creusot-contracts/src/std/slice.rs" 427 4 427 10 + let%span sslice19 = "../../../../creusot-contracts/src/std/slice.rs" 434 15 434 32 + let%span sslice20 = "../../../../creusot-contracts/src/std/slice.rs" 435 15 435 32 + let%span sslice21 = "../../../../creusot-contracts/src/std/slice.rs" 436 14 436 42 + let%span sslice22 = "../../../../creusot-contracts/src/std/slice.rs" 432 4 432 10 + let%span sslice23 = "../../../../creusot-contracts/src/std/slice.rs" 114 14 114 41 + let%span sslice24 = "../../../../creusot-contracts/src/std/slice.rs" 115 14 115 80 + let%span sslice25 = "../../../../creusot-contracts/src/std/slice.rs" 416 20 416 61 let%span sresolve26 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 let%span sslice27 = "../../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 let%span sslice28 = "../../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 @@ -35,31 +35,31 @@ module M_03_std_iterators__slice_iter [#"03_std_iterators.rs" 6 0 6 42] let%span sboxed33 = "../../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 let%span sslice34 = "../../../../creusot-contracts/src/std/slice.rs" 18 20 18 30 - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 use prelude.prelude.Borrow - use prelude.prelude.Slice + use Slice64.create type t_T'0 use seq.Seq - constant v_MAX'0 : usize = (18446744073709551615 : usize) - - use prelude.prelude.UIntSize + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.Int + use prelude.prelude.UInt64 - use prelude.prelude.Slice + use prelude.prelude.Slice64 use seq.Seq function view'2 (self : slice t_T'0) : Seq.seq t_T'0 axiom view'2_spec : forall self : slice t_T'0 . ([%#sslice27] Seq.length (view'2 self) - <= UIntSize.to_int (v_MAX'0 : usize)) - && ([%#sslice28] view'2 self = Slice.id self) + <= UInt64.to_uint (v_MAX'0 : UInt64.t)) + && ([%#sslice28] view'2 self = Slice64.id self) use seq.Seq @@ -243,11 +243,11 @@ module M_03_std_iterators__slice_iter [#"03_std_iterators.rs" 6 0 6 42] meta "compute_max_steps" 1000000 - let rec slice_iter'0 (slice:slice t_T'0) (return' (ret:usize))= {[@expl:slice_iter 'slice' type invariant] [%#s03_std_iterators7] inv'2 slice} + let rec slice_iter'0 (slice:slice t_T'0) (return' (ret:UInt64.t))= {[@expl:slice_iter 'slice' type invariant] [%#s03_std_iterators7] inv'2 slice} {[@expl:slice_iter requires] [%#s03_std_iterators8] Seq.length (view'0 slice) < 1000} (! bb0 [ bb0 = s0 - [ s0 = [ &i <- [%#s03_std_iterators0] (0 : usize) ] s1 + [ s0 = [ &i <- [%#s03_std_iterators0] (0 : UInt64.t) ] s1 | s1 = iter'0 {slice} (fun (_ret':t_Iter'0) -> [ &_7 <- _ret' ] s2) | s2 = bb1 ] @@ -261,7 +261,7 @@ module M_03_std_iterators__slice_iter [#"03_std_iterators.rs" 6 0 6 42] [ bb5 = {[@expl:for invariant] [%#s03_std_iterators4] inv'1 (Snapshot.inner produced)} {[@expl:for invariant] [%#s03_std_iterators4] inv'0 iter} {[@expl:for invariant] [%#s03_std_iterators4] produces'0 (Snapshot.inner iter_old) (Snapshot.inner produced) iter} - {[@expl:loop invariant] [%#s03_std_iterators3] UIntSize.to_int i = Seq.length (Snapshot.inner produced)} + {[@expl:loop invariant] [%#s03_std_iterators3] UInt64.to_uint i = Seq.length (Snapshot.inner produced)} (! s0) [ s0 = bb6 ] [ bb6 = s0 [ s0 = Borrow.borrow_mut {iter} @@ -286,16 +286,16 @@ module M_03_std_iterators__slice_iter [#"03_std_iterators.rs" 6 0 6 42] | bb12 = s0 [ s0 = [ &produced <- _23 ] s1 - | s1 = UIntSize.add {i} {[%#s03_std_iterators6] (1 : usize)} (fun (_ret':usize) -> [ &i <- _ret' ] s2) + | s1 = UInt64.add {i} {[%#s03_std_iterators6] (1 : UInt64.t)} (fun (_ret':UInt64.t) -> [ &i <- _ret' ] s2) | s2 = bb5 ] ] ] | bb10 = s0 [ s0 = [ &_0 <- i ] s1 | s1 = return' {_0} ] ] ) - [ & _0 : usize = any_l () + [ & _0 : UInt64.t = any_l () | & slice : slice t_T'0 = slice - | & i : usize = any_l () + | & i : UInt64.t = any_l () | & iter : t_Iter'0 = any_l () | & _7 : t_Iter'0 = any_l () | & iter_old : Snapshot.snap_ty (t_Iter'0) = any_l () @@ -306,7 +306,7 @@ module M_03_std_iterators__slice_iter [#"03_std_iterators.rs" 6 0 6 42] | & __creusot_proc_iter_elem : t_T'0 = any_l () | & _23 : Snapshot.snap_ty (Seq.seq t_T'0) = any_l () ] - [ return' (result:usize)-> {[@expl:slice_iter ensures] [%#s03_std_iterators9] UIntSize.to_int result + [ return' (result:UInt64.t)-> {[@expl:slice_iter ensures] [%#s03_std_iterators9] UInt64.to_uint result = Seq.length (view'0 slice)} (! return' {result}) ] @@ -323,20 +323,20 @@ module M_03_std_iterators__vec_iter [#"03_std_iterators.rs" 17 0 17 41] let%span s03_std_iterators8 = "03_std_iterators.rs" 15 11 15 28 let%span s03_std_iterators9 = "03_std_iterators.rs" 16 10 16 31 let%span siter10 = "../../../../creusot-contracts/src/std/iter.rs" 101 0 213 1 - let%span sslice11 = "../../../../creusot-contracts/src/std/slice.rs" 405 12 405 66 + let%span sslice11 = "../../../../creusot-contracts/src/std/slice.rs" 423 12 423 66 let%span siter12 = "../../../../creusot-contracts/src/std/iter.rs" 107 26 110 17 let%span smodel13 = "../../../../creusot-contracts/src/model.rs" 88 8 88 22 let%span svec14 = "../../../../creusot-contracts/src/std/vec.rs" 205 20 205 24 let%span svec15 = "../../../../creusot-contracts/src/std/vec.rs" 211 20 211 34 - let%span sslice16 = "../../../../creusot-contracts/src/std/slice.rs" 411 14 411 45 - let%span sslice17 = "../../../../creusot-contracts/src/std/slice.rs" 409 4 409 10 - let%span sslice18 = "../../../../creusot-contracts/src/std/slice.rs" 416 15 416 32 - let%span sslice19 = "../../../../creusot-contracts/src/std/slice.rs" 417 15 417 32 - let%span sslice20 = "../../../../creusot-contracts/src/std/slice.rs" 418 14 418 42 - let%span sslice21 = "../../../../creusot-contracts/src/std/slice.rs" 414 4 414 10 - let%span sslice22 = "../../../../creusot-contracts/src/std/slice.rs" 96 14 96 41 - let%span sslice23 = "../../../../creusot-contracts/src/std/slice.rs" 97 14 97 80 - let%span sslice24 = "../../../../creusot-contracts/src/std/slice.rs" 398 20 398 61 + let%span sslice16 = "../../../../creusot-contracts/src/std/slice.rs" 429 14 429 45 + let%span sslice17 = "../../../../creusot-contracts/src/std/slice.rs" 427 4 427 10 + let%span sslice18 = "../../../../creusot-contracts/src/std/slice.rs" 434 15 434 32 + let%span sslice19 = "../../../../creusot-contracts/src/std/slice.rs" 435 15 435 32 + let%span sslice20 = "../../../../creusot-contracts/src/std/slice.rs" 436 14 436 42 + let%span sslice21 = "../../../../creusot-contracts/src/std/slice.rs" 432 4 432 10 + let%span sslice22 = "../../../../creusot-contracts/src/std/slice.rs" 114 14 114 41 + let%span sslice23 = "../../../../creusot-contracts/src/std/slice.rs" 115 14 115 80 + let%span sslice24 = "../../../../creusot-contracts/src/std/slice.rs" 416 20 416 61 let%span sresolve25 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 let%span svec26 = "../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 let%span sops27 = "../../../../creusot-contracts/src/logic/ops.rs" 42 8 42 31 @@ -348,7 +348,9 @@ module M_03_std_iterators__vec_iter [#"03_std_iterators.rs" 17 0 17 41] let%span sboxed33 = "../../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 let%span svec34 = "../../../../creusot-contracts/src/std/vec.rs" 65 20 65 41 - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 use prelude.prelude.Borrow @@ -361,21 +363,19 @@ module M_03_std_iterators__vec_iter [#"03_std_iterators.rs" 17 0 17 41] { t_Unique__pointer'0: t_NonNull'0; t_Unique__qy95zmarker'0: () } type t_Cap'0 = - { t_Cap__0'0: usize } + { t_Cap__0'0: UInt64.t } type t_RawVec'0 = { t_RawVec__ptr'0: t_Unique'0; t_RawVec__cap'0: t_Cap'0; t_RawVec__alloc'0: () } type t_Vec'0 = - { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: usize } + { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: UInt64.t } use seq.Seq - constant v_MAX'0 : usize = (18446744073709551615 : usize) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.UIntSize - - use prelude.prelude.Int + use prelude.prelude.UInt64 type t_T'0 @@ -383,7 +383,7 @@ module M_03_std_iterators__vec_iter [#"03_std_iterators.rs" 17 0 17 41] function view'2 (self : t_Vec'0) : Seq.seq t_T'0 - axiom view'2_spec : forall self : t_Vec'0 . [%#svec26] Seq.length (view'2 self) <= UIntSize.to_int (v_MAX'0 : usize) + axiom view'2_spec : forall self : t_Vec'0 . [%#svec26] Seq.length (view'2 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) use seq.Seq @@ -426,17 +426,17 @@ module M_03_std_iterators__vec_iter [#"03_std_iterators.rs" 17 0 17 41] function view'0 (self : t_Vec'0) : Seq.seq t_T'0 = [%#smodel13] view'2 self - use prelude.prelude.Slice + use Slice64.create function view'1 (self : t_Iter'0) : slice t_T'0 - use prelude.prelude.Slice + use prelude.prelude.Slice64 function view'5 (self : slice t_T'0) : Seq.seq t_T'0 axiom view'5_spec : forall self : slice t_T'0 . ([%#sslice30] Seq.length (view'5 self) - <= UIntSize.to_int (v_MAX'0 : usize)) - && ([%#sslice31] view'5 self = Slice.id self) + <= UInt64.to_uint (v_MAX'0 : UInt64.t)) + && ([%#sslice31] view'5 self = Slice64.id self) function view'3 (self : slice t_T'0) : Seq.seq t_T'0 = [%#smodel13] view'5 self @@ -572,11 +572,11 @@ module M_03_std_iterators__vec_iter [#"03_std_iterators.rs" 17 0 17 41] meta "compute_max_steps" 1000000 - let rec vec_iter'0 (vec:t_Vec'0) (return' (ret:usize))= {[@expl:vec_iter 'vec' type invariant] [%#s03_std_iterators7] inv'2 vec} + let rec vec_iter'0 (vec:t_Vec'0) (return' (ret:UInt64.t))= {[@expl:vec_iter 'vec' type invariant] [%#s03_std_iterators7] inv'2 vec} {[@expl:vec_iter requires] [%#s03_std_iterators8] Seq.length (view'0 vec) < 1000} (! bb0 [ bb0 = s0 - [ s0 = [ &i <- [%#s03_std_iterators0] (0 : usize) ] s1 + [ s0 = [ &i <- [%#s03_std_iterators0] (0 : UInt64.t) ] s1 | s1 = into_iter'0 {vec} (fun (_ret':t_Iter'0) -> [ &iter <- _ret' ] s2) | s2 = bb1 ] @@ -589,7 +589,7 @@ module M_03_std_iterators__vec_iter [#"03_std_iterators.rs" 17 0 17 41] [ bb4 = {[@expl:for invariant] [%#s03_std_iterators4] inv'1 (Snapshot.inner produced)} {[@expl:for invariant] [%#s03_std_iterators4] inv'0 iter} {[@expl:for invariant] [%#s03_std_iterators4] produces'0 (Snapshot.inner iter_old) (Snapshot.inner produced) iter} - {[@expl:loop invariant] [%#s03_std_iterators3] UIntSize.to_int i = Seq.length (Snapshot.inner produced)} + {[@expl:loop invariant] [%#s03_std_iterators3] UInt64.to_uint i = Seq.length (Snapshot.inner produced)} (! s0) [ s0 = bb5 ] [ bb5 = s0 [ s0 = Borrow.borrow_mut {iter} @@ -614,16 +614,16 @@ module M_03_std_iterators__vec_iter [#"03_std_iterators.rs" 17 0 17 41] | bb11 = s0 [ s0 = [ &produced <- _22 ] s1 - | s1 = UIntSize.add {i} {[%#s03_std_iterators6] (1 : usize)} (fun (_ret':usize) -> [ &i <- _ret' ] s2) + | s1 = UInt64.add {i} {[%#s03_std_iterators6] (1 : UInt64.t)} (fun (_ret':UInt64.t) -> [ &i <- _ret' ] s2) | s2 = bb4 ] ] ] | bb9 = s0 [ s0 = [ &_0 <- i ] s1 | s1 = return' {_0} ] ] ) - [ & _0 : usize = any_l () + [ & _0 : UInt64.t = any_l () | & vec : t_Vec'0 = vec - | & i : usize = any_l () + | & i : UInt64.t = any_l () | & iter : t_Iter'0 = any_l () | & iter_old : Snapshot.snap_ty (t_Iter'0) = any_l () | & produced : Snapshot.snap_ty (Seq.seq t_T'0) = any_l () @@ -633,7 +633,7 @@ module M_03_std_iterators__vec_iter [#"03_std_iterators.rs" 17 0 17 41] | & __creusot_proc_iter_elem : t_T'0 = any_l () | & _22 : Snapshot.snap_ty (Seq.seq t_T'0) = any_l () ] - [ return' (result:usize)-> {[@expl:vec_iter ensures] [%#s03_std_iterators9] UIntSize.to_int result + [ return' (result:UInt64.t)-> {[@expl:vec_iter ensures] [%#s03_std_iterators9] UInt64.to_uint result = Seq.length (view'0 vec)} (! return' {result}) ] @@ -649,34 +649,34 @@ module M_03_std_iterators__all_zero [#"03_std_iterators.rs" 28 0 28 35] let%span s03_std_iterators7 = "03_std_iterators.rs" 27 10 27 64 let%span svec8 = "../../../../creusot-contracts/src/std/vec.rs" 175 26 175 42 let%span svec9 = "../../../../creusot-contracts/src/std/vec.rs" 176 26 176 48 - let%span sslice10 = "../../../../creusot-contracts/src/std/slice.rs" 245 0 354 1 + let%span sslice10 = "../../../../creusot-contracts/src/std/slice.rs" 263 0 372 1 let%span siter11 = "../../../../creusot-contracts/src/std/iter.rs" 101 0 213 1 let%span sops12 = "../../../../creusot-contracts/src/logic/ops.rs" 86 8 86 33 - let%span sslice13 = "../../../../creusot-contracts/src/std/slice.rs" 459 12 459 66 + let%span sslice13 = "../../../../creusot-contracts/src/std/slice.rs" 477 12 477 66 let%span siter14 = "../../../../creusot-contracts/src/std/iter.rs" 107 26 110 17 let%span svec15 = "../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 let%span smodel16 = "../../../../creusot-contracts/src/model.rs" 106 8 106 22 let%span sops17 = "../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 let%span sslice18 = "../../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 let%span sslice19 = "../../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 - let%span sslice20 = "../../../../creusot-contracts/src/std/slice.rs" 427 14 427 50 + let%span sslice20 = "../../../../creusot-contracts/src/std/slice.rs" 445 14 445 50 let%span siter21 = "../../../../creusot-contracts/src/std/iter.rs" 86 20 86 24 let%span siter22 = "../../../../creusot-contracts/src/std/iter.rs" 92 8 92 19 let%span sresolve23 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 - let%span sslice24 = "../../../../creusot-contracts/src/std/slice.rs" 465 15 465 24 - let%span sslice25 = "../../../../creusot-contracts/src/std/slice.rs" 466 14 466 45 - let%span sslice26 = "../../../../creusot-contracts/src/std/slice.rs" 463 4 463 10 - let%span sslice27 = "../../../../creusot-contracts/src/std/slice.rs" 471 15 471 21 - let%span sslice28 = "../../../../creusot-contracts/src/std/slice.rs" 472 15 472 21 - let%span sslice29 = "../../../../creusot-contracts/src/std/slice.rs" 473 15 473 21 - let%span sslice30 = "../../../../creusot-contracts/src/std/slice.rs" 474 15 474 32 - let%span sslice31 = "../../../../creusot-contracts/src/std/slice.rs" 475 15 475 32 - let%span sslice32 = "../../../../creusot-contracts/src/std/slice.rs" 476 14 476 42 - let%span sslice33 = "../../../../creusot-contracts/src/std/slice.rs" 469 4 469 10 - let%span sslice34 = "../../../../creusot-contracts/src/std/slice.rs" 87 14 87 41 - let%span sslice35 = "../../../../creusot-contracts/src/std/slice.rs" 88 14 88 84 - let%span sslice36 = "../../../../creusot-contracts/src/std/slice.rs" 452 20 452 61 - let%span sslice37 = "../../../../creusot-contracts/src/std/slice.rs" 437 20 437 36 + let%span sslice24 = "../../../../creusot-contracts/src/std/slice.rs" 483 15 483 24 + let%span sslice25 = "../../../../creusot-contracts/src/std/slice.rs" 484 14 484 45 + let%span sslice26 = "../../../../creusot-contracts/src/std/slice.rs" 481 4 481 10 + let%span sslice27 = "../../../../creusot-contracts/src/std/slice.rs" 489 15 489 21 + let%span sslice28 = "../../../../creusot-contracts/src/std/slice.rs" 490 15 490 21 + let%span sslice29 = "../../../../creusot-contracts/src/std/slice.rs" 491 15 491 21 + let%span sslice30 = "../../../../creusot-contracts/src/std/slice.rs" 492 15 492 32 + let%span sslice31 = "../../../../creusot-contracts/src/std/slice.rs" 493 15 493 32 + let%span sslice32 = "../../../../creusot-contracts/src/std/slice.rs" 494 14 494 42 + let%span sslice33 = "../../../../creusot-contracts/src/std/slice.rs" 487 4 487 10 + let%span sslice34 = "../../../../creusot-contracts/src/std/slice.rs" 105 14 105 41 + let%span sslice35 = "../../../../creusot-contracts/src/std/slice.rs" 106 14 106 84 + let%span sslice36 = "../../../../creusot-contracts/src/std/slice.rs" 470 20 470 61 + let%span sslice37 = "../../../../creusot-contracts/src/std/slice.rs" 455 20 455 36 let%span sops38 = "../../../../creusot-contracts/src/logic/ops.rs" 42 8 42 31 use prelude.prelude.Borrow @@ -689,58 +689,58 @@ module M_03_std_iterators__all_zero [#"03_std_iterators.rs" 28 0 28 35] type t_Unique'0 = { t_Unique__pointer'0: t_NonNull'0; t_Unique__qy95zmarker'0: () } - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 type t_Cap'0 = - { t_Cap__0'0: usize } + { t_Cap__0'0: UInt64.t } type t_RawVec'0 = { t_RawVec__ptr'0: t_Unique'0; t_RawVec__cap'0: t_Cap'0; t_RawVec__alloc'0: () } type t_Vec'0 = - { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: usize } + { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: UInt64.t } predicate inv'2 (_1 : borrowed (t_Vec'0)) axiom inv_axiom'2 [@rewrite] : forall x : borrowed (t_Vec'0) [inv'2 x] . inv'2 x = true - use prelude.prelude.Slice + use Slice64.create - predicate inv'3 (_1 : borrowed (slice usize)) + predicate inv'3 (_1 : borrowed (slice UInt64.t)) - axiom inv_axiom'3 [@rewrite] : forall x : borrowed (slice usize) [inv'3 x] . inv'3 x = true + axiom inv_axiom'3 [@rewrite] : forall x : borrowed (slice UInt64.t) [inv'3 x] . inv'3 x = true use seq.Seq use seq.Seq - constant v_MAX'0 : usize = (18446744073709551615 : usize) - - use prelude.prelude.UIntSize + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.Int + use prelude.prelude.UInt64 - use prelude.prelude.Slice + use prelude.prelude.Slice64 - function view'3 (self : slice usize) : Seq.seq usize + function view'3 (self : slice UInt64.t) : Seq.seq UInt64.t - axiom view'3_spec : forall self : slice usize . ([%#sslice18] Seq.length (view'3 self) - <= UIntSize.to_int (v_MAX'0 : usize)) - && ([%#sslice19] view'3 self = Slice.id self) + axiom view'3_spec : forall self : slice UInt64.t . ([%#sslice18] Seq.length (view'3 self) + <= UInt64.to_uint (v_MAX'0 : UInt64.t)) + && ([%#sslice19] view'3 self = Slice64.id self) - function view'2 (self : borrowed (slice usize)) : Seq.seq usize = + function view'2 (self : borrowed (slice UInt64.t)) : Seq.seq UInt64.t = [%#smodel16] view'3 self.current - function view'0 (self : t_Vec'0) : Seq.seq usize + function view'0 (self : t_Vec'0) : Seq.seq UInt64.t - axiom view'0_spec : forall self : t_Vec'0 . [%#svec15] Seq.length (view'0 self) <= UIntSize.to_int (v_MAX'0 : usize) + axiom view'0_spec : forall self : t_Vec'0 . [%#svec15] Seq.length (view'0 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) - function view'1 (self : borrowed (t_Vec'0)) : Seq.seq usize = + function view'1 (self : borrowed (t_Vec'0)) : Seq.seq UInt64.t = [%#smodel16] view'0 self.current - let rec deref_mut'0 (self:borrowed (t_Vec'0)) (return' (ret:borrowed (slice usize)))= {[@expl:deref_mut 'self' type invariant] inv'2 self} + let rec deref_mut'0 (self:borrowed (t_Vec'0)) (return' (ret:borrowed (slice UInt64.t)))= {[@expl:deref_mut 'self' type invariant] inv'2 self} any - [ return' (result:borrowed (slice usize))-> {inv'3 result} + [ return' (result:borrowed (slice UInt64.t))-> {inv'3 result} {[%#svec8] view'2 result = view'1 self} {[%#svec9] view'3 result.final = view'0 self.final} (! return' {result}) ] @@ -749,12 +749,12 @@ module M_03_std_iterators__all_zero [#"03_std_iterators.rs" 28 0 28 35] type t_IterMut'0 = { t_IterMut__ptr'0: t_NonNull'0; t_IterMut__end_or_len'0: opaque_ptr; t_IterMut__qy95zmarker'0: () } - function view'4 (self : t_IterMut'0) : borrowed (slice usize) + function view'4 (self : t_IterMut'0) : borrowed (slice UInt64.t) axiom view'4_spec : forall self : t_IterMut'0 . [%#sslice20] Seq.length (view'3 (view'4 self).final) = Seq.length (view'3 (view'4 self).current) - let rec iter_mut'0 (self:borrowed (slice usize)) (return' (ret:t_IterMut'0))= {[@expl:iter_mut 'self' type invariant] inv'3 self} + let rec iter_mut'0 (self:borrowed (slice UInt64.t)) (return' (ret:t_IterMut'0))= {[@expl:iter_mut 'self' type invariant] inv'3 self} any [ return' (result:t_IterMut'0)-> {[%#sslice10] view'4 result = self} (! return' {result}) ] predicate inv'0 (_1 : t_IterMut'0) @@ -773,10 +773,10 @@ module M_03_std_iterators__all_zero [#"03_std_iterators.rs" 28 0 28 35] [ return' (result:t_IterMut'0)-> {inv'0 result} {[%#siter11] into_iter_post'0 self result} (! return' {result}) ] - predicate resolve'5 (self : borrowed (slice usize)) = + predicate resolve'5 (self : borrowed (slice UInt64.t)) = [%#sresolve23] self.final = self.current - predicate resolve'0 (_1 : borrowed (slice usize)) = + predicate resolve'0 (_1 : borrowed (slice UInt64.t)) = resolve'5 _1 use prelude.prelude.Snapshot @@ -795,7 +795,7 @@ module M_03_std_iterators__all_zero [#"03_std_iterators.rs" 28 0 28 35] use seq.Seq - function index_logic'0 [@inline:trivial] (self : Snapshot.snap_ty (Seq.seq (borrowed usize))) (ix : int) : borrowed usize + function index_logic'0 [@inline:trivial] (self : Snapshot.snap_ty (Seq.seq (borrowed UInt64.t))) (ix : int) : borrowed UInt64.t = [%#sops12] Seq.get (Snapshot.inner self) ix @@ -808,26 +808,26 @@ module M_03_std_iterators__all_zero [#"03_std_iterators.rs" 28 0 28 35] use seq.Seq - function index_logic'2 [@inline:trivial] (self : slice usize) (ix : int) : usize = + function index_logic'2 [@inline:trivial] (self : slice UInt64.t) (ix : int) : UInt64.t = [%#sops38] Seq.get (view'3 self) ix - function to_mut_seq'0 (self : borrowed (slice usize)) : Seq.seq (borrowed usize) + function to_mut_seq'0 (self : borrowed (slice UInt64.t)) : Seq.seq (borrowed UInt64.t) - axiom to_mut_seq'0_spec : forall self : borrowed (slice usize) . ([%#sslice34] Seq.length (to_mut_seq'0 self) + axiom to_mut_seq'0_spec : forall self : borrowed (slice UInt64.t) . ([%#sslice34] Seq.length (to_mut_seq'0 self) = Seq.length (view'2 self)) && ([%#sslice35] forall i : int . 0 <= i /\ i < Seq.length (to_mut_seq'0 self) -> Seq.get (to_mut_seq'0 self) i = Borrow.borrow_logic (index_logic'2 self.current i) (index_logic'2 self.final i) (Borrow.inherit_id (Borrow.get_id self) i)) - predicate produces'0 (self : t_IterMut'0) (visited : Seq.seq (borrowed usize)) (tl : t_IterMut'0) = + predicate produces'0 (self : t_IterMut'0) (visited : Seq.seq (borrowed UInt64.t)) (tl : t_IterMut'0) = [%#sslice13] to_mut_seq'0 (view'4 self) = Seq.(++) visited (to_mut_seq'0 (view'4 tl)) - function produces_trans'0 (a : t_IterMut'0) (ab : Seq.seq (borrowed usize)) (b : t_IterMut'0) (bc : Seq.seq (borrowed usize)) (c : t_IterMut'0) : () + function produces_trans'0 (a : t_IterMut'0) (ab : Seq.seq (borrowed UInt64.t)) (b : t_IterMut'0) (bc : Seq.seq (borrowed UInt64.t)) (c : t_IterMut'0) : () = [%#sslice33] () - axiom produces_trans'0_spec : forall a : t_IterMut'0, ab : Seq.seq (borrowed usize), b : t_IterMut'0, bc : Seq.seq (borrowed usize), c : t_IterMut'0 . ([%#sslice27] inv'0 a) + axiom produces_trans'0_spec : forall a : t_IterMut'0, ab : Seq.seq (borrowed UInt64.t), b : t_IterMut'0, bc : Seq.seq (borrowed UInt64.t), c : t_IterMut'0 . ([%#sslice27] inv'0 a) -> ([%#sslice28] inv'0 b) -> ([%#sslice29] inv'0 c) -> ([%#sslice30] produces'0 a ab b) @@ -837,15 +837,15 @@ module M_03_std_iterators__all_zero [#"03_std_iterators.rs" 28 0 28 35] [%#sslice26] () axiom produces_refl'0_spec : forall self : t_IterMut'0 . ([%#sslice24] inv'0 self) - -> ([%#sslice25] produces'0 self (Seq.empty : Seq.seq (borrowed usize)) self) + -> ([%#sslice25] produces'0 self (Seq.empty : Seq.seq (borrowed UInt64.t)) self) - predicate inv'1 (_1 : Seq.seq (borrowed usize)) + predicate inv'1 (_1 : Seq.seq (borrowed UInt64.t)) - axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq (borrowed usize) [inv'1 x] . inv'1 x = true + axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq (borrowed UInt64.t) [inv'1 x] . inv'1 x = true type t_Option'0 = | C_None'0 - | C_Some'0 (borrowed usize) + | C_Some'0 (borrowed UInt64.t) predicate inv'4 (_1 : t_Option'0) @@ -854,13 +854,13 @@ module M_03_std_iterators__all_zero [#"03_std_iterators.rs" 28 0 28 35] predicate resolve'6 (self : borrowed (t_IterMut'0)) = [%#sresolve23] self.final = self.current - function view'5 (self : borrowed (t_IterMut'0)) : borrowed (slice usize) = + function view'5 (self : borrowed (t_IterMut'0)) : borrowed (slice UInt64.t) = [%#smodel16] view'4 self.current use seq.Seq predicate completed'0 (self : borrowed (t_IterMut'0)) = - [%#sslice36] resolve'6 self /\ view'3 (view'5 self).current = (Seq.empty : Seq.seq usize) + [%#sslice36] resolve'6 self /\ view'3 (view'5 self).current = (Seq.empty : Seq.seq UInt64.t) use seq.Seq @@ -876,17 +876,17 @@ module M_03_std_iterators__all_zero [#"03_std_iterators.rs" 28 0 28 35] predicate resolve'1 (_1 : borrowed (t_IterMut'0)) = resolve'6 _1 - let rec v_Some'0 (input:t_Option'0) (ret (field_0:borrowed usize))= any - [ good (field_0:borrowed usize)-> {C_Some'0 field_0 = input} (! ret {field_0}) - | bad -> {forall field_0 : borrowed usize [C_Some'0 field_0 : t_Option'0] . C_Some'0 field_0 <> input} + let rec v_Some'0 (input:t_Option'0) (ret (field_0:borrowed UInt64.t))= any + [ good (field_0:borrowed UInt64.t)-> {C_Some'0 field_0 = input} (! ret {field_0}) + | bad -> {forall field_0 : borrowed UInt64.t [C_Some'0 field_0 : t_Option'0] . C_Some'0 field_0 <> input} (! {false} any) ] - predicate resolve'7 (self : borrowed usize) = + predicate resolve'7 (self : borrowed UInt64.t) = [%#sresolve23] self.final = self.current - predicate resolve'2 (_1 : borrowed usize) = + predicate resolve'2 (_1 : borrowed UInt64.t) = resolve'7 _1 predicate resolve'8 (self : t_IterMut'0) = @@ -905,7 +905,7 @@ module M_03_std_iterators__all_zero [#"03_std_iterators.rs" 28 0 28 35] use prelude.prelude.Snapshot - function index_logic'1 [@inline:trivial] (self : t_Vec'0) (ix : int) : usize = + function index_logic'1 [@inline:trivial] (self : t_Vec'0) (ix : int) : UInt64.t = [%#sops17] Seq.get (view'0 self) ix meta "compute_max_steps" 1000000 @@ -914,12 +914,12 @@ module M_03_std_iterators__all_zero [#"03_std_iterators.rs" 28 0 28 35] [ bb0 = s0 [ s0 = Borrow.borrow_final {v.current} {Borrow.get_id v} (fun (_ret':borrowed (t_Vec'0)) -> [ &_8 <- _ret' ] [ &v <- { v with current = _ret'.final } ] s1) - | s1 = deref_mut'0 {_8} (fun (_ret':borrowed (slice usize)) -> [ &_7 <- _ret' ] s2) + | s1 = deref_mut'0 {_8} (fun (_ret':borrowed (slice UInt64.t)) -> [ &_7 <- _ret' ] s2) | s2 = bb1 ] | bb1 = s0 - [ s0 = Borrow.borrow_final {_7.current} {Borrow.get_id _7} - (fun (_ret':borrowed (slice usize)) -> [ &_6 <- _ret' ] [ &_7 <- { _7 with current = _ret'.final } ] s1) + [ s0 = Borrow.borrow_final {_7.current} {Borrow.get_id _7} + (fun (_ret':borrowed (slice UInt64.t)) -> [ &_6 <- _ret' ] [ &_7 <- { _7 with current = _ret'.final } ] s1) | s1 = iter_mut'0 {_6} (fun (_ret':t_IterMut'0) -> [ &_5 <- _ret' ] s2) | s2 = bb2 ] @@ -928,7 +928,7 @@ module M_03_std_iterators__all_zero [#"03_std_iterators.rs" 28 0 28 35] [ s0 = -{resolve'0 _7}- s1 | s1 = [ &iter_old <- [%#s03_std_iterators0] Snapshot.new iter ] s2 | s2 = bb4 ] | bb4 = s0 - [ s0 = [ &produced <- [%#s03_std_iterators1] Snapshot.new (Seq.empty : Seq.seq (borrowed usize)) ] s1 + [ s0 = [ &produced <- [%#s03_std_iterators1] Snapshot.new (Seq.empty : Seq.seq (borrowed UInt64.t)) ] s1 | s1 = bb5 ] | bb5 = bb6 @@ -937,7 +937,7 @@ module M_03_std_iterators__all_zero [#"03_std_iterators.rs" 28 0 28 35] {[@expl:for invariant] [%#s03_std_iterators3] inv'0 iter} {[@expl:for invariant] [%#s03_std_iterators3] produces'0 (Snapshot.inner iter_old) (Snapshot.inner produced) iter} {[@expl:loop invariant] [%#s03_std_iterators2] forall i : int . 0 <= i - /\ i < Seq.length (Snapshot.inner produced) -> UIntSize.to_int (index_logic'0 produced i).final = 0} + /\ i < Seq.length (Snapshot.inner produced) -> UInt64.to_uint (index_logic'0 produced i).final = 0} (! s0) [ s0 = bb7 ] [ bb7 = s0 [ s0 = Borrow.borrow_mut {iter} @@ -952,11 +952,13 @@ module M_03_std_iterators__all_zero [#"03_std_iterators.rs" 28 0 28 35] | bb8 = s0 [ s0 = -{resolve'1 _20}- s1 - | s1 = any [ br0 -> {_18 = C_None'0 } (! bb11) | br1 (x0:borrowed usize)-> {_18 = C_Some'0 x0} (! bb10) ] ] + | s1 = any + [ br0 -> {_18 = C_None'0 } (! bb11) | br1 (x0:borrowed UInt64.t)-> {_18 = C_Some'0 x0} (! bb10) ] + ] | bb10 = bb12 | bb12 = s0 - [ s0 = v_Some'0 {_18} (fun (r0'0:borrowed usize) -> [ &__creusot_proc_iter_elem <- r0'0 ] s1) + [ s0 = v_Some'0 {_18} (fun (r0'0:borrowed UInt64.t) -> [ &__creusot_proc_iter_elem <- r0'0 ] s1) | s1 = [ &_23 <- [%#s03_std_iterators4] Snapshot.new (Seq.(++) (Snapshot.inner produced) (Seq.singleton __creusot_proc_iter_elem)) ] @@ -966,7 +968,7 @@ module M_03_std_iterators__all_zero [#"03_std_iterators.rs" 28 0 28 35] | bb13 = s0 [ s0 = [ &produced <- _23 ] s1 | s1 = [ &x <- __creusot_proc_iter_elem ] s2 - | s2 = [ &x <- { x with current = ([%#s03_std_iterators5] (0 : usize)) } ] s3 + | s2 = [ &x <- { x with current = ([%#s03_std_iterators5] (0 : UInt64.t)) } ] s3 | s3 = -{resolve'2 x}- s4 | s4 = bb6 ] ] @@ -978,22 +980,22 @@ module M_03_std_iterators__all_zero [#"03_std_iterators.rs" 28 0 28 35] | & v : borrowed (t_Vec'0) = v | & iter : t_IterMut'0 = any_l () | & _5 : t_IterMut'0 = any_l () - | & _6 : borrowed (slice usize) = any_l () - | & _7 : borrowed (slice usize) = any_l () + | & _6 : borrowed (slice UInt64.t) = any_l () + | & _7 : borrowed (slice UInt64.t) = any_l () | & _8 : borrowed (t_Vec'0) = any_l () | & iter_old : Snapshot.snap_ty (t_IterMut'0) = any_l () - | & produced : Snapshot.snap_ty (Seq.seq (borrowed usize)) = any_l () + | & produced : Snapshot.snap_ty (Seq.seq (borrowed UInt64.t)) = any_l () | & _18 : t_Option'0 = any_l () | & _19 : borrowed (t_IterMut'0) = any_l () | & _20 : borrowed (t_IterMut'0) = any_l () - | & __creusot_proc_iter_elem : borrowed usize = any_l () - | & _23 : Snapshot.snap_ty (Seq.seq (borrowed usize)) = any_l () - | & x : borrowed usize = any_l () ] + | & __creusot_proc_iter_elem : borrowed UInt64.t = any_l () + | & _23 : Snapshot.snap_ty (Seq.seq (borrowed UInt64.t)) = any_l () + | & x : borrowed UInt64.t = any_l () ] [ return' (result:())-> {[@expl:all_zero ensures #0] [%#s03_std_iterators6] Seq.length (view'0 v.final) = Seq.length (view'1 v)} {[@expl:all_zero ensures #1] [%#s03_std_iterators7] forall i : int . 0 <= i /\ i < Seq.length (view'1 v) - -> UIntSize.to_int (index_logic'1 v.final i) = 0} + -> UInt64.to_uint (index_logic'1 v.final i) = 0} (! return' {result}) ] end @@ -1047,10 +1049,12 @@ module M_03_std_iterators__skip_take [#"03_std_iterators.rs" 35 0 35 48] predicate inv'2 (_1 : t_I'0) - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 type t_Take'0 = - { t_Take__iter'0: t_I'0; t_Take__n'0: usize } + { t_Take__iter'0: t_I'0; t_Take__n'0: UInt64.t } predicate inv'3 (_1 : t_Take'0) @@ -1063,25 +1067,23 @@ module M_03_std_iterators__skip_take [#"03_std_iterators.rs" 35 0 35 48] axiom iter'0_spec : forall self : t_Take'0 . [%#stake4] inv'3 self -> inv'2 (iter'0 self) - use prelude.prelude.Int - - constant v_MAX'0 : usize = (18446744073709551615 : usize) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 function n'0 (self : t_Take'0) : int - axiom n'0_spec : forall self : t_Take'0 . [%#stake5] n'0 self >= 0 /\ n'0 self <= UIntSize.to_int (v_MAX'0 : usize) + axiom n'0_spec : forall self : t_Take'0 . [%#stake5] n'0 self >= 0 /\ n'0 self <= UInt64.to_uint (v_MAX'0 : UInt64.t) - let rec take'0 (self:t_I'0) (n:usize) (return' (ret:t_Take'0))= {[@expl:take 'self' type invariant] inv'2 self} + let rec take'0 (self:t_I'0) (n:UInt64.t) (return' (ret:t_Take'0))= {[@expl:take 'self' type invariant] inv'2 self} any [ return' (result:t_Take'0)-> {inv'3 result} - {[%#siter2] iter'0 result = self /\ n'0 result = UIntSize.to_int n} + {[%#siter2] iter'0 result = self /\ n'0 result = UInt64.to_uint n} (! return' {result}) ] type t_Skip'0 = - { t_Skip__iter'0: t_Take'0; t_Skip__n'0: usize } + { t_Skip__iter'0: t_Take'0; t_Skip__n'0: UInt64.t } predicate inv'0 (_1 : t_Skip'0) @@ -1096,12 +1098,12 @@ module M_03_std_iterators__skip_take [#"03_std_iterators.rs" 35 0 35 48] function n'1 (self : t_Skip'0) : int - axiom n'1_spec : forall self : t_Skip'0 . [%#sskip7] n'1 self >= 0 /\ n'1 self <= UIntSize.to_int (v_MAX'0 : usize) + axiom n'1_spec : forall self : t_Skip'0 . [%#sskip7] n'1 self >= 0 /\ n'1 self <= UInt64.to_uint (v_MAX'0 : UInt64.t) - let rec skip'0 (self:t_Take'0) (n:usize) (return' (ret:t_Skip'0))= {[@expl:skip 'self' type invariant] inv'3 self} + let rec skip'0 (self:t_Take'0) (n:UInt64.t) (return' (ret:t_Skip'0))= {[@expl:skip 'self' type invariant] inv'3 self} any [ return' (result:t_Skip'0)-> {inv'0 result} - {[%#siter2] iter'1 result = self /\ n'1 result = UIntSize.to_int n} + {[%#siter2] iter'1 result = self /\ n'1 result = UInt64.to_uint n} (! return' {result}) ] @@ -1286,7 +1288,7 @@ module M_03_std_iterators__skip_take [#"03_std_iterators.rs" 35 0 35 48] meta "compute_max_steps" 1000000 - let rec skip_take'0 (iter:t_I'0) (n:usize) (return' (ret:()))= {[@expl:skip_take 'iter' type invariant] [%#s03_std_iterators1] inv'2 iter} + let rec skip_take'0 (iter:t_I'0) (n:UInt64.t) (return' (ret:()))= {[@expl:skip_take 'iter' type invariant] [%#s03_std_iterators1] inv'2 iter} (! bb0 [ bb0 = s0 [ s0 = take'0 {iter} {n} (fun (_ret':t_Take'0) -> [ &_6 <- _ret' ] s1) | s1 = bb1 ] | bb1 = s0 [ s0 = skip'0 {_6} {n} (fun (_ret':t_Skip'0) -> [ &_5 <- _ret' ] s1) | s1 = bb2 ] @@ -1311,7 +1313,7 @@ module M_03_std_iterators__skip_take [#"03_std_iterators.rs" 35 0 35 48] ) [ & _0 : () = any_l () | & iter : t_I'0 = iter - | & n : usize = n + | & n : UInt64.t = n | & res : t_Option'0 = any_l () | & _4 : borrowed (t_Skip'0) = any_l () | & _5 : t_Skip'0 = any_l () @@ -1324,7 +1326,7 @@ module M_03_std_iterators__counter [#"03_std_iterators.rs" 41 0 41 27] let%span s03_std_iterators2 = "03_std_iterators.rs" 57 20 57 33 let%span s03_std_iterators3 = "03_std_iterators.rs" 58 20 58 36 let%span svec4 = "../../../../creusot-contracts/src/std/vec.rs" 169 26 169 42 - let%span sslice5 = "../../../../creusot-contracts/src/std/slice.rs" 245 0 354 1 + let%span sslice5 = "../../../../creusot-contracts/src/std/slice.rs" 263 0 372 1 let%span s03_std_iterators6 = "03_std_iterators.rs" 50 23 50 24 let%span s03_std_iterators7 = "03_std_iterators.rs" 47 23 47 65 let%span s03_std_iterators8 = "03_std_iterators.rs" 48 22 48 89 @@ -1338,13 +1340,13 @@ module M_03_std_iterators__counter [#"03_std_iterators.rs" 41 0 41 27] let%span siter16 = "../../../../creusot-contracts/src/std/iter.rs" 172 26 174 81 let%span svec17 = "../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 let%span smodel18 = "../../../../creusot-contracts/src/model.rs" 88 8 88 22 - let%span sslice19 = "../../../../creusot-contracts/src/std/slice.rs" 411 14 411 45 - let%span sslice20 = "../../../../creusot-contracts/src/std/slice.rs" 409 4 409 10 - let%span sslice21 = "../../../../creusot-contracts/src/std/slice.rs" 416 15 416 32 - let%span sslice22 = "../../../../creusot-contracts/src/std/slice.rs" 417 15 417 32 - let%span sslice23 = "../../../../creusot-contracts/src/std/slice.rs" 418 14 418 42 - let%span sslice24 = "../../../../creusot-contracts/src/std/slice.rs" 414 4 414 10 - let%span sslice25 = "../../../../creusot-contracts/src/std/slice.rs" 405 12 405 66 + let%span sslice19 = "../../../../creusot-contracts/src/std/slice.rs" 429 14 429 45 + let%span sslice20 = "../../../../creusot-contracts/src/std/slice.rs" 427 4 427 10 + let%span sslice21 = "../../../../creusot-contracts/src/std/slice.rs" 434 15 434 32 + let%span sslice22 = "../../../../creusot-contracts/src/std/slice.rs" 435 15 435 32 + let%span sslice23 = "../../../../creusot-contracts/src/std/slice.rs" 436 14 436 42 + let%span sslice24 = "../../../../creusot-contracts/src/std/slice.rs" 432 4 432 10 + let%span sslice25 = "../../../../creusot-contracts/src/std/slice.rs" 423 12 423 66 let%span smap_inv26 = "../../../../creusot-contracts/src/std/iter/map_inv.rs" 159 12 163 47 let%span smap_inv27 = "../../../../creusot-contracts/src/std/iter/map_inv.rs" 146 12 151 71 let%span smap_inv28 = "../../../../creusot-contracts/src/std/iter/map_inv.rs" 15 8 18 9 @@ -1353,31 +1355,47 @@ module M_03_std_iterators__counter [#"03_std_iterators.rs" 41 0 41 27] let%span sslice31 = "../../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 let%span sslice32 = "../../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 let%span sresolve33 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 - let%span sops34 = "../../../../creusot-contracts/src/std/ops.rs" 105 15 105 59 - let%span sops35 = "../../../../creusot-contracts/src/std/ops.rs" 106 14 106 36 - let%span sops36 = "../../../../creusot-contracts/src/std/ops.rs" 111 14 111 31 - let%span sops37 = "../../../../creusot-contracts/src/std/ops.rs" 116 15 116 29 - let%span sops38 = "../../../../creusot-contracts/src/std/ops.rs" 117 15 117 26 - let%span sops39 = "../../../../creusot-contracts/src/std/ops.rs" 118 14 118 28 - let%span sops40 = "../../../../creusot-contracts/src/std/ops.rs" 123 14 124 105 - let%span sslice41 = "../../../../creusot-contracts/src/std/slice.rs" 96 14 96 41 - let%span sslice42 = "../../../../creusot-contracts/src/std/slice.rs" 97 14 97 80 - let%span sslice43 = "../../../../creusot-contracts/src/std/slice.rs" 398 20 398 61 - let%span smap_inv44 = "../../../../creusot-contracts/src/std/iter/map_inv.rs" 123 12 125 63 - let%span smap_inv45 = "../../../../creusot-contracts/src/std/iter/map_inv.rs" 62 8 62 50 - let%span smap_inv46 = "../../../../creusot-contracts/src/std/iter/map_inv.rs" 23 15 23 24 - let%span smap_inv47 = "../../../../creusot-contracts/src/std/iter/map_inv.rs" 24 14 24 45 - let%span smap_inv48 = "../../../../creusot-contracts/src/std/iter/map_inv.rs" 29 15 29 21 - let%span smap_inv49 = "../../../../creusot-contracts/src/std/iter/map_inv.rs" 30 15 30 21 - let%span smap_inv50 = "../../../../creusot-contracts/src/std/iter/map_inv.rs" 31 15 31 21 - let%span smap_inv51 = "../../../../creusot-contracts/src/std/iter/map_inv.rs" 32 15 32 32 - let%span smap_inv52 = "../../../../creusot-contracts/src/std/iter/map_inv.rs" 33 15 33 32 - let%span smap_inv53 = "../../../../creusot-contracts/src/std/iter/map_inv.rs" 34 14 34 42 - let%span sops54 = "../../../../creusot-contracts/src/logic/ops.rs" 42 8 42 31 - let%span smodel55 = "../../../../creusot-contracts/src/model.rs" 106 8 106 22 - let%span sinvariant56 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 - - use prelude.prelude.UIntSize + let%span sord34 = "../../../../creusot-contracts/src/logic/ord.rs" 78 39 78 89 + let%span sord35 = "../../../../creusot-contracts/src/logic/ord.rs" 83 39 83 86 + let%span sord36 = "../../../../creusot-contracts/src/logic/ord.rs" 88 39 88 86 + let%span sord37 = "../../../../creusot-contracts/src/logic/ord.rs" 93 39 93 89 + let%span sord38 = "../../../../creusot-contracts/src/logic/ord.rs" 98 39 98 70 + let%span sord39 = "../../../../creusot-contracts/src/logic/ord.rs" 103 40 103 57 + let%span sord40 = "../../../../creusot-contracts/src/logic/ord.rs" 104 40 104 57 + let%span sord41 = "../../../../creusot-contracts/src/logic/ord.rs" 105 39 105 56 + let%span sord42 = "../../../../creusot-contracts/src/logic/ord.rs" 110 40 110 70 + let%span sord43 = "../../../../creusot-contracts/src/logic/ord.rs" 111 39 111 72 + let%span sord44 = "../../../../creusot-contracts/src/logic/ord.rs" 116 40 116 73 + let%span sord45 = "../../../../creusot-contracts/src/logic/ord.rs" 117 39 117 69 + let%span sord46 = "../../../../creusot-contracts/src/logic/ord.rs" 122 39 122 84 + let%span sops47 = "../../../../creusot-contracts/src/std/ops.rs" 105 15 105 59 + let%span sops48 = "../../../../creusot-contracts/src/std/ops.rs" 106 14 106 36 + let%span sops49 = "../../../../creusot-contracts/src/std/ops.rs" 111 14 111 31 + let%span sops50 = "../../../../creusot-contracts/src/std/ops.rs" 116 15 116 29 + let%span sops51 = "../../../../creusot-contracts/src/std/ops.rs" 117 15 117 26 + let%span sops52 = "../../../../creusot-contracts/src/std/ops.rs" 118 14 118 28 + let%span sops53 = "../../../../creusot-contracts/src/std/ops.rs" 123 14 124 105 + let%span sslice54 = "../../../../creusot-contracts/src/std/slice.rs" 114 14 114 41 + let%span sslice55 = "../../../../creusot-contracts/src/std/slice.rs" 115 14 115 80 + let%span sslice56 = "../../../../creusot-contracts/src/std/slice.rs" 416 20 416 61 + let%span smap_inv57 = "../../../../creusot-contracts/src/std/iter/map_inv.rs" 123 12 125 63 + let%span smap_inv58 = "../../../../creusot-contracts/src/std/iter/map_inv.rs" 62 8 62 50 + let%span smap_inv59 = "../../../../creusot-contracts/src/std/iter/map_inv.rs" 23 15 23 24 + let%span smap_inv60 = "../../../../creusot-contracts/src/std/iter/map_inv.rs" 24 14 24 45 + let%span smap_inv61 = "../../../../creusot-contracts/src/std/iter/map_inv.rs" 29 15 29 21 + let%span smap_inv62 = "../../../../creusot-contracts/src/std/iter/map_inv.rs" 30 15 30 21 + let%span smap_inv63 = "../../../../creusot-contracts/src/std/iter/map_inv.rs" 31 15 31 21 + let%span smap_inv64 = "../../../../creusot-contracts/src/std/iter/map_inv.rs" 32 15 32 32 + let%span smap_inv65 = "../../../../creusot-contracts/src/std/iter/map_inv.rs" 33 15 33 32 + let%span smap_inv66 = "../../../../creusot-contracts/src/std/iter/map_inv.rs" 34 14 34 42 + let%span sord67 = "../../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + let%span sops68 = "../../../../creusot-contracts/src/logic/ops.rs" 42 8 42 31 + let%span smodel69 = "../../../../creusot-contracts/src/model.rs" 106 8 106 22 + let%span sinvariant70 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 + + use prelude.prelude.Int + + use prelude.prelude.UInt64 use prelude.prelude.Borrow @@ -1390,67 +1408,67 @@ module M_03_std_iterators__counter [#"03_std_iterators.rs" 41 0 41 27] { t_Unique__pointer'0: t_NonNull'0; t_Unique__qy95zmarker'0: () } type t_Cap'0 = - { t_Cap__0'0: usize } + { t_Cap__0'0: UInt64.t } type t_RawVec'0 = { t_RawVec__ptr'0: t_Unique'0; t_RawVec__cap'0: t_Cap'0; t_RawVec__alloc'0: () } type t_Vec'0 = - { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: usize } + { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: UInt64.t } predicate inv'0 (_1 : t_Vec'0) axiom inv_axiom'0 [@rewrite] : forall x : t_Vec'0 [inv'0 x] . inv'0 x = true - use prelude.prelude.Slice + use Slice64.create use prelude.prelude.UInt32 - predicate inv'1 (_1 : slice uint32) + predicate inv'1 (_1 : slice UInt32.t) - axiom inv_axiom'1 [@rewrite] : forall x : slice uint32 [inv'1 x] . inv'1 x = true + axiom inv_axiom'1 [@rewrite] : forall x : slice UInt32.t [inv'1 x] . inv'1 x = true use seq.Seq use seq.Seq - constant v_MAX'0 : usize = (18446744073709551615 : usize) - - use prelude.prelude.UIntSize + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.Int + use prelude.prelude.UInt64 - use prelude.prelude.Slice + use prelude.prelude.Slice64 - function view'4 (self : slice uint32) : Seq.seq uint32 + function view'4 (self : slice UInt32.t) : Seq.seq UInt32.t - axiom view'4_spec : forall self : slice uint32 . ([%#sslice31] Seq.length (view'4 self) - <= UIntSize.to_int (v_MAX'0 : usize)) - && ([%#sslice32] view'4 self = Slice.id self) + axiom view'4_spec : forall self : slice UInt32.t . ([%#sslice31] Seq.length (view'4 self) + <= UInt64.to_uint (v_MAX'0 : UInt64.t)) + && ([%#sslice32] view'4 self = Slice64.id self) - function view'1 (self : slice uint32) : Seq.seq uint32 = + function view'1 (self : slice UInt32.t) : Seq.seq UInt32.t = [%#smodel18] view'4 self - function view'0 (self : t_Vec'0) : Seq.seq uint32 + function view'0 (self : t_Vec'0) : Seq.seq UInt32.t - axiom view'0_spec : forall self : t_Vec'0 . [%#svec17] Seq.length (view'0 self) <= UIntSize.to_int (v_MAX'0 : usize) + axiom view'0_spec : forall self : t_Vec'0 . [%#svec17] Seq.length (view'0 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) - function view'2 (self : t_Vec'0) : Seq.seq uint32 = + function view'2 (self : t_Vec'0) : Seq.seq UInt32.t = [%#smodel18] view'0 self - let rec deref'0 (self:t_Vec'0) (return' (ret:slice uint32))= {[@expl:deref 'self' type invariant] inv'0 self} - any [ return' (result:slice uint32)-> {inv'1 result} {[%#svec4] view'1 result = view'2 self} (! return' {result}) ] + let rec deref'0 (self:t_Vec'0) (return' (ret:slice UInt32.t))= {[@expl:deref 'self' type invariant] inv'0 self} + any + [ return' (result:slice UInt32.t)-> {inv'1 result} {[%#svec4] view'1 result = view'2 self} (! return' {result}) ] + type t_Iter'0 = { t_Iter__ptr'0: t_NonNull'0; t_Iter__end_or_len'0: opaque_ptr; t_Iter__qy95zmarker'0: () } - function view'3 (self : t_Iter'0) : slice uint32 + function view'3 (self : t_Iter'0) : slice UInt32.t - let rec iter'0 (self:slice uint32) (return' (ret:t_Iter'0))= {[@expl:iter 'self' type invariant] inv'1 self} + let rec iter'0 (self:slice UInt32.t) (return' (ret:t_Iter'0))= {[@expl:iter 'self' type invariant] inv'1 self} any [ return' (result:t_Iter'0)-> {[%#sslice5] view'3 result = self} (! return' {result}) ] type closure0'1 = - { field_0'0: borrowed usize } + { field_0'0: borrowed UInt64.t } predicate resolve'2 (self : borrowed closure0'1) = [%#sresolve33] self.final = self.current @@ -1464,21 +1482,78 @@ module M_03_std_iterators__counter [#"03_std_iterators.rs" 41 0 41 27] use seq.Seq + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 + + use prelude.prelude.UInt64 + + function cmp_log'0 (self : UInt64.t) (o : UInt64.t) : t_Ordering'0 = + [%#sord67] if UInt64.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + + function eq_cmp'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom eq_cmp'0_spec : forall x : UInt64.t, y : UInt64.t . [%#sord46] (x = y) = (cmp_log'0 x y = C_Equal'0) + + function antisym2'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom antisym2'0_spec : forall x : UInt64.t, y : UInt64.t . ([%#sord44] cmp_log'0 x y = C_Greater'0) + -> ([%#sord45] cmp_log'0 y x = C_Less'0) + + function antisym1'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom antisym1'0_spec : forall x : UInt64.t, y : UInt64.t . ([%#sord42] cmp_log'0 x y = C_Less'0) + -> ([%#sord43] cmp_log'0 y x = C_Greater'0) + + function trans'0 (x : UInt64.t) (y : UInt64.t) (z : UInt64.t) (o : t_Ordering'0) : () + + axiom trans'0_spec : forall x : UInt64.t, y : UInt64.t, z : UInt64.t, o : t_Ordering'0 . ([%#sord39] cmp_log'0 x y + = o) -> ([%#sord40] cmp_log'0 y z = o) -> ([%#sord41] cmp_log'0 x z = o) + + function refl'0 (x : UInt64.t) : () + + axiom refl'0_spec : forall x : UInt64.t . [%#sord38] cmp_log'0 x x = C_Equal'0 + + use prelude.prelude.UInt64 + + function cmp_gt_log'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom cmp_gt_log'0_spec : forall x : UInt64.t, y : UInt64.t . [%#sord37] UInt64.ugt x y + = (cmp_log'0 x y = C_Greater'0) + + use prelude.prelude.UInt64 + + function cmp_ge_log'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom cmp_ge_log'0_spec : forall x : UInt64.t, y : UInt64.t . [%#sord36] UInt64.uge x y = (cmp_log'0 x y <> C_Less'0) + + function cmp_lt_log'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom cmp_lt_log'0_spec : forall x : UInt64.t, y : UInt64.t . [%#sord35] UInt64.ult x y = (cmp_log'0 x y = C_Less'0) + + use prelude.prelude.UInt64 + + function cmp_le_log'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom cmp_le_log'0_spec : forall x : UInt64.t, y : UInt64.t . [%#sord34] UInt64.ule x y + = (cmp_log'0 x y <> C_Greater'0) + use seq.Seq use prelude.prelude.Snapshot - predicate postcondition_once'0 (self : closure0'1) (args : (uint32, Snapshot.snap_ty (Seq.seq uint32))) (result : uint32) + predicate postcondition_once'0 (self : closure0'1) (args : (UInt32.t, Snapshot.snap_ty (Seq.seq UInt32.t))) (result : UInt32.t) = - [%#s03_std_iterators8] let (x, _prod) = args in UIntSize.to_int (self.field_0'0).final - = UIntSize.to_int (self.field_0'0).current + 1 - /\ UIntSize.to_int (self.field_0'0).final = Seq.length (Snapshot.inner _prod) + 1 /\ result = x + [%#s03_std_iterators8] let (x, _prod) = args in UInt64.to_uint (self.field_0'0).final + = UInt64.to_uint (self.field_0'0).current + 1 + /\ UInt64.to_uint (self.field_0'0).final = Seq.length (Snapshot.inner _prod) + 1 /\ result = x - predicate resolve'8 (self : borrowed usize) = + predicate resolve'8 (self : borrowed UInt64.t) = [%#sresolve33] self.final = self.current - predicate resolve'7 (_1 : borrowed usize) = + predicate resolve'7 (_1 : borrowed UInt64.t) = resolve'8 _1 predicate resolve'4 (_1 : closure0'1) = @@ -1487,41 +1562,42 @@ module M_03_std_iterators__counter [#"03_std_iterators.rs" 41 0 41 27] predicate unnest'0 (self : closure0'1) (_2 : closure0'1) = (_2.field_0'0).final = (self.field_0'0).final - predicate postcondition_mut'0 (self : closure0'1) (args : (uint32, Snapshot.snap_ty (Seq.seq uint32))) (result_state : closure0'1) (result : uint32) + predicate postcondition_mut'0 (self : closure0'1) (args : (UInt32.t, Snapshot.snap_ty (Seq.seq UInt32.t))) (result_state : closure0'1) (result : UInt32.t) = - (let (x, _prod) = args in UIntSize.to_int (result_state.field_0'0).current - = UIntSize.to_int (self.field_0'0).current + 1 - /\ UIntSize.to_int (result_state.field_0'0).current = Seq.length (Snapshot.inner _prod) + 1 /\ result = x) + (let (x, _prod) = args in UInt64.to_uint (result_state.field_0'0).current + = UInt64.to_uint (self.field_0'0).current + 1 + /\ UInt64.to_uint (result_state.field_0'0).current = Seq.length (Snapshot.inner _prod) + 1 /\ result = x) /\ unnest'0 self result_state - function fn_mut_once'0 (self : closure0'1) (args : (uint32, Snapshot.snap_ty (Seq.seq uint32))) (res : uint32) : () + function fn_mut_once'0 (self : closure0'1) (args : (UInt32.t, Snapshot.snap_ty (Seq.seq UInt32.t))) (res : UInt32.t) : () + - axiom fn_mut_once'0_spec : forall self : closure0'1, args : (uint32, Snapshot.snap_ty (Seq.seq uint32)), res : uint32 . [%#sops40] postcondition_once'0 self args res + axiom fn_mut_once'0_spec : forall self : closure0'1, args : (UInt32.t, Snapshot.snap_ty (Seq.seq UInt32.t)), res : UInt32.t . [%#sops53] postcondition_once'0 self args res = (exists res_state : closure0'1 . postcondition_mut'0 self args res_state res /\ resolve'4 res_state) function unnest_trans'0 (self : closure0'1) (b : closure0'1) (c : closure0'1) : () - axiom unnest_trans'0_spec : forall self : closure0'1, b : closure0'1, c : closure0'1 . ([%#sops37] unnest'0 self b) - -> ([%#sops38] unnest'0 b c) -> ([%#sops39] unnest'0 self c) + axiom unnest_trans'0_spec : forall self : closure0'1, b : closure0'1, c : closure0'1 . ([%#sops50] unnest'0 self b) + -> ([%#sops51] unnest'0 b c) -> ([%#sops52] unnest'0 self c) function unnest_refl'0 (self : closure0'1) : () - axiom unnest_refl'0_spec : forall self : closure0'1 . [%#sops36] unnest'0 self self + axiom unnest_refl'0_spec : forall self : closure0'1 . [%#sops49] unnest'0 self self - function postcondition_mut_unnest'0 (self : closure0'1) (args : (uint32, Snapshot.snap_ty (Seq.seq uint32))) (res_state : closure0'1) (res : uint32) : () + function postcondition_mut_unnest'0 (self : closure0'1) (args : (UInt32.t, Snapshot.snap_ty (Seq.seq UInt32.t))) (res_state : closure0'1) (res : UInt32.t) : () - axiom postcondition_mut_unnest'0_spec : forall self : closure0'1, args : (uint32, Snapshot.snap_ty (Seq.seq uint32)), res_state : closure0'1, res : uint32 . ([%#sops34] postcondition_mut'0 self args res_state res) - -> ([%#sops35] unnest'0 self res_state) + axiom postcondition_mut_unnest'0_spec : forall self : closure0'1, args : (UInt32.t, Snapshot.snap_ty (Seq.seq UInt32.t)), res_state : closure0'1, res : UInt32.t . ([%#sops47] postcondition_mut'0 self args res_state res) + -> ([%#sops48] unnest'0 self res_state) - let rec closure0'0 (_1:borrowed closure0'1) (x:uint32) (_prod:Snapshot.snap_ty (Seq.seq uint32)) (return' (ret:uint32))= {[@expl:closure requires] [%#s03_std_iterators7] UIntSize.to_int ((_1.current).field_0'0).current + let rec closure0'0 (_1:borrowed closure0'1) (x:UInt32.t) (_prod:Snapshot.snap_ty (Seq.seq UInt32.t)) (return' (ret:UInt32.t))= {[@expl:closure requires] [%#s03_std_iterators7] UInt64.to_uint ((_1.current).field_0'0).current = Seq.length (Snapshot.inner _prod) - /\ ((_1.current).field_0'0).current < (v_MAX'0 : usize)} + /\ UInt64.ult ((_1.current).field_0'0).current (v_MAX'0 : UInt64.t)} (! bb0 [ bb0 = s0 - [ s0 = UIntSize.add {((_1.current).field_0'0).current} {[%#s03_std_iterators6] (1 : usize)} - (fun (_ret':usize) -> + [ s0 = UInt64.add {((_1.current).field_0'0).current} {[%#s03_std_iterators6] (1 : UInt64.t)} + (fun (_ret':UInt64.t) -> [ &_1 <- { _1 with current = { field_0'0 = { (_1.current).field_0'0 with current = _ret' } } } ] s1) | s1 = -{resolve'0 _1}- s2 @@ -1531,15 +1607,15 @@ module M_03_std_iterators__counter [#"03_std_iterators.rs" 41 0 41 27] | s5 = return' {_0} ] ] ) - [ & _0 : uint32 = any_l () + [ & _0 : UInt32.t = any_l () | & _1 : borrowed closure0'1 = _1 - | & x : uint32 = x - | & res : uint32 = any_l () - | & res1 : uint32 = any_l () ] + | & x : UInt32.t = x + | & res : UInt32.t = any_l () + | & res1 : UInt32.t = any_l () ] - [ return' (result:uint32)-> {[@expl:closure ensures] [%#s03_std_iterators8] UIntSize.to_int ((_1.final).field_0'0).current - = UIntSize.to_int ((_1.current).field_0'0).current + 1 - /\ UIntSize.to_int ((_1.final).field_0'0).current = Seq.length (Snapshot.inner _prod) + 1 /\ result = x} + [ return' (result:UInt32.t)-> {[@expl:closure ensures] [%#s03_std_iterators8] UInt64.to_uint ((_1.final).field_0'0).current + = UInt64.to_uint ((_1.current).field_0'0).current + 1 + /\ UInt64.to_uint ((_1.final).field_0'0).current = Seq.length (Snapshot.inner _prod) + 1 /\ result = x} {[@expl:closure unnest] unnest'0 _1.current _1.final} (! return' {result}) ] @@ -1552,44 +1628,44 @@ module M_03_std_iterators__counter [#"03_std_iterators.rs" 41 0 41 27] use seq.Seq - function index_logic'0 [@inline:trivial] (self : slice uint32) (ix : int) : uint32 = - [%#sops54] Seq.get (view'4 self) ix + function index_logic'0 [@inline:trivial] (self : slice UInt32.t) (ix : int) : UInt32.t = + [%#sops68] Seq.get (view'4 self) ix - function to_ref_seq'0 (self : slice uint32) : Seq.seq uint32 + function to_ref_seq'0 (self : slice UInt32.t) : Seq.seq UInt32.t - axiom to_ref_seq'0_spec : forall self : slice uint32 . ([%#sslice41] Seq.length (to_ref_seq'0 self) + axiom to_ref_seq'0_spec : forall self : slice UInt32.t . ([%#sslice54] Seq.length (to_ref_seq'0 self) = Seq.length (view'1 self)) - && ([%#sslice42] forall i : int . 0 <= i /\ i < Seq.length (to_ref_seq'0 self) + && ([%#sslice55] forall i : int . 0 <= i /\ i < Seq.length (to_ref_seq'0 self) -> Seq.get (to_ref_seq'0 self) i = index_logic'0 self i) - predicate produces'0 (self : t_Iter'0) (visited : Seq.seq uint32) (tl : t_Iter'0) = + predicate produces'0 (self : t_Iter'0) (visited : Seq.seq UInt32.t) (tl : t_Iter'0) = [%#sslice25] to_ref_seq'0 (view'3 self) = Seq.(++) visited (to_ref_seq'0 (view'3 tl)) - function produces_trans'1 (a : t_Iter'0) (ab : Seq.seq uint32) (b : t_Iter'0) (bc : Seq.seq uint32) (c : t_Iter'0) : () + function produces_trans'1 (a : t_Iter'0) (ab : Seq.seq UInt32.t) (b : t_Iter'0) (bc : Seq.seq UInt32.t) (c : t_Iter'0) : () = [%#sslice24] () - axiom produces_trans'1_spec : forall a : t_Iter'0, ab : Seq.seq uint32, b : t_Iter'0, bc : Seq.seq uint32, c : t_Iter'0 . ([%#sslice21] produces'0 a ab b) + axiom produces_trans'1_spec : forall a : t_Iter'0, ab : Seq.seq UInt32.t, b : t_Iter'0, bc : Seq.seq UInt32.t, c : t_Iter'0 . ([%#sslice21] produces'0 a ab b) -> ([%#sslice22] produces'0 b bc c) -> ([%#sslice23] produces'0 a (Seq.(++) ab bc) c) function produces_refl'1 (self : t_Iter'0) : () = [%#sslice20] () - axiom produces_refl'1_spec : forall self : t_Iter'0 . [%#sslice19] produces'0 self (Seq.empty : Seq.seq uint32) self + axiom produces_refl'1_spec : forall self : t_Iter'0 . [%#sslice19] produces'0 self (Seq.empty : Seq.seq UInt32.t) self - function produces_trans'0 (a : t_Iter'0) (ab : Seq.seq uint32) (b : t_Iter'0) (bc : Seq.seq uint32) (c : t_Iter'0) : () + function produces_trans'0 (a : t_Iter'0) (ab : Seq.seq UInt32.t) (b : t_Iter'0) (bc : Seq.seq UInt32.t) (c : t_Iter'0) : () = [%#sslice24] () - axiom produces_trans'0_spec : forall a : t_Iter'0, ab : Seq.seq uint32, b : t_Iter'0, bc : Seq.seq uint32, c : t_Iter'0 . ([%#sslice21] produces'0 a ab b) + axiom produces_trans'0_spec : forall a : t_Iter'0, ab : Seq.seq UInt32.t, b : t_Iter'0, bc : Seq.seq UInt32.t, c : t_Iter'0 . ([%#sslice21] produces'0 a ab b) -> ([%#sslice22] produces'0 b bc c) -> ([%#sslice23] produces'0 a (Seq.(++) ab bc) c) function produces_refl'0 (self : t_Iter'0) : () = [%#sslice20] () - axiom produces_refl'0_spec : forall self : t_Iter'0 . [%#sslice19] produces'0 self (Seq.empty : Seq.seq uint32) self + axiom produces_refl'0_spec : forall self : t_Iter'0 . [%#sslice19] produces'0 self (Seq.empty : Seq.seq UInt32.t) self predicate inv'2 (_1 : t_Iter'0) @@ -1599,18 +1675,18 @@ module M_03_std_iterators__counter [#"03_std_iterators.rs" 41 0 41 27] axiom inv_axiom'3 [@rewrite] : forall x : closure0'1 [inv'3 x] . inv'3 x = true - predicate inv'4 (_1 : uint32) + predicate inv'4 (_1 : UInt32.t) - axiom inv_axiom'4 [@rewrite] : forall x : uint32 [inv'4 x] . inv'4 x = true + axiom inv_axiom'4 [@rewrite] : forall x : UInt32.t [inv'4 x] . inv'4 x = true use seq.Seq use prelude.prelude.Snapshot - predicate precondition'0 (self : closure0'1) (args : (uint32, Snapshot.snap_ty (Seq.seq uint32))) = - [%#s03_std_iterators7] let (x, _prod) = args in UIntSize.to_int (self.field_0'0).current + predicate precondition'0 (self : closure0'1) (args : (UInt32.t, Snapshot.snap_ty (Seq.seq UInt32.t))) = + [%#s03_std_iterators7] let (x, _prod) = args in UInt64.to_uint (self.field_0'0).current = Seq.length (Snapshot.inner _prod) - /\ (self.field_0'0).current < (v_MAX'0 : usize) + /\ UInt64.ult (self.field_0'0).current (v_MAX'0 : UInt64.t) predicate inv'9 (_1 : borrowed (t_Iter'0)) @@ -1619,34 +1695,34 @@ module M_03_std_iterators__counter [#"03_std_iterators.rs" 41 0 41 27] predicate resolve'5 (self : borrowed (t_Iter'0)) = [%#sresolve33] self.final = self.current - function view'5 (self : borrowed (t_Iter'0)) : slice uint32 = - [%#smodel55] view'3 self.current + function view'5 (self : borrowed (t_Iter'0)) : slice UInt32.t = + [%#smodel69] view'3 self.current use seq.Seq predicate completed'1 (self : borrowed (t_Iter'0)) = - [%#sslice43] resolve'5 self /\ view'4 (view'5 self) = (Seq.empty : Seq.seq uint32) + [%#sslice56] resolve'5 self /\ view'4 (view'5 self) = (Seq.empty : Seq.seq UInt32.t) - predicate next_precondition'0 (iter : t_Iter'0) (func : closure0'1) (produced : Seq.seq uint32) = - [%#smap_inv44] forall e : uint32, i : t_Iter'0 . inv'4 e /\ inv'2 i /\ produces'0 iter (Seq.singleton e) i + predicate next_precondition'0 (iter : t_Iter'0) (func : closure0'1) (produced : Seq.seq UInt32.t) = + [%#smap_inv57] forall e : UInt32.t, i : t_Iter'0 . inv'4 e /\ inv'2 i /\ produces'0 iter (Seq.singleton e) i -> precondition'0 func (e, Snapshot.new produced) - predicate inv'10 (_1 : Seq.seq uint32) + predicate inv'10 (_1 : Seq.seq UInt32.t) - axiom inv_axiom'10 [@rewrite] : forall x : Seq.seq uint32 [inv'10 x] . inv'10 x = true + axiom inv_axiom'10 [@rewrite] : forall x : Seq.seq UInt32.t [inv'10 x] . inv'10 x = true predicate inv'11 (_1 : borrowed closure0'1) axiom inv_axiom'11 [@rewrite] : forall x : borrowed closure0'1 [inv'11 x] . inv'11 x = true - predicate inv'12 (_1 : uint32) + predicate inv'12 (_1 : UInt32.t) - axiom inv_axiom'12 [@rewrite] : forall x : uint32 [inv'12 x] . inv'12 x = true + axiom inv_axiom'12 [@rewrite] : forall x : UInt32.t [inv'12 x] . inv'12 x = true use seq.Seq predicate preservation'0 (iter : t_Iter'0) (func : closure0'1) = - [%#smap_inv27] forall s : Seq.seq uint32, e1 : uint32, e2 : uint32, f : borrowed closure0'1, b : uint32, i : t_Iter'0 . inv'10 s + [%#smap_inv27] forall s : Seq.seq UInt32.t, e1 : UInt32.t, e2 : UInt32.t, f : borrowed closure0'1, b : UInt32.t, i : t_Iter'0 . inv'10 s /\ inv'4 e1 /\ inv'4 e2 /\ inv'11 f /\ inv'12 b /\ inv'2 i /\ unnest'0 func f.current -> produces'0 iter (Seq.snoc (Seq.snoc s e1) e2) i -> precondition'0 f.current (e1, Snapshot.new s) @@ -1656,12 +1732,12 @@ module M_03_std_iterators__counter [#"03_std_iterators.rs" 41 0 41 27] predicate reinitialize'0 (_1 : ()) = [%#smap_inv26] forall iter : borrowed (t_Iter'0), func : closure0'1 . inv'9 iter /\ inv'3 func -> completed'1 iter - -> next_precondition'0 iter.final func (Seq.empty : Seq.seq uint32) /\ preservation'0 iter.final func + -> next_precondition'0 iter.final func (Seq.empty : Seq.seq UInt32.t) /\ preservation'0 iter.final func type t_MapInv'0 = { t_MapInv__iter'0: t_Iter'0; t_MapInv__func'0: closure0'1; - t_MapInv__produced'0: Snapshot.snap_ty (Seq.seq uint32) } + t_MapInv__produced'0: Snapshot.snap_ty (Seq.seq UInt32.t) } predicate invariant'0 (self : t_MapInv'0) @@ -1675,8 +1751,8 @@ module M_03_std_iterators__counter [#"03_std_iterators.rs" 41 0 41 27] let rec map_inv'0 (self:t_Iter'0) (func:closure0'1) (return' (ret:t_MapInv'0))= {[@expl:map_inv 'self' type invariant] [%#siter9] inv'2 self} {[@expl:map_inv 'func' type invariant] [%#siter10] inv'3 func} - {[@expl:map_inv requires #0] [%#siter11] forall e : uint32, i2 : t_Iter'0 . inv'4 e /\ inv'2 i2 - -> produces'0 self (Seq.singleton e) i2 -> precondition'0 func (e, Snapshot.new (Seq.empty : Seq.seq uint32))} + {[@expl:map_inv requires #0] [%#siter11] forall e : UInt32.t, i2 : t_Iter'0 . inv'4 e /\ inv'2 i2 + -> produces'0 self (Seq.singleton e) i2 -> precondition'0 func (e, Snapshot.new (Seq.empty : Seq.seq UInt32.t))} {[@expl:map_inv requires #1] [%#siter12] reinitialize'0 ()} {[@expl:map_inv requires #2] [%#siter13] preservation'0 self func} any @@ -1684,7 +1760,7 @@ module M_03_std_iterators__counter [#"03_std_iterators.rs" 41 0 41 27] {[%#siter15] result = { t_MapInv__iter'0 = self; t_MapInv__func'0 = func; - t_MapInv__produced'0 = Snapshot.new (Seq.empty : Seq.seq uint32) }} + t_MapInv__produced'0 = Snapshot.new (Seq.empty : Seq.seq UInt32.t) }} (! return' {result}) ] @@ -1693,21 +1769,21 @@ module M_03_std_iterators__counter [#"03_std_iterators.rs" 41 0 41 27] axiom inv_axiom'6 [@rewrite] : forall x : t_Vec'0 [inv'6 x] . inv'6 x = true predicate invariant'1 (self : borrowed (t_MapInv'0)) = - [%#sinvariant56] inv'5 self.current /\ inv'5 self.final + [%#sinvariant70] inv'5 self.current /\ inv'5 self.final predicate inv'7 (_1 : borrowed (t_MapInv'0)) axiom inv_axiom'7 [@rewrite] : forall x : borrowed (t_MapInv'0) [inv'7 x] . inv'7 x = invariant'1 x - predicate inv'8 (_1 : Seq.seq uint32) + predicate inv'8 (_1 : Seq.seq UInt32.t) - axiom inv_axiom'8 [@rewrite] : forall x : Seq.seq uint32 [inv'8 x] . inv'8 x = true + axiom inv_axiom'8 [@rewrite] : forall x : Seq.seq UInt32.t [inv'8 x] . inv'8 x = true predicate resolve'6 (_1 : t_Iter'0) = true predicate resolve'3 (self : t_MapInv'0) = - [%#smap_inv45] resolve'6 self.t_MapInv__iter'0 /\ resolve'4 self.t_MapInv__func'0 + [%#smap_inv58] resolve'6 self.t_MapInv__iter'0 /\ resolve'4 self.t_MapInv__func'0 predicate resolve'1 (_1 : t_MapInv'0) = resolve'3 _1 @@ -1728,11 +1804,11 @@ module M_03_std_iterators__counter [#"03_std_iterators.rs" 41 0 41 27] use seq.Seq - predicate produces'1 [@inline:trivial] (self : t_MapInv'0) (visited : Seq.seq uint32) (succ : t_MapInv'0) = + predicate produces'1 [@inline:trivial] (self : t_MapInv'0) (visited : Seq.seq UInt32.t) (succ : t_MapInv'0) = [%#smap_inv29] unnest'0 self.t_MapInv__func'0 succ.t_MapInv__func'0 /\ (exists fs : Seq.seq (borrowed closure0'1) . inv'13 fs /\ Seq.length fs = Seq.length visited - /\ (exists s : Seq.seq uint32 . inv'10 s + /\ (exists s : Seq.seq UInt32.t . inv'10 s /\ Seq.length s = Seq.length visited /\ produces'0 self.t_MapInv__iter'0 s succ.t_MapInv__iter'0 /\ Snapshot.inner succ.t_MapInv__produced'0 = Seq.(++) (Snapshot.inner self.t_MapInv__produced'0) s @@ -1748,32 +1824,32 @@ module M_03_std_iterators__counter [#"03_std_iterators.rs" 41 0 41 27] /\ precondition'0 (Seq.get fs i).current (Seq.get s i, Snapshot.new (Seq.(++) (Snapshot.inner self.t_MapInv__produced'0) (Seq.([..]) s 0 i))) /\ postcondition_mut'0 (Seq.get fs i).current (Seq.get s i, Snapshot.new (Seq.(++) (Snapshot.inner self.t_MapInv__produced'0) (Seq.([..]) s 0 i))) (Seq.get fs i).final (Seq.get visited i)))) - function produces_trans'2 (a : t_MapInv'0) (ab : Seq.seq uint32) (b : t_MapInv'0) (bc : Seq.seq uint32) (c : t_MapInv'0) : () + function produces_trans'2 (a : t_MapInv'0) (ab : Seq.seq UInt32.t) (b : t_MapInv'0) (bc : Seq.seq UInt32.t) (c : t_MapInv'0) : () - axiom produces_trans'2_spec : forall a : t_MapInv'0, ab : Seq.seq uint32, b : t_MapInv'0, bc : Seq.seq uint32, c : t_MapInv'0 . ([%#smap_inv48] inv'5 a) - -> ([%#smap_inv49] inv'5 b) - -> ([%#smap_inv50] inv'5 c) - -> ([%#smap_inv51] produces'1 a ab b) - -> ([%#smap_inv52] produces'1 b bc c) -> ([%#smap_inv53] produces'1 a (Seq.(++) ab bc) c) + axiom produces_trans'2_spec : forall a : t_MapInv'0, ab : Seq.seq UInt32.t, b : t_MapInv'0, bc : Seq.seq UInt32.t, c : t_MapInv'0 . ([%#smap_inv61] inv'5 a) + -> ([%#smap_inv62] inv'5 b) + -> ([%#smap_inv63] inv'5 c) + -> ([%#smap_inv64] produces'1 a ab b) + -> ([%#smap_inv65] produces'1 b bc c) -> ([%#smap_inv66] produces'1 a (Seq.(++) ab bc) c) function produces_refl'2 (self : t_MapInv'0) : () - axiom produces_refl'2_spec : forall self : t_MapInv'0 . ([%#smap_inv46] inv'5 self) - -> ([%#smap_inv47] produces'1 self (Seq.empty : Seq.seq uint32) self) + axiom produces_refl'2_spec : forall self : t_MapInv'0 . ([%#smap_inv59] inv'5 self) + -> ([%#smap_inv60] produces'1 self (Seq.empty : Seq.seq UInt32.t) self) predicate completed'0 (self : borrowed (t_MapInv'0)) = - [%#smap_inv28] Snapshot.inner (self.final).t_MapInv__produced'0 = (Seq.empty : Seq.seq uint32) + [%#smap_inv28] Snapshot.inner (self.final).t_MapInv__produced'0 = (Seq.empty : Seq.seq UInt32.t) /\ completed'1 (Borrow.borrow_logic (self.current).t_MapInv__iter'0 (self.final).t_MapInv__iter'0 (Borrow.inherit_id (Borrow.get_id self) 1)) /\ (self.current).t_MapInv__func'0 = (self.final).t_MapInv__func'0 - predicate from_iter_post'0 (prod : Seq.seq uint32) (res : t_Vec'0) = + predicate from_iter_post'0 (prod : Seq.seq UInt32.t) (res : t_Vec'0) = [%#svec30] prod = view'0 res let rec collect'0 (self:t_MapInv'0) (return' (ret:t_Vec'0))= {[@expl:collect 'self' type invariant] inv'5 self} any [ return' (result:t_Vec'0)-> {inv'6 result} - {[%#siter16] exists done' : borrowed (t_MapInv'0), prod : Seq.seq uint32 . inv'7 done' + {[%#siter16] exists done' : borrowed (t_MapInv'0), prod : Seq.seq UInt32.t . inv'7 done' /\ inv'8 prod /\ resolve'1 done'.final /\ completed'0 done' /\ produces'1 self prod done'.current /\ from_iter_post'0 prod result} @@ -1786,14 +1862,14 @@ module M_03_std_iterators__counter [#"03_std_iterators.rs" 41 0 41 27] let rec counter'0 (v:t_Vec'0) (return' (ret:()))= (! bb0 [ bb0 = s0 - [ s0 = [ &cnt <- [%#s03_std_iterators0] (0 : usize) ] s1 - | s1 = deref'0 {v} (fun (_ret':slice uint32) -> [ &_7 <- _ret' ] s2) + [ s0 = [ &cnt <- [%#s03_std_iterators0] (0 : UInt64.t) ] s1 + | s1 = deref'0 {v} (fun (_ret':slice UInt32.t) -> [ &_7 <- _ret' ] s2) | s2 = bb1 ] | bb1 = s0 [ s0 = iter'0 {_7} (fun (_ret':t_Iter'0) -> [ &_5 <- _ret' ] s1) | s1 = bb2 ] | bb2 = s0 - [ s0 = Borrow.borrow_mut {cnt} - (fun (_ret':borrowed usize) -> [ &_10 <- _ret' ] [ &cnt <- _ret'.final ] s1) + [ s0 = Borrow.borrow_mut {cnt} + (fun (_ret':borrowed UInt64.t) -> [ &_10 <- _ret' ] [ &cnt <- _ret'.final ] s1) | s1 = [ &_9 <- { field_0'0 = _10 } ] s2 | s2 = map_inv'0 {_5} {_9} (fun (_ret':t_MapInv'0) -> [ &_4 <- _ret' ] s3) | s3 = bb3 ] @@ -1804,7 +1880,7 @@ module M_03_std_iterators__counter [#"03_std_iterators.rs" 41 0 41 27] | bb5 = s0 [ s0 = {[@expl:assertion] [%#s03_std_iterators2] Seq.(==) (view'0 x) (view'0 v)} s1 | s1 = bb6 ] | bb6 = s0 - [ s0 = {[@expl:assertion] [%#s03_std_iterators3] UIntSize.to_int cnt = Seq.length (view'0 x)} s1 | s1 = bb7 ] + [ s0 = {[@expl:assertion] [%#s03_std_iterators3] UInt64.to_uint cnt = Seq.length (view'0 x)} s1 | s1 = bb7 ] | bb7 = bb8 | bb8 = bb9 @@ -1812,13 +1888,13 @@ module M_03_std_iterators__counter [#"03_std_iterators.rs" 41 0 41 27] ) [ & _0 : () = any_l () | & v : t_Vec'0 = v - | & cnt : usize = any_l () + | & cnt : UInt64.t = any_l () | & x : t_Vec'0 = any_l () | & _4 : t_MapInv'0 = any_l () | & _5 : t_Iter'0 = any_l () - | & _7 : slice uint32 = any_l () + | & _7 : slice UInt32.t = any_l () | & _9 : closure0'1 = any_l () - | & _10 : borrowed usize = any_l () ] + | & _10 : borrowed UInt64.t = any_l () ] [ return' (result:())-> (! return' {result}) ] end module M_03_std_iterators__sum_range [#"03_std_iterators.rs" 63 0 63 35] @@ -1837,22 +1913,38 @@ module M_03_std_iterators__sum_range [#"03_std_iterators.rs" 63 0 63 35] let%span siter12 = "../../../../creusot-contracts/src/std/iter.rs" 107 26 110 17 let%span siter13 = "../../../../creusot-contracts/src/std/iter.rs" 86 20 86 24 let%span siter14 = "../../../../creusot-contracts/src/std/iter.rs" 92 8 92 19 - let%span srange15 = "../../../../creusot-contracts/src/std/iter/range.rs" 33 15 33 24 - let%span srange16 = "../../../../creusot-contracts/src/std/iter/range.rs" 34 14 34 45 - let%span srange17 = "../../../../creusot-contracts/src/std/iter/range.rs" 39 15 39 21 - let%span srange18 = "../../../../creusot-contracts/src/std/iter/range.rs" 40 15 40 21 - let%span srange19 = "../../../../creusot-contracts/src/std/iter/range.rs" 41 15 41 21 - let%span srange20 = "../../../../creusot-contracts/src/std/iter/range.rs" 42 15 42 32 - let%span srange21 = "../../../../creusot-contracts/src/std/iter/range.rs" 43 15 43 32 - let%span srange22 = "../../../../creusot-contracts/src/std/iter/range.rs" 44 14 44 42 - let%span snum23 = "../../../../creusot-contracts/src/std/num.rs" 21 28 21 33 - let%span srange24 = "../../../../creusot-contracts/src/std/iter/range.rs" 15 12 15 78 - let%span sresolve25 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 + let%span sord15 = "../../../../creusot-contracts/src/logic/ord.rs" 78 39 78 89 + let%span sord16 = "../../../../creusot-contracts/src/logic/ord.rs" 83 39 83 86 + let%span sord17 = "../../../../creusot-contracts/src/logic/ord.rs" 88 39 88 86 + let%span sord18 = "../../../../creusot-contracts/src/logic/ord.rs" 93 39 93 89 + let%span sord19 = "../../../../creusot-contracts/src/logic/ord.rs" 98 39 98 70 + let%span sord20 = "../../../../creusot-contracts/src/logic/ord.rs" 103 40 103 57 + let%span sord21 = "../../../../creusot-contracts/src/logic/ord.rs" 104 40 104 57 + let%span sord22 = "../../../../creusot-contracts/src/logic/ord.rs" 105 39 105 56 + let%span sord23 = "../../../../creusot-contracts/src/logic/ord.rs" 110 40 110 70 + let%span sord24 = "../../../../creusot-contracts/src/logic/ord.rs" 111 39 111 72 + let%span sord25 = "../../../../creusot-contracts/src/logic/ord.rs" 116 40 116 73 + let%span sord26 = "../../../../creusot-contracts/src/logic/ord.rs" 117 39 117 69 + let%span sord27 = "../../../../creusot-contracts/src/logic/ord.rs" 122 39 122 84 + let%span srange28 = "../../../../creusot-contracts/src/std/iter/range.rs" 33 15 33 24 + let%span srange29 = "../../../../creusot-contracts/src/std/iter/range.rs" 34 14 34 45 + let%span srange30 = "../../../../creusot-contracts/src/std/iter/range.rs" 39 15 39 21 + let%span srange31 = "../../../../creusot-contracts/src/std/iter/range.rs" 40 15 40 21 + let%span srange32 = "../../../../creusot-contracts/src/std/iter/range.rs" 41 15 41 21 + let%span srange33 = "../../../../creusot-contracts/src/std/iter/range.rs" 42 15 42 32 + let%span srange34 = "../../../../creusot-contracts/src/std/iter/range.rs" 43 15 43 32 + let%span srange35 = "../../../../creusot-contracts/src/std/iter/range.rs" 44 14 44 42 + let%span snum36 = "../../../../creusot-contracts/src/std/num.rs" 21 28 21 33 + let%span srange37 = "../../../../creusot-contracts/src/std/iter/range.rs" 15 12 15 78 + let%span sresolve38 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 + let%span sord39 = "../../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 - use prelude.prelude.IntSize + use prelude.prelude.Int + + use prelude.prelude.Int64 type t_Range'0 = - { t_Range__start'0: isize; t_Range__end'0: isize } + { t_Range__start'0: Int64.t; t_Range__end'0: Int64.t } predicate inv'0 (_1 : t_Range'0) @@ -1876,13 +1968,66 @@ module M_03_std_iterators__sum_range [#"03_std_iterators.rs" 63 0 63 35] use prelude.prelude.Snapshot - use prelude.prelude.IntSize + use prelude.prelude.Int64 use prelude.prelude.Snapshot use seq.Seq - use prelude.prelude.Int + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 + + use prelude.prelude.Int64 + + function cmp_log'0 (self : Int64.t) (o : Int64.t) : t_Ordering'0 = + [%#sord39] if Int64.slt self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + + function eq_cmp'0 (x : Int64.t) (y : Int64.t) : () + + axiom eq_cmp'0_spec : forall x : Int64.t, y : Int64.t . [%#sord27] (x = y) = (cmp_log'0 x y = C_Equal'0) + + function antisym2'0 (x : Int64.t) (y : Int64.t) : () + + axiom antisym2'0_spec : forall x : Int64.t, y : Int64.t . ([%#sord25] cmp_log'0 x y = C_Greater'0) + -> ([%#sord26] cmp_log'0 y x = C_Less'0) + + function antisym1'0 (x : Int64.t) (y : Int64.t) : () + + axiom antisym1'0_spec : forall x : Int64.t, y : Int64.t . ([%#sord23] cmp_log'0 x y = C_Less'0) + -> ([%#sord24] cmp_log'0 y x = C_Greater'0) + + function trans'0 (x : Int64.t) (y : Int64.t) (z : Int64.t) (o : t_Ordering'0) : () + + axiom trans'0_spec : forall x : Int64.t, y : Int64.t, z : Int64.t, o : t_Ordering'0 . ([%#sord20] cmp_log'0 x y = o) + -> ([%#sord21] cmp_log'0 y z = o) -> ([%#sord22] cmp_log'0 x z = o) + + function refl'0 (x : Int64.t) : () + + axiom refl'0_spec : forall x : Int64.t . [%#sord19] cmp_log'0 x x = C_Equal'0 + + use prelude.prelude.Int64 + + function cmp_gt_log'0 (x : Int64.t) (y : Int64.t) : () + + axiom cmp_gt_log'0_spec : forall x : Int64.t, y : Int64.t . [%#sord18] Int64.sgt x y = (cmp_log'0 x y = C_Greater'0) + + use prelude.prelude.Int64 + + function cmp_ge_log'0 (x : Int64.t) (y : Int64.t) : () + + axiom cmp_ge_log'0_spec : forall x : Int64.t, y : Int64.t . [%#sord17] Int64.sge x y = (cmp_log'0 x y <> C_Less'0) + + function cmp_lt_log'0 (x : Int64.t) (y : Int64.t) : () + + axiom cmp_lt_log'0_spec : forall x : Int64.t, y : Int64.t . [%#sord16] Int64.slt x y = (cmp_log'0 x y = C_Less'0) + + use prelude.prelude.Int64 + + function cmp_le_log'0 (x : Int64.t) (y : Int64.t) : () + + axiom cmp_le_log'0_spec : forall x : Int64.t, y : Int64.t . [%#sord15] Int64.sle x y = (cmp_log'0 x y <> C_Greater'0) use prelude.prelude.Snapshot @@ -1890,12 +2035,12 @@ module M_03_std_iterators__sum_range [#"03_std_iterators.rs" 63 0 63 35] use seq.Seq - function deep_model'0 (self : isize) : int = - [%#snum23] IntSize.to_int self + function deep_model'0 (self : Int64.t) : int = + [%#snum36] Int64.to_int self use seq.Seq - predicate produces'0 (self : t_Range'0) (visited : Seq.seq isize) (o : t_Range'0) = + predicate produces'0 (self : t_Range'0) (visited : Seq.seq Int64.t) (o : t_Range'0) = [%#srange11] self.t_Range__end'0 = o.t_Range__end'0 /\ deep_model'0 self.t_Range__start'0 <= deep_model'0 o.t_Range__start'0 /\ (Seq.length visited > 0 -> deep_model'0 o.t_Range__start'0 <= deep_model'0 o.t_Range__end'0) @@ -1903,23 +2048,23 @@ module M_03_std_iterators__sum_range [#"03_std_iterators.rs" 63 0 63 35] /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> deep_model'0 (Seq.get visited i) = deep_model'0 self.t_Range__start'0 + i) - function produces_trans'0 (a : t_Range'0) (ab : Seq.seq isize) (b : t_Range'0) (bc : Seq.seq isize) (c : t_Range'0) : () + function produces_trans'0 (a : t_Range'0) (ab : Seq.seq Int64.t) (b : t_Range'0) (bc : Seq.seq Int64.t) (c : t_Range'0) : () - axiom produces_trans'0_spec : forall a : t_Range'0, ab : Seq.seq isize, b : t_Range'0, bc : Seq.seq isize, c : t_Range'0 . ([%#srange17] inv'0 a) - -> ([%#srange18] inv'0 b) - -> ([%#srange19] inv'0 c) - -> ([%#srange20] produces'0 a ab b) - -> ([%#srange21] produces'0 b bc c) -> ([%#srange22] produces'0 a (Seq.(++) ab bc) c) + axiom produces_trans'0_spec : forall a : t_Range'0, ab : Seq.seq Int64.t, b : t_Range'0, bc : Seq.seq Int64.t, c : t_Range'0 . ([%#srange30] inv'0 a) + -> ([%#srange31] inv'0 b) + -> ([%#srange32] inv'0 c) + -> ([%#srange33] produces'0 a ab b) + -> ([%#srange34] produces'0 b bc c) -> ([%#srange35] produces'0 a (Seq.(++) ab bc) c) function produces_refl'0 (self : t_Range'0) : () - axiom produces_refl'0_spec : forall self : t_Range'0 . ([%#srange15] inv'0 self) - -> ([%#srange16] produces'0 self (Seq.empty : Seq.seq isize) self) + axiom produces_refl'0_spec : forall self : t_Range'0 . ([%#srange28] inv'0 self) + -> ([%#srange29] produces'0 self (Seq.empty : Seq.seq Int64.t) self) - predicate inv'1 (_1 : Seq.seq isize) + predicate inv'1 (_1 : Seq.seq Int64.t) - axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq isize [inv'1 x] . inv'1 x = true + axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq Int64.t [inv'1 x] . inv'1 x = true use prelude.prelude.Borrow @@ -1929,17 +2074,17 @@ module M_03_std_iterators__sum_range [#"03_std_iterators.rs" 63 0 63 35] type t_Option'0 = | C_None'0 - | C_Some'0 isize + | C_Some'0 Int64.t predicate inv'3 (_1 : t_Option'0) axiom inv_axiom'3 [@rewrite] : forall x : t_Option'0 [inv'3 x] . inv'3 x = true predicate resolve'1 (self : borrowed (t_Range'0)) = - [%#sresolve25] self.final = self.current + [%#sresolve38] self.final = self.current predicate completed'0 (self : borrowed (t_Range'0)) = - [%#srange24] resolve'1 self + [%#srange37] resolve'1 self /\ deep_model'0 (self.current).t_Range__start'0 >= deep_model'0 (self.current).t_Range__end'0 use seq.Seq @@ -1957,9 +2102,9 @@ module M_03_std_iterators__sum_range [#"03_std_iterators.rs" 63 0 63 35] predicate resolve'0 (_1 : borrowed (t_Range'0)) = resolve'1 _1 - let rec v_Some'0 (input:t_Option'0) (ret (field_0:isize))= any - [ good (field_0:isize)-> {C_Some'0 field_0 = input} (! ret {field_0}) - | bad -> {forall field_0 : isize [C_Some'0 field_0 : t_Option'0] . C_Some'0 field_0 <> input} (! {false} any) ] + let rec v_Some'0 (input:t_Option'0) (ret (field_0:Int64.t))= any + [ good (field_0:Int64.t)-> {C_Some'0 field_0 = input} (! ret {field_0}) + | bad -> {forall field_0 : Int64.t [C_Some'0 field_0 : t_Option'0] . C_Some'0 field_0 <> input} (! {false} any) ] use prelude.prelude.Intrinsic @@ -1970,26 +2115,26 @@ module M_03_std_iterators__sum_range [#"03_std_iterators.rs" 63 0 63 35] meta "compute_max_steps" 1000000 - let rec sum_range'0 (n:isize) (return' (ret:isize))= {[@expl:sum_range requires] [%#s03_std_iterators8] IntSize.to_int n + let rec sum_range'0 (n:Int64.t) (return' (ret:Int64.t))= {[@expl:sum_range requires] [%#s03_std_iterators8] Int64.to_int n >= 0} (! bb0 [ bb0 = s0 - [ s0 = [ &i <- [%#s03_std_iterators0] (0 : isize) ] s1 - | s1 = [ &_7 <- { t_Range__start'0 = ([%#s03_std_iterators1] (0 : isize)); t_Range__end'0 = n } ] s2 + [ s0 = [ &i <- [%#s03_std_iterators0] (0 : Int64.t) ] s1 + | s1 = [ &_7 <- { t_Range__start'0 = ([%#s03_std_iterators1] (0 : Int64.t)); t_Range__end'0 = n } ] s2 | s2 = into_iter'0 {_7} (fun (_ret':t_Range'0) -> [ &iter <- _ret' ] s3) | s3 = bb1 ] | bb1 = s0 [ s0 = [ &iter_old <- [%#s03_std_iterators2] Snapshot.new iter ] s1 | s1 = bb2 ] | bb2 = s0 - [ s0 = [ &produced <- [%#s03_std_iterators3] Snapshot.new (Seq.empty : Seq.seq isize) ] s1 | s1 = bb3 ] + [ s0 = [ &produced <- [%#s03_std_iterators3] Snapshot.new (Seq.empty : Seq.seq Int64.t) ] s1 | s1 = bb3 ] | bb3 = bb4 | bb4 = bb4 [ bb4 = {[@expl:for invariant] [%#s03_std_iterators5] inv'1 (Snapshot.inner produced)} {[@expl:for invariant] [%#s03_std_iterators5] inv'0 iter} {[@expl:for invariant] [%#s03_std_iterators5] produces'0 (Snapshot.inner iter_old) (Snapshot.inner produced) iter} - {[@expl:loop invariant] [%#s03_std_iterators4] IntSize.to_int i = Seq.length (Snapshot.inner produced) - /\ i <= n} + {[@expl:loop invariant] [%#s03_std_iterators4] Int64.to_int i = Seq.length (Snapshot.inner produced) + /\ Int64.sle i n} (! s0) [ s0 = bb5 ] [ bb5 = s0 [ s0 = Borrow.borrow_mut {iter} @@ -2004,11 +2149,11 @@ module M_03_std_iterators__sum_range [#"03_std_iterators.rs" 63 0 63 35] | bb6 = s0 [ s0 = -{resolve'0 _20}- s1 - | s1 = any [ br0 -> {_18 = C_None'0 } (! bb9) | br1 (x0:isize)-> {_18 = C_Some'0 x0} (! bb8) ] ] + | s1 = any [ br0 -> {_18 = C_None'0 } (! bb9) | br1 (x0:Int64.t)-> {_18 = C_Some'0 x0} (! bb8) ] ] | bb8 = bb10 | bb10 = s0 - [ s0 = v_Some'0 {_18} (fun (r0'0:isize) -> [ &__creusot_proc_iter_elem <- r0'0 ] s1) + [ s0 = v_Some'0 {_18} (fun (r0'0:Int64.t) -> [ &__creusot_proc_iter_elem <- r0'0 ] s1) | s1 = [ &_23 <- [%#s03_std_iterators6] Snapshot.new (Seq.(++) (Snapshot.inner produced) (Seq.singleton __creusot_proc_iter_elem)) ] @@ -2017,26 +2162,26 @@ module M_03_std_iterators__sum_range [#"03_std_iterators.rs" 63 0 63 35] | bb11 = s0 [ s0 = [ &produced <- _23 ] s1 - | s1 = IntSize.add {i} {[%#s03_std_iterators7] (1 : isize)} (fun (_ret':isize) -> [ &i <- _ret' ] s2) + | s1 = Int64.add {i} {[%#s03_std_iterators7] (1 : Int64.t)} (fun (_ret':Int64.t) -> [ &i <- _ret' ] s2) | s2 = bb4 ] ] ] | bb9 = s0 [ s0 = [ &_0 <- i ] s1 | s1 = return' {_0} ] ] ) - [ & _0 : isize = any_l () - | & n : isize = n - | & i : isize = any_l () + [ & _0 : Int64.t = any_l () + | & n : Int64.t = n + | & i : Int64.t = any_l () | & iter : t_Range'0 = any_l () | & _7 : t_Range'0 = any_l () | & iter_old : Snapshot.snap_ty (t_Range'0) = any_l () - | & produced : Snapshot.snap_ty (Seq.seq isize) = any_l () + | & produced : Snapshot.snap_ty (Seq.seq Int64.t) = any_l () | & _18 : t_Option'0 = any_l () | & _19 : borrowed (t_Range'0) = any_l () | & _20 : borrowed (t_Range'0) = any_l () - | & __creusot_proc_iter_elem : isize = any_l () - | & _23 : Snapshot.snap_ty (Seq.seq isize) = any_l () ] - [ return' (result:isize)-> {[@expl:sum_range ensures] [%#s03_std_iterators9] result = n} (! return' {result}) ] + | & __creusot_proc_iter_elem : Int64.t = any_l () + | & _23 : Snapshot.snap_ty (Seq.seq Int64.t) = any_l () ] + [ return' (result:Int64.t)-> {[@expl:sum_range ensures] [%#s03_std_iterators9] result = n} (! return' {result}) ] end module M_03_std_iterators__enumerate_range [#"03_std_iterators.rs" 72 0 72 24] let%span s03_std_iterators0 = "03_std_iterators.rs" 74 20 74 21 @@ -2075,13 +2220,15 @@ module M_03_std_iterators__enumerate_range [#"03_std_iterators.rs" 72 0 72 24] let%span srange33 = "../../../../creusot-contracts/src/std/iter/range.rs" 42 15 42 32 let%span srange34 = "../../../../creusot-contracts/src/std/iter/range.rs" 43 15 43 32 let%span srange35 = "../../../../creusot-contracts/src/std/iter/range.rs" 44 14 44 42 - let%span snum36 = "../../../../creusot-contracts/src/std/num.rs" 21 28 21 33 + let%span snum36 = "../../../../creusot-contracts/src/std/num.rs" 52 28 52 33 let%span sinvariant37 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 type t_Range'0 = - { t_Range__start'0: usize; t_Range__end'0: usize } + { t_Range__start'0: UInt64.t; t_Range__end'0: UInt64.t } predicate inv'3 (_1 : t_Range'0) @@ -2095,12 +2242,10 @@ module M_03_std_iterators__enumerate_range [#"03_std_iterators.rs" 72 0 72 24] use seq.Seq - use prelude.prelude.Int - - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 - function deep_model'0 (self : usize) : int = - [%#snum36] UIntSize.to_int self + function deep_model'0 (self : UInt64.t) : int = + [%#snum36] UInt64.to_uint self use seq.Seq @@ -2110,7 +2255,7 @@ module M_03_std_iterators__enumerate_range [#"03_std_iterators.rs" 72 0 72 24] use seq.Seq - predicate produces'1 (self : t_Range'0) (visited : Seq.seq usize) (o : t_Range'0) = + predicate produces'1 (self : t_Range'0) (visited : Seq.seq UInt64.t) (o : t_Range'0) = [%#srange14] self.t_Range__end'0 = o.t_Range__end'0 /\ deep_model'0 self.t_Range__start'0 <= deep_model'0 o.t_Range__start'0 /\ (Seq.length visited > 0 -> deep_model'0 o.t_Range__start'0 <= deep_model'0 o.t_Range__end'0) @@ -2118,10 +2263,10 @@ module M_03_std_iterators__enumerate_range [#"03_std_iterators.rs" 72 0 72 24] /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> deep_model'0 (Seq.get visited i) = deep_model'0 self.t_Range__start'0 + i) - function produces_trans'1 (a : t_Range'0) (ab : Seq.seq usize) (b : t_Range'0) (bc : Seq.seq usize) (c : t_Range'0) : () + function produces_trans'1 (a : t_Range'0) (ab : Seq.seq UInt64.t) (b : t_Range'0) (bc : Seq.seq UInt64.t) (c : t_Range'0) : () - axiom produces_trans'1_spec : forall a : t_Range'0, ab : Seq.seq usize, b : t_Range'0, bc : Seq.seq usize, c : t_Range'0 . ([%#srange30] inv'3 a) + axiom produces_trans'1_spec : forall a : t_Range'0, ab : Seq.seq UInt64.t, b : t_Range'0, bc : Seq.seq UInt64.t, c : t_Range'0 . ([%#srange30] inv'3 a) -> ([%#srange31] inv'3 b) -> ([%#srange32] inv'3 c) -> ([%#srange33] produces'1 a ab b) @@ -2130,7 +2275,7 @@ module M_03_std_iterators__enumerate_range [#"03_std_iterators.rs" 72 0 72 24] function produces_refl'1 (self : t_Range'0) : () axiom produces_refl'1_spec : forall self : t_Range'0 . ([%#srange28] inv'3 self) - -> ([%#srange29] produces'1 self (Seq.empty : Seq.seq usize) self) + -> ([%#srange29] produces'1 self (Seq.empty : Seq.seq UInt64.t) self) predicate resolve'2 (self : borrowed (t_Range'0)) = [%#sresolve27] self.final = self.current @@ -2139,14 +2284,14 @@ module M_03_std_iterators__enumerate_range [#"03_std_iterators.rs" 72 0 72 24] [%#srange13] resolve'2 self /\ deep_model'0 (self.current).t_Range__start'0 >= deep_model'0 (self.current).t_Range__end'0 - predicate inv'5 (_1 : Seq.seq usize) + predicate inv'5 (_1 : Seq.seq UInt64.t) - axiom inv_axiom'5 [@rewrite] : forall x : Seq.seq usize [inv'5 x] . inv'5 x = true + axiom inv_axiom'5 [@rewrite] : forall x : Seq.seq UInt64.t [inv'5 x] . inv'5 x = true - constant v_MAX'0 : usize = (18446744073709551615 : usize) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) type t_Enumerate'0 = - { t_Enumerate__iter'0: t_Range'0; t_Enumerate__count'0: usize } + { t_Enumerate__iter'0: t_Range'0; t_Enumerate__count'0: UInt64.t } predicate invariant'0 (self : t_Enumerate'0) @@ -2166,9 +2311,9 @@ module M_03_std_iterators__enumerate_range [#"03_std_iterators.rs" 72 0 72 24] let rec enumerate'0 (self:t_Range'0) (return' (ret:t_Enumerate'0))= {[@expl:enumerate 'self' type invariant] inv'3 self} {[@expl:enumerate requires #0] [%#siter7] forall i : borrowed (t_Range'0) . inv'4 i /\ completed'0 i - -> produces'1 i.current (Seq.empty : Seq.seq usize) i.final} - {[@expl:enumerate requires #1] [%#siter8] forall s : Seq.seq usize, i : t_Range'0 . inv'5 s - /\ inv'3 i /\ produces'1 self s i -> Seq.length s < UIntSize.to_int v_MAX'0} + -> produces'1 i.current (Seq.empty : Seq.seq UInt64.t) i.final} + {[@expl:enumerate requires #1] [%#siter8] forall s : Seq.seq UInt64.t, i : t_Range'0 . inv'5 s + /\ inv'3 i /\ produces'1 self s i -> Seq.length s < UInt64.to_uint v_MAX'0} any [ return' (result:t_Enumerate'0)-> {inv'0 result} {[%#siter9] iter'0 result = self /\ n'0 result = 0} @@ -2203,7 +2348,7 @@ module M_03_std_iterators__enumerate_range [#"03_std_iterators.rs" 72 0 72 24] use seq.Seq - function index_logic'0 [@inline:trivial] (self : Snapshot.snap_ty (Seq.seq (usize, usize))) (ix : int) : (usize, usize) + function index_logic'0 [@inline:trivial] (self : Snapshot.snap_ty (Seq.seq (UInt64.t, UInt64.t))) (ix : int) : (UInt64.t, UInt64.t) = [%#sops10] Seq.get (Snapshot.inner self) ix @@ -2214,19 +2359,19 @@ module M_03_std_iterators__enumerate_range [#"03_std_iterators.rs" 72 0 72 24] use seq.Seq - predicate produces'0 (self : t_Enumerate'0) (visited : Seq.seq (usize, usize)) (o : t_Enumerate'0) = + predicate produces'0 (self : t_Enumerate'0) (visited : Seq.seq (UInt64.t, UInt64.t)) (o : t_Enumerate'0) = [%#senumerate11] Seq.length visited = n'0 o - n'0 self - /\ (exists s : Seq.seq usize . inv'5 s + /\ (exists s : Seq.seq UInt64.t . inv'5 s /\ produces'1 (iter'0 self) s (iter'0 o) /\ Seq.length visited = Seq.length s /\ (forall i : int . 0 <= i /\ i < Seq.length s - -> UIntSize.to_int (let (a, _) = Seq.get visited i in a) = n'0 self + i + -> UInt64.to_uint (let (a, _) = Seq.get visited i in a) = n'0 self + i /\ (let (_, a) = Seq.get visited i in a) = Seq.get s i)) - function produces_trans'0 (a : t_Enumerate'0) (ab : Seq.seq (usize, usize)) (b : t_Enumerate'0) (bc : Seq.seq (usize, usize)) (c : t_Enumerate'0) : () + function produces_trans'0 (a : t_Enumerate'0) (ab : Seq.seq (UInt64.t, UInt64.t)) (b : t_Enumerate'0) (bc : Seq.seq (UInt64.t, UInt64.t)) (c : t_Enumerate'0) : () - axiom produces_trans'0_spec : forall a : t_Enumerate'0, ab : Seq.seq (usize, usize), b : t_Enumerate'0, bc : Seq.seq (usize, usize), c : t_Enumerate'0 . ([%#senumerate20] inv'0 a) + axiom produces_trans'0_spec : forall a : t_Enumerate'0, ab : Seq.seq (UInt64.t, UInt64.t), b : t_Enumerate'0, bc : Seq.seq (UInt64.t, UInt64.t), c : t_Enumerate'0 . ([%#senumerate20] inv'0 a) -> ([%#senumerate21] inv'0 b) -> ([%#senumerate22] inv'0 c) -> ([%#senumerate23] produces'0 a ab b) @@ -2235,11 +2380,11 @@ module M_03_std_iterators__enumerate_range [#"03_std_iterators.rs" 72 0 72 24] function produces_refl'0 (self : t_Enumerate'0) : () axiom produces_refl'0_spec : forall self : t_Enumerate'0 . ([%#senumerate18] inv'0 self) - -> ([%#senumerate19] produces'0 self (Seq.empty : Seq.seq (usize, usize)) self) + -> ([%#senumerate19] produces'0 self (Seq.empty : Seq.seq (UInt64.t, UInt64.t)) self) - predicate inv'1 (_1 : Seq.seq (usize, usize)) + predicate inv'1 (_1 : Seq.seq (UInt64.t, UInt64.t)) - axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq (usize, usize) [inv'1 x] . inv'1 x = true + axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq (UInt64.t, UInt64.t) [inv'1 x] . inv'1 x = true predicate invariant'1 (self : borrowed (t_Enumerate'0)) = [%#sinvariant37] inv'0 self.current /\ inv'0 self.final @@ -2250,7 +2395,7 @@ module M_03_std_iterators__enumerate_range [#"03_std_iterators.rs" 72 0 72 24] type t_Option'0 = | C_None'0 - | C_Some'0 (usize, usize) + | C_Some'0 (UInt64.t, UInt64.t) predicate inv'6 (_1 : t_Option'0) @@ -2279,9 +2424,9 @@ module M_03_std_iterators__enumerate_range [#"03_std_iterators.rs" 72 0 72 24] predicate resolve'0 (_1 : borrowed (t_Enumerate'0)) = resolve'1 _1 - let rec v_Some'0 (input:t_Option'0) (ret (field_0:(usize, usize)))= any - [ good (field_0:(usize, usize))-> {C_Some'0 field_0 = input} (! ret {field_0}) - | bad -> {forall field_0 : (usize, usize) [C_Some'0 field_0 : t_Option'0] . C_Some'0 field_0 <> input} + let rec v_Some'0 (input:t_Option'0) (ret (field_0:(UInt64.t, UInt64.t)))= any + [ good (field_0:(UInt64.t, UInt64.t))-> {C_Some'0 field_0 = input} (! ret {field_0}) + | bad -> {forall field_0 : (UInt64.t, UInt64.t) [C_Some'0 field_0 : t_Option'0] . C_Some'0 field_0 <> input} (! {false} any) ] @@ -2295,8 +2440,8 @@ module M_03_std_iterators__enumerate_range [#"03_std_iterators.rs" 72 0 72 24] let rec enumerate_range'0 (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = - [ &_3 <- { t_Range__start'0 = ([%#s03_std_iterators0] (0 : usize)); - t_Range__end'0 = ([%#s03_std_iterators1] (10 : usize)) } ] + [ &_3 <- { t_Range__start'0 = ([%#s03_std_iterators0] (0 : UInt64.t)); + t_Range__end'0 = ([%#s03_std_iterators1] (10 : UInt64.t)) } ] s1 | s1 = enumerate'0 {_3} (fun (_ret':t_Enumerate'0) -> [ &_2 <- _ret' ] s2) @@ -2305,7 +2450,8 @@ module M_03_std_iterators__enumerate_range [#"03_std_iterators.rs" 72 0 72 24] | bb1 = s0 [ s0 = into_iter'0 {_2} (fun (_ret':t_Enumerate'0) -> [ &iter <- _ret' ] s1) | s1 = bb2 ] | bb2 = s0 [ s0 = [ &iter_old <- [%#s03_std_iterators2] Snapshot.new iter ] s1 | s1 = bb3 ] | bb3 = s0 - [ s0 = [ &produced <- [%#s03_std_iterators3] Snapshot.new (Seq.empty : Seq.seq (usize, usize)) ] s1 | s1 = bb4 ] + [ s0 = [ &produced <- [%#s03_std_iterators3] Snapshot.new (Seq.empty : Seq.seq (UInt64.t, UInt64.t)) ] s1 + | s1 = bb4 ] | bb4 = bb5 | bb5 = bb5 @@ -2337,11 +2483,13 @@ module M_03_std_iterators__enumerate_range [#"03_std_iterators.rs" 72 0 72 24] | bb7 = s0 [ s0 = {[@expl:type invariant] inv'2 _15} s1 | s1 = -{resolve'0 _15}- s2 - | s2 = any [ br0 -> {_13 = C_None'0 } (! bb10) | br1 (x0:(usize, usize))-> {_13 = C_Some'0 x0} (! bb9) ] ] + | s2 = any + [ br0 -> {_13 = C_None'0 } (! bb10) | br1 (x0:(UInt64.t, UInt64.t))-> {_13 = C_Some'0 x0} (! bb9) ] + ] | bb9 = bb11 | bb11 = s0 - [ s0 = v_Some'0 {_13} (fun (r0'0:(usize, usize)) -> [ &__creusot_proc_iter_elem <- r0'0 ] s1) + [ s0 = v_Some'0 {_13} (fun (r0'0:(UInt64.t, UInt64.t)) -> [ &__creusot_proc_iter_elem <- r0'0 ] s1) | s1 = [ &_18 <- [%#s03_std_iterators6] Snapshot.new (Seq.(++) (Snapshot.inner produced) (Seq.singleton __creusot_proc_iter_elem)) ] @@ -2363,23 +2511,23 @@ module M_03_std_iterators__enumerate_range [#"03_std_iterators.rs" 72 0 72 24] | & _2 : t_Enumerate'0 = any_l () | & _3 : t_Range'0 = any_l () | & iter_old : Snapshot.snap_ty (t_Enumerate'0) = any_l () - | & produced : Snapshot.snap_ty (Seq.seq (usize, usize)) = any_l () + | & produced : Snapshot.snap_ty (Seq.seq (UInt64.t, UInt64.t)) = any_l () | & _13 : t_Option'0 = any_l () | & _14 : borrowed (t_Enumerate'0) = any_l () | & _15 : borrowed (t_Enumerate'0) = any_l () - | & __creusot_proc_iter_elem : (usize, usize) = any_l () - | & _18 : Snapshot.snap_ty (Seq.seq (usize, usize)) = any_l () - | & ix : usize = any_l () - | & x : usize = any_l () ] + | & __creusot_proc_iter_elem : (UInt64.t, UInt64.t) = any_l () + | & _18 : Snapshot.snap_ty (Seq.seq (UInt64.t, UInt64.t)) = any_l () + | & ix : UInt64.t = any_l () + | & x : UInt64.t = any_l () ] [ return' (result:())-> (! return' {result}) ] end module M_03_std_iterators__my_reverse [#"03_std_iterators.rs" 94 0 94 37] let%span s03_std_iterators0 = "03_std_iterators.rs" 96 36 96 55 - let%span s03_std_iterators1 = "03_std_iterators.rs" 101 26 101 27 - let%span s03_std_iterators2 = "03_std_iterators.rs" 101 22 101 27 + let%span s03_std_iterators1 = "03_std_iterators.rs" 101 22 101 27 + let%span s03_std_iterators2 = "03_std_iterators.rs" 101 26 101 27 let%span s03_std_iterators3 = "03_std_iterators.rs" 101 19 101 20 - let%span s03_std_iterators4 = "03_std_iterators.rs" 101 40 101 41 - let%span s03_std_iterators5 = "03_std_iterators.rs" 101 36 101 41 + let%span s03_std_iterators4 = "03_std_iterators.rs" 101 36 101 41 + let%span s03_std_iterators5 = "03_std_iterators.rs" 101 40 101 41 let%span s03_std_iterators6 = "03_std_iterators.rs" 101 33 101 34 let%span s03_std_iterators7 = "03_std_iterators.rs" 101 4 101 7 let%span s03_std_iterators8 = "03_std_iterators.rs" 101 4 101 7 @@ -2393,7 +2541,7 @@ module M_03_std_iterators__my_reverse [#"03_std_iterators.rs" 94 0 94 37] let%span s03_std_iterators16 = "03_std_iterators.rs" 103 22 103 52 let%span s03_std_iterators17 = "03_std_iterators.rs" 94 21 94 26 let%span s03_std_iterators18 = "03_std_iterators.rs" 93 10 93 44 - let%span sslice19 = "../../../../creusot-contracts/src/std/slice.rs" 245 0 354 1 + let%span sslice19 = "../../../../creusot-contracts/src/std/slice.rs" 263 0 372 1 let%span siter20 = "../../../../creusot-contracts/src/std/iter.rs" 165 27 165 48 let%span siter21 = "../../../../creusot-contracts/src/std/iter.rs" 101 0 213 1 let%span siter22 = "../../../../creusot-contracts/src/std/iter.rs" 167 26 167 62 @@ -2403,9 +2551,9 @@ module M_03_std_iterators__my_reverse [#"03_std_iterators.rs" 94 0 94 37] let%span s03_std_iterators26 = "03_std_iterators.rs" 82 8 82 58 let%span szip27 = "../../../../creusot-contracts/src/std/iter/zip.rs" 46 12 49 95 let%span siter28 = "../../../../creusot-contracts/src/std/iter.rs" 107 26 110 17 - let%span sslice29 = "../../../../creusot-contracts/src/std/slice.rs" 257 19 257 35 - let%span sslice30 = "../../../../creusot-contracts/src/std/slice.rs" 258 19 258 35 - let%span sslice31 = "../../../../creusot-contracts/src/std/slice.rs" 259 18 259 50 + let%span sslice29 = "../../../../creusot-contracts/src/std/slice.rs" 275 19 275 35 + let%span sslice30 = "../../../../creusot-contracts/src/std/slice.rs" 276 19 276 35 + let%span sslice31 = "../../../../creusot-contracts/src/std/slice.rs" 277 18 277 50 let%span sops32 = "../../../../creusot-contracts/src/logic/ops.rs" 42 8 42 31 let%span sops33 = "../../../../creusot-contracts/src/logic/ops.rs" 53 8 53 32 let%span sslice34 = "../../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 @@ -2434,7 +2582,7 @@ module M_03_std_iterators__my_reverse [#"03_std_iterators.rs" 94 0 94 37] let%span srange57 = "../../../../creusot-contracts/src/std/iter/range.rs" 42 15 42 32 let%span srange58 = "../../../../creusot-contracts/src/std/iter/range.rs" 43 15 43 32 let%span srange59 = "../../../../creusot-contracts/src/std/iter/range.rs" 44 14 44 42 - let%span snum60 = "../../../../creusot-contracts/src/std/num.rs" 21 28 21 33 + let%span snum60 = "../../../../creusot-contracts/src/std/num.rs" 52 28 52 33 let%span srange61 = "../../../../creusot-contracts/src/std/iter/range.rs" 15 12 15 78 let%span sslice62 = "../../../../creusot-contracts/src/std/slice.rs" 18 20 18 30 let%span sinvariant63 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 @@ -2444,29 +2592,29 @@ module M_03_std_iterators__my_reverse [#"03_std_iterators.rs" 94 0 94 37] use prelude.prelude.Borrow - use prelude.prelude.Slice + use Slice64.create type t_T'0 use seq.Seq - use prelude.prelude.UIntSize + use prelude.prelude.Int - constant v_MAX'0 : usize = (18446744073709551615 : usize) + use prelude.prelude.UInt64 - use prelude.prelude.UIntSize + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.Int + use prelude.prelude.UInt64 - use prelude.prelude.Slice + use prelude.prelude.Slice64 use seq.Seq function view'2 (self : slice t_T'0) : Seq.seq t_T'0 axiom view'2_spec : forall self : slice t_T'0 . ([%#sslice34] Seq.length (view'2 self) - <= UIntSize.to_int (v_MAX'0 : usize)) - && ([%#sslice35] view'2 self = Slice.id self) + <= UInt64.to_uint (v_MAX'0 : UInt64.t)) + && ([%#sslice35] view'2 self = Slice64.id self) use seq.Seq @@ -2503,15 +2651,15 @@ module M_03_std_iterators__my_reverse [#"03_std_iterators.rs" 94 0 94 37] function view'3 (self : slice t_T'0) : Seq.seq t_T'0 = [%#smodel36] view'2 self - let rec len'0 (self:slice t_T'0) (return' (ret:usize))= {[@expl:len 'self' type invariant] inv'4 self} + let rec len'0 (self:slice t_T'0) (return' (ret:UInt64.t))= {[@expl:len 'self' type invariant] inv'4 self} any - [ return' (result:usize)-> {[%#sslice19] Seq.length (view'3 self) = UIntSize.to_int result} (! return' {result}) ] + [ return' (result:UInt64.t)-> {[%#sslice19] Seq.length (view'3 self) = UInt64.to_uint result} (! return' {result}) ] use prelude.prelude.Snapshot type t_Range'0 = - { t_Range__start'0: usize; t_Range__end'0: usize } + { t_Range__start'0: UInt64.t; t_Range__end'0: UInt64.t } predicate inv'5 (_1 : t_Range'0) @@ -2521,7 +2669,11 @@ module M_03_std_iterators__my_reverse [#"03_std_iterators.rs" 94 0 94 37] [%#siter37] true type t_Zip'0 = - { t_Zip__a'0: t_Range'0; t_Zip__b'0: t_Range'0; t_Zip__index'0: usize; t_Zip__len'0: usize; t_Zip__a_len'0: usize } + { t_Zip__a'0: t_Range'0; + t_Zip__b'0: t_Range'0; + t_Zip__index'0: UInt64.t; + t_Zip__len'0: UInt64.t; + t_Zip__a_len'0: UInt64.t } predicate inv'0 (_1 : t_Zip'0) @@ -2603,9 +2755,9 @@ module M_03_std_iterators__my_reverse [#"03_std_iterators.rs" 94 0 94 37] use seq.Seq - predicate inv'6 (_1 : Seq.seq usize) + predicate inv'6 (_1 : Seq.seq UInt64.t) - axiom inv_axiom'6 [@rewrite] : forall x : Seq.seq usize [inv'6 x] . inv'6 x = true + axiom inv_axiom'6 [@rewrite] : forall x : Seq.seq UInt64.t [inv'6 x] . inv'6 x = true use seq.Seq @@ -2617,10 +2769,10 @@ module M_03_std_iterators__my_reverse [#"03_std_iterators.rs" 94 0 94 37] use seq.Seq - function deep_model'0 (self : usize) : int = - [%#snum60] UIntSize.to_int self + function deep_model'0 (self : UInt64.t) : int = + [%#snum60] UInt64.to_uint self - predicate produces'1 (self : t_Range'0) (visited : Seq.seq usize) (o : t_Range'0) = + predicate produces'1 (self : t_Range'0) (visited : Seq.seq UInt64.t) (o : t_Range'0) = [%#srange49] self.t_Range__end'0 = o.t_Range__end'0 /\ deep_model'0 self.t_Range__start'0 <= deep_model'0 o.t_Range__start'0 /\ (Seq.length visited > 0 -> deep_model'0 o.t_Range__start'0 <= deep_model'0 o.t_Range__end'0) @@ -2628,10 +2780,10 @@ module M_03_std_iterators__my_reverse [#"03_std_iterators.rs" 94 0 94 37] /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> deep_model'0 (Seq.get visited i) = deep_model'0 self.t_Range__start'0 + i) - function produces_trans'1 (a : t_Range'0) (ab : Seq.seq usize) (b : t_Range'0) (bc : Seq.seq usize) (c : t_Range'0) : () + function produces_trans'1 (a : t_Range'0) (ab : Seq.seq UInt64.t) (b : t_Range'0) (bc : Seq.seq UInt64.t) (c : t_Range'0) : () - axiom produces_trans'1_spec : forall a : t_Range'0, ab : Seq.seq usize, b : t_Range'0, bc : Seq.seq usize, c : t_Range'0 . ([%#srange54] inv'5 a) + axiom produces_trans'1_spec : forall a : t_Range'0, ab : Seq.seq UInt64.t, b : t_Range'0, bc : Seq.seq UInt64.t, c : t_Range'0 . ([%#srange54] inv'5 a) -> ([%#srange55] inv'5 b) -> ([%#srange56] inv'5 c) -> ([%#srange57] produces'1 a ab b) @@ -2640,20 +2792,20 @@ module M_03_std_iterators__my_reverse [#"03_std_iterators.rs" 94 0 94 37] function produces_refl'1 (self : t_Range'0) : () axiom produces_refl'1_spec : forall self : t_Range'0 . ([%#srange52] inv'5 self) - -> ([%#srange53] produces'1 self (Seq.empty : Seq.seq usize) self) + -> ([%#srange53] produces'1 self (Seq.empty : Seq.seq UInt64.t) self) - predicate produces'0 (self : t_Zip'0) (visited : Seq.seq (usize, usize)) (o : t_Zip'0) = - [%#szip27] exists p1 : Seq.seq usize, p2 : Seq.seq usize . inv'6 p1 + predicate produces'0 (self : t_Zip'0) (visited : Seq.seq (UInt64.t, UInt64.t)) (o : t_Zip'0) = + [%#szip27] exists p1 : Seq.seq UInt64.t, p2 : Seq.seq UInt64.t . inv'6 p1 /\ inv'6 p2 /\ Seq.length p1 = Seq.length p2 /\ Seq.length p2 = Seq.length visited /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> Seq.get visited i = (Seq.get p1 i, Seq.get p2 i)) /\ produces'1 (itera'0 self) p1 (itera'0 o) /\ produces'1 (iterb'0 self) p2 (iterb'0 o) - function produces_trans'0 (a : t_Zip'0) (ab : Seq.seq (usize, usize)) (b : t_Zip'0) (bc : Seq.seq (usize, usize)) (c : t_Zip'0) : () + function produces_trans'0 (a : t_Zip'0) (ab : Seq.seq (UInt64.t, UInt64.t)) (b : t_Zip'0) (bc : Seq.seq (UInt64.t, UInt64.t)) (c : t_Zip'0) : () - axiom produces_trans'0_spec : forall a : t_Zip'0, ab : Seq.seq (usize, usize), b : t_Zip'0, bc : Seq.seq (usize, usize), c : t_Zip'0 . ([%#szip43] inv'0 a) + axiom produces_trans'0_spec : forall a : t_Zip'0, ab : Seq.seq (UInt64.t, UInt64.t), b : t_Zip'0, bc : Seq.seq (UInt64.t, UInt64.t), c : t_Zip'0 . ([%#szip43] inv'0 a) -> ([%#szip44] inv'0 b) -> ([%#szip45] inv'0 c) -> ([%#szip46] produces'0 a ab b) -> ([%#szip47] produces'0 b bc c) -> ([%#szip48] produces'0 a (Seq.(++) ab bc) c) @@ -2661,11 +2813,11 @@ module M_03_std_iterators__my_reverse [#"03_std_iterators.rs" 94 0 94 37] function produces_refl'0 (self : t_Zip'0) : () axiom produces_refl'0_spec : forall self : t_Zip'0 . ([%#szip41] inv'0 self) - -> ([%#szip42] produces'0 self (Seq.empty : Seq.seq (usize, usize)) self) + -> ([%#szip42] produces'0 self (Seq.empty : Seq.seq (UInt64.t, UInt64.t)) self) - predicate inv'1 (_1 : Seq.seq (usize, usize)) + predicate inv'1 (_1 : Seq.seq (UInt64.t, UInt64.t)) - axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq (usize, usize) [inv'1 x] . inv'1 x = true + axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq (UInt64.t, UInt64.t) [inv'1 x] . inv'1 x = true predicate inv'7 (_1 : borrowed (t_Zip'0)) @@ -2673,7 +2825,7 @@ module M_03_std_iterators__my_reverse [#"03_std_iterators.rs" 94 0 94 37] type t_Option'0 = | C_None'0 - | C_Some'0 (usize, usize) + | C_Some'0 (UInt64.t, UInt64.t) predicate inv'8 (_1 : t_Option'0) @@ -2693,13 +2845,13 @@ module M_03_std_iterators__my_reverse [#"03_std_iterators.rs" 94 0 94 37] predicate resolve'4 (_1 : borrowed (t_Range'0)) = resolve'6 _1 - predicate inv'10 (_1 : usize) + predicate inv'10 (_1 : UInt64.t) - axiom inv_axiom'10 [@rewrite] : forall x : usize [inv'10 x] . inv'10 x = true + axiom inv_axiom'10 [@rewrite] : forall x : UInt64.t [inv'10 x] . inv'10 x = true use seq.Seq - predicate resolve'5 (_1 : usize) = + predicate resolve'5 (_1 : UInt64.t) = true predicate completed'0 (self : borrowed (t_Zip'0)) = @@ -2710,7 +2862,8 @@ module M_03_std_iterators__my_reverse [#"03_std_iterators.rs" 94 0 94 37] /\ a.final = itera'0 self.final /\ b.final = iterb'0 self.final /\ (completed'1 a /\ resolve'4 b - \/ (exists x : usize . inv'10 x /\ produces'1 a.current (Seq.singleton x) a.final /\ resolve'5 x /\ completed'1 b)) + \/ (exists x : UInt64.t . inv'10 x + /\ produces'1 a.current (Seq.singleton x) a.final /\ resolve'5 x /\ completed'1 b)) use seq.Seq @@ -2730,9 +2883,9 @@ module M_03_std_iterators__my_reverse [#"03_std_iterators.rs" 94 0 94 37] predicate resolve'0 (_1 : borrowed (t_Zip'0)) = resolve'2 _1 - let rec v_Some'0 (input:t_Option'0) (ret (field_0:(usize, usize)))= any - [ good (field_0:(usize, usize))-> {C_Some'0 field_0 = input} (! ret {field_0}) - | bad -> {forall field_0 : (usize, usize) [C_Some'0 field_0 : t_Option'0] . C_Some'0 field_0 <> input} + let rec v_Some'0 (input:t_Option'0) (ret (field_0:(UInt64.t, UInt64.t)))= any + [ good (field_0:(UInt64.t, UInt64.t))-> {C_Some'0 field_0 = input} (! ret {field_0}) + | bad -> {forall field_0 : (UInt64.t, UInt64.t) [C_Some'0 field_0 : t_Option'0] . C_Some'0 field_0 <> input} (! {false} any) ] @@ -2746,19 +2899,19 @@ module M_03_std_iterators__my_reverse [#"03_std_iterators.rs" 94 0 94 37] use seq.Permut - let rec swap'0 (self:borrowed (slice t_T'0)) (a:usize) (b:usize) (return' (ret:()))= {[@expl:swap 'self' type invariant] inv'3 self} - {[@expl:swap requires #0] [%#sslice29] UIntSize.to_int a < Seq.length (view'0 self)} - {[@expl:swap requires #1] [%#sslice30] UIntSize.to_int b < Seq.length (view'0 self)} + let rec swap'0 (self:borrowed (slice t_T'0)) (a:UInt64.t) (b:UInt64.t) (return' (ret:()))= {[@expl:swap 'self' type invariant] inv'3 self} + {[@expl:swap requires #0] [%#sslice29] UInt64.to_uint a < Seq.length (view'0 self)} + {[@expl:swap requires #1] [%#sslice30] UInt64.to_uint b < Seq.length (view'0 self)} any - [ return' (result:())-> {[%#sslice31] Permut.exchange (view'2 self.final) (view'0 self) (UIntSize.to_int a) (UIntSize.to_int b)} + [ return' (result:())-> {[%#sslice31] Permut.exchange (view'2 self.final) (view'0 self) (UInt64.to_uint a) (UInt64.to_uint b)} (! return' {result}) ] function index_logic'0 [@inline:trivial] (self : slice t_T'0) (ix : int) : t_T'0 = [%#sops32] Seq.get (view'2 self) ix - function index_logic'1 [@inline:trivial] (self : slice t_T'0) (ix : usize) : t_T'0 = - [%#sops33] Seq.get (view'2 self) (UIntSize.to_int ix) + function index_logic'1 [@inline:trivial] (self : slice t_T'0) (ix : UInt64.t) : t_T'0 = + [%#sops33] Seq.get (view'2 self) (UInt64.to_uint ix) predicate resolve'3 (self : borrowed (slice t_T'0)) = [%#sresolve51] self.final = self.current @@ -2780,32 +2933,33 @@ module M_03_std_iterators__my_reverse [#"03_std_iterators.rs" 94 0 94 37] let rec my_reverse'0 (slice:borrowed (slice t_T'0)) (return' (ret:()))= {[@expl:my_reverse 'slice' type invariant] [%#s03_std_iterators17] inv'3 slice} (! bb0 - [ bb0 = s0 [ s0 = len'0 {slice.current} (fun (_ret':usize) -> [ &n <- _ret' ] s1) | s1 = bb1 ] + [ bb0 = s0 [ s0 = len'0 {slice.current} (fun (_ret':UInt64.t) -> [ &n <- _ret' ] s1) | s1 = bb1 ] | bb1 = s0 [ s0 = [ &old_v <- [%#s03_std_iterators0] Snapshot.new slice ] s1 | s1 = bb2 ] | bb2 = s0 - [ s0 = UIntSize.eq {[%#s03_std_iterators1] (2 : usize)} {[%#s03_std_iterators2] (0 : usize)} + [ s0 = UInt64.eq {[%#s03_std_iterators2] (2 : UInt64.t)} {[%#s03_std_iterators1] (0 : UInt64.t)} (fun (_ret':bool) -> [ &_12 <- _ret' ] s1) - | s1 = {[@expl:division by zero] [%#s03_std_iterators2] not _12} s2 + | s1 = {[@expl:division by zero] [%#s03_std_iterators1] not _12} s2 | s2 = bb3 ] | bb3 = s0 - [ s0 = UIntSize.div {n} {[%#s03_std_iterators1] (2 : usize)} (fun (_ret':usize) -> [ &_10 <- _ret' ] s1) - | s1 = [ &_9 <- { t_Range__start'0 = ([%#s03_std_iterators3] (0 : usize)); t_Range__end'0 = _10 } ] s2 - | s2 = UIntSize.eq {[%#s03_std_iterators4] (2 : usize)} {[%#s03_std_iterators5] (0 : usize)} + [ s0 = UInt64.div {n} {[%#s03_std_iterators2] (2 : UInt64.t)} (fun (_ret':UInt64.t) -> [ &_10 <- _ret' ] s1) + | s1 = [ &_9 <- { t_Range__start'0 = ([%#s03_std_iterators3] (0 : UInt64.t)); t_Range__end'0 = _10 } ] s2 + | s2 = UInt64.eq {[%#s03_std_iterators5] (2 : UInt64.t)} {[%#s03_std_iterators4] (0 : UInt64.t)} (fun (_ret':bool) -> [ &_16 <- _ret' ] s3) - | s3 = {[@expl:division by zero] [%#s03_std_iterators5] not _16} s4 + | s3 = {[@expl:division by zero] [%#s03_std_iterators4] not _16} s4 | s4 = bb4 ] | bb4 = s0 - [ s0 = UIntSize.div {n} {[%#s03_std_iterators4] (2 : usize)} (fun (_ret':usize) -> [ &_14 <- _ret' ] s1) - | s1 = [ &_13 <- { t_Range__start'0 = ([%#s03_std_iterators6] (0 : usize)); t_Range__end'0 = _14 } ] s2 + [ s0 = UInt64.div {n} {[%#s03_std_iterators5] (2 : UInt64.t)} (fun (_ret':UInt64.t) -> [ &_14 <- _ret' ] s1) + | s1 = [ &_13 <- { t_Range__start'0 = ([%#s03_std_iterators6] (0 : UInt64.t)); t_Range__end'0 = _14 } ] s2 | s2 = zip'0 {_9} {_13} (fun (_ret':t_Zip'0) -> [ &_8 <- _ret' ] s3) | s3 = bb5 ] | bb5 = s0 [ s0 = into_iter'0 {_8} (fun (_ret':t_Zip'0) -> [ &iter <- _ret' ] s1) | s1 = bb6 ] | bb6 = s0 [ s0 = [ &iter_old <- [%#s03_std_iterators7] Snapshot.new iter ] s1 | s1 = bb7 ] | bb7 = s0 - [ s0 = [ &produced <- [%#s03_std_iterators8] Snapshot.new (Seq.empty : Seq.seq (usize, usize)) ] s1 | s1 = bb8 ] + [ s0 = [ &produced <- [%#s03_std_iterators8] Snapshot.new (Seq.empty : Seq.seq (UInt64.t, UInt64.t)) ] s1 + | s1 = bb8 ] | bb8 = s0 [ s0 = [ &old_9_0 <- Snapshot.new slice ] s1 | s1 = bb9 ] | bb9 = bb9 @@ -2813,13 +2967,13 @@ module M_03_std_iterators__my_reverse [#"03_std_iterators.rs" 94 0 94 37] {[@expl:for invariant] [%#s03_std_iterators13] inv'1 (Snapshot.inner produced)} {[@expl:for invariant] [%#s03_std_iterators13] inv'0 iter} {[@expl:for invariant] [%#s03_std_iterators13] produces'0 (Snapshot.inner iter_old) (Snapshot.inner produced) iter} - {[@expl:loop invariant #0] [%#s03_std_iterators12] UIntSize.to_int n = Seq.length (view'0 slice)} - {[@expl:loop invariant #1] [%#s03_std_iterators11] equiv_range'0 (view'0 slice) (view'1 old_v) (Seq.length (Snapshot.inner produced)) (UIntSize.to_int n + {[@expl:loop invariant #0] [%#s03_std_iterators12] UInt64.to_uint n = Seq.length (view'0 slice)} + {[@expl:loop invariant #1] [%#s03_std_iterators11] equiv_range'0 (view'0 slice) (view'1 old_v) (Seq.length (Snapshot.inner produced)) (UInt64.to_uint n - Seq.length (Snapshot.inner produced))} - {[@expl:loop invariant #2] [%#s03_std_iterators10] equiv_reverse_range'0 (view'0 slice) (view'1 old_v) 0 (Seq.length (Snapshot.inner produced)) (UIntSize.to_int n + {[@expl:loop invariant #2] [%#s03_std_iterators10] equiv_reverse_range'0 (view'0 slice) (view'1 old_v) 0 (Seq.length (Snapshot.inner produced)) (UInt64.to_uint n - 1)} - {[@expl:loop invariant #3] [%#s03_std_iterators9] equiv_reverse_range'0 (view'0 slice) (view'1 old_v) (UIntSize.to_int n - - Seq.length (Snapshot.inner produced)) (UIntSize.to_int n) (UIntSize.to_int n - 1)} + {[@expl:loop invariant #3] [%#s03_std_iterators9] equiv_reverse_range'0 (view'0 slice) (view'1 old_v) (UInt64.to_uint n + - Seq.length (Snapshot.inner produced)) (UInt64.to_uint n) (UInt64.to_uint n - 1)} (! s0) [ s0 = bb10 ] [ bb10 = s0 [ s0 = Borrow.borrow_mut {iter} @@ -2831,11 +2985,13 @@ module M_03_std_iterators__my_reverse [#"03_std_iterators.rs" 94 0 94 37] | bb11 = s0 [ s0 = -{resolve'0 _31}- s1 - | s1 = any [ br0 -> {_29 = C_None'0 } (! bb14) | br1 (x0:(usize, usize))-> {_29 = C_Some'0 x0} (! bb13) ] ] + | s1 = any + [ br0 -> {_29 = C_None'0 } (! bb14) | br1 (x0:(UInt64.t, UInt64.t))-> {_29 = C_Some'0 x0} (! bb13) ] + ] | bb13 = bb15 | bb15 = s0 - [ s0 = v_Some'0 {_29} (fun (r0'0:(usize, usize)) -> [ &__creusot_proc_iter_elem <- r0'0 ] s1) + [ s0 = v_Some'0 {_29} (fun (r0'0:(UInt64.t, UInt64.t)) -> [ &__creusot_proc_iter_elem <- r0'0 ] s1) | s1 = [ &_34 <- [%#s03_std_iterators14] Snapshot.new (Seq.(++) (Snapshot.inner produced) (Seq.singleton __creusot_proc_iter_elem)) ] @@ -2853,14 +3009,15 @@ module M_03_std_iterators__my_reverse [#"03_std_iterators.rs" 94 0 94 37] -{inv'2 _ret'.final}- [ &slice <- { slice with current = _ret'.final } ] s4) - | s4 = UIntSize.sub {n} {j} (fun (_ret':usize) -> [ &_42 <- _ret' ] s5) - | s5 = UIntSize.sub {_42} {[%#s03_std_iterators15] (1 : usize)} (fun (_ret':usize) -> [ &_41 <- _ret' ] s6) + | s4 = UInt64.sub {n} {j} (fun (_ret':UInt64.t) -> [ &_42 <- _ret' ] s5) + | s5 = UInt64.sub {_42} {[%#s03_std_iterators15] (1 : UInt64.t)} + (fun (_ret':UInt64.t) -> [ &_41 <- _ret' ] s6) | s6 = swap'0 {_39} {i} {_41} (fun (_ret':()) -> [ &_38 <- _ret' ] s7) | s7 = bb17 ] | bb17 = s0 - [ s0 = {[@expl:assertion] [%#s03_std_iterators16] index_logic'0 (Snapshot.inner old_v).current (UIntSize.to_int n - - UIntSize.to_int j + [ s0 = {[@expl:assertion] [%#s03_std_iterators16] index_logic'0 (Snapshot.inner old_v).current (UInt64.to_uint n + - UInt64.to_uint j - 1) = index_logic'1 slice.current i} s1 @@ -2872,29 +3029,29 @@ module M_03_std_iterators__my_reverse [#"03_std_iterators.rs" 94 0 94 37] ) [ & _0 : () = any_l () | & slice : borrowed (slice t_T'0) = slice - | & n : usize = any_l () + | & n : UInt64.t = any_l () | & old_v : Snapshot.snap_ty (borrowed (slice t_T'0)) = any_l () | & iter : t_Zip'0 = any_l () | & _8 : t_Zip'0 = any_l () | & _9 : t_Range'0 = any_l () - | & _10 : usize = any_l () + | & _10 : UInt64.t = any_l () | & _12 : bool = any_l () | & _13 : t_Range'0 = any_l () - | & _14 : usize = any_l () + | & _14 : UInt64.t = any_l () | & _16 : bool = any_l () | & iter_old : Snapshot.snap_ty (t_Zip'0) = any_l () - | & produced : Snapshot.snap_ty (Seq.seq (usize, usize)) = any_l () + | & produced : Snapshot.snap_ty (Seq.seq (UInt64.t, UInt64.t)) = any_l () | & _29 : t_Option'0 = any_l () | & _30 : borrowed (t_Zip'0) = any_l () | & _31 : borrowed (t_Zip'0) = any_l () - | & __creusot_proc_iter_elem : (usize, usize) = any_l () - | & _34 : Snapshot.snap_ty (Seq.seq (usize, usize)) = any_l () - | & i : usize = any_l () - | & j : usize = any_l () + | & __creusot_proc_iter_elem : (UInt64.t, UInt64.t) = any_l () + | & _34 : Snapshot.snap_ty (Seq.seq (UInt64.t, UInt64.t)) = any_l () + | & i : UInt64.t = any_l () + | & j : UInt64.t = any_l () | & _38 : () = any_l () | & _39 : borrowed (slice t_T'0) = any_l () - | & _41 : usize = any_l () - | & _42 : usize = any_l () + | & _41 : UInt64.t = any_l () + | & _42 : UInt64.t = any_l () | & old_9_0 : Snapshot.snap_ty (borrowed (slice t_T'0)) = any_l () ] [ return' (result:())-> {[@expl:my_reverse ensures] [%#s03_std_iterators18] Seq.(==) (view'2 slice.final) (Reverse.reverse (view'0 slice))} diff --git a/creusot/tests/should_succeed/iterators/04_skip.coma b/creusot/tests/should_succeed/iterators/04_skip.coma index 635d71006f..01f1e8b28c 100644 --- a/creusot/tests/should_succeed/iterators/04_skip.coma +++ b/creusot/tests/should_succeed/iterators/04_skip.coma @@ -16,10 +16,12 @@ module M_04_skip__qyi17349041008065389927__produces_refl [#"04_skip.rs" 51 4 51 type t_I'0 - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 type t_Skip'0 = - { t_Skip__iter'0: t_I'0; t_Skip__n'0: usize } + { t_Skip__iter'0: t_I'0; t_Skip__n'0: UInt64.t } predicate inv'2 (_1 : t_I'0) @@ -54,12 +56,10 @@ module M_04_skip__qyi17349041008065389927__produces_refl [#"04_skip.rs" 51 4 51 axiom produces_refl'1_spec : forall self : t_I'0 . ([%#scommon4] inv'2 self) -> ([%#scommon5] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 use seq.Seq - use prelude.prelude.Int - use seq.Seq predicate inv'4 (_1 : t_Item'0) @@ -86,10 +86,10 @@ module M_04_skip__qyi17349041008065389927__produces_refl [#"04_skip.rs" 51 4 51 predicate produces'0 [#"04_skip.rs" 36 4 36 64] (self : t_Skip'0) (visited : Seq.seq t_Item'0) (o : t_Skip'0) = [%#s04_skip3] visited = (Seq.empty : Seq.seq t_Item'0) /\ self = o - \/ UIntSize.to_int o.t_Skip__n'0 = 0 + \/ UInt64.to_uint o.t_Skip__n'0 = 0 /\ Seq.length visited > 0 /\ (exists s : Seq.seq t_Item'0 . inv'1 s - /\ Seq.length s = UIntSize.to_int self.t_Skip__n'0 + /\ Seq.length s = UInt64.to_uint self.t_Skip__n'0 /\ produces'1 self.t_Skip__iter'0 (Seq.(++) s visited) o.t_Skip__iter'0 /\ (forall i : int . 0 <= i /\ i < Seq.length s -> resolve'0 (Seq.get s i))) @@ -122,10 +122,12 @@ module M_04_skip__qyi17349041008065389927__produces_trans [#"04_skip.rs" 61 4 61 type t_I'0 - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 type t_Skip'0 = - { t_Skip__iter'0: t_I'0; t_Skip__n'0: usize } + { t_Skip__iter'0: t_I'0; t_Skip__n'0: UInt64.t } predicate inv'2 (_1 : t_I'0) @@ -160,12 +162,10 @@ module M_04_skip__qyi17349041008065389927__produces_trans [#"04_skip.rs" 61 4 61 axiom produces_refl'0_spec : forall self : t_I'0 . ([%#scommon8] inv'2 self) -> ([%#scommon9] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 use seq.Seq - use prelude.prelude.Int - use seq.Seq predicate inv'4 (_1 : t_Item'0) @@ -192,10 +192,10 @@ module M_04_skip__qyi17349041008065389927__produces_trans [#"04_skip.rs" 61 4 61 predicate produces'0 [#"04_skip.rs" 36 4 36 64] (self : t_Skip'0) (visited : Seq.seq t_Item'0) (o : t_Skip'0) = [%#s04_skip7] visited = (Seq.empty : Seq.seq t_Item'0) /\ self = o - \/ UIntSize.to_int o.t_Skip__n'0 = 0 + \/ UInt64.to_uint o.t_Skip__n'0 = 0 /\ Seq.length visited > 0 /\ (exists s : Seq.seq t_Item'0 . inv'1 s - /\ Seq.length s = UIntSize.to_int self.t_Skip__n'0 + /\ Seq.length s = UInt64.to_uint self.t_Skip__n'0 /\ produces'1 self.t_Skip__iter'0 (Seq.(++) s visited) o.t_Skip__iter'0 /\ (forall i : int . 0 <= i /\ i < Seq.length s -> resolve'0 (Seq.get s i))) @@ -240,7 +240,7 @@ module M_04_skip__qyi17349041008065389927__next [#"04_skip.rs" 67 4 67 41] (* {inv'6 result} + [ return' (result:UInt64.t)-> {inv'6 result} {[%#smem14] result = dest.current} {[%#smem15] is_default'0 dest.final} (! return' {result}) ] - predicate resolve'3 (self : borrowed usize) = + predicate resolve'3 (self : borrowed UInt64.t) = [%#sresolve23] self.final = self.current - predicate resolve'0 (_1 : borrowed usize) = + predicate resolve'0 (_1 : borrowed UInt64.t) = resolve'3 _1 use seq.Seq @@ -318,9 +320,7 @@ module M_04_skip__qyi17349041008065389927__next [#"04_skip.rs" 67 4 67 41] (* resolve'1 (Seq.get s i)) /\ completed'1 i /\ i.final = (self.final).t_Skip__iter'0) predicate produces'1 [#"04_skip.rs" 36 4 36 64] (self : t_Skip'0) (visited : Seq.seq t_Item'0) (o : t_Skip'0) = [%#s04_skip21] visited = (Seq.empty : Seq.seq t_Item'0) /\ self = o - \/ UIntSize.to_int o.t_Skip__n'0 = 0 + \/ UInt64.to_uint o.t_Skip__n'0 = 0 /\ Seq.length visited > 0 /\ (exists s : Seq.seq t_Item'0 . inv'0 s - /\ Seq.length s = UIntSize.to_int self.t_Skip__n'0 + /\ Seq.length s = UInt64.to_uint self.t_Skip__n'0 /\ produces'0 self.t_Skip__iter'0 (Seq.(++) s visited) o.t_Skip__iter'0 /\ (forall i : int . 0 <= i /\ i < Seq.length s -> resolve'1 (Seq.get s i))) @@ -443,14 +443,14 @@ module M_04_skip__qyi17349041008065389927__next [#"04_skip.rs" 67 4 67 41] (* {(self.current).t_Skip__n'0} {Borrow.inherit_id (Borrow.get_id self) 2} - (fun (_ret':borrowed usize) -> + [ s0 = Borrow.borrow_final {(self.current).t_Skip__n'0} {Borrow.inherit_id (Borrow.get_id self) 2} + (fun (_ret':borrowed UInt64.t) -> [ &_7 <- _ret' ] [ &self <- { self with current = { self.current with t_Skip__n'0 = _ret'.final } } ] s1) - | s1 = Borrow.borrow_final {_7.current} {Borrow.get_id _7} - (fun (_ret':borrowed usize) -> [ &_6 <- _ret' ] [ &_7 <- { _7 with current = _ret'.final } ] s2) - | s2 = take'0 {_6} (fun (_ret':usize) -> [ &n <- _ret' ] s3) + | s1 = Borrow.borrow_final {_7.current} {Borrow.get_id _7} + (fun (_ret':borrowed UInt64.t) -> [ &_6 <- _ret' ] [ &_7 <- { _7 with current = _ret'.final } ] s2) + | s2 = take'0 {_6} (fun (_ret':UInt64.t) -> [ &n <- _ret' ] s3) | s3 = bb2 ] | bb2 = s0 @@ -463,12 +463,12 @@ module M_04_skip__qyi17349041008065389927__next [#"04_skip.rs" 67 4 67 41] (* resolve'1 (index_logic'0 skipped i)} - {[@expl:loop invariant #5] [%#s04_skip2] UIntSize.to_int (self.current).t_Skip__n'0 = 0} + {[@expl:loop invariant #5] [%#s04_skip2] UInt64.to_uint (self.current).t_Skip__n'0 = 0} (! s0) [ s0 = bb5 ] [ bb5 = s0 [ s0 = {inv'2 (self.current).t_Skip__iter'0} @@ -482,7 +482,7 @@ module M_04_skip__qyi17349041008065389927__next [#"04_skip.rs" 67 4 67 41] (* [ &_21 <- _ret' ] s1) + [ s0 = UInt64.eq {n} {[%#s04_skip8] (0 : UInt64.t)} (fun (_ret':bool) -> [ &_21 <- _ret' ] s1) | s1 = any [ br0 -> {_21 = false} (! bb8) | br1 -> {_21} (! bb7) ] ] | bb8 = any [ br0 -> {r = C_None'0 } (! bb9) | br1 (x0:t_Item'0)-> {r = C_Some'0 x0} (! bb10) ] @@ -496,7 +496,7 @@ module M_04_skip__qyi17349041008065389927__next [#"04_skip.rs" 67 4 67 41] (* [ &n <- _ret' ] s2) + | s1 = UInt64.sub {n} {[%#s04_skip10] (1 : UInt64.t)} (fun (_ret':UInt64.t) -> [ &n <- _ret' ] s2) | s2 = bb13 ] | bb13 = bb14 @@ -515,9 +515,9 @@ module M_04_skip__qyi17349041008065389927__next [#"04_skip.rs" 67 4 67 41] (* resolve'0 (Seq.get s i)) /\ completed'1 i /\ i.final = (self.final).t_Skip__iter'0) @@ -653,10 +653,10 @@ module M_04_skip__qyi17349041008065389927__next__refines [#"04_skip.rs" 67 4 67 predicate produces'0 [#"04_skip.rs" 36 4 36 64] (self : t_Skip'0) (visited : Seq.seq t_Item'0) (o : t_Skip'0) = [%#s04_skip2] visited = (Seq.empty : Seq.seq t_Item'0) /\ self = o - \/ UIntSize.to_int o.t_Skip__n'0 = 0 + \/ UInt64.to_uint o.t_Skip__n'0 = 0 /\ Seq.length visited > 0 /\ (exists s : Seq.seq t_Item'0 . inv'2 s - /\ Seq.length s = UIntSize.to_int self.t_Skip__n'0 + /\ Seq.length s = UInt64.to_uint self.t_Skip__n'0 /\ produces'1 self.t_Skip__iter'0 (Seq.(++) s visited) o.t_Skip__iter'0 /\ (forall i : int . 0 <= i /\ i < Seq.length s -> resolve'0 (Seq.get s i))) @@ -697,10 +697,12 @@ module M_04_skip__qyi17349041008065389927__produces_refl__refines [#"04_skip.rs" type t_I'0 - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 type t_Skip'0 = - { t_Skip__iter'0: t_I'0; t_Skip__n'0: usize } + { t_Skip__iter'0: t_I'0; t_Skip__n'0: UInt64.t } predicate inv'2 (_1 : t_I'0) @@ -735,12 +737,10 @@ module M_04_skip__qyi17349041008065389927__produces_refl__refines [#"04_skip.rs" axiom produces_refl'1_spec : forall self : t_I'0 . ([%#scommon2] inv'2 self) -> ([%#scommon3] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 use seq.Seq - use prelude.prelude.Int - use seq.Seq predicate inv'4 (_1 : t_Item'0) @@ -767,10 +767,10 @@ module M_04_skip__qyi17349041008065389927__produces_refl__refines [#"04_skip.rs" predicate produces'0 [#"04_skip.rs" 36 4 36 64] (self : t_Skip'0) (visited : Seq.seq t_Item'0) (o : t_Skip'0) = [%#s04_skip1] visited = (Seq.empty : Seq.seq t_Item'0) /\ self = o - \/ UIntSize.to_int o.t_Skip__n'0 = 0 + \/ UInt64.to_uint o.t_Skip__n'0 = 0 /\ Seq.length visited > 0 /\ (exists s : Seq.seq t_Item'0 . inv'1 s - /\ Seq.length s = UIntSize.to_int self.t_Skip__n'0 + /\ Seq.length s = UInt64.to_uint self.t_Skip__n'0 /\ produces'1 self.t_Skip__iter'0 (Seq.(++) s visited) o.t_Skip__iter'0 /\ (forall i : int . 0 <= i /\ i < Seq.length s -> resolve'0 (Seq.get s i))) @@ -795,10 +795,12 @@ module M_04_skip__qyi17349041008065389927__produces_trans__refines [#"04_skip.rs type t_I'0 - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 type t_Skip'0 = - { t_Skip__iter'0: t_I'0; t_Skip__n'0: usize } + { t_Skip__iter'0: t_I'0; t_Skip__n'0: UInt64.t } predicate inv'2 (_1 : t_I'0) @@ -826,12 +828,10 @@ module M_04_skip__qyi17349041008065389927__produces_trans__refines [#"04_skip.rs axiom produces_refl'0_spec : forall self : t_I'0 . ([%#scommon2] inv'2 self) -> ([%#scommon3] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 use seq.Seq - use prelude.prelude.Int - use seq.Seq predicate inv'4 (_1 : t_Item'0) @@ -858,10 +858,10 @@ module M_04_skip__qyi17349041008065389927__produces_trans__refines [#"04_skip.rs predicate produces'0 [#"04_skip.rs" 36 4 36 64] (self : t_Skip'0) (visited : Seq.seq t_Item'0) (o : t_Skip'0) = [%#s04_skip1] visited = (Seq.empty : Seq.seq t_Item'0) /\ self = o - \/ UIntSize.to_int o.t_Skip__n'0 = 0 + \/ UInt64.to_uint o.t_Skip__n'0 = 0 /\ Seq.length visited > 0 /\ (exists s : Seq.seq t_Item'0 . inv'1 s - /\ Seq.length s = UIntSize.to_int self.t_Skip__n'0 + /\ Seq.length s = UInt64.to_uint self.t_Skip__n'0 /\ produces'1 self.t_Skip__iter'0 (Seq.(++) s visited) o.t_Skip__iter'0 /\ (forall i : int . 0 <= i /\ i < Seq.length s -> resolve'0 (Seq.get s i))) diff --git a/creusot/tests/should_succeed/iterators/06_map_precond.coma b/creusot/tests/should_succeed/iterators/06_map_precond.coma index 743825c09e..cbb514ab3d 100644 --- a/creusot/tests/should_succeed/iterators/06_map_precond.coma +++ b/creusot/tests/should_succeed/iterators/06_map_precond.coma @@ -2205,50 +2205,66 @@ module M_06_map_precond__increment [#"06_map_precond.rs" 206 0 206 50] let%span s06_map_precond24 = "06_map_precond.rs" 43 15 43 32 let%span s06_map_precond25 = "06_map_precond.rs" 44 14 44 42 let%span s06_map_precond26 = "06_map_precond.rs" 37 4 37 10 - let%span scommon27 = "common.rs" 14 15 14 24 - let%span scommon28 = "common.rs" 15 14 15 45 - let%span scommon29 = "common.rs" 19 15 19 21 - let%span scommon30 = "common.rs" 20 15 20 21 - let%span scommon31 = "common.rs" 21 15 21 21 - let%span scommon32 = "common.rs" 22 15 22 32 - let%span scommon33 = "common.rs" 23 15 23 32 - let%span scommon34 = "common.rs" 24 14 24 42 - let%span sresolve35 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 - let%span sops36 = "../../../../creusot-contracts/src/std/ops.rs" 105 15 105 59 - let%span sops37 = "../../../../creusot-contracts/src/std/ops.rs" 106 14 106 36 - let%span sops38 = "../../../../creusot-contracts/src/std/ops.rs" 111 14 111 31 - let%span sops39 = "../../../../creusot-contracts/src/std/ops.rs" 116 15 116 29 - let%span sops40 = "../../../../creusot-contracts/src/std/ops.rs" 117 15 117 26 - let%span sops41 = "../../../../creusot-contracts/src/std/ops.rs" 118 14 118 28 - let%span sops42 = "../../../../creusot-contracts/src/std/ops.rs" 123 14 124 105 - let%span s06_map_precond43 = "06_map_precond.rs" 94 12 97 63 - let%span s06_map_precond44 = "06_map_precond.rs" 178 12 180 73 - let%span sinvariant45 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 - let%span s06_map_precond46 = "06_map_precond.rs" 102 14 102 81 - let%span s06_map_precond47 = "06_map_precond.rs" 105 12 111 88 + let%span sord27 = "../../../../creusot-contracts/src/logic/ord.rs" 78 39 78 89 + let%span sord28 = "../../../../creusot-contracts/src/logic/ord.rs" 83 39 83 86 + let%span sord29 = "../../../../creusot-contracts/src/logic/ord.rs" 88 39 88 86 + let%span sord30 = "../../../../creusot-contracts/src/logic/ord.rs" 93 39 93 89 + let%span sord31 = "../../../../creusot-contracts/src/logic/ord.rs" 98 39 98 70 + let%span sord32 = "../../../../creusot-contracts/src/logic/ord.rs" 103 40 103 57 + let%span sord33 = "../../../../creusot-contracts/src/logic/ord.rs" 104 40 104 57 + let%span sord34 = "../../../../creusot-contracts/src/logic/ord.rs" 105 39 105 56 + let%span sord35 = "../../../../creusot-contracts/src/logic/ord.rs" 110 40 110 70 + let%span sord36 = "../../../../creusot-contracts/src/logic/ord.rs" 111 39 111 72 + let%span sord37 = "../../../../creusot-contracts/src/logic/ord.rs" 116 40 116 73 + let%span sord38 = "../../../../creusot-contracts/src/logic/ord.rs" 117 39 117 69 + let%span sord39 = "../../../../creusot-contracts/src/logic/ord.rs" 122 39 122 84 + let%span scommon40 = "common.rs" 14 15 14 24 + let%span scommon41 = "common.rs" 15 14 15 45 + let%span scommon42 = "common.rs" 19 15 19 21 + let%span scommon43 = "common.rs" 20 15 20 21 + let%span scommon44 = "common.rs" 21 15 21 21 + let%span scommon45 = "common.rs" 22 15 22 32 + let%span scommon46 = "common.rs" 23 15 23 32 + let%span scommon47 = "common.rs" 24 14 24 42 + let%span sresolve48 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 + let%span sops49 = "../../../../creusot-contracts/src/std/ops.rs" 105 15 105 59 + let%span sops50 = "../../../../creusot-contracts/src/std/ops.rs" 106 14 106 36 + let%span sops51 = "../../../../creusot-contracts/src/std/ops.rs" 111 14 111 31 + let%span sops52 = "../../../../creusot-contracts/src/std/ops.rs" 116 15 116 29 + let%span sops53 = "../../../../creusot-contracts/src/std/ops.rs" 117 15 117 26 + let%span sops54 = "../../../../creusot-contracts/src/std/ops.rs" 118 14 118 28 + let%span sops55 = "../../../../creusot-contracts/src/std/ops.rs" 123 14 124 105 + let%span s06_map_precond56 = "06_map_precond.rs" 94 12 97 63 + let%span s06_map_precond57 = "06_map_precond.rs" 178 12 180 73 + let%span sord58 = "../../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + let%span sinvariant59 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 + let%span s06_map_precond60 = "06_map_precond.rs" 102 14 102 81 + let%span s06_map_precond61 = "06_map_precond.rs" 105 12 111 88 use prelude.prelude.Borrow predicate resolve'1 (self : borrowed ()) = - [%#sresolve35] self.final = self.current + [%#sresolve48] self.final = self.current predicate resolve'0 (_1 : borrowed ()) = resolve'1 _1 use prelude.prelude.UInt32 + use prelude.prelude.Int + use prelude.prelude.Intrinsic use prelude.prelude.UInt32 - use prelude.prelude.Int - use seq.Seq use prelude.prelude.Snapshot - predicate postcondition_once'0 (self : ()) (args : (uint32, Snapshot.snap_ty (Seq.seq uint32))) (result : uint32) = - [%#s06_map_precond6] let (x, _3) = args in UInt32.to_int result = UInt32.to_int x + 1 + predicate postcondition_once'0 (self : ()) (args : (UInt32.t, Snapshot.snap_ty (Seq.seq UInt32.t))) (result : UInt32.t) + + = + [%#s06_map_precond6] let (x, _3) = args in UInt32.to_uint result = UInt32.to_uint x + 1 predicate resolve'2 (_1 : ()) = true @@ -2256,50 +2272,50 @@ module M_06_map_precond__increment [#"06_map_precond.rs" 206 0 206 50] predicate unnest'0 (self : ()) (_2 : ()) = true - predicate postcondition_mut'0 (self : ()) (args : (uint32, Snapshot.snap_ty (Seq.seq uint32))) (result_state : ()) (result : uint32) + predicate postcondition_mut'0 (self : ()) (args : (UInt32.t, Snapshot.snap_ty (Seq.seq UInt32.t))) (result_state : ()) (result : UInt32.t) = - (let (x, _3) = args in UInt32.to_int result = UInt32.to_int x + 1) /\ unnest'0 self result_state + (let (x, _3) = args in UInt32.to_uint result = UInt32.to_uint x + 1) /\ unnest'0 self result_state - function fn_mut_once'0 (self : ()) (args : (uint32, Snapshot.snap_ty (Seq.seq uint32))) (res : uint32) : () + function fn_mut_once'0 (self : ()) (args : (UInt32.t, Snapshot.snap_ty (Seq.seq UInt32.t))) (res : UInt32.t) : () - axiom fn_mut_once'0_spec : forall self : (), args : (uint32, Snapshot.snap_ty (Seq.seq uint32)), res : uint32 . [%#sops42] postcondition_once'0 self args res + axiom fn_mut_once'0_spec : forall self : (), args : (UInt32.t, Snapshot.snap_ty (Seq.seq UInt32.t)), res : UInt32.t . [%#sops55] postcondition_once'0 self args res = (exists res_state : () . postcondition_mut'0 self args res_state res /\ resolve'2 res_state) function unnest_trans'0 (self : ()) (b : ()) (c : ()) : () - axiom unnest_trans'0_spec : forall self : (), b : (), c : () . ([%#sops39] unnest'0 self b) - -> ([%#sops40] unnest'0 b c) -> ([%#sops41] unnest'0 self c) + axiom unnest_trans'0_spec : forall self : (), b : (), c : () . ([%#sops52] unnest'0 self b) + -> ([%#sops53] unnest'0 b c) -> ([%#sops54] unnest'0 self c) function unnest_refl'0 (self : ()) : () - axiom unnest_refl'0_spec : forall self : () . [%#sops38] unnest'0 self self + axiom unnest_refl'0_spec : forall self : () . [%#sops51] unnest'0 self self - function postcondition_mut_unnest'0 (self : ()) (args : (uint32, Snapshot.snap_ty (Seq.seq uint32))) (res_state : ()) (res : uint32) : () + function postcondition_mut_unnest'0 (self : ()) (args : (UInt32.t, Snapshot.snap_ty (Seq.seq UInt32.t))) (res_state : ()) (res : UInt32.t) : () - axiom postcondition_mut_unnest'0_spec : forall self : (), args : (uint32, Snapshot.snap_ty (Seq.seq uint32)), res_state : (), res : uint32 . ([%#sops36] postcondition_mut'0 self args res_state res) - -> ([%#sops37] unnest'0 self res_state) + axiom postcondition_mut_unnest'0_spec : forall self : (), args : (UInt32.t, Snapshot.snap_ty (Seq.seq UInt32.t)), res_state : (), res : UInt32.t . ([%#sops49] postcondition_mut'0 self args res_state res) + -> ([%#sops50] unnest'0 self res_state) - let rec closure2'0 (_1:borrowed ()) (x:uint32) (_3:Snapshot.snap_ty (Seq.seq uint32)) (return' (ret:uint32))= {[@expl:closure requires] [%#s06_map_precond5] UInt32.to_int x + let rec closure2'0 (_1:borrowed ()) (x:UInt32.t) (_3:Snapshot.snap_ty (Seq.seq UInt32.t)) (return' (ret:UInt32.t))= {[@expl:closure requires] [%#s06_map_precond5] UInt32.to_uint x <= 15} (! bb0 [ bb0 = s0 [ s0 = -{resolve'0 _1}- s1 - | s1 = UInt32.add {x} {[%#s06_map_precond4] (1 : uint32)} (fun (_ret':uint32) -> [ &res1 <- _ret' ] s2) + | s1 = UInt32.add {x} {[%#s06_map_precond4] (1 : UInt32.t)} (fun (_ret':UInt32.t) -> [ &res1 <- _ret' ] s2) | s2 = [ &res <- res1 ] s3 | s3 = [ &_0 <- res ] s4 | s4 = return' {_0} ] ] ) - [ & _0 : uint32 = any_l () + [ & _0 : UInt32.t = any_l () | & _1 : borrowed () = _1 - | & x : uint32 = x - | & res : uint32 = any_l () - | & res1 : uint32 = any_l () ] + | & x : UInt32.t = x + | & res : UInt32.t = any_l () + | & res1 : UInt32.t = any_l () ] - [ return' (result:uint32)-> {[@expl:closure ensures] [%#s06_map_precond6] UInt32.to_int result - = UInt32.to_int x + 1} + [ return' (result:UInt32.t)-> {[@expl:closure ensures] [%#s06_map_precond6] UInt32.to_uint result + = UInt32.to_uint x + 1} {[@expl:closure unnest] unnest'0 _1.current _1.final} (! return' {result}) ] @@ -2312,9 +2328,9 @@ module M_06_map_precond__increment [#"06_map_precond.rs" 206 0 206 50] axiom inv_axiom'3 [@rewrite] : forall x : () [inv'4 x] . inv'4 x = true - predicate inv'5 (_1 : uint32) + predicate inv'5 (_1 : UInt32.t) - axiom inv_axiom'4 [@rewrite] : forall x : uint32 [inv'5 x] . inv'5 x = true + axiom inv_axiom'4 [@rewrite] : forall x : UInt32.t [inv'5 x] . inv'5 x = true use seq.Seq @@ -2322,29 +2338,29 @@ module M_06_map_precond__increment [#"06_map_precond.rs" 206 0 206 50] use seq.Seq - predicate produces'1 [#"common.rs" 8 4 8 65] (self : t_U'0) (visited : Seq.seq uint32) (o : t_U'0) + predicate produces'1 [#"common.rs" 8 4 8 65] (self : t_U'0) (visited : Seq.seq UInt32.t) (o : t_U'0) - function produces_trans'1 [#"common.rs" 25 4 25 91] (a : t_U'0) (ab : Seq.seq uint32) (b : t_U'0) (bc : Seq.seq uint32) (c : t_U'0) : () + function produces_trans'1 [#"common.rs" 25 4 25 91] (a : t_U'0) (ab : Seq.seq UInt32.t) (b : t_U'0) (bc : Seq.seq UInt32.t) (c : t_U'0) : () - axiom produces_trans'1_spec : forall a : t_U'0, ab : Seq.seq uint32, b : t_U'0, bc : Seq.seq uint32, c : t_U'0 . ([%#scommon29] inv'2 a) - -> ([%#scommon30] inv'2 b) - -> ([%#scommon31] inv'2 c) - -> ([%#scommon32] produces'1 a ab b) - -> ([%#scommon33] produces'1 b bc c) -> ([%#scommon34] produces'1 a (Seq.(++) ab bc) c) + axiom produces_trans'1_spec : forall a : t_U'0, ab : Seq.seq UInt32.t, b : t_U'0, bc : Seq.seq UInt32.t, c : t_U'0 . ([%#scommon42] inv'2 a) + -> ([%#scommon43] inv'2 b) + -> ([%#scommon44] inv'2 c) + -> ([%#scommon45] produces'1 a ab b) + -> ([%#scommon46] produces'1 b bc c) -> ([%#scommon47] produces'1 a (Seq.(++) ab bc) c) function produces_refl'1 [#"common.rs" 16 4 16 27] (self : t_U'0) : () - axiom produces_refl'1_spec : forall self : t_U'0 . ([%#scommon27] inv'2 self) - -> ([%#scommon28] produces'1 self (Seq.empty : Seq.seq uint32) self) + axiom produces_refl'1_spec : forall self : t_U'0 . ([%#scommon40] inv'2 self) + -> ([%#scommon41] produces'1 self (Seq.empty : Seq.seq UInt32.t) self) use prelude.prelude.Snapshot - predicate precondition'0 (self : ()) (args : (uint32, Snapshot.snap_ty (Seq.seq uint32))) = - [%#s06_map_precond5] let (x, _3) = args in UInt32.to_int x <= 15 + predicate precondition'0 (self : ()) (args : (UInt32.t, Snapshot.snap_ty (Seq.seq UInt32.t))) = + [%#s06_map_precond5] let (x, _3) = args in UInt32.to_uint x <= 15 predicate invariant'1 (self : borrowed t_U'0) = - [%#sinvariant45] inv'2 self.current /\ inv'2 self.final + [%#sinvariant59] inv'2 self.current /\ inv'2 self.final predicate inv'3 (_1 : borrowed t_U'0) @@ -2352,14 +2368,15 @@ module M_06_map_precond__increment [#"06_map_precond.rs" 206 0 206 50] predicate completed'0 [#"common.rs" 11 4 11 36] (self : borrowed t_U'0) - predicate next_precondition'0 [#"06_map_precond.rs" 92 4 92 74] (iter : t_U'0) (func : ()) (produced : Seq.seq uint32) + predicate next_precondition'0 [#"06_map_precond.rs" 92 4 92 74] (iter : t_U'0) (func : ()) (produced : Seq.seq UInt32.t) + = - [%#s06_map_precond43] forall e : uint32, i : t_U'0 [produces'1 iter (Seq.singleton e) i] . inv'5 e + [%#s06_map_precond56] forall e : UInt32.t, i : t_U'0 [produces'1 iter (Seq.singleton e) i] . inv'5 e /\ inv'2 i /\ produces'1 iter (Seq.singleton e) i -> precondition'0 func (e, Snapshot.new produced) - predicate inv'1 (_1 : Seq.seq uint32) + predicate inv'1 (_1 : Seq.seq UInt32.t) - axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq uint32 [inv'1 x] . inv'1 x = true + axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq UInt32.t [inv'1 x] . inv'1 x = true predicate inv'7 (_1 : borrowed ()) @@ -2368,7 +2385,7 @@ module M_06_map_precond__increment [#"06_map_precond.rs" 206 0 206 50] use seq.Seq predicate preservation'0 [#"06_map_precond.rs" 116 4 116 45] (iter : t_U'0) (func : ()) = - [%#s06_map_precond16] forall s : Seq.seq uint32, e1 : uint32, e2 : uint32, f : borrowed (), b : uint32, i : t_U'0 . inv'1 s + [%#s06_map_precond16] forall s : Seq.seq UInt32.t, e1 : UInt32.t, e2 : UInt32.t, f : borrowed (), b : UInt32.t, i : t_U'0 . inv'1 s /\ inv'5 e1 /\ inv'5 e2 /\ inv'7 f /\ inv'5 b /\ inv'2 i /\ unnest'0 func f.current -> produces'1 iter (Seq.snoc (Seq.snoc s e1) e2) i -> precondition'0 f.current (e1, Snapshot.new s) @@ -2378,28 +2395,28 @@ module M_06_map_precond__increment [#"06_map_precond.rs" 206 0 206 50] predicate reinitialize'0 [#"06_map_precond.rs" 128 4 128 29] (_1 : ()) = [%#s06_map_precond15] forall iter : borrowed t_U'0, func : () . inv'3 iter /\ inv'4 func -> completed'0 iter - -> next_precondition'0 iter.final func (Seq.empty : Seq.seq uint32) /\ preservation'0 iter.final func + -> next_precondition'0 iter.final func (Seq.empty : Seq.seq UInt32.t) /\ preservation'0 iter.final func type t_Map'0 = - { t_Map__iter'0: t_U'0; t_Map__func'0: (); t_Map__produced'0: Snapshot.snap_ty (Seq.seq uint32) } + { t_Map__iter'0: t_U'0; t_Map__func'0: (); t_Map__produced'0: Snapshot.snap_ty (Seq.seq UInt32.t) } use prelude.prelude.Snapshot - predicate preservation_inv'0 [#"06_map_precond.rs" 103 4 103 73] (iter : t_U'0) (func : ()) (produced : Seq.seq uint32) + predicate preservation_inv'0 [#"06_map_precond.rs" 103 4 103 73] (iter : t_U'0) (func : ()) (produced : Seq.seq UInt32.t) = - [%#s06_map_precond47] forall s : Seq.seq uint32, e1 : uint32, e2 : uint32, f : borrowed (), b : uint32, i : t_U'0 [produces'1 iter (Seq.snoc (Seq.snoc s e1) e2) i, postcondition_mut'0 f.current (e1, Snapshot.new (Seq.(++) produced s)) f.final b] . inv'1 s + [%#s06_map_precond61] forall s : Seq.seq UInt32.t, e1 : UInt32.t, e2 : UInt32.t, f : borrowed (), b : UInt32.t, i : t_U'0 [produces'1 iter (Seq.snoc (Seq.snoc s e1) e2) i, postcondition_mut'0 f.current (e1, Snapshot.new (Seq.(++) produced s)) f.final b] . inv'1 s /\ inv'5 e1 /\ inv'5 e2 /\ inv'7 f /\ inv'5 b /\ inv'2 i /\ unnest'0 func f.current -> produces'1 iter (Seq.snoc (Seq.snoc s e1) e2) i -> precondition'0 f.current (e1, Snapshot.new (Seq.(++) produced s)) -> postcondition_mut'0 f.current (e1, Snapshot.new (Seq.(++) produced s)) f.final b -> precondition'0 f.final (e2, Snapshot.new (Seq.snoc (Seq.(++) produced s) e1)) - axiom preservation_inv'0_spec : forall iter : t_U'0, func : (), produced : Seq.seq uint32 . [%#s06_map_precond46] produced - = (Seq.empty : Seq.seq uint32) -> preservation_inv'0 iter func produced = preservation'0 iter func + axiom preservation_inv'0_spec : forall iter : t_U'0, func : (), produced : Seq.seq UInt32.t . [%#s06_map_precond60] produced + = (Seq.empty : Seq.seq UInt32.t) -> preservation_inv'0 iter func produced = preservation'0 iter func predicate invariant'0 [#"06_map_precond.rs" 176 4 176 30] (self : t_Map'0) = - [%#s06_map_precond44] reinitialize'0 () + [%#s06_map_precond57] reinitialize'0 () /\ preservation_inv'0 self.t_Map__iter'0 self.t_Map__func'0 (Snapshot.inner self.t_Map__produced'0) /\ next_precondition'0 self.t_Map__iter'0 self.t_Map__func'0 (Snapshot.inner self.t_Map__produced'0) @@ -2413,14 +2430,16 @@ module M_06_map_precond__increment [#"06_map_precond.rs" 206 0 206 50] let rec map'0 (iter:t_U'0) (func:()) (return' (ret:t_Map'0))= {[@expl:map 'iter' type invariant] [%#s06_map_precond7] inv'2 iter} {[@expl:map 'func' type invariant] [%#s06_map_precond8] inv'4 func} - {[@expl:map requires #0] [%#s06_map_precond9] forall e : uint32, i2 : t_U'0 . inv'5 e /\ inv'2 i2 - -> produces'1 iter (Seq.singleton e) i2 -> precondition'0 func (e, Snapshot.new (Seq.empty : Seq.seq uint32))} + {[@expl:map requires #0] [%#s06_map_precond9] forall e : UInt32.t, i2 : t_U'0 . inv'5 e /\ inv'2 i2 + -> produces'1 iter (Seq.singleton e) i2 -> precondition'0 func (e, Snapshot.new (Seq.empty : Seq.seq UInt32.t))} {[@expl:map requires #1] [%#s06_map_precond10] reinitialize'0 ()} {[@expl:map requires #2] [%#s06_map_precond11] preservation'0 iter func} any [ return' (result:t_Map'0)-> {[%#s06_map_precond12] inv'0 result} {[%#s06_map_precond13] result - = { t_Map__iter'0 = iter; t_Map__func'0 = func; t_Map__produced'0 = Snapshot.new (Seq.empty : Seq.seq uint32) }} + = { t_Map__iter'0 = iter; + t_Map__func'0 = func; + t_Map__produced'0 = Snapshot.new (Seq.empty : Seq.seq UInt32.t) }} (! return' {result}) ] @@ -2442,13 +2461,13 @@ module M_06_map_precond__increment [#"06_map_precond.rs" 206 0 206 50] use seq.Seq - predicate produces'0 [@inline:trivial] [#"06_map_precond.rs" 50 4 50 67] (self : t_Map'0) (visited : Seq.seq uint32) (succ : t_Map'0) + predicate produces'0 [@inline:trivial] [#"06_map_precond.rs" 50 4 50 67] (self : t_Map'0) (visited : Seq.seq UInt32.t) (succ : t_Map'0) = [%#s06_map_precond14] unnest'0 self.t_Map__func'0 succ.t_Map__func'0 /\ (exists fs : Seq.seq (borrowed ()) . inv'6 fs /\ Seq.length fs = Seq.length visited - /\ (exists s : Seq.seq uint32 [produces'1 self.t_Map__iter'0 s succ.t_Map__iter'0] . inv'1 s + /\ (exists s : Seq.seq UInt32.t [produces'1 self.t_Map__iter'0 s succ.t_Map__iter'0] . inv'1 s /\ Seq.length s = Seq.length visited /\ produces'1 self.t_Map__iter'0 s succ.t_Map__iter'0 /\ Snapshot.inner succ.t_Map__produced'0 = Seq.(++) (Snapshot.inner self.t_Map__produced'0) s @@ -2463,12 +2482,12 @@ module M_06_map_precond__increment [#"06_map_precond.rs" 206 0 206 50] /\ precondition'0 (Seq.get fs i).current (Seq.get s i, Snapshot.new (Seq.(++) (Snapshot.inner self.t_Map__produced'0) (Seq.([..]) s 0 i))) /\ postcondition_mut'0 (Seq.get fs i).current (Seq.get s i, Snapshot.new (Seq.(++) (Snapshot.inner self.t_Map__produced'0) (Seq.([..]) s 0 i))) (Seq.get fs i).final (Seq.get visited i)))) - function produces_trans'0 [#"06_map_precond.rs" 45 4 45 90] (a : t_Map'0) (ab : Seq.seq uint32) (b : t_Map'0) (bc : Seq.seq uint32) (c : t_Map'0) : () + function produces_trans'0 [#"06_map_precond.rs" 45 4 45 90] (a : t_Map'0) (ab : Seq.seq UInt32.t) (b : t_Map'0) (bc : Seq.seq UInt32.t) (c : t_Map'0) : () = [%#s06_map_precond26] () - axiom produces_trans'0_spec : forall a : t_Map'0, ab : Seq.seq uint32, b : t_Map'0, bc : Seq.seq uint32, c : t_Map'0 . ([%#s06_map_precond20] inv'0 a) + axiom produces_trans'0_spec : forall a : t_Map'0, ab : Seq.seq UInt32.t, b : t_Map'0, bc : Seq.seq UInt32.t, c : t_Map'0 . ([%#s06_map_precond20] inv'0 a) -> ([%#s06_map_precond21] inv'0 b) -> ([%#s06_map_precond22] inv'0 c) -> ([%#s06_map_precond23] produces'0 a ab b) @@ -2478,17 +2497,74 @@ module M_06_map_precond__increment [#"06_map_precond.rs" 206 0 206 50] [%#s06_map_precond19] () axiom produces_refl'0_spec : forall self : t_Map'0 . ([%#s06_map_precond17] inv'0 self) - -> ([%#s06_map_precond18] produces'0 self (Seq.empty : Seq.seq uint32) self) + -> ([%#s06_map_precond18] produces'0 self (Seq.empty : Seq.seq UInt32.t) self) + + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 + + use prelude.prelude.UInt32 + + function cmp_log'0 (self : UInt32.t) (o : UInt32.t) : t_Ordering'0 = + [%#sord58] if UInt32.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + + function eq_cmp'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom eq_cmp'0_spec : forall x : UInt32.t, y : UInt32.t . [%#sord39] (x = y) = (cmp_log'0 x y = C_Equal'0) + + function antisym2'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom antisym2'0_spec : forall x : UInt32.t, y : UInt32.t . ([%#sord37] cmp_log'0 x y = C_Greater'0) + -> ([%#sord38] cmp_log'0 y x = C_Less'0) + + function antisym1'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom antisym1'0_spec : forall x : UInt32.t, y : UInt32.t . ([%#sord35] cmp_log'0 x y = C_Less'0) + -> ([%#sord36] cmp_log'0 y x = C_Greater'0) + + function trans'0 (x : UInt32.t) (y : UInt32.t) (z : UInt32.t) (o : t_Ordering'0) : () + + axiom trans'0_spec : forall x : UInt32.t, y : UInt32.t, z : UInt32.t, o : t_Ordering'0 . ([%#sord32] cmp_log'0 x y + = o) -> ([%#sord33] cmp_log'0 y z = o) -> ([%#sord34] cmp_log'0 x z = o) + + function refl'0 (x : UInt32.t) : () + + axiom refl'0_spec : forall x : UInt32.t . [%#sord31] cmp_log'0 x x = C_Equal'0 + + use prelude.prelude.UInt32 + + function cmp_gt_log'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom cmp_gt_log'0_spec : forall x : UInt32.t, y : UInt32.t . [%#sord30] UInt32.ugt x y + = (cmp_log'0 x y = C_Greater'0) + + use prelude.prelude.UInt32 + + function cmp_ge_log'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom cmp_ge_log'0_spec : forall x : UInt32.t, y : UInt32.t . [%#sord29] UInt32.uge x y = (cmp_log'0 x y <> C_Less'0) + + function cmp_lt_log'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom cmp_lt_log'0_spec : forall x : UInt32.t, y : UInt32.t . [%#sord28] UInt32.ult x y = (cmp_log'0 x y = C_Less'0) + + use prelude.prelude.UInt32 + + function cmp_le_log'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom cmp_le_log'0_spec : forall x : UInt32.t, y : UInt32.t . [%#sord27] UInt32.ule x y + = (cmp_log'0 x y <> C_Greater'0) meta "compute_max_steps" 1000000 let rec increment'0 (iter:t_U'0) (return' (ret:()))= {[@expl:increment 'iter' type invariant] [%#s06_map_precond1] inv'2 iter} {[@expl:increment requires #0] [%#s06_map_precond2] forall done' : borrowed t_U'0 . inv'3 done' /\ completed'0 done' - -> (forall next : t_U'0, steps : Seq.seq uint32 . produces'1 done'.final steps next - -> steps = (Seq.empty : Seq.seq uint32) /\ done'.final = next)} - {[@expl:increment requires #1] [%#s06_map_precond3] forall prod : Seq.seq uint32, fin : t_U'0 . inv'1 prod + -> (forall next : t_U'0, steps : Seq.seq UInt32.t . produces'1 done'.final steps next + -> steps = (Seq.empty : Seq.seq UInt32.t) /\ done'.final = next)} + {[@expl:increment requires #1] [%#s06_map_precond3] forall prod : Seq.seq UInt32.t, fin : t_U'0 . inv'1 prod /\ inv'2 fin /\ produces'1 iter prod fin - -> (forall x : int . 0 <= x /\ x < Seq.length prod -> Seq.get prod x <= (10 : uint32))} + -> (forall x : int . 0 <= x /\ x < Seq.length prod -> UInt32.ule (Seq.get prod x) (10 : UInt32.t))} (! bb0 [ bb0 = bb1 | bb1 = s0 @@ -2496,9 +2572,9 @@ module M_06_map_precond__increment [#"06_map_precond.rs" 206 0 206 50] | bb2 = s0 [ s0 = {[@expl:type invariant] inv'0 i} s1 - | s1 = {[@expl:assertion] [%#s06_map_precond0] forall prod : Seq.seq uint32, fin : t_Map'0 . inv'1 prod + | s1 = {[@expl:assertion] [%#s06_map_precond0] forall prod : Seq.seq UInt32.t, fin : t_Map'0 . inv'1 prod /\ inv'0 fin /\ produces'0 i prod fin - -> (forall x : int . 0 <= x /\ x < Seq.length prod -> Seq.get prod x <= (11 : uint32))} + -> (forall x : int . 0 <= x /\ x < Seq.length prod -> UInt32.ule (Seq.get prod x) (11 : UInt32.t))} s2 | s2 = bb3 ] @@ -2535,25 +2611,41 @@ module M_06_map_precond__counter [#"06_map_precond.rs" 222 0 222 48] let%span scommon22 = "common.rs" 23 15 23 32 let%span scommon23 = "common.rs" 24 14 24 42 let%span sresolve24 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 - let%span sops25 = "../../../../creusot-contracts/src/std/ops.rs" 105 15 105 59 - let%span sops26 = "../../../../creusot-contracts/src/std/ops.rs" 106 14 106 36 - let%span sops27 = "../../../../creusot-contracts/src/std/ops.rs" 111 14 111 31 - let%span sops28 = "../../../../creusot-contracts/src/std/ops.rs" 116 15 116 29 - let%span sops29 = "../../../../creusot-contracts/src/std/ops.rs" 117 15 117 26 - let%span sops30 = "../../../../creusot-contracts/src/std/ops.rs" 118 14 118 28 - let%span sops31 = "../../../../creusot-contracts/src/std/ops.rs" 123 14 124 105 - let%span s06_map_precond32 = "06_map_precond.rs" 94 12 97 63 - let%span s06_map_precond33 = "06_map_precond.rs" 178 12 180 73 - let%span sinvariant34 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 - let%span s06_map_precond35 = "06_map_precond.rs" 102 14 102 81 - let%span s06_map_precond36 = "06_map_precond.rs" 105 12 111 88 + let%span sord25 = "../../../../creusot-contracts/src/logic/ord.rs" 78 39 78 89 + let%span sord26 = "../../../../creusot-contracts/src/logic/ord.rs" 83 39 83 86 + let%span sord27 = "../../../../creusot-contracts/src/logic/ord.rs" 88 39 88 86 + let%span sord28 = "../../../../creusot-contracts/src/logic/ord.rs" 93 39 93 89 + let%span sord29 = "../../../../creusot-contracts/src/logic/ord.rs" 98 39 98 70 + let%span sord30 = "../../../../creusot-contracts/src/logic/ord.rs" 103 40 103 57 + let%span sord31 = "../../../../creusot-contracts/src/logic/ord.rs" 104 40 104 57 + let%span sord32 = "../../../../creusot-contracts/src/logic/ord.rs" 105 39 105 56 + let%span sord33 = "../../../../creusot-contracts/src/logic/ord.rs" 110 40 110 70 + let%span sord34 = "../../../../creusot-contracts/src/logic/ord.rs" 111 39 111 72 + let%span sord35 = "../../../../creusot-contracts/src/logic/ord.rs" 116 40 116 73 + let%span sord36 = "../../../../creusot-contracts/src/logic/ord.rs" 117 39 117 69 + let%span sord37 = "../../../../creusot-contracts/src/logic/ord.rs" 122 39 122 84 + let%span sops38 = "../../../../creusot-contracts/src/std/ops.rs" 105 15 105 59 + let%span sops39 = "../../../../creusot-contracts/src/std/ops.rs" 106 14 106 36 + let%span sops40 = "../../../../creusot-contracts/src/std/ops.rs" 111 14 111 31 + let%span sops41 = "../../../../creusot-contracts/src/std/ops.rs" 116 15 116 29 + let%span sops42 = "../../../../creusot-contracts/src/std/ops.rs" 117 15 117 26 + let%span sops43 = "../../../../creusot-contracts/src/std/ops.rs" 118 14 118 28 + let%span sops44 = "../../../../creusot-contracts/src/std/ops.rs" 123 14 124 105 + let%span s06_map_precond45 = "06_map_precond.rs" 94 12 97 63 + let%span s06_map_precond46 = "06_map_precond.rs" 178 12 180 73 + let%span sinvariant47 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 + let%span sord48 = "../../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + let%span s06_map_precond49 = "06_map_precond.rs" 102 14 102 81 + let%span s06_map_precond50 = "06_map_precond.rs" 105 12 111 88 - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 use prelude.prelude.Borrow type closure2'1 = - { field_0'0: borrowed usize } + { field_0'0: borrowed UInt64.t } predicate resolve'1 (self : borrowed closure2'1) = [%#sresolve24] self.final = self.current @@ -2565,30 +2657,85 @@ module M_06_map_precond__counter [#"06_map_precond.rs" 222 0 222 48] use prelude.prelude.Intrinsic - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 use prelude.prelude.Snapshot use seq.Seq - constant v_MAX'0 : usize = (18446744073709551615 : usize) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.Int + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 + + use prelude.prelude.UInt64 + + function cmp_log'0 (self : UInt64.t) (o : UInt64.t) : t_Ordering'0 = + [%#sord48] if UInt64.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + + function eq_cmp'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom eq_cmp'0_spec : forall x : UInt64.t, y : UInt64.t . [%#sord37] (x = y) = (cmp_log'0 x y = C_Equal'0) + + function antisym2'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom antisym2'0_spec : forall x : UInt64.t, y : UInt64.t . ([%#sord35] cmp_log'0 x y = C_Greater'0) + -> ([%#sord36] cmp_log'0 y x = C_Less'0) + + function antisym1'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom antisym1'0_spec : forall x : UInt64.t, y : UInt64.t . ([%#sord33] cmp_log'0 x y = C_Less'0) + -> ([%#sord34] cmp_log'0 y x = C_Greater'0) + + function trans'0 (x : UInt64.t) (y : UInt64.t) (z : UInt64.t) (o : t_Ordering'0) : () + + axiom trans'0_spec : forall x : UInt64.t, y : UInt64.t, z : UInt64.t, o : t_Ordering'0 . ([%#sord30] cmp_log'0 x y + = o) -> ([%#sord31] cmp_log'0 y z = o) -> ([%#sord32] cmp_log'0 x z = o) + + function refl'0 (x : UInt64.t) : () + + axiom refl'0_spec : forall x : UInt64.t . [%#sord29] cmp_log'0 x x = C_Equal'0 + + use prelude.prelude.UInt64 + + function cmp_gt_log'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom cmp_gt_log'0_spec : forall x : UInt64.t, y : UInt64.t . [%#sord28] UInt64.ugt x y + = (cmp_log'0 x y = C_Greater'0) + + use prelude.prelude.UInt64 + + function cmp_ge_log'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom cmp_ge_log'0_spec : forall x : UInt64.t, y : UInt64.t . [%#sord27] UInt64.uge x y = (cmp_log'0 x y <> C_Less'0) + + function cmp_lt_log'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom cmp_lt_log'0_spec : forall x : UInt64.t, y : UInt64.t . [%#sord26] UInt64.ult x y = (cmp_log'0 x y = C_Less'0) + + use prelude.prelude.UInt64 + + function cmp_le_log'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom cmp_le_log'0_spec : forall x : UInt64.t, y : UInt64.t . [%#sord25] UInt64.ule x y + = (cmp_log'0 x y <> C_Greater'0) use seq.Seq use prelude.prelude.Snapshot - predicate postcondition_once'0 (self : closure2'1) (args : (uint32, Snapshot.snap_ty (Seq.seq uint32))) (result : uint32) + predicate postcondition_once'0 (self : closure2'1) (args : (UInt32.t, Snapshot.snap_ty (Seq.seq UInt32.t))) (result : UInt32.t) = - [%#s06_map_precond6] let (x, _prod) = args in UIntSize.to_int (self.field_0'0).final - = UIntSize.to_int (self.field_0'0).current + 1 + [%#s06_map_precond6] let (x, _prod) = args in UInt64.to_uint (self.field_0'0).final + = UInt64.to_uint (self.field_0'0).current + 1 - predicate resolve'4 (self : borrowed usize) = + predicate resolve'4 (self : borrowed UInt64.t) = [%#sresolve24] self.final = self.current - predicate resolve'3 (_1 : borrowed usize) = + predicate resolve'3 (_1 : borrowed UInt64.t) = resolve'4 _1 predicate resolve'2 (_1 : closure2'1) = @@ -2597,40 +2744,41 @@ module M_06_map_precond__counter [#"06_map_precond.rs" 222 0 222 48] predicate unnest'0 (self : closure2'1) (_2 : closure2'1) = (_2.field_0'0).final = (self.field_0'0).final - predicate postcondition_mut'0 (self : closure2'1) (args : (uint32, Snapshot.snap_ty (Seq.seq uint32))) (result_state : closure2'1) (result : uint32) + predicate postcondition_mut'0 (self : closure2'1) (args : (UInt32.t, Snapshot.snap_ty (Seq.seq UInt32.t))) (result_state : closure2'1) (result : UInt32.t) = - (let (x, _prod) = args in UIntSize.to_int (result_state.field_0'0).current - = UIntSize.to_int (self.field_0'0).current + 1) + (let (x, _prod) = args in UInt64.to_uint (result_state.field_0'0).current + = UInt64.to_uint (self.field_0'0).current + 1) /\ unnest'0 self result_state - function fn_mut_once'0 (self : closure2'1) (args : (uint32, Snapshot.snap_ty (Seq.seq uint32))) (res : uint32) : () + function fn_mut_once'0 (self : closure2'1) (args : (UInt32.t, Snapshot.snap_ty (Seq.seq UInt32.t))) (res : UInt32.t) : () + - axiom fn_mut_once'0_spec : forall self : closure2'1, args : (uint32, Snapshot.snap_ty (Seq.seq uint32)), res : uint32 . [%#sops31] postcondition_once'0 self args res + axiom fn_mut_once'0_spec : forall self : closure2'1, args : (UInt32.t, Snapshot.snap_ty (Seq.seq UInt32.t)), res : UInt32.t . [%#sops44] postcondition_once'0 self args res = (exists res_state : closure2'1 . postcondition_mut'0 self args res_state res /\ resolve'2 res_state) function unnest_trans'0 (self : closure2'1) (b : closure2'1) (c : closure2'1) : () - axiom unnest_trans'0_spec : forall self : closure2'1, b : closure2'1, c : closure2'1 . ([%#sops28] unnest'0 self b) - -> ([%#sops29] unnest'0 b c) -> ([%#sops30] unnest'0 self c) + axiom unnest_trans'0_spec : forall self : closure2'1, b : closure2'1, c : closure2'1 . ([%#sops41] unnest'0 self b) + -> ([%#sops42] unnest'0 b c) -> ([%#sops43] unnest'0 self c) function unnest_refl'0 (self : closure2'1) : () - axiom unnest_refl'0_spec : forall self : closure2'1 . [%#sops27] unnest'0 self self + axiom unnest_refl'0_spec : forall self : closure2'1 . [%#sops40] unnest'0 self self - function postcondition_mut_unnest'0 (self : closure2'1) (args : (uint32, Snapshot.snap_ty (Seq.seq uint32))) (res_state : closure2'1) (res : uint32) : () + function postcondition_mut_unnest'0 (self : closure2'1) (args : (UInt32.t, Snapshot.snap_ty (Seq.seq UInt32.t))) (res_state : closure2'1) (res : UInt32.t) : () - axiom postcondition_mut_unnest'0_spec : forall self : closure2'1, args : (uint32, Snapshot.snap_ty (Seq.seq uint32)), res_state : closure2'1, res : uint32 . ([%#sops25] postcondition_mut'0 self args res_state res) - -> ([%#sops26] unnest'0 self res_state) + axiom postcondition_mut_unnest'0_spec : forall self : closure2'1, args : (UInt32.t, Snapshot.snap_ty (Seq.seq UInt32.t)), res_state : closure2'1, res : UInt32.t . ([%#sops38] postcondition_mut'0 self args res_state res) + -> ([%#sops39] unnest'0 self res_state) - let rec closure2'0 (_1:borrowed closure2'1) (x:uint32) (_prod:Snapshot.snap_ty (Seq.seq uint32)) (return' (ret:uint32))= {[@expl:closure requires] [%#s06_map_precond5] UIntSize.to_int ((_1.current).field_0'0).current + let rec closure2'0 (_1:borrowed closure2'1) (x:UInt32.t) (_prod:Snapshot.snap_ty (Seq.seq UInt32.t)) (return' (ret:UInt32.t))= {[@expl:closure requires] [%#s06_map_precond5] UInt64.to_uint ((_1.current).field_0'0).current = Seq.length (Snapshot.inner _prod) - /\ ((_1.current).field_0'0).current < (v_MAX'0 : usize)} + /\ UInt64.ult ((_1.current).field_0'0).current (v_MAX'0 : UInt64.t)} (! bb0 [ bb0 = s0 - [ s0 = UIntSize.add {((_1.current).field_0'0).current} {[%#s06_map_precond4] (1 : usize)} - (fun (_ret':usize) -> + [ s0 = UInt64.add {((_1.current).field_0'0).current} {[%#s06_map_precond4] (1 : UInt64.t)} + (fun (_ret':UInt64.t) -> [ &_1 <- { _1 with current = { field_0'0 = { (_1.current).field_0'0 with current = _ret' } } } ] s1) | s1 = -{resolve'0 _1}- s2 @@ -2640,14 +2788,14 @@ module M_06_map_precond__counter [#"06_map_precond.rs" 222 0 222 48] | s5 = return' {_0} ] ] ) - [ & _0 : uint32 = any_l () + [ & _0 : UInt32.t = any_l () | & _1 : borrowed closure2'1 = _1 - | & x : uint32 = x - | & res : uint32 = any_l () - | & res1 : uint32 = any_l () ] + | & x : UInt32.t = x + | & res : UInt32.t = any_l () + | & res1 : UInt32.t = any_l () ] - [ return' (result:uint32)-> {[@expl:closure ensures] [%#s06_map_precond6] UIntSize.to_int ((_1.final).field_0'0).current - = UIntSize.to_int ((_1.current).field_0'0).current + 1} + [ return' (result:UInt32.t)-> {[@expl:closure ensures] [%#s06_map_precond6] UInt64.to_uint ((_1.final).field_0'0).current + = UInt64.to_uint ((_1.current).field_0'0).current + 1} {[@expl:closure unnest] unnest'0 _1.current _1.final} (! return' {result}) ] @@ -2660,9 +2808,9 @@ module M_06_map_precond__counter [#"06_map_precond.rs" 222 0 222 48] axiom inv_axiom'3 [@rewrite] : forall x : closure2'1 [inv'4 x] . inv'4 x = true - predicate inv'5 (_1 : uint32) + predicate inv'5 (_1 : UInt32.t) - axiom inv_axiom'4 [@rewrite] : forall x : uint32 [inv'5 x] . inv'5 x = true + axiom inv_axiom'4 [@rewrite] : forall x : UInt32.t [inv'5 x] . inv'5 x = true use seq.Seq @@ -2670,12 +2818,12 @@ module M_06_map_precond__counter [#"06_map_precond.rs" 222 0 222 48] use seq.Seq - predicate produces'0 [#"common.rs" 8 4 8 65] (self : t_I'0) (visited : Seq.seq uint32) (o : t_I'0) + predicate produces'0 [#"common.rs" 8 4 8 65] (self : t_I'0) (visited : Seq.seq UInt32.t) (o : t_I'0) - function produces_trans'0 [#"common.rs" 25 4 25 91] (a : t_I'0) (ab : Seq.seq uint32) (b : t_I'0) (bc : Seq.seq uint32) (c : t_I'0) : () + function produces_trans'0 [#"common.rs" 25 4 25 91] (a : t_I'0) (ab : Seq.seq UInt32.t) (b : t_I'0) (bc : Seq.seq UInt32.t) (c : t_I'0) : () - axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq uint32, b : t_I'0, bc : Seq.seq uint32, c : t_I'0 . ([%#scommon18] inv'1 a) + axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq UInt32.t, b : t_I'0, bc : Seq.seq UInt32.t, c : t_I'0 . ([%#scommon18] inv'1 a) -> ([%#scommon19] inv'1 b) -> ([%#scommon20] inv'1 c) -> ([%#scommon21] produces'0 a ab b) @@ -2684,17 +2832,17 @@ module M_06_map_precond__counter [#"06_map_precond.rs" 222 0 222 48] function produces_refl'0 [#"common.rs" 16 4 16 27] (self : t_I'0) : () axiom produces_refl'0_spec : forall self : t_I'0 . ([%#scommon16] inv'1 self) - -> ([%#scommon17] produces'0 self (Seq.empty : Seq.seq uint32) self) + -> ([%#scommon17] produces'0 self (Seq.empty : Seq.seq UInt32.t) self) use prelude.prelude.Snapshot - predicate precondition'0 (self : closure2'1) (args : (uint32, Snapshot.snap_ty (Seq.seq uint32))) = - [%#s06_map_precond5] let (x, _prod) = args in UIntSize.to_int (self.field_0'0).current + predicate precondition'0 (self : closure2'1) (args : (UInt32.t, Snapshot.snap_ty (Seq.seq UInt32.t))) = + [%#s06_map_precond5] let (x, _prod) = args in UInt64.to_uint (self.field_0'0).current = Seq.length (Snapshot.inner _prod) - /\ (self.field_0'0).current < (v_MAX'0 : usize) + /\ UInt64.ult (self.field_0'0).current (v_MAX'0 : UInt64.t) predicate invariant'1 (self : borrowed t_I'0) = - [%#sinvariant34] inv'1 self.current /\ inv'1 self.final + [%#sinvariant47] inv'1 self.current /\ inv'1 self.final predicate inv'2 (_1 : borrowed t_I'0) @@ -2702,15 +2850,15 @@ module M_06_map_precond__counter [#"06_map_precond.rs" 222 0 222 48] predicate completed'0 [#"common.rs" 11 4 11 36] (self : borrowed t_I'0) - predicate next_precondition'0 [#"06_map_precond.rs" 92 4 92 74] (iter : t_I'0) (func : closure2'1) (produced : Seq.seq uint32) + predicate next_precondition'0 [#"06_map_precond.rs" 92 4 92 74] (iter : t_I'0) (func : closure2'1) (produced : Seq.seq UInt32.t) = - [%#s06_map_precond32] forall e : uint32, i : t_I'0 [produces'0 iter (Seq.singleton e) i] . inv'5 e + [%#s06_map_precond45] forall e : UInt32.t, i : t_I'0 [produces'0 iter (Seq.singleton e) i] . inv'5 e /\ inv'1 i /\ produces'0 iter (Seq.singleton e) i -> precondition'0 func (e, Snapshot.new produced) - predicate inv'3 (_1 : Seq.seq uint32) + predicate inv'3 (_1 : Seq.seq UInt32.t) - axiom inv_axiom'2 [@rewrite] : forall x : Seq.seq uint32 [inv'3 x] . inv'3 x = true + axiom inv_axiom'2 [@rewrite] : forall x : Seq.seq UInt32.t [inv'3 x] . inv'3 x = true predicate inv'6 (_1 : borrowed closure2'1) @@ -2719,7 +2867,7 @@ module M_06_map_precond__counter [#"06_map_precond.rs" 222 0 222 48] use seq.Seq predicate preservation'0 [#"06_map_precond.rs" 116 4 116 45] (iter : t_I'0) (func : closure2'1) = - [%#s06_map_precond15] forall s : Seq.seq uint32, e1 : uint32, e2 : uint32, f : borrowed closure2'1, b : uint32, i : t_I'0 . inv'3 s + [%#s06_map_precond15] forall s : Seq.seq UInt32.t, e1 : UInt32.t, e2 : UInt32.t, f : borrowed closure2'1, b : UInt32.t, i : t_I'0 . inv'3 s /\ inv'5 e1 /\ inv'5 e2 /\ inv'6 f /\ inv'5 b /\ inv'1 i /\ unnest'0 func f.current -> produces'0 iter (Seq.snoc (Seq.snoc s e1) e2) i -> precondition'0 f.current (e1, Snapshot.new s) @@ -2729,26 +2877,26 @@ module M_06_map_precond__counter [#"06_map_precond.rs" 222 0 222 48] predicate reinitialize'0 [#"06_map_precond.rs" 128 4 128 29] (_1 : ()) = [%#s06_map_precond14] forall iter : borrowed t_I'0, func : closure2'1 . inv'2 iter /\ inv'4 func -> completed'0 iter - -> next_precondition'0 iter.final func (Seq.empty : Seq.seq uint32) /\ preservation'0 iter.final func + -> next_precondition'0 iter.final func (Seq.empty : Seq.seq UInt32.t) /\ preservation'0 iter.final func type t_Map'0 = - { t_Map__iter'0: t_I'0; t_Map__func'0: closure2'1; t_Map__produced'0: Snapshot.snap_ty (Seq.seq uint32) } + { t_Map__iter'0: t_I'0; t_Map__func'0: closure2'1; t_Map__produced'0: Snapshot.snap_ty (Seq.seq UInt32.t) } - predicate preservation_inv'0 [#"06_map_precond.rs" 103 4 103 73] (iter : t_I'0) (func : closure2'1) (produced : Seq.seq uint32) + predicate preservation_inv'0 [#"06_map_precond.rs" 103 4 103 73] (iter : t_I'0) (func : closure2'1) (produced : Seq.seq UInt32.t) = - [%#s06_map_precond36] forall s : Seq.seq uint32, e1 : uint32, e2 : uint32, f : borrowed closure2'1, b : uint32, i : t_I'0 [produces'0 iter (Seq.snoc (Seq.snoc s e1) e2) i, postcondition_mut'0 f.current (e1, Snapshot.new (Seq.(++) produced s)) f.final b] . inv'3 s + [%#s06_map_precond50] forall s : Seq.seq UInt32.t, e1 : UInt32.t, e2 : UInt32.t, f : borrowed closure2'1, b : UInt32.t, i : t_I'0 [produces'0 iter (Seq.snoc (Seq.snoc s e1) e2) i, postcondition_mut'0 f.current (e1, Snapshot.new (Seq.(++) produced s)) f.final b] . inv'3 s /\ inv'5 e1 /\ inv'5 e2 /\ inv'6 f /\ inv'5 b /\ inv'1 i /\ unnest'0 func f.current -> produces'0 iter (Seq.snoc (Seq.snoc s e1) e2) i -> precondition'0 f.current (e1, Snapshot.new (Seq.(++) produced s)) -> postcondition_mut'0 f.current (e1, Snapshot.new (Seq.(++) produced s)) f.final b -> precondition'0 f.final (e2, Snapshot.new (Seq.snoc (Seq.(++) produced s) e1)) - axiom preservation_inv'0_spec : forall iter : t_I'0, func : closure2'1, produced : Seq.seq uint32 . [%#s06_map_precond35] produced - = (Seq.empty : Seq.seq uint32) -> preservation_inv'0 iter func produced = preservation'0 iter func + axiom preservation_inv'0_spec : forall iter : t_I'0, func : closure2'1, produced : Seq.seq UInt32.t . [%#s06_map_precond49] produced + = (Seq.empty : Seq.seq UInt32.t) -> preservation_inv'0 iter func produced = preservation'0 iter func predicate invariant'0 [#"06_map_precond.rs" 176 4 176 30] (self : t_Map'0) = - [%#s06_map_precond33] reinitialize'0 () + [%#s06_map_precond46] reinitialize'0 () /\ preservation_inv'0 self.t_Map__iter'0 self.t_Map__func'0 (Snapshot.inner self.t_Map__produced'0) /\ next_precondition'0 self.t_Map__iter'0 self.t_Map__func'0 (Snapshot.inner self.t_Map__produced'0) @@ -2762,14 +2910,16 @@ module M_06_map_precond__counter [#"06_map_precond.rs" 222 0 222 48] let rec map'0 (iter:t_I'0) (func:closure2'1) (return' (ret:t_Map'0))= {[@expl:map 'iter' type invariant] [%#s06_map_precond7] inv'1 iter} {[@expl:map 'func' type invariant] [%#s06_map_precond8] inv'4 func} - {[@expl:map requires #0] [%#s06_map_precond9] forall e : uint32, i2 : t_I'0 . inv'5 e /\ inv'1 i2 - -> produces'0 iter (Seq.singleton e) i2 -> precondition'0 func (e, Snapshot.new (Seq.empty : Seq.seq uint32))} + {[@expl:map requires #0] [%#s06_map_precond9] forall e : UInt32.t, i2 : t_I'0 . inv'5 e /\ inv'1 i2 + -> produces'0 iter (Seq.singleton e) i2 -> precondition'0 func (e, Snapshot.new (Seq.empty : Seq.seq UInt32.t))} {[@expl:map requires #1] [%#s06_map_precond10] reinitialize'0 ()} {[@expl:map requires #2] [%#s06_map_precond11] preservation'0 iter func} any [ return' (result:t_Map'0)-> {[%#s06_map_precond12] inv'0 result} {[%#s06_map_precond13] result - = { t_Map__iter'0 = iter; t_Map__func'0 = func; t_Map__produced'0 = Snapshot.new (Seq.empty : Seq.seq uint32) }} + = { t_Map__iter'0 = iter; + t_Map__func'0 = func; + t_Map__produced'0 = Snapshot.new (Seq.empty : Seq.seq UInt32.t) }} (! return' {result}) ] @@ -2777,16 +2927,16 @@ module M_06_map_precond__counter [#"06_map_precond.rs" 222 0 222 48] let rec counter'0 (iter:t_I'0) (return' (ret:()))= {[@expl:counter 'iter' type invariant] [%#s06_map_precond1] inv'1 iter} {[@expl:counter requires #0] [%#s06_map_precond2] forall done' : borrowed t_I'0 . inv'2 done' /\ completed'0 done' - -> (forall next : t_I'0, steps : Seq.seq uint32 . produces'0 done'.final steps next - -> steps = (Seq.empty : Seq.seq uint32) /\ done'.final = next)} - {[@expl:counter requires #1] [%#s06_map_precond3] forall prod : Seq.seq uint32, fin : t_I'0 . inv'3 prod - /\ inv'1 fin /\ produces'0 iter prod fin -> Seq.length prod <= UIntSize.to_int (v_MAX'0 : usize)} + -> (forall next : t_I'0, steps : Seq.seq UInt32.t . produces'0 done'.final steps next + -> steps = (Seq.empty : Seq.seq UInt32.t) /\ done'.final = next)} + {[@expl:counter requires #1] [%#s06_map_precond3] forall prod : Seq.seq UInt32.t, fin : t_I'0 . inv'3 prod + /\ inv'1 fin /\ produces'0 iter prod fin -> Seq.length prod <= UInt64.to_uint (v_MAX'0 : UInt64.t)} (! bb0 [ bb0 = bb1 | bb1 = s0 - [ s0 = [ &cnt <- [%#s06_map_precond0] (0 : usize) ] s1 - | s1 = Borrow.borrow_mut {cnt} - (fun (_ret':borrowed usize) -> [ &_8 <- _ret' ] [ &cnt <- _ret'.final ] s2) + [ s0 = [ &cnt <- [%#s06_map_precond0] (0 : UInt64.t) ] s1 + | s1 = Borrow.borrow_mut {cnt} + (fun (_ret':borrowed UInt64.t) -> [ &_8 <- _ret' ] [ &cnt <- _ret'.final ] s2) | s2 = [ &_7 <- { field_0'0 = _8 } ] s3 | s3 = map'0 {iter} {_7} (fun (_ret':t_Map'0) -> [ &_5 <- _ret' ] s4) | s4 = {[@expl:type invariant] inv'0 _5} s5 @@ -2798,10 +2948,10 @@ module M_06_map_precond__counter [#"06_map_precond.rs" 222 0 222 48] ) [ & _0 : () = any_l () | & iter : t_I'0 = iter - | & cnt : usize = any_l () + | & cnt : UInt64.t = any_l () | & _5 : t_Map'0 = any_l () | & _7 : closure2'1 = any_l () - | & _8 : borrowed usize = any_l () ] + | & _8 : borrowed UInt64.t = any_l () ] [ return' (result:())-> (! return' {result}) ] end module M_06_map_precond__qyi18374305379273630819__next__refines [#"06_map_precond.rs" 72 4 72 44] (* as common::Iterator> *) diff --git a/creusot/tests/should_succeed/iterators/08_collect_extend.coma b/creusot/tests/should_succeed/iterators/08_collect_extend.coma index 78fac05834..8a623cb3dd 100644 --- a/creusot/tests/should_succeed/iterators/08_collect_extend.coma +++ b/creusot/tests/should_succeed/iterators/08_collect_extend.coma @@ -68,28 +68,28 @@ module M_08_collect_extend__extend [#"08_collect_extend.rs" 27 0 27 66] type t_Unique'0 = { t_Unique__pointer'0: t_NonNull'0; t_Unique__qy95zmarker'0: () } - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 type t_Cap'0 = - { t_Cap__0'0: usize } + { t_Cap__0'0: UInt64.t } type t_RawVec'0 = { t_RawVec__ptr'0: t_Unique'0; t_RawVec__cap'0: t_Cap'0; t_RawVec__alloc'0: () } type t_Vec'0 = - { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: usize } + { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: UInt64.t } use seq.Seq - constant v_MAX'0 : usize = (18446744073709551615 : usize) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.UIntSize - - use prelude.prelude.Int + use prelude.prelude.UInt64 function view'2 (self : t_Vec'0) : Seq.seq t_T'0 - axiom view'2_spec : forall self : t_Vec'0 . [%#svec15] Seq.length (view'2 self) <= UIntSize.to_int (v_MAX'0 : usize) + axiom view'2_spec : forall self : t_Vec'0 . [%#svec15] Seq.length (view'2 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) function view'0 (self : borrowed (t_Vec'0)) : Seq.seq t_T'0 = [%#smodel11] view'2 self.current @@ -370,24 +370,24 @@ module M_08_collect_extend__collect [#"08_collect_extend.rs" 46 0 46 52] type t_Unique'0 = { t_Unique__pointer'0: t_NonNull'0; t_Unique__qy95zmarker'0: () } - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 type t_Cap'0 = - { t_Cap__0'0: usize } + { t_Cap__0'0: UInt64.t } type t_RawVec'0 = { t_RawVec__ptr'0: t_Unique'0; t_RawVec__cap'0: t_Cap'0; t_RawVec__alloc'0: () } type t_Vec'0 = - { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: usize } + { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: UInt64.t } use seq.Seq - constant v_MAX'0 : usize = (18446744073709551615 : usize) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.UIntSize - - use prelude.prelude.Int + use prelude.prelude.UInt64 type t_Item'0 @@ -395,7 +395,7 @@ module M_08_collect_extend__collect [#"08_collect_extend.rs" 46 0 46 52] function view'0 (self : t_Vec'0) : Seq.seq t_Item'0 - axiom view'0_spec : forall self : t_Vec'0 . [%#svec12] Seq.length (view'0 self) <= UIntSize.to_int (v_MAX'0 : usize) + axiom view'0_spec : forall self : t_Vec'0 . [%#svec12] Seq.length (view'0 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) use seq.Seq @@ -670,16 +670,18 @@ module M_08_collect_extend__extend_index [#"08_collect_extend.rs" 57 0 57 51] type t_Unique'0 = { t_Unique__pointer'0: t_NonNull'0; t_Unique__qy95zmarker'0: () } - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 type t_Cap'0 = - { t_Cap__0'0: usize } + { t_Cap__0'0: UInt64.t } type t_RawVec'0 = { t_RawVec__ptr'0: t_Unique'0; t_RawVec__cap'0: t_Cap'0; t_RawVec__alloc'0: () } type t_Vec'0 = - { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: usize } + { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: UInt64.t } predicate inv'0 (_1 : t_Vec'0) @@ -694,7 +696,7 @@ module M_08_collect_extend__extend_index [#"08_collect_extend.rs" 57 0 57 51] type t_IntoIter'0 = { t_IntoIter__buf'0: t_NonNull'0; t_IntoIter__phantom'0: (); - t_IntoIter__cap'0: usize; + t_IntoIter__cap'0: UInt64.t; t_IntoIter__alloc'0: t_ManuallyDrop'0; t_IntoIter__ptr'0: t_NonNull'0; t_IntoIter__end'0: opaque_ptr } @@ -705,21 +707,19 @@ module M_08_collect_extend__extend_index [#"08_collect_extend.rs" 57 0 57 51] use seq.Seq - constant v_MAX'0 : usize = (18446744073709551615 : usize) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.UIntSize - - use prelude.prelude.Int + use prelude.prelude.UInt64 use prelude.prelude.UInt32 use seq.Seq - function view'0 (self : t_Vec'0) : Seq.seq uint32 + function view'0 (self : t_Vec'0) : Seq.seq UInt32.t - axiom view'0_spec : forall self : t_Vec'0 . [%#svec7] Seq.length (view'0 self) <= UIntSize.to_int (v_MAX'0 : usize) + axiom view'0_spec : forall self : t_Vec'0 . [%#svec7] Seq.length (view'0 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) - function view'4 (self : t_IntoIter'0) : Seq.seq uint32 + function view'4 (self : t_IntoIter'0) : Seq.seq UInt32.t predicate into_iter_post'0 (self : t_Vec'0) (res : t_IntoIter'0) = [%#svec10] view'0 self = view'4 res @@ -738,46 +738,46 @@ module M_08_collect_extend__extend_index [#"08_collect_extend.rs" 57 0 57 51] axiom inv_axiom'3 [@rewrite] : forall x : borrowed (t_IntoIter'0) [inv'3 x] . inv'3 x = true - predicate inv'4 (_1 : Seq.seq uint32) + predicate inv'4 (_1 : Seq.seq UInt32.t) - axiom inv_axiom'4 [@rewrite] : forall x : Seq.seq uint32 [inv'4 x] . inv'4 x = true + axiom inv_axiom'4 [@rewrite] : forall x : Seq.seq UInt32.t [inv'4 x] . inv'4 x = true use seq.Seq use seq.Seq - predicate produces'0 (self : t_IntoIter'0) (visited : Seq.seq uint32) (rhs : t_IntoIter'0) = + predicate produces'0 (self : t_IntoIter'0) (visited : Seq.seq UInt32.t) (rhs : t_IntoIter'0) = [%#svec12] view'4 self = Seq.(++) visited (view'4 rhs) - function produces_trans'0 (a : t_IntoIter'0) (ab : Seq.seq uint32) (b : t_IntoIter'0) (bc : Seq.seq uint32) (c : t_IntoIter'0) : () + function produces_trans'0 (a : t_IntoIter'0) (ab : Seq.seq UInt32.t) (b : t_IntoIter'0) (bc : Seq.seq UInt32.t) (c : t_IntoIter'0) : () = [%#svec21] () - axiom produces_trans'0_spec : forall a : t_IntoIter'0, ab : Seq.seq uint32, b : t_IntoIter'0, bc : Seq.seq uint32, c : t_IntoIter'0 . ([%#svec18] produces'0 a ab b) + axiom produces_trans'0_spec : forall a : t_IntoIter'0, ab : Seq.seq UInt32.t, b : t_IntoIter'0, bc : Seq.seq UInt32.t, c : t_IntoIter'0 . ([%#svec18] produces'0 a ab b) -> ([%#svec19] produces'0 b bc c) -> ([%#svec20] produces'0 a (Seq.(++) ab bc) c) function produces_refl'0 (self : t_IntoIter'0) : () = [%#svec17] () - axiom produces_refl'0_spec : forall self : t_IntoIter'0 . [%#svec16] produces'0 self (Seq.empty : Seq.seq uint32) self + axiom produces_refl'0_spec : forall self : t_IntoIter'0 . [%#svec16] produces'0 self (Seq.empty : Seq.seq UInt32.t) self predicate resolve'2 (self : borrowed (t_IntoIter'0)) = [%#sresolve14] self.final = self.current - function view'5 (self : borrowed (t_IntoIter'0)) : Seq.seq uint32 = + function view'5 (self : borrowed (t_IntoIter'0)) : Seq.seq UInt32.t = [%#smodel13] view'4 self.current predicate completed'0 (self : borrowed (t_IntoIter'0)) = - [%#svec11] resolve'2 self /\ view'5 self = (Seq.empty : Seq.seq uint32) + [%#svec11] resolve'2 self /\ view'5 self = (Seq.empty : Seq.seq UInt32.t) - function view'2 (self : borrowed (t_Vec'0)) : Seq.seq uint32 = + function view'2 (self : borrowed (t_Vec'0)) : Seq.seq UInt32.t = [%#smodel13] view'0 self.current let rec extend'0 (vec:borrowed (t_Vec'0)) (iter:t_IntoIter'0) (return' (ret:()))= {[@expl:extend 'vec' type invariant] [%#s08_collect_extend4] inv'2 vec} {[@expl:extend 'iter' type invariant] [%#s08_collect_extend5] inv'1 iter} any - [ return' (result:())-> {[%#s08_collect_extend6] exists done' : borrowed (t_IntoIter'0), prod : Seq.seq uint32 . inv'3 done' + [ return' (result:())-> {[%#s08_collect_extend6] exists done' : borrowed (t_IntoIter'0), prod : Seq.seq UInt32.t . inv'3 done' /\ inv'4 prod /\ completed'0 done' /\ produces'0 iter prod done'.current /\ view'0 vec.final = Seq.(++) (view'2 vec) prod} (! return' {result}) ] @@ -793,10 +793,10 @@ module M_08_collect_extend__extend_index [#"08_collect_extend.rs" 57 0 57 51] use prelude.prelude.Snapshot - function view'3 (self : t_Vec'0) : Seq.seq uint32 = + function view'3 (self : t_Vec'0) : Seq.seq UInt32.t = [%#smodel15] view'0 self - function view'1 (self : Snapshot.snap_ty (t_Vec'0)) : Seq.seq uint32 = + function view'1 (self : Snapshot.snap_ty (t_Vec'0)) : Seq.seq UInt32.t = [%#ssnapshot8] view'3 (Snapshot.inner self) use seq.Seq @@ -869,16 +869,18 @@ module M_08_collect_extend__collect_example [#"08_collect_extend.rs" 67 0 67 56] type t_Unique'0 = { t_Unique__pointer'0: t_NonNull'0; t_Unique__qy95zmarker'0: () } - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 type t_Cap'0 = - { t_Cap__0'0: usize } + { t_Cap__0'0: UInt64.t } type t_RawVec'0 = { t_RawVec__ptr'0: t_Unique'0; t_RawVec__cap'0: t_Cap'0; t_RawVec__alloc'0: () } type t_Vec'0 = - { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: usize } + { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: UInt64.t } predicate inv'1 (_1 : t_Vec'0) @@ -897,19 +899,19 @@ module M_08_collect_extend__collect_example [#"08_collect_extend.rs" 67 0 67 56] axiom inv_axiom'1 [@rewrite] : forall x : borrowed t_I'0 [inv'2 x] . inv'2 x = invariant'0 x - predicate inv'3 (_1 : Seq.seq uint32) + predicate inv'3 (_1 : Seq.seq UInt32.t) - axiom inv_axiom'2 [@rewrite] : forall x : Seq.seq uint32 [inv'3 x] . inv'3 x = true + axiom inv_axiom'2 [@rewrite] : forall x : Seq.seq UInt32.t [inv'3 x] . inv'3 x = true use seq.Seq use seq.Seq - predicate produces'0 (self : t_I'0) (visited : Seq.seq uint32) (o : t_I'0) + predicate produces'0 (self : t_I'0) (visited : Seq.seq UInt32.t) (o : t_I'0) - function produces_trans'0 (a : t_I'0) (ab : Seq.seq uint32) (b : t_I'0) (bc : Seq.seq uint32) (c : t_I'0) : () + function produces_trans'0 (a : t_I'0) (ab : Seq.seq UInt32.t) (b : t_I'0) (bc : Seq.seq UInt32.t) (c : t_I'0) : () - axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq uint32, b : t_I'0, bc : Seq.seq uint32, c : t_I'0 . ([%#siter10] inv'0 a) + axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq UInt32.t, b : t_I'0, bc : Seq.seq UInt32.t, c : t_I'0 . ([%#siter10] inv'0 a) -> ([%#siter11] inv'0 b) -> ([%#siter12] inv'0 c) -> ([%#siter13] produces'0 a ab b) @@ -918,33 +920,31 @@ module M_08_collect_extend__collect_example [#"08_collect_extend.rs" 67 0 67 56] function produces_refl'0 (self : t_I'0) : () axiom produces_refl'0_spec : forall self : t_I'0 . ([%#siter8] inv'0 self) - -> ([%#siter9] produces'0 self (Seq.empty : Seq.seq uint32) self) + -> ([%#siter9] produces'0 self (Seq.empty : Seq.seq UInt32.t) self) predicate completed'0 (self : borrowed t_I'0) use seq.Seq - constant v_MAX'0 : usize = (18446744073709551615 : usize) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.UIntSize - - use prelude.prelude.Int + use prelude.prelude.UInt64 - function view'0 (self : t_Vec'0) : Seq.seq uint32 + function view'0 (self : t_Vec'0) : Seq.seq UInt32.t - axiom view'0_spec : forall self : t_Vec'0 . [%#svec6] Seq.length (view'0 self) <= UIntSize.to_int (v_MAX'0 : usize) + axiom view'0_spec : forall self : t_Vec'0 . [%#svec6] Seq.length (view'0 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) let rec collect'0 (iter:t_I'0) (return' (ret:t_Vec'0))= {[@expl:collect 'iter' type invariant] [%#s08_collect_extend3] inv'0 iter} any [ return' (result:t_Vec'0)-> {[%#s08_collect_extend4] inv'1 result} - {[%#s08_collect_extend5] exists done' : borrowed t_I'0, prod : Seq.seq uint32 . inv'2 done' + {[%#s08_collect_extend5] exists done' : borrowed t_I'0, prod : Seq.seq UInt32.t . inv'2 done' /\ inv'3 prod /\ completed'0 done' /\ produces'0 iter prod done'.current /\ view'0 result = prod} (! return' {result}) ] use seq.Seq - function index_logic'0 [@inline:trivial] (self : t_Vec'0) (ix : int) : uint32 = + function index_logic'0 [@inline:trivial] (self : t_Vec'0) (ix : int) : UInt32.t = [%#sops7] Seq.get (view'0 self) ix use prelude.prelude.UInt32 @@ -954,15 +954,15 @@ module M_08_collect_extend__collect_example [#"08_collect_extend.rs" 67 0 67 56] meta "compute_max_steps" 1000000 let rec collect_example'0 (iter:t_I'0) (return' (ret:()))= {[@expl:collect_example 'iter' type invariant] [%#s08_collect_extend1] inv'0 iter} - {[@expl:collect_example requires] [%#s08_collect_extend2] forall prod : Seq.seq uint32, fin : t_I'0 . inv'0 fin + {[@expl:collect_example requires] [%#s08_collect_extend2] forall prod : Seq.seq UInt32.t, fin : t_I'0 . inv'0 fin /\ produces'0 iter prod fin - -> (forall i : int . 0 <= i /\ i < Seq.length prod -> UInt32.to_int (Seq.get prod i) = i)} + -> (forall i : int . 0 <= i /\ i < Seq.length prod -> UInt32.to_uint (Seq.get prod i) = i)} (! bb0 [ bb0 = bb1 | bb1 = s0 [ s0 = collect'0 {iter} (fun (_ret':t_Vec'0) -> [ &v <- _ret' ] s1) | s1 = bb2 ] | bb2 = s0 [ s0 = {[@expl:assertion] [%#s08_collect_extend0] forall i : int . 0 <= i /\ i < Seq.length (view'0 v) - -> UInt32.to_int (index_logic'0 v i) = i} + -> UInt32.to_uint (index_logic'0 v i) = i} s1 | s1 = bb3 ] diff --git a/creusot/tests/should_succeed/iterators/08_collect_extend/why3session.xml b/creusot/tests/should_succeed/iterators/08_collect_extend/why3session.xml index c7555af89f..85bc936435 100644 --- a/creusot/tests/should_succeed/iterators/08_collect_extend/why3session.xml +++ b/creusot/tests/should_succeed/iterators/08_collect_extend/why3session.xml @@ -7,22 +7,22 @@ - + - + - + - + diff --git a/creusot/tests/should_succeed/iterators/08_collect_extend/why3shapes.gz b/creusot/tests/should_succeed/iterators/08_collect_extend/why3shapes.gz index 31b3b1f6aa25838e2e8c784119021f5f32d7c00b..c6f5a792581d4a9cb824d8eee5a1b981dca39051 100644 GIT binary patch literal 1179 zcmV;M1Z4XkiwFP!00000|J|3tZsRr(hVOog+}v(19FiiXMSL)V2-Kmu6d-ytXqnCm zO{7#-lJ@O8lthZMoJ|%eTA-I?I2w|p;Xj|~pT1n3zL{rxx_Y(kscP!4SK{i+&nt7Y zF^{%>=)RfP%D%0sCZ=n4FIC-{*WEAM-_|5wnW}y@ZDs0i%{BbthHI%I_eLB5nhpU} z)7%?z0Ml#;;F{&$hy#e`LjW4NH&*7kZ4NJ`J>e)Z*VkI;RA)u(mJ3gUQL^aQ0QYDx zf+xvm%K|a>>ACw04IcsXx2GD$*Jo(u!CKvR=5}}A)OJmJr_jLA^K0{j9<5=lNrF}$ ztkwO!*-TM1(G)8ZjkjjA8IFaRebcthn?0I8Ip+i;~}rY zY`ju2+f&_?7b;}Rm$tQahw&JtX&T;FTz>P#gkn@CmH80PqmW{DY{DHIy6|7*<@q*b z>XYZ;oKS42da|9#FF{Y(g=Sk*Hc!u37R-?Jg#Z?ung`qMs>9-en>%$&T!1tZ0t2_i)IyXM zW8+}8FQxV2p1!9k&3!!}4Nfw1hQ52hxlp%7RPOKg3C2cyd5f-k-0XTVFGx&2ATjYA zC7z?iaWtx@lN%xsu{eXGSa`StrOz&;89aQB$!w%#;AwWwND>%H0wc*KM#cy1$;ty+ zoi+b*01F&tfurn4IO?GBX*Oc;e*nNhI5H<3%vJq9*^-NaMR=z?#>D4H7I!I+TH`}n zO|cQQ{!f@9modfveN6pRR0t9nr_QERcIuXWQL# zbLxg~B?KCQ=t~enTCDr3^C%=9g~12@q6+S!x_~TQLbmf4SmrOV%=?(XlA_^#NKenJ zWClv%_$zhR-zOt~x^(qSKD&*AuNmNj=pgv{2Z_!`?7e0I(HAm__yQuVMdz{9J-eh* zIxK?nm{UPIjD;&wI>&(UV}0wH06PYScVlZ%^rw25-N$X+|r{g8MpEv z_h2OKuYjmbrAjKH62%o$RDmL^1ED36DHk|5OHw${JvD;wc_~R*QgHJiRUj1z1&IQ# zfGME;ba#oddwL+&BqB`=ms}hTWAw;uBJl}iZa$TY3Plq|xuUo+P6kDB-E4IvsmWwk tW~@w1X-bx4CP_$n*k=b)66U5e%$6xe6$8a^wM@};^*228+=%uM000mXKUx3) literal 1176 zcmV;J1ZVpniwFP!00000|J|2OZ{s!)hVS|nxw+k3IKwZghz~{(fjV?A1qQttw8dnF zCQ@o^llI>ilth}coNN|Yv_LNgH5yXGnRg!2KYhA7ezDK)c=h5A$EIt4xl&i3e$MR8 z+CIAWq5ooE8uz+FVz%$LP21a-?XR2PSFFrz)4te4W7~cu2>$esD@{;_LFxd6qXQC_ zVURj-;-iBgUWP&Hz(|Y^j6@j*nSDNV_1C>St{6#seNBpTDyr117Zyp1bTzC2{?#~$ z7Fo`g1!mpTbN@F13m!1vJrYdY=LFOK{V2Qb?d|q+*SZxOjEaEU+wE`NlUp$&m~tWs zrlj~$_W842pS(~K@-lti*!6m>3bVWJaOhrLy?XkCP}}>awT}eaHnsn~z8?L+w(gZc z*rsjW!9Vy{!vjHKk4^jV==!cDRGTri?=QSb@^e~~Kz-l?glsdVF^up-ajnN7((j2F zS7p~hsHp9+?e-TkWcObW2iNulnotwwalh*F&KDD^Ntvk2(Oo1i)vRpFm#wmE!ldLV z%1w+k1TSKp7=a+pHZ%E2;w*jzi;dlPPtT98ceP)zm{K@Q8-<6(U1bmM*gd{DuT4Ge zYzQ&fVOED2=P1^b+nErMkP*W4rHk*X+cdzL3*>}oA6&m}>ctB`_tY(E0`f!%9Q+ce z7D8T4jf1?r6xKJt8G0JA4EcaO8rjSk`|j=LBA9?Oru*GKAt;h>g%M^0ZnguL7a(Tu zgO~-3vVc+MF`A^)tBs_m;*5!EVG*8_A-EW2w1_z+iwTkur^PuUSwtj@h-8-#nbtRe zRYb7*(fr^59x=)zM)~(()HCD5Xe9hE_!j}k=758_sNV*gyy#fPJ(VdXJ_fS1Nk!5b z--Ol4H(}QQiBjw`rNqBasUHQU__9p<24o`L0RXXz@*_<$U940LUoAUg@bOW2?Dg)j zeeRC^cvM295vU;r(dFP)Eb9XbSwLa5LAa-azo#x3iwnl~;rhzM^_2%34;NBSBG?4U zfGauUr1JRHR1CMt#GWrr1Cr0~q7YIBWtP@KoF7Lxd*W~P3aBBEGQkU|xE9WR(Z9PS zQXCf{DCSVmo?`KWl+S74pC_Of0RxcVMJebYh3|^tl2G`d`mpR$C;4f*K&G0ZwYbpaz`Pj{C}s@vq17&q(U%kKWL)It-$P&n1yhiijxpl3574SY8^| zlL>6o*6y$EWB1VP2aOHM#LC`y8O_%L*w~x(p80<))!DzK=yEDKKPx#8@Jp7P^2hID ziQse=dFIDBA6!3n{m}R~UI}A#1R{i`&chmIal%p=Nyy49Ly#bM*6nI60CLA_>jW3~ z&N^F2&{x1rVREC5GSUdc4H_^ktD%4pO4z0GAIoSgWMn*1cS^#k#UfU?RT~i q_jxT{?LgtKK($k-twZOhb743)91RD ([%#scommon5] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) - use prelude.prelude.Int - use seq.Seq use seq.Seq @@ -71,9 +71,9 @@ module M_15_enumerate__qyi17057287782225696128__produces_refl [#"15_enumerate.rs axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq t_Item'0 [inv'1 x] . inv'1 x = invariant'1 x - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 - constant v_MAX'0 : usize = (18446744073709551615 : usize) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) use prelude.prelude.Borrow @@ -89,7 +89,7 @@ module M_15_enumerate__qyi17057287782225696128__produces_refl [#"15_enumerate.rs predicate invariant'0 [#"15_enumerate.rs" 79 4 79 30] (self : t_Enumerate'0) = [%#s15_enumerate12] (forall s : Seq.seq t_Item'0, i : t_I'0 [produces'1 self.t_Enumerate__iter'0 s i] . inv'1 s /\ inv'2 i /\ produces'1 self.t_Enumerate__iter'0 s i - -> UIntSize.to_int self.t_Enumerate__count'0 + Seq.length s < UIntSize.to_int v_MAX'0) + -> UInt64.to_uint self.t_Enumerate__count'0 + Seq.length s < UInt64.to_uint v_MAX'0) /\ (forall i : borrowed t_I'0 . inv'3 i /\ completed'0 i -> produces'1 i.current (Seq.empty : Seq.seq t_Item'0) i.final) @@ -111,16 +111,16 @@ module M_15_enumerate__qyi17057287782225696128__produces_refl [#"15_enumerate.rs use seq.Seq - predicate produces'0 [#"15_enumerate.rs" 31 4 31 64] (self : t_Enumerate'0) (visited : Seq.seq (usize, t_Item'0)) (o : t_Enumerate'0) + predicate produces'0 [#"15_enumerate.rs" 31 4 31 64] (self : t_Enumerate'0) (visited : Seq.seq (UInt64.t, t_Item'0)) (o : t_Enumerate'0) = [%#s15_enumerate3] Seq.length visited - = UIntSize.to_int o.t_Enumerate__count'0 - UIntSize.to_int self.t_Enumerate__count'0 + = UInt64.to_uint o.t_Enumerate__count'0 - UInt64.to_uint self.t_Enumerate__count'0 /\ (exists s : Seq.seq t_Item'0 . inv'1 s /\ produces'1 self.t_Enumerate__iter'0 s o.t_Enumerate__iter'0 /\ Seq.length visited = Seq.length s /\ (forall i : int . 0 <= i /\ i < Seq.length s - -> UIntSize.to_int (let (a, _) = Seq.get visited i in a) = UIntSize.to_int self.t_Enumerate__count'0 + i + -> UInt64.to_uint (let (a, _) = Seq.get visited i in a) = UInt64.to_uint self.t_Enumerate__count'0 + i /\ (let (_, a) = Seq.get visited i in a) = Seq.get s i)) constant self : t_Enumerate'0 @@ -128,7 +128,7 @@ module M_15_enumerate__qyi17057287782225696128__produces_refl [#"15_enumerate.rs function produces_refl'0 [#"15_enumerate.rs" 45 4 45 26] (self : t_Enumerate'0) : () goal vc_produces_refl'0 : ([%#s15_enumerate0] inv'0 self) - -> ([%#s15_enumerate1] produces'0 self (Seq.empty : Seq.seq (usize, t_Item'0)) self) + -> ([%#s15_enumerate1] produces'0 self (Seq.empty : Seq.seq (UInt64.t, t_Item'0)) self) end module M_15_enumerate__qyi17057287782225696128__produces_trans [#"15_enumerate.rs" 55 4 55 90] (* as common::Iterator> *) let%span s15_enumerate0 = "15_enumerate.rs" 49 15 49 21 @@ -154,10 +154,12 @@ module M_15_enumerate__qyi17057287782225696128__produces_trans [#"15_enumerate.r type t_I'0 - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 type t_Enumerate'0 = - { t_Enumerate__iter'0: t_I'0; t_Enumerate__count'0: usize } + { t_Enumerate__iter'0: t_I'0; t_Enumerate__count'0: UInt64.t } predicate inv'2 (_1 : t_I'0) @@ -185,8 +187,6 @@ module M_15_enumerate__qyi17057287782225696128__produces_trans [#"15_enumerate.r axiom produces_refl'0_spec : forall self : t_I'0 . ([%#scommon8] inv'2 self) -> ([%#scommon9] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) - use prelude.prelude.Int - use seq.Seq use seq.Seq @@ -207,9 +207,9 @@ module M_15_enumerate__qyi17057287782225696128__produces_trans [#"15_enumerate.r axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq t_Item'0 [inv'1 x] . inv'1 x = invariant'1 x - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 - constant v_MAX'0 : usize = (18446744073709551615 : usize) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) use prelude.prelude.Borrow @@ -225,7 +225,7 @@ module M_15_enumerate__qyi17057287782225696128__produces_trans [#"15_enumerate.r predicate invariant'0 [#"15_enumerate.rs" 79 4 79 30] (self : t_Enumerate'0) = [%#s15_enumerate16] (forall s : Seq.seq t_Item'0, i : t_I'0 [produces'1 self.t_Enumerate__iter'0 s i] . inv'1 s /\ inv'2 i /\ produces'1 self.t_Enumerate__iter'0 s i - -> UIntSize.to_int self.t_Enumerate__count'0 + Seq.length s < UIntSize.to_int v_MAX'0) + -> UInt64.to_uint self.t_Enumerate__count'0 + Seq.length s < UInt64.to_uint v_MAX'0) /\ (forall i : borrowed t_I'0 . inv'3 i /\ completed'0 i -> produces'1 i.current (Seq.empty : Seq.seq t_Item'0) i.final) @@ -245,31 +245,31 @@ module M_15_enumerate__qyi17057287782225696128__produces_trans [#"15_enumerate.r use seq.Seq - predicate produces'0 [#"15_enumerate.rs" 31 4 31 64] (self : t_Enumerate'0) (visited : Seq.seq (usize, t_Item'0)) (o : t_Enumerate'0) + predicate produces'0 [#"15_enumerate.rs" 31 4 31 64] (self : t_Enumerate'0) (visited : Seq.seq (UInt64.t, t_Item'0)) (o : t_Enumerate'0) = [%#s15_enumerate7] Seq.length visited - = UIntSize.to_int o.t_Enumerate__count'0 - UIntSize.to_int self.t_Enumerate__count'0 + = UInt64.to_uint o.t_Enumerate__count'0 - UInt64.to_uint self.t_Enumerate__count'0 /\ (exists s : Seq.seq t_Item'0 . inv'1 s /\ produces'1 self.t_Enumerate__iter'0 s o.t_Enumerate__iter'0 /\ Seq.length visited = Seq.length s /\ (forall i : int . 0 <= i /\ i < Seq.length s - -> UIntSize.to_int (let (a, _) = Seq.get visited i in a) = UIntSize.to_int self.t_Enumerate__count'0 + i + -> UInt64.to_uint (let (a, _) = Seq.get visited i in a) = UInt64.to_uint self.t_Enumerate__count'0 + i /\ (let (_, a) = Seq.get visited i in a) = Seq.get s i)) use seq.Seq constant a : t_Enumerate'0 - constant ab : Seq.seq (usize, t_Item'0) + constant ab : Seq.seq (UInt64.t, t_Item'0) constant b : t_Enumerate'0 - constant bc : Seq.seq (usize, t_Item'0) + constant bc : Seq.seq (UInt64.t, t_Item'0) constant c : t_Enumerate'0 - function produces_trans'0 [#"15_enumerate.rs" 55 4 55 90] (a : t_Enumerate'0) (ab : Seq.seq (usize, t_Item'0)) (b : t_Enumerate'0) (bc : Seq.seq (usize, t_Item'0)) (c : t_Enumerate'0) : () + function produces_trans'0 [#"15_enumerate.rs" 55 4 55 90] (a : t_Enumerate'0) (ab : Seq.seq (UInt64.t, t_Item'0)) (b : t_Enumerate'0) (bc : Seq.seq (UInt64.t, t_Item'0)) (c : t_Enumerate'0) : () goal vc_produces_trans'0 : ([%#s15_enumerate4] produces'0 b bc c) @@ -308,10 +308,12 @@ module M_15_enumerate__qyi17057287782225696128__next [#"15_enumerate.rs" 61 4 61 predicate inv'0 (_1 : t_I'0) - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 type t_Enumerate'0 = - { t_Enumerate__iter'0: t_I'0; t_Enumerate__count'0: usize } + { t_Enumerate__iter'0: t_I'0; t_Enumerate__count'0: UInt64.t } use seq.Seq @@ -377,8 +379,6 @@ module M_15_enumerate__qyi17057287782225696128__next [#"15_enumerate.rs" 61 4 61 | bad -> {forall field_0 : t_Item'0 [C_Some'0 field_0 : t_Option'0] . C_Some'0 field_0 <> input} (! {false} any) ] - use prelude.prelude.Int - use seq.Seq use seq.Seq @@ -397,14 +397,14 @@ module M_15_enumerate__qyi17057287782225696128__next [#"15_enumerate.rs" 61 4 61 axiom inv_axiom'4 [@rewrite] : forall x : Seq.seq t_Item'0 [inv'5 x] . inv'5 x = invariant'2 x - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 - constant v_MAX'0 : usize = (18446744073709551615 : usize) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) predicate invariant'3 [#"15_enumerate.rs" 79 4 79 30] (self : t_Enumerate'0) = [%#s15_enumerate20] (forall s : Seq.seq t_Item'0, i : t_I'0 [produces'1 self.t_Enumerate__iter'0 s i] . inv'5 s /\ inv'0 i /\ produces'1 self.t_Enumerate__iter'0 s i - -> UIntSize.to_int self.t_Enumerate__count'0 + Seq.length s < UIntSize.to_int v_MAX'0) + -> UInt64.to_uint self.t_Enumerate__count'0 + Seq.length s < UInt64.to_uint v_MAX'0) /\ (forall i : borrowed t_I'0 . inv'3 i /\ completed'1 i -> produces'1 i.current (Seq.empty : Seq.seq t_Item'0) i.final) @@ -431,13 +431,13 @@ module M_15_enumerate__qyi17057287782225696128__next [#"15_enumerate.rs" 61 4 61 type t_Option'1 = | C_None'1 - | C_Some'1 (usize, t_Item'0) + | C_Some'1 (UInt64.t, t_Item'0) use prelude.prelude.Intrinsic - predicate inv'6 (_1 : (usize, t_Item'0)) + predicate inv'6 (_1 : (UInt64.t, t_Item'0)) - axiom inv_axiom'5 [@rewrite] : forall x : (usize, t_Item'0) [inv'6 x] . inv'6 x = (let (x0, x1) = x in inv'7 x1) + axiom inv_axiom'5 [@rewrite] : forall x : (UInt64.t, t_Item'0) [inv'6 x] . inv'6 x = (let (x0, x1) = x in inv'7 x1) predicate inv'2 (_1 : t_Option'1) @@ -447,7 +447,7 @@ module M_15_enumerate__qyi17057287782225696128__next [#"15_enumerate.rs" 61 4 61 | C_Some'1 a_0 -> inv'6 a_0 end - predicate resolve'2 (self : borrowed usize) = + predicate resolve'2 (self : borrowed UInt64.t) = [%#sresolve17] self.final = self.current predicate completed'0 [#"15_enumerate.rs" 25 4 25 35] (self : borrowed (t_Enumerate'0)) = @@ -464,16 +464,16 @@ module M_15_enumerate__qyi17057287782225696128__next [#"15_enumerate.rs" 61 4 61 use seq.Seq - predicate produces'0 [#"15_enumerate.rs" 31 4 31 64] (self : t_Enumerate'0) (visited : Seq.seq (usize, t_Item'0)) (o : t_Enumerate'0) + predicate produces'0 [#"15_enumerate.rs" 31 4 31 64] (self : t_Enumerate'0) (visited : Seq.seq (UInt64.t, t_Item'0)) (o : t_Enumerate'0) = [%#s15_enumerate8] Seq.length visited - = UIntSize.to_int o.t_Enumerate__count'0 - UIntSize.to_int self.t_Enumerate__count'0 + = UInt64.to_uint o.t_Enumerate__count'0 - UInt64.to_uint self.t_Enumerate__count'0 /\ (exists s : Seq.seq t_Item'0 . inv'5 s /\ produces'1 self.t_Enumerate__iter'0 s o.t_Enumerate__iter'0 /\ Seq.length visited = Seq.length s /\ (forall i : int . 0 <= i /\ i < Seq.length s - -> UIntSize.to_int (let (a, _) = Seq.get visited i in a) = UIntSize.to_int self.t_Enumerate__count'0 + i + -> UInt64.to_uint (let (a, _) = Seq.get visited i in a) = UInt64.to_uint self.t_Enumerate__count'0 + i /\ (let (_, a) = Seq.get visited i in a) = Seq.get s i)) meta "compute_max_steps" 1000000 @@ -495,8 +495,8 @@ module M_15_enumerate__qyi17057287782225696128__next [#"15_enumerate.rs" 61 4 61 | bb4 = s0 [ s0 = v_Some'0 {_3} (fun (r0'0:t_Item'0) -> [ &x <- r0'0 ] s1) | s1 = [ &n <- (self.current).t_Enumerate__count'0 ] s2 - | s2 = UIntSize.add {(self.current).t_Enumerate__count'0} {[%#s15_enumerate0] (1 : usize)} - (fun (_ret':usize) -> + | s2 = UInt64.add {(self.current).t_Enumerate__count'0} {[%#s15_enumerate0] (1 : UInt64.t)} + (fun (_ret':UInt64.t) -> [ &self <- { self with current = { self.current with t_Enumerate__count'0 = _ret' } } ] s3) | s3 = {[@expl:type invariant] inv'1 self} s4 @@ -517,8 +517,8 @@ module M_15_enumerate__qyi17057287782225696128__next [#"15_enumerate.rs" 61 4 61 | & _3 : t_Option'0 = any_l () | & _4 : borrowed t_I'0 = any_l () | & x : t_Item'0 = any_l () - | & n : usize = any_l () - | & _8 : (usize, t_Item'0) = any_l () ] + | & n : UInt64.t = any_l () + | & _8 : (UInt64.t, t_Item'0) = any_l () ] [ return' (result:t_Option'1)-> {[@expl:next result type invariant] [%#s15_enumerate2] inv'2 result} {[@expl:next ensures] [%#s15_enumerate3] match result with @@ -548,12 +548,14 @@ module M_15_enumerate__enumerate [#"15_enumerate.rs" 96 0 96 54] let%span s15_enumerate16 = "15_enumerate.rs" 81 12 86 43 let%span sboxed17 = "../../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 type t_I'0 type t_Enumerate'0 = - { t_Enumerate__iter'0: t_I'0; t_Enumerate__count'0: usize } + { t_Enumerate__iter'0: t_I'0; t_Enumerate__count'0: UInt64.t } use prelude.prelude.Intrinsic @@ -594,8 +596,6 @@ module M_15_enumerate__enumerate [#"15_enumerate.rs" 96 0 96 54] predicate completed'0 [#"common.rs" 11 4 11 36] (self : borrowed t_I'0) - use prelude.prelude.Int - use seq.Seq use seq.Seq @@ -616,14 +616,14 @@ module M_15_enumerate__enumerate [#"15_enumerate.rs" 96 0 96 54] axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq t_Item'0 [inv'2 x] . inv'2 x = invariant'1 x - constant v_MAX'0 : usize = (18446744073709551615 : usize) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 predicate invariant'2 [#"15_enumerate.rs" 79 4 79 30] (self : t_Enumerate'0) = [%#s15_enumerate16] (forall s : Seq.seq t_Item'0, i : t_I'0 [produces'0 self.t_Enumerate__iter'0 s i] . inv'2 s /\ inv'0 i /\ produces'0 self.t_Enumerate__iter'0 s i - -> UIntSize.to_int self.t_Enumerate__count'0 + Seq.length s < UIntSize.to_int v_MAX'0) + -> UInt64.to_uint self.t_Enumerate__count'0 + Seq.length s < UInt64.to_uint v_MAX'0) /\ (forall i : borrowed t_I'0 . inv'1 i /\ completed'0 i -> produces'0 i.current (Seq.empty : Seq.seq t_Item'0) i.final) @@ -641,12 +641,12 @@ module M_15_enumerate__enumerate [#"15_enumerate.rs" 96 0 96 54] {[@expl:enumerate requires #0] [%#s15_enumerate2] forall i : borrowed t_I'0 . inv'1 i /\ completed'0 i -> produces'0 i.current (Seq.empty : Seq.seq t_Item'0) i.final} {[@expl:enumerate requires #1] [%#s15_enumerate3] forall s : Seq.seq t_Item'0, i : t_I'0 . inv'2 s - /\ inv'0 i /\ produces'0 iter s i -> Seq.length s < UIntSize.to_int v_MAX'0} + /\ inv'0 i /\ produces'0 iter s i -> Seq.length s < UInt64.to_uint v_MAX'0} (! bb0 [ bb0 = bb1 | bb1 = bb2 | bb2 = s0 - [ s0 = [ &_0 <- { t_Enumerate__iter'0 = iter; t_Enumerate__count'0 = ([%#s15_enumerate0] (0 : usize)) } ] s1 + [ s0 = [ &_0 <- { t_Enumerate__iter'0 = iter; t_Enumerate__count'0 = ([%#s15_enumerate0] (0 : UInt64.t)) } ] s1 | s1 = bb3 ] | bb3 = bb4 @@ -654,7 +654,7 @@ module M_15_enumerate__enumerate [#"15_enumerate.rs" 96 0 96 54] ) [ & _0 : t_Enumerate'0 = any_l () | & iter : t_I'0 = iter ] [ return' (result:t_Enumerate'0)-> {[@expl:enumerate result type invariant] [%#s15_enumerate4] inv'3 result} {[@expl:enumerate ensures] [%#s15_enumerate5] result.t_Enumerate__iter'0 = iter - /\ UIntSize.to_int result.t_Enumerate__count'0 = 0} + /\ UInt64.to_uint result.t_Enumerate__count'0 = 0} (! return' {result}) ] end @@ -680,10 +680,12 @@ module M_15_enumerate__qyi17057287782225696128__next__refines [#"15_enumerate.rs type t_I'0 - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 type t_Enumerate'0 = - { t_Enumerate__iter'0: t_I'0; t_Enumerate__count'0: usize } + { t_Enumerate__iter'0: t_I'0; t_Enumerate__count'0: UInt64.t } predicate inv'5 (_1 : t_I'0) @@ -711,8 +713,6 @@ module M_15_enumerate__qyi17057287782225696128__next__refines [#"15_enumerate.rs axiom produces_refl'0_spec : forall self : t_I'0 . ([%#scommon5] inv'5 self) -> ([%#scommon6] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) - use prelude.prelude.Int - use seq.Seq use seq.Seq @@ -733,9 +733,9 @@ module M_15_enumerate__qyi17057287782225696128__next__refines [#"15_enumerate.rs axiom inv_axiom'2 [@rewrite] : forall x : Seq.seq t_Item'0 [inv'2 x] . inv'2 x = invariant'1 x - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 - constant v_MAX'0 : usize = (18446744073709551615 : usize) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) predicate invariant'4 (self : borrowed t_I'0) = [%#sinvariant4] inv'5 self.current /\ inv'5 self.final @@ -749,7 +749,7 @@ module M_15_enumerate__qyi17057287782225696128__next__refines [#"15_enumerate.rs predicate invariant'2 [#"15_enumerate.rs" 79 4 79 30] (self : t_Enumerate'0) = [%#s15_enumerate14] (forall s : Seq.seq t_Item'0, i : t_I'0 [produces'1 self.t_Enumerate__iter'0 s i] . inv'2 s /\ inv'5 i /\ produces'1 self.t_Enumerate__iter'0 s i - -> UIntSize.to_int self.t_Enumerate__count'0 + Seq.length s < UIntSize.to_int v_MAX'0) + -> UInt64.to_uint self.t_Enumerate__count'0 + Seq.length s < UInt64.to_uint v_MAX'0) /\ (forall i : borrowed t_I'0 . inv'8 i /\ completed'1 i -> produces'1 i.current (Seq.empty : Seq.seq t_Item'0) i.final) @@ -770,9 +770,9 @@ module M_15_enumerate__qyi17057287782225696128__next__refines [#"15_enumerate.rs type t_Option'0 = | C_None'0 - | C_Some'0 (usize, t_Item'0) + | C_Some'0 (UInt64.t, t_Item'0) - predicate resolve'0 (self : borrowed usize) = + predicate resolve'0 (self : borrowed UInt64.t) = [%#sresolve3] self.final = self.current predicate completed'0 [#"15_enumerate.rs" 25 4 25 35] (self : borrowed (t_Enumerate'0)) = @@ -789,21 +789,21 @@ module M_15_enumerate__qyi17057287782225696128__next__refines [#"15_enumerate.rs use seq.Seq - predicate produces'0 [#"15_enumerate.rs" 31 4 31 64] (self : t_Enumerate'0) (visited : Seq.seq (usize, t_Item'0)) (o : t_Enumerate'0) + predicate produces'0 [#"15_enumerate.rs" 31 4 31 64] (self : t_Enumerate'0) (visited : Seq.seq (UInt64.t, t_Item'0)) (o : t_Enumerate'0) = [%#s15_enumerate2] Seq.length visited - = UIntSize.to_int o.t_Enumerate__count'0 - UIntSize.to_int self.t_Enumerate__count'0 + = UInt64.to_uint o.t_Enumerate__count'0 - UInt64.to_uint self.t_Enumerate__count'0 /\ (exists s : Seq.seq t_Item'0 . inv'2 s /\ produces'1 self.t_Enumerate__iter'0 s o.t_Enumerate__iter'0 /\ Seq.length visited = Seq.length s /\ (forall i : int . 0 <= i /\ i < Seq.length s - -> UIntSize.to_int (let (a, _) = Seq.get visited i in a) = UIntSize.to_int self.t_Enumerate__count'0 + i + -> UInt64.to_uint (let (a, _) = Seq.get visited i in a) = UInt64.to_uint self.t_Enumerate__count'0 + i /\ (let (_, a) = Seq.get visited i in a) = Seq.get s i)) - predicate inv'3 (_1 : (usize, t_Item'0)) + predicate inv'3 (_1 : (UInt64.t, t_Item'0)) - axiom inv_axiom'3 [@rewrite] : forall x : (usize, t_Item'0) [inv'3 x] . inv'3 x = (let (x0, x1) = x in inv'7 x1) + axiom inv_axiom'3 [@rewrite] : forall x : (UInt64.t, t_Item'0) [inv'3 x] . inv'3 x = (let (x0, x1) = x in inv'7 x1) predicate inv'1 (_1 : t_Option'0) @@ -844,10 +844,12 @@ module M_15_enumerate__qyi17057287782225696128__produces_trans__refines [#"15_en type t_I'0 - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 type t_Enumerate'0 = - { t_Enumerate__iter'0: t_I'0; t_Enumerate__count'0: usize } + { t_Enumerate__iter'0: t_I'0; t_Enumerate__count'0: UInt64.t } predicate inv'2 (_1 : t_I'0) @@ -879,9 +881,7 @@ module M_15_enumerate__qyi17057287782225696128__produces_trans__refines [#"15_en use seq.Seq - use prelude.prelude.UIntSize - - use prelude.prelude.Int + use prelude.prelude.UInt64 use seq.Seq @@ -907,19 +907,19 @@ module M_15_enumerate__qyi17057287782225696128__produces_trans__refines [#"15_en use seq.Seq - predicate produces'0 [#"15_enumerate.rs" 31 4 31 64] (self : t_Enumerate'0) (visited : Seq.seq (usize, t_Item'0)) (o : t_Enumerate'0) + predicate produces'0 [#"15_enumerate.rs" 31 4 31 64] (self : t_Enumerate'0) (visited : Seq.seq (UInt64.t, t_Item'0)) (o : t_Enumerate'0) = [%#s15_enumerate1] Seq.length visited - = UIntSize.to_int o.t_Enumerate__count'0 - UIntSize.to_int self.t_Enumerate__count'0 + = UInt64.to_uint o.t_Enumerate__count'0 - UInt64.to_uint self.t_Enumerate__count'0 /\ (exists s : Seq.seq t_Item'0 . inv'1 s /\ produces'1 self.t_Enumerate__iter'0 s o.t_Enumerate__iter'0 /\ Seq.length visited = Seq.length s /\ (forall i : int . 0 <= i /\ i < Seq.length s - -> UIntSize.to_int (let (a, _) = Seq.get visited i in a) = UIntSize.to_int self.t_Enumerate__count'0 + i + -> UInt64.to_uint (let (a, _) = Seq.get visited i in a) = UInt64.to_uint self.t_Enumerate__count'0 + i /\ (let (_, a) = Seq.get visited i in a) = Seq.get s i)) - constant v_MAX'0 : usize = (18446744073709551615 : usize) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) use prelude.prelude.Borrow @@ -935,7 +935,7 @@ module M_15_enumerate__qyi17057287782225696128__produces_trans__refines [#"15_en predicate invariant'0 [#"15_enumerate.rs" 79 4 79 30] (self : t_Enumerate'0) = [%#s15_enumerate10] (forall s : Seq.seq t_Item'0, i : t_I'0 [produces'1 self.t_Enumerate__iter'0 s i] . inv'1 s /\ inv'2 i /\ produces'1 self.t_Enumerate__iter'0 s i - -> UIntSize.to_int self.t_Enumerate__count'0 + Seq.length s < UIntSize.to_int v_MAX'0) + -> UInt64.to_uint self.t_Enumerate__count'0 + Seq.length s < UInt64.to_uint v_MAX'0) /\ (forall i : borrowed t_I'0 . inv'3 i /\ completed'0 i -> produces'1 i.current (Seq.empty : Seq.seq t_Item'0) i.final) @@ -949,7 +949,7 @@ module M_15_enumerate__qyi17057287782225696128__produces_trans__refines [#"15_en use seq.Seq - goal refines : [%#s15_enumerate0] forall a : t_Enumerate'0 . forall ab : Seq.seq (usize, t_Item'0) . forall b : t_Enumerate'0 . forall bc : Seq.seq (usize, t_Item'0) . forall c : t_Enumerate'0 . produces'0 b bc c + goal refines : [%#s15_enumerate0] forall a : t_Enumerate'0 . forall ab : Seq.seq (UInt64.t, t_Item'0) . forall b : t_Enumerate'0 . forall bc : Seq.seq (UInt64.t, t_Item'0) . forall c : t_Enumerate'0 . produces'0 b bc c /\ produces'0 a ab b /\ inv'0 c /\ inv'0 b /\ inv'0 a -> produces'0 b bc c /\ produces'0 a ab b @@ -974,10 +974,12 @@ module M_15_enumerate__qyi17057287782225696128__produces_refl__refines [#"15_enu type t_I'0 - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 type t_Enumerate'0 = - { t_Enumerate__iter'0: t_I'0; t_Enumerate__count'0: usize } + { t_Enumerate__iter'0: t_I'0; t_Enumerate__count'0: UInt64.t } predicate inv'2 (_1 : t_I'0) @@ -1005,8 +1007,6 @@ module M_15_enumerate__qyi17057287782225696128__produces_refl__refines [#"15_enu axiom produces_refl'1_spec : forall self : t_I'0 . ([%#scommon2] inv'2 self) -> ([%#scommon3] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) - use prelude.prelude.Int - use seq.Seq use seq.Seq @@ -1027,9 +1027,9 @@ module M_15_enumerate__qyi17057287782225696128__produces_refl__refines [#"15_enu axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq t_Item'0 [inv'1 x] . inv'1 x = invariant'1 x - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 - constant v_MAX'0 : usize = (18446744073709551615 : usize) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) use prelude.prelude.Borrow @@ -1045,7 +1045,7 @@ module M_15_enumerate__qyi17057287782225696128__produces_refl__refines [#"15_enu predicate invariant'0 [#"15_enumerate.rs" 79 4 79 30] (self : t_Enumerate'0) = [%#s15_enumerate10] (forall s : Seq.seq t_Item'0, i : t_I'0 [produces'1 self.t_Enumerate__iter'0 s i] . inv'1 s /\ inv'2 i /\ produces'1 self.t_Enumerate__iter'0 s i - -> UIntSize.to_int self.t_Enumerate__count'0 + Seq.length s < UIntSize.to_int v_MAX'0) + -> UInt64.to_uint self.t_Enumerate__count'0 + Seq.length s < UInt64.to_uint v_MAX'0) /\ (forall i : borrowed t_I'0 . inv'3 i /\ completed'0 i -> produces'1 i.current (Seq.empty : Seq.seq t_Item'0) i.final) @@ -1067,20 +1067,20 @@ module M_15_enumerate__qyi17057287782225696128__produces_refl__refines [#"15_enu use seq.Seq - predicate produces'0 [#"15_enumerate.rs" 31 4 31 64] (self : t_Enumerate'0) (visited : Seq.seq (usize, t_Item'0)) (o : t_Enumerate'0) + predicate produces'0 [#"15_enumerate.rs" 31 4 31 64] (self : t_Enumerate'0) (visited : Seq.seq (UInt64.t, t_Item'0)) (o : t_Enumerate'0) = [%#s15_enumerate1] Seq.length visited - = UIntSize.to_int o.t_Enumerate__count'0 - UIntSize.to_int self.t_Enumerate__count'0 + = UInt64.to_uint o.t_Enumerate__count'0 - UInt64.to_uint self.t_Enumerate__count'0 /\ (exists s : Seq.seq t_Item'0 . inv'1 s /\ produces'1 self.t_Enumerate__iter'0 s o.t_Enumerate__iter'0 /\ Seq.length visited = Seq.length s /\ (forall i : int . 0 <= i /\ i < Seq.length s - -> UIntSize.to_int (let (a, _) = Seq.get visited i in a) = UIntSize.to_int self.t_Enumerate__count'0 + i + -> UInt64.to_uint (let (a, _) = Seq.get visited i in a) = UInt64.to_uint self.t_Enumerate__count'0 + i /\ (let (_, a) = Seq.get visited i in a) = Seq.get s i)) goal refines : [%#s15_enumerate0] forall self : t_Enumerate'0 . inv'0 self -> inv'0 self - /\ (forall result : () . produces'0 self (Seq.empty : Seq.seq (usize, t_Item'0)) self - -> produces'0 self (Seq.empty : Seq.seq (usize, t_Item'0)) self) + /\ (forall result : () . produces'0 self (Seq.empty : Seq.seq (UInt64.t, t_Item'0)) self + -> produces'0 self (Seq.empty : Seq.seq (UInt64.t, t_Item'0)) self) end diff --git a/creusot/tests/should_succeed/iterators/16_take.coma b/creusot/tests/should_succeed/iterators/16_take.coma index 5bb5ad77eb..bd4b4adbf9 100644 --- a/creusot/tests/should_succeed/iterators/16_take.coma +++ b/creusot/tests/should_succeed/iterators/16_take.coma @@ -14,10 +14,12 @@ module M_16_take__qyi16574350389265959367__produces_refl [#"16_take.rs" 41 4 41 type t_I'0 - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 type t_Take'0 = - { t_Take__iter'0: t_I'0; t_Take__n'0: usize } + { t_Take__iter'0: t_I'0; t_Take__n'0: UInt64.t } predicate inv'1 (_1 : t_I'0) @@ -52,14 +54,12 @@ module M_16_take__qyi16574350389265959367__produces_refl [#"16_take.rs" 41 4 41 axiom produces_refl'1_spec : forall self : t_I'0 . ([%#scommon4] inv'1 self) -> ([%#scommon5] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 use seq.Seq - use prelude.prelude.Int - predicate produces'0 [#"16_take.rs" 31 4 31 64] (self : t_Take'0) (visited : Seq.seq t_Item'0) (o : t_Take'0) = - [%#s16_take3] UIntSize.to_int self.t_Take__n'0 = UIntSize.to_int o.t_Take__n'0 + Seq.length visited + [%#s16_take3] UInt64.to_uint self.t_Take__n'0 = UInt64.to_uint o.t_Take__n'0 + Seq.length visited /\ produces'1 self.t_Take__iter'0 visited o.t_Take__iter'0 constant self : t_Take'0 @@ -89,10 +89,12 @@ module M_16_take__qyi16574350389265959367__produces_trans [#"16_take.rs" 51 4 51 type t_I'0 - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 type t_Take'0 = - { t_Take__iter'0: t_I'0; t_Take__n'0: usize } + { t_Take__iter'0: t_I'0; t_Take__n'0: UInt64.t } predicate inv'1 (_1 : t_I'0) @@ -127,14 +129,12 @@ module M_16_take__qyi16574350389265959367__produces_trans [#"16_take.rs" 51 4 51 axiom produces_refl'0_spec : forall self : t_I'0 . ([%#scommon8] inv'1 self) -> ([%#scommon9] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 use seq.Seq - use prelude.prelude.Int - predicate produces'0 [#"16_take.rs" 31 4 31 64] (self : t_Take'0) (visited : Seq.seq t_Item'0) (o : t_Take'0) = - [%#s16_take7] UIntSize.to_int self.t_Take__n'0 = UIntSize.to_int o.t_Take__n'0 + Seq.length visited + [%#s16_take7] UInt64.to_uint self.t_Take__n'0 = UInt64.to_uint o.t_Take__n'0 + Seq.length visited /\ produces'1 self.t_Take__iter'0 visited o.t_Take__iter'0 constant a : t_Take'0 @@ -177,12 +177,14 @@ module M_16_take__qyi16574350389265959367__next [#"16_take.rs" 57 4 57 41] (* 0 - /\ UIntSize.to_int (self.current).t_Take__n'0 = UIntSize.to_int (self.final).t_Take__n'0 + 1 + [%#s16_take8] UInt64.to_uint (self.current).t_Take__n'0 = 0 /\ resolve'1 self + \/ UInt64.to_uint (self.current).t_Take__n'0 > 0 + /\ UInt64.to_uint (self.current).t_Take__n'0 = UInt64.to_uint (self.final).t_Take__n'0 + 1 /\ completed'1 (Borrow.borrow_logic (self.current).t_Take__iter'0 (self.final).t_Take__iter'0 (Borrow.inherit_id (Borrow.get_id self) 1)) use seq.Seq predicate produces'0 [#"16_take.rs" 31 4 31 64] (self : t_Take'0) (visited : Seq.seq t_Item'0) (o : t_Take'0) = - [%#s16_take9] UIntSize.to_int self.t_Take__n'0 = UIntSize.to_int o.t_Take__n'0 + Seq.length visited + [%#s16_take9] UInt64.to_uint self.t_Take__n'0 = UInt64.to_uint o.t_Take__n'0 + Seq.length visited /\ produces'1 self.t_Take__iter'0 visited o.t_Take__iter'0 meta "compute_max_steps" 1000000 @@ -290,13 +290,13 @@ module M_16_take__qyi16574350389265959367__next [#"16_take.rs" 57 4 57 41] (* [ &_3 <- _ret' ] s1) | s1 = any [ br0 -> {_3 = false} (! bb3) | br1 -> {_3} (! bb1) ] ] | bb1 = s0 - [ s0 = UIntSize.sub {(self.current).t_Take__n'0} {[%#s16_take1] (1 : usize)} - (fun (_ret':usize) -> [ &self <- { self with current = { self.current with t_Take__n'0 = _ret' } } ] s1) + [ s0 = UInt64.sub {(self.current).t_Take__n'0} {[%#s16_take1] (1 : UInt64.t)} + (fun (_ret':UInt64.t) -> [ &self <- { self with current = { self.current with t_Take__n'0 = _ret' } } ] s1) | s1 = {inv'0 (self.current).t_Take__iter'0} Borrow.borrow_final {(self.current).t_Take__iter'0} {Borrow.inherit_id (Borrow.get_id self) 1} (fun (_ret':borrowed t_I'0) -> @@ -348,10 +348,12 @@ module M_16_take__qyi16574350389265959367__next__refines [#"16_take.rs" 57 4 57 type t_I'0 - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 type t_Take'0 = - { t_Take__iter'0: t_I'0; t_Take__n'0: usize } + { t_Take__iter'0: t_I'0; t_Take__n'0: UInt64.t } predicate inv'4 (_1 : t_I'0) @@ -397,19 +399,17 @@ module M_16_take__qyi16574350389265959367__next__refines [#"16_take.rs" 57 4 57 | C_None'0 | C_Some'0 t_Item'0 - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 predicate resolve'0 (self : borrowed (t_Take'0)) = [%#sresolve3] self.final = self.current - use prelude.prelude.Int - predicate completed'1 [#"common.rs" 11 4 11 36] (self : borrowed t_I'0) predicate completed'0 [#"16_take.rs" 22 4 22 35] (self : borrowed (t_Take'0)) = - [%#s16_take1] UIntSize.to_int (self.current).t_Take__n'0 = 0 /\ resolve'0 self - \/ UIntSize.to_int (self.current).t_Take__n'0 > 0 - /\ UIntSize.to_int (self.current).t_Take__n'0 = UIntSize.to_int (self.final).t_Take__n'0 + 1 + [%#s16_take1] UInt64.to_uint (self.current).t_Take__n'0 = 0 /\ resolve'0 self + \/ UInt64.to_uint (self.current).t_Take__n'0 > 0 + /\ UInt64.to_uint (self.current).t_Take__n'0 = UInt64.to_uint (self.final).t_Take__n'0 + 1 /\ completed'1 (Borrow.borrow_logic (self.current).t_Take__iter'0 (self.final).t_Take__iter'0 (Borrow.inherit_id (Borrow.get_id self) 1)) use seq.Seq @@ -417,7 +417,7 @@ module M_16_take__qyi16574350389265959367__next__refines [#"16_take.rs" 57 4 57 use seq.Seq predicate produces'0 [#"16_take.rs" 31 4 31 64] (self : t_Take'0) (visited : Seq.seq t_Item'0) (o : t_Take'0) = - [%#s16_take2] UIntSize.to_int self.t_Take__n'0 = UIntSize.to_int o.t_Take__n'0 + Seq.length visited + [%#s16_take2] UInt64.to_uint self.t_Take__n'0 = UInt64.to_uint o.t_Take__n'0 + Seq.length visited /\ produces'1 self.t_Take__iter'0 visited o.t_Take__iter'0 predicate inv'2 (_1 : t_Item'0) @@ -457,10 +457,12 @@ module M_16_take__qyi16574350389265959367__produces_refl__refines [#"16_take.rs" type t_I'0 - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 type t_Take'0 = - { t_Take__iter'0: t_I'0; t_Take__n'0: usize } + { t_Take__iter'0: t_I'0; t_Take__n'0: UInt64.t } predicate inv'1 (_1 : t_I'0) @@ -495,14 +497,12 @@ module M_16_take__qyi16574350389265959367__produces_refl__refines [#"16_take.rs" axiom produces_refl'1_spec : forall self : t_I'0 . ([%#scommon2] inv'1 self) -> ([%#scommon3] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 use seq.Seq - use prelude.prelude.Int - predicate produces'0 [#"16_take.rs" 31 4 31 64] (self : t_Take'0) (visited : Seq.seq t_Item'0) (o : t_Take'0) = - [%#s16_take1] UIntSize.to_int self.t_Take__n'0 = UIntSize.to_int o.t_Take__n'0 + Seq.length visited + [%#s16_take1] UInt64.to_uint self.t_Take__n'0 = UInt64.to_uint o.t_Take__n'0 + Seq.length visited /\ produces'1 self.t_Take__iter'0 visited o.t_Take__iter'0 goal refines : [%#s16_take0] forall self : t_Take'0 . inv'0 self @@ -524,10 +524,12 @@ module M_16_take__qyi16574350389265959367__produces_trans__refines [#"16_take.rs type t_I'0 - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 type t_Take'0 = - { t_Take__iter'0: t_I'0; t_Take__n'0: usize } + { t_Take__iter'0: t_I'0; t_Take__n'0: UInt64.t } predicate inv'1 (_1 : t_I'0) @@ -555,14 +557,12 @@ module M_16_take__qyi16574350389265959367__produces_trans__refines [#"16_take.rs axiom produces_refl'0_spec : forall self : t_I'0 . ([%#scommon2] inv'1 self) -> ([%#scommon3] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 use seq.Seq - use prelude.prelude.Int - predicate produces'0 [#"16_take.rs" 31 4 31 64] (self : t_Take'0) (visited : Seq.seq t_Item'0) (o : t_Take'0) = - [%#s16_take1] UIntSize.to_int self.t_Take__n'0 = UIntSize.to_int o.t_Take__n'0 + Seq.length visited + [%#s16_take1] UInt64.to_uint self.t_Take__n'0 = UInt64.to_uint o.t_Take__n'0 + Seq.length visited /\ produces'1 self.t_Take__iter'0 visited o.t_Take__iter'0 predicate inv'0 (_1 : t_Take'0) diff --git a/creusot/tests/should_succeed/iterators/17_filter.coma b/creusot/tests/should_succeed/iterators/17_filter.coma index a0353da417..d1434fb8d6 100644 --- a/creusot/tests/should_succeed/iterators/17_filter.coma +++ b/creusot/tests/should_succeed/iterators/17_filter.coma @@ -799,32 +799,46 @@ module M_17_filter__less_than [#"17_filter.rs" 123 0 123 49] let%span sfilter18 = "../../../../creusot-contracts/src/std/iter/filter.rs" 77 12 79 47 let%span sfilter19 = "../../../../creusot-contracts/src/std/iter/filter.rs" 87 12 98 17 let%span svec20 = "../../../../creusot-contracts/src/std/vec.rs" 285 20 285 32 - let%span sresolve21 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 - let%span sops22 = "../../../../creusot-contracts/src/std/ops.rs" 105 15 105 59 - let%span sops23 = "../../../../creusot-contracts/src/std/ops.rs" 106 14 106 36 - let%span sops24 = "../../../../creusot-contracts/src/std/ops.rs" 111 14 111 31 - let%span sops25 = "../../../../creusot-contracts/src/std/ops.rs" 116 15 116 29 - let%span sops26 = "../../../../creusot-contracts/src/std/ops.rs" 117 15 117 26 - let%span sops27 = "../../../../creusot-contracts/src/std/ops.rs" 118 14 118 28 - let%span sops28 = "../../../../creusot-contracts/src/std/ops.rs" 123 14 124 105 - let%span sfilter29 = "../../../../creusot-contracts/src/std/iter/filter.rs" 104 15 104 24 - let%span sfilter30 = "../../../../creusot-contracts/src/std/iter/filter.rs" 105 14 105 45 - let%span sfilter31 = "../../../../creusot-contracts/src/std/iter/filter.rs" 110 15 110 21 - let%span sfilter32 = "../../../../creusot-contracts/src/std/iter/filter.rs" 111 15 111 21 - let%span sfilter33 = "../../../../creusot-contracts/src/std/iter/filter.rs" 112 15 112 21 - let%span sfilter34 = "../../../../creusot-contracts/src/std/iter/filter.rs" 113 15 113 32 - let%span sfilter35 = "../../../../creusot-contracts/src/std/iter/filter.rs" 114 15 114 32 - let%span sfilter36 = "../../../../creusot-contracts/src/std/iter/filter.rs" 115 14 115 42 - let%span svec37 = "../../../../creusot-contracts/src/std/vec.rs" 264 12 264 41 - let%span svec38 = "../../../../creusot-contracts/src/std/vec.rs" 257 20 257 57 - let%span sinvariant39 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 - let%span svec40 = "../../../../creusot-contracts/src/std/vec.rs" 270 14 270 45 - let%span svec41 = "../../../../creusot-contracts/src/std/vec.rs" 268 4 268 10 - let%span svec42 = "../../../../creusot-contracts/src/std/vec.rs" 275 15 275 32 - let%span svec43 = "../../../../creusot-contracts/src/std/vec.rs" 276 15 276 32 - let%span svec44 = "../../../../creusot-contracts/src/std/vec.rs" 277 14 277 42 - let%span svec45 = "../../../../creusot-contracts/src/std/vec.rs" 273 4 273 10 - let%span smodel46 = "../../../../creusot-contracts/src/model.rs" 106 8 106 22 + let%span sord21 = "../../../../creusot-contracts/src/logic/ord.rs" 78 39 78 89 + let%span sord22 = "../../../../creusot-contracts/src/logic/ord.rs" 83 39 83 86 + let%span sord23 = "../../../../creusot-contracts/src/logic/ord.rs" 88 39 88 86 + let%span sord24 = "../../../../creusot-contracts/src/logic/ord.rs" 93 39 93 89 + let%span sord25 = "../../../../creusot-contracts/src/logic/ord.rs" 98 39 98 70 + let%span sord26 = "../../../../creusot-contracts/src/logic/ord.rs" 103 40 103 57 + let%span sord27 = "../../../../creusot-contracts/src/logic/ord.rs" 104 40 104 57 + let%span sord28 = "../../../../creusot-contracts/src/logic/ord.rs" 105 39 105 56 + let%span sord29 = "../../../../creusot-contracts/src/logic/ord.rs" 110 40 110 70 + let%span sord30 = "../../../../creusot-contracts/src/logic/ord.rs" 111 39 111 72 + let%span sord31 = "../../../../creusot-contracts/src/logic/ord.rs" 116 40 116 73 + let%span sord32 = "../../../../creusot-contracts/src/logic/ord.rs" 117 39 117 69 + let%span sord33 = "../../../../creusot-contracts/src/logic/ord.rs" 122 39 122 84 + let%span sresolve34 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 + let%span sops35 = "../../../../creusot-contracts/src/std/ops.rs" 105 15 105 59 + let%span sops36 = "../../../../creusot-contracts/src/std/ops.rs" 106 14 106 36 + let%span sops37 = "../../../../creusot-contracts/src/std/ops.rs" 111 14 111 31 + let%span sops38 = "../../../../creusot-contracts/src/std/ops.rs" 116 15 116 29 + let%span sops39 = "../../../../creusot-contracts/src/std/ops.rs" 117 15 117 26 + let%span sops40 = "../../../../creusot-contracts/src/std/ops.rs" 118 14 118 28 + let%span sops41 = "../../../../creusot-contracts/src/std/ops.rs" 123 14 124 105 + let%span sfilter42 = "../../../../creusot-contracts/src/std/iter/filter.rs" 104 15 104 24 + let%span sfilter43 = "../../../../creusot-contracts/src/std/iter/filter.rs" 105 14 105 45 + let%span sfilter44 = "../../../../creusot-contracts/src/std/iter/filter.rs" 110 15 110 21 + let%span sfilter45 = "../../../../creusot-contracts/src/std/iter/filter.rs" 111 15 111 21 + let%span sfilter46 = "../../../../creusot-contracts/src/std/iter/filter.rs" 112 15 112 21 + let%span sfilter47 = "../../../../creusot-contracts/src/std/iter/filter.rs" 113 15 113 32 + let%span sfilter48 = "../../../../creusot-contracts/src/std/iter/filter.rs" 114 15 114 32 + let%span sfilter49 = "../../../../creusot-contracts/src/std/iter/filter.rs" 115 14 115 42 + let%span svec50 = "../../../../creusot-contracts/src/std/vec.rs" 264 12 264 41 + let%span svec51 = "../../../../creusot-contracts/src/std/vec.rs" 257 20 257 57 + let%span sord52 = "../../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + let%span sinvariant53 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 + let%span svec54 = "../../../../creusot-contracts/src/std/vec.rs" 270 14 270 45 + let%span svec55 = "../../../../creusot-contracts/src/std/vec.rs" 268 4 268 10 + let%span svec56 = "../../../../creusot-contracts/src/std/vec.rs" 275 15 275 32 + let%span svec57 = "../../../../creusot-contracts/src/std/vec.rs" 276 15 276 32 + let%span svec58 = "../../../../creusot-contracts/src/std/vec.rs" 277 14 277 42 + let%span svec59 = "../../../../creusot-contracts/src/std/vec.rs" 273 4 273 10 + let%span smodel60 = "../../../../creusot-contracts/src/model.rs" 106 8 106 22 use prelude.prelude.Opaque @@ -834,16 +848,18 @@ module M_17_filter__less_than [#"17_filter.rs" 123 0 123 49] type t_Unique'0 = { t_Unique__pointer'0: t_NonNull'0; t_Unique__qy95zmarker'0: () } - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 type t_Cap'0 = - { t_Cap__0'0: usize } + { t_Cap__0'0: UInt64.t } type t_RawVec'0 = { t_RawVec__ptr'0: t_Unique'0; t_RawVec__cap'0: t_Cap'0; t_RawVec__alloc'0: () } type t_Vec'0 = - { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: usize } + { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: UInt64.t } predicate inv'0 (_1 : t_Vec'0) @@ -858,7 +874,7 @@ module M_17_filter__less_than [#"17_filter.rs" 123 0 123 49] type t_IntoIter'0 = { t_IntoIter__buf'0: t_NonNull'0; t_IntoIter__phantom'0: (); - t_IntoIter__cap'0: usize; + t_IntoIter__cap'0: UInt64.t; t_IntoIter__alloc'0: t_ManuallyDrop'0; t_IntoIter__ptr'0: t_NonNull'0; t_IntoIter__end'0: opaque_ptr } @@ -869,21 +885,19 @@ module M_17_filter__less_than [#"17_filter.rs" 123 0 123 49] use seq.Seq - constant v_MAX'0 : usize = (18446744073709551615 : usize) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.UIntSize - - use prelude.prelude.Int + use prelude.prelude.UInt64 use prelude.prelude.UInt32 use seq.Seq - function view'0 (self : t_Vec'0) : Seq.seq uint32 + function view'0 (self : t_Vec'0) : Seq.seq UInt32.t - axiom view'0_spec : forall self : t_Vec'0 . [%#svec8] Seq.length (view'0 self) <= UIntSize.to_int (v_MAX'0 : usize) + axiom view'0_spec : forall self : t_Vec'0 . [%#svec8] Seq.length (view'0 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) - function view'1 (self : t_IntoIter'0) : Seq.seq uint32 + function view'1 (self : t_IntoIter'0) : Seq.seq UInt32.t predicate into_iter_post'0 (self : t_Vec'0) (res : t_IntoIter'0) = [%#svec12] view'0 self = view'1 res @@ -897,18 +911,75 @@ module M_17_filter__less_than [#"17_filter.rs" 123 0 123 49] use prelude.prelude.Borrow type closure2'1 = - { field_0'0: uint32 } + { field_0'0: UInt32.t } predicate resolve'2 (self : borrowed closure2'1) = - [%#sresolve21] self.final = self.current + [%#sresolve34] self.final = self.current predicate resolve'0 (_1 : borrowed closure2'1) = resolve'2 _1 use prelude.prelude.Intrinsic - predicate postcondition_once'0 (self : closure2'1) (args : uint32) (result : bool) = - [%#s17_filter3] let (i) = args in result = (i < self.field_0'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 + + use prelude.prelude.UInt32 + + function cmp_log'0 (self : UInt32.t) (o : UInt32.t) : t_Ordering'0 = + [%#sord52] if UInt32.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + + function eq_cmp'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom eq_cmp'0_spec : forall x : UInt32.t, y : UInt32.t . [%#sord33] (x = y) = (cmp_log'0 x y = C_Equal'0) + + function antisym2'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom antisym2'0_spec : forall x : UInt32.t, y : UInt32.t . ([%#sord31] cmp_log'0 x y = C_Greater'0) + -> ([%#sord32] cmp_log'0 y x = C_Less'0) + + function antisym1'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom antisym1'0_spec : forall x : UInt32.t, y : UInt32.t . ([%#sord29] cmp_log'0 x y = C_Less'0) + -> ([%#sord30] cmp_log'0 y x = C_Greater'0) + + function trans'0 (x : UInt32.t) (y : UInt32.t) (z : UInt32.t) (o : t_Ordering'0) : () + + axiom trans'0_spec : forall x : UInt32.t, y : UInt32.t, z : UInt32.t, o : t_Ordering'0 . ([%#sord26] cmp_log'0 x y + = o) -> ([%#sord27] cmp_log'0 y z = o) -> ([%#sord28] cmp_log'0 x z = o) + + function refl'0 (x : UInt32.t) : () + + axiom refl'0_spec : forall x : UInt32.t . [%#sord25] cmp_log'0 x x = C_Equal'0 + + use prelude.prelude.UInt32 + + function cmp_gt_log'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom cmp_gt_log'0_spec : forall x : UInt32.t, y : UInt32.t . [%#sord24] UInt32.ugt x y + = (cmp_log'0 x y = C_Greater'0) + + use prelude.prelude.UInt32 + + function cmp_ge_log'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom cmp_ge_log'0_spec : forall x : UInt32.t, y : UInt32.t . [%#sord23] UInt32.uge x y = (cmp_log'0 x y <> C_Less'0) + + function cmp_lt_log'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom cmp_lt_log'0_spec : forall x : UInt32.t, y : UInt32.t . [%#sord22] UInt32.ult x y = (cmp_log'0 x y = C_Less'0) + + use prelude.prelude.UInt32 + + function cmp_le_log'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom cmp_le_log'0_spec : forall x : UInt32.t, y : UInt32.t . [%#sord21] UInt32.ule x y + = (cmp_log'0 x y <> C_Greater'0) + + predicate postcondition_once'0 (self : closure2'1) (args : UInt32.t) (result : bool) = + [%#s17_filter3] let (i) = args in result = UInt32.ult i self.field_0'0 predicate resolve'3 (_1 : closure2'1) = true @@ -916,37 +987,37 @@ module M_17_filter__less_than [#"17_filter.rs" 123 0 123 49] predicate unnest'0 (self : closure2'1) (_2 : closure2'1) = _2.field_0'0 = self.field_0'0 - predicate postcondition_mut'1 (self : closure2'1) (args : uint32) (result_state : closure2'1) (result : bool) = - (let (i) = args in result = (i < result_state.field_0'0)) /\ unnest'0 self result_state + predicate postcondition_mut'1 (self : closure2'1) (args : UInt32.t) (result_state : closure2'1) (result : bool) = + (let (i) = args in result = UInt32.ult i result_state.field_0'0) /\ unnest'0 self result_state - function fn_mut_once'0 (self : closure2'1) (args : uint32) (res : bool) : () + function fn_mut_once'0 (self : closure2'1) (args : UInt32.t) (res : bool) : () - axiom fn_mut_once'0_spec : forall self : closure2'1, args : uint32, res : bool . [%#sops28] postcondition_once'0 self args res + axiom fn_mut_once'0_spec : forall self : closure2'1, args : UInt32.t, res : bool . [%#sops41] postcondition_once'0 self args res = (exists res_state : closure2'1 . postcondition_mut'1 self args res_state res /\ resolve'3 res_state) function unnest_trans'0 (self : closure2'1) (b : closure2'1) (c : closure2'1) : () - axiom unnest_trans'0_spec : forall self : closure2'1, b : closure2'1, c : closure2'1 . ([%#sops25] unnest'0 self b) - -> ([%#sops26] unnest'0 b c) -> ([%#sops27] unnest'0 self c) + axiom unnest_trans'0_spec : forall self : closure2'1, b : closure2'1, c : closure2'1 . ([%#sops38] unnest'0 self b) + -> ([%#sops39] unnest'0 b c) -> ([%#sops40] unnest'0 self c) function unnest_refl'0 (self : closure2'1) : () - axiom unnest_refl'0_spec : forall self : closure2'1 . [%#sops24] unnest'0 self self + axiom unnest_refl'0_spec : forall self : closure2'1 . [%#sops37] unnest'0 self self - function postcondition_mut_unnest'0 (self : closure2'1) (args : uint32) (res_state : closure2'1) (res : bool) : () + function postcondition_mut_unnest'0 (self : closure2'1) (args : UInt32.t) (res_state : closure2'1) (res : bool) : () - axiom postcondition_mut_unnest'0_spec : forall self : closure2'1, args : uint32, res_state : closure2'1, res : bool . ([%#sops22] postcondition_mut'1 self args res_state res) - -> ([%#sops23] unnest'0 self res_state) + axiom postcondition_mut_unnest'0_spec : forall self : closure2'1, args : UInt32.t, res_state : closure2'1, res : bool . ([%#sops35] postcondition_mut'1 self args res_state res) + -> ([%#sops36] unnest'0 self res_state) - let rec closure2'0 (_1:borrowed closure2'1) (i:uint32) (return' (ret:bool))= (! bb0 + let rec closure2'0 (_1:borrowed closure2'1) (i:UInt32.t) (return' (ret:bool))= (! bb0 [ bb0 = s0 [ s0 = -{resolve'0 _1}- s1 | s1 = UInt32.lt {i} {(_1.current).field_0'0} (fun (_ret':bool) -> [ &res <- _ret' ] s2) | s2 = [ &_0 <- res ] s3 | s3 = return' {_0} ] ] - ) [ & _0 : bool = any_l () | & _1 : borrowed closure2'1 = _1 | & i : uint32 = i | & res : bool = any_l () ] - [ return' (result:bool)-> {[@expl:closure ensures] [%#s17_filter3] result = (i < (_1.final).field_0'0)} + ) [ & _0 : bool = any_l () | & _1 : borrowed closure2'1 = _1 | & i : UInt32.t = i | & res : bool = any_l () ] + [ return' (result:bool)-> {[@expl:closure ensures] [%#s17_filter3] result = UInt32.ult i (_1.final).field_0'0} {[@expl:closure unnest] unnest'0 _1.current _1.final} (! return' {result}) ] @@ -955,15 +1026,15 @@ module M_17_filter__less_than [#"17_filter.rs" 123 0 123 49] axiom inv_axiom'2 [@rewrite] : forall x : closure2'1 [inv'2 x] . inv'2 x = true - predicate postcondition_once'1 (self : closure2'1) (args : uint32) (result : bool) = - [%#s17_filter3] let (i) = args in result = (i < self.field_0'0) + predicate postcondition_once'1 (self : closure2'1) (args : UInt32.t) (result : bool) = + [%#s17_filter3] let (i) = args in result = UInt32.ult i self.field_0'0 - predicate postcondition_mut'0 (self : closure2'1) (args : uint32) (result_state : closure2'1) (result : bool) = - (let (i) = args in result = (i < result_state.field_0'0)) /\ unnest'0 self result_state + predicate postcondition_mut'0 (self : closure2'1) (args : UInt32.t) (result_state : closure2'1) (result : bool) = + (let (i) = args in result = UInt32.ult i result_state.field_0'0) /\ unnest'0 self result_state - function fn_mut_once'1 (self : closure2'1) (args : uint32) (res : bool) : () + function fn_mut_once'1 (self : closure2'1) (args : UInt32.t) (res : bool) : () - axiom fn_mut_once'1_spec : forall self : closure2'1, args : uint32, res : bool . [%#sops28] postcondition_once'1 self args res + axiom fn_mut_once'1_spec : forall self : closure2'1, args : UInt32.t, res : bool . [%#sops41] postcondition_once'1 self args res = (exists res_state : closure2'1 . postcondition_mut'0 self args res_state res /\ resolve'3 res_state) predicate unnest'1 (self : closure2'1) (_2 : closure2'1) = @@ -971,29 +1042,29 @@ module M_17_filter__less_than [#"17_filter.rs" 123 0 123 49] function unnest_trans'1 (self : closure2'1) (b : closure2'1) (c : closure2'1) : () - axiom unnest_trans'1_spec : forall self : closure2'1, b : closure2'1, c : closure2'1 . ([%#sops25] unnest'1 self b) - -> ([%#sops26] unnest'1 b c) -> ([%#sops27] unnest'1 self c) + axiom unnest_trans'1_spec : forall self : closure2'1, b : closure2'1, c : closure2'1 . ([%#sops38] unnest'1 self b) + -> ([%#sops39] unnest'1 b c) -> ([%#sops40] unnest'1 self c) function unnest_refl'1 (self : closure2'1) : () - axiom unnest_refl'1_spec : forall self : closure2'1 . [%#sops24] unnest'1 self self + axiom unnest_refl'1_spec : forall self : closure2'1 . [%#sops37] unnest'1 self self - function postcondition_mut_unnest'1 (self : closure2'1) (args : uint32) (res_state : closure2'1) (res : bool) : () + function postcondition_mut_unnest'1 (self : closure2'1) (args : UInt32.t) (res_state : closure2'1) (res : bool) : () - axiom postcondition_mut_unnest'1_spec : forall self : closure2'1, args : uint32, res_state : closure2'1, res : bool . ([%#sops22] postcondition_mut'0 self args res_state res) - -> ([%#sops23] unnest'1 self res_state) + axiom postcondition_mut_unnest'1_spec : forall self : closure2'1, args : UInt32.t, res_state : closure2'1, res : bool . ([%#sops35] postcondition_mut'0 self args res_state res) + -> ([%#sops36] unnest'1 self res_state) predicate immutable'0 (_1 : closure2'1) = [%#sfilter13] forall f : closure2'1, g : closure2'1 . unnest'1 f g -> f = g - predicate precondition'0 (self : closure2'1) (args : uint32) = + predicate precondition'0 (self : closure2'1) (args : UInt32.t) = let (i) = args in true predicate no_precondition'0 (_1 : closure2'1) = - [%#sfilter14] forall f : closure2'1, i : uint32 . precondition'0 f (i) + [%#sfilter14] forall f : closure2'1, i : UInt32.t . precondition'0 f (i) predicate precise'0 (_1 : closure2'1) = - [%#sfilter15] forall f1 : closure2'1, f2 : closure2'1, i : uint32 . not (postcondition_mut'0 f1 (i) f2 true + [%#sfilter15] forall f1 : closure2'1, f2 : closure2'1, i : UInt32.t . not (postcondition_mut'0 f1 (i) f2 true /\ postcondition_mut'0 f1 (i) f2 false) type t_Filter'0 = @@ -1029,15 +1100,15 @@ module M_17_filter__less_than [#"17_filter.rs" 123 0 123 49] predicate invariant'1 (self : borrowed (t_Filter'0)) = - [%#sinvariant39] inv'3 self.current /\ inv'3 self.final + [%#sinvariant53] inv'3 self.current /\ inv'3 self.final predicate inv'4 (_1 : borrowed (t_Filter'0)) axiom inv_axiom'4 [@rewrite] : forall x : borrowed (t_Filter'0) [inv'4 x] . inv'4 x = invariant'1 x - predicate inv'5 (_1 : Seq.seq uint32) + predicate inv'5 (_1 : Seq.seq UInt32.t) - axiom inv_axiom'5 [@rewrite] : forall x : Seq.seq uint32 [inv'5 x] . inv'5 x = true + axiom inv_axiom'5 [@rewrite] : forall x : Seq.seq UInt32.t [inv'5 x] . inv'5 x = true predicate resolve'1 (_1 : t_Filter'0) = true @@ -1048,29 +1119,29 @@ module M_17_filter__less_than [#"17_filter.rs" 123 0 123 49] use seq.Seq - predicate produces'1 (self : t_IntoIter'0) (visited : Seq.seq uint32) (rhs : t_IntoIter'0) = - [%#svec37] view'1 self = Seq.(++) visited (view'1 rhs) + predicate produces'1 (self : t_IntoIter'0) (visited : Seq.seq UInt32.t) (rhs : t_IntoIter'0) = + [%#svec50] view'1 self = Seq.(++) visited (view'1 rhs) - function produces_trans'1 (a : t_IntoIter'0) (ab : Seq.seq uint32) (b : t_IntoIter'0) (bc : Seq.seq uint32) (c : t_IntoIter'0) : () + function produces_trans'1 (a : t_IntoIter'0) (ab : Seq.seq UInt32.t) (b : t_IntoIter'0) (bc : Seq.seq UInt32.t) (c : t_IntoIter'0) : () = - [%#svec45] () + [%#svec59] () - axiom produces_trans'1_spec : forall a : t_IntoIter'0, ab : Seq.seq uint32, b : t_IntoIter'0, bc : Seq.seq uint32, c : t_IntoIter'0 . ([%#svec42] produces'1 a ab b) - -> ([%#svec43] produces'1 b bc c) -> ([%#svec44] produces'1 a (Seq.(++) ab bc) c) + axiom produces_trans'1_spec : forall a : t_IntoIter'0, ab : Seq.seq UInt32.t, b : t_IntoIter'0, bc : Seq.seq UInt32.t, c : t_IntoIter'0 . ([%#svec56] produces'1 a ab b) + -> ([%#svec57] produces'1 b bc c) -> ([%#svec58] produces'1 a (Seq.(++) ab bc) c) function produces_refl'1 (self : t_IntoIter'0) : () = - [%#svec41] () + [%#svec55] () - axiom produces_refl'1_spec : forall self : t_IntoIter'0 . [%#svec40] produces'1 self (Seq.empty : Seq.seq uint32) self + axiom produces_refl'1_spec : forall self : t_IntoIter'0 . [%#svec54] produces'1 self (Seq.empty : Seq.seq UInt32.t) self use map.Map use seq.Seq - predicate produces'0 (self : t_Filter'0) (visited : Seq.seq uint32) (succ : t_Filter'0) = + predicate produces'0 (self : t_Filter'0) (visited : Seq.seq UInt32.t) (succ : t_Filter'0) = [%#sfilter19] unnest'1 (func'0 self) (func'0 succ) - /\ (exists s : Seq.seq uint32, f : Map.map int int . produces'1 (iter'0 self) s (iter'0 succ) + /\ (exists s : Seq.seq UInt32.t, f : Map.map int int . produces'1 (iter'0 self) s (iter'0 succ) /\ (forall i : int, j : int . 0 <= i /\ i <= j /\ j < Seq.length visited -> 0 <= Map.get f i /\ Map.get f i <= Map.get f j /\ Map.get f j < Seq.length s) /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> Seq.get visited i = Seq.get s (Map.get f i)) @@ -1078,58 +1149,58 @@ module M_17_filter__less_than [#"17_filter.rs" 123 0 123 49] -> (exists j : int . 0 <= j /\ j < Seq.length visited /\ Map.get f j = i) = postcondition_mut'0 (func'0 self) (Seq.get s i) (func'0 self) true)) - function produces_trans'0 (a : t_Filter'0) (ab : Seq.seq uint32) (b : t_Filter'0) (bc : Seq.seq uint32) (c : t_Filter'0) : () + function produces_trans'0 (a : t_Filter'0) (ab : Seq.seq UInt32.t) (b : t_Filter'0) (bc : Seq.seq UInt32.t) (c : t_Filter'0) : () - axiom produces_trans'0_spec : forall a : t_Filter'0, ab : Seq.seq uint32, b : t_Filter'0, bc : Seq.seq uint32, c : t_Filter'0 . ([%#sfilter31] inv'3 a) - -> ([%#sfilter32] inv'3 b) - -> ([%#sfilter33] inv'3 c) - -> ([%#sfilter34] produces'0 a ab b) - -> ([%#sfilter35] produces'0 b bc c) -> ([%#sfilter36] produces'0 a (Seq.(++) ab bc) c) + axiom produces_trans'0_spec : forall a : t_Filter'0, ab : Seq.seq UInt32.t, b : t_Filter'0, bc : Seq.seq UInt32.t, c : t_Filter'0 . ([%#sfilter44] inv'3 a) + -> ([%#sfilter45] inv'3 b) + -> ([%#sfilter46] inv'3 c) + -> ([%#sfilter47] produces'0 a ab b) + -> ([%#sfilter48] produces'0 b bc c) -> ([%#sfilter49] produces'0 a (Seq.(++) ab bc) c) function produces_refl'0 (self : t_Filter'0) : () - axiom produces_refl'0_spec : forall self : t_Filter'0 . ([%#sfilter29] inv'3 self) - -> ([%#sfilter30] produces'0 self (Seq.empty : Seq.seq uint32) self) + axiom produces_refl'0_spec : forall self : t_Filter'0 . ([%#sfilter42] inv'3 self) + -> ([%#sfilter43] produces'0 self (Seq.empty : Seq.seq UInt32.t) self) predicate resolve'4 (self : borrowed (t_IntoIter'0)) = - [%#sresolve21] self.final = self.current + [%#sresolve34] self.final = self.current - function view'2 (self : borrowed (t_IntoIter'0)) : Seq.seq uint32 = - [%#smodel46] view'1 self.current + function view'2 (self : borrowed (t_IntoIter'0)) : Seq.seq UInt32.t = + [%#smodel60] view'1 self.current predicate completed'1 (self : borrowed (t_IntoIter'0)) = - [%#svec38] resolve'4 self /\ view'2 self = (Seq.empty : Seq.seq uint32) + [%#svec51] resolve'4 self /\ view'2 self = (Seq.empty : Seq.seq UInt32.t) predicate completed'0 (self : borrowed (t_Filter'0)) = - [%#sfilter18] (exists s : Seq.seq uint32, e : borrowed (t_IntoIter'0) . produces'1 (iter'0 self.current) s e.current + [%#sfilter18] (exists s : Seq.seq UInt32.t, e : borrowed (t_IntoIter'0) . produces'1 (iter'0 self.current) s e.current /\ completed'1 e /\ (forall i : int . 0 <= i /\ i < Seq.length s -> postcondition_mut'0 (func'0 self.current) (Seq.get s i) (func'0 self.final) false)) /\ func'0 self.current = func'0 self.final - predicate from_iter_post'0 (prod : Seq.seq uint32) (res : t_Vec'0) = + predicate from_iter_post'0 (prod : Seq.seq UInt32.t) (res : t_Vec'0) = [%#svec20] prod = view'0 res let rec collect'0 (self:t_Filter'0) (return' (ret:t_Vec'0))= {[@expl:collect 'self' type invariant] inv'3 self} any [ return' (result:t_Vec'0)-> {inv'0 result} - {[%#siter7] exists done' : borrowed (t_Filter'0), prod : Seq.seq uint32 . inv'4 done' + {[%#siter7] exists done' : borrowed (t_Filter'0), prod : Seq.seq UInt32.t . inv'4 done' /\ inv'5 prod /\ resolve'1 done'.final /\ completed'0 done' /\ produces'0 self prod done'.current /\ from_iter_post'0 prod result} (! return' {result}) ] - function index_logic'0 [@inline:trivial] (self : t_Vec'0) (ix : int) : uint32 = + function index_logic'0 [@inline:trivial] (self : t_Vec'0) (ix : int) : UInt32.t = [%#sops9] Seq.get (view'0 self) ix - predicate contains'0 (self : Seq.seq uint32) (e : uint32) = + predicate contains'0 (self : Seq.seq UInt32.t) (e : UInt32.t) = [%#sseq10] exists i : int . 0 <= i /\ i < Seq.length self /\ Seq.get self i = e meta "compute_max_steps" 1000000 - let rec less_than'0 (v:t_Vec'0) (n:uint32) (return' (ret:t_Vec'0))= (! bb0 + let rec less_than'0 (v:t_Vec'0) (n:UInt32.t) (return' (ret:t_Vec'0))= (! bb0 [ bb0 = bb1 | bb1 = s0 [ s0 = into_iter'0 {v} (fun (_ret':t_IntoIter'0) -> [ &_6 <- _ret' ] s1) | s1 = bb2 ] | bb2 = s0 @@ -1143,13 +1214,13 @@ module M_17_filter__less_than [#"17_filter.rs" 123 0 123 49] ) [ & _0 : t_Vec'0 = any_l () | & v : t_Vec'0 = v - | & n : uint32 = n + | & n : UInt32.t = n | & _5 : t_Filter'0 = any_l () | & _6 : t_IntoIter'0 = any_l () | & _8 : closure2'1 = any_l () ] [ return' (result:t_Vec'0)-> {[@expl:less_than ensures #0] [%#s17_filter0] forall i : int . 0 <= i - /\ i < Seq.length (view'0 result) -> index_logic'0 result i < n} + /\ i < Seq.length (view'0 result) -> UInt32.ult (index_logic'0 result i) n} {[@expl:less_than ensures #1] [%#s17_filter1] forall i : int . 0 <= i /\ i < Seq.length (view'0 result) -> contains'0 (view'0 v) (index_logic'0 result i)} (! return' {result}) ] diff --git a/creusot/tests/should_succeed/iterators/17_filter/why3session.xml b/creusot/tests/should_succeed/iterators/17_filter/why3session.xml index aef093e640..5b23cf3604 100644 --- a/creusot/tests/should_succeed/iterators/17_filter/why3session.xml +++ b/creusot/tests/should_succeed/iterators/17_filter/why3session.xml @@ -69,10 +69,10 @@ - + - + @@ -89,7 +89,7 @@ - + @@ -134,7 +134,7 @@ - + @@ -226,10 +226,10 @@ - + - + @@ -264,40 +264,40 @@ - + - + - + - + - + - + - + - + - + - + @@ -314,12 +314,12 @@ - + - + diff --git a/creusot/tests/should_succeed/iterators/17_filter/why3shapes.gz b/creusot/tests/should_succeed/iterators/17_filter/why3shapes.gz index 07bbe1e6d8017ab42579f3d0e592e371fdfbc762..ec7ae5a532c6af6e5392541fa3a0b067eb3fd481 100644 GIT binary patch literal 6830 zcmV;f8d2pRiwFP!00000|Lt5^ZzMO8e%G%Mun)aE#sIvJg$;~gw6+Ay`ehe|eQS_R z(w0XpbxZ2@_}}jr%sVTqR65$y491Y$EFKZTxPxTr-~V)a_e=Pc?@qtw+q=t~>;F78 zr+@m7lkn;GrumZc-8;Tz;k)m)d@Hx=V%jZsdKhMji*R}U6(3aJ7<$$mRx=f&vFb;{ka1Dr3{ z*ZGd-bNqmU@iSk1rmooniJw`A+H!NTN(>EYjBdF-Kl!n4Lu>^*>o&xFxc_i|d3B#} z-?4We|F+$3xvPWW_A*>o2<~&8Os(^wHQ^K63f?hF@QXeD=V#qgn$ow%Avy9M}Wk=X~GOCiYDE-`g+wbNGR#LPhW+G50Kdk4Cu4 z*FWF?(n3Jj4+-0m?=NUjtPTn=;D;$zHGUW|s0u-?LQsJ4{W#U^Od7}ZWLmp?GFDOS zuExkP8*LyP4PnBd%c?0YgIeNO$KF3u7A=2|5(Ly&VeZ)hPPKyQr3Bc6h?Y{&9r6)& z%OAZ8SWiTNsdkQF959nPGyc<9g>P5*Z-&`uAHjbj`(Mm|bId<`lJB~hdB4$zPA%=w zJfa6NuoIA8y5Y&t#1juKIkfcId}UoG=bf_0@iK7E>AyoBKkjy=lYi6>~b2mnqLsAGUXb(#vgu6A_3}WCDQ@rD&Ab4lQ?To1?_>KvO zxMshDEJEB0*Kv*yFkFS<<}hfbJ60N@hq)DgZFD9MB&LAvNgk5zAeF3@ho7^8$nocW zQk42e>>J^cvUKXph~H1TN{{a2b9j0sh)ki)B#1*iXWSGxq(Lt;DXyW%w@q zC6w@Iw8xE)8>K;-N1T~VIPY-16tD>(xs_@HNF4yA2#}fr`n6Ntmmq4&K;k=rzT9PM zr^kIqyB9tP>jl|8!`@Lu68*I!;$=2{`8WgX_j$R`$YzA!@j0!i|Kx;Ld4N_)v`!|R zW2fP=nk-*Rr8ivu{^TAcoF+u$lb@D^d>{Ti?O1r*`QS+dL%#iz?oU76=8u;E_c%AS zK=qJAqCL%4%=bCl;f$fru^v)|mZ4%FL&f`(60Yt#jy^6fKE#4$h$>FN&fsL zTwUJ(e)`MrpKk7d$#<7`Z)O)4k5kB}SSevXta>k_M!@rs9$hRAm*^Xq(HA14U)@T* z&#{`Vv=d_O0b(s-wKHOCMI-e-N{6DRMW)zR@e!Hg`;lSn``H8_^D7&k02f;|afj-F zJ5=Nj)!ZGr2_&^udICuwfTRhMo|AdD$Q6{?stJ$P0Uj&jv6}O^rgO8+4?M=;fDi2l z3cJHe(331;<#1_c5jCK~9_qo;7=V^~(w;5NG=8elVojsfjz(8x^^9pWsU@c2n5j-S zdo-#J>T%jA(RQTbFzXW0!~9nNpDK}Kk2zYAw2XdG8gMQO^Uek)z#~dv!ICIqL(!ltK z515wVzrh*PjQNi`W(uokOzGeO(^}!z9~p(d5&K43y))P=M@QxBgL3rM(%3u`8LM61 z+7267>xMdbkRYmdxVjeS2vuAx>WQiM`+l6K=Ag#`Ihiw)8jW2n5{=eaY^&*6JLMfZB`-IyNk#?-@iV|=(9lf&JZtaoG6`!m5mj~8A; z>*UA#@Z*P{Zmu(S-rdSc^!(4wN4g}0C;8l8PKxuPb<(%=*^eRJeEf8U6sjSBYJ@gn zY5H<|o3HO_`0n!hXUx92Cht`)uftWlXh1kzay}2ZT?am%I;*iYoFJ?7*;)3g*x8QQ z*`uy=+2QM4`Mm4gCtR({L4Ew7K7OG-d{6{EC<3*1)JHBDErV(4u0xDhPV6^KH1!zqMB!ZD+mK z0N+msB2KPuZa$44Pydar*5jQr?zv&bB zG&F!(JILo|UzGyD7^m_m|N2uUnOsJaqoO2jjsF z?_f|z=qjJSTHp_A=F0iV9@Tujr1?VBokW@kCC&GXx`**1lJ0>W7BqipxppF2OQqLl zLAGsEhj?>)d-EGY;K#o`u()c(Wpi?!|9*e^j=J8R-v9n7Puy7Rgely7xw=1@23Y=h zM62=mft6#7mMxeeTJ%Igd)w9kz6)z~J~2+e|E*uJ*y4|qw^35AE$DN?mHpNjS?PK} zStrH^PVioOJ?eFCJ{Ni`yn!uM&h4IdFK^6q19upG^)l}~ZHq__l#FIG zb{%6V70Dij{h=K_I^3-0JqNUBoja|7cQTGcT6ozm>KOAfK*?Q=Q0K=6N9}GrS$IM; zYK>!*d3#NHtbaNr)ZPotJ;gC3u7}A<&V6(sIVjAXl~W9pM*~AF8uzexJs>8B;d5lW zj{^?Qoy=2{BiH4;#nt{HkmD{6naA`tcz3t$k;=|MOYT7y(|OL3Jep8&h|*(OdHm)5 zOkdiI&4V7`Fo4#6o`m=X@cwWl$LWC#+(u%1rQSM~#1=5+57c^h{_;Fp zy}#OF(&zbx4w%{6RoC7fE$_UJ^4DkkOsl&uIo7u9$KoFG7!8+)G+ZC0;cGXLdr6$!h)wSzkJ8ccmXa^8Df!wx>w3Ys&)J4|&oBC4s7+JiZT~f84bhxxX?Dx70wHD{&{a0P)=7`4uJDD?+F^yf! z?wt0>*bXb(E2m>+JP%O+66HU!C=XquKB3Iv3tzF5icePk^wZ>khUjcdyYp$^a*`$A zIsJULf}0LpC+BjmyE~Kp9pq%ayEvwVta9=_7%Cp?tC0sz6INGUgdgaA8EN@3tRISC zdhAY5t{!!6MT}Uh%&Q@~8d2Bo=0NnJgMn_f5;So*3s|OLYil|MRyCod)kp37X^cMG zy=EYG^ph^8r>gA*A|1%OPCnhX9^>Zf0}WU6v+m27;1RE;delK$yZ)@Z>FZm^odnjk zlo(!g7p65cJbd<8dGxaCbTPA4N484*gy$Z6$z@Kj!KYT)o&)bO$!FhXv+Z~_-Zu{4 zWwY@K10U|7*<-%mD~3C0YMtDl-7m$`La5(*x~Qshc}IMrPuDje=DJgRFF!&LL%ix| z^{*JFUjV-UJnXM;^nHBG`!&m`QfT1+uplJ{Tp-5tqtI-<7*BmZ@qL*4jdo!i>!=zOW&x&i27 zo$tTfJ?-Rdt=G3-3ts@J-~1kTwH&4IdQS=a9KQT~-*%s${4}3S-v}S*q=~uzmiT<0 zBPE*5ySi`tmHfGep^1?1Y z)04Z|0^feIYUrSNCDuG>{oa;rOO@&O?MJ_)dM}Nf6JhrcC;rM=kx$(>DrW?yEbL}*ICM*53T;9w~ZZJ-9;ja*7SVKc!RCAa z@8@yB)Ocg~*2t}y2N)yPI$518`i&Yjw8p+g>@j`tF?yJyhp#GrJ%Og))X=>Ddas*6 zQDd=WejCRpH^;-8n`(q#`=L^m;Luf~2>%LIqDvT%%E`3;z2W3uu}hTttEL4E$}GDSsh`pDEZtmP<#h1=wO<3Y<@V;| zl=oX>`@ucQp{sFEfZR{!_cTIU+XSvFMI#&4}a2UXa%PvJpHm#W+L zOFwpaSZw+v-VP6oF?(xe2YZBC-~L*;3sR0nGtJX;(Bpub%$XL=b*uu{bKvM6rlLK6 zSUi^)Q94g^x5kXc@RHAAkvbbQPh#own6$Pbiuzh#Wo-ZW6*y)$NNv(Jssz1Yn3rDN z5SCn@Tp?TdfK}K1yN7Ba2i0ix=6AleK_`|2vy&KNI`8#_?+TS4sV8DbPwE5oRn?p8 ziQ1MSLTmT^rGs6Qqpz_Uf57B`$pT{i`v!wqO_AC5FB}*@V*yb?$;(oC>dGS= z4H@_K#ni|bPHHgtbCP^L9v~&`CVj2;Jn6q9JMJDt<>s{9+cHRtH_1C09|s%7mL!vHJHjkyq2{1>T=4S6#8J!#O~<>|(zFCl1a|U7(pbI7^Zk z=gb@&jm^C0sM6%DC$c)|;>@a*9qr`?qu;MnvePMfSf}LtA#9JXs_xOqu$_v`n1jfw zogaYWIwxNVZy3DOjvqE(4H$*CGM&fe=+3FWJt5LxjNWBZ*J{vsB(OFNV<}- z*JTgX0B!u*S62+tP3-CC9VzodsP!8c!;HGiS$#DG&{mgDc;Qhxn@rYRD$l&uQlyCP zAf@N=)NSm>Z1hHLb-gkr4ZK`WV@@w7%R);JxSXqoihIqzg(AWAjN zc!4TeT1IQw#xGXs9CdQC34%8=o9qHJ%=-w^g4HF_DzURFb8CYLLW?FUQF3UUGnN~0 zhB4pniSMo|MKLbD(n*GtWMQt@z<`%&aDvk+y;u{h3A$LUutIpxc=E=@E(k!YJmXOVSm`Vu;+CLgcuofo?=2 zONfp)ies0`io~_E5RP(E7NT0)r-6>aD3EJe=H5a}LKcBZaJ?~6g1ZFTJPkDTm}}@~ zk%HS&Oaw=)HLhu5irHI$mh5Suoo1?}Y*Q#j>XLnIG(1}f+(%{_QfG+GU-!8l(U5js@LzW^%m3K<0B4HrzSA|f=slmd4t zigW2ytBsZ~vMZfnn;bzoGM}6+8i5&kCHD>4lBSf%U=4yaG8Q>3HTdBt52{7ibX)^i0DWZ zveF?Ki$ua&nGg&3#<53(wZdlPrb=m+BK#Lpne5<0O;kuX6H*4XadP9T^M3+-CUnZl zdc#4%B$Q3$`t8PP^DIaA2nC4OO|jN_NR1YYFS z1>2Jirvif`(?en`P4?2nf+V@aYw)YT1%BjCMMnhClAB~XgCu2Q(L?D=V9@|SycDCF z#ePdVgi0lF31bMkQBp?5kY;(Gxj^P8v$qxggGdP&?7z8djMMP)SCR7DyG6F^zU;ESC4mbf+Ig+vi9nuf#WDGPz1 zLiQ*H8sm(r)uj1W*lmM?T7%7G@B;i#Nh6Gf=o9h>C$V#AA_Yu}nBR^L1vsb(5seU? z@P8KJ&OAqbM@c4!MIw503g6$J7VS|ivDi?E(8fBC*onZSlJGJLFF*@$BBA($=z))H zN;WB=jEK4j;K*ujMRj6++uY}CM#$=yO7Ex$!8flS%+RTDY zl%N127w(UyOqe7S>i--)nUYCJ%mVX>zbRR3BPBXq_*bG19781tZlUtDLS&>kjS8^; z>@_kcO(_$X>=h|=Fm8+;xWWO$@tR$puIi@1D^UjsTooJX%lA-ogiSj}&)f=HU!U3by zf?gsHAk%afbxg{Z8IRI6>CWX4$@-6?$si#_xe*$My3=V^8m^nH>DM<%-rA%|f(B{+ zXxgN(!6^rt8l=iF78JorG>J~iD3xjxDQ#YhJ}*)0DVBoJxu9fd0_Sj(4N|ON5%oLz z^lQ=Q8l#X7C#F68cZ?{_WQJ6eV8&=+Tl%DXE&8Bvu3?C70y&XZ$VyS+(b+l-*s_Lo z{8O*SKViKRKG=F}ksHqh@@eEIrMOf?Q%@h{t5JslS0ra4Cs8Ew1|d`kaMaER(R9>_ z*P^aC-gw^x@Jw;U5}^&#j5}lt2q;K_N$XzCvlxdQD=1cs%q%i(;fX~Ep=m5rNWJO> z8nDq3vSKbb=8V6X@g|HNR1c zH6=8$rBl8>of*lYryEx0gsi82MyRX;DmBTXE0s=AqSPxAnWzd-3GOD#MuNnGDiYPB zPjrbAYVE4%*H(t&2j%@M(i;Ouf$O6}tcDG_jDpS^6upfv;Au4`O~&M3nNV1fa1wc9 ziWafkN|+NjsI6p_4N~(;D0>5ha#rZ3yrH8S7(E=lEE4Vt;k>{ZR5jK1#gl36kq9Qq zvy>je#AKTzy)P&>BNWn&7dOCY_;|o?z%K1Uut8{KI=MjiiLO9jWq@L!qE6s3Eu{+4 z(!U@a6mgKmK@$g298__T#X%GYJ=_o~x=g@4gL$Br8+pPT?F%npf`}e&J0_zIPr=aT zzjCB$f`SSdz`+3y7H~@SsS0oaNp*_@NC%Kqa5>C#m`CNIW6vfJ%C8;s3|?ClN7pwY zY1jd{<88FaXCNOA0lgN1Dk+h35RrRNr(?D>R_X?B+M3uD2?DVQdi0t^Vx5)9ump_2 zM5(oPjAy2^gRo;`P6ea;CM@>8`}cJSwFT*x$SiBuNTy|Ma^l2P)+C;}1)*Xi$Uffy zu`xn3;WUyI4wjX4ShU;?oU#L72AaIrzhMj^6r9XXvK7wkdiT%0zd;UL(6 zSpBAmj?qRgoQM$-g(<59ED0qym`C(40NjEM6em2AUdz; zrE=koiK%#I81_j*WB=&;Y(zwgADR>#3U+#h$dkxCMTs;}OZm^T&%`oHQAW?xl1M@X c5$G{^!@LsF1T*UGKmK0-AM=QA3KW3=08cl7&;S4c literal 6557 zcmV;O8Di!iiwFP!00000|Lr{6Zd^HX@BI}G`Q`!ycxXC z^hTC!sXe><_W^nC-KSeES+*uY7ML}gELIikMzV@W|M<__$KTxN^tk;!Jv{F2@BU@0 zw*UN38~6F)K7I}9@g20ny?@_AOD*5byYZ+;w9w*>+ui;C4$4s17<y3LzkN3B~r+1>YSMKxu<38Nq#oc~)fA{gz*Zn)us#dqQH6OkljNadc)DN5M zjr)3cmmUi|h!*f>_8Sgw0X>QD_-dHOL?;EI7)G4S=3`)LAIM?lkmg8{}=urPWV?Zid{F0 z=r_gCxu>0jEBw5FKPX5ZhT+-JEE10`8e8&eIkQfqWhV_ZUI)*0`QN#S?~l8}=B$Ri zdpzz8o6de*o(1X0!FXKmEwK(yhEw~Of!&ABW?%%Yds*)!&WB?DwfQ(;poLTP7&@o8 z&{=(tvH0D};LJ@6J=r2(EqrMrDL*WCna62|Ij04;LiW5CoO@i;&8P;Lx#A;Cih$mU zJBYa|;K+rYU-REl7tXh6ddb0v!&Dq*iKEOkmukZeI9s%9qYHIFOQJvrxhMS*`AxPAZLIq&=c^lRED z_p|%gmY^lvx%cj0U3PzJ38#fm3oU~Mu1IDEaNW~-Eo3u9)Dq7S@fk#15b+$*UwYGh z4W{M-EOIZXcgI5Q?ReODtAqkrj{c%4P>p66i0I(Mg>Y{B>=EP2J2 zXvQm@;gt%nGl1)s!0oEb!l70M$Au4@{lnL^4el{*{(Q*DPwr3ij)Q2s9Nfh8xPSN> z_S?@7>C^5pJu?g)ka{X0l{GD9EZ4bM;X~I4iJfc_w2%BV#Ty=B145 zac;5rQN}HqkzPyYiHqI&L(q#nVkNn>@QAvhQcE?lG;KhKcGBgR78XCZXk4>sKC|mpY_0rkN_RI$=?DP)=ZzM!S(pL#=B>j_{rRzf>cara3y5bb@|T8`u)JR1+L$ zWYlS6%yAHmdO96iN<11!TpATBuwIfG`_%+77k?SKSp=e`_|*vC(o>lZw+!holKiRc zlDj0ebRe0FvP+}jpH46xqW=y#riJjIm1c6QIi_$n!L)Yq8&XDYX!xNKR%-?)^=QiV z^+`S2>Srem_lcyhJ?>&WpVWL=R~MZZ#us(8~M@k(0o`#jF#juqDQ5a zNM?JQZjqvN)AjTTW1G(@6Bb<^f^V+t@le;}spouMk4s&ztBuLAHpWla#$c?C(O4U! zS{s|!&k(*$1+THS`DO2Z`S|DiyYx;BRXK9MeEg65Po+rMB7PZ)lXyM0HbYBZ{o=y? zr_Z-(pJGAC6SkR1!`Fw0bhj_VkGs2HZ`1z%u0*fAyK}eQq>^ux zW{~-Mk;`6HyEsz2cvd-AoG<6nx0Q2WP+FzYeC%jG_P~5#Gz2*sLTMeD4;=`cz6?G< z*JEprxon0Vj4J9GTXPt0QT1k6_p7P78Jp(cTGSnoZc$&4twza5#_+}_`Ro_=osL9E`#dt*FNVHrl3G>=fjBAYY;SF^eB z%(Gx*cNf#&KHlE{x+_B?s?M-@Yqd@3#BDe@?S7 z)&=3R-F&^>Z{`~;JfG0&e*DDDX^*B3&A3|(Ou3)?)`-5})=GY20^k32m~gPfUuJKk zh}I?yXTp{B);+TF^@Op`oX_nd4B8t=uS@e=v3JTF#ZvX$t?5Y5vy)Tj$`v@>J$`*i zj|&-h;&FegJKFd&@6v7jC`OTeQ)GR-yAOx%HxQ_n{`i<4N`&c_xRR|}aS|+3`?fk^ zyr+a)rMe03_O`^dbH1VnMrY9O;n&Aw=+6&njFeAD$s?=}>C4w$)lEI5^n$-M1-^>B zTj_{s(0LzeJ3=&aGP%vvb%~=?A}0*?=Wg`k?Pm4dbH;ksrPC?+=)`f(3U}S4UNEnN zw1le(>oRR{(dwqm!V7kz&N(KXcV)^;$Q1FI{2tYy>!up!1&>5q<@_KVK;E@<8Uw{S?GWt#?5shy$E7 zOFJImTq&8Kz*=kPuP>w3`qhz;zAP7X#?97BT_;y`So69lUSFMZt-fAzsc-37p7dxD zYFXYoxdJsNru#Z4w2Y^)vbb=ebA;6LY2&eTNZGPFO?s9N@8NaJrv+e(0QkJAw`51e zE!lbU{JU*2-@yS^Dpw~R;6(ZGqqC{lHibS&DRk9&PVt)uz;_*JKw zCE;m6&tMihE@L-~n$rm#>v3jRa=KK<%MI%PRr!BdmFLQ+FSzEwL994BiqB^K`OmWi zP2sb<+Fj544uN!uo%7#UE3`|(b(WVieeH~f8su!gxw+&DS@mQGH0APGUyVGGO<0|E z<9;sh%Zim>BKq+XTpqiZCs)tPTNOd9-OQ^an!2N|)#k{aO$_w284KW;3phN2tRre&zEdQl>+ zn}5|;`i9nJnZP=?91L&zf@wV&p3gm28NIGK-7I|76kjd!BsuFXA#+{^pL=DO2R`AF z-(1TU?Nk~c8s}@-VtT>=V+~q7=ks11YtW^&**@8uNdYZ0Pnwy>l+$FAG9#Me1Mwq>Am*%UHWU8?e_N{cXxaD`^SI3 z`mc9lQOj3r@uF&>RjoW#%P+%n{$aIl?d(Hrv-q|06}MP)Knt|yn9zOUT|eVqd~!9I zJILPop*+LsmkBMXp*ieP!`{|{{NjFYLDy(~^VFP)&TQ88JkEd|HG}2H*qX~2PCS^X zADg#Oo-(Wp8U~P=0E^XD)0lq4!SDVnyQzb^&*!ENuCMRbc&Z;7cF*sw%iD=VufPMZ z!0}-Zjt_g#3^l?o?9|xYM`O4iOCvRO)z@l6>Fj#>qJze_88p7lAR6Rd4w2VmYw>J} zWQisHTQ0kJ|5Q(1N1d{}JS`tTvFJkwAA}UHpNW=N;^lewA~w}L!%-)6Ps)ddvK(7e z9~{t7193HisPQYe-#5FvVy^r2aJn+o1C)SsFlAZDfmzXUoO53t?e}3QS0gxAg+do@ z?@Q?p-$B{e?#4NvA5z=}w@)h*r@(h=`oL>_&vFz#pPmJqDFiL`%iP(m#k7hI6GAy@Ur|lkAV``V&DS2T**p6 ztN-_J^}@uql`vk_q-Z6zvVKD%$Ct!BocUyzca$)W4BrpP@xzgpO)I&_Jz=d+>m?tf zoc-;F0;iU!rvW*Gncu$ZSVgXu$Xh8#&{iJ2reEr>aJoD%wXCOG)uGhg!5NJ8@-$R_ zPp6-58!CNWpx9Rcm_nbAc z)q>)3p`(Qy4lFMCMFlum4IZl)FSHsuvYPtzc-0V>RwGYY4bNZ>t)??cd1y5}f_BFF zhqRjWik7#UC=@n!%ao6uQ+OYPNs4^XlpI`2sN5>iEYDxXb?ALo8*kJ@EnkvCEaO zqvX-R^6N%fZ1`&KR&!#q`;`(GD3sCUp} zl0DGx)w^f?kHxF|S2rnc^Zmo8ueWY>>Zy3R76nf{R#^*lx@hiPpesR2bTMWo+qvAk zKUgptKy{=+{X_DyT8CWKpM4D+>EF5;(&{Tc@5LU$-MK^n{i&B!CSc#)M-!LGP+&x)XinwBk@E( z^sFqeT3x&uztHG%eTy61xD9u9wt)C90mi_$vMqRbJEJ(wkvm%&hU2$7OX z#t9{?^^~L2GKVq?k7gy%+Mz><(KF`cqA^N?Qc? z$Q%=tS@K|x)5^)LWgv}ct$<*a@xdUus8yw;#K9a+(uJ&YbXIDnY_!x#WXr~~6{%=R z9`feNM(Zsag=j%qB~c_NtPdHT*M&E<4VngZgQ`K1JuYd z+90LQCZS?s$OJOk2=6=?l?yxOWvC-Y%FY{z3`R@V7(g1WwPQn+3)fP=47GQP6Dlnd zSS^!x37sHvF)B|XtAbj+3^joR=|swepmSEaA%=ybQIGf^$eZxSUDm zWPOy%I_JQ8p<*#-;)bXpYzSUPBL_t$JL7Z6S^-%LEJJWHMGVqa8uA-ylxU1HW{_UW z1X2m`o-lcry^67zJ*jV`fiC&-Uy@3oV#nSiWl4n2CA6;4Fb(M!6L5?sD;EPubiPDb z(B!?h$po84u};Q@p{#>NL-xg#BC)hiqc_e_Lmg$I#D&;5(D1@#p@k!v zfkITmB+??X7Md*uzhzm8&^OXyk-!tPrtB3;tGsszAf1fh*x0RvN=JPw9Z)I6q7#R} zF(gAtYbFI=fLFQDk)o0E+es0-XhG!U6r`APB8N733{GXrQEu5ZtiPQOI7W^x2O{f} z(GkddOeW@#QbZh$rRmotJfvlYuHW;0ykmXYYu(9}(EJq@x8YLUWjiPa?!bZV{gbP7s z%-%D*s60~4+KVI=La?T8@21hJ(X!FpXlgVz8VWKkdSuEr$}~zBck@{p>$7v&vW#q* z!Lg4LNoBXyrqQ~wjlC2jf#>Ad3YK0Vpbh}2e9#e*g$Y|-kv$7%wlcHNXlypwIIj~+ z=ajZ+w5AZY1{x!tjaH*ho(!`T!RshT+ zU>g-ijv^rIP(r_MjB1R033BPYv_X0!y~vOqS^>`Gz=U3E;H|NZF)zoTjg2}4u!d~5 zMf6dnEUc402<^-9&Z@@B#&Tn+vDjE>tauKINX{5mG$6!l(3M$d@`)mp3kD=qA|+DE zlJeP#)YDZB2>Cte=a94Xq(x3KXb?7A3c_15oSpD$3&J)a%AG}jPd<=Cc0eg;mm(8+ z7KF*#1Q?}KaSH$qfcO!-2w-bd09GhG3zRuWhejz12-1r!fNTJ`0iXupRcU*Q*?7sG zl>}LCk;)juIVOQR8UCKMrDvuj0b>Ma$=U%)OEy^@l~G)8lj?g>*U=~|(Wv6^Xj2G5 z29=$+Ap#lNLfJ3NhFNyZ@5cv&C^teK(F@cOh4(>NpzO*a6VetC8YtWM_vb}gp`!4y zY!OmvV+p)YzyU3Jw73PN1`vM~KiSEclM2px_A;Xs5;-FHWKAFxU9>{o0ICL1Hh}!y z^%b% zh&$(%6&58VpEP2UB1CqSWU|sJEz6M!NW3A3#(Ql*C=0hO{rIFCc7y zpq#(nmRWXyUTXouvdUTHlu5g65mZoFLOIG+(nN2}smMWxkbKA_jWs3*Fc^gnB$6Qx zd9HRpW6k?9f zX`4dNpL{F+OjJx-1R*V|;Jp%pl8qElC?!#M{E>Mp{@5B51tTLFl5CWc-jv+B&_RnR zdin92$q%(;t_ScaBmf5H1DGBs3zjbEKWI4r9+9z7==b zK(sbGE095Jfl>)6zyz(c$cAdU>CGaGGG2MdA}dP53#oOI=$wmD3r?ylx%HF}QLqjgRx&8#Y)_y^!K8LJ}7z(!@|O6FYote8d2F8Yp7dV4+- zVzQ;eDhyK1`YGhZ&L~5|n_T&n4KTkUlcC%KI7BNFMIxm#tCF6yp%hVEy}NSxPgjAm zXn@rl^6MRh5Ugjz#yMw_C2v&OsuFfQjGubz06ceH$V@>ed5^6%vpjapJ6qTuk zX(|2yjDpCeQXWgHMrw4FD3fEMm~u#1%~a}FKTJ!@-UWh0WD!{@j7HQ7)-LPWl1&(5ix5@UCCdI29#|;6*Q$#pc+uJ0mTg{+GHV_ zIU~AI@;25A#VCXJik&po>am>O%SFjh0|px?*E%B_D3?!NNazN%YCy{dG&i8B0gVl4 zI7=FWtFHxA=0GmnD6}TUlC(=Gyxf9O4H)@dh+8go5wtFWloWzbIuWTHsicb?Zo!xa z%8lzgF#tY7_UK}!7yw*~0+5C9S}`lHw_pn)+d#QBm4Ckj6Kte(mRN_Zd@v+arkFD# z#SlP?Em&&6;&*3+qTs|qrAXQVmv<``WrhssL{_*3D;u!F&@OqeJY;P_3oA)x7abTn=2`VT%QxfM)BtR< z_C`2W9z#mB&SU^koY)-mEIOW{$h*k8tfBDFZ?*=TkyWrEdGyBSEFzKgp2>hFXT%oE zn~wUZ;}5$A_BjG6RG<^)ENxOUYGZs*DnOS18`hxNg(zc4oFZH22%@O>Qpn0E2$L=S PvDfiGTFXn_;d}r9OyR|f diff --git a/creusot/tests/should_succeed/knapsack.coma b/creusot/tests/should_succeed/knapsack.coma index f0d2a4bce6..304a5777cc 100644 --- a/creusot/tests/should_succeed/knapsack.coma +++ b/creusot/tests/should_succeed/knapsack.coma @@ -2,28 +2,30 @@ module M_knapsack__max [#"knapsack.rs" 16 0 16 35] let%span sknapsack0 = "knapsack.rs" 14 11 14 15 let%span sknapsack1 = "knapsack.rs" 15 10 15 31 - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 + + use prelude.prelude.Int use prelude.prelude.Intrinsic - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 use int.MinMax meta "compute_max_steps" 1000000 - let rec max'0 (a:usize) (b:usize) (return' (ret:usize))= {[@expl:max requires] [%#sknapsack0] true} + let rec max'0 (a:UInt64.t) (b:UInt64.t) (return' (ret:UInt64.t))= {[@expl:max requires] [%#sknapsack0] true} (! bb0 [ bb0 = s0 - [ s0 = UIntSize.lt {a} {b} (fun (_ret':bool) -> [ &_5 <- _ret' ] s1) + [ s0 = UInt64.lt {a} {b} (fun (_ret':bool) -> [ &_5 <- _ret' ] s1) | s1 = any [ br0 -> {_5 = false} (! bb2) | br1 -> {_5} (! bb1) ] ] | bb1 = s0 [ s0 = [ &_0 <- b ] s1 | s1 = bb3 ] | bb2 = s0 [ s0 = [ &_0 <- a ] s1 | s1 = bb3 ] | bb3 = return' {_0} ] - ) [ & _0 : usize = any_l () | & a : usize = a | & b : usize = b | & _5 : bool = any_l () ] - [ return' (result:usize)-> {[@expl:max ensures] [%#sknapsack1] UIntSize.to_int result - = MinMax.max (UIntSize.to_int a) (UIntSize.to_int b)} + ) [ & _0 : UInt64.t = any_l () | & a : UInt64.t = a | & b : UInt64.t = b | & _5 : bool = any_l () ] + [ return' (result:UInt64.t)-> {[@expl:max ensures] [%#sknapsack1] UInt64.to_uint result + = MinMax.max (UInt64.to_uint a) (UInt64.to_uint b)} (! return' {result}) ] end @@ -40,16 +42,16 @@ module M_knapsack__m [#"knapsack.rs" 35 0 35 57] type t_Name'0 - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 type t_Item'0 = - { t_Item__name'0: t_Name'0; t_Item__weight'0: usize; t_Item__value'0: usize } + { t_Item__name'0: t_Name'0; t_Item__weight'0: UInt64.t; t_Item__value'0: UInt64.t } use seq.Seq use seq.Seq - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 use int.MinMax @@ -66,7 +68,7 @@ module M_knapsack__m [#"knapsack.rs" 35 0 35 57] -> (if i = 0 then [%#sknapsack2] 0 >= 0 else - if UIntSize.to_int (Seq.get items (i - 1)).t_Item__weight'0 > w then + if UInt64.to_uint (Seq.get items (i - 1)).t_Item__weight'0 > w then ((([@expl:m requires #0] [%#sknapsack0] 0 <= i - 1 /\ i - 1 <= Seq.length items) && ([@expl:m requires #1] [%#sknapsack1] 0 <= w)) /\ 0 <= ([%#sknapsack3] i) /\ ([%#sknapsack3] i - 1) < ([%#sknapsack3] i)) @@ -77,12 +79,12 @@ module M_knapsack__m [#"knapsack.rs" 35 0 35 57] /\ 0 <= ([%#sknapsack3] i) /\ ([%#sknapsack3] i - 1) < ([%#sknapsack3] i)) /\ (([%#sknapsack2] m'0 items (i - 1) w >= 0) -> ((([@expl:m requires #0] [%#sknapsack0] 0 <= i - 1 /\ i - 1 <= Seq.length items) - && ([@expl:m requires #1] [%#sknapsack1] 0 <= w - UIntSize.to_int (Seq.get items (i - 1)).t_Item__weight'0)) + && ([@expl:m requires #1] [%#sknapsack1] 0 <= w - UInt64.to_uint (Seq.get items (i - 1)).t_Item__weight'0)) /\ 0 <= ([%#sknapsack3] i) /\ ([%#sknapsack3] i - 1) < ([%#sknapsack3] i)) - /\ (([%#sknapsack2] m'0 items (i - 1) (w - UIntSize.to_int (Seq.get items (i - 1)).t_Item__weight'0) >= 0) + /\ (([%#sknapsack2] m'0 items (i - 1) (w - UInt64.to_uint (Seq.get items (i - 1)).t_Item__weight'0) >= 0) -> ([%#sknapsack2] MinMax.max (m'0 items (i - 1) w) (m'0 items (i - 1) (w - - UIntSize.to_int (Seq.get items (i - 1)).t_Item__weight'0) - + UIntSize.to_int (Seq.get items (i - 1)).t_Item__value'0) + - UInt64.to_uint (Seq.get items (i - 1)).t_Item__weight'0) + + UInt64.to_uint (Seq.get items (i - 1)).t_Item__value'0) >= 0))) ) @@ -138,10 +140,10 @@ module M_knapsack__knapsack01_dyn [#"knapsack.rs" 49 0 49 91] let%span svec47 = "../../../creusot-contracts/src/std/vec.rs" 156 26 156 55 let%span svec48 = "../../../creusot-contracts/src/std/vec.rs" 78 26 78 44 let%span svec49 = "../../../creusot-contracts/src/std/vec.rs" 87 26 87 56 - let%span sslice50 = "../../../creusot-contracts/src/std/slice.rs" 122 20 122 37 - let%span sslice51 = "../../../creusot-contracts/src/std/slice.rs" 129 20 129 37 + let%span sslice50 = "../../../creusot-contracts/src/std/slice.rs" 140 20 140 37 + let%span sslice51 = "../../../creusot-contracts/src/std/slice.rs" 147 20 147 37 let%span smodel52 = "../../../creusot-contracts/src/model.rs" 106 8 106 22 - let%span sslice53 = "../../../creusot-contracts/src/std/slice.rs" 136 20 136 94 + let%span sslice53 = "../../../creusot-contracts/src/std/slice.rs" 154 20 154 94 let%span sresolve54 = "../../../creusot-contracts/src/resolve.rs" 54 20 54 34 let%span svec55 = "../../../creusot-contracts/src/std/vec.rs" 65 20 65 41 let%span sinvariant56 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 @@ -149,11 +151,13 @@ module M_knapsack__knapsack01_dyn [#"knapsack.rs" 49 0 49 91] let%span sseq58 = "../../../creusot-contracts/src/logic/seq.rs" 451 20 451 95 let%span sboxed59 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 + + use prelude.prelude.Int - predicate inv'2 (_1 : usize) + predicate inv'2 (_1 : UInt64.t) - axiom inv_axiom'2 [@rewrite] : forall x : usize [inv'2 x] . inv'2 x = true + axiom inv_axiom'2 [@rewrite] : forall x : UInt64.t [inv'2 x] . inv'2 x = true use prelude.prelude.Opaque @@ -164,13 +168,13 @@ module M_knapsack__knapsack01_dyn [#"knapsack.rs" 49 0 49 91] { t_Unique__pointer'0: t_NonNull'0; t_Unique__qy95zmarker'0: () } type t_Cap'0 = - { t_Cap__0'0: usize } + { t_Cap__0'0: UInt64.t } type t_RawVec'0 = { t_RawVec__ptr'0: t_Unique'0; t_RawVec__cap'0: t_Cap'0; t_RawVec__alloc'0: () } type t_Vec'0 = - { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: usize } + { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: UInt64.t } predicate inv'3 (_1 : t_Vec'0) @@ -178,28 +182,26 @@ module M_knapsack__knapsack01_dyn [#"knapsack.rs" 49 0 49 91] use seq.Seq - constant v_MAX'0 : usize = (18446744073709551615 : usize) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.UIntSize - - use prelude.prelude.Int + use prelude.prelude.UInt64 use seq.Seq - function view'1 (self : t_Vec'0) : Seq.seq usize + function view'1 (self : t_Vec'0) : Seq.seq UInt64.t - axiom view'1_spec : forall self : t_Vec'0 . [%#svec33] Seq.length (view'1 self) <= UIntSize.to_int (v_MAX'0 : usize) + axiom view'1_spec : forall self : t_Vec'0 . [%#svec33] Seq.length (view'1 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) use seq.Seq - function index_logic'2 [@inline:trivial] (self : t_Vec'0) (ix : int) : usize = + function index_logic'2 [@inline:trivial] (self : t_Vec'0) (ix : int) : UInt64.t = [%#sops32] Seq.get (view'1 self) ix - let rec from_elem'0 (elem:usize) (n:usize) (return' (ret:t_Vec'0))= {[@expl:from_elem 'elem' type invariant] inv'2 elem} + let rec from_elem'0 (elem:UInt64.t) (n:UInt64.t) (return' (ret:t_Vec'0))= {[@expl:from_elem 'elem' type invariant] inv'2 elem} any [ return' (result:t_Vec'0)-> {inv'3 result} - {[%#svec28] Seq.length (view'1 result) = UIntSize.to_int n} - {[%#svec29] forall i : int . 0 <= i /\ i < UIntSize.to_int n -> index_logic'2 result i = elem} + {[%#svec28] Seq.length (view'1 result) = UInt64.to_uint n} + {[%#svec29] forall i : int . 0 <= i /\ i < UInt64.to_uint n -> index_logic'2 result i = elem} (! return' {result}) ] @@ -215,20 +217,20 @@ module M_knapsack__knapsack01_dyn [#"knapsack.rs" 49 0 49 91] { t_RawVec__ptr'3: t_Unique'3; t_RawVec__cap'3: t_Cap'0; t_RawVec__alloc'3: () } type t_Vec'3 = - { t_Vec__buf'3: t_RawVec'3; t_Vec__len'3: usize } + { t_Vec__buf'3: t_RawVec'3; t_Vec__len'3: UInt64.t } use seq.Seq type t_Name'0 type t_Item'0 = - { t_Item__name'0: t_Name'0; t_Item__weight'0: usize; t_Item__value'0: usize } + { t_Item__name'0: t_Name'0; t_Item__weight'0: UInt64.t; t_Item__value'0: UInt64.t } use seq.Seq function view'3 (self : t_Vec'3) : Seq.seq (t_Item'0) - axiom view'3_spec : forall self : t_Vec'3 . [%#svec33] Seq.length (view'3 self) <= UIntSize.to_int (v_MAX'0 : usize) + axiom view'3_spec : forall self : t_Vec'3 . [%#svec33] Seq.length (view'3 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) use seq.Seq @@ -272,9 +274,9 @@ module M_knapsack__knapsack01_dyn [#"knapsack.rs" 49 0 49 91] function view'0 (self : t_Vec'3) : Seq.seq (t_Item'0) = [%#smodel31] view'3 self - let rec len'0 (self:t_Vec'3) (return' (ret:usize))= {[@expl:len 'self' type invariant] inv'1 self} + let rec len'0 (self:t_Vec'3) (return' (ret:UInt64.t))= {[@expl:len 'self' type invariant] inv'1 self} any - [ return' (result:usize)-> {[%#svec30] UIntSize.to_int result = Seq.length (view'0 self)} (! return' {result}) ] + [ return' (result:UInt64.t)-> {[%#svec30] UInt64.to_uint result = Seq.length (view'0 self)} (! return' {result}) ] type t_NonNull'1 = @@ -287,7 +289,7 @@ module M_knapsack__knapsack01_dyn [#"knapsack.rs" 49 0 49 91] { t_RawVec__ptr'1: t_Unique'1; t_RawVec__cap'1: t_Cap'0; t_RawVec__alloc'1: () } type t_Vec'1 = - { t_Vec__buf'1: t_RawVec'1; t_Vec__len'1: usize } + { t_Vec__buf'1: t_RawVec'1; t_Vec__len'1: UInt64.t } predicate inv'4 (_1 : t_Vec'1) @@ -299,18 +301,18 @@ module M_knapsack__knapsack01_dyn [#"knapsack.rs" 49 0 49 91] function view'2 (self : t_Vec'1) : Seq.seq (t_Vec'0) - axiom view'2_spec : forall self : t_Vec'1 . [%#svec33] Seq.length (view'2 self) <= UIntSize.to_int (v_MAX'0 : usize) + axiom view'2_spec : forall self : t_Vec'1 . [%#svec33] Seq.length (view'2 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) use seq.Seq function index_logic'0 [@inline:trivial] (self : t_Vec'1) (ix : int) : t_Vec'0 = [%#sops32] Seq.get (view'2 self) ix - let rec from_elem'1 (elem:t_Vec'0) (n:usize) (return' (ret:t_Vec'1))= {[@expl:from_elem 'elem' type invariant] inv'3 elem} + let rec from_elem'1 (elem:t_Vec'0) (n:UInt64.t) (return' (ret:t_Vec'1))= {[@expl:from_elem 'elem' type invariant] inv'3 elem} any [ return' (result:t_Vec'1)-> {inv'4 result} - {[%#svec28] Seq.length (view'2 result) = UIntSize.to_int n} - {[%#svec29] forall i : int . 0 <= i /\ i < UIntSize.to_int n -> index_logic'0 result i = elem} + {[%#svec28] Seq.length (view'2 result) = UInt64.to_uint n} + {[%#svec29] forall i : int . 0 <= i /\ i < UInt64.to_uint n -> index_logic'0 result i = elem} (! return' {result}) ] @@ -327,19 +329,19 @@ module M_knapsack__knapsack01_dyn [#"knapsack.rs" 49 0 49 91] = ([%#sknapsack38] if i = 0 then 0 else - if UIntSize.to_int (Seq.get items (i - 1)).t_Item__weight'0 > w then + if UInt64.to_uint (Seq.get items (i - 1)).t_Item__weight'0 > w then m'0 items (i - 1) w else - MinMax.max (m'0 items (i - 1) w) (m'0 items (i - 1) (w - UIntSize.to_int (Seq.get items (i - 1)).t_Item__weight'0) - + UIntSize.to_int (Seq.get items (i - 1)).t_Item__value'0) + MinMax.max (m'0 items (i - 1) w) (m'0 items (i - 1) (w - UInt64.to_uint (Seq.get items (i - 1)).t_Item__weight'0) + + UInt64.to_uint (Seq.get items (i - 1)).t_Item__value'0) ) axiom m'0_spec : forall items : Seq.seq (t_Item'0), i : int, w : int . ([%#sknapsack34] 0 <= i /\ i <= Seq.length items) -> ([%#sknapsack35] 0 <= w) -> ([%#sknapsack36] m'0 items i w >= 0) - predicate in_bounds'0 [@inline:trivial] (self : usize) (seq : Seq.seq (t_Item'0)) = - [%#sslice50] UIntSize.to_int self < Seq.length seq + predicate in_bounds'0 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq (t_Item'0)) = + [%#sslice50] UInt64.to_uint self < Seq.length seq predicate invariant'2 (self : t_Item'0) = [%#sinvariant56] inv'15 self @@ -348,10 +350,10 @@ module M_knapsack__knapsack01_dyn [#"knapsack.rs" 49 0 49 91] axiom inv_axiom'5 [@rewrite] : forall x : t_Item'0 [inv'5 x] . inv'5 x = invariant'2 x - predicate has_value'0 [@inline:trivial] (self : usize) (seq : Seq.seq (t_Item'0)) (out : t_Item'0) = - [%#sslice51] Seq.get seq (UIntSize.to_int self) = out + predicate has_value'0 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq (t_Item'0)) (out : t_Item'0) = + [%#sslice51] Seq.get seq (UInt64.to_uint self) = out - let rec index'0 (self:t_Vec'3) (index:usize) (return' (ret:t_Item'0))= {[@expl:index 'self' type invariant] inv'1 self} + let rec index'0 (self:t_Vec'3) (index:UInt64.t) (return' (ret:t_Item'0))= {[@expl:index 'self' type invariant] inv'1 self} {[@expl:index 'index' type invariant] inv'2 index} {[@expl:index requires] [%#svec39] in_bounds'0 index (view'0 self)} any @@ -367,17 +369,17 @@ module M_knapsack__knapsack01_dyn [#"knapsack.rs" 49 0 49 91] function view'4 (self : t_Vec'1) : Seq.seq (t_Vec'0) = [%#smodel31] view'2 self - predicate in_bounds'1 [@inline:trivial] (self : usize) (seq : Seq.seq (t_Vec'0)) = - [%#sslice50] UIntSize.to_int self < Seq.length seq + predicate in_bounds'1 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq (t_Vec'0)) = + [%#sslice50] UInt64.to_uint self < Seq.length seq predicate inv'7 (_1 : t_Vec'0) axiom inv_axiom'7 [@rewrite] : forall x : t_Vec'0 [inv'7 x] . inv'7 x = true - predicate has_value'1 [@inline:trivial] (self : usize) (seq : Seq.seq (t_Vec'0)) (out : t_Vec'0) = - [%#sslice51] Seq.get seq (UIntSize.to_int self) = out + predicate has_value'1 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq (t_Vec'0)) (out : t_Vec'0) = + [%#sslice51] Seq.get seq (UInt64.to_uint self) = out - let rec index'1 (self:t_Vec'1) (index:usize) (return' (ret:t_Vec'0))= {[@expl:index 'self' type invariant] inv'6 self} + let rec index'1 (self:t_Vec'1) (index:UInt64.t) (return' (ret:t_Vec'0))= {[@expl:index 'self' type invariant] inv'6 self} {[@expl:index 'index' type invariant] inv'2 index} {[@expl:index requires] [%#svec39] in_bounds'1 index (view'4 self)} any @@ -386,30 +388,32 @@ module M_knapsack__knapsack01_dyn [#"knapsack.rs" 49 0 49 91] (! return' {result}) ] - function view'5 (self : t_Vec'0) : Seq.seq usize = + function view'5 (self : t_Vec'0) : Seq.seq UInt64.t = [%#smodel31] view'1 self - predicate in_bounds'2 [@inline:trivial] (self : usize) (seq : Seq.seq usize) = - [%#sslice50] UIntSize.to_int self < Seq.length seq + predicate in_bounds'2 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq UInt64.t) = + [%#sslice50] UInt64.to_uint self < Seq.length seq - predicate inv'8 (_1 : usize) + predicate inv'8 (_1 : UInt64.t) - axiom inv_axiom'8 [@rewrite] : forall x : usize [inv'8 x] . inv'8 x = true + axiom inv_axiom'8 [@rewrite] : forall x : UInt64.t [inv'8 x] . inv'8 x = true - predicate has_value'2 [@inline:trivial] (self : usize) (seq : Seq.seq usize) (out : usize) = - [%#sslice51] Seq.get seq (UIntSize.to_int self) = out + predicate has_value'2 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq UInt64.t) (out : UInt64.t) = + [%#sslice51] Seq.get seq (UInt64.to_uint self) = out - let rec index'2 (self:t_Vec'0) (index:usize) (return' (ret:usize))= {[@expl:index 'self' type invariant] inv'7 self} + let rec index'2 (self:t_Vec'0) (index:UInt64.t) (return' (ret:UInt64.t))= {[@expl:index 'self' type invariant] inv'7 self} {[@expl:index 'index' type invariant] inv'2 index} {[@expl:index requires] [%#svec39] in_bounds'2 index (view'5 self)} any - [ return' (result:usize)-> {inv'8 result} {[%#svec40] has_value'2 index (view'5 self) result} (! return' {result}) ] + [ return' (result:UInt64.t)-> {inv'8 result} + {[%#svec40] has_value'2 index (view'5 self) result} + (! return' {result}) ] - let rec max'0 (a:usize) (b:usize) (return' (ret:usize))= {[@expl:max requires] [%#sknapsack41] true} + let rec max'0 (a:UInt64.t) (b:UInt64.t) (return' (ret:UInt64.t))= {[@expl:max requires] [%#sknapsack41] true} any - [ return' (result:usize)-> {[%#sknapsack42] UIntSize.to_int result - = MinMax.max (UIntSize.to_int a) (UIntSize.to_int b)} + [ return' (result:UInt64.t)-> {[%#sknapsack42] UInt64.to_uint result + = MinMax.max (UInt64.to_uint a) (UInt64.to_uint b)} (! return' {result}) ] @@ -424,11 +428,12 @@ module M_knapsack__knapsack01_dyn [#"knapsack.rs" 49 0 49 91] axiom inv_axiom'10 [@rewrite] : forall x : borrowed (t_Vec'0) [inv'10 x] . inv'10 x = true - predicate resolve_elswhere'0 [@inline:trivial] (self : usize) (old' : Seq.seq (t_Vec'0)) (fin : Seq.seq (t_Vec'0)) = - [%#sslice53] forall i : int . 0 <= i /\ i <> UIntSize.to_int self /\ i < Seq.length old' + predicate resolve_elswhere'0 [@inline:trivial] (self : UInt64.t) (old' : Seq.seq (t_Vec'0)) (fin : Seq.seq (t_Vec'0)) + = + [%#sslice53] forall i : int . 0 <= i /\ i <> UInt64.to_uint self /\ i < Seq.length old' -> Seq.get old' i = Seq.get fin i - let rec index_mut'0 (self:borrowed (t_Vec'1)) (index:usize) (return' (ret:borrowed (t_Vec'0)))= {[@expl:index_mut 'self' type invariant] inv'9 self} + let rec index_mut'0 (self:borrowed (t_Vec'1)) (index:UInt64.t) (return' (ret:borrowed (t_Vec'0)))= {[@expl:index_mut 'self' type invariant] inv'9 self} {[@expl:index_mut 'index' type invariant] inv'2 index} {[@expl:index_mut requires] [%#svec43] in_bounds'1 index (view'6 self)} any @@ -440,22 +445,22 @@ module M_knapsack__knapsack01_dyn [#"knapsack.rs" 49 0 49 91] (! return' {result}) ] - function view'7 (self : borrowed (t_Vec'0)) : Seq.seq usize = + function view'7 (self : borrowed (t_Vec'0)) : Seq.seq UInt64.t = [%#smodel52] view'1 self.current - predicate inv'11 (_1 : borrowed usize) + predicate inv'11 (_1 : borrowed UInt64.t) - axiom inv_axiom'11 [@rewrite] : forall x : borrowed usize [inv'11 x] . inv'11 x = true + axiom inv_axiom'11 [@rewrite] : forall x : borrowed UInt64.t [inv'11 x] . inv'11 x = true - predicate resolve_elswhere'1 [@inline:trivial] (self : usize) (old' : Seq.seq usize) (fin : Seq.seq usize) = - [%#sslice53] forall i : int . 0 <= i /\ i <> UIntSize.to_int self /\ i < Seq.length old' + predicate resolve_elswhere'1 [@inline:trivial] (self : UInt64.t) (old' : Seq.seq UInt64.t) (fin : Seq.seq UInt64.t) = + [%#sslice53] forall i : int . 0 <= i /\ i <> UInt64.to_uint self /\ i < Seq.length old' -> Seq.get old' i = Seq.get fin i - let rec index_mut'1 (self:borrowed (t_Vec'0)) (index:usize) (return' (ret:borrowed usize))= {[@expl:index_mut 'self' type invariant] inv'10 self} + let rec index_mut'1 (self:borrowed (t_Vec'0)) (index:UInt64.t) (return' (ret:borrowed UInt64.t))= {[@expl:index_mut 'self' type invariant] inv'10 self} {[@expl:index_mut 'index' type invariant] inv'2 index} {[@expl:index_mut requires] [%#svec43] in_bounds'2 index (view'7 self)} any - [ return' (result:borrowed usize)-> {inv'11 result} + [ return' (result:borrowed UInt64.t)-> {inv'11 result} {[%#svec44] has_value'2 index (view'7 self) result.current} {[%#svec45] has_value'2 index (view'1 self.final) result.final} {[%#svec46] resolve_elswhere'1 index (view'7 self) (view'1 self.final)} @@ -463,10 +468,10 @@ module M_knapsack__knapsack01_dyn [#"knapsack.rs" 49 0 49 91] (! return' {result}) ] - predicate resolve'2 (self : borrowed usize) = + predicate resolve'2 (self : borrowed UInt64.t) = [%#sresolve54] self.final = self.current - predicate resolve'0 (_1 : borrowed usize) = + predicate resolve'0 (_1 : borrowed UInt64.t) = resolve'2 _1 predicate resolve'3 (self : borrowed (t_Vec'0)) = @@ -485,7 +490,7 @@ module M_knapsack__knapsack01_dyn [#"knapsack.rs" 49 0 49 91] { t_RawVec__ptr'2: t_Unique'2; t_RawVec__cap'2: t_Cap'0; t_RawVec__alloc'2: () } type t_Vec'2 = - { t_Vec__buf'2: t_RawVec'2; t_Vec__len'2: usize } + { t_Vec__buf'2: t_RawVec'2; t_Vec__len'2: UInt64.t } use seq.Seq @@ -493,7 +498,7 @@ module M_knapsack__knapsack01_dyn [#"knapsack.rs" 49 0 49 91] function view'8 (self : t_Vec'2) : Seq.seq (t_Item'0) - axiom view'8_spec : forall self : t_Vec'2 . [%#svec33] Seq.length (view'8 self) <= UIntSize.to_int (v_MAX'0 : usize) + axiom view'8_spec : forall self : t_Vec'2 . [%#svec33] Seq.length (view'8 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) use seq.Seq @@ -518,7 +523,7 @@ module M_knapsack__knapsack01_dyn [#"knapsack.rs" 49 0 49 91] axiom inv_axiom'0 [@rewrite] : forall x : t_Vec'2 [inv'0 x] . inv'0 x = invariant'0 x - let rec with_capacity'0 (capacity:usize) (return' (ret:t_Vec'2))= any + let rec with_capacity'0 (capacity:UInt64.t) (return' (ret:t_Vec'2))= any [ return' (result:t_Vec'2)-> {inv'0 result} {[%#svec48] Seq.length (view'8 result) = 0} (! return' {result}) ] @@ -545,24 +550,24 @@ module M_knapsack__knapsack01_dyn [#"knapsack.rs" 49 0 49 91] meta "compute_max_steps" 1000000 - let rec knapsack01_dyn'0 (items:t_Vec'3) (max_weight:usize) (return' (ret:t_Vec'2))= {[@expl:knapsack01_dyn 'items' type invariant] [%#sknapsack23] inv'1 items} + let rec knapsack01_dyn'0 (items:t_Vec'3) (max_weight:UInt64.t) (return' (ret:t_Vec'2))= {[@expl:knapsack01_dyn 'items' type invariant] [%#sknapsack23] inv'1 items} {[@expl:knapsack01_dyn requires #0] [%#sknapsack24] Seq.length (view'0 items) < 10000000} - {[@expl:knapsack01_dyn requires #1] [%#sknapsack25] UIntSize.to_int max_weight < 10000000} + {[@expl:knapsack01_dyn requires #1] [%#sknapsack25] UInt64.to_uint max_weight < 10000000} {[@expl:knapsack01_dyn requires #2] [%#sknapsack26] forall i : int . 0 <= i /\ i < Seq.length (view'0 items) - -> UIntSize.to_int (index_logic'1 items i).t_Item__value'0 <= 10000000} + -> UInt64.to_uint (index_logic'1 items i).t_Item__value'0 <= 10000000} (! bb0 [ bb0 = s0 - [ s0 = UIntSize.add {max_weight} {[%#sknapsack0] (1 : usize)} (fun (_ret':usize) -> [ &_8 <- _ret' ] s1) - | s1 = from_elem'0 {[%#sknapsack1] (0 : usize)} {_8} (fun (_ret':t_Vec'0) -> [ &_7 <- _ret' ] s2) + [ s0 = UInt64.add {max_weight} {[%#sknapsack0] (1 : UInt64.t)} (fun (_ret':UInt64.t) -> [ &_8 <- _ret' ] s1) + | s1 = from_elem'0 {[%#sknapsack1] (0 : UInt64.t)} {_8} (fun (_ret':t_Vec'0) -> [ &_7 <- _ret' ] s2) | s2 = bb1 ] - | bb1 = s0 [ s0 = len'0 {items} (fun (_ret':usize) -> [ &_11 <- _ret' ] s1) | s1 = bb2 ] + | bb1 = s0 [ s0 = len'0 {items} (fun (_ret':UInt64.t) -> [ &_11 <- _ret' ] s1) | s1 = bb2 ] | bb2 = s0 - [ s0 = UIntSize.add {_11} {[%#sknapsack2] (1 : usize)} (fun (_ret':usize) -> [ &_10 <- _ret' ] s1) + [ s0 = UInt64.add {_11} {[%#sknapsack2] (1 : UInt64.t)} (fun (_ret':UInt64.t) -> [ &_10 <- _ret' ] s1) | s1 = from_elem'1 {_7} {_10} (fun (_ret':t_Vec'1) -> [ &best_value <- _ret' ] s2) | s2 = bb3 ] - | bb3 = s0 [ s0 = [ &i <- [%#sknapsack3] (0 : usize) ] s1 | s1 = bb4 ] + | bb3 = s0 [ s0 = [ &i <- [%#sknapsack3] (0 : UInt64.t) ] s1 | s1 = bb4 ] | bb4 = bb5 | bb5 = bb6 | bb6 = bb7 @@ -570,21 +575,21 @@ module M_knapsack__knapsack01_dyn [#"knapsack.rs" 49 0 49 91] | bb8 = bb8 [ bb8 = {[@expl:loop invariant #0] [%#sknapsack7] Seq.length (view'0 items) + 1 = Seq.length (view'2 best_value)} {[@expl:loop invariant #1] [%#sknapsack6] forall i : int . 0 <= i /\ i < Seq.length (view'2 best_value) - -> UIntSize.to_int max_weight + 1 = Seq.length (view'1 (index_logic'0 best_value i))} + -> UInt64.to_uint max_weight + 1 = Seq.length (view'1 (index_logic'0 best_value i))} {[@expl:loop invariant #2] [%#sknapsack5] forall ii : int, ww : int . 0 <= ii - /\ ii <= UIntSize.to_int i /\ 0 <= ww /\ ww <= UIntSize.to_int max_weight - -> UIntSize.to_int (Seq.get (view'1 (index_logic'0 best_value ii)) ww) = m'0 (view'0 items) ii ww} + /\ ii <= UInt64.to_uint i /\ 0 <= ww /\ ww <= UInt64.to_uint max_weight + -> UInt64.to_uint (Seq.get (view'1 (index_logic'0 best_value ii)) ww) = m'0 (view'0 items) ii ww} {[@expl:loop invariant #3] [%#sknapsack4] forall ii : int, ww : int . 0 <= ii - /\ ii <= Seq.length (view'0 items) /\ 0 <= ww /\ ww <= UIntSize.to_int max_weight - -> UIntSize.to_int (Seq.get (view'1 (index_logic'0 best_value ii)) ww) <= 10000000 * ii} + /\ ii <= Seq.length (view'0 items) /\ 0 <= ww /\ ww <= UInt64.to_uint max_weight + -> UInt64.to_uint (Seq.get (view'1 (index_logic'0 best_value ii)) ww) <= 10000000 * ii} (! s0) [ s0 = bb9 ] - [ bb9 = s0 [ s0 = len'0 {items} (fun (_ret':usize) -> [ &_22 <- _ret' ] s1) | s1 = bb10 ] + [ bb9 = s0 [ s0 = len'0 {items} (fun (_ret':UInt64.t) -> [ &_22 <- _ret' ] s1) | s1 = bb10 ] | bb10 = s0 - [ s0 = UIntSize.lt {i} {_22} (fun (_ret':bool) -> [ &_20 <- _ret' ] s1) + [ s0 = UInt64.lt {i} {_22} (fun (_ret':bool) -> [ &_20 <- _ret' ] s1) | s1 = any [ br0 -> {_20 = false} (! bb34) | br1 -> {_20} (! bb11) ] ] | bb11 = s0 [ s0 = index'0 {items} {i} (fun (_ret':t_Item'0) -> [ &_25 <- _ret' ] s1) | s1 = bb12 ] - | bb12 = s0 [ s0 = [ &it <- _25 ] s1 | s1 = [ &w <- [%#sknapsack8] (0 : usize) ] s2 | s2 = bb13 ] + | bb12 = s0 [ s0 = [ &it <- _25 ] s1 | s1 = [ &w <- [%#sknapsack8] (0 : UInt64.t) ] s2 | s2 = bb13 ] | bb13 = bb14 | bb14 = bb15 | bb15 = bb16 @@ -594,46 +599,46 @@ module M_knapsack__knapsack01_dyn [#"knapsack.rs" 49 0 49 91] [ bb18 = {[@expl:loop invariant #0] [%#sknapsack13] Seq.length (view'0 items) + 1 = Seq.length (view'2 best_value)} {[@expl:loop invariant #1] [%#sknapsack12] forall i : int . 0 <= i /\ i < Seq.length (view'2 best_value) - -> UIntSize.to_int max_weight + 1 = Seq.length (view'1 (index_logic'0 best_value i))} + -> UInt64.to_uint max_weight + 1 = Seq.length (view'1 (index_logic'0 best_value i))} {[@expl:loop invariant #2] [%#sknapsack11] forall ii : int, ww : int . 0 <= ii - /\ ii <= UIntSize.to_int i /\ 0 <= ww /\ ww <= UIntSize.to_int max_weight - -> UIntSize.to_int (Seq.get (view'1 (index_logic'0 best_value ii)) ww) = m'0 (view'0 items) ii ww} - {[@expl:loop invariant #3] [%#sknapsack10] forall ww : int . 0 <= ww /\ ww <= UIntSize.to_int w - 1 - -> UIntSize.to_int (Seq.get (view'1 (index_logic'0 best_value (UIntSize.to_int i + 1))) ww) - = m'0 (view'0 items) (UIntSize.to_int i + 1) ww} + /\ ii <= UInt64.to_uint i /\ 0 <= ww /\ ww <= UInt64.to_uint max_weight + -> UInt64.to_uint (Seq.get (view'1 (index_logic'0 best_value ii)) ww) = m'0 (view'0 items) ii ww} + {[@expl:loop invariant #3] [%#sknapsack10] forall ww : int . 0 <= ww /\ ww <= UInt64.to_uint w - 1 + -> UInt64.to_uint (Seq.get (view'1 (index_logic'0 best_value (UInt64.to_uint i + 1))) ww) + = m'0 (view'0 items) (UInt64.to_uint i + 1) ww} {[@expl:loop invariant #4] [%#sknapsack9] forall ii : int, ww : int . 0 <= ii - /\ ii <= Seq.length (view'0 items) /\ 0 <= ww /\ ww <= UIntSize.to_int max_weight - -> UIntSize.to_int (Seq.get (view'1 (index_logic'0 best_value ii)) ww) <= 10000000 * ii} + /\ ii <= Seq.length (view'0 items) /\ 0 <= ww /\ ww <= UInt64.to_uint max_weight + -> UInt64.to_uint (Seq.get (view'1 (index_logic'0 best_value ii)) ww) <= 10000000 * ii} (! s0) [ s0 = bb19 ] [ bb19 = s0 - [ s0 = UIntSize.le {w} {max_weight} (fun (_ret':bool) -> [ &_35 <- _ret' ] s1) + [ s0 = UInt64.le {w} {max_weight} (fun (_ret':bool) -> [ &_35 <- _ret' ] s1) | s1 = any [ br0 -> {_35 = false} (! bb33) | br1 -> {_35} (! bb20) ] ] | bb20 = s0 - [ s0 = UIntSize.gt {it.t_Item__weight'0} {w} (fun (_ret':bool) -> [ &_39 <- _ret' ] s1) + [ s0 = UInt64.gt {it.t_Item__weight'0} {w} (fun (_ret':bool) -> [ &_39 <- _ret' ] s1) | s1 = any [ br0 -> {_39 = false} (! bb24) | br1 -> {_39} (! bb21) ] ] | bb21 = s0 [ s0 = index'1 {best_value} {i} (fun (_ret':t_Vec'0) -> [ &_44 <- _ret' ] s1) | s1 = bb22 ] - | bb22 = s0 [ s0 = index'2 {_44} {w} (fun (_ret':usize) -> [ &_42 <- _ret' ] s1) | s1 = bb23 ] + | bb22 = s0 [ s0 = index'2 {_44} {w} (fun (_ret':UInt64.t) -> [ &_42 <- _ret' ] s1) | s1 = bb23 ] | bb23 = s0 [ s0 = [ &_38 <- _42 ] s1 | s1 = bb30 ] | bb24 = s0 [ s0 = index'1 {best_value} {i} (fun (_ret':t_Vec'0) -> [ &_51 <- _ret' ] s1) | s1 = bb25 ] - | bb25 = s0 [ s0 = index'2 {_51} {w} (fun (_ret':usize) -> [ &_49 <- _ret' ] s1) | s1 = bb26 ] + | bb25 = s0 [ s0 = index'2 {_51} {w} (fun (_ret':UInt64.t) -> [ &_49 <- _ret' ] s1) | s1 = bb26 ] | bb26 = s0 [ s0 = index'1 {best_value} {i} (fun (_ret':t_Vec'0) -> [ &_59 <- _ret' ] s1) | s1 = bb27 ] | bb27 = s0 - [ s0 = UIntSize.sub {w} {it.t_Item__weight'0} (fun (_ret':usize) -> [ &_62 <- _ret' ] s1) - | s1 = index'2 {_59} {_62} (fun (_ret':usize) -> [ &_57 <- _ret' ] s2) + [ s0 = UInt64.sub {w} {it.t_Item__weight'0} (fun (_ret':UInt64.t) -> [ &_62 <- _ret' ] s1) + | s1 = index'2 {_59} {_62} (fun (_ret':UInt64.t) -> [ &_57 <- _ret' ] s2) | s2 = bb28 ] | bb28 = s0 - [ s0 = UIntSize.add {_57} {it.t_Item__value'0} (fun (_ret':usize) -> [ &_55 <- _ret' ] s1) - | s1 = max'0 {_49} {_55} (fun (_ret':usize) -> [ &_38 <- _ret' ] s2) + [ s0 = UInt64.add {_57} {it.t_Item__value'0} (fun (_ret':UInt64.t) -> [ &_55 <- _ret' ] s1) + | s1 = max'0 {_49} {_55} (fun (_ret':UInt64.t) -> [ &_38 <- _ret' ] s2) | s2 = bb29 ] | bb29 = bb30 | bb30 = s0 [ s0 = Borrow.borrow_mut {best_value} (fun (_ret':borrowed (t_Vec'1)) -> [ &_69 <- _ret' ] [ &best_value <- _ret'.final ] s1) - | s1 = UIntSize.add {i} {[%#sknapsack14] (1 : usize)} (fun (_ret':usize) -> [ &_70 <- _ret' ] s2) + | s1 = UInt64.add {i} {[%#sknapsack14] (1 : UInt64.t)} (fun (_ret':UInt64.t) -> [ &_70 <- _ret' ] s2) | s2 = index_mut'0 {_69} {_70} (fun (_ret':borrowed (t_Vec'0)) -> [ &_68 <- _ret' ] s3) | s3 = bb31 ] @@ -643,57 +648,58 @@ module M_knapsack__knapsack01_dyn [#"knapsack.rs" 49 0 49 91] [ &_67 <- _ret' ] [ &_68 <- { _68 with current = _ret'.final } ] s1) - | s1 = index_mut'1 {_67} {w} (fun (_ret':borrowed usize) -> [ &_66 <- _ret' ] s2) + | s1 = index_mut'1 {_67} {w} (fun (_ret':borrowed UInt64.t) -> [ &_66 <- _ret' ] s2) | s2 = bb32 ] | bb32 = s0 [ s0 = [ &_66 <- { _66 with current = _38 } ] s1 | s1 = -{resolve'0 _66}- s2 | s2 = -{resolve'1 _68}- s3 - | s3 = UIntSize.add {w} {[%#sknapsack15] (1 : usize)} (fun (_ret':usize) -> [ &w <- _ret' ] s4) + | s3 = UInt64.add {w} {[%#sknapsack15] (1 : UInt64.t)} (fun (_ret':UInt64.t) -> [ &w <- _ret' ] s4) | s4 = bb18 ] ] ] | bb33 = s0 - [ s0 = UIntSize.add {i} {[%#sknapsack16] (1 : usize)} (fun (_ret':usize) -> [ &i <- _ret' ] s1) | s1 = bb8 ] + [ s0 = UInt64.add {i} {[%#sknapsack16] (1 : UInt64.t)} (fun (_ret':UInt64.t) -> [ &i <- _ret' ] s1) + | s1 = bb8 ] ] ] - | bb34 = s0 [ s0 = len'0 {items} (fun (_ret':usize) -> [ &_80 <- _ret' ] s1) | s1 = bb35 ] + | bb34 = s0 [ s0 = len'0 {items} (fun (_ret':UInt64.t) -> [ &_80 <- _ret' ] s1) | s1 = bb35 ] | bb35 = s0 [ s0 = with_capacity'0 {_80} (fun (_ret':t_Vec'2) -> [ &result <- _ret' ] s1) | s1 = bb36 ] | bb36 = s0 [ s0 = [ &left_weight <- max_weight ] s1 - | s1 = len'0 {items} (fun (_ret':usize) -> [ &j <- _ret' ] s2) + | s1 = len'0 {items} (fun (_ret':UInt64.t) -> [ &j <- _ret' ] s2) | s2 = bb37 ] | bb37 = bb38 | bb38 = bb39 | bb39 = bb39 [ bb39 = {[@expl:loop invariant #0] [%#sknapsack19] inv'0 result} - {[@expl:loop invariant #1] [%#sknapsack18] UIntSize.to_int j <= Seq.length (view'0 items)} - {[@expl:loop invariant #2] [%#sknapsack17] UIntSize.to_int left_weight <= UIntSize.to_int max_weight} + {[@expl:loop invariant #1] [%#sknapsack18] UInt64.to_uint j <= Seq.length (view'0 items)} + {[@expl:loop invariant #2] [%#sknapsack17] UInt64.to_uint left_weight <= UInt64.to_uint max_weight} (! s0) [ s0 = bb40 ] [ bb40 = s0 - [ s0 = UIntSize.lt {[%#sknapsack20] (0 : usize)} {j} (fun (_ret':bool) -> [ &_89 <- _ret' ] s1) + [ s0 = UInt64.lt {[%#sknapsack20] (0 : UInt64.t)} {j} (fun (_ret':bool) -> [ &_89 <- _ret' ] s1) | s1 = any [ br0 -> {_89 = false} (! bb51) | br1 -> {_89} (! bb41) ] ] | bb41 = s0 - [ s0 = UIntSize.sub {j} {[%#sknapsack21] (1 : usize)} (fun (_ret':usize) -> [ &j <- _ret' ] s1) + [ s0 = UInt64.sub {j} {[%#sknapsack21] (1 : UInt64.t)} (fun (_ret':UInt64.t) -> [ &j <- _ret' ] s1) | s1 = index'0 {items} {j} (fun (_ret':t_Item'0) -> [ &_92 <- _ret' ] s2) | s2 = bb42 ] | bb42 = s0 [ s0 = [ &it1 <- _92 ] s1 - | s1 = UIntSize.add {j} {[%#sknapsack22] (1 : usize)} (fun (_ret':usize) -> [ &_101 <- _ret' ] s2) + | s1 = UInt64.add {j} {[%#sknapsack22] (1 : UInt64.t)} (fun (_ret':UInt64.t) -> [ &_101 <- _ret' ] s2) | s2 = index'1 {best_value} {_101} (fun (_ret':t_Vec'0) -> [ &_99 <- _ret' ] s3) | s3 = bb43 ] - | bb43 = s0 [ s0 = index'2 {_99} {left_weight} (fun (_ret':usize) -> [ &_97 <- _ret' ] s1) | s1 = bb44 ] + | bb43 = s0 [ s0 = index'2 {_99} {left_weight} (fun (_ret':UInt64.t) -> [ &_97 <- _ret' ] s1) | s1 = bb44 ] | bb44 = s0 [ s0 = index'1 {best_value} {j} (fun (_ret':t_Vec'0) -> [ &_107 <- _ret' ] s1) | s1 = bb45 ] - | bb45 = s0 [ s0 = index'2 {_107} {left_weight} (fun (_ret':usize) -> [ &_105 <- _ret' ] s1) | s1 = bb46 ] + | bb45 = s0 [ s0 = index'2 {_107} {left_weight} (fun (_ret':UInt64.t) -> [ &_105 <- _ret' ] s1) | s1 = bb46 ] | bb46 = s0 - [ s0 = UIntSize.ne {_97} {_105} (fun (_ret':bool) -> [ &_95 <- _ret' ] s1) + [ s0 = UInt64.ne {_97} {_105} (fun (_ret':bool) -> [ &_95 <- _ret' ] s1) | s1 = any [ br0 -> {_95 = false} (! bb49) | br1 -> {_95} (! bb47) ] ] | bb47 = s0 @@ -708,7 +714,7 @@ module M_knapsack__knapsack01_dyn [#"knapsack.rs" 49 0 49 91] | s2 = bb48 ] | bb48 = s0 - [ s0 = UIntSize.sub {left_weight} {it1.t_Item__weight'0} (fun (_ret':usize) -> [ &left_weight <- _ret' ] s1) + [ s0 = UInt64.sub {left_weight} {it1.t_Item__weight'0} (fun (_ret':UInt64.t) -> [ &left_weight <- _ret' ] s1) | s1 = bb50 ] | bb49 = bb50 @@ -721,46 +727,46 @@ module M_knapsack__knapsack01_dyn [#"knapsack.rs" 49 0 49 91] ) [ & _0 : t_Vec'2 = any_l () | & items : t_Vec'3 = items - | & max_weight : usize = max_weight + | & max_weight : UInt64.t = max_weight | & best_value : t_Vec'1 = any_l () | & _7 : t_Vec'0 = any_l () - | & _8 : usize = any_l () - | & _10 : usize = any_l () - | & _11 : usize = any_l () - | & i : usize = any_l () + | & _8 : UInt64.t = any_l () + | & _10 : UInt64.t = any_l () + | & _11 : UInt64.t = any_l () + | & i : UInt64.t = any_l () | & _20 : bool = any_l () - | & _22 : usize = any_l () + | & _22 : UInt64.t = any_l () | & it : t_Item'0 = any_l () | & _25 : t_Item'0 = any_l () - | & w : usize = any_l () + | & w : UInt64.t = any_l () | & _35 : bool = any_l () - | & _38 : usize = any_l () + | & _38 : UInt64.t = any_l () | & _39 : bool = any_l () - | & _42 : usize = any_l () + | & _42 : UInt64.t = any_l () | & _44 : t_Vec'0 = any_l () - | & _49 : usize = any_l () + | & _49 : UInt64.t = any_l () | & _51 : t_Vec'0 = any_l () - | & _55 : usize = any_l () - | & _57 : usize = any_l () + | & _55 : UInt64.t = any_l () + | & _57 : UInt64.t = any_l () | & _59 : t_Vec'0 = any_l () - | & _62 : usize = any_l () - | & _66 : borrowed usize = any_l () + | & _62 : UInt64.t = any_l () + | & _66 : borrowed UInt64.t = any_l () | & _67 : borrowed (t_Vec'0) = any_l () | & _68 : borrowed (t_Vec'0) = any_l () | & _69 : borrowed (t_Vec'1) = any_l () - | & _70 : usize = any_l () + | & _70 : UInt64.t = any_l () | & result : t_Vec'2 = any_l () - | & _80 : usize = any_l () - | & left_weight : usize = any_l () - | & j : usize = any_l () + | & _80 : UInt64.t = any_l () + | & left_weight : UInt64.t = any_l () + | & j : UInt64.t = any_l () | & _89 : bool = any_l () | & it1 : t_Item'0 = any_l () | & _92 : t_Item'0 = any_l () | & _95 : bool = any_l () - | & _97 : usize = any_l () + | & _97 : UInt64.t = any_l () | & _99 : t_Vec'0 = any_l () - | & _101 : usize = any_l () - | & _105 : usize = any_l () + | & _101 : UInt64.t = any_l () + | & _105 : UInt64.t = any_l () | & _107 : t_Vec'0 = any_l () | & _111 : () = any_l () | & _112 : borrowed (t_Vec'2) = any_l () ] diff --git a/creusot/tests/should_succeed/knapsack_full.coma b/creusot/tests/should_succeed/knapsack_full.coma index c842bcda00..d5772988aa 100644 --- a/creusot/tests/should_succeed/knapsack_full.coma +++ b/creusot/tests/should_succeed/knapsack_full.coma @@ -1,27 +1,29 @@ module M_knapsack_full__max [#"knapsack_full.rs" 16 0 16 35] let%span sknapsack_full0 = "knapsack_full.rs" 15 10 15 31 - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 + + use prelude.prelude.Int use prelude.prelude.Intrinsic - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 use int.MinMax meta "compute_max_steps" 1000000 - let rec max'0 (a:usize) (b:usize) (return' (ret:usize))= (! bb0 + let rec max'0 (a:UInt64.t) (b:UInt64.t) (return' (ret:UInt64.t))= (! bb0 [ bb0 = s0 - [ s0 = UIntSize.lt {a} {b} (fun (_ret':bool) -> [ &_4 <- _ret' ] s1) + [ s0 = UInt64.lt {a} {b} (fun (_ret':bool) -> [ &_4 <- _ret' ] s1) | s1 = any [ br0 -> {_4 = false} (! bb2) | br1 -> {_4} (! bb1) ] ] | bb1 = s0 [ s0 = [ &_0 <- b ] s1 | s1 = bb3 ] | bb2 = s0 [ s0 = [ &_0 <- a ] s1 | s1 = bb3 ] | bb3 = return' {_0} ] - ) [ & _0 : usize = any_l () | & a : usize = a | & b : usize = b | & _4 : bool = any_l () ] - [ return' (result:usize)-> {[@expl:max ensures] [%#sknapsack_full0] UIntSize.to_int result - = MinMax.max (UIntSize.to_int a) (UIntSize.to_int b)} + ) [ & _0 : UInt64.t = any_l () | & a : UInt64.t = a | & b : UInt64.t = b | & _4 : bool = any_l () ] + [ return' (result:UInt64.t)-> {[@expl:max ensures] [%#sknapsack_full0] UInt64.to_uint result + = MinMax.max (UInt64.to_uint a) (UInt64.to_uint b)} (! return' {result}) ] end @@ -39,16 +41,16 @@ module M_knapsack_full__sum_weights [#"knapsack_full.rs" 28 0 28 56] type t_Name'0 - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 type t_Item'0 = - { t_Item__name'0: t_Name'0; t_Item__weight'0: usize; t_Item__value'0: usize } + { t_Item__name'0: t_Name'0; t_Item__weight'0: UInt64.t; t_Item__value'0: UInt64.t } use seq.Seq use seq.Seq - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 constant s : Seq.seq (t_Item'0) @@ -64,7 +66,7 @@ module M_knapsack_full__sum_weights [#"knapsack_full.rs" 28 0 28 56] /\ 0 <= ([%#sknapsack_full2] Seq.length s - i) /\ ([%#sknapsack_full2] Seq.length s - (i + 1)) < ([%#sknapsack_full2] Seq.length s - i)) /\ (([%#sknapsack_full1] sum_weights'0 s (i + 1) >= 0) - -> ([%#sknapsack_full1] UIntSize.to_int (Seq.get s i).t_Item__weight'0 + sum_weights'0 s (i + 1) >= 0)) + -> ([%#sknapsack_full1] UInt64.to_uint (Seq.get s i).t_Item__weight'0 + sum_weights'0 s (i + 1) >= 0)) ) end module M_knapsack_full__sum_values [#"knapsack_full.rs" 38 0 38 55] @@ -80,16 +82,16 @@ module M_knapsack_full__sum_values [#"knapsack_full.rs" 38 0 38 55] type t_Name'0 - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 type t_Item'0 = - { t_Item__name'0: t_Name'0; t_Item__weight'0: usize; t_Item__value'0: usize } + { t_Item__name'0: t_Name'0; t_Item__weight'0: UInt64.t; t_Item__value'0: UInt64.t } use seq.Seq use seq.Seq - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 constant s : Seq.seq (t_Item'0) @@ -193,10 +195,10 @@ module M_knapsack_full__m [#"knapsack_full.rs" 67 0 67 57] type t_Name'0 - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 type t_Item'0 = - { t_Item__name'0: t_Name'0; t_Item__weight'0: usize; t_Item__value'0: usize } + { t_Item__name'0: t_Name'0; t_Item__weight'0: UInt64.t; t_Item__value'0: UInt64.t } use seq.Seq @@ -223,7 +225,7 @@ module M_knapsack_full__m [#"knapsack_full.rs" 67 0 67 57] \/ subseq_rev'0 s1 i1 s2 (i2 - 1) ) - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 function sum_weights'0 [#"knapsack_full.rs" 28 0 28 56] (s : Seq.seq (t_Item'0)) (i : int) : int @@ -232,7 +234,7 @@ module M_knapsack_full__m [#"knapsack_full.rs" 67 0 67 57] = ([%#sknapsack_full13] if i = Seq.length s then 0 else - UIntSize.to_int (Seq.get s i).t_Item__weight'0 + sum_weights'0 s (i + 1) + UInt64.to_uint (Seq.get s i).t_Item__weight'0 + sum_weights'0 s (i + 1) ) axiom sum_weights'0_spec : forall s : Seq.seq (t_Item'0), i : int . ([%#sknapsack_full10] 0 <= i /\ i <= Seq.length s) @@ -245,7 +247,7 @@ module M_knapsack_full__m [#"knapsack_full.rs" 67 0 67 57] = ([%#sknapsack_full16] if i = Seq.length s then 0 else - UIntSize.to_int (Seq.get s i).t_Item__value'0 + sum_values'0 s (i + 1) + UInt64.to_uint (Seq.get s i).t_Item__value'0 + sum_values'0 s (i + 1) ) use int.MinMax @@ -265,7 +267,7 @@ module M_knapsack_full__m [#"knapsack_full.rs" 67 0 67 57] && ([%#sknapsack_full3] forall s : Seq.seq (t_Item'0), j : int . 0 <= j /\ j <= Seq.length s /\ subseq_rev'0 s j items i /\ sum_weights'0 s j <= w -> sum_values'0 s j <= result) else - if UIntSize.to_int (Seq.get items (i - 1)).t_Item__weight'0 > w then + if UInt64.to_uint (Seq.get items (i - 1)).t_Item__weight'0 > w then ((([@expl:m requires #0] [%#sknapsack_full0] 0 <= i - 1 /\ i - 1 <= Seq.length items) && ([@expl:m requires #1] [%#sknapsack_full1] 0 <= w)) /\ 0 <= ([%#sknapsack_full4] i) /\ ([%#sknapsack_full4] i - 1) < ([%#sknapsack_full4] i)) @@ -285,17 +287,17 @@ module M_knapsack_full__m [#"knapsack_full.rs" 67 0 67 57] /\ j <= Seq.length s /\ subseq_rev'0 s j items (i - 1) /\ sum_weights'0 s j <= w -> sum_values'0 s j <= m'0 items (i - 1) w) -> ((([@expl:m requires #0] [%#sknapsack_full0] 0 <= i - 1 /\ i - 1 <= Seq.length items) - && ([@expl:m requires #1] [%#sknapsack_full1] 0 <= w - UIntSize.to_int (Seq.get items (i - 1)).t_Item__weight'0)) + && ([@expl:m requires #1] [%#sknapsack_full1] 0 <= w - UInt64.to_uint (Seq.get items (i - 1)).t_Item__weight'0)) /\ 0 <= ([%#sknapsack_full4] i) /\ ([%#sknapsack_full4] i - 1) < ([%#sknapsack_full4] i)) - /\ (([%#sknapsack_full2] m'0 items (i - 1) (w - UIntSize.to_int (Seq.get items (i - 1)).t_Item__weight'0) >= 0) + /\ (([%#sknapsack_full2] m'0 items (i - 1) (w - UInt64.to_uint (Seq.get items (i - 1)).t_Item__weight'0) >= 0) && ([%#sknapsack_full3] forall s : Seq.seq (t_Item'0), j : int . 0 <= j /\ j <= Seq.length s /\ subseq_rev'0 s j items (i - 1) - /\ sum_weights'0 s j <= w - UIntSize.to_int (Seq.get items (i - 1)).t_Item__weight'0 - -> sum_values'0 s j <= m'0 items (i - 1) (w - UIntSize.to_int (Seq.get items (i - 1)).t_Item__weight'0)) + /\ sum_weights'0 s j <= w - UInt64.to_uint (Seq.get items (i - 1)).t_Item__weight'0 + -> sum_values'0 s j <= m'0 items (i - 1) (w - UInt64.to_uint (Seq.get items (i - 1)).t_Item__weight'0)) -> (let result = MinMax.max (m'0 items (i - 1) w) (m'0 items (i - 1) (w - - UIntSize.to_int (Seq.get items (i - 1)).t_Item__weight'0) - + UIntSize.to_int (Seq.get items (i - 1)).t_Item__value'0) in ([%#sknapsack_full2] result >= 0) + - UInt64.to_uint (Seq.get items (i - 1)).t_Item__weight'0) + + UInt64.to_uint (Seq.get items (i - 1)).t_Item__value'0) in ([%#sknapsack_full2] result >= 0) && ([%#sknapsack_full3] forall s : Seq.seq (t_Item'0), j : int . 0 <= j /\ j <= Seq.length s /\ subseq_rev'0 s j items i /\ sum_weights'0 s j <= w -> sum_values'0 s j <= result)))) @@ -392,11 +394,11 @@ module M_knapsack_full__knapsack01_dyn [#"knapsack_full.rs" 86 0 86 91] let%span srange87 = "../../../creusot-contracts/src/std/iter/range.rs" 42 15 42 32 let%span srange88 = "../../../creusot-contracts/src/std/iter/range.rs" 43 15 43 32 let%span srange89 = "../../../creusot-contracts/src/std/iter/range.rs" 44 14 44 42 - let%span snum90 = "../../../creusot-contracts/src/std/num.rs" 21 28 21 33 + let%span snum90 = "../../../creusot-contracts/src/std/num.rs" 52 28 52 33 let%span srange91 = "../../../creusot-contracts/src/std/iter/range.rs" 15 12 15 78 let%span sresolve92 = "../../../creusot-contracts/src/resolve.rs" 54 20 54 34 - let%span sslice93 = "../../../creusot-contracts/src/std/slice.rs" 122 20 122 37 - let%span sslice94 = "../../../creusot-contracts/src/std/slice.rs" 129 20 129 37 + let%span sslice93 = "../../../creusot-contracts/src/std/slice.rs" 140 20 140 37 + let%span sslice94 = "../../../creusot-contracts/src/std/slice.rs" 147 20 147 37 let%span sops95 = "../../../creusot-contracts/src/std/ops.rs" 201 14 201 86 let%span srange96 = "../../../creusot-contracts/src/std/iter/range.rs" 81 14 81 45 let%span srange97 = "../../../creusot-contracts/src/std/iter/range.rs" 79 4 79 10 @@ -408,18 +410,20 @@ module M_knapsack_full__knapsack01_dyn [#"knapsack_full.rs" 86 0 86 91] let%span srange103 = "../../../creusot-contracts/src/std/iter/range.rs" 52 4 55 5 let%span srange104 = "../../../creusot-contracts/src/std/iter/range.rs" 63 12 63 57 let%span smodel105 = "../../../creusot-contracts/src/model.rs" 106 8 106 22 - let%span sslice106 = "../../../creusot-contracts/src/std/slice.rs" 136 20 136 94 + let%span sslice106 = "../../../creusot-contracts/src/std/slice.rs" 154 20 154 94 let%span svec107 = "../../../creusot-contracts/src/std/vec.rs" 65 20 65 41 let%span sinvariant108 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 let%span sinvariant109 = "../../../creusot-contracts/src/invariant.rs" 34 20 34 44 let%span sseq110 = "../../../creusot-contracts/src/logic/seq.rs" 451 20 451 95 let%span sboxed111 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 + + use prelude.prelude.Int - predicate inv'5 (_1 : usize) + predicate inv'5 (_1 : UInt64.t) - axiom inv_axiom'5 [@rewrite] : forall x : usize [inv'5 x] . inv'5 x = true + axiom inv_axiom'5 [@rewrite] : forall x : UInt64.t [inv'5 x] . inv'5 x = true use prelude.prelude.Opaque @@ -430,13 +434,13 @@ module M_knapsack_full__knapsack01_dyn [#"knapsack_full.rs" 86 0 86 91] { t_Unique__pointer'0: t_NonNull'0; t_Unique__qy95zmarker'0: () } type t_Cap'0 = - { t_Cap__0'0: usize } + { t_Cap__0'0: UInt64.t } type t_RawVec'0 = { t_RawVec__ptr'0: t_Unique'0; t_RawVec__cap'0: t_Cap'0; t_RawVec__alloc'0: () } type t_Vec'0 = - { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: usize } + { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: UInt64.t } predicate inv'6 (_1 : t_Vec'0) @@ -444,28 +448,26 @@ module M_knapsack_full__knapsack01_dyn [#"knapsack_full.rs" 86 0 86 91] use seq.Seq - constant v_MAX'0 : usize = (18446744073709551615 : usize) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.UIntSize - - use prelude.prelude.Int + use prelude.prelude.UInt64 use seq.Seq - function view'1 (self : t_Vec'0) : Seq.seq usize + function view'1 (self : t_Vec'0) : Seq.seq UInt64.t - axiom view'1_spec : forall self : t_Vec'0 . [%#svec46] Seq.length (view'1 self) <= UIntSize.to_int (v_MAX'0 : usize) + axiom view'1_spec : forall self : t_Vec'0 . [%#svec46] Seq.length (view'1 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) use seq.Seq - function index_logic'3 [@inline:trivial] (self : t_Vec'0) (ix : int) : usize = + function index_logic'3 [@inline:trivial] (self : t_Vec'0) (ix : int) : UInt64.t = [%#sops45] Seq.get (view'1 self) ix - let rec from_elem'0 (elem:usize) (n:usize) (return' (ret:t_Vec'0))= {[@expl:from_elem 'elem' type invariant] inv'5 elem} + let rec from_elem'0 (elem:UInt64.t) (n:UInt64.t) (return' (ret:t_Vec'0))= {[@expl:from_elem 'elem' type invariant] inv'5 elem} any [ return' (result:t_Vec'0)-> {inv'6 result} - {[%#svec40] Seq.length (view'1 result) = UIntSize.to_int n} - {[%#svec41] forall i : int . 0 <= i /\ i < UIntSize.to_int n -> index_logic'3 result i = elem} + {[%#svec40] Seq.length (view'1 result) = UInt64.to_uint n} + {[%#svec41] forall i : int . 0 <= i /\ i < UInt64.to_uint n -> index_logic'3 result i = elem} (! return' {result}) ] @@ -481,20 +483,20 @@ module M_knapsack_full__knapsack01_dyn [#"knapsack_full.rs" 86 0 86 91] { t_RawVec__ptr'3: t_Unique'3; t_RawVec__cap'3: t_Cap'0; t_RawVec__alloc'3: () } type t_Vec'3 = - { t_Vec__buf'3: t_RawVec'3; t_Vec__len'3: usize } + { t_Vec__buf'3: t_RawVec'3; t_Vec__len'3: UInt64.t } use seq.Seq type t_Name'0 type t_Item'0 = - { t_Item__name'0: t_Name'0; t_Item__weight'0: usize; t_Item__value'0: usize } + { t_Item__name'0: t_Name'0; t_Item__weight'0: UInt64.t; t_Item__value'0: UInt64.t } use seq.Seq function view'4 (self : t_Vec'3) : Seq.seq (t_Item'0) - axiom view'4_spec : forall self : t_Vec'3 . [%#svec46] Seq.length (view'4 self) <= UIntSize.to_int (v_MAX'0 : usize) + axiom view'4_spec : forall self : t_Vec'3 . [%#svec46] Seq.length (view'4 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) use seq.Seq @@ -538,9 +540,9 @@ module M_knapsack_full__knapsack01_dyn [#"knapsack_full.rs" 86 0 86 91] function view'0 (self : t_Vec'3) : Seq.seq (t_Item'0) = [%#smodel44] view'4 self - let rec len'0 (self:t_Vec'3) (return' (ret:usize))= {[@expl:len 'self' type invariant] inv'4 self} + let rec len'0 (self:t_Vec'3) (return' (ret:UInt64.t))= {[@expl:len 'self' type invariant] inv'4 self} any - [ return' (result:usize)-> {[%#svec42] UIntSize.to_int result = Seq.length (view'0 self)} (! return' {result}) ] + [ return' (result:UInt64.t)-> {[%#svec42] UInt64.to_uint result = Seq.length (view'0 self)} (! return' {result}) ] type t_NonNull'1 = @@ -553,7 +555,7 @@ module M_knapsack_full__knapsack01_dyn [#"knapsack_full.rs" 86 0 86 91] { t_RawVec__ptr'1: t_Unique'1; t_RawVec__cap'1: t_Cap'0; t_RawVec__alloc'1: () } type t_Vec'1 = - { t_Vec__buf'1: t_RawVec'1; t_Vec__len'1: usize } + { t_Vec__buf'1: t_RawVec'1; t_Vec__len'1: UInt64.t } predicate inv'7 (_1 : t_Vec'1) @@ -565,23 +567,23 @@ module M_knapsack_full__knapsack01_dyn [#"knapsack_full.rs" 86 0 86 91] function view'2 (self : t_Vec'1) : Seq.seq (t_Vec'0) - axiom view'2_spec : forall self : t_Vec'1 . [%#svec46] Seq.length (view'2 self) <= UIntSize.to_int (v_MAX'0 : usize) + axiom view'2_spec : forall self : t_Vec'1 . [%#svec46] Seq.length (view'2 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) use seq.Seq function index_logic'0 [@inline:trivial] (self : t_Vec'1) (ix : int) : t_Vec'0 = [%#sops45] Seq.get (view'2 self) ix - let rec from_elem'1 (elem:t_Vec'0) (n:usize) (return' (ret:t_Vec'1))= {[@expl:from_elem 'elem' type invariant] inv'6 elem} + let rec from_elem'1 (elem:t_Vec'0) (n:UInt64.t) (return' (ret:t_Vec'1))= {[@expl:from_elem 'elem' type invariant] inv'6 elem} any [ return' (result:t_Vec'1)-> {inv'7 result} - {[%#svec40] Seq.length (view'2 result) = UIntSize.to_int n} - {[%#svec41] forall i : int . 0 <= i /\ i < UIntSize.to_int n -> index_logic'0 result i = elem} + {[%#svec40] Seq.length (view'2 result) = UInt64.to_uint n} + {[%#svec41] forall i : int . 0 <= i /\ i < UInt64.to_uint n -> index_logic'0 result i = elem} (! return' {result}) ] type t_Range'0 = - { t_Range__start'0: usize; t_Range__end'0: usize } + { t_Range__start'0: UInt64.t; t_Range__end'0: UInt64.t } predicate inv'0 (_1 : t_Range'0) @@ -635,7 +637,7 @@ module M_knapsack_full__knapsack01_dyn [#"knapsack_full.rs" 86 0 86 91] = ([%#sknapsack_full75] if i = Seq.length s then 0 else - UIntSize.to_int (Seq.get s i).t_Item__weight'0 + sum_weights'0 s (i + 1) + UInt64.to_uint (Seq.get s i).t_Item__weight'0 + sum_weights'0 s (i + 1) ) axiom sum_weights'0_spec : forall s : Seq.seq (t_Item'0), i : int . ([%#sknapsack_full72] 0 <= i /\ i <= Seq.length s) @@ -648,7 +650,7 @@ module M_knapsack_full__knapsack01_dyn [#"knapsack_full.rs" 86 0 86 91] = ([%#sknapsack_full78] if i = Seq.length s then 0 else - UIntSize.to_int (Seq.get s i).t_Item__value'0 + sum_values'0 s (i + 1) + UInt64.to_uint (Seq.get s i).t_Item__value'0 + sum_values'0 s (i + 1) ) use int.MinMax @@ -662,11 +664,11 @@ module M_knapsack_full__knapsack01_dyn [#"knapsack_full.rs" 86 0 86 91] = ([%#sknapsack_full52] if i = 0 then 0 else - if UIntSize.to_int (Seq.get items (i - 1)).t_Item__weight'0 > w then + if UInt64.to_uint (Seq.get items (i - 1)).t_Item__weight'0 > w then m'0 items (i - 1) w else - MinMax.max (m'0 items (i - 1) w) (m'0 items (i - 1) (w - UIntSize.to_int (Seq.get items (i - 1)).t_Item__weight'0) - + UIntSize.to_int (Seq.get items (i - 1)).t_Item__value'0) + MinMax.max (m'0 items (i - 1) w) (m'0 items (i - 1) (w - UInt64.to_uint (Seq.get items (i - 1)).t_Item__weight'0) + + UInt64.to_uint (Seq.get items (i - 1)).t_Item__value'0) ) @@ -683,10 +685,10 @@ module M_knapsack_full__knapsack01_dyn [#"knapsack_full.rs" 86 0 86 91] use seq.Seq - function deep_model'0 (self : usize) : int = - [%#snum90] UIntSize.to_int self + function deep_model'0 (self : UInt64.t) : int = + [%#snum90] UInt64.to_uint self - predicate produces'0 (self : t_Range'0) (visited : Seq.seq usize) (o : t_Range'0) = + predicate produces'0 (self : t_Range'0) (visited : Seq.seq UInt64.t) (o : t_Range'0) = [%#srange53] self.t_Range__end'0 = o.t_Range__end'0 /\ deep_model'0 self.t_Range__start'0 <= deep_model'0 o.t_Range__start'0 /\ (Seq.length visited > 0 -> deep_model'0 o.t_Range__start'0 <= deep_model'0 o.t_Range__end'0) @@ -694,10 +696,10 @@ module M_knapsack_full__knapsack01_dyn [#"knapsack_full.rs" 86 0 86 91] /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> deep_model'0 (Seq.get visited i) = deep_model'0 self.t_Range__start'0 + i) - function produces_trans'0 (a : t_Range'0) (ab : Seq.seq usize) (b : t_Range'0) (bc : Seq.seq usize) (c : t_Range'0) : () + function produces_trans'0 (a : t_Range'0) (ab : Seq.seq UInt64.t) (b : t_Range'0) (bc : Seq.seq UInt64.t) (c : t_Range'0) : () - axiom produces_trans'0_spec : forall a : t_Range'0, ab : Seq.seq usize, b : t_Range'0, bc : Seq.seq usize, c : t_Range'0 . ([%#srange84] inv'0 a) + axiom produces_trans'0_spec : forall a : t_Range'0, ab : Seq.seq UInt64.t, b : t_Range'0, bc : Seq.seq UInt64.t, c : t_Range'0 . ([%#srange84] inv'0 a) -> ([%#srange85] inv'0 b) -> ([%#srange86] inv'0 c) -> ([%#srange87] produces'0 a ab b) @@ -706,11 +708,11 @@ module M_knapsack_full__knapsack01_dyn [#"knapsack_full.rs" 86 0 86 91] function produces_refl'0 (self : t_Range'0) : () axiom produces_refl'0_spec : forall self : t_Range'0 . ([%#srange82] inv'0 self) - -> ([%#srange83] produces'0 self (Seq.empty : Seq.seq usize) self) + -> ([%#srange83] produces'0 self (Seq.empty : Seq.seq UInt64.t) self) - predicate inv'1 (_1 : Seq.seq usize) + predicate inv'1 (_1 : Seq.seq UInt64.t) - axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq usize [inv'1 x] . inv'1 x = true + axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq UInt64.t [inv'1 x] . inv'1 x = true predicate inv'8 (_1 : borrowed (t_Range'0)) @@ -718,7 +720,7 @@ module M_knapsack_full__knapsack01_dyn [#"knapsack_full.rs" 86 0 86 91] type t_Option'0 = | C_None'0 - | C_Some'0 usize + | C_Some'0 UInt64.t predicate inv'9 (_1 : t_Option'0) @@ -746,13 +748,13 @@ module M_knapsack_full__knapsack01_dyn [#"knapsack_full.rs" 86 0 86 91] predicate resolve'0 (_1 : borrowed (t_Range'0)) = resolve'4 _1 - let rec v_Some'0 (input:t_Option'0) (ret (field_0:usize))= any - [ good (field_0:usize)-> {C_Some'0 field_0 = input} (! ret {field_0}) - | bad -> {forall field_0 : usize [C_Some'0 field_0 : t_Option'0] . C_Some'0 field_0 <> input} (! {false} any) ] + let rec v_Some'0 (input:t_Option'0) (ret (field_0:UInt64.t))= any + [ good (field_0:UInt64.t)-> {C_Some'0 field_0 = input} (! ret {field_0}) + | bad -> {forall field_0 : UInt64.t [C_Some'0 field_0 : t_Option'0] . C_Some'0 field_0 <> input} (! {false} any) ] - predicate in_bounds'0 [@inline:trivial] (self : usize) (seq : Seq.seq (t_Item'0)) = - [%#sslice93] UIntSize.to_int self < Seq.length seq + predicate in_bounds'0 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq (t_Item'0)) = + [%#sslice93] UInt64.to_uint self < Seq.length seq predicate invariant'2 (self : t_Item'0) = [%#sinvariant108] inv'21 self @@ -761,10 +763,10 @@ module M_knapsack_full__knapsack01_dyn [#"knapsack_full.rs" 86 0 86 91] axiom inv_axiom'10 [@rewrite] : forall x : t_Item'0 [inv'10 x] . inv'10 x = invariant'2 x - predicate has_value'0 [@inline:trivial] (self : usize) (seq : Seq.seq (t_Item'0)) (out : t_Item'0) = - [%#sslice94] Seq.get seq (UIntSize.to_int self) = out + predicate has_value'0 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq (t_Item'0)) (out : t_Item'0) = + [%#sslice94] Seq.get seq (UInt64.to_uint self) = out - let rec index'0 (self:t_Vec'3) (index:usize) (return' (ret:t_Item'0))= {[@expl:index 'self' type invariant] inv'4 self} + let rec index'0 (self:t_Vec'3) (index:UInt64.t) (return' (ret:t_Item'0))= {[@expl:index 'self' type invariant] inv'4 self} {[@expl:index 'index' type invariant] inv'5 index} {[@expl:index requires] [%#svec55] in_bounds'0 index (view'0 self)} any @@ -774,22 +776,22 @@ module M_knapsack_full__knapsack01_dyn [#"knapsack_full.rs" 86 0 86 91] type t_RangeInclusive'0 = - { t_RangeInclusive__start'0: usize; t_RangeInclusive__end'0: usize; t_RangeInclusive__exhausted'0: bool } + { t_RangeInclusive__start'0: UInt64.t; t_RangeInclusive__end'0: UInt64.t; t_RangeInclusive__exhausted'0: bool } predicate inv'2 (_1 : t_RangeInclusive'0) axiom inv_axiom'2 [@rewrite] : forall x : t_RangeInclusive'0 [inv'2 x] . inv'2 x = true - function start_log'0 (self : t_RangeInclusive'0) : usize + function start_log'0 (self : t_RangeInclusive'0) : UInt64.t - function end_log'0 (self : t_RangeInclusive'0) : usize + function end_log'0 (self : t_RangeInclusive'0) : UInt64.t function is_empty_log'0 (self : t_RangeInclusive'0) : bool axiom is_empty_log'0_spec : forall self : t_RangeInclusive'0 . [%#sops95] not is_empty_log'0 self -> deep_model'0 (start_log'0 self) <= deep_model'0 (end_log'0 self) - let rec new'0 (start:usize) (end':usize) (return' (ret:t_RangeInclusive'0))= {[@expl:new 'start' type invariant] inv'5 start} + let rec new'0 (start:UInt64.t) (end':UInt64.t) (return' (ret:t_RangeInclusive'0))= {[@expl:new 'start' type invariant] inv'5 start} {[@expl:new 'end' type invariant] inv'5 end'} any [ return' (result:t_RangeInclusive'0)-> {inv'2 result} @@ -823,25 +825,25 @@ module M_knapsack_full__knapsack01_dyn [#"knapsack_full.rs" 86 0 86 91] axiom range_inclusive_len'0_spec : forall r : t_RangeInclusive'0 . [%#srange102] is_empty_log'0 r = (range_inclusive_len'0 r = 0) - predicate produces'1 (self : t_RangeInclusive'0) (visited : Seq.seq usize) (o : t_RangeInclusive'0) = + predicate produces'1 (self : t_RangeInclusive'0) (visited : Seq.seq UInt64.t) (o : t_RangeInclusive'0) = [%#srange60] Seq.length visited = range_inclusive_len'0 self - range_inclusive_len'0 o /\ (is_empty_log'0 self -> is_empty_log'0 o) /\ (is_empty_log'0 o \/ end_log'0 self = end_log'0 o) /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> deep_model'0 (Seq.get visited i) = deep_model'0 (start_log'0 self) + i) - function produces_trans'1 (a : t_RangeInclusive'0) (ab : Seq.seq usize) (b : t_RangeInclusive'0) (bc : Seq.seq usize) (c : t_RangeInclusive'0) : () + function produces_trans'1 (a : t_RangeInclusive'0) (ab : Seq.seq UInt64.t) (b : t_RangeInclusive'0) (bc : Seq.seq UInt64.t) (c : t_RangeInclusive'0) : () = [%#srange101] () - axiom produces_trans'1_spec : forall a : t_RangeInclusive'0, ab : Seq.seq usize, b : t_RangeInclusive'0, bc : Seq.seq usize, c : t_RangeInclusive'0 . ([%#srange98] produces'1 a ab b) + axiom produces_trans'1_spec : forall a : t_RangeInclusive'0, ab : Seq.seq UInt64.t, b : t_RangeInclusive'0, bc : Seq.seq UInt64.t, c : t_RangeInclusive'0 . ([%#srange98] produces'1 a ab b) -> ([%#srange99] produces'1 b bc c) -> ([%#srange100] produces'1 a (Seq.(++) ab bc) c) function produces_refl'1 (self : t_RangeInclusive'0) : () = [%#srange97] () - axiom produces_refl'1_spec : forall self : t_RangeInclusive'0 . [%#srange96] produces'1 self (Seq.empty : Seq.seq usize) self + axiom produces_refl'1_spec : forall self : t_RangeInclusive'0 . [%#srange96] produces'1 self (Seq.empty : Seq.seq UInt64.t) self predicate inv'11 (_1 : borrowed (t_RangeInclusive'0)) @@ -873,17 +875,17 @@ module M_knapsack_full__knapsack01_dyn [#"knapsack_full.rs" 86 0 86 91] function view'5 (self : t_Vec'1) : Seq.seq (t_Vec'0) = [%#smodel44] view'2 self - predicate in_bounds'1 [@inline:trivial] (self : usize) (seq : Seq.seq (t_Vec'0)) = - [%#sslice93] UIntSize.to_int self < Seq.length seq + predicate in_bounds'1 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq (t_Vec'0)) = + [%#sslice93] UInt64.to_uint self < Seq.length seq predicate inv'13 (_1 : t_Vec'0) axiom inv_axiom'13 [@rewrite] : forall x : t_Vec'0 [inv'13 x] . inv'13 x = true - predicate has_value'1 [@inline:trivial] (self : usize) (seq : Seq.seq (t_Vec'0)) (out : t_Vec'0) = - [%#sslice94] Seq.get seq (UIntSize.to_int self) = out + predicate has_value'1 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq (t_Vec'0)) (out : t_Vec'0) = + [%#sslice94] Seq.get seq (UInt64.to_uint self) = out - let rec index'1 (self:t_Vec'1) (index:usize) (return' (ret:t_Vec'0))= {[@expl:index 'self' type invariant] inv'12 self} + let rec index'1 (self:t_Vec'1) (index:UInt64.t) (return' (ret:t_Vec'0))= {[@expl:index 'self' type invariant] inv'12 self} {[@expl:index 'index' type invariant] inv'5 index} {[@expl:index requires] [%#svec55] in_bounds'1 index (view'5 self)} any @@ -892,31 +894,31 @@ module M_knapsack_full__knapsack01_dyn [#"knapsack_full.rs" 86 0 86 91] (! return' {result}) ] - function view'6 (self : t_Vec'0) : Seq.seq usize = + function view'6 (self : t_Vec'0) : Seq.seq UInt64.t = [%#smodel44] view'1 self - predicate in_bounds'2 [@inline:trivial] (self : usize) (seq : Seq.seq usize) = - [%#sslice93] UIntSize.to_int self < Seq.length seq + predicate in_bounds'2 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq UInt64.t) = + [%#sslice93] UInt64.to_uint self < Seq.length seq - predicate inv'14 (_1 : usize) + predicate inv'14 (_1 : UInt64.t) - axiom inv_axiom'14 [@rewrite] : forall x : usize [inv'14 x] . inv'14 x = true + axiom inv_axiom'14 [@rewrite] : forall x : UInt64.t [inv'14 x] . inv'14 x = true - predicate has_value'2 [@inline:trivial] (self : usize) (seq : Seq.seq usize) (out : usize) = - [%#sslice94] Seq.get seq (UIntSize.to_int self) = out + predicate has_value'2 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq UInt64.t) (out : UInt64.t) = + [%#sslice94] Seq.get seq (UInt64.to_uint self) = out - let rec index'2 (self:t_Vec'0) (index:usize) (return' (ret:usize))= {[@expl:index 'self' type invariant] inv'13 self} + let rec index'2 (self:t_Vec'0) (index:UInt64.t) (return' (ret:UInt64.t))= {[@expl:index 'self' type invariant] inv'13 self} {[@expl:index 'index' type invariant] inv'5 index} {[@expl:index requires] [%#svec55] in_bounds'2 index (view'6 self)} any - [ return' (result:usize)-> {inv'14 result} + [ return' (result:UInt64.t)-> {inv'14 result} {[%#svec56] has_value'2 index (view'6 self) result} (! return' {result}) ] - let rec max'0 (a:usize) (b:usize) (return' (ret:usize))= any - [ return' (result:usize)-> {[%#sknapsack_full61] UIntSize.to_int result - = MinMax.max (UIntSize.to_int a) (UIntSize.to_int b)} + let rec max'0 (a:UInt64.t) (b:UInt64.t) (return' (ret:UInt64.t))= any + [ return' (result:UInt64.t)-> {[%#sknapsack_full61] UInt64.to_uint result + = MinMax.max (UInt64.to_uint a) (UInt64.to_uint b)} (! return' {result}) ] @@ -931,11 +933,12 @@ module M_knapsack_full__knapsack01_dyn [#"knapsack_full.rs" 86 0 86 91] axiom inv_axiom'16 [@rewrite] : forall x : borrowed (t_Vec'0) [inv'16 x] . inv'16 x = true - predicate resolve_elswhere'0 [@inline:trivial] (self : usize) (old' : Seq.seq (t_Vec'0)) (fin : Seq.seq (t_Vec'0)) = - [%#sslice106] forall i : int . 0 <= i /\ i <> UIntSize.to_int self /\ i < Seq.length old' + predicate resolve_elswhere'0 [@inline:trivial] (self : UInt64.t) (old' : Seq.seq (t_Vec'0)) (fin : Seq.seq (t_Vec'0)) + = + [%#sslice106] forall i : int . 0 <= i /\ i <> UInt64.to_uint self /\ i < Seq.length old' -> Seq.get old' i = Seq.get fin i - let rec index_mut'0 (self:borrowed (t_Vec'1)) (index:usize) (return' (ret:borrowed (t_Vec'0)))= {[@expl:index_mut 'self' type invariant] inv'15 self} + let rec index_mut'0 (self:borrowed (t_Vec'1)) (index:UInt64.t) (return' (ret:borrowed (t_Vec'0)))= {[@expl:index_mut 'self' type invariant] inv'15 self} {[@expl:index_mut 'index' type invariant] inv'5 index} {[@expl:index_mut requires] [%#svec62] in_bounds'1 index (view'7 self)} any @@ -947,22 +950,22 @@ module M_knapsack_full__knapsack01_dyn [#"knapsack_full.rs" 86 0 86 91] (! return' {result}) ] - function view'8 (self : borrowed (t_Vec'0)) : Seq.seq usize = + function view'8 (self : borrowed (t_Vec'0)) : Seq.seq UInt64.t = [%#smodel105] view'1 self.current - predicate inv'17 (_1 : borrowed usize) + predicate inv'17 (_1 : borrowed UInt64.t) - axiom inv_axiom'17 [@rewrite] : forall x : borrowed usize [inv'17 x] . inv'17 x = true + axiom inv_axiom'17 [@rewrite] : forall x : borrowed UInt64.t [inv'17 x] . inv'17 x = true - predicate resolve_elswhere'1 [@inline:trivial] (self : usize) (old' : Seq.seq usize) (fin : Seq.seq usize) = - [%#sslice106] forall i : int . 0 <= i /\ i <> UIntSize.to_int self /\ i < Seq.length old' + predicate resolve_elswhere'1 [@inline:trivial] (self : UInt64.t) (old' : Seq.seq UInt64.t) (fin : Seq.seq UInt64.t) = + [%#sslice106] forall i : int . 0 <= i /\ i <> UInt64.to_uint self /\ i < Seq.length old' -> Seq.get old' i = Seq.get fin i - let rec index_mut'1 (self:borrowed (t_Vec'0)) (index:usize) (return' (ret:borrowed usize))= {[@expl:index_mut 'self' type invariant] inv'16 self} + let rec index_mut'1 (self:borrowed (t_Vec'0)) (index:UInt64.t) (return' (ret:borrowed UInt64.t))= {[@expl:index_mut 'self' type invariant] inv'16 self} {[@expl:index_mut 'index' type invariant] inv'5 index} {[@expl:index_mut requires] [%#svec62] in_bounds'2 index (view'8 self)} any - [ return' (result:borrowed usize)-> {inv'17 result} + [ return' (result:borrowed UInt64.t)-> {inv'17 result} {[%#svec63] has_value'2 index (view'8 self) result.current} {[%#svec64] has_value'2 index (view'1 self.final) result.final} {[%#svec65] resolve_elswhere'1 index (view'8 self) (view'1 self.final)} @@ -970,10 +973,10 @@ module M_knapsack_full__knapsack01_dyn [#"knapsack_full.rs" 86 0 86 91] (! return' {result}) ] - predicate resolve'6 (self : borrowed usize) = + predicate resolve'6 (self : borrowed UInt64.t) = [%#sresolve92] self.final = self.current - predicate resolve'2 (_1 : borrowed usize) = + predicate resolve'2 (_1 : borrowed UInt64.t) = resolve'6 _1 predicate resolve'7 (self : borrowed (t_Vec'0)) = @@ -992,11 +995,11 @@ module M_knapsack_full__knapsack01_dyn [#"knapsack_full.rs" 86 0 86 91] { t_RawVec__ptr'2: t_Unique'2; t_RawVec__cap'2: t_Cap'0; t_RawVec__alloc'2: () } type t_Vec'2 = - { t_Vec__buf'2: t_RawVec'2; t_Vec__len'2: usize } + { t_Vec__buf'2: t_RawVec'2; t_Vec__len'2: UInt64.t } function view'3 (self : t_Vec'2) : Seq.seq (t_Item'0) - axiom view'3_spec : forall self : t_Vec'2 . [%#svec46] Seq.length (view'3 self) <= UIntSize.to_int (v_MAX'0 : usize) + axiom view'3_spec : forall self : t_Vec'2 . [%#svec46] Seq.length (view'3 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) use seq.Seq @@ -1021,7 +1024,7 @@ module M_knapsack_full__knapsack01_dyn [#"knapsack_full.rs" 86 0 86 91] axiom inv_axiom'3 [@rewrite] : forall x : t_Vec'2 [inv'3 x] . inv'3 x = invariant'0 x - let rec with_capacity'0 (capacity:usize) (return' (ret:t_Vec'2))= any + let rec with_capacity'0 (capacity:UInt64.t) (return' (ret:t_Vec'2))= any [ return' (result:t_Vec'2)-> {inv'3 result} {[%#svec67] Seq.length (view'3 result) = 0} (! return' {result}) ] @@ -1057,31 +1060,34 @@ module M_knapsack_full__knapsack01_dyn [#"knapsack_full.rs" 86 0 86 91] meta "compute_max_steps" 1000000 - let rec knapsack01_dyn'0 (items:t_Vec'3) (max_weight:usize) (return' (ret:t_Vec'2))= {[@expl:knapsack01_dyn 'items' type invariant] [%#sknapsack_full32] inv'4 items} + let rec knapsack01_dyn'0 (items:t_Vec'3) (max_weight:UInt64.t) (return' (ret:t_Vec'2))= {[@expl:knapsack01_dyn 'items' type invariant] [%#sknapsack_full32] inv'4 items} {[@expl:knapsack01_dyn requires #0] [%#sknapsack_full33] Seq.length (view'0 items) < 10000000} - {[@expl:knapsack01_dyn requires #1] [%#sknapsack_full34] UIntSize.to_int max_weight < 10000000} + {[@expl:knapsack01_dyn requires #1] [%#sknapsack_full34] UInt64.to_uint max_weight < 10000000} {[@expl:knapsack01_dyn requires #2] [%#sknapsack_full35] forall i : int . 0 <= i /\ i < Seq.length (view'0 items) - -> UIntSize.to_int (index_logic'2 items i).t_Item__value'0 <= 10000000} + -> UInt64.to_uint (index_logic'2 items i).t_Item__value'0 <= 10000000} (! bb0 [ bb0 = s0 - [ s0 = UIntSize.add {max_weight} {[%#sknapsack_full0] (1 : usize)} (fun (_ret':usize) -> [ &_11 <- _ret' ] s1) - | s1 = from_elem'0 {[%#sknapsack_full1] (0 : usize)} {_11} (fun (_ret':t_Vec'0) -> [ &_10 <- _ret' ] s2) + [ s0 = UInt64.add {max_weight} {[%#sknapsack_full0] (1 : UInt64.t)} + (fun (_ret':UInt64.t) -> [ &_11 <- _ret' ] s1) + | s1 = from_elem'0 {[%#sknapsack_full1] (0 : UInt64.t)} {_11} (fun (_ret':t_Vec'0) -> [ &_10 <- _ret' ] s2) | s2 = bb1 ] - | bb1 = s0 [ s0 = len'0 {items} (fun (_ret':usize) -> [ &_14 <- _ret' ] s1) | s1 = bb2 ] + | bb1 = s0 [ s0 = len'0 {items} (fun (_ret':UInt64.t) -> [ &_14 <- _ret' ] s1) | s1 = bb2 ] | bb2 = s0 - [ s0 = UIntSize.add {_14} {[%#sknapsack_full2] (1 : usize)} (fun (_ret':usize) -> [ &_13 <- _ret' ] s1) + [ s0 = UInt64.add {_14} {[%#sknapsack_full2] (1 : UInt64.t)} (fun (_ret':UInt64.t) -> [ &_13 <- _ret' ] s1) | s1 = from_elem'1 {_10} {_13} (fun (_ret':t_Vec'1) -> [ &best_value <- _ret' ] s2) | s2 = bb3 ] - | bb3 = s0 [ s0 = len'0 {items} (fun (_ret':usize) -> [ &_19 <- _ret' ] s1) | s1 = bb4 ] + | bb3 = s0 [ s0 = len'0 {items} (fun (_ret':UInt64.t) -> [ &_19 <- _ret' ] s1) | s1 = bb4 ] | bb4 = s0 - [ s0 = [ &_18 <- { t_Range__start'0 = ([%#sknapsack_full3] (0 : usize)); t_Range__end'0 = _19 } ] s1 + [ s0 = [ &_18 <- { t_Range__start'0 = ([%#sknapsack_full3] (0 : UInt64.t)); t_Range__end'0 = _19 } ] s1 | s1 = into_iter'0 {_18} (fun (_ret':t_Range'0) -> [ &iter <- _ret' ] s2) | s2 = bb5 ] | bb5 = s0 [ s0 = [ &iter_old <- [%#sknapsack_full4] Snapshot.new iter ] s1 | s1 = bb6 ] - | bb6 = s0 [ s0 = [ &produced <- [%#sknapsack_full5] Snapshot.new (Seq.empty : Seq.seq usize) ] s1 | s1 = bb7 ] + | bb6 = s0 + [ s0 = [ &produced <- [%#sknapsack_full5] Snapshot.new (Seq.empty : Seq.seq UInt64.t) ] s1 | s1 = bb7 ] + | bb7 = bb8 | bb8 = bb9 | bb9 = bb10 @@ -1093,13 +1099,13 @@ module M_knapsack_full__knapsack01_dyn [#"knapsack_full.rs" 86 0 86 91] {[@expl:for invariant] [%#sknapsack_full10] produces'0 (Snapshot.inner iter_old) (Snapshot.inner produced) iter} {[@expl:loop invariant #0] [%#sknapsack_full9] Seq.length (view'0 items) + 1 = Seq.length (view'2 best_value)} {[@expl:loop invariant #1] [%#sknapsack_full8] forall i : int . 0 <= i /\ i < Seq.length (view'2 best_value) - -> UIntSize.to_int max_weight + 1 = Seq.length (view'1 (index_logic'0 best_value i))} + -> UInt64.to_uint max_weight + 1 = Seq.length (view'1 (index_logic'0 best_value i))} {[@expl:loop invariant #2] [%#sknapsack_full7] forall ii : int, ww : int . 0 <= ii - /\ ii <= Seq.length (Snapshot.inner produced) /\ 0 <= ww /\ ww <= UIntSize.to_int max_weight - -> UIntSize.to_int (Seq.get (view'1 (index_logic'0 best_value ii)) ww) = m'0 (view'0 items) ii ww} + /\ ii <= Seq.length (Snapshot.inner produced) /\ 0 <= ww /\ ww <= UInt64.to_uint max_weight + -> UInt64.to_uint (Seq.get (view'1 (index_logic'0 best_value ii)) ww) = m'0 (view'0 items) ii ww} {[@expl:loop invariant #3] [%#sknapsack_full6] forall ii : int, ww : int . 0 <= ii - /\ ii <= Seq.length (view'0 items) /\ 0 <= ww /\ ww <= UIntSize.to_int max_weight - -> UIntSize.to_int (Seq.get (view'1 (index_logic'0 best_value ii)) ww) <= 10000000 * ii} + /\ ii <= Seq.length (view'0 items) /\ 0 <= ww /\ ww <= UInt64.to_uint max_weight + -> UInt64.to_uint (Seq.get (view'1 (index_logic'0 best_value ii)) ww) <= 10000000 * ii} (! s0) [ s0 = bb13 ] [ bb13 = s0 [ s0 = Borrow.borrow_mut {iter} @@ -1114,11 +1120,11 @@ module M_knapsack_full__knapsack01_dyn [#"knapsack_full.rs" 86 0 86 91] | bb14 = s0 [ s0 = -{resolve'0 _35}- s1 - | s1 = any [ br0 -> {_33 = C_None'0 } (! bb17) | br1 (x0:usize)-> {_33 = C_Some'0 x0} (! bb16) ] ] + | s1 = any [ br0 -> {_33 = C_None'0 } (! bb17) | br1 (x0:UInt64.t)-> {_33 = C_Some'0 x0} (! bb16) ] ] | bb16 = bb18 | bb18 = s0 - [ s0 = v_Some'0 {_33} (fun (r0'0:usize) -> [ &__creusot_proc_iter_elem <- r0'0 ] s1) + [ s0 = v_Some'0 {_33} (fun (r0'0:UInt64.t) -> [ &__creusot_proc_iter_elem <- r0'0 ] s1) | s1 = [ &_38 <- [%#sknapsack_full11] Snapshot.new (Seq.(++) (Snapshot.inner produced) (Seq.singleton __creusot_proc_iter_elem)) ] @@ -1133,14 +1139,14 @@ module M_knapsack_full__knapsack01_dyn [#"knapsack_full.rs" 86 0 86 91] | bb20 = s0 [ s0 = [ &it <- _42 ] s1 - | s1 = new'0 {[%#sknapsack_full12] (0 : usize)} {max_weight} + | s1 = new'0 {[%#sknapsack_full12] (0 : UInt64.t)} {max_weight} (fun (_ret':t_RangeInclusive'0) -> [ &_46 <- _ret' ] s2) | s2 = bb21 ] | bb21 = s0 [ s0 = into_iter'1 {_46} (fun (_ret':t_RangeInclusive'0) -> [ &iter1 <- _ret' ] s1) | s1 = bb22 ] | bb22 = s0 [ s0 = [ &iter_old1 <- [%#sknapsack_full13] Snapshot.new iter1 ] s1 | s1 = bb23 ] | bb23 = s0 - [ s0 = [ &produced1 <- [%#sknapsack_full14] Snapshot.new (Seq.empty : Seq.seq usize) ] s1 | s1 = bb24 ] + [ s0 = [ &produced1 <- [%#sknapsack_full14] Snapshot.new (Seq.empty : Seq.seq UInt64.t) ] s1 | s1 = bb24 ] | bb24 = bb25 | bb25 = bb26 @@ -1156,17 +1162,17 @@ module M_knapsack_full__knapsack01_dyn [#"knapsack_full.rs" 86 0 86 91] = Seq.length (view'2 best_value)} {[@expl:loop invariant #1] [%#sknapsack_full18] forall i : int . 0 <= i /\ i < Seq.length (view'2 best_value) - -> UIntSize.to_int max_weight + 1 = Seq.length (view'1 (index_logic'0 best_value i))} + -> UInt64.to_uint max_weight + 1 = Seq.length (view'1 (index_logic'0 best_value i))} {[@expl:loop invariant #2] [%#sknapsack_full17] forall ii : int, ww : int . 0 <= ii - /\ ii <= UIntSize.to_int i /\ 0 <= ww /\ ww <= UIntSize.to_int max_weight - -> UIntSize.to_int (Seq.get (view'1 (index_logic'0 best_value ii)) ww) = m'0 (view'0 items) ii ww} + /\ ii <= UInt64.to_uint i /\ 0 <= ww /\ ww <= UInt64.to_uint max_weight + -> UInt64.to_uint (Seq.get (view'1 (index_logic'0 best_value ii)) ww) = m'0 (view'0 items) ii ww} {[@expl:loop invariant #3] [%#sknapsack_full16] forall ww : int . 0 <= ww /\ ww <= Seq.length (Snapshot.inner produced1) - 1 - -> UIntSize.to_int (Seq.get (view'1 (index_logic'0 best_value (UIntSize.to_int i + 1))) ww) - = m'0 (view'0 items) (UIntSize.to_int i + 1) ww} + -> UInt64.to_uint (Seq.get (view'1 (index_logic'0 best_value (UInt64.to_uint i + 1))) ww) + = m'0 (view'0 items) (UInt64.to_uint i + 1) ww} {[@expl:loop invariant #4] [%#sknapsack_full15] forall ii : int, ww : int . 0 <= ii - /\ ii <= Seq.length (view'0 items) /\ 0 <= ww /\ ww <= UIntSize.to_int max_weight - -> UIntSize.to_int (Seq.get (view'1 (index_logic'0 best_value ii)) ww) <= 10000000 * ii} + /\ ii <= Seq.length (view'0 items) /\ 0 <= ww /\ ww <= UInt64.to_uint max_weight + -> UInt64.to_uint (Seq.get (view'1 (index_logic'0 best_value ii)) ww) <= 10000000 * ii} (! s0) [ s0 = bb31 ] [ bb31 = s0 [ s0 = Borrow.borrow_mut {iter1} @@ -1181,11 +1187,11 @@ module M_knapsack_full__knapsack01_dyn [#"knapsack_full.rs" 86 0 86 91] | bb32 = s0 [ s0 = -{resolve'1 _62}- s1 - | s1 = any [ br0 -> {_60 = C_None'0 } (! bb35) | br1 (x0:usize)-> {_60 = C_Some'0 x0} (! bb34) ] ] + | s1 = any [ br0 -> {_60 = C_None'0 } (! bb35) | br1 (x0:UInt64.t)-> {_60 = C_Some'0 x0} (! bb34) ] ] | bb34 = bb36 | bb36 = s0 - [ s0 = v_Some'0 {_60} (fun (r0'0:usize) -> [ &__creusot_proc_iter_elem1 <- r0'0 ] s1) + [ s0 = v_Some'0 {_60} (fun (r0'0:UInt64.t) -> [ &__creusot_proc_iter_elem1 <- r0'0 ] s1) | s1 = [ &_65 <- [%#sknapsack_full21] Snapshot.new (Seq.(++) (Snapshot.inner produced1) (Seq.singleton __creusot_proc_iter_elem1)) ] @@ -1195,30 +1201,31 @@ module M_knapsack_full__knapsack01_dyn [#"knapsack_full.rs" 86 0 86 91] | bb37 = s0 [ s0 = [ &produced1 <- _65 ] s1 | s1 = [ &w <- __creusot_proc_iter_elem1 ] s2 - | s2 = UIntSize.gt {it.t_Item__weight'0} {w} (fun (_ret':bool) -> [ &_69 <- _ret' ] s3) + | s2 = UInt64.gt {it.t_Item__weight'0} {w} (fun (_ret':bool) -> [ &_69 <- _ret' ] s3) | s3 = any [ br0 -> {_69 = false} (! bb41) | br1 -> {_69} (! bb38) ] ] | bb38 = s0 [ s0 = index'1 {best_value} {i} (fun (_ret':t_Vec'0) -> [ &_74 <- _ret' ] s1) | s1 = bb39 ] - | bb39 = s0 [ s0 = index'2 {_74} {w} (fun (_ret':usize) -> [ &_72 <- _ret' ] s1) | s1 = bb40 ] + | bb39 = s0 [ s0 = index'2 {_74} {w} (fun (_ret':UInt64.t) -> [ &_72 <- _ret' ] s1) | s1 = bb40 ] | bb40 = s0 [ s0 = [ &_68 <- _72 ] s1 | s1 = bb47 ] | bb41 = s0 [ s0 = index'1 {best_value} {i} (fun (_ret':t_Vec'0) -> [ &_81 <- _ret' ] s1) | s1 = bb42 ] - | bb42 = s0 [ s0 = index'2 {_81} {w} (fun (_ret':usize) -> [ &_79 <- _ret' ] s1) | s1 = bb43 ] + | bb42 = s0 [ s0 = index'2 {_81} {w} (fun (_ret':UInt64.t) -> [ &_79 <- _ret' ] s1) | s1 = bb43 ] | bb43 = s0 [ s0 = index'1 {best_value} {i} (fun (_ret':t_Vec'0) -> [ &_89 <- _ret' ] s1) | s1 = bb44 ] | bb44 = s0 - [ s0 = UIntSize.sub {w} {it.t_Item__weight'0} (fun (_ret':usize) -> [ &_92 <- _ret' ] s1) - | s1 = index'2 {_89} {_92} (fun (_ret':usize) -> [ &_87 <- _ret' ] s2) + [ s0 = UInt64.sub {w} {it.t_Item__weight'0} (fun (_ret':UInt64.t) -> [ &_92 <- _ret' ] s1) + | s1 = index'2 {_89} {_92} (fun (_ret':UInt64.t) -> [ &_87 <- _ret' ] s2) | s2 = bb45 ] | bb45 = s0 - [ s0 = UIntSize.add {_87} {it.t_Item__value'0} (fun (_ret':usize) -> [ &_85 <- _ret' ] s1) - | s1 = max'0 {_79} {_85} (fun (_ret':usize) -> [ &_68 <- _ret' ] s2) + [ s0 = UInt64.add {_87} {it.t_Item__value'0} (fun (_ret':UInt64.t) -> [ &_85 <- _ret' ] s1) + | s1 = max'0 {_79} {_85} (fun (_ret':UInt64.t) -> [ &_68 <- _ret' ] s2) | s2 = bb46 ] | bb46 = bb47 | bb47 = s0 [ s0 = Borrow.borrow_mut {best_value} (fun (_ret':borrowed (t_Vec'1)) -> [ &_99 <- _ret' ] [ &best_value <- _ret'.final ] s1) - | s1 = UIntSize.add {i} {[%#sknapsack_full22] (1 : usize)} (fun (_ret':usize) -> [ &_100 <- _ret' ] s2) + | s1 = UInt64.add {i} {[%#sknapsack_full22] (1 : UInt64.t)} + (fun (_ret':UInt64.t) -> [ &_100 <- _ret' ] s2) | s2 = index_mut'0 {_99} {_100} (fun (_ret':borrowed (t_Vec'0)) -> [ &_98 <- _ret' ] s3) | s3 = bb48 ] @@ -1228,7 +1235,7 @@ module M_knapsack_full__knapsack01_dyn [#"knapsack_full.rs" 86 0 86 91] [ &_97 <- _ret' ] [ &_98 <- { _98 with current = _ret'.final } ] s1) - | s1 = index_mut'1 {_97} {w} (fun (_ret':borrowed usize) -> [ &_96 <- _ret' ] s2) + | s1 = index_mut'1 {_97} {w} (fun (_ret':borrowed UInt64.t) -> [ &_96 <- _ret' ] s2) | s2 = bb49 ] | bb49 = s0 @@ -1242,11 +1249,11 @@ module M_knapsack_full__knapsack01_dyn [#"knapsack_full.rs" 86 0 86 91] | bb35 = bb12 ] ] - | bb17 = s0 [ s0 = len'0 {items} (fun (_ret':usize) -> [ &_106 <- _ret' ] s1) | s1 = bb50 ] + | bb17 = s0 [ s0 = len'0 {items} (fun (_ret':UInt64.t) -> [ &_106 <- _ret' ] s1) | s1 = bb50 ] | bb50 = s0 [ s0 = with_capacity'0 {_106} (fun (_ret':t_Vec'2) -> [ &result <- _ret' ] s1) | s1 = bb51 ] | bb51 = s0 [ s0 = [ &left_weight <- max_weight ] s1 - | s1 = len'0 {items} (fun (_ret':usize) -> [ &j <- _ret' ] s2) + | s1 = len'0 {items} (fun (_ret':UInt64.t) -> [ &j <- _ret' ] s2) | s2 = bb52 ] | bb52 = bb53 @@ -1256,45 +1263,45 @@ module M_knapsack_full__knapsack01_dyn [#"knapsack_full.rs" 86 0 86 91] | bb56 = bb57 | bb57 = bb57 [ bb57 = {[@expl:loop invariant #0] [%#sknapsack_full28] inv'3 result} - {[@expl:loop invariant #1] [%#sknapsack_full27] UIntSize.to_int j <= Seq.length (view'0 items)} - {[@expl:loop invariant #2] [%#sknapsack_full26] UIntSize.to_int left_weight <= UIntSize.to_int max_weight} + {[@expl:loop invariant #1] [%#sknapsack_full27] UInt64.to_uint j <= Seq.length (view'0 items)} + {[@expl:loop invariant #2] [%#sknapsack_full26] UInt64.to_uint left_weight <= UInt64.to_uint max_weight} {[@expl:loop invariant #3] [%#sknapsack_full25] forall r : Seq.seq (t_Item'0) . Seq.length (view'3 result) <= Seq.length r /\ (forall i : int . 0 <= i /\ i < Seq.length (view'3 result) -> index_logic'1 result i = Seq.get r i) /\ sum_values'0 r (Seq.length (view'3 result)) - = m'0 (view'0 items) (UIntSize.to_int j) (UIntSize.to_int left_weight) - -> sum_values'0 r 0 = m'0 (view'0 items) (Seq.length (view'0 items)) (UIntSize.to_int max_weight)} + = m'0 (view'0 items) (UInt64.to_uint j) (UInt64.to_uint left_weight) + -> sum_values'0 r 0 = m'0 (view'0 items) (Seq.length (view'0 items)) (UInt64.to_uint max_weight)} {[@expl:loop invariant #4] [%#sknapsack_full24] forall r : Seq.seq (t_Item'0) . Seq.length (view'3 result) <= Seq.length r /\ (forall i : int . 0 <= i /\ i < Seq.length (view'3 result) -> index_logic'1 result i = Seq.get r i) - /\ sum_weights'0 r (Seq.length (view'3 result)) <= UIntSize.to_int left_weight - -> sum_weights'0 r 0 <= UIntSize.to_int max_weight} + /\ sum_weights'0 r (Seq.length (view'3 result)) <= UInt64.to_uint left_weight + -> sum_weights'0 r 0 <= UInt64.to_uint max_weight} {[@expl:loop invariant #5] [%#sknapsack_full23] forall r : Seq.seq (t_Item'0) . Seq.length (view'3 result) <= Seq.length r /\ (forall i : int . 0 <= i /\ i < Seq.length (view'3 result) -> index_logic'1 result i = Seq.get r i) - /\ subseq_rev'0 r (Seq.length (view'3 result)) (view'0 items) (UIntSize.to_int j) + /\ subseq_rev'0 r (Seq.length (view'3 result)) (view'0 items) (UInt64.to_uint j) -> subseq_rev'0 r 0 (view'0 items) (Seq.length (view'0 items))} (! s0) [ s0 = bb58 ] [ bb58 = s0 - [ s0 = UIntSize.lt {[%#sknapsack_full29] (0 : usize)} {j} (fun (_ret':bool) -> [ &_118 <- _ret' ] s1) + [ s0 = UInt64.lt {[%#sknapsack_full29] (0 : UInt64.t)} {j} (fun (_ret':bool) -> [ &_118 <- _ret' ] s1) | s1 = any [ br0 -> {_118 = false} (! bb69) | br1 -> {_118} (! bb59) ] ] | bb59 = s0 - [ s0 = UIntSize.sub {j} {[%#sknapsack_full30] (1 : usize)} (fun (_ret':usize) -> [ &j <- _ret' ] s1) + [ s0 = UInt64.sub {j} {[%#sknapsack_full30] (1 : UInt64.t)} (fun (_ret':UInt64.t) -> [ &j <- _ret' ] s1) | s1 = index'0 {items} {j} (fun (_ret':t_Item'0) -> [ &_121 <- _ret' ] s2) | s2 = bb60 ] | bb60 = s0 [ s0 = [ &it1 <- _121 ] s1 - | s1 = UIntSize.add {j} {[%#sknapsack_full31] (1 : usize)} (fun (_ret':usize) -> [ &_130 <- _ret' ] s2) + | s1 = UInt64.add {j} {[%#sknapsack_full31] (1 : UInt64.t)} (fun (_ret':UInt64.t) -> [ &_130 <- _ret' ] s2) | s2 = index'1 {best_value} {_130} (fun (_ret':t_Vec'0) -> [ &_128 <- _ret' ] s3) | s3 = bb61 ] - | bb61 = s0 [ s0 = index'2 {_128} {left_weight} (fun (_ret':usize) -> [ &_126 <- _ret' ] s1) | s1 = bb62 ] + | bb61 = s0 [ s0 = index'2 {_128} {left_weight} (fun (_ret':UInt64.t) -> [ &_126 <- _ret' ] s1) | s1 = bb62 ] | bb62 = s0 [ s0 = index'1 {best_value} {j} (fun (_ret':t_Vec'0) -> [ &_136 <- _ret' ] s1) | s1 = bb63 ] - | bb63 = s0 [ s0 = index'2 {_136} {left_weight} (fun (_ret':usize) -> [ &_134 <- _ret' ] s1) | s1 = bb64 ] + | bb63 = s0 [ s0 = index'2 {_136} {left_weight} (fun (_ret':UInt64.t) -> [ &_134 <- _ret' ] s1) | s1 = bb64 ] | bb64 = s0 - [ s0 = UIntSize.ne {_126} {_134} (fun (_ret':bool) -> [ &_124 <- _ret' ] s1) + [ s0 = UInt64.ne {_126} {_134} (fun (_ret':bool) -> [ &_124 <- _ret' ] s1) | s1 = any [ br0 -> {_124 = false} (! bb67) | br1 -> {_124} (! bb65) ] ] | bb65 = s0 @@ -1309,7 +1316,7 @@ module M_knapsack_full__knapsack01_dyn [#"knapsack_full.rs" 86 0 86 91] | s2 = bb66 ] | bb66 = s0 - [ s0 = UIntSize.sub {left_weight} {it1.t_Item__weight'0} (fun (_ret':usize) -> [ &left_weight <- _ret' ] s1) + [ s0 = UInt64.sub {left_weight} {it1.t_Item__weight'0} (fun (_ret':UInt64.t) -> [ &left_weight <- _ret' ] s1) | s1 = bb68 ] | bb67 = bb68 @@ -1322,72 +1329,72 @@ module M_knapsack_full__knapsack01_dyn [#"knapsack_full.rs" 86 0 86 91] ) [ & _0 : t_Vec'2 = any_l () | & items : t_Vec'3 = items - | & max_weight : usize = max_weight + | & max_weight : UInt64.t = max_weight | & best_value : t_Vec'1 = any_l () | & _10 : t_Vec'0 = any_l () - | & _11 : usize = any_l () - | & _13 : usize = any_l () - | & _14 : usize = any_l () + | & _11 : UInt64.t = any_l () + | & _13 : UInt64.t = any_l () + | & _14 : UInt64.t = any_l () | & iter : t_Range'0 = any_l () | & _18 : t_Range'0 = any_l () - | & _19 : usize = any_l () + | & _19 : UInt64.t = any_l () | & iter_old : Snapshot.snap_ty (t_Range'0) = any_l () - | & produced : Snapshot.snap_ty (Seq.seq usize) = any_l () + | & produced : Snapshot.snap_ty (Seq.seq UInt64.t) = any_l () | & _33 : t_Option'0 = any_l () | & _34 : borrowed (t_Range'0) = any_l () | & _35 : borrowed (t_Range'0) = any_l () - | & __creusot_proc_iter_elem : usize = any_l () - | & _38 : Snapshot.snap_ty (Seq.seq usize) = any_l () - | & i : usize = any_l () + | & __creusot_proc_iter_elem : UInt64.t = any_l () + | & _38 : Snapshot.snap_ty (Seq.seq UInt64.t) = any_l () + | & i : UInt64.t = any_l () | & it : t_Item'0 = any_l () | & _42 : t_Item'0 = any_l () | & iter1 : t_RangeInclusive'0 = any_l () | & _46 : t_RangeInclusive'0 = any_l () | & iter_old1 : Snapshot.snap_ty (t_RangeInclusive'0) = any_l () - | & produced1 : Snapshot.snap_ty (Seq.seq usize) = any_l () + | & produced1 : Snapshot.snap_ty (Seq.seq UInt64.t) = any_l () | & _60 : t_Option'0 = any_l () | & _61 : borrowed (t_RangeInclusive'0) = any_l () | & _62 : borrowed (t_RangeInclusive'0) = any_l () - | & __creusot_proc_iter_elem1 : usize = any_l () - | & _65 : Snapshot.snap_ty (Seq.seq usize) = any_l () - | & w : usize = any_l () - | & _68 : usize = any_l () + | & __creusot_proc_iter_elem1 : UInt64.t = any_l () + | & _65 : Snapshot.snap_ty (Seq.seq UInt64.t) = any_l () + | & w : UInt64.t = any_l () + | & _68 : UInt64.t = any_l () | & _69 : bool = any_l () - | & _72 : usize = any_l () + | & _72 : UInt64.t = any_l () | & _74 : t_Vec'0 = any_l () - | & _79 : usize = any_l () + | & _79 : UInt64.t = any_l () | & _81 : t_Vec'0 = any_l () - | & _85 : usize = any_l () - | & _87 : usize = any_l () + | & _85 : UInt64.t = any_l () + | & _87 : UInt64.t = any_l () | & _89 : t_Vec'0 = any_l () - | & _92 : usize = any_l () - | & _96 : borrowed usize = any_l () + | & _92 : UInt64.t = any_l () + | & _96 : borrowed UInt64.t = any_l () | & _97 : borrowed (t_Vec'0) = any_l () | & _98 : borrowed (t_Vec'0) = any_l () | & _99 : borrowed (t_Vec'1) = any_l () - | & _100 : usize = any_l () + | & _100 : UInt64.t = any_l () | & result : t_Vec'2 = any_l () - | & _106 : usize = any_l () - | & left_weight : usize = any_l () - | & j : usize = any_l () + | & _106 : UInt64.t = any_l () + | & left_weight : UInt64.t = any_l () + | & j : UInt64.t = any_l () | & _118 : bool = any_l () | & it1 : t_Item'0 = any_l () | & _121 : t_Item'0 = any_l () | & _124 : bool = any_l () - | & _126 : usize = any_l () + | & _126 : UInt64.t = any_l () | & _128 : t_Vec'0 = any_l () - | & _130 : usize = any_l () - | & _134 : usize = any_l () + | & _130 : UInt64.t = any_l () + | & _134 : UInt64.t = any_l () | & _136 : t_Vec'0 = any_l () | & _140 : () = any_l () | & _141 : borrowed (t_Vec'2) = any_l () ] [ return' (result:t_Vec'2)-> {[@expl:knapsack01_dyn result type invariant] [%#sknapsack_full36] inv'3 result} {[@expl:knapsack01_dyn ensures #0] [%#sknapsack_full37] sum_weights'0 (view'3 result) (Seq.length (view'3 result)) - <= UIntSize.to_int max_weight} + <= UInt64.to_uint max_weight} {[@expl:knapsack01_dyn ensures #1] [%#sknapsack_full38] subseq_rev'0 (view'3 result) 0 (view'0 items) (Seq.length (view'0 items))} {[@expl:knapsack01_dyn ensures #2] [%#sknapsack_full39] forall s : Seq.seq (t_Item'0) . subseq_rev'0 s 0 (view'0 items) (Seq.length (view'0 items)) - /\ sum_weights'0 s (Seq.length s) <= UIntSize.to_int max_weight + /\ sum_weights'0 s (Seq.length s) <= UInt64.to_uint max_weight -> sum_values'0 s (Seq.length s) <= sum_values'0 (view'3 result) (Seq.length (view'3 result))} (! return' {result}) ] diff --git a/creusot/tests/should_succeed/lang/branch_borrow_2.coma b/creusot/tests/should_succeed/lang/branch_borrow_2.coma index 7cb664dc65..d76b974e96 100644 --- a/creusot/tests/should_succeed/lang/branch_borrow_2.coma +++ b/creusot/tests/should_succeed/lang/branch_borrow_2.coma @@ -11,14 +11,16 @@ module M_branch_borrow_2__f [#"branch_borrow_2.rs" 3 0 3 10] let%span sbranch_borrow_29 = "branch_borrow_2.rs" 30 4 30 19 let%span sresolve10 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 + use prelude.prelude.Int + use prelude.prelude.Int32 use prelude.prelude.Borrow - predicate resolve'1 (self : borrowed int32) = + predicate resolve'1 (self : borrowed Int32.t) = [%#sresolve10] self.final = self.current - predicate resolve'0 (_1 : borrowed int32) = + predicate resolve'0 (_1 : borrowed Int32.t) = resolve'1 _1 use prelude.prelude.Intrinsic @@ -27,60 +29,65 @@ module M_branch_borrow_2__f [#"branch_borrow_2.rs" 3 0 3 10] let rec f'0 (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 - [ s0 = [ &a <- [%#sbranch_borrow_21] (10 : int32) ] s1 - | s1 = [ &b <- [%#sbranch_borrow_22] (10 : int32) ] s2 - | s2 = [ &c <- [%#sbranch_borrow_23] (10 : int32) ] s3 - | s3 = Borrow.borrow_mut {a} (fun (_ret':borrowed int32) -> [ &x <- _ret' ] [ &a <- _ret'.final ] s4) - | s4 = Borrow.borrow_mut {b} (fun (_ret':borrowed int32) -> [ &y <- _ret' ] [ &b <- _ret'.final ] s5) - | s5 = Borrow.borrow_mut {c} (fun (_ret':borrowed int32) -> [ &z <- _ret' ] [ &c <- _ret'.final ] s6) + [ s0 = [ &a <- [%#sbranch_borrow_21] (10 : Int32.t) ] s1 + | s1 = [ &b <- [%#sbranch_borrow_22] (10 : Int32.t) ] s2 + | s2 = [ &c <- [%#sbranch_borrow_23] (10 : Int32.t) ] s3 + | s3 = Borrow.borrow_mut {a} + (fun (_ret':borrowed Int32.t) -> [ &x <- _ret' ] [ &a <- _ret'.final ] s4) + | s4 = Borrow.borrow_mut {b} + (fun (_ret':borrowed Int32.t) -> [ &y <- _ret' ] [ &b <- _ret'.final ] s5) + | s5 = Borrow.borrow_mut {c} + (fun (_ret':borrowed Int32.t) -> [ &z <- _ret' ] [ &c <- _ret'.final ] s6) | s6 = any - [ br0 -> {([%#sbranch_borrow_20] (3 : int32)) = 1} (! bb2) - | br1 -> {([%#sbranch_borrow_20] (3 : int32)) = 2} (! bb3) + [ br0 -> {([%#sbranch_borrow_20] (3 : Int32.t)) = 1} (! bb2) + | br1 -> {([%#sbranch_borrow_20] (3 : Int32.t)) = 2} (! bb3) | default -> (! bb1) ] ] | bb1 = s0 [ s0 = -{resolve'0 y}- s1 | s1 = -{resolve'0 x}- s2 - | s2 = [ &z <- { z with current = ([%#sbranch_borrow_24] (8 : int32)) } ] s3 - | s3 = Borrow.borrow_final {z.current} {Borrow.get_id z} - (fun (_ret':borrowed int32) -> [ &_12 <- _ret' ] [ &z <- { z with current = _ret'.final } ] s4) + | s2 = [ &z <- { z with current = ([%#sbranch_borrow_24] (8 : Int32.t)) } ] s3 + | s3 = Borrow.borrow_final {z.current} {Borrow.get_id z} + (fun (_ret':borrowed Int32.t) -> [ &_12 <- _ret' ] [ &z <- { z with current = _ret'.final } ] s4) | s4 = [ &w <- _12 ] s5 | s5 = bb6 ] | bb3 = s0 [ s0 = -{resolve'0 z}- s1 | s1 = -{resolve'0 x}- s2 | s2 = bb5 ] | bb5 = s0 - [ s0 = [ &y <- { y with current = ([%#sbranch_borrow_25] (7 : int32)) } ] s1 - | s1 = Borrow.borrow_final {y.current} {Borrow.get_id y} - (fun (_ret':borrowed int32) -> [ &_11 <- _ret' ] [ &y <- { y with current = _ret'.final } ] s2) + [ s0 = [ &y <- { y with current = ([%#sbranch_borrow_25] (7 : Int32.t)) } ] s1 + | s1 = Borrow.borrow_final {y.current} {Borrow.get_id y} + (fun (_ret':borrowed Int32.t) -> [ &_11 <- _ret' ] [ &y <- { y with current = _ret'.final } ] s2) | s2 = [ &w <- _11 ] s3 | s3 = bb6 ] | bb2 = s0 [ s0 = -{resolve'0 z}- s1 | s1 = -{resolve'0 y}- s2 | s2 = bb4 ] | bb4 = s0 - [ s0 = [ &x <- { x with current = ([%#sbranch_borrow_26] (6 : int32)) } ] s1 | s1 = [ &w <- x ] s2 | s2 = bb6 ] + [ s0 = [ &x <- { x with current = ([%#sbranch_borrow_26] (6 : Int32.t)) } ] s1 + | s1 = [ &w <- x ] s2 + | s2 = bb6 ] | bb6 = s0 - [ s0 = [ &w <- { w with current = ([%#sbranch_borrow_27] (5 : int32)) } ] s1 + [ s0 = [ &w <- { w with current = ([%#sbranch_borrow_27] (5 : Int32.t)) } ] s1 | s1 = -{resolve'0 w}- s2 | s2 = -{resolve'0 z}- s3 | s3 = -{resolve'0 y}- s4 - | s4 = Int32.eq {c} {[%#sbranch_borrow_28] (5 : int32)} (fun (_ret':bool) -> [ &_14 <- _ret' ] s5) + | s4 = Int32.eq {c} {[%#sbranch_borrow_28] (5 : Int32.t)} (fun (_ret':bool) -> [ &_14 <- _ret' ] s5) | s5 = any [ br0 -> {_14 = false} (! bb8) | br1 -> {_14} (! bb7) ] ] | bb7 = return' {_0} | bb8 = {[%#sbranch_borrow_29] false} any ] ) [ & _0 : () = any_l () - | & a : int32 = any_l () - | & b : int32 = any_l () - | & c : int32 = any_l () - | & x : borrowed int32 = any_l () - | & y : borrowed int32 = any_l () - | & z : borrowed int32 = any_l () - | & w : borrowed int32 = any_l () - | & _11 : borrowed int32 = any_l () - | & _12 : borrowed int32 = any_l () + | & a : Int32.t = any_l () + | & b : Int32.t = any_l () + | & c : Int32.t = any_l () + | & x : borrowed Int32.t = any_l () + | & y : borrowed Int32.t = any_l () + | & z : borrowed Int32.t = any_l () + | & w : borrowed Int32.t = any_l () + | & _11 : borrowed Int32.t = any_l () + | & _12 : borrowed Int32.t = any_l () | & _14 : bool = any_l () ] [ return' (result:())-> (! return' {result}) ] end @@ -89,10 +96,12 @@ module M_branch_borrow_2__g [#"branch_borrow_2.rs" 35 0 35 10] let%span sbranch_borrow_21 = "branch_borrow_2.rs" 36 34 36 35 let%span sresolve2 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 type t_MyInt'0 = - { t_MyInt__0'0: usize } + { t_MyInt__0'0: UInt64.t } use prelude.prelude.Borrow @@ -114,8 +123,8 @@ module M_branch_borrow_2__g [#"branch_borrow_2.rs" 35 0 35 10] let rec g'0 (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 - [ s0 = [ &_2 <- { t_MyInt__0'0 = ([%#sbranch_borrow_20] (10 : usize)) } ] s1 - | s1 = [ &_3 <- { t_MyInt__0'0 = ([%#sbranch_borrow_21] (5 : usize)) } ] s2 + [ s0 = [ &_2 <- { t_MyInt__0'0 = ([%#sbranch_borrow_20] (10 : UInt64.t)) } ] s1 + | s1 = [ &_3 <- { t_MyInt__0'0 = ([%#sbranch_borrow_21] (5 : UInt64.t)) } ] s2 | s2 = [ &a <- (_2, _3) ] s3 | s3 = Borrow.borrow_mut <(t_MyInt'0, t_MyInt'0)> {a} (fun (_ret':borrowed (t_MyInt'0, t_MyInt'0)) -> [ &b <- _ret' ] [ &a <- _ret'.final ] s4) @@ -152,14 +161,16 @@ module M_branch_borrow_2__h [#"branch_borrow_2.rs" 45 0 45 10] let%span sbranch_borrow_24 = "branch_borrow_2.rs" 56 13 56 14 let%span sresolve5 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 + use prelude.prelude.Int + use prelude.prelude.Int32 use prelude.prelude.Borrow - predicate resolve'1 (self : borrowed int32) = + predicate resolve'1 (self : borrowed Int32.t) = [%#sresolve5] self.final = self.current - predicate resolve'0 (_1 : borrowed int32) = + predicate resolve'0 (_1 : borrowed Int32.t) = resolve'1 _1 use prelude.prelude.Intrinsic @@ -168,34 +179,36 @@ module M_branch_borrow_2__h [#"branch_borrow_2.rs" 45 0 45 10] let rec h'0 (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 - [ s0 = [ &a <- [%#sbranch_borrow_21] (10 : int32) ] s1 - | s1 = [ &b <- [%#sbranch_borrow_22] (10 : int32) ] s2 - | s2 = Borrow.borrow_mut {a} (fun (_ret':borrowed int32) -> [ &x <- _ret' ] [ &a <- _ret'.final ] s3) - | s3 = Borrow.borrow_mut {b} (fun (_ret':borrowed int32) -> [ &y <- _ret' ] [ &b <- _ret'.final ] s4) + [ s0 = [ &a <- [%#sbranch_borrow_21] (10 : Int32.t) ] s1 + | s1 = [ &b <- [%#sbranch_borrow_22] (10 : Int32.t) ] s2 + | s2 = Borrow.borrow_mut {a} + (fun (_ret':borrowed Int32.t) -> [ &x <- _ret' ] [ &a <- _ret'.final ] s3) + | s3 = Borrow.borrow_mut {b} + (fun (_ret':borrowed Int32.t) -> [ &y <- _ret' ] [ &b <- _ret'.final ] s4) | s4 = any [ br0 -> {false} (! bb2) | br1 -> {true} (! bb1) ] ] | bb1 = s0 [ s0 = -{resolve'0 y}- s1 - | s1 = [ &x <- { x with current = ([%#sbranch_borrow_23] (5 : int32)) } ] s2 + | s1 = [ &x <- { x with current = ([%#sbranch_borrow_23] (5 : Int32.t)) } ] s2 | s2 = [ &w <- x ] s3 | s3 = bb3 ] | bb2 = s0 [ s0 = -{resolve'0 x}- s1 - | s1 = [ &y <- { y with current = ([%#sbranch_borrow_24] (6 : int32)) } ] s2 - | s2 = Borrow.borrow_final {y.current} {Borrow.get_id y} - (fun (_ret':borrowed int32) -> [ &_9 <- _ret' ] [ &y <- { y with current = _ret'.final } ] s3) + | s1 = [ &y <- { y with current = ([%#sbranch_borrow_24] (6 : Int32.t)) } ] s2 + | s2 = Borrow.borrow_final {y.current} {Borrow.get_id y} + (fun (_ret':borrowed Int32.t) -> [ &_9 <- _ret' ] [ &y <- { y with current = _ret'.final } ] s3) | s3 = [ &w <- _9 ] s4 | s4 = bb3 ] | bb3 = s0 [ s0 = -{resolve'0 w}- s1 | s1 = -{resolve'0 y}- s2 | s2 = return' {_0} ] ] ) [ & _0 : () = any_l () - | & a : int32 = any_l () - | & b : int32 = any_l () - | & x : borrowed int32 = any_l () - | & y : borrowed int32 = any_l () - | & w : borrowed int32 = any_l () - | & _9 : borrowed int32 = any_l () ] + | & a : Int32.t = any_l () + | & b : Int32.t = any_l () + | & x : borrowed Int32.t = any_l () + | & y : borrowed Int32.t = any_l () + | & w : borrowed Int32.t = any_l () + | & _9 : borrowed Int32.t = any_l () ] [ return' (result:())-> (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/lang/const.coma b/creusot/tests/should_succeed/lang/const.coma index aef5814cea..7bf078cbdd 100644 --- a/creusot/tests/should_succeed/lang/const.coma +++ b/creusot/tests/should_succeed/lang/const.coma @@ -2,15 +2,17 @@ module M_const__foo [#"const.rs" 8 0 8 21] let%span sconst0 = "const.rs" 9 4 9 7 let%span sconst1 = "const.rs" 7 10 7 27 - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 use prelude.prelude.Intrinsic meta "compute_max_steps" 1000000 - let rec foo'0 (_1:()) (return' (ret:usize))= (! bb0 - [ bb0 = s0 [ s0 = [ &_0 <- [%#sconst0] (42 : usize) ] s1 | s1 = return' {_0} ] ] - ) [ & _0 : usize = any_l () ] - [ return' (result:usize)-> {[@expl:foo ensures] [%#sconst1] result = (42 : usize)} (! return' {result}) ] + let rec foo'0 (_1:()) (return' (ret:UInt64.t))= (! bb0 + [ bb0 = s0 [ s0 = [ &_0 <- [%#sconst0] (42 : UInt64.t) ] s1 | s1 = return' {_0} ] ] + ) [ & _0 : UInt64.t = any_l () ] + [ return' (result:UInt64.t)-> {[@expl:foo ensures] [%#sconst1] result = (42 : UInt64.t)} (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/lang/float_ops.coma b/creusot/tests/should_succeed/lang/float_ops.coma index 16790807d5..815462d523 100644 --- a/creusot/tests/should_succeed/lang/float_ops.coma +++ b/creusot/tests/should_succeed/lang/float_ops.coma @@ -1,6 +1,6 @@ module M_float_ops__eq [#"float_ops.rs" 8 0 8 19] - let%span sfloat_ops0 = "float_ops.rs" 9 4 9 7 - let%span sfloat_ops1 = "float_ops.rs" 9 11 9 14 + let%span sfloat_ops0 = "float_ops.rs" 9 11 9 14 + let%span sfloat_ops1 = "float_ops.rs" 9 4 9 7 let%span sfloat_ops2 = "float_ops.rs" 7 10 7 25 use prelude.prelude.Float64 @@ -11,7 +11,7 @@ module M_float_ops__eq [#"float_ops.rs" 8 0 8 19] let rec eq'0 (_1:()) (return' (ret:bool))= (! bb0 [ bb0 = s0 - [ s0 = Float64.eq {[%#sfloat_ops0] (1.0 : Float64.t)} {[%#sfloat_ops1] (2.0 : Float64.t)} + [ s0 = Float64.eq {[%#sfloat_ops1] (1.0 : Float64.t)} {[%#sfloat_ops0] (2.0 : Float64.t)} (fun (_ret':bool) -> [ &_0 <- _ret' ] s1) | s1 = return' {_0} ] ] @@ -20,8 +20,8 @@ module M_float_ops__eq [#"float_ops.rs" 8 0 8 19] end module M_float_ops__lt [#"float_ops.rs" 13 0 13 19] - let%span sfloat_ops0 = "float_ops.rs" 14 4 14 7 - let%span sfloat_ops1 = "float_ops.rs" 14 10 14 13 + let%span sfloat_ops0 = "float_ops.rs" 14 10 14 13 + let%span sfloat_ops1 = "float_ops.rs" 14 4 14 7 let%span sfloat_ops2 = "float_ops.rs" 12 10 12 24 use prelude.prelude.Float64 @@ -32,7 +32,7 @@ module M_float_ops__lt [#"float_ops.rs" 13 0 13 19] let rec lt'0 (_1:()) (return' (ret:bool))= (! bb0 [ bb0 = s0 - [ s0 = Float64.lt {[%#sfloat_ops0] (1.0 : Float64.t)} {[%#sfloat_ops1] (2.0 : Float64.t)} + [ s0 = Float64.lt {[%#sfloat_ops1] (1.0 : Float64.t)} {[%#sfloat_ops0] (2.0 : Float64.t)} (fun (_ret':bool) -> [ &_0 <- _ret' ] s1) | s1 = return' {_0} ] ] @@ -41,8 +41,8 @@ module M_float_ops__lt [#"float_ops.rs" 13 0 13 19] end module M_float_ops__le [#"float_ops.rs" 18 0 18 19] - let%span sfloat_ops0 = "float_ops.rs" 19 4 19 7 - let%span sfloat_ops1 = "float_ops.rs" 19 11 19 14 + let%span sfloat_ops0 = "float_ops.rs" 19 11 19 14 + let%span sfloat_ops1 = "float_ops.rs" 19 4 19 7 let%span sfloat_ops2 = "float_ops.rs" 17 10 17 24 use prelude.prelude.Float64 @@ -53,7 +53,7 @@ module M_float_ops__le [#"float_ops.rs" 18 0 18 19] let rec le'0 (_1:()) (return' (ret:bool))= (! bb0 [ bb0 = s0 - [ s0 = Float64.le {[%#sfloat_ops0] (1.0 : Float64.t)} {[%#sfloat_ops1] (2.0 : Float64.t)} + [ s0 = Float64.le {[%#sfloat_ops1] (1.0 : Float64.t)} {[%#sfloat_ops0] (2.0 : Float64.t)} (fun (_ret':bool) -> [ &_0 <- _ret' ] s1) | s1 = return' {_0} ] ] @@ -62,8 +62,8 @@ module M_float_ops__le [#"float_ops.rs" 18 0 18 19] end module M_float_ops__gt [#"float_ops.rs" 23 0 23 19] - let%span sfloat_ops0 = "float_ops.rs" 24 4 24 7 - let%span sfloat_ops1 = "float_ops.rs" 24 10 24 13 + let%span sfloat_ops0 = "float_ops.rs" 24 10 24 13 + let%span sfloat_ops1 = "float_ops.rs" 24 4 24 7 let%span sfloat_ops2 = "float_ops.rs" 22 10 22 24 use prelude.prelude.Float64 @@ -74,7 +74,7 @@ module M_float_ops__gt [#"float_ops.rs" 23 0 23 19] let rec gt'0 (_1:()) (return' (ret:bool))= (! bb0 [ bb0 = s0 - [ s0 = Float64.gt {[%#sfloat_ops0] (2.0 : Float64.t)} {[%#sfloat_ops1] (1.0 : Float64.t)} + [ s0 = Float64.gt {[%#sfloat_ops1] (2.0 : Float64.t)} {[%#sfloat_ops0] (1.0 : Float64.t)} (fun (_ret':bool) -> [ &_0 <- _ret' ] s1) | s1 = return' {_0} ] ] @@ -83,8 +83,8 @@ module M_float_ops__gt [#"float_ops.rs" 23 0 23 19] end module M_float_ops__ge [#"float_ops.rs" 28 0 28 19] - let%span sfloat_ops0 = "float_ops.rs" 29 4 29 7 - let%span sfloat_ops1 = "float_ops.rs" 29 11 29 14 + let%span sfloat_ops0 = "float_ops.rs" 29 11 29 14 + let%span sfloat_ops1 = "float_ops.rs" 29 4 29 7 let%span sfloat_ops2 = "float_ops.rs" 27 10 27 24 use prelude.prelude.Float64 @@ -95,7 +95,7 @@ module M_float_ops__ge [#"float_ops.rs" 28 0 28 19] let rec ge'0 (_1:()) (return' (ret:bool))= (! bb0 [ bb0 = s0 - [ s0 = Float64.ge {[%#sfloat_ops0] (2.0 : Float64.t)} {[%#sfloat_ops1] (1.0 : Float64.t)} + [ s0 = Float64.ge {[%#sfloat_ops1] (2.0 : Float64.t)} {[%#sfloat_ops0] (1.0 : Float64.t)} (fun (_ret':bool) -> [ &_0 <- _ret' ] s1) | s1 = return' {_0} ] ] @@ -104,8 +104,8 @@ module M_float_ops__ge [#"float_ops.rs" 28 0 28 19] end module M_float_ops__neg [#"float_ops.rs" 33 0 33 20] - let%span sfloat_ops0 = "float_ops.rs" 34 4 34 8 - let%span sfloat_ops1 = "float_ops.rs" 34 12 34 15 + let%span sfloat_ops0 = "float_ops.rs" 34 12 34 15 + let%span sfloat_ops1 = "float_ops.rs" 34 4 34 8 let%span sfloat_ops2 = "float_ops.rs" 32 10 32 24 use prelude.prelude.Float64 @@ -116,7 +116,7 @@ module M_float_ops__neg [#"float_ops.rs" 33 0 33 20] let rec neg'0 (_1:()) (return' (ret:bool))= (! bb0 [ bb0 = s0 - [ s0 = Float64.le {[%#sfloat_ops0] (-2.0 : Float64.t)} {[%#sfloat_ops1] (1.0 : Float64.t)} + [ s0 = Float64.le {[%#sfloat_ops1] (-2.0 : Float64.t)} {[%#sfloat_ops0] (1.0 : Float64.t)} (fun (_ret':bool) -> [ &_0 <- _ret' ] s1) | s1 = return' {_0} ] ] diff --git a/creusot/tests/should_succeed/lang/literals.coma b/creusot/tests/should_succeed/lang/literals.coma index 6fe5636997..c680fcb952 100644 --- a/creusot/tests/should_succeed/lang/literals.coma +++ b/creusot/tests/should_succeed/lang/literals.coma @@ -2,8 +2,8 @@ module M_literals__float_operation [#"literals.rs" 3 0 3 31] let%span sliterals0 = "literals.rs" 4 17 4 20 let%span sliterals1 = "literals.rs" 6 11 6 17 let%span sliterals2 = "literals.rs" 6 21 6 24 - let%span sliterals3 = "literals.rs" 7 8 7 11 - let%span sliterals4 = "literals.rs" 7 14 7 17 + let%span sliterals3 = "literals.rs" 7 14 7 17 + let%span sliterals4 = "literals.rs" 7 8 7 11 let%span sliterals5 = "literals.rs" 9 8 9 11 use prelude.prelude.Float32 @@ -21,7 +21,7 @@ module M_literals__float_operation [#"literals.rs" 3 0 3 31] | s3 = any [ br0 -> {_2 = false} (! bb2) | br1 -> {_2} (! bb1) ] ] | bb1 = s0 - [ s0 = Float32.sub {[%#sliterals3] (3.0 : Float32.t)} {[%#sliterals4] (1.0 : Float32.t)} + [ s0 = Float32.sub {[%#sliterals4] (3.0 : Float32.t)} {[%#sliterals3] (1.0 : Float32.t)} (fun (_ret':Float32.t) -> [ &_0 <- _ret' ] s1) | s1 = bb3 ] diff --git a/creusot/tests/should_succeed/lang/module_paths.coma b/creusot/tests/should_succeed/lang/module_paths.coma index 8f352dc5e1..c7174217c0 100644 --- a/creusot/tests/should_succeed/lang/module_paths.coma +++ b/creusot/tests/should_succeed/lang/module_paths.coma @@ -1,16 +1,18 @@ module M_module_paths__test [#"module_paths.rs" 22 0 22 51] use prelude.prelude.Intrinsic + use prelude.prelude.Int + use prelude.prelude.UInt32 type t_T'0 = - { t_T__0'0: uint32 } + { t_T__0'0: UInt32.t } type t_S'0 = { t_S__0'0: t_T'0 } type t_O'0 = - { t_O__0'0: uint32 } + { t_O__0'0: UInt32.t } type t_T'1 = { t_T__0'1: t_T'0 } diff --git a/creusot/tests/should_succeed/lang/move_path.coma b/creusot/tests/should_succeed/lang/move_path.coma index 228373a295..ddfb0e54a9 100644 --- a/creusot/tests/should_succeed/lang/move_path.coma +++ b/creusot/tests/should_succeed/lang/move_path.coma @@ -3,14 +3,16 @@ module M_move_path__f [#"move_path.rs" 3 0 3 10] let%span smove_path1 = "move_path.rs" 10 17 10 18 let%span sresolve2 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 + use prelude.prelude.Int + use prelude.prelude.Int32 use prelude.prelude.Borrow - predicate resolve'1 (self : borrowed int32) = + predicate resolve'1 (self : borrowed Int32.t) = [%#sresolve2] self.final = self.current - predicate resolve'0 (_1 : borrowed int32) = + predicate resolve'0 (_1 : borrowed Int32.t) = resolve'1 _1 use prelude.prelude.Intrinsic @@ -19,19 +21,20 @@ module M_move_path__f [#"move_path.rs" 3 0 3 10] let rec f'0 (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 - [ s0 = [ &x <- [%#smove_path0] (1 : int32) ] s1 - | s1 = Borrow.borrow_mut {x} (fun (_ret':borrowed int32) -> [ &y <- _ret' ] [ &x <- _ret'.final ] s2) + [ s0 = [ &x <- [%#smove_path0] (1 : Int32.t) ] s1 + | s1 = Borrow.borrow_mut {x} + (fun (_ret':borrowed Int32.t) -> [ &y <- _ret' ] [ &x <- _ret'.final ] s2) | s2 = [ &d <- y ] s3 | s3 = [ &z <- d ] s4 - | s4 = [ &z <- { z with current = ([%#smove_path1] (2 : int32)) } ] s5 + | s4 = [ &z <- { z with current = ([%#smove_path1] (2 : Int32.t)) } ] s5 | s5 = -{resolve'0 z}- s6 | s6 = return' {_0} ] ] ) [ & _0 : () = any_l () - | & x : int32 = any_l () - | & y : borrowed int32 = any_l () - | & d : borrowed int32 = any_l () - | & z : borrowed int32 = any_l () ] + | & x : Int32.t = any_l () + | & y : borrowed Int32.t = any_l () + | & d : borrowed Int32.t = any_l () + | & z : borrowed Int32.t = any_l () ] [ return' (result:())-> (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/lang/multiple_scopes.coma b/creusot/tests/should_succeed/lang/multiple_scopes.coma index e8fc56fb3c..aea1549404 100644 --- a/creusot/tests/should_succeed/lang/multiple_scopes.coma +++ b/creusot/tests/should_succeed/lang/multiple_scopes.coma @@ -3,6 +3,8 @@ module M_multiple_scopes__multiple_scopes [#"multiple_scopes.rs" 4 0 4 24] let%span smultiple_scopes1 = "multiple_scopes.rs" 6 13 6 14 let%span smultiple_scopes2 = "multiple_scopes.rs" 8 17 8 18 + use prelude.prelude.Int + use prelude.prelude.Int32 use prelude.prelude.Intrinsic @@ -11,13 +13,13 @@ module M_multiple_scopes__multiple_scopes [#"multiple_scopes.rs" 4 0 4 24] let rec multiple_scopes'0 (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 - [ s0 = [ &_x <- [%#smultiple_scopes0] (1 : int32) ] s1 - | s1 = [ &_y <- [%#smultiple_scopes1] (2 : int32) ] s2 - | s2 = [ &_y1 <- [%#smultiple_scopes2] (3 : int32) ] s3 + [ s0 = [ &_x <- [%#smultiple_scopes0] (1 : Int32.t) ] s1 + | s1 = [ &_y <- [%#smultiple_scopes1] (2 : Int32.t) ] s2 + | s2 = [ &_y1 <- [%#smultiple_scopes2] (3 : Int32.t) ] s3 | s3 = [ &_x <- _y1 ] s4 | s4 = return' {_0} ] ] - ) [ & _0 : () = any_l () | & _x : int32 = any_l () | & _y : int32 = any_l () | & _y1 : int32 = any_l () ] + ) [ & _0 : () = any_l () | & _x : Int32.t = any_l () | & _y : Int32.t = any_l () | & _y1 : Int32.t = any_l () ] [ return' (result:())-> (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/lang/promoted_constants.coma b/creusot/tests/should_succeed/lang/promoted_constants.coma index 113f38601c..868a710824 100644 --- a/creusot/tests/should_succeed/lang/promoted_constants.coma +++ b/creusot/tests/should_succeed/lang/promoted_constants.coma @@ -3,11 +3,13 @@ module M_promoted_constants__promoted_none [#"promoted_constants.rs" 3 0 3 22] let%span spromoted_constants1 = "promoted_constants.rs" 6 17 6 19 let%span spromoted_constants2 = "promoted_constants.rs" 6 28 6 30 + use prelude.prelude.Int + use prelude.prelude.Int32 type t_Option'0 = | C_None'0 - | C_Some'0 int32 + | C_Some'0 Int32.t use prelude.prelude.Borrow @@ -15,7 +17,7 @@ module M_promoted_constants__promoted_none [#"promoted_constants.rs" 3 0 3 22] let rec promoted1__promoted_none'0 (return' (ret:t_Option'0))= bb0 [ bb0 = s0 - [ s0 = [ &_1 <- C_Some'0 ([%#spromoted_constants1] (42 : int32)) ] s1 + [ s0 = [ &_1 <- C_Some'0 ([%#spromoted_constants1] (42 : Int32.t)) ] s1 | s1 = [ &_0 <- _1 ] s2 | s2 = return' {_0} ] ] @@ -25,7 +27,7 @@ module M_promoted_constants__promoted_none [#"promoted_constants.rs" 3 0 3 22] let rec promoted0__promoted_none'0 (return' (ret:t_Option'0))= bb0 [ bb0 = s0 - [ s0 = [ &_1 <- C_Some'0 ([%#spromoted_constants2] (43 : int32)) ] s1 + [ s0 = [ &_1 <- C_Some'0 ([%#spromoted_constants2] (43 : Int32.t)) ] s1 | s1 = [ &_0 <- _1 ] s2 | s2 = return' {_0} ] ] @@ -37,19 +39,19 @@ module M_promoted_constants__promoted_none [#"promoted_constants.rs" 3 0 3 22] let rec promoted_none'0 (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 - [ s0 = [ &_ix <- C_Some'0 ([%#spromoted_constants0] (0 : int32)) ] s1 + [ s0 = [ &_ix <- C_Some'0 ([%#spromoted_constants0] (0 : Int32.t)) ] s1 | s1 = promoted1__promoted_none'0 (fun (pr1:t_Option'0) -> [ &_11 <- pr1 ] s2) | s2 = promoted0__promoted_none'0 (fun (pr0:t_Option'0) -> [ &_10 <- pr0 ] s3) | s3 = [ &_2 <- (_11, _10) ] s4 | s4 = any [ br0 -> {(let (r'0, _) = _2 in r'0) = C_None'0 } (! bb2) - | br1 (x0:int32)-> {(let (r'0, _) = _2 in r'0) = C_Some'0 x0} (! bb6) ] + | br1 (x0:Int32.t)-> {(let (r'0, _) = _2 in r'0) = C_Some'0 x0} (! bb6) ] ] | bb6 = bb1 | bb2 = any [ br0 -> {(let (_, r'0) = _2 in r'0) = C_None'0 } (! bb3) - | br1 (x0:int32)-> {(let (_, r'0) = _2 in r'0) = C_Some'0 x0} (! bb1) ] + | br1 (x0:Int32.t)-> {(let (_, r'0) = _2 in r'0) = C_Some'0 x0} (! bb1) ] | bb1 = return' {_0} | bb3 = bb4 @@ -64,40 +66,42 @@ module M_promoted_constants__promoted_none [#"promoted_constants.rs" 3 0 3 22] end module M_promoted_constants__promoted_int [#"promoted_constants.rs" 12 0 12 21] let%span spromoted_constants0 = "promoted_constants.rs" 15 14 15 16 - let%span spromoted_constants1 = "promoted_constants.rs" 13 15 13 16 - let%span spromoted_constants2 = "promoted_constants.rs" 13 19 13 20 + let%span spromoted_constants1 = "promoted_constants.rs" 13 19 13 20 + let%span spromoted_constants2 = "promoted_constants.rs" 13 15 13 16 let%span spromoted_constants3 = "promoted_constants.rs" 13 23 13 25 use prelude.prelude.Int32 + use prelude.prelude.Int + use prelude.prelude.Borrow use prelude.prelude.Intrinsic - let rec promoted0__promoted_int'0 (return' (ret:int32))= bb0 + let rec promoted0__promoted_int'0 (return' (ret:Int32.t))= bb0 [ bb0 = s0 - [ s0 = Int32.add {[%#spromoted_constants1] (1 : int32)} {[%#spromoted_constants2] (5 : int32)} - (fun (_ret':int32) -> [ &_2 <- _ret' ] s1) - | s1 = Int32.add {_2} {[%#spromoted_constants3] (10 : int32)} (fun (_ret':int32) -> [ &_1 <- _ret' ] s2) + [ s0 = Int32.add {[%#spromoted_constants2] (1 : Int32.t)} {[%#spromoted_constants1] (5 : Int32.t)} + (fun (_ret':Int32.t) -> [ &_2 <- _ret' ] s1) + | s1 = Int32.add {_2} {[%#spromoted_constants3] (10 : Int32.t)} (fun (_ret':Int32.t) -> [ &_1 <- _ret' ] s2) | s2 = [ &_0 <- _1 ] s3 | s3 = return' {_0} ] ] - [ & _0 : int32 = any_l () | & _1 : int32 = any_l () | & _2 : int32 = any_l () ] - [ return' (result:int32)-> return' {result} ] + [ & _0 : Int32.t = any_l () | & _1 : Int32.t = any_l () | & _2 : Int32.t = any_l () ] + [ return' (result:Int32.t)-> return' {result} ] meta "compute_max_steps" 1000000 let rec promoted_int'0 (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 - [ s0 = promoted0__promoted_int'0 (fun (pr0:int32) -> [ &_9 <- pr0 ] s1) + [ s0 = promoted0__promoted_int'0 (fun (pr0:Int32.t) -> [ &_9 <- pr0 ] s1) | s1 = [ &ix <- _9 ] s2 - | s2 = Int32.ne {ix} {[%#spromoted_constants0] (16 : int32)} (fun (_ret':bool) -> [ &_4 <- _ret' ] s3) + | s2 = Int32.ne {ix} {[%#spromoted_constants0] (16 : Int32.t)} (fun (_ret':bool) -> [ &_4 <- _ret' ] s3) | s3 = any [ br0 -> {_4 = false} (! bb2) | br1 -> {_4} (! bb1) ] ] | bb1 = {false} any | bb2 = return' {_0} ] - ) [ & _0 : () = any_l () | & ix : int32 = any_l () | & _4 : bool = any_l () | & _9 : int32 = any_l () ] + ) [ & _0 : () = any_l () | & ix : Int32.t = any_l () | & _4 : bool = any_l () | & _9 : Int32.t = any_l () ] [ return' (result:())-> (! return' {result}) ] end @@ -112,16 +116,18 @@ module M_promoted_constants__string [#"promoted_constants.rs" 20 0 20 25] type t_Unique'0 = { t_Unique__pointer'0: t_NonNull'0; t_Unique__qy95zmarker'0: () } - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 type t_Cap'0 = - { t_Cap__0'0: usize } + { t_Cap__0'0: UInt64.t } type t_RawVec'0 = { t_RawVec__ptr'0: t_Unique'0; t_RawVec__cap'0: t_Cap'0; t_RawVec__alloc'0: () } type t_Vec'0 = - { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: usize } + { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: UInt64.t } type t_String'0 = { t_String__vec'0: t_Vec'0 } diff --git a/creusot/tests/should_succeed/lang/promoted_constants/why3session.xml b/creusot/tests/should_succeed/lang/promoted_constants/why3session.xml index b4453658e5..b6115117c1 100644 --- a/creusot/tests/should_succeed/lang/promoted_constants/why3session.xml +++ b/creusot/tests/should_succeed/lang/promoted_constants/why3session.xml @@ -6,13 +6,13 @@ - - + + - - + + diff --git a/creusot/tests/should_succeed/lang/promoted_constants/why3shapes.gz b/creusot/tests/should_succeed/lang/promoted_constants/why3shapes.gz index 99c422913e7ceb169771f0c0bb154f72351164c5..f1072f2688ca0f549922279a67559010345fa75c 100644 GIT binary patch literal 278 zcmV+x0qOo9iwFP!00000|D}&hPs1<}gzx?pIYJSVAF;N({4=!9CvR@=%cfo=BAH#IuqlwM+VG){G1_in1z@ej zhQudc!lrXVqsls*gVWsS6Y5O{bmiZCqb`IDB^jM_Cq!x(rx~Rg=4qO1YrzPeC*%PmTZmk9LoEZ# c=GJNqoN-cEY;;aC7MCdc0$36v4PgQR09s6ea{vGU literal 177 zcmV;i08alOiwFP!00000|80!B4uU`s0Q>ujD;1mDdn{l=VPl}7q$TU^5h(^K2blkm+?99ycw(x>K}Mmz- {a} (fun (_ret':borrowed (t_Option'0)) -> [ &b <- _ret' ] [ &a <- _ret'.final ] s2) | s2 = [ &old_1_0 <- Snapshot.new b ] s3 @@ -39,7 +41,7 @@ module M_while_let__f [#"while_let.rs" 4 0 4 10] [ bb1 = {[@expl:mut invariant] (Snapshot.inner old_1_0).final = b.final} {[@expl:loop invariant] [%#swhile_let1] true} (! s0) [ s0 = bb2 ] - [ bb2 = any [ br0 -> {b.current = C_None'0 } (! bb5) | br1 (x0:int32)-> {b.current = C_Some'0 x0} (! bb3) ] + [ bb2 = any [ br0 -> {b.current = C_None'0 } (! bb5) | br1 (x0:Int32.t)-> {b.current = C_Some'0 x0} (! bb3) ] | bb3 = bb4 | bb4 = s0 [ s0 = [ &_6 <- C_None'0 ] s1 | s1 = [ &b <- { b with current = _6 } ] s2 | s2 = bb1 ] ] ] diff --git a/creusot/tests/should_succeed/lang/while_let/why3session.xml b/creusot/tests/should_succeed/lang/while_let/why3session.xml index 25a259a485..1263ebec7d 100644 --- a/creusot/tests/should_succeed/lang/while_let/why3session.xml +++ b/creusot/tests/should_succeed/lang/while_let/why3session.xml @@ -6,8 +6,8 @@ - - + + diff --git a/creusot/tests/should_succeed/lang/while_let/why3shapes.gz b/creusot/tests/should_succeed/lang/while_let/why3shapes.gz index c86b6850177c715ebe1583390f3ffc7b869234d1..7c362fdc3e596bcbbc9cf16b7e14b798c49483ae 100644 GIT binary patch literal 162 zcmV;T0A2qdiwFP!00000|DBIb3xYrt0Pp)N_GWo{`=uCkh+xTcuvdBN6Q$gh)sp^w zQP92aGXt|p`P}0~Grv=uhv0WS+9=pNg6$kGrqNf$>5Mx-WO~wlzt8*ABfkuD> zCqAr`CPwx Ql8Y0tCmdSUy#xUO0AP+xJpcdz literal 162 zcmV;T0A2qdiwFP!00000|DBIP3xY5lNALR-yIG#LX>$Y~B9J@>yUI`fOQYOmTGF=< z3cA<*y$5fT^7(>^X8xc!yWsa+^K{ElVsIWeIPWRK(~3647*^_&@rq+}4kIO^lfnus zKdeaE Q;qoNd3(Ks+tpou80G8uTLI3~& diff --git a/creusot/tests/should_succeed/list_index_mut.coma b/creusot/tests/should_succeed/list_index_mut.coma index 831d849e46..fae939cc13 100644 --- a/creusot/tests/should_succeed/list_index_mut.coma +++ b/creusot/tests/should_succeed/list_index_mut.coma @@ -20,7 +20,21 @@ module M_list_index_mut__index_mut [#"list_index_mut.rs" 37 0 37 61] let%span soption18 = "../../../creusot-contracts/src/std/option.rs" 64 20 65 100 let%span soption19 = "../../../creusot-contracts/src/std/option.rs" 31 0 423 1 let%span smodel20 = "../../../creusot-contracts/src/model.rs" 88 8 88 22 - let%span sresolve21 = "../../../creusot-contracts/src/resolve.rs" 54 20 54 34 + let%span sord21 = "../../../creusot-contracts/src/logic/ord.rs" 78 39 78 89 + let%span sord22 = "../../../creusot-contracts/src/logic/ord.rs" 83 39 83 86 + let%span sord23 = "../../../creusot-contracts/src/logic/ord.rs" 88 39 88 86 + let%span sord24 = "../../../creusot-contracts/src/logic/ord.rs" 93 39 93 89 + let%span sord25 = "../../../creusot-contracts/src/logic/ord.rs" 98 39 98 70 + let%span sord26 = "../../../creusot-contracts/src/logic/ord.rs" 103 40 103 57 + let%span sord27 = "../../../creusot-contracts/src/logic/ord.rs" 104 40 104 57 + let%span sord28 = "../../../creusot-contracts/src/logic/ord.rs" 105 39 105 56 + let%span sord29 = "../../../creusot-contracts/src/logic/ord.rs" 110 40 110 70 + let%span sord30 = "../../../creusot-contracts/src/logic/ord.rs" 111 39 111 72 + let%span sord31 = "../../../creusot-contracts/src/logic/ord.rs" 116 40 116 73 + let%span sord32 = "../../../creusot-contracts/src/logic/ord.rs" 117 39 117 69 + let%span sord33 = "../../../creusot-contracts/src/logic/ord.rs" 122 39 122 84 + let%span sresolve34 = "../../../creusot-contracts/src/resolve.rs" 54 20 54 34 + let%span sord35 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 use prelude.prelude.Snapshot @@ -36,7 +50,7 @@ module M_list_index_mut__index_mut [#"list_index_mut.rs" 37 0 37 61] | C_None'0 | C_Some'1 (t_List'0) with t_List'0 = - { t_List__0'0: uint32; t_List__1'0: t_Option'0 } + { t_List__0'0: UInt32.t; t_List__1'0: t_Option'0 } function len'0 [#"list_index_mut.rs" 7 4 7 29] (self : t_List'0) : int = [%#slist_index_mut14] let {t_List__1'0 = ls} = self in 1 @@ -45,11 +59,11 @@ module M_list_index_mut__index_mut [#"list_index_mut.rs" 37 0 37 61] | C_None'0 -> 0 end - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 type t_Option'2 = | C_None'1 - | C_Some'0 uint32 + | C_Some'0 UInt32.t function get'0 [#"list_index_mut.rs" 18 4 18 46] (self : t_List'0) (ix : int) : t_Option'2 = [%#slist_index_mut15] let {t_List__0'0 = i ; t_List__1'0 = ls} = self in if ix > 0 then @@ -63,18 +77,75 @@ module M_list_index_mut__index_mut [#"list_index_mut.rs" 37 0 37 61] use prelude.prelude.Snapshot - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 use prelude.prelude.Snapshot use prelude.prelude.Snapshot - function view'1 (self : usize) : int = - [%#smodel20] UIntSize.to_int self + function view'1 (self : UInt64.t) : int = + [%#smodel20] UInt64.to_uint self - function view'0 (self : Snapshot.snap_ty usize) : int = + function view'0 (self : Snapshot.snap_ty UInt64.t) : int = [%#ssnapshot16] view'1 (Snapshot.inner self) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 + + use prelude.prelude.UInt64 + + function cmp_log'0 (self : UInt64.t) (o : UInt64.t) : t_Ordering'0 = + [%#sord35] if UInt64.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + + function eq_cmp'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom eq_cmp'0_spec : forall x : UInt64.t, y : UInt64.t . [%#sord33] (x = y) = (cmp_log'0 x y = C_Equal'0) + + function antisym2'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom antisym2'0_spec : forall x : UInt64.t, y : UInt64.t . ([%#sord31] cmp_log'0 x y = C_Greater'0) + -> ([%#sord32] cmp_log'0 y x = C_Less'0) + + function antisym1'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom antisym1'0_spec : forall x : UInt64.t, y : UInt64.t . ([%#sord29] cmp_log'0 x y = C_Less'0) + -> ([%#sord30] cmp_log'0 y x = C_Greater'0) + + function trans'0 (x : UInt64.t) (y : UInt64.t) (z : UInt64.t) (o : t_Ordering'0) : () + + axiom trans'0_spec : forall x : UInt64.t, y : UInt64.t, z : UInt64.t, o : t_Ordering'0 . ([%#sord26] cmp_log'0 x y + = o) -> ([%#sord27] cmp_log'0 y z = o) -> ([%#sord28] cmp_log'0 x z = o) + + function refl'0 (x : UInt64.t) : () + + axiom refl'0_spec : forall x : UInt64.t . [%#sord25] cmp_log'0 x x = C_Equal'0 + + use prelude.prelude.UInt64 + + function cmp_gt_log'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom cmp_gt_log'0_spec : forall x : UInt64.t, y : UInt64.t . [%#sord24] UInt64.ugt x y + = (cmp_log'0 x y = C_Greater'0) + + use prelude.prelude.UInt64 + + function cmp_ge_log'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom cmp_ge_log'0_spec : forall x : UInt64.t, y : UInt64.t . [%#sord23] UInt64.uge x y = (cmp_log'0 x y <> C_Less'0) + + function cmp_lt_log'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom cmp_lt_log'0_spec : forall x : UInt64.t, y : UInt64.t . [%#sord22] UInt64.ult x y = (cmp_log'0 x y = C_Less'0) + + use prelude.prelude.UInt64 + + function cmp_le_log'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom cmp_le_log'0_spec : forall x : UInt64.t, y : UInt64.t . [%#sord21] UInt64.ule x y + = (cmp_log'0 x y <> C_Greater'0) + predicate inv'0 (_1 : borrowed (t_Option'0)) axiom inv_axiom'0 [@rewrite] : forall x : borrowed (t_Option'0) [inv'0 x] . inv'0 x = true @@ -110,21 +181,21 @@ module M_list_index_mut__index_mut [#"list_index_mut.rs" 37 0 37 61] predicate resolve'3 (self : borrowed (t_List'0)) = - [%#sresolve21] self.final = self.current + [%#sresolve34] self.final = self.current predicate resolve'0 (_1 : borrowed (t_List'0)) = resolve'3 _1 predicate resolve'4 (self : borrowed (t_List'0)) = - [%#sresolve21] self.final = self.current + [%#sresolve34] self.final = self.current predicate resolve'1 (_1 : borrowed (t_List'0)) = resolve'4 _1 - predicate resolve'5 (self : borrowed uint32) = - [%#sresolve21] self.final = self.current + predicate resolve'5 (self : borrowed UInt32.t) = + [%#sresolve34] self.final = self.current - predicate resolve'2 (_1 : borrowed uint32) = + predicate resolve'2 (_1 : borrowed UInt32.t) = resolve'5 _1 use prelude.prelude.Intrinsic @@ -133,27 +204,28 @@ module M_list_index_mut__index_mut [#"list_index_mut.rs" 37 0 37 61] meta "compute_max_steps" 1000000 - let rec index_mut'0 (l:borrowed (t_List'0)) (ix:usize) (return' (ret:borrowed uint32))= {[@expl:index_mut requires] [%#slist_index_mut9] UIntSize.to_int ix + let rec index_mut'0 (l:borrowed (t_List'0)) (ix:UInt64.t) (return' (ret:borrowed UInt32.t))= {[@expl:index_mut requires] [%#slist_index_mut9] UInt64.to_uint ix < len'0 l.current} (! bb0 [ bb0 = s0 [ s0 = [ &old_l <- [%#slist_index_mut0] Snapshot.new l ] s1 | s1 = bb1 ] | bb1 = s0 [ s0 = [ &old_ix <- [%#slist_index_mut1] Snapshot.new ix ] s1 | s1 = bb2 ] | bb2 = bb3 | bb3 = bb3 - [ bb3 = {[@expl:loop invariant #0] [%#slist_index_mut6] (0 : usize) <= ix /\ UIntSize.to_int ix < len'0 l.current} - {[@expl:loop invariant #1] [%#slist_index_mut5] get'0 l.current (UIntSize.to_int ix) + [ bb3 = {[@expl:loop invariant #0] [%#slist_index_mut6] UInt64.ule (0 : UInt64.t) ix + /\ UInt64.to_uint ix < len'0 l.current} + {[@expl:loop invariant #1] [%#slist_index_mut5] get'0 l.current (UInt64.to_uint ix) = get'0 (Snapshot.inner old_l).current (view'0 old_ix)} - {[@expl:loop invariant #2] [%#slist_index_mut4] get'0 l.final (UIntSize.to_int ix) + {[@expl:loop invariant #2] [%#slist_index_mut4] get'0 l.final (UInt64.to_uint ix) = get'0 (Snapshot.inner old_l).final (view'0 old_ix)} {[@expl:loop invariant #3] [%#slist_index_mut3] len'0 l.final = len'0 l.current -> len'0 (Snapshot.inner old_l).final = len'0 (Snapshot.inner old_l).current} {[@expl:loop invariant #4] [%#slist_index_mut2] (forall i : int . 0 <= i - /\ i < len'0 l.current /\ i <> UIntSize.to_int ix -> get'0 l.final i = get'0 l.current i) + /\ i < len'0 l.current /\ i <> UInt64.to_uint ix -> get'0 l.final i = get'0 l.current i) -> (forall i : int . 0 <= i /\ i < len'0 (Snapshot.inner old_l).current /\ i <> view'0 old_ix -> get'0 (Snapshot.inner old_l).final i = get'0 (Snapshot.inner old_l).current i)} (! s0) [ s0 = bb4 ] [ bb4 = s0 - [ s0 = UIntSize.gt {ix} {[%#slist_index_mut7] (0 : usize)} (fun (_ret':bool) -> [ &_20 <- _ret' ] s1) + [ s0 = UInt64.gt {ix} {[%#slist_index_mut7] (0 : UInt64.t)} (fun (_ret':bool) -> [ &_20 <- _ret' ] s1) | s1 = any [ br0 -> {_20 = false} (! bb8) | br1 -> {_20} (! bb5) ] ] | bb5 = s0 @@ -172,46 +244,46 @@ module M_list_index_mut__index_mut [#"list_index_mut.rs" 37 0 37 61] | s1 = -{resolve'0 l}- s2 | s2 = [ &l <- _22 ] s3 | s3 = -{resolve'1 _23}- s4 - | s4 = UIntSize.sub {ix} {[%#slist_index_mut8] (1 : usize)} (fun (_ret':usize) -> [ &ix <- _ret' ] s5) + | s4 = UInt64.sub {ix} {[%#slist_index_mut8] (1 : UInt64.t)} (fun (_ret':UInt64.t) -> [ &ix <- _ret' ] s5) | s5 = bb3 ] ] ] | bb8 = s0 - [ s0 = Borrow.borrow_final {(l.current).t_List__0'0} {Borrow.inherit_id (Borrow.get_id l) 1} - (fun (_ret':borrowed uint32) -> + [ s0 = Borrow.borrow_final {(l.current).t_List__0'0} {Borrow.inherit_id (Borrow.get_id l) 1} + (fun (_ret':borrowed UInt32.t) -> [ &_29 <- _ret' ] [ &l <- { l with current = { l.current with t_List__0'0 = _ret'.final } } ] s1) - | s1 = Borrow.borrow_final {_29.current} {Borrow.get_id _29} - (fun (_ret':borrowed uint32) -> [ &_3 <- _ret' ] [ &_29 <- { _29 with current = _ret'.final } ] s2) - | s2 = Borrow.borrow_final {_3.current} {Borrow.get_id _3} - (fun (_ret':borrowed uint32) -> [ &_0 <- _ret' ] [ &_3 <- { _3 with current = _ret'.final } ] s3) + | s1 = Borrow.borrow_final {_29.current} {Borrow.get_id _29} + (fun (_ret':borrowed UInt32.t) -> [ &_3 <- _ret' ] [ &_29 <- { _29 with current = _ret'.final } ] s2) + | s2 = Borrow.borrow_final {_3.current} {Borrow.get_id _3} + (fun (_ret':borrowed UInt32.t) -> [ &_0 <- _ret' ] [ &_3 <- { _3 with current = _ret'.final } ] s3) | s3 = -{resolve'2 _29}- s4 | s4 = -{resolve'2 _3}- s5 | s5 = -{resolve'0 l}- s6 | s6 = return' {_0} ] ] ) - [ & _0 : borrowed uint32 = any_l () + [ & _0 : borrowed UInt32.t = any_l () | & l : borrowed (t_List'0) = l - | & ix : usize = ix - | & _3 : borrowed uint32 = any_l () + | & ix : UInt64.t = ix + | & _3 : borrowed UInt32.t = any_l () | & old_l : Snapshot.snap_ty (borrowed (t_List'0)) = any_l () - | & old_ix : Snapshot.snap_ty usize = any_l () + | & old_ix : Snapshot.snap_ty UInt64.t = any_l () | & _20 : bool = any_l () | & _22 : borrowed (t_List'0) = any_l () | & _23 : borrowed (t_List'0) = any_l () | & _24 : t_Option'1 = any_l () | & _25 : borrowed (t_Option'0) = any_l () - | & _29 : borrowed uint32 = any_l () ] + | & _29 : borrowed UInt32.t = any_l () ] - [ return' (result:borrowed uint32)-> {[@expl:index_mut ensures #0] [%#slist_index_mut10] C_Some'0 (result.current) - = get'0 l.current (UIntSize.to_int ix)} - {[@expl:index_mut ensures #1] [%#slist_index_mut11] C_Some'0 (result.final) = get'0 l.final (UIntSize.to_int ix)} + [ return' (result:borrowed UInt32.t)-> {[@expl:index_mut ensures #0] [%#slist_index_mut10] C_Some'0 (result.current) + = get'0 l.current (UInt64.to_uint ix)} + {[@expl:index_mut ensures #1] [%#slist_index_mut11] C_Some'0 (result.final) = get'0 l.final (UInt64.to_uint ix)} {[@expl:index_mut ensures #2] [%#slist_index_mut12] len'0 l.final = len'0 l.current} {[@expl:index_mut ensures #3] [%#slist_index_mut13] forall i : int . 0 <= i - /\ i < len'0 l.current /\ i <> UIntSize.to_int ix -> get'0 l.current i = get'0 l.final i} + /\ i < len'0 l.current /\ i <> UInt64.to_uint ix -> get'0 l.current i = get'0 l.final i} (! return' {result}) ] end @@ -231,17 +303,17 @@ module M_list_index_mut__write [#"list_index_mut.rs" 63 0 63 45] use prelude.prelude.Borrow + use prelude.prelude.Int + use prelude.prelude.UInt32 type t_Option'0 = | C_None'0 | C_Some'1 (t_List'0) with t_List'0 = - { t_List__0'0: uint32; t_List__1'0: t_Option'0 } + { t_List__0'0: UInt32.t; t_List__1'0: t_Option'0 } - use prelude.prelude.UIntSize - - use prelude.prelude.Int + use prelude.prelude.UInt64 function len'0 [#"list_index_mut.rs" 7 4 7 29] (self : t_List'0) : int = [%#slist_index_mut9] let {t_List__1'0 = ls} = self in 1 @@ -252,7 +324,7 @@ module M_list_index_mut__write [#"list_index_mut.rs" 63 0 63 45] type t_Option'1 = | C_None'1 - | C_Some'0 uint32 + | C_Some'0 UInt32.t function get'0 [#"list_index_mut.rs" 18 4 18 46] (self : t_List'0) (ix : int) : t_Option'1 = [%#slist_index_mut10] let {t_List__0'0 = i ; t_List__1'0 = ls} = self in if ix > 0 then @@ -264,24 +336,24 @@ module M_list_index_mut__write [#"list_index_mut.rs" 63 0 63 45] C_Some'0 i - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 - let rec index_mut'0 (l:borrowed (t_List'0)) (ix:usize) (return' (ret:borrowed uint32))= {[@expl:index_mut requires] [%#slist_index_mut4] UIntSize.to_int ix + let rec index_mut'0 (l:borrowed (t_List'0)) (ix:UInt64.t) (return' (ret:borrowed UInt32.t))= {[@expl:index_mut requires] [%#slist_index_mut4] UInt64.to_uint ix < len'0 l.current} any - [ return' (result:borrowed uint32)-> {[%#slist_index_mut5] C_Some'0 (result.current) - = get'0 l.current (UIntSize.to_int ix)} - {[%#slist_index_mut6] C_Some'0 (result.final) = get'0 l.final (UIntSize.to_int ix)} + [ return' (result:borrowed UInt32.t)-> {[%#slist_index_mut5] C_Some'0 (result.current) + = get'0 l.current (UInt64.to_uint ix)} + {[%#slist_index_mut6] C_Some'0 (result.final) = get'0 l.final (UInt64.to_uint ix)} {[%#slist_index_mut7] len'0 l.final = len'0 l.current} - {[%#slist_index_mut8] forall i : int . 0 <= i /\ i < len'0 l.current /\ i <> UIntSize.to_int ix + {[%#slist_index_mut8] forall i : int . 0 <= i /\ i < len'0 l.current /\ i <> UInt64.to_uint ix -> get'0 l.current i = get'0 l.final i} (! return' {result}) ] - predicate resolve'2 (self : borrowed uint32) = + predicate resolve'2 (self : borrowed UInt32.t) = [%#sresolve11] self.final = self.current - predicate resolve'0 (_1 : borrowed uint32) = + predicate resolve'0 (_1 : borrowed UInt32.t) = resolve'2 _1 predicate resolve'3 (self : borrowed (t_List'0)) = @@ -294,13 +366,13 @@ module M_list_index_mut__write [#"list_index_mut.rs" 63 0 63 45] meta "compute_max_steps" 1000000 - let rec write'0 (l:borrowed (t_List'0)) (ix:usize) (v:uint32) (return' (ret:()))= {[@expl:write requires] [%#slist_index_mut0] UIntSize.to_int ix + let rec write'0 (l:borrowed (t_List'0)) (ix:UInt64.t) (v:UInt32.t) (return' (ret:()))= {[@expl:write requires] [%#slist_index_mut0] UInt64.to_uint ix < len'0 l.current} (! bb0 [ bb0 = s0 [ s0 = Borrow.borrow_final {l.current} {Borrow.get_id l} (fun (_ret':borrowed (t_List'0)) -> [ &_10 <- _ret' ] [ &l <- { l with current = _ret'.final } ] s1) - | s1 = index_mut'0 {_10} {ix} (fun (_ret':borrowed uint32) -> [ &_9 <- _ret' ] s2) + | s1 = index_mut'0 {_10} {ix} (fun (_ret':borrowed UInt32.t) -> [ &_9 <- _ret' ] s2) | s2 = bb1 ] | bb1 = s0 @@ -312,16 +384,16 @@ module M_list_index_mut__write [#"list_index_mut.rs" 63 0 63 45] ) [ & _0 : () = any_l () | & l : borrowed (t_List'0) = l - | & ix : usize = ix - | & v : uint32 = v - | & _9 : borrowed uint32 = any_l () + | & ix : UInt64.t = ix + | & v : UInt32.t = v + | & _9 : borrowed UInt32.t = any_l () | & _10 : borrowed (t_List'0) = any_l () ] [ return' (result:())-> {[@expl:write ensures #0] [%#slist_index_mut1] C_Some'0 v - = get'0 l.final (UIntSize.to_int ix)} + = get'0 l.final (UInt64.to_uint ix)} {[@expl:write ensures #1] [%#slist_index_mut2] len'0 l.final = len'0 l.current} {[@expl:write ensures #2] [%#slist_index_mut3] forall i : int . 0 <= i - /\ i < len'0 l.current /\ i <> UIntSize.to_int ix -> get'0 l.current i = get'0 l.final i} + /\ i < len'0 l.current /\ i <> UInt64.to_uint ix -> get'0 l.current i = get'0 l.final i} (! return' {result}) ] end @@ -338,21 +410,21 @@ module M_list_index_mut__f [#"list_index_mut.rs" 67 0 67 10] let%span slist_index_mut9 = "list_index_mut.rs" 17 4 17 12 let%span sresolve10 = "../../../creusot-contracts/src/resolve.rs" 54 20 54 34 + use prelude.prelude.Int + use prelude.prelude.UInt32 type t_List'0 = - { t_List__0'0: uint32; t_List__1'0: t_Option'0 } + { t_List__0'0: UInt32.t; t_List__1'0: t_Option'0 } with t_Option'0 = | C_None'0 | C_Some'0 (t_List'0) use prelude.prelude.Borrow - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 - use prelude.prelude.UIntSize - - use prelude.prelude.Int + use prelude.prelude.UInt64 function len'0 [#"list_index_mut.rs" 7 4 7 29] (self : t_List'0) : int = [%#slist_index_mut8] let {t_List__1'0 = ls} = self in 1 @@ -363,7 +435,7 @@ module M_list_index_mut__f [#"list_index_mut.rs" 67 0 67 10] type t_Option'1 = | C_None'1 - | C_Some'1 uint32 + | C_Some'1 UInt32.t function get'0 [#"list_index_mut.rs" 18 4 18 46] (self : t_List'0) (ix : int) : t_Option'1 = [%#slist_index_mut9] let {t_List__0'0 = i ; t_List__1'0 = ls} = self in if ix > 0 then @@ -375,12 +447,12 @@ module M_list_index_mut__f [#"list_index_mut.rs" 67 0 67 10] C_Some'1 i - let rec write'0 (l:borrowed (t_List'0)) (ix:usize) (v:uint32) (return' (ret:()))= {[@expl:write requires] [%#slist_index_mut4] UIntSize.to_int ix + let rec write'0 (l:borrowed (t_List'0)) (ix:UInt64.t) (v:UInt32.t) (return' (ret:()))= {[@expl:write requires] [%#slist_index_mut4] UInt64.to_uint ix < len'0 l.current} any - [ return' (result:())-> {[%#slist_index_mut5] C_Some'1 v = get'0 l.final (UIntSize.to_int ix)} + [ return' (result:())-> {[%#slist_index_mut5] C_Some'1 v = get'0 l.final (UInt64.to_uint ix)} {[%#slist_index_mut6] len'0 l.final = len'0 l.current} - {[%#slist_index_mut7] forall i : int . 0 <= i /\ i < len'0 l.current /\ i <> UIntSize.to_int ix + {[%#slist_index_mut7] forall i : int . 0 <= i /\ i < len'0 l.current /\ i <> UInt64.to_uint ix -> get'0 l.current i = get'0 l.final i} (! return' {result}) ] @@ -398,20 +470,20 @@ module M_list_index_mut__f [#"list_index_mut.rs" 67 0 67 10] let rec f'0 (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &_5 <- C_None'0 ] s1 - | s1 = [ &_4 <- { t_List__0'0 = ([%#slist_index_mut0] (10 : uint32)); t_List__1'0 = _5 } ] s2 + | s1 = [ &_4 <- { t_List__0'0 = ([%#slist_index_mut0] (10 : UInt32.t)); t_List__1'0 = _5 } ] s2 | s2 = bb1 ] | bb1 = bb2 | bb2 = s0 [ s0 = [ &_2 <- C_Some'0 _4 ] s1 | s1 = bb3 ] | bb3 = s0 - [ s0 = [ &l <- { t_List__0'0 = ([%#slist_index_mut1] (1 : uint32)); t_List__1'0 = _2 } ] s1 | s1 = bb4 ] + [ s0 = [ &l <- { t_List__0'0 = ([%#slist_index_mut1] (1 : UInt32.t)); t_List__1'0 = _2 } ] s1 | s1 = bb4 ] | bb4 = s0 [ s0 = Borrow.borrow_mut {l} (fun (_ret':borrowed (t_List'0)) -> [ &_8 <- _ret' ] [ &l <- _ret'.final ] s1) | s1 = Borrow.borrow_final {_8.current} {Borrow.get_id _8} (fun (_ret':borrowed (t_List'0)) -> [ &_7 <- _ret' ] [ &_8 <- { _8 with current = _ret'.final } ] s2) - | s2 = write'0 {_7} {[%#slist_index_mut2] (0 : usize)} {[%#slist_index_mut3] (2 : uint32)} + | s2 = write'0 {_7} {[%#slist_index_mut2] (0 : UInt64.t)} {[%#slist_index_mut3] (2 : UInt32.t)} (fun (_ret':()) -> [ &_6 <- _ret' ] s3) | s3 = bb5 ] diff --git a/creusot/tests/should_succeed/list_index_mut/why3session.xml b/creusot/tests/should_succeed/list_index_mut/why3session.xml index 777f9db591..b2d0e81756 100644 --- a/creusot/tests/should_succeed/list_index_mut/why3session.xml +++ b/creusot/tests/should_succeed/list_index_mut/why3session.xml @@ -7,17 +7,17 @@ - + - + - + diff --git a/creusot/tests/should_succeed/list_index_mut/why3shapes.gz b/creusot/tests/should_succeed/list_index_mut/why3shapes.gz index ee93773c06f2dd02a81f587610d13fad7bd8c1e3..ff0336cb68348734b20a82e5ceded92a975c386a 100644 GIT binary patch literal 760 zcmV!+CPh^lNLBkV$*;%()1nb* zfTY^LpKW43OcG6sDsz4Ax#wQarC%O4-8=sf-R3OXu59Y>8@hS;>hLYk4j*aNyt#k@ z2Ki(9bUg9O1xLPBfoKWA3`xkd=sFi9iyOqSy!q7%-iy`+R-VVm{C1g2m^YGId6We# zT%!GTh{|ASWkU6v+OcmTgJ`bk$WL$m5RROeB^EPCMu7?_hM3LiF-YgQsvlx2LZ89F zDqe{p969}wm-Sh}!e~61C}apkL(5_eg)%mjK)i3#Qz?nM z)1DzOgSrY@R*@No8$~0GvyCW_!X;RV^_DSzb(aka16 z*6*S%`?SoJu~I$33`JTHb;RML|C{PBzOyo?{2I@Vt)BHtjs{?Q6+O#z;IfFGy@$-+ zDm4c)N%@aqS!^nD(`6%6b_H%&OwtZ0?H-a`>5`hoW>oh_m;KQj{n2Rl!LTtikAhLa zrOdpu8Or1mTi}F`W;@U9Wd~Bvy<2Cx&CHva?Oz5bDT^=|P3SmzAt3StLHs=eIR^w3 z+$%s)K!TY1L0|y=llb5fVG6K2mk=7Fl>PU literal 628 zcmV-)0*n10iwFP!00000|BX~lZ=5g?z4I%$(MGD|v5kQ$dq7dqB30?3m9JT*u)17~M!WVt=&$>OCrvB;+|L(Kb{Y6us10qT04lV`~ zGIww>Drx2p9`5kB?gD}bQ{xd$UF#NW{U(_NHl);R+v>VoCG$tzSwl3`r^*QK_N@g)J566*41e%pJS^} z&GD=Qz_MxE=1o_@^B=o|Ub9tVDhXr)k~t8&;=4I@0h!K4L1v?eG9EgGwo%yI;i351 zJnMkk+fVYrp+K_K`XIrF;<2f9K-0m`Nsc=iyQ*=r(C*!F!klx0jvKV#zO`cxzx{Zp zydQu#-pg0I7%u-n^)P;R5wf+oRjrKC)K9uKU12I~oWkx*QM)x6;ji{pUz?3dNajB6 z1D7Y2xEtpwdiwdL`&ab;74NDEk>R2TkzwB=9Q|eAWVkY>dy(P#K}vFs9Pgb-y5t%; zZrPEINK?sMUX*k|af{;lhDI?waVABtPAt@k8|p+h{W;hgGxIYU`3IJnt{KRcu78Eo z8nXG%U`?3i?Do`wreZFUV zx`#dS7>mn@BC_Ow5m02JWJDiWDU>cbS3ci|o=!AC9F;nWs+dtufGVY_A|m37h6kVT Oh4&w(!&2<>1^@t$6gu<( diff --git a/creusot/tests/should_succeed/list_reversal_lasso.coma b/creusot/tests/should_succeed/list_reversal_lasso.coma index d03ea191a7..9acb44535d 100644 --- a/creusot/tests/should_succeed/list_reversal_lasso.coma +++ b/creusot/tests/should_succeed/list_reversal_lasso.coma @@ -6,8 +6,8 @@ module M_list_reversal_lasso__qyi13715866738248475091__index [#"list_reversal_la let%span slist_reversal_lasso4 = "list_reversal_lasso.rs" 50 20 50 70 let%span slist_reversal_lasso5 = "list_reversal_lasso.rs" 21 8 21 31 let%span smodel6 = "../../../creusot-contracts/src/model.rs" 88 8 88 22 - let%span sslice7 = "../../../creusot-contracts/src/std/slice.rs" 122 20 122 37 - let%span sslice8 = "../../../creusot-contracts/src/std/slice.rs" 129 20 129 37 + let%span sslice7 = "../../../creusot-contracts/src/std/slice.rs" 140 20 140 37 + let%span sslice8 = "../../../creusot-contracts/src/std/slice.rs" 147 20 147 37 let%span svec9 = "../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 let%span sops10 = "../../../creusot-contracts/src/logic/ops.rs" 31 8 31 32 @@ -19,16 +19,18 @@ module M_list_reversal_lasso__qyi13715866738248475091__index [#"list_reversal_la type t_Unique'0 = { t_Unique__pointer'0: t_NonNull'0; t_Unique__qy95zmarker'0: () } - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 type t_Cap'0 = - { t_Cap__0'0: usize } + { t_Cap__0'0: UInt64.t } type t_RawVec'0 = { t_RawVec__ptr'0: t_Unique'0; t_RawVec__cap'0: t_Cap'0; t_RawVec__alloc'0: () } type t_Vec'0 = - { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: usize } + { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: UInt64.t } type t_Memory'0 = { t_Memory__0'0: t_Vec'0 } @@ -39,72 +41,72 @@ module M_list_reversal_lasso__qyi13715866738248475091__index [#"list_reversal_la axiom inv_axiom'0 [@rewrite] : forall x : t_Vec'0 [inv'0 x] . inv'0 x = true - predicate inv'1 (_1 : usize) + predicate inv'1 (_1 : UInt64.t) - axiom inv_axiom'1 [@rewrite] : forall x : usize [inv'1 x] . inv'1 x = true + axiom inv_axiom'1 [@rewrite] : forall x : UInt64.t [inv'1 x] . inv'1 x = true use seq.Seq use seq.Seq - constant v_MAX'0 : usize = (18446744073709551615 : usize) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 - use prelude.prelude.Int + function view'1 (self : t_Vec'0) : Seq.seq UInt64.t - function view'1 (self : t_Vec'0) : Seq.seq usize + axiom view'1_spec : forall self : t_Vec'0 . [%#svec9] Seq.length (view'1 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) - axiom view'1_spec : forall self : t_Vec'0 . [%#svec9] Seq.length (view'1 self) <= UIntSize.to_int (v_MAX'0 : usize) - - function view'0 (self : t_Vec'0) : Seq.seq usize = + function view'0 (self : t_Vec'0) : Seq.seq UInt64.t = [%#smodel6] view'1 self - predicate in_bounds'0 [@inline:trivial] (self : usize) (seq : Seq.seq usize) = - [%#sslice7] UIntSize.to_int self < Seq.length seq + predicate in_bounds'0 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq UInt64.t) = + [%#sslice7] UInt64.to_uint self < Seq.length seq - predicate inv'2 (_1 : usize) + predicate inv'2 (_1 : UInt64.t) - axiom inv_axiom'2 [@rewrite] : forall x : usize [inv'2 x] . inv'2 x = true + axiom inv_axiom'2 [@rewrite] : forall x : UInt64.t [inv'2 x] . inv'2 x = true use seq.Seq - predicate has_value'0 [@inline:trivial] (self : usize) (seq : Seq.seq usize) (out : usize) = - [%#sslice8] Seq.get seq (UIntSize.to_int self) = out + predicate has_value'0 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq UInt64.t) (out : UInt64.t) = + [%#sslice8] Seq.get seq (UInt64.to_uint self) = out - let rec index'1 (self:t_Vec'0) (index:usize) (return' (ret:usize))= {[@expl:index 'self' type invariant] inv'0 self} + let rec index'1 (self:t_Vec'0) (index:UInt64.t) (return' (ret:UInt64.t))= {[@expl:index 'self' type invariant] inv'0 self} {[@expl:index 'index' type invariant] inv'1 index} {[@expl:index requires] [%#svec2] in_bounds'0 index (view'0 self)} any - [ return' (result:usize)-> {inv'2 result} {[%#svec3] has_value'0 index (view'0 self) result} (! return' {result}) ] + [ return' (result:UInt64.t)-> {inv'2 result} + {[%#svec3] has_value'0 index (view'0 self) result} + (! return' {result}) ] use prelude.prelude.Intrinsic - predicate nonnull_ptr'0 [#"list_reversal_lasso.rs" 49 4 49 44] (self : t_Memory'0) (i : usize) = - [%#slist_reversal_lasso4] Seq.length (view'1 self.t_Memory__0'0) <= UIntSize.to_int (v_MAX'0 : usize) - /\ UIntSize.to_int i < Seq.length (view'1 self.t_Memory__0'0) + predicate nonnull_ptr'0 [#"list_reversal_lasso.rs" 49 4 49 44] (self : t_Memory'0) (i : UInt64.t) = + [%#slist_reversal_lasso4] Seq.length (view'1 self.t_Memory__0'0) <= UInt64.to_uint (v_MAX'0 : UInt64.t) + /\ UInt64.to_uint i < Seq.length (view'1 self.t_Memory__0'0) - function index_logic'1 [@inline:trivial] (self : t_Vec'0) (ix : usize) : usize = - [%#sops10] Seq.get (view'1 self) (UIntSize.to_int ix) + function index_logic'1 [@inline:trivial] (self : t_Vec'0) (ix : UInt64.t) : UInt64.t = + [%#sops10] Seq.get (view'1 self) (UInt64.to_uint ix) - function index_logic'0 [#"list_reversal_lasso.rs" 20 4 20 39] (self : t_Memory'0) (i : usize) : usize = + function index_logic'0 [#"list_reversal_lasso.rs" 20 4 20 39] (self : t_Memory'0) (i : UInt64.t) : UInt64.t = [%#slist_reversal_lasso5] index_logic'1 self.t_Memory__0'0 i meta "compute_max_steps" 1000000 - let rec index'0 (self:t_Memory'0) (i:usize) (return' (ret:usize))= {[@expl:index requires] [%#slist_reversal_lasso0] nonnull_ptr'0 self i} + let rec index'0 (self:t_Memory'0) (i:UInt64.t) (return' (ret:UInt64.t))= {[@expl:index requires] [%#slist_reversal_lasso0] nonnull_ptr'0 self i} (! bb0 - [ bb0 = s0 [ s0 = index'1 {self.t_Memory__0'0} {i} (fun (_ret':usize) -> [ &_6 <- _ret' ] s1) | s1 = bb1 ] + [ bb0 = s0 [ s0 = index'1 {self.t_Memory__0'0} {i} (fun (_ret':UInt64.t) -> [ &_6 <- _ret' ] s1) | s1 = bb1 ] | bb1 = s0 [ s0 = [ &_5 <- _6 ] s1 | s1 = [ &_0 <- _5 ] s2 | s2 = return' {_0} ] ] ) - [ & _0 : usize = any_l () + [ & _0 : UInt64.t = any_l () | & self : t_Memory'0 = self - | & i : usize = i - | & _5 : usize = any_l () - | & _6 : usize = any_l () ] + | & i : UInt64.t = i + | & _5 : UInt64.t = any_l () + | & _6 : UInt64.t = any_l () ] - [ return' (result:usize)-> {[@expl:index ensures] [%#slist_reversal_lasso1] result = index_logic'0 self i} + [ return' (result:UInt64.t)-> {[@expl:index ensures] [%#slist_reversal_lasso1] result = index_logic'0 self i} (! return' {result}) ] end @@ -123,9 +125,9 @@ module M_list_reversal_lasso__qyi14823043098042356205__index_mut [#"list_reversa let%span slist_reversal_lasso11 = "list_reversal_lasso.rs" 21 8 21 31 let%span svec12 = "../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 let%span smodel13 = "../../../creusot-contracts/src/model.rs" 106 8 106 22 - let%span sslice14 = "../../../creusot-contracts/src/std/slice.rs" 122 20 122 37 - let%span sslice15 = "../../../creusot-contracts/src/std/slice.rs" 129 20 129 37 - let%span sslice16 = "../../../creusot-contracts/src/std/slice.rs" 136 20 136 94 + let%span sslice14 = "../../../creusot-contracts/src/std/slice.rs" 140 20 140 37 + let%span sslice15 = "../../../creusot-contracts/src/std/slice.rs" 147 20 147 37 + let%span sslice16 = "../../../creusot-contracts/src/std/slice.rs" 154 20 154 94 let%span sresolve17 = "../../../creusot-contracts/src/resolve.rs" 54 20 54 34 let%span sops18 = "../../../creusot-contracts/src/logic/ops.rs" 31 8 31 32 @@ -139,16 +141,18 @@ module M_list_reversal_lasso__qyi14823043098042356205__index_mut [#"list_reversa type t_Unique'0 = { t_Unique__pointer'0: t_NonNull'0; t_Unique__qy95zmarker'0: () } - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 type t_Cap'0 = - { t_Cap__0'0: usize } + { t_Cap__0'0: UInt64.t } type t_RawVec'0 = { t_RawVec__ptr'0: t_Unique'0; t_RawVec__cap'0: t_Cap'0; t_RawVec__alloc'0: () } type t_Vec'0 = - { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: usize } + { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: UInt64.t } type t_Memory'0 = { t_Memory__0'0: t_Vec'0 } @@ -157,48 +161,46 @@ module M_list_reversal_lasso__qyi14823043098042356205__index_mut [#"list_reversa axiom inv_axiom'0 [@rewrite] : forall x : borrowed (t_Vec'0) [inv'0 x] . inv'0 x = true - predicate inv'1 (_1 : usize) + predicate inv'1 (_1 : UInt64.t) - axiom inv_axiom'1 [@rewrite] : forall x : usize [inv'1 x] . inv'1 x = true + axiom inv_axiom'1 [@rewrite] : forall x : UInt64.t [inv'1 x] . inv'1 x = true use seq.Seq use seq.Seq - constant v_MAX'0 : usize = (18446744073709551615 : usize) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 - use prelude.prelude.Int + function view'0 (self : t_Vec'0) : Seq.seq UInt64.t - function view'0 (self : t_Vec'0) : Seq.seq usize + axiom view'0_spec : forall self : t_Vec'0 . [%#svec12] Seq.length (view'0 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) - axiom view'0_spec : forall self : t_Vec'0 . [%#svec12] Seq.length (view'0 self) <= UIntSize.to_int (v_MAX'0 : usize) - - function view'1 (self : borrowed (t_Vec'0)) : Seq.seq usize = + function view'1 (self : borrowed (t_Vec'0)) : Seq.seq UInt64.t = [%#smodel13] view'0 self.current - predicate in_bounds'0 [@inline:trivial] (self : usize) (seq : Seq.seq usize) = - [%#sslice14] UIntSize.to_int self < Seq.length seq + predicate in_bounds'0 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq UInt64.t) = + [%#sslice14] UInt64.to_uint self < Seq.length seq - predicate inv'2 (_1 : borrowed usize) + predicate inv'2 (_1 : borrowed UInt64.t) - axiom inv_axiom'2 [@rewrite] : forall x : borrowed usize [inv'2 x] . inv'2 x = true + axiom inv_axiom'2 [@rewrite] : forall x : borrowed UInt64.t [inv'2 x] . inv'2 x = true use seq.Seq - predicate has_value'0 [@inline:trivial] (self : usize) (seq : Seq.seq usize) (out : usize) = - [%#sslice15] Seq.get seq (UIntSize.to_int self) = out + predicate has_value'0 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq UInt64.t) (out : UInt64.t) = + [%#sslice15] Seq.get seq (UInt64.to_uint self) = out - predicate resolve_elswhere'0 [@inline:trivial] (self : usize) (old' : Seq.seq usize) (fin : Seq.seq usize) = - [%#sslice16] forall i : int . 0 <= i /\ i <> UIntSize.to_int self /\ i < Seq.length old' + predicate resolve_elswhere'0 [@inline:trivial] (self : UInt64.t) (old' : Seq.seq UInt64.t) (fin : Seq.seq UInt64.t) = + [%#sslice16] forall i : int . 0 <= i /\ i <> UInt64.to_uint self /\ i < Seq.length old' -> Seq.get old' i = Seq.get fin i - let rec index_mut'1 (self:borrowed (t_Vec'0)) (index:usize) (return' (ret:borrowed usize))= {[@expl:index_mut 'self' type invariant] inv'0 self} + let rec index_mut'1 (self:borrowed (t_Vec'0)) (index:UInt64.t) (return' (ret:borrowed UInt64.t))= {[@expl:index_mut 'self' type invariant] inv'0 self} {[@expl:index_mut 'index' type invariant] inv'1 index} {[@expl:index_mut requires] [%#svec5] in_bounds'0 index (view'1 self)} any - [ return' (result:borrowed usize)-> {inv'2 result} + [ return' (result:borrowed UInt64.t)-> {inv'2 result} {[%#svec6] has_value'0 index (view'1 self) result.current} {[%#svec7] has_value'0 index (view'0 self.final) result.final} {[%#svec8] resolve_elswhere'0 index (view'1 self) (view'0 self.final)} @@ -206,10 +208,10 @@ module M_list_reversal_lasso__qyi14823043098042356205__index_mut [#"list_reversa (! return' {result}) ] - predicate resolve'2 (self : borrowed usize) = + predicate resolve'2 (self : borrowed UInt64.t) = [%#sresolve17] self.final = self.current - predicate resolve'0 (_1 : borrowed usize) = + predicate resolve'0 (_1 : borrowed UInt64.t) = resolve'2 _1 predicate resolve'3 (self : borrowed (t_Memory'0)) = @@ -220,19 +222,19 @@ module M_list_reversal_lasso__qyi14823043098042356205__index_mut [#"list_reversa use prelude.prelude.Intrinsic - predicate nonnull_ptr'0 [#"list_reversal_lasso.rs" 49 4 49 44] (self : t_Memory'0) (i : usize) = - [%#slist_reversal_lasso10] Seq.length (view'0 self.t_Memory__0'0) <= UIntSize.to_int (v_MAX'0 : usize) - /\ UIntSize.to_int i < Seq.length (view'0 self.t_Memory__0'0) + predicate nonnull_ptr'0 [#"list_reversal_lasso.rs" 49 4 49 44] (self : t_Memory'0) (i : UInt64.t) = + [%#slist_reversal_lasso10] Seq.length (view'0 self.t_Memory__0'0) <= UInt64.to_uint (v_MAX'0 : UInt64.t) + /\ UInt64.to_uint i < Seq.length (view'0 self.t_Memory__0'0) - function index_logic'1 [@inline:trivial] (self : t_Vec'0) (ix : usize) : usize = - [%#sops18] Seq.get (view'0 self) (UIntSize.to_int ix) + function index_logic'1 [@inline:trivial] (self : t_Vec'0) (ix : UInt64.t) : UInt64.t = + [%#sops18] Seq.get (view'0 self) (UInt64.to_uint ix) - function index_logic'0 [#"list_reversal_lasso.rs" 20 4 20 39] (self : t_Memory'0) (i : usize) : usize = + function index_logic'0 [#"list_reversal_lasso.rs" 20 4 20 39] (self : t_Memory'0) (i : UInt64.t) : UInt64.t = [%#slist_reversal_lasso11] index_logic'1 self.t_Memory__0'0 i meta "compute_max_steps" 1000000 - let rec index_mut'0 (self:borrowed (t_Memory'0)) (i:usize) (return' (ret:borrowed usize))= {[@expl:index_mut requires] [%#slist_reversal_lasso0] nonnull_ptr'0 self.current i} + let rec index_mut'0 (self:borrowed (t_Memory'0)) (i:UInt64.t) (return' (ret:borrowed UInt64.t))= {[@expl:index_mut requires] [%#slist_reversal_lasso0] nonnull_ptr'0 self.current i} (! bb0 [ bb0 = s0 [ s0 = Borrow.borrow_final {(self.current).t_Memory__0'0} {Borrow.inherit_id (Borrow.get_id self) 1} @@ -240,16 +242,16 @@ module M_list_reversal_lasso__qyi14823043098042356205__index_mut [#"list_reversa [ &_11 <- _ret' ] [ &self <- { self with current = { t_Memory__0'0 = _ret'.final } } ] s1) - | s1 = index_mut'1 {_11} {i} (fun (_ret':borrowed usize) -> [ &_10 <- _ret' ] s2) + | s1 = index_mut'1 {_11} {i} (fun (_ret':borrowed UInt64.t) -> [ &_10 <- _ret' ] s2) | s2 = bb1 ] | bb1 = s0 - [ s0 = Borrow.borrow_final {_10.current} {Borrow.get_id _10} - (fun (_ret':borrowed usize) -> [ &_9 <- _ret' ] [ &_10 <- { _10 with current = _ret'.final } ] s1) - | s1 = Borrow.borrow_final {_9.current} {Borrow.get_id _9} - (fun (_ret':borrowed usize) -> [ &_3 <- _ret' ] [ &_9 <- { _9 with current = _ret'.final } ] s2) - | s2 = Borrow.borrow_final {_3.current} {Borrow.get_id _3} - (fun (_ret':borrowed usize) -> [ &_0 <- _ret' ] [ &_3 <- { _3 with current = _ret'.final } ] s3) + [ s0 = Borrow.borrow_final {_10.current} {Borrow.get_id _10} + (fun (_ret':borrowed UInt64.t) -> [ &_9 <- _ret' ] [ &_10 <- { _10 with current = _ret'.final } ] s1) + | s1 = Borrow.borrow_final {_9.current} {Borrow.get_id _9} + (fun (_ret':borrowed UInt64.t) -> [ &_3 <- _ret' ] [ &_9 <- { _9 with current = _ret'.final } ] s2) + | s2 = Borrow.borrow_final {_3.current} {Borrow.get_id _3} + (fun (_ret':borrowed UInt64.t) -> [ &_0 <- _ret' ] [ &_3 <- { _3 with current = _ret'.final } ] s3) | s3 = -{resolve'0 _10}- s4 | s4 = -{resolve'0 _9}- s5 | s5 = -{resolve'0 _3}- s6 @@ -257,21 +259,21 @@ module M_list_reversal_lasso__qyi14823043098042356205__index_mut [#"list_reversa | s7 = return' {_0} ] ] ) - [ & _0 : borrowed usize = any_l () + [ & _0 : borrowed UInt64.t = any_l () | & self : borrowed (t_Memory'0) = self - | & i : usize = i - | & _3 : borrowed usize = any_l () - | & _9 : borrowed usize = any_l () - | & _10 : borrowed usize = any_l () + | & i : UInt64.t = i + | & _3 : borrowed UInt64.t = any_l () + | & _9 : borrowed UInt64.t = any_l () + | & _10 : borrowed UInt64.t = any_l () | & _11 : borrowed (t_Vec'0) = any_l () ] - [ return' (result:borrowed usize)-> {[@expl:index_mut ensures #0] [%#slist_reversal_lasso1] result.current + [ return' (result:borrowed UInt64.t)-> {[@expl:index_mut ensures #0] [%#slist_reversal_lasso1] result.current = index_logic'0 self.current i} {[@expl:index_mut ensures #1] [%#slist_reversal_lasso2] result.final = index_logic'0 self.final i} {[@expl:index_mut ensures #2] [%#slist_reversal_lasso3] Seq.length (view'0 (self.current).t_Memory__0'0) = Seq.length (view'0 (self.final).t_Memory__0'0)} - {[@expl:index_mut ensures #3] [%#slist_reversal_lasso4] forall j : usize . nonnull_ptr'0 self.current j /\ i <> j - -> index_logic'0 self.final j = index_logic'0 self.current j} + {[@expl:index_mut ensures #3] [%#slist_reversal_lasso4] forall j : UInt64.t . nonnull_ptr'0 self.current j + /\ i <> j -> index_logic'0 self.final j = index_logic'0 self.current j} (! return' {result}) ] end @@ -298,7 +300,9 @@ module M_list_reversal_lasso__qyi2644757663130641572__list_reversal_safe [#"list let%span sresolve19 = "../../../creusot-contracts/src/resolve.rs" 54 20 54 34 let%span sops20 = "../../../creusot-contracts/src/logic/ops.rs" 31 8 31 32 - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 use prelude.prelude.Snapshot @@ -313,69 +317,67 @@ module M_list_reversal_lasso__qyi2644757663130641572__list_reversal_safe [#"list { t_Unique__pointer'0: t_NonNull'0; t_Unique__qy95zmarker'0: () } type t_Cap'0 = - { t_Cap__0'0: usize } + { t_Cap__0'0: UInt64.t } type t_RawVec'0 = { t_RawVec__ptr'0: t_Unique'0; t_RawVec__cap'0: t_Cap'0; t_RawVec__alloc'0: () } type t_Vec'0 = - { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: usize } + { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: UInt64.t } type t_Memory'0 = { t_Memory__0'0: t_Vec'0 } use seq.Seq - constant v_MAX'0 : usize = (18446744073709551615 : usize) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.UIntSize - - use prelude.prelude.Int + use prelude.prelude.UInt64 use seq.Seq - function view'0 (self : t_Vec'0) : Seq.seq usize + function view'0 (self : t_Vec'0) : Seq.seq UInt64.t - axiom view'0_spec : forall self : t_Vec'0 . [%#svec18] Seq.length (view'0 self) <= UIntSize.to_int (v_MAX'0 : usize) + axiom view'0_spec : forall self : t_Vec'0 . [%#svec18] Seq.length (view'0 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) - predicate nonnull_ptr'0 [#"list_reversal_lasso.rs" 49 4 49 44] (self : t_Memory'0) (i : usize) = - [%#slist_reversal_lasso9] Seq.length (view'0 self.t_Memory__0'0) <= UIntSize.to_int (v_MAX'0 : usize) - /\ UIntSize.to_int i < Seq.length (view'0 self.t_Memory__0'0) + predicate nonnull_ptr'0 [#"list_reversal_lasso.rs" 49 4 49 44] (self : t_Memory'0) (i : UInt64.t) = + [%#slist_reversal_lasso9] Seq.length (view'0 self.t_Memory__0'0) <= UInt64.to_uint (v_MAX'0 : UInt64.t) + /\ UInt64.to_uint i < Seq.length (view'0 self.t_Memory__0'0) use seq.Seq - function index_logic'1 [@inline:trivial] (self : t_Vec'0) (ix : usize) : usize = - [%#sops20] Seq.get (view'0 self) (UIntSize.to_int ix) + function index_logic'1 [@inline:trivial] (self : t_Vec'0) (ix : UInt64.t) : UInt64.t = + [%#sops20] Seq.get (view'0 self) (UInt64.to_uint ix) - function index_logic'0 [#"list_reversal_lasso.rs" 20 4 20 39] (self : t_Memory'0) (i : usize) : usize = + function index_logic'0 [#"list_reversal_lasso.rs" 20 4 20 39] (self : t_Memory'0) (i : UInt64.t) : UInt64.t = [%#slist_reversal_lasso17] index_logic'1 self.t_Memory__0'0 i - constant v_NULL'0 : usize = [%#slist_reversal_lasso8] (18446744073709551615 : usize) + constant v_NULL'0 : UInt64.t = [%#slist_reversal_lasso8] (18446744073709551615 : UInt64.t) predicate mem_is_well_formed'0 [#"list_reversal_lasso.rs" 55 4 55 43] (self : t_Memory'0) = - [%#slist_reversal_lasso7] forall i : usize . nonnull_ptr'0 self i + [%#slist_reversal_lasso7] forall i : UInt64.t . nonnull_ptr'0 self i -> index_logic'0 self i = v_NULL'0 \/ nonnull_ptr'0 self (index_logic'0 self i) use prelude.prelude.Snapshot - let rec index'0 (self:t_Memory'0) (i:usize) (return' (ret:usize))= {[@expl:index requires] [%#slist_reversal_lasso10] nonnull_ptr'0 self i} - any [ return' (result:usize)-> {[%#slist_reversal_lasso11] result = index_logic'0 self i} (! return' {result}) ] + let rec index'0 (self:t_Memory'0) (i:UInt64.t) (return' (ret:UInt64.t))= {[@expl:index requires] [%#slist_reversal_lasso10] nonnull_ptr'0 self i} + any [ return' (result:UInt64.t)-> {[%#slist_reversal_lasso11] result = index_logic'0 self i} (! return' {result}) ] - let rec index_mut'0 (self:borrowed (t_Memory'0)) (i:usize) (return' (ret:borrowed usize))= {[@expl:index_mut requires] [%#slist_reversal_lasso12] nonnull_ptr'0 self.current i} + let rec index_mut'0 (self:borrowed (t_Memory'0)) (i:UInt64.t) (return' (ret:borrowed UInt64.t))= {[@expl:index_mut requires] [%#slist_reversal_lasso12] nonnull_ptr'0 self.current i} any - [ return' (result:borrowed usize)-> {[%#slist_reversal_lasso13] result.current = index_logic'0 self.current i} + [ return' (result:borrowed UInt64.t)-> {[%#slist_reversal_lasso13] result.current = index_logic'0 self.current i} {[%#slist_reversal_lasso14] result.final = index_logic'0 self.final i} {[%#slist_reversal_lasso15] Seq.length (view'0 (self.current).t_Memory__0'0) = Seq.length (view'0 (self.final).t_Memory__0'0)} - {[%#slist_reversal_lasso16] forall j : usize . nonnull_ptr'0 self.current j /\ i <> j + {[%#slist_reversal_lasso16] forall j : UInt64.t . nonnull_ptr'0 self.current j /\ i <> j -> index_logic'0 self.final j = index_logic'0 self.current j} (! return' {result}) ] - predicate resolve'2 (self : borrowed usize) = + predicate resolve'2 (self : borrowed UInt64.t) = [%#sresolve19] self.final = self.current - predicate resolve'0 (_1 : borrowed usize) = + predicate resolve'0 (_1 : borrowed UInt64.t) = resolve'2 _1 predicate resolve'3 (self : borrowed (t_Memory'0)) = @@ -390,11 +392,11 @@ module M_list_reversal_lasso__qyi2644757663130641572__list_reversal_safe [#"list meta "compute_max_steps" 1000000 - let rec list_reversal_safe'0 (self:borrowed (t_Memory'0)) (l:usize) (return' (ret:usize))= {[@expl:list_reversal_safe requires #0] [%#slist_reversal_lasso5] mem_is_well_formed'0 self.current} + let rec list_reversal_safe'0 (self:borrowed (t_Memory'0)) (l:UInt64.t) (return' (ret:UInt64.t))= {[@expl:list_reversal_safe requires #0] [%#slist_reversal_lasso5] mem_is_well_formed'0 self.current} {[@expl:list_reversal_safe requires #1] [%#slist_reversal_lasso6] l = v_NULL'0 \/ nonnull_ptr'0 self.current l} (! bb0 [ bb0 = s0 - [ s0 = [ &r <- [%#slist_reversal_lasso0] (18446744073709551615 : usize) ] s1 + [ s0 = [ &r <- [%#slist_reversal_lasso0] (18446744073709551615 : UInt64.t) ] s1 | s1 = [ &old_1_0 <- Snapshot.new self ] s2 | s2 = bb1 ] @@ -405,13 +407,13 @@ module M_list_reversal_lasso__qyi2644757663130641572__list_reversal_safe [#"list {[@expl:loop invariant #2] [%#slist_reversal_lasso1] mem_is_well_formed'0 self.current} (! s0) [ s0 = bb2 ] [ bb2 = s0 - [ s0 = UIntSize.ne {l} {[%#slist_reversal_lasso4] (18446744073709551615 : usize)} + [ s0 = UInt64.ne {l} {[%#slist_reversal_lasso4] (18446744073709551615 : UInt64.t)} (fun (_ret':bool) -> [ &_12 <- _ret' ] s1) | s1 = any [ br0 -> {_12 = false} (! bb6) | br1 -> {_12} (! bb3) ] ] | bb3 = s0 [ s0 = [ &tmp <- l ] s1 - | s1 = index'0 {self.current} {l} (fun (_ret':usize) -> [ &_16 <- _ret' ] s2) + | s1 = index'0 {self.current} {l} (fun (_ret':UInt64.t) -> [ &_16 <- _ret' ] s2) | s2 = bb4 ] | bb4 = s0 @@ -421,7 +423,7 @@ module M_list_reversal_lasso__qyi2644757663130641572__list_reversal_safe [#"list [ &_21 <- _ret' ] [ &self <- { self with current = _ret'.final } ] s2) - | s2 = index_mut'0 {_21} {tmp} (fun (_ret':borrowed usize) -> [ &_20 <- _ret' ] s3) + | s2 = index_mut'0 {_21} {tmp} (fun (_ret':borrowed UInt64.t) -> [ &_20 <- _ret' ] s3) | s3 = bb5 ] | bb5 = s0 @@ -434,17 +436,17 @@ module M_list_reversal_lasso__qyi2644757663130641572__list_reversal_safe [#"list | bb6 = s0 [ s0 = -{resolve'1 self}- s1 | s1 = [ &_0 <- r ] s2 | s2 = return' {_0} ] ] ) - [ & _0 : usize = any_l () + [ & _0 : UInt64.t = any_l () | & self : borrowed (t_Memory'0) = self - | & l : usize = l - | & r : usize = any_l () + | & l : UInt64.t = l + | & r : UInt64.t = any_l () | & _12 : bool = any_l () - | & tmp : usize = any_l () - | & _16 : usize = any_l () - | & _20 : borrowed usize = any_l () + | & tmp : UInt64.t = any_l () + | & _16 : UInt64.t = any_l () + | & _20 : borrowed UInt64.t = any_l () | & _21 : borrowed (t_Memory'0) = any_l () | & old_1_0 : Snapshot.snap_ty (borrowed (t_Memory'0)) = any_l () ] - [ return' (result:usize)-> (! return' {result}) ] + [ return' (result:UInt64.t)-> (! return' {result}) ] end module M_list_reversal_lasso__qyi2644757663130641572__list_reversal_list [#"list_reversal_lasso.rs" 99 4 99 82] (* Memory *) let%span slist_reversal_lasso0 = "list_reversal_lasso.rs" 100 20 100 24 @@ -472,7 +474,9 @@ module M_list_reversal_lasso__qyi2644757663130641572__list_reversal_list [#"list let%span sresolve22 = "../../../creusot-contracts/src/resolve.rs" 54 20 54 34 let%span sops23 = "../../../creusot-contracts/src/logic/ops.rs" 31 8 31 32 - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 use prelude.prelude.Snapshot @@ -484,14 +488,12 @@ module M_list_reversal_lasso__qyi2644757663130641572__list_reversal_list [#"list use seq.Reverse - constant v_NULL'0 : usize = [%#slist_reversal_lasso9] (18446744073709551615 : usize) + constant v_NULL'0 : UInt64.t = [%#slist_reversal_lasso9] (18446744073709551615 : UInt64.t) use seq.Seq use prelude.prelude.Snapshot - use prelude.prelude.Int - use prelude.prelude.Opaque type t_NonNull'0 = @@ -501,13 +503,13 @@ module M_list_reversal_lasso__qyi2644757663130641572__list_reversal_list [#"list { t_Unique__pointer'0: t_NonNull'0; t_Unique__qy95zmarker'0: () } type t_Cap'0 = - { t_Cap__0'0: usize } + { t_Cap__0'0: UInt64.t } type t_RawVec'0 = { t_RawVec__ptr'0: t_Unique'0; t_RawVec__cap'0: t_Cap'0; t_RawVec__alloc'0: () } type t_Vec'0 = - { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: usize } + { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: UInt64.t } type t_Memory'0 = { t_Memory__0'0: t_Vec'0 } @@ -516,25 +518,25 @@ module M_list_reversal_lasso__qyi2644757663130641572__list_reversal_list [#"list use seq.Seq - constant v_MAX'0 : usize = (18446744073709551615 : usize) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 - function view'0 (self : t_Vec'0) : Seq.seq usize + function view'0 (self : t_Vec'0) : Seq.seq UInt64.t - axiom view'0_spec : forall self : t_Vec'0 . [%#svec21] Seq.length (view'0 self) <= UIntSize.to_int (v_MAX'0 : usize) + axiom view'0_spec : forall self : t_Vec'0 . [%#svec21] Seq.length (view'0 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) - predicate nonnull_ptr'0 [#"list_reversal_lasso.rs" 49 4 49 44] (self : t_Memory'0) (i : usize) = - [%#slist_reversal_lasso19] Seq.length (view'0 self.t_Memory__0'0) <= UIntSize.to_int (v_MAX'0 : usize) - /\ UIntSize.to_int i < Seq.length (view'0 self.t_Memory__0'0) + predicate nonnull_ptr'0 [#"list_reversal_lasso.rs" 49 4 49 44] (self : t_Memory'0) (i : UInt64.t) = + [%#slist_reversal_lasso19] Seq.length (view'0 self.t_Memory__0'0) <= UInt64.to_uint (v_MAX'0 : UInt64.t) + /\ UInt64.to_uint i < Seq.length (view'0 self.t_Memory__0'0) - function index_logic'1 [@inline:trivial] (self : t_Vec'0) (ix : usize) : usize = - [%#sops23] Seq.get (view'0 self) (UIntSize.to_int ix) + function index_logic'1 [@inline:trivial] (self : t_Vec'0) (ix : UInt64.t) : UInt64.t = + [%#sops23] Seq.get (view'0 self) (UInt64.to_uint ix) - function index_logic'0 [#"list_reversal_lasso.rs" 20 4 20 39] (self : t_Memory'0) (i : usize) : usize = + function index_logic'0 [#"list_reversal_lasso.rs" 20 4 20 39] (self : t_Memory'0) (i : UInt64.t) : UInt64.t = [%#slist_reversal_lasso20] index_logic'1 self.t_Memory__0'0 i - predicate list_seg'0 [#"list_reversal_lasso.rs" 81 4 81 81] (self : t_Memory'0) (first : usize) (s : Seq.seq usize) (last : usize) (l : int) (h : int) + predicate list_seg'0 [#"list_reversal_lasso.rs" 81 4 81 81] (self : t_Memory'0) (first : UInt64.t) (s : Seq.seq UInt64.t) (last : UInt64.t) (l : int) (h : int) = [%#slist_reversal_lasso10] first = (if h = l then last else Seq.get s l) @@ -545,38 +547,38 @@ module M_list_reversal_lasso__qyi2644757663130641572__list_reversal_list [#"list use prelude.prelude.Snapshot - let rec index_mut'0 (self:borrowed (t_Memory'0)) (i:usize) (return' (ret:borrowed usize))= {[@expl:index_mut requires] [%#slist_reversal_lasso11] nonnull_ptr'0 self.current i} + let rec index_mut'0 (self:borrowed (t_Memory'0)) (i:UInt64.t) (return' (ret:borrowed UInt64.t))= {[@expl:index_mut requires] [%#slist_reversal_lasso11] nonnull_ptr'0 self.current i} any - [ return' (result:borrowed usize)-> {[%#slist_reversal_lasso12] result.current = index_logic'0 self.current i} + [ return' (result:borrowed UInt64.t)-> {[%#slist_reversal_lasso12] result.current = index_logic'0 self.current i} {[%#slist_reversal_lasso13] result.final = index_logic'0 self.final i} {[%#slist_reversal_lasso14] Seq.length (view'0 (self.current).t_Memory__0'0) = Seq.length (view'0 (self.final).t_Memory__0'0)} - {[%#slist_reversal_lasso15] forall j : usize . nonnull_ptr'0 self.current j /\ i <> j + {[%#slist_reversal_lasso15] forall j : UInt64.t . nonnull_ptr'0 self.current j /\ i <> j -> index_logic'0 self.final j = index_logic'0 self.current j} (! return' {result}) ] - predicate inv'0 (_1 : borrowed usize) + predicate inv'0 (_1 : borrowed UInt64.t) - axiom inv_axiom'0 [@rewrite] : forall x : borrowed usize [inv'0 x] . inv'0 x = true + axiom inv_axiom'0 [@rewrite] : forall x : borrowed UInt64.t [inv'0 x] . inv'0 x = true - predicate inv'1 (_1 : usize) + predicate inv'1 (_1 : UInt64.t) - axiom inv_axiom'1 [@rewrite] : forall x : usize [inv'1 x] . inv'1 x = true + axiom inv_axiom'1 [@rewrite] : forall x : UInt64.t [inv'1 x] . inv'1 x = true - let rec replace'0 (dest:borrowed usize) (src:usize) (return' (ret:usize))= {[@expl:replace 'dest' type invariant] inv'0 dest} + let rec replace'0 (dest:borrowed UInt64.t) (src:UInt64.t) (return' (ret:UInt64.t))= {[@expl:replace 'dest' type invariant] inv'0 dest} {[@expl:replace 'src' type invariant] inv'1 src} any - [ return' (result:usize)-> {inv'1 result} + [ return' (result:UInt64.t)-> {inv'1 result} {[%#smem16] dest.final = src} {[%#smem17] result = dest.current} (! return' {result}) ] - predicate resolve'2 (self : borrowed usize) = + predicate resolve'2 (self : borrowed UInt64.t) = [%#sresolve22] self.final = self.current - predicate resolve'0 (_1 : borrowed usize) = + predicate resolve'0 (_1 : borrowed UInt64.t) = resolve'2 _1 predicate resolve'3 (self : borrowed (t_Memory'0)) = @@ -593,15 +595,16 @@ module M_list_reversal_lasso__qyi2644757663130641572__list_reversal_list [#"list use prelude.prelude.Snapshot - predicate list'0 [#"list_reversal_lasso.rs" 91 4 91 54] (self : t_Memory'0) (first : usize) (s : Seq.seq usize) = + predicate list'0 [#"list_reversal_lasso.rs" 91 4 91 54] (self : t_Memory'0) (first : UInt64.t) (s : Seq.seq UInt64.t) + = [%#slist_reversal_lasso18] list_seg'0 self first s v_NULL'0 0 (Seq.length s) meta "compute_max_steps" 1000000 - let rec list_reversal_list'0 (self:borrowed (t_Memory'0)) (l:usize) (s:Snapshot.snap_ty (Seq.seq usize)) (return' (ret:usize))= {[@expl:list_reversal_list requires] [%#slist_reversal_lasso7] list'0 self.current l (Snapshot.inner s)} + let rec list_reversal_list'0 (self:borrowed (t_Memory'0)) (l:UInt64.t) (s:Snapshot.snap_ty (Seq.seq UInt64.t)) (return' (ret:UInt64.t))= {[@expl:list_reversal_list requires] [%#slist_reversal_lasso7] list'0 self.current l (Snapshot.inner s)} (! bb0 [ bb0 = s0 - [ s0 = [ &r <- [%#slist_reversal_lasso0] (18446744073709551615 : usize) ] s1 + [ s0 = [ &r <- [%#slist_reversal_lasso0] (18446744073709551615 : UInt64.t) ] s1 | s1 = [ &n <- [%#slist_reversal_lasso1] Snapshot.new 0 ] s2 | s2 = bb1 ] @@ -615,7 +618,7 @@ module M_list_reversal_lasso__qyi2644757663130641572__list_reversal_list [#"list - Snapshot.inner n) (Seq.length (Snapshot.inner s))} (! s0) [ s0 = bb3 ] [ bb3 = s0 - [ s0 = UIntSize.ne {l} {[%#slist_reversal_lasso5] (18446744073709551615 : usize)} + [ s0 = UInt64.ne {l} {[%#slist_reversal_lasso5] (18446744073709551615 : UInt64.t)} (fun (_ret':bool) -> [ &_15 <- _ret' ] s1) | s1 = any [ br0 -> {_15 = false} (! bb9) | br1 -> {_15} (! bb4) ] ] @@ -625,24 +628,24 @@ module M_list_reversal_lasso__qyi2644757663130641572__list_reversal_list [#"list [ &_21 <- _ret' ] [ &self <- { self with current = _ret'.final } ] s1) - | s1 = index_mut'0 {_21} {l} (fun (_ret':borrowed usize) -> [ &_20 <- _ret' ] s2) + | s1 = index_mut'0 {_21} {l} (fun (_ret':borrowed UInt64.t) -> [ &_20 <- _ret' ] s2) | s2 = bb5 ] | bb5 = s0 - [ s0 = Borrow.borrow_final {_20.current} {Borrow.get_id _20} - (fun (_ret':borrowed usize) -> [ &_19 <- _ret' ] [ &_20 <- { _20 with current = _ret'.final } ] s1) - | s1 = Borrow.borrow_final {_19.current} {Borrow.get_id _19} - (fun (_ret':borrowed usize) -> [ &_18 <- _ret' ] [ &_19 <- { _19 with current = _ret'.final } ] s2) - | s2 = Borrow.borrow_mut {r} - (fun (_ret':borrowed usize) -> [ &_25 <- _ret' ] [ &r <- _ret'.final ] s3) - | s3 = Borrow.borrow_final {_25.current} {Borrow.get_id _25} - (fun (_ret':borrowed usize) -> [ &_24 <- _ret' ] [ &_25 <- { _25 with current = _ret'.final } ] s4) - | s4 = replace'0 {_24} {l} (fun (_ret':usize) -> [ &_23 <- _ret' ] s5) + [ s0 = Borrow.borrow_final {_20.current} {Borrow.get_id _20} + (fun (_ret':borrowed UInt64.t) -> [ &_19 <- _ret' ] [ &_20 <- { _20 with current = _ret'.final } ] s1) + | s1 = Borrow.borrow_final {_19.current} {Borrow.get_id _19} + (fun (_ret':borrowed UInt64.t) -> [ &_18 <- _ret' ] [ &_19 <- { _19 with current = _ret'.final } ] s2) + | s2 = Borrow.borrow_mut {r} + (fun (_ret':borrowed UInt64.t) -> [ &_25 <- _ret' ] [ &r <- _ret'.final ] s3) + | s3 = Borrow.borrow_final {_25.current} {Borrow.get_id _25} + (fun (_ret':borrowed UInt64.t) -> [ &_24 <- _ret' ] [ &_25 <- { _25 with current = _ret'.final } ] s4) + | s4 = replace'0 {_24} {l} (fun (_ret':UInt64.t) -> [ &_23 <- _ret' ] s5) | s5 = bb6 ] | bb6 = s0 [ s0 = -{resolve'0 _25}- s1 - | s1 = replace'0 {_18} {_23} (fun (_ret':usize) -> [ &_17 <- _ret' ] s2) + | s1 = replace'0 {_18} {_23} (fun (_ret':UInt64.t) -> [ &_17 <- _ret' ] s2) | s2 = bb7 ] | bb7 = s0 @@ -657,25 +660,25 @@ module M_list_reversal_lasso__qyi2644757663130641572__list_reversal_list [#"list | bb9 = s0 [ s0 = -{resolve'1 self}- s1 | s1 = [ &_0 <- r ] s2 | s2 = return' {_0} ] ] ) - [ & _0 : usize = any_l () + [ & _0 : UInt64.t = any_l () | & self : borrowed (t_Memory'0) = self - | & l : usize = l - | & s : Snapshot.snap_ty (Seq.seq usize) = s - | & r : usize = any_l () + | & l : UInt64.t = l + | & s : Snapshot.snap_ty (Seq.seq UInt64.t) = s + | & r : UInt64.t = any_l () | & n : Snapshot.snap_ty int = any_l () | & _15 : bool = any_l () - | & _17 : usize = any_l () - | & _18 : borrowed usize = any_l () - | & _19 : borrowed usize = any_l () - | & _20 : borrowed usize = any_l () + | & _17 : UInt64.t = any_l () + | & _18 : borrowed UInt64.t = any_l () + | & _19 : borrowed UInt64.t = any_l () + | & _20 : borrowed UInt64.t = any_l () | & _21 : borrowed (t_Memory'0) = any_l () - | & _23 : usize = any_l () - | & _24 : borrowed usize = any_l () - | & _25 : borrowed usize = any_l () + | & _23 : UInt64.t = any_l () + | & _24 : borrowed UInt64.t = any_l () + | & _25 : borrowed UInt64.t = any_l () | & _27 : Snapshot.snap_ty int = any_l () | & old_2_0 : Snapshot.snap_ty (borrowed (t_Memory'0)) = any_l () ] - [ return' (result:usize)-> {[@expl:list_reversal_list ensures] [%#slist_reversal_lasso8] list'0 self.final result (Reverse.reverse (Snapshot.inner s))} + [ return' (result:UInt64.t)-> {[@expl:list_reversal_list ensures] [%#slist_reversal_lasso8] list'0 self.final result (Reverse.reverse (Snapshot.inner s))} (! return' {result}) ] end @@ -711,7 +714,9 @@ module M_list_reversal_lasso__qyi2644757663130641572__list_reversal_loop [#"list let%span sops28 = "../../../creusot-contracts/src/logic/ops.rs" 31 8 31 32 let%span sresolve29 = "../../../creusot-contracts/src/resolve.rs" 54 20 54 34 - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 use prelude.prelude.Snapshot @@ -723,13 +728,11 @@ module M_list_reversal_lasso__qyi2644757663130641572__list_reversal_loop [#"list use seq.Seq - use prelude.prelude.Int - use prelude.prelude.Borrow use seq.Reverse - constant v_NULL'0 : usize = [%#slist_reversal_lasso13] (18446744073709551615 : usize) + constant v_NULL'0 : UInt64.t = [%#slist_reversal_lasso13] (18446744073709551615 : UInt64.t) use prelude.prelude.Opaque @@ -740,13 +743,13 @@ module M_list_reversal_lasso__qyi2644757663130641572__list_reversal_loop [#"list { t_Unique__pointer'0: t_NonNull'0; t_Unique__qy95zmarker'0: () } type t_Cap'0 = - { t_Cap__0'0: usize } + { t_Cap__0'0: UInt64.t } type t_RawVec'0 = { t_RawVec__ptr'0: t_Unique'0; t_RawVec__cap'0: t_Cap'0; t_RawVec__alloc'0: () } type t_Vec'0 = - { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: usize } + { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: UInt64.t } type t_Memory'0 = { t_Memory__0'0: t_Vec'0 } @@ -755,25 +758,25 @@ module M_list_reversal_lasso__qyi2644757663130641572__list_reversal_loop [#"list use seq.Seq - constant v_MAX'0 : usize = (18446744073709551615 : usize) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 - function view'0 (self : t_Vec'0) : Seq.seq usize + function view'0 (self : t_Vec'0) : Seq.seq UInt64.t - axiom view'0_spec : forall self : t_Vec'0 . [%#svec27] Seq.length (view'0 self) <= UIntSize.to_int (v_MAX'0 : usize) + axiom view'0_spec : forall self : t_Vec'0 . [%#svec27] Seq.length (view'0 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) - predicate nonnull_ptr'0 [#"list_reversal_lasso.rs" 49 4 49 44] (self : t_Memory'0) (i : usize) = - [%#slist_reversal_lasso16] Seq.length (view'0 self.t_Memory__0'0) <= UIntSize.to_int (v_MAX'0 : usize) - /\ UIntSize.to_int i < Seq.length (view'0 self.t_Memory__0'0) + predicate nonnull_ptr'0 [#"list_reversal_lasso.rs" 49 4 49 44] (self : t_Memory'0) (i : UInt64.t) = + [%#slist_reversal_lasso16] Seq.length (view'0 self.t_Memory__0'0) <= UInt64.to_uint (v_MAX'0 : UInt64.t) + /\ UInt64.to_uint i < Seq.length (view'0 self.t_Memory__0'0) - function index_logic'2 [@inline:trivial] (self : t_Vec'0) (ix : usize) : usize = - [%#sops28] Seq.get (view'0 self) (UIntSize.to_int ix) + function index_logic'2 [@inline:trivial] (self : t_Vec'0) (ix : UInt64.t) : UInt64.t = + [%#sops28] Seq.get (view'0 self) (UInt64.to_uint ix) - function index_logic'1 [#"list_reversal_lasso.rs" 20 4 20 39] (self : t_Memory'0) (i : usize) : usize = + function index_logic'1 [#"list_reversal_lasso.rs" 20 4 20 39] (self : t_Memory'0) (i : UInt64.t) : UInt64.t = [%#slist_reversal_lasso17] index_logic'2 self.t_Memory__0'0 i - predicate list_seg'0 [#"list_reversal_lasso.rs" 81 4 81 81] (self : t_Memory'0) (first : usize) (s : Seq.seq usize) (last : usize) (l : int) (h : int) + predicate list_seg'0 [#"list_reversal_lasso.rs" 81 4 81 81] (self : t_Memory'0) (first : UInt64.t) (s : Seq.seq UInt64.t) (last : UInt64.t) (l : int) (h : int) = [%#slist_reversal_lasso14] first = (if h = l then last else Seq.get s l) @@ -784,43 +787,43 @@ module M_list_reversal_lasso__qyi2644757663130641572__list_reversal_loop [#"list use prelude.prelude.Snapshot - function index_logic'0 [@inline:trivial] (self : Snapshot.snap_ty (Seq.seq usize)) (ix : int) : usize = + function index_logic'0 [@inline:trivial] (self : Snapshot.snap_ty (Seq.seq UInt64.t)) (ix : int) : UInt64.t = [%#sops15] Seq.get (Snapshot.inner self) ix use prelude.prelude.Snapshot - let rec index_mut'0 (self:borrowed (t_Memory'0)) (i:usize) (return' (ret:borrowed usize))= {[@expl:index_mut requires] [%#slist_reversal_lasso18] nonnull_ptr'0 self.current i} + let rec index_mut'0 (self:borrowed (t_Memory'0)) (i:UInt64.t) (return' (ret:borrowed UInt64.t))= {[@expl:index_mut requires] [%#slist_reversal_lasso18] nonnull_ptr'0 self.current i} any - [ return' (result:borrowed usize)-> {[%#slist_reversal_lasso19] result.current = index_logic'1 self.current i} + [ return' (result:borrowed UInt64.t)-> {[%#slist_reversal_lasso19] result.current = index_logic'1 self.current i} {[%#slist_reversal_lasso20] result.final = index_logic'1 self.final i} {[%#slist_reversal_lasso21] Seq.length (view'0 (self.current).t_Memory__0'0) = Seq.length (view'0 (self.final).t_Memory__0'0)} - {[%#slist_reversal_lasso22] forall j : usize . nonnull_ptr'0 self.current j /\ i <> j + {[%#slist_reversal_lasso22] forall j : UInt64.t . nonnull_ptr'0 self.current j /\ i <> j -> index_logic'1 self.final j = index_logic'1 self.current j} (! return' {result}) ] - predicate inv'0 (_1 : borrowed usize) + predicate inv'0 (_1 : borrowed UInt64.t) - axiom inv_axiom'0 [@rewrite] : forall x : borrowed usize [inv'0 x] . inv'0 x = true + axiom inv_axiom'0 [@rewrite] : forall x : borrowed UInt64.t [inv'0 x] . inv'0 x = true - predicate inv'1 (_1 : usize) + predicate inv'1 (_1 : UInt64.t) - axiom inv_axiom'1 [@rewrite] : forall x : usize [inv'1 x] . inv'1 x = true + axiom inv_axiom'1 [@rewrite] : forall x : UInt64.t [inv'1 x] . inv'1 x = true - let rec replace'0 (dest:borrowed usize) (src:usize) (return' (ret:usize))= {[@expl:replace 'dest' type invariant] inv'0 dest} + let rec replace'0 (dest:borrowed UInt64.t) (src:UInt64.t) (return' (ret:UInt64.t))= {[@expl:replace 'dest' type invariant] inv'0 dest} {[@expl:replace 'src' type invariant] inv'1 src} any - [ return' (result:usize)-> {inv'1 result} + [ return' (result:UInt64.t)-> {inv'1 result} {[%#smem23] dest.final = src} {[%#smem24] result = dest.current} (! return' {result}) ] - predicate resolve'2 (self : borrowed usize) = + predicate resolve'2 (self : borrowed UInt64.t) = [%#sresolve29] self.final = self.current - predicate resolve'0 (_1 : borrowed usize) = + predicate resolve'0 (_1 : borrowed UInt64.t) = resolve'2 _1 predicate resolve'3 (self : borrowed (t_Memory'0)) = @@ -833,7 +836,7 @@ module M_list_reversal_lasso__qyi2644757663130641572__list_reversal_loop [#"list use seq.Seq - function push_front'0 [@inline:trivial] (self : Seq.seq usize) (x : usize) : Seq.seq usize = + function push_front'0 [@inline:trivial] (self : Seq.seq UInt64.t) (x : UInt64.t) : Seq.seq UInt64.t = [%#sseq25] Seq.cons x self use prelude.prelude.Intrinsic @@ -842,18 +845,19 @@ module M_list_reversal_lasso__qyi2644757663130641572__list_reversal_loop [#"list use prelude.prelude.Snapshot - predicate loopqy95z'0 [#"list_reversal_lasso.rs" 116 4 116 55] (self : t_Memory'0) (first : usize) (s : Seq.seq usize) + predicate loopqy95z'0 [#"list_reversal_lasso.rs" 116 4 116 55] (self : t_Memory'0) (first : UInt64.t) (s : Seq.seq UInt64.t) + = [%#slist_reversal_lasso26] list_seg'0 self first s (Seq.get s 0) 0 (Seq.length s) meta "compute_max_steps" 1000000 - let rec list_reversal_loop'0 (self:borrowed (t_Memory'0)) (l:usize) (s:Snapshot.snap_ty (Seq.seq usize)) (return' (ret:usize))= {[@expl:list_reversal_loop requires #0] [%#slist_reversal_lasso10] Seq.length (Snapshot.inner s) + let rec list_reversal_loop'0 (self:borrowed (t_Memory'0)) (l:UInt64.t) (s:Snapshot.snap_ty (Seq.seq UInt64.t)) (return' (ret:UInt64.t))= {[@expl:list_reversal_loop requires #0] [%#slist_reversal_lasso10] Seq.length (Snapshot.inner s) > 0} {[@expl:list_reversal_loop requires #1] [%#slist_reversal_lasso11] loopqy95z'0 self.current l (Snapshot.inner s)} (! bb0 [ bb0 = s0 - [ s0 = [ &r <- [%#slist_reversal_lasso0] (18446744073709551615 : usize) ] s1 + [ s0 = [ &r <- [%#slist_reversal_lasso0] (18446744073709551615 : UInt64.t) ] s1 | s1 = [ &n <- [%#slist_reversal_lasso1] Snapshot.new 0 ] s2 | s2 = bb1 ] @@ -876,7 +880,7 @@ module M_list_reversal_lasso__qyi2644757663130641572__list_reversal_loop [#"list - Snapshot.inner n) (Seq.length (Snapshot.inner s))} (! s0) [ s0 = bb3 ] [ bb3 = s0 - [ s0 = UIntSize.ne {l} {[%#slist_reversal_lasso6] (18446744073709551615 : usize)} + [ s0 = UInt64.ne {l} {[%#slist_reversal_lasso6] (18446744073709551615 : UInt64.t)} (fun (_ret':bool) -> [ &_17 <- _ret' ] s1) | s1 = any [ br0 -> {_17 = false} (! bb9) | br1 -> {_17} (! bb4) ] ] @@ -889,24 +893,24 @@ module M_list_reversal_lasso__qyi2644757663130641572__list_reversal_loop [#"list [ &_25 <- _ret' ] [ &self <- { self with current = _ret'.final } ] s2) - | s2 = index_mut'0 {_25} {l} (fun (_ret':borrowed usize) -> [ &_24 <- _ret' ] s3) + | s2 = index_mut'0 {_25} {l} (fun (_ret':borrowed UInt64.t) -> [ &_24 <- _ret' ] s3) | s3 = bb5 ] | bb5 = s0 - [ s0 = Borrow.borrow_final {_24.current} {Borrow.get_id _24} - (fun (_ret':borrowed usize) -> [ &_23 <- _ret' ] [ &_24 <- { _24 with current = _ret'.final } ] s1) - | s1 = Borrow.borrow_final {_23.current} {Borrow.get_id _23} - (fun (_ret':borrowed usize) -> [ &_22 <- _ret' ] [ &_23 <- { _23 with current = _ret'.final } ] s2) - | s2 = Borrow.borrow_mut {r} - (fun (_ret':borrowed usize) -> [ &_29 <- _ret' ] [ &r <- _ret'.final ] s3) - | s3 = Borrow.borrow_final {_29.current} {Borrow.get_id _29} - (fun (_ret':borrowed usize) -> [ &_28 <- _ret' ] [ &_29 <- { _29 with current = _ret'.final } ] s4) - | s4 = replace'0 {_28} {l} (fun (_ret':usize) -> [ &_27 <- _ret' ] s5) + [ s0 = Borrow.borrow_final {_24.current} {Borrow.get_id _24} + (fun (_ret':borrowed UInt64.t) -> [ &_23 <- _ret' ] [ &_24 <- { _24 with current = _ret'.final } ] s1) + | s1 = Borrow.borrow_final {_23.current} {Borrow.get_id _23} + (fun (_ret':borrowed UInt64.t) -> [ &_22 <- _ret' ] [ &_23 <- { _23 with current = _ret'.final } ] s2) + | s2 = Borrow.borrow_mut {r} + (fun (_ret':borrowed UInt64.t) -> [ &_29 <- _ret' ] [ &r <- _ret'.final ] s3) + | s3 = Borrow.borrow_final {_29.current} {Borrow.get_id _29} + (fun (_ret':borrowed UInt64.t) -> [ &_28 <- _ret' ] [ &_29 <- { _29 with current = _ret'.final } ] s4) + | s4 = replace'0 {_28} {l} (fun (_ret':UInt64.t) -> [ &_27 <- _ret' ] s5) | s5 = bb6 ] | bb6 = s0 [ s0 = -{resolve'0 _29}- s1 - | s1 = replace'0 {_22} {_27} (fun (_ret':usize) -> [ &_21 <- _ret' ] s2) + | s1 = replace'0 {_22} {_27} (fun (_ret':UInt64.t) -> [ &_21 <- _ret' ] s2) | s2 = bb7 ] | bb7 = s0 @@ -929,25 +933,25 @@ module M_list_reversal_lasso__qyi2644757663130641572__list_reversal_loop [#"list | s3 = return' {_0} ] ] ) - [ & _0 : usize = any_l () + [ & _0 : UInt64.t = any_l () | & self : borrowed (t_Memory'0) = self - | & l : usize = l - | & s : Snapshot.snap_ty (Seq.seq usize) = s - | & r : usize = any_l () + | & l : UInt64.t = l + | & s : Snapshot.snap_ty (Seq.seq UInt64.t) = s + | & r : UInt64.t = any_l () | & n : Snapshot.snap_ty int = any_l () | & _17 : bool = any_l () - | & _21 : usize = any_l () - | & _22 : borrowed usize = any_l () - | & _23 : borrowed usize = any_l () - | & _24 : borrowed usize = any_l () + | & _21 : UInt64.t = any_l () + | & _22 : borrowed UInt64.t = any_l () + | & _23 : borrowed UInt64.t = any_l () + | & _24 : borrowed UInt64.t = any_l () | & _25 : borrowed (t_Memory'0) = any_l () - | & _27 : usize = any_l () - | & _28 : borrowed usize = any_l () - | & _29 : borrowed usize = any_l () + | & _27 : UInt64.t = any_l () + | & _28 : borrowed UInt64.t = any_l () + | & _29 : borrowed UInt64.t = any_l () | & _31 : Snapshot.snap_ty int = any_l () | & old_2_0 : Snapshot.snap_ty (borrowed (t_Memory'0)) = any_l () ] - [ return' (result:usize)-> {[@expl:list_reversal_loop ensures] [%#slist_reversal_lasso12] loopqy95z'0 self.final result (push_front'0 (Reverse.reverse (Seq.([..]) (Snapshot.inner s) 1 (Seq.length (Snapshot.inner s)))) (index_logic'0 s 0))} + [ return' (result:UInt64.t)-> {[@expl:list_reversal_loop ensures] [%#slist_reversal_lasso12] loopqy95z'0 self.final result (push_front'0 (Reverse.reverse (Seq.([..]) (Snapshot.inner s) 1 (Seq.length (Snapshot.inner s)))) (index_logic'0 s 0))} (! return' {result}) ] end @@ -978,7 +982,9 @@ module M_list_reversal_lasso__qyi2644757663130641572__list_reversal_lasso [#"lis let%span sresolve23 = "../../../creusot-contracts/src/resolve.rs" 54 20 54 34 let%span sops24 = "../../../creusot-contracts/src/logic/ops.rs" 31 8 31 32 - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 use prelude.prelude.Snapshot @@ -988,15 +994,13 @@ module M_list_reversal_lasso__qyi2644757663130641572__list_reversal_lasso [#"lis use seq.Seq - use prelude.prelude.Int - use seq.Seq use prelude.prelude.Snapshot use seq.Seq - function index_logic'0 [@inline:trivial] (self : Snapshot.snap_ty (Seq.seq usize)) (ix : int) : usize = + function index_logic'0 [@inline:trivial] (self : Snapshot.snap_ty (Seq.seq UInt64.t)) (ix : int) : UInt64.t = [%#sops9] Seq.get (Snapshot.inner self) ix use prelude.prelude.Snapshot @@ -1005,7 +1009,7 @@ module M_list_reversal_lasso__qyi2644757663130641572__list_reversal_lasso [#"lis use seq.Reverse - constant v_NULL'0 : usize = [%#slist_reversal_lasso10] (18446744073709551615 : usize) + constant v_NULL'0 : UInt64.t = [%#slist_reversal_lasso10] (18446744073709551615 : UInt64.t) use prelude.prelude.Opaque @@ -1016,36 +1020,36 @@ module M_list_reversal_lasso__qyi2644757663130641572__list_reversal_lasso [#"lis { t_Unique__pointer'0: t_NonNull'0; t_Unique__qy95zmarker'0: () } type t_Cap'0 = - { t_Cap__0'0: usize } + { t_Cap__0'0: UInt64.t } type t_RawVec'0 = { t_RawVec__ptr'0: t_Unique'0; t_RawVec__cap'0: t_Cap'0; t_RawVec__alloc'0: () } type t_Vec'0 = - { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: usize } + { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: UInt64.t } type t_Memory'0 = { t_Memory__0'0: t_Vec'0 } - constant v_MAX'0 : usize = (18446744073709551615 : usize) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 - function view'0 (self : t_Vec'0) : Seq.seq usize + function view'0 (self : t_Vec'0) : Seq.seq UInt64.t - axiom view'0_spec : forall self : t_Vec'0 . [%#svec22] Seq.length (view'0 self) <= UIntSize.to_int (v_MAX'0 : usize) + axiom view'0_spec : forall self : t_Vec'0 . [%#svec22] Seq.length (view'0 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) - predicate nonnull_ptr'0 [#"list_reversal_lasso.rs" 49 4 49 44] (self : t_Memory'0) (i : usize) = - [%#slist_reversal_lasso20] Seq.length (view'0 self.t_Memory__0'0) <= UIntSize.to_int (v_MAX'0 : usize) - /\ UIntSize.to_int i < Seq.length (view'0 self.t_Memory__0'0) + predicate nonnull_ptr'0 [#"list_reversal_lasso.rs" 49 4 49 44] (self : t_Memory'0) (i : UInt64.t) = + [%#slist_reversal_lasso20] Seq.length (view'0 self.t_Memory__0'0) <= UInt64.to_uint (v_MAX'0 : UInt64.t) + /\ UInt64.to_uint i < Seq.length (view'0 self.t_Memory__0'0) - function index_logic'2 [@inline:trivial] (self : t_Vec'0) (ix : usize) : usize = - [%#sops24] Seq.get (view'0 self) (UIntSize.to_int ix) + function index_logic'2 [@inline:trivial] (self : t_Vec'0) (ix : UInt64.t) : UInt64.t = + [%#sops24] Seq.get (view'0 self) (UInt64.to_uint ix) - function index_logic'1 [#"list_reversal_lasso.rs" 20 4 20 39] (self : t_Memory'0) (i : usize) : usize = + function index_logic'1 [#"list_reversal_lasso.rs" 20 4 20 39] (self : t_Memory'0) (i : UInt64.t) : UInt64.t = [%#slist_reversal_lasso21] index_logic'2 self.t_Memory__0'0 i - predicate list_seg'0 [#"list_reversal_lasso.rs" 81 4 81 81] (self : t_Memory'0) (first : usize) (s : Seq.seq usize) (last : usize) (l : int) (h : int) + predicate list_seg'0 [#"list_reversal_lasso.rs" 81 4 81 81] (self : t_Memory'0) (first : UInt64.t) (s : Seq.seq UInt64.t) (last : UInt64.t) (l : int) (h : int) = [%#slist_reversal_lasso11] first = (if h = l then last else Seq.get s l) @@ -1056,38 +1060,38 @@ module M_list_reversal_lasso__qyi2644757663130641572__list_reversal_lasso [#"lis use prelude.prelude.Snapshot - let rec index_mut'0 (self:borrowed (t_Memory'0)) (i:usize) (return' (ret:borrowed usize))= {[@expl:index_mut requires] [%#slist_reversal_lasso12] nonnull_ptr'0 self.current i} + let rec index_mut'0 (self:borrowed (t_Memory'0)) (i:UInt64.t) (return' (ret:borrowed UInt64.t))= {[@expl:index_mut requires] [%#slist_reversal_lasso12] nonnull_ptr'0 self.current i} any - [ return' (result:borrowed usize)-> {[%#slist_reversal_lasso13] result.current = index_logic'1 self.current i} + [ return' (result:borrowed UInt64.t)-> {[%#slist_reversal_lasso13] result.current = index_logic'1 self.current i} {[%#slist_reversal_lasso14] result.final = index_logic'1 self.final i} {[%#slist_reversal_lasso15] Seq.length (view'0 (self.current).t_Memory__0'0) = Seq.length (view'0 (self.final).t_Memory__0'0)} - {[%#slist_reversal_lasso16] forall j : usize . nonnull_ptr'0 self.current j /\ i <> j + {[%#slist_reversal_lasso16] forall j : UInt64.t . nonnull_ptr'0 self.current j /\ i <> j -> index_logic'1 self.final j = index_logic'1 self.current j} (! return' {result}) ] - predicate inv'0 (_1 : borrowed usize) + predicate inv'0 (_1 : borrowed UInt64.t) - axiom inv_axiom'0 [@rewrite] : forall x : borrowed usize [inv'0 x] . inv'0 x = true + axiom inv_axiom'0 [@rewrite] : forall x : borrowed UInt64.t [inv'0 x] . inv'0 x = true - predicate inv'1 (_1 : usize) + predicate inv'1 (_1 : UInt64.t) - axiom inv_axiom'1 [@rewrite] : forall x : usize [inv'1 x] . inv'1 x = true + axiom inv_axiom'1 [@rewrite] : forall x : UInt64.t [inv'1 x] . inv'1 x = true - let rec replace'0 (dest:borrowed usize) (src:usize) (return' (ret:usize))= {[@expl:replace 'dest' type invariant] inv'0 dest} + let rec replace'0 (dest:borrowed UInt64.t) (src:UInt64.t) (return' (ret:UInt64.t))= {[@expl:replace 'dest' type invariant] inv'0 dest} {[@expl:replace 'src' type invariant] inv'1 src} any - [ return' (result:usize)-> {inv'1 result} + [ return' (result:UInt64.t)-> {inv'1 result} {[%#smem17] dest.final = src} {[%#smem18] result = dest.current} (! return' {result}) ] - predicate resolve'2 (self : borrowed usize) = + predicate resolve'2 (self : borrowed UInt64.t) = [%#sresolve23] self.final = self.current - predicate resolve'0 (_1 : borrowed usize) = + predicate resolve'0 (_1 : borrowed UInt64.t) = resolve'2 _1 predicate resolve'3 (self : borrowed (t_Memory'0)) = @@ -1102,7 +1106,7 @@ module M_list_reversal_lasso__qyi2644757663130641572__list_reversal_lasso [#"lis use prelude.prelude.Snapshot - predicate lasso'0 [#"list_reversal_lasso.rs" 151 4 151 70] (self : t_Memory'0) (first : usize) (s1 : Seq.seq usize) (s2 : Seq.seq usize) + predicate lasso'0 [#"list_reversal_lasso.rs" 151 4 151 70] (self : t_Memory'0) (first : UInt64.t) (s1 : Seq.seq UInt64.t) (s2 : Seq.seq UInt64.t) = [%#slist_reversal_lasso19] let mid = if Seq.length s2 = 0 then @@ -1117,10 +1121,10 @@ module M_list_reversal_lasso__qyi2644757663130641572__list_reversal_lasso [#"lis meta "compute_max_steps" 1000000 - let rec list_reversal_lasso'0 (self:borrowed (t_Memory'0)) (l:usize) (s1:Snapshot.snap_ty (Seq.seq usize)) (s2:Snapshot.snap_ty (Seq.seq usize)) (return' (ret:usize))= {[@expl:list_reversal_lasso requires] [%#slist_reversal_lasso7] lasso'0 self.current l (Snapshot.inner s1) (Snapshot.inner s2)} + let rec list_reversal_lasso'0 (self:borrowed (t_Memory'0)) (l:UInt64.t) (s1:Snapshot.snap_ty (Seq.seq UInt64.t)) (s2:Snapshot.snap_ty (Seq.seq UInt64.t)) (return' (ret:UInt64.t))= {[@expl:list_reversal_lasso requires] [%#slist_reversal_lasso7] lasso'0 self.current l (Snapshot.inner s1) (Snapshot.inner s2)} (! bb0 [ bb0 = s0 - [ s0 = [ &r <- [%#slist_reversal_lasso0] (18446744073709551615 : usize) ] s1 + [ s0 = [ &r <- [%#slist_reversal_lasso0] (18446744073709551615 : UInt64.t) ] s1 | s1 = [ &n <- [%#slist_reversal_lasso1] Snapshot.new 0 ] s2 | s2 = bb1 ] @@ -1163,7 +1167,7 @@ module M_list_reversal_lasso__qyi2644757663130641572__list_reversal_lasso [#"lis - 1)) 0 (Seq.length (Snapshot.inner s2))} (! s0) [ s0 = bb3 ] [ bb3 = s0 - [ s0 = UIntSize.ne {l} {[%#slist_reversal_lasso5] (18446744073709551615 : usize)} + [ s0 = UInt64.ne {l} {[%#slist_reversal_lasso5] (18446744073709551615 : UInt64.t)} (fun (_ret':bool) -> [ &_17 <- _ret' ] s1) | s1 = any [ br0 -> {_17 = false} (! bb9) | br1 -> {_17} (! bb4) ] ] @@ -1173,24 +1177,24 @@ module M_list_reversal_lasso__qyi2644757663130641572__list_reversal_lasso [#"lis [ &_23 <- _ret' ] [ &self <- { self with current = _ret'.final } ] s1) - | s1 = index_mut'0 {_23} {l} (fun (_ret':borrowed usize) -> [ &_22 <- _ret' ] s2) + | s1 = index_mut'0 {_23} {l} (fun (_ret':borrowed UInt64.t) -> [ &_22 <- _ret' ] s2) | s2 = bb5 ] | bb5 = s0 - [ s0 = Borrow.borrow_final {_22.current} {Borrow.get_id _22} - (fun (_ret':borrowed usize) -> [ &_21 <- _ret' ] [ &_22 <- { _22 with current = _ret'.final } ] s1) - | s1 = Borrow.borrow_final {_21.current} {Borrow.get_id _21} - (fun (_ret':borrowed usize) -> [ &_20 <- _ret' ] [ &_21 <- { _21 with current = _ret'.final } ] s2) - | s2 = Borrow.borrow_mut {r} - (fun (_ret':borrowed usize) -> [ &_27 <- _ret' ] [ &r <- _ret'.final ] s3) - | s3 = Borrow.borrow_final {_27.current} {Borrow.get_id _27} - (fun (_ret':borrowed usize) -> [ &_26 <- _ret' ] [ &_27 <- { _27 with current = _ret'.final } ] s4) - | s4 = replace'0 {_26} {l} (fun (_ret':usize) -> [ &_25 <- _ret' ] s5) + [ s0 = Borrow.borrow_final {_22.current} {Borrow.get_id _22} + (fun (_ret':borrowed UInt64.t) -> [ &_21 <- _ret' ] [ &_22 <- { _22 with current = _ret'.final } ] s1) + | s1 = Borrow.borrow_final {_21.current} {Borrow.get_id _21} + (fun (_ret':borrowed UInt64.t) -> [ &_20 <- _ret' ] [ &_21 <- { _21 with current = _ret'.final } ] s2) + | s2 = Borrow.borrow_mut {r} + (fun (_ret':borrowed UInt64.t) -> [ &_27 <- _ret' ] [ &r <- _ret'.final ] s3) + | s3 = Borrow.borrow_final {_27.current} {Borrow.get_id _27} + (fun (_ret':borrowed UInt64.t) -> [ &_26 <- _ret' ] [ &_27 <- { _27 with current = _ret'.final } ] s4) + | s4 = replace'0 {_26} {l} (fun (_ret':UInt64.t) -> [ &_25 <- _ret' ] s5) | s5 = bb6 ] | bb6 = s0 [ s0 = -{resolve'0 _27}- s1 - | s1 = replace'0 {_20} {_25} (fun (_ret':usize) -> [ &_19 <- _ret' ] s2) + | s1 = replace'0 {_20} {_25} (fun (_ret':UInt64.t) -> [ &_19 <- _ret' ] s2) | s2 = bb7 ] | bb7 = s0 @@ -1205,26 +1209,26 @@ module M_list_reversal_lasso__qyi2644757663130641572__list_reversal_lasso [#"lis | bb9 = s0 [ s0 = -{resolve'1 self}- s1 | s1 = [ &_0 <- r ] s2 | s2 = return' {_0} ] ] ) - [ & _0 : usize = any_l () + [ & _0 : UInt64.t = any_l () | & self : borrowed (t_Memory'0) = self - | & l : usize = l - | & s1 : Snapshot.snap_ty (Seq.seq usize) = s1 - | & s2 : Snapshot.snap_ty (Seq.seq usize) = s2 - | & r : usize = any_l () + | & l : UInt64.t = l + | & s1 : Snapshot.snap_ty (Seq.seq UInt64.t) = s1 + | & s2 : Snapshot.snap_ty (Seq.seq UInt64.t) = s2 + | & r : UInt64.t = any_l () | & n : Snapshot.snap_ty int = any_l () | & _17 : bool = any_l () - | & _19 : usize = any_l () - | & _20 : borrowed usize = any_l () - | & _21 : borrowed usize = any_l () - | & _22 : borrowed usize = any_l () + | & _19 : UInt64.t = any_l () + | & _20 : borrowed UInt64.t = any_l () + | & _21 : borrowed UInt64.t = any_l () + | & _22 : borrowed UInt64.t = any_l () | & _23 : borrowed (t_Memory'0) = any_l () - | & _25 : usize = any_l () - | & _26 : borrowed usize = any_l () - | & _27 : borrowed usize = any_l () + | & _25 : UInt64.t = any_l () + | & _26 : borrowed UInt64.t = any_l () + | & _27 : borrowed UInt64.t = any_l () | & _29 : Snapshot.snap_ty int = any_l () | & old_2_0 : Snapshot.snap_ty (borrowed (t_Memory'0)) = any_l () ] - [ return' (result:usize)-> {[@expl:list_reversal_lasso ensures] [%#slist_reversal_lasso8] lasso'0 self.final result (Snapshot.inner s1) (Reverse.reverse (Snapshot.inner s2))} + [ return' (result:UInt64.t)-> {[@expl:list_reversal_lasso ensures] [%#slist_reversal_lasso8] lasso'0 self.final result (Snapshot.inner s1) (Reverse.reverse (Snapshot.inner s2))} (! return' {result}) ] end @@ -1244,44 +1248,44 @@ module M_list_reversal_lasso__qyi2644757663130641572__find_ptr_in_seq [#"list_re use seq.Seq - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 use seq.Seq - constant s : Seq.seq usize + constant s : Seq.seq UInt64.t constant i : int constant p : int - function find_ptr_in_seq'0 [#"list_reversal_lasso.rs" 204 4 204 66] (s : Seq.seq usize) (i : int) (p : int) : t_Option'0 + function find_ptr_in_seq'0 [#"list_reversal_lasso.rs" 204 4 204 66] (s : Seq.seq UInt64.t) (i : int) (p : int) : t_Option'0 goal vc_find_ptr_in_seq'0 : ([%#slist_reversal_lasso0] 0 <= i /\ i <= Seq.length s) -> (if i = Seq.length s then [%#slist_reversal_lasso1] match C_None'0 with - | C_None'0 -> forall j : int . i <= j /\ j < Seq.length s -> UIntSize.to_int (Seq.get s j) <> p - | C_Some'0 j -> i <= j /\ j < Seq.length s /\ UIntSize.to_int (Seq.get s j) = p + | C_None'0 -> forall j : int . i <= j /\ j < Seq.length s -> UInt64.to_uint (Seq.get s j) <> p + | C_Some'0 j -> i <= j /\ j < Seq.length s /\ UInt64.to_uint (Seq.get s j) = p end else - if UIntSize.to_int (Seq.get s i) = p then + if UInt64.to_uint (Seq.get s i) = p then [%#slist_reversal_lasso1] match C_Some'0 i with - | C_None'0 -> forall j : int . i <= j /\ j < Seq.length s -> UIntSize.to_int (Seq.get s j) <> p - | C_Some'0 j -> i <= j /\ j < Seq.length s /\ UIntSize.to_int (Seq.get s j) = p + | C_None'0 -> forall j : int . i <= j /\ j < Seq.length s -> UInt64.to_uint (Seq.get s j) <> p + | C_Some'0 j -> i <= j /\ j < Seq.length s /\ UInt64.to_uint (Seq.get s j) = p end else (([@expl:find_ptr_in_seq requires] [%#slist_reversal_lasso0] 0 <= i + 1 /\ i + 1 <= Seq.length s) /\ 0 <= ([%#slist_reversal_lasso2] Seq.length s - i) /\ ([%#slist_reversal_lasso2] Seq.length s - (i + 1)) < ([%#slist_reversal_lasso2] Seq.length s - i)) /\ (([%#slist_reversal_lasso1] match find_ptr_in_seq'0 s (i + 1) p with - | C_None'0 -> forall j : int . i + 1 <= j /\ j < Seq.length s -> UIntSize.to_int (Seq.get s j) <> p - | C_Some'0 j -> i + 1 <= j /\ j < Seq.length s /\ UIntSize.to_int (Seq.get s j) = p + | C_None'0 -> forall j : int . i + 1 <= j /\ j < Seq.length s -> UInt64.to_uint (Seq.get s j) <> p + | C_Some'0 j -> i + 1 <= j /\ j < Seq.length s /\ UInt64.to_uint (Seq.get s j) = p end) -> ([%#slist_reversal_lasso1] match find_ptr_in_seq'0 s (i + 1) p with - | C_None'0 -> forall j : int . i <= j /\ j < Seq.length s -> UIntSize.to_int (Seq.get s j) <> p - | C_Some'0 j -> i <= j /\ j < Seq.length s /\ UIntSize.to_int (Seq.get s j) = p + | C_None'0 -> forall j : int . i <= j /\ j < Seq.length s -> UInt64.to_uint (Seq.get s j) <> p + | C_Some'0 j -> i <= j /\ j < Seq.length s /\ UInt64.to_uint (Seq.get s j) = p end)) ) @@ -1305,9 +1309,9 @@ module M_list_reversal_lasso__qyi2644757663130641572__pigeon [#"list_reversal_la use seq.Seq - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 use seq.Seq @@ -1315,51 +1319,51 @@ module M_list_reversal_lasso__qyi2644757663130641572__pigeon [#"list_reversal_la | C_None'0 | C_Some'0 int - function find_ptr_in_seq'0 [#"list_reversal_lasso.rs" 204 4 204 66] (s : Seq.seq usize) (i : int) (p : int) : t_Option'0 + function find_ptr_in_seq'0 [#"list_reversal_lasso.rs" 204 4 204 66] (s : Seq.seq UInt64.t) (i : int) (p : int) : t_Option'0 - axiom find_ptr_in_seq'0_def : forall s : Seq.seq usize, i : int, p : int . ([%#slist_reversal_lasso6] 0 <= i + axiom find_ptr_in_seq'0_def : forall s : Seq.seq UInt64.t, i : int, p : int . ([%#slist_reversal_lasso6] 0 <= i /\ i <= Seq.length s) -> find_ptr_in_seq'0 s i p = ([%#slist_reversal_lasso10] if i = Seq.length s then C_None'0 else - if UIntSize.to_int (Seq.get s i) = p then C_Some'0 i else find_ptr_in_seq'0 s (i + 1) p + if UInt64.to_uint (Seq.get s i) = p then C_Some'0 i else find_ptr_in_seq'0 s (i + 1) p ) - axiom find_ptr_in_seq'0_spec : forall s : Seq.seq usize, i : int, p : int . ([%#slist_reversal_lasso6] 0 <= i + axiom find_ptr_in_seq'0_spec : forall s : Seq.seq UInt64.t, i : int, p : int . ([%#slist_reversal_lasso6] 0 <= i /\ i <= Seq.length s) -> ([%#slist_reversal_lasso7] match find_ptr_in_seq'0 s i p with - | C_None'0 -> forall j : int . i <= j /\ j < Seq.length s -> UIntSize.to_int (Seq.get s j) <> p - | C_Some'0 j -> i <= j /\ j < Seq.length s /\ UIntSize.to_int (Seq.get s j) = p + | C_None'0 -> forall j : int . i <= j /\ j < Seq.length s -> UInt64.to_uint (Seq.get s j) <> p + | C_Some'0 j -> i <= j /\ j < Seq.length s /\ UInt64.to_uint (Seq.get s j) = p end) use seq.Seq use seq.Seq - constant s : Seq.seq usize + constant s : Seq.seq UInt64.t constant n : int - function pigeon'0 [#"list_reversal_lasso.rs" 219 4 219 42] (s : Seq.seq usize) (n : int) : bool + function pigeon'0 [#"list_reversal_lasso.rs" 219 4 219 42] (s : Seq.seq UInt64.t) (n : int) : bool goal vc_pigeon'0 : ([%#slist_reversal_lasso2] forall i : int, j : int . 0 <= i /\ i < Seq.length s /\ 0 <= j /\ j < Seq.length s /\ i <> j -> Seq.get s i <> Seq.get s j) - -> ([%#slist_reversal_lasso1] forall i : int . 0 <= i /\ i < Seq.length s -> UIntSize.to_int (Seq.get s i) < n) + -> ([%#slist_reversal_lasso1] forall i : int . 0 <= i /\ i < Seq.length s -> UInt64.to_uint (Seq.get s i) < n) -> ([%#slist_reversal_lasso0] 0 <= n) -> (if n = 0 then ([%#slist_reversal_lasso3] Seq.length s <= n) && ([%#slist_reversal_lasso4] true) else ([@expl:find_ptr_in_seq requires] [%#slist_reversal_lasso6] 0 <= 0 /\ 0 <= Seq.length s) /\ (([%#slist_reversal_lasso7] match find_ptr_in_seq'0 s 0 (n - 1) with - | C_None'0 -> forall j : int . 0 <= j /\ j < Seq.length s -> UIntSize.to_int (Seq.get s j) <> n - 1 - | C_Some'0 j -> 0 <= j /\ j < Seq.length s /\ UIntSize.to_int (Seq.get s j) = n - 1 + | C_None'0 -> forall j : int . 0 <= j /\ j < Seq.length s -> UInt64.to_uint (Seq.get s j) <> n - 1 + | C_Some'0 j -> 0 <= j /\ j < Seq.length s /\ UInt64.to_uint (Seq.get s j) = n - 1 end) -> match find_ptr_in_seq'0 s 0 (n - 1) with | C_None'0 -> ((([@expl:pigeon requires #0] [%#slist_reversal_lasso0] 0 <= n - 1) && ([@expl:pigeon requires #1] [%#slist_reversal_lasso1] forall i : int . 0 <= i /\ i < Seq.length s - -> UIntSize.to_int (Seq.get s i) < n - 1) + -> UInt64.to_uint (Seq.get s i) < n - 1) && ([@expl:pigeon requires #2] [%#slist_reversal_lasso2] forall i : int, j : int . 0 <= i /\ i < Seq.length s /\ 0 <= j /\ j < Seq.length s /\ i <> j -> Seq.get s i <> Seq.get s j)) /\ 0 <= ([%#slist_reversal_lasso5] n) /\ ([%#slist_reversal_lasso5] n - 1) < ([%#slist_reversal_lasso5] n)) @@ -1367,14 +1371,14 @@ module M_list_reversal_lasso__qyi2644757663130641572__pigeon [#"list_reversal_la -> ([%#slist_reversal_lasso3] Seq.length s <= n) && ([%#slist_reversal_lasso4] pigeon'0 s (n - 1))) | C_Some'0 i -> ([@expl:find_ptr_in_seq requires] [%#slist_reversal_lasso6] 0 <= i + 1 /\ i + 1 <= Seq.length s) /\ (([%#slist_reversal_lasso7] match find_ptr_in_seq'0 s (i + 1) (n - 1) with - | C_None'0 -> forall j : int . i + 1 <= j /\ j < Seq.length s -> UIntSize.to_int (Seq.get s j) <> n - 1 - | C_Some'0 j -> i + 1 <= j /\ j < Seq.length s /\ UIntSize.to_int (Seq.get s j) = n - 1 + | C_None'0 -> forall j : int . i + 1 <= j /\ j < Seq.length s -> UInt64.to_uint (Seq.get s j) <> n - 1 + | C_Some'0 j -> i + 1 <= j /\ j < Seq.length s /\ UInt64.to_uint (Seq.get s j) = n - 1 end) -> match find_ptr_in_seq'0 s (i + 1) (n - 1) with | C_None'0 -> ((([@expl:pigeon requires #0] [%#slist_reversal_lasso0] 0 <= n - 1) && ([@expl:pigeon requires #1] [%#slist_reversal_lasso1] forall i' : int . 0 <= i' /\ i' < Seq.length (Seq.(++) (Seq.([..]) s 0 i) (Seq.([..]) s (i + 1) (Seq.length s))) - -> UIntSize.to_int (Seq.get (Seq.(++) (Seq.([..]) s 0 i) (Seq.([..]) s (i + 1) (Seq.length s))) i') < n - 1) + -> UInt64.to_uint (Seq.get (Seq.(++) (Seq.([..]) s 0 i) (Seq.([..]) s (i + 1) (Seq.length s))) i') < n - 1) && ([@expl:pigeon requires #2] [%#slist_reversal_lasso2] forall i' : int, j : int . 0 <= i' /\ i' < Seq.length (Seq.(++) (Seq.([..]) s 0 i) (Seq.([..]) s (i + 1) (Seq.length s))) /\ 0 <= j /\ j < Seq.length (Seq.(++) (Seq.([..]) s 0 i) (Seq.([..]) s (i + 1) (Seq.length s))) /\ i' <> j @@ -1429,53 +1433,53 @@ module M_list_reversal_lasso__qyi2644757663130641572__find_lasso_aux [#"list_rev type t_Unique'0 = { t_Unique__pointer'0: t_NonNull'0; t_Unique__qy95zmarker'0: () } - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 type t_Cap'0 = - { t_Cap__0'0: usize } + { t_Cap__0'0: UInt64.t } type t_RawVec'0 = { t_RawVec__ptr'0: t_Unique'0; t_RawVec__cap'0: t_Cap'0; t_RawVec__alloc'0: () } type t_Vec'0 = - { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: usize } + { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: UInt64.t } type t_Memory'0 = { t_Memory__0'0: t_Vec'0 } use seq.Seq - constant v_MAX'0 : usize = (18446744073709551615 : usize) - - use prelude.prelude.UIntSize + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.Int + use prelude.prelude.UInt64 use seq.Seq - function view'0 (self : t_Vec'0) : Seq.seq usize + function view'0 (self : t_Vec'0) : Seq.seq UInt64.t - axiom view'0_spec : forall self : t_Vec'0 . [%#svec8] Seq.length (view'0 self) <= UIntSize.to_int (v_MAX'0 : usize) + axiom view'0_spec : forall self : t_Vec'0 . [%#svec8] Seq.length (view'0 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) - predicate nonnull_ptr'0 [#"list_reversal_lasso.rs" 49 4 49 44] (self : t_Memory'0) (i : usize) = - [%#slist_reversal_lasso18] Seq.length (view'0 self.t_Memory__0'0) <= UIntSize.to_int (v_MAX'0 : usize) - /\ UIntSize.to_int i < Seq.length (view'0 self.t_Memory__0'0) + predicate nonnull_ptr'0 [#"list_reversal_lasso.rs" 49 4 49 44] (self : t_Memory'0) (i : UInt64.t) = + [%#slist_reversal_lasso18] Seq.length (view'0 self.t_Memory__0'0) <= UInt64.to_uint (v_MAX'0 : UInt64.t) + /\ UInt64.to_uint i < Seq.length (view'0 self.t_Memory__0'0) use seq.Seq - function index_logic'1 [@inline:trivial] (self : t_Vec'0) (ix : usize) : usize = - [%#sops25] Seq.get (view'0 self) (UIntSize.to_int ix) + function index_logic'1 [@inline:trivial] (self : t_Vec'0) (ix : UInt64.t) : UInt64.t = + [%#sops25] Seq.get (view'0 self) (UInt64.to_uint ix) - function index_logic'0 [#"list_reversal_lasso.rs" 20 4 20 39] (self : t_Memory'0) (i : usize) : usize = + function index_logic'0 [#"list_reversal_lasso.rs" 20 4 20 39] (self : t_Memory'0) (i : UInt64.t) : UInt64.t = [%#slist_reversal_lasso24] index_logic'1 self.t_Memory__0'0 i - constant v_NULL'0 : usize = [%#slist_reversal_lasso17] (18446744073709551615 : usize) + constant v_NULL'0 : UInt64.t = [%#slist_reversal_lasso17] (18446744073709551615 : UInt64.t) predicate mem_is_well_formed'0 [#"list_reversal_lasso.rs" 55 4 55 43] (self : t_Memory'0) = - [%#slist_reversal_lasso16] forall i : usize . nonnull_ptr'0 self i + [%#slist_reversal_lasso16] forall i : UInt64.t . nonnull_ptr'0 self i -> index_logic'0 self i = v_NULL'0 \/ nonnull_ptr'0 self (index_logic'0 self i) - predicate list_seg'0 [#"list_reversal_lasso.rs" 81 4 81 81] (self : t_Memory'0) (first : usize) (s : Seq.seq usize) (last : usize) (l : int) (h : int) + predicate list_seg'0 [#"list_reversal_lasso.rs" 81 4 81 81] (self : t_Memory'0) (first : UInt64.t) (s : Seq.seq UInt64.t) (last : UInt64.t) (l : int) (h : int) = [%#slist_reversal_lasso19] first = (if h = l then last else Seq.get s l) @@ -1486,12 +1490,13 @@ module M_list_reversal_lasso__qyi2644757663130641572__find_lasso_aux [#"list_rev type t_Option'0 = | C_None'0 - | C_Some'0 (Seq.seq usize) + | C_Some'0 (Seq.seq UInt64.t) - predicate list'0 [#"list_reversal_lasso.rs" 91 4 91 54] (self : t_Memory'0) (first : usize) (s : Seq.seq usize) = + predicate list'0 [#"list_reversal_lasso.rs" 91 4 91 54] (self : t_Memory'0) (first : UInt64.t) (s : Seq.seq UInt64.t) + = [%#slist_reversal_lasso20] list_seg'0 self first s v_NULL'0 0 (Seq.length s) - predicate lasso'0 [#"list_reversal_lasso.rs" 151 4 151 70] (self : t_Memory'0) (first : usize) (s1 : Seq.seq usize) (s2 : Seq.seq usize) + predicate lasso'0 [#"list_reversal_lasso.rs" 151 4 151 70] (self : t_Memory'0) (first : UInt64.t) (s1 : Seq.seq UInt64.t) (s2 : Seq.seq UInt64.t) = [%#slist_reversal_lasso21] let mid = if Seq.length s2 = 0 then @@ -1508,33 +1513,33 @@ module M_list_reversal_lasso__qyi2644757663130641572__find_lasso_aux [#"list_rev | C_None'1 | C_Some'1 int - function find_ptr_in_seq'0 [#"list_reversal_lasso.rs" 204 4 204 66] (s : Seq.seq usize) (i : int) (p : int) : t_Option'1 + function find_ptr_in_seq'0 [#"list_reversal_lasso.rs" 204 4 204 66] (s : Seq.seq UInt64.t) (i : int) (p : int) : t_Option'1 - axiom find_ptr_in_seq'0_def : forall s : Seq.seq usize, i : int, p : int . ([%#slist_reversal_lasso5] 0 <= i + axiom find_ptr_in_seq'0_def : forall s : Seq.seq UInt64.t, i : int, p : int . ([%#slist_reversal_lasso5] 0 <= i /\ i <= Seq.length s) -> find_ptr_in_seq'0 s i p = ([%#slist_reversal_lasso22] if i = Seq.length s then C_None'1 else - if UIntSize.to_int (Seq.get s i) = p then C_Some'1 i else find_ptr_in_seq'0 s (i + 1) p + if UInt64.to_uint (Seq.get s i) = p then C_Some'1 i else find_ptr_in_seq'0 s (i + 1) p ) - axiom find_ptr_in_seq'0_spec : forall s : Seq.seq usize, i : int, p : int . ([%#slist_reversal_lasso5] 0 <= i + axiom find_ptr_in_seq'0_spec : forall s : Seq.seq UInt64.t, i : int, p : int . ([%#slist_reversal_lasso5] 0 <= i /\ i <= Seq.length s) -> ([%#slist_reversal_lasso6] match find_ptr_in_seq'0 s i p with - | C_None'1 -> forall j : int . i <= j /\ j < Seq.length s -> UIntSize.to_int (Seq.get s j) <> p - | C_Some'1 j -> i <= j /\ j < Seq.length s /\ UIntSize.to_int (Seq.get s j) = p + | C_None'1 -> forall j : int . i <= j /\ j < Seq.length s -> UInt64.to_uint (Seq.get s j) <> p + | C_Some'1 j -> i <= j /\ j < Seq.length s /\ UInt64.to_uint (Seq.get s j) = p end) use seq.Seq use seq.Seq - function pigeon'0 [#"list_reversal_lasso.rs" 219 4 219 42] (s : Seq.seq usize) (n : int) : bool + function pigeon'0 [#"list_reversal_lasso.rs" 219 4 219 42] (s : Seq.seq UInt64.t) (n : int) : bool - axiom pigeon'0_def : forall s : Seq.seq usize, n : int . ([%#slist_reversal_lasso9] 0 <= n) - -> ([%#slist_reversal_lasso10] forall i : int . 0 <= i /\ i < Seq.length s -> UIntSize.to_int (Seq.get s i) < n) + axiom pigeon'0_def : forall s : Seq.seq UInt64.t, n : int . ([%#slist_reversal_lasso9] 0 <= n) + -> ([%#slist_reversal_lasso10] forall i : int . 0 <= i /\ i < Seq.length s -> UInt64.to_uint (Seq.get s i) < n) -> ([%#slist_reversal_lasso11] forall i : int, j : int . 0 <= i /\ i < Seq.length s /\ 0 <= j /\ j < Seq.length s /\ i <> j -> Seq.get s i <> Seq.get s j) -> pigeon'0 s n @@ -1550,8 +1555,8 @@ module M_list_reversal_lasso__qyi2644757663130641572__find_lasso_aux [#"list_rev end ) - axiom pigeon'0_spec : forall s : Seq.seq usize, n : int . ([%#slist_reversal_lasso9] 0 <= n) - -> ([%#slist_reversal_lasso10] forall i : int . 0 <= i /\ i < Seq.length s -> UIntSize.to_int (Seq.get s i) < n) + axiom pigeon'0_spec : forall s : Seq.seq UInt64.t, n : int . ([%#slist_reversal_lasso9] 0 <= n) + -> ([%#slist_reversal_lasso10] forall i : int . 0 <= i /\ i < Seq.length s -> UInt64.to_uint (Seq.get s i) < n) -> ([%#slist_reversal_lasso11] forall i : int, j : int . 0 <= i /\ i < Seq.length s /\ 0 <= j /\ j < Seq.length s /\ i <> j -> Seq.get s i <> Seq.get s j) -> ([%#slist_reversal_lasso12] Seq.length s <= n) && ([%#slist_reversal_lasso13] pigeon'0 s n) @@ -1560,13 +1565,13 @@ module M_list_reversal_lasso__qyi2644757663130641572__find_lasso_aux [#"list_rev constant self : t_Memory'0 - constant first : usize + constant first : UInt64.t - constant last : usize + constant last : UInt64.t - constant s : Seq.seq usize + constant s : Seq.seq UInt64.t - function find_lasso_aux'0 [#"list_reversal_lasso.rs" 244 4 244 95] (self : t_Memory'0) (first : usize) (last : usize) (s : Seq.seq usize) : (Seq.seq usize, t_Option'0) + function find_lasso_aux'0 [#"list_reversal_lasso.rs" 244 4 244 95] (self : t_Memory'0) (first : UInt64.t) (last : UInt64.t) (s : Seq.seq UInt64.t) : (Seq.seq UInt64.t, t_Option'0) goal vc_find_lasso_aux'0 : ([%#slist_reversal_lasso2] list_seg'0 self first s last 0 (Seq.length s)) @@ -1579,16 +1584,15 @@ module M_list_reversal_lasso__qyi2644757663130641572__find_lasso_aux [#"list_rev end else ([@expl:find_ptr_in_seq requires] [%#slist_reversal_lasso5] 0 <= 0 /\ 0 <= Seq.length s) - /\ (([%#slist_reversal_lasso6] match find_ptr_in_seq'0 s 0 (UIntSize.to_int last) with - | C_None'1 -> forall j : int . 0 <= j /\ j < Seq.length s - -> UIntSize.to_int (Seq.get s j) <> UIntSize.to_int last - | C_Some'1 j -> 0 <= j /\ j < Seq.length s /\ UIntSize.to_int (Seq.get s j) = UIntSize.to_int last + /\ (([%#slist_reversal_lasso6] match find_ptr_in_seq'0 s 0 (UInt64.to_uint last) with + | C_None'1 -> forall j : int . 0 <= j /\ j < Seq.length s -> UInt64.to_uint (Seq.get s j) <> UInt64.to_uint last + | C_Some'1 j -> 0 <= j /\ j < Seq.length s /\ UInt64.to_uint (Seq.get s j) = UInt64.to_uint last end) - -> match find_ptr_in_seq'0 s 0 (UIntSize.to_int last) with - | C_None'1 -> ([%#svec8] Seq.length (view'0 self.t_Memory__0'0) <= UIntSize.to_int (v_MAX'0 : usize)) + -> match find_ptr_in_seq'0 s 0 (UInt64.to_uint last) with + | C_None'1 -> ([%#svec8] Seq.length (view'0 self.t_Memory__0'0) <= UInt64.to_uint (v_MAX'0 : UInt64.t)) -> (([@expl:pigeon requires #0] [%#slist_reversal_lasso9] 0 <= Seq.length (view'0 self.t_Memory__0'0)) && ([@expl:pigeon requires #1] [%#slist_reversal_lasso10] forall i : int . 0 <= i /\ i < Seq.length s - -> UIntSize.to_int (Seq.get s i) < Seq.length (view'0 self.t_Memory__0'0)) + -> UInt64.to_uint (Seq.get s i) < Seq.length (view'0 self.t_Memory__0'0)) && ([@expl:pigeon requires #2] [%#slist_reversal_lasso11] forall i : int, j : int . 0 <= i /\ i < Seq.length s /\ 0 <= j /\ j < Seq.length s /\ i <> j -> Seq.get s i <> Seq.get s j)) /\ (([%#slist_reversal_lasso12] Seq.length s <= Seq.length (view'0 self.t_Memory__0'0)) @@ -1663,57 +1667,57 @@ module M_list_reversal_lasso__qyi2644757663130641572__find_lasso [#"list_reversa type t_Unique'0 = { t_Unique__pointer'0: t_NonNull'0; t_Unique__qy95zmarker'0: () } - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 type t_Cap'0 = - { t_Cap__0'0: usize } + { t_Cap__0'0: UInt64.t } type t_RawVec'0 = { t_RawVec__ptr'0: t_Unique'0; t_RawVec__cap'0: t_Cap'0; t_RawVec__alloc'0: () } type t_Vec'0 = - { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: usize } + { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: UInt64.t } type t_Memory'0 = { t_Memory__0'0: t_Vec'0 } use seq.Seq - constant v_MAX'0 : usize = (18446744073709551615 : usize) - - use prelude.prelude.UIntSize + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.Int + use prelude.prelude.UInt64 use seq.Seq - function view'0 (self : t_Vec'0) : Seq.seq usize + function view'0 (self : t_Vec'0) : Seq.seq UInt64.t - axiom view'0_spec : forall self : t_Vec'0 . [%#svec16] Seq.length (view'0 self) <= UIntSize.to_int (v_MAX'0 : usize) + axiom view'0_spec : forall self : t_Vec'0 . [%#svec16] Seq.length (view'0 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) - predicate nonnull_ptr'0 [#"list_reversal_lasso.rs" 49 4 49 44] (self : t_Memory'0) (i : usize) = - [%#slist_reversal_lasso11] Seq.length (view'0 self.t_Memory__0'0) <= UIntSize.to_int (v_MAX'0 : usize) - /\ UIntSize.to_int i < Seq.length (view'0 self.t_Memory__0'0) + predicate nonnull_ptr'0 [#"list_reversal_lasso.rs" 49 4 49 44] (self : t_Memory'0) (i : UInt64.t) = + [%#slist_reversal_lasso11] Seq.length (view'0 self.t_Memory__0'0) <= UInt64.to_uint (v_MAX'0 : UInt64.t) + /\ UInt64.to_uint i < Seq.length (view'0 self.t_Memory__0'0) use seq.Seq - function index_logic'1 [@inline:trivial] (self : t_Vec'0) (ix : usize) : usize = - [%#sops29] Seq.get (view'0 self) (UIntSize.to_int ix) + function index_logic'1 [@inline:trivial] (self : t_Vec'0) (ix : UInt64.t) : UInt64.t = + [%#sops29] Seq.get (view'0 self) (UInt64.to_uint ix) - function index_logic'0 [#"list_reversal_lasso.rs" 20 4 20 39] (self : t_Memory'0) (i : usize) : usize = + function index_logic'0 [#"list_reversal_lasso.rs" 20 4 20 39] (self : t_Memory'0) (i : UInt64.t) : UInt64.t = [%#slist_reversal_lasso17] index_logic'1 self.t_Memory__0'0 i - constant v_NULL'0 : usize = [%#slist_reversal_lasso10] (18446744073709551615 : usize) + constant v_NULL'0 : UInt64.t = [%#slist_reversal_lasso10] (18446744073709551615 : UInt64.t) predicate mem_is_well_formed'0 [#"list_reversal_lasso.rs" 55 4 55 43] (self : t_Memory'0) = - [%#slist_reversal_lasso9] forall i : usize . nonnull_ptr'0 self i + [%#slist_reversal_lasso9] forall i : UInt64.t . nonnull_ptr'0 self i -> index_logic'0 self i = v_NULL'0 \/ nonnull_ptr'0 self (index_logic'0 self i) type t_Option'0 = | C_None'0 - | C_Some'0 (Seq.seq usize) + | C_Some'0 (Seq.seq UInt64.t) - predicate list_seg'0 [#"list_reversal_lasso.rs" 81 4 81 81] (self : t_Memory'0) (first : usize) (s : Seq.seq usize) (last : usize) (l : int) (h : int) + predicate list_seg'0 [#"list_reversal_lasso.rs" 81 4 81 81] (self : t_Memory'0) (first : UInt64.t) (s : Seq.seq UInt64.t) (last : UInt64.t) (l : int) (h : int) = [%#slist_reversal_lasso15] first = (if h = l then last else Seq.get s l) @@ -1722,10 +1726,11 @@ module M_list_reversal_lasso__qyi2644757663130641572__find_lasso [#"list_reversa /\ index_logic'0 self (Seq.get s i) = (if i = h - 1 then last else Seq.get s (i + 1))) /\ (forall i : int, j : int . l <= i /\ i < h /\ l <= j /\ j < h /\ i <> j -> Seq.get s i <> Seq.get s j) - predicate list'0 [#"list_reversal_lasso.rs" 91 4 91 54] (self : t_Memory'0) (first : usize) (s : Seq.seq usize) = + predicate list'0 [#"list_reversal_lasso.rs" 91 4 91 54] (self : t_Memory'0) (first : UInt64.t) (s : Seq.seq UInt64.t) + = [%#slist_reversal_lasso12] list_seg'0 self first s v_NULL'0 0 (Seq.length s) - predicate lasso'0 [#"list_reversal_lasso.rs" 151 4 151 70] (self : t_Memory'0) (first : usize) (s1 : Seq.seq usize) (s2 : Seq.seq usize) + predicate lasso'0 [#"list_reversal_lasso.rs" 151 4 151 70] (self : t_Memory'0) (first : UInt64.t) (s1 : Seq.seq UInt64.t) (s2 : Seq.seq UInt64.t) = [%#slist_reversal_lasso13] let mid = if Seq.length s2 = 0 then @@ -1748,29 +1753,29 @@ module M_list_reversal_lasso__qyi2644757663130641572__find_lasso [#"list_reversa use seq.Seq - function find_ptr_in_seq'0 [#"list_reversal_lasso.rs" 204 4 204 66] (s : Seq.seq usize) (i : int) (p : int) : t_Option'1 + function find_ptr_in_seq'0 [#"list_reversal_lasso.rs" 204 4 204 66] (s : Seq.seq UInt64.t) (i : int) (p : int) : t_Option'1 - axiom find_ptr_in_seq'0_def : forall s : Seq.seq usize, i : int, p : int . ([%#slist_reversal_lasso25] 0 <= i + axiom find_ptr_in_seq'0_def : forall s : Seq.seq UInt64.t, i : int, p : int . ([%#slist_reversal_lasso25] 0 <= i /\ i <= Seq.length s) -> find_ptr_in_seq'0 s i p = ([%#slist_reversal_lasso28] if i = Seq.length s then C_None'1 else - if UIntSize.to_int (Seq.get s i) = p then C_Some'1 i else find_ptr_in_seq'0 s (i + 1) p + if UInt64.to_uint (Seq.get s i) = p then C_Some'1 i else find_ptr_in_seq'0 s (i + 1) p ) - axiom find_ptr_in_seq'0_spec : forall s : Seq.seq usize, i : int, p : int . ([%#slist_reversal_lasso25] 0 <= i + axiom find_ptr_in_seq'0_spec : forall s : Seq.seq UInt64.t, i : int, p : int . ([%#slist_reversal_lasso25] 0 <= i /\ i <= Seq.length s) -> ([%#slist_reversal_lasso26] match find_ptr_in_seq'0 s i p with - | C_None'1 -> forall j : int . i <= j /\ j < Seq.length s -> UIntSize.to_int (Seq.get s j) <> p - | C_Some'1 j -> i <= j /\ j < Seq.length s /\ UIntSize.to_int (Seq.get s j) = p + | C_None'1 -> forall j : int . i <= j /\ j < Seq.length s -> UInt64.to_uint (Seq.get s j) <> p + | C_Some'1 j -> i <= j /\ j < Seq.length s /\ UInt64.to_uint (Seq.get s j) = p end) - function pigeon'0 [#"list_reversal_lasso.rs" 219 4 219 42] (s : Seq.seq usize) (n : int) : bool + function pigeon'0 [#"list_reversal_lasso.rs" 219 4 219 42] (s : Seq.seq UInt64.t) (n : int) : bool - axiom pigeon'0_def : forall s : Seq.seq usize, n : int . ([%#slist_reversal_lasso18] 0 <= n) - -> ([%#slist_reversal_lasso19] forall i : int . 0 <= i /\ i < Seq.length s -> UIntSize.to_int (Seq.get s i) < n) + axiom pigeon'0_def : forall s : Seq.seq UInt64.t, n : int . ([%#slist_reversal_lasso18] 0 <= n) + -> ([%#slist_reversal_lasso19] forall i : int . 0 <= i /\ i < Seq.length s -> UInt64.to_uint (Seq.get s i) < n) -> ([%#slist_reversal_lasso20] forall i : int, j : int . 0 <= i /\ i < Seq.length s /\ 0 <= j /\ j < Seq.length s /\ i <> j -> Seq.get s i <> Seq.get s j) -> pigeon'0 s n @@ -1786,25 +1791,25 @@ module M_list_reversal_lasso__qyi2644757663130641572__find_lasso [#"list_reversa end ) - axiom pigeon'0_spec : forall s : Seq.seq usize, n : int . ([%#slist_reversal_lasso18] 0 <= n) - -> ([%#slist_reversal_lasso19] forall i : int . 0 <= i /\ i < Seq.length s -> UIntSize.to_int (Seq.get s i) < n) + axiom pigeon'0_spec : forall s : Seq.seq UInt64.t, n : int . ([%#slist_reversal_lasso18] 0 <= n) + -> ([%#slist_reversal_lasso19] forall i : int . 0 <= i /\ i < Seq.length s -> UInt64.to_uint (Seq.get s i) < n) -> ([%#slist_reversal_lasso20] forall i : int, j : int . 0 <= i /\ i < Seq.length s /\ 0 <= j /\ j < Seq.length s /\ i <> j -> Seq.get s i <> Seq.get s j) -> ([%#slist_reversal_lasso21] Seq.length s <= n) && ([%#slist_reversal_lasso22] pigeon'0 s n) use seq.Seq - function find_lasso_aux'0 [#"list_reversal_lasso.rs" 244 4 244 95] (self : t_Memory'0) (first : usize) (last : usize) (s : Seq.seq usize) : (Seq.seq usize, t_Option'0) + function find_lasso_aux'0 [#"list_reversal_lasso.rs" 244 4 244 95] (self : t_Memory'0) (first : UInt64.t) (last : UInt64.t) (s : Seq.seq UInt64.t) : (Seq.seq UInt64.t, t_Option'0) - axiom find_lasso_aux'0_def : forall self : t_Memory'0, first : usize, last : usize, s : Seq.seq usize . ([%#slist_reversal_lasso3] mem_is_well_formed'0 self) + axiom find_lasso_aux'0_def : forall self : t_Memory'0, first : UInt64.t, last : UInt64.t, s : Seq.seq UInt64.t . ([%#slist_reversal_lasso3] mem_is_well_formed'0 self) -> ([%#slist_reversal_lasso4] last = v_NULL'0 \/ nonnull_ptr'0 self last) -> ([%#slist_reversal_lasso5] list_seg'0 self first s last 0 (Seq.length s)) -> find_lasso_aux'0 self first last s = ([%#slist_reversal_lasso14] if last = v_NULL'0 then (s, C_None'0) else - match find_ptr_in_seq'0 s 0 (UIntSize.to_int last) with + match find_ptr_in_seq'0 s 0 (UInt64.to_uint last) with | C_None'1 -> if pigeon'0 s (Seq.length (view'0 self.t_Memory__0'0)) then find_lasso_aux'0 self first (index_logic'0 self last) (Seq.snoc s last) else @@ -1814,7 +1819,7 @@ module M_list_reversal_lasso__qyi2644757663130641572__find_lasso [#"list_reversa end ) - axiom find_lasso_aux'0_spec : forall self : t_Memory'0, first : usize, last : usize, s : Seq.seq usize . ([%#slist_reversal_lasso3] mem_is_well_formed'0 self) + axiom find_lasso_aux'0_spec : forall self : t_Memory'0, first : UInt64.t, last : UInt64.t, s : Seq.seq UInt64.t . ([%#slist_reversal_lasso3] mem_is_well_formed'0 self) -> ([%#slist_reversal_lasso4] last = v_NULL'0 \/ nonnull_ptr'0 self last) -> ([%#slist_reversal_lasso5] list_seg'0 self first s last 0 (Seq.length s)) -> ([%#slist_reversal_lasso6] match find_lasso_aux'0 self first last s with @@ -1824,21 +1829,21 @@ module M_list_reversal_lasso__qyi2644757663130641572__find_lasso [#"list_reversa constant self : t_Memory'0 - constant first : usize + constant first : UInt64.t - function find_lasso'0 [#"list_reversal_lasso.rs" 270 4 270 71] (self : t_Memory'0) (first : usize) : (Seq.seq usize, t_Option'0) + function find_lasso'0 [#"list_reversal_lasso.rs" 270 4 270 71] (self : t_Memory'0) (first : UInt64.t) : (Seq.seq UInt64.t, t_Option'0) goal vc_find_lasso'0 : ([%#slist_reversal_lasso1] first = v_NULL'0 \/ nonnull_ptr'0 self first) -> ([%#slist_reversal_lasso0] mem_is_well_formed'0 self) -> (([@expl:find_lasso_aux requires #0] [%#slist_reversal_lasso3] mem_is_well_formed'0 self) && ([@expl:find_lasso_aux requires #1] [%#slist_reversal_lasso4] first = v_NULL'0 \/ nonnull_ptr'0 self first) - && ([@expl:find_lasso_aux requires #2] [%#slist_reversal_lasso5] list_seg'0 self first (Seq.empty : Seq.seq usize) first 0 (Seq.length (Seq.empty : Seq.seq usize)))) - /\ (([%#slist_reversal_lasso6] match find_lasso_aux'0 self first first (Seq.empty : Seq.seq usize) with + && ([@expl:find_lasso_aux requires #2] [%#slist_reversal_lasso5] list_seg'0 self first (Seq.empty : Seq.seq UInt64.t) first 0 (Seq.length (Seq.empty : Seq.seq UInt64.t)))) + /\ (([%#slist_reversal_lasso6] match find_lasso_aux'0 self first first (Seq.empty : Seq.seq UInt64.t) with | (s, C_None'0) -> list'0 self first s | (s1, C_Some'0 s2) -> lasso'0 self first s1 s2 end) - -> ([%#slist_reversal_lasso2] match find_lasso_aux'0 self first first (Seq.empty : Seq.seq usize) with + -> ([%#slist_reversal_lasso2] match find_lasso_aux'0 self first first (Seq.empty : Seq.seq UInt64.t) with | (s, C_None'0) -> list'0 self first s | (s1, C_Some'0 s2) -> lasso'0 self first s1 s2 end)) diff --git a/creusot/tests/should_succeed/loop.coma b/creusot/tests/should_succeed/loop.coma index 71f18110de..b0e14e2cc7 100644 --- a/creusot/tests/should_succeed/loop.coma +++ b/creusot/tests/should_succeed/loop.coma @@ -4,14 +4,16 @@ module M_loop__f [#"loop.rs" 3 0 3 10] let%span sloop2 = "loop.rs" 8 11 8 15 let%span sresolve3 = "../../../creusot-contracts/src/resolve.rs" 54 20 54 34 + use prelude.prelude.Int + use prelude.prelude.Int32 use prelude.prelude.Borrow - predicate resolve'1 (self : borrowed int32) = + predicate resolve'1 (self : borrowed Int32.t) = [%#sresolve3] self.final = self.current - predicate resolve'0 (_1 : borrowed int32) = + predicate resolve'0 (_1 : borrowed Int32.t) = resolve'1 _1 use prelude.prelude.Intrinsic @@ -20,15 +22,16 @@ module M_loop__f [#"loop.rs" 3 0 3 10] let rec f'0 (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 - [ s0 = [ &a <- [%#sloop0] (10 : int32) ] s1 - | s1 = Borrow.borrow_mut {a} (fun (_ret':borrowed int32) -> [ &b <- _ret' ] [ &a <- _ret'.final ] s2) - | s2 = [ &b <- { b with current = ([%#sloop1] (5 : int32)) } ] s3 + [ s0 = [ &a <- [%#sloop0] (10 : Int32.t) ] s1 + | s1 = Borrow.borrow_mut {a} + (fun (_ret':borrowed Int32.t) -> [ &b <- _ret' ] [ &a <- _ret'.final ] s2) + | s2 = [ &b <- { b with current = ([%#sloop1] (5 : Int32.t)) } ] s3 | s3 = -{resolve'0 b}- s4 | s4 = bb1 ] | bb1 = bb1 [ bb1 = (! bb2) [ bb2 = any [ br0 -> {false} (! bb4) | br1 -> {true} (! bb3) ] | bb4 = bb1 ] ] | bb3 = return' {_0} ] - ) [ & _0 : () = any_l () | & a : int32 = any_l () | & b : borrowed int32 = any_l () ] + ) [ & _0 : () = any_l () | & a : Int32.t = any_l () | & b : borrowed Int32.t = any_l () ] [ return' (result:())-> (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/mapping_test.coma b/creusot/tests/should_succeed/mapping_test.coma index 8f33c353a2..43ca613eba 100644 --- a/creusot/tests/should_succeed/mapping_test.coma +++ b/creusot/tests/should_succeed/mapping_test.coma @@ -15,8 +15,10 @@ module M_mapping_test__incr [#"mapping_test.rs" 29 0 29 18] use prelude.prelude.Int32 + use prelude.prelude.Int + type t_T'0 = - { t_T__a'0: int32 } + { t_T__a'0: Int32.t } use prelude.prelude.Borrow @@ -26,8 +28,6 @@ module M_mapping_test__incr [#"mapping_test.rs" 29 0 29 18] predicate resolve'0 (_1 : borrowed (t_T'0)) = resolve'1 _1 - use prelude.prelude.Int - use map.Map use prelude.prelude.Int32 @@ -64,8 +64,8 @@ module M_mapping_test__incr [#"mapping_test.rs" 29 0 29 18] (! bb0 [ bb0 = s0 [ s0 = [ &old_t <- [%#smapping_test0] Snapshot.new t ] s1 | s1 = bb1 ] | bb1 = s0 - [ s0 = Int32.add {(t.current).t_T__a'0} {[%#smapping_test1] (1 : int32)} - (fun (_ret':int32) -> [ &t <- { t with current = { t_T__a'0 = _ret' } } ] s1) + [ s0 = Int32.add {(t.current).t_T__a'0} {[%#smapping_test1] (1 : Int32.t)} + (fun (_ret':Int32.t) -> [ &t <- { t with current = { t_T__a'0 = _ret' } } ] s1) | s1 = -{resolve'0 t}- s2 | s2 = {[@expl:assertion] [%#smapping_test2] view'0 t.final = Map.set (view'1 old_t) (Int32.to_int ((Snapshot.inner old_t).current).t_T__a'0) 1} @@ -91,12 +91,12 @@ module M_mapping_test__f [#"mapping_test.rs" 37 0 37 10] let%span smodel9 = "../../../creusot-contracts/src/model.rs" 106 8 106 22 let%span sresolve10 = "../../../creusot-contracts/src/resolve.rs" 54 20 54 34 + use prelude.prelude.Int + use prelude.prelude.Int32 type t_T'0 = - { t_T__a'0: int32 } - - use prelude.prelude.Int + { t_T__a'0: Int32.t } use map.Map @@ -137,7 +137,7 @@ module M_mapping_test__f [#"mapping_test.rs" 37 0 37 10] let rec f'0 (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 - [ s0 = [ &x <- { t_T__a'0 = ([%#smapping_test0] (42 : int32)) } ] s1 + [ s0 = [ &x <- { t_T__a'0 = ([%#smapping_test0] (42 : Int32.t)) } ] s1 | s1 = {[@expl:assertion] [%#smapping_test1] Map.get (view'0 x) 13 = 1} s2 | s2 = {[@expl:assertion] [%#smapping_test2] Map.get (view'0 x) 42 = 0} s3 | s3 = Borrow.borrow_mut {x} (fun (_ret':borrowed (t_T'0)) -> [ &_8 <- _ret' ] [ &x <- _ret'.final ] s4) diff --git a/creusot/tests/should_succeed/match_int.coma b/creusot/tests/should_succeed/match_int.coma index fd1aaabcec..f767fcc134 100644 --- a/creusot/tests/should_succeed/match_int.coma +++ b/creusot/tests/should_succeed/match_int.coma @@ -8,6 +8,8 @@ module M_match_int__f [#"match_int.rs" 6 0 6 10] let%span smatch_int6 = "match_int.rs" 12 20 12 25 let%span smatch_int7 = "match_int.rs" 12 12 12 26 + use prelude.prelude.Int + use prelude.prelude.Int32 use prelude.prelude.Intrinsic @@ -16,12 +18,12 @@ module M_match_int__f [#"match_int.rs" 6 0 6 10] let rec f'0 (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 - [ s0 = [ &_1 <- [%#smatch_int0] (1 : int32) ] s1 - | s1 = Int32.le {[%#smatch_int1] (0 : int32)} {_1} (fun (_ret':bool) -> [ &_2 <- _ret' ] s2) + [ s0 = [ &_1 <- [%#smatch_int0] (1 : Int32.t) ] s1 + | s1 = Int32.le {[%#smatch_int1] (0 : Int32.t)} {_1} (fun (_ret':bool) -> [ &_2 <- _ret' ] s2) | s2 = any [ br0 -> {_2 = false} (! bb1) | br1 -> {_2} (! bb3) ] ] | bb3 = s0 - [ s0 = Int32.lt {_1} {[%#smatch_int1] (10 : int32)} (fun (_ret':bool) -> [ &_3 <- _ret' ] s1) + [ s0 = Int32.lt {_1} {[%#smatch_int1] (10 : Int32.t)} (fun (_ret':bool) -> [ &_3 <- _ret' ] s1) | s1 = any [ br0 -> {_3 = false} (! bb1) | br1 -> {_3} (! bb2) ] ] | bb2 = bb6 @@ -37,7 +39,7 @@ module M_match_int__f [#"match_int.rs" 6 0 6 10] | bb11 = bb14 | bb14 = return' {_0} | bb10 = {[%#smatch_int7] false} any ] - ) [ & _0 : () = any_l () | & _1 : int32 = any_l () | & _2 : bool = any_l () | & _3 : bool = any_l () ] + ) [ & _0 : () = any_l () | & _1 : Int32.t = any_l () | & _2 : bool = any_l () | & _3 : bool = any_l () ] [ return' (result:())-> (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/mc91.coma b/creusot/tests/should_succeed/mc91.coma index 090ca71d25..4c13747e6c 100644 --- a/creusot/tests/should_succeed/mc91.coma +++ b/creusot/tests/should_succeed/mc91.coma @@ -3,40 +3,110 @@ module M_mc91__mc91 [#"mc91.rs" 7 0 7 26] let%span smc911 = "mc91.rs" 9 12 9 14 let%span smc912 = "mc91.rs" 11 22 11 24 let%span smc913 = "mc91.rs" 5 10 6 38 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 78 39 78 89 + let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 83 39 83 86 + let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 88 39 88 86 + let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 93 39 93 89 + let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 98 39 98 70 + let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 103 40 103 57 + let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 104 40 104 57 + let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 105 39 105 56 + let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 110 40 110 70 + let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 111 39 111 72 + let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 116 40 116 73 + let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 117 39 117 69 + let%span sord16 = "../../../creusot-contracts/src/logic/ord.rs" 122 39 122 84 + let%span sord17 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 use prelude.prelude.UInt32 + use prelude.prelude.Int + use prelude.prelude.Intrinsic - use prelude.prelude.Int + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 + + use prelude.prelude.UInt32 + + function cmp_log'0 (self : UInt32.t) (o : UInt32.t) : t_Ordering'0 = + [%#sord17] if UInt32.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + + function eq_cmp'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom eq_cmp'0_spec : forall x : UInt32.t, y : UInt32.t . [%#sord16] (x = y) = (cmp_log'0 x y = C_Equal'0) + + function antisym2'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom antisym2'0_spec : forall x : UInt32.t, y : UInt32.t . ([%#sord14] cmp_log'0 x y = C_Greater'0) + -> ([%#sord15] cmp_log'0 y x = C_Less'0) + + function antisym1'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom antisym1'0_spec : forall x : UInt32.t, y : UInt32.t . ([%#sord12] cmp_log'0 x y = C_Less'0) + -> ([%#sord13] cmp_log'0 y x = C_Greater'0) + + function trans'0 (x : UInt32.t) (y : UInt32.t) (z : UInt32.t) (o : t_Ordering'0) : () + + axiom trans'0_spec : forall x : UInt32.t, y : UInt32.t, z : UInt32.t, o : t_Ordering'0 . ([%#sord9] cmp_log'0 x y = o) + -> ([%#sord10] cmp_log'0 y z = o) -> ([%#sord11] cmp_log'0 x z = o) + + function refl'0 (x : UInt32.t) : () + + axiom refl'0_spec : forall x : UInt32.t . [%#sord8] cmp_log'0 x x = C_Equal'0 + + use prelude.prelude.UInt32 + + function cmp_gt_log'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom cmp_gt_log'0_spec : forall x : UInt32.t, y : UInt32.t . [%#sord7] UInt32.ugt x y = (cmp_log'0 x y = C_Greater'0) + + use prelude.prelude.UInt32 + + function cmp_ge_log'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom cmp_ge_log'0_spec : forall x : UInt32.t, y : UInt32.t . [%#sord6] UInt32.uge x y = (cmp_log'0 x y <> C_Less'0) + + function cmp_lt_log'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom cmp_lt_log'0_spec : forall x : UInt32.t, y : UInt32.t . [%#sord5] UInt32.ult x y = (cmp_log'0 x y = C_Less'0) + + use prelude.prelude.UInt32 + + function cmp_le_log'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom cmp_le_log'0_spec : forall x : UInt32.t, y : UInt32.t . [%#sord4] UInt32.ule x y + = (cmp_log'0 x y <> C_Greater'0) meta "compute_max_steps" 1000000 - let rec mc91'0 (x:uint32) (return' (ret:uint32))= (! bb0 + let rec mc91'0 (x:UInt32.t) (return' (ret:UInt32.t))= (! bb0 [ bb0 = s0 - [ s0 = UInt32.gt {x} {[%#smc910] (100 : uint32)} (fun (_ret':bool) -> [ &_3 <- _ret' ] s1) + [ s0 = UInt32.gt {x} {[%#smc910] (100 : UInt32.t)} (fun (_ret':bool) -> [ &_3 <- _ret' ] s1) | s1 = any [ br0 -> {_3 = false} (! bb2) | br1 -> {_3} (! bb1) ] ] | bb1 = s0 - [ s0 = UInt32.sub {x} {[%#smc911] (10 : uint32)} (fun (_ret':uint32) -> [ &_0 <- _ret' ] s1) | s1 = bb5 ] + [ s0 = UInt32.sub {x} {[%#smc911] (10 : UInt32.t)} (fun (_ret':UInt32.t) -> [ &_0 <- _ret' ] s1) | s1 = bb5 ] | bb2 = s0 - [ s0 = UInt32.add {x} {[%#smc912] (11 : uint32)} (fun (_ret':uint32) -> [ &_7 <- _ret' ] s1) - | s1 = mc91'0 {_7} (fun (_ret':uint32) -> [ &_6 <- _ret' ] s2) + [ s0 = UInt32.add {x} {[%#smc912] (11 : UInt32.t)} (fun (_ret':UInt32.t) -> [ &_7 <- _ret' ] s1) + | s1 = mc91'0 {_7} (fun (_ret':UInt32.t) -> [ &_6 <- _ret' ] s2) | s2 = bb3 ] - | bb3 = s0 [ s0 = mc91'0 {_6} (fun (_ret':uint32) -> [ &_0 <- _ret' ] s1) | s1 = bb4 ] + | bb3 = s0 [ s0 = mc91'0 {_6} (fun (_ret':UInt32.t) -> [ &_0 <- _ret' ] s1) | s1 = bb4 ] | bb4 = bb5 | bb5 = return' {_0} ] ) - [ & _0 : uint32 = any_l () - | & x : uint32 = x + [ & _0 : UInt32.t = any_l () + | & x : UInt32.t = x | & _3 : bool = any_l () - | & _6 : uint32 = any_l () - | & _7 : uint32 = any_l () ] + | & _6 : UInt32.t = any_l () + | & _7 : UInt32.t = any_l () ] - [ return' (result:uint32)-> {[@expl:mc91 ensures] [%#smc913] x <= (100 : uint32) - -> result = (91 : uint32) /\ x > (100 : uint32) -> result = x - (10 : uint32)} + [ return' (result:UInt32.t)-> {[@expl:mc91 ensures] [%#smc913] UInt32.ule x (100 : UInt32.t) + -> result = (91 : UInt32.t) /\ UInt32.ugt x (100 : UInt32.t) -> result = x - (10 : UInt32.t)} (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/mutex.coma b/creusot/tests/should_succeed/mutex.coma index f54c048d09..8e29e216de 100644 --- a/creusot/tests/should_succeed/mutex.coma +++ b/creusot/tests/should_succeed/mutex.coma @@ -39,28 +39,28 @@ module M_mutex__qyi5425553346843331945__call [#"mutex.rs" 100 4 100 23] (* {[%#smutex5] inv'1 result} + let rec deref'0 (self:t_MutexGuard'0) (return' (ret:UInt32.t))= any + [ return' (result:UInt32.t)-> {[%#smutex5] inv'1 result} {[%#smutex6] inv'2 (Snapshot.inner self.t_MutexGuard__1'0) result} (! return' {result}) ] - predicate inv'3 (_1 : uint32) + predicate inv'3 (_1 : UInt32.t) - axiom inv_axiom'2 [@rewrite] : forall x : uint32 [inv'3 x] . inv'3 x = true + axiom inv_axiom'2 [@rewrite] : forall x : UInt32.t [inv'3 x] . inv'3 x = true - let rec set'0 (self:borrowed (t_MutexGuard'0)) (v:uint32) (return' (ret:()))= {[@expl:set 'v' type invariant] [%#smutex7] inv'3 v} + let rec set'0 (self:borrowed (t_MutexGuard'0)) (v:UInt32.t) (return' (ret:()))= {[@expl:set 'v' type invariant] [%#smutex7] inv'3 v} {[@expl:set requires] [%#smutex8] inv'2 (Snapshot.inner (self.current).t_MutexGuard__1'0) v} any [ return' (result:())-> (! return' {result}) ] @@ -70,16 +70,16 @@ module M_mutex__qyi5425553346843331945__call [#"mutex.rs" 100 4 100 23] (* [ &v <- _ret' ] s1) | s1 = bb1 ] - | bb1 = s0 [ s0 = deref'0 {v} (fun (_ret':uint32) -> [ &_5 <- _ret' ] s1) | s1 = bb2 ] + | bb1 = s0 [ s0 = deref'0 {v} (fun (_ret':UInt32.t) -> [ &_5 <- _ret' ] s1) | s1 = bb2 ] | bb2 = s0 [ s0 = [ &val' <- _5 ] s1 - | s1 = UInt32.lt {val'} {[%#smutex0] (100000 : uint32)} (fun (_ret':bool) -> [ &_7 <- _ret' ] s2) + | s1 = UInt32.lt {val'} {[%#smutex0] (100000 : UInt32.t)} (fun (_ret':bool) -> [ &_7 <- _ret' ] s2) | s2 = any [ br0 -> {_7 = false} (! bb5) | br1 -> {_7} (! bb3) ] ] | bb3 = s0 [ s0 = Borrow.borrow_mut {v} (fun (_ret':borrowed (t_MutexGuard'0)) -> [ &_10 <- _ret' ] [ &v <- _ret'.final ] s1) - | s1 = UInt32.add {val'} {[%#smutex1] (2 : uint32)} (fun (_ret':uint32) -> [ &_11 <- _ret' ] s2) + | s1 = UInt32.add {val'} {[%#smutex1] (2 : UInt32.t)} (fun (_ret':UInt32.t) -> [ &_11 <- _ret' ] s2) | s2 = set'0 {_10} {_11} (fun (_ret':()) -> [ &_9 <- _ret' ] s3) | s3 = bb4 ] @@ -87,7 +87,7 @@ module M_mutex__qyi5425553346843331945__call [#"mutex.rs" 100 4 100 23] (* {v} (fun (_ret':borrowed (t_MutexGuard'0)) -> [ &_14 <- _ret' ] [ &v <- _ret'.final ] s1) - | s1 = set'0 {_14} {[%#smutex2] (0 : uint32)} (fun (_ret':()) -> [ &_13 <- _ret' ] s2) + | s1 = set'0 {_14} {[%#smutex2] (0 : UInt32.t)} (fun (_ret':()) -> [ &_13 <- _ret' ] s2) | s2 = bb6 ] | bb6 = bb7 @@ -97,12 +97,12 @@ module M_mutex__qyi5425553346843331945__call [#"mutex.rs" 100 4 100 23] (* (! return' {result}) ] @@ -126,11 +126,13 @@ module M_mutex__concurrent [#"mutex.rs" 163 0 163 19] let%span smutex15 = "mutex.rs" 149 4 149 16 let%span smutex16 = "mutex.rs" 97 8 97 12 + use prelude.prelude.Int + use prelude.prelude.UInt32 - predicate inv'0 (_1 : uint32) + predicate inv'0 (_1 : UInt32.t) - axiom inv_axiom'0 [@rewrite] : forall x : uint32 [inv'0 x] . inv'0 x = true + axiom inv_axiom'0 [@rewrite] : forall x : UInt32.t [inv'0 x] . inv'0 x = true predicate inv'1 (_1 : ()) @@ -138,10 +140,8 @@ module M_mutex__concurrent [#"mutex.rs" 163 0 163 19] use prelude.prelude.Borrow - use prelude.prelude.Int - - predicate inv'2 [#"mutex.rs" 66 4 66 33] (self : ()) (x : uint32) = - [%#smutex12] mod x (2 : uint32) = (0 : uint32) + predicate inv'2 [#"mutex.rs" 66 4 66 33] (self : ()) (x : UInt32.t) = + [%#smutex12] mod x (2 : UInt32.t) = (0 : UInt32.t) type t_MutexInner'0 @@ -152,7 +152,7 @@ module M_mutex__concurrent [#"mutex.rs" 163 0 163 19] axiom inv_axiom'2 [@rewrite] : forall x : t_Mutex'0 [inv'3 x] . inv'3 x = true - let rec new'0 (val':uint32) (i:()) (return' (ret:t_Mutex'0))= {[@expl:new 'val' type invariant] [%#smutex1] inv'0 val'} + let rec new'0 (val':UInt32.t) (i:()) (return' (ret:t_Mutex'0))= {[@expl:new 'val' type invariant] [%#smutex1] inv'0 val'} {[@expl:new 'i' type invariant] [%#smutex2] inv'1 i} {[@expl:new requires] [%#smutex3] inv'2 i val'} any [ return' (result:t_Mutex'0)-> {[%#smutex4] inv'3 result} (! return' {result}) ] @@ -234,7 +234,7 @@ module M_mutex__concurrent [#"mutex.rs" 163 0 163 19] let rec concurrent'0 (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &_5 <- () ] s1 - | s1 = new'0 {[%#smutex0] (0 : uint32)} {_5} (fun (_ret':t_Mutex'0) -> [ &_4 <- _ret' ] s2) + | s1 = new'0 {[%#smutex0] (0 : UInt32.t)} {_5} (fun (_ret':t_Mutex'0) -> [ &_4 <- _ret' ] s2) | s2 = bb1 ] | bb1 = bb2 diff --git a/creusot/tests/should_succeed/one_side_update.coma b/creusot/tests/should_succeed/one_side_update.coma index 042dd80f56..528ecb1c90 100644 --- a/creusot/tests/should_succeed/one_side_update.coma +++ b/creusot/tests/should_succeed/one_side_update.coma @@ -4,10 +4,12 @@ module M_one_side_update__f [#"one_side_update.rs" 5 0 5 10] let%span sone_side_update2 = "one_side_update.rs" 11 19 11 20 let%span sresolve3 = "../../../creusot-contracts/src/resolve.rs" 54 20 54 34 - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 type t_MyInt'0 = - { t_MyInt__0'0: usize } + { t_MyInt__0'0: UInt64.t } use prelude.prelude.Borrow @@ -23,14 +25,14 @@ module M_one_side_update__f [#"one_side_update.rs" 5 0 5 10] let rec f'0 (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 - [ s0 = [ &a <- { t_MyInt__0'0 = ([%#sone_side_update1] (10 : usize)) } ] s1 + [ s0 = [ &a <- { t_MyInt__0'0 = ([%#sone_side_update1] (10 : UInt64.t)) } ] s1 | s1 = Borrow.borrow_mut {a} (fun (_ret':borrowed (t_MyInt'0)) -> [ &b <- _ret' ] [ &a <- _ret'.final ] s2) | s2 = any [ br0 -> {false} (! bb2) | br1 -> {true} (! bb1) ] ] | bb1 = s0 [ s0 = -{resolve'0 b}- s1 | s1 = bb3 ] | bb2 = s0 - [ s0 = [ &_6 <- { t_MyInt__0'0 = ([%#sone_side_update2] (5 : usize)) } ] s1 + [ s0 = [ &_6 <- { t_MyInt__0'0 = ([%#sone_side_update2] (5 : UInt64.t)) } ] s1 | s1 = [ &b <- { b with current = _6 } ] s2 | s2 = -{resolve'0 b}- s3 | s3 = bb3 ] diff --git a/creusot/tests/should_succeed/open_inv.coma b/creusot/tests/should_succeed/open_inv.coma index b14844b872..e26fdb5517 100644 --- a/creusot/tests/should_succeed/open_inv.coma +++ b/creusot/tests/should_succeed/open_inv.coma @@ -1,10 +1,12 @@ module M_open_inv__test_open_inv_param [#"open_inv.rs" 15 0 15 58] use prelude.prelude.Intrinsic + use prelude.prelude.Int + use prelude.prelude.Int32 type t_IsZero'0 = - { t_IsZero__0'0: int32 } + { t_IsZero__0'0: Int32.t } meta "compute_max_steps" 1000000 @@ -16,10 +18,12 @@ module M_open_inv__test_open_inv_param_call [#"open_inv.rs" 16 0 16 33] let%span sopen_inv0 = "open_inv.rs" 17 23 17 24 let%span sopen_inv1 = "open_inv.rs" 18 11 18 12 + use prelude.prelude.Int + use prelude.prelude.Int32 type t_IsZero'0 = - { t_IsZero__0'0: int32 } + { t_IsZero__0'0: Int32.t } let rec test_open_inv_param'0 (_1:t_IsZero'0) (return' (ret:()))= any [ return' (result:())-> (! return' {result}) ] @@ -29,9 +33,9 @@ module M_open_inv__test_open_inv_param_call [#"open_inv.rs" 16 0 16 33] let rec test_open_inv_param_call'0 (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 - [ s0 = [ &a <- { t_IsZero__0'0 = ([%#sopen_inv0] (0 : int32)) } ] s1 - | s1 = Int32.sub {a.t_IsZero__0'0} {[%#sopen_inv1] (1 : int32)} - (fun (_ret':int32) -> [ &a <- { t_IsZero__0'0 = _ret' } ] s2) + [ s0 = [ &a <- { t_IsZero__0'0 = ([%#sopen_inv0] (0 : Int32.t)) } ] s1 + | s1 = Int32.sub {a.t_IsZero__0'0} {[%#sopen_inv1] (1 : Int32.t)} + (fun (_ret':Int32.t) -> [ &a <- { t_IsZero__0'0 = _ret' } ] s2) | s2 = test_open_inv_param'0 {a} (fun (_ret':()) -> [ &_2 <- _ret' ] s3) | s3 = bb1 ] @@ -44,10 +48,12 @@ module M_open_inv__test_open_inv_result [#"open_inv.rs" 23 0 23 39] let%span sopen_inv0 = "open_inv.rs" 24 23 24 24 let%span sopen_inv1 = "open_inv.rs" 25 11 25 12 + use prelude.prelude.Int + use prelude.prelude.Int32 type t_IsZero'0 = - { t_IsZero__0'0: int32 } + { t_IsZero__0'0: Int32.t } use prelude.prelude.Intrinsic @@ -55,9 +61,9 @@ module M_open_inv__test_open_inv_result [#"open_inv.rs" 23 0 23 39] let rec test_open_inv_result'0 (_1:()) (return' (ret:t_IsZero'0))= (! bb0 [ bb0 = s0 - [ s0 = [ &a <- { t_IsZero__0'0 = ([%#sopen_inv0] (0 : int32)) } ] s1 - | s1 = Int32.sub {a.t_IsZero__0'0} {[%#sopen_inv1] (1 : int32)} - (fun (_ret':int32) -> [ &a <- { t_IsZero__0'0 = _ret' } ] s2) + [ s0 = [ &a <- { t_IsZero__0'0 = ([%#sopen_inv0] (0 : Int32.t)) } ] s1 + | s1 = Int32.sub {a.t_IsZero__0'0} {[%#sopen_inv1] (1 : Int32.t)} + (fun (_ret':Int32.t) -> [ &a <- { t_IsZero__0'0 = _ret' } ] s2) | s2 = [ &_0 <- a ] s3 | s3 = return' {_0} ] ] diff --git a/creusot/tests/should_succeed/open_inv/why3session.xml b/creusot/tests/should_succeed/open_inv/why3session.xml index 5213f46573..9251252ae9 100644 --- a/creusot/tests/should_succeed/open_inv/why3session.xml +++ b/creusot/tests/should_succeed/open_inv/why3session.xml @@ -6,13 +6,13 @@ - - + + - - + + diff --git a/creusot/tests/should_succeed/open_inv/why3shapes.gz b/creusot/tests/should_succeed/open_inv/why3shapes.gz index b4b4867aed273f86fe4d06d1282d541218287623..1c50ee293baa35e42fd893f1d0e8464697a5f557 100644 GIT binary patch literal 184 zcmV;p07w5HiwFP!00000|Ba8$3c@fDgztHZ9JL@M{Rvd+p`JVl-g*t2x?;g5rJGvy z>22&m1O;z1`|S+OBI0z04vAl}r^eYeS3FuWpbJ(4TDWOytk*z#Tg90w1Aw-%pXW;K zfd&KK&At|IDGyM&+xfeGO<_!> mP#clOO2klSCIOR+qs%i%6rR#lak&%!Jv{*hD>)t?0RRA$Pf@S{ literal 117 zcmb2|=3oGW|CcWWX`J)W@z4#^@YdBjcjo-&AcNowm!5c?In(WbO8>04rr#A`os<3N z&uDv^H5l^j3@YaK(t3Q*YUd6eot{aPbbT-JobBa3JBcUg5|6G [ &_4 <- _ret' ] s3) | s3 = bb1 ] @@ -88,52 +90,54 @@ module M_option__unwrap [#"option.rs" 15 0 15 15] let%span soption26 = "option.rs" 36 22 36 36 let%span snum27 = "../../../creusot-contracts/src/std/num.rs" 29 28 29 32 + use prelude.prelude.Int + use prelude.prelude.Int32 type t_Option'0 = | C_None'0 - | C_Some'0 int32 + | C_Some'0 Int32.t predicate inv'0 (_1 : t_Option'0) axiom inv_axiom'0 [@rewrite] : forall x : t_Option'0 [inv'0 x] . inv'0 x = true - predicate inv'1 (_1 : int32) + predicate inv'1 (_1 : Int32.t) - axiom inv_axiom'1 [@rewrite] : forall x : int32 [inv'1 x] . inv'1 x = true + axiom inv_axiom'1 [@rewrite] : forall x : Int32.t [inv'1 x] . inv'1 x = true - let rec unwrap'1 (self:t_Option'0) (return' (ret:int32))= {[@expl:unwrap 'self' type invariant] inv'0 self} + let rec unwrap'1 (self:t_Option'0) (return' (ret:Int32.t))= {[@expl:unwrap 'self' type invariant] inv'0 self} {[@expl:unwrap requires] [%#soption22] self <> C_None'0} - any [ return' (result:int32)-> {inv'1 result} {[%#soption22] C_Some'0 result = self} (! return' {result}) ] + any [ return' (result:Int32.t)-> {inv'1 result} {[%#soption22] C_Some'0 result = self} (! return' {result}) ] use prelude.prelude.Borrow - let rec expect'0 (self:t_Option'0) (msg:string) (return' (ret:int32))= {[@expl:expect 'self' type invariant] inv'0 self} + let rec expect'0 (self:t_Option'0) (msg:string) (return' (ret:Int32.t))= {[@expl:expect 'self' type invariant] inv'0 self} {[@expl:expect requires] [%#soption22] self <> C_None'0} - any [ return' (result:int32)-> {inv'1 result} {[%#soption22] C_Some'0 result = self} (! return' {result}) ] + any [ return' (result:Int32.t)-> {inv'1 result} {[%#soption22] C_Some'0 result = self} (! return' {result}) ] - let rec unwrap_or'0 (self:t_Option'0) (default:int32) (return' (ret:int32))= {[@expl:unwrap_or 'self' type invariant] inv'0 self} + let rec unwrap_or'0 (self:t_Option'0) (default:Int32.t) (return' (ret:Int32.t))= {[@expl:unwrap_or 'self' type invariant] inv'0 self} {[@expl:unwrap_or 'default' type invariant] inv'1 default} any - [ return' (result:int32)-> {inv'1 result} + [ return' (result:Int32.t)-> {inv'1 result} {[%#soption22] self = C_None'0 -> result = default} {[%#soption22] self = C_None'0 \/ self = C_Some'0 result} (! return' {result}) ] - predicate is_default'0 (self : int32) = - [%#snum27] self = (0 : int32) + predicate is_default'0 (self : Int32.t) = + [%#snum27] self = (0 : Int32.t) - let rec unwrap_or_default'0 (self:t_Option'0) (return' (ret:int32))= {[@expl:unwrap_or_default 'self' type invariant] inv'0 self} + let rec unwrap_or_default'0 (self:t_Option'0) (return' (ret:Int32.t))= {[@expl:unwrap_or_default 'self' type invariant] inv'0 self} any - [ return' (result:int32)-> {inv'1 result} + [ return' (result:Int32.t)-> {inv'1 result} {[%#soption22] self = C_None'0 -> is_default'0 result} {[%#soption22] self = C_None'0 \/ self = C_Some'0 result} (! return' {result}) ] - let rec closure0'0 (_1:()) (return' (ret:int32))= {[@expl:closure requires] [%#soption23] false} - (! bb0 [ bb0 = {false} any ] ) [ return' (result:int32)-> (! return' {result}) ] + let rec closure0'0 (_1:()) (return' (ret:Int32.t))= {[@expl:closure requires] [%#soption23] false} + (! bb0 [ bb0 = {false} any ] ) [ return' (result:Int32.t)-> (! return' {result}) ] predicate inv'2 (_1 : ()) @@ -142,14 +146,14 @@ module M_option__unwrap [#"option.rs" 15 0 15 15] predicate precondition'0 (self : ()) (args : ()) = [%#soption23] let () = args in false - predicate postcondition_once'0 (self : ()) (args : ()) (result : int32) = + predicate postcondition_once'0 (self : ()) (args : ()) (result : Int32.t) = let () = args in true - let rec unwrap_or_else'0 (self:t_Option'0) (f:()) (return' (ret:int32))= {[@expl:unwrap_or_else 'self' type invariant] inv'0 self} + let rec unwrap_or_else'0 (self:t_Option'0) (f:()) (return' (ret:Int32.t))= {[@expl:unwrap_or_else 'self' type invariant] inv'0 self} {[@expl:unwrap_or_else 'f' type invariant] inv'2 f} {[@expl:unwrap_or_else requires] [%#soption22] self = C_None'0 -> precondition'0 f ()} any - [ return' (result:int32)-> {inv'1 result} + [ return' (result:Int32.t)-> {inv'1 result} {[%#soption24] match self with | C_None'0 -> postcondition_once'0 f () result | C_Some'0 t -> result = t @@ -159,10 +163,10 @@ module M_option__unwrap [#"option.rs" 15 0 15 15] use prelude.prelude.Intrinsic - let rec closure1'0 (_1:()) (return' (ret:int32))= (! bb0 - [ bb0 = s0 [ s0 = [ &res <- [%#soption25] (3 : int32) ] s1 | s1 = [ &_0 <- res ] s2 | s2 = return' {_0} ] ] - ) [ & _0 : int32 = any_l () | & res : int32 = any_l () ] - [ return' (result:int32)-> {[@expl:closure ensures] [%#soption26] result = (3 : int32)} (! return' {result}) ] + let rec closure1'0 (_1:()) (return' (ret:Int32.t))= (! bb0 + [ bb0 = s0 [ s0 = [ &res <- [%#soption25] (3 : Int32.t) ] s1 | s1 = [ &_0 <- res ] s2 | s2 = return' {_0} ] ] + ) [ & _0 : Int32.t = any_l () | & res : Int32.t = any_l () ] + [ return' (result:Int32.t)-> {[@expl:closure ensures] [%#soption26] result = (3 : Int32.t)} (! return' {result}) ] predicate inv'3 (_1 : ()) @@ -172,14 +176,14 @@ module M_option__unwrap [#"option.rs" 15 0 15 15] predicate precondition'1 (self : ()) (args : ()) = let () = args in true - predicate postcondition_once'1 (self : ()) (args : ()) (result : int32) = - [%#soption26] let () = args in result = (3 : int32) + predicate postcondition_once'1 (self : ()) (args : ()) (result : Int32.t) = + [%#soption26] let () = args in result = (3 : Int32.t) - let rec unwrap_or_else'1 (self:t_Option'0) (f:()) (return' (ret:int32))= {[@expl:unwrap_or_else 'self' type invariant] inv'0 self} + let rec unwrap_or_else'1 (self:t_Option'0) (f:()) (return' (ret:Int32.t))= {[@expl:unwrap_or_else 'self' type invariant] inv'0 self} {[@expl:unwrap_or_else 'f' type invariant] inv'3 f} {[@expl:unwrap_or_else requires] [%#soption22] self = C_None'0 -> precondition'1 f ()} any - [ return' (result:int32)-> {inv'1 result} + [ return' (result:Int32.t)-> {inv'1 result} {[%#soption24] match self with | C_None'0 -> postcondition_once'1 f () result | C_Some'0 t -> result = t @@ -187,77 +191,78 @@ module M_option__unwrap [#"option.rs" 15 0 15 15] (! return' {result}) ] - let rec unwrap_unchecked'0 (self:t_Option'0) (return' (ret:int32))= {[@expl:unwrap_unchecked 'self' type invariant] inv'0 self} + let rec unwrap_unchecked'0 (self:t_Option'0) (return' (ret:Int32.t))= {[@expl:unwrap_unchecked 'self' type invariant] inv'0 self} {[@expl:unwrap_unchecked requires] [%#soption22] self <> C_None'0} - any [ return' (result:int32)-> {inv'1 result} {[%#soption22] C_Some'0 result = self} (! return' {result}) ] + any [ return' (result:Int32.t)-> {inv'1 result} {[%#soption22] C_Some'0 result = self} (! return' {result}) ] meta "compute_max_steps" 1000000 let rec unwrap'0 (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &none <- C_None'0 ] s1 - | s1 = [ &some <- C_Some'0 ([%#soption0] (1 : int32)) ] s2 - | s2 = unwrap'1 {some} (fun (_ret':int32) -> [ &_5 <- _ret' ] s3) + | s1 = [ &some <- C_Some'0 ([%#soption0] (1 : Int32.t)) ] s2 + | s2 = unwrap'1 {some} (fun (_ret':Int32.t) -> [ &_5 <- _ret' ] s3) | s3 = bb1 ] | bb1 = s0 - [ s0 = Int32.eq {_5} {[%#soption1] (1 : int32)} (fun (_ret':bool) -> [ &_4 <- _ret' ] s1) + [ s0 = Int32.eq {_5} {[%#soption1] (1 : Int32.t)} (fun (_ret':bool) -> [ &_4 <- _ret' ] s1) | s1 = any [ br0 -> {_4 = false} (! bb3) | br1 -> {_4} (! bb2) ] ] | bb2 = s0 [ s0 = [ &_13 <- [%#soption2] "failed" ] s1 - | s1 = expect'0 {some} {_13} (fun (_ret':int32) -> [ &_10 <- _ret' ] s2) + | s1 = expect'0 {some} {_13} (fun (_ret':Int32.t) -> [ &_10 <- _ret' ] s2) | s2 = bb4 ] | bb4 = s0 - [ s0 = Int32.eq {_10} {[%#soption3] (1 : int32)} (fun (_ret':bool) -> [ &_9 <- _ret' ] s1) + [ s0 = Int32.eq {_10} {[%#soption3] (1 : Int32.t)} (fun (_ret':bool) -> [ &_9 <- _ret' ] s1) | s1 = any [ br0 -> {_9 = false} (! bb6) | br1 -> {_9} (! bb5) ] ] | bb5 = s0 - [ s0 = unwrap_or'0 {some} {[%#soption4] (2 : int32)} (fun (_ret':int32) -> [ &_17 <- _ret' ] s1) | s1 = bb7 ] + [ s0 = unwrap_or'0 {some} {[%#soption4] (2 : Int32.t)} (fun (_ret':Int32.t) -> [ &_17 <- _ret' ] s1) | s1 = bb7 ] | bb7 = s0 - [ s0 = Int32.eq {_17} {[%#soption5] (1 : int32)} (fun (_ret':bool) -> [ &_16 <- _ret' ] s1) + [ s0 = Int32.eq {_17} {[%#soption5] (1 : Int32.t)} (fun (_ret':bool) -> [ &_16 <- _ret' ] s1) | s1 = any [ br0 -> {_16 = false} (! bb9) | br1 -> {_16} (! bb8) ] ] | bb8 = s0 - [ s0 = unwrap_or'0 {none} {[%#soption6] (2 : int32)} (fun (_ret':int32) -> [ &_22 <- _ret' ] s1) | s1 = bb10 ] + [ s0 = unwrap_or'0 {none} {[%#soption6] (2 : Int32.t)} (fun (_ret':Int32.t) -> [ &_22 <- _ret' ] s1) + | s1 = bb10 ] | bb10 = s0 - [ s0 = Int32.eq {_22} {[%#soption7] (2 : int32)} (fun (_ret':bool) -> [ &_21 <- _ret' ] s1) + [ s0 = Int32.eq {_22} {[%#soption7] (2 : Int32.t)} (fun (_ret':bool) -> [ &_21 <- _ret' ] s1) | s1 = any [ br0 -> {_21 = false} (! bb12) | br1 -> {_21} (! bb11) ] ] - | bb11 = s0 [ s0 = unwrap_or_default'0 {some} (fun (_ret':int32) -> [ &_27 <- _ret' ] s1) | s1 = bb13 ] + | bb11 = s0 [ s0 = unwrap_or_default'0 {some} (fun (_ret':Int32.t) -> [ &_27 <- _ret' ] s1) | s1 = bb13 ] | bb13 = s0 - [ s0 = Int32.eq {_27} {[%#soption8] (1 : int32)} (fun (_ret':bool) -> [ &_26 <- _ret' ] s1) + [ s0 = Int32.eq {_27} {[%#soption8] (1 : Int32.t)} (fun (_ret':bool) -> [ &_26 <- _ret' ] s1) | s1 = any [ br0 -> {_26 = false} (! bb15) | br1 -> {_26} (! bb14) ] ] - | bb14 = s0 [ s0 = unwrap_or_default'0 {none} (fun (_ret':int32) -> [ &_32 <- _ret' ] s1) | s1 = bb16 ] + | bb14 = s0 [ s0 = unwrap_or_default'0 {none} (fun (_ret':Int32.t) -> [ &_32 <- _ret' ] s1) | s1 = bb16 ] | bb16 = s0 - [ s0 = Int32.eq {_32} {[%#soption9] (0 : int32)} (fun (_ret':bool) -> [ &_31 <- _ret' ] s1) + [ s0 = Int32.eq {_32} {[%#soption9] (0 : Int32.t)} (fun (_ret':bool) -> [ &_31 <- _ret' ] s1) | s1 = any [ br0 -> {_31 = false} (! bb18) | br1 -> {_31} (! bb17) ] ] | bb17 = s0 [ s0 = [ &_39 <- () ] s1 - | s1 = unwrap_or_else'0 {some} {_39} (fun (_ret':int32) -> [ &_37 <- _ret' ] s2) + | s1 = unwrap_or_else'0 {some} {_39} (fun (_ret':Int32.t) -> [ &_37 <- _ret' ] s2) | s2 = bb19 ] | bb19 = s0 - [ s0 = Int32.eq {_37} {[%#soption10] (1 : int32)} (fun (_ret':bool) -> [ &_36 <- _ret' ] s1) + [ s0 = Int32.eq {_37} {[%#soption10] (1 : Int32.t)} (fun (_ret':bool) -> [ &_36 <- _ret' ] s1) | s1 = any [ br0 -> {_36 = false} (! bb21) | br1 -> {_36} (! bb20) ] ] | bb20 = s0 [ s0 = [ &_45 <- () ] s1 - | s1 = unwrap_or_else'1 {none} {_45} (fun (_ret':int32) -> [ &_43 <- _ret' ] s2) + | s1 = unwrap_or_else'1 {none} {_45} (fun (_ret':Int32.t) -> [ &_43 <- _ret' ] s2) | s2 = bb22 ] | bb22 = s0 - [ s0 = Int32.eq {_43} {[%#soption11] (3 : int32)} (fun (_ret':bool) -> [ &_42 <- _ret' ] s1) + [ s0 = Int32.eq {_43} {[%#soption11] (3 : Int32.t)} (fun (_ret':bool) -> [ &_42 <- _ret' ] s1) | s1 = any [ br0 -> {_42 = false} (! bb24) | br1 -> {_42} (! bb23) ] ] - | bb23 = s0 [ s0 = unwrap_unchecked'0 {some} (fun (_ret':int32) -> [ &_49 <- _ret' ] s1) | s1 = bb25 ] + | bb23 = s0 [ s0 = unwrap_unchecked'0 {some} (fun (_ret':Int32.t) -> [ &_49 <- _ret' ] s1) | s1 = bb25 ] | bb25 = s0 - [ s0 = Int32.eq {_49} {[%#soption12] (1 : int32)} (fun (_ret':bool) -> [ &_48 <- _ret' ] s1) + [ s0 = Int32.eq {_49} {[%#soption12] (1 : Int32.t)} (fun (_ret':bool) -> [ &_48 <- _ret' ] s1) | s1 = any [ br0 -> {_48 = false} (! bb27) | br1 -> {_48} (! bb26) ] ] | bb26 = return' {_0} @@ -275,26 +280,26 @@ module M_option__unwrap [#"option.rs" 15 0 15 15] | & none : t_Option'0 = any_l () | & some : t_Option'0 = any_l () | & _4 : bool = any_l () - | & _5 : int32 = any_l () + | & _5 : Int32.t = any_l () | & _9 : bool = any_l () - | & _10 : int32 = any_l () + | & _10 : Int32.t = any_l () | & _13 : string = any_l () | & _16 : bool = any_l () - | & _17 : int32 = any_l () + | & _17 : Int32.t = any_l () | & _21 : bool = any_l () - | & _22 : int32 = any_l () + | & _22 : Int32.t = any_l () | & _26 : bool = any_l () - | & _27 : int32 = any_l () + | & _27 : Int32.t = any_l () | & _31 : bool = any_l () - | & _32 : int32 = any_l () + | & _32 : Int32.t = any_l () | & _36 : bool = any_l () - | & _37 : int32 = any_l () + | & _37 : Int32.t = any_l () | & _39 : () = any_l () | & _42 : bool = any_l () - | & _43 : int32 = any_l () + | & _43 : Int32.t = any_l () | & _45 : () = any_l () | & _48 : bool = any_l () - | & _49 : int32 = any_l () ] + | & _49 : Int32.t = any_l () ] [ return' (result:())-> (! return' {result}) ] end module M_option__map [#"option.rs" 44 0 44 12] @@ -315,16 +320,32 @@ module M_option__map [#"option.rs" 44 0 44 12] let%span soption14 = "option.rs" 65 18 65 19 let%span smodel15 = "../../../creusot-contracts/src/model.rs" 79 8 79 28 let%span soption16 = "../../../creusot-contracts/src/std/option.rs" 11 8 14 9 - let%span stuples17 = "../../../creusot-contracts/src/std/tuples.rs" 9 20 9 22 - let%span snum18 = "../../../creusot-contracts/src/std/num.rs" 21 28 21 33 + let%span sord17 = "../../../creusot-contracts/src/logic/ord.rs" 78 39 78 89 + let%span sord18 = "../../../creusot-contracts/src/logic/ord.rs" 83 39 83 86 + let%span sord19 = "../../../creusot-contracts/src/logic/ord.rs" 88 39 88 86 + let%span sord20 = "../../../creusot-contracts/src/logic/ord.rs" 93 39 93 89 + let%span sord21 = "../../../creusot-contracts/src/logic/ord.rs" 98 39 98 70 + let%span sord22 = "../../../creusot-contracts/src/logic/ord.rs" 103 40 103 57 + let%span sord23 = "../../../creusot-contracts/src/logic/ord.rs" 104 40 104 57 + let%span sord24 = "../../../creusot-contracts/src/logic/ord.rs" 105 39 105 56 + let%span sord25 = "../../../creusot-contracts/src/logic/ord.rs" 110 40 110 70 + let%span sord26 = "../../../creusot-contracts/src/logic/ord.rs" 111 39 111 72 + let%span sord27 = "../../../creusot-contracts/src/logic/ord.rs" 116 40 116 73 + let%span sord28 = "../../../creusot-contracts/src/logic/ord.rs" 117 39 117 69 + let%span sord29 = "../../../creusot-contracts/src/logic/ord.rs" 122 39 122 84 + let%span stuples30 = "../../../creusot-contracts/src/std/tuples.rs" 9 20 9 22 + let%span snum31 = "../../../creusot-contracts/src/std/num.rs" 21 28 21 33 + let%span sord32 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.Int32 type t_Option'1 = | C_None'0 - | C_Some'0 int32 + | C_Some'0 Int32.t - let rec closure0'0 (_1:()) (_2:int32) (return' (ret:()))= {[@expl:closure requires] [%#soption4] false} + let rec closure0'0 (_1:()) (_2:Int32.t) (return' (ret:()))= {[@expl:closure requires] [%#soption4] false} (! bb0 [ bb0 = {false} any ] ) [ return' (result:())-> (! return' {result}) ] predicate inv'0 (_1 : t_Option'1) @@ -335,7 +356,7 @@ module M_option__map [#"option.rs" 44 0 44 12] axiom inv_axiom'1 [@rewrite] : forall x : () [inv'1 x] . inv'1 x = true - predicate precondition'0 (self : ()) (args : int32) = + predicate precondition'0 (self : ()) (args : Int32.t) = [%#soption4] let (_2) = args in false type t_Option'0 = @@ -346,7 +367,7 @@ module M_option__map [#"option.rs" 44 0 44 12] axiom inv_axiom'2 [@rewrite] : forall x : t_Option'0 [inv'2 x] . inv'2 x = true - predicate postcondition_once'0 (self : ()) (args : int32) (result : ()) = + predicate postcondition_once'0 (self : ()) (args : Int32.t) (result : ()) = let (_2) = args in true let rec map'1 (self:t_Option'1) (f:()) (return' (ret:t_Option'0))= {[@expl:map 'self' type invariant] inv'0 self} @@ -379,7 +400,7 @@ module M_option__map [#"option.rs" 44 0 44 12] axiom inv_axiom'3 [@rewrite] : forall x : t_Option'0 [inv'3 x] . inv'3 x = true function deep_model'4 (self : ()) : () = - [%#stuples17] () + [%#stuples30] () function deep_model'2 (self : t_Option'0) : t_Option'0 = [%#soption16] match self with @@ -396,21 +417,21 @@ module M_option__map [#"option.rs" 44 0 44 12] [ return' (result:bool)-> {[%#soption7] result = (deep_model'0 self = deep_model'0 other)} (! return' {result}) ] - let rec closure1'0 (_1:()) (_2:int32) (return' (ret:int32))= (! bb0 - [ bb0 = s0 [ s0 = [ &res <- [%#soption8] (3 : int32) ] s1 | s1 = [ &_0 <- res ] s2 | s2 = return' {_0} ] ] - ) [ & _0 : int32 = any_l () | & res : int32 = any_l () ] - [ return' (result:int32)-> {[@expl:closure ensures] [%#soption9] result = (3 : int32)} (! return' {result}) ] + let rec closure1'0 (_1:()) (_2:Int32.t) (return' (ret:Int32.t))= (! bb0 + [ bb0 = s0 [ s0 = [ &res <- [%#soption8] (3 : Int32.t) ] s1 | s1 = [ &_0 <- res ] s2 | s2 = return' {_0} ] ] + ) [ & _0 : Int32.t = any_l () | & res : Int32.t = any_l () ] + [ return' (result:Int32.t)-> {[@expl:closure ensures] [%#soption9] result = (3 : Int32.t)} (! return' {result}) ] predicate inv'4 (_1 : ()) axiom inv_axiom'4 [@rewrite] : forall x : () [inv'4 x] . inv'4 x = true - predicate precondition'1 (self : ()) (args : int32) = + predicate precondition'1 (self : ()) (args : Int32.t) = let (_2) = args in true - predicate postcondition_once'1 (self : ()) (args : int32) (result : int32) = - [%#soption9] let (_2) = args in result = (3 : int32) + predicate postcondition_once'1 (self : ()) (args : Int32.t) (result : Int32.t) = + [%#soption9] let (_2) = args in result = (3 : Int32.t) let rec map'2 (self:t_Option'1) (f:()) (return' (ret:t_Option'1))= {[@expl:map 'self' type invariant] inv'0 self} {[@expl:map 'f' type invariant] inv'4 f} @@ -422,14 +443,14 @@ module M_option__map [#"option.rs" 44 0 44 12] [ return' (result:t_Option'1)-> {inv'0 result} {[%#soption6] match self with | C_None'0 -> result = C_None'0 - | C_Some'0 t -> exists r : int32 . result = C_Some'0 r /\ postcondition_once'1 f (t) r + | C_Some'0 t -> exists r : Int32.t . result = C_Some'0 r /\ postcondition_once'1 f (t) r end} (! return' {result}) ] let rec promoted1__map'0 (return' (ret:t_Option'1))= bb0 [ bb0 = s0 - [ s0 = [ &_1 <- C_Some'0 ([%#soption10] (3 : int32)) ] s1 | s1 = [ &_0 <- _1 ] s2 | s2 = return' {_0} ] + [ s0 = [ &_1 <- C_Some'0 ([%#soption10] (3 : Int32.t)) ] s1 | s1 = [ &_0 <- _1 ] s2 | s2 = return' {_0} ] ] [ & _0 : t_Option'1 = any_l () | & _1 : t_Option'1 = any_l () ] [ return' (result:t_Option'1)-> return' {result} ] @@ -439,16 +460,14 @@ module M_option__map [#"option.rs" 44 0 44 12] axiom inv_axiom'5 [@rewrite] : forall x : t_Option'1 [inv'5 x] . inv'5 x = true - use prelude.prelude.Int - type t_Option'2 = | C_None'2 | C_Some'2 int use prelude.prelude.Int32 - function deep_model'5 (self : int32) : int = - [%#snum18] Int32.to_int self + function deep_model'5 (self : Int32.t) : int = + [%#snum31] Int32.to_int self function deep_model'3 (self : t_Option'1) : t_Option'2 = [%#soption16] match self with @@ -465,19 +484,73 @@ module M_option__map [#"option.rs" 44 0 44 12] [ return' (result:bool)-> {[%#soption7] result = (deep_model'1 self = deep_model'1 other)} (! return' {result}) ] - constant v_MAX'0 : int32 = (2147483647 : int32) + constant v_MAX'0 : Int32.t = (2147483647 : Int32.t) + + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 + + use prelude.prelude.Int32 + + function cmp_log'0 (self : Int32.t) (o : Int32.t) : t_Ordering'0 = + [%#sord32] if Int32.slt self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + + function eq_cmp'0 (x : Int32.t) (y : Int32.t) : () + + axiom eq_cmp'0_spec : forall x : Int32.t, y : Int32.t . [%#sord29] (x = y) = (cmp_log'0 x y = C_Equal'0) + + function antisym2'0 (x : Int32.t) (y : Int32.t) : () + + axiom antisym2'0_spec : forall x : Int32.t, y : Int32.t . ([%#sord27] cmp_log'0 x y = C_Greater'0) + -> ([%#sord28] cmp_log'0 y x = C_Less'0) + + function antisym1'0 (x : Int32.t) (y : Int32.t) : () + + axiom antisym1'0_spec : forall x : Int32.t, y : Int32.t . ([%#sord25] cmp_log'0 x y = C_Less'0) + -> ([%#sord26] cmp_log'0 y x = C_Greater'0) + + function trans'0 (x : Int32.t) (y : Int32.t) (z : Int32.t) (o : t_Ordering'0) : () + + axiom trans'0_spec : forall x : Int32.t, y : Int32.t, z : Int32.t, o : t_Ordering'0 . ([%#sord22] cmp_log'0 x y = o) + -> ([%#sord23] cmp_log'0 y z = o) -> ([%#sord24] cmp_log'0 x z = o) + + function refl'0 (x : Int32.t) : () + + axiom refl'0_spec : forall x : Int32.t . [%#sord21] cmp_log'0 x x = C_Equal'0 + + use prelude.prelude.Int32 + + function cmp_gt_log'0 (x : Int32.t) (y : Int32.t) : () + + axiom cmp_gt_log'0_spec : forall x : Int32.t, y : Int32.t . [%#sord20] Int32.sgt x y = (cmp_log'0 x y = C_Greater'0) + + use prelude.prelude.Int32 + + function cmp_ge_log'0 (x : Int32.t) (y : Int32.t) : () + + axiom cmp_ge_log'0_spec : forall x : Int32.t, y : Int32.t . [%#sord19] Int32.sge x y = (cmp_log'0 x y <> C_Less'0) - let rec closure2'0 (_1:()) (x:int32) (return' (ret:int32))= {[@expl:closure requires] [%#soption12] x - < (v_MAX'0 : int32)} + function cmp_lt_log'0 (x : Int32.t) (y : Int32.t) : () + + axiom cmp_lt_log'0_spec : forall x : Int32.t, y : Int32.t . [%#sord18] Int32.slt x y = (cmp_log'0 x y = C_Less'0) + + use prelude.prelude.Int32 + + function cmp_le_log'0 (x : Int32.t) (y : Int32.t) : () + + axiom cmp_le_log'0_spec : forall x : Int32.t, y : Int32.t . [%#sord17] Int32.sle x y = (cmp_log'0 x y <> C_Greater'0) + + let rec closure2'0 (_1:()) (x:Int32.t) (return' (ret:Int32.t))= {[@expl:closure requires] [%#soption12] Int32.slt x (v_MAX'0 : Int32.t)} (! bb0 [ bb0 = s0 - [ s0 = Int32.add {x} {[%#soption11] (1 : int32)} (fun (_ret':int32) -> [ &res1 <- _ret' ] s1) + [ s0 = Int32.add {x} {[%#soption11] (1 : Int32.t)} (fun (_ret':Int32.t) -> [ &res1 <- _ret' ] s1) | s1 = [ &res <- res1 ] s2 | s2 = [ &_0 <- res ] s3 | s3 = return' {_0} ] ] - ) [ & _0 : int32 = any_l () | & x : int32 = x | & res : int32 = any_l () | & res1 : int32 = any_l () ] - [ return' (result:int32)-> {[@expl:closure ensures] [%#soption13] Int32.to_int result = Int32.to_int x + 1} + ) [ & _0 : Int32.t = any_l () | & x : Int32.t = x | & res : Int32.t = any_l () | & res1 : Int32.t = any_l () ] + [ return' (result:Int32.t)-> {[@expl:closure ensures] [%#soption13] Int32.to_int result = Int32.to_int x + 1} (! return' {result}) ] @@ -485,10 +558,10 @@ module M_option__map [#"option.rs" 44 0 44 12] axiom inv_axiom'6 [@rewrite] : forall x : () [inv'6 x] . inv'6 x = true - predicate precondition'2 (self : ()) (args : int32) = - [%#soption12] let (x) = args in x < (v_MAX'0 : int32) + predicate precondition'2 (self : ()) (args : Int32.t) = + [%#soption12] let (x) = args in Int32.slt x (v_MAX'0 : Int32.t) - predicate postcondition_once'2 (self : ()) (args : int32) (result : int32) = + predicate postcondition_once'2 (self : ()) (args : Int32.t) (result : Int32.t) = [%#soption13] let (x) = args in Int32.to_int result = Int32.to_int x + 1 let rec map'3 (self:t_Option'1) (f:()) (return' (ret:t_Option'1))= {[@expl:map 'self' type invariant] inv'0 self} @@ -501,14 +574,14 @@ module M_option__map [#"option.rs" 44 0 44 12] [ return' (result:t_Option'1)-> {inv'0 result} {[%#soption6] match self with | C_None'0 -> result = C_None'0 - | C_Some'0 t -> exists r : int32 . result = C_Some'0 r /\ postcondition_once'2 f (t) r + | C_Some'0 t -> exists r : Int32.t . result = C_Some'0 r /\ postcondition_once'2 f (t) r end} (! return' {result}) ] let rec promoted0__map'0 (return' (ret:t_Option'1))= bb0 [ bb0 = s0 - [ s0 = [ &_1 <- C_Some'0 ([%#soption14] (2 : int32)) ] s1 | s1 = [ &_0 <- _1 ] s2 | s2 = return' {_0} ] + [ s0 = [ &_1 <- C_Some'0 ([%#soption14] (2 : Int32.t)) ] s1 | s1 = [ &_0 <- _1 ] s2 | s2 = return' {_0} ] ] [ & _0 : t_Option'1 = any_l () | & _1 : t_Option'1 = any_l () ] [ return' (result:t_Option'1)-> return' {result} ] @@ -519,7 +592,7 @@ module M_option__map [#"option.rs" 44 0 44 12] let rec map'0 (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &none <- C_None'0 ] s1 - | s1 = [ &some <- C_Some'0 ([%#soption0] (1 : int32)) ] s2 + | s1 = [ &some <- C_Some'0 ([%#soption0] (1 : Int32.t)) ] s2 | s2 = [ &_8 <- () ] s3 | s3 = map'1 {none} {_8} (fun (_ret':t_Option'0) -> [ &_6 <- _ret' ] s4) | s4 = bb1 ] @@ -585,15 +658,17 @@ module M_option__inspect [#"option.rs" 69 0 69 16] let%span soption11 = "../../../creusot-contracts/src/std/option.rs" 11 8 14 9 let%span snum12 = "../../../creusot-contracts/src/std/num.rs" 21 28 21 33 + use prelude.prelude.Int + use prelude.prelude.Int32 type t_Option'0 = | C_None'0 - | C_Some'0 int32 + | C_Some'0 Int32.t use prelude.prelude.Borrow - let rec closure0'0 (_1:()) (_2:int32) (return' (ret:()))= {[@expl:closure requires] [%#soption3] false} + let rec closure0'0 (_1:()) (_2:Int32.t) (return' (ret:()))= {[@expl:closure requires] [%#soption3] false} (! bb0 [ bb0 = {false} any ] ) [ return' (result:())-> (! return' {result}) ] predicate inv'0 (_1 : t_Option'0) @@ -604,10 +679,10 @@ module M_option__inspect [#"option.rs" 69 0 69 16] axiom inv_axiom'1 [@rewrite] : forall x : () [inv'1 x] . inv'1 x = true - predicate precondition'0 (self : ()) (args : int32) = + predicate precondition'0 (self : ()) (args : Int32.t) = [%#soption3] let (_2) = args in false - predicate postcondition_once'0 (self : ()) (args : int32) (result : ()) = + predicate postcondition_once'0 (self : ()) (args : Int32.t) (result : ()) = let (_2) = args in true let rec inspect'1 (self:t_Option'0) (f:()) (return' (ret:t_Option'0))= {[@expl:inspect 'self' type invariant] inv'0 self} @@ -638,15 +713,13 @@ module M_option__inspect [#"option.rs" 69 0 69 16] axiom inv_axiom'2 [@rewrite] : forall x : t_Option'0 [inv'2 x] . inv'2 x = true - use prelude.prelude.Int - type t_Option'1 = | C_None'1 | C_Some'1 int use prelude.prelude.Int32 - function deep_model'2 (self : int32) : int = + function deep_model'2 (self : Int32.t) : int = [%#snum12] Int32.to_int self function deep_model'1 (self : t_Option'0) : t_Option'1 = @@ -664,7 +737,7 @@ module M_option__inspect [#"option.rs" 69 0 69 16] [ return' (result:bool)-> {[%#soption7] result = (deep_model'0 self = deep_model'0 other)} (! return' {result}) ] - let rec closure1'0 (_1:()) (_2:int32) (return' (ret:()))= (! bb0 [ bb0 = return' {_0} ] ) [ & _0 : () = any_l () ] + let rec closure1'0 (_1:()) (_2:Int32.t) (return' (ret:()))= (! bb0 [ bb0 = return' {_0} ] ) [ & _0 : () = any_l () ] [ return' (result:())-> {[@expl:closure ensures] [%#soption8] true} (! return' {result}) ] @@ -672,10 +745,10 @@ module M_option__inspect [#"option.rs" 69 0 69 16] axiom inv_axiom'3 [@rewrite] : forall x : () [inv'3 x] . inv'3 x = true - predicate precondition'1 (self : ()) (args : int32) = + predicate precondition'1 (self : ()) (args : Int32.t) = let (_2) = args in true - predicate postcondition_once'1 (self : ()) (args : int32) (result : ()) = + predicate postcondition_once'1 (self : ()) (args : Int32.t) (result : ()) = [%#soption8] let (_2) = args in true let rec inspect'2 (self:t_Option'0) (f:()) (return' (ret:t_Option'0))= {[@expl:inspect 'self' type invariant] inv'0 self} @@ -696,7 +769,7 @@ module M_option__inspect [#"option.rs" 69 0 69 16] let rec promoted0__inspect'0 (return' (ret:t_Option'0))= bb0 [ bb0 = s0 - [ s0 = [ &_1 <- C_Some'0 ([%#soption9] (1 : int32)) ] s1 | s1 = [ &_0 <- _1 ] s2 | s2 = return' {_0} ] + [ s0 = [ &_1 <- C_Some'0 ([%#soption9] (1 : Int32.t)) ] s1 | s1 = [ &_0 <- _1 ] s2 | s2 = return' {_0} ] ] [ & _0 : t_Option'0 = any_l () | & _1 : t_Option'0 = any_l () ] [ return' (result:t_Option'0)-> return' {result} ] @@ -707,7 +780,7 @@ module M_option__inspect [#"option.rs" 69 0 69 16] let rec inspect'0 (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &none <- C_None'0 ] s1 - | s1 = [ &some <- C_Some'0 ([%#soption0] (1 : int32)) ] s2 + | s1 = [ &some <- C_Some'0 ([%#soption0] (1 : Int32.t)) ] s2 | s2 = [ &_8 <- () ] s3 | s3 = inspect'1 {none} {_8} (fun (_ret':t_Option'0) -> [ &_6 <- _ret' ] s4) | s4 = bb1 ] @@ -778,35 +851,51 @@ module M_option__map_or [#"option.rs" 87 0 87 15] let%span soption28 = "option.rs" 130 20 130 21 let%span soption29 = "option.rs" 128 23 128 35 let%span soption30 = "option.rs" 129 22 129 39 + let%span sord31 = "../../../creusot-contracts/src/logic/ord.rs" 78 39 78 89 + let%span sord32 = "../../../creusot-contracts/src/logic/ord.rs" 83 39 83 86 + let%span sord33 = "../../../creusot-contracts/src/logic/ord.rs" 88 39 88 86 + let%span sord34 = "../../../creusot-contracts/src/logic/ord.rs" 93 39 93 89 + let%span sord35 = "../../../creusot-contracts/src/logic/ord.rs" 98 39 98 70 + let%span sord36 = "../../../creusot-contracts/src/logic/ord.rs" 103 40 103 57 + let%span sord37 = "../../../creusot-contracts/src/logic/ord.rs" 104 40 104 57 + let%span sord38 = "../../../creusot-contracts/src/logic/ord.rs" 105 39 105 56 + let%span sord39 = "../../../creusot-contracts/src/logic/ord.rs" 110 40 110 70 + let%span sord40 = "../../../creusot-contracts/src/logic/ord.rs" 111 39 111 72 + let%span sord41 = "../../../creusot-contracts/src/logic/ord.rs" 116 40 116 73 + let%span sord42 = "../../../creusot-contracts/src/logic/ord.rs" 117 39 117 69 + let%span sord43 = "../../../creusot-contracts/src/logic/ord.rs" 122 39 122 84 + let%span sord44 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.Int32 type t_Option'0 = | C_None'0 - | C_Some'0 int32 + | C_Some'0 Int32.t - let rec closure0'0 (_1:()) (_2:int32) (return' (ret:int32))= {[@expl:closure requires] [%#soption14] false} - (! bb0 [ bb0 = {false} any ] ) [ return' (result:int32)-> (! return' {result}) ] + let rec closure0'0 (_1:()) (_2:Int32.t) (return' (ret:Int32.t))= {[@expl:closure requires] [%#soption14] false} + (! bb0 [ bb0 = {false} any ] ) [ return' (result:Int32.t)-> (! return' {result}) ] predicate inv'0 (_1 : t_Option'0) axiom inv_axiom'0 [@rewrite] : forall x : t_Option'0 [inv'0 x] . inv'0 x = true - predicate inv'1 (_1 : int32) + predicate inv'1 (_1 : Int32.t) - axiom inv_axiom'1 [@rewrite] : forall x : int32 [inv'1 x] . inv'1 x = true + axiom inv_axiom'1 [@rewrite] : forall x : Int32.t [inv'1 x] . inv'1 x = true predicate inv'2 (_1 : ()) axiom inv_axiom'2 [@rewrite] : forall x : () [inv'2 x] . inv'2 x = true - predicate precondition'0 (self : ()) (args : int32) = + predicate precondition'0 (self : ()) (args : Int32.t) = [%#soption14] let (_2) = args in false - predicate postcondition_once'0 (self : ()) (args : int32) (result : int32) = + predicate postcondition_once'0 (self : ()) (args : Int32.t) (result : Int32.t) = let (_2) = args in true - let rec map_or'1 (self:t_Option'0) (default:int32) (f:()) (return' (ret:int32))= {[@expl:map_or 'self' type invariant] inv'0 self} + let rec map_or'1 (self:t_Option'0) (default:Int32.t) (f:()) (return' (ret:Int32.t))= {[@expl:map_or 'self' type invariant] inv'0 self} {[@expl:map_or 'default' type invariant] inv'1 default} {[@expl:map_or 'f' type invariant] inv'2 f} {[@expl:map_or requires] [%#soption15] match self with @@ -814,7 +903,7 @@ module M_option__map_or [#"option.rs" 87 0 87 15] | C_Some'0 t -> precondition'0 f (t) end} any - [ return' (result:int32)-> {inv'1 result} + [ return' (result:Int32.t)-> {inv'1 result} {[%#soption16] match self with | C_None'0 -> result = default | C_Some'0 t -> postcondition_once'0 f (t) result @@ -824,23 +913,23 @@ module M_option__map_or [#"option.rs" 87 0 87 15] use prelude.prelude.Intrinsic - let rec closure1'0 (_1:()) (_2:int32) (return' (ret:int32))= (! bb0 - [ bb0 = s0 [ s0 = [ &res <- [%#soption17] (3 : int32) ] s1 | s1 = [ &_0 <- res ] s2 | s2 = return' {_0} ] ] - ) [ & _0 : int32 = any_l () | & res : int32 = any_l () ] - [ return' (result:int32)-> {[@expl:closure ensures] [%#soption18] result = (3 : int32)} (! return' {result}) ] + let rec closure1'0 (_1:()) (_2:Int32.t) (return' (ret:Int32.t))= (! bb0 + [ bb0 = s0 [ s0 = [ &res <- [%#soption17] (3 : Int32.t) ] s1 | s1 = [ &_0 <- res ] s2 | s2 = return' {_0} ] ] + ) [ & _0 : Int32.t = any_l () | & res : Int32.t = any_l () ] + [ return' (result:Int32.t)-> {[@expl:closure ensures] [%#soption18] result = (3 : Int32.t)} (! return' {result}) ] predicate inv'3 (_1 : ()) axiom inv_axiom'3 [@rewrite] : forall x : () [inv'3 x] . inv'3 x = true - predicate precondition'1 (self : ()) (args : int32) = + predicate precondition'1 (self : ()) (args : Int32.t) = let (_2) = args in true - predicate postcondition_once'1 (self : ()) (args : int32) (result : int32) = - [%#soption18] let (_2) = args in result = (3 : int32) + predicate postcondition_once'1 (self : ()) (args : Int32.t) (result : Int32.t) = + [%#soption18] let (_2) = args in result = (3 : Int32.t) - let rec map_or'2 (self:t_Option'0) (default:int32) (f:()) (return' (ret:int32))= {[@expl:map_or 'self' type invariant] inv'0 self} + let rec map_or'2 (self:t_Option'0) (default:Int32.t) (f:()) (return' (ret:Int32.t))= {[@expl:map_or 'self' type invariant] inv'0 self} {[@expl:map_or 'default' type invariant] inv'1 default} {[@expl:map_or 'f' type invariant] inv'3 f} {[@expl:map_or requires] [%#soption15] match self with @@ -848,7 +937,7 @@ module M_option__map_or [#"option.rs" 87 0 87 15] | C_Some'0 t -> precondition'1 f (t) end} any - [ return' (result:int32)-> {inv'1 result} + [ return' (result:Int32.t)-> {inv'1 result} {[%#soption16] match self with | C_None'0 -> result = default | C_Some'0 t -> postcondition_once'1 f (t) result @@ -856,23 +945,75 @@ module M_option__map_or [#"option.rs" 87 0 87 15] (! return' {result}) ] - constant v_MAX'0 : int32 = (2147483647 : int32) + constant v_MAX'0 : Int32.t = (2147483647 : Int32.t) - use prelude.prelude.Int + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 + + use prelude.prelude.Int32 + + function cmp_log'0 (self : Int32.t) (o : Int32.t) : t_Ordering'0 = + [%#sord44] if Int32.slt self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + + function eq_cmp'0 (x : Int32.t) (y : Int32.t) : () + + axiom eq_cmp'0_spec : forall x : Int32.t, y : Int32.t . [%#sord43] (x = y) = (cmp_log'0 x y = C_Equal'0) + + function antisym2'0 (x : Int32.t) (y : Int32.t) : () + + axiom antisym2'0_spec : forall x : Int32.t, y : Int32.t . ([%#sord41] cmp_log'0 x y = C_Greater'0) + -> ([%#sord42] cmp_log'0 y x = C_Less'0) + + function antisym1'0 (x : Int32.t) (y : Int32.t) : () + + axiom antisym1'0_spec : forall x : Int32.t, y : Int32.t . ([%#sord39] cmp_log'0 x y = C_Less'0) + -> ([%#sord40] cmp_log'0 y x = C_Greater'0) + + function trans'0 (x : Int32.t) (y : Int32.t) (z : Int32.t) (o : t_Ordering'0) : () + + axiom trans'0_spec : forall x : Int32.t, y : Int32.t, z : Int32.t, o : t_Ordering'0 . ([%#sord36] cmp_log'0 x y = o) + -> ([%#sord37] cmp_log'0 y z = o) -> ([%#sord38] cmp_log'0 x z = o) + + function refl'0 (x : Int32.t) : () + + axiom refl'0_spec : forall x : Int32.t . [%#sord35] cmp_log'0 x x = C_Equal'0 + + use prelude.prelude.Int32 + + function cmp_gt_log'0 (x : Int32.t) (y : Int32.t) : () + + axiom cmp_gt_log'0_spec : forall x : Int32.t, y : Int32.t . [%#sord34] Int32.sgt x y = (cmp_log'0 x y = C_Greater'0) use prelude.prelude.Int32 - let rec closure2'0 (_1:()) (x:int32) (return' (ret:int32))= {[@expl:closure requires] [%#soption20] x - < (v_MAX'0 : int32)} + function cmp_ge_log'0 (x : Int32.t) (y : Int32.t) : () + + axiom cmp_ge_log'0_spec : forall x : Int32.t, y : Int32.t . [%#sord33] Int32.sge x y = (cmp_log'0 x y <> C_Less'0) + + function cmp_lt_log'0 (x : Int32.t) (y : Int32.t) : () + + axiom cmp_lt_log'0_spec : forall x : Int32.t, y : Int32.t . [%#sord32] Int32.slt x y = (cmp_log'0 x y = C_Less'0) + + use prelude.prelude.Int32 + + function cmp_le_log'0 (x : Int32.t) (y : Int32.t) : () + + axiom cmp_le_log'0_spec : forall x : Int32.t, y : Int32.t . [%#sord31] Int32.sle x y = (cmp_log'0 x y <> C_Greater'0) + + use prelude.prelude.Int32 + + let rec closure2'0 (_1:()) (x:Int32.t) (return' (ret:Int32.t))= {[@expl:closure requires] [%#soption20] Int32.slt x (v_MAX'0 : Int32.t)} (! bb0 [ bb0 = s0 - [ s0 = Int32.add {x} {[%#soption19] (1 : int32)} (fun (_ret':int32) -> [ &res1 <- _ret' ] s1) + [ s0 = Int32.add {x} {[%#soption19] (1 : Int32.t)} (fun (_ret':Int32.t) -> [ &res1 <- _ret' ] s1) | s1 = [ &res <- res1 ] s2 | s2 = [ &_0 <- res ] s3 | s3 = return' {_0} ] ] - ) [ & _0 : int32 = any_l () | & x : int32 = x | & res : int32 = any_l () | & res1 : int32 = any_l () ] - [ return' (result:int32)-> {[@expl:closure ensures] [%#soption21] Int32.to_int result = Int32.to_int x + 1} + ) [ & _0 : Int32.t = any_l () | & x : Int32.t = x | & res : Int32.t = any_l () | & res1 : Int32.t = any_l () ] + [ return' (result:Int32.t)-> {[@expl:closure ensures] [%#soption21] Int32.to_int result = Int32.to_int x + 1} (! return' {result}) ] @@ -880,13 +1021,13 @@ module M_option__map_or [#"option.rs" 87 0 87 15] axiom inv_axiom'4 [@rewrite] : forall x : () [inv'4 x] . inv'4 x = true - predicate precondition'2 (self : ()) (args : int32) = - [%#soption20] let (x) = args in x < (v_MAX'0 : int32) + predicate precondition'2 (self : ()) (args : Int32.t) = + [%#soption20] let (x) = args in Int32.slt x (v_MAX'0 : Int32.t) - predicate postcondition_once'2 (self : ()) (args : int32) (result : int32) = + predicate postcondition_once'2 (self : ()) (args : Int32.t) (result : Int32.t) = [%#soption21] let (x) = args in Int32.to_int result = Int32.to_int x + 1 - let rec map_or'3 (self:t_Option'0) (default:int32) (f:()) (return' (ret:int32))= {[@expl:map_or 'self' type invariant] inv'0 self} + let rec map_or'3 (self:t_Option'0) (default:Int32.t) (f:()) (return' (ret:Int32.t))= {[@expl:map_or 'self' type invariant] inv'0 self} {[@expl:map_or 'default' type invariant] inv'1 default} {[@expl:map_or 'f' type invariant] inv'4 f} {[@expl:map_or requires] [%#soption15] match self with @@ -894,7 +1035,7 @@ module M_option__map_or [#"option.rs" 87 0 87 15] | C_Some'0 t -> precondition'2 f (t) end} any - [ return' (result:int32)-> {inv'1 result} + [ return' (result:Int32.t)-> {inv'1 result} {[%#soption16] match self with | C_None'0 -> result = default | C_Some'0 t -> postcondition_once'2 f (t) result @@ -902,14 +1043,14 @@ module M_option__map_or [#"option.rs" 87 0 87 15] (! return' {result}) ] - let rec closure3'0 (_1:()) (return' (ret:int32))= (! bb0 - [ bb0 = s0 [ s0 = [ &res <- [%#soption22] (2 : int32) ] s1 | s1 = [ &_0 <- res ] s2 | s2 = return' {_0} ] ] - ) [ & _0 : int32 = any_l () | & res : int32 = any_l () ] - [ return' (result:int32)-> {[@expl:closure ensures] [%#soption23] result = (2 : int32)} (! return' {result}) ] + let rec closure3'0 (_1:()) (return' (ret:Int32.t))= (! bb0 + [ bb0 = s0 [ s0 = [ &res <- [%#soption22] (2 : Int32.t) ] s1 | s1 = [ &_0 <- res ] s2 | s2 = return' {_0} ] ] + ) [ & _0 : Int32.t = any_l () | & res : Int32.t = any_l () ] + [ return' (result:Int32.t)-> {[@expl:closure ensures] [%#soption23] result = (2 : Int32.t)} (! return' {result}) ] - let rec closure4'0 (_1:()) (_2:int32) (return' (ret:int32))= {[@expl:closure requires] [%#soption24] false} - (! bb0 [ bb0 = {false} any ] ) [ return' (result:int32)-> (! return' {result}) ] + let rec closure4'0 (_1:()) (_2:Int32.t) (return' (ret:Int32.t))= {[@expl:closure requires] [%#soption24] false} + (! bb0 [ bb0 = {false} any ] ) [ return' (result:Int32.t)-> (! return' {result}) ] predicate inv'5 (_1 : ()) @@ -922,16 +1063,16 @@ module M_option__map_or [#"option.rs" 87 0 87 15] predicate precondition'3 (self : ()) (args : ()) = let () = args in true - predicate precondition'4 (self : ()) (args : int32) = + predicate precondition'4 (self : ()) (args : Int32.t) = [%#soption24] let (_2) = args in false - predicate postcondition_once'3 (self : ()) (args : ()) (result : int32) = - [%#soption23] let () = args in result = (2 : int32) + predicate postcondition_once'3 (self : ()) (args : ()) (result : Int32.t) = + [%#soption23] let () = args in result = (2 : Int32.t) - predicate postcondition_once'4 (self : ()) (args : int32) (result : int32) = + predicate postcondition_once'4 (self : ()) (args : Int32.t) (result : Int32.t) = let (_2) = args in true - let rec map_or_else'0 (self:t_Option'0) (default:()) (f:()) (return' (ret:int32))= {[@expl:map_or_else 'self' type invariant] inv'0 self} + let rec map_or_else'0 (self:t_Option'0) (default:()) (f:()) (return' (ret:Int32.t))= {[@expl:map_or_else 'self' type invariant] inv'0 self} {[@expl:map_or_else 'default' type invariant] inv'5 default} {[@expl:map_or_else 'f' type invariant] inv'6 f} {[@expl:map_or_else requires] [%#soption25] match self with @@ -939,7 +1080,7 @@ module M_option__map_or [#"option.rs" 87 0 87 15] | C_Some'0 t -> precondition'4 f (t) end} any - [ return' (result:int32)-> {inv'1 result} + [ return' (result:Int32.t)-> {inv'1 result} {[%#soption26] match self with | C_None'0 -> postcondition_once'3 default () result | C_Some'0 t -> postcondition_once'4 f (t) result @@ -947,20 +1088,19 @@ module M_option__map_or [#"option.rs" 87 0 87 15] (! return' {result}) ] - let rec closure5'0 (_1:()) (return' (ret:int32))= {[@expl:closure requires] [%#soption27] false} - (! bb0 [ bb0 = {false} any ] ) [ return' (result:int32)-> (! return' {result}) ] + let rec closure5'0 (_1:()) (return' (ret:Int32.t))= {[@expl:closure requires] [%#soption27] false} + (! bb0 [ bb0 = {false} any ] ) [ return' (result:Int32.t)-> (! return' {result}) ] - let rec closure6'0 (_1:()) (x:int32) (return' (ret:int32))= {[@expl:closure requires] [%#soption29] x - < (v_MAX'0 : int32)} + let rec closure6'0 (_1:()) (x:Int32.t) (return' (ret:Int32.t))= {[@expl:closure requires] [%#soption29] Int32.slt x (v_MAX'0 : Int32.t)} (! bb0 [ bb0 = s0 - [ s0 = Int32.add {x} {[%#soption28] (1 : int32)} (fun (_ret':int32) -> [ &res1 <- _ret' ] s1) + [ s0 = Int32.add {x} {[%#soption28] (1 : Int32.t)} (fun (_ret':Int32.t) -> [ &res1 <- _ret' ] s1) | s1 = [ &res <- res1 ] s2 | s2 = [ &_0 <- res ] s3 | s3 = return' {_0} ] ] - ) [ & _0 : int32 = any_l () | & x : int32 = x | & res : int32 = any_l () | & res1 : int32 = any_l () ] - [ return' (result:int32)-> {[@expl:closure ensures] [%#soption30] Int32.to_int result = Int32.to_int x + 1} + ) [ & _0 : Int32.t = any_l () | & x : Int32.t = x | & res : Int32.t = any_l () | & res1 : Int32.t = any_l () ] + [ return' (result:Int32.t)-> {[@expl:closure ensures] [%#soption30] Int32.to_int result = Int32.to_int x + 1} (! return' {result}) ] @@ -975,16 +1115,16 @@ module M_option__map_or [#"option.rs" 87 0 87 15] predicate precondition'5 (self : ()) (args : ()) = [%#soption27] let () = args in false - predicate precondition'6 (self : ()) (args : int32) = - [%#soption29] let (x) = args in x < (v_MAX'0 : int32) + predicate precondition'6 (self : ()) (args : Int32.t) = + [%#soption29] let (x) = args in Int32.slt x (v_MAX'0 : Int32.t) - predicate postcondition_once'5 (self : ()) (args : ()) (result : int32) = + predicate postcondition_once'5 (self : ()) (args : ()) (result : Int32.t) = let () = args in true - predicate postcondition_once'6 (self : ()) (args : int32) (result : int32) = + predicate postcondition_once'6 (self : ()) (args : Int32.t) (result : Int32.t) = [%#soption30] let (x) = args in Int32.to_int result = Int32.to_int x + 1 - let rec map_or_else'1 (self:t_Option'0) (default:()) (f:()) (return' (ret:int32))= {[@expl:map_or_else 'self' type invariant] inv'0 self} + let rec map_or_else'1 (self:t_Option'0) (default:()) (f:()) (return' (ret:Int32.t))= {[@expl:map_or_else 'self' type invariant] inv'0 self} {[@expl:map_or_else 'default' type invariant] inv'7 default} {[@expl:map_or_else 'f' type invariant] inv'8 f} {[@expl:map_or_else requires] [%#soption25] match self with @@ -992,7 +1132,7 @@ module M_option__map_or [#"option.rs" 87 0 87 15] | C_Some'0 t -> precondition'6 f (t) end} any - [ return' (result:int32)-> {inv'1 result} + [ return' (result:Int32.t)-> {inv'1 result} {[%#soption26] match self with | C_None'0 -> postcondition_once'5 default () result | C_Some'0 t -> postcondition_once'6 f (t) result @@ -1005,51 +1145,51 @@ module M_option__map_or [#"option.rs" 87 0 87 15] let rec map_or'0 (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &none <- C_None'0 ] s1 - | s1 = [ &some <- C_Some'0 ([%#soption0] (1 : int32)) ] s2 + | s1 = [ &some <- C_Some'0 ([%#soption0] (1 : Int32.t)) ] s2 | s2 = [ &_7 <- () ] s3 - | s3 = map_or'1 {none} {[%#soption1] (2 : int32)} {_7} (fun (_ret':int32) -> [ &_5 <- _ret' ] s4) + | s3 = map_or'1 {none} {[%#soption1] (2 : Int32.t)} {_7} (fun (_ret':Int32.t) -> [ &_5 <- _ret' ] s4) | s4 = bb1 ] | bb1 = s0 - [ s0 = Int32.eq {_5} {[%#soption2] (2 : int32)} (fun (_ret':bool) -> [ &_4 <- _ret' ] s1) + [ s0 = Int32.eq {_5} {[%#soption2] (2 : Int32.t)} (fun (_ret':bool) -> [ &_4 <- _ret' ] s1) | s1 = any [ br0 -> {_4 = false} (! bb3) | br1 -> {_4} (! bb2) ] ] | bb2 = s0 [ s0 = [ &_13 <- () ] s1 - | s1 = map_or'2 {some} {[%#soption3] (-1 : int32)} {_13} (fun (_ret':int32) -> [ &_11 <- _ret' ] s2) + | s1 = map_or'2 {some} {[%#soption3] (-1 : Int32.t)} {_13} (fun (_ret':Int32.t) -> [ &_11 <- _ret' ] s2) | s2 = bb4 ] | bb4 = s0 - [ s0 = Int32.eq {_11} {[%#soption4] (3 : int32)} (fun (_ret':bool) -> [ &_10 <- _ret' ] s1) + [ s0 = Int32.eq {_11} {[%#soption4] (3 : Int32.t)} (fun (_ret':bool) -> [ &_10 <- _ret' ] s1) | s1 = any [ br0 -> {_10 = false} (! bb6) | br1 -> {_10} (! bb5) ] ] | bb5 = s0 [ s0 = [ &_19 <- () ] s1 - | s1 = map_or'3 {some} {[%#soption5] (-1 : int32)} {_19} (fun (_ret':int32) -> [ &_17 <- _ret' ] s2) + | s1 = map_or'3 {some} {[%#soption5] (-1 : Int32.t)} {_19} (fun (_ret':Int32.t) -> [ &_17 <- _ret' ] s2) | s2 = bb7 ] | bb7 = s0 - [ s0 = Int32.eq {_17} {[%#soption6] (2 : int32)} (fun (_ret':bool) -> [ &_16 <- _ret' ] s1) + [ s0 = Int32.eq {_17} {[%#soption6] (2 : Int32.t)} (fun (_ret':bool) -> [ &_16 <- _ret' ] s1) | s1 = any [ br0 -> {_16 = false} (! bb9) | br1 -> {_16} (! bb8) ] ] | bb8 = s0 [ s0 = [ &_25 <- () ] s1 | s1 = [ &_26 <- () ] s2 - | s2 = map_or_else'0 {none} {_25} {_26} (fun (_ret':int32) -> [ &_23 <- _ret' ] s3) + | s2 = map_or_else'0 {none} {_25} {_26} (fun (_ret':Int32.t) -> [ &_23 <- _ret' ] s3) | s3 = bb10 ] | bb10 = s0 - [ s0 = Int32.eq {_23} {[%#soption7] (2 : int32)} (fun (_ret':bool) -> [ &_22 <- _ret' ] s1) + [ s0 = Int32.eq {_23} {[%#soption7] (2 : Int32.t)} (fun (_ret':bool) -> [ &_22 <- _ret' ] s1) | s1 = any [ br0 -> {_22 = false} (! bb12) | br1 -> {_22} (! bb11) ] ] | bb11 = s0 [ s0 = [ &_32 <- () ] s1 | s1 = [ &_33 <- () ] s2 - | s2 = map_or_else'1 {some} {_32} {_33} (fun (_ret':int32) -> [ &_30 <- _ret' ] s3) + | s2 = map_or_else'1 {some} {_32} {_33} (fun (_ret':Int32.t) -> [ &_30 <- _ret' ] s3) | s3 = bb13 ] | bb13 = s0 - [ s0 = Int32.eq {_30} {[%#soption8] (2 : int32)} (fun (_ret':bool) -> [ &_29 <- _ret' ] s1) + [ s0 = Int32.eq {_30} {[%#soption8] (2 : Int32.t)} (fun (_ret':bool) -> [ &_29 <- _ret' ] s1) | s1 = any [ br0 -> {_29 = false} (! bb15) | br1 -> {_29} (! bb14) ] ] | bb14 = return' {_0} @@ -1063,20 +1203,20 @@ module M_option__map_or [#"option.rs" 87 0 87 15] | & none : t_Option'0 = any_l () | & some : t_Option'0 = any_l () | & _4 : bool = any_l () - | & _5 : int32 = any_l () + | & _5 : Int32.t = any_l () | & _7 : () = any_l () | & _10 : bool = any_l () - | & _11 : int32 = any_l () + | & _11 : Int32.t = any_l () | & _13 : () = any_l () | & _16 : bool = any_l () - | & _17 : int32 = any_l () + | & _17 : Int32.t = any_l () | & _19 : () = any_l () | & _22 : bool = any_l () - | & _23 : int32 = any_l () + | & _23 : Int32.t = any_l () | & _25 : () = any_l () | & _26 : () = any_l () | & _29 : bool = any_l () - | & _30 : int32 = any_l () + | & _30 : Int32.t = any_l () | & _32 : () = any_l () | & _33 : () = any_l () ] [ return' (result:())-> (! return' {result}) ] @@ -1097,11 +1237,13 @@ module M_option__ok_or [#"option.rs" 135 0 135 14] let%span soption12 = "option.rs" 151 11 151 16 let%span soption13 = "option.rs" 150 19 150 24 + use prelude.prelude.Int + use prelude.prelude.Int32 type t_Option'0 = | C_None'0 - | C_Some'0 int32 + | C_Some'0 Int32.t predicate inv'0 (_1 : t_Option'0) @@ -1112,7 +1254,7 @@ module M_option__ok_or [#"option.rs" 135 0 135 14] axiom inv_axiom'1 [@rewrite] : forall x : bool [inv'1 x] . inv'1 x = true type t_Result'0 = - | C_Ok'0 int32 + | C_Ok'0 Int32.t | C_Err'0 bool predicate inv'2 (_1 : t_Result'0) @@ -1192,7 +1334,7 @@ module M_option__ok_or [#"option.rs" 135 0 135 14] let rec ok_or'0 (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &none <- C_None'0 ] s1 - | s1 = [ &some <- C_Some'0 ([%#soption0] (1 : int32)) ] s2 + | s1 = [ &some <- C_Some'0 ([%#soption0] (1 : Int32.t)) ] s2 | s2 = ok_or'1 {none} {[%#soption1] true} (fun (_ret':t_Result'0) -> [ &err <- _ret' ] s3) | s3 = bb1 ] @@ -1202,7 +1344,7 @@ module M_option__ok_or [#"option.rs" 135 0 135 14] | s2 = bb2 ] | bb2 = s0 - [ s0 = {[@expl:assertion] [%#soption4] ok = C_Ok'0 (1 : int32)} s1 + [ s0 = {[@expl:assertion] [%#soption4] ok = C_Ok'0 (1 : Int32.t)} s1 | s1 = [ &_13 <- () ] s2 | s2 = ok_or_else'0 {none} {_13} (fun (_ret':t_Result'0) -> [ &err1 <- _ret' ] s3) | s3 = bb3 ] @@ -1213,7 +1355,7 @@ module M_option__ok_or [#"option.rs" 135 0 135 14] | s2 = ok_or_else'1 {some} {_18} (fun (_ret':t_Result'0) -> [ &ok1 <- _ret' ] s3) | s3 = bb4 ] - | bb4 = s0 [ s0 = {[@expl:assertion] [%#soption6] ok1 = C_Ok'0 (1 : int32)} s1 | s1 = return' {_0} ] ] + | bb4 = s0 [ s0 = {[@expl:assertion] [%#soption6] ok1 = C_Ok'0 (1 : Int32.t)} s1 | s1 = return' {_0} ] ] ) [ & _0 : () = any_l () | & none : t_Option'0 = any_l () @@ -1242,11 +1384,13 @@ module M_option__as_mut [#"option.rs" 156 0 156 15] let%span sresolve12 = "../../../creusot-contracts/src/resolve.rs" 82 8 85 9 let%span sresolve13 = "../../../creusot-contracts/src/resolve.rs" 54 20 54 34 + use prelude.prelude.Int + use prelude.prelude.Int32 type t_Option'0 = | C_None'0 - | C_Some'0 int32 + | C_Some'0 Int32.t use prelude.prelude.Borrow @@ -1256,7 +1400,7 @@ module M_option__as_mut [#"option.rs" 156 0 156 15] type t_Option'1 = | C_None'1 - | C_Some'1 (borrowed int32) + | C_Some'1 (borrowed Int32.t) predicate inv'1 (_1 : t_Option'1) @@ -1267,7 +1411,7 @@ module M_option__as_mut [#"option.rs" 156 0 156 15] [ return' (result:t_Option'1)-> {inv'1 result} {[%#soption8] self.current = C_None'0 -> result = C_None'1 /\ self.final = C_None'0} {[%#soption9] self.current = C_None'0 - \/ (exists r : borrowed int32 . result = C_Some'1 r + \/ (exists r : borrowed Int32.t . result = C_Some'1 r /\ self.current = C_Some'0 (r.current) /\ self.final = C_Some'0 (r.final))} (! return' {result}) ] @@ -1279,10 +1423,10 @@ module M_option__as_mut [#"option.rs" 156 0 156 15] let rec is_none'0 (self:t_Option'1) (return' (ret:bool))= {[@expl:is_none 'self' type invariant] inv'2 self} any [ return' (result:bool)-> {[%#soption10] result = (self = C_None'1)} (! return' {result}) ] - predicate resolve'3 (self : borrowed int32) = + predicate resolve'3 (self : borrowed Int32.t) = [%#sresolve13] self.final = self.current - predicate resolve'1 (_1 : borrowed int32) = + predicate resolve'1 (_1 : borrowed Int32.t) = resolve'3 _1 predicate resolve'2 (self : t_Option'1) = @@ -1294,27 +1438,27 @@ module M_option__as_mut [#"option.rs" 156 0 156 15] predicate resolve'0 (_1 : t_Option'1) = resolve'2 _1 - predicate inv'3 (_1 : borrowed int32) + predicate inv'3 (_1 : borrowed Int32.t) - axiom inv_axiom'3 [@rewrite] : forall x : borrowed int32 [inv'3 x] . inv'3 x = true + axiom inv_axiom'3 [@rewrite] : forall x : borrowed Int32.t [inv'3 x] . inv'3 x = true - let rec unwrap'0 (self:t_Option'1) (return' (ret:borrowed int32))= {[@expl:unwrap 'self' type invariant] inv'1 self} + let rec unwrap'0 (self:t_Option'1) (return' (ret:borrowed Int32.t))= {[@expl:unwrap 'self' type invariant] inv'1 self} {[@expl:unwrap requires] [%#soption11] self <> C_None'1} any - [ return' (result:borrowed int32)-> {inv'3 result} {[%#soption11] C_Some'1 result = self} (! return' {result}) ] + [ return' (result:borrowed Int32.t)-> {inv'3 result} {[%#soption11] C_Some'1 result = self} (! return' {result}) ] predicate inv'4 (_1 : t_Option'0) axiom inv_axiom'4 [@rewrite] : forall x : t_Option'0 [inv'4 x] . inv'4 x = true - predicate inv'5 (_1 : int32) + predicate inv'5 (_1 : Int32.t) - axiom inv_axiom'5 [@rewrite] : forall x : int32 [inv'5 x] . inv'5 x = true + axiom inv_axiom'5 [@rewrite] : forall x : Int32.t [inv'5 x] . inv'5 x = true - let rec unwrap'1 (self:t_Option'0) (return' (ret:int32))= {[@expl:unwrap 'self' type invariant] inv'4 self} + let rec unwrap'1 (self:t_Option'0) (return' (ret:Int32.t))= {[@expl:unwrap 'self' type invariant] inv'4 self} {[@expl:unwrap requires] [%#soption11] self <> C_None'0} - any [ return' (result:int32)-> {inv'5 result} {[%#soption11] C_Some'0 result = self} (! return' {result}) ] + any [ return' (result:Int32.t)-> {inv'5 result} {[%#soption11] C_Some'0 result = self} (! return' {result}) ] use prelude.prelude.Intrinsic @@ -1323,7 +1467,7 @@ module M_option__as_mut [#"option.rs" 156 0 156 15] let rec as_mut'0 (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &none <- C_None'0 ] s1 - | s1 = [ &some <- C_Some'0 ([%#soption0] (1 : int32)) ] s2 + | s1 = [ &some <- C_Some'0 ([%#soption0] (1 : Int32.t)) ] s2 | s2 = Borrow.borrow_mut {none} (fun (_ret':borrowed (t_Option'0)) -> [ &_7 <- _ret' ] [ &none <- _ret'.final ] s3) | s3 = as_mut'1 {_7} (fun (_ret':t_Option'1) -> [ &_6 <- _ret' ] s4) @@ -1337,15 +1481,15 @@ module M_option__as_mut [#"option.rs" 156 0 156 15] | s1 = as_mut'1 {_11} (fun (_ret':t_Option'1) -> [ &_10 <- _ret' ] s2) | s2 = bb5 ] - | bb5 = s0 [ s0 = unwrap'0 {_10} (fun (_ret':borrowed int32) -> [ &_9 <- _ret' ] s1) | s1 = bb6 ] + | bb5 = s0 [ s0 = unwrap'0 {_10} (fun (_ret':borrowed Int32.t) -> [ &_9 <- _ret' ] s1) | s1 = bb6 ] | bb6 = s0 - [ s0 = [ &_9 <- { _9 with current = ([%#soption1] (2 : int32)) } ] s1 + [ s0 = [ &_9 <- { _9 with current = ([%#soption1] (2 : Int32.t)) } ] s1 | s1 = -{resolve'1 _9}- s2 - | s2 = unwrap'1 {some} (fun (_ret':int32) -> [ &_14 <- _ret' ] s3) + | s2 = unwrap'1 {some} (fun (_ret':Int32.t) -> [ &_14 <- _ret' ] s3) | s3 = bb7 ] | bb7 = s0 - [ s0 = Int32.eq {_14} {[%#soption2] (2 : int32)} (fun (_ret':bool) -> [ &_13 <- _ret' ] s1) + [ s0 = Int32.eq {_14} {[%#soption2] (2 : Int32.t)} (fun (_ret':bool) -> [ &_13 <- _ret' ] s1) | s1 = any [ br0 -> {_13 = false} (! bb9) | br1 -> {_13} (! bb8) ] ] | bb8 = s0 @@ -1354,15 +1498,15 @@ module M_option__as_mut [#"option.rs" 156 0 156 15] | s1 = as_mut'1 {_19} (fun (_ret':t_Option'1) -> [ &_18 <- _ret' ] s2) | s2 = bb10 ] - | bb10 = s0 [ s0 = unwrap'0 {_18} (fun (_ret':borrowed int32) -> [ &_17 <- _ret' ] s1) | s1 = bb11 ] + | bb10 = s0 [ s0 = unwrap'0 {_18} (fun (_ret':borrowed Int32.t) -> [ &_17 <- _ret' ] s1) | s1 = bb11 ] | bb11 = s0 - [ s0 = [ &_17 <- { _17 with current = ([%#soption3] (1 : int32)) } ] s1 + [ s0 = [ &_17 <- { _17 with current = ([%#soption3] (1 : Int32.t)) } ] s1 | s1 = -{resolve'1 _17}- s2 - | s2 = unwrap'1 {some} (fun (_ret':int32) -> [ &_22 <- _ret' ] s3) + | s2 = unwrap'1 {some} (fun (_ret':Int32.t) -> [ &_22 <- _ret' ] s3) | s3 = bb12 ] | bb12 = s0 - [ s0 = Int32.eq {_22} {[%#soption4] (1 : int32)} (fun (_ret':bool) -> [ &_21 <- _ret' ] s1) + [ s0 = Int32.eq {_22} {[%#soption4] (1 : Int32.t)} (fun (_ret':bool) -> [ &_21 <- _ret' ] s1) | s1 = any [ br0 -> {_21 = false} (! bb14) | br1 -> {_21} (! bb13) ] ] | bb13 = return' {_0} @@ -1376,16 +1520,16 @@ module M_option__as_mut [#"option.rs" 156 0 156 15] | & _4 : bool = any_l () | & _6 : t_Option'1 = any_l () | & _7 : borrowed (t_Option'0) = any_l () - | & _9 : borrowed int32 = any_l () + | & _9 : borrowed Int32.t = any_l () | & _10 : t_Option'1 = any_l () | & _11 : borrowed (t_Option'0) = any_l () | & _13 : bool = any_l () - | & _14 : int32 = any_l () - | & _17 : borrowed int32 = any_l () + | & _14 : Int32.t = any_l () + | & _17 : borrowed Int32.t = any_l () | & _18 : t_Option'1 = any_l () | & _19 : borrowed (t_Option'0) = any_l () | & _21 : bool = any_l () - | & _22 : int32 = any_l () ] + | & _22 : Int32.t = any_l () ] [ return' (result:())-> (! return' {result}) ] end module M_option__as_ref [#"option.rs" 167 0 167 15] @@ -1398,11 +1542,13 @@ module M_option__as_ref [#"option.rs" 167 0 167 15] let%span soption6 = "../../../creusot-contracts/src/std/option.rs" 51 26 51 51 let%span soption7 = "../../../creusot-contracts/src/std/option.rs" 31 0 423 1 + use prelude.prelude.Int + use prelude.prelude.Int32 type t_Option'1 = | C_None'0 - | C_Some'0 int32 + | C_Some'0 Int32.t use prelude.prelude.Borrow @@ -1412,7 +1558,7 @@ module M_option__as_ref [#"option.rs" 167 0 167 15] type t_Option'0 = | C_None'1 - | C_Some'1 int32 + | C_Some'1 Int32.t predicate inv'1 (_1 : t_Option'0) @@ -1422,7 +1568,7 @@ module M_option__as_ref [#"option.rs" 167 0 167 15] any [ return' (result:t_Option'0)-> {inv'1 result} {[%#soption4] self = C_None'0 -> result = C_None'1} - {[%#soption5] self = C_None'0 \/ (exists r : int32 . result = C_Some'1 r /\ self = C_Some'0 r)} + {[%#soption5] self = C_None'0 \/ (exists r : Int32.t . result = C_Some'1 r /\ self = C_Some'0 r)} (! return' {result}) ] @@ -1433,13 +1579,13 @@ module M_option__as_ref [#"option.rs" 167 0 167 15] let rec is_none'0 (self:t_Option'0) (return' (ret:bool))= {[@expl:is_none 'self' type invariant] inv'2 self} any [ return' (result:bool)-> {[%#soption6] result = (self = C_None'1)} (! return' {result}) ] - predicate inv'3 (_1 : int32) + predicate inv'3 (_1 : Int32.t) - axiom inv_axiom'3 [@rewrite] : forall x : int32 [inv'3 x] . inv'3 x = true + axiom inv_axiom'3 [@rewrite] : forall x : Int32.t [inv'3 x] . inv'3 x = true - let rec unwrap'0 (self:t_Option'0) (return' (ret:int32))= {[@expl:unwrap 'self' type invariant] inv'1 self} + let rec unwrap'0 (self:t_Option'0) (return' (ret:Int32.t))= {[@expl:unwrap 'self' type invariant] inv'1 self} {[@expl:unwrap requires] [%#soption7] self <> C_None'1} - any [ return' (result:int32)-> {inv'3 result} {[%#soption7] C_Some'1 result = self} (! return' {result}) ] + any [ return' (result:Int32.t)-> {inv'3 result} {[%#soption7] C_Some'1 result = self} (! return' {result}) ] use prelude.prelude.Intrinsic @@ -1448,16 +1594,16 @@ module M_option__as_ref [#"option.rs" 167 0 167 15] let rec as_ref'0 (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &none <- C_None'0 ] s1 - | s1 = [ &some <- C_Some'0 ([%#soption0] (1 : int32)) ] s2 + | s1 = [ &some <- C_Some'0 ([%#soption0] (1 : Int32.t)) ] s2 | s2 = as_ref'1 {none} (fun (_ret':t_Option'0) -> [ &_6 <- _ret' ] s3) | s3 = bb1 ] | bb1 = s0 [ s0 = is_none'0 {_6} (fun (_ret':bool) -> [ &_4 <- _ret' ] s1) | s1 = bb2 ] | bb2 = any [ br0 -> {_4 = false} (! bb4) | br1 -> {_4} (! bb3) ] | bb3 = s0 [ s0 = as_ref'1 {some} (fun (_ret':t_Option'0) -> [ &_13 <- _ret' ] s1) | s1 = bb5 ] - | bb5 = s0 [ s0 = unwrap'0 {_13} (fun (_ret':int32) -> [ &_12 <- _ret' ] s1) | s1 = bb6 ] + | bb5 = s0 [ s0 = unwrap'0 {_13} (fun (_ret':Int32.t) -> [ &_12 <- _ret' ] s1) | s1 = bb6 ] | bb6 = s0 - [ s0 = Int32.eq {_12} {[%#soption1] (1 : int32)} (fun (_ret':bool) -> [ &_10 <- _ret' ] s1) + [ s0 = Int32.eq {_12} {[%#soption1] (1 : Int32.t)} (fun (_ret':bool) -> [ &_10 <- _ret' ] s1) | s1 = any [ br0 -> {_10 = false} (! bb8) | br1 -> {_10} (! bb7) ] ] | bb7 = return' {_0} @@ -1470,7 +1616,7 @@ module M_option__as_ref [#"option.rs" 167 0 167 15] | & _4 : bool = any_l () | & _6 : t_Option'0 = any_l () | & _10 : bool = any_l () - | & _12 : int32 = any_l () + | & _12 : Int32.t = any_l () | & _13 : t_Option'0 = any_l () ] [ return' (result:())-> (! return' {result}) ] end @@ -1493,11 +1639,13 @@ module M_option__replace [#"option.rs" 175 0 175 16] let%span soption15 = "../../../creusot-contracts/src/std/option.rs" 31 0 423 1 let%span soption16 = "../../../creusot-contracts/src/std/option.rs" 51 26 51 51 + use prelude.prelude.Int + use prelude.prelude.Int32 type t_Option'0 = | C_None'0 - | C_Some'0 int32 + | C_Some'0 Int32.t use prelude.prelude.Borrow @@ -1505,15 +1653,15 @@ module M_option__replace [#"option.rs" 175 0 175 16] axiom inv_axiom'0 [@rewrite] : forall x : borrowed (t_Option'0) [inv'0 x] . inv'0 x = true - predicate inv'1 (_1 : int32) + predicate inv'1 (_1 : Int32.t) - axiom inv_axiom'1 [@rewrite] : forall x : int32 [inv'1 x] . inv'1 x = true + axiom inv_axiom'1 [@rewrite] : forall x : Int32.t [inv'1 x] . inv'1 x = true predicate inv'2 (_1 : t_Option'0) axiom inv_axiom'2 [@rewrite] : forall x : t_Option'0 [inv'2 x] . inv'2 x = true - let rec replace'1 (self:borrowed (t_Option'0)) (value:int32) (return' (ret:t_Option'0))= {[@expl:replace 'self' type invariant] inv'0 self} + let rec replace'1 (self:borrowed (t_Option'0)) (value:Int32.t) (return' (ret:t_Option'0))= {[@expl:replace 'self' type invariant] inv'0 self} {[@expl:replace 'value' type invariant] inv'1 value} any [ return' (result:t_Option'0)-> {inv'2 result} @@ -1528,9 +1676,9 @@ module M_option__replace [#"option.rs" 175 0 175 16] let rec is_none'0 (self:t_Option'0) (return' (ret:bool))= {[@expl:is_none 'self' type invariant] inv'3 self} any [ return' (result:bool)-> {[%#soption16] result = (self = C_None'0)} (! return' {result}) ] - let rec unwrap'0 (self:t_Option'0) (return' (ret:int32))= {[@expl:unwrap 'self' type invariant] inv'2 self} + let rec unwrap'0 (self:t_Option'0) (return' (ret:Int32.t))= {[@expl:unwrap 'self' type invariant] inv'2 self} {[@expl:unwrap requires] [%#soption15] self <> C_None'0} - any [ return' (result:int32)-> {inv'1 result} {[%#soption15] C_Some'0 result = self} (! return' {result}) ] + any [ return' (result:Int32.t)-> {inv'1 result} {[%#soption15] C_Some'0 result = self} (! return' {result}) ] use prelude.prelude.Intrinsic @@ -1539,49 +1687,49 @@ module M_option__replace [#"option.rs" 175 0 175 16] let rec replace'0 (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &none <- C_None'0 ] s1 - | s1 = [ &some <- C_Some'0 ([%#soption0] (1 : int32)) ] s2 + | s1 = [ &some <- C_Some'0 ([%#soption0] (1 : Int32.t)) ] s2 | s2 = Borrow.borrow_mut {none} (fun (_ret':borrowed (t_Option'0)) -> [ &_7 <- _ret' ] [ &none <- _ret'.final ] s3) - | s3 = replace'1 {_7} {[%#soption1] (2 : int32)} (fun (_ret':t_Option'0) -> [ &_6 <- _ret' ] s4) + | s3 = replace'1 {_7} {[%#soption1] (2 : Int32.t)} (fun (_ret':t_Option'0) -> [ &_6 <- _ret' ] s4) | s4 = bb1 ] | bb1 = s0 [ s0 = is_none'0 {_6} (fun (_ret':bool) -> [ &_4 <- _ret' ] s1) | s1 = bb2 ] | bb2 = any [ br0 -> {_4 = false} (! bb4) | br1 -> {_4} (! bb3) ] - | bb3 = s0 [ s0 = unwrap'0 {none} (fun (_ret':int32) -> [ &_11 <- _ret' ] s1) | s1 = bb5 ] + | bb3 = s0 [ s0 = unwrap'0 {none} (fun (_ret':Int32.t) -> [ &_11 <- _ret' ] s1) | s1 = bb5 ] | bb5 = s0 - [ s0 = Int32.eq {_11} {[%#soption2] (2 : int32)} (fun (_ret':bool) -> [ &_10 <- _ret' ] s1) + [ s0 = Int32.eq {_11} {[%#soption2] (2 : Int32.t)} (fun (_ret':bool) -> [ &_10 <- _ret' ] s1) | s1 = any [ br0 -> {_10 = false} (! bb7) | br1 -> {_10} (! bb6) ] ] | bb6 = s0 [ s0 = Borrow.borrow_mut {some} (fun (_ret':borrowed (t_Option'0)) -> [ &_18 <- _ret' ] [ &some <- _ret'.final ] s1) - | s1 = replace'1 {_18} {[%#soption3] (2 : int32)} (fun (_ret':t_Option'0) -> [ &_17 <- _ret' ] s2) + | s1 = replace'1 {_18} {[%#soption3] (2 : Int32.t)} (fun (_ret':t_Option'0) -> [ &_17 <- _ret' ] s2) | s2 = bb8 ] - | bb8 = s0 [ s0 = unwrap'0 {_17} (fun (_ret':int32) -> [ &_16 <- _ret' ] s1) | s1 = bb9 ] + | bb8 = s0 [ s0 = unwrap'0 {_17} (fun (_ret':Int32.t) -> [ &_16 <- _ret' ] s1) | s1 = bb9 ] | bb9 = s0 - [ s0 = Int32.eq {_16} {[%#soption4] (1 : int32)} (fun (_ret':bool) -> [ &_15 <- _ret' ] s1) + [ s0 = Int32.eq {_16} {[%#soption4] (1 : Int32.t)} (fun (_ret':bool) -> [ &_15 <- _ret' ] s1) | s1 = any [ br0 -> {_15 = false} (! bb11) | br1 -> {_15} (! bb10) ] ] - | bb10 = s0 [ s0 = unwrap'0 {some} (fun (_ret':int32) -> [ &_22 <- _ret' ] s1) | s1 = bb12 ] + | bb10 = s0 [ s0 = unwrap'0 {some} (fun (_ret':Int32.t) -> [ &_22 <- _ret' ] s1) | s1 = bb12 ] | bb12 = s0 - [ s0 = Int32.eq {_22} {[%#soption5] (2 : int32)} (fun (_ret':bool) -> [ &_21 <- _ret' ] s1) + [ s0 = Int32.eq {_22} {[%#soption5] (2 : Int32.t)} (fun (_ret':bool) -> [ &_21 <- _ret' ] s1) | s1 = any [ br0 -> {_21 = false} (! bb14) | br1 -> {_21} (! bb13) ] ] | bb13 = s0 [ s0 = Borrow.borrow_mut {some} (fun (_ret':borrowed (t_Option'0)) -> [ &_29 <- _ret' ] [ &some <- _ret'.final ] s1) - | s1 = replace'1 {_29} {[%#soption6] (1 : int32)} (fun (_ret':t_Option'0) -> [ &_28 <- _ret' ] s2) + | s1 = replace'1 {_29} {[%#soption6] (1 : Int32.t)} (fun (_ret':t_Option'0) -> [ &_28 <- _ret' ] s2) | s2 = bb15 ] - | bb15 = s0 [ s0 = unwrap'0 {_28} (fun (_ret':int32) -> [ &_27 <- _ret' ] s1) | s1 = bb16 ] + | bb15 = s0 [ s0 = unwrap'0 {_28} (fun (_ret':Int32.t) -> [ &_27 <- _ret' ] s1) | s1 = bb16 ] | bb16 = s0 - [ s0 = Int32.eq {_27} {[%#soption7] (2 : int32)} (fun (_ret':bool) -> [ &_26 <- _ret' ] s1) + [ s0 = Int32.eq {_27} {[%#soption7] (2 : Int32.t)} (fun (_ret':bool) -> [ &_26 <- _ret' ] s1) | s1 = any [ br0 -> {_26 = false} (! bb18) | br1 -> {_26} (! bb17) ] ] - | bb17 = s0 [ s0 = unwrap'0 {some} (fun (_ret':int32) -> [ &_33 <- _ret' ] s1) | s1 = bb19 ] + | bb17 = s0 [ s0 = unwrap'0 {some} (fun (_ret':Int32.t) -> [ &_33 <- _ret' ] s1) | s1 = bb19 ] | bb19 = s0 - [ s0 = Int32.eq {_33} {[%#soption8] (1 : int32)} (fun (_ret':bool) -> [ &_32 <- _ret' ] s1) + [ s0 = Int32.eq {_33} {[%#soption8] (1 : Int32.t)} (fun (_ret':bool) -> [ &_32 <- _ret' ] s1) | s1 = any [ br0 -> {_32 = false} (! bb21) | br1 -> {_32} (! bb20) ] ] | bb20 = return' {_0} @@ -1599,19 +1747,19 @@ module M_option__replace [#"option.rs" 175 0 175 16] | & _6 : t_Option'0 = any_l () | & _7 : borrowed (t_Option'0) = any_l () | & _10 : bool = any_l () - | & _11 : int32 = any_l () + | & _11 : Int32.t = any_l () | & _15 : bool = any_l () - | & _16 : int32 = any_l () + | & _16 : Int32.t = any_l () | & _17 : t_Option'0 = any_l () | & _18 : borrowed (t_Option'0) = any_l () | & _21 : bool = any_l () - | & _22 : int32 = any_l () + | & _22 : Int32.t = any_l () | & _26 : bool = any_l () - | & _27 : int32 = any_l () + | & _27 : Int32.t = any_l () | & _28 : t_Option'0 = any_l () | & _29 : borrowed (t_Option'0) = any_l () | & _32 : bool = any_l () - | & _33 : int32 = any_l () ] + | & _33 : Int32.t = any_l () ] [ return' (result:())-> (! return' {result}) ] end module M_option__and_or_xor [#"option.rs" 187 0 187 19] @@ -1648,11 +1796,13 @@ module M_option__and_or_xor [#"option.rs" 187 0 187 19] let%span soption30 = "../../../creusot-contracts/src/std/option.rs" 11 8 14 9 let%span snum31 = "../../../creusot-contracts/src/std/num.rs" 21 28 21 33 + use prelude.prelude.Int + use prelude.prelude.Int32 type t_Option'0 = | C_None'0 - | C_Some'0 int32 + | C_Some'0 Int32.t predicate inv'0 (_1 : t_Option'0) @@ -1660,7 +1810,7 @@ module M_option__and_or_xor [#"option.rs" 187 0 187 19] use prelude.prelude.Borrow - predicate resolve'1 (_1 : int32) = + predicate resolve'1 (_1 : Int32.t) = true predicate resolve'0 (self : t_Option'0) = @@ -1690,15 +1840,13 @@ module M_option__and_or_xor [#"option.rs" 187 0 187 19] axiom inv_axiom'1 [@rewrite] : forall x : t_Option'0 [inv'1 x] . inv'1 x = true - use prelude.prelude.Int - type t_Option'1 = | C_None'1 | C_Some'1 int use prelude.prelude.Int32 - function deep_model'2 (self : int32) : int = + function deep_model'2 (self : Int32.t) : int = [%#snum31] Int32.to_int self function deep_model'1 (self : t_Option'0) : t_Option'1 = @@ -1730,7 +1878,7 @@ module M_option__and_or_xor [#"option.rs" 187 0 187 19] let rec promoted8__and_or_xor'0 (return' (ret:t_Option'0))= bb0 [ bb0 = s0 - [ s0 = [ &_1 <- C_Some'0 ([%#soption21] (2 : int32)) ] s1 | s1 = [ &_0 <- _1 ] s2 | s2 = return' {_0} ] + [ s0 = [ &_1 <- C_Some'0 ([%#soption21] (2 : Int32.t)) ] s1 | s1 = [ &_0 <- _1 ] s2 | s2 = return' {_0} ] ] [ & _0 : t_Option'0 = any_l () | & _1 : t_Option'0 = any_l () ] [ return' (result:t_Option'0)-> return' {result} ] @@ -1753,7 +1901,7 @@ module M_option__and_or_xor [#"option.rs" 187 0 187 19] let rec promoted6__and_or_xor'0 (return' (ret:t_Option'0))= bb0 [ bb0 = s0 - [ s0 = [ &_1 <- C_Some'0 ([%#soption22] (2 : int32)) ] s1 | s1 = [ &_0 <- _1 ] s2 | s2 = return' {_0} ] + [ s0 = [ &_1 <- C_Some'0 ([%#soption22] (2 : Int32.t)) ] s1 | s1 = [ &_0 <- _1 ] s2 | s2 = return' {_0} ] ] [ & _0 : t_Option'0 = any_l () | & _1 : t_Option'0 = any_l () ] [ return' (result:t_Option'0)-> return' {result} ] @@ -1761,7 +1909,7 @@ module M_option__and_or_xor [#"option.rs" 187 0 187 19] let rec promoted5__and_or_xor'0 (return' (ret:t_Option'0))= bb0 [ bb0 = s0 - [ s0 = [ &_1 <- C_Some'0 ([%#soption23] (1 : int32)) ] s1 | s1 = [ &_0 <- _1 ] s2 | s2 = return' {_0} ] + [ s0 = [ &_1 <- C_Some'0 ([%#soption23] (1 : Int32.t)) ] s1 | s1 = [ &_0 <- _1 ] s2 | s2 = return' {_0} ] ] [ & _0 : t_Option'0 = any_l () | & _1 : t_Option'0 = any_l () ] [ return' (result:t_Option'0)-> return' {result} ] @@ -1769,7 +1917,7 @@ module M_option__and_or_xor [#"option.rs" 187 0 187 19] let rec promoted4__and_or_xor'0 (return' (ret:t_Option'0))= bb0 [ bb0 = s0 - [ s0 = [ &_1 <- C_Some'0 ([%#soption24] (1 : int32)) ] s1 | s1 = [ &_0 <- _1 ] s2 | s2 = return' {_0} ] + [ s0 = [ &_1 <- C_Some'0 ([%#soption24] (1 : Int32.t)) ] s1 | s1 = [ &_0 <- _1 ] s2 | s2 = return' {_0} ] ] [ & _0 : t_Option'0 = any_l () | & _1 : t_Option'0 = any_l () ] [ return' (result:t_Option'0)-> return' {result} ] @@ -1796,7 +1944,7 @@ module M_option__and_or_xor [#"option.rs" 187 0 187 19] let rec promoted2__and_or_xor'0 (return' (ret:t_Option'0))= bb0 [ bb0 = s0 - [ s0 = [ &_1 <- C_Some'0 ([%#soption26] (2 : int32)) ] s1 | s1 = [ &_0 <- _1 ] s2 | s2 = return' {_0} ] + [ s0 = [ &_1 <- C_Some'0 ([%#soption26] (2 : Int32.t)) ] s1 | s1 = [ &_0 <- _1 ] s2 | s2 = return' {_0} ] ] [ & _0 : t_Option'0 = any_l () | & _1 : t_Option'0 = any_l () ] [ return' (result:t_Option'0)-> return' {result} ] @@ -1804,7 +1952,7 @@ module M_option__and_or_xor [#"option.rs" 187 0 187 19] let rec promoted1__and_or_xor'0 (return' (ret:t_Option'0))= bb0 [ bb0 = s0 - [ s0 = [ &_1 <- C_Some'0 ([%#soption27] (1 : int32)) ] s1 | s1 = [ &_0 <- _1 ] s2 | s2 = return' {_0} ] + [ s0 = [ &_1 <- C_Some'0 ([%#soption27] (1 : Int32.t)) ] s1 | s1 = [ &_0 <- _1 ] s2 | s2 = return' {_0} ] ] [ & _0 : t_Option'0 = any_l () | & _1 : t_Option'0 = any_l () ] [ return' (result:t_Option'0)-> return' {result} ] @@ -1821,7 +1969,7 @@ module M_option__and_or_xor [#"option.rs" 187 0 187 19] let rec and_or_xor'0 (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &none <- C_None'0 ] s1 - | s1 = [ &some <- C_Some'0 ([%#soption0] (1 : int32)) ] s2 + | s1 = [ &some <- C_Some'0 ([%#soption0] (1 : Int32.t)) ] s2 | s2 = and'0 {none} {none} (fun (_ret':t_Option'0) -> [ &_6 <- _ret' ] s3) | s3 = bb1 ] @@ -1832,7 +1980,7 @@ module M_option__and_or_xor [#"option.rs" 187 0 187 19] | bb2 = any [ br0 -> {_4 = false} (! bb4) | br1 -> {_4} (! bb3) ] | bb3 = s0 - [ s0 = [ &_17 <- C_Some'0 ([%#soption1] (2 : int32)) ] s1 + [ s0 = [ &_17 <- C_Some'0 ([%#soption1] (2 : Int32.t)) ] s1 | s1 = and'0 {none} {_17} (fun (_ret':t_Option'0) -> [ &_15 <- _ret' ] s2) | s2 = bb5 ] @@ -1850,7 +1998,7 @@ module M_option__and_or_xor [#"option.rs" 187 0 187 19] | bb10 = any [ br0 -> {_22 = false} (! bb12) | br1 -> {_22} (! bb11) ] | bb11 = s0 - [ s0 = [ &_35 <- C_Some'0 ([%#soption2] (2 : int32)) ] s1 + [ s0 = [ &_35 <- C_Some'0 ([%#soption2] (2 : Int32.t)) ] s1 | s1 = and'0 {some} {_35} (fun (_ret':t_Option'0) -> [ &_33 <- _ret' ] s2) | s2 = bb13 ] @@ -1868,7 +2016,7 @@ module M_option__and_or_xor [#"option.rs" 187 0 187 19] | bb18 = any [ br0 -> {_40 = false} (! bb20) | br1 -> {_40} (! bb19) ] | bb19 = s0 - [ s0 = [ &_53 <- C_Some'0 ([%#soption3] (2 : int32)) ] s1 + [ s0 = [ &_53 <- C_Some'0 ([%#soption3] (2 : Int32.t)) ] s1 | s1 = or'0 {none} {_53} (fun (_ret':t_Option'0) -> [ &_51 <- _ret' ] s2) | s2 = bb21 ] @@ -1886,7 +2034,7 @@ module M_option__and_or_xor [#"option.rs" 187 0 187 19] | bb26 = any [ br0 -> {_58 = false} (! bb28) | br1 -> {_58} (! bb27) ] | bb27 = s0 - [ s0 = [ &_71 <- C_Some'0 ([%#soption4] (2 : int32)) ] s1 + [ s0 = [ &_71 <- C_Some'0 ([%#soption4] (2 : Int32.t)) ] s1 | s1 = or'0 {some} {_71} (fun (_ret':t_Option'0) -> [ &_69 <- _ret' ] s2) | s2 = bb29 ] @@ -1904,7 +2052,7 @@ module M_option__and_or_xor [#"option.rs" 187 0 187 19] | bb34 = any [ br0 -> {_76 = false} (! bb36) | br1 -> {_76} (! bb35) ] | bb35 = s0 - [ s0 = [ &_89 <- C_Some'0 ([%#soption5] (2 : int32)) ] s1 + [ s0 = [ &_89 <- C_Some'0 ([%#soption5] (2 : Int32.t)) ] s1 | s1 = xor'0 {none} {_89} (fun (_ret':t_Option'0) -> [ &_87 <- _ret' ] s2) | s2 = bb37 ] @@ -1922,7 +2070,7 @@ module M_option__and_or_xor [#"option.rs" 187 0 187 19] | bb42 = any [ br0 -> {_94 = false} (! bb44) | br1 -> {_94} (! bb43) ] | bb43 = s0 - [ s0 = [ &_107 <- C_Some'0 ([%#soption6] (2 : int32)) ] s1 + [ s0 = [ &_107 <- C_Some'0 ([%#soption6] (2 : Int32.t)) ] s1 | s1 = xor'0 {some} {_107} (fun (_ret':t_Option'0) -> [ &_105 <- _ret' ] s2) | s2 = bb45 ] @@ -2011,13 +2159,15 @@ module M_option__and_then [#"option.rs" 208 0 208 17] let%span soption14 = "../../../creusot-contracts/src/std/option.rs" 11 8 14 9 let%span snum15 = "../../../creusot-contracts/src/std/num.rs" 21 28 21 33 + use prelude.prelude.Int + use prelude.prelude.Int32 type t_Option'0 = | C_None'0 - | C_Some'0 int32 + | C_Some'0 Int32.t - let rec closure0'0 (_1:()) (_2:int32) (return' (ret:t_Option'0))= {[@expl:closure requires] [%#soption5] false} + let rec closure0'0 (_1:()) (_2:Int32.t) (return' (ret:t_Option'0))= {[@expl:closure requires] [%#soption5] false} (! bb0 [ bb0 = {false} any ] ) [ return' (result:t_Option'0)-> (! return' {result}) ] predicate inv'0 (_1 : t_Option'0) @@ -2028,10 +2178,10 @@ module M_option__and_then [#"option.rs" 208 0 208 17] axiom inv_axiom'1 [@rewrite] : forall x : () [inv'1 x] . inv'1 x = true - predicate precondition'0 (self : ()) (args : int32) = + predicate precondition'0 (self : ()) (args : Int32.t) = [%#soption5] let (_2) = args in false - predicate postcondition_once'0 (self : ()) (args : int32) (result : t_Option'0) = + predicate postcondition_once'0 (self : ()) (args : Int32.t) (result : t_Option'0) = let (_2) = args in true let rec and_then'1 (self:t_Option'0) (f:()) (return' (ret:t_Option'0))= {[@expl:and_then 'self' type invariant] inv'0 self} @@ -2063,15 +2213,13 @@ module M_option__and_then [#"option.rs" 208 0 208 17] axiom inv_axiom'2 [@rewrite] : forall x : t_Option'0 [inv'2 x] . inv'2 x = true - use prelude.prelude.Int - type t_Option'1 = | C_None'1 | C_Some'1 int use prelude.prelude.Int32 - function deep_model'2 (self : int32) : int = + function deep_model'2 (self : Int32.t) : int = [%#snum15] Int32.to_int self function deep_model'1 (self : t_Option'0) : t_Option'1 = @@ -2089,13 +2237,13 @@ module M_option__and_then [#"option.rs" 208 0 208 17] [ return' (result:bool)-> {[%#soption8] result = (deep_model'0 self = deep_model'0 other)} (! return' {result}) ] - let rec closure1'0 (_1:()) (x:int32) (return' (ret:t_Option'0))= (! bb0 + let rec closure1'0 (_1:()) (x:Int32.t) (return' (ret:t_Option'0))= (! bb0 [ bb0 = s0 - [ s0 = Int32.eq {x} {[%#soption9] (1 : int32)} (fun (_ret':bool) -> [ &_4 <- _ret' ] s1) + [ s0 = Int32.eq {x} {[%#soption9] (1 : Int32.t)} (fun (_ret':bool) -> [ &_4 <- _ret' ] s1) | s1 = any [ br0 -> {_4 = false} (! bb2) | br1 -> {_4} (! bb1) ] ] | bb1 = s0 - [ s0 = Int32.add {x} {[%#soption10] (1 : int32)} (fun (_ret':int32) -> [ &_6 <- _ret' ] s1) + [ s0 = Int32.add {x} {[%#soption10] (1 : Int32.t)} (fun (_ret':Int32.t) -> [ &_6 <- _ret' ] s1) | s1 = [ &res <- C_Some'0 _6 ] s2 | s2 = bb3 ] @@ -2103,13 +2251,13 @@ module M_option__and_then [#"option.rs" 208 0 208 17] | bb3 = s0 [ s0 = [ &_0 <- res ] s1 | s1 = return' {_0} ] ] ) [ & _0 : t_Option'0 = any_l () - | & x : int32 = x + | & x : Int32.t = x | & res : t_Option'0 = any_l () | & _4 : bool = any_l () - | & _6 : int32 = any_l () ] + | & _6 : Int32.t = any_l () ] [ return' (result:t_Option'0)-> {[@expl:closure ensures] [%#soption11] if Int32.to_int x = 1 then - exists r : int32 . result = C_Some'0 r /\ Int32.to_int r = Int32.to_int x + 1 + exists r : Int32.t . result = C_Some'0 r /\ Int32.to_int r = Int32.to_int x + 1 else result = C_None'0 } @@ -2120,12 +2268,12 @@ module M_option__and_then [#"option.rs" 208 0 208 17] axiom inv_axiom'3 [@rewrite] : forall x : () [inv'3 x] . inv'3 x = true - predicate precondition'1 (self : ()) (args : int32) = + predicate precondition'1 (self : ()) (args : Int32.t) = let (x) = args in true - predicate postcondition_once'1 (self : ()) (args : int32) (result : t_Option'0) = + predicate postcondition_once'1 (self : ()) (args : Int32.t) (result : t_Option'0) = [%#soption11] let (x) = args in if Int32.to_int x = 1 then - exists r : int32 . result = C_Some'0 r /\ Int32.to_int r = Int32.to_int x + 1 + exists r : Int32.t . result = C_Some'0 r /\ Int32.to_int r = Int32.to_int x + 1 else result = C_None'0 @@ -2147,7 +2295,7 @@ module M_option__and_then [#"option.rs" 208 0 208 17] let rec promoted1__and_then'0 (return' (ret:t_Option'0))= bb0 [ bb0 = s0 - [ s0 = [ &_1 <- C_Some'0 ([%#soption12] (2 : int32)) ] s1 | s1 = [ &_0 <- _1 ] s2 | s2 = return' {_0} ] + [ s0 = [ &_1 <- C_Some'0 ([%#soption12] (2 : Int32.t)) ] s1 | s1 = [ &_0 <- _1 ] s2 | s2 = return' {_0} ] ] [ & _0 : t_Option'0 = any_l () | & _1 : t_Option'0 = any_l () ] [ return' (result:t_Option'0)-> return' {result} ] @@ -2164,8 +2312,8 @@ module M_option__and_then [#"option.rs" 208 0 208 17] let rec and_then'0 (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &none <- C_None'0 ] s1 - | s1 = [ &some1 <- C_Some'0 ([%#soption0] (1 : int32)) ] s2 - | s2 = [ &some2 <- C_Some'0 ([%#soption1] (3 : int32)) ] s3 + | s1 = [ &some1 <- C_Some'0 ([%#soption0] (1 : Int32.t)) ] s2 + | s2 = [ &some2 <- C_Some'0 ([%#soption1] (3 : Int32.t)) ] s3 | s3 = [ &_9 <- () ] s4 | s4 = and_then'1 {none} {_9} (fun (_ret':t_Option'0) -> [ &_7 <- _ret' ] s5) | s5 = bb1 ] @@ -2235,15 +2383,17 @@ module M_option__filter [#"option.rs" 235 0 235 15] let%span soption15 = "../../../creusot-contracts/src/std/option.rs" 11 8 14 9 let%span snum16 = "../../../creusot-contracts/src/std/num.rs" 21 28 21 33 + use prelude.prelude.Int + use prelude.prelude.Int32 type t_Option'0 = | C_None'0 - | C_Some'0 int32 + | C_Some'0 Int32.t use prelude.prelude.Borrow - let rec closure0'0 (_1:()) (_2:int32) (return' (ret:bool))= {[@expl:closure requires] [%#soption4] false} + let rec closure0'0 (_1:()) (_2:Int32.t) (return' (ret:bool))= {[@expl:closure requires] [%#soption4] false} (! bb0 [ bb0 = {false} any ] ) [ return' (result:bool)-> (! return' {result}) ] predicate inv'0 (_1 : t_Option'0) @@ -2254,13 +2404,13 @@ module M_option__filter [#"option.rs" 235 0 235 15] axiom inv_axiom'1 [@rewrite] : forall x : () [inv'1 x] . inv'1 x = true - predicate precondition'0 (self : ()) (args : int32) = + predicate precondition'0 (self : ()) (args : Int32.t) = [%#soption4] let (_2) = args in false - predicate postcondition_once'0 (self : ()) (args : int32) (result : bool) = + predicate postcondition_once'0 (self : ()) (args : Int32.t) (result : bool) = let (_2) = args in true - predicate resolve'0 (_1 : int32) = + predicate resolve'0 (_1 : Int32.t) = true let rec filter'1 (self:t_Option'0) (predicate':()) (return' (ret:t_Option'0))= {[@expl:filter 'self' type invariant] inv'0 self} @@ -2293,15 +2443,13 @@ module M_option__filter [#"option.rs" 235 0 235 15] axiom inv_axiom'2 [@rewrite] : forall x : t_Option'0 [inv'2 x] . inv'2 x = true - use prelude.prelude.Int - type t_Option'1 = | C_None'1 | C_Some'1 int use prelude.prelude.Int32 - function deep_model'2 (self : int32) : int = + function deep_model'2 (self : Int32.t) : int = [%#snum16] Int32.to_int self function deep_model'1 (self : t_Option'0) : t_Option'1 = @@ -2319,16 +2467,16 @@ module M_option__filter [#"option.rs" 235 0 235 15] [ return' (result:bool)-> {[%#soption7] result = (deep_model'0 self = deep_model'0 other)} (! return' {result}) ] - function view'0 (self : int32) : int = + function view'0 (self : Int32.t) : int = [%#smodel14] Int32.to_int self - let rec closure1'0 (_1:()) (x:int32) (return' (ret:bool))= (! bb0 + let rec closure1'0 (_1:()) (x:Int32.t) (return' (ret:bool))= (! bb0 [ bb0 = s0 - [ s0 = Int32.eq {x} {[%#soption8] (1 : int32)} (fun (_ret':bool) -> [ &res <- _ret' ] s1) + [ s0 = Int32.eq {x} {[%#soption8] (1 : Int32.t)} (fun (_ret':bool) -> [ &res <- _ret' ] s1) | s1 = [ &_0 <- res ] s2 | s2 = return' {_0} ] ] - ) [ & _0 : bool = any_l () | & x : int32 = x | & res : bool = any_l () ] + ) [ & _0 : bool = any_l () | & x : Int32.t = x | & res : bool = any_l () ] [ return' (result:bool)-> {[@expl:closure ensures] [%#soption9] result = (view'0 x = 1)} (! return' {result}) ] @@ -2336,10 +2484,10 @@ module M_option__filter [#"option.rs" 235 0 235 15] axiom inv_axiom'3 [@rewrite] : forall x : () [inv'3 x] . inv'3 x = true - predicate precondition'1 (self : ()) (args : int32) = + predicate precondition'1 (self : ()) (args : Int32.t) = let (x) = args in true - predicate postcondition_once'1 (self : ()) (args : int32) (result : bool) = + predicate postcondition_once'1 (self : ()) (args : Int32.t) (result : bool) = [%#soption9] let (x) = args in result = (view'0 x = 1) let rec filter'2 (self:t_Option'0) (predicate':()) (return' (ret:t_Option'0))= {[@expl:filter 'self' type invariant] inv'0 self} @@ -2362,19 +2510,19 @@ module M_option__filter [#"option.rs" 235 0 235 15] let rec promoted1__filter'0 (return' (ret:t_Option'0))= bb0 [ bb0 = s0 - [ s0 = [ &_1 <- C_Some'0 ([%#soption10] (1 : int32)) ] s1 | s1 = [ &_0 <- _1 ] s2 | s2 = return' {_0} ] + [ s0 = [ &_1 <- C_Some'0 ([%#soption10] (1 : Int32.t)) ] s1 | s1 = [ &_0 <- _1 ] s2 | s2 = return' {_0} ] ] [ & _0 : t_Option'0 = any_l () | & _1 : t_Option'0 = any_l () ] [ return' (result:t_Option'0)-> return' {result} ] - let rec closure2'0 (_1:()) (x:int32) (return' (ret:bool))= (! bb0 + let rec closure2'0 (_1:()) (x:Int32.t) (return' (ret:bool))= (! bb0 [ bb0 = s0 - [ s0 = Int32.eq {x} {[%#soption11] (2 : int32)} (fun (_ret':bool) -> [ &res <- _ret' ] s1) + [ s0 = Int32.eq {x} {[%#soption11] (2 : Int32.t)} (fun (_ret':bool) -> [ &res <- _ret' ] s1) | s1 = [ &_0 <- res ] s2 | s2 = return' {_0} ] ] - ) [ & _0 : bool = any_l () | & x : int32 = x | & res : bool = any_l () ] + ) [ & _0 : bool = any_l () | & x : Int32.t = x | & res : bool = any_l () ] [ return' (result:bool)-> {[@expl:closure ensures] [%#soption12] result = (view'0 x = 2)} (! return' {result}) ] @@ -2382,10 +2530,10 @@ module M_option__filter [#"option.rs" 235 0 235 15] axiom inv_axiom'4 [@rewrite] : forall x : () [inv'4 x] . inv'4 x = true - predicate precondition'2 (self : ()) (args : int32) = + predicate precondition'2 (self : ()) (args : Int32.t) = let (x) = args in true - predicate postcondition_once'2 (self : ()) (args : int32) (result : bool) = + predicate postcondition_once'2 (self : ()) (args : Int32.t) (result : bool) = [%#soption12] let (x) = args in result = (view'0 x = 2) let rec filter'3 (self:t_Option'0) (predicate':()) (return' (ret:t_Option'0))= {[@expl:filter 'self' type invariant] inv'0 self} @@ -2417,7 +2565,7 @@ module M_option__filter [#"option.rs" 235 0 235 15] let rec filter'0 (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &none <- C_None'0 ] s1 - | s1 = [ &some <- C_Some'0 ([%#soption0] (1 : int32)) ] s2 + | s1 = [ &some <- C_Some'0 ([%#soption0] (1 : Int32.t)) ] s2 | s2 = [ &_8 <- () ] s3 | s3 = filter'1 {none} {_8} (fun (_ret':t_Option'0) -> [ &_6 <- _ret' ] s4) | s4 = bb1 ] @@ -2487,22 +2635,24 @@ module M_option__is_some_and [#"option.rs" 259 0 259 20] let%span soption11 = "option.rs" 274 12 274 16 let%span soption12 = "option.rs" 273 18 273 24 + use prelude.prelude.Int + use prelude.prelude.Int32 type t_Option'0 = | C_None'0 - | C_Some'0 int32 + | C_Some'0 Int32.t use prelude.prelude.Intrinsic - let rec closure0'0 (_1:()) (x:int32) (return' (ret:bool))= (! bb0 + let rec closure0'0 (_1:()) (x:Int32.t) (return' (ret:bool))= (! bb0 [ bb0 = s0 - [ s0 = Int32.eq {x} {[%#soption5] (1 : int32)} (fun (_ret':bool) -> [ &res <- _ret' ] s1) + [ s0 = Int32.eq {x} {[%#soption5] (1 : Int32.t)} (fun (_ret':bool) -> [ &res <- _ret' ] s1) | s1 = [ &_0 <- res ] s2 | s2 = return' {_0} ] ] - ) [ & _0 : bool = any_l () | & x : int32 = x | & res : bool = any_l () ] - [ return' (result:bool)-> {[@expl:closure ensures] [%#soption6] result = (x = (1 : int32))} (! return' {result}) ] + ) [ & _0 : bool = any_l () | & x : Int32.t = x | & res : bool = any_l () ] + [ return' (result:bool)-> {[@expl:closure ensures] [%#soption6] result = (x = (1 : Int32.t))} (! return' {result}) ] predicate inv'0 (_1 : t_Option'0) @@ -2513,16 +2663,16 @@ module M_option__is_some_and [#"option.rs" 259 0 259 20] axiom inv_axiom'1 [@rewrite] : forall x : () [inv'1 x] . inv'1 x = true - predicate precondition'0 (self : ()) (args : int32) = + predicate precondition'0 (self : ()) (args : Int32.t) = let (x) = args in true use prelude.prelude.Borrow - predicate resolve'0 (_1 : int32) = + predicate resolve'0 (_1 : Int32.t) = true - predicate postcondition_once'0 (self : ()) (args : int32) (result : bool) = - [%#soption6] let (x) = args in result = (x = (1 : int32)) + predicate postcondition_once'0 (self : ()) (args : Int32.t) (result : bool) = + [%#soption6] let (x) = args in result = (x = (1 : Int32.t)) let rec is_some_and'1 (self:t_Option'0) (f:()) (return' (ret:bool))= {[@expl:is_some_and 'self' type invariant] inv'0 self} {[@expl:is_some_and 'f' type invariant] inv'1 f} @@ -2538,25 +2688,26 @@ module M_option__is_some_and [#"option.rs" 259 0 259 20] (! return' {result}) ] - let rec closure1'0 (_1:()) (x:int32) (return' (ret:bool))= (! bb0 + let rec closure1'0 (_1:()) (x:Int32.t) (return' (ret:bool))= (! bb0 [ bb0 = s0 - [ s0 = Int32.eq {x} {[%#soption9] (1 : int32)} (fun (_ret':bool) -> [ &res <- _ret' ] s1) + [ s0 = Int32.eq {x} {[%#soption9] (1 : Int32.t)} (fun (_ret':bool) -> [ &res <- _ret' ] s1) | s1 = [ &_0 <- res ] s2 | s2 = return' {_0} ] ] - ) [ & _0 : bool = any_l () | & x : int32 = x | & res : bool = any_l () ] - [ return' (result:bool)-> {[@expl:closure ensures] [%#soption10] result = (x = (1 : int32))} (! return' {result}) ] + ) [ & _0 : bool = any_l () | & x : Int32.t = x | & res : bool = any_l () ] + [ return' (result:bool)-> {[@expl:closure ensures] [%#soption10] result = (x = (1 : Int32.t))} + (! return' {result}) ] predicate inv'2 (_1 : ()) axiom inv_axiom'2 [@rewrite] : forall x : () [inv'2 x] . inv'2 x = true - predicate precondition'1 (self : ()) (args : int32) = + predicate precondition'1 (self : ()) (args : Int32.t) = let (x) = args in true - predicate postcondition_once'1 (self : ()) (args : int32) (result : bool) = - [%#soption10] let (x) = args in result = (x = (1 : int32)) + predicate postcondition_once'1 (self : ()) (args : Int32.t) (result : bool) = + [%#soption10] let (x) = args in result = (x = (1 : Int32.t)) let rec is_some_and'2 (self:t_Option'0) (f:()) (return' (ret:bool))= {[@expl:is_some_and 'self' type invariant] inv'0 self} {[@expl:is_some_and 'f' type invariant] inv'2 f} @@ -2572,7 +2723,7 @@ module M_option__is_some_and [#"option.rs" 259 0 259 20] (! return' {result}) ] - let rec closure2'0 (_1:()) (_2:int32) (return' (ret:bool))= (! bb0 + let rec closure2'0 (_1:()) (_2:Int32.t) (return' (ret:bool))= (! bb0 [ bb0 = s0 [ s0 = [ &res <- [%#soption11] true ] s1 | s1 = [ &_0 <- res ] s2 | s2 = return' {_0} ] ] ) [ & _0 : bool = any_l () | & res : bool = any_l () ] [ return' (result:bool)-> {[@expl:closure ensures] [%#soption12] result} (! return' {result}) ] @@ -2582,10 +2733,10 @@ module M_option__is_some_and [#"option.rs" 259 0 259 20] axiom inv_axiom'3 [@rewrite] : forall x : () [inv'3 x] . inv'3 x = true - predicate precondition'2 (self : ()) (args : int32) = + predicate precondition'2 (self : ()) (args : Int32.t) = let (_2) = args in true - predicate postcondition_once'2 (self : ()) (args : int32) (result : bool) = + predicate postcondition_once'2 (self : ()) (args : Int32.t) (result : bool) = [%#soption12] let (_2) = args in result let rec is_some_and'3 (self:t_Option'0) (f:()) (return' (ret:bool))= {[@expl:is_some_and 'self' type invariant] inv'0 self} @@ -2607,8 +2758,8 @@ module M_option__is_some_and [#"option.rs" 259 0 259 20] let rec is_some_and'0 (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &none <- C_None'0 ] s1 - | s1 = [ &some1 <- C_Some'0 ([%#soption0] (1 : int32)) ] s2 - | s2 = [ &some2 <- C_Some'0 ([%#soption1] (2 : int32)) ] s3 + | s1 = [ &some1 <- C_Some'0 ([%#soption0] (1 : Int32.t)) ] s2 + | s2 = [ &some2 <- C_Some'0 ([%#soption1] (2 : Int32.t)) ] s3 | s3 = [ &_7 <- () ] s4 | s4 = is_some_and'1 {some1} {_7} (fun (_ret':bool) -> [ &_5 <- _ret' ] s5) | s5 = bb1 ] @@ -2661,20 +2812,22 @@ module M_option__or_else [#"option.rs" 278 0 278 16] let%span soption14 = "../../../creusot-contracts/src/std/option.rs" 11 8 14 9 let%span snum15 = "../../../creusot-contracts/src/std/num.rs" 21 28 21 33 + use prelude.prelude.Int + use prelude.prelude.Int32 type t_Option'0 = | C_None'0 - | C_Some'0 int32 + | C_Some'0 Int32.t use prelude.prelude.Intrinsic let rec closure0'0 (_1:()) (return' (ret:t_Option'0))= (! bb0 [ bb0 = s0 - [ s0 = [ &res <- C_Some'0 ([%#soption4] (2 : int32)) ] s1 | s1 = [ &_0 <- res ] s2 | s2 = return' {_0} ] + [ s0 = [ &res <- C_Some'0 ([%#soption4] (2 : Int32.t)) ] s1 | s1 = [ &_0 <- res ] s2 | s2 = return' {_0} ] ] ) [ & _0 : t_Option'0 = any_l () | & res : t_Option'0 = any_l () ] - [ return' (result:t_Option'0)-> {[@expl:closure ensures] [%#soption5] result = C_Some'0 (2 : int32)} + [ return' (result:t_Option'0)-> {[@expl:closure ensures] [%#soption5] result = C_Some'0 (2 : Int32.t)} (! return' {result}) ] @@ -2690,7 +2843,7 @@ module M_option__or_else [#"option.rs" 278 0 278 16] let () = args in true predicate postcondition_once'0 (self : ()) (args : ()) (result : t_Option'0) = - [%#soption5] let () = args in result = C_Some'0 (2 : int32) + [%#soption5] let () = args in result = C_Some'0 (2 : Int32.t) let rec or_else'1 (self:t_Option'0) (f:()) (return' (ret:t_Option'0))= {[@expl:or_else 'self' type invariant] inv'0 self} {[@expl:or_else 'f' type invariant] inv'1 f} @@ -2708,7 +2861,7 @@ module M_option__or_else [#"option.rs" 278 0 278 16] let rec promoted2__or_else'0 (return' (ret:t_Option'0))= bb0 [ bb0 = s0 - [ s0 = [ &_1 <- C_Some'0 ([%#soption8] (2 : int32)) ] s1 | s1 = [ &_0 <- _1 ] s2 | s2 = return' {_0} ] + [ s0 = [ &_1 <- C_Some'0 ([%#soption8] (2 : Int32.t)) ] s1 | s1 = [ &_0 <- _1 ] s2 | s2 = return' {_0} ] ] [ & _0 : t_Option'0 = any_l () | & _1 : t_Option'0 = any_l () ] [ return' (result:t_Option'0)-> return' {result} ] @@ -2718,15 +2871,13 @@ module M_option__or_else [#"option.rs" 278 0 278 16] axiom inv_axiom'2 [@rewrite] : forall x : t_Option'0 [inv'2 x] . inv'2 x = true - use prelude.prelude.Int - type t_Option'1 = | C_None'1 | C_Some'1 int use prelude.prelude.Int32 - function deep_model'2 (self : int32) : int = + function deep_model'2 (self : Int32.t) : int = [%#snum15] Int32.to_int self function deep_model'1 (self : t_Option'0) : t_Option'1 = @@ -2805,7 +2956,7 @@ module M_option__or_else [#"option.rs" 278 0 278 16] let rec promoted0__or_else'0 (return' (ret:t_Option'0))= bb0 [ bb0 = s0 - [ s0 = [ &_1 <- C_Some'0 ([%#soption12] (1 : int32)) ] s1 | s1 = [ &_0 <- _1 ] s2 | s2 = return' {_0} ] + [ s0 = [ &_1 <- C_Some'0 ([%#soption12] (1 : Int32.t)) ] s1 | s1 = [ &_0 <- _1 ] s2 | s2 = return' {_0} ] ] [ & _0 : t_Option'0 = any_l () | & _1 : t_Option'0 = any_l () ] [ return' (result:t_Option'0)-> return' {result} ] @@ -2816,7 +2967,7 @@ module M_option__or_else [#"option.rs" 278 0 278 16] let rec or_else'0 (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &none <- C_None'0 ] s1 - | s1 = [ &some <- C_Some'0 ([%#soption0] (1 : int32)) ] s2 + | s1 = [ &some <- C_Some'0 ([%#soption0] (1 : Int32.t)) ] s2 | s2 = [ &_8 <- () ] s3 | s3 = or_else'1 {none} {_8} (fun (_ret':t_Option'0) -> [ &_6 <- _ret' ] s4) | s4 = bb1 ] @@ -2893,11 +3044,13 @@ module M_option__insert [#"option.rs" 302 0 302 15] let%span soption18 = "../../../creusot-contracts/src/std/option.rs" 11 8 14 9 let%span snum19 = "../../../creusot-contracts/src/std/num.rs" 21 28 21 33 + use prelude.prelude.Int + use prelude.prelude.Int32 type t_Option'0 = | C_None'0 - | C_Some'0 int32 + | C_Some'0 Int32.t use prelude.prelude.Borrow @@ -2905,21 +3058,21 @@ module M_option__insert [#"option.rs" 302 0 302 15] axiom inv_axiom'0 [@rewrite] : forall x : borrowed (t_Option'0) [inv'0 x] . inv'0 x = true - predicate inv'1 (_1 : int32) + predicate inv'1 (_1 : Int32.t) - axiom inv_axiom'1 [@rewrite] : forall x : int32 [inv'1 x] . inv'1 x = true + axiom inv_axiom'1 [@rewrite] : forall x : Int32.t [inv'1 x] . inv'1 x = true - predicate inv'2 (_1 : borrowed int32) + predicate inv'2 (_1 : borrowed Int32.t) - axiom inv_axiom'2 [@rewrite] : forall x : borrowed int32 [inv'2 x] . inv'2 x = true + axiom inv_axiom'2 [@rewrite] : forall x : borrowed Int32.t [inv'2 x] . inv'2 x = true - predicate resolve'1 (_1 : int32) = + predicate resolve'1 (_1 : Int32.t) = true - let rec insert'1 (self:borrowed (t_Option'0)) (value:int32) (return' (ret:borrowed int32))= {[@expl:insert 'self' type invariant] inv'0 self} + let rec insert'1 (self:borrowed (t_Option'0)) (value:Int32.t) (return' (ret:borrowed Int32.t))= {[@expl:insert 'self' type invariant] inv'0 self} {[@expl:insert 'value' type invariant] inv'1 value} any - [ return' (result:borrowed int32)-> {inv'2 result} + [ return' (result:borrowed Int32.t)-> {inv'2 result} {[%#soption11] match self.current with | C_Some'0 t -> resolve'1 t | C_None'0 -> true @@ -2928,17 +3081,17 @@ module M_option__insert [#"option.rs" 302 0 302 15] (! return' {result}) ] - predicate resolve'2 (self : borrowed int32) = + predicate resolve'2 (self : borrowed Int32.t) = [%#sresolve16] self.final = self.current - predicate resolve'0 (_1 : borrowed int32) = + predicate resolve'0 (_1 : borrowed Int32.t) = resolve'2 _1 use prelude.prelude.Intrinsic let rec promoted1__insert'0 (return' (ret:t_Option'0))= bb0 [ bb0 = s0 - [ s0 = [ &_1 <- C_Some'0 ([%#soption13] (3 : int32)) ] s1 | s1 = [ &_0 <- _1 ] s2 | s2 = return' {_0} ] + [ s0 = [ &_1 <- C_Some'0 ([%#soption13] (3 : Int32.t)) ] s1 | s1 = [ &_0 <- _1 ] s2 | s2 = return' {_0} ] ] [ & _0 : t_Option'0 = any_l () | & _1 : t_Option'0 = any_l () ] [ return' (result:t_Option'0)-> return' {result} ] @@ -2948,15 +3101,13 @@ module M_option__insert [#"option.rs" 302 0 302 15] axiom inv_axiom'3 [@rewrite] : forall x : t_Option'0 [inv'3 x] . inv'3 x = true - use prelude.prelude.Int - type t_Option'1 = | C_None'1 | C_Some'1 int use prelude.prelude.Int32 - function deep_model'2 (self : int32) : int = + function deep_model'2 (self : Int32.t) : int = [%#snum19] Int32.to_int self function deep_model'1 (self : t_Option'0) : t_Option'1 = @@ -2976,7 +3127,7 @@ module M_option__insert [#"option.rs" 302 0 302 15] let rec promoted0__insert'0 (return' (ret:t_Option'0))= bb0 [ bb0 = s0 - [ s0 = [ &_1 <- C_Some'0 ([%#soption15] (5 : int32)) ] s1 | s1 = [ &_0 <- _1 ] s2 | s2 = return' {_0} ] + [ s0 = [ &_1 <- C_Some'0 ([%#soption15] (5 : Int32.t)) ] s1 | s1 = [ &_0 <- _1 ] s2 | s2 = return' {_0} ] ] [ & _0 : t_Option'0 = any_l () | & _1 : t_Option'0 = any_l () ] [ return' (result:t_Option'0)-> return' {result} ] @@ -2987,18 +3138,18 @@ module M_option__insert [#"option.rs" 302 0 302 15] let rec insert'0 (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &none <- C_None'0 ] s1 - | s1 = [ &some <- C_Some'0 ([%#soption0] (1 : int32)) ] s2 + | s1 = [ &some <- C_Some'0 ([%#soption0] (1 : Int32.t)) ] s2 | s2 = Borrow.borrow_mut {none} (fun (_ret':borrowed (t_Option'0)) -> [ &_4 <- _ret' ] [ &none <- _ret'.final ] s3) - | s3 = insert'1 {_4} {[%#soption1] (2 : int32)} (fun (_ret':borrowed int32) -> [ &i1 <- _ret' ] s4) + | s3 = insert'1 {_4} {[%#soption1] (2 : Int32.t)} (fun (_ret':borrowed Int32.t) -> [ &i1 <- _ret' ] s4) | s4 = bb1 ] | bb1 = s0 - [ s0 = Int32.eq {i1.current} {[%#soption2] (2 : int32)} (fun (_ret':bool) -> [ &_6 <- _ret' ] s1) + [ s0 = Int32.eq {i1.current} {[%#soption2] (2 : Int32.t)} (fun (_ret':bool) -> [ &_6 <- _ret' ] s1) | s1 = any [ br0 -> {_6 = false} (! bb3) | br1 -> {_6} (! bb2) ] ] | bb2 = s0 - [ s0 = [ &i1 <- { i1 with current = ([%#soption3] (3 : int32)) } ] s1 + [ s0 = [ &i1 <- { i1 with current = ([%#soption3] (3 : Int32.t)) } ] s1 | s1 = -{resolve'0 i1}- s2 | s2 = promoted1__insert'0 (fun (pr1:t_Option'0) -> [ &_28 <- pr1 ] s3) | s3 = eq'0 {none} {_28} (fun (_ret':bool) -> [ &_10 <- _ret' ] s4) @@ -3008,15 +3159,15 @@ module M_option__insert [#"option.rs" 302 0 302 15] | bb5 = s0 [ s0 = Borrow.borrow_mut {some} (fun (_ret':borrowed (t_Option'0)) -> [ &_16 <- _ret' ] [ &some <- _ret'.final ] s1) - | s1 = insert'1 {_16} {[%#soption4] (4 : int32)} (fun (_ret':borrowed int32) -> [ &i2 <- _ret' ] s2) + | s1 = insert'1 {_16} {[%#soption4] (4 : Int32.t)} (fun (_ret':borrowed Int32.t) -> [ &i2 <- _ret' ] s2) | s2 = bb7 ] | bb7 = s0 - [ s0 = Int32.eq {i2.current} {[%#soption5] (4 : int32)} (fun (_ret':bool) -> [ &_18 <- _ret' ] s1) + [ s0 = Int32.eq {i2.current} {[%#soption5] (4 : Int32.t)} (fun (_ret':bool) -> [ &_18 <- _ret' ] s1) | s1 = any [ br0 -> {_18 = false} (! bb9) | br1 -> {_18} (! bb8) ] ] | bb8 = s0 - [ s0 = [ &i2 <- { i2 with current = ([%#soption6] (5 : int32)) } ] s1 + [ s0 = [ &i2 <- { i2 with current = ([%#soption6] (5 : Int32.t)) } ] s1 | s1 = -{resolve'0 i2}- s2 | s2 = promoted0__insert'0 (fun (pr0:t_Option'0) -> [ &_27 <- pr0 ] s3) | s3 = eq'0 {some} {_27} (fun (_ret':bool) -> [ &_22 <- _ret' ] s4) @@ -3032,11 +3183,11 @@ module M_option__insert [#"option.rs" 302 0 302 15] [ & _0 : () = any_l () | & none : t_Option'0 = any_l () | & some : t_Option'0 = any_l () - | & i1 : borrowed int32 = any_l () + | & i1 : borrowed Int32.t = any_l () | & _4 : borrowed (t_Option'0) = any_l () | & _6 : bool = any_l () | & _10 : bool = any_l () - | & i2 : borrowed int32 = any_l () + | & i2 : borrowed Int32.t = any_l () | & _16 : borrowed (t_Option'0) = any_l () | & _18 : bool = any_l () | & _22 : bool = any_l () @@ -3081,11 +3232,13 @@ module M_option__get_or_insert [#"option.rs" 316 0 316 22] let%span soption33 = "../../../creusot-contracts/src/std/option.rs" 11 8 14 9 let%span snum34 = "../../../creusot-contracts/src/std/num.rs" 21 28 21 33 + use prelude.prelude.Int + use prelude.prelude.Int32 type t_Option'0 = | C_None'0 - | C_Some'0 int32 + | C_Some'0 Int32.t use prelude.prelude.Borrow @@ -3093,21 +3246,21 @@ module M_option__get_or_insert [#"option.rs" 316 0 316 22] axiom inv_axiom'0 [@rewrite] : forall x : borrowed (t_Option'0) [inv'0 x] . inv'0 x = true - predicate inv'1 (_1 : int32) + predicate inv'1 (_1 : Int32.t) - axiom inv_axiom'1 [@rewrite] : forall x : int32 [inv'1 x] . inv'1 x = true + axiom inv_axiom'1 [@rewrite] : forall x : Int32.t [inv'1 x] . inv'1 x = true - predicate inv'2 (_1 : borrowed int32) + predicate inv'2 (_1 : borrowed Int32.t) - axiom inv_axiom'2 [@rewrite] : forall x : borrowed int32 [inv'2 x] . inv'2 x = true + axiom inv_axiom'2 [@rewrite] : forall x : borrowed Int32.t [inv'2 x] . inv'2 x = true - predicate resolve'1 (_1 : int32) = + predicate resolve'1 (_1 : Int32.t) = true - let rec get_or_insert'1 (self:borrowed (t_Option'0)) (value:int32) (return' (ret:borrowed int32))= {[@expl:get_or_insert 'self' type invariant] inv'0 self} + let rec get_or_insert'1 (self:borrowed (t_Option'0)) (value:Int32.t) (return' (ret:borrowed Int32.t))= {[@expl:get_or_insert 'self' type invariant] inv'0 self} {[@expl:get_or_insert 'value' type invariant] inv'1 value} any - [ return' (result:borrowed int32)-> {inv'2 result} + [ return' (result:borrowed Int32.t)-> {inv'2 result} {[%#soption20] match self.current with | C_None'0 -> result.current = value /\ self.final = C_Some'0 (result.final) | C_Some'0 _ -> self.current = C_Some'0 (result.current) @@ -3116,17 +3269,17 @@ module M_option__get_or_insert [#"option.rs" 316 0 316 22] (! return' {result}) ] - predicate resolve'2 (self : borrowed int32) = + predicate resolve'2 (self : borrowed Int32.t) = [%#sresolve31] self.final = self.current - predicate resolve'0 (_1 : borrowed int32) = + predicate resolve'0 (_1 : borrowed Int32.t) = resolve'2 _1 use prelude.prelude.Intrinsic let rec promoted3__get_or_insert'0 (return' (ret:t_Option'0))= bb0 [ bb0 = s0 - [ s0 = [ &_1 <- C_Some'0 ([%#soption21] (3 : int32)) ] s1 | s1 = [ &_0 <- _1 ] s2 | s2 = return' {_0} ] + [ s0 = [ &_1 <- C_Some'0 ([%#soption21] (3 : Int32.t)) ] s1 | s1 = [ &_0 <- _1 ] s2 | s2 = return' {_0} ] ] [ & _0 : t_Option'0 = any_l () | & _1 : t_Option'0 = any_l () ] [ return' (result:t_Option'0)-> return' {result} ] @@ -3136,15 +3289,13 @@ module M_option__get_or_insert [#"option.rs" 316 0 316 22] axiom inv_axiom'3 [@rewrite] : forall x : t_Option'0 [inv'3 x] . inv'3 x = true - use prelude.prelude.Int - type t_Option'1 = | C_None'1 | C_Some'1 int use prelude.prelude.Int32 - function deep_model'2 (self : int32) : int = + function deep_model'2 (self : Int32.t) : int = [%#snum34] Int32.to_int self function deep_model'1 (self : t_Option'0) : t_Option'1 = @@ -3164,16 +3315,16 @@ module M_option__get_or_insert [#"option.rs" 316 0 316 22] let rec promoted2__get_or_insert'0 (return' (ret:t_Option'0))= bb0 [ bb0 = s0 - [ s0 = [ &_1 <- C_Some'0 ([%#soption23] (5 : int32)) ] s1 | s1 = [ &_0 <- _1 ] s2 | s2 = return' {_0} ] + [ s0 = [ &_1 <- C_Some'0 ([%#soption23] (5 : Int32.t)) ] s1 | s1 = [ &_0 <- _1 ] s2 | s2 = return' {_0} ] ] [ & _0 : t_Option'0 = any_l () | & _1 : t_Option'0 = any_l () ] [ return' (result:t_Option'0)-> return' {result} ] - let rec closure0'0 (_1:()) (return' (ret:int32))= (! bb0 - [ bb0 = s0 [ s0 = [ &res <- [%#soption24] (2 : int32) ] s1 | s1 = [ &_0 <- res ] s2 | s2 = return' {_0} ] ] - ) [ & _0 : int32 = any_l () | & res : int32 = any_l () ] - [ return' (result:int32)-> {[@expl:closure ensures] [%#soption25] result = (2 : int32)} (! return' {result}) ] + let rec closure0'0 (_1:()) (return' (ret:Int32.t))= (! bb0 + [ bb0 = s0 [ s0 = [ &res <- [%#soption24] (2 : Int32.t) ] s1 | s1 = [ &_0 <- res ] s2 | s2 = return' {_0} ] ] + ) [ & _0 : Int32.t = any_l () | & res : Int32.t = any_l () ] + [ return' (result:Int32.t)-> {[@expl:closure ensures] [%#soption25] result = (2 : Int32.t)} (! return' {result}) ] predicate inv'4 (_1 : ()) @@ -3183,14 +3334,14 @@ module M_option__get_or_insert [#"option.rs" 316 0 316 22] predicate precondition'0 (self : ()) (args : ()) = let () = args in true - predicate postcondition_once'0 (self : ()) (args : ()) (result : int32) = - [%#soption25] let () = args in result = (2 : int32) + predicate postcondition_once'0 (self : ()) (args : ()) (result : Int32.t) = + [%#soption25] let () = args in result = (2 : Int32.t) - let rec get_or_insert_with'0 (self:borrowed (t_Option'0)) (f:()) (return' (ret:borrowed int32))= {[@expl:get_or_insert_with 'self' type invariant] inv'0 self} + let rec get_or_insert_with'0 (self:borrowed (t_Option'0)) (f:()) (return' (ret:borrowed Int32.t))= {[@expl:get_or_insert_with 'self' type invariant] inv'0 self} {[@expl:get_or_insert_with 'f' type invariant] inv'4 f} {[@expl:get_or_insert_with requires] [%#soption26] self.current = C_None'0 -> precondition'0 f ()} any - [ return' (result:borrowed int32)-> {inv'2 result} + [ return' (result:borrowed Int32.t)-> {inv'2 result} {[%#soption27] match self.current with | C_None'0 -> postcondition_once'0 f () result.current /\ self.final = C_Some'0 (result.final) | C_Some'0 _ -> self.current = C_Some'0 (result.current) /\ self.final = C_Some'0 (result.final) @@ -3200,14 +3351,14 @@ module M_option__get_or_insert [#"option.rs" 316 0 316 22] let rec promoted1__get_or_insert'0 (return' (ret:t_Option'0))= bb0 [ bb0 = s0 - [ s0 = [ &_1 <- C_Some'0 ([%#soption28] (3 : int32)) ] s1 | s1 = [ &_0 <- _1 ] s2 | s2 = return' {_0} ] + [ s0 = [ &_1 <- C_Some'0 ([%#soption28] (3 : Int32.t)) ] s1 | s1 = [ &_0 <- _1 ] s2 | s2 = return' {_0} ] ] [ & _0 : t_Option'0 = any_l () | & _1 : t_Option'0 = any_l () ] [ return' (result:t_Option'0)-> return' {result} ] - let rec closure1'0 (_1:()) (return' (ret:int32))= {[@expl:closure requires] [%#soption29] false} - (! bb0 [ bb0 = {false} any ] ) [ return' (result:int32)-> (! return' {result}) ] + let rec closure1'0 (_1:()) (return' (ret:Int32.t))= {[@expl:closure requires] [%#soption29] false} + (! bb0 [ bb0 = {false} any ] ) [ return' (result:Int32.t)-> (! return' {result}) ] predicate inv'5 (_1 : ()) @@ -3216,14 +3367,14 @@ module M_option__get_or_insert [#"option.rs" 316 0 316 22] predicate precondition'1 (self : ()) (args : ()) = [%#soption29] let () = args in false - predicate postcondition_once'1 (self : ()) (args : ()) (result : int32) = + predicate postcondition_once'1 (self : ()) (args : ()) (result : Int32.t) = let () = args in true - let rec get_or_insert_with'1 (self:borrowed (t_Option'0)) (f:()) (return' (ret:borrowed int32))= {[@expl:get_or_insert_with 'self' type invariant] inv'0 self} + let rec get_or_insert_with'1 (self:borrowed (t_Option'0)) (f:()) (return' (ret:borrowed Int32.t))= {[@expl:get_or_insert_with 'self' type invariant] inv'0 self} {[@expl:get_or_insert_with 'f' type invariant] inv'5 f} {[@expl:get_or_insert_with requires] [%#soption26] self.current = C_None'0 -> precondition'1 f ()} any - [ return' (result:borrowed int32)-> {inv'2 result} + [ return' (result:borrowed Int32.t)-> {inv'2 result} {[%#soption27] match self.current with | C_None'0 -> postcondition_once'1 f () result.current /\ self.final = C_Some'0 (result.final) | C_Some'0 _ -> self.current = C_Some'0 (result.current) /\ self.final = C_Some'0 (result.final) @@ -3233,7 +3384,7 @@ module M_option__get_or_insert [#"option.rs" 316 0 316 22] let rec promoted0__get_or_insert'0 (return' (ret:t_Option'0))= bb0 [ bb0 = s0 - [ s0 = [ &_1 <- C_Some'0 ([%#soption30] (5 : int32)) ] s1 | s1 = [ &_0 <- _1 ] s2 | s2 = return' {_0} ] + [ s0 = [ &_1 <- C_Some'0 ([%#soption30] (5 : Int32.t)) ] s1 | s1 = [ &_0 <- _1 ] s2 | s2 = return' {_0} ] ] [ & _0 : t_Option'0 = any_l () | & _1 : t_Option'0 = any_l () ] [ return' (result:t_Option'0)-> return' {result} ] @@ -3244,18 +3395,18 @@ module M_option__get_or_insert [#"option.rs" 316 0 316 22] let rec get_or_insert'0 (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &none <- C_None'0 ] s1 - | s1 = [ &some <- C_Some'0 ([%#soption0] (1 : int32)) ] s2 + | s1 = [ &some <- C_Some'0 ([%#soption0] (1 : Int32.t)) ] s2 | s2 = Borrow.borrow_mut {none} (fun (_ret':borrowed (t_Option'0)) -> [ &_4 <- _ret' ] [ &none <- _ret'.final ] s3) - | s3 = get_or_insert'1 {_4} {[%#soption1] (2 : int32)} (fun (_ret':borrowed int32) -> [ &i1 <- _ret' ] s4) + | s3 = get_or_insert'1 {_4} {[%#soption1] (2 : Int32.t)} (fun (_ret':borrowed Int32.t) -> [ &i1 <- _ret' ] s4) | s4 = bb1 ] | bb1 = s0 - [ s0 = Int32.eq {i1.current} {[%#soption2] (2 : int32)} (fun (_ret':bool) -> [ &_6 <- _ret' ] s1) + [ s0 = Int32.eq {i1.current} {[%#soption2] (2 : Int32.t)} (fun (_ret':bool) -> [ &_6 <- _ret' ] s1) | s1 = any [ br0 -> {_6 = false} (! bb3) | br1 -> {_6} (! bb2) ] ] | bb2 = s0 - [ s0 = [ &i1 <- { i1 with current = ([%#soption3] (3 : int32)) } ] s1 + [ s0 = [ &i1 <- { i1 with current = ([%#soption3] (3 : Int32.t)) } ] s1 | s1 = -{resolve'0 i1}- s2 | s2 = promoted3__get_or_insert'0 (fun (pr3:t_Option'0) -> [ &_58 <- pr3 ] s3) | s3 = eq'0 {none} {_58} (fun (_ret':bool) -> [ &_10 <- _ret' ] s4) @@ -3265,15 +3416,15 @@ module M_option__get_or_insert [#"option.rs" 316 0 316 22] | bb5 = s0 [ s0 = Borrow.borrow_mut {some} (fun (_ret':borrowed (t_Option'0)) -> [ &_16 <- _ret' ] [ &some <- _ret'.final ] s1) - | s1 = get_or_insert'1 {_16} {[%#soption4] (4 : int32)} (fun (_ret':borrowed int32) -> [ &i2 <- _ret' ] s2) + | s1 = get_or_insert'1 {_16} {[%#soption4] (4 : Int32.t)} (fun (_ret':borrowed Int32.t) -> [ &i2 <- _ret' ] s2) | s2 = bb7 ] | bb7 = s0 - [ s0 = Int32.eq {i2.current} {[%#soption5] (1 : int32)} (fun (_ret':bool) -> [ &_18 <- _ret' ] s1) + [ s0 = Int32.eq {i2.current} {[%#soption5] (1 : Int32.t)} (fun (_ret':bool) -> [ &_18 <- _ret' ] s1) | s1 = any [ br0 -> {_18 = false} (! bb9) | br1 -> {_18} (! bb8) ] ] | bb8 = s0 - [ s0 = [ &i2 <- { i2 with current = ([%#soption6] (5 : int32)) } ] s1 + [ s0 = [ &i2 <- { i2 with current = ([%#soption6] (5 : Int32.t)) } ] s1 | s1 = -{resolve'0 i2}- s2 | s2 = promoted2__get_or_insert'0 (fun (pr2:t_Option'0) -> [ &_57 <- pr2 ] s3) | s3 = eq'0 {some} {_57} (fun (_ret':bool) -> [ &_22 <- _ret' ] s4) @@ -3283,20 +3434,20 @@ module M_option__get_or_insert [#"option.rs" 316 0 316 22] | bb11 = s0 [ s0 = [ &_27 <- C_None'0 ] s1 | s1 = [ &none <- _27 ] s2 - | s2 = [ &_28 <- C_Some'0 ([%#soption7] (1 : int32)) ] s3 + | s2 = [ &_28 <- C_Some'0 ([%#soption7] (1 : Int32.t)) ] s3 | s3 = [ &some <- _28 ] s4 | s4 = Borrow.borrow_mut {none} (fun (_ret':borrowed (t_Option'0)) -> [ &_30 <- _ret' ] [ &none <- _ret'.final ] s5) | s5 = [ &_31 <- () ] s6 - | s6 = get_or_insert_with'0 {_30} {_31} (fun (_ret':borrowed int32) -> [ &i11 <- _ret' ] s7) + | s6 = get_or_insert_with'0 {_30} {_31} (fun (_ret':borrowed Int32.t) -> [ &i11 <- _ret' ] s7) | s7 = bb13 ] | bb13 = s0 - [ s0 = Int32.eq {i11.current} {[%#soption8] (2 : int32)} (fun (_ret':bool) -> [ &_33 <- _ret' ] s1) + [ s0 = Int32.eq {i11.current} {[%#soption8] (2 : Int32.t)} (fun (_ret':bool) -> [ &_33 <- _ret' ] s1) | s1 = any [ br0 -> {_33 = false} (! bb15) | br1 -> {_33} (! bb14) ] ] | bb14 = s0 - [ s0 = [ &i11 <- { i11 with current = ([%#soption9] (3 : int32)) } ] s1 + [ s0 = [ &i11 <- { i11 with current = ([%#soption9] (3 : Int32.t)) } ] s1 | s1 = -{resolve'0 i11}- s2 | s2 = promoted1__get_or_insert'0 (fun (pr1:t_Option'0) -> [ &_56 <- pr1 ] s3) | s3 = eq'0 {none} {_56} (fun (_ret':bool) -> [ &_37 <- _ret' ] s4) @@ -3307,15 +3458,15 @@ module M_option__get_or_insert [#"option.rs" 316 0 316 22] [ s0 = Borrow.borrow_mut {some} (fun (_ret':borrowed (t_Option'0)) -> [ &_43 <- _ret' ] [ &some <- _ret'.final ] s1) | s1 = [ &_44 <- () ] s2 - | s2 = get_or_insert_with'1 {_43} {_44} (fun (_ret':borrowed int32) -> [ &i21 <- _ret' ] s3) + | s2 = get_or_insert_with'1 {_43} {_44} (fun (_ret':borrowed Int32.t) -> [ &i21 <- _ret' ] s3) | s3 = bb19 ] | bb19 = s0 - [ s0 = Int32.eq {i21.current} {[%#soption10] (1 : int32)} (fun (_ret':bool) -> [ &_46 <- _ret' ] s1) + [ s0 = Int32.eq {i21.current} {[%#soption10] (1 : Int32.t)} (fun (_ret':bool) -> [ &_46 <- _ret' ] s1) | s1 = any [ br0 -> {_46 = false} (! bb21) | br1 -> {_46} (! bb20) ] ] | bb20 = s0 - [ s0 = [ &i21 <- { i21 with current = ([%#soption11] (5 : int32)) } ] s1 + [ s0 = [ &i21 <- { i21 with current = ([%#soption11] (5 : Int32.t)) } ] s1 | s1 = -{resolve'0 i21}- s2 | s2 = promoted0__get_or_insert'0 (fun (pr0:t_Option'0) -> [ &_55 <- pr0 ] s3) | s3 = eq'0 {some} {_55} (fun (_ret':bool) -> [ &_50 <- _ret' ] s4) @@ -3335,22 +3486,22 @@ module M_option__get_or_insert [#"option.rs" 316 0 316 22] [ & _0 : () = any_l () | & none : t_Option'0 = any_l () | & some : t_Option'0 = any_l () - | & i1 : borrowed int32 = any_l () + | & i1 : borrowed Int32.t = any_l () | & _4 : borrowed (t_Option'0) = any_l () | & _6 : bool = any_l () | & _10 : bool = any_l () - | & i2 : borrowed int32 = any_l () + | & i2 : borrowed Int32.t = any_l () | & _16 : borrowed (t_Option'0) = any_l () | & _18 : bool = any_l () | & _22 : bool = any_l () | & _27 : t_Option'0 = any_l () | & _28 : t_Option'0 = any_l () - | & i11 : borrowed int32 = any_l () + | & i11 : borrowed Int32.t = any_l () | & _30 : borrowed (t_Option'0) = any_l () | & _31 : () = any_l () | & _33 : bool = any_l () | & _37 : bool = any_l () - | & i21 : borrowed int32 = any_l () + | & i21 : borrowed Int32.t = any_l () | & _43 : borrowed (t_Option'0) = any_l () | & _44 : () = any_l () | & _46 : bool = any_l () @@ -3371,11 +3522,13 @@ module M_option__take [#"option.rs" 350 0 350 13] let%span soption6 = "../../../creusot-contracts/src/std/option.rs" 31 0 423 1 let%span soption7 = "../../../creusot-contracts/src/std/option.rs" 51 26 51 51 + use prelude.prelude.Int + use prelude.prelude.Int32 type t_Option'0 = | C_None'0 - | C_Some'0 int32 + | C_Some'0 Int32.t use prelude.prelude.Borrow @@ -3401,13 +3554,13 @@ module M_option__take [#"option.rs" 350 0 350 13] let rec is_none'0 (self:t_Option'0) (return' (ret:bool))= {[@expl:is_none 'self' type invariant] inv'2 self} any [ return' (result:bool)-> {[%#soption7] result = (self = C_None'0)} (! return' {result}) ] - predicate inv'3 (_1 : int32) + predicate inv'3 (_1 : Int32.t) - axiom inv_axiom'3 [@rewrite] : forall x : int32 [inv'3 x] . inv'3 x = true + axiom inv_axiom'3 [@rewrite] : forall x : Int32.t [inv'3 x] . inv'3 x = true - let rec unwrap'0 (self:t_Option'0) (return' (ret:int32))= {[@expl:unwrap 'self' type invariant] inv'1 self} + let rec unwrap'0 (self:t_Option'0) (return' (ret:Int32.t))= {[@expl:unwrap 'self' type invariant] inv'1 self} {[@expl:unwrap requires] [%#soption6] self <> C_None'0} - any [ return' (result:int32)-> {inv'3 result} {[%#soption6] C_Some'0 result = self} (! return' {result}) ] + any [ return' (result:Int32.t)-> {inv'3 result} {[%#soption6] C_Some'0 result = self} (! return' {result}) ] use prelude.prelude.Intrinsic @@ -3416,7 +3569,7 @@ module M_option__take [#"option.rs" 350 0 350 13] let rec take'0 (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &none <- C_None'0 ] s1 - | s1 = [ &some <- C_Some'0 ([%#soption0] (1 : int32)) ] s2 + | s1 = [ &some <- C_Some'0 ([%#soption0] (1 : Int32.t)) ] s2 | s2 = Borrow.borrow_mut {none} (fun (_ret':borrowed (t_Option'0)) -> [ &_7 <- _ret' ] [ &none <- _ret'.final ] s3) | s3 = take'1 {_7} (fun (_ret':t_Option'0) -> [ &_6 <- _ret' ] s4) @@ -3432,9 +3585,9 @@ module M_option__take [#"option.rs" 350 0 350 13] | s1 = take'1 {_17} (fun (_ret':t_Option'0) -> [ &_16 <- _ret' ] s2) | s2 = bb8 ] - | bb8 = s0 [ s0 = unwrap'0 {_16} (fun (_ret':int32) -> [ &_15 <- _ret' ] s1) | s1 = bb9 ] + | bb8 = s0 [ s0 = unwrap'0 {_16} (fun (_ret':Int32.t) -> [ &_15 <- _ret' ] s1) | s1 = bb9 ] | bb9 = s0 - [ s0 = Int32.eq {_15} {[%#soption1] (1 : int32)} (fun (_ret':bool) -> [ &_14 <- _ret' ] s1) + [ s0 = Int32.eq {_15} {[%#soption1] (1 : Int32.t)} (fun (_ret':bool) -> [ &_14 <- _ret' ] s1) | s1 = any [ br0 -> {_14 = false} (! bb11) | br1 -> {_14} (! bb10) ] ] | bb10 = s0 [ s0 = is_none'0 {some} (fun (_ret':bool) -> [ &_20 <- _ret' ] s1) | s1 = bb12 ] @@ -3453,7 +3606,7 @@ module M_option__take [#"option.rs" 350 0 350 13] | & _7 : borrowed (t_Option'0) = any_l () | & _10 : bool = any_l () | & _14 : bool = any_l () - | & _15 : int32 = any_l () + | & _15 : Int32.t = any_l () | & _16 : t_Option'0 = any_l () | & _17 : borrowed (t_Option'0) = any_l () | & _20 : bool = any_l () ] @@ -3484,22 +3637,24 @@ module M_option__take_if [#"option.rs" 360 0 360 16] let%span soption21 = "../../../creusot-contracts/src/std/option.rs" 11 8 14 9 let%span snum22 = "../../../creusot-contracts/src/std/num.rs" 21 28 21 33 + use prelude.prelude.Int + use prelude.prelude.Int32 type t_Option'0 = | C_None'0 - | C_Some'0 int32 + | C_Some'0 Int32.t use prelude.prelude.Borrow - predicate resolve'1 (self : borrowed int32) = + predicate resolve'1 (self : borrowed Int32.t) = [%#sresolve20] self.final = self.current - predicate resolve'0 (_1 : borrowed int32) = + predicate resolve'0 (_1 : borrowed Int32.t) = resolve'1 _1 - let rec closure0'0 (_1:()) (_2:borrowed int32) (return' (ret:bool))= {[@expl:closure requires] [%#soption6] false} - (! bb0 [ bb0 = s0 [ s0 = -{resolve'0 _2}- s1 | s1 = {false} any ] ] ) [ & _2 : borrowed int32 = _2 ] + let rec closure0'0 (_1:()) (_2:borrowed Int32.t) (return' (ret:bool))= {[@expl:closure requires] [%#soption6] false} + (! bb0 [ bb0 = s0 [ s0 = -{resolve'0 _2}- s1 | s1 = {false} any ] ] ) [ & _2 : borrowed Int32.t = _2 ] [ return' (result:bool)-> (! return' {result}) ] @@ -3511,31 +3666,31 @@ module M_option__take_if [#"option.rs" 360 0 360 16] axiom inv_axiom'1 [@rewrite] : forall x : () [inv'1 x] . inv'1 x = true - predicate inv'2 (_1 : borrowed int32) + predicate inv'2 (_1 : borrowed Int32.t) - axiom inv_axiom'2 [@rewrite] : forall x : borrowed int32 [inv'2 x] . inv'2 x = true + axiom inv_axiom'2 [@rewrite] : forall x : borrowed Int32.t [inv'2 x] . inv'2 x = true - predicate precondition'0 (self : ()) (args : borrowed int32) = + predicate precondition'0 (self : ()) (args : borrowed Int32.t) = [%#soption6] let (_2) = args in false predicate inv'3 (_1 : t_Option'0) axiom inv_axiom'3 [@rewrite] : forall x : t_Option'0 [inv'3 x] . inv'3 x = true - predicate postcondition_once'0 (self : ()) (args : borrowed int32) (result : bool) = + predicate postcondition_once'0 (self : ()) (args : borrowed Int32.t) (result : bool) = let (_2) = args in true let rec take_if'1 (self:borrowed (t_Option'0)) (predicate':()) (return' (ret:t_Option'0))= {[@expl:take_if 'self' type invariant] inv'0 self} {[@expl:take_if 'predicate' type invariant] inv'1 predicate'} {[@expl:take_if requires] [%#soption7] match self.current with | C_None'0 -> true - | C_Some'0 t -> forall b : borrowed int32 . inv'2 b /\ b.current = t -> precondition'0 predicate' (b) + | C_Some'0 t -> forall b : borrowed Int32.t . inv'2 b /\ b.current = t -> precondition'0 predicate' (b) end} any [ return' (result:t_Option'0)-> {inv'3 result} {[%#soption8] match self.current with | C_None'0 -> result = C_None'0 /\ self.final = C_None'0 - | C_Some'0 cur -> exists b : borrowed int32, res : bool . inv'2 b + | C_Some'0 cur -> exists b : borrowed Int32.t, res : bool . inv'2 b /\ cur = b.current /\ postcondition_once'0 predicate' (b) res /\ (if res then @@ -3559,15 +3714,13 @@ module M_option__take_if [#"option.rs" 360 0 360 16] axiom inv_axiom'4 [@rewrite] : forall x : t_Option'0 [inv'4 x] . inv'4 x = true - use prelude.prelude.Int - type t_Option'1 = | C_None'1 | C_Some'1 int use prelude.prelude.Int32 - function deep_model'2 (self : int32) : int = + function deep_model'2 (self : Int32.t) : int = [%#snum22] Int32.to_int self function deep_model'1 (self : t_Option'0) : t_Option'1 = @@ -3585,16 +3738,16 @@ module M_option__take_if [#"option.rs" 360 0 360 16] [ return' (result:bool)-> {[%#soption9] result = (deep_model'0 self = deep_model'0 other)} (! return' {result}) ] - let rec closure1'0 (_1:()) (x:borrowed int32) (return' (ret:bool))= (! bb0 + let rec closure1'0 (_1:()) (x:borrowed Int32.t) (return' (ret:bool))= (! bb0 [ bb0 = s0 [ s0 = -{resolve'0 x}- s1 - | s1 = Int32.eq {x.current} {[%#soption10] (2 : int32)} (fun (_ret':bool) -> [ &res1 <- _ret' ] s2) + | s1 = Int32.eq {x.current} {[%#soption10] (2 : Int32.t)} (fun (_ret':bool) -> [ &res1 <- _ret' ] s2) | s2 = [ &res <- res1 ] s3 | s3 = [ &_0 <- res ] s4 | s4 = return' {_0} ] ] - ) [ & _0 : bool = any_l () | & x : borrowed int32 = x | & res : bool = any_l () | & res1 : bool = any_l () ] - [ return' (result:bool)-> {[@expl:closure ensures #0] [%#soption11] result = (x.current = (2 : int32))} + ) [ & _0 : bool = any_l () | & x : borrowed Int32.t = x | & res : bool = any_l () | & res1 : bool = any_l () ] + [ return' (result:bool)-> {[@expl:closure ensures #0] [%#soption11] result = (x.current = (2 : Int32.t))} {[@expl:closure ensures #1] [%#soption12] x.current = x.final} (! return' {result}) ] @@ -3603,23 +3756,23 @@ module M_option__take_if [#"option.rs" 360 0 360 16] axiom inv_axiom'5 [@rewrite] : forall x : () [inv'5 x] . inv'5 x = true - predicate precondition'1 (self : ()) (args : borrowed int32) = + predicate precondition'1 (self : ()) (args : borrowed Int32.t) = let (x) = args in true - predicate postcondition_once'1 (self : ()) (args : borrowed int32) (result : bool) = - let (x) = args in x.current = x.final /\ result = (x.current = (2 : int32)) + predicate postcondition_once'1 (self : ()) (args : borrowed Int32.t) (result : bool) = + let (x) = args in x.current = x.final /\ result = (x.current = (2 : Int32.t)) let rec take_if'2 (self:borrowed (t_Option'0)) (predicate':()) (return' (ret:t_Option'0))= {[@expl:take_if 'self' type invariant] inv'0 self} {[@expl:take_if 'predicate' type invariant] inv'5 predicate'} {[@expl:take_if requires] [%#soption7] match self.current with | C_None'0 -> true - | C_Some'0 t -> forall b : borrowed int32 . inv'2 b /\ b.current = t -> precondition'1 predicate' (b) + | C_Some'0 t -> forall b : borrowed Int32.t . inv'2 b /\ b.current = t -> precondition'1 predicate' (b) end} any [ return' (result:t_Option'0)-> {inv'3 result} {[%#soption8] match self.current with | C_None'0 -> result = C_None'0 /\ self.final = C_None'0 - | C_Some'0 cur -> exists b : borrowed int32, res : bool . inv'2 b + | C_Some'0 cur -> exists b : borrowed Int32.t, res : bool . inv'2 b /\ cur = b.current /\ postcondition_once'1 predicate' (b) res /\ (if res then @@ -3639,16 +3792,16 @@ module M_option__take_if [#"option.rs" 360 0 360 16] let rec promoted2__take_if'0 (return' (ret:t_Option'0))= bb0 [ bb0 = s0 - [ s0 = [ &_1 <- C_Some'0 ([%#soption13] (1 : int32)) ] s1 | s1 = [ &_0 <- _1 ] s2 | s2 = return' {_0} ] + [ s0 = [ &_1 <- C_Some'0 ([%#soption13] (1 : Int32.t)) ] s1 | s1 = [ &_0 <- _1 ] s2 | s2 = return' {_0} ] ] [ & _0 : t_Option'0 = any_l () | & _1 : t_Option'0 = any_l () ] [ return' (result:t_Option'0)-> return' {result} ] - let rec closure2'0 (_1:()) (x:borrowed int32) (return' (ret:bool))= (! bb0 + let rec closure2'0 (_1:()) (x:borrowed Int32.t) (return' (ret:bool))= (! bb0 [ bb0 = s0 - [ s0 = Int32.eq {x.current} {[%#soption14] (1 : int32)} (fun (_ret':bool) -> [ &res2 <- _ret' ] s1) - | s1 = [ &x <- { x with current = ([%#soption15] (3 : int32)) } ] s2 + [ s0 = Int32.eq {x.current} {[%#soption14] (1 : Int32.t)} (fun (_ret':bool) -> [ &res2 <- _ret' ] s1) + | s1 = [ &x <- { x with current = ([%#soption15] (3 : Int32.t)) } ] s2 | s2 = -{resolve'0 x}- s3 | s3 = [ &res1 <- res2 ] s4 | s4 = [ &res <- res1 ] s5 @@ -3657,13 +3810,13 @@ module M_option__take_if [#"option.rs" 360 0 360 16] ] ) [ & _0 : bool = any_l () - | & x : borrowed int32 = x + | & x : borrowed Int32.t = x | & res : bool = any_l () | & res1 : bool = any_l () | & res2 : bool = any_l () ] - [ return' (result:bool)-> {[@expl:closure ensures #0] [%#soption16] result = (x.current = (1 : int32))} - {[@expl:closure ensures #1] [%#soption17] x.final = (3 : int32)} + [ return' (result:bool)-> {[@expl:closure ensures #0] [%#soption16] result = (x.current = (1 : Int32.t))} + {[@expl:closure ensures #1] [%#soption17] x.final = (3 : Int32.t)} (! return' {result}) ] @@ -3671,23 +3824,23 @@ module M_option__take_if [#"option.rs" 360 0 360 16] axiom inv_axiom'6 [@rewrite] : forall x : () [inv'6 x] . inv'6 x = true - predicate precondition'2 (self : ()) (args : borrowed int32) = + predicate precondition'2 (self : ()) (args : borrowed Int32.t) = let (x) = args in true - predicate postcondition_once'2 (self : ()) (args : borrowed int32) (result : bool) = - let (x) = args in x.final = (3 : int32) /\ result = (x.current = (1 : int32)) + predicate postcondition_once'2 (self : ()) (args : borrowed Int32.t) (result : bool) = + let (x) = args in x.final = (3 : Int32.t) /\ result = (x.current = (1 : Int32.t)) let rec take_if'3 (self:borrowed (t_Option'0)) (predicate':()) (return' (ret:t_Option'0))= {[@expl:take_if 'self' type invariant] inv'0 self} {[@expl:take_if 'predicate' type invariant] inv'6 predicate'} {[@expl:take_if requires] [%#soption7] match self.current with | C_None'0 -> true - | C_Some'0 t -> forall b : borrowed int32 . inv'2 b /\ b.current = t -> precondition'2 predicate' (b) + | C_Some'0 t -> forall b : borrowed Int32.t . inv'2 b /\ b.current = t -> precondition'2 predicate' (b) end} any [ return' (result:t_Option'0)-> {inv'3 result} {[%#soption8] match self.current with | C_None'0 -> result = C_None'0 /\ self.final = C_None'0 - | C_Some'0 cur -> exists b : borrowed int32, res : bool . inv'2 b + | C_Some'0 cur -> exists b : borrowed Int32.t, res : bool . inv'2 b /\ cur = b.current /\ postcondition_once'2 predicate' (b) res /\ (if res then @@ -3701,7 +3854,7 @@ module M_option__take_if [#"option.rs" 360 0 360 16] let rec promoted1__take_if'0 (return' (ret:t_Option'0))= bb0 [ bb0 = s0 - [ s0 = [ &_1 <- C_Some'0 ([%#soption18] (3 : int32)) ] s1 | s1 = [ &_0 <- _1 ] s2 | s2 = return' {_0} ] + [ s0 = [ &_1 <- C_Some'0 ([%#soption18] (3 : Int32.t)) ] s1 | s1 = [ &_0 <- _1 ] s2 | s2 = return' {_0} ] ] [ & _0 : t_Option'0 = any_l () | & _1 : t_Option'0 = any_l () ] [ return' (result:t_Option'0)-> return' {result} ] @@ -3718,7 +3871,7 @@ module M_option__take_if [#"option.rs" 360 0 360 16] let rec take_if'0 (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &none <- C_None'0 ] s1 - | s1 = [ &some <- C_Some'0 ([%#soption0] (1 : int32)) ] s2 + | s1 = [ &some <- C_Some'0 ([%#soption0] (1 : Int32.t)) ] s2 | s2 = Borrow.borrow_mut {none} (fun (_ret':borrowed (t_Option'0)) -> [ &_7 <- _ret' ] [ &none <- _ret'.final ] s3) | s3 = [ &_8 <- () ] s4 @@ -3822,11 +3975,13 @@ module M_option__copied_cloned [#"option.rs" 392 0 392 22] let%span soption18 = "../../../creusot-contracts/src/std/option.rs" 64 20 65 100 let%span sresolve19 = "../../../creusot-contracts/src/resolve.rs" 54 20 54 34 + use prelude.prelude.Int + use prelude.prelude.Int32 type t_Option'1 = | C_None'0 - | C_Some'0 int32 + | C_Some'0 Int32.t use prelude.prelude.Borrow @@ -3836,7 +3991,7 @@ module M_option__copied_cloned [#"option.rs" 392 0 392 22] type t_Option'0 = | C_None'1 - | C_Some'1 int32 + | C_Some'1 Int32.t predicate inv'1 (_1 : t_Option'0) @@ -3846,7 +4001,7 @@ module M_option__copied_cloned [#"option.rs" 392 0 392 22] any [ return' (result:t_Option'0)-> {inv'1 result} {[%#soption13] self = C_None'0 -> result = C_None'1} - {[%#soption14] self = C_None'0 \/ (exists r : int32 . result = C_Some'1 r /\ self = C_Some'0 r)} + {[%#soption14] self = C_None'0 \/ (exists r : Int32.t . result = C_Some'1 r /\ self = C_Some'0 r)} (! return' {result}) ] @@ -3858,20 +4013,20 @@ module M_option__copied_cloned [#"option.rs" 392 0 392 22] any [ return' (result:t_Option'1)-> {inv'2 result} {[%#soption15] self = C_None'1 -> result = C_None'0} - {[%#soption15] self = C_None'1 \/ (exists t : int32 . self = C_Some'1 t /\ result = C_Some'0 t)} + {[%#soption15] self = C_None'1 \/ (exists t : Int32.t . self = C_Some'1 t /\ result = C_Some'0 t)} (! return' {result}) ] let rec is_none'0 (self:t_Option'1) (return' (ret:bool))= {[@expl:is_none 'self' type invariant] inv'0 self} any [ return' (result:bool)-> {[%#soption16] result = (self = C_None'0)} (! return' {result}) ] - predicate inv'3 (_1 : int32) + predicate inv'3 (_1 : Int32.t) - axiom inv_axiom'3 [@rewrite] : forall x : int32 [inv'3 x] . inv'3 x = true + axiom inv_axiom'3 [@rewrite] : forall x : Int32.t [inv'3 x] . inv'3 x = true - let rec unwrap'0 (self:t_Option'1) (return' (ret:int32))= {[@expl:unwrap 'self' type invariant] inv'2 self} + let rec unwrap'0 (self:t_Option'1) (return' (ret:Int32.t))= {[@expl:unwrap 'self' type invariant] inv'2 self} {[@expl:unwrap requires] [%#soption15] self <> C_None'0} - any [ return' (result:int32)-> {inv'3 result} {[%#soption15] C_Some'0 result = self} (! return' {result}) ] + any [ return' (result:Int32.t)-> {inv'3 result} {[%#soption15] C_Some'0 result = self} (! return' {result}) ] predicate inv'4 (_1 : borrowed (t_Option'1)) @@ -3879,7 +4034,7 @@ module M_option__copied_cloned [#"option.rs" 392 0 392 22] type t_Option'2 = | C_None'2 - | C_Some'2 (borrowed int32) + | C_Some'2 (borrowed Int32.t) predicate inv'5 (_1 : t_Option'2) @@ -3890,12 +4045,12 @@ module M_option__copied_cloned [#"option.rs" 392 0 392 22] [ return' (result:t_Option'2)-> {inv'5 result} {[%#soption17] self.current = C_None'0 -> result = C_None'2 /\ self.final = C_None'0} {[%#soption18] self.current = C_None'0 - \/ (exists r : borrowed int32 . result = C_Some'2 r + \/ (exists r : borrowed Int32.t . result = C_Some'2 r /\ self.current = C_Some'0 (r.current) /\ self.final = C_Some'0 (r.final))} (! return' {result}) ] - predicate resolve'0 (self : borrowed int32) = + predicate resolve'0 (self : borrowed Int32.t) = [%#sresolve19] self.final = self.current let rec copied'1 (self:t_Option'2) (return' (ret:t_Option'1))= {[@expl:copied 'self' type invariant] inv'5 self} @@ -3903,7 +4058,7 @@ module M_option__copied_cloned [#"option.rs" 392 0 392 22] [ return' (result:t_Option'1)-> {inv'2 result} {[%#soption15] self = C_None'2 -> result = C_None'0} {[%#soption15] self = C_None'2 - \/ (exists t : borrowed int32 . self = C_Some'2 t /\ result = C_Some'0 (t.current) /\ resolve'0 t)} + \/ (exists t : borrowed Int32.t . self = C_Some'2 t /\ result = C_Some'0 (t.current) /\ resolve'0 t)} (! return' {result}) ] @@ -3911,7 +4066,7 @@ module M_option__copied_cloned [#"option.rs" 392 0 392 22] any [ return' (result:t_Option'1)-> {inv'2 result} {[%#soption15] self = C_None'1 -> result = C_None'0} - {[%#soption15] self = C_None'1 \/ (exists t : int32 . self = C_Some'1 t /\ result = C_Some'0 t)} + {[%#soption15] self = C_None'1 \/ (exists t : Int32.t . self = C_Some'1 t /\ result = C_Some'0 t)} (! return' {result}) ] @@ -3920,7 +4075,7 @@ module M_option__copied_cloned [#"option.rs" 392 0 392 22] [ return' (result:t_Option'1)-> {inv'2 result} {[%#soption15] self = C_None'2 -> result = C_None'0} {[%#soption15] self = C_None'2 - \/ (exists t : borrowed int32 . self = C_Some'2 t /\ result = C_Some'0 (t.current) /\ resolve'0 t)} + \/ (exists t : borrowed Int32.t . self = C_Some'2 t /\ result = C_Some'0 (t.current) /\ resolve'0 t)} (! return' {result}) ] @@ -3931,7 +4086,7 @@ module M_option__copied_cloned [#"option.rs" 392 0 392 22] let rec copied_cloned'0 (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &none <- C_None'0 ] s1 - | s1 = [ &some <- C_Some'0 ([%#soption0] (1 : int32)) ] s2 + | s1 = [ &some <- C_Some'0 ([%#soption0] (1 : Int32.t)) ] s2 | s2 = as_ref'0 {none} (fun (_ret':t_Option'0) -> [ &_7 <- _ret' ] s3) | s3 = bb1 ] @@ -3940,9 +4095,9 @@ module M_option__copied_cloned [#"option.rs" 392 0 392 22] | bb3 = any [ br0 -> {_4 = false} (! bb5) | br1 -> {_4} (! bb4) ] | bb4 = s0 [ s0 = as_ref'0 {some} (fun (_ret':t_Option'0) -> [ &_14 <- _ret' ] s1) | s1 = bb6 ] | bb6 = s0 [ s0 = copied'0 {_14} (fun (_ret':t_Option'1) -> [ &_13 <- _ret' ] s1) | s1 = bb7 ] - | bb7 = s0 [ s0 = unwrap'0 {_13} (fun (_ret':int32) -> [ &_12 <- _ret' ] s1) | s1 = bb8 ] + | bb7 = s0 [ s0 = unwrap'0 {_13} (fun (_ret':Int32.t) -> [ &_12 <- _ret' ] s1) | s1 = bb8 ] | bb8 = s0 - [ s0 = Int32.eq {_12} {[%#soption1] (1 : int32)} (fun (_ret':bool) -> [ &_11 <- _ret' ] s1) + [ s0 = Int32.eq {_12} {[%#soption1] (1 : Int32.t)} (fun (_ret':bool) -> [ &_11 <- _ret' ] s1) | s1 = any [ br0 -> {_11 = false} (! bb10) | br1 -> {_11} (! bb9) ] ] | bb9 = s0 @@ -3961,9 +4116,9 @@ module M_option__copied_cloned [#"option.rs" 392 0 392 22] | s2 = bb16 ] | bb16 = s0 [ s0 = copied'1 {_28} (fun (_ret':t_Option'1) -> [ &_27 <- _ret' ] s1) | s1 = bb17 ] - | bb17 = s0 [ s0 = unwrap'0 {_27} (fun (_ret':int32) -> [ &_26 <- _ret' ] s1) | s1 = bb18 ] + | bb17 = s0 [ s0 = unwrap'0 {_27} (fun (_ret':Int32.t) -> [ &_26 <- _ret' ] s1) | s1 = bb18 ] | bb18 = s0 - [ s0 = Int32.eq {_26} {[%#soption2] (1 : int32)} (fun (_ret':bool) -> [ &_25 <- _ret' ] s1) + [ s0 = Int32.eq {_26} {[%#soption2] (1 : Int32.t)} (fun (_ret':bool) -> [ &_25 <- _ret' ] s1) | s1 = any [ br0 -> {_25 = false} (! bb20) | br1 -> {_25} (! bb19) ] ] | bb19 = s0 [ s0 = as_ref'0 {none} (fun (_ret':t_Option'0) -> [ &_35 <- _ret' ] s1) | s1 = bb21 ] @@ -3972,9 +4127,9 @@ module M_option__copied_cloned [#"option.rs" 392 0 392 22] | bb23 = any [ br0 -> {_32 = false} (! bb25) | br1 -> {_32} (! bb24) ] | bb24 = s0 [ s0 = as_ref'0 {some} (fun (_ret':t_Option'0) -> [ &_42 <- _ret' ] s1) | s1 = bb26 ] | bb26 = s0 [ s0 = cloned'0 {_42} (fun (_ret':t_Option'1) -> [ &_41 <- _ret' ] s1) | s1 = bb27 ] - | bb27 = s0 [ s0 = unwrap'0 {_41} (fun (_ret':int32) -> [ &_40 <- _ret' ] s1) | s1 = bb28 ] + | bb27 = s0 [ s0 = unwrap'0 {_41} (fun (_ret':Int32.t) -> [ &_40 <- _ret' ] s1) | s1 = bb28 ] | bb28 = s0 - [ s0 = Int32.eq {_40} {[%#soption3] (1 : int32)} (fun (_ret':bool) -> [ &_39 <- _ret' ] s1) + [ s0 = Int32.eq {_40} {[%#soption3] (1 : Int32.t)} (fun (_ret':bool) -> [ &_39 <- _ret' ] s1) | s1 = any [ br0 -> {_39 = false} (! bb30) | br1 -> {_39} (! bb29) ] ] | bb29 = s0 @@ -3993,9 +4148,9 @@ module M_option__copied_cloned [#"option.rs" 392 0 392 22] | s2 = bb36 ] | bb36 = s0 [ s0 = cloned'1 {_56} (fun (_ret':t_Option'1) -> [ &_55 <- _ret' ] s1) | s1 = bb37 ] - | bb37 = s0 [ s0 = unwrap'0 {_55} (fun (_ret':int32) -> [ &_54 <- _ret' ] s1) | s1 = bb38 ] + | bb37 = s0 [ s0 = unwrap'0 {_55} (fun (_ret':Int32.t) -> [ &_54 <- _ret' ] s1) | s1 = bb38 ] | bb38 = s0 - [ s0 = Int32.eq {_54} {[%#soption4] (1 : int32)} (fun (_ret':bool) -> [ &_53 <- _ret' ] s1) + [ s0 = Int32.eq {_54} {[%#soption4] (1 : Int32.t)} (fun (_ret':bool) -> [ &_53 <- _ret' ] s1) | s1 = any [ br0 -> {_53 = false} (! bb40) | br1 -> {_53} (! bb39) ] ] | bb39 = return' {_0} @@ -4015,7 +4170,7 @@ module M_option__copied_cloned [#"option.rs" 392 0 392 22] | & _6 : t_Option'1 = any_l () | & _7 : t_Option'0 = any_l () | & _11 : bool = any_l () - | & _12 : int32 = any_l () + | & _12 : Int32.t = any_l () | & _13 : t_Option'1 = any_l () | & _14 : t_Option'0 = any_l () | & _18 : bool = any_l () @@ -4023,7 +4178,7 @@ module M_option__copied_cloned [#"option.rs" 392 0 392 22] | & _21 : t_Option'2 = any_l () | & _22 : borrowed (t_Option'1) = any_l () | & _25 : bool = any_l () - | & _26 : int32 = any_l () + | & _26 : Int32.t = any_l () | & _27 : t_Option'1 = any_l () | & _28 : t_Option'2 = any_l () | & _29 : borrowed (t_Option'1) = any_l () @@ -4031,7 +4186,7 @@ module M_option__copied_cloned [#"option.rs" 392 0 392 22] | & _34 : t_Option'1 = any_l () | & _35 : t_Option'0 = any_l () | & _39 : bool = any_l () - | & _40 : int32 = any_l () + | & _40 : Int32.t = any_l () | & _41 : t_Option'1 = any_l () | & _42 : t_Option'0 = any_l () | & _46 : bool = any_l () @@ -4039,7 +4194,7 @@ module M_option__copied_cloned [#"option.rs" 392 0 392 22] | & _49 : t_Option'2 = any_l () | & _50 : borrowed (t_Option'1) = any_l () | & _53 : bool = any_l () - | & _54 : int32 = any_l () + | & _54 : Int32.t = any_l () | & _55 : t_Option'1 = any_l () | & _56 : t_Option'2 = any_l () | & _57 : borrowed (t_Option'1) = any_l () ] @@ -4072,11 +4227,13 @@ module M_option__zip_unzip [#"option.rs" 408 0 408 18] let%span snum23 = "../../../creusot-contracts/src/std/num.rs" 21 28 21 33 let%span smodel24 = "../../../creusot-contracts/src/model.rs" 116 8 116 12 + use prelude.prelude.Int + use prelude.prelude.Int32 type t_Option'1 = | C_None'0 - | C_Some'0 int32 + | C_Some'0 Int32.t type t_Option'2 = | C_None'1 @@ -4092,7 +4249,7 @@ module M_option__zip_unzip [#"option.rs" 408 0 408 18] type t_Option'0 = | C_None'2 - | C_Some'2 (int32, bool) + | C_Some'2 (Int32.t, bool) predicate inv'2 (_1 : t_Option'0) @@ -4109,7 +4266,7 @@ module M_option__zip_unzip [#"option.rs" 408 0 408 18] | C_None'1 -> true end - predicate resolve'3 (_1 : int32) = + predicate resolve'3 (_1 : Int32.t) = true predicate resolve'1 (self : t_Option'1) = @@ -4142,21 +4299,19 @@ module M_option__zip_unzip [#"option.rs" 408 0 408 18] axiom inv_axiom'3 [@rewrite] : forall x : t_Option'0 [inv'3 x] . inv'3 x = true - use prelude.prelude.Int - type t_Option'3 = | C_None'3 | C_Some'3 (int, bool) use prelude.prelude.Int32 - function deep_model'7 (self : int32) : int = + function deep_model'7 (self : Int32.t) : int = [%#snum23] Int32.to_int self function deep_model'8 (self : bool) : bool = [%#smodel24] self - function deep_model'6 (self : (int32, bool)) : (int, bool) = + function deep_model'6 (self : (Int32.t, bool)) : (int, bool) = [%#stuples22] (deep_model'7 (let (a, _) = self in a), deep_model'8 (let (_, a) = self in a)) function deep_model'3 (self : t_Option'0) : t_Option'3 = @@ -4188,12 +4343,12 @@ module M_option__zip_unzip [#"option.rs" 408 0 408 18] let rec promoted4__zip_unzip'0 (return' (ret:t_Option'0))= bb0 [ bb0 = s0 - [ s0 = [ &_2 <- (([%#soption14] (1 : int32)), ([%#soption15] true)) ] s1 + [ s0 = [ &_2 <- (([%#soption14] (1 : Int32.t)), ([%#soption15] true)) ] s1 | s1 = [ &_1 <- C_Some'2 _2 ] s2 | s2 = [ &_0 <- _1 ] s3 | s3 = return' {_0} ] ] - [ & _0 : t_Option'0 = any_l () | & _1 : t_Option'0 = any_l () | & _2 : (int32, bool) = any_l () ] + [ & _0 : t_Option'0 = any_l () | & _1 : t_Option'0 = any_l () | & _2 : (Int32.t, bool) = any_l () ] [ return' (result:t_Option'0)-> return' {result} ] @@ -4267,7 +4422,7 @@ module M_option__zip_unzip [#"option.rs" 408 0 408 18] let rec promoted1__zip_unzip'0 (return' (ret:t_Option'1))= bb0 [ bb0 = s0 - [ s0 = [ &_1 <- C_Some'0 ([%#soption17] (1 : int32)) ] s1 | s1 = [ &_0 <- _1 ] s2 | s2 = return' {_0} ] + [ s0 = [ &_1 <- C_Some'0 ([%#soption17] (1 : Int32.t)) ] s1 | s1 = [ &_0 <- _1 ] s2 | s2 = return' {_0} ] ] [ & _0 : t_Option'1 = any_l () | & _1 : t_Option'1 = any_l () ] [ return' (result:t_Option'1)-> return' {result} ] @@ -4285,7 +4440,7 @@ module M_option__zip_unzip [#"option.rs" 408 0 408 18] [ bb0 = s0 [ s0 = [ &none_int <- C_None'0 ] s1 | s1 = [ &none_bool <- C_None'1 ] s2 - | s2 = [ &some_int <- C_Some'0 ([%#soption0] (1 : int32)) ] s3 + | s2 = [ &some_int <- C_Some'0 ([%#soption0] (1 : Int32.t)) ] s3 | s3 = [ &some_bool <- C_Some'1 ([%#soption1] true) ] s4 | s4 = zip'0 {none_int} {none_bool} (fun (_ret':t_Option'0) -> [ &_8 <- _ret' ] s5) | s5 = bb1 ] @@ -4319,7 +4474,7 @@ module M_option__zip_unzip [#"option.rs" 408 0 408 18] | bb14 = any [ br0 -> {_33 = false} (! bb16) | br1 -> {_33} (! bb15) ] | bb15 = s0 [ s0 = [ &none_zipped <- C_None'2 ] s1 - | s1 = [ &_44 <- (([%#soption2] (1 : int32)), ([%#soption3] true)) ] s2 + | s1 = [ &_44 <- (([%#soption2] (1 : Int32.t)), ([%#soption3] true)) ] s2 | s2 = [ &some_zipped <- C_Some'2 _44 ] s3 | s3 = unzip'0 {none_zipped} (fun (_ret':(t_Option'1, t_Option'2)) -> [ &none_unzip <- _ret' ] s4) | s4 = bb17 ] @@ -4376,7 +4531,7 @@ module M_option__zip_unzip [#"option.rs" 408 0 408 18] | & _35 : t_Option'0 = any_l () | & none_zipped : t_Option'0 = any_l () | & some_zipped : t_Option'0 = any_l () - | & _44 : (int32, bool) = any_l () + | & _44 : (Int32.t, bool) = any_l () | & none_unzip : (t_Option'1, t_Option'2) = any_l () | & some_unzip : (t_Option'1, t_Option'2) = any_l () | & _50 : bool = any_l () @@ -4410,10 +4565,12 @@ module M_option__transpose [#"option.rs" 430 0 430 18] let%span soption13 = "../../../creusot-contracts/src/std/option.rs" 11 8 14 9 let%span snum14 = "../../../creusot-contracts/src/std/num.rs" 21 28 21 33 + use prelude.prelude.Int + use prelude.prelude.Int32 type t_Result'1 = - | C_Ok'0 int32 + | C_Ok'0 Int32.t | C_Err'0 bool type t_Option'1 = @@ -4426,7 +4583,7 @@ module M_option__transpose [#"option.rs" 430 0 430 18] type t_Option'0 = | C_None'1 - | C_Some'1 int32 + | C_Some'1 Int32.t type t_Result'0 = | C_Ok'1 (t_Option'0) @@ -4469,15 +4626,13 @@ module M_option__transpose [#"option.rs" 430 0 430 18] axiom inv_axiom'3 [@rewrite] : forall x : t_Option'0 [inv'3 x] . inv'3 x = true - use prelude.prelude.Int - type t_Option'2 = | C_None'2 | C_Some'2 int use prelude.prelude.Int32 - function deep_model'2 (self : int32) : int = + function deep_model'2 (self : Int32.t) : int = [%#snum14] Int32.to_int self function deep_model'1 (self : t_Option'0) : t_Option'2 = @@ -4497,7 +4652,7 @@ module M_option__transpose [#"option.rs" 430 0 430 18] let rec promoted0__transpose'0 (return' (ret:t_Option'0))= bb0 [ bb0 = s0 - [ s0 = [ &_1 <- C_Some'1 ([%#soption10] (1 : int32)) ] s1 | s1 = [ &_0 <- _1 ] s2 | s2 = return' {_0} ] + [ s0 = [ &_1 <- C_Some'1 ([%#soption10] (1 : Int32.t)) ] s1 | s1 = [ &_0 <- _1 ] s2 | s2 = return' {_0} ] ] [ & _0 : t_Option'0 = any_l () | & _1 : t_Option'0 = any_l () ] [ return' (result:t_Option'0)-> return' {result} ] @@ -4518,7 +4673,7 @@ module M_option__transpose [#"option.rs" 430 0 430 18] let rec transpose'0 (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &none <- C_None'0 ] s1 - | s1 = [ &_3 <- C_Ok'0 ([%#soption0] (1 : int32)) ] s2 + | s1 = [ &_3 <- C_Ok'0 ([%#soption0] (1 : Int32.t)) ] s2 | s2 = [ &some_ok <- C_Some'0 _3 ] s3 | s3 = [ &_5 <- C_Err'0 ([%#soption1] true) ] s4 | s4 = [ &some_err <- C_Some'0 _5 ] s5 @@ -4579,11 +4734,13 @@ module M_option__flatten [#"option.rs" 440 0 440 16] let%span soption5 = "../../../creusot-contracts/src/std/option.rs" 31 0 423 1 let%span soption6 = "../../../creusot-contracts/src/std/option.rs" 51 26 51 51 + use prelude.prelude.Int + use prelude.prelude.Int32 type t_Option'0 = | C_None'1 - | C_Some'1 int32 + | C_Some'1 Int32.t type t_Option'1 = | C_None'0 @@ -4614,13 +4771,13 @@ module M_option__flatten [#"option.rs" 440 0 440 16] let rec is_none'0 (self:t_Option'0) (return' (ret:bool))= {[@expl:is_none 'self' type invariant] inv'2 self} any [ return' (result:bool)-> {[%#soption6] result = (self = C_None'1)} (! return' {result}) ] - predicate inv'3 (_1 : int32) + predicate inv'3 (_1 : Int32.t) - axiom inv_axiom'3 [@rewrite] : forall x : int32 [inv'3 x] . inv'3 x = true + axiom inv_axiom'3 [@rewrite] : forall x : Int32.t [inv'3 x] . inv'3 x = true - let rec unwrap'0 (self:t_Option'0) (return' (ret:int32))= {[@expl:unwrap 'self' type invariant] inv'1 self} + let rec unwrap'0 (self:t_Option'0) (return' (ret:Int32.t))= {[@expl:unwrap 'self' type invariant] inv'1 self} {[@expl:unwrap requires] [%#soption5] self <> C_None'1} - any [ return' (result:int32)-> {inv'3 result} {[%#soption5] C_Some'1 result = self} (! return' {result}) ] + any [ return' (result:Int32.t)-> {inv'3 result} {[%#soption5] C_Some'1 result = self} (! return' {result}) ] use prelude.prelude.Intrinsic @@ -4643,14 +4800,14 @@ module M_option__flatten [#"option.rs" 440 0 440 16] | bb5 = s0 [ s0 = is_none'0 {_13} (fun (_ret':bool) -> [ &_11 <- _ret' ] s1) | s1 = bb6 ] | bb6 = any [ br0 -> {_11 = false} (! bb8) | br1 -> {_11} (! bb7) ] | bb7 = s0 - [ s0 = [ &_17 <- C_Some'1 ([%#soption0] (1 : int32)) ] s1 + [ s0 = [ &_17 <- C_Some'1 ([%#soption0] (1 : Int32.t)) ] s1 | s1 = [ &opt2 <- C_Some'0 _17 ] s2 | s2 = flatten'1 {opt2} (fun (_ret':t_Option'0) -> [ &_21 <- _ret' ] s3) | s3 = bb9 ] - | bb9 = s0 [ s0 = unwrap'0 {_21} (fun (_ret':int32) -> [ &_20 <- _ret' ] s1) | s1 = bb10 ] + | bb9 = s0 [ s0 = unwrap'0 {_21} (fun (_ret':Int32.t) -> [ &_20 <- _ret' ] s1) | s1 = bb10 ] | bb10 = s0 - [ s0 = Int32.eq {_20} {[%#soption1] (1 : int32)} (fun (_ret':bool) -> [ &_19 <- _ret' ] s1) + [ s0 = Int32.eq {_20} {[%#soption1] (1 : Int32.t)} (fun (_ret':bool) -> [ &_19 <- _ret' ] s1) | s1 = any [ br0 -> {_19 = false} (! bb12) | br1 -> {_19} (! bb11) ] ] | bb11 = return' {_0} @@ -4669,7 +4826,7 @@ module M_option__flatten [#"option.rs" 440 0 440 16] | & opt2 : t_Option'1 = any_l () | & _17 : t_Option'0 = any_l () | & _19 : bool = any_l () - | & _20 : int32 = any_l () + | & _20 : Int32.t = any_l () | & _21 : t_Option'0 = any_l () ] [ return' (result:())-> (! return' {result}) ] end @@ -4733,30 +4890,32 @@ module M_option__resolve [#"option.rs" 449 0 449 16] let%span sresolve56 = "../../../creusot-contracts/src/resolve.rs" 54 20 54 34 let%span sresolve57 = "../../../creusot-contracts/src/resolve.rs" 40 8 40 44 + use prelude.prelude.Int + use prelude.prelude.Int32 use prelude.prelude.Borrow type t_Option'1 = | C_None'1 - | C_Some'0 (borrowed int32) + | C_Some'0 (borrowed Int32.t) - predicate resolve'6 (self : borrowed int32) = + predicate resolve'6 (self : borrowed Int32.t) = [%#sresolve56] self.final = self.current - predicate resolve'2 (_1 : borrowed int32) = + predicate resolve'2 (_1 : borrowed Int32.t) = resolve'6 _1 use prelude.prelude.Intrinsic - let rec closure0'0 (_1:()) (_2:borrowed int32) (return' (ret:bool))= (! bb0 + let rec closure0'0 (_1:()) (_2:borrowed Int32.t) (return' (ret:bool))= (! bb0 [ bb0 = s0 [ s0 = -{resolve'2 _2}- s1 | s1 = [ &res <- [%#soption41] true ] s2 | s2 = [ &_0 <- res ] s3 | s3 = return' {_0} ] ] - ) [ & _0 : bool = any_l () | & _2 : borrowed int32 = _2 | & res : bool = any_l () ] + ) [ & _0 : bool = any_l () | & _2 : borrowed Int32.t = _2 | & res : bool = any_l () ] [ return' (result:bool)-> {[@expl:closure ensures] [%#soption42] result} (! return' {result}) ] @@ -4768,10 +4927,10 @@ module M_option__resolve [#"option.rs" 449 0 449 16] axiom inv_axiom'1 [@rewrite] : forall x : () [inv'1 x] . inv'1 x = true - predicate precondition'0 (self : ()) (args : borrowed int32) = + predicate precondition'0 (self : ()) (args : borrowed Int32.t) = let (_2) = args in true - predicate postcondition_once'0 (self : ()) (args : borrowed int32) (result : bool) = + predicate postcondition_once'0 (self : ()) (args : borrowed Int32.t) (result : bool) = [%#soption42] let (_2) = args in result let rec is_some_and'0 (self:t_Option'1) (f:()) (return' (ret:bool))= {[@expl:is_some_and 'self' type invariant] inv'0 self} @@ -4790,7 +4949,7 @@ module M_option__resolve [#"option.rs" 449 0 449 16] type t_Option'0 = | C_None'0 - | C_Some'1 int32 + | C_Some'1 Int32.t predicate inv'2 (_1 : t_Option'0) @@ -4823,7 +4982,7 @@ module M_option__resolve [#"option.rs" 449 0 449 16] predicate resolve'1 (_1 : t_Option'1) = resolve'5 _1 - let rec closure1'0 (_1:()) (_2:borrowed int32) (return' (ret:bool))= (! bb0 + let rec closure1'0 (_1:()) (_2:borrowed Int32.t) (return' (ret:bool))= (! bb0 [ bb0 = s0 [ s0 = [ &res <- [%#soption46] false ] s1 | s1 = [ &_0 <- res ] s2 | s2 = return' {_0} ] ] ) [ & _0 : bool = any_l () | & res : bool = any_l () ] [ return' (result:bool)-> {[@expl:closure ensures] [%#soption47] not result} (! return' {result}) ] @@ -4833,10 +4992,10 @@ module M_option__resolve [#"option.rs" 449 0 449 16] axiom inv_axiom'3 [@rewrite] : forall x : () [inv'3 x] . inv'3 x = true - predicate precondition'1 (self : ()) (args : borrowed int32) = + predicate precondition'1 (self : ()) (args : borrowed Int32.t) = let (_2) = args in true - predicate postcondition_once'1 (self : ()) (args : borrowed int32) (result : bool) = + predicate postcondition_once'1 (self : ()) (args : borrowed Int32.t) (result : bool) = [%#soption47] let (_2) = args in not result let rec filter'0 (self:t_Option'1) (predicate':()) (return' (ret:t_Option'1))= {[@expl:filter 'self' type invariant] inv'0 self} @@ -4874,18 +5033,18 @@ module M_option__resolve [#"option.rs" 449 0 449 16] axiom inv_axiom'4 [@rewrite] : forall x : borrowed (t_Option'1) [inv'4 x] . inv'4 x = true - predicate inv'5 (_1 : borrowed int32) + predicate inv'5 (_1 : borrowed Int32.t) - axiom inv_axiom'5 [@rewrite] : forall x : borrowed int32 [inv'5 x] . inv'5 x = true + axiom inv_axiom'5 [@rewrite] : forall x : borrowed Int32.t [inv'5 x] . inv'5 x = true - predicate inv'6 (_1 : borrowed (borrowed int32)) + predicate inv'6 (_1 : borrowed (borrowed Int32.t)) - axiom inv_axiom'6 [@rewrite] : forall x : borrowed (borrowed int32) [inv'6 x] . inv'6 x = true + axiom inv_axiom'6 [@rewrite] : forall x : borrowed (borrowed Int32.t) [inv'6 x] . inv'6 x = true - let rec insert'0 (self:borrowed (t_Option'1)) (value:borrowed int32) (return' (ret:borrowed (borrowed int32)))= {[@expl:insert 'self' type invariant] inv'4 self} + let rec insert'0 (self:borrowed (t_Option'1)) (value:borrowed Int32.t) (return' (ret:borrowed (borrowed Int32.t)))= {[@expl:insert 'self' type invariant] inv'4 self} {[@expl:insert 'value' type invariant] inv'5 value} any - [ return' (result:borrowed (borrowed int32))-> {inv'6 result} + [ return' (result:borrowed (borrowed Int32.t))-> {inv'6 result} {[%#soption51] match self.current with | C_Some'0 t -> resolve'2 t | C_None'1 -> true @@ -4894,16 +5053,16 @@ module M_option__resolve [#"option.rs" 449 0 449 16] (! return' {result}) ] - predicate resolve'7 (self : borrowed (borrowed int32)) = + predicate resolve'7 (self : borrowed (borrowed Int32.t)) = [%#sresolve56] self.final = self.current - predicate resolve'3 (_1 : borrowed (borrowed int32)) = + predicate resolve'3 (_1 : borrowed (borrowed Int32.t)) = resolve'7 _1 - let rec get_or_insert'0 (self:borrowed (t_Option'1)) (value:borrowed int32) (return' (ret:borrowed (borrowed int32)))= {[@expl:get_or_insert 'self' type invariant] inv'4 self} + let rec get_or_insert'0 (self:borrowed (t_Option'1)) (value:borrowed Int32.t) (return' (ret:borrowed (borrowed Int32.t)))= {[@expl:get_or_insert 'self' type invariant] inv'4 self} {[@expl:get_or_insert 'value' type invariant] inv'5 value} any - [ return' (result:borrowed (borrowed int32))-> {inv'6 result} + [ return' (result:borrowed (borrowed Int32.t))-> {inv'6 result} {[%#soption53] match self.current with | C_None'1 -> result.current = value /\ self.final = C_Some'0 (result.final) | C_Some'0 _ -> self.current = C_Some'0 (result.current) @@ -4914,13 +5073,13 @@ module M_option__resolve [#"option.rs" 449 0 449 16] type t_Option'2 = | C_None'2 - | C_Some'2 (borrowed int32, int32) + | C_Some'2 (borrowed Int32.t, Int32.t) predicate inv'7 (_1 : t_Option'2) axiom inv_axiom'7 [@rewrite] : forall x : t_Option'2 [inv'7 x] . inv'7 x = true - predicate resolve'10 (_1 : int32) = + predicate resolve'10 (_1 : Int32.t) = true predicate resolve'8 (self : t_Option'0) = @@ -4941,10 +5100,10 @@ module M_option__resolve [#"option.rs" 449 0 449 16] (! return' {result}) ] - predicate resolve'12 (self : (borrowed int32, int32)) = + predicate resolve'12 (self : (borrowed Int32.t, Int32.t)) = [%#sresolve57] resolve'2 (let (a, _) = self in a) /\ resolve'10 (let (_, a) = self in a) - predicate resolve'11 (_1 : (borrowed int32, int32)) = + predicate resolve'11 (_1 : (borrowed Int32.t, Int32.t)) = resolve'12 _1 predicate resolve'9 (self : t_Option'2) = @@ -4961,7 +5120,7 @@ module M_option__resolve [#"option.rs" 449 0 449 16] [ return' (result:t_Option'0)-> {inv'2 result} {[%#soption45] self = C_None'1 -> result = C_None'0} {[%#soption45] self = C_None'1 - \/ (exists t : borrowed int32 . self = C_Some'0 t /\ result = C_Some'1 (t.current) /\ resolve'6 t)} + \/ (exists t : borrowed Int32.t . self = C_Some'0 t /\ result = C_Some'1 (t.current) /\ resolve'6 t)} (! return' {result}) ] @@ -4970,7 +5129,7 @@ module M_option__resolve [#"option.rs" 449 0 449 16] [ return' (result:t_Option'0)-> {inv'2 result} {[%#soption45] self = C_None'1 -> result = C_None'0} {[%#soption45] self = C_None'1 - \/ (exists t : borrowed int32 . self = C_Some'0 t /\ result = C_Some'1 (t.current) /\ resolve'6 t)} + \/ (exists t : borrowed Int32.t . self = C_Some'0 t /\ result = C_Some'1 (t.current) /\ resolve'6 t)} (! return' {result}) ] @@ -4978,8 +5137,9 @@ module M_option__resolve [#"option.rs" 449 0 449 16] let rec resolve'0 (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 - [ s0 = [ &x <- [%#soption0] (1 : int32) ] s1 - | s1 = Borrow.borrow_mut {x} (fun (_ret':borrowed int32) -> [ &_3 <- _ret' ] [ &x <- _ret'.final ] s2) + [ s0 = [ &x <- [%#soption0] (1 : Int32.t) ] s1 + | s1 = Borrow.borrow_mut {x} + (fun (_ret':borrowed Int32.t) -> [ &_3 <- _ret' ] [ &x <- _ret'.final ] s2) | s2 = [ &opt <- C_Some'0 _3 ] s3 | s3 = [ &_7 <- () ] s4 | s4 = is_some_and'0 {opt} {_7} (fun (_ret':bool) -> [ &_5 <- _ret' ] s5) @@ -4987,46 +5147,47 @@ module M_option__resolve [#"option.rs" 449 0 449 16] | bb1 = any [ br0 -> {_5 = false} (! bb3) | br1 -> {_5} (! bb2) ] | bb2 = s0 - [ s0 = Int32.eq {x} {[%#soption1] (1 : int32)} (fun (_ret':bool) -> [ &_10 <- _ret' ] s1) + [ s0 = Int32.eq {x} {[%#soption1] (1 : Int32.t)} (fun (_ret':bool) -> [ &_10 <- _ret' ] s1) | s1 = any [ br0 -> {_10 = false} (! bb5) | br1 -> {_10} (! bb4) ] ] | bb4 = s0 - [ s0 = [ &x1 <- [%#soption2] (1 : int32) ] s1 - | s1 = Borrow.borrow_mut {x1} - (fun (_ret':borrowed int32) -> [ &_15 <- _ret' ] [ &x1 <- _ret'.final ] s2) + [ s0 = [ &x1 <- [%#soption2] (1 : Int32.t) ] s1 + | s1 = Borrow.borrow_mut {x1} + (fun (_ret':borrowed Int32.t) -> [ &_15 <- _ret' ] [ &x1 <- _ret'.final ] s2) | s2 = [ &opt1 <- C_Some'0 _15 ] s3 - | s3 = [ &_18 <- C_Some'1 ([%#soption3] (2 : int32)) ] s4 + | s3 = [ &_18 <- C_Some'1 ([%#soption3] (2 : Int32.t)) ] s4 | s4 = and'0 {opt1} {_18} (fun (_ret':t_Option'0) -> [ &_16 <- _ret' ] s5) | s5 = bb6 ] | bb6 = s0 - [ s0 = Int32.eq {x1} {[%#soption4] (1 : int32)} (fun (_ret':bool) -> [ &_20 <- _ret' ] s1) + [ s0 = Int32.eq {x1} {[%#soption4] (1 : Int32.t)} (fun (_ret':bool) -> [ &_20 <- _ret' ] s1) | s1 = any [ br0 -> {_20 = false} (! bb8) | br1 -> {_20} (! bb7) ] ] | bb7 = s0 - [ s0 = [ &x2 <- [%#soption5] (1 : int32) ] s1 - | s1 = [ &y <- [%#soption6] (2 : int32) ] s2 - | s2 = Borrow.borrow_mut {x2} - (fun (_ret':borrowed int32) -> [ &_26 <- _ret' ] [ &x2 <- _ret'.final ] s3) + [ s0 = [ &x2 <- [%#soption5] (1 : Int32.t) ] s1 + | s1 = [ &y <- [%#soption6] (2 : Int32.t) ] s2 + | s2 = Borrow.borrow_mut {x2} + (fun (_ret':borrowed Int32.t) -> [ &_26 <- _ret' ] [ &x2 <- _ret'.final ] s3) | s3 = [ &opt2 <- C_Some'0 _26 ] s4 - | s4 = Borrow.borrow_mut {y} (fun (_ret':borrowed int32) -> [ &_29 <- _ret' ] [ &y <- _ret'.final ] s5) + | s4 = Borrow.borrow_mut {y} + (fun (_ret':borrowed Int32.t) -> [ &_29 <- _ret' ] [ &y <- _ret'.final ] s5) | s5 = [ &_28 <- C_Some'0 _29 ] s6 | s6 = or'0 {_28} {opt2} (fun (_ret':t_Option'1) -> [ &_27 <- _ret' ] s7) | s7 = bb9 ] | bb9 = s0 [ s0 = -{resolve'1 _27}- s1 - | s1 = Int32.eq {x2} {[%#soption7] (1 : int32)} (fun (_ret':bool) -> [ &_32 <- _ret' ] s2) + | s1 = Int32.eq {x2} {[%#soption7] (1 : Int32.t)} (fun (_ret':bool) -> [ &_32 <- _ret' ] s2) | s2 = any [ br0 -> {_32 = false} (! bb13) | br1 -> {_32} (! bb10) ] ] | bb10 = s0 - [ s0 = Int32.eq {y} {[%#soption8] (2 : int32)} (fun (_ret':bool) -> [ &_34 <- _ret' ] s1) + [ s0 = Int32.eq {y} {[%#soption8] (2 : Int32.t)} (fun (_ret':bool) -> [ &_34 <- _ret' ] s1) | s1 = any [ br0 -> {_34 = false} (! bb12) | br1 -> {_34} (! bb11) ] ] | bb11 = s0 - [ s0 = [ &x3 <- [%#soption9] (1 : int32) ] s1 - | s1 = Borrow.borrow_mut {x3} - (fun (_ret':borrowed int32) -> [ &_39 <- _ret' ] [ &x3 <- _ret'.final ] s2) + [ s0 = [ &x3 <- [%#soption9] (1 : Int32.t) ] s1 + | s1 = Borrow.borrow_mut {x3} + (fun (_ret':borrowed Int32.t) -> [ &_39 <- _ret' ] [ &x3 <- _ret'.final ] s2) | s2 = [ &opt3 <- C_Some'0 _39 ] s3 | s3 = [ &_42 <- () ] s4 | s4 = filter'0 {opt3} {_42} (fun (_ret':t_Option'1) -> [ &_40 <- _ret' ] s5) @@ -5034,88 +5195,88 @@ module M_option__resolve [#"option.rs" 449 0 449 16] | bb15 = s0 [ s0 = -{resolve'1 _40}- s1 - | s1 = Int32.eq {x3} {[%#soption10] (1 : int32)} (fun (_ret':bool) -> [ &_44 <- _ret' ] s2) + | s1 = Int32.eq {x3} {[%#soption10] (1 : Int32.t)} (fun (_ret':bool) -> [ &_44 <- _ret' ] s2) | s2 = any [ br0 -> {_44 = false} (! bb17) | br1 -> {_44} (! bb16) ] ] | bb16 = s0 - [ s0 = [ &x4 <- [%#soption11] (1 : int32) ] s1 - | s1 = [ &y1 <- [%#soption12] (2 : int32) ] s2 - | s2 = Borrow.borrow_mut {x4} - (fun (_ret':borrowed int32) -> [ &_50 <- _ret' ] [ &x4 <- _ret'.final ] s3) + [ s0 = [ &x4 <- [%#soption11] (1 : Int32.t) ] s1 + | s1 = [ &y1 <- [%#soption12] (2 : Int32.t) ] s2 + | s2 = Borrow.borrow_mut {x4} + (fun (_ret':borrowed Int32.t) -> [ &_50 <- _ret' ] [ &x4 <- _ret'.final ] s3) | s3 = [ &optx <- C_Some'0 _50 ] s4 - | s4 = Borrow.borrow_mut {y1} - (fun (_ret':borrowed int32) -> [ &_52 <- _ret' ] [ &y1 <- _ret'.final ] s5) + | s4 = Borrow.borrow_mut {y1} + (fun (_ret':borrowed Int32.t) -> [ &_52 <- _ret' ] [ &y1 <- _ret'.final ] s5) | s5 = [ &opty <- C_Some'0 _52 ] s6 | s6 = xor'0 {optx} {opty} (fun (_ret':t_Option'1) -> [ &_53 <- _ret' ] s7) | s7 = bb18 ] | bb18 = s0 [ s0 = -{resolve'1 _53}- s1 - | s1 = Int32.eq {x4} {[%#soption13] (1 : int32)} (fun (_ret':bool) -> [ &_57 <- _ret' ] s2) + | s1 = Int32.eq {x4} {[%#soption13] (1 : Int32.t)} (fun (_ret':bool) -> [ &_57 <- _ret' ] s2) | s2 = any [ br0 -> {_57 = false} (! bb22) | br1 -> {_57} (! bb19) ] ] | bb19 = s0 - [ s0 = Int32.eq {y1} {[%#soption14] (2 : int32)} (fun (_ret':bool) -> [ &_59 <- _ret' ] s1) + [ s0 = Int32.eq {y1} {[%#soption14] (2 : Int32.t)} (fun (_ret':bool) -> [ &_59 <- _ret' ] s1) | s1 = any [ br0 -> {_59 = false} (! bb21) | br1 -> {_59} (! bb20) ] ] | bb20 = s0 - [ s0 = [ &x5 <- [%#soption15] (1 : int32) ] s1 - | s1 = [ &y2 <- [%#soption16] (2 : int32) ] s2 - | s2 = Borrow.borrow_mut {x5} - (fun (_ret':borrowed int32) -> [ &_65 <- _ret' ] [ &x5 <- _ret'.final ] s3) + [ s0 = [ &x5 <- [%#soption15] (1 : Int32.t) ] s1 + | s1 = [ &y2 <- [%#soption16] (2 : Int32.t) ] s2 + | s2 = Borrow.borrow_mut {x5} + (fun (_ret':borrowed Int32.t) -> [ &_65 <- _ret' ] [ &x5 <- _ret'.final ] s3) | s3 = [ &opt4 <- C_Some'0 _65 ] s4 | s4 = Borrow.borrow_mut {opt4} (fun (_ret':borrowed (t_Option'1)) -> [ &_67 <- _ret' ] [ &opt4 <- _ret'.final ] s5) - | s5 = Borrow.borrow_mut {y2} - (fun (_ret':borrowed int32) -> [ &_69 <- _ret' ] [ &y2 <- _ret'.final ] s6) - | s6 = Borrow.borrow_final {_69.current} {Borrow.get_id _69} - (fun (_ret':borrowed int32) -> [ &_68 <- _ret' ] [ &_69 <- { _69 with current = _ret'.final } ] s7) - | s7 = insert'0 {_67} {_68} (fun (_ret':borrowed (borrowed int32)) -> [ &bor <- _ret' ] s8) + | s5 = Borrow.borrow_mut {y2} + (fun (_ret':borrowed Int32.t) -> [ &_69 <- _ret' ] [ &y2 <- _ret'.final ] s6) + | s6 = Borrow.borrow_final {_69.current} {Borrow.get_id _69} + (fun (_ret':borrowed Int32.t) -> [ &_68 <- _ret' ] [ &_69 <- { _69 with current = _ret'.final } ] s7) + | s7 = insert'0 {_67} {_68} (fun (_ret':borrowed (borrowed Int32.t)) -> [ &bor <- _ret' ] s8) | s8 = bb24 ] | bb24 = s0 [ s0 = -{resolve'2 _69}- s1 - | s1 = [ &bor <- { bor with current = { bor.current with current = ([%#soption17] (3 : int32)) } } ] s2 + | s1 = [ &bor <- { bor with current = { bor.current with current = ([%#soption17] (3 : Int32.t)) } } ] s2 | s2 = -{resolve'3 bor}- s3 | s3 = -{resolve'1 opt4}- s4 - | s4 = Int32.eq {x5} {[%#soption18] (1 : int32)} (fun (_ret':bool) -> [ &_71 <- _ret' ] s5) + | s4 = Int32.eq {x5} {[%#soption18] (1 : Int32.t)} (fun (_ret':bool) -> [ &_71 <- _ret' ] s5) | s5 = any [ br0 -> {_71 = false} (! bb28) | br1 -> {_71} (! bb25) ] ] | bb25 = s0 - [ s0 = Int32.eq {y2} {[%#soption19] (3 : int32)} (fun (_ret':bool) -> [ &_73 <- _ret' ] s1) + [ s0 = Int32.eq {y2} {[%#soption19] (3 : Int32.t)} (fun (_ret':bool) -> [ &_73 <- _ret' ] s1) | s1 = any [ br0 -> {_73 = false} (! bb27) | br1 -> {_73} (! bb26) ] ] | bb26 = s0 - [ s0 = [ &x6 <- [%#soption20] (1 : int32) ] s1 - | s1 = [ &y3 <- [%#soption21] (2 : int32) ] s2 - | s2 = Borrow.borrow_mut {x6} - (fun (_ret':borrowed int32) -> [ &_79 <- _ret' ] [ &x6 <- _ret'.final ] s3) + [ s0 = [ &x6 <- [%#soption20] (1 : Int32.t) ] s1 + | s1 = [ &y3 <- [%#soption21] (2 : Int32.t) ] s2 + | s2 = Borrow.borrow_mut {x6} + (fun (_ret':borrowed Int32.t) -> [ &_79 <- _ret' ] [ &x6 <- _ret'.final ] s3) | s3 = [ &opt5 <- C_Some'0 _79 ] s4 | s4 = Borrow.borrow_mut {opt5} (fun (_ret':borrowed (t_Option'1)) -> [ &_81 <- _ret' ] [ &opt5 <- _ret'.final ] s5) - | s5 = Borrow.borrow_mut {y3} - (fun (_ret':borrowed int32) -> [ &_83 <- _ret' ] [ &y3 <- _ret'.final ] s6) - | s6 = Borrow.borrow_final {_83.current} {Borrow.get_id _83} - (fun (_ret':borrowed int32) -> [ &_82 <- _ret' ] [ &_83 <- { _83 with current = _ret'.final } ] s7) - | s7 = get_or_insert'0 {_81} {_82} (fun (_ret':borrowed (borrowed int32)) -> [ &bor1 <- _ret' ] s8) + | s5 = Borrow.borrow_mut {y3} + (fun (_ret':borrowed Int32.t) -> [ &_83 <- _ret' ] [ &y3 <- _ret'.final ] s6) + | s6 = Borrow.borrow_final {_83.current} {Borrow.get_id _83} + (fun (_ret':borrowed Int32.t) -> [ &_82 <- _ret' ] [ &_83 <- { _83 with current = _ret'.final } ] s7) + | s7 = get_or_insert'0 {_81} {_82} (fun (_ret':borrowed (borrowed Int32.t)) -> [ &bor1 <- _ret' ] s8) | s8 = bb30 ] | bb30 = s0 [ s0 = -{resolve'2 _83}- s1 - | s1 = [ &bor1 <- { bor1 with current = { bor1.current with current = ([%#soption22] (3 : int32)) } } ] s2 + | s1 = [ &bor1 <- { bor1 with current = { bor1.current with current = ([%#soption22] (3 : Int32.t)) } } ] s2 | s2 = -{resolve'3 bor1}- s3 | s3 = -{resolve'1 opt5}- s4 - | s4 = Int32.eq {x6} {[%#soption23] (3 : int32)} (fun (_ret':bool) -> [ &_85 <- _ret' ] s5) + | s4 = Int32.eq {x6} {[%#soption23] (3 : Int32.t)} (fun (_ret':bool) -> [ &_85 <- _ret' ] s5) | s5 = any [ br0 -> {_85 = false} (! bb34) | br1 -> {_85} (! bb31) ] ] | bb31 = s0 - [ s0 = Int32.eq {y3} {[%#soption24] (2 : int32)} (fun (_ret':bool) -> [ &_87 <- _ret' ] s1) + [ s0 = Int32.eq {y3} {[%#soption24] (2 : Int32.t)} (fun (_ret':bool) -> [ &_87 <- _ret' ] s1) | s1 = any [ br0 -> {_87 = false} (! bb33) | br1 -> {_87} (! bb32) ] ] | bb32 = s0 - [ s0 = [ &x7 <- [%#soption25] (1 : int32) ] s1 - | s1 = Borrow.borrow_mut {x7} - (fun (_ret':borrowed int32) -> [ &_92 <- _ret' ] [ &x7 <- _ret'.final ] s2) + [ s0 = [ &x7 <- [%#soption25] (1 : Int32.t) ] s1 + | s1 = Borrow.borrow_mut {x7} + (fun (_ret':borrowed Int32.t) -> [ &_92 <- _ret' ] [ &x7 <- _ret'.final ] s2) | s2 = [ &opt6 <- C_Some'0 _92 ] s3 | s3 = [ &_95 <- C_None'0 ] s4 | s4 = zip'0 {opt6} {_95} (fun (_ret':t_Option'2) -> [ &_93 <- _ret' ] s5) @@ -5123,30 +5284,30 @@ module M_option__resolve [#"option.rs" 449 0 449 16] | bb36 = s0 [ s0 = -{resolve'4 _93}- s1 - | s1 = Int32.eq {x7} {[%#soption26] (1 : int32)} (fun (_ret':bool) -> [ &_97 <- _ret' ] s2) + | s1 = Int32.eq {x7} {[%#soption26] (1 : Int32.t)} (fun (_ret':bool) -> [ &_97 <- _ret' ] s2) | s2 = any [ br0 -> {_97 = false} (! bb38) | br1 -> {_97} (! bb37) ] ] | bb37 = s0 - [ s0 = [ &x8 <- [%#soption27] (1 : int32) ] s1 - | s1 = Borrow.borrow_mut {x8} - (fun (_ret':borrowed int32) -> [ &_102 <- _ret' ] [ &x8 <- _ret'.final ] s2) + [ s0 = [ &x8 <- [%#soption27] (1 : Int32.t) ] s1 + | s1 = Borrow.borrow_mut {x8} + (fun (_ret':borrowed Int32.t) -> [ &_102 <- _ret' ] [ &x8 <- _ret'.final ] s2) | s2 = [ &opt7 <- C_Some'0 _102 ] s3 | s3 = copied'0 {opt7} (fun (_ret':t_Option'0) -> [ &_103 <- _ret' ] s4) | s4 = bb39 ] | bb39 = s0 - [ s0 = Int32.eq {x8} {[%#soption28] (1 : int32)} (fun (_ret':bool) -> [ &_106 <- _ret' ] s1) + [ s0 = Int32.eq {x8} {[%#soption28] (1 : Int32.t)} (fun (_ret':bool) -> [ &_106 <- _ret' ] s1) | s1 = any [ br0 -> {_106 = false} (! bb41) | br1 -> {_106} (! bb40) ] ] | bb40 = s0 - [ s0 = Borrow.borrow_mut {x8} - (fun (_ret':borrowed int32) -> [ &_110 <- _ret' ] [ &x8 <- _ret'.final ] s1) + [ s0 = Borrow.borrow_mut {x8} + (fun (_ret':borrowed Int32.t) -> [ &_110 <- _ret' ] [ &x8 <- _ret'.final ] s1) | s1 = [ &opt8 <- C_Some'0 _110 ] s2 | s2 = cloned'0 {opt8} (fun (_ret':t_Option'0) -> [ &_111 <- _ret' ] s3) | s3 = bb42 ] | bb42 = s0 - [ s0 = Int32.eq {x8} {[%#soption29] (1 : int32)} (fun (_ret':bool) -> [ &_114 <- _ret' ] s1) + [ s0 = Int32.eq {x8} {[%#soption29] (1 : Int32.t)} (fun (_ret':bool) -> [ &_114 <- _ret' ] s1) | s1 = any [ br0 -> {_114 = false} (! bb44) | br1 -> {_114} (! bb43) ] ] | bb43 = return' {_0} @@ -5171,75 +5332,75 @@ module M_option__resolve [#"option.rs" 449 0 449 16] | bb3 = {[%#soption40] false} any ] ) [ & _0 : () = any_l () - | & x : int32 = any_l () + | & x : Int32.t = any_l () | & opt : t_Option'1 = any_l () - | & _3 : borrowed int32 = any_l () + | & _3 : borrowed Int32.t = any_l () | & _5 : bool = any_l () | & _7 : () = any_l () | & _10 : bool = any_l () - | & x1 : int32 = any_l () + | & x1 : Int32.t = any_l () | & opt1 : t_Option'1 = any_l () - | & _15 : borrowed int32 = any_l () + | & _15 : borrowed Int32.t = any_l () | & _16 : t_Option'0 = any_l () | & _18 : t_Option'0 = any_l () | & _20 : bool = any_l () - | & x2 : int32 = any_l () - | & y : int32 = any_l () + | & x2 : Int32.t = any_l () + | & y : Int32.t = any_l () | & opt2 : t_Option'1 = any_l () - | & _26 : borrowed int32 = any_l () + | & _26 : borrowed Int32.t = any_l () | & _27 : t_Option'1 = any_l () | & _28 : t_Option'1 = any_l () - | & _29 : borrowed int32 = any_l () + | & _29 : borrowed Int32.t = any_l () | & _32 : bool = any_l () | & _34 : bool = any_l () - | & x3 : int32 = any_l () + | & x3 : Int32.t = any_l () | & opt3 : t_Option'1 = any_l () - | & _39 : borrowed int32 = any_l () + | & _39 : borrowed Int32.t = any_l () | & _40 : t_Option'1 = any_l () | & _42 : () = any_l () | & _44 : bool = any_l () - | & x4 : int32 = any_l () - | & y1 : int32 = any_l () + | & x4 : Int32.t = any_l () + | & y1 : Int32.t = any_l () | & optx : t_Option'1 = any_l () - | & _50 : borrowed int32 = any_l () + | & _50 : borrowed Int32.t = any_l () | & opty : t_Option'1 = any_l () - | & _52 : borrowed int32 = any_l () + | & _52 : borrowed Int32.t = any_l () | & _53 : t_Option'1 = any_l () | & _57 : bool = any_l () | & _59 : bool = any_l () - | & x5 : int32 = any_l () - | & y2 : int32 = any_l () + | & x5 : Int32.t = any_l () + | & y2 : Int32.t = any_l () | & opt4 : t_Option'1 = any_l () - | & _65 : borrowed int32 = any_l () - | & bor : borrowed (borrowed int32) = any_l () + | & _65 : borrowed Int32.t = any_l () + | & bor : borrowed (borrowed Int32.t) = any_l () | & _67 : borrowed (t_Option'1) = any_l () - | & _68 : borrowed int32 = any_l () - | & _69 : borrowed int32 = any_l () + | & _68 : borrowed Int32.t = any_l () + | & _69 : borrowed Int32.t = any_l () | & _71 : bool = any_l () | & _73 : bool = any_l () - | & x6 : int32 = any_l () - | & y3 : int32 = any_l () + | & x6 : Int32.t = any_l () + | & y3 : Int32.t = any_l () | & opt5 : t_Option'1 = any_l () - | & _79 : borrowed int32 = any_l () - | & bor1 : borrowed (borrowed int32) = any_l () + | & _79 : borrowed Int32.t = any_l () + | & bor1 : borrowed (borrowed Int32.t) = any_l () | & _81 : borrowed (t_Option'1) = any_l () - | & _82 : borrowed int32 = any_l () - | & _83 : borrowed int32 = any_l () + | & _82 : borrowed Int32.t = any_l () + | & _83 : borrowed Int32.t = any_l () | & _85 : bool = any_l () | & _87 : bool = any_l () - | & x7 : int32 = any_l () + | & x7 : Int32.t = any_l () | & opt6 : t_Option'1 = any_l () - | & _92 : borrowed int32 = any_l () + | & _92 : borrowed Int32.t = any_l () | & _93 : t_Option'2 = any_l () | & _95 : t_Option'0 = any_l () | & _97 : bool = any_l () - | & x8 : int32 = any_l () + | & x8 : Int32.t = any_l () | & opt7 : t_Option'1 = any_l () - | & _102 : borrowed int32 = any_l () + | & _102 : borrowed Int32.t = any_l () | & _103 : t_Option'0 = any_l () | & _106 : bool = any_l () | & opt8 : t_Option'1 = any_l () - | & _110 : borrowed int32 = any_l () + | & _110 : borrowed Int32.t = any_l () | & _111 : t_Option'0 = any_l () | & _114 : bool = any_l () ] [ return' (result:())-> (! return' {result}) ] diff --git a/creusot/tests/should_succeed/ord_trait.coma b/creusot/tests/should_succeed/ord_trait.coma index 6749e9cc22..59e43e96ea 100644 --- a/creusot/tests/should_succeed/ord_trait.coma +++ b/creusot/tests/should_succeed/ord_trait.coma @@ -259,21 +259,21 @@ end module M_ord_trait__gt_or_le_int [#"ord_trait.rs" 21 0 21 47] let%span sord_trait0 = "ord_trait.rs" 20 10 20 30 - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 use prelude.prelude.Intrinsic - use prelude.prelude.UIntSize - use prelude.prelude.Int + use prelude.prelude.UInt64 + meta "compute_max_steps" 1000000 - let rec gt_or_le_int'0 (x:usize) (y:usize) (return' (ret:bool))= (! bb0 - [ bb0 = s0 [ s0 = UIntSize.le {x} {y} (fun (_ret':bool) -> [ &_0 <- _ret' ] s1) | s1 = return' {_0} ] ] - ) [ & _0 : bool = any_l () | & x : usize = x | & y : usize = y ] + let rec gt_or_le_int'0 (x:UInt64.t) (y:UInt64.t) (return' (ret:bool))= (! bb0 + [ bb0 = s0 [ s0 = UInt64.le {x} {y} (fun (_ret':bool) -> [ &_0 <- _ret' ] s1) | s1 = return' {_0} ] ] + ) [ & _0 : bool = any_l () | & x : UInt64.t = x | & y : UInt64.t = y ] [ return' (result:bool)-> {[@expl:gt_or_le_int ensures] [%#sord_trait0] result - = (UIntSize.to_int x <= UIntSize.to_int y)} + = (UInt64.to_uint x <= UInt64.to_uint y)} (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/ord_trait/why3session.xml b/creusot/tests/should_succeed/ord_trait/why3session.xml index c2365dbce3..0c27cd38a8 100644 --- a/creusot/tests/should_succeed/ord_trait/why3session.xml +++ b/creusot/tests/should_succeed/ord_trait/why3session.xml @@ -18,7 +18,7 @@ - + diff --git a/creusot/tests/should_succeed/ord_trait/why3shapes.gz b/creusot/tests/should_succeed/ord_trait/why3shapes.gz index 8b245d3dfa6e39df6c30da111dde2d9382e1c1f4..79f77557406a51306db4f3fa62b1aa4027ff37b7 100644 GIT binary patch literal 412 zcmV;N0b~9jiwFP!00000|AmuHPlPZKhVT3eZmXU;ZE3-{2V=x;Vmz5%$t)do6ZS)3 zP5k#3bdlm36Am-;&NCk{TwKNND;}tg->GRg``vY{;;YLDH@kOiHn{5+%(A!M?T!3o zOcTJuSAsY4lM&$(%k814_b)!5TY-1Q{o4`ig|D{k19_N|Sm{$9scjc*6)4gsUU_H; zJ8Bke#%ZgjYKSVU$D%VXwZJSun4g^srhOP@IB@^`>@-(}1vwqd?~E^9pguQ8%A=={ zODw2y;sK&S`hr46TSx<@?gHs-qs($PAF!rC9ebVP=!g!*cJHX}zbX9kd*b%{0yz9w ztM9Yn{w>n>(0vrc(M6N}rnO*J+xz^lA^3cVu`55*pHC;jnt+=Q*sh z!edRAg`xkTJddJ`OGWD}Q)R-PWGrILGFk7 G0{{R$H^smctOtRe+(Vf>(pF=q`Zs zWxECX?+3e0YPl(PqxkY6UqbwLm-K(>#C`I@UB5dXek3-z`z~mAc%g1bhar_H&*O6p z%1baW0ED*!KqxPPpcU2oQ`H`yQi%#Rt*hVXXKGV`OiouN5 z)qTe_aF@yj=g`j87`5oGO&45_AQ2$0FK#9CF%1hG6oUHLX{l-iGq-i76+I1+`q({l zDIQ`jL$FuJ6U3492E~j+$Rnm5BI)L!0+n1EY&lY|vo3iG%%^I94BU=?3ZLF1@$3Bp z6nsRR_p?z@3f`ZF*J?UCG23t63l_ZrmHNtrTAH{{RX66VxfA-iqTyKW4g<f%etwFYG@`}e?_wnd6sKvtSby`HEAi`wzigt8>96^8}Sci4yB#q0{{S| C`M`hx diff --git a/creusot/tests/should_succeed/printing.coma b/creusot/tests/should_succeed/printing.coma index fa8dbbd4b7..4ae3b428ff 100644 --- a/creusot/tests/should_succeed/printing.coma +++ b/creusot/tests/should_succeed/printing.coma @@ -6,7 +6,7 @@ module M_printing__f [#"printing.rs" 5 0 5 10] let%span sprinting4 = "printing.rs" 8 12 8 20 let%span sprinting5 = "printing.rs" 9 14 9 23 - use prelude.prelude.Slice + use Slice64.create use prelude.prelude.Borrow @@ -27,7 +27,9 @@ module M_printing__f [#"printing.rs" 5 0 5 10] [ return' (result:array string)-> return' {result} ] - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 use prelude.prelude.Char @@ -40,15 +42,15 @@ module M_printing__f [#"printing.rs" 5 0 5 10] use prelude.prelude.UInt32 type t_Count'0 = - | C_Is'0 usize - | C_Param'0 usize + | C_Is'0 UInt64.t + | C_Param'0 UInt64.t | C_Implied'0 type t_Placeholder'0 = - { t_Placeholder__position'0: usize; + { t_Placeholder__position'0: UInt64.t; t_Placeholder__fill'0: char; t_Placeholder__align'0: t_Alignment'0; - t_Placeholder__flags'0: uint32; + t_Placeholder__flags'0: UInt32.t; t_Placeholder__precision'0: t_Count'0; t_Placeholder__width'0: t_Count'0 } @@ -63,7 +65,7 @@ module M_printing__f [#"printing.rs" 5 0 5 10] type t_ArgumentType'0 = | C_Placeholder'0 (t_NonNull'0) opaque_ptr () - | C_Count'0 usize + | C_Count'0 UInt64.t type t_Argument'0 = { t_Argument__ty'0: t_ArgumentType'0 } @@ -123,8 +125,6 @@ module M_printing__f [#"printing.rs" 5 0 5 10] [ return' (result:array string)-> return' {result} ] - use prelude.prelude.Int - meta "compute_max_steps" 1000000 let rec f'0 (_1:()) (return' (ret:()))= (! bb0 diff --git a/creusot/tests/should_succeed/projection_toggle.coma b/creusot/tests/should_succeed/projection_toggle.coma index 8a92f573f2..f95f7886b5 100644 --- a/creusot/tests/should_succeed/projection_toggle.coma +++ b/creusot/tests/should_succeed/projection_toggle.coma @@ -122,26 +122,28 @@ module M_projection_toggle__f [#"projection_toggle.rs" 13 0 13 10] let%span sprojection_toggle9 = "projection_toggle.rs" 4 0 4 82 let%span sresolve10 = "../../../creusot-contracts/src/resolve.rs" 54 20 54 34 + use prelude.prelude.Int + use prelude.prelude.Int32 use prelude.prelude.Borrow - predicate inv'0 (_1 : borrowed int32) + predicate inv'0 (_1 : borrowed Int32.t) - axiom inv_axiom'0 [@rewrite] : forall x : borrowed int32 [inv'0 x] . inv'0 x = true + axiom inv_axiom'0 [@rewrite] : forall x : borrowed Int32.t [inv'0 x] . inv'0 x = true - let rec proj_toggle'0 (toggle:bool) (a:borrowed int32) (b:borrowed int32) (return' (ret:borrowed int32))= {[@expl:proj_toggle 'a' type invariant] [%#sprojection_toggle6] inv'0 a} + let rec proj_toggle'0 (toggle:bool) (a:borrowed Int32.t) (b:borrowed Int32.t) (return' (ret:borrowed Int32.t))= {[@expl:proj_toggle 'a' type invariant] [%#sprojection_toggle6] inv'0 a} {[@expl:proj_toggle 'b' type invariant] [%#sprojection_toggle7] inv'0 b} any - [ return' (result:borrowed int32)-> {[%#sprojection_toggle8] inv'0 result} + [ return' (result:borrowed Int32.t)-> {[%#sprojection_toggle8] inv'0 result} {[%#sprojection_toggle9] if toggle then result = a /\ b.final = b.current else result = b /\ a.final = a.current} (! return' {result}) ] - predicate resolve'1 (self : borrowed int32) = + predicate resolve'1 (self : borrowed Int32.t) = [%#sresolve10] self.final = self.current - predicate resolve'0 (_1 : borrowed int32) = + predicate resolve'0 (_1 : borrowed Int32.t) = resolve'1 _1 use prelude.prelude.Intrinsic @@ -150,37 +152,40 @@ module M_projection_toggle__f [#"projection_toggle.rs" 13 0 13 10] let rec f'0 (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 - [ s0 = [ &a <- [%#sprojection_toggle0] (10 : int32) ] s1 - | s1 = [ &b <- [%#sprojection_toggle1] (5 : int32) ] s2 - | s2 = Borrow.borrow_mut {a} (fun (_ret':borrowed int32) -> [ &_5 <- _ret' ] [ &a <- _ret'.final ] s3) - | s3 = Borrow.borrow_final {_5.current} {Borrow.get_id _5} - (fun (_ret':borrowed int32) -> [ &_4 <- _ret' ] [ &_5 <- { _5 with current = _ret'.final } ] s4) - | s4 = Borrow.borrow_mut {b} (fun (_ret':borrowed int32) -> [ &_7 <- _ret' ] [ &b <- _ret'.final ] s5) - | s5 = Borrow.borrow_final {_7.current} {Borrow.get_id _7} - (fun (_ret':borrowed int32) -> [ &_6 <- _ret' ] [ &_7 <- { _7 with current = _ret'.final } ] s6) - | s6 = proj_toggle'0 {[%#sprojection_toggle2] true} {_4} {_6} (fun (_ret':borrowed int32) -> [ &x <- _ret' ] s7) + [ s0 = [ &a <- [%#sprojection_toggle0] (10 : Int32.t) ] s1 + | s1 = [ &b <- [%#sprojection_toggle1] (5 : Int32.t) ] s2 + | s2 = Borrow.borrow_mut {a} + (fun (_ret':borrowed Int32.t) -> [ &_5 <- _ret' ] [ &a <- _ret'.final ] s3) + | s3 = Borrow.borrow_final {_5.current} {Borrow.get_id _5} + (fun (_ret':borrowed Int32.t) -> [ &_4 <- _ret' ] [ &_5 <- { _5 with current = _ret'.final } ] s4) + | s4 = Borrow.borrow_mut {b} + (fun (_ret':borrowed Int32.t) -> [ &_7 <- _ret' ] [ &b <- _ret'.final ] s5) + | s5 = Borrow.borrow_final {_7.current} {Borrow.get_id _7} + (fun (_ret':borrowed Int32.t) -> [ &_6 <- _ret' ] [ &_7 <- { _7 with current = _ret'.final } ] s6) + | s6 = proj_toggle'0 {[%#sprojection_toggle2] true} {_4} {_6} + (fun (_ret':borrowed Int32.t) -> [ &x <- _ret' ] s7) | s7 = bb1 ] | bb1 = s0 [ s0 = -{resolve'0 _7}- s1 | s1 = -{resolve'0 _5}- s2 - | s2 = Int32.add {x.current} {[%#sprojection_toggle3] (5 : int32)} - (fun (_ret':int32) -> [ &x <- { x with current = _ret' } ] s3) + | s2 = Int32.add {x.current} {[%#sprojection_toggle3] (5 : Int32.t)} + (fun (_ret':Int32.t) -> [ &x <- { x with current = _ret' } ] s3) | s3 = -{resolve'0 x}- s4 - | s4 = Int32.eq {a} {[%#sprojection_toggle4] (15 : int32)} (fun (_ret':bool) -> [ &_9 <- _ret' ] s5) + | s4 = Int32.eq {a} {[%#sprojection_toggle4] (15 : Int32.t)} (fun (_ret':bool) -> [ &_9 <- _ret' ] s5) | s5 = any [ br0 -> {_9 = false} (! bb3) | br1 -> {_9} (! bb2) ] ] | bb2 = return' {_0} | bb3 = {[%#sprojection_toggle5] false} any ] ) [ & _0 : () = any_l () - | & a : int32 = any_l () - | & b : int32 = any_l () - | & x : borrowed int32 = any_l () - | & _4 : borrowed int32 = any_l () - | & _5 : borrowed int32 = any_l () - | & _6 : borrowed int32 = any_l () - | & _7 : borrowed int32 = any_l () + | & a : Int32.t = any_l () + | & b : Int32.t = any_l () + | & x : borrowed Int32.t = any_l () + | & _4 : borrowed Int32.t = any_l () + | & _5 : borrowed Int32.t = any_l () + | & _6 : borrowed Int32.t = any_l () + | & _7 : borrowed Int32.t = any_l () | & _9 : bool = any_l () ] [ return' (result:())-> (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/projection_toggle/why3session.xml b/creusot/tests/should_succeed/projection_toggle/why3session.xml index b26c2d4a74..dfcbe1a4cc 100644 --- a/creusot/tests/should_succeed/projection_toggle/why3session.xml +++ b/creusot/tests/should_succeed/projection_toggle/why3session.xml @@ -13,7 +13,7 @@ - + diff --git a/creusot/tests/should_succeed/projection_toggle/why3shapes.gz b/creusot/tests/should_succeed/projection_toggle/why3shapes.gz index ea7ec3a21fc47640fd8dfa6091c6cbc1bc5e22b9..bc81d33b21e6b5a2da69fd92c1ff47fdbd73d2ff 100644 GIT binary patch literal 478 zcmV<40U`b$iwFP!00000|HV{IZ<|06z4I%$rA<|7zZX~W!97?;s@hAn*VO>)2E_&k zu+#R}cferB=|WO9QaBCo&AfRmv-9pctZ!lG>hR#IIxmY)p$f0x2ap#BsB$QpD`Lof z``QM}AqaAq!#XcuV;H3Ss&YkR*aE?%tg7`u_O=+z4TbO3-Yt$N__lsxs9arc4(`$jW(>cy&GJ}%lJQ8VJ>}zU@G*7$YW{uB zUQd0@zxqFe|4<%x<<#iqQHY+i21@xTzi;`BG3n_n$2*IG3fy+r{IcEt2pZ3h_}Wf= zO6C1J#v9m_Hb))W2R-h!43K4~#yXY#(CK#Q^jYh#v=0Mu0*7XD0rke22)6Lk)`(cB z?PtTJ>Im58#U*T_FRgs%wgWCTJ1CXk;AW~RG!LcS;YU>{{@YpXvafAf;1;-;_R~Q-N&Ne)y1ot5dKH^j9y*vnG878at{GQfOyz0Ip#L-C;_hT^3FnMu9 zU;cEnB|bqwW=wD$DWEJ#6;qBUdOf2&$w(%M6CqpC6$vQO5tTF|B6HNawNzrJnaCJR UwMsI;G_m5rA0!8p*ct}_074q>k^lez literal 404 zcmV;F0c-vriwFP!00000|HYI`PlG@dh4=glcGbF>_fQiS-4NKD*^?v`%-0y|T?M^n{#Svd^71{`+63XglE&lc{(ABd7014td|v0bi|^gf!-dA zfUht-RR^=~PVlxo5mcrwH%IdsM6vNoTbBj(i{m1vJ>_mU=v2DA8o!O~dg)XA;(vgD zXpc_qSjnIZ!e`eY37cf+=0AXO%Va)1nGKR-w!7v%KD{4KV|gRMho+44qEWanH0DwJ zD`?F3*%YtW@0e_NOh)Gv4<7n*q>@8$2OKBmp-AgF-_%s9@Z8li#iJa2MKwli@RhvO zHMcIG=4~7JN@)JQ2O~voO&GN#P1GObumkAV18x5KVL=cCj)PW&QRxZ5B+-HhLlc>; yFildFGGv%bLL4GTU@AqVJRq*+T(&q>5`Cz)cF88Jm0HY1^@t-`o9nW diff --git a/creusot/tests/should_succeed/projections.coma b/creusot/tests/should_succeed/projections.coma index 9357b11aa1..b6b6217227 100644 --- a/creusot/tests/should_succeed/projections.coma +++ b/creusot/tests/should_succeed/projections.coma @@ -1,4 +1,6 @@ module M_projections__copy_out_of_ref [#"projections.rs" 5 0 5 38] + use prelude.prelude.Int + use prelude.prelude.UInt32 use prelude.prelude.Intrinsic @@ -7,37 +9,39 @@ module M_projections__copy_out_of_ref [#"projections.rs" 5 0 5 38] meta "compute_max_steps" 1000000 - let rec copy_out_of_ref'0 (x:uint32) (return' (ret:uint32))= (! bb0 + let rec copy_out_of_ref'0 (x:UInt32.t) (return' (ret:UInt32.t))= (! bb0 [ bb0 = s0 [ s0 = [ &_0 <- x ] s1 | s1 = return' {_0} ] ] - ) [ & _0 : uint32 = any_l () | & x : uint32 = x ] [ return' (result:uint32)-> (! return' {result}) ] + ) [ & _0 : UInt32.t = any_l () | & x : UInt32.t = x ] [ return' (result:UInt32.t)-> (! return' {result}) ] end module M_projections__copy_out_of_sum [#"projections.rs" 9 0 9 60] let%span sresolve0 = "../../../creusot-contracts/src/resolve.rs" 54 20 54 34 use prelude.prelude.Borrow + use prelude.prelude.Int + use prelude.prelude.UInt32 type t_Result'0 = - | C_Ok'0 (borrowed uint32) - | C_Err'0 (borrowed uint32) + | C_Ok'0 (borrowed UInt32.t) + | C_Err'0 (borrowed UInt32.t) - let rec v_Err'0 (input:t_Result'0) (ret (field_0:borrowed uint32))= any - [ good (field_0:borrowed uint32)-> {C_Err'0 field_0 = input} (! ret {field_0}) - | bad -> {forall field_0 : borrowed uint32 [C_Err'0 field_0 : t_Result'0] . C_Err'0 field_0 <> input} + let rec v_Err'0 (input:t_Result'0) (ret (field_0:borrowed UInt32.t))= any + [ good (field_0:borrowed UInt32.t)-> {C_Err'0 field_0 = input} (! ret {field_0}) + | bad -> {forall field_0 : borrowed UInt32.t [C_Err'0 field_0 : t_Result'0] . C_Err'0 field_0 <> input} (! {false} any) ] - predicate resolve'1 (self : borrowed uint32) = + predicate resolve'1 (self : borrowed UInt32.t) = [%#sresolve0] self.final = self.current - predicate resolve'0 (_1 : borrowed uint32) = + predicate resolve'0 (_1 : borrowed UInt32.t) = resolve'1 _1 - let rec v_Ok'0 (input:t_Result'0) (ret (field_0:borrowed uint32))= any - [ good (field_0:borrowed uint32)-> {C_Ok'0 field_0 = input} (! ret {field_0}) - | bad -> {forall field_0 : borrowed uint32 [C_Ok'0 field_0 : t_Result'0] . C_Ok'0 field_0 <> input} + let rec v_Ok'0 (input:t_Result'0) (ret (field_0:borrowed UInt32.t))= any + [ good (field_0:borrowed UInt32.t)-> {C_Ok'0 field_0 = input} (! ret {field_0}) + | bad -> {forall field_0 : borrowed UInt32.t [C_Ok'0 field_0 : t_Result'0] . C_Ok'0 field_0 <> input} (! {false} any) ] @@ -46,52 +50,54 @@ module M_projections__copy_out_of_sum [#"projections.rs" 9 0 9 60] meta "compute_max_steps" 1000000 - let rec copy_out_of_sum'0 (x:t_Result'0) (return' (ret:uint32))= (! bb0 + let rec copy_out_of_sum'0 (x:t_Result'0) (return' (ret:UInt32.t))= (! bb0 [ bb0 = any - [ br0 (x0:borrowed uint32)-> {x = C_Ok'0 x0} (! bb2) | br1 (x0:borrowed uint32)-> {x = C_Err'0 x0} (! bb3) ] + [ br0 (x0:borrowed UInt32.t)-> {x = C_Ok'0 x0} (! bb2) | br1 (x0:borrowed UInt32.t)-> {x = C_Err'0 x0} (! bb3) ] | bb3 = s0 - [ s0 = v_Err'0 {x} (fun (r0'0:borrowed uint32) -> [ &y <- r0'0 ] s1) + [ s0 = v_Err'0 {x} (fun (r0'0:borrowed UInt32.t) -> [ &y <- r0'0 ] s1) | s1 = -{resolve'0 y}- s2 | s2 = [ &_0 <- y.current ] s3 | s3 = bb5 ] | bb2 = bb4 | bb4 = s0 - [ s0 = v_Ok'0 {x} (fun (r0'0:borrowed uint32) -> [ &x1 <- r0'0 ] s1) + [ s0 = v_Ok'0 {x} (fun (r0'0:borrowed UInt32.t) -> [ &x1 <- r0'0 ] s1) | s1 = -{resolve'0 x1}- s2 | s2 = [ &_0 <- x1.current ] s3 | s3 = bb5 ] | bb5 = return' {_0} ] ) - [ & _0 : uint32 = any_l () + [ & _0 : UInt32.t = any_l () | & x : t_Result'0 = x - | & x1 : borrowed uint32 = any_l () - | & y : borrowed uint32 = any_l () ] - [ return' (result:uint32)-> (! return' {result}) ] + | & x1 : borrowed UInt32.t = any_l () + | & y : borrowed UInt32.t = any_l () ] + [ return' (result:UInt32.t)-> (! return' {result}) ] end module M_projections__write_into_sum [#"projections.rs" 16 0 16 42] let%span sprojections0 = "projections.rs" 18 24 18 26 let%span sresolve1 = "../../../creusot-contracts/src/resolve.rs" 54 20 54 34 + use prelude.prelude.Int + use prelude.prelude.UInt32 type t_Option'0 = | C_None'0 - | C_Some'0 uint32 + | C_Some'0 UInt32.t use prelude.prelude.Borrow - let rec v_Some'0 (input:t_Option'0) (ret (field_0:uint32))= any - [ good (field_0:uint32)-> {C_Some'0 field_0 = input} (! ret {field_0}) - | bad -> {forall field_0 : uint32 [C_Some'0 field_0 : t_Option'0] . C_Some'0 field_0 <> input} (! {false} any) ] + let rec v_Some'0 (input:t_Option'0) (ret (field_0:UInt32.t))= any + [ good (field_0:UInt32.t)-> {C_Some'0 field_0 = input} (! ret {field_0}) + | bad -> {forall field_0 : UInt32.t [C_Some'0 field_0 : t_Option'0] . C_Some'0 field_0 <> input} (! {false} any) ] - predicate resolve'2 (self : borrowed uint32) = + predicate resolve'2 (self : borrowed UInt32.t) = [%#sresolve1] self.final = self.current - predicate resolve'0 (_1 : borrowed uint32) = + predicate resolve'0 (_1 : borrowed UInt32.t) = resolve'2 _1 predicate resolve'3 (self : borrowed (t_Option'0)) = @@ -105,21 +111,24 @@ module M_projections__write_into_sum [#"projections.rs" 16 0 16 42] meta "compute_max_steps" 1000000 let rec write_into_sum'0 (x:borrowed (t_Option'0)) (return' (ret:()))= (! bb0 - [ bb0 = any [ br0 -> {x.current = C_None'0 } (! bb3) | br1 (x0:uint32)-> {x.current = C_Some'0 x0} (! bb2) ] + [ bb0 = any [ br0 -> {x.current = C_None'0 } (! bb3) | br1 (x0:UInt32.t)-> {x.current = C_Some'0 x0} (! bb2) ] | bb2 = bb4 | bb4 = s0 [ s0 = v_Some'0 {x.current} - (fun (r0'0:uint32) -> - Borrow.borrow_final {r0'0} {Borrow.inherit_id (Borrow.get_id x) 1} - (fun (_ret':borrowed uint32) -> [ &y <- _ret' ] [ &x <- { x with current = C_Some'0 _ret'.final } ] s1)) - | s1 = [ &y <- { y with current = ([%#sprojections0] (10 : uint32)) } ] s2 + (fun (r0'0:UInt32.t) -> + Borrow.borrow_final {r0'0} {Borrow.inherit_id (Borrow.get_id x) 1} + (fun (_ret':borrowed UInt32.t) -> + [ &y <- _ret' ] + [ &x <- { x with current = C_Some'0 _ret'.final } ] + s1)) + | s1 = [ &y <- { y with current = ([%#sprojections0] (10 : UInt32.t)) } ] s2 | s2 = -{resolve'0 y}- s3 | s3 = -{resolve'1 x}- s4 | s4 = bb5 ] | bb3 = s0 [ s0 = -{resolve'1 x}- s1 | s1 = bb5 ] | bb5 = return' {_0} ] - ) [ & _0 : () = any_l () | & x : borrowed (t_Option'0) = x | & y : borrowed uint32 = any_l () ] + ) [ & _0 : () = any_l () | & x : borrowed (t_Option'0) = x | & y : borrowed UInt32.t = any_l () ] [ return' (result:())-> (! return' {result}) ] end @@ -128,15 +137,17 @@ module M_projections__f [#"projections.rs" 23 0 23 10] let%span sprojections1 = "projections.rs" 25 24 25 25 let%span sprojections2 = "projections.rs" 26 16 26 21 + use prelude.prelude.Int + use prelude.prelude.Int32 type t_Option'0 = | C_None'0 - | C_Some'0 int32 + | C_Some'0 Int32.t - let rec v_Some'0 (input:t_Option'0) (ret (field_0:int32))= any - [ good (field_0:int32)-> {C_Some'0 field_0 = input} (! ret {field_0}) - | bad -> {forall field_0 : int32 [C_Some'0 field_0 : t_Option'0] . C_Some'0 field_0 <> input} (! {false} any) ] + let rec v_Some'0 (input:t_Option'0) (ret (field_0:Int32.t))= any + [ good (field_0:Int32.t)-> {C_Some'0 field_0 = input} (! ret {field_0}) + | bad -> {forall field_0 : Int32.t [C_Some'0 field_0 : t_Option'0] . C_Some'0 field_0 <> input} (! {false} any) ] use prelude.prelude.Intrinsic @@ -145,18 +156,18 @@ module M_projections__f [#"projections.rs" 23 0 23 10] let rec f'0 (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 - [ s0 = [ &_2 <- C_Some'0 ([%#sprojections0] (10 : int32)) ] s1 - | s1 = any [ br0 -> {_2 = C_None'0 } (! bb3) | br1 (x0:int32)-> {_2 = C_Some'0 x0} (! bb2) ] ] + [ s0 = [ &_2 <- C_Some'0 ([%#sprojections0] (10 : Int32.t)) ] s1 + | s1 = any [ br0 -> {_2 = C_None'0 } (! bb3) | br1 (x0:Int32.t)-> {_2 = C_Some'0 x0} (! bb2) ] ] | bb2 = bb4 | bb4 = s0 - [ s0 = v_Some'0 {_2} (fun (r0'0:int32) -> [ &x <- r0'0 ] s1) - | s1 = Int32.eq {x} {[%#sprojections1] (0 : int32)} (fun (_ret':bool) -> [ &_1 <- _ret' ] s2) + [ s0 = v_Some'0 {_2} (fun (r0'0:Int32.t) -> [ &x <- r0'0 ] s1) + | s1 = Int32.eq {x} {[%#sprojections1] (0 : Int32.t)} (fun (_ret':bool) -> [ &_1 <- _ret' ] s2) | s2 = bb5 ] | bb3 = s0 [ s0 = [ &_1 <- [%#sprojections2] false ] s1 | s1 = bb5 ] | bb5 = return' {_0} ] - ) [ & _0 : () = any_l () | & _1 : bool = any_l () | & _2 : t_Option'0 = any_l () | & x : int32 = any_l () ] + ) [ & _0 : () = any_l () | & _1 : bool = any_l () | & _2 : t_Option'0 = any_l () | & x : Int32.t = any_l () ] [ return' (result:())-> (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/projections/why3session.xml b/creusot/tests/should_succeed/projections/why3session.xml index 956a7bc07d..d05a468cb2 100644 --- a/creusot/tests/should_succeed/projections/why3session.xml +++ b/creusot/tests/should_succeed/projections/why3session.xml @@ -6,13 +6,13 @@ - - + + - - + + diff --git a/creusot/tests/should_succeed/projections/why3shapes.gz b/creusot/tests/should_succeed/projections/why3shapes.gz index da11283e17670de7d8bc051d5a315de1cbe9929f..3242a3a1383ff261dc3d92689812396cbf9dca5c 100644 GIT binary patch literal 191 zcmV;w06_mAiwFP!00000|3!^G4}vfdhWGx8ZYtBYK%piK#z=I*!GzUZ%Mp#?BLz+T z_acaF_uM`AzH5(nH*BfnFLK?zskdBlZ^N<-6Wm`9&aEJqIiw4mFv;PMBHjJm^JBnZ zQm1(~NAlB@QPuYE>sUB9T$+l$sc4_hQQc4f^L9vB4$EE)S*#RR8ze(QSqS4GBrv5k tGO&n%T5@p&rlZ0H$|`FLUuhMo(x^DH1Oj4T6fj7VeE`4qxYPv!004ydS5*K2 literal 192 zcmV;x06+g9iwFP!00000|3!_l4uUWchW9>2H`M8_rBqEAjIogg2NPCuEp0RgG(}B( zd!vYK_x<z1hf4xg zI;g`unqQK}FyG$pulid!HXN_5|9mC)h|zcV;eJdD%BRJYqcMzm;UM@7R4QGg8U<+O uQeh@gJJo>WxCdqlEt0mFDxKP}qTqxKDuC2pN}X}s3-$)=30`dl0RR9Xdsj06 diff --git a/creusot/tests/should_succeed/prophecy.coma b/creusot/tests/should_succeed/prophecy.coma index 8e63b0197c..ee987d5f9b 100644 --- a/creusot/tests/should_succeed/prophecy.coma +++ b/creusot/tests/should_succeed/prophecy.coma @@ -3,14 +3,16 @@ module M_prophecy__f [#"prophecy.rs" 3 0 3 10] let%span sprophecy1 = "prophecy.rs" 9 9 9 10 let%span sresolve2 = "../../../creusot-contracts/src/resolve.rs" 54 20 54 34 + use prelude.prelude.Int + use prelude.prelude.Int32 use prelude.prelude.Borrow - predicate resolve'1 (self : borrowed int32) = + predicate resolve'1 (self : borrowed Int32.t) = [%#sresolve2] self.final = self.current - predicate resolve'0 (_1 : borrowed int32) = + predicate resolve'0 (_1 : borrowed Int32.t) = resolve'1 _1 use prelude.prelude.Intrinsic @@ -19,13 +21,14 @@ module M_prophecy__f [#"prophecy.rs" 3 0 3 10] let rec f'0 (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 - [ s0 = [ &x <- [%#sprophecy0] (0 : int32) ] s1 - | s1 = Borrow.borrow_mut {x} (fun (_ret':borrowed int32) -> [ &y <- _ret' ] [ &x <- _ret'.final ] s2) - | s2 = [ &y <- { y with current = ([%#sprophecy1] (5 : int32)) } ] s3 + [ s0 = [ &x <- [%#sprophecy0] (0 : Int32.t) ] s1 + | s1 = Borrow.borrow_mut {x} + (fun (_ret':borrowed Int32.t) -> [ &y <- _ret' ] [ &x <- _ret'.final ] s2) + | s2 = [ &y <- { y with current = ([%#sprophecy1] (5 : Int32.t)) } ] s3 | s3 = -{resolve'0 y}- s4 | s4 = return' {_0} ] ] - ) [ & _0 : () = any_l () | & x : int32 = any_l () | & y : borrowed int32 = any_l () ] + ) [ & _0 : () = any_l () | & x : Int32.t = any_l () | & y : borrowed Int32.t = any_l () ] [ return' (result:())-> (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/replace.coma b/creusot/tests/should_succeed/replace.coma index f2b60a5e08..da4448ae63 100644 --- a/creusot/tests/should_succeed/replace.coma +++ b/creusot/tests/should_succeed/replace.coma @@ -1,13 +1,15 @@ module M_replace__test [#"replace.rs" 8 0 8 44] use prelude.prelude.Intrinsic + use prelude.prelude.Int + use prelude.prelude.UInt32 type t_Option'0 = | C_None'0 | C_Some'0 (t_Something'0) with t_Something'0 = - { t_Something__a'0: uint32; t_Something__b'0: t_Option'0 } + { t_Something__a'0: UInt32.t; t_Something__b'0: t_Option'0 } meta "compute_max_steps" 1000000 diff --git a/creusot/tests/should_succeed/resolve_drop.coma b/creusot/tests/should_succeed/resolve_drop.coma index d1076cc2d8..5d8e4a03f5 100644 --- a/creusot/tests/should_succeed/resolve_drop.coma +++ b/creusot/tests/should_succeed/resolve_drop.coma @@ -4,14 +4,16 @@ module M_resolve_drop__f [#"resolve_drop.rs" 4 0 4 10] let%span sresolve_drop2 = "resolve_drop.rs" 8 18 8 26 let%span sresolve3 = "../../../creusot-contracts/src/resolve.rs" 54 20 54 34 + use prelude.prelude.Int + use prelude.prelude.Int32 use prelude.prelude.Borrow - predicate resolve'1 (self : borrowed int32) = + predicate resolve'1 (self : borrowed Int32.t) = [%#sresolve3] self.final = self.current - predicate resolve'0 (_1 : borrowed int32) = + predicate resolve'0 (_1 : borrowed Int32.t) = resolve'1 _1 use prelude.prelude.Int32 @@ -22,14 +24,15 @@ module M_resolve_drop__f [#"resolve_drop.rs" 4 0 4 10] let rec f'0 (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 - [ s0 = [ &x <- [%#sresolve_drop0] (12 : int32) ] s1 - | s1 = Borrow.borrow_mut {x} (fun (_ret':borrowed int32) -> [ &_3 <- _ret' ] [ &x <- _ret'.final ] s2) + [ s0 = [ &x <- [%#sresolve_drop0] (12 : Int32.t) ] s1 + | s1 = Borrow.borrow_mut {x} + (fun (_ret':borrowed Int32.t) -> [ &_3 <- _ret' ] [ &x <- _ret'.final ] s2) | s2 = [ &b <- _3 ] s3 | s3 = bb1 ] | bb1 = s0 - [ s0 = Int32.add {b.current} {[%#sresolve_drop1] (1 : int32)} - (fun (_ret':int32) -> [ &b <- { b with current = _ret' } ] s1) + [ s0 = Int32.add {b.current} {[%#sresolve_drop1] (1 : Int32.t)} + (fun (_ret':Int32.t) -> [ &b <- { b with current = _ret' } ] s1) | s1 = -{resolve'0 b}- s2 | s2 = {[@expl:assertion] [%#sresolve_drop2] Int32.to_int x = 13} s3 | s3 = bb2 ] @@ -37,8 +40,8 @@ module M_resolve_drop__f [#"resolve_drop.rs" 4 0 4 10] | bb2 = return' {_0} ] ) [ & _0 : () = any_l () - | & x : int32 = any_l () - | & b : borrowed int32 = any_l () - | & _3 : borrowed int32 = any_l () ] + | & x : Int32.t = any_l () + | & b : borrowed Int32.t = any_l () + | & _3 : borrowed Int32.t = any_l () ] [ return' (result:())-> (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/resolve_uninit.coma b/creusot/tests/should_succeed/resolve_uninit.coma index 120dc0e033..38f92d8c82 100644 --- a/creusot/tests/should_succeed/resolve_uninit.coma +++ b/creusot/tests/should_succeed/resolve_uninit.coma @@ -50,47 +50,51 @@ module M_resolve_uninit__init_join [#"resolve_uninit.rs" 15 0 15 37] use prelude.prelude.Borrow + use prelude.prelude.Int + use prelude.prelude.Int32 - predicate resolve'1 (self : borrowed int32) = + predicate resolve'1 (self : borrowed Int32.t) = [%#sresolve3] self.final = self.current - predicate resolve'0 (_1 : borrowed int32) = + predicate resolve'0 (_1 : borrowed Int32.t) = resolve'1 _1 use prelude.prelude.Intrinsic meta "compute_max_steps" 1000000 - let rec init_join'0 (b:bool) (x:int32) (return' (ret:()))= (! bb0 + let rec init_join'0 (b:bool) (x:Int32.t) (return' (ret:()))= (! bb0 [ bb0 = any [ br0 -> {b = false} (! bb2) | br1 -> {b} (! bb1) ] | bb1 = s0 - [ s0 = Borrow.borrow_mut {x} (fun (_ret':borrowed int32) -> [ &_8 <- _ret' ] [ &x <- _ret'.final ] s1) - | s1 = Borrow.borrow_final {_8.current} {Borrow.get_id _8} - (fun (_ret':borrowed int32) -> [ &_7 <- _ret' ] [ &_8 <- { _8 with current = _ret'.final } ] s2) + [ s0 = Borrow.borrow_mut {x} + (fun (_ret':borrowed Int32.t) -> [ &_8 <- _ret' ] [ &x <- _ret'.final ] s1) + | s1 = Borrow.borrow_final {_8.current} {Borrow.get_id _8} + (fun (_ret':borrowed Int32.t) -> [ &_7 <- _ret' ] [ &_8 <- { _8 with current = _ret'.final } ] s2) | s2 = [ &z <- _7 ] s3 | s3 = -{resolve'0 _8}- s4 - | s4 = Borrow.borrow_final {z.current} {Borrow.get_id z} - (fun (_ret':borrowed int32) -> [ &_10 <- _ret' ] [ &z <- { z with current = _ret'.final } ] s5) - | s5 = Borrow.borrow_final {_10.current} {Borrow.get_id _10} - (fun (_ret':borrowed int32) -> [ &_9 <- _ret' ] [ &_10 <- { _10 with current = _ret'.final } ] s6) + | s4 = Borrow.borrow_final {z.current} {Borrow.get_id z} + (fun (_ret':borrowed Int32.t) -> [ &_10 <- _ret' ] [ &z <- { z with current = _ret'.final } ] s5) + | s5 = Borrow.borrow_final {_10.current} {Borrow.get_id _10} + (fun (_ret':borrowed Int32.t) -> [ &_9 <- _ret' ] [ &_10 <- { _10 with current = _ret'.final } ] s6) | s6 = [ &y <- _9 ] s7 | s7 = -{resolve'0 _10}- s8 | s8 = bb7 ] | bb7 = s0 [ s0 = -{resolve'0 z}- s1 | s1 = bb3 ] | bb2 = s0 - [ s0 = Borrow.borrow_mut {x} (fun (_ret':borrowed int32) -> [ &_12 <- _ret' ] [ &x <- _ret'.final ] s1) - | s1 = Borrow.borrow_final {_12.current} {Borrow.get_id _12} - (fun (_ret':borrowed int32) -> [ &_11 <- _ret' ] [ &_12 <- { _12 with current = _ret'.final } ] s2) + [ s0 = Borrow.borrow_mut {x} + (fun (_ret':borrowed Int32.t) -> [ &_12 <- _ret' ] [ &x <- _ret'.final ] s1) + | s1 = Borrow.borrow_final {_12.current} {Borrow.get_id _12} + (fun (_ret':borrowed Int32.t) -> [ &_11 <- _ret' ] [ &_12 <- { _12 with current = _ret'.final } ] s2) | s2 = [ &y <- _11 ] s3 | s3 = -{resolve'0 _12}- s4 | s4 = bb3 ] | bb3 = s0 - [ s0 = [ &y <- { y with current = ([%#sresolve_uninit0] (5 : int32)) } ] s1 + [ s0 = [ &y <- { y with current = ([%#sresolve_uninit0] (5 : Int32.t)) } ] s1 | s1 = -{resolve'0 y}- s2 - | s2 = Int32.eq {x} {[%#sresolve_uninit1] (5 : int32)} (fun (_ret':bool) -> [ &_14 <- _ret' ] s3) + | s2 = Int32.eq {x} {[%#sresolve_uninit1] (5 : Int32.t)} (fun (_ret':bool) -> [ &_14 <- _ret' ] s3) | s3 = any [ br0 -> {_14 = false} (! bb5) | br1 -> {_14} (! bb4) ] ] | bb4 = return' {_0} @@ -98,15 +102,15 @@ module M_resolve_uninit__init_join [#"resolve_uninit.rs" 15 0 15 37] ) [ & _0 : () = any_l () | & b : bool = b - | & x : int32 = x - | & y : borrowed int32 = any_l () - | & z : borrowed int32 = any_l () - | & _7 : borrowed int32 = any_l () - | & _8 : borrowed int32 = any_l () - | & _9 : borrowed int32 = any_l () - | & _10 : borrowed int32 = any_l () - | & _11 : borrowed int32 = any_l () - | & _12 : borrowed int32 = any_l () + | & x : Int32.t = x + | & y : borrowed Int32.t = any_l () + | & z : borrowed Int32.t = any_l () + | & _7 : borrowed Int32.t = any_l () + | & _8 : borrowed Int32.t = any_l () + | & _9 : borrowed Int32.t = any_l () + | & _10 : borrowed Int32.t = any_l () + | & _11 : borrowed Int32.t = any_l () + | & _12 : borrowed Int32.t = any_l () | & _14 : bool = any_l () ] [ return' (result:())-> (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/result/result.coma b/creusot/tests/should_succeed/result/result.coma index 3a79e7b35b..7302659d04 100644 --- a/creusot/tests/should_succeed/result/result.coma +++ b/creusot/tests/should_succeed/result/result.coma @@ -121,11 +121,13 @@ module M_result__test_result [#"result.rs" 3 0 3 20] let%span sresolve119 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 let%span snum120 = "../../../../creusot-contracts/src/std/num.rs" 29 28 29 32 + use prelude.prelude.Int + use prelude.prelude.Int32 type t_Result'1 = - | C_Ok'0 int32 - | C_Err'0 int32 + | C_Ok'0 Int32.t + | C_Err'0 Int32.t use prelude.prelude.Borrow @@ -134,10 +136,14 @@ module M_result__test_result [#"result.rs" 3 0 3 20] axiom inv_axiom'0 [@rewrite] : forall x : t_Result'1 [inv'0 x] . inv'0 x = true let rec is_ok'0 (self:t_Result'1) (return' (ret:bool))= {[@expl:is_ok 'self' type invariant] inv'0 self} - any [ return' (result:bool)-> {[%#sresult87] result = (exists t : int32 . self = C_Ok'0 t)} (! return' {result}) ] + any + [ return' (result:bool)-> {[%#sresult87] result = (exists t : Int32.t . self = C_Ok'0 t)} (! return' {result}) ] + let rec is_err'0 (self:t_Result'1) (return' (ret:bool))= {[@expl:is_err 'self' type invariant] inv'0 self} - any [ return' (result:bool)-> {[%#sresult88] result = (exists e : int32 . self = C_Err'0 e)} (! return' {result}) ] + any + [ return' (result:bool)-> {[%#sresult88] result = (exists e : Int32.t . self = C_Err'0 e)} (! return' {result}) ] + predicate inv'1 (_1 : t_Result'1) @@ -145,7 +151,7 @@ module M_result__test_result [#"result.rs" 3 0 3 20] type t_Option'0 = | C_None'0 - | C_Some'0 int32 + | C_Some'0 Int32.t predicate inv'2 (_1 : t_Option'0) @@ -154,18 +160,18 @@ module M_result__test_result [#"result.rs" 3 0 3 20] let rec ok'0 (self:t_Result'1) (return' (ret:t_Option'0))= {[@expl:ok 'self' type invariant] inv'1 self} any [ return' (result:t_Option'0)-> {inv'2 result} - {[%#sresult89] forall t : int32 . self = C_Ok'0 t -> result = C_Some'0 t} - {[%#sresult90] (exists e : int32 . self = C_Err'0 e) -> result = C_None'0} + {[%#sresult89] forall t : Int32.t . self = C_Ok'0 t -> result = C_Some'0 t} + {[%#sresult90] (exists e : Int32.t . self = C_Err'0 e) -> result = C_None'0} (! return' {result}) ] - predicate inv'3 (_1 : int32) + predicate inv'3 (_1 : Int32.t) - axiom inv_axiom'3 [@rewrite] : forall x : int32 [inv'3 x] . inv'3 x = true + axiom inv_axiom'3 [@rewrite] : forall x : Int32.t [inv'3 x] . inv'3 x = true - let rec unwrap'0 (self:t_Option'0) (return' (ret:int32))= {[@expl:unwrap 'self' type invariant] inv'2 self} + let rec unwrap'0 (self:t_Option'0) (return' (ret:Int32.t))= {[@expl:unwrap 'self' type invariant] inv'2 self} {[@expl:unwrap requires] [%#soption91] self <> C_None'0} - any [ return' (result:int32)-> {inv'3 result} {[%#soption91] C_Some'0 result = self} (! return' {result}) ] + any [ return' (result:Int32.t)-> {inv'3 result} {[%#soption91] C_Some'0 result = self} (! return' {result}) ] predicate inv'4 (_1 : t_Option'0) @@ -177,14 +183,14 @@ module M_result__test_result [#"result.rs" 3 0 3 20] let rec err'0 (self:t_Result'1) (return' (ret:t_Option'0))= {[@expl:err 'self' type invariant] inv'1 self} any [ return' (result:t_Option'0)-> {inv'2 result} - {[%#sresult93] (exists t : int32 . self = C_Ok'0 t) -> result = C_None'0} - {[%#sresult94] forall e : int32 . self = C_Err'0 e -> result = C_Some'0 e} + {[%#sresult93] (exists t : Int32.t . self = C_Ok'0 t) -> result = C_None'0} + {[%#sresult94] forall e : Int32.t . self = C_Err'0 e -> result = C_Some'0 e} (! return' {result}) ] type t_Result'0 = - | C_Ok'2 int32 - | C_Err'2 int32 + | C_Ok'2 Int32.t + | C_Err'2 Int32.t predicate inv'5 (_1 : t_Result'0) @@ -193,30 +199,30 @@ module M_result__test_result [#"result.rs" 3 0 3 20] let rec as_ref'0 (self:t_Result'1) (return' (ret:t_Result'0))= {[@expl:as_ref 'self' type invariant] inv'0 self} any [ return' (result:t_Result'0)-> {inv'5 result} - {[%#sresult95] forall t : int32 . self = C_Ok'0 t -> result = C_Ok'2 t} - {[%#sresult96] forall e : int32 . self = C_Err'0 e -> result = C_Err'2 e} + {[%#sresult95] forall t : Int32.t . self = C_Ok'0 t -> result = C_Ok'2 t} + {[%#sresult96] forall e : Int32.t . self = C_Err'0 e -> result = C_Err'2 e} (! return' {result}) ] - predicate inv'6 (_1 : int32) + predicate inv'6 (_1 : Int32.t) - axiom inv_axiom'6 [@rewrite] : forall x : int32 [inv'6 x] . inv'6 x = true + axiom inv_axiom'6 [@rewrite] : forall x : Int32.t [inv'6 x] . inv'6 x = true - let rec unwrap'1 (self:t_Result'0) (return' (ret:int32))= {[@expl:unwrap 'self' type invariant] inv'5 self} - {[@expl:unwrap requires] [%#sresult97] exists t : int32 . self = C_Ok'2 t} - any [ return' (result:int32)-> {inv'6 result} {[%#sresult98] C_Ok'2 result = self} (! return' {result}) ] + let rec unwrap'1 (self:t_Result'0) (return' (ret:Int32.t))= {[@expl:unwrap 'self' type invariant] inv'5 self} + {[@expl:unwrap requires] [%#sresult97] exists t : Int32.t . self = C_Ok'2 t} + any [ return' (result:Int32.t)-> {inv'6 result} {[%#sresult98] C_Ok'2 result = self} (! return' {result}) ] - let rec unwrap_err'0 (self:t_Result'0) (return' (ret:int32))= {[@expl:unwrap_err 'self' type invariant] inv'5 self} - {[@expl:unwrap_err requires] [%#sresult99] exists e : int32 . self = C_Err'2 e} - any [ return' (result:int32)-> {inv'6 result} {[%#sresult98] C_Err'2 result = self} (! return' {result}) ] + let rec unwrap_err'0 (self:t_Result'0) (return' (ret:Int32.t))= {[@expl:unwrap_err 'self' type invariant] inv'5 self} + {[@expl:unwrap_err requires] [%#sresult99] exists e : Int32.t . self = C_Err'2 e} + any [ return' (result:Int32.t)-> {inv'6 result} {[%#sresult98] C_Err'2 result = self} (! return' {result}) ] predicate inv'7 (_1 : borrowed (t_Result'1)) axiom inv_axiom'7 [@rewrite] : forall x : borrowed (t_Result'1) [inv'7 x] . inv'7 x = true type t_Result'2 = - | C_Ok'3 (borrowed int32) - | C_Err'3 (borrowed int32) + | C_Ok'3 (borrowed Int32.t) + | C_Err'3 (borrowed Int32.t) predicate inv'8 (_1 : t_Result'2) @@ -225,56 +231,60 @@ module M_result__test_result [#"result.rs" 3 0 3 20] let rec as_mut'0 (self:borrowed (t_Result'1)) (return' (ret:t_Result'2))= {[@expl:as_mut 'self' type invariant] inv'7 self} any [ return' (result:t_Result'2)-> {inv'8 result} - {[%#sresult100] exists t : borrowed int32 . self.current = C_Ok'0 (t.current) + {[%#sresult100] exists t : borrowed Int32.t . self.current = C_Ok'0 (t.current) /\ self.final = C_Ok'0 (t.final) /\ result = C_Ok'3 t - \/ (exists e : borrowed int32 . self.current = C_Err'0 (e.current) + \/ (exists e : borrowed Int32.t . self.current = C_Err'0 (e.current) /\ self.final = C_Err'0 (e.final) /\ result = C_Err'3 e)} (! return' {result}) ] - predicate inv'9 (_1 : borrowed int32) + predicate inv'9 (_1 : borrowed Int32.t) - axiom inv_axiom'9 [@rewrite] : forall x : borrowed int32 [inv'9 x] . inv'9 x = true + axiom inv_axiom'9 [@rewrite] : forall x : borrowed Int32.t [inv'9 x] . inv'9 x = true - let rec unwrap'2 (self:t_Result'2) (return' (ret:borrowed int32))= {[@expl:unwrap 'self' type invariant] inv'8 self} - {[@expl:unwrap requires] [%#sresult97] exists t : borrowed int32 . self = C_Ok'3 t} - any [ return' (result:borrowed int32)-> {inv'9 result} {[%#sresult98] C_Ok'3 result = self} (! return' {result}) ] + let rec unwrap'2 (self:t_Result'2) (return' (ret:borrowed Int32.t))= {[@expl:unwrap 'self' type invariant] inv'8 self} + {[@expl:unwrap requires] [%#sresult97] exists t : borrowed Int32.t . self = C_Ok'3 t} + any + [ return' (result:borrowed Int32.t)-> {inv'9 result} {[%#sresult98] C_Ok'3 result = self} (! return' {result}) ] + - predicate resolve'1 (self : borrowed int32) = + predicate resolve'1 (self : borrowed Int32.t) = [%#sresolve119] self.final = self.current - predicate resolve'0 (_1 : borrowed int32) = + predicate resolve'0 (_1 : borrowed Int32.t) = resolve'1 _1 - let rec unwrap'3 (self:t_Result'1) (return' (ret:int32))= {[@expl:unwrap 'self' type invariant] inv'1 self} - {[@expl:unwrap requires] [%#sresult97] exists t : int32 . self = C_Ok'0 t} - any [ return' (result:int32)-> {inv'3 result} {[%#sresult98] C_Ok'0 result = self} (! return' {result}) ] + let rec unwrap'3 (self:t_Result'1) (return' (ret:Int32.t))= {[@expl:unwrap 'self' type invariant] inv'1 self} + {[@expl:unwrap requires] [%#sresult97] exists t : Int32.t . self = C_Ok'0 t} + any [ return' (result:Int32.t)-> {inv'3 result} {[%#sresult98] C_Ok'0 result = self} (! return' {result}) ] - let rec unwrap_err'1 (self:t_Result'2) (return' (ret:borrowed int32))= {[@expl:unwrap_err 'self' type invariant] inv'8 self} - {[@expl:unwrap_err requires] [%#sresult99] exists e : borrowed int32 . self = C_Err'3 e} - any [ return' (result:borrowed int32)-> {inv'9 result} {[%#sresult98] C_Err'3 result = self} (! return' {result}) ] + let rec unwrap_err'1 (self:t_Result'2) (return' (ret:borrowed Int32.t))= {[@expl:unwrap_err 'self' type invariant] inv'8 self} + {[@expl:unwrap_err requires] [%#sresult99] exists e : borrowed Int32.t . self = C_Err'3 e} + any + [ return' (result:borrowed Int32.t)-> {inv'9 result} {[%#sresult98] C_Err'3 result = self} (! return' {result}) ] + - let rec unwrap_err'2 (self:t_Result'1) (return' (ret:int32))= {[@expl:unwrap_err 'self' type invariant] inv'1 self} - {[@expl:unwrap_err requires] [%#sresult99] exists e : int32 . self = C_Err'0 e} - any [ return' (result:int32)-> {inv'3 result} {[%#sresult98] C_Err'0 result = self} (! return' {result}) ] + let rec unwrap_err'2 (self:t_Result'1) (return' (ret:Int32.t))= {[@expl:unwrap_err 'self' type invariant] inv'1 self} + {[@expl:unwrap_err requires] [%#sresult99] exists e : Int32.t . self = C_Err'0 e} + any [ return' (result:Int32.t)-> {inv'3 result} {[%#sresult98] C_Err'0 result = self} (! return' {result}) ] - let rec unwrap_or'0 (self:t_Result'1) (default:int32) (return' (ret:int32))= {[@expl:unwrap_or 'self' type invariant] inv'1 self} + let rec unwrap_or'0 (self:t_Result'1) (default:Int32.t) (return' (ret:Int32.t))= {[@expl:unwrap_or 'self' type invariant] inv'1 self} {[@expl:unwrap_or 'default' type invariant] inv'3 default} any - [ return' (result:int32)-> {inv'3 result} - {[%#sresult101] forall t : int32 . self = C_Ok'0 t -> result = t} - {[%#sresult102] (exists e : int32 . self = C_Err'0 e) -> result = default} + [ return' (result:Int32.t)-> {inv'3 result} + {[%#sresult101] forall t : Int32.t . self = C_Ok'0 t -> result = t} + {[%#sresult102] (exists e : Int32.t . self = C_Err'0 e) -> result = default} (! return' {result}) ] - predicate is_default'0 (self : int32) = - [%#snum120] self = (0 : int32) + predicate is_default'0 (self : Int32.t) = + [%#snum120] self = (0 : Int32.t) - let rec unwrap_or_default'0 (self:t_Result'1) (return' (ret:int32))= {[@expl:unwrap_or_default 'self' type invariant] inv'1 self} + let rec unwrap_or_default'0 (self:t_Result'1) (return' (ret:Int32.t))= {[@expl:unwrap_or_default 'self' type invariant] inv'1 self} any - [ return' (result:int32)-> {inv'3 result} - {[%#sresult103] forall t : int32 . self = C_Ok'0 t -> result = t} - {[%#sresult104] (exists e : int32 . self = C_Err'0 e) -> is_default'0 result} + [ return' (result:Int32.t)-> {inv'3 result} + {[%#sresult103] forall t : Int32.t . self = C_Ok'0 t -> result = t} + {[%#sresult104] (exists e : Int32.t . self = C_Err'0 e) -> is_default'0 result} (! return' {result}) ] @@ -282,8 +292,8 @@ module M_result__test_result [#"result.rs" 3 0 3 20] {[@expl:and 'res' type invariant] inv'1 res} any [ return' (result:t_Result'1)-> {inv'1 result} - {[%#sresult105] (exists t : int32 . self = C_Ok'0 t) -> result = res} - {[%#sresult106] forall e : int32 . self = C_Err'0 e -> result = C_Err'0 e} + {[%#sresult105] (exists t : Int32.t . self = C_Ok'0 t) -> result = res} + {[%#sresult106] forall e : Int32.t . self = C_Err'0 e -> result = C_Err'0 e} (! return' {result}) ] @@ -291,14 +301,14 @@ module M_result__test_result [#"result.rs" 3 0 3 20] {[@expl:or 'res' type invariant] inv'1 res} any [ return' (result:t_Result'1)-> {inv'1 result} - {[%#sresult107] forall t : int32 . self = C_Ok'0 t -> result = C_Ok'0 t} - {[%#sresult108] (exists e : int32 . self = C_Err'0 e) -> result = res} + {[%#sresult107] forall t : Int32.t . self = C_Ok'0 t -> result = C_Ok'0 t} + {[%#sresult108] (exists e : Int32.t . self = C_Err'0 e) -> result = res} (! return' {result}) ] type t_Result'3 = - | C_Ok'4 int32 - | C_Err'4 int32 + | C_Ok'4 Int32.t + | C_Err'4 Int32.t predicate inv'10 (_1 : t_Result'3) @@ -307,22 +317,22 @@ module M_result__test_result [#"result.rs" 3 0 3 20] let rec copied'0 (self:t_Result'0) (return' (ret:t_Result'3))= {[@expl:copied 'self' type invariant] inv'5 self} any [ return' (result:t_Result'3)-> {inv'10 result} - {[%#sresult109] forall t : int32 . self = C_Ok'2 t -> result = C_Ok'4 t} - {[%#sresult110] forall e : int32 . self = C_Err'2 e -> result = C_Err'4 e} + {[%#sresult109] forall t : Int32.t . self = C_Ok'2 t -> result = C_Ok'4 t} + {[%#sresult110] forall e : Int32.t . self = C_Err'2 e -> result = C_Err'4 e} (! return' {result}) ] - let rec unwrap'4 (self:t_Result'3) (return' (ret:int32))= {[@expl:unwrap 'self' type invariant] inv'10 self} - {[@expl:unwrap requires] [%#sresult97] exists t : int32 . self = C_Ok'4 t} - any [ return' (result:int32)-> {inv'3 result} {[%#sresult98] C_Ok'4 result = self} (! return' {result}) ] + let rec unwrap'4 (self:t_Result'3) (return' (ret:Int32.t))= {[@expl:unwrap 'self' type invariant] inv'10 self} + {[@expl:unwrap requires] [%#sresult97] exists t : Int32.t . self = C_Ok'4 t} + any [ return' (result:Int32.t)-> {inv'3 result} {[%#sresult98] C_Ok'4 result = self} (! return' {result}) ] - let rec unwrap_err'3 (self:t_Result'3) (return' (ret:int32))= {[@expl:unwrap_err 'self' type invariant] inv'10 self} - {[@expl:unwrap_err requires] [%#sresult99] exists e : int32 . self = C_Err'4 e} - any [ return' (result:int32)-> {inv'6 result} {[%#sresult98] C_Err'4 result = self} (! return' {result}) ] + let rec unwrap_err'3 (self:t_Result'3) (return' (ret:Int32.t))= {[@expl:unwrap_err 'self' type invariant] inv'10 self} + {[@expl:unwrap_err requires] [%#sresult99] exists e : Int32.t . self = C_Err'4 e} + any [ return' (result:Int32.t)-> {inv'6 result} {[%#sresult98] C_Err'4 result = self} (! return' {result}) ] type t_Result'4 = - | C_Ok'5 int32 - | C_Err'5 (borrowed int32) + | C_Ok'5 Int32.t + | C_Err'5 (borrowed Int32.t) predicate inv'11 (_1 : t_Result'4) @@ -331,38 +341,40 @@ module M_result__test_result [#"result.rs" 3 0 3 20] let rec copied'1 (self:t_Result'2) (return' (ret:t_Result'4))= {[@expl:copied 'self' type invariant] inv'8 self} any [ return' (result:t_Result'4)-> {inv'11 result} - {[%#sresult111] forall t : borrowed int32 . self = C_Ok'3 t -> result = C_Ok'5 (t.current) /\ resolve'1 t} - {[%#sresult112] forall e : borrowed int32 . self = C_Err'3 e -> result = C_Err'5 e} + {[%#sresult111] forall t : borrowed Int32.t . self = C_Ok'3 t -> result = C_Ok'5 (t.current) /\ resolve'1 t} + {[%#sresult112] forall e : borrowed Int32.t . self = C_Err'3 e -> result = C_Err'5 e} (! return' {result}) ] - let rec unwrap'5 (self:t_Result'4) (return' (ret:int32))= {[@expl:unwrap 'self' type invariant] inv'11 self} - {[@expl:unwrap requires] [%#sresult97] exists t : int32 . self = C_Ok'5 t} - any [ return' (result:int32)-> {inv'3 result} {[%#sresult98] C_Ok'5 result = self} (! return' {result}) ] + let rec unwrap'5 (self:t_Result'4) (return' (ret:Int32.t))= {[@expl:unwrap 'self' type invariant] inv'11 self} + {[@expl:unwrap requires] [%#sresult97] exists t : Int32.t . self = C_Ok'5 t} + any [ return' (result:Int32.t)-> {inv'3 result} {[%#sresult98] C_Ok'5 result = self} (! return' {result}) ] - let rec unwrap_err'4 (self:t_Result'4) (return' (ret:borrowed int32))= {[@expl:unwrap_err 'self' type invariant] inv'11 self} - {[@expl:unwrap_err requires] [%#sresult99] exists e : borrowed int32 . self = C_Err'5 e} - any [ return' (result:borrowed int32)-> {inv'9 result} {[%#sresult98] C_Err'5 result = self} (! return' {result}) ] + let rec unwrap_err'4 (self:t_Result'4) (return' (ret:borrowed Int32.t))= {[@expl:unwrap_err 'self' type invariant] inv'11 self} + {[@expl:unwrap_err requires] [%#sresult99] exists e : borrowed Int32.t . self = C_Err'5 e} + any + [ return' (result:borrowed Int32.t)-> {inv'9 result} {[%#sresult98] C_Err'5 result = self} (! return' {result}) ] + let rec cloned'0 (self:t_Result'0) (return' (ret:t_Result'3))= {[@expl:cloned 'self' type invariant] inv'5 self} any [ return' (result:t_Result'3)-> {inv'10 result} - {[%#sresult113] forall t : int32 . self = C_Ok'2 t -> result = C_Ok'4 t} - {[%#sresult114] forall e : int32 . self = C_Err'2 e -> result = C_Err'4 e} + {[%#sresult113] forall t : Int32.t . self = C_Ok'2 t -> result = C_Ok'4 t} + {[%#sresult114] forall e : Int32.t . self = C_Err'2 e -> result = C_Err'4 e} (! return' {result}) ] let rec cloned'1 (self:t_Result'2) (return' (ret:t_Result'4))= {[@expl:cloned 'self' type invariant] inv'8 self} any [ return' (result:t_Result'4)-> {inv'11 result} - {[%#sresult115] forall t : borrowed int32 . self = C_Ok'3 t -> result = C_Ok'5 (t.current) /\ resolve'1 t} - {[%#sresult116] forall e : borrowed int32 . self = C_Err'3 e -> result = C_Err'5 e} + {[%#sresult115] forall t : borrowed Int32.t . self = C_Ok'3 t -> result = C_Ok'5 (t.current) /\ resolve'1 t} + {[%#sresult116] forall e : borrowed Int32.t . self = C_Err'3 e -> result = C_Err'5 e} (! return' {result}) ] type t_Result'5 = | C_Ok'1 (t_Option'0) - | C_Err'1 int32 + | C_Err'1 Int32.t predicate inv'12 (_1 : t_Result'5) @@ -380,8 +392,8 @@ module M_result__test_result [#"result.rs" 3 0 3 20] any [ return' (result:t_Option'1)-> {inv'13 result} {[%#sresult98] self = C_Ok'1 (C_None'0) -> result = C_None'1} - {[%#sresult117] forall t : int32 . self = C_Ok'1 (C_Some'0 t) -> result = C_Some'1 (C_Ok'0 t)} - {[%#sresult118] forall e : int32 . self = C_Err'1 e -> result = C_Some'1 (C_Err'0 e)} + {[%#sresult117] forall t : Int32.t . self = C_Ok'1 (C_Some'0 t) -> result = C_Some'1 (C_Ok'0 t)} + {[%#sresult118] forall e : Int32.t . self = C_Err'1 e -> result = C_Some'1 (C_Err'0 e)} (! return' {result}) ] @@ -402,8 +414,8 @@ module M_result__test_result [#"result.rs" 3 0 3 20] let rec test_result'0 (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 - [ s0 = [ &ok <- C_Ok'0 ([%#sresult0] (1 : int32)) ] s1 - | s1 = [ &err <- C_Err'0 ([%#sresult1] (-1 : int32)) ] s2 + [ s0 = [ &ok <- C_Ok'0 ([%#sresult0] (1 : Int32.t)) ] s1 + | s1 = [ &err <- C_Err'0 ([%#sresult1] (-1 : Int32.t)) ] s2 | s2 = is_ok'0 {ok} (fun (_ret':bool) -> [ &_4 <- _ret' ] s3) | s3 = bb1 ] @@ -417,9 +429,9 @@ module M_result__test_result [#"result.rs" 3 0 3 20] | bb10 = any [ br0 -> {_12 = false} (! bb12) | br1 -> {_12} (! bb11) ] | bb11 = bb14 | bb12 = s0 [ s0 = ok'0 {ok} (fun (_ret':t_Option'0) -> [ &_18 <- _ret' ] s1) | s1 = bb15 ] - | bb15 = s0 [ s0 = unwrap'0 {_18} (fun (_ret':int32) -> [ &_17 <- _ret' ] s1) | s1 = bb16 ] + | bb15 = s0 [ s0 = unwrap'0 {_18} (fun (_ret':Int32.t) -> [ &_17 <- _ret' ] s1) | s1 = bb16 ] | bb16 = s0 - [ s0 = Int32.eq {_17} {[%#sresult2] (1 : int32)} (fun (_ret':bool) -> [ &_16 <- _ret' ] s1) + [ s0 = Int32.eq {_17} {[%#sresult2] (1 : Int32.t)} (fun (_ret':bool) -> [ &_16 <- _ret' ] s1) | s1 = any [ br0 -> {_16 = false} (! bb18) | br1 -> {_16} (! bb17) ] ] | bb17 = s0 [ s0 = ok'0 {err} (fun (_ret':t_Option'0) -> [ &_24 <- _ret' ] s1) | s1 = bb19 ] @@ -429,21 +441,21 @@ module M_result__test_result [#"result.rs" 3 0 3 20] | bb23 = s0 [ s0 = is_none'0 {_30} (fun (_ret':bool) -> [ &_28 <- _ret' ] s1) | s1 = bb24 ] | bb24 = any [ br0 -> {_28 = false} (! bb26) | br1 -> {_28} (! bb25) ] | bb25 = s0 [ s0 = err'0 {err} (fun (_ret':t_Option'0) -> [ &_36 <- _ret' ] s1) | s1 = bb27 ] - | bb27 = s0 [ s0 = unwrap'0 {_36} (fun (_ret':int32) -> [ &_35 <- _ret' ] s1) | s1 = bb28 ] + | bb27 = s0 [ s0 = unwrap'0 {_36} (fun (_ret':Int32.t) -> [ &_35 <- _ret' ] s1) | s1 = bb28 ] | bb28 = s0 - [ s0 = Int32.eq {_35} {[%#sresult3] (-1 : int32)} (fun (_ret':bool) -> [ &_34 <- _ret' ] s1) + [ s0 = Int32.eq {_35} {[%#sresult3] (-1 : Int32.t)} (fun (_ret':bool) -> [ &_34 <- _ret' ] s1) | s1 = any [ br0 -> {_34 = false} (! bb30) | br1 -> {_34} (! bb29) ] ] | bb29 = s0 [ s0 = as_ref'0 {ok} (fun (_ret':t_Result'0) -> [ &_43 <- _ret' ] s1) | s1 = bb31 ] - | bb31 = s0 [ s0 = unwrap'1 {_43} (fun (_ret':int32) -> [ &_42 <- _ret' ] s1) | s1 = bb32 ] + | bb31 = s0 [ s0 = unwrap'1 {_43} (fun (_ret':Int32.t) -> [ &_42 <- _ret' ] s1) | s1 = bb32 ] | bb32 = s0 - [ s0 = Int32.eq {_42} {[%#sresult4] (1 : int32)} (fun (_ret':bool) -> [ &_40 <- _ret' ] s1) + [ s0 = Int32.eq {_42} {[%#sresult4] (1 : Int32.t)} (fun (_ret':bool) -> [ &_40 <- _ret' ] s1) | s1 = any [ br0 -> {_40 = false} (! bb34) | br1 -> {_40} (! bb33) ] ] | bb33 = s0 [ s0 = as_ref'0 {err} (fun (_ret':t_Result'0) -> [ &_50 <- _ret' ] s1) | s1 = bb35 ] - | bb35 = s0 [ s0 = unwrap_err'0 {_50} (fun (_ret':int32) -> [ &_49 <- _ret' ] s1) | s1 = bb36 ] + | bb35 = s0 [ s0 = unwrap_err'0 {_50} (fun (_ret':Int32.t) -> [ &_49 <- _ret' ] s1) | s1 = bb36 ] | bb36 = s0 - [ s0 = Int32.eq {_49} {[%#sresult5] (-1 : int32)} (fun (_ret':bool) -> [ &_47 <- _ret' ] s1) + [ s0 = Int32.eq {_49} {[%#sresult5] (-1 : Int32.t)} (fun (_ret':bool) -> [ &_47 <- _ret' ] s1) | s1 = any [ br0 -> {_47 = false} (! bb38) | br1 -> {_47} (! bb37) ] ] | bb37 = s0 @@ -452,15 +464,15 @@ module M_result__test_result [#"result.rs" 3 0 3 20] | s1 = as_mut'0 {_55} (fun (_ret':t_Result'2) -> [ &_54 <- _ret' ] s2) | s2 = bb39 ] - | bb39 = s0 [ s0 = unwrap'2 {_54} (fun (_ret':borrowed int32) -> [ &_53 <- _ret' ] s1) | s1 = bb40 ] + | bb39 = s0 [ s0 = unwrap'2 {_54} (fun (_ret':borrowed Int32.t) -> [ &_53 <- _ret' ] s1) | s1 = bb40 ] | bb40 = s0 - [ s0 = [ &_53 <- { _53 with current = ([%#sresult6] (0 : int32)) } ] s1 + [ s0 = [ &_53 <- { _53 with current = ([%#sresult6] (0 : Int32.t)) } ] s1 | s1 = -{resolve'0 _53}- s2 - | s2 = unwrap'3 {ok} (fun (_ret':int32) -> [ &_58 <- _ret' ] s3) + | s2 = unwrap'3 {ok} (fun (_ret':Int32.t) -> [ &_58 <- _ret' ] s3) | s3 = bb41 ] | bb41 = s0 - [ s0 = Int32.eq {_58} {[%#sresult7] (0 : int32)} (fun (_ret':bool) -> [ &_57 <- _ret' ] s1) + [ s0 = Int32.eq {_58} {[%#sresult7] (0 : Int32.t)} (fun (_ret':bool) -> [ &_57 <- _ret' ] s1) | s1 = any [ br0 -> {_57 = false} (! bb43) | br1 -> {_57} (! bb42) ] ] | bb42 = s0 @@ -469,15 +481,15 @@ module M_result__test_result [#"result.rs" 3 0 3 20] | s1 = as_mut'0 {_63} (fun (_ret':t_Result'2) -> [ &_62 <- _ret' ] s2) | s2 = bb44 ] - | bb44 = s0 [ s0 = unwrap'2 {_62} (fun (_ret':borrowed int32) -> [ &_61 <- _ret' ] s1) | s1 = bb45 ] + | bb44 = s0 [ s0 = unwrap'2 {_62} (fun (_ret':borrowed Int32.t) -> [ &_61 <- _ret' ] s1) | s1 = bb45 ] | bb45 = s0 - [ s0 = [ &_61 <- { _61 with current = ([%#sresult8] (1 : int32)) } ] s1 + [ s0 = [ &_61 <- { _61 with current = ([%#sresult8] (1 : Int32.t)) } ] s1 | s1 = -{resolve'0 _61}- s2 - | s2 = unwrap'3 {ok} (fun (_ret':int32) -> [ &_66 <- _ret' ] s3) + | s2 = unwrap'3 {ok} (fun (_ret':Int32.t) -> [ &_66 <- _ret' ] s3) | s3 = bb46 ] | bb46 = s0 - [ s0 = Int32.eq {_66} {[%#sresult9] (1 : int32)} (fun (_ret':bool) -> [ &_65 <- _ret' ] s1) + [ s0 = Int32.eq {_66} {[%#sresult9] (1 : Int32.t)} (fun (_ret':bool) -> [ &_65 <- _ret' ] s1) | s1 = any [ br0 -> {_65 = false} (! bb48) | br1 -> {_65} (! bb47) ] ] | bb47 = s0 @@ -486,15 +498,15 @@ module M_result__test_result [#"result.rs" 3 0 3 20] | s1 = as_mut'0 {_71} (fun (_ret':t_Result'2) -> [ &_70 <- _ret' ] s2) | s2 = bb49 ] - | bb49 = s0 [ s0 = unwrap_err'1 {_70} (fun (_ret':borrowed int32) -> [ &_69 <- _ret' ] s1) | s1 = bb50 ] + | bb49 = s0 [ s0 = unwrap_err'1 {_70} (fun (_ret':borrowed Int32.t) -> [ &_69 <- _ret' ] s1) | s1 = bb50 ] | bb50 = s0 - [ s0 = [ &_69 <- { _69 with current = ([%#sresult10] (0 : int32)) } ] s1 + [ s0 = [ &_69 <- { _69 with current = ([%#sresult10] (0 : Int32.t)) } ] s1 | s1 = -{resolve'0 _69}- s2 - | s2 = unwrap_err'2 {err} (fun (_ret':int32) -> [ &_74 <- _ret' ] s3) + | s2 = unwrap_err'2 {err} (fun (_ret':Int32.t) -> [ &_74 <- _ret' ] s3) | s3 = bb51 ] | bb51 = s0 - [ s0 = Int32.eq {_74} {[%#sresult11] (0 : int32)} (fun (_ret':bool) -> [ &_73 <- _ret' ] s1) + [ s0 = Int32.eq {_74} {[%#sresult11] (0 : Int32.t)} (fun (_ret':bool) -> [ &_73 <- _ret' ] s1) | s1 = any [ br0 -> {_73 = false} (! bb53) | br1 -> {_73} (! bb52) ] ] | bb52 = s0 @@ -503,143 +515,144 @@ module M_result__test_result [#"result.rs" 3 0 3 20] | s1 = as_mut'0 {_79} (fun (_ret':t_Result'2) -> [ &_78 <- _ret' ] s2) | s2 = bb54 ] - | bb54 = s0 [ s0 = unwrap_err'1 {_78} (fun (_ret':borrowed int32) -> [ &_77 <- _ret' ] s1) | s1 = bb55 ] + | bb54 = s0 [ s0 = unwrap_err'1 {_78} (fun (_ret':borrowed Int32.t) -> [ &_77 <- _ret' ] s1) | s1 = bb55 ] | bb55 = s0 - [ s0 = [ &_77 <- { _77 with current = ([%#sresult12] (-1 : int32)) } ] s1 + [ s0 = [ &_77 <- { _77 with current = ([%#sresult12] (-1 : Int32.t)) } ] s1 | s1 = -{resolve'0 _77}- s2 - | s2 = unwrap_err'2 {err} (fun (_ret':int32) -> [ &_82 <- _ret' ] s3) + | s2 = unwrap_err'2 {err} (fun (_ret':Int32.t) -> [ &_82 <- _ret' ] s3) | s3 = bb56 ] | bb56 = s0 - [ s0 = Int32.eq {_82} {[%#sresult13] (-1 : int32)} (fun (_ret':bool) -> [ &_81 <- _ret' ] s1) + [ s0 = Int32.eq {_82} {[%#sresult13] (-1 : Int32.t)} (fun (_ret':bool) -> [ &_81 <- _ret' ] s1) | s1 = any [ br0 -> {_81 = false} (! bb58) | br1 -> {_81} (! bb57) ] ] - | bb57 = s0 [ s0 = unwrap'3 {ok} (fun (_ret':int32) -> [ &_87 <- _ret' ] s1) | s1 = bb59 ] + | bb57 = s0 [ s0 = unwrap'3 {ok} (fun (_ret':Int32.t) -> [ &_87 <- _ret' ] s1) | s1 = bb59 ] | bb59 = s0 - [ s0 = Int32.eq {_87} {[%#sresult14] (1 : int32)} (fun (_ret':bool) -> [ &_86 <- _ret' ] s1) + [ s0 = Int32.eq {_87} {[%#sresult14] (1 : Int32.t)} (fun (_ret':bool) -> [ &_86 <- _ret' ] s1) | s1 = any [ br0 -> {_86 = false} (! bb61) | br1 -> {_86} (! bb60) ] ] - | bb60 = s0 [ s0 = unwrap_err'2 {err} (fun (_ret':int32) -> [ &_92 <- _ret' ] s1) | s1 = bb62 ] + | bb60 = s0 [ s0 = unwrap_err'2 {err} (fun (_ret':Int32.t) -> [ &_92 <- _ret' ] s1) | s1 = bb62 ] | bb62 = s0 - [ s0 = Int32.eq {_92} {[%#sresult15] (-1 : int32)} (fun (_ret':bool) -> [ &_91 <- _ret' ] s1) + [ s0 = Int32.eq {_92} {[%#sresult15] (-1 : Int32.t)} (fun (_ret':bool) -> [ &_91 <- _ret' ] s1) | s1 = any [ br0 -> {_91 = false} (! bb64) | br1 -> {_91} (! bb63) ] ] | bb63 = s0 - [ s0 = unwrap_or'0 {ok} {[%#sresult16] (0 : int32)} (fun (_ret':int32) -> [ &_97 <- _ret' ] s1) | s1 = bb65 ] + [ s0 = unwrap_or'0 {ok} {[%#sresult16] (0 : Int32.t)} (fun (_ret':Int32.t) -> [ &_97 <- _ret' ] s1) | s1 = bb65 ] | bb65 = s0 - [ s0 = Int32.eq {_97} {[%#sresult17] (1 : int32)} (fun (_ret':bool) -> [ &_96 <- _ret' ] s1) + [ s0 = Int32.eq {_97} {[%#sresult17] (1 : Int32.t)} (fun (_ret':bool) -> [ &_96 <- _ret' ] s1) | s1 = any [ br0 -> {_96 = false} (! bb67) | br1 -> {_96} (! bb66) ] ] | bb66 = s0 - [ s0 = unwrap_or'0 {err} {[%#sresult18] (0 : int32)} (fun (_ret':int32) -> [ &_102 <- _ret' ] s1) | s1 = bb68 ] + [ s0 = unwrap_or'0 {err} {[%#sresult18] (0 : Int32.t)} (fun (_ret':Int32.t) -> [ &_102 <- _ret' ] s1) + | s1 = bb68 ] | bb68 = s0 - [ s0 = Int32.eq {_102} {[%#sresult19] (0 : int32)} (fun (_ret':bool) -> [ &_101 <- _ret' ] s1) + [ s0 = Int32.eq {_102} {[%#sresult19] (0 : Int32.t)} (fun (_ret':bool) -> [ &_101 <- _ret' ] s1) | s1 = any [ br0 -> {_101 = false} (! bb70) | br1 -> {_101} (! bb69) ] ] - | bb69 = s0 [ s0 = unwrap_or_default'0 {ok} (fun (_ret':int32) -> [ &_107 <- _ret' ] s1) | s1 = bb71 ] + | bb69 = s0 [ s0 = unwrap_or_default'0 {ok} (fun (_ret':Int32.t) -> [ &_107 <- _ret' ] s1) | s1 = bb71 ] | bb71 = s0 - [ s0 = Int32.eq {_107} {[%#sresult20] (1 : int32)} (fun (_ret':bool) -> [ &_106 <- _ret' ] s1) + [ s0 = Int32.eq {_107} {[%#sresult20] (1 : Int32.t)} (fun (_ret':bool) -> [ &_106 <- _ret' ] s1) | s1 = any [ br0 -> {_106 = false} (! bb73) | br1 -> {_106} (! bb72) ] ] - | bb72 = s0 [ s0 = unwrap_or_default'0 {err} (fun (_ret':int32) -> [ &_112 <- _ret' ] s1) | s1 = bb74 ] + | bb72 = s0 [ s0 = unwrap_or_default'0 {err} (fun (_ret':Int32.t) -> [ &_112 <- _ret' ] s1) | s1 = bb74 ] | bb74 = s0 - [ s0 = Int32.eq {_112} {[%#sresult21] (0 : int32)} (fun (_ret':bool) -> [ &_111 <- _ret' ] s1) + [ s0 = Int32.eq {_112} {[%#sresult21] (0 : Int32.t)} (fun (_ret':bool) -> [ &_111 <- _ret' ] s1) | s1 = any [ br0 -> {_111 = false} (! bb76) | br1 -> {_111} (! bb75) ] ] | bb75 = s0 - [ s0 = [ &_120 <- C_Err'0 ([%#sresult22] (-2 : int32)) ] s1 + [ s0 = [ &_120 <- C_Err'0 ([%#sresult22] (-2 : Int32.t)) ] s1 | s1 = and'0 {ok} {_120} (fun (_ret':t_Result'1) -> [ &_118 <- _ret' ] s2) | s2 = bb77 ] - | bb77 = s0 [ s0 = unwrap_err'2 {_118} (fun (_ret':int32) -> [ &_117 <- _ret' ] s1) | s1 = bb78 ] + | bb77 = s0 [ s0 = unwrap_err'2 {_118} (fun (_ret':Int32.t) -> [ &_117 <- _ret' ] s1) | s1 = bb78 ] | bb78 = s0 - [ s0 = Int32.eq {_117} {[%#sresult23] (-2 : int32)} (fun (_ret':bool) -> [ &_116 <- _ret' ] s1) + [ s0 = Int32.eq {_117} {[%#sresult23] (-2 : Int32.t)} (fun (_ret':bool) -> [ &_116 <- _ret' ] s1) | s1 = any [ br0 -> {_116 = false} (! bb80) | br1 -> {_116} (! bb79) ] ] | bb79 = s0 - [ s0 = [ &_127 <- C_Ok'0 ([%#sresult24] (2 : int32)) ] s1 + [ s0 = [ &_127 <- C_Ok'0 ([%#sresult24] (2 : Int32.t)) ] s1 | s1 = and'0 {ok} {_127} (fun (_ret':t_Result'1) -> [ &_125 <- _ret' ] s2) | s2 = bb81 ] - | bb81 = s0 [ s0 = unwrap'3 {_125} (fun (_ret':int32) -> [ &_124 <- _ret' ] s1) | s1 = bb82 ] + | bb81 = s0 [ s0 = unwrap'3 {_125} (fun (_ret':Int32.t) -> [ &_124 <- _ret' ] s1) | s1 = bb82 ] | bb82 = s0 - [ s0 = Int32.eq {_124} {[%#sresult25] (2 : int32)} (fun (_ret':bool) -> [ &_123 <- _ret' ] s1) + [ s0 = Int32.eq {_124} {[%#sresult25] (2 : Int32.t)} (fun (_ret':bool) -> [ &_123 <- _ret' ] s1) | s1 = any [ br0 -> {_123 = false} (! bb84) | br1 -> {_123} (! bb83) ] ] | bb83 = s0 - [ s0 = [ &_134 <- C_Err'0 ([%#sresult26] (-2 : int32)) ] s1 + [ s0 = [ &_134 <- C_Err'0 ([%#sresult26] (-2 : Int32.t)) ] s1 | s1 = and'0 {err} {_134} (fun (_ret':t_Result'1) -> [ &_132 <- _ret' ] s2) | s2 = bb85 ] - | bb85 = s0 [ s0 = unwrap_err'2 {_132} (fun (_ret':int32) -> [ &_131 <- _ret' ] s1) | s1 = bb86 ] + | bb85 = s0 [ s0 = unwrap_err'2 {_132} (fun (_ret':Int32.t) -> [ &_131 <- _ret' ] s1) | s1 = bb86 ] | bb86 = s0 - [ s0 = Int32.eq {_131} {[%#sresult27] (-1 : int32)} (fun (_ret':bool) -> [ &_130 <- _ret' ] s1) + [ s0 = Int32.eq {_131} {[%#sresult27] (-1 : Int32.t)} (fun (_ret':bool) -> [ &_130 <- _ret' ] s1) | s1 = any [ br0 -> {_130 = false} (! bb88) | br1 -> {_130} (! bb87) ] ] | bb87 = s0 - [ s0 = [ &_141 <- C_Ok'0 ([%#sresult28] (2 : int32)) ] s1 + [ s0 = [ &_141 <- C_Ok'0 ([%#sresult28] (2 : Int32.t)) ] s1 | s1 = and'0 {err} {_141} (fun (_ret':t_Result'1) -> [ &_139 <- _ret' ] s2) | s2 = bb89 ] - | bb89 = s0 [ s0 = unwrap_err'2 {_139} (fun (_ret':int32) -> [ &_138 <- _ret' ] s1) | s1 = bb90 ] + | bb89 = s0 [ s0 = unwrap_err'2 {_139} (fun (_ret':Int32.t) -> [ &_138 <- _ret' ] s1) | s1 = bb90 ] | bb90 = s0 - [ s0 = Int32.eq {_138} {[%#sresult29] (-1 : int32)} (fun (_ret':bool) -> [ &_137 <- _ret' ] s1) + [ s0 = Int32.eq {_138} {[%#sresult29] (-1 : Int32.t)} (fun (_ret':bool) -> [ &_137 <- _ret' ] s1) | s1 = any [ br0 -> {_137 = false} (! bb92) | br1 -> {_137} (! bb91) ] ] | bb91 = s0 - [ s0 = [ &_148 <- C_Err'0 ([%#sresult30] (-2 : int32)) ] s1 + [ s0 = [ &_148 <- C_Err'0 ([%#sresult30] (-2 : Int32.t)) ] s1 | s1 = or'0 {ok} {_148} (fun (_ret':t_Result'1) -> [ &_146 <- _ret' ] s2) | s2 = bb93 ] - | bb93 = s0 [ s0 = unwrap'3 {_146} (fun (_ret':int32) -> [ &_145 <- _ret' ] s1) | s1 = bb94 ] + | bb93 = s0 [ s0 = unwrap'3 {_146} (fun (_ret':Int32.t) -> [ &_145 <- _ret' ] s1) | s1 = bb94 ] | bb94 = s0 - [ s0 = Int32.eq {_145} {[%#sresult31] (1 : int32)} (fun (_ret':bool) -> [ &_144 <- _ret' ] s1) + [ s0 = Int32.eq {_145} {[%#sresult31] (1 : Int32.t)} (fun (_ret':bool) -> [ &_144 <- _ret' ] s1) | s1 = any [ br0 -> {_144 = false} (! bb96) | br1 -> {_144} (! bb95) ] ] | bb95 = s0 - [ s0 = [ &_155 <- C_Ok'0 ([%#sresult32] (2 : int32)) ] s1 + [ s0 = [ &_155 <- C_Ok'0 ([%#sresult32] (2 : Int32.t)) ] s1 | s1 = or'0 {ok} {_155} (fun (_ret':t_Result'1) -> [ &_153 <- _ret' ] s2) | s2 = bb97 ] - | bb97 = s0 [ s0 = unwrap'3 {_153} (fun (_ret':int32) -> [ &_152 <- _ret' ] s1) | s1 = bb98 ] + | bb97 = s0 [ s0 = unwrap'3 {_153} (fun (_ret':Int32.t) -> [ &_152 <- _ret' ] s1) | s1 = bb98 ] | bb98 = s0 - [ s0 = Int32.eq {_152} {[%#sresult33] (1 : int32)} (fun (_ret':bool) -> [ &_151 <- _ret' ] s1) + [ s0 = Int32.eq {_152} {[%#sresult33] (1 : Int32.t)} (fun (_ret':bool) -> [ &_151 <- _ret' ] s1) | s1 = any [ br0 -> {_151 = false} (! bb100) | br1 -> {_151} (! bb99) ] ] | bb99 = s0 - [ s0 = [ &_162 <- C_Err'0 ([%#sresult34] (-2 : int32)) ] s1 + [ s0 = [ &_162 <- C_Err'0 ([%#sresult34] (-2 : Int32.t)) ] s1 | s1 = or'0 {err} {_162} (fun (_ret':t_Result'1) -> [ &_160 <- _ret' ] s2) | s2 = bb101 ] - | bb101 = s0 [ s0 = unwrap_err'2 {_160} (fun (_ret':int32) -> [ &_159 <- _ret' ] s1) | s1 = bb102 ] + | bb101 = s0 [ s0 = unwrap_err'2 {_160} (fun (_ret':Int32.t) -> [ &_159 <- _ret' ] s1) | s1 = bb102 ] | bb102 = s0 - [ s0 = Int32.eq {_159} {[%#sresult35] (-2 : int32)} (fun (_ret':bool) -> [ &_158 <- _ret' ] s1) + [ s0 = Int32.eq {_159} {[%#sresult35] (-2 : Int32.t)} (fun (_ret':bool) -> [ &_158 <- _ret' ] s1) | s1 = any [ br0 -> {_158 = false} (! bb104) | br1 -> {_158} (! bb103) ] ] | bb103 = s0 - [ s0 = [ &_169 <- C_Ok'0 ([%#sresult36] (2 : int32)) ] s1 + [ s0 = [ &_169 <- C_Ok'0 ([%#sresult36] (2 : Int32.t)) ] s1 | s1 = or'0 {err} {_169} (fun (_ret':t_Result'1) -> [ &_167 <- _ret' ] s2) | s2 = bb105 ] - | bb105 = s0 [ s0 = unwrap'3 {_167} (fun (_ret':int32) -> [ &_166 <- _ret' ] s1) | s1 = bb106 ] + | bb105 = s0 [ s0 = unwrap'3 {_167} (fun (_ret':Int32.t) -> [ &_166 <- _ret' ] s1) | s1 = bb106 ] | bb106 = s0 - [ s0 = Int32.eq {_166} {[%#sresult37] (2 : int32)} (fun (_ret':bool) -> [ &_165 <- _ret' ] s1) + [ s0 = Int32.eq {_166} {[%#sresult37] (2 : Int32.t)} (fun (_ret':bool) -> [ &_165 <- _ret' ] s1) | s1 = any [ br0 -> {_165 = false} (! bb108) | br1 -> {_165} (! bb107) ] ] | bb107 = s0 [ s0 = as_ref'0 {ok} (fun (_ret':t_Result'0) -> [ &_175 <- _ret' ] s1) | s1 = bb109 ] | bb109 = s0 [ s0 = copied'0 {_175} (fun (_ret':t_Result'3) -> [ &_174 <- _ret' ] s1) | s1 = bb110 ] - | bb110 = s0 [ s0 = unwrap'4 {_174} (fun (_ret':int32) -> [ &_173 <- _ret' ] s1) | s1 = bb111 ] + | bb110 = s0 [ s0 = unwrap'4 {_174} (fun (_ret':Int32.t) -> [ &_173 <- _ret' ] s1) | s1 = bb111 ] | bb111 = s0 - [ s0 = Int32.eq {_173} {[%#sresult38] (1 : int32)} (fun (_ret':bool) -> [ &_172 <- _ret' ] s1) + [ s0 = Int32.eq {_173} {[%#sresult38] (1 : Int32.t)} (fun (_ret':bool) -> [ &_172 <- _ret' ] s1) | s1 = any [ br0 -> {_172 = false} (! bb113) | br1 -> {_172} (! bb112) ] ] | bb112 = s0 [ s0 = as_ref'0 {err} (fun (_ret':t_Result'0) -> [ &_183 <- _ret' ] s1) | s1 = bb114 ] | bb114 = s0 [ s0 = copied'0 {_183} (fun (_ret':t_Result'3) -> [ &_182 <- _ret' ] s1) | s1 = bb115 ] - | bb115 = s0 [ s0 = unwrap_err'3 {_182} (fun (_ret':int32) -> [ &_181 <- _ret' ] s1) | s1 = bb116 ] + | bb115 = s0 [ s0 = unwrap_err'3 {_182} (fun (_ret':Int32.t) -> [ &_181 <- _ret' ] s1) | s1 = bb116 ] | bb116 = s0 - [ s0 = Int32.eq {_181} {[%#sresult39] (-1 : int32)} (fun (_ret':bool) -> [ &_179 <- _ret' ] s1) + [ s0 = Int32.eq {_181} {[%#sresult39] (-1 : Int32.t)} (fun (_ret':bool) -> [ &_179 <- _ret' ] s1) | s1 = any [ br0 -> {_179 = false} (! bb118) | br1 -> {_179} (! bb117) ] ] | bb117 = s0 @@ -649,9 +662,9 @@ module M_result__test_result [#"result.rs" 3 0 3 20] | s2 = bb119 ] | bb119 = s0 [ s0 = copied'1 {_190} (fun (_ret':t_Result'4) -> [ &_189 <- _ret' ] s1) | s1 = bb120 ] - | bb120 = s0 [ s0 = unwrap'5 {_189} (fun (_ret':int32) -> [ &_188 <- _ret' ] s1) | s1 = bb121 ] + | bb120 = s0 [ s0 = unwrap'5 {_189} (fun (_ret':Int32.t) -> [ &_188 <- _ret' ] s1) | s1 = bb121 ] | bb121 = s0 - [ s0 = Int32.eq {_188} {[%#sresult40] (1 : int32)} (fun (_ret':bool) -> [ &_187 <- _ret' ] s1) + [ s0 = Int32.eq {_188} {[%#sresult40] (1 : Int32.t)} (fun (_ret':bool) -> [ &_187 <- _ret' ] s1) | s1 = any [ br0 -> {_187 = false} (! bb123) | br1 -> {_187} (! bb122) ] ] | bb122 = s0 @@ -661,24 +674,24 @@ module M_result__test_result [#"result.rs" 3 0 3 20] | s2 = bb124 ] | bb124 = s0 [ s0 = copied'1 {_198} (fun (_ret':t_Result'4) -> [ &_197 <- _ret' ] s1) | s1 = bb125 ] - | bb125 = s0 [ s0 = unwrap_err'4 {_197} (fun (_ret':borrowed int32) -> [ &_196 <- _ret' ] s1) | s1 = bb126 ] + | bb125 = s0 [ s0 = unwrap_err'4 {_197} (fun (_ret':borrowed Int32.t) -> [ &_196 <- _ret' ] s1) | s1 = bb126 ] | bb126 = s0 [ s0 = -{resolve'0 _196}- s1 - | s1 = Int32.eq {_196.current} {[%#sresult41] (-1 : int32)} (fun (_ret':bool) -> [ &_194 <- _ret' ] s2) + | s1 = Int32.eq {_196.current} {[%#sresult41] (-1 : Int32.t)} (fun (_ret':bool) -> [ &_194 <- _ret' ] s2) | s2 = any [ br0 -> {_194 = false} (! bb128) | br1 -> {_194} (! bb127) ] ] | bb127 = s0 [ s0 = as_ref'0 {ok} (fun (_ret':t_Result'0) -> [ &_205 <- _ret' ] s1) | s1 = bb129 ] | bb129 = s0 [ s0 = cloned'0 {_205} (fun (_ret':t_Result'3) -> [ &_204 <- _ret' ] s1) | s1 = bb130 ] - | bb130 = s0 [ s0 = unwrap'4 {_204} (fun (_ret':int32) -> [ &_203 <- _ret' ] s1) | s1 = bb131 ] + | bb130 = s0 [ s0 = unwrap'4 {_204} (fun (_ret':Int32.t) -> [ &_203 <- _ret' ] s1) | s1 = bb131 ] | bb131 = s0 - [ s0 = Int32.eq {_203} {[%#sresult42] (1 : int32)} (fun (_ret':bool) -> [ &_202 <- _ret' ] s1) + [ s0 = Int32.eq {_203} {[%#sresult42] (1 : Int32.t)} (fun (_ret':bool) -> [ &_202 <- _ret' ] s1) | s1 = any [ br0 -> {_202 = false} (! bb133) | br1 -> {_202} (! bb132) ] ] | bb132 = s0 [ s0 = as_ref'0 {err} (fun (_ret':t_Result'0) -> [ &_213 <- _ret' ] s1) | s1 = bb134 ] | bb134 = s0 [ s0 = cloned'0 {_213} (fun (_ret':t_Result'3) -> [ &_212 <- _ret' ] s1) | s1 = bb135 ] - | bb135 = s0 [ s0 = unwrap_err'3 {_212} (fun (_ret':int32) -> [ &_211 <- _ret' ] s1) | s1 = bb136 ] + | bb135 = s0 [ s0 = unwrap_err'3 {_212} (fun (_ret':Int32.t) -> [ &_211 <- _ret' ] s1) | s1 = bb136 ] | bb136 = s0 - [ s0 = Int32.eq {_211} {[%#sresult43] (-1 : int32)} (fun (_ret':bool) -> [ &_209 <- _ret' ] s1) + [ s0 = Int32.eq {_211} {[%#sresult43] (-1 : Int32.t)} (fun (_ret':bool) -> [ &_209 <- _ret' ] s1) | s1 = any [ br0 -> {_209 = false} (! bb138) | br1 -> {_209} (! bb137) ] ] | bb137 = s0 @@ -688,9 +701,9 @@ module M_result__test_result [#"result.rs" 3 0 3 20] | s2 = bb139 ] | bb139 = s0 [ s0 = cloned'1 {_220} (fun (_ret':t_Result'4) -> [ &_219 <- _ret' ] s1) | s1 = bb140 ] - | bb140 = s0 [ s0 = unwrap'5 {_219} (fun (_ret':int32) -> [ &_218 <- _ret' ] s1) | s1 = bb141 ] + | bb140 = s0 [ s0 = unwrap'5 {_219} (fun (_ret':Int32.t) -> [ &_218 <- _ret' ] s1) | s1 = bb141 ] | bb141 = s0 - [ s0 = Int32.eq {_218} {[%#sresult44] (1 : int32)} (fun (_ret':bool) -> [ &_217 <- _ret' ] s1) + [ s0 = Int32.eq {_218} {[%#sresult44] (1 : Int32.t)} (fun (_ret':bool) -> [ &_217 <- _ret' ] s1) | s1 = any [ br0 -> {_217 = false} (! bb143) | br1 -> {_217} (! bb142) ] ] | bb142 = s0 @@ -700,10 +713,10 @@ module M_result__test_result [#"result.rs" 3 0 3 20] | s2 = bb144 ] | bb144 = s0 [ s0 = cloned'1 {_228} (fun (_ret':t_Result'4) -> [ &_227 <- _ret' ] s1) | s1 = bb145 ] - | bb145 = s0 [ s0 = unwrap_err'4 {_227} (fun (_ret':borrowed int32) -> [ &_226 <- _ret' ] s1) | s1 = bb146 ] + | bb145 = s0 [ s0 = unwrap_err'4 {_227} (fun (_ret':borrowed Int32.t) -> [ &_226 <- _ret' ] s1) | s1 = bb146 ] | bb146 = s0 [ s0 = -{resolve'0 _226}- s1 - | s1 = Int32.eq {_226.current} {[%#sresult45] (-1 : int32)} (fun (_ret':bool) -> [ &_224 <- _ret' ] s2) + | s1 = Int32.eq {_226.current} {[%#sresult45] (-1 : Int32.t)} (fun (_ret':bool) -> [ &_224 <- _ret' ] s2) | s2 = any [ br0 -> {_224 = false} (! bb148) | br1 -> {_224} (! bb147) ] ] | bb147 = s0 @@ -715,26 +728,26 @@ module M_result__test_result [#"result.rs" 3 0 3 20] | bb149 = s0 [ s0 = is_none'1 {_236} (fun (_ret':bool) -> [ &_234 <- _ret' ] s1) | s1 = bb150 ] | bb150 = any [ br0 -> {_234 = false} (! bb152) | br1 -> {_234} (! bb151) ] | bb151 = s0 - [ s0 = [ &_240 <- C_Some'0 ([%#sresult46] (1 : int32)) ] s1 + [ s0 = [ &_240 <- C_Some'0 ([%#sresult46] (1 : Int32.t)) ] s1 | s1 = [ &res1 <- C_Ok'1 _240 ] s2 | s2 = transpose'0 {res1} (fun (_ret':t_Option'1) -> [ &_245 <- _ret' ] s3) | s3 = bb153 ] | bb153 = s0 [ s0 = unwrap'6 {_245} (fun (_ret':t_Result'1) -> [ &_244 <- _ret' ] s1) | s1 = bb154 ] - | bb154 = s0 [ s0 = unwrap'3 {_244} (fun (_ret':int32) -> [ &_243 <- _ret' ] s1) | s1 = bb155 ] + | bb154 = s0 [ s0 = unwrap'3 {_244} (fun (_ret':Int32.t) -> [ &_243 <- _ret' ] s1) | s1 = bb155 ] | bb155 = s0 - [ s0 = Int32.eq {_243} {[%#sresult47] (1 : int32)} (fun (_ret':bool) -> [ &_242 <- _ret' ] s1) + [ s0 = Int32.eq {_243} {[%#sresult47] (1 : Int32.t)} (fun (_ret':bool) -> [ &_242 <- _ret' ] s1) | s1 = any [ br0 -> {_242 = false} (! bb157) | br1 -> {_242} (! bb156) ] ] | bb156 = s0 - [ s0 = [ &res2 <- C_Err'1 ([%#sresult48] (-1 : int32)) ] s1 + [ s0 = [ &res2 <- C_Err'1 ([%#sresult48] (-1 : Int32.t)) ] s1 | s1 = transpose'0 {res2} (fun (_ret':t_Option'1) -> [ &_253 <- _ret' ] s2) | s2 = bb158 ] | bb158 = s0 [ s0 = unwrap'6 {_253} (fun (_ret':t_Result'1) -> [ &_252 <- _ret' ] s1) | s1 = bb159 ] - | bb159 = s0 [ s0 = unwrap_err'2 {_252} (fun (_ret':int32) -> [ &_251 <- _ret' ] s1) | s1 = bb160 ] + | bb159 = s0 [ s0 = unwrap_err'2 {_252} (fun (_ret':Int32.t) -> [ &_251 <- _ret' ] s1) | s1 = bb160 ] | bb160 = s0 - [ s0 = Int32.eq {_251} {[%#sresult49] (-1 : int32)} (fun (_ret':bool) -> [ &_250 <- _ret' ] s1) + [ s0 = Int32.eq {_251} {[%#sresult49] (-1 : Int32.t)} (fun (_ret':bool) -> [ &_250 <- _ret' ] s1) | s1 = any [ br0 -> {_250 = false} (! bb162) | br1 -> {_250} (! bb161) ] ] | bb161 = return' {_0} @@ -786,118 +799,118 @@ module M_result__test_result [#"result.rs" 3 0 3 20] | & _10 : bool = any_l () | & _12 : bool = any_l () | & _16 : bool = any_l () - | & _17 : int32 = any_l () + | & _17 : Int32.t = any_l () | & _18 : t_Option'0 = any_l () | & _22 : bool = any_l () | & _24 : t_Option'0 = any_l () | & _28 : bool = any_l () | & _30 : t_Option'0 = any_l () | & _34 : bool = any_l () - | & _35 : int32 = any_l () + | & _35 : Int32.t = any_l () | & _36 : t_Option'0 = any_l () | & _40 : bool = any_l () - | & _42 : int32 = any_l () + | & _42 : Int32.t = any_l () | & _43 : t_Result'0 = any_l () | & _47 : bool = any_l () - | & _49 : int32 = any_l () + | & _49 : Int32.t = any_l () | & _50 : t_Result'0 = any_l () - | & _53 : borrowed int32 = any_l () + | & _53 : borrowed Int32.t = any_l () | & _54 : t_Result'2 = any_l () | & _55 : borrowed (t_Result'1) = any_l () | & _57 : bool = any_l () - | & _58 : int32 = any_l () - | & _61 : borrowed int32 = any_l () + | & _58 : Int32.t = any_l () + | & _61 : borrowed Int32.t = any_l () | & _62 : t_Result'2 = any_l () | & _63 : borrowed (t_Result'1) = any_l () | & _65 : bool = any_l () - | & _66 : int32 = any_l () - | & _69 : borrowed int32 = any_l () + | & _66 : Int32.t = any_l () + | & _69 : borrowed Int32.t = any_l () | & _70 : t_Result'2 = any_l () | & _71 : borrowed (t_Result'1) = any_l () | & _73 : bool = any_l () - | & _74 : int32 = any_l () - | & _77 : borrowed int32 = any_l () + | & _74 : Int32.t = any_l () + | & _77 : borrowed Int32.t = any_l () | & _78 : t_Result'2 = any_l () | & _79 : borrowed (t_Result'1) = any_l () | & _81 : bool = any_l () - | & _82 : int32 = any_l () + | & _82 : Int32.t = any_l () | & _86 : bool = any_l () - | & _87 : int32 = any_l () + | & _87 : Int32.t = any_l () | & _91 : bool = any_l () - | & _92 : int32 = any_l () + | & _92 : Int32.t = any_l () | & _96 : bool = any_l () - | & _97 : int32 = any_l () + | & _97 : Int32.t = any_l () | & _101 : bool = any_l () - | & _102 : int32 = any_l () + | & _102 : Int32.t = any_l () | & _106 : bool = any_l () - | & _107 : int32 = any_l () + | & _107 : Int32.t = any_l () | & _111 : bool = any_l () - | & _112 : int32 = any_l () + | & _112 : Int32.t = any_l () | & _116 : bool = any_l () - | & _117 : int32 = any_l () + | & _117 : Int32.t = any_l () | & _118 : t_Result'1 = any_l () | & _120 : t_Result'1 = any_l () | & _123 : bool = any_l () - | & _124 : int32 = any_l () + | & _124 : Int32.t = any_l () | & _125 : t_Result'1 = any_l () | & _127 : t_Result'1 = any_l () | & _130 : bool = any_l () - | & _131 : int32 = any_l () + | & _131 : Int32.t = any_l () | & _132 : t_Result'1 = any_l () | & _134 : t_Result'1 = any_l () | & _137 : bool = any_l () - | & _138 : int32 = any_l () + | & _138 : Int32.t = any_l () | & _139 : t_Result'1 = any_l () | & _141 : t_Result'1 = any_l () | & _144 : bool = any_l () - | & _145 : int32 = any_l () + | & _145 : Int32.t = any_l () | & _146 : t_Result'1 = any_l () | & _148 : t_Result'1 = any_l () | & _151 : bool = any_l () - | & _152 : int32 = any_l () + | & _152 : Int32.t = any_l () | & _153 : t_Result'1 = any_l () | & _155 : t_Result'1 = any_l () | & _158 : bool = any_l () - | & _159 : int32 = any_l () + | & _159 : Int32.t = any_l () | & _160 : t_Result'1 = any_l () | & _162 : t_Result'1 = any_l () | & _165 : bool = any_l () - | & _166 : int32 = any_l () + | & _166 : Int32.t = any_l () | & _167 : t_Result'1 = any_l () | & _169 : t_Result'1 = any_l () | & _172 : bool = any_l () - | & _173 : int32 = any_l () + | & _173 : Int32.t = any_l () | & _174 : t_Result'3 = any_l () | & _175 : t_Result'0 = any_l () | & _179 : bool = any_l () - | & _181 : int32 = any_l () + | & _181 : Int32.t = any_l () | & _182 : t_Result'3 = any_l () | & _183 : t_Result'0 = any_l () | & _187 : bool = any_l () - | & _188 : int32 = any_l () + | & _188 : Int32.t = any_l () | & _189 : t_Result'4 = any_l () | & _190 : t_Result'2 = any_l () | & _191 : borrowed (t_Result'1) = any_l () | & _194 : bool = any_l () - | & _196 : borrowed int32 = any_l () + | & _196 : borrowed Int32.t = any_l () | & _197 : t_Result'4 = any_l () | & _198 : t_Result'2 = any_l () | & _199 : borrowed (t_Result'1) = any_l () | & _202 : bool = any_l () - | & _203 : int32 = any_l () + | & _203 : Int32.t = any_l () | & _204 : t_Result'3 = any_l () | & _205 : t_Result'0 = any_l () | & _209 : bool = any_l () - | & _211 : int32 = any_l () + | & _211 : Int32.t = any_l () | & _212 : t_Result'3 = any_l () | & _213 : t_Result'0 = any_l () | & _217 : bool = any_l () - | & _218 : int32 = any_l () + | & _218 : Int32.t = any_l () | & _219 : t_Result'4 = any_l () | & _220 : t_Result'2 = any_l () | & _221 : borrowed (t_Result'1) = any_l () | & _224 : bool = any_l () - | & _226 : borrowed int32 = any_l () + | & _226 : borrowed Int32.t = any_l () | & _227 : t_Result'4 = any_l () | & _228 : t_Result'2 = any_l () | & _229 : borrowed (t_Result'1) = any_l () @@ -908,12 +921,12 @@ module M_result__test_result [#"result.rs" 3 0 3 20] | & res1 : t_Result'5 = any_l () | & _240 : t_Option'0 = any_l () | & _242 : bool = any_l () - | & _243 : int32 = any_l () + | & _243 : Int32.t = any_l () | & _244 : t_Result'1 = any_l () | & _245 : t_Option'1 = any_l () | & res2 : t_Result'5 = any_l () | & _250 : bool = any_l () - | & _251 : int32 = any_l () + | & _251 : Int32.t = any_l () | & _252 : t_Result'1 = any_l () | & _253 : t_Option'1 = any_l () ] [ return' (result:())-> (! return' {result}) ] diff --git a/creusot/tests/should_succeed/rusthorn/inc_max.coma b/creusot/tests/should_succeed/rusthorn/inc_max.coma index 16f5af9cf4..9363764af3 100644 --- a/creusot/tests/should_succeed/rusthorn/inc_max.coma +++ b/creusot/tests/should_succeed/rusthorn/inc_max.coma @@ -1,48 +1,118 @@ module M_inc_max__take_max [#"inc_max.rs" 6 0 6 64] let%span sinc_max0 = "inc_max.rs" 4 0 5 56 let%span sresolve1 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 + let%span sord2 = "../../../../creusot-contracts/src/logic/ord.rs" 78 39 78 89 + let%span sord3 = "../../../../creusot-contracts/src/logic/ord.rs" 83 39 83 86 + let%span sord4 = "../../../../creusot-contracts/src/logic/ord.rs" 88 39 88 86 + let%span sord5 = "../../../../creusot-contracts/src/logic/ord.rs" 93 39 93 89 + let%span sord6 = "../../../../creusot-contracts/src/logic/ord.rs" 98 39 98 70 + let%span sord7 = "../../../../creusot-contracts/src/logic/ord.rs" 103 40 103 57 + let%span sord8 = "../../../../creusot-contracts/src/logic/ord.rs" 104 40 104 57 + let%span sord9 = "../../../../creusot-contracts/src/logic/ord.rs" 105 39 105 56 + let%span sord10 = "../../../../creusot-contracts/src/logic/ord.rs" 110 40 110 70 + let%span sord11 = "../../../../creusot-contracts/src/logic/ord.rs" 111 39 111 72 + let%span sord12 = "../../../../creusot-contracts/src/logic/ord.rs" 116 40 116 73 + let%span sord13 = "../../../../creusot-contracts/src/logic/ord.rs" 117 39 117 69 + let%span sord14 = "../../../../creusot-contracts/src/logic/ord.rs" 122 39 122 84 + let%span sord15 = "../../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 use prelude.prelude.UInt32 use prelude.prelude.Borrow - predicate resolve'1 (self : borrowed uint32) = + use prelude.prelude.Int + + predicate resolve'1 (self : borrowed UInt32.t) = [%#sresolve1] self.final = self.current - predicate resolve'0 (_1 : borrowed uint32) = + predicate resolve'0 (_1 : borrowed UInt32.t) = resolve'1 _1 use prelude.prelude.Intrinsic - use prelude.prelude.Int + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 + + use prelude.prelude.UInt32 + + function cmp_log'0 (self : UInt32.t) (o : UInt32.t) : t_Ordering'0 = + [%#sord15] if UInt32.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + + function eq_cmp'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom eq_cmp'0_spec : forall x : UInt32.t, y : UInt32.t . [%#sord14] (x = y) = (cmp_log'0 x y = C_Equal'0) + + function antisym2'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom antisym2'0_spec : forall x : UInt32.t, y : UInt32.t . ([%#sord12] cmp_log'0 x y = C_Greater'0) + -> ([%#sord13] cmp_log'0 y x = C_Less'0) + + function antisym1'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom antisym1'0_spec : forall x : UInt32.t, y : UInt32.t . ([%#sord10] cmp_log'0 x y = C_Less'0) + -> ([%#sord11] cmp_log'0 y x = C_Greater'0) + + function trans'0 (x : UInt32.t) (y : UInt32.t) (z : UInt32.t) (o : t_Ordering'0) : () + + axiom trans'0_spec : forall x : UInt32.t, y : UInt32.t, z : UInt32.t, o : t_Ordering'0 . ([%#sord7] cmp_log'0 x y = o) + -> ([%#sord8] cmp_log'0 y z = o) -> ([%#sord9] cmp_log'0 x z = o) + + function refl'0 (x : UInt32.t) : () + + axiom refl'0_spec : forall x : UInt32.t . [%#sord6] cmp_log'0 x x = C_Equal'0 + + use prelude.prelude.UInt32 + + function cmp_gt_log'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom cmp_gt_log'0_spec : forall x : UInt32.t, y : UInt32.t . [%#sord5] UInt32.ugt x y = (cmp_log'0 x y = C_Greater'0) + + use prelude.prelude.UInt32 + + function cmp_ge_log'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom cmp_ge_log'0_spec : forall x : UInt32.t, y : UInt32.t . [%#sord4] UInt32.uge x y = (cmp_log'0 x y <> C_Less'0) + + function cmp_lt_log'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom cmp_lt_log'0_spec : forall x : UInt32.t, y : UInt32.t . [%#sord3] UInt32.ult x y = (cmp_log'0 x y = C_Less'0) + + use prelude.prelude.UInt32 + + function cmp_le_log'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom cmp_le_log'0_spec : forall x : UInt32.t, y : UInt32.t . [%#sord2] UInt32.ule x y + = (cmp_log'0 x y <> C_Greater'0) meta "compute_max_steps" 1000000 - let rec take_max'0 (ma:borrowed uint32) (mb:borrowed uint32) (return' (ret:borrowed uint32))= (! bb0 + let rec take_max'0 (ma:borrowed UInt32.t) (mb:borrowed UInt32.t) (return' (ret:borrowed UInt32.t))= (! bb0 [ bb0 = s0 [ s0 = UInt32.ge {ma.current} {mb.current} (fun (_ret':bool) -> [ &_6 <- _ret' ] s1) | s1 = any [ br0 -> {_6 = false} (! bb2) | br1 -> {_6} (! bb1) ] ] | bb1 = s0 [ s0 = -{resolve'0 mb}- s1 - | s1 = Borrow.borrow_final {ma.current} {Borrow.get_id ma} - (fun (_ret':borrowed uint32) -> [ &_9 <- _ret' ] [ &ma <- { ma with current = _ret'.final } ] s2) - | s2 = Borrow.borrow_final {_9.current} {Borrow.get_id _9} - (fun (_ret':borrowed uint32) -> [ &_5 <- _ret' ] [ &_9 <- { _9 with current = _ret'.final } ] s3) + | s1 = Borrow.borrow_final {ma.current} {Borrow.get_id ma} + (fun (_ret':borrowed UInt32.t) -> [ &_9 <- _ret' ] [ &ma <- { ma with current = _ret'.final } ] s2) + | s2 = Borrow.borrow_final {_9.current} {Borrow.get_id _9} + (fun (_ret':borrowed UInt32.t) -> [ &_5 <- _ret' ] [ &_9 <- { _9 with current = _ret'.final } ] s3) | s3 = -{resolve'0 _9}- s4 | s4 = bb3 ] | bb2 = s0 [ s0 = -{resolve'0 ma}- s1 - | s1 = Borrow.borrow_final {mb.current} {Borrow.get_id mb} - (fun (_ret':borrowed uint32) -> [ &_5 <- _ret' ] [ &mb <- { mb with current = _ret'.final } ] s2) + | s1 = Borrow.borrow_final {mb.current} {Borrow.get_id mb} + (fun (_ret':borrowed UInt32.t) -> [ &_5 <- _ret' ] [ &mb <- { mb with current = _ret'.final } ] s2) | s2 = bb3 ] | bb3 = s0 - [ s0 = Borrow.borrow_final {_5.current} {Borrow.get_id _5} - (fun (_ret':borrowed uint32) -> [ &_3 <- _ret' ] [ &_5 <- { _5 with current = _ret'.final } ] s1) - | s1 = Borrow.borrow_final {_3.current} {Borrow.get_id _3} - (fun (_ret':borrowed uint32) -> [ &_0 <- _ret' ] [ &_3 <- { _3 with current = _ret'.final } ] s2) + [ s0 = Borrow.borrow_final {_5.current} {Borrow.get_id _5} + (fun (_ret':borrowed UInt32.t) -> [ &_3 <- _ret' ] [ &_5 <- { _5 with current = _ret'.final } ] s1) + | s1 = Borrow.borrow_final {_3.current} {Borrow.get_id _3} + (fun (_ret':borrowed UInt32.t) -> [ &_0 <- _ret' ] [ &_3 <- { _3 with current = _ret'.final } ] s2) | s2 = -{resolve'0 _5}- s3 | s3 = -{resolve'0 _3}- s4 | s4 = -{resolve'0 mb}- s5 @@ -50,15 +120,15 @@ module M_inc_max__take_max [#"inc_max.rs" 6 0 6 64] | s6 = return' {_0} ] ] ) - [ & _0 : borrowed uint32 = any_l () - | & ma : borrowed uint32 = ma - | & mb : borrowed uint32 = mb - | & _3 : borrowed uint32 = any_l () - | & _5 : borrowed uint32 = any_l () + [ & _0 : borrowed UInt32.t = any_l () + | & ma : borrowed UInt32.t = ma + | & mb : borrowed UInt32.t = mb + | & _3 : borrowed UInt32.t = any_l () + | & _5 : borrowed UInt32.t = any_l () | & _6 : bool = any_l () - | & _9 : borrowed uint32 = any_l () ] + | & _9 : borrowed UInt32.t = any_l () ] - [ return' (result:borrowed uint32)-> {[@expl:take_max ensures] [%#sinc_max0] if ma.current >= mb.current then + [ return' (result:borrowed UInt32.t)-> {[@expl:take_max ensures] [%#sinc_max0] if UInt32.uge ma.current mb.current then mb.current = mb.final /\ result = ma else ma.current = ma.final /\ result = mb @@ -72,15 +142,85 @@ module M_inc_max__inc_max [#"inc_max.rs" 15 0 15 38] let%span sinc_max2 = "inc_max.rs" 14 11 14 49 let%span sinc_max3 = "inc_max.rs" 4 0 5 56 let%span sresolve4 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 + let%span sord5 = "../../../../creusot-contracts/src/logic/ord.rs" 78 39 78 89 + let%span sord6 = "../../../../creusot-contracts/src/logic/ord.rs" 83 39 83 86 + let%span sord7 = "../../../../creusot-contracts/src/logic/ord.rs" 88 39 88 86 + let%span sord8 = "../../../../creusot-contracts/src/logic/ord.rs" 93 39 93 89 + let%span sord9 = "../../../../creusot-contracts/src/logic/ord.rs" 98 39 98 70 + let%span sord10 = "../../../../creusot-contracts/src/logic/ord.rs" 103 40 103 57 + let%span sord11 = "../../../../creusot-contracts/src/logic/ord.rs" 104 40 104 57 + let%span sord12 = "../../../../creusot-contracts/src/logic/ord.rs" 105 39 105 56 + let%span sord13 = "../../../../creusot-contracts/src/logic/ord.rs" 110 40 110 70 + let%span sord14 = "../../../../creusot-contracts/src/logic/ord.rs" 111 39 111 72 + let%span sord15 = "../../../../creusot-contracts/src/logic/ord.rs" 116 40 116 73 + let%span sord16 = "../../../../creusot-contracts/src/logic/ord.rs" 117 39 117 69 + let%span sord17 = "../../../../creusot-contracts/src/logic/ord.rs" 122 39 122 84 + let%span sord18 = "../../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 use prelude.prelude.Borrow + use prelude.prelude.Int + use prelude.prelude.UInt32 - use prelude.prelude.Int + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 + + use prelude.prelude.UInt32 + + function cmp_log'0 (self : UInt32.t) (o : UInt32.t) : t_Ordering'0 = + [%#sord18] if UInt32.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + + function eq_cmp'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom eq_cmp'0_spec : forall x : UInt32.t, y : UInt32.t . [%#sord17] (x = y) = (cmp_log'0 x y = C_Equal'0) + + function antisym2'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom antisym2'0_spec : forall x : UInt32.t, y : UInt32.t . ([%#sord15] cmp_log'0 x y = C_Greater'0) + -> ([%#sord16] cmp_log'0 y x = C_Less'0) + + function antisym1'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom antisym1'0_spec : forall x : UInt32.t, y : UInt32.t . ([%#sord13] cmp_log'0 x y = C_Less'0) + -> ([%#sord14] cmp_log'0 y x = C_Greater'0) + + function trans'0 (x : UInt32.t) (y : UInt32.t) (z : UInt32.t) (o : t_Ordering'0) : () + + axiom trans'0_spec : forall x : UInt32.t, y : UInt32.t, z : UInt32.t, o : t_Ordering'0 . ([%#sord10] cmp_log'0 x y + = o) -> ([%#sord11] cmp_log'0 y z = o) -> ([%#sord12] cmp_log'0 x z = o) + + function refl'0 (x : UInt32.t) : () + + axiom refl'0_spec : forall x : UInt32.t . [%#sord9] cmp_log'0 x x = C_Equal'0 + + use prelude.prelude.UInt32 + + function cmp_gt_log'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom cmp_gt_log'0_spec : forall x : UInt32.t, y : UInt32.t . [%#sord8] UInt32.ugt x y = (cmp_log'0 x y = C_Greater'0) + + use prelude.prelude.UInt32 + + function cmp_ge_log'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom cmp_ge_log'0_spec : forall x : UInt32.t, y : UInt32.t . [%#sord7] UInt32.uge x y = (cmp_log'0 x y <> C_Less'0) + + function cmp_lt_log'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom cmp_lt_log'0_spec : forall x : UInt32.t, y : UInt32.t . [%#sord6] UInt32.ult x y = (cmp_log'0 x y = C_Less'0) + + use prelude.prelude.UInt32 + + function cmp_le_log'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom cmp_le_log'0_spec : forall x : UInt32.t, y : UInt32.t . [%#sord5] UInt32.ule x y + = (cmp_log'0 x y <> C_Greater'0) - let rec take_max'0 (ma:borrowed uint32) (mb:borrowed uint32) (return' (ret:borrowed uint32))= any - [ return' (result:borrowed uint32)-> {[%#sinc_max3] if ma.current >= mb.current then + let rec take_max'0 (ma:borrowed UInt32.t) (mb:borrowed UInt32.t) (return' (ret:borrowed UInt32.t))= any + [ return' (result:borrowed UInt32.t)-> {[%#sinc_max3] if UInt32.uge ma.current mb.current then mb.current = mb.final /\ result = ma else ma.current = ma.final /\ result = mb @@ -88,35 +228,36 @@ module M_inc_max__inc_max [#"inc_max.rs" 15 0 15 38] (! return' {result}) ] - predicate resolve'1 (self : borrowed uint32) = + predicate resolve'1 (self : borrowed UInt32.t) = [%#sresolve4] self.final = self.current - predicate resolve'0 (_1 : borrowed uint32) = + predicate resolve'0 (_1 : borrowed UInt32.t) = resolve'1 _1 use prelude.prelude.Intrinsic meta "compute_max_steps" 1000000 - let rec inc_max'0 (a:uint32) (b:uint32) (return' (ret:()))= {[@expl:inc_max requires] [%#sinc_max2] a - <= (1000000 : uint32) - /\ b <= (1000000 : uint32)} + let rec inc_max'0 (a:UInt32.t) (b:UInt32.t) (return' (ret:()))= {[@expl:inc_max requires] [%#sinc_max2] UInt32.ule a (1000000 : UInt32.t) + /\ UInt32.ule b (1000000 : UInt32.t)} (! bb0 [ bb0 = s0 - [ s0 = Borrow.borrow_mut {a} (fun (_ret':borrowed uint32) -> [ &_6 <- _ret' ] [ &a <- _ret'.final ] s1) - | s1 = Borrow.borrow_final {_6.current} {Borrow.get_id _6} - (fun (_ret':borrowed uint32) -> [ &_5 <- _ret' ] [ &_6 <- { _6 with current = _ret'.final } ] s2) - | s2 = Borrow.borrow_mut {b} (fun (_ret':borrowed uint32) -> [ &_8 <- _ret' ] [ &b <- _ret'.final ] s3) - | s3 = Borrow.borrow_final {_8.current} {Borrow.get_id _8} - (fun (_ret':borrowed uint32) -> [ &_7 <- _ret' ] [ &_8 <- { _8 with current = _ret'.final } ] s4) - | s4 = take_max'0 {_5} {_7} (fun (_ret':borrowed uint32) -> [ &mc <- _ret' ] s5) + [ s0 = Borrow.borrow_mut {a} + (fun (_ret':borrowed UInt32.t) -> [ &_6 <- _ret' ] [ &a <- _ret'.final ] s1) + | s1 = Borrow.borrow_final {_6.current} {Borrow.get_id _6} + (fun (_ret':borrowed UInt32.t) -> [ &_5 <- _ret' ] [ &_6 <- { _6 with current = _ret'.final } ] s2) + | s2 = Borrow.borrow_mut {b} + (fun (_ret':borrowed UInt32.t) -> [ &_8 <- _ret' ] [ &b <- _ret'.final ] s3) + | s3 = Borrow.borrow_final {_8.current} {Borrow.get_id _8} + (fun (_ret':borrowed UInt32.t) -> [ &_7 <- _ret' ] [ &_8 <- { _8 with current = _ret'.final } ] s4) + | s4 = take_max'0 {_5} {_7} (fun (_ret':borrowed UInt32.t) -> [ &mc <- _ret' ] s5) | s5 = bb1 ] | bb1 = s0 [ s0 = -{resolve'0 _8}- s1 | s1 = -{resolve'0 _6}- s2 - | s2 = UInt32.add {mc.current} {[%#sinc_max0] (1 : uint32)} - (fun (_ret':uint32) -> [ &mc <- { mc with current = _ret' } ] s3) + | s2 = UInt32.add {mc.current} {[%#sinc_max0] (1 : UInt32.t)} + (fun (_ret':UInt32.t) -> [ &mc <- { mc with current = _ret' } ] s3) | s3 = -{resolve'0 mc}- s4 | s4 = UInt32.ne {a} {b} (fun (_ret':bool) -> [ &_10 <- _ret' ] s5) | s5 = any [ br0 -> {_10 = false} (! bb3) | br1 -> {_10} (! bb2) ] ] @@ -125,13 +266,13 @@ module M_inc_max__inc_max [#"inc_max.rs" 15 0 15 38] | bb3 = {[%#sinc_max1] false} any ] ) [ & _0 : () = any_l () - | & a : uint32 = a - | & b : uint32 = b - | & mc : borrowed uint32 = any_l () - | & _5 : borrowed uint32 = any_l () - | & _6 : borrowed uint32 = any_l () - | & _7 : borrowed uint32 = any_l () - | & _8 : borrowed uint32 = any_l () + | & a : UInt32.t = a + | & b : UInt32.t = b + | & mc : borrowed UInt32.t = any_l () + | & _5 : borrowed UInt32.t = any_l () + | & _6 : borrowed UInt32.t = any_l () + | & _7 : borrowed UInt32.t = any_l () + | & _8 : borrowed UInt32.t = any_l () | & _10 : bool = any_l () ] [ return' (result:())-> (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/rusthorn/inc_max_3.coma b/creusot/tests/should_succeed/rusthorn/inc_max_3.coma index 5bfcb091ba..14be22f32f 100644 --- a/creusot/tests/should_succeed/rusthorn/inc_max_3.coma +++ b/creusot/tests/should_succeed/rusthorn/inc_max_3.coma @@ -5,53 +5,122 @@ module M_inc_max_3__inc_max_3 [#"inc_max_3.rs" 12 0 12 79] let%span sinc_max_33 = "inc_max_3.rs" 11 10 11 48 let%span sinc_max_34 = "inc_max_3.rs" 5 10 5 38 let%span sresolve5 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 + let%span sord6 = "../../../../creusot-contracts/src/logic/ord.rs" 78 39 78 89 + let%span sord7 = "../../../../creusot-contracts/src/logic/ord.rs" 83 39 83 86 + let%span sord8 = "../../../../creusot-contracts/src/logic/ord.rs" 88 39 88 86 + let%span sord9 = "../../../../creusot-contracts/src/logic/ord.rs" 93 39 93 89 + let%span sord10 = "../../../../creusot-contracts/src/logic/ord.rs" 98 39 98 70 + let%span sord11 = "../../../../creusot-contracts/src/logic/ord.rs" 103 40 103 57 + let%span sord12 = "../../../../creusot-contracts/src/logic/ord.rs" 104 40 104 57 + let%span sord13 = "../../../../creusot-contracts/src/logic/ord.rs" 105 39 105 56 + let%span sord14 = "../../../../creusot-contracts/src/logic/ord.rs" 110 40 110 70 + let%span sord15 = "../../../../creusot-contracts/src/logic/ord.rs" 111 39 111 72 + let%span sord16 = "../../../../creusot-contracts/src/logic/ord.rs" 116 40 116 73 + let%span sord17 = "../../../../creusot-contracts/src/logic/ord.rs" 117 39 117 69 + let%span sord18 = "../../../../creusot-contracts/src/logic/ord.rs" 122 39 122 84 + let%span sord19 = "../../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 use prelude.prelude.UInt32 use prelude.prelude.Borrow - let rec swap'0 (mma:borrowed (borrowed uint32)) (mmb:borrowed (borrowed uint32)) (return' (ret:()))= any + use prelude.prelude.Int + + let rec swap'0 (mma:borrowed (borrowed UInt32.t)) (mmb:borrowed (borrowed UInt32.t)) (return' (ret:()))= any [ return' (result:())-> {[%#sinc_max_34] mma.final = mmb.current /\ mmb.final = mma.current} (! return' {result}) ] - predicate resolve'2 (self : borrowed (borrowed uint32)) = + predicate resolve'2 (self : borrowed (borrowed UInt32.t)) = [%#sresolve5] self.final = self.current - predicate resolve'0 (_1 : borrowed (borrowed uint32)) = + predicate resolve'0 (_1 : borrowed (borrowed UInt32.t)) = resolve'2 _1 - predicate resolve'3 (self : borrowed uint32) = + predicate resolve'3 (self : borrowed UInt32.t) = [%#sresolve5] self.final = self.current - predicate resolve'1 (_1 : borrowed uint32) = + predicate resolve'1 (_1 : borrowed UInt32.t) = resolve'3 _1 use prelude.prelude.Intrinsic - use prelude.prelude.Int + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 + + use prelude.prelude.UInt32 + + function cmp_log'0 (self : UInt32.t) (o : UInt32.t) : t_Ordering'0 = + [%#sord19] if UInt32.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + + function eq_cmp'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom eq_cmp'0_spec : forall x : UInt32.t, y : UInt32.t . [%#sord18] (x = y) = (cmp_log'0 x y = C_Equal'0) + + function antisym2'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom antisym2'0_spec : forall x : UInt32.t, y : UInt32.t . ([%#sord16] cmp_log'0 x y = C_Greater'0) + -> ([%#sord17] cmp_log'0 y x = C_Less'0) + + function antisym1'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom antisym1'0_spec : forall x : UInt32.t, y : UInt32.t . ([%#sord14] cmp_log'0 x y = C_Less'0) + -> ([%#sord15] cmp_log'0 y x = C_Greater'0) + + function trans'0 (x : UInt32.t) (y : UInt32.t) (z : UInt32.t) (o : t_Ordering'0) : () + + axiom trans'0_spec : forall x : UInt32.t, y : UInt32.t, z : UInt32.t, o : t_Ordering'0 . ([%#sord11] cmp_log'0 x y + = o) -> ([%#sord12] cmp_log'0 y z = o) -> ([%#sord13] cmp_log'0 x z = o) + + function refl'0 (x : UInt32.t) : () + + axiom refl'0_spec : forall x : UInt32.t . [%#sord10] cmp_log'0 x x = C_Equal'0 + + use prelude.prelude.UInt32 + + function cmp_gt_log'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom cmp_gt_log'0_spec : forall x : UInt32.t, y : UInt32.t . [%#sord9] UInt32.ugt x y = (cmp_log'0 x y = C_Greater'0) + + use prelude.prelude.UInt32 + + function cmp_ge_log'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom cmp_ge_log'0_spec : forall x : UInt32.t, y : UInt32.t . [%#sord8] UInt32.uge x y = (cmp_log'0 x y <> C_Less'0) + + function cmp_lt_log'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom cmp_lt_log'0_spec : forall x : UInt32.t, y : UInt32.t . [%#sord7] UInt32.ult x y = (cmp_log'0 x y = C_Less'0) + + use prelude.prelude.UInt32 + + function cmp_le_log'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom cmp_le_log'0_spec : forall x : UInt32.t, y : UInt32.t . [%#sord6] UInt32.ule x y + = (cmp_log'0 x y <> C_Greater'0) meta "compute_max_steps" 1000000 - let rec inc_max_3'0 (ma:borrowed uint32) (mb:borrowed uint32) (mc:borrowed uint32) (return' (ret:()))= {[@expl:inc_max_3 requires] [%#sinc_max_32] ma.current - <= (1000000 : uint32) - /\ mb.current <= (1000000 : uint32) /\ mc.current <= (1000000 : uint32)} + let rec inc_max_3'0 (ma:borrowed UInt32.t) (mb:borrowed UInt32.t) (mc:borrowed UInt32.t) (return' (ret:()))= {[@expl:inc_max_3 requires] [%#sinc_max_32] UInt32.ule ma.current (1000000 : UInt32.t) + /\ UInt32.ule mb.current (1000000 : UInt32.t) /\ UInt32.ule mc.current (1000000 : UInt32.t)} (! bb0 [ bb0 = s0 [ s0 = UInt32.lt {ma.current} {mb.current} (fun (_ret':bool) -> [ &_7 <- _ret' ] s1) | s1 = any [ br0 -> {_7 = false} (! bb3) | br1 -> {_7} (! bb1) ] ] | bb1 = s0 - [ s0 = Borrow.borrow_mut {ma} - (fun (_ret':borrowed (borrowed uint32)) -> [ &_12 <- _ret' ] [ &ma <- _ret'.final ] s1) - | s1 = Borrow.borrow_final {_12.current} {Borrow.get_id _12} - (fun (_ret':borrowed (borrowed uint32)) -> + [ s0 = Borrow.borrow_mut {ma} + (fun (_ret':borrowed (borrowed UInt32.t)) -> [ &_12 <- _ret' ] [ &ma <- _ret'.final ] s1) + | s1 = Borrow.borrow_final {_12.current} {Borrow.get_id _12} + (fun (_ret':borrowed (borrowed UInt32.t)) -> [ &_11 <- _ret' ] [ &_12 <- { _12 with current = _ret'.final } ] s2) - | s2 = Borrow.borrow_mut {mb} - (fun (_ret':borrowed (borrowed uint32)) -> [ &_14 <- _ret' ] [ &mb <- _ret'.final ] s3) - | s3 = Borrow.borrow_final {_14.current} {Borrow.get_id _14} - (fun (_ret':borrowed (borrowed uint32)) -> + | s2 = Borrow.borrow_mut {mb} + (fun (_ret':borrowed (borrowed UInt32.t)) -> [ &_14 <- _ret' ] [ &mb <- _ret'.final ] s3) + | s3 = Borrow.borrow_final {_14.current} {Borrow.get_id _14} + (fun (_ret':borrowed (borrowed UInt32.t)) -> [ &_13 <- _ret' ] [ &_14 <- { _14 with current = _ret'.final } ] s4) @@ -65,17 +134,17 @@ module M_inc_max_3__inc_max_3 [#"inc_max_3.rs" 12 0 12 79] | s1 = any [ br0 -> {_16 = false} (! bb7) | br1 -> {_16} (! bb5) ] ] | bb5 = s0 - [ s0 = Borrow.borrow_mut {mb} - (fun (_ret':borrowed (borrowed uint32)) -> [ &_21 <- _ret' ] [ &mb <- _ret'.final ] s1) - | s1 = Borrow.borrow_final {_21.current} {Borrow.get_id _21} - (fun (_ret':borrowed (borrowed uint32)) -> + [ s0 = Borrow.borrow_mut {mb} + (fun (_ret':borrowed (borrowed UInt32.t)) -> [ &_21 <- _ret' ] [ &mb <- _ret'.final ] s1) + | s1 = Borrow.borrow_final {_21.current} {Borrow.get_id _21} + (fun (_ret':borrowed (borrowed UInt32.t)) -> [ &_20 <- _ret' ] [ &_21 <- { _21 with current = _ret'.final } ] s2) - | s2 = Borrow.borrow_mut {mc} - (fun (_ret':borrowed (borrowed uint32)) -> [ &_23 <- _ret' ] [ &mc <- _ret'.final ] s3) - | s3 = Borrow.borrow_final {_23.current} {Borrow.get_id _23} - (fun (_ret':borrowed (borrowed uint32)) -> + | s2 = Borrow.borrow_mut {mc} + (fun (_ret':borrowed (borrowed UInt32.t)) -> [ &_23 <- _ret' ] [ &mc <- _ret'.final ] s3) + | s3 = Borrow.borrow_final {_23.current} {Borrow.get_id _23} + (fun (_ret':borrowed (borrowed UInt32.t)) -> [ &_22 <- _ret' ] [ &_23 <- { _23 with current = _ret'.final } ] s4) @@ -89,17 +158,17 @@ module M_inc_max_3__inc_max_3 [#"inc_max_3.rs" 12 0 12 79] | s1 = any [ br0 -> {_25 = false} (! bb11) | br1 -> {_25} (! bb9) ] ] | bb9 = s0 - [ s0 = Borrow.borrow_mut {ma} - (fun (_ret':borrowed (borrowed uint32)) -> [ &_30 <- _ret' ] [ &ma <- _ret'.final ] s1) - | s1 = Borrow.borrow_final {_30.current} {Borrow.get_id _30} - (fun (_ret':borrowed (borrowed uint32)) -> + [ s0 = Borrow.borrow_mut {ma} + (fun (_ret':borrowed (borrowed UInt32.t)) -> [ &_30 <- _ret' ] [ &ma <- _ret'.final ] s1) + | s1 = Borrow.borrow_final {_30.current} {Borrow.get_id _30} + (fun (_ret':borrowed (borrowed UInt32.t)) -> [ &_29 <- _ret' ] [ &_30 <- { _30 with current = _ret'.final } ] s2) - | s2 = Borrow.borrow_mut {mb} - (fun (_ret':borrowed (borrowed uint32)) -> [ &_32 <- _ret' ] [ &mb <- _ret'.final ] s3) - | s3 = Borrow.borrow_final {_32.current} {Borrow.get_id _32} - (fun (_ret':borrowed (borrowed uint32)) -> + | s2 = Borrow.borrow_mut {mb} + (fun (_ret':borrowed (borrowed UInt32.t)) -> [ &_32 <- _ret' ] [ &mb <- _ret'.final ] s3) + | s3 = Borrow.borrow_final {_32.current} {Borrow.get_id _32} + (fun (_ret':borrowed (borrowed UInt32.t)) -> [ &_31 <- _ret' ] [ &_32 <- { _32 with current = _ret'.final } ] s4) @@ -109,37 +178,37 @@ module M_inc_max_3__inc_max_3 [#"inc_max_3.rs" 12 0 12 79] | bb10 = s0 [ s0 = -{resolve'0 _32}- s1 | s1 = -{resolve'0 _30}- s2 | s2 = bb12 ] | bb11 = bb12 | bb12 = s0 - [ s0 = UInt32.add {ma.current} {[%#sinc_max_30] (2 : uint32)} - (fun (_ret':uint32) -> [ &ma <- { ma with current = _ret' } ] s1) + [ s0 = UInt32.add {ma.current} {[%#sinc_max_30] (2 : UInt32.t)} + (fun (_ret':UInt32.t) -> [ &ma <- { ma with current = _ret' } ] s1) | s1 = -{resolve'1 ma}- s2 - | s2 = UInt32.add {mb.current} {[%#sinc_max_31] (1 : uint32)} - (fun (_ret':uint32) -> [ &mb <- { mb with current = _ret' } ] s3) + | s2 = UInt32.add {mb.current} {[%#sinc_max_31] (1 : UInt32.t)} + (fun (_ret':UInt32.t) -> [ &mb <- { mb with current = _ret' } ] s3) | s3 = -{resolve'1 mb}- s4 | s4 = return' {_0} ] ] ) [ & _0 : () = any_l () - | & ma : borrowed uint32 = ma - | & mb : borrowed uint32 = mb - | & mc : borrowed uint32 = mc + | & ma : borrowed UInt32.t = ma + | & mb : borrowed UInt32.t = mb + | & mc : borrowed UInt32.t = mc | & _7 : bool = any_l () | & _10 : () = any_l () - | & _11 : borrowed (borrowed uint32) = any_l () - | & _12 : borrowed (borrowed uint32) = any_l () - | & _13 : borrowed (borrowed uint32) = any_l () - | & _14 : borrowed (borrowed uint32) = any_l () + | & _11 : borrowed (borrowed UInt32.t) = any_l () + | & _12 : borrowed (borrowed UInt32.t) = any_l () + | & _13 : borrowed (borrowed UInt32.t) = any_l () + | & _14 : borrowed (borrowed UInt32.t) = any_l () | & _16 : bool = any_l () | & _19 : () = any_l () - | & _20 : borrowed (borrowed uint32) = any_l () - | & _21 : borrowed (borrowed uint32) = any_l () - | & _22 : borrowed (borrowed uint32) = any_l () - | & _23 : borrowed (borrowed uint32) = any_l () + | & _20 : borrowed (borrowed UInt32.t) = any_l () + | & _21 : borrowed (borrowed UInt32.t) = any_l () + | & _22 : borrowed (borrowed UInt32.t) = any_l () + | & _23 : borrowed (borrowed UInt32.t) = any_l () | & _25 : bool = any_l () | & _28 : () = any_l () - | & _29 : borrowed (borrowed uint32) = any_l () - | & _30 : borrowed (borrowed uint32) = any_l () - | & _31 : borrowed (borrowed uint32) = any_l () - | & _32 : borrowed (borrowed uint32) = any_l () ] + | & _29 : borrowed (borrowed UInt32.t) = any_l () + | & _30 : borrowed (borrowed UInt32.t) = any_l () + | & _31 : borrowed (borrowed UInt32.t) = any_l () + | & _32 : borrowed (borrowed UInt32.t) = any_l () ] [ return' (result:())-> {[@expl:inc_max_3 ensures] [%#sinc_max_33] ma.final <> mb.final /\ mb.final <> mc.final /\ mc.final <> ma.final} @@ -152,46 +221,116 @@ module M_inc_max_3__test_inc_max_3 [#"inc_max_3.rs" 27 0 27 57] let%span sinc_max_32 = "inc_max_3.rs" 10 11 10 76 let%span sinc_max_33 = "inc_max_3.rs" 11 10 11 48 let%span sresolve4 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 + let%span sord5 = "../../../../creusot-contracts/src/logic/ord.rs" 78 39 78 89 + let%span sord6 = "../../../../creusot-contracts/src/logic/ord.rs" 83 39 83 86 + let%span sord7 = "../../../../creusot-contracts/src/logic/ord.rs" 88 39 88 86 + let%span sord8 = "../../../../creusot-contracts/src/logic/ord.rs" 93 39 93 89 + let%span sord9 = "../../../../creusot-contracts/src/logic/ord.rs" 98 39 98 70 + let%span sord10 = "../../../../creusot-contracts/src/logic/ord.rs" 103 40 103 57 + let%span sord11 = "../../../../creusot-contracts/src/logic/ord.rs" 104 40 104 57 + let%span sord12 = "../../../../creusot-contracts/src/logic/ord.rs" 105 39 105 56 + let%span sord13 = "../../../../creusot-contracts/src/logic/ord.rs" 110 40 110 70 + let%span sord14 = "../../../../creusot-contracts/src/logic/ord.rs" 111 39 111 72 + let%span sord15 = "../../../../creusot-contracts/src/logic/ord.rs" 116 40 116 73 + let%span sord16 = "../../../../creusot-contracts/src/logic/ord.rs" 117 39 117 69 + let%span sord17 = "../../../../creusot-contracts/src/logic/ord.rs" 122 39 122 84 + let%span sord18 = "../../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 use prelude.prelude.Borrow + use prelude.prelude.Int + use prelude.prelude.UInt32 - use prelude.prelude.Int + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 + + use prelude.prelude.UInt32 + + function cmp_log'0 (self : UInt32.t) (o : UInt32.t) : t_Ordering'0 = + [%#sord18] if UInt32.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + + function eq_cmp'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom eq_cmp'0_spec : forall x : UInt32.t, y : UInt32.t . [%#sord17] (x = y) = (cmp_log'0 x y = C_Equal'0) + + function antisym2'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom antisym2'0_spec : forall x : UInt32.t, y : UInt32.t . ([%#sord15] cmp_log'0 x y = C_Greater'0) + -> ([%#sord16] cmp_log'0 y x = C_Less'0) + + function antisym1'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom antisym1'0_spec : forall x : UInt32.t, y : UInt32.t . ([%#sord13] cmp_log'0 x y = C_Less'0) + -> ([%#sord14] cmp_log'0 y x = C_Greater'0) + + function trans'0 (x : UInt32.t) (y : UInt32.t) (z : UInt32.t) (o : t_Ordering'0) : () + + axiom trans'0_spec : forall x : UInt32.t, y : UInt32.t, z : UInt32.t, o : t_Ordering'0 . ([%#sord10] cmp_log'0 x y + = o) -> ([%#sord11] cmp_log'0 y z = o) -> ([%#sord12] cmp_log'0 x z = o) + + function refl'0 (x : UInt32.t) : () + + axiom refl'0_spec : forall x : UInt32.t . [%#sord9] cmp_log'0 x x = C_Equal'0 + + use prelude.prelude.UInt32 + + function cmp_gt_log'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom cmp_gt_log'0_spec : forall x : UInt32.t, y : UInt32.t . [%#sord8] UInt32.ugt x y = (cmp_log'0 x y = C_Greater'0) + + use prelude.prelude.UInt32 + + function cmp_ge_log'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom cmp_ge_log'0_spec : forall x : UInt32.t, y : UInt32.t . [%#sord7] UInt32.uge x y = (cmp_log'0 x y <> C_Less'0) + + function cmp_lt_log'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom cmp_lt_log'0_spec : forall x : UInt32.t, y : UInt32.t . [%#sord6] UInt32.ult x y = (cmp_log'0 x y = C_Less'0) + + use prelude.prelude.UInt32 + + function cmp_le_log'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom cmp_le_log'0_spec : forall x : UInt32.t, y : UInt32.t . [%#sord5] UInt32.ule x y + = (cmp_log'0 x y <> C_Greater'0) - let rec inc_max_3'0 (ma:borrowed uint32) (mb:borrowed uint32) (mc:borrowed uint32) (return' (ret:()))= {[@expl:inc_max_3 requires] [%#sinc_max_32] ma.current - <= (1000000 : uint32) - /\ mb.current <= (1000000 : uint32) /\ mc.current <= (1000000 : uint32)} + let rec inc_max_3'0 (ma:borrowed UInt32.t) (mb:borrowed UInt32.t) (mc:borrowed UInt32.t) (return' (ret:()))= {[@expl:inc_max_3 requires] [%#sinc_max_32] UInt32.ule ma.current (1000000 : UInt32.t) + /\ UInt32.ule mb.current (1000000 : UInt32.t) /\ UInt32.ule mc.current (1000000 : UInt32.t)} any [ return' (result:())-> {[%#sinc_max_33] ma.final <> mb.final /\ mb.final <> mc.final /\ mc.final <> ma.final} (! return' {result}) ] - predicate resolve'1 (self : borrowed uint32) = + predicate resolve'1 (self : borrowed UInt32.t) = [%#sresolve4] self.final = self.current - predicate resolve'0 (_1 : borrowed uint32) = + predicate resolve'0 (_1 : borrowed UInt32.t) = resolve'1 _1 use prelude.prelude.Intrinsic meta "compute_max_steps" 1000000 - let rec test_inc_max_3'0 (a:uint32) (b:uint32) (c:uint32) (return' (ret:()))= {[@expl:test_inc_max_3 requires] [%#sinc_max_31] a - <= (1000000 : uint32) - /\ b <= (1000000 : uint32) /\ c <= (1000000 : uint32)} + let rec test_inc_max_3'0 (a:UInt32.t) (b:UInt32.t) (c:UInt32.t) (return' (ret:()))= {[@expl:test_inc_max_3 requires] [%#sinc_max_31] UInt32.ule a (1000000 : UInt32.t) + /\ UInt32.ule b (1000000 : UInt32.t) /\ UInt32.ule c (1000000 : UInt32.t)} (! bb0 [ bb0 = s0 - [ s0 = Borrow.borrow_mut {a} (fun (_ret':borrowed uint32) -> [ &_7 <- _ret' ] [ &a <- _ret'.final ] s1) - | s1 = Borrow.borrow_final {_7.current} {Borrow.get_id _7} - (fun (_ret':borrowed uint32) -> [ &_6 <- _ret' ] [ &_7 <- { _7 with current = _ret'.final } ] s2) - | s2 = Borrow.borrow_mut {b} (fun (_ret':borrowed uint32) -> [ &_9 <- _ret' ] [ &b <- _ret'.final ] s3) - | s3 = Borrow.borrow_final {_9.current} {Borrow.get_id _9} - (fun (_ret':borrowed uint32) -> [ &_8 <- _ret' ] [ &_9 <- { _9 with current = _ret'.final } ] s4) - | s4 = Borrow.borrow_mut {c} - (fun (_ret':borrowed uint32) -> [ &_11 <- _ret' ] [ &c <- _ret'.final ] s5) - | s5 = Borrow.borrow_final {_11.current} {Borrow.get_id _11} - (fun (_ret':borrowed uint32) -> [ &_10 <- _ret' ] [ &_11 <- { _11 with current = _ret'.final } ] s6) + [ s0 = Borrow.borrow_mut {a} + (fun (_ret':borrowed UInt32.t) -> [ &_7 <- _ret' ] [ &a <- _ret'.final ] s1) + | s1 = Borrow.borrow_final {_7.current} {Borrow.get_id _7} + (fun (_ret':borrowed UInt32.t) -> [ &_6 <- _ret' ] [ &_7 <- { _7 with current = _ret'.final } ] s2) + | s2 = Borrow.borrow_mut {b} + (fun (_ret':borrowed UInt32.t) -> [ &_9 <- _ret' ] [ &b <- _ret'.final ] s3) + | s3 = Borrow.borrow_final {_9.current} {Borrow.get_id _9} + (fun (_ret':borrowed UInt32.t) -> [ &_8 <- _ret' ] [ &_9 <- { _9 with current = _ret'.final } ] s4) + | s4 = Borrow.borrow_mut {c} + (fun (_ret':borrowed UInt32.t) -> [ &_11 <- _ret' ] [ &c <- _ret'.final ] s5) + | s5 = Borrow.borrow_final {_11.current} {Borrow.get_id _11} + (fun (_ret':borrowed UInt32.t) -> [ &_10 <- _ret' ] [ &_11 <- { _11 with current = _ret'.final } ] s6) | s6 = inc_max_3'0 {_6} {_8} {_10} (fun (_ret':()) -> [ &_5 <- _ret' ] s7) | s7 = bb1 ] @@ -217,16 +356,16 @@ module M_inc_max_3__test_inc_max_3 [#"inc_max_3.rs" 27 0 27 57] | bb8 = {[%#sinc_max_30] false} any ] ) [ & _0 : () = any_l () - | & a : uint32 = a - | & b : uint32 = b - | & c : uint32 = c + | & a : UInt32.t = a + | & b : UInt32.t = b + | & c : UInt32.t = c | & _5 : () = any_l () - | & _6 : borrowed uint32 = any_l () - | & _7 : borrowed uint32 = any_l () - | & _8 : borrowed uint32 = any_l () - | & _9 : borrowed uint32 = any_l () - | & _10 : borrowed uint32 = any_l () - | & _11 : borrowed uint32 = any_l () + | & _6 : borrowed UInt32.t = any_l () + | & _7 : borrowed UInt32.t = any_l () + | & _8 : borrowed UInt32.t = any_l () + | & _9 : borrowed UInt32.t = any_l () + | & _10 : borrowed UInt32.t = any_l () + | & _11 : borrowed UInt32.t = any_l () | & _13 : bool = any_l () | & _16 : bool = any_l () | & _19 : bool = any_l () ] diff --git a/creusot/tests/should_succeed/rusthorn/inc_max_many.coma b/creusot/tests/should_succeed/rusthorn/inc_max_many.coma index c742bf3355..9f876633c0 100644 --- a/creusot/tests/should_succeed/rusthorn/inc_max_many.coma +++ b/creusot/tests/should_succeed/rusthorn/inc_max_many.coma @@ -1,48 +1,118 @@ module M_inc_max_many__take_max [#"inc_max_many.rs" 6 0 6 64] let%span sinc_max_many0 = "inc_max_many.rs" 4 0 5 56 let%span sresolve1 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 + let%span sord2 = "../../../../creusot-contracts/src/logic/ord.rs" 78 39 78 89 + let%span sord3 = "../../../../creusot-contracts/src/logic/ord.rs" 83 39 83 86 + let%span sord4 = "../../../../creusot-contracts/src/logic/ord.rs" 88 39 88 86 + let%span sord5 = "../../../../creusot-contracts/src/logic/ord.rs" 93 39 93 89 + let%span sord6 = "../../../../creusot-contracts/src/logic/ord.rs" 98 39 98 70 + let%span sord7 = "../../../../creusot-contracts/src/logic/ord.rs" 103 40 103 57 + let%span sord8 = "../../../../creusot-contracts/src/logic/ord.rs" 104 40 104 57 + let%span sord9 = "../../../../creusot-contracts/src/logic/ord.rs" 105 39 105 56 + let%span sord10 = "../../../../creusot-contracts/src/logic/ord.rs" 110 40 110 70 + let%span sord11 = "../../../../creusot-contracts/src/logic/ord.rs" 111 39 111 72 + let%span sord12 = "../../../../creusot-contracts/src/logic/ord.rs" 116 40 116 73 + let%span sord13 = "../../../../creusot-contracts/src/logic/ord.rs" 117 39 117 69 + let%span sord14 = "../../../../creusot-contracts/src/logic/ord.rs" 122 39 122 84 + let%span sord15 = "../../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 use prelude.prelude.UInt32 use prelude.prelude.Borrow - predicate resolve'1 (self : borrowed uint32) = + use prelude.prelude.Int + + predicate resolve'1 (self : borrowed UInt32.t) = [%#sresolve1] self.final = self.current - predicate resolve'0 (_1 : borrowed uint32) = + predicate resolve'0 (_1 : borrowed UInt32.t) = resolve'1 _1 use prelude.prelude.Intrinsic - use prelude.prelude.Int + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 + + use prelude.prelude.UInt32 + + function cmp_log'0 (self : UInt32.t) (o : UInt32.t) : t_Ordering'0 = + [%#sord15] if UInt32.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + + function eq_cmp'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom eq_cmp'0_spec : forall x : UInt32.t, y : UInt32.t . [%#sord14] (x = y) = (cmp_log'0 x y = C_Equal'0) + + function antisym2'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom antisym2'0_spec : forall x : UInt32.t, y : UInt32.t . ([%#sord12] cmp_log'0 x y = C_Greater'0) + -> ([%#sord13] cmp_log'0 y x = C_Less'0) + + function antisym1'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom antisym1'0_spec : forall x : UInt32.t, y : UInt32.t . ([%#sord10] cmp_log'0 x y = C_Less'0) + -> ([%#sord11] cmp_log'0 y x = C_Greater'0) + + function trans'0 (x : UInt32.t) (y : UInt32.t) (z : UInt32.t) (o : t_Ordering'0) : () + + axiom trans'0_spec : forall x : UInt32.t, y : UInt32.t, z : UInt32.t, o : t_Ordering'0 . ([%#sord7] cmp_log'0 x y = o) + -> ([%#sord8] cmp_log'0 y z = o) -> ([%#sord9] cmp_log'0 x z = o) + + function refl'0 (x : UInt32.t) : () + + axiom refl'0_spec : forall x : UInt32.t . [%#sord6] cmp_log'0 x x = C_Equal'0 + + use prelude.prelude.UInt32 + + function cmp_gt_log'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom cmp_gt_log'0_spec : forall x : UInt32.t, y : UInt32.t . [%#sord5] UInt32.ugt x y = (cmp_log'0 x y = C_Greater'0) + + use prelude.prelude.UInt32 + + function cmp_ge_log'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom cmp_ge_log'0_spec : forall x : UInt32.t, y : UInt32.t . [%#sord4] UInt32.uge x y = (cmp_log'0 x y <> C_Less'0) + + function cmp_lt_log'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom cmp_lt_log'0_spec : forall x : UInt32.t, y : UInt32.t . [%#sord3] UInt32.ult x y = (cmp_log'0 x y = C_Less'0) + + use prelude.prelude.UInt32 + + function cmp_le_log'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom cmp_le_log'0_spec : forall x : UInt32.t, y : UInt32.t . [%#sord2] UInt32.ule x y + = (cmp_log'0 x y <> C_Greater'0) meta "compute_max_steps" 1000000 - let rec take_max'0 (ma:borrowed uint32) (mb:borrowed uint32) (return' (ret:borrowed uint32))= (! bb0 + let rec take_max'0 (ma:borrowed UInt32.t) (mb:borrowed UInt32.t) (return' (ret:borrowed UInt32.t))= (! bb0 [ bb0 = s0 [ s0 = UInt32.ge {ma.current} {mb.current} (fun (_ret':bool) -> [ &_6 <- _ret' ] s1) | s1 = any [ br0 -> {_6 = false} (! bb2) | br1 -> {_6} (! bb1) ] ] | bb1 = s0 [ s0 = -{resolve'0 mb}- s1 - | s1 = Borrow.borrow_final {ma.current} {Borrow.get_id ma} - (fun (_ret':borrowed uint32) -> [ &_9 <- _ret' ] [ &ma <- { ma with current = _ret'.final } ] s2) - | s2 = Borrow.borrow_final {_9.current} {Borrow.get_id _9} - (fun (_ret':borrowed uint32) -> [ &_5 <- _ret' ] [ &_9 <- { _9 with current = _ret'.final } ] s3) + | s1 = Borrow.borrow_final {ma.current} {Borrow.get_id ma} + (fun (_ret':borrowed UInt32.t) -> [ &_9 <- _ret' ] [ &ma <- { ma with current = _ret'.final } ] s2) + | s2 = Borrow.borrow_final {_9.current} {Borrow.get_id _9} + (fun (_ret':borrowed UInt32.t) -> [ &_5 <- _ret' ] [ &_9 <- { _9 with current = _ret'.final } ] s3) | s3 = -{resolve'0 _9}- s4 | s4 = bb3 ] | bb2 = s0 [ s0 = -{resolve'0 ma}- s1 - | s1 = Borrow.borrow_final {mb.current} {Borrow.get_id mb} - (fun (_ret':borrowed uint32) -> [ &_5 <- _ret' ] [ &mb <- { mb with current = _ret'.final } ] s2) + | s1 = Borrow.borrow_final {mb.current} {Borrow.get_id mb} + (fun (_ret':borrowed UInt32.t) -> [ &_5 <- _ret' ] [ &mb <- { mb with current = _ret'.final } ] s2) | s2 = bb3 ] | bb3 = s0 - [ s0 = Borrow.borrow_final {_5.current} {Borrow.get_id _5} - (fun (_ret':borrowed uint32) -> [ &_3 <- _ret' ] [ &_5 <- { _5 with current = _ret'.final } ] s1) - | s1 = Borrow.borrow_final {_3.current} {Borrow.get_id _3} - (fun (_ret':borrowed uint32) -> [ &_0 <- _ret' ] [ &_3 <- { _3 with current = _ret'.final } ] s2) + [ s0 = Borrow.borrow_final {_5.current} {Borrow.get_id _5} + (fun (_ret':borrowed UInt32.t) -> [ &_3 <- _ret' ] [ &_5 <- { _5 with current = _ret'.final } ] s1) + | s1 = Borrow.borrow_final {_3.current} {Borrow.get_id _3} + (fun (_ret':borrowed UInt32.t) -> [ &_0 <- _ret' ] [ &_3 <- { _3 with current = _ret'.final } ] s2) | s2 = -{resolve'0 _5}- s3 | s3 = -{resolve'0 _3}- s4 | s4 = -{resolve'0 mb}- s5 @@ -50,15 +120,15 @@ module M_inc_max_many__take_max [#"inc_max_many.rs" 6 0 6 64] | s6 = return' {_0} ] ] ) - [ & _0 : borrowed uint32 = any_l () - | & ma : borrowed uint32 = ma - | & mb : borrowed uint32 = mb - | & _3 : borrowed uint32 = any_l () - | & _5 : borrowed uint32 = any_l () + [ & _0 : borrowed UInt32.t = any_l () + | & ma : borrowed UInt32.t = ma + | & mb : borrowed UInt32.t = mb + | & _3 : borrowed UInt32.t = any_l () + | & _5 : borrowed UInt32.t = any_l () | & _6 : bool = any_l () - | & _9 : borrowed uint32 = any_l () ] + | & _9 : borrowed UInt32.t = any_l () ] - [ return' (result:borrowed uint32)-> {[@expl:take_max ensures] [%#sinc_max_many0] if ma.current >= mb.current then + [ return' (result:borrowed UInt32.t)-> {[@expl:take_max ensures] [%#sinc_max_many0] if UInt32.uge ma.current mb.current then mb.current = mb.final /\ result = ma else ma.current = ma.final /\ result = mb @@ -71,15 +141,85 @@ module M_inc_max_many__inc_max_many [#"inc_max_many.rs" 15 0 15 51] let%span sinc_max_many1 = "inc_max_many.rs" 14 11 14 70 let%span sinc_max_many2 = "inc_max_many.rs" 4 0 5 56 let%span sresolve3 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 + let%span sord4 = "../../../../creusot-contracts/src/logic/ord.rs" 78 39 78 89 + let%span sord5 = "../../../../creusot-contracts/src/logic/ord.rs" 83 39 83 86 + let%span sord6 = "../../../../creusot-contracts/src/logic/ord.rs" 88 39 88 86 + let%span sord7 = "../../../../creusot-contracts/src/logic/ord.rs" 93 39 93 89 + let%span sord8 = "../../../../creusot-contracts/src/logic/ord.rs" 98 39 98 70 + let%span sord9 = "../../../../creusot-contracts/src/logic/ord.rs" 103 40 103 57 + let%span sord10 = "../../../../creusot-contracts/src/logic/ord.rs" 104 40 104 57 + let%span sord11 = "../../../../creusot-contracts/src/logic/ord.rs" 105 39 105 56 + let%span sord12 = "../../../../creusot-contracts/src/logic/ord.rs" 110 40 110 70 + let%span sord13 = "../../../../creusot-contracts/src/logic/ord.rs" 111 39 111 72 + let%span sord14 = "../../../../creusot-contracts/src/logic/ord.rs" 116 40 116 73 + let%span sord15 = "../../../../creusot-contracts/src/logic/ord.rs" 117 39 117 69 + let%span sord16 = "../../../../creusot-contracts/src/logic/ord.rs" 122 39 122 84 + let%span sord17 = "../../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 use prelude.prelude.Borrow + use prelude.prelude.Int + use prelude.prelude.UInt32 - use prelude.prelude.Int + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 + + use prelude.prelude.UInt32 + + function cmp_log'0 (self : UInt32.t) (o : UInt32.t) : t_Ordering'0 = + [%#sord17] if UInt32.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + + function eq_cmp'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom eq_cmp'0_spec : forall x : UInt32.t, y : UInt32.t . [%#sord16] (x = y) = (cmp_log'0 x y = C_Equal'0) + + function antisym2'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom antisym2'0_spec : forall x : UInt32.t, y : UInt32.t . ([%#sord14] cmp_log'0 x y = C_Greater'0) + -> ([%#sord15] cmp_log'0 y x = C_Less'0) + + function antisym1'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom antisym1'0_spec : forall x : UInt32.t, y : UInt32.t . ([%#sord12] cmp_log'0 x y = C_Less'0) + -> ([%#sord13] cmp_log'0 y x = C_Greater'0) + + function trans'0 (x : UInt32.t) (y : UInt32.t) (z : UInt32.t) (o : t_Ordering'0) : () + + axiom trans'0_spec : forall x : UInt32.t, y : UInt32.t, z : UInt32.t, o : t_Ordering'0 . ([%#sord9] cmp_log'0 x y = o) + -> ([%#sord10] cmp_log'0 y z = o) -> ([%#sord11] cmp_log'0 x z = o) + + function refl'0 (x : UInt32.t) : () + + axiom refl'0_spec : forall x : UInt32.t . [%#sord8] cmp_log'0 x x = C_Equal'0 + + use prelude.prelude.UInt32 + + function cmp_gt_log'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom cmp_gt_log'0_spec : forall x : UInt32.t, y : UInt32.t . [%#sord7] UInt32.ugt x y = (cmp_log'0 x y = C_Greater'0) + + use prelude.prelude.UInt32 + + function cmp_ge_log'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom cmp_ge_log'0_spec : forall x : UInt32.t, y : UInt32.t . [%#sord6] UInt32.uge x y = (cmp_log'0 x y <> C_Less'0) + + function cmp_lt_log'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom cmp_lt_log'0_spec : forall x : UInt32.t, y : UInt32.t . [%#sord5] UInt32.ult x y = (cmp_log'0 x y = C_Less'0) + + use prelude.prelude.UInt32 + + function cmp_le_log'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom cmp_le_log'0_spec : forall x : UInt32.t, y : UInt32.t . [%#sord4] UInt32.ule x y + = (cmp_log'0 x y <> C_Greater'0) - let rec take_max'0 (ma:borrowed uint32) (mb:borrowed uint32) (return' (ret:borrowed uint32))= any - [ return' (result:borrowed uint32)-> {[%#sinc_max_many2] if ma.current >= mb.current then + let rec take_max'0 (ma:borrowed UInt32.t) (mb:borrowed UInt32.t) (return' (ret:borrowed UInt32.t))= any + [ return' (result:borrowed UInt32.t)-> {[%#sinc_max_many2] if UInt32.uge ma.current mb.current then mb.current = mb.final /\ result = ma else ma.current = ma.final /\ result = mb @@ -87,42 +227,43 @@ module M_inc_max_many__inc_max_many [#"inc_max_many.rs" 15 0 15 51] (! return' {result}) ] - predicate resolve'1 (self : borrowed uint32) = + predicate resolve'1 (self : borrowed UInt32.t) = [%#sresolve3] self.final = self.current - predicate resolve'0 (_1 : borrowed uint32) = + predicate resolve'0 (_1 : borrowed UInt32.t) = resolve'1 _1 use prelude.prelude.Intrinsic meta "compute_max_steps" 1000000 - let rec inc_max_many'0 (a:uint32) (b:uint32) (k:uint32) (return' (ret:()))= {[@expl:inc_max_many requires] [%#sinc_max_many1] a - <= (1000000 : uint32) - /\ b <= (1000000 : uint32) /\ k <= (1000000 : uint32)} + let rec inc_max_many'0 (a:UInt32.t) (b:UInt32.t) (k:UInt32.t) (return' (ret:()))= {[@expl:inc_max_many requires] [%#sinc_max_many1] UInt32.ule a (1000000 : UInt32.t) + /\ UInt32.ule b (1000000 : UInt32.t) /\ UInt32.ule k (1000000 : UInt32.t)} (! bb0 [ bb0 = s0 - [ s0 = Borrow.borrow_mut {a} (fun (_ret':borrowed uint32) -> [ &_7 <- _ret' ] [ &a <- _ret'.final ] s1) - | s1 = Borrow.borrow_final {_7.current} {Borrow.get_id _7} - (fun (_ret':borrowed uint32) -> [ &_6 <- _ret' ] [ &_7 <- { _7 with current = _ret'.final } ] s2) - | s2 = Borrow.borrow_mut {b} (fun (_ret':borrowed uint32) -> [ &_9 <- _ret' ] [ &b <- _ret'.final ] s3) - | s3 = Borrow.borrow_final {_9.current} {Borrow.get_id _9} - (fun (_ret':borrowed uint32) -> [ &_8 <- _ret' ] [ &_9 <- { _9 with current = _ret'.final } ] s4) - | s4 = take_max'0 {_6} {_8} (fun (_ret':borrowed uint32) -> [ &mc <- _ret' ] s5) + [ s0 = Borrow.borrow_mut {a} + (fun (_ret':borrowed UInt32.t) -> [ &_7 <- _ret' ] [ &a <- _ret'.final ] s1) + | s1 = Borrow.borrow_final {_7.current} {Borrow.get_id _7} + (fun (_ret':borrowed UInt32.t) -> [ &_6 <- _ret' ] [ &_7 <- { _7 with current = _ret'.final } ] s2) + | s2 = Borrow.borrow_mut {b} + (fun (_ret':borrowed UInt32.t) -> [ &_9 <- _ret' ] [ &b <- _ret'.final ] s3) + | s3 = Borrow.borrow_final {_9.current} {Borrow.get_id _9} + (fun (_ret':borrowed UInt32.t) -> [ &_8 <- _ret' ] [ &_9 <- { _9 with current = _ret'.final } ] s4) + | s4 = take_max'0 {_6} {_8} (fun (_ret':borrowed UInt32.t) -> [ &mc <- _ret' ] s5) | s5 = bb1 ] | bb1 = s0 [ s0 = -{resolve'0 _9}- s1 | s1 = -{resolve'0 _7}- s2 - | s2 = UInt32.add {mc.current} {k} (fun (_ret':uint32) -> [ &mc <- { mc with current = _ret' } ] s3) + | s2 = UInt32.add {mc.current} {k} (fun (_ret':UInt32.t) -> [ &mc <- { mc with current = _ret' } ] s3) | s3 = -{resolve'0 mc}- s4 - | s4 = UInt32.add {b} {k} (fun (_ret':uint32) -> [ &_14 <- _ret' ] s5) + | s4 = UInt32.add {b} {k} (fun (_ret':UInt32.t) -> [ &_14 <- _ret' ] s5) | s5 = UInt32.ge {a} {_14} (fun (_ret':bool) -> [ &_12 <- _ret' ] s6) | s6 = any [ br0 -> {_12 = false} (! bb3) | br1 -> {_12} (! bb2) ] ] | bb2 = bb6 | bb3 = s0 - [ s0 = UInt32.add {a} {k} (fun (_ret':uint32) -> [ &_19 <- _ret' ] s1) + [ s0 = UInt32.add {a} {k} (fun (_ret':UInt32.t) -> [ &_19 <- _ret' ] s1) | s1 = UInt32.ge {b} {_19} (fun (_ret':bool) -> [ &_17 <- _ret' ] s2) | s2 = any [ br0 -> {_17 = false} (! bb5) | br1 -> {_17} (! bb4) ] ] @@ -131,17 +272,17 @@ module M_inc_max_many__inc_max_many [#"inc_max_many.rs" 15 0 15 51] | bb5 = {[%#sinc_max_many0] false} any ] ) [ & _0 : () = any_l () - | & a : uint32 = a - | & b : uint32 = b - | & k : uint32 = k - | & mc : borrowed uint32 = any_l () - | & _6 : borrowed uint32 = any_l () - | & _7 : borrowed uint32 = any_l () - | & _8 : borrowed uint32 = any_l () - | & _9 : borrowed uint32 = any_l () + | & a : UInt32.t = a + | & b : UInt32.t = b + | & k : UInt32.t = k + | & mc : borrowed UInt32.t = any_l () + | & _6 : borrowed UInt32.t = any_l () + | & _7 : borrowed UInt32.t = any_l () + | & _8 : borrowed UInt32.t = any_l () + | & _9 : borrowed UInt32.t = any_l () | & _12 : bool = any_l () - | & _14 : uint32 = any_l () + | & _14 : UInt32.t = any_l () | & _17 : bool = any_l () - | & _19 : uint32 = any_l () ] + | & _19 : UInt32.t = any_l () ] [ return' (result:())-> (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/rusthorn/inc_max_repeat.coma b/creusot/tests/should_succeed/rusthorn/inc_max_repeat.coma index 0c054afd01..7c9e1c4fda 100644 --- a/creusot/tests/should_succeed/rusthorn/inc_max_repeat.coma +++ b/creusot/tests/should_succeed/rusthorn/inc_max_repeat.coma @@ -1,48 +1,118 @@ module M_inc_max_repeat__take_max [#"inc_max_repeat.rs" 6 0 6 64] let%span sinc_max_repeat0 = "inc_max_repeat.rs" 4 0 5 56 let%span sresolve1 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 + let%span sord2 = "../../../../creusot-contracts/src/logic/ord.rs" 78 39 78 89 + let%span sord3 = "../../../../creusot-contracts/src/logic/ord.rs" 83 39 83 86 + let%span sord4 = "../../../../creusot-contracts/src/logic/ord.rs" 88 39 88 86 + let%span sord5 = "../../../../creusot-contracts/src/logic/ord.rs" 93 39 93 89 + let%span sord6 = "../../../../creusot-contracts/src/logic/ord.rs" 98 39 98 70 + let%span sord7 = "../../../../creusot-contracts/src/logic/ord.rs" 103 40 103 57 + let%span sord8 = "../../../../creusot-contracts/src/logic/ord.rs" 104 40 104 57 + let%span sord9 = "../../../../creusot-contracts/src/logic/ord.rs" 105 39 105 56 + let%span sord10 = "../../../../creusot-contracts/src/logic/ord.rs" 110 40 110 70 + let%span sord11 = "../../../../creusot-contracts/src/logic/ord.rs" 111 39 111 72 + let%span sord12 = "../../../../creusot-contracts/src/logic/ord.rs" 116 40 116 73 + let%span sord13 = "../../../../creusot-contracts/src/logic/ord.rs" 117 39 117 69 + let%span sord14 = "../../../../creusot-contracts/src/logic/ord.rs" 122 39 122 84 + let%span sord15 = "../../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 use prelude.prelude.UInt32 use prelude.prelude.Borrow - predicate resolve'1 (self : borrowed uint32) = + use prelude.prelude.Int + + predicate resolve'1 (self : borrowed UInt32.t) = [%#sresolve1] self.final = self.current - predicate resolve'0 (_1 : borrowed uint32) = + predicate resolve'0 (_1 : borrowed UInt32.t) = resolve'1 _1 use prelude.prelude.Intrinsic - use prelude.prelude.Int + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 + + use prelude.prelude.UInt32 + + function cmp_log'0 (self : UInt32.t) (o : UInt32.t) : t_Ordering'0 = + [%#sord15] if UInt32.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + + function eq_cmp'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom eq_cmp'0_spec : forall x : UInt32.t, y : UInt32.t . [%#sord14] (x = y) = (cmp_log'0 x y = C_Equal'0) + + function antisym2'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom antisym2'0_spec : forall x : UInt32.t, y : UInt32.t . ([%#sord12] cmp_log'0 x y = C_Greater'0) + -> ([%#sord13] cmp_log'0 y x = C_Less'0) + + function antisym1'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom antisym1'0_spec : forall x : UInt32.t, y : UInt32.t . ([%#sord10] cmp_log'0 x y = C_Less'0) + -> ([%#sord11] cmp_log'0 y x = C_Greater'0) + + function trans'0 (x : UInt32.t) (y : UInt32.t) (z : UInt32.t) (o : t_Ordering'0) : () + + axiom trans'0_spec : forall x : UInt32.t, y : UInt32.t, z : UInt32.t, o : t_Ordering'0 . ([%#sord7] cmp_log'0 x y = o) + -> ([%#sord8] cmp_log'0 y z = o) -> ([%#sord9] cmp_log'0 x z = o) + + function refl'0 (x : UInt32.t) : () + + axiom refl'0_spec : forall x : UInt32.t . [%#sord6] cmp_log'0 x x = C_Equal'0 + + use prelude.prelude.UInt32 + + function cmp_gt_log'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom cmp_gt_log'0_spec : forall x : UInt32.t, y : UInt32.t . [%#sord5] UInt32.ugt x y = (cmp_log'0 x y = C_Greater'0) + + use prelude.prelude.UInt32 + + function cmp_ge_log'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom cmp_ge_log'0_spec : forall x : UInt32.t, y : UInt32.t . [%#sord4] UInt32.uge x y = (cmp_log'0 x y <> C_Less'0) + + function cmp_lt_log'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom cmp_lt_log'0_spec : forall x : UInt32.t, y : UInt32.t . [%#sord3] UInt32.ult x y = (cmp_log'0 x y = C_Less'0) + + use prelude.prelude.UInt32 + + function cmp_le_log'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom cmp_le_log'0_spec : forall x : UInt32.t, y : UInt32.t . [%#sord2] UInt32.ule x y + = (cmp_log'0 x y <> C_Greater'0) meta "compute_max_steps" 1000000 - let rec take_max'0 (ma:borrowed uint32) (mb:borrowed uint32) (return' (ret:borrowed uint32))= (! bb0 + let rec take_max'0 (ma:borrowed UInt32.t) (mb:borrowed UInt32.t) (return' (ret:borrowed UInt32.t))= (! bb0 [ bb0 = s0 [ s0 = UInt32.ge {ma.current} {mb.current} (fun (_ret':bool) -> [ &_6 <- _ret' ] s1) | s1 = any [ br0 -> {_6 = false} (! bb2) | br1 -> {_6} (! bb1) ] ] | bb1 = s0 [ s0 = -{resolve'0 mb}- s1 - | s1 = Borrow.borrow_final {ma.current} {Borrow.get_id ma} - (fun (_ret':borrowed uint32) -> [ &_9 <- _ret' ] [ &ma <- { ma with current = _ret'.final } ] s2) - | s2 = Borrow.borrow_final {_9.current} {Borrow.get_id _9} - (fun (_ret':borrowed uint32) -> [ &_5 <- _ret' ] [ &_9 <- { _9 with current = _ret'.final } ] s3) + | s1 = Borrow.borrow_final {ma.current} {Borrow.get_id ma} + (fun (_ret':borrowed UInt32.t) -> [ &_9 <- _ret' ] [ &ma <- { ma with current = _ret'.final } ] s2) + | s2 = Borrow.borrow_final {_9.current} {Borrow.get_id _9} + (fun (_ret':borrowed UInt32.t) -> [ &_5 <- _ret' ] [ &_9 <- { _9 with current = _ret'.final } ] s3) | s3 = -{resolve'0 _9}- s4 | s4 = bb3 ] | bb2 = s0 [ s0 = -{resolve'0 ma}- s1 - | s1 = Borrow.borrow_final {mb.current} {Borrow.get_id mb} - (fun (_ret':borrowed uint32) -> [ &_5 <- _ret' ] [ &mb <- { mb with current = _ret'.final } ] s2) + | s1 = Borrow.borrow_final {mb.current} {Borrow.get_id mb} + (fun (_ret':borrowed UInt32.t) -> [ &_5 <- _ret' ] [ &mb <- { mb with current = _ret'.final } ] s2) | s2 = bb3 ] | bb3 = s0 - [ s0 = Borrow.borrow_final {_5.current} {Borrow.get_id _5} - (fun (_ret':borrowed uint32) -> [ &_3 <- _ret' ] [ &_5 <- { _5 with current = _ret'.final } ] s1) - | s1 = Borrow.borrow_final {_3.current} {Borrow.get_id _3} - (fun (_ret':borrowed uint32) -> [ &_0 <- _ret' ] [ &_3 <- { _3 with current = _ret'.final } ] s2) + [ s0 = Borrow.borrow_final {_5.current} {Borrow.get_id _5} + (fun (_ret':borrowed UInt32.t) -> [ &_3 <- _ret' ] [ &_5 <- { _5 with current = _ret'.final } ] s1) + | s1 = Borrow.borrow_final {_3.current} {Borrow.get_id _3} + (fun (_ret':borrowed UInt32.t) -> [ &_0 <- _ret' ] [ &_3 <- { _3 with current = _ret'.final } ] s2) | s2 = -{resolve'0 _5}- s3 | s3 = -{resolve'0 _3}- s4 | s4 = -{resolve'0 mb}- s5 @@ -50,15 +120,15 @@ module M_inc_max_repeat__take_max [#"inc_max_repeat.rs" 6 0 6 64] | s6 = return' {_0} ] ] ) - [ & _0 : borrowed uint32 = any_l () - | & ma : borrowed uint32 = ma - | & mb : borrowed uint32 = mb - | & _3 : borrowed uint32 = any_l () - | & _5 : borrowed uint32 = any_l () + [ & _0 : borrowed UInt32.t = any_l () + | & ma : borrowed UInt32.t = ma + | & mb : borrowed UInt32.t = mb + | & _3 : borrowed UInt32.t = any_l () + | & _5 : borrowed UInt32.t = any_l () | & _6 : bool = any_l () - | & _9 : borrowed uint32 = any_l () ] + | & _9 : borrowed UInt32.t = any_l () ] - [ return' (result:borrowed uint32)-> {[@expl:take_max ensures] [%#sinc_max_repeat0] if ma.current >= mb.current then + [ return' (result:borrowed UInt32.t)-> {[@expl:take_max ensures] [%#sinc_max_repeat0] if UInt32.uge ma.current mb.current then mb.current = mb.final /\ result = ma else ma.current = ma.final /\ result = mb @@ -91,14 +161,30 @@ module M_inc_max_repeat__inc_max_repeat [#"inc_max_repeat.rs" 15 0 15 53] let%span srange21 = "../../../../creusot-contracts/src/std/iter/range.rs" 42 15 42 32 let%span srange22 = "../../../../creusot-contracts/src/std/iter/range.rs" 43 15 43 32 let%span srange23 = "../../../../creusot-contracts/src/std/iter/range.rs" 44 14 44 42 - let%span snum24 = "../../../../creusot-contracts/src/std/num.rs" 21 28 21 33 + let%span snum24 = "../../../../creusot-contracts/src/std/num.rs" 52 28 52 33 let%span srange25 = "../../../../creusot-contracts/src/std/iter/range.rs" 15 12 15 78 let%span sresolve26 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 + let%span sord27 = "../../../../creusot-contracts/src/logic/ord.rs" 78 39 78 89 + let%span sord28 = "../../../../creusot-contracts/src/logic/ord.rs" 83 39 83 86 + let%span sord29 = "../../../../creusot-contracts/src/logic/ord.rs" 88 39 88 86 + let%span sord30 = "../../../../creusot-contracts/src/logic/ord.rs" 93 39 93 89 + let%span sord31 = "../../../../creusot-contracts/src/logic/ord.rs" 98 39 98 70 + let%span sord32 = "../../../../creusot-contracts/src/logic/ord.rs" 103 40 103 57 + let%span sord33 = "../../../../creusot-contracts/src/logic/ord.rs" 104 40 104 57 + let%span sord34 = "../../../../creusot-contracts/src/logic/ord.rs" 105 39 105 56 + let%span sord35 = "../../../../creusot-contracts/src/logic/ord.rs" 110 40 110 70 + let%span sord36 = "../../../../creusot-contracts/src/logic/ord.rs" 111 39 111 72 + let%span sord37 = "../../../../creusot-contracts/src/logic/ord.rs" 116 40 116 73 + let%span sord38 = "../../../../creusot-contracts/src/logic/ord.rs" 117 39 117 69 + let%span sord39 = "../../../../creusot-contracts/src/logic/ord.rs" 122 39 122 84 + let%span sord40 = "../../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.UInt32 type t_Range'0 = - { t_Range__start'0: uint32; t_Range__end'0: uint32 } + { t_Range__start'0: UInt32.t; t_Range__end'0: UInt32.t } predicate inv'0 (_1 : t_Range'0) @@ -128,20 +214,18 @@ module M_inc_max_repeat__inc_max_repeat [#"inc_max_repeat.rs" 15 0 15 53] use seq.Seq - use prelude.prelude.Int - use prelude.prelude.Snapshot use prelude.prelude.Snapshot use seq.Seq - function deep_model'0 (self : uint32) : int = - [%#snum24] UInt32.to_int self + function deep_model'0 (self : UInt32.t) : int = + [%#snum24] UInt32.to_uint self use seq.Seq - predicate produces'0 (self : t_Range'0) (visited : Seq.seq uint32) (o : t_Range'0) = + predicate produces'0 (self : t_Range'0) (visited : Seq.seq UInt32.t) (o : t_Range'0) = [%#srange11] self.t_Range__end'0 = o.t_Range__end'0 /\ deep_model'0 self.t_Range__start'0 <= deep_model'0 o.t_Range__start'0 /\ (Seq.length visited > 0 -> deep_model'0 o.t_Range__start'0 <= deep_model'0 o.t_Range__end'0) @@ -149,10 +233,10 @@ module M_inc_max_repeat__inc_max_repeat [#"inc_max_repeat.rs" 15 0 15 53] /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> deep_model'0 (Seq.get visited i) = deep_model'0 self.t_Range__start'0 + i) - function produces_trans'0 (a : t_Range'0) (ab : Seq.seq uint32) (b : t_Range'0) (bc : Seq.seq uint32) (c : t_Range'0) : () + function produces_trans'0 (a : t_Range'0) (ab : Seq.seq UInt32.t) (b : t_Range'0) (bc : Seq.seq UInt32.t) (c : t_Range'0) : () - axiom produces_trans'0_spec : forall a : t_Range'0, ab : Seq.seq uint32, b : t_Range'0, bc : Seq.seq uint32, c : t_Range'0 . ([%#srange18] inv'0 a) + axiom produces_trans'0_spec : forall a : t_Range'0, ab : Seq.seq UInt32.t, b : t_Range'0, bc : Seq.seq UInt32.t, c : t_Range'0 . ([%#srange18] inv'0 a) -> ([%#srange19] inv'0 b) -> ([%#srange20] inv'0 c) -> ([%#srange21] produces'0 a ab b) @@ -161,11 +245,11 @@ module M_inc_max_repeat__inc_max_repeat [#"inc_max_repeat.rs" 15 0 15 53] function produces_refl'0 (self : t_Range'0) : () axiom produces_refl'0_spec : forall self : t_Range'0 . ([%#srange16] inv'0 self) - -> ([%#srange17] produces'0 self (Seq.empty : Seq.seq uint32) self) + -> ([%#srange17] produces'0 self (Seq.empty : Seq.seq UInt32.t) self) - predicate inv'1 (_1 : Seq.seq uint32) + predicate inv'1 (_1 : Seq.seq UInt32.t) - axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq uint32 [inv'1 x] . inv'1 x = true + axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq UInt32.t [inv'1 x] . inv'1 x = true use prelude.prelude.Borrow @@ -175,7 +259,7 @@ module M_inc_max_repeat__inc_max_repeat [#"inc_max_repeat.rs" 15 0 15 53] type t_Option'0 = | C_None'0 - | C_Some'0 uint32 + | C_Some'0 UInt32.t predicate inv'3 (_1 : t_Option'0) @@ -203,13 +287,70 @@ module M_inc_max_repeat__inc_max_repeat [#"inc_max_repeat.rs" 15 0 15 53] predicate resolve'0 (_1 : borrowed (t_Range'0)) = resolve'2 _1 - let rec v_Some'0 (input:t_Option'0) (ret (field_0:uint32))= any - [ good (field_0:uint32)-> {C_Some'0 field_0 = input} (! ret {field_0}) - | bad -> {forall field_0 : uint32 [C_Some'0 field_0 : t_Option'0] . C_Some'0 field_0 <> input} (! {false} any) ] + let rec v_Some'0 (input:t_Option'0) (ret (field_0:UInt32.t))= any + [ good (field_0:UInt32.t)-> {C_Some'0 field_0 = input} (! ret {field_0}) + | bad -> {forall field_0 : UInt32.t [C_Some'0 field_0 : t_Option'0] . C_Some'0 field_0 <> input} (! {false} any) ] - let rec take_max'0 (ma:borrowed uint32) (mb:borrowed uint32) (return' (ret:borrowed uint32))= any - [ return' (result:borrowed uint32)-> {[%#sinc_max_repeat13] if ma.current >= mb.current then + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 + + use prelude.prelude.UInt32 + + function cmp_log'0 (self : UInt32.t) (o : UInt32.t) : t_Ordering'0 = + [%#sord40] if UInt32.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + + function eq_cmp'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom eq_cmp'0_spec : forall x : UInt32.t, y : UInt32.t . [%#sord39] (x = y) = (cmp_log'0 x y = C_Equal'0) + + function antisym2'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom antisym2'0_spec : forall x : UInt32.t, y : UInt32.t . ([%#sord37] cmp_log'0 x y = C_Greater'0) + -> ([%#sord38] cmp_log'0 y x = C_Less'0) + + function antisym1'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom antisym1'0_spec : forall x : UInt32.t, y : UInt32.t . ([%#sord35] cmp_log'0 x y = C_Less'0) + -> ([%#sord36] cmp_log'0 y x = C_Greater'0) + + function trans'0 (x : UInt32.t) (y : UInt32.t) (z : UInt32.t) (o : t_Ordering'0) : () + + axiom trans'0_spec : forall x : UInt32.t, y : UInt32.t, z : UInt32.t, o : t_Ordering'0 . ([%#sord32] cmp_log'0 x y + = o) -> ([%#sord33] cmp_log'0 y z = o) -> ([%#sord34] cmp_log'0 x z = o) + + function refl'0 (x : UInt32.t) : () + + axiom refl'0_spec : forall x : UInt32.t . [%#sord31] cmp_log'0 x x = C_Equal'0 + + use prelude.prelude.UInt32 + + function cmp_gt_log'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom cmp_gt_log'0_spec : forall x : UInt32.t, y : UInt32.t . [%#sord30] UInt32.ugt x y + = (cmp_log'0 x y = C_Greater'0) + + use prelude.prelude.UInt32 + + function cmp_ge_log'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom cmp_ge_log'0_spec : forall x : UInt32.t, y : UInt32.t . [%#sord29] UInt32.uge x y = (cmp_log'0 x y <> C_Less'0) + + function cmp_lt_log'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom cmp_lt_log'0_spec : forall x : UInt32.t, y : UInt32.t . [%#sord28] UInt32.ult x y = (cmp_log'0 x y = C_Less'0) + + use prelude.prelude.UInt32 + + function cmp_le_log'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom cmp_le_log'0_spec : forall x : UInt32.t, y : UInt32.t . [%#sord27] UInt32.ule x y + = (cmp_log'0 x y <> C_Greater'0) + + let rec take_max'0 (ma:borrowed UInt32.t) (mb:borrowed UInt32.t) (return' (ret:borrowed UInt32.t))= any + [ return' (result:borrowed UInt32.t)-> {[%#sinc_max_repeat13] if UInt32.uge ma.current mb.current then mb.current = mb.final /\ result = ma else ma.current = ma.final /\ result = mb @@ -217,10 +358,10 @@ module M_inc_max_repeat__inc_max_repeat [#"inc_max_repeat.rs" 15 0 15 53] (! return' {result}) ] - predicate resolve'3 (self : borrowed uint32) = + predicate resolve'3 (self : borrowed UInt32.t) = [%#sresolve26] self.final = self.current - predicate resolve'1 (_1 : borrowed uint32) = + predicate resolve'1 (_1 : borrowed UInt32.t) = resolve'3 _1 use prelude.prelude.Intrinsic @@ -231,28 +372,29 @@ module M_inc_max_repeat__inc_max_repeat [#"inc_max_repeat.rs" 15 0 15 53] meta "compute_max_steps" 1000000 - let rec inc_max_repeat'0 (a:uint32) (b:uint32) (n:uint32) (return' (ret:()))= {[@expl:inc_max_repeat requires] [%#sinc_max_repeat9] a - <= (1000000 : uint32) - /\ b <= (1000000 : uint32) /\ n <= (1000000 : uint32)} + let rec inc_max_repeat'0 (a:UInt32.t) (b:UInt32.t) (n:UInt32.t) (return' (ret:()))= {[@expl:inc_max_repeat requires] [%#sinc_max_repeat9] UInt32.ule a (1000000 : UInt32.t) + /\ UInt32.ule b (1000000 : UInt32.t) /\ UInt32.ule n (1000000 : UInt32.t)} (! bb0 [ bb0 = s0 - [ s0 = [ &_7 <- { t_Range__start'0 = ([%#sinc_max_repeat0] (0 : uint32)); t_Range__end'0 = n } ] s1 + [ s0 = [ &_7 <- { t_Range__start'0 = ([%#sinc_max_repeat0] (0 : UInt32.t)); t_Range__end'0 = n } ] s1 | s1 = into_iter'0 {_7} (fun (_ret':t_Range'0) -> [ &iter <- _ret' ] s2) | s2 = bb1 ] | bb1 = s0 [ s0 = [ &iter_old <- [%#sinc_max_repeat1] Snapshot.new iter ] s1 | s1 = bb2 ] - | bb2 = s0 [ s0 = [ &produced <- [%#sinc_max_repeat2] Snapshot.new (Seq.empty : Seq.seq uint32) ] s1 | s1 = bb3 ] + | bb2 = s0 + [ s0 = [ &produced <- [%#sinc_max_repeat2] Snapshot.new (Seq.empty : Seq.seq UInt32.t) ] s1 | s1 = bb3 ] + | bb3 = bb4 | bb4 = bb4 [ bb4 = {[@expl:for invariant] [%#sinc_max_repeat5] inv'1 (Snapshot.inner produced)} {[@expl:for invariant] [%#sinc_max_repeat5] inv'0 iter} {[@expl:for invariant] [%#sinc_max_repeat5] produces'0 (Snapshot.inner iter_old) (Snapshot.inner produced) iter} - {[@expl:loop invariant #0] [%#sinc_max_repeat4] UInt32.to_int a + {[@expl:loop invariant #0] [%#sinc_max_repeat4] UInt32.to_uint a <= 1000000 + Seq.length (Snapshot.inner produced) - /\ UInt32.to_int b <= 1000000 + Seq.length (Snapshot.inner produced)} - {[@expl:loop invariant #1] [%#sinc_max_repeat3] UInt32.to_int a - >= UInt32.to_int b + Seq.length (Snapshot.inner produced) - \/ UInt32.to_int b >= UInt32.to_int a + Seq.length (Snapshot.inner produced)} + /\ UInt32.to_uint b <= 1000000 + Seq.length (Snapshot.inner produced)} + {[@expl:loop invariant #1] [%#sinc_max_repeat3] UInt32.to_uint a + >= UInt32.to_uint b + Seq.length (Snapshot.inner produced) + \/ UInt32.to_uint b >= UInt32.to_uint a + Seq.length (Snapshot.inner produced)} (! s0) [ s0 = bb5 ] [ bb5 = s0 [ s0 = Borrow.borrow_mut {iter} @@ -267,11 +409,11 @@ module M_inc_max_repeat__inc_max_repeat [#"inc_max_repeat.rs" 15 0 15 53] | bb6 = s0 [ s0 = -{resolve'0 _21}- s1 - | s1 = any [ br0 -> {_19 = C_None'0 } (! bb9) | br1 (x0:uint32)-> {_19 = C_Some'0 x0} (! bb8) ] ] + | s1 = any [ br0 -> {_19 = C_None'0 } (! bb9) | br1 (x0:UInt32.t)-> {_19 = C_Some'0 x0} (! bb8) ] ] | bb8 = bb10 | bb10 = s0 - [ s0 = v_Some'0 {_19} (fun (r0'0:uint32) -> [ &__creusot_proc_iter_elem <- r0'0 ] s1) + [ s0 = v_Some'0 {_19} (fun (r0'0:UInt32.t) -> [ &__creusot_proc_iter_elem <- r0'0 ] s1) | s1 = [ &_24 <- [%#sinc_max_repeat6] Snapshot.new (Seq.(++) (Snapshot.inner produced) (Seq.singleton __creusot_proc_iter_elem)) ] @@ -280,35 +422,35 @@ module M_inc_max_repeat__inc_max_repeat [#"inc_max_repeat.rs" 15 0 15 53] | bb11 = s0 [ s0 = [ &produced <- _24 ] s1 - | s1 = Borrow.borrow_mut {a} - (fun (_ret':borrowed uint32) -> [ &_28 <- _ret' ] [ &a <- _ret'.final ] s2) - | s2 = Borrow.borrow_final {_28.current} {Borrow.get_id _28} - (fun (_ret':borrowed uint32) -> [ &_27 <- _ret' ] [ &_28 <- { _28 with current = _ret'.final } ] s3) - | s3 = Borrow.borrow_mut {b} - (fun (_ret':borrowed uint32) -> [ &_30 <- _ret' ] [ &b <- _ret'.final ] s4) - | s4 = Borrow.borrow_final {_30.current} {Borrow.get_id _30} - (fun (_ret':borrowed uint32) -> [ &_29 <- _ret' ] [ &_30 <- { _30 with current = _ret'.final } ] s5) - | s5 = take_max'0 {_27} {_29} (fun (_ret':borrowed uint32) -> [ &mc <- _ret' ] s6) + | s1 = Borrow.borrow_mut {a} + (fun (_ret':borrowed UInt32.t) -> [ &_28 <- _ret' ] [ &a <- _ret'.final ] s2) + | s2 = Borrow.borrow_final {_28.current} {Borrow.get_id _28} + (fun (_ret':borrowed UInt32.t) -> [ &_27 <- _ret' ] [ &_28 <- { _28 with current = _ret'.final } ] s3) + | s3 = Borrow.borrow_mut {b} + (fun (_ret':borrowed UInt32.t) -> [ &_30 <- _ret' ] [ &b <- _ret'.final ] s4) + | s4 = Borrow.borrow_final {_30.current} {Borrow.get_id _30} + (fun (_ret':borrowed UInt32.t) -> [ &_29 <- _ret' ] [ &_30 <- { _30 with current = _ret'.final } ] s5) + | s5 = take_max'0 {_27} {_29} (fun (_ret':borrowed UInt32.t) -> [ &mc <- _ret' ] s6) | s6 = bb12 ] | bb12 = s0 [ s0 = -{resolve'1 _30}- s1 | s1 = -{resolve'1 _28}- s2 - | s2 = UInt32.add {mc.current} {[%#sinc_max_repeat7] (1 : uint32)} - (fun (_ret':uint32) -> [ &mc <- { mc with current = _ret' } ] s3) + | s2 = UInt32.add {mc.current} {[%#sinc_max_repeat7] (1 : UInt32.t)} + (fun (_ret':UInt32.t) -> [ &mc <- { mc with current = _ret' } ] s3) | s3 = -{resolve'1 mc}- s4 | s4 = bb4 ] ] ] | bb9 = s0 - [ s0 = UInt32.add {b} {n} (fun (_ret':uint32) -> [ &_35 <- _ret' ] s1) + [ s0 = UInt32.add {b} {n} (fun (_ret':UInt32.t) -> [ &_35 <- _ret' ] s1) | s1 = UInt32.ge {a} {_35} (fun (_ret':bool) -> [ &_33 <- _ret' ] s2) | s2 = any [ br0 -> {_33 = false} (! bb14) | br1 -> {_33} (! bb13) ] ] | bb13 = bb17 | bb14 = s0 - [ s0 = UInt32.add {a} {n} (fun (_ret':uint32) -> [ &_40 <- _ret' ] s1) + [ s0 = UInt32.add {a} {n} (fun (_ret':UInt32.t) -> [ &_40 <- _ret' ] s1) | s1 = UInt32.ge {b} {_40} (fun (_ret':bool) -> [ &_38 <- _ret' ] s2) | s2 = any [ br0 -> {_38 = false} (! bb16) | br1 -> {_38} (! bb15) ] ] @@ -317,26 +459,26 @@ module M_inc_max_repeat__inc_max_repeat [#"inc_max_repeat.rs" 15 0 15 53] | bb16 = {[%#sinc_max_repeat8] false} any ] ) [ & _0 : () = any_l () - | & a : uint32 = a - | & b : uint32 = b - | & n : uint32 = n + | & a : UInt32.t = a + | & b : UInt32.t = b + | & n : UInt32.t = n | & iter : t_Range'0 = any_l () | & _7 : t_Range'0 = any_l () | & iter_old : Snapshot.snap_ty (t_Range'0) = any_l () - | & produced : Snapshot.snap_ty (Seq.seq uint32) = any_l () + | & produced : Snapshot.snap_ty (Seq.seq UInt32.t) = any_l () | & _19 : t_Option'0 = any_l () | & _20 : borrowed (t_Range'0) = any_l () | & _21 : borrowed (t_Range'0) = any_l () - | & __creusot_proc_iter_elem : uint32 = any_l () - | & _24 : Snapshot.snap_ty (Seq.seq uint32) = any_l () - | & mc : borrowed uint32 = any_l () - | & _27 : borrowed uint32 = any_l () - | & _28 : borrowed uint32 = any_l () - | & _29 : borrowed uint32 = any_l () - | & _30 : borrowed uint32 = any_l () + | & __creusot_proc_iter_elem : UInt32.t = any_l () + | & _24 : Snapshot.snap_ty (Seq.seq UInt32.t) = any_l () + | & mc : borrowed UInt32.t = any_l () + | & _27 : borrowed UInt32.t = any_l () + | & _28 : borrowed UInt32.t = any_l () + | & _29 : borrowed UInt32.t = any_l () + | & _30 : borrowed UInt32.t = any_l () | & _33 : bool = any_l () - | & _35 : uint32 = any_l () + | & _35 : UInt32.t = any_l () | & _38 : bool = any_l () - | & _40 : uint32 = any_l () ] + | & _40 : UInt32.t = any_l () ] [ return' (result:())-> (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/rusthorn/inc_some_2_list.coma b/creusot/tests/should_succeed/rusthorn/inc_some_2_list.coma index 9d69c50ce5..79ec3bc2d9 100644 --- a/creusot/tests/should_succeed/rusthorn/inc_some_2_list.coma +++ b/creusot/tests/should_succeed/rusthorn/inc_some_2_list.coma @@ -4,19 +4,19 @@ module M_inc_some_2_list__qyi7504674480942992291__lemma_sum_nonneg [#"inc_some_2 let%span sinc_some_2_list2 = "inc_some_2_list.rs" 35 8 38 9 let%span sinc_some_2_list3 = "inc_some_2_list.rs" 23 12 26 13 + use prelude.prelude.Int + use prelude.prelude.UInt32 type t_List'0 = - | C_Cons'0 uint32 (t_List'0) + | C_Cons'0 UInt32.t (t_List'0) | C_Nil'0 - use prelude.prelude.Int - use prelude.prelude.UInt32 function sum'0 [#"inc_some_2_list.rs" 21 4 21 23] (self : t_List'0) : int = [%#sinc_some_2_list3] match self with - | C_Cons'0 a l -> UInt32.to_int a + sum'0 l + | C_Cons'0 a l -> UInt32.to_uint a + sum'0 l | C_Nil'0 -> 0 end @@ -37,15 +37,17 @@ module M_inc_some_2_list__qyi7504674480942992291__sum_x [#"inc_some_2_list.rs" 4 let%span sinc_some_2_list2 = "inc_some_2_list.rs" 42 14 42 35 let%span sinc_some_2_list3 = "inc_some_2_list.rs" 23 12 26 13 + use prelude.prelude.Int + use prelude.prelude.UInt32 type t_List'0 = - | C_Cons'0 uint32 (t_List'0) + | C_Cons'0 UInt32.t (t_List'0) | C_Nil'0 - let rec v_Cons'0 (input:t_List'0) (ret (field_0:uint32) (field_1:t_List'0))= any - [ good (field_0:uint32) (field_1:t_List'0)-> {C_Cons'0 field_0 field_1 = input} (! ret {field_0} {field_1}) - | bad -> {forall field_0 : uint32, field_1 : t_List'0 [C_Cons'0 field_0 field_1 : t_List'0] . C_Cons'0 field_0 field_1 + let rec v_Cons'0 (input:t_List'0) (ret (field_0:UInt32.t) (field_1:t_List'0))= any + [ good (field_0:UInt32.t) (field_1:t_List'0)-> {C_Cons'0 field_0 field_1 = input} (! ret {field_0} {field_1}) + | bad -> {forall field_0 : UInt32.t, field_1 : t_List'0 [C_Cons'0 field_0 field_1 : t_List'0] . C_Cons'0 field_0 field_1 <> input} (! {false} any) ] @@ -55,40 +57,40 @@ module M_inc_some_2_list__qyi7504674480942992291__sum_x [#"inc_some_2_list.rs" 4 use prelude.prelude.Borrow - use prelude.prelude.Int - use prelude.prelude.UInt32 function sum'0 [#"inc_some_2_list.rs" 21 4 21 23] (self : t_List'0) : int = [%#sinc_some_2_list3] match self with - | C_Cons'0 a l -> UInt32.to_int a + sum'0 l + | C_Cons'0 a l -> UInt32.to_uint a + sum'0 l | C_Nil'0 -> 0 end meta "compute_max_steps" 1000000 - let rec sum_x'0 (self:t_List'0) (return' (ret:uint32))= {[@expl:sum_x requires] [%#sinc_some_2_list1] sum'0 self + let rec sum_x'0 (self:t_List'0) (return' (ret:UInt32.t))= {[@expl:sum_x requires] [%#sinc_some_2_list1] sum'0 self <= 1000000} (! bb0 - [ bb0 = any [ br0 (x0:uint32) (x1:t_List'0)-> {self = C_Cons'0 x0 x1} (! bb2) | br1 -> {self = C_Nil'0 } (! bb3) ] - | bb3 = s0 [ s0 = [ &_0 <- [%#sinc_some_2_list0] (0 : uint32) ] s1 | s1 = bb6 ] + [ bb0 = any + [ br0 (x0:UInt32.t) (x1:t_List'0)-> {self = C_Cons'0 x0 x1} (! bb2) | br1 -> {self = C_Nil'0 } (! bb3) ] + + | bb3 = s0 [ s0 = [ &_0 <- [%#sinc_some_2_list0] (0 : UInt32.t) ] s1 | s1 = bb6 ] | bb2 = bb4 | bb4 = s0 - [ s0 = v_Cons'0 {self} (fun (r0'0:uint32) (r1'0:t_List'0) -> [ &a <- r0'0 ] s1) - | s1 = v_Cons'0 {self} (fun (r0'1:uint32) (r1'1:t_List'0) -> [ &l <- r1'1 ] s2) - | s2 = sum_x'0 {l} (fun (_ret':uint32) -> [ &_8 <- _ret' ] s3) + [ s0 = v_Cons'0 {self} (fun (r0'0:UInt32.t) (r1'0:t_List'0) -> [ &a <- r0'0 ] s1) + | s1 = v_Cons'0 {self} (fun (r0'1:UInt32.t) (r1'1:t_List'0) -> [ &l <- r1'1 ] s2) + | s2 = sum_x'0 {l} (fun (_ret':UInt32.t) -> [ &_8 <- _ret' ] s3) | s3 = bb5 ] - | bb5 = s0 [ s0 = UInt32.add {a} {_8} (fun (_ret':uint32) -> [ &_0 <- _ret' ] s1) | s1 = bb6 ] + | bb5 = s0 [ s0 = UInt32.add {a} {_8} (fun (_ret':UInt32.t) -> [ &_0 <- _ret' ] s1) | s1 = bb6 ] | bb6 = return' {_0} ] ) - [ & _0 : uint32 = any_l () + [ & _0 : UInt32.t = any_l () | & self : t_List'0 = self - | & a : uint32 = any_l () + | & a : UInt32.t = any_l () | & l : t_List'0 = any_l () - | & _8 : uint32 = any_l () ] + | & _8 : UInt32.t = any_l () ] - [ return' (result:uint32)-> {[@expl:sum_x ensures] [%#sinc_some_2_list2] UInt32.to_int result = sum'0 self} + [ return' (result:UInt32.t)-> {[@expl:sum_x ensures] [%#sinc_some_2_list2] UInt32.to_uint result = sum'0 self} (! return' {result}) ] end @@ -105,10 +107,12 @@ module M_inc_some_2_list__qyi7504674480942992291__take_some_rest [#"inc_some_2_l let%span smodel9 = "../../../../creusot-contracts/src/model.rs" 106 8 106 22 let%span sresolve10 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 + use prelude.prelude.Int + use prelude.prelude.UInt32 type t_List'0 = - | C_Cons'0 uint32 (t_List'0) + | C_Cons'0 UInt32.t (t_List'0) | C_Nil'0 use prelude.prelude.Borrow @@ -119,21 +123,19 @@ module M_inc_some_2_list__qyi7504674480942992291__take_some_rest [#"inc_some_2_l predicate resolve'0 (_1 : borrowed (t_List'0)) = resolve'3 _1 - let rec v_Cons'0 (input:t_List'0) (ret (field_0:uint32) (field_1:t_List'0))= any - [ good (field_0:uint32) (field_1:t_List'0)-> {C_Cons'0 field_0 field_1 = input} (! ret {field_0} {field_1}) - | bad -> {forall field_0 : uint32, field_1 : t_List'0 [C_Cons'0 field_0 field_1 : t_List'0] . C_Cons'0 field_0 field_1 + let rec v_Cons'0 (input:t_List'0) (ret (field_0:UInt32.t) (field_1:t_List'0))= any + [ good (field_0:UInt32.t) (field_1:t_List'0)-> {C_Cons'0 field_0 field_1 = input} (! ret {field_0} {field_1}) + | bad -> {forall field_0 : UInt32.t, field_1 : t_List'0 [C_Cons'0 field_0 field_1 : t_List'0] . C_Cons'0 field_0 field_1 <> input} (! {false} any) ] - use prelude.prelude.Int - use prelude.prelude.UInt32 function sum'0 [#"inc_some_2_list.rs" 21 4 21 23] (self : t_List'0) : int = [%#sinc_some_2_list8] match self with - | C_Cons'0 a l -> UInt32.to_int a + sum'0 l + | C_Cons'0 a l -> UInt32.to_uint a + sum'0 l | C_Nil'0 -> 0 end @@ -151,10 +153,10 @@ module M_inc_some_2_list__qyi7504674480942992291__take_some_rest [#"inc_some_2_l let rec random'0 (_1:()) (return' (ret:bool))= any [ return' (result:bool)-> (! return' {result}) ] - predicate resolve'4 (self : borrowed uint32) = + predicate resolve'4 (self : borrowed UInt32.t) = [%#sresolve10] self.final = self.current - predicate resolve'1 (_1 : borrowed uint32) = + predicate resolve'1 (_1 : borrowed UInt32.t) = resolve'4 _1 predicate resolve'5 (self : borrowed (t_List'0)) = @@ -167,14 +169,14 @@ module M_inc_some_2_list__qyi7504674480942992291__take_some_rest [#"inc_some_2_l use prelude.prelude.Snapshot - function view'0 (self : borrowed uint32) : int = - [%#smodel9] UInt32.to_int self.current + function view'0 (self : borrowed UInt32.t) : int = + [%#smodel9] UInt32.to_uint self.current meta "compute_max_steps" 1000000 - let rec take_some_rest'0 (self:borrowed (t_List'0)) (return' (ret:(borrowed uint32, borrowed (t_List'0))))= (! bb0 + let rec take_some_rest'0 (self:borrowed (t_List'0)) (return' (ret:(borrowed UInt32.t, borrowed (t_List'0))))= (! bb0 [ bb0 = any - [ br0 (x0:uint32) (x1:t_List'0)-> {self.current = C_Cons'0 x0 x1} (! bb2) + [ br0 (x0:UInt32.t) (x1:t_List'0)-> {self.current = C_Cons'0 x0 x1} (! bb2) | br1 -> {self.current = C_Nil'0 } (! bb3) ] | bb3 = s0 [ s0 = -{resolve'0 self}- s1 | s1 = bb11 ] @@ -182,14 +184,14 @@ module M_inc_some_2_list__qyi7504674480942992291__take_some_rest [#"inc_some_2_l | bb2 = bb4 | bb4 = s0 [ s0 = v_Cons'0 {self.current} - (fun (r0'0:uint32) (r1'0:t_List'0) -> - Borrow.borrow_final {r0'0} {Borrow.inherit_id (Borrow.get_id self) 1} - (fun (_ret':borrowed uint32) -> + (fun (r0'0:UInt32.t) (r1'0:t_List'0) -> + Borrow.borrow_final {r0'0} {Borrow.inherit_id (Borrow.get_id self) 1} + (fun (_ret':borrowed UInt32.t) -> [ &ma <- _ret' ] [ &self <- { self with current = C_Cons'0 _ret'.final r1'0 } ] s1)) | s1 = v_Cons'0 {self.current} - (fun (r0'1:uint32) (r1'1:t_List'0) -> + (fun (r0'1:UInt32.t) (r1'1:t_List'0) -> Borrow.borrow_final {r1'1} {Borrow.inherit_id (Borrow.get_id self) 2} (fun (_ret':borrowed (t_List'0)) -> [ &ml <- _ret' ] @@ -201,8 +203,8 @@ module M_inc_some_2_list__qyi7504674480942992291__take_some_rest [#"inc_some_2_l | bb5 = s0 [ s0 = random'0 {[%#sinc_some_2_list1] ()} (fun (_ret':bool) -> [ &_10 <- _ret' ] s1) | s1 = bb6 ] | bb6 = any [ br0 -> {_10 = false} (! bb8) | br1 -> {_10} (! bb7) ] | bb7 = s0 - [ s0 = Borrow.borrow_final {ma.current} {Borrow.get_id ma} - (fun (_ret':borrowed uint32) -> [ &_11 <- _ret' ] [ &ma <- { ma with current = _ret'.final } ] s1) + [ s0 = Borrow.borrow_final {ma.current} {Borrow.get_id ma} + (fun (_ret':borrowed UInt32.t) -> [ &_11 <- _ret' ] [ &ma <- { ma with current = _ret'.final } ] s1) | s1 = Borrow.borrow_final {ml.current} {Borrow.get_id ml} (fun (_ret':borrowed (t_List'0)) -> [ &_12 <- _ret' ] [ &ml <- { ml with current = _ret'.final } ] s2) | s2 = [ &_0 <- (_11, _12) ] s3 @@ -212,7 +214,7 @@ module M_inc_some_2_list__qyi7504674480942992291__take_some_rest [#"inc_some_2_l [ s0 = -{resolve'1 ma}- s1 | s1 = Borrow.borrow_final {ml.current} {Borrow.get_id ml} (fun (_ret':borrowed (t_List'0)) -> [ &_13 <- _ret' ] [ &ml <- { ml with current = _ret'.final } ] s2) - | s2 = take_some_rest'0 {_13} (fun (_ret':(borrowed uint32, borrowed (t_List'0))) -> [ &_0 <- _ret' ] s3) + | s2 = take_some_rest'0 {_13} (fun (_ret':(borrowed UInt32.t, borrowed (t_List'0))) -> [ &_0 <- _ret' ] s3) | s3 = bb9 ] | bb9 = bb10 @@ -220,19 +222,19 @@ module M_inc_some_2_list__qyi7504674480942992291__take_some_rest [#"inc_some_2_l [ s0 = -{resolve'2 ml}- s1 | s1 = -{resolve'1 ma}- s2 | s2 = -{resolve'0 self}- s3 | s3 = return' {_0} ] ] ) - [ & _0 : (borrowed uint32, borrowed (t_List'0)) = any_l () + [ & _0 : (borrowed UInt32.t, borrowed (t_List'0)) = any_l () | & self : borrowed (t_List'0) = self - | & ma : borrowed uint32 = any_l () + | & ma : borrowed UInt32.t = any_l () | & ml : borrowed (t_List'0) = any_l () | & _8 : Snapshot.snap_ty () = any_l () | & _10 : bool = any_l () - | & _11 : borrowed uint32 = any_l () + | & _11 : borrowed UInt32.t = any_l () | & _12 : borrowed (t_List'0) = any_l () | & _13 : borrowed (t_List'0) = any_l () ] - [ return' (result:(borrowed uint32, borrowed (t_List'0)))-> {[@expl:take_some_rest ensures #0] [%#sinc_some_2_list2] sum'0 self.final + [ return' (result:(borrowed UInt32.t, borrowed (t_List'0)))-> {[@expl:take_some_rest ensures #0] [%#sinc_some_2_list2] sum'0 self.final - sum'0 self.current - = UInt32.to_int (let (a, _) = result in a).final + sum'0 (let (_, a) = result in a).final + = UInt32.to_uint (let (a, _) = result in a).final + sum'0 (let (_, a) = result in a).final - view'0 (let (a, _) = result in a) - sum'0 (let (_, a) = result in a).current} {[@expl:take_some_rest ensures #1] [%#sinc_some_2_list3] view'0 (let (a, _) = result in a) <= sum'0 self.current} @@ -253,35 +255,35 @@ module M_inc_some_2_list__inc_some_2_list [#"inc_some_2_list.rs" 70 0 70 51] let%span smodel8 = "../../../../creusot-contracts/src/model.rs" 106 8 106 22 let%span sresolve9 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 + use prelude.prelude.Int + use prelude.prelude.UInt32 type t_List'0 = - | C_Cons'0 uint32 (t_List'0) + | C_Cons'0 UInt32.t (t_List'0) | C_Nil'0 - use prelude.prelude.Int - use prelude.prelude.UInt32 function sum'0 [#"inc_some_2_list.rs" 21 4 21 23] (self : t_List'0) : int = [%#sinc_some_2_list7] match self with - | C_Cons'0 a l -> UInt32.to_int a + sum'0 l + | C_Cons'0 a l -> UInt32.to_uint a + sum'0 l | C_Nil'0 -> 0 end use prelude.prelude.Borrow - let rec sum_x'0 (self:t_List'0) (return' (ret:uint32))= {[@expl:sum_x requires] [%#sinc_some_2_list2] sum'0 self + let rec sum_x'0 (self:t_List'0) (return' (ret:UInt32.t))= {[@expl:sum_x requires] [%#sinc_some_2_list2] sum'0 self <= 1000000} - any [ return' (result:uint32)-> {[%#sinc_some_2_list3] UInt32.to_int result = sum'0 self} (! return' {result}) ] + any [ return' (result:UInt32.t)-> {[%#sinc_some_2_list3] UInt32.to_uint result = sum'0 self} (! return' {result}) ] - function view'0 (self : borrowed uint32) : int = - [%#smodel8] UInt32.to_int self.current + function view'0 (self : borrowed UInt32.t) : int = + [%#smodel8] UInt32.to_uint self.current - let rec take_some_rest'0 (self:borrowed (t_List'0)) (return' (ret:(borrowed uint32, borrowed (t_List'0))))= any - [ return' (result:(borrowed uint32, borrowed (t_List'0)))-> {[%#sinc_some_2_list4] sum'0 self.final + let rec take_some_rest'0 (self:borrowed (t_List'0)) (return' (ret:(borrowed UInt32.t, borrowed (t_List'0))))= any + [ return' (result:(borrowed UInt32.t, borrowed (t_List'0)))-> {[%#sinc_some_2_list4] sum'0 self.final - sum'0 self.current - = UInt32.to_int (let (a, _) = result in a).final + sum'0 (let (_, a) = result in a).final + = UInt32.to_uint (let (a, _) = result in a).final + sum'0 (let (_, a) = result in a).final - view'0 (let (a, _) = result in a) - sum'0 (let (_, a) = result in a).current} {[%#sinc_some_2_list5] view'0 (let (a, _) = result in a) <= sum'0 self.current} @@ -295,27 +297,27 @@ module M_inc_some_2_list__inc_some_2_list [#"inc_some_2_list.rs" 70 0 70 51] predicate resolve'0 (_1 : borrowed (t_List'0)) = resolve'2 _1 - predicate resolve'3 (self : borrowed uint32) = + predicate resolve'3 (self : borrowed UInt32.t) = [%#sresolve9] self.final = self.current - predicate resolve'1 (_1 : borrowed uint32) = + predicate resolve'1 (_1 : borrowed UInt32.t) = resolve'3 _1 use prelude.prelude.Intrinsic meta "compute_max_steps" 1000000 - let rec inc_some_2_list'0 (l:t_List'0) (j:uint32) (k:uint32) (return' (ret:()))= {[@expl:inc_some_2_list requires] [%#sinc_some_2_list1] sum'0 l - + UInt32.to_int j - + UInt32.to_int k + let rec inc_some_2_list'0 (l:t_List'0) (j:UInt32.t) (k:UInt32.t) (return' (ret:()))= {[@expl:inc_some_2_list requires] [%#sinc_some_2_list1] sum'0 l + + UInt32.to_uint j + + UInt32.to_uint k <= 1000000} (! bb0 [ bb0 = bb1 - | bb1 = s0 [ s0 = sum_x'0 {l} (fun (_ret':uint32) -> [ &sum0 <- _ret' ] s1) | s1 = bb2 ] + | bb1 = s0 [ s0 = sum_x'0 {l} (fun (_ret':UInt32.t) -> [ &sum0 <- _ret' ] s1) | s1 = bb2 ] | bb2 = s0 [ s0 = Borrow.borrow_mut {l} (fun (_ret':borrowed (t_List'0)) -> [ &_10 <- _ret' ] [ &l <- _ret'.final ] s1) - | s1 = take_some_rest'0 {_10} (fun (_ret':(borrowed uint32, borrowed (t_List'0))) -> [ &_9 <- _ret' ] s2) + | s1 = take_some_rest'0 {_10} (fun (_ret':(borrowed UInt32.t, borrowed (t_List'0))) -> [ &_9 <- _ret' ] s2) | s2 = bb3 ] | bb3 = s0 @@ -323,7 +325,7 @@ module M_inc_some_2_list__inc_some_2_list [#"inc_some_2_list.rs" 70 0 70 51] | s1 = [ &ml <- let (_, r'1) = _9 in r'1 ] s2 | s2 = Borrow.borrow_final {ml.current} {Borrow.get_id ml} (fun (_ret':borrowed (t_List'0)) -> [ &_13 <- _ret' ] [ &ml <- { ml with current = _ret'.final } ] s3) - | s3 = take_some_rest'0 {_13} (fun (_ret':(borrowed uint32, borrowed (t_List'0))) -> [ &_12 <- _ret' ] s4) + | s3 = take_some_rest'0 {_13} (fun (_ret':(borrowed UInt32.t, borrowed (t_List'0))) -> [ &_12 <- _ret' ] s4) | s4 = bb4 ] | bb4 = s0 @@ -333,17 +335,17 @@ module M_inc_some_2_list__inc_some_2_list [#"inc_some_2_list.rs" 70 0 70 51] end}- s1 | s1 = [ &mb <- let (r'0, _) = _12 in r'0 ] s2 - | s2 = UInt32.add {ma.current} {j} (fun (_ret':uint32) -> [ &ma <- { ma with current = _ret' } ] s3) + | s2 = UInt32.add {ma.current} {j} (fun (_ret':UInt32.t) -> [ &ma <- { ma with current = _ret' } ] s3) | s3 = -{resolve'1 ma}- s4 - | s4 = UInt32.add {mb.current} {k} (fun (_ret':uint32) -> [ &mb <- { mb with current = _ret' } ] s5) + | s4 = UInt32.add {mb.current} {k} (fun (_ret':UInt32.t) -> [ &mb <- { mb with current = _ret' } ] s5) | s5 = -{resolve'1 mb}- s6 | s6 = -{resolve'0 ml}- s7 - | s7 = sum_x'0 {l} (fun (_ret':uint32) -> [ &_18 <- _ret' ] s8) + | s7 = sum_x'0 {l} (fun (_ret':UInt32.t) -> [ &_18 <- _ret' ] s8) | s8 = bb5 ] | bb5 = s0 - [ s0 = UInt32.add {sum0} {j} (fun (_ret':uint32) -> [ &_21 <- _ret' ] s1) - | s1 = UInt32.add {_21} {k} (fun (_ret':uint32) -> [ &_20 <- _ret' ] s2) + [ s0 = UInt32.add {sum0} {j} (fun (_ret':UInt32.t) -> [ &_21 <- _ret' ] s1) + | s1 = UInt32.add {_21} {k} (fun (_ret':UInt32.t) -> [ &_20 <- _ret' ] s2) | s2 = UInt32.eq {_18} {_20} (fun (_ret':bool) -> [ &_17 <- _ret' ] s3) | s3 = any [ br0 -> {_17 = false} (! bb7) | br1 -> {_17} (! bb6) ] ] @@ -353,19 +355,19 @@ module M_inc_some_2_list__inc_some_2_list [#"inc_some_2_list.rs" 70 0 70 51] ) [ & _0 : () = any_l () | & l : t_List'0 = l - | & j : uint32 = j - | & k : uint32 = k - | & sum0 : uint32 = any_l () - | & ma : borrowed uint32 = any_l () + | & j : UInt32.t = j + | & k : UInt32.t = k + | & sum0 : UInt32.t = any_l () + | & ma : borrowed UInt32.t = any_l () | & ml : borrowed (t_List'0) = any_l () - | & _9 : (borrowed uint32, borrowed (t_List'0)) = any_l () + | & _9 : (borrowed UInt32.t, borrowed (t_List'0)) = any_l () | & _10 : borrowed (t_List'0) = any_l () - | & mb : borrowed uint32 = any_l () - | & _12 : (borrowed uint32, borrowed (t_List'0)) = any_l () + | & mb : borrowed UInt32.t = any_l () + | & _12 : (borrowed UInt32.t, borrowed (t_List'0)) = any_l () | & _13 : borrowed (t_List'0) = any_l () | & _17 : bool = any_l () - | & _18 : uint32 = any_l () - | & _20 : uint32 = any_l () - | & _21 : uint32 = any_l () ] + | & _18 : UInt32.t = any_l () + | & _20 : UInt32.t = any_l () + | & _21 : UInt32.t = any_l () ] [ return' (result:())-> (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/rusthorn/inc_some_2_tree.coma b/creusot/tests/should_succeed/rusthorn/inc_some_2_tree.coma index e514ff1914..33651186b8 100644 --- a/creusot/tests/should_succeed/rusthorn/inc_some_2_tree.coma +++ b/creusot/tests/should_succeed/rusthorn/inc_some_2_tree.coma @@ -4,19 +4,19 @@ module M_inc_some_2_tree__qyi9454558703362393917__lemma_sum_nonneg [#"inc_some_2 let%span sinc_some_2_tree2 = "inc_some_2_tree.rs" 34 8 40 9 let%span sinc_some_2_tree3 = "inc_some_2_tree.rs" 23 12 26 13 + use prelude.prelude.Int + use prelude.prelude.UInt32 type t_Tree'0 = - | C_Node'0 (t_Tree'0) uint32 (t_Tree'0) + | C_Node'0 (t_Tree'0) UInt32.t (t_Tree'0) | C_Leaf'0 - use prelude.prelude.Int - use prelude.prelude.UInt32 function sum'0 [#"inc_some_2_tree.rs" 21 4 21 23] (self : t_Tree'0) : int = [%#sinc_some_2_tree3] match self with - | C_Node'0 tl a tr -> sum'0 tl + UInt32.to_int a + sum'0 tr + | C_Node'0 tl a tr -> sum'0 tl + UInt32.to_uint a + sum'0 tr | C_Leaf'0 -> 0 end @@ -43,28 +43,28 @@ module M_inc_some_2_tree__qyi9454558703362393917__sum_x [#"inc_some_2_tree.rs" 4 let%span sinc_some_2_tree6 = "inc_some_2_tree.rs" 34 8 40 9 let%span sinc_some_2_tree7 = "inc_some_2_tree.rs" 23 12 26 13 + use prelude.prelude.Int + use prelude.prelude.UInt32 type t_Tree'0 = - | C_Node'0 (t_Tree'0) uint32 (t_Tree'0) + | C_Node'0 (t_Tree'0) UInt32.t (t_Tree'0) | C_Leaf'0 - let rec v_Node'0 (input:t_Tree'0) (ret (field_0:t_Tree'0) (field_1:uint32) (field_2:t_Tree'0))= any - [ good (field_0:t_Tree'0) (field_1:uint32) (field_2:t_Tree'0)-> {C_Node'0 field_0 field_1 field_2 = input} + let rec v_Node'0 (input:t_Tree'0) (ret (field_0:t_Tree'0) (field_1:UInt32.t) (field_2:t_Tree'0))= any + [ good (field_0:t_Tree'0) (field_1:UInt32.t) (field_2:t_Tree'0)-> {C_Node'0 field_0 field_1 field_2 = input} (! ret {field_0} {field_1} {field_2}) - | bad -> {forall field_0 : t_Tree'0, field_1 : uint32, field_2 : t_Tree'0 [C_Node'0 field_0 field_1 field_2 : t_Tree'0] . C_Node'0 field_0 field_1 field_2 + | bad -> {forall field_0 : t_Tree'0, field_1 : UInt32.t, field_2 : t_Tree'0 [C_Node'0 field_0 field_1 field_2 : t_Tree'0] . C_Node'0 field_0 field_1 field_2 <> input} (! {false} any) ] - use prelude.prelude.Int - use prelude.prelude.UInt32 function sum'0 [#"inc_some_2_tree.rs" 21 4 21 23] (self : t_Tree'0) : int = [%#sinc_some_2_tree7] match self with - | C_Node'0 tl a tr -> sum'0 tl + UInt32.to_int a + sum'0 tr + | C_Node'0 tl a tr -> sum'0 tl + UInt32.to_uint a + sum'0 tr | C_Leaf'0 -> 0 end @@ -84,42 +84,42 @@ module M_inc_some_2_tree__qyi9454558703362393917__sum_x [#"inc_some_2_tree.rs" 4 meta "compute_max_steps" 1000000 - let rec sum_x'0 (self:t_Tree'0) (return' (ret:uint32))= {[@expl:sum_x requires] [%#sinc_some_2_tree2] sum'0 self + let rec sum_x'0 (self:t_Tree'0) (return' (ret:UInt32.t))= {[@expl:sum_x requires] [%#sinc_some_2_tree2] sum'0 self <= 1000000} (! bb0 [ bb0 = any - [ br0 (x0:t_Tree'0) (x1:uint32) (x2:t_Tree'0)-> {self = C_Node'0 x0 x1 x2} (! bb2) + [ br0 (x0:t_Tree'0) (x1:UInt32.t) (x2:t_Tree'0)-> {self = C_Node'0 x0 x1 x2} (! bb2) | br1 -> {self = C_Leaf'0 } (! bb3) ] - | bb3 = s0 [ s0 = [ &_0 <- [%#sinc_some_2_tree0] (0 : uint32) ] s1 | s1 = bb7 ] + | bb3 = s0 [ s0 = [ &_0 <- [%#sinc_some_2_tree0] (0 : UInt32.t) ] s1 | s1 = bb7 ] | bb2 = bb4 | bb4 = s0 - [ s0 = v_Node'0 {self} (fun (r0'0:t_Tree'0) (r1'0:uint32) (r2'0:t_Tree'0) -> [ &tl <- r0'0 ] s1) - | s1 = v_Node'0 {self} (fun (r0'1:t_Tree'0) (r1'1:uint32) (r2'1:t_Tree'0) -> [ &a <- r1'1 ] s2) - | s2 = v_Node'0 {self} (fun (r0'2:t_Tree'0) (r1'2:uint32) (r2'2:t_Tree'0) -> [ &tr <- r2'2 ] s3) + [ s0 = v_Node'0 {self} (fun (r0'0:t_Tree'0) (r1'0:UInt32.t) (r2'0:t_Tree'0) -> [ &tl <- r0'0 ] s1) + | s1 = v_Node'0 {self} (fun (r0'1:t_Tree'0) (r1'1:UInt32.t) (r2'1:t_Tree'0) -> [ &a <- r1'1 ] s2) + | s2 = v_Node'0 {self} (fun (r0'2:t_Tree'0) (r1'2:UInt32.t) (r2'2:t_Tree'0) -> [ &tr <- r2'2 ] s3) | s3 = {[@expl:assertion] [%#sinc_some_2_tree1] let _ = lemma_sum_nonneg'0 tl in let _ = lemma_sum_nonneg'0 tr in true} s4 - | s4 = sum_x'0 {tl} (fun (_ret':uint32) -> [ &_11 <- _ret' ] s5) + | s4 = sum_x'0 {tl} (fun (_ret':UInt32.t) -> [ &_11 <- _ret' ] s5) | s5 = bb5 ] | bb5 = s0 - [ s0 = UInt32.add {_11} {a} (fun (_ret':uint32) -> [ &_10 <- _ret' ] s1) - | s1 = sum_x'0 {tr} (fun (_ret':uint32) -> [ &_14 <- _ret' ] s2) + [ s0 = UInt32.add {_11} {a} (fun (_ret':UInt32.t) -> [ &_10 <- _ret' ] s1) + | s1 = sum_x'0 {tr} (fun (_ret':UInt32.t) -> [ &_14 <- _ret' ] s2) | s2 = bb6 ] - | bb6 = s0 [ s0 = UInt32.add {_10} {_14} (fun (_ret':uint32) -> [ &_0 <- _ret' ] s1) | s1 = bb7 ] + | bb6 = s0 [ s0 = UInt32.add {_10} {_14} (fun (_ret':UInt32.t) -> [ &_0 <- _ret' ] s1) | s1 = bb7 ] | bb7 = return' {_0} ] ) - [ & _0 : uint32 = any_l () + [ & _0 : UInt32.t = any_l () | & self : t_Tree'0 = self | & tl : t_Tree'0 = any_l () - | & a : uint32 = any_l () + | & a : UInt32.t = any_l () | & tr : t_Tree'0 = any_l () - | & _10 : uint32 = any_l () - | & _11 : uint32 = any_l () - | & _14 : uint32 = any_l () ] + | & _10 : UInt32.t = any_l () + | & _11 : UInt32.t = any_l () + | & _14 : UInt32.t = any_l () ] - [ return' (result:uint32)-> {[@expl:sum_x ensures] [%#sinc_some_2_tree3] UInt32.to_int result = sum'0 self} + [ return' (result:UInt32.t)-> {[@expl:sum_x ensures] [%#sinc_some_2_tree3] UInt32.to_uint result = sum'0 self} (! return' {result}) ] end @@ -138,10 +138,12 @@ module M_inc_some_2_tree__qyi9454558703362393917__take_some_rest [#"inc_some_2_t let%span smodel11 = "../../../../creusot-contracts/src/model.rs" 106 8 106 22 let%span sresolve12 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 + use prelude.prelude.Int + use prelude.prelude.UInt32 type t_Tree'0 = - | C_Node'0 (t_Tree'0) uint32 (t_Tree'0) + | C_Node'0 (t_Tree'0) UInt32.t (t_Tree'0) | C_Leaf'0 use prelude.prelude.Borrow @@ -152,22 +154,20 @@ module M_inc_some_2_tree__qyi9454558703362393917__take_some_rest [#"inc_some_2_t predicate resolve'0 (_1 : borrowed (t_Tree'0)) = resolve'3 _1 - let rec v_Node'0 (input:t_Tree'0) (ret (field_0:t_Tree'0) (field_1:uint32) (field_2:t_Tree'0))= any - [ good (field_0:t_Tree'0) (field_1:uint32) (field_2:t_Tree'0)-> {C_Node'0 field_0 field_1 field_2 = input} + let rec v_Node'0 (input:t_Tree'0) (ret (field_0:t_Tree'0) (field_1:UInt32.t) (field_2:t_Tree'0))= any + [ good (field_0:t_Tree'0) (field_1:UInt32.t) (field_2:t_Tree'0)-> {C_Node'0 field_0 field_1 field_2 = input} (! ret {field_0} {field_1} {field_2}) - | bad -> {forall field_0 : t_Tree'0, field_1 : uint32, field_2 : t_Tree'0 [C_Node'0 field_0 field_1 field_2 : t_Tree'0] . C_Node'0 field_0 field_1 field_2 + | bad -> {forall field_0 : t_Tree'0, field_1 : UInt32.t, field_2 : t_Tree'0 [C_Node'0 field_0 field_1 field_2 : t_Tree'0] . C_Node'0 field_0 field_1 field_2 <> input} (! {false} any) ] - use prelude.prelude.Int - use prelude.prelude.UInt32 function sum'0 [#"inc_some_2_tree.rs" 21 4 21 23] (self : t_Tree'0) : int = [%#sinc_some_2_tree10] match self with - | C_Node'0 tl a tr -> sum'0 tl + UInt32.to_int a + sum'0 tr + | C_Node'0 tl a tr -> sum'0 tl + UInt32.to_uint a + sum'0 tr | C_Leaf'0 -> 0 end @@ -189,22 +189,22 @@ module M_inc_some_2_tree__qyi9454558703362393917__take_some_rest [#"inc_some_2_t predicate resolve'1 (_1 : borrowed (t_Tree'0)) = resolve'4 _1 - predicate resolve'5 (self : borrowed uint32) = + predicate resolve'5 (self : borrowed UInt32.t) = [%#sresolve12] self.final = self.current - predicate resolve'2 (_1 : borrowed uint32) = + predicate resolve'2 (_1 : borrowed UInt32.t) = resolve'5 _1 use prelude.prelude.Intrinsic - function view'0 (self : borrowed uint32) : int = - [%#smodel11] UInt32.to_int self.current + function view'0 (self : borrowed UInt32.t) : int = + [%#smodel11] UInt32.to_uint self.current meta "compute_max_steps" 1000000 - let rec take_some_rest'0 (self:borrowed (t_Tree'0)) (return' (ret:(borrowed uint32, borrowed (t_Tree'0))))= (! bb0 + let rec take_some_rest'0 (self:borrowed (t_Tree'0)) (return' (ret:(borrowed UInt32.t, borrowed (t_Tree'0))))= (! bb0 [ bb0 = any - [ br0 (x0:t_Tree'0) (x1:uint32) (x2:t_Tree'0)-> {self.current = C_Node'0 x0 x1 x2} (! bb2) + [ br0 (x0:t_Tree'0) (x1:UInt32.t) (x2:t_Tree'0)-> {self.current = C_Node'0 x0 x1 x2} (! bb2) | br1 -> {self.current = C_Leaf'0 } (! bb3) ] | bb3 = s0 [ s0 = -{resolve'0 self}- s1 | s1 = bb19 ] @@ -212,21 +212,21 @@ module M_inc_some_2_tree__qyi9454558703362393917__take_some_rest [#"inc_some_2_t | bb2 = bb4 | bb4 = s0 [ s0 = v_Node'0 {self.current} - (fun (r0'0:t_Tree'0) (r1'0:uint32) (r2'0:t_Tree'0) -> + (fun (r0'0:t_Tree'0) (r1'0:UInt32.t) (r2'0:t_Tree'0) -> Borrow.borrow_final {r0'0} {Borrow.inherit_id (Borrow.get_id self) 1} (fun (_ret':borrowed (t_Tree'0)) -> [ &mtl <- _ret' ] [ &self <- { self with current = C_Node'0 _ret'.final r1'0 r2'0 } ] s1)) | s1 = v_Node'0 {self.current} - (fun (r0'1:t_Tree'0) (r1'1:uint32) (r2'1:t_Tree'0) -> - Borrow.borrow_final {r1'1} {Borrow.inherit_id (Borrow.get_id self) 2} - (fun (_ret':borrowed uint32) -> + (fun (r0'1:t_Tree'0) (r1'1:UInt32.t) (r2'1:t_Tree'0) -> + Borrow.borrow_final {r1'1} {Borrow.inherit_id (Borrow.get_id self) 2} + (fun (_ret':borrowed UInt32.t) -> [ &ma <- _ret' ] [ &self <- { self with current = C_Node'0 r0'1 _ret'.final r2'1 } ] s2)) | s2 = v_Node'0 {self.current} - (fun (r0'2:t_Tree'0) (r1'2:uint32) (r2'2:t_Tree'0) -> + (fun (r0'2:t_Tree'0) (r1'2:UInt32.t) (r2'2:t_Tree'0) -> Borrow.borrow_final {r2'2} {Borrow.inherit_id (Borrow.get_id self) 3} (fun (_ret':borrowed (t_Tree'0)) -> [ &mtr <- _ret' ] @@ -239,8 +239,8 @@ module M_inc_some_2_tree__qyi9454558703362393917__take_some_rest [#"inc_some_2_t | bb5 = any [ br0 -> {_11 = false} (! bb11) | br1 -> {_11} (! bb6) ] | bb6 = s0 - [ s0 = Borrow.borrow_final {ma.current} {Borrow.get_id ma} - (fun (_ret':borrowed uint32) -> [ &_12 <- _ret' ] [ &ma <- { ma with current = _ret'.final } ] s1) + [ s0 = Borrow.borrow_final {ma.current} {Borrow.get_id ma} + (fun (_ret':borrowed UInt32.t) -> [ &_12 <- _ret' ] [ &ma <- { ma with current = _ret'.final } ] s1) | s1 = random'0 {[%#sinc_some_2_tree2] ()} (fun (_ret':bool) -> [ &_15 <- _ret' ] s2) | s2 = bb7 ] @@ -277,7 +277,7 @@ module M_inc_some_2_tree__qyi9454558703362393917__take_some_rest [#"inc_some_2_t [ s0 = -{resolve'1 mtr}- s1 | s1 = Borrow.borrow_final {mtl.current} {Borrow.get_id mtl} (fun (_ret':borrowed (t_Tree'0)) -> [ &_18 <- _ret' ] [ &mtl <- { mtl with current = _ret'.final } ] s2) - | s2 = take_some_rest'0 {_18} (fun (_ret':(borrowed uint32, borrowed (t_Tree'0))) -> [ &_0 <- _ret' ] s3) + | s2 = take_some_rest'0 {_18} (fun (_ret':(borrowed UInt32.t, borrowed (t_Tree'0))) -> [ &_0 <- _ret' ] s3) | s3 = bb14 ] | bb14 = bb17 @@ -285,7 +285,7 @@ module M_inc_some_2_tree__qyi9454558703362393917__take_some_rest [#"inc_some_2_t [ s0 = -{resolve'1 mtl}- s1 | s1 = Borrow.borrow_final {mtr.current} {Borrow.get_id mtr} (fun (_ret':borrowed (t_Tree'0)) -> [ &_19 <- _ret' ] [ &mtr <- { mtr with current = _ret'.final } ] s2) - | s2 = take_some_rest'0 {_19} (fun (_ret':(borrowed uint32, borrowed (t_Tree'0))) -> [ &_0 <- _ret' ] s3) + | s2 = take_some_rest'0 {_19} (fun (_ret':(borrowed UInt32.t, borrowed (t_Tree'0))) -> [ &_0 <- _ret' ] s3) | s3 = bb16 ] | bb16 = bb17 @@ -298,13 +298,13 @@ module M_inc_some_2_tree__qyi9454558703362393917__take_some_rest [#"inc_some_2_t | s4 = return' {_0} ] ] ) - [ & _0 : (borrowed uint32, borrowed (t_Tree'0)) = any_l () + [ & _0 : (borrowed UInt32.t, borrowed (t_Tree'0)) = any_l () | & self : borrowed (t_Tree'0) = self | & mtl : borrowed (t_Tree'0) = any_l () - | & ma : borrowed uint32 = any_l () + | & ma : borrowed UInt32.t = any_l () | & mtr : borrowed (t_Tree'0) = any_l () | & _11 : bool = any_l () - | & _12 : borrowed uint32 = any_l () + | & _12 : borrowed UInt32.t = any_l () | & _13 : borrowed (t_Tree'0) = any_l () | & _14 : borrowed (t_Tree'0) = any_l () | & _15 : bool = any_l () @@ -313,9 +313,9 @@ module M_inc_some_2_tree__qyi9454558703362393917__take_some_rest [#"inc_some_2_t | & _18 : borrowed (t_Tree'0) = any_l () | & _19 : borrowed (t_Tree'0) = any_l () ] - [ return' (result:(borrowed uint32, borrowed (t_Tree'0)))-> {[@expl:take_some_rest ensures #0] [%#sinc_some_2_tree4] sum'0 self.final + [ return' (result:(borrowed UInt32.t, borrowed (t_Tree'0)))-> {[@expl:take_some_rest ensures #0] [%#sinc_some_2_tree4] sum'0 self.final - sum'0 self.current - = UInt32.to_int (let (a, _) = result in a).final + sum'0 (let (_, a) = result in a).final + = UInt32.to_uint (let (a, _) = result in a).final + sum'0 (let (_, a) = result in a).final - view'0 (let (a, _) = result in a) - sum'0 (let (_, a) = result in a).current} {[@expl:take_some_rest ensures #1] [%#sinc_some_2_tree5] view'0 (let (a, _) = result in a) <= sum'0 self.current} @@ -336,35 +336,35 @@ module M_inc_some_2_tree__inc_some_2_tree [#"inc_some_2_tree.rs" 85 0 85 51] let%span smodel8 = "../../../../creusot-contracts/src/model.rs" 106 8 106 22 let%span sresolve9 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 + use prelude.prelude.Int + use prelude.prelude.UInt32 type t_Tree'0 = - | C_Node'0 (t_Tree'0) uint32 (t_Tree'0) + | C_Node'0 (t_Tree'0) UInt32.t (t_Tree'0) | C_Leaf'0 - use prelude.prelude.Int - use prelude.prelude.UInt32 function sum'0 [#"inc_some_2_tree.rs" 21 4 21 23] (self : t_Tree'0) : int = [%#sinc_some_2_tree7] match self with - | C_Node'0 tl a tr -> sum'0 tl + UInt32.to_int a + sum'0 tr + | C_Node'0 tl a tr -> sum'0 tl + UInt32.to_uint a + sum'0 tr | C_Leaf'0 -> 0 end use prelude.prelude.Borrow - let rec sum_x'0 (self:t_Tree'0) (return' (ret:uint32))= {[@expl:sum_x requires] [%#sinc_some_2_tree2] sum'0 self + let rec sum_x'0 (self:t_Tree'0) (return' (ret:UInt32.t))= {[@expl:sum_x requires] [%#sinc_some_2_tree2] sum'0 self <= 1000000} - any [ return' (result:uint32)-> {[%#sinc_some_2_tree3] UInt32.to_int result = sum'0 self} (! return' {result}) ] + any [ return' (result:UInt32.t)-> {[%#sinc_some_2_tree3] UInt32.to_uint result = sum'0 self} (! return' {result}) ] - function view'0 (self : borrowed uint32) : int = - [%#smodel8] UInt32.to_int self.current + function view'0 (self : borrowed UInt32.t) : int = + [%#smodel8] UInt32.to_uint self.current - let rec take_some_rest'0 (self:borrowed (t_Tree'0)) (return' (ret:(borrowed uint32, borrowed (t_Tree'0))))= any - [ return' (result:(borrowed uint32, borrowed (t_Tree'0)))-> {[%#sinc_some_2_tree4] sum'0 self.final + let rec take_some_rest'0 (self:borrowed (t_Tree'0)) (return' (ret:(borrowed UInt32.t, borrowed (t_Tree'0))))= any + [ return' (result:(borrowed UInt32.t, borrowed (t_Tree'0)))-> {[%#sinc_some_2_tree4] sum'0 self.final - sum'0 self.current - = UInt32.to_int (let (a, _) = result in a).final + sum'0 (let (_, a) = result in a).final + = UInt32.to_uint (let (a, _) = result in a).final + sum'0 (let (_, a) = result in a).final - view'0 (let (a, _) = result in a) - sum'0 (let (_, a) = result in a).current} {[%#sinc_some_2_tree5] view'0 (let (a, _) = result in a) <= sum'0 self.current} @@ -378,27 +378,27 @@ module M_inc_some_2_tree__inc_some_2_tree [#"inc_some_2_tree.rs" 85 0 85 51] predicate resolve'0 (_1 : borrowed (t_Tree'0)) = resolve'2 _1 - predicate resolve'3 (self : borrowed uint32) = + predicate resolve'3 (self : borrowed UInt32.t) = [%#sresolve9] self.final = self.current - predicate resolve'1 (_1 : borrowed uint32) = + predicate resolve'1 (_1 : borrowed UInt32.t) = resolve'3 _1 use prelude.prelude.Intrinsic meta "compute_max_steps" 1000000 - let rec inc_some_2_tree'0 (t:t_Tree'0) (j:uint32) (k:uint32) (return' (ret:()))= {[@expl:inc_some_2_tree requires] [%#sinc_some_2_tree1] sum'0 t - + UInt32.to_int j - + UInt32.to_int k + let rec inc_some_2_tree'0 (t:t_Tree'0) (j:UInt32.t) (k:UInt32.t) (return' (ret:()))= {[@expl:inc_some_2_tree requires] [%#sinc_some_2_tree1] sum'0 t + + UInt32.to_uint j + + UInt32.to_uint k <= 1000000} (! bb0 [ bb0 = bb1 - | bb1 = s0 [ s0 = sum_x'0 {t} (fun (_ret':uint32) -> [ &sum0 <- _ret' ] s1) | s1 = bb2 ] + | bb1 = s0 [ s0 = sum_x'0 {t} (fun (_ret':UInt32.t) -> [ &sum0 <- _ret' ] s1) | s1 = bb2 ] | bb2 = s0 [ s0 = Borrow.borrow_mut {t} (fun (_ret':borrowed (t_Tree'0)) -> [ &_10 <- _ret' ] [ &t <- _ret'.final ] s1) - | s1 = take_some_rest'0 {_10} (fun (_ret':(borrowed uint32, borrowed (t_Tree'0))) -> [ &_9 <- _ret' ] s2) + | s1 = take_some_rest'0 {_10} (fun (_ret':(borrowed UInt32.t, borrowed (t_Tree'0))) -> [ &_9 <- _ret' ] s2) | s2 = bb3 ] | bb3 = s0 @@ -406,7 +406,7 @@ module M_inc_some_2_tree__inc_some_2_tree [#"inc_some_2_tree.rs" 85 0 85 51] | s1 = [ &mt <- let (_, r'1) = _9 in r'1 ] s2 | s2 = Borrow.borrow_final {mt.current} {Borrow.get_id mt} (fun (_ret':borrowed (t_Tree'0)) -> [ &_13 <- _ret' ] [ &mt <- { mt with current = _ret'.final } ] s3) - | s3 = take_some_rest'0 {_13} (fun (_ret':(borrowed uint32, borrowed (t_Tree'0))) -> [ &_12 <- _ret' ] s4) + | s3 = take_some_rest'0 {_13} (fun (_ret':(borrowed UInt32.t, borrowed (t_Tree'0))) -> [ &_12 <- _ret' ] s4) | s4 = bb4 ] | bb4 = s0 @@ -416,17 +416,17 @@ module M_inc_some_2_tree__inc_some_2_tree [#"inc_some_2_tree.rs" 85 0 85 51] end}- s1 | s1 = [ &mb <- let (r'0, _) = _12 in r'0 ] s2 - | s2 = UInt32.add {ma.current} {j} (fun (_ret':uint32) -> [ &ma <- { ma with current = _ret' } ] s3) + | s2 = UInt32.add {ma.current} {j} (fun (_ret':UInt32.t) -> [ &ma <- { ma with current = _ret' } ] s3) | s3 = -{resolve'1 ma}- s4 - | s4 = UInt32.add {mb.current} {k} (fun (_ret':uint32) -> [ &mb <- { mb with current = _ret' } ] s5) + | s4 = UInt32.add {mb.current} {k} (fun (_ret':UInt32.t) -> [ &mb <- { mb with current = _ret' } ] s5) | s5 = -{resolve'1 mb}- s6 | s6 = -{resolve'0 mt}- s7 - | s7 = sum_x'0 {t} (fun (_ret':uint32) -> [ &_18 <- _ret' ] s8) + | s7 = sum_x'0 {t} (fun (_ret':UInt32.t) -> [ &_18 <- _ret' ] s8) | s8 = bb5 ] | bb5 = s0 - [ s0 = UInt32.add {sum0} {j} (fun (_ret':uint32) -> [ &_21 <- _ret' ] s1) - | s1 = UInt32.add {_21} {k} (fun (_ret':uint32) -> [ &_20 <- _ret' ] s2) + [ s0 = UInt32.add {sum0} {j} (fun (_ret':UInt32.t) -> [ &_21 <- _ret' ] s1) + | s1 = UInt32.add {_21} {k} (fun (_ret':UInt32.t) -> [ &_20 <- _ret' ] s2) | s2 = UInt32.eq {_18} {_20} (fun (_ret':bool) -> [ &_17 <- _ret' ] s3) | s3 = any [ br0 -> {_17 = false} (! bb7) | br1 -> {_17} (! bb6) ] ] @@ -436,19 +436,19 @@ module M_inc_some_2_tree__inc_some_2_tree [#"inc_some_2_tree.rs" 85 0 85 51] ) [ & _0 : () = any_l () | & t : t_Tree'0 = t - | & j : uint32 = j - | & k : uint32 = k - | & sum0 : uint32 = any_l () - | & ma : borrowed uint32 = any_l () + | & j : UInt32.t = j + | & k : UInt32.t = k + | & sum0 : UInt32.t = any_l () + | & ma : borrowed UInt32.t = any_l () | & mt : borrowed (t_Tree'0) = any_l () - | & _9 : (borrowed uint32, borrowed (t_Tree'0)) = any_l () + | & _9 : (borrowed UInt32.t, borrowed (t_Tree'0)) = any_l () | & _10 : borrowed (t_Tree'0) = any_l () - | & mb : borrowed uint32 = any_l () - | & _12 : (borrowed uint32, borrowed (t_Tree'0)) = any_l () + | & mb : borrowed UInt32.t = any_l () + | & _12 : (borrowed UInt32.t, borrowed (t_Tree'0)) = any_l () | & _13 : borrowed (t_Tree'0) = any_l () | & _17 : bool = any_l () - | & _18 : uint32 = any_l () - | & _20 : uint32 = any_l () - | & _21 : uint32 = any_l () ] + | & _18 : UInt32.t = any_l () + | & _20 : UInt32.t = any_l () + | & _21 : UInt32.t = any_l () ] [ return' (result:())-> (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/rusthorn/inc_some_list.coma b/creusot/tests/should_succeed/rusthorn/inc_some_list.coma index f6743d8495..448dd45d6a 100644 --- a/creusot/tests/should_succeed/rusthorn/inc_some_list.coma +++ b/creusot/tests/should_succeed/rusthorn/inc_some_list.coma @@ -4,19 +4,19 @@ module M_inc_some_list__qyi14489061725823948544__lemma_sum_nonneg [#"inc_some_li let%span sinc_some_list2 = "inc_some_list.rs" 34 8 37 9 let%span sinc_some_list3 = "inc_some_list.rs" 23 12 26 13 + use prelude.prelude.Int + use prelude.prelude.UInt32 type t_List'0 = - | C_Cons'0 uint32 (t_List'0) + | C_Cons'0 UInt32.t (t_List'0) | C_Nil'0 - use prelude.prelude.Int - use prelude.prelude.UInt32 function sum'0 [#"inc_some_list.rs" 21 4 21 23] (self : t_List'0) : int = [%#sinc_some_list3] match self with - | C_Cons'0 a l -> UInt32.to_int a + sum'0 l + | C_Cons'0 a l -> UInt32.to_uint a + sum'0 l | C_Nil'0 -> 0 end @@ -37,15 +37,17 @@ module M_inc_some_list__qyi14489061725823948544__sum_x [#"inc_some_list.rs" 42 4 let%span sinc_some_list2 = "inc_some_list.rs" 41 14 41 35 let%span sinc_some_list3 = "inc_some_list.rs" 23 12 26 13 + use prelude.prelude.Int + use prelude.prelude.UInt32 type t_List'0 = - | C_Cons'0 uint32 (t_List'0) + | C_Cons'0 UInt32.t (t_List'0) | C_Nil'0 - let rec v_Cons'0 (input:t_List'0) (ret (field_0:uint32) (field_1:t_List'0))= any - [ good (field_0:uint32) (field_1:t_List'0)-> {C_Cons'0 field_0 field_1 = input} (! ret {field_0} {field_1}) - | bad -> {forall field_0 : uint32, field_1 : t_List'0 [C_Cons'0 field_0 field_1 : t_List'0] . C_Cons'0 field_0 field_1 + let rec v_Cons'0 (input:t_List'0) (ret (field_0:UInt32.t) (field_1:t_List'0))= any + [ good (field_0:UInt32.t) (field_1:t_List'0)-> {C_Cons'0 field_0 field_1 = input} (! ret {field_0} {field_1}) + | bad -> {forall field_0 : UInt32.t, field_1 : t_List'0 [C_Cons'0 field_0 field_1 : t_List'0] . C_Cons'0 field_0 field_1 <> input} (! {false} any) ] @@ -55,40 +57,40 @@ module M_inc_some_list__qyi14489061725823948544__sum_x [#"inc_some_list.rs" 42 4 use prelude.prelude.Borrow - use prelude.prelude.Int - use prelude.prelude.UInt32 function sum'0 [#"inc_some_list.rs" 21 4 21 23] (self : t_List'0) : int = [%#sinc_some_list3] match self with - | C_Cons'0 a l -> UInt32.to_int a + sum'0 l + | C_Cons'0 a l -> UInt32.to_uint a + sum'0 l | C_Nil'0 -> 0 end meta "compute_max_steps" 1000000 - let rec sum_x'0 (self:t_List'0) (return' (ret:uint32))= {[@expl:sum_x requires] [%#sinc_some_list1] sum'0 self + let rec sum_x'0 (self:t_List'0) (return' (ret:UInt32.t))= {[@expl:sum_x requires] [%#sinc_some_list1] sum'0 self <= 1000000} (! bb0 - [ bb0 = any [ br0 (x0:uint32) (x1:t_List'0)-> {self = C_Cons'0 x0 x1} (! bb2) | br1 -> {self = C_Nil'0 } (! bb3) ] - | bb3 = s0 [ s0 = [ &_0 <- [%#sinc_some_list0] (0 : uint32) ] s1 | s1 = bb6 ] + [ bb0 = any + [ br0 (x0:UInt32.t) (x1:t_List'0)-> {self = C_Cons'0 x0 x1} (! bb2) | br1 -> {self = C_Nil'0 } (! bb3) ] + + | bb3 = s0 [ s0 = [ &_0 <- [%#sinc_some_list0] (0 : UInt32.t) ] s1 | s1 = bb6 ] | bb2 = bb4 | bb4 = s0 - [ s0 = v_Cons'0 {self} (fun (r0'0:uint32) (r1'0:t_List'0) -> [ &a <- r0'0 ] s1) - | s1 = v_Cons'0 {self} (fun (r0'1:uint32) (r1'1:t_List'0) -> [ &l <- r1'1 ] s2) - | s2 = sum_x'0 {l} (fun (_ret':uint32) -> [ &_8 <- _ret' ] s3) + [ s0 = v_Cons'0 {self} (fun (r0'0:UInt32.t) (r1'0:t_List'0) -> [ &a <- r0'0 ] s1) + | s1 = v_Cons'0 {self} (fun (r0'1:UInt32.t) (r1'1:t_List'0) -> [ &l <- r1'1 ] s2) + | s2 = sum_x'0 {l} (fun (_ret':UInt32.t) -> [ &_8 <- _ret' ] s3) | s3 = bb5 ] - | bb5 = s0 [ s0 = UInt32.add {a} {_8} (fun (_ret':uint32) -> [ &_0 <- _ret' ] s1) | s1 = bb6 ] + | bb5 = s0 [ s0 = UInt32.add {a} {_8} (fun (_ret':UInt32.t) -> [ &_0 <- _ret' ] s1) | s1 = bb6 ] | bb6 = return' {_0} ] ) - [ & _0 : uint32 = any_l () + [ & _0 : UInt32.t = any_l () | & self : t_List'0 = self - | & a : uint32 = any_l () + | & a : UInt32.t = any_l () | & l : t_List'0 = any_l () - | & _8 : uint32 = any_l () ] + | & _8 : UInt32.t = any_l () ] - [ return' (result:uint32)-> {[@expl:sum_x ensures] [%#sinc_some_list2] UInt32.to_int result = sum'0 self} + [ return' (result:UInt32.t)-> {[@expl:sum_x ensures] [%#sinc_some_list2] UInt32.to_uint result = sum'0 self} (! return' {result}) ] end @@ -104,10 +106,12 @@ module M_inc_some_list__qyi14489061725823948544__take_some [#"inc_some_list.rs" let%span smodel8 = "../../../../creusot-contracts/src/model.rs" 106 8 106 22 let%span sresolve9 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 + use prelude.prelude.Int + use prelude.prelude.UInt32 type t_List'0 = - | C_Cons'0 uint32 (t_List'0) + | C_Cons'0 UInt32.t (t_List'0) | C_Nil'0 use prelude.prelude.Borrow @@ -118,21 +122,19 @@ module M_inc_some_list__qyi14489061725823948544__take_some [#"inc_some_list.rs" predicate resolve'0 (_1 : borrowed (t_List'0)) = resolve'3 _1 - let rec v_Cons'0 (input:t_List'0) (ret (field_0:uint32) (field_1:t_List'0))= any - [ good (field_0:uint32) (field_1:t_List'0)-> {C_Cons'0 field_0 field_1 = input} (! ret {field_0} {field_1}) - | bad -> {forall field_0 : uint32, field_1 : t_List'0 [C_Cons'0 field_0 field_1 : t_List'0] . C_Cons'0 field_0 field_1 + let rec v_Cons'0 (input:t_List'0) (ret (field_0:UInt32.t) (field_1:t_List'0))= any + [ good (field_0:UInt32.t) (field_1:t_List'0)-> {C_Cons'0 field_0 field_1 = input} (! ret {field_0} {field_1}) + | bad -> {forall field_0 : UInt32.t, field_1 : t_List'0 [C_Cons'0 field_0 field_1 : t_List'0] . C_Cons'0 field_0 field_1 <> input} (! {false} any) ] - use prelude.prelude.Int - use prelude.prelude.UInt32 function sum'0 [#"inc_some_list.rs" 21 4 21 23] (self : t_List'0) : int = [%#sinc_some_list7] match self with - | C_Cons'0 a l -> UInt32.to_int a + sum'0 l + | C_Cons'0 a l -> UInt32.to_uint a + sum'0 l | C_Nil'0 -> 0 end @@ -156,24 +158,24 @@ module M_inc_some_list__qyi14489061725823948544__take_some [#"inc_some_list.rs" predicate resolve'1 (_1 : borrowed (t_List'0)) = resolve'4 _1 - predicate resolve'5 (self : borrowed uint32) = + predicate resolve'5 (self : borrowed UInt32.t) = [%#sresolve9] self.final = self.current - predicate resolve'2 (_1 : borrowed uint32) = + predicate resolve'2 (_1 : borrowed UInt32.t) = resolve'5 _1 use prelude.prelude.Intrinsic use prelude.prelude.Snapshot - function view'0 (self : borrowed uint32) : int = - [%#smodel8] UInt32.to_int self.current + function view'0 (self : borrowed UInt32.t) : int = + [%#smodel8] UInt32.to_uint self.current meta "compute_max_steps" 1000000 - let rec take_some'0 (self:borrowed (t_List'0)) (return' (ret:borrowed uint32))= (! bb0 + let rec take_some'0 (self:borrowed (t_List'0)) (return' (ret:borrowed UInt32.t))= (! bb0 [ bb0 = any - [ br0 (x0:uint32) (x1:t_List'0)-> {self.current = C_Cons'0 x0 x1} (! bb2) + [ br0 (x0:UInt32.t) (x1:t_List'0)-> {self.current = C_Cons'0 x0 x1} (! bb2) | br1 -> {self.current = C_Nil'0 } (! bb3) ] | bb3 = s0 [ s0 = -{resolve'0 self}- s1 | s1 = bb11 ] @@ -181,14 +183,14 @@ module M_inc_some_list__qyi14489061725823948544__take_some [#"inc_some_list.rs" | bb2 = bb4 | bb4 = s0 [ s0 = v_Cons'0 {self.current} - (fun (r0'0:uint32) (r1'0:t_List'0) -> - Borrow.borrow_final {r0'0} {Borrow.inherit_id (Borrow.get_id self) 1} - (fun (_ret':borrowed uint32) -> + (fun (r0'0:UInt32.t) (r1'0:t_List'0) -> + Borrow.borrow_final {r0'0} {Borrow.inherit_id (Borrow.get_id self) 1} + (fun (_ret':borrowed UInt32.t) -> [ &ma <- _ret' ] [ &self <- { self with current = C_Cons'0 _ret'.final r1'0 } ] s1)) | s1 = v_Cons'0 {self.current} - (fun (r0'1:uint32) (r1'1:t_List'0) -> + (fun (r0'1:UInt32.t) (r1'1:t_List'0) -> Borrow.borrow_final {r1'1} {Borrow.inherit_id (Borrow.get_id self) 2} (fun (_ret':borrowed (t_List'0)) -> [ &ml <- _ret' ] @@ -201,10 +203,10 @@ module M_inc_some_list__qyi14489061725823948544__take_some [#"inc_some_list.rs" | bb6 = any [ br0 -> {_13 = false} (! bb8) | br1 -> {_13} (! bb7) ] | bb7 = s0 [ s0 = -{resolve'1 ml}- s1 - | s1 = Borrow.borrow_final {ma.current} {Borrow.get_id ma} - (fun (_ret':borrowed uint32) -> [ &_14 <- _ret' ] [ &ma <- { ma with current = _ret'.final } ] s2) - | s2 = Borrow.borrow_final {_14.current} {Borrow.get_id _14} - (fun (_ret':borrowed uint32) -> [ &_12 <- _ret' ] [ &_14 <- { _14 with current = _ret'.final } ] s3) + | s1 = Borrow.borrow_final {ma.current} {Borrow.get_id ma} + (fun (_ret':borrowed UInt32.t) -> [ &_14 <- _ret' ] [ &ma <- { ma with current = _ret'.final } ] s2) + | s2 = Borrow.borrow_final {_14.current} {Borrow.get_id _14} + (fun (_ret':borrowed UInt32.t) -> [ &_12 <- _ret' ] [ &_14 <- { _14 with current = _ret'.final } ] s3) | s3 = -{resolve'2 _14}- s4 | s4 = bb10 ] @@ -212,51 +214,51 @@ module M_inc_some_list__qyi14489061725823948544__take_some [#"inc_some_list.rs" [ s0 = -{resolve'2 ma}- s1 | s1 = Borrow.borrow_final {ml.current} {Borrow.get_id ml} (fun (_ret':borrowed (t_List'0)) -> [ &_16 <- _ret' ] [ &ml <- { ml with current = _ret'.final } ] s2) - | s2 = take_some'0 {_16} (fun (_ret':borrowed uint32) -> [ &_15 <- _ret' ] s3) + | s2 = take_some'0 {_16} (fun (_ret':borrowed UInt32.t) -> [ &_15 <- _ret' ] s3) | s3 = bb9 ] | bb9 = s0 - [ s0 = Borrow.borrow_final {_15.current} {Borrow.get_id _15} - (fun (_ret':borrowed uint32) -> [ &_12 <- _ret' ] [ &_15 <- { _15 with current = _ret'.final } ] s1) + [ s0 = Borrow.borrow_final {_15.current} {Borrow.get_id _15} + (fun (_ret':borrowed UInt32.t) -> [ &_12 <- _ret' ] [ &_15 <- { _15 with current = _ret'.final } ] s1) | s1 = -{resolve'2 _15}- s2 | s2 = bb10 ] | bb10 = s0 - [ s0 = Borrow.borrow_final {_12.current} {Borrow.get_id _12} - (fun (_ret':borrowed uint32) -> [ &_9 <- _ret' ] [ &_12 <- { _12 with current = _ret'.final } ] s1) - | s1 = Borrow.borrow_final {_9.current} {Borrow.get_id _9} - (fun (_ret':borrowed uint32) -> [ &_5 <- _ret' ] [ &_9 <- { _9 with current = _ret'.final } ] s2) + [ s0 = Borrow.borrow_final {_12.current} {Borrow.get_id _12} + (fun (_ret':borrowed UInt32.t) -> [ &_9 <- _ret' ] [ &_12 <- { _12 with current = _ret'.final } ] s1) + | s1 = Borrow.borrow_final {_9.current} {Borrow.get_id _9} + (fun (_ret':borrowed UInt32.t) -> [ &_5 <- _ret' ] [ &_9 <- { _9 with current = _ret'.final } ] s2) | s2 = -{resolve'2 _12}- s3 | s3 = -{resolve'2 _9}- s4 | s4 = -{resolve'1 ml}- s5 | s5 = -{resolve'2 ma}- s6 - | s6 = Borrow.borrow_final {_5.current} {Borrow.get_id _5} - (fun (_ret':borrowed uint32) -> [ &_2 <- _ret' ] [ &_5 <- { _5 with current = _ret'.final } ] s7) - | s7 = Borrow.borrow_final {_2.current} {Borrow.get_id _2} - (fun (_ret':borrowed uint32) -> [ &_0 <- _ret' ] [ &_2 <- { _2 with current = _ret'.final } ] s8) + | s6 = Borrow.borrow_final {_5.current} {Borrow.get_id _5} + (fun (_ret':borrowed UInt32.t) -> [ &_2 <- _ret' ] [ &_5 <- { _5 with current = _ret'.final } ] s7) + | s7 = Borrow.borrow_final {_2.current} {Borrow.get_id _2} + (fun (_ret':borrowed UInt32.t) -> [ &_0 <- _ret' ] [ &_2 <- { _2 with current = _ret'.final } ] s8) | s8 = -{resolve'2 _5}- s9 | s9 = -{resolve'2 _2}- s10 | s10 = -{resolve'0 self}- s11 | s11 = return' {_0} ] ] ) - [ & _0 : borrowed uint32 = any_l () + [ & _0 : borrowed UInt32.t = any_l () | & self : borrowed (t_List'0) = self - | & _2 : borrowed uint32 = any_l () - | & _5 : borrowed uint32 = any_l () - | & ma : borrowed uint32 = any_l () + | & _2 : borrowed UInt32.t = any_l () + | & _5 : borrowed UInt32.t = any_l () + | & ma : borrowed UInt32.t = any_l () | & ml : borrowed (t_List'0) = any_l () - | & _9 : borrowed uint32 = any_l () + | & _9 : borrowed UInt32.t = any_l () | & _10 : Snapshot.snap_ty () = any_l () - | & _12 : borrowed uint32 = any_l () + | & _12 : borrowed UInt32.t = any_l () | & _13 : bool = any_l () - | & _14 : borrowed uint32 = any_l () - | & _15 : borrowed uint32 = any_l () + | & _14 : borrowed UInt32.t = any_l () + | & _15 : borrowed UInt32.t = any_l () | & _16 : borrowed (t_List'0) = any_l () ] - [ return' (result:borrowed uint32)-> {[@expl:take_some ensures #0] [%#sinc_some_list2] sum'0 self.final + [ return' (result:borrowed UInt32.t)-> {[@expl:take_some ensures #0] [%#sinc_some_list2] sum'0 self.final - sum'0 self.current - = UInt32.to_int result.final - view'0 result} + = UInt32.to_uint result.final - view'0 result} {[@expl:take_some ensures #1] [%#sinc_some_list3] view'0 result <= sum'0 self.current} (! return' {result}) ] @@ -272,68 +274,68 @@ module M_inc_some_list__inc_some_list [#"inc_some_list.rs" 67 0 67 41] let%span smodel7 = "../../../../creusot-contracts/src/model.rs" 106 8 106 22 let%span sresolve8 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 + use prelude.prelude.Int + use prelude.prelude.UInt32 type t_List'0 = - | C_Cons'0 uint32 (t_List'0) + | C_Cons'0 UInt32.t (t_List'0) | C_Nil'0 - use prelude.prelude.Int - use prelude.prelude.UInt32 function sum'0 [#"inc_some_list.rs" 21 4 21 23] (self : t_List'0) : int = [%#sinc_some_list6] match self with - | C_Cons'0 a l -> UInt32.to_int a + sum'0 l + | C_Cons'0 a l -> UInt32.to_uint a + sum'0 l | C_Nil'0 -> 0 end use prelude.prelude.Borrow - let rec sum_x'0 (self:t_List'0) (return' (ret:uint32))= {[@expl:sum_x requires] [%#sinc_some_list2] sum'0 self + let rec sum_x'0 (self:t_List'0) (return' (ret:UInt32.t))= {[@expl:sum_x requires] [%#sinc_some_list2] sum'0 self <= 1000000} - any [ return' (result:uint32)-> {[%#sinc_some_list3] UInt32.to_int result = sum'0 self} (! return' {result}) ] + any [ return' (result:UInt32.t)-> {[%#sinc_some_list3] UInt32.to_uint result = sum'0 self} (! return' {result}) ] - function view'0 (self : borrowed uint32) : int = - [%#smodel7] UInt32.to_int self.current + function view'0 (self : borrowed UInt32.t) : int = + [%#smodel7] UInt32.to_uint self.current - let rec take_some'0 (self:borrowed (t_List'0)) (return' (ret:borrowed uint32))= any - [ return' (result:borrowed uint32)-> {[%#sinc_some_list4] sum'0 self.final - sum'0 self.current - = UInt32.to_int result.final - view'0 result} + let rec take_some'0 (self:borrowed (t_List'0)) (return' (ret:borrowed UInt32.t))= any + [ return' (result:borrowed UInt32.t)-> {[%#sinc_some_list4] sum'0 self.final - sum'0 self.current + = UInt32.to_uint result.final - view'0 result} {[%#sinc_some_list5] view'0 result <= sum'0 self.current} (! return' {result}) ] - predicate resolve'1 (self : borrowed uint32) = + predicate resolve'1 (self : borrowed UInt32.t) = [%#sresolve8] self.final = self.current - predicate resolve'0 (_1 : borrowed uint32) = + predicate resolve'0 (_1 : borrowed UInt32.t) = resolve'1 _1 use prelude.prelude.Intrinsic meta "compute_max_steps" 1000000 - let rec inc_some_list'0 (l:t_List'0) (k:uint32) (return' (ret:()))= {[@expl:inc_some_list requires] [%#sinc_some_list1] sum'0 l - + UInt32.to_int k + let rec inc_some_list'0 (l:t_List'0) (k:UInt32.t) (return' (ret:()))= {[@expl:inc_some_list requires] [%#sinc_some_list1] sum'0 l + + UInt32.to_uint k <= 1000000} (! bb0 [ bb0 = bb1 - | bb1 = s0 [ s0 = sum_x'0 {l} (fun (_ret':uint32) -> [ &sum0 <- _ret' ] s1) | s1 = bb2 ] + | bb1 = s0 [ s0 = sum_x'0 {l} (fun (_ret':UInt32.t) -> [ &sum0 <- _ret' ] s1) | s1 = bb2 ] | bb2 = s0 [ s0 = Borrow.borrow_mut {l} (fun (_ret':borrowed (t_List'0)) -> [ &_7 <- _ret' ] [ &l <- _ret'.final ] s1) - | s1 = take_some'0 {_7} (fun (_ret':borrowed uint32) -> [ &ma <- _ret' ] s2) + | s1 = take_some'0 {_7} (fun (_ret':borrowed UInt32.t) -> [ &ma <- _ret' ] s2) | s2 = bb3 ] | bb3 = s0 - [ s0 = UInt32.add {ma.current} {k} (fun (_ret':uint32) -> [ &ma <- { ma with current = _ret' } ] s1) + [ s0 = UInt32.add {ma.current} {k} (fun (_ret':UInt32.t) -> [ &ma <- { ma with current = _ret' } ] s1) | s1 = -{resolve'0 ma}- s2 - | s2 = sum_x'0 {l} (fun (_ret':uint32) -> [ &_11 <- _ret' ] s3) + | s2 = sum_x'0 {l} (fun (_ret':UInt32.t) -> [ &_11 <- _ret' ] s3) | s3 = bb4 ] | bb4 = s0 - [ s0 = UInt32.add {sum0} {k} (fun (_ret':uint32) -> [ &_13 <- _ret' ] s1) + [ s0 = UInt32.add {sum0} {k} (fun (_ret':UInt32.t) -> [ &_13 <- _ret' ] s1) | s1 = UInt32.eq {_11} {_13} (fun (_ret':bool) -> [ &_10 <- _ret' ] s2) | s2 = any [ br0 -> {_10 = false} (! bb6) | br1 -> {_10} (! bb5) ] ] @@ -343,12 +345,12 @@ module M_inc_some_list__inc_some_list [#"inc_some_list.rs" 67 0 67 41] ) [ & _0 : () = any_l () | & l : t_List'0 = l - | & k : uint32 = k - | & sum0 : uint32 = any_l () - | & ma : borrowed uint32 = any_l () + | & k : UInt32.t = k + | & sum0 : UInt32.t = any_l () + | & ma : borrowed UInt32.t = any_l () | & _7 : borrowed (t_List'0) = any_l () | & _10 : bool = any_l () - | & _11 : uint32 = any_l () - | & _13 : uint32 = any_l () ] + | & _11 : UInt32.t = any_l () + | & _13 : UInt32.t = any_l () ] [ return' (result:())-> (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/rusthorn/inc_some_tree.coma b/creusot/tests/should_succeed/rusthorn/inc_some_tree.coma index c74f4c21c3..6d40ebbc4b 100644 --- a/creusot/tests/should_succeed/rusthorn/inc_some_tree.coma +++ b/creusot/tests/should_succeed/rusthorn/inc_some_tree.coma @@ -4,19 +4,19 @@ module M_inc_some_tree__qyi12127997673864742005__lemma_sum_nonneg [#"inc_some_tr let%span sinc_some_tree2 = "inc_some_tree.rs" 34 8 40 9 let%span sinc_some_tree3 = "inc_some_tree.rs" 23 12 26 13 + use prelude.prelude.Int + use prelude.prelude.UInt32 type t_Tree'0 = - | C_Node'0 (t_Tree'0) uint32 (t_Tree'0) + | C_Node'0 (t_Tree'0) UInt32.t (t_Tree'0) | C_Leaf'0 - use prelude.prelude.Int - use prelude.prelude.UInt32 function sum'0 [#"inc_some_tree.rs" 21 4 21 23] (self : t_Tree'0) : int = [%#sinc_some_tree3] match self with - | C_Node'0 tl a tr -> sum'0 tl + UInt32.to_int a + sum'0 tr + | C_Node'0 tl a tr -> sum'0 tl + UInt32.to_uint a + sum'0 tr | C_Leaf'0 -> 0 end @@ -43,28 +43,28 @@ module M_inc_some_tree__qyi12127997673864742005__sum_x [#"inc_some_tree.rs" 45 4 let%span sinc_some_tree6 = "inc_some_tree.rs" 34 8 40 9 let%span sinc_some_tree7 = "inc_some_tree.rs" 23 12 26 13 + use prelude.prelude.Int + use prelude.prelude.UInt32 type t_Tree'0 = - | C_Node'0 (t_Tree'0) uint32 (t_Tree'0) + | C_Node'0 (t_Tree'0) UInt32.t (t_Tree'0) | C_Leaf'0 - let rec v_Node'0 (input:t_Tree'0) (ret (field_0:t_Tree'0) (field_1:uint32) (field_2:t_Tree'0))= any - [ good (field_0:t_Tree'0) (field_1:uint32) (field_2:t_Tree'0)-> {C_Node'0 field_0 field_1 field_2 = input} + let rec v_Node'0 (input:t_Tree'0) (ret (field_0:t_Tree'0) (field_1:UInt32.t) (field_2:t_Tree'0))= any + [ good (field_0:t_Tree'0) (field_1:UInt32.t) (field_2:t_Tree'0)-> {C_Node'0 field_0 field_1 field_2 = input} (! ret {field_0} {field_1} {field_2}) - | bad -> {forall field_0 : t_Tree'0, field_1 : uint32, field_2 : t_Tree'0 [C_Node'0 field_0 field_1 field_2 : t_Tree'0] . C_Node'0 field_0 field_1 field_2 + | bad -> {forall field_0 : t_Tree'0, field_1 : UInt32.t, field_2 : t_Tree'0 [C_Node'0 field_0 field_1 field_2 : t_Tree'0] . C_Node'0 field_0 field_1 field_2 <> input} (! {false} any) ] - use prelude.prelude.Int - use prelude.prelude.UInt32 function sum'0 [#"inc_some_tree.rs" 21 4 21 23] (self : t_Tree'0) : int = [%#sinc_some_tree7] match self with - | C_Node'0 tl a tr -> sum'0 tl + UInt32.to_int a + sum'0 tr + | C_Node'0 tl a tr -> sum'0 tl + UInt32.to_uint a + sum'0 tr | C_Leaf'0 -> 0 end @@ -84,42 +84,42 @@ module M_inc_some_tree__qyi12127997673864742005__sum_x [#"inc_some_tree.rs" 45 4 meta "compute_max_steps" 1000000 - let rec sum_x'0 (self:t_Tree'0) (return' (ret:uint32))= {[@expl:sum_x requires] [%#sinc_some_tree2] sum'0 self + let rec sum_x'0 (self:t_Tree'0) (return' (ret:UInt32.t))= {[@expl:sum_x requires] [%#sinc_some_tree2] sum'0 self <= 1000000} (! bb0 [ bb0 = any - [ br0 (x0:t_Tree'0) (x1:uint32) (x2:t_Tree'0)-> {self = C_Node'0 x0 x1 x2} (! bb2) + [ br0 (x0:t_Tree'0) (x1:UInt32.t) (x2:t_Tree'0)-> {self = C_Node'0 x0 x1 x2} (! bb2) | br1 -> {self = C_Leaf'0 } (! bb3) ] - | bb3 = s0 [ s0 = [ &_0 <- [%#sinc_some_tree0] (0 : uint32) ] s1 | s1 = bb7 ] + | bb3 = s0 [ s0 = [ &_0 <- [%#sinc_some_tree0] (0 : UInt32.t) ] s1 | s1 = bb7 ] | bb2 = bb4 | bb4 = s0 - [ s0 = v_Node'0 {self} (fun (r0'0:t_Tree'0) (r1'0:uint32) (r2'0:t_Tree'0) -> [ &tl <- r0'0 ] s1) - | s1 = v_Node'0 {self} (fun (r0'1:t_Tree'0) (r1'1:uint32) (r2'1:t_Tree'0) -> [ &a <- r1'1 ] s2) - | s2 = v_Node'0 {self} (fun (r0'2:t_Tree'0) (r1'2:uint32) (r2'2:t_Tree'0) -> [ &tr <- r2'2 ] s3) + [ s0 = v_Node'0 {self} (fun (r0'0:t_Tree'0) (r1'0:UInt32.t) (r2'0:t_Tree'0) -> [ &tl <- r0'0 ] s1) + | s1 = v_Node'0 {self} (fun (r0'1:t_Tree'0) (r1'1:UInt32.t) (r2'1:t_Tree'0) -> [ &a <- r1'1 ] s2) + | s2 = v_Node'0 {self} (fun (r0'2:t_Tree'0) (r1'2:UInt32.t) (r2'2:t_Tree'0) -> [ &tr <- r2'2 ] s3) | s3 = {[@expl:assertion] [%#sinc_some_tree1] let _ = lemma_sum_nonneg'0 tl in let _ = lemma_sum_nonneg'0 tr in true} s4 - | s4 = sum_x'0 {tl} (fun (_ret':uint32) -> [ &_11 <- _ret' ] s5) + | s4 = sum_x'0 {tl} (fun (_ret':UInt32.t) -> [ &_11 <- _ret' ] s5) | s5 = bb5 ] | bb5 = s0 - [ s0 = UInt32.add {_11} {a} (fun (_ret':uint32) -> [ &_10 <- _ret' ] s1) - | s1 = sum_x'0 {tr} (fun (_ret':uint32) -> [ &_14 <- _ret' ] s2) + [ s0 = UInt32.add {_11} {a} (fun (_ret':UInt32.t) -> [ &_10 <- _ret' ] s1) + | s1 = sum_x'0 {tr} (fun (_ret':UInt32.t) -> [ &_14 <- _ret' ] s2) | s2 = bb6 ] - | bb6 = s0 [ s0 = UInt32.add {_10} {_14} (fun (_ret':uint32) -> [ &_0 <- _ret' ] s1) | s1 = bb7 ] + | bb6 = s0 [ s0 = UInt32.add {_10} {_14} (fun (_ret':UInt32.t) -> [ &_0 <- _ret' ] s1) | s1 = bb7 ] | bb7 = return' {_0} ] ) - [ & _0 : uint32 = any_l () + [ & _0 : UInt32.t = any_l () | & self : t_Tree'0 = self | & tl : t_Tree'0 = any_l () - | & a : uint32 = any_l () + | & a : UInt32.t = any_l () | & tr : t_Tree'0 = any_l () - | & _10 : uint32 = any_l () - | & _11 : uint32 = any_l () - | & _14 : uint32 = any_l () ] + | & _10 : UInt32.t = any_l () + | & _11 : UInt32.t = any_l () + | & _14 : UInt32.t = any_l () ] - [ return' (result:uint32)-> {[@expl:sum_x ensures] [%#sinc_some_tree3] UInt32.to_int result = sum'0 self} + [ return' (result:UInt32.t)-> {[@expl:sum_x ensures] [%#sinc_some_tree3] UInt32.to_uint result = sum'0 self} (! return' {result}) ] end @@ -136,10 +136,12 @@ module M_inc_some_tree__qyi12127997673864742005__take_some [#"inc_some_tree.rs" let%span smodel9 = "../../../../creusot-contracts/src/model.rs" 106 8 106 22 let%span sresolve10 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 + use prelude.prelude.Int + use prelude.prelude.UInt32 type t_Tree'0 = - | C_Node'0 (t_Tree'0) uint32 (t_Tree'0) + | C_Node'0 (t_Tree'0) UInt32.t (t_Tree'0) | C_Leaf'0 use prelude.prelude.Borrow @@ -150,22 +152,20 @@ module M_inc_some_tree__qyi12127997673864742005__take_some [#"inc_some_tree.rs" predicate resolve'0 (_1 : borrowed (t_Tree'0)) = resolve'3 _1 - let rec v_Node'0 (input:t_Tree'0) (ret (field_0:t_Tree'0) (field_1:uint32) (field_2:t_Tree'0))= any - [ good (field_0:t_Tree'0) (field_1:uint32) (field_2:t_Tree'0)-> {C_Node'0 field_0 field_1 field_2 = input} + let rec v_Node'0 (input:t_Tree'0) (ret (field_0:t_Tree'0) (field_1:UInt32.t) (field_2:t_Tree'0))= any + [ good (field_0:t_Tree'0) (field_1:UInt32.t) (field_2:t_Tree'0)-> {C_Node'0 field_0 field_1 field_2 = input} (! ret {field_0} {field_1} {field_2}) - | bad -> {forall field_0 : t_Tree'0, field_1 : uint32, field_2 : t_Tree'0 [C_Node'0 field_0 field_1 field_2 : t_Tree'0] . C_Node'0 field_0 field_1 field_2 + | bad -> {forall field_0 : t_Tree'0, field_1 : UInt32.t, field_2 : t_Tree'0 [C_Node'0 field_0 field_1 field_2 : t_Tree'0] . C_Node'0 field_0 field_1 field_2 <> input} (! {false} any) ] - use prelude.prelude.Int - use prelude.prelude.UInt32 function sum'0 [#"inc_some_tree.rs" 21 4 21 23] (self : t_Tree'0) : int = [%#sinc_some_tree8] match self with - | C_Node'0 tl a tr -> sum'0 tl + UInt32.to_int a + sum'0 tr + | C_Node'0 tl a tr -> sum'0 tl + UInt32.to_uint a + sum'0 tr | C_Leaf'0 -> 0 end @@ -187,22 +187,22 @@ module M_inc_some_tree__qyi12127997673864742005__take_some [#"inc_some_tree.rs" predicate resolve'1 (_1 : borrowed (t_Tree'0)) = resolve'4 _1 - predicate resolve'5 (self : borrowed uint32) = + predicate resolve'5 (self : borrowed UInt32.t) = [%#sresolve10] self.final = self.current - predicate resolve'2 (_1 : borrowed uint32) = + predicate resolve'2 (_1 : borrowed UInt32.t) = resolve'5 _1 use prelude.prelude.Intrinsic - function view'0 (self : borrowed uint32) : int = - [%#smodel9] UInt32.to_int self.current + function view'0 (self : borrowed UInt32.t) : int = + [%#smodel9] UInt32.to_uint self.current meta "compute_max_steps" 1000000 - let rec take_some'0 (self:borrowed (t_Tree'0)) (return' (ret:borrowed uint32))= (! bb0 + let rec take_some'0 (self:borrowed (t_Tree'0)) (return' (ret:borrowed UInt32.t))= (! bb0 [ bb0 = any - [ br0 (x0:t_Tree'0) (x1:uint32) (x2:t_Tree'0)-> {self.current = C_Node'0 x0 x1 x2} (! bb2) + [ br0 (x0:t_Tree'0) (x1:UInt32.t) (x2:t_Tree'0)-> {self.current = C_Node'0 x0 x1 x2} (! bb2) | br1 -> {self.current = C_Leaf'0 } (! bb3) ] | bb3 = s0 [ s0 = -{resolve'0 self}- s1 | s1 = bb15 ] @@ -210,21 +210,21 @@ module M_inc_some_tree__qyi12127997673864742005__take_some [#"inc_some_tree.rs" | bb2 = bb4 | bb4 = s0 [ s0 = v_Node'0 {self.current} - (fun (r0'0:t_Tree'0) (r1'0:uint32) (r2'0:t_Tree'0) -> + (fun (r0'0:t_Tree'0) (r1'0:UInt32.t) (r2'0:t_Tree'0) -> Borrow.borrow_final {r0'0} {Borrow.inherit_id (Borrow.get_id self) 1} (fun (_ret':borrowed (t_Tree'0)) -> [ &mtl <- _ret' ] [ &self <- { self with current = C_Node'0 _ret'.final r1'0 r2'0 } ] s1)) | s1 = v_Node'0 {self.current} - (fun (r0'1:t_Tree'0) (r1'1:uint32) (r2'1:t_Tree'0) -> - Borrow.borrow_final {r1'1} {Borrow.inherit_id (Borrow.get_id self) 2} - (fun (_ret':borrowed uint32) -> + (fun (r0'1:t_Tree'0) (r1'1:UInt32.t) (r2'1:t_Tree'0) -> + Borrow.borrow_final {r1'1} {Borrow.inherit_id (Borrow.get_id self) 2} + (fun (_ret':borrowed UInt32.t) -> [ &ma <- _ret' ] [ &self <- { self with current = C_Node'0 r0'1 _ret'.final r2'1 } ] s2)) | s2 = v_Node'0 {self.current} - (fun (r0'2:t_Tree'0) (r1'2:uint32) (r2'2:t_Tree'0) -> + (fun (r0'2:t_Tree'0) (r1'2:UInt32.t) (r2'2:t_Tree'0) -> Borrow.borrow_final {r2'2} {Borrow.inherit_id (Borrow.get_id self) 3} (fun (_ret':borrowed (t_Tree'0)) -> [ &mtr <- _ret' ] @@ -239,10 +239,10 @@ module M_inc_some_tree__qyi12127997673864742005__take_some [#"inc_some_tree.rs" | bb6 = s0 [ s0 = -{resolve'1 mtr}- s1 | s1 = -{resolve'1 mtl}- s2 - | s2 = Borrow.borrow_final {ma.current} {Borrow.get_id ma} - (fun (_ret':borrowed uint32) -> [ &_15 <- _ret' ] [ &ma <- { ma with current = _ret'.final } ] s3) - | s3 = Borrow.borrow_final {_15.current} {Borrow.get_id _15} - (fun (_ret':borrowed uint32) -> [ &_13 <- _ret' ] [ &_15 <- { _15 with current = _ret'.final } ] s4) + | s2 = Borrow.borrow_final {ma.current} {Borrow.get_id ma} + (fun (_ret':borrowed UInt32.t) -> [ &_15 <- _ret' ] [ &ma <- { ma with current = _ret'.final } ] s3) + | s3 = Borrow.borrow_final {_15.current} {Borrow.get_id _15} + (fun (_ret':borrowed UInt32.t) -> [ &_13 <- _ret' ] [ &_15 <- { _15 with current = _ret'.final } ] s4) | s4 = -{resolve'2 _15}- s5 | s5 = bb14 ] @@ -256,14 +256,14 @@ module M_inc_some_tree__qyi12127997673864742005__take_some [#"inc_some_tree.rs" [ s0 = -{resolve'1 mtr}- s1 | s1 = Borrow.borrow_final {mtl.current} {Borrow.get_id mtl} (fun (_ret':borrowed (t_Tree'0)) -> [ &_19 <- _ret' ] [ &mtl <- { mtl with current = _ret'.final } ] s2) - | s2 = take_some'0 {_19} (fun (_ret':borrowed uint32) -> [ &_18 <- _ret' ] s3) + | s2 = take_some'0 {_19} (fun (_ret':borrowed UInt32.t) -> [ &_18 <- _ret' ] s3) | s3 = bb10 ] | bb10 = s0 - [ s0 = Borrow.borrow_final {_18.current} {Borrow.get_id _18} - (fun (_ret':borrowed uint32) -> [ &_17 <- _ret' ] [ &_18 <- { _18 with current = _ret'.final } ] s1) - | s1 = Borrow.borrow_final {_17.current} {Borrow.get_id _17} - (fun (_ret':borrowed uint32) -> [ &_13 <- _ret' ] [ &_17 <- { _17 with current = _ret'.final } ] s2) + [ s0 = Borrow.borrow_final {_18.current} {Borrow.get_id _18} + (fun (_ret':borrowed UInt32.t) -> [ &_17 <- _ret' ] [ &_18 <- { _18 with current = _ret'.final } ] s1) + | s1 = Borrow.borrow_final {_17.current} {Borrow.get_id _17} + (fun (_ret':borrowed UInt32.t) -> [ &_13 <- _ret' ] [ &_17 <- { _17 with current = _ret'.final } ] s2) | s2 = -{resolve'2 _18}- s3 | s3 = -{resolve'2 _17}- s4 | s4 = bb13 ] @@ -272,57 +272,57 @@ module M_inc_some_tree__qyi12127997673864742005__take_some [#"inc_some_tree.rs" [ s0 = -{resolve'1 mtl}- s1 | s1 = Borrow.borrow_final {mtr.current} {Borrow.get_id mtr} (fun (_ret':borrowed (t_Tree'0)) -> [ &_21 <- _ret' ] [ &mtr <- { mtr with current = _ret'.final } ] s2) - | s2 = take_some'0 {_21} (fun (_ret':borrowed uint32) -> [ &_20 <- _ret' ] s3) + | s2 = take_some'0 {_21} (fun (_ret':borrowed UInt32.t) -> [ &_20 <- _ret' ] s3) | s3 = bb12 ] | bb12 = s0 - [ s0 = Borrow.borrow_final {_20.current} {Borrow.get_id _20} - (fun (_ret':borrowed uint32) -> [ &_13 <- _ret' ] [ &_20 <- { _20 with current = _ret'.final } ] s1) + [ s0 = Borrow.borrow_final {_20.current} {Borrow.get_id _20} + (fun (_ret':borrowed UInt32.t) -> [ &_13 <- _ret' ] [ &_20 <- { _20 with current = _ret'.final } ] s1) | s1 = -{resolve'2 _20}- s2 | s2 = bb13 ] | bb13 = bb14 | bb14 = s0 - [ s0 = Borrow.borrow_final {_13.current} {Borrow.get_id _13} - (fun (_ret':borrowed uint32) -> [ &_10 <- _ret' ] [ &_13 <- { _13 with current = _ret'.final } ] s1) - | s1 = Borrow.borrow_final {_10.current} {Borrow.get_id _10} - (fun (_ret':borrowed uint32) -> [ &_5 <- _ret' ] [ &_10 <- { _10 with current = _ret'.final } ] s2) + [ s0 = Borrow.borrow_final {_13.current} {Borrow.get_id _13} + (fun (_ret':borrowed UInt32.t) -> [ &_10 <- _ret' ] [ &_13 <- { _13 with current = _ret'.final } ] s1) + | s1 = Borrow.borrow_final {_10.current} {Borrow.get_id _10} + (fun (_ret':borrowed UInt32.t) -> [ &_5 <- _ret' ] [ &_10 <- { _10 with current = _ret'.final } ] s2) | s2 = -{resolve'2 _13}- s3 | s3 = -{resolve'2 _10}- s4 | s4 = -{resolve'1 mtr}- s5 | s5 = -{resolve'2 ma}- s6 | s6 = -{resolve'1 mtl}- s7 - | s7 = Borrow.borrow_final {_5.current} {Borrow.get_id _5} - (fun (_ret':borrowed uint32) -> [ &_2 <- _ret' ] [ &_5 <- { _5 with current = _ret'.final } ] s8) - | s8 = Borrow.borrow_final {_2.current} {Borrow.get_id _2} - (fun (_ret':borrowed uint32) -> [ &_0 <- _ret' ] [ &_2 <- { _2 with current = _ret'.final } ] s9) + | s7 = Borrow.borrow_final {_5.current} {Borrow.get_id _5} + (fun (_ret':borrowed UInt32.t) -> [ &_2 <- _ret' ] [ &_5 <- { _5 with current = _ret'.final } ] s8) + | s8 = Borrow.borrow_final {_2.current} {Borrow.get_id _2} + (fun (_ret':borrowed UInt32.t) -> [ &_0 <- _ret' ] [ &_2 <- { _2 with current = _ret'.final } ] s9) | s9 = -{resolve'2 _5}- s10 | s10 = -{resolve'2 _2}- s11 | s11 = -{resolve'0 self}- s12 | s12 = return' {_0} ] ] ) - [ & _0 : borrowed uint32 = any_l () + [ & _0 : borrowed UInt32.t = any_l () | & self : borrowed (t_Tree'0) = self - | & _2 : borrowed uint32 = any_l () - | & _5 : borrowed uint32 = any_l () + | & _2 : borrowed UInt32.t = any_l () + | & _5 : borrowed UInt32.t = any_l () | & mtl : borrowed (t_Tree'0) = any_l () - | & ma : borrowed uint32 = any_l () + | & ma : borrowed UInt32.t = any_l () | & mtr : borrowed (t_Tree'0) = any_l () - | & _10 : borrowed uint32 = any_l () - | & _13 : borrowed uint32 = any_l () + | & _10 : borrowed UInt32.t = any_l () + | & _13 : borrowed UInt32.t = any_l () | & _14 : bool = any_l () - | & _15 : borrowed uint32 = any_l () + | & _15 : borrowed UInt32.t = any_l () | & _16 : bool = any_l () - | & _17 : borrowed uint32 = any_l () - | & _18 : borrowed uint32 = any_l () + | & _17 : borrowed UInt32.t = any_l () + | & _18 : borrowed UInt32.t = any_l () | & _19 : borrowed (t_Tree'0) = any_l () - | & _20 : borrowed uint32 = any_l () + | & _20 : borrowed UInt32.t = any_l () | & _21 : borrowed (t_Tree'0) = any_l () ] - [ return' (result:borrowed uint32)-> {[@expl:take_some ensures #0] [%#sinc_some_tree3] sum'0 self.final + [ return' (result:borrowed UInt32.t)-> {[@expl:take_some ensures #0] [%#sinc_some_tree3] sum'0 self.final - sum'0 self.current - = UInt32.to_int result.final - view'0 result} + = UInt32.to_uint result.final - view'0 result} {[@expl:take_some ensures #1] [%#sinc_some_tree4] view'0 result <= sum'0 self.current} (! return' {result}) ] @@ -338,68 +338,68 @@ module M_inc_some_tree__inc_some_tree [#"inc_some_tree.rs" 83 0 83 41] let%span smodel7 = "../../../../creusot-contracts/src/model.rs" 106 8 106 22 let%span sresolve8 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 + use prelude.prelude.Int + use prelude.prelude.UInt32 type t_Tree'0 = - | C_Node'0 (t_Tree'0) uint32 (t_Tree'0) + | C_Node'0 (t_Tree'0) UInt32.t (t_Tree'0) | C_Leaf'0 - use prelude.prelude.Int - use prelude.prelude.UInt32 function sum'0 [#"inc_some_tree.rs" 21 4 21 23] (self : t_Tree'0) : int = [%#sinc_some_tree6] match self with - | C_Node'0 tl a tr -> sum'0 tl + UInt32.to_int a + sum'0 tr + | C_Node'0 tl a tr -> sum'0 tl + UInt32.to_uint a + sum'0 tr | C_Leaf'0 -> 0 end use prelude.prelude.Borrow - let rec sum_x'0 (self:t_Tree'0) (return' (ret:uint32))= {[@expl:sum_x requires] [%#sinc_some_tree2] sum'0 self + let rec sum_x'0 (self:t_Tree'0) (return' (ret:UInt32.t))= {[@expl:sum_x requires] [%#sinc_some_tree2] sum'0 self <= 1000000} - any [ return' (result:uint32)-> {[%#sinc_some_tree3] UInt32.to_int result = sum'0 self} (! return' {result}) ] + any [ return' (result:UInt32.t)-> {[%#sinc_some_tree3] UInt32.to_uint result = sum'0 self} (! return' {result}) ] - function view'0 (self : borrowed uint32) : int = - [%#smodel7] UInt32.to_int self.current + function view'0 (self : borrowed UInt32.t) : int = + [%#smodel7] UInt32.to_uint self.current - let rec take_some'0 (self:borrowed (t_Tree'0)) (return' (ret:borrowed uint32))= any - [ return' (result:borrowed uint32)-> {[%#sinc_some_tree4] sum'0 self.final - sum'0 self.current - = UInt32.to_int result.final - view'0 result} + let rec take_some'0 (self:borrowed (t_Tree'0)) (return' (ret:borrowed UInt32.t))= any + [ return' (result:borrowed UInt32.t)-> {[%#sinc_some_tree4] sum'0 self.final - sum'0 self.current + = UInt32.to_uint result.final - view'0 result} {[%#sinc_some_tree5] view'0 result <= sum'0 self.current} (! return' {result}) ] - predicate resolve'1 (self : borrowed uint32) = + predicate resolve'1 (self : borrowed UInt32.t) = [%#sresolve8] self.final = self.current - predicate resolve'0 (_1 : borrowed uint32) = + predicate resolve'0 (_1 : borrowed UInt32.t) = resolve'1 _1 use prelude.prelude.Intrinsic meta "compute_max_steps" 1000000 - let rec inc_some_tree'0 (t:t_Tree'0) (k:uint32) (return' (ret:()))= {[@expl:inc_some_tree requires] [%#sinc_some_tree1] sum'0 t - + UInt32.to_int k + let rec inc_some_tree'0 (t:t_Tree'0) (k:UInt32.t) (return' (ret:()))= {[@expl:inc_some_tree requires] [%#sinc_some_tree1] sum'0 t + + UInt32.to_uint k <= 1000000} (! bb0 [ bb0 = bb1 - | bb1 = s0 [ s0 = sum_x'0 {t} (fun (_ret':uint32) -> [ &sum0 <- _ret' ] s1) | s1 = bb2 ] + | bb1 = s0 [ s0 = sum_x'0 {t} (fun (_ret':UInt32.t) -> [ &sum0 <- _ret' ] s1) | s1 = bb2 ] | bb2 = s0 [ s0 = Borrow.borrow_mut {t} (fun (_ret':borrowed (t_Tree'0)) -> [ &_7 <- _ret' ] [ &t <- _ret'.final ] s1) - | s1 = take_some'0 {_7} (fun (_ret':borrowed uint32) -> [ &ma <- _ret' ] s2) + | s1 = take_some'0 {_7} (fun (_ret':borrowed UInt32.t) -> [ &ma <- _ret' ] s2) | s2 = bb3 ] | bb3 = s0 - [ s0 = UInt32.add {ma.current} {k} (fun (_ret':uint32) -> [ &ma <- { ma with current = _ret' } ] s1) + [ s0 = UInt32.add {ma.current} {k} (fun (_ret':UInt32.t) -> [ &ma <- { ma with current = _ret' } ] s1) | s1 = -{resolve'0 ma}- s2 - | s2 = sum_x'0 {t} (fun (_ret':uint32) -> [ &_11 <- _ret' ] s3) + | s2 = sum_x'0 {t} (fun (_ret':UInt32.t) -> [ &_11 <- _ret' ] s3) | s3 = bb4 ] | bb4 = s0 - [ s0 = UInt32.add {sum0} {k} (fun (_ret':uint32) -> [ &_13 <- _ret' ] s1) + [ s0 = UInt32.add {sum0} {k} (fun (_ret':UInt32.t) -> [ &_13 <- _ret' ] s1) | s1 = UInt32.eq {_11} {_13} (fun (_ret':bool) -> [ &_10 <- _ret' ] s2) | s2 = any [ br0 -> {_10 = false} (! bb6) | br1 -> {_10} (! bb5) ] ] @@ -409,12 +409,12 @@ module M_inc_some_tree__inc_some_tree [#"inc_some_tree.rs" 83 0 83 41] ) [ & _0 : () = any_l () | & t : t_Tree'0 = t - | & k : uint32 = k - | & sum0 : uint32 = any_l () - | & ma : borrowed uint32 = any_l () + | & k : UInt32.t = k + | & sum0 : UInt32.t = any_l () + | & ma : borrowed UInt32.t = any_l () | & _7 : borrowed (t_Tree'0) = any_l () | & _10 : bool = any_l () - | & _11 : uint32 = any_l () - | & _13 : uint32 = any_l () ] + | & _11 : UInt32.t = any_l () + | & _13 : UInt32.t = any_l () ] [ return' (result:())-> (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/selection_sort_generic.coma b/creusot/tests/should_succeed/selection_sort_generic.coma index 8c1bf641d2..ca0edfcd43 100644 --- a/creusot/tests/should_succeed/selection_sort_generic.coma +++ b/creusot/tests/should_succeed/selection_sort_generic.coma @@ -34,9 +34,9 @@ module M_selection_sort_generic__selection_sort [#"selection_sort_generic.rs" 30 let%span scmp32 = "../../../creusot-contracts/src/std/cmp.rs" 33 26 33 76 let%span svec33 = "../../../creusot-contracts/src/std/vec.rs" 175 26 175 42 let%span svec34 = "../../../creusot-contracts/src/std/vec.rs" 176 26 176 48 - let%span sslice35 = "../../../creusot-contracts/src/std/slice.rs" 257 19 257 35 - let%span sslice36 = "../../../creusot-contracts/src/std/slice.rs" 258 19 258 35 - let%span sslice37 = "../../../creusot-contracts/src/std/slice.rs" 259 18 259 50 + let%span sslice35 = "../../../creusot-contracts/src/std/slice.rs" 275 19 275 35 + let%span sslice36 = "../../../creusot-contracts/src/std/slice.rs" 276 19 276 35 + let%span sslice37 = "../../../creusot-contracts/src/std/slice.rs" 277 18 277 50 let%span svec38 = "../../../creusot-contracts/src/std/vec.rs" 29 14 29 47 let%span svec39 = "../../../creusot-contracts/src/std/vec.rs" 30 14 31 51 let%span sselection_sort_generic40 = "selection_sort_generic.rs" 19 8 19 35 @@ -52,7 +52,7 @@ module M_selection_sort_generic__selection_sort [#"selection_sort_generic.rs" 30 let%span srange50 = "../../../creusot-contracts/src/std/iter/range.rs" 42 15 42 32 let%span srange51 = "../../../creusot-contracts/src/std/iter/range.rs" 43 15 43 32 let%span srange52 = "../../../creusot-contracts/src/std/iter/range.rs" 44 14 44 42 - let%span snum53 = "../../../creusot-contracts/src/std/num.rs" 21 28 21 33 + let%span snum53 = "../../../creusot-contracts/src/std/num.rs" 52 28 52 33 let%span srange54 = "../../../creusot-contracts/src/std/iter/range.rs" 15 12 15 78 let%span sresolve55 = "../../../creusot-contracts/src/resolve.rs" 54 20 54 34 let%span sord56 = "../../../creusot-contracts/src/logic/ord.rs" 15 14 15 64 @@ -68,8 +68,8 @@ module M_selection_sort_generic__selection_sort [#"selection_sort_generic.rs" 30 let%span sord66 = "../../../creusot-contracts/src/logic/ord.rs" 64 15 64 48 let%span sord67 = "../../../creusot-contracts/src/logic/ord.rs" 65 14 65 44 let%span sord68 = "../../../creusot-contracts/src/logic/ord.rs" 69 14 69 59 - let%span sslice69 = "../../../creusot-contracts/src/std/slice.rs" 122 20 122 37 - let%span sslice70 = "../../../creusot-contracts/src/std/slice.rs" 129 20 129 37 + let%span sslice69 = "../../../creusot-contracts/src/std/slice.rs" 140 20 140 37 + let%span sslice70 = "../../../creusot-contracts/src/std/slice.rs" 147 20 147 37 let%span smodel71 = "../../../creusot-contracts/src/model.rs" 79 8 79 28 let%span sslice72 = "../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 let%span sslice73 = "../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 @@ -93,24 +93,24 @@ module M_selection_sort_generic__selection_sort [#"selection_sort_generic.rs" 30 type t_Unique'0 = { t_Unique__pointer'0: t_NonNull'0; t_Unique__qy95zmarker'0: () } - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 type t_Cap'0 = - { t_Cap__0'0: usize } + { t_Cap__0'0: UInt64.t } type t_RawVec'0 = { t_RawVec__ptr'0: t_Unique'0; t_RawVec__cap'0: t_Cap'0; t_RawVec__alloc'0: () } type t_Vec'0 = - { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: usize } + { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: UInt64.t } use seq.Seq - constant v_MAX'0 : usize = (18446744073709551615 : usize) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.UIntSize - - use prelude.prelude.Int + use prelude.prelude.UInt64 type t_T'0 @@ -118,7 +118,7 @@ module M_selection_sort_generic__selection_sort [#"selection_sort_generic.rs" 30 function view'2 (self : t_Vec'0) : Seq.seq t_T'0 - axiom view'2_spec : forall self : t_Vec'0 . [%#svec41] Seq.length (view'2 self) <= UIntSize.to_int (v_MAX'0 : usize) + axiom view'2_spec : forall self : t_Vec'0 . [%#svec41] Seq.length (view'2 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) use seq.Seq @@ -155,13 +155,13 @@ module M_selection_sort_generic__selection_sort [#"selection_sort_generic.rs" 30 function view'3 (self : t_Vec'0) : Seq.seq t_T'0 = [%#smodel42] view'2 self - let rec len'0 (self:t_Vec'0) (return' (ret:usize))= {[@expl:len 'self' type invariant] inv'6 self} + let rec len'0 (self:t_Vec'0) (return' (ret:UInt64.t))= {[@expl:len 'self' type invariant] inv'6 self} any - [ return' (result:usize)-> {[%#svec20] UIntSize.to_int result = Seq.length (view'3 self)} (! return' {result}) ] + [ return' (result:UInt64.t)-> {[%#svec20] UInt64.to_uint result = Seq.length (view'3 self)} (! return' {result}) ] type t_Range'0 = - { t_Range__start'0: usize; t_Range__end'0: usize } + { t_Range__start'0: UInt64.t; t_Range__end'0: UInt64.t } predicate inv'0 (_1 : t_Range'0) @@ -305,12 +305,12 @@ module M_selection_sort_generic__selection_sort [#"selection_sort_generic.rs" 30 use seq.Seq - function deep_model'2 (self : usize) : int = - [%#snum53] UIntSize.to_int self + function deep_model'2 (self : UInt64.t) : int = + [%#snum53] UInt64.to_uint self use seq.Seq - predicate produces'0 (self : t_Range'0) (visited : Seq.seq usize) (o : t_Range'0) = + predicate produces'0 (self : t_Range'0) (visited : Seq.seq UInt64.t) (o : t_Range'0) = [%#srange28] self.t_Range__end'0 = o.t_Range__end'0 /\ deep_model'2 self.t_Range__start'0 <= deep_model'2 o.t_Range__start'0 /\ (Seq.length visited > 0 -> deep_model'2 o.t_Range__start'0 <= deep_model'2 o.t_Range__end'0) @@ -318,10 +318,10 @@ module M_selection_sort_generic__selection_sort [#"selection_sort_generic.rs" 30 /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> deep_model'2 (Seq.get visited i) = deep_model'2 self.t_Range__start'0 + i) - function produces_trans'0 (a : t_Range'0) (ab : Seq.seq usize) (b : t_Range'0) (bc : Seq.seq usize) (c : t_Range'0) : () + function produces_trans'0 (a : t_Range'0) (ab : Seq.seq UInt64.t) (b : t_Range'0) (bc : Seq.seq UInt64.t) (c : t_Range'0) : () - axiom produces_trans'0_spec : forall a : t_Range'0, ab : Seq.seq usize, b : t_Range'0, bc : Seq.seq usize, c : t_Range'0 . ([%#srange47] inv'0 a) + axiom produces_trans'0_spec : forall a : t_Range'0, ab : Seq.seq UInt64.t, b : t_Range'0, bc : Seq.seq UInt64.t, c : t_Range'0 . ([%#srange47] inv'0 a) -> ([%#srange48] inv'0 b) -> ([%#srange49] inv'0 c) -> ([%#srange50] produces'0 a ab b) @@ -330,11 +330,11 @@ module M_selection_sort_generic__selection_sort [#"selection_sort_generic.rs" 30 function produces_refl'0 (self : t_Range'0) : () axiom produces_refl'0_spec : forall self : t_Range'0 . ([%#srange45] inv'0 self) - -> ([%#srange46] produces'0 self (Seq.empty : Seq.seq usize) self) + -> ([%#srange46] produces'0 self (Seq.empty : Seq.seq UInt64.t) self) - predicate inv'1 (_1 : Seq.seq usize) + predicate inv'1 (_1 : Seq.seq UInt64.t) - axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq usize [inv'1 x] . inv'1 x = true + axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq UInt64.t [inv'1 x] . inv'1 x = true predicate inv'7 (_1 : borrowed (t_Range'0)) @@ -342,7 +342,7 @@ module M_selection_sort_generic__selection_sort [#"selection_sort_generic.rs" 30 type t_Option'0 = | C_None'0 - | C_Some'0 usize + | C_Some'0 UInt64.t predicate inv'8 (_1 : t_Option'0) @@ -370,17 +370,17 @@ module M_selection_sort_generic__selection_sort [#"selection_sort_generic.rs" 30 predicate resolve'0 (_1 : borrowed (t_Range'0)) = resolve'3 _1 - let rec v_Some'0 (input:t_Option'0) (ret (field_0:usize))= any - [ good (field_0:usize)-> {C_Some'0 field_0 = input} (! ret {field_0}) - | bad -> {forall field_0 : usize [C_Some'0 field_0 : t_Option'0] . C_Some'0 field_0 <> input} (! {false} any) ] + let rec v_Some'0 (input:t_Option'0) (ret (field_0:UInt64.t))= any + [ good (field_0:UInt64.t)-> {C_Some'0 field_0 = input} (! ret {field_0}) + | bad -> {forall field_0 : UInt64.t [C_Some'0 field_0 : t_Option'0] . C_Some'0 field_0 <> input} (! {false} any) ] - predicate inv'9 (_1 : usize) + predicate inv'9 (_1 : UInt64.t) - axiom inv_axiom'9 [@rewrite] : forall x : usize [inv'9 x] . inv'9 x = true + axiom inv_axiom'9 [@rewrite] : forall x : UInt64.t [inv'9 x] . inv'9 x = true - predicate in_bounds'0 [@inline:trivial] (self : usize) (seq : Seq.seq t_T'0) = - [%#sslice69] UIntSize.to_int self < Seq.length seq + predicate in_bounds'0 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq t_T'0) = + [%#sslice69] UInt64.to_uint self < Seq.length seq predicate invariant'5 (self : t_T'0) = [%#sinvariant78] inv'12 self @@ -389,10 +389,10 @@ module M_selection_sort_generic__selection_sort [#"selection_sort_generic.rs" 30 axiom inv_axiom'10 [@rewrite] : forall x : t_T'0 [inv'10 x] . inv'10 x = invariant'5 x - predicate has_value'0 [@inline:trivial] (self : usize) (seq : Seq.seq t_T'0) (out : t_T'0) = - [%#sslice70] Seq.get seq (UIntSize.to_int self) = out + predicate has_value'0 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq t_T'0) (out : t_T'0) = + [%#sslice70] Seq.get seq (UInt64.to_uint self) = out - let rec index'0 (self:t_Vec'0) (index:usize) (return' (ret:t_T'0))= {[@expl:index 'self' type invariant] inv'6 self} + let rec index'0 (self:t_Vec'0) (index:UInt64.t) (return' (ret:t_T'0))= {[@expl:index 'self' type invariant] inv'6 self} {[@expl:index 'index' type invariant] inv'9 index} {[@expl:index requires] [%#svec30] in_bounds'0 index (view'3 self)} any @@ -418,15 +418,15 @@ module M_selection_sort_generic__selection_sort [#"selection_sort_generic.rs" 30 axiom inv_axiom'5 [@rewrite] : forall x : borrowed (t_Vec'0) [inv'5 x] . inv'5 x = invariant'3 x - use prelude.prelude.Slice + use Slice64.create - use prelude.prelude.Slice + use prelude.prelude.Slice64 function view'6 (self : slice t_T'0) : Seq.seq t_T'0 axiom view'6_spec : forall self : slice t_T'0 . ([%#sslice72] Seq.length (view'6 self) - <= UIntSize.to_int (v_MAX'0 : usize)) - && ([%#sslice73] view'6 self = Slice.id self) + <= UInt64.to_uint (v_MAX'0 : UInt64.t)) + && ([%#sslice73] view'6 self = Slice64.id self) predicate invariant'1 (self : slice t_T'0) = [%#sslice76] inv'11 (view'6 self) @@ -455,11 +455,11 @@ module M_selection_sort_generic__selection_sort [#"selection_sort_generic.rs" 30 use seq.Permut - let rec swap'0 (self:borrowed (slice t_T'0)) (a:usize) (b:usize) (return' (ret:()))= {[@expl:swap 'self' type invariant] inv'4 self} - {[@expl:swap requires #0] [%#sslice35] UIntSize.to_int a < Seq.length (view'5 self)} - {[@expl:swap requires #1] [%#sslice36] UIntSize.to_int b < Seq.length (view'5 self)} + let rec swap'0 (self:borrowed (slice t_T'0)) (a:UInt64.t) (b:UInt64.t) (return' (ret:()))= {[@expl:swap 'self' type invariant] inv'4 self} + {[@expl:swap requires #0] [%#sslice35] UInt64.to_uint a < Seq.length (view'5 self)} + {[@expl:swap requires #1] [%#sslice36] UInt64.to_uint b < Seq.length (view'5 self)} any - [ return' (result:())-> {[%#sslice37] Permut.exchange (view'6 self.final) (view'5 self) (UIntSize.to_int a) (UIntSize.to_int b)} + [ return' (result:())-> {[%#sslice37] Permut.exchange (view'6 self.final) (view'5 self) (UInt64.to_uint a) (UInt64.to_uint b)} (! return' {result}) ] @@ -489,15 +489,15 @@ module M_selection_sort_generic__selection_sort [#"selection_sort_generic.rs" 30 let rec selection_sort'0 (v:borrowed (t_Vec'0)) (return' (ret:()))= {[@expl:selection_sort 'v' type invariant] [%#sselection_sort_generic17] inv'5 v} (! bb0 [ bb0 = s0 [ s0 = [ &old_v <- [%#sselection_sort_generic0] Snapshot.new v ] s1 | s1 = bb1 ] - | bb1 = s0 [ s0 = len'0 {v.current} (fun (_ret':usize) -> [ &_8 <- _ret' ] s1) | s1 = bb2 ] + | bb1 = s0 [ s0 = len'0 {v.current} (fun (_ret':UInt64.t) -> [ &_8 <- _ret' ] s1) | s1 = bb2 ] | bb2 = s0 - [ s0 = [ &_7 <- { t_Range__start'0 = ([%#sselection_sort_generic1] (0 : usize)); t_Range__end'0 = _8 } ] s1 + [ s0 = [ &_7 <- { t_Range__start'0 = ([%#sselection_sort_generic1] (0 : UInt64.t)); t_Range__end'0 = _8 } ] s1 | s1 = into_iter'0 {_7} (fun (_ret':t_Range'0) -> [ &iter <- _ret' ] s2) | s2 = bb3 ] | bb3 = s0 [ s0 = [ &iter_old <- [%#sselection_sort_generic2] Snapshot.new iter ] s1 | s1 = bb4 ] | bb4 = s0 - [ s0 = [ &produced <- [%#sselection_sort_generic3] Snapshot.new (Seq.empty : Seq.seq usize) ] s1 | s1 = bb5 ] + [ s0 = [ &produced <- [%#sselection_sort_generic3] Snapshot.new (Seq.empty : Seq.seq UInt64.t) ] s1 | s1 = bb5 ] | bb5 = s0 [ s0 = [ &old_6_0 <- Snapshot.new v ] s1 | s1 = bb6 ] | bb6 = bb6 @@ -522,11 +522,11 @@ module M_selection_sort_generic__selection_sort [#"selection_sort_generic.rs" 30 | bb8 = s0 [ s0 = -{resolve'0 _23}- s1 - | s1 = any [ br0 -> {_21 = C_None'0 } (! bb11) | br1 (x0:usize)-> {_21 = C_Some'0 x0} (! bb10) ] ] + | s1 = any [ br0 -> {_21 = C_None'0 } (! bb11) | br1 (x0:UInt64.t)-> {_21 = C_Some'0 x0} (! bb10) ] ] | bb10 = bb12 | bb12 = s0 - [ s0 = v_Some'0 {_21} (fun (r0'0:usize) -> [ &__creusot_proc_iter_elem <- r0'0 ] s1) + [ s0 = v_Some'0 {_21} (fun (r0'0:UInt64.t) -> [ &__creusot_proc_iter_elem <- r0'0 ] s1) | s1 = [ &_26 <- [%#sselection_sort_generic8] Snapshot.new (Seq.(++) (Snapshot.inner produced) (Seq.singleton __creusot_proc_iter_elem)) ] @@ -537,9 +537,9 @@ module M_selection_sort_generic__selection_sort [#"selection_sort_generic.rs" 30 [ s0 = [ &produced <- _26 ] s1 | s1 = [ &i <- __creusot_proc_iter_elem ] s2 | s2 = [ &min <- i ] s3 - | s3 = UIntSize.add {i} {[%#sselection_sort_generic9] (1 : usize)} - (fun (_ret':usize) -> [ &_33 <- _ret' ] s4) - | s4 = len'0 {v.current} (fun (_ret':usize) -> [ &_35 <- _ret' ] s5) + | s3 = UInt64.add {i} {[%#sselection_sort_generic9] (1 : UInt64.t)} + (fun (_ret':UInt64.t) -> [ &_33 <- _ret' ] s4) + | s4 = len'0 {v.current} (fun (_ret':UInt64.t) -> [ &_35 <- _ret' ] s5) | s5 = bb14 ] | bb14 = s0 @@ -549,7 +549,7 @@ module M_selection_sort_generic__selection_sort [#"selection_sort_generic.rs" 30 | bb15 = s0 [ s0 = [ &iter_old1 <- [%#sselection_sort_generic10] Snapshot.new iter1 ] s1 | s1 = bb16 ] | bb16 = s0 - [ s0 = [ &produced1 <- [%#sselection_sort_generic11] Snapshot.new (Seq.empty : Seq.seq usize) ] s1 + [ s0 = [ &produced1 <- [%#sselection_sort_generic11] Snapshot.new (Seq.empty : Seq.seq UInt64.t) ] s1 | s1 = bb17 ] | bb17 = bb18 @@ -557,11 +557,11 @@ module M_selection_sort_generic__selection_sort [#"selection_sort_generic.rs" 30 [ bb18 = {[@expl:for invariant] [%#sselection_sort_generic14] inv'1 (Snapshot.inner produced1)} {[@expl:for invariant] [%#sselection_sort_generic14] inv'0 iter1} {[@expl:for invariant] [%#sselection_sort_generic14] produces'0 (Snapshot.inner iter_old1) (Snapshot.inner produced1) iter1} - {[@expl:loop invariant #0] [%#sselection_sort_generic13] forall k : int . UIntSize.to_int i <= k - /\ k < Seq.length (Snapshot.inner produced1) + UIntSize.to_int i + 1 - -> le_log'0 (Seq.get (deep_model'0 v) (UIntSize.to_int min)) (Seq.get (deep_model'0 v) k)} - {[@expl:loop invariant #1] [%#sselection_sort_generic12] UIntSize.to_int i <= UIntSize.to_int min - /\ UIntSize.to_int min < Seq.length (Snapshot.inner produced1) + UIntSize.to_int i + 1} + {[@expl:loop invariant #0] [%#sselection_sort_generic13] forall k : int . UInt64.to_uint i <= k + /\ k < Seq.length (Snapshot.inner produced1) + UInt64.to_uint i + 1 + -> le_log'0 (Seq.get (deep_model'0 v) (UInt64.to_uint min)) (Seq.get (deep_model'0 v) k)} + {[@expl:loop invariant #1] [%#sselection_sort_generic12] UInt64.to_uint i <= UInt64.to_uint min + /\ UInt64.to_uint min < Seq.length (Snapshot.inner produced1) + UInt64.to_uint i + 1} (! s0) [ s0 = bb19 ] [ bb19 = s0 [ s0 = Borrow.borrow_mut {iter1} @@ -576,11 +576,11 @@ module M_selection_sort_generic__selection_sort [#"selection_sort_generic.rs" 30 | bb20 = s0 [ s0 = -{resolve'0 _48}- s1 - | s1 = any [ br0 -> {_46 = C_None'0 } (! bb23) | br1 (x0:usize)-> {_46 = C_Some'0 x0} (! bb22) ] ] + | s1 = any [ br0 -> {_46 = C_None'0 } (! bb23) | br1 (x0:UInt64.t)-> {_46 = C_Some'0 x0} (! bb22) ] ] | bb22 = bb24 | bb24 = s0 - [ s0 = v_Some'0 {_46} (fun (r0'0:usize) -> [ &__creusot_proc_iter_elem1 <- r0'0 ] s1) + [ s0 = v_Some'0 {_46} (fun (r0'0:UInt64.t) -> [ &__creusot_proc_iter_elem1 <- r0'0 ] s1) | s1 = [ &_51 <- [%#sselection_sort_generic15] Snapshot.new (Seq.(++) (Snapshot.inner produced1) (Seq.singleton __creusot_proc_iter_elem1)) ] @@ -642,28 +642,28 @@ module M_selection_sort_generic__selection_sort [#"selection_sort_generic.rs" 30 | & old_v : Snapshot.snap_ty (borrowed (t_Vec'0)) = any_l () | & iter : t_Range'0 = any_l () | & _7 : t_Range'0 = any_l () - | & _8 : usize = any_l () + | & _8 : UInt64.t = any_l () | & iter_old : Snapshot.snap_ty (t_Range'0) = any_l () - | & produced : Snapshot.snap_ty (Seq.seq usize) = any_l () + | & produced : Snapshot.snap_ty (Seq.seq UInt64.t) = any_l () | & _21 : t_Option'0 = any_l () | & _22 : borrowed (t_Range'0) = any_l () | & _23 : borrowed (t_Range'0) = any_l () - | & __creusot_proc_iter_elem : usize = any_l () - | & _26 : Snapshot.snap_ty (Seq.seq usize) = any_l () - | & i : usize = any_l () - | & min : usize = any_l () + | & __creusot_proc_iter_elem : UInt64.t = any_l () + | & _26 : Snapshot.snap_ty (Seq.seq UInt64.t) = any_l () + | & i : UInt64.t = any_l () + | & min : UInt64.t = any_l () | & iter1 : t_Range'0 = any_l () | & _32 : t_Range'0 = any_l () - | & _33 : usize = any_l () - | & _35 : usize = any_l () + | & _33 : UInt64.t = any_l () + | & _35 : UInt64.t = any_l () | & iter_old1 : Snapshot.snap_ty (t_Range'0) = any_l () - | & produced1 : Snapshot.snap_ty (Seq.seq usize) = any_l () + | & produced1 : Snapshot.snap_ty (Seq.seq UInt64.t) = any_l () | & _46 : t_Option'0 = any_l () | & _47 : borrowed (t_Range'0) = any_l () | & _48 : borrowed (t_Range'0) = any_l () - | & __creusot_proc_iter_elem1 : usize = any_l () - | & _51 : Snapshot.snap_ty (Seq.seq usize) = any_l () - | & j : usize = any_l () + | & __creusot_proc_iter_elem1 : UInt64.t = any_l () + | & _51 : Snapshot.snap_ty (Seq.seq UInt64.t) = any_l () + | & j : UInt64.t = any_l () | & _54 : bool = any_l () | & _56 : t_T'0 = any_l () | & _60 : t_T'0 = any_l () diff --git a/creusot/tests/should_succeed/slices/01.coma b/creusot/tests/should_succeed/slices/01.coma index afc9c0f7cb..0a745b0a97 100644 --- a/creusot/tests/should_succeed/slices/01.coma +++ b/creusot/tests/should_succeed/slices/01.coma @@ -6,11 +6,13 @@ module M_01__index_slice [#"01.rs" 6 0 6 36] let%span sslice4 = "../../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 let%span sslice5 = "../../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 use prelude.prelude.UInt32 - use prelude.prelude.Slice + use Slice64.create use prelude.prelude.Intrinsic @@ -20,43 +22,43 @@ module M_01__index_slice [#"01.rs" 6 0 6 36] use seq.Seq - constant v_MAX'0 : usize = (18446744073709551615 : usize) - - use prelude.prelude.UIntSize + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.Int + use prelude.prelude.UInt64 - use prelude.prelude.Slice + use prelude.prelude.Slice64 - function view'1 (self : slice uint32) : Seq.seq uint32 + function view'1 (self : slice UInt32.t) : Seq.seq UInt32.t - axiom view'1_spec : forall self : slice uint32 . ([%#sslice4] Seq.length (view'1 self) - <= UIntSize.to_int (v_MAX'0 : usize)) - && ([%#sslice5] view'1 self = Slice.id self) + axiom view'1_spec : forall self : slice UInt32.t . ([%#sslice4] Seq.length (view'1 self) + <= UInt64.to_uint (v_MAX'0 : UInt64.t)) + && ([%#sslice5] view'1 self = Slice64.id self) - function view'0 (self : slice uint32) : Seq.seq uint32 = + function view'0 (self : slice UInt32.t) : Seq.seq UInt32.t = [%#smodel3] view'1 self meta "compute_max_steps" 1000000 - let rec index_slice'0 (a:slice uint32) (return' (ret:uint32))= {[@expl:index_slice requires] [%#s012] 10 + let rec index_slice'0 (a:slice UInt32.t) (return' (ret:UInt32.t))= {[@expl:index_slice requires] [%#s012] 10 < Seq.length (view'0 a)} (! bb0 [ bb0 = s0 - [ s0 = [ &_3 <- [%#s010] (10 : usize) ] s1 + [ s0 = [ &_3 <- [%#s010] (10 : UInt64.t) ] s1 | s1 = [ &_4 <- Slice.length a ] s2 - | s2 = UIntSize.lt {_3} {_4} (fun (_ret':bool) -> [ &_5 <- _ret' ] s3) + | s2 = UInt64.lt {_3} {_4} (fun (_ret':bool) -> [ &_5 <- _ret' ] s3) | s3 = {[@expl:index in bounds] [%#s011] _5} s4 | s4 = bb1 ] - | bb1 = s0 [ s0 = Slice.get {a} {_3} (fun (r'0:uint32) -> [ &_0 <- r'0 ] s1) | s1 = return' {_0} ] ] + | bb1 = s0 + [ s0 = Slice64.get {a} {_3} (fun (r'0:UInt32.t) -> [ &_0 <- r'0 ] s1) | s1 = return' {_0} ] + ] ) - [ & _0 : uint32 = any_l () - | & a : slice uint32 = a - | & _3 : usize = any_l () - | & _4 : usize = any_l () + [ & _0 : UInt32.t = any_l () + | & a : slice UInt32.t = a + | & _3 : UInt64.t = any_l () + | & _4 : UInt64.t = any_l () | & _5 : bool = any_l () ] - [ return' (result:uint32)-> (! return' {result}) ] + [ return' (result:UInt32.t)-> (! return' {result}) ] end module M_01__index_mut_slice [#"01.rs" 12 0 12 37] let%span s010 = "01.rs" 13 6 13 7 @@ -70,18 +72,20 @@ module M_01__index_mut_slice [#"01.rs" 12 0 12 37] let%span sslice8 = "../../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 let%span sslice9 = "../../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 use prelude.prelude.UInt32 - use prelude.prelude.Slice + use Slice64.create use prelude.prelude.Borrow - predicate resolve'1 (self : borrowed (slice uint32)) = + predicate resolve'1 (self : borrowed (slice UInt32.t)) = [%#sresolve7] self.final = self.current - predicate resolve'0 (_1 : borrowed (slice uint32)) = + predicate resolve'0 (_1 : borrowed (slice UInt32.t)) = resolve'1 _1 use prelude.prelude.Intrinsic @@ -90,56 +94,54 @@ module M_01__index_mut_slice [#"01.rs" 12 0 12 37] use seq.Seq - constant v_MAX'0 : usize = (18446744073709551615 : usize) - - use prelude.prelude.UIntSize + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.Int + use prelude.prelude.UInt64 - use prelude.prelude.Slice + use prelude.prelude.Slice64 - function view'1 (self : slice uint32) : Seq.seq uint32 + function view'1 (self : slice UInt32.t) : Seq.seq UInt32.t - axiom view'1_spec : forall self : slice uint32 . ([%#sslice8] Seq.length (view'1 self) - <= UIntSize.to_int (v_MAX'0 : usize)) - && ([%#sslice9] view'1 self = Slice.id self) + axiom view'1_spec : forall self : slice UInt32.t . ([%#sslice8] Seq.length (view'1 self) + <= UInt64.to_uint (v_MAX'0 : UInt64.t)) + && ([%#sslice9] view'1 self = Slice64.id self) - function view'0 (self : borrowed (slice uint32)) : Seq.seq uint32 = + function view'0 (self : borrowed (slice UInt32.t)) : Seq.seq UInt32.t = [%#smodel5] view'1 self.current use seq.Seq - function index_logic'0 [@inline:trivial] (self : slice uint32) (ix : int) : uint32 = + function index_logic'0 [@inline:trivial] (self : slice UInt32.t) (ix : int) : UInt32.t = [%#sops6] Seq.get (view'1 self) ix use prelude.prelude.UInt32 meta "compute_max_steps" 1000000 - let rec index_mut_slice'0 (a:borrowed (slice uint32)) (return' (ret:()))= {[@expl:index_mut_slice requires] [%#s013] Seq.length (view'0 a) + let rec index_mut_slice'0 (a:borrowed (slice UInt32.t)) (return' (ret:()))= {[@expl:index_mut_slice requires] [%#s013] Seq.length (view'0 a) = 5} (! bb0 [ bb0 = s0 - [ s0 = [ &_4 <- [%#s010] (2 : usize) ] s1 + [ s0 = [ &_4 <- [%#s010] (2 : UInt64.t) ] s1 | s1 = [ &_5 <- Slice.length a.current ] s2 - | s2 = UIntSize.lt {_4} {_5} (fun (_ret':bool) -> [ &_6 <- _ret' ] s3) + | s2 = UInt64.lt {_4} {_5} (fun (_ret':bool) -> [ &_6 <- _ret' ] s3) | s3 = {[@expl:index in bounds] [%#s011] _6} s4 | s4 = bb1 ] | bb1 = s0 - [ s0 = Slice.set {a.current} {_4} {[%#s012] (3 : uint32)} - (fun (r'0:slice uint32) -> [ &a <- { a with current = r'0 } ] s1) + [ s0 = Slice64.set {a.current} {_4} {[%#s012] (3 : UInt32.t)} + (fun (r'0:slice UInt32.t) -> [ &a <- { a with current = r'0 } ] s1) | s1 = -{resolve'0 a}- s2 | s2 = return' {_0} ] ] ) [ & _0 : () = any_l () - | & a : borrowed (slice uint32) = a - | & _4 : usize = any_l () - | & _5 : usize = any_l () + | & a : borrowed (slice UInt32.t) = a + | & _4 : UInt64.t = any_l () + | & _5 : UInt64.t = any_l () | & _6 : bool = any_l () ] - [ return' (result:())-> {[@expl:index_mut_slice ensures] [%#s014] UInt32.to_int (index_logic'0 a.final 2) = 3} + [ return' (result:())-> {[@expl:index_mut_slice ensures] [%#s014] UInt32.to_uint (index_logic'0 a.final 2) = 3} (! return' {result}) ] end @@ -150,7 +152,7 @@ module M_01__slice_first [#"01.rs" 20 0 20 44] let%span s013 = "01.rs" 20 22 20 23 let%span s014 = "01.rs" 20 34 20 44 let%span s015 = "01.rs" 16 10 19 1 - let%span sslice6 = "../../../../creusot-contracts/src/std/slice.rs" 245 0 354 1 + let%span sslice6 = "../../../../creusot-contracts/src/std/slice.rs" 263 0 372 1 let%span sops7 = "../../../../creusot-contracts/src/logic/ops.rs" 42 8 42 31 let%span smodel8 = "../../../../creusot-contracts/src/model.rs" 88 8 88 22 let%span sslice9 = "../../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 @@ -162,29 +164,29 @@ module M_01__slice_first [#"01.rs" 20 0 20 44] use prelude.prelude.Borrow - use prelude.prelude.Slice + use Slice64.create type t_T'0 use seq.Seq - use prelude.prelude.UIntSize + use prelude.prelude.Int - constant v_MAX'0 : usize = (18446744073709551615 : usize) + use prelude.prelude.UInt64 - use prelude.prelude.UIntSize + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.Int + use prelude.prelude.UInt64 - use prelude.prelude.Slice + use prelude.prelude.Slice64 use seq.Seq function view'1 (self : slice t_T'0) : Seq.seq t_T'0 axiom view'1_spec : forall self : slice t_T'0 . ([%#sslice9] Seq.length (view'1 self) - <= UIntSize.to_int (v_MAX'0 : usize)) - && ([%#sslice10] view'1 self = Slice.id self) + <= UInt64.to_uint (v_MAX'0 : UInt64.t)) + && ([%#sslice10] view'1 self = Slice64.id self) use seq.Seq @@ -221,9 +223,9 @@ module M_01__slice_first [#"01.rs" 20 0 20 44] function view'0 (self : slice t_T'0) : Seq.seq t_T'0 = [%#smodel8] view'1 self - let rec len'0 (self:slice t_T'0) (return' (ret:usize))= {[@expl:len 'self' type invariant] inv'0 self} + let rec len'0 (self:slice t_T'0) (return' (ret:UInt64.t))= {[@expl:len 'self' type invariant] inv'0 self} any - [ return' (result:usize)-> {[%#sslice6] Seq.length (view'0 self) = UIntSize.to_int result} (! return' {result}) ] + [ return' (result:UInt64.t)-> {[%#sslice6] Seq.length (view'0 self) = UInt64.to_uint result} (! return' {result}) ] type t_Option'0 = @@ -256,20 +258,20 @@ module M_01__slice_first [#"01.rs" 20 0 20 44] let rec slice_first'0 (a:slice t_T'0) (return' (ret:t_Option'0))= {[@expl:slice_first 'a' type invariant] [%#s013] inv'0 a} (! bb0 - [ bb0 = s0 [ s0 = len'0 {a} (fun (_ret':usize) -> [ &_4 <- _ret' ] s1) | s1 = bb1 ] + [ bb0 = s0 [ s0 = len'0 {a} (fun (_ret':UInt64.t) -> [ &_4 <- _ret' ] s1) | s1 = bb1 ] | bb1 = s0 - [ s0 = UIntSize.gt {_4} {[%#s010] (0 : usize)} (fun (_ret':bool) -> [ &_3 <- _ret' ] s1) + [ s0 = UInt64.gt {_4} {[%#s010] (0 : UInt64.t)} (fun (_ret':bool) -> [ &_3 <- _ret' ] s1) | s1 = any [ br0 -> {_3 = false} (! bb4) | br1 -> {_3} (! bb2) ] ] | bb2 = s0 - [ s0 = [ &_8 <- [%#s011] (0 : usize) ] s1 + [ s0 = [ &_8 <- [%#s011] (0 : UInt64.t) ] s1 | s1 = [ &_9 <- Slice.length a ] s2 - | s2 = UIntSize.lt {_8} {_9} (fun (_ret':bool) -> [ &_10 <- _ret' ] s3) + | s2 = UInt64.lt {_8} {_9} (fun (_ret':bool) -> [ &_10 <- _ret' ] s3) | s3 = {[@expl:index in bounds] [%#s012] _10} s4 | s4 = bb3 ] | bb3 = s0 - [ s0 = Slice.get {a} {_8} (fun (r'0:t_T'0) -> [ &_7 <- r'0 ] s1) + [ s0 = Slice64.get {a} {_8} (fun (r'0:t_T'0) -> [ &_7 <- r'0 ] s1) | s1 = [ &_0 <- C_Some'0 _7 ] s2 | s2 = bb5 ] @@ -279,10 +281,10 @@ module M_01__slice_first [#"01.rs" 20 0 20 44] [ & _0 : t_Option'0 = any_l () | & a : slice t_T'0 = a | & _3 : bool = any_l () - | & _4 : usize = any_l () + | & _4 : UInt64.t = any_l () | & _7 : t_T'0 = any_l () - | & _8 : usize = any_l () - | & _9 : usize = any_l () + | & _8 : UInt64.t = any_l () + | & _9 : UInt64.t = any_l () | & _10 : bool = any_l () ] [ return' (result:t_Option'0)-> {[@expl:slice_first result type invariant] [%#s014] inv'1 result} diff --git a/creusot/tests/should_succeed/slices/02_std.coma b/creusot/tests/should_succeed/slices/02_std.coma index dee3bb1a68..8972213372 100644 --- a/creusot/tests/should_succeed/slices/02_std.coma +++ b/creusot/tests/should_succeed/slices/02_std.coma @@ -3,11 +3,11 @@ module M_02_std__binary_search [#"02_std.rs" 8 0 8 40] let%span s02_std1 = "02_std.rs" 6 11 6 62 let%span s02_std2 = "02_std.rs" 7 11 7 24 let%span s02_std3 = "02_std.rs" 9 30 9 31 - let%span sslice4 = "../../../../creusot-contracts/src/std/slice.rs" 245 0 354 1 - let%span sslice5 = "../../../../creusot-contracts/src/std/slice.rs" 321 18 321 116 - let%span sslice6 = "../../../../creusot-contracts/src/std/slice.rs" 322 18 323 94 - let%span sslice7 = "../../../../creusot-contracts/src/std/slice.rs" 324 18 325 76 - let%span sslice8 = "../../../../creusot-contracts/src/std/slice.rs" 326 18 327 97 + let%span sslice4 = "../../../../creusot-contracts/src/std/slice.rs" 263 0 372 1 + let%span sslice5 = "../../../../creusot-contracts/src/std/slice.rs" 339 18 339 116 + let%span sslice6 = "../../../../creusot-contracts/src/std/slice.rs" 340 18 341 94 + let%span sslice7 = "../../../../creusot-contracts/src/std/slice.rs" 342 18 343 76 + let%span sslice8 = "../../../../creusot-contracts/src/std/slice.rs" 344 18 345 97 let%span sresult9 = "../../../../creusot-contracts/src/std/result.rs" 53 27 53 53 let%span sresult10 = "../../../../creusot-contracts/src/std/result.rs" 18 0 135 1 let%span smodel11 = "../../../../creusot-contracts/src/model.rs" 88 8 88 22 @@ -19,7 +19,23 @@ module M_02_std__binary_search [#"02_std.rs" 8 0 8 40] let%span sslice17 = "../../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 let%span sslice18 = "../../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 let%span sseq19 = "../../../../creusot-contracts/src/logic/seq.rs" 210 12 210 85 - let%span snum20 = "../../../../creusot-contracts/src/std/num.rs" 21 28 21 33 + let%span snum20 = "../../../../creusot-contracts/src/std/num.rs" 52 28 52 33 + let%span sord21 = "../../../../creusot-contracts/src/logic/ord.rs" 78 39 78 89 + let%span sord22 = "../../../../creusot-contracts/src/logic/ord.rs" 83 39 83 86 + let%span sord23 = "../../../../creusot-contracts/src/logic/ord.rs" 88 39 88 86 + let%span sord24 = "../../../../creusot-contracts/src/logic/ord.rs" 93 39 93 89 + let%span sord25 = "../../../../creusot-contracts/src/logic/ord.rs" 98 39 98 70 + let%span sord26 = "../../../../creusot-contracts/src/logic/ord.rs" 103 40 103 57 + let%span sord27 = "../../../../creusot-contracts/src/logic/ord.rs" 104 40 104 57 + let%span sord28 = "../../../../creusot-contracts/src/logic/ord.rs" 105 39 105 56 + let%span sord29 = "../../../../creusot-contracts/src/logic/ord.rs" 110 40 110 70 + let%span sord30 = "../../../../creusot-contracts/src/logic/ord.rs" 111 39 111 72 + let%span sord31 = "../../../../creusot-contracts/src/logic/ord.rs" 116 40 116 73 + let%span sord32 = "../../../../creusot-contracts/src/logic/ord.rs" 117 39 117 69 + let%span sord33 = "../../../../creusot-contracts/src/logic/ord.rs" 122 39 122 84 + let%span sord34 = "../../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.Int use prelude.prelude.UInt32 @@ -27,21 +43,19 @@ module M_02_std__binary_search [#"02_std.rs" 8 0 8 40] use prelude.prelude.Intrinsic - let rec promoted0__binary_search'0 (return' (ret:uint32))= bb0 - [ bb0 = s0 [ s0 = [ &_0 <- [%#s02_std3] (2 : uint32) ] s1 | s1 = return' {_0} ] ] - [ & _0 : uint32 = any_l () ] [ return' (result:uint32)-> return' {result} ] + let rec promoted0__binary_search'0 (return' (ret:UInt32.t))= bb0 + [ bb0 = s0 [ s0 = [ &_0 <- [%#s02_std3] (2 : UInt32.t) ] s1 | s1 = return' {_0} ] ] + [ & _0 : UInt32.t = any_l () ] [ return' (result:UInt32.t)-> return' {result} ] - use prelude.prelude.Slice + use Slice64.create - predicate inv'0 (_1 : slice uint32) + predicate inv'0 (_1 : slice UInt32.t) - axiom inv_axiom'0 [@rewrite] : forall x : slice uint32 [inv'0 x] . inv'0 x = true + axiom inv_axiom'0 [@rewrite] : forall x : slice UInt32.t [inv'0 x] . inv'0 x = true - predicate inv'1 (_1 : uint32) + predicate inv'1 (_1 : UInt32.t) - axiom inv_axiom'1 [@rewrite] : forall x : uint32 [inv'1 x] . inv'1 x = true - - use prelude.prelude.Int + axiom inv_axiom'1 [@rewrite] : forall x : UInt32.t [inv'1 x] . inv'1 x = true use seq.Seq @@ -49,21 +63,21 @@ module M_02_std__binary_search [#"02_std.rs" 8 0 8 40] use seq.Seq - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 - constant v_MAX'0 : usize = (18446744073709551615 : usize) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 - use prelude.prelude.Slice + use prelude.prelude.Slice64 - function view'1 (self : slice uint32) : Seq.seq uint32 + function view'1 (self : slice UInt32.t) : Seq.seq UInt32.t - axiom view'1_spec : forall self : slice uint32 . ([%#sslice17] Seq.length (view'1 self) - <= UIntSize.to_int (v_MAX'0 : usize)) - && ([%#sslice18] view'1 self = Slice.id self) + axiom view'1_spec : forall self : slice UInt32.t . ([%#sslice17] Seq.length (view'1 self) + <= UInt64.to_uint (v_MAX'0 : UInt64.t)) + && ([%#sslice18] view'1 self = Slice64.id self) - function view'0 (self : slice uint32) : Seq.seq uint32 = + function view'0 (self : slice UInt32.t) : Seq.seq UInt32.t = [%#smodel11] view'1 self use seq.Seq @@ -72,22 +86,22 @@ module M_02_std__binary_search [#"02_std.rs" 8 0 8 40] use seq.Seq - function index_logic'0 [@inline:trivial] (self : slice uint32) (ix : int) : uint32 = + function index_logic'0 [@inline:trivial] (self : slice UInt32.t) (ix : int) : UInt32.t = [%#sops12] Seq.get (view'1 self) ix use prelude.prelude.UInt32 - function deep_model'3 (self : uint32) : int = - [%#snum20] UInt32.to_int self + function deep_model'3 (self : UInt32.t) : int = + [%#snum20] UInt32.to_uint self - function deep_model'1 (self : slice uint32) : Seq.seq int + function deep_model'1 (self : slice UInt32.t) : Seq.seq int - axiom deep_model'1_spec : forall self : slice uint32 . ([%#sslice15] Seq.length (view'0 self) + axiom deep_model'1_spec : forall self : slice UInt32.t . ([%#sslice15] Seq.length (view'0 self) = Seq.length (deep_model'1 self)) && ([%#sslice16] forall i : int . 0 <= i /\ i < Seq.length (deep_model'1 self) -> Seq.get (deep_model'1 self) i = deep_model'3 (index_logic'0 self i)) - function deep_model'0 (self : slice uint32) : Seq.seq int = + function deep_model'0 (self : slice UInt32.t) : Seq.seq int = [%#smodel13] deep_model'1 self predicate sorted_range'0 (self : Seq.seq int) (l : int) (u : int) = @@ -97,27 +111,84 @@ module M_02_std__binary_search [#"02_std.rs" 8 0 8 40] [%#sseq14] sorted_range'0 self 0 (Seq.length self) type t_Result'0 = - | C_Ok'0 usize - | C_Err'0 usize + | C_Ok'0 UInt64.t + | C_Err'0 UInt64.t - function deep_model'2 (self : uint32) : int = + function deep_model'2 (self : UInt32.t) : int = [%#smodel13] deep_model'3 self - let rec binary_search'1 (self:slice uint32) (x:uint32) (return' (ret:t_Result'0))= {[@expl:binary_search 'self' type invariant] inv'0 self} + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 + + use prelude.prelude.UInt64 + + function cmp_log'0 (self : UInt64.t) (o : UInt64.t) : t_Ordering'0 = + [%#sord34] if UInt64.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + + function eq_cmp'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom eq_cmp'0_spec : forall x : UInt64.t, y : UInt64.t . [%#sord33] (x = y) = (cmp_log'0 x y = C_Equal'0) + + function antisym2'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom antisym2'0_spec : forall x : UInt64.t, y : UInt64.t . ([%#sord31] cmp_log'0 x y = C_Greater'0) + -> ([%#sord32] cmp_log'0 y x = C_Less'0) + + function antisym1'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom antisym1'0_spec : forall x : UInt64.t, y : UInt64.t . ([%#sord29] cmp_log'0 x y = C_Less'0) + -> ([%#sord30] cmp_log'0 y x = C_Greater'0) + + function trans'0 (x : UInt64.t) (y : UInt64.t) (z : UInt64.t) (o : t_Ordering'0) : () + + axiom trans'0_spec : forall x : UInt64.t, y : UInt64.t, z : UInt64.t, o : t_Ordering'0 . ([%#sord26] cmp_log'0 x y + = o) -> ([%#sord27] cmp_log'0 y z = o) -> ([%#sord28] cmp_log'0 x z = o) + + function refl'0 (x : UInt64.t) : () + + axiom refl'0_spec : forall x : UInt64.t . [%#sord25] cmp_log'0 x x = C_Equal'0 + + use prelude.prelude.UInt64 + + function cmp_gt_log'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom cmp_gt_log'0_spec : forall x : UInt64.t, y : UInt64.t . [%#sord24] UInt64.ugt x y + = (cmp_log'0 x y = C_Greater'0) + + use prelude.prelude.UInt64 + + function cmp_ge_log'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom cmp_ge_log'0_spec : forall x : UInt64.t, y : UInt64.t . [%#sord23] UInt64.uge x y = (cmp_log'0 x y <> C_Less'0) + + function cmp_lt_log'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom cmp_lt_log'0_spec : forall x : UInt64.t, y : UInt64.t . [%#sord22] UInt64.ult x y = (cmp_log'0 x y = C_Less'0) + + use prelude.prelude.UInt64 + + function cmp_le_log'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom cmp_le_log'0_spec : forall x : UInt64.t, y : UInt64.t . [%#sord21] UInt64.ule x y + = (cmp_log'0 x y <> C_Greater'0) + + let rec binary_search'1 (self:slice UInt32.t) (x:UInt32.t) (return' (ret:t_Result'0))= {[@expl:binary_search 'self' type invariant] inv'0 self} {[@expl:binary_search 'x' type invariant] inv'1 x} {[@expl:binary_search requires] [%#sslice4] sorted'0 (deep_model'0 self)} any - [ return' (result:t_Result'0)-> {[%#sslice5] forall i : usize . result = C_Ok'0 i - -> UIntSize.to_int i < Seq.length (view'0 self) - /\ Seq.get (deep_model'1 self) (UIntSize.to_int i) = deep_model'2 x} - {[%#sslice6] forall i : usize . result = C_Err'0 i - -> UIntSize.to_int i <= Seq.length (view'0 self) + [ return' (result:t_Result'0)-> {[%#sslice5] forall i : UInt64.t . result = C_Ok'0 i + -> UInt64.to_uint i < Seq.length (view'0 self) + /\ Seq.get (deep_model'1 self) (UInt64.to_uint i) = deep_model'2 x} + {[%#sslice6] forall i : UInt64.t . result = C_Err'0 i + -> UInt64.to_uint i <= Seq.length (view'0 self) /\ (forall j : int . 0 <= j /\ j < Seq.length (view'0 self) -> Seq.get (deep_model'0 self) j <> deep_model'2 x)} - {[%#sslice7] forall i : usize . result = C_Err'0 i - -> (forall j : usize . j < i -> Seq.get (deep_model'0 self) (UIntSize.to_int j) < deep_model'2 x)} - {[%#sslice8] forall i : usize . result = C_Err'0 i - -> (forall j : usize . i <= j /\ UIntSize.to_int j < Seq.length (view'0 self) - -> deep_model'2 x < Seq.get (deep_model'0 self) (UIntSize.to_int j))} + {[%#sslice7] forall i : UInt64.t . result = C_Err'0 i + -> (forall j : UInt64.t . UInt64.ult j i -> Seq.get (deep_model'0 self) (UInt64.to_uint j) < deep_model'2 x)} + {[%#sslice8] forall i : UInt64.t . result = C_Err'0 i + -> (forall j : UInt64.t . UInt64.ule i j /\ UInt64.to_uint j < Seq.length (view'0 self) + -> deep_model'2 x < Seq.get (deep_model'0 self) (UInt64.to_uint j))} (! return' {result}) ] @@ -125,37 +196,37 @@ module M_02_std__binary_search [#"02_std.rs" 8 0 8 40] axiom inv_axiom'2 [@rewrite] : forall x : t_Result'0 [inv'2 x] . inv'2 x = true - predicate inv'3 (_1 : usize) + predicate inv'3 (_1 : UInt64.t) - axiom inv_axiom'3 [@rewrite] : forall x : usize [inv'3 x] . inv'3 x = true + axiom inv_axiom'3 [@rewrite] : forall x : UInt64.t [inv'3 x] . inv'3 x = true - let rec unwrap'0 (self:t_Result'0) (return' (ret:usize))= {[@expl:unwrap 'self' type invariant] inv'2 self} - {[@expl:unwrap requires] [%#sresult9] exists t : usize . self = C_Ok'0 t} - any [ return' (result:usize)-> {inv'3 result} {[%#sresult10] C_Ok'0 result = self} (! return' {result}) ] + let rec unwrap'0 (self:t_Result'0) (return' (ret:UInt64.t))= {[@expl:unwrap 'self' type invariant] inv'2 self} + {[@expl:unwrap requires] [%#sresult9] exists t : UInt64.t . self = C_Ok'0 t} + any [ return' (result:UInt64.t)-> {inv'3 result} {[%#sresult10] C_Ok'0 result = self} (! return' {result}) ] meta "compute_max_steps" 1000000 - let rec binary_search'0 (s:slice uint32) (return' (ret:usize))= {[@expl:binary_search requires #0] [%#s02_std1] forall i : int . 0 + let rec binary_search'0 (s:slice UInt32.t) (return' (ret:UInt64.t))= {[@expl:binary_search requires #0] [%#s02_std1] forall i : int . 0 <= i - /\ i < Seq.length (view'0 s) -> UInt32.to_int (index_logic'0 s i) = i} + /\ i < Seq.length (view'0 s) -> UInt32.to_uint (index_logic'0 s i) = i} {[@expl:binary_search requires #1] [%#s02_std2] Seq.length (view'0 s) = 5} (! bb0 [ bb0 = s0 - [ s0 = promoted0__binary_search'0 (fun (pr0:uint32) -> [ &_12 <- pr0 ] s1) + [ s0 = promoted0__binary_search'0 (fun (pr0:UInt32.t) -> [ &_12 <- pr0 ] s1) | s1 = [ &_8 <- _12 ] s2 | s2 = binary_search'1 {s} {_8} (fun (_ret':t_Result'0) -> [ &_5 <- _ret' ] s3) | s3 = bb1 ] - | bb1 = s0 [ s0 = unwrap'0 {_5} (fun (_ret':usize) -> [ &ix <- _ret' ] s1) | s1 = bb2 ] + | bb1 = s0 [ s0 = unwrap'0 {_5} (fun (_ret':UInt64.t) -> [ &ix <- _ret' ] s1) | s1 = bb2 ] | bb2 = s0 - [ s0 = {[@expl:assertion] [%#s02_std0] UIntSize.to_int ix < 5} s1 | s1 = [ &_0 <- ix ] s2 | s2 = return' {_0} ] + [ s0 = {[@expl:assertion] [%#s02_std0] UInt64.to_uint ix < 5} s1 | s1 = [ &_0 <- ix ] s2 | s2 = return' {_0} ] ] ) - [ & _0 : usize = any_l () - | & s : slice uint32 = s - | & ix : usize = any_l () + [ & _0 : UInt64.t = any_l () + | & s : slice UInt32.t = s + | & ix : UInt64.t = any_l () | & _5 : t_Result'0 = any_l () - | & _8 : uint32 = any_l () - | & _12 : uint32 = any_l () ] - [ return' (result:usize)-> (! return' {result}) ] + | & _8 : UInt32.t = any_l () + | & _12 : UInt32.t = any_l () ] + [ return' (result:UInt64.t)-> (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/sparse_array.coma b/creusot/tests/should_succeed/sparse_array.coma index 2bd014f66d..cfee141971 100644 --- a/creusot/tests/should_succeed/sparse_array.coma +++ b/creusot/tests/should_succeed/sparse_array.coma @@ -7,8 +7,8 @@ module M_sparse_array__qyi912363311032332466__get [#"sparse_array.rs" 88 4 88 45 let%span svec5 = "../../../creusot-contracts/src/std/vec.rs" 162 27 162 46 let%span svec6 = "../../../creusot-contracts/src/std/vec.rs" 163 26 163 54 let%span smodel7 = "../../../creusot-contracts/src/model.rs" 88 8 88 22 - let%span sslice8 = "../../../creusot-contracts/src/std/slice.rs" 122 20 122 37 - let%span sslice9 = "../../../creusot-contracts/src/std/slice.rs" 129 20 129 37 + let%span sslice8 = "../../../creusot-contracts/src/std/slice.rs" 140 20 140 37 + let%span sslice9 = "../../../creusot-contracts/src/std/slice.rs" 147 20 147 37 let%span ssparse_array10 = "sparse_array.rs" 40 12 41 82 let%span svec11 = "../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 let%span sinvariant12 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 @@ -19,7 +19,9 @@ module M_sparse_array__qyi912363311032332466__get [#"sparse_array.rs" 88 4 88 45 let%span sseq17 = "../../../creusot-contracts/src/logic/seq.rs" 451 20 451 95 let%span sboxed18 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 use prelude.prelude.Opaque @@ -30,13 +32,13 @@ module M_sparse_array__qyi912363311032332466__get [#"sparse_array.rs" 88 4 88 45 { t_Unique__pointer'1: t_NonNull'1; t_Unique__qy95zmarker'1: () } type t_Cap'0 = - { t_Cap__0'0: usize } + { t_Cap__0'0: UInt64.t } type t_RawVec'1 = { t_RawVec__ptr'1: t_Unique'1; t_RawVec__cap'1: t_Cap'0; t_RawVec__alloc'1: () } type t_Vec'1 = - { t_Vec__buf'1: t_RawVec'1; t_Vec__len'1: usize } + { t_Vec__buf'1: t_RawVec'1; t_Vec__len'1: UInt64.t } type t_NonNull'0 = { t_NonNull__pointer'0: opaque_ptr } @@ -48,11 +50,11 @@ module M_sparse_array__qyi912363311032332466__get [#"sparse_array.rs" 88 4 88 45 { t_RawVec__ptr'0: t_Unique'0; t_RawVec__cap'0: t_Cap'0; t_RawVec__alloc'0: () } type t_Vec'0 = - { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: usize } + { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: UInt64.t } type t_Sparse'0 = - { t_Sparse__size'0: usize; - t_Sparse__n'0: usize; + { t_Sparse__size'0: UInt64.t; + t_Sparse__n'0: UInt64.t; t_Sparse__values'0: t_Vec'1; t_Sparse__idx'0: t_Vec'0; t_Sparse__back'0: t_Vec'0 } @@ -63,44 +65,44 @@ module M_sparse_array__qyi912363311032332466__get [#"sparse_array.rs" 88 4 88 45 axiom inv_axiom'2 [@rewrite] : forall x : t_Vec'0 [inv'2 x] . inv'2 x = true - predicate inv'3 (_1 : usize) + predicate inv'3 (_1 : UInt64.t) - axiom inv_axiom'3 [@rewrite] : forall x : usize [inv'3 x] . inv'3 x = true + axiom inv_axiom'3 [@rewrite] : forall x : UInt64.t [inv'3 x] . inv'3 x = true use seq.Seq use seq.Seq - constant v_MAX'0 : usize = (18446744073709551615 : usize) - - use prelude.prelude.UIntSize + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.Int + use prelude.prelude.UInt64 - function view'4 (self : t_Vec'0) : Seq.seq usize + function view'4 (self : t_Vec'0) : Seq.seq UInt64.t - axiom view'4_spec : forall self : t_Vec'0 . [%#svec11] Seq.length (view'4 self) <= UIntSize.to_int (v_MAX'0 : usize) + axiom view'4_spec : forall self : t_Vec'0 . [%#svec11] Seq.length (view'4 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) - function view'1 (self : t_Vec'0) : Seq.seq usize = + function view'1 (self : t_Vec'0) : Seq.seq UInt64.t = [%#smodel7] view'4 self - predicate in_bounds'0 [@inline:trivial] (self : usize) (seq : Seq.seq usize) = - [%#sslice8] UIntSize.to_int self < Seq.length seq + predicate in_bounds'0 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq UInt64.t) = + [%#sslice8] UInt64.to_uint self < Seq.length seq - predicate inv'4 (_1 : usize) + predicate inv'4 (_1 : UInt64.t) - axiom inv_axiom'4 [@rewrite] : forall x : usize [inv'4 x] . inv'4 x = true + axiom inv_axiom'4 [@rewrite] : forall x : UInt64.t [inv'4 x] . inv'4 x = true use seq.Seq - predicate has_value'0 [@inline:trivial] (self : usize) (seq : Seq.seq usize) (out : usize) = - [%#sslice9] Seq.get seq (UIntSize.to_int self) = out + predicate has_value'0 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq UInt64.t) (out : UInt64.t) = + [%#sslice9] Seq.get seq (UInt64.to_uint self) = out - let rec index'0 (self:t_Vec'0) (index:usize) (return' (ret:usize))= {[@expl:index 'self' type invariant] inv'2 self} + let rec index'0 (self:t_Vec'0) (index:UInt64.t) (return' (ret:UInt64.t))= {[@expl:index 'self' type invariant] inv'2 self} {[@expl:index 'index' type invariant] inv'3 index} {[@expl:index requires] [%#svec5] in_bounds'0 index (view'1 self)} any - [ return' (result:usize)-> {inv'4 result} {[%#svec6] has_value'0 index (view'1 self) result} (! return' {result}) ] + [ return' (result:UInt64.t)-> {inv'4 result} + {[%#svec6] has_value'0 index (view'1 self) result} + (! return' {result}) ] use seq.Seq @@ -111,7 +113,7 @@ module M_sparse_array__qyi912363311032332466__get [#"sparse_array.rs" 88 4 88 45 function view'5 (self : t_Vec'1) : Seq.seq t_T'0 - axiom view'5_spec : forall self : t_Vec'1 . [%#svec11] Seq.length (view'5 self) <= UIntSize.to_int (v_MAX'0 : usize) + axiom view'5_spec : forall self : t_Vec'1 . [%#svec11] Seq.length (view'5 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) use seq.Seq @@ -148,8 +150,8 @@ module M_sparse_array__qyi912363311032332466__get [#"sparse_array.rs" 88 4 88 45 function view'2 (self : t_Vec'1) : Seq.seq t_T'0 = [%#smodel7] view'5 self - predicate in_bounds'1 [@inline:trivial] (self : usize) (seq : Seq.seq t_T'0) = - [%#sslice8] UIntSize.to_int self < Seq.length seq + predicate in_bounds'1 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq t_T'0) = + [%#sslice8] UInt64.to_uint self < Seq.length seq predicate invariant'2 (self : t_T'0) = [%#sinvariant12] inv'9 self @@ -160,10 +162,10 @@ module M_sparse_array__qyi912363311032332466__get [#"sparse_array.rs" 88 4 88 45 use seq.Seq - predicate has_value'1 [@inline:trivial] (self : usize) (seq : Seq.seq t_T'0) (out : t_T'0) = - [%#sslice9] Seq.get seq (UIntSize.to_int self) = out + predicate has_value'1 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq t_T'0) (out : t_T'0) = + [%#sslice9] Seq.get seq (UInt64.to_uint self) = out - let rec index'1 (self:t_Vec'1) (index:usize) (return' (ret:t_T'0))= {[@expl:index 'self' type invariant] inv'5 self} + let rec index'1 (self:t_Vec'1) (index:UInt64.t) (return' (ret:t_T'0))= {[@expl:index 'self' type invariant] inv'5 self} {[@expl:index 'index' type invariant] inv'3 index} {[@expl:index requires] [%#svec5] in_bounds'1 index (view'2 self)} any @@ -176,19 +178,19 @@ module M_sparse_array__qyi912363311032332466__get [#"sparse_array.rs" 88 4 88 45 use prelude.prelude.Intrinsic - function index_logic'1 [@inline:trivial] (self : t_Vec'0) (ix : int) : usize = + function index_logic'1 [@inline:trivial] (self : t_Vec'0) (ix : int) : UInt64.t = [%#sops14] Seq.get (view'4 self) ix predicate invariant'3 [#"sparse_array.rs" 49 4 49 30] (self : t_Sparse'0) = - [%#ssparse_array15] UIntSize.to_int self.t_Sparse__n'0 <= UIntSize.to_int self.t_Sparse__size'0 - /\ Seq.length (view'5 self.t_Sparse__values'0) = UIntSize.to_int self.t_Sparse__size'0 - /\ Seq.length (view'4 self.t_Sparse__idx'0) = UIntSize.to_int self.t_Sparse__size'0 - /\ Seq.length (view'4 self.t_Sparse__back'0) = UIntSize.to_int self.t_Sparse__size'0 - /\ (forall i : int . 0 <= i /\ i < UIntSize.to_int self.t_Sparse__n'0 + [%#ssparse_array15] UInt64.to_uint self.t_Sparse__n'0 <= UInt64.to_uint self.t_Sparse__size'0 + /\ Seq.length (view'5 self.t_Sparse__values'0) = UInt64.to_uint self.t_Sparse__size'0 + /\ Seq.length (view'4 self.t_Sparse__idx'0) = UInt64.to_uint self.t_Sparse__size'0 + /\ Seq.length (view'4 self.t_Sparse__back'0) = UInt64.to_uint self.t_Sparse__size'0 + /\ (forall i : int . 0 <= i /\ i < UInt64.to_uint self.t_Sparse__n'0 -> match index_logic'1 self.t_Sparse__back'0 i with - | j -> 0 <= UIntSize.to_int j - /\ UIntSize.to_int j < UIntSize.to_int self.t_Sparse__size'0 - /\ UIntSize.to_int (index_logic'1 self.t_Sparse__idx'0 (UIntSize.to_int j)) = i + | j -> 0 <= UInt64.to_uint j + /\ UInt64.to_uint j < UInt64.to_uint self.t_Sparse__size'0 + /\ UInt64.to_uint (index_logic'1 self.t_Sparse__idx'0 (UInt64.to_uint j)) = i end) predicate inv'7 (_1 : t_Sparse'0) @@ -213,9 +215,8 @@ module M_sparse_array__qyi912363311032332466__get [#"sparse_array.rs" 88 4 88 45 use seq.Seq function is_elt'0 [#"sparse_array.rs" 71 4 71 36] (self : t_Sparse'0) (i : int) : bool = - [%#ssparse_array13] UIntSize.to_int (index_logic'1 self.t_Sparse__idx'0 i) < UIntSize.to_int self.t_Sparse__n'0 - /\ UIntSize.to_int (index_logic'1 self.t_Sparse__back'0 (UIntSize.to_int (index_logic'1 self.t_Sparse__idx'0 i))) - = i + [%#ssparse_array13] UInt64.to_uint (index_logic'1 self.t_Sparse__idx'0 i) < UInt64.to_uint self.t_Sparse__n'0 + /\ UInt64.to_uint (index_logic'1 self.t_Sparse__back'0 (UInt64.to_uint (index_logic'1 self.t_Sparse__idx'0 i))) = i function index_logic'0 [@inline:trivial] (self : t_Vec'1) (ix : int) : t_T'0 = [%#sops14] Seq.get (view'5 self) ix @@ -225,7 +226,7 @@ module M_sparse_array__qyi912363311032332466__get [#"sparse_array.rs" 88 4 88 45 use seq.Seq function view'3 [#"sparse_array.rs" 38 4 38 33] (self : t_Sparse'0) : Seq.seq (t_Option'1) = - [%#ssparse_array10] Seq.create (UIntSize.to_int self.t_Sparse__size'0) (Mapping.from_fn (fun (i : int) -> if is_elt'0 self i then + [%#ssparse_array10] Seq.create (UInt64.to_uint self.t_Sparse__size'0) (Mapping.from_fn (fun (i : int) -> if is_elt'0 self i then C_Some'1 (index_logic'0 self.t_Sparse__values'0 i) else C_None'1 @@ -248,18 +249,20 @@ module M_sparse_array__qyi912363311032332466__get [#"sparse_array.rs" 88 4 88 45 meta "compute_max_steps" 1000000 - let rec get'0 (self:t_Sparse'0) (i:usize) (return' (ret:t_Option'0))= {[@expl:get 'self' type invariant] [%#ssparse_array0] inv'0 self} - {[@expl:get requires] [%#ssparse_array1] UIntSize.to_int i < Seq.length (view'0 self)} + let rec get'0 (self:t_Sparse'0) (i:UInt64.t) (return' (ret:t_Option'0))= {[@expl:get 'self' type invariant] [%#ssparse_array0] inv'0 self} + {[@expl:get requires] [%#ssparse_array1] UInt64.to_uint i < Seq.length (view'0 self)} (! bb0 - [ bb0 = s0 [ s0 = index'0 {self.t_Sparse__idx'0} {i} (fun (_ret':usize) -> [ &_7 <- _ret' ] s1) | s1 = bb1 ] + [ bb0 = s0 [ s0 = index'0 {self.t_Sparse__idx'0} {i} (fun (_ret':UInt64.t) -> [ &_7 <- _ret' ] s1) | s1 = bb1 ] | bb1 = s0 [ s0 = [ &index <- _7 ] s1 - | s1 = UIntSize.lt {index} {self.t_Sparse__n'0} (fun (_ret':bool) -> [ &_10 <- _ret' ] s2) + | s1 = UInt64.lt {index} {self.t_Sparse__n'0} (fun (_ret':bool) -> [ &_10 <- _ret' ] s2) | s2 = any [ br0 -> {_10 = false} (! bb7) | br1 -> {_10} (! bb2) ] ] - | bb2 = s0 [ s0 = index'0 {self.t_Sparse__back'0} {index} (fun (_ret':usize) -> [ &_15 <- _ret' ] s1) | s1 = bb3 ] + | bb2 = s0 + [ s0 = index'0 {self.t_Sparse__back'0} {index} (fun (_ret':UInt64.t) -> [ &_15 <- _ret' ] s1) | s1 = bb3 ] + | bb3 = s0 - [ s0 = UIntSize.eq {_15} {i} (fun (_ret':bool) -> [ &_13 <- _ret' ] s1) + [ s0 = UInt64.eq {_15} {i} (fun (_ret':bool) -> [ &_13 <- _ret' ] s1) | s1 = any [ br0 -> {_13 = false} (! bb6) | br1 -> {_13} (! bb4) ] ] | bb4 = s0 [ s0 = index'1 {self.t_Sparse__values'0} {i} (fun (_ret':t_T'0) -> [ &_21 <- _ret' ] s1) | s1 = bb5 ] @@ -271,21 +274,21 @@ module M_sparse_array__qyi912363311032332466__get [#"sparse_array.rs" 88 4 88 45 ) [ & _0 : t_Option'0 = any_l () | & self : t_Sparse'0 = self - | & i : usize = i - | & index : usize = any_l () - | & _7 : usize = any_l () + | & i : UInt64.t = i + | & index : UInt64.t = any_l () + | & _7 : UInt64.t = any_l () | & _10 : bool = any_l () | & _13 : bool = any_l () - | & _15 : usize = any_l () + | & _15 : UInt64.t = any_l () | & _20 : t_T'0 = any_l () | & _21 : t_T'0 = any_l () ] [ return' (result:t_Option'0)-> {[@expl:get result type invariant] [%#ssparse_array2] inv'1 result} {[@expl:get ensures #0] [%#ssparse_array3] match result with - | C_None'0 -> Seq.get (view'0 self) (UIntSize.to_int i) = C_None'1 - | C_Some'0 x -> Seq.get (view'0 self) (UIntSize.to_int i) = C_Some'1 x + | C_None'0 -> Seq.get (view'0 self) (UInt64.to_uint i) = C_None'1 + | C_Some'0 x -> Seq.get (view'0 self) (UInt64.to_uint i) = C_Some'1 x end} - {[@expl:get ensures #1] [%#ssparse_array4] match Seq.get (view'0 self) (UIntSize.to_int i) with + {[@expl:get ensures #1] [%#ssparse_array4] match Seq.get (view'0 self) (UInt64.to_uint i) with | C_None'1 -> result = C_None'0 | C_Some'1 _ -> true end} @@ -306,7 +309,9 @@ module M_sparse_array__qyi912363311032332466__lemma_permutation [#"sparse_array. let%span sseq10 = "../../../creusot-contracts/src/logic/seq.rs" 451 20 451 95 let%span sboxed11 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 use prelude.prelude.Opaque @@ -317,13 +322,13 @@ module M_sparse_array__qyi912363311032332466__lemma_permutation [#"sparse_array. { t_Unique__pointer'0: t_NonNull'0; t_Unique__qy95zmarker'0: () } type t_Cap'0 = - { t_Cap__0'0: usize } + { t_Cap__0'0: UInt64.t } type t_RawVec'0 = { t_RawVec__ptr'0: t_Unique'0; t_RawVec__cap'0: t_Cap'0; t_RawVec__alloc'0: () } type t_Vec'0 = - { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: usize } + { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: UInt64.t } type t_NonNull'1 = { t_NonNull__pointer'1: opaque_ptr } @@ -335,22 +340,20 @@ module M_sparse_array__qyi912363311032332466__lemma_permutation [#"sparse_array. { t_RawVec__ptr'1: t_Unique'1; t_RawVec__cap'1: t_Cap'0; t_RawVec__alloc'1: () } type t_Vec'1 = - { t_Vec__buf'1: t_RawVec'1; t_Vec__len'1: usize } + { t_Vec__buf'1: t_RawVec'1; t_Vec__len'1: UInt64.t } type t_Sparse'0 = - { t_Sparse__size'0: usize; - t_Sparse__n'0: usize; + { t_Sparse__size'0: UInt64.t; + t_Sparse__n'0: UInt64.t; t_Sparse__values'0: t_Vec'0; t_Sparse__idx'0: t_Vec'1; t_Sparse__back'0: t_Vec'1 } - use prelude.prelude.UIntSize - - use prelude.prelude.Int + use prelude.prelude.UInt64 use seq.Seq - constant v_MAX'0 : usize = (18446744073709551615 : usize) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) type t_T'0 @@ -358,31 +361,31 @@ module M_sparse_array__qyi912363311032332466__lemma_permutation [#"sparse_array. function view'1 (self : t_Vec'0) : Seq.seq t_T'0 - axiom view'1_spec : forall self : t_Vec'0 . [%#svec8] Seq.length (view'1 self) <= UIntSize.to_int (v_MAX'0 : usize) + axiom view'1_spec : forall self : t_Vec'0 . [%#svec8] Seq.length (view'1 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) use seq.Seq use seq.Seq - function view'0 (self : t_Vec'1) : Seq.seq usize + function view'0 (self : t_Vec'1) : Seq.seq UInt64.t - axiom view'0_spec : forall self : t_Vec'1 . [%#svec8] Seq.length (view'0 self) <= UIntSize.to_int (v_MAX'0 : usize) + axiom view'0_spec : forall self : t_Vec'1 . [%#svec8] Seq.length (view'0 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) use seq.Seq - function index_logic'0 [@inline:trivial] (self : t_Vec'1) (ix : int) : usize = + function index_logic'0 [@inline:trivial] (self : t_Vec'1) (ix : int) : UInt64.t = [%#sops6] Seq.get (view'0 self) ix predicate invariant'0 [#"sparse_array.rs" 49 4 49 30] (self : t_Sparse'0) = - [%#ssparse_array7] UIntSize.to_int self.t_Sparse__n'0 <= UIntSize.to_int self.t_Sparse__size'0 - /\ Seq.length (view'1 self.t_Sparse__values'0) = UIntSize.to_int self.t_Sparse__size'0 - /\ Seq.length (view'0 self.t_Sparse__idx'0) = UIntSize.to_int self.t_Sparse__size'0 - /\ Seq.length (view'0 self.t_Sparse__back'0) = UIntSize.to_int self.t_Sparse__size'0 - /\ (forall i : int . 0 <= i /\ i < UIntSize.to_int self.t_Sparse__n'0 + [%#ssparse_array7] UInt64.to_uint self.t_Sparse__n'0 <= UInt64.to_uint self.t_Sparse__size'0 + /\ Seq.length (view'1 self.t_Sparse__values'0) = UInt64.to_uint self.t_Sparse__size'0 + /\ Seq.length (view'0 self.t_Sparse__idx'0) = UInt64.to_uint self.t_Sparse__size'0 + /\ Seq.length (view'0 self.t_Sparse__back'0) = UInt64.to_uint self.t_Sparse__size'0 + /\ (forall i : int . 0 <= i /\ i < UInt64.to_uint self.t_Sparse__n'0 -> match index_logic'0 self.t_Sparse__back'0 i with - | j -> 0 <= UIntSize.to_int j - /\ UIntSize.to_int j < UIntSize.to_int self.t_Sparse__size'0 - /\ UIntSize.to_int (index_logic'0 self.t_Sparse__idx'0 (UIntSize.to_int j)) = i + | j -> 0 <= UInt64.to_uint j + /\ UInt64.to_uint j < UInt64.to_uint self.t_Sparse__size'0 + /\ UInt64.to_uint (index_logic'0 self.t_Sparse__idx'0 (UInt64.to_uint j)) = i end) use seq.Seq @@ -421,9 +424,8 @@ module M_sparse_array__qyi912363311032332466__lemma_permutation [#"sparse_array. use prelude.prelude.Borrow function is_elt'0 [#"sparse_array.rs" 71 4 71 36] (self : t_Sparse'0) (i : int) : bool = - [%#ssparse_array5] UIntSize.to_int (index_logic'0 self.t_Sparse__idx'0 i) < UIntSize.to_int self.t_Sparse__n'0 - /\ UIntSize.to_int (index_logic'0 self.t_Sparse__back'0 (UIntSize.to_int (index_logic'0 self.t_Sparse__idx'0 i))) - = i + [%#ssparse_array5] UInt64.to_uint (index_logic'0 self.t_Sparse__idx'0 i) < UInt64.to_uint self.t_Sparse__n'0 + /\ UInt64.to_uint (index_logic'0 self.t_Sparse__back'0 (UInt64.to_uint (index_logic'0 self.t_Sparse__idx'0 i))) = i constant self : t_Sparse'0 @@ -431,7 +433,7 @@ module M_sparse_array__qyi912363311032332466__lemma_permutation [#"sparse_array. function lemma_permutation'0 [#"sparse_array.rs" 104 4 104 38] (self : t_Sparse'0) (i : int) : () - goal vc_lemma_permutation'0 : ([%#ssparse_array2] 0 <= i /\ i < UIntSize.to_int self.t_Sparse__size'0) + goal vc_lemma_permutation'0 : ([%#ssparse_array2] 0 <= i /\ i < UInt64.to_uint self.t_Sparse__size'0) -> ([%#ssparse_array1] self.t_Sparse__n'0 = self.t_Sparse__size'0) -> ([%#ssparse_array0] inv'0 self) -> ([%#ssparse_array3] is_elt'0 self i) end @@ -459,10 +461,10 @@ module M_sparse_array__qyi912363311032332466__set [#"sparse_array.rs" 112 4 112 let%span ssparse_array20 = "sparse_array.rs" 99 4 99 12 let%span smodel21 = "../../../creusot-contracts/src/model.rs" 106 8 106 22 let%span ssparse_array22 = "sparse_array.rs" 40 12 41 82 - let%span sslice23 = "../../../creusot-contracts/src/std/slice.rs" 122 20 122 37 - let%span sslice24 = "../../../creusot-contracts/src/std/slice.rs" 129 20 129 37 + let%span sslice23 = "../../../creusot-contracts/src/std/slice.rs" 140 20 140 37 + let%span sslice24 = "../../../creusot-contracts/src/std/slice.rs" 147 20 147 37 let%span svec25 = "../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - let%span sslice26 = "../../../creusot-contracts/src/std/slice.rs" 136 20 136 94 + let%span sslice26 = "../../../creusot-contracts/src/std/slice.rs" 154 20 154 94 let%span sresolve27 = "../../../creusot-contracts/src/resolve.rs" 54 20 54 34 let%span smodel28 = "../../../creusot-contracts/src/model.rs" 88 8 88 22 let%span ssparse_array29 = "sparse_array.rs" 72 20 73 52 @@ -483,24 +485,24 @@ module M_sparse_array__qyi912363311032332466__set [#"sparse_array.rs" 112 4 112 type t_Unique'0 = { t_Unique__pointer'0: t_NonNull'0; t_Unique__qy95zmarker'0: () } - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 type t_Cap'0 = - { t_Cap__0'0: usize } + { t_Cap__0'0: UInt64.t } type t_RawVec'0 = { t_RawVec__ptr'0: t_Unique'0; t_RawVec__cap'0: t_Cap'0; t_RawVec__alloc'0: () } type t_Vec'0 = - { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: usize } + { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: UInt64.t } use seq.Seq - constant v_MAX'0 : usize = (18446744073709551615 : usize) - - use prelude.prelude.UIntSize + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.Int + use prelude.prelude.UInt64 type t_T'0 @@ -508,7 +510,7 @@ module M_sparse_array__qyi912363311032332466__set [#"sparse_array.rs" 112 4 112 function view'3 (self : t_Vec'0) : Seq.seq t_T'0 - axiom view'3_spec : forall self : t_Vec'0 . [%#svec25] Seq.length (view'3 self) <= UIntSize.to_int (v_MAX'0 : usize) + axiom view'3_spec : forall self : t_Vec'0 . [%#svec25] Seq.length (view'3 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) use seq.Seq @@ -545,11 +547,11 @@ module M_sparse_array__qyi912363311032332466__set [#"sparse_array.rs" 112 4 112 { t_RawVec__ptr'1: t_Unique'1; t_RawVec__cap'1: t_Cap'0; t_RawVec__alloc'1: () } type t_Vec'1 = - { t_Vec__buf'1: t_RawVec'1; t_Vec__len'1: usize } + { t_Vec__buf'1: t_RawVec'1; t_Vec__len'1: UInt64.t } type t_Sparse'0 = - { t_Sparse__size'0: usize; - t_Sparse__n'0: usize; + { t_Sparse__size'0: UInt64.t; + t_Sparse__n'0: UInt64.t; t_Sparse__values'0: t_Vec'0; t_Sparse__idx'0: t_Vec'1; t_Sparse__back'0: t_Vec'1 } @@ -561,15 +563,15 @@ module M_sparse_array__qyi912363311032332466__set [#"sparse_array.rs" 112 4 112 axiom inv_axiom'3 [@rewrite] : forall x : borrowed (t_Vec'0) [inv'4 x] . inv'4 x = invariant'3 x - predicate inv'5 (_1 : usize) + predicate inv'5 (_1 : UInt64.t) - axiom inv_axiom'4 [@rewrite] : forall x : usize [inv'5 x] . inv'5 x = true + axiom inv_axiom'4 [@rewrite] : forall x : UInt64.t [inv'5 x] . inv'5 x = true function view'2 (self : borrowed (t_Vec'0)) : Seq.seq t_T'0 = [%#smodel21] view'3 self.current - predicate in_bounds'0 [@inline:trivial] (self : usize) (seq : Seq.seq t_T'0) = - [%#sslice23] UIntSize.to_int self < Seq.length seq + predicate in_bounds'0 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq t_T'0) = + [%#sslice23] UInt64.to_uint self < Seq.length seq predicate invariant'1 (self : borrowed t_T'0) = [%#sinvariant32] inv'1 self.current /\ inv'1 self.final @@ -580,14 +582,14 @@ module M_sparse_array__qyi912363311032332466__set [#"sparse_array.rs" 112 4 112 use seq.Seq - predicate has_value'0 [@inline:trivial] (self : usize) (seq : Seq.seq t_T'0) (out : t_T'0) = - [%#sslice24] Seq.get seq (UIntSize.to_int self) = out + predicate has_value'0 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq t_T'0) (out : t_T'0) = + [%#sslice24] Seq.get seq (UInt64.to_uint self) = out - predicate resolve_elswhere'0 [@inline:trivial] (self : usize) (old' : Seq.seq t_T'0) (fin : Seq.seq t_T'0) = - [%#sslice26] forall i : int . 0 <= i /\ i <> UIntSize.to_int self /\ i < Seq.length old' + predicate resolve_elswhere'0 [@inline:trivial] (self : UInt64.t) (old' : Seq.seq t_T'0) (fin : Seq.seq t_T'0) = + [%#sslice26] forall i : int . 0 <= i /\ i <> UInt64.to_uint self /\ i < Seq.length old' -> Seq.get old' i = Seq.get fin i - let rec index_mut'0 (self:borrowed (t_Vec'0)) (index:usize) (return' (ret:borrowed t_T'0))= {[@expl:index_mut 'self' type invariant] inv'4 self} + let rec index_mut'0 (self:borrowed (t_Vec'0)) (index:UInt64.t) (return' (ret:borrowed t_T'0))= {[@expl:index_mut 'self' type invariant] inv'4 self} {[@expl:index_mut 'index' type invariant] inv'5 index} {[@expl:index_mut requires] [%#svec9] in_bounds'0 index (view'2 self)} any @@ -615,45 +617,47 @@ module M_sparse_array__qyi912363311032332466__set [#"sparse_array.rs" 112 4 112 use seq.Seq - function view'6 (self : t_Vec'1) : Seq.seq usize + function view'6 (self : t_Vec'1) : Seq.seq UInt64.t - axiom view'6_spec : forall self : t_Vec'1 . [%#svec25] Seq.length (view'6 self) <= UIntSize.to_int (v_MAX'0 : usize) + axiom view'6_spec : forall self : t_Vec'1 . [%#svec25] Seq.length (view'6 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) - function view'4 (self : t_Vec'1) : Seq.seq usize = + function view'4 (self : t_Vec'1) : Seq.seq UInt64.t = [%#smodel28] view'6 self - predicate in_bounds'1 [@inline:trivial] (self : usize) (seq : Seq.seq usize) = - [%#sslice23] UIntSize.to_int self < Seq.length seq + predicate in_bounds'1 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq UInt64.t) = + [%#sslice23] UInt64.to_uint self < Seq.length seq - predicate inv'7 (_1 : usize) + predicate inv'7 (_1 : UInt64.t) - axiom inv_axiom'6 [@rewrite] : forall x : usize [inv'7 x] . inv'7 x = true + axiom inv_axiom'6 [@rewrite] : forall x : UInt64.t [inv'7 x] . inv'7 x = true use seq.Seq - predicate has_value'1 [@inline:trivial] (self : usize) (seq : Seq.seq usize) (out : usize) = - [%#sslice24] Seq.get seq (UIntSize.to_int self) = out + predicate has_value'1 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq UInt64.t) (out : UInt64.t) = + [%#sslice24] Seq.get seq (UInt64.to_uint self) = out - let rec index'0 (self:t_Vec'1) (index:usize) (return' (ret:usize))= {[@expl:index 'self' type invariant] inv'6 self} + let rec index'0 (self:t_Vec'1) (index:UInt64.t) (return' (ret:UInt64.t))= {[@expl:index 'self' type invariant] inv'6 self} {[@expl:index 'index' type invariant] inv'5 index} {[@expl:index requires] [%#svec14] in_bounds'1 index (view'4 self)} any - [ return' (result:usize)-> {inv'7 result} {[%#svec15] has_value'1 index (view'4 self) result} (! return' {result}) ] + [ return' (result:UInt64.t)-> {inv'7 result} + {[%#svec15] has_value'1 index (view'4 self) result} + (! return' {result}) ] - function index_logic'1 [@inline:trivial] (self : t_Vec'1) (ix : int) : usize = + function index_logic'1 [@inline:trivial] (self : t_Vec'1) (ix : int) : UInt64.t = [%#sops30] Seq.get (view'6 self) ix predicate invariant'4 [#"sparse_array.rs" 49 4 49 30] (self : t_Sparse'0) = - [%#ssparse_array33] UIntSize.to_int self.t_Sparse__n'0 <= UIntSize.to_int self.t_Sparse__size'0 - /\ Seq.length (view'3 self.t_Sparse__values'0) = UIntSize.to_int self.t_Sparse__size'0 - /\ Seq.length (view'6 self.t_Sparse__idx'0) = UIntSize.to_int self.t_Sparse__size'0 - /\ Seq.length (view'6 self.t_Sparse__back'0) = UIntSize.to_int self.t_Sparse__size'0 - /\ (forall i : int . 0 <= i /\ i < UIntSize.to_int self.t_Sparse__n'0 + [%#ssparse_array33] UInt64.to_uint self.t_Sparse__n'0 <= UInt64.to_uint self.t_Sparse__size'0 + /\ Seq.length (view'3 self.t_Sparse__values'0) = UInt64.to_uint self.t_Sparse__size'0 + /\ Seq.length (view'6 self.t_Sparse__idx'0) = UInt64.to_uint self.t_Sparse__size'0 + /\ Seq.length (view'6 self.t_Sparse__back'0) = UInt64.to_uint self.t_Sparse__size'0 + /\ (forall i : int . 0 <= i /\ i < UInt64.to_uint self.t_Sparse__n'0 -> match index_logic'1 self.t_Sparse__back'0 i with - | j -> 0 <= UIntSize.to_int j - /\ UIntSize.to_int j < UIntSize.to_int self.t_Sparse__size'0 - /\ UIntSize.to_int (index_logic'1 self.t_Sparse__idx'0 (UIntSize.to_int j)) = i + | j -> 0 <= UInt64.to_uint j + /\ UInt64.to_uint j < UInt64.to_uint self.t_Sparse__size'0 + /\ UInt64.to_uint (index_logic'1 self.t_Sparse__idx'0 (UInt64.to_uint j)) = i end) predicate inv'8 (_1 : t_Sparse'0) @@ -678,17 +682,15 @@ module M_sparse_array__qyi912363311032332466__set [#"sparse_array.rs" 112 4 112 resolve'5 _1 function is_elt'0 [#"sparse_array.rs" 71 4 71 36] (self : t_Sparse'0) (i : int) : bool = - [%#ssparse_array29] UIntSize.to_int (index_logic'1 self.t_Sparse__idx'0 i) < UIntSize.to_int self.t_Sparse__n'0 - /\ UIntSize.to_int (index_logic'1 self.t_Sparse__back'0 (UIntSize.to_int (index_logic'1 self.t_Sparse__idx'0 i))) - = i + [%#ssparse_array29] UInt64.to_uint (index_logic'1 self.t_Sparse__idx'0 i) < UInt64.to_uint self.t_Sparse__n'0 + /\ UInt64.to_uint (index_logic'1 self.t_Sparse__back'0 (UInt64.to_uint (index_logic'1 self.t_Sparse__idx'0 i))) = i function lemma_permutation'0 [#"sparse_array.rs" 104 4 104 38] (self : t_Sparse'0) (i : int) : () = [%#ssparse_array20] () axiom lemma_permutation'0_spec : forall self : t_Sparse'0, i : int . ([%#ssparse_array16] inv'8 self) -> ([%#ssparse_array17] self.t_Sparse__n'0 = self.t_Sparse__size'0) - -> ([%#ssparse_array18] 0 <= i /\ i < UIntSize.to_int self.t_Sparse__size'0) - -> ([%#ssparse_array19] is_elt'0 self i) + -> ([%#ssparse_array18] 0 <= i /\ i < UInt64.to_uint self.t_Sparse__size'0) -> ([%#ssparse_array19] is_elt'0 self i) use prelude.prelude.Snapshot @@ -696,22 +698,22 @@ module M_sparse_array__qyi912363311032332466__set [#"sparse_array.rs" 112 4 112 axiom inv_axiom'8 [@rewrite] : forall x : borrowed (t_Vec'1) [inv'9 x] . inv'9 x = true - function view'5 (self : borrowed (t_Vec'1)) : Seq.seq usize = + function view'5 (self : borrowed (t_Vec'1)) : Seq.seq UInt64.t = [%#smodel21] view'6 self.current - predicate inv'10 (_1 : borrowed usize) + predicate inv'10 (_1 : borrowed UInt64.t) - axiom inv_axiom'9 [@rewrite] : forall x : borrowed usize [inv'10 x] . inv'10 x = true + axiom inv_axiom'9 [@rewrite] : forall x : borrowed UInt64.t [inv'10 x] . inv'10 x = true - predicate resolve_elswhere'1 [@inline:trivial] (self : usize) (old' : Seq.seq usize) (fin : Seq.seq usize) = - [%#sslice26] forall i : int . 0 <= i /\ i <> UIntSize.to_int self /\ i < Seq.length old' + predicate resolve_elswhere'1 [@inline:trivial] (self : UInt64.t) (old' : Seq.seq UInt64.t) (fin : Seq.seq UInt64.t) = + [%#sslice26] forall i : int . 0 <= i /\ i <> UInt64.to_uint self /\ i < Seq.length old' -> Seq.get old' i = Seq.get fin i - let rec index_mut'1 (self:borrowed (t_Vec'1)) (index:usize) (return' (ret:borrowed usize))= {[@expl:index_mut 'self' type invariant] inv'9 self} + let rec index_mut'1 (self:borrowed (t_Vec'1)) (index:UInt64.t) (return' (ret:borrowed UInt64.t))= {[@expl:index_mut 'self' type invariant] inv'9 self} {[@expl:index_mut 'index' type invariant] inv'5 index} {[@expl:index_mut requires] [%#svec9] in_bounds'1 index (view'5 self)} any - [ return' (result:borrowed usize)-> {inv'10 result} + [ return' (result:borrowed UInt64.t)-> {inv'10 result} {[%#svec10] has_value'1 index (view'5 self) result.current} {[%#svec11] has_value'1 index (view'6 self.final) result.final} {[%#svec12] resolve_elswhere'1 index (view'5 self) (view'6 self.final)} @@ -719,10 +721,10 @@ module M_sparse_array__qyi912363311032332466__set [#"sparse_array.rs" 112 4 112 (! return' {result}) ] - predicate resolve'6 (self : borrowed usize) = + predicate resolve'6 (self : borrowed UInt64.t) = [%#sresolve27] self.final = self.current - predicate resolve'3 (_1 : borrowed usize) = + predicate resolve'3 (_1 : borrowed UInt64.t) = resolve'6 _1 use prelude.prelude.Intrinsic @@ -743,7 +745,7 @@ module M_sparse_array__qyi912363311032332466__set [#"sparse_array.rs" 112 4 112 use seq.Seq function view'1 [#"sparse_array.rs" 38 4 38 33] (self : t_Sparse'0) : Seq.seq (t_Option'0) = - [%#ssparse_array22] Seq.create (UIntSize.to_int self.t_Sparse__size'0) (Mapping.from_fn (fun (i : int) -> if is_elt'0 self i then + [%#ssparse_array22] Seq.create (UInt64.to_uint self.t_Sparse__size'0) (Mapping.from_fn (fun (i : int) -> if is_elt'0 self i then C_Some'0 (index_logic'0 self.t_Sparse__values'0 i) else C_None'0 @@ -758,9 +760,9 @@ module M_sparse_array__qyi912363311032332466__set [#"sparse_array.rs" 112 4 112 meta "compute_max_steps" 1000000 - let rec set'0 (self:borrowed (t_Sparse'0)) (i:usize) (v:t_T'0) (return' (ret:()))= {[@expl:set 'self' type invariant] [%#ssparse_array3] inv'3 self} + let rec set'0 (self:borrowed (t_Sparse'0)) (i:UInt64.t) (v:t_T'0) (return' (ret:()))= {[@expl:set 'self' type invariant] [%#ssparse_array3] inv'3 self} {[@expl:set 'v' type invariant] [%#ssparse_array4] inv'1 v} - {[@expl:set requires] [%#ssparse_array5] UIntSize.to_int i < Seq.length (view'0 self)} + {[@expl:set requires] [%#ssparse_array5] UInt64.to_uint i < Seq.length (view'0 self)} (! bb0 [ bb0 = bb1 | bb1 = s0 @@ -792,18 +794,19 @@ module M_sparse_array__qyi912363311032332466__set [#"sparse_array.rs" 112 4 112 | s5 = bb5 ] | bb5 = s0 - [ s0 = index'0 {(self.current).t_Sparse__idx'0} {i} (fun (_ret':usize) -> [ &_13 <- _ret' ] s1) | s1 = bb6 ] + [ s0 = index'0 {(self.current).t_Sparse__idx'0} {i} (fun (_ret':UInt64.t) -> [ &_13 <- _ret' ] s1) | s1 = bb6 ] | bb6 = s0 [ s0 = [ &index <- _13 ] s1 - | s1 = UIntSize.lt {index} {(self.current).t_Sparse__n'0} (fun (_ret':bool) -> [ &_16 <- _ret' ] s2) + | s1 = UInt64.lt {index} {(self.current).t_Sparse__n'0} (fun (_ret':bool) -> [ &_16 <- _ret' ] s2) | s2 = any [ br0 -> {_16 = false} (! bb11) | br1 -> {_16} (! bb7) ] ] | bb7 = s0 - [ s0 = index'0 {(self.current).t_Sparse__back'0} {index} (fun (_ret':usize) -> [ &_21 <- _ret' ] s1) | s1 = bb8 ] + [ s0 = index'0 {(self.current).t_Sparse__back'0} {index} (fun (_ret':UInt64.t) -> [ &_21 <- _ret' ] s1) + | s1 = bb8 ] | bb8 = s0 - [ s0 = UIntSize.eq {_21} {i} (fun (_ret':bool) -> [ &_19 <- _ret' ] s1) + [ s0 = UInt64.eq {_21} {i} (fun (_ret':bool) -> [ &_19 <- _ret' ] s1) | s1 = any [ br0 -> {_19 = false} (! bb10) | br1 -> {_19} (! bb9) ] ] | bb9 = s0 [ s0 = {[@expl:type invariant] inv'3 self} s1 | s1 = -{resolve'2 self}- s2 | s2 = bb16 ] @@ -811,15 +814,15 @@ module M_sparse_array__qyi912363311032332466__set [#"sparse_array.rs" 112 4 112 | bb11 = bb12 | bb12 = s0 [ s0 = [ &_25 <- [%#ssparse_array0] Snapshot.new () ] s1 | s1 = bb13 ] | bb13 = s0 - [ s0 = {[@expl:assertion] [%#ssparse_array1] UIntSize.to_int (self.current).t_Sparse__n'0 - < UIntSize.to_int (self.current).t_Sparse__size'0} + [ s0 = {[@expl:assertion] [%#ssparse_array1] UInt64.to_uint (self.current).t_Sparse__n'0 + < UInt64.to_uint (self.current).t_Sparse__size'0} s1 | s1 = Borrow.borrow_final {(self.current).t_Sparse__idx'0} {Borrow.inherit_id (Borrow.get_id self) 4} (fun (_ret':borrowed (t_Vec'1)) -> [ &_31 <- _ret' ] [ &self <- { self with current = { self.current with t_Sparse__idx'0 = _ret'.final } } ] s2) - | s2 = index_mut'1 {_31} {i} (fun (_ret':borrowed usize) -> [ &_30 <- _ret' ] s3) + | s2 = index_mut'1 {_31} {i} (fun (_ret':borrowed UInt64.t) -> [ &_30 <- _ret' ] s3) | s3 = bb14 ] | bb14 = s0 @@ -830,14 +833,14 @@ module M_sparse_array__qyi912363311032332466__set [#"sparse_array.rs" 112 4 112 [ &_35 <- _ret' ] [ &self <- { self with current = { self.current with t_Sparse__back'0 = _ret'.final } } ] s3) - | s3 = index_mut'1 {_35} {(self.current).t_Sparse__n'0} (fun (_ret':borrowed usize) -> [ &_34 <- _ret' ] s4) + | s3 = index_mut'1 {_35} {(self.current).t_Sparse__n'0} (fun (_ret':borrowed UInt64.t) -> [ &_34 <- _ret' ] s4) | s4 = bb15 ] | bb15 = s0 [ s0 = [ &_34 <- { _34 with current = i } ] s1 | s1 = -{resolve'3 _34}- s2 - | s2 = UIntSize.add {(self.current).t_Sparse__n'0} {[%#ssparse_array2] (1 : usize)} - (fun (_ret':usize) -> [ &self <- { self with current = { self.current with t_Sparse__n'0 = _ret' } } ] s3) + | s2 = UInt64.add {(self.current).t_Sparse__n'0} {[%#ssparse_array2] (1 : UInt64.t)} + (fun (_ret':UInt64.t) -> [ &self <- { self with current = { self.current with t_Sparse__n'0 = _ret' } } ] s3) | s3 = {[@expl:type invariant] inv'3 self} s4 | s4 = -{resolve'2 self}- s5 | s5 = bb16 ] @@ -847,27 +850,27 @@ module M_sparse_array__qyi912363311032332466__set [#"sparse_array.rs" 112 4 112 ) [ & _0 : () = any_l () | & self : borrowed (t_Sparse'0) = self - | & i : usize = i + | & i : UInt64.t = i | & v : t_T'0 = v | & _9 : borrowed t_T'0 = any_l () | & _10 : borrowed (t_Vec'0) = any_l () - | & index : usize = any_l () - | & _13 : usize = any_l () + | & index : UInt64.t = any_l () + | & _13 : UInt64.t = any_l () | & _16 : bool = any_l () | & _19 : bool = any_l () - | & _21 : usize = any_l () + | & _21 : UInt64.t = any_l () | & _25 : Snapshot.snap_ty () = any_l () - | & _30 : borrowed usize = any_l () + | & _30 : borrowed UInt64.t = any_l () | & _31 : borrowed (t_Vec'1) = any_l () - | & _34 : borrowed usize = any_l () + | & _34 : borrowed UInt64.t = any_l () | & _35 : borrowed (t_Vec'1) = any_l () ] [ return' (result:())-> {[@expl:set ensures #0] [%#ssparse_array6] Seq.length (view'1 self.final) = Seq.length (view'0 self)} {[@expl:set ensures #1] [%#ssparse_array7] forall j : int . 0 <= j - /\ j < Seq.length (view'0 self) /\ j <> UIntSize.to_int i + /\ j < Seq.length (view'0 self) /\ j <> UInt64.to_uint i -> Seq.get (view'1 self.final) j = Seq.get (view'0 self) j} - {[@expl:set ensures #2] [%#ssparse_array8] Seq.get (view'1 self.final) (UIntSize.to_int i) = C_Some'0 v} + {[@expl:set ensures #2] [%#ssparse_array8] Seq.get (view'1 self.final) (UInt64.to_uint i) = C_Some'0 v} (! return' {result}) ] end @@ -902,30 +905,30 @@ module M_sparse_array__create [#"sparse_array.rs" 134 0 134 64] type t_Unique'0 = { t_Unique__pointer'0: t_NonNull'0; t_Unique__qy95zmarker'0: () } - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 type t_Cap'0 = - { t_Cap__0'0: usize } + { t_Cap__0'0: UInt64.t } type t_RawVec'0 = { t_RawVec__ptr'0: t_Unique'0; t_RawVec__cap'0: t_Cap'0; t_RawVec__alloc'0: () } type t_Vec'0 = - { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: usize } + { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: UInt64.t } use seq.Seq - constant v_MAX'0 : usize = (18446744073709551615 : usize) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.UIntSize - - use prelude.prelude.Int + use prelude.prelude.UInt64 use seq.Seq function view'1 (self : t_Vec'0) : Seq.seq t_T'0 - axiom view'1_spec : forall self : t_Vec'0 . [%#svec10] Seq.length (view'1 self) <= UIntSize.to_int (v_MAX'0 : usize) + axiom view'1_spec : forall self : t_Vec'0 . [%#svec10] Seq.length (view'1 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) use seq.Seq @@ -955,17 +958,17 @@ module M_sparse_array__create [#"sparse_array.rs" 134 0 134 64] function index_logic'0 [@inline:trivial] (self : t_Vec'0) (ix : int) : t_T'0 = [%#sops11] Seq.get (view'1 self) ix - let rec from_elem'0 (elem:t_T'0) (n:usize) (return' (ret:t_Vec'0))= {[@expl:from_elem 'elem' type invariant] inv'0 elem} + let rec from_elem'0 (elem:t_T'0) (n:UInt64.t) (return' (ret:t_Vec'0))= {[@expl:from_elem 'elem' type invariant] inv'0 elem} any [ return' (result:t_Vec'0)-> {inv'2 result} - {[%#svec7] Seq.length (view'1 result) = UIntSize.to_int n} - {[%#svec8] forall i : int . 0 <= i /\ i < UIntSize.to_int n -> index_logic'0 result i = elem} + {[%#svec7] Seq.length (view'1 result) = UInt64.to_uint n} + {[%#svec8] forall i : int . 0 <= i /\ i < UInt64.to_uint n -> index_logic'0 result i = elem} (! return' {result}) ] - predicate inv'3 (_1 : usize) + predicate inv'3 (_1 : UInt64.t) - axiom inv_axiom'2 [@rewrite] : forall x : usize [inv'3 x] . inv'3 x = true + axiom inv_axiom'2 [@rewrite] : forall x : UInt64.t [inv'3 x] . inv'3 x = true type t_NonNull'1 = { t_NonNull__pointer'1: opaque_ptr } @@ -977,7 +980,7 @@ module M_sparse_array__create [#"sparse_array.rs" 134 0 134 64] { t_RawVec__ptr'1: t_Unique'1; t_RawVec__cap'1: t_Cap'0; t_RawVec__alloc'1: () } type t_Vec'1 = - { t_Vec__buf'1: t_RawVec'1; t_Vec__len'1: usize } + { t_Vec__buf'1: t_RawVec'1; t_Vec__len'1: UInt64.t } predicate inv'4 (_1 : t_Vec'1) @@ -987,26 +990,26 @@ module M_sparse_array__create [#"sparse_array.rs" 134 0 134 64] use seq.Seq - function view'2 (self : t_Vec'1) : Seq.seq usize + function view'2 (self : t_Vec'1) : Seq.seq UInt64.t - axiom view'2_spec : forall self : t_Vec'1 . [%#svec10] Seq.length (view'2 self) <= UIntSize.to_int (v_MAX'0 : usize) + axiom view'2_spec : forall self : t_Vec'1 . [%#svec10] Seq.length (view'2 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) use seq.Seq - function index_logic'1 [@inline:trivial] (self : t_Vec'1) (ix : int) : usize = + function index_logic'1 [@inline:trivial] (self : t_Vec'1) (ix : int) : UInt64.t = [%#sops11] Seq.get (view'2 self) ix - let rec from_elem'1 (elem:usize) (n:usize) (return' (ret:t_Vec'1))= {[@expl:from_elem 'elem' type invariant] inv'3 elem} + let rec from_elem'1 (elem:UInt64.t) (n:UInt64.t) (return' (ret:t_Vec'1))= {[@expl:from_elem 'elem' type invariant] inv'3 elem} any [ return' (result:t_Vec'1)-> {inv'4 result} - {[%#svec7] Seq.length (view'2 result) = UIntSize.to_int n} - {[%#svec8] forall i : int . 0 <= i /\ i < UIntSize.to_int n -> index_logic'1 result i = elem} + {[%#svec7] Seq.length (view'2 result) = UInt64.to_uint n} + {[%#svec8] forall i : int . 0 <= i /\ i < UInt64.to_uint n -> index_logic'1 result i = elem} (! return' {result}) ] type t_Sparse'0 = - { t_Sparse__size'0: usize; - t_Sparse__n'0: usize; + { t_Sparse__size'0: UInt64.t; + t_Sparse__n'0: UInt64.t; t_Sparse__values'0: t_Vec'0; t_Sparse__idx'0: t_Vec'1; t_Sparse__back'0: t_Vec'1 } @@ -1014,15 +1017,15 @@ module M_sparse_array__create [#"sparse_array.rs" 134 0 134 64] use prelude.prelude.Intrinsic predicate invariant'0 [#"sparse_array.rs" 49 4 49 30] (self : t_Sparse'0) = - [%#ssparse_array13] UIntSize.to_int self.t_Sparse__n'0 <= UIntSize.to_int self.t_Sparse__size'0 - /\ Seq.length (view'1 self.t_Sparse__values'0) = UIntSize.to_int self.t_Sparse__size'0 - /\ Seq.length (view'2 self.t_Sparse__idx'0) = UIntSize.to_int self.t_Sparse__size'0 - /\ Seq.length (view'2 self.t_Sparse__back'0) = UIntSize.to_int self.t_Sparse__size'0 - /\ (forall i : int . 0 <= i /\ i < UIntSize.to_int self.t_Sparse__n'0 + [%#ssparse_array13] UInt64.to_uint self.t_Sparse__n'0 <= UInt64.to_uint self.t_Sparse__size'0 + /\ Seq.length (view'1 self.t_Sparse__values'0) = UInt64.to_uint self.t_Sparse__size'0 + /\ Seq.length (view'2 self.t_Sparse__idx'0) = UInt64.to_uint self.t_Sparse__size'0 + /\ Seq.length (view'2 self.t_Sparse__back'0) = UInt64.to_uint self.t_Sparse__size'0 + /\ (forall i : int . 0 <= i /\ i < UInt64.to_uint self.t_Sparse__n'0 -> match index_logic'1 self.t_Sparse__back'0 i with - | j -> 0 <= UIntSize.to_int j - /\ UIntSize.to_int j < UIntSize.to_int self.t_Sparse__size'0 - /\ UIntSize.to_int (index_logic'1 self.t_Sparse__idx'0 (UIntSize.to_int j)) = i + | j -> 0 <= UInt64.to_uint j + /\ UInt64.to_uint j < UInt64.to_uint self.t_Sparse__size'0 + /\ UInt64.to_uint (index_logic'1 self.t_Sparse__idx'0 (UInt64.to_uint j)) = i end) predicate inv'1 (_1 : t_Sparse'0) @@ -1042,16 +1045,15 @@ module M_sparse_array__create [#"sparse_array.rs" 134 0 134 64] use prelude.prelude.Borrow function is_elt'0 [#"sparse_array.rs" 71 4 71 36] (self : t_Sparse'0) (i : int) : bool = - [%#ssparse_array12] UIntSize.to_int (index_logic'1 self.t_Sparse__idx'0 i) < UIntSize.to_int self.t_Sparse__n'0 - /\ UIntSize.to_int (index_logic'1 self.t_Sparse__back'0 (UIntSize.to_int (index_logic'1 self.t_Sparse__idx'0 i))) - = i + [%#ssparse_array12] UInt64.to_uint (index_logic'1 self.t_Sparse__idx'0 i) < UInt64.to_uint self.t_Sparse__n'0 + /\ UInt64.to_uint (index_logic'1 self.t_Sparse__back'0 (UInt64.to_uint (index_logic'1 self.t_Sparse__idx'0 i))) = i use prelude.prelude.Mapping use seq.Seq function view'0 [#"sparse_array.rs" 38 4 38 33] (self : t_Sparse'0) : Seq.seq (t_Option'0) = - [%#ssparse_array9] Seq.create (UIntSize.to_int self.t_Sparse__size'0) (Mapping.from_fn (fun (i : int) -> if is_elt'0 self i then + [%#ssparse_array9] Seq.create (UInt64.to_uint self.t_Sparse__size'0) (Mapping.from_fn (fun (i : int) -> if is_elt'0 self i then C_Some'0 (index_logic'0 self.t_Sparse__values'0 i) else C_None'0 @@ -1061,21 +1063,21 @@ module M_sparse_array__create [#"sparse_array.rs" 134 0 134 64] meta "compute_max_steps" 1000000 - let rec create'0 (sz:usize) (dummy:t_T'0) (return' (ret:t_Sparse'0))= {[@expl:create 'dummy' type invariant] [%#ssparse_array3] inv'0 dummy} + let rec create'0 (sz:UInt64.t) (dummy:t_T'0) (return' (ret:t_Sparse'0))= {[@expl:create 'dummy' type invariant] [%#ssparse_array3] inv'0 dummy} (! bb0 [ bb0 = s0 [ s0 = from_elem'0 {dummy} {sz} (fun (_ret':t_Vec'0) -> [ &_6 <- _ret' ] s1) | s1 = bb1 ] | bb1 = s0 - [ s0 = from_elem'1 {[%#ssparse_array0] (0 : usize)} {sz} (fun (_ret':t_Vec'1) -> [ &_9 <- _ret' ] s1) + [ s0 = from_elem'1 {[%#ssparse_array0] (0 : UInt64.t)} {sz} (fun (_ret':t_Vec'1) -> [ &_9 <- _ret' ] s1) | s1 = bb2 ] | bb2 = s0 - [ s0 = from_elem'1 {[%#ssparse_array1] (0 : usize)} {sz} (fun (_ret':t_Vec'1) -> [ &_11 <- _ret' ] s1) + [ s0 = from_elem'1 {[%#ssparse_array1] (0 : UInt64.t)} {sz} (fun (_ret':t_Vec'1) -> [ &_11 <- _ret' ] s1) | s1 = bb3 ] | bb3 = s0 [ s0 = [ &_0 <- { t_Sparse__size'0 = sz; - t_Sparse__n'0 = ([%#ssparse_array2] (0 : usize)); + t_Sparse__n'0 = ([%#ssparse_array2] (0 : UInt64.t)); t_Sparse__values'0 = _6; t_Sparse__idx'0 = _9; t_Sparse__back'0 = _11 } ] @@ -1088,7 +1090,7 @@ module M_sparse_array__create [#"sparse_array.rs" 134 0 134 64] | bb6 = return' {_0} ] ) [ & _0 : t_Sparse'0 = any_l () - | & sz : usize = sz + | & sz : UInt64.t = sz | & dummy : t_T'0 = dummy | & _6 : t_Vec'0 = any_l () | & _9 : t_Vec'1 = any_l () @@ -1096,7 +1098,7 @@ module M_sparse_array__create [#"sparse_array.rs" 134 0 134 64] [ return' (result:t_Sparse'0)-> {[@expl:create result type invariant] [%#ssparse_array4] inv'1 result} {[@expl:create ensures #0] [%#ssparse_array5] result.t_Sparse__size'0 = sz} - {[@expl:create ensures #1] [%#ssparse_array6] forall i : int . 0 <= i /\ i < UIntSize.to_int sz + {[@expl:create ensures #1] [%#ssparse_array6] forall i : int . 0 <= i /\ i < UInt64.to_uint sz -> Seq.get (view'0 result) i = C_None'0} (! return' {result}) ] @@ -1150,13 +1152,15 @@ module M_sparse_array__f [#"sparse_array.rs" 140 0 140 10] let%span sinvariant45 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 let%span sinvariant46 = "../../../creusot-contracts/src/invariant.rs" 34 20 34 44 + use prelude.prelude.Int + use prelude.prelude.Int32 - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 - predicate inv'1 (_1 : int32) + predicate inv'1 (_1 : Int32.t) - axiom inv_axiom'1 [@rewrite] : forall x : int32 [inv'1 x] . inv'1 x = true + axiom inv_axiom'1 [@rewrite] : forall x : Int32.t [inv'1 x] . inv'1 x = true use prelude.prelude.Opaque @@ -1167,13 +1171,13 @@ module M_sparse_array__f [#"sparse_array.rs" 140 0 140 10] { t_Unique__pointer'0: t_NonNull'0; t_Unique__qy95zmarker'0: () } type t_Cap'0 = - { t_Cap__0'0: usize } + { t_Cap__0'0: UInt64.t } type t_RawVec'0 = { t_RawVec__ptr'0: t_Unique'0; t_RawVec__cap'0: t_Cap'0; t_RawVec__alloc'0: () } type t_Vec'0 = - { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: usize } + { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: UInt64.t } type t_NonNull'1 = { t_NonNull__pointer'1: opaque_ptr } @@ -1185,52 +1189,50 @@ module M_sparse_array__f [#"sparse_array.rs" 140 0 140 10] { t_RawVec__ptr'1: t_Unique'1; t_RawVec__cap'1: t_Cap'0; t_RawVec__alloc'1: () } type t_Vec'1 = - { t_Vec__buf'1: t_RawVec'1; t_Vec__len'1: usize } + { t_Vec__buf'1: t_RawVec'1; t_Vec__len'1: UInt64.t } type t_Sparse'0 = - { t_Sparse__size'0: usize; - t_Sparse__n'0: usize; + { t_Sparse__size'0: UInt64.t; + t_Sparse__n'0: UInt64.t; t_Sparse__values'0: t_Vec'0; t_Sparse__idx'0: t_Vec'1; t_Sparse__back'0: t_Vec'1 } - use prelude.prelude.UIntSize - - use prelude.prelude.Int + use prelude.prelude.UInt64 use seq.Seq - constant v_MAX'0 : usize = (18446744073709551615 : usize) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) use seq.Seq - function view'4 (self : t_Vec'0) : Seq.seq int32 + function view'4 (self : t_Vec'0) : Seq.seq Int32.t - axiom view'4_spec : forall self : t_Vec'0 . [%#svec44] Seq.length (view'4 self) <= UIntSize.to_int (v_MAX'0 : usize) + axiom view'4_spec : forall self : t_Vec'0 . [%#svec44] Seq.length (view'4 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) use seq.Seq use seq.Seq - function view'5 (self : t_Vec'1) : Seq.seq usize + function view'5 (self : t_Vec'1) : Seq.seq UInt64.t - axiom view'5_spec : forall self : t_Vec'1 . [%#svec44] Seq.length (view'5 self) <= UIntSize.to_int (v_MAX'0 : usize) + axiom view'5_spec : forall self : t_Vec'1 . [%#svec44] Seq.length (view'5 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) use seq.Seq - function index_logic'1 [@inline:trivial] (self : t_Vec'1) (ix : int) : usize = + function index_logic'1 [@inline:trivial] (self : t_Vec'1) (ix : int) : UInt64.t = [%#sops42] Seq.get (view'5 self) ix predicate invariant'0 [#"sparse_array.rs" 49 4 49 30] (self : t_Sparse'0) = - [%#ssparse_array43] UIntSize.to_int self.t_Sparse__n'0 <= UIntSize.to_int self.t_Sparse__size'0 - /\ Seq.length (view'4 self.t_Sparse__values'0) = UIntSize.to_int self.t_Sparse__size'0 - /\ Seq.length (view'5 self.t_Sparse__idx'0) = UIntSize.to_int self.t_Sparse__size'0 - /\ Seq.length (view'5 self.t_Sparse__back'0) = UIntSize.to_int self.t_Sparse__size'0 - /\ (forall i : int . 0 <= i /\ i < UIntSize.to_int self.t_Sparse__n'0 + [%#ssparse_array43] UInt64.to_uint self.t_Sparse__n'0 <= UInt64.to_uint self.t_Sparse__size'0 + /\ Seq.length (view'4 self.t_Sparse__values'0) = UInt64.to_uint self.t_Sparse__size'0 + /\ Seq.length (view'5 self.t_Sparse__idx'0) = UInt64.to_uint self.t_Sparse__size'0 + /\ Seq.length (view'5 self.t_Sparse__back'0) = UInt64.to_uint self.t_Sparse__size'0 + /\ (forall i : int . 0 <= i /\ i < UInt64.to_uint self.t_Sparse__n'0 -> match index_logic'1 self.t_Sparse__back'0 i with - | j -> 0 <= UIntSize.to_int j - /\ UIntSize.to_int j < UIntSize.to_int self.t_Sparse__size'0 - /\ UIntSize.to_int (index_logic'1 self.t_Sparse__idx'0 (UIntSize.to_int j)) = i + | j -> 0 <= UInt64.to_uint j + /\ UInt64.to_uint j < UInt64.to_uint self.t_Sparse__size'0 + /\ UInt64.to_uint (index_logic'1 self.t_Sparse__idx'0 (UInt64.to_uint j)) = i end) predicate inv'0 (_1 : t_Sparse'0) @@ -1243,20 +1245,19 @@ module M_sparse_array__f [#"sparse_array.rs" 140 0 140 10] type t_Option'1 = | C_None'1 - | C_Some'1 int32 + | C_Some'1 Int32.t use seq.Seq use prelude.prelude.Borrow function is_elt'0 [#"sparse_array.rs" 71 4 71 36] (self : t_Sparse'0) (i : int) : bool = - [%#ssparse_array41] UIntSize.to_int (index_logic'1 self.t_Sparse__idx'0 i) < UIntSize.to_int self.t_Sparse__n'0 - /\ UIntSize.to_int (index_logic'1 self.t_Sparse__back'0 (UIntSize.to_int (index_logic'1 self.t_Sparse__idx'0 i))) - = i + [%#ssparse_array41] UInt64.to_uint (index_logic'1 self.t_Sparse__idx'0 i) < UInt64.to_uint self.t_Sparse__n'0 + /\ UInt64.to_uint (index_logic'1 self.t_Sparse__back'0 (UInt64.to_uint (index_logic'1 self.t_Sparse__idx'0 i))) = i use seq.Seq - function index_logic'0 [@inline:trivial] (self : t_Vec'0) (ix : int) : int32 = + function index_logic'0 [@inline:trivial] (self : t_Vec'0) (ix : int) : Int32.t = [%#sops42] Seq.get (view'4 self) ix use prelude.prelude.Mapping @@ -1264,7 +1265,7 @@ module M_sparse_array__f [#"sparse_array.rs" 140 0 140 10] use seq.Seq function view'1 [#"sparse_array.rs" 38 4 38 33] (self : t_Sparse'0) : Seq.seq (t_Option'1) = - [%#ssparse_array39] Seq.create (UIntSize.to_int self.t_Sparse__size'0) (Mapping.from_fn (fun (i : int) -> if is_elt'0 self i then + [%#ssparse_array39] Seq.create (UInt64.to_uint self.t_Sparse__size'0) (Mapping.from_fn (fun (i : int) -> if is_elt'0 self i then C_Some'1 (index_logic'0 self.t_Sparse__values'0 i) else C_None'1 @@ -1272,11 +1273,11 @@ module M_sparse_array__f [#"sparse_array.rs" 140 0 140 10] use seq.Seq - let rec create'0 (sz:usize) (dummy:int32) (return' (ret:t_Sparse'0))= {[@expl:create 'dummy' type invariant] [%#ssparse_array23] inv'1 dummy} + let rec create'0 (sz:UInt64.t) (dummy:Int32.t) (return' (ret:t_Sparse'0))= {[@expl:create 'dummy' type invariant] [%#ssparse_array23] inv'1 dummy} any [ return' (result:t_Sparse'0)-> {[%#ssparse_array24] inv'0 result} {[%#ssparse_array25] result.t_Sparse__size'0 = sz} - {[%#ssparse_array26] forall i : int . 0 <= i /\ i < UIntSize.to_int sz -> Seq.get (view'1 result) i = C_None'1} + {[%#ssparse_array26] forall i : int . 0 <= i /\ i < UInt64.to_uint sz -> Seq.get (view'1 result) i = C_None'1} (! return' {result}) ] @@ -1294,21 +1295,21 @@ module M_sparse_array__f [#"sparse_array.rs" 140 0 140 10] type t_Option'0 = | C_None'0 - | C_Some'0 int32 + | C_Some'0 Int32.t predicate inv'3 (_1 : t_Option'0) axiom inv_axiom'3 [@rewrite] : forall x : t_Option'0 [inv'3 x] . inv'3 x = true - let rec get'0 (self:t_Sparse'0) (i:usize) (return' (ret:t_Option'0))= {[@expl:get 'self' type invariant] [%#ssparse_array27] inv'2 self} - {[@expl:get requires] [%#ssparse_array28] UIntSize.to_int i < Seq.length (view'2 self)} + let rec get'0 (self:t_Sparse'0) (i:UInt64.t) (return' (ret:t_Option'0))= {[@expl:get 'self' type invariant] [%#ssparse_array27] inv'2 self} + {[@expl:get requires] [%#ssparse_array28] UInt64.to_uint i < Seq.length (view'2 self)} any [ return' (result:t_Option'0)-> {[%#ssparse_array29] inv'3 result} {[%#ssparse_array30] match result with - | C_None'0 -> Seq.get (view'2 self) (UIntSize.to_int i) = C_None'1 - | C_Some'0 x -> Seq.get (view'2 self) (UIntSize.to_int i) = C_Some'1 x + | C_None'0 -> Seq.get (view'2 self) (UInt64.to_uint i) = C_None'1 + | C_Some'0 x -> Seq.get (view'2 self) (UInt64.to_uint i) = C_Some'1 x end} - {[%#ssparse_array31] match Seq.get (view'2 self) (UIntSize.to_int i) with + {[%#ssparse_array31] match Seq.get (view'2 self) (UInt64.to_uint i) with | C_None'1 -> result = C_None'0 | C_Some'1 _ -> true end} @@ -1325,20 +1326,20 @@ module M_sparse_array__f [#"sparse_array.rs" 140 0 140 10] function view'3 (self : borrowed (t_Sparse'0)) : Seq.seq (t_Option'1) = [%#smodel40] view'1 self.current - let rec set'0 (self:borrowed (t_Sparse'0)) (i:usize) (v:int32) (return' (ret:()))= {[@expl:set 'self' type invariant] [%#ssparse_array32] inv'4 self} + let rec set'0 (self:borrowed (t_Sparse'0)) (i:UInt64.t) (v:Int32.t) (return' (ret:()))= {[@expl:set 'self' type invariant] [%#ssparse_array32] inv'4 self} {[@expl:set 'v' type invariant] [%#ssparse_array33] inv'1 v} - {[@expl:set requires] [%#ssparse_array34] UIntSize.to_int i < Seq.length (view'3 self)} + {[@expl:set requires] [%#ssparse_array34] UInt64.to_uint i < Seq.length (view'3 self)} any [ return' (result:())-> {[%#ssparse_array35] Seq.length (view'1 self.final) = Seq.length (view'3 self)} - {[%#ssparse_array36] forall j : int . 0 <= j /\ j < Seq.length (view'3 self) /\ j <> UIntSize.to_int i + {[%#ssparse_array36] forall j : int . 0 <= j /\ j < Seq.length (view'3 self) /\ j <> UInt64.to_uint i -> Seq.get (view'1 self.final) j = Seq.get (view'3 self) j} - {[%#ssparse_array37] Seq.get (view'1 self.final) (UIntSize.to_int i) = C_Some'1 v} + {[%#ssparse_array37] Seq.get (view'1 self.final) (UInt64.to_uint i) = C_Some'1 v} (! return' {result}) ] use prelude.prelude.Int32 - function view'0 (self : int32) : int = + function view'0 (self : Int32.t) : int = [%#smodel38] Int32.to_int self use prelude.prelude.Intrinsic @@ -1347,26 +1348,26 @@ module M_sparse_array__f [#"sparse_array.rs" 140 0 140 10] let rec f'0 (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 - [ s0 = [ &default <- [%#ssparse_array0] (0 : int32) ] s1 - | s1 = create'0 {[%#ssparse_array1] (10 : usize)} {default} (fun (_ret':t_Sparse'0) -> [ &a <- _ret' ] s2) + [ s0 = [ &default <- [%#ssparse_array0] (0 : Int32.t) ] s1 + | s1 = create'0 {[%#ssparse_array1] (10 : UInt64.t)} {default} (fun (_ret':t_Sparse'0) -> [ &a <- _ret' ] s2) | s2 = bb1 ] | bb1 = s0 - [ s0 = create'0 {[%#ssparse_array2] (20 : usize)} {default} (fun (_ret':t_Sparse'0) -> [ &b <- _ret' ] s1) + [ s0 = create'0 {[%#ssparse_array2] (20 : UInt64.t)} {default} (fun (_ret':t_Sparse'0) -> [ &b <- _ret' ] s1) | s1 = bb2 ] | bb2 = s0 - [ s0 = get'0 {a} {[%#ssparse_array3] (5 : usize)} (fun (_ret':t_Option'0) -> [ &x <- _ret' ] s1) | s1 = bb3 ] + [ s0 = get'0 {a} {[%#ssparse_array3] (5 : UInt64.t)} (fun (_ret':t_Option'0) -> [ &x <- _ret' ] s1) | s1 = bb3 ] | bb3 = s0 - [ s0 = get'0 {b} {[%#ssparse_array4] (7 : usize)} (fun (_ret':t_Option'0) -> [ &y <- _ret' ] s1) | s1 = bb4 ] + [ s0 = get'0 {b} {[%#ssparse_array4] (7 : UInt64.t)} (fun (_ret':t_Option'0) -> [ &y <- _ret' ] s1) | s1 = bb4 ] | bb4 = s0 [ s0 = {[@expl:assertion] [%#ssparse_array5] x = C_None'0 /\ y = C_None'0} s1 | s1 = {inv'0 a} Borrow.borrow_mut {a} (fun (_ret':borrowed (t_Sparse'0)) -> [ &_13 <- _ret' ] -{inv'0 _ret'.final}- [ &a <- _ret'.final ] s2) - | s2 = set'0 {_13} {[%#ssparse_array6] (5 : usize)} {[%#ssparse_array7] (1 : int32)} + | s2 = set'0 {_13} {[%#ssparse_array6] (5 : UInt64.t)} {[%#ssparse_array7] (1 : Int32.t)} (fun (_ret':()) -> [ &_12 <- _ret' ] s3) | s3 = bb5 ] @@ -1374,16 +1375,17 @@ module M_sparse_array__f [#"sparse_array.rs" 140 0 140 10] [ s0 = {inv'0 b} Borrow.borrow_mut {b} (fun (_ret':borrowed (t_Sparse'0)) -> [ &_15 <- _ret' ] -{inv'0 _ret'.final}- [ &b <- _ret'.final ] s1) - | s1 = set'0 {_15} {[%#ssparse_array8] (7 : usize)} {[%#ssparse_array9] (2 : int32)} + | s1 = set'0 {_15} {[%#ssparse_array8] (7 : UInt64.t)} {[%#ssparse_array9] (2 : Int32.t)} (fun (_ret':()) -> [ &_14 <- _ret' ] s2) | s2 = bb6 ] | bb6 = s0 - [ s0 = get'0 {a} {[%#ssparse_array10] (5 : usize)} (fun (_ret':t_Option'0) -> [ &_16 <- _ret' ] s1) | s1 = bb7 ] + [ s0 = get'0 {a} {[%#ssparse_array10] (5 : UInt64.t)} (fun (_ret':t_Option'0) -> [ &_16 <- _ret' ] s1) + | s1 = bb7 ] | bb7 = s0 [ s0 = [ &x <- _16 ] s1 - | s1 = get'0 {b} {[%#ssparse_array11] (7 : usize)} (fun (_ret':t_Option'0) -> [ &_18 <- _ret' ] s2) + | s1 = get'0 {b} {[%#ssparse_array11] (7 : UInt64.t)} (fun (_ret':t_Option'0) -> [ &_18 <- _ret' ] s2) | s2 = bb8 ] | bb8 = s0 @@ -1398,34 +1400,34 @@ module M_sparse_array__f [#"sparse_array.rs" 140 0 140 10] | C_Some'0 z -> view'0 z = 2 end} s3 - | s3 = get'0 {a} {[%#ssparse_array14] (7 : usize)} (fun (_ret':t_Option'0) -> [ &_24 <- _ret' ] s4) + | s3 = get'0 {a} {[%#ssparse_array14] (7 : UInt64.t)} (fun (_ret':t_Option'0) -> [ &_24 <- _ret' ] s4) | s4 = bb9 ] | bb9 = s0 [ s0 = [ &x <- _24 ] s1 - | s1 = get'0 {b} {[%#ssparse_array15] (5 : usize)} (fun (_ret':t_Option'0) -> [ &_26 <- _ret' ] s2) + | s1 = get'0 {b} {[%#ssparse_array15] (5 : UInt64.t)} (fun (_ret':t_Option'0) -> [ &_26 <- _ret' ] s2) | s2 = bb10 ] | bb10 = s0 [ s0 = [ &y <- _26 ] s1 | s1 = {[@expl:assertion] [%#ssparse_array16] x = C_None'0 /\ y = C_None'0} s2 - | s2 = get'0 {a} {[%#ssparse_array17] (0 : usize)} (fun (_ret':t_Option'0) -> [ &_30 <- _ret' ] s3) + | s2 = get'0 {a} {[%#ssparse_array17] (0 : UInt64.t)} (fun (_ret':t_Option'0) -> [ &_30 <- _ret' ] s3) | s3 = bb11 ] | bb11 = s0 [ s0 = [ &x <- _30 ] s1 - | s1 = get'0 {b} {[%#ssparse_array18] (0 : usize)} (fun (_ret':t_Option'0) -> [ &_32 <- _ret' ] s2) + | s1 = get'0 {b} {[%#ssparse_array18] (0 : UInt64.t)} (fun (_ret':t_Option'0) -> [ &_32 <- _ret' ] s2) | s2 = bb12 ] | bb12 = s0 [ s0 = [ &y <- _32 ] s1 | s1 = {[@expl:assertion] [%#ssparse_array19] x = C_None'0 /\ y = C_None'0} s2 - | s2 = get'0 {a} {[%#ssparse_array20] (9 : usize)} (fun (_ret':t_Option'0) -> [ &_36 <- _ret' ] s3) + | s2 = get'0 {a} {[%#ssparse_array20] (9 : UInt64.t)} (fun (_ret':t_Option'0) -> [ &_36 <- _ret' ] s3) | s3 = bb13 ] | bb13 = s0 [ s0 = [ &x <- _36 ] s1 - | s1 = get'0 {b} {[%#ssparse_array21] (9 : usize)} (fun (_ret':t_Option'0) -> [ &_38 <- _ret' ] s2) + | s1 = get'0 {b} {[%#ssparse_array21] (9 : UInt64.t)} (fun (_ret':t_Option'0) -> [ &_38 <- _ret' ] s2) | s2 = bb14 ] | bb14 = s0 @@ -1437,7 +1439,7 @@ module M_sparse_array__f [#"sparse_array.rs" 140 0 140 10] | bb16 = return' {_0} ] ) [ & _0 : () = any_l () - | & default : int32 = any_l () + | & default : Int32.t = any_l () | & a : t_Sparse'0 = any_l () | & b : t_Sparse'0 = any_l () | & x : t_Option'0 = any_l () diff --git a/creusot/tests/should_succeed/spec_tests.coma b/creusot/tests/should_succeed/spec_tests.coma index 42f2f8f7de..030f461eb3 100644 --- a/creusot/tests/should_succeed/spec_tests.coma +++ b/creusot/tests/should_succeed/spec_tests.coma @@ -8,17 +8,19 @@ module M_spec_tests__test_specs [#"spec_tests.rs" 20 0 20 19] | C_A'0 | C_B'0 + use prelude.prelude.Int + use prelude.prelude.UInt32 type t_S'0 = - { t_S__0'0: uint32; t_S__1'0: bool } + { t_S__0'0: UInt32.t; t_S__1'0: bool } meta "compute_max_steps" 1000000 let rec test_specs'0 (_1:()) (return' (ret:()))= (! bb0 [ bb0 = return' {_0} ] ) [ & _0 : () = any_l () ] [ return' (result:())-> {[@expl:test_specs ensures #0] [%#sspec_tests0] C_A'0 = C_B'0} - {[@expl:test_specs ensures #1] [%#sspec_tests1] { t_S__0'0 = (0 : uint32); t_S__1'0 = true } - = { t_S__0'0 = (1 : uint32); t_S__1'0 = false }} + {[@expl:test_specs ensures #1] [%#sspec_tests1] { t_S__0'0 = (0 : UInt32.t); t_S__1'0 = true } + = { t_S__0'0 = (1 : UInt32.t); t_S__1'0 = false }} (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/specification/division.coma b/creusot/tests/should_succeed/specification/division.coma index 3fc22fe11d..860a654d24 100644 --- a/creusot/tests/should_succeed/specification/division.coma +++ b/creusot/tests/should_succeed/specification/division.coma @@ -4,25 +4,27 @@ module M_division__divide [#"division.rs" 6 0 6 36] use prelude.prelude.UInt32 + use prelude.prelude.Int + use prelude.prelude.Intrinsic meta "compute_max_steps" 1000000 - let rec divide'0 (y:uint32) (x:uint32) (return' (ret:uint32))= {[@expl:divide requires] [%#sdivision1] x - <> (0 : uint32)} + let rec divide'0 (y:UInt32.t) (x:UInt32.t) (return' (ret:UInt32.t))= {[@expl:divide requires] [%#sdivision1] x + <> (0 : UInt32.t)} (! bb0 [ bb0 = s0 [ s0 = [ &_5 <- x ] s1 - | s1 = UInt32.eq {_5} {[%#sdivision0] (0 : uint32)} (fun (_ret':bool) -> [ &_6 <- _ret' ] s2) + | s1 = UInt32.eq {_5} {[%#sdivision0] (0 : UInt32.t)} (fun (_ret':bool) -> [ &_6 <- _ret' ] s2) | s2 = {[@expl:division by zero] [%#sdivision0] not _6} s3 | s3 = bb1 ] - | bb1 = s0 [ s0 = UInt32.div {y} {_5} (fun (_ret':uint32) -> [ &_0 <- _ret' ] s1) | s1 = return' {_0} ] ] + | bb1 = s0 [ s0 = UInt32.div {y} {_5} (fun (_ret':UInt32.t) -> [ &_0 <- _ret' ] s1) | s1 = return' {_0} ] ] ) - [ & _0 : uint32 = any_l () - | & y : uint32 = y - | & x : uint32 = x - | & _5 : uint32 = any_l () + [ & _0 : UInt32.t = any_l () + | & y : UInt32.t = y + | & x : UInt32.t = x + | & _5 : UInt32.t = any_l () | & _6 : bool = any_l () ] - [ return' (result:uint32)-> (! return' {result}) ] + [ return' (result:UInt32.t)-> (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/specification/forall.coma b/creusot/tests/should_succeed/specification/forall.coma index f6301f77af..b7b4b5d3e5 100644 --- a/creusot/tests/should_succeed/specification/forall.coma +++ b/creusot/tests/should_succeed/specification/forall.coma @@ -3,12 +3,14 @@ module M_forall__f [#"forall.rs" 6 0 6 10] use prelude.prelude.Intrinsic + use prelude.prelude.Int + use prelude.prelude.UInt32 meta "compute_max_steps" 1000000 let rec f'0 (_1:()) (return' (ret:()))= (! bb0 [ bb0 = return' {_0} ] ) [ & _0 : () = any_l () ] - [ return' (result:())-> {[@expl:f ensures] [%#sforall0] forall _x : uint32 . true + [ return' (result:())-> {[@expl:f ensures] [%#sforall0] forall _x : UInt32.t . true /\ true /\ true /\ true /\ true /\ true /\ true /\ true /\ true} (! return' {result}) ] diff --git a/creusot/tests/should_succeed/specification/logic_call.coma b/creusot/tests/should_succeed/specification/logic_call.coma index 58b0022fff..3556eb5a10 100644 --- a/creusot/tests/should_succeed/specification/logic_call.coma +++ b/creusot/tests/should_succeed/specification/logic_call.coma @@ -3,18 +3,20 @@ module M_logic_call__dummy [#"logic_call.rs" 11 0 11 21] let%span slogic_call1 = "logic_call.rs" 10 10 10 27 let%span slogic_call2 = "logic_call.rs" 7 16 7 22 + use prelude.prelude.Int + use prelude.prelude.UInt32 use prelude.prelude.Intrinsic - function reflexive'0 [#"logic_call.rs" 6 0 6 40] (x : uint32) : bool = + function reflexive'0 [#"logic_call.rs" 6 0 6 40] (x : UInt32.t) : bool = [%#slogic_call2] x = x meta "compute_max_steps" 1000000 - let rec dummy'0 (_1:()) (return' (ret:uint32))= (! bb0 - [ bb0 = s0 [ s0 = [ &_0 <- [%#slogic_call0] (0 : uint32) ] s1 | s1 = return' {_0} ] ] - ) [ & _0 : uint32 = any_l () ] - [ return' (result:uint32)-> {[@expl:dummy ensures] [%#slogic_call1] reflexive'0 result} (! return' {result}) ] + let rec dummy'0 (_1:()) (return' (ret:UInt32.t))= (! bb0 + [ bb0 = s0 [ s0 = [ &_0 <- [%#slogic_call0] (0 : UInt32.t) ] s1 | s1 = return' {_0} ] ] + ) [ & _0 : UInt32.t = any_l () ] + [ return' (result:UInt32.t)-> {[@expl:dummy ensures] [%#slogic_call1] reflexive'0 result} (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/specification/model.coma b/creusot/tests/should_succeed/specification/model.coma index f1e352823c..ee6f1fc93f 100644 --- a/creusot/tests/should_succeed/specification/model.coma +++ b/creusot/tests/should_succeed/specification/model.coma @@ -11,15 +11,17 @@ module M_model__test_arc [#"model.rs" 41 0 41 41] type t_Arc'0 = { t_Arc__ptr'0: t_NonNull'0; t_Arc__phantom'0: (); t_Arc__alloc'0: () } - use prelude.prelude.UIntSize + use prelude.prelude.Int - function view'0 (self : t_Arc'0) : usize + use prelude.prelude.UInt64 - use prelude.prelude.UIntSize + function view'0 (self : t_Arc'0) : UInt64.t + + use prelude.prelude.UInt64 meta "compute_max_steps" 1000000 - let rec test_arc'0 (a:t_Arc'0) (return' (ret:()))= {[@expl:test_arc requires] [%#smodel0] UIntSize.to_int (view'0 a) + let rec test_arc'0 (a:t_Arc'0) (return' (ret:()))= {[@expl:test_arc requires] [%#smodel0] UInt64.to_uint (view'0 a) = 0} (! bb0 [ bb0 = bb1 | bb1 = bb2 | bb2 = return' {_0} ] ) [ & _0 : () = any_l () ] [ return' (result:())-> (! return' {result}) ] @@ -38,16 +40,17 @@ module M_model__test_rc [#"model.rs" 44 0 44 37] type t_Rc'0 = { t_Rc__ptr'0: t_NonNull'0; t_Rc__phantom'0: (); t_Rc__alloc'0: () } - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 - function view'0 (self : t_Rc'0) : usize + function view'0 (self : t_Rc'0) : UInt64.t - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 meta "compute_max_steps" 1000000 - let rec test_rc'0 (v:t_Rc'0) (return' (ret:()))= {[@expl:test_rc requires] [%#smodel0] UIntSize.to_int (view'0 v) - = 0} + let rec test_rc'0 (v:t_Rc'0) (return' (ret:()))= {[@expl:test_rc requires] [%#smodel0] UInt64.to_uint (view'0 v) = 0} (! bb0 [ bb0 = bb1 | bb1 = bb2 | bb2 = return' {_0} ] ) [ & _0 : () = any_l () ] [ return' (result:())-> (! return' {result}) ] diff --git a/creusot/tests/should_succeed/specification/trusted.coma b/creusot/tests/should_succeed/specification/trusted.coma index 9b2de5f334..1115a989b6 100644 --- a/creusot/tests/should_succeed/specification/trusted.coma +++ b/creusot/tests/should_succeed/specification/trusted.coma @@ -3,21 +3,23 @@ module M_trusted__victim_of_lie [#"trusted.rs" 18 0 18 29] let%span strusted1 = "trusted.rs" 17 10 17 25 let%span strusted2 = "trusted.rs" 12 10 12 25 + use prelude.prelude.Int + use prelude.prelude.UInt32 - let rec lie'0 (_1:()) (return' (ret:uint32))= any - [ return' (result:uint32)-> {[%#strusted2] result = (10 : uint32)} (! return' {result}) ] + let rec lie'0 (_1:()) (return' (ret:UInt32.t))= any + [ return' (result:UInt32.t)-> {[%#strusted2] result = (10 : UInt32.t)} (! return' {result}) ] use prelude.prelude.Intrinsic meta "compute_max_steps" 1000000 - let rec victim_of_lie'0 (_1:()) (return' (ret:uint32))= (! bb0 - [ bb0 = s0 [ s0 = lie'0 {[%#strusted0] ()} (fun (_ret':uint32) -> [ &_0 <- _ret' ] s1) | s1 = bb1 ] + let rec victim_of_lie'0 (_1:()) (return' (ret:UInt32.t))= (! bb0 + [ bb0 = s0 [ s0 = lie'0 {[%#strusted0] ()} (fun (_ret':UInt32.t) -> [ &_0 <- _ret' ] s1) | s1 = bb1 ] | bb1 = return' {_0} ] - ) [ & _0 : uint32 = any_l () ] - [ return' (result:uint32)-> {[@expl:victim_of_lie ensures] [%#strusted1] result = (10 : uint32)} + ) [ & _0 : UInt32.t = any_l () ] + [ return' (result:UInt32.t)-> {[@expl:victim_of_lie ensures] [%#strusted1] result = (10 : UInt32.t)} (! return' {result}) ] end @@ -28,26 +30,32 @@ module M_trusted__innocent_victim [#"trusted.rs" 30 0 30 31] let%span strusted3 = "trusted.rs" 38 14 38 19 let%span strusted4 = "trusted.rs" 45 18 45 23 + use prelude.prelude.Int + use prelude.prelude.UInt32 - let rec my_unverified_code'0 (_1:()) (return' (ret:uint32))= any - [ return' (result:uint32)-> {[%#strusted3] false} (! return' {result}) ] + let rec my_unverified_code'0 (_1:()) (return' (ret:UInt32.t))= any + [ return' (result:UInt32.t)-> {[%#strusted3] false} (! return' {result}) ] - let rec im_out_of_control'0 (_1:()) (return' (ret:uint32))= any - [ return' (result:uint32)-> {[%#strusted4] false} (! return' {result}) ] + let rec im_out_of_control'0 (_1:()) (return' (ret:UInt32.t))= any + [ return' (result:UInt32.t)-> {[%#strusted4] false} (! return' {result}) ] use prelude.prelude.Intrinsic meta "compute_max_steps" 1000000 - let rec innocent_victim'0 (_1:()) (return' (ret:uint32))= (! bb0 - [ bb0 = s0 [ s0 = my_unverified_code'0 {[%#strusted0] ()} (fun (_ret':uint32) -> [ &_2 <- _ret' ] s1) | s1 = bb1 ] - | bb1 = s0 [ s0 = im_out_of_control'0 {[%#strusted1] ()} (fun (_ret':uint32) -> [ &_0 <- _ret' ] s1) | s1 = bb2 ] + let rec innocent_victim'0 (_1:()) (return' (ret:UInt32.t))= (! bb0 + [ bb0 = s0 + [ s0 = my_unverified_code'0 {[%#strusted0] ()} (fun (_ret':UInt32.t) -> [ &_2 <- _ret' ] s1) | s1 = bb1 ] + + | bb1 = s0 + [ s0 = im_out_of_control'0 {[%#strusted1] ()} (fun (_ret':UInt32.t) -> [ &_0 <- _ret' ] s1) | s1 = bb2 ] + | bb2 = return' {_0} ] - ) [ & _0 : uint32 = any_l () | & _2 : uint32 = any_l () ] - [ return' (result:uint32)-> {[@expl:innocent_victim ensures] [%#strusted2] result = (10 : uint32)} + ) [ & _0 : UInt32.t = any_l () | & _2 : UInt32.t = any_l () ] + [ return' (result:UInt32.t)-> {[@expl:innocent_victim ensures] [%#strusted2] result = (10 : UInt32.t)} (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/split_borrow.coma b/creusot/tests/should_succeed/split_borrow.coma index 5092217c60..e762c844f4 100644 --- a/creusot/tests/should_succeed/split_borrow.coma +++ b/creusot/tests/should_succeed/split_borrow.coma @@ -17,10 +17,12 @@ module M_split_borrow__f [#"split_borrow.rs" 9 0 9 10] let%span ssplit_borrow4 = "split_borrow.rs" 16 23 16 25 let%span sresolve5 = "../../../creusot-contracts/src/resolve.rs" 54 20 54 34 - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 type t_MyInt'0 = - { t_MyInt__0'0: usize } + { t_MyInt__0'0: UInt64.t } use prelude.prelude.Borrow @@ -38,8 +40,8 @@ module M_split_borrow__f [#"split_borrow.rs" 9 0 9 10] let rec f'0 (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 - [ s0 = [ &_2 <- { t_MyInt__0'0 = ([%#ssplit_borrow0] (1 : usize)) } ] s1 - | s1 = [ &_3 <- { t_MyInt__0'0 = ([%#ssplit_borrow1] (2 : usize)) } ] s2 + [ s0 = [ &_2 <- { t_MyInt__0'0 = ([%#ssplit_borrow0] (1 : UInt64.t)) } ] s1 + | s1 = [ &_3 <- { t_MyInt__0'0 = ([%#ssplit_borrow1] (2 : UInt64.t)) } ] s2 | s2 = [ &x <- (_2, _3) ] s3 | s3 = Borrow.borrow_mut <(t_MyInt'0, t_MyInt'0)> {x} (fun (_ret':borrowed (t_MyInt'0, t_MyInt'0)) -> [ &y <- _ret' ] [ &x <- _ret'.final ] s4) @@ -48,12 +50,12 @@ module M_split_borrow__f [#"split_borrow.rs" 9 0 9 10] | bb1 = any [ br0 -> {_6 = false} (! bb3) | br1 -> {_6} (! bb2) ] | bb2 = s0 - [ s0 = [ &_7 <- { t_MyInt__0'0 = ([%#ssplit_borrow3] (4 : usize)) } ] s1 + [ s0 = [ &_7 <- { t_MyInt__0'0 = ([%#ssplit_borrow3] (4 : UInt64.t)) } ] s1 | s1 = [ &y <- { y with current = (let (r'0, _) = y.current in (r'0, _7)) } ] s2 | s2 = bb4 ] | bb3 = s0 - [ s0 = [ &_8 <- { t_MyInt__0'0 = ([%#ssplit_borrow4] (10 : usize)) } ] s1 + [ s0 = [ &_8 <- { t_MyInt__0'0 = ([%#ssplit_borrow4] (10 : UInt64.t)) } ] s1 | s1 = [ &y <- { y with current = (let (_, r'1) = y.current in (_8, r'1)) } ] s2 | s2 = bb4 ] @@ -75,10 +77,12 @@ module M_split_borrow__g [#"split_borrow.rs" 23 0 23 10] let%span ssplit_borrow2 = "split_borrow.rs" 29 19 29 20 let%span sresolve3 = "../../../creusot-contracts/src/resolve.rs" 54 20 54 34 - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 type t_MyInt'0 = - { t_MyInt__0'0: usize } + { t_MyInt__0'0: UInt64.t } use prelude.prelude.Borrow @@ -100,8 +104,8 @@ module M_split_borrow__g [#"split_borrow.rs" 23 0 23 10] let rec g'0 (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 - [ s0 = [ &_2 <- { t_MyInt__0'0 = ([%#ssplit_borrow0] (1 : usize)) } ] s1 - | s1 = [ &_3 <- { t_MyInt__0'0 = ([%#ssplit_borrow1] (2 : usize)) } ] s2 + [ s0 = [ &_2 <- { t_MyInt__0'0 = ([%#ssplit_borrow0] (1 : UInt64.t)) } ] s1 + | s1 = [ &_3 <- { t_MyInt__0'0 = ([%#ssplit_borrow1] (2 : UInt64.t)) } ] s2 | s2 = [ &a <- (_2, _3) ] s3 | s3 = Borrow.borrow_mut <(t_MyInt'0, t_MyInt'0)> {a} (fun (_ret':borrowed (t_MyInt'0, t_MyInt'0)) -> [ &x <- _ret' ] [ &a <- _ret'.final ] s4) @@ -111,7 +115,7 @@ module M_split_borrow__g [#"split_borrow.rs" 23 0 23 10] [ &x <- { x with current = (let (r'1, _) = x.current in (r'1, _ret'.final)) } ] s5) | s5 = -{resolve'0 _z}- s6 - | s6 = [ &_6 <- { t_MyInt__0'0 = ([%#ssplit_borrow2] (3 : usize)) } ] s7 + | s6 = [ &_6 <- { t_MyInt__0'0 = ([%#ssplit_borrow2] (3 : UInt64.t)) } ] s7 | s7 = [ &x <- { x with current = (let (_, r'4) = x.current in (_6, r'4)) } ] s8 | s8 = -{resolve'1 x}- s9 | s9 = return' {_0} ] diff --git a/creusot/tests/should_succeed/std_types.coma b/creusot/tests/should_succeed/std_types.coma index 1cb642b0a3..0fc68a7270 100644 --- a/creusot/tests/should_succeed/std_types.coma +++ b/creusot/tests/should_succeed/std_types.coma @@ -1,11 +1,13 @@ module M_std_types__x [#"std_types.rs" 5 0 5 20] use prelude.prelude.Intrinsic + use prelude.prelude.Int + use prelude.prelude.UInt32 type t_Option'0 = | C_None'0 - | C_Some'0 uint32 + | C_Some'0 UInt32.t type t_MyType'0 = { t_MyType__0'0: t_Option'0 } diff --git a/creusot/tests/should_succeed/sum.coma b/creusot/tests/should_succeed/sum.coma index c47418fc5d..fb21e46493 100644 --- a/creusot/tests/should_succeed/sum.coma +++ b/creusot/tests/should_succeed/sum.coma @@ -14,7 +14,7 @@ module M_sum__sum_first_n [#"sum.rs" 6 0 6 33] let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 101 0 213 1 let%span srange13 = "../../../creusot-contracts/src/std/iter/range.rs" 71 12 75 76 let%span siter14 = "../../../creusot-contracts/src/std/iter.rs" 107 26 110 17 - let%span snum15 = "../../../creusot-contracts/src/std/num.rs" 21 28 21 33 + let%span snum15 = "../../../creusot-contracts/src/std/num.rs" 52 28 52 33 let%span sops16 = "../../../creusot-contracts/src/std/ops.rs" 201 14 201 86 let%span siter17 = "../../../creusot-contracts/src/std/iter.rs" 86 20 86 24 let%span siter18 = "../../../creusot-contracts/src/std/iter.rs" 92 8 92 19 @@ -29,36 +29,36 @@ module M_sum__sum_first_n [#"sum.rs" 6 0 6 33] let%span srange27 = "../../../creusot-contracts/src/std/iter/range.rs" 63 12 63 57 let%span sresolve28 = "../../../creusot-contracts/src/resolve.rs" 54 20 54 34 + use prelude.prelude.Int + use prelude.prelude.UInt32 - predicate inv'2 (_1 : uint32) + predicate inv'2 (_1 : UInt32.t) - axiom inv_axiom'2 [@rewrite] : forall x : uint32 [inv'2 x] . inv'2 x = true + axiom inv_axiom'2 [@rewrite] : forall x : UInt32.t [inv'2 x] . inv'2 x = true type t_RangeInclusive'0 = - { t_RangeInclusive__start'0: uint32; t_RangeInclusive__end'0: uint32; t_RangeInclusive__exhausted'0: bool } + { t_RangeInclusive__start'0: UInt32.t; t_RangeInclusive__end'0: UInt32.t; t_RangeInclusive__exhausted'0: bool } predicate inv'0 (_1 : t_RangeInclusive'0) axiom inv_axiom'0 [@rewrite] : forall x : t_RangeInclusive'0 [inv'0 x] . inv'0 x = true - function start_log'0 (self : t_RangeInclusive'0) : uint32 + function start_log'0 (self : t_RangeInclusive'0) : UInt32.t - function end_log'0 (self : t_RangeInclusive'0) : uint32 - - use prelude.prelude.Int + function end_log'0 (self : t_RangeInclusive'0) : UInt32.t use prelude.prelude.UInt32 - function deep_model'0 (self : uint32) : int = - [%#snum15] UInt32.to_int self + function deep_model'0 (self : UInt32.t) : int = + [%#snum15] UInt32.to_uint self function is_empty_log'0 (self : t_RangeInclusive'0) : bool axiom is_empty_log'0_spec : forall self : t_RangeInclusive'0 . [%#sops16] not is_empty_log'0 self -> deep_model'0 (start_log'0 self) <= deep_model'0 (end_log'0 self) - let rec new'0 (start:uint32) (end':uint32) (return' (ret:t_RangeInclusive'0))= {[@expl:new 'start' type invariant] inv'2 start} + let rec new'0 (start:UInt32.t) (end':UInt32.t) (return' (ret:t_RangeInclusive'0))= {[@expl:new 'start' type invariant] inv'2 start} {[@expl:new 'end' type invariant] inv'2 end'} any [ return' (result:t_RangeInclusive'0)-> {inv'0 result} @@ -108,29 +108,29 @@ module M_sum__sum_first_n [#"sum.rs" 6 0 6 33] use seq.Seq - predicate produces'0 (self : t_RangeInclusive'0) (visited : Seq.seq uint32) (o : t_RangeInclusive'0) = + predicate produces'0 (self : t_RangeInclusive'0) (visited : Seq.seq UInt32.t) (o : t_RangeInclusive'0) = [%#srange13] Seq.length visited = range_inclusive_len'0 self - range_inclusive_len'0 o /\ (is_empty_log'0 self -> is_empty_log'0 o) /\ (is_empty_log'0 o \/ end_log'0 self = end_log'0 o) /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> deep_model'0 (Seq.get visited i) = deep_model'0 (start_log'0 self) + i) - function produces_trans'0 (a : t_RangeInclusive'0) (ab : Seq.seq uint32) (b : t_RangeInclusive'0) (bc : Seq.seq uint32) (c : t_RangeInclusive'0) : () + function produces_trans'0 (a : t_RangeInclusive'0) (ab : Seq.seq UInt32.t) (b : t_RangeInclusive'0) (bc : Seq.seq UInt32.t) (c : t_RangeInclusive'0) : () = [%#srange24] () - axiom produces_trans'0_spec : forall a : t_RangeInclusive'0, ab : Seq.seq uint32, b : t_RangeInclusive'0, bc : Seq.seq uint32, c : t_RangeInclusive'0 . ([%#srange21] produces'0 a ab b) + axiom produces_trans'0_spec : forall a : t_RangeInclusive'0, ab : Seq.seq UInt32.t, b : t_RangeInclusive'0, bc : Seq.seq UInt32.t, c : t_RangeInclusive'0 . ([%#srange21] produces'0 a ab b) -> ([%#srange22] produces'0 b bc c) -> ([%#srange23] produces'0 a (Seq.(++) ab bc) c) function produces_refl'0 (self : t_RangeInclusive'0) : () = [%#srange20] () - axiom produces_refl'0_spec : forall self : t_RangeInclusive'0 . [%#srange19] produces'0 self (Seq.empty : Seq.seq uint32) self + axiom produces_refl'0_spec : forall self : t_RangeInclusive'0 . [%#srange19] produces'0 self (Seq.empty : Seq.seq UInt32.t) self - predicate inv'1 (_1 : Seq.seq uint32) + predicate inv'1 (_1 : Seq.seq UInt32.t) - axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq uint32 [inv'1 x] . inv'1 x = true + axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq UInt32.t [inv'1 x] . inv'1 x = true use prelude.prelude.Borrow @@ -140,7 +140,7 @@ module M_sum__sum_first_n [#"sum.rs" 6 0 6 33] type t_Option'0 = | C_None'0 - | C_Some'0 uint32 + | C_Some'0 UInt32.t predicate inv'4 (_1 : t_Option'0) @@ -167,9 +167,9 @@ module M_sum__sum_first_n [#"sum.rs" 6 0 6 33] predicate resolve'0 (_1 : borrowed (t_RangeInclusive'0)) = resolve'1 _1 - let rec v_Some'0 (input:t_Option'0) (ret (field_0:uint32))= any - [ good (field_0:uint32)-> {C_Some'0 field_0 = input} (! ret {field_0}) - | bad -> {forall field_0 : uint32 [C_Some'0 field_0 : t_Option'0] . C_Some'0 field_0 <> input} (! {false} any) ] + let rec v_Some'0 (input:t_Option'0) (ret (field_0:UInt32.t))= any + [ good (field_0:UInt32.t)-> {C_Some'0 field_0 = input} (! ret {field_0}) + | bad -> {forall field_0 : UInt32.t [C_Some'0 field_0 : t_Option'0] . C_Some'0 field_0 <> input} (! {false} any) ] use prelude.prelude.Intrinsic @@ -180,23 +180,23 @@ module M_sum__sum_first_n [#"sum.rs" 6 0 6 33] meta "compute_max_steps" 1000000 - let rec sum_first_n'0 (n:uint32) (return' (ret:uint32))= {[@expl:sum_first_n requires] [%#ssum7] UInt32.to_int n + let rec sum_first_n'0 (n:UInt32.t) (return' (ret:UInt32.t))= {[@expl:sum_first_n requires] [%#ssum7] UInt32.to_uint n < 1000} (! bb0 [ bb0 = s0 - [ s0 = [ &sum <- [%#ssum0] (0 : uint32) ] s1 - | s1 = new'0 {[%#ssum1] (1 : uint32)} {n} (fun (_ret':t_RangeInclusive'0) -> [ &_7 <- _ret' ] s2) + [ s0 = [ &sum <- [%#ssum0] (0 : UInt32.t) ] s1 + | s1 = new'0 {[%#ssum1] (1 : UInt32.t)} {n} (fun (_ret':t_RangeInclusive'0) -> [ &_7 <- _ret' ] s2) | s2 = bb1 ] | bb1 = s0 [ s0 = into_iter'0 {_7} (fun (_ret':t_RangeInclusive'0) -> [ &iter <- _ret' ] s1) | s1 = bb2 ] | bb2 = s0 [ s0 = [ &iter_old <- [%#ssum2] Snapshot.new iter ] s1 | s1 = bb3 ] - | bb3 = s0 [ s0 = [ &produced <- [%#ssum3] Snapshot.new (Seq.empty : Seq.seq uint32) ] s1 | s1 = bb4 ] + | bb3 = s0 [ s0 = [ &produced <- [%#ssum3] Snapshot.new (Seq.empty : Seq.seq UInt32.t) ] s1 | s1 = bb4 ] | bb4 = bb5 | bb5 = bb5 [ bb5 = {[@expl:for invariant] [%#ssum5] inv'1 (Snapshot.inner produced)} {[@expl:for invariant] [%#ssum5] inv'0 iter} {[@expl:for invariant] [%#ssum5] produces'0 (Snapshot.inner iter_old) (Snapshot.inner produced) iter} - {[@expl:loop invariant] [%#ssum4] UInt32.to_int sum * 2 + {[@expl:loop invariant] [%#ssum4] UInt32.to_uint sum * 2 = Seq.length (Snapshot.inner produced) * (Seq.length (Snapshot.inner produced) + 1)} (! s0) [ s0 = bb6 ] [ bb6 = s0 @@ -212,11 +212,11 @@ module M_sum__sum_first_n [#"sum.rs" 6 0 6 33] | bb7 = s0 [ s0 = -{resolve'0 _20}- s1 - | s1 = any [ br0 -> {_18 = C_None'0 } (! bb10) | br1 (x0:uint32)-> {_18 = C_Some'0 x0} (! bb9) ] ] + | s1 = any [ br0 -> {_18 = C_None'0 } (! bb10) | br1 (x0:UInt32.t)-> {_18 = C_Some'0 x0} (! bb9) ] ] | bb9 = bb11 | bb11 = s0 - [ s0 = v_Some'0 {_18} (fun (r0'0:uint32) -> [ &__creusot_proc_iter_elem <- r0'0 ] s1) + [ s0 = v_Some'0 {_18} (fun (r0'0:UInt32.t) -> [ &__creusot_proc_iter_elem <- r0'0 ] s1) | s1 = [ &_23 <- [%#ssum6] Snapshot.new (Seq.(++) (Snapshot.inner produced) (Seq.singleton __creusot_proc_iter_elem)) ] @@ -226,29 +226,29 @@ module M_sum__sum_first_n [#"sum.rs" 6 0 6 33] | bb12 = s0 [ s0 = [ &produced <- _23 ] s1 | s1 = [ &i <- __creusot_proc_iter_elem ] s2 - | s2 = UInt32.add {sum} {i} (fun (_ret':uint32) -> [ &sum <- _ret' ] s3) + | s2 = UInt32.add {sum} {i} (fun (_ret':UInt32.t) -> [ &sum <- _ret' ] s3) | s3 = bb5 ] ] ] | bb10 = s0 [ s0 = [ &_0 <- sum ] s1 | s1 = return' {_0} ] ] ) - [ & _0 : uint32 = any_l () - | & n : uint32 = n - | & sum : uint32 = any_l () + [ & _0 : UInt32.t = any_l () + | & n : UInt32.t = n + | & sum : UInt32.t = any_l () | & iter : t_RangeInclusive'0 = any_l () | & _7 : t_RangeInclusive'0 = any_l () | & iter_old : Snapshot.snap_ty (t_RangeInclusive'0) = any_l () - | & produced : Snapshot.snap_ty (Seq.seq uint32) = any_l () + | & produced : Snapshot.snap_ty (Seq.seq UInt32.t) = any_l () | & _18 : t_Option'0 = any_l () | & _19 : borrowed (t_RangeInclusive'0) = any_l () | & _20 : borrowed (t_RangeInclusive'0) = any_l () - | & __creusot_proc_iter_elem : uint32 = any_l () - | & _23 : Snapshot.snap_ty (Seq.seq uint32) = any_l () - | & i : uint32 = any_l () ] + | & __creusot_proc_iter_elem : UInt32.t = any_l () + | & _23 : Snapshot.snap_ty (Seq.seq UInt32.t) = any_l () + | & i : UInt32.t = any_l () ] - [ return' (result:uint32)-> {[@expl:sum_first_n ensures] [%#ssum8] UInt32.to_int result - = div (UInt32.to_int n * (UInt32.to_int n + 1)) 2} + [ return' (result:UInt32.t)-> {[@expl:sum_first_n ensures] [%#ssum8] UInt32.to_uint result + = div (UInt32.to_uint n * (UInt32.to_uint n + 1)) 2} (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/sum_of_odds.coma b/creusot/tests/should_succeed/sum_of_odds.coma index ef5dd848e0..f4816d8fac 100644 --- a/creusot/tests/should_succeed/sum_of_odds.coma +++ b/creusot/tests/should_succeed/sum_of_odds.coma @@ -78,15 +78,17 @@ module M_sum_of_odds__compute_sum_of_odd [#"sum_of_odds.rs" 36 0 36 36] let%span srange28 = "../../../creusot-contracts/src/std/iter/range.rs" 42 15 42 32 let%span srange29 = "../../../creusot-contracts/src/std/iter/range.rs" 43 15 43 32 let%span srange30 = "../../../creusot-contracts/src/std/iter/range.rs" 44 14 44 42 - let%span snum31 = "../../../creusot-contracts/src/std/num.rs" 21 28 21 33 + let%span snum31 = "../../../creusot-contracts/src/std/num.rs" 52 28 52 33 let%span srange32 = "../../../creusot-contracts/src/std/iter/range.rs" 15 12 15 78 let%span sresolve33 = "../../../creusot-contracts/src/resolve.rs" 54 20 54 34 let%span ssum_of_odds34 = "sum_of_odds.rs" 8 4 8 9 + use prelude.prelude.Int + use prelude.prelude.UInt32 type t_Range'0 = - { t_Range__start'0: uint32; t_Range__end'0: uint32 } + { t_Range__start'0: UInt32.t; t_Range__end'0: UInt32.t } predicate inv'0 (_1 : t_Range'0) @@ -116,8 +118,6 @@ module M_sum_of_odds__compute_sum_of_odd [#"sum_of_odds.rs" 36 0 36 36] use seq.Seq - use prelude.prelude.Int - function sum_of_odd'0 [#"sum_of_odds.rs" 18 0 18 28] (x : int) : int axiom sum_of_odd'0_def : forall x : int . sum_of_odd'0 x @@ -129,12 +129,12 @@ module M_sum_of_odds__compute_sum_of_odd [#"sum_of_odds.rs" 36 0 36 36] use seq.Seq - function deep_model'0 (self : uint32) : int = - [%#snum31] UInt32.to_int self + function deep_model'0 (self : UInt32.t) : int = + [%#snum31] UInt32.to_uint self use seq.Seq - predicate produces'0 (self : t_Range'0) (visited : Seq.seq uint32) (o : t_Range'0) = + predicate produces'0 (self : t_Range'0) (visited : Seq.seq UInt32.t) (o : t_Range'0) = [%#srange15] self.t_Range__end'0 = o.t_Range__end'0 /\ deep_model'0 self.t_Range__start'0 <= deep_model'0 o.t_Range__start'0 /\ (Seq.length visited > 0 -> deep_model'0 o.t_Range__start'0 <= deep_model'0 o.t_Range__end'0) @@ -142,10 +142,10 @@ module M_sum_of_odds__compute_sum_of_odd [#"sum_of_odds.rs" 36 0 36 36] /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> deep_model'0 (Seq.get visited i) = deep_model'0 self.t_Range__start'0 + i) - function produces_trans'0 (a : t_Range'0) (ab : Seq.seq uint32) (b : t_Range'0) (bc : Seq.seq uint32) (c : t_Range'0) : () + function produces_trans'0 (a : t_Range'0) (ab : Seq.seq UInt32.t) (b : t_Range'0) (bc : Seq.seq UInt32.t) (c : t_Range'0) : () - axiom produces_trans'0_spec : forall a : t_Range'0, ab : Seq.seq uint32, b : t_Range'0, bc : Seq.seq uint32, c : t_Range'0 . ([%#srange25] inv'0 a) + axiom produces_trans'0_spec : forall a : t_Range'0, ab : Seq.seq UInt32.t, b : t_Range'0, bc : Seq.seq UInt32.t, c : t_Range'0 . ([%#srange25] inv'0 a) -> ([%#srange26] inv'0 b) -> ([%#srange27] inv'0 c) -> ([%#srange28] produces'0 a ab b) @@ -154,11 +154,11 @@ module M_sum_of_odds__compute_sum_of_odd [#"sum_of_odds.rs" 36 0 36 36] function produces_refl'0 (self : t_Range'0) : () axiom produces_refl'0_spec : forall self : t_Range'0 . ([%#srange23] inv'0 self) - -> ([%#srange24] produces'0 self (Seq.empty : Seq.seq uint32) self) + -> ([%#srange24] produces'0 self (Seq.empty : Seq.seq UInt32.t) self) - predicate inv'1 (_1 : Seq.seq uint32) + predicate inv'1 (_1 : Seq.seq UInt32.t) - axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq uint32 [inv'1 x] . inv'1 x = true + axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq UInt32.t [inv'1 x] . inv'1 x = true use prelude.prelude.Borrow @@ -168,7 +168,7 @@ module M_sum_of_odds__compute_sum_of_odd [#"sum_of_odds.rs" 36 0 36 36] type t_Option'0 = | C_None'0 - | C_Some'0 uint32 + | C_Some'0 UInt32.t predicate inv'3 (_1 : t_Option'0) @@ -196,9 +196,9 @@ module M_sum_of_odds__compute_sum_of_odd [#"sum_of_odds.rs" 36 0 36 36] predicate resolve'0 (_1 : borrowed (t_Range'0)) = resolve'1 _1 - let rec v_Some'0 (input:t_Option'0) (ret (field_0:uint32))= any - [ good (field_0:uint32)-> {C_Some'0 field_0 = input} (! ret {field_0}) - | bad -> {forall field_0 : uint32 [C_Some'0 field_0 : t_Option'0] . C_Some'0 field_0 <> input} (! {false} any) ] + let rec v_Some'0 (input:t_Option'0) (ret (field_0:UInt32.t))= any + [ good (field_0:UInt32.t)-> {C_Some'0 field_0 = input} (! ret {field_0}) + | bad -> {forall field_0 : UInt32.t [C_Some'0 field_0 : t_Option'0] . C_Some'0 field_0 <> input} (! {false} any) ] function sqr'0 [#"sum_of_odds.rs" 7 0 7 21] (x : int) : int = @@ -220,23 +220,24 @@ module M_sum_of_odds__compute_sum_of_odd [#"sum_of_odds.rs" 36 0 36 36] meta "compute_max_steps" 1000000 - let rec compute_sum_of_odd'0 (x:uint32) (return' (ret:uint32))= {[@expl:compute_sum_of_odd requires] [%#ssum_of_odds10] UInt32.to_int x + let rec compute_sum_of_odd'0 (x:UInt32.t) (return' (ret:UInt32.t))= {[@expl:compute_sum_of_odd requires] [%#ssum_of_odds10] UInt32.to_uint x < 65536} (! bb0 [ bb0 = s0 - [ s0 = [ &s <- [%#ssum_of_odds0] (0 : uint32) ] s1 - | s1 = [ &_8 <- { t_Range__start'0 = ([%#ssum_of_odds1] (0 : uint32)); t_Range__end'0 = x } ] s2 + [ s0 = [ &s <- [%#ssum_of_odds0] (0 : UInt32.t) ] s1 + | s1 = [ &_8 <- { t_Range__start'0 = ([%#ssum_of_odds1] (0 : UInt32.t)); t_Range__end'0 = x } ] s2 | s2 = into_iter'0 {_8} (fun (_ret':t_Range'0) -> [ &iter <- _ret' ] s3) | s3 = bb1 ] | bb1 = s0 [ s0 = [ &iter_old <- [%#ssum_of_odds2] Snapshot.new iter ] s1 | s1 = bb2 ] - | bb2 = s0 [ s0 = [ &produced <- [%#ssum_of_odds3] Snapshot.new (Seq.empty : Seq.seq uint32) ] s1 | s1 = bb3 ] + | bb2 = s0 [ s0 = [ &produced <- [%#ssum_of_odds3] Snapshot.new (Seq.empty : Seq.seq UInt32.t) ] s1 | s1 = bb3 ] | bb3 = bb4 | bb4 = bb4 [ bb4 = {[@expl:for invariant] [%#ssum_of_odds5] inv'1 (Snapshot.inner produced)} {[@expl:for invariant] [%#ssum_of_odds5] inv'0 iter} {[@expl:for invariant] [%#ssum_of_odds5] produces'0 (Snapshot.inner iter_old) (Snapshot.inner produced) iter} - {[@expl:loop invariant] [%#ssum_of_odds4] UInt32.to_int s = sum_of_odd'0 (Seq.length (Snapshot.inner produced))} + {[@expl:loop invariant] [%#ssum_of_odds4] UInt32.to_uint s + = sum_of_odd'0 (Seq.length (Snapshot.inner produced))} (! s0) [ s0 = bb5 ] [ bb5 = s0 [ s0 = Borrow.borrow_mut {iter} @@ -251,11 +252,11 @@ module M_sum_of_odds__compute_sum_of_odd [#"sum_of_odds.rs" 36 0 36 36] | bb6 = s0 [ s0 = -{resolve'0 _21}- s1 - | s1 = any [ br0 -> {_19 = C_None'0 } (! bb9) | br1 (x0:uint32)-> {_19 = C_Some'0 x0} (! bb8) ] ] + | s1 = any [ br0 -> {_19 = C_None'0 } (! bb9) | br1 (x0:UInt32.t)-> {_19 = C_Some'0 x0} (! bb8) ] ] | bb8 = bb10 | bb10 = s0 - [ s0 = v_Some'0 {_19} (fun (r0'0:uint32) -> [ &__creusot_proc_iter_elem <- r0'0 ] s1) + [ s0 = v_Some'0 {_19} (fun (r0'0:UInt32.t) -> [ &__creusot_proc_iter_elem <- r0'0 ] s1) | s1 = [ &_24 <- [%#ssum_of_odds6] Snapshot.new (Seq.(++) (Snapshot.inner produced) (Seq.singleton __creusot_proc_iter_elem)) ] @@ -265,34 +266,34 @@ module M_sum_of_odds__compute_sum_of_odd [#"sum_of_odds.rs" 36 0 36 36] | bb11 = s0 [ s0 = [ &produced <- _24 ] s1 | s1 = [ &i <- __creusot_proc_iter_elem ] s2 - | s2 = {[@expl:assertion] [%#ssum_of_odds7] let _ = sum_of_odd_is_sqr'0 (UInt32.to_int i) in true} s3 - | s3 = UInt32.mul {[%#ssum_of_odds8] (2 : uint32)} {i} (fun (_ret':uint32) -> [ &_30 <- _ret' ] s4) - | s4 = UInt32.add {_30} {[%#ssum_of_odds9] (1 : uint32)} (fun (_ret':uint32) -> [ &_29 <- _ret' ] s5) - | s5 = UInt32.add {s} {_29} (fun (_ret':uint32) -> [ &s <- _ret' ] s6) + | s2 = {[@expl:assertion] [%#ssum_of_odds7] let _ = sum_of_odd_is_sqr'0 (UInt32.to_uint i) in true} s3 + | s3 = UInt32.mul {[%#ssum_of_odds8] (2 : UInt32.t)} {i} (fun (_ret':UInt32.t) -> [ &_30 <- _ret' ] s4) + | s4 = UInt32.add {_30} {[%#ssum_of_odds9] (1 : UInt32.t)} (fun (_ret':UInt32.t) -> [ &_29 <- _ret' ] s5) + | s5 = UInt32.add {s} {_29} (fun (_ret':UInt32.t) -> [ &s <- _ret' ] s6) | s6 = bb4 ] ] ] | bb9 = s0 [ s0 = [ &_0 <- s ] s1 | s1 = return' {_0} ] ] ) - [ & _0 : uint32 = any_l () - | & x : uint32 = x - | & s : uint32 = any_l () + [ & _0 : UInt32.t = any_l () + | & x : UInt32.t = x + | & s : UInt32.t = any_l () | & iter : t_Range'0 = any_l () | & _8 : t_Range'0 = any_l () | & iter_old : Snapshot.snap_ty (t_Range'0) = any_l () - | & produced : Snapshot.snap_ty (Seq.seq uint32) = any_l () + | & produced : Snapshot.snap_ty (Seq.seq UInt32.t) = any_l () | & _19 : t_Option'0 = any_l () | & _20 : borrowed (t_Range'0) = any_l () | & _21 : borrowed (t_Range'0) = any_l () - | & __creusot_proc_iter_elem : uint32 = any_l () - | & _24 : Snapshot.snap_ty (Seq.seq uint32) = any_l () - | & i : uint32 = any_l () - | & _29 : uint32 = any_l () - | & _30 : uint32 = any_l () ] + | & __creusot_proc_iter_elem : UInt32.t = any_l () + | & _24 : Snapshot.snap_ty (Seq.seq UInt32.t) = any_l () + | & i : UInt32.t = any_l () + | & _29 : UInt32.t = any_l () + | & _30 : UInt32.t = any_l () ] - [ return' (result:uint32)-> {[@expl:compute_sum_of_odd ensures] [%#ssum_of_odds11] UInt32.to_int result - = sum_of_odd'0 (UInt32.to_int x)} + [ return' (result:UInt32.t)-> {[@expl:compute_sum_of_odd ensures] [%#ssum_of_odds11] UInt32.to_uint result + = sum_of_odd'0 (UInt32.to_uint x)} (! return' {result}) ] end @@ -321,10 +322,10 @@ module M_sum_of_odds__test [#"sum_of_odds.rs" 50 0 50 19] use prelude.prelude.UInt32 - let rec compute_sum_of_odd'0 (x:uint32) (return' (ret:uint32))= {[@expl:compute_sum_of_odd requires] [%#ssum_of_odds2] UInt32.to_int x + let rec compute_sum_of_odd'0 (x:UInt32.t) (return' (ret:UInt32.t))= {[@expl:compute_sum_of_odd requires] [%#ssum_of_odds2] UInt32.to_uint x < 65536} any - [ return' (result:uint32)-> {[%#ssum_of_odds3] UInt32.to_int result = sum_of_odd'0 (UInt32.to_int x)} + [ return' (result:UInt32.t)-> {[%#ssum_of_odds3] UInt32.to_uint result = sum_of_odd'0 (UInt32.to_uint x)} (! return' {result}) ] @@ -346,15 +347,15 @@ module M_sum_of_odds__test [#"sum_of_odds.rs" 50 0 50 19] meta "compute_max_steps" 1000000 - let rec test'0 (x:uint32) (return' (ret:()))= {[@expl:test requires] [%#ssum_of_odds1] UInt32.to_int x < 65536} + let rec test'0 (x:UInt32.t) (return' (ret:()))= {[@expl:test requires] [%#ssum_of_odds1] UInt32.to_uint x < 65536} (! bb0 - [ bb0 = s0 [ s0 = compute_sum_of_odd'0 {x} (fun (_ret':uint32) -> [ &y <- _ret' ] s1) | s1 = bb1 ] + [ bb0 = s0 [ s0 = compute_sum_of_odd'0 {x} (fun (_ret':UInt32.t) -> [ &y <- _ret' ] s1) | s1 = bb1 ] | bb1 = s0 - [ s0 = {[@expl:assertion] [%#ssum_of_odds0] let _ = sum_of_odd_is_sqr'0 (UInt32.to_int x) in is_square'0 (UInt32.to_int y)} + [ s0 = {[@expl:assertion] [%#ssum_of_odds0] let _ = sum_of_odd_is_sqr'0 (UInt32.to_uint x) in is_square'0 (UInt32.to_uint y)} s1 | s1 = return' {_0} ] ] - ) [ & _0 : () = any_l () | & x : uint32 = x | & y : uint32 = any_l () ] + ) [ & _0 : () = any_l () | & x : UInt32.t = x | & y : UInt32.t = any_l () ] [ return' (result:())-> (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/swap_borrows.coma b/creusot/tests/should_succeed/swap_borrows.coma index 4eeffdac27..1722cd15fa 100644 --- a/creusot/tests/should_succeed/swap_borrows.coma +++ b/creusot/tests/should_succeed/swap_borrows.coma @@ -40,6 +40,8 @@ module M_swap_borrows__f [#"swap_borrows.rs" 10 0 10 10] let%span sswap_borrows7 = "swap_borrows.rs" 4 10 4 30 let%span sresolve8 = "../../../creusot-contracts/src/resolve.rs" 54 20 54 34 + use prelude.prelude.Int + use prelude.prelude.UInt32 use prelude.prelude.Borrow @@ -48,9 +50,9 @@ module M_swap_borrows__f [#"swap_borrows.rs" 10 0 10 10] axiom inv_axiom'0 [@rewrite] : forall x : (borrowed UInt32.t, borrowed UInt32.t) [inv'0 x] . inv'0 x = true - let rec swap'0 (x:(borrowed uint32, borrowed uint32)) (return' (ret:(borrowed uint32, borrowed uint32)))= {[@expl:swap 'x' type invariant] [%#sswap_borrows5] inv'0 x} + let rec swap'0 (x:(borrowed UInt32.t, borrowed UInt32.t)) (return' (ret:(borrowed UInt32.t, borrowed UInt32.t)))= {[@expl:swap 'x' type invariant] [%#sswap_borrows5] inv'0 x} any - [ return' (result:(borrowed uint32, borrowed uint32))-> {[%#sswap_borrows6] inv'0 result} + [ return' (result:(borrowed UInt32.t, borrowed UInt32.t))-> {[%#sswap_borrows6] inv'0 result} {[%#sswap_borrows7] result = ((let (_, a) = x in a), (let (a, _) = x in a))} (! return' {result}) ] @@ -70,10 +72,12 @@ module M_swap_borrows__f [#"swap_borrows.rs" 10 0 10 10] [ s0 = [ &_3 <- (([%#sswap_borrows0] (0 : UInt32.t)), ([%#sswap_borrows1] (0 : UInt32.t))) ] s1 | s1 = [ &a <- let (r'0, _) = _3 in r'0 ] s2 | s2 = [ &b <- let (_, r'1) = _3 in r'1 ] s3 - | s3 = Borrow.borrow_mut {a} (fun (_ret':borrowed uint32) -> [ &_6 <- _ret' ] [ &a <- _ret'.final ] s4) - | s4 = Borrow.borrow_mut {b} (fun (_ret':borrowed uint32) -> [ &_8 <- _ret' ] [ &b <- _ret'.final ] s5) - | s5 = Borrow.borrow_final {_8.current} {Borrow.get_id _8} - (fun (_ret':borrowed uint32) -> [ &_7 <- _ret' ] [ &_8 <- { _8 with current = _ret'.final } ] s6) + | s3 = Borrow.borrow_mut {a} + (fun (_ret':borrowed UInt32.t) -> [ &_6 <- _ret' ] [ &a <- _ret'.final ] s4) + | s4 = Borrow.borrow_mut {b} + (fun (_ret':borrowed UInt32.t) -> [ &_8 <- _ret' ] [ &b <- _ret'.final ] s5) + | s5 = Borrow.borrow_final {_8.current} {Borrow.get_id _8} + (fun (_ret':borrowed UInt32.t) -> [ &_7 <- _ret' ] [ &_8 <- { _8 with current = _ret'.final } ] s6) | s6 = [ &_5 <- (_6, _7) ] s7 | s7 = swap'0 {_5} (fun (_ret':(borrowed UInt32.t, borrowed UInt32.t)) -> [ &p <- _ret' ] s8) | s8 = bb1 ] @@ -86,7 +90,7 @@ module M_swap_borrows__f [#"swap_borrows.rs" 10 0 10 10] s1 | s1 = -{resolve'0 _8}- s2 | s2 = - [ &p <- let (_, r'2) = p in ({ (let (r'0, _) = p in r'0) with current = ([%#sswap_borrows2] (10 : uint32)) }, r'2) ] + [ &p <- let (_, r'2) = p in ({ (let (r'0, _) = p in r'0) with current = ([%#sswap_borrows2] (10 : UInt32.t)) }, r'2) ] s3 | s3 = -{match p with diff --git a/creusot/tests/should_succeed/switch.coma b/creusot/tests/should_succeed/switch.coma index 7ed04a525f..477219b524 100644 --- a/creusot/tests/should_succeed/switch.coma +++ b/creusot/tests/should_succeed/switch.coma @@ -2,15 +2,17 @@ module M_switch__test [#"switch.rs" 9 0 9 35] let%span sswitch0 = "switch.rs" 12 16 12 21 let%span sswitch1 = "switch.rs" 11 23 11 24 + use prelude.prelude.Int + use prelude.prelude.UInt32 type t_Option'0 = - | C_Some'0 uint32 + | C_Some'0 UInt32.t | C_None'0 - let rec v_Some'0 (input:t_Option'0) (ret (field_0:uint32))= any - [ good (field_0:uint32)-> {C_Some'0 field_0 = input} (! ret {field_0}) - | bad -> {forall field_0 : uint32 [C_Some'0 field_0 : t_Option'0] . C_Some'0 field_0 <> input} (! {false} any) ] + let rec v_Some'0 (input:t_Option'0) (ret (field_0:UInt32.t))= any + [ good (field_0:UInt32.t)-> {C_Some'0 field_0 = input} (! ret {field_0}) + | bad -> {forall field_0 : UInt32.t [C_Some'0 field_0 : t_Option'0] . C_Some'0 field_0 <> input} (! {false} any) ] use prelude.prelude.Intrinsic @@ -18,49 +20,51 @@ module M_switch__test [#"switch.rs" 9 0 9 35] meta "compute_max_steps" 1000000 let rec test'0 (o:t_Option'0) (return' (ret:bool))= (! bb0 - [ bb0 = any [ br0 (x0:uint32)-> {o = C_Some'0 x0} (! bb2) | br1 -> {o = C_None'0 } (! bb3) ] + [ bb0 = any [ br0 (x0:UInt32.t)-> {o = C_Some'0 x0} (! bb2) | br1 -> {o = C_None'0 } (! bb3) ] | bb3 = s0 [ s0 = [ &_0 <- [%#sswitch0] false ] s1 | s1 = bb5 ] | bb2 = bb4 | bb4 = s0 - [ s0 = v_Some'0 {o} (fun (r0'0:uint32) -> [ &x <- r0'0 ] s1) - | s1 = UInt32.gt {x} {[%#sswitch1] (0 : uint32)} (fun (_ret':bool) -> [ &_0 <- _ret' ] s2) + [ s0 = v_Some'0 {o} (fun (r0'0:UInt32.t) -> [ &x <- r0'0 ] s1) + | s1 = UInt32.gt {x} {[%#sswitch1] (0 : UInt32.t)} (fun (_ret':bool) -> [ &_0 <- _ret' ] s2) | s2 = bb5 ] | bb5 = return' {_0} ] - ) [ & _0 : bool = any_l () | & o : t_Option'0 = o | & x : uint32 = any_l () ] + ) [ & _0 : bool = any_l () | & o : t_Option'0 = o | & x : UInt32.t = any_l () ] [ return' (result:bool)-> (! return' {result}) ] end module M_switch__test2 [#"switch.rs" 16 0 16 42] + use prelude.prelude.Int + use prelude.prelude.UInt32 type t_Option'0 = - | C_Some'0 uint32 + | C_Some'0 UInt32.t | C_None'0 - let rec v_Some'0 (input:t_Option'0) (ret (field_0:uint32))= any - [ good (field_0:uint32)-> {C_Some'0 field_0 = input} (! ret {field_0}) - | bad -> {forall field_0 : uint32 [C_Some'0 field_0 : t_Option'0] . C_Some'0 field_0 <> input} (! {false} any) ] + let rec v_Some'0 (input:t_Option'0) (ret (field_0:UInt32.t))= any + [ good (field_0:UInt32.t)-> {C_Some'0 field_0 = input} (! ret {field_0}) + | bad -> {forall field_0 : UInt32.t [C_Some'0 field_0 : t_Option'0] . C_Some'0 field_0 <> input} (! {false} any) ] use prelude.prelude.Intrinsic meta "compute_max_steps" 1000000 - let rec test2'0 (o:(t_Option'0, uint32)) (return' (ret:uint32))= (! bb0 + let rec test2'0 (o:(t_Option'0, UInt32.t)) (return' (ret:UInt32.t))= (! bb0 [ bb0 = any - [ br0 (x0:uint32)-> {(let (r'0, _) = o in r'0) = C_Some'0 x0} (! bb2) + [ br0 (x0:UInt32.t)-> {(let (r'0, _) = o in r'0) = C_Some'0 x0} (! bb2) | br1 -> {(let (r'0, _) = o in r'0) = C_None'0 } (! bb3) ] | bb3 = s0 [ s0 = [ &_0 <- let (_, r'0) = o in r'0 ] s1 | s1 = bb5 ] | bb2 = bb4 | bb4 = s0 - [ s0 = v_Some'0 {let (r'0, _) = o in r'0} (fun (r0'0:uint32) -> [ &x <- r0'0 ] s1) + [ s0 = v_Some'0 {let (r'0, _) = o in r'0} (fun (r0'0:UInt32.t) -> [ &x <- r0'0 ] s1) | s1 = [ &_0 <- x ] s2 | s2 = bb5 ] | bb5 = return' {_0} ] - ) [ & _0 : uint32 = any_l () | & o : (t_Option'0, uint32) = o | & x : uint32 = any_l () ] - [ return' (result:uint32)-> (! return' {result}) ] + ) [ & _0 : UInt32.t = any_l () | & o : (t_Option'0, UInt32.t) = o | & x : UInt32.t = any_l () ] + [ return' (result:UInt32.t)-> (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/switch_struct.coma b/creusot/tests/should_succeed/switch_struct.coma index 7ca5397385..39cdc608e1 100644 --- a/creusot/tests/should_succeed/switch_struct.coma +++ b/creusot/tests/should_succeed/switch_struct.coma @@ -2,20 +2,22 @@ module M_switch_struct__test [#"switch_struct.rs" 8 0 8 30] let%span sswitch_struct0 = "switch_struct.rs" 12 34 12 35 let%span sswitch_struct1 = "switch_struct.rs" 11 33 11 34 + use prelude.prelude.Int + use prelude.prelude.UInt32 type t_M'0 = - | C_F'0 uint32 - | C_G'0 uint32 + | C_F'0 UInt32.t + | C_G'0 UInt32.t - let rec v_G'0 (input:t_M'0) (ret (field2:uint32))= any - [ good (field2:uint32)-> {C_G'0 field2 = input} (! ret {field2}) - | bad -> {forall field2 : uint32 [C_G'0 field2 : t_M'0] . C_G'0 field2 <> input} (! {false} any) ] + let rec v_G'0 (input:t_M'0) (ret (field2:UInt32.t))= any + [ good (field2:UInt32.t)-> {C_G'0 field2 = input} (! ret {field2}) + | bad -> {forall field2 : UInt32.t [C_G'0 field2 : t_M'0] . C_G'0 field2 <> input} (! {false} any) ] - let rec v_F'0 (input:t_M'0) (ret (field1:uint32))= any - [ good (field1:uint32)-> {C_F'0 field1 = input} (! ret {field1}) - | bad -> {forall field1 : uint32 [C_F'0 field1 : t_M'0] . C_F'0 field1 <> input} (! {false} any) ] + let rec v_F'0 (input:t_M'0) (ret (field1:UInt32.t))= any + [ good (field1:UInt32.t)-> {C_F'0 field1 = input} (! ret {field1}) + | bad -> {forall field1 : UInt32.t [C_F'0 field1 : t_M'0] . C_F'0 field1 <> input} (! {false} any) ] use prelude.prelude.Intrinsic @@ -23,20 +25,20 @@ module M_switch_struct__test [#"switch_struct.rs" 8 0 8 30] meta "compute_max_steps" 1000000 let rec test'0 (o:t_M'0) (return' (ret:bool))= (! bb0 - [ bb0 = any [ br0 (x0:uint32)-> {o = C_F'0 x0} (! bb2) | br1 (x0:uint32)-> {o = C_G'0 x0} (! bb3) ] + [ bb0 = any [ br0 (x0:UInt32.t)-> {o = C_F'0 x0} (! bb2) | br1 (x0:UInt32.t)-> {o = C_G'0 x0} (! bb3) ] | bb3 = s0 - [ s0 = v_G'0 {o} (fun (rfield2'0:uint32) -> [ &field2 <- rfield2'0 ] s1) - | s1 = UInt32.eq {field2} {[%#sswitch_struct0] (0 : uint32)} (fun (_ret':bool) -> [ &_0 <- _ret' ] s2) + [ s0 = v_G'0 {o} (fun (rfield2'0:UInt32.t) -> [ &field2 <- rfield2'0 ] s1) + | s1 = UInt32.eq {field2} {[%#sswitch_struct0] (0 : UInt32.t)} (fun (_ret':bool) -> [ &_0 <- _ret' ] s2) | s2 = bb5 ] | bb2 = bb4 | bb4 = s0 - [ s0 = v_F'0 {o} (fun (rfield1'0:uint32) -> [ &field1 <- rfield1'0 ] s1) - | s1 = UInt32.gt {field1} {[%#sswitch_struct1] (0 : uint32)} (fun (_ret':bool) -> [ &_0 <- _ret' ] s2) + [ s0 = v_F'0 {o} (fun (rfield1'0:UInt32.t) -> [ &field1 <- rfield1'0 ] s1) + | s1 = UInt32.gt {field1} {[%#sswitch_struct1] (0 : UInt32.t)} (fun (_ret':bool) -> [ &_0 <- _ret' ] s2) | s2 = bb5 ] | bb5 = return' {_0} ] - ) [ & _0 : bool = any_l () | & o : t_M'0 = o | & field1 : uint32 = any_l () | & field2 : uint32 = any_l () ] + ) [ & _0 : bool = any_l () | & o : t_M'0 = o | & field1 : UInt32.t = any_l () | & field2 : UInt32.t = any_l () ] [ return' (result:bool)-> (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/syntax/02_operators.coma b/creusot/tests/should_succeed/syntax/02_operators.coma index 28ace86aec..bb2a08a687 100644 --- a/creusot/tests/should_succeed/syntax/02_operators.coma +++ b/creusot/tests/should_succeed/syntax/02_operators.coma @@ -2,121 +2,135 @@ module M_02_operators__division [#"02_operators.rs" 8 0 8 40] let%span s02_operators0 = "02_operators.rs" 9 4 9 9 let%span s02_operators1 = "02_operators.rs" 7 11 7 17 - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 - use prelude.prelude.Intrinsic + use prelude.prelude.Int - use prelude.prelude.UIntSize + use prelude.prelude.Intrinsic - use prelude.prelude.Int + use prelude.prelude.UInt64 meta "compute_max_steps" 1000000 - let rec division'0 (x:usize) (y:usize) (return' (ret:usize))= {[@expl:division requires] [%#s02_operators1] UIntSize.to_int y + let rec division'0 (x:UInt64.t) (y:UInt64.t) (return' (ret:UInt64.t))= {[@expl:division requires] [%#s02_operators1] UInt64.to_uint y > 0} (! bb0 [ bb0 = s0 [ s0 = [ &_5 <- y ] s1 - | s1 = UIntSize.eq {_5} {[%#s02_operators0] (0 : usize)} (fun (_ret':bool) -> [ &_6 <- _ret' ] s2) + | s1 = UInt64.eq {_5} {[%#s02_operators0] (0 : UInt64.t)} (fun (_ret':bool) -> [ &_6 <- _ret' ] s2) | s2 = {[@expl:division by zero] [%#s02_operators0] not _6} s3 | s3 = bb1 ] - | bb1 = s0 [ s0 = UIntSize.div {x} {_5} (fun (_ret':usize) -> [ &_0 <- _ret' ] s1) | s1 = return' {_0} ] ] + | bb1 = s0 [ s0 = UInt64.div {x} {_5} (fun (_ret':UInt64.t) -> [ &_0 <- _ret' ] s1) | s1 = return' {_0} ] ] ) - [ & _0 : usize = any_l () | & x : usize = x | & y : usize = y | & _5 : usize = any_l () | & _6 : bool = any_l () ] - [ return' (result:usize)-> (! return' {result}) ] + [ & _0 : UInt64.t = any_l () + | & x : UInt64.t = x + | & y : UInt64.t = y + | & _5 : UInt64.t = any_l () + | & _6 : bool = any_l () ] + [ return' (result:UInt64.t)-> (! return' {result}) ] end module M_02_operators__modulus [#"02_operators.rs" 23 0 23 39] let%span s02_operators0 = "02_operators.rs" 24 4 24 9 let%span s02_operators1 = "02_operators.rs" 22 11 22 17 - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 - use prelude.prelude.Intrinsic + use prelude.prelude.Int - use prelude.prelude.UIntSize + use prelude.prelude.Intrinsic - use prelude.prelude.Int + use prelude.prelude.UInt64 meta "compute_max_steps" 1000000 - let rec modulus'0 (x:usize) (y:usize) (return' (ret:usize))= {[@expl:modulus requires] [%#s02_operators1] UIntSize.to_int y + let rec modulus'0 (x:UInt64.t) (y:UInt64.t) (return' (ret:UInt64.t))= {[@expl:modulus requires] [%#s02_operators1] UInt64.to_uint y > 0} (! bb0 [ bb0 = s0 [ s0 = [ &_5 <- y ] s1 - | s1 = UIntSize.eq {_5} {[%#s02_operators0] (0 : usize)} (fun (_ret':bool) -> [ &_6 <- _ret' ] s2) + | s1 = UInt64.eq {_5} {[%#s02_operators0] (0 : UInt64.t)} (fun (_ret':bool) -> [ &_6 <- _ret' ] s2) | s2 = {[@expl:remainder by zero] [%#s02_operators0] not _6} s3 | s3 = bb1 ] - | bb1 = s0 [ s0 = UIntSize.rem {x} {_5} (fun (_ret':usize) -> [ &_0 <- _ret' ] s1) | s1 = return' {_0} ] ] + | bb1 = s0 [ s0 = UInt64.rem {x} {_5} (fun (_ret':UInt64.t) -> [ &_0 <- _ret' ] s1) | s1 = return' {_0} ] ] ) - [ & _0 : usize = any_l () | & x : usize = x | & y : usize = y | & _5 : usize = any_l () | & _6 : bool = any_l () ] - [ return' (result:usize)-> (! return' {result}) ] + [ & _0 : UInt64.t = any_l () + | & x : UInt64.t = x + | & y : UInt64.t = y + | & _5 : UInt64.t = any_l () + | & _6 : bool = any_l () ] + [ return' (result:UInt64.t)-> (! return' {result}) ] end module M_02_operators__multiply [#"02_operators.rs" 38 0 38 40] let%span s02_operators0 = "02_operators.rs" 37 11 37 33 - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 + + use prelude.prelude.Int use prelude.prelude.Intrinsic - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 - use prelude.prelude.Int - - constant v_MAX'0 : usize = (18446744073709551615 : usize) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) meta "compute_max_steps" 1000000 - let rec multiply'0 (x:usize) (y:usize) (return' (ret:usize))= {[@expl:multiply requires] [%#s02_operators0] UIntSize.to_int x - * UIntSize.to_int y - <= UIntSize.to_int (v_MAX'0 : usize)} - (! bb0 [ bb0 = s0 [ s0 = UIntSize.mul {x} {y} (fun (_ret':usize) -> [ &_0 <- _ret' ] s1) | s1 = return' {_0} ] ] ) - [ & _0 : usize = any_l () | & x : usize = x | & y : usize = y ] - [ return' (result:usize)-> (! return' {result}) ] + let rec multiply'0 (x:UInt64.t) (y:UInt64.t) (return' (ret:UInt64.t))= {[@expl:multiply requires] [%#s02_operators0] UInt64.to_uint x + * UInt64.to_uint y + <= UInt64.to_uint (v_MAX'0 : UInt64.t)} + (! bb0 + [ bb0 = s0 [ s0 = UInt64.mul {x} {y} (fun (_ret':UInt64.t) -> [ &_0 <- _ret' ] s1) | s1 = return' {_0} ] ] + ) [ & _0 : UInt64.t = any_l () | & x : UInt64.t = x | & y : UInt64.t = y ] + [ return' (result:UInt64.t)-> (! return' {result}) ] + end module M_02_operators__add [#"02_operators.rs" 48 0 48 35] let%span s02_operators0 = "02_operators.rs" 47 11 47 33 - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 - use prelude.prelude.Intrinsic + use prelude.prelude.Int - use prelude.prelude.UIntSize + use prelude.prelude.Intrinsic - use prelude.prelude.Int + use prelude.prelude.UInt64 - constant v_MAX'0 : usize = (18446744073709551615 : usize) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) meta "compute_max_steps" 1000000 - let rec add'0 (x:usize) (y:usize) (return' (ret:usize))= {[@expl:add requires] [%#s02_operators0] UIntSize.to_int x - + UIntSize.to_int y - <= UIntSize.to_int (v_MAX'0 : usize)} - (! bb0 [ bb0 = s0 [ s0 = UIntSize.add {x} {y} (fun (_ret':usize) -> [ &_0 <- _ret' ] s1) | s1 = return' {_0} ] ] ) - [ & _0 : usize = any_l () | & x : usize = x | & y : usize = y ] - [ return' (result:usize)-> (! return' {result}) ] + let rec add'0 (x:UInt64.t) (y:UInt64.t) (return' (ret:UInt64.t))= {[@expl:add requires] [%#s02_operators0] UInt64.to_uint x + + UInt64.to_uint y + <= UInt64.to_uint (v_MAX'0 : UInt64.t)} + (! bb0 + [ bb0 = s0 [ s0 = UInt64.add {x} {y} (fun (_ret':UInt64.t) -> [ &_0 <- _ret' ] s1) | s1 = return' {_0} ] ] + ) [ & _0 : UInt64.t = any_l () | & x : UInt64.t = x | & y : UInt64.t = y ] + [ return' (result:UInt64.t)-> (! return' {result}) ] + end module M_02_operators__sub [#"02_operators.rs" 63 0 63 35] let%span s02_operators0 = "02_operators.rs" 62 11 62 23 - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 - use prelude.prelude.Intrinsic + use prelude.prelude.Int - use prelude.prelude.UIntSize + use prelude.prelude.Intrinsic - use prelude.prelude.Int + use prelude.prelude.UInt64 meta "compute_max_steps" 1000000 - let rec sub'0 (x:usize) (y:usize) (return' (ret:usize))= {[@expl:sub requires] [%#s02_operators0] UIntSize.to_int x - - UIntSize.to_int y + let rec sub'0 (x:UInt64.t) (y:UInt64.t) (return' (ret:UInt64.t))= {[@expl:sub requires] [%#s02_operators0] UInt64.to_uint x + - UInt64.to_uint y >= 0} - (! bb0 [ bb0 = s0 [ s0 = UIntSize.sub {x} {y} (fun (_ret':usize) -> [ &_0 <- _ret' ] s1) | s1 = return' {_0} ] ] ) - [ & _0 : usize = any_l () | & x : usize = x | & y : usize = y ] - [ return' (result:usize)-> (! return' {result}) ] + (! bb0 + [ bb0 = s0 [ s0 = UInt64.sub {x} {y} (fun (_ret':UInt64.t) -> [ &_0 <- _ret' ] s1) | s1 = return' {_0} ] ] + ) [ & _0 : UInt64.t = any_l () | & x : UInt64.t = x | & y : UInt64.t = y ] + [ return' (result:UInt64.t)-> (! return' {result}) ] + end module M_02_operators__expression [#"02_operators.rs" 77 0 77 51] let%span s02_operators0 = "02_operators.rs" 78 4 78 9 @@ -125,76 +139,146 @@ module M_02_operators__expression [#"02_operators.rs" 77 0 77 51] let%span s02_operators3 = "02_operators.rs" 75 11 75 38 let%span s02_operators4 = "02_operators.rs" 76 10 76 16 - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 - use prelude.prelude.Intrinsic + use prelude.prelude.Int - use prelude.prelude.UIntSize + use prelude.prelude.Intrinsic - use prelude.prelude.Int + use prelude.prelude.UInt64 - constant v_MAX'0 : usize = (18446744073709551615 : usize) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) meta "compute_max_steps" 1000000 - let rec expression'0 (x:usize) (y:usize) (z:usize) (return' (ret:bool))= {[@expl:expression requires #0] [%#s02_operators2] UIntSize.to_int y + let rec expression'0 (x:UInt64.t) (y:UInt64.t) (z:UInt64.t) (return' (ret:bool))= {[@expl:expression requires #0] [%#s02_operators2] UInt64.to_uint y > 0} - {[@expl:expression requires #1] [%#s02_operators3] div (UIntSize.to_int x) (UIntSize.to_int y) * UIntSize.to_int z - <= UIntSize.to_int (v_MAX'0 : usize)} + {[@expl:expression requires #1] [%#s02_operators3] div (UInt64.to_uint x) (UInt64.to_uint y) * UInt64.to_uint z + <= UInt64.to_uint (v_MAX'0 : UInt64.t)} (! bb0 [ bb0 = s0 [ s0 = [ &_10 <- y ] s1 - | s1 = UIntSize.eq {_10} {[%#s02_operators0] (0 : usize)} (fun (_ret':bool) -> [ &_11 <- _ret' ] s2) + | s1 = UInt64.eq {_10} {[%#s02_operators0] (0 : UInt64.t)} (fun (_ret':bool) -> [ &_11 <- _ret' ] s2) | s2 = {[@expl:division by zero] [%#s02_operators0] not _11} s3 | s3 = bb1 ] | bb1 = s0 - [ s0 = UIntSize.div {x} {_10} (fun (_ret':usize) -> [ &_8 <- _ret' ] s1) - | s1 = UIntSize.mul {_8} {z} (fun (_ret':usize) -> [ &_7 <- _ret' ] s2) + [ s0 = UInt64.div {x} {_10} (fun (_ret':UInt64.t) -> [ &_8 <- _ret' ] s1) + | s1 = UInt64.mul {_8} {z} (fun (_ret':UInt64.t) -> [ &_7 <- _ret' ] s2) | s2 = [ &_16 <- y ] s3 - | s3 = UIntSize.eq {_16} {[%#s02_operators1] (0 : usize)} (fun (_ret':bool) -> [ &_17 <- _ret' ] s4) + | s3 = UInt64.eq {_16} {[%#s02_operators1] (0 : UInt64.t)} (fun (_ret':bool) -> [ &_17 <- _ret' ] s4) | s4 = {[@expl:division by zero] [%#s02_operators1] not _17} s5 | s5 = bb2 ] | bb2 = s0 - [ s0 = UIntSize.div {x} {_16} (fun (_ret':usize) -> [ &_14 <- _ret' ] s1) - | s1 = UIntSize.mul {_14} {z} (fun (_ret':usize) -> [ &_13 <- _ret' ] s2) - | s2 = UIntSize.eq {_7} {_13} (fun (_ret':bool) -> [ &_0 <- _ret' ] s3) + [ s0 = UInt64.div {x} {_16} (fun (_ret':UInt64.t) -> [ &_14 <- _ret' ] s1) + | s1 = UInt64.mul {_14} {z} (fun (_ret':UInt64.t) -> [ &_13 <- _ret' ] s2) + | s2 = UInt64.eq {_7} {_13} (fun (_ret':bool) -> [ &_0 <- _ret' ] s3) | s3 = return' {_0} ] ] ) [ & _0 : bool = any_l () - | & x : usize = x - | & y : usize = y - | & z : usize = z - | & _7 : usize = any_l () - | & _8 : usize = any_l () - | & _10 : usize = any_l () + | & x : UInt64.t = x + | & y : UInt64.t = y + | & z : UInt64.t = z + | & _7 : UInt64.t = any_l () + | & _8 : UInt64.t = any_l () + | & _10 : UInt64.t = any_l () | & _11 : bool = any_l () - | & _13 : usize = any_l () - | & _14 : usize = any_l () - | & _16 : usize = any_l () + | & _13 : UInt64.t = any_l () + | & _14 : UInt64.t = any_l () + | & _16 : UInt64.t = any_l () | & _17 : bool = any_l () ] [ return' (result:bool)-> {[@expl:expression ensures] [%#s02_operators4] result} (! return' {result}) ] end module M_02_operators__primitive_comparison [#"02_operators.rs" 92 0 92 29] let%span s02_operators0 = "02_operators.rs" 91 10 91 20 + let%span sord1 = "../../../../creusot-contracts/src/logic/ord.rs" 78 39 78 89 + let%span sord2 = "../../../../creusot-contracts/src/logic/ord.rs" 83 39 83 86 + let%span sord3 = "../../../../creusot-contracts/src/logic/ord.rs" 88 39 88 86 + let%span sord4 = "../../../../creusot-contracts/src/logic/ord.rs" 93 39 93 89 + let%span sord5 = "../../../../creusot-contracts/src/logic/ord.rs" 98 39 98 70 + let%span sord6 = "../../../../creusot-contracts/src/logic/ord.rs" 103 40 103 57 + let%span sord7 = "../../../../creusot-contracts/src/logic/ord.rs" 104 40 104 57 + let%span sord8 = "../../../../creusot-contracts/src/logic/ord.rs" 105 39 105 56 + let%span sord9 = "../../../../creusot-contracts/src/logic/ord.rs" 110 40 110 70 + let%span sord10 = "../../../../creusot-contracts/src/logic/ord.rs" 111 39 111 72 + let%span sord11 = "../../../../creusot-contracts/src/logic/ord.rs" 116 40 116 73 + let%span sord12 = "../../../../creusot-contracts/src/logic/ord.rs" 117 39 117 69 + let%span sord13 = "../../../../creusot-contracts/src/logic/ord.rs" 122 39 122 84 + let%span sord14 = "../../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 use prelude.prelude.Intrinsic - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 type t_X'0 = - { t_X__a'0: usize } + { t_X__a'0: UInt64.t } - use prelude.prelude.Int + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 + + use prelude.prelude.UInt64 + + function cmp_log'0 (self : UInt64.t) (o : UInt64.t) : t_Ordering'0 = + [%#sord14] if UInt64.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + + function eq_cmp'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom eq_cmp'0_spec : forall x : UInt64.t, y : UInt64.t . [%#sord13] (x = y) = (cmp_log'0 x y = C_Equal'0) + + function antisym2'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom antisym2'0_spec : forall x : UInt64.t, y : UInt64.t . ([%#sord11] cmp_log'0 x y = C_Greater'0) + -> ([%#sord12] cmp_log'0 y x = C_Less'0) + + function antisym1'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom antisym1'0_spec : forall x : UInt64.t, y : UInt64.t . ([%#sord9] cmp_log'0 x y = C_Less'0) + -> ([%#sord10] cmp_log'0 y x = C_Greater'0) + + function trans'0 (x : UInt64.t) (y : UInt64.t) (z : UInt64.t) (o : t_Ordering'0) : () + + axiom trans'0_spec : forall x : UInt64.t, y : UInt64.t, z : UInt64.t, o : t_Ordering'0 . ([%#sord6] cmp_log'0 x y = o) + -> ([%#sord7] cmp_log'0 y z = o) -> ([%#sord8] cmp_log'0 x z = o) + + function refl'0 (x : UInt64.t) : () + + axiom refl'0_spec : forall x : UInt64.t . [%#sord5] cmp_log'0 x x = C_Equal'0 + + use prelude.prelude.UInt64 + + function cmp_gt_log'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom cmp_gt_log'0_spec : forall x : UInt64.t, y : UInt64.t . [%#sord4] UInt64.ugt x y = (cmp_log'0 x y = C_Greater'0) + + use prelude.prelude.UInt64 + + function cmp_ge_log'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom cmp_ge_log'0_spec : forall x : UInt64.t, y : UInt64.t . [%#sord3] UInt64.uge x y = (cmp_log'0 x y <> C_Less'0) + + function cmp_lt_log'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom cmp_lt_log'0_spec : forall x : UInt64.t, y : UInt64.t . [%#sord2] UInt64.ult x y = (cmp_log'0 x y = C_Less'0) + + use prelude.prelude.UInt64 + + function cmp_le_log'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom cmp_le_log'0_spec : forall x : UInt64.t, y : UInt64.t . [%#sord1] UInt64.ule x y + = (cmp_log'0 x y <> C_Greater'0) meta "compute_max_steps" 1000000 let rec primitive_comparison'0 (x:t_X'0) (return' (ret:()))= (! bb0 [ bb0 = return' {_0} ] ) [ & _0 : () = any_l () ] - [ return' (result:())-> {[@expl:primitive_comparison ensures] [%#s02_operators0] x.t_X__a'0 <= x.t_X__a'0} + [ return' (result:())-> {[@expl:primitive_comparison ensures] [%#s02_operators0] UInt64.ule x.t_X__a'0 x.t_X__a'0} (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/syntax/04_assoc_prec.coma b/creusot/tests/should_succeed/syntax/04_assoc_prec.coma index 8330d1fdf7..205c20a045 100644 --- a/creusot/tests/should_succeed/syntax/04_assoc_prec.coma +++ b/creusot/tests/should_succeed/syntax/04_assoc_prec.coma @@ -11,7 +11,7 @@ module M_04_assoc_prec__respect_prec [#"04_assoc_prec.rs" 12 0 12 34] meta "compute_max_steps" 1000000 - let rec respect_prec'0 (x:(uint32, uint32)) (return' (ret:()))= (! bb0 [ bb0 = return' {_0} ] ) + let rec respect_prec'0 (x:(UInt32.t, UInt32.t)) (return' (ret:()))= (! bb0 [ bb0 = return' {_0} ] ) [ & _0 : () = any_l () ] [ return' (result:())-> {[@expl:respect_prec ensures #0] [%#s04_assoc_prec0] 5 = 3 -> 2 + 1 = 3} @@ -27,9 +27,16 @@ module M_04_assoc_prec__respect_assoc [#"04_assoc_prec.rs" 15 0 15 22] use prelude.prelude.Int + use prelude.prelude.UInt32 + + use prelude.prelude.UInt32 + meta "compute_max_steps" 1000000 let rec respect_assoc'0 (_1:()) (return' (ret:()))= (! bb0 [ bb0 = return' {_0} ] ) [ & _0 : () = any_l () ] - [ return' (result:())-> {[@expl:respect_assoc ensures] [%#s04_assoc_prec0] 0 + 1 = 0} (! return' {result}) ] + [ return' (result:())-> {[@expl:respect_assoc ensures] [%#s04_assoc_prec0] UInt32.to_uint (0 : UInt32.t) + + UInt32.to_uint (1 : UInt32.t) + = 0} + (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/syntax/05_pearlite.coma b/creusot/tests/should_succeed/syntax/05_pearlite.coma index 6135ab96c6..e4bed2ef5f 100644 --- a/creusot/tests/should_succeed/syntax/05_pearlite.coma +++ b/creusot/tests/should_succeed/syntax/05_pearlite.coma @@ -7,7 +7,9 @@ module M_05_pearlite__has_len_3 [#"05_pearlite.rs" 11 0 11 35] use prelude.prelude.Borrow - use prelude.prelude.Slice + use Slice64.create + + use prelude.prelude.Int use prelude.prelude.UInt32 @@ -15,28 +17,26 @@ module M_05_pearlite__has_len_3 [#"05_pearlite.rs" 11 0 11 35] use seq.Seq - use prelude.prelude.UIntSize - - constant v_MAX'0 : usize = (18446744073709551615 : usize) + use prelude.prelude.UInt64 - use prelude.prelude.UIntSize + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.Int + use prelude.prelude.UInt64 - use prelude.prelude.Slice + use prelude.prelude.Slice64 - function view'1 (self : slice uint32) : Seq.seq uint32 + function view'1 (self : slice UInt32.t) : Seq.seq UInt32.t - axiom view'1_spec : forall self : slice uint32 . ([%#sslice3] Seq.length (view'1 self) - <= UIntSize.to_int (v_MAX'0 : usize)) - && ([%#sslice4] view'1 self = Slice.id self) + axiom view'1_spec : forall self : slice UInt32.t . ([%#sslice3] Seq.length (view'1 self) + <= UInt64.to_uint (v_MAX'0 : UInt64.t)) + && ([%#sslice4] view'1 self = Slice64.id self) - function view'0 (self : slice uint32) : Seq.seq uint32 = + function view'0 (self : slice UInt32.t) : Seq.seq UInt32.t = [%#smodel2] view'1 self - constant v : slice uint32 + constant v : slice UInt32.t - predicate has_len_3'0 [#"05_pearlite.rs" 11 0 11 35] (v : slice uint32) + predicate has_len_3'0 [#"05_pearlite.rs" 11 0 11 35] (v : slice UInt32.t) goal vc_has_len_3'0 : true end @@ -60,22 +60,26 @@ module M_05_pearlite__struct_order [#"05_pearlite.rs" 34 0 34 25] use prelude.prelude.Intrinsic + use prelude.prelude.Int + use prelude.prelude.UInt32 type t_B'0 = - { t_B__field1'0: bool; t_B__field2'0: uint32 } + { t_B__field1'0: bool; t_B__field2'0: UInt32.t } meta "compute_max_steps" 1000000 let rec struct_order'0 (x:t_B'0) (return' (ret:()))= (! bb0 [ bb0 = return' {_0} ] ) [ & _0 : () = any_l () ] [ return' (result:())-> {[@expl:struct_order ensures] [%#s05_pearlite0] x - = { t_B__field1'0 = false; t_B__field2'0 = (0 : uint32) }} + = { t_B__field1'0 = false; t_B__field2'0 = (0 : UInt32.t) }} (! return' {result}) ] end module M_05_pearlite__ghost_closure [#"05_pearlite.rs" 50 0 50 22] let%span s05_pearlite0 = "05_pearlite.rs" 51 13 51 38 + use prelude.prelude.Int + use prelude.prelude.UInt32 use prelude.prelude.Mapping @@ -92,16 +96,18 @@ module M_05_pearlite__ghost_closure [#"05_pearlite.rs" 50 0 50 22] let rec ghost_closure'0 (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 - [ s0 = [ &_x <- [%#s05_pearlite0] Snapshot.new (Mapping.from_fn (fun (a : uint32) -> a)) ] s1 | s1 = bb1 ] + [ s0 = [ &_x <- [%#s05_pearlite0] Snapshot.new (Mapping.from_fn (fun (a : UInt32.t) -> a)) ] s1 | s1 = bb1 ] | bb1 = return' {_0} ] - ) [ & _0 : () = any_l () | & _x : Snapshot.snap_ty (Map.map uint32 uint32) = any_l () ] + ) [ & _0 : () = any_l () | & _x : Snapshot.snap_ty (Map.map UInt32.t UInt32.t) = any_l () ] [ return' (result:())-> (! return' {result}) ] end module M_05_pearlite__pearlite_closure [#"05_pearlite.rs" 54 0 54 57] use prelude.prelude.Intrinsic + use prelude.prelude.Int + use prelude.prelude.UInt32 use map.Map @@ -110,13 +116,15 @@ module M_05_pearlite__pearlite_closure [#"05_pearlite.rs" 54 0 54 57] meta "compute_max_steps" 1000000 - let rec pearlite_closure'0 (_x:Snapshot.snap_ty (Map.map uint32 bool)) (return' (ret:()))= (! bb0 + let rec pearlite_closure'0 (_x:Snapshot.snap_ty (Map.map UInt32.t bool)) (return' (ret:()))= (! bb0 [ bb0 = return' {_0} ] ) [ & _0 : () = any_l () ] [ return' (result:())-> (! return' {result}) ] end module M_05_pearlite__caller [#"05_pearlite.rs" 56 0 56 15] let%span s05_pearlite0 = "05_pearlite.rs" 57 21 57 44 + use prelude.prelude.Int + use prelude.prelude.UInt32 use prelude.prelude.Mapping @@ -127,7 +135,7 @@ module M_05_pearlite__caller [#"05_pearlite.rs" 56 0 56 15] use prelude.prelude.Snapshot - let rec pearlite_closure'0 (_x:Snapshot.snap_ty (Map.map uint32 bool)) (return' (ret:()))= any + let rec pearlite_closure'0 (_x:Snapshot.snap_ty (Map.map UInt32.t bool)) (return' (ret:()))= any [ return' (result:())-> (! return' {result}) ] @@ -137,11 +145,11 @@ module M_05_pearlite__caller [#"05_pearlite.rs" 56 0 56 15] let rec caller'0 (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 - [ s0 = [ &_2 <- [%#s05_pearlite0] Snapshot.new (Mapping.from_fn (fun (_a : uint32) -> true)) ] s1 | s1 = bb1 ] + [ s0 = [ &_2 <- [%#s05_pearlite0] Snapshot.new (Mapping.from_fn (fun (_a : UInt32.t) -> true)) ] s1 | s1 = bb1 ] | bb1 = s0 [ s0 = pearlite_closure'0 {_2} (fun (_ret':()) -> [ &_1 <- _ret' ] s1) | s1 = bb2 ] | bb2 = return' {_0} ] - ) [ & _0 : () = any_l () | & _1 : () = any_l () | & _2 : Snapshot.snap_ty (Map.map uint32 bool) = any_l () ] + ) [ & _0 : () = any_l () | & _1 : () = any_l () | & _2 : Snapshot.snap_ty (Map.map UInt32.t bool) = any_l () ] [ return' (result:())-> (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/syntax/07_extern_spec.coma b/creusot/tests/should_succeed/syntax/07_extern_spec.coma index 6c7cd2d3b6..fcc82fbe1d 100644 --- a/creusot/tests/should_succeed/syntax/07_extern_spec.coma +++ b/creusot/tests/should_succeed/syntax/07_extern_spec.coma @@ -17,20 +17,22 @@ module M_07_extern_spec__extern_spec_UseSelf_i32_func_body [#"07_extern_spec.rs" use prelude.prelude.Int32 + use prelude.prelude.Int + use prelude.prelude.Intrinsic use prelude.prelude.Borrow meta "compute_max_steps" 1000000 - let rec extern_spec_UseSelf_i32_func_body'0 (self_:int32) (s:int32) (return' (ret:bool))= (! bb0 + let rec extern_spec_UseSelf_i32_func_body'0 (self_:Int32.t) (s:Int32.t) (return' (ret:bool))= (! bb0 [ bb0 = s0 - [ s0 = Int32.eq {self_} {[%#s07_extern_spec0] (1 : int32)} (fun (_ret':bool) -> [ &_0 <- _ret' ] s1) + [ s0 = Int32.eq {self_} {[%#s07_extern_spec0] (1 : Int32.t)} (fun (_ret':bool) -> [ &_0 <- _ret' ] s1) | s1 = return' {_0} ] ] - ) [ & _0 : bool = any_l () | & self_ : int32 = self_ ] + ) [ & _0 : bool = any_l () | & self_ : Int32.t = self_ ] [ return' (result:bool)-> {[@expl:extern_spec_UseSelf_i32_func_body ensures] [%#s07_extern_spec1] result - = (self_ = (1 : int32))} + = (self_ = (1 : Int32.t))} (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/syntax/09_maintains.coma b/creusot/tests/should_succeed/syntax/09_maintains.coma index b5fb5b56ac..8355664418 100644 --- a/creusot/tests/should_succeed/syntax/09_maintains.coma +++ b/creusot/tests/should_succeed/syntax/09_maintains.coma @@ -4,14 +4,16 @@ module M_09_maintains__test_1 [#"09_maintains.rs" 28 0 28 36] use prelude.prelude.Intrinsic + use prelude.prelude.Int + use prelude.prelude.UInt64 - predicate invariant'0 [#"09_maintains.rs" 12 4 12 47] (self : ()) (b : bool) (c : uint64) = + predicate invariant'0 [#"09_maintains.rs" 12 4 12 47] (self : ()) (b : bool) (c : UInt64.t) = [%#s09_maintains1] true meta "compute_max_steps" 1000000 - let rec test_1'0 (a:()) (b:bool) (c:uint64) (return' (ret:()))= {[@expl:test_1 requires] [%#s09_maintains0] invariant'0 a b c} + let rec test_1'0 (a:()) (b:bool) (c:UInt64.t) (return' (ret:()))= {[@expl:test_1 requires] [%#s09_maintains0] invariant'0 a b c} (! bb0 [ bb0 = return' {_0} ] ) [ & _0 : () = any_l () ] [ return' (result:())-> {[@expl:test_1 ensures] [%#s09_maintains0] invariant'0 a b c} (! return' {result}) ] @@ -31,14 +33,16 @@ module M_09_maintains__test_2 [#"09_maintains.rs" 31 0 31 41] use prelude.prelude.Intrinsic + use prelude.prelude.Int + use prelude.prelude.UInt64 - predicate invariant'0 [#"09_maintains.rs" 12 4 12 47] (self : ()) (b : bool) (c : uint64) = + predicate invariant'0 [#"09_maintains.rs" 12 4 12 47] (self : ()) (b : bool) (c : UInt64.t) = [%#s09_maintains1] true meta "compute_max_steps" 1000000 - let rec test_2'0 (a:borrowed ()) (b:bool) (c:uint64) (return' (ret:()))= {[@expl:test_2 requires] [%#s09_maintains0] invariant'0 a.current b c} + let rec test_2'0 (a:borrowed ()) (b:bool) (c:UInt64.t) (return' (ret:()))= {[@expl:test_2 requires] [%#s09_maintains0] invariant'0 a.current b c} (! bb0 [ bb0 = s0 [ s0 = -{resolve'0 a}- s1 | s1 = return' {_0} ] ] ) [ & _0 : () = any_l () | & a : borrowed () = a ] [ return' (result:())-> {[@expl:test_2 ensures] [%#s09_maintains0] invariant'0 a.final b c} (! return' {result}) ] @@ -64,14 +68,16 @@ module M_09_maintains__test_3 [#"09_maintains.rs" 34 0 34 46] use prelude.prelude.Intrinsic + use prelude.prelude.Int + use prelude.prelude.UInt64 - predicate invariant'0 [#"09_maintains.rs" 12 4 12 47] (self : ()) (b : bool) (c : uint64) = + predicate invariant'0 [#"09_maintains.rs" 12 4 12 47] (self : ()) (b : bool) (c : UInt64.t) = [%#s09_maintains1] true meta "compute_max_steps" 1000000 - let rec test_3'0 (a:borrowed ()) (b:borrowed bool) (c:uint64) (return' (ret:()))= {[@expl:test_3 requires] [%#s09_maintains0] invariant'0 a.current b.current c} + let rec test_3'0 (a:borrowed ()) (b:borrowed bool) (c:UInt64.t) (return' (ret:()))= {[@expl:test_3 requires] [%#s09_maintains0] invariant'0 a.current b.current c} (! bb0 [ bb0 = s0 [ s0 = -{resolve'0 b}- s1 | s1 = -{resolve'1 a}- s2 | s2 = return' {_0} ] ] ) [ & _0 : () = any_l () | & a : borrowed () = a | & b : borrowed bool = b ] @@ -85,21 +91,21 @@ module M_09_maintains__test_5 [#"09_maintains.rs" 37 0 37 29] use prelude.prelude.Intrinsic - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 use prelude.prelude.Int predicate inv2'0 [#"09_maintains.rs" 17 4 17 33] (self : ()) (b : int) = [%#s09_maintains1] true - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 meta "compute_max_steps" 1000000 - let rec test_5'0 (a:()) (b:usize) (return' (ret:()))= {[@expl:test_5 requires] [%#s09_maintains0] inv2'0 a (UIntSize.to_int b + let rec test_5'0 (a:()) (b:UInt64.t) (return' (ret:()))= {[@expl:test_5 requires] [%#s09_maintains0] inv2'0 a (UInt64.to_uint b + 0)} (! bb0 [ bb0 = return' {_0} ] ) [ & _0 : () = any_l () ] - [ return' (result:())-> {[@expl:test_5 ensures] [%#s09_maintains0] inv2'0 a (UIntSize.to_int b + 0)} + [ return' (result:())-> {[@expl:test_5 ensures] [%#s09_maintains0] inv2'0 a (UInt64.to_uint b + 0)} (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/syntax/10_mutual_rec_types.coma b/creusot/tests/should_succeed/syntax/10_mutual_rec_types.coma index ef5f8e1c0c..4d0c73ed49 100644 --- a/creusot/tests/should_succeed/syntax/10_mutual_rec_types.coma +++ b/creusot/tests/should_succeed/syntax/10_mutual_rec_types.coma @@ -3,10 +3,12 @@ module M_10_mutual_rec_types__use_tree [#"10_mutual_rec_types.rs" 15 0 15 25] use prelude.prelude.Borrow + use prelude.prelude.Int + use prelude.prelude.UInt32 type t_Node'0 = - { t_Node__left'0: t_Tree'0; t_Node__val'0: uint32; t_Node__right'0: t_Tree'0 } + { t_Node__left'0: t_Tree'0; t_Node__val'0: UInt32.t; t_Node__right'0: t_Tree'0 } with t_Option'0 = | C_None'0 | C_Some'0 (t_Node'0) @@ -25,14 +27,16 @@ module M_10_mutual_rec_types__qyi18211245992252154719__height [#"10_mutual_rec_t let%span scmp2 = "../../../../creusot-contracts/src/std/cmp.rs" 53 26 53 66 let%span scmp3 = "../../../../creusot-contracts/src/std/cmp.rs" 54 26 54 63 let%span scmp4 = "../../../../creusot-contracts/src/std/cmp.rs" 7 0 62 1 - let%span snum5 = "../../../../creusot-contracts/src/std/num.rs" 21 28 21 33 + let%span snum5 = "../../../../creusot-contracts/src/std/num.rs" 52 28 52 33 + + use prelude.prelude.Int use prelude.prelude.UInt32 type t_Tree'0 = { t_Tree__0'0: t_Option'0 } with t_Node'0 = - { t_Node__left'0: t_Tree'0; t_Node__val'0: uint32; t_Node__right'0: t_Tree'0 } + { t_Node__left'0: t_Tree'0; t_Node__val'0: UInt32.t; t_Node__right'0: t_Tree'0 } with t_Option'0 = | C_None'0 | C_Some'0 (t_Node'0) @@ -44,21 +48,19 @@ module M_10_mutual_rec_types__qyi18211245992252154719__height [#"10_mutual_rec_t use prelude.prelude.UInt64 - predicate inv'0 (_1 : uint64) - - axiom inv_axiom'0 [@rewrite] : forall x : uint64 [inv'0 x] . inv'0 x = true + predicate inv'0 (_1 : UInt64.t) - use prelude.prelude.Int + axiom inv_axiom'0 [@rewrite] : forall x : UInt64.t [inv'0 x] . inv'0 x = true use prelude.prelude.UInt64 - function deep_model'0 (self : uint64) : int = - [%#snum5] UInt64.to_int self + function deep_model'0 (self : UInt64.t) : int = + [%#snum5] UInt64.to_uint self - let rec max'0 (self:uint64) (other:uint64) (return' (ret:uint64))= {[@expl:max 'self' type invariant] inv'0 self} + let rec max'0 (self:UInt64.t) (other:UInt64.t) (return' (ret:UInt64.t))= {[@expl:max 'self' type invariant] inv'0 self} {[@expl:max 'other' type invariant] inv'0 other} any - [ return' (result:uint64)-> {inv'0 result} + [ return' (result:UInt64.t)-> {inv'0 result} {[%#scmp2] deep_model'0 result >= deep_model'0 self} {[%#scmp3] deep_model'0 result >= deep_model'0 other} {[%#scmp4] result = self \/ result = other} @@ -73,30 +75,30 @@ module M_10_mutual_rec_types__qyi18211245992252154719__height [#"10_mutual_rec_t meta "compute_max_steps" 1000000 - let rec height'0 (self:t_Tree'0) (return' (ret:uint64))= (! bb0 + let rec height'0 (self:t_Tree'0) (return' (ret:UInt64.t))= (! bb0 [ bb0 = any [ br0 -> {self.t_Tree__0'0 = C_None'0 } (! bb2) | br1 (x0:t_Node'0)-> {self.t_Tree__0'0 = C_Some'0 x0} (! bb3) ] | bb3 = s0 [ s0 = v_Some'0 {self.t_Tree__0'0} (fun (r0'0:t_Node'0) -> [ &n <- r0'0 ] s1) - | s1 = height'0 {n.t_Node__left'0} (fun (_ret':uint64) -> [ &_5 <- _ret' ] s2) + | s1 = height'0 {n.t_Node__left'0} (fun (_ret':UInt64.t) -> [ &_5 <- _ret' ] s2) | s2 = bb5 ] - | bb5 = s0 [ s0 = height'0 {n.t_Node__right'0} (fun (_ret':uint64) -> [ &_7 <- _ret' ] s1) | s1 = bb6 ] - | bb6 = s0 [ s0 = max'0 {_5} {_7} (fun (_ret':uint64) -> [ &_4 <- _ret' ] s1) | s1 = bb7 ] + | bb5 = s0 [ s0 = height'0 {n.t_Node__right'0} (fun (_ret':UInt64.t) -> [ &_7 <- _ret' ] s1) | s1 = bb6 ] + | bb6 = s0 [ s0 = max'0 {_5} {_7} (fun (_ret':UInt64.t) -> [ &_4 <- _ret' ] s1) | s1 = bb7 ] | bb7 = s0 - [ s0 = UInt64.add {_4} {[%#s10_mutual_rec_types0] (1 : uint64)} (fun (_ret':uint64) -> [ &_0 <- _ret' ] s1) + [ s0 = UInt64.add {_4} {[%#s10_mutual_rec_types0] (1 : UInt64.t)} (fun (_ret':UInt64.t) -> [ &_0 <- _ret' ] s1) | s1 = bb8 ] | bb2 = bb4 - | bb4 = s0 [ s0 = [ &_0 <- [%#s10_mutual_rec_types1] (0 : uint64) ] s1 | s1 = bb8 ] + | bb4 = s0 [ s0 = [ &_0 <- [%#s10_mutual_rec_types1] (0 : UInt64.t) ] s1 | s1 = bb8 ] | bb8 = return' {_0} ] ) - [ & _0 : uint64 = any_l () + [ & _0 : UInt64.t = any_l () | & self : t_Tree'0 = self | & n : t_Node'0 = any_l () - | & _4 : uint64 = any_l () - | & _5 : uint64 = any_l () - | & _7 : uint64 = any_l () ] - [ return' (result:uint64)-> (! return' {result}) ] + | & _4 : UInt64.t = any_l () + | & _5 : UInt64.t = any_l () + | & _7 : UInt64.t = any_l () ] + [ return' (result:UInt64.t)-> (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/syntax/11_array_types.coma b/creusot/tests/should_succeed/syntax/11_array_types.coma index 36468b6fdd..3f17eb5be8 100644 --- a/creusot/tests/should_succeed/syntax/11_array_types.coma +++ b/creusot/tests/should_succeed/syntax/11_array_types.coma @@ -6,23 +6,23 @@ module M_11_array_types__omg [#"11_array_types.rs" 8 0 8 28] let%span s11_array_types4 = "11_array_types.rs" 7 11 7 53 let%span sops5 = "../../../../creusot-contracts/src/logic/ops.rs" 64 8 64 31 - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 - use prelude.prelude.Slice + use Slice64.create use prelude.prelude.Int64 type t_UsesArray'0 = - { t_UsesArray__0'0: array int64 } - - use prelude.prelude.Int + { t_UsesArray__0'0: array Int64.t } - use prelude.prelude.Slice + use prelude.prelude.Slice64 use seq.Seq - function index_logic'0 [@inline:trivial] (self : array int64) (ix : int) : int64 = - [%#sops5] Seq.get (Slice.id self) ix + function index_logic'0 [@inline:trivial] (self : array Int64.t) (ix : int) : Int64.t = + [%#sops5] Seq.get (Slice64.id self) ix use prelude.prelude.Int64 @@ -30,34 +30,34 @@ module M_11_array_types__omg [#"11_array_types.rs" 8 0 8 28] use seq.Seq - constant v_MAX'0 : usize = (18446744073709551615 : usize) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 meta "compute_max_steps" 1000000 - let rec omg'0 (x:t_UsesArray'0) (return' (ret:()))= {[@expl:omg requires] [%#s11_array_types4] Seq.length (Slice.id x.t_UsesArray__0'0) + let rec omg'0 (x:t_UsesArray'0) (return' (ret:()))= {[@expl:omg requires] [%#s11_array_types4] Seq.length (Slice64.id x.t_UsesArray__0'0) > 0 - /\ Seq.length (Slice.id x.t_UsesArray__0'0) < UIntSize.to_int (v_MAX'0 : usize)} + /\ Seq.length (Slice64.id x.t_UsesArray__0'0) < UInt64.to_uint (v_MAX'0 : UInt64.t)} (! bb0 [ bb0 = s0 - [ s0 = [ &_3 <- [%#s11_array_types0] (0 : usize) ] s1 + [ s0 = [ &_3 <- [%#s11_array_types0] (0 : UInt64.t) ] s1 | s1 = [ &_4 <- Slice.length x.t_UsesArray__0'0 ] s2 - | s2 = UIntSize.lt {_3} {_4} (fun (_ret':bool) -> [ &_5 <- _ret' ] s3) + | s2 = UInt64.lt {_3} {_4} (fun (_ret':bool) -> [ &_5 <- _ret' ] s3) | s3 = {[@expl:index in bounds] [%#s11_array_types1] _5} s4 | s4 = bb1 ] | bb1 = s0 - [ s0 = Slice.set {x.t_UsesArray__0'0} {_3} {[%#s11_array_types2] (5 : int64)} - (fun (r'0:array int64) -> [ &x <- { t_UsesArray__0'0 = r'0 } ] s1) + [ s0 = Slice64.set {x.t_UsesArray__0'0} {_3} {[%#s11_array_types2] (5 : Int64.t)} + (fun (r'0:array Int64.t) -> [ &x <- { t_UsesArray__0'0 = r'0 } ] s1) | s1 = {[@expl:assertion] [%#s11_array_types3] Int64.to_int (index_logic'0 x.t_UsesArray__0'0 0) = 5} s2 | s2 = return' {_0} ] ] ) [ & _0 : () = any_l () | & x : t_UsesArray'0 = x - | & _3 : usize = any_l () - | & _4 : usize = any_l () + | & _3 : UInt64.t = any_l () + | & _4 : UInt64.t = any_l () | & _5 : bool = any_l () ] [ return' (result:())-> (! return' {result}) ] end @@ -66,28 +66,28 @@ module M_11_array_types__call_omg [#"11_array_types.rs" 14 0 14 17] let%span s11_array_types1 = "11_array_types.rs" 15 15 15 20 let%span s11_array_types2 = "11_array_types.rs" 7 11 7 53 - use prelude.prelude.Int64 + use prelude.prelude.Int - use prelude.prelude.UIntSize + use prelude.prelude.Int64 - use prelude.prelude.Int + use prelude.prelude.UInt64 - use prelude.prelude.Slice + use Slice64.create type t_UsesArray'0 = - { t_UsesArray__0'0: array int64 } + { t_UsesArray__0'0: array Int64.t } - use prelude.prelude.Slice + use prelude.prelude.Slice64 use seq.Seq - constant v_MAX'0 : usize = (18446744073709551615 : usize) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 - let rec omg'0 (x:t_UsesArray'0) (return' (ret:()))= {[@expl:omg requires] [%#s11_array_types2] Seq.length (Slice.id x.t_UsesArray__0'0) + let rec omg'0 (x:t_UsesArray'0) (return' (ret:()))= {[@expl:omg requires] [%#s11_array_types2] Seq.length (Slice64.id x.t_UsesArray__0'0) > 0 - /\ Seq.length (Slice.id x.t_UsesArray__0'0) < UIntSize.to_int (v_MAX'0 : usize)} + /\ Seq.length (Slice64.id x.t_UsesArray__0'0) < UInt64.to_uint (v_MAX'0 : UInt64.t)} any [ return' (result:())-> (! return' {result}) ] use prelude.prelude.Intrinsic @@ -96,14 +96,17 @@ module M_11_array_types__call_omg [#"11_array_types.rs" 14 0 14 17] let rec call_omg'0 (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 - [ s0 = Slice.create {[%#s11_array_types0] (5 : usize)} {fun (_ : int) -> [%#s11_array_types1] (3 : int64)} - (fun (_res:array int64) -> [ &arr <- _res ] s1) + [ s0 = Slice64.create + + {[%#s11_array_types0] (5 : UInt64.t)} + {fun (_ : int) -> [%#s11_array_types1] (3 : Int64.t)} + (fun (_res:array Int64.t) -> [ &arr <- _res ] s1) | s1 = [ &_2 <- { t_UsesArray__0'0 = arr } ] s2 | s2 = omg'0 {_2} (fun (_ret':()) -> [ &_0 <- _ret' ] s3) | s3 = bb1 ] | bb1 = return' {_0} ] - ) [ & _0 : () = any_l () | & arr : array int64 = any_l () | & _2 : t_UsesArray'0 = any_l () ] + ) [ & _0 : () = any_l () | & arr : array Int64.t = any_l () | & _2 : t_UsesArray'0 = any_l () ] [ return' (result:())-> (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/syntax/12_ghost_code.coma b/creusot/tests/should_succeed/syntax/12_ghost_code.coma index e115c189c7..7cc05ae546 100644 --- a/creusot/tests/should_succeed/syntax/12_ghost_code.coma +++ b/creusot/tests/should_succeed/syntax/12_ghost_code.coma @@ -7,16 +7,18 @@ module M_12_ghost_code__ghost_arg [#"12_ghost_code.rs" 4 0 4 34] use prelude.prelude.Intrinsic + use prelude.prelude.Int + use prelude.prelude.UInt32 use prelude.prelude.Snapshot meta "compute_max_steps" 1000000 - let rec ghost_arg'0 (g:Snapshot.snap_ty uint32) (return' (ret:()))= (! bb0 + let rec ghost_arg'0 (g:Snapshot.snap_ty UInt32.t) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &_x <- [%#s12_ghost_code0] Snapshot.new (Snapshot.inner g) ] s1 | s1 = bb1 ] | bb1 = return' {_0} ] - ) [ & _0 : () = any_l () | & g : Snapshot.snap_ty uint32 = g | & _x : Snapshot.snap_ty uint32 = any_l () ] + ) [ & _0 : () = any_l () | & g : Snapshot.snap_ty UInt32.t = g | & _x : Snapshot.snap_ty UInt32.t = any_l () ] [ return' (result:())-> (! return' {result}) ] end @@ -34,16 +36,18 @@ module M_12_ghost_code__ghost_vec [#"12_ghost_code.rs" 8 0 8 18] type t_Unique'0 = { t_Unique__pointer'0: t_NonNull'0; t_Unique__qy95zmarker'0: () } - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 type t_Cap'0 = - { t_Cap__0'0: usize } + { t_Cap__0'0: UInt64.t } type t_RawVec'0 = { t_RawVec__ptr'0: t_Unique'0; t_RawVec__cap'0: t_Cap'0; t_RawVec__alloc'0: () } type t_Vec'0 = - { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: usize } + { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: UInt64.t } predicate inv'0 (_1 : t_Vec'0) @@ -51,19 +55,17 @@ module M_12_ghost_code__ghost_vec [#"12_ghost_code.rs" 8 0 8 18] use seq.Seq - constant v_MAX'0 : usize = (18446744073709551615 : usize) - - use prelude.prelude.UIntSize + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.Int + use prelude.prelude.UInt64 use prelude.prelude.UInt32 use seq.Seq - function view'0 (self : t_Vec'0) : Seq.seq uint32 + function view'0 (self : t_Vec'0) : Seq.seq UInt32.t - axiom view'0_spec : forall self : t_Vec'0 . [%#svec3] Seq.length (view'0 self) <= UIntSize.to_int (v_MAX'0 : usize) + axiom view'0_spec : forall self : t_Vec'0 . [%#svec3] Seq.length (view'0 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) let rec new'0 (_1:()) (return' (ret:t_Vec'0))= any [ return' (result:t_Vec'0)-> {inv'0 result} {[%#svec2] Seq.length (view'0 result) = 0} (! return' {result}) ] @@ -91,6 +93,8 @@ module M_12_ghost_code__ghost_copy [#"12_ghost_code.rs" 17 0 17 19] let%span s12_ghost_code1 = "12_ghost_code.rs" 19 17 19 57 let%span s12_ghost_code2 = "12_ghost_code.rs" 20 9 20 38 + use prelude.prelude.Int + use prelude.prelude.Int32 use seq.Seq @@ -111,17 +115,17 @@ module M_12_ghost_code__ghost_copy [#"12_ghost_code.rs" 17 0 17 19] let rec ghost_copy'0 (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 - [ s0 = [ &a <- [%#s12_ghost_code0] (0 : int32) ] s1 - | s1 = [ &_s <- [%#s12_ghost_code1] Snapshot.new (Seq.snoc (Seq.empty : Seq.seq int32) (0 : int32)) ] s2 + [ s0 = [ &a <- [%#s12_ghost_code0] (0 : Int32.t) ] s1 + | s1 = [ &_s <- [%#s12_ghost_code1] Snapshot.new (Seq.snoc (Seq.empty : Seq.seq Int32.t) (0 : Int32.t)) ] s2 | s2 = bb1 ] | bb1 = s0 [ s0 = [ &_4 <- [%#s12_ghost_code2] Snapshot.new (Seq.snoc (Snapshot.inner _s) a) ] s1 | s1 = bb2 ] | bb2 = s0 [ s0 = [ &_s <- _4 ] s1 | s1 = return' {_0} ] ] ) [ & _0 : () = any_l () - | & a : int32 = any_l () - | & _s : Snapshot.snap_ty (Seq.seq int32) = any_l () - | & _4 : Snapshot.snap_ty (Seq.seq int32) = any_l () ] + | & a : Int32.t = any_l () + | & _s : Snapshot.snap_ty (Seq.seq Int32.t) = any_l () + | & _4 : Snapshot.snap_ty (Seq.seq Int32.t) = any_l () ] [ return' (result:())-> (! return' {result}) ] end module M_12_ghost_code__ghost_is_copy [#"12_ghost_code.rs" 23 0 23 22] @@ -130,14 +134,16 @@ module M_12_ghost_code__ghost_is_copy [#"12_ghost_code.rs" 23 0 23 22] let%span s12_ghost_code2 = "12_ghost_code.rs" 29 18 29 26 let%span sresolve3 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 + use prelude.prelude.Int + use prelude.prelude.Int32 use prelude.prelude.Borrow - predicate resolve'1 (self : borrowed int32) = + predicate resolve'1 (self : borrowed Int32.t) = [%#sresolve3] self.final = self.current - predicate resolve'0 (_1 : borrowed int32) = + predicate resolve'0 (_1 : borrowed Int32.t) = resolve'1 _1 use prelude.prelude.Snapshot @@ -150,8 +156,9 @@ module M_12_ghost_code__ghost_is_copy [#"12_ghost_code.rs" 23 0 23 22] let rec ghost_is_copy'0 (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 - [ s0 = [ &x <- [%#s12_ghost_code0] (0 : int32) ] s1 - | s1 = Borrow.borrow_mut {x} (fun (_ret':borrowed int32) -> [ &r <- _ret' ] [ &x <- _ret'.final ] s2) + [ s0 = [ &x <- [%#s12_ghost_code0] (0 : Int32.t) ] s1 + | s1 = Borrow.borrow_mut {x} + (fun (_ret':borrowed Int32.t) -> [ &r <- _ret' ] [ &x <- _ret'.final ] s2) | s2 = -{resolve'0 r}- s3 | s3 = [ &g <- [%#s12_ghost_code1] Snapshot.new r ] s4 | s4 = bb1 ] @@ -164,11 +171,11 @@ module M_12_ghost_code__ghost_is_copy [#"12_ghost_code.rs" 23 0 23 22] ] ) [ & _0 : () = any_l () - | & x : int32 = any_l () - | & r : borrowed int32 = any_l () - | & g : Snapshot.snap_ty (borrowed int32) = any_l () - | & g1 : Snapshot.snap_ty (borrowed int32) = any_l () - | & g2 : Snapshot.snap_ty (borrowed int32) = any_l () ] + | & x : Int32.t = any_l () + | & r : borrowed Int32.t = any_l () + | & g : Snapshot.snap_ty (borrowed Int32.t) = any_l () + | & g1 : Snapshot.snap_ty (borrowed Int32.t) = any_l () + | & g2 : Snapshot.snap_ty (borrowed Int32.t) = any_l () ] [ return' (result:())-> (! return' {result}) ] end module M_12_ghost_code__ghost_check [#"12_ghost_code.rs" 35 0 35 20] @@ -193,16 +200,18 @@ module M_12_ghost_code__ghost_check [#"12_ghost_code.rs" 35 0 35 20] type t_Unique'0 = { t_Unique__pointer'0: t_NonNull'0; t_Unique__qy95zmarker'0: () } - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 type t_Cap'0 = - { t_Cap__0'0: usize } + { t_Cap__0'0: UInt64.t } type t_RawVec'0 = { t_RawVec__ptr'0: t_Unique'0; t_RawVec__cap'0: t_Cap'0; t_RawVec__alloc'0: () } type t_Vec'0 = - { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: usize } + { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: UInt64.t } predicate inv'0 (_1 : t_Vec'0) @@ -210,19 +219,17 @@ module M_12_ghost_code__ghost_check [#"12_ghost_code.rs" 35 0 35 20] use seq.Seq - constant v_MAX'0 : usize = (18446744073709551615 : usize) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.UIntSize - - use prelude.prelude.Int + use prelude.prelude.UInt64 use prelude.prelude.Int32 use seq.Seq - function view'0 (self : t_Vec'0) : Seq.seq int32 + function view'0 (self : t_Vec'0) : Seq.seq Int32.t - axiom view'0_spec : forall self : t_Vec'0 . [%#svec9] Seq.length (view'0 self) <= UIntSize.to_int (v_MAX'0 : usize) + axiom view'0_spec : forall self : t_Vec'0 . [%#svec9] Seq.length (view'0 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) let rec new'0 (_1:()) (return' (ret:t_Vec'0))= any [ return' (result:t_Vec'0)-> {inv'0 result} {[%#svec5] Seq.length (view'0 result) = 0} (! return' {result}) ] @@ -239,16 +246,16 @@ module M_12_ghost_code__ghost_check [#"12_ghost_code.rs" 35 0 35 20] axiom inv_axiom'1 [@rewrite] : forall x : borrowed (t_Vec'0) [inv'1 x] . inv'1 x = true - predicate inv'2 (_1 : int32) + predicate inv'2 (_1 : Int32.t) - axiom inv_axiom'2 [@rewrite] : forall x : int32 [inv'2 x] . inv'2 x = true + axiom inv_axiom'2 [@rewrite] : forall x : Int32.t [inv'2 x] . inv'2 x = true - function view'1 (self : borrowed (t_Vec'0)) : Seq.seq int32 = + function view'1 (self : borrowed (t_Vec'0)) : Seq.seq Int32.t = [%#smodel10] view'0 self.current use seq.Seq - let rec push'0 (self:borrowed (t_Vec'0)) (value:int32) (return' (ret:()))= {[@expl:push 'self' type invariant] inv'1 self} + let rec push'0 (self:borrowed (t_Vec'0)) (value:Int32.t) (return' (ret:()))= {[@expl:push 'self' type invariant] inv'1 self} {[@expl:push 'value' type invariant] inv'2 value} any [ return' (result:())-> {[%#svec7] view'0 self.final = Seq.snoc (view'1 self) value} (! return' {result}) ] @@ -256,11 +263,13 @@ module M_12_ghost_code__ghost_check [#"12_ghost_code.rs" 35 0 35 20] axiom inv_axiom'3 [@rewrite] : forall x : t_Vec'0 [inv'3 x] . inv'3 x = true - function view'2 (self : t_Vec'0) : Seq.seq int32 = + function view'2 (self : t_Vec'0) : Seq.seq Int32.t = [%#smodel11] view'0 self - let rec len'0 (self:t_Vec'0) (return' (ret:usize))= {[@expl:len 'self' type invariant] inv'3 self} - any [ return' (result:usize)-> {[%#svec8] UIntSize.to_int result = Seq.length (view'2 self)} (! return' {result}) ] + let rec len'0 (self:t_Vec'0) (return' (ret:UInt64.t))= {[@expl:len 'self' type invariant] inv'3 self} + any + [ return' (result:UInt64.t)-> {[%#svec8] UInt64.to_uint result = Seq.length (view'2 self)} (! return' {result}) ] + use prelude.prelude.Intrinsic @@ -274,12 +283,12 @@ module M_12_ghost_code__ghost_check [#"12_ghost_code.rs" 35 0 35 20] | bb2 = s0 [ s0 = Borrow.borrow_mut {x} (fun (_ret':borrowed (t_Vec'0)) -> [ &_5 <- _ret' ] [ &x <- _ret'.final ] s1) - | s1 = push'0 {_5} {[%#s12_ghost_code2] (0 : int32)} (fun (_ret':()) -> [ &_4 <- _ret' ] s2) + | s1 = push'0 {_5} {[%#s12_ghost_code2] (0 : Int32.t)} (fun (_ret':()) -> [ &_4 <- _ret' ] s2) | s2 = bb3 ] - | bb3 = s0 [ s0 = len'0 {x} (fun (_ret':usize) -> [ &_8 <- _ret' ] s1) | s1 = bb4 ] + | bb3 = s0 [ s0 = len'0 {x} (fun (_ret':UInt64.t) -> [ &_8 <- _ret' ] s1) | s1 = bb4 ] | bb4 = s0 - [ s0 = UIntSize.eq {_8} {[%#s12_ghost_code3] (1 : usize)} (fun (_ret':bool) -> [ &_7 <- _ret' ] s1) + [ s0 = UInt64.eq {_8} {[%#s12_ghost_code3] (1 : UInt64.t)} (fun (_ret':bool) -> [ &_7 <- _ret' ] s1) | s1 = any [ br0 -> {_7 = false} (! bb6) | br1 -> {_7} (! bb5) ] ] | bb5 = bb7 @@ -292,7 +301,7 @@ module M_12_ghost_code__ghost_check [#"12_ghost_code.rs" 35 0 35 20] | & _4 : () = any_l () | & _5 : borrowed (t_Vec'0) = any_l () | & _7 : bool = any_l () - | & _8 : usize = any_l () ] + | & _8 : UInt64.t = any_l () ] [ return' (result:())-> (! return' {result}) ] end module M_12_ghost_code__takes_struct [#"12_ghost_code.rs" 52 0 52 36] @@ -301,29 +310,29 @@ module M_12_ghost_code__takes_struct [#"12_ghost_code.rs" 52 0 52 36] let%span ssnapshot2 = "../../../../creusot-contracts/src/snapshot.rs" 26 20 26 39 let%span smodel3 = "../../../../creusot-contracts/src/model.rs" 88 8 88 22 + use prelude.prelude.Int + use prelude.prelude.UInt32 use prelude.prelude.Snapshot type t_MyStruct'0 = - { t_MyStruct__f'0: uint32; t_MyStruct__g'0: Snapshot.snap_ty uint32 } + { t_MyStruct__f'0: UInt32.t; t_MyStruct__g'0: Snapshot.snap_ty UInt32.t } use prelude.prelude.Snapshot use prelude.prelude.Intrinsic - use prelude.prelude.Int - use prelude.prelude.Snapshot use prelude.prelude.Borrow use prelude.prelude.UInt32 - function view'1 (self : uint32) : int = - [%#smodel3] UInt32.to_int self + function view'1 (self : UInt32.t) : int = + [%#smodel3] UInt32.to_uint self - function view'0 (self : Snapshot.snap_ty uint32) : int = + function view'0 (self : Snapshot.snap_ty UInt32.t) : int = [%#ssnapshot2] view'1 (Snapshot.inner self) meta "compute_max_steps" 1000000 @@ -333,7 +342,7 @@ module M_12_ghost_code__takes_struct [#"12_ghost_code.rs" 52 0 52 36] (! bb0 [ bb0 = s0 [ s0 = [ &_3 <- [%#s12_ghost_code0] Snapshot.new x.t_MyStruct__f'0 ] s1 | s1 = bb1 ] | bb1 = s0 [ s0 = [ &x <- { x with t_MyStruct__g'0 = _3 } ] s1 | s1 = return' {_0} ] ] - ) [ & _0 : () = any_l () | & x : t_MyStruct'0 = x | & _3 : Snapshot.snap_ty uint32 = any_l () ] + ) [ & _0 : () = any_l () | & x : t_MyStruct'0 = x | & _3 : Snapshot.snap_ty UInt32.t = any_l () ] [ return' (result:())-> (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/syntax/13_vec_macro.coma b/creusot/tests/should_succeed/syntax/13_vec_macro.coma index f381e1323a..f8430c10df 100644 --- a/creusot/tests/should_succeed/syntax/13_vec_macro.coma +++ b/creusot/tests/should_succeed/syntax/13_vec_macro.coma @@ -12,7 +12,7 @@ module M_13_vec_macro__x [#"13_vec_macro.rs" 5 0 5 10] let%span svec10 = "../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 let%span svec11 = "../../../../creusot-contracts/src/std/vec.rs" 180 22 180 41 let%span svec12 = "../../../../creusot-contracts/src/std/vec.rs" 181 22 181 76 - let%span sslice13 = "../../../../creusot-contracts/src/std/slice.rs" 332 18 332 35 + let%span sslice13 = "../../../../creusot-contracts/src/std/slice.rs" 350 18 350 35 let%span sops14 = "../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 let%span sboxed15 = "../../../../creusot-contracts/src/std/boxed.rs" 18 8 18 22 let%span sslice16 = "../../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 @@ -26,16 +26,18 @@ module M_13_vec_macro__x [#"13_vec_macro.rs" 5 0 5 10] type t_Unique'0 = { t_Unique__pointer'0: t_NonNull'0; t_Unique__qy95zmarker'0: () } - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 type t_Cap'0 = - { t_Cap__0'0: usize } + { t_Cap__0'0: UInt64.t } type t_RawVec'0 = { t_RawVec__ptr'0: t_Unique'0; t_RawVec__cap'0: t_Cap'0; t_RawVec__alloc'0: () } type t_Vec'0 = - { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: usize } + { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: UInt64.t } predicate inv'0 (_1 : t_Vec'0) @@ -43,19 +45,17 @@ module M_13_vec_macro__x [#"13_vec_macro.rs" 5 0 5 10] use seq.Seq - constant v_MAX'0 : usize = (18446744073709551615 : usize) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.UIntSize - - use prelude.prelude.Int + use prelude.prelude.UInt64 use prelude.prelude.UInt32 use seq.Seq - function view'0 (self : t_Vec'0) : Seq.seq uint32 + function view'0 (self : t_Vec'0) : Seq.seq UInt32.t - axiom view'0_spec : forall self : t_Vec'0 . [%#svec10] Seq.length (view'0 self) <= UIntSize.to_int (v_MAX'0 : usize) + axiom view'0_spec : forall self : t_Vec'0 . [%#svec10] Seq.length (view'0 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) let rec new'0 (_1:()) (return' (ret:t_Vec'0))= any [ return' (result:t_Vec'0)-> {inv'0 result} {[%#svec9] Seq.length (view'0 result) = 0} (! return' {result}) ] @@ -63,9 +63,9 @@ module M_13_vec_macro__x [#"13_vec_macro.rs" 5 0 5 10] use prelude.prelude.Int32 - predicate inv'1 (_1 : int32) + predicate inv'1 (_1 : Int32.t) - axiom inv_axiom'1 [@rewrite] : forall x : int32 [inv'1 x] . inv'1 x = true + axiom inv_axiom'1 [@rewrite] : forall x : Int32.t [inv'1 x] . inv'1 x = true type t_NonNull'1 = { t_NonNull__pointer'1: opaque_ptr } @@ -77,7 +77,7 @@ module M_13_vec_macro__x [#"13_vec_macro.rs" 5 0 5 10] { t_RawVec__ptr'1: t_Unique'1; t_RawVec__cap'1: t_Cap'0; t_RawVec__alloc'1: () } type t_Vec'1 = - { t_Vec__buf'1: t_RawVec'1; t_Vec__len'1: usize } + { t_Vec__buf'1: t_RawVec'1; t_Vec__len'1: UInt64.t } predicate inv'2 (_1 : t_Vec'1) @@ -87,41 +87,41 @@ module M_13_vec_macro__x [#"13_vec_macro.rs" 5 0 5 10] use seq.Seq - function view'1 (self : t_Vec'1) : Seq.seq int32 + function view'1 (self : t_Vec'1) : Seq.seq Int32.t - axiom view'1_spec : forall self : t_Vec'1 . [%#svec10] Seq.length (view'1 self) <= UIntSize.to_int (v_MAX'0 : usize) + axiom view'1_spec : forall self : t_Vec'1 . [%#svec10] Seq.length (view'1 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) use seq.Seq - function index_logic'0 [@inline:trivial] (self : t_Vec'1) (ix : int) : int32 = + function index_logic'0 [@inline:trivial] (self : t_Vec'1) (ix : int) : Int32.t = [%#sops14] Seq.get (view'1 self) ix - let rec from_elem'0 (elem:int32) (n:usize) (return' (ret:t_Vec'1))= {[@expl:from_elem 'elem' type invariant] inv'1 elem} + let rec from_elem'0 (elem:Int32.t) (n:UInt64.t) (return' (ret:t_Vec'1))= {[@expl:from_elem 'elem' type invariant] inv'1 elem} any [ return' (result:t_Vec'1)-> {inv'2 result} - {[%#svec11] Seq.length (view'1 result) = UIntSize.to_int n} - {[%#svec12] forall i : int . 0 <= i /\ i < UIntSize.to_int n -> index_logic'0 result i = elem} + {[%#svec11] Seq.length (view'1 result) = UInt64.to_uint n} + {[%#svec12] forall i : int . 0 <= i /\ i < UInt64.to_uint n -> index_logic'0 result i = elem} (! return' {result}) ] - use prelude.prelude.Slice + use Slice64.create - predicate inv'3 (_1 : slice int32) + predicate inv'3 (_1 : slice Int32.t) - axiom inv_axiom'3 [@rewrite] : forall x : slice int32 [inv'3 x] . inv'3 x = true + axiom inv_axiom'3 [@rewrite] : forall x : slice Int32.t [inv'3 x] . inv'3 x = true - use prelude.prelude.Slice + use prelude.prelude.Slice64 - function view'3 (self : slice int32) : Seq.seq int32 + function view'3 (self : slice Int32.t) : Seq.seq Int32.t - axiom view'3_spec : forall self : slice int32 . ([%#sslice16] Seq.length (view'3 self) - <= UIntSize.to_int (v_MAX'0 : usize)) - && ([%#sslice17] view'3 self = Slice.id self) + axiom view'3_spec : forall self : slice Int32.t . ([%#sslice16] Seq.length (view'3 self) + <= UInt64.to_uint (v_MAX'0 : UInt64.t)) + && ([%#sslice17] view'3 self = Slice64.id self) - function view'2 (self : slice int32) : Seq.seq int32 = + function view'2 (self : slice Int32.t) : Seq.seq Int32.t = [%#sboxed15] view'3 self - let rec into_vec'0 (self:slice int32) (return' (ret:t_Vec'1))= {[@expl:into_vec 'self' type invariant] inv'3 self} + let rec into_vec'0 (self:slice Int32.t) (return' (ret:t_Vec'1))= {[@expl:into_vec 'self' type invariant] inv'3 self} any [ return' (result:t_Vec'1)-> {inv'2 result} {[%#sslice13] view'1 result = view'2 self} (! return' {result}) ] use prelude.prelude.Intrinsic @@ -132,16 +132,16 @@ module M_13_vec_macro__x [#"13_vec_macro.rs" 5 0 5 10] [ bb0 = s0 [ s0 = new'0 {[%#slib0] ()} (fun (_ret':t_Vec'0) -> [ &v0 <- _ret' ] s1) | s1 = bb1 ] | bb1 = s0 [ s0 = {[@expl:assertion] [%#s13_vec_macro1] Seq.length (view'0 v0) = 0} s1 | s1 = bb2 ] | bb2 = s0 - [ s0 = from_elem'0 {[%#s13_vec_macro2] (0 : int32)} {[%#s13_vec_macro3] (2 : usize)} + [ s0 = from_elem'0 {[%#s13_vec_macro2] (0 : Int32.t)} {[%#s13_vec_macro3] (2 : UInt64.t)} (fun (_ret':t_Vec'1) -> [ &v1 <- _ret' ] s1) | s1 = bb3 ] | bb3 = s0 [ s0 = {[@expl:assertion] [%#s13_vec_macro4] Seq.length (view'1 v1) = 2} s1 | s1 = bb4 ] | bb4 = s0 [ s0 = any - [ any_ (__arr_temp:array int32)-> (! -{Seq.get __arr_temp.elts 0 = ([%#s13_vec_macro5] (1 : int32)) - /\ Seq.get __arr_temp.elts 1 = ([%#s13_vec_macro6] (2 : int32)) - /\ Seq.get __arr_temp.elts 2 = ([%#s13_vec_macro7] (3 : int32)) /\ Seq.length __arr_temp.elts = 3}- + [ any_ (__arr_temp:array Int32.t)-> (! -{Seq.get __arr_temp.elts 0 = ([%#s13_vec_macro5] (1 : Int32.t)) + /\ Seq.get __arr_temp.elts 1 = ([%#s13_vec_macro6] (2 : Int32.t)) + /\ Seq.get __arr_temp.elts 2 = ([%#s13_vec_macro7] (3 : Int32.t)) /\ Seq.length __arr_temp.elts = 3}- [ &_10 <- __arr_temp ] s1) ] @@ -159,6 +159,6 @@ module M_13_vec_macro__x [#"13_vec_macro.rs" 5 0 5 10] | & v0 : t_Vec'0 = any_l () | & v1 : t_Vec'1 = any_l () | & v2 : t_Vec'1 = any_l () - | & _10 : array int32 = any_l () ] + | & _10 : array Int32.t = any_l () ] [ return' (result:())-> (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/syntax/14_const_fns.coma b/creusot/tests/should_succeed/syntax/14_const_fns.coma index e261b644b4..f88310df40 100644 --- a/creusot/tests/should_succeed/syntax/14_const_fns.coma +++ b/creusot/tests/should_succeed/syntax/14_const_fns.coma @@ -4,17 +4,19 @@ module M_14_const_fns__omg [#"14_const_fns.rs" 5 0 5 31] use prelude.prelude.Int32 + use prelude.prelude.Int + use prelude.prelude.Intrinsic use prelude.prelude.Int32 meta "compute_max_steps" 1000000 - let rec omg'0 (x:int32) (return' (ret:int32))= {[@expl:omg requires] [%#s14_const_fns1] Int32.to_int x = 3} + let rec omg'0 (x:Int32.t) (return' (ret:Int32.t))= {[@expl:omg requires] [%#s14_const_fns1] Int32.to_int x = 3} (! bb0 [ bb0 = s0 - [ s0 = Int32.sub {x} {[%#s14_const_fns0] (1 : int32)} (fun (_ret':int32) -> [ &_0 <- _ret' ] s1) + [ s0 = Int32.sub {x} {[%#s14_const_fns0] (1 : Int32.t)} (fun (_ret':Int32.t) -> [ &_0 <- _ret' ] s1) | s1 = return' {_0} ] ] - ) [ & _0 : int32 = any_l () | & x : int32 = x ] [ return' (result:int32)-> (! return' {result}) ] + ) [ & _0 : Int32.t = any_l () | & x : Int32.t = x ] [ return' (result:Int32.t)-> (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/syntax/derive_macros/mixed.coma b/creusot/tests/should_succeed/syntax/derive_macros/mixed.coma index 1ced7e9419..9f8f33da16 100644 --- a/creusot/tests/should_succeed/syntax/derive_macros/mixed.coma +++ b/creusot/tests/should_succeed/syntax/derive_macros/mixed.coma @@ -477,42 +477,42 @@ module M_mixed__qyi9942470069884222103__resolve_coherence [#"mixed.rs" 49 9 49 1 type t_Unique'0 = { t_Unique__pointer'0: t_NonNull'0; t_Unique__qy95zmarker'0: () } - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 type t_Cap'0 = - { t_Cap__0'0: usize } + { t_Cap__0'0: UInt64.t } type t_RawVec'0 = { t_RawVec__ptr'0: t_Unique'0; t_RawVec__cap'0: t_Cap'0; t_RawVec__alloc'0: () } type t_Vec'0 = - { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: usize } + { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: UInt64.t } type t_Product2'0 = { t_Product2__a'0: borrowed t_A'0; t_Product2__b'0: bool; t_Product2__c'0: t_Vec'0 } - use prelude.prelude.Int - use seq.Seq - constant v_MAX'0 : usize = (18446744073709551615 : usize) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 use prelude.prelude.UInt32 use seq.Seq - function view'0 (self : t_Vec'0) : Seq.seq uint32 + function view'0 (self : t_Vec'0) : Seq.seq UInt32.t - axiom view'0_spec : forall self : t_Vec'0 . [%#svec5] Seq.length (view'0 self) <= UIntSize.to_int (v_MAX'0 : usize) + axiom view'0_spec : forall self : t_Vec'0 . [%#svec5] Seq.length (view'0 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) use seq.Seq - function index_logic'0 [@inline:trivial] (self : t_Vec'0) (ix : int) : uint32 = + function index_logic'0 [@inline:trivial] (self : t_Vec'0) (ix : int) : UInt32.t = [%#sops6] Seq.get (view'0 self) ix - predicate resolve'6 (_1 : uint32) = + predicate resolve'6 (_1 : UInt32.t) = true predicate resolve'4 (self : t_Vec'0) = @@ -794,42 +794,42 @@ module M_mixed__qyi9942470069884222103__resolve_coherence__refines [#"mixed.rs" type t_Unique'0 = { t_Unique__pointer'0: t_NonNull'0; t_Unique__qy95zmarker'0: () } - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 type t_Cap'0 = - { t_Cap__0'0: usize } + { t_Cap__0'0: UInt64.t } type t_RawVec'0 = { t_RawVec__ptr'0: t_Unique'0; t_RawVec__cap'0: t_Cap'0; t_RawVec__alloc'0: () } type t_Vec'0 = - { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: usize } + { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: UInt64.t } type t_Product2'0 = { t_Product2__a'0: borrowed t_A'0; t_Product2__b'0: bool; t_Product2__c'0: t_Vec'0 } - use prelude.prelude.Int - use seq.Seq - constant v_MAX'0 : usize = (18446744073709551615 : usize) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 use prelude.prelude.UInt32 use seq.Seq - function view'0 (self : t_Vec'0) : Seq.seq uint32 + function view'0 (self : t_Vec'0) : Seq.seq UInt32.t - axiom view'0_spec : forall self : t_Vec'0 . [%#svec5] Seq.length (view'0 self) <= UIntSize.to_int (v_MAX'0 : usize) + axiom view'0_spec : forall self : t_Vec'0 . [%#svec5] Seq.length (view'0 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) use seq.Seq - function index_logic'0 [@inline:trivial] (self : t_Vec'0) (ix : int) : uint32 = + function index_logic'0 [@inline:trivial] (self : t_Vec'0) (ix : int) : UInt32.t = [%#sops6] Seq.get (view'0 self) ix - predicate resolve'6 (_1 : uint32) = + predicate resolve'6 (_1 : UInt32.t) = true predicate resolve'4 (self : t_Vec'0) = diff --git a/creusot/tests/should_succeed/take_first_mut.coma b/creusot/tests/should_succeed/take_first_mut.coma index 55a1057128..9aa1ef338b 100644 --- a/creusot/tests/should_succeed/take_first_mut.coma +++ b/creusot/tests/should_succeed/take_first_mut.coma @@ -4,12 +4,12 @@ module M_take_first_mut__take_first_mut [#"take_first_mut.rs" 14 0 14 74] let%span stake_first_mut2 = "take_first_mut.rs" 6 10 13 1 let%span smem3 = "../../../creusot-contracts/src/std/mem.rs" 17 22 17 37 let%span smem4 = "../../../creusot-contracts/src/std/mem.rs" 18 22 18 42 - let%span sslice5 = "../../../creusot-contracts/src/std/slice.rs" 279 18 287 9 + let%span sslice5 = "../../../creusot-contracts/src/std/slice.rs" 297 18 305 9 let%span sops6 = "../../../creusot-contracts/src/logic/ops.rs" 42 8 42 31 let%span sslice7 = "../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 let%span sslice8 = "../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 let%span sseq9 = "../../../creusot-contracts/src/logic/seq.rs" 106 8 106 39 - let%span sslice10 = "../../../creusot-contracts/src/std/slice.rs" 64 20 64 65 + let%span sslice10 = "../../../creusot-contracts/src/std/slice.rs" 82 20 82 65 let%span smodel11 = "../../../creusot-contracts/src/model.rs" 106 8 106 22 let%span sresolve12 = "../../../creusot-contracts/src/resolve.rs" 54 20 54 34 let%span sinvariant13 = "../../../creusot-contracts/src/invariant.rs" 34 20 34 44 @@ -19,29 +19,29 @@ module M_take_first_mut__take_first_mut [#"take_first_mut.rs" 14 0 14 74] use prelude.prelude.Borrow - use prelude.prelude.Slice + use Slice64.create type t_T'0 use seq.Seq - use prelude.prelude.UIntSize + use prelude.prelude.Int - constant v_MAX'0 : usize = (18446744073709551615 : usize) + use prelude.prelude.UInt64 - use prelude.prelude.UIntSize + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.Int + use prelude.prelude.UInt64 - use prelude.prelude.Slice + use prelude.prelude.Slice64 use seq.Seq function view'0 (self : slice t_T'0) : Seq.seq t_T'0 axiom view'0_spec : forall self : slice t_T'0 . ([%#sslice7] Seq.length (view'0 self) - <= UIntSize.to_int (v_MAX'0 : usize)) - && ([%#sslice8] view'0 self = Slice.id self) + <= UInt64.to_uint (v_MAX'0 : UInt64.t)) + && ([%#sslice8] view'0 self = Slice64.id self) use seq.Seq diff --git a/creusot/tests/should_succeed/trait_impl.coma b/creusot/tests/should_succeed/trait_impl.coma index e9c799041a..532faafec0 100644 --- a/creusot/tests/should_succeed/trait_impl.coma +++ b/creusot/tests/should_succeed/trait_impl.coma @@ -40,11 +40,13 @@ end module M_trait_impl__qyi5019122778080045761__x [#"trait_impl.rs" 29 4 29 14] (* > *) use prelude.prelude.Intrinsic + use prelude.prelude.Int + use prelude.prelude.UInt32 meta "compute_max_steps" 1000000 - let rec x'0 (self:uint32) (return' (ret:()))= (! bb0 [ bb0 = return' {_0} ] ) [ & _0 : () = any_l () ] + let rec x'0 (self:UInt32.t) (return' (ret:()))= (! bb0 [ bb0 = return' {_0} ] ) [ & _0 : () = any_l () ] [ return' (result:())-> (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/traits/01.coma b/creusot/tests/should_succeed/traits/01.coma index 41104837a5..18a61bfc6d 100644 --- a/creusot/tests/should_succeed/traits/01.coma +++ b/creusot/tests/should_succeed/traits/01.coma @@ -7,23 +7,25 @@ module M_01__uses_generic [#"01.rs" 8 0 8 38] predicate inv'0 (_1 : t_T'0) + use prelude.prelude.Int + use prelude.prelude.UInt32 - predicate inv'1 (_1 : uint32) + predicate inv'1 (_1 : UInt32.t) - axiom inv_axiom'0 [@rewrite] : forall x : uint32 [inv'1 x] . inv'1 x = true + axiom inv_axiom'0 [@rewrite] : forall x : UInt32.t [inv'1 x] . inv'1 x = true - let rec from_b'0 (x:t_T'0) (return' (ret:uint32))= {[@expl:from_b 'x' type invariant] [%#s011] inv'0 x} - any [ return' (result:uint32)-> {[%#s012] inv'1 result} (! return' {result}) ] + let rec from_b'0 (x:t_T'0) (return' (ret:UInt32.t))= {[@expl:from_b 'x' type invariant] [%#s011] inv'0 x} + any [ return' (result:UInt32.t)-> {[%#s012] inv'1 result} (! return' {result}) ] use prelude.prelude.Intrinsic meta "compute_max_steps" 1000000 - let rec uses_generic'0 (b:t_T'0) (return' (ret:uint32))= {[@expl:uses_generic 'b' type invariant] [%#s010] inv'0 b} + let rec uses_generic'0 (b:t_T'0) (return' (ret:UInt32.t))= {[@expl:uses_generic 'b' type invariant] [%#s010] inv'0 b} (! bb0 - [ bb0 = s0 [ s0 = from_b'0 {b} (fun (_ret':uint32) -> [ &_0 <- _ret' ] s1) | s1 = bb1 ] + [ bb0 = s0 [ s0 = from_b'0 {b} (fun (_ret':UInt32.t) -> [ &_0 <- _ret' ] s1) | s1 = bb1 ] | bb1 = bb2 | bb2 = return' {_0} ] - ) [ & _0 : uint32 = any_l () | & b : t_T'0 = b ] [ return' (result:uint32)-> (! return' {result}) ] + ) [ & _0 : UInt32.t = any_l () | & b : t_T'0 = b ] [ return' (result:UInt32.t)-> (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/traits/03.coma b/creusot/tests/should_succeed/traits/03.coma index 8f2e58ebdb..c2d8c81818 100644 --- a/creusot/tests/should_succeed/traits/03.coma +++ b/creusot/tests/should_succeed/traits/03.coma @@ -1,6 +1,8 @@ module M_03__qyi14704115191559214502__f [#"03.rs" 9 4 9 23] (* *) let%span s030 = "03.rs" 10 8 10 9 + use prelude.prelude.Int + use prelude.prelude.Int32 use prelude.prelude.Intrinsic @@ -9,13 +11,15 @@ module M_03__qyi14704115191559214502__f [#"03.rs" 9 4 9 23] (* *) meta "compute_max_steps" 1000000 - let rec f'0 (self:int32) (return' (ret:int32))= (! bb0 - [ bb0 = s0 [ s0 = [ &_0 <- [%#s030] (0 : int32) ] s1 | s1 = return' {_0} ] ] - ) [ & _0 : int32 = any_l () ] [ return' (result:int32)-> (! return' {result}) ] + let rec f'0 (self:Int32.t) (return' (ret:Int32.t))= (! bb0 + [ bb0 = s0 [ s0 = [ &_0 <- [%#s030] (0 : Int32.t) ] s1 | s1 = return' {_0} ] ] + ) [ & _0 : Int32.t = any_l () ] [ return' (result:Int32.t)-> (! return' {result}) ] end module M_03__qyi2795904175370379619__g [#"03.rs" 20 4 20 23] (* *) let%span s030 = "03.rs" 21 8 21 9 + use prelude.prelude.Int + use prelude.prelude.UInt32 use prelude.prelude.Intrinsic @@ -24,9 +28,9 @@ module M_03__qyi2795904175370379619__g [#"03.rs" 20 4 20 23] (* *) meta "compute_max_steps" 1000000 - let rec g'0 (self:uint32) (return' (ret:uint32))= (! bb0 - [ bb0 = s0 [ s0 = [ &_0 <- [%#s030] (1 : uint32) ] s1 | s1 = return' {_0} ] ] - ) [ & _0 : uint32 = any_l () ] [ return' (result:uint32)-> (! return' {result}) ] + let rec g'0 (self:UInt32.t) (return' (ret:UInt32.t))= (! bb0 + [ bb0 = s0 [ s0 = [ &_0 <- [%#s030] (1 : UInt32.t) ] s1 | s1 = return' {_0} ] ] + ) [ & _0 : UInt32.t = any_l () ] [ return' (result:UInt32.t)-> (! return' {result}) ] end module M_03__qyi4233438312138697795__h [#"03.rs" 30 4 30 24] (* *) let%span s030 = "03.rs" 30 12 30 13 @@ -60,35 +64,39 @@ module M_03__qyi14704115191559214502__f__refines [#"03.rs" 9 4 9 23] (* (forall result : int32 . inv'1 result) + goal refines : [%#s030] forall self : Int32.t . inv'0 self -> (forall result : Int32.t . inv'1 result) end module M_03__qyi2795904175370379619__g__refines [#"03.rs" 20 4 20 23] (* *) let%span s030 = "03.rs" 20 4 20 23 use prelude.prelude.Borrow + use prelude.prelude.Int + use prelude.prelude.UInt32 - predicate inv'0 (_1 : uint32) + predicate inv'0 (_1 : UInt32.t) - axiom inv_axiom'0 [@rewrite] : forall x : uint32 [inv'0 x] . inv'0 x = true + axiom inv_axiom'0 [@rewrite] : forall x : UInt32.t [inv'0 x] . inv'0 x = true - predicate inv'1 (_1 : uint32) + predicate inv'1 (_1 : UInt32.t) - axiom inv_axiom'1 [@rewrite] : forall x : uint32 [inv'1 x] . inv'1 x = true + axiom inv_axiom'1 [@rewrite] : forall x : UInt32.t [inv'1 x] . inv'1 x = true - goal refines : [%#s030] forall self : uint32 . inv'0 self - -> (forall result : uint32 . result = result /\ inv'1 result) + goal refines : [%#s030] forall self : UInt32.t . inv'0 self + -> (forall result : UInt32.t . result = result /\ inv'1 result) end module M_03__qyi4233438312138697795__h__refines [#"03.rs" 30 4 30 24] (* *) let%span s030 = "03.rs" 30 4 30 24 diff --git a/creusot/tests/should_succeed/traits/06.coma b/creusot/tests/should_succeed/traits/06.coma index c08beddc4b..96f565a416 100644 --- a/creusot/tests/should_succeed/traits/06.coma +++ b/creusot/tests/should_succeed/traits/06.coma @@ -6,7 +6,9 @@ module M_06__test [#"06.rs" 9 0 11 15] let%span s064 = "06.rs" 6 31 6 40 let%span sinvariant5 = "../../../../creusot-contracts/src/invariant.rs" 24 8 24 18 - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 use prelude.prelude.Borrow @@ -25,7 +27,7 @@ module M_06__test [#"06.rs" 9 0 11 15] predicate inv'1 (_1 : t_Tgt'0) - let rec ix'0 (self:t_T'0) (ix:usize) (return' (ret:t_Tgt'0))= {[@expl:ix 'self' type invariant] [%#s063] inv'0 self} + let rec ix'0 (self:t_T'0) (ix:UInt64.t) (return' (ret:t_Tgt'0))= {[@expl:ix 'self' type invariant] [%#s063] inv'0 self} any [ return' (result:t_Tgt'0)-> {[%#s064] inv'1 result} (! return' {result}) ] use prelude.prelude.Intrinsic @@ -34,7 +36,7 @@ module M_06__test [#"06.rs" 9 0 11 15] let rec test'0 (a:t_T'0) (return' (ret:t_Tgt'0))= {[@expl:test 'a' type invariant] [%#s061] inv'0 a} (! bb0 - [ bb0 = s0 [ s0 = ix'0 {a} {[%#s060] (0 : usize)} (fun (_ret':t_Tgt'0) -> [ &_0 <- _ret' ] s1) | s1 = bb1 ] + [ bb0 = s0 [ s0 = ix'0 {a} {[%#s060] (0 : UInt64.t)} (fun (_ret':t_Tgt'0) -> [ &_0 <- _ret' ] s1) | s1 = bb1 ] | bb1 = return' {_0} ] ) [ & _0 : t_Tgt'0 = any_l () | & a : t_T'0 = a ] [ return' (result:t_Tgt'0)-> {[@expl:test result type invariant] [%#s062] inv'1 result} (! return' {result}) ] diff --git a/creusot/tests/should_succeed/traits/07.coma b/creusot/tests/should_succeed/traits/07.coma index a9264a470c..163bf3e4d7 100644 --- a/creusot/tests/should_succeed/traits/07.coma +++ b/creusot/tests/should_succeed/traits/07.coma @@ -3,11 +3,13 @@ module M_07__qyi5864428518595652275__ix [#"07.rs" 11 4 11 36] (* *) use prelude.prelude.Borrow + use prelude.prelude.Int + use prelude.prelude.Int32 meta "compute_max_steps" 1000000 - let rec ix'0 (self:int32) (return' (ret:()))= (! bb0 [ bb0 = return' {_0} ] ) [ & _0 : () = any_l () ] + let rec ix'0 (self:Int32.t) (return' (ret:()))= (! bb0 [ bb0 = return' {_0} ] ) [ & _0 : () = any_l () ] [ return' (result:())-> (! return' {result}) ] end @@ -18,45 +20,51 @@ module M_07__test [#"07.rs" 16 0 16 81] use prelude.prelude.Borrow + use prelude.prelude.Int + use prelude.prelude.UInt32 use prelude.prelude.UInt64 meta "compute_max_steps" 1000000 - let rec test'0 (_a:uint32) (_b:uint64) (return' (ret:bool))= (! bb0 + let rec test'0 (_a:UInt32.t) (_b:UInt64.t) (return' (ret:bool))= (! bb0 [ bb0 = s0 [ s0 = [ &_0 <- [%#s070] true ] s1 | s1 = return' {_0} ] ] ) [ & _0 : bool = any_l () ] [ return' (result:bool)-> (! return' {result}) ] end module M_07__test2 [#"07.rs" 20 0 20 21] use prelude.prelude.Borrow + use prelude.prelude.Int + use prelude.prelude.Int32 - let rec ix'0 (self:int32) (return' (ret:()))= any [ return' (result:())-> (! return' {result}) ] + let rec ix'0 (self:Int32.t) (return' (ret:()))= any [ return' (result:())-> (! return' {result}) ] use prelude.prelude.Intrinsic meta "compute_max_steps" 1000000 - let rec test2'0 (a:int32) (return' (ret:()))= (! bb0 + let rec test2'0 (a:Int32.t) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = ix'0 {a} (fun (_ret':()) -> [ &_0 <- _ret' ] s1) | s1 = bb1 ] | bb1 = return' {_0} ] - ) [ & _0 : () = any_l () | & a : int32 = a ] [ return' (result:())-> (! return' {result}) ] + ) [ & _0 : () = any_l () | & a : Int32.t = a ] [ return' (result:())-> (! return' {result}) ] end module M_07__qyi5864428518595652275__ix__refines [#"07.rs" 11 4 11 36] (* *) let%span s070 = "07.rs" 11 4 11 36 use prelude.prelude.Borrow + use prelude.prelude.Int + use prelude.prelude.Int32 - predicate inv'0 (_1 : int32) + predicate inv'0 (_1 : Int32.t) - axiom inv_axiom'0 [@rewrite] : forall x : int32 [inv'0 x] . inv'0 x = true + axiom inv_axiom'0 [@rewrite] : forall x : Int32.t [inv'0 x] . inv'0 x = true predicate inv'1 (_1 : ()) axiom inv_axiom'1 [@rewrite] : forall x : () [inv'1 x] . inv'1 x = true - goal refines : [%#s070] forall self : int32 . inv'0 self -> (forall result : () . inv'1 result) + goal refines : [%#s070] forall self : Int32.t . inv'0 self -> (forall result : () . inv'1 result) end diff --git a/creusot/tests/should_succeed/traits/09.coma b/creusot/tests/should_succeed/traits/09.coma index 8063dd1e5c..833196ee52 100644 --- a/creusot/tests/should_succeed/traits/09.coma +++ b/creusot/tests/should_succeed/traits/09.coma @@ -3,15 +3,18 @@ module M_09__test [#"09.rs" 7 0 7 43] use prelude.prelude.UInt32 + use prelude.prelude.Int + use prelude.prelude.Intrinsic meta "compute_max_steps" 1000000 - let rec test'0 (t:uint32) (return' (ret:uint32))= (! bb0 + let rec test'0 (t:UInt32.t) (return' (ret:UInt32.t))= (! bb0 [ bb0 = s0 - [ s0 = UInt32.add {t} {[%#s090] (0 : uint32)} (fun (_ret':uint32) -> [ &_0 <- _ret' ] s1) | s1 = return' {_0} ] + [ s0 = UInt32.add {t} {[%#s090] (0 : UInt32.t)} (fun (_ret':UInt32.t) -> [ &_0 <- _ret' ] s1) + | s1 = return' {_0} ] ] - ) [ & _0 : uint32 = any_l () | & t : uint32 = t ] [ return' (result:uint32)-> (! return' {result}) ] + ) [ & _0 : UInt32.t = any_l () | & t : UInt32.t = t ] [ return' (result:UInt32.t)-> (! return' {result}) ] end module M_09__test2 [#"09.rs" 11 0 11 53] let%span s090 = "09.rs" 11 37 11 38 diff --git a/creusot/tests/should_succeed/traits/12_default_method.coma b/creusot/tests/should_succeed/traits/12_default_method.coma index 9098b2207c..5a1cbab696 100644 --- a/creusot/tests/should_succeed/traits/12_default_method.coma +++ b/creusot/tests/should_succeed/traits/12_default_method.coma @@ -3,6 +3,8 @@ module M_12_default_method__T__default [#"12_default_method.rs" 6 4 6 28] let%span s12_default_method1 = "12_default_method.rs" 6 16 6 20 let%span sinvariant2 = "../../../../creusot-contracts/src/invariant.rs" 24 8 24 18 + use prelude.prelude.Int + use prelude.prelude.UInt32 use prelude.prelude.Intrinsic @@ -22,10 +24,10 @@ module M_12_default_method__T__default [#"12_default_method.rs" 6 4 6 28] meta "compute_max_steps" 1000000 - let rec default'0 (self:t_Self'0) (return' (ret:uint32))= {[@expl:default 'self' type invariant] [%#s12_default_method1] inv'0 self} - (! bb0 [ bb0 = s0 [ s0 = [ &_0 <- [%#s12_default_method0] (0 : uint32) ] s1 | s1 = return' {_0} ] ] ) - [ & _0 : uint32 = any_l () ] - [ return' (result:uint32)-> (! return' {result}) ] + let rec default'0 (self:t_Self'0) (return' (ret:UInt32.t))= {[@expl:default 'self' type invariant] [%#s12_default_method1] inv'0 self} + (! bb0 [ bb0 = s0 [ s0 = [ &_0 <- [%#s12_default_method0] (0 : UInt32.t) ] s1 | s1 = return' {_0} ] ] ) + [ & _0 : UInt32.t = any_l () ] + [ return' (result:UInt32.t)-> (! return' {result}) ] end module M_12_default_method__should_use_impl [#"12_default_method.rs" 20 0 20 30] let%span s12_default_method0 = "12_default_method.rs" 19 10 19 27 @@ -34,25 +36,27 @@ module M_12_default_method__should_use_impl [#"12_default_method.rs" 20 0 20 30] use prelude.prelude.Borrow + use prelude.prelude.Int + use prelude.prelude.UInt32 - predicate inv'0 (_1 : uint32) + predicate inv'0 (_1 : UInt32.t) - axiom inv_axiom'0 [@rewrite] : forall x : uint32 [inv'0 x] . inv'0 x = true + axiom inv_axiom'0 [@rewrite] : forall x : UInt32.t [inv'0 x] . inv'0 x = true - let rec default'0 (self:uint32) (return' (ret:uint32))= {[@expl:default 'self' type invariant] [%#s12_default_method1] inv'0 self} - any [ return' (result:uint32)-> (! return' {result}) ] + let rec default'0 (self:UInt32.t) (return' (ret:UInt32.t))= {[@expl:default 'self' type invariant] [%#s12_default_method1] inv'0 self} + any [ return' (result:UInt32.t)-> (! return' {result}) ] use prelude.prelude.Intrinsic - function logic_default'0 [#"12_default_method.rs" 12 4 12 34] (self : uint32) : bool = + function logic_default'0 [#"12_default_method.rs" 12 4 12 34] (self : UInt32.t) : bool = [%#s12_default_method2] true meta "compute_max_steps" 1000000 - let rec should_use_impl'0 (x:uint32) (return' (ret:()))= (! bb0 - [ bb0 = s0 [ s0 = default'0 {x} (fun (_ret':uint32) -> [ &_3 <- _ret' ] s1) | s1 = bb1 ] | bb1 = return' {_0} ] - ) [ & _0 : () = any_l () | & x : uint32 = x | & _3 : uint32 = any_l () ] + let rec should_use_impl'0 (x:UInt32.t) (return' (ret:()))= (! bb0 + [ bb0 = s0 [ s0 = default'0 {x} (fun (_ret':UInt32.t) -> [ &_3 <- _ret' ] s1) | s1 = bb1 ] | bb1 = return' {_0} ] + ) [ & _0 : () = any_l () | & x : UInt32.t = x | & _3 : UInt32.t = any_l () ] [ return' (result:())-> {[@expl:should_use_impl ensures] [%#s12_default_method0] logic_default'0 x} (! return' {result}) ] diff --git a/creusot/tests/should_succeed/traits/16_impl_cloning.coma b/creusot/tests/should_succeed/traits/16_impl_cloning.coma index 35e230cfd1..631faa28a5 100644 --- a/creusot/tests/should_succeed/traits/16_impl_cloning.coma +++ b/creusot/tests/should_succeed/traits/16_impl_cloning.coma @@ -19,27 +19,27 @@ module M_16_impl_cloning__test [#"16_impl_cloning.rs" 16 0 16 30] type t_Unique'0 = { t_Unique__pointer'0: t_NonNull'0; t_Unique__qy95zmarker'0: () } - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 type t_Cap'0 = - { t_Cap__0'0: usize } + { t_Cap__0'0: UInt64.t } type t_RawVec'0 = { t_RawVec__ptr'0: t_Unique'0; t_RawVec__cap'0: t_Cap'0; t_RawVec__alloc'0: () } type t_Vec'1 = - { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: usize } + { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: UInt64.t } type t_Vec'0 = { t_Vec__0'0: t_Vec'1 } use seq.Seq - constant v_MAX'0 : usize = (18446744073709551615 : usize) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.UIntSize - - use prelude.prelude.Int + use prelude.prelude.UInt64 type t_T'0 @@ -47,7 +47,7 @@ module M_16_impl_cloning__test [#"16_impl_cloning.rs" 16 0 16 30] function view'2 (self : t_Vec'1) : Seq.seq t_T'0 - axiom view'2_spec : forall self : t_Vec'1 . [%#svec6] Seq.length (view'2 self) <= UIntSize.to_int (v_MAX'0 : usize) + axiom view'2_spec : forall self : t_Vec'1 . [%#svec6] Seq.length (view'2 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) use seq.Seq diff --git a/creusot/tests/should_succeed/trigger2.coma b/creusot/tests/should_succeed/trigger2.coma index 7a2da343a7..e08af331bd 100644 --- a/creusot/tests/should_succeed/trigger2.coma +++ b/creusot/tests/should_succeed/trigger2.coma @@ -16,24 +16,24 @@ module M_trigger2__resolve_seq [#"trigger2.rs" 6 0 6 43] type t_Unique'0 = { t_Unique__pointer'0: t_NonNull'0; t_Unique__qy95zmarker'0: () } - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 type t_Cap'0 = - { t_Cap__0'0: usize } + { t_Cap__0'0: UInt64.t } type t_RawVec'0 = { t_RawVec__ptr'0: t_Unique'0; t_RawVec__cap'0: t_Cap'0; t_RawVec__alloc'0: () } type t_Vec'0 = - { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: usize } - - use prelude.prelude.Int + { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: UInt64.t } use seq.Seq - constant v_MAX'0 : usize = (18446744073709551615 : usize) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 type t_T'0 @@ -41,7 +41,7 @@ module M_trigger2__resolve_seq [#"trigger2.rs" 6 0 6 43] function view'0 (self : t_Vec'0) : Seq.seq (borrowed t_T'0) - axiom view'0_spec : forall self : t_Vec'0 . [%#svec1] Seq.length (view'0 self) <= UIntSize.to_int (v_MAX'0 : usize) + axiom view'0_spec : forall self : t_Vec'0 . [%#svec1] Seq.length (view'0 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) use seq.Seq @@ -88,24 +88,24 @@ module M_trigger2__resolve_seq2 [#"trigger2.rs" 16 0 16 48] type t_Unique'0 = { t_Unique__pointer'0: t_NonNull'0; t_Unique__qy95zmarker'0: () } - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 type t_Cap'0 = - { t_Cap__0'0: usize } + { t_Cap__0'0: UInt64.t } type t_RawVec'0 = { t_RawVec__ptr'0: t_Unique'0; t_RawVec__cap'0: t_Cap'0; t_RawVec__alloc'0: () } type t_Vec'0 = - { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: usize } - - use prelude.prelude.Int + { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: UInt64.t } use seq.Seq - constant v_MAX'0 : usize = (18446744073709551615 : usize) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 type t_T'0 @@ -113,7 +113,7 @@ module M_trigger2__resolve_seq2 [#"trigger2.rs" 16 0 16 48] function view'0 (self : t_Vec'0) : Seq.seq (borrowed t_T'0) - axiom view'0_spec : forall self : t_Vec'0 . [%#svec5] Seq.length (view'0 self) <= UIntSize.to_int (v_MAX'0 : usize) + axiom view'0_spec : forall self : t_Vec'0 . [%#svec5] Seq.length (view'0 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) use seq.Seq diff --git a/creusot/tests/should_succeed/type_invariants/generated.coma b/creusot/tests/should_succeed/type_invariants/generated.coma index 94c74fc0ff..3d13a976b5 100644 --- a/creusot/tests/should_succeed/type_invariants/generated.coma +++ b/creusot/tests/should_succeed/type_invariants/generated.coma @@ -6,27 +6,27 @@ module M_generated__use_foo [#"generated.rs" 19 0 19 61] use prelude.prelude.Borrow + use prelude.prelude.Int + use prelude.prelude.Int32 type t_Sum10'0 = - { t_Sum10__0'0: int32; t_Sum10__1'0: int32 } + { t_Sum10__0'0: Int32.t; t_Sum10__1'0: Int32.t } - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 use prelude.prelude.UInt32 type t_Foo'1 = - | C_A'1 (borrowed (t_Sum10'0)) usize - | C_B'1 uint32 + | C_A'1 (borrowed (t_Sum10'0)) UInt64.t + | C_B'1 UInt32.t type t_Foo'0 = - | C_A'0 (borrowed (t_Sum10'0)) usize + | C_A'0 (borrowed (t_Sum10'0)) UInt64.t | C_B'0 (t_Foo'1, borrowed (t_Sum10'0)) use prelude.prelude.Int32 - use prelude.prelude.Int - predicate invariant'1 [#"generated.rs" 9 4 9 30] (self : t_Sum10'0) = [%#sgenerated3] Int32.to_int self.t_Sum10__0'0 + Int32.to_int self.t_Sum10__1'0 = 10 diff --git a/creusot/tests/should_succeed/type_invariants/non_zero.coma b/creusot/tests/should_succeed/type_invariants/non_zero.coma index 885ad7ff3c..b0d9c32955 100644 --- a/creusot/tests/should_succeed/type_invariants/non_zero.coma +++ b/creusot/tests/should_succeed/type_invariants/non_zero.coma @@ -3,19 +3,19 @@ module M_non_zero__qyi12916758414494363779__new [#"non_zero.rs" 16 4 16 30] (* N let%span snon_zero1 = "non_zero.rs" 16 26 16 30 let%span snon_zero2 = "non_zero.rs" 10 20 10 31 + use prelude.prelude.Int + use prelude.prelude.UInt32 type t_NonZeroU32'0 = - { t_NonZeroU32__0'0: uint32 } + { t_NonZeroU32__0'0: UInt32.t } use prelude.prelude.Intrinsic use prelude.prelude.UInt32 - use prelude.prelude.Int - predicate invariant'0 [#"non_zero.rs" 9 4 9 30] (self : t_NonZeroU32'0) = - [%#snon_zero2] UInt32.to_int self.t_NonZeroU32__0'0 > 0 + [%#snon_zero2] UInt32.to_uint self.t_NonZeroU32__0'0 > 0 predicate inv'0 (_1 : t_NonZeroU32'0) @@ -27,9 +27,9 @@ module M_non_zero__qyi12916758414494363779__new [#"non_zero.rs" 16 4 16 30] (* N meta "compute_max_steps" 1000000 - let rec new'0 (n:uint32) (return' (ret:t_NonZeroU32'0))= {[@expl:new requires] [%#snon_zero0] UInt32.to_int n > 0} + let rec new'0 (n:UInt32.t) (return' (ret:t_NonZeroU32'0))= {[@expl:new requires] [%#snon_zero0] UInt32.to_uint n > 0} (! bb0 [ bb0 = s0 [ s0 = [ &_0 <- { t_NonZeroU32__0'0 = n } ] s1 | s1 = return' {_0} ] ] ) - [ & _0 : t_NonZeroU32'0 = any_l () | & n : uint32 = n ] + [ & _0 : t_NonZeroU32'0 = any_l () | & n : UInt32.t = n ] [ return' (result:t_NonZeroU32'0)-> {[@expl:new result type invariant] [%#snon_zero1] inv'0 result} (! return' {result}) ] @@ -44,17 +44,17 @@ module M_non_zero__qyi12916758414494363779__add [#"non_zero.rs" 21 4 21 39] (* N use prelude.prelude.UInt32 + use prelude.prelude.Int + type t_NonZeroU32'0 = - { t_NonZeroU32__0'0: uint32 } + { t_NonZeroU32__0'0: UInt32.t } use prelude.prelude.Intrinsic use prelude.prelude.UInt32 - use prelude.prelude.Int - predicate invariant'0 [#"non_zero.rs" 9 4 9 30] (self : t_NonZeroU32'0) = - [%#snon_zero4] UInt32.to_int self.t_NonZeroU32__0'0 > 0 + [%#snon_zero4] UInt32.to_uint self.t_NonZeroU32__0'0 > 0 predicate inv'0 (_1 : t_NonZeroU32'0) @@ -64,17 +64,17 @@ module M_non_zero__qyi12916758414494363779__add [#"non_zero.rs" 21 4 21 39] (* N | {t_NonZeroU32__0'0 = a_0} -> true end) - constant v_MAX'0 : uint32 = (4294967295 : uint32) + constant v_MAX'0 : UInt32.t = (4294967295 : UInt32.t) meta "compute_max_steps" 1000000 let rec add'0 (self:t_NonZeroU32'0) (rhs:t_NonZeroU32'0) (return' (ret:t_NonZeroU32'0))= {[@expl:add 'self' type invariant] [%#snon_zero0] inv'0 self} {[@expl:add 'rhs' type invariant] [%#snon_zero1] inv'0 rhs} - {[@expl:add requires] [%#snon_zero2] UInt32.to_int self.t_NonZeroU32__0'0 + UInt32.to_int rhs.t_NonZeroU32__0'0 - <= UInt32.to_int (v_MAX'0 : uint32)} + {[@expl:add requires] [%#snon_zero2] UInt32.to_uint self.t_NonZeroU32__0'0 + UInt32.to_uint rhs.t_NonZeroU32__0'0 + <= UInt32.to_uint (v_MAX'0 : UInt32.t)} (! bb0 [ bb0 = s0 - [ s0 = UInt32.add {self.t_NonZeroU32__0'0} {rhs.t_NonZeroU32__0'0} (fun (_ret':uint32) -> [ &_4 <- _ret' ] s1) + [ s0 = UInt32.add {self.t_NonZeroU32__0'0} {rhs.t_NonZeroU32__0'0} (fun (_ret':UInt32.t) -> [ &_4 <- _ret' ] s1) | s1 = [ &_0 <- { t_NonZeroU32__0'0 = _4 } ] s2 | s2 = return' {_0} ] ] @@ -82,7 +82,7 @@ module M_non_zero__qyi12916758414494363779__add [#"non_zero.rs" 21 4 21 39] (* N [ & _0 : t_NonZeroU32'0 = any_l () | & self : t_NonZeroU32'0 = self | & rhs : t_NonZeroU32'0 = rhs - | & _4 : uint32 = any_l () ] + | & _4 : UInt32.t = any_l () ] [ return' (result:t_NonZeroU32'0)-> {[@expl:add result type invariant] [%#snon_zero3] inv'0 result} (! return' {result}) ] @@ -95,17 +95,17 @@ module M_non_zero__qyi12916758414494363779__sub_pre_trans [#"non_zero.rs" 36 4 3 let%span snon_zero3 = "non_zero.rs" 31 4 31 12 let%span snon_zero4 = "non_zero.rs" 28 20 28 36 + use prelude.prelude.Int + use prelude.prelude.UInt32 type t_NonZeroU32'0 = - { t_NonZeroU32__0'0: uint32 } + { t_NonZeroU32__0'0: UInt32.t } use prelude.prelude.UInt32 - use prelude.prelude.Int - predicate sub_pre'0 [#"non_zero.rs" 27 4 27 43] (self : t_NonZeroU32'0) (rhs : t_NonZeroU32'0) = - [%#snon_zero4] UInt32.to_int self.t_NonZeroU32__0'0 > UInt32.to_int rhs.t_NonZeroU32__0'0 + [%#snon_zero4] UInt32.to_uint self.t_NonZeroU32__0'0 > UInt32.to_uint rhs.t_NonZeroU32__0'0 constant a : t_NonZeroU32'0 @@ -129,17 +129,17 @@ module M_non_zero__qyi12916758414494363779__sub [#"non_zero.rs" 40 4 40 39] (* N use prelude.prelude.UInt32 + use prelude.prelude.Int + type t_NonZeroU32'0 = - { t_NonZeroU32__0'0: uint32 } + { t_NonZeroU32__0'0: UInt32.t } use prelude.prelude.Intrinsic use prelude.prelude.UInt32 - use prelude.prelude.Int - predicate invariant'0 [#"non_zero.rs" 9 4 9 30] (self : t_NonZeroU32'0) = - [%#snon_zero5] UInt32.to_int self.t_NonZeroU32__0'0 > 0 + [%#snon_zero5] UInt32.to_uint self.t_NonZeroU32__0'0 > 0 predicate inv'0 (_1 : t_NonZeroU32'0) @@ -150,7 +150,7 @@ module M_non_zero__qyi12916758414494363779__sub [#"non_zero.rs" 40 4 40 39] (* N end) predicate sub_pre'0 [#"non_zero.rs" 27 4 27 43] (self : t_NonZeroU32'0) (rhs : t_NonZeroU32'0) = - [%#snon_zero4] UInt32.to_int self.t_NonZeroU32__0'0 > UInt32.to_int rhs.t_NonZeroU32__0'0 + [%#snon_zero4] UInt32.to_uint self.t_NonZeroU32__0'0 > UInt32.to_uint rhs.t_NonZeroU32__0'0 meta "compute_max_steps" 1000000 @@ -159,7 +159,7 @@ module M_non_zero__qyi12916758414494363779__sub [#"non_zero.rs" 40 4 40 39] (* N {[@expl:sub requires] [%#snon_zero2] sub_pre'0 self rhs} (! bb0 [ bb0 = s0 - [ s0 = UInt32.sub {self.t_NonZeroU32__0'0} {rhs.t_NonZeroU32__0'0} (fun (_ret':uint32) -> [ &_4 <- _ret' ] s1) + [ s0 = UInt32.sub {self.t_NonZeroU32__0'0} {rhs.t_NonZeroU32__0'0} (fun (_ret':UInt32.t) -> [ &_4 <- _ret' ] s1) | s1 = [ &_0 <- { t_NonZeroU32__0'0 = _4 } ] s2 | s2 = return' {_0} ] ] @@ -167,7 +167,7 @@ module M_non_zero__qyi12916758414494363779__sub [#"non_zero.rs" 40 4 40 39] (* N [ & _0 : t_NonZeroU32'0 = any_l () | & self : t_NonZeroU32'0 = self | & rhs : t_NonZeroU32'0 = rhs - | & _4 : uint32 = any_l () ] + | & _4 : UInt32.t = any_l () ] [ return' (result:t_NonZeroU32'0)-> {[@expl:sub result type invariant] [%#snon_zero3] inv'0 result} (! return' {result}) ] diff --git a/creusot/tests/should_succeed/type_invariants/vec_inv.coma b/creusot/tests/should_succeed/type_invariants/vec_inv.coma index 15ebb30a14..7489ed0092 100644 --- a/creusot/tests/should_succeed/type_invariants/vec_inv.coma +++ b/creusot/tests/should_succeed/type_invariants/vec_inv.coma @@ -20,37 +20,37 @@ module M_vec_inv__vec [#"vec_inv.rs" 18 0 18 32] type t_Unique'0 = { t_Unique__pointer'0: t_NonNull'0; t_Unique__qy95zmarker'0: () } - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 type t_Cap'0 = - { t_Cap__0'0: usize } + { t_Cap__0'0: UInt64.t } type t_RawVec'0 = { t_RawVec__ptr'0: t_Unique'0; t_RawVec__cap'0: t_Cap'0; t_RawVec__alloc'0: () } type t_Vec'0 = - { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: usize } + { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: UInt64.t } use seq.Seq - constant v_MAX'0 : usize = (18446744073709551615 : usize) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.UIntSize - - use prelude.prelude.Int + use prelude.prelude.UInt64 use prelude.prelude.Borrow use prelude.prelude.Int32 type t_SumTo10'0 = - { t_SumTo10__a'0: int32; t_SumTo10__b'0: int32 } + { t_SumTo10__a'0: Int32.t; t_SumTo10__b'0: Int32.t } use seq.Seq function view'0 (self : t_Vec'0) : Seq.seq (borrowed (t_SumTo10'0)) - axiom view'0_spec : forall self : t_Vec'0 . [%#svec4] Seq.length (view'0 self) <= UIntSize.to_int (v_MAX'0 : usize) + axiom view'0_spec : forall self : t_Vec'0 . [%#svec4] Seq.length (view'0 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) use seq.Seq diff --git a/creusot/tests/should_succeed/unnest.coma b/creusot/tests/should_succeed/unnest.coma index 2342095c11..c64054c010 100644 --- a/creusot/tests/should_succeed/unnest.coma +++ b/creusot/tests/should_succeed/unnest.coma @@ -6,39 +6,45 @@ module M_unnest__unnest [#"unnest.rs" 8 0 8 64] use prelude.prelude.Borrow + use prelude.prelude.Int + use prelude.prelude.UInt32 - predicate resolve'2 (self : borrowed uint32) = + predicate resolve'2 (self : borrowed UInt32.t) = [%#sresolve3] self.final = self.current - predicate resolve'0 (_1 : borrowed uint32) = + predicate resolve'0 (_1 : borrowed UInt32.t) = resolve'2 _1 - predicate resolve'3 (self : borrowed (borrowed uint32)) = + predicate resolve'3 (self : borrowed (borrowed UInt32.t)) = [%#sresolve3] self.final = self.current - predicate resolve'1 (_1 : borrowed (borrowed uint32)) = + predicate resolve'1 (_1 : borrowed (borrowed UInt32.t)) = resolve'3 _1 use prelude.prelude.Intrinsic meta "compute_max_steps" 1000000 - let rec unnest'0 (x:borrowed (borrowed uint32)) (return' (ret:borrowed uint32))= (! bb0 + let rec unnest'0 (x:borrowed (borrowed UInt32.t)) (return' (ret:borrowed UInt32.t))= (! bb0 [ bb0 = s0 - [ s0 = Borrow.borrow_mut {(x.current).current} - (fun (_ret':borrowed uint32) -> + [ s0 = Borrow.borrow_mut {(x.current).current} + (fun (_ret':borrowed UInt32.t) -> [ &_2 <- _ret' ] [ &x <- { x with current = { x.current with current = _ret'.final } } ] s1) - | s1 = Borrow.borrow_final {_2.current} {Borrow.get_id _2} - (fun (_ret':borrowed uint32) -> [ &_0 <- _ret' ] [ &_2 <- { _2 with current = _ret'.final } ] s2) + | s1 = Borrow.borrow_final {_2.current} {Borrow.get_id _2} + (fun (_ret':borrowed UInt32.t) -> [ &_0 <- _ret' ] [ &_2 <- { _2 with current = _ret'.final } ] s2) | s2 = -{resolve'0 _2}- s3 | s3 = -{resolve'1 x}- s4 | s4 = return' {_0} ] ] - ) [ & _0 : borrowed uint32 = any_l () | & x : borrowed (borrowed uint32) = x | & _2 : borrowed uint32 = any_l () ] - [ return' (result:borrowed uint32)-> {[@expl:unnest ensures #0] [%#sunnest0] result.current = (x.current).current} + ) + [ & _0 : borrowed UInt32.t = any_l () + | & x : borrowed (borrowed UInt32.t) = x + | & _2 : borrowed UInt32.t = any_l () ] + + [ return' (result:borrowed UInt32.t)-> {[@expl:unnest ensures #0] [%#sunnest0] result.current = (x.current).current} {[@expl:unnest ensures #1] [%#sunnest1] result.final = (x.final).current} {[@expl:unnest ensures #2] [%#sunnest2] (x.current).final = (x.final).final} (! return' {result}) ] diff --git a/creusot/tests/should_succeed/unused_in_loop.coma b/creusot/tests/should_succeed/unused_in_loop.coma index aa076ada70..027ffd770e 100644 --- a/creusot/tests/should_succeed/unused_in_loop.coma +++ b/creusot/tests/should_succeed/unused_in_loop.coma @@ -3,21 +3,23 @@ module M_unused_in_loop__unused_in_loop [#"unused_in_loop.rs" 5 0 5 37] let%span sunused_in_loop1 = "unused_in_loop.rs" 7 16 7 20 let%span sunused_in_loop2 = "unused_in_loop.rs" 4 10 4 25 + use prelude.prelude.Int + use prelude.prelude.UInt32 use prelude.prelude.Intrinsic meta "compute_max_steps" 1000000 - let rec unused_in_loop'0 (b:bool) (return' (ret:uint32))= (! bb0 - [ bb0 = s0 [ s0 = [ &x <- [%#sunused_in_loop0] (10 : uint32) ] s1 | s1 = bb1 ] + let rec unused_in_loop'0 (b:bool) (return' (ret:UInt32.t))= (! bb0 + [ bb0 = s0 [ s0 = [ &x <- [%#sunused_in_loop0] (10 : UInt32.t) ] s1 | s1 = bb1 ] | bb1 = bb1 [ bb1 = {[@expl:loop invariant] [%#sunused_in_loop1] true} (! s0) [ s0 = bb2 ] [ bb2 = any [ br0 -> {b = false} (! bb4) | br1 -> {b} (! bb3) ] | bb4 = bb1 ] ] | bb3 = s0 [ s0 = [ &_0 <- x ] s1 | s1 = return' {_0} ] ] - ) [ & _0 : uint32 = any_l () | & b : bool = b | & x : uint32 = any_l () ] - [ return' (result:uint32)-> {[@expl:unused_in_loop ensures] [%#sunused_in_loop2] result = (10 : uint32)} + ) [ & _0 : UInt32.t = any_l () | & b : bool = b | & x : UInt32.t = any_l () ] + [ return' (result:UInt32.t)-> {[@expl:unused_in_loop ensures] [%#sunused_in_loop2] result = (10 : UInt32.t)} (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/vecdeque.coma b/creusot/tests/should_succeed/vecdeque.coma index 20cfcff360..b0bfe24f87 100644 --- a/creusot/tests/should_succeed/vecdeque.coma +++ b/creusot/tests/should_succeed/vecdeque.coma @@ -34,17 +34,17 @@ module M_vecdeque__test_deque [#"vecdeque.rs" 5 0 5 19] let%span sseq32 = "../../../creusot-contracts/src/logic/seq.rs" 150 8 150 27 let%span smodel33 = "../../../creusot-contracts/src/model.rs" 79 8 79 28 let%span soption34 = "../../../creusot-contracts/src/std/option.rs" 11 8 14 9 - let%span snum35 = "../../../creusot-contracts/src/std/num.rs" 21 28 21 33 + let%span snum35 = "../../../creusot-contracts/src/std/num.rs" 52 28 52 33 - use prelude.prelude.UIntSize + use prelude.prelude.Int - use seq.Seq + use prelude.prelude.UInt64 - constant v_MAX'0 : usize = (18446744073709551615 : usize) + use seq.Seq - use prelude.prelude.UIntSize + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.Int + use prelude.prelude.UInt64 use prelude.prelude.Opaque @@ -55,24 +55,24 @@ module M_vecdeque__test_deque [#"vecdeque.rs" 5 0 5 19] { t_Unique__pointer'0: t_NonNull'0; t_Unique__qy95zmarker'0: () } type t_Cap'0 = - { t_Cap__0'0: usize } + { t_Cap__0'0: UInt64.t } type t_RawVec'0 = { t_RawVec__ptr'0: t_Unique'0; t_RawVec__cap'0: t_Cap'0; t_RawVec__alloc'0: () } type t_VecDeque'0 = - { t_VecDeque__head'0: usize; t_VecDeque__len'0: usize; t_VecDeque__buf'0: t_RawVec'0 } + { t_VecDeque__head'0: UInt64.t; t_VecDeque__len'0: UInt64.t; t_VecDeque__buf'0: t_RawVec'0 } use prelude.prelude.UInt32 use seq.Seq - function view'0 (self : t_VecDeque'0) : Seq.seq uint32 + function view'0 (self : t_VecDeque'0) : Seq.seq UInt32.t axiom view'0_spec : forall self : t_VecDeque'0 . [%#sdeque29] Seq.length (view'0 self) - <= UIntSize.to_int (v_MAX'0 : usize) + <= UInt64.to_uint (v_MAX'0 : UInt64.t) - let rec with_capacity'0 (capacity:usize) (return' (ret:t_VecDeque'0))= any + let rec with_capacity'0 (capacity:UInt64.t) (return' (ret:t_VecDeque'0))= any [ return' (result:t_VecDeque'0)-> {[%#sdeque16] Seq.length (view'0 result) = 0} (! return' {result}) ] @@ -82,15 +82,15 @@ module M_vecdeque__test_deque [#"vecdeque.rs" 5 0 5 19] axiom inv_axiom'0 [@rewrite] : forall x : t_VecDeque'0 [inv'0 x] . inv'0 x = true - function view'1 (self : t_VecDeque'0) : Seq.seq uint32 = + function view'1 (self : t_VecDeque'0) : Seq.seq UInt32.t = [%#smodel30] view'0 self let rec is_empty'0 (self:t_VecDeque'0) (return' (ret:bool))= {[@expl:is_empty 'self' type invariant] inv'0 self} any [ return' (result:bool)-> {[%#sdeque17] result = (Seq.length (view'1 self) = 0)} (! return' {result}) ] - let rec len'0 (self:t_VecDeque'0) (return' (ret:usize))= {[@expl:len 'self' type invariant] inv'0 self} + let rec len'0 (self:t_VecDeque'0) (return' (ret:UInt64.t))= {[@expl:len 'self' type invariant] inv'0 self} any - [ return' (result:usize)-> {[%#sdeque18] UIntSize.to_int result = Seq.length (view'1 self)} (! return' {result}) ] + [ return' (result:UInt64.t)-> {[%#sdeque18] UInt64.to_uint result = Seq.length (view'1 self)} (! return' {result}) ] let rec new'0 (_1:()) (return' (ret:t_VecDeque'0))= any @@ -103,20 +103,20 @@ module M_vecdeque__test_deque [#"vecdeque.rs" 5 0 5 19] type t_Option'0 = | C_None'0 - | C_Some'0 uint32 + | C_Some'0 UInt32.t predicate inv'2 (_1 : t_Option'0) axiom inv_axiom'2 [@rewrite] : forall x : t_Option'0 [inv'2 x] . inv'2 x = true - function view'2 (self : borrowed (t_VecDeque'0)) : Seq.seq uint32 = + function view'2 (self : borrowed (t_VecDeque'0)) : Seq.seq UInt32.t = [%#smodel31] view'0 self.current use seq.Seq use seq.Seq - function push_front'1 [@inline:trivial] (self : Seq.seq uint32) (x : uint32) : Seq.seq uint32 = + function push_front'1 [@inline:trivial] (self : Seq.seq UInt32.t) (x : UInt32.t) : Seq.seq UInt32.t = [%#sseq32] Seq.cons x self let rec pop_front'0 (self:borrowed (t_VecDeque'0)) (return' (ret:t_Option'0))= {[@expl:pop_front 'self' type invariant] inv'1 self} @@ -148,8 +148,8 @@ module M_vecdeque__test_deque [#"vecdeque.rs" 5 0 5 19] use prelude.prelude.UInt32 - function deep_model'2 (self : uint32) : int = - [%#snum35] UInt32.to_int self + function deep_model'2 (self : UInt32.t) : int = + [%#snum35] UInt32.to_uint self function deep_model'1 (self : t_Option'0) : t_Option'1 = [%#soption34] match self with @@ -185,11 +185,11 @@ module M_vecdeque__test_deque [#"vecdeque.rs" 5 0 5 19] [ return' (result:t_Option'0)-> return' {result} ] - predicate inv'4 (_1 : uint32) + predicate inv'4 (_1 : UInt32.t) - axiom inv_axiom'4 [@rewrite] : forall x : uint32 [inv'4 x] . inv'4 x = true + axiom inv_axiom'4 [@rewrite] : forall x : UInt32.t [inv'4 x] . inv'4 x = true - let rec push_front'0 (self:borrowed (t_VecDeque'0)) (value:uint32) (return' (ret:()))= {[@expl:push_front 'self' type invariant] inv'1 self} + let rec push_front'0 (self:borrowed (t_VecDeque'0)) (value:UInt32.t) (return' (ret:()))= {[@expl:push_front 'self' type invariant] inv'1 self} {[@expl:push_front 'value' type invariant] inv'4 value} any [ return' (result:())-> {[%#sdeque23] Seq.length (view'0 self.final) = Seq.length (view'2 self) + 1} @@ -197,13 +197,13 @@ module M_vecdeque__test_deque [#"vecdeque.rs" 5 0 5 19] (! return' {result}) ] - let rec push_back'0 (self:borrowed (t_VecDeque'0)) (value:uint32) (return' (ret:()))= {[@expl:push_back 'self' type invariant] inv'1 self} + let rec push_back'0 (self:borrowed (t_VecDeque'0)) (value:UInt32.t) (return' (ret:()))= {[@expl:push_back 'self' type invariant] inv'1 self} {[@expl:push_back 'value' type invariant] inv'4 value} any [ return' (result:())-> {[%#sdeque25] view'0 self.final = Seq.snoc (view'2 self) value} (! return' {result}) ] let rec promoted1__test_deque'0 (return' (ret:t_Option'0))= bb0 [ bb0 = s0 - [ s0 = [ &_1 <- C_Some'0 ([%#svecdeque26] (2 : uint32)) ] s1 | s1 = [ &_0 <- _1 ] s2 | s2 = return' {_0} ] + [ s0 = [ &_1 <- C_Some'0 ([%#svecdeque26] (2 : UInt32.t)) ] s1 | s1 = [ &_0 <- _1 ] s2 | s2 = return' {_0} ] ] [ & _0 : t_Option'0 = any_l () | & _1 : t_Option'0 = any_l () ] [ return' (result:t_Option'0)-> return' {result} ] @@ -211,7 +211,7 @@ module M_vecdeque__test_deque [#"vecdeque.rs" 5 0 5 19] let rec promoted0__test_deque'0 (return' (ret:t_Option'0))= bb0 [ bb0 = s0 - [ s0 = [ &_1 <- C_Some'0 ([%#svecdeque27] (3 : uint32)) ] s1 | s1 = [ &_0 <- _1 ] s2 | s2 = return' {_0} ] + [ s0 = [ &_1 <- C_Some'0 ([%#svecdeque27] (3 : UInt32.t)) ] s1 | s1 = [ &_0 <- _1 ] s2 | s2 = return' {_0} ] ] [ & _0 : t_Option'0 = any_l () | & _1 : t_Option'0 = any_l () ] [ return' (result:t_Option'0)-> return' {result} ] @@ -224,22 +224,22 @@ module M_vecdeque__test_deque [#"vecdeque.rs" 5 0 5 19] let rec test_deque'0 (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 - [ s0 = with_capacity'0 {[%#svecdeque0] (5 : usize)} (fun (_ret':t_VecDeque'0) -> [ &deque <- _ret' ] s1) + [ s0 = with_capacity'0 {[%#svecdeque0] (5 : UInt64.t)} (fun (_ret':t_VecDeque'0) -> [ &deque <- _ret' ] s1) | s1 = bb1 ] | bb1 = s0 [ s0 = is_empty'0 {deque} (fun (_ret':bool) -> [ &_3 <- _ret' ] s1) | s1 = bb2 ] | bb2 = any [ br0 -> {_3 = false} (! bb4) | br1 -> {_3} (! bb3) ] - | bb3 = s0 [ s0 = len'0 {deque} (fun (_ret':usize) -> [ &_8 <- _ret' ] s1) | s1 = bb5 ] + | bb3 = s0 [ s0 = len'0 {deque} (fun (_ret':UInt64.t) -> [ &_8 <- _ret' ] s1) | s1 = bb5 ] | bb5 = s0 - [ s0 = UIntSize.eq {_8} {[%#svecdeque1] (0 : usize)} (fun (_ret':bool) -> [ &_7 <- _ret' ] s1) + [ s0 = UInt64.eq {_8} {[%#svecdeque1] (0 : UInt64.t)} (fun (_ret':bool) -> [ &_7 <- _ret' ] s1) | s1 = any [ br0 -> {_7 = false} (! bb7) | br1 -> {_7} (! bb6) ] ] | bb6 = s0 [ s0 = new'0 {[%#svecdeque2] ()} (fun (_ret':t_VecDeque'0) -> [ &deque1 <- _ret' ] s1) | s1 = bb8 ] | bb8 = s0 [ s0 = is_empty'0 {deque1} (fun (_ret':bool) -> [ &_13 <- _ret' ] s1) | s1 = bb9 ] | bb9 = any [ br0 -> {_13 = false} (! bb11) | br1 -> {_13} (! bb10) ] - | bb10 = s0 [ s0 = len'0 {deque1} (fun (_ret':usize) -> [ &_18 <- _ret' ] s1) | s1 = bb12 ] + | bb10 = s0 [ s0 = len'0 {deque1} (fun (_ret':UInt64.t) -> [ &_18 <- _ret' ] s1) | s1 = bb12 ] | bb12 = s0 - [ s0 = UIntSize.eq {_18} {[%#svecdeque3] (0 : usize)} (fun (_ret':bool) -> [ &_17 <- _ret' ] s1) + [ s0 = UInt64.eq {_18} {[%#svecdeque3] (0 : UInt64.t)} (fun (_ret':bool) -> [ &_17 <- _ret' ] s1) | s1 = any [ br0 -> {_17 = false} (! bb14) | br1 -> {_17} (! bb13) ] ] | bb13 = s0 @@ -269,19 +269,19 @@ module M_vecdeque__test_deque [#"vecdeque.rs" 5 0 5 19] | bb21 = s0 [ s0 = Borrow.borrow_mut {deque1} (fun (_ret':borrowed (t_VecDeque'0)) -> [ &_38 <- _ret' ] [ &deque1 <- _ret'.final ] s1) - | s1 = push_front'0 {_38} {[%#svecdeque4] (1 : uint32)} (fun (_ret':()) -> [ &_37 <- _ret' ] s2) + | s1 = push_front'0 {_38} {[%#svecdeque4] (1 : UInt32.t)} (fun (_ret':()) -> [ &_37 <- _ret' ] s2) | s2 = bb23 ] | bb23 = s0 [ s0 = Borrow.borrow_mut {deque1} (fun (_ret':borrowed (t_VecDeque'0)) -> [ &_40 <- _ret' ] [ &deque1 <- _ret'.final ] s1) - | s1 = push_front'0 {_40} {[%#svecdeque5] (2 : uint32)} (fun (_ret':()) -> [ &_39 <- _ret' ] s2) + | s1 = push_front'0 {_40} {[%#svecdeque5] (2 : UInt32.t)} (fun (_ret':()) -> [ &_39 <- _ret' ] s2) | s2 = bb24 ] | bb24 = s0 [ s0 = Borrow.borrow_mut {deque1} (fun (_ret':borrowed (t_VecDeque'0)) -> [ &_42 <- _ret' ] [ &deque1 <- _ret'.final ] s1) - | s1 = push_back'0 {_42} {[%#svecdeque6] (3 : uint32)} (fun (_ret':()) -> [ &_41 <- _ret' ] s2) + | s1 = push_back'0 {_42} {[%#svecdeque6] (3 : UInt32.t)} (fun (_ret':()) -> [ &_41 <- _ret' ] s2) | s2 = bb25 ] | bb25 = s0 @@ -333,11 +333,11 @@ module M_vecdeque__test_deque [#"vecdeque.rs" 5 0 5 19] | & deque : t_VecDeque'0 = any_l () | & _3 : bool = any_l () | & _7 : bool = any_l () - | & _8 : usize = any_l () + | & _8 : UInt64.t = any_l () | & deque1 : t_VecDeque'0 = any_l () | & _13 : bool = any_l () | & _17 : bool = any_l () - | & _18 : usize = any_l () + | & _18 : UInt64.t = any_l () | & _22 : bool = any_l () | & _24 : t_Option'0 = any_l () | & _25 : borrowed (t_VecDeque'0) = any_l () diff --git a/creusot/tests/should_succeed/vector/01.coma b/creusot/tests/should_succeed/vector/01.coma index 43e71a2ff6..73e57f4fac 100644 --- a/creusot/tests/should_succeed/vector/01.coma +++ b/creusot/tests/should_succeed/vector/01.coma @@ -34,12 +34,12 @@ module M_01__all_zero [#"01.rs" 7 0 7 33] let%span srange32 = "../../../../creusot-contracts/src/std/iter/range.rs" 42 15 42 32 let%span srange33 = "../../../../creusot-contracts/src/std/iter/range.rs" 43 15 43 32 let%span srange34 = "../../../../creusot-contracts/src/std/iter/range.rs" 44 14 44 42 - let%span snum35 = "../../../../creusot-contracts/src/std/num.rs" 21 28 21 33 + let%span snum35 = "../../../../creusot-contracts/src/std/num.rs" 52 28 52 33 let%span srange36 = "../../../../creusot-contracts/src/std/iter/range.rs" 15 12 15 78 let%span sresolve37 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 - let%span sslice38 = "../../../../creusot-contracts/src/std/slice.rs" 122 20 122 37 - let%span sslice39 = "../../../../creusot-contracts/src/std/slice.rs" 129 20 129 37 - let%span sslice40 = "../../../../creusot-contracts/src/std/slice.rs" 136 20 136 94 + let%span sslice38 = "../../../../creusot-contracts/src/std/slice.rs" 140 20 140 37 + let%span sslice39 = "../../../../creusot-contracts/src/std/slice.rs" 147 20 147 37 + let%span sslice40 = "../../../../creusot-contracts/src/std/slice.rs" 154 20 154 94 use prelude.prelude.Snapshot @@ -53,22 +53,24 @@ module M_01__all_zero [#"01.rs" 7 0 7 33] type t_Unique'0 = { t_Unique__pointer'0: t_NonNull'0; t_Unique__qy95zmarker'0: () } - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 type t_Cap'0 = - { t_Cap__0'0: usize } + { t_Cap__0'0: UInt64.t } type t_RawVec'0 = { t_RawVec__ptr'0: t_Unique'0; t_RawVec__cap'0: t_Cap'0; t_RawVec__alloc'0: () } type t_Vec'0 = - { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: usize } + { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: UInt64.t } predicate inv'2 (_1 : t_Vec'0) axiom inv_axiom'2 [@rewrite] : forall x : t_Vec'0 [inv'2 x] . inv'2 x = true - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 use prelude.prelude.UInt32 @@ -76,24 +78,22 @@ module M_01__all_zero [#"01.rs" 7 0 7 33] use seq.Seq - constant v_MAX'0 : usize = (18446744073709551615 : usize) - - use prelude.prelude.Int + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - function view'2 (self : t_Vec'0) : Seq.seq uint32 + function view'2 (self : t_Vec'0) : Seq.seq UInt32.t - axiom view'2_spec : forall self : t_Vec'0 . [%#svec23] Seq.length (view'2 self) <= UIntSize.to_int (v_MAX'0 : usize) + axiom view'2_spec : forall self : t_Vec'0 . [%#svec23] Seq.length (view'2 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) - function view'3 (self : t_Vec'0) : Seq.seq uint32 = + function view'3 (self : t_Vec'0) : Seq.seq UInt32.t = [%#smodel24] view'2 self - let rec len'0 (self:t_Vec'0) (return' (ret:usize))= {[@expl:len 'self' type invariant] inv'2 self} + let rec len'0 (self:t_Vec'0) (return' (ret:UInt64.t))= {[@expl:len 'self' type invariant] inv'2 self} any - [ return' (result:usize)-> {[%#svec11] UIntSize.to_int result = Seq.length (view'3 self)} (! return' {result}) ] + [ return' (result:UInt64.t)-> {[%#svec11] UInt64.to_uint result = Seq.length (view'3 self)} (! return' {result}) ] type t_Range'0 = - { t_Range__start'0: usize; t_Range__end'0: usize } + { t_Range__start'0: UInt64.t; t_Range__end'0: UInt64.t } predicate inv'0 (_1 : t_Range'0) @@ -123,20 +123,20 @@ module M_01__all_zero [#"01.rs" 7 0 7 33] use seq.Seq - function index_logic'0 [@inline:trivial] (self : t_Vec'0) (ix : int) : uint32 = + function index_logic'0 [@inline:trivial] (self : t_Vec'0) (ix : int) : UInt32.t = [%#sops13] Seq.get (view'2 self) ix - function view'0 (self : borrowed (t_Vec'0)) : Seq.seq uint32 = + function view'0 (self : borrowed (t_Vec'0)) : Seq.seq UInt32.t = [%#smodel14] view'2 self.current use prelude.prelude.Snapshot use prelude.prelude.Snapshot - function view'4 (self : borrowed (t_Vec'0)) : Seq.seq uint32 = + function view'4 (self : borrowed (t_Vec'0)) : Seq.seq UInt32.t = [%#smodel24] view'0 self - function view'1 (self : Snapshot.snap_ty (borrowed (t_Vec'0))) : Seq.seq uint32 = + function view'1 (self : Snapshot.snap_ty (borrowed (t_Vec'0))) : Seq.seq UInt32.t = [%#ssnapshot15] view'4 (Snapshot.inner self) use prelude.prelude.Snapshot @@ -145,12 +145,12 @@ module M_01__all_zero [#"01.rs" 7 0 7 33] use seq.Seq - function deep_model'0 (self : usize) : int = - [%#snum35] UIntSize.to_int self + function deep_model'0 (self : UInt64.t) : int = + [%#snum35] UInt64.to_uint self use seq.Seq - predicate produces'0 (self : t_Range'0) (visited : Seq.seq usize) (o : t_Range'0) = + predicate produces'0 (self : t_Range'0) (visited : Seq.seq UInt64.t) (o : t_Range'0) = [%#srange16] self.t_Range__end'0 = o.t_Range__end'0 /\ deep_model'0 self.t_Range__start'0 <= deep_model'0 o.t_Range__start'0 /\ (Seq.length visited > 0 -> deep_model'0 o.t_Range__start'0 <= deep_model'0 o.t_Range__end'0) @@ -158,10 +158,10 @@ module M_01__all_zero [#"01.rs" 7 0 7 33] /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> deep_model'0 (Seq.get visited i) = deep_model'0 self.t_Range__start'0 + i) - function produces_trans'0 (a : t_Range'0) (ab : Seq.seq usize) (b : t_Range'0) (bc : Seq.seq usize) (c : t_Range'0) : () + function produces_trans'0 (a : t_Range'0) (ab : Seq.seq UInt64.t) (b : t_Range'0) (bc : Seq.seq UInt64.t) (c : t_Range'0) : () - axiom produces_trans'0_spec : forall a : t_Range'0, ab : Seq.seq usize, b : t_Range'0, bc : Seq.seq usize, c : t_Range'0 . ([%#srange29] inv'0 a) + axiom produces_trans'0_spec : forall a : t_Range'0, ab : Seq.seq UInt64.t, b : t_Range'0, bc : Seq.seq UInt64.t, c : t_Range'0 . ([%#srange29] inv'0 a) -> ([%#srange30] inv'0 b) -> ([%#srange31] inv'0 c) -> ([%#srange32] produces'0 a ab b) @@ -170,11 +170,11 @@ module M_01__all_zero [#"01.rs" 7 0 7 33] function produces_refl'0 (self : t_Range'0) : () axiom produces_refl'0_spec : forall self : t_Range'0 . ([%#srange27] inv'0 self) - -> ([%#srange28] produces'0 self (Seq.empty : Seq.seq usize) self) + -> ([%#srange28] produces'0 self (Seq.empty : Seq.seq UInt64.t) self) - predicate inv'1 (_1 : Seq.seq usize) + predicate inv'1 (_1 : Seq.seq UInt64.t) - axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq usize [inv'1 x] . inv'1 x = true + axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq UInt64.t [inv'1 x] . inv'1 x = true predicate inv'3 (_1 : borrowed (t_Range'0)) @@ -182,7 +182,7 @@ module M_01__all_zero [#"01.rs" 7 0 7 33] type t_Option'0 = | C_None'0 - | C_Some'0 usize + | C_Some'0 UInt64.t predicate inv'4 (_1 : t_Option'0) @@ -210,38 +210,38 @@ module M_01__all_zero [#"01.rs" 7 0 7 33] predicate resolve'0 (_1 : borrowed (t_Range'0)) = resolve'3 _1 - let rec v_Some'0 (input:t_Option'0) (ret (field_0:usize))= any - [ good (field_0:usize)-> {C_Some'0 field_0 = input} (! ret {field_0}) - | bad -> {forall field_0 : usize [C_Some'0 field_0 : t_Option'0] . C_Some'0 field_0 <> input} (! {false} any) ] + let rec v_Some'0 (input:t_Option'0) (ret (field_0:UInt64.t))= any + [ good (field_0:UInt64.t)-> {C_Some'0 field_0 = input} (! ret {field_0}) + | bad -> {forall field_0 : UInt64.t [C_Some'0 field_0 : t_Option'0] . C_Some'0 field_0 <> input} (! {false} any) ] predicate inv'5 (_1 : borrowed (t_Vec'0)) axiom inv_axiom'5 [@rewrite] : forall x : borrowed (t_Vec'0) [inv'5 x] . inv'5 x = true - predicate inv'6 (_1 : usize) + predicate inv'6 (_1 : UInt64.t) - axiom inv_axiom'6 [@rewrite] : forall x : usize [inv'6 x] . inv'6 x = true + axiom inv_axiom'6 [@rewrite] : forall x : UInt64.t [inv'6 x] . inv'6 x = true - predicate in_bounds'0 [@inline:trivial] (self : usize) (seq : Seq.seq uint32) = - [%#sslice38] UIntSize.to_int self < Seq.length seq + predicate in_bounds'0 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq UInt32.t) = + [%#sslice38] UInt64.to_uint self < Seq.length seq - predicate inv'7 (_1 : borrowed uint32) + predicate inv'7 (_1 : borrowed UInt32.t) - axiom inv_axiom'7 [@rewrite] : forall x : borrowed uint32 [inv'7 x] . inv'7 x = true + axiom inv_axiom'7 [@rewrite] : forall x : borrowed UInt32.t [inv'7 x] . inv'7 x = true - predicate has_value'0 [@inline:trivial] (self : usize) (seq : Seq.seq uint32) (out : uint32) = - [%#sslice39] Seq.get seq (UIntSize.to_int self) = out + predicate has_value'0 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq UInt32.t) (out : UInt32.t) = + [%#sslice39] Seq.get seq (UInt64.to_uint self) = out - predicate resolve_elswhere'0 [@inline:trivial] (self : usize) (old' : Seq.seq uint32) (fin : Seq.seq uint32) = - [%#sslice40] forall i : int . 0 <= i /\ i <> UIntSize.to_int self /\ i < Seq.length old' + predicate resolve_elswhere'0 [@inline:trivial] (self : UInt64.t) (old' : Seq.seq UInt32.t) (fin : Seq.seq UInt32.t) = + [%#sslice40] forall i : int . 0 <= i /\ i <> UInt64.to_uint self /\ i < Seq.length old' -> Seq.get old' i = Seq.get fin i - let rec index_mut'0 (self:borrowed (t_Vec'0)) (index:usize) (return' (ret:borrowed uint32))= {[@expl:index_mut 'self' type invariant] inv'5 self} + let rec index_mut'0 (self:borrowed (t_Vec'0)) (index:UInt64.t) (return' (ret:borrowed UInt32.t))= {[@expl:index_mut 'self' type invariant] inv'5 self} {[@expl:index_mut 'index' type invariant] inv'6 index} {[@expl:index_mut requires] [%#svec18] in_bounds'0 index (view'0 self)} any - [ return' (result:borrowed uint32)-> {inv'7 result} + [ return' (result:borrowed UInt32.t)-> {inv'7 result} {[%#svec19] has_value'0 index (view'0 self) result.current} {[%#svec20] has_value'0 index (view'2 self.final) result.final} {[%#svec21] resolve_elswhere'0 index (view'0 self) (view'2 self.final)} @@ -249,10 +249,10 @@ module M_01__all_zero [#"01.rs" 7 0 7 33] (! return' {result}) ] - predicate resolve'4 (self : borrowed uint32) = + predicate resolve'4 (self : borrowed UInt32.t) = [%#sresolve37] self.final = self.current - predicate resolve'1 (_1 : borrowed uint32) = + predicate resolve'1 (_1 : borrowed UInt32.t) = resolve'4 _1 predicate resolve'5 (self : borrowed (t_Vec'0)) = @@ -271,14 +271,14 @@ module M_01__all_zero [#"01.rs" 7 0 7 33] let rec all_zero'0 (v:borrowed (t_Vec'0)) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &old_v <- [%#s010] Snapshot.new v ] s1 | s1 = bb1 ] - | bb1 = s0 [ s0 = len'0 {v.current} (fun (_ret':usize) -> [ &_8 <- _ret' ] s1) | s1 = bb2 ] + | bb1 = s0 [ s0 = len'0 {v.current} (fun (_ret':UInt64.t) -> [ &_8 <- _ret' ] s1) | s1 = bb2 ] | bb2 = s0 - [ s0 = [ &_7 <- { t_Range__start'0 = ([%#s011] (0 : usize)); t_Range__end'0 = _8 } ] s1 + [ s0 = [ &_7 <- { t_Range__start'0 = ([%#s011] (0 : UInt64.t)); t_Range__end'0 = _8 } ] s1 | s1 = into_iter'0 {_7} (fun (_ret':t_Range'0) -> [ &iter <- _ret' ] s2) | s2 = bb3 ] | bb3 = s0 [ s0 = [ &iter_old <- [%#s012] Snapshot.new iter ] s1 | s1 = bb4 ] - | bb4 = s0 [ s0 = [ &produced <- [%#s013] Snapshot.new (Seq.empty : Seq.seq usize) ] s1 | s1 = bb5 ] + | bb4 = s0 [ s0 = [ &produced <- [%#s013] Snapshot.new (Seq.empty : Seq.seq UInt64.t) ] s1 | s1 = bb5 ] | bb5 = s0 [ s0 = [ &old_6_0 <- Snapshot.new v ] s1 | s1 = bb6 ] | bb6 = bb6 [ bb6 = {[@expl:mut invariant] (Snapshot.inner old_6_0).final = v.final} @@ -287,7 +287,7 @@ module M_01__all_zero [#"01.rs" 7 0 7 33] {[@expl:for invariant] [%#s016] produces'0 (Snapshot.inner iter_old) (Snapshot.inner produced) iter} {[@expl:loop invariant #0] [%#s015] Seq.length (view'0 v) = Seq.length (view'1 old_v)} {[@expl:loop invariant #1] [%#s014] forall j : int . 0 <= j /\ j < Seq.length (Snapshot.inner produced) - -> index_logic'0 v.current j = (0 : uint32)} + -> index_logic'0 v.current j = (0 : UInt32.t)} (! s0) [ s0 = bb7 ] [ bb7 = s0 [ s0 = Borrow.borrow_mut {iter} @@ -302,11 +302,11 @@ module M_01__all_zero [#"01.rs" 7 0 7 33] | bb8 = s0 [ s0 = -{resolve'0 _22}- s1 - | s1 = any [ br0 -> {_20 = C_None'0 } (! bb11) | br1 (x0:usize)-> {_20 = C_Some'0 x0} (! bb10) ] ] + | s1 = any [ br0 -> {_20 = C_None'0 } (! bb11) | br1 (x0:UInt64.t)-> {_20 = C_Some'0 x0} (! bb10) ] ] | bb10 = bb12 | bb12 = s0 - [ s0 = v_Some'0 {_20} (fun (r0'0:usize) -> [ &__creusot_proc_iter_elem <- r0'0 ] s1) + [ s0 = v_Some'0 {_20} (fun (r0'0:UInt64.t) -> [ &__creusot_proc_iter_elem <- r0'0 ] s1) | s1 = [ &_25 <- [%#s017] Snapshot.new (Seq.(++) (Snapshot.inner produced) (Seq.singleton __creusot_proc_iter_elem)) ] @@ -318,11 +318,13 @@ module M_01__all_zero [#"01.rs" 7 0 7 33] | s1 = [ &i <- __creusot_proc_iter_elem ] s2 | s2 = Borrow.borrow_mut {v.current} (fun (_ret':borrowed (t_Vec'0)) -> [ &_29 <- _ret' ] [ &v <- { v with current = _ret'.final } ] s3) - | s3 = index_mut'0 {_29} {i} (fun (_ret':borrowed uint32) -> [ &_28 <- _ret' ] s4) + | s3 = index_mut'0 {_29} {i} (fun (_ret':borrowed UInt32.t) -> [ &_28 <- _ret' ] s4) | s4 = bb14 ] | bb14 = s0 - [ s0 = [ &_28 <- { _28 with current = ([%#s018] (0 : uint32)) } ] s1 | s1 = -{resolve'1 _28}- s2 | s2 = bb6 ] + [ s0 = [ &_28 <- { _28 with current = ([%#s018] (0 : UInt32.t)) } ] s1 + | s1 = -{resolve'1 _28}- s2 + | s2 = bb6 ] ] ] @@ -333,21 +335,21 @@ module M_01__all_zero [#"01.rs" 7 0 7 33] | & old_v : Snapshot.snap_ty (borrowed (t_Vec'0)) = any_l () | & iter : t_Range'0 = any_l () | & _7 : t_Range'0 = any_l () - | & _8 : usize = any_l () + | & _8 : UInt64.t = any_l () | & iter_old : Snapshot.snap_ty (t_Range'0) = any_l () - | & produced : Snapshot.snap_ty (Seq.seq usize) = any_l () + | & produced : Snapshot.snap_ty (Seq.seq UInt64.t) = any_l () | & _20 : t_Option'0 = any_l () | & _21 : borrowed (t_Range'0) = any_l () | & _22 : borrowed (t_Range'0) = any_l () - | & __creusot_proc_iter_elem : usize = any_l () - | & _25 : Snapshot.snap_ty (Seq.seq usize) = any_l () - | & i : usize = any_l () - | & _28 : borrowed uint32 = any_l () + | & __creusot_proc_iter_elem : UInt64.t = any_l () + | & _25 : Snapshot.snap_ty (Seq.seq UInt64.t) = any_l () + | & i : UInt64.t = any_l () + | & _28 : borrowed UInt32.t = any_l () | & _29 : borrowed (t_Vec'0) = any_l () | & old_6_0 : Snapshot.snap_ty (borrowed (t_Vec'0)) = any_l () ] [ return' (result:())-> {[@expl:all_zero ensures #0] [%#s019] forall i : int . 0 <= i - /\ i < Seq.length (view'2 v.final) -> index_logic'0 v.final i = (0 : uint32)} + /\ i < Seq.length (view'2 v.final) -> index_logic'0 v.final i = (0 : UInt32.t)} {[@expl:all_zero ensures #1] [%#s0110] Seq.length (view'0 v) = Seq.length (view'2 v.final)} (! return' {result}) ] diff --git a/creusot/tests/should_succeed/vector/02_gnome.coma b/creusot/tests/should_succeed/vector/02_gnome.coma index 569debf189..29c67c07b4 100644 --- a/creusot/tests/should_succeed/vector/02_gnome.coma +++ b/creusot/tests/should_succeed/vector/02_gnome.coma @@ -22,16 +22,16 @@ module M_02_gnome__gnome_sort [#"02_gnome.rs" 22 0 24 29] let%span scmp20 = "../../../../creusot-contracts/src/std/cmp.rs" 36 26 36 77 let%span svec21 = "../../../../creusot-contracts/src/std/vec.rs" 175 26 175 42 let%span svec22 = "../../../../creusot-contracts/src/std/vec.rs" 176 26 176 48 - let%span sslice23 = "../../../../creusot-contracts/src/std/slice.rs" 257 19 257 35 - let%span sslice24 = "../../../../creusot-contracts/src/std/slice.rs" 258 19 258 35 - let%span sslice25 = "../../../../creusot-contracts/src/std/slice.rs" 259 18 259 50 + let%span sslice23 = "../../../../creusot-contracts/src/std/slice.rs" 275 19 275 35 + let%span sslice24 = "../../../../creusot-contracts/src/std/slice.rs" 276 19 276 35 + let%span sslice25 = "../../../../creusot-contracts/src/std/slice.rs" 277 18 277 50 let%span svec26 = "../../../../creusot-contracts/src/std/vec.rs" 29 14 29 47 let%span svec27 = "../../../../creusot-contracts/src/std/vec.rs" 30 14 31 51 let%span s02_gnome28 = "02_gnome.rs" 17 4 17 31 let%span svec29 = "../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 let%span smodel30 = "../../../../creusot-contracts/src/model.rs" 88 8 88 22 - let%span sslice31 = "../../../../creusot-contracts/src/std/slice.rs" 122 20 122 37 - let%span sslice32 = "../../../../creusot-contracts/src/std/slice.rs" 129 20 129 37 + let%span sslice31 = "../../../../creusot-contracts/src/std/slice.rs" 140 20 140 37 + let%span sslice32 = "../../../../creusot-contracts/src/std/slice.rs" 147 20 147 37 let%span smodel33 = "../../../../creusot-contracts/src/model.rs" 79 8 79 28 let%span sslice34 = "../../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 let%span sslice35 = "../../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 @@ -59,7 +59,9 @@ module M_02_gnome__gnome_sort [#"02_gnome.rs" 22 0 24 29] use prelude.prelude.Snapshot - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 use prelude.prelude.Borrow @@ -72,13 +74,13 @@ module M_02_gnome__gnome_sort [#"02_gnome.rs" 22 0 24 29] { t_Unique__pointer'0: t_NonNull'0; t_Unique__qy95zmarker'0: () } type t_Cap'0 = - { t_Cap__0'0: usize } + { t_Cap__0'0: UInt64.t } type t_RawVec'0 = { t_RawVec__ptr'0: t_Unique'0; t_RawVec__cap'0: t_Cap'0; t_RawVec__alloc'0: () } type t_Vec'0 = - { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: usize } + { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: UInt64.t } type t_T'0 @@ -86,15 +88,13 @@ module M_02_gnome__gnome_sort [#"02_gnome.rs" 22 0 24 29] use seq.Seq - constant v_MAX'0 : usize = (18446744073709551615 : usize) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.UIntSize - - use prelude.prelude.Int + use prelude.prelude.UInt64 function view'2 (self : t_Vec'0) : Seq.seq t_T'0 - axiom view'2_spec : forall self : t_Vec'0 . [%#svec29] Seq.length (view'2 self) <= UIntSize.to_int (v_MAX'0 : usize) + axiom view'2_spec : forall self : t_Vec'0 . [%#svec29] Seq.length (view'2 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) function view'0 (self : borrowed (t_Vec'0)) : Seq.seq t_T'0 = [%#smodel12] view'2 self.current @@ -236,17 +236,17 @@ module M_02_gnome__gnome_sort [#"02_gnome.rs" 22 0 24 29] function view'4 (self : t_Vec'0) : Seq.seq t_T'0 = [%#smodel30] view'2 self - let rec len'0 (self:t_Vec'0) (return' (ret:usize))= {[@expl:len 'self' type invariant] inv'4 self} + let rec len'0 (self:t_Vec'0) (return' (ret:UInt64.t))= {[@expl:len 'self' type invariant] inv'4 self} any - [ return' (result:usize)-> {[%#svec17] UIntSize.to_int result = Seq.length (view'4 self)} (! return' {result}) ] + [ return' (result:UInt64.t)-> {[%#svec17] UInt64.to_uint result = Seq.length (view'4 self)} (! return' {result}) ] - predicate inv'5 (_1 : usize) + predicate inv'5 (_1 : UInt64.t) - axiom inv_axiom'5 [@rewrite] : forall x : usize [inv'5 x] . inv'5 x = true + axiom inv_axiom'5 [@rewrite] : forall x : UInt64.t [inv'5 x] . inv'5 x = true - predicate in_bounds'0 [@inline:trivial] (self : usize) (seq : Seq.seq t_T'0) = - [%#sslice31] UIntSize.to_int self < Seq.length seq + predicate in_bounds'0 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq t_T'0) = + [%#sslice31] UInt64.to_uint self < Seq.length seq predicate invariant'5 (self : t_T'0) = [%#sinvariant54] inv'8 self @@ -255,10 +255,10 @@ module M_02_gnome__gnome_sort [#"02_gnome.rs" 22 0 24 29] axiom inv_axiom'6 [@rewrite] : forall x : t_T'0 [inv'6 x] . inv'6 x = invariant'5 x - predicate has_value'0 [@inline:trivial] (self : usize) (seq : Seq.seq t_T'0) (out : t_T'0) = - [%#sslice32] Seq.get seq (UIntSize.to_int self) = out + predicate has_value'0 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq t_T'0) (out : t_T'0) = + [%#sslice32] Seq.get seq (UInt64.to_uint self) = out - let rec index'0 (self:t_Vec'0) (index:usize) (return' (ret:t_T'0))= {[@expl:index 'self' type invariant] inv'4 self} + let rec index'0 (self:t_Vec'0) (index:UInt64.t) (return' (ret:t_T'0))= {[@expl:index 'self' type invariant] inv'4 self} {[@expl:index 'index' type invariant] inv'5 index} {[@expl:index requires] [%#svec18] in_bounds'0 index (view'4 self)} any @@ -282,15 +282,15 @@ module M_02_gnome__gnome_sort [#"02_gnome.rs" 22 0 24 29] axiom inv_axiom'3 [@rewrite] : forall x : borrowed (t_Vec'0) [inv'3 x] . inv'3 x = invariant'3 x - use prelude.prelude.Slice + use Slice64.create - use prelude.prelude.Slice + use prelude.prelude.Slice64 function view'6 (self : slice t_T'0) : Seq.seq t_T'0 axiom view'6_spec : forall self : slice t_T'0 . ([%#sslice34] Seq.length (view'6 self) - <= UIntSize.to_int (v_MAX'0 : usize)) - && ([%#sslice35] view'6 self = Slice.id self) + <= UInt64.to_uint (v_MAX'0 : UInt64.t)) + && ([%#sslice35] view'6 self = Slice64.id self) predicate invariant'1 (self : slice t_T'0) = [%#sslice52] inv'7 (view'6 self) @@ -319,11 +319,11 @@ module M_02_gnome__gnome_sort [#"02_gnome.rs" 22 0 24 29] use seq.Permut - let rec swap'0 (self:borrowed (slice t_T'0)) (a:usize) (b:usize) (return' (ret:()))= {[@expl:swap 'self' type invariant] inv'2 self} - {[@expl:swap requires #0] [%#sslice23] UIntSize.to_int a < Seq.length (view'5 self)} - {[@expl:swap requires #1] [%#sslice24] UIntSize.to_int b < Seq.length (view'5 self)} + let rec swap'0 (self:borrowed (slice t_T'0)) (a:UInt64.t) (b:UInt64.t) (return' (ret:()))= {[@expl:swap 'self' type invariant] inv'2 self} + {[@expl:swap requires #0] [%#sslice23] UInt64.to_uint a < Seq.length (view'5 self)} + {[@expl:swap requires #1] [%#sslice24] UInt64.to_uint b < Seq.length (view'5 self)} any - [ return' (result:())-> {[%#sslice25] Permut.exchange (view'6 self.final) (view'5 self) (UIntSize.to_int a) (UIntSize.to_int b)} + [ return' (result:())-> {[%#sslice25] Permut.exchange (view'6 self.final) (view'5 self) (UInt64.to_uint a) (UInt64.to_uint b)} (! return' {result}) ] @@ -349,24 +349,26 @@ module M_02_gnome__gnome_sort [#"02_gnome.rs" 22 0 24 29] let rec gnome_sort'0 (v:borrowed (t_Vec'0)) (return' (ret:()))= {[@expl:gnome_sort 'v' type invariant] [%#s02_gnome9] inv'3 v} (! bb0 [ bb0 = s0 [ s0 = [ &old_v <- [%#s02_gnome0] Snapshot.new v ] s1 | s1 = bb1 ] - | bb1 = s0 [ s0 = [ &i <- [%#s02_gnome1] (0 : usize) ] s1 | s1 = [ &old_2_0 <- Snapshot.new v ] s2 | s2 = bb2 ] + | bb1 = s0 + [ s0 = [ &i <- [%#s02_gnome1] (0 : UInt64.t) ] s1 | s1 = [ &old_2_0 <- Snapshot.new v ] s2 | s2 = bb2 ] + | bb2 = bb2 [ bb2 = {[@expl:mut invariant] (Snapshot.inner old_2_0).final = v.final} - {[@expl:loop invariant #0] [%#s02_gnome3] sorted_range'0 (deep_model'0 v) 0 (UIntSize.to_int i)} + {[@expl:loop invariant #0] [%#s02_gnome3] sorted_range'0 (deep_model'0 v) 0 (UInt64.to_uint i)} {[@expl:loop invariant #1] [%#s02_gnome2] permutation_of'0 (view'0 v) (view'1 old_v)} (! s0) [ s0 = bb3 ] - [ bb3 = s0 [ s0 = len'0 {v.current} (fun (_ret':usize) -> [ &_12 <- _ret' ] s1) | s1 = bb4 ] + [ bb3 = s0 [ s0 = len'0 {v.current} (fun (_ret':UInt64.t) -> [ &_12 <- _ret' ] s1) | s1 = bb4 ] | bb4 = s0 - [ s0 = UIntSize.lt {i} {_12} (fun (_ret':bool) -> [ &_10 <- _ret' ] s1) + [ s0 = UInt64.lt {i} {_12} (fun (_ret':bool) -> [ &_10 <- _ret' ] s1) | s1 = any [ br0 -> {_10 = false} (! bb17) | br1 -> {_10} (! bb5) ] ] | bb5 = s0 - [ s0 = UIntSize.eq {i} {[%#s02_gnome4] (0 : usize)} (fun (_ret':bool) -> [ &_14 <- _ret' ] s1) + [ s0 = UInt64.eq {i} {[%#s02_gnome4] (0 : UInt64.t)} (fun (_ret':bool) -> [ &_14 <- _ret' ] s1) | s1 = any [ br0 -> {_14 = false} (! bb7) | br1 -> {_14} (! bb6) ] ] | bb6 = bb12 | bb7 = s0 - [ s0 = UIntSize.sub {i} {[%#s02_gnome5] (1 : usize)} (fun (_ret':usize) -> [ &_20 <- _ret' ] s1) + [ s0 = UInt64.sub {i} {[%#s02_gnome5] (1 : UInt64.t)} (fun (_ret':UInt64.t) -> [ &_20 <- _ret' ] s1) | s1 = index'0 {v.current} {_20} (fun (_ret':t_T'0) -> [ &_18 <- _ret' ] s2) | s2 = bb8 ] @@ -377,7 +379,8 @@ module M_02_gnome__gnome_sort [#"02_gnome.rs" 22 0 24 29] | bb10 = any [ br0 -> {_16 = false} (! bb13) | br1 -> {_16} (! bb11) ] | bb11 = bb12 | bb12 = s0 - [ s0 = UIntSize.add {i} {[%#s02_gnome6] (1 : usize)} (fun (_ret':usize) -> [ &i <- _ret' ] s1) | s1 = bb16 ] + [ s0 = UInt64.add {i} {[%#s02_gnome6] (1 : UInt64.t)} (fun (_ret':UInt64.t) -> [ &i <- _ret' ] s1) + | s1 = bb16 ] | bb13 = s0 [ s0 = {inv'0 v.current} @@ -398,14 +401,14 @@ module M_02_gnome__gnome_sort [#"02_gnome.rs" 22 0 24 29] -{inv'1 _ret'.final}- [ &_29 <- { _29 with current = _ret'.final } ] s1) - | s1 = UIntSize.sub {i} {[%#s02_gnome7] (1 : usize)} (fun (_ret':usize) -> [ &_31 <- _ret' ] s2) + | s1 = UInt64.sub {i} {[%#s02_gnome7] (1 : UInt64.t)} (fun (_ret':UInt64.t) -> [ &_31 <- _ret' ] s2) | s2 = swap'0 {_28} {_31} {i} (fun (_ret':()) -> [ &_27 <- _ret' ] s3) | s3 = bb15 ] | bb15 = s0 [ s0 = {[@expl:type invariant] inv'2 _29} s1 | s1 = -{resolve'0 _29}- s2 - | s2 = UIntSize.sub {i} {[%#s02_gnome8] (1 : usize)} (fun (_ret':usize) -> [ &i <- _ret' ] s3) + | s2 = UInt64.sub {i} {[%#s02_gnome8] (1 : UInt64.t)} (fun (_ret':UInt64.t) -> [ &i <- _ret' ] s3) | s3 = bb16 ] | bb16 = bb2 ] @@ -416,20 +419,20 @@ module M_02_gnome__gnome_sort [#"02_gnome.rs" 22 0 24 29] [ & _0 : () = any_l () | & v : borrowed (t_Vec'0) = v | & old_v : Snapshot.snap_ty (borrowed (t_Vec'0)) = any_l () - | & i : usize = any_l () + | & i : UInt64.t = any_l () | & _10 : bool = any_l () - | & _12 : usize = any_l () + | & _12 : UInt64.t = any_l () | & _14 : bool = any_l () | & _16 : bool = any_l () | & _18 : t_T'0 = any_l () - | & _20 : usize = any_l () + | & _20 : UInt64.t = any_l () | & _23 : t_T'0 = any_l () | & _24 : t_T'0 = any_l () | & _27 : () = any_l () | & _28 : borrowed (slice t_T'0) = any_l () | & _29 : borrowed (slice t_T'0) = any_l () | & _30 : borrowed (t_Vec'0) = any_l () - | & _31 : usize = any_l () + | & _31 : UInt64.t = any_l () | & old_2_0 : Snapshot.snap_ty (borrowed (t_Vec'0)) = any_l () ] [ return' (result:())-> {[@expl:gnome_sort ensures #0] [%#s02_gnome10] sorted'0 (deep_model'1 v.final)} diff --git a/creusot/tests/should_succeed/vector/03_knuth_shuffle.coma b/creusot/tests/should_succeed/vector/03_knuth_shuffle.coma index f5245e8486..73357636d4 100644 --- a/creusot/tests/should_succeed/vector/03_knuth_shuffle.coma +++ b/creusot/tests/should_succeed/vector/03_knuth_shuffle.coma @@ -21,9 +21,9 @@ module M_03_knuth_shuffle__knuth_shuffle [#"03_knuth_shuffle.rs" 13 0 13 39] let%span s03_knuth_shuffle19 = "03_knuth_shuffle.rs" 7 10 7 40 let%span svec20 = "../../../../creusot-contracts/src/std/vec.rs" 175 26 175 42 let%span svec21 = "../../../../creusot-contracts/src/std/vec.rs" 176 26 176 48 - let%span sslice22 = "../../../../creusot-contracts/src/std/slice.rs" 257 19 257 35 - let%span sslice23 = "../../../../creusot-contracts/src/std/slice.rs" 258 19 258 35 - let%span sslice24 = "../../../../creusot-contracts/src/std/slice.rs" 259 18 259 50 + let%span sslice22 = "../../../../creusot-contracts/src/std/slice.rs" 275 19 275 35 + let%span sslice23 = "../../../../creusot-contracts/src/std/slice.rs" 276 19 276 35 + let%span sslice24 = "../../../../creusot-contracts/src/std/slice.rs" 277 18 277 50 let%span svec25 = "../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 let%span smodel26 = "../../../../creusot-contracts/src/model.rs" 88 8 88 22 let%span siter27 = "../../../../creusot-contracts/src/std/iter.rs" 86 20 86 24 @@ -36,7 +36,7 @@ module M_03_knuth_shuffle__knuth_shuffle [#"03_knuth_shuffle.rs" 13 0 13 39] let%span srange34 = "../../../../creusot-contracts/src/std/iter/range.rs" 42 15 42 32 let%span srange35 = "../../../../creusot-contracts/src/std/iter/range.rs" 43 15 43 32 let%span srange36 = "../../../../creusot-contracts/src/std/iter/range.rs" 44 14 44 42 - let%span snum37 = "../../../../creusot-contracts/src/std/num.rs" 21 28 21 33 + let%span snum37 = "../../../../creusot-contracts/src/std/num.rs" 52 28 52 33 let%span srange38 = "../../../../creusot-contracts/src/std/iter/range.rs" 15 12 15 78 let%span sresolve39 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 let%span sslice40 = "../../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 @@ -60,24 +60,24 @@ module M_03_knuth_shuffle__knuth_shuffle [#"03_knuth_shuffle.rs" 13 0 13 39] type t_Unique'0 = { t_Unique__pointer'0: t_NonNull'0; t_Unique__qy95zmarker'0: () } - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 type t_Cap'0 = - { t_Cap__0'0: usize } + { t_Cap__0'0: UInt64.t } type t_RawVec'0 = { t_RawVec__ptr'0: t_Unique'0; t_RawVec__cap'0: t_Cap'0; t_RawVec__alloc'0: () } type t_Vec'0 = - { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: usize } + { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: UInt64.t } use seq.Seq - constant v_MAX'0 : usize = (18446744073709551615 : usize) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.UIntSize - - use prelude.prelude.Int + use prelude.prelude.UInt64 type t_T'0 @@ -85,7 +85,7 @@ module M_03_knuth_shuffle__knuth_shuffle [#"03_knuth_shuffle.rs" 13 0 13 39] function view'2 (self : t_Vec'0) : Seq.seq t_T'0 - axiom view'2_spec : forall self : t_Vec'0 . [%#svec25] Seq.length (view'2 self) <= UIntSize.to_int (v_MAX'0 : usize) + axiom view'2_spec : forall self : t_Vec'0 . [%#svec25] Seq.length (view'2 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) use seq.Seq @@ -122,13 +122,13 @@ module M_03_knuth_shuffle__knuth_shuffle [#"03_knuth_shuffle.rs" 13 0 13 39] function view'3 (self : t_Vec'0) : Seq.seq t_T'0 = [%#smodel26] view'2 self - let rec len'0 (self:t_Vec'0) (return' (ret:usize))= {[@expl:len 'self' type invariant] inv'6 self} + let rec len'0 (self:t_Vec'0) (return' (ret:UInt64.t))= {[@expl:len 'self' type invariant] inv'6 self} any - [ return' (result:usize)-> {[%#svec11] UIntSize.to_int result = Seq.length (view'3 self)} (! return' {result}) ] + [ return' (result:UInt64.t)-> {[%#svec11] UInt64.to_uint result = Seq.length (view'3 self)} (! return' {result}) ] type t_Range'0 = - { t_Range__start'0: usize; t_Range__end'0: usize } + { t_Range__start'0: UInt64.t; t_Range__end'0: UInt64.t } predicate inv'0 (_1 : t_Range'0) @@ -176,14 +176,14 @@ module M_03_knuth_shuffle__knuth_shuffle [#"03_knuth_shuffle.rs" 13 0 13 39] use seq.Seq - function deep_model'0 (self : usize) : int = - [%#snum37] UIntSize.to_int self + function deep_model'0 (self : UInt64.t) : int = + [%#snum37] UInt64.to_uint self use seq.Seq use seq.Seq - predicate produces'0 (self : t_Range'0) (visited : Seq.seq usize) (o : t_Range'0) = + predicate produces'0 (self : t_Range'0) (visited : Seq.seq UInt64.t) (o : t_Range'0) = [%#srange16] self.t_Range__end'0 = o.t_Range__end'0 /\ deep_model'0 self.t_Range__start'0 <= deep_model'0 o.t_Range__start'0 /\ (Seq.length visited > 0 -> deep_model'0 o.t_Range__start'0 <= deep_model'0 o.t_Range__end'0) @@ -191,10 +191,10 @@ module M_03_knuth_shuffle__knuth_shuffle [#"03_knuth_shuffle.rs" 13 0 13 39] /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> deep_model'0 (Seq.get visited i) = deep_model'0 self.t_Range__start'0 + i) - function produces_trans'0 (a : t_Range'0) (ab : Seq.seq usize) (b : t_Range'0) (bc : Seq.seq usize) (c : t_Range'0) : () + function produces_trans'0 (a : t_Range'0) (ab : Seq.seq UInt64.t) (b : t_Range'0) (bc : Seq.seq UInt64.t) (c : t_Range'0) : () - axiom produces_trans'0_spec : forall a : t_Range'0, ab : Seq.seq usize, b : t_Range'0, bc : Seq.seq usize, c : t_Range'0 . ([%#srange31] inv'0 a) + axiom produces_trans'0_spec : forall a : t_Range'0, ab : Seq.seq UInt64.t, b : t_Range'0, bc : Seq.seq UInt64.t, c : t_Range'0 . ([%#srange31] inv'0 a) -> ([%#srange32] inv'0 b) -> ([%#srange33] inv'0 c) -> ([%#srange34] produces'0 a ab b) @@ -203,13 +203,13 @@ module M_03_knuth_shuffle__knuth_shuffle [#"03_knuth_shuffle.rs" 13 0 13 39] function produces_refl'0 (self : t_Range'0) : () axiom produces_refl'0_spec : forall self : t_Range'0 . ([%#srange29] inv'0 self) - -> ([%#srange30] produces'0 self (Seq.empty : Seq.seq usize) self) + -> ([%#srange30] produces'0 self (Seq.empty : Seq.seq UInt64.t) self) use prelude.prelude.Snapshot - predicate inv'1 (_1 : Seq.seq usize) + predicate inv'1 (_1 : Seq.seq UInt64.t) - axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq usize [inv'1 x] . inv'1 x = true + axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq UInt64.t [inv'1 x] . inv'1 x = true predicate inv'7 (_1 : borrowed (t_Range'0)) @@ -217,7 +217,7 @@ module M_03_knuth_shuffle__knuth_shuffle [#"03_knuth_shuffle.rs" 13 0 13 39] type t_Option'0 = | C_None'0 - | C_Some'0 usize + | C_Some'0 UInt64.t predicate inv'8 (_1 : t_Option'0) @@ -245,16 +245,16 @@ module M_03_knuth_shuffle__knuth_shuffle [#"03_knuth_shuffle.rs" 13 0 13 39] predicate resolve'0 (_1 : borrowed (t_Range'0)) = resolve'3 _1 - let rec v_Some'0 (input:t_Option'0) (ret (field_0:usize))= any - [ good (field_0:usize)-> {C_Some'0 field_0 = input} (! ret {field_0}) - | bad -> {forall field_0 : usize [C_Some'0 field_0 : t_Option'0] . C_Some'0 field_0 <> input} (! {false} any) ] + let rec v_Some'0 (input:t_Option'0) (ret (field_0:UInt64.t))= any + [ good (field_0:UInt64.t)-> {C_Some'0 field_0 = input} (! ret {field_0}) + | bad -> {forall field_0 : UInt64.t [C_Some'0 field_0 : t_Option'0] . C_Some'0 field_0 <> input} (! {false} any) ] - let rec rand_in_range'0 (l:usize) (u:usize) (return' (ret:usize))= {[@expl:rand_in_range requires] [%#s03_knuth_shuffle18] UIntSize.to_int l - <= UIntSize.to_int u} + let rec rand_in_range'0 (l:UInt64.t) (u:UInt64.t) (return' (ret:UInt64.t))= {[@expl:rand_in_range requires] [%#s03_knuth_shuffle18] UInt64.to_uint l + <= UInt64.to_uint u} any - [ return' (result:usize)-> {[%#s03_knuth_shuffle19] UIntSize.to_int l <= UIntSize.to_int result - /\ UIntSize.to_int result < UIntSize.to_int u} + [ return' (result:UInt64.t)-> {[%#s03_knuth_shuffle19] UInt64.to_uint l <= UInt64.to_uint result + /\ UInt64.to_uint result < UInt64.to_uint u} (! return' {result}) ] @@ -265,15 +265,15 @@ module M_03_knuth_shuffle__knuth_shuffle [#"03_knuth_shuffle.rs" 13 0 13 39] axiom inv_axiom'5 [@rewrite] : forall x : borrowed (t_Vec'0) [inv'5 x] . inv'5 x = invariant'3 x - use prelude.prelude.Slice + use Slice64.create - use prelude.prelude.Slice + use prelude.prelude.Slice64 function view'6 (self : slice t_T'0) : Seq.seq t_T'0 axiom view'6_spec : forall self : slice t_T'0 . ([%#sslice40] Seq.length (view'6 self) - <= UIntSize.to_int (v_MAX'0 : usize)) - && ([%#sslice41] view'6 self = Slice.id self) + <= UInt64.to_uint (v_MAX'0 : UInt64.t)) + && ([%#sslice41] view'6 self = Slice64.id self) predicate invariant'1 (self : slice t_T'0) = [%#sslice43] inv'9 (view'6 self) @@ -302,11 +302,11 @@ module M_03_knuth_shuffle__knuth_shuffle [#"03_knuth_shuffle.rs" 13 0 13 39] use seq.Permut - let rec swap'0 (self:borrowed (slice t_T'0)) (a:usize) (b:usize) (return' (ret:()))= {[@expl:swap 'self' type invariant] inv'4 self} - {[@expl:swap requires #0] [%#sslice22] UIntSize.to_int a < Seq.length (view'5 self)} - {[@expl:swap requires #1] [%#sslice23] UIntSize.to_int b < Seq.length (view'5 self)} + let rec swap'0 (self:borrowed (slice t_T'0)) (a:UInt64.t) (b:UInt64.t) (return' (ret:()))= {[@expl:swap 'self' type invariant] inv'4 self} + {[@expl:swap requires #0] [%#sslice22] UInt64.to_uint a < Seq.length (view'5 self)} + {[@expl:swap requires #1] [%#sslice23] UInt64.to_uint b < Seq.length (view'5 self)} any - [ return' (result:())-> {[%#sslice24] Permut.exchange (view'6 self.final) (view'5 self) (UIntSize.to_int a) (UIntSize.to_int b)} + [ return' (result:())-> {[%#sslice24] Permut.exchange (view'6 self.final) (view'5 self) (UInt64.to_uint a) (UInt64.to_uint b)} (! return' {result}) ] @@ -333,15 +333,15 @@ module M_03_knuth_shuffle__knuth_shuffle [#"03_knuth_shuffle.rs" 13 0 13 39] let rec knuth_shuffle'0 (v:borrowed (t_Vec'0)) (return' (ret:()))= {[@expl:knuth_shuffle 'v' type invariant] [%#s03_knuth_shuffle9] inv'5 v} (! bb0 [ bb0 = s0 [ s0 = [ &old_v <- [%#s03_knuth_shuffle0] Snapshot.new v ] s1 | s1 = bb1 ] - | bb1 = s0 [ s0 = len'0 {v.current} (fun (_ret':usize) -> [ &_7 <- _ret' ] s1) | s1 = bb2 ] + | bb1 = s0 [ s0 = len'0 {v.current} (fun (_ret':UInt64.t) -> [ &_7 <- _ret' ] s1) | s1 = bb2 ] | bb2 = s0 - [ s0 = [ &_6 <- { t_Range__start'0 = ([%#s03_knuth_shuffle1] (0 : usize)); t_Range__end'0 = _7 } ] s1 + [ s0 = [ &_6 <- { t_Range__start'0 = ([%#s03_knuth_shuffle1] (0 : UInt64.t)); t_Range__end'0 = _7 } ] s1 | s1 = into_iter'0 {_6} (fun (_ret':t_Range'0) -> [ &iter <- _ret' ] s2) | s2 = bb3 ] | bb3 = s0 [ s0 = [ &iter_old <- [%#s03_knuth_shuffle2] Snapshot.new iter ] s1 | s1 = bb4 ] | bb4 = s0 - [ s0 = [ &produced <- [%#s03_knuth_shuffle3] Snapshot.new (Seq.empty : Seq.seq usize) ] s1 | s1 = bb5 ] + [ s0 = [ &produced <- [%#s03_knuth_shuffle3] Snapshot.new (Seq.empty : Seq.seq UInt64.t) ] s1 | s1 = bb5 ] | bb5 = s0 [ s0 = [ &old_6_0 <- Snapshot.new v ] s1 | s1 = bb6 ] | bb6 = bb6 @@ -364,11 +364,11 @@ module M_03_knuth_shuffle__knuth_shuffle [#"03_knuth_shuffle.rs" 13 0 13 39] | bb8 = s0 [ s0 = -{resolve'0 _20}- s1 - | s1 = any [ br0 -> {_18 = C_None'0 } (! bb11) | br1 (x0:usize)-> {_18 = C_Some'0 x0} (! bb10) ] ] + | s1 = any [ br0 -> {_18 = C_None'0 } (! bb11) | br1 (x0:UInt64.t)-> {_18 = C_Some'0 x0} (! bb10) ] ] | bb10 = bb12 | bb12 = s0 - [ s0 = v_Some'0 {_18} (fun (r0'0:usize) -> [ &__creusot_proc_iter_elem <- r0'0 ] s1) + [ s0 = v_Some'0 {_18} (fun (r0'0:UInt64.t) -> [ &__creusot_proc_iter_elem <- r0'0 ] s1) | s1 = [ &_23 <- [%#s03_knuth_shuffle6] Snapshot.new (Seq.(++) (Snapshot.inner produced) (Seq.singleton __creusot_proc_iter_elem)) ] @@ -378,12 +378,13 @@ module M_03_knuth_shuffle__knuth_shuffle [#"03_knuth_shuffle.rs" 13 0 13 39] | bb13 = s0 [ s0 = [ &produced <- _23 ] s1 | s1 = [ &n <- __creusot_proc_iter_elem ] s2 - | s2 = len'0 {v.current} (fun (_ret':usize) -> [ &_27 <- _ret' ] s3) + | s2 = len'0 {v.current} (fun (_ret':UInt64.t) -> [ &_27 <- _ret' ] s3) | s3 = bb14 ] | bb14 = s0 - [ s0 = UIntSize.sub {_27} {n} (fun (_ret':usize) -> [ &upper <- _ret' ] s1) - | s1 = rand_in_range'0 {[%#s03_knuth_shuffle7] (0 : usize)} {upper} (fun (_ret':usize) -> [ &i <- _ret' ] s2) + [ s0 = UInt64.sub {_27} {n} (fun (_ret':UInt64.t) -> [ &upper <- _ret' ] s1) + | s1 = rand_in_range'0 {[%#s03_knuth_shuffle7] (0 : UInt64.t)} {upper} + (fun (_ret':UInt64.t) -> [ &i <- _ret' ] s2) | s2 = bb15 ] | bb15 = s0 @@ -405,7 +406,8 @@ module M_03_knuth_shuffle__knuth_shuffle [#"03_knuth_shuffle.rs" 13 0 13 39] -{inv'3 _ret'.final}- [ &_34 <- { _34 with current = _ret'.final } ] s1) - | s1 = UIntSize.sub {upper} {[%#s03_knuth_shuffle8] (1 : usize)} (fun (_ret':usize) -> [ &_37 <- _ret' ] s2) + | s1 = UInt64.sub {upper} {[%#s03_knuth_shuffle8] (1 : UInt64.t)} + (fun (_ret':UInt64.t) -> [ &_37 <- _ret' ] s2) | s2 = swap'0 {_33} {i} {_37} (fun (_ret':()) -> [ &_32 <- _ret' ] s3) | s3 = bb17 ] @@ -419,23 +421,23 @@ module M_03_knuth_shuffle__knuth_shuffle [#"03_knuth_shuffle.rs" 13 0 13 39] | & old_v : Snapshot.snap_ty (borrowed (t_Vec'0)) = any_l () | & iter : t_Range'0 = any_l () | & _6 : t_Range'0 = any_l () - | & _7 : usize = any_l () + | & _7 : UInt64.t = any_l () | & iter_old : Snapshot.snap_ty (t_Range'0) = any_l () - | & produced : Snapshot.snap_ty (Seq.seq usize) = any_l () + | & produced : Snapshot.snap_ty (Seq.seq UInt64.t) = any_l () | & _18 : t_Option'0 = any_l () | & _19 : borrowed (t_Range'0) = any_l () | & _20 : borrowed (t_Range'0) = any_l () - | & __creusot_proc_iter_elem : usize = any_l () - | & _23 : Snapshot.snap_ty (Seq.seq usize) = any_l () - | & n : usize = any_l () - | & upper : usize = any_l () - | & _27 : usize = any_l () - | & i : usize = any_l () + | & __creusot_proc_iter_elem : UInt64.t = any_l () + | & _23 : Snapshot.snap_ty (Seq.seq UInt64.t) = any_l () + | & n : UInt64.t = any_l () + | & upper : UInt64.t = any_l () + | & _27 : UInt64.t = any_l () + | & i : UInt64.t = any_l () | & _32 : () = any_l () | & _33 : borrowed (slice t_T'0) = any_l () | & _34 : borrowed (slice t_T'0) = any_l () | & _35 : borrowed (t_Vec'0) = any_l () - | & _37 : usize = any_l () + | & _37 : UInt64.t = any_l () | & old_6_0 : Snapshot.snap_ty (borrowed (t_Vec'0)) = any_l () ] [ return' (result:())-> {[@expl:knuth_shuffle ensures] [%#s03_knuth_shuffle10] permutation_of'0 (view'2 v.final) (view'0 v)} diff --git a/creusot/tests/should_succeed/vector/04_binary_search.coma b/creusot/tests/should_succeed/vector/04_binary_search.coma index 004eb8dea8..f2bd40bda9 100644 --- a/creusot/tests/should_succeed/vector/04_binary_search.coma +++ b/creusot/tests/should_succeed/vector/04_binary_search.coma @@ -6,8 +6,8 @@ module M_04_binary_search__binary_search [#"04_binary_search.rs" 26 0 26 71] let%span s04_binary_search4 = "04_binary_search.rs" 34 16 34 62 let%span s04_binary_search5 = "04_binary_search.rs" 33 16 33 56 let%span s04_binary_search6 = "04_binary_search.rs" 36 17 36 18 - let%span s04_binary_search7 = "04_binary_search.rs" 37 26 37 27 - let%span s04_binary_search8 = "04_binary_search.rs" 37 19 37 27 + let%span s04_binary_search7 = "04_binary_search.rs" 37 19 37 27 + let%span s04_binary_search8 = "04_binary_search.rs" 37 26 37 27 let%span s04_binary_search9 = "04_binary_search.rs" 48 19 48 20 let%span s04_binary_search10 = "04_binary_search.rs" 19 11 19 36 let%span s04_binary_search11 = "04_binary_search.rs" 20 11 20 23 @@ -21,9 +21,37 @@ module M_04_binary_search__binary_search [#"04_binary_search.rs" 26 0 26 71] let%span svec19 = "../../../../creusot-contracts/src/std/vec.rs" 163 26 163 54 let%span s04_binary_search20 = "04_binary_search.rs" 16 4 16 31 let%span svec21 = "../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - let%span sslice22 = "../../../../creusot-contracts/src/std/slice.rs" 122 20 122 37 - let%span sslice23 = "../../../../creusot-contracts/src/std/slice.rs" 129 20 129 37 - let%span s04_binary_search24 = "04_binary_search.rs" 10 8 10 74 + let%span sord22 = "../../../../creusot-contracts/src/logic/ord.rs" 78 39 78 89 + let%span sord23 = "../../../../creusot-contracts/src/logic/ord.rs" 83 39 83 86 + let%span sord24 = "../../../../creusot-contracts/src/logic/ord.rs" 88 39 88 86 + let%span sord25 = "../../../../creusot-contracts/src/logic/ord.rs" 93 39 93 89 + let%span sord26 = "../../../../creusot-contracts/src/logic/ord.rs" 98 39 98 70 + let%span sord27 = "../../../../creusot-contracts/src/logic/ord.rs" 103 40 103 57 + let%span sord28 = "../../../../creusot-contracts/src/logic/ord.rs" 104 40 104 57 + let%span sord29 = "../../../../creusot-contracts/src/logic/ord.rs" 105 39 105 56 + let%span sord30 = "../../../../creusot-contracts/src/logic/ord.rs" 110 40 110 70 + let%span sord31 = "../../../../creusot-contracts/src/logic/ord.rs" 111 39 111 72 + let%span sord32 = "../../../../creusot-contracts/src/logic/ord.rs" 116 40 116 73 + let%span sord33 = "../../../../creusot-contracts/src/logic/ord.rs" 117 39 117 69 + let%span sord34 = "../../../../creusot-contracts/src/logic/ord.rs" 122 39 122 84 + let%span sord35 = "../../../../creusot-contracts/src/logic/ord.rs" 78 39 78 89 + let%span sord36 = "../../../../creusot-contracts/src/logic/ord.rs" 83 39 83 86 + let%span sord37 = "../../../../creusot-contracts/src/logic/ord.rs" 88 39 88 86 + let%span sord38 = "../../../../creusot-contracts/src/logic/ord.rs" 93 39 93 89 + let%span sord39 = "../../../../creusot-contracts/src/logic/ord.rs" 98 39 98 70 + let%span sord40 = "../../../../creusot-contracts/src/logic/ord.rs" 103 40 103 57 + let%span sord41 = "../../../../creusot-contracts/src/logic/ord.rs" 104 40 104 57 + let%span sord42 = "../../../../creusot-contracts/src/logic/ord.rs" 105 39 105 56 + let%span sord43 = "../../../../creusot-contracts/src/logic/ord.rs" 110 40 110 70 + let%span sord44 = "../../../../creusot-contracts/src/logic/ord.rs" 111 39 111 72 + let%span sord45 = "../../../../creusot-contracts/src/logic/ord.rs" 116 40 116 73 + let%span sord46 = "../../../../creusot-contracts/src/logic/ord.rs" 117 39 117 69 + let%span sord47 = "../../../../creusot-contracts/src/logic/ord.rs" 122 39 122 84 + let%span sslice48 = "../../../../creusot-contracts/src/std/slice.rs" 140 20 140 37 + let%span sslice49 = "../../../../creusot-contracts/src/std/slice.rs" 147 20 147 37 + let%span s04_binary_search50 = "04_binary_search.rs" 10 8 10 74 + let%span sord51 = "../../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + let%span sord52 = "../../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 use prelude.prelude.Borrow @@ -35,22 +63,24 @@ module M_04_binary_search__binary_search [#"04_binary_search.rs" 26 0 26 71] type t_Unique'0 = { t_Unique__pointer'0: t_NonNull'0; t_Unique__qy95zmarker'0: () } + use prelude.prelude.Int + use prelude.prelude.UInt64 type t_Cap'0 = - { t_Cap__0'0: usize } + { t_Cap__0'0: UInt64.t } type t_RawVec'0 = { t_RawVec__ptr'0: t_Unique'0; t_RawVec__cap'0: t_Cap'0; t_RawVec__alloc'0: () } type t_Vec'0 = - { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: usize } + { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: UInt64.t } predicate inv'0 (_1 : t_Vec'0) axiom inv_axiom'0 [@rewrite] : forall x : t_Vec'0 [inv'0 x] . inv'0 x = true - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 use prelude.prelude.UInt32 @@ -58,66 +88,174 @@ module M_04_binary_search__binary_search [#"04_binary_search.rs" 26 0 26 71] use seq.Seq - constant v_MAX'0 : usize = (18446744073709551615 : usize) - - use prelude.prelude.Int + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - function view'1 (self : t_Vec'0) : Seq.seq uint32 + function view'1 (self : t_Vec'0) : Seq.seq UInt32.t - axiom view'1_spec : forall self : t_Vec'0 . [%#svec21] Seq.length (view'1 self) <= UIntSize.to_int (v_MAX'0 : usize) + axiom view'1_spec : forall self : t_Vec'0 . [%#svec21] Seq.length (view'1 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) - function view'0 (self : t_Vec'0) : Seq.seq uint32 = + function view'0 (self : t_Vec'0) : Seq.seq UInt32.t = [%#smodel16] view'1 self - let rec len'0 (self:t_Vec'0) (return' (ret:usize))= {[@expl:len 'self' type invariant] inv'0 self} + let rec len'0 (self:t_Vec'0) (return' (ret:UInt64.t))= {[@expl:len 'self' type invariant] inv'0 self} any - [ return' (result:usize)-> {[%#svec15] UIntSize.to_int result = Seq.length (view'0 self)} (! return' {result}) ] + [ return' (result:UInt64.t)-> {[%#svec15] UInt64.to_uint result = Seq.length (view'0 self)} (! return' {result}) ] type t_Result'0 = - | C_Ok'0 usize - | C_Err'0 usize + | C_Ok'0 UInt64.t + | C_Err'0 UInt64.t use seq.Seq - function index_logic'0 [@inline:trivial] (self : t_Vec'0) (ix : int) : uint32 = + function index_logic'0 [@inline:trivial] (self : t_Vec'0) (ix : int) : UInt32.t = [%#sops17] Seq.get (view'1 self) ix - predicate inv'1 (_1 : usize) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 + + use prelude.prelude.UInt32 + + function cmp_log'0 (self : UInt32.t) (o : UInt32.t) : t_Ordering'0 = + [%#sord51] if UInt32.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + + function eq_cmp'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom eq_cmp'0_spec : forall x : UInt32.t, y : UInt32.t . [%#sord34] (x = y) = (cmp_log'0 x y = C_Equal'0) + + function antisym2'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom antisym2'0_spec : forall x : UInt32.t, y : UInt32.t . ([%#sord32] cmp_log'0 x y = C_Greater'0) + -> ([%#sord33] cmp_log'0 y x = C_Less'0) + + function antisym1'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom antisym1'0_spec : forall x : UInt32.t, y : UInt32.t . ([%#sord30] cmp_log'0 x y = C_Less'0) + -> ([%#sord31] cmp_log'0 y x = C_Greater'0) + + function trans'0 (x : UInt32.t) (y : UInt32.t) (z : UInt32.t) (o : t_Ordering'0) : () + + axiom trans'0_spec : forall x : UInt32.t, y : UInt32.t, z : UInt32.t, o : t_Ordering'0 . ([%#sord27] cmp_log'0 x y + = o) -> ([%#sord28] cmp_log'0 y z = o) -> ([%#sord29] cmp_log'0 x z = o) + + function refl'0 (x : UInt32.t) : () + + axiom refl'0_spec : forall x : UInt32.t . [%#sord26] cmp_log'0 x x = C_Equal'0 + + use prelude.prelude.UInt32 + + function cmp_gt_log'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom cmp_gt_log'0_spec : forall x : UInt32.t, y : UInt32.t . [%#sord25] UInt32.ugt x y + = (cmp_log'0 x y = C_Greater'0) + + use prelude.prelude.UInt32 + + function cmp_ge_log'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom cmp_ge_log'0_spec : forall x : UInt32.t, y : UInt32.t . [%#sord24] UInt32.uge x y = (cmp_log'0 x y <> C_Less'0) + + function cmp_lt_log'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom cmp_lt_log'0_spec : forall x : UInt32.t, y : UInt32.t . [%#sord23] UInt32.ult x y = (cmp_log'0 x y = C_Less'0) + + use prelude.prelude.UInt32 + + function cmp_le_log'0 (x : UInt32.t) (y : UInt32.t) : () + + axiom cmp_le_log'0_spec : forall x : UInt32.t, y : UInt32.t . [%#sord22] UInt32.ule x y + = (cmp_log'0 x y <> C_Greater'0) + + use prelude.prelude.UInt64 + + function cmp_log'1 (self : UInt64.t) (o : UInt64.t) : t_Ordering'0 = + [%#sord52] if UInt64.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + + function eq_cmp'1 (x : UInt64.t) (y : UInt64.t) : () + + axiom eq_cmp'1_spec : forall x : UInt64.t, y : UInt64.t . [%#sord47] (x = y) = (cmp_log'1 x y = C_Equal'0) + + function antisym2'1 (x : UInt64.t) (y : UInt64.t) : () + + axiom antisym2'1_spec : forall x : UInt64.t, y : UInt64.t . ([%#sord45] cmp_log'1 x y = C_Greater'0) + -> ([%#sord46] cmp_log'1 y x = C_Less'0) + + function antisym1'1 (x : UInt64.t) (y : UInt64.t) : () + + axiom antisym1'1_spec : forall x : UInt64.t, y : UInt64.t . ([%#sord43] cmp_log'1 x y = C_Less'0) + -> ([%#sord44] cmp_log'1 y x = C_Greater'0) + + function trans'1 (x : UInt64.t) (y : UInt64.t) (z : UInt64.t) (o : t_Ordering'0) : () + + axiom trans'1_spec : forall x : UInt64.t, y : UInt64.t, z : UInt64.t, o : t_Ordering'0 . ([%#sord40] cmp_log'1 x y + = o) -> ([%#sord41] cmp_log'1 y z = o) -> ([%#sord42] cmp_log'1 x z = o) + + function refl'1 (x : UInt64.t) : () + + axiom refl'1_spec : forall x : UInt64.t . [%#sord39] cmp_log'1 x x = C_Equal'0 + + use prelude.prelude.UInt64 + + function cmp_gt_log'1 (x : UInt64.t) (y : UInt64.t) : () + + axiom cmp_gt_log'1_spec : forall x : UInt64.t, y : UInt64.t . [%#sord38] UInt64.ugt x y + = (cmp_log'1 x y = C_Greater'0) + + use prelude.prelude.UInt64 + + function cmp_ge_log'1 (x : UInt64.t) (y : UInt64.t) : () + + axiom cmp_ge_log'1_spec : forall x : UInt64.t, y : UInt64.t . [%#sord37] UInt64.uge x y = (cmp_log'1 x y <> C_Less'0) + + function cmp_lt_log'1 (x : UInt64.t) (y : UInt64.t) : () + + axiom cmp_lt_log'1_spec : forall x : UInt64.t, y : UInt64.t . [%#sord36] UInt64.ult x y = (cmp_log'1 x y = C_Less'0) + + use prelude.prelude.UInt64 + + function cmp_le_log'1 (x : UInt64.t) (y : UInt64.t) : () + + axiom cmp_le_log'1_spec : forall x : UInt64.t, y : UInt64.t . [%#sord35] UInt64.ule x y + = (cmp_log'1 x y <> C_Greater'0) + + predicate inv'1 (_1 : UInt64.t) axiom inv_axiom'1 [@rewrite] : forall x : UInt64.t [inv'1 x] . inv'1 x = true - predicate in_bounds'0 [@inline:trivial] (self : usize) (seq : Seq.seq uint32) = - [%#sslice22] UIntSize.to_int self < Seq.length seq + predicate in_bounds'0 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq UInt32.t) = + [%#sslice48] UInt64.to_uint self < Seq.length seq - predicate inv'2 (_1 : uint32) + predicate inv'2 (_1 : UInt32.t) - axiom inv_axiom'2 [@rewrite] : forall x : uint32 [inv'2 x] . inv'2 x = true + axiom inv_axiom'2 [@rewrite] : forall x : UInt32.t [inv'2 x] . inv'2 x = true - predicate has_value'0 [@inline:trivial] (self : usize) (seq : Seq.seq uint32) (out : uint32) = - [%#sslice23] Seq.get seq (UIntSize.to_int self) = out + predicate has_value'0 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq UInt32.t) (out : UInt32.t) = + [%#sslice49] Seq.get seq (UInt64.to_uint self) = out - let rec index'0 (self:t_Vec'0) (index:usize) (return' (ret:uint32))= {[@expl:index 'self' type invariant] inv'0 self} + let rec index'0 (self:t_Vec'0) (index:UInt64.t) (return' (ret:UInt32.t))= {[@expl:index 'self' type invariant] inv'0 self} {[@expl:index 'index' type invariant] inv'1 index} {[@expl:index requires] [%#svec18] in_bounds'0 index (view'0 self)} any - [ return' (result:uint32)-> {inv'2 result} + [ return' (result:UInt32.t)-> {inv'2 result} {[%#svec19] has_value'0 index (view'0 self) result} (! return' {result}) ] use prelude.prelude.Intrinsic - predicate sorted_range'0 [#"04_binary_search.rs" 8 0 8 52] (s : Seq.seq uint32) (l : int) (u : int) = - [%#s04_binary_search24] forall i : int, j : int . l <= i /\ i < j /\ j < u -> Seq.get s i <= Seq.get s j + predicate sorted_range'0 [#"04_binary_search.rs" 8 0 8 52] (s : Seq.seq UInt32.t) (l : int) (u : int) = + [%#s04_binary_search50] forall i : int, j : int . l <= i /\ i < j /\ j < u + -> UInt32.ule (Seq.get s i) (Seq.get s j) - predicate sorted'0 [#"04_binary_search.rs" 15 0 15 30] (s : Seq.seq uint32) = + predicate sorted'0 [#"04_binary_search.rs" 15 0 15 30] (s : Seq.seq UInt32.t) = [%#s04_binary_search20] sorted_range'0 s 0 (Seq.length s) meta "compute_max_steps" 1000000 - let rec binary_search'0 (arr:t_Vec'0) (elem:uint32) (return' (ret:t_Result'0))= {[@expl:binary_search requires #0] [%#s04_binary_search10] Seq.length (view'0 arr) - <= UIntSize.to_int (v_MAX'0 : usize)} + let rec binary_search'0 (arr:t_Vec'0) (elem:UInt32.t) (return' (ret:t_Result'0))= {[@expl:binary_search requires #0] [%#s04_binary_search10] Seq.length (view'0 arr) + <= UInt64.to_uint (v_MAX'0 : UInt64.t)} {[@expl:binary_search requires #1] [%#s04_binary_search11] sorted'0 (view'0 arr)} (! bb0 [ bb0 = s0 [ s0 = len'0 {arr} (fun (_ret':UInt64.t) -> [ &_10 <- _ret' ] s1) | s1 = bb1 ] @@ -125,32 +263,34 @@ module M_04_binary_search__binary_search [#"04_binary_search.rs" 26 0 26 71] [ s0 = UInt64.eq {_10} {[%#s04_binary_search0] (0 : UInt64.t)} (fun (_ret':bool) -> [ &_9 <- _ret' ] s1) | s1 = any [ br0 -> {_9 = false} (! bb3) | br1 -> {_9} (! bb2) ] ] - | bb2 = s0 [ s0 = [ &_0 <- C_Err'0 ([%#s04_binary_search1] (0 : usize)) ] s1 | s1 = bb21 ] - | bb3 = s0 [ s0 = len'0 {arr} (fun (_ret':usize) -> [ &size <- _ret' ] s1) | s1 = bb4 ] - | bb4 = s0 [ s0 = [ &base <- [%#s04_binary_search2] (0 : usize) ] s1 | s1 = bb5 ] + | bb2 = s0 [ s0 = [ &_0 <- C_Err'0 ([%#s04_binary_search1] (0 : UInt64.t)) ] s1 | s1 = bb21 ] + | bb3 = s0 [ s0 = len'0 {arr} (fun (_ret':UInt64.t) -> [ &size <- _ret' ] s1) | s1 = bb4 ] + | bb4 = s0 [ s0 = [ &base <- [%#s04_binary_search2] (0 : UInt64.t) ] s1 | s1 = bb5 ] | bb5 = bb5 - [ bb5 = {[@expl:loop invariant #0] [%#s04_binary_search5] 0 < UIntSize.to_int size - /\ UIntSize.to_int size + UIntSize.to_int base <= Seq.length (view'0 arr)} - {[@expl:loop invariant #1] [%#s04_binary_search4] forall i : usize . i < base - -> index_logic'0 arr (UIntSize.to_int i) <= elem} - {[@expl:loop invariant #2] [%#s04_binary_search3] forall i : usize . UIntSize.to_int base + UIntSize.to_int size - < UIntSize.to_int i - /\ UIntSize.to_int i < Seq.length (view'0 arr) -> elem < index_logic'0 arr (UIntSize.to_int i)} + [ bb5 = {[@expl:loop invariant #0] [%#s04_binary_search5] 0 < UInt64.to_uint size + /\ UInt64.to_uint size + UInt64.to_uint base <= Seq.length (view'0 arr)} + {[@expl:loop invariant #1] [%#s04_binary_search4] forall i : UInt64.t . UInt64.ult i base + -> UInt32.ule (index_logic'0 arr (UInt64.to_uint i)) elem} + {[@expl:loop invariant #2] [%#s04_binary_search3] forall i : UInt64.t . UInt64.to_uint base + + UInt64.to_uint size + < UInt64.to_uint i + /\ UInt64.to_uint i < Seq.length (view'0 arr) -> UInt32.ult elem (index_logic'0 arr (UInt64.to_uint i))} (! s0) [ s0 = bb6 ] [ bb6 = s0 - [ s0 = UIntSize.gt {size} {[%#s04_binary_search6] (1 : usize)} (fun (_ret':bool) -> [ &_21 <- _ret' ] s1) + [ s0 = UInt64.gt {size} {[%#s04_binary_search6] (1 : UInt64.t)} (fun (_ret':bool) -> [ &_21 <- _ret' ] s1) | s1 = any [ br0 -> {_21 = false} (! bb13) | br1 -> {_21} (! bb7) ] ] | bb7 = s0 - [ s0 = UIntSize.eq {[%#s04_binary_search7] (2 : usize)} {[%#s04_binary_search8] (0 : usize)} + [ s0 = UInt64.eq {[%#s04_binary_search8] (2 : UInt64.t)} {[%#s04_binary_search7] (0 : UInt64.t)} (fun (_ret':bool) -> [ &_25 <- _ret' ] s1) - | s1 = {[@expl:division by zero] [%#s04_binary_search8] not _25} s2 + | s1 = {[@expl:division by zero] [%#s04_binary_search7] not _25} s2 | s2 = bb8 ] | bb8 = s0 - [ s0 = UIntSize.div {size} {[%#s04_binary_search7] (2 : usize)} (fun (_ret':usize) -> [ &half <- _ret' ] s1) - | s1 = UIntSize.add {base} {half} (fun (_ret':usize) -> [ &mid <- _ret' ] s2) - | s2 = index'0 {arr} {mid} (fun (_ret':uint32) -> [ &_32 <- _ret' ] s3) + [ s0 = UInt64.div {size} {[%#s04_binary_search8] (2 : UInt64.t)} + (fun (_ret':UInt64.t) -> [ &half <- _ret' ] s1) + | s1 = UInt64.add {base} {half} (fun (_ret':UInt64.t) -> [ &mid <- _ret' ] s2) + | s2 = index'0 {arr} {mid} (fun (_ret':UInt32.t) -> [ &_32 <- _ret' ] s3) | s3 = bb9 ] | bb9 = s0 @@ -178,7 +318,7 @@ module M_04_binary_search__binary_search [#"04_binary_search.rs" 26 0 26 71] | s1 = any [ br0 -> {_48 = false} (! bb18) | br1 -> {_48} (! bb17) ] ] | bb17 = s0 - [ s0 = UIntSize.add {base} {[%#s04_binary_search9] (1 : usize)} (fun (_ret':usize) -> [ &_51 <- _ret' ] s1) + [ s0 = UInt64.add {base} {[%#s04_binary_search9] (1 : UInt64.t)} (fun (_ret':UInt64.t) -> [ &_51 <- _ret' ] s1) | s1 = [ &_0 <- C_Err'0 _51 ] s2 | s2 = bb19 ] @@ -189,7 +329,7 @@ module M_04_binary_search__binary_search [#"04_binary_search.rs" 26 0 26 71] ) [ & _0 : t_Result'0 = any_l () | & arr : t_Vec'0 = arr - | & elem : uint32 = elem + | & elem : UInt32.t = elem | & _9 : bool = any_l () | & _10 : UInt64.t = any_l () | & size : UInt64.t = any_l () @@ -207,13 +347,13 @@ module M_04_binary_search__binary_search [#"04_binary_search.rs" 26 0 26 71] | & _48 : bool = any_l () | & _51 : UInt64.t = any_l () ] - [ return' (result:t_Result'0)-> {[@expl:binary_search ensures #0] [%#s04_binary_search12] forall x : usize . result - = C_Ok'0 x -> index_logic'0 arr (UIntSize.to_int x) = elem} - {[@expl:binary_search ensures #1] [%#s04_binary_search13] forall x : usize . result = C_Err'0 x - -> (forall i : usize . i < x -> index_logic'0 arr (UIntSize.to_int i) <= elem)} - {[@expl:binary_search ensures #2] [%#s04_binary_search14] forall x : usize . result = C_Err'0 x - -> (forall i : usize . x < i /\ UIntSize.to_int i < Seq.length (view'0 arr) - -> elem < index_logic'0 arr (UIntSize.to_int i))} + [ return' (result:t_Result'0)-> {[@expl:binary_search ensures #0] [%#s04_binary_search12] forall x : UInt64.t . result + = C_Ok'0 x -> index_logic'0 arr (UInt64.to_uint x) = elem} + {[@expl:binary_search ensures #1] [%#s04_binary_search13] forall x : UInt64.t . result = C_Err'0 x + -> (forall i : UInt64.t . UInt64.ult i x -> UInt32.ule (index_logic'0 arr (UInt64.to_uint i)) elem)} + {[@expl:binary_search ensures #2] [%#s04_binary_search14] forall x : UInt64.t . result = C_Err'0 x + -> (forall i : UInt64.t . UInt64.ult x i /\ UInt64.to_uint i < Seq.length (view'0 arr) + -> UInt32.ult elem (index_logic'0 arr (UInt64.to_uint i)))} (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/vector/05_binary_search_generic.coma b/creusot/tests/should_succeed/vector/05_binary_search_generic.coma index 0f2c57d52e..cac035a7a7 100644 --- a/creusot/tests/should_succeed/vector/05_binary_search_generic.coma +++ b/creusot/tests/should_succeed/vector/05_binary_search_generic.coma @@ -6,8 +6,8 @@ module M_05_binary_search_generic__binary_search [#"05_binary_search_generic.rs" let%span s05_binary_search_generic4 = "05_binary_search_generic.rs" 38 16 38 88 let%span s05_binary_search_generic5 = "05_binary_search_generic.rs" 37 16 37 56 let%span s05_binary_search_generic6 = "05_binary_search_generic.rs" 40 17 40 18 - let%span s05_binary_search_generic7 = "05_binary_search_generic.rs" 41 26 41 27 - let%span s05_binary_search_generic8 = "05_binary_search_generic.rs" 41 19 41 27 + let%span s05_binary_search_generic7 = "05_binary_search_generic.rs" 41 19 41 27 + let%span s05_binary_search_generic8 = "05_binary_search_generic.rs" 41 26 41 27 let%span s05_binary_search_generic9 = "05_binary_search_generic.rs" 53 37 53 38 let%span s05_binary_search_generic10 = "05_binary_search_generic.rs" 27 41 27 44 let%span s05_binary_search_generic11 = "05_binary_search_generic.rs" 27 55 27 59 @@ -40,14 +40,28 @@ module M_05_binary_search_generic__binary_search [#"05_binary_search_generic.rs" let%span sord38 = "../../../../creusot-contracts/src/logic/ord.rs" 64 15 64 48 let%span sord39 = "../../../../creusot-contracts/src/logic/ord.rs" 65 14 65 44 let%span sord40 = "../../../../creusot-contracts/src/logic/ord.rs" 69 14 69 59 - let%span sslice41 = "../../../../creusot-contracts/src/std/slice.rs" 122 20 122 37 - let%span sslice42 = "../../../../creusot-contracts/src/std/slice.rs" 129 20 129 37 - let%span s05_binary_search_generic43 = "05_binary_search_generic.rs" 11 8 11 75 - let%span sops44 = "../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 - let%span sinvariant45 = "../../../../creusot-contracts/src/invariant.rs" 24 8 24 18 - let%span svec46 = "../../../../creusot-contracts/src/std/vec.rs" 65 20 65 41 - let%span sseq47 = "../../../../creusot-contracts/src/logic/seq.rs" 451 20 451 95 - let%span sboxed48 = "../../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 + let%span sord41 = "../../../../creusot-contracts/src/logic/ord.rs" 78 39 78 89 + let%span sord42 = "../../../../creusot-contracts/src/logic/ord.rs" 83 39 83 86 + let%span sord43 = "../../../../creusot-contracts/src/logic/ord.rs" 88 39 88 86 + let%span sord44 = "../../../../creusot-contracts/src/logic/ord.rs" 93 39 93 89 + let%span sord45 = "../../../../creusot-contracts/src/logic/ord.rs" 98 39 98 70 + let%span sord46 = "../../../../creusot-contracts/src/logic/ord.rs" 103 40 103 57 + let%span sord47 = "../../../../creusot-contracts/src/logic/ord.rs" 104 40 104 57 + let%span sord48 = "../../../../creusot-contracts/src/logic/ord.rs" 105 39 105 56 + let%span sord49 = "../../../../creusot-contracts/src/logic/ord.rs" 110 40 110 70 + let%span sord50 = "../../../../creusot-contracts/src/logic/ord.rs" 111 39 111 72 + let%span sord51 = "../../../../creusot-contracts/src/logic/ord.rs" 116 40 116 73 + let%span sord52 = "../../../../creusot-contracts/src/logic/ord.rs" 117 39 117 69 + let%span sord53 = "../../../../creusot-contracts/src/logic/ord.rs" 122 39 122 84 + let%span sslice54 = "../../../../creusot-contracts/src/std/slice.rs" 140 20 140 37 + let%span sslice55 = "../../../../creusot-contracts/src/std/slice.rs" 147 20 147 37 + let%span s05_binary_search_generic56 = "05_binary_search_generic.rs" 11 8 11 75 + let%span sops57 = "../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 + let%span sord58 = "../../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + let%span sinvariant59 = "../../../../creusot-contracts/src/invariant.rs" 24 8 24 18 + let%span svec60 = "../../../../creusot-contracts/src/std/vec.rs" 65 20 65 41 + let%span sseq61 = "../../../../creusot-contracts/src/logic/seq.rs" 451 20 451 95 + let%span sboxed62 = "../../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 use prelude.prelude.Borrow @@ -59,24 +73,24 @@ module M_05_binary_search_generic__binary_search [#"05_binary_search_generic.rs" type t_Unique'0 = { t_Unique__pointer'0: t_NonNull'0; t_Unique__qy95zmarker'0: () } - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 type t_Cap'0 = - { t_Cap__0'0: usize } + { t_Cap__0'0: UInt64.t } type t_RawVec'0 = { t_RawVec__ptr'0: t_Unique'0; t_RawVec__cap'0: t_Cap'0; t_RawVec__alloc'0: () } type t_Vec'0 = - { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: usize } + { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: UInt64.t } use seq.Seq - constant v_MAX'0 : usize = (18446744073709551615 : usize) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.UIntSize - - use prelude.prelude.Int + use prelude.prelude.UInt64 type t_T'0 @@ -84,35 +98,35 @@ module M_05_binary_search_generic__binary_search [#"05_binary_search_generic.rs" function view'1 (self : t_Vec'0) : Seq.seq t_T'0 - axiom view'1_spec : forall self : t_Vec'0 . [%#svec25] Seq.length (view'1 self) <= UIntSize.to_int (v_MAX'0 : usize) + axiom view'1_spec : forall self : t_Vec'0 . [%#svec25] Seq.length (view'1 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) use seq.Seq predicate inv'0 (_1 : t_T'0) predicate invariant'4 (self : t_T'0) = - [%#sboxed48] inv'0 self + [%#sboxed62] inv'0 self predicate inv'6 (_1 : t_T'0) axiom inv_axiom'5 [@rewrite] : forall x : t_T'0 [inv'6 x] . inv'6 x = invariant'4 x predicate invariant'3 (self : Seq.seq t_T'0) = - [%#sseq47] forall i : int . 0 <= i /\ i < Seq.length self -> inv'6 (Seq.get self i) + [%#sseq61] forall i : int . 0 <= i /\ i < Seq.length self -> inv'6 (Seq.get self i) predicate inv'5 (_1 : Seq.seq t_T'0) axiom inv_axiom'4 [@rewrite] : forall x : Seq.seq t_T'0 [inv'5 x] . inv'5 x = invariant'3 x predicate invariant'2 (self : t_Vec'0) = - [%#svec46] inv'5 (view'1 self) + [%#svec60] inv'5 (view'1 self) predicate inv'4 (_1 : t_Vec'0) axiom inv_axiom'3 [@rewrite] : forall x : t_Vec'0 [inv'4 x] . inv'4 x = invariant'2 x predicate invariant'0 (self : t_Vec'0) = - [%#sinvariant45] inv'4 self + [%#sinvariant59] inv'4 self predicate inv'1 (_1 : t_Vec'0) @@ -121,16 +135,16 @@ module M_05_binary_search_generic__binary_search [#"05_binary_search_generic.rs" function view'0 (self : t_Vec'0) : Seq.seq t_T'0 = [%#smodel18] view'1 self - let rec len'0 (self:t_Vec'0) (return' (ret:usize))= {[@expl:len 'self' type invariant] inv'1 self} + let rec len'0 (self:t_Vec'0) (return' (ret:UInt64.t))= {[@expl:len 'self' type invariant] inv'1 self} any - [ return' (result:usize)-> {[%#svec17] UIntSize.to_int result = Seq.length (view'0 self)} (! return' {result}) ] + [ return' (result:UInt64.t)-> {[%#svec17] UInt64.to_uint result = Seq.length (view'0 self)} (! return' {result}) ] predicate resolve'0 (_1 : t_T'0) type t_Result'0 = - | C_Ok'0 usize - | C_Err'0 usize + | C_Ok'0 UInt64.t + | C_Err'0 UInt64.t type t_DeepModelTy'0 @@ -145,7 +159,7 @@ module M_05_binary_search_generic__binary_search [#"05_binary_search_generic.rs" use seq.Seq function index_logic'0 [@inline:trivial] (self : t_Vec'0) (ix : int) : t_T'0 = - [%#sops44] Seq.get (view'1 self) ix + [%#sops57] Seq.get (view'1 self) ix function deep_model'2 (self : t_Vec'0) : Seq.seq t_DeepModelTy'0 @@ -216,24 +230,76 @@ module M_05_binary_search_generic__binary_search [#"05_binary_search_generic.rs" axiom cmp_le_log'0_spec : forall x : t_DeepModelTy'0, y : t_DeepModelTy'0 . [%#sord28] le_log'0 x y = (cmp_log'0 x y <> C_Greater'0) - predicate inv'2 (_1 : usize) + use prelude.prelude.UInt64 + + function cmp_log'1 (self : UInt64.t) (o : UInt64.t) : t_Ordering'0 = + [%#sord58] if UInt64.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + + function eq_cmp'1 (x : UInt64.t) (y : UInt64.t) : () + + axiom eq_cmp'1_spec : forall x : UInt64.t, y : UInt64.t . [%#sord53] (x = y) = (cmp_log'1 x y = C_Equal'0) + + function antisym2'1 (x : UInt64.t) (y : UInt64.t) : () + + axiom antisym2'1_spec : forall x : UInt64.t, y : UInt64.t . ([%#sord51] cmp_log'1 x y = C_Greater'0) + -> ([%#sord52] cmp_log'1 y x = C_Less'0) + + function antisym1'1 (x : UInt64.t) (y : UInt64.t) : () + + axiom antisym1'1_spec : forall x : UInt64.t, y : UInt64.t . ([%#sord49] cmp_log'1 x y = C_Less'0) + -> ([%#sord50] cmp_log'1 y x = C_Greater'0) + + function trans'1 (x : UInt64.t) (y : UInt64.t) (z : UInt64.t) (o : t_Ordering'0) : () + + axiom trans'1_spec : forall x : UInt64.t, y : UInt64.t, z : UInt64.t, o : t_Ordering'0 . ([%#sord46] cmp_log'1 x y + = o) -> ([%#sord47] cmp_log'1 y z = o) -> ([%#sord48] cmp_log'1 x z = o) + + function refl'1 (x : UInt64.t) : () + + axiom refl'1_spec : forall x : UInt64.t . [%#sord45] cmp_log'1 x x = C_Equal'0 + + use prelude.prelude.UInt64 + + function cmp_gt_log'1 (x : UInt64.t) (y : UInt64.t) : () + + axiom cmp_gt_log'1_spec : forall x : UInt64.t, y : UInt64.t . [%#sord44] UInt64.ugt x y + = (cmp_log'1 x y = C_Greater'0) + + use prelude.prelude.UInt64 + + function cmp_ge_log'1 (x : UInt64.t) (y : UInt64.t) : () + + axiom cmp_ge_log'1_spec : forall x : UInt64.t, y : UInt64.t . [%#sord43] UInt64.uge x y = (cmp_log'1 x y <> C_Less'0) + + function cmp_lt_log'1 (x : UInt64.t) (y : UInt64.t) : () + + axiom cmp_lt_log'1_spec : forall x : UInt64.t, y : UInt64.t . [%#sord42] UInt64.ult x y = (cmp_log'1 x y = C_Less'0) + + use prelude.prelude.UInt64 + + function cmp_le_log'1 (x : UInt64.t) (y : UInt64.t) : () + + axiom cmp_le_log'1_spec : forall x : UInt64.t, y : UInt64.t . [%#sord41] UInt64.ule x y + = (cmp_log'1 x y <> C_Greater'0) + + predicate inv'2 (_1 : UInt64.t) - axiom inv_axiom'1 [@rewrite] : forall x : usize [inv'2 x] . inv'2 x = true + axiom inv_axiom'1 [@rewrite] : forall x : UInt64.t [inv'2 x] . inv'2 x = true - predicate in_bounds'0 [@inline:trivial] (self : usize) (seq : Seq.seq t_T'0) = - [%#sslice41] UIntSize.to_int self < Seq.length seq + predicate in_bounds'0 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq t_T'0) = + [%#sslice54] UInt64.to_uint self < Seq.length seq predicate invariant'1 (self : t_T'0) = - [%#sinvariant45] inv'0 self + [%#sinvariant59] inv'0 self predicate inv'3 (_1 : t_T'0) axiom inv_axiom'2 [@rewrite] : forall x : t_T'0 [inv'3 x] . inv'3 x = invariant'1 x - predicate has_value'0 [@inline:trivial] (self : usize) (seq : Seq.seq t_T'0) (out : t_T'0) = - [%#sslice42] Seq.get seq (UIntSize.to_int self) = out + predicate has_value'0 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq t_T'0) (out : t_T'0) = + [%#sslice55] Seq.get seq (UInt64.to_uint self) = out - let rec index'0 (self:t_Vec'0) (index:usize) (return' (ret:t_T'0))= {[@expl:index 'self' type invariant] inv'1 self} + let rec index'0 (self:t_Vec'0) (index:UInt64.t) (return' (ret:t_T'0))= {[@expl:index 'self' type invariant] inv'1 self} {[@expl:index 'index' type invariant] inv'2 index} {[@expl:index requires] [%#svec20] in_bounds'0 index (view'0 self)} any @@ -260,7 +326,7 @@ module M_05_binary_search_generic__binary_search [#"05_binary_search_generic.rs" use prelude.prelude.Intrinsic predicate sorted_range'0 [#"05_binary_search_generic.rs" 9 0 9 63] (s : Seq.seq t_DeepModelTy'0) (l : int) (u : int) = - [%#s05_binary_search_generic43] forall i : int, j : int . l <= i /\ i <= j /\ j < u + [%#s05_binary_search_generic56] forall i : int, j : int . l <= i /\ i <= j /\ j < u -> le_log'0 (Seq.get s i) (Seq.get s j) predicate sorted'0 [#"05_binary_search_generic.rs" 16 0 16 41] (s : Seq.seq t_DeepModelTy'0) = @@ -271,53 +337,55 @@ module M_05_binary_search_generic__binary_search [#"05_binary_search_generic.rs" let rec binary_search'0 (arr:t_Vec'0) (elem:t_T'0) (return' (ret:t_Result'0))= {[@expl:binary_search 'arr' type invariant] [%#s05_binary_search_generic10] inv'1 arr} {[@expl:binary_search 'elem' type invariant] [%#s05_binary_search_generic11] inv'0 elem} {[@expl:binary_search requires #0] [%#s05_binary_search_generic12] Seq.length (view'0 arr) - <= UIntSize.to_int (v_MAX'0 : usize)} + <= UInt64.to_uint (v_MAX'0 : UInt64.t)} {[@expl:binary_search requires #1] [%#s05_binary_search_generic13] sorted'0 (deep_model'1 arr)} (! bb0 [ bb0 = bb1 | bb1 = bb2 | bb2 = bb3 - | bb3 = s0 [ s0 = len'0 {arr} (fun (_ret':usize) -> [ &_10 <- _ret' ] s1) | s1 = bb4 ] + | bb3 = s0 [ s0 = len'0 {arr} (fun (_ret':UInt64.t) -> [ &_10 <- _ret' ] s1) | s1 = bb4 ] | bb4 = s0 - [ s0 = UIntSize.eq {_10} {[%#s05_binary_search_generic0] (0 : usize)} (fun (_ret':bool) -> [ &_9 <- _ret' ] s1) + [ s0 = UInt64.eq {_10} {[%#s05_binary_search_generic0] (0 : UInt64.t)} (fun (_ret':bool) -> [ &_9 <- _ret' ] s1) | s1 = any [ br0 -> {_9 = false} (! bb6) | br1 -> {_9} (! bb5) ] ] | bb5 = s0 [ s0 = {[@expl:type invariant] inv'0 elem} s1 | s1 = -{resolve'0 elem}- s2 - | s2 = [ &_0 <- C_Err'0 ([%#s05_binary_search_generic1] (0 : usize)) ] s3 + | s2 = [ &_0 <- C_Err'0 ([%#s05_binary_search_generic1] (0 : UInt64.t)) ] s3 | s3 = bb29 ] - | bb6 = s0 [ s0 = len'0 {arr} (fun (_ret':usize) -> [ &size <- _ret' ] s1) | s1 = bb7 ] - | bb7 = s0 [ s0 = [ &base <- [%#s05_binary_search_generic2] (0 : usize) ] s1 | s1 = bb8 ] + | bb6 = s0 [ s0 = len'0 {arr} (fun (_ret':UInt64.t) -> [ &size <- _ret' ] s1) | s1 = bb7 ] + | bb7 = s0 [ s0 = [ &base <- [%#s05_binary_search_generic2] (0 : UInt64.t) ] s1 | s1 = bb8 ] | bb8 = bb9 | bb9 = bb10 | bb10 = bb10 - [ bb10 = {[@expl:loop invariant #0] [%#s05_binary_search_generic5] 0 < UIntSize.to_int size - /\ UIntSize.to_int size + UIntSize.to_int base <= Seq.length (view'0 arr)} - {[@expl:loop invariant #1] [%#s05_binary_search_generic4] forall i : usize . i < base - -> le_log'0 (Seq.get (deep_model'1 arr) (UIntSize.to_int i)) (deep_model'0 elem)} - {[@expl:loop invariant #2] [%#s05_binary_search_generic3] forall i : usize . UIntSize.to_int base - + UIntSize.to_int size - <= UIntSize.to_int i - /\ UIntSize.to_int i < Seq.length (view'0 arr) - -> lt_log'0 (deep_model'0 elem) (Seq.get (deep_model'1 arr) (UIntSize.to_int i))} + [ bb10 = {[@expl:loop invariant #0] [%#s05_binary_search_generic5] 0 < UInt64.to_uint size + /\ UInt64.to_uint size + UInt64.to_uint base <= Seq.length (view'0 arr)} + {[@expl:loop invariant #1] [%#s05_binary_search_generic4] forall i : UInt64.t . UInt64.ult i base + -> le_log'0 (Seq.get (deep_model'1 arr) (UInt64.to_uint i)) (deep_model'0 elem)} + {[@expl:loop invariant #2] [%#s05_binary_search_generic3] forall i : UInt64.t . UInt64.to_uint base + + UInt64.to_uint size + <= UInt64.to_uint i + /\ UInt64.to_uint i < Seq.length (view'0 arr) + -> lt_log'0 (deep_model'0 elem) (Seq.get (deep_model'1 arr) (UInt64.to_uint i))} (! s0) [ s0 = bb11 ] [ bb11 = s0 - [ s0 = UIntSize.gt {size} {[%#s05_binary_search_generic6] (1 : usize)} + [ s0 = UInt64.gt {size} {[%#s05_binary_search_generic6] (1 : UInt64.t)} (fun (_ret':bool) -> [ &_21 <- _ret' ] s1) | s1 = any [ br0 -> {_21 = false} (! bb19) | br1 -> {_21} (! bb12) ] ] | bb12 = s0 - [ s0 = UIntSize.eq {[%#s05_binary_search_generic7] (2 : usize)} {[%#s05_binary_search_generic8] (0 : usize)} + [ s0 = UInt64.eq + {[%#s05_binary_search_generic8] (2 : UInt64.t)} + {[%#s05_binary_search_generic7] (0 : UInt64.t)} (fun (_ret':bool) -> [ &_25 <- _ret' ] s1) - | s1 = {[@expl:division by zero] [%#s05_binary_search_generic8] not _25} s2 + | s1 = {[@expl:division by zero] [%#s05_binary_search_generic7] not _25} s2 | s2 = bb13 ] | bb13 = s0 - [ s0 = UIntSize.div {size} {[%#s05_binary_search_generic7] (2 : usize)} - (fun (_ret':usize) -> [ &half <- _ret' ] s1) - | s1 = UIntSize.add {base} {half} (fun (_ret':usize) -> [ &mid <- _ret' ] s2) + [ s0 = UInt64.div {size} {[%#s05_binary_search_generic8] (2 : UInt64.t)} + (fun (_ret':UInt64.t) -> [ &half <- _ret' ] s1) + | s1 = UInt64.add {base} {half} (fun (_ret':UInt64.t) -> [ &mid <- _ret' ] s2) | s2 = index'0 {arr} {mid} (fun (_ret':t_T'0) -> [ &_32 <- _ret' ] s3) | s3 = bb14 ] @@ -327,7 +395,7 @@ module M_05_binary_search_generic__binary_search [#"05_binary_search_generic.rs" | bb17 = s0 [ s0 = [ &_29 <- mid ] s1 | s1 = bb18 ] | bb18 = s0 [ s0 = [ &base <- _29 ] s1 - | s1 = UIntSize.sub {size} {half} (fun (_ret':usize) -> [ &size <- _ret' ] s2) + | s1 = UInt64.sub {size} {half} (fun (_ret':UInt64.t) -> [ &size <- _ret' ] s2) | s2 = bb10 ] ] ] @@ -353,8 +421,8 @@ module M_05_binary_search_generic__binary_search [#"05_binary_search_generic.rs" | bb26 = s0 [ s0 = [ &_0 <- C_Ok'0 base ] s1 | s1 = bb28 ] | bb24 = bb27 | bb27 = s0 - [ s0 = UIntSize.add {base} {[%#s05_binary_search_generic9] (1 : usize)} - (fun (_ret':usize) -> [ &_50 <- _ret' ] s1) + [ s0 = UInt64.add {base} {[%#s05_binary_search_generic9] (1 : UInt64.t)} + (fun (_ret':UInt64.t) -> [ &_50 <- _ret' ] s1) | s1 = [ &_0 <- C_Err'0 _50 ] s2 | s2 = bb28 ] @@ -365,29 +433,30 @@ module M_05_binary_search_generic__binary_search [#"05_binary_search_generic.rs" | & arr : t_Vec'0 = arr | & elem : t_T'0 = elem | & _9 : bool = any_l () - | & _10 : usize = any_l () - | & size : usize = any_l () - | & base : usize = any_l () + | & _10 : UInt64.t = any_l () + | & size : UInt64.t = any_l () + | & base : UInt64.t = any_l () | & _21 : bool = any_l () - | & half : usize = any_l () + | & half : UInt64.t = any_l () | & _25 : bool = any_l () - | & mid : usize = any_l () - | & _29 : usize = any_l () + | & mid : UInt64.t = any_l () + | & _29 : UInt64.t = any_l () | & _30 : bool = any_l () | & _32 : t_T'0 = any_l () | & cmp : t_T'0 = any_l () | & _41 : t_T'0 = any_l () | & _44 : t_Ordering'0 = any_l () | & _47 : t_T'0 = any_l () - | & _50 : usize = any_l () ] + | & _50 : UInt64.t = any_l () ] - [ return' (result:t_Result'0)-> {[@expl:binary_search ensures #0] [%#s05_binary_search_generic14] forall x : usize . result - = C_Ok'0 x -> Seq.get (deep_model'1 arr) (UIntSize.to_int x) = deep_model'0 elem} - {[@expl:binary_search ensures #1] [%#s05_binary_search_generic15] forall x : usize . result = C_Err'0 x - -> (forall i : usize . i < x -> le_log'0 (Seq.get (deep_model'1 arr) (UIntSize.to_int i)) (deep_model'0 elem))} - {[@expl:binary_search ensures #2] [%#s05_binary_search_generic16] forall x : usize . result = C_Err'0 x - -> (forall i : usize . x <= i /\ UIntSize.to_int i < Seq.length (view'0 arr) - -> lt_log'0 (deep_model'0 elem) (Seq.get (deep_model'1 arr) (UIntSize.to_int i)))} + [ return' (result:t_Result'0)-> {[@expl:binary_search ensures #0] [%#s05_binary_search_generic14] forall x : UInt64.t . result + = C_Ok'0 x -> Seq.get (deep_model'1 arr) (UInt64.to_uint x) = deep_model'0 elem} + {[@expl:binary_search ensures #1] [%#s05_binary_search_generic15] forall x : UInt64.t . result = C_Err'0 x + -> (forall i : UInt64.t . UInt64.ult i x + -> le_log'0 (Seq.get (deep_model'1 arr) (UInt64.to_uint i)) (deep_model'0 elem))} + {[@expl:binary_search ensures #2] [%#s05_binary_search_generic16] forall x : UInt64.t . result = C_Err'0 x + -> (forall i : UInt64.t . UInt64.ule x i /\ UInt64.to_uint i < Seq.length (view'0 arr) + -> lt_log'0 (deep_model'0 elem) (Seq.get (deep_model'1 arr) (UInt64.to_uint i)))} (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/vector/06_knights_tour.coma b/creusot/tests/should_succeed/vector/06_knights_tour.coma index ff2ae605aa..a4ceabc95b 100644 --- a/creusot/tests/should_succeed/vector/06_knights_tour.coma +++ b/creusot/tests/should_succeed/vector/06_knights_tour.coma @@ -2,15 +2,17 @@ module M_06_knights_tour__qyi50474406909270761__clone [#"06_knights_tour.rs" 4 1 let%span s06_knights_tour0 = "06_knights_tour.rs" 4 15 4 20 let%span sclone1 = "../../../../creusot-contracts/src/std/clone.rs" 7 0 20 1 - use prelude.prelude.IntSize + use prelude.prelude.Int + + use prelude.prelude.Int64 type t_Point'0 = - { t_Point__x'0: isize; t_Point__y'0: isize } + { t_Point__x'0: Int64.t; t_Point__y'0: Int64.t } use prelude.prelude.Borrow - let rec clone'1 (self:isize) (return' (ret:isize))= any - [ return' (result:isize)-> {[%#sclone1] result = self} (! return' {result}) ] + let rec clone'1 (self:Int64.t) (return' (ret:Int64.t))= any + [ return' (result:Int64.t)-> {[%#sclone1] result = self} (! return' {result}) ] use prelude.prelude.Intrinsic @@ -20,22 +22,22 @@ module M_06_knights_tour__qyi50474406909270761__clone [#"06_knights_tour.rs" 4 1 let rec clone'0 (self:t_Point'0) (return' (ret:t_Point'0))= (! bb0 [ bb0 = s0 [ s0 = [ &_5 <- self.t_Point__x'0 ] s1 - | s1 = clone'1 {_5} (fun (_ret':isize) -> [ &_3 <- _ret' ] s2) + | s1 = clone'1 {_5} (fun (_ret':Int64.t) -> [ &_3 <- _ret' ] s2) | s2 = bb1 ] | bb1 = s0 [ s0 = [ &_8 <- self.t_Point__y'0 ] s1 - | s1 = clone'1 {_8} (fun (_ret':isize) -> [ &_6 <- _ret' ] s2) + | s1 = clone'1 {_8} (fun (_ret':Int64.t) -> [ &_6 <- _ret' ] s2) | s2 = bb2 ] | bb2 = s0 [ s0 = [ &_0 <- { t_Point__x'0 = _3; t_Point__y'0 = _6 } ] s1 | s1 = return' {_0} ] ] ) [ & _0 : t_Point'0 = any_l () | & self : t_Point'0 = self - | & _3 : isize = any_l () - | & _5 : isize = any_l () - | & _6 : isize = any_l () - | & _8 : isize = any_l () ] + | & _3 : Int64.t = any_l () + | & _5 : Int64.t = any_l () + | & _6 : Int64.t = any_l () + | & _8 : Int64.t = any_l () ] [ return' (result:t_Point'0)-> {[@expl:clone ensures] [%#s06_knights_tour0] result = self} (! return' {result}) ] end module M_06_knights_tour__qyi18370800917002056__mov [#"06_knights_tour.rs" 18 4 18 45] (* Point *) @@ -46,48 +48,48 @@ module M_06_knights_tour__qyi18370800917002056__mov [#"06_knights_tour.rs" 18 4 let%span s06_knights_tour4 = "06_knights_tour.rs" 16 14 16 41 let%span s06_knights_tour5 = "06_knights_tour.rs" 17 14 17 41 - use prelude.prelude.IntSize + use prelude.prelude.Int64 + + use prelude.prelude.Int type t_Point'0 = - { t_Point__x'0: isize; t_Point__y'0: isize } + { t_Point__x'0: Int64.t; t_Point__y'0: Int64.t } use prelude.prelude.Intrinsic use prelude.prelude.Borrow - use prelude.prelude.IntSize - - use prelude.prelude.Int + use prelude.prelude.Int64 meta "compute_max_steps" 1000000 - let rec mov'0 (self:t_Point'0) (p:(isize, isize)) (return' (ret:t_Point'0))= {[@expl:mov requires #0] [%#s06_knights_tour0] - 10000 - <= IntSize.to_int self.t_Point__x'0 - /\ IntSize.to_int self.t_Point__x'0 <= 10000} - {[@expl:mov requires #1] [%#s06_knights_tour1] - 10000 <= IntSize.to_int self.t_Point__y'0 - /\ IntSize.to_int self.t_Point__y'0 <= 10000} - {[@expl:mov requires #2] [%#s06_knights_tour2] - 10000 <= IntSize.to_int (let (a, _) = p in a) - /\ IntSize.to_int (let (a, _) = p in a) <= 10000} - {[@expl:mov requires #3] [%#s06_knights_tour3] - 10000 <= IntSize.to_int (let (_, a) = p in a) - /\ IntSize.to_int (let (_, a) = p in a) <= 10000} + let rec mov'0 (self:t_Point'0) (p:(Int64.t, Int64.t)) (return' (ret:t_Point'0))= {[@expl:mov requires #0] [%#s06_knights_tour0] - 10000 + <= Int64.to_int self.t_Point__x'0 + /\ Int64.to_int self.t_Point__x'0 <= 10000} + {[@expl:mov requires #1] [%#s06_knights_tour1] - 10000 <= Int64.to_int self.t_Point__y'0 + /\ Int64.to_int self.t_Point__y'0 <= 10000} + {[@expl:mov requires #2] [%#s06_knights_tour2] - 10000 <= Int64.to_int (let (a, _) = p in a) + /\ Int64.to_int (let (a, _) = p in a) <= 10000} + {[@expl:mov requires #3] [%#s06_knights_tour3] - 10000 <= Int64.to_int (let (_, a) = p in a) + /\ Int64.to_int (let (_, a) = p in a) <= 10000} (! bb0 [ bb0 = s0 - [ s0 = IntSize.add {self.t_Point__x'0} {let (r'0, _) = p in r'0} (fun (_ret':isize) -> [ &_9 <- _ret' ] s1) - | s1 = IntSize.add {self.t_Point__y'0} {let (_, r'1) = p in r'1} (fun (_ret':isize) -> [ &_12 <- _ret' ] s2) + [ s0 = Int64.add {self.t_Point__x'0} {let (r'0, _) = p in r'0} (fun (_ret':Int64.t) -> [ &_9 <- _ret' ] s1) + | s1 = Int64.add {self.t_Point__y'0} {let (_, r'1) = p in r'1} (fun (_ret':Int64.t) -> [ &_12 <- _ret' ] s2) | s2 = [ &_0 <- { t_Point__x'0 = _9; t_Point__y'0 = _12 } ] s3 | s3 = return' {_0} ] ] ) [ & _0 : t_Point'0 = any_l () | & self : t_Point'0 = self - | & p : (isize, isize) = p - | & _9 : isize = any_l () - | & _12 : isize = any_l () ] + | & p : (Int64.t, Int64.t) = p + | & _9 : Int64.t = any_l () + | & _12 : Int64.t = any_l () ] - [ return' (result:t_Point'0)-> {[@expl:mov ensures #0] [%#s06_knights_tour4] IntSize.to_int result.t_Point__x'0 - = IntSize.to_int self.t_Point__x'0 + IntSize.to_int (let (a, _) = p in a)} - {[@expl:mov ensures #1] [%#s06_knights_tour5] IntSize.to_int result.t_Point__y'0 - = IntSize.to_int self.t_Point__y'0 + IntSize.to_int (let (_, a) = p in a)} + [ return' (result:t_Point'0)-> {[@expl:mov ensures #0] [%#s06_knights_tour4] Int64.to_int result.t_Point__x'0 + = Int64.to_int self.t_Point__x'0 + Int64.to_int (let (a, _) = p in a)} + {[@expl:mov ensures #1] [%#s06_knights_tour5] Int64.to_int result.t_Point__y'0 + = Int64.to_int self.t_Point__y'0 + Int64.to_int (let (_, a) = p in a)} (! return' {result}) ] end @@ -133,7 +135,7 @@ module M_06_knights_tour__qyi4580598960913230815__new [#"06_knights_tour.rs" 40 let%span sops38 = "../../../../creusot-contracts/src/std/ops.rs" 117 15 117 26 let%span sops39 = "../../../../creusot-contracts/src/std/ops.rs" 118 14 118 28 let%span sops40 = "../../../../creusot-contracts/src/std/ops.rs" 123 14 124 105 - let%span snum41 = "../../../../creusot-contracts/src/std/num.rs" 21 28 21 33 + let%span snum41 = "../../../../creusot-contracts/src/std/num.rs" 52 28 52 33 let%span srange42 = "../../../../creusot-contracts/src/std/iter/range.rs" 15 12 15 78 let%span smap_inv43 = "../../../../creusot-contracts/src/std/iter/map_inv.rs" 123 12 125 63 let%span smap_inv44 = "../../../../creusot-contracts/src/std/iter/map_inv.rs" 62 8 62 50 @@ -147,15 +149,17 @@ module M_06_knights_tour__qyi4580598960913230815__new [#"06_knights_tour.rs" 40 let%span smap_inv52 = "../../../../creusot-contracts/src/std/iter/map_inv.rs" 34 14 34 42 let%span sinvariant53 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 type t_Range'0 = - { t_Range__start'0: usize; t_Range__end'0: usize } + { t_Range__start'0: UInt64.t; t_Range__end'0: UInt64.t } use prelude.prelude.Borrow type closure3'1 = - { field_0'0: usize } + { field_0'0: UInt64.t } predicate resolve'2 (self : borrowed closure3'1) = [%#sresolve33] self.final = self.current @@ -163,9 +167,9 @@ module M_06_knights_tour__qyi4580598960913230815__new [#"06_knights_tour.rs" 40 predicate resolve'0 (_1 : borrowed closure3'1) = resolve'2 _1 - predicate inv'2 (_1 : usize) + predicate inv'2 (_1 : UInt64.t) - axiom inv_axiom'2 [@rewrite] : forall x : usize [inv'2 x] . inv'2 x = true + axiom inv_axiom'2 [@rewrite] : forall x : UInt64.t [inv'2 x] . inv'2 x = true use prelude.prelude.Opaque @@ -176,13 +180,13 @@ module M_06_knights_tour__qyi4580598960913230815__new [#"06_knights_tour.rs" 40 { t_Unique__pointer'1: t_NonNull'1; t_Unique__qy95zmarker'1: () } type t_Cap'0 = - { t_Cap__0'0: usize } + { t_Cap__0'0: UInt64.t } type t_RawVec'1 = { t_RawVec__ptr'1: t_Unique'1; t_RawVec__cap'1: t_Cap'0; t_RawVec__alloc'1: () } type t_Vec'1 = - { t_Vec__buf'1: t_RawVec'1; t_Vec__len'1: usize } + { t_Vec__buf'1: t_RawVec'1; t_Vec__len'1: UInt64.t } predicate inv'7 (_1 : t_Vec'1) @@ -190,28 +194,26 @@ module M_06_knights_tour__qyi4580598960913230815__new [#"06_knights_tour.rs" 40 use seq.Seq - constant v_MAX'0 : usize = (18446744073709551615 : usize) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.UIntSize - - use prelude.prelude.Int + use prelude.prelude.UInt64 use seq.Seq - function view'0 (self : t_Vec'1) : Seq.seq usize + function view'0 (self : t_Vec'1) : Seq.seq UInt64.t - axiom view'0_spec : forall self : t_Vec'1 . [%#svec17] Seq.length (view'0 self) <= UIntSize.to_int (v_MAX'0 : usize) + axiom view'0_spec : forall self : t_Vec'1 . [%#svec17] Seq.length (view'0 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) use seq.Seq - function index_logic'1 [@inline:trivial] (self : t_Vec'1) (ix : int) : usize = + function index_logic'1 [@inline:trivial] (self : t_Vec'1) (ix : int) : UInt64.t = [%#sops32] Seq.get (view'0 self) ix - let rec from_elem'0 (elem:usize) (n:usize) (return' (ret:t_Vec'1))= {[@expl:from_elem 'elem' type invariant] inv'2 elem} + let rec from_elem'0 (elem:UInt64.t) (n:UInt64.t) (return' (ret:t_Vec'1))= {[@expl:from_elem 'elem' type invariant] inv'2 elem} any [ return' (result:t_Vec'1)-> {inv'7 result} - {[%#svec15] Seq.length (view'0 result) = UIntSize.to_int n} - {[%#svec16] forall i : int . 0 <= i /\ i < UIntSize.to_int n -> index_logic'1 result i = elem} + {[%#svec15] Seq.length (view'0 result) = UInt64.to_uint n} + {[%#svec16] forall i : int . 0 <= i /\ i < UInt64.to_uint n -> index_logic'1 result i = elem} (! return' {result}) ] @@ -219,10 +221,10 @@ module M_06_knights_tour__qyi4580598960913230815__new [#"06_knights_tour.rs" 40 use prelude.prelude.Snapshot - predicate postcondition_once'0 (self : closure3'1) (args : (usize, Snapshot.snap_ty (Seq.seq usize))) (result : t_Vec'1) + predicate postcondition_once'0 (self : closure3'1) (args : (UInt64.t, Snapshot.snap_ty (Seq.seq UInt64.t))) (result : t_Vec'1) = - [%#s06_knights_tour5] let (_2, _3) = args in Seq.length (view'0 result) = UIntSize.to_int self.field_0'0 + [%#s06_knights_tour5] let (_2, _3) = args in Seq.length (view'0 result) = UInt64.to_uint self.field_0'0 predicate resolve'4 (_1 : closure3'1) = true @@ -230,15 +232,16 @@ module M_06_knights_tour__qyi4580598960913230815__new [#"06_knights_tour.rs" 40 predicate unnest'0 (self : closure3'1) (_2 : closure3'1) = _2.field_0'0 = self.field_0'0 - predicate postcondition_mut'0 (self : closure3'1) (args : (usize, Snapshot.snap_ty (Seq.seq usize))) (result_state : closure3'1) (result : t_Vec'1) + predicate postcondition_mut'0 (self : closure3'1) (args : (UInt64.t, Snapshot.snap_ty (Seq.seq UInt64.t))) (result_state : closure3'1) (result : t_Vec'1) = - (let (_2, _3) = args in Seq.length (view'0 result) = UIntSize.to_int result_state.field_0'0) + (let (_2, _3) = args in Seq.length (view'0 result) = UInt64.to_uint result_state.field_0'0) /\ unnest'0 self result_state - function fn_mut_once'0 (self : closure3'1) (args : (usize, Snapshot.snap_ty (Seq.seq usize))) (res : t_Vec'1) : () + function fn_mut_once'0 (self : closure3'1) (args : (UInt64.t, Snapshot.snap_ty (Seq.seq UInt64.t))) (res : t_Vec'1) : () + - axiom fn_mut_once'0_spec : forall self : closure3'1, args : (usize, Snapshot.snap_ty (Seq.seq usize)), res : t_Vec'1 . [%#sops40] postcondition_once'0 self args res + axiom fn_mut_once'0_spec : forall self : closure3'1, args : (UInt64.t, Snapshot.snap_ty (Seq.seq UInt64.t)), res : t_Vec'1 . [%#sops40] postcondition_once'0 self args res = (exists res_state : closure3'1 . postcondition_mut'0 self args res_state res /\ resolve'4 res_state) function unnest_trans'0 (self : closure3'1) (b : closure3'1) (c : closure3'1) : () @@ -250,16 +253,16 @@ module M_06_knights_tour__qyi4580598960913230815__new [#"06_knights_tour.rs" 40 axiom unnest_refl'0_spec : forall self : closure3'1 . [%#sops36] unnest'0 self self - function postcondition_mut_unnest'0 (self : closure3'1) (args : (usize, Snapshot.snap_ty (Seq.seq usize))) (res_state : closure3'1) (res : t_Vec'1) : () + function postcondition_mut_unnest'0 (self : closure3'1) (args : (UInt64.t, Snapshot.snap_ty (Seq.seq UInt64.t))) (res_state : closure3'1) (res : t_Vec'1) : () - axiom postcondition_mut_unnest'0_spec : forall self : closure3'1, args : (usize, Snapshot.snap_ty (Seq.seq usize)), res_state : closure3'1, res : t_Vec'1 . ([%#sops34] postcondition_mut'0 self args res_state res) + axiom postcondition_mut_unnest'0_spec : forall self : closure3'1, args : (UInt64.t, Snapshot.snap_ty (Seq.seq UInt64.t)), res_state : closure3'1, res : t_Vec'1 . ([%#sops34] postcondition_mut'0 self args res_state res) -> ([%#sops35] unnest'0 self res_state) - let rec closure3'0 (_1:borrowed closure3'1) (_2:usize) (_3:Snapshot.snap_ty (Seq.seq usize)) (return' (ret:t_Vec'1))= (! bb0 + let rec closure3'0 (_1:borrowed closure3'1) (_2:UInt64.t) (_3:Snapshot.snap_ty (Seq.seq UInt64.t)) (return' (ret:t_Vec'1))= (! bb0 [ bb0 = s0 [ s0 = -{resolve'0 _1}- s1 - | s1 = from_elem'0 {[%#s06_knights_tour4] (0 : usize)} {(_1.current).field_0'0} + | s1 = from_elem'0 {[%#s06_knights_tour4] (0 : UInt64.t)} {(_1.current).field_0'0} (fun (_ret':t_Vec'1) -> [ &res <- _ret' ] s2) | s2 = bb1 ] @@ -268,7 +271,7 @@ module M_06_knights_tour__qyi4580598960913230815__new [#"06_knights_tour.rs" 40 | bb3 = return' {_0} ] ) [ & _0 : t_Vec'1 = any_l () | & _1 : borrowed closure3'1 = _1 | & res : t_Vec'1 = any_l () ] [ return' (result:t_Vec'1)-> {[@expl:closure ensures] [%#s06_knights_tour5] Seq.length (view'0 result) - = UIntSize.to_int (_1.final).field_0'0} + = UInt64.to_uint (_1.final).field_0'0} {[@expl:closure unnest] unnest'0 _1.current _1.final} (! return' {result}) ] @@ -281,10 +284,10 @@ module M_06_knights_tour__qyi4580598960913230815__new [#"06_knights_tour.rs" 40 use seq.Seq - function deep_model'0 (self : usize) : int = - [%#snum41] UIntSize.to_int self + function deep_model'0 (self : UInt64.t) : int = + [%#snum41] UInt64.to_uint self - predicate produces'0 (self : t_Range'0) (visited : Seq.seq usize) (o : t_Range'0) = + predicate produces'0 (self : t_Range'0) (visited : Seq.seq UInt64.t) (o : t_Range'0) = [%#srange26] self.t_Range__end'0 = o.t_Range__end'0 /\ deep_model'0 self.t_Range__start'0 <= deep_model'0 o.t_Range__start'0 /\ (Seq.length visited > 0 -> deep_model'0 o.t_Range__start'0 <= deep_model'0 o.t_Range__end'0) @@ -292,10 +295,10 @@ module M_06_knights_tour__qyi4580598960913230815__new [#"06_knights_tour.rs" 40 /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> deep_model'0 (Seq.get visited i) = deep_model'0 self.t_Range__start'0 + i) - function produces_trans'1 (a : t_Range'0) (ab : Seq.seq usize) (b : t_Range'0) (bc : Seq.seq usize) (c : t_Range'0) : () + function produces_trans'1 (a : t_Range'0) (ab : Seq.seq UInt64.t) (b : t_Range'0) (bc : Seq.seq UInt64.t) (c : t_Range'0) : () - axiom produces_trans'1_spec : forall a : t_Range'0, ab : Seq.seq usize, b : t_Range'0, bc : Seq.seq usize, c : t_Range'0 . ([%#srange20] inv'0 a) + axiom produces_trans'1_spec : forall a : t_Range'0, ab : Seq.seq UInt64.t, b : t_Range'0, bc : Seq.seq UInt64.t, c : t_Range'0 . ([%#srange20] inv'0 a) -> ([%#srange21] inv'0 b) -> ([%#srange22] inv'0 c) -> ([%#srange23] produces'0 a ab b) @@ -304,12 +307,12 @@ module M_06_knights_tour__qyi4580598960913230815__new [#"06_knights_tour.rs" 40 function produces_refl'1 (self : t_Range'0) : () axiom produces_refl'1_spec : forall self : t_Range'0 . ([%#srange18] inv'0 self) - -> ([%#srange19] produces'0 self (Seq.empty : Seq.seq usize) self) + -> ([%#srange19] produces'0 self (Seq.empty : Seq.seq UInt64.t) self) - function produces_trans'0 (a : t_Range'0) (ab : Seq.seq usize) (b : t_Range'0) (bc : Seq.seq usize) (c : t_Range'0) : () + function produces_trans'0 (a : t_Range'0) (ab : Seq.seq UInt64.t) (b : t_Range'0) (bc : Seq.seq UInt64.t) (c : t_Range'0) : () - axiom produces_trans'0_spec : forall a : t_Range'0, ab : Seq.seq usize, b : t_Range'0, bc : Seq.seq usize, c : t_Range'0 . ([%#srange20] inv'0 a) + axiom produces_trans'0_spec : forall a : t_Range'0, ab : Seq.seq UInt64.t, b : t_Range'0, bc : Seq.seq UInt64.t, c : t_Range'0 . ([%#srange20] inv'0 a) -> ([%#srange21] inv'0 b) -> ([%#srange22] inv'0 c) -> ([%#srange23] produces'0 a ab b) @@ -318,7 +321,7 @@ module M_06_knights_tour__qyi4580598960913230815__new [#"06_knights_tour.rs" 40 function produces_refl'0 (self : t_Range'0) : () axiom produces_refl'0_spec : forall self : t_Range'0 . ([%#srange18] inv'0 self) - -> ([%#srange19] produces'0 self (Seq.empty : Seq.seq usize) self) + -> ([%#srange19] produces'0 self (Seq.empty : Seq.seq UInt64.t) self) predicate inv'1 (_1 : closure3'1) @@ -328,7 +331,7 @@ module M_06_knights_tour__qyi4580598960913230815__new [#"06_knights_tour.rs" 40 use prelude.prelude.Snapshot - predicate precondition'0 (self : closure3'1) (args : (usize, Snapshot.snap_ty (Seq.seq usize))) = + predicate precondition'0 (self : closure3'1) (args : (UInt64.t, Snapshot.snap_ty (Seq.seq UInt64.t))) = let (_2, _3) = args in true predicate inv'8 (_1 : borrowed (t_Range'0)) @@ -342,13 +345,13 @@ module M_06_knights_tour__qyi4580598960913230815__new [#"06_knights_tour.rs" 40 [%#srange42] resolve'5 self /\ deep_model'0 (self.current).t_Range__start'0 >= deep_model'0 (self.current).t_Range__end'0 - predicate next_precondition'0 (iter : t_Range'0) (func : closure3'1) (produced : Seq.seq usize) = - [%#smap_inv43] forall e : usize, i : t_Range'0 . inv'2 e /\ inv'0 i /\ produces'0 iter (Seq.singleton e) i + predicate next_precondition'0 (iter : t_Range'0) (func : closure3'1) (produced : Seq.seq UInt64.t) = + [%#smap_inv43] forall e : UInt64.t, i : t_Range'0 . inv'2 e /\ inv'0 i /\ produces'0 iter (Seq.singleton e) i -> precondition'0 func (e, Snapshot.new produced) - predicate inv'9 (_1 : Seq.seq usize) + predicate inv'9 (_1 : Seq.seq UInt64.t) - axiom inv_axiom'9 [@rewrite] : forall x : Seq.seq usize [inv'9 x] . inv'9 x = true + axiom inv_axiom'9 [@rewrite] : forall x : Seq.seq UInt64.t [inv'9 x] . inv'9 x = true predicate inv'10 (_1 : borrowed closure3'1) @@ -357,7 +360,7 @@ module M_06_knights_tour__qyi4580598960913230815__new [#"06_knights_tour.rs" 40 use seq.Seq predicate preservation'0 (iter : t_Range'0) (func : closure3'1) = - [%#smap_inv28] forall s : Seq.seq usize, e1 : usize, e2 : usize, f : borrowed closure3'1, b : t_Vec'1, i : t_Range'0 . inv'9 s + [%#smap_inv28] forall s : Seq.seq UInt64.t, e1 : UInt64.t, e2 : UInt64.t, f : borrowed closure3'1, b : t_Vec'1, i : t_Range'0 . inv'9 s /\ inv'2 e1 /\ inv'2 e2 /\ inv'10 f /\ inv'7 b /\ inv'0 i /\ unnest'0 func f.current -> produces'0 iter (Seq.snoc (Seq.snoc s e1) e2) i -> precondition'0 f.current (e1, Snapshot.new s) @@ -367,12 +370,12 @@ module M_06_knights_tour__qyi4580598960913230815__new [#"06_knights_tour.rs" 40 predicate reinitialize'0 (_1 : ()) = [%#smap_inv27] forall iter : borrowed (t_Range'0), func : closure3'1 . inv'8 iter /\ inv'1 func -> completed'1 iter - -> next_precondition'0 iter.final func (Seq.empty : Seq.seq usize) /\ preservation'0 iter.final func + -> next_precondition'0 iter.final func (Seq.empty : Seq.seq UInt64.t) /\ preservation'0 iter.final func type t_MapInv'0 = { t_MapInv__iter'0: t_Range'0; t_MapInv__func'0: closure3'1; - t_MapInv__produced'0: Snapshot.snap_ty (Seq.seq usize) } + t_MapInv__produced'0: Snapshot.snap_ty (Seq.seq UInt64.t) } predicate invariant'0 (self : t_MapInv'0) @@ -386,8 +389,8 @@ module M_06_knights_tour__qyi4580598960913230815__new [#"06_knights_tour.rs" 40 let rec map_inv'0 (self:t_Range'0) (func:closure3'1) (return' (ret:t_MapInv'0))= {[@expl:map_inv 'self' type invariant] [%#siter6] inv'0 self} {[@expl:map_inv 'func' type invariant] [%#siter7] inv'1 func} - {[@expl:map_inv requires #0] [%#siter8] forall e : usize, i2 : t_Range'0 . inv'2 e /\ inv'0 i2 - -> produces'0 self (Seq.singleton e) i2 -> precondition'0 func (e, Snapshot.new (Seq.empty : Seq.seq usize))} + {[@expl:map_inv requires #0] [%#siter8] forall e : UInt64.t, i2 : t_Range'0 . inv'2 e /\ inv'0 i2 + -> produces'0 self (Seq.singleton e) i2 -> precondition'0 func (e, Snapshot.new (Seq.empty : Seq.seq UInt64.t))} {[@expl:map_inv requires #1] [%#siter9] reinitialize'0 ()} {[@expl:map_inv requires #2] [%#siter10] preservation'0 self func} any @@ -395,7 +398,7 @@ module M_06_knights_tour__qyi4580598960913230815__new [#"06_knights_tour.rs" 40 {[%#siter12] result = { t_MapInv__iter'0 = self; t_MapInv__func'0 = func; - t_MapInv__produced'0 = Snapshot.new (Seq.empty : Seq.seq usize) }} + t_MapInv__produced'0 = Snapshot.new (Seq.empty : Seq.seq UInt64.t) }} (! return' {result}) ] @@ -409,7 +412,7 @@ module M_06_knights_tour__qyi4580598960913230815__new [#"06_knights_tour.rs" 40 { t_RawVec__ptr'0: t_Unique'0; t_RawVec__cap'0: t_Cap'0; t_RawVec__alloc'0: () } type t_Vec'0 = - { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: usize } + { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: UInt64.t } predicate inv'4 (_1 : t_Vec'0) @@ -465,7 +468,7 @@ module M_06_knights_tour__qyi4580598960913230815__new [#"06_knights_tour.rs" 40 [%#smap_inv30] unnest'0 self.t_MapInv__func'0 succ.t_MapInv__func'0 /\ (exists fs : Seq.seq (borrowed closure3'1) . inv'11 fs /\ Seq.length fs = Seq.length visited - /\ (exists s : Seq.seq usize . inv'9 s + /\ (exists s : Seq.seq UInt64.t . inv'9 s /\ Seq.length s = Seq.length visited /\ produces'0 self.t_MapInv__iter'0 s succ.t_MapInv__iter'0 /\ Snapshot.inner succ.t_MapInv__produced'0 = Seq.(++) (Snapshot.inner self.t_MapInv__produced'0) s @@ -496,13 +499,13 @@ module M_06_knights_tour__qyi4580598960913230815__new [#"06_knights_tour.rs" 40 -> ([%#smap_inv46] produces'1 self (Seq.empty : Seq.seq (t_Vec'1)) self) predicate completed'0 (self : borrowed (t_MapInv'0)) = - [%#smap_inv29] Snapshot.inner (self.final).t_MapInv__produced'0 = (Seq.empty : Seq.seq usize) + [%#smap_inv29] Snapshot.inner (self.final).t_MapInv__produced'0 = (Seq.empty : Seq.seq UInt64.t) /\ completed'1 (Borrow.borrow_logic (self.current).t_MapInv__iter'0 (self.final).t_MapInv__iter'0 (Borrow.inherit_id (Borrow.get_id self) 1)) /\ (self.current).t_MapInv__func'0 = (self.final).t_MapInv__func'0 function view'1 (self : t_Vec'0) : Seq.seq (t_Vec'1) - axiom view'1_spec : forall self : t_Vec'0 . [%#svec17] Seq.length (view'1 self) <= UIntSize.to_int (v_MAX'0 : usize) + axiom view'1_spec : forall self : t_Vec'0 . [%#svec17] Seq.length (view'1 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) predicate from_iter_post'0 (prod : Seq.seq (t_Vec'1)) (res : t_Vec'0) = [%#svec31] prod = view'1 res @@ -518,24 +521,24 @@ module M_06_knights_tour__qyi4580598960913230815__new [#"06_knights_tour.rs" 40 type t_Board'0 = - { t_Board__size'0: usize; t_Board__field'0: t_Vec'0 } + { t_Board__size'0: UInt64.t; t_Board__field'0: t_Vec'0 } function index_logic'0 [@inline:trivial] (self : t_Vec'0) (ix : int) : t_Vec'1 = [%#sops32] Seq.get (view'1 self) ix predicate wf'0 [#"06_knights_tour.rs" 30 4 30 23] (self : t_Board'0) = - [%#s06_knights_tour14] UIntSize.to_int self.t_Board__size'0 <= 1000 - /\ Seq.length (view'1 self.t_Board__field'0) = UIntSize.to_int self.t_Board__size'0 - /\ (forall i : int . 0 <= i /\ i < UIntSize.to_int self.t_Board__size'0 - -> Seq.length (view'0 (index_logic'0 self.t_Board__field'0 i)) = UIntSize.to_int self.t_Board__size'0) + [%#s06_knights_tour14] UInt64.to_uint self.t_Board__size'0 <= 1000 + /\ Seq.length (view'1 self.t_Board__field'0) = UInt64.to_uint self.t_Board__size'0 + /\ (forall i : int . 0 <= i /\ i < UInt64.to_uint self.t_Board__size'0 + -> Seq.length (view'0 (index_logic'0 self.t_Board__field'0 i)) = UInt64.to_uint self.t_Board__size'0) meta "compute_max_steps" 1000000 - let rec new'0 (size:usize) (return' (ret:t_Board'0))= {[@expl:new requires] [%#s06_knights_tour1] UIntSize.to_int size + let rec new'0 (size:UInt64.t) (return' (ret:t_Board'0))= {[@expl:new requires] [%#s06_knights_tour1] UInt64.to_uint size <= 1000} (! bb0 [ bb0 = s0 - [ s0 = [ &_7 <- { t_Range__start'0 = ([%#s06_knights_tour0] (0 : usize)); t_Range__end'0 = size } ] s1 + [ s0 = [ &_7 <- { t_Range__start'0 = ([%#s06_knights_tour0] (0 : UInt64.t)); t_Range__end'0 = size } ] s1 | s1 = [ &_9 <- { field_0'0 = size } ] s2 | s2 = map_inv'0 {_7} {_9} (fun (_ret':t_MapInv'0) -> [ &_6 <- _ret' ] s3) | s3 = bb1 ] @@ -546,7 +549,7 @@ module M_06_knights_tour__qyi4580598960913230815__new [#"06_knights_tour.rs" 40 | bb4 = return' {_0} ] ) [ & _0 : t_Board'0 = any_l () - | & size : usize = size + | & size : UInt64.t = size | & rows : t_Vec'0 = any_l () | & _6 : t_MapInv'0 = any_l () | & _7 : t_Range'0 = any_l () @@ -569,17 +572,19 @@ module M_06_knights_tour__qyi4580598960913230815__available [#"06_knights_tour.r let%span s06_knights_tour8 = "06_knights_tour.rs" 32 12 34 93 let%span s06_knights_tour9 = "06_knights_tour.rs" 63 12 63 75 let%span smodel10 = "../../../../creusot-contracts/src/model.rs" 88 8 88 22 - let%span sslice11 = "../../../../creusot-contracts/src/std/slice.rs" 122 20 122 37 - let%span sslice12 = "../../../../creusot-contracts/src/std/slice.rs" 129 20 129 37 + let%span sslice11 = "../../../../creusot-contracts/src/std/slice.rs" 140 20 140 37 + let%span sslice12 = "../../../../creusot-contracts/src/std/slice.rs" 147 20 147 37 let%span svec13 = "../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 let%span sops14 = "../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 - use prelude.prelude.IntSize + use prelude.prelude.Int64 + + use prelude.prelude.Int type t_Point'0 = - { t_Point__x'0: isize; t_Point__y'0: isize } + { t_Point__x'0: Int64.t; t_Point__y'0: Int64.t } - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 use prelude.prelude.Opaque @@ -590,16 +595,16 @@ module M_06_knights_tour__qyi4580598960913230815__available [#"06_knights_tour.r { t_Unique__pointer'1: t_NonNull'1; t_Unique__qy95zmarker'1: () } type t_Cap'0 = - { t_Cap__0'0: usize } + { t_Cap__0'0: UInt64.t } type t_RawVec'1 = { t_RawVec__ptr'1: t_Unique'1; t_RawVec__cap'1: t_Cap'0; t_RawVec__alloc'1: () } type t_Vec'1 = - { t_Vec__buf'1: t_RawVec'1; t_Vec__len'1: usize } + { t_Vec__buf'1: t_RawVec'1; t_Vec__len'1: UInt64.t } type t_Board'0 = - { t_Board__size'0: usize; t_Board__field'0: t_Vec'1 } + { t_Board__size'0: UInt64.t; t_Board__field'0: t_Vec'1 } use prelude.prelude.Borrow @@ -607,9 +612,9 @@ module M_06_knights_tour__qyi4580598960913230815__available [#"06_knights_tour.r axiom inv_axiom'0 [@rewrite] : forall x : t_Vec'1 [inv'0 x] . inv'0 x = true - predicate inv'1 (_1 : usize) + predicate inv'1 (_1 : UInt64.t) - axiom inv_axiom'1 [@rewrite] : forall x : usize [inv'1 x] . inv'1 x = true + axiom inv_axiom'1 [@rewrite] : forall x : UInt64.t [inv'1 x] . inv'1 x = true type t_NonNull'0 = { t_NonNull__pointer'0: opaque_ptr } @@ -621,27 +626,25 @@ module M_06_knights_tour__qyi4580598960913230815__available [#"06_knights_tour.r { t_RawVec__ptr'0: t_Unique'0; t_RawVec__cap'0: t_Cap'0; t_RawVec__alloc'0: () } type t_Vec'0 = - { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: usize } + { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: UInt64.t } use seq.Seq use seq.Seq - constant v_MAX'0 : usize = (18446744073709551615 : usize) - - use prelude.prelude.UIntSize + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.Int + use prelude.prelude.UInt64 function view'2 (self : t_Vec'1) : Seq.seq (t_Vec'0) - axiom view'2_spec : forall self : t_Vec'1 . [%#svec13] Seq.length (view'2 self) <= UIntSize.to_int (v_MAX'0 : usize) + axiom view'2_spec : forall self : t_Vec'1 . [%#svec13] Seq.length (view'2 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) function view'0 (self : t_Vec'1) : Seq.seq (t_Vec'0) = [%#smodel10] view'2 self - predicate in_bounds'1 [@inline:trivial] (self : usize) (seq : Seq.seq (t_Vec'0)) = - [%#sslice11] UIntSize.to_int self < Seq.length seq + predicate in_bounds'1 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq (t_Vec'0)) = + [%#sslice11] UInt64.to_uint self < Seq.length seq predicate inv'2 (_1 : t_Vec'0) @@ -649,10 +652,10 @@ module M_06_knights_tour__qyi4580598960913230815__available [#"06_knights_tour.r use seq.Seq - predicate has_value'0 [@inline:trivial] (self : usize) (seq : Seq.seq (t_Vec'0)) (out : t_Vec'0) = - [%#sslice12] Seq.get seq (UIntSize.to_int self) = out + predicate has_value'0 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq (t_Vec'0)) (out : t_Vec'0) = + [%#sslice12] Seq.get seq (UInt64.to_uint self) = out - let rec index'0 (self:t_Vec'1) (index:usize) (return' (ret:t_Vec'0))= {[@expl:index 'self' type invariant] inv'0 self} + let rec index'0 (self:t_Vec'1) (index:UInt64.t) (return' (ret:t_Vec'0))= {[@expl:index 'self' type invariant] inv'0 self} {[@expl:index 'index' type invariant] inv'1 index} {[@expl:index requires] [%#svec6] in_bounds'1 index (view'0 self)} any @@ -665,30 +668,32 @@ module M_06_knights_tour__qyi4580598960913230815__available [#"06_knights_tour.r use seq.Seq - function view'3 (self : t_Vec'0) : Seq.seq usize + function view'3 (self : t_Vec'0) : Seq.seq UInt64.t - axiom view'3_spec : forall self : t_Vec'0 . [%#svec13] Seq.length (view'3 self) <= UIntSize.to_int (v_MAX'0 : usize) + axiom view'3_spec : forall self : t_Vec'0 . [%#svec13] Seq.length (view'3 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) - function view'1 (self : t_Vec'0) : Seq.seq usize = + function view'1 (self : t_Vec'0) : Seq.seq UInt64.t = [%#smodel10] view'3 self - predicate in_bounds'2 [@inline:trivial] (self : usize) (seq : Seq.seq usize) = - [%#sslice11] UIntSize.to_int self < Seq.length seq + predicate in_bounds'2 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq UInt64.t) = + [%#sslice11] UInt64.to_uint self < Seq.length seq - predicate inv'3 (_1 : usize) + predicate inv'3 (_1 : UInt64.t) - axiom inv_axiom'3 [@rewrite] : forall x : usize [inv'3 x] . inv'3 x = true + axiom inv_axiom'3 [@rewrite] : forall x : UInt64.t [inv'3 x] . inv'3 x = true use seq.Seq - predicate has_value'1 [@inline:trivial] (self : usize) (seq : Seq.seq usize) (out : usize) = - [%#sslice12] Seq.get seq (UIntSize.to_int self) = out + predicate has_value'1 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq UInt64.t) (out : UInt64.t) = + [%#sslice12] Seq.get seq (UInt64.to_uint self) = out - let rec index'1 (self:t_Vec'0) (index:usize) (return' (ret:usize))= {[@expl:index 'self' type invariant] inv'2 self} + let rec index'1 (self:t_Vec'0) (index:UInt64.t) (return' (ret:UInt64.t))= {[@expl:index 'self' type invariant] inv'2 self} {[@expl:index 'index' type invariant] inv'1 index} {[@expl:index requires] [%#svec6] in_bounds'2 index (view'1 self)} any - [ return' (result:usize)-> {inv'3 result} {[%#svec7] has_value'1 index (view'1 self) result} (! return' {result}) ] + [ return' (result:UInt64.t)-> {inv'3 result} + {[%#svec7] has_value'1 index (view'1 self) result} + (! return' {result}) ] use prelude.prelude.Intrinsic @@ -697,52 +702,56 @@ module M_06_knights_tour__qyi4580598960913230815__available [#"06_knights_tour.r [%#sops14] Seq.get (view'2 self) ix predicate wf'0 [#"06_knights_tour.rs" 30 4 30 23] (self : t_Board'0) = - [%#s06_knights_tour8] UIntSize.to_int self.t_Board__size'0 <= 1000 - /\ Seq.length (view'2 self.t_Board__field'0) = UIntSize.to_int self.t_Board__size'0 - /\ (forall i : int . 0 <= i /\ i < UIntSize.to_int self.t_Board__size'0 - -> Seq.length (view'3 (index_logic'0 self.t_Board__field'0 i)) = UIntSize.to_int self.t_Board__size'0) + [%#s06_knights_tour8] UInt64.to_uint self.t_Board__size'0 <= 1000 + /\ Seq.length (view'2 self.t_Board__field'0) = UInt64.to_uint self.t_Board__size'0 + /\ (forall i : int . 0 <= i /\ i < UInt64.to_uint self.t_Board__size'0 + -> Seq.length (view'3 (index_logic'0 self.t_Board__field'0 i)) = UInt64.to_uint self.t_Board__size'0) - use prelude.prelude.IntSize + use prelude.prelude.Int64 predicate in_bounds'0 [#"06_knights_tour.rs" 61 4 61 40] (self : t_Board'0) (p : t_Point'0) = - [%#s06_knights_tour9] 0 <= IntSize.to_int p.t_Point__x'0 - /\ IntSize.to_int p.t_Point__x'0 < UIntSize.to_int self.t_Board__size'0 - /\ 0 <= IntSize.to_int p.t_Point__y'0 /\ IntSize.to_int p.t_Point__y'0 < UIntSize.to_int self.t_Board__size'0 + [%#s06_knights_tour9] 0 <= Int64.to_int p.t_Point__x'0 + /\ Int64.to_int p.t_Point__x'0 < UInt64.to_uint self.t_Board__size'0 + /\ 0 <= Int64.to_int p.t_Point__y'0 /\ Int64.to_int p.t_Point__y'0 < UInt64.to_uint self.t_Board__size'0 meta "compute_max_steps" 1000000 let rec available'0 (self:t_Board'0) (p:t_Point'0) (return' (ret:bool))= {[@expl:available requires] [%#s06_knights_tour4] wf'0 self} (! bb0 [ bb0 = s0 - [ s0 = IntSize.le {[%#s06_knights_tour0] (0 : isize)} {p.t_Point__x'0} (fun (_ret':bool) -> [ &_5 <- _ret' ] s1) + [ s0 = Int64.le {[%#s06_knights_tour0] (0 : Int64.t)} {p.t_Point__x'0} (fun (_ret':bool) -> [ &_5 <- _ret' ] s1) | s1 = any [ br0 -> {_5 = false} (! bb8) | br1 -> {_5} (! bb1) ] ] | bb1 = s0 - [ s0 = UIntSize.of_int {IntSize.to_int p.t_Point__x'0} (fun (_res:usize) -> [ &_8 <- _res ] s1) - | s1 = UIntSize.lt {_8} {self.t_Board__size'0} (fun (_ret':bool) -> [ &_7 <- _ret' ] s2) + [ s0 = Int64.to_bv256 {p.t_Point__x'0} + (fun (_ret_to:BV256.t) -> UInt64.of_bv256 {_ret_to} (fun (_ret_from:UInt64.t) -> [ &_8 <- _ret_from ] s1)) + | s1 = UInt64.lt {_8} {self.t_Board__size'0} (fun (_ret':bool) -> [ &_7 <- _ret' ] s2) | s2 = any [ br0 -> {_7 = false} (! bb7) | br1 -> {_7} (! bb2) ] ] | bb2 = s0 - [ s0 = IntSize.le {[%#s06_knights_tour1] (0 : isize)} {p.t_Point__y'0} (fun (_ret':bool) -> [ &_11 <- _ret' ] s1) + [ s0 = Int64.le {[%#s06_knights_tour1] (0 : Int64.t)} {p.t_Point__y'0} (fun (_ret':bool) -> [ &_11 <- _ret' ] s1) | s1 = any [ br0 -> {_11 = false} (! bb6) | br1 -> {_11} (! bb3) ] ] | bb3 = s0 - [ s0 = UIntSize.of_int {IntSize.to_int p.t_Point__y'0} (fun (_res:usize) -> [ &_14 <- _res ] s1) - | s1 = UIntSize.lt {_14} {self.t_Board__size'0} (fun (_ret':bool) -> [ &_13 <- _ret' ] s2) + [ s0 = Int64.to_bv256 {p.t_Point__y'0} + (fun (_ret_to:BV256.t) -> UInt64.of_bv256 {_ret_to} (fun (_ret_from:UInt64.t) -> [ &_14 <- _ret_from ] s1)) + | s1 = UInt64.lt {_14} {self.t_Board__size'0} (fun (_ret':bool) -> [ &_13 <- _ret' ] s2) | s2 = any [ br0 -> {_13 = false} (! bb5) | br1 -> {_13} (! bb4) ] ] | bb4 = s0 - [ s0 = UIntSize.of_int {IntSize.to_int p.t_Point__x'0} (fun (_res:usize) -> [ &_22 <- _res ] s1) + [ s0 = Int64.to_bv256 {p.t_Point__x'0} + (fun (_ret_to:BV256.t) -> UInt64.of_bv256 {_ret_to} (fun (_ret_from:UInt64.t) -> [ &_22 <- _ret_from ] s1)) | s1 = index'0 {self.t_Board__field'0} {_22} (fun (_ret':t_Vec'0) -> [ &_20 <- _ret' ] s2) | s2 = bb10 ] | bb10 = s0 - [ s0 = UIntSize.of_int {IntSize.to_int p.t_Point__y'0} (fun (_res:usize) -> [ &_24 <- _res ] s1) - | s1 = index'1 {_20} {_24} (fun (_ret':usize) -> [ &_18 <- _ret' ] s2) + [ s0 = Int64.to_bv256 {p.t_Point__y'0} + (fun (_ret_to:BV256.t) -> UInt64.of_bv256 {_ret_to} (fun (_ret_from:UInt64.t) -> [ &_24 <- _ret_from ] s1)) + | s1 = index'1 {_20} {_24} (fun (_ret':UInt64.t) -> [ &_18 <- _ret' ] s2) | s2 = bb11 ] | bb11 = s0 - [ s0 = UIntSize.eq {_18} {[%#s06_knights_tour2] (0 : usize)} (fun (_ret':bool) -> [ &_0 <- _ret' ] s1) + [ s0 = UInt64.eq {_18} {[%#s06_knights_tour2] (0 : UInt64.t)} (fun (_ret':bool) -> [ &_0 <- _ret' ] s1) | s1 = bb12 ] | bb5 = bb9 @@ -757,14 +766,14 @@ module M_06_knights_tour__qyi4580598960913230815__available [#"06_knights_tour.r | & p : t_Point'0 = p | & _5 : bool = any_l () | & _7 : bool = any_l () - | & _8 : usize = any_l () + | & _8 : UInt64.t = any_l () | & _11 : bool = any_l () | & _13 : bool = any_l () - | & _14 : usize = any_l () - | & _18 : usize = any_l () + | & _14 : UInt64.t = any_l () + | & _18 : UInt64.t = any_l () | & _20 : t_Vec'0 = any_l () - | & _22 : usize = any_l () - | & _24 : usize = any_l () ] + | & _22 : UInt64.t = any_l () + | & _24 : UInt64.t = any_l () ] [ return' (result:bool)-> {[@expl:available ensures] [%#s06_knights_tour5] result -> in_bounds'0 self p} (! return' {result}) ] @@ -810,15 +819,15 @@ module M_06_knights_tour__qyi4580598960913230815__count_degree [#"06_knights_tou let%span sresolve36 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 let%span smodel37 = "../../../../creusot-contracts/src/model.rs" 106 8 106 22 - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 use seq.Seq - constant v_MAX'0 : usize = (18446744073709551615 : usize) - - use prelude.prelude.UIntSize + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.Int + use prelude.prelude.UInt64 use prelude.prelude.Opaque @@ -829,36 +838,36 @@ module M_06_knights_tour__qyi4580598960913230815__count_degree [#"06_knights_tou { t_Unique__pointer'0: t_NonNull'0; t_Unique__qy95zmarker'0: () } type t_Cap'0 = - { t_Cap__0'0: usize } + { t_Cap__0'0: UInt64.t } type t_RawVec'0 = { t_RawVec__ptr'0: t_Unique'0; t_RawVec__cap'0: t_Cap'0; t_RawVec__alloc'0: () } type t_Vec'0 = - { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: usize } + { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: UInt64.t } - use prelude.prelude.IntSize + use prelude.prelude.Int64 use seq.Seq - function view'0 (self : t_Vec'0) : Seq.seq (isize, isize) + function view'0 (self : t_Vec'0) : Seq.seq (Int64.t, Int64.t) - axiom view'0_spec : forall self : t_Vec'0 . [%#svec25] Seq.length (view'0 self) <= UIntSize.to_int (v_MAX'0 : usize) + axiom view'0_spec : forall self : t_Vec'0 . [%#svec25] Seq.length (view'0 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) use seq.Seq - function index_logic'0 [@inline:trivial] (self : t_Vec'0) (ix : int) : (isize, isize) = + function index_logic'0 [@inline:trivial] (self : t_Vec'0) (ix : int) : (Int64.t, Int64.t) = [%#sops26] Seq.get (view'0 self) ix - use prelude.prelude.IntSize + use prelude.prelude.Int64 let rec moves'0 (_1:()) (return' (ret:t_Vec'0))= any [ return' (result:t_Vec'0)-> {[%#s06_knights_tour10] Seq.length (view'0 result) = 8} {[%#s06_knights_tour11] forall i : int . 0 <= i /\ i < 8 - -> - 2 <= IntSize.to_int (let (a, _) = index_logic'0 result i in a) - /\ IntSize.to_int (let (a, _) = index_logic'0 result i in a) <= 2 - /\ - 2 <= IntSize.to_int (let (_, a) = index_logic'0 result i in a) - /\ IntSize.to_int (let (_, a) = index_logic'0 result i in a) <= 2} + -> - 2 <= Int64.to_int (let (a, _) = index_logic'0 result i in a) + /\ Int64.to_int (let (a, _) = index_logic'0 result i in a) <= 2 + /\ - 2 <= Int64.to_int (let (_, a) = index_logic'0 result i in a) + /\ Int64.to_int (let (_, a) = index_logic'0 result i in a) <= 2} (! return' {result}) ] @@ -875,7 +884,7 @@ module M_06_knights_tour__qyi4580598960913230815__count_degree [#"06_knights_tou type t_IntoIter'0 = { t_IntoIter__buf'0: t_NonNull'0; t_IntoIter__phantom'0: (); - t_IntoIter__cap'0: usize; + t_IntoIter__cap'0: UInt64.t; t_IntoIter__alloc'0: t_ManuallyDrop'0; t_IntoIter__ptr'0: t_NonNull'0; t_IntoIter__end'0: opaque_ptr } @@ -884,7 +893,7 @@ module M_06_knights_tour__qyi4580598960913230815__count_degree [#"06_knights_tou axiom inv_axiom'0 [@rewrite] : forall x : t_IntoIter'0 [inv'0 x] . inv'0 x = true - function view'1 (self : t_IntoIter'0) : Seq.seq (isize, isize) + function view'1 (self : t_IntoIter'0) : Seq.seq (Int64.t, Int64.t) predicate into_iter_post'0 (self : t_Vec'0) (res : t_IntoIter'0) = [%#svec28] view'0 self = view'1 res @@ -909,25 +918,25 @@ module M_06_knights_tour__qyi4580598960913230815__count_degree [#"06_knights_tou use seq.Seq - predicate produces'0 (self : t_IntoIter'0) (visited : Seq.seq (isize, isize)) (rhs : t_IntoIter'0) = + predicate produces'0 (self : t_IntoIter'0) (visited : Seq.seq (Int64.t, Int64.t)) (rhs : t_IntoIter'0) = [%#svec13] view'1 self = Seq.(++) visited (view'1 rhs) - function produces_trans'0 (a : t_IntoIter'0) (ab : Seq.seq (isize, isize)) (b : t_IntoIter'0) (bc : Seq.seq (isize, isize)) (c : t_IntoIter'0) : () + function produces_trans'0 (a : t_IntoIter'0) (ab : Seq.seq (Int64.t, Int64.t)) (b : t_IntoIter'0) (bc : Seq.seq (Int64.t, Int64.t)) (c : t_IntoIter'0) : () = [%#svec34] () - axiom produces_trans'0_spec : forall a : t_IntoIter'0, ab : Seq.seq (isize, isize), b : t_IntoIter'0, bc : Seq.seq (isize, isize), c : t_IntoIter'0 . ([%#svec31] produces'0 a ab b) + axiom produces_trans'0_spec : forall a : t_IntoIter'0, ab : Seq.seq (Int64.t, Int64.t), b : t_IntoIter'0, bc : Seq.seq (Int64.t, Int64.t), c : t_IntoIter'0 . ([%#svec31] produces'0 a ab b) -> ([%#svec32] produces'0 b bc c) -> ([%#svec33] produces'0 a (Seq.(++) ab bc) c) function produces_refl'0 (self : t_IntoIter'0) : () = [%#svec30] () - axiom produces_refl'0_spec : forall self : t_IntoIter'0 . [%#svec29] produces'0 self (Seq.empty : Seq.seq (isize, isize)) self + axiom produces_refl'0_spec : forall self : t_IntoIter'0 . [%#svec29] produces'0 self (Seq.empty : Seq.seq (Int64.t, Int64.t)) self - predicate inv'1 (_1 : Seq.seq (isize, isize)) + predicate inv'1 (_1 : Seq.seq (Int64.t, Int64.t)) - axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq (isize, isize) [inv'1 x] . inv'1 x = true + axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq (Int64.t, Int64.t) [inv'1 x] . inv'1 x = true use prelude.prelude.Borrow @@ -937,7 +946,7 @@ module M_06_knights_tour__qyi4580598960913230815__count_degree [#"06_knights_tou type t_Option'0 = | C_None'0 - | C_Some'0 (isize, isize) + | C_Some'0 (Int64.t, Int64.t) predicate inv'4 (_1 : t_Option'0) @@ -946,11 +955,11 @@ module M_06_knights_tour__qyi4580598960913230815__count_degree [#"06_knights_tou predicate resolve'1 (self : borrowed (t_IntoIter'0)) = [%#sresolve36] self.final = self.current - function view'4 (self : borrowed (t_IntoIter'0)) : Seq.seq (isize, isize) = + function view'4 (self : borrowed (t_IntoIter'0)) : Seq.seq (Int64.t, Int64.t) = [%#smodel37] view'1 self.current predicate completed'0 (self : borrowed (t_IntoIter'0)) = - [%#svec35] resolve'1 self /\ view'4 self = (Seq.empty : Seq.seq (isize, isize)) + [%#svec35] resolve'1 self /\ view'4 self = (Seq.empty : Seq.seq (Int64.t, Int64.t)) use seq.Seq @@ -967,30 +976,30 @@ module M_06_knights_tour__qyi4580598960913230815__count_degree [#"06_knights_tou predicate resolve'0 (_1 : borrowed (t_IntoIter'0)) = resolve'1 _1 - let rec v_Some'0 (input:t_Option'0) (ret (field_0:(isize, isize)))= any - [ good (field_0:(isize, isize))-> {C_Some'0 field_0 = input} (! ret {field_0}) - | bad -> {forall field_0 : (isize, isize) [C_Some'0 field_0 : t_Option'0] . C_Some'0 field_0 <> input} + let rec v_Some'0 (input:t_Option'0) (ret (field_0:(Int64.t, Int64.t)))= any + [ good (field_0:(Int64.t, Int64.t))-> {C_Some'0 field_0 = input} (! ret {field_0}) + | bad -> {forall field_0 : (Int64.t, Int64.t) [C_Some'0 field_0 : t_Option'0] . C_Some'0 field_0 <> input} (! {false} any) ] type t_Point'0 = - { t_Point__x'0: isize; t_Point__y'0: isize } - - let rec mov'0 (self:t_Point'0) (p:(isize, isize)) (return' (ret:t_Point'0))= {[@expl:mov requires #0] [%#s06_knights_tour15] - 10000 - <= IntSize.to_int self.t_Point__x'0 - /\ IntSize.to_int self.t_Point__x'0 <= 10000} - {[@expl:mov requires #1] [%#s06_knights_tour16] - 10000 <= IntSize.to_int self.t_Point__y'0 - /\ IntSize.to_int self.t_Point__y'0 <= 10000} - {[@expl:mov requires #2] [%#s06_knights_tour17] - 10000 <= IntSize.to_int (let (a, _) = p in a) - /\ IntSize.to_int (let (a, _) = p in a) <= 10000} - {[@expl:mov requires #3] [%#s06_knights_tour18] - 10000 <= IntSize.to_int (let (_, a) = p in a) - /\ IntSize.to_int (let (_, a) = p in a) <= 10000} + { t_Point__x'0: Int64.t; t_Point__y'0: Int64.t } + + let rec mov'0 (self:t_Point'0) (p:(Int64.t, Int64.t)) (return' (ret:t_Point'0))= {[@expl:mov requires #0] [%#s06_knights_tour15] - 10000 + <= Int64.to_int self.t_Point__x'0 + /\ Int64.to_int self.t_Point__x'0 <= 10000} + {[@expl:mov requires #1] [%#s06_knights_tour16] - 10000 <= Int64.to_int self.t_Point__y'0 + /\ Int64.to_int self.t_Point__y'0 <= 10000} + {[@expl:mov requires #2] [%#s06_knights_tour17] - 10000 <= Int64.to_int (let (a, _) = p in a) + /\ Int64.to_int (let (a, _) = p in a) <= 10000} + {[@expl:mov requires #3] [%#s06_knights_tour18] - 10000 <= Int64.to_int (let (_, a) = p in a) + /\ Int64.to_int (let (_, a) = p in a) <= 10000} any - [ return' (result:t_Point'0)-> {[%#s06_knights_tour19] IntSize.to_int result.t_Point__x'0 - = IntSize.to_int self.t_Point__x'0 + IntSize.to_int (let (a, _) = p in a)} - {[%#s06_knights_tour20] IntSize.to_int result.t_Point__y'0 - = IntSize.to_int self.t_Point__y'0 + IntSize.to_int (let (_, a) = p in a)} + [ return' (result:t_Point'0)-> {[%#s06_knights_tour19] Int64.to_int result.t_Point__x'0 + = Int64.to_int self.t_Point__x'0 + Int64.to_int (let (a, _) = p in a)} + {[%#s06_knights_tour20] Int64.to_int result.t_Point__y'0 + = Int64.to_int self.t_Point__y'0 + Int64.to_int (let (_, a) = p in a)} (! return' {result}) ] @@ -1004,10 +1013,10 @@ module M_06_knights_tour__qyi4580598960913230815__count_degree [#"06_knights_tou { t_RawVec__ptr'1: t_Unique'1; t_RawVec__cap'1: t_Cap'0; t_RawVec__alloc'1: () } type t_Vec'1 = - { t_Vec__buf'1: t_RawVec'1; t_Vec__len'1: usize } + { t_Vec__buf'1: t_RawVec'1; t_Vec__len'1: UInt64.t } type t_Board'0 = - { t_Board__size'0: usize; t_Board__field'0: t_Vec'1 } + { t_Board__size'0: UInt64.t; t_Board__field'0: t_Vec'1 } use seq.Seq @@ -1021,13 +1030,13 @@ module M_06_knights_tour__qyi4580598960913230815__count_degree [#"06_knights_tou { t_RawVec__ptr'2: t_Unique'2; t_RawVec__cap'2: t_Cap'0; t_RawVec__alloc'2: () } type t_Vec'2 = - { t_Vec__buf'2: t_RawVec'2; t_Vec__len'2: usize } + { t_Vec__buf'2: t_RawVec'2; t_Vec__len'2: UInt64.t } use seq.Seq function view'2 (self : t_Vec'1) : Seq.seq (t_Vec'2) - axiom view'2_spec : forall self : t_Vec'1 . [%#svec25] Seq.length (view'2 self) <= UIntSize.to_int (v_MAX'0 : usize) + axiom view'2_spec : forall self : t_Vec'1 . [%#svec25] Seq.length (view'2 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) use seq.Seq @@ -1038,20 +1047,20 @@ module M_06_knights_tour__qyi4580598960913230815__count_degree [#"06_knights_tou use seq.Seq - function view'3 (self : t_Vec'2) : Seq.seq usize + function view'3 (self : t_Vec'2) : Seq.seq UInt64.t - axiom view'3_spec : forall self : t_Vec'2 . [%#svec25] Seq.length (view'3 self) <= UIntSize.to_int (v_MAX'0 : usize) + axiom view'3_spec : forall self : t_Vec'2 . [%#svec25] Seq.length (view'3 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) predicate wf'0 [#"06_knights_tour.rs" 30 4 30 23] (self : t_Board'0) = - [%#s06_knights_tour23] UIntSize.to_int self.t_Board__size'0 <= 1000 - /\ Seq.length (view'2 self.t_Board__field'0) = UIntSize.to_int self.t_Board__size'0 - /\ (forall i : int . 0 <= i /\ i < UIntSize.to_int self.t_Board__size'0 - -> Seq.length (view'3 (index_logic'1 self.t_Board__field'0 i)) = UIntSize.to_int self.t_Board__size'0) + [%#s06_knights_tour23] UInt64.to_uint self.t_Board__size'0 <= 1000 + /\ Seq.length (view'2 self.t_Board__field'0) = UInt64.to_uint self.t_Board__size'0 + /\ (forall i : int . 0 <= i /\ i < UInt64.to_uint self.t_Board__size'0 + -> Seq.length (view'3 (index_logic'1 self.t_Board__field'0 i)) = UInt64.to_uint self.t_Board__size'0) predicate in_bounds'0 [#"06_knights_tour.rs" 61 4 61 40] (self : t_Board'0) (p : t_Point'0) = - [%#s06_knights_tour24] 0 <= IntSize.to_int p.t_Point__x'0 - /\ IntSize.to_int p.t_Point__x'0 < UIntSize.to_int self.t_Board__size'0 - /\ 0 <= IntSize.to_int p.t_Point__y'0 /\ IntSize.to_int p.t_Point__y'0 < UIntSize.to_int self.t_Board__size'0 + [%#s06_knights_tour24] 0 <= Int64.to_int p.t_Point__x'0 + /\ Int64.to_int p.t_Point__x'0 < UInt64.to_uint self.t_Board__size'0 + /\ 0 <= Int64.to_int p.t_Point__y'0 /\ Int64.to_int p.t_Point__y'0 < UInt64.to_uint self.t_Board__size'0 let rec available'0 (self:t_Board'0) (p:t_Point'0) (return' (ret:bool))= {[@expl:available requires] [%#s06_knights_tour21] wf'0 self} any [ return' (result:bool)-> {[%#s06_knights_tour22] result -> in_bounds'0 self p} (! return' {result}) ] @@ -1064,18 +1073,19 @@ module M_06_knights_tour__qyi4580598960913230815__count_degree [#"06_knights_tou meta "compute_max_steps" 1000000 - let rec count_degree'0 (self:t_Board'0) (p:t_Point'0) (return' (ret:usize))= {[@expl:count_degree requires #0] [%#s06_knights_tour8] wf'0 self} + let rec count_degree'0 (self:t_Board'0) (p:t_Point'0) (return' (ret:UInt64.t))= {[@expl:count_degree requires #0] [%#s06_knights_tour8] wf'0 self} {[@expl:count_degree requires #1] [%#s06_knights_tour9] in_bounds'0 self p} (! bb0 [ bb0 = s0 - [ s0 = [ &count <- [%#s06_knights_tour0] (0 : usize) ] s1 + [ s0 = [ &count <- [%#s06_knights_tour0] (0 : UInt64.t) ] s1 | s1 = moves'0 {[%#s06_knights_tour1] ()} (fun (_ret':t_Vec'0) -> [ &_8 <- _ret' ] s2) | s2 = bb1 ] | bb1 = s0 [ s0 = into_iter'0 {_8} (fun (_ret':t_IntoIter'0) -> [ &iter <- _ret' ] s1) | s1 = bb2 ] | bb2 = s0 [ s0 = [ &iter_old <- [%#s06_knights_tour2] Snapshot.new iter ] s1 | s1 = bb3 ] | bb3 = s0 - [ s0 = [ &produced <- [%#s06_knights_tour3] Snapshot.new (Seq.empty : Seq.seq (isize, isize)) ] s1 | s1 = bb4 ] + [ s0 = [ &produced <- [%#s06_knights_tour3] Snapshot.new (Seq.empty : Seq.seq (Int64.t, Int64.t)) ] s1 + | s1 = bb4 ] | bb4 = bb5 | bb5 = bb6 @@ -1084,7 +1094,7 @@ module M_06_knights_tour__qyi4580598960913230815__count_degree [#"06_knights_tou [ bb7 = {[@expl:for invariant] [%#s06_knights_tour5] inv'1 (Snapshot.inner produced)} {[@expl:for invariant] [%#s06_knights_tour5] inv'0 iter} {[@expl:for invariant] [%#s06_knights_tour5] produces'0 (Snapshot.inner iter_old) (Snapshot.inner produced) iter} - {[@expl:loop invariant] [%#s06_knights_tour4] UIntSize.to_int count <= Seq.length (Snapshot.inner produced)} + {[@expl:loop invariant] [%#s06_knights_tour4] UInt64.to_uint count <= Seq.length (Snapshot.inner produced)} (! s0) [ s0 = bb8 ] [ bb8 = s0 [ s0 = Borrow.borrow_mut {iter} @@ -1099,11 +1109,13 @@ module M_06_knights_tour__qyi4580598960913230815__count_degree [#"06_knights_tou | bb9 = s0 [ s0 = -{resolve'0 _20}- s1 - | s1 = any [ br0 -> {_18 = C_None'0 } (! bb12) | br1 (x0:(isize, isize))-> {_18 = C_Some'0 x0} (! bb11) ] ] + | s1 = any + [ br0 -> {_18 = C_None'0 } (! bb12) | br1 (x0:(Int64.t, Int64.t))-> {_18 = C_Some'0 x0} (! bb11) ] + ] | bb11 = bb13 | bb13 = s0 - [ s0 = v_Some'0 {_18} (fun (r0'0:(isize, isize)) -> [ &__creusot_proc_iter_elem <- r0'0 ] s1) + [ s0 = v_Some'0 {_18} (fun (r0'0:(Int64.t, Int64.t)) -> [ &__creusot_proc_iter_elem <- r0'0 ] s1) | s1 = [ &_23 <- [%#s06_knights_tour6] Snapshot.new (Seq.(++) (Snapshot.inner produced) (Seq.singleton __creusot_proc_iter_elem)) ] @@ -1120,7 +1132,8 @@ module M_06_knights_tour__qyi4580598960913230815__count_degree [#"06_knights_tou | bb15 = s0 [ s0 = available'0 {self} {next} (fun (_ret':bool) -> [ &_30 <- _ret' ] s1) | s1 = bb16 ] | bb16 = any [ br0 -> {_30 = false} (! bb18) | br1 -> {_30} (! bb17) ] | bb17 = s0 - [ s0 = UIntSize.add {count} {[%#s06_knights_tour7] (1 : usize)} (fun (_ret':usize) -> [ &count <- _ret' ] s1) + [ s0 = UInt64.add {count} {[%#s06_knights_tour7] (1 : UInt64.t)} + (fun (_ret':UInt64.t) -> [ &count <- _ret' ] s1) | s1 = bb19 ] | bb18 = bb19 @@ -1130,24 +1143,24 @@ module M_06_knights_tour__qyi4580598960913230815__count_degree [#"06_knights_tou | bb12 = bb20 | bb20 = s0 [ s0 = [ &_0 <- count ] s1 | s1 = return' {_0} ] ] ) - [ & _0 : usize = any_l () + [ & _0 : UInt64.t = any_l () | & self : t_Board'0 = self | & p : t_Point'0 = p - | & count : usize = any_l () + | & count : UInt64.t = any_l () | & iter : t_IntoIter'0 = any_l () | & _8 : t_Vec'0 = any_l () | & iter_old : Snapshot.snap_ty (t_IntoIter'0) = any_l () - | & produced : Snapshot.snap_ty (Seq.seq (isize, isize)) = any_l () + | & produced : Snapshot.snap_ty (Seq.seq (Int64.t, Int64.t)) = any_l () | & _18 : t_Option'0 = any_l () | & _19 : borrowed (t_IntoIter'0) = any_l () | & _20 : borrowed (t_IntoIter'0) = any_l () - | & __creusot_proc_iter_elem : (isize, isize) = any_l () - | & _23 : Snapshot.snap_ty (Seq.seq (isize, isize)) = any_l () - | & m : (isize, isize) = any_l () + | & __creusot_proc_iter_elem : (Int64.t, Int64.t) = any_l () + | & _23 : Snapshot.snap_ty (Seq.seq (Int64.t, Int64.t)) = any_l () + | & m : (Int64.t, Int64.t) = any_l () | & next : t_Point'0 = any_l () - | & _29 : (isize, isize) = any_l () + | & _29 : (Int64.t, Int64.t) = any_l () | & _30 : bool = any_l () ] - [ return' (result:usize)-> (! return' {result}) ] + [ return' (result:UInt64.t)-> (! return' {result}) ] end module M_06_knights_tour__qyi4580598960913230815__set [#"06_knights_tour.rs" 87 4 87 41] (* Board *) let%span s06_knights_tour0 = "06_knights_tour.rs" 83 15 83 24 @@ -1162,10 +1175,10 @@ module M_06_knights_tour__qyi4580598960913230815__set [#"06_knights_tour.rs" 87 let%span s06_knights_tour9 = "06_knights_tour.rs" 32 12 34 93 let%span s06_knights_tour10 = "06_knights_tour.rs" 63 12 63 75 let%span smodel11 = "../../../../creusot-contracts/src/model.rs" 106 8 106 22 - let%span sslice12 = "../../../../creusot-contracts/src/std/slice.rs" 122 20 122 37 - let%span sslice13 = "../../../../creusot-contracts/src/std/slice.rs" 129 20 129 37 + let%span sslice12 = "../../../../creusot-contracts/src/std/slice.rs" 140 20 140 37 + let%span sslice13 = "../../../../creusot-contracts/src/std/slice.rs" 147 20 147 37 let%span svec14 = "../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - let%span sslice15 = "../../../../creusot-contracts/src/std/slice.rs" 136 20 136 94 + let%span sslice15 = "../../../../creusot-contracts/src/std/slice.rs" 154 20 154 94 let%span sresolve16 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 let%span sops17 = "../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 @@ -1179,32 +1192,34 @@ module M_06_knights_tour__qyi4580598960913230815__set [#"06_knights_tour.rs" 87 type t_Unique'0 = { t_Unique__pointer'0: t_NonNull'0; t_Unique__qy95zmarker'0: () } - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 type t_Cap'0 = - { t_Cap__0'0: usize } + { t_Cap__0'0: UInt64.t } type t_RawVec'0 = { t_RawVec__ptr'0: t_Unique'0; t_RawVec__cap'0: t_Cap'0; t_RawVec__alloc'0: () } type t_Vec'0 = - { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: usize } + { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: UInt64.t } type t_Board'0 = - { t_Board__size'0: usize; t_Board__field'0: t_Vec'0 } + { t_Board__size'0: UInt64.t; t_Board__field'0: t_Vec'0 } - use prelude.prelude.IntSize + use prelude.prelude.Int64 type t_Point'0 = - { t_Point__x'0: isize; t_Point__y'0: isize } + { t_Point__x'0: Int64.t; t_Point__y'0: Int64.t } predicate inv'0 (_1 : borrowed (t_Vec'0)) axiom inv_axiom'0 [@rewrite] : forall x : borrowed (t_Vec'0) [inv'0 x] . inv'0 x = true - predicate inv'1 (_1 : usize) + predicate inv'1 (_1 : UInt64.t) - axiom inv_axiom'1 [@rewrite] : forall x : usize [inv'1 x] . inv'1 x = true + axiom inv_axiom'1 [@rewrite] : forall x : UInt64.t [inv'1 x] . inv'1 x = true type t_NonNull'1 = { t_NonNull__pointer'1: opaque_ptr } @@ -1216,27 +1231,25 @@ module M_06_knights_tour__qyi4580598960913230815__set [#"06_knights_tour.rs" 87 { t_RawVec__ptr'1: t_Unique'1; t_RawVec__cap'1: t_Cap'0; t_RawVec__alloc'1: () } type t_Vec'1 = - { t_Vec__buf'1: t_RawVec'1; t_Vec__len'1: usize } + { t_Vec__buf'1: t_RawVec'1; t_Vec__len'1: UInt64.t } use seq.Seq use seq.Seq - constant v_MAX'0 : usize = (18446744073709551615 : usize) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.UIntSize - - use prelude.prelude.Int + use prelude.prelude.UInt64 function view'1 (self : t_Vec'0) : Seq.seq (t_Vec'1) - axiom view'1_spec : forall self : t_Vec'0 . [%#svec14] Seq.length (view'1 self) <= UIntSize.to_int (v_MAX'0 : usize) + axiom view'1_spec : forall self : t_Vec'0 . [%#svec14] Seq.length (view'1 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) function view'0 (self : borrowed (t_Vec'0)) : Seq.seq (t_Vec'1) = [%#smodel11] view'1 self.current - predicate in_bounds'1 [@inline:trivial] (self : usize) (seq : Seq.seq (t_Vec'1)) = - [%#sslice12] UIntSize.to_int self < Seq.length seq + predicate in_bounds'1 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq (t_Vec'1)) = + [%#sslice12] UInt64.to_uint self < Seq.length seq predicate inv'2 (_1 : borrowed (t_Vec'1)) @@ -1244,14 +1257,15 @@ module M_06_knights_tour__qyi4580598960913230815__set [#"06_knights_tour.rs" 87 use seq.Seq - predicate has_value'0 [@inline:trivial] (self : usize) (seq : Seq.seq (t_Vec'1)) (out : t_Vec'1) = - [%#sslice13] Seq.get seq (UIntSize.to_int self) = out + predicate has_value'0 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq (t_Vec'1)) (out : t_Vec'1) = + [%#sslice13] Seq.get seq (UInt64.to_uint self) = out - predicate resolve_elswhere'0 [@inline:trivial] (self : usize) (old' : Seq.seq (t_Vec'1)) (fin : Seq.seq (t_Vec'1)) = - [%#sslice15] forall i : int . 0 <= i /\ i <> UIntSize.to_int self /\ i < Seq.length old' + predicate resolve_elswhere'0 [@inline:trivial] (self : UInt64.t) (old' : Seq.seq (t_Vec'1)) (fin : Seq.seq (t_Vec'1)) + = + [%#sslice15] forall i : int . 0 <= i /\ i <> UInt64.to_uint self /\ i < Seq.length old' -> Seq.get old' i = Seq.get fin i - let rec index_mut'0 (self:borrowed (t_Vec'0)) (index:usize) (return' (ret:borrowed (t_Vec'1)))= {[@expl:index_mut 'self' type invariant] inv'0 self} + let rec index_mut'0 (self:borrowed (t_Vec'0)) (index:UInt64.t) (return' (ret:borrowed (t_Vec'1)))= {[@expl:index_mut 'self' type invariant] inv'0 self} {[@expl:index_mut 'index' type invariant] inv'1 index} {[@expl:index_mut requires] [%#svec4] in_bounds'1 index (view'0 self)} any @@ -1267,34 +1281,34 @@ module M_06_knights_tour__qyi4580598960913230815__set [#"06_knights_tour.rs" 87 use seq.Seq - function view'3 (self : t_Vec'1) : Seq.seq usize + function view'3 (self : t_Vec'1) : Seq.seq UInt64.t - axiom view'3_spec : forall self : t_Vec'1 . [%#svec14] Seq.length (view'3 self) <= UIntSize.to_int (v_MAX'0 : usize) + axiom view'3_spec : forall self : t_Vec'1 . [%#svec14] Seq.length (view'3 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) - function view'2 (self : borrowed (t_Vec'1)) : Seq.seq usize = + function view'2 (self : borrowed (t_Vec'1)) : Seq.seq UInt64.t = [%#smodel11] view'3 self.current - predicate in_bounds'2 [@inline:trivial] (self : usize) (seq : Seq.seq usize) = - [%#sslice12] UIntSize.to_int self < Seq.length seq + predicate in_bounds'2 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq UInt64.t) = + [%#sslice12] UInt64.to_uint self < Seq.length seq - predicate inv'3 (_1 : borrowed usize) + predicate inv'3 (_1 : borrowed UInt64.t) - axiom inv_axiom'3 [@rewrite] : forall x : borrowed usize [inv'3 x] . inv'3 x = true + axiom inv_axiom'3 [@rewrite] : forall x : borrowed UInt64.t [inv'3 x] . inv'3 x = true use seq.Seq - predicate has_value'1 [@inline:trivial] (self : usize) (seq : Seq.seq usize) (out : usize) = - [%#sslice13] Seq.get seq (UIntSize.to_int self) = out + predicate has_value'1 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq UInt64.t) (out : UInt64.t) = + [%#sslice13] Seq.get seq (UInt64.to_uint self) = out - predicate resolve_elswhere'1 [@inline:trivial] (self : usize) (old' : Seq.seq usize) (fin : Seq.seq usize) = - [%#sslice15] forall i : int . 0 <= i /\ i <> UIntSize.to_int self /\ i < Seq.length old' + predicate resolve_elswhere'1 [@inline:trivial] (self : UInt64.t) (old' : Seq.seq UInt64.t) (fin : Seq.seq UInt64.t) = + [%#sslice15] forall i : int . 0 <= i /\ i <> UInt64.to_uint self /\ i < Seq.length old' -> Seq.get old' i = Seq.get fin i - let rec index_mut'1 (self:borrowed (t_Vec'1)) (index:usize) (return' (ret:borrowed usize))= {[@expl:index_mut 'self' type invariant] inv'2 self} + let rec index_mut'1 (self:borrowed (t_Vec'1)) (index:UInt64.t) (return' (ret:borrowed UInt64.t))= {[@expl:index_mut 'self' type invariant] inv'2 self} {[@expl:index_mut 'index' type invariant] inv'1 index} {[@expl:index_mut requires] [%#svec4] in_bounds'2 index (view'2 self)} any - [ return' (result:borrowed usize)-> {inv'3 result} + [ return' (result:borrowed UInt64.t)-> {inv'3 result} {[%#svec5] has_value'1 index (view'2 self) result.current} {[%#svec6] has_value'1 index (view'3 self.final) result.final} {[%#svec7] resolve_elswhere'1 index (view'2 self) (view'3 self.final)} @@ -1302,10 +1316,10 @@ module M_06_knights_tour__qyi4580598960913230815__set [#"06_knights_tour.rs" 87 (! return' {result}) ] - predicate resolve'3 (self : borrowed usize) = + predicate resolve'3 (self : borrowed UInt64.t) = [%#sresolve16] self.final = self.current - predicate resolve'0 (_1 : borrowed usize) = + predicate resolve'0 (_1 : borrowed UInt64.t) = resolve'3 _1 predicate resolve'4 (self : borrowed (t_Vec'1)) = @@ -1326,21 +1340,21 @@ module M_06_knights_tour__qyi4580598960913230815__set [#"06_knights_tour.rs" 87 [%#sops17] Seq.get (view'1 self) ix predicate wf'0 [#"06_knights_tour.rs" 30 4 30 23] (self : t_Board'0) = - [%#s06_knights_tour9] UIntSize.to_int self.t_Board__size'0 <= 1000 - /\ Seq.length (view'1 self.t_Board__field'0) = UIntSize.to_int self.t_Board__size'0 - /\ (forall i : int . 0 <= i /\ i < UIntSize.to_int self.t_Board__size'0 - -> Seq.length (view'3 (index_logic'0 self.t_Board__field'0 i)) = UIntSize.to_int self.t_Board__size'0) + [%#s06_knights_tour9] UInt64.to_uint self.t_Board__size'0 <= 1000 + /\ Seq.length (view'1 self.t_Board__field'0) = UInt64.to_uint self.t_Board__size'0 + /\ (forall i : int . 0 <= i /\ i < UInt64.to_uint self.t_Board__size'0 + -> Seq.length (view'3 (index_logic'0 self.t_Board__field'0 i)) = UInt64.to_uint self.t_Board__size'0) - use prelude.prelude.IntSize + use prelude.prelude.Int64 predicate in_bounds'0 [#"06_knights_tour.rs" 61 4 61 40] (self : t_Board'0) (p : t_Point'0) = - [%#s06_knights_tour10] 0 <= IntSize.to_int p.t_Point__x'0 - /\ IntSize.to_int p.t_Point__x'0 < UIntSize.to_int self.t_Board__size'0 - /\ 0 <= IntSize.to_int p.t_Point__y'0 /\ IntSize.to_int p.t_Point__y'0 < UIntSize.to_int self.t_Board__size'0 + [%#s06_knights_tour10] 0 <= Int64.to_int p.t_Point__x'0 + /\ Int64.to_int p.t_Point__x'0 < UInt64.to_uint self.t_Board__size'0 + /\ 0 <= Int64.to_int p.t_Point__y'0 /\ Int64.to_int p.t_Point__y'0 < UInt64.to_uint self.t_Board__size'0 meta "compute_max_steps" 1000000 - let rec set'0 (self:borrowed (t_Board'0)) (p:t_Point'0) (v:usize) (return' (ret:()))= {[@expl:set requires #0] [%#s06_knights_tour0] wf'0 self.current} + let rec set'0 (self:borrowed (t_Board'0)) (p:t_Point'0) (v:UInt64.t) (return' (ret:()))= {[@expl:set requires #0] [%#s06_knights_tour0] wf'0 self.current} {[@expl:set requires #1] [%#s06_knights_tour1] in_bounds'0 self.current p} (! bb0 [ bb0 = s0 @@ -1349,15 +1363,17 @@ module M_06_knights_tour__qyi4580598960913230815__set [#"06_knights_tour.rs" 87 [ &_12 <- _ret' ] [ &self <- { self with current = { self.current with t_Board__field'0 = _ret'.final } } ] s1) - | s1 = UIntSize.of_int {IntSize.to_int p.t_Point__x'0} (fun (_res:usize) -> [ &_13 <- _res ] s2) + | s1 = Int64.to_bv256 {p.t_Point__x'0} + (fun (_ret_to:BV256.t) -> UInt64.of_bv256 {_ret_to} (fun (_ret_from:UInt64.t) -> [ &_13 <- _ret_from ] s2)) | s2 = index_mut'0 {_12} {_13} (fun (_ret':borrowed (t_Vec'1)) -> [ &_11 <- _ret' ] s3) | s3 = bb1 ] | bb1 = s0 [ s0 = Borrow.borrow_final {_11.current} {Borrow.get_id _11} (fun (_ret':borrowed (t_Vec'1)) -> [ &_10 <- _ret' ] [ &_11 <- { _11 with current = _ret'.final } ] s1) - | s1 = UIntSize.of_int {IntSize.to_int p.t_Point__y'0} (fun (_res:usize) -> [ &_15 <- _res ] s2) - | s2 = index_mut'1 {_10} {_15} (fun (_ret':borrowed usize) -> [ &_9 <- _ret' ] s3) + | s1 = Int64.to_bv256 {p.t_Point__y'0} + (fun (_ret_to:BV256.t) -> UInt64.of_bv256 {_ret_to} (fun (_ret_from:UInt64.t) -> [ &_15 <- _ret_from ] s2)) + | s2 = index_mut'1 {_10} {_15} (fun (_ret':borrowed UInt64.t) -> [ &_9 <- _ret' ] s3) | s3 = bb2 ] | bb2 = s0 @@ -1371,13 +1387,13 @@ module M_06_knights_tour__qyi4580598960913230815__set [#"06_knights_tour.rs" 87 [ & _0 : () = any_l () | & self : borrowed (t_Board'0) = self | & p : t_Point'0 = p - | & v : usize = v - | & _9 : borrowed usize = any_l () + | & v : UInt64.t = v + | & _9 : borrowed UInt64.t = any_l () | & _10 : borrowed (t_Vec'1) = any_l () | & _11 : borrowed (t_Vec'1) = any_l () | & _12 : borrowed (t_Vec'0) = any_l () - | & _13 : usize = any_l () - | & _15 : usize = any_l () ] + | & _13 : UInt64.t = any_l () + | & _15 : UInt64.t = any_l () ] [ return' (result:())-> {[@expl:set ensures #0] [%#s06_knights_tour2] wf'0 self.final} {[@expl:set ensures #1] [%#s06_knights_tour3] (self.final).t_Board__size'0 = (self.current).t_Board__size'0} @@ -1394,20 +1410,20 @@ module M_06_knights_tour__min [#"06_knights_tour.rs" 110 0 110 58] let%span siter6 = "../../../../creusot-contracts/src/std/iter.rs" 101 0 213 1 let%span smodel7 = "../../../../creusot-contracts/src/model.rs" 88 8 88 22 let%span sops8 = "../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 - let%span sslice9 = "../../../../creusot-contracts/src/std/slice.rs" 405 12 405 66 + let%span sslice9 = "../../../../creusot-contracts/src/std/slice.rs" 423 12 423 66 let%span siter10 = "../../../../creusot-contracts/src/std/iter.rs" 107 26 110 17 let%span svec11 = "../../../../creusot-contracts/src/std/vec.rs" 205 20 205 24 let%span svec12 = "../../../../creusot-contracts/src/std/vec.rs" 211 20 211 34 let%span svec13 = "../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - let%span sslice14 = "../../../../creusot-contracts/src/std/slice.rs" 411 14 411 45 - let%span sslice15 = "../../../../creusot-contracts/src/std/slice.rs" 409 4 409 10 - let%span sslice16 = "../../../../creusot-contracts/src/std/slice.rs" 416 15 416 32 - let%span sslice17 = "../../../../creusot-contracts/src/std/slice.rs" 417 15 417 32 - let%span sslice18 = "../../../../creusot-contracts/src/std/slice.rs" 418 14 418 42 - let%span sslice19 = "../../../../creusot-contracts/src/std/slice.rs" 414 4 414 10 - let%span sslice20 = "../../../../creusot-contracts/src/std/slice.rs" 96 14 96 41 - let%span sslice21 = "../../../../creusot-contracts/src/std/slice.rs" 97 14 97 80 - let%span sslice22 = "../../../../creusot-contracts/src/std/slice.rs" 398 20 398 61 + let%span sslice14 = "../../../../creusot-contracts/src/std/slice.rs" 429 14 429 45 + let%span sslice15 = "../../../../creusot-contracts/src/std/slice.rs" 427 4 427 10 + let%span sslice16 = "../../../../creusot-contracts/src/std/slice.rs" 434 15 434 32 + let%span sslice17 = "../../../../creusot-contracts/src/std/slice.rs" 435 15 435 32 + let%span sslice18 = "../../../../creusot-contracts/src/std/slice.rs" 436 14 436 42 + let%span sslice19 = "../../../../creusot-contracts/src/std/slice.rs" 432 4 432 10 + let%span sslice20 = "../../../../creusot-contracts/src/std/slice.rs" 114 14 114 41 + let%span sslice21 = "../../../../creusot-contracts/src/std/slice.rs" 115 14 115 80 + let%span sslice22 = "../../../../creusot-contracts/src/std/slice.rs" 416 20 416 61 let%span sresolve23 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 let%span sops24 = "../../../../creusot-contracts/src/logic/ops.rs" 42 8 42 31 let%span smodel25 = "../../../../creusot-contracts/src/model.rs" 106 8 106 22 @@ -1416,16 +1432,18 @@ module M_06_knights_tour__min [#"06_knights_tour.rs" 110 0 110 58] use prelude.prelude.Borrow - use prelude.prelude.UIntSize + use prelude.prelude.Int - use prelude.prelude.IntSize + use prelude.prelude.UInt64 + + use prelude.prelude.Int64 type t_Point'0 = - { t_Point__x'0: isize; t_Point__y'0: isize } + { t_Point__x'0: Int64.t; t_Point__y'0: Int64.t } type t_Option'0 = | C_None'0 - | C_Some'0 (usize, t_Point'0) + | C_Some'0 (UInt64.t, t_Point'0) use prelude.prelude.Opaque @@ -1436,13 +1454,13 @@ module M_06_knights_tour__min [#"06_knights_tour.rs" 110 0 110 58] { t_Unique__pointer'0: t_NonNull'0; t_Unique__qy95zmarker'0: () } type t_Cap'0 = - { t_Cap__0'0: usize } + { t_Cap__0'0: UInt64.t } type t_RawVec'0 = { t_RawVec__ptr'0: t_Unique'0; t_RawVec__cap'0: t_Cap'0; t_RawVec__alloc'0: () } type t_Vec'0 = - { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: usize } + { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: UInt64.t } predicate inv'2 (_1 : t_Vec'0) @@ -1458,32 +1476,30 @@ module M_06_knights_tour__min [#"06_knights_tour.rs" 110 0 110 58] use seq.Seq - constant v_MAX'0 : usize = (18446744073709551615 : usize) - - use prelude.prelude.UIntSize + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.Int + use prelude.prelude.UInt64 - function view'1 (self : t_Vec'0) : Seq.seq (usize, t_Point'0) + function view'1 (self : t_Vec'0) : Seq.seq (UInt64.t, t_Point'0) - axiom view'1_spec : forall self : t_Vec'0 . [%#svec13] Seq.length (view'1 self) <= UIntSize.to_int (v_MAX'0 : usize) + axiom view'1_spec : forall self : t_Vec'0 . [%#svec13] Seq.length (view'1 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) - function view'0 (self : t_Vec'0) : Seq.seq (usize, t_Point'0) = + function view'0 (self : t_Vec'0) : Seq.seq (UInt64.t, t_Point'0) = [%#smodel7] view'1 self - use prelude.prelude.Slice + use Slice64.create - function view'2 (self : t_Iter'0) : slice (usize, t_Point'0) + function view'2 (self : t_Iter'0) : slice (UInt64.t, t_Point'0) - use prelude.prelude.Slice + use prelude.prelude.Slice64 - function view'5 (self : slice (usize, t_Point'0)) : Seq.seq (usize, t_Point'0) + function view'5 (self : slice (UInt64.t, t_Point'0)) : Seq.seq (UInt64.t, t_Point'0) - axiom view'5_spec : forall self : slice (usize, t_Point'0) . ([%#sslice26] Seq.length (view'5 self) - <= UIntSize.to_int (v_MAX'0 : usize)) - && ([%#sslice27] view'5 self = Slice.id self) + axiom view'5_spec : forall self : slice (UInt64.t, t_Point'0) . ([%#sslice26] Seq.length (view'5 self) + <= UInt64.to_uint (v_MAX'0 : UInt64.t)) + && ([%#sslice27] view'5 self = Slice64.id self) - function view'3 (self : slice (usize, t_Point'0)) : Seq.seq (usize, t_Point'0) = + function view'3 (self : slice (UInt64.t, t_Point'0)) : Seq.seq (UInt64.t, t_Point'0) = [%#smodel7] view'5 self predicate into_iter_post'0 (self : t_Vec'0) (res : t_Iter'0) = @@ -1503,7 +1519,7 @@ module M_06_knights_tour__min [#"06_knights_tour.rs" 110 0 110 58] use seq.Seq - function index_logic'0 [@inline:trivial] (self : t_Vec'0) (ix : int) : (usize, t_Point'0) = + function index_logic'0 [@inline:trivial] (self : t_Vec'0) (ix : int) : (UInt64.t, t_Point'0) = [%#sops8] Seq.get (view'1 self) ix use prelude.prelude.Snapshot @@ -1516,31 +1532,31 @@ module M_06_knights_tour__min [#"06_knights_tour.rs" 110 0 110 58] use seq.Seq - function index_logic'1 [@inline:trivial] (self : slice (usize, t_Point'0)) (ix : int) : (usize, t_Point'0) = + function index_logic'1 [@inline:trivial] (self : slice (UInt64.t, t_Point'0)) (ix : int) : (UInt64.t, t_Point'0) = [%#sops24] Seq.get (view'5 self) ix - function to_ref_seq'0 (self : slice (usize, t_Point'0)) : Seq.seq (usize, t_Point'0) + function to_ref_seq'0 (self : slice (UInt64.t, t_Point'0)) : Seq.seq (UInt64.t, t_Point'0) - axiom to_ref_seq'0_spec : forall self : slice (usize, t_Point'0) . ([%#sslice20] Seq.length (to_ref_seq'0 self) + axiom to_ref_seq'0_spec : forall self : slice (UInt64.t, t_Point'0) . ([%#sslice20] Seq.length (to_ref_seq'0 self) = Seq.length (view'3 self)) && ([%#sslice21] forall i : int . 0 <= i /\ i < Seq.length (to_ref_seq'0 self) -> Seq.get (to_ref_seq'0 self) i = index_logic'1 self i) - predicate produces'0 (self : t_Iter'0) (visited : Seq.seq (usize, t_Point'0)) (tl : t_Iter'0) = + predicate produces'0 (self : t_Iter'0) (visited : Seq.seq (UInt64.t, t_Point'0)) (tl : t_Iter'0) = [%#sslice9] to_ref_seq'0 (view'2 self) = Seq.(++) visited (to_ref_seq'0 (view'2 tl)) - function produces_trans'0 (a : t_Iter'0) (ab : Seq.seq (usize, t_Point'0)) (b : t_Iter'0) (bc : Seq.seq (usize, t_Point'0)) (c : t_Iter'0) : () + function produces_trans'0 (a : t_Iter'0) (ab : Seq.seq (UInt64.t, t_Point'0)) (b : t_Iter'0) (bc : Seq.seq (UInt64.t, t_Point'0)) (c : t_Iter'0) : () = [%#sslice19] () - axiom produces_trans'0_spec : forall a : t_Iter'0, ab : Seq.seq (usize, t_Point'0), b : t_Iter'0, bc : Seq.seq (usize, t_Point'0), c : t_Iter'0 . ([%#sslice16] produces'0 a ab b) + axiom produces_trans'0_spec : forall a : t_Iter'0, ab : Seq.seq (UInt64.t, t_Point'0), b : t_Iter'0, bc : Seq.seq (UInt64.t, t_Point'0), c : t_Iter'0 . ([%#sslice16] produces'0 a ab b) -> ([%#sslice17] produces'0 b bc c) -> ([%#sslice18] produces'0 a (Seq.(++) ab bc) c) function produces_refl'0 (self : t_Iter'0) : () = [%#sslice15] () - axiom produces_refl'0_spec : forall self : t_Iter'0 . [%#sslice14] produces'0 self (Seq.empty : Seq.seq (usize, t_Point'0)) self + axiom produces_refl'0_spec : forall self : t_Iter'0 . [%#sslice14] produces'0 self (Seq.empty : Seq.seq (UInt64.t, t_Point'0)) self predicate inv'0 (_1 : t_Iter'0) @@ -1548,9 +1564,9 @@ module M_06_knights_tour__min [#"06_knights_tour.rs" 110 0 110 58] use prelude.prelude.Snapshot - predicate inv'1 (_1 : Seq.seq (usize, t_Point'0)) + predicate inv'1 (_1 : Seq.seq (UInt64.t, t_Point'0)) - axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq (usize, t_Point'0) [inv'1 x] . inv'1 x = true + axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq (UInt64.t, t_Point'0) [inv'1 x] . inv'1 x = true predicate inv'3 (_1 : t_Option'0) @@ -1559,13 +1575,13 @@ module M_06_knights_tour__min [#"06_knights_tour.rs" 110 0 110 58] predicate resolve'1 (self : borrowed (t_Iter'0)) = [%#sresolve23] self.final = self.current - function view'4 (self : borrowed (t_Iter'0)) : slice (usize, t_Point'0) = + function view'4 (self : borrowed (t_Iter'0)) : slice (UInt64.t, t_Point'0) = [%#smodel25] view'2 self.current use seq.Seq predicate completed'0 (self : borrowed (t_Iter'0)) = - [%#sslice22] resolve'1 self /\ view'5 (view'4 self) = (Seq.empty : Seq.seq (usize, t_Point'0)) + [%#sslice22] resolve'1 self /\ view'5 (view'4 self) = (Seq.empty : Seq.seq (UInt64.t, t_Point'0)) use seq.Seq @@ -1581,9 +1597,9 @@ module M_06_knights_tour__min [#"06_knights_tour.rs" 110 0 110 58] predicate resolve'0 (_1 : borrowed (t_Iter'0)) = resolve'1 _1 - let rec v_Some'0 (input:t_Option'0) (ret (field_0:(usize, t_Point'0)))= any - [ good (field_0:(usize, t_Point'0))-> {C_Some'0 field_0 = input} (! ret {field_0}) - | bad -> {forall field_0 : (usize, t_Point'0) [C_Some'0 field_0 : t_Option'0] . C_Some'0 field_0 <> input} + let rec v_Some'0 (input:t_Option'0) (ret (field_0:(UInt64.t, t_Point'0)))= any + [ good (field_0:(UInt64.t, t_Point'0))-> {C_Some'0 field_0 = input} (! ret {field_0}) + | bad -> {forall field_0 : (UInt64.t, t_Point'0) [C_Some'0 field_0 : t_Option'0] . C_Some'0 field_0 <> input} (! {false} any) ] @@ -1604,7 +1620,7 @@ module M_06_knights_tour__min [#"06_knights_tour.rs" 110 0 110 58] | bb1 = s0 [ s0 = [ &iter_old <- [%#s06_knights_tour0] Snapshot.new iter ] s1 | s1 = bb2 ] | bb2 = s0 - [ s0 = [ &produced <- [%#s06_knights_tour1] Snapshot.new (Seq.empty : Seq.seq (usize, t_Point'0)) ] s1 + [ s0 = [ &produced <- [%#s06_knights_tour1] Snapshot.new (Seq.empty : Seq.seq (UInt64.t, t_Point'0)) ] s1 | s1 = bb3 ] | bb3 = bb4 @@ -1612,7 +1628,7 @@ module M_06_knights_tour__min [#"06_knights_tour.rs" 110 0 110 58] [ bb4 = {[@expl:for invariant] [%#s06_knights_tour3] inv'1 (Snapshot.inner produced)} {[@expl:for invariant] [%#s06_knights_tour3] inv'0 iter} {[@expl:for invariant] [%#s06_knights_tour3] produces'0 (Snapshot.inner iter_old) (Snapshot.inner produced) iter} - {[@expl:loop invariant] [%#s06_knights_tour2] forall r : (usize, t_Point'0) . min = C_Some'0 r + {[@expl:loop invariant] [%#s06_knights_tour2] forall r : (UInt64.t, t_Point'0) . min = C_Some'0 r -> (exists i : int . 0 <= i /\ i < Seq.length (view'0 v) /\ index_logic'0 v i = r)} (! s0) [ s0 = bb5 ] [ bb5 = s0 @@ -1625,11 +1641,13 @@ module M_06_knights_tour__min [#"06_knights_tour.rs" 110 0 110 58] | bb6 = s0 [ s0 = -{resolve'0 _18}- s1 - | s1 = any [ br0 -> {_16 = C_None'0 } (! bb9) | br1 (x0:(usize, t_Point'0))-> {_16 = C_Some'0 x0} (! bb8) ] ] + | s1 = any + [ br0 -> {_16 = C_None'0 } (! bb9) | br1 (x0:(UInt64.t, t_Point'0))-> {_16 = C_Some'0 x0} (! bb8) ] + ] | bb8 = bb10 | bb10 = s0 - [ s0 = v_Some'0 {_16} (fun (r0'0:(usize, t_Point'0)) -> [ &__creusot_proc_iter_elem <- r0'0 ] s1) + [ s0 = v_Some'0 {_16} (fun (r0'0:(UInt64.t, t_Point'0)) -> [ &__creusot_proc_iter_elem <- r0'0 ] s1) | s1 = [ &_21 <- [%#s06_knights_tour4] Snapshot.new (Seq.(++) (Snapshot.inner produced) (Seq.singleton __creusot_proc_iter_elem)) ] @@ -1640,12 +1658,12 @@ module M_06_knights_tour__min [#"06_knights_tour.rs" 110 0 110 58] [ s0 = [ &produced <- _21 ] s1 | s1 = [ &x <- __creusot_proc_iter_elem ] s2 | s2 = any - [ br0 -> {min = C_None'0 } (! bb13) | br1 (x0:(usize, t_Point'0))-> {min = C_Some'0 x0} (! bb14) ] + [ br0 -> {min = C_None'0 } (! bb13) | br1 (x0:(UInt64.t, t_Point'0))-> {min = C_Some'0 x0} (! bb14) ] ] | bb14 = s0 - [ s0 = v_Some'0 {min} (fun (r0'0:(usize, t_Point'0)) -> [ &m <- r0'0 ] s1) - | s1 = UIntSize.lt {let (r'0, _) = x in r'0} {let (r'1, _) = m in r'1} + [ s0 = v_Some'0 {min} (fun (r0'0:(UInt64.t, t_Point'0)) -> [ &m <- r0'0 ] s1) + | s1 = UInt64.lt {let (r'1, _) = x in r'1} {let (r'0, _) = m in r'0} (fun (_ret':bool) -> [ &_29 <- _ret' ] s2) | s2 = any [ br0 -> {_29 = false} (! bb17) | br1 -> {_29} (! bb16) ] ] @@ -1664,19 +1682,19 @@ module M_06_knights_tour__min [#"06_knights_tour.rs" 110 0 110 58] | & min : t_Option'0 = any_l () | & iter : t_Iter'0 = any_l () | & iter_old : Snapshot.snap_ty (t_Iter'0) = any_l () - | & produced : Snapshot.snap_ty (Seq.seq (usize, t_Point'0)) = any_l () + | & produced : Snapshot.snap_ty (Seq.seq (UInt64.t, t_Point'0)) = any_l () | & _16 : t_Option'0 = any_l () | & _17 : borrowed (t_Iter'0) = any_l () | & _18 : borrowed (t_Iter'0) = any_l () - | & __creusot_proc_iter_elem : (usize, t_Point'0) = any_l () - | & _21 : Snapshot.snap_ty (Seq.seq (usize, t_Point'0)) = any_l () - | & x : (usize, t_Point'0) = any_l () + | & __creusot_proc_iter_elem : (UInt64.t, t_Point'0) = any_l () + | & _21 : Snapshot.snap_ty (Seq.seq (UInt64.t, t_Point'0)) = any_l () + | & x : (UInt64.t, t_Point'0) = any_l () | & _26 : t_Option'0 = any_l () - | & m : (usize, t_Point'0) = any_l () + | & m : (UInt64.t, t_Point'0) = any_l () | & _29 : bool = any_l () | & _32 : t_Option'0 = any_l () ] - [ return' (result:t_Option'0)-> {[@expl:min ensures] [%#s06_knights_tour5] forall r : (usize, t_Point'0) . result + [ return' (result:t_Option'0)-> {[@expl:min ensures] [%#s06_knights_tour5] forall r : (UInt64.t, t_Point'0) . result = C_Some'0 r -> (exists i : int . 0 <= i /\ i < Seq.length (view'0 v) /\ index_logic'0 v i = r)} (! return' {result}) ] @@ -1686,18 +1704,18 @@ module M_06_knights_tour__dumb_nonlinear_arith [#"06_knights_tour.rs" 130 0 130 let%span s06_knights_tour1 = "06_knights_tour.rs" 129 10 129 30 let%span s06_knights_tour2 = "06_knights_tour.rs" 127 0 127 8 - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 use prelude.prelude.Int - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 - constant a : usize + constant a : UInt64.t - function dumb_nonlinear_arith'0 [#"06_knights_tour.rs" 130 0 130 33] (a : usize) : () + function dumb_nonlinear_arith'0 [#"06_knights_tour.rs" 130 0 130 33] (a : UInt64.t) : () - goal vc_dumb_nonlinear_arith'0 : ([%#s06_knights_tour0] UIntSize.to_int a <= 1000) - -> ([%#s06_knights_tour1] UIntSize.to_int a * UIntSize.to_int a <= 1000000) + goal vc_dumb_nonlinear_arith'0 : ([%#s06_knights_tour0] UInt64.to_uint a <= 1000) + -> ([%#s06_knights_tour1] UInt64.to_uint a * UInt64.to_uint a <= 1000000) end module M_06_knights_tour__knights_tour [#"06_knights_tour.rs" 135 0 135 69] let%span s06_knights_tour0 = "06_knights_tour.rs" 138 17 138 18 @@ -1764,7 +1782,7 @@ module M_06_knights_tour__knights_tour [#"06_knights_tour.rs" 135 0 135 69] let%span srange61 = "../../../../creusot-contracts/src/std/iter/range.rs" 42 15 42 32 let%span srange62 = "../../../../creusot-contracts/src/std/iter/range.rs" 43 15 43 32 let%span srange63 = "../../../../creusot-contracts/src/std/iter/range.rs" 44 14 44 42 - let%span snum64 = "../../../../creusot-contracts/src/std/num.rs" 21 28 21 33 + let%span snum64 = "../../../../creusot-contracts/src/std/num.rs" 52 28 52 33 let%span srange65 = "../../../../creusot-contracts/src/std/iter/range.rs" 15 12 15 78 let%span sresolve66 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 let%span svec67 = "../../../../creusot-contracts/src/std/vec.rs" 191 20 191 24 @@ -1778,12 +1796,26 @@ module M_06_knights_tour__knights_tour [#"06_knights_tour.rs" 135 0 135 69] let%span svec75 = "../../../../creusot-contracts/src/std/vec.rs" 257 20 257 57 let%span smodel76 = "../../../../creusot-contracts/src/model.rs" 106 8 106 22 let%span smodel77 = "../../../../creusot-contracts/src/model.rs" 88 8 88 22 - - use prelude.prelude.UIntSize + let%span sord78 = "../../../../creusot-contracts/src/logic/ord.rs" 78 39 78 89 + let%span sord79 = "../../../../creusot-contracts/src/logic/ord.rs" 83 39 83 86 + let%span sord80 = "../../../../creusot-contracts/src/logic/ord.rs" 88 39 88 86 + let%span sord81 = "../../../../creusot-contracts/src/logic/ord.rs" 93 39 93 89 + let%span sord82 = "../../../../creusot-contracts/src/logic/ord.rs" 98 39 98 70 + let%span sord83 = "../../../../creusot-contracts/src/logic/ord.rs" 103 40 103 57 + let%span sord84 = "../../../../creusot-contracts/src/logic/ord.rs" 104 40 104 57 + let%span sord85 = "../../../../creusot-contracts/src/logic/ord.rs" 105 39 105 56 + let%span sord86 = "../../../../creusot-contracts/src/logic/ord.rs" 110 40 110 70 + let%span sord87 = "../../../../creusot-contracts/src/logic/ord.rs" 111 39 111 72 + let%span sord88 = "../../../../creusot-contracts/src/logic/ord.rs" 116 40 116 73 + let%span sord89 = "../../../../creusot-contracts/src/logic/ord.rs" 117 39 117 69 + let%span sord90 = "../../../../creusot-contracts/src/logic/ord.rs" 122 39 122 84 + let%span sord91 = "../../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 + + use prelude.prelude.UInt64 use prelude.prelude.Int - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 use prelude.prelude.Opaque @@ -1794,20 +1826,20 @@ module M_06_knights_tour__knights_tour [#"06_knights_tour.rs" 135 0 135 69] { t_Unique__pointer'2: t_NonNull'2; t_Unique__qy95zmarker'2: () } type t_Cap'0 = - { t_Cap__0'0: usize } + { t_Cap__0'0: UInt64.t } type t_RawVec'2 = { t_RawVec__ptr'2: t_Unique'2; t_RawVec__cap'2: t_Cap'0; t_RawVec__alloc'2: () } type t_Vec'2 = - { t_Vec__buf'2: t_RawVec'2; t_Vec__len'2: usize } + { t_Vec__buf'2: t_RawVec'2; t_Vec__len'2: UInt64.t } type t_Board'0 = - { t_Board__size'0: usize; t_Board__field'0: t_Vec'2 } + { t_Board__size'0: UInt64.t; t_Board__field'0: t_Vec'2 } use seq.Seq - constant v_MAX'0 : usize = (18446744073709551615 : usize) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) type t_NonNull'3 = { t_NonNull__pointer'3: opaque_ptr } @@ -1819,13 +1851,13 @@ module M_06_knights_tour__knights_tour [#"06_knights_tour.rs" 135 0 135 69] { t_RawVec__ptr'3: t_Unique'3; t_RawVec__cap'3: t_Cap'0; t_RawVec__alloc'3: () } type t_Vec'3 = - { t_Vec__buf'3: t_RawVec'3; t_Vec__len'3: usize } + { t_Vec__buf'3: t_RawVec'3; t_Vec__len'3: UInt64.t } use seq.Seq function view'1 (self : t_Vec'2) : Seq.seq (t_Vec'3) - axiom view'1_spec : forall self : t_Vec'2 . [%#svec39] Seq.length (view'1 self) <= UIntSize.to_int (v_MAX'0 : usize) + axiom view'1_spec : forall self : t_Vec'2 . [%#svec39] Seq.length (view'1 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) use seq.Seq @@ -1836,17 +1868,17 @@ module M_06_knights_tour__knights_tour [#"06_knights_tour.rs" 135 0 135 69] use seq.Seq - function view'2 (self : t_Vec'3) : Seq.seq usize + function view'2 (self : t_Vec'3) : Seq.seq UInt64.t - axiom view'2_spec : forall self : t_Vec'3 . [%#svec39] Seq.length (view'2 self) <= UIntSize.to_int (v_MAX'0 : usize) + axiom view'2_spec : forall self : t_Vec'3 . [%#svec39] Seq.length (view'2 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) predicate wf'0 [#"06_knights_tour.rs" 30 4 30 23] (self : t_Board'0) = - [%#s06_knights_tour33] UIntSize.to_int self.t_Board__size'0 <= 1000 - /\ Seq.length (view'1 self.t_Board__field'0) = UIntSize.to_int self.t_Board__size'0 - /\ (forall i : int . 0 <= i /\ i < UIntSize.to_int self.t_Board__size'0 - -> Seq.length (view'2 (index_logic'1 self.t_Board__field'0 i)) = UIntSize.to_int self.t_Board__size'0) + [%#s06_knights_tour33] UInt64.to_uint self.t_Board__size'0 <= 1000 + /\ Seq.length (view'1 self.t_Board__field'0) = UInt64.to_uint self.t_Board__size'0 + /\ (forall i : int . 0 <= i /\ i < UInt64.to_uint self.t_Board__size'0 + -> Seq.length (view'2 (index_logic'1 self.t_Board__field'0 i)) = UInt64.to_uint self.t_Board__size'0) - let rec new'0 (size:usize) (return' (ret:t_Board'0))= {[@expl:new requires] [%#s06_knights_tour21] UIntSize.to_int size + let rec new'0 (size:UInt64.t) (return' (ret:t_Board'0))= {[@expl:new requires] [%#s06_knights_tour21] UInt64.to_uint size <= 1000} any [ return' (result:t_Board'0)-> {[%#s06_knights_tour22] result.t_Board__size'0 = size} @@ -1854,21 +1886,21 @@ module M_06_knights_tour__knights_tour [#"06_knights_tour.rs" 135 0 135 69] (! return' {result}) ] - use prelude.prelude.IntSize + use prelude.prelude.Int64 type t_Point'0 = - { t_Point__x'0: isize; t_Point__y'0: isize } + { t_Point__x'0: Int64.t; t_Point__y'0: Int64.t } use prelude.prelude.Borrow - use prelude.prelude.IntSize + use prelude.prelude.Int64 predicate in_bounds'0 [#"06_knights_tour.rs" 61 4 61 40] (self : t_Board'0) (p : t_Point'0) = - [%#s06_knights_tour32] 0 <= IntSize.to_int p.t_Point__x'0 - /\ IntSize.to_int p.t_Point__x'0 < UIntSize.to_int self.t_Board__size'0 - /\ 0 <= IntSize.to_int p.t_Point__y'0 /\ IntSize.to_int p.t_Point__y'0 < UIntSize.to_int self.t_Board__size'0 + [%#s06_knights_tour32] 0 <= Int64.to_int p.t_Point__x'0 + /\ Int64.to_int p.t_Point__x'0 < UInt64.to_uint self.t_Board__size'0 + /\ 0 <= Int64.to_int p.t_Point__y'0 /\ Int64.to_int p.t_Point__y'0 < UInt64.to_uint self.t_Board__size'0 - let rec set'0 (self:borrowed (t_Board'0)) (p:t_Point'0) (v:usize) (return' (ret:()))= {[@expl:set requires #0] [%#s06_knights_tour24] wf'0 self.current} + let rec set'0 (self:borrowed (t_Board'0)) (p:t_Point'0) (v:UInt64.t) (return' (ret:()))= {[@expl:set requires #0] [%#s06_knights_tour24] wf'0 self.current} {[@expl:set requires #1] [%#s06_knights_tour25] in_bounds'0 self.current p} any [ return' (result:())-> {[%#s06_knights_tour26] wf'0 self.final} @@ -1876,16 +1908,16 @@ module M_06_knights_tour__knights_tour [#"06_knights_tour.rs" 135 0 135 69] (! return' {result}) ] - function dumb_nonlinear_arith'0 [#"06_knights_tour.rs" 130 0 130 33] (a : usize) : () = + function dumb_nonlinear_arith'0 [#"06_knights_tour.rs" 130 0 130 33] (a : UInt64.t) : () = [%#s06_knights_tour30] () - axiom dumb_nonlinear_arith'0_spec : forall a : usize . ([%#s06_knights_tour28] UIntSize.to_int a <= 1000) - -> ([%#s06_knights_tour29] UIntSize.to_int a * UIntSize.to_int a <= 1000000) + axiom dumb_nonlinear_arith'0_spec : forall a : UInt64.t . ([%#s06_knights_tour28] UInt64.to_uint a <= 1000) + -> ([%#s06_knights_tour29] UInt64.to_uint a * UInt64.to_uint a <= 1000000) use prelude.prelude.Snapshot type t_Range'0 = - { t_Range__start'0: usize; t_Range__end'0: usize } + { t_Range__start'0: UInt64.t; t_Range__end'0: UInt64.t } predicate inv'0 (_1 : t_Range'0) @@ -1913,12 +1945,12 @@ module M_06_knights_tour__knights_tour [#"06_knights_tour.rs" 135 0 135 69] use seq.Seq - function deep_model'0 (self : usize) : int = - [%#snum64] UIntSize.to_int self + function deep_model'0 (self : UInt64.t) : int = + [%#snum64] UInt64.to_uint self use seq.Seq - predicate produces'0 (self : t_Range'0) (visited : Seq.seq usize) (o : t_Range'0) = + predicate produces'0 (self : t_Range'0) (visited : Seq.seq UInt64.t) (o : t_Range'0) = [%#srange34] self.t_Range__end'0 = o.t_Range__end'0 /\ deep_model'0 self.t_Range__start'0 <= deep_model'0 o.t_Range__start'0 /\ (Seq.length visited > 0 -> deep_model'0 o.t_Range__start'0 <= deep_model'0 o.t_Range__end'0) @@ -1926,10 +1958,10 @@ module M_06_knights_tour__knights_tour [#"06_knights_tour.rs" 135 0 135 69] /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> deep_model'0 (Seq.get visited i) = deep_model'0 self.t_Range__start'0 + i) - function produces_trans'0 (a : t_Range'0) (ab : Seq.seq usize) (b : t_Range'0) (bc : Seq.seq usize) (c : t_Range'0) : () + function produces_trans'0 (a : t_Range'0) (ab : Seq.seq UInt64.t) (b : t_Range'0) (bc : Seq.seq UInt64.t) (c : t_Range'0) : () - axiom produces_trans'0_spec : forall a : t_Range'0, ab : Seq.seq usize, b : t_Range'0, bc : Seq.seq usize, c : t_Range'0 . ([%#srange58] inv'0 a) + axiom produces_trans'0_spec : forall a : t_Range'0, ab : Seq.seq UInt64.t, b : t_Range'0, bc : Seq.seq UInt64.t, c : t_Range'0 . ([%#srange58] inv'0 a) -> ([%#srange59] inv'0 b) -> ([%#srange60] inv'0 c) -> ([%#srange61] produces'0 a ab b) @@ -1938,13 +1970,13 @@ module M_06_knights_tour__knights_tour [#"06_knights_tour.rs" 135 0 135 69] function produces_refl'0 (self : t_Range'0) : () axiom produces_refl'0_spec : forall self : t_Range'0 . ([%#srange56] inv'0 self) - -> ([%#srange57] produces'0 self (Seq.empty : Seq.seq usize) self) + -> ([%#srange57] produces'0 self (Seq.empty : Seq.seq UInt64.t) self) use prelude.prelude.Snapshot - predicate inv'1 (_1 : Seq.seq usize) + predicate inv'1 (_1 : Seq.seq UInt64.t) - axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq usize [inv'1 x] . inv'1 x = true + axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq UInt64.t [inv'1 x] . inv'1 x = true predicate inv'4 (_1 : borrowed (t_Range'0)) @@ -1952,7 +1984,7 @@ module M_06_knights_tour__knights_tour [#"06_knights_tour.rs" 135 0 135 69] type t_Option'0 = | C_None'0 - | C_Some'0 usize + | C_Some'0 UInt64.t predicate inv'5 (_1 : t_Option'0) @@ -1980,9 +2012,9 @@ module M_06_knights_tour__knights_tour [#"06_knights_tour.rs" 135 0 135 69] predicate resolve'0 (_1 : borrowed (t_Range'0)) = resolve'2 _1 - let rec v_Some'0 (input:t_Option'0) (ret (field_0:usize))= any - [ good (field_0:usize)-> {C_Some'0 field_0 = input} (! ret {field_0}) - | bad -> {forall field_0 : usize [C_Some'0 field_0 : t_Option'0] . C_Some'0 field_0 <> input} (! {false} any) ] + let rec v_Some'0 (input:t_Option'0) (ret (field_0:UInt64.t))= any + [ good (field_0:UInt64.t)-> {C_Some'0 field_0 = input} (! ret {field_0}) + | bad -> {forall field_0 : UInt64.t [C_Some'0 field_0 : t_Option'0] . C_Some'0 field_0 <> input} (! {false} any) ] type t_NonNull'1 = @@ -1995,7 +2027,7 @@ module M_06_knights_tour__knights_tour [#"06_knights_tour.rs" 135 0 135 69] { t_RawVec__ptr'0: t_Unique'0; t_RawVec__cap'0: t_Cap'0; t_RawVec__alloc'0: () } type t_Vec'0 = - { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: usize } + { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: UInt64.t } predicate inv'6 (_1 : t_Vec'0) @@ -2005,9 +2037,9 @@ module M_06_knights_tour__knights_tour [#"06_knights_tour.rs" 135 0 135 69] use seq.Seq - function view'0 (self : t_Vec'0) : Seq.seq (usize, t_Point'0) + function view'0 (self : t_Vec'0) : Seq.seq (UInt64.t, t_Point'0) - axiom view'0_spec : forall self : t_Vec'0 . [%#svec39] Seq.length (view'0 self) <= UIntSize.to_int (v_MAX'0 : usize) + axiom view'0_spec : forall self : t_Vec'0 . [%#svec39] Seq.length (view'0 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) let rec new'1 (_1:()) (return' (ret:t_Vec'0))= any [ return' (result:t_Vec'0)-> {inv'6 result} {[%#svec36] Seq.length (view'0 result) = 0} (! return' {result}) ] @@ -2025,26 +2057,26 @@ module M_06_knights_tour__knights_tour [#"06_knights_tour.rs" 135 0 135 69] { t_RawVec__ptr'1: t_Unique'1; t_RawVec__cap'1: t_Cap'0; t_RawVec__alloc'1: () } type t_Vec'1 = - { t_Vec__buf'1: t_RawVec'1; t_Vec__len'1: usize } + { t_Vec__buf'1: t_RawVec'1; t_Vec__len'1: UInt64.t } use seq.Seq - function view'3 (self : t_Vec'1) : Seq.seq (isize, isize) + function view'3 (self : t_Vec'1) : Seq.seq (Int64.t, Int64.t) - axiom view'3_spec : forall self : t_Vec'1 . [%#svec39] Seq.length (view'3 self) <= UIntSize.to_int (v_MAX'0 : usize) + axiom view'3_spec : forall self : t_Vec'1 . [%#svec39] Seq.length (view'3 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) use seq.Seq - function index_logic'2 [@inline:trivial] (self : t_Vec'1) (ix : int) : (isize, isize) = + function index_logic'2 [@inline:trivial] (self : t_Vec'1) (ix : int) : (Int64.t, Int64.t) = [%#sops40] Seq.get (view'3 self) ix let rec moves'0 (_1:()) (return' (ret:t_Vec'1))= any [ return' (result:t_Vec'1)-> {[%#s06_knights_tour37] Seq.length (view'3 result) = 8} {[%#s06_knights_tour38] forall i : int . 0 <= i /\ i < 8 - -> - 2 <= IntSize.to_int (let (a, _) = index_logic'2 result i in a) - /\ IntSize.to_int (let (a, _) = index_logic'2 result i in a) <= 2 - /\ - 2 <= IntSize.to_int (let (_, a) = index_logic'2 result i in a) - /\ IntSize.to_int (let (_, a) = index_logic'2 result i in a) <= 2} + -> - 2 <= Int64.to_int (let (a, _) = index_logic'2 result i in a) + /\ Int64.to_int (let (a, _) = index_logic'2 result i in a) <= 2 + /\ - 2 <= Int64.to_int (let (_, a) = index_logic'2 result i in a) + /\ Int64.to_int (let (_, a) = index_logic'2 result i in a) <= 2} (! return' {result}) ] @@ -2061,7 +2093,7 @@ module M_06_knights_tour__knights_tour [#"06_knights_tour.rs" 135 0 135 69] type t_IntoIter'0 = { t_IntoIter__buf'0: t_NonNull'0; t_IntoIter__phantom'0: (); - t_IntoIter__cap'0: usize; + t_IntoIter__cap'0: UInt64.t; t_IntoIter__alloc'0: t_ManuallyDrop'0; t_IntoIter__ptr'0: t_NonNull'0; t_IntoIter__end'0: opaque_ptr } @@ -2070,7 +2102,7 @@ module M_06_knights_tour__knights_tour [#"06_knights_tour.rs" 135 0 135 69] axiom inv_axiom'2 [@rewrite] : forall x : t_IntoIter'0 [inv'2 x] . inv'2 x = true - function view'4 (self : t_IntoIter'0) : Seq.seq (isize, isize) + function view'4 (self : t_IntoIter'0) : Seq.seq (Int64.t, Int64.t) predicate into_iter_post'1 (self : t_Vec'1) (res : t_IntoIter'0) = [%#svec68] view'3 self = view'4 res @@ -2089,7 +2121,7 @@ module M_06_knights_tour__knights_tour [#"06_knights_tour.rs" 135 0 135 69] use seq.Seq - function index_logic'0 [@inline:trivial] (self : t_Vec'0) (ix : int) : (usize, t_Point'0) = + function index_logic'0 [@inline:trivial] (self : t_Vec'0) (ix : int) : (UInt64.t, t_Point'0) = [%#sops40] Seq.get (view'0 self) ix use prelude.prelude.Snapshot @@ -2098,27 +2130,27 @@ module M_06_knights_tour__knights_tour [#"06_knights_tour.rs" 135 0 135 69] use seq.Seq - predicate produces'1 (self : t_IntoIter'0) (visited : Seq.seq (isize, isize)) (rhs : t_IntoIter'0) = + predicate produces'1 (self : t_IntoIter'0) (visited : Seq.seq (Int64.t, Int64.t)) (rhs : t_IntoIter'0) = [%#svec41] view'4 self = Seq.(++) visited (view'4 rhs) - function produces_trans'1 (a : t_IntoIter'0) (ab : Seq.seq (isize, isize)) (b : t_IntoIter'0) (bc : Seq.seq (isize, isize)) (c : t_IntoIter'0) : () + function produces_trans'1 (a : t_IntoIter'0) (ab : Seq.seq (Int64.t, Int64.t)) (b : t_IntoIter'0) (bc : Seq.seq (Int64.t, Int64.t)) (c : t_IntoIter'0) : () = [%#svec74] () - axiom produces_trans'1_spec : forall a : t_IntoIter'0, ab : Seq.seq (isize, isize), b : t_IntoIter'0, bc : Seq.seq (isize, isize), c : t_IntoIter'0 . ([%#svec71] produces'1 a ab b) + axiom produces_trans'1_spec : forall a : t_IntoIter'0, ab : Seq.seq (Int64.t, Int64.t), b : t_IntoIter'0, bc : Seq.seq (Int64.t, Int64.t), c : t_IntoIter'0 . ([%#svec71] produces'1 a ab b) -> ([%#svec72] produces'1 b bc c) -> ([%#svec73] produces'1 a (Seq.(++) ab bc) c) function produces_refl'1 (self : t_IntoIter'0) : () = [%#svec70] () - axiom produces_refl'1_spec : forall self : t_IntoIter'0 . [%#svec69] produces'1 self (Seq.empty : Seq.seq (isize, isize)) self + axiom produces_refl'1_spec : forall self : t_IntoIter'0 . [%#svec69] produces'1 self (Seq.empty : Seq.seq (Int64.t, Int64.t)) self use prelude.prelude.Snapshot - predicate inv'3 (_1 : Seq.seq (isize, isize)) + predicate inv'3 (_1 : Seq.seq (Int64.t, Int64.t)) - axiom inv_axiom'3 [@rewrite] : forall x : Seq.seq (isize, isize) [inv'3 x] . inv'3 x = true + axiom inv_axiom'3 [@rewrite] : forall x : Seq.seq (Int64.t, Int64.t) [inv'3 x] . inv'3 x = true predicate inv'8 (_1 : borrowed (t_IntoIter'0)) @@ -2126,7 +2158,7 @@ module M_06_knights_tour__knights_tour [#"06_knights_tour.rs" 135 0 135 69] type t_Option'1 = | C_None'1 - | C_Some'1 (isize, isize) + | C_Some'1 (Int64.t, Int64.t) predicate inv'9 (_1 : t_Option'1) @@ -2135,11 +2167,11 @@ module M_06_knights_tour__knights_tour [#"06_knights_tour.rs" 135 0 135 69] predicate resolve'3 (self : borrowed (t_IntoIter'0)) = [%#sresolve66] self.final = self.current - function view'7 (self : borrowed (t_IntoIter'0)) : Seq.seq (isize, isize) = + function view'7 (self : borrowed (t_IntoIter'0)) : Seq.seq (Int64.t, Int64.t) = [%#smodel76] view'4 self.current predicate completed'1 (self : borrowed (t_IntoIter'0)) = - [%#svec75] resolve'3 self /\ view'7 self = (Seq.empty : Seq.seq (isize, isize)) + [%#svec75] resolve'3 self /\ view'7 self = (Seq.empty : Seq.seq (Int64.t, Int64.t)) use seq.Seq @@ -2156,70 +2188,70 @@ module M_06_knights_tour__knights_tour [#"06_knights_tour.rs" 135 0 135 69] predicate resolve'1 (_1 : borrowed (t_IntoIter'0)) = resolve'3 _1 - let rec v_Some'1 (input:t_Option'1) (ret (field_0:(isize, isize)))= any - [ good (field_0:(isize, isize))-> {C_Some'1 field_0 = input} (! ret {field_0}) - | bad -> {forall field_0 : (isize, isize) [C_Some'1 field_0 : t_Option'1] . C_Some'1 field_0 <> input} + let rec v_Some'1 (input:t_Option'1) (ret (field_0:(Int64.t, Int64.t)))= any + [ good (field_0:(Int64.t, Int64.t))-> {C_Some'1 field_0 = input} (! ret {field_0}) + | bad -> {forall field_0 : (Int64.t, Int64.t) [C_Some'1 field_0 : t_Option'1] . C_Some'1 field_0 <> input} (! {false} any) ] - let rec mov'0 (self:t_Point'0) (p:(isize, isize)) (return' (ret:t_Point'0))= {[@expl:mov requires #0] [%#s06_knights_tour42] - 10000 - <= IntSize.to_int self.t_Point__x'0 - /\ IntSize.to_int self.t_Point__x'0 <= 10000} - {[@expl:mov requires #1] [%#s06_knights_tour43] - 10000 <= IntSize.to_int self.t_Point__y'0 - /\ IntSize.to_int self.t_Point__y'0 <= 10000} - {[@expl:mov requires #2] [%#s06_knights_tour44] - 10000 <= IntSize.to_int (let (a, _) = p in a) - /\ IntSize.to_int (let (a, _) = p in a) <= 10000} - {[@expl:mov requires #3] [%#s06_knights_tour45] - 10000 <= IntSize.to_int (let (_, a) = p in a) - /\ IntSize.to_int (let (_, a) = p in a) <= 10000} + let rec mov'0 (self:t_Point'0) (p:(Int64.t, Int64.t)) (return' (ret:t_Point'0))= {[@expl:mov requires #0] [%#s06_knights_tour42] - 10000 + <= Int64.to_int self.t_Point__x'0 + /\ Int64.to_int self.t_Point__x'0 <= 10000} + {[@expl:mov requires #1] [%#s06_knights_tour43] - 10000 <= Int64.to_int self.t_Point__y'0 + /\ Int64.to_int self.t_Point__y'0 <= 10000} + {[@expl:mov requires #2] [%#s06_knights_tour44] - 10000 <= Int64.to_int (let (a, _) = p in a) + /\ Int64.to_int (let (a, _) = p in a) <= 10000} + {[@expl:mov requires #3] [%#s06_knights_tour45] - 10000 <= Int64.to_int (let (_, a) = p in a) + /\ Int64.to_int (let (_, a) = p in a) <= 10000} any - [ return' (result:t_Point'0)-> {[%#s06_knights_tour46] IntSize.to_int result.t_Point__x'0 - = IntSize.to_int self.t_Point__x'0 + IntSize.to_int (let (a, _) = p in a)} - {[%#s06_knights_tour47] IntSize.to_int result.t_Point__y'0 - = IntSize.to_int self.t_Point__y'0 + IntSize.to_int (let (_, a) = p in a)} + [ return' (result:t_Point'0)-> {[%#s06_knights_tour46] Int64.to_int result.t_Point__x'0 + = Int64.to_int self.t_Point__x'0 + Int64.to_int (let (a, _) = p in a)} + {[%#s06_knights_tour47] Int64.to_int result.t_Point__y'0 + = Int64.to_int self.t_Point__y'0 + Int64.to_int (let (_, a) = p in a)} (! return' {result}) ] let rec available'0 (self:t_Board'0) (p:t_Point'0) (return' (ret:bool))= {[@expl:available requires] [%#s06_knights_tour48] wf'0 self} any [ return' (result:bool)-> {[%#s06_knights_tour49] result -> in_bounds'0 self p} (! return' {result}) ] - let rec count_degree'0 (self:t_Board'0) (p:t_Point'0) (return' (ret:usize))= {[@expl:count_degree requires #0] [%#s06_knights_tour50] wf'0 self} + let rec count_degree'0 (self:t_Board'0) (p:t_Point'0) (return' (ret:UInt64.t))= {[@expl:count_degree requires #0] [%#s06_knights_tour50] wf'0 self} {[@expl:count_degree requires #1] [%#s06_knights_tour51] in_bounds'0 self p} - any [ return' (result:usize)-> (! return' {result}) ] + any [ return' (result:UInt64.t)-> (! return' {result}) ] predicate inv'10 (_1 : borrowed (t_Vec'0)) axiom inv_axiom'10 [@rewrite] : forall x : borrowed (t_Vec'0) [inv'10 x] . inv'10 x = true - predicate inv'11 (_1 : (usize, t_Point'0)) + predicate inv'11 (_1 : (UInt64.t, t_Point'0)) - axiom inv_axiom'11 [@rewrite] : forall x : (usize, t_Point'0) [inv'11 x] . inv'11 x = true + axiom inv_axiom'11 [@rewrite] : forall x : (UInt64.t, t_Point'0) [inv'11 x] . inv'11 x = true - function view'5 (self : borrowed (t_Vec'0)) : Seq.seq (usize, t_Point'0) = + function view'5 (self : borrowed (t_Vec'0)) : Seq.seq (UInt64.t, t_Point'0) = [%#smodel76] view'0 self.current use seq.Seq - let rec push'0 (self:borrowed (t_Vec'0)) (value:(usize, t_Point'0)) (return' (ret:()))= {[@expl:push 'self' type invariant] inv'10 self} + let rec push'0 (self:borrowed (t_Vec'0)) (value:(UInt64.t, t_Point'0)) (return' (ret:()))= {[@expl:push 'self' type invariant] inv'10 self} {[@expl:push 'value' type invariant] inv'11 value} any [ return' (result:())-> {[%#svec52] view'0 self.final = Seq.snoc (view'5 self) value} (! return' {result}) ] type t_Option'2 = | C_None'2 - | C_Some'2 (usize, t_Point'0) + | C_Some'2 (UInt64.t, t_Point'0) - function view'6 (self : t_Vec'0) : Seq.seq (usize, t_Point'0) = + function view'6 (self : t_Vec'0) : Seq.seq (UInt64.t, t_Point'0) = [%#smodel77] view'0 self let rec min'0 (v:t_Vec'0) (return' (ret:t_Option'2))= any - [ return' (result:t_Option'2)-> {[%#s06_knights_tour53] forall r : (usize, t_Point'0) . result = C_Some'2 r + [ return' (result:t_Option'2)-> {[%#s06_knights_tour53] forall r : (UInt64.t, t_Point'0) . result = C_Some'2 r -> (exists i : int . 0 <= i /\ i < Seq.length (view'6 v) /\ index_logic'0 v i = r)} (! return' {result}) ] - let rec v_Some'2 (input:t_Option'2) (ret (field_0:(usize, t_Point'0)))= any - [ good (field_0:(usize, t_Point'0))-> {C_Some'2 field_0 = input} (! ret {field_0}) - | bad -> {forall field_0 : (usize, t_Point'0) [C_Some'2 field_0 : t_Option'2] . C_Some'2 field_0 <> input} + let rec v_Some'2 (input:t_Option'2) (ret (field_0:(UInt64.t, t_Point'0)))= any + [ good (field_0:(UInt64.t, t_Point'0))-> {C_Some'2 field_0 = input} (! ret {field_0}) + | bad -> {forall field_0 : (UInt64.t, t_Point'0) [C_Some'2 field_0 : t_Option'2] . C_Some'2 field_0 <> input} (! {false} any) ] @@ -2240,33 +2272,94 @@ module M_06_knights_tour__knights_tour [#"06_knights_tour.rs" 135 0 135 69] use prelude.prelude.Snapshot + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 + + use prelude.prelude.UInt64 + + function cmp_log'0 (self : UInt64.t) (o : UInt64.t) : t_Ordering'0 = + [%#sord91] if UInt64.ult self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + + function eq_cmp'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom eq_cmp'0_spec : forall x : UInt64.t, y : UInt64.t . [%#sord90] (x = y) = (cmp_log'0 x y = C_Equal'0) + + function antisym2'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom antisym2'0_spec : forall x : UInt64.t, y : UInt64.t . ([%#sord88] cmp_log'0 x y = C_Greater'0) + -> ([%#sord89] cmp_log'0 y x = C_Less'0) + + function antisym1'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom antisym1'0_spec : forall x : UInt64.t, y : UInt64.t . ([%#sord86] cmp_log'0 x y = C_Less'0) + -> ([%#sord87] cmp_log'0 y x = C_Greater'0) + + function trans'0 (x : UInt64.t) (y : UInt64.t) (z : UInt64.t) (o : t_Ordering'0) : () + + axiom trans'0_spec : forall x : UInt64.t, y : UInt64.t, z : UInt64.t, o : t_Ordering'0 . ([%#sord83] cmp_log'0 x y + = o) -> ([%#sord84] cmp_log'0 y z = o) -> ([%#sord85] cmp_log'0 x z = o) + + function refl'0 (x : UInt64.t) : () + + axiom refl'0_spec : forall x : UInt64.t . [%#sord82] cmp_log'0 x x = C_Equal'0 + + use prelude.prelude.UInt64 + + function cmp_gt_log'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom cmp_gt_log'0_spec : forall x : UInt64.t, y : UInt64.t . [%#sord81] UInt64.ugt x y + = (cmp_log'0 x y = C_Greater'0) + + use prelude.prelude.UInt64 + + function cmp_ge_log'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom cmp_ge_log'0_spec : forall x : UInt64.t, y : UInt64.t . [%#sord80] UInt64.uge x y = (cmp_log'0 x y <> C_Less'0) + + function cmp_lt_log'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom cmp_lt_log'0_spec : forall x : UInt64.t, y : UInt64.t . [%#sord79] UInt64.ult x y = (cmp_log'0 x y = C_Less'0) + + use prelude.prelude.UInt64 + + function cmp_le_log'0 (x : UInt64.t) (y : UInt64.t) : () + + axiom cmp_le_log'0_spec : forall x : UInt64.t, y : UInt64.t . [%#sord78] UInt64.ule x y + = (cmp_log'0 x y <> C_Greater'0) + meta "compute_max_steps" 1000000 - let rec knights_tour'0 (size:usize) (x:usize) (y:usize) (return' (ret:t_Option'3))= {[@expl:knights_tour requires #0] [%#s06_knights_tour18] 0 - < UIntSize.to_int size - /\ UIntSize.to_int size <= 1000} - {[@expl:knights_tour requires #1] [%#s06_knights_tour19] x < size} - {[@expl:knights_tour requires #2] [%#s06_knights_tour20] y < size} + let rec knights_tour'0 (size:UInt64.t) (x:UInt64.t) (y:UInt64.t) (return' (ret:t_Option'3))= {[@expl:knights_tour requires #0] [%#s06_knights_tour18] 0 + < UInt64.to_uint size + /\ UInt64.to_uint size <= 1000} + {[@expl:knights_tour requires #1] [%#s06_knights_tour19] UInt64.ult x size} + {[@expl:knights_tour requires #2] [%#s06_knights_tour20] UInt64.ult y size} (! bb0 [ bb0 = s0 [ s0 = new'0 {size} (fun (_ret':t_Board'0) -> [ &board <- _ret' ] s1) | s1 = bb1 ] | bb1 = s0 - [ s0 = IntSize.of_int {UIntSize.to_int x} (fun (_res:isize) -> [ &_10 <- _res ] s1) - | s1 = IntSize.of_int {UIntSize.to_int y} (fun (_res:isize) -> [ &_12 <- _res ] s2) + [ s0 = UInt64.to_bv256 {x} + (fun (_ret_to:BV256.t) -> Int64.of_bv256 {_ret_to} (fun (_ret_from:Int64.t) -> [ &_10 <- _ret_from ] s1)) + | s1 = UInt64.to_bv256 {y} + (fun (_ret_to:BV256.t) -> Int64.of_bv256 {_ret_to} (fun (_ret_from:Int64.t) -> [ &_12 <- _ret_from ] s2)) | s2 = [ &p <- { t_Point__x'0 = _10; t_Point__y'0 = _12 } ] s3 | s3 = Borrow.borrow_mut {board} (fun (_ret':borrowed (t_Board'0)) -> [ &_15 <- _ret' ] [ &board <- _ret'.final ] s4) - | s4 = set'0 {_15} {p} {[%#s06_knights_tour0] (1 : usize)} (fun (_ret':()) -> [ &_14 <- _ret' ] s5) + | s4 = set'0 {_15} {p} {[%#s06_knights_tour0] (1 : UInt64.t)} (fun (_ret':()) -> [ &_14 <- _ret' ] s5) | s5 = bb2 ] | bb2 = s0 [ s0 = [ &_17 <- [%#s06_knights_tour1] Snapshot.new (dumb_nonlinear_arith'0 size) ] s1 | s1 = bb3 ] | bb3 = s0 - [ s0 = UIntSize.mul {size} {size} (fun (_ret':usize) -> [ &_22 <- _ret' ] s1) - | s1 = [ &_21 <- { t_Range__start'0 = ([%#s06_knights_tour2] (2 : usize)); t_Range__end'0 = _22 } ] s2 + [ s0 = UInt64.mul {size} {size} (fun (_ret':UInt64.t) -> [ &_22 <- _ret' ] s1) + | s1 = [ &_21 <- { t_Range__start'0 = ([%#s06_knights_tour2] (2 : UInt64.t)); t_Range__end'0 = _22 } ] s2 | s2 = into_iter'0 {_21} (fun (_ret':t_Range'0) -> [ &iter <- _ret' ] s3) | s3 = bb4 ] | bb4 = s0 [ s0 = [ &iter_old <- [%#s06_knights_tour3] Snapshot.new iter ] s1 | s1 = bb5 ] - | bb5 = s0 [ s0 = [ &produced <- [%#s06_knights_tour4] Snapshot.new (Seq.empty : Seq.seq usize) ] s1 | s1 = bb6 ] + | bb5 = s0 + [ s0 = [ &produced <- [%#s06_knights_tour4] Snapshot.new (Seq.empty : Seq.seq UInt64.t) ] s1 | s1 = bb6 ] + | bb6 = bb7 | bb7 = bb8 | bb8 = bb9 @@ -2291,11 +2384,11 @@ module M_06_knights_tour__knights_tour [#"06_knights_tour.rs" 135 0 135 69] | bb11 = s0 [ s0 = -{resolve'0 _38}- s1 - | s1 = any [ br0 -> {_36 = C_None'0 } (! bb14) | br1 (x0:usize)-> {_36 = C_Some'0 x0} (! bb13) ] ] + | s1 = any [ br0 -> {_36 = C_None'0 } (! bb14) | br1 (x0:UInt64.t)-> {_36 = C_Some'0 x0} (! bb13) ] ] | bb13 = bb15 | bb15 = s0 - [ s0 = v_Some'0 {_36} (fun (r0'0:usize) -> [ &__creusot_proc_iter_elem <- r0'0 ] s1) + [ s0 = v_Some'0 {_36} (fun (r0'0:UInt64.t) -> [ &__creusot_proc_iter_elem <- r0'0 ] s1) | s1 = [ &_41 <- [%#s06_knights_tour9] Snapshot.new (Seq.(++) (Snapshot.inner produced) (Seq.singleton __creusot_proc_iter_elem)) ] @@ -2314,7 +2407,7 @@ module M_06_knights_tour__knights_tour [#"06_knights_tour.rs" 135 0 135 69] | bb18 = s0 [ s0 = into_iter'1 {_47} (fun (_ret':t_IntoIter'0) -> [ &iter1 <- _ret' ] s1) | s1 = bb19 ] | bb19 = s0 [ s0 = [ &iter_old1 <- [%#s06_knights_tour12] Snapshot.new iter1 ] s1 | s1 = bb20 ] | bb20 = s0 - [ s0 = [ &produced1 <- [%#s06_knights_tour13] Snapshot.new (Seq.empty : Seq.seq (isize, isize)) ] s1 + [ s0 = [ &produced1 <- [%#s06_knights_tour13] Snapshot.new (Seq.empty : Seq.seq (Int64.t, Int64.t)) ] s1 | s1 = bb21 ] | bb21 = bb22 @@ -2342,12 +2435,12 @@ module M_06_knights_tour__knights_tour [#"06_knights_tour.rs" 135 0 135 69] | bb27 = s0 [ s0 = -{resolve'1 _58}- s1 | s1 = any - [ br0 -> {_56 = C_None'1 } (! bb30) | br1 (x0:(isize, isize))-> {_56 = C_Some'1 x0} (! bb29) ] + [ br0 -> {_56 = C_None'1 } (! bb30) | br1 (x0:(Int64.t, Int64.t))-> {_56 = C_Some'1 x0} (! bb29) ] ] | bb29 = bb31 | bb31 = s0 - [ s0 = v_Some'1 {_56} (fun (r0'0:(isize, isize)) -> [ &__creusot_proc_iter_elem1 <- r0'0 ] s1) + [ s0 = v_Some'1 {_56} (fun (r0'0:(Int64.t, Int64.t)) -> [ &__creusot_proc_iter_elem1 <- r0'0 ] s1) | s1 = [ &_61 <- [%#s06_knights_tour16] Snapshot.new (Seq.(++) (Snapshot.inner produced1) (Seq.singleton __creusot_proc_iter_elem1)) ] @@ -2357,7 +2450,7 @@ module M_06_knights_tour__knights_tour [#"06_knights_tour.rs" 135 0 135 69] | bb32 = s0 [ s0 = [ &produced1 <- _61 ] s1 | s1 = [ &m <- __creusot_proc_iter_elem1 ] s2 - | s2 = {[@expl:assertion] [%#s06_knights_tour17] forall r : Seq.seq (isize, isize), a : Seq.seq (isize, isize), b : Seq.seq (isize, isize) . r + | s2 = {[@expl:assertion] [%#s06_knights_tour17] forall r : Seq.seq (Int64.t, Int64.t), a : Seq.seq (Int64.t, Int64.t), b : Seq.seq (Int64.t, Int64.t) . r = Seq.(++) a (Seq.(++) (Seq.singleton m) b) -> m = Seq.get r (Seq.length a)} s3 | s3 = [ &_69 <- m ] s4 @@ -2367,7 +2460,7 @@ module M_06_knights_tour__knights_tour [#"06_knights_tour.rs" 135 0 135 69] | bb33 = s0 [ s0 = available'0 {board} {adj} (fun (_ret':bool) -> [ &_70 <- _ret' ] s1) | s1 = bb34 ] | bb34 = any [ br0 -> {_70 = false} (! bb38) | br1 -> {_70} (! bb35) ] | bb35 = s0 - [ s0 = count_degree'0 {board} {adj} (fun (_ret':usize) -> [ °ree <- _ret' ] s1) | s1 = bb36 ] + [ s0 = count_degree'0 {board} {adj} (fun (_ret':UInt64.t) -> [ °ree <- _ret' ] s1) | s1 = bb36 ] | bb36 = s0 [ s0 = Borrow.borrow_mut {candidates} @@ -2387,10 +2480,12 @@ module M_06_knights_tour__knights_tour [#"06_knights_tour.rs" 135 0 135 69] | s1 = min'0 {_85} (fun (_ret':t_Option'2) -> [ &_83 <- _ret' ] s2) | s2 = bb41 ] - | bb41 = any [ br0 -> {_83 = C_None'2 } (! bb44) | br1 (x0:(usize, t_Point'0))-> {_83 = C_Some'2 x0} (! bb43) ] + | bb41 = any + [ br0 -> {_83 = C_None'2 } (! bb44) | br1 (x0:(UInt64.t, t_Point'0))-> {_83 = C_Some'2 x0} (! bb43) ] + | bb43 = bb45 | bb45 = s0 - [ s0 = v_Some'2 {_83} (fun (r0'0:(usize, t_Point'0)) -> [ &adj1 <- let (_, r'0) = r0'0 in r'0 ] s1) + [ s0 = v_Some'2 {_83} (fun (r0'0:(UInt64.t, t_Point'0)) -> [ &adj1 <- let (_, r'0) = r0'0 in r'0 ] s1) | s1 = [ &p <- adj1 ] s2 | s2 = Borrow.borrow_mut {board} (fun (_ret':borrowed (t_Board'0)) -> [ &_91 <- _ret' ] [ &board <- _ret'.final ] s3) @@ -2410,45 +2505,45 @@ module M_06_knights_tour__knights_tour [#"06_knights_tour.rs" 135 0 135 69] | bb52 = return' {_0} ] ) [ & _0 : t_Option'3 = any_l () - | & size : usize = size - | & x : usize = x - | & y : usize = y + | & size : UInt64.t = size + | & x : UInt64.t = x + | & y : UInt64.t = y | & board : t_Board'0 = any_l () | & p : t_Point'0 = any_l () - | & _10 : isize = any_l () - | & _12 : isize = any_l () + | & _10 : Int64.t = any_l () + | & _12 : Int64.t = any_l () | & _14 : () = any_l () | & _15 : borrowed (t_Board'0) = any_l () | & _17 : Snapshot.snap_ty () = any_l () | & iter : t_Range'0 = any_l () | & _21 : t_Range'0 = any_l () - | & _22 : usize = any_l () + | & _22 : UInt64.t = any_l () | & iter_old : Snapshot.snap_ty (t_Range'0) = any_l () - | & produced : Snapshot.snap_ty (Seq.seq usize) = any_l () + | & produced : Snapshot.snap_ty (Seq.seq UInt64.t) = any_l () | & _36 : t_Option'0 = any_l () | & _37 : borrowed (t_Range'0) = any_l () | & _38 : borrowed (t_Range'0) = any_l () - | & __creusot_proc_iter_elem : usize = any_l () - | & _41 : Snapshot.snap_ty (Seq.seq usize) = any_l () - | & step : usize = any_l () + | & __creusot_proc_iter_elem : UInt64.t = any_l () + | & _41 : Snapshot.snap_ty (Seq.seq UInt64.t) = any_l () + | & step : UInt64.t = any_l () | & candidates : t_Vec'0 = any_l () | & iter1 : t_IntoIter'0 = any_l () | & _47 : t_Vec'1 = any_l () | & iter_old1 : Snapshot.snap_ty (t_IntoIter'0) = any_l () - | & produced1 : Snapshot.snap_ty (Seq.seq (isize, isize)) = any_l () + | & produced1 : Snapshot.snap_ty (Seq.seq (Int64.t, Int64.t)) = any_l () | & _56 : t_Option'1 = any_l () | & _57 : borrowed (t_IntoIter'0) = any_l () | & _58 : borrowed (t_IntoIter'0) = any_l () - | & __creusot_proc_iter_elem1 : (isize, isize) = any_l () - | & _61 : Snapshot.snap_ty (Seq.seq (isize, isize)) = any_l () - | & m : (isize, isize) = any_l () + | & __creusot_proc_iter_elem1 : (Int64.t, Int64.t) = any_l () + | & _61 : Snapshot.snap_ty (Seq.seq (Int64.t, Int64.t)) = any_l () + | & m : (Int64.t, Int64.t) = any_l () | & adj : t_Point'0 = any_l () - | & _69 : (isize, isize) = any_l () + | & _69 : (Int64.t, Int64.t) = any_l () | & _70 : bool = any_l () - | & degree : usize = any_l () + | & degree : UInt64.t = any_l () | & _76 : () = any_l () | & _77 : borrowed (t_Vec'0) = any_l () - | & _78 : (usize, t_Point'0) = any_l () + | & _78 : (UInt64.t, t_Point'0) = any_l () | & _83 : t_Option'2 = any_l () | & _85 : t_Vec'0 = any_l () | & adj1 : t_Point'0 = any_l () @@ -2461,10 +2556,12 @@ module M_06_knights_tour__qyi50474406909270761__clone__refines [#"06_knights_tou use prelude.prelude.Borrow - use prelude.prelude.IntSize + use prelude.prelude.Int + + use prelude.prelude.Int64 type t_Point'0 = - { t_Point__x'0: isize; t_Point__y'0: isize } + { t_Point__x'0: Int64.t; t_Point__y'0: Int64.t } predicate inv'0 (_1 : t_Point'0) diff --git a/creusot/tests/should_succeed/vector/07_read_write.coma b/creusot/tests/should_succeed/vector/07_read_write.coma index 079cd0c87c..138f363713 100644 --- a/creusot/tests/should_succeed/vector/07_read_write.coma +++ b/creusot/tests/should_succeed/vector/07_read_write.coma @@ -12,10 +12,10 @@ module M_07_read_write__read_write [#"07_read_write.rs" 6 0 6 75] let%span svec10 = "../../../../creusot-contracts/src/std/vec.rs" 163 26 163 54 let%span scmp11 = "../../../../creusot-contracts/src/std/cmp.rs" 11 26 11 75 let%span smodel12 = "../../../../creusot-contracts/src/model.rs" 106 8 106 22 - let%span sslice13 = "../../../../creusot-contracts/src/std/slice.rs" 122 20 122 37 - let%span sslice14 = "../../../../creusot-contracts/src/std/slice.rs" 129 20 129 37 + let%span sslice13 = "../../../../creusot-contracts/src/std/slice.rs" 140 20 140 37 + let%span sslice14 = "../../../../creusot-contracts/src/std/slice.rs" 147 20 147 37 let%span svec15 = "../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - let%span sslice16 = "../../../../creusot-contracts/src/std/slice.rs" 136 20 136 94 + let%span sslice16 = "../../../../creusot-contracts/src/std/slice.rs" 154 20 154 94 let%span sresolve17 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 let%span smodel18 = "../../../../creusot-contracts/src/model.rs" 88 8 88 22 let%span smodel19 = "../../../../creusot-contracts/src/model.rs" 79 8 79 28 @@ -35,24 +35,24 @@ module M_07_read_write__read_write [#"07_read_write.rs" 6 0 6 75] type t_Unique'0 = { t_Unique__pointer'0: t_NonNull'0; t_Unique__qy95zmarker'0: () } - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 type t_Cap'0 = - { t_Cap__0'0: usize } + { t_Cap__0'0: UInt64.t } type t_RawVec'0 = { t_RawVec__ptr'0: t_Unique'0; t_RawVec__cap'0: t_Cap'0; t_RawVec__alloc'0: () } type t_Vec'0 = - { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: usize } + { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: UInt64.t } use seq.Seq - constant v_MAX'0 : usize = (18446744073709551615 : usize) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.UIntSize - - use prelude.prelude.Int + use prelude.prelude.UInt64 type t_T'0 @@ -60,7 +60,7 @@ module M_07_read_write__read_write [#"07_read_write.rs" 6 0 6 75] function view'1 (self : t_Vec'0) : Seq.seq t_T'0 - axiom view'1_spec : forall self : t_Vec'0 . [%#svec15] Seq.length (view'1 self) <= UIntSize.to_int (v_MAX'0 : usize) + axiom view'1_spec : forall self : t_Vec'0 . [%#svec15] Seq.length (view'1 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) use seq.Seq @@ -94,15 +94,15 @@ module M_07_read_write__read_write [#"07_read_write.rs" 6 0 6 75] axiom inv_axiom'2 [@rewrite] : forall x : borrowed (t_Vec'0) [inv'2 x] . inv'2 x = invariant'2 x - predicate inv'4 (_1 : usize) + predicate inv'4 (_1 : UInt64.t) - axiom inv_axiom'3 [@rewrite] : forall x : usize [inv'4 x] . inv'4 x = true + axiom inv_axiom'3 [@rewrite] : forall x : UInt64.t [inv'4 x] . inv'4 x = true function view'0 (self : borrowed (t_Vec'0)) : Seq.seq t_T'0 = [%#smodel12] view'1 self.current - predicate in_bounds'0 [@inline:trivial] (self : usize) (seq : Seq.seq t_T'0) = - [%#sslice13] UIntSize.to_int self < Seq.length seq + predicate in_bounds'0 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq t_T'0) = + [%#sslice13] UInt64.to_uint self < Seq.length seq predicate invariant'1 (self : borrowed t_T'0) = [%#sinvariant21] inv'3 self.current /\ inv'3 self.final @@ -113,14 +113,14 @@ module M_07_read_write__read_write [#"07_read_write.rs" 6 0 6 75] use seq.Seq - predicate has_value'0 [@inline:trivial] (self : usize) (seq : Seq.seq t_T'0) (out : t_T'0) = - [%#sslice14] Seq.get seq (UIntSize.to_int self) = out + predicate has_value'0 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq t_T'0) (out : t_T'0) = + [%#sslice14] Seq.get seq (UInt64.to_uint self) = out - predicate resolve_elswhere'0 [@inline:trivial] (self : usize) (old' : Seq.seq t_T'0) (fin : Seq.seq t_T'0) = - [%#sslice16] forall i : int . 0 <= i /\ i <> UIntSize.to_int self /\ i < Seq.length old' + predicate resolve_elswhere'0 [@inline:trivial] (self : UInt64.t) (old' : Seq.seq t_T'0) (fin : Seq.seq t_T'0) = + [%#sslice16] forall i : int . 0 <= i /\ i <> UInt64.to_uint self /\ i < Seq.length old' -> Seq.get old' i = Seq.get fin i - let rec index_mut'0 (self:borrowed (t_Vec'0)) (index:usize) (return' (ret:borrowed t_T'0))= {[@expl:index_mut 'self' type invariant] inv'2 self} + let rec index_mut'0 (self:borrowed (t_Vec'0)) (index:UInt64.t) (return' (ret:borrowed t_T'0))= {[@expl:index_mut 'self' type invariant] inv'2 self} {[@expl:index_mut 'index' type invariant] inv'4 index} {[@expl:index_mut requires] [%#svec4] in_bounds'0 index (view'0 self)} any @@ -155,7 +155,7 @@ module M_07_read_write__read_write [#"07_read_write.rs" 6 0 6 75] axiom inv_axiom'5 [@rewrite] : forall x : t_T'0 [inv'6 x] . inv'6 x = invariant'4 x - let rec index'0 (self:t_Vec'0) (index:usize) (return' (ret:t_T'0))= {[@expl:index 'self' type invariant] inv'5 self} + let rec index'0 (self:t_Vec'0) (index:UInt64.t) (return' (ret:t_T'0))= {[@expl:index 'self' type invariant] inv'5 self} {[@expl:index 'index' type invariant] inv'4 index} {[@expl:index requires] [%#svec9] in_bounds'0 index (view'2 self)} any @@ -183,9 +183,9 @@ module M_07_read_write__read_write [#"07_read_write.rs" 6 0 6 75] meta "compute_max_steps" 1000000 - let rec read_write'0 (a:borrowed (t_Vec'0)) (i:usize) (x:t_T'0) (return' (ret:()))= {[@expl:read_write 'a' type invariant] [%#s07_read_write1] inv'2 a} + let rec read_write'0 (a:borrowed (t_Vec'0)) (i:UInt64.t) (x:t_T'0) (return' (ret:()))= {[@expl:read_write 'a' type invariant] [%#s07_read_write1] inv'2 a} {[@expl:read_write 'x' type invariant] [%#s07_read_write2] inv'3 x} - {[@expl:read_write requires] [%#s07_read_write3] UIntSize.to_int i < Seq.length (view'0 a)} + {[@expl:read_write requires] [%#s07_read_write3] UInt64.to_uint i < Seq.length (view'0 a)} (! bb0 [ bb0 = s0 [ s0 = {inv'0 a.current} @@ -216,7 +216,7 @@ module M_07_read_write__read_write [#"07_read_write.rs" 6 0 6 75] ) [ & _0 : () = any_l () | & a : borrowed (t_Vec'0) = a - | & i : usize = i + | & i : UInt64.t = i | & x : t_T'0 = x | & _6 : borrowed t_T'0 = any_l () | & _7 : borrowed (t_Vec'0) = any_l () diff --git a/creusot/tests/should_succeed/vector/08_haystack.coma b/creusot/tests/should_succeed/vector/08_haystack.coma index 3415ad4499..4cec42dbb7 100644 --- a/creusot/tests/should_succeed/vector/08_haystack.coma +++ b/creusot/tests/should_succeed/vector/08_haystack.coma @@ -27,7 +27,7 @@ module M_08_haystack__search [#"08_haystack.rs" 21 0 21 60] let%span srange25 = "../../../../creusot-contracts/src/std/iter/range.rs" 23 12 27 70 let%span svec26 = "../../../../creusot-contracts/src/std/vec.rs" 162 27 162 46 let%span svec27 = "../../../../creusot-contracts/src/std/vec.rs" 163 26 163 54 - let%span snum28 = "../../../../creusot-contracts/src/std/num.rs" 21 28 21 33 + let%span snum28 = "../../../../creusot-contracts/src/std/num.rs" 52 28 52 33 let%span sops29 = "../../../../creusot-contracts/src/std/ops.rs" 201 14 201 86 let%span siter30 = "../../../../creusot-contracts/src/std/iter.rs" 86 20 86 24 let%span siter31 = "../../../../creusot-contracts/src/std/iter.rs" 92 8 92 19 @@ -52,8 +52,8 @@ module M_08_haystack__search [#"08_haystack.rs" 21 0 21 60] let%span srange50 = "../../../../creusot-contracts/src/std/iter/range.rs" 43 15 43 32 let%span srange51 = "../../../../creusot-contracts/src/std/iter/range.rs" 44 14 44 42 let%span srange52 = "../../../../creusot-contracts/src/std/iter/range.rs" 15 12 15 78 - let%span sslice53 = "../../../../creusot-contracts/src/std/slice.rs" 122 20 122 37 - let%span sslice54 = "../../../../creusot-contracts/src/std/slice.rs" 129 20 129 37 + let%span sslice53 = "../../../../creusot-contracts/src/std/slice.rs" 140 20 140 37 + let%span sslice54 = "../../../../creusot-contracts/src/std/slice.rs" 147 20 147 37 use prelude.prelude.Borrow @@ -65,22 +65,24 @@ module M_08_haystack__search [#"08_haystack.rs" 21 0 21 60] type t_Unique'0 = { t_Unique__pointer'0: t_NonNull'0; t_Unique__qy95zmarker'0: () } - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 type t_Cap'0 = - { t_Cap__0'0: usize } + { t_Cap__0'0: UInt64.t } type t_RawVec'0 = { t_RawVec__ptr'0: t_Unique'0; t_RawVec__cap'0: t_Cap'0; t_RawVec__alloc'0: () } type t_Vec'0 = - { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: usize } + { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: UInt64.t } predicate inv'3 (_1 : t_Vec'0) axiom inv_axiom'3 [@rewrite] : forall x : t_Vec'0 [inv'3 x] . inv'3 x = true - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 use prelude.prelude.UInt8 @@ -88,46 +90,44 @@ module M_08_haystack__search [#"08_haystack.rs" 21 0 21 60] use seq.Seq - constant v_MAX'0 : usize = (18446744073709551615 : usize) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.Int + function view'1 (self : t_Vec'0) : Seq.seq UInt8.t - function view'1 (self : t_Vec'0) : Seq.seq uint8 + axiom view'1_spec : forall self : t_Vec'0 . [%#svec32] Seq.length (view'1 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) - axiom view'1_spec : forall self : t_Vec'0 . [%#svec32] Seq.length (view'1 self) <= UIntSize.to_int (v_MAX'0 : usize) - - function view'0 (self : t_Vec'0) : Seq.seq uint8 = + function view'0 (self : t_Vec'0) : Seq.seq UInt8.t = [%#smodel21] view'1 self - let rec len'0 (self:t_Vec'0) (return' (ret:usize))= {[@expl:len 'self' type invariant] inv'3 self} + let rec len'0 (self:t_Vec'0) (return' (ret:UInt64.t))= {[@expl:len 'self' type invariant] inv'3 self} any - [ return' (result:usize)-> {[%#svec16] UIntSize.to_int result = Seq.length (view'0 self)} (! return' {result}) ] + [ return' (result:UInt64.t)-> {[%#svec16] UInt64.to_uint result = Seq.length (view'0 self)} (! return' {result}) ] - predicate inv'4 (_1 : usize) + predicate inv'4 (_1 : UInt64.t) - axiom inv_axiom'4 [@rewrite] : forall x : usize [inv'4 x] . inv'4 x = true + axiom inv_axiom'4 [@rewrite] : forall x : UInt64.t [inv'4 x] . inv'4 x = true type t_RangeInclusive'0 = - { t_RangeInclusive__start'0: usize; t_RangeInclusive__end'0: usize; t_RangeInclusive__exhausted'0: bool } + { t_RangeInclusive__start'0: UInt64.t; t_RangeInclusive__end'0: UInt64.t; t_RangeInclusive__exhausted'0: bool } predicate inv'0 (_1 : t_RangeInclusive'0) axiom inv_axiom'0 [@rewrite] : forall x : t_RangeInclusive'0 [inv'0 x] . inv'0 x = true - function start_log'0 (self : t_RangeInclusive'0) : usize + function start_log'0 (self : t_RangeInclusive'0) : UInt64.t - function end_log'0 (self : t_RangeInclusive'0) : usize + function end_log'0 (self : t_RangeInclusive'0) : UInt64.t - function deep_model'0 (self : usize) : int = - [%#snum28] UIntSize.to_int self + function deep_model'0 (self : UInt64.t) : int = + [%#snum28] UInt64.to_uint self function is_empty_log'0 (self : t_RangeInclusive'0) : bool axiom is_empty_log'0_spec : forall self : t_RangeInclusive'0 . [%#sops29] not is_empty_log'0 self -> deep_model'0 (start_log'0 self) <= deep_model'0 (end_log'0 self) - let rec new'0 (start:usize) (end':usize) (return' (ret:t_RangeInclusive'0))= {[@expl:new 'start' type invariant] inv'4 start} + let rec new'0 (start:UInt64.t) (end':UInt64.t) (return' (ret:t_RangeInclusive'0))= {[@expl:new 'start' type invariant] inv'4 start} {[@expl:new 'end' type invariant] inv'4 end'} any [ return' (result:t_RangeInclusive'0)-> {inv'0 result} @@ -165,7 +165,7 @@ module M_08_haystack__search [#"08_haystack.rs" 21 0 21 60] use seq.Seq - function index_logic'0 [@inline:trivial] (self : t_Vec'0) (ix : int) : uint8 = + function index_logic'0 [@inline:trivial] (self : t_Vec'0) (ix : int) : UInt8.t = [%#sops33] Seq.get (view'1 self) ix predicate match_at'0 [#"08_haystack.rs" 7 0 7 77] (needle : t_Vec'0) (haystack : t_Vec'0) (pos : int) (len : int) = @@ -187,29 +187,29 @@ module M_08_haystack__search [#"08_haystack.rs" 21 0 21 60] use seq.Seq - predicate produces'0 (self : t_RangeInclusive'0) (visited : Seq.seq usize) (o : t_RangeInclusive'0) = + predicate produces'0 (self : t_RangeInclusive'0) (visited : Seq.seq UInt64.t) (o : t_RangeInclusive'0) = [%#srange23] Seq.length visited = range_inclusive_len'0 self - range_inclusive_len'0 o /\ (is_empty_log'0 self -> is_empty_log'0 o) /\ (is_empty_log'0 o \/ end_log'0 self = end_log'0 o) /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> deep_model'0 (Seq.get visited i) = deep_model'0 (start_log'0 self) + i) - function produces_trans'0 (a : t_RangeInclusive'0) (ab : Seq.seq usize) (b : t_RangeInclusive'0) (bc : Seq.seq usize) (c : t_RangeInclusive'0) : () + function produces_trans'0 (a : t_RangeInclusive'0) (ab : Seq.seq UInt64.t) (b : t_RangeInclusive'0) (bc : Seq.seq UInt64.t) (c : t_RangeInclusive'0) : () = [%#srange39] () - axiom produces_trans'0_spec : forall a : t_RangeInclusive'0, ab : Seq.seq usize, b : t_RangeInclusive'0, bc : Seq.seq usize, c : t_RangeInclusive'0 . ([%#srange36] produces'0 a ab b) + axiom produces_trans'0_spec : forall a : t_RangeInclusive'0, ab : Seq.seq UInt64.t, b : t_RangeInclusive'0, bc : Seq.seq UInt64.t, c : t_RangeInclusive'0 . ([%#srange36] produces'0 a ab b) -> ([%#srange37] produces'0 b bc c) -> ([%#srange38] produces'0 a (Seq.(++) ab bc) c) function produces_refl'0 (self : t_RangeInclusive'0) : () = [%#srange35] () - axiom produces_refl'0_spec : forall self : t_RangeInclusive'0 . [%#srange34] produces'0 self (Seq.empty : Seq.seq usize) self + axiom produces_refl'0_spec : forall self : t_RangeInclusive'0 . [%#srange34] produces'0 self (Seq.empty : Seq.seq UInt64.t) self - predicate inv'1 (_1 : Seq.seq usize) + predicate inv'1 (_1 : Seq.seq UInt64.t) - axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq usize [inv'1 x] . inv'1 x = true + axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq UInt64.t [inv'1 x] . inv'1 x = true predicate inv'5 (_1 : borrowed (t_RangeInclusive'0)) @@ -217,7 +217,7 @@ module M_08_haystack__search [#"08_haystack.rs" 21 0 21 60] type t_Option'0 = | C_None'0 - | C_Some'0 usize + | C_Some'0 UInt64.t predicate inv'6 (_1 : t_Option'0) @@ -244,13 +244,13 @@ module M_08_haystack__search [#"08_haystack.rs" 21 0 21 60] predicate resolve'0 (_1 : borrowed (t_RangeInclusive'0)) = resolve'2 _1 - let rec v_Some'0 (input:t_Option'0) (ret (field_0:usize))= any - [ good (field_0:usize)-> {C_Some'0 field_0 = input} (! ret {field_0}) - | bad -> {forall field_0 : usize [C_Some'0 field_0 : t_Option'0] . C_Some'0 field_0 <> input} (! {false} any) ] + let rec v_Some'0 (input:t_Option'0) (ret (field_0:UInt64.t))= any + [ good (field_0:UInt64.t)-> {C_Some'0 field_0 = input} (! ret {field_0}) + | bad -> {forall field_0 : UInt64.t [C_Some'0 field_0 : t_Option'0] . C_Some'0 field_0 <> input} (! {false} any) ] type t_Range'0 = - { t_Range__start'0: usize; t_Range__end'0: usize } + { t_Range__start'0: UInt64.t; t_Range__end'0: UInt64.t } predicate inv'2 (_1 : t_Range'0) @@ -270,7 +270,7 @@ module M_08_haystack__search [#"08_haystack.rs" 21 0 21 60] use prelude.prelude.Snapshot - predicate produces'1 (self : t_Range'0) (visited : Seq.seq usize) (o : t_Range'0) = + predicate produces'1 (self : t_Range'0) (visited : Seq.seq UInt64.t) (o : t_Range'0) = [%#srange25] self.t_Range__end'0 = o.t_Range__end'0 /\ deep_model'0 self.t_Range__start'0 <= deep_model'0 o.t_Range__start'0 /\ (Seq.length visited > 0 -> deep_model'0 o.t_Range__start'0 <= deep_model'0 o.t_Range__end'0) @@ -278,10 +278,10 @@ module M_08_haystack__search [#"08_haystack.rs" 21 0 21 60] /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> deep_model'0 (Seq.get visited i) = deep_model'0 self.t_Range__start'0 + i) - function produces_trans'1 (a : t_Range'0) (ab : Seq.seq usize) (b : t_Range'0) (bc : Seq.seq usize) (c : t_Range'0) : () + function produces_trans'1 (a : t_Range'0) (ab : Seq.seq UInt64.t) (b : t_Range'0) (bc : Seq.seq UInt64.t) (c : t_Range'0) : () - axiom produces_trans'1_spec : forall a : t_Range'0, ab : Seq.seq usize, b : t_Range'0, bc : Seq.seq usize, c : t_Range'0 . ([%#srange46] inv'2 a) + axiom produces_trans'1_spec : forall a : t_Range'0, ab : Seq.seq UInt64.t, b : t_Range'0, bc : Seq.seq UInt64.t, c : t_Range'0 . ([%#srange46] inv'2 a) -> ([%#srange47] inv'2 b) -> ([%#srange48] inv'2 c) -> ([%#srange49] produces'1 a ab b) @@ -290,7 +290,7 @@ module M_08_haystack__search [#"08_haystack.rs" 21 0 21 60] function produces_refl'1 (self : t_Range'0) : () axiom produces_refl'1_spec : forall self : t_Range'0 . ([%#srange44] inv'2 self) - -> ([%#srange45] produces'1 self (Seq.empty : Seq.seq usize) self) + -> ([%#srange45] produces'1 self (Seq.empty : Seq.seq UInt64.t) self) predicate inv'7 (_1 : borrowed (t_Range'0)) @@ -316,21 +316,23 @@ module M_08_haystack__search [#"08_haystack.rs" 21 0 21 60] predicate resolve'1 (_1 : borrowed (t_Range'0)) = resolve'3 _1 - predicate in_bounds'0 [@inline:trivial] (self : usize) (seq : Seq.seq uint8) = - [%#sslice53] UIntSize.to_int self < Seq.length seq + predicate in_bounds'0 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq UInt8.t) = + [%#sslice53] UInt64.to_uint self < Seq.length seq - predicate inv'8 (_1 : uint8) + predicate inv'8 (_1 : UInt8.t) - axiom inv_axiom'8 [@rewrite] : forall x : uint8 [inv'8 x] . inv'8 x = true + axiom inv_axiom'8 [@rewrite] : forall x : UInt8.t [inv'8 x] . inv'8 x = true - predicate has_value'0 [@inline:trivial] (self : usize) (seq : Seq.seq uint8) (out : uint8) = - [%#sslice54] Seq.get seq (UIntSize.to_int self) = out + predicate has_value'0 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq UInt8.t) (out : UInt8.t) = + [%#sslice54] Seq.get seq (UInt64.to_uint self) = out - let rec index'0 (self:t_Vec'0) (index:usize) (return' (ret:uint8))= {[@expl:index 'self' type invariant] inv'3 self} + let rec index'0 (self:t_Vec'0) (index:UInt64.t) (return' (ret:UInt8.t))= {[@expl:index 'self' type invariant] inv'3 self} {[@expl:index 'index' type invariant] inv'4 index} {[@expl:index requires] [%#svec26] in_bounds'0 index (view'0 self)} any - [ return' (result:uint8)-> {inv'8 result} {[%#svec27] has_value'0 index (view'0 self) result} (! return' {result}) ] + [ return' (result:UInt8.t)-> {inv'8 result} + {[%#svec27] has_value'0 index (view'0 self) result} + (! return' {result}) ] use prelude.prelude.Intrinsic @@ -343,20 +345,20 @@ module M_08_haystack__search [#"08_haystack.rs" 21 0 21 60] meta "compute_max_steps" 1000000 - let rec search'0 (needle:t_Vec'0) (haystack:t_Vec'0) (return' (ret:usize))= {[@expl:search requires] [%#s08_haystack12] Seq.length (view'0 needle) + let rec search'0 (needle:t_Vec'0) (haystack:t_Vec'0) (return' (ret:UInt64.t))= {[@expl:search requires] [%#s08_haystack12] Seq.length (view'0 needle) >= 1 /\ Seq.length (view'0 needle) <= Seq.length (view'0 haystack)} (! bb0 - [ bb0 = s0 [ s0 = len'0 {haystack} (fun (_ret':usize) -> [ &_12 <- _ret' ] s1) | s1 = bb1 ] - | bb1 = s0 [ s0 = len'0 {needle} (fun (_ret':usize) -> [ &_14 <- _ret' ] s1) | s1 = bb2 ] + [ bb0 = s0 [ s0 = len'0 {haystack} (fun (_ret':UInt64.t) -> [ &_12 <- _ret' ] s1) | s1 = bb1 ] + | bb1 = s0 [ s0 = len'0 {needle} (fun (_ret':UInt64.t) -> [ &_14 <- _ret' ] s1) | s1 = bb2 ] | bb2 = s0 - [ s0 = UIntSize.sub {_12} {_14} (fun (_ret':usize) -> [ &_11 <- _ret' ] s1) - | s1 = new'0 {[%#s08_haystack0] (0 : usize)} {_11} (fun (_ret':t_RangeInclusive'0) -> [ &_10 <- _ret' ] s2) + [ s0 = UInt64.sub {_12} {_14} (fun (_ret':UInt64.t) -> [ &_11 <- _ret' ] s1) + | s1 = new'0 {[%#s08_haystack0] (0 : UInt64.t)} {_11} (fun (_ret':t_RangeInclusive'0) -> [ &_10 <- _ret' ] s2) | s2 = bb3 ] | bb3 = s0 [ s0 = into_iter'0 {_10} (fun (_ret':t_RangeInclusive'0) -> [ &iter <- _ret' ] s1) | s1 = bb4 ] | bb4 = s0 [ s0 = [ &iter_old <- [%#s08_haystack1] Snapshot.new iter ] s1 | s1 = bb5 ] - | bb5 = s0 [ s0 = [ &produced <- [%#s08_haystack2] Snapshot.new (Seq.empty : Seq.seq usize) ] s1 | s1 = bb6 ] + | bb5 = s0 [ s0 = [ &produced <- [%#s08_haystack2] Snapshot.new (Seq.empty : Seq.seq UInt64.t) ] s1 | s1 = bb6 ] | bb6 = bb7 | bb7 = bb7 [ bb7 = {[@expl:for invariant] [%#s08_haystack4] inv'1 (Snapshot.inner produced)} @@ -378,11 +380,11 @@ module M_08_haystack__search [#"08_haystack.rs" 21 0 21 60] | bb9 = s0 [ s0 = -{resolve'0 _27}- s1 - | s1 = any [ br0 -> {_25 = C_None'0 } (! bb12) | br1 (x0:usize)-> {_25 = C_Some'0 x0} (! bb11) ] ] + | s1 = any [ br0 -> {_25 = C_None'0 } (! bb12) | br1 (x0:UInt64.t)-> {_25 = C_Some'0 x0} (! bb11) ] ] | bb11 = bb13 | bb13 = s0 - [ s0 = v_Some'0 {_25} (fun (r0'0:usize) -> [ &__creusot_proc_iter_elem <- r0'0 ] s1) + [ s0 = v_Some'0 {_25} (fun (r0'0:UInt64.t) -> [ &__creusot_proc_iter_elem <- r0'0 ] s1) | s1 = [ &_30 <- [%#s08_haystack5] Snapshot.new (Seq.(++) (Snapshot.inner produced) (Seq.singleton __creusot_proc_iter_elem)) ] @@ -392,24 +394,24 @@ module M_08_haystack__search [#"08_haystack.rs" 21 0 21 60] | bb14 = s0 [ s0 = [ &produced <- _30 ] s1 | s1 = [ &i <- __creusot_proc_iter_elem ] s2 - | s2 = len'0 {needle} (fun (_ret':usize) -> [ &_37 <- _ret' ] s3) + | s2 = len'0 {needle} (fun (_ret':UInt64.t) -> [ &_37 <- _ret' ] s3) | s3 = bb15 ] | bb15 = s0 - [ s0 = [ &_36 <- { t_Range__start'0 = ([%#s08_haystack6] (0 : usize)); t_Range__end'0 = _37 } ] s1 + [ s0 = [ &_36 <- { t_Range__start'0 = ([%#s08_haystack6] (0 : UInt64.t)); t_Range__end'0 = _37 } ] s1 | s1 = into_iter'1 {_36} (fun (_ret':t_Range'0) -> [ &iter1 <- _ret' ] s2) | s2 = bb16 ] | bb16 = s0 [ s0 = [ &iter_old1 <- [%#s08_haystack7] Snapshot.new iter1 ] s1 | s1 = bb17 ] | bb17 = s0 - [ s0 = [ &produced1 <- [%#s08_haystack8] Snapshot.new (Seq.empty : Seq.seq usize) ] s1 | s1 = bb18 ] + [ s0 = [ &produced1 <- [%#s08_haystack8] Snapshot.new (Seq.empty : Seq.seq UInt64.t) ] s1 | s1 = bb18 ] | bb18 = bb19 | bb19 = bb19 [ bb19 = {[@expl:for invariant] [%#s08_haystack10] inv'1 (Snapshot.inner produced1)} {[@expl:for invariant] [%#s08_haystack10] inv'2 iter1} {[@expl:for invariant] [%#s08_haystack10] produces'1 (Snapshot.inner iter_old1) (Snapshot.inner produced1) iter1} - {[@expl:loop invariant] [%#s08_haystack9] match_at'0 needle haystack (UIntSize.to_int i) (Seq.length (Snapshot.inner produced1))} + {[@expl:loop invariant] [%#s08_haystack9] match_at'0 needle haystack (UInt64.to_uint i) (Seq.length (Snapshot.inner produced1))} (! s0) [ s0 = bb20 ] [ bb20 = s0 [ s0 = Borrow.borrow_mut {iter1} @@ -424,11 +426,11 @@ module M_08_haystack__search [#"08_haystack.rs" 21 0 21 60] | bb21 = s0 [ s0 = -{resolve'1 _49}- s1 - | s1 = any [ br0 -> {_47 = C_None'0 } (! bb24) | br1 (x0:usize)-> {_47 = C_Some'0 x0} (! bb23) ] ] + | s1 = any [ br0 -> {_47 = C_None'0 } (! bb24) | br1 (x0:UInt64.t)-> {_47 = C_Some'0 x0} (! bb23) ] ] | bb23 = bb25 | bb25 = s0 - [ s0 = v_Some'0 {_47} (fun (r0'0:usize) -> [ &__creusot_proc_iter_elem1 <- r0'0 ] s1) + [ s0 = v_Some'0 {_47} (fun (r0'0:UInt64.t) -> [ &__creusot_proc_iter_elem1 <- r0'0 ] s1) | s1 = [ &_52 <- [%#s08_haystack11] Snapshot.new (Seq.(++) (Snapshot.inner produced1) (Seq.singleton __creusot_proc_iter_elem1)) ] @@ -438,12 +440,12 @@ module M_08_haystack__search [#"08_haystack.rs" 21 0 21 60] | bb26 = s0 [ s0 = [ &produced1 <- _52 ] s1 | s1 = [ &j <- __creusot_proc_iter_elem1 ] s2 - | s2 = index'0 {needle} {j} (fun (_ret':uint8) -> [ &_57 <- _ret' ] s3) + | s2 = index'0 {needle} {j} (fun (_ret':UInt8.t) -> [ &_57 <- _ret' ] s3) | s3 = bb27 ] | bb27 = s0 - [ s0 = UIntSize.add {i} {j} (fun (_ret':usize) -> [ &_63 <- _ret' ] s1) - | s1 = index'0 {haystack} {_63} (fun (_ret':uint8) -> [ &_61 <- _ret' ] s2) + [ s0 = UInt64.add {i} {j} (fun (_ret':UInt64.t) -> [ &_63 <- _ret' ] s1) + | s1 = index'0 {haystack} {_63} (fun (_ret':UInt8.t) -> [ &_61 <- _ret' ] s2) | s2 = bb28 ] | bb28 = s0 @@ -457,50 +459,50 @@ module M_08_haystack__search [#"08_haystack.rs" 21 0 21 60] ] | bb24 = s0 [ s0 = [ &_0 <- i ] s1 | s1 = bb32 ] - | bb12 = s0 [ s0 = len'0 {haystack} (fun (_ret':usize) -> [ &_0 <- _ret' ] s1) | s1 = bb31 ] + | bb12 = s0 [ s0 = len'0 {haystack} (fun (_ret':UInt64.t) -> [ &_0 <- _ret' ] s1) | s1 = bb31 ] | bb31 = bb32 | bb32 = return' {_0} ] ) - [ & _0 : usize = any_l () + [ & _0 : UInt64.t = any_l () | & needle : t_Vec'0 = needle | & haystack : t_Vec'0 = haystack | & iter : t_RangeInclusive'0 = any_l () | & _10 : t_RangeInclusive'0 = any_l () - | & _11 : usize = any_l () - | & _12 : usize = any_l () - | & _14 : usize = any_l () + | & _11 : UInt64.t = any_l () + | & _12 : UInt64.t = any_l () + | & _14 : UInt64.t = any_l () | & iter_old : Snapshot.snap_ty (t_RangeInclusive'0) = any_l () - | & produced : Snapshot.snap_ty (Seq.seq usize) = any_l () + | & produced : Snapshot.snap_ty (Seq.seq UInt64.t) = any_l () | & _25 : t_Option'0 = any_l () | & _26 : borrowed (t_RangeInclusive'0) = any_l () | & _27 : borrowed (t_RangeInclusive'0) = any_l () - | & __creusot_proc_iter_elem : usize = any_l () - | & _30 : Snapshot.snap_ty (Seq.seq usize) = any_l () - | & i : usize = any_l () + | & __creusot_proc_iter_elem : UInt64.t = any_l () + | & _30 : Snapshot.snap_ty (Seq.seq UInt64.t) = any_l () + | & i : UInt64.t = any_l () | & iter1 : t_Range'0 = any_l () | & _36 : t_Range'0 = any_l () - | & _37 : usize = any_l () + | & _37 : UInt64.t = any_l () | & iter_old1 : Snapshot.snap_ty (t_Range'0) = any_l () - | & produced1 : Snapshot.snap_ty (Seq.seq usize) = any_l () + | & produced1 : Snapshot.snap_ty (Seq.seq UInt64.t) = any_l () | & _47 : t_Option'0 = any_l () | & _48 : borrowed (t_Range'0) = any_l () | & _49 : borrowed (t_Range'0) = any_l () - | & __creusot_proc_iter_elem1 : usize = any_l () - | & _52 : Snapshot.snap_ty (Seq.seq usize) = any_l () - | & j : usize = any_l () + | & __creusot_proc_iter_elem1 : UInt64.t = any_l () + | & _52 : Snapshot.snap_ty (Seq.seq UInt64.t) = any_l () + | & j : UInt64.t = any_l () | & _55 : bool = any_l () - | & _57 : uint8 = any_l () - | & _61 : uint8 = any_l () - | & _63 : usize = any_l () ] + | & _57 : UInt8.t = any_l () + | & _61 : UInt8.t = any_l () + | & _63 : UInt64.t = any_l () ] - [ return' (result:usize)-> {[@expl:search ensures #0] [%#s08_haystack13] UIntSize.to_int result + [ return' (result:UInt64.t)-> {[@expl:search ensures #0] [%#s08_haystack13] UInt64.to_uint result = Seq.length (view'0 haystack) - \/ UIntSize.to_int result < Seq.length (view'0 haystack) - Seq.length (view'0 needle) + 1} - {[@expl:search ensures #1] [%#s08_haystack14] UIntSize.to_int result < Seq.length (view'0 haystack) - -> match_at'0 needle haystack (UIntSize.to_int result) (Seq.length (view'0 needle)) - /\ (forall i : int . 0 <= i /\ i < UIntSize.to_int result + \/ UInt64.to_uint result < Seq.length (view'0 haystack) - Seq.length (view'0 needle) + 1} + {[@expl:search ensures #1] [%#s08_haystack14] UInt64.to_uint result < Seq.length (view'0 haystack) + -> match_at'0 needle haystack (UInt64.to_uint result) (Seq.length (view'0 needle)) + /\ (forall i : int . 0 <= i /\ i < UInt64.to_uint result -> not match_at'0 needle haystack i (Seq.length (view'0 needle)))} - {[@expl:search ensures #2] [%#s08_haystack15] UIntSize.to_int result = Seq.length (view'0 haystack) + {[@expl:search ensures #2] [%#s08_haystack15] UInt64.to_uint result = Seq.length (view'0 haystack) -> (forall i : int . 0 <= i /\ i < Seq.length (view'0 haystack) -> not match_at'0 needle haystack i (Seq.length (view'0 needle)))} (! return' {result}) ] diff --git a/creusot/tests/should_succeed/vector/09_capacity.coma b/creusot/tests/should_succeed/vector/09_capacity.coma index a4175962d6..a717fe3b93 100644 --- a/creusot/tests/should_succeed/vector/09_capacity.coma +++ b/creusot/tests/should_succeed/vector/09_capacity.coma @@ -28,24 +28,24 @@ module M_09_capacity__change_capacity [#"09_capacity.rs" 6 0 6 41] type t_Unique'0 = { t_Unique__pointer'0: t_NonNull'0; t_Unique__qy95zmarker'0: () } - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 type t_Cap'0 = - { t_Cap__0'0: usize } + { t_Cap__0'0: UInt64.t } type t_RawVec'0 = { t_RawVec__ptr'0: t_Unique'0; t_RawVec__cap'0: t_Cap'0; t_RawVec__alloc'0: () } type t_Vec'0 = - { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: usize } + { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: UInt64.t } use seq.Seq - constant v_MAX'0 : usize = (18446744073709551615 : usize) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.UIntSize - - use prelude.prelude.Int + use prelude.prelude.UInt64 type t_T'0 @@ -53,7 +53,7 @@ module M_09_capacity__change_capacity [#"09_capacity.rs" 6 0 6 41] function view'0 (self : t_Vec'0) : Seq.seq t_T'0 - axiom view'0_spec : forall self : t_Vec'0 . [%#svec10] Seq.length (view'0 self) <= UIntSize.to_int (v_MAX'0 : usize) + axiom view'0_spec : forall self : t_Vec'0 . [%#svec10] Seq.length (view'0 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) use seq.Seq @@ -90,16 +90,16 @@ module M_09_capacity__change_capacity [#"09_capacity.rs" 6 0 6 41] function view'1 (self : borrowed (t_Vec'0)) : Seq.seq t_T'0 = [%#smodel11] view'0 self.current - let rec reserve'0 (self:borrowed (t_Vec'0)) (additional:usize) (return' (ret:()))= {[@expl:reserve 'self' type invariant] inv'1 self} + let rec reserve'0 (self:borrowed (t_Vec'0)) (additional:UInt64.t) (return' (ret:()))= {[@expl:reserve 'self' type invariant] inv'1 self} any [ return' (result:())-> {[%#svec6] view'0 self.final = view'1 self} (! return' {result}) ] - let rec reserve_exact'0 (self:borrowed (t_Vec'0)) (additional:usize) (return' (ret:()))= {[@expl:reserve_exact 'self' type invariant] inv'1 self} + let rec reserve_exact'0 (self:borrowed (t_Vec'0)) (additional:UInt64.t) (return' (ret:()))= {[@expl:reserve_exact 'self' type invariant] inv'1 self} any [ return' (result:())-> {[%#svec7] view'0 self.final = view'1 self} (! return' {result}) ] let rec shrink_to_fit'0 (self:borrowed (t_Vec'0)) (return' (ret:()))= {[@expl:shrink_to_fit 'self' type invariant] inv'1 self} any [ return' (result:())-> {[%#svec8] view'0 self.final = view'1 self} (! return' {result}) ] - let rec shrink_to'0 (self:borrowed (t_Vec'0)) (min_capacity:usize) (return' (ret:()))= {[@expl:shrink_to 'self' type invariant] inv'1 self} + let rec shrink_to'0 (self:borrowed (t_Vec'0)) (min_capacity:UInt64.t) (return' (ret:()))= {[@expl:shrink_to 'self' type invariant] inv'1 self} any [ return' (result:())-> {[%#svec9] view'0 self.final = view'1 self} (! return' {result}) ] predicate resolve'1 (self : borrowed (t_Vec'0)) = @@ -127,7 +127,7 @@ module M_09_capacity__change_capacity [#"09_capacity.rs" 6 0 6 41] -{inv'0 _ret'.final}- [ &v <- { v with current = _ret'.final } ] s1) - | s1 = reserve'0 {_5} {[%#s09_capacity0] (100 : usize)} (fun (_ret':()) -> [ &_4 <- _ret' ] s2) + | s1 = reserve'0 {_5} {[%#s09_capacity0] (100 : UInt64.t)} (fun (_ret':()) -> [ &_4 <- _ret' ] s2) | s2 = bb1 ] | bb1 = s0 @@ -138,7 +138,7 @@ module M_09_capacity__change_capacity [#"09_capacity.rs" 6 0 6 41] -{inv'0 _ret'.final}- [ &v <- { v with current = _ret'.final } ] s1) - | s1 = reserve_exact'0 {_7} {[%#s09_capacity1] (200 : usize)} (fun (_ret':()) -> [ &_6 <- _ret' ] s2) + | s1 = reserve_exact'0 {_7} {[%#s09_capacity1] (200 : UInt64.t)} (fun (_ret':()) -> [ &_6 <- _ret' ] s2) | s2 = bb2 ] | bb2 = s0 @@ -160,7 +160,7 @@ module M_09_capacity__change_capacity [#"09_capacity.rs" 6 0 6 41] -{inv'0 _ret'.final}- [ &v <- { v with current = _ret'.final } ] s1) - | s1 = shrink_to'0 {_11} {[%#s09_capacity2] (1 : usize)} (fun (_ret':()) -> [ &_10 <- _ret' ] s2) + | s1 = shrink_to'0 {_11} {[%#s09_capacity2] (1 : UInt64.t)} (fun (_ret':()) -> [ &_10 <- _ret' ] s2) | s2 = bb4 ] | bb4 = s0 [ s0 = {[@expl:type invariant] inv'1 v} s1 | s1 = -{resolve'0 v}- s2 | s2 = return' {_0} ] ] @@ -204,24 +204,24 @@ module M_09_capacity__clear_vec [#"09_capacity.rs" 14 0 14 35] type t_Unique'0 = { t_Unique__pointer'0: t_NonNull'0; t_Unique__qy95zmarker'0: () } - use prelude.prelude.UIntSize + use prelude.prelude.Int + + use prelude.prelude.UInt64 type t_Cap'0 = - { t_Cap__0'0: usize } + { t_Cap__0'0: UInt64.t } type t_RawVec'0 = { t_RawVec__ptr'0: t_Unique'0; t_RawVec__cap'0: t_Cap'0; t_RawVec__alloc'0: () } type t_Vec'0 = - { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: usize } + { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: UInt64.t } use seq.Seq - constant v_MAX'0 : usize = (18446744073709551615 : usize) + constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) - use prelude.prelude.UIntSize - - use prelude.prelude.Int + use prelude.prelude.UInt64 type t_T'0 @@ -229,7 +229,7 @@ module M_09_capacity__clear_vec [#"09_capacity.rs" 14 0 14 35] function view'0 (self : t_Vec'0) : Seq.seq t_T'0 - axiom view'0_spec : forall self : t_Vec'0 . [%#svec3] Seq.length (view'0 self) <= UIntSize.to_int (v_MAX'0 : usize) + axiom view'0_spec : forall self : t_Vec'0 . [%#svec3] Seq.length (view'0 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) use seq.Seq From 3d0526835977098af7cfd8091d940c8dd6f1d826 Mon Sep 17 00:00:00 2001 From: SCHNEIDER Laurent Date: Thu, 28 Nov 2024 16:28:52 +0100 Subject: [PATCH 11/15] try test --- creusot/src/backend/clone_map.rs | 4 +-- creusot/src/backend/ty.rs | 9 +++++++ .../creusot-contracts/creusot-contracts.coma | 26 +++++++++---------- creusot/tests/should_fail/bug/878.coma | 6 ++--- creusot/tests/should_succeed/bug/874.coma | 2 +- .../should_succeed/bug/final_borrows.coma | 4 +-- .../should_succeed/heapsort_generic.coma | 4 +-- creusot/tests/should_succeed/hillel.coma | 6 ++--- creusot/tests/should_succeed/index_range.coma | 10 +++---- .../tests/should_succeed/insertion_sort.coma | 2 +- .../should_succeed/iterators/02_iter_mut.coma | 18 ++++++------- .../iterators/03_std_iterators.coma | 10 +++---- creusot/tests/should_succeed/printing.coma | 2 +- .../selection_sort_generic.coma | 2 +- creusot/tests/should_succeed/slices/01.coma | 6 ++--- .../tests/should_succeed/slices/02_std.coma | 2 +- .../should_succeed/syntax/05_pearlite.coma | 2 +- .../should_succeed/syntax/11_array_types.coma | 4 +-- .../should_succeed/syntax/13_vec_macro.coma | 2 +- .../tests/should_succeed/take_first_mut.coma | 2 +- .../tests/should_succeed/vector/02_gnome.coma | 2 +- .../vector/03_knuth_shuffle.coma | 2 +- .../vector/06_knights_tour.coma | 2 +- 23 files changed, 69 insertions(+), 60 deletions(-) diff --git a/creusot/src/backend/clone_map.rs b/creusot/src/backend/clone_map.rs index b8da6309a8..a988b9ca78 100644 --- a/creusot/src/backend/clone_map.rs +++ b/creusot/src/backend/clone_map.rs @@ -24,7 +24,7 @@ use why3::{ Ident, QName, }; -use super::ty::slice_create_qname; +use super::ty::{slice_qname}; mod elaborator; @@ -72,7 +72,7 @@ impl PreludeModule { PreludeModule::Opaque => QName::from_string("prelude.prelude.Opaque"), PreludeModule::Bool => QName::from_string("prelude.prelude.Bool"), PreludeModule::Borrow => QName::from_string("prelude.prelude.Borrow"), - PreludeModule::Slice => slice_create_qname(), + PreludeModule::Slice => slice_qname(), PreludeModule::Intrinsic => QName::from_string("prelude.prelude.Intrinsic"), } } diff --git a/creusot/src/backend/ty.rs b/creusot/src/backend/ty.rs index 4e6e1df836..69caf7448d 100644 --- a/creusot/src/backend/ty.rs +++ b/creusot/src/backend/ty.rs @@ -540,6 +540,15 @@ pub(crate) fn i128_ty() -> MlT { MlT::TConstructor(QName::from_string("Int128.t")) } +pub(crate) fn slice_qname() -> QName { + #[cfg(target_pointer_width = "64")] + return QName::from_string("Slice64"); + #[cfg(target_pointer_width = "32")] + return QName::from_string("Slice32"); + #[cfg(target_pointer_width = "16")] + return QName::from_string("Slice16"); +} + pub(crate) fn slice_create_qname() -> QName { #[cfg(target_pointer_width = "64")] return QName::from_string("Slice64.create"); diff --git a/creusot/tests/creusot-contracts/creusot-contracts.coma b/creusot/tests/creusot-contracts/creusot-contracts.coma index bda84c3ee0..3018152646 100644 --- a/creusot/tests/creusot-contracts/creusot-contracts.coma +++ b/creusot/tests/creusot-contracts/creusot-contracts.coma @@ -6366,7 +6366,7 @@ module M_creusot_contracts__stdqy35z1__deque__qyi3159098507555769709__produces_r type t_Iter'0 = { t_Iter__i1'0: t_Iter'1; t_Iter__i2'0: t_Iter'1 } - use Slice64.create + use Slice64 function view'0 [#"../../../creusot-contracts/src/std/deque.rs" 155 4 155 33] (self : t_Iter'0) : slice t_T'0 @@ -6455,7 +6455,7 @@ module M_creusot_contracts__stdqy35z1__deque__qyi3159098507555769709__produces_t use seq.Seq - use Slice64.create + use Slice64 function view'0 [#"../../../creusot-contracts/src/std/deque.rs" 155 4 155 33] (self : t_Iter'0) : slice t_T'0 @@ -14050,7 +14050,7 @@ module M_creusot_contracts__stdqy35z1__slice__qyi8256668011736225471__produces_r type t_Iter'0 = { t_Iter__ptr'0: t_NonNull'0; t_Iter__end_or_len'0: opaque_ptr; t_Iter__qy95zmarker'0: () } - use Slice64.create + use Slice64 function view'0 [#"../../../creusot-contracts/src/std/slice.rs" 407 4 407 33] (self : t_Iter'0) : slice t_T'0 @@ -14136,7 +14136,7 @@ module M_creusot_contracts__stdqy35z1__slice__qyi8256668011736225471__produces_t use seq.Seq - use Slice64.create + use Slice64 function view'0 [#"../../../creusot-contracts/src/std/slice.rs" 407 4 407 33] (self : t_Iter'0) : slice t_T'0 @@ -14250,7 +14250,7 @@ module M_creusot_contracts__stdqy35z1__slice__qyi7128337469104663169__produces_r use prelude.prelude.Slice64 - use Slice64.create + use Slice64 use seq.Seq @@ -14352,7 +14352,7 @@ module M_creusot_contracts__stdqy35z1__slice__qyi7128337469104663169__produces_t use prelude.prelude.Slice64 - use Slice64.create + use Slice64 use seq.Seq @@ -22904,7 +22904,7 @@ module M_creusot_contracts__stdqy35z1__slice__qyi4472237099583716627__resolve_co use prelude.prelude.Slice64 - use Slice64.create + use Slice64 type t_T'0 @@ -23452,7 +23452,7 @@ module M_creusot_contracts__stdqy35z1__deque__qyi3159098507555769709__produces_r use seq.Seq - use Slice64.create + use Slice64 function view'0 [#"../../../creusot-contracts/src/std/deque.rs" 155 4 155 33] (self : t_Iter'0) : slice t_T'0 @@ -23536,7 +23536,7 @@ module M_creusot_contracts__stdqy35z1__deque__qyi3159098507555769709__produces_t use seq.Seq - use Slice64.create + use Slice64 function view'0 [#"../../../creusot-contracts/src/std/deque.rs" 155 4 155 33] (self : t_Iter'0) : slice t_T'0 @@ -27346,7 +27346,7 @@ module M_creusot_contracts__stdqy35z1__slice__qyi8256668011736225471__produces_t use seq.Seq - use Slice64.create + use Slice64 function view'0 [#"../../../creusot-contracts/src/std/slice.rs" 407 4 407 33] (self : t_Iter'0) : slice t_T'0 @@ -27438,7 +27438,7 @@ module M_creusot_contracts__stdqy35z1__slice__qyi8256668011736225471__produces_r use seq.Seq - use Slice64.create + use Slice64 function view'0 [#"../../../creusot-contracts/src/std/slice.rs" 407 4 407 33] (self : t_Iter'0) : slice t_T'0 @@ -27538,7 +27538,7 @@ module M_creusot_contracts__stdqy35z1__slice__qyi7128337469104663169__produces_r use prelude.prelude.Slice64 - use Slice64.create + use Slice64 use seq.Seq @@ -27628,7 +27628,7 @@ module M_creusot_contracts__stdqy35z1__slice__qyi7128337469104663169__produces_t use prelude.prelude.Slice64 - use Slice64.create + use Slice64 use seq.Seq diff --git a/creusot/tests/should_fail/bug/878.coma b/creusot/tests/should_fail/bug/878.coma index 5104371c41..eeb135a488 100644 --- a/creusot/tests/should_fail/bug/878.coma +++ b/creusot/tests/should_fail/bug/878.coma @@ -10,7 +10,7 @@ module M_878__test [#"878.rs" 4 0 4 13] let%span sslice8 = "../../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 let%span sslice9 = "../../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 - use Slice64.create + use Slice64 use prelude.prelude.Int @@ -122,7 +122,7 @@ module M_878__test2 [#"878.rs" 19 0 19 14] type t_S'0 = { t_S__0'0: UInt32.t } - use Slice64.create + use Slice64 use seq.Seq @@ -264,7 +264,7 @@ module M_878__test3 [#"878.rs" 25 0 25 14] type t_S'0 = { t_S__0'0: UInt32.t } - use Slice64.create + use Slice64 use seq.Seq diff --git a/creusot/tests/should_succeed/bug/874.coma b/creusot/tests/should_succeed/bug/874.coma index 68473eee6e..892bf30e66 100644 --- a/creusot/tests/should_succeed/bug/874.coma +++ b/creusot/tests/should_succeed/bug/874.coma @@ -32,7 +32,7 @@ module M_874__can_extend [#"874.rs" 4 0 4 19] let%span svec30 = "../../../../creusot-contracts/src/std/vec.rs" 273 4 273 10 let%span sresolve31 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 - use Slice64.create + use Slice64 use prelude.prelude.Int diff --git a/creusot/tests/should_succeed/bug/final_borrows.coma b/creusot/tests/should_succeed/bug/final_borrows.coma index a99e85f9f5..16dc62afbd 100644 --- a/creusot/tests/should_succeed/bug/final_borrows.coma +++ b/creusot/tests/should_succeed/bug/final_borrows.coma @@ -1973,7 +1973,7 @@ module M_final_borrows__index_mut_slice [#"final_borrows.rs" 208 0 208 48] predicate inv'0 (_1 : t_T'0) - use Slice64.create + use Slice64 predicate invariant'0 (self : borrowed t_T'0) = [%#sinvariant11] inv'0 self.current /\ inv'0 self.final @@ -2134,7 +2134,7 @@ module M_final_borrows__index_mut_array [#"final_borrows.rs" 214 0 214 52] predicate inv'0 (_1 : t_T'0) - use Slice64.create + use Slice64 predicate invariant'0 (self : borrowed t_T'0) = [%#sinvariant9] inv'0 self.current /\ inv'0 self.final diff --git a/creusot/tests/should_succeed/heapsort_generic.coma b/creusot/tests/should_succeed/heapsort_generic.coma index 50d315ce82..1a6ced9b91 100644 --- a/creusot/tests/should_succeed/heapsort_generic.coma +++ b/creusot/tests/should_succeed/heapsort_generic.coma @@ -406,7 +406,7 @@ module M_heapsort_generic__sift_down [#"heapsort_generic.rs" 41 0 43 29] (! return' {result}) ] - use Slice64.create + use Slice64 use prelude.prelude.Slice64 @@ -911,7 +911,7 @@ module M_heapsort_generic__heap_sort [#"heapsort_generic.rs" 94 0 96 29] predicate sorted_range'0 [#"heapsort_generic.rs" 78 0 78 63] (s : Seq.seq t_DeepModelTy'0) (l : int) (u : int) = [%#sheapsort_generic37] forall i : int, j : int . l <= i /\ i < j /\ j < u -> le_log'0 (Seq.get s i) (Seq.get s j) - use Slice64.create + use Slice64 use prelude.prelude.Slice64 diff --git a/creusot/tests/should_succeed/hillel.coma b/creusot/tests/should_succeed/hillel.coma index 7efc380260..66e4a2b2cd 100644 --- a/creusot/tests/should_succeed/hillel.coma +++ b/creusot/tests/should_succeed/hillel.coma @@ -652,7 +652,7 @@ module M_hillel__insert_unique [#"hillel.rs" 80 0 80 62] axiom inv_axiom'4 [@rewrite] : forall x : t_Vec'0 [inv'5 x] . inv'5 x = invariant'3 x - use Slice64.create + use Slice64 use prelude.prelude.Slice64 @@ -1133,7 +1133,7 @@ module M_hillel__unique [#"hillel.rs" 102 0 102 56] use prelude.prelude.Borrow - use Slice64.create + use Slice64 use prelude.prelude.Slice64 @@ -1735,7 +1735,7 @@ module M_hillel__fulcrum [#"hillel.rs" 159 0 159 30] use prelude.prelude.Borrow - use Slice64.create + use Slice64 predicate inv'4 (_1 : slice UInt32.t) diff --git a/creusot/tests/should_succeed/index_range.coma b/creusot/tests/should_succeed/index_range.coma index bac04790f8..c9fa7f1f04 100644 --- a/creusot/tests/should_succeed/index_range.coma +++ b/creusot/tests/should_succeed/index_range.coma @@ -312,7 +312,7 @@ module M_index_range__test_range [#"index_range.rs" 27 0 27 19] [%#sslice89] UInt64.to_uint self.t_Range__start'0 <= UInt64.to_uint self.t_Range__end'0 /\ UInt64.to_uint self.t_Range__end'0 <= Seq.length seq - use Slice64.create + use Slice64 predicate inv'2 (_1 : slice Int32.t) @@ -953,7 +953,7 @@ module M_index_range__test_range_to [#"index_range.rs" 78 0 78 22] predicate in_bounds'0 (self : t_RangeTo'0) (seq : Seq.seq Int32.t) = [%#sslice62] UInt64.to_uint self.t_RangeTo__end'0 <= Seq.length seq - use Slice64.create + use Slice64 predicate inv'2 (_1 : slice Int32.t) @@ -1450,7 +1450,7 @@ module M_index_range__test_range_from [#"index_range.rs" 115 0 115 24] predicate in_bounds'0 (self : t_RangeFrom'0) (seq : Seq.seq Int32.t) = [%#sslice64] UInt64.to_uint self.t_RangeFrom__start'0 <= Seq.length seq - use Slice64.create + use Slice64 predicate inv'2 (_1 : slice Int32.t) @@ -1949,7 +1949,7 @@ module M_index_range__test_range_full [#"index_range.rs" 154 0 154 24] predicate in_bounds'0 (self : ()) (_seq : Seq.seq Int32.t) = [%#sslice56] true - use Slice64.create + use Slice64 predicate inv'2 (_1 : slice Int32.t) @@ -2419,7 +2419,7 @@ module M_index_range__test_range_to_inclusive [#"index_range.rs" 179 0 179 32] predicate in_bounds'0 (self : t_RangeToInclusive'0) (seq : Seq.seq Int32.t) = [%#sslice59] UInt64.to_uint self.t_RangeToInclusive__end'0 < Seq.length seq - use Slice64.create + use Slice64 predicate inv'2 (_1 : slice Int32.t) diff --git a/creusot/tests/should_succeed/insertion_sort.coma b/creusot/tests/should_succeed/insertion_sort.coma index 05da8354e1..2a5dc24f12 100644 --- a/creusot/tests/should_succeed/insertion_sort.coma +++ b/creusot/tests/should_succeed/insertion_sort.coma @@ -85,7 +85,7 @@ module M_insertion_sort__insertion_sort [#"insertion_sort.rs" 21 0 21 40] use prelude.prelude.Borrow - use Slice64.create + use Slice64 use prelude.prelude.Int diff --git a/creusot/tests/should_succeed/iterators/02_iter_mut.coma b/creusot/tests/should_succeed/iterators/02_iter_mut.coma index 185e8105cc..dc3f7df1b0 100644 --- a/creusot/tests/should_succeed/iterators/02_iter_mut.coma +++ b/creusot/tests/should_succeed/iterators/02_iter_mut.coma @@ -17,7 +17,7 @@ module M_02_iter_mut__qyi4305820612590367313__produces_refl [#"02_iter_mut.rs" 5 use prelude.prelude.Borrow - use Slice64.create + use Slice64 type t_T'0 @@ -155,7 +155,7 @@ module M_02_iter_mut__qyi4305820612590367313__produces_trans [#"02_iter_mut.rs" use prelude.prelude.Borrow - use Slice64.create + use Slice64 type t_T'0 @@ -303,7 +303,7 @@ module M_02_iter_mut__qyi4305820612590367313__next [#"02_iter_mut.rs" 67 4 67 44 use prelude.prelude.Borrow - use Slice64.create + use Slice64 type t_T'0 @@ -532,7 +532,7 @@ module M_02_iter_mut__qyi7060081090368749043__into_iter [#"02_iter_mut.rs" 74 4 use prelude.prelude.Borrow - use Slice64.create + use Slice64 type t_T'0 @@ -721,7 +721,7 @@ module M_02_iter_mut__iter_mut [#"02_iter_mut.rs" 82 0 82 55] predicate in_bounds'0 (self : ()) (_seq : Seq.seq t_T'0) = [%#sslice14] true - use Slice64.create + use Slice64 use prelude.prelude.Slice64 @@ -924,7 +924,7 @@ module M_02_iter_mut__all_zero [#"02_iter_mut.rs" 88 0 88 35] axiom inv_axiom'1 [@rewrite] : forall x : borrowed (t_Vec'0) [inv'1 x] . inv'1 x = true - use Slice64.create + use Slice64 type t_IterMut'0 = { t_IterMut__inner'0: borrowed (slice UInt64.t) } @@ -1200,7 +1200,7 @@ module M_02_iter_mut__qyi4305820612590367313__produces_trans__refines [#"02_iter use prelude.prelude.Borrow - use Slice64.create + use Slice64 type t_T'0 @@ -1332,7 +1332,7 @@ module M_02_iter_mut__qyi4305820612590367313__next__refines [#"02_iter_mut.rs" 6 use prelude.prelude.Borrow - use Slice64.create + use Slice64 type t_T'0 @@ -1507,7 +1507,7 @@ module M_02_iter_mut__qyi4305820612590367313__produces_refl__refines [#"02_iter_ use prelude.prelude.Borrow - use Slice64.create + use Slice64 type t_T'0 diff --git a/creusot/tests/should_succeed/iterators/03_std_iterators.coma b/creusot/tests/should_succeed/iterators/03_std_iterators.coma index ce59567f37..0ca260566c 100644 --- a/creusot/tests/should_succeed/iterators/03_std_iterators.coma +++ b/creusot/tests/should_succeed/iterators/03_std_iterators.coma @@ -41,7 +41,7 @@ module M_03_std_iterators__slice_iter [#"03_std_iterators.rs" 6 0 6 42] use prelude.prelude.Borrow - use Slice64.create + use Slice64 type t_T'0 @@ -426,7 +426,7 @@ module M_03_std_iterators__vec_iter [#"03_std_iterators.rs" 17 0 17 41] function view'0 (self : t_Vec'0) : Seq.seq t_T'0 = [%#smodel13] view'2 self - use Slice64.create + use Slice64 function view'1 (self : t_Iter'0) : slice t_T'0 @@ -706,7 +706,7 @@ module M_03_std_iterators__all_zero [#"03_std_iterators.rs" 28 0 28 35] axiom inv_axiom'2 [@rewrite] : forall x : borrowed (t_Vec'0) [inv'2 x] . inv'2 x = true - use Slice64.create + use Slice64 predicate inv'3 (_1 : borrowed (slice UInt64.t)) @@ -1420,7 +1420,7 @@ module M_03_std_iterators__counter [#"03_std_iterators.rs" 41 0 41 27] axiom inv_axiom'0 [@rewrite] : forall x : t_Vec'0 [inv'0 x] . inv'0 x = true - use Slice64.create + use Slice64 use prelude.prelude.UInt32 @@ -2592,7 +2592,7 @@ module M_03_std_iterators__my_reverse [#"03_std_iterators.rs" 94 0 94 37] use prelude.prelude.Borrow - use Slice64.create + use Slice64 type t_T'0 diff --git a/creusot/tests/should_succeed/printing.coma b/creusot/tests/should_succeed/printing.coma index 4ae3b428ff..508e2f5ca6 100644 --- a/creusot/tests/should_succeed/printing.coma +++ b/creusot/tests/should_succeed/printing.coma @@ -6,7 +6,7 @@ module M_printing__f [#"printing.rs" 5 0 5 10] let%span sprinting4 = "printing.rs" 8 12 8 20 let%span sprinting5 = "printing.rs" 9 14 9 23 - use Slice64.create + use Slice64 use prelude.prelude.Borrow diff --git a/creusot/tests/should_succeed/selection_sort_generic.coma b/creusot/tests/should_succeed/selection_sort_generic.coma index ca0edfcd43..e5ee9f334c 100644 --- a/creusot/tests/should_succeed/selection_sort_generic.coma +++ b/creusot/tests/should_succeed/selection_sort_generic.coma @@ -418,7 +418,7 @@ module M_selection_sort_generic__selection_sort [#"selection_sort_generic.rs" 30 axiom inv_axiom'5 [@rewrite] : forall x : borrowed (t_Vec'0) [inv'5 x] . inv'5 x = invariant'3 x - use Slice64.create + use Slice64 use prelude.prelude.Slice64 diff --git a/creusot/tests/should_succeed/slices/01.coma b/creusot/tests/should_succeed/slices/01.coma index 0a745b0a97..571ddc5302 100644 --- a/creusot/tests/should_succeed/slices/01.coma +++ b/creusot/tests/should_succeed/slices/01.coma @@ -12,7 +12,7 @@ module M_01__index_slice [#"01.rs" 6 0 6 36] use prelude.prelude.UInt32 - use Slice64.create + use Slice64 use prelude.prelude.Intrinsic @@ -78,7 +78,7 @@ module M_01__index_mut_slice [#"01.rs" 12 0 12 37] use prelude.prelude.UInt32 - use Slice64.create + use Slice64 use prelude.prelude.Borrow @@ -164,7 +164,7 @@ module M_01__slice_first [#"01.rs" 20 0 20 44] use prelude.prelude.Borrow - use Slice64.create + use Slice64 type t_T'0 diff --git a/creusot/tests/should_succeed/slices/02_std.coma b/creusot/tests/should_succeed/slices/02_std.coma index 8972213372..5b4d744636 100644 --- a/creusot/tests/should_succeed/slices/02_std.coma +++ b/creusot/tests/should_succeed/slices/02_std.coma @@ -47,7 +47,7 @@ module M_02_std__binary_search [#"02_std.rs" 8 0 8 40] [ bb0 = s0 [ s0 = [ &_0 <- [%#s02_std3] (2 : UInt32.t) ] s1 | s1 = return' {_0} ] ] [ & _0 : UInt32.t = any_l () ] [ return' (result:UInt32.t)-> return' {result} ] - use Slice64.create + use Slice64 predicate inv'0 (_1 : slice UInt32.t) diff --git a/creusot/tests/should_succeed/syntax/05_pearlite.coma b/creusot/tests/should_succeed/syntax/05_pearlite.coma index e4bed2ef5f..8e903b68c2 100644 --- a/creusot/tests/should_succeed/syntax/05_pearlite.coma +++ b/creusot/tests/should_succeed/syntax/05_pearlite.coma @@ -7,7 +7,7 @@ module M_05_pearlite__has_len_3 [#"05_pearlite.rs" 11 0 11 35] use prelude.prelude.Borrow - use Slice64.create + use Slice64 use prelude.prelude.Int diff --git a/creusot/tests/should_succeed/syntax/11_array_types.coma b/creusot/tests/should_succeed/syntax/11_array_types.coma index 3f17eb5be8..89883b070b 100644 --- a/creusot/tests/should_succeed/syntax/11_array_types.coma +++ b/creusot/tests/should_succeed/syntax/11_array_types.coma @@ -10,7 +10,7 @@ module M_11_array_types__omg [#"11_array_types.rs" 8 0 8 28] use prelude.prelude.UInt64 - use Slice64.create + use Slice64 use prelude.prelude.Int64 @@ -72,7 +72,7 @@ module M_11_array_types__call_omg [#"11_array_types.rs" 14 0 14 17] use prelude.prelude.UInt64 - use Slice64.create + use Slice64 type t_UsesArray'0 = { t_UsesArray__0'0: array Int64.t } diff --git a/creusot/tests/should_succeed/syntax/13_vec_macro.coma b/creusot/tests/should_succeed/syntax/13_vec_macro.coma index f8430c10df..2797fbc4db 100644 --- a/creusot/tests/should_succeed/syntax/13_vec_macro.coma +++ b/creusot/tests/should_succeed/syntax/13_vec_macro.coma @@ -104,7 +104,7 @@ module M_13_vec_macro__x [#"13_vec_macro.rs" 5 0 5 10] (! return' {result}) ] - use Slice64.create + use Slice64 predicate inv'3 (_1 : slice Int32.t) diff --git a/creusot/tests/should_succeed/take_first_mut.coma b/creusot/tests/should_succeed/take_first_mut.coma index 9aa1ef338b..62e9659cef 100644 --- a/creusot/tests/should_succeed/take_first_mut.coma +++ b/creusot/tests/should_succeed/take_first_mut.coma @@ -19,7 +19,7 @@ module M_take_first_mut__take_first_mut [#"take_first_mut.rs" 14 0 14 74] use prelude.prelude.Borrow - use Slice64.create + use Slice64 type t_T'0 diff --git a/creusot/tests/should_succeed/vector/02_gnome.coma b/creusot/tests/should_succeed/vector/02_gnome.coma index 29c67c07b4..d24583f882 100644 --- a/creusot/tests/should_succeed/vector/02_gnome.coma +++ b/creusot/tests/should_succeed/vector/02_gnome.coma @@ -282,7 +282,7 @@ module M_02_gnome__gnome_sort [#"02_gnome.rs" 22 0 24 29] axiom inv_axiom'3 [@rewrite] : forall x : borrowed (t_Vec'0) [inv'3 x] . inv'3 x = invariant'3 x - use Slice64.create + use Slice64 use prelude.prelude.Slice64 diff --git a/creusot/tests/should_succeed/vector/03_knuth_shuffle.coma b/creusot/tests/should_succeed/vector/03_knuth_shuffle.coma index 73357636d4..ab351a1eee 100644 --- a/creusot/tests/should_succeed/vector/03_knuth_shuffle.coma +++ b/creusot/tests/should_succeed/vector/03_knuth_shuffle.coma @@ -265,7 +265,7 @@ module M_03_knuth_shuffle__knuth_shuffle [#"03_knuth_shuffle.rs" 13 0 13 39] axiom inv_axiom'5 [@rewrite] : forall x : borrowed (t_Vec'0) [inv'5 x] . inv'5 x = invariant'3 x - use Slice64.create + use Slice64 use prelude.prelude.Slice64 diff --git a/creusot/tests/should_succeed/vector/06_knights_tour.coma b/creusot/tests/should_succeed/vector/06_knights_tour.coma index a4ceabc95b..0ba888939e 100644 --- a/creusot/tests/should_succeed/vector/06_knights_tour.coma +++ b/creusot/tests/should_succeed/vector/06_knights_tour.coma @@ -1487,7 +1487,7 @@ module M_06_knights_tour__min [#"06_knights_tour.rs" 110 0 110 58] function view'0 (self : t_Vec'0) : Seq.seq (UInt64.t, t_Point'0) = [%#smodel7] view'1 self - use Slice64.create + use Slice64 function view'2 (self : t_Iter'0) : slice (UInt64.t, t_Point'0) From eb68505bd907c3e445f6ddd633dd29aabdf8e4f8 Mon Sep 17 00:00:00 2001 From: SCHNEIDER Laurent Date: Thu, 28 Nov 2024 16:33:27 +0100 Subject: [PATCH 12/15] try test --- creusot/src/backend/clone_map.rs | 4 +-- creusot/src/backend/ty.rs | 8 +++--- .../creusot-contracts/creusot-contracts.coma | 26 +++++++++---------- creusot/tests/should_fail/bug/878.coma | 6 ++--- creusot/tests/should_succeed/bug/874.coma | 2 +- .../should_succeed/bug/final_borrows.coma | 4 +-- .../should_succeed/heapsort_generic.coma | 4 +-- creusot/tests/should_succeed/hillel.coma | 6 ++--- creusot/tests/should_succeed/index_range.coma | 10 +++---- .../tests/should_succeed/insertion_sort.coma | 2 +- .../should_succeed/iterators/02_iter_mut.coma | 18 ++++++------- .../iterators/03_std_iterators.coma | 10 +++---- creusot/tests/should_succeed/printing.coma | 2 +- .../selection_sort_generic.coma | 2 +- creusot/tests/should_succeed/slices/01.coma | 6 ++--- .../tests/should_succeed/slices/02_std.coma | 2 +- .../should_succeed/syntax/05_pearlite.coma | 2 +- .../should_succeed/syntax/11_array_types.coma | 4 +-- .../should_succeed/syntax/13_vec_macro.coma | 2 +- .../tests/should_succeed/take_first_mut.coma | 2 +- .../tests/should_succeed/vector/02_gnome.coma | 2 +- .../vector/03_knuth_shuffle.coma | 2 +- .../vector/06_knights_tour.coma | 2 +- 23 files changed, 64 insertions(+), 64 deletions(-) diff --git a/creusot/src/backend/clone_map.rs b/creusot/src/backend/clone_map.rs index a988b9ca78..1c12a04996 100644 --- a/creusot/src/backend/clone_map.rs +++ b/creusot/src/backend/clone_map.rs @@ -24,7 +24,7 @@ use why3::{ Ident, QName, }; -use super::ty::{slice_qname}; +use super::ty::{slice_prelude_qname}; mod elaborator; @@ -72,7 +72,7 @@ impl PreludeModule { PreludeModule::Opaque => QName::from_string("prelude.prelude.Opaque"), PreludeModule::Bool => QName::from_string("prelude.prelude.Bool"), PreludeModule::Borrow => QName::from_string("prelude.prelude.Borrow"), - PreludeModule::Slice => slice_qname(), + PreludeModule::Slice => slice_prelude_qname(), PreludeModule::Intrinsic => QName::from_string("prelude.prelude.Intrinsic"), } } diff --git a/creusot/src/backend/ty.rs b/creusot/src/backend/ty.rs index 69caf7448d..7021d42302 100644 --- a/creusot/src/backend/ty.rs +++ b/creusot/src/backend/ty.rs @@ -540,13 +540,13 @@ pub(crate) fn i128_ty() -> MlT { MlT::TConstructor(QName::from_string("Int128.t")) } -pub(crate) fn slice_qname() -> QName { +pub(crate) fn slice_prelude_qname() -> QName { #[cfg(target_pointer_width = "64")] - return QName::from_string("Slice64"); + return QName::from_string("prelude.prelude.Slice64"); #[cfg(target_pointer_width = "32")] - return QName::from_string("Slice32"); + return QName::from_string("prelude.prelude.Slice32"); #[cfg(target_pointer_width = "16")] - return QName::from_string("Slice16"); + return QName::from_string("prelude.prelude.Slice16"); } pub(crate) fn slice_create_qname() -> QName { diff --git a/creusot/tests/creusot-contracts/creusot-contracts.coma b/creusot/tests/creusot-contracts/creusot-contracts.coma index 3018152646..f6a63b7255 100644 --- a/creusot/tests/creusot-contracts/creusot-contracts.coma +++ b/creusot/tests/creusot-contracts/creusot-contracts.coma @@ -6366,7 +6366,7 @@ module M_creusot_contracts__stdqy35z1__deque__qyi3159098507555769709__produces_r type t_Iter'0 = { t_Iter__i1'0: t_Iter'1; t_Iter__i2'0: t_Iter'1 } - use Slice64 + use prelude.prelude.Slice64 function view'0 [#"../../../creusot-contracts/src/std/deque.rs" 155 4 155 33] (self : t_Iter'0) : slice t_T'0 @@ -6455,7 +6455,7 @@ module M_creusot_contracts__stdqy35z1__deque__qyi3159098507555769709__produces_t use seq.Seq - use Slice64 + use prelude.prelude.Slice64 function view'0 [#"../../../creusot-contracts/src/std/deque.rs" 155 4 155 33] (self : t_Iter'0) : slice t_T'0 @@ -14050,7 +14050,7 @@ module M_creusot_contracts__stdqy35z1__slice__qyi8256668011736225471__produces_r type t_Iter'0 = { t_Iter__ptr'0: t_NonNull'0; t_Iter__end_or_len'0: opaque_ptr; t_Iter__qy95zmarker'0: () } - use Slice64 + use prelude.prelude.Slice64 function view'0 [#"../../../creusot-contracts/src/std/slice.rs" 407 4 407 33] (self : t_Iter'0) : slice t_T'0 @@ -14136,7 +14136,7 @@ module M_creusot_contracts__stdqy35z1__slice__qyi8256668011736225471__produces_t use seq.Seq - use Slice64 + use prelude.prelude.Slice64 function view'0 [#"../../../creusot-contracts/src/std/slice.rs" 407 4 407 33] (self : t_Iter'0) : slice t_T'0 @@ -14250,7 +14250,7 @@ module M_creusot_contracts__stdqy35z1__slice__qyi7128337469104663169__produces_r use prelude.prelude.Slice64 - use Slice64 + use prelude.prelude.Slice64 use seq.Seq @@ -14352,7 +14352,7 @@ module M_creusot_contracts__stdqy35z1__slice__qyi7128337469104663169__produces_t use prelude.prelude.Slice64 - use Slice64 + use prelude.prelude.Slice64 use seq.Seq @@ -22904,7 +22904,7 @@ module M_creusot_contracts__stdqy35z1__slice__qyi4472237099583716627__resolve_co use prelude.prelude.Slice64 - use Slice64 + use prelude.prelude.Slice64 type t_T'0 @@ -23452,7 +23452,7 @@ module M_creusot_contracts__stdqy35z1__deque__qyi3159098507555769709__produces_r use seq.Seq - use Slice64 + use prelude.prelude.Slice64 function view'0 [#"../../../creusot-contracts/src/std/deque.rs" 155 4 155 33] (self : t_Iter'0) : slice t_T'0 @@ -23536,7 +23536,7 @@ module M_creusot_contracts__stdqy35z1__deque__qyi3159098507555769709__produces_t use seq.Seq - use Slice64 + use prelude.prelude.Slice64 function view'0 [#"../../../creusot-contracts/src/std/deque.rs" 155 4 155 33] (self : t_Iter'0) : slice t_T'0 @@ -27346,7 +27346,7 @@ module M_creusot_contracts__stdqy35z1__slice__qyi8256668011736225471__produces_t use seq.Seq - use Slice64 + use prelude.prelude.Slice64 function view'0 [#"../../../creusot-contracts/src/std/slice.rs" 407 4 407 33] (self : t_Iter'0) : slice t_T'0 @@ -27438,7 +27438,7 @@ module M_creusot_contracts__stdqy35z1__slice__qyi8256668011736225471__produces_r use seq.Seq - use Slice64 + use prelude.prelude.Slice64 function view'0 [#"../../../creusot-contracts/src/std/slice.rs" 407 4 407 33] (self : t_Iter'0) : slice t_T'0 @@ -27538,7 +27538,7 @@ module M_creusot_contracts__stdqy35z1__slice__qyi7128337469104663169__produces_r use prelude.prelude.Slice64 - use Slice64 + use prelude.prelude.Slice64 use seq.Seq @@ -27628,7 +27628,7 @@ module M_creusot_contracts__stdqy35z1__slice__qyi7128337469104663169__produces_t use prelude.prelude.Slice64 - use Slice64 + use prelude.prelude.Slice64 use seq.Seq diff --git a/creusot/tests/should_fail/bug/878.coma b/creusot/tests/should_fail/bug/878.coma index eeb135a488..7528c8b687 100644 --- a/creusot/tests/should_fail/bug/878.coma +++ b/creusot/tests/should_fail/bug/878.coma @@ -10,7 +10,7 @@ module M_878__test [#"878.rs" 4 0 4 13] let%span sslice8 = "../../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 let%span sslice9 = "../../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 - use Slice64 + use prelude.prelude.Slice64 use prelude.prelude.Int @@ -122,7 +122,7 @@ module M_878__test2 [#"878.rs" 19 0 19 14] type t_S'0 = { t_S__0'0: UInt32.t } - use Slice64 + use prelude.prelude.Slice64 use seq.Seq @@ -264,7 +264,7 @@ module M_878__test3 [#"878.rs" 25 0 25 14] type t_S'0 = { t_S__0'0: UInt32.t } - use Slice64 + use prelude.prelude.Slice64 use seq.Seq diff --git a/creusot/tests/should_succeed/bug/874.coma b/creusot/tests/should_succeed/bug/874.coma index 892bf30e66..adac53f920 100644 --- a/creusot/tests/should_succeed/bug/874.coma +++ b/creusot/tests/should_succeed/bug/874.coma @@ -32,7 +32,7 @@ module M_874__can_extend [#"874.rs" 4 0 4 19] let%span svec30 = "../../../../creusot-contracts/src/std/vec.rs" 273 4 273 10 let%span sresolve31 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 - use Slice64 + use prelude.prelude.Slice64 use prelude.prelude.Int diff --git a/creusot/tests/should_succeed/bug/final_borrows.coma b/creusot/tests/should_succeed/bug/final_borrows.coma index 16dc62afbd..2ea27a8f6a 100644 --- a/creusot/tests/should_succeed/bug/final_borrows.coma +++ b/creusot/tests/should_succeed/bug/final_borrows.coma @@ -1973,7 +1973,7 @@ module M_final_borrows__index_mut_slice [#"final_borrows.rs" 208 0 208 48] predicate inv'0 (_1 : t_T'0) - use Slice64 + use prelude.prelude.Slice64 predicate invariant'0 (self : borrowed t_T'0) = [%#sinvariant11] inv'0 self.current /\ inv'0 self.final @@ -2134,7 +2134,7 @@ module M_final_borrows__index_mut_array [#"final_borrows.rs" 214 0 214 52] predicate inv'0 (_1 : t_T'0) - use Slice64 + use prelude.prelude.Slice64 predicate invariant'0 (self : borrowed t_T'0) = [%#sinvariant9] inv'0 self.current /\ inv'0 self.final diff --git a/creusot/tests/should_succeed/heapsort_generic.coma b/creusot/tests/should_succeed/heapsort_generic.coma index 1a6ced9b91..e6e67ed175 100644 --- a/creusot/tests/should_succeed/heapsort_generic.coma +++ b/creusot/tests/should_succeed/heapsort_generic.coma @@ -406,7 +406,7 @@ module M_heapsort_generic__sift_down [#"heapsort_generic.rs" 41 0 43 29] (! return' {result}) ] - use Slice64 + use prelude.prelude.Slice64 use prelude.prelude.Slice64 @@ -911,7 +911,7 @@ module M_heapsort_generic__heap_sort [#"heapsort_generic.rs" 94 0 96 29] predicate sorted_range'0 [#"heapsort_generic.rs" 78 0 78 63] (s : Seq.seq t_DeepModelTy'0) (l : int) (u : int) = [%#sheapsort_generic37] forall i : int, j : int . l <= i /\ i < j /\ j < u -> le_log'0 (Seq.get s i) (Seq.get s j) - use Slice64 + use prelude.prelude.Slice64 use prelude.prelude.Slice64 diff --git a/creusot/tests/should_succeed/hillel.coma b/creusot/tests/should_succeed/hillel.coma index 66e4a2b2cd..d1df83ff62 100644 --- a/creusot/tests/should_succeed/hillel.coma +++ b/creusot/tests/should_succeed/hillel.coma @@ -652,7 +652,7 @@ module M_hillel__insert_unique [#"hillel.rs" 80 0 80 62] axiom inv_axiom'4 [@rewrite] : forall x : t_Vec'0 [inv'5 x] . inv'5 x = invariant'3 x - use Slice64 + use prelude.prelude.Slice64 use prelude.prelude.Slice64 @@ -1133,7 +1133,7 @@ module M_hillel__unique [#"hillel.rs" 102 0 102 56] use prelude.prelude.Borrow - use Slice64 + use prelude.prelude.Slice64 use prelude.prelude.Slice64 @@ -1735,7 +1735,7 @@ module M_hillel__fulcrum [#"hillel.rs" 159 0 159 30] use prelude.prelude.Borrow - use Slice64 + use prelude.prelude.Slice64 predicate inv'4 (_1 : slice UInt32.t) diff --git a/creusot/tests/should_succeed/index_range.coma b/creusot/tests/should_succeed/index_range.coma index c9fa7f1f04..ea518fc474 100644 --- a/creusot/tests/should_succeed/index_range.coma +++ b/creusot/tests/should_succeed/index_range.coma @@ -312,7 +312,7 @@ module M_index_range__test_range [#"index_range.rs" 27 0 27 19] [%#sslice89] UInt64.to_uint self.t_Range__start'0 <= UInt64.to_uint self.t_Range__end'0 /\ UInt64.to_uint self.t_Range__end'0 <= Seq.length seq - use Slice64 + use prelude.prelude.Slice64 predicate inv'2 (_1 : slice Int32.t) @@ -953,7 +953,7 @@ module M_index_range__test_range_to [#"index_range.rs" 78 0 78 22] predicate in_bounds'0 (self : t_RangeTo'0) (seq : Seq.seq Int32.t) = [%#sslice62] UInt64.to_uint self.t_RangeTo__end'0 <= Seq.length seq - use Slice64 + use prelude.prelude.Slice64 predicate inv'2 (_1 : slice Int32.t) @@ -1450,7 +1450,7 @@ module M_index_range__test_range_from [#"index_range.rs" 115 0 115 24] predicate in_bounds'0 (self : t_RangeFrom'0) (seq : Seq.seq Int32.t) = [%#sslice64] UInt64.to_uint self.t_RangeFrom__start'0 <= Seq.length seq - use Slice64 + use prelude.prelude.Slice64 predicate inv'2 (_1 : slice Int32.t) @@ -1949,7 +1949,7 @@ module M_index_range__test_range_full [#"index_range.rs" 154 0 154 24] predicate in_bounds'0 (self : ()) (_seq : Seq.seq Int32.t) = [%#sslice56] true - use Slice64 + use prelude.prelude.Slice64 predicate inv'2 (_1 : slice Int32.t) @@ -2419,7 +2419,7 @@ module M_index_range__test_range_to_inclusive [#"index_range.rs" 179 0 179 32] predicate in_bounds'0 (self : t_RangeToInclusive'0) (seq : Seq.seq Int32.t) = [%#sslice59] UInt64.to_uint self.t_RangeToInclusive__end'0 < Seq.length seq - use Slice64 + use prelude.prelude.Slice64 predicate inv'2 (_1 : slice Int32.t) diff --git a/creusot/tests/should_succeed/insertion_sort.coma b/creusot/tests/should_succeed/insertion_sort.coma index 2a5dc24f12..36168092f5 100644 --- a/creusot/tests/should_succeed/insertion_sort.coma +++ b/creusot/tests/should_succeed/insertion_sort.coma @@ -85,7 +85,7 @@ module M_insertion_sort__insertion_sort [#"insertion_sort.rs" 21 0 21 40] use prelude.prelude.Borrow - use Slice64 + use prelude.prelude.Slice64 use prelude.prelude.Int diff --git a/creusot/tests/should_succeed/iterators/02_iter_mut.coma b/creusot/tests/should_succeed/iterators/02_iter_mut.coma index dc3f7df1b0..72fded5d15 100644 --- a/creusot/tests/should_succeed/iterators/02_iter_mut.coma +++ b/creusot/tests/should_succeed/iterators/02_iter_mut.coma @@ -17,7 +17,7 @@ module M_02_iter_mut__qyi4305820612590367313__produces_refl [#"02_iter_mut.rs" 5 use prelude.prelude.Borrow - use Slice64 + use prelude.prelude.Slice64 type t_T'0 @@ -155,7 +155,7 @@ module M_02_iter_mut__qyi4305820612590367313__produces_trans [#"02_iter_mut.rs" use prelude.prelude.Borrow - use Slice64 + use prelude.prelude.Slice64 type t_T'0 @@ -303,7 +303,7 @@ module M_02_iter_mut__qyi4305820612590367313__next [#"02_iter_mut.rs" 67 4 67 44 use prelude.prelude.Borrow - use Slice64 + use prelude.prelude.Slice64 type t_T'0 @@ -532,7 +532,7 @@ module M_02_iter_mut__qyi7060081090368749043__into_iter [#"02_iter_mut.rs" 74 4 use prelude.prelude.Borrow - use Slice64 + use prelude.prelude.Slice64 type t_T'0 @@ -721,7 +721,7 @@ module M_02_iter_mut__iter_mut [#"02_iter_mut.rs" 82 0 82 55] predicate in_bounds'0 (self : ()) (_seq : Seq.seq t_T'0) = [%#sslice14] true - use Slice64 + use prelude.prelude.Slice64 use prelude.prelude.Slice64 @@ -924,7 +924,7 @@ module M_02_iter_mut__all_zero [#"02_iter_mut.rs" 88 0 88 35] axiom inv_axiom'1 [@rewrite] : forall x : borrowed (t_Vec'0) [inv'1 x] . inv'1 x = true - use Slice64 + use prelude.prelude.Slice64 type t_IterMut'0 = { t_IterMut__inner'0: borrowed (slice UInt64.t) } @@ -1200,7 +1200,7 @@ module M_02_iter_mut__qyi4305820612590367313__produces_trans__refines [#"02_iter use prelude.prelude.Borrow - use Slice64 + use prelude.prelude.Slice64 type t_T'0 @@ -1332,7 +1332,7 @@ module M_02_iter_mut__qyi4305820612590367313__next__refines [#"02_iter_mut.rs" 6 use prelude.prelude.Borrow - use Slice64 + use prelude.prelude.Slice64 type t_T'0 @@ -1507,7 +1507,7 @@ module M_02_iter_mut__qyi4305820612590367313__produces_refl__refines [#"02_iter_ use prelude.prelude.Borrow - use Slice64 + use prelude.prelude.Slice64 type t_T'0 diff --git a/creusot/tests/should_succeed/iterators/03_std_iterators.coma b/creusot/tests/should_succeed/iterators/03_std_iterators.coma index 0ca260566c..6a12a47433 100644 --- a/creusot/tests/should_succeed/iterators/03_std_iterators.coma +++ b/creusot/tests/should_succeed/iterators/03_std_iterators.coma @@ -41,7 +41,7 @@ module M_03_std_iterators__slice_iter [#"03_std_iterators.rs" 6 0 6 42] use prelude.prelude.Borrow - use Slice64 + use prelude.prelude.Slice64 type t_T'0 @@ -426,7 +426,7 @@ module M_03_std_iterators__vec_iter [#"03_std_iterators.rs" 17 0 17 41] function view'0 (self : t_Vec'0) : Seq.seq t_T'0 = [%#smodel13] view'2 self - use Slice64 + use prelude.prelude.Slice64 function view'1 (self : t_Iter'0) : slice t_T'0 @@ -706,7 +706,7 @@ module M_03_std_iterators__all_zero [#"03_std_iterators.rs" 28 0 28 35] axiom inv_axiom'2 [@rewrite] : forall x : borrowed (t_Vec'0) [inv'2 x] . inv'2 x = true - use Slice64 + use prelude.prelude.Slice64 predicate inv'3 (_1 : borrowed (slice UInt64.t)) @@ -1420,7 +1420,7 @@ module M_03_std_iterators__counter [#"03_std_iterators.rs" 41 0 41 27] axiom inv_axiom'0 [@rewrite] : forall x : t_Vec'0 [inv'0 x] . inv'0 x = true - use Slice64 + use prelude.prelude.Slice64 use prelude.prelude.UInt32 @@ -2592,7 +2592,7 @@ module M_03_std_iterators__my_reverse [#"03_std_iterators.rs" 94 0 94 37] use prelude.prelude.Borrow - use Slice64 + use prelude.prelude.Slice64 type t_T'0 diff --git a/creusot/tests/should_succeed/printing.coma b/creusot/tests/should_succeed/printing.coma index 508e2f5ca6..56f0aab631 100644 --- a/creusot/tests/should_succeed/printing.coma +++ b/creusot/tests/should_succeed/printing.coma @@ -6,7 +6,7 @@ module M_printing__f [#"printing.rs" 5 0 5 10] let%span sprinting4 = "printing.rs" 8 12 8 20 let%span sprinting5 = "printing.rs" 9 14 9 23 - use Slice64 + use prelude.prelude.Slice64 use prelude.prelude.Borrow diff --git a/creusot/tests/should_succeed/selection_sort_generic.coma b/creusot/tests/should_succeed/selection_sort_generic.coma index e5ee9f334c..0ca06149f4 100644 --- a/creusot/tests/should_succeed/selection_sort_generic.coma +++ b/creusot/tests/should_succeed/selection_sort_generic.coma @@ -418,7 +418,7 @@ module M_selection_sort_generic__selection_sort [#"selection_sort_generic.rs" 30 axiom inv_axiom'5 [@rewrite] : forall x : borrowed (t_Vec'0) [inv'5 x] . inv'5 x = invariant'3 x - use Slice64 + use prelude.prelude.Slice64 use prelude.prelude.Slice64 diff --git a/creusot/tests/should_succeed/slices/01.coma b/creusot/tests/should_succeed/slices/01.coma index 571ddc5302..ebd8357edc 100644 --- a/creusot/tests/should_succeed/slices/01.coma +++ b/creusot/tests/should_succeed/slices/01.coma @@ -12,7 +12,7 @@ module M_01__index_slice [#"01.rs" 6 0 6 36] use prelude.prelude.UInt32 - use Slice64 + use prelude.prelude.Slice64 use prelude.prelude.Intrinsic @@ -78,7 +78,7 @@ module M_01__index_mut_slice [#"01.rs" 12 0 12 37] use prelude.prelude.UInt32 - use Slice64 + use prelude.prelude.Slice64 use prelude.prelude.Borrow @@ -164,7 +164,7 @@ module M_01__slice_first [#"01.rs" 20 0 20 44] use prelude.prelude.Borrow - use Slice64 + use prelude.prelude.Slice64 type t_T'0 diff --git a/creusot/tests/should_succeed/slices/02_std.coma b/creusot/tests/should_succeed/slices/02_std.coma index 5b4d744636..ca30dda17b 100644 --- a/creusot/tests/should_succeed/slices/02_std.coma +++ b/creusot/tests/should_succeed/slices/02_std.coma @@ -47,7 +47,7 @@ module M_02_std__binary_search [#"02_std.rs" 8 0 8 40] [ bb0 = s0 [ s0 = [ &_0 <- [%#s02_std3] (2 : UInt32.t) ] s1 | s1 = return' {_0} ] ] [ & _0 : UInt32.t = any_l () ] [ return' (result:UInt32.t)-> return' {result} ] - use Slice64 + use prelude.prelude.Slice64 predicate inv'0 (_1 : slice UInt32.t) diff --git a/creusot/tests/should_succeed/syntax/05_pearlite.coma b/creusot/tests/should_succeed/syntax/05_pearlite.coma index 8e903b68c2..bc777d8121 100644 --- a/creusot/tests/should_succeed/syntax/05_pearlite.coma +++ b/creusot/tests/should_succeed/syntax/05_pearlite.coma @@ -7,7 +7,7 @@ module M_05_pearlite__has_len_3 [#"05_pearlite.rs" 11 0 11 35] use prelude.prelude.Borrow - use Slice64 + use prelude.prelude.Slice64 use prelude.prelude.Int diff --git a/creusot/tests/should_succeed/syntax/11_array_types.coma b/creusot/tests/should_succeed/syntax/11_array_types.coma index 89883b070b..0bfeca7cf4 100644 --- a/creusot/tests/should_succeed/syntax/11_array_types.coma +++ b/creusot/tests/should_succeed/syntax/11_array_types.coma @@ -10,7 +10,7 @@ module M_11_array_types__omg [#"11_array_types.rs" 8 0 8 28] use prelude.prelude.UInt64 - use Slice64 + use prelude.prelude.Slice64 use prelude.prelude.Int64 @@ -72,7 +72,7 @@ module M_11_array_types__call_omg [#"11_array_types.rs" 14 0 14 17] use prelude.prelude.UInt64 - use Slice64 + use prelude.prelude.Slice64 type t_UsesArray'0 = { t_UsesArray__0'0: array Int64.t } diff --git a/creusot/tests/should_succeed/syntax/13_vec_macro.coma b/creusot/tests/should_succeed/syntax/13_vec_macro.coma index 2797fbc4db..2c0f49dc1b 100644 --- a/creusot/tests/should_succeed/syntax/13_vec_macro.coma +++ b/creusot/tests/should_succeed/syntax/13_vec_macro.coma @@ -104,7 +104,7 @@ module M_13_vec_macro__x [#"13_vec_macro.rs" 5 0 5 10] (! return' {result}) ] - use Slice64 + use prelude.prelude.Slice64 predicate inv'3 (_1 : slice Int32.t) diff --git a/creusot/tests/should_succeed/take_first_mut.coma b/creusot/tests/should_succeed/take_first_mut.coma index 62e9659cef..3db25657a9 100644 --- a/creusot/tests/should_succeed/take_first_mut.coma +++ b/creusot/tests/should_succeed/take_first_mut.coma @@ -19,7 +19,7 @@ module M_take_first_mut__take_first_mut [#"take_first_mut.rs" 14 0 14 74] use prelude.prelude.Borrow - use Slice64 + use prelude.prelude.Slice64 type t_T'0 diff --git a/creusot/tests/should_succeed/vector/02_gnome.coma b/creusot/tests/should_succeed/vector/02_gnome.coma index d24583f882..ccaf8734d7 100644 --- a/creusot/tests/should_succeed/vector/02_gnome.coma +++ b/creusot/tests/should_succeed/vector/02_gnome.coma @@ -282,7 +282,7 @@ module M_02_gnome__gnome_sort [#"02_gnome.rs" 22 0 24 29] axiom inv_axiom'3 [@rewrite] : forall x : borrowed (t_Vec'0) [inv'3 x] . inv'3 x = invariant'3 x - use Slice64 + use prelude.prelude.Slice64 use prelude.prelude.Slice64 diff --git a/creusot/tests/should_succeed/vector/03_knuth_shuffle.coma b/creusot/tests/should_succeed/vector/03_knuth_shuffle.coma index ab351a1eee..888451cdde 100644 --- a/creusot/tests/should_succeed/vector/03_knuth_shuffle.coma +++ b/creusot/tests/should_succeed/vector/03_knuth_shuffle.coma @@ -265,7 +265,7 @@ module M_03_knuth_shuffle__knuth_shuffle [#"03_knuth_shuffle.rs" 13 0 13 39] axiom inv_axiom'5 [@rewrite] : forall x : borrowed (t_Vec'0) [inv'5 x] . inv'5 x = invariant'3 x - use Slice64 + use prelude.prelude.Slice64 use prelude.prelude.Slice64 diff --git a/creusot/tests/should_succeed/vector/06_knights_tour.coma b/creusot/tests/should_succeed/vector/06_knights_tour.coma index 0ba888939e..eee8d563a5 100644 --- a/creusot/tests/should_succeed/vector/06_knights_tour.coma +++ b/creusot/tests/should_succeed/vector/06_knights_tour.coma @@ -1487,7 +1487,7 @@ module M_06_knights_tour__min [#"06_knights_tour.rs" 110 0 110 58] function view'0 (self : t_Vec'0) : Seq.seq (UInt64.t, t_Point'0) = [%#smodel7] view'1 self - use Slice64 + use prelude.prelude.Slice64 function view'2 (self : t_Iter'0) : slice (UInt64.t, t_Point'0) From 60d4c771b94dc3f9f7512760926248cb2512bf53 Mon Sep 17 00:00:00 2001 From: SCHNEIDER Laurent Date: Thu, 28 Nov 2024 16:51:36 +0100 Subject: [PATCH 13/15] try test --- prelude/prelude.coma | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/prelude/prelude.coma b/prelude/prelude.coma index 86f02d6b1a..216eb35630 100644 --- a/prelude/prelude.coma +++ b/prelude/prelude.coma @@ -586,7 +586,7 @@ module Snapshot end -module Slic64 +module Slice64 use seq.Seq use UInt64 use int.Int @@ -624,6 +624,7 @@ module Slic64 { forall i . 0 <= i < UInt64.to_uint len -> result.elts[i] = f i } ) = any + function id (s : slice 'a) : seq 'a = s.elts end (* From d90784e5155ae854b8f854cb9710ad241e8f50e2 Mon Sep 17 00:00:00 2001 From: SCHNEIDER Laurent Date: Fri, 29 Nov 2024 19:04:33 +0100 Subject: [PATCH 14/15] Slice.length --- creusot/src/backend/program.rs | 6 +++--- creusot/src/backend/ty.rs | 9 +++++++++ 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/creusot/src/backend/program.rs b/creusot/src/backend/program.rs index 8c44b97373..5792ddf29e 100644 --- a/creusot/src/backend/program.rs +++ b/creusot/src/backend/program.rs @@ -1,4 +1,4 @@ -use self::ty::{concret_intty, concret_uintty, slice_create_qname}; +use self::ty::{concret_intty, concret_uintty, slice_create_qname, slice_length_qname}; use crate::{ backend::{ @@ -337,7 +337,7 @@ impl<'tcx> RValue<'tcx> { // right operand must be converted to integer BinOp::Shl | BinOp::ShlUnchecked | BinOp::Shr | BinOp::ShrUnchecked => { let r_ty = r.ty(lower.ctx.tcx, lower.locals); - + // rust allows shifting by a value of any integer type // so we need to import the prelude for the right operand let prelude: PreludeModule = match r_ty.kind() { @@ -492,7 +492,7 @@ impl<'tcx> RValue<'tcx> { } RValue::Len(pl) => { let len_call = - Exp::qvar(QName::from_string("Slice.length")).app_to(pl.to_why(lower, istmts)); + Exp::qvar(slice_length_qname()).app_to(pl.to_why(lower, istmts)); len_call } RValue::Array(fields) => { diff --git a/creusot/src/backend/ty.rs b/creusot/src/backend/ty.rs index 7021d42302..8daaf9bb43 100644 --- a/creusot/src/backend/ty.rs +++ b/creusot/src/backend/ty.rs @@ -574,4 +574,13 @@ pub(crate) fn slice_set_qname() -> QName { return QName::from_string("Slice32.set"); #[cfg(target_pointer_width = "16")] return QName::from_string("Slice16.set"); +} + +pub(crate) fn slice_length_qname() -> QName { + #[cfg(target_pointer_width = "64")] + return QName::from_string("Slice64.length"); + #[cfg(target_pointer_width = "32")] + return QName::from_string("Slice32.length"); + #[cfg(target_pointer_width = "16")] + return QName::from_string("Slice16.length"); } \ No newline at end of file From fce44ed845c9e89e2c3f090420a99e0693564114 Mon Sep 17 00:00:00 2001 From: SCHNEIDER Laurent Date: Thu, 16 Jan 2025 17:54:37 +0100 Subject: [PATCH 15/15] first tests of the creusot/tests directory, executed successfully --- Cargo.lock | 9 + creusot-contracts/Cargo.toml | 1 + creusot-contracts/src/std/num.rs | 43 +- creusot/Cargo.toml | 4 + creusot/build.rs | 204 +++ creusot/src/backend/program.rs | 31 +- creusot/src/backend/term.rs | 55 +- creusot/src/contracts_items/attributes.rs | 4 +- creusot/src/translation/pearlite/normalize.rs | 10 +- .../creusot-contracts/creusot-contracts.coma | 64 +- .../creusot-contracts/why3session.xml | 564 +++--- .../creusot-contracts/why3shapes.gz | Bin 26242 -> 27243 bytes .../bug/01_resolve_unsoundness.coma | 4 +- .../tests/should_fail/bug/492/why3session.xml | 2 +- .../tests/should_fail/bug/492/why3shapes.gz | Bin 459 -> 461 bytes .../tests/should_fail/bug/692/why3shapes.gz | Bin 983 -> 983 bytes creusot/tests/should_fail/bug/878.coma | 12 +- .../tests/should_fail/bug/878/why3session.xml | 47 +- .../tests/should_fail/bug/878/why3shapes.gz | Bin 677 -> 673 bytes creusot/tests/should_fail/bug/specialize.coma | 4 +- .../traits/17_impl_refinement.coma | 6 +- creusot/tests/should_succeed/100doors.coma | 20 +- .../should_succeed/100doors/why3session.xml | 2 +- .../should_succeed/100doors/why3shapes.gz | Bin 595 -> 600 bytes .../should_succeed/all_zero/why3shapes.gz | Bin 398 -> 400 bytes creusot/tests/should_succeed/bdd.coma | 345 ++-- .../tests/should_succeed/binary_search.coma | 41 +- .../binary_search/why3session.xml | 100 +- .../binary_search/why3shapes.gz | Bin 822 -> 2981 bytes .../should_succeed/bug/173/why3shapes.gz | Bin 111 -> 110 bytes .../tests/should_succeed/bug/181_ident.coma | 4 +- .../bug/181_ident/why3session.xml | 2 +- .../bug/181_ident/why3shapes.gz | Bin 158 -> 159 bytes creusot/tests/should_succeed/bug/206.coma | 4 +- .../should_succeed/bug/206/why3shapes.gz | Bin 145 -> 142 bytes .../should_succeed/bug/256/why3session.xml | 2 +- .../should_succeed/bug/256/why3shapes.gz | Bin 153 -> 152 bytes creusot/tests/should_succeed/bug/271.coma | 9 +- creusot/tests/should_succeed/bug/387.coma | 4 +- creusot/tests/should_succeed/bug/463.coma | 6 +- .../should_succeed/bug/463/why3session.xml | 2 +- .../should_succeed/bug/463/why3shapes.gz | Bin 220 -> 227 bytes creusot/tests/should_succeed/bug/486.coma | 2 +- .../should_succeed/bug/486/why3shapes.gz | Bin 139 -> 136 bytes .../should_succeed/bug/564/why3shapes.gz | Bin 94 -> 94 bytes .../should_succeed/bug/594/why3shapes.gz | Bin 141 -> 141 bytes creusot/tests/should_succeed/bug/653.coma | 4 +- creusot/tests/should_succeed/bug/682.coma | 4 +- .../should_succeed/bug/682/why3session.xml | 8 +- .../should_succeed/bug/682/why3shapes.gz | Bin 249 -> 430 bytes .../should_succeed/bug/693/why3shapes.gz | Bin 144 -> 144 bytes creusot/tests/should_succeed/bug/874.coma | 4 +- .../should_succeed/bug/874/why3session.xml | 2 +- .../should_succeed/bug/874/why3shapes.gz | Bin 442 -> 441 bytes .../should_succeed/bug/922/why3shapes.gz | Bin 293 -> 293 bytes .../should_succeed/bug/949/why3shapes.gz | Bin 548 -> 548 bytes creusot/tests/should_succeed/bug/991.coma | 2 +- .../bug/box_borrow_resolve/why3shapes.gz | Bin 173 -> 175 bytes .../should_succeed/bug/final_borrows.coma | 8 +- .../tests/should_succeed/bug/two_phase.coma | 8 +- .../bug/two_phase/why3shapes.gz | Bin 260 -> 258 bytes creusot/tests/should_succeed/cell/01.coma | 2 +- .../should_succeed/cell/01/why3session.xml | 2 +- .../should_succeed/cell/01/why3shapes.gz | Bin 202 -> 251 bytes creusot/tests/should_succeed/cell/02.coma | 21 +- .../should_succeed/cell/02/why3session.xml | 54 +- .../should_succeed/cell/02/why3shapes.gz | Bin 1911 -> 2014 bytes creusot/tests/should_succeed/checked_ops.coma | 1583 ++++++++--------- .../should_succeed/clones/03/why3shapes.gz | Bin 206 -> 203 bytes .../closures/06_fn_specs/why3shapes.gz | Bin 531 -> 532 bytes .../closures/07_mutable_capture.coma | 16 +- .../07_mutable_capture/why3session.xml | 2 +- .../closures/07_mutable_capture/why3shapes.gz | Bin 436 -> 441 bytes .../closures/08_multiple_calls/why3shapes.gz | Bin 412 -> 413 bytes .../closures/09_fnonce_resolve/why3shapes.gz | Bin 381 -> 381 bytes .../should_succeed/closures/10_tyinv.coma | 10 +- .../closures/10_tyinv/why3shapes.gz | Bin 348 -> 347 bytes .../11_proof_assert_in_closure/why3shapes.gz | Bin 460 -> 460 bytes .../12_borrow_instances/why3shapes.gz | Bin 467 -> 468 bytes .../should_succeed/constrained_types.coma | 4 +- .../constrained_types/why3shapes.gz | Bin 393 -> 392 bytes .../should_succeed/drop_pair/why3shapes.gz | Bin 144 -> 143 bytes creusot/tests/should_succeed/duration.coma | 51 +- .../should_succeed/duration/why3session.xml | 2 +- .../should_succeed/duration/why3shapes.gz | Bin 550 -> 553 bytes .../tests/should_succeed/filter_positive.coma | 34 +- .../filter_positive/why3session.xml | 103 +- .../filter_positive/why3shapes.gz | Bin 848 -> 2512 bytes .../ghost/assert_in_ghost/why3shapes.gz | Bin 413 -> 414 bytes .../ghost/ghost_map/why3session.xml | 2 +- .../ghost/ghost_map/why3shapes.gz | Bin 696 -> 696 bytes .../ghost/ghost_set/why3session.xml | 2 +- .../ghost/ghost_set/why3shapes.gz | Bin 417 -> 417 bytes .../should_succeed/ghost/typing/why3shapes.gz | Bin 452 -> 454 bytes .../ghost_ptr_token/why3shapes.gz | Bin 681 -> 682 bytes creusot/tests/should_succeed/hashmap.coma | 90 +- .../should_succeed/heapsort_generic.coma | 110 +- .../heapsort_generic/why3session.xml | 432 ++--- .../heapsort_generic/why3shapes.gz | Bin 6663 -> 7283 bytes creusot/tests/should_succeed/hillel.coma | 110 +- .../should_succeed/hillel/why3session.xml | 237 ++- .../tests/should_succeed/hillel/why3shapes.gz | Bin 7505 -> 7806 bytes creusot/tests/should_succeed/index_range.coma | 146 +- .../should_succeed/inferred_invariants.coma | 14 +- .../inferred_invariants/why3session.xml | 2 +- .../inferred_invariants/why3shapes.gz | Bin 1257 -> 1258 bytes .../tests/should_succeed/insertion_sort.coma | 34 +- .../insertion_sort/why3session.xml | 108 +- .../insertion_sort/why3shapes.gz | Bin 2746 -> 3154 bytes creusot/tests/should_succeed/instant.coma | 4 +- .../should_succeed/instant/why3shapes.gz | Bin 687 -> 686 bytes .../tests/should_succeed/invariant_moves.coma | 2 +- .../invariant_moves/why3shapes.gz | Bin 177 -> 175 bytes .../tests/should_succeed/ite_normalize.coma | 8 +- .../ite_normalize/why3session.xml | 2 +- .../ite_normalize/why3shapes.gz | Bin 963 -> 964 bytes .../iterators/01_range/why3session.xml | 21 +- .../iterators/01_range/why3shapes.gz | Bin 751 -> 1102 bytes .../should_succeed/iterators/02_iter_mut.coma | 26 +- .../iterators/02_iter_mut/why3session.xml | 52 +- .../iterators/02_iter_mut/why3shapes.gz | Bin 2898 -> 2917 bytes .../iterators/03_std_iterators.coma | 97 +- .../03_std_iterators/why3session.xml | 214 ++- .../iterators/03_std_iterators/why3shapes.gz | Bin 6434 -> 6954 bytes .../should_succeed/iterators/04_skip.coma | 40 +- .../iterators/04_skip/why3session.xml | 71 +- .../iterators/04_skip/why3shapes.gz | Bin 2351 -> 2390 bytes .../iterators/06_map_precond.coma | 29 +- .../iterators/08_collect_extend.coma | 12 +- .../iterators/08_collect_extend/why3shapes.gz | Bin 1179 -> 1179 bytes .../iterators/12_zip/why3session.xml | 3 - .../iterators/12_zip/why3shapes.gz | Bin 2567 -> 2564 bytes .../iterators/15_enumerate.coma | 48 +- .../iterators/15_enumerate/why3session.xml | 34 +- .../iterators/15_enumerate/why3shapes.gz | Bin 1604 -> 1639 bytes .../should_succeed/iterators/16_take.coma | 24 +- .../iterators/16_take/why3session.xml | 12 +- .../iterators/16_take/why3shapes.gz | Bin 882 -> 882 bytes .../should_succeed/iterators/17_filter.coma | 2 +- .../iterators/17_filter/why3session.xml | 4 +- .../iterators/17_filter/why3shapes.gz | Bin 6830 -> 6836 bytes creusot/tests/should_succeed/knapsack.coma | 91 +- .../should_succeed/knapsack/why3session.xml | 221 +-- .../should_succeed/knapsack/why3shapes.gz | Bin 5113 -> 5705 bytes .../tests/should_succeed/knapsack_full.coma | 123 +- .../should_succeed/lang/branch_borrow_2.coma | 4 +- .../lang/branch_borrow_2/why3session.xml | 4 +- .../lang/branch_borrow_2/why3shapes.gz | Bin 215 -> 214 bytes .../lang/promoted_constants/why3shapes.gz | Bin 278 -> 278 bytes .../lang/while_let/why3shapes.gz | Bin 162 -> 163 bytes .../tests/should_succeed/list_index_mut.coma | 39 +- .../list_index_mut/why3session.xml | 2 +- .../list_index_mut/why3shapes.gz | Bin 760 -> 764 bytes .../should_succeed/list_reversal_lasso.coma | 146 +- .../mapping_test/why3session.xml | 5 +- .../should_succeed/mapping_test/why3shapes.gz | Bin 349 -> 412 bytes creusot/tests/should_succeed/match_int.coma | 2 +- .../should_succeed/match_int/why3session.xml | 4 +- .../should_succeed/match_int/why3shapes.gz | Bin 169 -> 184 bytes creusot/tests/should_succeed/mutex.coma | 4 +- .../should_succeed/mutex/why3session.xml | 4 +- .../tests/should_succeed/mutex/why3shapes.gz | Bin 418 -> 463 bytes .../should_succeed/open_inv/why3shapes.gz | Bin 184 -> 184 bytes creusot/tests/should_succeed/option.coma | 24 +- creusot/tests/should_succeed/ord_trait.coma | 3 +- .../should_succeed/ord_trait/why3session.xml | 2 +- .../should_succeed/ord_trait/why3shapes.gz | Bin 412 -> 418 bytes .../should_succeed/printing/why3session.xml | 2 +- .../should_succeed/printing/why3shapes.gz | Bin 173 -> 173 bytes .../projection_toggle/why3shapes.gz | Bin 478 -> 479 bytes .../should_succeed/projections/why3shapes.gz | Bin 191 -> 190 bytes .../resolve_drop/why3session.xml | 4 +- .../should_succeed/resolve_drop/why3shapes.gz | Bin 158 -> 224 bytes .../resolve_uninit/why3session.xml | 2 +- .../resolve_uninit/why3shapes.gz | Bin 273 -> 275 bytes .../tests/should_succeed/result/result.coma | 2 +- .../rusthorn/inc_max/why3session.xml | 8 +- .../rusthorn/inc_max/why3shapes.gz | Bin 389 -> 582 bytes .../rusthorn/inc_max_3/why3session.xml | 8 +- .../rusthorn/inc_max_3/why3shapes.gz | Bin 545 -> 685 bytes .../rusthorn/inc_max_many/why3session.xml | 8 +- .../rusthorn/inc_max_many/why3shapes.gz | Bin 417 -> 633 bytes .../rusthorn/inc_max_repeat.coma | 15 +- .../rusthorn/inc_max_repeat/why3session.xml | 60 +- .../rusthorn/inc_max_repeat/why3shapes.gz | Bin 631 -> 2008 bytes .../rusthorn/inc_some_2_list.coma | 24 +- .../rusthorn/inc_some_2_list/why3session.xml | 8 +- .../rusthorn/inc_some_2_list/why3shapes.gz | Bin 736 -> 791 bytes .../rusthorn/inc_some_2_tree.coma | 24 +- .../rusthorn/inc_some_2_tree/why3session.xml | 9 +- .../rusthorn/inc_some_2_tree/why3shapes.gz | Bin 813 -> 876 bytes .../rusthorn/inc_some_list.coma | 22 +- .../rusthorn/inc_some_list/why3session.xml | 10 +- .../rusthorn/inc_some_list/why3shapes.gz | Bin 614 -> 679 bytes .../rusthorn/inc_some_tree.coma | 22 +- .../rusthorn/inc_some_tree/why3session.xml | 9 +- .../rusthorn/inc_some_tree/why3shapes.gz | Bin 692 -> 772 bytes .../selection_sort_generic.coma | 30 +- .../selection_sort_generic/why3session.xml | 130 +- .../selection_sort_generic/why3shapes.gz | Bin 3743 -> 3910 bytes creusot/tests/should_succeed/slices/01.coma | 16 +- .../should_succeed/slices/01/why3session.xml | 6 +- .../should_succeed/slices/01/why3shapes.gz | Bin 527 -> 554 bytes .../tests/should_succeed/slices/02_std.coma | 21 +- .../slices/02_std/why3session.xml | 2 +- .../slices/02_std/why3shapes.gz | Bin 399 -> 549 bytes .../tests/should_succeed/sparse_array.coma | 196 +- .../specification/division/why3session.xml | 4 +- .../specification/division/why3shapes.gz | Bin 154 -> 145 bytes .../specification/logic_call/why3session.xml | 4 +- .../specification/logic_call/why3shapes.gz | Bin 113 -> 113 bytes .../should_succeed/specification/model.coma | 4 +- .../specification/trusted/why3session.xml | 4 +- .../specification/trusted/why3shapes.gz | Bin 102 -> 102 bytes creusot/tests/should_succeed/sum.coma | 12 +- .../tests/should_succeed/sum/why3session.xml | 34 +- .../tests/should_succeed/sum/why3shapes.gz | Bin 1357 -> 1407 bytes creusot/tests/should_succeed/sum_of_odds.coma | 23 +- .../sum_of_odds/why3session.xml | 43 +- .../should_succeed/sum_of_odds/why3shapes.gz | Bin 1534 -> 1610 bytes .../swap_borrows/why3session.xml | 2 +- .../should_succeed/swap_borrows/why3shapes.gz | Bin 242 -> 240 bytes .../should_succeed/switch/why3session.xml | 8 +- .../tests/should_succeed/switch/why3shapes.gz | Bin 123 -> 123 bytes .../switch_struct/why3session.xml | 4 +- .../switch_struct/why3shapes.gz | Bin 136 -> 135 bytes .../should_succeed/syntax/02_operators.coma | 26 +- .../syntax/02_operators/why3session.xml | 37 +- .../syntax/02_operators/why3shapes.gz | Bin 469 -> 1011 bytes .../should_succeed/syntax/04_assoc_prec.coma | 9 +- .../should_succeed/syntax/05_pearlite.coma | 2 +- .../syntax/07_extern_spec/why3session.xml | 2 +- .../syntax/07_extern_spec/why3shapes.gz | Bin 158 -> 156 bytes .../should_succeed/syntax/09_maintains.coma | 4 +- .../syntax/09_maintains/why3session.xml | 18 +- .../syntax/09_maintains/why3shapes.gz | Bin 298 -> 294 bytes .../syntax/10_mutual_rec_types.coma | 4 +- .../should_succeed/syntax/11_array_types.coma | 6 +- .../syntax/11_array_types/why3session.xml | 4 +- .../syntax/11_array_types/why3shapes.gz | Bin 286 -> 291 bytes .../should_succeed/syntax/12_ghost_code.coma | 10 +- .../syntax/12_ghost_code/why3session.xml | 2 +- .../syntax/12_ghost_code/why3shapes.gz | Bin 239 -> 241 bytes .../should_succeed/syntax/13_vec_macro.coma | 10 +- .../syntax/13_vec_macro/why3session.xml | 2 +- .../syntax/13_vec_macro/why3shapes.gz | Bin 294 -> 295 bytes .../syntax/14_const_fns/why3session.xml | 4 +- .../syntax/14_const_fns/why3shapes.gz | Bin 124 -> 190 bytes .../syntax/derive_macros/mixed.coma | 4 +- .../derive_macros/mixed/why3session.xml | 4 +- .../syntax/derive_macros/mixed/why3shapes.gz | Bin 1020 -> 1014 bytes .../tests/should_succeed/take_first_mut.coma | 2 +- .../take_first_mut/why3session.xml | 2 +- .../take_first_mut/why3shapes.gz | Bin 537 -> 538 bytes .../should_succeed/traits/01/why3session.xml | 4 +- .../should_succeed/traits/01/why3shapes.gz | Bin 115 -> 116 bytes .../should_succeed/traits/03/why3session.xml | 4 +- .../should_succeed/traits/03/why3shapes.gz | Bin 233 -> 232 bytes .../should_succeed/traits/06/why3session.xml | 2 +- .../should_succeed/traits/06/why3shapes.gz | Bin 132 -> 132 bytes .../should_succeed/traits/07/why3session.xml | 2 +- .../should_succeed/traits/07/why3shapes.gz | Bin 126 -> 126 bytes .../should_succeed/traits/09/why3session.xml | 6 +- .../should_succeed/traits/09/why3shapes.gz | Bin 153 -> 188 bytes .../traits/12_default_method/why3session.xml | 4 +- .../traits/12_default_method/why3shapes.gz | Bin 138 -> 136 bytes .../traits/16_impl_cloning.coma | 2 +- .../traits/16_impl_cloning/why3session.xml | 2 +- .../traits/16_impl_cloning/why3shapes.gz | Bin 237 -> 237 bytes creusot/tests/should_succeed/trigger2.coma | 4 +- .../should_succeed/trigger2/why3session.xml | 4 +- .../should_succeed/trigger2/why3shapes.gz | Bin 228 -> 226 bytes .../type_invariants/generated/why3session.xml | 2 +- .../type_invariants/generated/why3shapes.gz | Bin 225 -> 224 bytes .../type_invariants/non_zero.coma | 16 +- .../type_invariants/non_zero/why3session.xml | 8 +- .../type_invariants/non_zero/why3shapes.gz | Bin 328 -> 384 bytes .../type_invariants/vec_inv.coma | 2 +- .../type_invariants/vec_inv/why3session.xml | 2 +- .../type_invariants/vec_inv/why3shapes.gz | Bin 278 -> 274 bytes .../should_succeed/unnest/why3session.xml | 2 +- .../tests/should_succeed/unnest/why3shapes.gz | Bin 173 -> 174 bytes creusot/tests/should_succeed/vecdeque.coma | 8 +- .../should_succeed/vecdeque/why3session.xml | 71 +- .../should_succeed/vecdeque/why3shapes.gz | Bin 1905 -> 1944 bytes creusot/tests/should_succeed/vector/01.coma | 14 +- .../should_succeed/vector/01/why3session.xml | 4 +- .../should_succeed/vector/01/why3shapes.gz | Bin 572 -> 570 bytes .../tests/should_succeed/vector/02_gnome.coma | 18 +- .../vector/02_gnome/why3session.xml | 72 +- .../vector/02_gnome/why3shapes.gz | Bin 2202 -> 2287 bytes .../vector/03_knuth_shuffle.coma | 24 +- .../vector/03_knuth_shuffle/why3session.xml | 60 +- .../vector/03_knuth_shuffle/why3shapes.gz | Bin 1942 -> 2005 bytes .../vector/04_binary_search.coma | 31 +- .../vector/04_binary_search/why3session.xml | 97 +- .../vector/04_binary_search/why3shapes.gz | Bin 413 -> 2365 bytes .../vector/05_binary_search_generic.coma | 34 +- .../05_binary_search_generic/why3session.xml | 115 +- .../05_binary_search_generic/why3shapes.gz | Bin 623 -> 2631 bytes .../vector/06_knights_tour.coma | 142 +- .../should_succeed/vector/07_read_write.coma | 10 +- .../vector/07_read_write/why3session.xml | 2 +- .../vector/07_read_write/why3shapes.gz | Bin 452 -> 453 bytes .../should_succeed/vector/08_haystack.coma | 26 +- .../vector/08_haystack/why3session.xml | 102 +- .../vector/08_haystack/why3shapes.gz | Bin 2815 -> 3015 bytes .../should_succeed/vector/09_capacity.coma | 4 +- .../vector/09_capacity/why3session.xml | 4 +- .../vector/09_capacity/why3shapes.gz | Bin 411 -> 409 bytes prelude/int.coma | 205 +-- prelude/prelude.coma | 528 +----- 312 files changed, 4449 insertions(+), 4321 deletions(-) create mode 100644 creusot/build.rs diff --git a/Cargo.lock b/Cargo.lock index 41addcf5d6..12cf9be9ff 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -427,9 +427,11 @@ dependencies = [ "glob", "include_dir", "indexmap 1.9.3", + "indoc", "itertools", "lazy_static", "log", + "paste", "pathdiff", "petgraph", "regex", @@ -457,6 +459,7 @@ dependencies = [ "creusot-contracts-dummy", "creusot-contracts-proc", "num-rational 0.3.2", + "paste", ] [[package]] @@ -1418,6 +1421,12 @@ dependencies = [ "subtle", ] +[[package]] +name = "paste" +version = "1.0.15" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "57c0d7b74b563b49d38dae00a0c37d4d6de9b432382b2892f0574ddcae73fd0a" + [[package]] name = "pathdiff" version = "0.2.1" diff --git a/creusot-contracts/Cargo.toml b/creusot-contracts/Cargo.toml index 36bf8bf3b4..bfc1743880 100644 --- a/creusot-contracts/Cargo.toml +++ b/creusot-contracts/Cargo.toml @@ -13,6 +13,7 @@ description = "Provides contracts and logic helpers for Creusot" creusot-contracts-proc = { path = "../creusot-contracts-proc", version = "0.3.0" } creusot-contracts-dummy = { path = "../creusot-contracts-dummy", version = "0.3.0" } num-rational = "0.3.2" +paste = "1.0" [features] default = [] diff --git a/creusot-contracts/src/std/num.rs b/creusot-contracts/src/std/num.rs index 5dc8dfbe8f..ec03154319 100644 --- a/creusot-contracts/src/std/num.rs +++ b/creusot-contracts/src/std/num.rs @@ -1,5 +1,6 @@ use crate::{Default, *}; pub use ::std::num::*; +use paste::paste; macro_rules! mach_int { ($t:ty, $ty_nm:expr, $zero:expr) => { @@ -34,30 +35,32 @@ macro_rules! mach_int { macro_rules! mach_uint { // TODO laurent factoriser avec mach_int ($t:ty, $ty_nm:expr, $zero:expr) => { - impl View for $t { - type ViewTy = Int; - #[logic] - #[trusted] - #[creusot::builtins = concat!($ty_nm, ".to_uint")] - fn view(self) -> Self::ViewTy { - dead + paste! { + impl View for $t { + type ViewTy = Int; + #[logic] + #[trusted] + #[creusot::builtins = $ty_nm ".t'int"] // TODO laurent: on ne génère pas ".to_int" pour les types non signé car on a besoin de la version non signée, or le clone substitue la + fn view(self) -> Self::ViewTy { + dead + } } - } - impl DeepModel for $t { - type DeepModelTy = Int; - #[logic] - #[open] - fn deep_model(self) -> Self::DeepModelTy { - pearlite! { self@ } + impl DeepModel for $t { + type DeepModelTy = Int; + #[logic] + #[open] + fn deep_model(self) -> Self::DeepModelTy { + pearlite! { self@ } + } } - } - impl Default for $t { - #[predicate] - #[open] - fn is_default(self) -> bool { - pearlite! { self == $zero } + impl Default for $t { + #[predicate] + #[open] + fn is_default(self) -> bool { + pearlite! { self == $zero } + } } } }; diff --git a/creusot/Cargo.toml b/creusot/Cargo.toml index 0d49b3520b..62d165dcc7 100644 --- a/creusot/Cargo.toml +++ b/creusot/Cargo.toml @@ -24,6 +24,10 @@ serde_json = { version = "1.0" } lazy_static = "1.4.0" pathdiff = "0.2" +[build-dependencies] +paste = "1.0" +indoc = "2.0.5" + [dev-dependencies] regex = "1.10.5" glob = "*" diff --git a/creusot/build.rs b/creusot/build.rs new file mode 100644 index 0000000000..5a87beb451 --- /dev/null +++ b/creusot/build.rs @@ -0,0 +1,204 @@ +use std::{env, error::Error, fs::{self, File}, io::{self, Write}, path::{Path, PathBuf}}; +use indoc::indoc; + +fn int_prelude_maker(filepath: &impl AsRef) -> Result<(), Box> { + // generate coma code for unsigned integer + macro_rules! uint_mod { + ($writer: ident, $n: literal) => { + ::paste::paste! { + let m = format!(indoc! {r#" + module {module_name} + use export bv.{BV_name} + use bv.BV256 as BV256 + use bv.{BVConverter_name} + use int.Int + use int.EuclideanDivision as ED + + constant max_uint : t = 0x{max_value:X} + function to_BV256 (x: t) : BV256.t = toBig x + function of_BV256 (x: BV256.t) : t = toSmall x + function bv256_to_int (x: BV256.t) : int = BV256.t'int x + constant max_uint_as_BV256 : BV256.t = to_BV256 max_uint + + let eq (a: t) (b: t) (ret (result: bool) {{ result <-> to_int a = to_int b }} {{ result <-> a = b }}) = any + let ne (a: t) (b: t) (ret (result: bool) {{ result <-> to_int a <> to_int b }} {{ result <-> a <> b }}) = any + let le (a: t) (b: t) (ret (result: bool) {{ result <-> to_int a <= to_int b }} {{ result <-> ule a b }}) = any + let lt (a: t) (b: t) (ret (result: bool) {{ result <-> to_int a < to_int b }} {{ result <-> ult a b }}) = any + let ge (a: t) (b: t) (ret (result: bool) {{ result <-> to_int a >= to_int b }} {{ result <-> uge a b }}) = any + let gt (a: t) (b: t) (ret (result: bool) {{ result <-> to_int a > to_int b }} {{ result <-> ugt a b }}) = any + + let add (a:t) (b:t) + {{ [@expl:arithmetic overflow] to_int a + to_int b < two_power_size \/ BV256.ule (BV256.add (to_BV256 a) (to_BV256 b)) max_uint_as_BV256 }} + (ret (result :t) {{ to_int result = to_int a + to_int b }} {{ result = add a b }}) + = any + let sub (a:t) (b:t) + {{ [@expl:arithmetic overflow] to_int a >= to_int b \/ uge a b }} + (ret (result: t) {{ to_int result = to_int a - to_int b }} {{ result = sub a b }}) + = any + let mul (a:t) (b:t) + {{ [@expl:arithmetic overflow] to_int a * to_int b < two_power_size \/ BV256.ule (BV256.mul (to_BV256 a) (to_BV256 b)) max_uint_as_BV256 }} + (ret (result: t) {{ result = mul a b }} {{ to_int result = to_int a * to_int b }}) + = any + let div (a:t) (b:t) + {{ [@expl:division by zero] b <> zeros \/ to_int b <> 0 }} + (ret (result: t) {{ to_int result = ED.div (to_int a) (to_int b) }} {{ result = udiv a b }}) + = any + let rem (a:t) (b:t) + {{ [@expl:remainder by zero] b <> zeros \/ to_int b <> 0 }} + (ret (result: t) {{ to_int result = ED.mod (to_int a) (to_int b) }} {{ result = urem a b }}) + = any + + let bw_and (a:t) (b:t) (ret (result :t)) = ret {{ bw_and a b }} + let bw_or (a:t) (b:t) (ret (result :t)) = ret {{ bw_or a b }} + let bw_xor (a:t) (b:t) (ret (result :t)) = ret {{ bw_xor a b }} + let bw_not (a:t) (ret (result :t)) = ret {{ bw_not a }} + let shl (a:t) (b:int) + {{ [@expl:out-of-bounds shifting] b >= 0 /\ b <= size }} + (ret (result :t) {{ result = lsl_bv a (of_int b) }} {{ result = lsl a b }}) + = any + let shr (a:t) (b:int) + {{ [@expl:out-of-bounds shifting] b >= 0 /\ b <= size }} + (ret (result :t) {{ result = lsr_bv a (of_int b) }} {{ result = lsr a b }}) + = any + + let to_bv256 (a:t) + (ret (result: BV256.t) {{ result = to_BV256 a }}) + = any + let of_bv256 (a:BV256.t) + {{ [@expl:arithmetic overflow] bv256_to_int a >= 0 /\ bv256_to_int a < two_power_size }} + (ret (result: t) {{ result = of_BV256 a }}) + = any + end + "#}, module_name = stringify!([]), BV_name = stringify!([]), BVConverter_name = stringify!([]), max_value = []::MAX); + + $writer.write_all(m.as_bytes())?; + } + }; + } + + // generate coma code for signed integer + macro_rules! int_mod { + ($writer: ident, $n: literal) => { + ::paste::paste! { + let m = format!(indoc! {r#" + module {module_name} + use export bv.{BV_name} + use bv.BV256 as BV256 + use bv.{BVConverter_name} + use bv.Pow2int + use int.Int + use int.ComputerDivision as CD + + constant min_sint : t = 0x{min_value:X} + constant max_sint : t = 0x{max_value:X} + constant minus_one : t = 0x{max_uint_value:X} + + function to_BV256 (x: t) : BV256.t = stoBig x + function of_BV256 (x: BV256.t) : t = toSmall x + function bv256_to_int (x: BV256.t) : int = BV256.t'int x + constant min_sint_as_BV256 : BV256.t = to_BV256 min_sint + constant max_sint_as_BV256 : BV256.t = to_BV256 max_sint + + let eq (a: t) (b: t) (ret (result: bool) {{ result <-> to_int a = to_int b }} {{ result <-> a = b }}) = any + let ne (a: t) (b: t) (ret (result: bool) {{ result <-> to_int a <> to_int b }} {{ result <-> a <> b }}) = any + let le (a: t) (b: t) (ret (result: bool) {{ result <-> to_int a <= to_int b }} {{ result <-> sle a b }}) = any + let lt (a: t) (b: t) (ret (result: bool) {{ result <-> to_int a < to_int b }} {{ result <-> slt a b }}) = any + let ge (a: t) (b: t) (ret (result: bool) {{ result <-> to_int a >= to_int b }} {{ result <-> sge a b }}) = any + let gt (a: t) (b: t) (ret (result: bool) {{ result <-> to_int a > to_int b }} {{ result <-> sgt a b }}) = any + + let add (a:t) (b:t) + {{ [@expl:arithmetic overflow] - two_power_size_minus_one <= to_int a + to_int b < two_power_size_minus_one \/ let r = BV256.add (to_BV256 a) (to_BV256 b) in (BV256.sle min_sint_as_BV256 r /\ BV256.sle r max_sint_as_BV256) }} + (ret (result :t) {{ to_int result = to_int a + to_int b }} {{ result = add a b }}) + = any + let sub (a:t) (b:t) + {{ [@expl:arithmetic overflow] - two_power_size_minus_one <= to_int a - to_int b < two_power_size_minus_one \/ let r = BV256.sub (to_BV256 a) (to_BV256 b) in (BV256.sle min_sint_as_BV256 r /\ BV256.sle r max_sint_as_BV256) }} + (ret (result: t) {{ to_int result = to_int a - to_int b }} {{ result = sub a b }}) + = any + let mul (a:t) (b:t) + {{ [@expl:arithmetic overflow] - two_power_size_minus_one <= to_int a * to_int b < two_power_size_minus_one \/ let r = BV256.mul (to_BV256 a) (to_BV256 b) in (BV256.sle min_sint_as_BV256 r /\ BV256.sle r max_sint_as_BV256) }} + (ret (result: t) {{ to_int result = to_int a * to_int b }} {{ result = mul a b }}) + = any + let div (a:t) (b:t) + {{ [@expl:division by zero] b <> zeros \/ to_int b <> 0 }} + {{ [@expl:signed division overflow check] (a <> min_sint \/ b <> minus_one) \/ (to_int a <> to_int min_sint \/ to_int b <> -1) }} + (ret (result: t) {{ to_int result = CD.div (to_int a) (to_int b) }} {{ result = sdiv a b }}) + = any + let rem (a:t) (b:t) + {{ [@expl:remainder by zero] b <> zeros \/ to_int b <> 0 }} + (ret (result: t) {{ to_int result = CD.mod (to_int a) (to_int b) }} {{ result = srem a b }}) + = any + + let bw_and (a:t) (b:t) (ret (result :t)) = ret {{ bw_and a b }} + let bw_or (a:t) (b:t) (ret (result :t)) = ret {{ bw_or a b }} + let bw_xor (a:t) (b:t) (ret (result :t)) = ret {{ bw_xor a b }} + let bw_not (a:t) (ret (result :t)) = ret {{ bw_not a }} + let shl (a:t) (b:int) + {{ [@expl:out-of-bounds shifting] ult (of_int b) size_bv \/ b < size }} + {{ [@expl:out-of-bounds shifting] sle zeros a \/ to_int a >= 0 }} + {{ [@expl:arithmetic overflow] (to_int a) * (pow2 (b)) < two_power_size_minus_one \/ let r = BV256.lsl_bv (to_BV256 a) (to_BV256 (of_int b)) in (BV256.sle min_sint_as_BV256 r /\ BV256.sle r max_sint_as_BV256)}} + (ret (result :t) {{ result = lsl_bv a (of_int b) }} {{ result = lsl a b }}) + = any + let shr (a:t) (b:int) + {{ [@expl:out-of-bounds shifting] ult (of_int b) size_bv \/ b < size }} + (ret (result :t) {{ result = asr_bv a (of_int b) }} {{ result = asr a b }}) + = any + + let to_bv256 (a:t) + (ret (result: BV256.t) {{ result = to_BV256 a }}) + = any + let of_bv256 (a:BV256.t) + {{ [@expl:arithmetic overflow] bv256_to_int a >= 0 /\ bv256_to_int a < two_power_size }} + (ret (result: t) {{ result = of_BV256 a }}) + = any + end + "#}, module_name = stringify!([]), BV_name = stringify!([]), BVConverter_name = stringify!([]), min_value = []::MIN, max_value = []::MAX, max_uint_value= []::MAX); + + $writer.write_all(m.as_bytes())?; + } + }; + } + + // create or open the file + let file = File::create(filepath.as_ref())?; + let mut writer = io::BufWriter::new(file); + + // unsigned integer + uint_mod!(writer, 8); + uint_mod!(writer, 16); + uint_mod!(writer, 32); + uint_mod!(writer, 64); + uint_mod!(writer, 128); + + // signed integer + int_mod!(writer, 8); + int_mod!(writer, 16); + int_mod!(writer, 32); + int_mod!(writer, 64); + int_mod!(writer, 128); + + writer.flush()?; + Ok(()) +} + +fn main() { + // rerun this build script if it has changed + println!("cargo:rerun-if-changed=build.rs"); + + // Get the path to the crate directory + let crate_dirpath = PathBuf::from(env::var("CARGO_MANIFEST_DIR").expect("CARGO_MANIFEST_DIR doesn't exist for creusot crate ??")); + + // Get the path to the prelude directory + let prelude_dirpath = crate_dirpath.join("..").join("prelude"); + + // We create the directory if it does not exist + fs::create_dir_all(&prelude_dirpath).expect("creusot crate build, can't create prelude directory"); + + // Create the file name for the prelude dedicated to integers + let int_prelude_filepath = prelude_dirpath.join("int.coma"); + + // create integer prelude + int_prelude_maker(&int_prelude_filepath).unwrap_or_else(|e| { + eprintln!("Erreur in int_prelude_maker: {}", e); + std::process::exit(1); + }); +} \ No newline at end of file diff --git a/creusot/src/backend/program.rs b/creusot/src/backend/program.rs index 5792ddf29e..abc5e24e6b 100644 --- a/creusot/src/backend/program.rs +++ b/creusot/src/backend/program.rs @@ -1,4 +1,4 @@ -use self::ty::{concret_intty, concret_uintty, slice_create_qname, slice_length_qname}; +use self::ty::{concret_intty, concret_uintty, intty_to_ty, slice_create_qname, slice_length_qname, uintty_to_ty}; use crate::{ backend::{ @@ -353,7 +353,7 @@ impl<'tcx> RValue<'tcx> { // todo laurent valider l'approche match r_ty.kind() { TyKind::Int(_) => module.push_ident("to_int"), - TyKind::Uint(_) => module.push_ident("to_uint"), + TyKind::Uint(_) => module.push_ident(".t'int"), _ => unreachable!("right operande, non-integer type for binary operation {op:?} {ty:?}"), } @@ -619,8 +619,10 @@ impl<'tcx> Terminator<'tcx> { match self { Terminator::Goto(bb) => (istmts, Expr::Symbol(format!("bb{}", bb.as_usize()).into())), Terminator::Switch(switch, branches) => { + let ty = switch.ty(lower.ctx.tcx, lower.locals); + let ty_kind = ty.kind(); let discr = switch.to_why(lower, &mut istmts); - (istmts, branches.to_why(lower.ctx, lower.names, discr)) + (istmts, branches.to_why(lower.ctx, lower.names, discr, ty_kind)) } Terminator::Return => { (istmts, Expr::Symbol("return".into()).app(vec![Arg::Term(Exp::var("_0"))])) @@ -642,21 +644,40 @@ impl<'tcx> Branches<'tcx> { ctx: &mut Why3Generator<'tcx>, names: &mut N, discr: Exp, + discr_ty: &'tcx TyKind<'tcx>, ) -> coma::Expr { match self { Branches::Int(brs, def) => { + let intty = match discr_ty { + TyKind::Int(intty) => intty, + _ => panic!("Branches::Int try to evaluate a type that is not Int"), + }; + let mut brs = mk_switch_branches( discr, - brs.into_iter().map(|(val, tgt)| (Exp::int(val), mk_goto(tgt))).collect(), + brs.into_iter().map(|(val, tgt)| { + let why_ty = intty_to_ty(names, intty); + let e = Exp::Const(Constant::Int(val, Some(why_ty))); + (e, mk_goto(tgt)) + }).collect(), ); brs.push(Defn::simple("default", Expr::BlackBox(Box::new(mk_goto(def))))); Expr::Defn(Box::new(Expr::Any), false, brs) } Branches::Uint(brs, def) => { + let uintty = match discr_ty { + TyKind::Uint(uintty) => uintty, + _ => panic!("Branches::Uint try to evaluate a type that is not Uint"), + }; + let mut brs = mk_switch_branches( discr, - brs.into_iter().map(|(val, tgt)| (Exp::uint(val), mk_goto(tgt))).collect(), + brs.into_iter().map(|(val, tgt)| { + let why_ty = uintty_to_ty(names, uintty); + let e = Exp::Const(Constant::Uint(val, Some(why_ty))); + (e, mk_goto(tgt)) + }).collect(), ); brs.push(Defn::simple("default", Expr::BlackBox(Box::new(mk_goto(def))))); diff --git a/creusot/src/backend/term.rs b/creusot/src/backend/term.rs index a29db47969..065b520db6 100644 --- a/creusot/src/backend/term.rs +++ b/creusot/src/backend/term.rs @@ -81,8 +81,58 @@ impl<'tcx, N: Namer<'tcx>> Lower<'_, 'tcx, N> { } match op { - Div => Exp::var("div").app(vec![lhs, rhs]), - Rem => Exp::var("mod").app(vec![lhs, rhs]), + Div => { + //TODO laurent voir si on factorise TyKind::Int et TyKind::Uint + // voir si on passe par Exp::BinaryOp + let ty_kind = term.creusot_ty().kind(); + match ty_kind { + TyKind::Int(ity) => { + let prelude = int_to_prelude(concret_intty(*ity, self.names.tcx().target_spec().pointer_width)); + self.names.import_prelude_module(prelude); + let mut module = prelude.qname(); + module.push_ident("sdiv"); + let fname = module.without_search_path(); + Exp::qvar(fname).app(vec![lhs, rhs]) + }, + TyKind::Uint(uty) => { + let prelude = uint_to_prelude(concret_uintty(*uty, self.names.tcx().target_spec().pointer_width)); + self.names.import_prelude_module(prelude); + let mut module = prelude.qname(); + module.push_ident("udiv"); + let fname = module.without_search_path(); + Exp::qvar(fname).app(vec![lhs, rhs]) + }, + _ => { + Exp::var("div").app(vec![lhs, rhs]) // keeps the same behavior as before the BitVectors + }, + } + } + Rem => { + //TODO laurent voir si on factorise TyKind::Int et TyKind::Uint + // voir si on passe par Exp::BinaryOp + let ty_kind = term.creusot_ty().kind(); + match ty_kind { + TyKind::Int(ity) => { + let prelude = int_to_prelude(concret_intty(*ity, self.names.tcx().target_spec().pointer_width)); + self.names.import_prelude_module(prelude); + let mut module = prelude.qname(); + module.push_ident("srem"); + let fname = module.without_search_path(); + Exp::qvar(fname).app(vec![lhs, rhs]) + }, + TyKind::Uint(uty) => { + let prelude = uint_to_prelude(concret_uintty(*uty, self.names.tcx().target_spec().pointer_width)); + self.names.import_prelude_module(prelude); + let mut module = prelude.qname(); + module.push_ident("urem"); + let fname = module.without_search_path(); + Exp::qvar(fname).app(vec![lhs, rhs]) + }, + _ => { + Exp::var("mod").app(vec![lhs, rhs]) // keeps the same behavior as before the BitVectors + }, + } + } BitAnd | BitOr | BitXor | Shl | Shr => { let ty_kind = term.creusot_ty().kind(); let prelude: PreludeModule = match ty_kind { @@ -336,7 +386,6 @@ pub(crate) fn lower_literal<'tcx, N: Namer<'tcx>>( } Literal::MachUnsigned(u, uty) => { let why_ty = uintty_to_ty(names, &uty); - Constant::Uint(u, Some(why_ty)).into() } Literal::Bool(true) => Constant::const_true().into(), diff --git a/creusot/src/contracts_items/attributes.rs b/creusot/src/contracts_items/attributes.rs index 5e8fd68648..b5c50f884a 100644 --- a/creusot/src/contracts_items/attributes.rs +++ b/creusot/src/contracts_items/attributes.rs @@ -83,7 +83,9 @@ pub(crate) fn is_pearlite(tcx: TyCtxt, def_id: DefId) -> bool { pub(crate) fn get_builtin(tcx: TyCtxt, def_id: DefId) -> Option { get_attr(tcx.get_attrs_unchecked(def_id), &["creusot", "builtins"]).and_then(|a| { match &a.args { - AttrArgs::Eq(_, AttrArgsEq::Hir(l)) => Some(l.symbol), + AttrArgs::Eq(_, AttrArgsEq::Hir(l)) => { + Some(l.symbol) + }, _ => None, } }) diff --git a/creusot/src/translation/pearlite/normalize.rs b/creusot/src/translation/pearlite/normalize.rs index 40482e0a05..fe0607d815 100644 --- a/creusot/src/translation/pearlite/normalize.rs +++ b/creusot/src/translation/pearlite/normalize.rs @@ -126,27 +126,27 @@ fn optimize_builtin<'tcx>( lhs: Box::new(args.remove(0)), rhs: Box::new(args.remove(0)), }, - "prelude.prelude.UInt8.to_int" + "prelude.prelude.UInt8.t'int" if let TermKind::Lit(Literal::MachUnsigned(c, _)) = args[0].kind => { TermKind::Lit(Literal::Integer(c as i128)) } - "prelude.prelude.UInt16.to_int" + "prelude.prelude.UInt16.t'int" if let TermKind::Lit(Literal::MachUnsigned(c, _)) = args[0].kind => { TermKind::Lit(Literal::Integer(c as i128)) } - "prelude.prelude.UInt32.to_int" + "prelude.prelude.UInt32.t'int" if let TermKind::Lit(Literal::MachUnsigned(c, _)) = args[0].kind => { TermKind::Lit(Literal::Integer(c as i128)) } - "prelude.prelude.UInt64.to_int" + "prelude.prelude.UInt64.t'int" if let TermKind::Lit(Literal::MachUnsigned(c, _)) = args[0].kind => { TermKind::Lit(Literal::Integer(c as i128)) } - "prelude.prelude.UInt128.to_int" + "prelude.prelude.UInt128.t'int" if let TermKind::Lit(Literal::MachUnsigned(c, _)) = args[0].kind => { if c > isize::MAX as u128 { diff --git a/creusot/tests/creusot-contracts/creusot-contracts.coma b/creusot/tests/creusot-contracts/creusot-contracts.coma index f6a63b7255..84ed0ad966 100644 --- a/creusot/tests/creusot-contracts/creusot-contracts.coma +++ b/creusot/tests/creusot-contracts/creusot-contracts.coma @@ -6389,7 +6389,7 @@ module M_creusot_contracts__stdqy35z1__deque__qyi3159098507555769709__produces_r function view'2 [#"../../../creusot-contracts/src/std/slice.rs" 30 4 30 33] (self : slice t_T'0) : Seq.seq t_T'0 axiom view'2_spec : forall self : slice t_T'0 . ([%#sslice7] Seq.length (view'2 self) - <= UInt64.to_uint (v_MAX'0 : UInt64.t)) + <= UInt64.t'int (v_MAX'0 : UInt64.t)) && ([%#sslice8] view'2 self = Slice64.id self) function view'1 [#"../../../creusot-contracts/src/model.rs" 87 4 87 33] (self : slice t_T'0) : Seq.seq t_T'0 = @@ -6478,7 +6478,7 @@ module M_creusot_contracts__stdqy35z1__deque__qyi3159098507555769709__produces_t function view'2 [#"../../../creusot-contracts/src/std/slice.rs" 30 4 30 33] (self : slice t_T'0) : Seq.seq t_T'0 axiom view'2_spec : forall self : slice t_T'0 . ([%#sslice9] Seq.length (view'2 self) - <= UInt64.to_uint (v_MAX'0 : UInt64.t)) + <= UInt64.t'int (v_MAX'0 : UInt64.t)) && ([%#sslice10] view'2 self = Slice64.id self) function view'1 [#"../../../creusot-contracts/src/model.rs" 87 4 87 33] (self : slice t_T'0) : Seq.seq t_T'0 = @@ -7192,7 +7192,7 @@ module M_creusot_contracts__stdqy35z1__iter__enumerate__qyi2718914205750388896__ predicate invariant'0 [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 43 4 43 30] (self : t_Enumerate'0) = [%#senumerate5] (forall s : Seq.seq t_Item'0, i : t_I'0 [produces'1 (iter'0 self) s i] . inv'1 s - /\ inv'2 i /\ produces'1 (iter'0 self) s i -> n'0 self + Seq.length s < UInt64.to_uint v_MAX'0) + /\ inv'2 i /\ produces'1 (iter'0 self) s i -> n'0 self + Seq.length s < UInt64.t'int v_MAX'0) /\ (forall i : borrowed t_I'0 . completed'0 i -> produces'1 i.current (Seq.empty : Seq.seq t_Item'0) i.final) axiom inv_axiom'0 [@rewrite] : forall x : t_Enumerate'0 [inv'0 x] . inv'0 x @@ -7219,7 +7219,7 @@ module M_creusot_contracts__stdqy35z1__iter__enumerate__qyi2718914205750388896__ /\ produces'1 (iter'0 self) s (iter'0 o) /\ Seq.length visited = Seq.length s /\ (forall i : int . 0 <= i /\ i < Seq.length s - -> UInt64.to_uint (let (a, _) = Seq.get visited i in a) = n'0 self + i + -> UInt64.t'int (let (a, _) = Seq.get visited i in a) = n'0 self + i /\ (let (_, a) = Seq.get visited i in a) = Seq.get s i)) constant self : t_Enumerate'0 @@ -7326,7 +7326,7 @@ module M_creusot_contracts__stdqy35z1__iter__enumerate__qyi2718914205750388896__ predicate invariant'0 [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 43 4 43 30] (self : t_Enumerate'0) = [%#senumerate9] (forall s : Seq.seq t_Item'0, i : t_I'0 [produces'1 (iter'0 self) s i] . inv'1 s - /\ inv'2 i /\ produces'1 (iter'0 self) s i -> n'0 self + Seq.length s < UInt64.to_uint v_MAX'0) + /\ inv'2 i /\ produces'1 (iter'0 self) s i -> n'0 self + Seq.length s < UInt64.t'int v_MAX'0) /\ (forall i : borrowed t_I'0 . completed'0 i -> produces'1 i.current (Seq.empty : Seq.seq t_Item'0) i.final) axiom inv_axiom'0 [@rewrite] : forall x : t_Enumerate'0 [inv'0 x] . inv'0 x @@ -7351,7 +7351,7 @@ module M_creusot_contracts__stdqy35z1__iter__enumerate__qyi2718914205750388896__ /\ produces'1 (iter'0 self) s (iter'0 o) /\ Seq.length visited = Seq.length s /\ (forall i : int . 0 <= i /\ i < Seq.length s - -> UInt64.to_uint (let (a, _) = Seq.get visited i in a) = n'0 self + i + -> UInt64.t'int (let (a, _) = Seq.get visited i in a) = n'0 self + i /\ (let (_, a) = Seq.get visited i in a) = Seq.get s i)) use seq.Seq @@ -10660,7 +10660,7 @@ module M_creusot_contracts__stdqy35z1__iter__skip__qyi3195031491774060502__produ function n'0 [#"../../../creusot-contracts/src/std/iter/skip.rs" 22 4 22 21] (self : t_Skip'0) : int - axiom n'0_spec : forall self : t_Skip'0 . [%#sskip4] n'0 self >= 0 /\ n'0 self <= UInt64.to_uint (v_MAX'0 : UInt64.t) + axiom n'0_spec : forall self : t_Skip'0 . [%#sskip4] n'0 self >= 0 /\ n'0 self <= UInt64.t'int (v_MAX'0 : UInt64.t) use seq.Seq @@ -10781,7 +10781,7 @@ module M_creusot_contracts__stdqy35z1__iter__skip__qyi3195031491774060502__produ function n'0 [#"../../../creusot-contracts/src/std/iter/skip.rs" 22 4 22 21] (self : t_Skip'0) : int - axiom n'0_spec : forall self : t_Skip'0 . [%#sskip8] n'0 self >= 0 /\ n'0 self <= UInt64.to_uint (v_MAX'0 : UInt64.t) + axiom n'0_spec : forall self : t_Skip'0 . [%#sskip8] n'0 self >= 0 /\ n'0 self <= UInt64.t'int (v_MAX'0 : UInt64.t) use seq.Seq @@ -10907,7 +10907,7 @@ module M_creusot_contracts__stdqy35z1__iter__take__qyi12344256497067751022__prod function n'0 [#"../../../creusot-contracts/src/std/iter/take.rs" 32 4 32 21] (self : t_Take'0) : int - axiom n'0_spec : forall self : t_Take'0 . [%#stake4] n'0 self >= 0 /\ n'0 self <= UInt64.to_uint (v_MAX'0 : UInt64.t) + axiom n'0_spec : forall self : t_Take'0 . [%#stake4] n'0 self >= 0 /\ n'0 self <= UInt64.t'int (v_MAX'0 : UInt64.t) use seq.Seq @@ -10994,7 +10994,7 @@ module M_creusot_contracts__stdqy35z1__iter__take__qyi12344256497067751022__prod function n'0 [#"../../../creusot-contracts/src/std/iter/take.rs" 32 4 32 21] (self : t_Take'0) : int - axiom n'0_spec : forall self : t_Take'0 . [%#stake8] n'0 self >= 0 /\ n'0 self <= UInt64.to_uint (v_MAX'0 : UInt64.t) + axiom n'0_spec : forall self : t_Take'0 . [%#stake8] n'0 self >= 0 /\ n'0 self <= UInt64.t'int (v_MAX'0 : UInt64.t) use seq.Seq @@ -14073,7 +14073,7 @@ module M_creusot_contracts__stdqy35z1__slice__qyi8256668011736225471__produces_r function view'2 [#"../../../creusot-contracts/src/std/slice.rs" 30 4 30 33] (self : slice t_T'0) : Seq.seq t_T'0 axiom view'2_spec : forall self : slice t_T'0 . ([%#sslice7] Seq.length (view'2 self) - <= UInt64.to_uint (v_MAX'0 : UInt64.t)) + <= UInt64.t'int (v_MAX'0 : UInt64.t)) && ([%#sslice8] view'2 self = Slice64.id self) function view'1 [#"../../../creusot-contracts/src/model.rs" 87 4 87 33] (self : slice t_T'0) : Seq.seq t_T'0 = @@ -14159,7 +14159,7 @@ module M_creusot_contracts__stdqy35z1__slice__qyi8256668011736225471__produces_t function view'2 [#"../../../creusot-contracts/src/std/slice.rs" 30 4 30 33] (self : slice t_T'0) : Seq.seq t_T'0 axiom view'2_spec : forall self : slice t_T'0 . ([%#sslice9] Seq.length (view'2 self) - <= UInt64.to_uint (v_MAX'0 : UInt64.t)) + <= UInt64.t'int (v_MAX'0 : UInt64.t)) && ([%#sslice10] view'2 self = Slice64.id self) function view'1 [#"../../../creusot-contracts/src/model.rs" 87 4 87 33] (self : slice t_T'0) : Seq.seq t_T'0 = @@ -14257,7 +14257,7 @@ module M_creusot_contracts__stdqy35z1__slice__qyi7128337469104663169__produces_r function view'1 [#"../../../creusot-contracts/src/std/slice.rs" 30 4 30 33] (self : slice t_T'0) : Seq.seq t_T'0 axiom view'1_spec : forall self : slice t_T'0 . ([%#sslice7] Seq.length (view'1 self) - <= UInt64.to_uint (v_MAX'0 : UInt64.t)) + <= UInt64.t'int (v_MAX'0 : UInt64.t)) && ([%#sslice8] view'1 self = Slice64.id self) function view'0 [#"../../../creusot-contracts/src/std/slice.rs" 446 4 446 33] (self : t_IterMut'0) : borrowed (slice t_T'0) @@ -14359,7 +14359,7 @@ module M_creusot_contracts__stdqy35z1__slice__qyi7128337469104663169__produces_t function view'1 [#"../../../creusot-contracts/src/std/slice.rs" 30 4 30 33] (self : slice t_T'0) : Seq.seq t_T'0 axiom view'1_spec : forall self : slice t_T'0 . ([%#sslice11] Seq.length (view'1 self) - <= UInt64.to_uint (v_MAX'0 : UInt64.t)) + <= UInt64.t'int (v_MAX'0 : UInt64.t)) && ([%#sslice12] view'1 self = Slice64.id self) function view'0 [#"../../../creusot-contracts/src/std/slice.rs" 446 4 446 33] (self : t_IterMut'0) : borrowed (slice t_T'0) @@ -15431,7 +15431,7 @@ module M_creusot_contracts__ghost_ptr__qyi14556734806454041375__are_eq [#"../../ use prelude.prelude.UInt64 let rec addr'0 (self:opaque_ptr) (return' (ret:UInt64.t))= any - [ return' (result:UInt64.t)-> {[%#sghost_ptr7] UInt64.to_uint result = addr_logic'0 self} (! return' {result}) ] + [ return' (result:UInt64.t)-> {[%#sghost_ptr7] UInt64.t'int result = addr_logic'0 self} (! return' {result}) ] use prelude.prelude.Intrinsic @@ -22473,7 +22473,7 @@ module M_creusot_contracts__stdqy35z1__deque__qyi8367101395671471553__resolve_co function view'0 [#"../../../creusot-contracts/src/std/deque.rs" 14 4 14 27] (self : t_VecDeque'0) : Seq.seq t_T'0 axiom view'0_spec : forall self : t_VecDeque'0 . [%#sdeque2] Seq.length (view'0 self) - <= UInt64.to_uint (v_MAX'0 : UInt64.t) + <= UInt64.t'int (v_MAX'0 : UInt64.t) use seq.Seq @@ -22913,7 +22913,7 @@ module M_creusot_contracts__stdqy35z1__slice__qyi4472237099583716627__resolve_co function view'1 [#"../../../creusot-contracts/src/std/slice.rs" 30 4 30 33] (self : slice t_T'0) : Seq.seq t_T'0 axiom view'1_spec : forall self : slice t_T'0 . ([%#sslice3] Seq.length (view'1 self) - <= UInt64.to_uint (v_MAX'0 : UInt64.t)) + <= UInt64.t'int (v_MAX'0 : UInt64.t)) && ([%#sslice4] view'1 self = Slice64.id self) function view'0 [#"../../../creusot-contracts/src/std/slice.rs" 446 4 446 33] (self : t_IterMut'0) : borrowed (slice t_T'0) @@ -22986,7 +22986,7 @@ module M_creusot_contracts__stdqy35z1__vec__qyi6844585276173866460__resolve_cohe function view'0 [#"../../../creusot-contracts/src/std/vec.rs" 19 4 19 27] (self : t_Vec'0) : Seq.seq t_T'0 - axiom view'0_spec : forall self : t_Vec'0 . [%#svec2] Seq.length (view'0 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) + axiom view'0_spec : forall self : t_Vec'0 . [%#svec2] Seq.length (view'0 self) <= UInt64.t'int (v_MAX'0 : UInt64.t) use seq.Seq @@ -23475,7 +23475,7 @@ module M_creusot_contracts__stdqy35z1__deque__qyi3159098507555769709__produces_r function view'2 [#"../../../creusot-contracts/src/std/slice.rs" 30 4 30 33] (self : slice t_T'0) : Seq.seq t_T'0 axiom view'2_spec : forall self : slice t_T'0 . ([%#sslice6] Seq.length (view'2 self) - <= UInt64.to_uint (v_MAX'0 : UInt64.t)) + <= UInt64.t'int (v_MAX'0 : UInt64.t)) && ([%#sslice7] view'2 self = Slice64.id self) function view'1 [#"../../../creusot-contracts/src/model.rs" 87 4 87 33] (self : slice t_T'0) : Seq.seq t_T'0 = @@ -23559,7 +23559,7 @@ module M_creusot_contracts__stdqy35z1__deque__qyi3159098507555769709__produces_t function view'2 [#"../../../creusot-contracts/src/std/slice.rs" 30 4 30 33] (self : slice t_T'0) : Seq.seq t_T'0 axiom view'2_spec : forall self : slice t_T'0 . ([%#sslice6] Seq.length (view'2 self) - <= UInt64.to_uint (v_MAX'0 : UInt64.t)) + <= UInt64.t'int (v_MAX'0 : UInt64.t)) && ([%#sslice7] view'2 self = Slice64.id self) function view'1 [#"../../../creusot-contracts/src/model.rs" 87 4 87 33] (self : slice t_T'0) : Seq.seq t_T'0 = @@ -24206,7 +24206,7 @@ module M_creusot_contracts__stdqy35z1__iter__enumerate__qyi2718914205750388896__ predicate invariant'0 [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 43 4 43 30] (self : t_Enumerate'0) = [%#senumerate11] (forall s : Seq.seq t_Item'0, i : t_I'0 [produces'1 (iter'0 self) s i] . inv'1 s - /\ inv'2 i /\ produces'1 (iter'0 self) s i -> n'0 self + Seq.length s < UInt64.to_uint v_MAX'0) + /\ inv'2 i /\ produces'1 (iter'0 self) s i -> n'0 self + Seq.length s < UInt64.t'int v_MAX'0) /\ (forall i : borrowed t_I'0 . completed'0 i -> produces'1 i.current (Seq.empty : Seq.seq t_Item'0) i.final) axiom inv_axiom'0 [@rewrite] : forall x : t_Enumerate'0 [inv'0 x] . inv'0 x @@ -24227,7 +24227,7 @@ module M_creusot_contracts__stdqy35z1__iter__enumerate__qyi2718914205750388896__ /\ produces'1 (iter'0 self) s (iter'0 o) /\ Seq.length visited = Seq.length s /\ (forall i : int . 0 <= i /\ i < Seq.length s - -> UInt64.to_uint (let (a, _) = Seq.get visited i in a) = n'0 self + i + -> UInt64.t'int (let (a, _) = Seq.get visited i in a) = n'0 self + i /\ (let (_, a) = Seq.get visited i in a) = Seq.get s i)) use seq.Seq @@ -24329,7 +24329,7 @@ module M_creusot_contracts__stdqy35z1__iter__enumerate__qyi2718914205750388896__ predicate invariant'0 [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 43 4 43 30] (self : t_Enumerate'0) = [%#senumerate3] (forall s : Seq.seq t_Item'0, i : t_I'0 [produces'1 (iter'0 self) s i] . inv'1 s - /\ inv'2 i /\ produces'1 (iter'0 self) s i -> n'0 self + Seq.length s < UInt64.to_uint v_MAX'0) + /\ inv'2 i /\ produces'1 (iter'0 self) s i -> n'0 self + Seq.length s < UInt64.t'int v_MAX'0) /\ (forall i : borrowed t_I'0 . completed'0 i -> produces'1 i.current (Seq.empty : Seq.seq t_Item'0) i.final) axiom inv_axiom'0 [@rewrite] : forall x : t_Enumerate'0 [inv'0 x] . inv'0 x @@ -24356,7 +24356,7 @@ module M_creusot_contracts__stdqy35z1__iter__enumerate__qyi2718914205750388896__ /\ produces'1 (iter'0 self) s (iter'0 o) /\ Seq.length visited = Seq.length s /\ (forall i : int . 0 <= i /\ i < Seq.length s - -> UInt64.to_uint (let (a, _) = Seq.get visited i in a) = n'0 self + i + -> UInt64.t'int (let (a, _) = Seq.get visited i in a) = n'0 self + i /\ (let (_, a) = Seq.get visited i in a) = Seq.get s i)) goal refines : [%#senumerate0] forall self : t_Enumerate'0 . inv'0 self @@ -26240,7 +26240,7 @@ module M_creusot_contracts__stdqy35z1__iter__skip__qyi3195031491774060502__produ function n'0 [#"../../../creusot-contracts/src/std/iter/skip.rs" 22 4 22 21] (self : t_Skip'0) : int - axiom n'0_spec : forall self : t_Skip'0 . [%#sskip2] n'0 self >= 0 /\ n'0 self <= UInt64.to_uint (v_MAX'0 : UInt64.t) + axiom n'0_spec : forall self : t_Skip'0 . [%#sskip2] n'0 self >= 0 /\ n'0 self <= UInt64.t'int (v_MAX'0 : UInt64.t) use seq.Seq @@ -26364,7 +26364,7 @@ module M_creusot_contracts__stdqy35z1__iter__skip__qyi3195031491774060502__produ function n'0 [#"../../../creusot-contracts/src/std/iter/skip.rs" 22 4 22 21] (self : t_Skip'0) : int - axiom n'0_spec : forall self : t_Skip'0 . [%#sskip2] n'0 self >= 0 /\ n'0 self <= UInt64.to_uint (v_MAX'0 : UInt64.t) + axiom n'0_spec : forall self : t_Skip'0 . [%#sskip2] n'0 self >= 0 /\ n'0 self <= UInt64.t'int (v_MAX'0 : UInt64.t) use seq.Seq @@ -26475,7 +26475,7 @@ module M_creusot_contracts__stdqy35z1__iter__take__qyi12344256497067751022__prod function n'0 [#"../../../creusot-contracts/src/std/iter/take.rs" 32 4 32 21] (self : t_Take'0) : int - axiom n'0_spec : forall self : t_Take'0 . [%#stake2] n'0 self >= 0 /\ n'0 self <= UInt64.to_uint (v_MAX'0 : UInt64.t) + axiom n'0_spec : forall self : t_Take'0 . [%#stake2] n'0 self >= 0 /\ n'0 self <= UInt64.t'int (v_MAX'0 : UInt64.t) use seq.Seq @@ -26545,7 +26545,7 @@ module M_creusot_contracts__stdqy35z1__iter__take__qyi12344256497067751022__prod function n'0 [#"../../../creusot-contracts/src/std/iter/take.rs" 32 4 32 21] (self : t_Take'0) : int - axiom n'0_spec : forall self : t_Take'0 . [%#stake2] n'0 self >= 0 /\ n'0 self <= UInt64.to_uint (v_MAX'0 : UInt64.t) + axiom n'0_spec : forall self : t_Take'0 . [%#stake2] n'0 self >= 0 /\ n'0 self <= UInt64.t'int (v_MAX'0 : UInt64.t) use seq.Seq @@ -27369,7 +27369,7 @@ module M_creusot_contracts__stdqy35z1__slice__qyi8256668011736225471__produces_t function view'2 [#"../../../creusot-contracts/src/std/slice.rs" 30 4 30 33] (self : slice t_T'0) : Seq.seq t_T'0 axiom view'2_spec : forall self : slice t_T'0 . ([%#sslice6] Seq.length (view'2 self) - <= UInt64.to_uint (v_MAX'0 : UInt64.t)) + <= UInt64.t'int (v_MAX'0 : UInt64.t)) && ([%#sslice7] view'2 self = Slice64.id self) function view'1 [#"../../../creusot-contracts/src/model.rs" 87 4 87 33] (self : slice t_T'0) : Seq.seq t_T'0 = @@ -27461,7 +27461,7 @@ module M_creusot_contracts__stdqy35z1__slice__qyi8256668011736225471__produces_r function view'2 [#"../../../creusot-contracts/src/std/slice.rs" 30 4 30 33] (self : slice t_T'0) : Seq.seq t_T'0 axiom view'2_spec : forall self : slice t_T'0 . ([%#sslice6] Seq.length (view'2 self) - <= UInt64.to_uint (v_MAX'0 : UInt64.t)) + <= UInt64.t'int (v_MAX'0 : UInt64.t)) && ([%#sslice7] view'2 self = Slice64.id self) function view'1 [#"../../../creusot-contracts/src/model.rs" 87 4 87 33] (self : slice t_T'0) : Seq.seq t_T'0 = @@ -27545,7 +27545,7 @@ module M_creusot_contracts__stdqy35z1__slice__qyi7128337469104663169__produces_r function view'1 [#"../../../creusot-contracts/src/std/slice.rs" 30 4 30 33] (self : slice t_T'0) : Seq.seq t_T'0 axiom view'1_spec : forall self : slice t_T'0 . ([%#sslice5] Seq.length (view'1 self) - <= UInt64.to_uint (v_MAX'0 : UInt64.t)) + <= UInt64.t'int (v_MAX'0 : UInt64.t)) && ([%#sslice6] view'1 self = Slice64.id self) function view'0 [#"../../../creusot-contracts/src/std/slice.rs" 446 4 446 33] (self : t_IterMut'0) : borrowed (slice t_T'0) @@ -27635,7 +27635,7 @@ module M_creusot_contracts__stdqy35z1__slice__qyi7128337469104663169__produces_t function view'1 [#"../../../creusot-contracts/src/std/slice.rs" 30 4 30 33] (self : slice t_T'0) : Seq.seq t_T'0 axiom view'1_spec : forall self : slice t_T'0 . ([%#sslice5] Seq.length (view'1 self) - <= UInt64.to_uint (v_MAX'0 : UInt64.t)) + <= UInt64.t'int (v_MAX'0 : UInt64.t)) && ([%#sslice6] view'1 self = Slice64.id self) function view'0 [#"../../../creusot-contracts/src/std/slice.rs" 446 4 446 33] (self : t_IterMut'0) : borrowed (slice t_T'0) diff --git a/creusot/tests/creusot-contracts/creusot-contracts/why3session.xml b/creusot/tests/creusot-contracts/creusot-contracts/why3session.xml index 057054df07..e77d64db1c 100644 --- a/creusot/tests/creusot-contracts/creusot-contracts/why3session.xml +++ b/creusot/tests/creusot-contracts/creusot-contracts/why3session.xml @@ -75,7 +75,7 @@ - + @@ -106,10 +106,10 @@ - + - + @@ -141,10 +141,10 @@ - + - + @@ -176,10 +176,10 @@ - + - + @@ -220,82 +220,82 @@ - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + @@ -310,12 +310,12 @@ - + - + @@ -330,32 +330,32 @@ - + - + - + - + - + - + @@ -390,82 +390,82 @@ - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + @@ -480,12 +480,12 @@ - + - + @@ -500,32 +500,32 @@ - + - + - + - + - + - + @@ -560,82 +560,82 @@ - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + @@ -650,12 +650,12 @@ - + - + @@ -670,32 +670,32 @@ - + - + - + - + - + - + @@ -730,82 +730,82 @@ - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + @@ -820,12 +820,12 @@ - + - + @@ -840,32 +840,32 @@ - + - + - + - + - + - + @@ -900,82 +900,82 @@ - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + @@ -990,12 +990,12 @@ - + - + @@ -1010,32 +1010,32 @@ - + - + - + - + - + - + @@ -1070,82 +1070,82 @@ - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + @@ -1160,12 +1160,12 @@ - + - + @@ -1180,32 +1180,32 @@ - + - + - + - + - + - + @@ -1240,82 +1240,82 @@ - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + @@ -1330,12 +1330,12 @@ - + - + @@ -1350,32 +1350,32 @@ - + - + - + - + - + - + @@ -1410,82 +1410,82 @@ - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + @@ -1500,12 +1500,12 @@ - + - + @@ -1520,32 +1520,32 @@ - + - + - + - + - + - + @@ -1575,87 +1575,87 @@ - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + @@ -1670,12 +1670,12 @@ - + - + @@ -1690,32 +1690,32 @@ - + - + - + - + - + - + @@ -1810,87 +1810,87 @@ - + - + - + - + - + - + - + - + - + - + - + - + - + @@ -1903,7 +1903,7 @@ - + @@ -1990,27 +1990,27 @@ - + - + - + - + - + @@ -2090,7 +2090,7 @@ - + @@ -2207,7 +2207,7 @@ - + @@ -2247,7 +2247,7 @@ - + @@ -2268,7 +2268,7 @@ - + @@ -2276,7 +2276,7 @@ - + @@ -2333,19 +2333,19 @@ - + - + - + @@ -2357,14 +2357,14 @@ - + - + @@ -2375,7 +2375,7 @@ - + @@ -2413,7 +2413,7 @@ - + @@ -2450,7 +2450,7 @@ - + @@ -2459,7 +2459,7 @@ - + @@ -2486,7 +2486,7 @@ - + @@ -2505,7 +2505,7 @@ - + @@ -2535,7 +2535,7 @@ - + @@ -2568,7 +2568,7 @@ - + @@ -2618,71 +2618,71 @@ - + - + - + - + - + - + - + - + - + - + - + - + - + @@ -2695,7 +2695,7 @@ - + @@ -2708,17 +2708,17 @@ - + - + - + @@ -2727,7 +2727,7 @@ - + @@ -2736,14 +2736,14 @@ - + - + @@ -2815,7 +2815,7 @@ - + diff --git a/creusot/tests/creusot-contracts/creusot-contracts/why3shapes.gz b/creusot/tests/creusot-contracts/creusot-contracts/why3shapes.gz index 48a5fa7705e72af0f449fda545b4be68f5913abb..d95e6e65eac58d4419f4ab9f2ed5979a9db05502 100644 GIT binary patch literal 27243 zcmV)FK)=5qiwFP!00000|Lnb6j~zLZCiot|qTX_M5)JTvS!5PQo2!@zpt>5^83YFV zB9QL%tmslonTk+#*ZlhVjP9h9e%#MFl0w-+Z%vOXPq@>Kq|q*)kw)_W_%DBW`b+pV zJ^kTt>BH0G`*;7>AIu;A%l~;3ehk0-^*a{+_L%hUrB^ybg+-zB{0iqT7aI=p}P z93J02Ef4<3hmUDfPHfAGrQGd3o{x`D|N8#%-Sg7C{G3{z{{8t)`VCL@gUL_tx9!9m zyLn@E63-`wxf$dvoeK7EYOAHwkb=CA4R)HwIxA2@s55O#RB@}cVu6`zTpQh(t5 zfs4m&mFew-$NTic`{%!;5A-_IeARTL3`{A)Go@VaRnJMh%4PDqKW+Osf0hfJF!fB? z2QK$}BG30ku7eHYPwBb5TAP29e);wJ?{Bi8gNYA(f5hkd#OC2#jmWI(dbW`H(_^>| zZ=cdEn?EiZGZ$TcS6(zKwX|{fRsNR#=LTKU*ui`$Y!kUi+mYsN#M3aeFh}Pq#Net$l~&hxfm(e>HEwl@BQle+ls|{q;XS{`xjy zjDNkKUNtSn-{|U0V}5k=T*i!*F=HoVCLTo76<)@SmoeivfBtjZO7kFZo4;QD6n=gG z^o;J0kIzu?H}BsK^g=Dogq>S?nOU<|Cd&ZW`?dy)8t%h~^z{Di-!iGfK1GVrNSMC8 zSi5g)_p>EDsovioQ3>z<{^o6^bzjP3K!5#^YWb6*Ghw;&tm(wutou_+bNOwt`t>|4 za#n}$^aKA>QQouTtS{>3`UTI=R93!OF&`dO(Kl7}O>HE@lPa!%y=v8Hm%kRS0ydVs z9yuHNx@n+U24`&n=Lf?CGAzHH8_oIY@KBLg#cb7~=*1313|V^k+xpBw!d5;``|X=q z)=I2xYsmDLQEUh0w28WGjJ5_U( zC|bV!;4_+T#8q{^MVDGNF}>lXy<*4>*)P4<2ffz8>!|0Zn__^HC{P9{tl#XMfRHv^YCDld0b^<%qsR2~U_k3*;0c2I}j zMIxpZQrj}8QQ!NYPAjNZZcldk)|2V`m2$0k7At+b15+-+(Vv!bB(eYUS3=6G-+KMw z!?gl@j8%S|!X?9uf;4I*UB!?s9SD7&mewDnt@H5b0_J zyY)|}lvV`W7CUuKTg2I5RDO-~IT^)_Bv+c(z|XyLz7lJSuZT6zfQ+VlUlWa92P|5! z+06|+7gr>UD>?<6Y!7UHW`r?ot$1|~bj`n&W}# z5Z@{twc`B!%f>l7{_c|OHBD5e%(oq1~y)t z?P%2Y_nP)-$9|_lpE&=)ubux8zr*~;HX81vpdw#hknib~CEts8WN|r?rYs+uSw~f@ znkrUJop>>^Y8Jeh{%t|n`nLSo2pdgVe*Ewuy?aK~(LN@B7N*B{;cb?y@?0ONq}xN= z2Lygxt88AZviWc8`!bmE{f7_l|1FK*{qolwyy-lb{WzYyP)9H1(F=hp{*pdC=9hDs z2Rk%QOtzmi4HmU`^u>bouPWPEroK7)1v{|Ix|giruovou8v7Y^iiUE1TMP_eAFA%* zLF?tGHS)N4tyb=}MRX5;>=a?u$kryiW+s1Eh5YTl(uxDruxrG4F=D(->G1|-b>{53 zSQlBWi`-o%k!6_#KR(m^%m$@dad@0w?R0f{z+H}F>R+#RXi*8jtO4#@G<=96IUusN zmE6@~bIp|Tsl{q^|4`J-js=nDie#X+4Qsl(c8IjE>FZOCI%BAoP{Z8r_UlKo#4}#q zV{sj<?7kA#2>3K|Kq%8TG-Bm}=O5+``@6D<05)_-Bef}pF;p4hW_$zg_K zd+!dwkh|W`iENUVc@Hxi!VSv#L~3Ok=QBQ1>#AclzIy<<4JY@&)K6t5B|N{me@?%A z$EdFTg{0+|rlRkj-=p}4rMN1~%&IIis~hm<{rGW6PkC}FFQ*gI-+Ovnr;u*j&*nw# zTxMC??mqthdw}bC?s)%s9-s9E0r&2S>t>$o{9yG4oLxoWmi}MY?ik__hVBvmAD-T< zi~YlDd-3r5@5B7n)8o6J-=^pH?;i5=rEpkBk-h$xwtVK!i;)e~>X)PSYNw?gPwLAp zv(^{)r(C?>Tlzbrfdt-*VueKR%yh0#Md3zrK0< z{$~P1*+{+q?PGX5CvxDyZC_*_tUslvr|;I@_1Fr;o@W_|2DmiN=@iY~S)Z%c{2MH%cga&Tp60tR*Y#&;56Dp17MEn?FkB zqx`C-k~QDx8PKfXysZ`GSGyHif_R$-zD?cR)9*mh6M)$NuDs33GoSYvNm%z~`1kPl zqwn&&oWs>uHp^M_$q!l7?yo9!MGJoTk)B4wYwCTvuHL7s>wQ}4 zZAyvDx-1TLS)A2naZZ=Tu`Y{KT^6UhEOvBRoYiIVnYt`KLzl&|F7rcO7N4NYy$M)! zvKhquXj4pJy!eq(rq^f8vQUVej}5bch^QmeEcAo055jFeF}qK7e&Mzx&>eqhqa}Ng z{9s(m+db1MA--~NT+6E+UQ6{L^}dasU+q?89;7`OSFya^v(eH$NPlQ-=eIjH`r6M< zOvb5kX})76qxRE3xxKyC(;aKac~8fVv}5&HdtP<*a-aUmrc=ew;jfn;y+|l zf2qKQI)B)j_bri+Z=WyKvlO{d6G~mG>*;b`Pgm9TwA6LItvr;5Gx{q&Q-67p0fMj*O%MYvm>J2tJ|%)y(X*_XTnNxA*>YV!%A^3 ztQ5OprPvKC#eP^R&W4rZGs8;p8DXXP9M@3-$IpVL?nojwFLy*VkLjr;rl)!P#fD)8nZJzOYTXWOIy)XAmowS$u zs@Q|#C*00YHyTYQNeJX>KI$ zfgQJY^YU~I4_ey3IT%nYQ0C zI@0&W@}vFkZ%Yxm=e^zNKjbqZet!N-**(s~^LLN$p2OeX{PU~-nf>URsU_O9E%Fdg z&mTSx&mTX8w{N;qGkI}T;I=Mv1DQ~s2`t{GA!4T?dG~*Keh*U9o2Pt`11(xSz8llO zQ~w`_?-q~n10FBb`r=g2z!nd&TcT?P&uwj1UDdKWtnPQ8)-_|*c9BsR*-jVPHC;p- zHeKYz;vd$g_QjVjio-7QO&5718nTFn+;sc<@9B6AN_*LT+^=^lI$+~8d!sVv)lSmK z<aAX2?sTRejy5fNWJj9;tvVU6n@#+OhuSO6Ju0z0rT_iuYvF{ZL`$;+ZFt@0yKW82Tx{IMYe zrttlP-6LO<(&)gP|4M`P81@TD|u%Su{S@xegBS5r^%UAM|tEm?@bi-6Ge3AeJp1dCd@Qi>^3A z)a+5QJ~BOJ&KEz_?Jn(%A{V8IxIcJa%_6VRmW$h-e|v`nbo|@f&bcQ(J4wHD5@a`? z@&aH(>%r5UG5x^Jwqwn!rf>DvdTKFt)jw3Fj+dd+CNwUB{QlR+vs!qma3}R0 zOWVR1Sz6@be)s9h$jXV0pb^`1uGIbhYp}uuKwwE&Z3#y;A&3u+GACB zCD9g%+sC(SdUvrjwdcG#U|u~iuP%7{_%6rJtC}prLK{qHo;OBp>ql~KH+S;&Fq7arHH&gcwUW&s4=MM(Z&S{IM}IEBw&9} z^DF_~=?Hsus61I|Gw8*Ak_i`_) zu@!P7?V|Qnn60#ndUTA~N}|g?$v;S1<>~}Guas>c3YQC4?;xuHug~&&T}!BltXx5{ ztdYwc{g+W*dNWTIG{3jfn8&>mzBdKCz@v$U7px;d1Q-bd9qut*Su;RU;S0*p+rC1lyedC>-M28b-WCnWj1R&@Ui@8 zCo!t<#PC#p;(Zq5Fj3;fB8g8$hQqWdM1H->Z+@Pow|*0cS#)JBI75P27ifw`==tYU zp`bh6Tqw-CdDcF}g$^lwebiV6qHXc=Rj0ly`PtI07UQW}iycmeTE!kGLwH)bT3N{( zt$yMwGx=f<<`OMC`H3|ManBS~eufCQxA1`%8srFnpywS8vdru}M?;}R87lQz$I>|! zg=YsQPAd?z_u_rG=?y=})Lrq+Q*BSY7gA!?W1gga4F5`;{@2r)zQWIW`cO)EoyYKf z_^)9K|3n_Bwt8(Py`+p8YJ5}RcB$*7h&6=ZO-)0{oFQadK#&Rj>mp+>(WsVz#BCz| zxHo;8Wuwl1KGwgV7F~WRc6YTeEusRIqO)sQq2JzE53mI_7CFG9$EW|0*4=-a09~&^RNtPcyv(qJ`lWHd-zpWgs&>2t0jqtZ z@a(|AQHo2`SbwImv>eqIKx1<>vBrMemezn`u1tvsCD+Q7JgyAye&`C^J}AD^;fA<+ zP>rclXH1nMQ>8jnr5Ycr%!9HGC3}XFB}%q$=Btg*R_;MHJXU9Ttcb_T_btm|D&OPr zoZVRR5ZG=|wFf*tLDJQ(q-Tev=V-ez`rGl>v!tp6NmYB2YEC3IS7y42gp-;~k+fXc z9Y{)kY1d-wNX>8h35Sl;G}GZ)xxR+e=cfe1G8I9rJm9j*`OA4S;7s3VF4y@0DJ%bv zO##`DQpL4eoD2KDn)=+WC0e$sGLPf;+3ITfc~WPGtrGO;A{9LXSo(t;Od;5 zsG~q3qgrZOsjB-8Ms6+64{JHolU`rwrc5_&Nbl}9PJ0$)U5n0ow=2l3#?|L|9?vp1 z&fT@7QhOMQFZuLYubTPIDu0T-?lcm#+R4tDu@G#Tx=vB=T$r_URNhXK2hT_4 z-F|#Z{ZV;+($$Z1Iz%}g?Ln0v_4L&GrcKyh8bYgh&5_Rh_8{xwyF5}qKCCA(HdnGO zjjf3QulnPr)$8^6vgOBeF-F_F^=Q8K^sf0wJv5$90e!IDckXp5Zg2Yj))dWr+D7;?x}3 zf7<$5%g((ZJ6hMJu>G|B+Sj_xErge}PHnVqP6GPkL_l2=0rmRmQX-(D zQPiUsMV>reGS|hLh)^}};8nf(QHVB)VO>lc-v0vk^E}@HE7~=)h9oUg-M;_M6 zWx6Eu9T#`cR&9qumjk4AIY62YSe&J^CZ*f*!}Y4bS2Mm@8ueKiSv@_s73H0W-FcFx z-ezQ)XMUp*Wz$lTRzpYG_R^Yn25?grb~{1dd#H2aRkWL2r{)0jetnmfCEztxgl#mU zNU5w+DqAU?*V5mme}B$5zCNd4pNg=q*(3|`T&x@~or~VL;j+~x}2kKYaW&@d04A8wDo{?TTf`W8-VF*7N@IeoNi<3>ha5>p1&;W zpp=xTn!79b?KV?^at-9Xy5DC%slA7tDU&r3t9!OVKf>08ms(_V_N;KFNWT%UdA{aB z)D%+TPND&IwK&LKahL_=E3-{iwyE~nCAO(Ow(TdhZC^Fat4Y-Lk`*cXJdY*ot%Ax~J$xqFW% zG*j6^oq=(P9TsRL`YUubr6J@WC>VJ@OqYO>I|ymFoERoA5a>V#FZ9@iw8Pmqgcp(-C5 zv?~&FBNFmjk!UD?f;60Rt-f5^u_ zkU@h=sX zT;qe(y^Q3x>rD=VC{l5_7Akk8Vn=NjsgMU!u}|kfx+pR@$RTKZgverEPo4veh6D9Y zBM9uQAZ%z|5`qPP9-cDZ6DB<;x60SCr()Dg( zUN0BsdNV0)>V;*d-dJW{aQmFBbE>j=c5(aMGN;@Pq%68qwh7z3O?WGLDvQOQM zT<@#1B6U(#Kgril@12v)utWR2Z07xyrxJTXIOBz0hh>iZWHNj^|Cc9vH**xtWVpOM z8GhQ~{b}(XUhRnJ9s@sX(p+`2k{?_amdv*dkhc@4;wwgC$5tJ#b84=?cbYd7~(JZ}HxX0ztHHLm#K{_V|GGx)s}t^1#^ z5~Zd1b&~MnRqh&t$8O^BliHPU&p2rqJ^i$n<-KZqi!6FGDXOnsWO=c6U9a_R?cFrg z$yBTUw8fgs*!{d0xYpx*;-Zc@Uer0=SJ^M>%;z+{gxh}g*}&oJE-#x#{^o65SBW0Y zYO;Jj)}A()jW(ETwc!g}^I1A@d2j810v)i&I&ixGwbudr#X8VWhwO4;Qt};|Ct2-Yb5~ad|Ox}koo$s>jcu|&GPNymtHo{HhN*tulRj={Z}i* zT-n8~|C?1q{dp>o)%9!2es0-=bla82lXE2J;}o)(yB831b5YFA1u@?-LyMT3*H@?m zzsmm4o9#Qv%K1{)NtVcYOD(hcCuUW>ME##2*{3s{Tgl#LVbNs$XG-=LO?6%)*?cE4 zYv-JU`6RoViuI+EEiOv7xFFf*GQ8SyJ7?Q0lFeVAAM{gpep%YaS2F)JiTrg9|KYx> zc2V)dA@sIxz7n;Bc!699S8^fT`s92rggeZI;58S5_qh&cVwjY%Po2~JiU8Aobgw)IeN9%`cI~E)}OELv=1~pBDKP70Do-1-6D%@7#qW~ zMLtBWv3+ycQ98ET%jyWrkq4~i(fE1!w)Mwy(Irl&s@<+XdoQ9^x2;yct$N3;vgfA5 zl<1tq{z?|P_mIygFO{~b+REnH#*3@s#+9i>Hm6A_+uC6|81ckIC_BH{Ts@)dHe_A5 zA?wyi@&Y!hk>n2#nwJgmx^95i{N~TJVp~nAwhtPL+5G+L$joc`VCq$KOR|$(>ocs` zg}z*42U+{&uN#Hau(&>>y9<)uR;*pEm~QGT)r;Suo((rO3&K#Z zC(*v12X&^QUx&T-o$fl)-FyI)Zl2PzRg2(SU7fAP?sZpv4tNXDL_Gwdo`KMvKCur} zWCmb|AVr?u_~iR5eD2$K9X25_)nSvIuzip^y&fv{lIN7DnqjNjXP3??Q8TFOVNK4= z&sz$9+X~HcGEGUbqGNNaQ9*EAWMoEQ=RrY3q-GK}-`A@0Jr4Wf`Xw42O30nc4W<8S zFk+JxpF7=9FUL#>Qxk-B-TP8+^(uF4@OsuyPK+nrD2ME%F^7vktSV6B( z&d2xL15I>^?_CM+-N8-=`A|=Gay>rSyS?qF5}Pm4y}ly4mldz83fI*sTCW=`MBQ0& zl;tlfgcdtl{)ai+ayOBC4&93)73`?mXPeWxWMRInM}o+5r4@v)?CVc$zS?wZsmry} z^ZeFcfsez5+ zZ#d1qgwCm`5MmeQb=bgTpp71)0Eqx?=PL`ySA=pw!J&e z-)!GL?)GSD{y{3|8J_?7BDI5t>@5ZKnseH(!-{sW)hrRayt`J)&am*zihWnIOB`(E z=bALP+=lk6>k{m~Zv6*i^SF7ku=o?(+t2K`RbMy7ztiGwp+UT77|BcT1b2{hy zD=v0)&cBe(Eq468s`V4tyBc=hpw1DNv{xh+{zIYup-}%&sH+uf*T)^lZm;&Dzl&)s z`EHO_)@jlGdRce*Dv&ml#V$7~?(nY0uB|^<#(!b=T>s-{7B{x%++{{s`;NH`k7ulr}b|t_6p6=(M)$9AC z7b}(WgV*!od4FE~d>KynsGMSU{}M#nBj*nyF2hpgGAvb=Rr%p%SgKrx zrPj-^RuL$dVaamSiY%95$%ndZUoXR2zbltv$#NN%%=ZQT_~1{(hO^sp_e_&rz5L+o ziClte;r#S_@wy%d#_M;Db!eokj^=;$(~mj&|s-KXn$X$L9M2btFEc0w7S5aobS8qiqpu?()@!e_e!L04Yp&k6%-;*mUNz}}6LKec>I zzrt26#V;vkJ)!Y__vw1yOuaB>lXjLfYe)g^_aCnm>i&%K!*n_%NUyplY9{+dpWilD zjn2EZ{`+4a&t8Ldq3ns=<ZLD0^ z#tVqx1w@o%*_+F?`s}ZKprCuJ*R8kRy@K|j?CITE<<#c>n%QRDbK)|Uq`H-%u9D>R%f!|0^hmjcSD)PLCiz4t+aX7)VnV;-IsGt@b0kR zzYv{PQZ^Ur{eP>boDqbY|7l8swkZkPrZ-PzhiKg(days#lnhd{WRNbG*o7R()sC}` zTpSGnZ+O;~FIP=2J+8-rH_tXnvb-c}@_HmVFNvD-jd3w6YHed@3dMXMZ;l?8MCkRE zU^@@Xf!gc!aBF^cP3Cre9p%c>ybW$Cyg|d|knMct_WtwL^;Y%X?3$~0U-O5$`;+(M zDe4~Fx&?QWe_PXUYxZpw#hP2KPegI|-qOAwlq0R@?RMKPHm{mq)?cQ*Ca?Q)J}bI^ zXi6O~L#MkE@7EG$hhIgLJo#(gjNdZ;KD9SXStwR^ig3b`${e+Ok~hXIPUoj^tj80p$@wFmp!@8a@$qcb#;d$r+lbeFhu=D z0(aOseYtb$S`p7i(agW}Ckb_bLhPQA3{{MV<|7$;UQV(en&D?-FUC?=Gre=6)2k*Bp@^;@cf!~AMv0H$A zSfmdPk2|m%AztV}H@DPcoaMNKhkn0eeOlKH{B1KYotOEb*||{ra6@|kLix>`+YWOr zQyaUXQfH?1G^?ZNNwaX%{VKCQU@wBlx;rC(*7iX!~y zVbkhoj(WAMS+9&4tGa)}7YFBXz@q+#bbDtY|D&36#2NP$ySh)iMIfpLAZj0f@W$&L zpbvFm_IYdekKmdtR!SEurTaw?UKT+_Sp>n4E<0vp7R#AVW!4fuj=h`P@eR4%ZXb1; z(hXB>v*~R!Z*8+KwpsVKSv=JJ?sdDnu3S9slq{W+G!=WDDW^rCPZ2WruyfMMgS*z+ zx&v$L_KB7aWt$%VzCF9bK;~ifYhT8aC~;^YcfL3>1DqYTY)`R|OE)v=uTJE8!;2N1 zUs;qcygXK01MJ!?+qA}G`@P5+ovxN~CS11)phP;wGt zqqlEoA*NW9PVWfg_@O@G-JhG%IpRI@J}>e97=HOH-sIQ@Tv(by!}Rgp)8qfjDUtal zt?ako&oMY#lhSrqgV{s92$RyOX#MTCIm3(62eu7_HR=9r%jUeYd?sM~C_KM^gYcU& z&gLIofqdLaj?YQ^deY51ziC81E@+9wwhR}WzhzF=djIYjy?iRXVh@JaXiFD&UyHeg zH79`TbbB2Bmjeo}vc-PNXLk8)srGi))c2WyTX}%8(WjThVfz`ZOCI8@rHJp}U%Q^} z6h6NDw-4dh90+^LiNR1dl>V3}YqE`5WIg{0!}iPjc`kxN<;PNJIp8_}ga>KaH7%Eg7b3~zh ze}C@dr6;Ffx1GsfRG#-8G3$IuIUb4IO0T>q=6OCeiq@&tv}Ym0+xPGP`tjEji_?F$ z=fYMR%gWN$y|x8p@jkSWSq~BI-IZ_pFxIq1dA`trOV0DkO{F^>*cLgYR8Cq0vyN$P z3zdn2x}eG%e$WFuZqLb-1Ph5s; z+2!Bw(I`hu%{k*Wzp!Bu>s%F|F_Gv|3_o$v;tb~D7cdb&!9)r`O&$#bC3StG6U^UH zTES&6*ybboH31roUc|#y0O?LzeMWTTWzjk4?G-M6X`?G`w9O`t?OU;CF1y5}mjbow&LqrAcXP^6jf7 zTbNiM_*cb%F81A*PZsxBc2qV6=D#Y1&9ckNN_N1?c?dq4mGcN(HTo14R+Ce+Xm0D< zHEQFxH#c^WeoSoA(P}?VQ%XKXKLjJ?po0>BFn9V+-N`#~$M4vU4ARM-prrv>zgrYt(EjF4$~AQ8;wdzB;y!2F^$v;?(ev}x@*>XuwUQw7|$U0+N`tL_?S`PL5nVe2<}W&eBKjPFre~#&3P6)s16{WXgGK$7n|Z z$2;P{a zoc3-C!e}QU9iCWk)JoKiMj}8T*kqYCPRP*+t{{$l93aqHFZc}}L_K+oO&SNUT+mU= zX^2S(G{Q+L#qJD9>l>rxFes%);e51`L0D4Y0sKQ#sCx0D^+sGJmI)YfYoY~;!(qXHB< zxN)R0wD|w}&Z;{r@2t47YA^~B42BJ(2R*fu4WtxWn?dq8GZz|*o;Wl!vLqPZr%^(E zZP2hGf#k^AjxLiyNifS0-yn8iM^NLW8N|dJA!h!@X@HW;5F)A`*bs%&_$H2!=Hy4+ z@|Wo`NDL>2Xi{EtEnp|6!2lN9AhL<7{FNi=Cxm$54udjGgB=(+qfHV)O40H+N;Y|+ zEVL&0gDLN_bG=dgSoO=ONpoNbMe;c~m1(F9?Nuf0tgP0iiXgY(K zfQ5SIFHdrsCg?iz@D)sY1*>o46qV*22Cw6KHLm`upLi(1!7@WvNlAJg+8SbJD5ke5G9=#rT%U|dVs*M9TY;-DE zI29NCpsdva?t*&d+?}&`4nOprQ+H0@IdSLsonv>_-%JC8$VYGCJqG2Rn+90Cfq}P- z^N|L~`EvvYSYYj}HHvAQ;=rN_(sAq6ID#w#0nct6l$)DTF^EnwOnaqZlkov8o0N(A z$X{|`54Z~@fE5-qExdCA&e18@P%*&j+F%@)dbCzd*>HhY(3ABR zmI$4Jse^$@0pko=Vq^?Rv%Rg>hvgc94{TJBuVIi=ZoRzG7IxO8X@vY5 zctA#)#0Li>W249h)vFs=IQT4r1d_abKo9&layto_YL@lF!|H*>9>eBk23Fv&A5?ln^ac1A>autCCPz(i{{Vpw2!(@YBk$EA%iSxLpiV3=`k%>Y4G9%?+H zt%C+tHqEqRfTiath%m8n5;0(mM+xHs1ICw9pvCb8ycmO*Q80*%3(lp7j3)?hcF~~4 zEQ}?*28Iv1!UqG~Feqa<1WW}_edL4y2?Aye2oMMq2-^4u+{P^ap$yabhjI+%7|JmM zi$IJ1&bvEr@4UGgCJO@#r^XZyQ3L=H6BJo7U|2EoSw~-_Ci0gPbY_Y$rD_UO6fkYV z;<5KS%nXtk6CVP^$vU9x0BSMC0E-?mGQrIZ5)1?GgM^9$qZmCxIF%nJ9^hMm!!v{6 z*#)0qVy7{vnBsTu1kr{rW_a#A{D`&CPYb+?z5s*-0BD#G5QaPPVUcurS?++O z5-b-+-bI2`3_j2SA7&&B>5Lv^(KDzYY%D}n0-h=kY+*GF^sq>}&=Nyz;SsE5FtM-- zS_jRN1(3>66SQ8^%J2jj7UkrjS`mt%39z^k>^D&RNoIy&JUPabA6R4OpcrT^Vuql@ z1jGwmHw0J@cpHa?pDdMWmSt$bs%a;nR?SvuO;h&&43`!2)u5^3-t1ArkVj9wujGFp_qrMz{!Z3s>|Q zzAvT0Lq4HQaRMK`3Wb^p4Dc~QCeU)&Jwtt&GzQKpnCgWZf(Q?t(i6g*#1Z$Q+X{je z3ARkxV^U8eU?^+>n`DHuWN3p$Fo{SDmJ%!(mY$jfTMKhHqP7INqF4xiALt*5-V3)- z^B%Nesd*Mx%gCJ*lY^T$3slWgLhysXcfM@tW3wW?l1FA#N1h~Q= zih3}BkSR?9u^O0&Uu6`aHi%6KjawrHw9F7N860F7#;mjraDRld4kW9igdr8o1H*?2 zfMi1A!6pjp0~ZioVC4(IDz>PHVudw5PHDk zz|L}yR%#BbUsU%6sxpE=aDZyUxW_a^xYR@}iWtUe(MbiUB0UTNqD&KD2x-D(K%frB zj~ZGvEInWHe3|Z)Ccn}D6B1$fj3h~BxaZT1I zIbkO64g56hJPb5Cu}}l#4CL~GAmpeA7e)j`)>?&F1Sq4}iF@v%nGPSLOmC1;H;Q7c0!jXwL5LvNa5D%H zXqX^p4jN>E9E#k#K}l}Wc0YLpZhC~6K?e-X3iL}ANrh<|g%UI=hmd(RAC!nb2$XmB~4;DV?nKN0)iw+OB^TC0PYCbe>sJvrxQX) z1EGhk0&#~)7(k{#A;B#*O zras1de6oQjyoIfeHFg%=dhxRA8cm6{F~F_4xL;fn$W0Xc}D9TBl$ zG-PR88YYuxiKB&MfzPuMP#7X-;C^Pb0&2#=j*e;qZUoXn5Gn=)+!8PkK?tImT+FRT zm_WC-=Z!Fd?j0kHkOnHsbwn8AN9Q2Wh{G@j0x%OAR8;o`su}^Jywrml1E2|lY+z)g zI6RF5v|NOSCg*(!npS8u3&4MxOG zQ85%cXyEqb?2soP$UDx(I6(vr*UxB%nZYjr9gXOigmNQLiqk?3gYFR9Ou-{C9H2=& zAsmthVLPpn7iutm+;a|lX^a}+r@aB9h7Wfz1cw5Q73qKA?%r4q*%nwFpd|12jd;Z^9E) zf}#kSd}L-)3pIhr8g?F%2k`BI`_(9@u}%P)2y4nHOd>j(AR9+3p-Jeq!6(cN5N@x1 z8HJ<~3PS22@B&JnfWctoE%+h9?XSZ(fFx3FfN*pdh|4e_H|YT+APh0DRTDK1>j7Y` zC1B`~AS;}74{R9`14GgmYOvyfC_p#>Ab|G}0|V^lAPMkbgDIon%>?<<@NFR?N}!o% z_}393cM!mbrKe=Xyby>A2E^AMK|BICVGy4f_=?#?S(sD{m9o%G1Ji3@dJRmkArdgX z1~A;nvnofcQYl$53%(jrns+cFJn509)6Hz+NNc~a8V3yJU=TqA(Z7f$Xc#|bjiI43 zMHe}wFwm66q@7kM4~q)dpG+j-Q+nYIqI9xe0Kf>3Mvibz0HG*a!XHP34Mi6tY`;y%hV-#Vcs)nQve%+8m*&gC;%#j_!mAhlTha! z1b@g7c?0w`#>rN2m%b)29sA*H#d8{iX*2+2w7 zrV)%v35H>$RXW%gc+Q0y1QlTn+!2BrgmeJ225!lYX!A&c<3bIt*u$K#prc2;6`{RK z2s=btBT;!hji?DkVm>Aha66FhARyFK7^V+y$;O46#DL-%oQt(y83cQ%&rA?p_#!jA z7NQ0%h%)5)K7iTLXm~TkBfta`hTAXHCTGdzBfd+JJeMF&fSwL^RRCUxaiOLW(E+$X zS_e1l!HO;AEaS_t5!2rQLx^WGs8K(L1JACWDC71RI`2xcPu`MhFD+QV`( zfZ&K73?c}4Dwx?sQ}+Pk#lGDLt@tzmk`GWk<;IDmzzO*4k=Bum4YQQ7f{{l+oRZ8A zmY^C!xDlq0i?3vL1j2M>JRgCb`GoMBrX*qafqNGeZSC2C46yOE+6K&=;Gq%0k9h&z zAqE6Sn;YcLlOUuyI>c9QaB%eSyD-Ruu#8bMM|N;1=4ruofSspkEx5^sNQqB~(4B|0L_V*W7&BLg{Z+f zAfQL&37`tg1?VGazIYrHvs01_wZH&YXk>x>Xki}K%Y-okEh3OdL|mw8M5Y4m*02kj zpkH#ZEdax?m~!^fpa$fFU>)Hfs)7f?`04?WzzYin2}~^1ghwn-vrlL}G6 z0m3L0YJiw95r`6LF#^GorOAU~6iVqax_Jc-)BxMjEFFN107$%rd-QOZ00YqJWgd@4 z!H*#UHb74yqm*_AvD5P!3K&rMhKP$MQ7M~+l2{Z#owR%qit-yKTiWJEMQ|GS56no2 z7!YT|JgX$&tdwP6g>RA4QfWd{0frM4U>-JZf_Re(pgp*-K$FSP30d8s`vb;fSzSR5%nMO2Vq6HN*c_yJ;B)Sy8AqWmdYrn9X z(Z*3E1ke^Dg7D8U4jl||rO-3fyYNPUbJiw6W5nvP%OfRqz$1iYNe2DG8=z#$YjMsf z2svD@7$^r5!XiB7tS;0TfPO$|#ek5(TAJUX8979$G8$Lygs@S-FOP^Xly$)V@Vp`p z!2-oZvxpvK3YY@e5JnCIib#~wtN<|}?SLhIUL+#zQM4N7Y*ZlvdI26GHh`072(Mv| zO528@A(lbV5*Gj{0%`~XVU9^i;n?_9td67AZH?H{(F&NR6d+myLeMhMT14)tJ3rkr z(bPQD)T5u?TNV@4OGXQzGywNxA$Q{Zj7>!B2oF90NeYvbUZny%4P_wMIZAc%hTb#E zdYqhrt3t?aM^3Q=gVxG<8O@2Cm>jLU2C$N{tA+`HcOn-8ycpTMI00%vTb|;M2*X2Z zm+);4RFsPog0Fd!7Sw>Jl$!)(VT7Xxe;DTg|C|x#iu2kJsCi0qg~4_BAt^CL&}IQd zY9qkqG_Tfx8hpv9#!$6Jrat-~nzmEUpB~hbkpWIpmNbOQG9hI4IC{!a&7< zv8Q-UTfw4%*4`wg=^!ZPrA%?H%r{wIYH0AdDb3b`{T2+HtBpyd#_6$wQ= zBa)zbeFQeJ;|L-w^xqN?PprthHkPvd!7vsPBoB~j8)0e@&H@*vBJZ@IJ@N>MuK_a9 zPx$3TD;)sNv^Qv>mIy|{vKuvlF4~=F;ezCKqP+|9t5}_3B$R`()d&#`ZIT)$O0Om~ zi#lia>azpMBP9a>X2HNmj3oI{FaU;Pq~j;%cAN9FcOG#CoYi1}reUuJN?d@hNH-0X z44p~X8>pHJN-4^^U=7$eMVZZUTxQ5X4RC-D2KE3( z2=0zad=&$t%fRwd%|b2DWWm-VxJTTBpl=8?sS({Up!-rR)C9p~3B!UvECv^bBvN7{ z0&Fy4_V}PSKnO5yus8t7LD7N+?bMQ#f&Mlt!a{1h5be|AVM;%Io=Ip$0oJpbrcX0_un+MeksxM$K%7#0xb?F(lIzDIvU@ zhb{$@c}FQ?rETyOlOl@^Ifk7_Fpu%XxBa@iVuo{Aauk)%`Bu80g8q7TBt#6TmWMQTCJc%l0%39nkbk6R4LRHX8>6W z$^i@s|CQkL6cFFUDe2Rep2G4nGf@ivpx87*ce#WqpsfWHY~QT7Uk9 ztdVrPsi#FvN&)g!Yrk}22x35+ffBh(Xro4C4y|B#ZU9hh(QF^U8`#s}5!twjLPyvs z#`09T)P_HcqKqV(_|k}^AYMhLfFgKAC=m2SWn)m3Cqv*G!T?KNI2{Qo z!cZlx3?Mu~pOn#cj8SU2P)m4$adZTHC?Q)r=>TUPZQwybsfzXhPi7zC5lRdYI+)z( zt)jIU38T1Bvj7q>-wEJ{Q=S7Df(X%$uvLhL=WLr7w>k()C4vgL2@gd@$f+i+G_(^E zI*FV|dVXgV_^oMOIzk)~wp-d91J7(@PSj3hdC%{RB7a3G?+9$bYhWOmh9H0^VR)0A z)%;REKf1f*wLfs?)MKd_GY0lxl$(U;?zK$#abcF+^!b5Z+oQMb8@=L4mcR zyn3NApbQEvB4w~3>QR19SGcfl6e;fo(Ex2D9f3R$xhGoGwKnAZ`77o%Y1?U}IRnV0 zWt!7kw4voNME7FeICg1X6Fek;DiM|@Mr-8crx-JgX6>c4SH#_XVCeV2jCBauX*wwk z2__=I%Sk`^YvOLSU@{Dr6h=8x`~qT>rWl(y~@P0S=XVV@Ah z&51V`a3KTN07-y|t);n?kwMOABO1YO<#R_oc;O+T&fko{0%)%AdI)6Q5C8}5v{S{xa4`=B=VbVt==-Z^%O0bgLC8zq zkQZsQ8DOi9v@+h89s(GQa4-V+f;xf+n(?4nRA9rzNcmx}@eiWredZ2AQ85BUk-c_^ z@&~ZrdnphEMTD3`{zT%R=su&2Ap#OSPIMXv)Dllfq-lqQ&rzdb>h!ab2j*xG+@v&& zB%>^iI1%v2sO0qYz0ZKVxzv%diMga5?Vf@QMzCrm1pq#O=JC(rpT$4=8>7Pv<>WhP z?MVAA6-UHP8^0kbaNabQA|IjA*Txi+351!6XdEDtkDhkm3fe>`b5IX3Dd6b^)Ly_# z=dIhPt(Fr&u%N_c+9=4Nz@9eCCl$CBdF+I^h7ct@Sj4_rIlD1|RvgeK12{s*TyO{&z&d(JX*^j@079-O2#`kx6-2;Zs}Q3? zlVR`%Xpo)ZrJ$on1U}72mx!CZvwH+|L5xGQK_g-(O#7=WS?SR z%s!C#9QM(ww4ebf!*Y`~e=$#_cvmz`+aJEBDZNj>Drr7RVi{(+$y4AnFyV5o98GzB}1 zh!h!Iqjq2;qoEwezyb!B7l}CdJfUN79S~i31rEpnyE%*qTH}Q1CNC^!X*l>CzJFA} ziFubIyacVaaN0yi=LoUN#lz15uP{Iw;*3Giv^EBDPB6EW`<`(PLJj=Gr-1T^Lh(61 z)zl)eQPb&2V53$yG#TUpd#4ERF(DwOBS-@6C7h;V9EZY(D@Z{c2p0%DrzFDa4mA0K zKGK0JX+c}U+N-Du08iSCLZ?FkLP`q$eewgEHBgc>HO#TA$&KJQL#PBN=_&k*4)8#X z2`v0?S^#0#gUH*A{FQ` zB_R9cSeV_m^`B3EurxJ1IBPuN-vrc0^A@!62%&H`K92sOIAA%#2K)nA$4?l+DC`YB z0O$t~qdKrWrG@AP9$PFPmS4qF9r8}s2?6Ld!1r4^0LwYbMe}G1DYz8Z4UdEcK|shx zh_I8i8cxAeNQOZmS)MP1-Rj)5@bnL#0|X0zU;z*e4Z=TE<4}!5S$AFa08SI7@zOL; zkhJ8ihe7d)4T$J`KB7s|kz!w|`snR|?}8W-O_C#$fnRh4ofIPNyuCt_Q~XNR13K$b z8=8HkU9nT5Rbye(=rNR2HfECi@mH#zCk{h~KqAqKyr7Iu1VsoSC0>XykG=bPy+`;3 zeBo(_X--~|9=0?9%+g_d0~s0#lqwk=6G!L7`LEWLLGYgVf` zFL6jjD8ENjIBm(L|6@T7mJ+lhZM2ETutY+Uo1%V~rch3uN4zN!qfrRtB5e+)Scmcz z@>VU$=%4C5@cwGU%2A%&wkw|F*-evLO+*a zDhzEOfI&}`GKybQZjxA<^>v%Vfkol!>1?;)X`&U8pQOD*lXC_!=pQ8FsJSuxcWF>S z(CyN|A*BY$PC8Fnpoll&JfUC_4f0Ea)bG-udEy3!MMpEy2`Yry^)SNIX*y44X%M7F z$lt9|04=mvN2i=mG*Tj5q+_l;EEqE%F&dPv;!r4cmPRHGbfUc1x1uG z+J;N)cWac336UlN62)oH-AE_PAY!7G6`*~yHVT#hUX4OH1vw5ARE!}KrW2+nHw|eB z`S2_K2Pq)jfO5Ylrx@)Wc8W_nSpp+Q8+U-PDfe2UT{1%ncVkJ^#HdBiRB-_zj0X&0 zlq64^adR<*upE)#Ai~HIRzy1j5ls%_3iKL)EVF%+?1qg|t1uu!NCTbaHEKjvl&+*X zV%fZ`E+vNoBIKi!7!gm<2~|#M&c;!iz?1ZOub8A`T^#~LMw|Z;rzZzJ5Q?UrFz5^l zo6(SzH;yZqU2X}uIv0m=h%p5OVVp;Vq_#|CAY7G*{SoAO+TjK%qTNMc5C#v8(SDSa z9+au-8%?>obgF=+4Kap}%R?^$f@j*OlGrkXF6mTRX>I@xWkC2jjdVhz3Jip;G?CLJ z!L+oM=D`gu93fs{k@Cl&QcA)0zyNVB=M$6~s)+G1&X!UEAxEI6C^kkgM~gl(XV?-| z%Ew3|2|CMTke>EYjS+um94(nCQ?O*tq`R3EP<5D3jhMg%7blC+9Rn@Gi&Wa0Cm1-b z1~Aa{d{jZwBEE#T6)JBDX=i&7IN&p%YY;TegAqVjo=}MadYi_?6)Zm_A|Ei?&hoUM zj+7fdqHYHPvJ;mPLo23WSb&|LrwNKk>kci3Y7rqbm7wnk$0F@f$$2`KQRWn}SF0S|$|;C>TNoQBo*H;;&$P6of#*9w~m~X&0_h zFjp)LXr38}*)%Io+l8`>OPcWbEaIHfOoLHT(v~ix;Ymacky%6+N#>a(Ni!;+Mchd> zn1K#R7L;-heWr~_ZX}05Ctqda@-vBBI!A?eSwsEDsA#w07=q^%=nEdR)*1STPYpgb z_!Jgd!XispWC@EbVUZ;)veeWNeG}jgI73jW5bneH0K(FNk1C&iDTf?SSo#N&79=f5 zT9C9LNl7GB1E?A|Q#AI5_9QBfh(vIJ%s_ebF+y7mW%5ngl1PhBXewoytdo`w;h|Hk z8Ldot;qaRlTJ409U@9)c32y_-j(?~P-Ue22?xO<o1&|7@eL>r?DhE1;&QRqt+tkY!}2P_y2TIaCy(#W+<=L9@NW3$GT=}EC5qAU=NkW11|W*j zbNVmO00jI1v(QA3CK5gO`Azn8EE9>|81i|Mv>rRq0mVrtrSmQg#m%?XBX<1kJ%3n2-0w_sE zI)ojdRVLVJI;6!Tih=hTXZ4fcRFlW(5L*O_K1l6=eJl^24v-KG7@5Gn0*q3CQA(nz z0!*MM>`=L%7oLf8mzN;yPh7YY~*-M|LH1pNQtro88g z{MYA_CqT_v0-i9z(q2i*h;)>>87V(Tej#~Er1ikBgP>fM5CUax!_5zTLbviPl%jho z=%NaRPk}QPaHayDR+27@Am*V8NllQa6FCqMi^w}gHUXd8$t1eO0cvUyiDnQ(?(uV5 zPb(`S(wZM#ut8h54EW=NqiYOAzEVV4_u1qF&_o7(&5)xO||1|Y;y!>*f-g9AtyNrI`c=bP@O!6T)XsQ{E=M(4JNiFhq z0n`OVR^N0tjMD-A$oI&N105-4nX|ynEW#`JP`kmu`L6JYa2d+1MmpTm(XlRqc~4h8 zPM)Q?EApG}f>U}NdC+-*fArpP5ontpZAc1gn3gVl>mw1l8R=$&G&nX!XDJnYr28O^ z0X)hnQgb)HeWCJE#YuRONp$v)2^{#y;tiL1;eJU4r$s514}=ebuIUiL2osos*y%XX zaU8(1Cc73|RdyCJh8!`<7+}PBjE+$o0cZrG4VU+`Dvw6d+#<~-dNj(TQI0M?MNJNk zcV@pM4*zxZUwrHEt;4sD-Oy>lW=Iz8r-SP0%>N`YDrTVFk~u=q;JxPbUyXkX|0Mp= zrK=qO*qvq`{~Z3I9L7Oo95lv3Gn8W}$LMxex}Fuy1n(8`-cwiTNOC&sJ}A2JfNR=I z<4v>%T$FTe7+HKR=pRU;7h2GDuONxx&=?L)87-2U=V+G@qyixt<8hpVZww4Z00U0V`c#5B#BzgNU%0xDq$+=_Lz$GU%TPQiL|#%ewX4} zuL zQxdMFnZhNJ&guPQ!+Y^it|gkh=%lX@jdGfBx|+4S1CRvrb~iRPCE2Ge5gCcls(Ve> z4k+r&;<}xZ-tI=oca7#c(=%Jv+0h3{MtPH9$>lxF7T@j$DI)Kq!cJ7@k{FXtt^|;! zJCL7aqrE?F5WOcQ0yAZGCDy40Uq$@??aa#}ok0Zec7q(A9m&AbU1_x3siyONv zisp1>IH)~wrQMR??Gd&#@hl_|faF_-8%?BB!t2KqSFSt$+uWfu$TqZuRG-uE0nl1h zCyc&*IrW>}q5h=w1XhP7-GPt=8BcQI0Jw91x)Z+59V6b`s=c(eC4epVHDKD842>-TNO+fOi;t;f|=qUN5X=I=ht#_>O6m1mIj7)L|0!w zXeqv4wy75f5weL7w~DKf=-{b@lQ=gn*B0>nr^`exBN~hq6yhx{YvYtKPZ1|o{@Ba? z^)kKEvUYhn#6Kd!#m4aNF{QZD{a*9S17G`_Bgri~2U@pN9ht;UX` z)YVQWap}A$fIiL!)X`c#h$Xq{MXMD1cpyQD>TbX@=Q-TNPSEv(!gd-JWVx&wpk}uQ z{rJK5pi{kppHB#Qx+p2M6jlVnQLA6 zr#FtuQ8?tFOr*yQl4>la2O^qdIG#4N>Otz`ZH_@aIeKvxi4- zNxIt=L|-H}5JVZ>_;peiw?00b>F2wO`hRm1v$}WelfX8%9~5&`lxaMtcI4pBq-i5f zGwV1oqf|~91q^WLZyroq@}$h(8F&S!6tA3UA+;T<@+kGQ4SvI9AeMTk4|G!AY|@Em zd{ZpAQ2DQTy{vy}l5;t94kiUg?oyRC$CZTeGt8LpOQ)TRjd@bH&(ZlCUi#fZVV(3I zv)@JZgZ%R`!YFmm?FP&CTP8JeO?6HFc?FhH;~FJ5L5?_! z`Gk2!xFyA1OoK%YEJ`uP!Fga&1B?ESTiqrpopzH3x{nUD6v^(=M62hi6KY?#Regh7 zIOG>OIz(o+lh)OU#IM@Op*vr)KKr^8=^NZyQ5)^_hCPp+dLrAoJgI4@s2G9nhmSW# z(aCt>;O7j!k%s50k^-8d*0iz7=TdVMJLRRsF{NI4V>$qHK1xK1NZ|dD@*^od1j(2u z1(b6y(Sd`e9pSwL_{cfs00eru@HdIYXrxh|?0Am`QVq+|>*Wd465Xw9i&pIn#GdkA;zD*V4;SK-SMQOCZ`_^yQz&UgmW}aR zdAi;S@)taac1B$f2sdkwX%S={QjBib%`=Ar>ZJY?K1r9L(6moX9s{aP%r)Xt5`89R zz)oa@ASTNd+m+;LhvvCmR~TsJm3YdN4(l?O`wV7EJ4(DUoWx@$P)Kt9ewMIOf4aOv165-Adjp#ukW7MQij1(tSjf@>_^b9A9zUy9s ze^denV7L16vp)TlLW?+H=povAxuIX;-47}r?+c26x7P5rg{Qwjb8v(FWgOEPmlBr7 zo%FouBYoJw)Ucj$p*?*SiTS!QKOKNuH=jK*$<31CIfs@&rX#c41 z9Dg(k*7W;+s*u5p@@Ub|kt1+0|7X(1Lg_t#ki7S}-kw{XPoPupJm6B$TLG~Z&t>4r z0){GJr~-zfe&Db>q<=K+o1e_$Al0a%Dw7#N-rOL>v;DbVku$+hn8TFz{>uchws?Db zm(Lc5?A2#yKoB74iw)kAaM6uU2jMUtN@f81ZItn_Luuudq9H)c@V7QiCB}bZ6r274 literal 26242 zcmV(`K-0e;iwFP!00000|LnbMk6by9DEK{oMSZK?YYZTgdM?V1>#cR(NT8<&*gFVZ z>=#4N?wod|UCwk*_x$<=b&hl%aZW^JIo-3EZ3DJX=s`&oNl_#v{cr#6ho?XJ&-v+x zzvM4Z51$_Yk0108|LuQ2__zL-KmREFUmo(m|0qu4B<>FWcW?d2{P?3dLFAv~FaP!N z;S;CgiTsEZEt>|Rahp69FpC@%P zs}y}QckldLu5-Tyqe5N|_UUVQ{^H~Fhd<}Pap&yGoj^RS0NWFY2@i|WaPa~7IrJ02 z3GiXvWd2xAfZOo=r{_QAFPvRrzMBoBO-w5S6;dttZiz{Np-j#D{d$Z;wOZf|sTazg zfVM|Mmq$X=WIufkPx-lJP2E4_Up_zo?L#H>gMWL1?HM21!&TzY3|3SvMmB=^{e!>r zAD{9-n{P*s8H$eI9Tzi}8vD4JRqOIU2mkQ+7ysqKSG0>?`6qwewU2oLJi$Ht zx8y2wvLg))qjqCM;$-jJ$K9dam%GEy)7Zrc{HM>;uUU@&`uHXL_$MDe@~?mW`uSrP z{?q6C@^04CPoH_H1B@Z*@Z9E1v^f)JbA~6J4F%eqL7Ou;{NWGtUg{Iw&3?W6*?<1@ z^c+7uribT;PmdoyJx0!uV>eG`hRceYsWEC3VD9HFm=oRI`!D(F)5pJ5Pz`;O8DmCa z>h5amZr-{ZB;i@}?tTx7fBf5rj~&*1D}VRSfBuqt`Lm(}VA@EV4Pxll{W+we{JL1L zJxmJ??C_&H!S5UMUYuujl{cpvP}5{(zJW1MC)xN-Hhz;U%5cnz)30}PHrm9mIRT!4 zSMj>o(EC{j^*A|G4*+(i$(%sc+@aF|=hMSQ-Zin+r(#KVAWoVk{Yg)0_U_#bk7c`m z1Ip$UYvwIfc;hV2C*{10Y7YN?0x?XGzT1@8s!h5YCH9Z%guic$jE#};1d}+RMkaJd zCbLNwebS*#I$WRh=Nl%yiLeDaS5q;d5ax-u%s-s~e&1PcmkjV5$Y8e@v^%b$;(Snz zt-qOQ$5fZ{yYsB80Kf0W z&e>d_T;uZb0|sq+My_(Pwy4&sVx-S-X>OQu&GJiajX_OqK%e#6mDf2oIXxmII? z2R5`0wW*2dIgy$zbSfB7?O z%G0{_{>ztJ33y*uc{|Y6_F`XKWGQsMWLy&ES1HI$vs?8c9QC1#n#V9)z`ccWMK{=0 zB-~JuZq{Je>(e=;NrTmA8ti;&T5Fs$9Tjd_e9mUEYLXMoTh!03dA?EC#P6tUUQjY- z!~34v=xvI{T-jXM2AC^Z2W12hE3HeR)M%-HttW%iiQ{YHmgX#ap)?H~Aeuz##~!wV|tnlCiX_uOO&Tl*bq zOAfKga&C2$O{&Qz)#TYKh7)JO>7;%gHEea)K32rWCd;p1zU0T}lewEG^LpmX!=wLL z>8hox9hS6P+V&2Bw^Ng|jEOe?eadf>89sga^6B4m`tg@P*Ug)%w(N&=mLc~tXfFf( z!{eXwmxr1;lsTC=Tf}HyW!7QrqvIN*rhik}nPggaN4??zHc|JQ4eX9WzEWp@1DwX8 zpzfN0fhkcg5_ft}FYDxf@!l+L^#vD+Zx@U(apYVk+nFVQlZD*fHq+vc*03qWpb0T( zCOw#GSqpLY+@uRN=|Y=s5^8P|I_cjieg=Uu^Ef<|cN;?;6TsG8O#k(60~VKXqYrRf zqMg8=z|{?r>AeKor_Ihx#^(}i#{0XZrZ*%AT`E!)we_}U(bfi#c{bNR=co&UYTRn* zyUlUEWl22ft6M1UleIrp2*tlWAzq#dgcBmq1WxpV&}IVR%1oT;gD;Tiw@LpI6{7~- zdG<`64K9a472C?&QHJd8>l{{*G}=A%AP84l&I_S6GtO_QBqy(97rt8x@_akFrA+%UoZ7X_=-OUXe)HyJM%(drdYzvsgBABhid|TqyM3^)1|V(%aL0cZ{SH1v z9~Vj9bLwGo_Qy%~`nUeg8$Z-~dU*Wf$Nc>1@l?~t!hV`X@%~@t z2?=j~{N?k9kDva?%1{+j?|=R3KMsK$;skfgBEw|;K0iJESZ%aZ4%Us{|M-%9Mfubqr+Ki;(&jvg1%g}EgmE`M4riSULzGqT(XSj(^jvet(5x{k><`O& zG#KuN&elq~RjOG%lx$W<4GPUv=VNcEW^FcPSjAg)@MB)&p4Ss6aI8RV*K4^oc;>fN zV+vc;^ndk#+pAaeY7E!1v4PHJReq|Zc7Ic;8+!25TTZ*)sDJ+S;o#T>ntcMp_4==GE?z0}AvmTza9&WH6USvJ|jjV^if%R~o^crc2zxS=voA>E%^cgKEO}yw0>3Z6K}{ z|EaD+*9u%|^QXG{TmrJO@Vu<})gGKLH@C~U-C4ZAclaCm4iKJnbktE_Ri z!uG6=m<5}^p!k}hFKCUhSh}`VvaR**ni_Yp&Yr?@Ug@#|*UJBHUwc~?xz_OS_Vu<| zk=vBEOBHVD#}#$$k`4pEMTddkpu;S;4>zyH;msYaNHO`s=$4;fb2{-!r!p#!rvn4@msV% zyGIeL%ncH)b9yc~Ikg@JT*=eH^)^f8q-_xUW$!jb&42h$_p7A8t&{%7rPkblCt7m> zhugkeGw^Uoch<$Nn%kw$`pbBg;w0e=+ckC7cojt_39D4M1L8v2^Nyex@<0ny)}0`%`WryW@fAA zGH+*2_K>vB-kzC_X4eb)*34`Y!YpTVPIh{_%G{foP1G*(cIISnO4r$2Qg3S|+{W|S zdbzD8O~v-~wWZB^3sozt_J+_Qw=7nZwuiqi#o(T|&Q||aZ#ekl^Pk#TXlUBqUq1Zv zyZ==e(kbu==TS(!L_9rz`5K?Ue(@haEJ_XVaj(E#_uAqKIBWvmt$Tu7J*lVJIr&R2 zAD-&P1Z>rRcue`PjDd&vwV}u!XP@@i7jr+|TzAu8~I5v})4qVAM zMx2KubnLv_h+?>2{jRNnt>4?U1KYH-C^7`?G^$@sdJ7%u*$Xb9ITz3#7f>53?G>0$ z_Ag(b$GPDD`%coW)8 zD|n3%=rSSDy#503a)o!fO)`9G&J85P#kNRhNMDmoy_x5yliuu@8c9ZX9FDO@9C_3} zJa=|pZHkGCRc-QbPG$>y547S-VE#ML)`Q~6Q|t$zQJud`+a%y zW(up?Y~(@=);Q4i5!%PC;aM$~3jFhjpFe(jhE zBA<;w)*-NOF`slrX9HxM)+pc;==H#6S+lYAujwX)r6M-Q70YF!Y;C*_oOzJmNXVZ) zKV0O(YlRn7zd-4{@KuyHdbrNB<((zVvlJW@?NJK#yD{1aF6GiJoOZ}JcPl*2Z|drEBDN-F2!riY;Mx?p zHU)06gIS-i_~q+!Gl8D){jb|+4=T~z9sJkF$NW@fQj1@*PDB4`>friMyK%qD z&P9e)p()5u-Ux1;nz|fcA^7XN9pC>jMiG>eM4mh6)vGqDq zk*!J+pICsHReC(`eDGv4<; zwQp?`Zr<0OdfRuMNVXh(H{Jl-24lx2C)l>uwVQz1a`sa%D#fya35J`M8S2jRs&z-4 z!5^GQttB_N(KQknt^_4H|M~tlq_R&}?IV@RR99;L>4bV~?5HbJQMEB+vqhm=Ar;No z^@SF7D#<}otE3Nl(yvIw=Q{b zVadbqz2sqE@^F@Rb;-l6C68s%Ku>19>dmrd3t#{0hA3Q`n`%Tt&7LQ!*2e3=8O>Si zi4W~#Zp7%s6Z}*AjE8}Yec|wlkrJO84f`@OM9rS)x29L>?R7#NNSAuSK_wV?flV~1 zhR>%4K`nT5gfQ^tMfng$IL!1tX(kyMwmD%HwiEkK;0H-NNsOm1EjBRedlOrj^!{nW zYDXo^xcUhuWWp#9h7xmh!kIMiVM`QreEM)AG2#Il3|EC zgMZ`yyD$Eqcm?Xco_fid95=(ApB1O#L1_iI+*jy2VX%3HLafyPJl{_yt`iPxFM8Xj^6;QXcFYKYad@ ze|dPyH_3)o1KU!9`@bl+9MfVn3*>zZS5)Ql-D0ZO$dm66g>Ot4uy@PivOV1OI`gvO zt`}#2$Q(!U@cg$Q{`9xce2@Lp!_$9C@9tklK(})cx3@(quQTl@qHFVhzh)}#RUdfU z1WfXcw`V&7jssn0opl#F%kHRofx8pc-Ndx_TlchYD2B!)o+M3;N!o8r67S7u-k5}q z0ndQTlbnevc|lZ37FBW~s^n~qmHH&j43fD3$uK0d?B=`Gnl0@~&TuR*;8-$_rCau_ zZc||k$3u)`i$oBco2o6v;{}v1Hz~a?SZdg9&xHPZ{?$OKa)(mo7NzPlO0A9Qg(2ar zCEX~k7PdQ-QZvm|Y?`SdXK8R)V45u*c23u~VEVF2z>lT~M&%BcWsPF4#()cBAF$l* z0Yn}D`=Ws5M{D9%F0O^$vYDQ4rxJ6t%4WxL+i11D{9x4CKx@?_ZpY}-!s2f+udGIV zlZB-t^tzE{4gNdWSr$mW!PMesc9ytdWSKTIm*WDi%>`RMac3@QpnY7f;M4Yt2D-*h zaNQ<{eHM7jD94s2sPcZLBhMwyPg6O)1U+S_S($~|kn`?Wi}passuvyjZj+Ej-&bG4 zdANw!Fbvl)OKs^$Fh7=o;N)E z3A10YD!R(6tu8K(-Rq;g;$vJrjj#tsU2|0q_gu~MXXiXlHQ3^I9KWRM-G0;fZZP8|#Kp%q}(GNc(=SlS-zjH*uDo;LawYb#_Khvuo(j zd*55xclPtwKaXGAT(^2z?;6+171s?xK;Ik)sCpovnv$*s0;;V*z}=9!a{?DD z0*6lEFi%@~v(5;73oTZ*J{786imckD$b4zwK%G4(-Lwz8WCfVS_{ufvDlv+FBkY`%Hxd_jB6eb1e(ShdDVVlLaoQfnX;+f2Un$(AA@&F? z>LF1*b{F9+Qh{R)Xz=bYqo3qf;zE>B55!uet+XFBJ>aDmS>30KwiQ{P#hay1aS%O( z6z$n=K;BFav`G#Fp?qhw$&NNTPrHUTxrMgvfVOqk40%0>x<4F3xQz1{qu!R0)IC1# zb>Pg-M1e0)vr|dsX)-aipq_dDBD+b->U?_g|8zndr$bLeYO}`KsfB8=7-IJx&R|UN zV|R1K*~1=V!8kMdocr10)Zq}L*tUzV`&q-`eEpbrsb#P=)2%N&zX0Uih850BFAbHG z71YgU2Nu%I%tz5Xhjlq zD@n{CzknLfv9^q9`TsOE$bD*%XU^IsHOM`$25u0-Cc6yEBjNjNaQ;Cb|DccC;OwtG z@6H#jD@0XiTJ~@NIpJu^nURsaL`G{^SLkObeum&>+|P<|7$Gm9m=oc*l1gpyL~2PR zweM;bgMf`Hc736=NfjGxGg1ZZP{lT!9qQtp!A=apd_-tRfAX-wm|>vj%n0G^wfal2 zt`R~lzEoA$gdo<0fc8a%fcBdSfm=KgtO$YozEmOWHf|sU*b78(TNAhy+A!K4+%_TX zz}X1r8I5K3b>kjhDoASR!gm%Si^zw4;c;n;b5(4tb~t|rfe|(Z1}EPrDwcL=(d=ZR znaNguuC3$e&`yre3l1Le!Ca);$Mod;+GW$<%X%1}`J4AkpGNx~@Y_KBYiZ-N%`|75 zWzH@Qg|68NT{9Cd&NQFDh&-ME9S)50>x_G5$+5`dY%_a%=I5D5*UutRMBt>y&3VD9@}Y z&veS`=cm!EDTZ%c81K?u6U{7ZMmPPdpV*`2kvxL7{h23HYvXm`tk3&3Y<&38mzcAp z{n_s#9TyGT-JO)ZUlbMxLM z+VmT+FVki{UwKZkSBNuQ8MPm6LUZCiWTGi@=bjUDgdMrw^UkZrU2p26-M?0&b;_w`$|cq{!Z27Lot`G+NC z`-j^Jn@^f9#K^agZ?G_I|~%iP0F7W^d@P3NC)BBinTZItlpO>PQ$>~pRp8bY=Y>uk zz3J0ZZy~eWr?l&tA-`BmYXY@B5z>?9FfD zf$L{${|oSd+2?`t^RG)DFyG7rOLNE;`LhhVMERRCYBYDN>mIFt5d1#~{=X8zf3E-l zRo@Jo5oCQt>^6eb^|1Wh`K89gvopRhmpy*p-u}%DF*J7d=>N)VsD2v@RCfKIv|oF6 zBD?l9p4}rkT&GaU+`a;t>#Jn0uaNnM7#hi3zrTSU;3oM$9JXIjR*jdsjk2)DEzOY) zFN~^sjrLza+2!DcRO4)dovhfOKUyAUW zm)p48W~6L*e|gf+(fMs*8{bL%vl03G3jW=5Rdc7}l}qSNKYWF~1inHngl(}9c1pP% z3t@L-A)v=Xz%mwsS}cTWu@LICI>_Xj>)AEWvm4RodK`egAr3(HH~`(_0Q4#jK=e2O z(c=KbDh@zRaR6cp1Q0b6VD2*~Xh$sx?)ul#_dDFSKU~VRJZxJ%tY?WhIA7cOMbiCi zN?V=4rFL3~OfRxJEkxEoJv{#LV}AbhINYNAYtQ~r50bX$I>q_%Qp2}{Oy^5we_%lN z7X~D>BmYvq`+0GiRni1)b_lUO7bI!cGdY^DhDyD`>1_2az=!e78aPS44YvE+Wj_ce z>267znc(a@WN5ld14KW>DEcAB*=-s)yneD33N+kK&*3Gz;Yrg4_KRpEHxEa$tKX*H zGcYBf7>?9V2{1e$u+b-+&fu+NSCbY%U0l@9W%LZ{F5*z%O`qohC;YtgcEE`lj>Oe~ z6SoXFfx4i#c#U%rHy*O<(zJ;t*Cmsyf{73DepoJK%=Y6udd5FJeu@{?t3e#S+v@#` zp~gy1DoV!UkKZk2cpN(xWRop zUyo_zCE#1t?xxS>Dk7(4TTbh?TrS+QuH1Z?65o@!e3FH>5@EP`sr60vUe3~1tGH~- zxYWJK>NW{!=5m-XMm$>~q!}_+Pfw_R3|aMK$Z9Smp(z_(NW$r)`T=;=55Oxp{DD2T zU6d+wQtEF0``w5*R<<|H zFZH$N@$b;i3L66)2D`+|t2DmN*5{gjuhaNk+3V0L4vPpSxPdfG=)A=$9b$I}jGPPi!kHR28sYC56skd~(YteD3FY3*Cg3DY1Ux zXGb@I=~AiJyr)F=2wOQ%yLL~B9F(f1T2mwQ>yd(A*F-bkOw&TF_}ZKYhS^eHreaB&YyM7JELQANFsvYHjW;)_5D!vYS2EAP~fw~6>tA6&Szv|WA z*noc5PYsM`-e{c}(7x0~yH?kgx^Lg#tF~8AQ_AK2{rW-^)%N$cZSU>QNe4Rho1N@Z zKiGP`?dP^PA9wfahTT1NeO-2SU7l;}{a^+5lNEbW{@7J$+=%kujoGHnK<;7d-WaLr zj&h#1x}A#}@~K}5Lb|^fRoc1!Jdal^=aRZTEIrt_whDZWSAqkFyMUVd=krF13ge>X zl8anbD2B(ecY}mVv$W;?>X%LGw?OEq`pd)9!*foTg7j+n9h44A-h{U@zY1eYJx}WG z4lCab^P3Rz1qj!tf=Cy7Mu=~F4@664^DrH3R z3;VmY?9ZFN&BVXam7k+#1eml?Y648q1?Ei0g&Rya;w|wGagXi2U@!TlKFSFXxfW66Kmj&vu z!yK_dC4~Dv#p*GjJ{k_|}t=-?%FqZl@$eh;M>3%z{+xis9Jd(wXFDY*^ z;Kd6gU#TxI;k%*9J^ER(n>z~wGvCf-Ra*RgnXC5uB*i*N%(VBzrWdl!$U*hJu-D-r zdkY8I>l}1RJdPY>-@kObm0Cc&^!g&o+F`a59#=Eo@`Q5jdGv zxp43Oj<@DEc(=^!EjH(yW_BJYa$%195U+92c9}Y=G4f}+O1nzKo2F^=t)_oW)8B2H z&Z7Tb^y19@bN*%d;tVy#2d=`pN{1lnU*)LvSl_81nOy4$`#hBeh| zk6}@J42$Y}L2pm)jBG&MwYO(x(beMzOgC~Nw*qipAK&-uz@XQwm$m^ds19U*+N)hx zCfapnH9}!}HmkO!mbG<%;ES&&+jxI!@u1Ws0>Hf6ewfNM_676)U(Oz*+HE3!$^JQe zzUXYa>0o#-xZZO1;OpHE9D)kg^9ceJe35>A3hVc?YZ3-P5r(=$gaHf(_-^Q}AFgG2 zbu7FPuH6P}8&unXoFBP(X8^y)!?ezOgLtOV}*3FF} zju0;p*ZpJs`1R@GFL^p%vqff?kS_O-F1L^_N2L3={tI{D!$a%AhmV=Vu+2< z&57VAFKe}ifF5{6`v};2QS#?G-ty<{pU2|Yn6lr{c)yuCy*JYzj9G=9)yNuVfcx#_ z2|_=g(LVHohmiSdks=4M-&Fl>_SEQbTI+xQ`QhR-SXauP(OnJA_s^d`JUl-8zkK-T zcmIp!@9)NpC{{;MWYZI6TlM8C0=xC89b#x&M7x)L_PW+G{HxyRY1>0O9?+q@5BH!(=Iw1#U2_3qp?klTultMiRpR@t^38% zm$JoF?q zp{sfzmUHr%7o3(*IQ571dWu@nQwvvxeq0j7ik{|AVs58TGuH3s@S=OxGZJJrs9HN3Zr~Uqw;LIsy^`zeaGjYlVLg*2ox`k-#7NV_}@~NE> z?MFm+PKfFjL#oFZ((xHPU$=67;9^A=ds6^2oGr??$0o-S_Y1*iX{#_IRhufl;iMqA%I&c<`;(cx#ZT}f(;gg^Har|ZS>}Fg}9`EqQ z#m%Rm`E|nK3+vSW#J|@!>f%z8H|Fz!+ipMR_GE0d&qbymaT>{ND6kmIY%q%qT)iPT z9@9s)91d{GFdnFf0)FCz^}Va8wg=>E2m0_fN91c?`uKLr@EHSy#o*6gN$|ZSzyg!+ z#_{#LI&gmJ(o}=fTS9HDo>TaVlecftz~OedDRb=OS?NWYp?B*_vn$-@2{2XJMh*Aw zRd8ZFMqFmv1B4 z9Jifh!QQydBvRhZMAyP=%#-N+_$bf%5za|)xy4xRyukVV_BUCve=&c&-y8}*Pc@&69&0S_(8R1-h2fo}PaE>OX$`+yC|D)90n}q~FtmGxLBx_vxHw)){F1 zfaM8Bm>*qc?RV#a?74=#TV%O6+#kT^7V*je7Ure7k~7|Ta9SQ&?5W*t;O=Io>FViw z^JXYCPh5fCep7yxbGJ~sM&rijUa9wGd%t!glu4aiUnH_g8NBQKAAkDv^!$H*`s;|; zJsq3(#q2&&r+zC+`#oJ}GT)dl9*gO3ymX&VCulnF!xmvaPp6BQrTZ?b3*5FfHLy*iLTynEPIF z`?BKZWySS2O25lIHAeWagQjVn*&Eg9ww@4^I=jE1#?Dn7C-1&+5t^X6$zy z>Nf1T1|sJQh}_mcV7BV)XdiM%?898_@2P9lq?Bq>N-fNX7BWwTz&W|+%n)nv0;%4R(EBk%phyXsin9~8Ag5!+&K z6Xom%dI^!))5c{dCwr^3wL8+*ZUb#+%2p%(`;P1e0a>TjO=C$dR$^B`Zq(Ql10eQ# zw#C@{rDvw}cV~3H!o{SV-&mC2yxeD`d8o#9^>^ua8TVj&Y8u@gp7*t8su5a4L>H?< zbMN%q8pT~>6Hn~tIBrnt0Cf3P_9w=g-PiXCvj4nbZVL9p)N$t-`) z%ib?O$89$Un++dh>{-1xuot|Wl?1VZeYXI!>_)vaXxxjfQI4zMR3o-NJwE$~$ESuZ zankIjZG+s*#-WcrFo4^%TR8rg9SF7~#=NAO8LK^XZ~TU^Uxov&DI$KY9{pT&i0yR6lmGho?_d1qx)pXD7;|!SNWZK0nkr>RYOg>2m;B48!5YDv<%d>i zyydxmMp&S4DA^};;FlE~|CFB_Ck+V;T>RqyoIi}HsBS@;_2}X8DSzqD;IgytP3ww` zP(yy^o#8^gGkXwP{rgLm$B~@Zo)4zh=r~^vL{Aozc1IGJ4zFc20X^It#jdI;_8HNC z{PgM1Uq7G8oMpAGMQnmGI+xZ9?7RTA^@n|#{U*`ng5_poNIiCuE*IKal&fiZ*679n z)Xp{XVR9p=K)RK2@0Eqi51)=A<;^n*K&cMqsCMlgMM*M2L%0tzY9!nl-(% zPfOwW)%z=iu_!vO-Gg;^*1uVyX(8wx9M?0xpR9LggW~QsrhY+?Z9hGCx=$*~RPugP z5Lc3(iQ@4g;`xFMmlkAkeL?QxPmR)V9AmX-RskMAJw81z0&oXm(o2jL`C`}n>u}Lr zpYcVf_2MX=W6$b##u;5;PBO;OM%*T}AD&lC#UfMX!mX@)Cd0M|G4(I^q$I;y|8^ z$r@D1qc~uZ1SJ)#BM{1%9T~#tydp)O$`ASo@(6SUJOUg+ z9Np0#q_-GC5ZYy%ViC~?GS0g|K_n9t*V0E&hm@64lAH*!6i*^)nI&dz1?Z3y_X6Az z>=DeNXpc%eSAWK1?k~bwp?ITgi(P-nGk4hpC*_hl9`bcmjaYT2JDfnP*^d%Ktv?;}T z?Ui*lk_zCttU8iB5*-N-+9ex9@+cw3n1ok^9wbDgHR{OYBzq)tB+Ww&T1yv#a3y-J zr9^F%Gge?MWW8tnNx^+5$DL7>NhYh6(7{`0lkv`x(oiynAT<}4M@dJCM+rPsA7yf( zq^Oj&O1qqjSK1bBWR~7?_oX>XeU$2ujnyPe(oQHX6@m_di~(g3jHu8R9TgrG9F;gq zca-*k-X#o1Wksa4Ky4|3vRbN0+FHYv>`@u+mC{G0j!GV^kW5q78IyuZNKlj&QiB9c zQraK%QR7j=QH!H;he#qMEl49pOWCMse1zc0=#m`N;&iCZx}rr0-s&u^a<+KX%92pR zG3vFPfZC)G=dbMA;lncn>8gGe9iKEs> ztqxjIj8e*k)&)aCo02_vP{t}pDRKwgSe8-cjW)Ijk+lx8Sd+6LW5^H*CR%OAvI#(V zU6Misn;ht9Ay{Lxl*wqpDAsl?8*P%7Fa>3tGTsD`E^Fy!%-*KNb7=I@sH2fbLq~%L zBcqnd2TCANr>smdo|!@^9SOpKToMU9SXpck8AXmJC(7Cyuac0S>ByJ`TtQw^P^1}e zITfLem#HX0N;{1>;5U@$R3`6(PC1Gg&?-ebq#$*6NzL&qRPv;i1r0?y1qwZ?5;Zt) zJXR6a@k@#MQ!0#LW0bK(6NR*-bVg5vbNmJp#i2CG_-s&FX+rWb$xxI{MX5P{GX&)< z=%7^e&Ok9Cx$H^h0w!e|@oQ&zP!clZt#I=$7ZC;OXk?K_dnhA*69r{3mtcuZNhW2; z01gF4g)WTvoxxSsGd;K>P$|HOMSzng2!*H=sR6%`sgxqK6wak0$Vmsmgc76zkO&L> zl9s_m<${xuOf*PEK@l>5XGWdl*E@&kokGh81yw8sthO2)Wh5jw$FK1i1ZD!pP|;w6 z@j+?ljY>{MnB&)jH%K9Z7RgF)QY_ZHD2-7bv*uA*d$i_g_0g)Ml}AfQi$@DbD~`q; zN)#YnaHa?srM0%i;#Cv|vj9juLDpRY5RG!m8l$C9CWk13_GH00nNn~@{Gg9c9IQ44 zbdo|8m$gt%N}+=?Sx6$vJSGPRDQ&Q&L|KeXLP(o!MshL=Qc7DKU>TV#DoIun-YBE?KXh*B8i4i6-<@S+fy;*$lRtrePNKmiF! z^Y9%VWYRfOLLW_(NCei|Ad>Jb2_xA7mNvyDuOt~w!8(&oaFBF?Y(pUx23RPf2xtQa zQIxjcVfGPcu%f3di*aC$AWBIF?oE$n71FYm+vK~!|h(cx}M-gL@ z+C=429Op5zdSoJ@3`U1cNji~=h_V!=Eam|g6CpVe4#1%H7^PPT9!esm2w;FEjKZjl z6P65Sh&s6trPhF2Nbh)zP<1~z0*E6BcLZUNAj}bjK7vq35b_9ujv(*|f|W#ZbnfWv z(V3&uN2iWX9%3=cM-W~}@BzK_R(r`ZOcP;(fkVH&9YhLN#RyhI$OOfr)`Uq@$YkX> zY0Pz?6q0pOXoG|pvK7$<9myHpiQH=EDGQmT)GCn;(!~Ny5vf$|80er73ItOsNmI%` zV+kS_7a)~fRdeeOLXiZmzzSWA4&*3XtBs9TgQhCu93DbYBtmq~CJdCLzz`@)iawMi zY#BOcd?@IdjT9sT7MUM(RjW2(oBW9-(DY5`?y*M8YDZ4_=e?Q3juc zv2uhaWzbX{(_bl0uw1jIcm>%?@J@};Y;j3qP9bF@9HL0hM2kYQh6B0vtq3DD>g*z5 zL3BAgD~+(|l8jXMDGW^q-dftAjS~)Sj!etRC>~lgRnWdZ-iWtYDM{<4QBKI7t1lamka$+S| z+N?qf%7ar{Mam`m>||CAZ-JyOEN7j`-a{Z~AUj!dFot9$OH@Zdc?6`(k{2&YUZrd% z$SFo%C6f-(L?^%*$_fJd#<<_ykjbjB8WxI5RyYtsXaSxwS&d1g5kFq?Wfqhz=X;xqlQ{cA6%49tKuj@w%`)z;G{Dcio{U7 z7)EzUS^!A_V5PTJp)7`!N=fA$Ql|t*))cZj80)3A9&|!W(s;Ib6z3aV8Rv4!MmbPX zB9t6>JxD?#CQ^+O$R}-`$|7r%lt!04Wv*h9$_lwax=iyUQ?wR$kfSOUkTX1np7=&9fX# zpsGg$i33R;ps*z&2=W*LPo*&lN^wrsZ4M9|FhI60D&;cTqBUsgJa1&ZPv~48p*bnN ziH7@^saQ?ep@NzwY`DCKOEWgP&L&lTf@2btKM7mJIYP@yvD z5WGoLoI)|ILqvz9j7m{k$_b)jRSHB<(xu{abafZX(7<7~rJxJ}l*8bRB^6E1D1!~d zaz%8&;DU8%kz#OJnF!V@K`eeVp${W8Rf_kKf?*1AmMsg;h75_hz^gDq1E;g*y{3!7 zXGbALtCI~SS+oMo2+flY!YZkgRX|pPD_*cQC+cFP(yecnmDgfSk}*q&inY;FAZihF z^lhXGAsA2+P**!>ahNGYVMGiDbN()PgA~XFseFp2kml7=MT%^P6pii)48$4RlF5(DH_#kw22}Lo+C!?fy#bwBr zw+Y6M&?q`I-l`%4=@3vwKreIlAtbg2RCBHvL@>D{kUavKeG$y&N>WE4d8TG-tw1W} zNg6;TB{C{0gYZ_DGD=PN8Z7~0306}g02Px%;aG$Pm68i0h!H~uOHk1k434CTiL~L3 znY6-ZZR*y%V#q>Bs+8mekj}c0KxBQ!o0y%hvnSyoi41AhMY1!}B;_2FS1{;I&}I;B z?%=d$xg(`4Y@v-d#G(wQ=!MpUwX5=XG(z|&AtYUlun-J-NkvBK1ZFe#O$T(*tCWiN z1&d5k7lIOV(x~mA;Se4u6^FvIq1ky+fDq6)Yl$=#t!aezy0S-D$XG}KLX?qLUGl;^ z3K^9#SeF<{O;THR1c_%hmSAlN8LTqKO0A196m&G&i43J$RYA%tFp8BfC*y*4nS?YV zIY&attXN|o=1(1RawLOHDwiCy6hvO3(o$PiTEozkK153~C}}lWC7e|uSv0`*P0&o^KK*t1a&+Octn!Vye_2%>li&6s*rq zlNQM*MCXK)2H9ZY>oiMyU;;ryGLmrQgH@713Tw!cjMC^4n#vh1)UBBpnp7z=I5uNM zsUr?s9cd5Bn5;sON_ZVa^0pKU+LQz-L@&$;Ek_Z+QnW?8s0%{O*6ADr2ImyU5n8qa z3V@cmBne~*(B{N?c;N-YkID z8&Xk&EMdH%O`uZJg_6w)Fls{Yv(G`3CHgLSGnQg<4je_uNv4uW1`!Np%1#b~K$=4U zk3QL=bSjb9EEWyLYz6Ozi^LIHbV(M_t^@)DDQhRR#E7z5c%&Sm#gc^}p9m#sC6n=n zeI;HMWs($aq}qZoNfwWVoD3ynOk~J8Pf;3IC8L^2dseumyDWo+*pk7#3xNVE$bc?c z>nus>VpM3P3`#c6{q~liu!n(7wmkX7<_jHdHc|(dCwv12@0CxygEI))N$E&Ya53tf zhM`M)pcn*@5mH73-kX`afD+|WO2)e3QgGni7Acv$6gd@@l4ZY7QNjndq7A}L9!jy6 zGCL13xQKy}ypv?Ij~1h9l;ub%OTLtdT4ZBUIG00l#VOWb8f6Koq7~lCSTd^$ASnXo ztb#V)jzcg9gp#~)U{N#43IVbdA}RUVFOs2+^i^d~Vxdqhv4SB{B#cpIRd@KrDp$oD z&Ls7@T8>F&5u|fDBO6PCPRR)ook)soth}%2A_(nCW+f1VEZIlajdJiYuxyfERa#K; zP%V}Pqtv`@P+CK_CKfGa-Qfl{8k2^L;Q0i%1D6ridm6&_ya`RA62xBpb96*>y!i1fPP_ z0Zae^Rwk+0;c_7BMFRI-@Pj)+&NX}_8 z1*JyJLgXQ4LeT-pk%lb6f|pr<_gR7vPG$?bXgfmFp0}kcDHSl<6pV}@p!i&r3ZCo; zjfI#)guuqQ?4$}305t@mHKjpBX?X-qN6>f#4M))82+AEn*&`@(1jV4#MV4bvRL({Q zU$pgwoGn0*Rq`dE2HCjw8=H~FTS4rqLnS;=C}i0s%u=1CH;sEFD-4AV;-pG8R%NnA zV-Z>#sT%i4=QWT`B%DtPAUO1qB)jcX624JE45VbX!RjcS&{>1Vl7db)0_8z(W-3Tf zAeo|pR52p(s)9CJsmU2tLq8Z=AvC^Z1BJAc$?KH8i^d?ZyVtaN&pv8VFL<#s&C1Xnh>v9&XvsnzP=rkCUwK;(1#aD<}NSL6b zR5~d#DY%p<40^8C2R2mz@v@t31_(J>kV#O?CPVfOnoR;QBqx(04sdeC_?W!&I#~^a znxXYU^Bx(TRT;fVUPxAAgUX4`>w1_yZ4SwkDxPx5vPAFDq(t76lWbSSqDE*1oN-uW z&{j!Am7I;*ao~$aSE6muiY|ymp1nkwbywv@iW;C86Kxuy1tSSdR!$Rni`ftrbd-uT z&Kl)MXc01tW}Em~1=8#~6Vh=+8fdZtMre@G7a`do4N?k^I+TbGeU{RfF+j{5NLeUe zB`-51k&1Oiad?yB+j>JV-v@6V1e^JlO3~Tivd&C#maVHUb-Wql9T8~CzA$>Fhz1~P zi>wU|MkB2cN?Rc`@S5XoRxz^;2o*rd9Iw=%NfRxH#(;vNRneZ~ElNs6QTy%UR|+;YO9`?N%XnL4RBSyp#u^NbYrnA>0HuW&F|wd% zv#^LDlCznOsRmNTeJ@kRpkUvIsqzJ(#B0cS_FK zprr-$5et#EVA;@ZN4C%h8^M+kU2zD3^#LnAk#b(KK_QDKbwtrflD(lyXRuzxoD*xe zWUaRDyGR}4K)oWhgXCiX_Qz57S*hr98MSEbE>5I(j_p^1_a}@Tha50wjdd}`IP8^; zxC}zF1>K6wRx)XH3d{x(jSvZKjfVmQ2X;!ZzfkaQ&D&yp;9w`-3Ie!+77V*6OyRw- zphDh}v_hC@a>&UDkwJ~n5__Ja62edn0T4`#K_(1!D=YH|jnII@hys(~U<46;aak4_ zY-AN>gvO@vSU7goM_xRnG9GPYxWUK4?PSCOj04G}r4k{8%%mPLNpCazpVA1eKvs|t zboSP2!VqHe(UQ*^;wYDmIAG>*F=d?83RpAK;AQY4OX9tx9-&DnK4<|Fbrw+Z7Zn_im-u$!Dz@LWfPTBCV|$W1R$MKgfM8|MjY5m z7@R;&Y}JgpYG0A8G9rqopv@^|4**IDt&7$smdwGZN_%5H>hFWMgc2ZVL9SRU*qt0q z;57rXVt396jgczZCc`mBsc5M=*dPa+L`W3-NZD~4SOa&0*VqD@1E5TG73;xHXyD*O z@{-q8!~TO}g_g>uYnSHmRDz7C zi(^!HMN*iUeb$3NmbvyDn^7(~QL@D#oiLnd2oa#d`e!&EEHLA)xN`CAT8OVY`dJ06oM}* zaOAtpj+gSH!6>hz%277%@$9z>E`bRN0(o{Oo01J%#Z~YyLW==GvH7`(pfG{XC}mP? z3H4TrCUsmgItC7ZOqqQn7PC(o1xc_eDf?ZdjztL^Or@-4%a}q%?Egu^Mw3T}q`7Qv zDQuW`$vP>Mb4G+5G*U2$C^|d1qKv$3u?Z}pG(<`fbq#bSsj}A`d0>WJs!<2d7aZxx zv3600NE{GoY+{C?Q4Fzx!m`iRdnAskip7vDyo3;>Acn=)r~@H5-gg9)mP0LlR#uUg zHWX28P9rp>F*zL+S&ShU=T+3f7DFW_K-2o>h@Bh7MaaxQCfO(z=3=xgtSyYtP!(@I zNEK3+Y%mci$;{58h*1tv6-FJj^%SDhk%B;UT4^89#Ar07K%$LQN>#;PawQ8&+OmH! zXJH7~Gv1(C>Db0hgn@)IL1T_&rB{WL(}U`2ZBD=PV#B61TaWPN_ z?iMpwECzEZB1lU@gUe2dB*#@xXAta8W(jXjr zq6{e=U9brTSN^Nxjk5EZ=>m8?R8FB&Ua+x01>W#93L!Q{=_G;^(h13y46;d(*CLG$ z1|tvIC0@#8rfhv+b6AS5h$KT0N~eZ56LSrYOJGD2iLFLbKq6ygHU%2qAVG0DvSmvv z5HWIK7@rRbU;zfb%Y3_%ZHhwj8Y0+Gji4dBOx{G5ZFWProcVUcP(VrvY>sS@5e1S2 zK5d&4u@2}PFG`9LrQov*!DexLdGPW&=@yF3mA3q8k5q+C-#*J zFGv$dCuN=x*GR9L_oygEHu#{dlGZ}B9LFrOaLP0)03cU5{2SO)r4;*6jVa({4nZdU zU8GJ-Cb4f!DIuNagHf?~uQO}2q=%?AV=iyX0tW*407ir$VqHf|Hl85yl@kN9>_rgP zf#EGz)REODUbtPB6d6fXbD`CwkZ@J+yQvne9{377cv3 ziO;AxGMPeBDGw3b3{6IMN)#P+LXL`77M(?(BK!HX4kI+)e^t|w$E>U-6Qv@Lj=gR) z`l$zUHZ`1+XGA8_F?$Zy1vU)$aaFYk703t4@qC&I6E#V6A(vDXIXfbY!%dZo=)GkX zS4ZuO^x9gjPzYg0iC_=j8b}rqodpFU3k9+y1c50fF@%J$O%2)Y!D~A(hh#KPNFm83 z<1LJ=W)D$VqlKqnwIt+F84;XI5OhGVM%l-H7%ZrjPnwM~RrS;nUKel7Ffut`gf|d{2u38y zXI=m>h1B}S`xv&th@f1eXst0Gm2n(|4>pz&n$Sq7qcE&5l0gxP$YLR81LYdtq7%xg z?6gH>J;qvD3hQMh7@4Wjo7W(8;gu&!Q4+-rL|Gx9HH=nQF<@Uo$xhmMEFqKE1``X3 z$R{nprwG<{uKmVlQdB}qjZ|3Il1@pdiw$hj0O7_J&>c`%qjHIn7n>*`D`k11XL9rj zV8l&AFZfhxlDQNUGDjnkC8JEV(#wWvtqX8Sl~;w!1}}@l5QXJ%1+5zu07(wQv23dG zB9^LQ3FD$jKAuiYC_}Hmq zk9*zxlg6}m!NMk1C1|Qlu|6lpMTYgr{Rmn9LH!hip(!F^*es=X?b;y^pRD6;9_}C2 zPkR_)VuO}zFA%dXCzF0%&~Hn&f4?p-qjSKAT1(7MtPldhM~#(fu`od@(QRx$CjzRW=XZIARwg%%^tR-Or+ z5@E<49hx%viFr*}O$X)-GDj4n6d#V|Fvu%v{h4{qn7t;tK4tHs0STvc=+QB2FA_g7 z?xtDhGT4xkZPDo5=Z>u1Ii1ap!aJ2Fz@f@#3;au{ll&D@tq6 z=^f`ocjr3yw_6`*F`<>+n0e-1P7OxKAIdL%`Yg3Hf=lgfms!f(!F#!zQ>7eG8TEmQ zP@~%?4f=EIL91f5KQoLO`oUAiT7Bfok>uZQ4FO|h>0?7)(8pwka51g-!OZ&3*~zN0 z4yF~WRqiVnROqE8J8&$ezXV#7`F9-^Lpb!a2*6}#*=JrTJt2L_n&2E15 zKpZM}grueDR^Q`zNpwf?4c{{iwjhZ4aa%G7 zC9I7v;e;E5al$zDwK3(3icaZpSTNQdJ41NcjZcBwb;{e-^mk1_Uji&hfygUot}}a< zV4b>qDYpu+PrhlQHU>lm6ct#YbXZRaEl*B8eGDq$N3)JR`>tEyD*L-C{_W`#`p>5i z&W`_h`hVMc3H%7XkS_Ey($zx+E}Hra^uU#DPYS`@178sx}8F@S1RUx`Ouo>%N6k# zyYG%Uc4a#iJP#sxH9fr0!1C;$SHoZIet4*#PTmQU#gk)+aVIRKjeeb*_e%JS-8G_) z1FjEmSHs#^Xy1FoG0V6A&1Q{F8=EvXZfw-pP*H8H*;u2o`fJqOH3gE+O!$|89qF(* zoio=n`G)iG6HPf3$s!z&B+-w|IMY1^kd^)5dK!EEsn%dao3#^&P$7W-T z#^$fF7MzgTb1Yih#5w>^QW8YljrHBN1u(m1(sQsV?c>*qc` zv!1$W@3L1HEIHep5KK-DtylOflppr-qsClq}mw zPMMHU4cMFWP>;LxCWV_|bXKKF0Y|WYY)J*gKuF7Tvl@sU#b()%jLu@`mZZ0=k1hoR zaQ6hytyfI6YA1nr=w!NA`a_Dn6(hf;Ab90+Pm-d}IwdPqpj@sD%Z3N!vr`mUWlyVlebsa#oE$q-2v4zpWt6 zGJr0fr~0VHy&A+(cC{;I#aCyEe_K&G_6b17px<8StTLjTftZvNvyOijRqAgm3Tnq1 z(59bab}Ct%JfI^KJ^k1pLfVAnx1Ooew@@m{3_1{e9O&f&+H2`WF+3D5ufV0o%lIl) zvO}9kn~KUxqO0B$@Jc8P)`u5C@f53*ovf0zuPz+-`NsSzK>PGLrtY~%Kg$FvpuLRL zEJ`jftBf+%U8WJXR{|H5 z6zI5Sj=AO-yY~&fw%3R+6B%H>G9=xrPCFhZ2Ov+umv;aQS^{~{Z8cstlDq9921CsC z&@H2m1@{92*V_!baBaf*>eZwZ*;$}6YA;E^77W59!Fj7SAkD(UQGXNywz0;m%jOu1 zNI1W1m5M;D2`OMd7UEi1=Zu3zpJz0VR-wn(ytyCgQ!0E^Yw+gVkCx(ZQ?QuE5h*YD z5v@PSh+_gWW|TTtPX!z7ORaZ;fdFAFQUTJ_E+x*CnuGNk(7vAS5#c7F_DXp%rg=JW z9gt6m?=jEXq;*x32P*pYEYH`wE@;CS70Eq%9Fma~e7cuTV_a_8*Rwm{d@3gCGkSD~ z45~s&DewuV;0>-W4lWHJo8GTQH4CIP3_<8>+|gSJSWWwN*H}Lf!@|*qLWo znRInJQJ|c{=~e&9#;iwl(WPW%OJOzY08@0wKb=GV6CS_RI6-FGU5CKZkvE`b{1T!kX z)HnbFJ^@AMS&mJRDo4$Q7Xp}9w{iQ$#^F&lxU4aYHFTAf)q5oj^qI!J>nxjCG%@^b zO-!4ZG%;>s)Wk{?txYtWXuSHFo66iv`!YLjRsea_zUu__2Tgi5ad4^ew>5EX;?e{n z68xejUY-`Mz98XNN>?UmiiUI>gJd|AeCIw%B&Z24+qcO&@%jRw3!04@01g!&SZECh zDGCsl_u@=$lGG$ilc-H1pJR+@5@^=GnHrJMCLvA0#09-rsCZG6H7({Mi(aM{I9atesoA6gc<#3YA{GA~zvXs7q;iu=O=@X^_Ttw|uI8k;^j5!|$fUFh zDDk$fb{%3`@^h7Z=Z8v`&bjJJ;NEh<CARB!}1eN&y~`ht3&c^=PG^JGx?9r6ZfpP3P3&R`*tX|K}>*9XWUsR6>BPpsF0?@O@*3DY09-J zXH$-*j1ug}i5#%}r0X8#6i_pL1HV1C1$&v}?e+Mp)njF)k3OGJjoHn;fRLPsF5nv@ zqEUXi`93Xx=B6 z>jPBdPgy$4k;7-7A*UnKCX>OD>SXGbpR;aFO`F>1d^O2UV$gnB#Z*C!+d3p; zkRUJU9zry=Px`bO!RP}Yh|Oy+W;&KA(9T|Jf4+g*)IMjQrWYwYYL;CsmSl%dIxC1u zxt_EV_3~-U*Sbm>dq_%J-JpAk1Z4ivVI2$QJhWh{Pz zAD+XIPk$(2hFW$cA0pCF4{xAu5$||v+0UWar#^&KTZ_8g1%8k`i92k16NWmymSG&i zXa6P!;zOdZJ+rKl0V((bh}&V+$@%ADeEy574jljwR?IT+^iG0kHcFDaaQ`L+$D))5 zy(SXpTwxGp??ub*Hl|?3ycEB$7OW~~%zk8T5I4KkSyD6B8N!Ptub)*DKh`w0X-d=N zrb$f`pH!PhzJDMQO#{EJX=u}srok`Jf_?5FS-{k9pL@$%!zbL5cZ6W2HY?ezM6-f_ zw`N6~6=_zuSwZ3|B3EnEnoVmo#rIIHY1O7xnpSRFsc9`uaqcslX1rinFQ+T=4#-A! zuRg*_T>kHR9=7&K#*Sw4OnvM2u5mod`;XX|Dq{N zK!)bdtuePVuzvxQL9c~};*nv_&9FIVGmd8L&Dh>O_r}_c5l)MJs2P`L2<%$NVXPfz zsTKq)0+kR*Z>(PUrqd!0R-&08-qxClHWO(k+)SvMl>b}?jU#}JDD8++5zydU7jFXw z_7Z^2>W7z6g^>}`R~aKc%kCT#8kN$)7re>Qk{@2ixN?(0%fh>bQYXOzH;8>ZZ}P6$ z$CnWkAsJN%yqyW@9n+$%wUYI7MMY-u;bp*1o~Lp@y=LV;AbD4W)sC@vKB>zee{B$L z@mvd8xl+c~6lXQ=zN%NbH>7_2ow8S^n#KaiNR*-zZr5JM0_b?%FU3E+47RJ$TxU`T zk9G?&;-U!YD}D{bhA8U~F2eyGJs8*_ixTl-$i_wJ@tAepoB>n%_~!=lUt-YUTpcgg z3Bgx@|6h@mdduJsFGG0sk`7H$+?b@;^&}W5NbJ;l?-c#;GLjQd?=3Ryy3D|)G@1yf zl0)|`h_LeyE@LIrP@$p9=R_1P7kckKM-8=G2GZ7_$(Rp+r~_j%qIM*^(=Gnwyi*`Ix9k164409nbrZv?~p$uqx@kvz-7vYP#ceU*X4Db z;CTW}D*NK){(d)1X?fkc6R4!6wFl_rT~uZ1U9Wjp;QW0%w0(g0A*&;<&lXn-uqr}E zd91~j?@=7SZ^&|jXluT)lp$fcdaa$gBRll6-z@UIh9a5;{xAO4W+Bajn*}wC(#-42 zb_Ik)%S7&xB}n&Y9YN3}Jp>cWcMta`8V8EYPwp{J9ssMCV41h@HaY!rz%A-8HeR4Q zz6r97AY9!*SNFAD&jk4HRxZtw(f=4@mm{Y@#UDBCl(H7pys@%huDe8(If#O%C>2-; zcTE5WF)an);mz2v)Vpcm7F!^ivm#Bg45xG09644sz8K=MsRSle;?g!plt^9>8J0O# zA-@PLOZ?c2V#csik+w4se;gITc75(X5cUU0IycMOEVCJ)I|DN8d6SN)d!IM!Y*DVF zvF_2iG^^#duenzBQ|hT*7Vf@XUGIi&BVxt|BIyC4fzzp$ zabd0Tzgut6f{-$cL=Q}~s%8$m((^3O1FxbSe)(bSKfLM$g*Pr$Bi#yOwfzh20h^NV zdJglUzU)j$VF{6Fh}E)nSy5K?Zn_a-J|{B8z=D@)SUrnVfR&p!ui$-cRdE0q2HKfuBKP)G!xh!>hLbwuCz|+| z-+-5R1$QuL9e6-JQe8KVk^Q16Jn^Yc+?=R6;kfJlG%xvrJl#NJxIC={mPETpMMBwPWX)q4URI) zDY9zOoSl(WXlr=M+&$?FMC9Kzxshq^sR#%dH478`p@<(2FXviJT*_ZI>5QLjjw=(L zkvpS)CK6Y1GxMo4R$>Owz##O;zHrakzo?Q9T5&|sx&r~RMA8uO0sy$)$E4=JYO)_h zSq9sREmH+iU=Ux;?jf=2ZSq?Mma8^bX|CK{skxTsQkzRQ#}zI(S=L;%xkz*2=0gAO z`#3WCs#H5Pkh@X=;9@G=E41=CQvdyBjSI|^Q8(UCg@bk9PGlfk^j;?4JCS}vS;se+ zs!|aHsNKLZAmbt(Am_VM@MZDFjhh=ax6)keYoKeh1c0VN@bEvzoH~I3lH};D_ri9|<`&J(Uq$;qdkw56?E-=T+?v}AiK;>m9q)y> z!L!!t3n<5fk>Mh6J_)E@c^U;_b&Fp&Fi?KcX_Psm+d-1Vxu}M_8RqRe^#%VK`164D zsA5@eD%}y3-;?o_c-GiO#wf=C$Q!fok}lM1MbhiO-GkRwon*N;K#>-D%)rxzVR9md z`q@fP4j&}D1|iI)X0FH-@RqmT97_jw24B5%bEnsISzK8~kOmWLafnm)K>tKw9dUW}$U(vx5Yo7Ylo6&MDkI2STGTeW2ow81)^~X*`|p$}g2Q>jt%A(upbzF=BQe z=0nq;R--xIqn^#HHLu#dBIZQKCh`Z);JsMUfVTTNG-6 zo?NZXvBHf@`m3g?(u{H#sZoJDany1u@3H#XbmqOqqy=#cq89M}dudT>3p{I4ot+Ja zY=q#J&V2(Ye>)5h+RN;iZEnaj5b<`#G; zznz}o(gOW}DlgDrr`r^|v@1QQZ<(bk`yEDp|9uT7TzQBT;bL@bW+yX^H8P xi}2pUF#dMBL;U~UrV(N~PcPDEXF||jr`4?^m1$i|OGw;J{|9uGm+xYy0RVRn?R)?L diff --git a/creusot/tests/should_fail/bug/01_resolve_unsoundness.coma b/creusot/tests/should_fail/bug/01_resolve_unsoundness.coma index e7268c5d74..55509a8ca5 100644 --- a/creusot/tests/should_fail/bug/01_resolve_unsoundness.coma +++ b/creusot/tests/should_fail/bug/01_resolve_unsoundness.coma @@ -59,7 +59,7 @@ module M_01_resolve_unsoundness__make_vec_of_size [#"01_resolve_unsoundness.rs" function view'0 (self : t_Vec'0) : Seq.seq bool - axiom view'0_spec : forall self : t_Vec'0 . [%#svec8] Seq.length (view'0 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) + axiom view'0_spec : forall self : t_Vec'0 . [%#svec8] Seq.length (view'0 self) <= UInt64.t'int (v_MAX'0 : UInt64.t) let rec new'0 (_1:()) (return' (ret:t_Vec'0))= any [ return' (result:t_Vec'0)-> {inv'0 result} {[%#svec6] Seq.length (view'0 result) = 0} (! return' {result}) ] @@ -182,7 +182,7 @@ module M_01_resolve_unsoundness__make_vec_of_size [#"01_resolve_unsoundness.rs" | & _13 : borrowed (t_Vec'0) = any_l () ] [ return' (result:t_Vec'0)-> {[@expl:make_vec_of_size ensures] [%#s01_resolve_unsoundness5] Seq.length (view'0 result) - = UInt64.to_uint n} + = UInt64.t'int n} (! return' {result}) ] end diff --git a/creusot/tests/should_fail/bug/492/why3session.xml b/creusot/tests/should_fail/bug/492/why3session.xml index 624ba8c5ca..7040f78ff6 100644 --- a/creusot/tests/should_fail/bug/492/why3session.xml +++ b/creusot/tests/should_fail/bug/492/why3session.xml @@ -19,7 +19,7 @@ - + diff --git a/creusot/tests/should_fail/bug/492/why3shapes.gz b/creusot/tests/should_fail/bug/492/why3shapes.gz index 5033daecf79d5aaa849fc482b8dd444185bda93f..71e9bd307b865adad3385705cfc0c406511c8bc8 100644 GIT binary patch delta 451 zcmV;!0X+W81I+`F6n}J6o6{~|5)0%I6cFS~PX({WijP)^V>^=UHh*7Qq7tWd+Y?8t znVsF)4|m1*osMBF&S4n)!~RpDi@T4E`u&-Pp7v7-7M?GkC0b}!z&>Zh>FepZ3*1_Z z3yoWBR=}o*1!fj?hhaGU2)=xJBzGEyu%E27ioS(u+j}dW;C~w$!g$!7LkZXPM2h{M zc2?4bxb($;Fg7y-tZEi6ycurt@Umgy={UV?=M32NoF#eB1lAg^OC`W^yDMwAST9@r z`2*8HYzRwzJ6)nE%AaL1y&OaFnl#HR<)~5$r`?pFWO~2OpG!`$+eyu%tgcBmhjJwv z$1qIk)a=V`y?;Y^r%7!v!~aUs4N~^%VYRi&slOdmT5iSWZLfuUoq<(Wzh3WMs_DkJ z!oGBD8peF>j5nf-CQ<}%KoUTxD3AuyohwAkTWo=OXS#?Yb`pZ9MU)zh1Id*D9!Z%* zMA@oVGU&*;AS-}aMf-od#8001T>+`|9> delta 449 zcmV;y0Y3iC1Iq)D6n}VAn-iBWkp*%H3JCJ0r-E05;-eMf$c{w2&EJ=jsKjaA_N38r zW@mTy!yTT!+f$hEC5%&l96n)*?>-{i4;MT3c1RU5sDG=yO5Tem$QKff{3A zrBMUT22grfVPVszyczDw@Vr6c>6BjfO9m)C7fIPOgRKVJQW>Dq?#kM&*6S93 zK0qD_jbW|t(;Nk^epWcWoC1DL8kLnwR5^w7A(c-yz2D|9B`47Bq?S=O*DPB?xe`rN z7*jqq`f^+EfPcKxulFw1eB)bT z&mEfvA>tWhysJSH!aCPM2vS=asppbw4VbmGg_a<}iDk@3E4=m)YvmPn5j3lbo_k~> z@K&@OG3EkcHb_-xUhTc+I&u%xlA1eBaox&=D4b)w_Bx#vTDeGtvRtspc<>4wQGg*^ rLkpzUty&a80P#)%kf>#z(u=5hr#y8MRFumQ>^IFX<%Z*|xdQ+I%n#Y9 diff --git a/creusot/tests/should_fail/bug/692/why3shapes.gz b/creusot/tests/should_fail/bug/692/why3shapes.gz index 17e0b0d68482a2be07a20b562d4dde06c71d1dab..1fd96706d82105e4110ae13a4d851717b2a9ea17 100644 GIT binary patch literal 983 zcmV;|11S6-iwFP!00000|J7AZkK;BBz2{ftmUd5~sLutqfKg1U0E_mr&^1tOc{ivh z$vDmw`|nHHN&FFK+a3#K42tiOBBeLfPal@&Z{ZZr%lBBH_s7G>rCNUYc@gS(K34B> z1s=0-I-Z;ScqsM_F}AOlX2m@71bP1QHbIYvJYHeGUWCix5YLG(yxR0DIa&!Xhg9wL zaA`cS&1?|`aD#9=Vxsn)DX#lKQu%^_jd5H9g0nD zPFv}tHiJEGRnW z3{9+8Y!WBE7^34)lIuO`Bu*twj@kOrrN}vLCh3^FlP^}qmaTd;hm4NiBX7^+j~{b+)>Ajb|MO#AAODKQ>h;f%SI6_E zj(i1aH9&HHON3!x(D(CTiU|B*P%Mc^`d#Zjv|Eh-MV?{ z5#;N;)$12MsyY1((GJ7w@Fl23cIo59*l)`Xj3fS^IeMh^PnoPIlq6Y9m> z6DVjJDlc?4=uXHdwcp5dd5jm<%Os9uOE&kE!i`2lxSi%+YA@BygW26Vw0G_$zr8k6 z&pe*b1wsMnC5?1B^RCWsk=@?+e@c3NCm-_Apj$9w3R%L=Fv*OvsFhSvC>8~?h0XaA zxC3<335SkM#};LwV_`xlHDDe!glJib0dp`r77SZjr=6icH3|b1Ruxidqcj858rZH3 z+zKU14#HBHa=>O|vB*ni3Kn-3!ALAi+~q1a^o=G+Xsd+h@zN*}3agadG1w`S8_OZ+ zvIqq;WhqiTCo+A(apu4}Fb=c>N+}(PMFFUa9cUIyj%Z|Q6+=^$Kgkn`12--`)t3gpzVpJ=6 zWqFJI`wk`B`mlD}9s_uV;k-A)8S?G$mk--$Zd@DAP4yaf zU|H%;&AIbUT^u`P9G)-Tj#y$5vh?X?fi|@dSD0oScd6@ej(l$Aeq4#!id!+IDyybT zZGr4pYtS}9%mN^Nh9d^l0<*x=Nh?6#sP;x)%OfmE3p#b5dRr}145eIY3YnPXSikPT zMb2Oom$$C=-#3_q;=wHYK|-|M*UPC21S#1Qo_ZTb0$ej#NU{Yqi`{fTPGO6Cy7uVm zZoJ5Q34e?SGE^9zPu-70FM}zFJEcP-Xzj;5SpDE9eIM8m%78vJghBUq*kd~w8{1sA zGDhtud)%tPll|oU^XX7E-v*7j-wsbN7gz1b3s!=T1qDk(%9n6H?_#YJgj$Bk?`?2h zXm?~0CoG?$^H7xQJ?SD&MorGy>d__9xojrtn2hZ#(J0<&MKA91tsC4K-r9^Cm3%KS z62o2HGhUSJlvj0w?;&AS^(M4pfCr_Ib&=a6l>m+LTMkln4D7oS0z z-K|l-%rd#AUt}S~5w%RL>-SEXJd5a4mL>biS})d!>uCVTQAK7B{INCt4iH7u^0h~h z<2;m>t8~&G7jM*lBd_JrmM2z3aYS2?wZ{~0G#tbIJhwtwAy=Nv;m)DIb1UfWy%B2V z`FvX-7{IK+p)OWl*7YsY+YA41Nv|*ELmnJ-8=`d~O2{=4M9YLJDP-W11WuA7@pKE+ z05igH!wi~+Y|27~LOWL~U_K~tAt5Dm%!AH}(`1_%Wi-6uK-mVIq{$=cG_MQKXd8i(JR^jM - - - - - + + - - - + + + - + - - - - - - - + + + + - - - + + + - + - - - - - - - + + + + @@ -48,7 +39,7 @@ - + diff --git a/creusot/tests/should_fail/bug/878/why3shapes.gz b/creusot/tests/should_fail/bug/878/why3shapes.gz index 5df7789fd862198969ba50873780df6805cc4dd7..33a21d3b8239b4e41e162af2583b1637c92fe909 100644 GIT binary patch literal 673 zcmV;S0$%+eiwFP!00000|Fu&)Z`(i&-t{ZAsqIAGTSYS%1&qtkE(H$V1nP8`7DlZFj53&F9jTpFS4-Z(42k6$Dt0!l=W5 z%TXxk%MGp5=B~e|{VM%soS?p1ZF<@_-xfbBSQd0Mm_(4Y>VjOH`@9$~eU6BMG5C6}$!kV*Xum&$QJgzBk;DtBv4sYO`H(z_|n;#Wa55GddL!HB7Djjg3 zuO8{E!?52YKm|DfSXhq26d;2d04yv=VG0mI4*(XHqc8CZ2_QE&fUno_?ET zasWm~9a}{@E1t7X1VTrg1TkLd**K=7EL+>525qs+*>o{Wt_f>bYdy@u&AR^sw3Lla HGzS0xn}<7F literal 677 zcmV;W0$TkaiwFP!00000|Fx4nZyPZThWGmww_Tfwq$Elznjt7)C_}px5V{@onHWu+ z)V{jtzc1|bB^M``ts5o2{E+zY!$rHh4Uc8l?#p(!e%O3!xxM(<48Ov9v+uyeYBHuf z^thUgCVajOcV%-k+=l(S{OQ0`7#{ldW(fQK>(!4AR!z7ZedI-0XD_bKgAR^2f=-fh zH|#>+hwZi>%Kc-KSK%_;l;M>_B(db8L`yDQc0s~seEsaUS#O4ieqU1C?aE#4+TrhG zY1f;5*sjB7Xx_`U*uj#EmR%x=_daQC9K*Kke%}qvw`mA)x*1P6e^|MH9RBu49ACGy&%n#Wcg?|p132&oIPeObFGCpm?;Uja zKfT9eqvK>c<#8lfO#~}H4)`RHUW@|i#cDF<0^#K-5MHh(V=f@CMge)XnvA&sJWrd& z(`NA-Tclqv#B&n#W?Drvt)h7c23!RE>8lbff_tV}sxe0fVPeKk%pg2LW6zB7+nrWGY!!ttE?8g8)>bMd?sE;mDzbMu-%O z$XSvgBU$Uh)fUhg3$sPhvQthz$qjQ*N(XBxhiqbI*0NRw*(4QhI%XFRX%>@(mQ+kk zj5<~{vcxC~XpRz+$>uo*(IGhNjML8*m8xWcBWi$JsZyb+r81dqP(X)h(vE~9a)ge+ zp>=2+YKPn;RU;}gz?Iq7Bp5j;FapWyoZ {[@expl:my_function ensures] [%#s17_impl_refinement2] UInt64.to_uint result >= 15} + [ return' (result:UInt64.t)-> {[@expl:my_function ensures] [%#s17_impl_refinement2] UInt64.t'int result >= 15} (! return' {result}) ] end @@ -55,7 +55,7 @@ module M_17_impl_refinement__qyi14398438181735515246__my_function__refines [#"17 use prelude.prelude.UInt64 goal refines : [%#s17_impl_refinement0] forall self : () . inv'0 self - -> (forall result : UInt64.t . UInt64.to_uint result >= 15 -> UInt64.to_uint result >= 10) + -> (forall result : UInt64.t . UInt64.t'int result >= 15 -> UInt64.t'int result >= 10) end module M_17_impl_refinement__qyi15782060473717464421__need_false__refines [#"17_impl_refinement.rs" 29 4 29 25] (* <() as ReqFalse> *) let%span s17_impl_refinement0 = "17_impl_refinement.rs" 29 4 29 25 @@ -66,5 +66,5 @@ module M_17_impl_refinement__qyi15782060473717464421__need_false__refines [#"17_ use prelude.prelude.UInt64 - goal refines : [%#s17_impl_refinement0] forall x : UInt64.t . UInt64.to_uint x >= 10 -> UInt64.to_uint x >= 15 + goal refines : [%#s17_impl_refinement0] forall x : UInt64.t . UInt64.t'int x >= 10 -> UInt64.t'int x >= 15 end diff --git a/creusot/tests/should_succeed/100doors.coma b/creusot/tests/should_succeed/100doors.coma index 0911156d2a..9dfa5c29db 100644 --- a/creusot/tests/should_succeed/100doors.coma +++ b/creusot/tests/should_succeed/100doors.coma @@ -37,7 +37,7 @@ module M_100doors__f [#"100doors.rs" 18 0 18 10] let%span srange35 = "../../../creusot-contracts/src/std/iter/range.rs" 42 15 42 32 let%span srange36 = "../../../creusot-contracts/src/std/iter/range.rs" 43 15 43 32 let%span srange37 = "../../../creusot-contracts/src/std/iter/range.rs" 44 14 44 42 - let%span snum38 = "../../../creusot-contracts/src/std/num.rs" 52 28 52 33 + let%span snum38 = "../../../creusot-contracts/src/std/num.rs" 54 32 54 37 let%span srange39 = "../../../creusot-contracts/src/std/iter/range.rs" 15 12 15 78 let%span sresolve40 = "../../../creusot-contracts/src/resolve.rs" 54 20 54 34 let%span smodel41 = "../../../creusot-contracts/src/model.rs" 88 8 88 22 @@ -85,7 +85,7 @@ module M_100doors__f [#"100doors.rs" 18 0 18 10] function view'0 (self : t_Vec'0) : Seq.seq bool - axiom view'0_spec : forall self : t_Vec'0 . [%#svec17] Seq.length (view'0 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) + axiom view'0_spec : forall self : t_Vec'0 . [%#svec17] Seq.length (view'0 self) <= UInt64.t'int (v_MAX'0 : UInt64.t) use seq.Seq @@ -95,8 +95,8 @@ module M_100doors__f [#"100doors.rs" 18 0 18 10] let rec from_elem'0 (elem:bool) (n:UInt64.t) (return' (ret:t_Vec'0))= {[@expl:from_elem 'elem' type invariant] inv'2 elem} any [ return' (result:t_Vec'0)-> {inv'3 result} - {[%#svec14] Seq.length (view'0 result) = UInt64.to_uint n} - {[%#svec15] forall i : int . 0 <= i /\ i < UInt64.to_uint n -> index_logic'0 result i = elem} + {[%#svec14] Seq.length (view'0 result) = UInt64.t'int n} + {[%#svec15] forall i : int . 0 <= i /\ i < UInt64.t'int n -> index_logic'0 result i = elem} (! return' {result}) ] @@ -132,7 +132,7 @@ module M_100doors__f [#"100doors.rs" 18 0 18 10] use seq.Seq function deep_model'0 (self : UInt64.t) : int = - [%#snum38] UInt64.to_uint self + [%#snum38] UInt64.t'int self use seq.Seq @@ -219,14 +219,14 @@ module M_100doors__f [#"100doors.rs" 18 0 18 10] [%#smodel41] view'0 self predicate in_bounds'0 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq bool) = - [%#sslice42] UInt64.to_uint self < Seq.length seq + [%#sslice42] UInt64.t'int self < Seq.length seq predicate inv'8 (_1 : bool) axiom inv_axiom'8 [@rewrite] : forall x : bool [inv'8 x] . inv'8 x = true predicate has_value'0 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq bool) (out : bool) = - [%#sslice43] Seq.get seq (UInt64.to_uint self) = out + [%#sslice43] Seq.get seq (UInt64.t'int self) = out let rec index'0 (self:t_Vec'0) (index:UInt64.t) (return' (ret:bool))= {[@expl:index 'self' type invariant] inv'6 self} {[@expl:index 'index' type invariant] inv'7 index} @@ -247,7 +247,7 @@ module M_100doors__f [#"100doors.rs" 18 0 18 10] axiom inv_axiom'10 [@rewrite] : forall x : borrowed bool [inv'10 x] . inv'10 x = true predicate resolve_elswhere'0 [@inline:trivial] (self : UInt64.t) (old' : Seq.seq bool) (fin : Seq.seq bool) = - [%#sslice45] forall i : int . 0 <= i /\ i <> UInt64.to_uint self /\ i < Seq.length old' + [%#sslice45] forall i : int . 0 <= i /\ i <> UInt64.t'int self /\ i < Seq.length old' -> Seq.get old' i = Seq.get fin i let rec index_mut'0 (self:borrowed (t_Vec'0)) (index:UInt64.t) (return' (ret:borrowed bool))= {[@expl:index_mut 'self' type invariant] inv'9 self} @@ -333,8 +333,8 @@ module M_100doors__f [#"100doors.rs" 18 0 18 10] | bb14 = bb15 | bb15 = bb15 - [ bb15 = {[@expl:loop invariant #0] [%#s100doors10] 1 <= UInt64.to_uint door - /\ UInt64.to_uint door <= 100 + UInt64.to_uint pass} + [ bb15 = {[@expl:loop invariant #0] [%#s100doors10] 1 <= UInt64.t'int door + /\ UInt64.t'int door <= 100 + UInt64.t'int pass} {[@expl:loop invariant #1] [%#s100doors9] Seq.length (view'0 door_open) = 100} (! s0) [ s0 = bb16 ] [ bb16 = s0 diff --git a/creusot/tests/should_succeed/100doors/why3session.xml b/creusot/tests/should_succeed/100doors/why3session.xml index f56a58b1dd..bc372a89fd 100644 --- a/creusot/tests/should_succeed/100doors/why3session.xml +++ b/creusot/tests/should_succeed/100doors/why3session.xml @@ -7,7 +7,7 @@ - + diff --git a/creusot/tests/should_succeed/100doors/why3shapes.gz b/creusot/tests/should_succeed/100doors/why3shapes.gz index e04b8d59890f65c7ea05c7298f3d8283f9a81cee..c14a03dbbceda58ef3b03491953b7e9adfe32bc7 100644 GIT binary patch literal 600 zcmV-e0;l~SiwFP!00000|E*L@Z`&{ozWZ0?maWAAQ?eC%Xa{5i1o^P`(1F;^U}B{) z=Gd7Z$+llV$+nz6(qM<(K7M>t6yIIVnl0^hGdt+I$*c0?Ow6v{d+krk%fp@V`COMHbh`@LXH&(V>cE# zc7YJc2{|@G2<3zv8zTrgp{X(-VIfb@ySt-X`jS3WJ8fqhAv0c2!vCWdJeRz>e?u>`R+$fl8Q#tx4P42FvxiiX_J>! zAQzOIibZl}CeH}=G$wMZM;=Z&Q(ZL2t**_4sp(dxPBW$pj;AaMZB3^KD!SLceHE_I zONMVGS$B1e(v_v(B4 zbbH1?UTPTnd^{Qd2&Q>l*#@kubJ zZ4i(#YVz{2&}~(keMiQZ<6UwH&bfL05lj0U?Ro1Bh)^tuXVGSr!G@whP#`kqvy4{J mVg{jtKmk|46o3L>#VS$@B~+*a#g$=|@BIZO9w%e<1pok7wICP( literal 595 zcmV-Z0<8TXiwFP!00000|E*L_kJB&^z2{f-R@fDi$Id6(MJh;^b71!X8gYxJt-Fm# zlah}X`1ROnoVK)Eap3mm`OSD{Jf1gqlV(j@-As16Zt|*pKM5yyZ@u;h<>hY5kx2&} zClI6q9z8r#q05(cO}kw0rwlo@Ro3NYOS|mz?Aw${=g3e<2Rz!=)v{aY##lbx-(!Fg z#_1^?UNF8@T#m@GA;M6N zMUIUSd^sY=#t4BNkz*5tP>yKKj3Gqw2)(B#dZbU;mujPJcVpzn>%^YX-!CBi1u!$*{d^Z4&*aE zycUkyeU)viy{@w+|E*K1byF2PJq4Oqb!`ro)6MssBo&ROuXU$Qk5Gsn(kd^hKoL@I zvJTTL?Kva(X-pLM97QnRndze0uXSyjO-(m9iJETRa6I0U(%RIzqoTX??Xz%+-V(lY z$)c-kZQC}?z8Mt}%9+90yz0tj^N)dMhglu92RnJCCC7;vW52udf;LR|qI6Hp$w~-_XoFjvi0}{007H%AC>?B diff --git a/creusot/tests/should_succeed/all_zero/why3shapes.gz b/creusot/tests/should_succeed/all_zero/why3shapes.gz index e28f0e05aa3dce2eec448e41f4ccdc3857cef957..b481598c30506f896fc378d6a1563558cfded78b 100644 GIT binary patch delta 386 zcmV-|0e$|C1CRrd7k_L>Y+NM+iiFCNrIJ^40jEJF5E+`N|GozW;y6t^WHNVt_wM7J zd78P+9*(MUPf9mMUA?%>ojp6Sf>Ko;f$URjRke}~_O7U)lq5pHyJ{~E>BBmGs}IT} z8A)J?wnY%Za+M)2PC%=sE>Fs%k|szrLMT#fiqa#|W`pi^x__>##v^he*##3{`Fo_K zREAM^5-E&(G%1ayR{Bbzs4AtQQs=3qf!e%D#vn--<40iiY~m$lR{Q9<%RWqkvN#zj zF^{C&=HN!|pAc?L&xdWTb$wR3clhWD=9p!#bkU|o-tl&afw@dZ$Z!yjLXk_F`GzRJ zhfu%cH-n5)h

b&A_UFi97IA_aq3K8n>(V9LRoyLMC6}ZOVx5R*t=4Rijx=t@3Or(xG&b(TYZoo z$w?}fXj=raSgvx!C8^M|sjHLpfJ2HzBLt9QQ&t{{Hyd=XvwwB18jtXRhZjt82bp8Dx|~%y}5Blie1ANxBFWX+DVMqged}rW_HLbrITLjR7?0izIzW)TxW>4TbbC zfvGJH{a;|3Sd<($p4mjqu44?x@jSM@s56AW^>wgfA6EKL#PV9vA ew^3L`1uX {[%#sbdd4] UInt64.to_uint result = hash_log'1 (deep_model'1 self)} + [ return' (result:UInt64.t)-> {[%#sbdd4] UInt64.t'int result = hash_log'1 (deep_model'1 self)} (! return' {result}) ] @@ -73,7 +73,7 @@ module M_bdd__hashmap__qyi11648407051195780326__hash [#"bdd.rs" 79 8 79 29] (* < let rec hash'2 (self:t_V'0) (return' (ret:UInt64.t))= {[@expl:hash 'self' type invariant] [%#sbdd3] inv'2 self} any - [ return' (result:UInt64.t)-> {[%#sbdd4] UInt64.to_uint result = hash_log'2 (deep_model'2 self)} + [ return' (result:UInt64.t)-> {[%#sbdd4] UInt64.t'int result = hash_log'2 (deep_model'2 self)} (! return' {result}) ] @@ -92,44 +92,44 @@ module M_bdd__hashmap__qyi11648407051195780326__hash [#"bdd.rs" 79 8 79 29] (* < constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) let rec wrapping_mul'0 (self:UInt64.t) (rhs:UInt64.t) (return' (ret:UInt64.t))= any - [ return' (result:UInt64.t)-> {[%#snum5] UInt64.to_uint result - = EuclideanDivision.mod (UInt64.to_uint self - * UInt64.to_uint rhs) (Power.power 2 (UInt32.to_uint (v_BITS'0 : UInt32.t))) - + UInt64.to_uint (v_MIN'0 : UInt64.t)} - {[%#snum6] UInt64.to_uint self * UInt64.to_uint rhs >= UInt64.to_uint (v_MIN'0 : UInt64.t) - /\ UInt64.to_uint self * UInt64.to_uint rhs <= UInt64.to_uint (v_MAX'0 : UInt64.t) - -> UInt64.to_uint result = UInt64.to_uint self * UInt64.to_uint rhs} - {[%#snum7] UInt64.to_uint self * UInt64.to_uint rhs < UInt64.to_uint (v_MIN'0 : UInt64.t) + [ return' (result:UInt64.t)-> {[%#snum5] UInt64.t'int result + = EuclideanDivision.mod (UInt64.t'int self + * UInt64.t'int rhs) (Power.power 2 (UInt32.t'int (v_BITS'0 : UInt32.t))) + + UInt64.t'int (v_MIN'0 : UInt64.t)} + {[%#snum6] UInt64.t'int self * UInt64.t'int rhs >= UInt64.t'int (v_MIN'0 : UInt64.t) + /\ UInt64.t'int self * UInt64.t'int rhs <= UInt64.t'int (v_MAX'0 : UInt64.t) + -> UInt64.t'int result = UInt64.t'int self * UInt64.t'int rhs} + {[%#snum7] UInt64.t'int self * UInt64.t'int rhs < UInt64.t'int (v_MIN'0 : UInt64.t) -> (exists k : int . k > 0 - /\ UInt64.to_uint result - = UInt64.to_uint self * UInt64.to_uint rhs - + k * (UInt64.to_uint (v_MAX'0 : UInt64.t) - UInt64.to_uint (v_MIN'0 : UInt64.t) + 1))} - {[%#snum8] UInt64.to_uint self * UInt64.to_uint rhs > UInt64.to_uint (v_MAX'0 : UInt64.t) + /\ UInt64.t'int result + = UInt64.t'int self * UInt64.t'int rhs + + k * (UInt64.t'int (v_MAX'0 : UInt64.t) - UInt64.t'int (v_MIN'0 : UInt64.t) + 1))} + {[%#snum8] UInt64.t'int self * UInt64.t'int rhs > UInt64.t'int (v_MAX'0 : UInt64.t) -> (exists k : int . k > 0 - /\ UInt64.to_uint result - = UInt64.to_uint self * UInt64.to_uint rhs - - k * (UInt64.to_uint (v_MAX'0 : UInt64.t) - UInt64.to_uint (v_MIN'0 : UInt64.t) + 1))} + /\ UInt64.t'int result + = UInt64.t'int self * UInt64.t'int rhs + - k * (UInt64.t'int (v_MAX'0 : UInt64.t) - UInt64.t'int (v_MIN'0 : UInt64.t) + 1))} (! return' {result}) ] let rec wrapping_add'0 (self:UInt64.t) (rhs:UInt64.t) (return' (ret:UInt64.t))= any - [ return' (result:UInt64.t)-> {[%#snum9] UInt64.to_uint result - = EuclideanDivision.mod (UInt64.to_uint self - + UInt64.to_uint rhs) (Power.power 2 (UInt32.to_uint (v_BITS'0 : UInt32.t))) - + UInt64.to_uint (v_MIN'0 : UInt64.t)} - {[%#snum10] UInt64.to_uint self + UInt64.to_uint rhs >= UInt64.to_uint (v_MIN'0 : UInt64.t) - /\ UInt64.to_uint self + UInt64.to_uint rhs <= UInt64.to_uint (v_MAX'0 : UInt64.t) - -> UInt64.to_uint result = UInt64.to_uint self + UInt64.to_uint rhs} - {[%#snum11] UInt64.to_uint self + UInt64.to_uint rhs < UInt64.to_uint (v_MIN'0 : UInt64.t) + [ return' (result:UInt64.t)-> {[%#snum9] UInt64.t'int result + = EuclideanDivision.mod (UInt64.t'int self + + UInt64.t'int rhs) (Power.power 2 (UInt32.t'int (v_BITS'0 : UInt32.t))) + + UInt64.t'int (v_MIN'0 : UInt64.t)} + {[%#snum10] UInt64.t'int self + UInt64.t'int rhs >= UInt64.t'int (v_MIN'0 : UInt64.t) + /\ UInt64.t'int self + UInt64.t'int rhs <= UInt64.t'int (v_MAX'0 : UInt64.t) + -> UInt64.t'int result = UInt64.t'int self + UInt64.t'int rhs} + {[%#snum11] UInt64.t'int self + UInt64.t'int rhs < UInt64.t'int (v_MIN'0 : UInt64.t) -> (exists k : int . k > 0 - /\ UInt64.to_uint result - = UInt64.to_uint self + UInt64.to_uint rhs - + k * (UInt64.to_uint (v_MAX'0 : UInt64.t) - UInt64.to_uint (v_MIN'0 : UInt64.t) + 1))} - {[%#snum12] UInt64.to_uint self + UInt64.to_uint rhs > UInt64.to_uint (v_MAX'0 : UInt64.t) + /\ UInt64.t'int result + = UInt64.t'int self + UInt64.t'int rhs + + k * (UInt64.t'int (v_MAX'0 : UInt64.t) - UInt64.t'int (v_MIN'0 : UInt64.t) + 1))} + {[%#snum12] UInt64.t'int self + UInt64.t'int rhs > UInt64.t'int (v_MAX'0 : UInt64.t) -> (exists k : int . k > 0 - /\ UInt64.to_uint result - = UInt64.to_uint self + UInt64.to_uint rhs - - k * (UInt64.to_uint (v_MAX'0 : UInt64.t) - UInt64.to_uint (v_MIN'0 : UInt64.t) + 1))} + /\ UInt64.t'int result + = UInt64.t'int self + UInt64.t'int rhs + - k * (UInt64.t'int (v_MAX'0 : UInt64.t) - UInt64.t'int (v_MIN'0 : UInt64.t) + 1))} (! return' {result}) ] @@ -155,7 +155,7 @@ module M_bdd__hashmap__qyi11648407051195780326__hash [#"bdd.rs" 79 8 79 29] (* < function hash_log'0 [#"bdd.rs" 85 8 85 48] (x : (t_DeepModelTy'0, t_DeepModelTy'1)) : int = [%#sbdd14] mod (hash_log'1 (let (a, _) = x in a) - + hash_log'2 (let (_, a) = x in a) * 17) (UInt64.to_uint (v_MAX'0 : UInt64.t) + 1) + + hash_log'2 (let (_, a) = x in a) * 17) (UInt64.t'int (v_MAX'0 : UInt64.t) + 1) meta "compute_max_steps" 1000000 @@ -175,8 +175,7 @@ module M_bdd__hashmap__qyi11648407051195780326__hash [#"bdd.rs" 79 8 79 29] (* < | & _5 : UInt64.t = any_l () | & _6 : UInt64.t = any_l () ] - [ return' (result:UInt64.t)-> {[@expl:hash ensures] [%#sbdd2] UInt64.to_uint result - = hash_log'0 (deep_model'0 self)} + [ return' (result:UInt64.t)-> {[@expl:hash ensures] [%#sbdd2] UInt64.t'int result = hash_log'0 (deep_model'0 self)} (! return' {result}) ] end @@ -210,7 +209,7 @@ module M_bdd__qyi4854841669736991510__eq [#"bdd.rs" 93 13 93 22] (* {[%#snum5] UInt64.to_uint result - = EuclideanDivision.mod (UInt64.to_uint self - * UInt64.to_uint rhs) (Power.power 2 (UInt32.to_uint (v_BITS'0 : UInt32.t))) - + UInt64.to_uint (v_MIN'0 : UInt64.t)} - {[%#snum6] UInt64.to_uint self * UInt64.to_uint rhs >= UInt64.to_uint (v_MIN'0 : UInt64.t) - /\ UInt64.to_uint self * UInt64.to_uint rhs <= UInt64.to_uint (v_MAX'0 : UInt64.t) - -> UInt64.to_uint result = UInt64.to_uint self * UInt64.to_uint rhs} - {[%#snum7] UInt64.to_uint self * UInt64.to_uint rhs < UInt64.to_uint (v_MIN'0 : UInt64.t) + [ return' (result:UInt64.t)-> {[%#snum5] UInt64.t'int result + = EuclideanDivision.mod (UInt64.t'int self + * UInt64.t'int rhs) (Power.power 2 (UInt32.t'int (v_BITS'0 : UInt32.t))) + + UInt64.t'int (v_MIN'0 : UInt64.t)} + {[%#snum6] UInt64.t'int self * UInt64.t'int rhs >= UInt64.t'int (v_MIN'0 : UInt64.t) + /\ UInt64.t'int self * UInt64.t'int rhs <= UInt64.t'int (v_MAX'0 : UInt64.t) + -> UInt64.t'int result = UInt64.t'int self * UInt64.t'int rhs} + {[%#snum7] UInt64.t'int self * UInt64.t'int rhs < UInt64.t'int (v_MIN'0 : UInt64.t) -> (exists k : int . k > 0 - /\ UInt64.to_uint result - = UInt64.to_uint self * UInt64.to_uint rhs - + k * (UInt64.to_uint (v_MAX'0 : UInt64.t) - UInt64.to_uint (v_MIN'0 : UInt64.t) + 1))} - {[%#snum8] UInt64.to_uint self * UInt64.to_uint rhs > UInt64.to_uint (v_MAX'0 : UInt64.t) + /\ UInt64.t'int result + = UInt64.t'int self * UInt64.t'int rhs + + k * (UInt64.t'int (v_MAX'0 : UInt64.t) - UInt64.t'int (v_MIN'0 : UInt64.t) + 1))} + {[%#snum8] UInt64.t'int self * UInt64.t'int rhs > UInt64.t'int (v_MAX'0 : UInt64.t) -> (exists k : int . k > 0 - /\ UInt64.to_uint result - = UInt64.to_uint self * UInt64.to_uint rhs - - k * (UInt64.to_uint (v_MAX'0 : UInt64.t) - UInt64.to_uint (v_MIN'0 : UInt64.t) + 1))} + /\ UInt64.t'int result + = UInt64.t'int self * UInt64.t'int rhs + - k * (UInt64.t'int (v_MAX'0 : UInt64.t) - UInt64.t'int (v_MIN'0 : UInt64.t) + 1))} (! return' {result}) ] let rec wrapping_add'0 (self:UInt64.t) (rhs:UInt64.t) (return' (ret:UInt64.t))= any - [ return' (result:UInt64.t)-> {[%#snum9] UInt64.to_uint result - = EuclideanDivision.mod (UInt64.to_uint self - + UInt64.to_uint rhs) (Power.power 2 (UInt32.to_uint (v_BITS'0 : UInt32.t))) - + UInt64.to_uint (v_MIN'0 : UInt64.t)} - {[%#snum10] UInt64.to_uint self + UInt64.to_uint rhs >= UInt64.to_uint (v_MIN'0 : UInt64.t) - /\ UInt64.to_uint self + UInt64.to_uint rhs <= UInt64.to_uint (v_MAX'0 : UInt64.t) - -> UInt64.to_uint result = UInt64.to_uint self + UInt64.to_uint rhs} - {[%#snum11] UInt64.to_uint self + UInt64.to_uint rhs < UInt64.to_uint (v_MIN'0 : UInt64.t) + [ return' (result:UInt64.t)-> {[%#snum9] UInt64.t'int result + = EuclideanDivision.mod (UInt64.t'int self + + UInt64.t'int rhs) (Power.power 2 (UInt32.t'int (v_BITS'0 : UInt32.t))) + + UInt64.t'int (v_MIN'0 : UInt64.t)} + {[%#snum10] UInt64.t'int self + UInt64.t'int rhs >= UInt64.t'int (v_MIN'0 : UInt64.t) + /\ UInt64.t'int self + UInt64.t'int rhs <= UInt64.t'int (v_MAX'0 : UInt64.t) + -> UInt64.t'int result = UInt64.t'int self + UInt64.t'int rhs} + {[%#snum11] UInt64.t'int self + UInt64.t'int rhs < UInt64.t'int (v_MIN'0 : UInt64.t) -> (exists k : int . k > 0 - /\ UInt64.to_uint result - = UInt64.to_uint self + UInt64.to_uint rhs - + k * (UInt64.to_uint (v_MAX'0 : UInt64.t) - UInt64.to_uint (v_MIN'0 : UInt64.t) + 1))} - {[%#snum12] UInt64.to_uint self + UInt64.to_uint rhs > UInt64.to_uint (v_MAX'0 : UInt64.t) + /\ UInt64.t'int result + = UInt64.t'int self + UInt64.t'int rhs + + k * (UInt64.t'int (v_MAX'0 : UInt64.t) - UInt64.t'int (v_MIN'0 : UInt64.t) + 1))} + {[%#snum12] UInt64.t'int self + UInt64.t'int rhs > UInt64.t'int (v_MAX'0 : UInt64.t) -> (exists k : int . k > 0 - /\ UInt64.to_uint result - = UInt64.to_uint self + UInt64.to_uint rhs - - k * (UInt64.to_uint (v_MAX'0 : UInt64.t) - UInt64.to_uint (v_MIN'0 : UInt64.t) + 1))} + /\ UInt64.t'int result + = UInt64.t'int self + UInt64.t'int rhs + - k * (UInt64.t'int (v_MAX'0 : UInt64.t) - UInt64.t'int (v_MIN'0 : UInt64.t) + 1))} (! return' {result}) ] @@ -609,8 +608,8 @@ module M_bdd__qyi699402059438633899__hash [#"bdd.rs" 119 4 119 25] (* 1 | C_True'1 -> 2 - | C_If'1 v childt childf -> mod (UInt64.to_uint v + UInt64.to_uint childt * 5 - + UInt64.to_uint childf * 7) (UInt64.to_uint (v_MAX'0 : UInt64.t) + 1) + | C_If'1 v childt childf -> mod (UInt64.t'int v + UInt64.t'int childt * 5 + + UInt64.t'int childf * 7) (UInt64.t'int (v_MAX'0 : UInt64.t) + 1) end meta "compute_max_steps" 1000000 @@ -652,7 +651,7 @@ module M_bdd__qyi699402059438633899__hash [#"bdd.rs" 119 4 119 25] (* {[@expl:hash ensures] [%#sbdd4] UInt64.to_uint result = hash_log'0 (view'0 self)} + [ return' (result:UInt64.t)-> {[@expl:hash ensures] [%#sbdd4] UInt64.t'int result = hash_log'0 (view'0 self)} (! return' {result}) ] end @@ -690,14 +689,14 @@ module M_bdd__qyi14323183011761258016__hash [#"bdd.rs" 145 4 145 25] (* {[@expl:hash ensures] [%#sbdd0] UInt64.to_uint result = hash_log'0 (view'0 self)} + [ return' (result:UInt64.t)-> {[@expl:hash ensures] [%#sbdd0] UInt64.t'int result = hash_log'0 (view'0 self)} (! return' {result}) ] end @@ -830,7 +829,7 @@ module M_bdd__qyi11078426090797403070__grows_is_valid_bdd [#"bdd.rs" 339 4 339 5 use map.Map predicate grows'0 [#"bdd.rs" 299 4 299 35] (self : borrowed (t_Context'0)) = - [%#sbdd4] UInt64.to_uint (self.current).t_Context__cnt'0 <= UInt64.to_uint (self.final).t_Context__cnt'0 + [%#sbdd4] UInt64.t'int (self.current).t_Context__cnt'0 <= UInt64.t'int (self.final).t_Context__cnt'0 /\ (forall n : t_NodeLog'0 . match Map.get (view'0 (self.current).t_Context__hashcons'0) n with | C_Some'0 b -> Map.get (view'0 (self.final).t_Context__hashcons'0) n = C_Some'0 b | C_None'0 -> true @@ -919,7 +918,7 @@ module M_bdd__qyi11078426090797403070__grows_trans [#"bdd.rs" 348 4 348 62] (* C use map.Map predicate grows'0 [#"bdd.rs" 299 4 299 35] (self : borrowed (t_Context'0)) = - [%#sbdd6] UInt64.to_uint (self.current).t_Context__cnt'0 <= UInt64.to_uint (self.final).t_Context__cnt'0 + [%#sbdd6] UInt64.t'int (self.current).t_Context__cnt'0 <= UInt64.t'int (self.final).t_Context__cnt'0 /\ (forall n : t_NodeLog'0 . match Map.get (view'0 (self.current).t_Context__hashcons'0) n with | C_Some'0 b -> Map.get (view'0 (self.final).t_Context__hashcons'0) n = C_Some'0 b | C_None'0 -> true @@ -1034,12 +1033,12 @@ module M_bdd__qyi11078426090797403070__set_irrelevent_var [#"bdd.rs" 355 4 355 8 constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) function view'2 (self : UInt64.t) : int = - [%#smodel8] UInt64.to_uint self + [%#smodel8] UInt64.t'int self function leastvar'0 [#"bdd.rs" 242 4 242 28] (self : t_Bdd'0) : int = [%#sbdd6] match self with - | {t_Bdd__0'0 = C_True'0} -> UInt64.to_uint (v_MAX'0 : UInt64.t) + 1 - | {t_Bdd__0'0 = C_False'0} -> UInt64.to_uint (v_MAX'0 : UInt64.t) + 1 + | {t_Bdd__0'0 = C_True'0} -> UInt64.t'int (v_MAX'0 : UInt64.t) + 1 + | {t_Bdd__0'0 = C_False'0} -> UInt64.t'int (v_MAX'0 : UInt64.t) + 1 | {t_Bdd__0'0 = C_If'0 v _ _} -> view'2 v end @@ -1049,7 +1048,7 @@ module M_bdd__qyi11078426090797403070__set_irrelevent_var [#"bdd.rs" 355 4 355 8 | C_False'0 -> true | C_If'0 v childt childf -> childt.t_Bdd__0'0 <> childf.t_Bdd__0'0 /\ is_valid_bdd'0 self childt - /\ is_valid_bdd'0 self childf /\ UInt64.to_uint v < leastvar'0 childt /\ UInt64.to_uint v < leastvar'0 childf + /\ is_valid_bdd'0 self childf /\ UInt64.t'int v < leastvar'0 childt /\ UInt64.t'int v < leastvar'0 childf end type t_Ordering'0 = @@ -1185,17 +1184,17 @@ module M_bdd__qyi11078426090797403070__set_irrelevent_var [#"bdd.rs" 355 4 355 8 function set_irrelevent_var'0 [#"bdd.rs" 355 4 355 87] (self : t_Context'0) (a : t_Bdd'0) (x : UInt64.t) (v : Map.map UInt64.t bool) (b : bool) : () - goal vc_set_irrelevent_var'0 : ([%#sbdd2] UInt64.to_uint x < leastvar'0 a) + goal vc_set_irrelevent_var'0 : ([%#sbdd2] UInt64.t'int x < leastvar'0 a) -> ([%#sbdd1] is_valid_bdd'0 self a) -> ([%#sbdd0] inv'0 self) -> match a with | {t_Bdd__0'0 = C_If'0 _ childt childf} -> (([@expl:set_irrelevent_var requires #0] [%#sbdd0] inv'0 self) && ([@expl:set_irrelevent_var requires #1] [%#sbdd1] is_valid_bdd'0 self childt) - && ([@expl:set_irrelevent_var requires #2] [%#sbdd2] UInt64.to_uint x < leastvar'0 childt)) + && ([@expl:set_irrelevent_var requires #2] [%#sbdd2] UInt64.t'int x < leastvar'0 childt)) /\ (([%#sbdd3] interp'0 childt v = interp'0 childt (Map.set v x b)) -> (let _ = set_irrelevent_var'0 self childt x v b in (([@expl:set_irrelevent_var requires #0] [%#sbdd0] inv'0 self) && ([@expl:set_irrelevent_var requires #1] [%#sbdd1] is_valid_bdd'0 self childf) - && ([@expl:set_irrelevent_var requires #2] [%#sbdd2] UInt64.to_uint x < leastvar'0 childf)) + && ([@expl:set_irrelevent_var requires #2] [%#sbdd2] UInt64.t'int x < leastvar'0 childf)) /\ (([%#sbdd3] interp'0 childf v = interp'0 childf (Map.set v x b)) -> (let _ = set_irrelevent_var'0 self childf x v b in [%#sbdd3] interp'0 a v = interp'0 a (Map.set v x b))))) | _ -> [%#sbdd3] interp'0 a v = interp'0 a (Map.set v x b) @@ -1306,12 +1305,12 @@ module M_bdd__qyi11078426090797403070__discr_valuation [#"bdd.rs" 375 4 375 82] constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) function view'2 (self : UInt64.t) : int = - [%#smodel17] UInt64.to_uint self + [%#smodel17] UInt64.t'int self function leastvar'0 [#"bdd.rs" 242 4 242 28] (self : t_Bdd'0) : int = [%#sbdd16] match self with - | {t_Bdd__0'0 = C_True'0} -> UInt64.to_uint (v_MAX'0 : UInt64.t) + 1 - | {t_Bdd__0'0 = C_False'0} -> UInt64.to_uint (v_MAX'0 : UInt64.t) + 1 + | {t_Bdd__0'0 = C_True'0} -> UInt64.t'int (v_MAX'0 : UInt64.t) + 1 + | {t_Bdd__0'0 = C_False'0} -> UInt64.t'int (v_MAX'0 : UInt64.t) + 1 | {t_Bdd__0'0 = C_If'0 v _ _} -> view'2 v end @@ -1321,7 +1320,7 @@ module M_bdd__qyi11078426090797403070__discr_valuation [#"bdd.rs" 375 4 375 82] | C_False'0 -> true | C_If'0 v childt childf -> childt.t_Bdd__0'0 <> childf.t_Bdd__0'0 /\ is_valid_bdd'0 self childt - /\ is_valid_bdd'0 self childf /\ UInt64.to_uint v < leastvar'0 childt /\ UInt64.to_uint v < leastvar'0 childf + /\ is_valid_bdd'0 self childf /\ UInt64.t'int v < leastvar'0 childt /\ UInt64.t'int v < leastvar'0 childf end type t_Ordering'0 = @@ -1463,7 +1462,7 @@ module M_bdd__qyi11078426090797403070__discr_valuation [#"bdd.rs" 375 4 375 82] axiom set_irrelevent_var'0_spec : forall self : t_Context'0, a : t_Bdd'0, x : UInt64.t, v : Map.map UInt64.t bool, b : bool . ([%#sbdd11] inv'0 self) -> ([%#sbdd12] is_valid_bdd'0 self a) - -> ([%#sbdd13] UInt64.to_uint x < leastvar'0 a) -> ([%#sbdd14] interp'0 a v = interp'0 a (Map.set v x b)) + -> ([%#sbdd13] UInt64.t'int x < leastvar'0 a) -> ([%#sbdd14] interp'0 a v = interp'0 a (Map.set v x b)) use map.Const @@ -1679,12 +1678,12 @@ module M_bdd__qyi11078426090797403070__bdd_canonical [#"bdd.rs" 424 4 424 62] (* constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) function view'3 (self : UInt64.t) : int = - [%#smodel15] UInt64.to_uint self + [%#smodel15] UInt64.t'int self function leastvar'0 [#"bdd.rs" 242 4 242 28] (self : t_Bdd'0) : int = [%#sbdd23] match self with - | {t_Bdd__0'0 = C_True'0} -> UInt64.to_uint (v_MAX'0 : UInt64.t) + 1 - | {t_Bdd__0'0 = C_False'0} -> UInt64.to_uint (v_MAX'0 : UInt64.t) + 1 + | {t_Bdd__0'0 = C_True'0} -> UInt64.t'int (v_MAX'0 : UInt64.t) + 1 + | {t_Bdd__0'0 = C_False'0} -> UInt64.t'int (v_MAX'0 : UInt64.t) + 1 | {t_Bdd__0'0 = C_If'0 v _ _} -> view'3 v end @@ -1694,7 +1693,7 @@ module M_bdd__qyi11078426090797403070__bdd_canonical [#"bdd.rs" 424 4 424 62] (* | C_False'0 -> true | C_If'0 v childt childf -> childt.t_Bdd__0'0 <> childf.t_Bdd__0'0 /\ is_valid_bdd'0 self childt - /\ is_valid_bdd'0 self childf /\ UInt64.to_uint v < leastvar'0 childt /\ UInt64.to_uint v < leastvar'0 childf + /\ is_valid_bdd'0 self childf /\ UInt64.t'int v < leastvar'0 childt /\ UInt64.t'int v < leastvar'0 childf end type t_Ordering'0 = @@ -1836,7 +1835,7 @@ module M_bdd__qyi11078426090797403070__bdd_canonical [#"bdd.rs" 424 4 424 62] (* axiom set_irrelevent_var'0_spec : forall self : t_Context'0, a : t_Bdd'0, x : UInt64.t, v : Map.map UInt64.t bool, b : bool . ([%#sbdd18] inv'0 self) -> ([%#sbdd19] is_valid_bdd'0 self a) - -> ([%#sbdd20] UInt64.to_uint x < leastvar'0 a) -> ([%#sbdd21] interp'0 a v = interp'0 a (Map.set v x b)) + -> ([%#sbdd20] UInt64.t'int x < leastvar'0 a) -> ([%#sbdd21] interp'0 a v = interp'0 a (Map.set v x b)) use map.Const @@ -2034,12 +2033,12 @@ module M_bdd__qyi11078426090797403070__new [#"bdd.rs" 430 4 430 52] (* Context<' constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) function view'5 (self : UInt64.t) : int = - [%#smodel8] UInt64.to_uint self + [%#smodel8] UInt64.t'int self function leastvar'0 [#"bdd.rs" 242 4 242 28] (self : t_Bdd'0) : int = [%#sbdd12] match self with - | {t_Bdd__0'0 = C_True'0} -> UInt64.to_uint (v_MAX'0 : UInt64.t) + 1 - | {t_Bdd__0'0 = C_False'0} -> UInt64.to_uint (v_MAX'0 : UInt64.t) + 1 + | {t_Bdd__0'0 = C_True'0} -> UInt64.t'int (v_MAX'0 : UInt64.t) + 1 + | {t_Bdd__0'0 = C_False'0} -> UInt64.t'int (v_MAX'0 : UInt64.t) + 1 | {t_Bdd__0'0 = C_If'0 v _ _} -> view'5 v end @@ -2049,7 +2048,7 @@ module M_bdd__qyi11078426090797403070__new [#"bdd.rs" 430 4 430 52] (* Context<' | C_False'0 -> true | C_If'0 v childt childf -> childt.t_Bdd__0'0 <> childf.t_Bdd__0'0 /\ is_valid_bdd'0 self childt - /\ is_valid_bdd'0 self childf /\ UInt64.to_uint v < leastvar'0 childt /\ UInt64.to_uint v < leastvar'0 childf + /\ is_valid_bdd'0 self childf /\ UInt64.t'int v < leastvar'0 childt /\ UInt64.t'int v < leastvar'0 childf end type t_Ordering'0 = @@ -2386,12 +2385,12 @@ module M_bdd__qyi11078426090797403070__hashcons [#"bdd.rs" 446 4 446 58] (* Cont constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) function view'5 (self : UInt64.t) : int = - [%#smodel19] UInt64.to_uint self + [%#smodel19] UInt64.t'int self function leastvar'0 [#"bdd.rs" 242 4 242 28] (self : t_Bdd'0) : int = [%#sbdd28] match self with - | {t_Bdd__0'0 = C_True'0} -> UInt64.to_uint (v_MAX'0 : UInt64.t) + 1 - | {t_Bdd__0'0 = C_False'0} -> UInt64.to_uint (v_MAX'0 : UInt64.t) + 1 + | {t_Bdd__0'0 = C_True'0} -> UInt64.t'int (v_MAX'0 : UInt64.t) + 1 + | {t_Bdd__0'0 = C_False'0} -> UInt64.t'int (v_MAX'0 : UInt64.t) + 1 | {t_Bdd__0'0 = C_If'0 v _ _} -> view'5 v end @@ -2401,7 +2400,7 @@ module M_bdd__qyi11078426090797403070__hashcons [#"bdd.rs" 446 4 446 58] (* Cont | C_False'0 -> true | C_If'0 v childt childf -> childt.t_Bdd__0'0 <> childf.t_Bdd__0'0 /\ is_valid_bdd'0 self childt - /\ is_valid_bdd'0 self childf /\ UInt64.to_uint v < leastvar'0 childt /\ UInt64.to_uint v < leastvar'0 childf + /\ is_valid_bdd'0 self childf /\ UInt64.t'int v < leastvar'0 childt /\ UInt64.t'int v < leastvar'0 childf end type t_Ordering'0 = @@ -2543,7 +2542,7 @@ module M_bdd__qyi11078426090797403070__hashcons [#"bdd.rs" 446 4 446 58] (* Cont use prelude.prelude.Snapshot predicate grows'0 [#"bdd.rs" 299 4 299 35] (self : borrowed (t_Context'0)) = - [%#sbdd22] UInt64.to_uint (self.current).t_Context__cnt'0 <= UInt64.to_uint (self.final).t_Context__cnt'0 + [%#sbdd22] UInt64.t'int (self.current).t_Context__cnt'0 <= UInt64.t'int (self.final).t_Context__cnt'0 /\ (forall n : t_NodeLog'0 . match Map.get (view'3 (self.current).t_Context__hashcons'0) n with | C_Some'1 b -> Map.get (view'3 (self.final).t_Context__hashcons'0) n = C_Some'1 b | C_None'1 -> true @@ -2770,12 +2769,12 @@ module M_bdd__qyi11078426090797403070__node [#"bdd.rs" 471 4 471 87] (* Context< constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) function view'3 (self : UInt64.t) : int = - [%#smodel18] UInt64.to_uint self + [%#smodel18] UInt64.t'int self function leastvar'0 [#"bdd.rs" 242 4 242 28] (self : t_Bdd'0) : int = [%#sbdd15] match self with - | {t_Bdd__0'0 = C_True'0} -> UInt64.to_uint (v_MAX'0 : UInt64.t) + 1 - | {t_Bdd__0'0 = C_False'0} -> UInt64.to_uint (v_MAX'0 : UInt64.t) + 1 + | {t_Bdd__0'0 = C_True'0} -> UInt64.t'int (v_MAX'0 : UInt64.t) + 1 + | {t_Bdd__0'0 = C_False'0} -> UInt64.t'int (v_MAX'0 : UInt64.t) + 1 | {t_Bdd__0'0 = C_If'0 v _ _} -> view'3 v end @@ -2785,7 +2784,7 @@ module M_bdd__qyi11078426090797403070__node [#"bdd.rs" 471 4 471 87] (* Context< | C_False'0 -> true | C_If'0 v childt childf -> childt.t_Bdd__0'0 <> childf.t_Bdd__0'0 /\ is_valid_bdd'0 self childt - /\ is_valid_bdd'0 self childf /\ UInt64.to_uint v < leastvar'0 childt /\ UInt64.to_uint v < leastvar'0 childf + /\ is_valid_bdd'0 self childf /\ UInt64.t'int v < leastvar'0 childt /\ UInt64.t'int v < leastvar'0 childf end type t_Ordering'0 = @@ -2920,7 +2919,7 @@ module M_bdd__qyi11078426090797403070__node [#"bdd.rs" 471 4 471 87] (* Context< resolve'1 _1 predicate grows'0 [#"bdd.rs" 299 4 299 35] (self : borrowed (t_Context'0)) = - [%#sbdd16] UInt64.to_uint (self.current).t_Context__cnt'0 <= UInt64.to_uint (self.final).t_Context__cnt'0 + [%#sbdd16] UInt64.t'int (self.current).t_Context__cnt'0 <= UInt64.t'int (self.final).t_Context__cnt'0 /\ (forall n : t_NodeLog'0 . match Map.get (view'1 (self.current).t_Context__hashcons'0) n with | C_Some'0 b -> Map.get (view'1 (self.final).t_Context__hashcons'0) n = C_Some'0 b | C_None'0 -> true @@ -2942,7 +2941,7 @@ module M_bdd__qyi11078426090797403070__node [#"bdd.rs" 471 4 471 87] (* Context< let rec node'0 (self:borrowed (t_Context'0)) (x:UInt64.t) (childt:t_Bdd'0) (childf:t_Bdd'0) (return' (ret:t_Bdd'0))= {[@expl:node 'self' type invariant] [%#sbdd0] inv'0 self} {[@expl:node requires #0] [%#sbdd1] is_valid_bdd'0 self.current childt} {[@expl:node requires #1] [%#sbdd2] is_valid_bdd'0 self.current childf} - {[@expl:node requires #2] [%#sbdd3] UInt64.to_uint x < leastvar'0 childt /\ UInt64.to_uint x < leastvar'0 childf} + {[@expl:node requires #2] [%#sbdd3] UInt64.t'int x < leastvar'0 childt /\ UInt64.t'int x < leastvar'0 childf} (! bb0 [ bb0 = s0 [ s0 = eq'0 {childt} {childf} (fun (_ret':bool) -> [ &_13 <- _ret' ] s1) | s1 = bb1 ] | bb1 = any [ br0 -> {_13 = false} (! bb3) | br1 -> {_13} (! bb2) ] @@ -2980,7 +2979,7 @@ module M_bdd__qyi11078426090797403070__node [#"bdd.rs" 471 4 471 87] (* Context< {[@expl:node ensures #1] [%#sbdd5] is_valid_bdd'0 self.final result} {[@expl:node ensures #2] [%#sbdd6] forall v : Map.map UInt64.t bool . interp'0 result v = (if Map.get v x then interp'0 childt v else interp'0 childf v)} - {[@expl:node ensures #3] [%#sbdd7] UInt64.to_uint x <= leastvar'0 result} + {[@expl:node ensures #3] [%#sbdd7] UInt64.t'int x <= leastvar'0 result} (! return' {result}) ] end @@ -3088,12 +3087,12 @@ module M_bdd__qyi11078426090797403070__trueqy95z [#"bdd.rs" 482 4 482 42] (* Con constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) function view'2 (self : UInt64.t) : int = - [%#smodel16] UInt64.to_uint self + [%#smodel16] UInt64.t'int self function leastvar'0 [#"bdd.rs" 242 4 242 28] (self : t_Bdd'0) : int = [%#sbdd13] match self with - | {t_Bdd__0'0 = C_True'0} -> UInt64.to_uint (v_MAX'0 : UInt64.t) + 1 - | {t_Bdd__0'0 = C_False'0} -> UInt64.to_uint (v_MAX'0 : UInt64.t) + 1 + | {t_Bdd__0'0 = C_True'0} -> UInt64.t'int (v_MAX'0 : UInt64.t) + 1 + | {t_Bdd__0'0 = C_False'0} -> UInt64.t'int (v_MAX'0 : UInt64.t) + 1 | {t_Bdd__0'0 = C_If'0 v _ _} -> view'2 v end @@ -3103,7 +3102,7 @@ module M_bdd__qyi11078426090797403070__trueqy95z [#"bdd.rs" 482 4 482 42] (* Con | C_False'0 -> true | C_If'0 v childt childf -> childt.t_Bdd__0'0 <> childf.t_Bdd__0'0 /\ is_valid_bdd'0 self childt - /\ is_valid_bdd'0 self childf /\ UInt64.to_uint v < leastvar'0 childt /\ UInt64.to_uint v < leastvar'0 childf + /\ is_valid_bdd'0 self childf /\ UInt64.t'int v < leastvar'0 childt /\ UInt64.t'int v < leastvar'0 childf end type t_Ordering'0 = @@ -3232,7 +3231,7 @@ module M_bdd__qyi11078426090797403070__trueqy95z [#"bdd.rs" 482 4 482 42] (* Con axiom inv_axiom'1 [@rewrite] : forall x : borrowed (t_Context'0) [inv'1 x] . inv'1 x = invariant'1 x predicate grows'0 [#"bdd.rs" 299 4 299 35] (self : borrowed (t_Context'0)) = - [%#sbdd10] UInt64.to_uint (self.current).t_Context__cnt'0 <= UInt64.to_uint (self.final).t_Context__cnt'0 + [%#sbdd10] UInt64.t'int (self.current).t_Context__cnt'0 <= UInt64.t'int (self.final).t_Context__cnt'0 /\ (forall n : t_NodeLog'0 . match Map.get (view'0 (self.current).t_Context__hashcons'0) n with | C_Some'0 b -> Map.get (view'0 (self.final).t_Context__hashcons'0) n = C_Some'0 b | C_None'0 -> true @@ -3281,7 +3280,7 @@ module M_bdd__qyi11078426090797403070__trueqy95z [#"bdd.rs" 482 4 482 42] (* Con [ return' (result:t_Bdd'0)-> {[@expl:true_ ensures #0] [%#sbdd1] grows'0 self} {[@expl:true_ ensures #1] [%#sbdd2] is_valid_bdd'0 self.final result} {[@expl:true_ ensures #2] [%#sbdd3] forall v : Map.map UInt64.t bool . interp'0 result v} - {[@expl:true_ ensures #3] [%#sbdd4] UInt64.to_uint (v_MAX'0 : UInt64.t) + 1 = leastvar'0 result} + {[@expl:true_ ensures #3] [%#sbdd4] UInt64.t'int (v_MAX'0 : UInt64.t) + 1 = leastvar'0 result} (! return' {result}) ] end @@ -3389,12 +3388,12 @@ module M_bdd__qyi11078426090797403070__falseqy95z [#"bdd.rs" 490 4 490 43] (* Co constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) function view'2 (self : UInt64.t) : int = - [%#smodel16] UInt64.to_uint self + [%#smodel16] UInt64.t'int self function leastvar'0 [#"bdd.rs" 242 4 242 28] (self : t_Bdd'0) : int = [%#sbdd13] match self with - | {t_Bdd__0'0 = C_True'0} -> UInt64.to_uint (v_MAX'0 : UInt64.t) + 1 - | {t_Bdd__0'0 = C_False'0} -> UInt64.to_uint (v_MAX'0 : UInt64.t) + 1 + | {t_Bdd__0'0 = C_True'0} -> UInt64.t'int (v_MAX'0 : UInt64.t) + 1 + | {t_Bdd__0'0 = C_False'0} -> UInt64.t'int (v_MAX'0 : UInt64.t) + 1 | {t_Bdd__0'0 = C_If'0 v _ _} -> view'2 v end @@ -3404,7 +3403,7 @@ module M_bdd__qyi11078426090797403070__falseqy95z [#"bdd.rs" 490 4 490 43] (* Co | C_False'0 -> true | C_If'0 v childt childf -> childt.t_Bdd__0'0 <> childf.t_Bdd__0'0 /\ is_valid_bdd'0 self childt - /\ is_valid_bdd'0 self childf /\ UInt64.to_uint v < leastvar'0 childt /\ UInt64.to_uint v < leastvar'0 childf + /\ is_valid_bdd'0 self childf /\ UInt64.t'int v < leastvar'0 childt /\ UInt64.t'int v < leastvar'0 childf end type t_Ordering'0 = @@ -3533,7 +3532,7 @@ module M_bdd__qyi11078426090797403070__falseqy95z [#"bdd.rs" 490 4 490 43] (* Co axiom inv_axiom'1 [@rewrite] : forall x : borrowed (t_Context'0) [inv'1 x] . inv'1 x = invariant'1 x predicate grows'0 [#"bdd.rs" 299 4 299 35] (self : borrowed (t_Context'0)) = - [%#sbdd10] UInt64.to_uint (self.current).t_Context__cnt'0 <= UInt64.to_uint (self.final).t_Context__cnt'0 + [%#sbdd10] UInt64.t'int (self.current).t_Context__cnt'0 <= UInt64.t'int (self.final).t_Context__cnt'0 /\ (forall n : t_NodeLog'0 . match Map.get (view'0 (self.current).t_Context__hashcons'0) n with | C_Some'0 b -> Map.get (view'0 (self.final).t_Context__hashcons'0) n = C_Some'0 b | C_None'0 -> true @@ -3582,7 +3581,7 @@ module M_bdd__qyi11078426090797403070__falseqy95z [#"bdd.rs" 490 4 490 43] (* Co [ return' (result:t_Bdd'0)-> {[@expl:false_ ensures #0] [%#sbdd1] grows'0 self} {[@expl:false_ ensures #1] [%#sbdd2] is_valid_bdd'0 self.final result} {[@expl:false_ ensures #2] [%#sbdd3] forall v : Map.map UInt64.t bool . not interp'0 result v} - {[@expl:false_ ensures #3] [%#sbdd4] UInt64.to_uint (v_MAX'0 : UInt64.t) + 1 = leastvar'0 result} + {[@expl:false_ ensures #3] [%#sbdd4] UInt64.t'int (v_MAX'0 : UInt64.t) + 1 = leastvar'0 result} (! return' {result}) ] end @@ -3702,12 +3701,12 @@ module M_bdd__qyi11078426090797403070__v [#"bdd.rs" 497 4 497 46] (* Context<'ar constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) function view'2 (self : UInt64.t) : int = - [%#smodel27] UInt64.to_uint self + [%#smodel27] UInt64.t'int self function leastvar'0 [#"bdd.rs" 242 4 242 28] (self : t_Bdd'0) : int = [%#sbdd25] match self with - | {t_Bdd__0'0 = C_True'0} -> UInt64.to_uint (v_MAX'0 : UInt64.t) + 1 - | {t_Bdd__0'0 = C_False'0} -> UInt64.to_uint (v_MAX'0 : UInt64.t) + 1 + | {t_Bdd__0'0 = C_True'0} -> UInt64.t'int (v_MAX'0 : UInt64.t) + 1 + | {t_Bdd__0'0 = C_False'0} -> UInt64.t'int (v_MAX'0 : UInt64.t) + 1 | {t_Bdd__0'0 = C_If'0 v _ _} -> view'2 v end @@ -3717,7 +3716,7 @@ module M_bdd__qyi11078426090797403070__v [#"bdd.rs" 497 4 497 46] (* Context<'ar | C_False'0 -> true | C_If'0 v childt childf -> childt.t_Bdd__0'0 <> childf.t_Bdd__0'0 /\ is_valid_bdd'0 self childt - /\ is_valid_bdd'0 self childf /\ UInt64.to_uint v < leastvar'0 childt /\ UInt64.to_uint v < leastvar'0 childf + /\ is_valid_bdd'0 self childf /\ UInt64.t'int v < leastvar'0 childt /\ UInt64.t'int v < leastvar'0 childf end type t_Ordering'0 = @@ -3846,7 +3845,7 @@ module M_bdd__qyi11078426090797403070__v [#"bdd.rs" 497 4 497 46] (* Context<'ar axiom inv_axiom'1 [@rewrite] : forall x : borrowed (t_Context'0) [inv'1 x] . inv'1 x = invariant'1 x predicate grows'0 [#"bdd.rs" 299 4 299 35] (self : borrowed (t_Context'0)) = - [%#sbdd22] UInt64.to_uint (self.current).t_Context__cnt'0 <= UInt64.to_uint (self.final).t_Context__cnt'0 + [%#sbdd22] UInt64.t'int (self.current).t_Context__cnt'0 <= UInt64.t'int (self.final).t_Context__cnt'0 /\ (forall n : t_NodeLog'0 . match Map.get (view'0 (self.current).t_Context__hashcons'0) n with | C_Some'0 b -> Map.get (view'0 (self.final).t_Context__hashcons'0) n = C_Some'0 b | C_None'0 -> true @@ -3857,7 +3856,7 @@ module M_bdd__qyi11078426090797403070__v [#"bdd.rs" 497 4 497 46] (* Context<'ar [ return' (result:t_Bdd'0)-> {[%#sbdd5] grows'0 self} {[%#sbdd6] is_valid_bdd'0 self.final result} {[%#sbdd7] forall v : Map.map UInt64.t bool . interp'0 result v} - {[%#sbdd8] UInt64.to_uint (v_MAX'0 : UInt64.t) + 1 = leastvar'0 result} + {[%#sbdd8] UInt64.t'int (v_MAX'0 : UInt64.t) + 1 = leastvar'0 result} (! return' {result}) ] @@ -3866,20 +3865,20 @@ module M_bdd__qyi11078426090797403070__v [#"bdd.rs" 497 4 497 46] (* Context<'ar [ return' (result:t_Bdd'0)-> {[%#sbdd10] grows'0 self} {[%#sbdd11] is_valid_bdd'0 self.final result} {[%#sbdd12] forall v : Map.map UInt64.t bool . not interp'0 result v} - {[%#sbdd13] UInt64.to_uint (v_MAX'0 : UInt64.t) + 1 = leastvar'0 result} + {[%#sbdd13] UInt64.t'int (v_MAX'0 : UInt64.t) + 1 = leastvar'0 result} (! return' {result}) ] let rec node'0 (self:borrowed (t_Context'0)) (x:UInt64.t) (childt:t_Bdd'0) (childf:t_Bdd'0) (return' (ret:t_Bdd'0))= {[@expl:node 'self' type invariant] [%#sbdd14] inv'1 self} {[@expl:node requires #0] [%#sbdd15] is_valid_bdd'0 self.current childt} {[@expl:node requires #1] [%#sbdd16] is_valid_bdd'0 self.current childf} - {[@expl:node requires #2] [%#sbdd17] UInt64.to_uint x < leastvar'0 childt /\ UInt64.to_uint x < leastvar'0 childf} + {[@expl:node requires #2] [%#sbdd17] UInt64.t'int x < leastvar'0 childt /\ UInt64.t'int x < leastvar'0 childf} any [ return' (result:t_Bdd'0)-> {[%#sbdd18] grows'0 self} {[%#sbdd19] is_valid_bdd'0 self.final result} {[%#sbdd20] forall v : Map.map UInt64.t bool . interp'0 result v = (if Map.get v x then interp'0 childt v else interp'0 childf v)} - {[%#sbdd21] UInt64.to_uint x <= leastvar'0 result} + {[%#sbdd21] UInt64.t'int x <= leastvar'0 result} (! return' {result}) ] @@ -4121,12 +4120,12 @@ module M_bdd__qyi11078426090797403070__not [#"bdd.rs" 509 4 509 56] (* Context<' constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) function view'5 (self : UInt64.t) : int = - [%#smodel37] UInt64.to_uint self + [%#smodel37] UInt64.t'int self function leastvar'0 [#"bdd.rs" 242 4 242 28] (self : t_Bdd'0) : int = [%#sbdd34] match self with - | {t_Bdd__0'0 = C_True'0} -> UInt64.to_uint (v_MAX'0 : UInt64.t) + 1 - | {t_Bdd__0'0 = C_False'0} -> UInt64.to_uint (v_MAX'0 : UInt64.t) + 1 + | {t_Bdd__0'0 = C_True'0} -> UInt64.t'int (v_MAX'0 : UInt64.t) + 1 + | {t_Bdd__0'0 = C_False'0} -> UInt64.t'int (v_MAX'0 : UInt64.t) + 1 | {t_Bdd__0'0 = C_If'0 v _ _} -> view'5 v end @@ -4136,7 +4135,7 @@ module M_bdd__qyi11078426090797403070__not [#"bdd.rs" 509 4 509 56] (* Context<' | C_False'0 -> true | C_If'0 v childt childf -> childt.t_Bdd__0'0 <> childf.t_Bdd__0'0 /\ is_valid_bdd'0 self childt - /\ is_valid_bdd'0 self childf /\ UInt64.to_uint v < leastvar'0 childt /\ UInt64.to_uint v < leastvar'0 childf + /\ is_valid_bdd'0 self childf /\ UInt64.t'int v < leastvar'0 childt /\ UInt64.t'int v < leastvar'0 childf end type t_Ordering'0 = @@ -4259,7 +4258,7 @@ module M_bdd__qyi11078426090797403070__not [#"bdd.rs" 509 4 509 56] (* Context<' axiom inv_axiom'1 [@rewrite] : forall x : borrowed (t_Context'0) [inv'1 x] . inv'1 x = invariant'1 x predicate grows'0 [#"bdd.rs" 299 4 299 35] (self : borrowed (t_Context'0)) = - [%#sbdd32] UInt64.to_uint (self.current).t_Context__cnt'0 <= UInt64.to_uint (self.final).t_Context__cnt'0 + [%#sbdd32] UInt64.t'int (self.current).t_Context__cnt'0 <= UInt64.t'int (self.final).t_Context__cnt'0 /\ (forall n : t_NodeLog'0 . match Map.get (view'3 (self.current).t_Context__hashcons'0) n with | C_Some'1 b -> Map.get (view'3 (self.final).t_Context__hashcons'0) n = C_Some'1 b | C_None'1 -> true @@ -4268,13 +4267,13 @@ module M_bdd__qyi11078426090797403070__not [#"bdd.rs" 509 4 509 56] (* Context<' let rec node'0 (self:borrowed (t_Context'0)) (x:UInt64.t) (childt:t_Bdd'0) (childf:t_Bdd'0) (return' (ret:t_Bdd'0))= {[@expl:node 'self' type invariant] [%#sbdd10] inv'1 self} {[@expl:node requires #0] [%#sbdd11] is_valid_bdd'0 self.current childt} {[@expl:node requires #1] [%#sbdd12] is_valid_bdd'0 self.current childf} - {[@expl:node requires #2] [%#sbdd13] UInt64.to_uint x < leastvar'0 childt /\ UInt64.to_uint x < leastvar'0 childf} + {[@expl:node requires #2] [%#sbdd13] UInt64.t'int x < leastvar'0 childt /\ UInt64.t'int x < leastvar'0 childf} any [ return' (result:t_Bdd'0)-> {[%#sbdd14] grows'0 self} {[%#sbdd15] is_valid_bdd'0 self.final result} {[%#sbdd16] forall v : Map.map UInt64.t bool . interp'0 result v = (if Map.get v x then interp'0 childt v else interp'0 childf v)} - {[%#sbdd17] UInt64.to_uint x <= leastvar'0 result} + {[%#sbdd17] UInt64.t'int x <= leastvar'0 result} (! return' {result}) ] @@ -4283,7 +4282,7 @@ module M_bdd__qyi11078426090797403070__not [#"bdd.rs" 509 4 509 56] (* Context<' [ return' (result:t_Bdd'0)-> {[%#sbdd19] grows'0 self} {[%#sbdd20] is_valid_bdd'0 self.final result} {[%#sbdd21] forall v : Map.map UInt64.t bool . not interp'0 result v} - {[%#sbdd22] UInt64.to_uint (v_MAX'0 : UInt64.t) + 1 = leastvar'0 result} + {[%#sbdd22] UInt64.t'int (v_MAX'0 : UInt64.t) + 1 = leastvar'0 result} (! return' {result}) ] @@ -4292,7 +4291,7 @@ module M_bdd__qyi11078426090797403070__not [#"bdd.rs" 509 4 509 56] (* Context<' [ return' (result:t_Bdd'0)-> {[%#sbdd24] grows'0 self} {[%#sbdd25] is_valid_bdd'0 self.final result} {[%#sbdd26] forall v : Map.map UInt64.t bool . interp'0 result v} - {[%#sbdd27] UInt64.to_uint (v_MAX'0 : UInt64.t) + 1 = leastvar'0 result} + {[%#sbdd27] UInt64.t'int (v_MAX'0 : UInt64.t) + 1 = leastvar'0 result} (! return' {result}) ] @@ -4505,7 +4504,7 @@ module M_bdd__qyi11078426090797403070__and [#"bdd.rs" 533 4 533 72] (* Context<' let%span smodel35 = "../../../creusot-contracts/src/model.rs" 88 8 88 22 let%span smodel36 = "../../../creusot-contracts/src/model.rs" 79 8 79 28 let%span sresolve37 = "../../../creusot-contracts/src/resolve.rs" 54 20 54 34 - let%span snum38 = "../../../creusot-contracts/src/std/num.rs" 52 28 52 33 + let%span snum38 = "../../../creusot-contracts/src/std/num.rs" 54 32 54 37 let%span sord39 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 let%span stuples40 = "../../../creusot-contracts/src/std/tuples.rs" 29 28 29 57 let%span smodel41 = "../../../creusot-contracts/src/model.rs" 106 8 106 22 @@ -4650,12 +4649,12 @@ module M_bdd__qyi11078426090797403070__and [#"bdd.rs" 533 4 533 72] (* Context<' constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) function view'5 (self : UInt64.t) : int = - [%#smodel35] UInt64.to_uint self + [%#smodel35] UInt64.t'int self function leastvar'0 [#"bdd.rs" 242 4 242 28] (self : t_Bdd'0) : int = [%#sbdd32] match self with - | {t_Bdd__0'0 = C_True'0} -> UInt64.to_uint (v_MAX'0 : UInt64.t) + 1 - | {t_Bdd__0'0 = C_False'0} -> UInt64.to_uint (v_MAX'0 : UInt64.t) + 1 + | {t_Bdd__0'0 = C_True'0} -> UInt64.t'int (v_MAX'0 : UInt64.t) + 1 + | {t_Bdd__0'0 = C_False'0} -> UInt64.t'int (v_MAX'0 : UInt64.t) + 1 | {t_Bdd__0'0 = C_If'0 v _ _} -> view'5 v end @@ -4665,7 +4664,7 @@ module M_bdd__qyi11078426090797403070__and [#"bdd.rs" 533 4 533 72] (* Context<' | C_False'0 -> true | C_If'0 v childt childf -> childt.t_Bdd__0'0 <> childf.t_Bdd__0'0 /\ is_valid_bdd'0 self childt - /\ is_valid_bdd'0 self childf /\ UInt64.to_uint v < leastvar'0 childt /\ UInt64.to_uint v < leastvar'0 childf + /\ is_valid_bdd'0 self childf /\ UInt64.t'int v < leastvar'0 childt /\ UInt64.t'int v < leastvar'0 childf end type t_Ordering'0 = @@ -4803,7 +4802,7 @@ module M_bdd__qyi11078426090797403070__and [#"bdd.rs" 533 4 533 72] (* Context<' function deep_model'1 (self : UInt64.t) : int = - [%#snum38] UInt64.to_uint self + [%#snum38] UInt64.t'int self function cmp_log'0 (self : int) (o : int) : t_Ordering'0 = [%#sord39] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 @@ -4853,7 +4852,7 @@ module M_bdd__qyi11078426090797403070__and [#"bdd.rs" 533 4 533 72] (* Context<' predicate grows'0 [#"bdd.rs" 299 4 299 35] (self : borrowed (t_Context'0)) = - [%#sbdd30] UInt64.to_uint (self.current).t_Context__cnt'0 <= UInt64.to_uint (self.final).t_Context__cnt'0 + [%#sbdd30] UInt64.t'int (self.current).t_Context__cnt'0 <= UInt64.t'int (self.final).t_Context__cnt'0 /\ (forall n : t_NodeLog'0 . match Map.get (view'3 (self.current).t_Context__hashcons'0) n with | C_Some'1 b -> Map.get (view'3 (self.final).t_Context__hashcons'0) n = C_Some'1 b | C_None'1 -> true @@ -4862,13 +4861,13 @@ module M_bdd__qyi11078426090797403070__and [#"bdd.rs" 533 4 533 72] (* Context<' let rec node'0 (self:borrowed (t_Context'0)) (x:UInt64.t) (childt:t_Bdd'0) (childf:t_Bdd'0) (return' (ret:t_Bdd'0))= {[@expl:node 'self' type invariant] [%#sbdd13] inv'0 self} {[@expl:node requires #0] [%#sbdd14] is_valid_bdd'0 self.current childt} {[@expl:node requires #1] [%#sbdd15] is_valid_bdd'0 self.current childf} - {[@expl:node requires #2] [%#sbdd16] UInt64.to_uint x < leastvar'0 childt /\ UInt64.to_uint x < leastvar'0 childf} + {[@expl:node requires #2] [%#sbdd16] UInt64.t'int x < leastvar'0 childt /\ UInt64.t'int x < leastvar'0 childf} any [ return' (result:t_Bdd'0)-> {[%#sbdd17] grows'0 self} {[%#sbdd18] is_valid_bdd'0 self.final result} {[%#sbdd19] forall v : Map.map UInt64.t bool . interp'0 result v = (if Map.get v x then interp'0 childt v else interp'0 childf v)} - {[%#sbdd20] UInt64.to_uint x <= leastvar'0 result} + {[%#sbdd20] UInt64.t'int x <= leastvar'0 result} (! return' {result}) ] @@ -4877,7 +4876,7 @@ module M_bdd__qyi11078426090797403070__and [#"bdd.rs" 533 4 533 72] (* Context<' [ return' (result:t_Bdd'0)-> {[%#sbdd22] grows'0 self} {[%#sbdd23] is_valid_bdd'0 self.final result} {[%#sbdd24] forall v : Map.map UInt64.t bool . not interp'0 result v} - {[%#sbdd25] UInt64.to_uint (v_MAX'0 : UInt64.t) + 1 = leastvar'0 result} + {[%#sbdd25] UInt64.t'int (v_MAX'0 : UInt64.t) + 1 = leastvar'0 result} (! return' {result}) ] @@ -5216,12 +5215,12 @@ module M_bdd__hashmap__qyi11648407051195780326__hash__refines [#"bdd.rs" 79 8 79 function hash_log'0 [#"bdd.rs" 85 8 85 48] (x : (t_DeepModelTy'0, t_DeepModelTy'1)) : int = [%#sbdd2] mod (hash_log'1 (let (a, _) = x in a) - + hash_log'2 (let (_, a) = x in a) * 17) (UInt64.to_uint (v_MAX'0 : UInt64.t) + 1) + + hash_log'2 (let (_, a) = x in a) * 17) (UInt64.t'int (v_MAX'0 : UInt64.t) + 1) goal refines : [%#sbdd0] forall self : (t_U'0, t_V'0) . inv'0 self -> inv'0 self - /\ (forall result : UInt64.t . UInt64.to_uint result = hash_log'0 (deep_model'0 self) - -> UInt64.to_uint result = hash_log'0 (deep_model'0 self)) + /\ (forall result : UInt64.t . UInt64.t'int result = hash_log'0 (deep_model'0 self) + -> UInt64.t'int result = hash_log'0 (deep_model'0 self)) end module M_bdd__qyi699402059438633899__hash__refines [#"bdd.rs" 119 4 119 25] (* as hashmap::Hash> *) let%span sbdd0 = "bdd.rs" 119 4 119 25 @@ -5274,16 +5273,16 @@ module M_bdd__qyi699402059438633899__hash__refines [#"bdd.rs" 119 4 119 25] (* < [%#sbdd2] match x with | C_False'1 -> 1 | C_True'1 -> 2 - | C_If'1 v childt childf -> mod (UInt64.to_uint v + UInt64.to_uint childt * 5 - + UInt64.to_uint childf * 7) (UInt64.to_uint (v_MAX'0 : UInt64.t) + 1) + | C_If'1 v childt childf -> mod (UInt64.t'int v + UInt64.t'int childt * 5 + + UInt64.t'int childf * 7) (UInt64.t'int (v_MAX'0 : UInt64.t) + 1) end function deep_model'0 (self : t_Node'0) : t_NodeLog'0 = [%#smodel3] deep_model'1 self goal refines : [%#sbdd0] forall self : t_Node'0 . inv'0 self - -> (forall result : UInt64.t . UInt64.to_uint result = hash_log'0 (view'0 self) - -> UInt64.to_uint result = hash_log'0 (deep_model'0 self)) + -> (forall result : UInt64.t . UInt64.t'int result = hash_log'0 (view'0 self) + -> UInt64.t'int result = hash_log'0 (deep_model'0 self)) end module M_bdd__qyi14323183011761258016__hash__refines [#"bdd.rs" 145 4 145 25] (* as hashmap::Hash> *) let%span sbdd0 = "bdd.rs" 145 4 145 25 @@ -5322,14 +5321,14 @@ module M_bdd__qyi14323183011761258016__hash__refines [#"bdd.rs" 145 4 145 25] (* [%#smodel1] view'1 self function hash_log'0 [#"bdd.rs" 151 4 151 44] (x : UInt64.t) : int = - [%#sbdd2] UInt64.to_uint x + [%#sbdd2] UInt64.t'int x function deep_model'0 (self : t_Bdd'0) : UInt64.t = [%#smodel3] deep_model'1 self goal refines : [%#sbdd0] forall self : t_Bdd'0 . inv'0 self - -> (forall result : UInt64.t . UInt64.to_uint result = hash_log'0 (view'0 self) - -> UInt64.to_uint result = hash_log'0 (deep_model'0 self)) + -> (forall result : UInt64.t . UInt64.t'int result = hash_log'0 (view'0 self) + -> UInt64.t'int result = hash_log'0 (deep_model'0 self)) end module M_bdd__qyi2024536649982164874__assert_receiver_is_total_eq__refines [#"bdd.rs" 93 9 93 11] (* as std::cmp::Eq> *) let%span sbdd0 = "bdd.rs" 93 9 93 11 diff --git a/creusot/tests/should_succeed/binary_search.coma b/creusot/tests/should_succeed/binary_search.coma index bd23b80865..676b31682b 100644 --- a/creusot/tests/should_succeed/binary_search.coma +++ b/creusot/tests/should_succeed/binary_search.coma @@ -111,13 +111,12 @@ module M_binary_search__qyi13868011053250380720__index [#"binary_search.rs" 45 4 meta "compute_max_steps" 1000000 let rec index'0 (self:t_List'0) (ix:UInt64.t) (return' (ret:t_T'0))= {[@expl:index 'self' type invariant] [%#sbinary_search5] inv'0 self} - {[@expl:index requires] [%#sbinary_search6] UInt64.to_uint ix < len_logic'0 self} + {[@expl:index requires] [%#sbinary_search6] UInt64.t'int ix < len_logic'0 self} (! bb0 [ bb0 = s0 [ s0 = [ &orig_ix <- ix ] s1 | s1 = [ &l <- self ] s2 | s2 = bb1 ] | bb1 = bb1 - [ bb1 = {[@expl:loop invariant #0] [%#sbinary_search2] UInt64.to_uint ix < len_logic'0 l} - {[@expl:loop invariant #1] [%#sbinary_search1] get'0 self (UInt64.to_uint orig_ix) - = get'0 l (UInt64.to_uint ix)} + [ bb1 = {[@expl:loop invariant #0] [%#sbinary_search2] UInt64.t'int ix < len_logic'0 l} + {[@expl:loop invariant #1] [%#sbinary_search1] get'0 self (UInt64.t'int orig_ix) = get'0 l (UInt64.t'int ix)} {[@expl:loop invariant #2] [%#sbinary_search0] inv'0 l} (! s0) [ s0 = bb2 ] [ bb2 = any [ br0 (x0:t_T'0) (x1:t_List'0)-> {l = C_Cons'0 x0 x1} (! bb3) | br1 -> {l = C_Nil'0 } (! bb7) ] @@ -150,7 +149,7 @@ module M_binary_search__qyi13868011053250380720__index [#"binary_search.rs" 45 4 | & _18 : t_List'0 = any_l () ] [ return' (result:t_T'0)-> {[@expl:index result type invariant] [%#sbinary_search7] inv'1 result} - {[@expl:index ensures] [%#sbinary_search8] C_Some'0 result = get'0 self (UInt64.to_uint ix)} + {[@expl:index ensures] [%#sbinary_search8] C_Some'0 result = get'0 self (UInt64.t'int ix)} (! return' {result}) ] end @@ -302,7 +301,7 @@ module M_binary_search__qyi13868011053250380720__len [#"binary_search.rs" 67 4 6 (! bb0 [ bb0 = s0 [ s0 = [ &len <- [%#sbinary_search0] (0 : UInt64.t) ] s1 | s1 = [ &l <- self ] s2 | s2 = bb1 ] | bb1 = bb1 - [ bb1 = {[@expl:loop invariant #0] [%#sbinary_search2] UInt64.to_uint len + len_logic'0 l = len_logic'0 self} + [ bb1 = {[@expl:loop invariant #0] [%#sbinary_search2] UInt64.t'int len + len_logic'0 l = len_logic'0 self} {[@expl:loop invariant #1] [%#sbinary_search1] inv'0 l} (! s0) [ s0 = bb2 ] [ bb2 = any [ br0 (x0:t_T'0) (x1:t_List'0)-> {l = C_Cons'0 x0 x1} (! bb3) | br1 -> {l = C_Nil'0 } (! bb5) ] @@ -324,7 +323,7 @@ module M_binary_search__qyi13868011053250380720__len [#"binary_search.rs" 67 4 6 | & ls : t_List'0 = any_l () ] [ return' (result:UInt64.t)-> {[@expl:len ensures #0] [%#sbinary_search6] UInt64.uge result (0 : UInt64.t)} - {[@expl:len ensures #1] [%#sbinary_search7] UInt64.to_uint result = len_logic'0 self} + {[@expl:len ensures #1] [%#sbinary_search7] UInt64.t'int result = len_logic'0 self} (! return' {result}) ] end @@ -473,7 +472,7 @@ module M_binary_search__binary_search [#"binary_search.rs" 111 0 111 72] {[@expl:len requires] [%#sbinary_search16] len_logic'0 self <= 1000000} any [ return' (result:UInt64.t)-> {[%#sbinary_search17] UInt64.uge result (0 : UInt64.t)} - {[%#sbinary_search18] UInt64.to_uint result = len_logic'0 self} + {[%#sbinary_search18] UInt64.t'int result = len_logic'0 self} (! return' {result}) ] @@ -554,10 +553,10 @@ module M_binary_search__binary_search [#"binary_search.rs" 111 0 111 72] axiom inv_axiom'1 [@rewrite] : forall x : UInt32.t [inv'1 x] . inv'1 x = true let rec index'0 (self:t_List'0) (ix:UInt64.t) (return' (ret:UInt32.t))= {[@expl:index 'self' type invariant] [%#sbinary_search22] inv'0 self} - {[@expl:index requires] [%#sbinary_search23] UInt64.to_uint ix < len_logic'0 self} + {[@expl:index requires] [%#sbinary_search23] UInt64.t'int ix < len_logic'0 self} any [ return' (result:UInt32.t)-> {[%#sbinary_search24] inv'1 result} - {[%#sbinary_search25] C_Some'0 result = get'0 self (UInt64.to_uint ix)} + {[%#sbinary_search25] C_Some'0 result = get'0 self (UInt64.t'int ix)} (! return' {result}) ] @@ -586,13 +585,13 @@ module M_binary_search__binary_search [#"binary_search.rs" 111 0 111 72] | bb3 = s0 [ s0 = len'0 {arr} (fun (_ret':UInt64.t) -> [ &size <- _ret' ] s1) | s1 = bb4 ] | bb4 = s0 [ s0 = [ &base <- [%#sbinary_search2] (0 : UInt64.t) ] s1 | s1 = bb5 ] | bb5 = bb5 - [ bb5 = {[@expl:loop invariant #0] [%#sbinary_search5] 0 < UInt64.to_uint size - /\ UInt64.to_uint size + UInt64.to_uint base <= len_logic'0 arr} + [ bb5 = {[@expl:loop invariant #0] [%#sbinary_search5] 0 < UInt64.t'int size + /\ UInt64.t'int size + UInt64.t'int base <= len_logic'0 arr} {[@expl:loop invariant #1] [%#sbinary_search4] forall i : UInt64.t . UInt64.ult i base - -> UInt32.ule (get_default'0 arr (UInt64.to_uint i) (0 : UInt32.t)) elem} - {[@expl:loop invariant #2] [%#sbinary_search3] forall i : UInt64.t . UInt64.to_uint base + UInt64.to_uint size - < UInt64.to_uint i - /\ UInt64.to_uint i < len_logic'0 arr -> UInt32.ult elem (get_default'0 arr (UInt64.to_uint i) (0 : UInt32.t))} + -> UInt32.ule (get_default'0 arr (UInt64.t'int i) (0 : UInt32.t)) elem} + {[@expl:loop invariant #2] [%#sbinary_search3] forall i : UInt64.t . UInt64.t'int base + UInt64.t'int size + < UInt64.t'int i + /\ UInt64.t'int i < len_logic'0 arr -> UInt32.ult elem (get_default'0 arr (UInt64.t'int i) (0 : UInt32.t))} (! s0) [ s0 = bb6 ] [ bb6 = s0 [ s0 = UInt64.gt {size} {[%#sbinary_search6] (1 : UInt64.t)} (fun (_ret':bool) -> [ &_21 <- _ret' ] s1) @@ -665,13 +664,13 @@ module M_binary_search__binary_search [#"binary_search.rs" 111 0 111 72] | & _51 : UInt64.t = any_l () ] [ return' (result:t_Result'0)-> {[@expl:binary_search ensures #0] [%#sbinary_search12] forall x : UInt64.t . result - = C_Ok'0 x -> get'0 arr (UInt64.to_uint x) = C_Some'0 elem} + = C_Ok'0 x -> get'0 arr (UInt64.t'int x) = C_Some'0 elem} {[@expl:binary_search ensures #1] [%#sbinary_search13] forall x : UInt64.t . result = C_Err'0 x - -> (forall i : UInt64.t . 0 <= UInt64.to_uint i /\ UInt64.to_uint i < UInt64.to_uint x - -> UInt32.ule (get_default'0 arr (UInt64.to_uint i) (0 : UInt32.t)) elem)} + -> (forall i : UInt64.t . 0 <= UInt64.t'int i /\ UInt64.t'int i < UInt64.t'int x + -> UInt32.ule (get_default'0 arr (UInt64.t'int i) (0 : UInt32.t)) elem)} {[@expl:binary_search ensures #2] [%#sbinary_search14] forall x : UInt64.t . result = C_Err'0 x - -> (forall i : UInt64.t . UInt64.to_uint x < UInt64.to_uint i /\ UInt64.to_uint i < len_logic'0 arr - -> UInt32.ult elem (get_default'0 arr (UInt64.to_uint i) (0 : UInt32.t)))} + -> (forall i : UInt64.t . UInt64.t'int x < UInt64.t'int i /\ UInt64.t'int i < len_logic'0 arr + -> UInt32.ult elem (get_default'0 arr (UInt64.t'int i) (0 : UInt32.t)))} (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/binary_search/why3session.xml b/creusot/tests/should_succeed/binary_search/why3session.xml index 270d839c99..ac241f693f 100644 --- a/creusot/tests/should_succeed/binary_search/why3session.xml +++ b/creusot/tests/should_succeed/binary_search/why3session.xml @@ -3,7 +3,6 @@ "https://www.why3.org/why3session.dtd"> - @@ -13,17 +12,110 @@ - + - + - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/creusot/tests/should_succeed/binary_search/why3shapes.gz b/creusot/tests/should_succeed/binary_search/why3shapes.gz index cb7a7e2c77a1d753555a519d8d7add82cba1dee4..172e05035654409b87ead9fea989d081a9b30ed1 100644 GIT binary patch literal 2981 zcmV;W3tIFaiwFP!00000|J4~?ZydSpeSXCPeQ?`D0g?JH>;v4OTNx;lhZgg?&}gK~ z0*;+{*O$Bd^`+)}W@k4E?u@vBlV~WCA}M~#fBx&{@ZNunht1FN>9Bu%`1?j}{`!~V zjsNk+{}906$A{hh<4^l=#Yz^~U4}1U{>|>qE95B-f>56Xr@o_gr_*(}kZMVo=o_~sY^If*e z$u==55&VCjp5tw!$bTL`#4NR3N_pEE3S>vK_4kK(N9>7Tper62k?))wG~M6c%}i!V zmu#{*RF_=tvj7 z)p!8y`M=%*PUfA}!zS{`u+I6M8nOYL1_xSd#P2?%(l1 zyzgc^hSYzv``1(S$M|%`7IfLLY`Q-uhKw;VUeaO{9dbd!SE1N!$R!K9Z8hq)+|5BW z74B2xcMW)(BX^3M9cqyDQ{(>)Y{3(uM4aN?A6wXxAyRS@i^K0@3vPI}?ty9^pt21; zR5_cH^XoIIh0_lmtG5eK@0y(F$o!$p1-`B`%Xu>3d~x(7Hw*+n^g&62PO`&&gp30j z_75Ue-F~wsvJd{3-7_KY{Go-tqkvfB<&U2qcOM@=$EV$4|681eGe?p!>o{1V+dxyI z9l{y)-Kgq`LG?n(A$YT?2QsQkbF>rFT;D7}0a){A5QCia*w+=-*A;eBS0K!Nif*yw z^Y|pd0!5Z$H9nyfr92y-Q0h{hi%#hB!b)sHY1+`8-#FUpt#WQD%QW zlRr^Y6j0PJNX#l!=MBDOK`Dg8+5FkW-^o2e3t#3tPF!C0A8)J-;bvfhR0U zVtaB`(87mcqYz-*VO1;w)%&NXK2oXT9(ISvr(>+!jiL?GW=S-gtK5-ZZH~WwjGLi2 zH#<-9)ARl*9*V4&rv*tJ*pS9M$nxM~OsE~gq_OEhZFf@)-<^Lmo4SCsMlVrYK%r#5Kpmw8?i_e4^h884TpZduXza>;lZ^;@-Um~Ov9 z)KXyX53Yx=6-fr68%dY)6Ac~o<1h;}8(mHQbj%*s0^6_NjRUTDFz>xI;0pNd5>W4d z-sf3zQ~kR6Ej~Rq7(M&I-o4F?eBL=s;^&#jT7l5#<%-Y9nGPEL{^8MG8%f%LD zpj)0jZ&wO(ljHjj@wgA0N1Bn-{p06}&{>j((UilNjwtpIb^PT_E*czsmG#o+TTWx{ zYLaAk8={y@Zau6Wf+iuccFgED1FzvbJMHKKvh$2wH3rmmlpDX}*yG$bpS@H~pSDBW z2$I(y_Vub@EuQS%Eq}iE_vsX699^eEy!$F4&K>*$LQRr=T)2Va!p#-)OJ4Y4aY5B@ zwp&*;^H#Cu{+)w=sb=tb&ET1ES{oZi=LOqOyNUMf>zhHzSq1G%ZBgwX{L`;HGTc*m zzljfrXQKb68a~u1=$YP5P9^YmICmn-nRBs?h#jzL>qDOxy05%D6s{&t8uGk6Qv%bh z1hyo0?wZ}l^+mUyrd(J_xp0zlTPL_#q*yqUV)3L!yu6PSvA^nozPdLk>u2!A8GLD) z{Y zJ3mzk6-K)4?TQ^IjH$_NWEptlg44`|61R(YF)@1=6N`5-T)c~kZ+I6Im)^xn$-dHZ zd}cX*&T`Fh9nP0*CYCl61CP12#I_T)f9P*yHAMVrRN-#SKD0M3r#RcrSvo#9Ba_a9 z##>oo(&2Q!9_Ss=oVw>-|8iiqGs7%x*8P^K`PGNetyH&p&HHtJ!V)qUi`(&68A47< z%9n3W&2H{gilNGncb8A-(7$wvy1T^OI7m$_vdZJj>A-14{p&HMG@WqAQ7#aR!Un0O zGR&(g$;4waA*m#TG$N*&!3G>FFw_8vd&@l!6;mi!^j^joO%ky}Lefq->4f7Bi{N9e zc?ztq7-&n(1&<(j;zrXTYzZB#1LHtDP!6O6;eb0p2eic+M%I}kB&)eGLDC;Y1so-X zs$`fdn=t6iNPrW}aqGBoTsy8DmyVMl+;Maq9A^%#L*r08R1T#>;gIA+hv1MEwyJ(7dV>daX?|h`Of#lhMk@PBqD#uud2!v=i!&Ia+Cpbnjf#?SlrLB&n)A+8RY< z7)DKB;`ExXt|G-FGu9%?$jA-J(P`p{6-#U*g_CqNItec$05^ft9akZs0R>=8EvV8Y zL4^`(yOG*S3K{vbVo-6jCdvv@Wn#_g610{<`$}6XqpI2{bPAlJn6plrmlX!1_LMSH z3Q=jYLC|$2LseU<(7}7P(UeD+Q`RZt6lE0Ulypis^^#HncQ$*_Wb{(ZrZ4Eu-X#QERx-(rMu|{|>TMHTtBiPLO1+xTe&O zs)i`EP6{cHX`Mq`tM4Nod6d?eKn8MpL{7e6tE#FLDifHp8*QC7-%~;0jwAbxqt^bQYXtU#pLyPRqQYN|f0XmEQz4SXNn~gO#8Z)~I7GO*pR- zFr4WG3|@;;ybeJk$#11)k^+~hSO<>WLPS;Zv91E6-j?xK=4MiXjg=DAlCUU@QdEjP zHNxER=p&wr|Nr7`(O_=cW#zF#mJ-cS)(1n%=?FBfd{MJk>~w*KFf=q~YQ;>bC5!Zp zG#`PGG!W5T#Y`JYG*_|wzkC59f>c!HvkWvm0}H9b%ICzYqrjR5Mw;O|3q!WDeHl3- zjfRniSGrfKqcpH;Fr3;+q&(vplU)Y_dD6_IW}Y=+5?rk)kcZDaedh6#=FdMwG~rXN zD_wD)G-uq3S|beud1AISPh##q0NM8vPX(GZE1ITjmaWAAQeT#aB!E#&urIxA&^1sTxeJgc zO_O%mzaJD^mK8Vcww!2+q{zpomrpm7<4^nKj+0mSeBA7JUngR6^Etb-i@Ck6(Qe&t zx!pf(>M0ngq4NFR=3OgJEp|7^Z`fUG~mv(8DY=qRm1h zbTG1eJ2%*mRNUX&d29)(L1qy2h3hgbHz+T{ysPMXBT(46eQ>_>+@AK!&F*Am=O7R~ zgcNobKaybxRCYc%`x0!`88vEu-Ey^m*{zRnomX~l2-+XdFRnOu|9$`He5-uaTG7FS zyi3w{dvujujH<#RR@GGkiZTQ|D5;kl6rH!lJshAxqN@%uJdb+?G3*gjRRl~Wcp>P3 zem+1|CP8`i&PkViL7|S+G?1G1q^5z?I+Xm0hwR=ZK#Png^Q)v56Ff*X60{_?Tzzl{EVay?RRd~@}TWcR>SsEG}7IOezRgY zQVnU;XkRt;~cYh>MshSyv&*Q^02 zSVHC~H~~&d))3bS$&}=dp{1~rYqa?U%e)jNFIh=Tk~Owoa|=$oHKS`+ubonuTLF|a z!B=X6CBivcl`>WX6d=h-UgwOVW0tI}L@K~Xvl3~Eq(sdA00?%h(;o@|0O6{S A#Q*>R diff --git a/creusot/tests/should_succeed/bug/173/why3shapes.gz b/creusot/tests/should_succeed/bug/173/why3shapes.gz index 577b4c11db2b567eee96d772a0543c823d09f7c3..53adaaa44301e2d423d761c0eab894f343079d55 100644 GIT binary patch delta 50 zcmV-20L}kzZjeDOOik00Esc$n(vs55Q!ElKO_G6hvZaNoxtUS2agwoup@#t%0GuH- IENTD%08tMW9{>OV delta 51 zcmV-30L=exZ;(MQ5)G5g4N{B^4Ghdo%neOVlF}^9Qj=0G%nTBZQ%#f16bwBKxB!qP Jo*HTZ007!?5hVZs diff --git a/creusot/tests/should_succeed/bug/181_ident.coma b/creusot/tests/should_succeed/bug/181_ident.coma index 4b4e74313e..f0bf89fdb6 100644 --- a/creusot/tests/should_succeed/bug/181_ident.coma +++ b/creusot/tests/should_succeed/bug/181_ident.coma @@ -24,8 +24,8 @@ module M_181_ident__max_usize [#"181_ident.rs" 17 0 17 45] | bb2 = s0 [ s0 = [ &_0 <- a ] s1 | s1 = bb3 ] | bb3 = return' {_0} ] ) [ & _0 : UInt64.t = any_l () | & a : UInt64.t = a | & b : UInt64.t = b | & _4 : bool = any_l () ] - [ return' (result:UInt64.t)-> {[@expl:max_usize ensures] [%#s181_ident0] UInt64.to_uint result - = max_int'0 (UInt64.to_uint a) (UInt64.to_uint b)} + [ return' (result:UInt64.t)-> {[@expl:max_usize ensures] [%#s181_ident0] UInt64.t'int result + = max_int'0 (UInt64.t'int a) (UInt64.t'int b)} (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/bug/181_ident/why3session.xml b/creusot/tests/should_succeed/bug/181_ident/why3session.xml index 7d7e9d21a7..4e74f091c6 100644 --- a/creusot/tests/should_succeed/bug/181_ident/why3session.xml +++ b/creusot/tests/should_succeed/bug/181_ident/why3session.xml @@ -7,7 +7,7 @@ - + diff --git a/creusot/tests/should_succeed/bug/181_ident/why3shapes.gz b/creusot/tests/should_succeed/bug/181_ident/why3shapes.gz index eb0c9336d8a29a246c7a9d8a29cccba4869c0b5e..abc853c8e06e3f76f6170a8977236bac171a9b98 100644 GIT binary patch literal 159 zcmV;Q0AT+giwFP!00000|AkJy4uUWk-1`*WP^NxZtQZ+wi0q~-IY}Ey_>&f+Z!b|K zZccZ(zuYS1?uyAr6FCm>T`@O48cBKq$w z4y}WO+i`c#aod8%8;ls~1E<&weMJ>5b_8ljgUd~yEQb!BZdMz%c&p+DYAfJ6WjudD z>>o%&8__^+=gji^GGyTN3t9_W6YR$Ha-Z*n@PJSX4^p5E`*8H77fdN+o=M~fPx*zB MH~J$Y$Ljz90Bqz&>;M1& diff --git a/creusot/tests/should_succeed/bug/206.coma b/creusot/tests/should_succeed/bug/206.coma index 0ff101a8ed..ab89a7d714 100644 --- a/creusot/tests/should_succeed/bug/206.coma +++ b/creusot/tests/should_succeed/bug/206.coma @@ -37,7 +37,7 @@ module M_206__u2 [#"206.rs" 9 0 9 11] function view'0 (self : t_Vec'0) : Seq.seq UInt64.t - axiom view'0_spec : forall self : t_Vec'0 . [%#svec2] Seq.length (view'0 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) + axiom view'0_spec : forall self : t_Vec'0 . [%#svec2] Seq.length (view'0 self) <= UInt64.t'int (v_MAX'0 : UInt64.t) constant a : t_A'0 @@ -88,7 +88,7 @@ module M_206__ex [#"206.rs" 20 0 20 16] function view'0 (self : t_Vec'0) : Seq.seq UInt64.t - axiom view'0_spec : forall self : t_Vec'0 . [%#svec4] Seq.length (view'0 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) + axiom view'0_spec : forall self : t_Vec'0 . [%#svec4] Seq.length (view'0 self) <= UInt64.t'int (v_MAX'0 : UInt64.t) function u2'0 [#"206.rs" 9 0 9 11] (a : t_A'0) : () = [%#s2063] () diff --git a/creusot/tests/should_succeed/bug/206/why3shapes.gz b/creusot/tests/should_succeed/bug/206/why3shapes.gz index fdd93f280188e6e92dfe2aa3d657553786922f19..f9c79969a21cd80a3ad3a7b91eac2e6dc50b38d1 100644 GIT binary patch literal 142 zcmV;90CE2xiwFP!00000|7DG_3c@fDK==EKY|&2F#EM8ebdfHu;uh}gX#*OIIU@eO zB5rPv_lCEqOrB_#Y>GT`yr->Mn`#Nvc660=(TPfwr^N%3+L)9|*!M?^JD~2DNJAe2 wet`ZB$ZghF_)Y+7?;I2QkvE>b_;Vwxk@>{PNGOeQLp>n80V8~gbd~@B07Du=H2?qr literal 145 zcmb2|=3oGW|Eawj`3@>%KPiMqBn{?6{@)Y;cBb5lx6jIoev#z)T(|=u(-U?R&)n@Ufo3Dtu8+p x|Cv9?E3Ud&&b%NrzgO05ms^PTVx4)fyQ-UmUO9$&t?(=3$UhYP)@BCKB><}NKWP8} diff --git a/creusot/tests/should_succeed/bug/256/why3session.xml b/creusot/tests/should_succeed/bug/256/why3session.xml index 17c9f1bc94..9cc3622275 100644 --- a/creusot/tests/should_succeed/bug/256/why3session.xml +++ b/creusot/tests/should_succeed/bug/256/why3session.xml @@ -7,7 +7,7 @@ - + diff --git a/creusot/tests/should_succeed/bug/256/why3shapes.gz b/creusot/tests/should_succeed/bug/256/why3shapes.gz index da62230e8ee19409fba02e118baaa4e23dcf56ee..b2e3e3c43697c8ed5eb75a4070002760b561a636 100644 GIT binary patch literal 152 zcmV;J0B8RniwFP!00000|2>U83&JoI0QdZgj9Qo1uQZC2gSfeM4X@?}18ozU)T+PU zXu<6`4sMh2a7RypKWGZpjR!7xwq-c?gs3$}r%r8Aix&QP103+FW;;fOVRctL;_h1{ zxuywH7#F9!TWC_jzUjVd4uUWg0QY`HN5!QUXu&u+7&kZ8mxq0gO@ICAZ0VxZ_BHKWGZh4+pMzwq-bXglG4r?!su6#@3GDF+vl}8{SltzmxJyN{ zYn$ks#>KAH${6LgYL%^3QI-OQw6bb#k=M1>TG-t1{Y9`3=47$& HqyPW_0;fgw diff --git a/creusot/tests/should_succeed/bug/271.coma b/creusot/tests/should_succeed/bug/271.coma index 7bfc7fc6fe..6b2b1cb872 100644 --- a/creusot/tests/should_succeed/bug/271.coma +++ b/creusot/tests/should_succeed/bug/271.coma @@ -27,7 +27,7 @@ module M_271__ex2 [#"271.rs" 13 0 13 12] let rec ex2'0 (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &a <- [%#s2710] (0 : Int32.t) ] s1 - | s1 = any [ br0 -> {a = 0} (! bb3) | br1 -> {a = 1} (! bb3) | default -> (! bb1) ] ] + | s1 = any [ br0 -> {a = (0 : Int32.t)} (! bb3) | br1 -> {a = (1 : Int32.t)} (! bb3) | default -> (! bb1) ] ] | bb1 = bb6 | bb3 = bb4 @@ -49,7 +49,12 @@ module M_271__ex3 [#"271.rs" 22 0 22 12] let rec ex3'0 (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &a <- [%#s2710] (0 : Int32.t) ] s1 - | s1 = any [ br0 -> {a = 0} (! bb2) | br1 -> {a = 1} (! bb2) | br2 -> {a = 2} (! bb3) | default -> (! bb1) ] ] + | s1 = any + [ br0 -> {a = (0 : Int32.t)} (! bb2) + | br1 -> {a = (1 : Int32.t)} (! bb2) + | br2 -> {a = (2 : Int32.t)} (! bb3) + | default -> (! bb1) ] + ] | bb1 = bb6 | bb3 = bb5 diff --git a/creusot/tests/should_succeed/bug/387.coma b/creusot/tests/should_succeed/bug/387.coma index 1b1777fcbb..a56751e22e 100644 --- a/creusot/tests/should_succeed/bug/387.coma +++ b/creusot/tests/should_succeed/bug/387.coma @@ -27,7 +27,7 @@ module M_387__qyi16446429885017832241__height [#"387.rs" 18 4 18 31] (* Tree *) let%span scmp2 = "../../../../creusot-contracts/src/std/cmp.rs" 53 26 53 66 let%span scmp3 = "../../../../creusot-contracts/src/std/cmp.rs" 54 26 54 63 let%span scmp4 = "../../../../creusot-contracts/src/std/cmp.rs" 7 0 62 1 - let%span snum5 = "../../../../creusot-contracts/src/std/num.rs" 52 28 52 33 + let%span snum5 = "../../../../creusot-contracts/src/std/num.rs" 54 32 54 37 use prelude.prelude.Int @@ -55,7 +55,7 @@ module M_387__qyi16446429885017832241__height [#"387.rs" 18 4 18 31] (* Tree *) use prelude.prelude.UInt64 function deep_model'0 (self : UInt64.t) : int = - [%#snum5] UInt64.to_uint self + [%#snum5] UInt64.t'int self let rec max'0 (self:UInt64.t) (other:UInt64.t) (return' (ret:UInt64.t))= {[@expl:max 'self' type invariant] inv'0 self} {[@expl:max 'other' type invariant] inv'0 other} diff --git a/creusot/tests/should_succeed/bug/463.coma b/creusot/tests/should_succeed/bug/463.coma index c88c955a20..74c8fd7165 100644 --- a/creusot/tests/should_succeed/bug/463.coma +++ b/creusot/tests/should_succeed/bug/463.coma @@ -15,7 +15,7 @@ module M_463__test [#"463.rs" 3 0 3 13] use prelude.prelude.Borrow - let rec closure0'0 (_1:()) (x:UInt64.t) (return' (ret:UInt64.t))= {[@expl:closure requires] [%#s4633] UInt64.to_uint x + let rec closure0'0 (_1:()) (x:UInt64.t) (return' (ret:UInt64.t))= {[@expl:closure requires] [%#s4633] UInt64.t'int x < 1000} (! bb0 [ bb0 = s0 @@ -25,7 +25,7 @@ module M_463__test [#"463.rs" 3 0 3 13] | s3 = return' {_0} ] ] ) [ & _0 : UInt64.t = any_l () | & x : UInt64.t = x | & res : UInt64.t = any_l () | & res1 : UInt64.t = any_l () ] - [ return' (result:UInt64.t)-> {[@expl:closure ensures] [%#s4634] UInt64.to_uint result = UInt64.to_uint x + 1} + [ return' (result:UInt64.t)-> {[@expl:closure ensures] [%#s4634] UInt64.t'int result = UInt64.t'int x + 1} (! return' {result}) ] @@ -38,7 +38,7 @@ module M_463__test [#"463.rs" 3 0 3 13] | s2 = closure0'0 {c} {let (r'0) = _4 in r'0} (fun (_ret':UInt64.t) -> [ &y <- _ret' ] s3) | s3 = bb1 ] - | bb1 = s0 [ s0 = {[@expl:assertion] [%#s4631] UInt64.to_uint y = 3} s1 | s1 = return' {_0} ] ] + | bb1 = s0 [ s0 = {[@expl:assertion] [%#s4631] UInt64.t'int y = 3} s1 | s1 = return' {_0} ] ] ) [ & _0 : () = any_l () | & c : () = any_l () | & y : UInt64.t = any_l () | & _4 : UInt64.t = any_l () ] [ return' (result:())-> (! return' {result}) ] diff --git a/creusot/tests/should_succeed/bug/463/why3session.xml b/creusot/tests/should_succeed/bug/463/why3session.xml index 7616954322..0f2b07e707 100644 --- a/creusot/tests/should_succeed/bug/463/why3session.xml +++ b/creusot/tests/should_succeed/bug/463/why3session.xml @@ -7,7 +7,7 @@ - + diff --git a/creusot/tests/should_succeed/bug/463/why3shapes.gz b/creusot/tests/should_succeed/bug/463/why3shapes.gz index 0f4581f5e60b09740c3ebf04cc6c0b5d56cf104d..41516cdc715f4a1f67ebb2a6a247e901096ddb37 100644 GIT binary patch literal 227 zcmV<90381xiwFP!00000|7}k_Ps1<}-Tf=P0cE+flQ>i`l%XOMTUP6AUqz(0iRzTL z{Cez!774MvuX}oTzmV~R29ENR53%d_OIgXqgP<20@4Ed+6haFg>2c;6H`(m%A9oU3 z_yHbQblh?dV3uB6RaUb*!F02uvpuG$r8sNv^!#5Dji=rY{fQ4Yc3<42)NKj?tOf6e z@nWYpZo8AIn_qIB@0G{(>e`T5Y7m0VMk!Z2bVXSZ)C@>PZH#k)wQ^eG8wl^A)HV9@ dDVT~~70?*Pnl>SDDu5JH;v3^&Ju^@N004e!YMuZ9 literal 220 zcmV<203-h&iwFP!00000|9y`;55h1Eg!lZ4j64>nZ4y8*z<}t)#u_<^D=Go4NO}Hx z(jr6$#OAyEe6j~49`;yM;8!|_vO3MU;-ewM1vZtrl&1#K`yDuegq;k6Ury$k?UOq0Bc6ax_OxHquvWK zPV>I}_PfN1_43=)>e$5Cv_Oxkop@VFj8-9)wj{Jpbyg^lTx@`eM9WlYhZ&J~)`GPP WREBcu;(~(+CF}*(J!1)D0RRA=qimP} diff --git a/creusot/tests/should_succeed/bug/486.coma b/creusot/tests/should_succeed/bug/486.coma index 33d165be0e..e09621e60e 100644 --- a/creusot/tests/should_succeed/bug/486.coma +++ b/creusot/tests/should_succeed/bug/486.coma @@ -35,7 +35,7 @@ module M_486__test [#"486.rs" 7 0 7 34] | s2 = return' {_0} ] ] ) [ & _0 : () = any_l () | & x : t_HasMutRef'0 = x ] - [ return' (result:())-> {[@expl:test ensures] [%#s4861] UInt32.to_uint (x.t_HasMutRef__0'0).final = 5} + [ return' (result:())-> {[@expl:test ensures] [%#s4861] UInt32.t'int (x.t_HasMutRef__0'0).final = 5} (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/bug/486/why3shapes.gz b/creusot/tests/should_succeed/bug/486/why3shapes.gz index c365110a315d295c1cde6eee697316605e24a57d..875586b02cf7baba4af81a4e674ede0b4ea198c8 100644 GIT binary patch literal 136 zcmV;30C)c%iwFP!00000|253P3c?^92jII;;mx&^o4PFM8ubFZ#&7zMWSb6^MQiHq3g0Q0km8vSyge{nP(_Fp&k(VU(wRFlm9*?6B&L*edXpFH?987a_)%UN qty}#(eko&p2Uz7vJA#Ei8tuGNTEb8EG+4*Gn`B>G+xv)w0001LK0f^b literal 139 zcmV;60CfK!iwFP!00000|25393c@fD0MPxuB3o;xOEKCAuA)ECwOo=52HT`0X~n-6 z1oy{lJ5iprauGY{5>mW~ljsgWSE^~+LagLNq@007D5K%xKu diff --git a/creusot/tests/should_succeed/bug/564/why3shapes.gz b/creusot/tests/should_succeed/bug/564/why3shapes.gz index d68b597a62789c7a0ed44dc71f3982962dc333a2..7046768ba3d74a4475c3c4c7714695741b024b92 100644 GIT binary patch delta 53 zcmV-50LuSfUXU&@nHwirSfnJHCR&)M7#NwRrI=b6nx&)}np&o%S(uq5Dj0eg5T^(L LAO delta 53 zcmV-50LuSfUXU&@8Cja98CY6a8l@&$SQw@xrX?k&m>ZdzCmE+0CZ(jAD;Rnh5T^(L L_dba5aR2}S@`MsD diff --git a/creusot/tests/should_succeed/bug/594/why3shapes.gz b/creusot/tests/should_succeed/bug/594/why3shapes.gz index 8d15a770efd851252ad4f264e4663ba4db698b54..a1f93bab2ba3a03e23b73fb9f29371d45a07cb53 100644 GIT binary patch literal 141 zcmb2|=3oGW|GlRi`Ir=W7!Fvkf3TujOC)NS{s-|kr%t&my*WOA_MY5#;PaWxkDtTL zXa7rnUs-P(?q6rQ`|i!;+xxFG&(*%Ar8QeYadLtfr?c_2iB8fjb}k$M8= z_YPBDulDjafBe1Po{v**c{-*o`TezhFFU5x7$rQA0enP7!a7hGNr#v~$>j`5O`8>j vR(0_X7IUxe$kv5=c>h1SFon&+qYydQKEn{zSQwi&8hiQyDv446y8r+HWF {[@expl:omg ensures] [%#s6530] UInt64.to_uint result - = div (UInt64.to_uint n * (UInt64.to_uint n + 1)) 2} + [ return' (result:UInt64.t)-> {[@expl:omg ensures] [%#s6530] UInt64.t'int result + = div (UInt64.t'int n * (UInt64.t'int n + 1)) 2} (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/bug/682.coma b/creusot/tests/should_succeed/bug/682.coma index e8ed6bce64..6ce9eee4c8 100644 --- a/creusot/tests/should_succeed/bug/682.coma +++ b/creusot/tests/should_succeed/bug/682.coma @@ -92,7 +92,7 @@ module M_682__add_some [#"682.rs" 6 0 6 24] meta "compute_max_steps" 1000000 - let rec add_some'0 (a:borrowed UInt64.t) (return' (ret:()))= {[@expl:add_some requires] [%#s6821] UInt64.ule a.current (div (v_MAX'0 : UInt64.t) (2 : UInt64.t))} + let rec add_some'0 (a:borrowed UInt64.t) (return' (ret:()))= {[@expl:add_some requires] [%#s6821] UInt64.ule a.current (UInt64.udiv (v_MAX'0 : UInt64.t) (2 : UInt64.t))} (! bb0 [ bb0 = s0 [ s0 = UInt64.add {a.current} {[%#s6820] (1 : UInt64.t)} @@ -194,7 +194,7 @@ module M_682__foo [#"682.rs" 12 0 12 23] axiom cmp_le_log'0_spec : forall x : UInt64.t, y : UInt64.t . [%#sord7] UInt64.ule x y = (cmp_log'0 x y <> C_Greater'0) - let rec add_some'0 (a:borrowed UInt64.t) (return' (ret:()))= {[@expl:add_some requires] [%#s6824] UInt64.ule a.current (div (v_MAX'0 : UInt64.t) (2 : UInt64.t))} + let rec add_some'0 (a:borrowed UInt64.t) (return' (ret:()))= {[@expl:add_some requires] [%#s6824] UInt64.ule a.current (UInt64.udiv (v_MAX'0 : UInt64.t) (2 : UInt64.t))} any [ return' (result:())-> {[%#s6825] UInt64.ugt a.final a.current} (! return' {result}) ] predicate resolve'1 (self : borrowed UInt64.t) = diff --git a/creusot/tests/should_succeed/bug/682/why3session.xml b/creusot/tests/should_succeed/bug/682/why3session.xml index f21977ed1c..ab3ae8c4bf 100644 --- a/creusot/tests/should_succeed/bug/682/why3session.xml +++ b/creusot/tests/should_succeed/bug/682/why3session.xml @@ -6,13 +6,13 @@ - - + + - - + + diff --git a/creusot/tests/should_succeed/bug/682/why3shapes.gz b/creusot/tests/should_succeed/bug/682/why3shapes.gz index 2821fcbf164e7db4fd3a1574b282d21ac577be23..8e33bf6a4fecae30a110ffff86f2206c55a5120b 100644 GIT binary patch literal 430 zcmV;f0a5-RiwFP!00000|AmrGbDJ;_hVT3eZZzpdD*&MyF@r_tox7Z*Kke8y=|jPh{G%so(jLe|zKM3iJITtD2{PX{G`1 zvxj4kRltt8a$qx;gqmB)M{3)EJ0BLO zqsYQ^;RJUs<1DM7floU+V*k{Qc;kJZYeNmEGsbCVtH048h8U-am%n(F$Z zJmD$(wEh~f+`b3x58cmf_`v^M&w6-3&akX&GFa33|GRVY<+h$vX2Gv^H+;p*R>O_w zAtR8fh+;}%D|y01$P>;P%X66)D12ZlRf&pKq@)rmR9t~#o&el#F$6A)9f?Hnl?&M@j^=A;xeeo18vtIXj%aQJcH7mhij?xeF+(5}a?^aPhYPi`&E7X1TR)oW!wt zFF%smpejbE^YGRDwERb{az<)7EuHri!PE8e_RFwemmaNhd*)1HS}|sHm!e29H+d(O z6;|m&XIZK+MJq+Yq9%T zsEle35QcHx;RVkdoIvjL^16O&SRQ}B!EZ?jP*U>R88#eUVhp8o65HHaVrz{?MLmL- iR&yjv#rT|Adl3@j$Of00lmA4zXLtj!r}B@X0002@<2x?^ diff --git a/creusot/tests/should_succeed/bug/874.coma b/creusot/tests/should_succeed/bug/874.coma index adac53f920..313d58e258 100644 --- a/creusot/tests/should_succeed/bug/874.coma +++ b/creusot/tests/should_succeed/bug/874.coma @@ -75,14 +75,14 @@ module M_874__can_extend [#"874.rs" 4 0 4 19] function view'0 (self : t_Vec'0) : Seq.seq Int32.t - axiom view'0_spec : forall self : t_Vec'0 . [%#svec16] Seq.length (view'0 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) + axiom view'0_spec : forall self : t_Vec'0 . [%#svec16] Seq.length (view'0 self) <= UInt64.t'int (v_MAX'0 : UInt64.t) use prelude.prelude.Slice64 function view'3 (self : slice Int32.t) : Seq.seq Int32.t axiom view'3_spec : forall self : slice Int32.t . ([%#sslice23] Seq.length (view'3 self) - <= UInt64.to_uint (v_MAX'0 : UInt64.t)) + <= UInt64.t'int (v_MAX'0 : UInt64.t)) && ([%#sslice24] view'3 self = Slice64.id self) function view'1 (self : slice Int32.t) : Seq.seq Int32.t = diff --git a/creusot/tests/should_succeed/bug/874/why3session.xml b/creusot/tests/should_succeed/bug/874/why3session.xml index 25610764e1..5e6220a73e 100644 --- a/creusot/tests/should_succeed/bug/874/why3session.xml +++ b/creusot/tests/should_succeed/bug/874/why3session.xml @@ -7,7 +7,7 @@ - + diff --git a/creusot/tests/should_succeed/bug/874/why3shapes.gz b/creusot/tests/should_succeed/bug/874/why3shapes.gz index fd298a922b0ae429c7983e94273c91395901ace4..e8a1c9b41cbd51bf240f7b7fd4be6519b850a6a9 100644 GIT binary patch literal 441 zcmV;q0Y?5GiwFP!00000|80{`bDJ;_#qWFyZcdYnR{wxbeBe+T&7%kf z#hHHlu53hYIk%^uw7k_m@$i_>?`Cv!esa^?4gL3A=8xYp|HpLwX+tz=qKFJMG*M*c zd20@?fAjC=)VWVQM~&Zfy*H=*&-&MfG@036wwPw7Yc;FWny``7ELK$WCW^?I7EKh9 zaV?uDA``l3qR7lR4ef_@Gd5V7rzc%$!1n3xdIQK8unb4TEv^qTFlb74%j76D^)lE1*MYc$pOIKuBYSgx1>zoYD^kQPPZ6~&MPO-)5H?pWLm1L! zLCwoBO~a>aH^<)^1nz05G)1GUkx+`n*pF#)z1I{i?Qk3q&SM!luQA_Y-+4Ff$6@xt zqrj?qi70&T65!=*h?mkIH)WGMSJm06^~6>NS7>Zvz0C3=IKI0zd>w z0EjS^8)vaP^VM1WcjkA_Jay)G2_i}pL=+Ot&d+jx{-d+3lGJflNGAximE{shVOuJ# jVYZa7FFAk$qAFFYLP;eQS4>d_ie&!)S?W&T7X$zR`{&S6 literal 442 zcmV;r0Y&~FiwFP!00000|80{olbbLQg?oMl9m!pzT?rvFaX}GAF4FF#^XP=;j)@Hf zbiT>I&&Wo^malt!tL16;!I!6ec{7t+^0S+lejL8#GJpD-`9G!~&IKdZMiChhv{7W{ z`_3HQ@ao^pxpyB0BQ$07X*ELcL;5>t~S7JBkt%ILS|)ScIMUj4U~^a*fK@jiWH&cDFTZrViww)D??b) z^#RSxIM3sU>x$EFf|5WH)P$nBT?rzgF!p_(-QWp%W9)dEj?TL-RCyRSgzVjXn8w8i zkBShRHKOpkYk=3YAzs8EcWtw~bT#qwTh-?myql(q0f5|Z-CFYylr*ezT-r)0Wi5iU kwpKOc3Q=}BfCi>(t#qZOF165HqXx~gfBiky!5IVq0FWfq<^TWy diff --git a/creusot/tests/should_succeed/bug/922/why3shapes.gz b/creusot/tests/should_succeed/bug/922/why3shapes.gz index 213b75be307f91c9f1acb2711615621f265452e6..71591a019f31c2339b6c0ca971e09059283ab659 100644 GIT binary patch literal 293 zcmV+=0owi_iwFP!00000|GkmHPlGTN#_#+U+@?GAwWUy#9Sn)l#G~nTd9J{Ii_rSvX|H7`@X(kzTPau<_&AxgnR3nyejWP5iV~7Twzu@S9R7bw(qES&e^h6 zpdx&=?K(FXWPV*{qwKHngw8fqv9}9`FT1+1bR3FI(>}AwODq)NkfW#Exi9+r@=H(f ziRZzez;5gIV?8v~S2BR4zJmj3r@me%M@^ix12(zGl_wjGsfvFZ+7k~Y%Ir4i4b2a*9FthC1zp!2$+6*vaoJte~6N&~!rZpH&P>PH& rBX|gpBp}G7)p3LofFwd}xL_uxv6ez7G@;%^|J(ElcvALKCj$Tgm-LIu literal 293 zcmV+=0owi_iwFP!00000|GkmTPQx$|gztHZ+zLH;ZRZcE2NVf`#1Z*gIrbVN(j;=y zM!Y>vnvxXK!UtcgX_HX>6Q{{ibLfkD1 zV9F(F`}G|g%!Z^*RS60E%$YgIZQmLBPnbE_WO25=wf=oPPP~Hi+JuPC<4_1BgaCX)- z_C^JppWaHI7JZ%F$=>#P%y`J2RE2$5E`w0Bia9vcrxqF=@bJ^d@ps;K>$jDaI!aCS z1qll4)`$1=FeewzHS^N>vd+S`0nVhmQVL4Z{|~fZ_Zf8ACqVlf-|4u?u9zcImS))#}HLcCi&Cq4&d<*v*?8)E4 z|ErVQ&f#@@-Gl`<9nb9Tg4@N`EVafRGM52%s%_Eseq9}Ol%gz2&PWGHTGA{85YF5tcY6l9>n3aVV2{xZBAXSoAdy_P$SJ&xOEe m6x@hKE8=lNIU$_5JmwJ(IpYEMxyKRZuJap=%>KYU1pok6pb^0U literal 548 zcmV+<0^9u`iwFP!00000|CLnRj?*v@eeYNFt*{6w(P5SO&|xw~OvO=GAfK2q&_G z1#ShysxOM9P%n8(7{s_m%(7-e*lc>ij&>LHi+JipB!cCEBF9{wRv=vA8tg@ONnf@3 zFPYh(BfMEYKJ|4W9ehY0RV7!t*2gUtvLdEGmL962EbHzk!2zbKYP%^#`!flz44pVO z14J0vfyJ0uM|NPm<3T2)O|cOhqdJt#t5!ChUMGDZfZ@B*9XKh(k3=Llo#t5*J~h4E z-Kb#m<6Ft&qOY@C+1Wl184t-l2Bc z8UQSmI`sARS%Xl(W}>D37rdwaqdArPcM_3OAG?!EYITy0X>CGo`ZgiwJG|dgPyQDE zU!B-?j;`bDCd|0;aAt28+|9OTt~KnCxeT~hO+&V`Re8`+MzRo{nSgLQdlM8;k*h;L ziyDb&&|oS2Q7kZS)-$od-rey%h{yK}f@onPiFxoA3nslVgXa|eYy;1syI${IZ|{5H mpyL5^mf&(=9DswvH+;=Q9&n#~+~tIFXYm^)I}ols1polGF9zcP diff --git a/creusot/tests/should_succeed/bug/991.coma b/creusot/tests/should_succeed/bug/991.coma index 37ccd8c808..bf01ff00c7 100644 --- a/creusot/tests/should_succeed/bug/991.coma +++ b/creusot/tests/should_succeed/bug/991.coma @@ -42,7 +42,7 @@ module M_991__qyi6256438357931963096__love_and_hope [#"991.rs" 22 4 22 27] (* Fo function view'2 (self : t_Vec'0) : Seq.seq UInt64.t - axiom view'2_spec : forall self : t_Vec'0 . [%#svec3] Seq.length (view'2 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) + axiom view'2_spec : forall self : t_Vec'0 . [%#svec3] Seq.length (view'2 self) <= UInt64.t'int (v_MAX'0 : UInt64.t) function view'1 [#"991.rs" 15 4 15 33] (self : t_Formula'0) : (Seq.seq UInt64.t, bool) = [%#s9912] (view'2 self.t_Formula__vec'0, self.t_Formula__b'0) diff --git a/creusot/tests/should_succeed/bug/box_borrow_resolve/why3shapes.gz b/creusot/tests/should_succeed/bug/box_borrow_resolve/why3shapes.gz index ebf068a3d7cc65a7a8a5da049ae44f69b7611e65..02feff32135edbaea3d697f3f5e071cb24916b2b 100644 GIT binary patch literal 175 zcmV;g08sxQiwFP!00000|BcX14uUWc1>k*8(H+Wa+VUeNZjD}mEt!@;L;faQ#E*E0? zI~MPFTH%O}ylqAb#9U9Nsyl3Qz^D5t_)_ZsQ%e;b*n&R{1n56mi*?o0zaIk9z(>9=wt!?mCtmBw0gV;yuCs;<^@Kjx4}bmFmS^g^tD z$M}x@3P-Z+OgnLabL~yt^wj1+Pxn#qrK0~&Emf$Q+4~XP4dcCd{X+r}6+oOxJb-urDs-GwKLG#$As13; diff --git a/creusot/tests/should_succeed/bug/final_borrows.coma b/creusot/tests/should_succeed/bug/final_borrows.coma index 2ea27a8f6a..dfc02940ce 100644 --- a/creusot/tests/should_succeed/bug/final_borrows.coma +++ b/creusot/tests/should_succeed/bug/final_borrows.coma @@ -2001,7 +2001,7 @@ module M_final_borrows__index_mut_slice [#"final_borrows.rs" 208 0 208 48] function view'1 (self : slice t_T'0) : Seq.seq t_T'0 axiom view'1_spec : forall self : slice t_T'0 . ([%#sslice9] Seq.length (view'1 self) - <= UInt64.to_uint (v_MAX'0 : UInt64.t)) + <= UInt64.t'int (v_MAX'0 : UInt64.t)) && ([%#sslice10] view'1 self = Slice64.id self) use seq.Seq @@ -2057,7 +2057,7 @@ module M_final_borrows__index_mut_slice [#"final_borrows.rs" 208 0 208 48] (! bb0 [ bb0 = s0 [ s0 = [ &_6 <- [%#sfinal_borrows0] (12 : UInt64.t) ] s1 - | s1 = [ &_7 <- Slice.length v.current ] s2 + | s1 = [ &_7 <- Slice64.length v.current ] s2 | s2 = UInt64.lt {_6} {_7} (fun (_ret':bool) -> [ &_8 <- _ret' ] s3) | s3 = {[@expl:index in bounds] [%#sfinal_borrows1] _8} s4 | s4 = bb1 ] @@ -2201,7 +2201,7 @@ module M_final_borrows__index_mut_array [#"final_borrows.rs" 214 0 214 52] use seq.Seq function index_logic'0 [@inline:trivial] (self : array t_T'0) (ix : UInt64.t) : t_T'0 = - [%#sops7] Seq.get (Slice64.id self) (UInt64.to_uint ix) + [%#sops7] Seq.get (Slice64.id self) (UInt64.t'int ix) meta "compute_max_steps" 1000000 @@ -2210,7 +2210,7 @@ module M_final_borrows__index_mut_array [#"final_borrows.rs" 214 0 214 52] (! bb0 [ bb0 = s0 [ s0 = [ &_6 <- [%#sfinal_borrows0] (12 : UInt64.t) ] s1 - | s1 = [ &_7 <- Slice.length v.current ] s2 + | s1 = [ &_7 <- Slice64.length v.current ] s2 | s2 = UInt64.lt {_6} {_7} (fun (_ret':bool) -> [ &_8 <- _ret' ] s3) | s3 = {[@expl:index in bounds] [%#sfinal_borrows1] _8} s4 | s4 = bb1 ] diff --git a/creusot/tests/should_succeed/bug/two_phase.coma b/creusot/tests/should_succeed/bug/two_phase.coma index d201302f31..5701515a5a 100644 --- a/creusot/tests/should_succeed/bug/two_phase.coma +++ b/creusot/tests/should_succeed/bug/two_phase.coma @@ -45,15 +45,13 @@ module M_two_phase__test [#"two_phase.rs" 6 0 6 31] function view'2 (self : t_Vec'0) : Seq.seq UInt64.t - axiom view'2_spec : forall self : t_Vec'0 . [%#svec6] Seq.length (view'2 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) + axiom view'2_spec : forall self : t_Vec'0 . [%#svec6] Seq.length (view'2 self) <= UInt64.t'int (v_MAX'0 : UInt64.t) function view'1 (self : t_Vec'0) : Seq.seq UInt64.t = [%#smodel5] view'2 self let rec len'0 (self:t_Vec'0) (return' (ret:UInt64.t))= {[@expl:len 'self' type invariant] inv'0 self} - any - [ return' (result:UInt64.t)-> {[%#svec1] UInt64.to_uint result = Seq.length (view'1 self)} (! return' {result}) ] - + any [ return' (result:UInt64.t)-> {[%#svec1] UInt64.t'int result = Seq.length (view'1 self)} (! return' {result}) ] predicate inv'1 (_1 : borrowed (t_Vec'0)) @@ -103,7 +101,7 @@ module M_two_phase__test [#"two_phase.rs" 6 0 6 31] | & _4 : borrowed (t_Vec'0) = any_l () | & _5 : UInt64.t = any_l () ] - [ return' (result:())-> {[@expl:test ensures] [%#stwo_phase0] UInt64.to_uint (index_logic'0 v.final (Seq.length (view'0 v))) + [ return' (result:())-> {[@expl:test ensures] [%#stwo_phase0] UInt64.t'int (index_logic'0 v.final (Seq.length (view'0 v))) = Seq.length (view'0 v)} (! return' {result}) ] diff --git a/creusot/tests/should_succeed/bug/two_phase/why3shapes.gz b/creusot/tests/should_succeed/bug/two_phase/why3shapes.gz index 832d7cf75d8249abe10e426e9a2a26681568ea1f..f2d182162e27ce04eb16208e1d91b37be98ade32 100644 GIT binary patch literal 258 zcmV+d0sa0TiwFP!00000|Amn;bAvDpg?Il7Hm8|vz!Z96$l@bIS6??yfFQmSJ2ft8 z|9z7dx5;(L_N05C^mJOSqiGLEoT3@sq^)_1vS|H4{2OR9Q>K^JUA-CbN|$SGhlwq5vZ1lo7!(0G-eJp=ms0;+7g1YHEbi|oQdD!U2G z|J?Ft7Q5<5f`_C3tiL}%NdCzCylFAbi=yBNal^6%a^Stl1&S;ZRazxgT=9yLFU2jj I(76Es01q5~8vp>x9CQp^MKQSbc0cHBnL@sa+g5 zg>O#_asM1cw{fzje2 z6NW?d)!w=YWA(Ot&zMReH$o+mdcw?A5(LUKYh8n1Rqs1nXAD~Fpf~bn6Z>DUAmHHp z5s%2)hu{y`WZMsup9k3HiN8jm-iLrL8hP||7^@R#isck_68tW*x}0Q+ zo4EYqSAWykRYwur?&5d#`v*c8uQ|t7$fjjb2w2EP&KdCMr(!MITGCugJ=a2W&BzZN Kk!Ewh0RRBcK73;U diff --git a/creusot/tests/should_succeed/cell/01.coma b/creusot/tests/should_succeed/cell/01.coma index 573049ee9a..f30e64f2fd 100644 --- a/creusot/tests/should_succeed/cell/01.coma +++ b/creusot/tests/should_succeed/cell/01.coma @@ -34,7 +34,7 @@ module M_01__adds_two [#"01.rs" 40 0 40 36] axiom inv_axiom'1 [@rewrite] : forall x : UInt32.t [inv'1 x] . inv'1 x = true predicate inv'2 [#"01.rs" 35 4 35 26] (x : UInt32.t) = - [%#s019] mod x (2 : UInt32.t) = (0 : UInt32.t) + [%#s019] UInt32.urem x (2 : UInt32.t) = (0 : UInt32.t) let rec get'0 (self:t_Cell'0) (return' (ret:UInt32.t))= {[@expl:get 'self' type invariant] [%#s013] inv'0 self} any [ return' (result:UInt32.t)-> {[%#s014] inv'1 result} {[%#s015] inv'2 result} (! return' {result}) ] diff --git a/creusot/tests/should_succeed/cell/01/why3session.xml b/creusot/tests/should_succeed/cell/01/why3session.xml index 48b96b12e9..301e8f8624 100644 --- a/creusot/tests/should_succeed/cell/01/why3session.xml +++ b/creusot/tests/should_succeed/cell/01/why3session.xml @@ -7,7 +7,7 @@ - + diff --git a/creusot/tests/should_succeed/cell/01/why3shapes.gz b/creusot/tests/should_succeed/cell/01/why3shapes.gz index 99b9bee6604b7aff518737fc4e286a640884996e..a74a45e9487bcc7d620b63bdbe5af53574ffeecf 100644 GIT binary patch literal 251 zcmV z`b)2e{z9X6%@2iimE*@aQCtWtUl-j(TrofrTNn7L4dZOe=XbhxS0U{->z0vKj8Iv% z-YApT49Vy?_;0;joG}YR7?T&`@yX1NeJ_FUni+t zU#?tVF27!qm{&Wzv*jOzoJ?5=agQR1O>vA%Km=rh8P1`EV@`R>(l7<`0j&5(Ttfi> E00`z)6951J diff --git a/creusot/tests/should_succeed/cell/02.coma b/creusot/tests/should_succeed/cell/02.coma index 08739fd5ce..13f0380769 100644 --- a/creusot/tests/should_succeed/cell/02.coma +++ b/creusot/tests/should_succeed/cell/02.coma @@ -148,13 +148,13 @@ module M_02__fib_memo [#"02.rs" 95 0 95 50] function view'1 (self : t_Vec'0) : Seq.seq (t_Cell'0) - axiom view'1_spec : forall self : t_Vec'0 . [%#svec34] Seq.length (view'1 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) + axiom view'1_spec : forall self : t_Vec'0 . [%#svec34] Seq.length (view'1 self) <= UInt64.t'int (v_MAX'0 : UInt64.t) function view'0 (self : t_Vec'0) : Seq.seq (t_Cell'0) = [%#smodel29] view'1 self predicate in_bounds'0 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq (t_Cell'0)) = - [%#sslice30] UInt64.to_uint self < Seq.length seq + [%#sslice30] UInt64.t'int self < Seq.length seq predicate inv'2 (_1 : t_Cell'0) @@ -163,7 +163,7 @@ module M_02__fib_memo [#"02.rs" 95 0 95 50] use seq.Seq predicate has_value'0 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq (t_Cell'0)) (out : t_Cell'0) = - [%#sslice31] Seq.get seq (UInt64.to_uint self) = out + [%#sslice31] Seq.get seq (UInt64.t'int self) = out let rec index'0 (self:t_Vec'0) (index:UInt64.t) (return' (ret:t_Cell'0))= {[@expl:index 'self' type invariant] inv'0 self} {[@expl:index 'index' type invariant] inv'1 index} @@ -186,7 +186,7 @@ module M_02__fib_memo [#"02.rs" 95 0 95 50] predicate inv'4 [#"02.rs" 70 4 70 43] (self : t_Fib'0) (v : t_Option'0) = [%#s0232] match v with | C_None'0 -> true - | C_Some'0 i -> UInt64.to_uint i = fib'0 (UInt64.to_uint self.t_Fib__ix'0) + | C_Some'0 i -> UInt64.t'int i = fib'0 (UInt64.t'int self.t_Fib__ix'0) end let rec get'0 (self:t_Cell'0) (return' (ret:t_Option'0))= {[@expl:get 'self' type invariant] [%#s0215] inv'2 self} @@ -205,8 +205,7 @@ module M_02__fib_memo [#"02.rs" 95 0 95 50] function lemma_max_int'0 [#"02.rs" 62 0 62 22] (_1 : ()) : () - axiom lemma_max_int'0_spec : forall _1 : () . [%#s0218] Power.power 2 63 - < UInt64.to_uint (18446744073709551615 : UInt64.t) + axiom lemma_max_int'0_spec : forall _1 : () . [%#s0218] Power.power 2 63 < 18446744073709551615 use prelude.prelude.Snapshot @@ -239,13 +238,13 @@ module M_02__fib_memo [#"02.rs" 95 0 95 50] [%#sops33] Seq.get (view'1 self) ix predicate fib_cell'0 [#"02.rs" 84 0 84 32] (v : t_Vec'0) = - [%#s0228] forall i : int . UInt64.to_uint ((index_logic'0 v i).t_Cell__ghost_inv'0).t_Fib__ix'0 = i + [%#s0228] forall i : int . UInt64.t'int ((index_logic'0 v i).t_Cell__ghost_inv'0).t_Fib__ix'0 = i meta "compute_max_steps" 1000000 let rec fib_memo'0 (mem:t_Vec'0) (i:UInt64.t) (return' (ret:UInt64.t))= {[@expl:fib_memo requires #0] [%#s029] fib_cell'0 mem} - {[@expl:fib_memo requires #1] [%#s0210] UInt64.to_uint i < Seq.length (view'0 mem)} - {[@expl:fib_memo requires #2] [%#s0211] UInt64.to_uint i <= 63} + {[@expl:fib_memo requires #1] [%#s0210] UInt64.t'int i < Seq.length (view'0 mem)} + {[@expl:fib_memo requires #2] [%#s0211] UInt64.t'int i <= 63} (! bb0 [ bb0 = s0 [ s0 = index'0 {mem} {i} (fun (_ret':t_Cell'0) -> [ &_9 <- _ret' ] s1) | s1 = bb1 ] | bb1 = s0 [ s0 = get'0 {_9} (fun (_ret':t_Option'0) -> [ &_7 <- _ret' ] s1) | s1 = bb2 ] @@ -277,7 +276,7 @@ module M_02__fib_memo [#"02.rs" 95 0 95 50] | bb14 = s0 [ s0 = UInt64.add {_23} {_27} (fun (_ret':UInt64.t) -> [ &fib_i <- _ret' ] s1) | s1 = bb15 ] | bb15 = bb16 | bb16 = s0 - [ s0 = {[@expl:assertion] [%#s028] UInt64.to_uint fib_i = fib'0 (UInt64.to_uint i)} s1 + [ s0 = {[@expl:assertion] [%#s028] UInt64.t'int fib_i = fib'0 (UInt64.t'int i)} s1 | s1 = index'0 {mem} {i} (fun (_ret':t_Cell'0) -> [ &_35 <- _ret' ] s2) | s2 = bb17 ] @@ -308,7 +307,7 @@ module M_02__fib_memo [#"02.rs" 95 0 95 50] | & _35 : t_Cell'0 = any_l () | & _38 : t_Option'0 = any_l () ] - [ return' (result:UInt64.t)-> {[@expl:fib_memo ensures] [%#s0212] UInt64.to_uint result = fib'0 (UInt64.to_uint i)} + [ return' (result:UInt64.t)-> {[@expl:fib_memo ensures] [%#s0212] UInt64.t'int result = fib'0 (UInt64.t'int i)} (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/cell/02/why3session.xml b/creusot/tests/should_succeed/cell/02/why3session.xml index a5081d987f..5437116074 100644 --- a/creusot/tests/should_succeed/cell/02/why3session.xml +++ b/creusot/tests/should_succeed/cell/02/why3session.xml @@ -21,80 +21,80 @@ - + - + - + - + - - + + - + - + - + - - + + - + - + - + - - + + - + - + - + - + - + - + - + - + - + - + - + diff --git a/creusot/tests/should_succeed/cell/02/why3shapes.gz b/creusot/tests/should_succeed/cell/02/why3shapes.gz index 9413f1e741426459a76f4b170da4a42befa63ed2..54f018f465a1588f20c2ccd92ea637acf683e97c 100644 GIT binary patch literal 2014 zcmV<42O;<$iwFP!00000|K(R(ZyUQ2e&1iQKp)(mAOMGV7I6XfAO-`p$wLnoeG_<% z1;~bU8dUNe=)24n%_nXCf_4iuVzx}OR zEZjTy)-3{ci}zs+033b*pYUyz0%*qd(c-Zli! zAJ!C~E{hD&-jxNpYHjyt-NN0jzoh%(#)pHn^J3U(pC+8^zgy|Q+%nzVxH+Dm`}J-W zdlY(tN{>+KY%&W2DxLJROUdI~N!DPn{G3F4}lILmdT(A-1?8udtNaD%!(cDKt!&=u4gKlB-F)K#@lb7Kbo z8q;qZ+%BLYEtiOSlWs~BUE&r;2^}^shh2=Z>Pph?ELJgntuHodnJ?p}O(-FE&vW@A48e7)Xm=Us%I%0csTSi0ZmAJ;21U1Zz!yh~iS2;?qTT|ak=(|s8B z+r{p4D$7sq9}}7ty1c!pB8&(Yx_XgV1*JqwUd1V~R~p-=X0uhVw#v4?EJLj>O~ zlXEc^bN_6pko$N}1kByIuk#(Aonu3`JD05Jg3IF)wlVwAC9wDrY2-!LdGU!a4v%h8=wYXx<@g@ zHS6w|d3zz_j_Ehr2er@Q>?D{^eK37r4nFrp8eChYFDH(jN}h7-DPLNbTOyRSU}kWv6%1KTJ_<1oQ;U$1qb&g)^ARX*f>np}{T=Q5=)UZ8qtCi|>5n#@zRo zI_mj-_Nsk_JNY5WRbPT}w^S1yR84eRHPMmPMCVo$9X`c`U(Jql*#t$%k5L4UDDsOU z!m0Ues+TeRsw|&&=Kq7>C7CU^XZw3$$nOZ_=sFqp-;aB$pAX}=P5Rx}OBLQx`6s0y?}T_t|WKkCWK|X6RAmhO*I10H2*Wycbba{4mZ0!uF}aOtzbY z+SP3QUVo%F8-Bg@E|I=zAMyJGmWk3+<~8R8Z74Ytol~{}eJ(m16b;C8k-(R`cELj@ zU=8K%f*z3?ncI{4mpI-~dFn1a>8>2RiyXtGx4bNV^^edya5Qj=`4hpp@kfkenQ`V| zn3#_PJB#?uer<+TuX53?Plv?d?r2K1qWzdC-FG%_3j72RoCCoW5cHWF22QJZcgW^A zCO8^7y~6vxQ^o+~?$AAx0Aq#sPY}AQ0$0g#Mm_OF2q~El9HQb;B%u?fHCR&d1cnIh zjSNXgaCmEE%7AOo84`F@Viso~2mF)9;m;?fqw>+=ZzJy_GlE2jsHUj}{09rf8mq0c z(hAEf$dZGmUK)`&NJb!n=3XTrA|$74P!^;GVS!s<(;yse8ZV{G0?!3Pw20+=rV^Zq zsRm;~e;+4iK@AWFECtUvZ=K18X&+bwN@@z0k{^Q7+B>5)Nh!vhl!_uS%~f^|tHUxv zaZ9PCtb9HVm52dGk}@h|U|K3Jr5DDTlp$lFHDi`h%di&2Qe&yMR9Px56+eV;Vlav- zN>WrgV6>44Pyj+{&V0@_6Xh)9&o{xGF-h~tFb7d5Kv<4LhtrTeB$8^TER!#_lC=t% zGY(8D3?pY?LLxgsdhKF%H8Ym!S1`l_Pc%vwl*%4s!opID1c^d;tW#SN4wjP_SqUyM z=>r&S7soU8if5)&62z;>x$En~=}Qe|5lAj$)6wj?3Ys~b3yS7|-x*A)4ri}pD-^b4 zF@lrX5Gl0Ll0r;@P>#HprAC~;nmLob0q|&vW|N%MK?mn)7Di-=^P#Pjv|PM`Eu1uz z^F)GII6;GwK?p^%%gFz1qN)Y49HY~g{|szQWrlhN8po212Fc2@(=laDjZ_kctAL+_ zOd6t8j%Xznq@=S?#u3SJ{CQeBOM;ceDsF|a0za7*KQ^mad&*zyS+)xtmBJ>)AK|>NGGCE^y3Mt`hWvtRKwc?Rf2+6e`9t2;Px)cn-f#X{>-x8U zRBg-G{F>W{+%EX~CW`%YFM^Y3$2Xl|$JgCcRQc}1?(=GoSn&;)He88Dv@O3ntod~# zB8=7;fp0ol6nxz+#B%Su-^(q3xc`(Nx-f1}(nA!3X8$%5T>sol|HbQkcgL&JhE=$K z+@u}_&rorKii_DS45&C8=OHD}tHf=ORP8=;yLsv|v>XsJti>kv~=gqs_dwy#3 zrz>cXclWDyv*V}LzZd_#63by9HgY*E2AOQsa#)a_I7Z1RlHmMp4aQu>fQVM?QV5A;lbo&c{42e_to3`O}-M%V z;TbiI4$rS=)a_=M-{pt;{wY6{_5G*n1ab%jXSa35y~}s^$K2I_6QdFjTQ3Vevk}JC z?{{__m@&nR@MPaT)9o*x`VvLWTV0=9y-3{NXiwiWAp z*S`42*V5*7T8S~2dXPag38FnEIB&L(9sl3H9pN=_gj$Y;1G!K9{35&0sXRK&pAV0@ zI(xr;j^~5XlGocj5dSF0GcbG>Y@eGII_Ayi)w-W=i@nUu$Y@3;XJl|GgBc%Sh5!$* zG@NU3xFc5kTlI!lu2<||%rT3LvlIT&JKy9_XRgmBFFAh6+mS|L)t;EzCE>Uvyc`)a3H^-!yxr!9U3W3|XofQdKkLt7b?#N9JEm@JrbY%f;8R97ZhvWhZLj`Ez`!f4WKfjg30* z?*F1kyKL;+bCj9cA-y;b_`&SW;_?z0f3o2hzuB;~oNDprfLkdGp4P~MJn(E#+xXh7_hgV}O1{yd)8ErvfreMq8b z<+G9B@=b$y-agG`mo+FZM3;TnfV~u5bbAB(Qbf(3jSZ-H5Xc7Aeu0zDL>fBtmjvFR zJ`WdO3|Ak+1v{M@or5#MCHy?>sGzToYd5SAMkWZ;nj?;tr~e8ak1mHshdSLpc8_9i zJM`y1j*LDBwvJ^h>s`3H!n7%8f9|&VZ3;u0aaB+Wil&? zK?FghwG2@~GAdCfn-Od9qEZ>0ARC;H*(P8hE+|1+umv)N8ocya6>Ez&lx)$F9g1R9 z&cxFm- zL<(H?6;a@o_%SagOExM7ar!7Ag+JseSB|daU?rJUFq@P_$T=!3+%<5vU5%9bY3_84f`sVioGg-y)=5Mxg$i(B zVfU5NUeQnRr63_^&@Pg2(rOcPjD>^I2?;~2NqFVFvR-`)EELF?q61|O=u!}ra!!|^ zSSD?{8BFkPkRhRhKo%*6XoHj~#0=da)>(&4wFa++H_8)vQl6xzubWlKrWlh`ib7@- zSt%eCfW|sd(&ZkRoG0tac+%hOLMW4+M43X$I-yKP8BxGWi3N?rA$aKxdIR1FubtP{ zYvZ-{n!HwCORw>pU2`s4SYcT^Ye}+7*%~LaD%m9Ea(`KUU+R)BAx5N9TwrUBO~rBq z2Leh^l24b|_u*?D3>9L*Q7CJ>ymj}zjoQipBqx{K_qiyMwUSW43d3ZIV6aIl%SvmP zHPyy=L*D4__xoH(r*sa+1e0vgF2oYh8j*A^P9+ASq}hVMS6dVbWw{mbRN29r6#j_#c|DaG2{G005JNt9t+d diff --git a/creusot/tests/should_succeed/checked_ops.coma b/creusot/tests/should_succeed/checked_ops.coma index f6590a22e3..e46e3d0f65 100644 --- a/creusot/tests/should_succeed/checked_ops.coma +++ b/creusot/tests/should_succeed/checked_ops.coma @@ -32,22 +32,22 @@ module M_checked_ops__test_u8_add_example [#"checked_ops.rs" 5 0 5 28] let%span schecked_ops30 = "checked_ops.rs" 9 4 9 39 let%span schecked_ops31 = "checked_ops.rs" 7 4 7 44 let%span schecked_ops32 = "checked_ops.rs" 6 4 6 47 - let%span snum33 = "../../../creusot-contracts/src/std/num.rs" 171 20 172 89 - let%span snum34 = "../../../creusot-contracts/src/std/num.rs" 175 26 175 87 + let%span snum33 = "../../../creusot-contracts/src/std/num.rs" 174 20 175 89 + let%span snum34 = "../../../creusot-contracts/src/std/num.rs" 178 26 178 87 let%span soption35 = "../../../creusot-contracts/src/std/option.rs" 31 0 423 1 let%span soption36 = "../../../creusot-contracts/src/std/option.rs" 51 26 51 51 - let%span snum37 = "../../../creusot-contracts/src/std/num.rs" 183 20 183 93 - let%span snum38 = "../../../creusot-contracts/src/std/num.rs" 187 20 188 51 - let%span snum39 = "../../../creusot-contracts/src/std/num.rs" 194 20 196 92 - let%span snum40 = "../../../creusot-contracts/src/std/num.rs" 199 20 201 92 - let%span snum41 = "../../../creusot-contracts/src/std/num.rs" 211 20 212 51 - let%span snum42 = "../../../creusot-contracts/src/std/num.rs" 215 26 215 83 - let%span snum43 = "../../../creusot-contracts/src/std/num.rs" 216 26 216 83 - let%span snum44 = "../../../creusot-contracts/src/std/num.rs" 225 20 225 95 - let%span snum45 = "../../../creusot-contracts/src/std/num.rs" 229 20 230 53 - let%span snum46 = "../../../creusot-contracts/src/std/num.rs" 236 20 238 94 - let%span snum47 = "../../../creusot-contracts/src/std/num.rs" 241 20 243 94 - let%span snum48 = "../../../creusot-contracts/src/std/num.rs" 247 20 247 98 + let%span snum37 = "../../../creusot-contracts/src/std/num.rs" 186 20 186 93 + let%span snum38 = "../../../creusot-contracts/src/std/num.rs" 190 20 191 51 + let%span snum39 = "../../../creusot-contracts/src/std/num.rs" 197 20 199 92 + let%span snum40 = "../../../creusot-contracts/src/std/num.rs" 202 20 204 92 + let%span snum41 = "../../../creusot-contracts/src/std/num.rs" 214 20 215 51 + let%span snum42 = "../../../creusot-contracts/src/std/num.rs" 218 26 218 83 + let%span snum43 = "../../../creusot-contracts/src/std/num.rs" 219 26 219 83 + let%span snum44 = "../../../creusot-contracts/src/std/num.rs" 228 20 228 95 + let%span snum45 = "../../../creusot-contracts/src/std/num.rs" 232 20 233 53 + let%span snum46 = "../../../creusot-contracts/src/std/num.rs" 239 20 241 94 + let%span snum47 = "../../../creusot-contracts/src/std/num.rs" 244 20 246 94 + let%span snum48 = "../../../creusot-contracts/src/std/num.rs" 250 20 250 98 use prelude.prelude.Int @@ -65,9 +65,9 @@ module M_checked_ops__test_u8_add_example [#"checked_ops.rs" 5 0 5 28] let rec checked_add'0 (self:UInt8.t) (rhs:UInt8.t) (return' (ret:t_Option'0))= any [ return' (result:t_Option'0)-> {[%#snum33] (result = C_None'0) - = (UInt8.to_uint self + UInt8.to_uint rhs < UInt8.to_uint (v_MIN'0 : UInt8.t) - \/ UInt8.to_uint self + UInt8.to_uint rhs > UInt8.to_uint (v_MAX'0 : UInt8.t))} - {[%#snum34] forall r : UInt8.t . result = C_Some'0 r -> UInt8.to_uint r = UInt8.to_uint self + UInt8.to_uint rhs} + = (UInt8.t'int self + UInt8.t'int rhs < UInt8.t'int (v_MIN'0 : UInt8.t) + \/ UInt8.t'int self + UInt8.t'int rhs > UInt8.t'int (v_MAX'0 : UInt8.t))} + {[%#snum34] forall r : UInt8.t . result = C_Some'0 r -> UInt8.t'int r = UInt8.t'int self + UInt8.t'int rhs} (! return' {result}) ] @@ -103,58 +103,56 @@ module M_checked_ops__test_u8_add_example [#"checked_ops.rs" 5 0 5 28] use int.EuclideanDivision let rec wrapping_add'0 (self:UInt8.t) (rhs:UInt8.t) (return' (ret:UInt8.t))= any - [ return' (result:UInt8.t)-> {[%#snum37] UInt8.to_uint result - = EuclideanDivision.mod (UInt8.to_uint self - + UInt8.to_uint rhs) (Power.power 2 (UInt32.to_uint (v_BITS'0 : UInt32.t))) - + UInt8.to_uint (v_MIN'0 : UInt8.t)} - {[%#snum38] UInt8.to_uint self + UInt8.to_uint rhs >= UInt8.to_uint (v_MIN'0 : UInt8.t) - /\ UInt8.to_uint self + UInt8.to_uint rhs <= UInt8.to_uint (v_MAX'0 : UInt8.t) - -> UInt8.to_uint result = UInt8.to_uint self + UInt8.to_uint rhs} - {[%#snum39] UInt8.to_uint self + UInt8.to_uint rhs < UInt8.to_uint (v_MIN'0 : UInt8.t) + [ return' (result:UInt8.t)-> {[%#snum37] UInt8.t'int result + = EuclideanDivision.mod (UInt8.t'int self + UInt8.t'int rhs) (Power.power 2 (UInt32.t'int (v_BITS'0 : UInt32.t))) + + UInt8.t'int (v_MIN'0 : UInt8.t)} + {[%#snum38] UInt8.t'int self + UInt8.t'int rhs >= UInt8.t'int (v_MIN'0 : UInt8.t) + /\ UInt8.t'int self + UInt8.t'int rhs <= UInt8.t'int (v_MAX'0 : UInt8.t) + -> UInt8.t'int result = UInt8.t'int self + UInt8.t'int rhs} + {[%#snum39] UInt8.t'int self + UInt8.t'int rhs < UInt8.t'int (v_MIN'0 : UInt8.t) -> (exists k : int . k > 0 - /\ UInt8.to_uint result - = UInt8.to_uint self + UInt8.to_uint rhs - + k * (UInt8.to_uint (v_MAX'0 : UInt8.t) - UInt8.to_uint (v_MIN'0 : UInt8.t) + 1))} - {[%#snum40] UInt8.to_uint self + UInt8.to_uint rhs > UInt8.to_uint (v_MAX'0 : UInt8.t) + /\ UInt8.t'int result + = UInt8.t'int self + UInt8.t'int rhs + + k * (UInt8.t'int (v_MAX'0 : UInt8.t) - UInt8.t'int (v_MIN'0 : UInt8.t) + 1))} + {[%#snum40] UInt8.t'int self + UInt8.t'int rhs > UInt8.t'int (v_MAX'0 : UInt8.t) -> (exists k : int . k > 0 - /\ UInt8.to_uint result - = UInt8.to_uint self + UInt8.to_uint rhs - - k * (UInt8.to_uint (v_MAX'0 : UInt8.t) - UInt8.to_uint (v_MIN'0 : UInt8.t) + 1))} + /\ UInt8.t'int result + = UInt8.t'int self + UInt8.t'int rhs + - k * (UInt8.t'int (v_MAX'0 : UInt8.t) - UInt8.t'int (v_MIN'0 : UInt8.t) + 1))} (! return' {result}) ] let rec saturating_add'0 (self:UInt8.t) (rhs:UInt8.t) (return' (ret:UInt8.t))= any - [ return' (result:UInt8.t)-> {[%#snum41] UInt8.to_uint self + UInt8.to_uint rhs >= UInt8.to_uint (v_MIN'0 : UInt8.t) - /\ UInt8.to_uint self + UInt8.to_uint rhs <= UInt8.to_uint (v_MAX'0 : UInt8.t) - -> UInt8.to_uint result = UInt8.to_uint self + UInt8.to_uint rhs} - {[%#snum42] UInt8.to_uint self + UInt8.to_uint rhs < UInt8.to_uint (v_MIN'0 : UInt8.t) - -> UInt8.to_uint result = UInt8.to_uint (v_MIN'0 : UInt8.t)} - {[%#snum43] UInt8.to_uint self + UInt8.to_uint rhs > UInt8.to_uint (v_MAX'0 : UInt8.t) - -> UInt8.to_uint result = UInt8.to_uint (v_MAX'0 : UInt8.t)} + [ return' (result:UInt8.t)-> {[%#snum41] UInt8.t'int self + UInt8.t'int rhs >= UInt8.t'int (v_MIN'0 : UInt8.t) + /\ UInt8.t'int self + UInt8.t'int rhs <= UInt8.t'int (v_MAX'0 : UInt8.t) + -> UInt8.t'int result = UInt8.t'int self + UInt8.t'int rhs} + {[%#snum42] UInt8.t'int self + UInt8.t'int rhs < UInt8.t'int (v_MIN'0 : UInt8.t) + -> UInt8.t'int result = UInt8.t'int (v_MIN'0 : UInt8.t)} + {[%#snum43] UInt8.t'int self + UInt8.t'int rhs > UInt8.t'int (v_MAX'0 : UInt8.t) + -> UInt8.t'int result = UInt8.t'int (v_MAX'0 : UInt8.t)} (! return' {result}) ] let rec overflowing_add'0 (self:UInt8.t) (rhs:UInt8.t) (return' (ret:(UInt8.t, bool)))= any - [ return' (result:(UInt8.t, bool))-> {[%#snum44] UInt8.to_uint (let (a, _) = result in a) - = EuclideanDivision.mod (UInt8.to_uint self - + UInt8.to_uint rhs) (Power.power 2 (UInt32.to_uint (v_BITS'0 : UInt32.t))) - + UInt8.to_uint (v_MIN'0 : UInt8.t)} - {[%#snum45] UInt8.to_uint self + UInt8.to_uint rhs >= UInt8.to_uint (v_MIN'0 : UInt8.t) - /\ UInt8.to_uint self + UInt8.to_uint rhs <= UInt8.to_uint (v_MAX'0 : UInt8.t) - -> UInt8.to_uint (let (a, _) = result in a) = UInt8.to_uint self + UInt8.to_uint rhs} - {[%#snum46] UInt8.to_uint self + UInt8.to_uint rhs < UInt8.to_uint (v_MIN'0 : UInt8.t) + [ return' (result:(UInt8.t, bool))-> {[%#snum44] UInt8.t'int (let (a, _) = result in a) + = EuclideanDivision.mod (UInt8.t'int self + UInt8.t'int rhs) (Power.power 2 (UInt32.t'int (v_BITS'0 : UInt32.t))) + + UInt8.t'int (v_MIN'0 : UInt8.t)} + {[%#snum45] UInt8.t'int self + UInt8.t'int rhs >= UInt8.t'int (v_MIN'0 : UInt8.t) + /\ UInt8.t'int self + UInt8.t'int rhs <= UInt8.t'int (v_MAX'0 : UInt8.t) + -> UInt8.t'int (let (a, _) = result in a) = UInt8.t'int self + UInt8.t'int rhs} + {[%#snum46] UInt8.t'int self + UInt8.t'int rhs < UInt8.t'int (v_MIN'0 : UInt8.t) -> (exists k : int . k > 0 - /\ UInt8.to_uint (let (a, _) = result in a) - = UInt8.to_uint self + UInt8.to_uint rhs - + k * (UInt8.to_uint (v_MAX'0 : UInt8.t) - UInt8.to_uint (v_MIN'0 : UInt8.t) + 1))} - {[%#snum47] UInt8.to_uint self + UInt8.to_uint rhs > UInt8.to_uint (v_MAX'0 : UInt8.t) + /\ UInt8.t'int (let (a, _) = result in a) + = UInt8.t'int self + UInt8.t'int rhs + + k * (UInt8.t'int (v_MAX'0 : UInt8.t) - UInt8.t'int (v_MIN'0 : UInt8.t) + 1))} + {[%#snum47] UInt8.t'int self + UInt8.t'int rhs > UInt8.t'int (v_MAX'0 : UInt8.t) -> (exists k : int . k > 0 - /\ UInt8.to_uint (let (a, _) = result in a) - = UInt8.to_uint self + UInt8.to_uint rhs - - k * (UInt8.to_uint (v_MAX'0 : UInt8.t) - UInt8.to_uint (v_MIN'0 : UInt8.t) + 1))} + /\ UInt8.t'int (let (a, _) = result in a) + = UInt8.t'int self + UInt8.t'int rhs + - k * (UInt8.t'int (v_MAX'0 : UInt8.t) - UInt8.t'int (v_MIN'0 : UInt8.t) + 1))} {[%#snum48] (let (_, a) = result in a) - = (UInt8.to_uint self + UInt8.to_uint rhs < UInt8.to_uint (v_MIN'0 : UInt8.t) - \/ UInt8.to_uint self + UInt8.to_uint rhs > UInt8.to_uint (v_MAX'0 : UInt8.t))} + = (UInt8.t'int self + UInt8.t'int rhs < UInt8.t'int (v_MIN'0 : UInt8.t) + \/ UInt8.t'int self + UInt8.t'int rhs > UInt8.t'int (v_MAX'0 : UInt8.t))} (! return' {result}) ] @@ -296,21 +294,21 @@ module M_checked_ops__test_u8_add_overflow [#"checked_ops.rs" 23 0 23 34] let%span schecked_ops10 = "checked_ops.rs" 25 4 25 43 let%span schecked_ops11 = "checked_ops.rs" 24 4 24 43 let%span schecked_ops12 = "checked_ops.rs" 22 11 22 18 - let%span snum13 = "../../../creusot-contracts/src/std/num.rs" 171 20 172 89 - let%span snum14 = "../../../creusot-contracts/src/std/num.rs" 175 26 175 87 + let%span snum13 = "../../../creusot-contracts/src/std/num.rs" 174 20 175 89 + let%span snum14 = "../../../creusot-contracts/src/std/num.rs" 178 26 178 87 let%span soption15 = "../../../creusot-contracts/src/std/option.rs" 51 26 51 51 - let%span snum16 = "../../../creusot-contracts/src/std/num.rs" 183 20 183 93 - let%span snum17 = "../../../creusot-contracts/src/std/num.rs" 187 20 188 51 - let%span snum18 = "../../../creusot-contracts/src/std/num.rs" 194 20 196 92 - let%span snum19 = "../../../creusot-contracts/src/std/num.rs" 199 20 201 92 - let%span snum20 = "../../../creusot-contracts/src/std/num.rs" 211 20 212 51 - let%span snum21 = "../../../creusot-contracts/src/std/num.rs" 215 26 215 83 - let%span snum22 = "../../../creusot-contracts/src/std/num.rs" 216 26 216 83 - let%span snum23 = "../../../creusot-contracts/src/std/num.rs" 225 20 225 95 - let%span snum24 = "../../../creusot-contracts/src/std/num.rs" 229 20 230 53 - let%span snum25 = "../../../creusot-contracts/src/std/num.rs" 236 20 238 94 - let%span snum26 = "../../../creusot-contracts/src/std/num.rs" 241 20 243 94 - let%span snum27 = "../../../creusot-contracts/src/std/num.rs" 247 20 247 98 + let%span snum16 = "../../../creusot-contracts/src/std/num.rs" 186 20 186 93 + let%span snum17 = "../../../creusot-contracts/src/std/num.rs" 190 20 191 51 + let%span snum18 = "../../../creusot-contracts/src/std/num.rs" 197 20 199 92 + let%span snum19 = "../../../creusot-contracts/src/std/num.rs" 202 20 204 92 + let%span snum20 = "../../../creusot-contracts/src/std/num.rs" 214 20 215 51 + let%span snum21 = "../../../creusot-contracts/src/std/num.rs" 218 26 218 83 + let%span snum22 = "../../../creusot-contracts/src/std/num.rs" 219 26 219 83 + let%span snum23 = "../../../creusot-contracts/src/std/num.rs" 228 20 228 95 + let%span snum24 = "../../../creusot-contracts/src/std/num.rs" 232 20 233 53 + let%span snum25 = "../../../creusot-contracts/src/std/num.rs" 239 20 241 94 + let%span snum26 = "../../../creusot-contracts/src/std/num.rs" 244 20 246 94 + let%span snum27 = "../../../creusot-contracts/src/std/num.rs" 250 20 250 98 use prelude.prelude.Int @@ -328,9 +326,9 @@ module M_checked_ops__test_u8_add_overflow [#"checked_ops.rs" 23 0 23 34] let rec checked_add'0 (self:UInt8.t) (rhs:UInt8.t) (return' (ret:t_Option'0))= any [ return' (result:t_Option'0)-> {[%#snum13] (result = C_None'0) - = (UInt8.to_uint self + UInt8.to_uint rhs < UInt8.to_uint (v_MIN'0 : UInt8.t) - \/ UInt8.to_uint self + UInt8.to_uint rhs > UInt8.to_uint (v_MAX'0 : UInt8.t))} - {[%#snum14] forall r : UInt8.t . result = C_Some'0 r -> UInt8.to_uint r = UInt8.to_uint self + UInt8.to_uint rhs} + = (UInt8.t'int self + UInt8.t'int rhs < UInt8.t'int (v_MIN'0 : UInt8.t) + \/ UInt8.t'int self + UInt8.t'int rhs > UInt8.t'int (v_MAX'0 : UInt8.t))} + {[%#snum14] forall r : UInt8.t . result = C_Some'0 r -> UInt8.t'int r = UInt8.t'int self + UInt8.t'int rhs} (! return' {result}) ] @@ -354,58 +352,56 @@ module M_checked_ops__test_u8_add_overflow [#"checked_ops.rs" 23 0 23 34] use int.EuclideanDivision let rec wrapping_add'0 (self:UInt8.t) (rhs:UInt8.t) (return' (ret:UInt8.t))= any - [ return' (result:UInt8.t)-> {[%#snum16] UInt8.to_uint result - = EuclideanDivision.mod (UInt8.to_uint self - + UInt8.to_uint rhs) (Power.power 2 (UInt32.to_uint (v_BITS'0 : UInt32.t))) - + UInt8.to_uint (v_MIN'0 : UInt8.t)} - {[%#snum17] UInt8.to_uint self + UInt8.to_uint rhs >= UInt8.to_uint (v_MIN'0 : UInt8.t) - /\ UInt8.to_uint self + UInt8.to_uint rhs <= UInt8.to_uint (v_MAX'0 : UInt8.t) - -> UInt8.to_uint result = UInt8.to_uint self + UInt8.to_uint rhs} - {[%#snum18] UInt8.to_uint self + UInt8.to_uint rhs < UInt8.to_uint (v_MIN'0 : UInt8.t) + [ return' (result:UInt8.t)-> {[%#snum16] UInt8.t'int result + = EuclideanDivision.mod (UInt8.t'int self + UInt8.t'int rhs) (Power.power 2 (UInt32.t'int (v_BITS'0 : UInt32.t))) + + UInt8.t'int (v_MIN'0 : UInt8.t)} + {[%#snum17] UInt8.t'int self + UInt8.t'int rhs >= UInt8.t'int (v_MIN'0 : UInt8.t) + /\ UInt8.t'int self + UInt8.t'int rhs <= UInt8.t'int (v_MAX'0 : UInt8.t) + -> UInt8.t'int result = UInt8.t'int self + UInt8.t'int rhs} + {[%#snum18] UInt8.t'int self + UInt8.t'int rhs < UInt8.t'int (v_MIN'0 : UInt8.t) -> (exists k : int . k > 0 - /\ UInt8.to_uint result - = UInt8.to_uint self + UInt8.to_uint rhs - + k * (UInt8.to_uint (v_MAX'0 : UInt8.t) - UInt8.to_uint (v_MIN'0 : UInt8.t) + 1))} - {[%#snum19] UInt8.to_uint self + UInt8.to_uint rhs > UInt8.to_uint (v_MAX'0 : UInt8.t) + /\ UInt8.t'int result + = UInt8.t'int self + UInt8.t'int rhs + + k * (UInt8.t'int (v_MAX'0 : UInt8.t) - UInt8.t'int (v_MIN'0 : UInt8.t) + 1))} + {[%#snum19] UInt8.t'int self + UInt8.t'int rhs > UInt8.t'int (v_MAX'0 : UInt8.t) -> (exists k : int . k > 0 - /\ UInt8.to_uint result - = UInt8.to_uint self + UInt8.to_uint rhs - - k * (UInt8.to_uint (v_MAX'0 : UInt8.t) - UInt8.to_uint (v_MIN'0 : UInt8.t) + 1))} + /\ UInt8.t'int result + = UInt8.t'int self + UInt8.t'int rhs + - k * (UInt8.t'int (v_MAX'0 : UInt8.t) - UInt8.t'int (v_MIN'0 : UInt8.t) + 1))} (! return' {result}) ] let rec saturating_add'0 (self:UInt8.t) (rhs:UInt8.t) (return' (ret:UInt8.t))= any - [ return' (result:UInt8.t)-> {[%#snum20] UInt8.to_uint self + UInt8.to_uint rhs >= UInt8.to_uint (v_MIN'0 : UInt8.t) - /\ UInt8.to_uint self + UInt8.to_uint rhs <= UInt8.to_uint (v_MAX'0 : UInt8.t) - -> UInt8.to_uint result = UInt8.to_uint self + UInt8.to_uint rhs} - {[%#snum21] UInt8.to_uint self + UInt8.to_uint rhs < UInt8.to_uint (v_MIN'0 : UInt8.t) - -> UInt8.to_uint result = UInt8.to_uint (v_MIN'0 : UInt8.t)} - {[%#snum22] UInt8.to_uint self + UInt8.to_uint rhs > UInt8.to_uint (v_MAX'0 : UInt8.t) - -> UInt8.to_uint result = UInt8.to_uint (v_MAX'0 : UInt8.t)} + [ return' (result:UInt8.t)-> {[%#snum20] UInt8.t'int self + UInt8.t'int rhs >= UInt8.t'int (v_MIN'0 : UInt8.t) + /\ UInt8.t'int self + UInt8.t'int rhs <= UInt8.t'int (v_MAX'0 : UInt8.t) + -> UInt8.t'int result = UInt8.t'int self + UInt8.t'int rhs} + {[%#snum21] UInt8.t'int self + UInt8.t'int rhs < UInt8.t'int (v_MIN'0 : UInt8.t) + -> UInt8.t'int result = UInt8.t'int (v_MIN'0 : UInt8.t)} + {[%#snum22] UInt8.t'int self + UInt8.t'int rhs > UInt8.t'int (v_MAX'0 : UInt8.t) + -> UInt8.t'int result = UInt8.t'int (v_MAX'0 : UInt8.t)} (! return' {result}) ] let rec overflowing_add'0 (self:UInt8.t) (rhs:UInt8.t) (return' (ret:(UInt8.t, bool)))= any - [ return' (result:(UInt8.t, bool))-> {[%#snum23] UInt8.to_uint (let (a, _) = result in a) - = EuclideanDivision.mod (UInt8.to_uint self - + UInt8.to_uint rhs) (Power.power 2 (UInt32.to_uint (v_BITS'0 : UInt32.t))) - + UInt8.to_uint (v_MIN'0 : UInt8.t)} - {[%#snum24] UInt8.to_uint self + UInt8.to_uint rhs >= UInt8.to_uint (v_MIN'0 : UInt8.t) - /\ UInt8.to_uint self + UInt8.to_uint rhs <= UInt8.to_uint (v_MAX'0 : UInt8.t) - -> UInt8.to_uint (let (a, _) = result in a) = UInt8.to_uint self + UInt8.to_uint rhs} - {[%#snum25] UInt8.to_uint self + UInt8.to_uint rhs < UInt8.to_uint (v_MIN'0 : UInt8.t) + [ return' (result:(UInt8.t, bool))-> {[%#snum23] UInt8.t'int (let (a, _) = result in a) + = EuclideanDivision.mod (UInt8.t'int self + UInt8.t'int rhs) (Power.power 2 (UInt32.t'int (v_BITS'0 : UInt32.t))) + + UInt8.t'int (v_MIN'0 : UInt8.t)} + {[%#snum24] UInt8.t'int self + UInt8.t'int rhs >= UInt8.t'int (v_MIN'0 : UInt8.t) + /\ UInt8.t'int self + UInt8.t'int rhs <= UInt8.t'int (v_MAX'0 : UInt8.t) + -> UInt8.t'int (let (a, _) = result in a) = UInt8.t'int self + UInt8.t'int rhs} + {[%#snum25] UInt8.t'int self + UInt8.t'int rhs < UInt8.t'int (v_MIN'0 : UInt8.t) -> (exists k : int . k > 0 - /\ UInt8.to_uint (let (a, _) = result in a) - = UInt8.to_uint self + UInt8.to_uint rhs - + k * (UInt8.to_uint (v_MAX'0 : UInt8.t) - UInt8.to_uint (v_MIN'0 : UInt8.t) + 1))} - {[%#snum26] UInt8.to_uint self + UInt8.to_uint rhs > UInt8.to_uint (v_MAX'0 : UInt8.t) + /\ UInt8.t'int (let (a, _) = result in a) + = UInt8.t'int self + UInt8.t'int rhs + + k * (UInt8.t'int (v_MAX'0 : UInt8.t) - UInt8.t'int (v_MIN'0 : UInt8.t) + 1))} + {[%#snum26] UInt8.t'int self + UInt8.t'int rhs > UInt8.t'int (v_MAX'0 : UInt8.t) -> (exists k : int . k > 0 - /\ UInt8.to_uint (let (a, _) = result in a) - = UInt8.to_uint self + UInt8.to_uint rhs - - k * (UInt8.to_uint (v_MAX'0 : UInt8.t) - UInt8.to_uint (v_MIN'0 : UInt8.t) + 1))} + /\ UInt8.t'int (let (a, _) = result in a) + = UInt8.t'int self + UInt8.t'int rhs + - k * (UInt8.t'int (v_MAX'0 : UInt8.t) - UInt8.t'int (v_MIN'0 : UInt8.t) + 1))} {[%#snum27] (let (_, a) = result in a) - = (UInt8.to_uint self + UInt8.to_uint rhs < UInt8.to_uint (v_MIN'0 : UInt8.t) - \/ UInt8.to_uint self + UInt8.to_uint rhs > UInt8.to_uint (v_MAX'0 : UInt8.t))} + = (UInt8.t'int self + UInt8.t'int rhs < UInt8.t'int (v_MIN'0 : UInt8.t) + \/ UInt8.t'int self + UInt8.t'int rhs > UInt8.t'int (v_MAX'0 : UInt8.t))} (! return' {result}) ] @@ -415,7 +411,7 @@ module M_checked_ops__test_u8_add_overflow [#"checked_ops.rs" 23 0 23 34] meta "compute_max_steps" 1000000 - let rec test_u8_add_overflow'0 (a:UInt8.t) (return' (ret:()))= {[@expl:test_u8_add_overflow requires] [%#schecked_ops12] UInt8.to_uint a + let rec test_u8_add_overflow'0 (a:UInt8.t) (return' (ret:()))= {[@expl:test_u8_add_overflow requires] [%#schecked_ops12] UInt8.t'int a <> 0} (! bb0 [ bb0 = s0 @@ -480,10 +476,10 @@ module M_checked_ops__test_u8_add_overflow [#"checked_ops.rs" 23 0 23 34] end module M_checked_ops__test_u8_wrapping_add [#"checked_ops.rs" 34 0 34 47] let%span schecked_ops0 = "checked_ops.rs" 33 10 33 56 - let%span snum1 = "../../../creusot-contracts/src/std/num.rs" 183 20 183 93 - let%span snum2 = "../../../creusot-contracts/src/std/num.rs" 187 20 188 51 - let%span snum3 = "../../../creusot-contracts/src/std/num.rs" 194 20 196 92 - let%span snum4 = "../../../creusot-contracts/src/std/num.rs" 199 20 201 92 + let%span snum1 = "../../../creusot-contracts/src/std/num.rs" 186 20 186 93 + let%span snum2 = "../../../creusot-contracts/src/std/num.rs" 190 20 191 51 + let%span snum3 = "../../../creusot-contracts/src/std/num.rs" 197 20 199 92 + let%span snum4 = "../../../creusot-contracts/src/std/num.rs" 202 20 204 92 use prelude.prelude.UInt8 @@ -506,23 +502,22 @@ module M_checked_ops__test_u8_wrapping_add [#"checked_ops.rs" 34 0 34 47] constant v_MAX'0 : UInt8.t = (255 : UInt8.t) let rec wrapping_add'0 (self:UInt8.t) (rhs:UInt8.t) (return' (ret:UInt8.t))= any - [ return' (result:UInt8.t)-> {[%#snum1] UInt8.to_uint result - = EuclideanDivision.mod (UInt8.to_uint self - + UInt8.to_uint rhs) (Power.power 2 (UInt32.to_uint (v_BITS'0 : UInt32.t))) - + UInt8.to_uint (v_MIN'0 : UInt8.t)} - {[%#snum2] UInt8.to_uint self + UInt8.to_uint rhs >= UInt8.to_uint (v_MIN'0 : UInt8.t) - /\ UInt8.to_uint self + UInt8.to_uint rhs <= UInt8.to_uint (v_MAX'0 : UInt8.t) - -> UInt8.to_uint result = UInt8.to_uint self + UInt8.to_uint rhs} - {[%#snum3] UInt8.to_uint self + UInt8.to_uint rhs < UInt8.to_uint (v_MIN'0 : UInt8.t) + [ return' (result:UInt8.t)-> {[%#snum1] UInt8.t'int result + = EuclideanDivision.mod (UInt8.t'int self + UInt8.t'int rhs) (Power.power 2 (UInt32.t'int (v_BITS'0 : UInt32.t))) + + UInt8.t'int (v_MIN'0 : UInt8.t)} + {[%#snum2] UInt8.t'int self + UInt8.t'int rhs >= UInt8.t'int (v_MIN'0 : UInt8.t) + /\ UInt8.t'int self + UInt8.t'int rhs <= UInt8.t'int (v_MAX'0 : UInt8.t) + -> UInt8.t'int result = UInt8.t'int self + UInt8.t'int rhs} + {[%#snum3] UInt8.t'int self + UInt8.t'int rhs < UInt8.t'int (v_MIN'0 : UInt8.t) -> (exists k : int . k > 0 - /\ UInt8.to_uint result - = UInt8.to_uint self + UInt8.to_uint rhs - + k * (UInt8.to_uint (v_MAX'0 : UInt8.t) - UInt8.to_uint (v_MIN'0 : UInt8.t) + 1))} - {[%#snum4] UInt8.to_uint self + UInt8.to_uint rhs > UInt8.to_uint (v_MAX'0 : UInt8.t) + /\ UInt8.t'int result + = UInt8.t'int self + UInt8.t'int rhs + + k * (UInt8.t'int (v_MAX'0 : UInt8.t) - UInt8.t'int (v_MIN'0 : UInt8.t) + 1))} + {[%#snum4] UInt8.t'int self + UInt8.t'int rhs > UInt8.t'int (v_MAX'0 : UInt8.t) -> (exists k : int . k > 0 - /\ UInt8.to_uint result - = UInt8.to_uint self + UInt8.to_uint rhs - - k * (UInt8.to_uint (v_MAX'0 : UInt8.t) - UInt8.to_uint (v_MIN'0 : UInt8.t) + 1))} + /\ UInt8.t'int result + = UInt8.t'int self + UInt8.t'int rhs + - k * (UInt8.t'int (v_MAX'0 : UInt8.t) - UInt8.t'int (v_MIN'0 : UInt8.t) + 1))} (! return' {result}) ] @@ -534,26 +529,26 @@ module M_checked_ops__test_u8_wrapping_add [#"checked_ops.rs" 34 0 34 47] [ bb0 = s0 [ s0 = wrapping_add'0 {a} {b} (fun (_ret':UInt8.t) -> [ &_0 <- _ret' ] s1) | s1 = bb1 ] | bb1 = return' {_0} ] ) [ & _0 : UInt8.t = any_l () | & a : UInt8.t = a | & b : UInt8.t = b ] - [ return' (result:UInt8.t)-> {[@expl:test_u8_wrapping_add ensures] [%#schecked_ops0] UInt8.to_uint result - = UInt8.to_uint a + UInt8.to_uint b - \/ UInt8.to_uint result = UInt8.to_uint a + UInt8.to_uint b - 256} + [ return' (result:UInt8.t)-> {[@expl:test_u8_wrapping_add ensures] [%#schecked_ops0] UInt8.t'int result + = UInt8.t'int a + UInt8.t'int b + \/ UInt8.t'int result = UInt8.t'int a + UInt8.t'int b - 256} (! return' {result}) ] end module M_checked_ops__test_u8_overflowing_add [#"checked_ops.rs" 39 0 39 44] let%span schecked_ops0 = "checked_ops.rs" 41 4 41 65 let%span schecked_ops1 = "checked_ops.rs" 40 4 40 56 - let%span snum2 = "../../../creusot-contracts/src/std/num.rs" 225 20 225 95 - let%span snum3 = "../../../creusot-contracts/src/std/num.rs" 229 20 230 53 - let%span snum4 = "../../../creusot-contracts/src/std/num.rs" 236 20 238 94 - let%span snum5 = "../../../creusot-contracts/src/std/num.rs" 241 20 243 94 - let%span snum6 = "../../../creusot-contracts/src/std/num.rs" 247 20 247 98 - let%span snum7 = "../../../creusot-contracts/src/std/num.rs" 183 20 183 93 - let%span snum8 = "../../../creusot-contracts/src/std/num.rs" 187 20 188 51 - let%span snum9 = "../../../creusot-contracts/src/std/num.rs" 194 20 196 92 - let%span snum10 = "../../../creusot-contracts/src/std/num.rs" 199 20 201 92 - let%span snum11 = "../../../creusot-contracts/src/std/num.rs" 171 20 172 89 - let%span snum12 = "../../../creusot-contracts/src/std/num.rs" 175 26 175 87 + let%span snum2 = "../../../creusot-contracts/src/std/num.rs" 228 20 228 95 + let%span snum3 = "../../../creusot-contracts/src/std/num.rs" 232 20 233 53 + let%span snum4 = "../../../creusot-contracts/src/std/num.rs" 239 20 241 94 + let%span snum5 = "../../../creusot-contracts/src/std/num.rs" 244 20 246 94 + let%span snum6 = "../../../creusot-contracts/src/std/num.rs" 250 20 250 98 + let%span snum7 = "../../../creusot-contracts/src/std/num.rs" 186 20 186 93 + let%span snum8 = "../../../creusot-contracts/src/std/num.rs" 190 20 191 51 + let%span snum9 = "../../../creusot-contracts/src/std/num.rs" 197 20 199 92 + let%span snum10 = "../../../creusot-contracts/src/std/num.rs" 202 20 204 92 + let%span snum11 = "../../../creusot-contracts/src/std/num.rs" 174 20 175 89 + let%span snum12 = "../../../creusot-contracts/src/std/num.rs" 178 26 178 87 let%span soption13 = "../../../creusot-contracts/src/std/option.rs" 51 26 51 51 use prelude.prelude.UInt8 @@ -577,47 +572,45 @@ module M_checked_ops__test_u8_overflowing_add [#"checked_ops.rs" 39 0 39 44] constant v_MAX'0 : UInt8.t = (255 : UInt8.t) let rec overflowing_add'0 (self:UInt8.t) (rhs:UInt8.t) (return' (ret:(UInt8.t, bool)))= any - [ return' (result:(UInt8.t, bool))-> {[%#snum2] UInt8.to_uint (let (a, _) = result in a) - = EuclideanDivision.mod (UInt8.to_uint self - + UInt8.to_uint rhs) (Power.power 2 (UInt32.to_uint (v_BITS'0 : UInt32.t))) - + UInt8.to_uint (v_MIN'0 : UInt8.t)} - {[%#snum3] UInt8.to_uint self + UInt8.to_uint rhs >= UInt8.to_uint (v_MIN'0 : UInt8.t) - /\ UInt8.to_uint self + UInt8.to_uint rhs <= UInt8.to_uint (v_MAX'0 : UInt8.t) - -> UInt8.to_uint (let (a, _) = result in a) = UInt8.to_uint self + UInt8.to_uint rhs} - {[%#snum4] UInt8.to_uint self + UInt8.to_uint rhs < UInt8.to_uint (v_MIN'0 : UInt8.t) + [ return' (result:(UInt8.t, bool))-> {[%#snum2] UInt8.t'int (let (a, _) = result in a) + = EuclideanDivision.mod (UInt8.t'int self + UInt8.t'int rhs) (Power.power 2 (UInt32.t'int (v_BITS'0 : UInt32.t))) + + UInt8.t'int (v_MIN'0 : UInt8.t)} + {[%#snum3] UInt8.t'int self + UInt8.t'int rhs >= UInt8.t'int (v_MIN'0 : UInt8.t) + /\ UInt8.t'int self + UInt8.t'int rhs <= UInt8.t'int (v_MAX'0 : UInt8.t) + -> UInt8.t'int (let (a, _) = result in a) = UInt8.t'int self + UInt8.t'int rhs} + {[%#snum4] UInt8.t'int self + UInt8.t'int rhs < UInt8.t'int (v_MIN'0 : UInt8.t) -> (exists k : int . k > 0 - /\ UInt8.to_uint (let (a, _) = result in a) - = UInt8.to_uint self + UInt8.to_uint rhs - + k * (UInt8.to_uint (v_MAX'0 : UInt8.t) - UInt8.to_uint (v_MIN'0 : UInt8.t) + 1))} - {[%#snum5] UInt8.to_uint self + UInt8.to_uint rhs > UInt8.to_uint (v_MAX'0 : UInt8.t) + /\ UInt8.t'int (let (a, _) = result in a) + = UInt8.t'int self + UInt8.t'int rhs + + k * (UInt8.t'int (v_MAX'0 : UInt8.t) - UInt8.t'int (v_MIN'0 : UInt8.t) + 1))} + {[%#snum5] UInt8.t'int self + UInt8.t'int rhs > UInt8.t'int (v_MAX'0 : UInt8.t) -> (exists k : int . k > 0 - /\ UInt8.to_uint (let (a, _) = result in a) - = UInt8.to_uint self + UInt8.to_uint rhs - - k * (UInt8.to_uint (v_MAX'0 : UInt8.t) - UInt8.to_uint (v_MIN'0 : UInt8.t) + 1))} + /\ UInt8.t'int (let (a, _) = result in a) + = UInt8.t'int self + UInt8.t'int rhs + - k * (UInt8.t'int (v_MAX'0 : UInt8.t) - UInt8.t'int (v_MIN'0 : UInt8.t) + 1))} {[%#snum6] (let (_, a) = result in a) - = (UInt8.to_uint self + UInt8.to_uint rhs < UInt8.to_uint (v_MIN'0 : UInt8.t) - \/ UInt8.to_uint self + UInt8.to_uint rhs > UInt8.to_uint (v_MAX'0 : UInt8.t))} + = (UInt8.t'int self + UInt8.t'int rhs < UInt8.t'int (v_MIN'0 : UInt8.t) + \/ UInt8.t'int self + UInt8.t'int rhs > UInt8.t'int (v_MAX'0 : UInt8.t))} (! return' {result}) ] let rec wrapping_add'0 (self:UInt8.t) (rhs:UInt8.t) (return' (ret:UInt8.t))= any - [ return' (result:UInt8.t)-> {[%#snum7] UInt8.to_uint result - = EuclideanDivision.mod (UInt8.to_uint self - + UInt8.to_uint rhs) (Power.power 2 (UInt32.to_uint (v_BITS'0 : UInt32.t))) - + UInt8.to_uint (v_MIN'0 : UInt8.t)} - {[%#snum8] UInt8.to_uint self + UInt8.to_uint rhs >= UInt8.to_uint (v_MIN'0 : UInt8.t) - /\ UInt8.to_uint self + UInt8.to_uint rhs <= UInt8.to_uint (v_MAX'0 : UInt8.t) - -> UInt8.to_uint result = UInt8.to_uint self + UInt8.to_uint rhs} - {[%#snum9] UInt8.to_uint self + UInt8.to_uint rhs < UInt8.to_uint (v_MIN'0 : UInt8.t) + [ return' (result:UInt8.t)-> {[%#snum7] UInt8.t'int result + = EuclideanDivision.mod (UInt8.t'int self + UInt8.t'int rhs) (Power.power 2 (UInt32.t'int (v_BITS'0 : UInt32.t))) + + UInt8.t'int (v_MIN'0 : UInt8.t)} + {[%#snum8] UInt8.t'int self + UInt8.t'int rhs >= UInt8.t'int (v_MIN'0 : UInt8.t) + /\ UInt8.t'int self + UInt8.t'int rhs <= UInt8.t'int (v_MAX'0 : UInt8.t) + -> UInt8.t'int result = UInt8.t'int self + UInt8.t'int rhs} + {[%#snum9] UInt8.t'int self + UInt8.t'int rhs < UInt8.t'int (v_MIN'0 : UInt8.t) -> (exists k : int . k > 0 - /\ UInt8.to_uint result - = UInt8.to_uint self + UInt8.to_uint rhs - + k * (UInt8.to_uint (v_MAX'0 : UInt8.t) - UInt8.to_uint (v_MIN'0 : UInt8.t) + 1))} - {[%#snum10] UInt8.to_uint self + UInt8.to_uint rhs > UInt8.to_uint (v_MAX'0 : UInt8.t) + /\ UInt8.t'int result + = UInt8.t'int self + UInt8.t'int rhs + + k * (UInt8.t'int (v_MAX'0 : UInt8.t) - UInt8.t'int (v_MIN'0 : UInt8.t) + 1))} + {[%#snum10] UInt8.t'int self + UInt8.t'int rhs > UInt8.t'int (v_MAX'0 : UInt8.t) -> (exists k : int . k > 0 - /\ UInt8.to_uint result - = UInt8.to_uint self + UInt8.to_uint rhs - - k * (UInt8.to_uint (v_MAX'0 : UInt8.t) - UInt8.to_uint (v_MIN'0 : UInt8.t) + 1))} + /\ UInt8.t'int result + = UInt8.t'int self + UInt8.t'int rhs + - k * (UInt8.t'int (v_MAX'0 : UInt8.t) - UInt8.t'int (v_MIN'0 : UInt8.t) + 1))} (! return' {result}) ] @@ -627,9 +620,9 @@ module M_checked_ops__test_u8_overflowing_add [#"checked_ops.rs" 39 0 39 44] let rec checked_add'0 (self:UInt8.t) (rhs:UInt8.t) (return' (ret:t_Option'0))= any [ return' (result:t_Option'0)-> {[%#snum11] (result = C_None'0) - = (UInt8.to_uint self + UInt8.to_uint rhs < UInt8.to_uint (v_MIN'0 : UInt8.t) - \/ UInt8.to_uint self + UInt8.to_uint rhs > UInt8.to_uint (v_MAX'0 : UInt8.t))} - {[%#snum12] forall r : UInt8.t . result = C_Some'0 r -> UInt8.to_uint r = UInt8.to_uint self + UInt8.to_uint rhs} + = (UInt8.t'int self + UInt8.t'int rhs < UInt8.t'int (v_MIN'0 : UInt8.t) + \/ UInt8.t'int self + UInt8.t'int rhs > UInt8.t'int (v_MAX'0 : UInt8.t))} + {[%#snum12] forall r : UInt8.t . result = C_Some'0 r -> UInt8.t'int r = UInt8.t'int self + UInt8.t'int rhs} (! return' {result}) ] @@ -712,22 +705,22 @@ module M_checked_ops__test_u8_sub_example [#"checked_ops.rs" 45 0 45 28] let%span schecked_ops30 = "checked_ops.rs" 49 4 49 40 let%span schecked_ops31 = "checked_ops.rs" 47 4 47 50 let%span schecked_ops32 = "checked_ops.rs" 46 4 46 42 - let%span snum33 = "../../../creusot-contracts/src/std/num.rs" 171 20 172 89 - let%span snum34 = "../../../creusot-contracts/src/std/num.rs" 175 26 175 87 + let%span snum33 = "../../../creusot-contracts/src/std/num.rs" 174 20 175 89 + let%span snum34 = "../../../creusot-contracts/src/std/num.rs" 178 26 178 87 let%span soption35 = "../../../creusot-contracts/src/std/option.rs" 51 26 51 51 let%span soption36 = "../../../creusot-contracts/src/std/option.rs" 31 0 423 1 - let%span snum37 = "../../../creusot-contracts/src/std/num.rs" 183 20 183 93 - let%span snum38 = "../../../creusot-contracts/src/std/num.rs" 187 20 188 51 - let%span snum39 = "../../../creusot-contracts/src/std/num.rs" 194 20 196 92 - let%span snum40 = "../../../creusot-contracts/src/std/num.rs" 199 20 201 92 - let%span snum41 = "../../../creusot-contracts/src/std/num.rs" 211 20 212 51 - let%span snum42 = "../../../creusot-contracts/src/std/num.rs" 215 26 215 83 - let%span snum43 = "../../../creusot-contracts/src/std/num.rs" 216 26 216 83 - let%span snum44 = "../../../creusot-contracts/src/std/num.rs" 225 20 225 95 - let%span snum45 = "../../../creusot-contracts/src/std/num.rs" 229 20 230 53 - let%span snum46 = "../../../creusot-contracts/src/std/num.rs" 236 20 238 94 - let%span snum47 = "../../../creusot-contracts/src/std/num.rs" 241 20 243 94 - let%span snum48 = "../../../creusot-contracts/src/std/num.rs" 247 20 247 98 + let%span snum37 = "../../../creusot-contracts/src/std/num.rs" 186 20 186 93 + let%span snum38 = "../../../creusot-contracts/src/std/num.rs" 190 20 191 51 + let%span snum39 = "../../../creusot-contracts/src/std/num.rs" 197 20 199 92 + let%span snum40 = "../../../creusot-contracts/src/std/num.rs" 202 20 204 92 + let%span snum41 = "../../../creusot-contracts/src/std/num.rs" 214 20 215 51 + let%span snum42 = "../../../creusot-contracts/src/std/num.rs" 218 26 218 83 + let%span snum43 = "../../../creusot-contracts/src/std/num.rs" 219 26 219 83 + let%span snum44 = "../../../creusot-contracts/src/std/num.rs" 228 20 228 95 + let%span snum45 = "../../../creusot-contracts/src/std/num.rs" 232 20 233 53 + let%span snum46 = "../../../creusot-contracts/src/std/num.rs" 239 20 241 94 + let%span snum47 = "../../../creusot-contracts/src/std/num.rs" 244 20 246 94 + let%span snum48 = "../../../creusot-contracts/src/std/num.rs" 250 20 250 98 use prelude.prelude.Int @@ -745,9 +738,9 @@ module M_checked_ops__test_u8_sub_example [#"checked_ops.rs" 45 0 45 28] let rec checked_sub'0 (self:UInt8.t) (rhs:UInt8.t) (return' (ret:t_Option'0))= any [ return' (result:t_Option'0)-> {[%#snum33] (result = C_None'0) - = (UInt8.to_uint self - UInt8.to_uint rhs < UInt8.to_uint (v_MIN'0 : UInt8.t) - \/ UInt8.to_uint self - UInt8.to_uint rhs > UInt8.to_uint (v_MAX'0 : UInt8.t))} - {[%#snum34] forall r : UInt8.t . result = C_Some'0 r -> UInt8.to_uint r = UInt8.to_uint self - UInt8.to_uint rhs} + = (UInt8.t'int self - UInt8.t'int rhs < UInt8.t'int (v_MIN'0 : UInt8.t) + \/ UInt8.t'int self - UInt8.t'int rhs > UInt8.t'int (v_MAX'0 : UInt8.t))} + {[%#snum34] forall r : UInt8.t . result = C_Some'0 r -> UInt8.t'int r = UInt8.t'int self - UInt8.t'int rhs} (! return' {result}) ] @@ -783,58 +776,56 @@ module M_checked_ops__test_u8_sub_example [#"checked_ops.rs" 45 0 45 28] use int.EuclideanDivision let rec wrapping_sub'0 (self:UInt8.t) (rhs:UInt8.t) (return' (ret:UInt8.t))= any - [ return' (result:UInt8.t)-> {[%#snum37] UInt8.to_uint result - = EuclideanDivision.mod (UInt8.to_uint self - - UInt8.to_uint rhs) (Power.power 2 (UInt32.to_uint (v_BITS'0 : UInt32.t))) - + UInt8.to_uint (v_MIN'0 : UInt8.t)} - {[%#snum38] UInt8.to_uint self - UInt8.to_uint rhs >= UInt8.to_uint (v_MIN'0 : UInt8.t) - /\ UInt8.to_uint self - UInt8.to_uint rhs <= UInt8.to_uint (v_MAX'0 : UInt8.t) - -> UInt8.to_uint result = UInt8.to_uint self - UInt8.to_uint rhs} - {[%#snum39] UInt8.to_uint self - UInt8.to_uint rhs < UInt8.to_uint (v_MIN'0 : UInt8.t) + [ return' (result:UInt8.t)-> {[%#snum37] UInt8.t'int result + = EuclideanDivision.mod (UInt8.t'int self - UInt8.t'int rhs) (Power.power 2 (UInt32.t'int (v_BITS'0 : UInt32.t))) + + UInt8.t'int (v_MIN'0 : UInt8.t)} + {[%#snum38] UInt8.t'int self - UInt8.t'int rhs >= UInt8.t'int (v_MIN'0 : UInt8.t) + /\ UInt8.t'int self - UInt8.t'int rhs <= UInt8.t'int (v_MAX'0 : UInt8.t) + -> UInt8.t'int result = UInt8.t'int self - UInt8.t'int rhs} + {[%#snum39] UInt8.t'int self - UInt8.t'int rhs < UInt8.t'int (v_MIN'0 : UInt8.t) -> (exists k : int . k > 0 - /\ UInt8.to_uint result - = UInt8.to_uint self - UInt8.to_uint rhs - + k * (UInt8.to_uint (v_MAX'0 : UInt8.t) - UInt8.to_uint (v_MIN'0 : UInt8.t) + 1))} - {[%#snum40] UInt8.to_uint self - UInt8.to_uint rhs > UInt8.to_uint (v_MAX'0 : UInt8.t) + /\ UInt8.t'int result + = UInt8.t'int self - UInt8.t'int rhs + + k * (UInt8.t'int (v_MAX'0 : UInt8.t) - UInt8.t'int (v_MIN'0 : UInt8.t) + 1))} + {[%#snum40] UInt8.t'int self - UInt8.t'int rhs > UInt8.t'int (v_MAX'0 : UInt8.t) -> (exists k : int . k > 0 - /\ UInt8.to_uint result - = UInt8.to_uint self - UInt8.to_uint rhs - - k * (UInt8.to_uint (v_MAX'0 : UInt8.t) - UInt8.to_uint (v_MIN'0 : UInt8.t) + 1))} + /\ UInt8.t'int result + = UInt8.t'int self - UInt8.t'int rhs + - k * (UInt8.t'int (v_MAX'0 : UInt8.t) - UInt8.t'int (v_MIN'0 : UInt8.t) + 1))} (! return' {result}) ] let rec saturating_sub'0 (self:UInt8.t) (rhs:UInt8.t) (return' (ret:UInt8.t))= any - [ return' (result:UInt8.t)-> {[%#snum41] UInt8.to_uint self - UInt8.to_uint rhs >= UInt8.to_uint (v_MIN'0 : UInt8.t) - /\ UInt8.to_uint self - UInt8.to_uint rhs <= UInt8.to_uint (v_MAX'0 : UInt8.t) - -> UInt8.to_uint result = UInt8.to_uint self - UInt8.to_uint rhs} - {[%#snum42] UInt8.to_uint self - UInt8.to_uint rhs < UInt8.to_uint (v_MIN'0 : UInt8.t) - -> UInt8.to_uint result = UInt8.to_uint (v_MIN'0 : UInt8.t)} - {[%#snum43] UInt8.to_uint self - UInt8.to_uint rhs > UInt8.to_uint (v_MAX'0 : UInt8.t) - -> UInt8.to_uint result = UInt8.to_uint (v_MAX'0 : UInt8.t)} + [ return' (result:UInt8.t)-> {[%#snum41] UInt8.t'int self - UInt8.t'int rhs >= UInt8.t'int (v_MIN'0 : UInt8.t) + /\ UInt8.t'int self - UInt8.t'int rhs <= UInt8.t'int (v_MAX'0 : UInt8.t) + -> UInt8.t'int result = UInt8.t'int self - UInt8.t'int rhs} + {[%#snum42] UInt8.t'int self - UInt8.t'int rhs < UInt8.t'int (v_MIN'0 : UInt8.t) + -> UInt8.t'int result = UInt8.t'int (v_MIN'0 : UInt8.t)} + {[%#snum43] UInt8.t'int self - UInt8.t'int rhs > UInt8.t'int (v_MAX'0 : UInt8.t) + -> UInt8.t'int result = UInt8.t'int (v_MAX'0 : UInt8.t)} (! return' {result}) ] let rec overflowing_sub'0 (self:UInt8.t) (rhs:UInt8.t) (return' (ret:(UInt8.t, bool)))= any - [ return' (result:(UInt8.t, bool))-> {[%#snum44] UInt8.to_uint (let (a, _) = result in a) - = EuclideanDivision.mod (UInt8.to_uint self - - UInt8.to_uint rhs) (Power.power 2 (UInt32.to_uint (v_BITS'0 : UInt32.t))) - + UInt8.to_uint (v_MIN'0 : UInt8.t)} - {[%#snum45] UInt8.to_uint self - UInt8.to_uint rhs >= UInt8.to_uint (v_MIN'0 : UInt8.t) - /\ UInt8.to_uint self - UInt8.to_uint rhs <= UInt8.to_uint (v_MAX'0 : UInt8.t) - -> UInt8.to_uint (let (a, _) = result in a) = UInt8.to_uint self - UInt8.to_uint rhs} - {[%#snum46] UInt8.to_uint self - UInt8.to_uint rhs < UInt8.to_uint (v_MIN'0 : UInt8.t) + [ return' (result:(UInt8.t, bool))-> {[%#snum44] UInt8.t'int (let (a, _) = result in a) + = EuclideanDivision.mod (UInt8.t'int self - UInt8.t'int rhs) (Power.power 2 (UInt32.t'int (v_BITS'0 : UInt32.t))) + + UInt8.t'int (v_MIN'0 : UInt8.t)} + {[%#snum45] UInt8.t'int self - UInt8.t'int rhs >= UInt8.t'int (v_MIN'0 : UInt8.t) + /\ UInt8.t'int self - UInt8.t'int rhs <= UInt8.t'int (v_MAX'0 : UInt8.t) + -> UInt8.t'int (let (a, _) = result in a) = UInt8.t'int self - UInt8.t'int rhs} + {[%#snum46] UInt8.t'int self - UInt8.t'int rhs < UInt8.t'int (v_MIN'0 : UInt8.t) -> (exists k : int . k > 0 - /\ UInt8.to_uint (let (a, _) = result in a) - = UInt8.to_uint self - UInt8.to_uint rhs - + k * (UInt8.to_uint (v_MAX'0 : UInt8.t) - UInt8.to_uint (v_MIN'0 : UInt8.t) + 1))} - {[%#snum47] UInt8.to_uint self - UInt8.to_uint rhs > UInt8.to_uint (v_MAX'0 : UInt8.t) + /\ UInt8.t'int (let (a, _) = result in a) + = UInt8.t'int self - UInt8.t'int rhs + + k * (UInt8.t'int (v_MAX'0 : UInt8.t) - UInt8.t'int (v_MIN'0 : UInt8.t) + 1))} + {[%#snum47] UInt8.t'int self - UInt8.t'int rhs > UInt8.t'int (v_MAX'0 : UInt8.t) -> (exists k : int . k > 0 - /\ UInt8.to_uint (let (a, _) = result in a) - = UInt8.to_uint self - UInt8.to_uint rhs - - k * (UInt8.to_uint (v_MAX'0 : UInt8.t) - UInt8.to_uint (v_MIN'0 : UInt8.t) + 1))} + /\ UInt8.t'int (let (a, _) = result in a) + = UInt8.t'int self - UInt8.t'int rhs + - k * (UInt8.t'int (v_MAX'0 : UInt8.t) - UInt8.t'int (v_MIN'0 : UInt8.t) + 1))} {[%#snum48] (let (_, a) = result in a) - = (UInt8.to_uint self - UInt8.to_uint rhs < UInt8.to_uint (v_MIN'0 : UInt8.t) - \/ UInt8.to_uint self - UInt8.to_uint rhs > UInt8.to_uint (v_MAX'0 : UInt8.t))} + = (UInt8.t'int self - UInt8.t'int rhs < UInt8.t'int (v_MIN'0 : UInt8.t) + \/ UInt8.t'int self - UInt8.t'int rhs > UInt8.t'int (v_MAX'0 : UInt8.t))} (! return' {result}) ] @@ -978,21 +969,21 @@ module M_checked_ops__test_u8_sub_overflow [#"checked_ops.rs" 63 0 63 34] let%span schecked_ops12 = "checked_ops.rs" 65 4 65 47 let%span schecked_ops13 = "checked_ops.rs" 64 4 64 41 let%span schecked_ops14 = "checked_ops.rs" 62 11 62 18 - let%span snum15 = "../../../creusot-contracts/src/std/num.rs" 171 20 172 89 - let%span snum16 = "../../../creusot-contracts/src/std/num.rs" 175 26 175 87 + let%span snum15 = "../../../creusot-contracts/src/std/num.rs" 174 20 175 89 + let%span snum16 = "../../../creusot-contracts/src/std/num.rs" 178 26 178 87 let%span soption17 = "../../../creusot-contracts/src/std/option.rs" 51 26 51 51 - let%span snum18 = "../../../creusot-contracts/src/std/num.rs" 183 20 183 93 - let%span snum19 = "../../../creusot-contracts/src/std/num.rs" 187 20 188 51 - let%span snum20 = "../../../creusot-contracts/src/std/num.rs" 194 20 196 92 - let%span snum21 = "../../../creusot-contracts/src/std/num.rs" 199 20 201 92 - let%span snum22 = "../../../creusot-contracts/src/std/num.rs" 211 20 212 51 - let%span snum23 = "../../../creusot-contracts/src/std/num.rs" 215 26 215 83 - let%span snum24 = "../../../creusot-contracts/src/std/num.rs" 216 26 216 83 - let%span snum25 = "../../../creusot-contracts/src/std/num.rs" 225 20 225 95 - let%span snum26 = "../../../creusot-contracts/src/std/num.rs" 229 20 230 53 - let%span snum27 = "../../../creusot-contracts/src/std/num.rs" 236 20 238 94 - let%span snum28 = "../../../creusot-contracts/src/std/num.rs" 241 20 243 94 - let%span snum29 = "../../../creusot-contracts/src/std/num.rs" 247 20 247 98 + let%span snum18 = "../../../creusot-contracts/src/std/num.rs" 186 20 186 93 + let%span snum19 = "../../../creusot-contracts/src/std/num.rs" 190 20 191 51 + let%span snum20 = "../../../creusot-contracts/src/std/num.rs" 197 20 199 92 + let%span snum21 = "../../../creusot-contracts/src/std/num.rs" 202 20 204 92 + let%span snum22 = "../../../creusot-contracts/src/std/num.rs" 214 20 215 51 + let%span snum23 = "../../../creusot-contracts/src/std/num.rs" 218 26 218 83 + let%span snum24 = "../../../creusot-contracts/src/std/num.rs" 219 26 219 83 + let%span snum25 = "../../../creusot-contracts/src/std/num.rs" 228 20 228 95 + let%span snum26 = "../../../creusot-contracts/src/std/num.rs" 232 20 233 53 + let%span snum27 = "../../../creusot-contracts/src/std/num.rs" 239 20 241 94 + let%span snum28 = "../../../creusot-contracts/src/std/num.rs" 244 20 246 94 + let%span snum29 = "../../../creusot-contracts/src/std/num.rs" 250 20 250 98 use prelude.prelude.Int @@ -1010,9 +1001,9 @@ module M_checked_ops__test_u8_sub_overflow [#"checked_ops.rs" 63 0 63 34] let rec checked_sub'0 (self:UInt8.t) (rhs:UInt8.t) (return' (ret:t_Option'0))= any [ return' (result:t_Option'0)-> {[%#snum15] (result = C_None'0) - = (UInt8.to_uint self - UInt8.to_uint rhs < UInt8.to_uint (v_MIN'0 : UInt8.t) - \/ UInt8.to_uint self - UInt8.to_uint rhs > UInt8.to_uint (v_MAX'0 : UInt8.t))} - {[%#snum16] forall r : UInt8.t . result = C_Some'0 r -> UInt8.to_uint r = UInt8.to_uint self - UInt8.to_uint rhs} + = (UInt8.t'int self - UInt8.t'int rhs < UInt8.t'int (v_MIN'0 : UInt8.t) + \/ UInt8.t'int self - UInt8.t'int rhs > UInt8.t'int (v_MAX'0 : UInt8.t))} + {[%#snum16] forall r : UInt8.t . result = C_Some'0 r -> UInt8.t'int r = UInt8.t'int self - UInt8.t'int rhs} (! return' {result}) ] @@ -1036,58 +1027,56 @@ module M_checked_ops__test_u8_sub_overflow [#"checked_ops.rs" 63 0 63 34] use int.EuclideanDivision let rec wrapping_sub'0 (self:UInt8.t) (rhs:UInt8.t) (return' (ret:UInt8.t))= any - [ return' (result:UInt8.t)-> {[%#snum18] UInt8.to_uint result - = EuclideanDivision.mod (UInt8.to_uint self - - UInt8.to_uint rhs) (Power.power 2 (UInt32.to_uint (v_BITS'0 : UInt32.t))) - + UInt8.to_uint (v_MIN'0 : UInt8.t)} - {[%#snum19] UInt8.to_uint self - UInt8.to_uint rhs >= UInt8.to_uint (v_MIN'0 : UInt8.t) - /\ UInt8.to_uint self - UInt8.to_uint rhs <= UInt8.to_uint (v_MAX'0 : UInt8.t) - -> UInt8.to_uint result = UInt8.to_uint self - UInt8.to_uint rhs} - {[%#snum20] UInt8.to_uint self - UInt8.to_uint rhs < UInt8.to_uint (v_MIN'0 : UInt8.t) + [ return' (result:UInt8.t)-> {[%#snum18] UInt8.t'int result + = EuclideanDivision.mod (UInt8.t'int self - UInt8.t'int rhs) (Power.power 2 (UInt32.t'int (v_BITS'0 : UInt32.t))) + + UInt8.t'int (v_MIN'0 : UInt8.t)} + {[%#snum19] UInt8.t'int self - UInt8.t'int rhs >= UInt8.t'int (v_MIN'0 : UInt8.t) + /\ UInt8.t'int self - UInt8.t'int rhs <= UInt8.t'int (v_MAX'0 : UInt8.t) + -> UInt8.t'int result = UInt8.t'int self - UInt8.t'int rhs} + {[%#snum20] UInt8.t'int self - UInt8.t'int rhs < UInt8.t'int (v_MIN'0 : UInt8.t) -> (exists k : int . k > 0 - /\ UInt8.to_uint result - = UInt8.to_uint self - UInt8.to_uint rhs - + k * (UInt8.to_uint (v_MAX'0 : UInt8.t) - UInt8.to_uint (v_MIN'0 : UInt8.t) + 1))} - {[%#snum21] UInt8.to_uint self - UInt8.to_uint rhs > UInt8.to_uint (v_MAX'0 : UInt8.t) + /\ UInt8.t'int result + = UInt8.t'int self - UInt8.t'int rhs + + k * (UInt8.t'int (v_MAX'0 : UInt8.t) - UInt8.t'int (v_MIN'0 : UInt8.t) + 1))} + {[%#snum21] UInt8.t'int self - UInt8.t'int rhs > UInt8.t'int (v_MAX'0 : UInt8.t) -> (exists k : int . k > 0 - /\ UInt8.to_uint result - = UInt8.to_uint self - UInt8.to_uint rhs - - k * (UInt8.to_uint (v_MAX'0 : UInt8.t) - UInt8.to_uint (v_MIN'0 : UInt8.t) + 1))} + /\ UInt8.t'int result + = UInt8.t'int self - UInt8.t'int rhs + - k * (UInt8.t'int (v_MAX'0 : UInt8.t) - UInt8.t'int (v_MIN'0 : UInt8.t) + 1))} (! return' {result}) ] let rec saturating_sub'0 (self:UInt8.t) (rhs:UInt8.t) (return' (ret:UInt8.t))= any - [ return' (result:UInt8.t)-> {[%#snum22] UInt8.to_uint self - UInt8.to_uint rhs >= UInt8.to_uint (v_MIN'0 : UInt8.t) - /\ UInt8.to_uint self - UInt8.to_uint rhs <= UInt8.to_uint (v_MAX'0 : UInt8.t) - -> UInt8.to_uint result = UInt8.to_uint self - UInt8.to_uint rhs} - {[%#snum23] UInt8.to_uint self - UInt8.to_uint rhs < UInt8.to_uint (v_MIN'0 : UInt8.t) - -> UInt8.to_uint result = UInt8.to_uint (v_MIN'0 : UInt8.t)} - {[%#snum24] UInt8.to_uint self - UInt8.to_uint rhs > UInt8.to_uint (v_MAX'0 : UInt8.t) - -> UInt8.to_uint result = UInt8.to_uint (v_MAX'0 : UInt8.t)} + [ return' (result:UInt8.t)-> {[%#snum22] UInt8.t'int self - UInt8.t'int rhs >= UInt8.t'int (v_MIN'0 : UInt8.t) + /\ UInt8.t'int self - UInt8.t'int rhs <= UInt8.t'int (v_MAX'0 : UInt8.t) + -> UInt8.t'int result = UInt8.t'int self - UInt8.t'int rhs} + {[%#snum23] UInt8.t'int self - UInt8.t'int rhs < UInt8.t'int (v_MIN'0 : UInt8.t) + -> UInt8.t'int result = UInt8.t'int (v_MIN'0 : UInt8.t)} + {[%#snum24] UInt8.t'int self - UInt8.t'int rhs > UInt8.t'int (v_MAX'0 : UInt8.t) + -> UInt8.t'int result = UInt8.t'int (v_MAX'0 : UInt8.t)} (! return' {result}) ] let rec overflowing_sub'0 (self:UInt8.t) (rhs:UInt8.t) (return' (ret:(UInt8.t, bool)))= any - [ return' (result:(UInt8.t, bool))-> {[%#snum25] UInt8.to_uint (let (a, _) = result in a) - = EuclideanDivision.mod (UInt8.to_uint self - - UInt8.to_uint rhs) (Power.power 2 (UInt32.to_uint (v_BITS'0 : UInt32.t))) - + UInt8.to_uint (v_MIN'0 : UInt8.t)} - {[%#snum26] UInt8.to_uint self - UInt8.to_uint rhs >= UInt8.to_uint (v_MIN'0 : UInt8.t) - /\ UInt8.to_uint self - UInt8.to_uint rhs <= UInt8.to_uint (v_MAX'0 : UInt8.t) - -> UInt8.to_uint (let (a, _) = result in a) = UInt8.to_uint self - UInt8.to_uint rhs} - {[%#snum27] UInt8.to_uint self - UInt8.to_uint rhs < UInt8.to_uint (v_MIN'0 : UInt8.t) + [ return' (result:(UInt8.t, bool))-> {[%#snum25] UInt8.t'int (let (a, _) = result in a) + = EuclideanDivision.mod (UInt8.t'int self - UInt8.t'int rhs) (Power.power 2 (UInt32.t'int (v_BITS'0 : UInt32.t))) + + UInt8.t'int (v_MIN'0 : UInt8.t)} + {[%#snum26] UInt8.t'int self - UInt8.t'int rhs >= UInt8.t'int (v_MIN'0 : UInt8.t) + /\ UInt8.t'int self - UInt8.t'int rhs <= UInt8.t'int (v_MAX'0 : UInt8.t) + -> UInt8.t'int (let (a, _) = result in a) = UInt8.t'int self - UInt8.t'int rhs} + {[%#snum27] UInt8.t'int self - UInt8.t'int rhs < UInt8.t'int (v_MIN'0 : UInt8.t) -> (exists k : int . k > 0 - /\ UInt8.to_uint (let (a, _) = result in a) - = UInt8.to_uint self - UInt8.to_uint rhs - + k * (UInt8.to_uint (v_MAX'0 : UInt8.t) - UInt8.to_uint (v_MIN'0 : UInt8.t) + 1))} - {[%#snum28] UInt8.to_uint self - UInt8.to_uint rhs > UInt8.to_uint (v_MAX'0 : UInt8.t) + /\ UInt8.t'int (let (a, _) = result in a) + = UInt8.t'int self - UInt8.t'int rhs + + k * (UInt8.t'int (v_MAX'0 : UInt8.t) - UInt8.t'int (v_MIN'0 : UInt8.t) + 1))} + {[%#snum28] UInt8.t'int self - UInt8.t'int rhs > UInt8.t'int (v_MAX'0 : UInt8.t) -> (exists k : int . k > 0 - /\ UInt8.to_uint (let (a, _) = result in a) - = UInt8.to_uint self - UInt8.to_uint rhs - - k * (UInt8.to_uint (v_MAX'0 : UInt8.t) - UInt8.to_uint (v_MIN'0 : UInt8.t) + 1))} + /\ UInt8.t'int (let (a, _) = result in a) + = UInt8.t'int self - UInt8.t'int rhs + - k * (UInt8.t'int (v_MAX'0 : UInt8.t) - UInt8.t'int (v_MIN'0 : UInt8.t) + 1))} {[%#snum29] (let (_, a) = result in a) - = (UInt8.to_uint self - UInt8.to_uint rhs < UInt8.to_uint (v_MIN'0 : UInt8.t) - \/ UInt8.to_uint self - UInt8.to_uint rhs > UInt8.to_uint (v_MAX'0 : UInt8.t))} + = (UInt8.t'int self - UInt8.t'int rhs < UInt8.t'int (v_MIN'0 : UInt8.t) + \/ UInt8.t'int self - UInt8.t'int rhs > UInt8.t'int (v_MAX'0 : UInt8.t))} (! return' {result}) ] @@ -1097,7 +1086,7 @@ module M_checked_ops__test_u8_sub_overflow [#"checked_ops.rs" 63 0 63 34] meta "compute_max_steps" 1000000 - let rec test_u8_sub_overflow'0 (a:UInt8.t) (return' (ret:()))= {[@expl:test_u8_sub_overflow requires] [%#schecked_ops14] UInt8.to_uint a + let rec test_u8_sub_overflow'0 (a:UInt8.t) (return' (ret:()))= {[@expl:test_u8_sub_overflow requires] [%#schecked_ops14] UInt8.t'int a <> 0} (! bb0 [ bb0 = s0 @@ -1166,10 +1155,10 @@ module M_checked_ops__test_u8_sub_overflow [#"checked_ops.rs" 63 0 63 34] end module M_checked_ops__test_u8_wrapping_sub [#"checked_ops.rs" 74 0 74 47] let%span schecked_ops0 = "checked_ops.rs" 73 10 73 56 - let%span snum1 = "../../../creusot-contracts/src/std/num.rs" 183 20 183 93 - let%span snum2 = "../../../creusot-contracts/src/std/num.rs" 187 20 188 51 - let%span snum3 = "../../../creusot-contracts/src/std/num.rs" 194 20 196 92 - let%span snum4 = "../../../creusot-contracts/src/std/num.rs" 199 20 201 92 + let%span snum1 = "../../../creusot-contracts/src/std/num.rs" 186 20 186 93 + let%span snum2 = "../../../creusot-contracts/src/std/num.rs" 190 20 191 51 + let%span snum3 = "../../../creusot-contracts/src/std/num.rs" 197 20 199 92 + let%span snum4 = "../../../creusot-contracts/src/std/num.rs" 202 20 204 92 use prelude.prelude.UInt8 @@ -1192,23 +1181,22 @@ module M_checked_ops__test_u8_wrapping_sub [#"checked_ops.rs" 74 0 74 47] constant v_MAX'0 : UInt8.t = (255 : UInt8.t) let rec wrapping_sub'0 (self:UInt8.t) (rhs:UInt8.t) (return' (ret:UInt8.t))= any - [ return' (result:UInt8.t)-> {[%#snum1] UInt8.to_uint result - = EuclideanDivision.mod (UInt8.to_uint self - - UInt8.to_uint rhs) (Power.power 2 (UInt32.to_uint (v_BITS'0 : UInt32.t))) - + UInt8.to_uint (v_MIN'0 : UInt8.t)} - {[%#snum2] UInt8.to_uint self - UInt8.to_uint rhs >= UInt8.to_uint (v_MIN'0 : UInt8.t) - /\ UInt8.to_uint self - UInt8.to_uint rhs <= UInt8.to_uint (v_MAX'0 : UInt8.t) - -> UInt8.to_uint result = UInt8.to_uint self - UInt8.to_uint rhs} - {[%#snum3] UInt8.to_uint self - UInt8.to_uint rhs < UInt8.to_uint (v_MIN'0 : UInt8.t) + [ return' (result:UInt8.t)-> {[%#snum1] UInt8.t'int result + = EuclideanDivision.mod (UInt8.t'int self - UInt8.t'int rhs) (Power.power 2 (UInt32.t'int (v_BITS'0 : UInt32.t))) + + UInt8.t'int (v_MIN'0 : UInt8.t)} + {[%#snum2] UInt8.t'int self - UInt8.t'int rhs >= UInt8.t'int (v_MIN'0 : UInt8.t) + /\ UInt8.t'int self - UInt8.t'int rhs <= UInt8.t'int (v_MAX'0 : UInt8.t) + -> UInt8.t'int result = UInt8.t'int self - UInt8.t'int rhs} + {[%#snum3] UInt8.t'int self - UInt8.t'int rhs < UInt8.t'int (v_MIN'0 : UInt8.t) -> (exists k : int . k > 0 - /\ UInt8.to_uint result - = UInt8.to_uint self - UInt8.to_uint rhs - + k * (UInt8.to_uint (v_MAX'0 : UInt8.t) - UInt8.to_uint (v_MIN'0 : UInt8.t) + 1))} - {[%#snum4] UInt8.to_uint self - UInt8.to_uint rhs > UInt8.to_uint (v_MAX'0 : UInt8.t) + /\ UInt8.t'int result + = UInt8.t'int self - UInt8.t'int rhs + + k * (UInt8.t'int (v_MAX'0 : UInt8.t) - UInt8.t'int (v_MIN'0 : UInt8.t) + 1))} + {[%#snum4] UInt8.t'int self - UInt8.t'int rhs > UInt8.t'int (v_MAX'0 : UInt8.t) -> (exists k : int . k > 0 - /\ UInt8.to_uint result - = UInt8.to_uint self - UInt8.to_uint rhs - - k * (UInt8.to_uint (v_MAX'0 : UInt8.t) - UInt8.to_uint (v_MIN'0 : UInt8.t) + 1))} + /\ UInt8.t'int result + = UInt8.t'int self - UInt8.t'int rhs + - k * (UInt8.t'int (v_MAX'0 : UInt8.t) - UInt8.t'int (v_MIN'0 : UInt8.t) + 1))} (! return' {result}) ] @@ -1220,26 +1208,26 @@ module M_checked_ops__test_u8_wrapping_sub [#"checked_ops.rs" 74 0 74 47] [ bb0 = s0 [ s0 = wrapping_sub'0 {a} {b} (fun (_ret':UInt8.t) -> [ &_0 <- _ret' ] s1) | s1 = bb1 ] | bb1 = return' {_0} ] ) [ & _0 : UInt8.t = any_l () | & a : UInt8.t = a | & b : UInt8.t = b ] - [ return' (result:UInt8.t)-> {[@expl:test_u8_wrapping_sub ensures] [%#schecked_ops0] UInt8.to_uint result - = UInt8.to_uint a - UInt8.to_uint b - \/ UInt8.to_uint result = UInt8.to_uint a - UInt8.to_uint b + 256} + [ return' (result:UInt8.t)-> {[@expl:test_u8_wrapping_sub ensures] [%#schecked_ops0] UInt8.t'int result + = UInt8.t'int a - UInt8.t'int b + \/ UInt8.t'int result = UInt8.t'int a - UInt8.t'int b + 256} (! return' {result}) ] end module M_checked_ops__test_u8_overflowing_sub [#"checked_ops.rs" 79 0 79 44] let%span schecked_ops0 = "checked_ops.rs" 81 4 81 65 let%span schecked_ops1 = "checked_ops.rs" 80 4 80 56 - let%span snum2 = "../../../creusot-contracts/src/std/num.rs" 225 20 225 95 - let%span snum3 = "../../../creusot-contracts/src/std/num.rs" 229 20 230 53 - let%span snum4 = "../../../creusot-contracts/src/std/num.rs" 236 20 238 94 - let%span snum5 = "../../../creusot-contracts/src/std/num.rs" 241 20 243 94 - let%span snum6 = "../../../creusot-contracts/src/std/num.rs" 247 20 247 98 - let%span snum7 = "../../../creusot-contracts/src/std/num.rs" 183 20 183 93 - let%span snum8 = "../../../creusot-contracts/src/std/num.rs" 187 20 188 51 - let%span snum9 = "../../../creusot-contracts/src/std/num.rs" 194 20 196 92 - let%span snum10 = "../../../creusot-contracts/src/std/num.rs" 199 20 201 92 - let%span snum11 = "../../../creusot-contracts/src/std/num.rs" 171 20 172 89 - let%span snum12 = "../../../creusot-contracts/src/std/num.rs" 175 26 175 87 + let%span snum2 = "../../../creusot-contracts/src/std/num.rs" 228 20 228 95 + let%span snum3 = "../../../creusot-contracts/src/std/num.rs" 232 20 233 53 + let%span snum4 = "../../../creusot-contracts/src/std/num.rs" 239 20 241 94 + let%span snum5 = "../../../creusot-contracts/src/std/num.rs" 244 20 246 94 + let%span snum6 = "../../../creusot-contracts/src/std/num.rs" 250 20 250 98 + let%span snum7 = "../../../creusot-contracts/src/std/num.rs" 186 20 186 93 + let%span snum8 = "../../../creusot-contracts/src/std/num.rs" 190 20 191 51 + let%span snum9 = "../../../creusot-contracts/src/std/num.rs" 197 20 199 92 + let%span snum10 = "../../../creusot-contracts/src/std/num.rs" 202 20 204 92 + let%span snum11 = "../../../creusot-contracts/src/std/num.rs" 174 20 175 89 + let%span snum12 = "../../../creusot-contracts/src/std/num.rs" 178 26 178 87 let%span soption13 = "../../../creusot-contracts/src/std/option.rs" 51 26 51 51 use prelude.prelude.UInt8 @@ -1263,47 +1251,45 @@ module M_checked_ops__test_u8_overflowing_sub [#"checked_ops.rs" 79 0 79 44] constant v_MAX'0 : UInt8.t = (255 : UInt8.t) let rec overflowing_sub'0 (self:UInt8.t) (rhs:UInt8.t) (return' (ret:(UInt8.t, bool)))= any - [ return' (result:(UInt8.t, bool))-> {[%#snum2] UInt8.to_uint (let (a, _) = result in a) - = EuclideanDivision.mod (UInt8.to_uint self - - UInt8.to_uint rhs) (Power.power 2 (UInt32.to_uint (v_BITS'0 : UInt32.t))) - + UInt8.to_uint (v_MIN'0 : UInt8.t)} - {[%#snum3] UInt8.to_uint self - UInt8.to_uint rhs >= UInt8.to_uint (v_MIN'0 : UInt8.t) - /\ UInt8.to_uint self - UInt8.to_uint rhs <= UInt8.to_uint (v_MAX'0 : UInt8.t) - -> UInt8.to_uint (let (a, _) = result in a) = UInt8.to_uint self - UInt8.to_uint rhs} - {[%#snum4] UInt8.to_uint self - UInt8.to_uint rhs < UInt8.to_uint (v_MIN'0 : UInt8.t) + [ return' (result:(UInt8.t, bool))-> {[%#snum2] UInt8.t'int (let (a, _) = result in a) + = EuclideanDivision.mod (UInt8.t'int self - UInt8.t'int rhs) (Power.power 2 (UInt32.t'int (v_BITS'0 : UInt32.t))) + + UInt8.t'int (v_MIN'0 : UInt8.t)} + {[%#snum3] UInt8.t'int self - UInt8.t'int rhs >= UInt8.t'int (v_MIN'0 : UInt8.t) + /\ UInt8.t'int self - UInt8.t'int rhs <= UInt8.t'int (v_MAX'0 : UInt8.t) + -> UInt8.t'int (let (a, _) = result in a) = UInt8.t'int self - UInt8.t'int rhs} + {[%#snum4] UInt8.t'int self - UInt8.t'int rhs < UInt8.t'int (v_MIN'0 : UInt8.t) -> (exists k : int . k > 0 - /\ UInt8.to_uint (let (a, _) = result in a) - = UInt8.to_uint self - UInt8.to_uint rhs - + k * (UInt8.to_uint (v_MAX'0 : UInt8.t) - UInt8.to_uint (v_MIN'0 : UInt8.t) + 1))} - {[%#snum5] UInt8.to_uint self - UInt8.to_uint rhs > UInt8.to_uint (v_MAX'0 : UInt8.t) + /\ UInt8.t'int (let (a, _) = result in a) + = UInt8.t'int self - UInt8.t'int rhs + + k * (UInt8.t'int (v_MAX'0 : UInt8.t) - UInt8.t'int (v_MIN'0 : UInt8.t) + 1))} + {[%#snum5] UInt8.t'int self - UInt8.t'int rhs > UInt8.t'int (v_MAX'0 : UInt8.t) -> (exists k : int . k > 0 - /\ UInt8.to_uint (let (a, _) = result in a) - = UInt8.to_uint self - UInt8.to_uint rhs - - k * (UInt8.to_uint (v_MAX'0 : UInt8.t) - UInt8.to_uint (v_MIN'0 : UInt8.t) + 1))} + /\ UInt8.t'int (let (a, _) = result in a) + = UInt8.t'int self - UInt8.t'int rhs + - k * (UInt8.t'int (v_MAX'0 : UInt8.t) - UInt8.t'int (v_MIN'0 : UInt8.t) + 1))} {[%#snum6] (let (_, a) = result in a) - = (UInt8.to_uint self - UInt8.to_uint rhs < UInt8.to_uint (v_MIN'0 : UInt8.t) - \/ UInt8.to_uint self - UInt8.to_uint rhs > UInt8.to_uint (v_MAX'0 : UInt8.t))} + = (UInt8.t'int self - UInt8.t'int rhs < UInt8.t'int (v_MIN'0 : UInt8.t) + \/ UInt8.t'int self - UInt8.t'int rhs > UInt8.t'int (v_MAX'0 : UInt8.t))} (! return' {result}) ] let rec wrapping_sub'0 (self:UInt8.t) (rhs:UInt8.t) (return' (ret:UInt8.t))= any - [ return' (result:UInt8.t)-> {[%#snum7] UInt8.to_uint result - = EuclideanDivision.mod (UInt8.to_uint self - - UInt8.to_uint rhs) (Power.power 2 (UInt32.to_uint (v_BITS'0 : UInt32.t))) - + UInt8.to_uint (v_MIN'0 : UInt8.t)} - {[%#snum8] UInt8.to_uint self - UInt8.to_uint rhs >= UInt8.to_uint (v_MIN'0 : UInt8.t) - /\ UInt8.to_uint self - UInt8.to_uint rhs <= UInt8.to_uint (v_MAX'0 : UInt8.t) - -> UInt8.to_uint result = UInt8.to_uint self - UInt8.to_uint rhs} - {[%#snum9] UInt8.to_uint self - UInt8.to_uint rhs < UInt8.to_uint (v_MIN'0 : UInt8.t) + [ return' (result:UInt8.t)-> {[%#snum7] UInt8.t'int result + = EuclideanDivision.mod (UInt8.t'int self - UInt8.t'int rhs) (Power.power 2 (UInt32.t'int (v_BITS'0 : UInt32.t))) + + UInt8.t'int (v_MIN'0 : UInt8.t)} + {[%#snum8] UInt8.t'int self - UInt8.t'int rhs >= UInt8.t'int (v_MIN'0 : UInt8.t) + /\ UInt8.t'int self - UInt8.t'int rhs <= UInt8.t'int (v_MAX'0 : UInt8.t) + -> UInt8.t'int result = UInt8.t'int self - UInt8.t'int rhs} + {[%#snum9] UInt8.t'int self - UInt8.t'int rhs < UInt8.t'int (v_MIN'0 : UInt8.t) -> (exists k : int . k > 0 - /\ UInt8.to_uint result - = UInt8.to_uint self - UInt8.to_uint rhs - + k * (UInt8.to_uint (v_MAX'0 : UInt8.t) - UInt8.to_uint (v_MIN'0 : UInt8.t) + 1))} - {[%#snum10] UInt8.to_uint self - UInt8.to_uint rhs > UInt8.to_uint (v_MAX'0 : UInt8.t) + /\ UInt8.t'int result + = UInt8.t'int self - UInt8.t'int rhs + + k * (UInt8.t'int (v_MAX'0 : UInt8.t) - UInt8.t'int (v_MIN'0 : UInt8.t) + 1))} + {[%#snum10] UInt8.t'int self - UInt8.t'int rhs > UInt8.t'int (v_MAX'0 : UInt8.t) -> (exists k : int . k > 0 - /\ UInt8.to_uint result - = UInt8.to_uint self - UInt8.to_uint rhs - - k * (UInt8.to_uint (v_MAX'0 : UInt8.t) - UInt8.to_uint (v_MIN'0 : UInt8.t) + 1))} + /\ UInt8.t'int result + = UInt8.t'int self - UInt8.t'int rhs + - k * (UInt8.t'int (v_MAX'0 : UInt8.t) - UInt8.t'int (v_MIN'0 : UInt8.t) + 1))} (! return' {result}) ] @@ -1313,9 +1299,9 @@ module M_checked_ops__test_u8_overflowing_sub [#"checked_ops.rs" 79 0 79 44] let rec checked_sub'0 (self:UInt8.t) (rhs:UInt8.t) (return' (ret:t_Option'0))= any [ return' (result:t_Option'0)-> {[%#snum11] (result = C_None'0) - = (UInt8.to_uint self - UInt8.to_uint rhs < UInt8.to_uint (v_MIN'0 : UInt8.t) - \/ UInt8.to_uint self - UInt8.to_uint rhs > UInt8.to_uint (v_MAX'0 : UInt8.t))} - {[%#snum12] forall r : UInt8.t . result = C_Some'0 r -> UInt8.to_uint r = UInt8.to_uint self - UInt8.to_uint rhs} + = (UInt8.t'int self - UInt8.t'int rhs < UInt8.t'int (v_MIN'0 : UInt8.t) + \/ UInt8.t'int self - UInt8.t'int rhs > UInt8.t'int (v_MAX'0 : UInt8.t))} + {[%#snum12] forall r : UInt8.t . result = C_Some'0 r -> UInt8.t'int r = UInt8.t'int self - UInt8.t'int rhs} (! return' {result}) ] @@ -1398,22 +1384,22 @@ module M_checked_ops__test_u8_mul_example [#"checked_ops.rs" 85 0 85 28] let%span schecked_ops30 = "checked_ops.rs" 89 4 89 39 let%span schecked_ops31 = "checked_ops.rs" 87 4 87 43 let%span schecked_ops32 = "checked_ops.rs" 86 4 86 47 - let%span snum33 = "../../../creusot-contracts/src/std/num.rs" 171 20 172 89 - let%span snum34 = "../../../creusot-contracts/src/std/num.rs" 175 26 175 87 + let%span snum33 = "../../../creusot-contracts/src/std/num.rs" 174 20 175 89 + let%span snum34 = "../../../creusot-contracts/src/std/num.rs" 178 26 178 87 let%span soption35 = "../../../creusot-contracts/src/std/option.rs" 31 0 423 1 let%span soption36 = "../../../creusot-contracts/src/std/option.rs" 51 26 51 51 - let%span snum37 = "../../../creusot-contracts/src/std/num.rs" 183 20 183 93 - let%span snum38 = "../../../creusot-contracts/src/std/num.rs" 187 20 188 51 - let%span snum39 = "../../../creusot-contracts/src/std/num.rs" 194 20 196 92 - let%span snum40 = "../../../creusot-contracts/src/std/num.rs" 199 20 201 92 - let%span snum41 = "../../../creusot-contracts/src/std/num.rs" 211 20 212 51 - let%span snum42 = "../../../creusot-contracts/src/std/num.rs" 215 26 215 83 - let%span snum43 = "../../../creusot-contracts/src/std/num.rs" 216 26 216 83 - let%span snum44 = "../../../creusot-contracts/src/std/num.rs" 225 20 225 95 - let%span snum45 = "../../../creusot-contracts/src/std/num.rs" 229 20 230 53 - let%span snum46 = "../../../creusot-contracts/src/std/num.rs" 236 20 238 94 - let%span snum47 = "../../../creusot-contracts/src/std/num.rs" 241 20 243 94 - let%span snum48 = "../../../creusot-contracts/src/std/num.rs" 247 20 247 98 + let%span snum37 = "../../../creusot-contracts/src/std/num.rs" 186 20 186 93 + let%span snum38 = "../../../creusot-contracts/src/std/num.rs" 190 20 191 51 + let%span snum39 = "../../../creusot-contracts/src/std/num.rs" 197 20 199 92 + let%span snum40 = "../../../creusot-contracts/src/std/num.rs" 202 20 204 92 + let%span snum41 = "../../../creusot-contracts/src/std/num.rs" 214 20 215 51 + let%span snum42 = "../../../creusot-contracts/src/std/num.rs" 218 26 218 83 + let%span snum43 = "../../../creusot-contracts/src/std/num.rs" 219 26 219 83 + let%span snum44 = "../../../creusot-contracts/src/std/num.rs" 228 20 228 95 + let%span snum45 = "../../../creusot-contracts/src/std/num.rs" 232 20 233 53 + let%span snum46 = "../../../creusot-contracts/src/std/num.rs" 239 20 241 94 + let%span snum47 = "../../../creusot-contracts/src/std/num.rs" 244 20 246 94 + let%span snum48 = "../../../creusot-contracts/src/std/num.rs" 250 20 250 98 use prelude.prelude.Int @@ -1431,9 +1417,9 @@ module M_checked_ops__test_u8_mul_example [#"checked_ops.rs" 85 0 85 28] let rec checked_mul'0 (self:UInt8.t) (rhs:UInt8.t) (return' (ret:t_Option'0))= any [ return' (result:t_Option'0)-> {[%#snum33] (result = C_None'0) - = (UInt8.to_uint self * UInt8.to_uint rhs < UInt8.to_uint (v_MIN'0 : UInt8.t) - \/ UInt8.to_uint self * UInt8.to_uint rhs > UInt8.to_uint (v_MAX'0 : UInt8.t))} - {[%#snum34] forall r : UInt8.t . result = C_Some'0 r -> UInt8.to_uint r = UInt8.to_uint self * UInt8.to_uint rhs} + = (UInt8.t'int self * UInt8.t'int rhs < UInt8.t'int (v_MIN'0 : UInt8.t) + \/ UInt8.t'int self * UInt8.t'int rhs > UInt8.t'int (v_MAX'0 : UInt8.t))} + {[%#snum34] forall r : UInt8.t . result = C_Some'0 r -> UInt8.t'int r = UInt8.t'int self * UInt8.t'int rhs} (! return' {result}) ] @@ -1469,58 +1455,56 @@ module M_checked_ops__test_u8_mul_example [#"checked_ops.rs" 85 0 85 28] use int.EuclideanDivision let rec wrapping_mul'0 (self:UInt8.t) (rhs:UInt8.t) (return' (ret:UInt8.t))= any - [ return' (result:UInt8.t)-> {[%#snum37] UInt8.to_uint result - = EuclideanDivision.mod (UInt8.to_uint self - * UInt8.to_uint rhs) (Power.power 2 (UInt32.to_uint (v_BITS'0 : UInt32.t))) - + UInt8.to_uint (v_MIN'0 : UInt8.t)} - {[%#snum38] UInt8.to_uint self * UInt8.to_uint rhs >= UInt8.to_uint (v_MIN'0 : UInt8.t) - /\ UInt8.to_uint self * UInt8.to_uint rhs <= UInt8.to_uint (v_MAX'0 : UInt8.t) - -> UInt8.to_uint result = UInt8.to_uint self * UInt8.to_uint rhs} - {[%#snum39] UInt8.to_uint self * UInt8.to_uint rhs < UInt8.to_uint (v_MIN'0 : UInt8.t) + [ return' (result:UInt8.t)-> {[%#snum37] UInt8.t'int result + = EuclideanDivision.mod (UInt8.t'int self * UInt8.t'int rhs) (Power.power 2 (UInt32.t'int (v_BITS'0 : UInt32.t))) + + UInt8.t'int (v_MIN'0 : UInt8.t)} + {[%#snum38] UInt8.t'int self * UInt8.t'int rhs >= UInt8.t'int (v_MIN'0 : UInt8.t) + /\ UInt8.t'int self * UInt8.t'int rhs <= UInt8.t'int (v_MAX'0 : UInt8.t) + -> UInt8.t'int result = UInt8.t'int self * UInt8.t'int rhs} + {[%#snum39] UInt8.t'int self * UInt8.t'int rhs < UInt8.t'int (v_MIN'0 : UInt8.t) -> (exists k : int . k > 0 - /\ UInt8.to_uint result - = UInt8.to_uint self * UInt8.to_uint rhs - + k * (UInt8.to_uint (v_MAX'0 : UInt8.t) - UInt8.to_uint (v_MIN'0 : UInt8.t) + 1))} - {[%#snum40] UInt8.to_uint self * UInt8.to_uint rhs > UInt8.to_uint (v_MAX'0 : UInt8.t) + /\ UInt8.t'int result + = UInt8.t'int self * UInt8.t'int rhs + + k * (UInt8.t'int (v_MAX'0 : UInt8.t) - UInt8.t'int (v_MIN'0 : UInt8.t) + 1))} + {[%#snum40] UInt8.t'int self * UInt8.t'int rhs > UInt8.t'int (v_MAX'0 : UInt8.t) -> (exists k : int . k > 0 - /\ UInt8.to_uint result - = UInt8.to_uint self * UInt8.to_uint rhs - - k * (UInt8.to_uint (v_MAX'0 : UInt8.t) - UInt8.to_uint (v_MIN'0 : UInt8.t) + 1))} + /\ UInt8.t'int result + = UInt8.t'int self * UInt8.t'int rhs + - k * (UInt8.t'int (v_MAX'0 : UInt8.t) - UInt8.t'int (v_MIN'0 : UInt8.t) + 1))} (! return' {result}) ] let rec saturating_mul'0 (self:UInt8.t) (rhs:UInt8.t) (return' (ret:UInt8.t))= any - [ return' (result:UInt8.t)-> {[%#snum41] UInt8.to_uint self * UInt8.to_uint rhs >= UInt8.to_uint (v_MIN'0 : UInt8.t) - /\ UInt8.to_uint self * UInt8.to_uint rhs <= UInt8.to_uint (v_MAX'0 : UInt8.t) - -> UInt8.to_uint result = UInt8.to_uint self * UInt8.to_uint rhs} - {[%#snum42] UInt8.to_uint self * UInt8.to_uint rhs < UInt8.to_uint (v_MIN'0 : UInt8.t) - -> UInt8.to_uint result = UInt8.to_uint (v_MIN'0 : UInt8.t)} - {[%#snum43] UInt8.to_uint self * UInt8.to_uint rhs > UInt8.to_uint (v_MAX'0 : UInt8.t) - -> UInt8.to_uint result = UInt8.to_uint (v_MAX'0 : UInt8.t)} + [ return' (result:UInt8.t)-> {[%#snum41] UInt8.t'int self * UInt8.t'int rhs >= UInt8.t'int (v_MIN'0 : UInt8.t) + /\ UInt8.t'int self * UInt8.t'int rhs <= UInt8.t'int (v_MAX'0 : UInt8.t) + -> UInt8.t'int result = UInt8.t'int self * UInt8.t'int rhs} + {[%#snum42] UInt8.t'int self * UInt8.t'int rhs < UInt8.t'int (v_MIN'0 : UInt8.t) + -> UInt8.t'int result = UInt8.t'int (v_MIN'0 : UInt8.t)} + {[%#snum43] UInt8.t'int self * UInt8.t'int rhs > UInt8.t'int (v_MAX'0 : UInt8.t) + -> UInt8.t'int result = UInt8.t'int (v_MAX'0 : UInt8.t)} (! return' {result}) ] let rec overflowing_mul'0 (self:UInt8.t) (rhs:UInt8.t) (return' (ret:(UInt8.t, bool)))= any - [ return' (result:(UInt8.t, bool))-> {[%#snum44] UInt8.to_uint (let (a, _) = result in a) - = EuclideanDivision.mod (UInt8.to_uint self - * UInt8.to_uint rhs) (Power.power 2 (UInt32.to_uint (v_BITS'0 : UInt32.t))) - + UInt8.to_uint (v_MIN'0 : UInt8.t)} - {[%#snum45] UInt8.to_uint self * UInt8.to_uint rhs >= UInt8.to_uint (v_MIN'0 : UInt8.t) - /\ UInt8.to_uint self * UInt8.to_uint rhs <= UInt8.to_uint (v_MAX'0 : UInt8.t) - -> UInt8.to_uint (let (a, _) = result in a) = UInt8.to_uint self * UInt8.to_uint rhs} - {[%#snum46] UInt8.to_uint self * UInt8.to_uint rhs < UInt8.to_uint (v_MIN'0 : UInt8.t) + [ return' (result:(UInt8.t, bool))-> {[%#snum44] UInt8.t'int (let (a, _) = result in a) + = EuclideanDivision.mod (UInt8.t'int self * UInt8.t'int rhs) (Power.power 2 (UInt32.t'int (v_BITS'0 : UInt32.t))) + + UInt8.t'int (v_MIN'0 : UInt8.t)} + {[%#snum45] UInt8.t'int self * UInt8.t'int rhs >= UInt8.t'int (v_MIN'0 : UInt8.t) + /\ UInt8.t'int self * UInt8.t'int rhs <= UInt8.t'int (v_MAX'0 : UInt8.t) + -> UInt8.t'int (let (a, _) = result in a) = UInt8.t'int self * UInt8.t'int rhs} + {[%#snum46] UInt8.t'int self * UInt8.t'int rhs < UInt8.t'int (v_MIN'0 : UInt8.t) -> (exists k : int . k > 0 - /\ UInt8.to_uint (let (a, _) = result in a) - = UInt8.to_uint self * UInt8.to_uint rhs - + k * (UInt8.to_uint (v_MAX'0 : UInt8.t) - UInt8.to_uint (v_MIN'0 : UInt8.t) + 1))} - {[%#snum47] UInt8.to_uint self * UInt8.to_uint rhs > UInt8.to_uint (v_MAX'0 : UInt8.t) + /\ UInt8.t'int (let (a, _) = result in a) + = UInt8.t'int self * UInt8.t'int rhs + + k * (UInt8.t'int (v_MAX'0 : UInt8.t) - UInt8.t'int (v_MIN'0 : UInt8.t) + 1))} + {[%#snum47] UInt8.t'int self * UInt8.t'int rhs > UInt8.t'int (v_MAX'0 : UInt8.t) -> (exists k : int . k > 0 - /\ UInt8.to_uint (let (a, _) = result in a) - = UInt8.to_uint self * UInt8.to_uint rhs - - k * (UInt8.to_uint (v_MAX'0 : UInt8.t) - UInt8.to_uint (v_MIN'0 : UInt8.t) + 1))} + /\ UInt8.t'int (let (a, _) = result in a) + = UInt8.t'int self * UInt8.t'int rhs + - k * (UInt8.t'int (v_MAX'0 : UInt8.t) - UInt8.t'int (v_MIN'0 : UInt8.t) + 1))} {[%#snum48] (let (_, a) = result in a) - = (UInt8.to_uint self * UInt8.to_uint rhs < UInt8.to_uint (v_MIN'0 : UInt8.t) - \/ UInt8.to_uint self * UInt8.to_uint rhs > UInt8.to_uint (v_MAX'0 : UInt8.t))} + = (UInt8.t'int self * UInt8.t'int rhs < UInt8.t'int (v_MIN'0 : UInt8.t) + \/ UInt8.t'int self * UInt8.t'int rhs > UInt8.t'int (v_MAX'0 : UInt8.t))} (! return' {result}) ] @@ -1662,21 +1646,21 @@ module M_checked_ops__test_u8_mul_zero [#"checked_ops.rs" 102 0 102 30] let%span schecked_ops10 = "checked_ops.rs" 105 4 105 39 let%span schecked_ops11 = "checked_ops.rs" 104 4 104 37 let%span schecked_ops12 = "checked_ops.rs" 103 4 103 45 - let%span snum13 = "../../../creusot-contracts/src/std/num.rs" 171 20 172 89 - let%span snum14 = "../../../creusot-contracts/src/std/num.rs" 175 26 175 87 + let%span snum13 = "../../../creusot-contracts/src/std/num.rs" 174 20 175 89 + let%span snum14 = "../../../creusot-contracts/src/std/num.rs" 178 26 178 87 let%span soption15 = "../../../creusot-contracts/src/std/option.rs" 31 0 423 1 - let%span snum16 = "../../../creusot-contracts/src/std/num.rs" 183 20 183 93 - let%span snum17 = "../../../creusot-contracts/src/std/num.rs" 187 20 188 51 - let%span snum18 = "../../../creusot-contracts/src/std/num.rs" 194 20 196 92 - let%span snum19 = "../../../creusot-contracts/src/std/num.rs" 199 20 201 92 - let%span snum20 = "../../../creusot-contracts/src/std/num.rs" 211 20 212 51 - let%span snum21 = "../../../creusot-contracts/src/std/num.rs" 215 26 215 83 - let%span snum22 = "../../../creusot-contracts/src/std/num.rs" 216 26 216 83 - let%span snum23 = "../../../creusot-contracts/src/std/num.rs" 225 20 225 95 - let%span snum24 = "../../../creusot-contracts/src/std/num.rs" 229 20 230 53 - let%span snum25 = "../../../creusot-contracts/src/std/num.rs" 236 20 238 94 - let%span snum26 = "../../../creusot-contracts/src/std/num.rs" 241 20 243 94 - let%span snum27 = "../../../creusot-contracts/src/std/num.rs" 247 20 247 98 + let%span snum16 = "../../../creusot-contracts/src/std/num.rs" 186 20 186 93 + let%span snum17 = "../../../creusot-contracts/src/std/num.rs" 190 20 191 51 + let%span snum18 = "../../../creusot-contracts/src/std/num.rs" 197 20 199 92 + let%span snum19 = "../../../creusot-contracts/src/std/num.rs" 202 20 204 92 + let%span snum20 = "../../../creusot-contracts/src/std/num.rs" 214 20 215 51 + let%span snum21 = "../../../creusot-contracts/src/std/num.rs" 218 26 218 83 + let%span snum22 = "../../../creusot-contracts/src/std/num.rs" 219 26 219 83 + let%span snum23 = "../../../creusot-contracts/src/std/num.rs" 228 20 228 95 + let%span snum24 = "../../../creusot-contracts/src/std/num.rs" 232 20 233 53 + let%span snum25 = "../../../creusot-contracts/src/std/num.rs" 239 20 241 94 + let%span snum26 = "../../../creusot-contracts/src/std/num.rs" 244 20 246 94 + let%span snum27 = "../../../creusot-contracts/src/std/num.rs" 250 20 250 98 use prelude.prelude.Int @@ -1694,9 +1678,9 @@ module M_checked_ops__test_u8_mul_zero [#"checked_ops.rs" 102 0 102 30] let rec checked_mul'0 (self:UInt8.t) (rhs:UInt8.t) (return' (ret:t_Option'0))= any [ return' (result:t_Option'0)-> {[%#snum13] (result = C_None'0) - = (UInt8.to_uint self * UInt8.to_uint rhs < UInt8.to_uint (v_MIN'0 : UInt8.t) - \/ UInt8.to_uint self * UInt8.to_uint rhs > UInt8.to_uint (v_MAX'0 : UInt8.t))} - {[%#snum14] forall r : UInt8.t . result = C_Some'0 r -> UInt8.to_uint r = UInt8.to_uint self * UInt8.to_uint rhs} + = (UInt8.t'int self * UInt8.t'int rhs < UInt8.t'int (v_MIN'0 : UInt8.t) + \/ UInt8.t'int self * UInt8.t'int rhs > UInt8.t'int (v_MAX'0 : UInt8.t))} + {[%#snum14] forall r : UInt8.t . result = C_Some'0 r -> UInt8.t'int r = UInt8.t'int self * UInt8.t'int rhs} (! return' {result}) ] @@ -1723,58 +1707,56 @@ module M_checked_ops__test_u8_mul_zero [#"checked_ops.rs" 102 0 102 30] use int.EuclideanDivision let rec wrapping_mul'0 (self:UInt8.t) (rhs:UInt8.t) (return' (ret:UInt8.t))= any - [ return' (result:UInt8.t)-> {[%#snum16] UInt8.to_uint result - = EuclideanDivision.mod (UInt8.to_uint self - * UInt8.to_uint rhs) (Power.power 2 (UInt32.to_uint (v_BITS'0 : UInt32.t))) - + UInt8.to_uint (v_MIN'0 : UInt8.t)} - {[%#snum17] UInt8.to_uint self * UInt8.to_uint rhs >= UInt8.to_uint (v_MIN'0 : UInt8.t) - /\ UInt8.to_uint self * UInt8.to_uint rhs <= UInt8.to_uint (v_MAX'0 : UInt8.t) - -> UInt8.to_uint result = UInt8.to_uint self * UInt8.to_uint rhs} - {[%#snum18] UInt8.to_uint self * UInt8.to_uint rhs < UInt8.to_uint (v_MIN'0 : UInt8.t) + [ return' (result:UInt8.t)-> {[%#snum16] UInt8.t'int result + = EuclideanDivision.mod (UInt8.t'int self * UInt8.t'int rhs) (Power.power 2 (UInt32.t'int (v_BITS'0 : UInt32.t))) + + UInt8.t'int (v_MIN'0 : UInt8.t)} + {[%#snum17] UInt8.t'int self * UInt8.t'int rhs >= UInt8.t'int (v_MIN'0 : UInt8.t) + /\ UInt8.t'int self * UInt8.t'int rhs <= UInt8.t'int (v_MAX'0 : UInt8.t) + -> UInt8.t'int result = UInt8.t'int self * UInt8.t'int rhs} + {[%#snum18] UInt8.t'int self * UInt8.t'int rhs < UInt8.t'int (v_MIN'0 : UInt8.t) -> (exists k : int . k > 0 - /\ UInt8.to_uint result - = UInt8.to_uint self * UInt8.to_uint rhs - + k * (UInt8.to_uint (v_MAX'0 : UInt8.t) - UInt8.to_uint (v_MIN'0 : UInt8.t) + 1))} - {[%#snum19] UInt8.to_uint self * UInt8.to_uint rhs > UInt8.to_uint (v_MAX'0 : UInt8.t) + /\ UInt8.t'int result + = UInt8.t'int self * UInt8.t'int rhs + + k * (UInt8.t'int (v_MAX'0 : UInt8.t) - UInt8.t'int (v_MIN'0 : UInt8.t) + 1))} + {[%#snum19] UInt8.t'int self * UInt8.t'int rhs > UInt8.t'int (v_MAX'0 : UInt8.t) -> (exists k : int . k > 0 - /\ UInt8.to_uint result - = UInt8.to_uint self * UInt8.to_uint rhs - - k * (UInt8.to_uint (v_MAX'0 : UInt8.t) - UInt8.to_uint (v_MIN'0 : UInt8.t) + 1))} + /\ UInt8.t'int result + = UInt8.t'int self * UInt8.t'int rhs + - k * (UInt8.t'int (v_MAX'0 : UInt8.t) - UInt8.t'int (v_MIN'0 : UInt8.t) + 1))} (! return' {result}) ] let rec saturating_mul'0 (self:UInt8.t) (rhs:UInt8.t) (return' (ret:UInt8.t))= any - [ return' (result:UInt8.t)-> {[%#snum20] UInt8.to_uint self * UInt8.to_uint rhs >= UInt8.to_uint (v_MIN'0 : UInt8.t) - /\ UInt8.to_uint self * UInt8.to_uint rhs <= UInt8.to_uint (v_MAX'0 : UInt8.t) - -> UInt8.to_uint result = UInt8.to_uint self * UInt8.to_uint rhs} - {[%#snum21] UInt8.to_uint self * UInt8.to_uint rhs < UInt8.to_uint (v_MIN'0 : UInt8.t) - -> UInt8.to_uint result = UInt8.to_uint (v_MIN'0 : UInt8.t)} - {[%#snum22] UInt8.to_uint self * UInt8.to_uint rhs > UInt8.to_uint (v_MAX'0 : UInt8.t) - -> UInt8.to_uint result = UInt8.to_uint (v_MAX'0 : UInt8.t)} + [ return' (result:UInt8.t)-> {[%#snum20] UInt8.t'int self * UInt8.t'int rhs >= UInt8.t'int (v_MIN'0 : UInt8.t) + /\ UInt8.t'int self * UInt8.t'int rhs <= UInt8.t'int (v_MAX'0 : UInt8.t) + -> UInt8.t'int result = UInt8.t'int self * UInt8.t'int rhs} + {[%#snum21] UInt8.t'int self * UInt8.t'int rhs < UInt8.t'int (v_MIN'0 : UInt8.t) + -> UInt8.t'int result = UInt8.t'int (v_MIN'0 : UInt8.t)} + {[%#snum22] UInt8.t'int self * UInt8.t'int rhs > UInt8.t'int (v_MAX'0 : UInt8.t) + -> UInt8.t'int result = UInt8.t'int (v_MAX'0 : UInt8.t)} (! return' {result}) ] let rec overflowing_mul'0 (self:UInt8.t) (rhs:UInt8.t) (return' (ret:(UInt8.t, bool)))= any - [ return' (result:(UInt8.t, bool))-> {[%#snum23] UInt8.to_uint (let (a, _) = result in a) - = EuclideanDivision.mod (UInt8.to_uint self - * UInt8.to_uint rhs) (Power.power 2 (UInt32.to_uint (v_BITS'0 : UInt32.t))) - + UInt8.to_uint (v_MIN'0 : UInt8.t)} - {[%#snum24] UInt8.to_uint self * UInt8.to_uint rhs >= UInt8.to_uint (v_MIN'0 : UInt8.t) - /\ UInt8.to_uint self * UInt8.to_uint rhs <= UInt8.to_uint (v_MAX'0 : UInt8.t) - -> UInt8.to_uint (let (a, _) = result in a) = UInt8.to_uint self * UInt8.to_uint rhs} - {[%#snum25] UInt8.to_uint self * UInt8.to_uint rhs < UInt8.to_uint (v_MIN'0 : UInt8.t) + [ return' (result:(UInt8.t, bool))-> {[%#snum23] UInt8.t'int (let (a, _) = result in a) + = EuclideanDivision.mod (UInt8.t'int self * UInt8.t'int rhs) (Power.power 2 (UInt32.t'int (v_BITS'0 : UInt32.t))) + + UInt8.t'int (v_MIN'0 : UInt8.t)} + {[%#snum24] UInt8.t'int self * UInt8.t'int rhs >= UInt8.t'int (v_MIN'0 : UInt8.t) + /\ UInt8.t'int self * UInt8.t'int rhs <= UInt8.t'int (v_MAX'0 : UInt8.t) + -> UInt8.t'int (let (a, _) = result in a) = UInt8.t'int self * UInt8.t'int rhs} + {[%#snum25] UInt8.t'int self * UInt8.t'int rhs < UInt8.t'int (v_MIN'0 : UInt8.t) -> (exists k : int . k > 0 - /\ UInt8.to_uint (let (a, _) = result in a) - = UInt8.to_uint self * UInt8.to_uint rhs - + k * (UInt8.to_uint (v_MAX'0 : UInt8.t) - UInt8.to_uint (v_MIN'0 : UInt8.t) + 1))} - {[%#snum26] UInt8.to_uint self * UInt8.to_uint rhs > UInt8.to_uint (v_MAX'0 : UInt8.t) + /\ UInt8.t'int (let (a, _) = result in a) + = UInt8.t'int self * UInt8.t'int rhs + + k * (UInt8.t'int (v_MAX'0 : UInt8.t) - UInt8.t'int (v_MIN'0 : UInt8.t) + 1))} + {[%#snum26] UInt8.t'int self * UInt8.t'int rhs > UInt8.t'int (v_MAX'0 : UInt8.t) -> (exists k : int . k > 0 - /\ UInt8.to_uint (let (a, _) = result in a) - = UInt8.to_uint self * UInt8.to_uint rhs - - k * (UInt8.to_uint (v_MAX'0 : UInt8.t) - UInt8.to_uint (v_MIN'0 : UInt8.t) + 1))} + /\ UInt8.t'int (let (a, _) = result in a) + = UInt8.t'int self * UInt8.t'int rhs + - k * (UInt8.t'int (v_MAX'0 : UInt8.t) - UInt8.t'int (v_MIN'0 : UInt8.t) + 1))} {[%#snum27] (let (_, a) = result in a) - = (UInt8.to_uint self * UInt8.to_uint rhs < UInt8.to_uint (v_MIN'0 : UInt8.t) - \/ UInt8.to_uint self * UInt8.to_uint rhs > UInt8.to_uint (v_MAX'0 : UInt8.t))} + = (UInt8.t'int self * UInt8.t'int rhs < UInt8.t'int (v_MIN'0 : UInt8.t) + \/ UInt8.t'int self * UInt8.t'int rhs > UInt8.t'int (v_MAX'0 : UInt8.t))} (! return' {result}) ] @@ -1849,17 +1831,17 @@ end module M_checked_ops__test_u8_overflowing_mul [#"checked_ops.rs" 111 0 111 44] let%span schecked_ops0 = "checked_ops.rs" 113 4 113 65 let%span schecked_ops1 = "checked_ops.rs" 112 4 112 56 - let%span snum2 = "../../../creusot-contracts/src/std/num.rs" 225 20 225 95 - let%span snum3 = "../../../creusot-contracts/src/std/num.rs" 229 20 230 53 - let%span snum4 = "../../../creusot-contracts/src/std/num.rs" 236 20 238 94 - let%span snum5 = "../../../creusot-contracts/src/std/num.rs" 241 20 243 94 - let%span snum6 = "../../../creusot-contracts/src/std/num.rs" 247 20 247 98 - let%span snum7 = "../../../creusot-contracts/src/std/num.rs" 183 20 183 93 - let%span snum8 = "../../../creusot-contracts/src/std/num.rs" 187 20 188 51 - let%span snum9 = "../../../creusot-contracts/src/std/num.rs" 194 20 196 92 - let%span snum10 = "../../../creusot-contracts/src/std/num.rs" 199 20 201 92 - let%span snum11 = "../../../creusot-contracts/src/std/num.rs" 171 20 172 89 - let%span snum12 = "../../../creusot-contracts/src/std/num.rs" 175 26 175 87 + let%span snum2 = "../../../creusot-contracts/src/std/num.rs" 228 20 228 95 + let%span snum3 = "../../../creusot-contracts/src/std/num.rs" 232 20 233 53 + let%span snum4 = "../../../creusot-contracts/src/std/num.rs" 239 20 241 94 + let%span snum5 = "../../../creusot-contracts/src/std/num.rs" 244 20 246 94 + let%span snum6 = "../../../creusot-contracts/src/std/num.rs" 250 20 250 98 + let%span snum7 = "../../../creusot-contracts/src/std/num.rs" 186 20 186 93 + let%span snum8 = "../../../creusot-contracts/src/std/num.rs" 190 20 191 51 + let%span snum9 = "../../../creusot-contracts/src/std/num.rs" 197 20 199 92 + let%span snum10 = "../../../creusot-contracts/src/std/num.rs" 202 20 204 92 + let%span snum11 = "../../../creusot-contracts/src/std/num.rs" 174 20 175 89 + let%span snum12 = "../../../creusot-contracts/src/std/num.rs" 178 26 178 87 let%span soption13 = "../../../creusot-contracts/src/std/option.rs" 51 26 51 51 use prelude.prelude.UInt8 @@ -1883,47 +1865,45 @@ module M_checked_ops__test_u8_overflowing_mul [#"checked_ops.rs" 111 0 111 44] constant v_MAX'0 : UInt8.t = (255 : UInt8.t) let rec overflowing_mul'0 (self:UInt8.t) (rhs:UInt8.t) (return' (ret:(UInt8.t, bool)))= any - [ return' (result:(UInt8.t, bool))-> {[%#snum2] UInt8.to_uint (let (a, _) = result in a) - = EuclideanDivision.mod (UInt8.to_uint self - * UInt8.to_uint rhs) (Power.power 2 (UInt32.to_uint (v_BITS'0 : UInt32.t))) - + UInt8.to_uint (v_MIN'0 : UInt8.t)} - {[%#snum3] UInt8.to_uint self * UInt8.to_uint rhs >= UInt8.to_uint (v_MIN'0 : UInt8.t) - /\ UInt8.to_uint self * UInt8.to_uint rhs <= UInt8.to_uint (v_MAX'0 : UInt8.t) - -> UInt8.to_uint (let (a, _) = result in a) = UInt8.to_uint self * UInt8.to_uint rhs} - {[%#snum4] UInt8.to_uint self * UInt8.to_uint rhs < UInt8.to_uint (v_MIN'0 : UInt8.t) + [ return' (result:(UInt8.t, bool))-> {[%#snum2] UInt8.t'int (let (a, _) = result in a) + = EuclideanDivision.mod (UInt8.t'int self * UInt8.t'int rhs) (Power.power 2 (UInt32.t'int (v_BITS'0 : UInt32.t))) + + UInt8.t'int (v_MIN'0 : UInt8.t)} + {[%#snum3] UInt8.t'int self * UInt8.t'int rhs >= UInt8.t'int (v_MIN'0 : UInt8.t) + /\ UInt8.t'int self * UInt8.t'int rhs <= UInt8.t'int (v_MAX'0 : UInt8.t) + -> UInt8.t'int (let (a, _) = result in a) = UInt8.t'int self * UInt8.t'int rhs} + {[%#snum4] UInt8.t'int self * UInt8.t'int rhs < UInt8.t'int (v_MIN'0 : UInt8.t) -> (exists k : int . k > 0 - /\ UInt8.to_uint (let (a, _) = result in a) - = UInt8.to_uint self * UInt8.to_uint rhs - + k * (UInt8.to_uint (v_MAX'0 : UInt8.t) - UInt8.to_uint (v_MIN'0 : UInt8.t) + 1))} - {[%#snum5] UInt8.to_uint self * UInt8.to_uint rhs > UInt8.to_uint (v_MAX'0 : UInt8.t) + /\ UInt8.t'int (let (a, _) = result in a) + = UInt8.t'int self * UInt8.t'int rhs + + k * (UInt8.t'int (v_MAX'0 : UInt8.t) - UInt8.t'int (v_MIN'0 : UInt8.t) + 1))} + {[%#snum5] UInt8.t'int self * UInt8.t'int rhs > UInt8.t'int (v_MAX'0 : UInt8.t) -> (exists k : int . k > 0 - /\ UInt8.to_uint (let (a, _) = result in a) - = UInt8.to_uint self * UInt8.to_uint rhs - - k * (UInt8.to_uint (v_MAX'0 : UInt8.t) - UInt8.to_uint (v_MIN'0 : UInt8.t) + 1))} + /\ UInt8.t'int (let (a, _) = result in a) + = UInt8.t'int self * UInt8.t'int rhs + - k * (UInt8.t'int (v_MAX'0 : UInt8.t) - UInt8.t'int (v_MIN'0 : UInt8.t) + 1))} {[%#snum6] (let (_, a) = result in a) - = (UInt8.to_uint self * UInt8.to_uint rhs < UInt8.to_uint (v_MIN'0 : UInt8.t) - \/ UInt8.to_uint self * UInt8.to_uint rhs > UInt8.to_uint (v_MAX'0 : UInt8.t))} + = (UInt8.t'int self * UInt8.t'int rhs < UInt8.t'int (v_MIN'0 : UInt8.t) + \/ UInt8.t'int self * UInt8.t'int rhs > UInt8.t'int (v_MAX'0 : UInt8.t))} (! return' {result}) ] let rec wrapping_mul'0 (self:UInt8.t) (rhs:UInt8.t) (return' (ret:UInt8.t))= any - [ return' (result:UInt8.t)-> {[%#snum7] UInt8.to_uint result - = EuclideanDivision.mod (UInt8.to_uint self - * UInt8.to_uint rhs) (Power.power 2 (UInt32.to_uint (v_BITS'0 : UInt32.t))) - + UInt8.to_uint (v_MIN'0 : UInt8.t)} - {[%#snum8] UInt8.to_uint self * UInt8.to_uint rhs >= UInt8.to_uint (v_MIN'0 : UInt8.t) - /\ UInt8.to_uint self * UInt8.to_uint rhs <= UInt8.to_uint (v_MAX'0 : UInt8.t) - -> UInt8.to_uint result = UInt8.to_uint self * UInt8.to_uint rhs} - {[%#snum9] UInt8.to_uint self * UInt8.to_uint rhs < UInt8.to_uint (v_MIN'0 : UInt8.t) + [ return' (result:UInt8.t)-> {[%#snum7] UInt8.t'int result + = EuclideanDivision.mod (UInt8.t'int self * UInt8.t'int rhs) (Power.power 2 (UInt32.t'int (v_BITS'0 : UInt32.t))) + + UInt8.t'int (v_MIN'0 : UInt8.t)} + {[%#snum8] UInt8.t'int self * UInt8.t'int rhs >= UInt8.t'int (v_MIN'0 : UInt8.t) + /\ UInt8.t'int self * UInt8.t'int rhs <= UInt8.t'int (v_MAX'0 : UInt8.t) + -> UInt8.t'int result = UInt8.t'int self * UInt8.t'int rhs} + {[%#snum9] UInt8.t'int self * UInt8.t'int rhs < UInt8.t'int (v_MIN'0 : UInt8.t) -> (exists k : int . k > 0 - /\ UInt8.to_uint result - = UInt8.to_uint self * UInt8.to_uint rhs - + k * (UInt8.to_uint (v_MAX'0 : UInt8.t) - UInt8.to_uint (v_MIN'0 : UInt8.t) + 1))} - {[%#snum10] UInt8.to_uint self * UInt8.to_uint rhs > UInt8.to_uint (v_MAX'0 : UInt8.t) + /\ UInt8.t'int result + = UInt8.t'int self * UInt8.t'int rhs + + k * (UInt8.t'int (v_MAX'0 : UInt8.t) - UInt8.t'int (v_MIN'0 : UInt8.t) + 1))} + {[%#snum10] UInt8.t'int self * UInt8.t'int rhs > UInt8.t'int (v_MAX'0 : UInt8.t) -> (exists k : int . k > 0 - /\ UInt8.to_uint result - = UInt8.to_uint self * UInt8.to_uint rhs - - k * (UInt8.to_uint (v_MAX'0 : UInt8.t) - UInt8.to_uint (v_MIN'0 : UInt8.t) + 1))} + /\ UInt8.t'int result + = UInt8.t'int self * UInt8.t'int rhs + - k * (UInt8.t'int (v_MAX'0 : UInt8.t) - UInt8.t'int (v_MIN'0 : UInt8.t) + 1))} (! return' {result}) ] @@ -1933,9 +1913,9 @@ module M_checked_ops__test_u8_overflowing_mul [#"checked_ops.rs" 111 0 111 44] let rec checked_mul'0 (self:UInt8.t) (rhs:UInt8.t) (return' (ret:t_Option'0))= any [ return' (result:t_Option'0)-> {[%#snum11] (result = C_None'0) - = (UInt8.to_uint self * UInt8.to_uint rhs < UInt8.to_uint (v_MIN'0 : UInt8.t) - \/ UInt8.to_uint self * UInt8.to_uint rhs > UInt8.to_uint (v_MAX'0 : UInt8.t))} - {[%#snum12] forall r : UInt8.t . result = C_Some'0 r -> UInt8.to_uint r = UInt8.to_uint self * UInt8.to_uint rhs} + = (UInt8.t'int self * UInt8.t'int rhs < UInt8.t'int (v_MIN'0 : UInt8.t) + \/ UInt8.t'int self * UInt8.t'int rhs > UInt8.t'int (v_MAX'0 : UInt8.t))} + {[%#snum12] forall r : UInt8.t . result = C_Some'0 r -> UInt8.t'int r = UInt8.t'int self * UInt8.t'int rhs} (! return' {result}) ] @@ -2005,20 +1985,20 @@ module M_checked_ops__test_u8_div_example [#"checked_ops.rs" 117 0 117 28] let%span schecked_ops17 = "checked_ops.rs" 120 4 120 37 let%span schecked_ops18 = "checked_ops.rs" 119 4 119 45 let%span schecked_ops19 = "checked_ops.rs" 118 4 118 41 - let%span snum20 = "../../../creusot-contracts/src/std/num.rs" 109 26 109 97 - let%span snum21 = "../../../creusot-contracts/src/std/num.rs" 111 26 111 83 + let%span snum20 = "../../../creusot-contracts/src/std/num.rs" 112 26 112 97 + let%span snum21 = "../../../creusot-contracts/src/std/num.rs" 114 26 114 83 let%span soption22 = "../../../creusot-contracts/src/std/option.rs" 51 26 51 51 let%span soption23 = "../../../creusot-contracts/src/std/option.rs" 31 0 423 1 - let%span snum24 = "../../../creusot-contracts/src/std/num.rs" 117 27 117 36 - let%span snum25 = "../../../creusot-contracts/src/std/num.rs" 119 26 119 83 - let%span snum26 = "../../../creusot-contracts/src/std/num.rs" 121 26 121 89 - let%span snum27 = "../../../creusot-contracts/src/std/num.rs" 127 27 127 36 - let%span snum28 = "../../../creusot-contracts/src/std/num.rs" 129 26 129 89 - let%span snum29 = "../../../creusot-contracts/src/std/num.rs" 131 26 131 89 - let%span snum30 = "../../../creusot-contracts/src/std/num.rs" 137 27 137 36 - let%span snum31 = "../../../creusot-contracts/src/std/num.rs" 139 26 139 85 - let%span snum32 = "../../../creusot-contracts/src/std/num.rs" 141 26 141 91 - let%span snum33 = "../../../creusot-contracts/src/std/num.rs" 143 26 143 74 + let%span snum24 = "../../../creusot-contracts/src/std/num.rs" 120 27 120 36 + let%span snum25 = "../../../creusot-contracts/src/std/num.rs" 122 26 122 83 + let%span snum26 = "../../../creusot-contracts/src/std/num.rs" 124 26 124 89 + let%span snum27 = "../../../creusot-contracts/src/std/num.rs" 130 27 130 36 + let%span snum28 = "../../../creusot-contracts/src/std/num.rs" 132 26 132 89 + let%span snum29 = "../../../creusot-contracts/src/std/num.rs" 134 26 134 89 + let%span snum30 = "../../../creusot-contracts/src/std/num.rs" 140 27 140 36 + let%span snum31 = "../../../creusot-contracts/src/std/num.rs" 142 26 142 85 + let%span snum32 = "../../../creusot-contracts/src/std/num.rs" 144 26 144 91 + let%span snum33 = "../../../creusot-contracts/src/std/num.rs" 146 26 146 74 use prelude.prelude.Int @@ -2034,9 +2014,8 @@ module M_checked_ops__test_u8_div_example [#"checked_ops.rs" 117 0 117 28] let rec checked_div'0 (self:UInt8.t) (rhs:UInt8.t) (return' (ret:t_Option'0))= any [ return' (result:t_Option'0)-> {[%#snum20] (result = C_None'0) - = (UInt8.to_uint rhs = 0 \/ UInt8.to_uint self = UInt8.to_uint (v_MIN'0 : UInt8.t) /\ UInt8.to_uint rhs = - 1)} - {[%#snum21] forall r : UInt8.t . result = C_Some'0 r - -> UInt8.to_uint r = div (UInt8.to_uint self) (UInt8.to_uint rhs)} + = (UInt8.t'int rhs = 0 \/ UInt8.t'int self = UInt8.t'int (v_MIN'0 : UInt8.t) /\ UInt8.t'int rhs = - 1)} + {[%#snum21] forall r : UInt8.t . result = C_Some'0 r -> UInt8.t'int r = div (UInt8.t'int self) (UInt8.t'int rhs)} (! return' {result}) ] @@ -2061,35 +2040,35 @@ module M_checked_ops__test_u8_div_example [#"checked_ops.rs" 117 0 117 28] {[@expl:unwrap requires] [%#soption23] self <> C_None'0} any [ return' (result:UInt8.t)-> {inv'2 result} {[%#soption23] C_Some'0 result = self} (! return' {result}) ] - let rec wrapping_div'0 (self:UInt8.t) (rhs:UInt8.t) (return' (ret:UInt8.t))= {[@expl:wrapping_div requires] [%#snum24] UInt8.to_uint rhs + let rec wrapping_div'0 (self:UInt8.t) (rhs:UInt8.t) (return' (ret:UInt8.t))= {[@expl:wrapping_div requires] [%#snum24] UInt8.t'int rhs <> 0} any - [ return' (result:UInt8.t)-> {[%#snum25] UInt8.to_uint self = UInt8.to_uint (v_MIN'0 : UInt8.t) - /\ UInt8.to_uint rhs = - 1 -> UInt8.to_uint result = UInt8.to_uint self} - {[%#snum26] UInt8.to_uint self = UInt8.to_uint (v_MIN'0 : UInt8.t) /\ UInt8.to_uint rhs = - 1 - \/ UInt8.to_uint result = div (UInt8.to_uint self) (UInt8.to_uint rhs)} + [ return' (result:UInt8.t)-> {[%#snum25] UInt8.t'int self = UInt8.t'int (v_MIN'0 : UInt8.t) /\ UInt8.t'int rhs = - 1 + -> UInt8.t'int result = UInt8.t'int self} + {[%#snum26] UInt8.t'int self = UInt8.t'int (v_MIN'0 : UInt8.t) /\ UInt8.t'int rhs = - 1 + \/ UInt8.t'int result = div (UInt8.t'int self) (UInt8.t'int rhs)} (! return' {result}) ] - let rec saturating_div'0 (self:UInt8.t) (rhs:UInt8.t) (return' (ret:UInt8.t))= {[@expl:saturating_div requires] [%#snum27] UInt8.to_uint rhs + let rec saturating_div'0 (self:UInt8.t) (rhs:UInt8.t) (return' (ret:UInt8.t))= {[@expl:saturating_div requires] [%#snum27] UInt8.t'int rhs <> 0} any - [ return' (result:UInt8.t)-> {[%#snum28] UInt8.to_uint self = UInt8.to_uint (v_MIN'0 : UInt8.t) - /\ UInt8.to_uint rhs = - 1 -> UInt8.to_uint result = UInt8.to_uint (v_MIN'0 : UInt8.t)} - {[%#snum29] UInt8.to_uint self = UInt8.to_uint (v_MIN'0 : UInt8.t) /\ UInt8.to_uint rhs = - 1 - \/ UInt8.to_uint result = div (UInt8.to_uint self) (UInt8.to_uint rhs)} + [ return' (result:UInt8.t)-> {[%#snum28] UInt8.t'int self = UInt8.t'int (v_MIN'0 : UInt8.t) /\ UInt8.t'int rhs = - 1 + -> UInt8.t'int result = UInt8.t'int (v_MIN'0 : UInt8.t)} + {[%#snum29] UInt8.t'int self = UInt8.t'int (v_MIN'0 : UInt8.t) /\ UInt8.t'int rhs = - 1 + \/ UInt8.t'int result = div (UInt8.t'int self) (UInt8.t'int rhs)} (! return' {result}) ] - let rec overflowing_div'0 (self:UInt8.t) (rhs:UInt8.t) (return' (ret:(UInt8.t, bool)))= {[@expl:overflowing_div requires] [%#snum30] UInt8.to_uint rhs + let rec overflowing_div'0 (self:UInt8.t) (rhs:UInt8.t) (return' (ret:(UInt8.t, bool)))= {[@expl:overflowing_div requires] [%#snum30] UInt8.t'int rhs <> 0} any - [ return' (result:(UInt8.t, bool))-> {[%#snum31] UInt8.to_uint self = UInt8.to_uint (v_MIN'0 : UInt8.t) - /\ UInt8.to_uint rhs = - 1 -> UInt8.to_uint (let (a, _) = result in a) = UInt8.to_uint self} - {[%#snum32] UInt8.to_uint self = UInt8.to_uint (v_MIN'0 : UInt8.t) /\ UInt8.to_uint rhs = - 1 - \/ UInt8.to_uint (let (a, _) = result in a) = div (UInt8.to_uint self) (UInt8.to_uint rhs)} + [ return' (result:(UInt8.t, bool))-> {[%#snum31] UInt8.t'int self = UInt8.t'int (v_MIN'0 : UInt8.t) + /\ UInt8.t'int rhs = - 1 -> UInt8.t'int (let (a, _) = result in a) = UInt8.t'int self} + {[%#snum32] UInt8.t'int self = UInt8.t'int (v_MIN'0 : UInt8.t) /\ UInt8.t'int rhs = - 1 + \/ UInt8.t'int (let (a, _) = result in a) = div (UInt8.t'int self) (UInt8.t'int rhs)} {[%#snum33] (let (_, a) = result in a) - = (UInt8.to_uint self = UInt8.to_uint (v_MIN'0 : UInt8.t) /\ UInt8.to_uint rhs = - 1)} + = (UInt8.t'int self = UInt8.t'int (v_MIN'0 : UInt8.t) /\ UInt8.t'int rhs = - 1)} (! return' {result}) ] @@ -2184,19 +2163,19 @@ module M_checked_ops__test_u8_div_no_overflow [#"checked_ops.rs" 128 0 128 44] let%span schecked_ops7 = "checked_ops.rs" 130 4 130 39 let%span schecked_ops8 = "checked_ops.rs" 129 4 129 47 let%span schecked_ops9 = "checked_ops.rs" 127 11 127 18 - let%span snum10 = "../../../creusot-contracts/src/std/num.rs" 109 26 109 97 - let%span snum11 = "../../../creusot-contracts/src/std/num.rs" 111 26 111 83 + let%span snum10 = "../../../creusot-contracts/src/std/num.rs" 112 26 112 97 + let%span snum11 = "../../../creusot-contracts/src/std/num.rs" 114 26 114 83 let%span soption12 = "../../../creusot-contracts/src/std/option.rs" 31 0 423 1 - let%span snum13 = "../../../creusot-contracts/src/std/num.rs" 117 27 117 36 - let%span snum14 = "../../../creusot-contracts/src/std/num.rs" 119 26 119 83 - let%span snum15 = "../../../creusot-contracts/src/std/num.rs" 121 26 121 89 - let%span snum16 = "../../../creusot-contracts/src/std/num.rs" 127 27 127 36 - let%span snum17 = "../../../creusot-contracts/src/std/num.rs" 129 26 129 89 - let%span snum18 = "../../../creusot-contracts/src/std/num.rs" 131 26 131 89 - let%span snum19 = "../../../creusot-contracts/src/std/num.rs" 137 27 137 36 - let%span snum20 = "../../../creusot-contracts/src/std/num.rs" 139 26 139 85 - let%span snum21 = "../../../creusot-contracts/src/std/num.rs" 141 26 141 91 - let%span snum22 = "../../../creusot-contracts/src/std/num.rs" 143 26 143 74 + let%span snum13 = "../../../creusot-contracts/src/std/num.rs" 120 27 120 36 + let%span snum14 = "../../../creusot-contracts/src/std/num.rs" 122 26 122 83 + let%span snum15 = "../../../creusot-contracts/src/std/num.rs" 124 26 124 89 + let%span snum16 = "../../../creusot-contracts/src/std/num.rs" 130 27 130 36 + let%span snum17 = "../../../creusot-contracts/src/std/num.rs" 132 26 132 89 + let%span snum18 = "../../../creusot-contracts/src/std/num.rs" 134 26 134 89 + let%span snum19 = "../../../creusot-contracts/src/std/num.rs" 140 27 140 36 + let%span snum20 = "../../../creusot-contracts/src/std/num.rs" 142 26 142 85 + let%span snum21 = "../../../creusot-contracts/src/std/num.rs" 144 26 144 91 + let%span snum22 = "../../../creusot-contracts/src/std/num.rs" 146 26 146 74 use prelude.prelude.Int @@ -2212,9 +2191,8 @@ module M_checked_ops__test_u8_div_no_overflow [#"checked_ops.rs" 128 0 128 44] let rec checked_div'0 (self:UInt8.t) (rhs:UInt8.t) (return' (ret:t_Option'0))= any [ return' (result:t_Option'0)-> {[%#snum10] (result = C_None'0) - = (UInt8.to_uint rhs = 0 \/ UInt8.to_uint self = UInt8.to_uint (v_MIN'0 : UInt8.t) /\ UInt8.to_uint rhs = - 1)} - {[%#snum11] forall r : UInt8.t . result = C_Some'0 r - -> UInt8.to_uint r = div (UInt8.to_uint self) (UInt8.to_uint rhs)} + = (UInt8.t'int rhs = 0 \/ UInt8.t'int self = UInt8.t'int (v_MIN'0 : UInt8.t) /\ UInt8.t'int rhs = - 1)} + {[%#snum11] forall r : UInt8.t . result = C_Some'0 r -> UInt8.t'int r = div (UInt8.t'int self) (UInt8.t'int rhs)} (! return' {result}) ] @@ -2230,35 +2208,35 @@ module M_checked_ops__test_u8_div_no_overflow [#"checked_ops.rs" 128 0 128 44] {[@expl:unwrap requires] [%#soption12] self <> C_None'0} any [ return' (result:UInt8.t)-> {inv'1 result} {[%#soption12] C_Some'0 result = self} (! return' {result}) ] - let rec wrapping_div'0 (self:UInt8.t) (rhs:UInt8.t) (return' (ret:UInt8.t))= {[@expl:wrapping_div requires] [%#snum13] UInt8.to_uint rhs + let rec wrapping_div'0 (self:UInt8.t) (rhs:UInt8.t) (return' (ret:UInt8.t))= {[@expl:wrapping_div requires] [%#snum13] UInt8.t'int rhs <> 0} any - [ return' (result:UInt8.t)-> {[%#snum14] UInt8.to_uint self = UInt8.to_uint (v_MIN'0 : UInt8.t) - /\ UInt8.to_uint rhs = - 1 -> UInt8.to_uint result = UInt8.to_uint self} - {[%#snum15] UInt8.to_uint self = UInt8.to_uint (v_MIN'0 : UInt8.t) /\ UInt8.to_uint rhs = - 1 - \/ UInt8.to_uint result = div (UInt8.to_uint self) (UInt8.to_uint rhs)} + [ return' (result:UInt8.t)-> {[%#snum14] UInt8.t'int self = UInt8.t'int (v_MIN'0 : UInt8.t) /\ UInt8.t'int rhs = - 1 + -> UInt8.t'int result = UInt8.t'int self} + {[%#snum15] UInt8.t'int self = UInt8.t'int (v_MIN'0 : UInt8.t) /\ UInt8.t'int rhs = - 1 + \/ UInt8.t'int result = div (UInt8.t'int self) (UInt8.t'int rhs)} (! return' {result}) ] - let rec saturating_div'0 (self:UInt8.t) (rhs:UInt8.t) (return' (ret:UInt8.t))= {[@expl:saturating_div requires] [%#snum16] UInt8.to_uint rhs + let rec saturating_div'0 (self:UInt8.t) (rhs:UInt8.t) (return' (ret:UInt8.t))= {[@expl:saturating_div requires] [%#snum16] UInt8.t'int rhs <> 0} any - [ return' (result:UInt8.t)-> {[%#snum17] UInt8.to_uint self = UInt8.to_uint (v_MIN'0 : UInt8.t) - /\ UInt8.to_uint rhs = - 1 -> UInt8.to_uint result = UInt8.to_uint (v_MIN'0 : UInt8.t)} - {[%#snum18] UInt8.to_uint self = UInt8.to_uint (v_MIN'0 : UInt8.t) /\ UInt8.to_uint rhs = - 1 - \/ UInt8.to_uint result = div (UInt8.to_uint self) (UInt8.to_uint rhs)} + [ return' (result:UInt8.t)-> {[%#snum17] UInt8.t'int self = UInt8.t'int (v_MIN'0 : UInt8.t) /\ UInt8.t'int rhs = - 1 + -> UInt8.t'int result = UInt8.t'int (v_MIN'0 : UInt8.t)} + {[%#snum18] UInt8.t'int self = UInt8.t'int (v_MIN'0 : UInt8.t) /\ UInt8.t'int rhs = - 1 + \/ UInt8.t'int result = div (UInt8.t'int self) (UInt8.t'int rhs)} (! return' {result}) ] - let rec overflowing_div'0 (self:UInt8.t) (rhs:UInt8.t) (return' (ret:(UInt8.t, bool)))= {[@expl:overflowing_div requires] [%#snum19] UInt8.to_uint rhs + let rec overflowing_div'0 (self:UInt8.t) (rhs:UInt8.t) (return' (ret:(UInt8.t, bool)))= {[@expl:overflowing_div requires] [%#snum19] UInt8.t'int rhs <> 0} any - [ return' (result:(UInt8.t, bool))-> {[%#snum20] UInt8.to_uint self = UInt8.to_uint (v_MIN'0 : UInt8.t) - /\ UInt8.to_uint rhs = - 1 -> UInt8.to_uint (let (a, _) = result in a) = UInt8.to_uint self} - {[%#snum21] UInt8.to_uint self = UInt8.to_uint (v_MIN'0 : UInt8.t) /\ UInt8.to_uint rhs = - 1 - \/ UInt8.to_uint (let (a, _) = result in a) = div (UInt8.to_uint self) (UInt8.to_uint rhs)} + [ return' (result:(UInt8.t, bool))-> {[%#snum20] UInt8.t'int self = UInt8.t'int (v_MIN'0 : UInt8.t) + /\ UInt8.t'int rhs = - 1 -> UInt8.t'int (let (a, _) = result in a) = UInt8.t'int self} + {[%#snum21] UInt8.t'int self = UInt8.t'int (v_MIN'0 : UInt8.t) /\ UInt8.t'int rhs = - 1 + \/ UInt8.t'int (let (a, _) = result in a) = div (UInt8.t'int self) (UInt8.t'int rhs)} {[%#snum22] (let (_, a) = result in a) - = (UInt8.to_uint self = UInt8.to_uint (v_MIN'0 : UInt8.t) /\ UInt8.to_uint rhs = - 1)} + = (UInt8.t'int self = UInt8.t'int (v_MIN'0 : UInt8.t) /\ UInt8.t'int rhs = - 1)} (! return' {result}) ] @@ -2268,7 +2246,7 @@ module M_checked_ops__test_u8_div_no_overflow [#"checked_ops.rs" 128 0 128 44] meta "compute_max_steps" 1000000 - let rec test_u8_div_no_overflow'0 (a:UInt8.t) (b:UInt8.t) (return' (ret:()))= {[@expl:test_u8_div_no_overflow requires] [%#schecked_ops9] UInt8.to_uint b + let rec test_u8_div_no_overflow'0 (a:UInt8.t) (b:UInt8.t) (return' (ret:()))= {[@expl:test_u8_div_no_overflow requires] [%#schecked_ops9] UInt8.t'int b <> 0} (! bb0 [ bb0 = s0 [ s0 = checked_div'0 {a} {b} (fun (_ret':t_Option'0) -> [ &_7 <- _ret' ] s1) | s1 = bb1 ] @@ -2362,8 +2340,8 @@ end module M_checked_ops__test_u8_div_zero [#"checked_ops.rs" 137 0 137 30] let%span schecked_ops0 = "checked_ops.rs" 138 26 138 27 let%span schecked_ops1 = "checked_ops.rs" 138 4 138 39 - let%span snum2 = "../../../creusot-contracts/src/std/num.rs" 109 26 109 97 - let%span snum3 = "../../../creusot-contracts/src/std/num.rs" 111 26 111 83 + let%span snum2 = "../../../creusot-contracts/src/std/num.rs" 112 26 112 97 + let%span snum3 = "../../../creusot-contracts/src/std/num.rs" 114 26 114 83 let%span soption4 = "../../../creusot-contracts/src/std/option.rs" 51 26 51 51 use prelude.prelude.Int @@ -2380,9 +2358,8 @@ module M_checked_ops__test_u8_div_zero [#"checked_ops.rs" 137 0 137 30] let rec checked_div'0 (self:UInt8.t) (rhs:UInt8.t) (return' (ret:t_Option'0))= any [ return' (result:t_Option'0)-> {[%#snum2] (result = C_None'0) - = (UInt8.to_uint rhs = 0 \/ UInt8.to_uint self = UInt8.to_uint (v_MIN'0 : UInt8.t) /\ UInt8.to_uint rhs = - 1)} - {[%#snum3] forall r : UInt8.t . result = C_Some'0 r - -> UInt8.to_uint r = div (UInt8.to_uint self) (UInt8.to_uint rhs)} + = (UInt8.t'int rhs = 0 \/ UInt8.t'int self = UInt8.t'int (v_MIN'0 : UInt8.t) /\ UInt8.t'int rhs = - 1)} + {[%#snum3] forall r : UInt8.t . result = C_Some'0 r -> UInt8.t'int r = div (UInt8.t'int self) (UInt8.t'int rhs)} (! return' {result}) ] @@ -2462,22 +2439,22 @@ module M_checked_ops__test_i8_add_example [#"checked_ops.rs" 142 0 142 28] let%span schecked_ops46 = "checked_ops.rs" 145 4 145 48 let%span schecked_ops47 = "checked_ops.rs" 144 4 144 44 let%span schecked_ops48 = "checked_ops.rs" 143 4 143 47 - let%span snum49 = "../../../creusot-contracts/src/std/num.rs" 171 20 172 89 - let%span snum50 = "../../../creusot-contracts/src/std/num.rs" 175 26 175 87 + let%span snum49 = "../../../creusot-contracts/src/std/num.rs" 174 20 175 89 + let%span snum50 = "../../../creusot-contracts/src/std/num.rs" 178 26 178 87 let%span soption51 = "../../../creusot-contracts/src/std/option.rs" 31 0 423 1 let%span soption52 = "../../../creusot-contracts/src/std/option.rs" 51 26 51 51 - let%span snum53 = "../../../creusot-contracts/src/std/num.rs" 183 20 183 93 - let%span snum54 = "../../../creusot-contracts/src/std/num.rs" 187 20 188 51 - let%span snum55 = "../../../creusot-contracts/src/std/num.rs" 194 20 196 92 - let%span snum56 = "../../../creusot-contracts/src/std/num.rs" 199 20 201 92 - let%span snum57 = "../../../creusot-contracts/src/std/num.rs" 211 20 212 51 - let%span snum58 = "../../../creusot-contracts/src/std/num.rs" 215 26 215 83 - let%span snum59 = "../../../creusot-contracts/src/std/num.rs" 216 26 216 83 - let%span snum60 = "../../../creusot-contracts/src/std/num.rs" 225 20 225 95 - let%span snum61 = "../../../creusot-contracts/src/std/num.rs" 229 20 230 53 - let%span snum62 = "../../../creusot-contracts/src/std/num.rs" 236 20 238 94 - let%span snum63 = "../../../creusot-contracts/src/std/num.rs" 241 20 243 94 - let%span snum64 = "../../../creusot-contracts/src/std/num.rs" 247 20 247 98 + let%span snum53 = "../../../creusot-contracts/src/std/num.rs" 186 20 186 93 + let%span snum54 = "../../../creusot-contracts/src/std/num.rs" 190 20 191 51 + let%span snum55 = "../../../creusot-contracts/src/std/num.rs" 197 20 199 92 + let%span snum56 = "../../../creusot-contracts/src/std/num.rs" 202 20 204 92 + let%span snum57 = "../../../creusot-contracts/src/std/num.rs" 214 20 215 51 + let%span snum58 = "../../../creusot-contracts/src/std/num.rs" 218 26 218 83 + let%span snum59 = "../../../creusot-contracts/src/std/num.rs" 219 26 219 83 + let%span snum60 = "../../../creusot-contracts/src/std/num.rs" 228 20 228 95 + let%span snum61 = "../../../creusot-contracts/src/std/num.rs" 232 20 233 53 + let%span snum62 = "../../../creusot-contracts/src/std/num.rs" 239 20 241 94 + let%span snum63 = "../../../creusot-contracts/src/std/num.rs" 244 20 246 94 + let%span snum64 = "../../../creusot-contracts/src/std/num.rs" 250 20 250 98 use prelude.prelude.Int @@ -2534,8 +2511,7 @@ module M_checked_ops__test_i8_add_example [#"checked_ops.rs" 142 0 142 28] let rec wrapping_add'0 (self:Int8.t) (rhs:Int8.t) (return' (ret:Int8.t))= any [ return' (result:Int8.t)-> {[%#snum53] Int8.to_int result - = EuclideanDivision.mod (Int8.to_int self - + Int8.to_int rhs) (Power.power 2 (UInt32.to_uint (v_BITS'0 : UInt32.t))) + = EuclideanDivision.mod (Int8.to_int self + Int8.to_int rhs) (Power.power 2 (UInt32.t'int (v_BITS'0 : UInt32.t))) + Int8.to_int (v_MIN'0 : Int8.t)} {[%#snum54] Int8.to_int self + Int8.to_int rhs >= Int8.to_int (v_MIN'0 : Int8.t) /\ Int8.to_int self + Int8.to_int rhs <= Int8.to_int (v_MAX'0 : Int8.t) @@ -2564,8 +2540,7 @@ module M_checked_ops__test_i8_add_example [#"checked_ops.rs" 142 0 142 28] let rec overflowing_add'0 (self:Int8.t) (rhs:Int8.t) (return' (ret:(Int8.t, bool)))= any [ return' (result:(Int8.t, bool))-> {[%#snum60] Int8.to_int (let (a, _) = result in a) - = EuclideanDivision.mod (Int8.to_int self - + Int8.to_int rhs) (Power.power 2 (UInt32.to_uint (v_BITS'0 : UInt32.t))) + = EuclideanDivision.mod (Int8.to_int self + Int8.to_int rhs) (Power.power 2 (UInt32.t'int (v_BITS'0 : UInt32.t))) + Int8.to_int (v_MIN'0 : Int8.t)} {[%#snum61] Int8.to_int self + Int8.to_int rhs >= Int8.to_int (v_MIN'0 : Int8.t) /\ Int8.to_int self + Int8.to_int rhs <= Int8.to_int (v_MAX'0 : Int8.t) @@ -2778,21 +2753,21 @@ module M_checked_ops__test_i8_add_overflow_pos [#"checked_ops.rs" 165 0 165 38] let%span schecked_ops12 = "checked_ops.rs" 167 4 167 49 let%span schecked_ops13 = "checked_ops.rs" 166 4 166 43 let%span schecked_ops14 = "checked_ops.rs" 164 11 164 17 - let%span snum15 = "../../../creusot-contracts/src/std/num.rs" 171 20 172 89 - let%span snum16 = "../../../creusot-contracts/src/std/num.rs" 175 26 175 87 + let%span snum15 = "../../../creusot-contracts/src/std/num.rs" 174 20 175 89 + let%span snum16 = "../../../creusot-contracts/src/std/num.rs" 178 26 178 87 let%span soption17 = "../../../creusot-contracts/src/std/option.rs" 51 26 51 51 - let%span snum18 = "../../../creusot-contracts/src/std/num.rs" 183 20 183 93 - let%span snum19 = "../../../creusot-contracts/src/std/num.rs" 187 20 188 51 - let%span snum20 = "../../../creusot-contracts/src/std/num.rs" 194 20 196 92 - let%span snum21 = "../../../creusot-contracts/src/std/num.rs" 199 20 201 92 - let%span snum22 = "../../../creusot-contracts/src/std/num.rs" 211 20 212 51 - let%span snum23 = "../../../creusot-contracts/src/std/num.rs" 215 26 215 83 - let%span snum24 = "../../../creusot-contracts/src/std/num.rs" 216 26 216 83 - let%span snum25 = "../../../creusot-contracts/src/std/num.rs" 225 20 225 95 - let%span snum26 = "../../../creusot-contracts/src/std/num.rs" 229 20 230 53 - let%span snum27 = "../../../creusot-contracts/src/std/num.rs" 236 20 238 94 - let%span snum28 = "../../../creusot-contracts/src/std/num.rs" 241 20 243 94 - let%span snum29 = "../../../creusot-contracts/src/std/num.rs" 247 20 247 98 + let%span snum18 = "../../../creusot-contracts/src/std/num.rs" 186 20 186 93 + let%span snum19 = "../../../creusot-contracts/src/std/num.rs" 190 20 191 51 + let%span snum20 = "../../../creusot-contracts/src/std/num.rs" 197 20 199 92 + let%span snum21 = "../../../creusot-contracts/src/std/num.rs" 202 20 204 92 + let%span snum22 = "../../../creusot-contracts/src/std/num.rs" 214 20 215 51 + let%span snum23 = "../../../creusot-contracts/src/std/num.rs" 218 26 218 83 + let%span snum24 = "../../../creusot-contracts/src/std/num.rs" 219 26 219 83 + let%span snum25 = "../../../creusot-contracts/src/std/num.rs" 228 20 228 95 + let%span snum26 = "../../../creusot-contracts/src/std/num.rs" 232 20 233 53 + let%span snum27 = "../../../creusot-contracts/src/std/num.rs" 239 20 241 94 + let%span snum28 = "../../../creusot-contracts/src/std/num.rs" 244 20 246 94 + let%span snum29 = "../../../creusot-contracts/src/std/num.rs" 250 20 250 98 use prelude.prelude.Int @@ -2837,8 +2812,7 @@ module M_checked_ops__test_i8_add_overflow_pos [#"checked_ops.rs" 165 0 165 38] let rec wrapping_add'0 (self:Int8.t) (rhs:Int8.t) (return' (ret:Int8.t))= any [ return' (result:Int8.t)-> {[%#snum18] Int8.to_int result - = EuclideanDivision.mod (Int8.to_int self - + Int8.to_int rhs) (Power.power 2 (UInt32.to_uint (v_BITS'0 : UInt32.t))) + = EuclideanDivision.mod (Int8.to_int self + Int8.to_int rhs) (Power.power 2 (UInt32.t'int (v_BITS'0 : UInt32.t))) + Int8.to_int (v_MIN'0 : Int8.t)} {[%#snum19] Int8.to_int self + Int8.to_int rhs >= Int8.to_int (v_MIN'0 : Int8.t) /\ Int8.to_int self + Int8.to_int rhs <= Int8.to_int (v_MAX'0 : Int8.t) @@ -2867,8 +2841,7 @@ module M_checked_ops__test_i8_add_overflow_pos [#"checked_ops.rs" 165 0 165 38] let rec overflowing_add'0 (self:Int8.t) (rhs:Int8.t) (return' (ret:(Int8.t, bool)))= any [ return' (result:(Int8.t, bool))-> {[%#snum25] Int8.to_int (let (a, _) = result in a) - = EuclideanDivision.mod (Int8.to_int self - + Int8.to_int rhs) (Power.power 2 (UInt32.to_uint (v_BITS'0 : UInt32.t))) + = EuclideanDivision.mod (Int8.to_int self + Int8.to_int rhs) (Power.power 2 (UInt32.t'int (v_BITS'0 : UInt32.t))) + Int8.to_int (v_MIN'0 : Int8.t)} {[%#snum26] Int8.to_int self + Int8.to_int rhs >= Int8.to_int (v_MIN'0 : Int8.t) /\ Int8.to_int self + Int8.to_int rhs <= Int8.to_int (v_MAX'0 : Int8.t) @@ -2976,21 +2949,21 @@ module M_checked_ops__test_i8_add_overflow_neg [#"checked_ops.rs" 175 0 175 38] let%span schecked_ops12 = "checked_ops.rs" 177 4 177 52 let%span schecked_ops13 = "checked_ops.rs" 176 4 176 46 let%span schecked_ops14 = "checked_ops.rs" 174 11 174 17 - let%span snum15 = "../../../creusot-contracts/src/std/num.rs" 171 20 172 89 - let%span snum16 = "../../../creusot-contracts/src/std/num.rs" 175 26 175 87 + let%span snum15 = "../../../creusot-contracts/src/std/num.rs" 174 20 175 89 + let%span snum16 = "../../../creusot-contracts/src/std/num.rs" 178 26 178 87 let%span soption17 = "../../../creusot-contracts/src/std/option.rs" 51 26 51 51 - let%span snum18 = "../../../creusot-contracts/src/std/num.rs" 183 20 183 93 - let%span snum19 = "../../../creusot-contracts/src/std/num.rs" 187 20 188 51 - let%span snum20 = "../../../creusot-contracts/src/std/num.rs" 194 20 196 92 - let%span snum21 = "../../../creusot-contracts/src/std/num.rs" 199 20 201 92 - let%span snum22 = "../../../creusot-contracts/src/std/num.rs" 211 20 212 51 - let%span snum23 = "../../../creusot-contracts/src/std/num.rs" 215 26 215 83 - let%span snum24 = "../../../creusot-contracts/src/std/num.rs" 216 26 216 83 - let%span snum25 = "../../../creusot-contracts/src/std/num.rs" 225 20 225 95 - let%span snum26 = "../../../creusot-contracts/src/std/num.rs" 229 20 230 53 - let%span snum27 = "../../../creusot-contracts/src/std/num.rs" 236 20 238 94 - let%span snum28 = "../../../creusot-contracts/src/std/num.rs" 241 20 243 94 - let%span snum29 = "../../../creusot-contracts/src/std/num.rs" 247 20 247 98 + let%span snum18 = "../../../creusot-contracts/src/std/num.rs" 186 20 186 93 + let%span snum19 = "../../../creusot-contracts/src/std/num.rs" 190 20 191 51 + let%span snum20 = "../../../creusot-contracts/src/std/num.rs" 197 20 199 92 + let%span snum21 = "../../../creusot-contracts/src/std/num.rs" 202 20 204 92 + let%span snum22 = "../../../creusot-contracts/src/std/num.rs" 214 20 215 51 + let%span snum23 = "../../../creusot-contracts/src/std/num.rs" 218 26 218 83 + let%span snum24 = "../../../creusot-contracts/src/std/num.rs" 219 26 219 83 + let%span snum25 = "../../../creusot-contracts/src/std/num.rs" 228 20 228 95 + let%span snum26 = "../../../creusot-contracts/src/std/num.rs" 232 20 233 53 + let%span snum27 = "../../../creusot-contracts/src/std/num.rs" 239 20 241 94 + let%span snum28 = "../../../creusot-contracts/src/std/num.rs" 244 20 246 94 + let%span snum29 = "../../../creusot-contracts/src/std/num.rs" 250 20 250 98 use prelude.prelude.Int @@ -3035,8 +3008,7 @@ module M_checked_ops__test_i8_add_overflow_neg [#"checked_ops.rs" 175 0 175 38] let rec wrapping_add'0 (self:Int8.t) (rhs:Int8.t) (return' (ret:Int8.t))= any [ return' (result:Int8.t)-> {[%#snum18] Int8.to_int result - = EuclideanDivision.mod (Int8.to_int self - + Int8.to_int rhs) (Power.power 2 (UInt32.to_uint (v_BITS'0 : UInt32.t))) + = EuclideanDivision.mod (Int8.to_int self + Int8.to_int rhs) (Power.power 2 (UInt32.t'int (v_BITS'0 : UInt32.t))) + Int8.to_int (v_MIN'0 : Int8.t)} {[%#snum19] Int8.to_int self + Int8.to_int rhs >= Int8.to_int (v_MIN'0 : Int8.t) /\ Int8.to_int self + Int8.to_int rhs <= Int8.to_int (v_MAX'0 : Int8.t) @@ -3065,8 +3037,7 @@ module M_checked_ops__test_i8_add_overflow_neg [#"checked_ops.rs" 175 0 175 38] let rec overflowing_add'0 (self:Int8.t) (rhs:Int8.t) (return' (ret:(Int8.t, bool)))= any [ return' (result:(Int8.t, bool))-> {[%#snum25] Int8.to_int (let (a, _) = result in a) - = EuclideanDivision.mod (Int8.to_int self - + Int8.to_int rhs) (Power.power 2 (UInt32.to_uint (v_BITS'0 : UInt32.t))) + = EuclideanDivision.mod (Int8.to_int self + Int8.to_int rhs) (Power.power 2 (UInt32.t'int (v_BITS'0 : UInt32.t))) + Int8.to_int (v_MIN'0 : Int8.t)} {[%#snum26] Int8.to_int self + Int8.to_int rhs >= Int8.to_int (v_MIN'0 : Int8.t) /\ Int8.to_int self + Int8.to_int rhs <= Int8.to_int (v_MAX'0 : Int8.t) @@ -3160,10 +3131,10 @@ module M_checked_ops__test_i8_add_overflow_neg [#"checked_ops.rs" 175 0 175 38] end module M_checked_ops__test_i8_wrapping_add [#"checked_ops.rs" 186 0 186 47] let%span schecked_ops0 = "checked_ops.rs" 185 10 185 84 - let%span snum1 = "../../../creusot-contracts/src/std/num.rs" 183 20 183 93 - let%span snum2 = "../../../creusot-contracts/src/std/num.rs" 187 20 188 51 - let%span snum3 = "../../../creusot-contracts/src/std/num.rs" 194 20 196 92 - let%span snum4 = "../../../creusot-contracts/src/std/num.rs" 199 20 201 92 + let%span snum1 = "../../../creusot-contracts/src/std/num.rs" 186 20 186 93 + let%span snum2 = "../../../creusot-contracts/src/std/num.rs" 190 20 191 51 + let%span snum3 = "../../../creusot-contracts/src/std/num.rs" 197 20 199 92 + let%span snum4 = "../../../creusot-contracts/src/std/num.rs" 202 20 204 92 use prelude.prelude.Int8 @@ -3187,8 +3158,7 @@ module M_checked_ops__test_i8_wrapping_add [#"checked_ops.rs" 186 0 186 47] let rec wrapping_add'0 (self:Int8.t) (rhs:Int8.t) (return' (ret:Int8.t))= any [ return' (result:Int8.t)-> {[%#snum1] Int8.to_int result - = EuclideanDivision.mod (Int8.to_int self - + Int8.to_int rhs) (Power.power 2 (UInt32.to_uint (v_BITS'0 : UInt32.t))) + = EuclideanDivision.mod (Int8.to_int self + Int8.to_int rhs) (Power.power 2 (UInt32.t'int (v_BITS'0 : UInt32.t))) + Int8.to_int (v_MIN'0 : Int8.t)} {[%#snum2] Int8.to_int self + Int8.to_int rhs >= Int8.to_int (v_MIN'0 : Int8.t) /\ Int8.to_int self + Int8.to_int rhs <= Int8.to_int (v_MAX'0 : Int8.t) @@ -3222,17 +3192,17 @@ end module M_checked_ops__test_i8_overflowing_add [#"checked_ops.rs" 191 0 191 44] let%span schecked_ops0 = "checked_ops.rs" 193 4 193 65 let%span schecked_ops1 = "checked_ops.rs" 192 4 192 56 - let%span snum2 = "../../../creusot-contracts/src/std/num.rs" 225 20 225 95 - let%span snum3 = "../../../creusot-contracts/src/std/num.rs" 229 20 230 53 - let%span snum4 = "../../../creusot-contracts/src/std/num.rs" 236 20 238 94 - let%span snum5 = "../../../creusot-contracts/src/std/num.rs" 241 20 243 94 - let%span snum6 = "../../../creusot-contracts/src/std/num.rs" 247 20 247 98 - let%span snum7 = "../../../creusot-contracts/src/std/num.rs" 183 20 183 93 - let%span snum8 = "../../../creusot-contracts/src/std/num.rs" 187 20 188 51 - let%span snum9 = "../../../creusot-contracts/src/std/num.rs" 194 20 196 92 - let%span snum10 = "../../../creusot-contracts/src/std/num.rs" 199 20 201 92 - let%span snum11 = "../../../creusot-contracts/src/std/num.rs" 171 20 172 89 - let%span snum12 = "../../../creusot-contracts/src/std/num.rs" 175 26 175 87 + let%span snum2 = "../../../creusot-contracts/src/std/num.rs" 228 20 228 95 + let%span snum3 = "../../../creusot-contracts/src/std/num.rs" 232 20 233 53 + let%span snum4 = "../../../creusot-contracts/src/std/num.rs" 239 20 241 94 + let%span snum5 = "../../../creusot-contracts/src/std/num.rs" 244 20 246 94 + let%span snum6 = "../../../creusot-contracts/src/std/num.rs" 250 20 250 98 + let%span snum7 = "../../../creusot-contracts/src/std/num.rs" 186 20 186 93 + let%span snum8 = "../../../creusot-contracts/src/std/num.rs" 190 20 191 51 + let%span snum9 = "../../../creusot-contracts/src/std/num.rs" 197 20 199 92 + let%span snum10 = "../../../creusot-contracts/src/std/num.rs" 202 20 204 92 + let%span snum11 = "../../../creusot-contracts/src/std/num.rs" 174 20 175 89 + let%span snum12 = "../../../creusot-contracts/src/std/num.rs" 178 26 178 87 let%span soption13 = "../../../creusot-contracts/src/std/option.rs" 51 26 51 51 use prelude.prelude.Int8 @@ -3257,8 +3227,7 @@ module M_checked_ops__test_i8_overflowing_add [#"checked_ops.rs" 191 0 191 44] let rec overflowing_add'0 (self:Int8.t) (rhs:Int8.t) (return' (ret:(Int8.t, bool)))= any [ return' (result:(Int8.t, bool))-> {[%#snum2] Int8.to_int (let (a, _) = result in a) - = EuclideanDivision.mod (Int8.to_int self - + Int8.to_int rhs) (Power.power 2 (UInt32.to_uint (v_BITS'0 : UInt32.t))) + = EuclideanDivision.mod (Int8.to_int self + Int8.to_int rhs) (Power.power 2 (UInt32.t'int (v_BITS'0 : UInt32.t))) + Int8.to_int (v_MIN'0 : Int8.t)} {[%#snum3] Int8.to_int self + Int8.to_int rhs >= Int8.to_int (v_MIN'0 : Int8.t) /\ Int8.to_int self + Int8.to_int rhs <= Int8.to_int (v_MAX'0 : Int8.t) @@ -3279,8 +3248,7 @@ module M_checked_ops__test_i8_overflowing_add [#"checked_ops.rs" 191 0 191 44] let rec wrapping_add'0 (self:Int8.t) (rhs:Int8.t) (return' (ret:Int8.t))= any [ return' (result:Int8.t)-> {[%#snum7] Int8.to_int result - = EuclideanDivision.mod (Int8.to_int self - + Int8.to_int rhs) (Power.power 2 (UInt32.to_uint (v_BITS'0 : UInt32.t))) + = EuclideanDivision.mod (Int8.to_int self + Int8.to_int rhs) (Power.power 2 (UInt32.t'int (v_BITS'0 : UInt32.t))) + Int8.to_int (v_MIN'0 : Int8.t)} {[%#snum8] Int8.to_int self + Int8.to_int rhs >= Int8.to_int (v_MIN'0 : Int8.t) /\ Int8.to_int self + Int8.to_int rhs <= Int8.to_int (v_MAX'0 : Int8.t) @@ -3404,22 +3372,22 @@ module M_checked_ops__test_i8_sub_example [#"checked_ops.rs" 197 0 197 28] let%span schecked_ops47 = "checked_ops.rs" 200 4 200 47 let%span schecked_ops48 = "checked_ops.rs" 199 4 199 50 let%span schecked_ops49 = "checked_ops.rs" 198 4 198 47 - let%span snum50 = "../../../creusot-contracts/src/std/num.rs" 171 20 172 89 - let%span snum51 = "../../../creusot-contracts/src/std/num.rs" 175 26 175 87 + let%span snum50 = "../../../creusot-contracts/src/std/num.rs" 174 20 175 89 + let%span snum51 = "../../../creusot-contracts/src/std/num.rs" 178 26 178 87 let%span soption52 = "../../../creusot-contracts/src/std/option.rs" 31 0 423 1 let%span soption53 = "../../../creusot-contracts/src/std/option.rs" 51 26 51 51 - let%span snum54 = "../../../creusot-contracts/src/std/num.rs" 183 20 183 93 - let%span snum55 = "../../../creusot-contracts/src/std/num.rs" 187 20 188 51 - let%span snum56 = "../../../creusot-contracts/src/std/num.rs" 194 20 196 92 - let%span snum57 = "../../../creusot-contracts/src/std/num.rs" 199 20 201 92 - let%span snum58 = "../../../creusot-contracts/src/std/num.rs" 211 20 212 51 - let%span snum59 = "../../../creusot-contracts/src/std/num.rs" 215 26 215 83 - let%span snum60 = "../../../creusot-contracts/src/std/num.rs" 216 26 216 83 - let%span snum61 = "../../../creusot-contracts/src/std/num.rs" 225 20 225 95 - let%span snum62 = "../../../creusot-contracts/src/std/num.rs" 229 20 230 53 - let%span snum63 = "../../../creusot-contracts/src/std/num.rs" 236 20 238 94 - let%span snum64 = "../../../creusot-contracts/src/std/num.rs" 241 20 243 94 - let%span snum65 = "../../../creusot-contracts/src/std/num.rs" 247 20 247 98 + let%span snum54 = "../../../creusot-contracts/src/std/num.rs" 186 20 186 93 + let%span snum55 = "../../../creusot-contracts/src/std/num.rs" 190 20 191 51 + let%span snum56 = "../../../creusot-contracts/src/std/num.rs" 197 20 199 92 + let%span snum57 = "../../../creusot-contracts/src/std/num.rs" 202 20 204 92 + let%span snum58 = "../../../creusot-contracts/src/std/num.rs" 214 20 215 51 + let%span snum59 = "../../../creusot-contracts/src/std/num.rs" 218 26 218 83 + let%span snum60 = "../../../creusot-contracts/src/std/num.rs" 219 26 219 83 + let%span snum61 = "../../../creusot-contracts/src/std/num.rs" 228 20 228 95 + let%span snum62 = "../../../creusot-contracts/src/std/num.rs" 232 20 233 53 + let%span snum63 = "../../../creusot-contracts/src/std/num.rs" 239 20 241 94 + let%span snum64 = "../../../creusot-contracts/src/std/num.rs" 244 20 246 94 + let%span snum65 = "../../../creusot-contracts/src/std/num.rs" 250 20 250 98 use prelude.prelude.Int @@ -3476,8 +3444,7 @@ module M_checked_ops__test_i8_sub_example [#"checked_ops.rs" 197 0 197 28] let rec wrapping_sub'0 (self:Int8.t) (rhs:Int8.t) (return' (ret:Int8.t))= any [ return' (result:Int8.t)-> {[%#snum54] Int8.to_int result - = EuclideanDivision.mod (Int8.to_int self - - Int8.to_int rhs) (Power.power 2 (UInt32.to_uint (v_BITS'0 : UInt32.t))) + = EuclideanDivision.mod (Int8.to_int self - Int8.to_int rhs) (Power.power 2 (UInt32.t'int (v_BITS'0 : UInt32.t))) + Int8.to_int (v_MIN'0 : Int8.t)} {[%#snum55] Int8.to_int self - Int8.to_int rhs >= Int8.to_int (v_MIN'0 : Int8.t) /\ Int8.to_int self - Int8.to_int rhs <= Int8.to_int (v_MAX'0 : Int8.t) @@ -3506,8 +3473,7 @@ module M_checked_ops__test_i8_sub_example [#"checked_ops.rs" 197 0 197 28] let rec overflowing_sub'0 (self:Int8.t) (rhs:Int8.t) (return' (ret:(Int8.t, bool)))= any [ return' (result:(Int8.t, bool))-> {[%#snum61] Int8.to_int (let (a, _) = result in a) - = EuclideanDivision.mod (Int8.to_int self - - Int8.to_int rhs) (Power.power 2 (UInt32.to_uint (v_BITS'0 : UInt32.t))) + = EuclideanDivision.mod (Int8.to_int self - Int8.to_int rhs) (Power.power 2 (UInt32.t'int (v_BITS'0 : UInt32.t))) + Int8.to_int (v_MIN'0 : Int8.t)} {[%#snum62] Int8.to_int self - Int8.to_int rhs >= Int8.to_int (v_MIN'0 : Int8.t) /\ Int8.to_int self - Int8.to_int rhs <= Int8.to_int (v_MAX'0 : Int8.t) @@ -3724,21 +3690,21 @@ module M_checked_ops__test_i8_sub_overflow_pos [#"checked_ops.rs" 220 0 220 38] let%span schecked_ops12 = "checked_ops.rs" 222 4 222 52 let%span schecked_ops13 = "checked_ops.rs" 221 4 221 46 let%span schecked_ops14 = "checked_ops.rs" 219 11 219 17 - let%span snum15 = "../../../creusot-contracts/src/std/num.rs" 171 20 172 89 - let%span snum16 = "../../../creusot-contracts/src/std/num.rs" 175 26 175 87 + let%span snum15 = "../../../creusot-contracts/src/std/num.rs" 174 20 175 89 + let%span snum16 = "../../../creusot-contracts/src/std/num.rs" 178 26 178 87 let%span soption17 = "../../../creusot-contracts/src/std/option.rs" 51 26 51 51 - let%span snum18 = "../../../creusot-contracts/src/std/num.rs" 183 20 183 93 - let%span snum19 = "../../../creusot-contracts/src/std/num.rs" 187 20 188 51 - let%span snum20 = "../../../creusot-contracts/src/std/num.rs" 194 20 196 92 - let%span snum21 = "../../../creusot-contracts/src/std/num.rs" 199 20 201 92 - let%span snum22 = "../../../creusot-contracts/src/std/num.rs" 211 20 212 51 - let%span snum23 = "../../../creusot-contracts/src/std/num.rs" 215 26 215 83 - let%span snum24 = "../../../creusot-contracts/src/std/num.rs" 216 26 216 83 - let%span snum25 = "../../../creusot-contracts/src/std/num.rs" 225 20 225 95 - let%span snum26 = "../../../creusot-contracts/src/std/num.rs" 229 20 230 53 - let%span snum27 = "../../../creusot-contracts/src/std/num.rs" 236 20 238 94 - let%span snum28 = "../../../creusot-contracts/src/std/num.rs" 241 20 243 94 - let%span snum29 = "../../../creusot-contracts/src/std/num.rs" 247 20 247 98 + let%span snum18 = "../../../creusot-contracts/src/std/num.rs" 186 20 186 93 + let%span snum19 = "../../../creusot-contracts/src/std/num.rs" 190 20 191 51 + let%span snum20 = "../../../creusot-contracts/src/std/num.rs" 197 20 199 92 + let%span snum21 = "../../../creusot-contracts/src/std/num.rs" 202 20 204 92 + let%span snum22 = "../../../creusot-contracts/src/std/num.rs" 214 20 215 51 + let%span snum23 = "../../../creusot-contracts/src/std/num.rs" 218 26 218 83 + let%span snum24 = "../../../creusot-contracts/src/std/num.rs" 219 26 219 83 + let%span snum25 = "../../../creusot-contracts/src/std/num.rs" 228 20 228 95 + let%span snum26 = "../../../creusot-contracts/src/std/num.rs" 232 20 233 53 + let%span snum27 = "../../../creusot-contracts/src/std/num.rs" 239 20 241 94 + let%span snum28 = "../../../creusot-contracts/src/std/num.rs" 244 20 246 94 + let%span snum29 = "../../../creusot-contracts/src/std/num.rs" 250 20 250 98 use prelude.prelude.Int @@ -3783,8 +3749,7 @@ module M_checked_ops__test_i8_sub_overflow_pos [#"checked_ops.rs" 220 0 220 38] let rec wrapping_sub'0 (self:Int8.t) (rhs:Int8.t) (return' (ret:Int8.t))= any [ return' (result:Int8.t)-> {[%#snum18] Int8.to_int result - = EuclideanDivision.mod (Int8.to_int self - - Int8.to_int rhs) (Power.power 2 (UInt32.to_uint (v_BITS'0 : UInt32.t))) + = EuclideanDivision.mod (Int8.to_int self - Int8.to_int rhs) (Power.power 2 (UInt32.t'int (v_BITS'0 : UInt32.t))) + Int8.to_int (v_MIN'0 : Int8.t)} {[%#snum19] Int8.to_int self - Int8.to_int rhs >= Int8.to_int (v_MIN'0 : Int8.t) /\ Int8.to_int self - Int8.to_int rhs <= Int8.to_int (v_MAX'0 : Int8.t) @@ -3813,8 +3778,7 @@ module M_checked_ops__test_i8_sub_overflow_pos [#"checked_ops.rs" 220 0 220 38] let rec overflowing_sub'0 (self:Int8.t) (rhs:Int8.t) (return' (ret:(Int8.t, bool)))= any [ return' (result:(Int8.t, bool))-> {[%#snum25] Int8.to_int (let (a, _) = result in a) - = EuclideanDivision.mod (Int8.to_int self - - Int8.to_int rhs) (Power.power 2 (UInt32.to_uint (v_BITS'0 : UInt32.t))) + = EuclideanDivision.mod (Int8.to_int self - Int8.to_int rhs) (Power.power 2 (UInt32.t'int (v_BITS'0 : UInt32.t))) + Int8.to_int (v_MIN'0 : Int8.t)} {[%#snum26] Int8.to_int self - Int8.to_int rhs >= Int8.to_int (v_MIN'0 : Int8.t) /\ Int8.to_int self - Int8.to_int rhs <= Int8.to_int (v_MAX'0 : Int8.t) @@ -3922,21 +3886,21 @@ module M_checked_ops__test_i8_sub_overflow_neg [#"checked_ops.rs" 230 0 230 38] let%span schecked_ops12 = "checked_ops.rs" 232 4 232 52 let%span schecked_ops13 = "checked_ops.rs" 231 4 231 43 let%span schecked_ops14 = "checked_ops.rs" 229 11 229 17 - let%span snum15 = "../../../creusot-contracts/src/std/num.rs" 171 20 172 89 - let%span snum16 = "../../../creusot-contracts/src/std/num.rs" 175 26 175 87 + let%span snum15 = "../../../creusot-contracts/src/std/num.rs" 174 20 175 89 + let%span snum16 = "../../../creusot-contracts/src/std/num.rs" 178 26 178 87 let%span soption17 = "../../../creusot-contracts/src/std/option.rs" 51 26 51 51 - let%span snum18 = "../../../creusot-contracts/src/std/num.rs" 183 20 183 93 - let%span snum19 = "../../../creusot-contracts/src/std/num.rs" 187 20 188 51 - let%span snum20 = "../../../creusot-contracts/src/std/num.rs" 194 20 196 92 - let%span snum21 = "../../../creusot-contracts/src/std/num.rs" 199 20 201 92 - let%span snum22 = "../../../creusot-contracts/src/std/num.rs" 211 20 212 51 - let%span snum23 = "../../../creusot-contracts/src/std/num.rs" 215 26 215 83 - let%span snum24 = "../../../creusot-contracts/src/std/num.rs" 216 26 216 83 - let%span snum25 = "../../../creusot-contracts/src/std/num.rs" 225 20 225 95 - let%span snum26 = "../../../creusot-contracts/src/std/num.rs" 229 20 230 53 - let%span snum27 = "../../../creusot-contracts/src/std/num.rs" 236 20 238 94 - let%span snum28 = "../../../creusot-contracts/src/std/num.rs" 241 20 243 94 - let%span snum29 = "../../../creusot-contracts/src/std/num.rs" 247 20 247 98 + let%span snum18 = "../../../creusot-contracts/src/std/num.rs" 186 20 186 93 + let%span snum19 = "../../../creusot-contracts/src/std/num.rs" 190 20 191 51 + let%span snum20 = "../../../creusot-contracts/src/std/num.rs" 197 20 199 92 + let%span snum21 = "../../../creusot-contracts/src/std/num.rs" 202 20 204 92 + let%span snum22 = "../../../creusot-contracts/src/std/num.rs" 214 20 215 51 + let%span snum23 = "../../../creusot-contracts/src/std/num.rs" 218 26 218 83 + let%span snum24 = "../../../creusot-contracts/src/std/num.rs" 219 26 219 83 + let%span snum25 = "../../../creusot-contracts/src/std/num.rs" 228 20 228 95 + let%span snum26 = "../../../creusot-contracts/src/std/num.rs" 232 20 233 53 + let%span snum27 = "../../../creusot-contracts/src/std/num.rs" 239 20 241 94 + let%span snum28 = "../../../creusot-contracts/src/std/num.rs" 244 20 246 94 + let%span snum29 = "../../../creusot-contracts/src/std/num.rs" 250 20 250 98 use prelude.prelude.Int @@ -3981,8 +3945,7 @@ module M_checked_ops__test_i8_sub_overflow_neg [#"checked_ops.rs" 230 0 230 38] let rec wrapping_sub'0 (self:Int8.t) (rhs:Int8.t) (return' (ret:Int8.t))= any [ return' (result:Int8.t)-> {[%#snum18] Int8.to_int result - = EuclideanDivision.mod (Int8.to_int self - - Int8.to_int rhs) (Power.power 2 (UInt32.to_uint (v_BITS'0 : UInt32.t))) + = EuclideanDivision.mod (Int8.to_int self - Int8.to_int rhs) (Power.power 2 (UInt32.t'int (v_BITS'0 : UInt32.t))) + Int8.to_int (v_MIN'0 : Int8.t)} {[%#snum19] Int8.to_int self - Int8.to_int rhs >= Int8.to_int (v_MIN'0 : Int8.t) /\ Int8.to_int self - Int8.to_int rhs <= Int8.to_int (v_MAX'0 : Int8.t) @@ -4011,8 +3974,7 @@ module M_checked_ops__test_i8_sub_overflow_neg [#"checked_ops.rs" 230 0 230 38] let rec overflowing_sub'0 (self:Int8.t) (rhs:Int8.t) (return' (ret:(Int8.t, bool)))= any [ return' (result:(Int8.t, bool))-> {[%#snum25] Int8.to_int (let (a, _) = result in a) - = EuclideanDivision.mod (Int8.to_int self - - Int8.to_int rhs) (Power.power 2 (UInt32.to_uint (v_BITS'0 : UInt32.t))) + = EuclideanDivision.mod (Int8.to_int self - Int8.to_int rhs) (Power.power 2 (UInt32.t'int (v_BITS'0 : UInt32.t))) + Int8.to_int (v_MIN'0 : Int8.t)} {[%#snum26] Int8.to_int self - Int8.to_int rhs >= Int8.to_int (v_MIN'0 : Int8.t) /\ Int8.to_int self - Int8.to_int rhs <= Int8.to_int (v_MAX'0 : Int8.t) @@ -4110,10 +4072,10 @@ module M_checked_ops__test_i8_sub_overflow_neg [#"checked_ops.rs" 230 0 230 38] end module M_checked_ops__test_i8_wrapping_sub [#"checked_ops.rs" 241 0 241 47] let%span schecked_ops0 = "checked_ops.rs" 240 10 240 84 - let%span snum1 = "../../../creusot-contracts/src/std/num.rs" 183 20 183 93 - let%span snum2 = "../../../creusot-contracts/src/std/num.rs" 187 20 188 51 - let%span snum3 = "../../../creusot-contracts/src/std/num.rs" 194 20 196 92 - let%span snum4 = "../../../creusot-contracts/src/std/num.rs" 199 20 201 92 + let%span snum1 = "../../../creusot-contracts/src/std/num.rs" 186 20 186 93 + let%span snum2 = "../../../creusot-contracts/src/std/num.rs" 190 20 191 51 + let%span snum3 = "../../../creusot-contracts/src/std/num.rs" 197 20 199 92 + let%span snum4 = "../../../creusot-contracts/src/std/num.rs" 202 20 204 92 use prelude.prelude.Int8 @@ -4137,8 +4099,7 @@ module M_checked_ops__test_i8_wrapping_sub [#"checked_ops.rs" 241 0 241 47] let rec wrapping_sub'0 (self:Int8.t) (rhs:Int8.t) (return' (ret:Int8.t))= any [ return' (result:Int8.t)-> {[%#snum1] Int8.to_int result - = EuclideanDivision.mod (Int8.to_int self - - Int8.to_int rhs) (Power.power 2 (UInt32.to_uint (v_BITS'0 : UInt32.t))) + = EuclideanDivision.mod (Int8.to_int self - Int8.to_int rhs) (Power.power 2 (UInt32.t'int (v_BITS'0 : UInt32.t))) + Int8.to_int (v_MIN'0 : Int8.t)} {[%#snum2] Int8.to_int self - Int8.to_int rhs >= Int8.to_int (v_MIN'0 : Int8.t) /\ Int8.to_int self - Int8.to_int rhs <= Int8.to_int (v_MAX'0 : Int8.t) @@ -4172,17 +4133,17 @@ end module M_checked_ops__test_i8_overflowing_sub [#"checked_ops.rs" 246 0 246 44] let%span schecked_ops0 = "checked_ops.rs" 248 4 248 65 let%span schecked_ops1 = "checked_ops.rs" 247 4 247 56 - let%span snum2 = "../../../creusot-contracts/src/std/num.rs" 225 20 225 95 - let%span snum3 = "../../../creusot-contracts/src/std/num.rs" 229 20 230 53 - let%span snum4 = "../../../creusot-contracts/src/std/num.rs" 236 20 238 94 - let%span snum5 = "../../../creusot-contracts/src/std/num.rs" 241 20 243 94 - let%span snum6 = "../../../creusot-contracts/src/std/num.rs" 247 20 247 98 - let%span snum7 = "../../../creusot-contracts/src/std/num.rs" 183 20 183 93 - let%span snum8 = "../../../creusot-contracts/src/std/num.rs" 187 20 188 51 - let%span snum9 = "../../../creusot-contracts/src/std/num.rs" 194 20 196 92 - let%span snum10 = "../../../creusot-contracts/src/std/num.rs" 199 20 201 92 - let%span snum11 = "../../../creusot-contracts/src/std/num.rs" 171 20 172 89 - let%span snum12 = "../../../creusot-contracts/src/std/num.rs" 175 26 175 87 + let%span snum2 = "../../../creusot-contracts/src/std/num.rs" 228 20 228 95 + let%span snum3 = "../../../creusot-contracts/src/std/num.rs" 232 20 233 53 + let%span snum4 = "../../../creusot-contracts/src/std/num.rs" 239 20 241 94 + let%span snum5 = "../../../creusot-contracts/src/std/num.rs" 244 20 246 94 + let%span snum6 = "../../../creusot-contracts/src/std/num.rs" 250 20 250 98 + let%span snum7 = "../../../creusot-contracts/src/std/num.rs" 186 20 186 93 + let%span snum8 = "../../../creusot-contracts/src/std/num.rs" 190 20 191 51 + let%span snum9 = "../../../creusot-contracts/src/std/num.rs" 197 20 199 92 + let%span snum10 = "../../../creusot-contracts/src/std/num.rs" 202 20 204 92 + let%span snum11 = "../../../creusot-contracts/src/std/num.rs" 174 20 175 89 + let%span snum12 = "../../../creusot-contracts/src/std/num.rs" 178 26 178 87 let%span soption13 = "../../../creusot-contracts/src/std/option.rs" 51 26 51 51 use prelude.prelude.Int8 @@ -4207,8 +4168,7 @@ module M_checked_ops__test_i8_overflowing_sub [#"checked_ops.rs" 246 0 246 44] let rec overflowing_sub'0 (self:Int8.t) (rhs:Int8.t) (return' (ret:(Int8.t, bool)))= any [ return' (result:(Int8.t, bool))-> {[%#snum2] Int8.to_int (let (a, _) = result in a) - = EuclideanDivision.mod (Int8.to_int self - - Int8.to_int rhs) (Power.power 2 (UInt32.to_uint (v_BITS'0 : UInt32.t))) + = EuclideanDivision.mod (Int8.to_int self - Int8.to_int rhs) (Power.power 2 (UInt32.t'int (v_BITS'0 : UInt32.t))) + Int8.to_int (v_MIN'0 : Int8.t)} {[%#snum3] Int8.to_int self - Int8.to_int rhs >= Int8.to_int (v_MIN'0 : Int8.t) /\ Int8.to_int self - Int8.to_int rhs <= Int8.to_int (v_MAX'0 : Int8.t) @@ -4229,8 +4189,7 @@ module M_checked_ops__test_i8_overflowing_sub [#"checked_ops.rs" 246 0 246 44] let rec wrapping_sub'0 (self:Int8.t) (rhs:Int8.t) (return' (ret:Int8.t))= any [ return' (result:Int8.t)-> {[%#snum7] Int8.to_int result - = EuclideanDivision.mod (Int8.to_int self - - Int8.to_int rhs) (Power.power 2 (UInt32.to_uint (v_BITS'0 : UInt32.t))) + = EuclideanDivision.mod (Int8.to_int self - Int8.to_int rhs) (Power.power 2 (UInt32.t'int (v_BITS'0 : UInt32.t))) + Int8.to_int (v_MIN'0 : Int8.t)} {[%#snum8] Int8.to_int self - Int8.to_int rhs >= Int8.to_int (v_MIN'0 : Int8.t) /\ Int8.to_int self - Int8.to_int rhs <= Int8.to_int (v_MAX'0 : Int8.t) @@ -4353,22 +4312,22 @@ module M_checked_ops__test_i8_mul_example [#"checked_ops.rs" 252 0 252 28] let%span schecked_ops46 = "checked_ops.rs" 255 4 255 44 let%span schecked_ops47 = "checked_ops.rs" 254 4 254 43 let%span schecked_ops48 = "checked_ops.rs" 253 4 253 47 - let%span snum49 = "../../../creusot-contracts/src/std/num.rs" 171 20 172 89 - let%span snum50 = "../../../creusot-contracts/src/std/num.rs" 175 26 175 87 + let%span snum49 = "../../../creusot-contracts/src/std/num.rs" 174 20 175 89 + let%span snum50 = "../../../creusot-contracts/src/std/num.rs" 178 26 178 87 let%span soption51 = "../../../creusot-contracts/src/std/option.rs" 31 0 423 1 let%span soption52 = "../../../creusot-contracts/src/std/option.rs" 51 26 51 51 - let%span snum53 = "../../../creusot-contracts/src/std/num.rs" 183 20 183 93 - let%span snum54 = "../../../creusot-contracts/src/std/num.rs" 187 20 188 51 - let%span snum55 = "../../../creusot-contracts/src/std/num.rs" 194 20 196 92 - let%span snum56 = "../../../creusot-contracts/src/std/num.rs" 199 20 201 92 - let%span snum57 = "../../../creusot-contracts/src/std/num.rs" 211 20 212 51 - let%span snum58 = "../../../creusot-contracts/src/std/num.rs" 215 26 215 83 - let%span snum59 = "../../../creusot-contracts/src/std/num.rs" 216 26 216 83 - let%span snum60 = "../../../creusot-contracts/src/std/num.rs" 225 20 225 95 - let%span snum61 = "../../../creusot-contracts/src/std/num.rs" 229 20 230 53 - let%span snum62 = "../../../creusot-contracts/src/std/num.rs" 236 20 238 94 - let%span snum63 = "../../../creusot-contracts/src/std/num.rs" 241 20 243 94 - let%span snum64 = "../../../creusot-contracts/src/std/num.rs" 247 20 247 98 + let%span snum53 = "../../../creusot-contracts/src/std/num.rs" 186 20 186 93 + let%span snum54 = "../../../creusot-contracts/src/std/num.rs" 190 20 191 51 + let%span snum55 = "../../../creusot-contracts/src/std/num.rs" 197 20 199 92 + let%span snum56 = "../../../creusot-contracts/src/std/num.rs" 202 20 204 92 + let%span snum57 = "../../../creusot-contracts/src/std/num.rs" 214 20 215 51 + let%span snum58 = "../../../creusot-contracts/src/std/num.rs" 218 26 218 83 + let%span snum59 = "../../../creusot-contracts/src/std/num.rs" 219 26 219 83 + let%span snum60 = "../../../creusot-contracts/src/std/num.rs" 228 20 228 95 + let%span snum61 = "../../../creusot-contracts/src/std/num.rs" 232 20 233 53 + let%span snum62 = "../../../creusot-contracts/src/std/num.rs" 239 20 241 94 + let%span snum63 = "../../../creusot-contracts/src/std/num.rs" 244 20 246 94 + let%span snum64 = "../../../creusot-contracts/src/std/num.rs" 250 20 250 98 use prelude.prelude.Int @@ -4425,8 +4384,7 @@ module M_checked_ops__test_i8_mul_example [#"checked_ops.rs" 252 0 252 28] let rec wrapping_mul'0 (self:Int8.t) (rhs:Int8.t) (return' (ret:Int8.t))= any [ return' (result:Int8.t)-> {[%#snum53] Int8.to_int result - = EuclideanDivision.mod (Int8.to_int self - * Int8.to_int rhs) (Power.power 2 (UInt32.to_uint (v_BITS'0 : UInt32.t))) + = EuclideanDivision.mod (Int8.to_int self * Int8.to_int rhs) (Power.power 2 (UInt32.t'int (v_BITS'0 : UInt32.t))) + Int8.to_int (v_MIN'0 : Int8.t)} {[%#snum54] Int8.to_int self * Int8.to_int rhs >= Int8.to_int (v_MIN'0 : Int8.t) /\ Int8.to_int self * Int8.to_int rhs <= Int8.to_int (v_MAX'0 : Int8.t) @@ -4455,8 +4413,7 @@ module M_checked_ops__test_i8_mul_example [#"checked_ops.rs" 252 0 252 28] let rec overflowing_mul'0 (self:Int8.t) (rhs:Int8.t) (return' (ret:(Int8.t, bool)))= any [ return' (result:(Int8.t, bool))-> {[%#snum60] Int8.to_int (let (a, _) = result in a) - = EuclideanDivision.mod (Int8.to_int self - * Int8.to_int rhs) (Power.power 2 (UInt32.to_uint (v_BITS'0 : UInt32.t))) + = EuclideanDivision.mod (Int8.to_int self * Int8.to_int rhs) (Power.power 2 (UInt32.t'int (v_BITS'0 : UInt32.t))) + Int8.to_int (v_MIN'0 : Int8.t)} {[%#snum61] Int8.to_int self * Int8.to_int rhs >= Int8.to_int (v_MIN'0 : Int8.t) /\ Int8.to_int self * Int8.to_int rhs <= Int8.to_int (v_MAX'0 : Int8.t) @@ -4667,21 +4624,21 @@ module M_checked_ops__test_i8_mul_zero [#"checked_ops.rs" 274 0 274 30] let%span schecked_ops10 = "checked_ops.rs" 277 4 277 39 let%span schecked_ops11 = "checked_ops.rs" 276 4 276 37 let%span schecked_ops12 = "checked_ops.rs" 275 4 275 45 - let%span snum13 = "../../../creusot-contracts/src/std/num.rs" 171 20 172 89 - let%span snum14 = "../../../creusot-contracts/src/std/num.rs" 175 26 175 87 + let%span snum13 = "../../../creusot-contracts/src/std/num.rs" 174 20 175 89 + let%span snum14 = "../../../creusot-contracts/src/std/num.rs" 178 26 178 87 let%span soption15 = "../../../creusot-contracts/src/std/option.rs" 31 0 423 1 - let%span snum16 = "../../../creusot-contracts/src/std/num.rs" 183 20 183 93 - let%span snum17 = "../../../creusot-contracts/src/std/num.rs" 187 20 188 51 - let%span snum18 = "../../../creusot-contracts/src/std/num.rs" 194 20 196 92 - let%span snum19 = "../../../creusot-contracts/src/std/num.rs" 199 20 201 92 - let%span snum20 = "../../../creusot-contracts/src/std/num.rs" 211 20 212 51 - let%span snum21 = "../../../creusot-contracts/src/std/num.rs" 215 26 215 83 - let%span snum22 = "../../../creusot-contracts/src/std/num.rs" 216 26 216 83 - let%span snum23 = "../../../creusot-contracts/src/std/num.rs" 225 20 225 95 - let%span snum24 = "../../../creusot-contracts/src/std/num.rs" 229 20 230 53 - let%span snum25 = "../../../creusot-contracts/src/std/num.rs" 236 20 238 94 - let%span snum26 = "../../../creusot-contracts/src/std/num.rs" 241 20 243 94 - let%span snum27 = "../../../creusot-contracts/src/std/num.rs" 247 20 247 98 + let%span snum16 = "../../../creusot-contracts/src/std/num.rs" 186 20 186 93 + let%span snum17 = "../../../creusot-contracts/src/std/num.rs" 190 20 191 51 + let%span snum18 = "../../../creusot-contracts/src/std/num.rs" 197 20 199 92 + let%span snum19 = "../../../creusot-contracts/src/std/num.rs" 202 20 204 92 + let%span snum20 = "../../../creusot-contracts/src/std/num.rs" 214 20 215 51 + let%span snum21 = "../../../creusot-contracts/src/std/num.rs" 218 26 218 83 + let%span snum22 = "../../../creusot-contracts/src/std/num.rs" 219 26 219 83 + let%span snum23 = "../../../creusot-contracts/src/std/num.rs" 228 20 228 95 + let%span snum24 = "../../../creusot-contracts/src/std/num.rs" 232 20 233 53 + let%span snum25 = "../../../creusot-contracts/src/std/num.rs" 239 20 241 94 + let%span snum26 = "../../../creusot-contracts/src/std/num.rs" 244 20 246 94 + let%span snum27 = "../../../creusot-contracts/src/std/num.rs" 250 20 250 98 use prelude.prelude.Int @@ -4729,8 +4686,7 @@ module M_checked_ops__test_i8_mul_zero [#"checked_ops.rs" 274 0 274 30] let rec wrapping_mul'0 (self:Int8.t) (rhs:Int8.t) (return' (ret:Int8.t))= any [ return' (result:Int8.t)-> {[%#snum16] Int8.to_int result - = EuclideanDivision.mod (Int8.to_int self - * Int8.to_int rhs) (Power.power 2 (UInt32.to_uint (v_BITS'0 : UInt32.t))) + = EuclideanDivision.mod (Int8.to_int self * Int8.to_int rhs) (Power.power 2 (UInt32.t'int (v_BITS'0 : UInt32.t))) + Int8.to_int (v_MIN'0 : Int8.t)} {[%#snum17] Int8.to_int self * Int8.to_int rhs >= Int8.to_int (v_MIN'0 : Int8.t) /\ Int8.to_int self * Int8.to_int rhs <= Int8.to_int (v_MAX'0 : Int8.t) @@ -4759,8 +4715,7 @@ module M_checked_ops__test_i8_mul_zero [#"checked_ops.rs" 274 0 274 30] let rec overflowing_mul'0 (self:Int8.t) (rhs:Int8.t) (return' (ret:(Int8.t, bool)))= any [ return' (result:(Int8.t, bool))-> {[%#snum23] Int8.to_int (let (a, _) = result in a) - = EuclideanDivision.mod (Int8.to_int self - * Int8.to_int rhs) (Power.power 2 (UInt32.to_uint (v_BITS'0 : UInt32.t))) + = EuclideanDivision.mod (Int8.to_int self * Int8.to_int rhs) (Power.power 2 (UInt32.t'int (v_BITS'0 : UInt32.t))) + Int8.to_int (v_MIN'0 : Int8.t)} {[%#snum24] Int8.to_int self * Int8.to_int rhs >= Int8.to_int (v_MIN'0 : Int8.t) /\ Int8.to_int self * Int8.to_int rhs <= Int8.to_int (v_MAX'0 : Int8.t) @@ -4850,17 +4805,17 @@ end module M_checked_ops__test_i8_overflowing_mul [#"checked_ops.rs" 283 0 283 44] let%span schecked_ops0 = "checked_ops.rs" 285 4 285 65 let%span schecked_ops1 = "checked_ops.rs" 284 4 284 56 - let%span snum2 = "../../../creusot-contracts/src/std/num.rs" 225 20 225 95 - let%span snum3 = "../../../creusot-contracts/src/std/num.rs" 229 20 230 53 - let%span snum4 = "../../../creusot-contracts/src/std/num.rs" 236 20 238 94 - let%span snum5 = "../../../creusot-contracts/src/std/num.rs" 241 20 243 94 - let%span snum6 = "../../../creusot-contracts/src/std/num.rs" 247 20 247 98 - let%span snum7 = "../../../creusot-contracts/src/std/num.rs" 183 20 183 93 - let%span snum8 = "../../../creusot-contracts/src/std/num.rs" 187 20 188 51 - let%span snum9 = "../../../creusot-contracts/src/std/num.rs" 194 20 196 92 - let%span snum10 = "../../../creusot-contracts/src/std/num.rs" 199 20 201 92 - let%span snum11 = "../../../creusot-contracts/src/std/num.rs" 171 20 172 89 - let%span snum12 = "../../../creusot-contracts/src/std/num.rs" 175 26 175 87 + let%span snum2 = "../../../creusot-contracts/src/std/num.rs" 228 20 228 95 + let%span snum3 = "../../../creusot-contracts/src/std/num.rs" 232 20 233 53 + let%span snum4 = "../../../creusot-contracts/src/std/num.rs" 239 20 241 94 + let%span snum5 = "../../../creusot-contracts/src/std/num.rs" 244 20 246 94 + let%span snum6 = "../../../creusot-contracts/src/std/num.rs" 250 20 250 98 + let%span snum7 = "../../../creusot-contracts/src/std/num.rs" 186 20 186 93 + let%span snum8 = "../../../creusot-contracts/src/std/num.rs" 190 20 191 51 + let%span snum9 = "../../../creusot-contracts/src/std/num.rs" 197 20 199 92 + let%span snum10 = "../../../creusot-contracts/src/std/num.rs" 202 20 204 92 + let%span snum11 = "../../../creusot-contracts/src/std/num.rs" 174 20 175 89 + let%span snum12 = "../../../creusot-contracts/src/std/num.rs" 178 26 178 87 let%span soption13 = "../../../creusot-contracts/src/std/option.rs" 51 26 51 51 use prelude.prelude.Int8 @@ -4885,8 +4840,7 @@ module M_checked_ops__test_i8_overflowing_mul [#"checked_ops.rs" 283 0 283 44] let rec overflowing_mul'0 (self:Int8.t) (rhs:Int8.t) (return' (ret:(Int8.t, bool)))= any [ return' (result:(Int8.t, bool))-> {[%#snum2] Int8.to_int (let (a, _) = result in a) - = EuclideanDivision.mod (Int8.to_int self - * Int8.to_int rhs) (Power.power 2 (UInt32.to_uint (v_BITS'0 : UInt32.t))) + = EuclideanDivision.mod (Int8.to_int self * Int8.to_int rhs) (Power.power 2 (UInt32.t'int (v_BITS'0 : UInt32.t))) + Int8.to_int (v_MIN'0 : Int8.t)} {[%#snum3] Int8.to_int self * Int8.to_int rhs >= Int8.to_int (v_MIN'0 : Int8.t) /\ Int8.to_int self * Int8.to_int rhs <= Int8.to_int (v_MAX'0 : Int8.t) @@ -4907,8 +4861,7 @@ module M_checked_ops__test_i8_overflowing_mul [#"checked_ops.rs" 283 0 283 44] let rec wrapping_mul'0 (self:Int8.t) (rhs:Int8.t) (return' (ret:Int8.t))= any [ return' (result:Int8.t)-> {[%#snum7] Int8.to_int result - = EuclideanDivision.mod (Int8.to_int self - * Int8.to_int rhs) (Power.power 2 (UInt32.to_uint (v_BITS'0 : UInt32.t))) + = EuclideanDivision.mod (Int8.to_int self * Int8.to_int rhs) (Power.power 2 (UInt32.t'int (v_BITS'0 : UInt32.t))) + Int8.to_int (v_MIN'0 : Int8.t)} {[%#snum8] Int8.to_int self * Int8.to_int rhs >= Int8.to_int (v_MIN'0 : Int8.t) /\ Int8.to_int self * Int8.to_int rhs <= Int8.to_int (v_MAX'0 : Int8.t) @@ -5035,20 +4988,20 @@ module M_checked_ops__test_i8_div_example [#"checked_ops.rs" 289 0 289 28] let%span schecked_ops50 = "checked_ops.rs" 292 4 292 47 let%span schecked_ops51 = "checked_ops.rs" 291 4 291 45 let%span schecked_ops52 = "checked_ops.rs" 290 4 290 41 - let%span snum53 = "../../../creusot-contracts/src/std/num.rs" 109 26 109 97 - let%span snum54 = "../../../creusot-contracts/src/std/num.rs" 111 26 111 83 + let%span snum53 = "../../../creusot-contracts/src/std/num.rs" 112 26 112 97 + let%span snum54 = "../../../creusot-contracts/src/std/num.rs" 114 26 114 83 let%span soption55 = "../../../creusot-contracts/src/std/option.rs" 51 26 51 51 let%span soption56 = "../../../creusot-contracts/src/std/option.rs" 31 0 423 1 - let%span snum57 = "../../../creusot-contracts/src/std/num.rs" 117 27 117 36 - let%span snum58 = "../../../creusot-contracts/src/std/num.rs" 119 26 119 83 - let%span snum59 = "../../../creusot-contracts/src/std/num.rs" 121 26 121 89 - let%span snum60 = "../../../creusot-contracts/src/std/num.rs" 127 27 127 36 - let%span snum61 = "../../../creusot-contracts/src/std/num.rs" 129 26 129 89 - let%span snum62 = "../../../creusot-contracts/src/std/num.rs" 131 26 131 89 - let%span snum63 = "../../../creusot-contracts/src/std/num.rs" 137 27 137 36 - let%span snum64 = "../../../creusot-contracts/src/std/num.rs" 139 26 139 85 - let%span snum65 = "../../../creusot-contracts/src/std/num.rs" 141 26 141 91 - let%span snum66 = "../../../creusot-contracts/src/std/num.rs" 143 26 143 74 + let%span snum57 = "../../../creusot-contracts/src/std/num.rs" 120 27 120 36 + let%span snum58 = "../../../creusot-contracts/src/std/num.rs" 122 26 122 83 + let%span snum59 = "../../../creusot-contracts/src/std/num.rs" 124 26 124 89 + let%span snum60 = "../../../creusot-contracts/src/std/num.rs" 130 27 130 36 + let%span snum61 = "../../../creusot-contracts/src/std/num.rs" 132 26 132 89 + let%span snum62 = "../../../creusot-contracts/src/std/num.rs" 134 26 134 89 + let%span snum63 = "../../../creusot-contracts/src/std/num.rs" 140 27 140 36 + let%span snum64 = "../../../creusot-contracts/src/std/num.rs" 142 26 142 85 + let%span snum65 = "../../../creusot-contracts/src/std/num.rs" 144 26 144 91 + let%span snum66 = "../../../creusot-contracts/src/std/num.rs" 146 26 146 74 use prelude.prelude.Int @@ -5325,19 +5278,19 @@ module M_checked_ops__test_i8_div_no_overflow [#"checked_ops.rs" 313 0 313 44] let%span schecked_ops7 = "checked_ops.rs" 315 4 315 39 let%span schecked_ops8 = "checked_ops.rs" 314 4 314 47 let%span schecked_ops9 = "checked_ops.rs" 312 11 312 46 - let%span snum10 = "../../../creusot-contracts/src/std/num.rs" 109 26 109 97 - let%span snum11 = "../../../creusot-contracts/src/std/num.rs" 111 26 111 83 + let%span snum10 = "../../../creusot-contracts/src/std/num.rs" 112 26 112 97 + let%span snum11 = "../../../creusot-contracts/src/std/num.rs" 114 26 114 83 let%span soption12 = "../../../creusot-contracts/src/std/option.rs" 31 0 423 1 - let%span snum13 = "../../../creusot-contracts/src/std/num.rs" 117 27 117 36 - let%span snum14 = "../../../creusot-contracts/src/std/num.rs" 119 26 119 83 - let%span snum15 = "../../../creusot-contracts/src/std/num.rs" 121 26 121 89 - let%span snum16 = "../../../creusot-contracts/src/std/num.rs" 127 27 127 36 - let%span snum17 = "../../../creusot-contracts/src/std/num.rs" 129 26 129 89 - let%span snum18 = "../../../creusot-contracts/src/std/num.rs" 131 26 131 89 - let%span snum19 = "../../../creusot-contracts/src/std/num.rs" 137 27 137 36 - let%span snum20 = "../../../creusot-contracts/src/std/num.rs" 139 26 139 85 - let%span snum21 = "../../../creusot-contracts/src/std/num.rs" 141 26 141 91 - let%span snum22 = "../../../creusot-contracts/src/std/num.rs" 143 26 143 74 + let%span snum13 = "../../../creusot-contracts/src/std/num.rs" 120 27 120 36 + let%span snum14 = "../../../creusot-contracts/src/std/num.rs" 122 26 122 83 + let%span snum15 = "../../../creusot-contracts/src/std/num.rs" 124 26 124 89 + let%span snum16 = "../../../creusot-contracts/src/std/num.rs" 130 27 130 36 + let%span snum17 = "../../../creusot-contracts/src/std/num.rs" 132 26 132 89 + let%span snum18 = "../../../creusot-contracts/src/std/num.rs" 134 26 134 89 + let%span snum19 = "../../../creusot-contracts/src/std/num.rs" 140 27 140 36 + let%span snum20 = "../../../creusot-contracts/src/std/num.rs" 142 26 142 85 + let%span snum21 = "../../../creusot-contracts/src/std/num.rs" 144 26 144 91 + let%span snum22 = "../../../creusot-contracts/src/std/num.rs" 146 26 146 74 use prelude.prelude.Int @@ -5551,8 +5504,8 @@ end module M_checked_ops__test_i8_div_zero [#"checked_ops.rs" 322 0 322 30] let%span schecked_ops0 = "checked_ops.rs" 323 26 323 27 let%span schecked_ops1 = "checked_ops.rs" 323 4 323 39 - let%span snum2 = "../../../creusot-contracts/src/std/num.rs" 109 26 109 97 - let%span snum3 = "../../../creusot-contracts/src/std/num.rs" 111 26 111 83 + let%span snum2 = "../../../creusot-contracts/src/std/num.rs" 112 26 112 97 + let%span snum3 = "../../../creusot-contracts/src/std/num.rs" 114 26 114 83 let%span soption4 = "../../../creusot-contracts/src/std/option.rs" 51 26 51 51 use prelude.prelude.Int diff --git a/creusot/tests/should_succeed/clones/03/why3shapes.gz b/creusot/tests/should_succeed/clones/03/why3shapes.gz index ca832c8102b1566b266e5e82f589c9b2d367c32d..fb017e456bf0dbfc5901348dcd75f180296b1642 100644 GIT binary patch literal 203 zcmV;+05ty}iwFP!00000|3!?s4#F@HM0O9q`$0J2Es!qEBY=G9yO;*%MTOB)jEps}YyH{BCVWH$y zU+>$uN?k9%y$?TM>V2PXzWu9Ae~{L<`Y1N_52cF0Ob~7Kfw)MRvo}SAU`+_FjI7NP zRGB3v#OxB5l#npM#ESvW;E5ePA-A*&h(pN@R>3~%ByoE$TgOWa?MfTW3A|=^nH(80l zX9L;LoqK(K9#?kUQLm$&bQt&D>DeZ`dNTAv-SP7Q-hsBmMK?6)*c~RlHm|flO;^|~ z@MiSbpT9qTRp$J4?-#iH>f-y$c*{3s{U6fy(jU~-<-?d9MF`k&h$OkD)&gdR=rBfK zSS+r=c;><$3xrUSVkU3_CHYn>H>NU={Ms2HiACys)Icd?f*_uoxQHsgrFj<24}8vv I6dVBn04rr>IsgCw diff --git a/creusot/tests/should_succeed/closures/06_fn_specs/why3shapes.gz b/creusot/tests/should_succeed/closures/06_fn_specs/why3shapes.gz index 14a20289fbee4602fefa1283ac3273b010394d76..4a040e4883b5eca3809d2e00b4e6c4151111d22a 100644 GIT binary patch literal 532 zcmV+v0_*)BiwFP!00000|AmrGkJ>O0hVT9rxox|r@%Xz^4;+Y+d*$nDVmm6*ZeR%@ z_21V4;zD56+k8BJ{m$6mUaRpp?b2AC(tg}*haZ)$UcWQir*Zp!N-yBWigw%a5Vk|y z95V6taXjQQc7crI5rqj3Df?F>KDQJ!nh?TUV$W3!aFSh->*lg~t)NASp3v>8q>n4|W_ z7UJ_2Ur$Z=x-BQ`4DZu}`bC2DnAY}k!>N%5V&0Y-Cr!L|H9)LDqDW^m;1%tYz`j0WvV!v zjX}*0pVuPPb1>KPF!da;r5uL&T|;@+$Ax5Sz6;A;FyEDfr7rzC?%op=&1=pWsm^Gt zR0tiR>W#C8B6UE3)S)t!X>_9+*@y-k-T-qNqcTy0bzCZhqxKi z`cR0skK>`F!E-M>EH@8RYIdo4wSno>B zb6)VfdZ}^rTzD=QH=}U;!tDe<(@~yl&+USKo?|nYxLCPjrjXA>oJa7;7qlKuFIb}P z#uno96<=?S__C`vR|VeX2lb0IuhE$9o|0W9yGpKD{@5P=yq!P8?dx;(g}2Mb%G7c> zO~vK>nP%(lD)?lGk(q{=qA~qA#7K6PtV7^@@ppf*uKo*;XQ*!Z(O;=ocau4I@K&hm zY%&HbcKEy|VKoI)t_-u90ydY!IK6AE&-%EKLQTD}_JXNb3Ff-=>$rW-P&Kb-#z+OD ztx_=tLe(2*4J8UdfD}-f#yuVUh+xYFTVaY; zIuuqUpgtL)waq$2>5|o%Box@OWK`@eBr`U(f)ZDKP)2}u=!6|1UgUVof%UPdfeczj z4NjRpMF&cUoK*m8!pO>&3r50HUkKS#GO@>)g>!*Gge+B5pT2 VaUyMYqWQmj_7}O_G!#t*002*#310vJ diff --git a/creusot/tests/should_succeed/closures/07_mutable_capture.coma b/creusot/tests/should_succeed/closures/07_mutable_capture.coma index a48c1db4a9..f5d1ecf5ff 100644 --- a/creusot/tests/should_succeed/closures/07_mutable_capture.coma +++ b/creusot/tests/should_succeed/closures/07_mutable_capture.coma @@ -36,8 +36,8 @@ module M_07_mutable_capture__test_fnmut [#"07_mutable_capture.rs" 5 0 5 29] use prelude.prelude.UInt32 predicate postcondition_once'0 (self : closure1'1) (args : ()) (result : Int32.t) = - [%#s07_mutable_capture5] let () = args in UInt32.to_uint (self.field_0'0).final - = UInt32.to_uint (self.field_0'0).current + 1 + [%#s07_mutable_capture5] let () = args in UInt32.t'int (self.field_0'0).final + = UInt32.t'int (self.field_0'0).current + 1 predicate resolve'4 (self : borrowed UInt32.t) = [%#sresolve6] self.final = self.current @@ -52,7 +52,7 @@ module M_07_mutable_capture__test_fnmut [#"07_mutable_capture.rs" 5 0 5 29] (_2.field_0'0).final = (self.field_0'0).final predicate postcondition_mut'0 (self : closure1'1) (args : ()) (result_state : closure1'1) (result : Int32.t) = - (let () = args in UInt32.to_uint (result_state.field_0'0).current = UInt32.to_uint (self.field_0'0).current + 1) + (let () = args in UInt32.t'int (result_state.field_0'0).current = UInt32.t'int (self.field_0'0).current + 1) /\ unnest'0 self result_state function fn_mut_once'0 (self : closure1'1) (args : ()) (res : Int32.t) : () @@ -74,7 +74,7 @@ module M_07_mutable_capture__test_fnmut [#"07_mutable_capture.rs" 5 0 5 29] axiom postcondition_mut_unnest'0_spec : forall self : closure1'1, args : (), res_state : closure1'1, res : Int32.t . ([%#sops7] postcondition_mut'0 self args res_state res) -> ([%#sops8] unnest'0 self res_state) - let rec closure1'0 (_1:borrowed closure1'1) (return' (ret:Int32.t))= {[@expl:closure requires] [%#s07_mutable_capture4] UInt32.to_uint ((_1.current).field_0'0).current + let rec closure1'0 (_1:borrowed closure1'1) (return' (ret:Int32.t))= {[@expl:closure requires] [%#s07_mutable_capture4] UInt32.t'int ((_1.current).field_0'0).current < 1000000} (! bb0 [ bb0 = s0 @@ -94,15 +94,15 @@ module M_07_mutable_capture__test_fnmut [#"07_mutable_capture.rs" 5 0 5 29] | & res : Int32.t = any_l () | & res1 : Int32.t = any_l () ] - [ return' (result:Int32.t)-> {[@expl:closure ensures] [%#s07_mutable_capture5] UInt32.to_uint ((_1.final).field_0'0).current - = UInt32.to_uint ((_1.current).field_0'0).current + 1} + [ return' (result:Int32.t)-> {[@expl:closure ensures] [%#s07_mutable_capture5] UInt32.t'int ((_1.final).field_0'0).current + = UInt32.t'int ((_1.current).field_0'0).current + 1} {[@expl:closure unnest] unnest'0 _1.current _1.final} (! return' {result}) ] meta "compute_max_steps" 1000000 - let rec test_fnmut'0 (x:UInt32.t) (return' (ret:()))= {[@expl:test_fnmut requires] [%#s07_mutable_capture1] UInt32.to_uint x + let rec test_fnmut'0 (x:UInt32.t) (return' (ret:()))= {[@expl:test_fnmut requires] [%#s07_mutable_capture1] UInt32.t'int x = 100000} (! bb0 [ bb0 = s0 @@ -122,7 +122,7 @@ module M_07_mutable_capture__test_fnmut [#"07_mutable_capture.rs" 5 0 5 29] | bb2 = s0 [ s0 = -{resolve'0 c}- s1 - | s1 = {[@expl:assertion] [%#s07_mutable_capture0] UInt32.to_uint x = 100002} s2 + | s1 = {[@expl:assertion] [%#s07_mutable_capture0] UInt32.t'int x = 100002} s2 | s2 = return' {_0} ] ] ) diff --git a/creusot/tests/should_succeed/closures/07_mutable_capture/why3session.xml b/creusot/tests/should_succeed/closures/07_mutable_capture/why3session.xml index 26214f9641..6948250b0d 100644 --- a/creusot/tests/should_succeed/closures/07_mutable_capture/why3session.xml +++ b/creusot/tests/should_succeed/closures/07_mutable_capture/why3session.xml @@ -7,7 +7,7 @@ - + diff --git a/creusot/tests/should_succeed/closures/07_mutable_capture/why3shapes.gz b/creusot/tests/should_succeed/closures/07_mutable_capture/why3shapes.gz index c8fe027bc4131ca50e25bc2cf30d20a99f4e865d..740edc6a7592fdd717d30bfe07f26fc3a8cafaf9 100644 GIT binary patch literal 441 zcmV;q0Y?5GiwFP!00000|CN$WZ<|06hVT3eZf=vy4*LOA>A{tXK#J7cUeUmgRaDHn zEF^7zeHR>T;y6vp0WmWVGw;s6A8tbT9S`Kf2kKp8yHBACZ$1Xtle6suZJ6d;JXkl> zwlmG(iE=*8TuL0ghcqZsLVj#W|ACBBA9Pjdi>Z6Ai4msv*&- zuW5i4j`i60)D0RU+%+Ax{$q=uao9B7uoQiTT2nHQFAUzkikv&vP@FacSlPa}k7PFc zA6U26jXl8zrf6M3W8UbwXyDiw|GvM9orO+NR7^**IUACd2SLs8g;6xbm&VW_rxo2@$sQ%#KR1JKkrgX@zGf7E2rpBE@KUbm zkc*D_u&4Q}qraFdv#dC8VBxYLFp8%pQkB`EfRroF6GJ;9RtqE3N`*2PInSdUaux`R jRTZZxi@D&K)F?P z%SY1o*VnKmIN5Ep<$#!($K!Wi=G{%)f5Rj7@gsG8?b_Q|#5eCF?5KCmBW;*YcX)LD zU|ehK!4uVC9DJH-(5X(oe1BDSt)V~VB#&@xTk0o1)1q7>{vygW4^gRQ7%B~{yr@Cx zt*>c-07o-+9kqjo1n=t>8~?GxPdK=0tlMEJ`x-U2V*bEF;fH@fYgYs1vpax$*LCiR z?B?)*rg8n)5o}inaCcyNlQ=b%K&I80(4~t{ZQG4D4`hXle{o?z2v~ zc=O~;`MVDIWA0L6f69HukN+(IhbLDZy@y@Z*T1OrEw1}PY<}{H4#(kVH7|Iydgbjs zAxRmmIjCSELCo>l)@YFDQ)u9mS!d$r{7K5)%iZv8@-o=izwM15#*5XEc|jM|@Kwz` zc%ULM;_P;w=Vj=}LgrB3iiwFP!00000|8-NrZi6rkz4H~^y7d&tAqkUqK+{lqpM0G%mTJ{npwL#@ z-_IFkr5%${^z8Ry*$?M#nf4#P4SjkFUB7AShg7G_`^0bRlkYaZJ}d-@eGDTgM=%vg zfK2a1Psa%B)$uMvpoe4Y~kCcKU7Wq zzBzEmue)Qsm60Y(=6Qd^Hgy%wv?&vRtn1K6eNF(YO9_%mBt@A0F@jl5Xb5dFnGW?oy^rF# zIyospN=8E?hB-rjWxSPfAKETVYTWF)LjQ7Xw?P!crvIT==l7)e--KOz_6`C3IZ)vC2Xp{=xk zKc_%TTPC6C+3&@&AI{4%?!H~)yZG$eZd+Gxv5uFok=s^h*KS>PTrgyZ5C)KsU@G7U zy+9!3BZxi*BwV?xyHo4g0v7upMBa-z@_Yo-YJjpA5XeUmxz=~}?(8W@GS}4Iv8=20 z_DCJC_NQ=5p~eKw=iz~^tI`j&$s>2FD&GZtiU7qe1a==2&8BjoDfwN3hE&CDD}j>4 zB51mCrwFV;ND$I&G8348+8)I-bvQ##r^wv<1@p%eeKUiMTo(DwMoOAFA1N=9D`JuB zc`vULeY1md2?|zB;`AX-C^fwxfWEr~M(N>0iXj(t1@v!SsxUW;Q^DOH({fRDy_ay1x_H-$tc{GpSkM-f1!+N8;1<9Fv#Cw2vDzvtt+14}Ecye`Rx!8b G0{{S@w!{Je diff --git a/creusot/tests/should_succeed/closures/09_fnonce_resolve/why3shapes.gz b/creusot/tests/should_succeed/closures/09_fnonce_resolve/why3shapes.gz index b013a91b5109fbebc8525c4c97cf21e98a3fdfe5..055efe519aaf393d0c7b12034a74c8f048435273 100644 GIT binary patch literal 381 zcmV-@0fPP?iwFP!00000|Fx7&YlA=#hVT9gZ?-9g-8FusB!{#R8YuKq_PR{gkxKmt zyBgd6`mQF3X*Kndi|o$pyzej%?9I&9@32R0A5iI}$RBLqp50oof;%V+k>n-BNe-#` zVj2nR5Ke{!)(Fzwf@E6_y@lDn{1WZ!(0>lP zSWX-EBf`3KmbAgpzil>_wUD8V-Ea|jj5OyUh{D)ILYY60gPm*BXJWZgKoI4QV&JvwH!UO;S>*TnI literal 381 zcmV-@0fPP?iwFP!00000|Fx9COT#b}#_#$0Hzuzz4z?cvaSXaN2Aj6lNz)GZBtE^a-6+Srev@|A z4*4i)x&)h|psUsXszgy8c6w+fP3xN}UG~+Hvkv6! z969?JIlGLUbs!IiBM&blXTy=Rt0HH8$e9@bLN2N<20<0JhI_rtQ5`=R2YJ07%8fh<~*8)QKWqOOuX?%O)1r!auw=u bLda~x`2;xd8Mp$vN6h;HmHh`)!UO;S0|L0N diff --git a/creusot/tests/should_succeed/closures/10_tyinv.coma b/creusot/tests/should_succeed/closures/10_tyinv.coma index 35a5edd6ed..3fc3ff03f2 100644 --- a/creusot/tests/should_succeed/closures/10_tyinv.coma +++ b/creusot/tests/should_succeed/closures/10_tyinv.coma @@ -27,7 +27,7 @@ module M_10_tyinv__f [#"10_tyinv.rs" 14 0 14 35] { field_0'1: t_Zero'0 } predicate invariant'0 [#"10_tyinv.rs" 9 4 9 30] (self : t_Zero'0) = - [%#s10_tyinv6] UInt32.to_uint self.t_Zero__0'0 = 0 + [%#s10_tyinv6] UInt32.t'int self.t_Zero__0'0 = 0 predicate inv'3 (_1 : t_T'0) @@ -60,13 +60,13 @@ module M_10_tyinv__f [#"10_tyinv.rs" 14 0 14 35] let rec closure1'0 (_1:closure1'1) (return' (ret:UInt32.t))= {[@expl:closure '_1' type invariant] inv'2 _1} (! bb0 [ bb0 = s0 - [ s0 = {[@expl:assertion] [%#s10_tyinv4] UInt32.to_uint (_1.field_0'1).t_Zero__0'0 = 0} s1 + [ s0 = {[@expl:assertion] [%#s10_tyinv4] UInt32.t'int (_1.field_0'1).t_Zero__0'0 = 0} s1 | s1 = [ &res <- (_1.field_0'1).t_Zero__0'0 ] s2 | s2 = [ &_0 <- res ] s3 | s3 = return' {_0} ] ] ) [ & _0 : UInt32.t = any_l () | & _1 : closure1'1 = _1 | & res : UInt32.t = any_l () ] - [ return' (result:UInt32.t)-> {[@expl:closure ensures] [%#s10_tyinv5] UInt32.to_uint result = 0} + [ return' (result:UInt32.t)-> {[@expl:closure ensures] [%#s10_tyinv5] UInt32.t'int result = 0} (! return' {result}) ] @@ -88,7 +88,7 @@ module M_10_tyinv__f [#"10_tyinv.rs" 14 0 14 35] let rec closure0'0 (_1:closure0'1) (return' (ret:UInt32.t))= {[@expl:closure '_1' type invariant] inv'1 _1} (! bb0 [ bb0 = s0 - [ s0 = {[@expl:assertion] [%#s10_tyinv2] UInt32.to_uint (_1.field_0'0).t_Zero__0'0 = 0} s1 + [ s0 = {[@expl:assertion] [%#s10_tyinv2] UInt32.t'int (_1.field_0'0).t_Zero__0'0 = 0} s1 | s1 = [ &clos2 <- { field_0'1 = _1.field_1'0 } ] s2 | s2 = closure1'0 {clos2} (fun (_ret':UInt32.t) -> [ &_7 <- _ret' ] s3) | s3 = bb1 ] @@ -102,7 +102,7 @@ module M_10_tyinv__f [#"10_tyinv.rs" 14 0 14 35] | & _7 : UInt32.t = any_l () | & _9 : () = any_l () ] - [ return' (result:UInt32.t)-> {[@expl:closure ensures] [%#s10_tyinv3] UInt32.to_uint result = 0} + [ return' (result:UInt32.t)-> {[@expl:closure ensures] [%#s10_tyinv3] UInt32.t'int result = 0} (! return' {result}) ] diff --git a/creusot/tests/should_succeed/closures/10_tyinv/why3shapes.gz b/creusot/tests/should_succeed/closures/10_tyinv/why3shapes.gz index 098d94895e1612a4c010af7c8e94285a43a6812a..6f7d1a6133b055c4e5f6cab2670c9366fbcdd326 100644 GIT binary patch literal 347 zcmV-h0i^yPiwFP!00000|8__i>Q)Cf53}wkTHXTnvfJ| zr2c&k7)sN0cO>6Cb8J8CqW)kn*hg3F`sUm|MKanwk{8>w*O-~a4#gXG=a|N)cVi6Q zj|aAEY&*o%(2ptSK`%fy0cO}7kcR06!fa`Tb;oo6*&)O*P3Lo17_JxCPD_lO10M7O z#6H_0ZrUM;76tVdsq>=$9K6oeo8_q{c)AQ<#q=DjquK|^mOKrzCY@!tuP(5)1q0!A zM$#+Y6}EMQ$7(VJ7!^atK;o$0-!l#sm@0QK`)6oS08PSYjm1F8W+z*B!p*G#rsPj& znWG7Dl1f*(T9&FVQPh+P1_H6Jq(ha-NaQ?cd6Gj;iEx?B1m~gxYEy|yQOR9mlMGW? tDfHniPjk5zu&ih)6lJ9aKwlJARe)ty+tN|)d_nyxd;{ii{#Dun00173p@{$h literal 348 zcmV-i0i*sOiwFP!00000|8YR8yc{yF75m<8BXKv*#cq!ng?Fk9M`%6&JSdIvE~(~~)z+QckyJq@j#10Ku* zjGk%iic`~$LA5Bj_fVx*y?gXJ*MA8p!`$IGeihS`te)96fL`)E2wOD^CBC}AwJ}%- zFLWWZ(j9548@I0}M}UjunzDc;H{1WLLkXtRot6I#4kBP!__j+m5Z>G?)_dXC_5f4% zr?pHnj7eE*fn4&kMk!RK5`a`fMH#vsI1#0Jl8YR3$T`zat6i;;5^|N+T-Oe?bGuS0 uM~ImZ>s;k>El93?pwd|-vII3@N={3a$|}uBAo@afQ}_lF!kcjB0ssI;RH5Sl diff --git a/creusot/tests/should_succeed/closures/11_proof_assert_in_closure/why3shapes.gz b/creusot/tests/should_succeed/closures/11_proof_assert_in_closure/why3shapes.gz index 2b61134f7712f5ce1bef02b8c603777f47ec27e4..d70de3c072ea0ff9876b6e90da4f71b410052bdf 100644 GIT binary patch literal 460 zcmV;-0W<~Hk$SASM#G0ytBIZU zN2>n&l8^OfS5{Xm^-#$IhW8nmdCjMXV)#MFG!&=Q4^7v8DRlAhnbD);0k+p^!_wh6 z{@z_kHZtnd(CtrY#hqN!u^YzFwXqp<`tC4|d7C?M(uuE6Z`7_0=_ZQ}qp5AvaOTnJ z?MtLyMd;K$YMi+bO9y(= zdB*>L&&DTe+EeZw#AaTd-#Ex1-oBozO@C0PtijaYqmU*BTR_DbVy$Ep6oLUSQCh-eMJbf`-k_*6B$x>?dS1#1 z*7#&RU_`585ME)_k!Q$Mx>6NZlJQ8$t&uYN=&jdOLajjaYlFAM4F7q02%K1!HM6&nwTo7W(us8-C!PhS`z&q3PN$Gc$Ym%YR3QqOVi@EP8Q>OY6viPec%0}Jm3Aq zwC#pNPkaui=q8gUwZtaZ_qQ6;HgEX-Pn;pKz{lt0UHt6#JH+zEeDROWzw61}LY}kf zm1q3__iTK^raji)K`f`)>5PL+;_d0V*z}i1pvnR${C?PPiC>5MD|(tX`G9_LDd>HE z$(RFM03s%D5?NWY&Jc4k#cSh~pc$+<^AT*0=wyo80e6OcwvGgNmoW1aBv_6{^~K~08>3PXMPB=`f=Y@k`N1ONaY CD(b-i diff --git a/creusot/tests/should_succeed/closures/12_borrow_instances/why3shapes.gz b/creusot/tests/should_succeed/closures/12_borrow_instances/why3shapes.gz index 1f085b6730d8c5ff4797ae4d0280f336fb0eb335..c0e89b62b2f903bc48bc69ff92194e330f072476 100644 GIT binary patch literal 468 zcmV;_0W1C=iwFP!00000|BX~lZ=)~}z4I%$_2cC67iOhBaA@TGfw@)&j5bmWSs+#S z-|qlPfW)+wkns4u8IR{Zczlk#Kkn$e_`|o|p{akxI(~kNTe_b$U!va6ky=F()smWEvJ4FZ+Xs6vm=cBn zL|@^A0Y?xBGFw~)_(r!Ea;T0%&D+!d#`^>sg9 zxjNMDjaJ`Ea3PLwvS#pKvMPOE6Zb2X26PuiUV-P3OXjs^#^|DSX`aixavZ9(EMgEA zxCOAlY-){7thUNZD=h6=7ICFKt12j^%XuYvo;q0;mCzbYZa|C$jD^I4wxBG`ss8~d K8oq-&1pojwSLKrc literal 467 zcmV;^0WAI>iwFP!00000|BX~lkDD+Mz4I%$wcV4)->%dHhepmHnCogbF>0h;NP(=j z|Gonx0TR-#goMZM&3HWT!Plp}{YA&r=I^O#4|VlDxB1hzjGENeukYy#pepECx81I; z_J@uc&u^!Ww*@kU^5^dxw61pP49iVMr>aVA&(~+o0xIENU;1YHXO>ZHqH_9jG_{EgAk}#Z;473v)d_n(EEkFR!5^U zs9ZnLer?wVdZk%r-m5|%R8g~j_K0zH`atE2&!rA$_7JB~v-w=s<*Y2d9lJlz!-q82 z9?S#nN4K$K^h50@Ltd2|Y&g?;Fxz&CyF~(j9but;@3;rr_f8x9c&FLuaN3=kCRN>V zL`E3f`5!G$=y*_x~Wl11tBnz{c{sYf?iM&5cL8|Xy@>8-UYSmns6kOFzqIj9IS z0z?ooL?2zW(L^0p>&UE diff --git a/creusot/tests/should_succeed/constrained_types.coma b/creusot/tests/should_succeed/constrained_types.coma index 7356c921ab..1f7f0aa2e7 100644 --- a/creusot/tests/should_succeed/constrained_types.coma +++ b/creusot/tests/should_succeed/constrained_types.coma @@ -16,7 +16,7 @@ module M_constrained_types__uses_concrete_instance [#"constrained_types.rs" 14 0 let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 116 40 116 73 let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 117 39 117 69 let%span sord16 = "../../../creusot-contracts/src/logic/ord.rs" 122 39 122 84 - let%span snum17 = "../../../creusot-contracts/src/std/num.rs" 52 28 52 33 + let%span snum17 = "../../../creusot-contracts/src/std/num.rs" 54 32 54 37 let%span sord18 = "../../../creusot-contracts/src/logic/ord.rs" 303 20 303 68 let%span sord19 = "../../../creusot-contracts/src/logic/ord.rs" 290 8 297 11 let%span sord20 = "../../../creusot-contracts/src/logic/ord.rs" 315 20 315 68 @@ -49,7 +49,7 @@ module M_constrained_types__uses_concrete_instance [#"constrained_types.rs" 14 0 use prelude.prelude.UInt32 function deep_model'2 (self : UInt32.t) : int = - [%#snum17] UInt32.to_uint self + [%#snum17] UInt32.t'int self function deep_model'1 (self : (UInt32.t, UInt32.t)) : (int, int) = [%#stuples3] (deep_model'2 (let (a, _) = self in a), deep_model'2 (let (_, a) = self in a)) diff --git a/creusot/tests/should_succeed/constrained_types/why3shapes.gz b/creusot/tests/should_succeed/constrained_types/why3shapes.gz index 961339b23d2a83dd409e4a0cfba64a487259c19d..7fc8e9d319133cff384cbd8ae85b12d31ee08460 100644 GIT binary patch literal 392 zcmV;30eAi%iwFP!00000|8@*ss46rBo8A)2255W)P>@bL`Xv=GYOo2iS^{@sn+(doYTRiR z?>ngnH7Y1b@`89G2Pw5Fl5%t^%p~Kpb75{s>T{D}tl2R>8-|u-NwP{JZdA1gke*QO z*O>`1;=fA9H&y#(AJN%%7vdXcqDbkJL2xKUXb8m_L&`>(rjO9*MvhdOHrRxS{_J&l zaDKLHn;=Q^Lz1_#rYh2W0pX+VzvhScn`J)eQU{|eTk;e|X;kMje#VF(Aw(G@#0t%}GQ};G0<=wv z#NRV*c+@79yom0(cRcpQCue2%5>~M*KjNlazQ3K9wmds6`gK^oeN=+Pp8%Bdt!hfS@+TxKY*aL4HED zTSq3ui2o{?-c%D7eL^2M+nC-k6GciN41z;3K|?6b7*aOLw0(j`H*%!vyumgm^n0)U zgA0$_RU0K~en|2v)s!dA7Z6`p{pWQ5ev87*m3DJKk3I$we0bKz&7zs>08h^{s!|FB nk5D5x1dCu0G=f5q2!J5aV~q|i8q}zeRTRY+-?1*$RRR>K&0^s>I+67UO1Zo003rvKRf^c literal 144 zcmV;B0B`>viwFP!00000|4q%Y3c@fHM&UhAkxlKCKiF6Whc2SvC|Ttuz0yKVL(&#} zd%>YNo^LtZN|v4y7rAgQ!x&G}$Z99(Os^qQupmF@%yF`4S5zyimNJ(yEWCl$xBs}) yV@`p!RTdY)?=*d$zn2iE^B%Q!Fq#e;1T^04UE_|mhVLM8RpJZo*jb310001itU(3< diff --git a/creusot/tests/should_succeed/duration.coma b/creusot/tests/should_succeed/duration.coma index a3dd31dd1e..ef6f0718d3 100644 --- a/creusot/tests/should_succeed/duration.coma +++ b/creusot/tests/should_succeed/duration.coma @@ -118,14 +118,14 @@ module M_duration__test_duration [#"duration.rs" 7 0 7 22] function view'0 (self : t_Duration'0) : int axiom view'0_spec : forall self : t_Duration'0 . [%#stime44] view'0 self >= 0 - /\ view'0 self <= secs_to_nanos'0 (UInt64.to_uint (v_MAX'0 : UInt64.t)) + 999999999 + /\ view'0 self <= secs_to_nanos'0 (UInt64.t'int (v_MAX'0 : UInt64.t)) + 999999999 - let rec new'0 (secs:UInt64.t) (nanos:UInt32.t) (return' (ret:t_Duration'0))= {[@expl:new requires] [%#stime42] UInt64.to_uint secs - + nanos_to_secs'0 (UInt32.to_uint nanos) - <= UInt64.to_uint (v_MAX'0 : UInt64.t)} + let rec new'0 (secs:UInt64.t) (nanos:UInt32.t) (return' (ret:t_Duration'0))= {[@expl:new requires] [%#stime42] UInt64.t'int secs + + nanos_to_secs'0 (UInt32.t'int nanos) + <= UInt64.t'int (v_MAX'0 : UInt64.t)} any [ return' (result:t_Duration'0)-> {[%#stime43] view'0 result - = secs_to_nanos'0 (UInt64.to_uint secs) + UInt32.to_uint nanos} + = secs_to_nanos'0 (UInt64.t'int secs) + UInt32.t'int nanos} (! return' {result}) ] @@ -139,27 +139,26 @@ module M_duration__test_duration [#"duration.rs" 7 0 7 22] use prelude.prelude.UInt128 let rec as_nanos'0 (self:t_Duration'0) (return' (ret:UInt128.t))= any - [ return' (result:UInt128.t)-> {[%#stime45] UInt128.to_uint result = view'1 self} - {[%#stime46] UInt128.to_uint result <= secs_to_nanos'0 (UInt64.to_uint (v_MAX'0 : UInt64.t)) + 999999999} + [ return' (result:UInt128.t)-> {[%#stime45] UInt128.t'int result = view'1 self} + {[%#stime46] UInt128.t'int result <= secs_to_nanos'0 (UInt64.t'int (v_MAX'0 : UInt64.t)) + 999999999} (! return' {result}) ] let rec from_secs'0 (secs:UInt64.t) (return' (ret:t_Duration'0))= any - [ return' (result:t_Duration'0)-> {[%#stime47] view'0 result = secs_to_nanos'0 (UInt64.to_uint secs)} + [ return' (result:t_Duration'0)-> {[%#stime47] view'0 result = secs_to_nanos'0 (UInt64.t'int secs)} (! return' {result}) ] let rec from_millis'0 (millis:UInt64.t) (return' (ret:t_Duration'0))= any - [ return' (result:t_Duration'0)-> {[%#stime48] view'0 result = UInt64.to_uint millis * 1000000} - (! return' {result}) ] + [ return' (result:t_Duration'0)-> {[%#stime48] view'0 result = UInt64.t'int millis * 1000000} (! return' {result}) ] let rec from_micros'0 (micros:UInt64.t) (return' (ret:t_Duration'0))= any - [ return' (result:t_Duration'0)-> {[%#stime49] view'0 result = UInt64.to_uint micros * 1000} (! return' {result}) ] + [ return' (result:t_Duration'0)-> {[%#stime49] view'0 result = UInt64.t'int micros * 1000} (! return' {result}) ] let rec from_nanos'0 (nanos:UInt64.t) (return' (ret:t_Duration'0))= any - [ return' (result:t_Duration'0)-> {[%#stime50] view'0 result = UInt64.to_uint nanos} (! return' {result}) ] + [ return' (result:t_Duration'0)-> {[%#stime50] view'0 result = UInt64.t'int nanos} (! return' {result}) ] let rec is_zero'0 (self:t_Duration'0) (return' (ret:bool))= any @@ -169,7 +168,7 @@ module M_duration__test_duration [#"duration.rs" 7 0 7 22] let rec as_secs'0 (self:t_Duration'0) (return' (ret:UInt64.t))= any - [ return' (result:UInt64.t)-> {[%#stime52] UInt64.to_uint result = nanos_to_secs'0 (view'1 self)} + [ return' (result:UInt64.t)-> {[%#stime52] UInt64.t'int result = nanos_to_secs'0 (view'1 self)} (! return' {result}) ] @@ -234,7 +233,7 @@ module M_duration__test_duration [#"duration.rs" 7 0 7 22] = (cmp_log'0 x y <> C_Greater'0) let rec subsec_millis'0 (self:t_Duration'0) (return' (ret:UInt32.t))= any - [ return' (result:UInt32.t)-> {[%#stime53] UInt32.to_uint result = mod (nanos_to_millis'0 (view'1 self)) 1000} + [ return' (result:UInt32.t)-> {[%#stime53] UInt32.t'int result = mod (nanos_to_millis'0 (view'1 self)) 1000} {[%#stime54] UInt32.ult result (1000 : UInt32.t)} (! return' {result}) ] @@ -243,24 +242,24 @@ module M_duration__test_duration [#"duration.rs" 7 0 7 22] [%#stime74] div nanos 1000 let rec subsec_micros'0 (self:t_Duration'0) (return' (ret:UInt32.t))= any - [ return' (result:UInt32.t)-> {[%#stime55] UInt32.to_uint result = mod (nanos_to_micros'0 (view'1 self)) 1000000} + [ return' (result:UInt32.t)-> {[%#stime55] UInt32.t'int result = mod (nanos_to_micros'0 (view'1 self)) 1000000} {[%#stime56] UInt32.ult result (1000000 : UInt32.t)} (! return' {result}) ] let rec subsec_nanos'0 (self:t_Duration'0) (return' (ret:UInt32.t))= any - [ return' (result:UInt32.t)-> {[%#stime57] UInt32.to_uint result = mod (view'1 self) 1000000000} + [ return' (result:UInt32.t)-> {[%#stime57] UInt32.t'int result = mod (view'1 self) 1000000000} {[%#stime58] UInt32.ult result (1000000000 : UInt32.t)} (! return' {result}) ] let rec as_millis'0 (self:t_Duration'0) (return' (ret:UInt128.t))= any - [ return' (result:UInt128.t)-> {[%#stime59] UInt128.to_uint result = nanos_to_millis'0 (view'1 self)} + [ return' (result:UInt128.t)-> {[%#stime59] UInt128.t'int result = nanos_to_millis'0 (view'1 self)} (! return' {result}) ] let rec as_micros'0 (self:t_Duration'0) (return' (ret:UInt128.t))= any - [ return' (result:UInt128.t)-> {[%#stime60] UInt128.to_uint result = nanos_to_micros'0 (view'1 self)} + [ return' (result:UInt128.t)-> {[%#stime60] UInt128.t'int result = nanos_to_micros'0 (view'1 self)} (! return' {result}) ] @@ -283,8 +282,8 @@ module M_duration__test_duration [#"duration.rs" 7 0 7 22] let rec checked_add'0 (self:t_Duration'0) (rhs:t_Duration'0) (return' (ret:t_Option'0))= any [ return' (result:t_Option'0)-> {[%#stime61] nanos_to_secs'0 (view'0 self + view'0 rhs) - > UInt64.to_uint (v_MAX'0 : UInt64.t) -> result = C_None'0} - {[%#stime62] nanos_to_secs'0 (view'0 self + view'0 rhs) <= UInt64.to_uint (v_MAX'0 : UInt64.t) + > UInt64.t'int (v_MAX'0 : UInt64.t) -> result = C_None'0} + {[%#stime62] nanos_to_secs'0 (view'0 self + view'0 rhs) <= UInt64.t'int (v_MAX'0 : UInt64.t) -> deep_model'0 result = C_Some'0 (view'0 self + view'0 rhs)} (! return' {result}) ] @@ -306,22 +305,22 @@ module M_duration__test_duration [#"duration.rs" 7 0 7 22] let rec checked_mul'0 (self:t_Duration'0) (rhs:UInt32.t) (return' (ret:t_Option'0))= any - [ return' (result:t_Option'0)-> {[%#stime65] nanos_to_secs'0 (view'0 self * UInt32.to_uint rhs) - > UInt64.to_uint (v_MAX'0 : UInt64.t) -> result = C_None'0} - {[%#stime66] nanos_to_secs'0 (view'0 self * UInt32.to_uint rhs) <= UInt64.to_uint (v_MAX'0 : UInt64.t) - -> deep_model'0 result = C_Some'0 (view'0 self * UInt32.to_uint rhs)} + [ return' (result:t_Option'0)-> {[%#stime65] nanos_to_secs'0 (view'0 self * UInt32.t'int rhs) + > UInt64.t'int (v_MAX'0 : UInt64.t) -> result = C_None'0} + {[%#stime66] nanos_to_secs'0 (view'0 self * UInt32.t'int rhs) <= UInt64.t'int (v_MAX'0 : UInt64.t) + -> deep_model'0 result = C_Some'0 (view'0 self * UInt32.t'int rhs)} (! return' {result}) ] let rec checked_div'0 (self:t_Duration'0) (rhs:UInt32.t) (return' (ret:t_Option'0))= any [ return' (result:t_Option'0)-> {[%#stime67] rhs = (0 : UInt32.t) -> result = C_None'0} - {[%#stime68] rhs <> (0 : UInt32.t) -> deep_model'0 result = C_Some'0 (div (view'0 self) (UInt32.to_uint rhs))} + {[%#stime68] rhs <> (0 : UInt32.t) -> deep_model'0 result = C_Some'0 (div (view'0 self) (UInt32.t'int rhs))} (! return' {result}) ] let rec add'0 (self:t_Duration'0) (rhs:t_Duration'0) (return' (ret:t_Duration'0))= {[@expl:add requires] [%#stime69] view'0 self + view'0 rhs - <= secs_to_nanos'0 (UInt64.to_uint (v_MAX'0 : UInt64.t)) + 999999999} + <= secs_to_nanos'0 (UInt64.t'int (v_MAX'0 : UInt64.t)) + 999999999} any [ return' (result:t_Duration'0)-> {[%#stime69] view'0 self + view'0 rhs = view'0 result} (! return' {result}) ] let rec sub'0 (self:t_Duration'0) (rhs:t_Duration'0) (return' (ret:t_Duration'0))= {[@expl:sub requires] [%#stime69] view'0 self diff --git a/creusot/tests/should_succeed/duration/why3session.xml b/creusot/tests/should_succeed/duration/why3session.xml index 3e94a5ba34..7ebc65d888 100644 --- a/creusot/tests/should_succeed/duration/why3session.xml +++ b/creusot/tests/should_succeed/duration/why3session.xml @@ -7,7 +7,7 @@ - + diff --git a/creusot/tests/should_succeed/duration/why3shapes.gz b/creusot/tests/should_succeed/duration/why3shapes.gz index 6b1412630e2d35ac11e3cd7f8b57b91c15bcefd8..eadf10905b16a0f4b86b19bc4ea80700a4fb88c9 100644 GIT binary patch literal 553 zcmV+^0@nQ>iwFP!00000|DBaxi<>|chVT6qxwFl(Fr)LK%Vr^z+7a5^v<$tIgBi8~ zqe(O={r8<2jgH2&%LXBnci!{yoEgc7<)Z!t2URaF>QwKl@@c^q%a0yBui&y%zkMVT zJV34TI%}$|gtDrA1dYEd8@OcO)<1oe$JfsqUWTw7B_6CG-ygD~desV+0es3nAJ0(u z=m;w#Oe{o(+VWM^x=1?O2_?}xUrq`db@HdFnWXOSIFw4(C!NG`8B08|M>87ND!$>t z`Wc9(yMe@^+td-xuT3i_-e&A264Sm%V^pm+&B-L@uCHiX?IxjaH=YzPR4XT5bA(-a z(Y633{mNvJA%Y*Lvsy!cjEtD$MF_cCm}7+WW2f|Zl>^qV_z<4hOEGK8ZT!PO<3k<) ze9!dei>d2K7PM@ecAY>`tJMB5hq$Rq)!xd^r|Y((Vc2xJRqBxKtF0=mq$9ppdmRDW z-KFn{w)L?dkIAgRETUT>?c~Jj$Y}|6Ej7ns=h}oDE@?bO>Gc3YqY+5w>p^IA17agO zkmW3f8NMB^nX;MoJ?D7z>A0N~Ufz?%4vBIHmv^{k&BnBRLd$Mx*&HpoRuBFII~ZqJ z*&A8!C23KqgG$|#C1X}PVI{Y$WMF-CCf&bA>G-vz;Hmwg`IFhd1J45zu~6k9IL r6GCIgRUD8I6CMTe0tW(Pfsu$sB)DLL3L-+GRe`*}@qvCYR|Wt86NVEM literal 550 zcmV+>0@?i^iwFP!00000|DBb=j+-zLhVMK@ZfUbx$p+hyYO_*Ql^UtdWh<*UG$rmf z5`iQTs=j?~L%^71yWI#Wli&Z0=bJ&wyTz>f1qWHp8hNUAW$|IgW{dY8JglJE$=`D% z5Zpl}vns92w1A?l<_J`H-W4@8>DTr5Im(uo&l(uw##|XrWT^ zga@lR*t>R*h>VaeUI8GTg|P>1P*OqUbot$plWyNT%OBTj=lN_ zyP{DxAH{v7D~JHWx6@g!p>`Y0UIWAjp6HDxCM?#28- zEf-nHx!EJe7Nu z0oz^E_e3upU^OCLTYVW!`;MfOW1}OhDbzJpABU4m8+N*&%OOj}0}72sD4nlIq0t1z zWOOKt8z6cGX2g2ddgiyi?h2A|Qwco2wUQYZ4K47n1J^MdbB7K$n{u;j++^s${|B~h zy-LkqN&Qlx7Mfbn)ZR83Q&WeUOsUC0eQ(XZjXb$O)PGX*r{H-%ND%rFg^0jUK$H<6 o0YQw08D$J3Im153m}A73JmMi|oN~egu2hb^zv^u`!(9dd0Nfu3Bme*a diff --git a/creusot/tests/should_succeed/filter_positive.coma b/creusot/tests/should_succeed/filter_positive.coma index 35d7a066a9..598e3e1935 100644 --- a/creusot/tests/should_succeed/filter_positive.coma +++ b/creusot/tests/should_succeed/filter_positive.coma @@ -199,7 +199,7 @@ module M_filter_positive__m [#"filter_positive.rs" 82 0 82 33] function view'0 (self : t_Vec'0) : Seq.seq Int32.t - axiom view'0_spec : forall self : t_Vec'0 . [%#svec18] Seq.length (view'0 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) + axiom view'0_spec : forall self : t_Vec'0 . [%#svec18] Seq.length (view'0 self) <= UInt64.t'int (v_MAX'0 : UInt64.t) use seq.Seq @@ -225,7 +225,7 @@ module M_filter_positive__m [#"filter_positive.rs" 82 0 82 33] let rec len'0 (self:t_Vec'0) (return' (ret:UInt64.t))= {[@expl:len 'self' type invariant] inv'0 self} any - [ return' (result:UInt64.t)-> {[%#svec21] UInt64.to_uint result = Seq.length (view'1 self)} (! return' {result}) ] + [ return' (result:UInt64.t)-> {[%#svec21] UInt64.t'int result = Seq.length (view'1 self)} (! return' {result}) ] predicate inv'1 (_1 : UInt64.t) @@ -233,14 +233,14 @@ module M_filter_positive__m [#"filter_positive.rs" 82 0 82 33] axiom inv_axiom'1 [@rewrite] : forall x : UInt64.t [inv'1 x] . inv'1 x = true predicate in_bounds'0 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq Int32.t) = - [%#sslice40] UInt64.to_uint self < Seq.length seq + [%#sslice40] UInt64.t'int self < Seq.length seq predicate inv'2 (_1 : Int32.t) axiom inv_axiom'2 [@rewrite] : forall x : Int32.t [inv'2 x] . inv'2 x = true predicate has_value'0 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq Int32.t) (out : Int32.t) = - [%#sslice41] Seq.get seq (UInt64.to_uint self) = out + [%#sslice41] Seq.get seq (UInt64.t'int self) = out let rec index'0 (self:t_Vec'0) (index:UInt64.t) (return' (ret:Int32.t))= {[@expl:index 'self' type invariant] inv'0 self} {[@expl:index 'index' type invariant] inv'1 index} @@ -265,8 +265,8 @@ module M_filter_positive__m [#"filter_positive.rs" 82 0 82 33] let rec from_elem'0 (elem:Int32.t) (n:UInt64.t) (return' (ret:t_Vec'0))= {[@expl:from_elem 'elem' type invariant] inv'3 elem} any [ return' (result:t_Vec'0)-> {inv'4 result} - {[%#svec24] Seq.length (view'0 result) = UInt64.to_uint n} - {[%#svec25] forall i : int . 0 <= i /\ i < UInt64.to_uint n -> index_logic'0 result i = elem} + {[%#svec24] Seq.length (view'0 result) = UInt64.t'int n} + {[%#svec25] forall i : int . 0 <= i /\ i < UInt64.t'int n -> index_logic'0 result i = elem} (! return' {result}) ] @@ -304,7 +304,7 @@ module M_filter_positive__m [#"filter_positive.rs" 82 0 82 33] axiom inv_axiom'6 [@rewrite] : forall x : borrowed Int32.t [inv'6 x] . inv'6 x = true predicate resolve_elswhere'0 [@inline:trivial] (self : UInt64.t) (old' : Seq.seq Int32.t) (fin : Seq.seq Int32.t) = - [%#sslice44] forall i : int . 0 <= i /\ i <> UInt64.to_uint self /\ i < Seq.length old' + [%#sslice44] forall i : int . 0 <= i /\ i <> UInt64.t'int self /\ i < Seq.length old' -> Seq.get old' i = Seq.get fin i let rec index_mut'0 (self:borrowed (t_Vec'0)) (index:UInt64.t) (return' (ret:borrowed Int32.t))= {[@expl:index_mut 'self' type invariant] inv'5 self} @@ -338,10 +338,10 @@ module M_filter_positive__m [#"filter_positive.rs" 82 0 82 33] | bb1 = bb2 | bb2 = bb3 | bb3 = bb3 - [ bb3 = {[@expl:loop invariant #0] [%#sfilter_positive4] UInt64.to_uint i <= Seq.length (view'0 t)} - {[@expl:loop invariant #1] [%#sfilter_positive3] UInt64.to_uint count <= UInt64.to_uint i} - {[@expl:loop invariant #2] [%#sfilter_positive2] UInt64.to_uint count - = num_of_pos'0 0 (UInt64.to_uint i) (view'0 t)} + [ bb3 = {[@expl:loop invariant #0] [%#sfilter_positive4] UInt64.t'int i <= Seq.length (view'0 t)} + {[@expl:loop invariant #1] [%#sfilter_positive3] UInt64.t'int count <= UInt64.t'int i} + {[@expl:loop invariant #2] [%#sfilter_positive2] UInt64.t'int count + = num_of_pos'0 0 (UInt64.t'int i) (view'0 t)} (! s0) [ s0 = bb4 ] [ bb4 = s0 [ s0 = len'0 {t} (fun (_ret':UInt64.t) -> [ &_12 <- _ret' ] s1) | s1 = bb5 ] | bb5 = s0 @@ -377,8 +377,8 @@ module M_filter_positive__m [#"filter_positive.rs" 82 0 82 33] | bb13 = bb14 | bb14 = bb15 | bb15 = bb15 - [ bb15 = {[@expl:loop invariant #0] [%#sfilter_positive12] UInt64.to_uint count - = num_of_pos'0 0 (UInt64.to_uint i) (view'0 t)} + [ bb15 = {[@expl:loop invariant #0] [%#sfilter_positive12] UInt64.t'int count + = num_of_pos'0 0 (UInt64.t'int i) (view'0 t)} {[@expl:loop invariant #1] [%#sfilter_positive11] Seq.length (view'0 u) = num_of_pos'0 0 (Seq.length (view'0 t)) (view'0 t)} (! s0) [ s0 = bb16 ] @@ -393,14 +393,14 @@ module M_filter_positive__m [#"filter_positive.rs" 82 0 82 33] | s1 = any [ br0 -> {_33 = false} (! bb25) | br1 -> {_33} (! bb20) ] ] | bb20 = s0 - [ s0 = {[@expl:assertion] [%#sfilter_positive14] let _ = lemma_num_of_pos_strictly_increasing'0 (UInt64.to_uint i) (view'0 u) in num_of_pos'0 0 (UInt64.to_uint i) (view'0 t) - < num_of_pos'0 0 (UInt64.to_uint i + 1) (view'0 t)} + [ s0 = {[@expl:assertion] [%#sfilter_positive14] let _ = lemma_num_of_pos_strictly_increasing'0 (UInt64.t'int i) (view'0 u) in num_of_pos'0 0 (UInt64.t'int i) (view'0 t) + < num_of_pos'0 0 (UInt64.t'int i + 1) (view'0 t)} s1 | s1 = bb21 ] | bb21 = s0 - [ s0 = {[@expl:assertion] [%#sfilter_positive15] let _ = lemma_num_of_pos_increasing'0 0 (UInt64.to_uint i - + 1) (Seq.length (view'0 t)) (view'0 t) in UInt64.to_uint count < Seq.length (view'0 u)} + [ s0 = {[@expl:assertion] [%#sfilter_positive15] let _ = lemma_num_of_pos_increasing'0 0 (UInt64.t'int i + + 1) (Seq.length (view'0 t)) (view'0 t) in UInt64.t'int count < Seq.length (view'0 u)} s1 | s1 = bb22 ] diff --git a/creusot/tests/should_succeed/filter_positive/why3session.xml b/creusot/tests/should_succeed/filter_positive/why3session.xml index b4d4ff651e..669a325889 100644 --- a/creusot/tests/should_succeed/filter_positive/why3session.xml +++ b/creusot/tests/should_succeed/filter_positive/why3session.xml @@ -2,28 +2,121 @@ - - + - + - + - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/creusot/tests/should_succeed/filter_positive/why3shapes.gz b/creusot/tests/should_succeed/filter_positive/why3shapes.gz index 39e34fd5f15808cb6f049f617c7c9223e9858483..d32b7060b1f84183c1b667195dc319154266dee3 100644 GIT binary patch literal 2512 zcmV;>2`}~^iwFP!00000|GigPj~h7-e)q31un)aE!2qIeEs_9UAcp2)F)xF{ycs%^ zO5E+lM>4a&eyO_bDj(fBI_S2oq9~H$@sahw9U%J|y_&KHeaE^#j!w|(e1%If{#wr<_+eL&9l?n5IUe`ol3DlQa(`zh&#tBYbh zguCnX@OJ;M(ODGKzfFTu2Qn+-JI2p-`qDUbe^+=uul~FE^NuXf;)A}f*fc(PnG%AE zP2)3cOyk4ajXpjobvfIAa`nS!JjIv&qNhP6mi?lq(Mm4+MNeauTK0>c#w)$-7w3+w zOa@hXwm|VA39O;eNpc!`dw`MJck@_4z}g3e$^duW?J9ct9p3ZtE348%LPTYYxxLmHhr z?hj?qQM$)K$|ZJh2YO35tdnyw7N-AHRLDLG-6LYbz58o*KmjY%+t7YTN4*#vH1LDFUIhDI~>s=bc1jjhlUlF7F zMtsJ1u1EJhId@X0J>Mgh3}g05LBr*W?qwf^_NR*Lo>Z~O_$l}0+C8+s?tIzw90a+% z-Q2Gdg8KZfd|$3&-bJGA7^fHRP~_xJg{LXr)q3-`4g*g`p>0JJPT9L|L}7VV_{2vO zk6-Z8E#KB-w~mD!zFt>fytkqP6Ci~FNk^0pFJXd-a3b^+1?dC@VG4uv3}fgO7^E%X zY-T%i+4%(5vy9Spw@ceS4(E**PD3(r_xM8Wu?w-5UpT+nZn1jf-TeoQS*{;k9ovqv zx1;rq2Av9{QO2anq8W@qB!{$0fRO*lyDhyBp_8bE16KM`m1X)}IsB z_U_BOw0)w^qrCI#XcU}Kt~jFCj3-X_yAY1eM1DA$e7Oz7*Y;t!0rb}kVrVz)tm)EA z+lZ!IjXh9NT2ahb#*rMGgT_sG{JV|(hTVR1e4i~iok>ui_hclFhr>|PuAn>UNA zAcXE%bb!??Z)4lyN5Sc0l6t>)sfQova}7V;nw1ZHXLc3qhvaIncWTA;aqMeqwZ2uS zlYwlUzo#cBU7y~Vs36?z{bvKit>!;20>*EiEhEpcTJ#227?5kmR#bg$bYpJ59;-cbmQMN|tQ8Ck1Cgv)F2UmrM>8g|tE>y*N zvyc_1%|i4Ui2g*W&4RV}RcE-?&`!-(kK)-yizboc;yRq2T=pE#iUBu{9OaMjWjNJn z?v1<5az${DV&zziVq8s7ti-fMG0Y|OLWg3_sspj2Wsf`E7 zDX;x(mSyzPv*1Y(CixJkW6lScjZ-|CI0s8+lxmZh=Y%+j(tvhG1utbn@gRXB6SH)t z2#1`db0LQqQW9KK7by!`si-1BHjZqG(Ug?e9_2WZ3AmUXVVp9SjZhicjI@CN!UDIz zEKmzzfmma;RaROtqu?XUf+wLM5gnMKN>ZhPYT+3{yR`-Nn3Nnjp%IT8{E;bWFS$1$ zKu5tGhdCt{%o7A9@X~Na2@k-c%*q6zgr|&yWKy6YYAHNTmQ$4ZNEKi!)Pe9UIl?j% zL^AIcb91UJm6i%i(VgruaY}h5nPzB;r|5U%f_Gd<42UpVyE%g*juA_ZrTWQod7wCx zm4wKOVAhzdiN~lI^c^w6%o($cev@d;jlc>F39UxAdZ#cGB^Dxnl5%>^gk}6&r2~&y zu;^5#nsQH)QY1SJGM2W$`l15>JiE6e3~Yl_)v&$IDa2&W8A>Ka@^ zCrXWB7qnCg|53_30i`m_9KEJ=NWyDnj1hwIOq6t`nz;FK`gA0mQKNAV6$J?$B|2v6 zUBKEElFfy%f?L6?pjLntD2_U}&UK2{0=}^o$`GBBGbr2=m=)fPj%o5yhhkikCK^f+iY~G6j&S!zBq;lJC>x z4K|sq8F&$y4v_|q-Xeg2C8%VqgDlCdWLDB2p^~s1l4g3DM?cqKHTj7K8BIbU*kdwB zC*jaaaK53y6Ui7vDaweWwbjaMX|=GLTg|MdKgBrhjldTXd=F9D2tvJPB0CwP2t2XY zI76+$Z({XxSilU!_a)|We8~al%F;+=lIR#7gV4=rX1F!%S&hJMEwxHGNP)z>L101X aC7N@IMi5>m10$Z_j{gH3ycvM)Bme-J$K(Y7 literal 848 zcmV-W1F!raiwFP!00000|CLnBZsRx*yz47`^UMSR*d!&93p;=g5#+;SFN4P1gf>Mb z^g~W8*}?w(f_nHNJCoUy3f;x(W_45FeoX3Ddb9Q9X!o_-Rew#Q$&c@Wb2OtzdZd*B za{fy$q1oK94u6q-qGp%7s-YL#P}30&Yv^fCj#h!)zBT{mZQ+3CR2{bYuFT(d^^_q) zK+?r;zqIE03qIE#CD>>r@n{nuYoG-kf89Cb6>ZN&YYx)9iF&>IDEb#I@ z@#ySFYiLh8=6@%@rYyY~5Fke}9uUx@p8<;TfKG{v0YN(<(Pf4S0rE6x-pN(RDMOhK zV2A;R=>Ucp$0!}Z5EB@u0~lfwRXTuMD^Vk`8!u5CKwyhe*T7I4wxAj6-Z=!;d5pR> zYh$-t%FlAStIXa~?Wz~=2Ow|+fgm0IJiKiz`|<=mAb1bkQ#9)Y{AzS44aQ4|5F$hf z>NXl9sP1Tl5T6_m5p;S&Lo`Cp(i7?~ceyM=j%~Znb2y`f=Dm?9#Q0dBko?SFocYo} z`yO-EBLitduF99YLsisw2@9H|1X}L)``w2vrrR}gjWR+RCqBilQbJSdD%zk_)qyPr(ahdIVq#70RQAty?$;t z^~bB-TkmB2yCY})gkGu6kF+^lo@y%(&E2PbB5V%(z4gOWNxwl-JwJ~mR3`z*0fkQb zx9rjE!oSf{wb}a%Gzhkpue|+uEA1R+N4N|9fBHo*eEtKNQIWO{jyIEZS`5O)bqhn&4 zsj@Jk;ifcUEK3t9MFj~<#RM`IsHKTZ!&oUpBEBr*r3y7^9vW*RV`u`I$ao-x3Yj(n z0PL~=9fxITnb1Im*M8R!OXzVoz7!|f_xQUpDsj(U1hFQ(a1q3s^wLETYsxDZ!R#VmyWp({ z7R2$iL9X$3AzpQ@X9*mO`)xOj-@896SUvteYrNH6V^2fZ9B2g?nr_(l1oKSU^?mnD z)r37L58MO%>t>hyk6DZd=|L~}*<;xEJ+Qpe|7BN)ru(|P3iiwFP!00000|GiU9PwOxcyysWsR^XKN`Xff-07xd4-Vym4Z5)?Igrp>C zfq(x(6PF_Bfdia8+L@hQ%j2_)xL?!8_wmkmebqLXv5YUyqv4sVX17ReVgd*?uwVj+ zCX%Rm%WJydZfc)I{%JG3<$K%j`0F7!G0RK-M2?Gi#+)0Rmd!<7#W)RYP8t^x*f$ z@dD|%!ioC(UJhtgHB|r2r~~o4bEe0{KbbW}gZ-rG-*L*4L(1lb%t>00IW}W{t(wv- z9b3--FFn~b-q&2upKs0@a~MS&3!!*YDojyBA&?U%O;AYC(wAwB8OtC`B7~AwsZyvV z^H8i>K_A|50;< Ha|8eYLhi`Y diff --git a/creusot/tests/should_succeed/ghost/ghost_map/why3session.xml b/creusot/tests/should_succeed/ghost/ghost_map/why3session.xml index cf943b0c9a..9ff8b4a694 100644 --- a/creusot/tests/should_succeed/ghost/ghost_map/why3session.xml +++ b/creusot/tests/should_succeed/ghost/ghost_map/why3session.xml @@ -7,7 +7,7 @@ - + diff --git a/creusot/tests/should_succeed/ghost/ghost_map/why3shapes.gz b/creusot/tests/should_succeed/ghost/ghost_map/why3shapes.gz index 7769cd69a8c882107da34085d711e897447d7db4..223f8d336b0fa1e6624d7a170bcbac003e43ddc7 100644 GIT binary patch literal 696 zcmV;p0!RHHiwFP!00000|CLo;Z`&XgefO`(TeeP~?>^Vkgx+bXJ7HJzEzj$i?y{5HAQ;6BknD{q?hXK}KT(3=$rh*BRpln5ZHkIareQD40_a&Jhee#|EIpFeZYt0zat zP2^A}VD#KXM<*M#s}IVMCIX|vxsb^3KFs075tDi9$dqSdhXu}L#sWj?BZul-ochT3 zkZ#~GJ%+)MA!YTJmGXDLFBLKkN)uNH+hIH%GUp}EBfQj-+q%@6_3bI^wr>=g!+f`u ztGa3GSAAT&t)N71ib|FOC$d=U-(@ka^RV%u@wBeD{r=t6p^*q){*KIh!FkX($K%>RjER+l);?Ia+g28(c@wo^#6%ijru#ZKs&xoLc;rAlgxd=KH z!Hy#6B@v6qkIcL@!+h6Xta{z_>u%hTIlN_UwH!O2z{4`{n?`9#L+@o}{Z!%U2ZV$-7+Cr&yy2V=m0mL^nJzfqdRwmLXsd#rkd&@FPT`EQX&hMzD) z?i(GBmlg%~)0WwfXb{j1OYmwH$Be8M+W>4Jf|X=3C_*72GmJPS9AXZP1LZ(CL>xj6 em;-P?JmE2CoN~e=9&(Lx6#N4VOz2^y2LJ$OVOz}r literal 696 zcmV;p0!RHHiwFP!00000|CLq2Zlf>|z4H~hWw)zJ9s@S4)Rm%2$hq{gm9NMpPK%O2 z3MAd`*YDV1rzB~zl~6K%9=~~h9>cerN&BL1jAq1IZy{Ak%-kT)!d^%1Avn zJ3UA6S$FxaYRkWRVQ1naB$9E4lxEHR97h&(ud1x}2(ios4g<+E7dVW{By)koLYZbR zu-jHEojV0!9=m~lTV>VirZW@h2$c}3AA@TE1wuXe^V>XF@{>(iuP7aQn z$e~=q;JJwoPBwZ|@3kRKB_*YEAyv0NEa1oylX>jOm}g{%1x{opl0xPqhhi?xeB^rw z8#v4kVbEtNRlVnH^|;%vH8Bm!QdfuCVKN?a=Ory7I!DQEy++M=d)9TkYc!d{bhA=V zb<@;ucwC#6WU*S7m0C-hs&aw9^KxA0e(6KwXYi$`|al;JM+ zcCZw$TYrFIG9Q|OMYEwSfa}yKzNk|CY7Y3hI0U536F=G#VxKy_c`+=dzH@q$9_R zZptn%7xuM`f1?Jarbo|C9CdC1#(@7U9W$(crF5Lw>fng&vEqo3YvdI9uaQTFKjwzq zH#!_HEeY(WEw>-hAXr8UFLlaUvWz&1XhNRC0>R}XO^YO4PACzO3P=QS0Zc$FAQBJ? epaMVu5vfQ77fi$=5}`m;kl-I*;%h0T2LJ$T#75Bo diff --git a/creusot/tests/should_succeed/ghost/ghost_set/why3session.xml b/creusot/tests/should_succeed/ghost/ghost_set/why3session.xml index e0842d299c..bd75c992d3 100644 --- a/creusot/tests/should_succeed/ghost/ghost_set/why3session.xml +++ b/creusot/tests/should_succeed/ghost/ghost_set/why3session.xml @@ -7,7 +7,7 @@ - + diff --git a/creusot/tests/should_succeed/ghost/ghost_set/why3shapes.gz b/creusot/tests/should_succeed/ghost/ghost_set/why3shapes.gz index edeab4f1e4c2cf41fab76958040542aa10be87da..a86974f9f0c390d9561e34e3fc7bbf41e54d74ef 100644 GIT binary patch literal 417 zcmV;S0bc$eiwFP!00000|Fu-hZo)7Syyq)&OUucRB$!GZ=)pBo)l=nbv^WN$h8Ubc z%iq@|m=pw3E0vSSvl`FtWR-_OSTA9%>u{%SU6|@AOvAxr&}^Wnb`g?@d*C@NG55f8 zL=x_S=cuII1JA`W<{o%1kqP&}bE!e`e$9br(Vskc_62uG_Am>Fx$r_LRgbR;p67*9c&s&P)W8=o>oH@yL$ zbS*17J~g*Ik|;Z*tGcYlTnYHO`_ zw|f{JKQKN^~$s{-q*NaC*ExZzKc=kg8n9Zg(iDhn!0&5UlD36jNjTYnqJ#5 z!rTN`+7I+<-R!gW-xUOeVIXsuX|2#`HV05TX9(ClndOXN2uFg6p-4p{VnGEFSfJn= LWEkq(`vd?0xxK-l literal 417 zcmV;S0bc$eiwFP!00000|Fu-hPQx$|yyq)&3vlwrc_MKr2jfbJ6Y@3MIxdY!aT7RodTj}QBPyD-EuUli)Yy%<)bHH&RfH~l} zP=w3@$5BC<1CEPC#2j#3EMn$>;}VfD2OO7*lsVuHMa1T-sPT2Psuh{M;Dd-Fd^H<2 zU^?I(40||5qgq{WRRAb!-ENE`0R+o;oM~h9hbk==G#3yGfGJAdbk?c0wo^PP!OUfkP@Z9mArh z36Y~rB7*bX%X_k@^;;zcwZ@q>SSV9W`x|W82(?LLajPJXHSo-JfBi+!&+m z?HWe=4-ESVA9isWwbXr#*EJs3i49u;S1}q~$lqko*cDF;-FA=qGa!8>W0y9JCg(OR z%gO=hH zNV56&bpUT^qA2ZUDLGujP^vO04c5{f3b2U|E)u?(($!q&u>607@_zX#%$hB#!KCcS( zY=+kd9mGkw6gUdhp#DYvXV>xD$KTL-yjS`)+OPSLp!554%J_IBau%5;3A-7&UWU3d z_wMAHEd5TA>nzO29_Vze$WRR(S75642@U8{wc{em%wHZzcC}V^sT2g}Wz!$>;b(K) z-rnX_(`$;|vv~Itoy6)^>K>oV~1Xs#o8_8j%s;A0VWQ;e9O7I5A zru*;f1>BHbt+u^15)yCTd_ChCZtmiKt9Q1K_qOY6*M5n4e0LiSFS>5`2`G>O1P&=A z0|*>eSOyR{qKFJ2a8ywlK;W2SGJwEw#bp42OI0cZi1fYQ*Y?fpLfp{R!bAqIz4_yH z*I3ZHJrvDstfy=}6pvfi4`1D{1SQWuXYXq2caqWB-ZguhAZ;4gzjl_4Ilhf9UDvrc zTa9MsbtuG?cu#?4gm3!YwGVE0NWhzh>P_A1W)3MD_f(sc7=`c|lX{U`+tou+SNh40 zuMawimvYH*6ljqCdV~w zlN+)QJ4LQ%VLA1H)3G9BH8`%oTSoq2=qcc6rUH+I6MI3}qH&v;Dq^#7HwZd{NQi?!u#7QjjEKhTu uvz+E6$2rO&5+t*X7$c}oVPk-2)|McEWo5~5wed*^#>n3w9snsz1pok+#^CM% diff --git a/creusot/tests/should_succeed/ghost_ptr_token/why3shapes.gz b/creusot/tests/should_succeed/ghost_ptr_token/why3shapes.gz index c1fa922e6597784ebec991c48055af258902a510..2a545cf257b8ae8f9399a97625a0711dc301c2a1 100644 GIT binary patch literal 682 zcmV;b0#*GViwFP!00000|BY4Kj@mE~ea~0$w(V9cWo+j{B`TqnEc3E2UHLUK!E7T! z0=aXJzqo7S5i(d(BZ~#p%iCK6QpC z795G9&GRHLKeAN$U?mnpY&KQzL8HGDG+j>Mlk?Q4Dv8+d)X6E6=O@H5$Hw;|o1`u3 z?4R7YL!XmTym)U9x%9Uk|Npt;Lh+Gy58CdF$RmlCJ`K#QaNXw#b`Vg(p1Pllr zXqy2%qRwzW#AE6Vqh0J|VrB9`?LeupQ(q+e&G#95jSYH-Hb{C2?t%D*; zO`_0Er~>Z2S|9Y!x)I7v%ZfAp{#HAWT9#q30rb*08 z*z-sbhZ_)RE8=JiXdQ~R4_g#O+c=EYVm^bILBt?r5HKJNFayK@82D_?VivKG1&lDv Ql$ZJ5e@Jr2*WU*K0KP3!N&o-= literal 681 zcmV;a0#^MWiwFP!00000|BY44j@mF3-RCRV(M~mzUwKf8N@yg@Y}j<y%C5d zN1|+tA}!QMo@pOki=`0TZPk0w=+teZZ>=(7O>!UVcz zKpsPW^!#BJsnigCK+JjRtBpjlp@4c&%Ew zy2Ie(*Y|>5(bv(nY^NBGeQrg87NRs3jluDzJUkoJ~g z>m|13xe^D%73q&@pZ*zV?z&dVy*fz)j5$nl-?Lae_htqs{WHjE|HeF{=2^#;c*5a= z_LldC9JxDXtiX)DP-@p6ruz*!N;uNmj_+o?jY@MZ@GjPYx)7VFB5 zR>1M1b8b4DilUb52l7dVjzj1d>ma_4%UJrAipb{`k*kU-S*t=%6pA-hRqCwC_B)Pa zv!kNmSYMf~{{9r0cp$MrVtbUBn^DQKv5`wd*E>j;9beL1oSI;BSuELIC^EDjiYT>- zB0rs8u9pxEvl_Cw=0?-O42ba*B0mLfhc{9YcXFKy>3tlcZlyxQ;toJMG#+q_Cl5&X zAi>!0s^N7$*gxw=C_gPH&ieaX?LB%~;&G#{7j6XY9!{9h$?9EzTsb!j2<)3CwJ+fy z2r-BWiroAM8B*=hyaPRkZk1)CJe?5Mhu1w5(Y7Yh(X98U<;P8m_;mPgkh$= P3-v {[@expl:hash ensures] [%#shashmap0] UInt64.to_uint result + [ return' (result:UInt64.t)-> {[@expl:hash ensures] [%#shashmap0] UInt64.t'int result = hash_log'0 (deep_model'0 self)} (! return' {result}) ] @@ -121,7 +121,7 @@ module M_hashmap__qyi7664122466964245986__new [#"hashmap.rs" 116 4 116 46] (* My function view'1 (self : t_Vec'0) : Seq.seq (t_List'0) - axiom view'1_spec : forall self : t_Vec'0 . [%#svec6] Seq.length (view'1 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) + axiom view'1_spec : forall self : t_Vec'0 . [%#svec6] Seq.length (view'1 self) <= UInt64.t'int (v_MAX'0 : UInt64.t) use seq.Seq @@ -147,8 +147,8 @@ module M_hashmap__qyi7664122466964245986__new [#"hashmap.rs" 116 4 116 46] (* My let rec from_elem'0 (elem:t_List'0) (n:UInt64.t) (return' (ret:t_Vec'0))= {[@expl:from_elem 'elem' type invariant] inv'1 elem} any [ return' (result:t_Vec'0)-> {inv'2 result} - {[%#svec3] Seq.length (view'1 result) = UInt64.to_uint n} - {[%#svec4] forall i : int . 0 <= i /\ i < UInt64.to_uint n -> index_logic'0 result i = elem} + {[%#svec3] Seq.length (view'1 result) = UInt64.t'int n} + {[%#svec4] forall i : int . 0 <= i /\ i < UInt64.t'int n -> index_logic'0 result i = elem} (! return' {result}) ] @@ -216,7 +216,7 @@ module M_hashmap__qyi7664122466964245986__new [#"hashmap.rs" 116 4 116 46] (* My meta "compute_max_steps" 1000000 let rec new'0 (size:UInt64.t) (return' (ret:t_MyHashMap'0))= {[@expl:new requires] [%#shashmap0] 0 - < UInt64.to_uint size} + < UInt64.t'int size} (! bb0 [ bb0 = s0 [ s0 = [ &_6 <- C_Nil'0 ] s1 @@ -330,7 +330,7 @@ module M_hashmap__qyi7664122466964245986__add [#"hashmap.rs" 122 4 122 41] (* My function view'4 (self : t_Vec'0) : Seq.seq (t_List'0) - axiom view'4_spec : forall self : t_Vec'0 . [%#svec32] Seq.length (view'4 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) + axiom view'4_spec : forall self : t_Vec'0 . [%#svec32] Seq.length (view'4 self) <= UInt64.t'int (v_MAX'0 : UInt64.t) use seq.Seq @@ -384,7 +384,7 @@ module M_hashmap__qyi7664122466964245986__add [#"hashmap.rs" 122 4 122 41] (* My let rec len'0 (self:t_Vec'0) (return' (ret:UInt64.t))= {[@expl:len 'self' type invariant] inv'10 self} any - [ return' (result:UInt64.t)-> {[%#svec14] UInt64.to_uint result = Seq.length (view'2 self)} (! return' {result}) ] + [ return' (result:UInt64.t)-> {[%#svec14] UInt64.t'int result = Seq.length (view'2 self)} (! return' {result}) ] predicate invariant'8 (self : t_K'0) = @@ -407,7 +407,7 @@ module M_hashmap__qyi7664122466964245986__add [#"hashmap.rs" 122 4 122 41] (* My let rec hash'0 (self:t_K'0) (return' (ret:UInt64.t))= {[@expl:hash 'self' type invariant] [%#shashmap15] inv'11 self} any - [ return' (result:UInt64.t)-> {[%#shashmap16] UInt64.to_uint result = hash_log'0 (deep_model'1 self)} + [ return' (result:UInt64.t)-> {[%#shashmap16] UInt64.t'int result = hash_log'0 (deep_model'1 self)} (! return' {result}) ] @@ -426,7 +426,7 @@ module M_hashmap__qyi7664122466964245986__add [#"hashmap.rs" 122 4 122 41] (* My [%#smodel27] view'4 self.current predicate in_bounds'0 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq (t_List'0)) = - [%#sslice30] UInt64.to_uint self < Seq.length seq + [%#sslice30] UInt64.t'int self < Seq.length seq predicate invariant'1 (self : borrowed (t_List'0)) = [%#sinvariant38] inv'1 self.current /\ inv'1 self.final @@ -438,12 +438,12 @@ module M_hashmap__qyi7664122466964245986__add [#"hashmap.rs" 122 4 122 41] (* My use seq.Seq predicate has_value'0 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq (t_List'0)) (out : t_List'0) = - [%#sslice31] Seq.get seq (UInt64.to_uint self) = out + [%#sslice31] Seq.get seq (UInt64.t'int self) = out predicate resolve_elswhere'0 [@inline:trivial] (self : UInt64.t) (old' : Seq.seq (t_List'0)) (fin : Seq.seq (t_List'0)) = - [%#sslice33] forall i : int . 0 <= i /\ i <> UInt64.to_uint self /\ i < Seq.length old' + [%#sslice33] forall i : int . 0 <= i /\ i <> UInt64.t'int self /\ i < Seq.length old' -> Seq.get old' i = Seq.get fin i let rec index_mut'0 (self:borrowed (t_Vec'0)) (index:UInt64.t) (return' (ret:borrowed (t_List'0)))= {[@expl:index_mut 'self' type invariant] inv'12 self} @@ -653,9 +653,9 @@ module M_hashmap__qyi7664122466964245986__add [#"hashmap.rs" 122 4 122 41] (* My | bb6 = bb7 | bb7 = bb7 [ bb7 = {[@expl:loop invariant #0] [%#shashmap9] inv'2 l} - {[@expl:loop invariant #1] [%#shashmap8] good_bucket'0 (Snapshot.inner old_self).current l.current (UInt64.to_uint index)} - {[@expl:loop invariant #2] [%#shashmap7] good_bucket'0 (Snapshot.inner old_self).current l.final (UInt64.to_uint index) - -> good_bucket'0 (Snapshot.inner old_self).current (Snapshot.inner old_l).final (UInt64.to_uint index)} + {[@expl:loop invariant #1] [%#shashmap8] good_bucket'0 (Snapshot.inner old_self).current l.current (UInt64.t'int index)} + {[@expl:loop invariant #2] [%#shashmap7] good_bucket'0 (Snapshot.inner old_self).current l.final (UInt64.t'int index) + -> good_bucket'0 (Snapshot.inner old_self).current (Snapshot.inner old_l).final (UInt64.t'int index)} {[@expl:loop invariant #3] [%#shashmap6] get'0 l.final (deep_model'0 key) = C_Some'0 val' -> get'0 (Snapshot.inner old_l).final (deep_model'0 key) = C_Some'0 val'} {[@expl:loop invariant #4] [%#shashmap5] forall i : t_DeepModelTy'0 . get'0 l.final i = get'0 l.current i @@ -870,7 +870,7 @@ module M_hashmap__qyi7664122466964245986__get [#"hashmap.rs" 154 4 154 43] (* My let rec hash'0 (self:t_K'0) (return' (ret:UInt64.t))= {[@expl:hash 'self' type invariant] [%#shashmap7] inv'4 self} any - [ return' (result:UInt64.t)-> {[%#shashmap8] UInt64.to_uint result = hash_log'0 (deep_model'1 self)} + [ return' (result:UInt64.t)-> {[%#shashmap8] UInt64.t'int result = hash_log'0 (deep_model'1 self)} (! return' {result}) ] @@ -910,7 +910,7 @@ module M_hashmap__qyi7664122466964245986__get [#"hashmap.rs" 154 4 154 43] (* My function view'3 (self : t_Vec'0) : Seq.seq (t_List'0) - axiom view'3_spec : forall self : t_Vec'0 . [%#svec22] Seq.length (view'3 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) + axiom view'3_spec : forall self : t_Vec'0 . [%#svec22] Seq.length (view'3 self) <= UInt64.t'int (v_MAX'0 : UInt64.t) use seq.Seq @@ -961,16 +961,14 @@ module M_hashmap__qyi7664122466964245986__get [#"hashmap.rs" 154 4 154 43] (* My [%#smodel15] view'3 self let rec len'0 (self:t_Vec'0) (return' (ret:UInt64.t))= {[@expl:len 'self' type invariant] inv'5 self} - any - [ return' (result:UInt64.t)-> {[%#svec9] UInt64.to_uint result = Seq.length (view'1 self)} (! return' {result}) ] - + any [ return' (result:UInt64.t)-> {[%#svec9] UInt64.t'int result = Seq.length (view'1 self)} (! return' {result}) ] predicate inv'6 (_1 : UInt64.t) axiom inv_axiom'5 [@rewrite] : forall x : UInt64.t [inv'6 x] . inv'6 x = true predicate in_bounds'0 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq (t_List'0)) = - [%#sslice17] UInt64.to_uint self < Seq.length seq + [%#sslice17] UInt64.t'int self < Seq.length seq predicate invariant'0 (self : t_List'0) = [%#sinvariant23] inv'8 self @@ -982,7 +980,7 @@ module M_hashmap__qyi7664122466964245986__get [#"hashmap.rs" 154 4 154 43] (* My use seq.Seq predicate has_value'0 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq (t_List'0)) (out : t_List'0) = - [%#sslice18] Seq.get seq (UInt64.to_uint self) = out + [%#sslice18] Seq.get seq (UInt64.t'int self) = out let rec index'0 (self:t_Vec'0) (index:UInt64.t) (return' (ret:t_List'0))= {[@expl:index 'self' type invariant] inv'5 self} {[@expl:index 'index' type invariant] inv'6 index} @@ -1266,7 +1264,7 @@ module M_hashmap__qyi7664122466964245986__resize [#"hashmap.rs" 173 4 173 24] (* function view'0 (self : t_Vec'0) : Seq.seq (t_List'0) - axiom view'0_spec : forall self : t_Vec'0 . [%#svec26] Seq.length (view'0 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) + axiom view'0_spec : forall self : t_Vec'0 . [%#svec26] Seq.length (view'0 self) <= UInt64.t'int (v_MAX'0 : UInt64.t) use seq.Seq @@ -1320,7 +1318,7 @@ module M_hashmap__qyi7664122466964245986__resize [#"hashmap.rs" 173 4 173 24] (* let rec len'0 (self:t_Vec'0) (return' (ret:UInt64.t))= {[@expl:len 'self' type invariant] inv'5 self} any - [ return' (result:UInt64.t)-> {[%#svec22] UInt64.to_uint result = Seq.length (view'4 self)} (! return' {result}) ] + [ return' (result:UInt64.t)-> {[%#svec22] UInt64.t'int result = Seq.length (view'4 self)} (! return' {result}) ] use seq.Seq @@ -1385,7 +1383,7 @@ module M_hashmap__qyi7664122466964245986__resize [#"hashmap.rs" 173 4 173 24] (* use map.Map let rec new'0 (size:UInt64.t) (return' (ret:t_MyHashMap'0))= {[@expl:new requires] [%#shashmap23] 0 - < UInt64.to_uint size} + < UInt64.t'int size} any [ return' (result:t_MyHashMap'0)-> {[%#shashmap24] inv'0 result} {[%#shashmap25] forall i : t_DeepModelTy'0 . Map.get (view'1 result) i = C_None'0} @@ -1427,7 +1425,7 @@ module M_hashmap__qyi7664122466964245986__resize [#"hashmap.rs" 173 4 173 24] (* [%#smodel45] view'0 self.current predicate in_bounds'0 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq (t_List'0)) = - [%#sslice48] UInt64.to_uint self < Seq.length seq + [%#sslice48] UInt64.t'int self < Seq.length seq predicate invariant'3 (self : borrowed (t_List'0)) = [%#sinvariant53] inv'3 self.current /\ inv'3 self.final @@ -1437,12 +1435,12 @@ module M_hashmap__qyi7664122466964245986__resize [#"hashmap.rs" 173 4 173 24] (* axiom inv_axiom'4 [@rewrite] : forall x : borrowed (t_List'0) [inv'4 x] . inv'4 x = invariant'3 x predicate has_value'0 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq (t_List'0)) (out : t_List'0) = - [%#sslice49] Seq.get seq (UInt64.to_uint self) = out + [%#sslice49] Seq.get seq (UInt64.t'int self) = out predicate resolve_elswhere'0 [@inline:trivial] (self : UInt64.t) (old' : Seq.seq (t_List'0)) (fin : Seq.seq (t_List'0)) = - [%#sslice50] forall i : int . 0 <= i /\ i <> UInt64.to_uint self /\ i < Seq.length old' + [%#sslice50] forall i : int . 0 <= i /\ i <> UInt64.t'int self /\ i < Seq.length old' -> Seq.get old' i = Seq.get fin i let rec index_mut'0 (self:borrowed (t_Vec'0)) (index:UInt64.t) (return' (ret:borrowed (t_List'0)))= {[@expl:index_mut 'self' type invariant] inv'6 self} @@ -1520,19 +1518,19 @@ module M_hashmap__qyi7664122466964245986__resize [#"hashmap.rs" 173 4 173 24] (* {[@expl:loop invariant #0] [%#shashmap9] inv'1 self} {[@expl:loop invariant #1] [%#shashmap8] inv'0 new} {[@expl:loop invariant #2] [%#shashmap7] forall k : t_DeepModelTy'0 . bucket_ix'0 (Snapshot.inner old_self).current k - < UInt64.to_uint i -> Map.get (view'2 old_self) k = Map.get (view'1 new) k} - {[@expl:loop invariant #3] [%#shashmap6] forall k : t_DeepModelTy'0 . UInt64.to_uint i + < UInt64.t'int i -> Map.get (view'2 old_self) k = Map.get (view'1 new) k} + {[@expl:loop invariant #3] [%#shashmap6] forall k : t_DeepModelTy'0 . UInt64.t'int i <= bucket_ix'0 (Snapshot.inner old_self).current k /\ bucket_ix'0 (Snapshot.inner old_self).current k <= Seq.length (view'0 ((Snapshot.inner old_self).current).t_MyHashMap__buckets'0) -> Map.get (view'1 new) k = C_None'0} - {[@expl:loop invariant #4] [%#shashmap5] forall j : int . UInt64.to_uint i <= j + {[@expl:loop invariant #4] [%#shashmap5] forall j : int . UInt64.t'int i <= j /\ j < Seq.length (view'0 ((Snapshot.inner old_self).current).t_MyHashMap__buckets'0) -> index_logic'0 (self.current).t_MyHashMap__buckets'0 j = index_logic'0 ((Snapshot.inner old_self).current).t_MyHashMap__buckets'0 j} {[@expl:loop invariant #5] [%#shashmap4] Seq.length (view'0 ((Snapshot.inner old_self).current).t_MyHashMap__buckets'0) = Seq.length (view'0 (self.current).t_MyHashMap__buckets'0)} - {[@expl:loop invariant #6] [%#shashmap3] UInt64.to_uint i + {[@expl:loop invariant #6] [%#shashmap3] UInt64.t'int i <= Seq.length (view'0 (self.current).t_MyHashMap__buckets'0)} (! s0) [ s0 = bb8 ] [ bb8 = s0 @@ -1591,21 +1589,21 @@ module M_hashmap__qyi7664122466964245986__resize [#"hashmap.rs" 173 4 173 24] (* [ bb20 = {[@expl:loop invariant #0] [%#shashmap16] inv'0 new} {[@expl:loop invariant #1] [%#shashmap15] inv'3 l} {[@expl:loop invariant #2] [%#shashmap14] forall k : t_DeepModelTy'0 . bucket_ix'0 (Snapshot.inner old_self).current k - < UInt64.to_uint i -> Map.get (view'2 old_self) k = Map.get (view'1 new) k} - {[@expl:loop invariant #3] [%#shashmap13] forall k : t_DeepModelTy'0 . UInt64.to_uint i + < UInt64.t'int i -> Map.get (view'2 old_self) k = Map.get (view'1 new) k} + {[@expl:loop invariant #3] [%#shashmap13] forall k : t_DeepModelTy'0 . UInt64.t'int i < bucket_ix'0 (Snapshot.inner old_self).current k /\ bucket_ix'0 (Snapshot.inner old_self).current k <= Seq.length (view'0 ((Snapshot.inner old_self).current).t_MyHashMap__buckets'0) -> Map.get (view'1 new) k = C_None'0} {[@expl:loop invariant #4] [%#shashmap12] forall k : t_DeepModelTy'0 . bucket_ix'0 (Snapshot.inner old_self).current k - = UInt64.to_uint i + = UInt64.t'int i -> Map.get (view'2 old_self) k = match get'0 l k with | C_None'0 -> Map.get (view'1 new) k | C_Some'0 v -> C_Some'0 v end} {[@expl:loop invariant #5] [%#shashmap11] no_double_binding'0 l} - {[@expl:loop invariant #6] [%#shashmap10] good_bucket'0 (Snapshot.inner old_self).current l (UInt64.to_uint i)} + {[@expl:loop invariant #6] [%#shashmap10] good_bucket'0 (Snapshot.inner old_self).current l (UInt64.t'int i)} (! s0) [ s0 = bb21 ] [ bb21 = any [ br0 -> {l = C_Nil'0 } (! bb28) | br1 (x0:(t_K'0, t_V'0)) (x1:t_List'0)-> {l = C_Cons'0 x0 x1} (! bb22) ] @@ -1636,7 +1634,7 @@ module M_hashmap__qyi7664122466964245986__resize [#"hashmap.rs" 173 4 173 24] (* | bb28 = s0 [ s0 = {[@expl:type invariant] inv'3 l} s1 | s1 = {[@expl:assertion] [%#shashmap17] forall k : t_DeepModelTy'0 . bucket_ix'0 (Snapshot.inner old_self).current k - = UInt64.to_uint i -> Map.get (view'2 old_self) k = Map.get (view'1 new) k} + = UInt64.t'int i -> Map.get (view'2 old_self) k = Map.get (view'1 new) k} s2 | s2 = bb30 ] @@ -1721,7 +1719,7 @@ module M_hashmap__main [#"hashmap.rs" 213 0 213 13] let%span shashmap28 = "hashmap.rs" 121 14 121 122 let%span shashmap29 = "hashmap.rs" 80 8 80 33 let%span smodel30 = "../../../creusot-contracts/src/model.rs" 88 8 88 22 - let%span snum31 = "../../../creusot-contracts/src/std/num.rs" 52 28 52 33 + let%span snum31 = "../../../creusot-contracts/src/std/num.rs" 54 32 54 37 let%span smodel32 = "../../../creusot-contracts/src/model.rs" 106 8 106 22 let%span shashmap33 = "hashmap.rs" 86 8 86 53 let%span shashmap34 = "hashmap.rs" 31 12 34 13 @@ -1775,7 +1773,7 @@ module M_hashmap__main [#"hashmap.rs" 213 0 213 13] function view'3 (self : t_Vec'0) : Seq.seq (t_List'0) - axiom view'3_spec : forall self : t_Vec'0 . [%#svec39] Seq.length (view'3 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) + axiom view'3_spec : forall self : t_Vec'0 . [%#svec39] Seq.length (view'3 self) <= UInt64.t'int (v_MAX'0 : UInt64.t) use seq.Seq @@ -1787,7 +1785,7 @@ module M_hashmap__main [#"hashmap.rs" 213 0 213 13] | C_Some'1 Int64.t function deep_model'0 (self : UInt64.t) : int = - [%#snum31] UInt64.to_uint self + [%#snum31] UInt64.t'int self function get'1 [#"hashmap.rs" 29 4 29 56] (self : t_List'0) (index : int) : t_Option'1 = [%#shashmap34] match self with @@ -1839,7 +1837,7 @@ module M_hashmap__main [#"hashmap.rs" 213 0 213 13] use map.Map let rec new'0 (size:UInt64.t) (return' (ret:t_MyHashMap'0))= {[@expl:new requires] [%#shashmap18] 0 - < UInt64.to_uint size} + < UInt64.t'int size} any [ return' (result:t_MyHashMap'0)-> {[%#shashmap19] inv'0 result} {[%#shashmap20] forall i : int . Map.get (view'0 result) i = C_None'0} @@ -2049,7 +2047,7 @@ module M_hashmap__qyi9060063638777358169__hash__refines [#"hashmap.rs" 60 4 60 2 let%span shashmap0 = "hashmap.rs" 60 4 60 25 let%span smodel1 = "../../../creusot-contracts/src/model.rs" 79 8 79 28 let%span shashmap2 = "hashmap.rs" 66 20 66 21 - let%span snum3 = "../../../creusot-contracts/src/std/num.rs" 52 28 52 33 + let%span snum3 = "../../../creusot-contracts/src/std/num.rs" 54 32 54 37 use prelude.prelude.Borrow @@ -2066,7 +2064,7 @@ module M_hashmap__qyi9060063638777358169__hash__refines [#"hashmap.rs" 60 4 60 2 use prelude.prelude.UInt64 function deep_model'1 (self : UInt64.t) : int = - [%#snum3] UInt64.to_uint self + [%#snum3] UInt64.t'int self function deep_model'0 (self : UInt64.t) : int = [%#smodel1] deep_model'1 self @@ -2075,6 +2073,6 @@ module M_hashmap__qyi9060063638777358169__hash__refines [#"hashmap.rs" 60 4 60 2 [%#shashmap2] x goal refines : [%#shashmap0] forall self : UInt64.t . inv'0 self - -> (forall result : UInt64.t . UInt64.to_uint result = hash_log'0 (deep_model'0 self) - -> UInt64.to_uint result = hash_log'0 (deep_model'0 self)) + -> (forall result : UInt64.t . UInt64.t'int result = hash_log'0 (deep_model'0 self) + -> UInt64.t'int result = hash_log'0 (deep_model'0 self)) end diff --git a/creusot/tests/should_succeed/heapsort_generic.coma b/creusot/tests/should_succeed/heapsort_generic.coma index e6e67ed175..78d8a7c273 100644 --- a/creusot/tests/should_succeed/heapsort_generic.coma +++ b/creusot/tests/should_succeed/heapsort_generic.coma @@ -223,7 +223,7 @@ module M_heapsort_generic__sift_down [#"heapsort_generic.rs" 41 0 43 29] function view'2 (self : t_Vec'0) : Seq.seq t_T'0 - axiom view'2_spec : forall self : t_Vec'0 . [%#svec41] Seq.length (view'2 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) + axiom view'2_spec : forall self : t_Vec'0 . [%#svec41] Seq.length (view'2 self) <= UInt64.t'int (v_MAX'0 : UInt64.t) use seq.Seq @@ -370,7 +370,7 @@ module M_heapsort_generic__sift_down [#"heapsort_generic.rs" 41 0 43 29] [%#smodel55] view'2 self predicate in_bounds'0 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq t_T'0) = - [%#sslice56] UInt64.to_uint self < Seq.length seq + [%#sslice56] UInt64.t'int self < Seq.length seq predicate invariant'5 (self : t_T'0) = [%#sinvariant65] inv'8 self @@ -380,7 +380,7 @@ module M_heapsort_generic__sift_down [#"heapsort_generic.rs" 41 0 43 29] axiom inv_axiom'6 [@rewrite] : forall x : t_T'0 [inv'6 x] . inv'6 x = invariant'5 x predicate has_value'0 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq t_T'0) (out : t_T'0) = - [%#sslice57] Seq.get seq (UInt64.to_uint self) = out + [%#sslice57] Seq.get seq (UInt64.t'int self) = out let rec index'0 (self:t_Vec'0) (index:UInt64.t) (return' (ret:t_T'0))= {[@expl:index 'self' type invariant] inv'4 self} {[@expl:index 'index' type invariant] inv'5 index} @@ -413,7 +413,7 @@ module M_heapsort_generic__sift_down [#"heapsort_generic.rs" 41 0 43 29] function view'6 (self : slice t_T'0) : Seq.seq t_T'0 axiom view'6_spec : forall self : slice t_T'0 . ([%#sslice59] Seq.length (view'6 self) - <= UInt64.to_uint (v_MAX'0 : UInt64.t)) + <= UInt64.t'int (v_MAX'0 : UInt64.t)) && ([%#sslice60] view'6 self = Slice64.id self) predicate invariant'2 (self : slice t_T'0) = @@ -444,10 +444,10 @@ module M_heapsort_generic__sift_down [#"heapsort_generic.rs" 41 0 43 29] use seq.Permut let rec swap'0 (self:borrowed (slice t_T'0)) (a:UInt64.t) (b:UInt64.t) (return' (ret:()))= {[@expl:swap 'self' type invariant] inv'3 self} - {[@expl:swap requires #0] [%#sslice35] UInt64.to_uint a < Seq.length (view'5 self)} - {[@expl:swap requires #1] [%#sslice36] UInt64.to_uint b < Seq.length (view'5 self)} + {[@expl:swap requires #0] [%#sslice35] UInt64.t'int a < Seq.length (view'5 self)} + {[@expl:swap requires #1] [%#sslice36] UInt64.t'int b < Seq.length (view'5 self)} any - [ return' (result:())-> {[%#sslice37] Permut.exchange (view'6 self.final) (view'5 self) (UInt64.to_uint a) (UInt64.to_uint b)} + [ return' (result:())-> {[%#sslice37] Permut.exchange (view'6 self.final) (view'5 self) (UInt64.t'int a) (UInt64.t'int b)} (! return' {result}) ] @@ -472,10 +472,10 @@ module M_heapsort_generic__sift_down [#"heapsort_generic.rs" 41 0 43 29] meta "compute_max_steps" 1000000 let rec sift_down'0 (v:borrowed (t_Vec'0)) (start:UInt64.t) (end':UInt64.t) (return' (ret:()))= {[@expl:sift_down 'v' type invariant] [%#sheapsort_generic15] inv'0 v} - {[@expl:sift_down requires #0] [%#sheapsort_generic16] heap_frag'0 (deep_model'0 v) (UInt64.to_uint start - + 1) (UInt64.to_uint end')} - {[@expl:sift_down requires #1] [%#sheapsort_generic17] UInt64.to_uint start < UInt64.to_uint end'} - {[@expl:sift_down requires #2] [%#sheapsort_generic18] UInt64.to_uint end' <= Seq.length (view'0 v)} + {[@expl:sift_down requires #0] [%#sheapsort_generic16] heap_frag'0 (deep_model'0 v) (UInt64.t'int start + + 1) (UInt64.t'int end')} + {[@expl:sift_down requires #1] [%#sheapsort_generic17] UInt64.t'int start < UInt64.t'int end'} + {[@expl:sift_down requires #2] [%#sheapsort_generic18] UInt64.t'int end' <= Seq.length (view'0 v)} (! bb0 [ bb0 = s0 [ s0 = [ &old_v <- [%#sheapsort_generic0] Snapshot.new v ] s1 | s1 = bb1 ] | bb1 = s0 [ s0 = [ &i <- start ] s1 | s1 = [ &old_2_0 <- Snapshot.new v ] s2 | s2 = bb2 ] @@ -483,24 +483,24 @@ module M_heapsort_generic__sift_down [#"heapsort_generic.rs" 41 0 43 29] [ bb2 = {[@expl:mut invariant] (Snapshot.inner old_2_0).final = v.final} {[@expl:loop invariant #0] [%#sheapsort_generic7] inv'0 v} {[@expl:loop invariant #1] [%#sheapsort_generic6] permutation_of'0 (view'0 v) (view'1 old_v)} - {[@expl:loop invariant #2] [%#sheapsort_generic5] UInt64.to_uint start <= UInt64.to_uint i - /\ UInt64.to_uint i < UInt64.to_uint end'} - {[@expl:loop invariant #3] [%#sheapsort_generic4] forall j : int . 0 <= j /\ j < UInt64.to_uint start - \/ UInt64.to_uint end' <= j /\ j < Seq.length (view'0 v) + {[@expl:loop invariant #2] [%#sheapsort_generic5] UInt64.t'int start <= UInt64.t'int i + /\ UInt64.t'int i < UInt64.t'int end'} + {[@expl:loop invariant #3] [%#sheapsort_generic4] forall j : int . 0 <= j /\ j < UInt64.t'int start + \/ UInt64.t'int end' <= j /\ j < Seq.length (view'0 v) -> index_logic'0 (Snapshot.inner old_v).current j = index_logic'0 v.current j} - {[@expl:loop invariant #4] [%#sheapsort_generic3] forall m : t_DeepModelTy'0 . (forall j : int . UInt64.to_uint start + {[@expl:loop invariant #4] [%#sheapsort_generic3] forall m : t_DeepModelTy'0 . (forall j : int . UInt64.t'int start <= j - /\ j < UInt64.to_uint end' -> le_log'0 (Seq.get (deep_model'0 (Snapshot.inner old_v)) j) m) - -> (forall j : int . UInt64.to_uint start <= j /\ j < UInt64.to_uint end' + /\ j < UInt64.t'int end' -> le_log'0 (Seq.get (deep_model'0 (Snapshot.inner old_v)) j) m) + -> (forall j : int . UInt64.t'int start <= j /\ j < UInt64.t'int end' -> le_log'0 (Seq.get (deep_model'0 v) j) m)} - {[@expl:loop invariant #5] [%#sheapsort_generic2] forall j : int . UInt64.to_uint start <= parent'0 j - /\ j < UInt64.to_uint end' /\ UInt64.to_uint i <> parent'0 j + {[@expl:loop invariant #5] [%#sheapsort_generic2] forall j : int . UInt64.t'int start <= parent'0 j + /\ j < UInt64.t'int end' /\ UInt64.t'int i <> parent'0 j -> le_log'0 (Seq.get (deep_model'0 v) j) (Seq.get (deep_model'0 v) (parent'0 j))} - {[@expl:loop invariant #6] [%#sheapsort_generic1] let c = 2 * UInt64.to_uint i + 1 in c < UInt64.to_uint end' - /\ UInt64.to_uint start <= parent'0 (UInt64.to_uint i) + {[@expl:loop invariant #6] [%#sheapsort_generic1] let c = 2 * UInt64.t'int i + 1 in c < UInt64.t'int end' + /\ UInt64.t'int start <= parent'0 (UInt64.t'int i) -> le_log'0 (Seq.get (deep_model'0 v) c) (Seq.get (deep_model'0 v) (parent'0 (parent'0 c)))} - {[@expl:loop invariant #7] [%#sheapsort_generic1] let c = 2 * UInt64.to_uint i + 2 in c < UInt64.to_uint end' - /\ UInt64.to_uint start <= parent'0 (UInt64.to_uint i) + {[@expl:loop invariant #7] [%#sheapsort_generic1] let c = 2 * UInt64.t'int i + 2 in c < UInt64.t'int end' + /\ UInt64.t'int start <= parent'0 (UInt64.t'int i) -> le_log'0 (Seq.get (deep_model'0 v) c) (Seq.get (deep_model'0 v) (parent'0 (parent'0 c)))} (! s0) [ s0 = bb3 ] [ bb3 = s0 @@ -605,14 +605,14 @@ module M_heapsort_generic__sift_down [#"heapsort_generic.rs" 41 0 43 29] | & _63 : borrowed (t_Vec'0) = any_l () | & old_2_0 : Snapshot.snap_ty (borrowed (t_Vec'0)) = any_l () ] - [ return' (result:())-> {[@expl:sift_down ensures #0] [%#sheapsort_generic19] heap_frag'0 (deep_model'1 v.final) (UInt64.to_uint start) (UInt64.to_uint end')} + [ return' (result:())-> {[@expl:sift_down ensures #0] [%#sheapsort_generic19] heap_frag'0 (deep_model'1 v.final) (UInt64.t'int start) (UInt64.t'int end')} {[@expl:sift_down ensures #1] [%#sheapsort_generic20] permutation_of'0 (view'2 v.final) (view'0 v)} - {[@expl:sift_down ensures #2] [%#sheapsort_generic21] forall i : int . 0 <= i /\ i < UInt64.to_uint start - \/ UInt64.to_uint end' <= i /\ i < Seq.length (view'0 v) -> index_logic'0 v.current i = index_logic'0 v.final i} - {[@expl:sift_down ensures #3] [%#sheapsort_generic22] forall m : t_DeepModelTy'0 . (forall j : int . UInt64.to_uint start + {[@expl:sift_down ensures #2] [%#sheapsort_generic21] forall i : int . 0 <= i /\ i < UInt64.t'int start + \/ UInt64.t'int end' <= i /\ i < Seq.length (view'0 v) -> index_logic'0 v.current i = index_logic'0 v.final i} + {[@expl:sift_down ensures #3] [%#sheapsort_generic22] forall m : t_DeepModelTy'0 . (forall j : int . UInt64.t'int start <= j - /\ j < UInt64.to_uint end' -> le_log'0 (Seq.get (deep_model'0 v) j) m) - -> (forall j : int . UInt64.to_uint start <= j /\ j < UInt64.to_uint end' + /\ j < UInt64.t'int end' -> le_log'0 (Seq.get (deep_model'0 v) j) m) + -> (forall j : int . UInt64.t'int start <= j /\ j < UInt64.t'int end' -> le_log'0 (Seq.get (deep_model'1 v.final) j) m)} (! return' {result}) ] @@ -733,7 +733,7 @@ module M_heapsort_generic__heap_sort [#"heapsort_generic.rs" 94 0 96 29] function view'2 (self : t_Vec'0) : Seq.seq t_T'0 - axiom view'2_spec : forall self : t_Vec'0 . [%#svec51] Seq.length (view'2 self) <= UInt64.to_uint (v_MAX'1 : UInt64.t) + axiom view'2_spec : forall self : t_Vec'0 . [%#svec51] Seq.length (view'2 self) <= UInt64.t'int (v_MAX'1 : UInt64.t) use seq.Seq @@ -772,7 +772,7 @@ module M_heapsort_generic__heap_sort [#"heapsort_generic.rs" 94 0 96 29] let rec len'0 (self:t_Vec'0) (return' (ret:UInt64.t))= {[@expl:len 'self' type invariant] inv'4 self} any - [ return' (result:UInt64.t)-> {[%#svec23] UInt64.to_uint result = Seq.length (view'3 self)} (! return' {result}) ] + [ return' (result:UInt64.t)-> {[%#svec23] UInt64.t'int result = Seq.length (view'3 self)} (! return' {result}) ] function view'0 (self : borrowed (t_Vec'0)) : Seq.seq t_T'0 = @@ -892,18 +892,18 @@ module M_heapsort_generic__heap_sort [#"heapsort_generic.rs" 94 0 96 29] axiom inv_axiom'1 [@rewrite] : forall x : borrowed (t_Vec'0) [inv'1 x] . inv'1 x = invariant'1 x let rec sift_down'0 (v:borrowed (t_Vec'0)) (start:UInt64.t) (end':UInt64.t) (return' (ret:()))= {[@expl:sift_down 'v' type invariant] [%#sheapsort_generic29] inv'1 v} - {[@expl:sift_down requires #0] [%#sheapsort_generic30] heap_frag'0 (deep_model'0 v) (UInt64.to_uint start - + 1) (UInt64.to_uint end')} - {[@expl:sift_down requires #1] [%#sheapsort_generic31] UInt64.to_uint start < UInt64.to_uint end'} - {[@expl:sift_down requires #2] [%#sheapsort_generic32] UInt64.to_uint end' <= Seq.length (view'0 v)} + {[@expl:sift_down requires #0] [%#sheapsort_generic30] heap_frag'0 (deep_model'0 v) (UInt64.t'int start + + 1) (UInt64.t'int end')} + {[@expl:sift_down requires #1] [%#sheapsort_generic31] UInt64.t'int start < UInt64.t'int end'} + {[@expl:sift_down requires #2] [%#sheapsort_generic32] UInt64.t'int end' <= Seq.length (view'0 v)} any - [ return' (result:())-> {[%#sheapsort_generic33] heap_frag'0 (deep_model'1 v.final) (UInt64.to_uint start) (UInt64.to_uint end')} + [ return' (result:())-> {[%#sheapsort_generic33] heap_frag'0 (deep_model'1 v.final) (UInt64.t'int start) (UInt64.t'int end')} {[%#sheapsort_generic34] permutation_of'0 (view'2 v.final) (view'0 v)} - {[%#sheapsort_generic35] forall i : int . 0 <= i /\ i < UInt64.to_uint start - \/ UInt64.to_uint end' <= i /\ i < Seq.length (view'0 v) -> index_logic'0 v.current i = index_logic'0 v.final i} - {[%#sheapsort_generic36] forall m : t_DeepModelTy'0 . (forall j : int . UInt64.to_uint start <= j - /\ j < UInt64.to_uint end' -> le_log'0 (Seq.get (deep_model'0 v) j) m) - -> (forall j : int . UInt64.to_uint start <= j /\ j < UInt64.to_uint end' + {[%#sheapsort_generic35] forall i : int . 0 <= i /\ i < UInt64.t'int start + \/ UInt64.t'int end' <= i /\ i < Seq.length (view'0 v) -> index_logic'0 v.current i = index_logic'0 v.final i} + {[%#sheapsort_generic36] forall m : t_DeepModelTy'0 . (forall j : int . UInt64.t'int start <= j + /\ j < UInt64.t'int end' -> le_log'0 (Seq.get (deep_model'0 v) j) m) + -> (forall j : int . UInt64.t'int start <= j /\ j < UInt64.t'int end' -> le_log'0 (Seq.get (deep_model'1 v.final) j) m)} (! return' {result}) ] @@ -918,7 +918,7 @@ module M_heapsort_generic__heap_sort [#"heapsort_generic.rs" 94 0 96 29] function view'6 (self : slice t_T'0) : Seq.seq t_T'0 axiom view'6_spec : forall self : slice t_T'0 . ([%#sslice68] Seq.length (view'6 self) - <= UInt64.to_uint (v_MAX'1 : UInt64.t)) + <= UInt64.t'int (v_MAX'1 : UInt64.t)) && ([%#sslice69] view'6 self = Slice64.id self) predicate invariant'2 (self : slice t_T'0) = @@ -949,10 +949,10 @@ module M_heapsort_generic__heap_sort [#"heapsort_generic.rs" 94 0 96 29] use seq.Permut let rec swap'0 (self:borrowed (slice t_T'0)) (a:UInt64.t) (b:UInt64.t) (return' (ret:()))= {[@expl:swap 'self' type invariant] inv'3 self} - {[@expl:swap requires #0] [%#sslice40] UInt64.to_uint a < Seq.length (view'5 self)} - {[@expl:swap requires #1] [%#sslice41] UInt64.to_uint b < Seq.length (view'5 self)} + {[@expl:swap requires #0] [%#sslice40] UInt64.t'int a < Seq.length (view'5 self)} + {[@expl:swap requires #1] [%#sslice41] UInt64.t'int b < Seq.length (view'5 self)} any - [ return' (result:())-> {[%#sslice42] Permut.exchange (view'6 self.final) (view'5 self) (UInt64.to_uint a) (UInt64.to_uint b)} + [ return' (result:())-> {[%#sslice42] Permut.exchange (view'6 self.final) (view'5 self) (UInt64.t'int a) (UInt64.t'int b)} (! return' {result}) ] @@ -987,7 +987,7 @@ module M_heapsort_generic__heap_sort [#"heapsort_generic.rs" 94 0 96 29] meta "compute_max_steps" 1000000 let rec heap_sort'0 (v:borrowed (t_Vec'0)) (return' (ret:()))= {[@expl:heap_sort 'v' type invariant] [%#sheapsort_generic19] inv'1 v} - {[@expl:heap_sort requires] [%#sheapsort_generic20] Seq.length (view'0 v) < div (UInt64.to_uint v_MAX'0) 2} + {[@expl:heap_sort requires] [%#sheapsort_generic20] Seq.length (view'0 v) < div (UInt64.t'int v_MAX'0) 2} (! bb0 [ bb0 = s0 [ s0 = [ &old_v <- [%#sheapsort_generic0] Snapshot.new v ] s1 | s1 = bb1 ] | bb1 = s0 [ s0 = len'0 {v.current} (fun (_ret':UInt64.t) -> [ &_8 <- _ret' ] s1) | s1 = bb2 ] @@ -1005,8 +1005,8 @@ module M_heapsort_generic__heap_sort [#"heapsort_generic.rs" 94 0 96 29] | bb4 = bb4 [ bb4 = {[@expl:mut invariant] (Snapshot.inner old_4_0).final = v.final} {[@expl:loop invariant #0] [%#sheapsort_generic5] permutation_of'0 (view'0 v) (view'1 old_v)} - {[@expl:loop invariant #1] [%#sheapsort_generic4] heap_frag'0 (deep_model'0 v) (UInt64.to_uint start) (Seq.length (view'0 v))} - {[@expl:loop invariant #2] [%#sheapsort_generic3] UInt64.to_uint start <= div (Seq.length (view'0 v)) 2} + {[@expl:loop invariant #1] [%#sheapsort_generic4] heap_frag'0 (deep_model'0 v) (UInt64.t'int start) (Seq.length (view'0 v))} + {[@expl:loop invariant #2] [%#sheapsort_generic3] UInt64.t'int start <= div (Seq.length (view'0 v)) 2} (! s0) [ s0 = bb5 ] [ bb5 = s0 [ s0 = UInt64.gt {start} {[%#sheapsort_generic6] (0 : UInt64.t)} (fun (_ret':bool) -> [ &_16 <- _ret' ] s1) @@ -1034,12 +1034,12 @@ module M_heapsort_generic__heap_sort [#"heapsort_generic.rs" 94 0 96 29] | bb11 = bb11 [ bb11 = {[@expl:mut invariant] (Snapshot.inner old_11_0).final = v.final} {[@expl:loop invariant #0] [%#sheapsort_generic13] inv'1 v} - {[@expl:loop invariant #1] [%#sheapsort_generic12] UInt64.to_uint end' <= Seq.length (view'0 v)} + {[@expl:loop invariant #1] [%#sheapsort_generic12] UInt64.t'int end' <= Seq.length (view'0 v)} {[@expl:loop invariant #2] [%#sheapsort_generic11] permutation_of'0 (view'0 v) (view'1 old_v)} - {[@expl:loop invariant #3] [%#sheapsort_generic10] heap_frag'0 (deep_model'0 v) 0 (UInt64.to_uint end')} - {[@expl:loop invariant #4] [%#sheapsort_generic9] sorted_range'0 (deep_model'0 v) (UInt64.to_uint end') (Seq.length (view'0 v))} + {[@expl:loop invariant #3] [%#sheapsort_generic10] heap_frag'0 (deep_model'0 v) 0 (UInt64.t'int end')} + {[@expl:loop invariant #4] [%#sheapsort_generic9] sorted_range'0 (deep_model'0 v) (UInt64.t'int end') (Seq.length (view'0 v))} {[@expl:loop invariant #5] [%#sheapsort_generic8] forall i : int, j : int . 0 <= i - /\ i < UInt64.to_uint end' /\ UInt64.to_uint end' <= j /\ j < Seq.length (view'0 v) + /\ i < UInt64.t'int end' /\ UInt64.t'int end' <= j /\ j < Seq.length (view'0 v) -> le_log'0 (Seq.get (deep_model'0 v) i) (Seq.get (deep_model'0 v) j)} (! s0) [ s0 = bb12 ] [ bb12 = s0 @@ -1073,9 +1073,9 @@ module M_heapsort_generic__heap_sort [#"heapsort_generic.rs" 94 0 96 29] | bb15 = s0 [ s0 = {[@expl:type invariant] inv'3 _38} s1 | s1 = -{resolve'0 _38}- s2 - | s2 = {[@expl:assertion] [%#sheapsort_generic17] let _ = heap_frag_max'0 (deep_model'0 v) 0 (UInt64.to_uint end') in forall i : int, j : int . 0 + | s2 = {[@expl:assertion] [%#sheapsort_generic17] let _ = heap_frag_max'0 (deep_model'0 v) 0 (UInt64.t'int end') in forall i : int, j : int . 0 <= i - /\ i < UInt64.to_uint end' /\ UInt64.to_uint end' <= j /\ j < Seq.length (view'0 v) + /\ i < UInt64.t'int end' /\ UInt64.t'int end' <= j /\ j < Seq.length (view'0 v) -> le_log'0 (Seq.get (deep_model'0 v) i) (Seq.get (deep_model'0 v) j)} s3 | s3 = {inv'0 v.current} diff --git a/creusot/tests/should_succeed/heapsort_generic/why3session.xml b/creusot/tests/should_succeed/heapsort_generic/why3session.xml index 8f81dbcab6..903b094d57 100644 --- a/creusot/tests/should_succeed/heapsort_generic/why3session.xml +++ b/creusot/tests/should_succeed/heapsort_generic/why3session.xml @@ -2,196 +2,205 @@ - - - - + + - + - + - + - + - + - + - + - + - + - + - + - + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + + + + + + + + + + + + + + + - - + + - - + + - - - - - + + @@ -200,157 +209,154 @@ - + - + - - - - + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + diff --git a/creusot/tests/should_succeed/heapsort_generic/why3shapes.gz b/creusot/tests/should_succeed/heapsort_generic/why3shapes.gz index f5d022adfd419027e06ee0b971aaa151b9a5d421..94afe06f186ffc642e148033ee5d0c88e4d8b587 100644 GIT binary patch literal 7283 zcmV-(9E{^1iwFP!00000|LuHRZyd*x<~x5y1N)%aGgu%q@;*2|fOaw5HZXhiGHC1@ zkypFDv?!C5e9rv({i3S7x~jYSLd&vRk^xbys?3Oth>DC$Mil?$FN>!iz0ZDALG`R_OJyO@7|cX$8r!z-~8D;fXS-M|0xKHk3)zr^qO!R>U4S`nuFM}2yF zCBC1G&`M$Ce?QjvTpwSFJvg({W@z{Hb^Ni$ zcX#bE@-mE(r^Ua;b%r|3jeQTS6J+a~`t!Tzf8KSPe1m5o`|S_UKgJL1`s*uNiTM0# z{q{M2xcfh^|L^9NGx?>~cXvNOlzRUPFBTd+dZ6O^ZK?lY?$?E^d_B9(S zua56A4gEg8$GXv3)wj^^BYUhHn%iT3CBu3$Ah-40jdIiSGwbNK3ZxEjyVE3*9@zPcT* zZl3$6W<~CHxEe#^-uH7rufH9xShAgJ<0iy)!T+!KH(NKfzuR`G;S5BNny+q$tMMGQ zQnH`JSGU8}P0wcha5J$Aqs@h}_^+GQpPu96bC#PsHWn}p%+)qql%0#PL1ziYS-t@?D}KPmpp2}7R@Ls*ex757^+&;?3U~P2`cM-Kz0D zz&g?}#+RGNUBt2lzKMSu=C5Y}ca+Hu!S8>ln0a!_?*2C3KQYXGjX%G?XZ-&Yfwt`h z(p>`A&+#93@3HP(eCnTZH1(H#*)e&)KHR-~__aRXJ+1!>Xdlbszl(xjZ0lAcWW1%*M2%2nM3$j;bl>#k3uO zT|nUkW=!Wivd-oohaRcgFVD=`{Iu?N z(EXZ&xJwW3-xegXd;E01V`k~c`pf$@w76f*ZWJ2ZTL%e@q&!gG_?I_-pz#(b- zB03~+LXkS8=q!c-^#1vXhsBZSn#6D&WKHPt( zh$@)LBT1^<1}evr(WiBLzAF#EzFpL}Pw#>AL>5T{vLRWW0q=BuEzjkEYx$<1cbEmP z)}hyL%BEt_$LciPR(f87lk$f3VNh!VOhen)egi(ks*egmoO zQS^u`H`MgEw4Kr2QrL|4cWx}A{*meZH{awR*Z1YvLK}JYbIv%9*P}zkbNqEOd~?Mz z+(~5sd%0*Ymc|C+#rD4AvOk8@;@?Lv>^J!R!{tvn!0vVQ3#-sAJl-7J7mJ_mo8+I( zwd5bUeVh1^pZ`tmMYX+G?=VmOc)!?;=N`-M$fW(CVLe5?K8JQ@!p`5 zzSz}|1tbqbm(H|rj~UX#<0C@S^6KaRH>Q}4|GLPVQXgx(<3r*Tv7p+ltA``@ttRNL zpF6Y6a5TU1IumHx(MtpHuwwrhGvt<-xwWjPJE2OXUZcN3w*zL z@^O-%Iq7~eC5+{gL*7ns-Mbhcj!zGIyE%IY(3b~Fy+Do?O6JNcU4zC;kH2TjTgP9~ zC5PX8B{&cz=MKP6Qzb7YOTK_ExkuO#!rvT*_&1Xr;ATEixS6ICH`8R}=6G6iGs<3W zMp@0xDBIZ{5pWiCb1WOYDB3=e_ntkNW6FlaqbF`MI-7n^Pa^e8(i=U6HJ9cv=G;Eh za}UkV@Vs2QThNyra!eIzPAg6xXl&PhJ$*ALk2X#+@l_oZoqt{DkBqKM!k_LK=|aPC z>^ONYJnxQ^kA&z4$H^ZPg#VtQ_a?_%DOwq`GJ3#jHc{3}=^f6MQW!WL784a>BE88`rlGxiwP}OCFfd#hzop0U@eTJ=Sb8bQOju}XFU(**r!fZd z8V(5UAP7AP2Ql1l&EL+5`aKv?7c-)cGa^5Z5&fGPVc2Pk#L4Dpw4+?lY`3%R>vGai zYgcmHsw=mhx^l0Xcj)&W+I^?J#A@40thSxRlZIrZ%-cR@|7!t?Z)~dOSG%>LVQKp%4A{Ajg{MC9R}9-bTOuU}UzD zp8MeWOO8DdJ^NI319l&U>zm$>w9;?d+mE!;pY3p;X{DdEw@+YbMQXm4z8{)hNU!Li z*MHYa-;Ex$(#xTBT@J15d^K)BcU=Rzn`=OKC-w^sz3nvgwo}*JK5js#ux&u6a64S_ z@`HQ1`#JuDcMAS-Ki@k3=lgf}Rm@Bnb!PF*_&5CKPh0-l-*0Qva`LeY;O2Y$*c~gq zxf(vy`D@qex7|tX(k8eRKQy=7>P2@@yBGKL{Z%8miA)D=EjIuzi=Fs*pyyzU>)>O6A#OWZbARsX z)g~e3K_}?JnaT`)*>%5d8QmPcY-P$#OFwLzXg9ZY+f(~y)O9d{lOvfvy-&ku6#wJc z?7qCPUm+8H#c8S&bWACRvf7y<*RFr!)rUg`JSyqaSa)BH?ARSnV74a;yOn24P-97* z2OPiKImw(Y_RS$Zu4+BpIYLhc*%#L!k9R!VnKFs$;sIq}#Qp07;Q_;&asTg#$*n;= z-SaDZYW%33ch?y^B-XqAxWkWWXQ~gUnOUhYSu|X>XyA_Oi}Zc&H2F{!UR0*KnI&q* zKApj{=`ZdO-T4ArHjj=x5m%9(!$|o;q zcjpm2rtidV^b+SNXFqHh8p#GT`Qgxl%=nM<-#&B9(RECps&)+eq^z=u74Z%91iipT=RWDWo~TLKTBJI%pT)lOLcd>g`hA!^a*@N2I#qsJBce@eW ztbIJ<3V1VZu1JdXcnV&&j>(2OR~6yOFIe z^tYo7Xx1`p*5Y;4%c8grWSg&Kk>#ASoKWLAMLH{!({##y%JDT%q!qIUZ@TJ!M$t7_ ziNlB7UA*bozl@>zx2wgQQQLnO+d|I;o&KPJxJ-0V?3t>_7BiQ7E>9fBly}Whqjl7o zb=2+c5iO)c1My-FnZa>kC*c9)rIFJ)JhN(eD!MvL*hh=xtf`)Xd4X;mQheT6AHuw_ zt&EFcefdN8v-Z(m=k2{Q}sA$=jS zm+12h;8>eCyj-xs=BV$t7d+IA;9khffjOC-b&zdwnz5aA%J|_ua^aZk(SvTdnO8a( zIpZ!jrYr3`^lD}NWCee61%KNuF|BAZs=e>kI^5l-YUV`1F%U7U#N8KcChU136F|Wc zcgpfVvC8*H-8TbHo%hX6wZ&$O7{>~)RE}PHV{{M_kDH2SA;mH*{n9P%(k%5-Eomv2 z;-;mPd8#wTm}X7!MO!aIXw7*jGQ*LOOND>93QO`!a!ayHGE34+0wP+H#H6JROX-)= zEu~#bvy^%%)ly;|c@q>VDQ&gh2&qjoskmS$ClRe`S}c@XD!Wu>sX&`rD*D(Jy&{up z2wK#VigqPO*_>**m5{Tr3+202e%D2lubEOVQi!IMBh^SM8+?@f)l#(!EtV?${_9#< zybR4%AzMh23N>j7FEUBzqtOdZOD#Xi(!Lm9GJhUky@=9j?X1zdmC~Z}&M!37O)s_j zR0M$OWPPbZ8BL~^lJMGfpr~T>TA78BOCy##EVW;1x77AiQBoSV8>y;;GBuY-soKs?)|TtXx{LG@!&Ujr+93 zG*vV6SaCYg; z(&?pBOGis5mrg8gSXz(=6Ka>%EUo@MNy_BCP1-pXHIbCEl|+tAL(W)XwmOpBA5E24 z*_uFFNxZ zX4oDW!a@aMP%@5jeFX%_?K0&(#JA`VlAzxlw75dTo?TD2XgWrPP$yo=l8Zx8TSnld&&5-454Eys#R| zUEnfWj5X(!ij=AP8b}0fSjiD3Uo!&|z7KW}Z@`+0ds@OQ6Ptt@;1@WeJO(x1Mms$<7Wn_37 zB)f%_fEPd@{O6`sJE5zMQW~k6hFvk$A^9w=;eXf~(8}}Vwa{CoRdAK2c^!Rn3dYb` zp|gZ9%E%HyF8~;VL9T~xl`<0S6b%we7(O9nwM5Oyj2J8B0J;GT=sv-gjD)dV4+q$A zRp*#$fjLK7?rN2lq7Ykr07#lbg>b)@rMY#gft5yAV|^g_}ksALn6NRuB6P$fU&p z8%d=(<9#fp%BGvwH47zWXnxTNVI&j#ZOA1npLGrqAwTKD9av5_KFtmW{AWKDH0-sX z57=ldEMX+*xv#Z0%Dy3sDSUQQs2-F(uAZY{lT$GSTdjn{hnLsM7pHw`si;&g;fNXV zKG48M`*pjX*t6jvr?0$d`B9M^5AO@%ne*CAgY2HySwsH+RWRp_x zT4b`dHLVZ<9LR#tNCTh)!1;_ZFnWJjTjZL?^|Gx=>p)J+EL>DFA^Jhk1J!meIw$l+ zYlTso1|}W4Pf6J9vHfH9lEY)0lveWNMKlr*OM?%u!xtx} zB)J((3MG=zskz*W6eh{4ksoJ1!cpB`w5sL>F*nQ(^V2c(`xBu}2o3>cu_2^XEd`%KiMjfuospW`hKVK2 zBJKp?J}EuqOn|S+q*SU+AekrzSysv}k;7Kov@!pYBxy1Y(YJ^Cx1wz1=8J@&zQBg7 z1|8|YJ;A2`L&@@F11ykLtqHG_KuQi{N-D%uxLDYIpb|a@We6A=wtLdbM3tiqNjJPm z-9j{u8&r|65bxd3LY;~YyUvDYV6?qY&?;=ZprUfHbUyJp7PRj(Qdp@O;YG|g#-v~n zV0)DZaaCBPMvfcS2yd4ZZv>_f@UVz%AoU;rwu95atzpDfM$)e{(jS!!b_!m(vE3J7 z-5U>ALNT9Vaa$%C_-a_1YI8NhXq_SE=vrrZ5ucHkS4Me}w#Lv9W}1+p4M7`08lwuE zOp#k4Xa~ud%u0N9?I>8@4CJ#RCq$$L8Q!(w3t**!G=jx!($!>* zLBL8vCY6he-pXy+jST+)!~nICSIUeKut%_-2nmTl_95(bQ(bDZ_>8E!FR7_7hoM%4 zXtoG)l0Rugq^-c3b}~A|m{xYNKvy*Rl9*D)8#rZnWM#06l(af#mlGn3=4Dq3BV)fj z#;oDb7*)Y$vd$z7#ip~!-q)O^SA%B+d4yz)m_`d&OZ${tp2hDLD;lh5J}u?aWur7j zTW#=^$$9TY=6=`OYSD?U03nYg>#mS`QG+WDHdyKqnvmMJSYl&m12#S77d+YcM^+l&}`+K6PtaGZ2r2r(6(}8db7L@Ds%|xC^DD^JIscex{dAR7r==l zgx}6KH`~U5$^t;0h3Vz61^r93D70%k@~R8)NGcu9iz7LJ9l!cBmcW5faGnba zK;rp~(tr8fRu{8X&P0kH_Ob?z|3k~s`;1TlsRNfb7}?jtvCfDnY*WeErgbPbCjk#( zWsX(`XfbobH64ciV!0%Eh|;t~te2b=Ihy9Q6E0Sw)LQG#aRTOZ1?!9Ew34b)kj@}C zaDh7_54P6gKSVD4X)Xtg!Sn(8SHW`d29`J&#P`7#sU(6l8xbKukF_?Tf4RUBfFm&X z_ABB(c?n{QY`K^kM0Cap6_Kl1VYAY{>!Md&!{Yevs}+NFF6HQoOf|z+>lliv-Z^c! zg_XbO))r!r-+(B5^97+(%}5qY^e}K989cmIDe&2bx-NVr=o=A-qNp;(goIOvT(k1p z2wzeR!gFZa#c4|LCQ)CxD70!CoFYq#2xdq^MS@c~XqHLMW}&zw3?xdhhOk&{7nv&{ z`Zh$Alh;(aD(iLiMkSwQRVhiMi^$3J6(9bafASlWinGbLh9sbJbpU2I#T*j{h&D*+ zOIMpwK&m8tgW_o}YFoS!)rTSxi>O*iiQ-~#K8VoOeh`;@!y*#SH)jHrNEH4HJ)wGm zIJH<6z0#_7wIv1Q-?o@)13kF~S6xBcU2~}i`-1^YFA3yKSjlV)fKs`fD=n9 z+h|JR50-^>Mfs3)*Sf;gD`JV^w`2u#->9^N;wE&LkQ!F5c{GX85O!P#{wt`+^SeL! zD*u$&ATgN{917MfO9fWl3WShWT0zxUZPSnh*8fv_bJ8<~`<$#7(6tPw zsIq|aSp=u8DpxF5Q55|t!4sK})}?sle(dDpgixRY~o3yX0=bf-{q3@I)jTBqL7Nzx`$L@I&}e9u}X< z{loI^_TLwF@t6O35#ELL(}(MuyYJta-t-Xue*KT1KZct(=I8LPJ-C`yp&rBEum7Vw zJiIaQCneZZ`1|$$zAxdi+`ln9?WE`J(rHufWg~Q_o$X!kr?qwek?pnjJ1wF8ds1h& z6nemIL_ddj;rqu)>3`jSELRu*Ic-Nh@CNMAs7#8+M$g4=5~ebNOdef0>$Tdwd_> z_P8S(Mhrb(U54F$VSPXCXK(88baqkCd!tbcW6@&ba;|+4{~^t4W+YV-}ayfCfQIlH_2QN{=g&~ism{((<2<5WMk>7ujTEh zaK8+>?K-AM8SAvGtIgGR z9q!SNb=uX{=IY{cd@4Qa)#hrurS#~=I<`l5wYh4R9fr2;(T8R3(O>S)wxMWmx;@Fp zp3Eq_U0rRiw(C$&FxF{TSDUMgQP1${V&WIJW|s+{!e7_jKRkx}#{}!!<}fb8+ezt8 z*}LugiCROa??PSPhMTawy)F0Qw)_%4t)6_k`03;0Vxz&u&E4IHr`yHOUQ0Lz`Em>Lq;R;|lZ8#zkGpzZ?&|&HcSE&pQ7cFLW3$1; zEr#^*zIpPAO@2I3=TrD`4--90WKVcVW>14(COoBAPx#$fabL5ZMh`Yw?k3}E0*1m* zs}=HXyE*nodZMd~z1Q^P#kPsZ(RZx(X4A3DJp=NImOXL9xPi+j;PTbpx_{UZG7&8& zM9bBTDKQ2?M302HIStc}v-omeOa*Z}nEgq8g#?cH zWtckVCpWx&mJ42fu499Po(+Cm*VcMEFCTFV?cB74qw{k4d2{jFxW?%h|L|W>^BY+vMe^WeZCz;=dOE zUGDF;)`-?co5(*mmha2`;_g$quQzwUTs#enu`4*-HvH|~ z-n3sedQuN}^uur!ZXU`uxWDY`I{Jr+M4GSlB;>EV^;flFPZS@kdr%-B7AVK+zTK_6 zWy+r)M`z1hj_qRbc#Ag=<)*$_JpSuL+1fgfCz5q9>#DV7)LOKASx(>*IC4 z`{i~~ZXZ70mxm)~D%^YZ~+amZ=Yh2G}>&(MuTlD@a&gQ7Rr}w=%)y&v~jym7EHxcof zPWG?6%?>)U$u{W8-OI+^U$gdXE{7}W8OAH<$q!fUt;|iS_7*1htCqB$^gQ0KJ%^09 z>sg1xE&A2%c&BU2jJGl_L6=YJryrI#`S7xExfK~Z1$NN?yRWPNsLo1@ml@>QYOY#r z`QJA3_gwD)e~gha{Nu^wt@1&8|KoDTuhWe1X3J4H`9b*hAY8qK_O~*=w7>O>Xn(MN z71!i{S2M41ZuUZLDIDZY7s9cNnPqU>J_jm2t;(bLuNc& zu5Mi5bC*=zwioOHA6)19_!{r-@9%yo`OQ!NZyRxQuFDJ;x!jj}-2#(Gc3QN(ln>gk zhl5+MB`3Ps1cg^#ebO4A@ZzTNrpNJdUEabP%v@h- z#Zi7;C+qFwu<>|1^{T(Ac(@4VpXrBi`+eCmEc{C8dkg4h2JV`BXgqy|%e=MITW{se zi(2iE)K+;Nh#Bf0i^7~}cql|OzLw{NX;$XgkBgt^`O8PmTZhkU+VgG@sV;AO9->FQ z8$EiVUOf+?C7ul}@k^rSyd5>?6H#-f6OvC2jLpvSbENdl4e18-iMSZQBreuAOk1K) z#KpM9#r|`5H}~B5_-SLkxXEs8{qxK`6VQ7ufYx|7+BdaM&qKtIpBwRGdn`>c^&6jK z^_h_Tv#q`xu>U;s&x9{ujHF3Jy|^_ZY5VM!NU`|RCNuNY;_f_cn(j=}p4&TabvGuM&d;7X;pZts zzlAdN0%ho!GVpoI@UK>;wcT03+D>DucmU6*iES`p+Sne}Bpz6EcwmR-vta^lh(J@8 z5v@r^wB{I1s7l=PnqkCif)US>>l#mO;;5(OI_Yh519nG0S3J**8%nbhY5CTF6k`At})~q$@Bd_Gj9JW4Fz^rgpPE$10=f@ z@$CS~?j-kZhGaJ(zD?R-k2FuR8;fQ;;vV-{fKMd5p>&UA2OClwY)EbGYMYv-12s+O zsA+m^!r+GXh8x-&4z#yzY8v`AH4XjM=Bo9-Sy--r3jb_V#q`vY_{;ELA3xj_GgDzJ z1KVnbzx4!-_WE|bUx(*mLWJ$f%%}C+QcS$M+K_nP4%z+nRBB7vL>9G&aEk3INywxgYD$NQKjq4sDY`=^$f9$?67&&5KL`FT5~8vfU8rTyG69j-Y>e|CeI zW(*4M<*W~kicRSAL?H4hhxF#t{t!H9)#Fn4BKS{)(shdZso(h+;WYGrv>EIV6Fw5Z zIckI_sfWkZ*zP#aqnqnzhlmf8oa{{OiiYg~*%#@4xo^9k>~|Bg&nA;GI>Y1K9vHE> zE!xf&_hpkq+3l5jawh^o#}(C!ji)UyWp+;M(q2)rm{xIboT#_^mGGV#RM z?ink@HJGPFESM83!*=bdbKi3J*KX7Lu#X%v&v!TZ`qMh>+@#xe-exT0Yx7h(OyEpE$fg9fq~~VrTeK7EQ+9=0=X?2MV33FTQAYAKxfEsi$7_e2@W&q7RgxM|31jw-+%udCf4GbRL zir~|Nx1Cz$z0@inUC?lQ-JD6S^2yXHpH8RpOtO%lHZ93KJE?g>((Ib@E9CvUoan5u zCmp8{pOqEmt^6iGJ1e@=YR~!6+#)*b{0^+6IIg27Jiv*@b8hogleJHMcqsSH4Sp7Y zS;q3oHhz1n^df7`@1!ng_IaBvqr2KV#LW7GRX?o{dfAq2XtFtRB(r6mBQykJo5<2~(~_uITMH{WtpW0r!)ECowTA-=eY-Od>vG}27d?VKOGUWUB= zQxcQiI_D=>m(P9sGu=GNdm*~#4BnZB$!u%zjEOXdd7MT)xv7y}sKK7Un60&UK5D0e zb**F04SJzoT+7pLhJc&Cz9$bRFNl)#><7`@i=RmM2c`R~LHsn)#J;y?H~B=p9ab27 zWQExP*cqdCSXk`d!eY(U`$G$4v-y!8-XC0#Tf?2zc&hi&0da9rY_`dg3)VQI6dX7a z_6D*|m4Yn5biQ+)cD9p_JL<55&Rj%?IeBFXP9<6w9e899!FZ*}+S-9aN6?Y!(0AxM z)DCTj(jj+99b$*jq3OVP;5yI_YzNW-cR(Fr2XGN;gOU`ZbKng}6;YAoid8H*FGxGG z9Z5&r5p{&0+oL*Hqd{<#3D_sCrX=fJvKC_zT#y@j`As{mG5aVQqm+VdF*&7V4FxSW zSjGjLj{I-muMasJlPH*=Az4S9YV;LiBJXUe3&xJ&i*#)*L@`l)NMh0FXicugp{WsF zsdmBAF?UQ~3P222f+J%UvZYkWhXbnH8J9c#z-OCiZY3xJQ#X0D{k zgK7yP4oC?#F2r^sop1vq)Cqn;Fzl?uH z#ZIA9(^=nH*IDhX?W}Z`e@jRyJIJo83+jk6Kov@r)wvusBpD#-?~TfV26e`RVH6UR z4WmKGVq!I5@1wCc4oRdl_Q78a|4hXe#_G^L+Atx%<*OE~K zSvDAatkDH)4YFT&=)CEi@0|O}P`M;8i6K|YnM@I{R;-0e#Z+ft;i>a@E@+e3;MExK z*mLr(#DrKGDW_-*$-+zL`HTQ-2-#I3Oss0WC`GkoBQiLNwyuV&*UsDX0PF#oLiU=i zpw*h7N{xV!d|)!Gq3hilVJ1z^c#WXwBcNxgMN)>M0kqgUjA4Ivuv5;6sIKJ98WXfN zJrq$>EUHmzgBgrDN9dY38t)VP6iv;Rj9Mm*1&SAsZUKfGRxsFsf%5{-0Buw0xfIPM z)|dfZCB`f%s)-9QJfc2R1!8d+LRMpwvtWd|fCJT}nR3FlQvoCAiJ!69Skx77B*!3@ zeXU|b6rhADFTiN)6^#8l04rcg&O~2r%+?C0;DKGT5G3SK7tq2B#&=-cR|T3iIzuse zG+DE?DWz1SNfk92a&`ejJva-n!eWc0>O&}|ka{f!HB{$JW(;NltwC$inw$w}B8ALa znNtu}wNi^uQcbWnWrYQ_#^6>5b!bAGlrw=}Y6VI*=gc-ivA%dU3gApMRm^%h2jmWr znqL6K4iGv(^A+$K^)UjJ;Hw%DD$$AvJC1>ZhuoHOKshVS8Ynnhxk?GKIDq0rF*zH8 zPXTdQ$I+f0?f~kr8ZMS86PX-BEJ;hY)vE`;85_gGaW=3^w(W2)YS36yqZ{I*>I9`? zuw@(~?i`_KEFn80bjD?uqbZ3^t=1-IIB*_Eia%HQJ{PUQLrv&JQZ8U>F%>YIlykrZ z5DtI|I-v8zUoZzYC5o>?HdPmdqscBysWG=*E71V_jCJ5_N-i05t*Iof4zLuVnjsNY zj6>psqyyr!)xno+C0dl~iwVUmS{s8$NNj^GumEx$kaj@!?3FP&CxPlitv=R5No$DC;Sk*Zk$`wrU1^_43M1#8U( zID@0w0)$zRphQX0$M!ajb|BD!m{+T$%f^rzu1*U&m#8@&XR~)Ma0F`UXv-Z4zIs(- zRWj}9qAWz7vMF9l(pcK*rP`JU2cd68U8?{g=7LyT05A|0h|UG)OmfB8mVpQ1Z%O6a z7!KsBA?GBdkb<$%c~?xbRa9H@A4I-2wINIO;35KmMOK?K1Xgk$W3a9?;sHqWRrXs{ zKahcn|(U2;WJqdkCK^BzEa2jad(LpV)X6rD-pjpfMbqxEErmxv)_ zV_kry4lJ&C7hvIAHAa%=;0visK#gM&&{X4ci8gZ7*jOK6n?a;eEug9W?OLN&sU+${ zNs%Ju3>+c_Z>z5k3ND6Wv1JYY)-6)lXZ2A-NQEN@Q#7Ff1m804DQ+?b)}5^m(AIVr zz_JZwO5y5E0x|%hU?#JdR5)W@YCGPB2%dc^Sxij|#ez*nDX{q2yu%smg9sXeX@s*F zY^C4}6ZnXtkRZd+)WjL;ST@fkAX&p!=_aEUAhFbU@iflw!evDV4}LPt~_WG8+0y=wb+N_;A5$6cefs zMCdEW7%Yp!cAiDUUlAcdjTUlrRaGFPa>1;{W^UvzFXKFL9hx=~8a^3(HvjHODS%We z*+deTl8w=aUupI!~39uaj@yntP;1qLl z$vcmNF{dCBfYoEflBCUe9RBQ?Ay@I4u@p*7g#j8ZQLUFOLfONR5yRo{9MR`cOH3vq z7|CEHh(#NcHzC=i7=}4b{){zn9yJ7SG>i8o3PK3E0M?eULO?6D23}xrN zT&n9ZI{04#f<`$nFfatDZfn1WjPM80%c{#d|B!x9y}|ptuf2I~-o*E7j6uER}2y zP*^znV6Cer1TX}sLJO2Jdi?4&E!n8!U?Mt7mSc_uiBfKd9#$E?Gev6#X8-Hc4p=qX z8YmRVTwEcmoDemoD8B98OotXbY$?T8sbQ3A86$XX-+7S(3NHJc0DLt?qP@Kdp6uG%X3&8ZIrNjW4_Y_t_cE1Qhg5-Qh}!oXfd>%Ug?ejlElxpdzGf zYK>8gREEa9ZqU_y<7TLsZ2Pf|_F0;e3ptDARHRWOvIjHns}ws__(n|-vgg3gsyH<5 z>kbX1R4d1dp$1%_w&Zd%gY8hILtX8jmA-Y;L^X}a5R)e)aF~4dkQ9JQ5L3rY3Ut`^ zGvB;5)J12w?cZ_%&1xG_+*E;B1*@eo=i#73_eU}dN2xA*rIM7qLco@l&gdiC_I>=A zPig!3Kb&b|LhwwceXAtkIj4j+vn{!3u};QZjiW!Pd2&1HCSR~v(OL~h%)|~0gJ3LX z%mX?81Di<1h2q6k095kK#zl>uMKDqEX^1#Cv`GZ-h{mvl^DwWtGVF1-9 zs*!*q3y%pbbpB6EU9_M4Ad1;%g!a>1saW5B;VeOLPCN{e^p~-wzE&LHF@8D zovaq{DTMYTRD{4nQN0gCHp0`NmfOz@n8IX{3V|Y9aD_wrMOKp~coZ2jAHIz_o}S(Q RwC0R8|36bT_xV4c007l28N>hp diff --git a/creusot/tests/should_succeed/hillel.coma b/creusot/tests/should_succeed/hillel.coma index d1df83ff62..d2c46c3730 100644 --- a/creusot/tests/should_succeed/hillel.coma +++ b/creusot/tests/should_succeed/hillel.coma @@ -68,7 +68,7 @@ module M_hillel__right_pad [#"hillel.rs" 17 0 17 59] function view'2 (self : t_Vec'0) : Seq.seq t_T'0 - axiom view'2_spec : forall self : t_Vec'0 . [%#svec19] Seq.length (view'2 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) + axiom view'2_spec : forall self : t_Vec'0 . [%#svec19] Seq.length (view'2 self) <= UInt64.t'int (v_MAX'0 : UInt64.t) function view'1 (self : borrowed (t_Vec'0)) : Seq.seq t_T'0 = [%#smodel15] view'2 self.current @@ -121,7 +121,7 @@ module M_hillel__right_pad [#"hillel.rs" 17 0 17 59] let rec len'0 (self:t_Vec'0) (return' (ret:UInt64.t))= {[@expl:len 'self' type invariant] inv'3 self} any - [ return' (result:UInt64.t)-> {[%#svec17] UInt64.to_uint result = Seq.length (view'4 self)} (! return' {result}) ] + [ return' (result:UInt64.t)-> {[%#svec17] UInt64.t'int result = Seq.length (view'4 self)} (! return' {result}) ] predicate invariant'1 (self : borrowed (t_Vec'0)) = @@ -155,9 +155,9 @@ module M_hillel__right_pad [#"hillel.rs" 17 0 17 59] | bb2 = bb2 [ bb2 = {[@expl:mut invariant] (Snapshot.inner old_2_0).final = str.final} {[@expl:loop invariant #0] [%#shillel5] Seq.length (view'0 old_str) <= Seq.length (view'1 str)} - {[@expl:loop invariant #1] [%#shillel4] Seq.length (view'0 old_str) < UInt64.to_uint len - -> Seq.length (view'1 str) <= UInt64.to_uint len} - {[@expl:loop invariant #2] [%#shillel3] Seq.length (view'1 str) > UInt64.to_uint len + {[@expl:loop invariant #1] [%#shillel4] Seq.length (view'0 old_str) < UInt64.t'int len + -> Seq.length (view'1 str) <= UInt64.t'int len} + {[@expl:loop invariant #2] [%#shillel3] Seq.length (view'1 str) > UInt64.t'int len -> Seq.length (view'1 str) = Seq.length (view'0 old_str)} {[@expl:loop invariant #3] [%#shillel2] forall i : int . 0 <= i /\ i < Seq.length (view'0 old_str) -> index_logic'0 str.current i = index_logic'0 (Snapshot.inner old_str).current i} @@ -196,19 +196,18 @@ module M_hillel__right_pad [#"hillel.rs" 17 0 17 59] | & _23 : borrowed (t_Vec'0) = any_l () | & old_2_0 : Snapshot.snap_ty (borrowed (t_Vec'0)) = any_l () ] - [ return' (result:())-> {[@expl:right_pad ensures #0] [%#shillel8] Seq.length (view'2 str.final) - >= UInt64.to_uint len + [ return' (result:())-> {[@expl:right_pad ensures #0] [%#shillel8] Seq.length (view'2 str.final) >= UInt64.t'int len /\ Seq.length (view'2 str.final) >= Seq.length (view'1 str)} - {[@expl:right_pad ensures #1] [%#shillel9] Seq.length (view'2 str.final) = UInt64.to_uint len + {[@expl:right_pad ensures #1] [%#shillel9] Seq.length (view'2 str.final) = UInt64.t'int len \/ Seq.length (view'2 str.final) = Seq.length (view'1 str)} - {[@expl:right_pad ensures #2] [%#shillel10] UInt64.to_uint len <= Seq.length (view'1 str) + {[@expl:right_pad ensures #2] [%#shillel10] UInt64.t'int len <= Seq.length (view'1 str) -> Seq.length (view'2 str.final) = Seq.length (view'1 str)} - {[@expl:right_pad ensures #3] [%#shillel11] UInt64.to_uint len > Seq.length (view'1 str) - -> Seq.length (view'2 str.final) = UInt64.to_uint len} + {[@expl:right_pad ensures #3] [%#shillel11] UInt64.t'int len > Seq.length (view'1 str) + -> Seq.length (view'2 str.final) = UInt64.t'int len} {[@expl:right_pad ensures #4] [%#shillel12] forall i : int . 0 <= i /\ i < Seq.length (view'1 str) -> index_logic'0 str.final i = index_logic'0 str.current i} - {[@expl:right_pad ensures #5] [%#shillel13] forall i : int . Seq.length (view'1 str) <= i - /\ i < UInt64.to_uint len -> index_logic'0 str.final i = pad} + {[@expl:right_pad ensures #5] [%#shillel13] forall i : int . Seq.length (view'1 str) <= i /\ i < UInt64.t'int len + -> index_logic'0 str.final i = pad} (! return' {result}) ] end @@ -287,7 +286,7 @@ module M_hillel__left_pad [#"hillel.rs" 34 0 34 58] function view'2 (self : t_Vec'0) : Seq.seq t_T'0 - axiom view'2_spec : forall self : t_Vec'0 . [%#svec24] Seq.length (view'2 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) + axiom view'2_spec : forall self : t_Vec'0 . [%#svec24] Seq.length (view'2 self) <= UInt64.t'int (v_MAX'0 : UInt64.t) use seq.Seq @@ -344,7 +343,7 @@ module M_hillel__left_pad [#"hillel.rs" 34 0 34 58] let rec len'0 (self:t_Vec'0) (return' (ret:UInt64.t))= {[@expl:len 'self' type invariant] inv'3 self} any - [ return' (result:UInt64.t)-> {[%#svec19] UInt64.to_uint result = Seq.length (view'4 self)} (! return' {result}) ] + [ return' (result:UInt64.t)-> {[%#svec19] UInt64.t'int result = Seq.length (view'4 self)} (! return' {result}) ] predicate invariant'1 (self : borrowed (t_Vec'0)) = @@ -358,10 +357,10 @@ module M_hillel__left_pad [#"hillel.rs" 34 0 34 58] {[@expl:insert 'element' type invariant] inv'2 element} any [ return' (result:())-> {[%#svec20] Seq.length (view'2 self.final) = Seq.length (view'0 self) + 1} - {[%#svec21] forall i : int . 0 <= i /\ i < UInt64.to_uint index + {[%#svec21] forall i : int . 0 <= i /\ i < UInt64.t'int index -> index_logic'0 self.final i = index_logic'0 self.current i} - {[%#svec22] index_logic'0 self.final (UInt64.to_uint index) = element} - {[%#svec23] forall i : int . UInt64.to_uint index < i /\ i < Seq.length (view'2 self.final) + {[%#svec22] index_logic'0 self.final (UInt64.t'int index) = element} + {[%#svec23] forall i : int . UInt64.t'int index < i /\ i < Seq.length (view'2 self.final) -> index_logic'0 self.final i = index_logic'0 self.current (i - 1)} (! return' {result}) ] @@ -387,9 +386,9 @@ module M_hillel__left_pad [#"hillel.rs" 34 0 34 58] | bb3 = bb3 [ bb3 = {[@expl:mut invariant] (Snapshot.inner old_3_0).final = str.final} {[@expl:loop invariant #0] [%#shillel7] Seq.length (view'1 old_str) <= Seq.length (view'0 str)} - {[@expl:loop invariant #1] [%#shillel6] Seq.length (view'1 old_str) < UInt64.to_uint len - -> Seq.length (view'0 str) <= UInt64.to_uint len} - {[@expl:loop invariant #2] [%#shillel5] Seq.length (view'0 str) > UInt64.to_uint len + {[@expl:loop invariant #1] [%#shillel6] Seq.length (view'1 old_str) < UInt64.t'int len + -> Seq.length (view'0 str) <= UInt64.t'int len} + {[@expl:loop invariant #2] [%#shillel5] Seq.length (view'0 str) > UInt64.t'int len -> Seq.length (view'0 str) = Seq.length (view'1 old_str)} {[@expl:loop invariant #3] [%#shillel4] Snapshot.inner c = Seq.length (view'0 str) - Seq.length (view'1 old_str)} @@ -433,10 +432,9 @@ module M_hillel__left_pad [#"hillel.rs" 34 0 34 58] | & _26 : Snapshot.snap_ty int = any_l () | & old_3_0 : Snapshot.snap_ty (borrowed (t_Vec'0)) = any_l () ] - [ return' (result:())-> {[@expl:left_pad ensures #0] [%#shillel12] Seq.length (view'2 str.final) - >= UInt64.to_uint len + [ return' (result:())-> {[@expl:left_pad ensures #0] [%#shillel12] Seq.length (view'2 str.final) >= UInt64.t'int len /\ Seq.length (view'2 str.final) >= Seq.length (view'0 str)} - {[@expl:left_pad ensures #1] [%#shillel13] Seq.length (view'2 str.final) = UInt64.to_uint len + {[@expl:left_pad ensures #1] [%#shillel13] Seq.length (view'2 str.final) = UInt64.t'int len \/ Seq.length (view'2 str.final) = Seq.length (view'0 str)} {[@expl:left_pad ensures #2] [%#shillel14] forall i : int . 0 <= i /\ i < Seq.length (view'2 str.final) - Seq.length (view'0 str) -> index_logic'0 str.final i = pad} @@ -599,7 +597,7 @@ module M_hillel__insert_unique [#"hillel.rs" 80 0 80 62] function view'3 (self : t_Vec'0) : Seq.seq t_T'0 - axiom view'3_spec : forall self : t_Vec'0 . [%#svec50] Seq.length (view'3 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) + axiom view'3_spec : forall self : t_Vec'0 . [%#svec50] Seq.length (view'3 self) <= UInt64.t'int (v_MAX'0 : UInt64.t) use seq.Seq @@ -659,7 +657,7 @@ module M_hillel__insert_unique [#"hillel.rs" 80 0 80 62] function view'5 (self : slice t_T'0) : Seq.seq t_T'0 axiom view'5_spec : forall self : slice t_T'0 . ([%#sslice52] Seq.length (view'5 self) - <= UInt64.to_uint (v_MAX'0 : UInt64.t)) + <= UInt64.t'int (v_MAX'0 : UInt64.t)) && ([%#sslice53] view'5 self = Slice64.id self) predicate invariant'9 (self : slice t_T'0) = @@ -1049,7 +1047,7 @@ module M_hillel__unique [#"hillel.rs" 102 0 102 56] let%span srange50 = "../../../creusot-contracts/src/std/iter/range.rs" 42 15 42 32 let%span srange51 = "../../../creusot-contracts/src/std/iter/range.rs" 43 15 43 32 let%span srange52 = "../../../creusot-contracts/src/std/iter/range.rs" 44 14 44 42 - let%span snum53 = "../../../creusot-contracts/src/std/num.rs" 52 28 52 33 + let%span snum53 = "../../../creusot-contracts/src/std/num.rs" 54 32 54 37 let%span srange54 = "../../../creusot-contracts/src/std/iter/range.rs" 15 12 15 78 let%span sresolve55 = "../../../creusot-contracts/src/resolve.rs" 54 20 54 34 let%span smodel56 = "../../../creusot-contracts/src/model.rs" 97 8 97 28 @@ -1096,7 +1094,7 @@ module M_hillel__unique [#"hillel.rs" 102 0 102 56] function view'1 (self : t_Vec'0) : Seq.seq t_T'0 - axiom view'1_spec : forall self : t_Vec'0 . [%#svec38] Seq.length (view'1 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) + axiom view'1_spec : forall self : t_Vec'0 . [%#svec38] Seq.length (view'1 self) <= UInt64.t'int (v_MAX'0 : UInt64.t) use seq.Seq @@ -1140,7 +1138,7 @@ module M_hillel__unique [#"hillel.rs" 102 0 102 56] function view'2 (self : slice t_T'0) : Seq.seq t_T'0 axiom view'2_spec : forall self : slice t_T'0 . ([%#sslice57] Seq.length (view'2 self) - <= UInt64.to_uint (v_MAX'0 : UInt64.t)) + <= UInt64.t'int (v_MAX'0 : UInt64.t)) && ([%#sslice58] view'2 self = Slice64.id self) predicate invariant'4 (self : slice t_T'0) = @@ -1162,7 +1160,7 @@ module M_hillel__unique [#"hillel.rs" 102 0 102 56] let rec len'0 (self:slice t_T'0) (return' (ret:UInt64.t))= {[@expl:len 'self' type invariant] inv'4 self} any - [ return' (result:UInt64.t)-> {[%#sslice21] Seq.length (view'0 self) = UInt64.to_uint result} (! return' {result}) ] + [ return' (result:UInt64.t)-> {[%#sslice21] Seq.length (view'0 self) = UInt64.t'int result} (! return' {result}) ] type t_Range'0 = @@ -1248,7 +1246,7 @@ module M_hillel__unique [#"hillel.rs" 102 0 102 56] use seq.Seq function deep_model'4 (self : UInt64.t) : int = - [%#snum53] UInt64.to_uint self + [%#snum53] UInt64.t'int self use seq.Seq @@ -1416,7 +1414,7 @@ module M_hillel__unique [#"hillel.rs" 102 0 102 56] [ s0 = [ &produced <- _30 ] s1 | s1 = [ &i <- __creusot_proc_iter_elem ] s2 | s2 = [ &_34 <- i ] s3 - | s3 = [ &_35 <- Slice.length str ] s4 + | s3 = [ &_35 <- Slice64.length str ] s4 | s4 = UInt64.lt {_34} {_35} (fun (_ret':bool) -> [ &_36 <- _ret' ] s5) | s5 = {[@expl:index in bounds] [%#shillel11] _36} s6 | s6 = bb19 ] @@ -1524,7 +1522,7 @@ module M_hillel__sum_range [#"hillel.rs" 125 0 125 54] (([@expl:sum_range requires] [%#shillel0] 0 <= from + 1 /\ from + 1 <= to' /\ to' <= Seq.length seq) /\ 0 <= ([%#shillel2] to' - from) /\ ([%#shillel2] to' - (from + 1)) < ([%#shillel2] to' - from)) /\ (([%#shillel1] sum_range'0 seq (from + 1) to' >= 0) - -> ([%#shillel1] UInt32.to_uint (Seq.get seq from) + sum_range'0 seq (from + 1) to' >= 0)) + -> ([%#shillel1] UInt32.t'int (Seq.get seq from) + sum_range'0 seq (from + 1) to' >= 0)) else [%#shillel1] 0 >= 0 ) @@ -1556,7 +1554,7 @@ module M_hillel__sum_range_split [#"hillel.rs" 137 0 137 61] axiom sum_range'0_def : forall seq : Seq.seq UInt32.t, from : int, to' : int . ([%#shillel4] 0 <= from /\ from <= to' /\ to' <= Seq.length seq) -> sum_range'0 seq from to' - = ([%#shillel7] if to' - from > 0 then UInt32.to_uint (Seq.get seq from) + sum_range'0 seq (from + 1) to' else 0) + = ([%#shillel7] if to' - from > 0 then UInt32.t'int (Seq.get seq from) + sum_range'0 seq (from + 1) to' else 0) axiom sum_range'0_spec : forall seq : Seq.seq UInt32.t, from : int, to' : int . ([%#shillel4] 0 <= from /\ from <= to' /\ to' <= Seq.length seq) -> ([%#shillel5] sum_range'0 seq from to' >= 0) @@ -1615,7 +1613,7 @@ module M_hillel__score [#"hillel.rs" 147 0 147 38] axiom sum_range'0_def : forall seq : Seq.seq UInt32.t, from : int, to' : int . ([%#shillel6] 0 <= from /\ from <= to' /\ to' <= Seq.length seq) -> sum_range'0 seq from to' - = ([%#shillel10] if to' - from > 0 then UInt32.to_uint (Seq.get seq from) + sum_range'0 seq (from + 1) to' else 0) + = ([%#shillel10] if to' - from > 0 then UInt32.t'int (Seq.get seq from) + sum_range'0 seq (from + 1) to' else 0) axiom sum_range'0_spec : forall seq : Seq.seq UInt32.t, from : int, to' : int . ([%#shillel6] 0 <= from /\ from <= to' /\ to' <= Seq.length seq) -> ([%#shillel7] sum_range'0 seq from to' >= 0) @@ -1694,7 +1692,7 @@ module M_hillel__fulcrum [#"hillel.rs" 159 0 159 30] let%span shillel36 = "hillel.rs" 146 10 146 77 let%span shillel37 = "hillel.rs" 148 4 148 41 let%span srange38 = "../../../creusot-contracts/src/std/iter/range.rs" 23 12 27 70 - let%span snum39 = "../../../creusot-contracts/src/std/num.rs" 263 26 263 59 + let%span snum39 = "../../../creusot-contracts/src/std/num.rs" 266 26 266 59 let%span sslice40 = "../../../creusot-contracts/src/std/slice.rs" 378 20 378 24 let%span sslice41 = "../../../creusot-contracts/src/std/slice.rs" 384 20 384 32 let%span sslice42 = "../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 @@ -1724,7 +1722,7 @@ module M_hillel__fulcrum [#"hillel.rs" 159 0 159 30] let%span srange66 = "../../../creusot-contracts/src/std/iter/range.rs" 42 15 42 32 let%span srange67 = "../../../creusot-contracts/src/std/iter/range.rs" 43 15 43 32 let%span srange68 = "../../../creusot-contracts/src/std/iter/range.rs" 44 14 44 42 - let%span snum69 = "../../../creusot-contracts/src/std/num.rs" 52 28 52 33 + let%span snum69 = "../../../creusot-contracts/src/std/num.rs" 54 32 54 37 let%span srange70 = "../../../creusot-contracts/src/std/iter/range.rs" 15 12 15 78 let%span sops71 = "../../../creusot-contracts/src/logic/ops.rs" 42 8 42 31 let%span smodel72 = "../../../creusot-contracts/src/model.rs" 106 8 106 22 @@ -1786,7 +1784,7 @@ module M_hillel__fulcrum [#"hillel.rs" 159 0 159 30] function view'1 (self : slice UInt32.t) : Seq.seq UInt32.t axiom view'1_spec : forall self : slice UInt32.t . ([%#sslice42] Seq.length (view'1 self) - <= UInt64.to_uint (v_MAX'0 : UInt64.t)) + <= UInt64.t'int (v_MAX'0 : UInt64.t)) && ([%#sslice43] view'1 self = Slice64.id self) function view'0 (self : slice UInt32.t) : Seq.seq UInt32.t = @@ -1799,7 +1797,7 @@ module M_hillel__fulcrum [#"hillel.rs" 159 0 159 30] axiom sum_range'0_def : forall seq : Seq.seq UInt32.t, from : int, to' : int . ([%#shillel27] 0 <= from /\ from <= to' /\ to' <= Seq.length seq) -> sum_range'0 seq from to' - = ([%#shillel30] if to' - from > 0 then UInt32.to_uint (Seq.get seq from) + sum_range'0 seq (from + 1) to' else 0) + = ([%#shillel30] if to' - from > 0 then UInt32.t'int (Seq.get seq from) + sum_range'0 seq (from + 1) to' else 0) axiom sum_range'0_spec : forall seq : Seq.seq UInt32.t, from : int, to' : int . ([%#shillel27] 0 <= from /\ from <= to' /\ to' <= Seq.length seq) -> ([%#shillel28] sum_range'0 seq from to' >= 0) @@ -1890,7 +1888,7 @@ module M_hillel__fulcrum [#"hillel.rs" 159 0 159 30] let rec len'0 (self:slice UInt32.t) (return' (ret:UInt64.t))= {[@expl:len 'self' type invariant] inv'4 self} any - [ return' (result:UInt64.t)-> {[%#sslice33] Seq.length (view'0 self) = UInt64.to_uint result} (! return' {result}) ] + [ return' (result:UInt64.t)-> {[%#sslice33] Seq.length (view'0 self) = UInt64.t'int result} (! return' {result}) ] type t_Range'0 = @@ -1952,7 +1950,7 @@ module M_hillel__fulcrum [#"hillel.rs" 159 0 159 30] use seq.Seq function deep_model'0 (self : UInt64.t) : int = - [%#snum69] UInt64.to_uint self + [%#snum69] UInt64.t'int self use seq.Seq @@ -2022,8 +2020,7 @@ module M_hillel__fulcrum [#"hillel.rs" 159 0 159 30] let rec abs_diff'0 (self:UInt32.t) (other:UInt32.t) (return' (ret:UInt32.t))= any - [ return' (result:UInt32.t)-> {[%#snum39] UInt32.to_uint result - = abs_diff'1 (UInt32.to_uint self) (UInt32.to_uint other)} + [ return' (result:UInt32.t)-> {[%#snum39] UInt32.t'int result = abs_diff'1 (UInt32.t'int self) (UInt32.t'int other)} (! return' {result}) ] @@ -2055,10 +2052,9 @@ module M_hillel__fulcrum [#"hillel.rs" 159 0 159 30] [ bb4 = {[@expl:for invariant] [%#shillel5] inv'1 (Snapshot.inner produced)} {[@expl:for invariant] [%#shillel5] inv'0 iter} {[@expl:for invariant] [%#shillel5] produces'0 (Snapshot.inner iter_old) (Snapshot.inner produced) iter} - {[@expl:loop invariant #0] [%#shillel4] UInt32.to_uint total + {[@expl:loop invariant #0] [%#shillel4] UInt32.t'int total = sum_range'0 (view'0 s) 0 (Seq.length (Snapshot.inner produced))} - {[@expl:loop invariant #1] [%#shillel3] UInt32.to_uint total - <= sum_range'0 (view'0 s) 0 (Seq.length (view'0 s))} + {[@expl:loop invariant #1] [%#shillel3] UInt32.t'int total <= sum_range'0 (view'0 s) 0 (Seq.length (view'0 s))} (! s0) [ s0 = bb5 ] [ bb5 = s0 [ s0 = Borrow.borrow_mut {iter} @@ -2090,7 +2086,7 @@ module M_hillel__fulcrum [#"hillel.rs" 159 0 159 30] ] | bb9 = s0 - [ s0 = {[@expl:assertion] [%#shillel7] UInt32.to_uint total = sum_range'0 (view'0 s) 0 (Seq.length (view'0 s))} s1 + [ s0 = {[@expl:assertion] [%#shillel7] UInt32.t'int total = sum_range'0 (view'0 s) 0 (Seq.length (view'0 s))} s1 | s1 = [ &min_i <- [%#shillel8] (0 : UInt64.t) ] s2 | s2 = [ &min_dist <- total ] s3 | s3 = [ &sum <- [%#shillel9] (0 : UInt32.t) ] s4 @@ -2109,14 +2105,14 @@ module M_hillel__fulcrum [#"hillel.rs" 159 0 159 30] [ bb16 = {[@expl:for invariant] [%#shillel18] inv'3 (Snapshot.inner produced1)} {[@expl:for invariant] [%#shillel18] inv'2 iter1} {[@expl:for invariant] [%#shillel18] produces'1 (Snapshot.inner iter_old1) (Snapshot.inner produced1) iter1} - {[@expl:loop invariant #0] [%#shillel17] UInt32.to_uint sum + {[@expl:loop invariant #0] [%#shillel17] UInt32.t'int sum = sum_range'0 (view'0 s) 0 (Seq.length (Snapshot.inner produced1))} - {[@expl:loop invariant #1] [%#shillel16] UInt32.to_uint sum <= UInt32.to_uint total} - {[@expl:loop invariant #2] [%#shillel15] UInt64.to_uint min_i <= Seq.length (Snapshot.inner produced1) - /\ UInt64.to_uint min_i < Seq.length (view'0 s)} - {[@expl:loop invariant #3] [%#shillel14] UInt32.to_uint min_dist = score'0 (view'0 s) (UInt64.to_uint min_i)} + {[@expl:loop invariant #1] [%#shillel16] UInt32.t'int sum <= UInt32.t'int total} + {[@expl:loop invariant #2] [%#shillel15] UInt64.t'int min_i <= Seq.length (Snapshot.inner produced1) + /\ UInt64.t'int min_i < Seq.length (view'0 s)} + {[@expl:loop invariant #3] [%#shillel14] UInt32.t'int min_dist = score'0 (view'0 s) (UInt64.t'int min_i)} {[@expl:loop invariant #4] [%#shillel13] forall j : int . 0 <= j /\ j < Seq.length (Snapshot.inner produced1) - -> score'0 (view'0 s) (UInt64.to_uint min_i) <= score'0 (view'0 s) j} + -> score'0 (view'0 s) (UInt64.t'int min_i) <= score'0 (view'0 s) j} (! s0) [ s0 = bb17 ] [ bb17 = s0 [ s0 = Borrow.borrow_mut {iter1} @@ -2157,7 +2153,7 @@ module M_hillel__fulcrum [#"hillel.rs" 159 0 159 30] | bb26 = bb27 | bb27 = s0 [ s0 = [ &_72 <- i ] s1 - | s1 = [ &_73 <- Slice.length s ] s2 + | s1 = [ &_73 <- Slice64.length s ] s2 | s2 = UInt64.lt {_72} {_73} (fun (_ret':bool) -> [ &_74 <- _ret' ] s3) | s3 = {[@expl:index in bounds] [%#shillel20] _74} s4 | s4 = bb28 ] @@ -2204,10 +2200,10 @@ module M_hillel__fulcrum [#"hillel.rs" 159 0 159 30] | & _73 : UInt64.t = any_l () | & _74 : bool = any_l () ] - [ return' (result:UInt64.t)-> {[@expl:fulcrum ensures #0] [%#shillel23] 0 <= UInt64.to_uint result - /\ UInt64.to_uint result < Seq.length (view'0 s)} + [ return' (result:UInt64.t)-> {[@expl:fulcrum ensures #0] [%#shillel23] 0 <= UInt64.t'int result + /\ UInt64.t'int result < Seq.length (view'0 s)} {[@expl:fulcrum ensures #1] [%#shillel24] forall i : int . 0 <= i /\ i < Seq.length (view'0 s) - -> score'0 (view'0 s) (UInt64.to_uint result) <= score'0 (view'0 s) i} + -> score'0 (view'0 s) (UInt64.t'int result) <= score'0 (view'0 s) i} (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/hillel/why3session.xml b/creusot/tests/should_succeed/hillel/why3session.xml index d62bc526f7..546e100f35 100644 --- a/creusot/tests/should_succeed/hillel/why3session.xml +++ b/creusot/tests/should_succeed/hillel/why3session.xml @@ -2,20 +2,17 @@ - - - - + - + @@ -27,106 +24,106 @@ - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + @@ -135,250 +132,250 @@ - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - - + + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - - + + - + - + - + - - + + - + - + - + - + - + - + - + - + diff --git a/creusot/tests/should_succeed/hillel/why3shapes.gz b/creusot/tests/should_succeed/hillel/why3shapes.gz index 33656edb72dbf2a34f101ecd27d3f6b53b5e8184..0daf88da6d89343b99229a1eb34f99b2230a320f 100644 GIT binary patch literal 7806 zcmV-^9)aN>iwFP!00000|LuKSZyZOK<~x4{fqBr*2o1#jvak$r22GTJ**35EC-PF6m04uTk}S%01J%lmIC0L2h;xrf`hWe)`R=FizU6QF z-R=KAH|PKI&u8JgH{qt-{`l}y_;6i*c_p?iJiNNTeFz_}{?EmKy<(SV;rjMNxW5j! z53kgg|4gs1^p;-^4^sfS6&--uip$|)3c$9q1Hi-O@Gu1sTh#%`t-2f@rT~1aI{-Xf z4i9JH4IXp($JNcBeS2H(hrzn>q1P}I#ROEk;Xj$tHB@iI_aA|v zZS&SHW_;2p%x8^*qezGTkJyMe-TQPQ2Z*=m?8OzscDHwF1>>+2Ti^CcZrw!_7co3M z3H`PgPA)DxXtsv{`7P(+KkpyQLMD0^vFE0jzT=C+8`x5=_BiaiaJ8<6+#Vtv#K|ti zX;@#g-^1^R$0e3yV-En|(wsgO$q&zQdJ(>V2Gv=4_x|C3u9}ToF$NO))o+L13siWW zc=xvDY_5mP@#c9w4}a;v*3kE&FxQEh{L7^wT1T~)nYG^Vm(z(HsAF%B4mI~95gb~f zrx6@C7$=N6v_kwDE5ui<&@;R6j1^kS$uX7nBpo*K6}2UM1716}JLO%&J@&hG%I+9t zbTz7Oz%aDwcgc)jKRK)~0n3PZ@SyV^a* zT|v+hcAb;hg>qBg&AJfpP}derT`r;_gfok1=uP;sJcL}z`>S_%x!eE<5z4fI&zR@b zP0OziP|JQ7)WTAuZ+M^6nFV7o1Vbbw$52R8EVPGlThoKU%wCR9^MK0^A)6gSHam~$ z+z|A+A?R~wg9p~f0w+DF>1reifnYsn5IJ_ae>{jc`+yS;ua7wC>Fi+$BDuI6pN748 zxVyS9^=ems?iEALHbe}vIE@Ss#taHF+nWQJxxA4~pN04Lclj}u9lh)D`ZYxX+(BsH z&bsVcqi(=u0y3Um1vj=$EEFPNB?J^zpdI)8+UykI01_0%{>I$EUM@ zdkFt_^|!m*0{t1VYc&1G-8(dGx1tZ!!Ac*g)6*2S-iluQ9G))6r+GLp>=5t^dpSOx zbx+|#N!_E^>+a+2_0NyQ)?i#!`{vYELvxp+tJwV%KZb9q>i#4eLa!L1wwHC zYFBRRtMiBdd0)=Q$#mc*+?U09D;e5o~S^uN{SyanV~_OjE8Bc?clZ8q^M3j)dcYXUKP~Y8dg>R@vYcSHMhr62(<$yQ=5BN#4d+-rK_y?or@wHx;n|#IgXy1%Y zGv~St!<$b3WhpSPUmxz!IGX`=>Wt?rH#D4;pP$ln*U1q9-97wN?$=a!vaM>I!mN>S z{5&p+Y7x-cJpU*5jH~)MZ2Ty;$>5XS-w`6> z*z!zioQzGL{q1iPh2P3i*Dt4ygG;^QZsJezw&qOt9`lO#L#F<0#hnq{(D{UZtlIY8 z@D9fE?9&Y|P2kEky8rnIRLvy*_!C&YqP6XfTPts181L1vd%L>3$rFwnDj4ZKcX*ed z!k6Sv8uYygO!MWD`MIu~9Ei1aWWL8;6Nrc*L|jQY2S&s&HyZl>are^^bKZ4*2sdEw zSR5uhg!^ivI+gNdGV*W{#bo8Kb8m+BR_PSzC$;i0w1DTnc*a=Jki`yt44y;aJ>H9F zOeR3yuFrm}*q%GcT!-v%MOUE4TCt?gXLb+p1l4UFy|h`j`o{3IDsPA5-u8*KVtt`Q zO&~9x)`iuTezTv}M8CF@Q`toN`5Nf0!erG2b-8($K<|paw~lel-l(-#-O65yw-a^RE{RN3)f(Enq){|Mg;jf`Kln#&>|K1K&1^x@myNlx|VI;!mFC z>FvINu&*DipXRyYG|z3t-pg(kResc>@B%z0j#H?l|hMJWcN>+FnDn5KD zQgJF$EoyOM>$ZMwSLU@iw{5%cSL$o6gxN&EFDi0u>()oC6$E*!(evYMunwSAp!mU- z?GGaO@<5Qv`%5;c`JnbBTJ1@8MWuO}Nv$=CX?>Qr?*3`tCJt!WzA{B8Q9X#g9QH|2 zad~_iT0z*4=f-|$HB{UhpAL#cd@K&}u{gwsC}8(+f3`R@?E;|0&d_|kv@)-715q!s zLvf_n>4&TT8*YDuseu_vY}z}osT_y<@QOcCPgx%~FRv_0BnOp?A)8q9t7FmVaLDnL zVHh$G&}gX-afmsN#el?))NM}UP|jyRugLI849-F~^CuQz0i4q!RukDK6_AgmK_ zwZvZ+f!~&YJe*Q={Ot-r;#dJ_THG0uj}upMqK&I7_~y;WkM8!dPd_`(4p(rQoS&Xx zALn)@fBufn5Xj05C5-;Hn*b+N%SsTb;sE~?VDm7T)p@*oyv@56YW+Hun}=O5+(UUt zOrGUhrqb&Nb+3ufzFSaUa**`DLYlHJwzm1sfuRF_53x`dwSs0{=k@1fe^MPkW?%Yc zTNjZ}VdW#pblr=5;&V}#Pj1zbB(&%0bTq3uvfS^?q=5GX(4p5nxmG&VRG!*s@$?Re zPjw=vmOqz#%`0j`u2j^-qVA@U(@jfm2N}jeYAT-MwiOOW4}rXK7NkmhGYzQ6s|kGqe`8M1_j&#a!``k7A<}U0gN%EvE;01IJ*Fs>#ILFedD>1(8tLOJ z=$}^otuO?$l3h~=@%Ab7KY4*C)=o%aC zr14_(#-tY$N8BX+%~qP`#NU#)-$U?ren07*BALeybI5kDXRp(mbi7rH#MpXv9ll4N z34Q+lO?cgBKeRNv@^h&7ckjaP@!i#Zmz}i6*R44rDY|==*jpO+Gzd-lFZ8%??_TMp zOLGqz+DpGWz}K3lIQv0k)Ay6{#L_y3HkswO*q!C-4)Xw$t6kTN=IaLj z*)aY4zWHkR{^t5&W!uB`+ZBQ{h$Ydn`v~DqlCGz6bUl}%>nCMsKr)f0>!mDpIF3ot z9!IxC$E0aknXTDcsyAKtbQw~LK$#*$NasTa+yJ_V${7ZZDV zD8`(3wVe4956x=PsM<|ulG))p6Pi0AR{b@oZsZ`)R0MiM7g-OsX&)BgrCm>)y#Ekr zp{_e@PY)gFn12r;?ymB6tpv3gu_h-|23Bm-6rj5TIcZpK_90Is*GsI_-XmKZ(*2v( zHhnSmRmGV@EEMP2mG~9Y9C&_v3}C3+sVy7ovuvyiL#U`K%vUbE^Od`lQ-Ks@949uI zHzSPJITUn7LRVBX!iZjbV>(>r>x?g<>SakTjj$%&?8gmPaXaHn9sM{n)^=wX|42vY z#oWW1@*I4vraXr@tTZ3gSy`*)@}WYzTDG0Rcj~^ljo4Rf_2uODq#18dPAcqtEU|Mt zsoaj2Klk-qG1hbGY26A6x|E3M1gXafmQaw770t=g2v|cw1>erij(%2jj+VN*-6jgd zrA@(?l0`QWx56Hn#lG1s8XaIelB0BpPCQyy_hj0+Oh>Ylm0h~KZzw#Sh|Q4tQIXsE zQ#&#n-15tl>`FEWx~bmlCvXZSuW^N-)wJU?`3*;9j&L2_^s#eHf0yN?>ZC)$;^ zhf|N=s07`g^&gg?C-)2aiT4XRRar|2Ig@GrS17yb7hrrH2D}UZxO&72U4>oO^8-TD z*F!Qk4w@Btf4PGo{Q_~?UH`vw7VfVfetK6PuG9J5hjL$U?tW>z)(z@-AS}c1Cy}2j zk*DA48zo@L$*IzNQn~HBUrlHfyLlx`4JS$ba@sfu=jKOCGc)xskJb7%~{CH9>?bhB6EM)S@``&wNH(j)|{ijift8y_8 zdcukxZb9cU4^}pHB6+NH+41+qfu)+S#~}RUGPg^6{G`NkD==%Bb_Hs?p%p zr48?{Z?CS8FYmm6L1837VEKCYaAYAnG*7H_Pv@``w!U53IX1_kZqi>hd1V$V%lYh9 z-g>ue#|KmQwX_STBN|K$pY3=DGx1_QzTRZ&PuSE!!}|TGk2mT5 z@!jlta-Zt~*8;=G?_XGTU~J-?_Su4*~q*?*M!p3Vz58mjLuddlhrq z)Yw$BN7lZw92U5Z(01K@^QHf8@K@=+Jnrru;AHMn=Qrq#md}x@v!$WPF*4#T*& z^g43QKWa7&amO0H4lB*4%hiN?HofU4{P5={e6dX!o+i7{{+aGU|DnvFVZ2pryQlHq z#9ndCUcLBe;#MIJ-=_p-S1MMrh-L_em;K521jEw_ML&Kxn^}xL%q?bl1Pxvtbt?KJ z0nI$35g!-P@Nv{E0XWL*N5wk)Ft0d@_K7HnKNkk^{5P#B9u6;#yFqtQZuZ5+{ zK@>N2e-c6KW!KiU@}==JHnw^wZkeuh+0AQ9GJO>J_(u$g(7dXt*nSl!y;E9~ecNiW zKc-c~J*llx0~_r&`bh(p@`L^Z0cs4a3Gr6>5n`+D@GZdbB*)ITqvk!s&Y*gnK!y>k zpcjKR;iCoV$IPwC9RHK%ltJ_ zqc(PHZ9`7xGh(a3b$i!aYuba_THPMx{GtZj+&-}GLB#MdzpP==&bGFF)L`bHA!v!- zwPSzk7{+M7we3R)?Vja9V@7Scu!G$UwC=mC9YTlCHt(~uV1#o{)@Xb-rCQ08PT5p0 zO<_`&bGtDcy-^#v5gWc?XCk7%hN%is zl@W$1ZmKy~YNO;AA?>ZwA$b>_Qi&xaGuJg+;canIMs=>-M%j%r8>K%#b*8bsTnXrn z4qVA-Jxi{Z0HHRVvqoKiK?c0!1p&7xCYa2!v^9z>qKV38U5#!G_%F+YfXN6v2jf)G z3RX(!Xq5LUi=3)+=UQ&G*l51d?29uKC0Cpm(m5=IuUW|ulJG{0Qge}HQjFXfu`zsO z*hc$}hHhX|p>QdFtDy5vnpVA)Ki6UO*%PZaR+2q=2@IzMLA2Oy&zUL-o{v{9q(CsH9OwSr8lqzL z*OSi>WQaSjOa&suh9Xx#JthUJ%35WyPxJNydW6%u1PsD9(A6 z9YeBt?&QXam&G$YWrYq2omF5yuoz?#4mpm+PfGBtH%`4cwh?lqAfwh!WmzE5+~yoy z_S|cWcmPMLNe}h;jvf-Ch%U8 zR4KZYSk!?G1B@?z7{oA&(J;30e&gN7TVmFmjn~AiS3R>{ZoJrdzVU41{AWyu5TDc# zy+P>dDl$#Q9EWL0UfLXU$EwWQQg16ml6{U83~)feULg0`Atkpy8!sU$)e0C0Sd7Y$y8GzUIg&>r z^I|6u5lk|q{aJA6Wc3yT6zD3At3Em;o`@)TgXS-D0`T3^I|S}n?-YE_$%SBrDS>ex z+~B-9jd{uQh)DRg^2U3l;6-rfs!};4d~#F`)O(-);-><6g4JZgYF^<#3-nnl!zdH2 zRH>V}`WHVNQEPyQasuu&)~dWOj7#lBN(Hhf4kLgUKOqZOP`H#8LKdsay2b&}TtKUp4c{Oj5Ma#8{=T z)`e^lU&nCHF&B=RAQz-rw#QGRXc6eB>V;BCx@2^+5g9yW5&5#i22jzIlgGw7em0`1 zcw?lM!Md0u(p>~J65h8&$8su`Dy9&Y&rjIvV2cYSX>3`=^dODZ=cJ6_S+Yt+050i= zG17cq;?5fGiwQ|e2Mll@*k}=RrP5fgtRrr|90So-=pqkrQ3x6m{W&fZL@tT(P)am? zx%7+j0Qat`B5$-t@+~rc7RFmxWe{{Tl5kIyzBC^W^A|B1&r1;@Xr7hfp)!t0&}LT7 zxx#Qn^1lHu(n$o$LSqY(SICdFfWoH)edGv|DtN&FQpDeeA0SJJETdu+TWYP9q=PXN zt+!kSglCG(qxvm*Vmucs5`@PmLv>Jec-Srpr*E^d=h!${ZJ^OWqk)Dvf^N9_={GT zoU?>6REU{6Hr-2L6&9Hxw}Gq6UR!41{VFz^L;51C9;&H3MqUWN;1PLv3<(LNhrR?R z91p@lDy%G=opZBi=7sPqnXg6K!WdJ~;;M`D@crB=Rr}cES zfCvd8ndiwUoqd+z8v~4ZiM&UccvB^U4d)B5suWwY2qg&k!^((vL!~cn=%@C@udl^$ zEmhWn>_gK1imXJCwQ6ORiWZJCQOIlTi(*-7m*BsR2n?ZQr6RA6(W?w}u4qFnlSI5Q zwoNKIB^hPZDI)&YNhyca9I2pok>`6($KR?I6( z7|s$g8KAT3o0*Wvl)VIDkTE77g+)*OdsI`n}ATr9`zL`cD8<6L?8JCk<_7#S}%Qz*dHE z`u8;F>NR2$SCJZMWI#ngqEkvtRF-rowkvfw^Lv|jv0kWLd{ojzS(8^WRcoVkHqgDY zR?W6w+iz5;phH9)jSNyC$434U0)iLsn6CbpIOlGfjhRkACT9vAhelt}ZFRESD zCVo6G2r??BO%C27 zuA-ut-3Sa5bSa!m{ODMLGC3p&mFP1u207}yzj3A&19gVhN3 zxJePVE+^&A1syoji6b33igs8j=-iPG9_i!}CU88n{9@ZzrKkojoGJ;th~lfa5qnl+ zjr1{1cXwDw{#Du3!YP%N;6*zTU~OoJA@`Y*J(<}40`b@86nzl?NLgss$z_dj&;{f% zLJF$vHLaB5g>aiBf(>R87>-Vf6ueR}-%t|gimam3UbyU+!!r1Tw>405rxF-vT2-Hz zWe62?GP%=osa_b{xnwC}5Q~-7hh%E|#35(pwJ2~T6dg$Y)!5^?%E+?M&T6O^b3yQ0 zEdn_@eGiOIe}tlCBzYhaw!=+}?v90!=C|Xv!qY*iLZpktFsVu+3JNi3L~e9pyWN6l zfyc{XnLDT2i6j;o5pOivTS$Rd!aHkx3)R|>zaXxqg+YK9twF)cl10djf2RW#B8E~7=F24iPxik4|>bcNd%zMFx4;j{2bC7%L)e5>ea%X-U1 ztQD?ZK%yqm?Tep^Lj_7 z5^efS%SjjE7+Nh#DE|#jDVm_AM3Ruar2<=}do?m@#^`(9q*|#-X!eawD;rlzNlADf zkPOjH^EBZUl}H~VS&YHtuCAu11E!-S`tMK1O|gC zveO`Vl&%!u|6Hy9D9xv=0{vrj zh1MnJ6+At&n1e2|t1@`;=ZcN;h2%c6YU!Sdz(Se!_lxKYlvFB%L2m^NupxZ=n>&9l Q-emFqKkI?8l$)IZ08SY?b^rhX literal 7505 zcmV-X9j@XZiwFP!00000|LuHRZyY(Y=DU7H0sElcV>A#K1}}?t1IA#4G;nqX*gZ(> zo4{*N&5K@cY{j{(kRo zA1+mk@9O8Jw0JcZ<^d~m8-FE z;a~dwZOZ?=zPbB#A1|RrYEiZJwg0(AwU{INaCd)y_m7+|-~4BbvE)c?O%>2i{uZtcX5N`xEQVLmWo^Zsqmus<$pOta*^M>efY2I&dF^!18z}i?`iKr_%Tr=XEsa$}OshPxY&ndh)A$#;?-je$~Hd(Vdw2sZ+V| z`@{9&eK_QYOYn#OfH?Skliw_wTIiZuXz^+l4RK5BXy~Q?H9z>2^V{n;cPZaoa?7on zSKvZytj$&P>V!8B`d2G2%`K1L%W)RL7{U|@@e~SijfIXhw$%d(w)$!+EdwqyhHPdG z*~~Jgvt!U_$Dq$%jK{B>3!G%yrJJFoYY_&~s71Is7Ec1sA>!064k2ePT|B%y9?nx~ zT%3oy>-$`;5Bc4&Db!*`Xf(rlXn4|R+#8F@OiP1i5Ly~k(-r4bx}_l?cP$N?s-;HH6CSO9^(h#YemWEKhmgcObrNRDeON0H@(lVYWGe-Pm zuBOsOU-BPv?2B~Vz3*@L@7`CjX4?Y>%GtI*ZSB3ls&=t;`!NoOeE+b&yX{Ao>9DUu zqcczoJNgQ9Xx3s zW5>S7N8}rcTe55Us)HiCocY*c@K0oWr*LToDfr?~KHj}~dy^k>IytnfK;1F`-I1BKc8=e#2x{kxUJ^j<#U|zg9U7=|Dvd#J37mY&v(3a0@t=1_dnjhy~&+R{Pk~lhllH`+rhbY_{KxN z$6*`xU)OgxX(n;Uirh@Pm;RbRM=r)k9s1D(=C|cZ_~l-Cav;{-N0w{cSC#!OjUnR3 zU2_zK#<|t5Z{HvOcE+9eO&|Qt`+PPI{|s#>GlbGW~Un6pqh|ku8kjAy_RgH z>X)v5bhGTBjj^<8Z>RlU4>xHA1ID3dl&>D&3!9pLd7Rd4f3=JiF=4mVfwYQSrC!x0 zyKJIX$;N)~8m2x+r`CN+2YM;&J}O;T=#jKKo0rvjADz~#?GSJ#))`0n6zP^e_s@TR z^>{4NvTl_=Rc8ms=tb<(@(7!&imq;*1+Bt~wpBD>S5xWO_~%!vgQjKf6gYIjKfgM@ zUof||lC4F9!4k9R`Ibi*|gA!1bG8MflfZ)an!Ti8}O&dst}+G^wphnuD|0 zH4mj@9i5C}25hQ6L=7b7YFsC($nsPgYo$duJsrETR#$jyDxJVXIKe|W!9zI40f&eC zi`Bbn9|A?VxXHKY!IdSveR#MZZFa;*hHd?D{eS)KulW)#-~4BUdFv8ZIZyZD5+8w7 zw)-s+mK92J0$z+4imjt{!i`S5oWC`UU6wIg)%7V4TJl(Rh;RnFd6I;@oc$7%!C4p% zzMuIcN|+IBPq`;pPx;d(INcGp2k+p--xh@5=6^ms1$X>*7!aMqfadtlc>j2!7H8XW zQ-d#GetPeI9fuoeFWIRE*Z1?M-?7h2yK#jc-}ojJWBBYRfR)t>4C+pf-TrnL?%v;~ z!v>RK`uXPJFxcz}{Lrk-TX&Gb>}&IuRUDhC-Z)OK^OqlT+_py3or$ABC-RfUL zGWcY3_Eu6GPX{^+0t}q`tUz<-7Dn;}`KH@C9&hkZ==OTs2wQe7o0c~bhq3MTxs6h< z=bPK49-u>_N*(&V2HoRZza?F1Htx-}q006-cnR7tE-v9D4LWG(w_hKBY>gJH&`Eq~v#vk6lxxVjj9bM&%t~#QBxVwz-x^{e= zq|W-MT0GYGpY@}^zn)ZdAA@=h`CV5v=Q(tms(zXEuOe-8=w@^5T|aC1ITOC-_O!I` zSRYkUYnN0tttetkb>Nm-?8j_r7_sec<(1WVJHNU(QB%$IX=Ug)nnIuFQyZpypNqX; zt9P7;f3e-PUsdlr@-N2e-;dSThqpKThmCdj`_~%-E-2Q6PR(Zq?oDYwH>Ca2jP{Qj z(a29j*t5Z8h>`|JfipOfTs#IMLbG6wqRjEbnjaUsSPJPeOpewxdvSz8C zEYmSCIOKO-+TrZ`uf8g3-*bDs>o|`7ckjdDI_*oTRI46ab}|=W!#T|f`pm{z#d@(% zWvX_)=346qW?NnQf8*Aoucp4aah4RTjq_1W{Dx_cGQU1YFd}lQg%Np$3Gl_XVgoI1 zWU=E`rsUirsd~q`7sk#FQ_D*-|DxrHt?JycYI$&{W1?Q~ek-rRnt1JorS8t5-4J5aE`i!pym(2zg%>X=PEq6&3>7+@7Dx1T6Ovuf_ZxndYd9dWay841 z)KhNc3_ZsQK1VY{WvATEBUVcjR$EKkevoR)VN28!KfxDLJ!PpoW@``sOG_2Z?GM`N zq^16-txf%E*Ad2)Ov1Hk)jY$N%!y+hs_m-Mw$wXenyiC*^XQuTlI~tz`XPH;ImEmB zj)kl5T??je+REMQQuiP>eRm$R<=&AzmC3Ll7v!DHydr9Of&F8BntSo0zSPwlpuAo* z@m3{v#KR9>sJ{&KrDGkQjG+gMV?B}R$@aL0$W!Tv^0U2~N@K05G4@pI9HDqwN>2@8`Zg~ zj*!QY|8c2Tdl+$%EVtdv9riyzbJmXH>5N97gNv2#X=X>yz;EzjxRK$$dZ?hIu*9NY~H97V?-8IMOSUu(DU+eL;z5BuJwI1iuC31Cp zZD7~^jB!*}M=NIgRL1qO+|ggh`~3cJ_i+98{x0^XLVYjAB~x|Y7<&T#j4ji1nAWO( zPEzA1&8B1Ai&j5J9phYGouMwKH&_2(|E2z~p#HHm(|`BRT>HZhQ6?|8U*#?ww~9IW z8O!)R>%7QW*bdLP9^lk#E!Zc;2)GfD+s6Y1{Ai?r z=LcKI3i$Xrvi0+y6X_rCzZJo)d)3flcr_DQx3#8=Kg?2%t>xfex1&=GKaSjQ#8( zPfq@;mR7+`o3rNmc+)W2O~o#0dfu?Mf>uG?kbleUTID8+R?L{0K9+cDe7zj>#Zd#a z+7dGzXw|)IuJ++ayUkRm)qG=jihJ2=d-?{drwrlo4OGFqBW3sCsZDEK*Il>9bOmWm zmvF9CYjjuO<%7PcSqwLj&{$YL>Kkqiwx)Ze)yqV5;nr+r(R2-CA91be^5w;TR0c7v z>GJ1A4>J%Mnv5HdwcqQ61&0X>3={57lB3aJYbNJ*aRDlppwVS#oC61}iz!}EG-l(- z?@Xf`X;i}vHQ2y~H4-954=z|Dq0nzD0|yaaG8l`EoZ$TegeG7ag5q#@N1H$)9#L(rgW&^Blq z)D235szGj$8pH5=z(qxip+pVAC}%QShuKTmv1*tbriQU$_^h!+X*Mb+0YHz@ zu?^nWYz-H@QV2WN4a*lB&gNjH*oYx0(k^5~0b?*I3B{t>v1`~gY`ed|(4c78k<}g{ z1Gr?#pw%GW>wunv>=ZQ$8wFo@T$YTOv>_B$7?jS&CarWz-g%v2r&Oc(s|*d|HK8>S zM0=Hs7h!VIB#J;O$xhiunMUbG$(J9!I1i$$!V5%?#S__NoDRlIG|_gW%U2Y@U=cC^ zsW3``5K7S~SxE>$5@IKS`?@j!C=lblbJn;VFhnCPoRLX+DzFo7gc`v{;HwM6DV2=L z=_I*cf^|q%X^xVjCU2#>6wQsMMq{I)5!Z-q#5AHCkw(1+?XpH&JaysLZHk=F_tbbD?2th%# zMF35z-rKmw*k>UvxahM4BJWFqM6AF>D9)Qqj#%$3HWr?dz$~bRT|ktW`ZHRSM#@1l zIE_2YjiqNMa|Bz0E?uZjCM%94z&1J^qfKRJrLpSyi5&=H(LOULWjz|sq?Hx+9Gtab zXH8@EbCg`PB-Ua>`9ybB~`ZM_^?`^_DLX8|E%4mG%gqJ)EoDA5BZ^3^dQ z)IZ!HP=iprLE~KGY~xH7*6GGc71pUiSjUZ{#$n^2vF^*={m6@Ci9RKXB`fR1)Ncff z3RCHYmFFXHR2oXj5jAiSio_{~7!w;EI0dLzebCQKW+T=`OC_05gluv}33iI>R5v8tzpH4Tz$kZglg%eq0521zwYl@~Qg*kB#3 zj)u0Wv#wBb^%rtcTyhp7s$8^>BT@2DSX>27v7Xq>UvAJS*-DAlCCvf7s1g}X&dH>pElNd9k>$$|ER;(KR(b8c zA@Gs90Gmv)MY+&{0Lb-^X^{1o9b9{KsUFTQaxTF|>s?66g3mgbSo*>B*AqY}3R}@3 zNzPGAi1or5(FUU-xiG+`UsVPbnW%`3iL4Kf9EpIUVq?@=oa~TY9qDV!!QK_)91?Kw zk#ey_g}k#l3uCZ5RM?<`Zy}4VXq5LEp^M-^S<2+H4T6SL;TgD+->!VL;FDA=GtgH)i~MX;A5}WJs8id=e836Bqz48I%JrNktR;yP22c&p}j{98?BxIR*Z35vMCRlJBPk1l$|G1W4vZCJB)F8U-=SU#^i1T|2H1ch<&%-Db;6Q$ z5y%CQoTD9TZcx*+l--lFiHv1Mrm!nfX%9w(9Rw(0hgvH1h4rOr1irqPusI-EE!l!0 z;|oG8&eUWH2*oL?I2daEY{U(mQG!)uU5Q#UScr*=mf}&Ou300UB|IaMqb(*T38;0* zSR_eguZW{2ZIW}7$j?vo;E}{2JFqUK3^8O>S_NCv<^!7@8fZ|v2DN>*lSp2hBsPmL zF0&@*B8c;;h|1cr+o7Qb4L>5k zvXPv#QF5_Xe2(PVXJL2I$>~GCGpuB^v)LVbWmb@NWrS#%Y1WoQHpf{R!d~3Y%tNfOg&^_ z<@YpaF&3PYn$_Y_Sww4+7{e$gbIjZ!()xREI#Lo)RA40zqi6#LRTe4^sHD;fX)oB2 zK}Xt&3oI6`B#p(`V!32*yZGHyl+#|_qL z4Bb#GCCX^UQUkwYlQX46G&X}PkangaSDyp8A*}ymLkJClYY1#ZU>XA55J*Fy8Uk(z zs3EBD2lWBLHRx=Et`4sobaG*Bs7X*N#gby7Q~;c4upx29f3f20gt{S=hH66j7aSX- zMx|6T*;@xhx`?$YC7sDwAgVAsq4{d#2LQ!UJXn);1`Ohbqrn^$1nM&vRUO`bmEld! z+9ydO#RY2^jn)Y0jPgDeGIjWhTz)+XFtAlYiTIc}B86lyVZHndDT}^JKSYHmir$aivJAN%89T4jbgiyS# zz6(>#PJ<#P*=8E@f2qE2en&BDzP%=wKuL_%2m6{m9g|8CR8a1i1pK`vEnahhm>_Ev zN@kO-5mGKEblnxR?#h~l_AI0o6Kr(B2<8MDEae*GSkTO%*kkcH5 zMM+l9a`d(+=zcCnoh?-Jt+MJdTcXdCAeL`vwvecvb)pq;eMbxul?^V`-|%fw2qn zo~7hE#0Xk>TYOD$_b7!*0jCpM3ko_vtZJH0odG{L>7ht=Ir$KDu0OBT6hNr}4mr5! zdg=KY&%o7uY?mMyE)t~P4bV8nm~{@?#C`_)na@IH#n}jG<0xvKf@4s@mg2~Hugo#J zefCpvl&XVtCUeG|NFzlNT$P} zs57!3WlC6I7uiejUV}&QCMP1LZ49Oun>(0^l>5P^Ma4%~f0`{;v~`LDlYsb|j0(w_ z9SJrhF#L-3$D1HK;37UsVeul)QVC8c;B0kB*k=z>jq1cTB(@QdwO#0$ zPESW`t>>6heS!7lt)i%l2^?ZDhIgc;A*~wHb(++W#-^L)k2qV-f{v@RM9F|I0#J@M zXh)?I`W5KQqsqIrtny78k5HDX7FjM+<<6#rAlGp@s}LRIgM&`ivDT zc2FV&Aj}z<9f=_;$|uLM;=*M3_c7P3ya^^~tFvb1bN!zbd=~4dNYT!8`9Wmr3fCm| zI&UB4tTXSe_RdaB)LG)&P%|I%39?!x>y{$ zf|C2IytRL9Ejgj2BNeNVqqB;&4d5Wv-x?{eO^*&(_b*M=?0r(M?lX%eXR=Z-0~KP= b0I3HYT>S$b;_xq}$;E#Icp0B`$D05E4$;bg diff --git a/creusot/tests/should_succeed/index_range.coma b/creusot/tests/should_succeed/index_range.coma index ea518fc474..e84a9d1df1 100644 --- a/creusot/tests/should_succeed/index_range.coma +++ b/creusot/tests/should_succeed/index_range.coma @@ -49,7 +49,7 @@ module M_index_range__create_arr [#"index_range.rs" 14 0 14 27] function view'0 (self : t_Vec'0) : Seq.seq Int32.t - axiom view'0_spec : forall self : t_Vec'0 . [%#svec9] Seq.length (view'0 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) + axiom view'0_spec : forall self : t_Vec'0 . [%#svec9] Seq.length (view'0 self) <= UInt64.t'int (v_MAX'0 : UInt64.t) let rec new'0 (_1:()) (return' (ret:t_Vec'0))= any [ return' (result:t_Vec'0)-> {inv'0 result} {[%#svec7] Seq.length (view'0 result) = 0} (! return' {result}) ] @@ -274,7 +274,7 @@ module M_index_range__test_range [#"index_range.rs" 27 0 27 19] function view'0 (self : t_Vec'0) : Seq.seq Int32.t - axiom view'0_spec : forall self : t_Vec'0 . [%#svec86] Seq.length (view'0 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) + axiom view'0_spec : forall self : t_Vec'0 . [%#svec86] Seq.length (view'0 self) <= UInt64.t'int (v_MAX'0 : UInt64.t) use seq.Seq @@ -309,8 +309,8 @@ module M_index_range__test_range [#"index_range.rs" 27 0 27 19] [%#smodel88] view'0 self predicate in_bounds'0 (self : t_Range'0) (seq : Seq.seq Int32.t) = - [%#sslice89] UInt64.to_uint self.t_Range__start'0 <= UInt64.to_uint self.t_Range__end'0 - /\ UInt64.to_uint self.t_Range__end'0 <= Seq.length seq + [%#sslice89] UInt64.t'int self.t_Range__start'0 <= UInt64.t'int self.t_Range__end'0 + /\ UInt64.t'int self.t_Range__end'0 <= Seq.length seq use prelude.prelude.Slice64 @@ -325,11 +325,11 @@ module M_index_range__test_range [#"index_range.rs" 27 0 27 19] function view'4 (self : slice Int32.t) : Seq.seq Int32.t axiom view'4_spec : forall self : slice Int32.t . ([%#sslice96] Seq.length (view'4 self) - <= UInt64.to_uint (v_MAX'0 : UInt64.t)) + <= UInt64.t'int (v_MAX'0 : UInt64.t)) && ([%#sslice97] view'4 self = Slice64.id self) predicate has_value'0 (self : t_Range'0) (seq : Seq.seq Int32.t) (out : slice Int32.t) = - [%#sslice90] Seq.([..]) seq (UInt64.to_uint self.t_Range__start'0) (UInt64.to_uint self.t_Range__end'0) = view'4 out + [%#sslice90] Seq.([..]) seq (UInt64.t'int self.t_Range__start'0) (UInt64.t'int self.t_Range__end'0) = view'4 out let rec index'0 (self:t_Vec'0) (index:t_Range'0) (return' (ret:slice Int32.t))= {[@expl:index 'self' type invariant] inv'0 self} {[@expl:index 'index' type invariant] inv'1 index} @@ -345,7 +345,7 @@ module M_index_range__test_range [#"index_range.rs" 27 0 27 19] let rec len'0 (self:slice Int32.t) (return' (ret:UInt64.t))= {[@expl:len 'self' type invariant] inv'2 self} any - [ return' (result:UInt64.t)-> {[%#sslice75] Seq.length (view'2 self) = UInt64.to_uint result} (! return' {result}) ] + [ return' (result:UInt64.t)-> {[%#sslice75] Seq.length (view'2 self) = UInt64.t'int result} (! return' {result}) ] let rec deref'0 (self:t_Vec'0) (return' (ret:slice Int32.t))= {[@expl:deref 'self' type invariant] inv'0 self} @@ -391,7 +391,7 @@ module M_index_range__test_range [#"index_range.rs" 27 0 27 19] predicate resolve_elswhere'0 (self : t_Range'0) (old' : Seq.seq Int32.t) (fin : Seq.seq Int32.t) = [%#sslice92] forall i : int . 0 <= i - /\ (i < UInt64.to_uint self.t_Range__start'0 \/ UInt64.to_uint self.t_Range__end'0 <= i) /\ i < Seq.length old' + /\ (i < UInt64.t'int self.t_Range__start'0 \/ UInt64.t'int self.t_Range__end'0 <= i) /\ i < Seq.length old' -> Seq.get old' i = Seq.get fin i let rec index_mut'0 (self:borrowed (t_Vec'0)) (index:t_Range'0) (return' (ret:borrowed (slice Int32.t)))= {[@expl:index_mut 'self' type invariant] inv'5 self} @@ -414,7 +414,7 @@ module M_index_range__test_range [#"index_range.rs" 27 0 27 19] let rec len'1 (self:t_Vec'0) (return' (ret:UInt64.t))= {[@expl:len 'self' type invariant] inv'0 self} any - [ return' (result:UInt64.t)-> {[%#svec85] UInt64.to_uint result = Seq.length (view'1 self)} (! return' {result}) ] + [ return' (result:UInt64.t)-> {[%#svec85] UInt64.t'int result = Seq.length (view'1 self)} (! return' {result}) ] predicate inv'7 (_1 : UInt64.t) @@ -422,14 +422,14 @@ module M_index_range__test_range [#"index_range.rs" 27 0 27 19] axiom inv_axiom'7 [@rewrite] : forall x : UInt64.t [inv'7 x] . inv'7 x = true predicate in_bounds'1 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq Int32.t) = - [%#sslice94] UInt64.to_uint self < Seq.length seq + [%#sslice94] UInt64.t'int self < Seq.length seq predicate inv'8 (_1 : Int32.t) axiom inv_axiom'8 [@rewrite] : forall x : Int32.t [inv'8 x] . inv'8 x = true predicate has_value'1 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq Int32.t) (out : Int32.t) = - [%#sslice95] Seq.get seq (UInt64.to_uint self) = out + [%#sslice95] Seq.get seq (UInt64.t'int self) = out let rec index'1 (self:t_Vec'0) (index:UInt64.t) (return' (ret:Int32.t))= {[@expl:index 'self' type invariant] inv'0 self} {[@expl:index 'index' type invariant] inv'7 index} @@ -462,7 +462,7 @@ module M_index_range__test_range [#"index_range.rs" 27 0 27 19] | bb4 = s0 [ s0 = [ &_12 <- [%#sindex_range4] (0 : UInt64.t) ] s1 - | s1 = [ &_13 <- Slice.length s ] s2 + | s1 = [ &_13 <- Slice64.length s ] s2 | s2 = UInt64.lt {_12} {_13} (fun (_ret':bool) -> [ &_14 <- _ret' ] s3) | s3 = {[@expl:index in bounds] [%#sindex_range5] _14} s4 | s4 = bb5 ] @@ -475,7 +475,7 @@ module M_index_range__test_range [#"index_range.rs" 27 0 27 19] | bb6 = s0 [ s0 = [ &_17 <- [%#sindex_range7] (1 : UInt64.t) ] s1 - | s1 = [ &_18 <- Slice.length s ] s2 + | s1 = [ &_18 <- Slice64.length s ] s2 | s2 = UInt64.lt {_17} {_18} (fun (_ret':bool) -> [ &_19 <- _ret' ] s3) | s3 = {[@expl:index in bounds] [%#sindex_range8] _19} s4 | s4 = bb7 ] @@ -504,7 +504,7 @@ module M_index_range__test_range [#"index_range.rs" 27 0 27 19] | bb15 = s0 [ s0 = [ &_31 <- [%#sindex_range13] (0 : UInt64.t) ] s1 - | s1 = [ &_32 <- Slice.length s1 ] s2 + | s1 = [ &_32 <- Slice64.length s1 ] s2 | s2 = UInt64.lt {_31} {_32} (fun (_ret':bool) -> [ &_33 <- _ret' ] s3) | s3 = {[@expl:index in bounds] [%#sindex_range14] _33} s4 | s4 = bb16 ] @@ -517,7 +517,7 @@ module M_index_range__test_range [#"index_range.rs" 27 0 27 19] | bb17 = s0 [ s0 = [ &_36 <- [%#sindex_range16] (1 : UInt64.t) ] s1 - | s1 = [ &_37 <- Slice.length s1 ] s2 + | s1 = [ &_37 <- Slice64.length s1 ] s2 | s2 = UInt64.lt {_36} {_37} (fun (_ret':bool) -> [ &_38 <- _ret' ] s3) | s3 = {[@expl:index in bounds] [%#sindex_range17] _38} s4 | s4 = bb18 ] @@ -627,7 +627,7 @@ module M_index_range__test_range [#"index_range.rs" 27 0 27 19] | bb54 = s0 [ s0 = [ &_101 <- [%#sindex_range36] (0 : UInt64.t) ] s1 - | s1 = [ &_102 <- Slice.length s2.current ] s2 + | s1 = [ &_102 <- Slice64.length s2.current ] s2 | s2 = UInt64.lt {_101} {_102} (fun (_ret':bool) -> [ &_103 <- _ret' ] s3) | s3 = {[@expl:index in bounds] [%#sindex_range37] _103} s4 | s4 = bb56 ] @@ -636,7 +636,7 @@ module M_index_range__test_range [#"index_range.rs" 27 0 27 19] [ s0 = Slice64.set {s2.current} {_101} {[%#sindex_range38] (-1 : Int32.t)} (fun (r'0:slice Int32.t) -> [ &s2 <- { s2 with current = r'0 } ] s1) | s1 = [ &_104 <- [%#sindex_range39] (1 : UInt64.t) ] s2 - | s2 = [ &_105 <- Slice.length s2.current ] s3 + | s2 = [ &_105 <- Slice64.length s2.current ] s3 | s3 = UInt64.lt {_104} {_105} (fun (_ret':bool) -> [ &_106 <- _ret' ] s4) | s4 = {[@expl:index in bounds] [%#sindex_range40] _106} s5 | s5 = bb57 ] @@ -645,7 +645,7 @@ module M_index_range__test_range [#"index_range.rs" 27 0 27 19] [ s0 = Slice64.set {s2.current} {_104} {[%#sindex_range41] (-1 : Int32.t)} (fun (r'0:slice Int32.t) -> [ &s2 <- { s2 with current = r'0 } ] s1) | s1 = [ &_110 <- [%#sindex_range42] (2 : UInt64.t) ] s2 - | s2 = [ &_111 <- Slice.length s2.current ] s3 + | s2 = [ &_111 <- Slice64.length s2.current ] s3 | s3 = UInt64.lt {_110} {_111} (fun (_ret':bool) -> [ &_112 <- _ret' ] s4) | s4 = {[@expl:index in bounds] [%#sindex_range43] _112} s5 | s5 = bb58 ] @@ -916,7 +916,7 @@ module M_index_range__test_range_to [#"index_range.rs" 78 0 78 22] function view'0 (self : t_Vec'0) : Seq.seq Int32.t - axiom view'0_spec : forall self : t_Vec'0 . [%#svec59] Seq.length (view'0 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) + axiom view'0_spec : forall self : t_Vec'0 . [%#svec59] Seq.length (view'0 self) <= UInt64.t'int (v_MAX'0 : UInt64.t) use seq.Seq @@ -951,7 +951,7 @@ module M_index_range__test_range_to [#"index_range.rs" 78 0 78 22] [%#smodel61] view'0 self predicate in_bounds'0 (self : t_RangeTo'0) (seq : Seq.seq Int32.t) = - [%#sslice62] UInt64.to_uint self.t_RangeTo__end'0 <= Seq.length seq + [%#sslice62] UInt64.t'int self.t_RangeTo__end'0 <= Seq.length seq use prelude.prelude.Slice64 @@ -966,11 +966,11 @@ module M_index_range__test_range_to [#"index_range.rs" 78 0 78 22] function view'4 (self : slice Int32.t) : Seq.seq Int32.t axiom view'4_spec : forall self : slice Int32.t . ([%#sslice69] Seq.length (view'4 self) - <= UInt64.to_uint (v_MAX'0 : UInt64.t)) + <= UInt64.t'int (v_MAX'0 : UInt64.t)) && ([%#sslice70] view'4 self = Slice64.id self) predicate has_value'0 (self : t_RangeTo'0) (seq : Seq.seq Int32.t) (out : slice Int32.t) = - [%#sslice63] Seq.([..]) seq 0 (UInt64.to_uint self.t_RangeTo__end'0) = view'4 out + [%#sslice63] Seq.([..]) seq 0 (UInt64.t'int self.t_RangeTo__end'0) = view'4 out let rec index'0 (self:t_Vec'0) (index:t_RangeTo'0) (return' (ret:slice Int32.t))= {[@expl:index 'self' type invariant] inv'0 self} {[@expl:index 'index' type invariant] inv'1 index} @@ -986,7 +986,7 @@ module M_index_range__test_range_to [#"index_range.rs" 78 0 78 22] let rec len'0 (self:slice Int32.t) (return' (ret:UInt64.t))= {[@expl:len 'self' type invariant] inv'2 self} any - [ return' (result:UInt64.t)-> {[%#sslice48] Seq.length (view'2 self) = UInt64.to_uint result} (! return' {result}) ] + [ return' (result:UInt64.t)-> {[%#sslice48] Seq.length (view'2 self) = UInt64.t'int result} (! return' {result}) ] let rec deref'0 (self:t_Vec'0) (return' (ret:slice Int32.t))= {[@expl:deref 'self' type invariant] inv'0 self} @@ -1031,7 +1031,7 @@ module M_index_range__test_range_to [#"index_range.rs" 78 0 78 22] axiom inv_axiom'6 [@rewrite] : forall x : borrowed (slice Int32.t) [inv'6 x] . inv'6 x = true predicate resolve_elswhere'0 (self : t_RangeTo'0) (old' : Seq.seq Int32.t) (fin : Seq.seq Int32.t) = - [%#sslice65] forall i : int . UInt64.to_uint self.t_RangeTo__end'0 <= i /\ i < Seq.length old' + [%#sslice65] forall i : int . UInt64.t'int self.t_RangeTo__end'0 <= i /\ i < Seq.length old' -> Seq.get old' i = Seq.get fin i let rec index_mut'0 (self:borrowed (t_Vec'0)) (index:t_RangeTo'0) (return' (ret:borrowed (slice Int32.t)))= {[@expl:index_mut 'self' type invariant] inv'5 self} @@ -1054,7 +1054,7 @@ module M_index_range__test_range_to [#"index_range.rs" 78 0 78 22] let rec len'1 (self:t_Vec'0) (return' (ret:UInt64.t))= {[@expl:len 'self' type invariant] inv'0 self} any - [ return' (result:UInt64.t)-> {[%#svec58] UInt64.to_uint result = Seq.length (view'1 self)} (! return' {result}) ] + [ return' (result:UInt64.t)-> {[%#svec58] UInt64.t'int result = Seq.length (view'1 self)} (! return' {result}) ] predicate inv'7 (_1 : UInt64.t) @@ -1062,14 +1062,14 @@ module M_index_range__test_range_to [#"index_range.rs" 78 0 78 22] axiom inv_axiom'7 [@rewrite] : forall x : UInt64.t [inv'7 x] . inv'7 x = true predicate in_bounds'1 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq Int32.t) = - [%#sslice67] UInt64.to_uint self < Seq.length seq + [%#sslice67] UInt64.t'int self < Seq.length seq predicate inv'8 (_1 : Int32.t) axiom inv_axiom'8 [@rewrite] : forall x : Int32.t [inv'8 x] . inv'8 x = true predicate has_value'1 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq Int32.t) (out : Int32.t) = - [%#sslice68] Seq.get seq (UInt64.to_uint self) = out + [%#sslice68] Seq.get seq (UInt64.t'int self) = out let rec index'1 (self:t_Vec'0) (index:UInt64.t) (return' (ret:Int32.t))= {[@expl:index 'self' type invariant] inv'0 self} {[@expl:index 'index' type invariant] inv'7 index} @@ -1098,7 +1098,7 @@ module M_index_range__test_range_to [#"index_range.rs" 78 0 78 22] | bb4 = s0 [ s0 = [ &_12 <- [%#sindex_range3] (0 : UInt64.t) ] s1 - | s1 = [ &_13 <- Slice.length s ] s2 + | s1 = [ &_13 <- Slice64.length s ] s2 | s2 = UInt64.lt {_12} {_13} (fun (_ret':bool) -> [ &_14 <- _ret' ] s3) | s3 = {[@expl:index in bounds] [%#sindex_range4] _14} s4 | s4 = bb5 ] @@ -1111,7 +1111,7 @@ module M_index_range__test_range_to [#"index_range.rs" 78 0 78 22] | bb6 = s0 [ s0 = [ &_17 <- [%#sindex_range6] (1 : UInt64.t) ] s1 - | s1 = [ &_18 <- Slice.length s ] s2 + | s1 = [ &_18 <- Slice64.length s ] s2 | s2 = UInt64.lt {_17} {_18} (fun (_ret':bool) -> [ &_19 <- _ret' ] s3) | s3 = {[@expl:index in bounds] [%#sindex_range7] _19} s4 | s4 = bb7 ] @@ -1159,7 +1159,7 @@ module M_index_range__test_range_to [#"index_range.rs" 78 0 78 22] | bb24 = s0 [ s0 = [ &_47 <- [%#sindex_range14] (0 : UInt64.t) ] s1 - | s1 = [ &_48 <- Slice.length s1.current ] s2 + | s1 = [ &_48 <- Slice64.length s1.current ] s2 | s2 = UInt64.lt {_47} {_48} (fun (_ret':bool) -> [ &_49 <- _ret' ] s3) | s3 = {[@expl:index in bounds] [%#sindex_range15] _49} s4 | s4 = bb26 ] @@ -1168,7 +1168,7 @@ module M_index_range__test_range_to [#"index_range.rs" 78 0 78 22] [ s0 = Slice64.set {s1.current} {_47} {[%#sindex_range16] (-1 : Int32.t)} (fun (r'0:slice Int32.t) -> [ &s1 <- { s1 with current = r'0 } ] s1) | s1 = [ &_50 <- [%#sindex_range17] (2 : UInt64.t) ] s2 - | s2 = [ &_51 <- Slice.length s1.current ] s3 + | s2 = [ &_51 <- Slice64.length s1.current ] s3 | s3 = UInt64.lt {_50} {_51} (fun (_ret':bool) -> [ &_52 <- _ret' ] s4) | s4 = {[@expl:index in bounds] [%#sindex_range18] _52} s5 | s5 = bb27 ] @@ -1177,7 +1177,7 @@ module M_index_range__test_range_to [#"index_range.rs" 78 0 78 22] [ s0 = Slice64.set {s1.current} {_50} {[%#sindex_range19] (-1 : Int32.t)} (fun (r'0:slice Int32.t) -> [ &s1 <- { s1 with current = r'0 } ] s1) | s1 = [ &_56 <- [%#sindex_range20] (1 : UInt64.t) ] s2 - | s2 = [ &_57 <- Slice.length s1.current ] s3 + | s2 = [ &_57 <- Slice64.length s1.current ] s3 | s3 = UInt64.lt {_56} {_57} (fun (_ret':bool) -> [ &_58 <- _ret' ] s4) | s4 = {[@expl:index in bounds] [%#sindex_range21] _58} s5 | s5 = bb28 ] @@ -1413,7 +1413,7 @@ module M_index_range__test_range_from [#"index_range.rs" 115 0 115 24] function view'0 (self : t_Vec'0) : Seq.seq Int32.t - axiom view'0_spec : forall self : t_Vec'0 . [%#svec61] Seq.length (view'0 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) + axiom view'0_spec : forall self : t_Vec'0 . [%#svec61] Seq.length (view'0 self) <= UInt64.t'int (v_MAX'0 : UInt64.t) use seq.Seq @@ -1448,7 +1448,7 @@ module M_index_range__test_range_from [#"index_range.rs" 115 0 115 24] [%#smodel63] view'0 self predicate in_bounds'0 (self : t_RangeFrom'0) (seq : Seq.seq Int32.t) = - [%#sslice64] UInt64.to_uint self.t_RangeFrom__start'0 <= Seq.length seq + [%#sslice64] UInt64.t'int self.t_RangeFrom__start'0 <= Seq.length seq use prelude.prelude.Slice64 @@ -1463,11 +1463,11 @@ module M_index_range__test_range_from [#"index_range.rs" 115 0 115 24] function view'4 (self : slice Int32.t) : Seq.seq Int32.t axiom view'4_spec : forall self : slice Int32.t . ([%#sslice71] Seq.length (view'4 self) - <= UInt64.to_uint (v_MAX'0 : UInt64.t)) + <= UInt64.t'int (v_MAX'0 : UInt64.t)) && ([%#sslice72] view'4 self = Slice64.id self) predicate has_value'0 (self : t_RangeFrom'0) (seq : Seq.seq Int32.t) (out : slice Int32.t) = - [%#sslice65] Seq.([..]) seq (UInt64.to_uint self.t_RangeFrom__start'0) (Seq.length seq) = view'4 out + [%#sslice65] Seq.([..]) seq (UInt64.t'int self.t_RangeFrom__start'0) (Seq.length seq) = view'4 out let rec index'0 (self:t_Vec'0) (index:t_RangeFrom'0) (return' (ret:slice Int32.t))= {[@expl:index 'self' type invariant] inv'0 self} {[@expl:index 'index' type invariant] inv'1 index} @@ -1483,7 +1483,7 @@ module M_index_range__test_range_from [#"index_range.rs" 115 0 115 24] let rec len'0 (self:slice Int32.t) (return' (ret:UInt64.t))= {[@expl:len 'self' type invariant] inv'2 self} any - [ return' (result:UInt64.t)-> {[%#sslice50] Seq.length (view'2 self) = UInt64.to_uint result} (! return' {result}) ] + [ return' (result:UInt64.t)-> {[%#sslice50] Seq.length (view'2 self) = UInt64.t'int result} (! return' {result}) ] let rec deref'0 (self:t_Vec'0) (return' (ret:slice Int32.t))= {[@expl:deref 'self' type invariant] inv'0 self} @@ -1528,7 +1528,7 @@ module M_index_range__test_range_from [#"index_range.rs" 115 0 115 24] axiom inv_axiom'6 [@rewrite] : forall x : borrowed (slice Int32.t) [inv'6 x] . inv'6 x = true predicate resolve_elswhere'0 (self : t_RangeFrom'0) (old' : Seq.seq Int32.t) (fin : Seq.seq Int32.t) = - [%#sslice67] forall i : int . 0 <= i /\ i < UInt64.to_uint self.t_RangeFrom__start'0 /\ i < Seq.length old' + [%#sslice67] forall i : int . 0 <= i /\ i < UInt64.t'int self.t_RangeFrom__start'0 /\ i < Seq.length old' -> Seq.get old' i = Seq.get fin i let rec index_mut'0 (self:borrowed (t_Vec'0)) (index:t_RangeFrom'0) (return' (ret:borrowed (slice Int32.t)))= {[@expl:index_mut 'self' type invariant] inv'5 self} @@ -1551,7 +1551,7 @@ module M_index_range__test_range_from [#"index_range.rs" 115 0 115 24] let rec len'1 (self:t_Vec'0) (return' (ret:UInt64.t))= {[@expl:len 'self' type invariant] inv'0 self} any - [ return' (result:UInt64.t)-> {[%#svec60] UInt64.to_uint result = Seq.length (view'1 self)} (! return' {result}) ] + [ return' (result:UInt64.t)-> {[%#svec60] UInt64.t'int result = Seq.length (view'1 self)} (! return' {result}) ] predicate inv'7 (_1 : UInt64.t) @@ -1559,14 +1559,14 @@ module M_index_range__test_range_from [#"index_range.rs" 115 0 115 24] axiom inv_axiom'7 [@rewrite] : forall x : UInt64.t [inv'7 x] . inv'7 x = true predicate in_bounds'1 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq Int32.t) = - [%#sslice69] UInt64.to_uint self < Seq.length seq + [%#sslice69] UInt64.t'int self < Seq.length seq predicate inv'8 (_1 : Int32.t) axiom inv_axiom'8 [@rewrite] : forall x : Int32.t [inv'8 x] . inv'8 x = true predicate has_value'1 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq Int32.t) (out : Int32.t) = - [%#sslice70] Seq.get seq (UInt64.to_uint self) = out + [%#sslice70] Seq.get seq (UInt64.t'int self) = out let rec index'1 (self:t_Vec'0) (index:UInt64.t) (return' (ret:Int32.t))= {[@expl:index 'self' type invariant] inv'0 self} {[@expl:index 'index' type invariant] inv'7 index} @@ -1595,7 +1595,7 @@ module M_index_range__test_range_from [#"index_range.rs" 115 0 115 24] | bb4 = s0 [ s0 = [ &_12 <- [%#sindex_range3] (0 : UInt64.t) ] s1 - | s1 = [ &_13 <- Slice.length s ] s2 + | s1 = [ &_13 <- Slice64.length s ] s2 | s2 = UInt64.lt {_12} {_13} (fun (_ret':bool) -> [ &_14 <- _ret' ] s3) | s3 = {[@expl:index in bounds] [%#sindex_range4] _14} s4 | s4 = bb5 ] @@ -1608,7 +1608,7 @@ module M_index_range__test_range_from [#"index_range.rs" 115 0 115 24] | bb6 = s0 [ s0 = [ &_17 <- [%#sindex_range6] (1 : UInt64.t) ] s1 - | s1 = [ &_18 <- Slice.length s ] s2 + | s1 = [ &_18 <- Slice64.length s ] s2 | s2 = UInt64.lt {_17} {_18} (fun (_ret':bool) -> [ &_19 <- _ret' ] s3) | s3 = {[@expl:index in bounds] [%#sindex_range7] _19} s4 | s4 = bb7 ] @@ -1664,7 +1664,7 @@ module M_index_range__test_range_from [#"index_range.rs" 115 0 115 24] | bb29 = s0 [ s0 = [ &_56 <- [%#sindex_range15] (0 : UInt64.t) ] s1 - | s1 = [ &_57 <- Slice.length s1.current ] s2 + | s1 = [ &_57 <- Slice64.length s1.current ] s2 | s2 = UInt64.lt {_56} {_57} (fun (_ret':bool) -> [ &_58 <- _ret' ] s3) | s3 = {[@expl:index in bounds] [%#sindex_range16] _58} s4 | s4 = bb31 ] @@ -1673,7 +1673,7 @@ module M_index_range__test_range_from [#"index_range.rs" 115 0 115 24] [ s0 = Slice64.set {s1.current} {_56} {[%#sindex_range17] (-1 : Int32.t)} (fun (r'0:slice Int32.t) -> [ &s1 <- { s1 with current = r'0 } ] s1) | s1 = [ &_59 <- [%#sindex_range18] (1 : UInt64.t) ] s2 - | s2 = [ &_60 <- Slice.length s1.current ] s3 + | s2 = [ &_60 <- Slice64.length s1.current ] s3 | s3 = UInt64.lt {_59} {_60} (fun (_ret':bool) -> [ &_61 <- _ret' ] s4) | s4 = {[@expl:index in bounds] [%#sindex_range19] _61} s5 | s5 = bb32 ] @@ -1682,7 +1682,7 @@ module M_index_range__test_range_from [#"index_range.rs" 115 0 115 24] [ s0 = Slice64.set {s1.current} {_59} {[%#sindex_range20] (-1 : Int32.t)} (fun (r'0:slice Int32.t) -> [ &s1 <- { s1 with current = r'0 } ] s1) | s1 = [ &_65 <- [%#sindex_range21] (2 : UInt64.t) ] s2 - | s2 = [ &_66 <- Slice.length s1.current ] s3 + | s2 = [ &_66 <- Slice64.length s1.current ] s3 | s3 = UInt64.lt {_65} {_66} (fun (_ret':bool) -> [ &_67 <- _ret' ] s4) | s4 = {[@expl:index in bounds] [%#sindex_range22] _67} s5 | s5 = bb33 ] @@ -1915,7 +1915,7 @@ module M_index_range__test_range_full [#"index_range.rs" 154 0 154 24] function view'0 (self : t_Vec'0) : Seq.seq Int32.t - axiom view'0_spec : forall self : t_Vec'0 . [%#svec53] Seq.length (view'0 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) + axiom view'0_spec : forall self : t_Vec'0 . [%#svec53] Seq.length (view'0 self) <= UInt64.t'int (v_MAX'0 : UInt64.t) use seq.Seq @@ -1960,7 +1960,7 @@ module M_index_range__test_range_full [#"index_range.rs" 154 0 154 24] function view'4 (self : slice Int32.t) : Seq.seq Int32.t axiom view'4_spec : forall self : slice Int32.t . ([%#sslice63] Seq.length (view'4 self) - <= UInt64.to_uint (v_MAX'0 : UInt64.t)) + <= UInt64.t'int (v_MAX'0 : UInt64.t)) && ([%#sslice64] view'4 self = Slice64.id self) predicate has_value'0 (self : ()) (seq : Seq.seq Int32.t) (out : slice Int32.t) = @@ -1980,7 +1980,7 @@ module M_index_range__test_range_full [#"index_range.rs" 154 0 154 24] let rec len'0 (self:slice Int32.t) (return' (ret:UInt64.t))= {[@expl:len 'self' type invariant] inv'2 self} any - [ return' (result:UInt64.t)-> {[%#sslice46] Seq.length (view'2 self) = UInt64.to_uint result} (! return' {result}) ] + [ return' (result:UInt64.t)-> {[%#sslice46] Seq.length (view'2 self) = UInt64.t'int result} (! return' {result}) ] predicate inv'3 (_1 : borrowed (t_Vec'0)) @@ -2017,7 +2017,7 @@ module M_index_range__test_range_full [#"index_range.rs" 154 0 154 24] let rec len'1 (self:t_Vec'0) (return' (ret:UInt64.t))= {[@expl:len 'self' type invariant] inv'0 self} any - [ return' (result:UInt64.t)-> {[%#svec52] UInt64.to_uint result = Seq.length (view'1 self)} (! return' {result}) ] + [ return' (result:UInt64.t)-> {[%#svec52] UInt64.t'int result = Seq.length (view'1 self)} (! return' {result}) ] predicate inv'5 (_1 : UInt64.t) @@ -2025,14 +2025,14 @@ module M_index_range__test_range_full [#"index_range.rs" 154 0 154 24] axiom inv_axiom'5 [@rewrite] : forall x : UInt64.t [inv'5 x] . inv'5 x = true predicate in_bounds'1 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq Int32.t) = - [%#sslice61] UInt64.to_uint self < Seq.length seq + [%#sslice61] UInt64.t'int self < Seq.length seq predicate inv'6 (_1 : Int32.t) axiom inv_axiom'6 [@rewrite] : forall x : Int32.t [inv'6 x] . inv'6 x = true predicate has_value'1 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq Int32.t) (out : Int32.t) = - [%#sslice62] Seq.get seq (UInt64.to_uint self) = out + [%#sslice62] Seq.get seq (UInt64.t'int self) = out let rec index'1 (self:t_Vec'0) (index:UInt64.t) (return' (ret:Int32.t))= {[@expl:index 'self' type invariant] inv'0 self} {[@expl:index 'index' type invariant] inv'5 index} @@ -2061,7 +2061,7 @@ module M_index_range__test_range_full [#"index_range.rs" 154 0 154 24] | bb4 = s0 [ s0 = [ &_12 <- [%#sindex_range2] (0 : UInt64.t) ] s1 - | s1 = [ &_13 <- Slice.length s ] s2 + | s1 = [ &_13 <- Slice64.length s ] s2 | s2 = UInt64.lt {_12} {_13} (fun (_ret':bool) -> [ &_14 <- _ret' ] s3) | s3 = {[@expl:index in bounds] [%#sindex_range3] _14} s4 | s4 = bb5 ] @@ -2074,7 +2074,7 @@ module M_index_range__test_range_full [#"index_range.rs" 154 0 154 24] | bb6 = s0 [ s0 = [ &_17 <- [%#sindex_range5] (1 : UInt64.t) ] s1 - | s1 = [ &_18 <- Slice.length s ] s2 + | s1 = [ &_18 <- Slice64.length s ] s2 | s2 = UInt64.lt {_17} {_18} (fun (_ret':bool) -> [ &_19 <- _ret' ] s3) | s3 = {[@expl:index in bounds] [%#sindex_range6] _19} s4 | s4 = bb7 ] @@ -2087,7 +2087,7 @@ module M_index_range__test_range_full [#"index_range.rs" 154 0 154 24] | bb8 = s0 [ s0 = [ &_22 <- [%#sindex_range8] (2 : UInt64.t) ] s1 - | s1 = [ &_23 <- Slice.length s ] s2 + | s1 = [ &_23 <- Slice64.length s ] s2 | s2 = UInt64.lt {_22} {_23} (fun (_ret':bool) -> [ &_24 <- _ret' ] s3) | s3 = {[@expl:index in bounds] [%#sindex_range9] _24} s4 | s4 = bb9 ] @@ -2100,7 +2100,7 @@ module M_index_range__test_range_full [#"index_range.rs" 154 0 154 24] | bb10 = s0 [ s0 = [ &_27 <- [%#sindex_range11] (3 : UInt64.t) ] s1 - | s1 = [ &_28 <- Slice.length s ] s2 + | s1 = [ &_28 <- Slice64.length s ] s2 | s2 = UInt64.lt {_27} {_28} (fun (_ret':bool) -> [ &_29 <- _ret' ] s3) | s3 = {[@expl:index in bounds] [%#sindex_range12] _29} s4 | s4 = bb11 ] @@ -2113,7 +2113,7 @@ module M_index_range__test_range_full [#"index_range.rs" 154 0 154 24] | bb12 = s0 [ s0 = [ &_32 <- [%#sindex_range14] (4 : UInt64.t) ] s1 - | s1 = [ &_33 <- Slice.length s ] s2 + | s1 = [ &_33 <- Slice64.length s ] s2 | s2 = UInt64.lt {_32} {_33} (fun (_ret':bool) -> [ &_34 <- _ret' ] s3) | s3 = {[@expl:index in bounds] [%#sindex_range15] _34} s4 | s4 = bb13 ] @@ -2143,7 +2143,7 @@ module M_index_range__test_range_full [#"index_range.rs" 154 0 154 24] | bb24 = s0 [ s0 = [ &_45 <- [%#sindex_range18] (1 : UInt64.t) ] s1 - | s1 = [ &_46 <- Slice.length s1.current ] s2 + | s1 = [ &_46 <- Slice64.length s1.current ] s2 | s2 = UInt64.lt {_45} {_46} (fun (_ret':bool) -> [ &_47 <- _ret' ] s3) | s3 = {[@expl:index in bounds] [%#sindex_range19] _47} s4 | s4 = bb26 ] @@ -2152,7 +2152,7 @@ module M_index_range__test_range_full [#"index_range.rs" 154 0 154 24] [ s0 = Slice64.set {s1.current} {_45} {[%#sindex_range20] (-1 : Int32.t)} (fun (r'0:slice Int32.t) -> [ &s1 <- { s1 with current = r'0 } ] s1) | s1 = [ &_48 <- [%#sindex_range21] (3 : UInt64.t) ] s2 - | s2 = [ &_49 <- Slice.length s1.current ] s3 + | s2 = [ &_49 <- Slice64.length s1.current ] s3 | s3 = UInt64.lt {_48} {_49} (fun (_ret':bool) -> [ &_50 <- _ret' ] s4) | s4 = {[@expl:index in bounds] [%#sindex_range22] _50} s5 | s5 = bb27 ] @@ -2382,7 +2382,7 @@ module M_index_range__test_range_to_inclusive [#"index_range.rs" 179 0 179 32] function view'0 (self : t_Vec'0) : Seq.seq Int32.t - axiom view'0_spec : forall self : t_Vec'0 . [%#svec56] Seq.length (view'0 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) + axiom view'0_spec : forall self : t_Vec'0 . [%#svec56] Seq.length (view'0 self) <= UInt64.t'int (v_MAX'0 : UInt64.t) use seq.Seq @@ -2417,7 +2417,7 @@ module M_index_range__test_range_to_inclusive [#"index_range.rs" 179 0 179 32] [%#smodel58] view'0 self predicate in_bounds'0 (self : t_RangeToInclusive'0) (seq : Seq.seq Int32.t) = - [%#sslice59] UInt64.to_uint self.t_RangeToInclusive__end'0 < Seq.length seq + [%#sslice59] UInt64.t'int self.t_RangeToInclusive__end'0 < Seq.length seq use prelude.prelude.Slice64 @@ -2432,11 +2432,11 @@ module M_index_range__test_range_to_inclusive [#"index_range.rs" 179 0 179 32] function view'4 (self : slice Int32.t) : Seq.seq Int32.t axiom view'4_spec : forall self : slice Int32.t . ([%#sslice66] Seq.length (view'4 self) - <= UInt64.to_uint (v_MAX'0 : UInt64.t)) + <= UInt64.t'int (v_MAX'0 : UInt64.t)) && ([%#sslice67] view'4 self = Slice64.id self) predicate has_value'0 (self : t_RangeToInclusive'0) (seq : Seq.seq Int32.t) (out : slice Int32.t) = - [%#sslice60] Seq.([..]) seq 0 (UInt64.to_uint self.t_RangeToInclusive__end'0 + 1) = view'4 out + [%#sslice60] Seq.([..]) seq 0 (UInt64.t'int self.t_RangeToInclusive__end'0 + 1) = view'4 out let rec index'0 (self:t_Vec'0) (index:t_RangeToInclusive'0) (return' (ret:slice Int32.t))= {[@expl:index 'self' type invariant] inv'0 self} {[@expl:index 'index' type invariant] inv'1 index} @@ -2452,7 +2452,7 @@ module M_index_range__test_range_to_inclusive [#"index_range.rs" 179 0 179 32] let rec len'0 (self:slice Int32.t) (return' (ret:UInt64.t))= {[@expl:len 'self' type invariant] inv'2 self} any - [ return' (result:UInt64.t)-> {[%#sslice45] Seq.length (view'2 self) = UInt64.to_uint result} (! return' {result}) ] + [ return' (result:UInt64.t)-> {[%#sslice45] Seq.length (view'2 self) = UInt64.t'int result} (! return' {result}) ] let rec deref'0 (self:t_Vec'0) (return' (ret:slice Int32.t))= {[@expl:deref 'self' type invariant] inv'0 self} @@ -2497,7 +2497,7 @@ module M_index_range__test_range_to_inclusive [#"index_range.rs" 179 0 179 32] axiom inv_axiom'6 [@rewrite] : forall x : borrowed (slice Int32.t) [inv'6 x] . inv'6 x = true predicate resolve_elswhere'0 (self : t_RangeToInclusive'0) (old' : Seq.seq Int32.t) (fin : Seq.seq Int32.t) = - [%#sslice62] forall i : int . UInt64.to_uint self.t_RangeToInclusive__end'0 < i /\ i < Seq.length old' + [%#sslice62] forall i : int . UInt64.t'int self.t_RangeToInclusive__end'0 < i /\ i < Seq.length old' -> Seq.get old' i = Seq.get fin i let rec index_mut'0 (self:borrowed (t_Vec'0)) (index:t_RangeToInclusive'0) (return' (ret:borrowed (slice Int32.t)))= {[@expl:index_mut 'self' type invariant] inv'5 self} @@ -2520,7 +2520,7 @@ module M_index_range__test_range_to_inclusive [#"index_range.rs" 179 0 179 32] let rec len'1 (self:t_Vec'0) (return' (ret:UInt64.t))= {[@expl:len 'self' type invariant] inv'0 self} any - [ return' (result:UInt64.t)-> {[%#svec55] UInt64.to_uint result = Seq.length (view'1 self)} (! return' {result}) ] + [ return' (result:UInt64.t)-> {[%#svec55] UInt64.t'int result = Seq.length (view'1 self)} (! return' {result}) ] predicate inv'7 (_1 : UInt64.t) @@ -2528,14 +2528,14 @@ module M_index_range__test_range_to_inclusive [#"index_range.rs" 179 0 179 32] axiom inv_axiom'7 [@rewrite] : forall x : UInt64.t [inv'7 x] . inv'7 x = true predicate in_bounds'1 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq Int32.t) = - [%#sslice64] UInt64.to_uint self < Seq.length seq + [%#sslice64] UInt64.t'int self < Seq.length seq predicate inv'8 (_1 : Int32.t) axiom inv_axiom'8 [@rewrite] : forall x : Int32.t [inv'8 x] . inv'8 x = true predicate has_value'1 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq Int32.t) (out : Int32.t) = - [%#sslice65] Seq.get seq (UInt64.to_uint self) = out + [%#sslice65] Seq.get seq (UInt64.t'int self) = out let rec index'1 (self:t_Vec'0) (index:UInt64.t) (return' (ret:Int32.t))= {[@expl:index 'self' type invariant] inv'0 self} {[@expl:index 'index' type invariant] inv'7 index} @@ -2564,7 +2564,7 @@ module M_index_range__test_range_to_inclusive [#"index_range.rs" 179 0 179 32] | bb4 = s0 [ s0 = [ &_12 <- [%#sindex_range3] (0 : UInt64.t) ] s1 - | s1 = [ &_13 <- Slice.length s ] s2 + | s1 = [ &_13 <- Slice64.length s ] s2 | s2 = UInt64.lt {_12} {_13} (fun (_ret':bool) -> [ &_14 <- _ret' ] s3) | s3 = {[@expl:index in bounds] [%#sindex_range4] _14} s4 | s4 = bb5 ] @@ -2577,7 +2577,7 @@ module M_index_range__test_range_to_inclusive [#"index_range.rs" 179 0 179 32] | bb6 = s0 [ s0 = [ &_17 <- [%#sindex_range6] (1 : UInt64.t) ] s1 - | s1 = [ &_18 <- Slice.length s ] s2 + | s1 = [ &_18 <- Slice64.length s ] s2 | s2 = UInt64.lt {_17} {_18} (fun (_ret':bool) -> [ &_19 <- _ret' ] s3) | s3 = {[@expl:index in bounds] [%#sindex_range7] _19} s4 | s4 = bb7 ] @@ -2615,7 +2615,7 @@ module M_index_range__test_range_to_inclusive [#"index_range.rs" 179 0 179 32] | bb20 = s0 [ s0 = [ &_39 <- [%#sindex_range12] (0 : UInt64.t) ] s1 - | s1 = [ &_40 <- Slice.length s1.current ] s2 + | s1 = [ &_40 <- Slice64.length s1.current ] s2 | s2 = UInt64.lt {_39} {_40} (fun (_ret':bool) -> [ &_41 <- _ret' ] s3) | s3 = {[@expl:index in bounds] [%#sindex_range13] _41} s4 | s4 = bb22 ] @@ -2624,7 +2624,7 @@ module M_index_range__test_range_to_inclusive [#"index_range.rs" 179 0 179 32] [ s0 = Slice64.set {s1.current} {_39} {[%#sindex_range14] (-1 : Int32.t)} (fun (r'0:slice Int32.t) -> [ &s1 <- { s1 with current = r'0 } ] s1) | s1 = [ &_42 <- [%#sindex_range15] (2 : UInt64.t) ] s2 - | s2 = [ &_43 <- Slice.length s1.current ] s3 + | s2 = [ &_43 <- Slice64.length s1.current ] s3 | s3 = UInt64.lt {_42} {_43} (fun (_ret':bool) -> [ &_44 <- _ret' ] s4) | s4 = {[@expl:index in bounds] [%#sindex_range16] _44} s5 | s5 = bb23 ] @@ -2633,7 +2633,7 @@ module M_index_range__test_range_to_inclusive [#"index_range.rs" 179 0 179 32] [ s0 = Slice64.set {s1.current} {_42} {[%#sindex_range17] (-1 : Int32.t)} (fun (r'0:slice Int32.t) -> [ &s1 <- { s1 with current = r'0 } ] s1) | s1 = [ &_48 <- [%#sindex_range18] (1 : UInt64.t) ] s2 - | s2 = [ &_49 <- Slice.length s1.current ] s3 + | s2 = [ &_49 <- Slice64.length s1.current ] s3 | s3 = UInt64.lt {_48} {_49} (fun (_ret':bool) -> [ &_50 <- _ret' ] s4) | s4 = {[@expl:index in bounds] [%#sindex_range19] _50} s5 | s5 = bb24 ] diff --git a/creusot/tests/should_succeed/inferred_invariants.coma b/creusot/tests/should_succeed/inferred_invariants.coma index 2279c8e187..29564472de 100644 --- a/creusot/tests/should_succeed/inferred_invariants.coma +++ b/creusot/tests/should_succeed/inferred_invariants.coma @@ -324,7 +324,7 @@ module M_inferred_invariants__y [#"inferred_invariants.rs" 41 0 41 26] function view'3 (self : t_Vec'0) : Seq.seq Int32.t - axiom view'3_spec : forall self : t_Vec'0 . [%#svec16] Seq.length (view'3 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) + axiom view'3_spec : forall self : t_Vec'0 . [%#svec16] Seq.length (view'3 self) <= UInt64.t'int (v_MAX'0 : UInt64.t) function view'1 (self : borrowed (t_Vec'0)) : Seq.seq Int32.t = [%#smodel8] view'3 self.current @@ -343,9 +343,7 @@ module M_inferred_invariants__y [#"inferred_invariants.rs" 41 0 41 26] [%#smodel15] view'3 self let rec len'0 (self:t_Vec'0) (return' (ret:UInt64.t))= {[@expl:len 'self' type invariant] inv'0 self} - any - [ return' (result:UInt64.t)-> {[%#svec9] UInt64.to_uint result = Seq.length (view'4 self)} (! return' {result}) ] - + any [ return' (result:UInt64.t)-> {[%#svec9] UInt64.t'int result = Seq.length (view'4 self)} (! return' {result}) ] predicate inv'1 (_1 : borrowed (t_Vec'0)) @@ -356,7 +354,7 @@ module M_inferred_invariants__y [#"inferred_invariants.rs" 41 0 41 26] axiom inv_axiom'2 [@rewrite] : forall x : UInt64.t [inv'2 x] . inv'2 x = true predicate in_bounds'0 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq Int32.t) = - [%#sslice17] UInt64.to_uint self < Seq.length seq + [%#sslice17] UInt64.t'int self < Seq.length seq predicate inv'3 (_1 : borrowed Int32.t) @@ -365,10 +363,10 @@ module M_inferred_invariants__y [#"inferred_invariants.rs" 41 0 41 26] use seq.Seq predicate has_value'0 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq Int32.t) (out : Int32.t) = - [%#sslice18] Seq.get seq (UInt64.to_uint self) = out + [%#sslice18] Seq.get seq (UInt64.t'int self) = out predicate resolve_elswhere'0 [@inline:trivial] (self : UInt64.t) (old' : Seq.seq Int32.t) (fin : Seq.seq Int32.t) = - [%#sslice19] forall i : int . 0 <= i /\ i <> UInt64.to_uint self /\ i < Seq.length old' + [%#sslice19] forall i : int . 0 <= i /\ i <> UInt64.t'int self /\ i < Seq.length old' -> Seq.get old' i = Seq.get fin i let rec index_mut'0 (self:borrowed (t_Vec'0)) (index:UInt64.t) (return' (ret:borrowed Int32.t))= {[@expl:index_mut 'self' type invariant] inv'1 self} @@ -409,7 +407,7 @@ module M_inferred_invariants__y [#"inferred_invariants.rs" 41 0 41 26] | bb2 = bb2 [ bb2 = {[@expl:mut invariant] (Snapshot.inner old_2_0).final = v.final} {[@expl:loop invariant #0] [%#sinferred_invariants3] Seq.length (view'0 old_v) = Seq.length (view'1 v)} - {[@expl:loop invariant #1] [%#sinferred_invariants2] UInt64.to_uint i <= 10} + {[@expl:loop invariant #1] [%#sinferred_invariants2] UInt64.t'int i <= 10} (! s0) [ s0 = bb3 ] [ bb3 = s0 [ s0 = len'0 {v.current} (fun (_ret':UInt64.t) -> [ &_11 <- _ret' ] s1) | s1 = bb4 ] | bb4 = s0 diff --git a/creusot/tests/should_succeed/inferred_invariants/why3session.xml b/creusot/tests/should_succeed/inferred_invariants/why3session.xml index 8672dbfe04..7aaa17c66c 100644 --- a/creusot/tests/should_succeed/inferred_invariants/why3session.xml +++ b/creusot/tests/should_succeed/inferred_invariants/why3session.xml @@ -33,7 +33,7 @@ - + diff --git a/creusot/tests/should_succeed/inferred_invariants/why3shapes.gz b/creusot/tests/should_succeed/inferred_invariants/why3shapes.gz index 6164b4a01f84bb2cc2ac8cbef15ae57805577f95..01c86be900b4db67e1747f1f321dd798925ef681 100644 GIT binary patch literal 1258 zcmVTp5=l{yj}-Ia<6Ze^o^5&eV$bF7c=&WD?>_zzncd;V zoOk9>-4jht?$Ze?FGQ^X8!xOP`}AD>wXNN?+a^7p&&OAr-#`7KnJIP$v)9z@a!r?J z(R`!k!Jf^*zH0Cq%WHF!UCw8Fs5I3~^X630Y}KejzwHA;VdjL^4&$B+B)r{BNK8xf zV5=?Oi_L}3weWg)gR?D<`xiSxNw!BbbHm$6?zAqHKoVcQ7r-y*zwp;b z9D5=0hOrlt&IEJV$x^FXULaL{zUi$zjjQ6Vx_J-tS69$G#6K_0-X0#RNAt3?ulGz7 zQ{C?lm3i6zw*38`tfFcH;L7KQ`rJ^zhSytp!LMO$uDnnm*&Jc=T&oN+Agn{A?5$I%ZGX{J$Y!?| z(dNngxxJw3)|AcKH}iSQk*Qvf+h@slji&RV!zdS(G9dr$G0HXvNc+neQ6y_FxjYf z>Rm072qPK{72LT^G2r?DTiyqbO1@+qN8ed2a;{dSyZbghUJiNrHgFWnyKO>LE8k&e zbXS`e4N6Yc<{E^^ho(tJf*$Bv(*j#tgWaNkQL@R(_k`unsztn-d%5|j;zd~TBB=Os zZ!uU`*kxGQ^@e#u=myJLeI4}&5%h;aHxReF!4|z<%I)!B>umpYb9>5HbN`x$8&f`1 z?qcNBfzo%uz$VyVZH8FS%}9I|CI+Sx6HH12ylIFx9pN3nAMbdKH@$^7{U7nB1H4&? zH*N7`W4!4QZ+4A0Oyk`(;{o1ez7WV}s2e=q!I0iP-ryf^=nAr*8?t@|b|Xt)r7(P3 z$c@2s*dQ=n-gUq<7#-?{&Txzj$unv0b922pA{W5>+2uyT0llWZPta{9jQ>o(8Q-_2 z$YeCjFK}i0p9*Ht|5e$Hr}?>lKd_wtlaq9Ra#oK2SnkN&o^I|fRW+Gw(Z8QvGsC_< z*~F@#Jl=XQsK;YsvyWuV$>}G>`+}+etT&wj9d$%tVN1keZ$w-EFKElhU9oXD)fR(; zZZa>5@{Hthl5(qP8W%=LS#ZMh%x1B&h8K5q4QmpqB*~SM39d7h@+1MJGHI;=LR7{8 z)flQJGNYN03UXl~ry?sD&`icD2f=|VRO6_|DJv3b2o$2=c_9fUIJ6~2t`d>r{ZLJ< zzLaD66~{A03*0*j(t`h@gizIJ$DbJ-ZP~vN@XB8{S45xBQ4ki+e3TNOQU9afm99ornmAmu8Ozn<~__$uAujbe}1rAw|lIf?0Mr}@0lUC z+OJQWU1iVf-xj~$lO(DpAg)4oXvhu?Yk0vV2w@GYGYLX{XgI{?xltKpKzzydLm_q1 ziNP9}i{7|218ae-?CG)Z^-!$r&*Rg=ce8&Ljr}pK7}e=6>}l(~N^Sp(p+a7^YZ0xU z?Vq*k+Lo8KZ}#)FD_gzp*DsjMvVtG<>lM(QLOf+D^a6D%bC$lRt+YU z9I90m0x={by%y*@(*t(43tkW1gOW`aeIP0KRt?J4+{4YAQV*3bLZy2kMI-n+FSiaM z@a0_g%emgL&j{3D*{H9ht{{3{q3r>~Lq;87jb2aXdcSjZc7M9LJ>~0i|C)O%TRv9) zV&u?*(lo%KO>aM04Y8gZk$BQi3`{4cHz*D8rhUBW2=Dm)c*kSB=`FnJ|A;po;LZAY z(*{pA#+wfDX4iPbG~R6k9^g&p3xTYLy1kdXH>0;NH-wiP+JfxHhO8Tb{lwB$DGc8e za%1iswgXI8aNT1Xj1KiPXMc+9lV{RAqd|s+!ET7~agbnPFd_ zY+_ZfJl=XQXuxA)vx{WR$>}F0_=2gwtT&wj9d$%t{g#LW-iWsRU(lA1yW+*&R9oyF zbdz~elxHN5b;_NhX(SNl@Hc?F1*eCW2?q6+loiMt?GAAapF!qEONmSs{g_v|u8$PRGjo1HJ^d z1QcKiWT~SZgyL}~vqBfKV4#H1sUyzjv5;v_y^V-8SE*{p`dkSQ4s(DLX&SV diff --git a/creusot/tests/should_succeed/insertion_sort.coma b/creusot/tests/should_succeed/insertion_sort.coma index 36168092f5..185c7bb85e 100644 --- a/creusot/tests/should_succeed/insertion_sort.coma +++ b/creusot/tests/should_succeed/insertion_sort.coma @@ -49,7 +49,7 @@ module M_insertion_sort__insertion_sort [#"insertion_sort.rs" 21 0 21 40] let%span srange47 = "../../../creusot-contracts/src/std/iter/range.rs" 42 15 42 32 let%span srange48 = "../../../creusot-contracts/src/std/iter/range.rs" 43 15 43 32 let%span srange49 = "../../../creusot-contracts/src/std/iter/range.rs" 44 14 44 42 - let%span snum50 = "../../../creusot-contracts/src/std/num.rs" 52 28 52 33 + let%span snum50 = "../../../creusot-contracts/src/std/num.rs" 54 32 54 37 let%span srange51 = "../../../creusot-contracts/src/std/iter/range.rs" 15 12 15 78 let%span sresolve52 = "../../../creusot-contracts/src/resolve.rs" 54 20 54 34 let%span sord53 = "../../../creusot-contracts/src/logic/ord.rs" 78 39 78 89 @@ -110,7 +110,7 @@ module M_insertion_sort__insertion_sort [#"insertion_sort.rs" 21 0 21 40] function view'2 (self : slice Int32.t) : Seq.seq Int32.t axiom view'2_spec : forall self : slice Int32.t . ([%#sslice36] Seq.length (view'2 self) - <= UInt64.to_uint (v_MAX'0 : UInt64.t)) + <= UInt64.t'int (v_MAX'0 : UInt64.t)) && ([%#sslice37] view'2 self = Slice64.id self) function view'3 (self : slice Int32.t) : Seq.seq Int32.t = @@ -118,7 +118,7 @@ module M_insertion_sort__insertion_sort [#"insertion_sort.rs" 21 0 21 40] let rec len'0 (self:slice Int32.t) (return' (ret:UInt64.t))= {[@expl:len 'self' type invariant] inv'2 self} any - [ return' (result:UInt64.t)-> {[%#sslice23] Seq.length (view'3 self) = UInt64.to_uint result} (! return' {result}) ] + [ return' (result:UInt64.t)-> {[%#sslice23] Seq.length (view'3 self) = UInt64.t'int result} (! return' {result}) ] type t_Range'0 = @@ -235,7 +235,7 @@ module M_insertion_sort__insertion_sort [#"insertion_sort.rs" 21 0 21 40] use seq.Seq function deep_model'0 (self : UInt64.t) : int = - [%#snum50] UInt64.to_uint self + [%#snum50] UInt64.t'int self use seq.Seq @@ -305,7 +305,7 @@ module M_insertion_sort__insertion_sort [#"insertion_sort.rs" 21 0 21 40] function index_logic'0 [@inline:trivial] (self : slice Int32.t) (ix : UInt64.t) : Int32.t = - [%#sops31] Seq.get (view'2 self) (UInt64.to_uint ix) + [%#sops31] Seq.get (view'2 self) (UInt64.t'int ix) function index_logic'1 [@inline:trivial] (self : slice Int32.t) (ix : int) : Int32.t = [%#sops32] Seq.get (view'2 self) ix @@ -369,10 +369,10 @@ module M_insertion_sort__insertion_sort [#"insertion_sort.rs" 21 0 21 40] use seq.Permut let rec swap'0 (self:borrowed (slice Int32.t)) (a:UInt64.t) (b:UInt64.t) (return' (ret:()))= {[@expl:swap 'self' type invariant] inv'5 self} - {[@expl:swap requires #0] [%#sslice33] UInt64.to_uint a < Seq.length (view'1 self)} - {[@expl:swap requires #1] [%#sslice34] UInt64.to_uint b < Seq.length (view'1 self)} + {[@expl:swap requires #0] [%#sslice33] UInt64.t'int a < Seq.length (view'1 self)} + {[@expl:swap requires #1] [%#sslice34] UInt64.t'int b < Seq.length (view'1 self)} any - [ return' (result:())-> {[%#sslice35] Permut.exchange (view'2 self.final) (view'1 self) (UInt64.to_uint a) (UInt64.to_uint b)} + [ return' (result:())-> {[%#sslice35] Permut.exchange (view'2 self.final) (view'1 self) (UInt64.t'int a) (UInt64.t'int b)} (! return' {result}) ] @@ -413,7 +413,7 @@ module M_insertion_sort__insertion_sort [#"insertion_sort.rs" 21 0 21 40] {[@expl:for invariant] [%#sinsertion_sort7] produces'0 (Snapshot.inner iter_old) (Snapshot.inner produced) iter} {[@expl:loop invariant #0] [%#sinsertion_sort6] sorted_range'0 (view'1 array) 0 (Seq.length (Snapshot.inner produced) + 1)} - {[@expl:loop invariant #1] [%#sinsertion_sort5] Seq.length (view'1 array) = UInt64.to_uint n} + {[@expl:loop invariant #1] [%#sinsertion_sort5] Seq.length (view'1 array) = UInt64.t'int n} {[@expl:loop invariant #2] [%#sinsertion_sort4] permutation_of'0 (view'0 original) (view'1 array)} (! s0) [ s0 = bb7 ] [ bb7 = s0 @@ -450,14 +450,14 @@ module M_insertion_sort__insertion_sort [#"insertion_sort.rs" 21 0 21 40] | bb14 = bb14 [ bb14 = {[@expl:mut invariant] (Snapshot.inner old_14_0).final = array.final} {[@expl:loop invariant #0] [%#sinsertion_sort13] UInt64.ule j i} - {[@expl:loop invariant #1] [%#sinsertion_sort12] Seq.length (view'1 array) = UInt64.to_uint n} + {[@expl:loop invariant #1] [%#sinsertion_sort12] Seq.length (view'1 array) = UInt64.t'int n} {[@expl:loop invariant #2] [%#sinsertion_sort11] permutation_of'0 (view'0 original) (view'1 array)} {[@expl:loop invariant #3] [%#sinsertion_sort10] forall a : int, b : int . 0 <= a - /\ a <= b /\ b <= UInt64.to_uint i - -> a <> UInt64.to_uint j - -> b <> UInt64.to_uint j -> Int32.sle (index_logic'1 array.current a) (index_logic'1 array.current b)} - {[@expl:loop invariant #4] [%#sinsertion_sort9] forall a : int . UInt64.to_uint j + 1 <= a - /\ a <= UInt64.to_uint i -> Int32.slt (index_logic'0 array.current j) (index_logic'1 array.current a)} + /\ a <= b /\ b <= UInt64.t'int i + -> a <> UInt64.t'int j + -> b <> UInt64.t'int j -> Int32.sle (index_logic'1 array.current a) (index_logic'1 array.current b)} + {[@expl:loop invariant #4] [%#sinsertion_sort9] forall a : int . UInt64.t'int j + 1 <= a + /\ a <= UInt64.t'int i -> Int32.slt (index_logic'0 array.current j) (index_logic'1 array.current a)} (! s0) [ s0 = bb15 ] [ bb15 = s0 [ s0 = UInt64.gt {j} {[%#sinsertion_sort14] (0 : UInt64.t)} (fun (_ret':bool) -> [ &_37 <- _ret' ] s1) @@ -466,14 +466,14 @@ module M_insertion_sort__insertion_sort [#"insertion_sort.rs" 21 0 21 40] | bb16 = s0 [ s0 = UInt64.sub {j} {[%#sinsertion_sort15] (1 : UInt64.t)} (fun (_ret':UInt64.t) -> [ &_42 <- _ret' ] s1) - | s1 = [ &_44 <- Slice.length array.current ] s2 + | s1 = [ &_44 <- Slice64.length array.current ] s2 | s2 = UInt64.lt {_42} {_44} (fun (_ret':bool) -> [ &_45 <- _ret' ] s3) | s3 = {[@expl:index in bounds] [%#sinsertion_sort16] _45} s4 | s4 = bb17 ] | bb17 = s0 [ s0 = [ &_47 <- j ] s1 - | s1 = [ &_48 <- Slice.length array.current ] s2 + | s1 = [ &_48 <- Slice64.length array.current ] s2 | s2 = UInt64.lt {_47} {_48} (fun (_ret':bool) -> [ &_49 <- _ret' ] s3) | s3 = {[@expl:index in bounds] [%#sinsertion_sort17] _49} s4 | s4 = bb18 ] diff --git a/creusot/tests/should_succeed/insertion_sort/why3session.xml b/creusot/tests/should_succeed/insertion_sort/why3session.xml index 2d6fe93227..683bffcebc 100644 --- a/creusot/tests/should_succeed/insertion_sort/why3session.xml +++ b/creusot/tests/should_succeed/insertion_sort/why3session.xml @@ -9,157 +9,157 @@ - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - - + + - + - + - + - + - + - + - + - + - + - + - + - - + + - + - + - + - - + + - + - + - + - + - + - + - + diff --git a/creusot/tests/should_succeed/insertion_sort/why3shapes.gz b/creusot/tests/should_succeed/insertion_sort/why3shapes.gz index e8cf922ab02492ae4edf9c94c968dbb8141350c2..c5652b380777a8fc0a2d3dc995ba92f591704b12 100644 GIT binary patch literal 3154 zcmV-Y46XAYiwFP!00000|J_iuOTVXS=%}QtvOR&U3XV~P44giI9|T@w|P1Klo!j%eD>$D8vpSR zqt!=0nSHtt4ZB)DjQnf=X_7zFGxw9!@Js*GYd_7icdPf?h1JDmw(_5@|9<(O3wE`Z z!y0k5eyDQdhuiDv{2jf@2K+DAfBAUlrx)y_e_aVz`z)$KV)0LxWRiKin5Vm#mz7iaSFai&8-a~b zZ}yhp7*Vv$@MfK7wRzgo#6XAk`NQq%S9;j6=uOe^MwqM3)0#>;?A7LJO@&7Gm0F*6 zgTot1e_~K%m2@>=qn+|-q0yS8<&&jG>#C7>s@P~5iQ{;=(V}joZD6>?9Hr{I07DT_ z|4tMfEr|x?e$MZx;9By2eGo4+fIEeBM+Mi?hB8$HyM=j21=rFJ1d_RSpqvV>C2ul~ z4fffqPou8m_;|NiWNIdUvGBi+sL_lsmU&t(#;ad%^O$)2V&Z43YS?ZUlKUI`j2 zvau7*{ObCje)cY3u!|4>jeNaGeDmuGS$Rs)hT-~lku~SZn&o`4 z%ISL1S=>dPcUDB^U#+t-*dO_5I-lQe)sKJ2hPmU%ayHyW7To3qx$9Rnu&(E2Z3Ekh z%&xct3F54X^8Fz8u}bS?*7Thf!S%*|$34;Ghv8dqj{HQd_@KbQE;PN5(uetCG5?$s z)n9988;Ey#bv;Q(*D3_yqgnp4I(=BE8TV$1(JwyEKip0;xlYFXU)rdPyq(W#%yxrb zIhK>zI}$ygHOO00zg+)o{((4~jsE&DpMJ^%<&}Bk4F$Mo->BN|+Xn1`1Rl!~ZCd6< z&B>_*@!jNzy@NfO^?R?Y=5d}a@5re3^mL}IWt_Kd;Aa;o|D`>Po7XbQ({#i)Z zXa@3Op$&=$*5wxXMFI%D@`ehp~dcJA{^=hAwX2Uv=2Z34b*~o^T zuhVjW^bW!U=jC2>xxd*ObhKNE-_)(dgQ*e^q)Hs5>SjMlH(!yS2SP3=8uyz5oiaF7 zw#oZVr0S|SqMv<*43*M9#ENA5KuZ7b#a$j%Tt_>OENtJe{B)Vmnt$RDM7(-6oN1fZ zyG?vI9&1-U8(^Fvw->R$h+V>^Eua`msB;lm=?rV`eMO}AUm-7|P^tC9}+ILz;6X}M$5&AHa# zjx{%Da}VEl^!9nn)75eyX4JyR>-Kw!BjLMe^EE2RPPGi;m=j_ z^}@IBo8!CB(B7T)kj+3gogQk8NsN}C{p~5p_EX<<2BGZ_+1b+9*Pa%ltYzN(c4>5Y z@|XC&9{nA_Bfdi7z`x$IZgj1QCkNO7H}0XWDqa4@5qGZqJ+RbUy$6=ov?If^l{j>admkZ^;U*F zLW4HA8U}(osvJ^V8(_}{;v!NXZY@dqJ;hn?QiqjUU2p5MQBW^U^l^FLNjbvbn}ihE z{@k?&w>BQYl8TPj``_$M*e?3(5le5I8GG4&ZB>_druQzxn_(ZRR-W!6q`HkiAB1=v zTfAI%xvJ#BHn$OXx!Z6%iC?q%WY6F5e6xUEk)%f1cG#R*G{*{KKlw+Y9I@OF<7yw- z-uIQP)*nNe6~jNgyFon~1@Nf3h$5+An2{o+BpI@x0?)~WF=y6sDV$JFpcCMPbb?;F z6U=d1GmdM=mE-6*5UbJ99*-pzG| zkEL`J%x|hwv&^{A5OZW%TSP%YWtdqAh&G0?)J`fV(MkA*YK2xZdn*!n$gFr?$V;nY z@kvJ1Y%Hyl=DTPnFk>^74%5XKmI~EWP?S^Vskk7vn&CSs2N^TVm}Ds-1eP!x5a)-B9^fNr{rTiOat(-=u!D;C<8OtBvYOivj z(}E%qN+~5OW~eV}DU!@Wz}N_9xHHUY>$G`vdyP##M_bV6Vs$o{sb(z!Sf+Irwmsuk zILn=7&X5G-jCMvjgU*06@=>gg*--m7#efgqivYY(Ne51VltOM*MMPFULBm0K=0%~) z4^tKuWJ0nM47Wg^~obfFkc@FsXuYOH~8G7*tW$u|ftuZ6}KI(W9Yj z8(s0G;#L`}fRI`dQrkKkRd3_d_JcgobPM$~L}jw|Y>2F+$Y7#Y05G<68jQ30Nm)(M zEd$GRo6U5NO`>}(dTSY~K!<|bJ!d3@krYN7Se3(`nhz`_)RC@S981*XQ3}@Z!dMCr zG%LLiB$1IwhELreUE#FQJo{{w)X~z#7IMr0f+5-6eILfmbMlE%N_-F{($!S*#D&g* z3!2v&L&oSkpJ?+l^NYY;q|R%3%#5%zgd|D<;GU--Rgpbh;#E#7h(AX!gOIX*w_)gl zU~LozrS)2(0INLm9eDN39gW4S$W0(5W+QM`=r$QEBJ(B!gRlq3p1H5gc$HX?UTaWv zZw4)pt|Ud%;PpnTA$)u0?nZ8<@Y2W-z|xcslY1y z`P!+ZG^(JsG~#VM4iBHX)2u-KX5OkS0@GHOKv!)5g2zVlV)IEj`ON*!9=$^9$}xH^ zV(?Nix}7PSLV@nZsfVAuih90Y+WKu2q3rt2iHF2vWCSWw)KS(yKIT6M_J8!^Ki;zc0mG*X5Qskj0Foq4Y5)KL literal 2746 zcmV;r3PtrFiwFP!00000|IJxTZyY(2zSplPU=P|IV*mytNCpS(0fYtw`mjFiEE0PY zf@IKL9=S?gRkFMP{UWp8FR9#Z%Y9N7Gaetm2u1``|M|D^;um?;#rU(%7n9laA7elM z+kcIgzsh9#`NnqUZu2mbxAJ+SUv6v%GN~Qh%1>|QL8l*7vBFT0Z!?5K0^);7ZCVY`BN2WDCH)8q2@ zjyLal3kAA(w|UsCVF&At_D`Et>HzMxPn%WO!Fn(K(`ZGHl&ASzr%RFfTz(%t=yZIu z(1&(2UjF{5s?*f~blW8x! z)cGY(TY>w>xn5yruD?D_=DOIpT?xQ}q1j@2$RhJ!Wxcu8>WZOH zPs>BBpKoAKVTj(S&F1?;yZG)&uDu@X?$9h|^QG4N`3muhc37b(M&4|~aim{h^e~$} z?%a?6!yE?>&IavR4My^)^G{DpSx#ot`&rw7FniSO+dHvfuc8zVSzMD&>Ts4?qVdKIrm(QqR8YOBRf#`rGpI zart~hYgl&lvy|DV#|K?%y)l2xoBVwLem3n%+h@I(SWKoL9&|aIc7TJapYQ)Q`=mFf z+xqVxW)GkB$ayck-Hp86h;Lo(^mc^35W#an8p&dz^FAh*0tEZPu?I(cGF|K5_nyZ( zT|CWoF`S?jL3!CglbW`v7dsy&#rPiUnTnqXW89&b@mtZ#!^D zyIHN$@v8iEM)r1Cr4HQfKxqebHz0j;Bv@d}_6c`q;hJMk4kP&z&nE=Zb;)D*ljq|J z*0aUW{<-33uMMreGPL$Iv>%Ux`ths6c};-qmaUht`IT>f#`i95J{IV}-;Ly-$H6G( z*KOrM`QQ1Ij`n`v$-_dgYOMBjJbClxxLIyX`Yr`leYdaHSC1}N*j*cZrl{NVW6c$| z3ye+}n@sQX>}gsT^7j*hp`RZ0gU-jZ&pK}pvoF2=L5|Z|wQZ(srPe=JsE<=&7e{v# z$Mx?akH(Yfcm;LO{>N)A`yXOpf=%h3WvpGb-D(g?^qmCvu*t z7sWsBwib@I7Iw*hEO6k9&&O`K`W#FpM+n+vYGqRGXz@iJFO6G29s4@0msgwL+**eD z;*|40ZVpDGzm;G51GYD=*srj7yu%H)6QbjVLvkYaQkOXz6%Pii9uof9K6I^v!;xqW z|8OMQEMD$ugM&+h(C{+9pxr@u_ARfv9Uoy@t%l>(p&Rj05LTTqbikWV7>)*;wfcIn zxzHkq?Hq>rJRPI=@An4ZzEiJf-n;$9BPmOr-50QQdkIO0*r7iUVR#n?9&p1>XWc_c-s1PJEOZ)={>wySGTtI^w52k-o*~HmD#7r{V|H}-t{SEht_vxqMS>Hqkx~C z%R1|ypUL{Nvim4tU4h%PBV#{^zpULsyd90aHY~+!5sS!Zi?iwgDwb?=iFwSN0BqtE zl20yC!ekR9Gh%PNZPsxso=h;Ru~=WIwBkXajKQRMM$ZOgP%>4@&a-ep)2ITd7YWga zF<=6l0M6+`VH30&Fc}~SIxM+RL=tEUFb0=^E~+;hjjAPX-b9XB3?VsUir!Y_IEI*j z6NCi*f&~enj!Kgj$WsWeWQ~>31*{xpY#~|mf{`dS#tgnFHz6k|PMUK<;Htp@y%F$N z*vag(FU5ejcEy7i@#O!vC^$7t zULcelqASt}IH)3P(W+zXlXYKVFt7ygq%j6;!P#O!)o0(34M)ji%gKhXvuT7%@ZOfF zVx8rFr$~mO#LSue7(+sz&?TgVn9wGKgeKYe?A|3?)09hg)woElW~o*}p&qz%W1>Wu z$R>hBCSgp-U+u-XR)URIyU1l3RWv71V`XKG!{q1ni)!Q0Iolt4w5s8;ve?{iX_4+6|4!8#XD`SaA9LB zy4t6@v){l`4Zd<|5~FbRg+N*mME0Z%>Rf*c@EiF;4aWPJu~^Y6IcUkTMv5)87NqqD zWM%W4xDx>?J{wzntfa1i$*pP?ZX6oNv5U!Zav?dNoJ)?9!*2;db1RUm186m%@hu>T zDdH8ih``uW@|e6$9+EfT)OE|6oi+@yYU92ic`ioKW3DJemIh40rT{6JjKmPtIKzf51jw08@SbV_16-B*TC{TaI(UjUg(}Ed zd@H_qwjPn1vr?OsIA)VVOo6|PcMq-~F-t7LgL74ha;y?f?vJg}F;ikpY!k!x!eC-` z2sSYE^)XV2p+a?4ND3m?0fSHMzB>{%G3Mq%rdrV!El_MTP|%iU3uAxX;P6Udf(AE? zF{FxKV!%o+L{;CaRU-qK_qxtXKK}}@p$2_fy9MmxSzRf5* zs+rC=xF3MC8L%~EC@2tPB@>!AR=`JPhw)mY|BO=?xV6b2#*v2)%lZ*mpwJ79W?JI=$ z(tpJPF#Ts7F#Uf1S~0LqEfP{x&#q}yE!lYX= 0 - /\ view'1 self <= secs_to_nanos'0 (UInt64.to_uint (v_MAX'0 : UInt64.t)) + 999999999 + /\ view'1 self <= secs_to_nanos'0 (UInt64.t'int (v_MAX'0 : UInt64.t)) + 999999999 let rec from_secs'0 (secs:UInt64.t) (return' (ret:t_Duration'0))= any - [ return' (result:t_Duration'0)-> {[%#stime21] view'1 result = secs_to_nanos'0 (UInt64.to_uint secs)} + [ return' (result:t_Duration'0)-> {[%#stime21] view'1 result = secs_to_nanos'0 (UInt64.t'int secs)} (! return' {result}) ] diff --git a/creusot/tests/should_succeed/instant/why3shapes.gz b/creusot/tests/should_succeed/instant/why3shapes.gz index bc211db56ff73f7f669e29a3ebeede7513129c63..82a08dff59d42427bf8fb9e1e07139b3086bfc4c 100644 GIT binary patch literal 686 zcmV;f0#W@RiwFP!00000|BY73j@vK{z56S2OP7nN-9-{0DC%l}Hm5@9&CuBDG(aYs zJt_M4WxOPk$1W!Df#!RppUEd9?>@|`-|pzE*~Oo$?P33ECTAbsCvLTLm#zOZCzcc> zOWdNn2Mg|_t9()A^&#K8{h^u@SI@Wm+FkPR>z{K{r2TJwYlCIiHucGE_ZMtRvpz`N z(iP9ge0O+47PH)a&cB>q+-^=zZh1{)F-2N|lyAPm2R}rJuo984XYXo%o|8eHwkky9 zQf2k6>7XvPfa+-yf0EXB7t%fMKAVOg$w`!AFvWc0}g1V_h+Okaz8)^$_ zKwGq#VK<7ihxoaRWt)u}VuD)A;;l5PAx&7yM>m5QM|g5Kh$~Cw)OHY-$Qa)bg4!}- z84OC&(X4KO;TtlF*TjYpWtQ=HQcL$#N9d39i;pLah_Flsi@+iuL2Xf7qb$==&9081 z(FdiLlcB(!kI=TRJAYs~WVfi#Qp>wzd5!uk9zd4eqUOn^_s9JCP4^7QLE z^zPVeS>Q4kx338oeI)dQTg9~17%RhWR*U8h)|)oY+^+Ihek_H*l5#K2*4-C}%RbUP z6v|_vLf^%NLU|-KWVJ$BAe8k&F~0h1bJ+ViobI$v6hnAGLMfvo+YD)|(b2YAAkYGx zmga`UVqhSKJjA3xOf;6wkhU5fUn54PcQF|EgNZk$^wa=OPjWpQh_Kn zVJr38;rG%JTPYa|m2a|@lK;1r3jD98{I5p+uO|JkLjS9``9JZ`$NF#H{AoxMR?s3X zO5vnu;508;Df}Z9OqLoROEROvP;MwQlo|?#5(B9LZ9o~22801_fEl0$zyL9+(MB0* Ugy9B@3>cF91AiqQBBTfa00it-KmY&$ literal 687 zcmV;g0#N-QiwFP!00000|BY75Zrd;ryz47`bDLhce5+w9KRmKJ@G zxw%`v9Lnwf8ClG7_oe)Le0AF?IlB2JQN$E!1ya8I3U7TMA;L;TzMZ_Q{b@>)I&D>m z#-+;YYty7Iw}9$t%m*@*&6_+;8UVxZ?Wt0fTM(hJqg%AeB3s2wX+d38B5mHL(uUeX z9?)iOChbOX_7LB9HgB_0LrhRhS-h1dmC}Tzd~h>}afC;AgSfI(j%^2FiHza>AgC=P zmO)aI4`y`(q)*5wen&QhD6@>mlbXBdIzoS*UVS`aM1*BBSOgaN2x^Ps8fBS|YPNL* z4c;iXoTLJ`K0@2N?)-t}P+X%vOD*q?(jhZ_@dVeTi_KzNCWwng2xja5y zhTa`}E!Vir+4X(GMIQ-$?-ns_F~lmco7JLug5|1>3%9NOg&#}dZ=~Exi)Hu5;j)i3 z4~6nrsL(etp->(P4Oy*F76@g%P>e7BTJ3j!3db9*6U7itNGN4+WUG|67#wY@1p+P5 zX=yGJOzZ&(w3jMF%=l{&V9O}Pi^S2?(1mLf{ z6pt?VoKY&2&xv?=5=t}iuy$-hg`wO~W+*ij3?&9~1KNNxAPoou+yFB`4S)e+a-)qh V(g?#178x)k`v(im+b*UE0079HODF&U diff --git a/creusot/tests/should_succeed/invariant_moves.coma b/creusot/tests/should_succeed/invariant_moves.coma index 3774eaf0dc..bc1c46ecbe 100644 --- a/creusot/tests/should_succeed/invariant_moves.coma +++ b/creusot/tests/should_succeed/invariant_moves.coma @@ -52,7 +52,7 @@ module M_invariant_moves__test_invariant_move [#"invariant_moves.rs" 5 0 5 43] function view'0 (self : t_Vec'0) : Seq.seq UInt32.t - axiom view'0_spec : forall self : t_Vec'0 . [%#svec2] Seq.length (view'0 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) + axiom view'0_spec : forall self : t_Vec'0 . [%#svec2] Seq.length (view'0 self) <= UInt64.t'int (v_MAX'0 : UInt64.t) function view'1 (self : borrowed (t_Vec'0)) : Seq.seq UInt32.t = [%#smodel3] view'0 self.current diff --git a/creusot/tests/should_succeed/invariant_moves/why3shapes.gz b/creusot/tests/should_succeed/invariant_moves/why3shapes.gz index b2981f6e8f01fad5a6e8b390f3b19b4cec4ab72f..583705f0a6fc9bc4b6cfa53651827c1d7fa51e2b 100644 GIT binary patch literal 175 zcmV;g08sxQiwFP!00000|6Pu;4uUWgMfZM1w<=SiP>9jNrRn0@xRHl_K%*3dro_M3 zXjt4%PVPzWE}=^g6D~C3ytvUHsHDlBgeN#388=*Qu({NvY6Akt6Fks&p@-;j{p>Ob z%=rMZzMQX&EAs218RvOi(X!!ggptr;sGa@Oxha%V1cxcS>hCc^DuA5ZwrHxNvKi!p dmp6$hTgiD*ik9YD=uD@YlQ(MbBUsJ=0066DR&@XX literal 177 zcmV;i08alOiwFP!00000|6Pu;4#FT5MR&e}t=b7FrPb)*LReghTk{Oi5-rpg+xYhy zO&7P5lbe&f$??>|U?)7=aq=p3BiwChQwOuR%V)TxCQ}F;|6RiYkKMo3}cI&;S4cjvY}D diff --git a/creusot/tests/should_succeed/ite_normalize.coma b/creusot/tests/should_succeed/ite_normalize.coma index 493b9c5d46..37a85b697a 100644 --- a/creusot/tests/should_succeed/ite_normalize.coma +++ b/creusot/tests/should_succeed/ite_normalize.coma @@ -485,7 +485,7 @@ module M_ite_normalize__qyi17570407315987535457__simplify [#"ite_normalize.rs" 1 let rec simplify_helper'0 (self:t_Expr'0) (state:t_BTreeMap'0) (return' (ret:t_Expr'0))= {[@expl:simplify_helper requires] [%#site_normalize3] is_normalized'0 self} any - [ return' (result:t_Expr'0)-> {[%#site_normalize4] forall i : UInt64.t . (exists v : bool . Map.get (view'0 state) (UInt64.to_uint i) + [ return' (result:t_Expr'0)-> {[%#site_normalize4] forall i : UInt64.t . (exists v : bool . Map.get (view'0 state) (UInt64.t'int i) = C_Some'0 v) -> does_not_contain'0 result i} {[%#site_normalize5] is_simplified'0 result} (! return' {result}) ] @@ -528,7 +528,7 @@ module M_ite_normalize__qyi17570407315987535457__simplify_helper [#"ite_normaliz let%span site_normalize17 = "ite_normalize.rs" 159 8 165 9 let%span smodel18 = "../../../creusot-contracts/src/model.rs" 88 8 88 22 let%span smodel19 = "../../../creusot-contracts/src/model.rs" 79 8 79 28 - let%span snum20 = "../../../creusot-contracts/src/std/num.rs" 52 28 52 33 + let%span snum20 = "../../../creusot-contracts/src/std/num.rs" 54 32 54 37 let%span smodel21 = "../../../creusot-contracts/src/model.rs" 106 8 106 22 use prelude.prelude.Int @@ -576,7 +576,7 @@ module M_ite_normalize__qyi17570407315987535457__simplify_helper [#"ite_normaliz use prelude.prelude.UInt64 function deep_model'1 (self : UInt64.t) : int = - [%#snum20] UInt64.to_uint self + [%#snum20] UInt64.t'int self function deep_model'0 (self : UInt64.t) : int = [%#smodel19] deep_model'1 self @@ -795,7 +795,7 @@ module M_ite_normalize__qyi17570407315987535457__simplify_helper [#"ite_normaliz | & b1 : bool = any_l () | & c2 : t_Expr'0 = any_l () ] - [ return' (result:t_Expr'0)-> {[@expl:simplify_helper ensures #0] [%#site_normalize3] forall i : UInt64.t . (exists v : bool . Map.get (view'0 state) (UInt64.to_uint i) + [ return' (result:t_Expr'0)-> {[@expl:simplify_helper ensures #0] [%#site_normalize3] forall i : UInt64.t . (exists v : bool . Map.get (view'0 state) (UInt64.t'int i) = C_Some'1 v) -> does_not_contain'0 result i} {[@expl:simplify_helper ensures #1] [%#site_normalize4] is_simplified'0 result} (! return' {result}) ] diff --git a/creusot/tests/should_succeed/ite_normalize/why3session.xml b/creusot/tests/should_succeed/ite_normalize/why3session.xml index 7f7c3315bf..3c15027761 100644 --- a/creusot/tests/should_succeed/ite_normalize/why3session.xml +++ b/creusot/tests/should_succeed/ite_normalize/why3session.xml @@ -35,7 +35,7 @@ - + diff --git a/creusot/tests/should_succeed/ite_normalize/why3shapes.gz b/creusot/tests/should_succeed/ite_normalize/why3shapes.gz index fa5825d7fb437fea5e7b63fc811bef7497496995..8b0344dd1e3cbaa065ed8213d5dba728c9b42207 100644 GIT binary patch literal 964 zcmV;#13Ua5iwFP!00000|D9G%Z{s!)z3W%_w%a`ozsUkQ7=?-WvORRcYd}%du7Si( zV>dpP-ETd~HQpnw5O^XBvMk<{letK*OOoR6#5{BqnK_P?(5>dP<9>Cd>^zkY%M zzCKhN3(VJtW_l3oco#(ATm0ie`0W(LeUqP_PyalWB9u4&&AsDY{O!TV$73GeOS+3; zUC?hYf4u?6_x0DW1r6~9L5aC8FY6hiO5ps}*F>X5_?l|lfBTX5o3R%c7zD<~yc9x4 zF%_5&%n)G}BI7s~;(-eyu0m^~8V}3`u7?pvrnz2MZgsUWS8dFlZTxJT=y_Wc`BWvb zCs1ZfS-62>Qz9@qBl-=lg9+CA=7j1vKI{)KPw{d0Z|>?6!+ia(Jy`XaL~!kJT?`{G zS%13T*c7fTEa)$GdacWpxU9>d3ej;RcZ`agpm*m&1(pTcE;-bGNgF4aB)lY%PW|t6 z%uvc2RW5OON;_rmpuT9dY)I5sLBoO+iMv~SVuq!OEluE;f`oSk3GWE<;xMX@(dtuW zTPy`p?6iv5w9^O`O%NStru|FAO%So*9~PRTWJTBnDK)|rRf+BmEg)ncZbWy`S3poclc-avR8k9&u`qZ@4CHJ0^aQC z>ipvx@e(qZDujsB$IXAl*KV~({Yu!5YakkJJA~LIJDU~ z5uGsTsEQ*OiSwk|p1CeTo4{J8TrYChN~U;=j{0LxQrHXzK;yBYH1^p^&|niJ)908Y zI+-R}83m3Ooe`jfH4wYl*_I2;EEAxUZ91kE@3dBJXSy7F)w3^dyZzfQ z5Wtr~v0*@828(eZSM@`XL2T$x1nD2K;?Kh(c(ef@Oo`gu-w zF|0EB_4UU)aG0;Ye9362UkOx{>oQqQ5S;_3Q(qDd7U@f>P5S!1+pmXSTtEnjLtYMH zqfiGl0WA|&AT~}=ArXXR;tI54s)>Lu2-7cdU|N_};noxzx?)3jwu!TCr00E2;#23u zo(gzm136qq+?Gw0CwIc~0*84WX16rFD4nKjH!I5&Zx3li=M67C4{;xMQWdG+ah zEarm9c3wp|o-{^9BgDtq@%%DzBgAa@hlQp&Sur-rN{ulp&L}x~h;mo*;!)!b%%atB ztKSe7y>LPKK_AE6^UKpN?Iy~)HpN5NH+tU-*(;KeLwZ-u>G;y zpMs=ve;%H*g4doQ6&MOgt>g17`Zr@76q}@5t_+Gz(GtpFz7izqGJWSGch$K$caB(E z?-jT9b2boII{LKNgiO-PNm`zg{%Q#>KX(tbc|!F6y?pzBtS%?^k9&T@xxMT5UJvxX zlb2gFZ}R!+)GS)wc@{lCtQigZ)+fYzH6vQH+oywsn>0(f&@6GCrLV8 zYRytUibs5eMboqnx(<@Ct*{ccw%W$1WhHeZHISpqj>5IFOCVh>9kf`vBr4UQFcvX& zv3Jyiqils}b(7G=7Md2S3bjkJi;Y4p8geura{|>E>!@x7tqpXIG#Fzmh0>}@XvxVg zY8Mkqr#lI*O>LKSjFo8`17Is!7&%poNL-}a)k!o~pd%7&v__~Xp-Q@G$;mAgP)9DB l1Z`A}OA!;qx}|)oCUW{rNI&8Y9})6e{{z6sMrm>l001e_+L-_V diff --git a/creusot/tests/should_succeed/iterators/01_range/why3session.xml b/creusot/tests/should_succeed/iterators/01_range/why3session.xml index 388cf5e18d..134c075e96 100644 --- a/creusot/tests/should_succeed/iterators/01_range/why3session.xml +++ b/creusot/tests/should_succeed/iterators/01_range/why3session.xml @@ -2,47 +2,42 @@ - - - + - - - - + - + - + - + - + - + - + diff --git a/creusot/tests/should_succeed/iterators/01_range/why3shapes.gz b/creusot/tests/should_succeed/iterators/01_range/why3shapes.gz index 71731c2abcdbd612d4704949b9d9eb81c3767fcc..8d968da252b15be8fbc3c486930ca3bfd61e749a 100644 GIT binary patch literal 1102 zcmV-U1hM-ciwFP!00000|D{&jZsRr(efL-7E$s#cco8ouHU->8T^d-VKwI!t7*SN# zs4Y2?lC=H$9ZI$=$+DYt4Ly)E!!u)^Gb4TX;imoqdtcwY_^RHN#g8}g=EL`k<_R{% z%Pp~FbzCgq9^7u9Y|BU7Qp?~|^2^gRY;VaE+y}#I91>ZMA)kF+-;(vn!)=6~Un>ud zuWrfYoU~%-9Um1|_Mnq<%Ep#X!u58l>E>7RMD^ zegaqS_FLchETj&Kekco%00S)dTvfhkg1g=nj~HDRSR>?{0=C_uKgt~*vIx2U2FPe0 z^3;!^!G`D*rCs^D+`jn3?miIrXZ7rtbLntK^y#2Ueuv`GCrRBv)r_OMI!5r2mQ_{0 zV&2_f$FsL2Y#__7fjN5e`XZZ81e>g@ADS}R6wMnz?~b9@{zw<%=rS}74L7@kzZ1NK zCV@Kn*)kzJ7wk60*p9)ULm4!Hw3h$M)CM{F8+?3UanQV$$sX^v!V3QN36}C)Cn%aF ze7uJrF1p{BDvps$VT0!qDxTj^lR;TMhTENP-$HQw}quYKBs6t+4gQWAg<;3tvIu zU&Fj=H)9OQNG7_>j`9DX$| zI1uF^cZ^Y@Ga2XH6OqMIdj~Yi@*7GGB_=l7C?kz9k>Q3JYRE#;TsfW!?XxJ>I?HwD zQ$n>PRAxl9M;SiE(AZFIs4`R^>Rdsd3&}H0S_DkT zu7RYCPz3T)WA!qlBn9debuO3EQ>|K%=o&)qBFz*7776Kn%t=g1oW~?jQ_m%fS_EmB zn7xMF2_QttlxQVl8OI)kQvwvnvYhnoX>~2X$h6GkToC0w%YE!z1$A50k{fr;`5-b#Rkemat`-r|dJszp2 zuwj3ZBJcRLL*f;yb_}1+?{L>w#3=hSyBYW38)uDS+;UqL^|+oru9N$Fyt}ReC<~%ke(&(Vi>{E(QMSV+ zdZhZH|B8pYrWR}ZF}P;@u&`JN3wpIP*YxGQJ+s*>m@HgO4p6ObGtbbPKhJn^UadsX zg9zhv#R8SZ4)3h7+2v$%+uDZ9J+`?8uyE6uHeWu+Sb&8YK@>%`5Z>I<-K=D{z^b>1 zYk}E(wtQYJ#_ZXRZl1jy^0-%TpXl@t@N2?(m@n{!vux&Bkt9ACfPgw@MoJ?XxyUk> z2lRQSI5R0Pp=1d+BIp={lYv3bBk3puMJ-s6-bI!s;5E;rR3wFyexPI^v>};EEe%l0 zOOeDNIrq*5&VoR$IHM>GM+F%MpAFq)$r9ms(3Cj^D&&rw6KGfnA&<%_PD7eX&}b*f zM5$ed3Yd|ov-U000Y9e8m6& diff --git a/creusot/tests/should_succeed/iterators/02_iter_mut.coma b/creusot/tests/should_succeed/iterators/02_iter_mut.coma index 72fded5d15..b895ca10d0 100644 --- a/creusot/tests/should_succeed/iterators/02_iter_mut.coma +++ b/creusot/tests/should_succeed/iterators/02_iter_mut.coma @@ -41,7 +41,7 @@ module M_02_iter_mut__qyi4305820612590367313__produces_refl [#"02_iter_mut.rs" 5 function view'1 (self : slice t_T'0) : Seq.seq t_T'0 axiom view'1_spec : forall self : slice t_T'0 . ([%#sslice8] Seq.length (view'1 self) - <= UInt64.to_uint (v_MAX'0 : UInt64.t)) + <= UInt64.t'int (v_MAX'0 : UInt64.t)) && ([%#sslice9] view'1 self = Slice64.id self) predicate invariant'0 [#"02_iter_mut.rs" 20 4 20 30] (self : t_IterMut'0) = @@ -179,7 +179,7 @@ module M_02_iter_mut__qyi4305820612590367313__produces_trans [#"02_iter_mut.rs" function view'1 (self : slice t_T'0) : Seq.seq t_T'0 axiom view'1_spec : forall self : slice t_T'0 . ([%#sslice12] Seq.length (view'1 self) - <= UInt64.to_uint (v_MAX'0 : UInt64.t)) + <= UInt64.t'int (v_MAX'0 : UInt64.t)) && ([%#sslice13] view'1 self = Slice64.id self) predicate invariant'0 [#"02_iter_mut.rs" 20 4 20 30] (self : t_IterMut'0) = @@ -324,7 +324,7 @@ module M_02_iter_mut__qyi4305820612590367313__next [#"02_iter_mut.rs" 67 4 67 44 function view'0 (self : slice t_T'0) : Seq.seq t_T'0 axiom view'0_spec : forall self : slice t_T'0 . ([%#sslice7] Seq.length (view'0 self) - <= UInt64.to_uint (v_MAX'0 : UInt64.t)) + <= UInt64.t'int (v_MAX'0 : UInt64.t)) && ([%#sslice8] view'0 self = Slice64.id self) use seq.Seq @@ -558,7 +558,7 @@ module M_02_iter_mut__qyi7060081090368749043__into_iter [#"02_iter_mut.rs" 74 4 function view'0 (self : slice t_T'0) : Seq.seq t_T'0 axiom view'0_spec : forall self : slice t_T'0 . ([%#sslice4] Seq.length (view'0 self) - <= UInt64.to_uint (v_MAX'0 : UInt64.t)) + <= UInt64.t'int (v_MAX'0 : UInt64.t)) && ([%#sslice5] view'0 self = Slice64.id self) predicate invariant'0 [#"02_iter_mut.rs" 20 4 20 30] (self : t_IterMut'0) = @@ -677,7 +677,7 @@ module M_02_iter_mut__iter_mut [#"02_iter_mut.rs" 82 0 82 55] function view'3 (self : t_Vec'0) : Seq.seq t_T'0 - axiom view'3_spec : forall self : t_Vec'0 . [%#svec13] Seq.length (view'3 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) + axiom view'3_spec : forall self : t_Vec'0 . [%#svec13] Seq.length (view'3 self) <= UInt64.t'int (v_MAX'0 : UInt64.t) use seq.Seq @@ -728,7 +728,7 @@ module M_02_iter_mut__iter_mut [#"02_iter_mut.rs" 82 0 82 55] function view'2 (self : slice t_T'0) : Seq.seq t_T'0 axiom view'2_spec : forall self : slice t_T'0 . ([%#sslice11] Seq.length (view'2 self) - <= UInt64.to_uint (v_MAX'0 : UInt64.t)) + <= UInt64.t'int (v_MAX'0 : UInt64.t)) && ([%#sslice12] view'2 self = Slice64.id self) predicate invariant'1 (self : slice t_T'0) = @@ -942,7 +942,7 @@ module M_02_iter_mut__all_zero [#"02_iter_mut.rs" 88 0 88 35] function view'3 (self : slice UInt64.t) : Seq.seq UInt64.t axiom view'3_spec : forall self : slice UInt64.t . ([%#sslice25] Seq.length (view'3 self) - <= UInt64.to_uint (v_MAX'0 : UInt64.t)) + <= UInt64.t'int (v_MAX'0 : UInt64.t)) && ([%#sslice26] view'3 self = Slice64.id self) predicate invariant'0 [#"02_iter_mut.rs" 20 4 20 30] (self : t_IterMut'0) = @@ -962,7 +962,7 @@ module M_02_iter_mut__all_zero [#"02_iter_mut.rs" 88 0 88 35] function view'0 (self : t_Vec'0) : Seq.seq UInt64.t - axiom view'0_spec : forall self : t_Vec'0 . [%#svec22] Seq.length (view'0 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) + axiom view'0_spec : forall self : t_Vec'0 . [%#svec22] Seq.length (view'0 self) <= UInt64.t'int (v_MAX'0 : UInt64.t) function view'1 (self : borrowed (t_Vec'0)) : Seq.seq UInt64.t = [%#smodel23] view'0 self.current @@ -1134,7 +1134,7 @@ module M_02_iter_mut__all_zero [#"02_iter_mut.rs" 88 0 88 35] [ bb5 = {[@expl:loop invariant #0] [%#s02_iter_mut4] inv'0 it} {[@expl:loop invariant #1] [%#s02_iter_mut3] produces'0 (Snapshot.inner iter_old) (Snapshot.inner produced) it} {[@expl:loop invariant #2] [%#s02_iter_mut2] forall i : int . 0 <= i /\ i < Seq.length (Snapshot.inner produced) - -> UInt64.to_uint (index_logic'0 produced i).final = 0} + -> UInt64.t'int (index_logic'0 produced i).final = 0} (! s0) [ s0 = bb6 ] [ bb6 = s0 [ s0 = {inv'0 it} @@ -1179,7 +1179,7 @@ module M_02_iter_mut__all_zero [#"02_iter_mut.rs" 88 0 88 35] [ return' (result:())-> {[@expl:all_zero ensures #0] [%#s02_iter_mut7] Seq.length (view'0 v.final) = Seq.length (view'1 v)} {[@expl:all_zero ensures #1] [%#s02_iter_mut8] forall i : int . 0 <= i /\ i < Seq.length (view'1 v) - -> UInt64.to_uint (index_logic'1 v.final i) = 0} + -> UInt64.t'int (index_logic'1 v.final i) = 0} (! return' {result}) ] end @@ -1226,7 +1226,7 @@ module M_02_iter_mut__qyi4305820612590367313__produces_trans__refines [#"02_iter function view'1 (self : slice t_T'0) : Seq.seq t_T'0 axiom view'1_spec : forall self : slice t_T'0 . ([%#sslice5] Seq.length (view'1 self) - <= UInt64.to_uint (v_MAX'0 : UInt64.t)) + <= UInt64.t'int (v_MAX'0 : UInt64.t)) && ([%#sslice6] view'1 self = Slice64.id self) function view'0 (self : borrowed (slice t_T'0)) : Seq.seq t_T'0 = @@ -1356,7 +1356,7 @@ module M_02_iter_mut__qyi4305820612590367313__next__refines [#"02_iter_mut.rs" 6 function view'1 (self : slice t_T'0) : Seq.seq t_T'0 axiom view'1_spec : forall self : slice t_T'0 . ([%#sslice8] Seq.length (view'1 self) - <= UInt64.to_uint (v_MAX'0 : UInt64.t)) + <= UInt64.t'int (v_MAX'0 : UInt64.t)) && ([%#sslice9] view'1 self = Slice64.id self) predicate invariant'2 [#"02_iter_mut.rs" 20 4 20 30] (self : t_IterMut'0) = @@ -1531,7 +1531,7 @@ module M_02_iter_mut__qyi4305820612590367313__produces_refl__refines [#"02_iter_ function view'1 (self : slice t_T'0) : Seq.seq t_T'0 axiom view'1_spec : forall self : slice t_T'0 . ([%#sslice6] Seq.length (view'1 self) - <= UInt64.to_uint (v_MAX'0 : UInt64.t)) + <= UInt64.t'int (v_MAX'0 : UInt64.t)) && ([%#sslice7] view'1 self = Slice64.id self) predicate invariant'0 [#"02_iter_mut.rs" 20 4 20 30] (self : t_IterMut'0) = diff --git a/creusot/tests/should_succeed/iterators/02_iter_mut/why3session.xml b/creusot/tests/should_succeed/iterators/02_iter_mut/why3session.xml index 4e6502ebb0..f210ce0897 100644 --- a/creusot/tests/should_succeed/iterators/02_iter_mut/why3session.xml +++ b/creusot/tests/should_succeed/iterators/02_iter_mut/why3session.xml @@ -9,104 +9,104 @@ - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + diff --git a/creusot/tests/should_succeed/iterators/02_iter_mut/why3shapes.gz b/creusot/tests/should_succeed/iterators/02_iter_mut/why3shapes.gz index ac58188b8b4cb5ae93b0c65c5b235dcb775f6dcb..3caae4d07b3c694efcde84962a5388d586ae0ace 100644 GIT binary patch literal 2917 zcmV-r3!3yFiwFP!00000|E*a`j~lrazUx;A$f1+*h5HiN0U8Db3ds19ppcuu;$jO{ zOCCwx_T<;+v8q^`sw8!%2kG`}lg+E|c7Rr`~CX^O#3z&F_b$MN8wT{yv~ zw&Cf=`OiYHCudiW&4FRP8LSr7+NOd+UzRJqqJhJ6hxsd;DzO;pxXNoP)2B*-7hx zr42{ap0@k1Kz-O3nCDp3Z6C%ZD`m zusr|yBP`oHsg)9Y45#Pa8Lm3}MQy_B|7W}1!Ng$x#>O5yIeGe0QeL?!>mNhUyl)E* zT{7OOF|mHi7-Cb%6SDG)Dg*-_&eZGEPl!nb0z0zN+TiIsmaGUDL)(BO6#S`u^K{XTeVN(OOO_I1qGAoI79aW`sTG$0u>top`anB|_ z2b@|QJKMO*p0;!ubg+LvL+(Ydkkaj7ZNJ&m=Ed%w$AW0@Ug$j8 zefq{WYG0N%<>7hnPj3-go0vC@Q*n3JhD}^0ZCvdr*G;ntEnJRFxIj6Gpf)lAMT$)L zA~L0gQDpjjzKADe_*h4BTqHRzl8fjJ9r8uUn`kXLM8?_1lC&pHWW$yEuIu@6I)d5M zQi{oLkv9#cnC&O|D0cJV)3Zzuj;en5TTi?N4(4S2w3J^F+lR$G7(Hvl#n&&`3G3~> zj~e&(M+4mcYJl6sltSIA9Zl8!xd?fwY}ka&m&F!tylzfkraRNFm&o~`nZQ@vV63GD zWK-1)Bs9JEr>P?HR_M7n&K~YGooS}o-W?77mEJsWN)d_{guYbJzL;ZXG+!-u=i z1o=6JuX^t#IKN%=FJ@b5s*+^ge_eU?pv|_)s12NvH`%el`uGhJUvz>bnV}iBQWnz% zL9dH_0j;El?^J{HGQuYi?sl91hT|bOofW`(kmv~Wt@Q5$cWMCxm$LBi6!j79uPWZR zpK%*@euKJ$Pu3Q$d&Q{9(?Of@y)NW ziVI2_%aQ@0U@04xtk&0Ilf;m=I3f6AM_8|JL%yzDC~dYwXVPEZ6}=10O*y36-;UZx zg5lh_`o!X%c7-RpTx#=mTb(Qxf^rrk^Ui4=Ae{J8mcdzx5sMBpzEnmUVYp$28e*_P z3(qZ$!eOVeCoWjTN)IR`B1ES>ErCUkSR^NcIU>9c(xNg_?JWl#Hbxo|V!(oh!Q5bG zFf|ysu)!!PbF4&8h>}I2kXAyIXoE*Fa1|USiF3R`fqV>JOIuQ_99Pl@8K?xMGH@J| zHX;oXhHyieA;3or!G<7%wZRHRC>=|OqNH%r;9PLpN`*;u(0Q{U5QyN!P-UnzR2a$) z1^v`en8b!6L$o1kp#uww6D6bwiXbpjWF&Z@oOhaH2Vxj9RNs~)ebii8Y?<&plqHcR zqKsRNXbjHtC8LHB!|=TVIW0p(JO;)C_1IHQG+d_+K{}?QUovT!FboXKULlrX0W~jy zBPt7a<6M=}k)UKrqZ3RmnXUw?w+I(OP$`(O0ekNe(wceAORE7wnn%9m*l_fA`6a_q z-~i1DQIQgkt&ZBIBT0%qm+97N4{E^T5!PB+fgE8>V^k_9Lxk%tEqGG2z#^y-#0YEz zGF%(3627@K98k**XAAHpdCrZKy#0i8r!LBSlhqFe{5$4E6x>Uj_ZWJ?$zFN4ZDQZvw4glBz z@lh$wP)W4(jD~~@C5_TXRfGElN5T*;B>~KHiyX(LXUI#IycgEWr6xvWqtP4X6A1>@ z7~-V}OiEW;P6>jrYn4Q2%-ksM$jvb(}lwqk?cn2_ynA zECT=3Qs6Q<0|1OF*C zWEF)YRzV1;EWpxQKt;MA;0tICElAw{Bz*pPC z%92;o%74_GjmZz`odpa$j)A6)D?Ek)$%b)(X zaG%`sHvRs96}WAz;L&~jN9=Z`S8@{Q2qp01w}O ztt#<2P=-ph%20__8RS!cN#}g7Z%^mVDgE{Um8!J!hvV_^`(}6evJGy#kLizg`~WUI z9gk^$Zp6l4>h0d`y7{l^xIJ&SF`M6PW1d~RkCiSi9j}<39iY;yNB3!7VssTysnx=L zKOW*!NT&y=j7#6XpZ~1PdUkg8*d5rc%V4!=zHJ&T3~jkn+SRRMGwd{)@vOVBqI=wx z#pc}A&QINi6=iqPtTV847u|FhPTYkPsImf8R-nqpP~`=xyg-$Yp(+YgMS-dqLsb^2 z$^uo{LsefvRgIyl3RG2rs+!#QhYuA(g;XJ1-~4j9_cB22N9=K=*C^p=4zVoo9#&TQ z-w0{WefZ#h5zAU*&mt3UBxk!{;q)IMQ<6P83L>7q1 z8xY|IBD~K<{Iy)v!-p04urYjYAYdl?bY<>|zAQEueeL`-`gBedA1gB(Te^!rb2Iw% zB>MDf92y8Eco0_oXz}^%K5u?G?9&63Nphbz|2lk24^UNzC87{l{b*4}{PD93hi~6^ z>6~JN%!{=FSo(Ct+-bZ2vP5-T8$a8v}0DxC|;4xJ|qY7qJ z7jIA@Tm_sN2Arr&31?Hn*-Sur1733#FQ>D+YF;BaTlKmxS9Pz=w;%J@*}_I$^fk%- zM)9KwZ$nyjVbWFcHnH{|+ibS`eL7w?J`$_9`*v84oZ`c`UtiO1&Utmd=2O7M+5MU} z_4ar==Y209^7O;<{O9+y?C+#ql-x0$o_6QO=RPo67dHQ&-FEi?{9SaRqT`_wSon%<+||2?&E=N@jRh3vz(XN7#X zZ_NpFI)jTGCxiy01+5(=ySLC)$g{zjD$WD;oK6&?_p+r6*X)WlG!Ycm=E^vr|-K2Z?JON!Pn~1BD zny`YBM4(Sitjb_*pAx6{dX<_!pRW=MjUVi&WJW5Pk**RnRQx*W&9s-IlDC^n>d%_R z#$VdoZs(^ZNmMeom2$RY6kSs(Z}ya8lD@_G{aNK#N8LXDt!EwtM{}xuUn)Sc&^QPo*?vj;dZ;tf79_$TF(Yz15jK9`)e6q2wv6= zFk=kI$7s*!{%DeZ|7X2TySRbN$!7^hxIAXG;`yZA_}-}a@L>wL{w8{}Elg(P;tusY zqUN4WWN-fR%fLywvG4q|8ct56NL3_O!@nQz-%v#`Kql#mOdDflZu?@YRDKA|zeUVl zO54W1W~Cxt-r|YhV4MXI73qdbl3tHop|dO2?o&l#FxwW?+fdGQmqB}O2Gd5Plw}6P zx;$;Fr%E@;yu9c%WLOLj-EF)L{q@a!QxR6gE1LcNqaqymm1W7nvk-~G&8U!Xnl-)d zw{_L_Qcw9R!u5+_s|YGaooi_XsfwU@mR9SRfs@Tp&rt}kwuEMN2kKh}!&tW;cB2fI zZLz!X+|eT4|B%!_7>wtpG!*4Mjf==~g>;K`&r%i(FQcg;GV)9-rzzGx=@7t2l|u4q zsjafo3d=3CWYNMR)XoqCl2{w!WOyW#C`9c!F(zTDt(mB}AcA8FQ7~=-(?Y8drI5ze zq>_+JZBbej7P&=cku0J`u&_wRNW}!!QPkW(kcf=Dls*xXl9)B88%*d@^hyU6qd}H@ z9fVRUBw-Q=5KC=IS(287C2omXB1>oqEE>T284#1407ZoMGY!(^oS7i83kFU zEmM|B%YO zH(KiC5xA~(VpJPf$0cW$ljV4?!CI#1Az~6tdr8PhYc05!y!JW?zvRktX}PeRzriez z-a98)Eh$C9RGY|>^g8(vnIv3t(-_o0Vmx6$4UtLh&_~WWDrG>|wU#0HqV(n`gW2z}6UDwRVI`G=n5@4yN)xv6SHG8vh%{>#sgy4Zoh!SL^8lBU~ z6XTTcR4c2E)y?1yu2mdsU5ltuCKZ)Isl8U@l_Qm~UK+9nt$`o3?;()k!3gcZXysE( z#I;Zolo7~N&I<;t5!P^P*pDw{QmmC1nt>qWM2gZOPl_CpVUpELqpeZa$oE-}v=H7H zCnyjTOfn~vM1h(Tir~T$A(tGm#^n2c$CVX1S7RMbkPxKiF}dI|MM<2*-OlYU14z)CqM}dYVK;g9}Fv w;|W1o1erbj{u^+~Gc-y&&XK9a0kJk2RSbpqUNm`BzsE}d1L%j4pLr_)0Fi9H;Q#;t diff --git a/creusot/tests/should_succeed/iterators/03_std_iterators.coma b/creusot/tests/should_succeed/iterators/03_std_iterators.coma index 6a12a47433..23b786b0b6 100644 --- a/creusot/tests/should_succeed/iterators/03_std_iterators.coma +++ b/creusot/tests/should_succeed/iterators/03_std_iterators.coma @@ -58,7 +58,7 @@ module M_03_std_iterators__slice_iter [#"03_std_iterators.rs" 6 0 6 42] function view'2 (self : slice t_T'0) : Seq.seq t_T'0 axiom view'2_spec : forall self : slice t_T'0 . ([%#sslice27] Seq.length (view'2 self) - <= UInt64.to_uint (v_MAX'0 : UInt64.t)) + <= UInt64.t'int (v_MAX'0 : UInt64.t)) && ([%#sslice28] view'2 self = Slice64.id self) use seq.Seq @@ -261,7 +261,7 @@ module M_03_std_iterators__slice_iter [#"03_std_iterators.rs" 6 0 6 42] [ bb5 = {[@expl:for invariant] [%#s03_std_iterators4] inv'1 (Snapshot.inner produced)} {[@expl:for invariant] [%#s03_std_iterators4] inv'0 iter} {[@expl:for invariant] [%#s03_std_iterators4] produces'0 (Snapshot.inner iter_old) (Snapshot.inner produced) iter} - {[@expl:loop invariant] [%#s03_std_iterators3] UInt64.to_uint i = Seq.length (Snapshot.inner produced)} + {[@expl:loop invariant] [%#s03_std_iterators3] UInt64.t'int i = Seq.length (Snapshot.inner produced)} (! s0) [ s0 = bb6 ] [ bb6 = s0 [ s0 = Borrow.borrow_mut {iter} @@ -306,7 +306,7 @@ module M_03_std_iterators__slice_iter [#"03_std_iterators.rs" 6 0 6 42] | & __creusot_proc_iter_elem : t_T'0 = any_l () | & _23 : Snapshot.snap_ty (Seq.seq t_T'0) = any_l () ] - [ return' (result:UInt64.t)-> {[@expl:slice_iter ensures] [%#s03_std_iterators9] UInt64.to_uint result + [ return' (result:UInt64.t)-> {[@expl:slice_iter ensures] [%#s03_std_iterators9] UInt64.t'int result = Seq.length (view'0 slice)} (! return' {result}) ] @@ -383,7 +383,7 @@ module M_03_std_iterators__vec_iter [#"03_std_iterators.rs" 17 0 17 41] function view'2 (self : t_Vec'0) : Seq.seq t_T'0 - axiom view'2_spec : forall self : t_Vec'0 . [%#svec26] Seq.length (view'2 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) + axiom view'2_spec : forall self : t_Vec'0 . [%#svec26] Seq.length (view'2 self) <= UInt64.t'int (v_MAX'0 : UInt64.t) use seq.Seq @@ -435,7 +435,7 @@ module M_03_std_iterators__vec_iter [#"03_std_iterators.rs" 17 0 17 41] function view'5 (self : slice t_T'0) : Seq.seq t_T'0 axiom view'5_spec : forall self : slice t_T'0 . ([%#sslice30] Seq.length (view'5 self) - <= UInt64.to_uint (v_MAX'0 : UInt64.t)) + <= UInt64.t'int (v_MAX'0 : UInt64.t)) && ([%#sslice31] view'5 self = Slice64.id self) function view'3 (self : slice t_T'0) : Seq.seq t_T'0 = @@ -589,7 +589,7 @@ module M_03_std_iterators__vec_iter [#"03_std_iterators.rs" 17 0 17 41] [ bb4 = {[@expl:for invariant] [%#s03_std_iterators4] inv'1 (Snapshot.inner produced)} {[@expl:for invariant] [%#s03_std_iterators4] inv'0 iter} {[@expl:for invariant] [%#s03_std_iterators4] produces'0 (Snapshot.inner iter_old) (Snapshot.inner produced) iter} - {[@expl:loop invariant] [%#s03_std_iterators3] UInt64.to_uint i = Seq.length (Snapshot.inner produced)} + {[@expl:loop invariant] [%#s03_std_iterators3] UInt64.t'int i = Seq.length (Snapshot.inner produced)} (! s0) [ s0 = bb5 ] [ bb5 = s0 [ s0 = Borrow.borrow_mut {iter} @@ -633,7 +633,7 @@ module M_03_std_iterators__vec_iter [#"03_std_iterators.rs" 17 0 17 41] | & __creusot_proc_iter_elem : t_T'0 = any_l () | & _22 : Snapshot.snap_ty (Seq.seq t_T'0) = any_l () ] - [ return' (result:UInt64.t)-> {[@expl:vec_iter ensures] [%#s03_std_iterators9] UInt64.to_uint result + [ return' (result:UInt64.t)-> {[@expl:vec_iter ensures] [%#s03_std_iterators9] UInt64.t'int result = Seq.length (view'0 vec)} (! return' {result}) ] @@ -725,7 +725,7 @@ module M_03_std_iterators__all_zero [#"03_std_iterators.rs" 28 0 28 35] function view'3 (self : slice UInt64.t) : Seq.seq UInt64.t axiom view'3_spec : forall self : slice UInt64.t . ([%#sslice18] Seq.length (view'3 self) - <= UInt64.to_uint (v_MAX'0 : UInt64.t)) + <= UInt64.t'int (v_MAX'0 : UInt64.t)) && ([%#sslice19] view'3 self = Slice64.id self) function view'2 (self : borrowed (slice UInt64.t)) : Seq.seq UInt64.t = @@ -733,7 +733,7 @@ module M_03_std_iterators__all_zero [#"03_std_iterators.rs" 28 0 28 35] function view'0 (self : t_Vec'0) : Seq.seq UInt64.t - axiom view'0_spec : forall self : t_Vec'0 . [%#svec15] Seq.length (view'0 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) + axiom view'0_spec : forall self : t_Vec'0 . [%#svec15] Seq.length (view'0 self) <= UInt64.t'int (v_MAX'0 : UInt64.t) function view'1 (self : borrowed (t_Vec'0)) : Seq.seq UInt64.t = [%#smodel16] view'0 self.current @@ -937,7 +937,7 @@ module M_03_std_iterators__all_zero [#"03_std_iterators.rs" 28 0 28 35] {[@expl:for invariant] [%#s03_std_iterators3] inv'0 iter} {[@expl:for invariant] [%#s03_std_iterators3] produces'0 (Snapshot.inner iter_old) (Snapshot.inner produced) iter} {[@expl:loop invariant] [%#s03_std_iterators2] forall i : int . 0 <= i - /\ i < Seq.length (Snapshot.inner produced) -> UInt64.to_uint (index_logic'0 produced i).final = 0} + /\ i < Seq.length (Snapshot.inner produced) -> UInt64.t'int (index_logic'0 produced i).final = 0} (! s0) [ s0 = bb7 ] [ bb7 = s0 [ s0 = Borrow.borrow_mut {iter} @@ -995,7 +995,7 @@ module M_03_std_iterators__all_zero [#"03_std_iterators.rs" 28 0 28 35] [ return' (result:())-> {[@expl:all_zero ensures #0] [%#s03_std_iterators6] Seq.length (view'0 v.final) = Seq.length (view'1 v)} {[@expl:all_zero ensures #1] [%#s03_std_iterators7] forall i : int . 0 <= i /\ i < Seq.length (view'1 v) - -> UInt64.to_uint (index_logic'1 v.final i) = 0} + -> UInt64.t'int (index_logic'1 v.final i) = 0} (! return' {result}) ] end @@ -1073,12 +1073,12 @@ module M_03_std_iterators__skip_take [#"03_std_iterators.rs" 35 0 35 48] function n'0 (self : t_Take'0) : int - axiom n'0_spec : forall self : t_Take'0 . [%#stake5] n'0 self >= 0 /\ n'0 self <= UInt64.to_uint (v_MAX'0 : UInt64.t) + axiom n'0_spec : forall self : t_Take'0 . [%#stake5] n'0 self >= 0 /\ n'0 self <= UInt64.t'int (v_MAX'0 : UInt64.t) let rec take'0 (self:t_I'0) (n:UInt64.t) (return' (ret:t_Take'0))= {[@expl:take 'self' type invariant] inv'2 self} any [ return' (result:t_Take'0)-> {inv'3 result} - {[%#siter2] iter'0 result = self /\ n'0 result = UInt64.to_uint n} + {[%#siter2] iter'0 result = self /\ n'0 result = UInt64.t'int n} (! return' {result}) ] @@ -1098,12 +1098,12 @@ module M_03_std_iterators__skip_take [#"03_std_iterators.rs" 35 0 35 48] function n'1 (self : t_Skip'0) : int - axiom n'1_spec : forall self : t_Skip'0 . [%#sskip7] n'1 self >= 0 /\ n'1 self <= UInt64.to_uint (v_MAX'0 : UInt64.t) + axiom n'1_spec : forall self : t_Skip'0 . [%#sskip7] n'1 self >= 0 /\ n'1 self <= UInt64.t'int (v_MAX'0 : UInt64.t) let rec skip'0 (self:t_Take'0) (n:UInt64.t) (return' (ret:t_Skip'0))= {[@expl:skip 'self' type invariant] inv'3 self} any [ return' (result:t_Skip'0)-> {inv'0 result} - {[%#siter2] iter'1 result = self /\ n'1 result = UInt64.to_uint n} + {[%#siter2] iter'1 result = self /\ n'1 result = UInt64.t'int n} (! return' {result}) ] @@ -1441,7 +1441,7 @@ module M_03_std_iterators__counter [#"03_std_iterators.rs" 41 0 41 27] function view'4 (self : slice UInt32.t) : Seq.seq UInt32.t axiom view'4_spec : forall self : slice UInt32.t . ([%#sslice31] Seq.length (view'4 self) - <= UInt64.to_uint (v_MAX'0 : UInt64.t)) + <= UInt64.t'int (v_MAX'0 : UInt64.t)) && ([%#sslice32] view'4 self = Slice64.id self) function view'1 (self : slice UInt32.t) : Seq.seq UInt32.t = @@ -1449,7 +1449,7 @@ module M_03_std_iterators__counter [#"03_std_iterators.rs" 41 0 41 27] function view'0 (self : t_Vec'0) : Seq.seq UInt32.t - axiom view'0_spec : forall self : t_Vec'0 . [%#svec17] Seq.length (view'0 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) + axiom view'0_spec : forall self : t_Vec'0 . [%#svec17] Seq.length (view'0 self) <= UInt64.t'int (v_MAX'0 : UInt64.t) function view'2 (self : t_Vec'0) : Seq.seq UInt32.t = [%#smodel18] view'0 self @@ -1546,9 +1546,9 @@ module M_03_std_iterators__counter [#"03_std_iterators.rs" 41 0 41 27] predicate postcondition_once'0 (self : closure0'1) (args : (UInt32.t, Snapshot.snap_ty (Seq.seq UInt32.t))) (result : UInt32.t) = - [%#s03_std_iterators8] let (x, _prod) = args in UInt64.to_uint (self.field_0'0).final - = UInt64.to_uint (self.field_0'0).current + 1 - /\ UInt64.to_uint (self.field_0'0).final = Seq.length (Snapshot.inner _prod) + 1 /\ result = x + [%#s03_std_iterators8] let (x, _prod) = args in UInt64.t'int (self.field_0'0).final + = UInt64.t'int (self.field_0'0).current + 1 + /\ UInt64.t'int (self.field_0'0).final = Seq.length (Snapshot.inner _prod) + 1 /\ result = x predicate resolve'8 (self : borrowed UInt64.t) = [%#sresolve33] self.final = self.current @@ -1565,9 +1565,8 @@ module M_03_std_iterators__counter [#"03_std_iterators.rs" 41 0 41 27] predicate postcondition_mut'0 (self : closure0'1) (args : (UInt32.t, Snapshot.snap_ty (Seq.seq UInt32.t))) (result_state : closure0'1) (result : UInt32.t) = - (let (x, _prod) = args in UInt64.to_uint (result_state.field_0'0).current - = UInt64.to_uint (self.field_0'0).current + 1 - /\ UInt64.to_uint (result_state.field_0'0).current = Seq.length (Snapshot.inner _prod) + 1 /\ result = x) + (let (x, _prod) = args in UInt64.t'int (result_state.field_0'0).current = UInt64.t'int (self.field_0'0).current + 1 + /\ UInt64.t'int (result_state.field_0'0).current = Seq.length (Snapshot.inner _prod) + 1 /\ result = x) /\ unnest'0 self result_state function fn_mut_once'0 (self : closure0'1) (args : (UInt32.t, Snapshot.snap_ty (Seq.seq UInt32.t))) (res : UInt32.t) : () @@ -1591,7 +1590,7 @@ module M_03_std_iterators__counter [#"03_std_iterators.rs" 41 0 41 27] axiom postcondition_mut_unnest'0_spec : forall self : closure0'1, args : (UInt32.t, Snapshot.snap_ty (Seq.seq UInt32.t)), res_state : closure0'1, res : UInt32.t . ([%#sops47] postcondition_mut'0 self args res_state res) -> ([%#sops48] unnest'0 self res_state) - let rec closure0'0 (_1:borrowed closure0'1) (x:UInt32.t) (_prod:Snapshot.snap_ty (Seq.seq UInt32.t)) (return' (ret:UInt32.t))= {[@expl:closure requires] [%#s03_std_iterators7] UInt64.to_uint ((_1.current).field_0'0).current + let rec closure0'0 (_1:borrowed closure0'1) (x:UInt32.t) (_prod:Snapshot.snap_ty (Seq.seq UInt32.t)) (return' (ret:UInt32.t))= {[@expl:closure requires] [%#s03_std_iterators7] UInt64.t'int ((_1.current).field_0'0).current = Seq.length (Snapshot.inner _prod) /\ UInt64.ult ((_1.current).field_0'0).current (v_MAX'0 : UInt64.t)} (! bb0 @@ -1613,9 +1612,9 @@ module M_03_std_iterators__counter [#"03_std_iterators.rs" 41 0 41 27] | & res : UInt32.t = any_l () | & res1 : UInt32.t = any_l () ] - [ return' (result:UInt32.t)-> {[@expl:closure ensures] [%#s03_std_iterators8] UInt64.to_uint ((_1.final).field_0'0).current - = UInt64.to_uint ((_1.current).field_0'0).current + 1 - /\ UInt64.to_uint ((_1.final).field_0'0).current = Seq.length (Snapshot.inner _prod) + 1 /\ result = x} + [ return' (result:UInt32.t)-> {[@expl:closure ensures] [%#s03_std_iterators8] UInt64.t'int ((_1.final).field_0'0).current + = UInt64.t'int ((_1.current).field_0'0).current + 1 + /\ UInt64.t'int ((_1.final).field_0'0).current = Seq.length (Snapshot.inner _prod) + 1 /\ result = x} {[@expl:closure unnest] unnest'0 _1.current _1.final} (! return' {result}) ] @@ -1684,7 +1683,7 @@ module M_03_std_iterators__counter [#"03_std_iterators.rs" 41 0 41 27] use prelude.prelude.Snapshot predicate precondition'0 (self : closure0'1) (args : (UInt32.t, Snapshot.snap_ty (Seq.seq UInt32.t))) = - [%#s03_std_iterators7] let (x, _prod) = args in UInt64.to_uint (self.field_0'0).current + [%#s03_std_iterators7] let (x, _prod) = args in UInt64.t'int (self.field_0'0).current = Seq.length (Snapshot.inner _prod) /\ UInt64.ult (self.field_0'0).current (v_MAX'0 : UInt64.t) @@ -1880,7 +1879,7 @@ module M_03_std_iterators__counter [#"03_std_iterators.rs" 41 0 41 27] | bb5 = s0 [ s0 = {[@expl:assertion] [%#s03_std_iterators2] Seq.(==) (view'0 x) (view'0 v)} s1 | s1 = bb6 ] | bb6 = s0 - [ s0 = {[@expl:assertion] [%#s03_std_iterators3] UInt64.to_uint cnt = Seq.length (view'0 x)} s1 | s1 = bb7 ] + [ s0 = {[@expl:assertion] [%#s03_std_iterators3] UInt64.t'int cnt = Seq.length (view'0 x)} s1 | s1 = bb7 ] | bb7 = bb8 | bb8 = bb9 @@ -1934,7 +1933,7 @@ module M_03_std_iterators__sum_range [#"03_std_iterators.rs" 63 0 63 35] let%span srange33 = "../../../../creusot-contracts/src/std/iter/range.rs" 42 15 42 32 let%span srange34 = "../../../../creusot-contracts/src/std/iter/range.rs" 43 15 43 32 let%span srange35 = "../../../../creusot-contracts/src/std/iter/range.rs" 44 14 44 42 - let%span snum36 = "../../../../creusot-contracts/src/std/num.rs" 21 28 21 33 + let%span snum36 = "../../../../creusot-contracts/src/std/num.rs" 22 28 22 33 let%span srange37 = "../../../../creusot-contracts/src/std/iter/range.rs" 15 12 15 78 let%span sresolve38 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 let%span sord39 = "../../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 @@ -2220,7 +2219,7 @@ module M_03_std_iterators__enumerate_range [#"03_std_iterators.rs" 72 0 72 24] let%span srange33 = "../../../../creusot-contracts/src/std/iter/range.rs" 42 15 42 32 let%span srange34 = "../../../../creusot-contracts/src/std/iter/range.rs" 43 15 43 32 let%span srange35 = "../../../../creusot-contracts/src/std/iter/range.rs" 44 14 44 42 - let%span snum36 = "../../../../creusot-contracts/src/std/num.rs" 52 28 52 33 + let%span snum36 = "../../../../creusot-contracts/src/std/num.rs" 54 32 54 37 let%span sinvariant37 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 use prelude.prelude.Int @@ -2245,7 +2244,7 @@ module M_03_std_iterators__enumerate_range [#"03_std_iterators.rs" 72 0 72 24] use prelude.prelude.UInt64 function deep_model'0 (self : UInt64.t) : int = - [%#snum36] UInt64.to_uint self + [%#snum36] UInt64.t'int self use seq.Seq @@ -2313,7 +2312,7 @@ module M_03_std_iterators__enumerate_range [#"03_std_iterators.rs" 72 0 72 24] {[@expl:enumerate requires #0] [%#siter7] forall i : borrowed (t_Range'0) . inv'4 i /\ completed'0 i -> produces'1 i.current (Seq.empty : Seq.seq UInt64.t) i.final} {[@expl:enumerate requires #1] [%#siter8] forall s : Seq.seq UInt64.t, i : t_Range'0 . inv'5 s - /\ inv'3 i /\ produces'1 self s i -> Seq.length s < UInt64.to_uint v_MAX'0} + /\ inv'3 i /\ produces'1 self s i -> Seq.length s < UInt64.t'int v_MAX'0} any [ return' (result:t_Enumerate'0)-> {inv'0 result} {[%#siter9] iter'0 result = self /\ n'0 result = 0} @@ -2365,7 +2364,7 @@ module M_03_std_iterators__enumerate_range [#"03_std_iterators.rs" 72 0 72 24] /\ produces'1 (iter'0 self) s (iter'0 o) /\ Seq.length visited = Seq.length s /\ (forall i : int . 0 <= i /\ i < Seq.length s - -> UInt64.to_uint (let (a, _) = Seq.get visited i in a) = n'0 self + i + -> UInt64.t'int (let (a, _) = Seq.get visited i in a) = n'0 self + i /\ (let (_, a) = Seq.get visited i in a) = Seq.get s i)) function produces_trans'0 (a : t_Enumerate'0) (ab : Seq.seq (UInt64.t, UInt64.t)) (b : t_Enumerate'0) (bc : Seq.seq (UInt64.t, UInt64.t)) (c : t_Enumerate'0) : () @@ -2582,7 +2581,7 @@ module M_03_std_iterators__my_reverse [#"03_std_iterators.rs" 94 0 94 37] let%span srange57 = "../../../../creusot-contracts/src/std/iter/range.rs" 42 15 42 32 let%span srange58 = "../../../../creusot-contracts/src/std/iter/range.rs" 43 15 43 32 let%span srange59 = "../../../../creusot-contracts/src/std/iter/range.rs" 44 14 44 42 - let%span snum60 = "../../../../creusot-contracts/src/std/num.rs" 52 28 52 33 + let%span snum60 = "../../../../creusot-contracts/src/std/num.rs" 54 32 54 37 let%span srange61 = "../../../../creusot-contracts/src/std/iter/range.rs" 15 12 15 78 let%span sslice62 = "../../../../creusot-contracts/src/std/slice.rs" 18 20 18 30 let%span sinvariant63 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 @@ -2613,7 +2612,7 @@ module M_03_std_iterators__my_reverse [#"03_std_iterators.rs" 94 0 94 37] function view'2 (self : slice t_T'0) : Seq.seq t_T'0 axiom view'2_spec : forall self : slice t_T'0 . ([%#sslice34] Seq.length (view'2 self) - <= UInt64.to_uint (v_MAX'0 : UInt64.t)) + <= UInt64.t'int (v_MAX'0 : UInt64.t)) && ([%#sslice35] view'2 self = Slice64.id self) use seq.Seq @@ -2653,7 +2652,7 @@ module M_03_std_iterators__my_reverse [#"03_std_iterators.rs" 94 0 94 37] let rec len'0 (self:slice t_T'0) (return' (ret:UInt64.t))= {[@expl:len 'self' type invariant] inv'4 self} any - [ return' (result:UInt64.t)-> {[%#sslice19] Seq.length (view'3 self) = UInt64.to_uint result} (! return' {result}) ] + [ return' (result:UInt64.t)-> {[%#sslice19] Seq.length (view'3 self) = UInt64.t'int result} (! return' {result}) ] use prelude.prelude.Snapshot @@ -2770,7 +2769,7 @@ module M_03_std_iterators__my_reverse [#"03_std_iterators.rs" 94 0 94 37] use seq.Seq function deep_model'0 (self : UInt64.t) : int = - [%#snum60] UInt64.to_uint self + [%#snum60] UInt64.t'int self predicate produces'1 (self : t_Range'0) (visited : Seq.seq UInt64.t) (o : t_Range'0) = [%#srange49] self.t_Range__end'0 = o.t_Range__end'0 @@ -2900,10 +2899,10 @@ module M_03_std_iterators__my_reverse [#"03_std_iterators.rs" 94 0 94 37] use seq.Permut let rec swap'0 (self:borrowed (slice t_T'0)) (a:UInt64.t) (b:UInt64.t) (return' (ret:()))= {[@expl:swap 'self' type invariant] inv'3 self} - {[@expl:swap requires #0] [%#sslice29] UInt64.to_uint a < Seq.length (view'0 self)} - {[@expl:swap requires #1] [%#sslice30] UInt64.to_uint b < Seq.length (view'0 self)} + {[@expl:swap requires #0] [%#sslice29] UInt64.t'int a < Seq.length (view'0 self)} + {[@expl:swap requires #1] [%#sslice30] UInt64.t'int b < Seq.length (view'0 self)} any - [ return' (result:())-> {[%#sslice31] Permut.exchange (view'2 self.final) (view'0 self) (UInt64.to_uint a) (UInt64.to_uint b)} + [ return' (result:())-> {[%#sslice31] Permut.exchange (view'2 self.final) (view'0 self) (UInt64.t'int a) (UInt64.t'int b)} (! return' {result}) ] @@ -2911,7 +2910,7 @@ module M_03_std_iterators__my_reverse [#"03_std_iterators.rs" 94 0 94 37] [%#sops32] Seq.get (view'2 self) ix function index_logic'1 [@inline:trivial] (self : slice t_T'0) (ix : UInt64.t) : t_T'0 = - [%#sops33] Seq.get (view'2 self) (UInt64.to_uint ix) + [%#sops33] Seq.get (view'2 self) (UInt64.t'int ix) predicate resolve'3 (self : borrowed (slice t_T'0)) = [%#sresolve51] self.final = self.current @@ -2967,13 +2966,13 @@ module M_03_std_iterators__my_reverse [#"03_std_iterators.rs" 94 0 94 37] {[@expl:for invariant] [%#s03_std_iterators13] inv'1 (Snapshot.inner produced)} {[@expl:for invariant] [%#s03_std_iterators13] inv'0 iter} {[@expl:for invariant] [%#s03_std_iterators13] produces'0 (Snapshot.inner iter_old) (Snapshot.inner produced) iter} - {[@expl:loop invariant #0] [%#s03_std_iterators12] UInt64.to_uint n = Seq.length (view'0 slice)} - {[@expl:loop invariant #1] [%#s03_std_iterators11] equiv_range'0 (view'0 slice) (view'1 old_v) (Seq.length (Snapshot.inner produced)) (UInt64.to_uint n + {[@expl:loop invariant #0] [%#s03_std_iterators12] UInt64.t'int n = Seq.length (view'0 slice)} + {[@expl:loop invariant #1] [%#s03_std_iterators11] equiv_range'0 (view'0 slice) (view'1 old_v) (Seq.length (Snapshot.inner produced)) (UInt64.t'int n - Seq.length (Snapshot.inner produced))} - {[@expl:loop invariant #2] [%#s03_std_iterators10] equiv_reverse_range'0 (view'0 slice) (view'1 old_v) 0 (Seq.length (Snapshot.inner produced)) (UInt64.to_uint n + {[@expl:loop invariant #2] [%#s03_std_iterators10] equiv_reverse_range'0 (view'0 slice) (view'1 old_v) 0 (Seq.length (Snapshot.inner produced)) (UInt64.t'int n - 1)} - {[@expl:loop invariant #3] [%#s03_std_iterators9] equiv_reverse_range'0 (view'0 slice) (view'1 old_v) (UInt64.to_uint n - - Seq.length (Snapshot.inner produced)) (UInt64.to_uint n) (UInt64.to_uint n - 1)} + {[@expl:loop invariant #3] [%#s03_std_iterators9] equiv_reverse_range'0 (view'0 slice) (view'1 old_v) (UInt64.t'int n + - Seq.length (Snapshot.inner produced)) (UInt64.t'int n) (UInt64.t'int n - 1)} (! s0) [ s0 = bb10 ] [ bb10 = s0 [ s0 = Borrow.borrow_mut {iter} @@ -3016,8 +3015,8 @@ module M_03_std_iterators__my_reverse [#"03_std_iterators.rs" 94 0 94 37] | s7 = bb17 ] | bb17 = s0 - [ s0 = {[@expl:assertion] [%#s03_std_iterators16] index_logic'0 (Snapshot.inner old_v).current (UInt64.to_uint n - - UInt64.to_uint j + [ s0 = {[@expl:assertion] [%#s03_std_iterators16] index_logic'0 (Snapshot.inner old_v).current (UInt64.t'int n + - UInt64.t'int j - 1) = index_logic'1 slice.current i} s1 diff --git a/creusot/tests/should_succeed/iterators/03_std_iterators/why3session.xml b/creusot/tests/should_succeed/iterators/03_std_iterators/why3session.xml index 0b1ae587af..907823c130 100644 --- a/creusot/tests/should_succeed/iterators/03_std_iterators/why3session.xml +++ b/creusot/tests/should_succeed/iterators/03_std_iterators/why3session.xml @@ -2,135 +2,133 @@ - - - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + @@ -139,121 +137,115 @@ - + - + - + - - + + - + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - + - - + + - - + + - - + + - - + + - - - - - - - - + + diff --git a/creusot/tests/should_succeed/iterators/03_std_iterators/why3shapes.gz b/creusot/tests/should_succeed/iterators/03_std_iterators/why3shapes.gz index e9e18e4a986960a873e66a0b4ea3397bf6ec18bc..50dd529a886e9c4b693b27f75f13e70343f715ec 100644 GIT binary patch literal 6954 zcmV+_8`b0=iwFP!00000|Lt9Cj~us^{ocP~fc>D|1OfPdEUX1)1^3nfjst9h#(o>H zSS-7d(TqF~$@Z_`bE}H1M_2c>WZ9DC1fH19=jA1N?zxw&vIte!lQKzRihg1-%n}1-BF1oS0TnJK0w-JGsq?X$8JheFd>o+nm@u z_IYflw>d#``7S+%$GhwM)LuWNACPNy7UfO)@%rZOyM63)uEJNy9%ebOPV{7I3zb>8L83_rPUHuirfWgv3nMa>oZn zXr#6!HLW9dT=#VpQrnW6*1-s-uLE(+wxl+%9>c5aZ|`o?3zj=~$oc!-Yvk;9-1e;? zhuxOc=G$+fs8UO^op9UfZ_;DGe?rsjgor#VaDRK7?!#?*2bJ|dc0z@R{q1)*>GAG% zC;8<>FJtwc;Agbm34J;2jGQ{B*%gUQ1?1K^m%^^U#)f(9^c(vzqxyt?yn#AKc}miJ~`$2 zWD5&9)v2H^#(gB*)v$Xov+ee3Wg>ZHu1>E%YGA0VyvjprEF6^-+2N+^4%s<7tUrx{ zm+iz4w^LV##-~Mn#7e%od!VBxsCto*Z!f1+?z^>QrC)ZH(U?<1?zfi%-qDhNb+F8l zGsdn;mF=dJ;=056%{e$ejHY**uwNfwKNTFd`K>Wl62=z1&(Oyf&?gJ@=>mOv0ezxC zpDNHtsRcaR0*|)9qg{hXKZQqE;L#O$bpL|K&ki2DWA-n2{Cwc?1SpDbwU)>y*bMmu zEARl2%M_92JeirPBxd?DV~QZi69g%V+399y6s)yAX#ERU>0r-l3>>>aAbieO5XTL|+fO#_F5n!IwSeTTLKz{T7 zq{1Op^4w8oTF*Ja`xTs-wFNTHPBCFoq`iuNpF;3? zqe0=4&cOR%`C@3H%HdO|uzcQZ#62;^E`UM5gCu!`ysNk{VYY|d32XtYM%7J~#)r;0 zygD%`XpYF_dt^O`>CWp9TWNpLXp~>gu$SAh4NYKLQ+BX9$i9SsK8JAA0jNF&|AHWX z4gN*nb{+o3bQxrCB?|o8t6{f7%Mrq#Bf}7S=&#ovQ7#b^z%&{CUw%R^hbSAVxl_SF<9ymdU%yWgk%SkQ(#& zVhoeTFr~`EXab5z4AikaxlsuJ7TDZYlk$R3V3Qj=4?lRkrh^e6CG zLWzE-*edKwH-TM+`A)qzH7Jn=9=vX~+I3N1cFw6|LTNgS7^3Iu(iDa8uBk2U+|W*T znLS)cd)SV0fs_SwYzYSBOiE20W0ui`O&C!*$%Xlj$0Mqge3&wUEr+!pQp&P_|_O+gb&r;Bz(D@Df! zXSsYew=a;(E`W_{oY%6HkY_5|58>&%$3APXQR(Tet;-2r*Np^-EFgf+~3^}XKg?+@EHB|4~rUiw=s=XXd$0qRC}k) zc1SY*c8lKxK+^_lXs{~*AF6LGp_;Xub%dQy9_L)K%MQln@=ue-dC(3;gSrPP_w znxmo2as0t=k$Pd8JM#}4p;%{yrbT`&)AqJ#-iyixUWrA4r0$j4DYH{{)|1j}nX;?A z5K_6^y_>{ZlrQ&jevG#0!k{%9y>QL9C6#miPK#|x6{`h4JP?pBS@QW#X9u5>C133H zz@)n*5#7h@zlJwgWDR@Dz0>A$#*wwjELEFrN#!oh&aiDs&H1evcrt9=FeOUmmTqUt zHK!S;1ScR*iIOvlXcVoG(K~~V+>CJ=vzDp4$^)O&UGb0_^VFP%8b7R`@uiCI`5(^8 z+f9?OV=rDjq?`7|#p6$J(nXo_X7IUyggBRlM&yhk5`;d8wH)grN8N@-V{g5OHRNty zhc|$Px2FV=$H8|9TmUe~j@qZ&xZaTpsW^CIy4j12g)N3OR7u5}5yCt#NBGARcq)$O z=&Kgd?$ZxXdkl5)Z|oOzy|ZlU2cMb+s_rb$)X@%1TOqq66Z>0?9&P}@Xxw$qR%GR! ztPkn_Z5U+DpvY z)>-SgRM}a%h=E%oXfMZKCB+UxcvQN`0LMSnzwJ6bruv-~r?d_UcUDbxZbzM)h0e{2 z&P~y|Ejl+}Ukzr!>cRigzeuX9kI={E;s~DA{Br$>U%m(Q402@PaqGZC(o8T1>MYS3 z>kH--FZdkEht^_S?#Gc&5VpTFE-ksnbFcD&Tw2lj#@`+|$9m$b zK9EbR`dHhn9!2M-^~j~Ayn_y1e`!7)94>8_y@-mjE-E&J;^qM`v6eab%OwJ)mH}cMi_!QbkYhlSFwPCCtcrh256a$a+P&^cM%0{+^;Y)8Cgg>+S+w^2qbG(|D~; zxhF1>S(H(sQr{>DpAZoIlc-plR< zf-hyK9~4MTMUgXqB7!N%*<86%q5^8W9@-R((B||;DaRhCF~s*9ldhrYn9BK9UEXx| zF`rXgv5WgmBGB`jCP_C<7$>sXFz@>~VYcswsCRi|l~ZRtPJoU6-*Ed~e?t_9V0@9C z9llzaH5id$a-lTdNtb(>`E5ZL3LwKU^Z3+3jv%{}m$lq1lpHbl{%mGMx!e|z(>s^l zU)MX%U*A5xhGHJe&6uBi&OXPReU3N#+3nTrCVvr(;9W3+EJ%NyGcD3P#BJ-pgMPU~Y;7aijge^O{bHFD_p5r{z zKs`y>6|NY*QV1`8bDMrV7Ezd*asENQuUYfHe6;66_dOMhK04=z)9Pvtk}nU)`d!Af z1&(1366Dcx2vZ}8+9d@GfTkO#XMDmPYx(n06-!rG)%gvk3pTVIQ|4q?iN0YmUW&Tjb-2=a) zuZ&&4aBIvwmt7r2n(p@2tv*3h!+u$Pf~MwP;Pmx$c}8OThtw-#JvV0Yrd^4;O#E>( z%f!x8$BY}jp;r7AU1F{8uf789BDL^EM82C-{OJ2PS?W&3Q;YX+6!;?{^|Kaurxfa$ zXH78bbt0?N&*YRkYnKlp3^^!u{%svEcVxU=ku4r|iE_Or%I(_h3q6*<&=dI!Ju&}6 zPvkH3RQ^IwjbG^LUHKS8kB?PMb{EDcu zA*<1eDXHZHGG3laPQEmngt0^kW0f08OYb^MYP`J^s(hrW#%o%kwgC=6rP>Anu#vs2YG zSd7EX1?SU(Q7m;ZOsP25cv;>*XYB2_UZ30V-`7u%XF7%Ih*PM>d%0n&%&+E#b29Vc zx-bCg`|b68ubNryd}Tk1yl!|XOu91g(ji@r&CA${J}yt^$#68Tw~!+8g8{_{4S3${ z=5?MGMV_@S_*pw)=|Vrd3;3x;=g+Kq8SRu>#&E#%3O^ihxx`0?jAw12mHC__`7`U; z+rV}I{Dkk$yY~#esT?}fo1ARHIcWBN3MxRHl8Qf9> z^V~mv|2jSHaVE}M&-vbIA;4;1qZp@q>KAqP zY;~r?PI=f9V)O7W9AgCGtMWvo8({g=$g{@?>TQN%c#Qk)quY2 zztQA>zQG>{q!lTTy$M(i3oi!UNn4%?*i&y|4rN_90GXoQ-Z`rdE*&!x-bbZJjqF zYSlUcg$ov>^wftyWl;%U3084mao6?3@sBAzalPTK7s5$Vhgc^cb>mrGJ6Q`zrIV|v zD~W$(B}FB9C0Qjrgb}V1wi2ciNUMz!wW(R-tVxd50yA+wIoaZ92cv?eZnUhls5GxM ztCX*ltCX!2q`}lwrDUZkXJY=o^fi>z(D zU`fSJk(^YARltAS%9+aP%Bjl9%8APH%CXA&%0juevZk`SvXDkrR#cXMh)h;9r?qHX zlbDsVt{bORtZTs>Gv12}&nwSN@EQuPQGpFX_L3 zOTnbI-U@H6QBYQ^qfE+j(KwJ#>6N+gw(_R(`V+|3FxDEt4i1HmL53#aV3?Z67#pLw zz3{&B?vshvrq+AKW2kHFwni#xl(0s##Bj#ibio<+J_8alKm{W#VxLl8(|YNA6L^SD zYUt7O+Gts~b<2g~67mAun8Ba^lyat4vY40+NGKwU!7^iTV#u6$9Yn%bb&L=)8Azxh z9icRKYG*V*k)+tb!CZmq9--UK1RQ#gnU2UFpoDjZCOqazNk z!a-I57WgBAg?gYzocIw45?K@Br4_1nT=NF@-`fz;MF3_y2C~)-0qe`bSU4yP2WR0R zEnHC^x&d$DATAutg@d|qiFy*208(4871ykV4$+k{b?Z3>YMAp5{h|Sw(EE05nBzPq z;5TR-1BVe76w(JDrE0VSCTb#i=m30+gK&MwAkGWlNLYCw8?I$&or}t-28zc@ zajX-^LUE0bLG-v5A2uW9gp%6Vjdfbu(9oe*fFY&=I7oZJu|GI=2gfGq{{5ZLsmTov%f?6`)Xlo_5E;v5+J;%o9 z*!kSZ4<0CC=U5$J$iY^H6A?DidhV5QMll(Nf#k;-%$TG_fVa`c5JM|#@YFV>#NatJ zbv+DbKiYt*WvazSYk25ro^HsPau%B;S)wBkDB)oK9C*S3C?9oj2VSAEC8CYB0wl=B zB?jk;d8K?39T))6IG~N&oEE=$+#qAZR&03mto0f`37kV1X$|)$!T62inqOu7$P|da zCai5yPcfr~ZFrJ3ckqv}cY*61z|O7xRRw7jz%n@cxnVDu1&B1Y>-WE-KQw?b1Y`M41+;)lbOppUKz0U|LV`h@_q6`Vq4{38z?Tkw8q zc`K7u!L~d$S_f6eonM12l>)P9fq>yiX;f0^p=5nW!m9t$7VjE*XfdXjom>0V2|#v!7T@ zFE|ugvzCEjCLiHLG;~Mc8%XO->^vU>;_8jS`DO3RwzKf$`dTB#^d1L_eP z5arH?5>k97;n&isi8ytl+s{;d)vyL`NE>1+;4uc^nM(%kEKl^=DfT!WMfVv`A;QBp z+S{arYvCNA6ib3b+iJ~mhA#y8CA_WAd>TP9O~Ek*&sD`FYB0SBD+wCGgHR6BK$oD) zpZ`=iODr_tX*j;h^O~s`;8s{(OXnJkO{M7aSN%?=1KMPD!;}O4<*=%pah`0l-qs9m zQyR>P9B`mn8NVH+2!4CdQx}OSc7H#x~ZqvUP2Y zaE$}$vFO^WFLe5bV#RIaOw$Srh7qFyy-2oAFwYHZyW4bO=|bClVN(~dQNhEnW+@s4 zjMKyo!QTU{b(=)*T$9LO}vgnV!MMXN%x zhJ_ZhZ$Sha1{h=vs%gOoG+izC!3c7;{t)W0#!4?9-ZTxI2B%%1>kFa! wfD5_we>l}}rQqn-3X~^Z4J;h{pGRz9nbLp0njq60NH*30KQ$du>b%7 literal 6434 zcmV+-8Qta|iwFP!00000|LuI+jvP0V=zD!d0sGKr*I0lN!Rvu_06~}r8`zzP-9h5K zHF&iP)9RMHTe4@qe!p}Z|L5QKPd~bM>1qEVJw6>C z?*H#z?*HvyckY$@a7aI2VaMDdcI>tL{*}8+_dh)UI1M~M+#c?q-G|%%eEt8g*!9jG z?mxK4gS&sek{$e1eqNalu4`isAUYfXbcffqF$drs4FIyE>)MzDK*t9F?D%zU?4E}{ z)`{!dD4Y2qJr{BxQ@(vlKV7j-cFG;@WBTRx?%{_+7bkXdfBma_H9-;UP+!k~7d{RG)Dc$R9q#Ybqq|Q(yYIdmessv))8YPyyY&2U z-x0i?v19`85H7&&P`n<6qP8wUyID~BU2P+dtpL|$vRnV~{ysi!0^BTk0fiSg?p22~ zKBBpvu>^4?PGB0sa1=N0F+DxpeJH2mA08hceopb~?cY089f}U+%^MdU-oCp_&nd1! zs6$n*#O)y-4HVqzyl3)v$d1T+?(@9*dgzbZt6jet!Z$^ zrofH`r@teYNXc-S5SmE9u}JhVg@Cf&b9%ge_wZD13KsB2;&A>AO*Q?dw)C5s>o?u>n{N6||F3@gy!x%bCI746 zz9#*4Myp|eUTf8bY@xc4wcCvyt1cR=eN;U|DxTr1suHlMEId+KW#C9z)%x^F-?YI}JAG)ny|ilY$`f7cQ#2i_>-q2LR*Xlu zFia~2x46nhBZVTa9l<$8yhIu~PURYWj7nZDjlA7IeoiGX(I(}Ga|IUIC_+@CGUx$U zMo0~ccc!~g&os({YcS3RvLhThwA9PR|F4X|x$F)1t>GUbO&j0~4Ge0+DLa@$Qm;El z;@3t1mWo{VT2!1f0$3FNmJz@KciRZy$_U805l}ayyrNndfh~zF#)kOFRlc$jRGG@J zU$hp~VY`5}H4R>0a4&|dNn#{MoHQx}P2wVn{|NK4ZOFk?QP4#cc5kZ3>z;4_=Kh|p zSb^#~R?P*g=7Q}8P**Hdk^5?!X|M_RSFGbJOYqwLzi}Y2>v1jWq2zFq$ePGzE#R57lxF!g@j5 zH7C4YMmIF&!lq;x73XBQ0@W<=ssoD4_V#^|IO4A-uz6hb{fv@p{2K z4zoMmk*O+x%o%-5x+BwZwyAbW&(to*j^+UvADLJd9z$ooIdx-Sjj+qaMN5~vNV)|% zvT+1@T-6Zuh)8|spfE^nAeQcqnvjudF@5bUtyy%-szPBiuc+PS=Ku0j{x9G1f18c% z)N5B<_waBZ56_2(`|(71Cpy*1zx=cseYg*494-?7{{BAoe!uQry!O*9f9lT6fuUDN z^A7BwL_ZsZl%bNS9CSg&Xz~cMxdk(ORz)-)(p|h|bARKzr9lN1;8MhsFcUEWP8cm0 z?jD}rKPGks<=4WT>AHv+JR9>Ln{yxgKP{95eHnS@hzAqzN38dzZ!s#T_hC8~7R{CfN%wRQ^3Y=|p_Ev9YqWXNnXg+8)z{;Apep(wGb z+4`}gS|KRS;=erK{-=9)Q&imGN_C`OFI*o|)%hTG-CA`@S(JNgt?E2usYrEv+)`;( zOx^M3@bGC%)bYBd(p*@6-a9#5c3gMdEF1~0wmL-*JlYA-509;>Pb|F)QJoyYDu@`p z!7JuI>|%OMd4Khk?()_C`5*7nzHNCoI?|8n>HXbvvkkRl4DsEET`@(crl<*(5owxj zaGl5A-COtW_Hh5<93gaC>x}_vao^iS`Tc#^o`}2DJa?Q6d!w;A0WOUosacYuVP2-g z{q6m`yM!)H0Z1e5G5z%Z@R*+V|H6L7)SZBNaC2@Koq$eY^#=rw&PyktH{OT)!}G!2 z9sXIYOg}l>pcQ&rpVH$8H_}?y`Iuvw<{PT4S7Lc%KW5SyYs16cT?)_V#7B-(ID2{ojNW3Fv;(Q_Szg+1uX< z-U%`1x}LbMR$NybTvv_jx^Z3od9~9n;AcSxeTmP7RALqI}d@bbT}B<^^>EuWJ}sG+Qfd3apuD(ZaO`%La`% zcd2?8sRSU4ZO~BOQ+o2IOm(KrIw{Ti z65#B2AEvF#VI8o|O4ml(7v_~XJXQRI&6M#9w}V#vgLB2d722|r)oOe2Qt=N?6#oh# zL-B9^NTjcMzv`nv*2d1)`AW8_NLg(LLY( zm%IOANau#J;M6vKiy24a}0`36&b zcD$_~a-@8HLADdga}4*Y1&VdGn#TBrxnEdc9%v(D!gWc`ma8|(#*|hWkuSbB7tA#r z`{qTuh>{|*^4vAMgobhn)wxS}(IiWMztYqvZ7aL4w}-be3Hvt$<`}6Td0qBS`jWjD zahyF&kR7QvrAl_ejyF*IX8`KlTbLzEeHoxmz6_uXX6aD2#{%-)TbL!<@`;P=(ELZ^ zA}{&r{>_LvW^w;`=j1a&JsjMYk6*`bPHLJyXRkM3m+(b(ZG5(~Bp z%i;qVRzHBj`T-0sKY+pd0SvDn!0_n<7}2$-(qgJY%Njk%>VEcC?}~Lzc+~ZL$d|J3 z?8!@W%T4vl%_8Ul*2fw!1QCnqsg{73o$dMIVSJ6!T2tTZZ3u`OYlsFSR^f>3$xuVx zZnK!T?3BanmL`qUUr z``hFDv|Ih2a!#RTk=X99Ypi(qa44Uo?fpOY|4fe$Jw(L|{f(<>sd)IXq@=->KqUQ; z9`_F)(qq1R_<5FsuTIw)?Dd9dwIRA_Llf3w8Gd%=YFH=Jo2?tyx59g| z%UnNRaedII)(jWP(Z-H0qW#5F9SrSu65vdN0Q$oDV2{Vi)b3;z;_@jk$~p|M$ks^* zbta84Be~j}Df(ELewb!~)>F&LIG1cUp4U=Ez5Pc$$9=jl^~0y-k{_A6P&JdX@F-f^ zC?D=|ZsXT7(dy{^oN#or^vf70C$Dcs!|}A{9PGgC#e>1c-ug|sL&V+F&+eoJ|9(a3 z`mw>q^Dpw%->>)at0yhD`t1ZwFU*G>i_IBskCaSi#T_D@w*;4>U*IQPvZEKR>_v&bvzFkKceLene8QeyG*zF@ z^3TD&7j4~k=CXXFP_^ww=CTZLV~#H#H`1N`$m@%FRo+34A14eio=MI)RP0^dOUdD# z&PXo55HK^G8Gd;L{@DmSCs;@1Y!mS-xbjI$Uye0@pmN3%Y|wckH%8)uRTtlioXG%h z5W8~5tD|&RKgu|7B?dX0b82jHy*3P;VEwD!m1QfOIBnNTURsn_PHo=y(TFJD`b|Gx zwz_Su86H<3g?G{oX)v>AKf9fwU>sva&J(5pnky!hmr^nwvgCW<7RUlx01M0-tF5xq z3d=27v|!mTdl$S`COF2E6hSyG4Oa|3bKnA&Igl)(MX<;$7z?_e2b2ZbW-9-#gH&WZ zBf*mlDj8%HGf3k&r=*a|RKzWjCA0*Vm_=iSMQu@8loo|Wz7w3hi<%@?%%SrrgiFGB zBOFn7Jw<}7Kr6rsX1TFkTdpjZmJ7?dNsS!t})Rw^r{mBLDHC0U6l7v>p_Lz4o5%3gEN$r%QO0wSo8 z_8P5*&%Z8YO(`c*0fGSr$vBpr2gQKr81h~VtI2BK|NnEZE~Dl#AyZ7nl%0w(K#)<8 zmM)Ppd#$ZjR?9C%0A`3W>Xf`fl)`I+nnQA=WAF;q-Y~1pm!*NbXrhS>Fu7oefgx~0 zdT%Il?c&}DYq&LJ4O#)co`kKY!nF|fEiMTA`0X@2#RqJ3@tF||9nA_^$A2# z;Km6l$Y_z3B&E@^lwa7;1~gfVLCDqOcD`tMo>ojm>ikjwt%qE|4kNp zyABqB74)oJU`}%$bJ8LSW{d`%a>S?sS#Q}u6>mUUKxqMm1>_d6^q~a=3&p?}3lG{t zvF{*vDoKSAxrss~AsJ!zoT)=TM+bg5?;c^l}emEReQ9$^uCXBrFjBv>gE`uQg;H zSaL=f23*S&JU7fahf5IpL@8EFqBAtzLkYYw@b1?Ltx{i;O_ zQ#wJ4WR!*!wGJskDE|}-G9jbi1J@R~vcRPUEBa+NyDLE(|fuh85 zA@NxjQ$_0}NDK{^!RP1!g43R%4?<)b7c-x2!D!G21~LK~0s}%)0_P3t#FNf?4}vTR zv>=N2%s%VlJV(VM0x`*@LunWQaGnJS;!&qw83*_DEzKP_dz#L)-o0R{8`I3k#J^a;H783U6sqK`ot!w317Jr2$30SVoYM>qWRqk zB@PC;W0^Rapko#Y0$HT&BLyJ`?W4egVuSYi3WyFoI4-?1S%p6ERdM71M+WExEI5I?-78(9VQP9a?)uq8-?8Pa5!KydX(AB!OBAcs*6_T(uYqj8c$R0JVJ?f@8bE+#;&ncgE5&KZkL{|@8{&_V`JK{%&;(B8*L znoQJ=g{ajYp(KgncO)?yrqKtA(Ge*|20aQ6j`QMvf!Slx(m=mEndAdw+&QOWY5$dWM(lS$sWEX#jHT)RFGgrqH!vPjY*35!%p-PA%xB>alDRN@U5 zvq(BSXA))29p|V*mf0(=`-~EDvRIr44i-7HNahc;MdBKeYold|j4_6#oCnSb2T}4& zd*sq0FRujt=vxIeK4m6Y5T3gd*Xu+Kb2N~%fj&Wt+*mB8s9di<rO=|h z5^>Dv@<@Wv2nJHSOw8<2ly^PCVj=yT*>+M!D{myDkYvaSm^T`DAfAzX$M-0-#Zut? z=C+!Srq0Q-M(Z28B0bA;av)tjZi|M5K`)>o$MbE zphSzs!}zAQo``9VOsBvD^9Y87LIn&1=BT|Ng6l%^x4HdDB|3K^C`go8$bnKRh%;?8 zA+-wHx61jNeA^%J)Q34?3B(&f 0 /\ (exists s : Seq.seq t_Item'0 . inv'1 s - /\ Seq.length s = UInt64.to_uint self.t_Skip__n'0 + /\ Seq.length s = UInt64.t'int self.t_Skip__n'0 /\ produces'1 self.t_Skip__iter'0 (Seq.(++) s visited) o.t_Skip__iter'0 /\ (forall i : int . 0 <= i /\ i < Seq.length s -> resolve'0 (Seq.get s i))) @@ -192,10 +192,10 @@ module M_04_skip__qyi17349041008065389927__produces_trans [#"04_skip.rs" 61 4 61 predicate produces'0 [#"04_skip.rs" 36 4 36 64] (self : t_Skip'0) (visited : Seq.seq t_Item'0) (o : t_Skip'0) = [%#s04_skip7] visited = (Seq.empty : Seq.seq t_Item'0) /\ self = o - \/ UInt64.to_uint o.t_Skip__n'0 = 0 + \/ UInt64.t'int o.t_Skip__n'0 = 0 /\ Seq.length visited > 0 /\ (exists s : Seq.seq t_Item'0 . inv'1 s - /\ Seq.length s = UInt64.to_uint self.t_Skip__n'0 + /\ Seq.length s = UInt64.t'int self.t_Skip__n'0 /\ produces'1 self.t_Skip__iter'0 (Seq.(++) s visited) o.t_Skip__iter'0 /\ (forall i : int . 0 <= i /\ i < Seq.length s -> resolve'0 (Seq.get s i))) @@ -240,7 +240,7 @@ module M_04_skip__qyi17349041008065389927__next [#"04_skip.rs" 67 4 67 41] (* resolve'1 (Seq.get s i)) /\ completed'1 i /\ i.final = (self.final).t_Skip__iter'0) predicate produces'1 [#"04_skip.rs" 36 4 36 64] (self : t_Skip'0) (visited : Seq.seq t_Item'0) (o : t_Skip'0) = [%#s04_skip21] visited = (Seq.empty : Seq.seq t_Item'0) /\ self = o - \/ UInt64.to_uint o.t_Skip__n'0 = 0 + \/ UInt64.t'int o.t_Skip__n'0 = 0 /\ Seq.length visited > 0 /\ (exists s : Seq.seq t_Item'0 . inv'0 s - /\ Seq.length s = UInt64.to_uint self.t_Skip__n'0 + /\ Seq.length s = UInt64.t'int self.t_Skip__n'0 /\ produces'0 self.t_Skip__iter'0 (Seq.(++) s visited) o.t_Skip__iter'0 /\ (forall i : int . 0 <= i /\ i < Seq.length s -> resolve'1 (Seq.get s i))) @@ -463,12 +463,12 @@ module M_04_skip__qyi17349041008065389927__next [#"04_skip.rs" 67 4 67 41] (* resolve'1 (index_logic'0 skipped i)} - {[@expl:loop invariant #5] [%#s04_skip2] UInt64.to_uint (self.current).t_Skip__n'0 = 0} + {[@expl:loop invariant #5] [%#s04_skip2] UInt64.t'int (self.current).t_Skip__n'0 = 0} (! s0) [ s0 = bb5 ] [ bb5 = s0 [ s0 = {inv'2 (self.current).t_Skip__iter'0} @@ -641,10 +641,10 @@ module M_04_skip__qyi17349041008065389927__next__refines [#"04_skip.rs" 67 4 67 predicate completed'1 [#"common.rs" 11 4 11 36] (self : borrowed t_I'0) predicate completed'0 [#"04_skip.rs" 22 4 22 35] (self : borrowed (t_Skip'0)) = - [%#s04_skip1] UInt64.to_uint (self.final).t_Skip__n'0 = 0 + [%#s04_skip1] UInt64.t'int (self.final).t_Skip__n'0 = 0 /\ (exists s : Seq.seq t_Item'0, i : borrowed t_I'0 . inv'2 s /\ inv'3 i - /\ Seq.length s <= UInt64.to_uint (self.current).t_Skip__n'0 + /\ Seq.length s <= UInt64.t'int (self.current).t_Skip__n'0 /\ produces'1 (self.current).t_Skip__iter'0 s i.current /\ (forall i : int . 0 <= i /\ i < Seq.length s -> resolve'0 (Seq.get s i)) /\ completed'1 i /\ i.final = (self.final).t_Skip__iter'0) @@ -653,10 +653,10 @@ module M_04_skip__qyi17349041008065389927__next__refines [#"04_skip.rs" 67 4 67 predicate produces'0 [#"04_skip.rs" 36 4 36 64] (self : t_Skip'0) (visited : Seq.seq t_Item'0) (o : t_Skip'0) = [%#s04_skip2] visited = (Seq.empty : Seq.seq t_Item'0) /\ self = o - \/ UInt64.to_uint o.t_Skip__n'0 = 0 + \/ UInt64.t'int o.t_Skip__n'0 = 0 /\ Seq.length visited > 0 /\ (exists s : Seq.seq t_Item'0 . inv'2 s - /\ Seq.length s = UInt64.to_uint self.t_Skip__n'0 + /\ Seq.length s = UInt64.t'int self.t_Skip__n'0 /\ produces'1 self.t_Skip__iter'0 (Seq.(++) s visited) o.t_Skip__iter'0 /\ (forall i : int . 0 <= i /\ i < Seq.length s -> resolve'0 (Seq.get s i))) @@ -767,10 +767,10 @@ module M_04_skip__qyi17349041008065389927__produces_refl__refines [#"04_skip.rs" predicate produces'0 [#"04_skip.rs" 36 4 36 64] (self : t_Skip'0) (visited : Seq.seq t_Item'0) (o : t_Skip'0) = [%#s04_skip1] visited = (Seq.empty : Seq.seq t_Item'0) /\ self = o - \/ UInt64.to_uint o.t_Skip__n'0 = 0 + \/ UInt64.t'int o.t_Skip__n'0 = 0 /\ Seq.length visited > 0 /\ (exists s : Seq.seq t_Item'0 . inv'1 s - /\ Seq.length s = UInt64.to_uint self.t_Skip__n'0 + /\ Seq.length s = UInt64.t'int self.t_Skip__n'0 /\ produces'1 self.t_Skip__iter'0 (Seq.(++) s visited) o.t_Skip__iter'0 /\ (forall i : int . 0 <= i /\ i < Seq.length s -> resolve'0 (Seq.get s i))) @@ -858,10 +858,10 @@ module M_04_skip__qyi17349041008065389927__produces_trans__refines [#"04_skip.rs predicate produces'0 [#"04_skip.rs" 36 4 36 64] (self : t_Skip'0) (visited : Seq.seq t_Item'0) (o : t_Skip'0) = [%#s04_skip1] visited = (Seq.empty : Seq.seq t_Item'0) /\ self = o - \/ UInt64.to_uint o.t_Skip__n'0 = 0 + \/ UInt64.t'int o.t_Skip__n'0 = 0 /\ Seq.length visited > 0 /\ (exists s : Seq.seq t_Item'0 . inv'1 s - /\ Seq.length s = UInt64.to_uint self.t_Skip__n'0 + /\ Seq.length s = UInt64.t'int self.t_Skip__n'0 /\ produces'1 self.t_Skip__iter'0 (Seq.(++) s visited) o.t_Skip__iter'0 /\ (forall i : int . 0 <= i /\ i < Seq.length s -> resolve'0 (Seq.get s i))) diff --git a/creusot/tests/should_succeed/iterators/04_skip/why3session.xml b/creusot/tests/should_succeed/iterators/04_skip/why3session.xml index 45e29cd581..2d21e6a575 100644 --- a/creusot/tests/should_succeed/iterators/04_skip/why3session.xml +++ b/creusot/tests/should_succeed/iterators/04_skip/why3session.xml @@ -2,25 +2,24 @@ - - - - + + + - + - + - + @@ -29,7 +28,7 @@ - + @@ -38,89 +37,89 @@ - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - - + + - + - + - + - + - + - + - + - + - + - + - + diff --git a/creusot/tests/should_succeed/iterators/04_skip/why3shapes.gz b/creusot/tests/should_succeed/iterators/04_skip/why3shapes.gz index c0758ec455be9d0f78de4372e9a0612f5db1c3c6..ca7ae792a12e12fafa425ad51b89412c83a8b4b9 100644 GIT binary patch literal 2390 zcmV-c390rUiwFP!00000|HWBLZyPxhzUx;A*n@W`Sb$Z0FD45J0R;LodzeLE4L%bg zw&X~1lKJ;rY<0I$gxJh$+u;7ikc!&^^Dm=X=h;|PzY zMnN7%d>F~u;m&p&KNRxb#_Q;r*FOh|4L(F44@C5bq?0biu^$W)f3*7DJAYoyexk>V z?+2kD#OqVj*Jm8uh+6yCog1bf z3=(mOSlc1i_Ve}tv3w|FJ(RI-%Xo}xfG<6J!F(8v*U&fi&8i7N0NpBF^~u!NQ6)Nk(zz*admfpo3}Z&7~5+bQimi~6PX)xFY>SvXk^UC*?wyzc9i0v74bTWd{ydNA?H&#IKU9v}FaU$tRZI>2x z%4G+I*60opLx<2ufaqAq^sHkl>x_|XdnDT)$#&n}j_aa_mmT0`PvLbL1bcXi0j6Sr zsW^cbVNQ(`BER&glk;KJ!K>>UZ9aTht=Fq>goC@!-3e}Pmiz4Q8c$96$Gp8+q-U=O z(*G&17wx8QZ=H)c+4|3UdX@5Kdo|tub)Tohd3R2!i;8J}bCYuM54V(%YG&fsd9%9x zTH`Qwt$O^p7ykVY$+Tjb*M6D5ojF^Z&B2|;Hm}bfb*HHP?hK4Xle>rQ@e$!QZB1@h ztNXo$>EBr2DfUNev464Nxf7 za+pr+QAPd!K2kL3U%$9;+C7jeW>WrsbG!Puh@^XObaA3uJYyRX^0oiH((-xBv(`JB zpVw^cqFOT@*@-#%>re}0vVcQCZAkBZPG`W=&2*<&J|815MZ{q6@?qg}j=J3!GStnU z%g?2vs7c#(geN@Ot)Xz^ZmiD|>$$z{CQ2Agmiha3dR2wzc~sPM6H`vc?fx9|JYneU z?cmX!$M*%?x2E2w8p_p8hmv*>sbjwHrosPr{gCUT<#}=cJ@>bpkzjE3DVlAax|qdr z9rU#Ulj9iosKQsZ(q?scn&Ye80a}8$=HuGi4M0ih z_5VD#^SIa1v*(Z;h8XOfIotN0-q@9Y@6Mak+cUk|@yOZc_MBim*211)eetsz2%0Vb z+LyTB(=)yA{`g~r(5h|+&iPn2IVO{%w~&6Ur0Vp(pm2C->Cx32<*d7KBRz$lH>yIHNsV&$WNwplZ)PI}8|Fa(O=fo;}v^NLM7Uo|F0paTGVs8V)t# z94;sPcuSXNUVk|Ifnut;d0IIIZ}vDP9Pii@L4)u-CLmX47rE;6xUZA#*-u{>$?egr zUstumFAOc3MjXA1MNiW7HL&!o(tkTW;{Wl2eW}23d`_e5F+yvmUaty(W=bZZY{n3x2wv+#XDGrKDAgtF zz&OwjXe=Fw(RPcVt%=biYF3g#X+c=c3`1$8VAY&;XdG&XG?os9L)wiFVIsBSg<~)x zX>LLWn|vTDO$oTkrtSs?j$6l#6i_ndOl$wzKk;5rq^HWjIL6j`B-OyX2fDwPwIe~JKqT49tZC>qIn%Lo+Q zN8?4xMJjH9voaOd3G-t*nT>(UG1Cbp4>EfrvIgNX7Zy3@sRSq45342i4TQ>^$x|Hy zy+DdaWYPv}Q3#w$?j*iMbB64#luTKcQL#jYqJ?0rK#0gWpGxVZc%gDbV5RdDdZGUAI%%BLPO6t%Au2GU=&Vdp+Iypej@5FEnFS?bs?aHLioM(f5stSC zEYHL!I&0)gtCBdG1T02X9$`*dr;JnDDdm)ON;t)TzzCg!=}c@Hx#u9MEm)&;(S~zm zR^+MXPNUQC3br6B^$DC-Oa8zFMmOe!CV$i12x>5O=DH!_jB zMJZy6fx4Nkz%p79v|{02m^Kl{8SRXE69;s`@5@SMQkyaK%Z9@~_eTY*F&N650 z+qz+h$f%JT8$w9vf%<4jRMwnZuPP*n-ASRvH}^zYx+)aZ(v)OvB;!SJADCi<3axo< z3xtPX;|vPJVzJbS4I`eXivYC~E&^Th=sw_m?I)K1I)9W&P`t`TWnx!Pk371CC11Q& zmii~uMr6e=btw^i6|V@UE*8B(l?b;vn9Qi2O{^Wv%3tl3pgSoQaLjZSFeT8?WzF+SiK{?U2HB-lDO4wWsHBjRXbug$S98XsOv+`&Pz7uK$P5QGw#z6WoQ$z%)<^ddSr2ca4#H)f-STMrz4A zQ~#mM5>=WAR8>52re#D>2W|09JW!EdC0<~C9A&ROy?m6X93%k265w%Dd=n@B2ldTr IAD$!t0Ev^LbN~PV literal 2351 zcmV+~3DEW*iwFP!00000|HW8KkK;HFzWY}g*h6-wuz*NW61A8<1PuhL%UovRYeCPR zpwmfplIofH_X|6=AJv-^O^NT1q~m}7Qt$rok9k*r$=ls>v;I%5>tFs=z4y!Y zml-zT_Yc2+Tt3dk?9<1lX~gI5Kr~`85S4%2ZqifCyBRdn-`zFT=*HYn+3JEL8*0>j zZ^aD6$dQW^we0h!$Nk?859hq7TFP&ie!ZVTV-J4G#x4e8dO|Ku=NFp+TOqK-Qa;3IdqCx z+auNv=k^4#a%^KWwz28jc#3L(&%^YB#Yj!>U;{WnA8;{J)%(4F|M1&pooAwBQUm1Q zKm5M=lxL!8K#oI1jzdIN1EuHhecXI{T;+XE9mbB@CbfxA+ihO&+vDAG{b7~&n{@-m zm*v{84nm{BK2hJRoUbcCcG|I5)S}v7K}XNiO`lTTz)5#w3kZ2A_JmCroPMYs%Azl4 z*-4`{rU%5hA4EWAzVp``%TB15ZOqpZ!~VrZXtQwVS9$$m|Ht`lzu!D8*ZbR5e&+nB>Z*fyvZ!u^e5&Kp zyW5GnuqP}3>$@oYvhu(B<&AicP-;<=@?Q_D&4*>2iHXtWg=%_*SOezX|Jn}b>z3!8 zcMY@?>D`dlw%Acz*i%0bxG?Qr3CnR@9P zMe0wlmgrVzv~@e|g%?~p+$qa79%yrQyk3*-g#0o=wa$O->siaZK250&{AsnXrc3|Y z{CUC9)pvwvCC}d)@VKA`pZq(&j^eX_*E7KXcl(s9v*-I`$_F^L89rWG_|S;c894DA8cd5#BI;SaUaRrL_fc~wtd-VSYWSsFNP_DL!1wCOJj(%H@H-P1Pj zP7->!=l|;RK0cOZUZn>yma}^m8MxDy8(GWsL)bj6)6W0U8_uFgI@!S@Bh4tn4YG}ZA z^Vfch`@?v)i|V)ECID^K9SXIW^3DfLb@qqIJl9d}@v)z9{I_K$@878A{aZJx`96n>c+6!Yf?+N<^4`*#iMF829p!q7IT7SreXvkR|55ykvfwQmq7iIbv{ z*j8NP?TVj^^mUfFn14+-wZ(Z^d4qEP{8TuX==0J@c-0taz|3!ss>@J+OsVJJ{l3_M znf&iJt=jP$LkFcv8iwiIAdKU=`!;Ys^`{q(9Rg$EvXPzY5r}Pl)S?6KN)Y_q#nD8+fWhuo_m=co;K0`EE5~~umI=?T33c@pUl#xsH#1=3oOA464ht?(Q zfE^eI+JSOFQ*olepukF*vI0^fQNSz}VCGm#YtA}khsL3Hs2q|*=@1=4Wj$v$p$)6p zoP$g@Mn*)hr8N;+;{u$tPO_86N$sR^lAM%IqLbjHsED%?ihz_Rh!L}bN#s_>vYCMUPrG1v*he$kYufiqy=%(YNYX=@als9A}ebMTfUg_L8em2!%{QF$QEF=$kQeP&hIB#lZ~&Rzg2 zTPy1nJ7t{G-)<#l^f5;a+9;U{>7p1x1dLIVF}c?0G&n83-GuU#BI@8{P^eN-T!>3S zwnZBQKazv#C2~AR@C`wRPWh%(V z>#h*&*f`d2;y`9hXasAUQnCt!63P2mqP05 ([%#sops50] unnest'0 self res_state) - let rec closure2'0 (_1:borrowed ()) (x:UInt32.t) (_3:Snapshot.snap_ty (Seq.seq UInt32.t)) (return' (ret:UInt32.t))= {[@expl:closure requires] [%#s06_map_precond5] UInt32.to_uint x + let rec closure2'0 (_1:borrowed ()) (x:UInt32.t) (_3:Snapshot.snap_ty (Seq.seq UInt32.t)) (return' (ret:UInt32.t))= {[@expl:closure requires] [%#s06_map_precond5] UInt32.t'int x <= 15} (! bb0 [ bb0 = s0 @@ -2314,8 +2314,8 @@ module M_06_map_precond__increment [#"06_map_precond.rs" 206 0 206 50] | & res : UInt32.t = any_l () | & res1 : UInt32.t = any_l () ] - [ return' (result:UInt32.t)-> {[@expl:closure ensures] [%#s06_map_precond6] UInt32.to_uint result - = UInt32.to_uint x + 1} + [ return' (result:UInt32.t)-> {[@expl:closure ensures] [%#s06_map_precond6] UInt32.t'int result + = UInt32.t'int x + 1} {[@expl:closure unnest] unnest'0 _1.current _1.final} (! return' {result}) ] @@ -2357,7 +2357,7 @@ module M_06_map_precond__increment [#"06_map_precond.rs" 206 0 206 50] use prelude.prelude.Snapshot predicate precondition'0 (self : ()) (args : (UInt32.t, Snapshot.snap_ty (Seq.seq UInt32.t))) = - [%#s06_map_precond5] let (x, _3) = args in UInt32.to_uint x <= 15 + [%#s06_map_precond5] let (x, _3) = args in UInt32.t'int x <= 15 predicate invariant'1 (self : borrowed t_U'0) = [%#sinvariant59] inv'2 self.current /\ inv'2 self.final @@ -2729,8 +2729,8 @@ module M_06_map_precond__counter [#"06_map_precond.rs" 222 0 222 48] predicate postcondition_once'0 (self : closure2'1) (args : (UInt32.t, Snapshot.snap_ty (Seq.seq UInt32.t))) (result : UInt32.t) = - [%#s06_map_precond6] let (x, _prod) = args in UInt64.to_uint (self.field_0'0).final - = UInt64.to_uint (self.field_0'0).current + 1 + [%#s06_map_precond6] let (x, _prod) = args in UInt64.t'int (self.field_0'0).final + = UInt64.t'int (self.field_0'0).current + 1 predicate resolve'4 (self : borrowed UInt64.t) = [%#sresolve24] self.final = self.current @@ -2747,8 +2747,7 @@ module M_06_map_precond__counter [#"06_map_precond.rs" 222 0 222 48] predicate postcondition_mut'0 (self : closure2'1) (args : (UInt32.t, Snapshot.snap_ty (Seq.seq UInt32.t))) (result_state : closure2'1) (result : UInt32.t) = - (let (x, _prod) = args in UInt64.to_uint (result_state.field_0'0).current - = UInt64.to_uint (self.field_0'0).current + 1) + (let (x, _prod) = args in UInt64.t'int (result_state.field_0'0).current = UInt64.t'int (self.field_0'0).current + 1) /\ unnest'0 self result_state function fn_mut_once'0 (self : closure2'1) (args : (UInt32.t, Snapshot.snap_ty (Seq.seq UInt32.t))) (res : UInt32.t) : () @@ -2772,7 +2771,7 @@ module M_06_map_precond__counter [#"06_map_precond.rs" 222 0 222 48] axiom postcondition_mut_unnest'0_spec : forall self : closure2'1, args : (UInt32.t, Snapshot.snap_ty (Seq.seq UInt32.t)), res_state : closure2'1, res : UInt32.t . ([%#sops38] postcondition_mut'0 self args res_state res) -> ([%#sops39] unnest'0 self res_state) - let rec closure2'0 (_1:borrowed closure2'1) (x:UInt32.t) (_prod:Snapshot.snap_ty (Seq.seq UInt32.t)) (return' (ret:UInt32.t))= {[@expl:closure requires] [%#s06_map_precond5] UInt64.to_uint ((_1.current).field_0'0).current + let rec closure2'0 (_1:borrowed closure2'1) (x:UInt32.t) (_prod:Snapshot.snap_ty (Seq.seq UInt32.t)) (return' (ret:UInt32.t))= {[@expl:closure requires] [%#s06_map_precond5] UInt64.t'int ((_1.current).field_0'0).current = Seq.length (Snapshot.inner _prod) /\ UInt64.ult ((_1.current).field_0'0).current (v_MAX'0 : UInt64.t)} (! bb0 @@ -2794,8 +2793,8 @@ module M_06_map_precond__counter [#"06_map_precond.rs" 222 0 222 48] | & res : UInt32.t = any_l () | & res1 : UInt32.t = any_l () ] - [ return' (result:UInt32.t)-> {[@expl:closure ensures] [%#s06_map_precond6] UInt64.to_uint ((_1.final).field_0'0).current - = UInt64.to_uint ((_1.current).field_0'0).current + 1} + [ return' (result:UInt32.t)-> {[@expl:closure ensures] [%#s06_map_precond6] UInt64.t'int ((_1.final).field_0'0).current + = UInt64.t'int ((_1.current).field_0'0).current + 1} {[@expl:closure unnest] unnest'0 _1.current _1.final} (! return' {result}) ] @@ -2837,7 +2836,7 @@ module M_06_map_precond__counter [#"06_map_precond.rs" 222 0 222 48] use prelude.prelude.Snapshot predicate precondition'0 (self : closure2'1) (args : (UInt32.t, Snapshot.snap_ty (Seq.seq UInt32.t))) = - [%#s06_map_precond5] let (x, _prod) = args in UInt64.to_uint (self.field_0'0).current + [%#s06_map_precond5] let (x, _prod) = args in UInt64.t'int (self.field_0'0).current = Seq.length (Snapshot.inner _prod) /\ UInt64.ult (self.field_0'0).current (v_MAX'0 : UInt64.t) @@ -2930,7 +2929,7 @@ module M_06_map_precond__counter [#"06_map_precond.rs" 222 0 222 48] -> (forall next : t_I'0, steps : Seq.seq UInt32.t . produces'0 done'.final steps next -> steps = (Seq.empty : Seq.seq UInt32.t) /\ done'.final = next)} {[@expl:counter requires #1] [%#s06_map_precond3] forall prod : Seq.seq UInt32.t, fin : t_I'0 . inv'3 prod - /\ inv'1 fin /\ produces'0 iter prod fin -> Seq.length prod <= UInt64.to_uint (v_MAX'0 : UInt64.t)} + /\ inv'1 fin /\ produces'0 iter prod fin -> Seq.length prod <= UInt64.t'int (v_MAX'0 : UInt64.t)} (! bb0 [ bb0 = bb1 | bb1 = s0 diff --git a/creusot/tests/should_succeed/iterators/08_collect_extend.coma b/creusot/tests/should_succeed/iterators/08_collect_extend.coma index 8a623cb3dd..01ca49e90f 100644 --- a/creusot/tests/should_succeed/iterators/08_collect_extend.coma +++ b/creusot/tests/should_succeed/iterators/08_collect_extend.coma @@ -89,7 +89,7 @@ module M_08_collect_extend__extend [#"08_collect_extend.rs" 27 0 27 66] function view'2 (self : t_Vec'0) : Seq.seq t_T'0 - axiom view'2_spec : forall self : t_Vec'0 . [%#svec15] Seq.length (view'2 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) + axiom view'2_spec : forall self : t_Vec'0 . [%#svec15] Seq.length (view'2 self) <= UInt64.t'int (v_MAX'0 : UInt64.t) function view'0 (self : borrowed (t_Vec'0)) : Seq.seq t_T'0 = [%#smodel11] view'2 self.current @@ -395,7 +395,7 @@ module M_08_collect_extend__collect [#"08_collect_extend.rs" 46 0 46 52] function view'0 (self : t_Vec'0) : Seq.seq t_Item'0 - axiom view'0_spec : forall self : t_Vec'0 . [%#svec12] Seq.length (view'0 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) + axiom view'0_spec : forall self : t_Vec'0 . [%#svec12] Seq.length (view'0 self) <= UInt64.t'int (v_MAX'0 : UInt64.t) use seq.Seq @@ -717,7 +717,7 @@ module M_08_collect_extend__extend_index [#"08_collect_extend.rs" 57 0 57 51] function view'0 (self : t_Vec'0) : Seq.seq UInt32.t - axiom view'0_spec : forall self : t_Vec'0 . [%#svec7] Seq.length (view'0 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) + axiom view'0_spec : forall self : t_Vec'0 . [%#svec7] Seq.length (view'0 self) <= UInt64.t'int (v_MAX'0 : UInt64.t) function view'4 (self : t_IntoIter'0) : Seq.seq UInt32.t @@ -932,7 +932,7 @@ module M_08_collect_extend__collect_example [#"08_collect_extend.rs" 67 0 67 56] function view'0 (self : t_Vec'0) : Seq.seq UInt32.t - axiom view'0_spec : forall self : t_Vec'0 . [%#svec6] Seq.length (view'0 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) + axiom view'0_spec : forall self : t_Vec'0 . [%#svec6] Seq.length (view'0 self) <= UInt64.t'int (v_MAX'0 : UInt64.t) let rec collect'0 (iter:t_I'0) (return' (ret:t_Vec'0))= {[@expl:collect 'iter' type invariant] [%#s08_collect_extend3] inv'0 iter} any @@ -956,13 +956,13 @@ module M_08_collect_extend__collect_example [#"08_collect_extend.rs" 67 0 67 56] let rec collect_example'0 (iter:t_I'0) (return' (ret:()))= {[@expl:collect_example 'iter' type invariant] [%#s08_collect_extend1] inv'0 iter} {[@expl:collect_example requires] [%#s08_collect_extend2] forall prod : Seq.seq UInt32.t, fin : t_I'0 . inv'0 fin /\ produces'0 iter prod fin - -> (forall i : int . 0 <= i /\ i < Seq.length prod -> UInt32.to_uint (Seq.get prod i) = i)} + -> (forall i : int . 0 <= i /\ i < Seq.length prod -> UInt32.t'int (Seq.get prod i) = i)} (! bb0 [ bb0 = bb1 | bb1 = s0 [ s0 = collect'0 {iter} (fun (_ret':t_Vec'0) -> [ &v <- _ret' ] s1) | s1 = bb2 ] | bb2 = s0 [ s0 = {[@expl:assertion] [%#s08_collect_extend0] forall i : int . 0 <= i /\ i < Seq.length (view'0 v) - -> UInt32.to_uint (index_logic'0 v i) = i} + -> UInt32.t'int (index_logic'0 v i) = i} s1 | s1 = bb3 ] diff --git a/creusot/tests/should_succeed/iterators/08_collect_extend/why3shapes.gz b/creusot/tests/should_succeed/iterators/08_collect_extend/why3shapes.gz index c6f5a792581d4a9cb824d8eee5a1b981dca39051..1816c37b2ef0cef2c5a262be753f3dc79ab4b40f 100644 GIT binary patch delta 1173 zcmV;G1Zw-637ZL!7Jt0mTsR~}Qj7Rt1QDo1b16XdX3#R7HJV7Ntxeju?@$sc%5t(< zplE@;B*W2=91Z{ZM1T5xb^2WB8LeL1+-B{jsh z%R}ATm(8#1-JC2u2z} z4DSQbD1x!D&&Ou>t#T(EW%l~o2%}71rfxa&WEdsOZVm8{dLw$WVzMj{>z z@aWp6HdL(p(!Rg&I;qdNrUCJR4Gbmgp^U+zAIfXhCz0;QV_v0Q1)XBHr@E;wRLEA} zjz?Fw7>`kgs`$R*@|({ll!G#s*NeiG7Au#Yuj4ec2IW!Jd`%+rp-81ww zrA4R*sDJ1r6KCwZx0?%fTPEdxw@)xO*(+Fd(cxy(VR^=3@-Bx-peP9xC7z;5HNDsn zfC$A262;8JJtjkLG0EuRQ%L3mBO^`ob3&3xND>K2E)g<4-oRBJx$3RycLP|YD2o(j zKSEKDj1Q9$gZ~HoMZS?K-(afgx4D*G3@qb26@MutKE|=MM|sj1-(}Spn;`3Ff)u$7 zDgNI>>fd5gd|0G?16d;74gm2KvyU{%aIX?EeKGHdF2-lkHk(81j+^J^)b?LWh%^Gx zl^}*3vF?jDppXOyVcEG(Fe0j!6-6;>ganO{={FXF8X%|v zMm5l&20A%A=1-pYKRo6?Mbbe3<@0$L`%b-sVy&)@co>i}j5lKa)AeLaUW7{1UIaNfeO73&IuRuDY7~fLMtbe)! zqI0dZ)Iw*PYo@6NO%|XyklZoHXtm$vVk=b!dmQD!q@>i(1EoP~5E?QKTm#cUyXkm& z*#dKFC$fAiZLXBasH*aP#jCxr)fT$>RB9?T%{1kj;>I``G{trEMK1Sy08%O9h+r9) n*%p*^B4;@jd@ucUhS@UBsAixUt`3%KsuuqM6qdJW>JI<_jdeRN delta 1173 zcmV;G1Zw-637ZL!7JuAsE*z2~rA2%&f(X>1xfCFJGiaI43QeR`R+9GZJCsCBYzW|*<=%(` zh~`588o4)C=DBSSFQq-tQ8dvMD-w;j zX0sWNg_wQQwtvl=J*=O8*HoHgRhvf*(o_fc_xgH>15?{K4IKBVZR-Z^Q9sa-nNw9i zJld|QH5J>TwBKKN8`Wo8Q-k=#2AY!XSVnKrPvx~4l8E=?A+N%0yizgSQ{9voDrCx+ zwzYMK@ff9P8s1l2e)GkIVpJxT`4G;dkYaXh!W|pB@PA+A<@q*b>XYZ;oKS42da|9# zFF{Y(g=Sk*Hc!u37R-?Jg#Z?ung`qMs>9-en>%$&T!1tZ0t2_i)IyXMW8+}8FQxV2p1!9k z&3!!}4S!BDbB4ZqzqwGiMO5zZ_6f#DdwGkldfe=KFfT|&AKWZ-Fb&PWm%NdhCuB}T>v?8(XlS)DciasUe)Wr3sY zM>y)B@o6?<@P7cnKsYid9L!byKG~9sfkk+yJb%W-=SUWJDUVv?Lt0I-5w!kKm?D=k z#s7Uw{Zmv55A(QhAc>^g10bAY@|h+XZ&o6tFP0tA$G9wzdsS!K-E(v5hHoVV8iD9b z5JFn4`>OLOBp!vq2mYc8?xMPYEL}pj^A}j=FR;w}n7@*u;eAL?&#PnxO5yk`b=Kb} zBY%IoboER=yN!ac8Q_EHAo%$QiOxpsy=DQ?7czUV}0wH06PYScVlZ%^rw25-N$X+|r{g8MpEv_h2OKuYZ83 zOr=UHp%TRvQ&fQ>s{^4Wktr8AH%n4D&^SdDv$MQWEB-Gt8DLMim3aa1OOh(RB4UJoDU$_74C6R<}I& diff --git a/creusot/tests/should_succeed/iterators/12_zip/why3session.xml b/creusot/tests/should_succeed/iterators/12_zip/why3session.xml index 5643e5d69c..3d71c302ee 100644 --- a/creusot/tests/should_succeed/iterators/12_zip/why3session.xml +++ b/creusot/tests/should_succeed/iterators/12_zip/why3session.xml @@ -11,9 +11,6 @@ - - - diff --git a/creusot/tests/should_succeed/iterators/12_zip/why3shapes.gz b/creusot/tests/should_succeed/iterators/12_zip/why3shapes.gz index 44f171d3cea6c2f05ace2e7eeda1be476503cc4f..f0b5823f2abbd762648948bbcc7ab1c9b8f22644 100644 GIT binary patch literal 2564 zcmV+f3j6gRiwFP!00000|GijCZyYxgzR$1FO}p`h#o}|}90rC5oJ%gd=)+zFHpzB` z$dV$--sInJvAfA(k9uS|9>sv6nqral`dF;$fBbau_^ZE9j~8Fl!{hbc?Y}P6#ZUj- zeDK$|UoS<+w&8st2 zd3LD)#B2eGDl15YNdIu{Z=bS^oPr~X+EuERA*E`PA*B4__9nB+2-Dy!8a2o|U?&sl`pf;lm+O;ly6Ba}c1?EzbG zj1pc^!YfMn5lXP41S?AL2qmJTL{yZBBb3OB5?N6q>m>(MZ@FGx^8!;=Vai6BE@4Dr zdLk-2{GTuPH;Ipod&rED;^WPFpMTeVTmSy&FkQ3;wNw1Bt~_0oKC5qj zhZbaIp`Qd7zr(?+#w}R*)i}0T;B~?G#Wmkk7?-X==1jh2GCN0%x^s4pvy;yG(T3LB zQ{MT}sMg(5jY1(R$Dcmr-MjIeqeyK}nwRAPj#IFmLqe+*cFH*&*#xF;%KX9@wGv|t zQVnl8p@a%{+d~=-#y*o?$V>(vZ`#f|KVraP%gHcx%TS*oKKw*{M#gj*$H1((It7L| zfmw~;$%xd#z$?|n;NuHHcqK@hXr1sL8}CPFaiXR|_CEhU;WjSZegO!Fn2=cYx8$5w zUviYa(ow2hufGOk-G#|f_FcelipYwiwS1CTb(9rH!G0_)hA%{4h_F8$16&lB7n02v z^=jKxN3lpV&y10x?nI2bKYijw&Q*Mz>>Q$*FLAjdRoK(GV zOJ>GMDWXQV^t1Pj>xEmY6*#cvL7=*&s$25oqL1_y3ptIi$#CA2H!N7w0dv=5%4nlc zj5ex_HY$%cZC8e+C&JPa;iB&px$BWr$JnsdGmgmf(0;bU6rys(vYjpMx-IL+qsi1p z=MHh4PTD2D#$?k_w4dWqCK}W7*pZIXQ-iD`a(C2_&OM{8J)=DuZJ>@eSVtQ?8f`=! zZL*#7Y%`KaZM6Npbg_0-`8xT>>)THxeRrEL(r|t2 zZ>CLE;f#eJJ>0AxUORFw_m$fH@My-$XvPklmq#KSC9Ka39f3QZ()KRL zcHd0oZ13hcGNkP8=4&?pJm*gst)QN=GI{hYD@~1_Hjl#T_VEjCSVUq9lK+EcZv8o2 zr<-`iYUrk!<%F?inQWfte7%fj$Cf7=RXu8g#QvKgqd0Y_ ztLcQVs_hi2SGVlH=cbcbz$lp_TSU#(DuzH4mK#zr~nM} zN~9EfnFbR)GcXM10+_STIPH{^PB?Vjfnyt{RgzrwiV209Ys=9n3lgI214xzk0j_Ke zy+zaa(QC!H8KPA~L_L5`mPwKHxRFF*WiLi12LUm}!Apj!=Y!=uCZmw74J_~FB+MNL z$LSpFz&OwjlmqENY*0xX7)v~8Izfa1G4)XoXkwJs^L&DkE2?b_Qc#RIsY*Rh!pq2_ zuu4ca^nDmNij|EZwBpH2@ZM-Scn!S_ETJ?y_DYU63v_}xv<{6!?NB+C4(SYZ$Q^=1 z^2<7I9M_I3$ED+Iy3nH*gAhH}V7bRWXsZ)rOal)*jmZ@JJi1s!BaKWrB&kzMDjJq# zvI0}|VC<+1&Z8@8pV$z44|V`PFx8_s-VZEz0-f?%mo!dlCuyT}QaFiDawow_GQ&Dy zoX}3F4KlP*StHEQ1B+my(lVeAA(<$>9O1{v1mQF~&7B6PnN!v&;}jXDoRUrnr_d?x z6gWk??S^|{#b7{C+y`kB#XqUuYLF%f)MMzia$0`($ti$fKK51y_>GG>^VaWNlUI1dPb#8Qe~ohXc<+=j0!89#j|N7 zWJsR0F`Q~Jf=Pp?x;GeREtMOT87EddtDKeR)T;+B=t?E8fRU$KGg1j2aTo+oEM~pH zD6-_Rc@qm16`7E41C=0(F0&%4fspJ~-)nE=3|wIF#)fzxg%;Q#yrnb*Lsq0nk1oAK zG}SbaetTQuKu-$ipb`U6F;YDu=xZN=BNxf$pa9FMLHf_%$_#1%dQRD)qGF8+80i6` z7*RF%iVVaY5@7Q0Fh$uYycWqMCZ(b<1Q|u}R8Lc{g|^evqTbR35qdR9Z|G6x8KKmp aSm0KrfpO7Cm`u=T(DZ*frX;W%CjbDJsrbF`0LwUORy*xhM-tYf)p)P*-=jMI5 z-T!_mJYA0jdkoJv|Gj;~ z+o^@i;L$dh?d}YJdp#GiiZp7w8JBNHd~7Cmcq(_pQv1l5^n7t`cUlK}7^_yHu!07? z;DAR@t@NT1odavI$T_|aCb_Pqs%G^Ff)y&vOP2DwVNQ%|6V+Mj2qoB3d%zYRql7w2 zsH23AP{JK0+)=_uC=necqN79{p+t6+$c_@(4>_8C%Juq~H<&_)DU2{(!|3YD6L=y| ze2lQg(gI|SBJ31juXm2yaK$8SHr__hw*F1P#_)g>Md5)q;a#{Z`=6hG2@lw*6`L9r zQ)T~LoL2cPB^dR>T1+;l&R~p?p1lj;}TrYDY?1|A=a7`E)&x?ReocPRz2aEq@LcU zp`{A9*M~A3oP8m^l9?Pl-gG_J{D^^vEoal@*QtJk{Lq>FjEw0pj)^%D>XaB-B<5uP z&Ss=v4AiMb4nBM)39kgnB3oyo=SB2musl)IMfPL;eI{&Ph5Z>I9CG4`dc3XXo<18W zyfRRb|;O z+>T;ZW~z*lVozd>Uc9^;#VT%I3cRfQ__ECrb1yA@I2Ts*q+V6p=t-U|Z7r%^g(WLv zq?9K;hNWM;XQWqQsinYyEe`@cEY-u3A69*2=vb&_d`*Sxp1NVhniR}kk7=WgJ~P^= zHrl8<+AO;=ZaopVmWWqI?zoI1t@TfN|jIuGq;FH9pkN37e~)~?&Oemt5?ZFKDr z$LVCbM5mZA4Mn>-A8n#BOCB8AXgxK`E+V%_4e8u7+TJtTqtOQYXv2N9;iJ(;^wFmJ zInOpDdDKSR-&z-Ix1E}cT)ULRjo5A|?>#|lz6rLS+Pr@b?{9v(-q4r^IJPZ zd^kgVbcX5++{Qz~ZKs<0`k1x(u(vby49x@Vc*wQ~auE%6u4>Vc_axhqCAsa?(xv*) z%*sW5P!8n!sv*;^8Zz5XEoGFa`GP>{X}%#wa(&q_^vi}}dm!8NG<~y}9-8H2IUTpv z@^HJKNEzb&$zRy$-LeFQXX%gZ*FsaUhBWQlyI{ze>`7Y)*qJ_&woCY zi|+GeLWRfj^y%(-v%DPeo9&*sTJWr*!#%?|YVBvTITzl|RM*?m`ohr>xTBV3?{e(- z-9*m*ZjLkaSf1|hey{Gojs6Lv9n@1*rifltWpPJOn@8cYfBN)To>rNdk`(@c%I!ag z+j5t0pr>w{S3EwLcXjo+$pCWGhYIurAFU0_D#F)m7;>1Q2T2ToSLoiwnL1UB&3QMDN zRC4rLuoK|eIyR2AW93*n7LM65IY!6e$T~8Pv?Jw6Iyz;G18Xq|5lN$^z%gm73jk=O zL}e_uptrFFnT<5E@KB^KrKoJ6$YKST9MIU&7QT(GtV4kz$AES~8bC!3CWHY}Fv_Y> zZAs&#c2YShofJ;8ljI~i2~Joij1$@kwP9eJl{LZ)5h0_=O3TC{rDC!Sa)cikr-jq( zG&zk% zL(ZTx@YfAtggB&ZRmd@jR76HFdB}!ULaEb*(atDmS-8q%of0ktcD@wpkma)$Qif@_?;aI7^Aibg9z4; zOlBBT$tY1+#bH=L`uqEm2TDYQssN(OnN#4BbjV0dqS%@ggjyPQ2=u+&7%WAyNvM#m zF^RJk9JNiw1VxFsrUXI$9j+*wMbM&{0#Yg@PBM!WV$daOq3!gvsPE~5NKp+k7#<2$ dgvtyS$*M8{iI{P6LBD~e{{!TaiiJHV008P``j!9y diff --git a/creusot/tests/should_succeed/iterators/15_enumerate.coma b/creusot/tests/should_succeed/iterators/15_enumerate.coma index a2ef076fec..5714abbf29 100644 --- a/creusot/tests/should_succeed/iterators/15_enumerate.coma +++ b/creusot/tests/should_succeed/iterators/15_enumerate.coma @@ -89,7 +89,7 @@ module M_15_enumerate__qyi17057287782225696128__produces_refl [#"15_enumerate.rs predicate invariant'0 [#"15_enumerate.rs" 79 4 79 30] (self : t_Enumerate'0) = [%#s15_enumerate12] (forall s : Seq.seq t_Item'0, i : t_I'0 [produces'1 self.t_Enumerate__iter'0 s i] . inv'1 s /\ inv'2 i /\ produces'1 self.t_Enumerate__iter'0 s i - -> UInt64.to_uint self.t_Enumerate__count'0 + Seq.length s < UInt64.to_uint v_MAX'0) + -> UInt64.t'int self.t_Enumerate__count'0 + Seq.length s < UInt64.t'int v_MAX'0) /\ (forall i : borrowed t_I'0 . inv'3 i /\ completed'0 i -> produces'1 i.current (Seq.empty : Seq.seq t_Item'0) i.final) @@ -114,13 +114,12 @@ module M_15_enumerate__qyi17057287782225696128__produces_refl [#"15_enumerate.rs predicate produces'0 [#"15_enumerate.rs" 31 4 31 64] (self : t_Enumerate'0) (visited : Seq.seq (UInt64.t, t_Item'0)) (o : t_Enumerate'0) = - [%#s15_enumerate3] Seq.length visited - = UInt64.to_uint o.t_Enumerate__count'0 - UInt64.to_uint self.t_Enumerate__count'0 + [%#s15_enumerate3] Seq.length visited = UInt64.t'int o.t_Enumerate__count'0 - UInt64.t'int self.t_Enumerate__count'0 /\ (exists s : Seq.seq t_Item'0 . inv'1 s /\ produces'1 self.t_Enumerate__iter'0 s o.t_Enumerate__iter'0 /\ Seq.length visited = Seq.length s /\ (forall i : int . 0 <= i /\ i < Seq.length s - -> UInt64.to_uint (let (a, _) = Seq.get visited i in a) = UInt64.to_uint self.t_Enumerate__count'0 + i + -> UInt64.t'int (let (a, _) = Seq.get visited i in a) = UInt64.t'int self.t_Enumerate__count'0 + i /\ (let (_, a) = Seq.get visited i in a) = Seq.get s i)) constant self : t_Enumerate'0 @@ -225,7 +224,7 @@ module M_15_enumerate__qyi17057287782225696128__produces_trans [#"15_enumerate.r predicate invariant'0 [#"15_enumerate.rs" 79 4 79 30] (self : t_Enumerate'0) = [%#s15_enumerate16] (forall s : Seq.seq t_Item'0, i : t_I'0 [produces'1 self.t_Enumerate__iter'0 s i] . inv'1 s /\ inv'2 i /\ produces'1 self.t_Enumerate__iter'0 s i - -> UInt64.to_uint self.t_Enumerate__count'0 + Seq.length s < UInt64.to_uint v_MAX'0) + -> UInt64.t'int self.t_Enumerate__count'0 + Seq.length s < UInt64.t'int v_MAX'0) /\ (forall i : borrowed t_I'0 . inv'3 i /\ completed'0 i -> produces'1 i.current (Seq.empty : Seq.seq t_Item'0) i.final) @@ -248,13 +247,12 @@ module M_15_enumerate__qyi17057287782225696128__produces_trans [#"15_enumerate.r predicate produces'0 [#"15_enumerate.rs" 31 4 31 64] (self : t_Enumerate'0) (visited : Seq.seq (UInt64.t, t_Item'0)) (o : t_Enumerate'0) = - [%#s15_enumerate7] Seq.length visited - = UInt64.to_uint o.t_Enumerate__count'0 - UInt64.to_uint self.t_Enumerate__count'0 + [%#s15_enumerate7] Seq.length visited = UInt64.t'int o.t_Enumerate__count'0 - UInt64.t'int self.t_Enumerate__count'0 /\ (exists s : Seq.seq t_Item'0 . inv'1 s /\ produces'1 self.t_Enumerate__iter'0 s o.t_Enumerate__iter'0 /\ Seq.length visited = Seq.length s /\ (forall i : int . 0 <= i /\ i < Seq.length s - -> UInt64.to_uint (let (a, _) = Seq.get visited i in a) = UInt64.to_uint self.t_Enumerate__count'0 + i + -> UInt64.t'int (let (a, _) = Seq.get visited i in a) = UInt64.t'int self.t_Enumerate__count'0 + i /\ (let (_, a) = Seq.get visited i in a) = Seq.get s i)) use seq.Seq @@ -404,7 +402,7 @@ module M_15_enumerate__qyi17057287782225696128__next [#"15_enumerate.rs" 61 4 61 predicate invariant'3 [#"15_enumerate.rs" 79 4 79 30] (self : t_Enumerate'0) = [%#s15_enumerate20] (forall s : Seq.seq t_Item'0, i : t_I'0 [produces'1 self.t_Enumerate__iter'0 s i] . inv'5 s /\ inv'0 i /\ produces'1 self.t_Enumerate__iter'0 s i - -> UInt64.to_uint self.t_Enumerate__count'0 + Seq.length s < UInt64.to_uint v_MAX'0) + -> UInt64.t'int self.t_Enumerate__count'0 + Seq.length s < UInt64.t'int v_MAX'0) /\ (forall i : borrowed t_I'0 . inv'3 i /\ completed'1 i -> produces'1 i.current (Seq.empty : Seq.seq t_Item'0) i.final) @@ -467,13 +465,12 @@ module M_15_enumerate__qyi17057287782225696128__next [#"15_enumerate.rs" 61 4 61 predicate produces'0 [#"15_enumerate.rs" 31 4 31 64] (self : t_Enumerate'0) (visited : Seq.seq (UInt64.t, t_Item'0)) (o : t_Enumerate'0) = - [%#s15_enumerate8] Seq.length visited - = UInt64.to_uint o.t_Enumerate__count'0 - UInt64.to_uint self.t_Enumerate__count'0 + [%#s15_enumerate8] Seq.length visited = UInt64.t'int o.t_Enumerate__count'0 - UInt64.t'int self.t_Enumerate__count'0 /\ (exists s : Seq.seq t_Item'0 . inv'5 s /\ produces'1 self.t_Enumerate__iter'0 s o.t_Enumerate__iter'0 /\ Seq.length visited = Seq.length s /\ (forall i : int . 0 <= i /\ i < Seq.length s - -> UInt64.to_uint (let (a, _) = Seq.get visited i in a) = UInt64.to_uint self.t_Enumerate__count'0 + i + -> UInt64.t'int (let (a, _) = Seq.get visited i in a) = UInt64.t'int self.t_Enumerate__count'0 + i /\ (let (_, a) = Seq.get visited i in a) = Seq.get s i)) meta "compute_max_steps" 1000000 @@ -623,7 +620,7 @@ module M_15_enumerate__enumerate [#"15_enumerate.rs" 96 0 96 54] predicate invariant'2 [#"15_enumerate.rs" 79 4 79 30] (self : t_Enumerate'0) = [%#s15_enumerate16] (forall s : Seq.seq t_Item'0, i : t_I'0 [produces'0 self.t_Enumerate__iter'0 s i] . inv'2 s /\ inv'0 i /\ produces'0 self.t_Enumerate__iter'0 s i - -> UInt64.to_uint self.t_Enumerate__count'0 + Seq.length s < UInt64.to_uint v_MAX'0) + -> UInt64.t'int self.t_Enumerate__count'0 + Seq.length s < UInt64.t'int v_MAX'0) /\ (forall i : borrowed t_I'0 . inv'1 i /\ completed'0 i -> produces'0 i.current (Seq.empty : Seq.seq t_Item'0) i.final) @@ -641,7 +638,7 @@ module M_15_enumerate__enumerate [#"15_enumerate.rs" 96 0 96 54] {[@expl:enumerate requires #0] [%#s15_enumerate2] forall i : borrowed t_I'0 . inv'1 i /\ completed'0 i -> produces'0 i.current (Seq.empty : Seq.seq t_Item'0) i.final} {[@expl:enumerate requires #1] [%#s15_enumerate3] forall s : Seq.seq t_Item'0, i : t_I'0 . inv'2 s - /\ inv'0 i /\ produces'0 iter s i -> Seq.length s < UInt64.to_uint v_MAX'0} + /\ inv'0 i /\ produces'0 iter s i -> Seq.length s < UInt64.t'int v_MAX'0} (! bb0 [ bb0 = bb1 | bb1 = bb2 @@ -654,7 +651,7 @@ module M_15_enumerate__enumerate [#"15_enumerate.rs" 96 0 96 54] ) [ & _0 : t_Enumerate'0 = any_l () | & iter : t_I'0 = iter ] [ return' (result:t_Enumerate'0)-> {[@expl:enumerate result type invariant] [%#s15_enumerate4] inv'3 result} {[@expl:enumerate ensures] [%#s15_enumerate5] result.t_Enumerate__iter'0 = iter - /\ UInt64.to_uint result.t_Enumerate__count'0 = 0} + /\ UInt64.t'int result.t_Enumerate__count'0 = 0} (! return' {result}) ] end @@ -749,7 +746,7 @@ module M_15_enumerate__qyi17057287782225696128__next__refines [#"15_enumerate.rs predicate invariant'2 [#"15_enumerate.rs" 79 4 79 30] (self : t_Enumerate'0) = [%#s15_enumerate14] (forall s : Seq.seq t_Item'0, i : t_I'0 [produces'1 self.t_Enumerate__iter'0 s i] . inv'2 s /\ inv'5 i /\ produces'1 self.t_Enumerate__iter'0 s i - -> UInt64.to_uint self.t_Enumerate__count'0 + Seq.length s < UInt64.to_uint v_MAX'0) + -> UInt64.t'int self.t_Enumerate__count'0 + Seq.length s < UInt64.t'int v_MAX'0) /\ (forall i : borrowed t_I'0 . inv'8 i /\ completed'1 i -> produces'1 i.current (Seq.empty : Seq.seq t_Item'0) i.final) @@ -792,13 +789,12 @@ module M_15_enumerate__qyi17057287782225696128__next__refines [#"15_enumerate.rs predicate produces'0 [#"15_enumerate.rs" 31 4 31 64] (self : t_Enumerate'0) (visited : Seq.seq (UInt64.t, t_Item'0)) (o : t_Enumerate'0) = - [%#s15_enumerate2] Seq.length visited - = UInt64.to_uint o.t_Enumerate__count'0 - UInt64.to_uint self.t_Enumerate__count'0 + [%#s15_enumerate2] Seq.length visited = UInt64.t'int o.t_Enumerate__count'0 - UInt64.t'int self.t_Enumerate__count'0 /\ (exists s : Seq.seq t_Item'0 . inv'2 s /\ produces'1 self.t_Enumerate__iter'0 s o.t_Enumerate__iter'0 /\ Seq.length visited = Seq.length s /\ (forall i : int . 0 <= i /\ i < Seq.length s - -> UInt64.to_uint (let (a, _) = Seq.get visited i in a) = UInt64.to_uint self.t_Enumerate__count'0 + i + -> UInt64.t'int (let (a, _) = Seq.get visited i in a) = UInt64.t'int self.t_Enumerate__count'0 + i /\ (let (_, a) = Seq.get visited i in a) = Seq.get s i)) predicate inv'3 (_1 : (UInt64.t, t_Item'0)) @@ -910,13 +906,12 @@ module M_15_enumerate__qyi17057287782225696128__produces_trans__refines [#"15_en predicate produces'0 [#"15_enumerate.rs" 31 4 31 64] (self : t_Enumerate'0) (visited : Seq.seq (UInt64.t, t_Item'0)) (o : t_Enumerate'0) = - [%#s15_enumerate1] Seq.length visited - = UInt64.to_uint o.t_Enumerate__count'0 - UInt64.to_uint self.t_Enumerate__count'0 + [%#s15_enumerate1] Seq.length visited = UInt64.t'int o.t_Enumerate__count'0 - UInt64.t'int self.t_Enumerate__count'0 /\ (exists s : Seq.seq t_Item'0 . inv'1 s /\ produces'1 self.t_Enumerate__iter'0 s o.t_Enumerate__iter'0 /\ Seq.length visited = Seq.length s /\ (forall i : int . 0 <= i /\ i < Seq.length s - -> UInt64.to_uint (let (a, _) = Seq.get visited i in a) = UInt64.to_uint self.t_Enumerate__count'0 + i + -> UInt64.t'int (let (a, _) = Seq.get visited i in a) = UInt64.t'int self.t_Enumerate__count'0 + i /\ (let (_, a) = Seq.get visited i in a) = Seq.get s i)) constant v_MAX'0 : UInt64.t = (18446744073709551615 : UInt64.t) @@ -935,7 +930,7 @@ module M_15_enumerate__qyi17057287782225696128__produces_trans__refines [#"15_en predicate invariant'0 [#"15_enumerate.rs" 79 4 79 30] (self : t_Enumerate'0) = [%#s15_enumerate10] (forall s : Seq.seq t_Item'0, i : t_I'0 [produces'1 self.t_Enumerate__iter'0 s i] . inv'1 s /\ inv'2 i /\ produces'1 self.t_Enumerate__iter'0 s i - -> UInt64.to_uint self.t_Enumerate__count'0 + Seq.length s < UInt64.to_uint v_MAX'0) + -> UInt64.t'int self.t_Enumerate__count'0 + Seq.length s < UInt64.t'int v_MAX'0) /\ (forall i : borrowed t_I'0 . inv'3 i /\ completed'0 i -> produces'1 i.current (Seq.empty : Seq.seq t_Item'0) i.final) @@ -1045,7 +1040,7 @@ module M_15_enumerate__qyi17057287782225696128__produces_refl__refines [#"15_enu predicate invariant'0 [#"15_enumerate.rs" 79 4 79 30] (self : t_Enumerate'0) = [%#s15_enumerate10] (forall s : Seq.seq t_Item'0, i : t_I'0 [produces'1 self.t_Enumerate__iter'0 s i] . inv'1 s /\ inv'2 i /\ produces'1 self.t_Enumerate__iter'0 s i - -> UInt64.to_uint self.t_Enumerate__count'0 + Seq.length s < UInt64.to_uint v_MAX'0) + -> UInt64.t'int self.t_Enumerate__count'0 + Seq.length s < UInt64.t'int v_MAX'0) /\ (forall i : borrowed t_I'0 . inv'3 i /\ completed'0 i -> produces'1 i.current (Seq.empty : Seq.seq t_Item'0) i.final) @@ -1070,13 +1065,12 @@ module M_15_enumerate__qyi17057287782225696128__produces_refl__refines [#"15_enu predicate produces'0 [#"15_enumerate.rs" 31 4 31 64] (self : t_Enumerate'0) (visited : Seq.seq (UInt64.t, t_Item'0)) (o : t_Enumerate'0) = - [%#s15_enumerate1] Seq.length visited - = UInt64.to_uint o.t_Enumerate__count'0 - UInt64.to_uint self.t_Enumerate__count'0 + [%#s15_enumerate1] Seq.length visited = UInt64.t'int o.t_Enumerate__count'0 - UInt64.t'int self.t_Enumerate__count'0 /\ (exists s : Seq.seq t_Item'0 . inv'1 s /\ produces'1 self.t_Enumerate__iter'0 s o.t_Enumerate__iter'0 /\ Seq.length visited = Seq.length s /\ (forall i : int . 0 <= i /\ i < Seq.length s - -> UInt64.to_uint (let (a, _) = Seq.get visited i in a) = UInt64.to_uint self.t_Enumerate__count'0 + i + -> UInt64.t'int (let (a, _) = Seq.get visited i in a) = UInt64.t'int self.t_Enumerate__count'0 + i /\ (let (_, a) = Seq.get visited i in a) = Seq.get s i)) goal refines : [%#s15_enumerate0] forall self : t_Enumerate'0 . inv'0 self diff --git a/creusot/tests/should_succeed/iterators/15_enumerate/why3session.xml b/creusot/tests/should_succeed/iterators/15_enumerate/why3session.xml index f36d866a1f..9e59b1d1d9 100644 --- a/creusot/tests/should_succeed/iterators/15_enumerate/why3session.xml +++ b/creusot/tests/should_succeed/iterators/15_enumerate/why3session.xml @@ -10,68 +10,68 @@ - + - + - + - + - + - + - + - + - + - + - - + + - + - + - + - + - + diff --git a/creusot/tests/should_succeed/iterators/15_enumerate/why3shapes.gz b/creusot/tests/should_succeed/iterators/15_enumerate/why3shapes.gz index bbe05aff76e8c2692dab492b2b6359ff492829fc..0ba522df258fad73ba988510cb0f41d7d3bf4019 100644 GIT binary patch literal 1639 zcmV-t2AKIDiwFP!00000|Fu|4liM~7zWZ1Bwrz4D_-3a)xS49`L(@Y$n%+DVABm@4 zdt=La^w$@(M6KlAWbNH_$1{c@;sXhMfWZCX)%@_@-NnQFW85FsyX{YNIe+!z%-!vG z;ppSx25RD7zpkNXHD8X^^nr%pD!O#*?Z+FMA9cc@A=Ly{xOjWleyK%yF7P=@ZohWh z_J-B+!|4I9WmSan0;pBD0EMau;{~+V-2ztYstB_;y*D7PUH!H_-p0La;|;mF{im*L zvls!8+H?RYR7Dt_0nbbOLjYZVMPDs?OXvfUrD}G1ygJ2xjOY$=lRDdz*qfZ>bI&;| ztOikoJa;~NH1a=4e30Z~YI!o_Qzb7xz7I~7|0ZX4xL@ZQ*Ldg4fn5=rBKYOhCL2st z9l(pJD++bRz2@806p)M`drBmwiLS0>`s|V_eOQ=f=b$OvK&(s}r8|a67 zJ`PgvL}9MnU&p&mqzDbH6cVs%kY;aM_h$8Wx5X_Kr9#c0yIa(tl`QoMvKpjWk<8+a z^SfJg(Z-N{>wC0OR{e3mkJ~msKCHLzaP@9mQ{vKk>o%Ry;Lt3;3phLueqTv?s0CfU zm~W);jofR#%{Ow!Hz<5#g>NW4$d0PV$5DkIs?g(%fIWXq;g6Z}CpXX!10SnF>iKi( zLXVIXV9Zh^3>2ONRD*OzR6g*C4?N=cL{%fAic)wWszDls0*cacjWjz#|m|Pa{4k+JS>*yY81>8XT0+e`V_@ zGM%s{-u>>F`SS2Un@;QxGCPkQI^S(R=5zf&{yIht4D9mQo%lf>M?I@EJ}r*h!x0T8 zk?MlzK9j5+ex`NYgcTV=d)!3lLU8SF^=nOqyx;_7DJJ~ZeO?{c+jiv+o$e3!vwNLa zpz<;(T!=vJr`_rfBfDQ6*8k$bgY0w<^cfqum{^zY z;jwgI!KatFDXi+cSl8XBB%j=4hX@w{J(h%LN%MKzY@;6oUc*+8auPAOMtmffkflFc!20w3Zfx1#W>^Km?fa#C@ZUGD=6K8!8la zp<$7G0!h1s0765d+mtz`%0CSRfeL)R-oPITM!Q(b+|46oVWC;f>G|Bmhy`YXXFZq=5!E z=fpB&nYIkKCohJLR50(5A{-hYLP$N}3#P0alRbfP=tTU>#^AG>H;-3JFz=8Y*;TB*$FfhrYlCG{BiQoMVin z=D=uVOlr(37MGSe@`AtAOW??xfF()+y9N*1G3K1&OrTdsbuKn>HL5d=BLH_+T-L}WJJQH6GqX~cnKaimR^;2{B;_vgJdCdF6dbj<#kRhZqLqXF~B)ql4ScX{uRdCul{zdPs5 zV&s51(>q|!v{e|bfjPkQA^?})(6@`TC7ct{N$u?Pd3DPD*rPw>P3dh<;@RXRKaJe& z3U@#b;uKv`(bW}QJ)lePK^H5!qM|E0bjNH1e!cKG zNarBR0r~$w+;1{E=YZEj0^SbN?DptySD$vSF7Qx6!V~hy6ZpkKO0Pdi!~kkGriy=F58PH@(pi&@6w5b9mYLrIPee z3%dPo-dN?0T{N%r#-8v7l{a2_<4!)?9p%Q$Q56qW@puB@nIBX6F;jlJ1N7^_V>?J^ zeom**3y=bgDdi5Jat_cA(i2d{z>yd@5*JX_2vn+t2h2nZrse{i16`{TbUR3A zP|rtie+G?Kv|6o?d4FMOGOnz*y~uso?f1Jsa+=@${-*hfyY==<-mj0Vb@HF{=~wqD z!fc!WJT~+0k9l+a>pnL_lKNP}@AKhdbDWLQhaWeA7b*ze_V}!52L|hO{V!)}2vAf1 zjj5ktI{BJJkGqGCm*)%G^x}CTv!}V+=fiIE*sbfIiPsY~5ZLcyzv5^6I6AX>+Lar&iiKf znD=F~`=bkW_RLpooK$QB>ST<>D}&aHC@4&@NguhS6r zb#z`dTn^-R-`)jnXIqgyUHw;8(%5=A*&pimXX$@&h$Ag;7n6o%oZ|l6xFT_H&g?^3 zz0&Kj#QscQe&|*@F$2%9B!}$!3uywqL)Ce{bVPXWzE1VCxbF6Tb(%wW2epHI!&U8K zk+suKh}A}j)jo(#ABA1}iB5El;z-S(X-+Na&`efg(7@z<=H$8k9G-yk$#dt8W)j@c zU=971zBGzgyk>aqMtRqb){>4avc<7(*)wN=kuCjy{3dTdAHO)@wSFI0zb<~8v*pWA z*XbL#Q@6_(-wx;QygnLeIemH1qV}xRj{gHNE5cC8U^IC}qUc1zkTHc~0L}t6%1TRC zSZ>jRWiv1=W+IX)=U{SOmE)F3IIb5Ta+61Wt^GzSBcdx27l*eGiz z28jnKq#%_Tg~XDzLQ*EB#7&BVHOc~;Sg^nim6D1nk&zL`^AZ#!r2z`}yipdJ1!F;5 zP!^;GvLGyQ3upmmQc6)Ua084-mUH$(FrEPuE8LXaC`;0EX3<#G7L`S5kt_;}+#*_p znT#0~3X`MJA%KwtIT+537e!Jwjj|jqhd109;-tuPsk{k=LMc&6B}LIHhpcnM$#P*i zf0wtc3KmSE@KjPDKvP%}p&&wL9AhJx<;HStxw2fo*DZsRW62&xG{6%vGzAq)N+;t* z%#GkypcU{D=blv7B7g)Yx%Y_&?>!06WoF3HG=i)UANL<6Cs`un0!!>e&SUYEfMV9hBLRA@a)`tO zA=65BIVWxjKOO=^G@b|PDaYbd;7X^2-b2WgB#T|(V@X?5v%dkmzZWch761Tw C94Ed2 diff --git a/creusot/tests/should_succeed/iterators/16_take.coma b/creusot/tests/should_succeed/iterators/16_take.coma index bd4b4adbf9..bb1292e801 100644 --- a/creusot/tests/should_succeed/iterators/16_take.coma +++ b/creusot/tests/should_succeed/iterators/16_take.coma @@ -59,7 +59,7 @@ module M_16_take__qyi16574350389265959367__produces_refl [#"16_take.rs" 41 4 41 use seq.Seq predicate produces'0 [#"16_take.rs" 31 4 31 64] (self : t_Take'0) (visited : Seq.seq t_Item'0) (o : t_Take'0) = - [%#s16_take3] UInt64.to_uint self.t_Take__n'0 = UInt64.to_uint o.t_Take__n'0 + Seq.length visited + [%#s16_take3] UInt64.t'int self.t_Take__n'0 = UInt64.t'int o.t_Take__n'0 + Seq.length visited /\ produces'1 self.t_Take__iter'0 visited o.t_Take__iter'0 constant self : t_Take'0 @@ -134,7 +134,7 @@ module M_16_take__qyi16574350389265959367__produces_trans [#"16_take.rs" 51 4 51 use seq.Seq predicate produces'0 [#"16_take.rs" 31 4 31 64] (self : t_Take'0) (visited : Seq.seq t_Item'0) (o : t_Take'0) = - [%#s16_take7] UInt64.to_uint self.t_Take__n'0 = UInt64.to_uint o.t_Take__n'0 + Seq.length visited + [%#s16_take7] UInt64.t'int self.t_Take__n'0 = UInt64.t'int o.t_Take__n'0 + Seq.length visited /\ produces'1 self.t_Take__iter'0 visited o.t_Take__iter'0 constant a : t_Take'0 @@ -274,15 +274,15 @@ module M_16_take__qyi16574350389265959367__next [#"16_take.rs" 57 4 57 41] (* 0 - /\ UInt64.to_uint (self.current).t_Take__n'0 = UInt64.to_uint (self.final).t_Take__n'0 + 1 + [%#s16_take8] UInt64.t'int (self.current).t_Take__n'0 = 0 /\ resolve'1 self + \/ UInt64.t'int (self.current).t_Take__n'0 > 0 + /\ UInt64.t'int (self.current).t_Take__n'0 = UInt64.t'int (self.final).t_Take__n'0 + 1 /\ completed'1 (Borrow.borrow_logic (self.current).t_Take__iter'0 (self.final).t_Take__iter'0 (Borrow.inherit_id (Borrow.get_id self) 1)) use seq.Seq predicate produces'0 [#"16_take.rs" 31 4 31 64] (self : t_Take'0) (visited : Seq.seq t_Item'0) (o : t_Take'0) = - [%#s16_take9] UInt64.to_uint self.t_Take__n'0 = UInt64.to_uint o.t_Take__n'0 + Seq.length visited + [%#s16_take9] UInt64.t'int self.t_Take__n'0 = UInt64.t'int o.t_Take__n'0 + Seq.length visited /\ produces'1 self.t_Take__iter'0 visited o.t_Take__iter'0 meta "compute_max_steps" 1000000 @@ -407,9 +407,9 @@ module M_16_take__qyi16574350389265959367__next__refines [#"16_take.rs" 57 4 57 predicate completed'1 [#"common.rs" 11 4 11 36] (self : borrowed t_I'0) predicate completed'0 [#"16_take.rs" 22 4 22 35] (self : borrowed (t_Take'0)) = - [%#s16_take1] UInt64.to_uint (self.current).t_Take__n'0 = 0 /\ resolve'0 self - \/ UInt64.to_uint (self.current).t_Take__n'0 > 0 - /\ UInt64.to_uint (self.current).t_Take__n'0 = UInt64.to_uint (self.final).t_Take__n'0 + 1 + [%#s16_take1] UInt64.t'int (self.current).t_Take__n'0 = 0 /\ resolve'0 self + \/ UInt64.t'int (self.current).t_Take__n'0 > 0 + /\ UInt64.t'int (self.current).t_Take__n'0 = UInt64.t'int (self.final).t_Take__n'0 + 1 /\ completed'1 (Borrow.borrow_logic (self.current).t_Take__iter'0 (self.final).t_Take__iter'0 (Borrow.inherit_id (Borrow.get_id self) 1)) use seq.Seq @@ -417,7 +417,7 @@ module M_16_take__qyi16574350389265959367__next__refines [#"16_take.rs" 57 4 57 use seq.Seq predicate produces'0 [#"16_take.rs" 31 4 31 64] (self : t_Take'0) (visited : Seq.seq t_Item'0) (o : t_Take'0) = - [%#s16_take2] UInt64.to_uint self.t_Take__n'0 = UInt64.to_uint o.t_Take__n'0 + Seq.length visited + [%#s16_take2] UInt64.t'int self.t_Take__n'0 = UInt64.t'int o.t_Take__n'0 + Seq.length visited /\ produces'1 self.t_Take__iter'0 visited o.t_Take__iter'0 predicate inv'2 (_1 : t_Item'0) @@ -502,7 +502,7 @@ module M_16_take__qyi16574350389265959367__produces_refl__refines [#"16_take.rs" use seq.Seq predicate produces'0 [#"16_take.rs" 31 4 31 64] (self : t_Take'0) (visited : Seq.seq t_Item'0) (o : t_Take'0) = - [%#s16_take1] UInt64.to_uint self.t_Take__n'0 = UInt64.to_uint o.t_Take__n'0 + Seq.length visited + [%#s16_take1] UInt64.t'int self.t_Take__n'0 = UInt64.t'int o.t_Take__n'0 + Seq.length visited /\ produces'1 self.t_Take__iter'0 visited o.t_Take__iter'0 goal refines : [%#s16_take0] forall self : t_Take'0 . inv'0 self @@ -562,7 +562,7 @@ module M_16_take__qyi16574350389265959367__produces_trans__refines [#"16_take.rs use seq.Seq predicate produces'0 [#"16_take.rs" 31 4 31 64] (self : t_Take'0) (visited : Seq.seq t_Item'0) (o : t_Take'0) = - [%#s16_take1] UInt64.to_uint self.t_Take__n'0 = UInt64.to_uint o.t_Take__n'0 + Seq.length visited + [%#s16_take1] UInt64.t'int self.t_Take__n'0 = UInt64.t'int o.t_Take__n'0 + Seq.length visited /\ produces'1 self.t_Take__iter'0 visited o.t_Take__iter'0 predicate inv'0 (_1 : t_Take'0) diff --git a/creusot/tests/should_succeed/iterators/16_take/why3session.xml b/creusot/tests/should_succeed/iterators/16_take/why3session.xml index 1a04c880e7..d0e6a6b058 100644 --- a/creusot/tests/should_succeed/iterators/16_take/why3session.xml +++ b/creusot/tests/should_succeed/iterators/16_take/why3session.xml @@ -9,7 +9,7 @@ - + @@ -17,27 +17,27 @@ - + - + - + - + - + diff --git a/creusot/tests/should_succeed/iterators/16_take/why3shapes.gz b/creusot/tests/should_succeed/iterators/16_take/why3shapes.gz index da89f1c93c513225ac3bfd4d001b42ac8e477393..8c0b2aca526c9d8f87221abbcfc65a4e410a089b 100644 GIT binary patch literal 882 zcmV-&1C9J2iwFP!00000|IJlRZ`()=z3W%_mTijy^DWH+UBCz+NSE$m3ta_jW|RuC zr9_rf?7v@*tdS+h4q7ya%_RiMd3@v}%;)gwQy~gf#QD-KUwJrY$$Y932V?f| zbOoD$+dmEe7DO2@}G{(xY`z00}+^#-79L?#)XsP~;|T_(v&FZo zcjF_v@=+QJya!6^|5kzkas{ZMGGKxl5R57qCSSkt4_2-dz%)y7YqNRSZ0_XFIQU%M8`k4~H$ zMbAIo9z6vP_c@&J)Qq>HVDarem~Q{HbAz*f^6ZSZn3p;By=w;_J~ZtEW_N8t1=LLo zyVIk&AkW_gTwVvC_mi@Gw$k4|MiP#ZoIP(JBk{+$SPB|0kcSII~jsZYrgMGwY$DJh$!X0y~Ry3l~XtpQ(Z5C;wTQUkROi-vpJyF<5o@n}`o z_uUUHvVUALMNX zxbfc&KDS|hg{GlbM4@kCpEXK6-=#YFtj=^R{D0i{e8Vyv_HE=GzQE9xO*_0@<8#Qm zo-suY{^T4V+)bFj;jb@0353M_$M9Q!blZz#n@(kxcX2T1Wk2=iAyU{KT>jNJdYu-2 z&F5ODyq{ngMHaZL>zbOFFrm0`${AxT(8ARgENn!^GnUbeLUl)5{*y>Y7%3ru?gie28#7OMM@@EF2E|qG&2mp$`xmhYr!mqxgzOQYwxEWDb`akg;S)BGDRWK@maYBZfm@8KW5^8Pyq0G8#w!0eUE> I=NAhA0M3GoSFAVzkJG%-|;yf^S9U^o38ymm-(k(vqx;&w+%SJ z)9x!i#SPgUo}6>!Wjr8`6bWSb+;`#C$KwVZ!-ogQoph>PhQ+%GbKHq?dPOBLM_93< z)ff-Yr@x#|=X!ZgoSDu|c{5sUr(#W+K#`4SyRrKv7arrjJ|~WF${6vgCNi`-HnM7r zzKakCj;6wS0&|3{TNP8$^C(0ytD&yckVy@h)R0$W8A>D$r~_8sJ-Li00e~5??J93f zf>jJ4J@7MFis5f12;##7Vuh7QpVYtvsswzw&KVL`p)>F%P z8{$|RHcP{1E8+MsQsLBK(nVOli|}C`%Bc*Uz#QRgKP;?$J~u`7c*4ism#&Q)G6tyw zz{lMm-63v>b1?M+4yI-XlqJNrkLbI@^FE$p7$#3IY>RpM*S?SKX*fPM?YDhAb*%%A zb<^VhoHRek%AZ0mZj;ac1X|9h_|MBo(lU}uok-*xNKxe7xEH%xpG+-ZVz?K^5qybxMpti|qs>D7XyZzh1 zR&{;f{TajN@U*HNe62$SBkNiU9t97&0)vd^+%iioSdw`pF>p>egivY4WL+ys zwV;Nu;CY>Abq!wWz<~Pzo)7|&nMxBKO$|VG&aIfpD#}figjPYyn)yIUFqJk~83s`+ z%(*pITV-XYspb%wXWmd@0uhSpN*W&tavBhFZh=g+5OhsMje&UdBB-d17c#`UX2DPq zhr7~(u)r-a3)BK+B8IxgfYEqijHoz7P6Jcu1F5{Kb8acKlv)aw5(~zHwxF`V0fIeX I*P03d0HPDDsQ>@~ diff --git a/creusot/tests/should_succeed/iterators/17_filter.coma b/creusot/tests/should_succeed/iterators/17_filter.coma index d1434fb8d6..119c8dbfab 100644 --- a/creusot/tests/should_succeed/iterators/17_filter.coma +++ b/creusot/tests/should_succeed/iterators/17_filter.coma @@ -895,7 +895,7 @@ module M_17_filter__less_than [#"17_filter.rs" 123 0 123 49] function view'0 (self : t_Vec'0) : Seq.seq UInt32.t - axiom view'0_spec : forall self : t_Vec'0 . [%#svec8] Seq.length (view'0 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) + axiom view'0_spec : forall self : t_Vec'0 . [%#svec8] Seq.length (view'0 self) <= UInt64.t'int (v_MAX'0 : UInt64.t) function view'1 (self : t_IntoIter'0) : Seq.seq UInt32.t diff --git a/creusot/tests/should_succeed/iterators/17_filter/why3session.xml b/creusot/tests/should_succeed/iterators/17_filter/why3session.xml index 5b23cf3604..8bfa150109 100644 --- a/creusot/tests/should_succeed/iterators/17_filter/why3session.xml +++ b/creusot/tests/should_succeed/iterators/17_filter/why3session.xml @@ -134,7 +134,7 @@ - + @@ -314,7 +314,7 @@ - + diff --git a/creusot/tests/should_succeed/iterators/17_filter/why3shapes.gz b/creusot/tests/should_succeed/iterators/17_filter/why3shapes.gz index ec7ae5a532c6af6e5392541fa3a0b067eb3fd481..d58a714db48d956668947524a761e508abea8aa1 100644 GIT binary patch literal 6836 zcmV;l8cXFLiwFP!00000|Lt5^Z)CTXe%G%MFb_QwBLMehU;`11)|7yZUuIC4w+6{e z+H%xVx1?^z|9-y1yWhH1DlKg(K@!Q$;&RU6*$>ImzyIm-<^KVw|AE}*Z+BH zPXF{DC*jlWP4gw?yLWuc!gt?o`BrY##k5=O^f1g47vb{yD?X^cG4!zW8CV_i$4~da zZ*@PeF@BrxZmz!OcWmp=!l#?N`*d^NT;7AQ4y*1;2RL7@ zuk#(v=lB5y<7dA3OkJ}D51B-(S$6SRE8#zzB;R#0^M0cbom$$V zc|;FlU?(8GbiahP&NPtf~4F z%EU?E^~w`Ur-^lVRGivBckD5>I>U#FHI{Wof?-ns+Pv!_$eB@e5L%-+(pX~$k?d|| zaAKx}558QT&1`8zso&3|%-tAa4oM-bpgk;w5boAwGl+ptO!1D7g5aGIw=<@q;5#N9 z;+p*qvIuc2T*o;+z;G3Yo5P@$?pSGr9_Ci~wb7Y4keC9tCwWM=gH*Cs9)8XWBFCTi zNm1$>v2TP&%IX1&32+g_qCIv)61b#)!)5rD1o&%DEtWz3Vm}ER&e-=~wi3G*m*Knc zmr%l=(H=KGZj=UT9&u(e;k?83QotsFi=+{nlUxKJ91Bveh`f``4 zogVic?OymGtQTbW40}frN%Yr_h?m*)<>L&j-{<8%BbyO^$LF-7{*x10EKBO1Qe~IQqD__z(-0A@Xr7I3_0vC;9W2 zaCLeA`{^&gf4aHVx@%nu@HL7MWsO#Ybd{??;BQ?`IQ$%&%;C0$gm>#2u;w z?og3CRC9OeCXm!t=?Nr#0Fow1dQRrqB3Dpmt0p{F2Y9TA$7;^wn$FEOKkyiX13t7L zDC`a=K~J)XmBXc(Mbv-_d#DFXV*py}Nqe?5)A*@Ii#3f_I~rY))ib8iq?VY5W2QRU z?9r$?sK;reMB9;y!>mh05A$37f2u@|J?3ad(lYu%X~4NC%sV^GqgEQj8HeP9oc6mG z@<%<2W4%J1Z0Bf(elyOPvY$pSW{zmielyHR`yuwvUHX$azwdM@9CNg^;LK5{O9SH{ zK44mc{|0AFGv+_)m?^BDF{OhCOlyT-e`FN;M(i7D_0C|g937Rf56aP3OJnm)WUO|1 zYddUUtsCm#L4v5-;p$qPBUEv*s3)f0@B49{nu8t(>>; zHeEvtW?e0SXW#3o{$5XwJ%{i06y58!cVl|E8&eP8jq%}bOb&NrvfhnN@6QDPJYIMW zt&<<`!;c?+y1CBSd3P%((epnyAL)`1p5$|XIVsME)=A&eXFrB?^YPOaQmBRisu9|R zrRmG$@x6sb{+V5>a51raDuGPXJ^@~VrM&I zXOFthWrweG<@2s{pK!G*2lerT`uK(V@Ievupa|63Q6ITrxcuDPfIJ^sQ^*ty+c}2B zGqk32u*P(1SmV{$JQ?>GeRz}oBa0=S2sUj z($D~E?Ko?;?wn3RcE}SiNWy9;-=$#|tCt)Z1NST(?4~TM++RZ5ziw4l^3eJB9*hS! zyn{gK?|6NV*4hSkU~X<=Tm8EtOuI z1=+Su9pcUH?aglpfgk_&z~ZVAm(9s_{`>vuJL-COdjI>UJaJ>K6Q*$U34VemOMC^%Da!bm8&NyTwRe*J7g=i zCv-A9-2QyGJNwgZ9z5m4UUCQOZT|e_vdX3=DIMdFJpx|^-tKe&)XTi{v@IezP%@g$ z*maDdR3v*8_J?-#=y0=|_Z-lkb?&qR-pM!)Y2jtNsAJ5_03~-dLY*HQ9JRagWZ?}aIrq_l1h zJ`OlIcQQ{+j$D`X7FYX+K#sdOWFFJo;N9J}M=Co5Ex89-Oy@aA@@PWAAxe*BzQ3}EHv zYOew8xjx*hAB%g$V>DbI(r|s0hOgZ~?j><@BR0K@JW5B$TS~sXrsQk)lzY@@?}g}1YN#x!;@ zyK~wjV>_&DubhsR@jO8NOO*e_qC9ks`h+rvFMP#LDn42D(@&EF8ltl;?arrt%So1e z=k)X03T`@Zot(?L?(R(XcaW3y?&6pdvdYQ#V5oSkuSOm?O;}xZ5q_ZeWu)cDuzo0l z>9IRKxq8&O6)|G1GOvc{YD8VTn*-5@4hFi_O3=jNEMS>}t*z-4Sk;7*Rv)$Rr!o3$ z_nLv&(NDUVo~pJNh;$(9I{9?ldW@T^4>VlO&$=&Tf=9fX>QM)2?fSFsrmt@ucM@3F zQet?~U6|I)@bKAV<v!c;7gD zm(9i}41BnQW{>%LuNdy2sdaLHcE1!$3!#4N>7uI2fK3(5@nCnjMz5ED04DqU; z)xTnxegXLY^RU0Z(f9E!?_WOfdg9Yr?bplv8?6ra?=B(quOI&V?El`e`kkNj@e{cM z64sW)^qwAMzhj?Cv|F{9VzwmhzvjC;lH_zmZw*HN>o$kF?ZrB`wbRl0QoD5n(8W66 zf3thq$=O=3Z@(1208qd8J??5bO5gOJ681TK`T4%>K0o<2U3{ho zce4e){aV$~LD5RA`Oo^TE!h?-({J04UP<*n8d)E42HvAf9^MV^TUFgNHH=>D&KhCO z=6xUTZ$4aJ*U4?`p*82TFrfy+qCEC|XiX(SetR{h>fyQAx+Hi%Wx`nAN0Z@meae0@ zA7|4A^c-ExI$)xD{jV6*bB^{5zdBPC3N-rdR=e5rHEq^9Rh?`WZ`XY9 z`Taa1m>Ove-x|3!^Uz|%S|_WMMZZy_hSu1(h&rYZJ4O#v^zbFcuP0E{n;Mk&U+i@g zC|)d<%*C0&wk z+pqiB;YqRS(|0>ODaP!rl^yI6YJK%<G z{JjZNzY=HM5(=%|_cso9O^&|6X8Zw@111ZI^)DL?W;I1-+rMpK{EP)e1tl*_<*6%= za5QAx*B4VGUpT43;Ll0&^itC`b!%*Cs8B~@|!ICL=qFR_$8&U@;?GRK~f*d=S^Uh*{B6TNVP(H+Fe;23? zqVX`9OQ3RF$}^R{X_~JCh;J(&p-5`@Ffex1q}M-SOy3 z#$J~_Py@8_YhPV4L^rXgpLe9p3!&C;TnsbnE@$=C5I|d9I^l&!>1;AtbE!P@T1$~4 zx`ULS$5Xel8?(_HwUHaK;Tv|6S+qPGt&59Ua>0|dHuI8g;VRjTC0s4mc#)WMn3ptH zMH%iIro9xIFx|k_WA1a>mmdxme?LXrg7(d*{59fq^L1 zFyjTPWN8_#VH>|#rE}ED$tDQi$ZWC;%rNgGNDEe%M61Nks?4noA_y&-s6@%3an4w7 zz!}DTyC=T8suabz^hzfgQj&$aVgmzSrojnLtMp<`uqNnYvBC=BJ>$t67n2h*G}cs1 zhAq~ptV1dWJMh{nS)A22v*MNW5OXFe=_PGZ`o>2uoBmEeTl!Cc*W_L<#N^X!A7C&||Kl zpG698OED1~vDUbzi794p0a~)Bfp(gylCn*q6sb%0vC;5sA#fj=X-J(VX3LEf8_A!B zqa*|I1s6*y)7R_LkqS=Eis(#MsZkMn1uaurg&=IB36mmZ&%hCptuo|=P%AD|W0=eEs*SSDDlbz! zRk|XP&%~o(aZxH|B}5J1jSv9m41>`PcI5o2<`s{5E*@@jYDgvkubPyd%ogs_@Capt zTLK= zxC9ud=(i-EkIEoUNG6asG&(87maMaj+6Ci$X+-EyDgOefz$;`Bj5k~`t%``y^im4k zr6|s&Q>`{yzR0e0f^BjH<;Z+;wrB)q58n2LFOY$-5ffkyDwC)f=leR&K1=SWdt!>wp;qW+1U-Zn1!wu^{(B%FrmU z6a);1E~F{p)B==6j^U4mD0x&lzzty|OmJZn=fcEfp&5wE>C{$WkAhjeE-DrQp(COr zQOHV%U@Q^|Yh^+#;2Xyt4b}>qk((-|S&HyqNM*8v4>eIC-AqUs)W*q;tIq!k@R`sl zC+iJk(J8^8#YQy97L!mmk?Xe`XEshh1-K4TBj1S*Y%aXO)ES2ilaeB8%hjp#8|R)5 zzc}C6lsJ-HUp%qCF}W}wbWF@fO7Fbcc)jszV=?|cVaRtPQDRaO0h!+w?xM&&C7R?zQNH!nuYax(Vb&S|KY%g-2)WFks6X z*6~lh8vlg#O88*wu|;k?6Ue8Lo0Q^G5luaPkgrA^0$h=tg`7l@$Qy)EA;3{PA4Jnp zCti!X;&|hI6TmaY5le(NOf&9~Eg+yE1tzU~HP2!ka;%_OF*38rw1p=YA%v!}Od<8E z7ihpnN64ZL$ge^tFU(|@vdBUUudRrx@yM1#FvconDxKmD(3zb#jnD~3Tuh*obJYAs zDb|$G#FkF^`gCR_hn{X&nG>>}`Wd0J3aHd1i>_2UL5WhYNMxcaKqa`FEE@?D3#v#| zk3P{QN~pD~qF-AXiXW8suSjnU90jhA3b7hC#U!CNCO}*qj1C<&Y1DfL@D027O{t`&^7;JU2Qv4J6%IQzD`@5>}`YhaSBqks)%H zV4w6d(p%`cG}1M2Fg6OLTmDoqx^Kc_@4J6rhfvFT&P`^98G49;2*`|;$Z_cWTSW&# z#YT{Qz5!xIK*Em+Mi`@V$llO3ob=Y1VAd3^gApiKfv~TIdk?FF~*r1O3vyIURCHeR4?!nW!&Xvz#JA4vfMk zhPu}5?g2VPk2sLg3VOOhZ#M+?!u^}tmy8N2it{q7CKjK06joUTSng08Q3kNwm+tnZ z-t@jQ()XxU2~lcCMSOt58O~6L(o+MsvoCrcO8cT$H}vd=-rdl{oBHzR?e0@Z-bk05 z!W*r0(aAc*Zpl?>tc*@#pCmN)kG{{$q7VfhPa>xlKHH*QBUn>RWPuC&&$3S`MbpHb im9`vlmPc)onkio_d}vB~)Z2gjz5YK}*}%LGfdByf09^L~ literal 6830 zcmV;f8d2pRiwFP!00000|Lt5^ZzMO8e%G%Mun)aE#sIvJg$;~gw6+Ay`ehe|eQS_R z(w0XpbxZ2@_}}jr%sVTqR65$y491Y$EFKZTxPxTr-~V)a_e=Pc?@qtw+q=t~>;F78 zr+@m7lkn;GrumZc-8;Tz;k)m)d@Hx=V%jZsdKhMji*R}U6(3aJ7<$$mRx=f&vFb;{ka1Dr3{ z*ZGd-bNqmU@iSk1rmooniJw`A+H!NTN(>EYjBdF-Kl!n4Lu>^*>o&xFxc_i|d3B#} z-?4We|F+$3xvPWW_A*>o2<~&8Os(^wHQ^K63f?hF@QXeD=V#qgn$ow%Avy9M}Wk=X~GOCiYDE-`g+wbNGR#LPhW+G50Kdk4Cu4 z*FWF?(n3Jj4+-0m?=NUjtPTn=;D;$zHGUW|s0u-?LQsJ4{W#U^Od7}ZWLmp?GFDOS zuExkP8*LyP4PnBd%c?0YgIeNO$KF3u7A=2|5(Ly&VeZ)hPPKyQr3Bc6h?Y{&9r6)& z%OAZ8SWiTNsdkQF959nPGyc<9g>P5*Z-&`uAHjbj`(Mm|bId<`lJB~hdB4$zPA%=w zJfa6NuoIA8y5Y&t#1juKIkfcId}UoG=bf_0@iK7E>AyoBKkjy=lYi6>~b2mnqLsAGUXb(#vgu6A_3}WCDQ@rD&Ab4lQ?To1?_>KvO zxMshDEJEB0*Kv*yFkFS<<}hfbJ60N@hq)DgZFD9MB&LAvNgk5zAeF3@ho7^8$nocW zQk42e>>J^cvUKXph~H1TN{{a2b9j0sh)ki)B#1*iXWSGxq(Lt;DXyW%w@q zC6w@Iw8xE)8>K;-N1T~VIPY-16tD>(xs_@HNF4yA2#}fr`n6Ntmmq4&K;k=rzT9PM zr^kIqyB9tP>jl|8!`@Lu68*I!;$=2{`8WgX_j$R`$YzA!@j0!i|Kx;Ld4N_)v`!|R zW2fP=nk-*Rr8ivu{^TAcoF+u$lb@D^d>{Ti?O1r*`QS+dL%#iz?oU76=8u;E_c%AS zK=qJAqCL%4%=bCl;f$fru^v)|mZ4%FL&f`(60Yt#jy^6fKE#4$h$>FN&fsL zTwUJ(e)`MrpKk7d$#<7`Z)O)4k5kB}SSevXta>k_M!@rs9$hRAm*^Xq(HA14U)@T* z&#{`Vv=d_O0b(s-wKHOCMI-e-N{6DRMW)zR@e!Hg`;lSn``H8_^D7&k02f;|afj-F zJ5=Nj)!ZGr2_&^udICuwfTRhMo|AdD$Q6{?stJ$P0Uj&jv6}O^rgO8+4?M=;fDi2l z3cJHe(331;<#1_c5jCK~9_qo;7=V^~(w;5NG=8elVojsfjz(8x^^9pWsU@c2n5j-S zdo-#J>T%jA(RQTbFzXW0!~9nNpDK}Kk2zYAw2XdG8gMQO^Uek)z#~dv!ICIqL(!ltK z515wVzrh*PjQNi`W(uokOzGeO(^}!z9~p(d5&K43y))P=M@QxBgL3rM(%3u`8LM61 z+7267>xMdbkRYmdxVjeS2vuAx>WQiM`+l6K=Ag#`Ihiw)8jW2n5{=eaY^&*6JLMfZB`-IyNk#?-@iV|=(9lf&JZtaoG6`!m5mj~8A; z>*UA#@Z*P{Zmu(S-rdSc^!(4wN4g}0C;8l8PKxuPb<(%=*^eRJeEf8U6sjSBYJ@gn zY5H<|o3HO_`0n!hXUx92Cht`)uftWlXh1kzay}2ZT?am%I;*iYoFJ?7*;)3g*x8QQ z*`uy=+2QM4`Mm4gCtR({L4Ew7K7OG-d{6{EC<3*1)JHBDErV(4u0xDhPV6^KH1!zqMB!ZD+mK z0N+msB2KPuZa$44Pydar*5jQr?zv&bB zG&F!(JILo|UzGyD7^m_m|N2uUnOsJaqoO2jjsF z?_f|z=qjJSTHp_A=F0iV9@Tujr1?VBokW@kCC&GXx`**1lJ0>W7BqipxppF2OQqLl zLAGsEhj?>)d-EGY;K#o`u()c(Wpi?!|9*e^j=J8R-v9n7Puy7Rgely7xw=1@23Y=h zM62=mft6#7mMxeeTJ%Igd)w9kz6)z~J~2+e|E*uJ*y4|qw^35AE$DN?mHpNjS?PK} zStrH^PVioOJ?eFCJ{Ni`yn!uM&h4IdFK^6q19upG^)l}~ZHq__l#FIG zb{%6V70Dij{h=K_I^3-0JqNUBoja|7cQTGcT6ozm>KOAfK*?Q=Q0K=6N9}GrS$IM; zYK>!*d3#NHtbaNr)ZPotJ;gC3u7}A<&V6(sIVjAXl~W9pM*~AF8uzexJs>8B;d5lW zj{^?Qoy=2{BiH4;#nt{HkmD{6naA`tcz3t$k;=|MOYT7y(|OL3Jep8&h|*(OdHm)5 zOkdiI&4V7`Fo4#6o`m=X@cwWl$LWC#+(u%1rQSM~#1=5+57c^h{_;Fp zy}#OF(&zbx4w%{6RoC7fE$_UJ^4DkkOsl&uIo7u9$KoFG7!8+)G+ZC0;cGXLdr6$!h)wSzkJ8ccmXa^8Df!wx>w3Ys&)J4|&oBC4s7+JiZT~f84bhxxX?Dx70wHD{&{a0P)=7`4uJDD?+F^yf! z?wt0>*bXb(E2m>+JP%O+66HU!C=XquKB3Iv3tzF5icePk^wZ>khUjcdyYp$^a*`$A zIsJULf}0LpC+BjmyE~Kp9pq%ayEvwVta9=_7%Cp?tC0sz6INGUgdgaA8EN@3tRISC zdhAY5t{!!6MT}Uh%&Q@~8d2Bo=0NnJgMn_f5;So*3s|OLYil|MRyCod)kp37X^cMG zy=EYG^ph^8r>gA*A|1%OPCnhX9^>Zf0}WU6v+m27;1RE;delK$yZ)@Z>FZm^odnjk zlo(!g7p65cJbd<8dGxaCbTPA4N484*gy$Z6$z@Kj!KYT)o&)bO$!FhXv+Z~_-Zu{4 zWwY@K10U|7*<-%mD~3C0YMtDl-7m$`La5(*x~Qshc}IMrPuDje=DJgRFF!&LL%ix| z^{*JFUjV-UJnXM;^nHBG`!&m`QfT1+uplJ{Tp-5tqtI-<7*BmZ@qL*4jdo!i>!=zOW&x&i27 zo$tTfJ?-Rdt=G3-3ts@J-~1kTwH&4IdQS=a9KQT~-*%s${4}3S-v}S*q=~uzmiT<0 zBPE*5ySi`tmHfGep^1?1Y z)04Z|0^feIYUrSNCDuG>{oa;rOO@&O?MJ_)dM}Nf6JhrcC;rM=kx$(>DrW?yEbL}*ICM*53T;9w~ZZJ-9;ja*7SVKc!RCAa z@8@yB)Ocg~*2t}y2N)yPI$518`i&Yjw8p+g>@j`tF?yJyhp#GrJ%Og))X=>Ddas*6 zQDd=WejCRpH^;-8n`(q#`=L^m;Luf~2>%LIqDvT%%E`3;z2W3uu}hTttEL4E$}GDSsh`pDEZtmP<#h1=wO<3Y<@V;| zl=oX>`@ucQp{sFEfZR{!_cTIU+XSvFMI#&4}a2UXa%PvJpHm#W+L zOFwpaSZw+v-VP6oF?(xe2YZBC-~L*;3sR0nGtJX;(Bpub%$XL=b*uu{bKvM6rlLK6 zSUi^)Q94g^x5kXc@RHAAkvbbQPh#own6$Pbiuzh#Wo-ZW6*y)$NNv(Jssz1Yn3rDN z5SCn@Tp?TdfK}K1yN7Ba2i0ix=6AleK_`|2vy&KNI`8#_?+TS4sV8DbPwE5oRn?p8 ziQ1MSLTmT^rGs6Qqpz_Uf57B`$pT{i`v!wqO_AC5FB}*@V*yb?$;(oC>dGS= z4H@_K#ni|bPHHgtbCP^L9v~&`CVj2;Jn6q9JMJDt<>s{9+cHRtH_1C09|s%7mL!vHJHjkyq2{1>T=4S6#8J!#O~<>|(zFCl1a|U7(pbI7^Zk z=gb@&jm^C0sM6%DC$c)|;>@a*9qr`?qu;MnvePMfSf}LtA#9JXs_xOqu$_v`n1jfw zogaYWIwxNVZy3DOjvqE(4H$*CGM&fe=+3FWJt5LxjNWBZ*J{vsB(OFNV<}- z*JTgX0B!u*S62+tP3-CC9VzodsP!8c!;HGiS$#DG&{mgDc;Qhxn@rYRD$l&uQlyCP zAf@N=)NSm>Z1hHLb-gkr4ZK`WV@@w7%R);JxSXqoihIqzg(AWAjN zc!4TeT1IQw#xGXs9CdQC34%8=o9qHJ%=-w^g4HF_DzURFb8CYLLW?FUQF3UUGnN~0 zhB4pniSMo|MKLbD(n*GtWMQt@z<`%&aDvk+y;u{h3A$LUutIpxc=E=@E(k!YJmXOVSm`Vu;+CLgcuofo?=2 zONfp)ies0`io~_E5RP(E7NT0)r-6>aD3EJe=H5a}LKcBZaJ?~6g1ZFTJPkDTm}}@~ zk%HS&Oaw=)HLhu5irHI$mh5Suoo1?}Y*Q#j>XLnIG(1}f+(%{_QfG+GU-!8l(U5js@LzW^%m3K<0B4HrzSA|f=slmd4t zigW2ytBsZ~vMZfnn;bzoGM}6+8i5&kCHD>4lBSf%U=4yaG8Q>3HTdBt52{7ibX)^i0DWZ zveF?Ki$ua&nGg&3#<53(wZdlPrb=m+BK#Lpne5<0O;kuX6H*4XadP9T^M3+-CUnZl zdc#4%B$Q3$`t8PP^DIaA2nC4OO|jN_NR1YYFS z1>2Jirvif`(?en`P4?2nf+V@aYw)YT1%BjCMMnhClAB~XgCu2Q(L?D=V9@|SycDCF z#ePdVgi0lF31bMkQBp?5kY;(Gxj^P8v$qxggGdP&?7z8djMMP)SCR7DyG6F^zU;ESC4mbf+Ig+vi9nuf#WDGPz1 zLiQ*H8sm(r)uj1W*lmM?T7%7G@B;i#Nh6Gf=o9h>C$V#AA_Yu}nBR^L1vsb(5seU? z@P8KJ&OAqbM@c4!MIw503g6$J7VS|ivDi?E(8fBC*onZSlJGJLFF*@$BBA($=z))H zN;WB=jEK4j;K*ujMRj6++uY}CM#$=yO7Ex$!8flS%+RTDY zl%N127w(UyOqe7S>i--)nUYCJ%mVX>zbRR3BPBXq_*bG19781tZlUtDLS&>kjS8^; z>@_kcO(_$X>=h|=Fm8+;xWWO$@tR$puIi@1D^UjsTooJX%lA-ogiSj}&)f=HU!U3by zf?gsHAk%afbxg{Z8IRI6>CWX4$@-6?$si#_xe*$My3=V^8m^nH>DM<%-rA%|f(B{+ zXxgN(!6^rt8l=iF78JorG>J~iD3xjxDQ#YhJ}*)0DVBoJxu9fd0_Sj(4N|ON5%oLz z^lQ=Q8l#X7C#F68cZ?{_WQJ6eV8&=+Tl%DXE&8Bvu3?C70y&XZ$VyS+(b+l-*s_Lo z{8O*SKViKRKG=F}ksHqh@@eEIrMOf?Q%@h{t5JslS0ra4Cs8Ew1|d`kaMaER(R9>_ z*P^aC-gw^x@Jw;U5}^&#j5}lt2q;K_N$XzCvlxdQD=1cs%q%i(;fX~Ep=m5rNWJO> z8nDq3vSKbb=8V6X@g|HNR1c zH6=8$rBl8>of*lYryEx0gsi82MyRX;DmBTXE0s=AqSPxAnWzd-3GOD#MuNnGDiYPB zPjrbAYVE4%*H(t&2j%@M(i;Ouf$O6}tcDG_jDpS^6upfv;Au4`O~&M3nNV1fa1wc9 ziWafkN|+NjsI6p_4N~(;D0>5ha#rZ3yrH8S7(E=lEE4Vt;k>{ZR5jK1#gl36kq9Qq zvy>je#AKTzy)P&>BNWn&7dOCY_;|o?z%K1Uut8{KI=MjiiLO9jWq@L!qE6s3Eu{+4 z(!U@a6mgKmK@$g298__T#X%GYJ=_o~x=g@4gL$Br8+pPT?F%npf`}e&J0_zIPr=aT zzjCB$f`SSdz`+3y7H~@SsS0oaNp*_@NC%Kqa5>C#m`CNIW6vfJ%C8;s3|?ClN7pwY zY1jd{<88FaXCNOA0lgN1Dk+h35RrRNr(?D>R_X?B+M3uD2?DVQdi0t^Vx5)9ump_2 zM5(oPjAy2^gRo;`P6ea;CM@>8`}cJSwFT*x$SiBuNTy|Ma^l2P)+C;}1)*Xi$Uffy zu`xn3;WUyI4wjX4ShU;?oU#L72AaIrzhMj^6r9XXvK7wkdiT%0zd;UL(6 zSpBAmj?qRgoQM$-g(<59ED0qym`C(40NjEM6em2AUdz; zrE=koiK%#I81_j*WB=&;Y(zwgADR>#3U+#h$dkxCMTs;}OZm^T&%`oHQAW?xl1M@X c5$G{^!@LsF1T*UGKmK0-AM=QA3KW3=08cl7&;S4c diff --git a/creusot/tests/should_succeed/knapsack.coma b/creusot/tests/should_succeed/knapsack.coma index 304a5777cc..e88ea2726f 100644 --- a/creusot/tests/should_succeed/knapsack.coma +++ b/creusot/tests/should_succeed/knapsack.coma @@ -24,8 +24,8 @@ module M_knapsack__max [#"knapsack.rs" 16 0 16 35] | bb2 = s0 [ s0 = [ &_0 <- a ] s1 | s1 = bb3 ] | bb3 = return' {_0} ] ) [ & _0 : UInt64.t = any_l () | & a : UInt64.t = a | & b : UInt64.t = b | & _5 : bool = any_l () ] - [ return' (result:UInt64.t)-> {[@expl:max ensures] [%#sknapsack1] UInt64.to_uint result - = MinMax.max (UInt64.to_uint a) (UInt64.to_uint b)} + [ return' (result:UInt64.t)-> {[@expl:max ensures] [%#sknapsack1] UInt64.t'int result + = MinMax.max (UInt64.t'int a) (UInt64.t'int b)} (! return' {result}) ] end @@ -68,7 +68,7 @@ module M_knapsack__m [#"knapsack.rs" 35 0 35 57] -> (if i = 0 then [%#sknapsack2] 0 >= 0 else - if UInt64.to_uint (Seq.get items (i - 1)).t_Item__weight'0 > w then + if UInt64.t'int (Seq.get items (i - 1)).t_Item__weight'0 > w then ((([@expl:m requires #0] [%#sknapsack0] 0 <= i - 1 /\ i - 1 <= Seq.length items) && ([@expl:m requires #1] [%#sknapsack1] 0 <= w)) /\ 0 <= ([%#sknapsack3] i) /\ ([%#sknapsack3] i - 1) < ([%#sknapsack3] i)) @@ -79,12 +79,12 @@ module M_knapsack__m [#"knapsack.rs" 35 0 35 57] /\ 0 <= ([%#sknapsack3] i) /\ ([%#sknapsack3] i - 1) < ([%#sknapsack3] i)) /\ (([%#sknapsack2] m'0 items (i - 1) w >= 0) -> ((([@expl:m requires #0] [%#sknapsack0] 0 <= i - 1 /\ i - 1 <= Seq.length items) - && ([@expl:m requires #1] [%#sknapsack1] 0 <= w - UInt64.to_uint (Seq.get items (i - 1)).t_Item__weight'0)) + && ([@expl:m requires #1] [%#sknapsack1] 0 <= w - UInt64.t'int (Seq.get items (i - 1)).t_Item__weight'0)) /\ 0 <= ([%#sknapsack3] i) /\ ([%#sknapsack3] i - 1) < ([%#sknapsack3] i)) - /\ (([%#sknapsack2] m'0 items (i - 1) (w - UInt64.to_uint (Seq.get items (i - 1)).t_Item__weight'0) >= 0) + /\ (([%#sknapsack2] m'0 items (i - 1) (w - UInt64.t'int (Seq.get items (i - 1)).t_Item__weight'0) >= 0) -> ([%#sknapsack2] MinMax.max (m'0 items (i - 1) w) (m'0 items (i - 1) (w - - UInt64.to_uint (Seq.get items (i - 1)).t_Item__weight'0) - + UInt64.to_uint (Seq.get items (i - 1)).t_Item__value'0) + - UInt64.t'int (Seq.get items (i - 1)).t_Item__weight'0) + + UInt64.t'int (Seq.get items (i - 1)).t_Item__value'0) >= 0))) ) @@ -190,7 +190,7 @@ module M_knapsack__knapsack01_dyn [#"knapsack.rs" 49 0 49 91] function view'1 (self : t_Vec'0) : Seq.seq UInt64.t - axiom view'1_spec : forall self : t_Vec'0 . [%#svec33] Seq.length (view'1 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) + axiom view'1_spec : forall self : t_Vec'0 . [%#svec33] Seq.length (view'1 self) <= UInt64.t'int (v_MAX'0 : UInt64.t) use seq.Seq @@ -200,8 +200,8 @@ module M_knapsack__knapsack01_dyn [#"knapsack.rs" 49 0 49 91] let rec from_elem'0 (elem:UInt64.t) (n:UInt64.t) (return' (ret:t_Vec'0))= {[@expl:from_elem 'elem' type invariant] inv'2 elem} any [ return' (result:t_Vec'0)-> {inv'3 result} - {[%#svec28] Seq.length (view'1 result) = UInt64.to_uint n} - {[%#svec29] forall i : int . 0 <= i /\ i < UInt64.to_uint n -> index_logic'2 result i = elem} + {[%#svec28] Seq.length (view'1 result) = UInt64.t'int n} + {[%#svec29] forall i : int . 0 <= i /\ i < UInt64.t'int n -> index_logic'2 result i = elem} (! return' {result}) ] @@ -230,7 +230,7 @@ module M_knapsack__knapsack01_dyn [#"knapsack.rs" 49 0 49 91] function view'3 (self : t_Vec'3) : Seq.seq (t_Item'0) - axiom view'3_spec : forall self : t_Vec'3 . [%#svec33] Seq.length (view'3 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) + axiom view'3_spec : forall self : t_Vec'3 . [%#svec33] Seq.length (view'3 self) <= UInt64.t'int (v_MAX'0 : UInt64.t) use seq.Seq @@ -276,7 +276,7 @@ module M_knapsack__knapsack01_dyn [#"knapsack.rs" 49 0 49 91] let rec len'0 (self:t_Vec'3) (return' (ret:UInt64.t))= {[@expl:len 'self' type invariant] inv'1 self} any - [ return' (result:UInt64.t)-> {[%#svec30] UInt64.to_uint result = Seq.length (view'0 self)} (! return' {result}) ] + [ return' (result:UInt64.t)-> {[%#svec30] UInt64.t'int result = Seq.length (view'0 self)} (! return' {result}) ] type t_NonNull'1 = @@ -301,7 +301,7 @@ module M_knapsack__knapsack01_dyn [#"knapsack.rs" 49 0 49 91] function view'2 (self : t_Vec'1) : Seq.seq (t_Vec'0) - axiom view'2_spec : forall self : t_Vec'1 . [%#svec33] Seq.length (view'2 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) + axiom view'2_spec : forall self : t_Vec'1 . [%#svec33] Seq.length (view'2 self) <= UInt64.t'int (v_MAX'0 : UInt64.t) use seq.Seq @@ -311,8 +311,8 @@ module M_knapsack__knapsack01_dyn [#"knapsack.rs" 49 0 49 91] let rec from_elem'1 (elem:t_Vec'0) (n:UInt64.t) (return' (ret:t_Vec'1))= {[@expl:from_elem 'elem' type invariant] inv'3 elem} any [ return' (result:t_Vec'1)-> {inv'4 result} - {[%#svec28] Seq.length (view'2 result) = UInt64.to_uint n} - {[%#svec29] forall i : int . 0 <= i /\ i < UInt64.to_uint n -> index_logic'0 result i = elem} + {[%#svec28] Seq.length (view'2 result) = UInt64.t'int n} + {[%#svec29] forall i : int . 0 <= i /\ i < UInt64.t'int n -> index_logic'0 result i = elem} (! return' {result}) ] @@ -329,11 +329,11 @@ module M_knapsack__knapsack01_dyn [#"knapsack.rs" 49 0 49 91] = ([%#sknapsack38] if i = 0 then 0 else - if UInt64.to_uint (Seq.get items (i - 1)).t_Item__weight'0 > w then + if UInt64.t'int (Seq.get items (i - 1)).t_Item__weight'0 > w then m'0 items (i - 1) w else - MinMax.max (m'0 items (i - 1) w) (m'0 items (i - 1) (w - UInt64.to_uint (Seq.get items (i - 1)).t_Item__weight'0) - + UInt64.to_uint (Seq.get items (i - 1)).t_Item__value'0) + MinMax.max (m'0 items (i - 1) w) (m'0 items (i - 1) (w - UInt64.t'int (Seq.get items (i - 1)).t_Item__weight'0) + + UInt64.t'int (Seq.get items (i - 1)).t_Item__value'0) ) @@ -341,7 +341,7 @@ module M_knapsack__knapsack01_dyn [#"knapsack.rs" 49 0 49 91] /\ i <= Seq.length items) -> ([%#sknapsack35] 0 <= w) -> ([%#sknapsack36] m'0 items i w >= 0) predicate in_bounds'0 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq (t_Item'0)) = - [%#sslice50] UInt64.to_uint self < Seq.length seq + [%#sslice50] UInt64.t'int self < Seq.length seq predicate invariant'2 (self : t_Item'0) = [%#sinvariant56] inv'15 self @@ -351,7 +351,7 @@ module M_knapsack__knapsack01_dyn [#"knapsack.rs" 49 0 49 91] axiom inv_axiom'5 [@rewrite] : forall x : t_Item'0 [inv'5 x] . inv'5 x = invariant'2 x predicate has_value'0 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq (t_Item'0)) (out : t_Item'0) = - [%#sslice51] Seq.get seq (UInt64.to_uint self) = out + [%#sslice51] Seq.get seq (UInt64.t'int self) = out let rec index'0 (self:t_Vec'3) (index:UInt64.t) (return' (ret:t_Item'0))= {[@expl:index 'self' type invariant] inv'1 self} {[@expl:index 'index' type invariant] inv'2 index} @@ -370,14 +370,14 @@ module M_knapsack__knapsack01_dyn [#"knapsack.rs" 49 0 49 91] [%#smodel31] view'2 self predicate in_bounds'1 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq (t_Vec'0)) = - [%#sslice50] UInt64.to_uint self < Seq.length seq + [%#sslice50] UInt64.t'int self < Seq.length seq predicate inv'7 (_1 : t_Vec'0) axiom inv_axiom'7 [@rewrite] : forall x : t_Vec'0 [inv'7 x] . inv'7 x = true predicate has_value'1 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq (t_Vec'0)) (out : t_Vec'0) = - [%#sslice51] Seq.get seq (UInt64.to_uint self) = out + [%#sslice51] Seq.get seq (UInt64.t'int self) = out let rec index'1 (self:t_Vec'1) (index:UInt64.t) (return' (ret:t_Vec'0))= {[@expl:index 'self' type invariant] inv'6 self} {[@expl:index 'index' type invariant] inv'2 index} @@ -392,14 +392,14 @@ module M_knapsack__knapsack01_dyn [#"knapsack.rs" 49 0 49 91] [%#smodel31] view'1 self predicate in_bounds'2 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq UInt64.t) = - [%#sslice50] UInt64.to_uint self < Seq.length seq + [%#sslice50] UInt64.t'int self < Seq.length seq predicate inv'8 (_1 : UInt64.t) axiom inv_axiom'8 [@rewrite] : forall x : UInt64.t [inv'8 x] . inv'8 x = true predicate has_value'2 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq UInt64.t) (out : UInt64.t) = - [%#sslice51] Seq.get seq (UInt64.to_uint self) = out + [%#sslice51] Seq.get seq (UInt64.t'int self) = out let rec index'2 (self:t_Vec'0) (index:UInt64.t) (return' (ret:UInt64.t))= {[@expl:index 'self' type invariant] inv'7 self} {[@expl:index 'index' type invariant] inv'2 index} @@ -412,8 +412,7 @@ module M_knapsack__knapsack01_dyn [#"knapsack.rs" 49 0 49 91] let rec max'0 (a:UInt64.t) (b:UInt64.t) (return' (ret:UInt64.t))= {[@expl:max requires] [%#sknapsack41] true} any - [ return' (result:UInt64.t)-> {[%#sknapsack42] UInt64.to_uint result - = MinMax.max (UInt64.to_uint a) (UInt64.to_uint b)} + [ return' (result:UInt64.t)-> {[%#sknapsack42] UInt64.t'int result = MinMax.max (UInt64.t'int a) (UInt64.t'int b)} (! return' {result}) ] @@ -430,7 +429,7 @@ module M_knapsack__knapsack01_dyn [#"knapsack.rs" 49 0 49 91] predicate resolve_elswhere'0 [@inline:trivial] (self : UInt64.t) (old' : Seq.seq (t_Vec'0)) (fin : Seq.seq (t_Vec'0)) = - [%#sslice53] forall i : int . 0 <= i /\ i <> UInt64.to_uint self /\ i < Seq.length old' + [%#sslice53] forall i : int . 0 <= i /\ i <> UInt64.t'int self /\ i < Seq.length old' -> Seq.get old' i = Seq.get fin i let rec index_mut'0 (self:borrowed (t_Vec'1)) (index:UInt64.t) (return' (ret:borrowed (t_Vec'0)))= {[@expl:index_mut 'self' type invariant] inv'9 self} @@ -453,7 +452,7 @@ module M_knapsack__knapsack01_dyn [#"knapsack.rs" 49 0 49 91] axiom inv_axiom'11 [@rewrite] : forall x : borrowed UInt64.t [inv'11 x] . inv'11 x = true predicate resolve_elswhere'1 [@inline:trivial] (self : UInt64.t) (old' : Seq.seq UInt64.t) (fin : Seq.seq UInt64.t) = - [%#sslice53] forall i : int . 0 <= i /\ i <> UInt64.to_uint self /\ i < Seq.length old' + [%#sslice53] forall i : int . 0 <= i /\ i <> UInt64.t'int self /\ i < Seq.length old' -> Seq.get old' i = Seq.get fin i let rec index_mut'1 (self:borrowed (t_Vec'0)) (index:UInt64.t) (return' (ret:borrowed UInt64.t))= {[@expl:index_mut 'self' type invariant] inv'10 self} @@ -498,7 +497,7 @@ module M_knapsack__knapsack01_dyn [#"knapsack.rs" 49 0 49 91] function view'8 (self : t_Vec'2) : Seq.seq (t_Item'0) - axiom view'8_spec : forall self : t_Vec'2 . [%#svec33] Seq.length (view'8 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) + axiom view'8_spec : forall self : t_Vec'2 . [%#svec33] Seq.length (view'8 self) <= UInt64.t'int (v_MAX'0 : UInt64.t) use seq.Seq @@ -552,9 +551,9 @@ module M_knapsack__knapsack01_dyn [#"knapsack.rs" 49 0 49 91] let rec knapsack01_dyn'0 (items:t_Vec'3) (max_weight:UInt64.t) (return' (ret:t_Vec'2))= {[@expl:knapsack01_dyn 'items' type invariant] [%#sknapsack23] inv'1 items} {[@expl:knapsack01_dyn requires #0] [%#sknapsack24] Seq.length (view'0 items) < 10000000} - {[@expl:knapsack01_dyn requires #1] [%#sknapsack25] UInt64.to_uint max_weight < 10000000} + {[@expl:knapsack01_dyn requires #1] [%#sknapsack25] UInt64.t'int max_weight < 10000000} {[@expl:knapsack01_dyn requires #2] [%#sknapsack26] forall i : int . 0 <= i /\ i < Seq.length (view'0 items) - -> UInt64.to_uint (index_logic'1 items i).t_Item__value'0 <= 10000000} + -> UInt64.t'int (index_logic'1 items i).t_Item__value'0 <= 10000000} (! bb0 [ bb0 = s0 [ s0 = UInt64.add {max_weight} {[%#sknapsack0] (1 : UInt64.t)} (fun (_ret':UInt64.t) -> [ &_8 <- _ret' ] s1) @@ -575,13 +574,13 @@ module M_knapsack__knapsack01_dyn [#"knapsack.rs" 49 0 49 91] | bb8 = bb8 [ bb8 = {[@expl:loop invariant #0] [%#sknapsack7] Seq.length (view'0 items) + 1 = Seq.length (view'2 best_value)} {[@expl:loop invariant #1] [%#sknapsack6] forall i : int . 0 <= i /\ i < Seq.length (view'2 best_value) - -> UInt64.to_uint max_weight + 1 = Seq.length (view'1 (index_logic'0 best_value i))} + -> UInt64.t'int max_weight + 1 = Seq.length (view'1 (index_logic'0 best_value i))} {[@expl:loop invariant #2] [%#sknapsack5] forall ii : int, ww : int . 0 <= ii - /\ ii <= UInt64.to_uint i /\ 0 <= ww /\ ww <= UInt64.to_uint max_weight - -> UInt64.to_uint (Seq.get (view'1 (index_logic'0 best_value ii)) ww) = m'0 (view'0 items) ii ww} + /\ ii <= UInt64.t'int i /\ 0 <= ww /\ ww <= UInt64.t'int max_weight + -> UInt64.t'int (Seq.get (view'1 (index_logic'0 best_value ii)) ww) = m'0 (view'0 items) ii ww} {[@expl:loop invariant #3] [%#sknapsack4] forall ii : int, ww : int . 0 <= ii - /\ ii <= Seq.length (view'0 items) /\ 0 <= ww /\ ww <= UInt64.to_uint max_weight - -> UInt64.to_uint (Seq.get (view'1 (index_logic'0 best_value ii)) ww) <= 10000000 * ii} + /\ ii <= Seq.length (view'0 items) /\ 0 <= ww /\ ww <= UInt64.t'int max_weight + -> UInt64.t'int (Seq.get (view'1 (index_logic'0 best_value ii)) ww) <= 10000000 * ii} (! s0) [ s0 = bb9 ] [ bb9 = s0 [ s0 = len'0 {items} (fun (_ret':UInt64.t) -> [ &_22 <- _ret' ] s1) | s1 = bb10 ] | bb10 = s0 @@ -599,16 +598,16 @@ module M_knapsack__knapsack01_dyn [#"knapsack.rs" 49 0 49 91] [ bb18 = {[@expl:loop invariant #0] [%#sknapsack13] Seq.length (view'0 items) + 1 = Seq.length (view'2 best_value)} {[@expl:loop invariant #1] [%#sknapsack12] forall i : int . 0 <= i /\ i < Seq.length (view'2 best_value) - -> UInt64.to_uint max_weight + 1 = Seq.length (view'1 (index_logic'0 best_value i))} + -> UInt64.t'int max_weight + 1 = Seq.length (view'1 (index_logic'0 best_value i))} {[@expl:loop invariant #2] [%#sknapsack11] forall ii : int, ww : int . 0 <= ii - /\ ii <= UInt64.to_uint i /\ 0 <= ww /\ ww <= UInt64.to_uint max_weight - -> UInt64.to_uint (Seq.get (view'1 (index_logic'0 best_value ii)) ww) = m'0 (view'0 items) ii ww} - {[@expl:loop invariant #3] [%#sknapsack10] forall ww : int . 0 <= ww /\ ww <= UInt64.to_uint w - 1 - -> UInt64.to_uint (Seq.get (view'1 (index_logic'0 best_value (UInt64.to_uint i + 1))) ww) - = m'0 (view'0 items) (UInt64.to_uint i + 1) ww} + /\ ii <= UInt64.t'int i /\ 0 <= ww /\ ww <= UInt64.t'int max_weight + -> UInt64.t'int (Seq.get (view'1 (index_logic'0 best_value ii)) ww) = m'0 (view'0 items) ii ww} + {[@expl:loop invariant #3] [%#sknapsack10] forall ww : int . 0 <= ww /\ ww <= UInt64.t'int w - 1 + -> UInt64.t'int (Seq.get (view'1 (index_logic'0 best_value (UInt64.t'int i + 1))) ww) + = m'0 (view'0 items) (UInt64.t'int i + 1) ww} {[@expl:loop invariant #4] [%#sknapsack9] forall ii : int, ww : int . 0 <= ii - /\ ii <= Seq.length (view'0 items) /\ 0 <= ww /\ ww <= UInt64.to_uint max_weight - -> UInt64.to_uint (Seq.get (view'1 (index_logic'0 best_value ii)) ww) <= 10000000 * ii} + /\ ii <= Seq.length (view'0 items) /\ 0 <= ww /\ ww <= UInt64.t'int max_weight + -> UInt64.t'int (Seq.get (view'1 (index_logic'0 best_value ii)) ww) <= 10000000 * ii} (! s0) [ s0 = bb19 ] [ bb19 = s0 [ s0 = UInt64.le {w} {max_weight} (fun (_ret':bool) -> [ &_35 <- _ret' ] s1) @@ -677,8 +676,8 @@ module M_knapsack__knapsack01_dyn [#"knapsack.rs" 49 0 49 91] | bb38 = bb39 | bb39 = bb39 [ bb39 = {[@expl:loop invariant #0] [%#sknapsack19] inv'0 result} - {[@expl:loop invariant #1] [%#sknapsack18] UInt64.to_uint j <= Seq.length (view'0 items)} - {[@expl:loop invariant #2] [%#sknapsack17] UInt64.to_uint left_weight <= UInt64.to_uint max_weight} + {[@expl:loop invariant #1] [%#sknapsack18] UInt64.t'int j <= Seq.length (view'0 items)} + {[@expl:loop invariant #2] [%#sknapsack17] UInt64.t'int left_weight <= UInt64.t'int max_weight} (! s0) [ s0 = bb40 ] [ bb40 = s0 [ s0 = UInt64.lt {[%#sknapsack20] (0 : UInt64.t)} {j} (fun (_ret':bool) -> [ &_89 <- _ret' ] s1) diff --git a/creusot/tests/should_succeed/knapsack/why3session.xml b/creusot/tests/should_succeed/knapsack/why3session.xml index 64f6f0354b..0251971ca6 100644 --- a/creusot/tests/should_succeed/knapsack/why3session.xml +++ b/creusot/tests/should_succeed/knapsack/why3session.xml @@ -2,291 +2,302 @@ - - - - + - + - - + + - + - + - - + + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - - + + - + - + - + - - + + - + - + - + - + - + - + - - + + - + - + - + - + - + - + - - + + - + - + - + - + + + + + + + + - - - - + + + + + + + + + + + - + - + - + - + - + - + - + - + - + - + - - + + - + - + - + - - + + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - - + + - + - + - + diff --git a/creusot/tests/should_succeed/knapsack/why3shapes.gz b/creusot/tests/should_succeed/knapsack/why3shapes.gz index ef45bd68de2e8ef4984302ff7c2c63fb4919c53c..b3a71a977b4beab3b684cce9ceefc4fa75e70e84 100644 GIT binary patch literal 5705 zcmV-P7PjdhiwFP!00000|Lr{4ZX8FF@BI}G>;relFc6U$c`Zf*a2IG4A9m(t(AYO3 zPpfT8lts#%*{|QoI=ZU*Qj@kkYRa-(%+898DLLK z-v4qX*034|!<<~>Y8WgksvglVoBVWzY?U2Tzuf-M_5WVMY7a!N`_E0=pZAXJ<7+$QlqdmdJ8uujktzE1uDds`*>Ftj$Px)-iqf=7`yC-lzPJ+q?T8HgO=emSVe-jex%% zqTE}96s)~ZciH=tYAF0K-U>b8VLKPwfPDLjnYi^2-Q3@p>F@dgy0eC7>QQ;Rzx{Ck zlt11+Z2m7VSY?lI-{r?mT;6loFL(D(ZNTpkR1T)XpG4g$S43EpkN59x^Id+oysCd+ zEg%2+AuqQZ)B#HWF+Xq~P|3}lYd_y>cbA0s_G!C2IBw4Xe)ir>798G~*(UVR(;e7F&}o(Wd9kb3K~G|$oh{Z~rNRKb zmIK08wRC9lpjT=g{db4Y)L~v0clY-nM(r>Etvy#YM%Tl)IkKpwvVSsntmvRTjChwM z{u+F1sanOT!>kUfQL90&P3t%~0=D$xAn(&tJOA{w$H!=qHQzZc+omF@8Q4_!-SnQ= z;(Wwwsn^o%A?~Kzm?q60--GCFjAPJ2;9*{`22C71VSj$6)PLIg*Q(=PVdeRj8S=wp z=gMDX7vu6{rZGZHt>d%eP7(iR+c9L~+wFJ;6Lu}#MD0A$(RN2^yN34c_|u!L4;M^n3w_O=t_(1Cq|4zZmzL%uiJG0^zuz-bhIWl4FyCUesxrA z)rn0fLIF|FNax+3_A8Ih(`SA(pZm)Ix>wov{&tJ=XV!5yr`k3niJF7i{;Qed-v=I{rcBwhnX*-f zbx)3I@o%+3vb(9rfG1_p!>4cpYqjLFaduiejc~5g&k&!f(9ZSk=K6jXrV$0(IUX!I z-8iw^h!}95Q;51e^F%bqA z%WRI%19sc%*^qiejZo6}J zc-SVYk&)YSOYSVpIAX@@eJ6k5G;Yps{cO%``fR4{p3P39$N6yo@gpxySMPqBabGs? z{U&u)$?dyOkEiRNp3oHhvlS3-*=v=j&u3*`Bq59;YPu=U!tUdzk00~ak)1*%+9maK zH$wB^{_dB2o9`Z;-sX?>bUcs#h0#;D0nc3|ojba=~0L)9U z)E@uIOySvBcVG@<#ct(vZ_I(c!IyI}A+z6dZWm0aUZA_4*{k{HRrfxVigy|JBxDw* zi}rM(C#&>9|MPUd|9Lvo|2$3o&(p;JoLj%ON8&(7qdzLouIJh_^0HEpm##^-C7|Bt zW+*xIIaOE7#mWA}HguekHMdaP;B+K6@1xj=*`0;iEyf`Ik}R|j^@|th7mM=}n8i8C z&|;E3E#`^UVv=($Cb`(+tnBT)EnkyalRZ%7*Xgd@wMWZc+m*X!x5_uWjilk+oz+gN zhWOk*(l*mQ$AE|yV=jHnG`pmGF(&SdNj|@r5d#{K$EG#>Nj2O4^Mrx!h>yw7W}{bns`{4HHcFUyWYdA3+P zR@~js-2^x^^u7G8dDfl$cy#c{t@{{-I6)qx5aKK~sSn$DgSdMse(X+sOBjw_ zgx9O@TQj=@XXxq8_u+G0rsujldG?^{>Vcee5VzNxyDSeaArYsqpq#!bd$VUu2X2|C zRB5v4$Il?W%jNMn)c%bKcSD)`c`02g>@ZjT5fVb(N@0Z=Py|T1+8-I*A zZ7cpbGl)rR;>Y$i%>z(lNASmp^UJk#SLG+x&U?^eYGd<4cWQjI&Z(LAV0V(2oojvg0sCn-O=Y6L$^7B`orI;pdSapQu&jwUg5mgjE~!Fc%Cowld%uiF`W0%|%j zqz;2?7!+{CneQO#98g;tcJJ%WD&nCs>Dwe9K0UlW(%0%9b=o=bc31C3E1rk<_p$r# zPSBbhUG_9HcXzm;&{J15gFo5w)H}ZF97>}zdlsG94xL5kfM=iJs9D(V()Ccgad5xh zfi}BFv6kYxf0a|Io0%St;T|M!pC1-@U7NkUX-7~@w&^sIo2}U}cgL(|O^Tncm0l0s zX0;v7ZFviMvlV$YNKaMzwW9uxU{G7j-wTwvMc4h>#b4_eTr2tWNaSYp4g737nu4ru zrVgj_()pRS5)63Lzg?_kE5+8K&EPtQ>RjJg=ee6*Z`sMxxl2x}T95&FhWilo^%%q3 zC*60=PmXfWn#V2oc$|AUz&+d?3TQ3mxeTzC0d{0Kw&r>sd;8~8d3NLbfa1H^xiOOn ze|tIuC~1??2C@vel(Lbck=RIRglmNT zO~_J^(jk_NB}rz$n-q+Z1-((|j9*IKNYzOC%_)0jJtVR=N+?MQRL;eadFNzMR>dVj zB_&-W`ET<@SPWglcvma{0ip%s@Ro6Du#z&+XxHd}8Jh~DWoOEN z0woPflA@B8awURv36@4SMtlvN5=qQ~qfL^`XL6o{fGk#rpo23cmqs;)z7l2~`eZ<} z3o_YQ%N|-64y%gKrd$5{{51gE-73ypD& z`HHyqWCiAgg7Y)d907wWx+sX80eOwFdQvNUFJ(pbQWn1+_E9MjgA-n-6bf6gq?p-r zWy@y|W2sKoGUKXc|LfvC`lySIxkP7^OyGS14bC`7vKZ7$%kXvqJMR6wFnV-5y*|Z=q+882F9D-y?WCC(gZG-@m<>2)Y7#-+~lC5xUVn``Y zvMuiu2O{tpGa$rZ1&o<(V?z=1+t>bu{u&N_98^0kWz*qbJp34Ox@AM*CQ_l zr=3EXw9&yt&Gi5m0iX;2p$OQWQ^r#fRZJHyujlO*wLXwi5Ghl@^2tr1-a%*+?KWyM zy02cCq%Awu5WrYcQCLZY97nk7SDf`^F%6TKAWsO1Q)^SAb&1`m5e6N{e($xk;Ii3` zi zT!dgsMB|+I$fatk7azm|$x^t;TwrqRK9KN(HfiiqZi) zc}w6~B3>@!Wl7~zL|ZV*Yyx;~v*q+rb19A*y~e;&F%qV6agr6`sTv6I|R$1NQrAsQ& zu-9i10K6=|WQ&$vi?o!%S&yBiO8GjZ%^U&oJ3Nr08VF0;P6OFak|;Q?0{62AYQQ&97yjh`l7vx zfeZZ-6=!!j)K`Ht)eA$UiiGNw;j7n2f(SZCLzF`x!3iJ)imqf=Vi85xt4Jg>yNg8T z@6{_tX-NW#)0yLTc9|6UsD%(LfyLCmNrKE6>h_uw^*5pyCrZdRdt}`RBdkqarwU2v z$av1Pzl2^|l)P5+bIsqYO)7rQMv0Y%;`OR;)hLFoXIRxS!&0?hdl9XgThQmrbF6~rB!FZ9A)OV(NdX^WQKCsGlmDU$`bG}4 zvQ@h=lIHYE5PM9huWBUECA?8szNn60>&cEXMQK!4HV7-U%z=$IP;xApE2OqfovK{R zSS_QqjMwf7gq8_e2Iss6Ez`2_uaZg-LQFvsg-~xJ*xlDxe>p34o?Vx%$$90tqP-}= zIG8!h-njl6fwS2Z2->2l?~oM0=-PyvxyEW>7b+uyEzM{is-oH{!XwXhK0rh;7( z&FpvQ99fEb(5obuD6Qb?Sz}P5zOF9{xhOe7aneODs7r=6O<@Nz^J?r(E>>V$FPX9- zuS#M0_-IP3M-%v*Dh;ZCTU!8Ag!+?d)?30Ijs-9mP=7KXz>GlUq_R@2gPCz(=Cv84 znSzu=AaqKsYL!w65DS1$Q4HMkTEUA6zg9s)c4U?D%5njwi*~h#L6KCXqBW%IBC7=Y z5`;+v$pUa3^T7Zismx9vxVFlUPlT*)kxR|X5r~6T67|=aR7fJ~ARTf{CaqNDz)Y_C zK*7r|N+?B=H}M5zJ_Qv+i2jWaoS?Y?xYc94n&A$*E-jJ1wH#$6T_U z9HlIBd^TMAYQrf=QYiRbDy^br|5-1pg%GboR+n^i2^Bv~N!c z@rva29O$sbL^5*p(>jNc>KndnzabUd9aN@L$y7R*E^x6@L4D_fMJ>rtK`B*#TUr3P^ee@G7~6~9Vo79OL5%^cCSzH%vF@mj(4{N$2qGe!8Kzc zuRT+AzCF&B;%gM14W08@2PM~EgYj(bzUJ%MJC_TV_SIS;>qm4yUz6}wPz<%kLO$0% zBI#_hHHtWNMM|nQ`Rd$Ws{)9VW%Q7oHWGA*6r!s+m}WZw=XGcL^tzScf+M4&;aW}w z2sU#0z{c-085_~Mt+$s!BTFWP; z0d3(-05G#)(ko5{qsLH)^M8k9wD?98!ZPbpQj8IZHBy4F{RxjH=@4S-5~teb`<9df zEL{Rp95_^cJwXQpN)?h^DWbHl>lQM8s$}Xgqvf;aeJTpQB2QWe=gG$6!%`?FM@(<)m%dR=880mt zz=T-uSd>+(Ab;+_;0SHwXl{5iOWgbHSbmZh(DB- zB^V~>W4)kf$D|7Kku<2Z6UqtS<^=Vl=nsXpnPriMBVWy!R47RqP7EL+PnjsW{@CUS ve<*G8HVErSa(+-hrv4T+D3eH8n{`g?_uHI7sXr9AtGNFMB)lnr`G^1j*-bqc literal 5113 zcmV~$Q0|ShU$HE@KSU^ZW?C#4Vv2Q}~ z>aJ-YZArFf{{4b^RApVV%fs&)&1tGT)sWUEh><*ZM-&3G`O~dQkU5Zzqv@bNS|`yt}--E$d%? zy*W4fOS##h-J|=gZ$FhovSi*23VeM-$-LH=6WjW=zI>I;=KTOMjboDXw!Hu4=GXD# zM$kIJQB7~}YX9~gQcno|QH|ZZ|8DhfuaZedU+KE3^YWFhkI7xXnVLVl`KasnpU<&3 z7jt2*qaH5i!dVkF3HrP)x98B~tkvhs|9t(w=jP&ohI%@n`Hw*&*j^?y=jQy~Z++kQ zJhlqb^Tnog)=GM{*7rB(zV{PJ=>5f}v?OtTm`HpdE;gkliS%G58t!32JrtKz&;v|V zJxpe3rP(&z172)O2gtF9L+CpAM&H_!9_)HO58)nIU-Tdeda&aN-d44jy~_a>q^F1P zg6N>ZJKbxCv^iEQo6&uGu&vO8OyGOq*V7ldIGYAT53UE_L)fx~kYXb1&E)r@m>Wxz_bK^-U|ywZ2EX*p%kl(BtH7tu)ty=}|7W#Z5i*XfL+K zgMRlty2F0o09N8TK{^e##EEwZ2kVG{8Fw~A3m3>`u4-^cDB~5a{cM;&E4!{_)F%j zUVV6XS>Bd+tMm5%`ReAMzn9g_O>xt562ioPBEkGA% zZ_E4D`E_|)4|Umtc+{3hEjZI}@$ZSEyJ&~VH`VjL31)1(Cve{eW~S?DmIZ?)_8DhW z@DN1*dfZo!t8n)A!-wCu23!5h;I3^7Y)-vC!8EjT#N+pR`Y0G(AG8VIB(NtLtRlyi zosAD=zh=m{x5J0q+e1wjz2DXpcjH?(5p9{X?0~WQ06IQEa!E^@OyuWLL@fQb?Pfj?>2E`uv$D6Z3 z?Nc#&m{@c@6AiCpR8x#@E$%iwGG3LBpVn99dK4&A>-J24)$8qqyE`a1G-G6dA?W=$ zKO9>4Mpx!xHe~Z9S7vju8|PX`e~3%n9mpOwN*H>^!%;F+4{pkM(oGo$H)Yr#B@7pH zz<#lbYCALaeNb*XW7r@b!MjKB4dQ#IyT$iRqcvy;(TtZK8Wrvpk@;&P@;Cc2eA$s< z>B$d)4L{J|9;C-N_rBhKL+?Y++_Nkv1?I5@IgMUM^nAypz`Uc%k@eEYo3lIi%~RCf z@PE`-Q=J>~d1s5?L;i0J>2}xuwi5!(VV(CWKA*cul3&gP#~HSiYy??s-;pbsd7)P#{A2?O?h!(`%^|fn7siW#66l~X5F>OM&J(CDO0quOw0c) zO>>HCL4I;S2Dq>BJh3m}?z_^Z#r8l;IbTX>&s28pnaa|hsSNEI%N*J>l~FIr4@C-d zGviO0lG;ao;F5V{9L+Kmzu4`U%&#YB8H&5O{(I1e+q2b;Cyb|*+jzny`9;os067;$ zmUJT99%$ye+xWZio7rar3|4m=1BhETV(|eUc^}J3*jTO=kM~LIWDXmZINVDzY$e0% zV`1vRaW~t{!xVx)PBo<4G=8|c`fywF`MckCbg1k1y3XU8_wwDRo4Z%lbF5mBe{p@i z3525w?EO{QU4n0hbl8n@50b9w)74eknCvc5IIy(m?UwqgTz`1`xm=dF*SEixtF5=* zxBac?!#vK=)}rQ%rkd@tB-;bnNTE&dm+QQoH4Y{s_cc;lX7=dh^Yvo)XikWQk#*TS zjq;#-;Oq5Rv~!qs92k~WUtzvU+4J50Yr%9Emaa1#VmyZ(wgYp71zR{8N^Vbw5`a@= z_gmQy?tNtMJGuSCSNem)f8{QruHW};huwia)Ms9V+Iy|W2R*)VBRlBhdiFw( zQ~T3vYCo>2H}mIaN8t{3u$%t8-$u5<`w=_XeYrh{FKu4NQ!5U~pv-u~{q`{1PTSqO zE*1@VB9(ubg}Oxicrz!3);D+NgWBi2H#T)xQKH$dE^(APF0`g~z(L0B=tO^KuIbx% z*xw=B1gFN~kzKmo&o@ojAG&A$erYH8zN2=+vp04h4(+5*`+J6@NC0m zHWIg)7}?9j%%SbK_xk&_rr!))=6}9ljUSI3yY5OklDYW%>BWpaPPN?8*xdtxneVV; z=lp`(jr+$Kwv;FH5B9Xu{w~`6^wk~PE#4#BW{d9H`z*P3*Za71gWZk9(m!^RF<~!* zv$v!_&37zWwNcf631G`F9U?r!b|N2jQm{}T4XjI(XOO-h**3)psV*bTpw`+RB*VFYP zac^|V|6;>)@{U?B=Hm4c8{N(FX456TxKlmSv-IM6@x7SW)9tXiwCg7u$~PMz7c(Z7 zb`w|Zltf(E!9LhN8(Gt}-i_SFsOg0^C294&P%rXvOMLNWIhvau;~?&Z8_RTyO=M}; zJ-XM^ZBDjRLa!HIN*y*lW8CS9hmSMaj?`VcjnpZxXnW$5x?(T1(Unf?ibr(CU0ns1 zy5dGx+|zYQH%pyUnxn4UPS_?C`b~N`!H%mQBUmbCHpXc_FnI0kggc7u((M}&dcuWb zyc|{TxMIf$nzON=oOtPt?DsF3pPdn^&ozKn4d~RGoNHz^E*oGZw}Q@`Wg7*Of^nX$ zI`-fcDTh#5b1i8F9iDLw1~vI)OF{27M^l^>2b_|rz>NsGL)W40P`Xy84zWY%&~y+w z@Ey1gYzNW-cR(Fr2hf4(Lgzcz*-kp{=*(sy?==Hi78x;#a{^Hv+aiTICj`tP z1`g_mE^r;wk5(ia)KF29MI>i~k>be~i3*l;NGtXoyN+$g(lP%58VS4VooMjZDD+!(WPFyFp6X}FIp+8th zsyW7-Q4=QPif57>I5}4VD}}hS)LEQ#w9s_4=8soX+4!ol2qGC2O@f6>2y6-wr#eLf z>pE*YE1l&(Qo9nXxF7|XO;xg4Vx$7u6bc$qS8miUboNiv(FF|@qe=o_z$f%I7?X=v zZ_smGIqV$#>1uLyXro~+b*bfF}2o})?8I2_z5bYO5s;<_Q5(b{q|JG$4gdl8}P}+#|CaR3ap)yk_TF~f_-vHAP*$#|6A!L~iCq*cUVsRST#vlQNykO0S z+o&25`6r0ZdB7APh2og1Fmn}G$P@WgOO!F9hbN2>6DJ?BYPL4yqCVx!q=6U#)#DK6 z!8~!4tm-A28cCH5$KW}tFQM4j`WJ`s*VqSsc%mo)v-*;KsNSUHb2N%5wJ1|?5@DX< zfFCb}*w#x~lB-FqO7ZF#W3nct>PQxI+9O60Tz1J)OZ+(X(Ew`+VAW+#MuXd(#U3#b zQH7K>6F@tpDQrBO2*yQ=KoWMB=8qXkDb8#34pIg**-MqEUb#YHYtYvP)`M+}5GktJ|oObVn4vqoVPY7*2O^9m3;XhNR=79osEz@F5z|1nbBbg@+ z(iw&rnT3j@tXe1~%UWuQ1(MJZ&B=E_t^=|ikaR#zVynjv2%aQvsG7+oLllI#Rx%c? z5ePYH7H8UN6|m`m!n4CpRJn@HQIx898*IDngJMf|1h%&GFW~k-I{|yHX0Rzx^4Z4h ze2kvRdZogalmivx+L;2IZD8QzMABRIBaD%@Yp8^G&!GI+EX*2*W#ngrfnUd zIwQr|=@J__+kukYIG?aiab;56o<#>Z4su~Z17 zH*EzQN{B#a2yh-AJ&vj+_=*vNiy^W1j)H9?z*}p%iL%yma7ss(ZY^xHwGNTa#n)g_26O5*-%sY9Ya}*a@bC7FC}R zuHqbe1Jz`Q#`?@I26V|s00gIIx}ggJo*cAHK+Zr=o2_F<603u32$)-jmxuF%fKL@3 zSIg8k?ZKH;ll2<3*rLjW$x|2(6aqbEh_-r6SS0!AEP2QY)Y_8CQPi5^IOuE#K{^Qh zBr)dXtxHy_r$`zlloTKWqN%p983rJP)_?9v4ekOi=M~#eZl5jwO6obOMS)^MiB60p<0=@@%{PQK&x?)vopz%)OJI-vdiuGr_Fvbj$PAdf8A-E2ku%FC0YLjFP1)wG=sRUD4 zvNZ->j-1>Io3y|`t%01!;G^-WgbYcF)5>CE(VR?hUS%_p|Lk_+BrzC}kQ`N;d{PWG bh!sH}yfbZL$0q#$ZFTm4BH@IrBYOY<4-xTM diff --git a/creusot/tests/should_succeed/knapsack_full.coma b/creusot/tests/should_succeed/knapsack_full.coma index d5772988aa..61308695ab 100644 --- a/creusot/tests/should_succeed/knapsack_full.coma +++ b/creusot/tests/should_succeed/knapsack_full.coma @@ -22,8 +22,8 @@ module M_knapsack_full__max [#"knapsack_full.rs" 16 0 16 35] | bb2 = s0 [ s0 = [ &_0 <- a ] s1 | s1 = bb3 ] | bb3 = return' {_0} ] ) [ & _0 : UInt64.t = any_l () | & a : UInt64.t = a | & b : UInt64.t = b | & _4 : bool = any_l () ] - [ return' (result:UInt64.t)-> {[@expl:max ensures] [%#sknapsack_full0] UInt64.to_uint result - = MinMax.max (UInt64.to_uint a) (UInt64.to_uint b)} + [ return' (result:UInt64.t)-> {[@expl:max ensures] [%#sknapsack_full0] UInt64.t'int result + = MinMax.max (UInt64.t'int a) (UInt64.t'int b)} (! return' {result}) ] end @@ -66,7 +66,7 @@ module M_knapsack_full__sum_weights [#"knapsack_full.rs" 28 0 28 56] /\ 0 <= ([%#sknapsack_full2] Seq.length s - i) /\ ([%#sknapsack_full2] Seq.length s - (i + 1)) < ([%#sknapsack_full2] Seq.length s - i)) /\ (([%#sknapsack_full1] sum_weights'0 s (i + 1) >= 0) - -> ([%#sknapsack_full1] UInt64.to_uint (Seq.get s i).t_Item__weight'0 + sum_weights'0 s (i + 1) >= 0)) + -> ([%#sknapsack_full1] UInt64.t'int (Seq.get s i).t_Item__weight'0 + sum_weights'0 s (i + 1) >= 0)) ) end module M_knapsack_full__sum_values [#"knapsack_full.rs" 38 0 38 55] @@ -234,7 +234,7 @@ module M_knapsack_full__m [#"knapsack_full.rs" 67 0 67 57] = ([%#sknapsack_full13] if i = Seq.length s then 0 else - UInt64.to_uint (Seq.get s i).t_Item__weight'0 + sum_weights'0 s (i + 1) + UInt64.t'int (Seq.get s i).t_Item__weight'0 + sum_weights'0 s (i + 1) ) axiom sum_weights'0_spec : forall s : Seq.seq (t_Item'0), i : int . ([%#sknapsack_full10] 0 <= i /\ i <= Seq.length s) @@ -247,7 +247,7 @@ module M_knapsack_full__m [#"knapsack_full.rs" 67 0 67 57] = ([%#sknapsack_full16] if i = Seq.length s then 0 else - UInt64.to_uint (Seq.get s i).t_Item__value'0 + sum_values'0 s (i + 1) + UInt64.t'int (Seq.get s i).t_Item__value'0 + sum_values'0 s (i + 1) ) use int.MinMax @@ -267,7 +267,7 @@ module M_knapsack_full__m [#"knapsack_full.rs" 67 0 67 57] && ([%#sknapsack_full3] forall s : Seq.seq (t_Item'0), j : int . 0 <= j /\ j <= Seq.length s /\ subseq_rev'0 s j items i /\ sum_weights'0 s j <= w -> sum_values'0 s j <= result) else - if UInt64.to_uint (Seq.get items (i - 1)).t_Item__weight'0 > w then + if UInt64.t'int (Seq.get items (i - 1)).t_Item__weight'0 > w then ((([@expl:m requires #0] [%#sknapsack_full0] 0 <= i - 1 /\ i - 1 <= Seq.length items) && ([@expl:m requires #1] [%#sknapsack_full1] 0 <= w)) /\ 0 <= ([%#sknapsack_full4] i) /\ ([%#sknapsack_full4] i - 1) < ([%#sknapsack_full4] i)) @@ -287,17 +287,17 @@ module M_knapsack_full__m [#"knapsack_full.rs" 67 0 67 57] /\ j <= Seq.length s /\ subseq_rev'0 s j items (i - 1) /\ sum_weights'0 s j <= w -> sum_values'0 s j <= m'0 items (i - 1) w) -> ((([@expl:m requires #0] [%#sknapsack_full0] 0 <= i - 1 /\ i - 1 <= Seq.length items) - && ([@expl:m requires #1] [%#sknapsack_full1] 0 <= w - UInt64.to_uint (Seq.get items (i - 1)).t_Item__weight'0)) + && ([@expl:m requires #1] [%#sknapsack_full1] 0 <= w - UInt64.t'int (Seq.get items (i - 1)).t_Item__weight'0)) /\ 0 <= ([%#sknapsack_full4] i) /\ ([%#sknapsack_full4] i - 1) < ([%#sknapsack_full4] i)) - /\ (([%#sknapsack_full2] m'0 items (i - 1) (w - UInt64.to_uint (Seq.get items (i - 1)).t_Item__weight'0) >= 0) + /\ (([%#sknapsack_full2] m'0 items (i - 1) (w - UInt64.t'int (Seq.get items (i - 1)).t_Item__weight'0) >= 0) && ([%#sknapsack_full3] forall s : Seq.seq (t_Item'0), j : int . 0 <= j /\ j <= Seq.length s /\ subseq_rev'0 s j items (i - 1) - /\ sum_weights'0 s j <= w - UInt64.to_uint (Seq.get items (i - 1)).t_Item__weight'0 - -> sum_values'0 s j <= m'0 items (i - 1) (w - UInt64.to_uint (Seq.get items (i - 1)).t_Item__weight'0)) + /\ sum_weights'0 s j <= w - UInt64.t'int (Seq.get items (i - 1)).t_Item__weight'0 + -> sum_values'0 s j <= m'0 items (i - 1) (w - UInt64.t'int (Seq.get items (i - 1)).t_Item__weight'0)) -> (let result = MinMax.max (m'0 items (i - 1) w) (m'0 items (i - 1) (w - - UInt64.to_uint (Seq.get items (i - 1)).t_Item__weight'0) - + UInt64.to_uint (Seq.get items (i - 1)).t_Item__value'0) in ([%#sknapsack_full2] result >= 0) + - UInt64.t'int (Seq.get items (i - 1)).t_Item__weight'0) + + UInt64.t'int (Seq.get items (i - 1)).t_Item__value'0) in ([%#sknapsack_full2] result >= 0) && ([%#sknapsack_full3] forall s : Seq.seq (t_Item'0), j : int . 0 <= j /\ j <= Seq.length s /\ subseq_rev'0 s j items i /\ sum_weights'0 s j <= w -> sum_values'0 s j <= result)))) @@ -394,7 +394,7 @@ module M_knapsack_full__knapsack01_dyn [#"knapsack_full.rs" 86 0 86 91] let%span srange87 = "../../../creusot-contracts/src/std/iter/range.rs" 42 15 42 32 let%span srange88 = "../../../creusot-contracts/src/std/iter/range.rs" 43 15 43 32 let%span srange89 = "../../../creusot-contracts/src/std/iter/range.rs" 44 14 44 42 - let%span snum90 = "../../../creusot-contracts/src/std/num.rs" 52 28 52 33 + let%span snum90 = "../../../creusot-contracts/src/std/num.rs" 54 32 54 37 let%span srange91 = "../../../creusot-contracts/src/std/iter/range.rs" 15 12 15 78 let%span sresolve92 = "../../../creusot-contracts/src/resolve.rs" 54 20 54 34 let%span sslice93 = "../../../creusot-contracts/src/std/slice.rs" 140 20 140 37 @@ -456,7 +456,7 @@ module M_knapsack_full__knapsack01_dyn [#"knapsack_full.rs" 86 0 86 91] function view'1 (self : t_Vec'0) : Seq.seq UInt64.t - axiom view'1_spec : forall self : t_Vec'0 . [%#svec46] Seq.length (view'1 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) + axiom view'1_spec : forall self : t_Vec'0 . [%#svec46] Seq.length (view'1 self) <= UInt64.t'int (v_MAX'0 : UInt64.t) use seq.Seq @@ -466,8 +466,8 @@ module M_knapsack_full__knapsack01_dyn [#"knapsack_full.rs" 86 0 86 91] let rec from_elem'0 (elem:UInt64.t) (n:UInt64.t) (return' (ret:t_Vec'0))= {[@expl:from_elem 'elem' type invariant] inv'5 elem} any [ return' (result:t_Vec'0)-> {inv'6 result} - {[%#svec40] Seq.length (view'1 result) = UInt64.to_uint n} - {[%#svec41] forall i : int . 0 <= i /\ i < UInt64.to_uint n -> index_logic'3 result i = elem} + {[%#svec40] Seq.length (view'1 result) = UInt64.t'int n} + {[%#svec41] forall i : int . 0 <= i /\ i < UInt64.t'int n -> index_logic'3 result i = elem} (! return' {result}) ] @@ -496,7 +496,7 @@ module M_knapsack_full__knapsack01_dyn [#"knapsack_full.rs" 86 0 86 91] function view'4 (self : t_Vec'3) : Seq.seq (t_Item'0) - axiom view'4_spec : forall self : t_Vec'3 . [%#svec46] Seq.length (view'4 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) + axiom view'4_spec : forall self : t_Vec'3 . [%#svec46] Seq.length (view'4 self) <= UInt64.t'int (v_MAX'0 : UInt64.t) use seq.Seq @@ -542,7 +542,7 @@ module M_knapsack_full__knapsack01_dyn [#"knapsack_full.rs" 86 0 86 91] let rec len'0 (self:t_Vec'3) (return' (ret:UInt64.t))= {[@expl:len 'self' type invariant] inv'4 self} any - [ return' (result:UInt64.t)-> {[%#svec42] UInt64.to_uint result = Seq.length (view'0 self)} (! return' {result}) ] + [ return' (result:UInt64.t)-> {[%#svec42] UInt64.t'int result = Seq.length (view'0 self)} (! return' {result}) ] type t_NonNull'1 = @@ -567,7 +567,7 @@ module M_knapsack_full__knapsack01_dyn [#"knapsack_full.rs" 86 0 86 91] function view'2 (self : t_Vec'1) : Seq.seq (t_Vec'0) - axiom view'2_spec : forall self : t_Vec'1 . [%#svec46] Seq.length (view'2 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) + axiom view'2_spec : forall self : t_Vec'1 . [%#svec46] Seq.length (view'2 self) <= UInt64.t'int (v_MAX'0 : UInt64.t) use seq.Seq @@ -577,8 +577,8 @@ module M_knapsack_full__knapsack01_dyn [#"knapsack_full.rs" 86 0 86 91] let rec from_elem'1 (elem:t_Vec'0) (n:UInt64.t) (return' (ret:t_Vec'1))= {[@expl:from_elem 'elem' type invariant] inv'6 elem} any [ return' (result:t_Vec'1)-> {inv'7 result} - {[%#svec40] Seq.length (view'2 result) = UInt64.to_uint n} - {[%#svec41] forall i : int . 0 <= i /\ i < UInt64.to_uint n -> index_logic'0 result i = elem} + {[%#svec40] Seq.length (view'2 result) = UInt64.t'int n} + {[%#svec41] forall i : int . 0 <= i /\ i < UInt64.t'int n -> index_logic'0 result i = elem} (! return' {result}) ] @@ -637,7 +637,7 @@ module M_knapsack_full__knapsack01_dyn [#"knapsack_full.rs" 86 0 86 91] = ([%#sknapsack_full75] if i = Seq.length s then 0 else - UInt64.to_uint (Seq.get s i).t_Item__weight'0 + sum_weights'0 s (i + 1) + UInt64.t'int (Seq.get s i).t_Item__weight'0 + sum_weights'0 s (i + 1) ) axiom sum_weights'0_spec : forall s : Seq.seq (t_Item'0), i : int . ([%#sknapsack_full72] 0 <= i /\ i <= Seq.length s) @@ -650,7 +650,7 @@ module M_knapsack_full__knapsack01_dyn [#"knapsack_full.rs" 86 0 86 91] = ([%#sknapsack_full78] if i = Seq.length s then 0 else - UInt64.to_uint (Seq.get s i).t_Item__value'0 + sum_values'0 s (i + 1) + UInt64.t'int (Seq.get s i).t_Item__value'0 + sum_values'0 s (i + 1) ) use int.MinMax @@ -664,11 +664,11 @@ module M_knapsack_full__knapsack01_dyn [#"knapsack_full.rs" 86 0 86 91] = ([%#sknapsack_full52] if i = 0 then 0 else - if UInt64.to_uint (Seq.get items (i - 1)).t_Item__weight'0 > w then + if UInt64.t'int (Seq.get items (i - 1)).t_Item__weight'0 > w then m'0 items (i - 1) w else - MinMax.max (m'0 items (i - 1) w) (m'0 items (i - 1) (w - UInt64.to_uint (Seq.get items (i - 1)).t_Item__weight'0) - + UInt64.to_uint (Seq.get items (i - 1)).t_Item__value'0) + MinMax.max (m'0 items (i - 1) w) (m'0 items (i - 1) (w - UInt64.t'int (Seq.get items (i - 1)).t_Item__weight'0) + + UInt64.t'int (Seq.get items (i - 1)).t_Item__value'0) ) @@ -686,7 +686,7 @@ module M_knapsack_full__knapsack01_dyn [#"knapsack_full.rs" 86 0 86 91] use seq.Seq function deep_model'0 (self : UInt64.t) : int = - [%#snum90] UInt64.to_uint self + [%#snum90] UInt64.t'int self predicate produces'0 (self : t_Range'0) (visited : Seq.seq UInt64.t) (o : t_Range'0) = [%#srange53] self.t_Range__end'0 = o.t_Range__end'0 @@ -754,7 +754,7 @@ module M_knapsack_full__knapsack01_dyn [#"knapsack_full.rs" 86 0 86 91] predicate in_bounds'0 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq (t_Item'0)) = - [%#sslice93] UInt64.to_uint self < Seq.length seq + [%#sslice93] UInt64.t'int self < Seq.length seq predicate invariant'2 (self : t_Item'0) = [%#sinvariant108] inv'21 self @@ -764,7 +764,7 @@ module M_knapsack_full__knapsack01_dyn [#"knapsack_full.rs" 86 0 86 91] axiom inv_axiom'10 [@rewrite] : forall x : t_Item'0 [inv'10 x] . inv'10 x = invariant'2 x predicate has_value'0 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq (t_Item'0)) (out : t_Item'0) = - [%#sslice94] Seq.get seq (UInt64.to_uint self) = out + [%#sslice94] Seq.get seq (UInt64.t'int self) = out let rec index'0 (self:t_Vec'3) (index:UInt64.t) (return' (ret:t_Item'0))= {[@expl:index 'self' type invariant] inv'4 self} {[@expl:index 'index' type invariant] inv'5 index} @@ -876,14 +876,14 @@ module M_knapsack_full__knapsack01_dyn [#"knapsack_full.rs" 86 0 86 91] [%#smodel44] view'2 self predicate in_bounds'1 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq (t_Vec'0)) = - [%#sslice93] UInt64.to_uint self < Seq.length seq + [%#sslice93] UInt64.t'int self < Seq.length seq predicate inv'13 (_1 : t_Vec'0) axiom inv_axiom'13 [@rewrite] : forall x : t_Vec'0 [inv'13 x] . inv'13 x = true predicate has_value'1 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq (t_Vec'0)) (out : t_Vec'0) = - [%#sslice94] Seq.get seq (UInt64.to_uint self) = out + [%#sslice94] Seq.get seq (UInt64.t'int self) = out let rec index'1 (self:t_Vec'1) (index:UInt64.t) (return' (ret:t_Vec'0))= {[@expl:index 'self' type invariant] inv'12 self} {[@expl:index 'index' type invariant] inv'5 index} @@ -898,14 +898,14 @@ module M_knapsack_full__knapsack01_dyn [#"knapsack_full.rs" 86 0 86 91] [%#smodel44] view'1 self predicate in_bounds'2 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq UInt64.t) = - [%#sslice93] UInt64.to_uint self < Seq.length seq + [%#sslice93] UInt64.t'int self < Seq.length seq predicate inv'14 (_1 : UInt64.t) axiom inv_axiom'14 [@rewrite] : forall x : UInt64.t [inv'14 x] . inv'14 x = true predicate has_value'2 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq UInt64.t) (out : UInt64.t) = - [%#sslice94] Seq.get seq (UInt64.to_uint self) = out + [%#sslice94] Seq.get seq (UInt64.t'int self) = out let rec index'2 (self:t_Vec'0) (index:UInt64.t) (return' (ret:UInt64.t))= {[@expl:index 'self' type invariant] inv'13 self} {[@expl:index 'index' type invariant] inv'5 index} @@ -917,8 +917,8 @@ module M_knapsack_full__knapsack01_dyn [#"knapsack_full.rs" 86 0 86 91] let rec max'0 (a:UInt64.t) (b:UInt64.t) (return' (ret:UInt64.t))= any - [ return' (result:UInt64.t)-> {[%#sknapsack_full61] UInt64.to_uint result - = MinMax.max (UInt64.to_uint a) (UInt64.to_uint b)} + [ return' (result:UInt64.t)-> {[%#sknapsack_full61] UInt64.t'int result + = MinMax.max (UInt64.t'int a) (UInt64.t'int b)} (! return' {result}) ] @@ -935,7 +935,7 @@ module M_knapsack_full__knapsack01_dyn [#"knapsack_full.rs" 86 0 86 91] predicate resolve_elswhere'0 [@inline:trivial] (self : UInt64.t) (old' : Seq.seq (t_Vec'0)) (fin : Seq.seq (t_Vec'0)) = - [%#sslice106] forall i : int . 0 <= i /\ i <> UInt64.to_uint self /\ i < Seq.length old' + [%#sslice106] forall i : int . 0 <= i /\ i <> UInt64.t'int self /\ i < Seq.length old' -> Seq.get old' i = Seq.get fin i let rec index_mut'0 (self:borrowed (t_Vec'1)) (index:UInt64.t) (return' (ret:borrowed (t_Vec'0)))= {[@expl:index_mut 'self' type invariant] inv'15 self} @@ -958,7 +958,7 @@ module M_knapsack_full__knapsack01_dyn [#"knapsack_full.rs" 86 0 86 91] axiom inv_axiom'17 [@rewrite] : forall x : borrowed UInt64.t [inv'17 x] . inv'17 x = true predicate resolve_elswhere'1 [@inline:trivial] (self : UInt64.t) (old' : Seq.seq UInt64.t) (fin : Seq.seq UInt64.t) = - [%#sslice106] forall i : int . 0 <= i /\ i <> UInt64.to_uint self /\ i < Seq.length old' + [%#sslice106] forall i : int . 0 <= i /\ i <> UInt64.t'int self /\ i < Seq.length old' -> Seq.get old' i = Seq.get fin i let rec index_mut'1 (self:borrowed (t_Vec'0)) (index:UInt64.t) (return' (ret:borrowed UInt64.t))= {[@expl:index_mut 'self' type invariant] inv'16 self} @@ -999,7 +999,7 @@ module M_knapsack_full__knapsack01_dyn [#"knapsack_full.rs" 86 0 86 91] function view'3 (self : t_Vec'2) : Seq.seq (t_Item'0) - axiom view'3_spec : forall self : t_Vec'2 . [%#svec46] Seq.length (view'3 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) + axiom view'3_spec : forall self : t_Vec'2 . [%#svec46] Seq.length (view'3 self) <= UInt64.t'int (v_MAX'0 : UInt64.t) use seq.Seq @@ -1062,9 +1062,9 @@ module M_knapsack_full__knapsack01_dyn [#"knapsack_full.rs" 86 0 86 91] let rec knapsack01_dyn'0 (items:t_Vec'3) (max_weight:UInt64.t) (return' (ret:t_Vec'2))= {[@expl:knapsack01_dyn 'items' type invariant] [%#sknapsack_full32] inv'4 items} {[@expl:knapsack01_dyn requires #0] [%#sknapsack_full33] Seq.length (view'0 items) < 10000000} - {[@expl:knapsack01_dyn requires #1] [%#sknapsack_full34] UInt64.to_uint max_weight < 10000000} + {[@expl:knapsack01_dyn requires #1] [%#sknapsack_full34] UInt64.t'int max_weight < 10000000} {[@expl:knapsack01_dyn requires #2] [%#sknapsack_full35] forall i : int . 0 <= i /\ i < Seq.length (view'0 items) - -> UInt64.to_uint (index_logic'2 items i).t_Item__value'0 <= 10000000} + -> UInt64.t'int (index_logic'2 items i).t_Item__value'0 <= 10000000} (! bb0 [ bb0 = s0 [ s0 = UInt64.add {max_weight} {[%#sknapsack_full0] (1 : UInt64.t)} @@ -1099,13 +1099,13 @@ module M_knapsack_full__knapsack01_dyn [#"knapsack_full.rs" 86 0 86 91] {[@expl:for invariant] [%#sknapsack_full10] produces'0 (Snapshot.inner iter_old) (Snapshot.inner produced) iter} {[@expl:loop invariant #0] [%#sknapsack_full9] Seq.length (view'0 items) + 1 = Seq.length (view'2 best_value)} {[@expl:loop invariant #1] [%#sknapsack_full8] forall i : int . 0 <= i /\ i < Seq.length (view'2 best_value) - -> UInt64.to_uint max_weight + 1 = Seq.length (view'1 (index_logic'0 best_value i))} + -> UInt64.t'int max_weight + 1 = Seq.length (view'1 (index_logic'0 best_value i))} {[@expl:loop invariant #2] [%#sknapsack_full7] forall ii : int, ww : int . 0 <= ii - /\ ii <= Seq.length (Snapshot.inner produced) /\ 0 <= ww /\ ww <= UInt64.to_uint max_weight - -> UInt64.to_uint (Seq.get (view'1 (index_logic'0 best_value ii)) ww) = m'0 (view'0 items) ii ww} + /\ ii <= Seq.length (Snapshot.inner produced) /\ 0 <= ww /\ ww <= UInt64.t'int max_weight + -> UInt64.t'int (Seq.get (view'1 (index_logic'0 best_value ii)) ww) = m'0 (view'0 items) ii ww} {[@expl:loop invariant #3] [%#sknapsack_full6] forall ii : int, ww : int . 0 <= ii - /\ ii <= Seq.length (view'0 items) /\ 0 <= ww /\ ww <= UInt64.to_uint max_weight - -> UInt64.to_uint (Seq.get (view'1 (index_logic'0 best_value ii)) ww) <= 10000000 * ii} + /\ ii <= Seq.length (view'0 items) /\ 0 <= ww /\ ww <= UInt64.t'int max_weight + -> UInt64.t'int (Seq.get (view'1 (index_logic'0 best_value ii)) ww) <= 10000000 * ii} (! s0) [ s0 = bb13 ] [ bb13 = s0 [ s0 = Borrow.borrow_mut {iter} @@ -1162,17 +1162,17 @@ module M_knapsack_full__knapsack01_dyn [#"knapsack_full.rs" 86 0 86 91] = Seq.length (view'2 best_value)} {[@expl:loop invariant #1] [%#sknapsack_full18] forall i : int . 0 <= i /\ i < Seq.length (view'2 best_value) - -> UInt64.to_uint max_weight + 1 = Seq.length (view'1 (index_logic'0 best_value i))} + -> UInt64.t'int max_weight + 1 = Seq.length (view'1 (index_logic'0 best_value i))} {[@expl:loop invariant #2] [%#sknapsack_full17] forall ii : int, ww : int . 0 <= ii - /\ ii <= UInt64.to_uint i /\ 0 <= ww /\ ww <= UInt64.to_uint max_weight - -> UInt64.to_uint (Seq.get (view'1 (index_logic'0 best_value ii)) ww) = m'0 (view'0 items) ii ww} + /\ ii <= UInt64.t'int i /\ 0 <= ww /\ ww <= UInt64.t'int max_weight + -> UInt64.t'int (Seq.get (view'1 (index_logic'0 best_value ii)) ww) = m'0 (view'0 items) ii ww} {[@expl:loop invariant #3] [%#sknapsack_full16] forall ww : int . 0 <= ww /\ ww <= Seq.length (Snapshot.inner produced1) - 1 - -> UInt64.to_uint (Seq.get (view'1 (index_logic'0 best_value (UInt64.to_uint i + 1))) ww) - = m'0 (view'0 items) (UInt64.to_uint i + 1) ww} + -> UInt64.t'int (Seq.get (view'1 (index_logic'0 best_value (UInt64.t'int i + 1))) ww) + = m'0 (view'0 items) (UInt64.t'int i + 1) ww} {[@expl:loop invariant #4] [%#sknapsack_full15] forall ii : int, ww : int . 0 <= ii - /\ ii <= Seq.length (view'0 items) /\ 0 <= ww /\ ww <= UInt64.to_uint max_weight - -> UInt64.to_uint (Seq.get (view'1 (index_logic'0 best_value ii)) ww) <= 10000000 * ii} + /\ ii <= Seq.length (view'0 items) /\ 0 <= ww /\ ww <= UInt64.t'int max_weight + -> UInt64.t'int (Seq.get (view'1 (index_logic'0 best_value ii)) ww) <= 10000000 * ii} (! s0) [ s0 = bb31 ] [ bb31 = s0 [ s0 = Borrow.borrow_mut {iter1} @@ -1263,23 +1263,22 @@ module M_knapsack_full__knapsack01_dyn [#"knapsack_full.rs" 86 0 86 91] | bb56 = bb57 | bb57 = bb57 [ bb57 = {[@expl:loop invariant #0] [%#sknapsack_full28] inv'3 result} - {[@expl:loop invariant #1] [%#sknapsack_full27] UInt64.to_uint j <= Seq.length (view'0 items)} - {[@expl:loop invariant #2] [%#sknapsack_full26] UInt64.to_uint left_weight <= UInt64.to_uint max_weight} + {[@expl:loop invariant #1] [%#sknapsack_full27] UInt64.t'int j <= Seq.length (view'0 items)} + {[@expl:loop invariant #2] [%#sknapsack_full26] UInt64.t'int left_weight <= UInt64.t'int max_weight} {[@expl:loop invariant #3] [%#sknapsack_full25] forall r : Seq.seq (t_Item'0) . Seq.length (view'3 result) <= Seq.length r /\ (forall i : int . 0 <= i /\ i < Seq.length (view'3 result) -> index_logic'1 result i = Seq.get r i) - /\ sum_values'0 r (Seq.length (view'3 result)) - = m'0 (view'0 items) (UInt64.to_uint j) (UInt64.to_uint left_weight) - -> sum_values'0 r 0 = m'0 (view'0 items) (Seq.length (view'0 items)) (UInt64.to_uint max_weight)} + /\ sum_values'0 r (Seq.length (view'3 result)) = m'0 (view'0 items) (UInt64.t'int j) (UInt64.t'int left_weight) + -> sum_values'0 r 0 = m'0 (view'0 items) (Seq.length (view'0 items)) (UInt64.t'int max_weight)} {[@expl:loop invariant #4] [%#sknapsack_full24] forall r : Seq.seq (t_Item'0) . Seq.length (view'3 result) <= Seq.length r /\ (forall i : int . 0 <= i /\ i < Seq.length (view'3 result) -> index_logic'1 result i = Seq.get r i) - /\ sum_weights'0 r (Seq.length (view'3 result)) <= UInt64.to_uint left_weight - -> sum_weights'0 r 0 <= UInt64.to_uint max_weight} + /\ sum_weights'0 r (Seq.length (view'3 result)) <= UInt64.t'int left_weight + -> sum_weights'0 r 0 <= UInt64.t'int max_weight} {[@expl:loop invariant #5] [%#sknapsack_full23] forall r : Seq.seq (t_Item'0) . Seq.length (view'3 result) <= Seq.length r /\ (forall i : int . 0 <= i /\ i < Seq.length (view'3 result) -> index_logic'1 result i = Seq.get r i) - /\ subseq_rev'0 r (Seq.length (view'3 result)) (view'0 items) (UInt64.to_uint j) + /\ subseq_rev'0 r (Seq.length (view'3 result)) (view'0 items) (UInt64.t'int j) -> subseq_rev'0 r 0 (view'0 items) (Seq.length (view'0 items))} (! s0) [ s0 = bb58 ] [ bb58 = s0 @@ -1391,10 +1390,10 @@ module M_knapsack_full__knapsack01_dyn [#"knapsack_full.rs" 86 0 86 91] [ return' (result:t_Vec'2)-> {[@expl:knapsack01_dyn result type invariant] [%#sknapsack_full36] inv'3 result} {[@expl:knapsack01_dyn ensures #0] [%#sknapsack_full37] sum_weights'0 (view'3 result) (Seq.length (view'3 result)) - <= UInt64.to_uint max_weight} + <= UInt64.t'int max_weight} {[@expl:knapsack01_dyn ensures #1] [%#sknapsack_full38] subseq_rev'0 (view'3 result) 0 (view'0 items) (Seq.length (view'0 items))} {[@expl:knapsack01_dyn ensures #2] [%#sknapsack_full39] forall s : Seq.seq (t_Item'0) . subseq_rev'0 s 0 (view'0 items) (Seq.length (view'0 items)) - /\ sum_weights'0 s (Seq.length s) <= UInt64.to_uint max_weight + /\ sum_weights'0 s (Seq.length s) <= UInt64.t'int max_weight -> sum_values'0 s (Seq.length s) <= sum_values'0 (view'3 result) (Seq.length (view'3 result))} (! return' {result}) ] diff --git a/creusot/tests/should_succeed/lang/branch_borrow_2.coma b/creusot/tests/should_succeed/lang/branch_borrow_2.coma index d76b974e96..a0c7d28d71 100644 --- a/creusot/tests/should_succeed/lang/branch_borrow_2.coma +++ b/creusot/tests/should_succeed/lang/branch_borrow_2.coma @@ -39,8 +39,8 @@ module M_branch_borrow_2__f [#"branch_borrow_2.rs" 3 0 3 10] | s5 = Borrow.borrow_mut {c} (fun (_ret':borrowed Int32.t) -> [ &z <- _ret' ] [ &c <- _ret'.final ] s6) | s6 = any - [ br0 -> {([%#sbranch_borrow_20] (3 : Int32.t)) = 1} (! bb2) - | br1 -> {([%#sbranch_borrow_20] (3 : Int32.t)) = 2} (! bb3) + [ br0 -> {([%#sbranch_borrow_20] (3 : Int32.t)) = (1 : Int32.t)} (! bb2) + | br1 -> {([%#sbranch_borrow_20] (3 : Int32.t)) = (2 : Int32.t)} (! bb3) | default -> (! bb1) ] ] diff --git a/creusot/tests/should_succeed/lang/branch_borrow_2/why3session.xml b/creusot/tests/should_succeed/lang/branch_borrow_2/why3session.xml index ba4c03fe9a..fa51e92cc7 100644 --- a/creusot/tests/should_succeed/lang/branch_borrow_2/why3session.xml +++ b/creusot/tests/should_succeed/lang/branch_borrow_2/why3session.xml @@ -6,8 +6,8 @@ - - + + diff --git a/creusot/tests/should_succeed/lang/branch_borrow_2/why3shapes.gz b/creusot/tests/should_succeed/lang/branch_borrow_2/why3shapes.gz index cbe85793295c6bf3e3d65ae1a53a480f242e10b2..f525b9766aca6b6e77fa6829c364f50967128139 100644 GIT binary patch literal 214 zcmV;{04e_;iwFP!00000|DBS%4#F@DMfZF~HXc))v<)D2V5wkX^jd|)Km{exRz>_h zYGFZwfVx?>?0b*x@s!sGbD^5IRMmw)FL=VI6SgraMmE0g)+RNL&x><|(JOeSE2{me zrI9dOUse7_Zd4vE2$ZP4R58H_<8Q4oCT34fUbwgPtn0}FdIBNrW;qZBb%3Rt9fZ-J zVET!}VS2&TDl3OFg%9)->gTTiF%MamF)A<3J@0>yF^IL)0s!V#fry+U*gENyu}aGw QSq>|~9-tS*jH?0w015$N3IG5A literal 215 zcmV;|04V<-iwFP!00000|DDpo4uUWY0MPrsVmFo31`N=IgBKz{&?_n1P@*sdg7NPS zL=Pr1BDbYW+r6$^hjtfibVmo>cBQEgG@#CoV2r)V%DM;teUKu>7*xcxQ9H4+Fdkg>2;68@4* z71v9qh98Oaq`S&x|Di?L;;{b!@FYoyuA2UtO$$f}3Q-i?6;ZAtR=7fj``q`?<6LQ} RkW+qQv0>2)oDNU$?goNb7?96J` z-_X;H-FNzjCD`2m^=gF(5SXK zxP7eqbSn0~dezi!1&bxz{u)n~MYcG`Ul?rI04fJUgTDp4?+MA@3CRVa8A&z<99{W0 z->3_r!tsoeA_onkuoi@7)MQ{NDv_41*??8?9-cQ)aD5-PUG;;J8H4 M7xOhbOkn~500TdMr2qf` delta 262 zcmV+h0r~!x0+s@h7=MxnO&o>DUhq$@S%<|+HPS5V6DW4#3x?DrgK80$~v5b)75O{bmiZC zqb`IDB^jM_Cq!x(rx~Rg=4qO1YrzPeC*%PmTZmk9LoEZ#=GJNqoN-cEY;;aC7MCdc M0$36v4PgQR0AzT4wEzGB diff --git a/creusot/tests/should_succeed/lang/while_let/why3shapes.gz b/creusot/tests/should_succeed/lang/while_let/why3shapes.gz index 7c362fdc3e596bcbbc9cf16b7e14b798c49483ae..0fbe3a21424b372bf2ef4a9941b0b3abedba19ce 100644 GIT binary patch literal 163 zcmV;U09^kciwFP!00000|DBJq3c@fH0QY=FwrZ!Bv`tiS5FyxE$XZ_0S6Z}5Nvp-b zR}|cJzdN{9%BK!Tn)sdK)Ca%gil=Ladu)4;SM0r~h@KX#LyTdeCK)bxtj=Me1e^d1 zR(x11%a`VEF_NFH{6aP}<$pbM_|3Cm7!Bk6sNPeIDcYiz#YSi;q=LK=g_5qNRs+^~ Rrnxu)djea|;5q~W006VdOE~}l literal 162 zcmV;T0A2qdiwFP!00000|DBIb3xYrt0Pp)N_GWo{`=uCkh+xTcuvdBN6Q$gh)sp^w zQP92aGXt|p`P}0~Grv=uhv0WS+9=pNg6$kGrqNf$>5Mx-WO~wlzt8*ABfkuD> zCqAr`CPwx Ql8Y0tCmdSUy#xUO0AP+xJpcdz diff --git a/creusot/tests/should_succeed/list_index_mut.coma b/creusot/tests/should_succeed/list_index_mut.coma index fae939cc13..7703df88c9 100644 --- a/creusot/tests/should_succeed/list_index_mut.coma +++ b/creusot/tests/should_succeed/list_index_mut.coma @@ -84,7 +84,7 @@ module M_list_index_mut__index_mut [#"list_index_mut.rs" 37 0 37 61] use prelude.prelude.Snapshot function view'1 (self : UInt64.t) : int = - [%#smodel20] UInt64.to_uint self + [%#smodel20] UInt64.t'int self function view'0 (self : Snapshot.snap_ty UInt64.t) : int = [%#ssnapshot16] view'1 (Snapshot.inner self) @@ -204,7 +204,7 @@ module M_list_index_mut__index_mut [#"list_index_mut.rs" 37 0 37 61] meta "compute_max_steps" 1000000 - let rec index_mut'0 (l:borrowed (t_List'0)) (ix:UInt64.t) (return' (ret:borrowed UInt32.t))= {[@expl:index_mut requires] [%#slist_index_mut9] UInt64.to_uint ix + let rec index_mut'0 (l:borrowed (t_List'0)) (ix:UInt64.t) (return' (ret:borrowed UInt32.t))= {[@expl:index_mut requires] [%#slist_index_mut9] UInt64.t'int ix < len'0 l.current} (! bb0 [ bb0 = s0 [ s0 = [ &old_l <- [%#slist_index_mut0] Snapshot.new l ] s1 | s1 = bb1 ] @@ -212,15 +212,15 @@ module M_list_index_mut__index_mut [#"list_index_mut.rs" 37 0 37 61] | bb2 = bb3 | bb3 = bb3 [ bb3 = {[@expl:loop invariant #0] [%#slist_index_mut6] UInt64.ule (0 : UInt64.t) ix - /\ UInt64.to_uint ix < len'0 l.current} - {[@expl:loop invariant #1] [%#slist_index_mut5] get'0 l.current (UInt64.to_uint ix) + /\ UInt64.t'int ix < len'0 l.current} + {[@expl:loop invariant #1] [%#slist_index_mut5] get'0 l.current (UInt64.t'int ix) = get'0 (Snapshot.inner old_l).current (view'0 old_ix)} - {[@expl:loop invariant #2] [%#slist_index_mut4] get'0 l.final (UInt64.to_uint ix) + {[@expl:loop invariant #2] [%#slist_index_mut4] get'0 l.final (UInt64.t'int ix) = get'0 (Snapshot.inner old_l).final (view'0 old_ix)} {[@expl:loop invariant #3] [%#slist_index_mut3] len'0 l.final = len'0 l.current -> len'0 (Snapshot.inner old_l).final = len'0 (Snapshot.inner old_l).current} {[@expl:loop invariant #4] [%#slist_index_mut2] (forall i : int . 0 <= i - /\ i < len'0 l.current /\ i <> UInt64.to_uint ix -> get'0 l.final i = get'0 l.current i) + /\ i < len'0 l.current /\ i <> UInt64.t'int ix -> get'0 l.final i = get'0 l.current i) -> (forall i : int . 0 <= i /\ i < len'0 (Snapshot.inner old_l).current /\ i <> view'0 old_ix -> get'0 (Snapshot.inner old_l).final i = get'0 (Snapshot.inner old_l).current i)} (! s0) [ s0 = bb4 ] @@ -279,11 +279,11 @@ module M_list_index_mut__index_mut [#"list_index_mut.rs" 37 0 37 61] | & _29 : borrowed UInt32.t = any_l () ] [ return' (result:borrowed UInt32.t)-> {[@expl:index_mut ensures #0] [%#slist_index_mut10] C_Some'0 (result.current) - = get'0 l.current (UInt64.to_uint ix)} - {[@expl:index_mut ensures #1] [%#slist_index_mut11] C_Some'0 (result.final) = get'0 l.final (UInt64.to_uint ix)} + = get'0 l.current (UInt64.t'int ix)} + {[@expl:index_mut ensures #1] [%#slist_index_mut11] C_Some'0 (result.final) = get'0 l.final (UInt64.t'int ix)} {[@expl:index_mut ensures #2] [%#slist_index_mut12] len'0 l.final = len'0 l.current} {[@expl:index_mut ensures #3] [%#slist_index_mut13] forall i : int . 0 <= i - /\ i < len'0 l.current /\ i <> UInt64.to_uint ix -> get'0 l.current i = get'0 l.final i} + /\ i < len'0 l.current /\ i <> UInt64.t'int ix -> get'0 l.current i = get'0 l.final i} (! return' {result}) ] end @@ -338,14 +338,14 @@ module M_list_index_mut__write [#"list_index_mut.rs" 63 0 63 45] use prelude.prelude.UInt64 - let rec index_mut'0 (l:borrowed (t_List'0)) (ix:UInt64.t) (return' (ret:borrowed UInt32.t))= {[@expl:index_mut requires] [%#slist_index_mut4] UInt64.to_uint ix + let rec index_mut'0 (l:borrowed (t_List'0)) (ix:UInt64.t) (return' (ret:borrowed UInt32.t))= {[@expl:index_mut requires] [%#slist_index_mut4] UInt64.t'int ix < len'0 l.current} any [ return' (result:borrowed UInt32.t)-> {[%#slist_index_mut5] C_Some'0 (result.current) - = get'0 l.current (UInt64.to_uint ix)} - {[%#slist_index_mut6] C_Some'0 (result.final) = get'0 l.final (UInt64.to_uint ix)} + = get'0 l.current (UInt64.t'int ix)} + {[%#slist_index_mut6] C_Some'0 (result.final) = get'0 l.final (UInt64.t'int ix)} {[%#slist_index_mut7] len'0 l.final = len'0 l.current} - {[%#slist_index_mut8] forall i : int . 0 <= i /\ i < len'0 l.current /\ i <> UInt64.to_uint ix + {[%#slist_index_mut8] forall i : int . 0 <= i /\ i < len'0 l.current /\ i <> UInt64.t'int ix -> get'0 l.current i = get'0 l.final i} (! return' {result}) ] @@ -366,7 +366,7 @@ module M_list_index_mut__write [#"list_index_mut.rs" 63 0 63 45] meta "compute_max_steps" 1000000 - let rec write'0 (l:borrowed (t_List'0)) (ix:UInt64.t) (v:UInt32.t) (return' (ret:()))= {[@expl:write requires] [%#slist_index_mut0] UInt64.to_uint ix + let rec write'0 (l:borrowed (t_List'0)) (ix:UInt64.t) (v:UInt32.t) (return' (ret:()))= {[@expl:write requires] [%#slist_index_mut0] UInt64.t'int ix < len'0 l.current} (! bb0 [ bb0 = s0 @@ -389,11 +389,10 @@ module M_list_index_mut__write [#"list_index_mut.rs" 63 0 63 45] | & _9 : borrowed UInt32.t = any_l () | & _10 : borrowed (t_List'0) = any_l () ] - [ return' (result:())-> {[@expl:write ensures #0] [%#slist_index_mut1] C_Some'0 v - = get'0 l.final (UInt64.to_uint ix)} + [ return' (result:())-> {[@expl:write ensures #0] [%#slist_index_mut1] C_Some'0 v = get'0 l.final (UInt64.t'int ix)} {[@expl:write ensures #1] [%#slist_index_mut2] len'0 l.final = len'0 l.current} {[@expl:write ensures #2] [%#slist_index_mut3] forall i : int . 0 <= i - /\ i < len'0 l.current /\ i <> UInt64.to_uint ix -> get'0 l.current i = get'0 l.final i} + /\ i < len'0 l.current /\ i <> UInt64.t'int ix -> get'0 l.current i = get'0 l.final i} (! return' {result}) ] end @@ -447,12 +446,12 @@ module M_list_index_mut__f [#"list_index_mut.rs" 67 0 67 10] C_Some'1 i - let rec write'0 (l:borrowed (t_List'0)) (ix:UInt64.t) (v:UInt32.t) (return' (ret:()))= {[@expl:write requires] [%#slist_index_mut4] UInt64.to_uint ix + let rec write'0 (l:borrowed (t_List'0)) (ix:UInt64.t) (v:UInt32.t) (return' (ret:()))= {[@expl:write requires] [%#slist_index_mut4] UInt64.t'int ix < len'0 l.current} any - [ return' (result:())-> {[%#slist_index_mut5] C_Some'1 v = get'0 l.final (UInt64.to_uint ix)} + [ return' (result:())-> {[%#slist_index_mut5] C_Some'1 v = get'0 l.final (UInt64.t'int ix)} {[%#slist_index_mut6] len'0 l.final = len'0 l.current} - {[%#slist_index_mut7] forall i : int . 0 <= i /\ i < len'0 l.current /\ i <> UInt64.to_uint ix + {[%#slist_index_mut7] forall i : int . 0 <= i /\ i < len'0 l.current /\ i <> UInt64.t'int ix -> get'0 l.current i = get'0 l.final i} (! return' {result}) ] diff --git a/creusot/tests/should_succeed/list_index_mut/why3session.xml b/creusot/tests/should_succeed/list_index_mut/why3session.xml index b2d0e81756..7510d682a5 100644 --- a/creusot/tests/should_succeed/list_index_mut/why3session.xml +++ b/creusot/tests/should_succeed/list_index_mut/why3session.xml @@ -7,7 +7,7 @@ - + diff --git a/creusot/tests/should_succeed/list_index_mut/why3shapes.gz b/creusot/tests/should_succeed/list_index_mut/why3shapes.gz index ff0336cb68348734b20a82e5ceded92a975c386a..83c3e04ca255529e8ea38fc062e68dcce5c73237 100644 GIT binary patch delta 751 zcmVcYjyQ<>?BRG4dmkOeMg#GZLO52G zN7;2gN*5N)iL(4?rRZhrBgZe`bZ%X`QXWh}9Y4lH9xd7HOMi$dFmgOWKj(H_D{#Q` zijLy+(hqR#JuSI}1Dy)gL^)t?%zy)%^Y;CKT?AZn2%Y46Il!^kA4OHaYg!afCyN5d zD4tFh#T-LCope<%viFfFt6J<8UdvY0@`GdbkzlkHr?!=K?^;t;swTZx@k1p7eCJ zYPI=UeBWFlq@tBwvwxR9h`edr=0ooM!*4woGXmXKwSQB;XCj&tMV~!Zo$B*^&N4Kw zopQXkv8ahfjau%rpUpvPn;RCn z&s>Wc_7Hx|PsqdbzXF&l(3E?4-7afP|0jTLBOW@sHb>W6r>yE%*;aj4?X;pYGrb^yVsnV-q^f1cB3~I&u$BsGt(-X(vL~bUClVw zle)!Oc04UScQ+lWN^aXcYb)&RXWLi6xr7CbCTIzI9+W!?1wdHjvjB-X$ zUShcdk^oKs5hBx6dHCw^Ezb@gY1O>BfB^>iWBPPF@yZ29zEy!}3Be3W z$g}7=7bJ@t#IU^i)e7E=)&*9c$H@G4nM#;9l3IC`1uR^m{eN|c%3x?^LiL;4v2P)R zXs+nUPjCGYj+~bz7BfgjfeI*wn9b=iNawh!A7U#)pTWQ?UWp+bIsK8B^;yBfXgrxH zWC%p#$wU!DFd9!v)tl&Dz>Bixm5kS-<+b=^NWLU^xyw#%E9&09O{7!>I+x;8qI4YZ z_zxAUM13Ps0)MudbO($QQ=DP>L(5_eg)%mjK)i3#Qz?nM)1DzOgSrY@R*@No8$~0GvyCW_!X;RV^_DSzb(aka1 zKp6537tvfqTjw$T-5i9namY}R7*B`MPMHR&t$Ar`3D}t>kf5z1yJW%(E7ott)P{@N z6V}8udZ545$N1^>9)VT?#@fTMy>tGN=3+&yB5~^-7KgV0slj%XHwfh@QQN%-$+B2Qx|ek6~GCDst0h zBUE+;Zdgpx4k+y&l3eMMn#E>R_eYog(Hs5IX!gOdF*A>XQNX3lyt5g~;?ObZXk{! ziXn_4h{HID{g}pHOky0%Xbc?W`+_453rf5!3=pLlgpi^j2&g3Int(WXFY-_nMEH4- d5kDuH2QWZ+0bxc1;c1xX`~z};wS=w+005fKX!-yE diff --git a/creusot/tests/should_succeed/list_reversal_lasso.coma b/creusot/tests/should_succeed/list_reversal_lasso.coma index 9acb44535d..d08e6f0275 100644 --- a/creusot/tests/should_succeed/list_reversal_lasso.coma +++ b/creusot/tests/should_succeed/list_reversal_lasso.coma @@ -55,13 +55,13 @@ module M_list_reversal_lasso__qyi13715866738248475091__index [#"list_reversal_la function view'1 (self : t_Vec'0) : Seq.seq UInt64.t - axiom view'1_spec : forall self : t_Vec'0 . [%#svec9] Seq.length (view'1 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) + axiom view'1_spec : forall self : t_Vec'0 . [%#svec9] Seq.length (view'1 self) <= UInt64.t'int (v_MAX'0 : UInt64.t) function view'0 (self : t_Vec'0) : Seq.seq UInt64.t = [%#smodel6] view'1 self predicate in_bounds'0 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq UInt64.t) = - [%#sslice7] UInt64.to_uint self < Seq.length seq + [%#sslice7] UInt64.t'int self < Seq.length seq predicate inv'2 (_1 : UInt64.t) @@ -70,7 +70,7 @@ module M_list_reversal_lasso__qyi13715866738248475091__index [#"list_reversal_la use seq.Seq predicate has_value'0 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq UInt64.t) (out : UInt64.t) = - [%#sslice8] Seq.get seq (UInt64.to_uint self) = out + [%#sslice8] Seq.get seq (UInt64.t'int self) = out let rec index'1 (self:t_Vec'0) (index:UInt64.t) (return' (ret:UInt64.t))= {[@expl:index 'self' type invariant] inv'0 self} {[@expl:index 'index' type invariant] inv'1 index} @@ -84,11 +84,11 @@ module M_list_reversal_lasso__qyi13715866738248475091__index [#"list_reversal_la use prelude.prelude.Intrinsic predicate nonnull_ptr'0 [#"list_reversal_lasso.rs" 49 4 49 44] (self : t_Memory'0) (i : UInt64.t) = - [%#slist_reversal_lasso4] Seq.length (view'1 self.t_Memory__0'0) <= UInt64.to_uint (v_MAX'0 : UInt64.t) - /\ UInt64.to_uint i < Seq.length (view'1 self.t_Memory__0'0) + [%#slist_reversal_lasso4] Seq.length (view'1 self.t_Memory__0'0) <= UInt64.t'int (v_MAX'0 : UInt64.t) + /\ UInt64.t'int i < Seq.length (view'1 self.t_Memory__0'0) function index_logic'1 [@inline:trivial] (self : t_Vec'0) (ix : UInt64.t) : UInt64.t = - [%#sops10] Seq.get (view'1 self) (UInt64.to_uint ix) + [%#sops10] Seq.get (view'1 self) (UInt64.t'int ix) function index_logic'0 [#"list_reversal_lasso.rs" 20 4 20 39] (self : t_Memory'0) (i : UInt64.t) : UInt64.t = [%#slist_reversal_lasso5] index_logic'1 self.t_Memory__0'0 i @@ -175,13 +175,13 @@ module M_list_reversal_lasso__qyi14823043098042356205__index_mut [#"list_reversa function view'0 (self : t_Vec'0) : Seq.seq UInt64.t - axiom view'0_spec : forall self : t_Vec'0 . [%#svec12] Seq.length (view'0 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) + axiom view'0_spec : forall self : t_Vec'0 . [%#svec12] Seq.length (view'0 self) <= UInt64.t'int (v_MAX'0 : UInt64.t) function view'1 (self : borrowed (t_Vec'0)) : Seq.seq UInt64.t = [%#smodel13] view'0 self.current predicate in_bounds'0 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq UInt64.t) = - [%#sslice14] UInt64.to_uint self < Seq.length seq + [%#sslice14] UInt64.t'int self < Seq.length seq predicate inv'2 (_1 : borrowed UInt64.t) @@ -190,10 +190,10 @@ module M_list_reversal_lasso__qyi14823043098042356205__index_mut [#"list_reversa use seq.Seq predicate has_value'0 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq UInt64.t) (out : UInt64.t) = - [%#sslice15] Seq.get seq (UInt64.to_uint self) = out + [%#sslice15] Seq.get seq (UInt64.t'int self) = out predicate resolve_elswhere'0 [@inline:trivial] (self : UInt64.t) (old' : Seq.seq UInt64.t) (fin : Seq.seq UInt64.t) = - [%#sslice16] forall i : int . 0 <= i /\ i <> UInt64.to_uint self /\ i < Seq.length old' + [%#sslice16] forall i : int . 0 <= i /\ i <> UInt64.t'int self /\ i < Seq.length old' -> Seq.get old' i = Seq.get fin i let rec index_mut'1 (self:borrowed (t_Vec'0)) (index:UInt64.t) (return' (ret:borrowed UInt64.t))= {[@expl:index_mut 'self' type invariant] inv'0 self} @@ -223,11 +223,11 @@ module M_list_reversal_lasso__qyi14823043098042356205__index_mut [#"list_reversa use prelude.prelude.Intrinsic predicate nonnull_ptr'0 [#"list_reversal_lasso.rs" 49 4 49 44] (self : t_Memory'0) (i : UInt64.t) = - [%#slist_reversal_lasso10] Seq.length (view'0 self.t_Memory__0'0) <= UInt64.to_uint (v_MAX'0 : UInt64.t) - /\ UInt64.to_uint i < Seq.length (view'0 self.t_Memory__0'0) + [%#slist_reversal_lasso10] Seq.length (view'0 self.t_Memory__0'0) <= UInt64.t'int (v_MAX'0 : UInt64.t) + /\ UInt64.t'int i < Seq.length (view'0 self.t_Memory__0'0) function index_logic'1 [@inline:trivial] (self : t_Vec'0) (ix : UInt64.t) : UInt64.t = - [%#sops18] Seq.get (view'0 self) (UInt64.to_uint ix) + [%#sops18] Seq.get (view'0 self) (UInt64.t'int ix) function index_logic'0 [#"list_reversal_lasso.rs" 20 4 20 39] (self : t_Memory'0) (i : UInt64.t) : UInt64.t = [%#slist_reversal_lasso11] index_logic'1 self.t_Memory__0'0 i @@ -338,16 +338,16 @@ module M_list_reversal_lasso__qyi2644757663130641572__list_reversal_safe [#"list function view'0 (self : t_Vec'0) : Seq.seq UInt64.t - axiom view'0_spec : forall self : t_Vec'0 . [%#svec18] Seq.length (view'0 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) + axiom view'0_spec : forall self : t_Vec'0 . [%#svec18] Seq.length (view'0 self) <= UInt64.t'int (v_MAX'0 : UInt64.t) predicate nonnull_ptr'0 [#"list_reversal_lasso.rs" 49 4 49 44] (self : t_Memory'0) (i : UInt64.t) = - [%#slist_reversal_lasso9] Seq.length (view'0 self.t_Memory__0'0) <= UInt64.to_uint (v_MAX'0 : UInt64.t) - /\ UInt64.to_uint i < Seq.length (view'0 self.t_Memory__0'0) + [%#slist_reversal_lasso9] Seq.length (view'0 self.t_Memory__0'0) <= UInt64.t'int (v_MAX'0 : UInt64.t) + /\ UInt64.t'int i < Seq.length (view'0 self.t_Memory__0'0) use seq.Seq function index_logic'1 [@inline:trivial] (self : t_Vec'0) (ix : UInt64.t) : UInt64.t = - [%#sops20] Seq.get (view'0 self) (UInt64.to_uint ix) + [%#sops20] Seq.get (view'0 self) (UInt64.t'int ix) function index_logic'0 [#"list_reversal_lasso.rs" 20 4 20 39] (self : t_Memory'0) (i : UInt64.t) : UInt64.t = [%#slist_reversal_lasso17] index_logic'1 self.t_Memory__0'0 i @@ -524,14 +524,14 @@ module M_list_reversal_lasso__qyi2644757663130641572__list_reversal_list [#"list function view'0 (self : t_Vec'0) : Seq.seq UInt64.t - axiom view'0_spec : forall self : t_Vec'0 . [%#svec21] Seq.length (view'0 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) + axiom view'0_spec : forall self : t_Vec'0 . [%#svec21] Seq.length (view'0 self) <= UInt64.t'int (v_MAX'0 : UInt64.t) predicate nonnull_ptr'0 [#"list_reversal_lasso.rs" 49 4 49 44] (self : t_Memory'0) (i : UInt64.t) = - [%#slist_reversal_lasso19] Seq.length (view'0 self.t_Memory__0'0) <= UInt64.to_uint (v_MAX'0 : UInt64.t) - /\ UInt64.to_uint i < Seq.length (view'0 self.t_Memory__0'0) + [%#slist_reversal_lasso19] Seq.length (view'0 self.t_Memory__0'0) <= UInt64.t'int (v_MAX'0 : UInt64.t) + /\ UInt64.t'int i < Seq.length (view'0 self.t_Memory__0'0) function index_logic'1 [@inline:trivial] (self : t_Vec'0) (ix : UInt64.t) : UInt64.t = - [%#sops23] Seq.get (view'0 self) (UInt64.to_uint ix) + [%#sops23] Seq.get (view'0 self) (UInt64.t'int ix) function index_logic'0 [#"list_reversal_lasso.rs" 20 4 20 39] (self : t_Memory'0) (i : UInt64.t) : UInt64.t = [%#slist_reversal_lasso20] index_logic'1 self.t_Memory__0'0 i @@ -764,14 +764,14 @@ module M_list_reversal_lasso__qyi2644757663130641572__list_reversal_loop [#"list function view'0 (self : t_Vec'0) : Seq.seq UInt64.t - axiom view'0_spec : forall self : t_Vec'0 . [%#svec27] Seq.length (view'0 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) + axiom view'0_spec : forall self : t_Vec'0 . [%#svec27] Seq.length (view'0 self) <= UInt64.t'int (v_MAX'0 : UInt64.t) predicate nonnull_ptr'0 [#"list_reversal_lasso.rs" 49 4 49 44] (self : t_Memory'0) (i : UInt64.t) = - [%#slist_reversal_lasso16] Seq.length (view'0 self.t_Memory__0'0) <= UInt64.to_uint (v_MAX'0 : UInt64.t) - /\ UInt64.to_uint i < Seq.length (view'0 self.t_Memory__0'0) + [%#slist_reversal_lasso16] Seq.length (view'0 self.t_Memory__0'0) <= UInt64.t'int (v_MAX'0 : UInt64.t) + /\ UInt64.t'int i < Seq.length (view'0 self.t_Memory__0'0) function index_logic'2 [@inline:trivial] (self : t_Vec'0) (ix : UInt64.t) : UInt64.t = - [%#sops28] Seq.get (view'0 self) (UInt64.to_uint ix) + [%#sops28] Seq.get (view'0 self) (UInt64.t'int ix) function index_logic'1 [#"list_reversal_lasso.rs" 20 4 20 39] (self : t_Memory'0) (i : UInt64.t) : UInt64.t = [%#slist_reversal_lasso17] index_logic'2 self.t_Memory__0'0 i @@ -1037,14 +1037,14 @@ module M_list_reversal_lasso__qyi2644757663130641572__list_reversal_lasso [#"lis function view'0 (self : t_Vec'0) : Seq.seq UInt64.t - axiom view'0_spec : forall self : t_Vec'0 . [%#svec22] Seq.length (view'0 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) + axiom view'0_spec : forall self : t_Vec'0 . [%#svec22] Seq.length (view'0 self) <= UInt64.t'int (v_MAX'0 : UInt64.t) predicate nonnull_ptr'0 [#"list_reversal_lasso.rs" 49 4 49 44] (self : t_Memory'0) (i : UInt64.t) = - [%#slist_reversal_lasso20] Seq.length (view'0 self.t_Memory__0'0) <= UInt64.to_uint (v_MAX'0 : UInt64.t) - /\ UInt64.to_uint i < Seq.length (view'0 self.t_Memory__0'0) + [%#slist_reversal_lasso20] Seq.length (view'0 self.t_Memory__0'0) <= UInt64.t'int (v_MAX'0 : UInt64.t) + /\ UInt64.t'int i < Seq.length (view'0 self.t_Memory__0'0) function index_logic'2 [@inline:trivial] (self : t_Vec'0) (ix : UInt64.t) : UInt64.t = - [%#sops24] Seq.get (view'0 self) (UInt64.to_uint ix) + [%#sops24] Seq.get (view'0 self) (UInt64.t'int ix) function index_logic'1 [#"list_reversal_lasso.rs" 20 4 20 39] (self : t_Memory'0) (i : UInt64.t) : UInt64.t = [%#slist_reversal_lasso21] index_logic'2 self.t_Memory__0'0 i @@ -1266,26 +1266,26 @@ module M_list_reversal_lasso__qyi2644757663130641572__find_ptr_in_seq [#"list_re goal vc_find_ptr_in_seq'0 : ([%#slist_reversal_lasso0] 0 <= i /\ i <= Seq.length s) -> (if i = Seq.length s then [%#slist_reversal_lasso1] match C_None'0 with - | C_None'0 -> forall j : int . i <= j /\ j < Seq.length s -> UInt64.to_uint (Seq.get s j) <> p - | C_Some'0 j -> i <= j /\ j < Seq.length s /\ UInt64.to_uint (Seq.get s j) = p + | C_None'0 -> forall j : int . i <= j /\ j < Seq.length s -> UInt64.t'int (Seq.get s j) <> p + | C_Some'0 j -> i <= j /\ j < Seq.length s /\ UInt64.t'int (Seq.get s j) = p end else - if UInt64.to_uint (Seq.get s i) = p then + if UInt64.t'int (Seq.get s i) = p then [%#slist_reversal_lasso1] match C_Some'0 i with - | C_None'0 -> forall j : int . i <= j /\ j < Seq.length s -> UInt64.to_uint (Seq.get s j) <> p - | C_Some'0 j -> i <= j /\ j < Seq.length s /\ UInt64.to_uint (Seq.get s j) = p + | C_None'0 -> forall j : int . i <= j /\ j < Seq.length s -> UInt64.t'int (Seq.get s j) <> p + | C_Some'0 j -> i <= j /\ j < Seq.length s /\ UInt64.t'int (Seq.get s j) = p end else (([@expl:find_ptr_in_seq requires] [%#slist_reversal_lasso0] 0 <= i + 1 /\ i + 1 <= Seq.length s) /\ 0 <= ([%#slist_reversal_lasso2] Seq.length s - i) /\ ([%#slist_reversal_lasso2] Seq.length s - (i + 1)) < ([%#slist_reversal_lasso2] Seq.length s - i)) /\ (([%#slist_reversal_lasso1] match find_ptr_in_seq'0 s (i + 1) p with - | C_None'0 -> forall j : int . i + 1 <= j /\ j < Seq.length s -> UInt64.to_uint (Seq.get s j) <> p - | C_Some'0 j -> i + 1 <= j /\ j < Seq.length s /\ UInt64.to_uint (Seq.get s j) = p + | C_None'0 -> forall j : int . i + 1 <= j /\ j < Seq.length s -> UInt64.t'int (Seq.get s j) <> p + | C_Some'0 j -> i + 1 <= j /\ j < Seq.length s /\ UInt64.t'int (Seq.get s j) = p end) -> ([%#slist_reversal_lasso1] match find_ptr_in_seq'0 s (i + 1) p with - | C_None'0 -> forall j : int . i <= j /\ j < Seq.length s -> UInt64.to_uint (Seq.get s j) <> p - | C_Some'0 j -> i <= j /\ j < Seq.length s /\ UInt64.to_uint (Seq.get s j) = p + | C_None'0 -> forall j : int . i <= j /\ j < Seq.length s -> UInt64.t'int (Seq.get s j) <> p + | C_Some'0 j -> i <= j /\ j < Seq.length s /\ UInt64.t'int (Seq.get s j) = p end)) ) @@ -1328,14 +1328,14 @@ module M_list_reversal_lasso__qyi2644757663130641572__pigeon [#"list_reversal_la = ([%#slist_reversal_lasso10] if i = Seq.length s then C_None'0 else - if UInt64.to_uint (Seq.get s i) = p then C_Some'0 i else find_ptr_in_seq'0 s (i + 1) p + if UInt64.t'int (Seq.get s i) = p then C_Some'0 i else find_ptr_in_seq'0 s (i + 1) p ) axiom find_ptr_in_seq'0_spec : forall s : Seq.seq UInt64.t, i : int, p : int . ([%#slist_reversal_lasso6] 0 <= i /\ i <= Seq.length s) -> ([%#slist_reversal_lasso7] match find_ptr_in_seq'0 s i p with - | C_None'0 -> forall j : int . i <= j /\ j < Seq.length s -> UInt64.to_uint (Seq.get s j) <> p - | C_Some'0 j -> i <= j /\ j < Seq.length s /\ UInt64.to_uint (Seq.get s j) = p + | C_None'0 -> forall j : int . i <= j /\ j < Seq.length s -> UInt64.t'int (Seq.get s j) <> p + | C_Some'0 j -> i <= j /\ j < Seq.length s /\ UInt64.t'int (Seq.get s j) = p end) use seq.Seq @@ -1350,20 +1350,20 @@ module M_list_reversal_lasso__qyi2644757663130641572__pigeon [#"list_reversal_la goal vc_pigeon'0 : ([%#slist_reversal_lasso2] forall i : int, j : int . 0 <= i /\ i < Seq.length s /\ 0 <= j /\ j < Seq.length s /\ i <> j -> Seq.get s i <> Seq.get s j) - -> ([%#slist_reversal_lasso1] forall i : int . 0 <= i /\ i < Seq.length s -> UInt64.to_uint (Seq.get s i) < n) + -> ([%#slist_reversal_lasso1] forall i : int . 0 <= i /\ i < Seq.length s -> UInt64.t'int (Seq.get s i) < n) -> ([%#slist_reversal_lasso0] 0 <= n) -> (if n = 0 then ([%#slist_reversal_lasso3] Seq.length s <= n) && ([%#slist_reversal_lasso4] true) else ([@expl:find_ptr_in_seq requires] [%#slist_reversal_lasso6] 0 <= 0 /\ 0 <= Seq.length s) /\ (([%#slist_reversal_lasso7] match find_ptr_in_seq'0 s 0 (n - 1) with - | C_None'0 -> forall j : int . 0 <= j /\ j < Seq.length s -> UInt64.to_uint (Seq.get s j) <> n - 1 - | C_Some'0 j -> 0 <= j /\ j < Seq.length s /\ UInt64.to_uint (Seq.get s j) = n - 1 + | C_None'0 -> forall j : int . 0 <= j /\ j < Seq.length s -> UInt64.t'int (Seq.get s j) <> n - 1 + | C_Some'0 j -> 0 <= j /\ j < Seq.length s /\ UInt64.t'int (Seq.get s j) = n - 1 end) -> match find_ptr_in_seq'0 s 0 (n - 1) with | C_None'0 -> ((([@expl:pigeon requires #0] [%#slist_reversal_lasso0] 0 <= n - 1) && ([@expl:pigeon requires #1] [%#slist_reversal_lasso1] forall i : int . 0 <= i /\ i < Seq.length s - -> UInt64.to_uint (Seq.get s i) < n - 1) + -> UInt64.t'int (Seq.get s i) < n - 1) && ([@expl:pigeon requires #2] [%#slist_reversal_lasso2] forall i : int, j : int . 0 <= i /\ i < Seq.length s /\ 0 <= j /\ j < Seq.length s /\ i <> j -> Seq.get s i <> Seq.get s j)) /\ 0 <= ([%#slist_reversal_lasso5] n) /\ ([%#slist_reversal_lasso5] n - 1) < ([%#slist_reversal_lasso5] n)) @@ -1371,14 +1371,14 @@ module M_list_reversal_lasso__qyi2644757663130641572__pigeon [#"list_reversal_la -> ([%#slist_reversal_lasso3] Seq.length s <= n) && ([%#slist_reversal_lasso4] pigeon'0 s (n - 1))) | C_Some'0 i -> ([@expl:find_ptr_in_seq requires] [%#slist_reversal_lasso6] 0 <= i + 1 /\ i + 1 <= Seq.length s) /\ (([%#slist_reversal_lasso7] match find_ptr_in_seq'0 s (i + 1) (n - 1) with - | C_None'0 -> forall j : int . i + 1 <= j /\ j < Seq.length s -> UInt64.to_uint (Seq.get s j) <> n - 1 - | C_Some'0 j -> i + 1 <= j /\ j < Seq.length s /\ UInt64.to_uint (Seq.get s j) = n - 1 + | C_None'0 -> forall j : int . i + 1 <= j /\ j < Seq.length s -> UInt64.t'int (Seq.get s j) <> n - 1 + | C_Some'0 j -> i + 1 <= j /\ j < Seq.length s /\ UInt64.t'int (Seq.get s j) = n - 1 end) -> match find_ptr_in_seq'0 s (i + 1) (n - 1) with | C_None'0 -> ((([@expl:pigeon requires #0] [%#slist_reversal_lasso0] 0 <= n - 1) && ([@expl:pigeon requires #1] [%#slist_reversal_lasso1] forall i' : int . 0 <= i' /\ i' < Seq.length (Seq.(++) (Seq.([..]) s 0 i) (Seq.([..]) s (i + 1) (Seq.length s))) - -> UInt64.to_uint (Seq.get (Seq.(++) (Seq.([..]) s 0 i) (Seq.([..]) s (i + 1) (Seq.length s))) i') < n - 1) + -> UInt64.t'int (Seq.get (Seq.(++) (Seq.([..]) s 0 i) (Seq.([..]) s (i + 1) (Seq.length s))) i') < n - 1) && ([@expl:pigeon requires #2] [%#slist_reversal_lasso2] forall i' : int, j : int . 0 <= i' /\ i' < Seq.length (Seq.(++) (Seq.([..]) s 0 i) (Seq.([..]) s (i + 1) (Seq.length s))) /\ 0 <= j /\ j < Seq.length (Seq.(++) (Seq.([..]) s 0 i) (Seq.([..]) s (i + 1) (Seq.length s))) /\ i' <> j @@ -1459,16 +1459,16 @@ module M_list_reversal_lasso__qyi2644757663130641572__find_lasso_aux [#"list_rev function view'0 (self : t_Vec'0) : Seq.seq UInt64.t - axiom view'0_spec : forall self : t_Vec'0 . [%#svec8] Seq.length (view'0 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) + axiom view'0_spec : forall self : t_Vec'0 . [%#svec8] Seq.length (view'0 self) <= UInt64.t'int (v_MAX'0 : UInt64.t) predicate nonnull_ptr'0 [#"list_reversal_lasso.rs" 49 4 49 44] (self : t_Memory'0) (i : UInt64.t) = - [%#slist_reversal_lasso18] Seq.length (view'0 self.t_Memory__0'0) <= UInt64.to_uint (v_MAX'0 : UInt64.t) - /\ UInt64.to_uint i < Seq.length (view'0 self.t_Memory__0'0) + [%#slist_reversal_lasso18] Seq.length (view'0 self.t_Memory__0'0) <= UInt64.t'int (v_MAX'0 : UInt64.t) + /\ UInt64.t'int i < Seq.length (view'0 self.t_Memory__0'0) use seq.Seq function index_logic'1 [@inline:trivial] (self : t_Vec'0) (ix : UInt64.t) : UInt64.t = - [%#sops25] Seq.get (view'0 self) (UInt64.to_uint ix) + [%#sops25] Seq.get (view'0 self) (UInt64.t'int ix) function index_logic'0 [#"list_reversal_lasso.rs" 20 4 20 39] (self : t_Memory'0) (i : UInt64.t) : UInt64.t = [%#slist_reversal_lasso24] index_logic'1 self.t_Memory__0'0 i @@ -1522,14 +1522,14 @@ module M_list_reversal_lasso__qyi2644757663130641572__find_lasso_aux [#"list_rev = ([%#slist_reversal_lasso22] if i = Seq.length s then C_None'1 else - if UInt64.to_uint (Seq.get s i) = p then C_Some'1 i else find_ptr_in_seq'0 s (i + 1) p + if UInt64.t'int (Seq.get s i) = p then C_Some'1 i else find_ptr_in_seq'0 s (i + 1) p ) axiom find_ptr_in_seq'0_spec : forall s : Seq.seq UInt64.t, i : int, p : int . ([%#slist_reversal_lasso5] 0 <= i /\ i <= Seq.length s) -> ([%#slist_reversal_lasso6] match find_ptr_in_seq'0 s i p with - | C_None'1 -> forall j : int . i <= j /\ j < Seq.length s -> UInt64.to_uint (Seq.get s j) <> p - | C_Some'1 j -> i <= j /\ j < Seq.length s /\ UInt64.to_uint (Seq.get s j) = p + | C_None'1 -> forall j : int . i <= j /\ j < Seq.length s -> UInt64.t'int (Seq.get s j) <> p + | C_Some'1 j -> i <= j /\ j < Seq.length s /\ UInt64.t'int (Seq.get s j) = p end) use seq.Seq @@ -1539,7 +1539,7 @@ module M_list_reversal_lasso__qyi2644757663130641572__find_lasso_aux [#"list_rev function pigeon'0 [#"list_reversal_lasso.rs" 219 4 219 42] (s : Seq.seq UInt64.t) (n : int) : bool axiom pigeon'0_def : forall s : Seq.seq UInt64.t, n : int . ([%#slist_reversal_lasso9] 0 <= n) - -> ([%#slist_reversal_lasso10] forall i : int . 0 <= i /\ i < Seq.length s -> UInt64.to_uint (Seq.get s i) < n) + -> ([%#slist_reversal_lasso10] forall i : int . 0 <= i /\ i < Seq.length s -> UInt64.t'int (Seq.get s i) < n) -> ([%#slist_reversal_lasso11] forall i : int, j : int . 0 <= i /\ i < Seq.length s /\ 0 <= j /\ j < Seq.length s /\ i <> j -> Seq.get s i <> Seq.get s j) -> pigeon'0 s n @@ -1556,7 +1556,7 @@ module M_list_reversal_lasso__qyi2644757663130641572__find_lasso_aux [#"list_rev ) axiom pigeon'0_spec : forall s : Seq.seq UInt64.t, n : int . ([%#slist_reversal_lasso9] 0 <= n) - -> ([%#slist_reversal_lasso10] forall i : int . 0 <= i /\ i < Seq.length s -> UInt64.to_uint (Seq.get s i) < n) + -> ([%#slist_reversal_lasso10] forall i : int . 0 <= i /\ i < Seq.length s -> UInt64.t'int (Seq.get s i) < n) -> ([%#slist_reversal_lasso11] forall i : int, j : int . 0 <= i /\ i < Seq.length s /\ 0 <= j /\ j < Seq.length s /\ i <> j -> Seq.get s i <> Seq.get s j) -> ([%#slist_reversal_lasso12] Seq.length s <= n) && ([%#slist_reversal_lasso13] pigeon'0 s n) @@ -1584,15 +1584,15 @@ module M_list_reversal_lasso__qyi2644757663130641572__find_lasso_aux [#"list_rev end else ([@expl:find_ptr_in_seq requires] [%#slist_reversal_lasso5] 0 <= 0 /\ 0 <= Seq.length s) - /\ (([%#slist_reversal_lasso6] match find_ptr_in_seq'0 s 0 (UInt64.to_uint last) with - | C_None'1 -> forall j : int . 0 <= j /\ j < Seq.length s -> UInt64.to_uint (Seq.get s j) <> UInt64.to_uint last - | C_Some'1 j -> 0 <= j /\ j < Seq.length s /\ UInt64.to_uint (Seq.get s j) = UInt64.to_uint last + /\ (([%#slist_reversal_lasso6] match find_ptr_in_seq'0 s 0 (UInt64.t'int last) with + | C_None'1 -> forall j : int . 0 <= j /\ j < Seq.length s -> UInt64.t'int (Seq.get s j) <> UInt64.t'int last + | C_Some'1 j -> 0 <= j /\ j < Seq.length s /\ UInt64.t'int (Seq.get s j) = UInt64.t'int last end) - -> match find_ptr_in_seq'0 s 0 (UInt64.to_uint last) with - | C_None'1 -> ([%#svec8] Seq.length (view'0 self.t_Memory__0'0) <= UInt64.to_uint (v_MAX'0 : UInt64.t)) + -> match find_ptr_in_seq'0 s 0 (UInt64.t'int last) with + | C_None'1 -> ([%#svec8] Seq.length (view'0 self.t_Memory__0'0) <= UInt64.t'int (v_MAX'0 : UInt64.t)) -> (([@expl:pigeon requires #0] [%#slist_reversal_lasso9] 0 <= Seq.length (view'0 self.t_Memory__0'0)) && ([@expl:pigeon requires #1] [%#slist_reversal_lasso10] forall i : int . 0 <= i /\ i < Seq.length s - -> UInt64.to_uint (Seq.get s i) < Seq.length (view'0 self.t_Memory__0'0)) + -> UInt64.t'int (Seq.get s i) < Seq.length (view'0 self.t_Memory__0'0)) && ([@expl:pigeon requires #2] [%#slist_reversal_lasso11] forall i : int, j : int . 0 <= i /\ i < Seq.length s /\ 0 <= j /\ j < Seq.length s /\ i <> j -> Seq.get s i <> Seq.get s j)) /\ (([%#slist_reversal_lasso12] Seq.length s <= Seq.length (view'0 self.t_Memory__0'0)) @@ -1693,16 +1693,16 @@ module M_list_reversal_lasso__qyi2644757663130641572__find_lasso [#"list_reversa function view'0 (self : t_Vec'0) : Seq.seq UInt64.t - axiom view'0_spec : forall self : t_Vec'0 . [%#svec16] Seq.length (view'0 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) + axiom view'0_spec : forall self : t_Vec'0 . [%#svec16] Seq.length (view'0 self) <= UInt64.t'int (v_MAX'0 : UInt64.t) predicate nonnull_ptr'0 [#"list_reversal_lasso.rs" 49 4 49 44] (self : t_Memory'0) (i : UInt64.t) = - [%#slist_reversal_lasso11] Seq.length (view'0 self.t_Memory__0'0) <= UInt64.to_uint (v_MAX'0 : UInt64.t) - /\ UInt64.to_uint i < Seq.length (view'0 self.t_Memory__0'0) + [%#slist_reversal_lasso11] Seq.length (view'0 self.t_Memory__0'0) <= UInt64.t'int (v_MAX'0 : UInt64.t) + /\ UInt64.t'int i < Seq.length (view'0 self.t_Memory__0'0) use seq.Seq function index_logic'1 [@inline:trivial] (self : t_Vec'0) (ix : UInt64.t) : UInt64.t = - [%#sops29] Seq.get (view'0 self) (UInt64.to_uint ix) + [%#sops29] Seq.get (view'0 self) (UInt64.t'int ix) function index_logic'0 [#"list_reversal_lasso.rs" 20 4 20 39] (self : t_Memory'0) (i : UInt64.t) : UInt64.t = [%#slist_reversal_lasso17] index_logic'1 self.t_Memory__0'0 i @@ -1762,20 +1762,20 @@ module M_list_reversal_lasso__qyi2644757663130641572__find_lasso [#"list_reversa = ([%#slist_reversal_lasso28] if i = Seq.length s then C_None'1 else - if UInt64.to_uint (Seq.get s i) = p then C_Some'1 i else find_ptr_in_seq'0 s (i + 1) p + if UInt64.t'int (Seq.get s i) = p then C_Some'1 i else find_ptr_in_seq'0 s (i + 1) p ) axiom find_ptr_in_seq'0_spec : forall s : Seq.seq UInt64.t, i : int, p : int . ([%#slist_reversal_lasso25] 0 <= i /\ i <= Seq.length s) -> ([%#slist_reversal_lasso26] match find_ptr_in_seq'0 s i p with - | C_None'1 -> forall j : int . i <= j /\ j < Seq.length s -> UInt64.to_uint (Seq.get s j) <> p - | C_Some'1 j -> i <= j /\ j < Seq.length s /\ UInt64.to_uint (Seq.get s j) = p + | C_None'1 -> forall j : int . i <= j /\ j < Seq.length s -> UInt64.t'int (Seq.get s j) <> p + | C_Some'1 j -> i <= j /\ j < Seq.length s /\ UInt64.t'int (Seq.get s j) = p end) function pigeon'0 [#"list_reversal_lasso.rs" 219 4 219 42] (s : Seq.seq UInt64.t) (n : int) : bool axiom pigeon'0_def : forall s : Seq.seq UInt64.t, n : int . ([%#slist_reversal_lasso18] 0 <= n) - -> ([%#slist_reversal_lasso19] forall i : int . 0 <= i /\ i < Seq.length s -> UInt64.to_uint (Seq.get s i) < n) + -> ([%#slist_reversal_lasso19] forall i : int . 0 <= i /\ i < Seq.length s -> UInt64.t'int (Seq.get s i) < n) -> ([%#slist_reversal_lasso20] forall i : int, j : int . 0 <= i /\ i < Seq.length s /\ 0 <= j /\ j < Seq.length s /\ i <> j -> Seq.get s i <> Seq.get s j) -> pigeon'0 s n @@ -1792,7 +1792,7 @@ module M_list_reversal_lasso__qyi2644757663130641572__find_lasso [#"list_reversa ) axiom pigeon'0_spec : forall s : Seq.seq UInt64.t, n : int . ([%#slist_reversal_lasso18] 0 <= n) - -> ([%#slist_reversal_lasso19] forall i : int . 0 <= i /\ i < Seq.length s -> UInt64.to_uint (Seq.get s i) < n) + -> ([%#slist_reversal_lasso19] forall i : int . 0 <= i /\ i < Seq.length s -> UInt64.t'int (Seq.get s i) < n) -> ([%#slist_reversal_lasso20] forall i : int, j : int . 0 <= i /\ i < Seq.length s /\ 0 <= j /\ j < Seq.length s /\ i <> j -> Seq.get s i <> Seq.get s j) -> ([%#slist_reversal_lasso21] Seq.length s <= n) && ([%#slist_reversal_lasso22] pigeon'0 s n) @@ -1809,7 +1809,7 @@ module M_list_reversal_lasso__qyi2644757663130641572__find_lasso [#"list_reversa = ([%#slist_reversal_lasso14] if last = v_NULL'0 then (s, C_None'0) else - match find_ptr_in_seq'0 s 0 (UInt64.to_uint last) with + match find_ptr_in_seq'0 s 0 (UInt64.t'int last) with | C_None'1 -> if pigeon'0 s (Seq.length (view'0 self.t_Memory__0'0)) then find_lasso_aux'0 self first (index_logic'0 self last) (Seq.snoc s last) else diff --git a/creusot/tests/should_succeed/mapping_test/why3session.xml b/creusot/tests/should_succeed/mapping_test/why3session.xml index 627820adfb..4b0f97049b 100644 --- a/creusot/tests/should_succeed/mapping_test/why3session.xml +++ b/creusot/tests/should_succeed/mapping_test/why3session.xml @@ -2,18 +2,17 @@ - - + - + diff --git a/creusot/tests/should_succeed/mapping_test/why3shapes.gz b/creusot/tests/should_succeed/mapping_test/why3shapes.gz index e5021a32ce00ae38fad28b0a2fae5e55234cc5f8..c95ea042cbd6fa1e95bb6747969afdf2a1b9a251 100644 GIT binary patch literal 412 zcmV;N0b~9jiwFP!00000|BX^jYvV8wz57@Amfewl$1dh;`Z2YA6Ab`JM5rkLW+ zFvDS?IP|S{zK32vYYnlvgvEm)NL5AJfdVV%VXXv&&nbcq7gR8BU5CC`!tmu4DhH4I zX*xLXu{&T4uc5=xu6Ia)rtP|Rk9M~C8(A|Jf56%=H#q4!t3*xf9OWkQx6^)(ooFkp zQAyaqKOLx|A?V*qyc1#_Ay<)1WHB&9;BnLliHvmznGskFz3|lTWP*l_^=D0;P&^ zl)lOYNf3zUYiB0`H1pH)VWY+PNG_LSmsET@(N$iJ4x&1DGggToyV8!flY}<{SB6_| zWl@$Oc(cl6$&AP|ITy%N@yH)pB5aXEBko0m^Fr9Nv@~IEas!Q=V<`wG3HBdcFNkLZ G1ONaoIL6Tc literal 349 zcmV-j0iymNiwFP!00000|BX^jZ-PJ&z4I%$(b~&?^3mYI3xTA^X0BvdcH51*7(h+` zeS@N+DW=I@X5PG+d2jY*;dkG-)180NZD$+z?uY*3)x#xz=^hVO9|Hmes8vK!Oo3wG zl-Bjwm!D;c1GvI;sR+<48)#<=8tZTa47*Dg2JDfFYTvfn^}rNeJ)u%``Z!NV>zr=S zHHsG4>aN)wbU?6b+O|3BI@qoURzQO78u)d9t$`J|9Qy*txA_f6MA2-8)|FMWcXjtK zLV@Ws;e?RlWZ-;J=IQOO|0z$GdN_?xVs!5=N%^c35P|?+T>XY{>hxchDZwBd`j@tz zEfByjlFu8Z(~ywyo7|Egx0A?h60q!E&2-A}$P;*w?Rh*DMko_%SyfSO;+i6nXet>A vStG4{meZVg81aZDJT_5+I?+NhBWY!{Nu*4|B=%X(bK?C1pH_AkBLe^c7b~nr diff --git a/creusot/tests/should_succeed/match_int.coma b/creusot/tests/should_succeed/match_int.coma index f767fcc134..1fc52a139e 100644 --- a/creusot/tests/should_succeed/match_int.coma +++ b/creusot/tests/should_succeed/match_int.coma @@ -30,7 +30,7 @@ module M_match_int__f [#"match_int.rs" 6 0 6 10] | bb6 = any [ br0 -> {false} (! bb7) | br1 -> {true} (! bb8) ] | bb8 = bb14 | bb7 = {[%#smatch_int3] false} any - | bb1 = any [ br0 -> {_1 = 5} (! bb5) | br1 -> {_1 = 6} (! bb5) | default -> (! bb4) ] + | bb1 = any [ br0 -> {_1 = (5 : Int32.t)} (! bb5) | br1 -> {_1 = (6 : Int32.t)} (! bb5) | default -> (! bb4) ] | bb4 = any [ br0 -> {([%#smatch_int4] false) = false} (! bb12) | br1 -> {[%#smatch_int4] false} (! bb13) ] | bb13 = bb14 | bb12 = {[%#smatch_int5] false} any diff --git a/creusot/tests/should_succeed/match_int/why3session.xml b/creusot/tests/should_succeed/match_int/why3session.xml index 08eccbea7e..57f19bff91 100644 --- a/creusot/tests/should_succeed/match_int/why3session.xml +++ b/creusot/tests/should_succeed/match_int/why3session.xml @@ -6,8 +6,8 @@ - - + + diff --git a/creusot/tests/should_succeed/match_int/why3shapes.gz b/creusot/tests/should_succeed/match_int/why3shapes.gz index f77fc65464809094200577f12aecab1c7b9b1bff..e7be433babb4774c85fb34ed358dce7fafeb0f21 100644 GIT binary patch literal 184 zcmV;p07w5HiwFP!00000|6Pwi4}vfd#rJ-Sj>^>1P>PX(LE@wfVI@a7B1z?6!Gv#b zA&QC9y}Wn#d%1&0?E`wW^o65sy7ojR^^W8QaqdG3#$w_m&&4{J<_TCcX|6dN>IBX( zbw$%UV;7qr=K`{E#`}hWb}0;Gb8nFS)7H&TjWwv9H|*DrAAh-QFZkt`l;E?UmSTH> mkV;7<%PI;XKpB+E4@D>{r9pB(z^J7B%E%iJ%!9J>0002oo>v3_ literal 169 zcmV;a09OAWiwFP!00000|6R^K4}w4p2H^dE#f{3;yK*1~1_p_fE`*gdXNe@p*MSND z-awSWsc-VOPkQjAds5F%zIk+Y*Pdk{y`#8MQfSJkahy_8r~=mkR;3iv)RlERS+xfk zsZjDYZ-4P(Jq!!@sa@e(5;*A+T%1PF*s=uYOv}?MERjJd6!Y1bFf>G@%YE XMBhX@!jP2)sjeVCj6_j<(*OVfnXFAx diff --git a/creusot/tests/should_succeed/mutex.coma b/creusot/tests/should_succeed/mutex.coma index 8e29e216de..25885052e2 100644 --- a/creusot/tests/should_succeed/mutex.coma +++ b/creusot/tests/should_succeed/mutex.coma @@ -48,7 +48,7 @@ module M_mutex__qyi5425553346843331945__call [#"mutex.rs" 100 4 100 23] (* {[%#smutex5] inv'1 result} @@ -141,7 +141,7 @@ module M_mutex__concurrent [#"mutex.rs" 163 0 163 19] use prelude.prelude.Borrow predicate inv'2 [#"mutex.rs" 66 4 66 33] (self : ()) (x : UInt32.t) = - [%#smutex12] mod x (2 : UInt32.t) = (0 : UInt32.t) + [%#smutex12] UInt32.urem x (2 : UInt32.t) = (0 : UInt32.t) type t_MutexInner'0 diff --git a/creusot/tests/should_succeed/mutex/why3session.xml b/creusot/tests/should_succeed/mutex/why3session.xml index 7f4e246e33..b385efde1a 100644 --- a/creusot/tests/should_succeed/mutex/why3session.xml +++ b/creusot/tests/should_succeed/mutex/why3session.xml @@ -13,12 +13,12 @@ - + - + diff --git a/creusot/tests/should_succeed/mutex/why3shapes.gz b/creusot/tests/should_succeed/mutex/why3shapes.gz index 1a899d0378865223bd45efc6f170970b13a52909..da246030914e1a9ef352836cbb5975f210e720ea 100644 GIT binary patch literal 463 zcmV;=0Wkg_iwFP!00000|E*F@kDD+Mz4I%$rQKd^jBTj4hxFjWq3R{_6;13xi<*Qi zAIY}AzC*BAYSeBo<$xY<-g{%u@a`cUpWuvRdck4r`qRf$r4R3u=^47yWy35p5k!t# zZX!qm5L-C+3#MwwY9G^#;jvgqLO} zX#?ZReS^n81;KRfn{$7~p&7fMNZqZ1-7w?!U*~r$oZPY1W#BMUztajW76CPwMy2i_`A<+!zP7^yUGbi5IIT82qH&wH4#KkTV*0h?tTqw zzx96HUHc8&9KVB`hXLu<#d-wwM*Tkp)iB`LA1+AuEtV<0R;;eW^@=c&JW|4H6IZ^Q z&j)02zdU@05jvJ6qRmjSJ+iFzP|8B8wq?A{%Tj2Gs!c_eRlH&e^FHUTMklf|+jEC5 zb6z{;g(_8END|5_ze$U|Ky0Pb((Rop_AJktkf0q0r%Plc<*X{JqSBQLo?n*T>0SN< F006PQ?zR8` literal 418 zcmV;T0bTwdiwFP!00000|E*HHlAJIQ%=rp3>~o?AdT`|pNMsQ>+fqsmLMl_YCpZvm z`|n-5NOt*kPOPZaGt;B#(VK^I`vi;I%Bx$qX%3GiFCX3(@dc)Et&l+~gUn%rRR%=@ zw1s8fqMgGy#c2)|GQ?2TrCQR$vbvw5s&LOs{Mz5UXK8AP%HWVDFoob&i2cVsx-TDg zSjWD{6*9FEZORoLoFLBq6rvIEE<=`pCF+*h5AzEy<16R|G&$<%$MBjt$Fzt^cY`Ak)IvNlv@kU3^*l|kmXVJd^n z3By$e#V?D4*tg@joj=bNs-B;~?(6D8H1c=?e+CKo_h8ba2zu8mEEuwu;lN3;?>;e2y!z z2O4W|cJ_^UOL>3-R>Awk41$p0CaZfp;o!R-sD0^3+8QjO*o43j{H=>&*SouZy~0?G mQYj(wRMql?s?L*>YU1RWrA>nVHZFJKzojSlwr5r!0RR9y4_gEP literal 184 zcmV;p07w5HiwFP!00000|Ba8$3c@fDgztHZ9JL@M{Rvd+p`JVl-g*t2x?;g5rJGvy z>22&m1O;z1`|S+OBI0z04vAl}r^eYeS3FuWpbJ(4TDWOytk*z#Tg90w1Aw-%pXW;K zfd&KK&At|IDGyM&+xfeGO<_!> mP#clOO2klSCIOR+qs%i%6rR#lak&%!Jv{*hD>)t?0RRA$Pf@S{ diff --git a/creusot/tests/should_succeed/option.coma b/creusot/tests/should_succeed/option.coma index 7cafeecb26..8e83dc6b14 100644 --- a/creusot/tests/should_succeed/option.coma +++ b/creusot/tests/should_succeed/option.coma @@ -88,7 +88,7 @@ module M_option__unwrap [#"option.rs" 15 0 15 15] let%span soption24 = "../../../creusot-contracts/src/std/option.rs" 99 26 102 17 let%span soption25 = "option.rs" 37 15 37 16 let%span soption26 = "option.rs" 36 22 36 36 - let%span snum27 = "../../../creusot-contracts/src/std/num.rs" 29 28 29 32 + let%span snum27 = "../../../creusot-contracts/src/std/num.rs" 30 28 30 32 use prelude.prelude.Int @@ -334,7 +334,7 @@ module M_option__map [#"option.rs" 44 0 44 12] let%span sord28 = "../../../creusot-contracts/src/logic/ord.rs" 117 39 117 69 let%span sord29 = "../../../creusot-contracts/src/logic/ord.rs" 122 39 122 84 let%span stuples30 = "../../../creusot-contracts/src/std/tuples.rs" 9 20 9 22 - let%span snum31 = "../../../creusot-contracts/src/std/num.rs" 21 28 21 33 + let%span snum31 = "../../../creusot-contracts/src/std/num.rs" 22 28 22 33 let%span sord32 = "../../../creusot-contracts/src/logic/ord.rs" 185 16 191 17 use prelude.prelude.Int @@ -656,7 +656,7 @@ module M_option__inspect [#"option.rs" 69 0 69 16] let%span soption9 = "option.rs" 83 18 83 19 let%span smodel10 = "../../../creusot-contracts/src/model.rs" 79 8 79 28 let%span soption11 = "../../../creusot-contracts/src/std/option.rs" 11 8 14 9 - let%span snum12 = "../../../creusot-contracts/src/std/num.rs" 21 28 21 33 + let%span snum12 = "../../../creusot-contracts/src/std/num.rs" 22 28 22 33 use prelude.prelude.Int @@ -1794,7 +1794,7 @@ module M_option__and_or_xor [#"option.rs" 187 0 187 19] let%span sresolve28 = "../../../creusot-contracts/src/resolve.rs" 82 8 85 9 let%span smodel29 = "../../../creusot-contracts/src/model.rs" 79 8 79 28 let%span soption30 = "../../../creusot-contracts/src/std/option.rs" 11 8 14 9 - let%span snum31 = "../../../creusot-contracts/src/std/num.rs" 21 28 21 33 + let%span snum31 = "../../../creusot-contracts/src/std/num.rs" 22 28 22 33 use prelude.prelude.Int @@ -2157,7 +2157,7 @@ module M_option__and_then [#"option.rs" 208 0 208 17] let%span soption12 = "option.rs" 231 41 231 45 let%span smodel13 = "../../../creusot-contracts/src/model.rs" 79 8 79 28 let%span soption14 = "../../../creusot-contracts/src/std/option.rs" 11 8 14 9 - let%span snum15 = "../../../creusot-contracts/src/std/num.rs" 21 28 21 33 + let%span snum15 = "../../../creusot-contracts/src/std/num.rs" 22 28 22 33 use prelude.prelude.Int @@ -2381,7 +2381,7 @@ module M_option__filter [#"option.rs" 235 0 235 15] let%span smodel13 = "../../../creusot-contracts/src/model.rs" 79 8 79 28 let%span smodel14 = "../../../creusot-contracts/src/model.rs" 88 8 88 22 let%span soption15 = "../../../creusot-contracts/src/std/option.rs" 11 8 14 9 - let%span snum16 = "../../../creusot-contracts/src/std/num.rs" 21 28 21 33 + let%span snum16 = "../../../creusot-contracts/src/std/num.rs" 22 28 22 33 use prelude.prelude.Int @@ -2810,7 +2810,7 @@ module M_option__or_else [#"option.rs" 278 0 278 16] let%span soption12 = "option.rs" 298 18 298 19 let%span smodel13 = "../../../creusot-contracts/src/model.rs" 79 8 79 28 let%span soption14 = "../../../creusot-contracts/src/std/option.rs" 11 8 14 9 - let%span snum15 = "../../../creusot-contracts/src/std/num.rs" 21 28 21 33 + let%span snum15 = "../../../creusot-contracts/src/std/num.rs" 22 28 22 33 use prelude.prelude.Int @@ -3042,7 +3042,7 @@ module M_option__insert [#"option.rs" 302 0 302 15] let%span sresolve16 = "../../../creusot-contracts/src/resolve.rs" 54 20 54 34 let%span smodel17 = "../../../creusot-contracts/src/model.rs" 79 8 79 28 let%span soption18 = "../../../creusot-contracts/src/std/option.rs" 11 8 14 9 - let%span snum19 = "../../../creusot-contracts/src/std/num.rs" 21 28 21 33 + let%span snum19 = "../../../creusot-contracts/src/std/num.rs" 22 28 22 33 use prelude.prelude.Int @@ -3230,7 +3230,7 @@ module M_option__get_or_insert [#"option.rs" 316 0 316 22] let%span sresolve31 = "../../../creusot-contracts/src/resolve.rs" 54 20 54 34 let%span smodel32 = "../../../creusot-contracts/src/model.rs" 79 8 79 28 let%span soption33 = "../../../creusot-contracts/src/std/option.rs" 11 8 14 9 - let%span snum34 = "../../../creusot-contracts/src/std/num.rs" 21 28 21 33 + let%span snum34 = "../../../creusot-contracts/src/std/num.rs" 22 28 22 33 use prelude.prelude.Int @@ -3635,7 +3635,7 @@ module M_option__take_if [#"option.rs" 360 0 360 16] let%span smodel19 = "../../../creusot-contracts/src/model.rs" 79 8 79 28 let%span sresolve20 = "../../../creusot-contracts/src/resolve.rs" 54 20 54 34 let%span soption21 = "../../../creusot-contracts/src/std/option.rs" 11 8 14 9 - let%span snum22 = "../../../creusot-contracts/src/std/num.rs" 21 28 21 33 + let%span snum22 = "../../../creusot-contracts/src/std/num.rs" 22 28 22 33 use prelude.prelude.Int @@ -4224,7 +4224,7 @@ module M_option__zip_unzip [#"option.rs" 408 0 408 18] let%span smodel20 = "../../../creusot-contracts/src/model.rs" 79 8 79 28 let%span soption21 = "../../../creusot-contracts/src/std/option.rs" 11 8 14 9 let%span stuples22 = "../../../creusot-contracts/src/std/tuples.rs" 29 28 29 57 - let%span snum23 = "../../../creusot-contracts/src/std/num.rs" 21 28 21 33 + let%span snum23 = "../../../creusot-contracts/src/std/num.rs" 22 28 22 33 let%span smodel24 = "../../../creusot-contracts/src/model.rs" 116 8 116 12 use prelude.prelude.Int @@ -4563,7 +4563,7 @@ module M_option__transpose [#"option.rs" 430 0 430 18] let%span sresult11 = "../../../creusot-contracts/src/std/result.rs" 67 27 67 54 let%span smodel12 = "../../../creusot-contracts/src/model.rs" 79 8 79 28 let%span soption13 = "../../../creusot-contracts/src/std/option.rs" 11 8 14 9 - let%span snum14 = "../../../creusot-contracts/src/std/num.rs" 21 28 21 33 + let%span snum14 = "../../../creusot-contracts/src/std/num.rs" 22 28 22 33 use prelude.prelude.Int diff --git a/creusot/tests/should_succeed/ord_trait.coma b/creusot/tests/should_succeed/ord_trait.coma index 59e43e96ea..1901c13752 100644 --- a/creusot/tests/should_succeed/ord_trait.coma +++ b/creusot/tests/should_succeed/ord_trait.coma @@ -272,8 +272,7 @@ module M_ord_trait__gt_or_le_int [#"ord_trait.rs" 21 0 21 47] let rec gt_or_le_int'0 (x:UInt64.t) (y:UInt64.t) (return' (ret:bool))= (! bb0 [ bb0 = s0 [ s0 = UInt64.le {x} {y} (fun (_ret':bool) -> [ &_0 <- _ret' ] s1) | s1 = return' {_0} ] ] ) [ & _0 : bool = any_l () | & x : UInt64.t = x | & y : UInt64.t = y ] - [ return' (result:bool)-> {[@expl:gt_or_le_int ensures] [%#sord_trait0] result - = (UInt64.to_uint x <= UInt64.to_uint y)} + [ return' (result:bool)-> {[@expl:gt_or_le_int ensures] [%#sord_trait0] result = (UInt64.t'int x <= UInt64.t'int y)} (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/ord_trait/why3session.xml b/creusot/tests/should_succeed/ord_trait/why3session.xml index 0c27cd38a8..041db9ecd1 100644 --- a/creusot/tests/should_succeed/ord_trait/why3session.xml +++ b/creusot/tests/should_succeed/ord_trait/why3session.xml @@ -18,7 +18,7 @@ - + diff --git a/creusot/tests/should_succeed/ord_trait/why3shapes.gz b/creusot/tests/should_succeed/ord_trait/why3shapes.gz index 79f77557406a51306db4f3fa62b1aa4027ff37b7..c73c61d896a0bbe596c7cbbdddcc24310ebb9686 100644 GIT binary patch literal 418 zcmV;T0bTwdiwFP!00000|8PlQt6h zD3D6~?`sH2F-;^S#`DfIA25D+jJr2HQWt+v+ief~pRtM`e?++5e_*@CeV;JP-iPC0 z6c=M202a;x-Y70cge$Cf$Fe!R`gm>yK9|4WPuL_r+iGwWVMuDF4|$=kOV~P4q)ol@ zrzPyEP1u6dR?XEARaReUD9c$zkV z! literal 412 zcmV;N0b~9jiwFP!00000|AmuHPlPZKhVT3eZmXU;ZE3-{2V=x;Vmz5%$t)do6ZS)3 zP5k#3bdlm36Am-;&NCk{TwKNND;}tg->GRg``vY{;;YLDH@kOiHn{5+%(A!M?T!3o zOcTJuSAsY4lM&$(%k814_b)!5TY-1Q{o4`ig|D{k19_N|Sm{$9scjc*6)4gsUU_H; zJ8Bke#%ZgjYKSVU$D%VXwZJSun4g^srhOP@IB@^`>@-(}1vwqd?~E^9pguQ8%A=={ zODw2y;sK&S`hr46TSx<@?gHs-qs($PAF!rC9ebVP=!g!*cJHX}zbX9kd*b%{0yz9w ztM9Yn{w>n>(0vrc(M6N}rnO*J+xz^lA^3cVu`55*pHC;jnt+=Q*sh z!edRAg`xkTJddJ`OGWD}Q)R-PWGrILGFk7 G0{{R$H^ - + diff --git a/creusot/tests/should_succeed/printing/why3shapes.gz b/creusot/tests/should_succeed/printing/why3shapes.gz index ccb5f71f73a5631f370034ecbc1eea8a5041bcad..789171e8e8584dc7da8b95246075d0d35389741e 100644 GIT binary patch literal 173 zcmV;e08;-SiwFP!00000|837r3c@fD1>k*75xdg5nWVo8F5F1HfGa`L%(N9^Tauu7 zds{(}D6^S)d_0(C%w4BOa{Nx#U59?la~`jl+Nre`)5znr8tPl$DKg%j5-s*q)RO<) zpd;sztX-V@=n#4tcscuuj2ZYZ76BGBehk*&-);yve0MXtjsAIgzsFdE1*BM~lmIo9 bX)HyiOF-0lEjM|>MFs2yB&-;u4gmlF>oZQ4 literal 173 zcmV;e08;-SiwFP!00000|838)3c@fHh2cF<5j$yJZjxGCp@WOm7jP2fHo0wu*p?(H zzP(fsBsw1W_~9&5?t7fb^E)|z9fuvydAed);aUqVv^-*kmWD3$NH+MB(qfMlb`(Av zbmD^{=N9K7ImBK@Ue3NIYe)WzMTEtSAEUG8ZyO>G-)%;>DLgOldyM5}0o%-AE6c)A bu0W#5VAGgJQ430PQ3HDcG%)!@4gmlF8e>Xw diff --git a/creusot/tests/should_succeed/projection_toggle/why3shapes.gz b/creusot/tests/should_succeed/projection_toggle/why3shapes.gz index bc81d33b21e6b5a2da69fd92c1ff47fdbd73d2ff..77ddd2edda00ed2cbdc4795fe052c0959c8dce9c 100644 GIT binary patch delta 395 zcmV;60d)S}1K$IX8V=V~@xeVO6dgIItw(v8l5lNsu?&+{ zdwx%AC|-465#s2iiTg1aW|+LVp)Y^B*%F^1AQ2N>&lFIWW{N4tQ@xHTPc5;6I1#cH pU6H`1gl8_&nplvL;y6Q5Bqd`aiv+h3rim2~{s5NRnb#Tz000m4!Q%h` delta 394 zcmV;50d@Z01KtCW8V(m%@xeVD_eayf5KZE~J9(U!`=;cv}p0fr@`6$0{`HV5?=`6=P zi-8J%+;-Revfcg&8qbdS+D?5+<^4Lw8`zXKM;+P+J?^y(kY%UFI+gv<>2~P!S?jN~ z4+C)mhh}mC^~RY9w(!%|h*+rYXTzlG2-xPuC2XQEt$gRU11>c?D3#yfW~wPP52fAV zM^z~P+ga?guWec27Py(i$5DDpbL=m3L#IY@R~Q-N&Ne)y1ot5dKH^j9y*vnG878at z{GQfOyz0Ip#L-C;_hT^3FnMu9U;cEnB|bqwW=wD$DWEJ#6;qBUdOf2&$w(%M6CqpC o6$vQO5tTF|B6HNawNzrJnaCJRwMsI;G_m5rA0!8p*ct}_03V#j-T(jq diff --git a/creusot/tests/should_succeed/projections/why3shapes.gz b/creusot/tests/should_succeed/projections/why3shapes.gz index 3242a3a1383ff261dc3d92689812396cbf9dca5c..d26e2aacd764cf869941486a5b5bc354edfb7a7d 100644 GIT binary patch delta 175 zcmV;g08szG0loo{7k^W)Er&H>Fh-&a4koOmEhQSmM+%zw??n*V?zwyJeb)i)Zn||H zeL3IVn|eo)1{;#5I@X8$=>3XiJY&fMXB}tkkC5zt?&UF{oYZNa&5=Zs5LdPRJ0A<@ zhHF!~Z>qLW?_J$b|MPZ8SPsh`hAbi&a;+tzfYK-)icndw1}MOWWrVJvaAHKDK?GMw dZe+;N39F1$5lDex*_ICyCm-sUB9 zT$+l$sc4_hQQc4f^L9vB4$EE)S*#RR8ze(QSqS4GBrv5kGAXc#fLd~K1g4|H1j;IF e3SVgzsnV!8vIGKRUlcG%l6?Tb_PEpq0RRA>>{9gr diff --git a/creusot/tests/should_succeed/resolve_drop/why3session.xml b/creusot/tests/should_succeed/resolve_drop/why3session.xml index 37da0b3516..43a522a203 100644 --- a/creusot/tests/should_succeed/resolve_drop/why3session.xml +++ b/creusot/tests/should_succeed/resolve_drop/why3session.xml @@ -6,8 +6,8 @@ - - + + diff --git a/creusot/tests/should_succeed/resolve_drop/why3shapes.gz b/creusot/tests/should_succeed/resolve_drop/why3shapes.gz index 8e3e383390641363138c90516c50109672dcea8f..cb3625a90be27278275ef3a2ac063fdca8fabbdd 100644 GIT binary patch literal 224 zcmV<603ZJ!iwFP!00000|8ep0~=F{4|K(J)j~7P zyPp-X`()3>x6UWDvr+Imr_X!~bx2m;uU5nOMN>-?p6OF6}wjWS%NBM=3 M7hLI8Q@H>D0FC=e3jhEB diff --git a/creusot/tests/should_succeed/resolve_uninit/why3session.xml b/creusot/tests/should_succeed/resolve_uninit/why3session.xml index 0ef4131ba2..877e89cd07 100644 --- a/creusot/tests/should_succeed/resolve_uninit/why3session.xml +++ b/creusot/tests/should_succeed/resolve_uninit/why3session.xml @@ -12,7 +12,7 @@ - + diff --git a/creusot/tests/should_succeed/resolve_uninit/why3shapes.gz b/creusot/tests/should_succeed/resolve_uninit/why3shapes.gz index 44f4044dd90ee76d55911eeb4914f2d8aec81232..969aa61d52537a2bedf86dfb6a989a053aefa3c8 100644 GIT binary patch literal 275 zcmV+u0qp)CiwFP!00000|DBORPlPZKh41|p+*bEQhn5x-4|{3k;>q+%20B$D3oEb~ z|Glsat1)b%UYgD~uk$9aH`}0l!2@-{Ky6nx^<5AL+gpZZJ#0eDQ*5bgs)5D=b~A+( z%Pw=|@mTe9eQuZ(?`?=r?U8n0BPL|9>S)n%!)Sl#KeCfIdmI%|$TvSqv2U`n?k&uh zGrlZ=dDFJdJGssNwU9Q(XX>-keaDttxsJs;1{+;*u<{>o;=kJ)b8VPd+Lu_Tu+)#R z)UU!y*8P>$*W8n-xwxNx&@fgcoC}>qTA+_z5dq}nT_}0(A_D0G{tz+%<-GQUN{&aQ Z$a5iLLN0(P*LoBI`vlN$!Uuf<006}(gr5Ka literal 273 zcmV+s0q*`EiwFP!00000|DBOPZ-X!p#dm)SZ)r364+dN*LlzYF$}2kCM~X@y#e}Ng zz9NMtm7r3)o!|4_@AU3rOT!DCG0*|KP_@kyjp_E0K-CNzW_S)AhPEDX!;IKZs>q=V zg~t*ubw9noj4X$pVes5taDN*yN*UAv=YKpScslnV#g$E92Yp*qO>e|hI5l<&r{2oD z4ZyZt*S@3QoL-$WF&wckDt|84GT diff --git a/creusot/tests/should_succeed/result/result.coma b/creusot/tests/should_succeed/result/result.coma index 7302659d04..ee0faf60eb 100644 --- a/creusot/tests/should_succeed/result/result.coma +++ b/creusot/tests/should_succeed/result/result.coma @@ -119,7 +119,7 @@ module M_result__test_result [#"result.rs" 3 0 3 20] let%span sresult117 = "../../../../creusot-contracts/src/std/result.rs" 129 26 129 84 let%span sresult118 = "../../../../creusot-contracts/src/std/result.rs" 130 26 130 80 let%span sresolve119 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 - let%span snum120 = "../../../../creusot-contracts/src/std/num.rs" 29 28 29 32 + let%span snum120 = "../../../../creusot-contracts/src/std/num.rs" 30 28 30 32 use prelude.prelude.Int diff --git a/creusot/tests/should_succeed/rusthorn/inc_max/why3session.xml b/creusot/tests/should_succeed/rusthorn/inc_max/why3session.xml index ca428d0878..0b599d88c9 100644 --- a/creusot/tests/should_succeed/rusthorn/inc_max/why3session.xml +++ b/creusot/tests/should_succeed/rusthorn/inc_max/why3session.xml @@ -6,13 +6,13 @@ - - + + - - + + diff --git a/creusot/tests/should_succeed/rusthorn/inc_max/why3shapes.gz b/creusot/tests/should_succeed/rusthorn/inc_max/why3shapes.gz index 0f0e9f1441591cd280b62b0f0c4f597254e2dc64..13a2a4d87b76abe8d89c5cc716c50013957ca27c 100644 GIT binary patch literal 582 zcmV-M0=fMkiwFP!00000|IJlRkDD+Mz4I$_qupL?gKemqLt2%BRHc{7S2O{WqLPpR z*=_slYnz1du_Rh`4@DgC%zJO1zlJvti~0u~WW9KlRh^gn_Y1aocx%BDlHDOL%B_tA z5*R+kpN}UfY;=UB4g^DpBZz{0m33{SXpkYoQJF85ghp028u6%b``IDY6|@r_@tE+0 zKSc9sh^e4IVq*PXr!&rCfl1%d5l-8t4F}eGh;;;ZJA)c1+t^r>3e5VrqG@9jK`yX2 zDqhGo99X%+Zpx}EpJZz9enN7pD!Eruz91B~vWfF_7U13kIQIbL3@`(<(#E?iWceNn z{qf&e#D3o*L1&BVLv2&v`V|sECF`DXNEFb!Wkv(|Jpj9y(1RBqw%2#?Z)fS&&atbMDK!i9lx0iq4$be_ z^lNLqHk+X~|CmL(jWlJP>(aRU(wXP=0MhhomM8dPgBu$>>hz|_cbCjHdX6M`rTZ1u z9OL4nx&v&4GchHzgJ1DUkz%OZ*f;oaQyZG6GCrsYRB@gEk++VpS`{+COqPZFA>j=}lXPPlWI*(9_f&20;q|AcO$fqo*>;|WSIGS8~*`Tk`bSQaO~B-{m- z`5ATH4Up7LiBBC*(hM`Xz$o-XFXSN$Y3PPdNJ1PUYeOVuK36{<=DSXkIusmg`Hn{vj(&UZzc%~dgR|zNW%7<6LAo|Wq~N2pDj)nw<4>k1 z62&*uj^!bcV-j;!Z?a}v7u{T*eeFE*tye|?iL~N~9lM;J`7#BnlIp64U41ec*yEHMP|p(vqLMIK}>K7dn# j0uD=ADg~;@0+D9|RKCiTL;)VU_~1F;cSlJ`00sa6f&jgA diff --git a/creusot/tests/should_succeed/rusthorn/inc_max_3/why3session.xml b/creusot/tests/should_succeed/rusthorn/inc_max_3/why3session.xml index 030619c3c9..2c1995c25c 100644 --- a/creusot/tests/should_succeed/rusthorn/inc_max_3/why3session.xml +++ b/creusot/tests/should_succeed/rusthorn/inc_max_3/why3session.xml @@ -7,13 +7,13 @@ - - + + - - + + diff --git a/creusot/tests/should_succeed/rusthorn/inc_max_3/why3shapes.gz b/creusot/tests/should_succeed/rusthorn/inc_max_3/why3shapes.gz index 6836d698d80dd5f1f641c2da9f03df0bf504430b..bc503f3c7c6a20865aed8682b05a46bd836e5a62 100644 GIT binary patch literal 685 zcmV;e0#f}SiwFP!00000|CLlrkDD+MzVj<`OS`?;;|I9v9=26eB30>SMNwqtdw9M9{O)Gf{4{&p%${uBY^vSInVj9ckIbzpw)?EC9_K_8 zP0g3=>)~k1IXReHS6GA;rU5D6ZPU!jGC)8xM84J5w6>m;iB4!fMnfsrqBouBq)xO7 z+3{sbVo^<$)cuAyQvXpO>LX1e6n+D@~W<@XS<$ne;Ko0o8nm4cGqfP z#n~K~*{t#3jkK+@&91#&^U5LJ z9PjI+bw`3*FHG6k<*M5TlEc6VY{XzVqAZr(^an#aHU!ii21Z~AgY}5A7`|K*4w!p8 z_97np{^d(JK5RD~}q-@1Ylf1U10cu&>&e&Mg>|Ei)WH!LBN zt!1$WWkHIhhy{&v3x(lakr^eaN|Q8BWhzphvJ_I9lE|9ea>x~X;EaHRgejJzPoiiJ T0<6UcjYYy+`0XT2kw)tzyhu1$OqrpOPRg%hh#eK7@>fR#X2APXf+nTy3H7E+$ zuDPmrd2_1E?w;LZTs6c+8yBZ>)tnD6eDZ$W(Jtc^N#TW5nv^0Ht$9U|dJrm7ntz#o zSCup1>XZ0%ND4?v2gUy5Vp4dE&H`5-O-eW+@Sdgld%=mfu-D4ii#$S)=k%3HiJI{1~8sV$6j`TKdo04Q=fCIsMw zh>|t`7#GZSISF^B7~H|cCv59Z_CJ_|AW5K - - + + - - + + diff --git a/creusot/tests/should_succeed/rusthorn/inc_max_many/why3shapes.gz b/creusot/tests/should_succeed/rusthorn/inc_max_many/why3shapes.gz index fcd3a15208aab3025f87a9ce5eeb5cc7d3d55c69..b9767130701f5c2f3424f0d612143f623291de2d 100644 GIT binary patch literal 633 zcmV-<0*3t`iwFP!00000|IJmwj+-zLz4H~h(QYpugAG(orL-yqscJ8kuV@lXib_HP zWVh|t*9Jm>gk+=cp@@S$^WMxGjXi$#Fe`uHPL{JrS(ItMeLLf`ht~$qakbe+S-v)j zAOi4X^l5*<%p`l9YlA<8Sb{3Z7g?4j2?ri3EamxJNUUUGk`a#yyYC%RZNa*rBOVv7 z@P=sT+{Bg98!@!P2f3I!jZ^{MYhpCOxdq@y5qfjyVS9N6|8|zHb&j7x)u|?du99rX&93?# z)$>|S4n1zvt-@Flsp`u<3Gw|Lt2|1z1lF#Gfccpf-*gn(tze-i4`>u<;|CRww}5sH zxWQl1LBS&|8{;>8cR3nXPkFRc#S~GQ{*hs$oi-xaxpq2G$u4SVL+$LAc6N_;c18Qe z4(V*C_Pd(bcGj&s>kj3QpvS~L^YwB@z~_~9G5Yh$t7nWlE!L#psXM~MRL=-^=$p82 zwL_EC?P_0uGw#&G(9AR?NOPM6_4BLWCSQMH{d7`T0ja-5vnRtnc*nhO7!LI$b!_B` zmoVF2B8}~sddzYqOMuH6kiZMvzzKN30z0q*8bCmdnjczm= literal 417 zcmV;S0bc$eiwFP!00000|HV{2Z=^5~?fDgS`D$hiYw#&VqCufa6}epvVBeu6kN}$~ z|330+0cVBDMq25p2EXxpZ^mO^Ui`&FK_b<{}AQS*Ef?GJ5QGDs{~oO0i}EWxNhY zqc;9-n9itso@sHPQZ!K-IaiiA-LXaCsh8K`bGv^YyocGdvjzYF5qrqb diff --git a/creusot/tests/should_succeed/rusthorn/inc_max_repeat.coma b/creusot/tests/should_succeed/rusthorn/inc_max_repeat.coma index 7c9e1c4fda..4156260123 100644 --- a/creusot/tests/should_succeed/rusthorn/inc_max_repeat.coma +++ b/creusot/tests/should_succeed/rusthorn/inc_max_repeat.coma @@ -161,7 +161,7 @@ module M_inc_max_repeat__inc_max_repeat [#"inc_max_repeat.rs" 15 0 15 53] let%span srange21 = "../../../../creusot-contracts/src/std/iter/range.rs" 42 15 42 32 let%span srange22 = "../../../../creusot-contracts/src/std/iter/range.rs" 43 15 43 32 let%span srange23 = "../../../../creusot-contracts/src/std/iter/range.rs" 44 14 44 42 - let%span snum24 = "../../../../creusot-contracts/src/std/num.rs" 52 28 52 33 + let%span snum24 = "../../../../creusot-contracts/src/std/num.rs" 54 32 54 37 let%span srange25 = "../../../../creusot-contracts/src/std/iter/range.rs" 15 12 15 78 let%span sresolve26 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 let%span sord27 = "../../../../creusot-contracts/src/logic/ord.rs" 78 39 78 89 @@ -221,7 +221,7 @@ module M_inc_max_repeat__inc_max_repeat [#"inc_max_repeat.rs" 15 0 15 53] use seq.Seq function deep_model'0 (self : UInt32.t) : int = - [%#snum24] UInt32.to_uint self + [%#snum24] UInt32.t'int self use seq.Seq @@ -389,12 +389,11 @@ module M_inc_max_repeat__inc_max_repeat [#"inc_max_repeat.rs" 15 0 15 53] [ bb4 = {[@expl:for invariant] [%#sinc_max_repeat5] inv'1 (Snapshot.inner produced)} {[@expl:for invariant] [%#sinc_max_repeat5] inv'0 iter} {[@expl:for invariant] [%#sinc_max_repeat5] produces'0 (Snapshot.inner iter_old) (Snapshot.inner produced) iter} - {[@expl:loop invariant #0] [%#sinc_max_repeat4] UInt32.to_uint a - <= 1000000 + Seq.length (Snapshot.inner produced) - /\ UInt32.to_uint b <= 1000000 + Seq.length (Snapshot.inner produced)} - {[@expl:loop invariant #1] [%#sinc_max_repeat3] UInt32.to_uint a - >= UInt32.to_uint b + Seq.length (Snapshot.inner produced) - \/ UInt32.to_uint b >= UInt32.to_uint a + Seq.length (Snapshot.inner produced)} + {[@expl:loop invariant #0] [%#sinc_max_repeat4] UInt32.t'int a <= 1000000 + Seq.length (Snapshot.inner produced) + /\ UInt32.t'int b <= 1000000 + Seq.length (Snapshot.inner produced)} + {[@expl:loop invariant #1] [%#sinc_max_repeat3] UInt32.t'int a + >= UInt32.t'int b + Seq.length (Snapshot.inner produced) + \/ UInt32.t'int b >= UInt32.t'int a + Seq.length (Snapshot.inner produced)} (! s0) [ s0 = bb5 ] [ bb5 = s0 [ s0 = Borrow.borrow_mut {iter} diff --git a/creusot/tests/should_succeed/rusthorn/inc_max_repeat/why3session.xml b/creusot/tests/should_succeed/rusthorn/inc_max_repeat/why3session.xml index 038a72daae..b2c448ed5b 100644 --- a/creusot/tests/should_succeed/rusthorn/inc_max_repeat/why3session.xml +++ b/creusot/tests/should_succeed/rusthorn/inc_max_repeat/why3session.xml @@ -2,18 +2,72 @@ - - + - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/creusot/tests/should_succeed/rusthorn/inc_max_repeat/why3shapes.gz b/creusot/tests/should_succeed/rusthorn/inc_max_repeat/why3shapes.gz index 878d1fc764695732672ebd485d84e0125f61bb08..d46764239351e6abe9f7f393f599da253d0bf310 100644 GIT binary patch literal 2008 zcmV;}2PgO+iwFP!00000|IJw2ZX>x7eb-kA$b*yh3yXIK>jjj76&eUUKoaz;z$V!q zA+lsk@_061zr}9#RX5+p*qMP%7Ec`>Ru`+f=dZtvH{aYt+>F1+^=7_W{(UURzx-|F zuAIMrm@QU!7bGJYxG%Ho$0xVAAdl`U8K!**%P2zr6*rp;a?@L(8N-!-uA|$=^#vLD ziHvtw`>s3_4e7v7W;!!{wAwdGG@5}Yq<`&khO3YP?J9b7Pj}nOJRRNku`C1L2u#3O z*@m1V1KGtbwv}yN$ps`~Nxrv|h(0QkjejcNe#_c{mE- z=K$;+fbIb0giMm~X4Mt*rCX%IpGG2>u0%?95^;c!sVlvO+_-hztQOzn1?g^)c$@Q; zwzph9$Wk?3d<2rzuUt zddjLAeW=?2#pM(ICe_^&9S1lfj`bXnScl7}xmUFJt+HGgHlH$`k2W6)>H6(8pVB<+ z73r!Dn@?#Qa*C8?{pM5J_6SwFHhaydG$SXD-O>Xo|4hnh-k-X9I;v8`ZD;>>%R5YE z%wSL4ax`CVSF<^ik1sZHQCy6-zdyt=g57%VmfPgF1I!-Q@ifCaK0eLyvecX55RcZQ zSZ%fkI66p7Rs6Y(YqyNgRbr2d)w-*wP5lnCVi>wM#J^s-?FH&^xx1`m;udjvxBWKs znY3Vc7Cc(4Ru8SX@n0~~zjgL%hz`4dZNaVq=P%t0`T^U;CDh?h5r0XvYQLRB8!9+< z{Mw@%sOS?VX8Xg9s07z%!Sb;~ zH~#JiN#63>wk(f(Li+e$1XQ;bv}A*}l48Qxaks zLx%&7Xhyf~^9oDcGZwnd{QnV!&9~p~<96=HEBurz7OUsbDSn?GcJDA$yy`+uP0^&scN4r(I)R&*~yHdUrib`JCpkdxlqTruJVEcA(j65jsgy zqVWyARfBW-b{#XiR{+}O{p*j_rWr5K-1rKcM$5fR-n-BUTpo0*QfLQ+q03`2s;gel zv=iM?>RzGRy;Qa9sdk4|=P-0ZiMOTf9QJG(W672={E~sk;-)1^D=kqAxZ1Nel5pCL zU~(WVJHT#yrhfO>27$S$w9`ri+t*HeD%nBptgoG&)6QO_ot@BrmGS;JDi;~Y&r6Qo zHDji~gdd`Z{{N?3Xnb^YJIkp|*Ei!(PQ>7%m*+z}NB_x@kLFg;k;?NDUHu|^3!0cu#{Vh zUer>Y5(~zHwxBFX3&H}oz$_psjB*21)8KQEiu;HxE&?wi%cJ~4kPsp*M9!$!N>$|Wc783HWFVPr2}U(AMn~w$FM_~oGf>}YW04s>)#&T`B`WOwYU=9;PGlQuSC1wSR(XntT#SN7yLxizH zTcLigk|KtjQlaxe1#`53Jmv)$&2=Es`%;M{pC!iR-W#nc!RzB4kA@Sp;gj)TjI6}K z=jrjpE09J7g_l_f#S987lyZUv<)TZsOwv!46hYw!1Kt#&Nzfn+5g`&UuvaLd6;D@E zvd>nf38P$Mtcdm;1?AKUA|#ar14Rj>o+bHDh=w778%?w}OyF)>=LN|rJ}xv;>}zRH+2cF_ literal 631 zcmV--0*L(|iwFP!00000|HV{IZ<|06z4I%4a~ogwi?6CwLXi=^xKbO<6%DXW~3$Q7ZLN$iv z3xKY$l6AQ|$vH9W03ROLRxnu8SDX)f&{PHcc8MsO5)o6Z_GJMue5j5xoZ2-C{xu5} zyz6OK*QS5BOdnYHW42{_O70-pmYZVvw>vf@EV(~4zmo3vU^UNJs8eet(t(ACs?3j> ztlN3wVgU>U*ees}uMi3h_^Q{ibub__8p%4?nE*%Uok&}u;6^&o7y~cTfyOxakq)f& zx%EJWju?O5tS~qqaWRni5V0u4LM3T=RC)b2V`a(@IAddZW?UBU$_rCI07gfnWgajG zm>agK@zj|O?5(+X34Mq9c%Q6GCFi6&x~Sv}Fwq?xY?2?SwsKD9`=^WmWgXt$4<~l* zY$z-Dhn;L>e#v;>S2wP~*m4<;$7c3^C)Kuj#6l@q0rkF*Ct$Ymf*Io1k!D6o_g&@j zYrON`{sH?|4h&#+*srmU=#X5tKwGAfRdOinW=>vrzZ*=iAeP~JjRD>#Kg)glli)sZ zH!{y=+l0|JK}Y6WpSW1`RyfDHP}`ksN(F+L4HeYT5VvcXEfiC&zFmR-o5FcKmX%VU zF-}o9xN$unJ?av|NxmT)KhNxRMq^@e6gF{fA8oSnNt%%~&0Hk8XvxU(8I8Tzjh)zz RMa*Mn{RWG`@bFCu0078hFX#XO diff --git a/creusot/tests/should_succeed/rusthorn/inc_some_2_list.coma b/creusot/tests/should_succeed/rusthorn/inc_some_2_list.coma index 79ec3bc2d9..175b8c27f7 100644 --- a/creusot/tests/should_succeed/rusthorn/inc_some_2_list.coma +++ b/creusot/tests/should_succeed/rusthorn/inc_some_2_list.coma @@ -16,7 +16,7 @@ module M_inc_some_2_list__qyi7504674480942992291__lemma_sum_nonneg [#"inc_some_2 function sum'0 [#"inc_some_2_list.rs" 21 4 21 23] (self : t_List'0) : int = [%#sinc_some_2_list3] match self with - | C_Cons'0 a l -> UInt32.to_uint a + sum'0 l + | C_Cons'0 a l -> UInt32.t'int a + sum'0 l | C_Nil'0 -> 0 end @@ -61,7 +61,7 @@ module M_inc_some_2_list__qyi7504674480942992291__sum_x [#"inc_some_2_list.rs" 4 function sum'0 [#"inc_some_2_list.rs" 21 4 21 23] (self : t_List'0) : int = [%#sinc_some_2_list3] match self with - | C_Cons'0 a l -> UInt32.to_uint a + sum'0 l + | C_Cons'0 a l -> UInt32.t'int a + sum'0 l | C_Nil'0 -> 0 end @@ -90,7 +90,7 @@ module M_inc_some_2_list__qyi7504674480942992291__sum_x [#"inc_some_2_list.rs" 4 | & l : t_List'0 = any_l () | & _8 : UInt32.t = any_l () ] - [ return' (result:UInt32.t)-> {[@expl:sum_x ensures] [%#sinc_some_2_list2] UInt32.to_uint result = sum'0 self} + [ return' (result:UInt32.t)-> {[@expl:sum_x ensures] [%#sinc_some_2_list2] UInt32.t'int result = sum'0 self} (! return' {result}) ] end @@ -135,7 +135,7 @@ module M_inc_some_2_list__qyi7504674480942992291__take_some_rest [#"inc_some_2_l function sum'0 [#"inc_some_2_list.rs" 21 4 21 23] (self : t_List'0) : int = [%#sinc_some_2_list8] match self with - | C_Cons'0 a l -> UInt32.to_uint a + sum'0 l + | C_Cons'0 a l -> UInt32.t'int a + sum'0 l | C_Nil'0 -> 0 end @@ -170,7 +170,7 @@ module M_inc_some_2_list__qyi7504674480942992291__take_some_rest [#"inc_some_2_l use prelude.prelude.Snapshot function view'0 (self : borrowed UInt32.t) : int = - [%#smodel9] UInt32.to_uint self.current + [%#smodel9] UInt32.t'int self.current meta "compute_max_steps" 1000000 @@ -234,7 +234,7 @@ module M_inc_some_2_list__qyi7504674480942992291__take_some_rest [#"inc_some_2_l [ return' (result:(borrowed UInt32.t, borrowed (t_List'0)))-> {[@expl:take_some_rest ensures #0] [%#sinc_some_2_list2] sum'0 self.final - sum'0 self.current - = UInt32.to_uint (let (a, _) = result in a).final + sum'0 (let (_, a) = result in a).final + = UInt32.t'int (let (a, _) = result in a).final + sum'0 (let (_, a) = result in a).final - view'0 (let (a, _) = result in a) - sum'0 (let (_, a) = result in a).current} {[@expl:take_some_rest ensures #1] [%#sinc_some_2_list3] view'0 (let (a, _) = result in a) <= sum'0 self.current} @@ -267,7 +267,7 @@ module M_inc_some_2_list__inc_some_2_list [#"inc_some_2_list.rs" 70 0 70 51] function sum'0 [#"inc_some_2_list.rs" 21 4 21 23] (self : t_List'0) : int = [%#sinc_some_2_list7] match self with - | C_Cons'0 a l -> UInt32.to_uint a + sum'0 l + | C_Cons'0 a l -> UInt32.t'int a + sum'0 l | C_Nil'0 -> 0 end @@ -275,15 +275,15 @@ module M_inc_some_2_list__inc_some_2_list [#"inc_some_2_list.rs" 70 0 70 51] let rec sum_x'0 (self:t_List'0) (return' (ret:UInt32.t))= {[@expl:sum_x requires] [%#sinc_some_2_list2] sum'0 self <= 1000000} - any [ return' (result:UInt32.t)-> {[%#sinc_some_2_list3] UInt32.to_uint result = sum'0 self} (! return' {result}) ] + any [ return' (result:UInt32.t)-> {[%#sinc_some_2_list3] UInt32.t'int result = sum'0 self} (! return' {result}) ] function view'0 (self : borrowed UInt32.t) : int = - [%#smodel8] UInt32.to_uint self.current + [%#smodel8] UInt32.t'int self.current let rec take_some_rest'0 (self:borrowed (t_List'0)) (return' (ret:(borrowed UInt32.t, borrowed (t_List'0))))= any [ return' (result:(borrowed UInt32.t, borrowed (t_List'0)))-> {[%#sinc_some_2_list4] sum'0 self.final - sum'0 self.current - = UInt32.to_uint (let (a, _) = result in a).final + sum'0 (let (_, a) = result in a).final + = UInt32.t'int (let (a, _) = result in a).final + sum'0 (let (_, a) = result in a).final - view'0 (let (a, _) = result in a) - sum'0 (let (_, a) = result in a).current} {[%#sinc_some_2_list5] view'0 (let (a, _) = result in a) <= sum'0 self.current} @@ -308,8 +308,8 @@ module M_inc_some_2_list__inc_some_2_list [#"inc_some_2_list.rs" 70 0 70 51] meta "compute_max_steps" 1000000 let rec inc_some_2_list'0 (l:t_List'0) (j:UInt32.t) (k:UInt32.t) (return' (ret:()))= {[@expl:inc_some_2_list requires] [%#sinc_some_2_list1] sum'0 l - + UInt32.to_uint j - + UInt32.to_uint k + + UInt32.t'int j + + UInt32.t'int k <= 1000000} (! bb0 [ bb0 = bb1 diff --git a/creusot/tests/should_succeed/rusthorn/inc_some_2_list/why3session.xml b/creusot/tests/should_succeed/rusthorn/inc_some_2_list/why3session.xml index fc540b1e83..18efa29a92 100644 --- a/creusot/tests/should_succeed/rusthorn/inc_some_2_list/why3session.xml +++ b/creusot/tests/should_succeed/rusthorn/inc_some_2_list/why3session.xml @@ -8,22 +8,22 @@ - + - + - + - + diff --git a/creusot/tests/should_succeed/rusthorn/inc_some_2_list/why3shapes.gz b/creusot/tests/should_succeed/rusthorn/inc_some_2_list/why3shapes.gz index ac095568efca221171d317de244533d89c51edcb..1eb22d05b8c995d464427ee76ed90bdfb4a05e1c 100644 GIT binary patch literal 791 zcmV+y1L*u8iwFP!00000|E*O^Z`&{ozWZ0?maRhpJuKN8ngLmWpt*FHL03bToZ!1xr4@)3Q zy-y_AIRyt2h)uM~vvLV8d<-LIgYPB?_Uqr@qX2Bt5KhLiRK!nHW>wS_>d`_2)ewYmN@ zUI+0fIva2#%3AqD+)aiOr%N6k^NTK`GX1A_ZEjsw5Ny}tZsjBiLG|19%Vfr2>Ky0@ zr?rZARB*_VQQdVkHPN=V^Lu?bh{#x?EYC9iXaSokE$nmq^L*TE#}K!n+!!Ef#33V; z2ST2ULYpG-cA&4g;}CJSw*S!9-b>xcsNV{|nJE{oGCrsJVw7=S6sE0edH7{U00!bw zpQ2Qa^+2TAlP=QARzo^UcM51jqkC2L=#aVY;x-O!L&O1&y z0`KId!MHe$2xkvK@B{lj&+cry+56hPo9}QnO4qHe)UKx{f$p-sqmN#7uYp~e)n>(Z z5B*NMeQS-~=AFh2EpD5(sx}gu*v@@Sy`#~~EBY$v)Sez9-FC;Wrm1%V_uh$Do{28d z{43GY=Jy{7zk4Glhu3W2nlWnUgwD)s)$ev}LeqlUC$v7{h?YLg_0TC_q-KD68#&j3 zuNw4vMdo#HDk8QbGE))hQQIkBqIigU6V(%eXDc$deBxTOkxcuSJG?e_S3DRSCoXz8 zxaVvxF57M=Qlqu(c|L(a8$zf`bix88s9>=lQ=u4B(vKJL9(X{;6q)vf1jCV VIA#jtP*MY=-hc9Q^UUB1008`ceYXGr literal 736 zcmV<60w4V!iwFP!00000|E*QQZlf>|z4H~^y4$Lf$Jp4cnw6qRC|r7~=8B9lE!qUS zkhI#rUqQi`1bS(6!5+VPGkG%}|G4$r7xijd|IIXQSy#XO(7*lZ?bPp$YR|_TqFQq( zG)b%hi6&~7?&_+&A@6tzRJ-)CJPcdU9A8iW(msTzHtJNTWp&bIWJ=Tqt;hE9QEeB8K%FR#@orpmYlL{K$|}w3bCtJ?0G9#=ULf&SJ#6ew1L=Q> zn`4APki;_^$MD01laL5V<7A?A8+AVzi?UJ&3@#z+UfoYc1u7uk_txvXSDFq$QzY1}s?gzBj|o2i&q zM!F!qEhqz0xbLNFZF{p76(O3g+gF72X47$8 zvE<{z1N&RJ!;d*PDHvCDd44(omm-)D7O*mbr}JcCurqi5vT6J-b_I$-iLfg`xO($o zfXNOf=X2jmJXTD8uD}9rHSSm_-o@o^Tyo9FKi6#m=ct0wLhnTv`_Sz`d3`wbp}0I; z>P9(h#%PT=isOac!s#KOa^mjmKIXzk<5CWMmP2?!G)3zt;naZxquXoFQ~$70ck0fD z9p$$5o}O_p$ORXI0%RtSv>-}Apacb~BvTYJANIt{vq)235Kc6qGM7YZCIta*1PKa5 zeArVjr%_=Fo$-ulEl9ys9tj>uR%9gSH1}c8_iP_{EaXaOR7cc^g3%z$a>g@O7^<}i SDfM9=djA13GwWmo3IG7|0bk<) diff --git a/creusot/tests/should_succeed/rusthorn/inc_some_2_tree.coma b/creusot/tests/should_succeed/rusthorn/inc_some_2_tree.coma index 33651186b8..05fb7aa84f 100644 --- a/creusot/tests/should_succeed/rusthorn/inc_some_2_tree.coma +++ b/creusot/tests/should_succeed/rusthorn/inc_some_2_tree.coma @@ -16,7 +16,7 @@ module M_inc_some_2_tree__qyi9454558703362393917__lemma_sum_nonneg [#"inc_some_2 function sum'0 [#"inc_some_2_tree.rs" 21 4 21 23] (self : t_Tree'0) : int = [%#sinc_some_2_tree3] match self with - | C_Node'0 tl a tr -> sum'0 tl + UInt32.to_uint a + sum'0 tr + | C_Node'0 tl a tr -> sum'0 tl + UInt32.t'int a + sum'0 tr | C_Leaf'0 -> 0 end @@ -64,7 +64,7 @@ module M_inc_some_2_tree__qyi9454558703362393917__sum_x [#"inc_some_2_tree.rs" 4 function sum'0 [#"inc_some_2_tree.rs" 21 4 21 23] (self : t_Tree'0) : int = [%#sinc_some_2_tree7] match self with - | C_Node'0 tl a tr -> sum'0 tl + UInt32.to_uint a + sum'0 tr + | C_Node'0 tl a tr -> sum'0 tl + UInt32.t'int a + sum'0 tr | C_Leaf'0 -> 0 end @@ -119,7 +119,7 @@ module M_inc_some_2_tree__qyi9454558703362393917__sum_x [#"inc_some_2_tree.rs" 4 | & _11 : UInt32.t = any_l () | & _14 : UInt32.t = any_l () ] - [ return' (result:UInt32.t)-> {[@expl:sum_x ensures] [%#sinc_some_2_tree3] UInt32.to_uint result = sum'0 self} + [ return' (result:UInt32.t)-> {[@expl:sum_x ensures] [%#sinc_some_2_tree3] UInt32.t'int result = sum'0 self} (! return' {result}) ] end @@ -167,7 +167,7 @@ module M_inc_some_2_tree__qyi9454558703362393917__take_some_rest [#"inc_some_2_t function sum'0 [#"inc_some_2_tree.rs" 21 4 21 23] (self : t_Tree'0) : int = [%#sinc_some_2_tree10] match self with - | C_Node'0 tl a tr -> sum'0 tl + UInt32.to_uint a + sum'0 tr + | C_Node'0 tl a tr -> sum'0 tl + UInt32.t'int a + sum'0 tr | C_Leaf'0 -> 0 end @@ -198,7 +198,7 @@ module M_inc_some_2_tree__qyi9454558703362393917__take_some_rest [#"inc_some_2_t use prelude.prelude.Intrinsic function view'0 (self : borrowed UInt32.t) : int = - [%#smodel11] UInt32.to_uint self.current + [%#smodel11] UInt32.t'int self.current meta "compute_max_steps" 1000000 @@ -315,7 +315,7 @@ module M_inc_some_2_tree__qyi9454558703362393917__take_some_rest [#"inc_some_2_t [ return' (result:(borrowed UInt32.t, borrowed (t_Tree'0)))-> {[@expl:take_some_rest ensures #0] [%#sinc_some_2_tree4] sum'0 self.final - sum'0 self.current - = UInt32.to_uint (let (a, _) = result in a).final + sum'0 (let (_, a) = result in a).final + = UInt32.t'int (let (a, _) = result in a).final + sum'0 (let (_, a) = result in a).final - view'0 (let (a, _) = result in a) - sum'0 (let (_, a) = result in a).current} {[@expl:take_some_rest ensures #1] [%#sinc_some_2_tree5] view'0 (let (a, _) = result in a) <= sum'0 self.current} @@ -348,7 +348,7 @@ module M_inc_some_2_tree__inc_some_2_tree [#"inc_some_2_tree.rs" 85 0 85 51] function sum'0 [#"inc_some_2_tree.rs" 21 4 21 23] (self : t_Tree'0) : int = [%#sinc_some_2_tree7] match self with - | C_Node'0 tl a tr -> sum'0 tl + UInt32.to_uint a + sum'0 tr + | C_Node'0 tl a tr -> sum'0 tl + UInt32.t'int a + sum'0 tr | C_Leaf'0 -> 0 end @@ -356,15 +356,15 @@ module M_inc_some_2_tree__inc_some_2_tree [#"inc_some_2_tree.rs" 85 0 85 51] let rec sum_x'0 (self:t_Tree'0) (return' (ret:UInt32.t))= {[@expl:sum_x requires] [%#sinc_some_2_tree2] sum'0 self <= 1000000} - any [ return' (result:UInt32.t)-> {[%#sinc_some_2_tree3] UInt32.to_uint result = sum'0 self} (! return' {result}) ] + any [ return' (result:UInt32.t)-> {[%#sinc_some_2_tree3] UInt32.t'int result = sum'0 self} (! return' {result}) ] function view'0 (self : borrowed UInt32.t) : int = - [%#smodel8] UInt32.to_uint self.current + [%#smodel8] UInt32.t'int self.current let rec take_some_rest'0 (self:borrowed (t_Tree'0)) (return' (ret:(borrowed UInt32.t, borrowed (t_Tree'0))))= any [ return' (result:(borrowed UInt32.t, borrowed (t_Tree'0)))-> {[%#sinc_some_2_tree4] sum'0 self.final - sum'0 self.current - = UInt32.to_uint (let (a, _) = result in a).final + sum'0 (let (_, a) = result in a).final + = UInt32.t'int (let (a, _) = result in a).final + sum'0 (let (_, a) = result in a).final - view'0 (let (a, _) = result in a) - sum'0 (let (_, a) = result in a).current} {[%#sinc_some_2_tree5] view'0 (let (a, _) = result in a) <= sum'0 self.current} @@ -389,8 +389,8 @@ module M_inc_some_2_tree__inc_some_2_tree [#"inc_some_2_tree.rs" 85 0 85 51] meta "compute_max_steps" 1000000 let rec inc_some_2_tree'0 (t:t_Tree'0) (j:UInt32.t) (k:UInt32.t) (return' (ret:()))= {[@expl:inc_some_2_tree requires] [%#sinc_some_2_tree1] sum'0 t - + UInt32.to_uint j - + UInt32.to_uint k + + UInt32.t'int j + + UInt32.t'int k <= 1000000} (! bb0 [ bb0 = bb1 diff --git a/creusot/tests/should_succeed/rusthorn/inc_some_2_tree/why3session.xml b/creusot/tests/should_succeed/rusthorn/inc_some_2_tree/why3session.xml index 54de0cbb1b..7d806b61e6 100644 --- a/creusot/tests/should_succeed/rusthorn/inc_some_2_tree/why3session.xml +++ b/creusot/tests/should_succeed/rusthorn/inc_some_2_tree/why3session.xml @@ -3,28 +3,27 @@ "https://www.why3.org/why3session.dtd"> - - + - + - + - + diff --git a/creusot/tests/should_succeed/rusthorn/inc_some_2_tree/why3shapes.gz b/creusot/tests/should_succeed/rusthorn/inc_some_2_tree/why3shapes.gz index 635ac492b83dc1be0609cbed77f69d21838874ea..adee8c8405d46a9194fb5e60e6dbcb62384db669 100644 GIT binary patch literal 876 zcmV-y1C#t8iwFP!00000|HW3@Zrd;nefL-7t-GLrC|R;SECaFvK?4lk%b-_-vE|KJ zE?q9|wyz)M*s>MdS+EUQ(E>7gL>^v5_Qk8o{tG^u{p88)_T_f-W}+sqUIusgZi@Tk z`i9}&tcr|%z?E6AF(p~L*={!G^9|Fma4-!c7}mkCjNx7Su+0s9JnM5Gr2Am7sJ{cV zemwk0D|!J=2W{Wsr{m+w414CooIM7o>&~%e^Pr_GGy6Hk!%ew45WSOBEpV!pyE1!t zAc(UG^a~oeR`b5_9IG@$8e$(?3(v5eYc4boJ!~VKH6#)9-2Q1EYfk#4!x<0TbP)2o zqd7@y0V!vATp6nXD|@fGR6eW{Su1P&o*wB^iu;rBBfh<88V}Fg^l|%acIm$SX%IS+>W60_rOXNdG@e_9$KXZ8@2-|9dO z>EWxch2(^{v2Y8saf#{>QXt(v4Noz9$*G^d<5MZ0O7l#@<#xBDMCUi_uQnfo<7ab7 z%lury1(usHW>;3qKE{7mHiuZ08(dKi%bb$M`y{4#TMHZH8HDt=wn3`Wi`s$~>OXO( zOfGO|_S@By@x6EQAK6DDm}j891s*j)u2i3zZLRhS_pk83k7kSxPb~2(ZQJKV1Cjf- z#}Y(E(?SlFhhCfrM-*epnU8vre_(9>FY*yo&zZTAPyRIjRv|r zyO}n$+Uh&8y%V36r3-U8bi#|J@le+lr*F8Ipx;L%DXpi7q>V_9L?k<2gh?q{=J?kze=i6b?ZZRGAm2SIGFI?CwuIAlMl#JO;=JNq+_2LSGC1fVd3Pea^ zY4T#38v(h9bI8CX#c~4oERZO|OeL5YmL$1hJOUmbS}+MxSj8YZ&bnkLRR zAG`G57df#dC-$qfj-aZaN158 z9o(k0>53Z zhMXaXo47!b2^9G?uO1zML7w`H5fg+}(6c5ag1)upYbz|_{U!YGcQa;(XWsZ5x&8eS$a$Z8EI}wV z3N>^*AW+DWiLvD5qblkT$nt-YkMJt^tKW{K?;^kv%s-JLPp%tjlis z)a!X0z(rZXEIbAsGP`bJ%g|~uy`Ah@AevX3Uzg3eUuI*(S)LDg)9qib*pmvu;6=8< zArI=RXZMMsM=y{6D71`mt+7yRpJsGNcb#mT?(V$9Tbr!y8cb=WDKeD`Ub+m7BI~Ru z3Z1I;1Qsl@%8- UInt32.to_uint a + sum'0 l + | C_Cons'0 a l -> UInt32.t'int a + sum'0 l | C_Nil'0 -> 0 end @@ -61,7 +61,7 @@ module M_inc_some_list__qyi14489061725823948544__sum_x [#"inc_some_list.rs" 42 4 function sum'0 [#"inc_some_list.rs" 21 4 21 23] (self : t_List'0) : int = [%#sinc_some_list3] match self with - | C_Cons'0 a l -> UInt32.to_uint a + sum'0 l + | C_Cons'0 a l -> UInt32.t'int a + sum'0 l | C_Nil'0 -> 0 end @@ -90,7 +90,7 @@ module M_inc_some_list__qyi14489061725823948544__sum_x [#"inc_some_list.rs" 42 4 | & l : t_List'0 = any_l () | & _8 : UInt32.t = any_l () ] - [ return' (result:UInt32.t)-> {[@expl:sum_x ensures] [%#sinc_some_list2] UInt32.to_uint result = sum'0 self} + [ return' (result:UInt32.t)-> {[@expl:sum_x ensures] [%#sinc_some_list2] UInt32.t'int result = sum'0 self} (! return' {result}) ] end @@ -134,7 +134,7 @@ module M_inc_some_list__qyi14489061725823948544__take_some [#"inc_some_list.rs" function sum'0 [#"inc_some_list.rs" 21 4 21 23] (self : t_List'0) : int = [%#sinc_some_list7] match self with - | C_Cons'0 a l -> UInt32.to_uint a + sum'0 l + | C_Cons'0 a l -> UInt32.t'int a + sum'0 l | C_Nil'0 -> 0 end @@ -169,7 +169,7 @@ module M_inc_some_list__qyi14489061725823948544__take_some [#"inc_some_list.rs" use prelude.prelude.Snapshot function view'0 (self : borrowed UInt32.t) : int = - [%#smodel8] UInt32.to_uint self.current + [%#smodel8] UInt32.t'int self.current meta "compute_max_steps" 1000000 @@ -258,7 +258,7 @@ module M_inc_some_list__qyi14489061725823948544__take_some [#"inc_some_list.rs" [ return' (result:borrowed UInt32.t)-> {[@expl:take_some ensures #0] [%#sinc_some_list2] sum'0 self.final - sum'0 self.current - = UInt32.to_uint result.final - view'0 result} + = UInt32.t'int result.final - view'0 result} {[@expl:take_some ensures #1] [%#sinc_some_list3] view'0 result <= sum'0 self.current} (! return' {result}) ] @@ -286,7 +286,7 @@ module M_inc_some_list__inc_some_list [#"inc_some_list.rs" 67 0 67 41] function sum'0 [#"inc_some_list.rs" 21 4 21 23] (self : t_List'0) : int = [%#sinc_some_list6] match self with - | C_Cons'0 a l -> UInt32.to_uint a + sum'0 l + | C_Cons'0 a l -> UInt32.t'int a + sum'0 l | C_Nil'0 -> 0 end @@ -294,14 +294,14 @@ module M_inc_some_list__inc_some_list [#"inc_some_list.rs" 67 0 67 41] let rec sum_x'0 (self:t_List'0) (return' (ret:UInt32.t))= {[@expl:sum_x requires] [%#sinc_some_list2] sum'0 self <= 1000000} - any [ return' (result:UInt32.t)-> {[%#sinc_some_list3] UInt32.to_uint result = sum'0 self} (! return' {result}) ] + any [ return' (result:UInt32.t)-> {[%#sinc_some_list3] UInt32.t'int result = sum'0 self} (! return' {result}) ] function view'0 (self : borrowed UInt32.t) : int = - [%#smodel7] UInt32.to_uint self.current + [%#smodel7] UInt32.t'int self.current let rec take_some'0 (self:borrowed (t_List'0)) (return' (ret:borrowed UInt32.t))= any [ return' (result:borrowed UInt32.t)-> {[%#sinc_some_list4] sum'0 self.final - sum'0 self.current - = UInt32.to_uint result.final - view'0 result} + = UInt32.t'int result.final - view'0 result} {[%#sinc_some_list5] view'0 result <= sum'0 self.current} (! return' {result}) ] @@ -317,7 +317,7 @@ module M_inc_some_list__inc_some_list [#"inc_some_list.rs" 67 0 67 41] meta "compute_max_steps" 1000000 let rec inc_some_list'0 (l:t_List'0) (k:UInt32.t) (return' (ret:()))= {[@expl:inc_some_list requires] [%#sinc_some_list1] sum'0 l - + UInt32.to_uint k + + UInt32.t'int k <= 1000000} (! bb0 [ bb0 = bb1 diff --git a/creusot/tests/should_succeed/rusthorn/inc_some_list/why3session.xml b/creusot/tests/should_succeed/rusthorn/inc_some_list/why3session.xml index f342bcda42..857b7d1d44 100644 --- a/creusot/tests/should_succeed/rusthorn/inc_some_list/why3session.xml +++ b/creusot/tests/should_succeed/rusthorn/inc_some_list/why3session.xml @@ -2,29 +2,27 @@ - - - + - + - + - + diff --git a/creusot/tests/should_succeed/rusthorn/inc_some_list/why3shapes.gz b/creusot/tests/should_succeed/rusthorn/inc_some_list/why3shapes.gz index f160c9f4891425f0b300ab74e46b7f706013f8dd..c74db33b0ccb864100f4ddabf07f6e96afaa42db 100644 GIT binary patch literal 679 zcmV;Y0$BYYiwFP!00000|J7AZkDD+Mz4I$_OS`L;{DA>in@VXUw7G0Am9J>9%`Pf| z6p~HbU*93&GYjqB+U64c=6RSmW1ipLEUIVN+iLM*%PKAM4-0Q`^WNFO#}!n^-I73M zvqY0^2PmQmY@$t(S4(nI*F+3GrdhLe>~4Sf5uIP*zzPn_G(RAxNwkHP>Ncz&ACb`} zR$RG?groHp!&kwGf$Meq4gh16P?Qc{1&1OUg>D-}iS~igH5@ZrQ)rESQcQT4@Z}MA z?cjTKL~;bx1^f*6ld0fvDx!UHvSn1IKkc@yt*?rba1HmXZlx(X|F%P!5(B7ngbC$c zAk~jTQN<9t@5j_+3+v8jcDI8FBT-)DxqYe$n<ojK zSixY%Tv5@rq2APQVWXEY_7AJODwY1VlEQGVDC)mK2OV#5>*2iGGBZgurDl*${Z)&z zr7}goCB4mdPB;~8vEDaX=bKXw%mxnp2LtXC&HArs9E=a$m-ps7eUP!D?z6>iH4Sj< zlkAR_jc9FQJ@`ANW7eA#Pb7Y&yfaoL4KBpHR(lJ!Zq$iucZFf!KGw2_?Hk-(h~0Jx zn;WmciyT)_V)68OCb5b18F(OLH}=3tX|x+J=mT+xjy;A#13`6Sg)l}iND^&%%xpq6 zl9-cl5gRT^Lb=9Fgcz!2UzgA zevUCA5F`^Ur04|E*hoSW$!4T;Y)Rj@t=;W7?GC%NZtB`T_XewLDEgE6c6i-d*Iw$W z+z>?$Nic0^M4IzM+uC|hGMV7V#uEyPm;FEXwR@=}p*XhUt+MZP;H+ue=G_+a-FGr1 z1V7t-S{0W#-oW8Hj`0oL+`#n>9Js1qY+D`QolHpP=dq40=y&Pi43<^RTauS1{4i{V z5dU}a8*XjaY~Sp(0&mEYFm!$BokkZi2_nQlT-`;g_}5ZOl3Pik{)0Mj>Z1DLd~mrj zNuc;N$Wf9h8Xk17OA+ZGrKfp%6h+~5@VaP@?>9dCNp+;Jm~s@%tGh?Tx~YEMlt&l3 zaPCu7zfbFm-DVUlQvOx(FyuFY?kjis3~ou{W##T0zew*^cwF$kqa3mrWj>IF4z(7D znJwa618bD51qwEb1!gl`Lr`RKF2WK*$U&IGfXS87fT7hOOA9kxi@>reO&O{}VyL3b zDvc1E!q_|$EN#yeuGLxwrm)IJS_yzsnSwJdB2$Q5s;G=2-5W;1FR{^8AS4I?0J};q AFaQ7m diff --git a/creusot/tests/should_succeed/rusthorn/inc_some_tree.coma b/creusot/tests/should_succeed/rusthorn/inc_some_tree.coma index 6d40ebbc4b..82e939bc0b 100644 --- a/creusot/tests/should_succeed/rusthorn/inc_some_tree.coma +++ b/creusot/tests/should_succeed/rusthorn/inc_some_tree.coma @@ -16,7 +16,7 @@ module M_inc_some_tree__qyi12127997673864742005__lemma_sum_nonneg [#"inc_some_tr function sum'0 [#"inc_some_tree.rs" 21 4 21 23] (self : t_Tree'0) : int = [%#sinc_some_tree3] match self with - | C_Node'0 tl a tr -> sum'0 tl + UInt32.to_uint a + sum'0 tr + | C_Node'0 tl a tr -> sum'0 tl + UInt32.t'int a + sum'0 tr | C_Leaf'0 -> 0 end @@ -64,7 +64,7 @@ module M_inc_some_tree__qyi12127997673864742005__sum_x [#"inc_some_tree.rs" 45 4 function sum'0 [#"inc_some_tree.rs" 21 4 21 23] (self : t_Tree'0) : int = [%#sinc_some_tree7] match self with - | C_Node'0 tl a tr -> sum'0 tl + UInt32.to_uint a + sum'0 tr + | C_Node'0 tl a tr -> sum'0 tl + UInt32.t'int a + sum'0 tr | C_Leaf'0 -> 0 end @@ -119,7 +119,7 @@ module M_inc_some_tree__qyi12127997673864742005__sum_x [#"inc_some_tree.rs" 45 4 | & _11 : UInt32.t = any_l () | & _14 : UInt32.t = any_l () ] - [ return' (result:UInt32.t)-> {[@expl:sum_x ensures] [%#sinc_some_tree3] UInt32.to_uint result = sum'0 self} + [ return' (result:UInt32.t)-> {[@expl:sum_x ensures] [%#sinc_some_tree3] UInt32.t'int result = sum'0 self} (! return' {result}) ] end @@ -165,7 +165,7 @@ module M_inc_some_tree__qyi12127997673864742005__take_some [#"inc_some_tree.rs" function sum'0 [#"inc_some_tree.rs" 21 4 21 23] (self : t_Tree'0) : int = [%#sinc_some_tree8] match self with - | C_Node'0 tl a tr -> sum'0 tl + UInt32.to_uint a + sum'0 tr + | C_Node'0 tl a tr -> sum'0 tl + UInt32.t'int a + sum'0 tr | C_Leaf'0 -> 0 end @@ -196,7 +196,7 @@ module M_inc_some_tree__qyi12127997673864742005__take_some [#"inc_some_tree.rs" use prelude.prelude.Intrinsic function view'0 (self : borrowed UInt32.t) : int = - [%#smodel9] UInt32.to_uint self.current + [%#smodel9] UInt32.t'int self.current meta "compute_max_steps" 1000000 @@ -322,7 +322,7 @@ module M_inc_some_tree__qyi12127997673864742005__take_some [#"inc_some_tree.rs" [ return' (result:borrowed UInt32.t)-> {[@expl:take_some ensures #0] [%#sinc_some_tree3] sum'0 self.final - sum'0 self.current - = UInt32.to_uint result.final - view'0 result} + = UInt32.t'int result.final - view'0 result} {[@expl:take_some ensures #1] [%#sinc_some_tree4] view'0 result <= sum'0 self.current} (! return' {result}) ] @@ -350,7 +350,7 @@ module M_inc_some_tree__inc_some_tree [#"inc_some_tree.rs" 83 0 83 41] function sum'0 [#"inc_some_tree.rs" 21 4 21 23] (self : t_Tree'0) : int = [%#sinc_some_tree6] match self with - | C_Node'0 tl a tr -> sum'0 tl + UInt32.to_uint a + sum'0 tr + | C_Node'0 tl a tr -> sum'0 tl + UInt32.t'int a + sum'0 tr | C_Leaf'0 -> 0 end @@ -358,14 +358,14 @@ module M_inc_some_tree__inc_some_tree [#"inc_some_tree.rs" 83 0 83 41] let rec sum_x'0 (self:t_Tree'0) (return' (ret:UInt32.t))= {[@expl:sum_x requires] [%#sinc_some_tree2] sum'0 self <= 1000000} - any [ return' (result:UInt32.t)-> {[%#sinc_some_tree3] UInt32.to_uint result = sum'0 self} (! return' {result}) ] + any [ return' (result:UInt32.t)-> {[%#sinc_some_tree3] UInt32.t'int result = sum'0 self} (! return' {result}) ] function view'0 (self : borrowed UInt32.t) : int = - [%#smodel7] UInt32.to_uint self.current + [%#smodel7] UInt32.t'int self.current let rec take_some'0 (self:borrowed (t_Tree'0)) (return' (ret:borrowed UInt32.t))= any [ return' (result:borrowed UInt32.t)-> {[%#sinc_some_tree4] sum'0 self.final - sum'0 self.current - = UInt32.to_uint result.final - view'0 result} + = UInt32.t'int result.final - view'0 result} {[%#sinc_some_tree5] view'0 result <= sum'0 self.current} (! return' {result}) ] @@ -381,7 +381,7 @@ module M_inc_some_tree__inc_some_tree [#"inc_some_tree.rs" 83 0 83 41] meta "compute_max_steps" 1000000 let rec inc_some_tree'0 (t:t_Tree'0) (k:UInt32.t) (return' (ret:()))= {[@expl:inc_some_tree requires] [%#sinc_some_tree1] sum'0 t - + UInt32.to_uint k + + UInt32.t'int k <= 1000000} (! bb0 [ bb0 = bb1 diff --git a/creusot/tests/should_succeed/rusthorn/inc_some_tree/why3session.xml b/creusot/tests/should_succeed/rusthorn/inc_some_tree/why3session.xml index 1dc9f9be36..9814047046 100644 --- a/creusot/tests/should_succeed/rusthorn/inc_some_tree/why3session.xml +++ b/creusot/tests/should_succeed/rusthorn/inc_some_tree/why3session.xml @@ -2,28 +2,27 @@ - - + - + - + - + diff --git a/creusot/tests/should_succeed/rusthorn/inc_some_tree/why3shapes.gz b/creusot/tests/should_succeed/rusthorn/inc_some_tree/why3shapes.gz index 49ae16a6aed0ba815b025d3a19aa5fefe338d138..39d8c227db4548b353de90f25630392c705fc68d 100644 GIT binary patch literal 772 zcmV+f1N;0RiwFP!00000|K(QOj@mE~ea~0$M!Ty@zU5XemFP-nk*e)W<=1G4o!zKF zXaY;yukSb)Cx&F(zP1P?`^@q9%y>NJ&CRTOhJ&tVFS@MqV*h>?%x>O#_wZo>)oC{; zQ0Z-!l25SJyB#EmCHrE(*H3dI>DtmHo#2oGhol7VlgC17oSfz59%%cdA#3NJ-W`rV zl3Jbzi&5YA@a1&a>hYb~xMoK|v)pbh$;#{H`l*>N;5g6sN0ir~!5S7auuGPYk4UjT zDSoM>Oa`lK@RA!y8cG_u+!nmxGA0?9OgP*QTy`P>lrlfbBFWGm4>ZHENJc5Q151Op z02-HY+G=B<2Ky+PAGov{GG2D@Jvrf`1gZx740o@(hU2+N4#ioQNtOT9>n?^~H49fu zxLep+N=f~3gK7QVTF;RkkrDZ=y&aR+bvw?c1xMW-;6uTbcY>G4wR4ufWVm;TXX)TH zu1|zs;apN7so&sr?X{LrMlwdw?iqAjuDtQOg!ELF8bwdmr;$PZr5QxHZ#}?*boh1E z(zxN9SeT)ixOhDf7|5_rMH6$KoR?gm@rrMXvcz1f`R=O;nTPPCk4dhs48fGapE8Ik z1D`Um2?OJh@1J#<*T!p(du`1bL6+}fi)WN8JPg+MH=A^GQ{S~<$Go7Ry(ue9$$yor zHI%w4wlCU^cu+>6x$B%b>-ts9QN+W4CLI@n1%IjEGndqFTBW4lvc7#HI_#savBL(< zup7|PzS{ec&V7Tt-DB=(l(>QWK>){fkT>orY!hcq%P}^ zA|7#k6}fGVNNWEst@~~vc?Wj=!3Ni@TCE08QpX;qkM!w7?AAJLmeBs`@HRBnBFzA3 z9Qj&h8>Kl_JW@!~akiP!2jcm_MH<8qYZAvw6Bbg!S-7D*NQoeZBp&z!^Hdc3zySG5 z2nYr7MG%IWW}FbLZGuFmaRhpeajx20YL#H28x~rUJY87TVsjc z#Yv0(`@v2m%Sk+7*Ucx2d?Fu7k^XeI=w9*7c8hnr@9MVsx=@R|&(R}(TVZ$HEeUpZ zTN(0%Tf5s~-W_*&(>9HLSrVX`hXI|zkN`sr!N>f$E$x!P2VBO$$Nb4+bv{RS_jdS| z5A-5j-Sqv4-;Zxwdpk0_&3VG$blnFAl13w4Y5L;|4{csI2Sd(kmEj7Mzq5XR#?|PQ z5}*_)1C?GYFR==!1{zPXXXOQ!F<=~+m|&f9?O6h+0nI@9#mOx3T9U4@Zt|i%Hf47k z5jt@NU^-pn!^)owCBqkBSrWL5y)+jvK!i?W_qKQ#ka8DreaI#ylE4%&4Jw`JX#$J@ zqgQ$kQ~;GH{m|00MMDfpnvF4)3z%UKqvU&G0^0M z?{i^2tj~)Ng6K;aBrHxj55;+}?Z=W}(eC%{hb@=8AAQPPk^b<=e^;J-Veb2S?Q1$5WM#fS^rtQ4fBZLqa)KT<3Fx0yu*h_<>YPAlR-w0N zq4(1knyf)SuHBpM1(&zz^A>?S>BITy5Pzn11DB0E2ZZ~-XX6+GcS=8ao{zhhrs1}C z_%KN_Ci$?!FW#kNF|OsPFa_0>5xPud%vogX<|X)J{JD diff --git a/creusot/tests/should_succeed/selection_sort_generic.coma b/creusot/tests/should_succeed/selection_sort_generic.coma index 0ca06149f4..ca12786b36 100644 --- a/creusot/tests/should_succeed/selection_sort_generic.coma +++ b/creusot/tests/should_succeed/selection_sort_generic.coma @@ -52,7 +52,7 @@ module M_selection_sort_generic__selection_sort [#"selection_sort_generic.rs" 30 let%span srange50 = "../../../creusot-contracts/src/std/iter/range.rs" 42 15 42 32 let%span srange51 = "../../../creusot-contracts/src/std/iter/range.rs" 43 15 43 32 let%span srange52 = "../../../creusot-contracts/src/std/iter/range.rs" 44 14 44 42 - let%span snum53 = "../../../creusot-contracts/src/std/num.rs" 52 28 52 33 + let%span snum53 = "../../../creusot-contracts/src/std/num.rs" 54 32 54 37 let%span srange54 = "../../../creusot-contracts/src/std/iter/range.rs" 15 12 15 78 let%span sresolve55 = "../../../creusot-contracts/src/resolve.rs" 54 20 54 34 let%span sord56 = "../../../creusot-contracts/src/logic/ord.rs" 15 14 15 64 @@ -118,7 +118,7 @@ module M_selection_sort_generic__selection_sort [#"selection_sort_generic.rs" 30 function view'2 (self : t_Vec'0) : Seq.seq t_T'0 - axiom view'2_spec : forall self : t_Vec'0 . [%#svec41] Seq.length (view'2 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) + axiom view'2_spec : forall self : t_Vec'0 . [%#svec41] Seq.length (view'2 self) <= UInt64.t'int (v_MAX'0 : UInt64.t) use seq.Seq @@ -157,7 +157,7 @@ module M_selection_sort_generic__selection_sort [#"selection_sort_generic.rs" 30 let rec len'0 (self:t_Vec'0) (return' (ret:UInt64.t))= {[@expl:len 'self' type invariant] inv'6 self} any - [ return' (result:UInt64.t)-> {[%#svec20] UInt64.to_uint result = Seq.length (view'3 self)} (! return' {result}) ] + [ return' (result:UInt64.t)-> {[%#svec20] UInt64.t'int result = Seq.length (view'3 self)} (! return' {result}) ] type t_Range'0 = @@ -306,7 +306,7 @@ module M_selection_sort_generic__selection_sort [#"selection_sort_generic.rs" 30 use seq.Seq function deep_model'2 (self : UInt64.t) : int = - [%#snum53] UInt64.to_uint self + [%#snum53] UInt64.t'int self use seq.Seq @@ -380,7 +380,7 @@ module M_selection_sort_generic__selection_sort [#"selection_sort_generic.rs" 30 axiom inv_axiom'9 [@rewrite] : forall x : UInt64.t [inv'9 x] . inv'9 x = true predicate in_bounds'0 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq t_T'0) = - [%#sslice69] UInt64.to_uint self < Seq.length seq + [%#sslice69] UInt64.t'int self < Seq.length seq predicate invariant'5 (self : t_T'0) = [%#sinvariant78] inv'12 self @@ -390,7 +390,7 @@ module M_selection_sort_generic__selection_sort [#"selection_sort_generic.rs" 30 axiom inv_axiom'10 [@rewrite] : forall x : t_T'0 [inv'10 x] . inv'10 x = invariant'5 x predicate has_value'0 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq t_T'0) (out : t_T'0) = - [%#sslice70] Seq.get seq (UInt64.to_uint self) = out + [%#sslice70] Seq.get seq (UInt64.t'int self) = out let rec index'0 (self:t_Vec'0) (index:UInt64.t) (return' (ret:t_T'0))= {[@expl:index 'self' type invariant] inv'6 self} {[@expl:index 'index' type invariant] inv'9 index} @@ -425,7 +425,7 @@ module M_selection_sort_generic__selection_sort [#"selection_sort_generic.rs" 30 function view'6 (self : slice t_T'0) : Seq.seq t_T'0 axiom view'6_spec : forall self : slice t_T'0 . ([%#sslice72] Seq.length (view'6 self) - <= UInt64.to_uint (v_MAX'0 : UInt64.t)) + <= UInt64.t'int (v_MAX'0 : UInt64.t)) && ([%#sslice73] view'6 self = Slice64.id self) predicate invariant'1 (self : slice t_T'0) = @@ -456,10 +456,10 @@ module M_selection_sort_generic__selection_sort [#"selection_sort_generic.rs" 30 use seq.Permut let rec swap'0 (self:borrowed (slice t_T'0)) (a:UInt64.t) (b:UInt64.t) (return' (ret:()))= {[@expl:swap 'self' type invariant] inv'4 self} - {[@expl:swap requires #0] [%#sslice35] UInt64.to_uint a < Seq.length (view'5 self)} - {[@expl:swap requires #1] [%#sslice36] UInt64.to_uint b < Seq.length (view'5 self)} + {[@expl:swap requires #0] [%#sslice35] UInt64.t'int a < Seq.length (view'5 self)} + {[@expl:swap requires #1] [%#sslice36] UInt64.t'int b < Seq.length (view'5 self)} any - [ return' (result:())-> {[%#sslice37] Permut.exchange (view'6 self.final) (view'5 self) (UInt64.to_uint a) (UInt64.to_uint b)} + [ return' (result:())-> {[%#sslice37] Permut.exchange (view'6 self.final) (view'5 self) (UInt64.t'int a) (UInt64.t'int b)} (! return' {result}) ] @@ -557,11 +557,11 @@ module M_selection_sort_generic__selection_sort [#"selection_sort_generic.rs" 30 [ bb18 = {[@expl:for invariant] [%#sselection_sort_generic14] inv'1 (Snapshot.inner produced1)} {[@expl:for invariant] [%#sselection_sort_generic14] inv'0 iter1} {[@expl:for invariant] [%#sselection_sort_generic14] produces'0 (Snapshot.inner iter_old1) (Snapshot.inner produced1) iter1} - {[@expl:loop invariant #0] [%#sselection_sort_generic13] forall k : int . UInt64.to_uint i <= k - /\ k < Seq.length (Snapshot.inner produced1) + UInt64.to_uint i + 1 - -> le_log'0 (Seq.get (deep_model'0 v) (UInt64.to_uint min)) (Seq.get (deep_model'0 v) k)} - {[@expl:loop invariant #1] [%#sselection_sort_generic12] UInt64.to_uint i <= UInt64.to_uint min - /\ UInt64.to_uint min < Seq.length (Snapshot.inner produced1) + UInt64.to_uint i + 1} + {[@expl:loop invariant #0] [%#sselection_sort_generic13] forall k : int . UInt64.t'int i <= k + /\ k < Seq.length (Snapshot.inner produced1) + UInt64.t'int i + 1 + -> le_log'0 (Seq.get (deep_model'0 v) (UInt64.t'int min)) (Seq.get (deep_model'0 v) k)} + {[@expl:loop invariant #1] [%#sselection_sort_generic12] UInt64.t'int i <= UInt64.t'int min + /\ UInt64.t'int min < Seq.length (Snapshot.inner produced1) + UInt64.t'int i + 1} (! s0) [ s0 = bb19 ] [ bb19 = s0 [ s0 = Borrow.borrow_mut {iter1} diff --git a/creusot/tests/should_succeed/selection_sort_generic/why3session.xml b/creusot/tests/should_succeed/selection_sort_generic/why3session.xml index ce8d52864a..11e9fa9a37 100644 --- a/creusot/tests/should_succeed/selection_sort_generic/why3session.xml +++ b/creusot/tests/should_succeed/selection_sort_generic/why3session.xml @@ -2,191 +2,193 @@ - - - - + + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - - + + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + + + + + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + diff --git a/creusot/tests/should_succeed/selection_sort_generic/why3shapes.gz b/creusot/tests/should_succeed/selection_sort_generic/why3shapes.gz index 69c615b3b35a70c449114f51338d46d1ec8b27d0..dfa3758e4f27e4a776dc32046ba38d0399c1f30e 100644 GIT binary patch literal 3910 zcmV-M54rFkiwFP!00000|Ls~^ZyQT;e%G%ckOw8}m#)5daQvVgL>U8{6CeqQyb*o1 z2}`0(Quf*X_4#@@GaOPRCCfKyZNM^{Gj;Fks;_4F&wrV$-uc_SntaU5)qHXDuM<7_ z%fFoY-(LHxeDikw&VQWePv?Bf{Q7);v-Tfn|9SC$=j`&#&u>2Z<=o$_&&`xR)UW3x zrgS;1#w2>mI})1m%V9MpVN)R?Cg6-7#-)H~+;m%*3vk(4ty|71uNDu?jU-N2p&fe_atG99QKbG0A^RkWn&V2-$ zkMHlXb5IPT_j%=%^pwmVi#m8!wl~ba2#bGP|Mu^?DQ9EjKGdCA@7(?0o-a*^(0Ue)Wyzj`(0b}Epw z^k(OlJ9N=hV(#8_30iM&R@-ab?CKEQ=j+?`->?|i_+_8%G!@+$sjL2~nTqaU)Kz~K zW_CxTuKKI6Q(q3N@i9|VVLC0)X)d?RF_oAKyP*QTy&P6`Q`+;Pr^5Mp!v7ch)ug?3 zyqwTfvW;kg)#b1n)9|V6Y7VMGS99v>Y-5Q3xLIf)@0QD46`jF?$@wZ@mGjB^Z?}0e z2&*PRxy&W*$2O#{kOk)o6p(#_4~*=rZey_W^*LbF(m`R>~@(SA!eCB z+|6;dSGysg9YKrL`k16G{cB(5H~tEIH+kuA@+beXyYlhu`fj~zBer@(*rwoFSuDpy z+bkVXcG~uNw^rQdC6xI!n#^obz}towADabj3_H78EN-{TCjW$8UoDpFoMy|7kK<|! zZur}6*S^*JlBx}Uxt>=G?umJ<5PmY8v>U-LP^sU+x@V6HU(eWc919)o#_n{aXg^e2 z^Nz=bj6Y@QC@gM*3AZt|b&FKY&L8+>NFfqL@390*DKv5->mMy-kyoWDZzWzAw!PJ*t2`%xc`&Y z%fr_)&sS;2w&A$D%HF5sQGosp?NJXD{e?*W+W$GbLyemG)#loN`QQAjN>NMfhyhP(0xEBZTU)D(M>iiOkyWb8s2O4(=deoi{tUb@8 zf_S|tmY*BIt+LMyVAb~}(zarbb(^+Q@?#yKy(>_n`EFNH4|J8sN|Ubf`$vAh{iEPxV(f@bt9p$06cbSlr#D)mY8_in$T8i&v?yahNUM zp%VaM-Q|;Fw)7htyN%ykP!sA%xgNBcU2O+h2GXlzD5Tz4tlwcEJTNNsW99fD^)*=^ zx@i2Rzgp${==#;Gd#7T^ob48M<)P-pqbvTSBzGc@mj1^Hd0J~YQj9*YEgY?AYFp9N zSM=>r#ZwPeysxNjToIp?hnv`*68p5`{dsMiz8WAnDCvi7|G@Vha$u+qfBZ4(1=ZiK z3tWybp0#*o);{Xp=jgM8k2yr&GH0BA*br8A!&H169Z+VoxXgE}#To#75jQv*1J8BO z+sy|vA-2Q9QJ(Ge@Ve!w;QJVH98DB6p&pzjh6(C4-mhw_xPkmcz30yX4IYorD0Pn! zJpnI%k-mLIX-5P5*Fc0d^z}-c$n8e-=JUfPU{nE)*}ORc{E1ImT4r(b*~N_OFEVa^ z`fd$Sk2LDB;s+DHC!H;>5{+}bWs-WdQT6+mi~^P4o`T%%o2Pq6xTTQ&gPk$^2v}AU z2oYx~FLRmIhpQ)GxZFMz=$@IYVZ`sA-#nyec-Y=O_}O6}o4l<_I}aj6B~iUOhqUz) zD_tMnUc~B?zdhz)f2!v@rSWj&9@No~7VV?2alQDeva!?o&-kt;=P0V`iP8uE_ll0( z&poxbck?t#jDAR@&*G}DEd6_Gu{{ntwU}=XjK$ka{J@LLdsC2p5;m1XM z{J7{eK)A;`@Em!c@Zfel{%ylUqK>_b;3r;2JZRpRNSx}fhSnTGYpfq*c~j{w9_#S| zS$qDr(jKu5hpgIe0wD9n!33y}oq9b}X)n4L$o+~&M%;Uw)#LE0^5U_l?SP$AbNav^ zWZ}a}GY=N20|MG}W*C_3IWvTH|N9NvJ7;kI&Ee`g)vlAPZ7WxIVUrI~z1eRcmF9T! z07oU*bd4&dZ4^_b`b8}k!}{S?w=ZwRt)9Yt6cg-|zUki3Yj=6E3pU!DyAY*1+W&q= z4>#3t`5@-0xuFqG^QL>zuWhI5urIsh{OrsMK}^{qCG#=LWR2p6ORKU;jZDf;pS^8lv3~{aA9P#XgWD@~e@zvD^6?|aaWI;*^r;W$bq-2?Q$;dnrwh^Wgx)JK@ zYW7kVV|H7$wab7xNoF97ag-v%*BA@3etI5eDNfu&DiSLDp%i5 zKLswM$g;%5GGZTM8+{#+Z7N7v^-KDuCMe0^zKzlq#UfEk-Z_oD&)y~(#6*fl@^5X0 zwFE1pF~TnVm1jzUQ_k)W2}!I0z)QFIapV8l0q7qZqBCt?msh%}L=k^1}C z5>e?m3IJJ+vPUNCl$6fIxGT(aKT)7pjgpNLjpB`>Mj>BZBki{^$K_;^sDZpiIU*EA zN68tUWpY6mJ<+_;)M(Zy*C^X4^W98K#2AlSL>Y|?yohAIW`QyE2F58&v}&|$wD?g5 zMw?LAgF$TzF{r|&<5qE;cqy}BFc2L2$J)rE=89SCQGI#vR`QIlPC=v55*afw)EL%i z*J%6wts_!JE0jm+6-V%rvfP;BI1eTI9BTJBqA~nO8R$qVS(MUFhM1~N$U-f#)6rWS zazzV9HAenG8_7z~it-sp#1#{?LGKMlM$4=Dv7!s3f4G_0Q(_rtkHc7rB^5LVg>K}O z3W|4_z<|^ISW6jBiV`^oCshfA7VZ;c5_L!E$XJVBVB_;JHfN)w^bRK|7?rY1R04OQ zNM}T_E!r{e`Pd7a078n>%yPkTl+cD#sgF4bkkrZwO)PILHTHQKPEi?y`GjYrMh-%W zz_Qc?T%EWqtfCn!8;nNJ$?D`VPBLX!AR7TUyjGgfp#aMX7%Ww|;aFqAYa44Cs~fAH zgW*MIfd;D-W;1|z#grDNNW%ClQi^usbZrezHBL4T3*I<-hJK)%5k}~ueZ~}$ivb1| zDI@@53y7{K&Nj}x2v>B9lrUR4qnQcHtE>UhvQ!Tmix*ibY~3tdGOsm}xyB29Zp?9M4!` ztOy1l;8QR@n@Eyn^nIboL;=ri=g|xFE~zXr>M>KFQ5vC*a<+KqMTkB+X)D}9u7cgY zJm&}#MC8`ntl^>L3;@AMZOL^Aep*E~>mnK@0R0Mrq;%qpB# zQkV)01DH)bF-q;b9fEw~^zwI@oYUD!XEkb)P-v&6zSMI`rp&A>o0sCy@$B7Dwmz!T z&Pi!)3dFM)+^57H>)-7|(~mGtTFgSu8cM({K%qg}B8wNY&Pm**jd8GpUj)shK-sYS_z!-oNXCMdYhw4LG zKp;#%_=757p`Sf?k^zKa41{0CI$@P(oCPD%{*%CotiRK%E*t$TT=k8&%0dWToHAsK zLTLgb2PV+WNrQ2^9ioA?e}!!HBLU$3QeSHUN&!Q;k|SE96%6xP=5Z4;`zvgF2h%9R zv5Z==Y_clkg4dQMArZ*5`57x2_bYUVeuT?2;vge(u1L-)hN6j=?75f7x%Q!m{T04r z;S)(qZIWde*SQHT2JumtEJ+t$+Q%!FeuePVPxm~}J{YU4(IhgL1t(cxj&=;^SJof> UlI6d`csh*#4_3y3^!Zi*0BncBVE_OC literal 3743 zcmV;Q4q)*giwFP!00000|Ls~!j~lsm-s@Kg$fA?$4bO{@V7xGlbZFpa7D-UZPT{M7UCe!&k+)w`N&Hr7g>rt4_@56E$=Ibld!Ef#F6;KD) zyU`(u?r=*29bWH7ha{?_4GDI1Jq!*BxZ@3h?)Z8bjMkeu)yefR7=_p2eOZTG%I)N4 zk<07~I^CJW2@cbFE`LmBi}%xXrP}hl@JnY-{MK*6FRzp8%=Mda8WTPIKh|^I)Tf)< zCi+TswsYa_$2=4f3!{= z;NkiSJ9a=j(WkuJf$qSZu*lh2?ib9d2-|_(`**tPI#h?o{nmD7eYE<&%e!(t`t^tp zp+nqR-7}S=r47?D4|T{#JhS!D(pg2)p*}TmR*qJ;x^9V6@RNYdhK= zjW!x)T}S$QH#$6K(vjI}Q5~7<{qT^AIBwI1Mr~92^PxL(VVXN~Z%*N)UwQ;j zpkuX>O&zQ2-RO`8JKlm0cf19iHX3a#3HO_U4(V>WEKSj9R_5cYRhiYR@%kUPWxNyC zY~Gr)EUUZO`p8;35V6^bu%7&Pn7=Pq>gwiWQd_3cbl!xl%kq+z9l_*wS)L(gS$?~l zF3W0AyCHxhL5tP;lB7NT>rkijFbmW9yez}K{2uPNGxwvLyY;b+_g8R0*eBtrE|!Nx z`#e3M+-f`J-CJ>6mN$3nu%0gFlSRE!oA9b|zZt;Bu+eO>xZNuo|BD)h)nd6Wd9vL2 zc!;+u+$S|`*QwQ~l9~-+xt=x)9*B9a5PUS8a2&yHpz^STZO@(+zJYPzxD+}#j@{#t zg40m#&AS{IxWv-qOo)r+a`Ah~S2rJfTl+w~FYC!PpIw76%`lpmKh~E|$^Dhxh66`$ zLt5P2&dR#vEA?sG!rRHOi+KyjVc;9ZYC3;EE9=F)W9&t}o&3+@rd+9Rr@svrv-@(Q zybUGJq1yEBZ=IG|o~V5|rt?W$+|BbUyc#fbpxOLQ&=9P=FU#@bzAWo(@%saO zrAL@gVH+NB^CftObNIYdxn+JFhR;#&p;w-O-c#;9+apI_E+D4#W%x;$K90gK;bV9e zUR}Ve6Nc1>Z>VTatK$B6pJ+Ho^06<1zJR2TsTb8sZKglt#+!%1=$NisI8M}lp3sxO z=iwX<@f@DDyF1o_=XtTb+2GrsjpJV1pO0fx`FR2lBwe~DdWgeI(A}?6m}We_4)hb( z!E>cvyb<8=O5lyO(>p;wawp({;RCqpLvV$2=n6Z@{WIxf7o*$p47B~vIpQr&AF6o> zm>VI-g(eJeXGY;eSWWK3?5;d2W>3Gdal7$*3tCQHK+IX^X#e`_ z0gyMZw-A1PI63Oej!EBRJ>?j76c0IQxbG$i-|W$+=?<^k&&9`r$s{ey-DH7$r0uP_& zpPcO9G#@0#@Eiw!imSa43?HE{zadPa@6${ne8heV&%73V@Sw=MhH)?Z{)s#0Deh*- zCoti*1YE7kvULbQ&xlq9eFBr-UykSAs6H*C-B2BK$L(cp$I>xx-`cWV|NZ>MhvyqR zc-Yu^yjFO?y5qUftABDkp5MuTO4Ox3KR(jvf6~0qk=W@ij@b1@BObgd8mjH4^38Kk+Zj7M^Z0>3 z%YwU;W}XD8GXnZ^W>jaeoihWSQNz~}aB|K%cJI!kYp2~-uC~2gy$u^bLG|wR0%t9s{BW zt2}Ct;*mX)NAw6Dl?Ug+dN3Ze2l2oj$OC!+56U}lz46+MXHOnIcr~h)vv#Q(ic&Qx zC1_HDKo*lKv5e7qv>wfuQpmtIlTFHIBhFR?iMB90Dv+J7V?s~hNqs?`qMK8aD_M)0 zY!%i5+T~=Ubv2ENJ<%6e8(3n6jKSne(PWn*rdWz0T|>!gOxBa}q&>-()eMkzBBRL| z%@K0QF}j*1Xkurbj9Gbdf01%74s_sJ7!k#<>#}a&eZEi0YNgU#CCV5;EkFh^rG7 zm8v`ux>~|QkW{T9C&|vKLfNnb85{6MdF{Nm-@v-6A%G~(HaivAM4Jo6>M9uw zi0$?_=YU>!9{eWT!|Gzs}_uS!{5-xAQ`m_q1LvuQAt!qRn^W; zjbNcw7e;?`GjrC?rIHdNks!DVrNm@a4$5&!+nT^wZ_Kx~G}fXGhomcp3ObXuni(la zP)xD6)R^zYSf!N&lAv2{;RswQpd2Vs8k`H*8|%Iwd#x))3786&9kV1M5vi#MJR+N#Ov+#rrdn(`6N@A6?wJRQ7$CocKFkTzBK2GX|J79$)!??A%ZDrkw~d_ zlR!AapO@$$ix_2U23-U#1%+a*kR(JCCD#Y|^AepjLX@nIpoJq*wX9-rNmWkTVhtPo zv1jq;CHm`JYYYUzpmma5QeiffYYwH|FVN#pliWnVbZ0RNh%=6WBq%Vt^=+U!tCMwA z#m)O+gzw!A9gEVjR5YAZHkK6$DrdCiqG9`*8|j-E*IouOkTSJEjVWYg6b{;!#9%}= z#v<(5$9!NY;v!ngT?XCcU2T~r;c|hv{ zjR(}teZZE%{Pj*0u@+1OsTh}Z3XoJ{bivvZLycn)^dR6t)IW6~K&*`>M^u%R%_I~G z83oyivzWG-AWfWj5cVMS&mWYSZE5fLQ>Zp&E2tI4R3$2_a>Ow-qr`d;^TP$lw%(5| zIvWl}mBJLTHQaSDCfH14(BMISn2Prd% zQ6w%4S;@&^Hii)_$67MrxQ~x`(EMY@Csh-blt7}RtC6FD%E4NjQV}#`FzCU62ctY_ z=RsQ!x@piqbl@z2K?BIBAe9)|mC7QVReObvrhSsuTyL%1A3RjXWsMS5Ef}$Vu?V_a z4XQ#rleYBFiiUrNYa1@Bqga<)6WzubLgidEx_}x=yZHKW$ [ &_5 <- _ret' ] s3) | s3 = {[@expl:index in bounds] [%#s011] _5} s4 | s4 = bb1 ] @@ -103,7 +103,7 @@ module M_01__index_mut_slice [#"01.rs" 12 0 12 37] function view'1 (self : slice UInt32.t) : Seq.seq UInt32.t axiom view'1_spec : forall self : slice UInt32.t . ([%#sslice8] Seq.length (view'1 self) - <= UInt64.to_uint (v_MAX'0 : UInt64.t)) + <= UInt64.t'int (v_MAX'0 : UInt64.t)) && ([%#sslice9] view'1 self = Slice64.id self) function view'0 (self : borrowed (slice UInt32.t)) : Seq.seq UInt32.t = @@ -123,7 +123,7 @@ module M_01__index_mut_slice [#"01.rs" 12 0 12 37] (! bb0 [ bb0 = s0 [ s0 = [ &_4 <- [%#s010] (2 : UInt64.t) ] s1 - | s1 = [ &_5 <- Slice.length a.current ] s2 + | s1 = [ &_5 <- Slice64.length a.current ] s2 | s2 = UInt64.lt {_4} {_5} (fun (_ret':bool) -> [ &_6 <- _ret' ] s3) | s3 = {[@expl:index in bounds] [%#s011] _6} s4 | s4 = bb1 ] @@ -141,7 +141,7 @@ module M_01__index_mut_slice [#"01.rs" 12 0 12 37] | & _5 : UInt64.t = any_l () | & _6 : bool = any_l () ] - [ return' (result:())-> {[@expl:index_mut_slice ensures] [%#s014] UInt32.to_uint (index_logic'0 a.final 2) = 3} + [ return' (result:())-> {[@expl:index_mut_slice ensures] [%#s014] UInt32.t'int (index_logic'0 a.final 2) = 3} (! return' {result}) ] end @@ -185,7 +185,7 @@ module M_01__slice_first [#"01.rs" 20 0 20 44] function view'1 (self : slice t_T'0) : Seq.seq t_T'0 axiom view'1_spec : forall self : slice t_T'0 . ([%#sslice9] Seq.length (view'1 self) - <= UInt64.to_uint (v_MAX'0 : UInt64.t)) + <= UInt64.t'int (v_MAX'0 : UInt64.t)) && ([%#sslice10] view'1 self = Slice64.id self) use seq.Seq @@ -225,7 +225,7 @@ module M_01__slice_first [#"01.rs" 20 0 20 44] let rec len'0 (self:slice t_T'0) (return' (ret:UInt64.t))= {[@expl:len 'self' type invariant] inv'0 self} any - [ return' (result:UInt64.t)-> {[%#sslice6] Seq.length (view'0 self) = UInt64.to_uint result} (! return' {result}) ] + [ return' (result:UInt64.t)-> {[%#sslice6] Seq.length (view'0 self) = UInt64.t'int result} (! return' {result}) ] type t_Option'0 = @@ -265,7 +265,7 @@ module M_01__slice_first [#"01.rs" 20 0 20 44] | bb2 = s0 [ s0 = [ &_8 <- [%#s011] (0 : UInt64.t) ] s1 - | s1 = [ &_9 <- Slice.length a ] s2 + | s1 = [ &_9 <- Slice64.length a ] s2 | s2 = UInt64.lt {_8} {_9} (fun (_ret':bool) -> [ &_10 <- _ret' ] s3) | s3 = {[@expl:index in bounds] [%#s012] _10} s4 | s4 = bb3 ] diff --git a/creusot/tests/should_succeed/slices/01/why3session.xml b/creusot/tests/should_succeed/slices/01/why3session.xml index 057b526cb4..799d54dc60 100644 --- a/creusot/tests/should_succeed/slices/01/why3session.xml +++ b/creusot/tests/should_succeed/slices/01/why3session.xml @@ -7,17 +7,17 @@ - + - + - + diff --git a/creusot/tests/should_succeed/slices/01/why3shapes.gz b/creusot/tests/should_succeed/slices/01/why3shapes.gz index 420884da9bd610fffbebb35ffaa814fd8df62e39..6a529face4512be8e220cad75029d06f238ea803 100644 GIT binary patch literal 554 zcmV+_0@eK=iwFP!00000|9w+UkDD+Mz4I$_qurA~!Bm?{XeEmrx|dd?-l7ROSyTcW zAldfc*ADC8Y*8f+kC`{)H(#F~R>KRvnqhS@{ZM!9msPTQ_#ELHFSU7#DG;nHAUQs+ zu`%soe3>0%T(=`$w%_ufG0_n|;@EAisieenO*0Nab6f+%AN|>E@Z1D`3iK5C!UPjq z;%Q3^p18^(Ky_q}uj8NXwH{Z%RUXBG~;pSiAwB>|y>jJG%^ zXMNW-zMMtpbDP-z9ttGgci%_RIbv}L?86L}=sHmC2T@A93w3+JzQ%Tph2z`bII-eA z2nih6M3BI=2O)t0p9mbd_8=tKrcMOcT@OM61vwEINbN!NG~(0txoh15Ot#b-zIR7! z07#|?3W@f>ZPmey(|nZg6S-e8P^CSWYs4+vQdBU<`*TrlV3YTO20b{fvN%_rd>p} zZjQstaxt`7)eJOdKjPmGD2sO2qnyDE>w4&s#S|f@U)`HdH_+9=ungJx#;KHcE1S!k zfJ|BX^g8^@E=^Be8V5#IQ|P~0-5#sl0V=D8YGgUjMM|CS+j`Uv(4p zk`w>zp;b!{BIb7qFV&l*qx+b1PgztoBXt!ugX2zo)r^irre?7Q1abp-$ki;?07qc} zfkMq<4FI|Zn4+7-8er%dfTO2oVeJRnXU}ajP1l_Hw9kIFC+z^DG!+b`n#Hs;M?IME zgE=SI?hghz#HQlr_NZz#r0v27(=-^nAIFD<56%lW%>fx)bo^l?n~uzfue_qV*C~C! zdSiHd?YtO17;ET3r!a0tRsu+lx`fy_C$1YASu2b$YFVF_5;_aKmE z7<#fOMNky3FZ@#aK0(OyLt*noBw&S%3Q0oxrQkwvKRlG-K~P9sa^`w4xj_;pLEpwd%$Zwql006l&`~?62 diff --git a/creusot/tests/should_succeed/slices/02_std.coma b/creusot/tests/should_succeed/slices/02_std.coma index ca30dda17b..5f3c93edd4 100644 --- a/creusot/tests/should_succeed/slices/02_std.coma +++ b/creusot/tests/should_succeed/slices/02_std.coma @@ -19,7 +19,7 @@ module M_02_std__binary_search [#"02_std.rs" 8 0 8 40] let%span sslice17 = "../../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 let%span sslice18 = "../../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 let%span sseq19 = "../../../../creusot-contracts/src/logic/seq.rs" 210 12 210 85 - let%span snum20 = "../../../../creusot-contracts/src/std/num.rs" 52 28 52 33 + let%span snum20 = "../../../../creusot-contracts/src/std/num.rs" 54 32 54 37 let%span sord21 = "../../../../creusot-contracts/src/logic/ord.rs" 78 39 78 89 let%span sord22 = "../../../../creusot-contracts/src/logic/ord.rs" 83 39 83 86 let%span sord23 = "../../../../creusot-contracts/src/logic/ord.rs" 88 39 88 86 @@ -74,7 +74,7 @@ module M_02_std__binary_search [#"02_std.rs" 8 0 8 40] function view'1 (self : slice UInt32.t) : Seq.seq UInt32.t axiom view'1_spec : forall self : slice UInt32.t . ([%#sslice17] Seq.length (view'1 self) - <= UInt64.to_uint (v_MAX'0 : UInt64.t)) + <= UInt64.t'int (v_MAX'0 : UInt64.t)) && ([%#sslice18] view'1 self = Slice64.id self) function view'0 (self : slice UInt32.t) : Seq.seq UInt32.t = @@ -92,7 +92,7 @@ module M_02_std__binary_search [#"02_std.rs" 8 0 8 40] use prelude.prelude.UInt32 function deep_model'3 (self : UInt32.t) : int = - [%#snum20] UInt32.to_uint self + [%#snum20] UInt32.t'int self function deep_model'1 (self : slice UInt32.t) : Seq.seq int @@ -179,16 +179,15 @@ module M_02_std__binary_search [#"02_std.rs" 8 0 8 40] {[@expl:binary_search requires] [%#sslice4] sorted'0 (deep_model'0 self)} any [ return' (result:t_Result'0)-> {[%#sslice5] forall i : UInt64.t . result = C_Ok'0 i - -> UInt64.to_uint i < Seq.length (view'0 self) - /\ Seq.get (deep_model'1 self) (UInt64.to_uint i) = deep_model'2 x} + -> UInt64.t'int i < Seq.length (view'0 self) /\ Seq.get (deep_model'1 self) (UInt64.t'int i) = deep_model'2 x} {[%#sslice6] forall i : UInt64.t . result = C_Err'0 i - -> UInt64.to_uint i <= Seq.length (view'0 self) + -> UInt64.t'int i <= Seq.length (view'0 self) /\ (forall j : int . 0 <= j /\ j < Seq.length (view'0 self) -> Seq.get (deep_model'0 self) j <> deep_model'2 x)} {[%#sslice7] forall i : UInt64.t . result = C_Err'0 i - -> (forall j : UInt64.t . UInt64.ult j i -> Seq.get (deep_model'0 self) (UInt64.to_uint j) < deep_model'2 x)} + -> (forall j : UInt64.t . UInt64.ult j i -> Seq.get (deep_model'0 self) (UInt64.t'int j) < deep_model'2 x)} {[%#sslice8] forall i : UInt64.t . result = C_Err'0 i - -> (forall j : UInt64.t . UInt64.ule i j /\ UInt64.to_uint j < Seq.length (view'0 self) - -> deep_model'2 x < Seq.get (deep_model'0 self) (UInt64.to_uint j))} + -> (forall j : UInt64.t . UInt64.ule i j /\ UInt64.t'int j < Seq.length (view'0 self) + -> deep_model'2 x < Seq.get (deep_model'0 self) (UInt64.t'int j))} (! return' {result}) ] @@ -208,7 +207,7 @@ module M_02_std__binary_search [#"02_std.rs" 8 0 8 40] let rec binary_search'0 (s:slice UInt32.t) (return' (ret:UInt64.t))= {[@expl:binary_search requires #0] [%#s02_std1] forall i : int . 0 <= i - /\ i < Seq.length (view'0 s) -> UInt32.to_uint (index_logic'0 s i) = i} + /\ i < Seq.length (view'0 s) -> UInt32.t'int (index_logic'0 s i) = i} {[@expl:binary_search requires #1] [%#s02_std2] Seq.length (view'0 s) = 5} (! bb0 [ bb0 = s0 @@ -219,7 +218,7 @@ module M_02_std__binary_search [#"02_std.rs" 8 0 8 40] | bb1 = s0 [ s0 = unwrap'0 {_5} (fun (_ret':UInt64.t) -> [ &ix <- _ret' ] s1) | s1 = bb2 ] | bb2 = s0 - [ s0 = {[@expl:assertion] [%#s02_std0] UInt64.to_uint ix < 5} s1 | s1 = [ &_0 <- ix ] s2 | s2 = return' {_0} ] + [ s0 = {[@expl:assertion] [%#s02_std0] UInt64.t'int ix < 5} s1 | s1 = [ &_0 <- ix ] s2 | s2 = return' {_0} ] ] ) [ & _0 : UInt64.t = any_l () diff --git a/creusot/tests/should_succeed/slices/02_std/why3session.xml b/creusot/tests/should_succeed/slices/02_std/why3session.xml index b614da3d42..06011db6f9 100644 --- a/creusot/tests/should_succeed/slices/02_std/why3session.xml +++ b/creusot/tests/should_succeed/slices/02_std/why3session.xml @@ -7,7 +7,7 @@ - + diff --git a/creusot/tests/should_succeed/slices/02_std/why3shapes.gz b/creusot/tests/should_succeed/slices/02_std/why3shapes.gz index c5db1d7960993e2c7c4decbbadc54014d287fbdf..1f3ad85e5de777e10cb813018dca07107f9ff240 100644 GIT binary patch literal 549 zcmV+=0^0o_iwFP!00000|9w4`Y9NShcVEWZKomG;MV}d|C0;!)LEM>*{dvi6Ua$j2I{o zr~u{1T3mB9V$Q^0hI#GtKpUwZPyL3@Sf+~SV1yXYKdmR98HP~?s;`LV6GsgiZaK%HUliiQNxcw zOuG?fiiTp^d3rqzn4)nJ+O|CAKYm$6l#a^CTHg-{EvP%8n82?# z46@0RfirKEr~Nq?jvk0?w0vqBJB&ow)c;5`r;My`AY+Qrg%~2w%d2G76blzRYYQ%G z?Jo`sMSpLvMFb0;YaQ5PmY4W;4(|A;w~q0T)%zdAxWH=KW7C<^C+^XPe+E`@c$WI~ zh2$^@y(2hJiEU4Wt8Yp4VM`(*JhMM_fAju*^t`yl8jBaYWqMl>Lqn~%lvDi@m7$K4 nWCdJ8C?Sx*Bv1(;fyhM0GLl?|GLTFnDv9?GWX30=bOitau?-3I literal 399 zcmV;A0dW2wiwFP!00000|9z89Ps1<_hVT6qy%jjc`RE7Q4izG555UdhR(WkUDn>iD zYQVooSr@it8#l|2-zTq~+}wqmH(HrZxHaod+jsY29Nygq!zZ=fHe$%M3tSEmvX<-Ixj9FD5ePfmppg?(?5Y%>! z`L34zqOBul%Oy=vI_=Y5ORX77ozp3up}5?kog0oyyTIiH#@Yn|P4@T4tX3sW>7jag zj~Hf{mit4Q*&3G!R&V?Qw%3;%-^54*@6jd*DMGp%MtW@+sn&t{SPehb?jr`l tToPq5S4ydDrew@`reZEQ%nWfcmtj)Gg(_qr3SL0Lf?p>M|H#Ax007Tvz8L@j diff --git a/creusot/tests/should_succeed/sparse_array.coma b/creusot/tests/should_succeed/sparse_array.coma index cfee141971..44d743b7bf 100644 --- a/creusot/tests/should_succeed/sparse_array.coma +++ b/creusot/tests/should_succeed/sparse_array.coma @@ -79,13 +79,13 @@ module M_sparse_array__qyi912363311032332466__get [#"sparse_array.rs" 88 4 88 45 function view'4 (self : t_Vec'0) : Seq.seq UInt64.t - axiom view'4_spec : forall self : t_Vec'0 . [%#svec11] Seq.length (view'4 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) + axiom view'4_spec : forall self : t_Vec'0 . [%#svec11] Seq.length (view'4 self) <= UInt64.t'int (v_MAX'0 : UInt64.t) function view'1 (self : t_Vec'0) : Seq.seq UInt64.t = [%#smodel7] view'4 self predicate in_bounds'0 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq UInt64.t) = - [%#sslice8] UInt64.to_uint self < Seq.length seq + [%#sslice8] UInt64.t'int self < Seq.length seq predicate inv'4 (_1 : UInt64.t) @@ -94,7 +94,7 @@ module M_sparse_array__qyi912363311032332466__get [#"sparse_array.rs" 88 4 88 45 use seq.Seq predicate has_value'0 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq UInt64.t) (out : UInt64.t) = - [%#sslice9] Seq.get seq (UInt64.to_uint self) = out + [%#sslice9] Seq.get seq (UInt64.t'int self) = out let rec index'0 (self:t_Vec'0) (index:UInt64.t) (return' (ret:UInt64.t))= {[@expl:index 'self' type invariant] inv'2 self} {[@expl:index 'index' type invariant] inv'3 index} @@ -113,7 +113,7 @@ module M_sparse_array__qyi912363311032332466__get [#"sparse_array.rs" 88 4 88 45 function view'5 (self : t_Vec'1) : Seq.seq t_T'0 - axiom view'5_spec : forall self : t_Vec'1 . [%#svec11] Seq.length (view'5 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) + axiom view'5_spec : forall self : t_Vec'1 . [%#svec11] Seq.length (view'5 self) <= UInt64.t'int (v_MAX'0 : UInt64.t) use seq.Seq @@ -151,7 +151,7 @@ module M_sparse_array__qyi912363311032332466__get [#"sparse_array.rs" 88 4 88 45 [%#smodel7] view'5 self predicate in_bounds'1 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq t_T'0) = - [%#sslice8] UInt64.to_uint self < Seq.length seq + [%#sslice8] UInt64.t'int self < Seq.length seq predicate invariant'2 (self : t_T'0) = [%#sinvariant12] inv'9 self @@ -163,7 +163,7 @@ module M_sparse_array__qyi912363311032332466__get [#"sparse_array.rs" 88 4 88 45 use seq.Seq predicate has_value'1 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq t_T'0) (out : t_T'0) = - [%#sslice9] Seq.get seq (UInt64.to_uint self) = out + [%#sslice9] Seq.get seq (UInt64.t'int self) = out let rec index'1 (self:t_Vec'1) (index:UInt64.t) (return' (ret:t_T'0))= {[@expl:index 'self' type invariant] inv'5 self} {[@expl:index 'index' type invariant] inv'3 index} @@ -182,15 +182,15 @@ module M_sparse_array__qyi912363311032332466__get [#"sparse_array.rs" 88 4 88 45 [%#sops14] Seq.get (view'4 self) ix predicate invariant'3 [#"sparse_array.rs" 49 4 49 30] (self : t_Sparse'0) = - [%#ssparse_array15] UInt64.to_uint self.t_Sparse__n'0 <= UInt64.to_uint self.t_Sparse__size'0 - /\ Seq.length (view'5 self.t_Sparse__values'0) = UInt64.to_uint self.t_Sparse__size'0 - /\ Seq.length (view'4 self.t_Sparse__idx'0) = UInt64.to_uint self.t_Sparse__size'0 - /\ Seq.length (view'4 self.t_Sparse__back'0) = UInt64.to_uint self.t_Sparse__size'0 - /\ (forall i : int . 0 <= i /\ i < UInt64.to_uint self.t_Sparse__n'0 + [%#ssparse_array15] UInt64.t'int self.t_Sparse__n'0 <= UInt64.t'int self.t_Sparse__size'0 + /\ Seq.length (view'5 self.t_Sparse__values'0) = UInt64.t'int self.t_Sparse__size'0 + /\ Seq.length (view'4 self.t_Sparse__idx'0) = UInt64.t'int self.t_Sparse__size'0 + /\ Seq.length (view'4 self.t_Sparse__back'0) = UInt64.t'int self.t_Sparse__size'0 + /\ (forall i : int . 0 <= i /\ i < UInt64.t'int self.t_Sparse__n'0 -> match index_logic'1 self.t_Sparse__back'0 i with - | j -> 0 <= UInt64.to_uint j - /\ UInt64.to_uint j < UInt64.to_uint self.t_Sparse__size'0 - /\ UInt64.to_uint (index_logic'1 self.t_Sparse__idx'0 (UInt64.to_uint j)) = i + | j -> 0 <= UInt64.t'int j + /\ UInt64.t'int j < UInt64.t'int self.t_Sparse__size'0 + /\ UInt64.t'int (index_logic'1 self.t_Sparse__idx'0 (UInt64.t'int j)) = i end) predicate inv'7 (_1 : t_Sparse'0) @@ -215,8 +215,8 @@ module M_sparse_array__qyi912363311032332466__get [#"sparse_array.rs" 88 4 88 45 use seq.Seq function is_elt'0 [#"sparse_array.rs" 71 4 71 36] (self : t_Sparse'0) (i : int) : bool = - [%#ssparse_array13] UInt64.to_uint (index_logic'1 self.t_Sparse__idx'0 i) < UInt64.to_uint self.t_Sparse__n'0 - /\ UInt64.to_uint (index_logic'1 self.t_Sparse__back'0 (UInt64.to_uint (index_logic'1 self.t_Sparse__idx'0 i))) = i + [%#ssparse_array13] UInt64.t'int (index_logic'1 self.t_Sparse__idx'0 i) < UInt64.t'int self.t_Sparse__n'0 + /\ UInt64.t'int (index_logic'1 self.t_Sparse__back'0 (UInt64.t'int (index_logic'1 self.t_Sparse__idx'0 i))) = i function index_logic'0 [@inline:trivial] (self : t_Vec'1) (ix : int) : t_T'0 = [%#sops14] Seq.get (view'5 self) ix @@ -226,7 +226,7 @@ module M_sparse_array__qyi912363311032332466__get [#"sparse_array.rs" 88 4 88 45 use seq.Seq function view'3 [#"sparse_array.rs" 38 4 38 33] (self : t_Sparse'0) : Seq.seq (t_Option'1) = - [%#ssparse_array10] Seq.create (UInt64.to_uint self.t_Sparse__size'0) (Mapping.from_fn (fun (i : int) -> if is_elt'0 self i then + [%#ssparse_array10] Seq.create (UInt64.t'int self.t_Sparse__size'0) (Mapping.from_fn (fun (i : int) -> if is_elt'0 self i then C_Some'1 (index_logic'0 self.t_Sparse__values'0 i) else C_None'1 @@ -250,7 +250,7 @@ module M_sparse_array__qyi912363311032332466__get [#"sparse_array.rs" 88 4 88 45 meta "compute_max_steps" 1000000 let rec get'0 (self:t_Sparse'0) (i:UInt64.t) (return' (ret:t_Option'0))= {[@expl:get 'self' type invariant] [%#ssparse_array0] inv'0 self} - {[@expl:get requires] [%#ssparse_array1] UInt64.to_uint i < Seq.length (view'0 self)} + {[@expl:get requires] [%#ssparse_array1] UInt64.t'int i < Seq.length (view'0 self)} (! bb0 [ bb0 = s0 [ s0 = index'0 {self.t_Sparse__idx'0} {i} (fun (_ret':UInt64.t) -> [ &_7 <- _ret' ] s1) | s1 = bb1 ] | bb1 = s0 @@ -285,10 +285,10 @@ module M_sparse_array__qyi912363311032332466__get [#"sparse_array.rs" 88 4 88 45 [ return' (result:t_Option'0)-> {[@expl:get result type invariant] [%#ssparse_array2] inv'1 result} {[@expl:get ensures #0] [%#ssparse_array3] match result with - | C_None'0 -> Seq.get (view'0 self) (UInt64.to_uint i) = C_None'1 - | C_Some'0 x -> Seq.get (view'0 self) (UInt64.to_uint i) = C_Some'1 x + | C_None'0 -> Seq.get (view'0 self) (UInt64.t'int i) = C_None'1 + | C_Some'0 x -> Seq.get (view'0 self) (UInt64.t'int i) = C_Some'1 x end} - {[@expl:get ensures #1] [%#ssparse_array4] match Seq.get (view'0 self) (UInt64.to_uint i) with + {[@expl:get ensures #1] [%#ssparse_array4] match Seq.get (view'0 self) (UInt64.t'int i) with | C_None'1 -> result = C_None'0 | C_Some'1 _ -> true end} @@ -361,7 +361,7 @@ module M_sparse_array__qyi912363311032332466__lemma_permutation [#"sparse_array. function view'1 (self : t_Vec'0) : Seq.seq t_T'0 - axiom view'1_spec : forall self : t_Vec'0 . [%#svec8] Seq.length (view'1 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) + axiom view'1_spec : forall self : t_Vec'0 . [%#svec8] Seq.length (view'1 self) <= UInt64.t'int (v_MAX'0 : UInt64.t) use seq.Seq @@ -369,7 +369,7 @@ module M_sparse_array__qyi912363311032332466__lemma_permutation [#"sparse_array. function view'0 (self : t_Vec'1) : Seq.seq UInt64.t - axiom view'0_spec : forall self : t_Vec'1 . [%#svec8] Seq.length (view'0 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) + axiom view'0_spec : forall self : t_Vec'1 . [%#svec8] Seq.length (view'0 self) <= UInt64.t'int (v_MAX'0 : UInt64.t) use seq.Seq @@ -377,15 +377,15 @@ module M_sparse_array__qyi912363311032332466__lemma_permutation [#"sparse_array. [%#sops6] Seq.get (view'0 self) ix predicate invariant'0 [#"sparse_array.rs" 49 4 49 30] (self : t_Sparse'0) = - [%#ssparse_array7] UInt64.to_uint self.t_Sparse__n'0 <= UInt64.to_uint self.t_Sparse__size'0 - /\ Seq.length (view'1 self.t_Sparse__values'0) = UInt64.to_uint self.t_Sparse__size'0 - /\ Seq.length (view'0 self.t_Sparse__idx'0) = UInt64.to_uint self.t_Sparse__size'0 - /\ Seq.length (view'0 self.t_Sparse__back'0) = UInt64.to_uint self.t_Sparse__size'0 - /\ (forall i : int . 0 <= i /\ i < UInt64.to_uint self.t_Sparse__n'0 + [%#ssparse_array7] UInt64.t'int self.t_Sparse__n'0 <= UInt64.t'int self.t_Sparse__size'0 + /\ Seq.length (view'1 self.t_Sparse__values'0) = UInt64.t'int self.t_Sparse__size'0 + /\ Seq.length (view'0 self.t_Sparse__idx'0) = UInt64.t'int self.t_Sparse__size'0 + /\ Seq.length (view'0 self.t_Sparse__back'0) = UInt64.t'int self.t_Sparse__size'0 + /\ (forall i : int . 0 <= i /\ i < UInt64.t'int self.t_Sparse__n'0 -> match index_logic'0 self.t_Sparse__back'0 i with - | j -> 0 <= UInt64.to_uint j - /\ UInt64.to_uint j < UInt64.to_uint self.t_Sparse__size'0 - /\ UInt64.to_uint (index_logic'0 self.t_Sparse__idx'0 (UInt64.to_uint j)) = i + | j -> 0 <= UInt64.t'int j + /\ UInt64.t'int j < UInt64.t'int self.t_Sparse__size'0 + /\ UInt64.t'int (index_logic'0 self.t_Sparse__idx'0 (UInt64.t'int j)) = i end) use seq.Seq @@ -424,8 +424,8 @@ module M_sparse_array__qyi912363311032332466__lemma_permutation [#"sparse_array. use prelude.prelude.Borrow function is_elt'0 [#"sparse_array.rs" 71 4 71 36] (self : t_Sparse'0) (i : int) : bool = - [%#ssparse_array5] UInt64.to_uint (index_logic'0 self.t_Sparse__idx'0 i) < UInt64.to_uint self.t_Sparse__n'0 - /\ UInt64.to_uint (index_logic'0 self.t_Sparse__back'0 (UInt64.to_uint (index_logic'0 self.t_Sparse__idx'0 i))) = i + [%#ssparse_array5] UInt64.t'int (index_logic'0 self.t_Sparse__idx'0 i) < UInt64.t'int self.t_Sparse__n'0 + /\ UInt64.t'int (index_logic'0 self.t_Sparse__back'0 (UInt64.t'int (index_logic'0 self.t_Sparse__idx'0 i))) = i constant self : t_Sparse'0 @@ -433,7 +433,7 @@ module M_sparse_array__qyi912363311032332466__lemma_permutation [#"sparse_array. function lemma_permutation'0 [#"sparse_array.rs" 104 4 104 38] (self : t_Sparse'0) (i : int) : () - goal vc_lemma_permutation'0 : ([%#ssparse_array2] 0 <= i /\ i < UInt64.to_uint self.t_Sparse__size'0) + goal vc_lemma_permutation'0 : ([%#ssparse_array2] 0 <= i /\ i < UInt64.t'int self.t_Sparse__size'0) -> ([%#ssparse_array1] self.t_Sparse__n'0 = self.t_Sparse__size'0) -> ([%#ssparse_array0] inv'0 self) -> ([%#ssparse_array3] is_elt'0 self i) end @@ -510,7 +510,7 @@ module M_sparse_array__qyi912363311032332466__set [#"sparse_array.rs" 112 4 112 function view'3 (self : t_Vec'0) : Seq.seq t_T'0 - axiom view'3_spec : forall self : t_Vec'0 . [%#svec25] Seq.length (view'3 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) + axiom view'3_spec : forall self : t_Vec'0 . [%#svec25] Seq.length (view'3 self) <= UInt64.t'int (v_MAX'0 : UInt64.t) use seq.Seq @@ -571,7 +571,7 @@ module M_sparse_array__qyi912363311032332466__set [#"sparse_array.rs" 112 4 112 [%#smodel21] view'3 self.current predicate in_bounds'0 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq t_T'0) = - [%#sslice23] UInt64.to_uint self < Seq.length seq + [%#sslice23] UInt64.t'int self < Seq.length seq predicate invariant'1 (self : borrowed t_T'0) = [%#sinvariant32] inv'1 self.current /\ inv'1 self.final @@ -583,10 +583,10 @@ module M_sparse_array__qyi912363311032332466__set [#"sparse_array.rs" 112 4 112 use seq.Seq predicate has_value'0 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq t_T'0) (out : t_T'0) = - [%#sslice24] Seq.get seq (UInt64.to_uint self) = out + [%#sslice24] Seq.get seq (UInt64.t'int self) = out predicate resolve_elswhere'0 [@inline:trivial] (self : UInt64.t) (old' : Seq.seq t_T'0) (fin : Seq.seq t_T'0) = - [%#sslice26] forall i : int . 0 <= i /\ i <> UInt64.to_uint self /\ i < Seq.length old' + [%#sslice26] forall i : int . 0 <= i /\ i <> UInt64.t'int self /\ i < Seq.length old' -> Seq.get old' i = Seq.get fin i let rec index_mut'0 (self:borrowed (t_Vec'0)) (index:UInt64.t) (return' (ret:borrowed t_T'0))= {[@expl:index_mut 'self' type invariant] inv'4 self} @@ -619,13 +619,13 @@ module M_sparse_array__qyi912363311032332466__set [#"sparse_array.rs" 112 4 112 function view'6 (self : t_Vec'1) : Seq.seq UInt64.t - axiom view'6_spec : forall self : t_Vec'1 . [%#svec25] Seq.length (view'6 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) + axiom view'6_spec : forall self : t_Vec'1 . [%#svec25] Seq.length (view'6 self) <= UInt64.t'int (v_MAX'0 : UInt64.t) function view'4 (self : t_Vec'1) : Seq.seq UInt64.t = [%#smodel28] view'6 self predicate in_bounds'1 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq UInt64.t) = - [%#sslice23] UInt64.to_uint self < Seq.length seq + [%#sslice23] UInt64.t'int self < Seq.length seq predicate inv'7 (_1 : UInt64.t) @@ -634,7 +634,7 @@ module M_sparse_array__qyi912363311032332466__set [#"sparse_array.rs" 112 4 112 use seq.Seq predicate has_value'1 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq UInt64.t) (out : UInt64.t) = - [%#sslice24] Seq.get seq (UInt64.to_uint self) = out + [%#sslice24] Seq.get seq (UInt64.t'int self) = out let rec index'0 (self:t_Vec'1) (index:UInt64.t) (return' (ret:UInt64.t))= {[@expl:index 'self' type invariant] inv'6 self} {[@expl:index 'index' type invariant] inv'5 index} @@ -649,15 +649,15 @@ module M_sparse_array__qyi912363311032332466__set [#"sparse_array.rs" 112 4 112 [%#sops30] Seq.get (view'6 self) ix predicate invariant'4 [#"sparse_array.rs" 49 4 49 30] (self : t_Sparse'0) = - [%#ssparse_array33] UInt64.to_uint self.t_Sparse__n'0 <= UInt64.to_uint self.t_Sparse__size'0 - /\ Seq.length (view'3 self.t_Sparse__values'0) = UInt64.to_uint self.t_Sparse__size'0 - /\ Seq.length (view'6 self.t_Sparse__idx'0) = UInt64.to_uint self.t_Sparse__size'0 - /\ Seq.length (view'6 self.t_Sparse__back'0) = UInt64.to_uint self.t_Sparse__size'0 - /\ (forall i : int . 0 <= i /\ i < UInt64.to_uint self.t_Sparse__n'0 + [%#ssparse_array33] UInt64.t'int self.t_Sparse__n'0 <= UInt64.t'int self.t_Sparse__size'0 + /\ Seq.length (view'3 self.t_Sparse__values'0) = UInt64.t'int self.t_Sparse__size'0 + /\ Seq.length (view'6 self.t_Sparse__idx'0) = UInt64.t'int self.t_Sparse__size'0 + /\ Seq.length (view'6 self.t_Sparse__back'0) = UInt64.t'int self.t_Sparse__size'0 + /\ (forall i : int . 0 <= i /\ i < UInt64.t'int self.t_Sparse__n'0 -> match index_logic'1 self.t_Sparse__back'0 i with - | j -> 0 <= UInt64.to_uint j - /\ UInt64.to_uint j < UInt64.to_uint self.t_Sparse__size'0 - /\ UInt64.to_uint (index_logic'1 self.t_Sparse__idx'0 (UInt64.to_uint j)) = i + | j -> 0 <= UInt64.t'int j + /\ UInt64.t'int j < UInt64.t'int self.t_Sparse__size'0 + /\ UInt64.t'int (index_logic'1 self.t_Sparse__idx'0 (UInt64.t'int j)) = i end) predicate inv'8 (_1 : t_Sparse'0) @@ -682,15 +682,15 @@ module M_sparse_array__qyi912363311032332466__set [#"sparse_array.rs" 112 4 112 resolve'5 _1 function is_elt'0 [#"sparse_array.rs" 71 4 71 36] (self : t_Sparse'0) (i : int) : bool = - [%#ssparse_array29] UInt64.to_uint (index_logic'1 self.t_Sparse__idx'0 i) < UInt64.to_uint self.t_Sparse__n'0 - /\ UInt64.to_uint (index_logic'1 self.t_Sparse__back'0 (UInt64.to_uint (index_logic'1 self.t_Sparse__idx'0 i))) = i + [%#ssparse_array29] UInt64.t'int (index_logic'1 self.t_Sparse__idx'0 i) < UInt64.t'int self.t_Sparse__n'0 + /\ UInt64.t'int (index_logic'1 self.t_Sparse__back'0 (UInt64.t'int (index_logic'1 self.t_Sparse__idx'0 i))) = i function lemma_permutation'0 [#"sparse_array.rs" 104 4 104 38] (self : t_Sparse'0) (i : int) : () = [%#ssparse_array20] () axiom lemma_permutation'0_spec : forall self : t_Sparse'0, i : int . ([%#ssparse_array16] inv'8 self) -> ([%#ssparse_array17] self.t_Sparse__n'0 = self.t_Sparse__size'0) - -> ([%#ssparse_array18] 0 <= i /\ i < UInt64.to_uint self.t_Sparse__size'0) -> ([%#ssparse_array19] is_elt'0 self i) + -> ([%#ssparse_array18] 0 <= i /\ i < UInt64.t'int self.t_Sparse__size'0) -> ([%#ssparse_array19] is_elt'0 self i) use prelude.prelude.Snapshot @@ -706,7 +706,7 @@ module M_sparse_array__qyi912363311032332466__set [#"sparse_array.rs" 112 4 112 axiom inv_axiom'9 [@rewrite] : forall x : borrowed UInt64.t [inv'10 x] . inv'10 x = true predicate resolve_elswhere'1 [@inline:trivial] (self : UInt64.t) (old' : Seq.seq UInt64.t) (fin : Seq.seq UInt64.t) = - [%#sslice26] forall i : int . 0 <= i /\ i <> UInt64.to_uint self /\ i < Seq.length old' + [%#sslice26] forall i : int . 0 <= i /\ i <> UInt64.t'int self /\ i < Seq.length old' -> Seq.get old' i = Seq.get fin i let rec index_mut'1 (self:borrowed (t_Vec'1)) (index:UInt64.t) (return' (ret:borrowed UInt64.t))= {[@expl:index_mut 'self' type invariant] inv'9 self} @@ -745,7 +745,7 @@ module M_sparse_array__qyi912363311032332466__set [#"sparse_array.rs" 112 4 112 use seq.Seq function view'1 [#"sparse_array.rs" 38 4 38 33] (self : t_Sparse'0) : Seq.seq (t_Option'0) = - [%#ssparse_array22] Seq.create (UInt64.to_uint self.t_Sparse__size'0) (Mapping.from_fn (fun (i : int) -> if is_elt'0 self i then + [%#ssparse_array22] Seq.create (UInt64.t'int self.t_Sparse__size'0) (Mapping.from_fn (fun (i : int) -> if is_elt'0 self i then C_Some'0 (index_logic'0 self.t_Sparse__values'0 i) else C_None'0 @@ -762,7 +762,7 @@ module M_sparse_array__qyi912363311032332466__set [#"sparse_array.rs" 112 4 112 let rec set'0 (self:borrowed (t_Sparse'0)) (i:UInt64.t) (v:t_T'0) (return' (ret:()))= {[@expl:set 'self' type invariant] [%#ssparse_array3] inv'3 self} {[@expl:set 'v' type invariant] [%#ssparse_array4] inv'1 v} - {[@expl:set requires] [%#ssparse_array5] UInt64.to_uint i < Seq.length (view'0 self)} + {[@expl:set requires] [%#ssparse_array5] UInt64.t'int i < Seq.length (view'0 self)} (! bb0 [ bb0 = bb1 | bb1 = s0 @@ -814,8 +814,8 @@ module M_sparse_array__qyi912363311032332466__set [#"sparse_array.rs" 112 4 112 | bb11 = bb12 | bb12 = s0 [ s0 = [ &_25 <- [%#ssparse_array0] Snapshot.new () ] s1 | s1 = bb13 ] | bb13 = s0 - [ s0 = {[@expl:assertion] [%#ssparse_array1] UInt64.to_uint (self.current).t_Sparse__n'0 - < UInt64.to_uint (self.current).t_Sparse__size'0} + [ s0 = {[@expl:assertion] [%#ssparse_array1] UInt64.t'int (self.current).t_Sparse__n'0 + < UInt64.t'int (self.current).t_Sparse__size'0} s1 | s1 = Borrow.borrow_final {(self.current).t_Sparse__idx'0} {Borrow.inherit_id (Borrow.get_id self) 4} (fun (_ret':borrowed (t_Vec'1)) -> @@ -868,9 +868,9 @@ module M_sparse_array__qyi912363311032332466__set [#"sparse_array.rs" 112 4 112 [ return' (result:())-> {[@expl:set ensures #0] [%#ssparse_array6] Seq.length (view'1 self.final) = Seq.length (view'0 self)} {[@expl:set ensures #1] [%#ssparse_array7] forall j : int . 0 <= j - /\ j < Seq.length (view'0 self) /\ j <> UInt64.to_uint i + /\ j < Seq.length (view'0 self) /\ j <> UInt64.t'int i -> Seq.get (view'1 self.final) j = Seq.get (view'0 self) j} - {[@expl:set ensures #2] [%#ssparse_array8] Seq.get (view'1 self.final) (UInt64.to_uint i) = C_Some'0 v} + {[@expl:set ensures #2] [%#ssparse_array8] Seq.get (view'1 self.final) (UInt64.t'int i) = C_Some'0 v} (! return' {result}) ] end @@ -928,7 +928,7 @@ module M_sparse_array__create [#"sparse_array.rs" 134 0 134 64] function view'1 (self : t_Vec'0) : Seq.seq t_T'0 - axiom view'1_spec : forall self : t_Vec'0 . [%#svec10] Seq.length (view'1 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) + axiom view'1_spec : forall self : t_Vec'0 . [%#svec10] Seq.length (view'1 self) <= UInt64.t'int (v_MAX'0 : UInt64.t) use seq.Seq @@ -961,8 +961,8 @@ module M_sparse_array__create [#"sparse_array.rs" 134 0 134 64] let rec from_elem'0 (elem:t_T'0) (n:UInt64.t) (return' (ret:t_Vec'0))= {[@expl:from_elem 'elem' type invariant] inv'0 elem} any [ return' (result:t_Vec'0)-> {inv'2 result} - {[%#svec7] Seq.length (view'1 result) = UInt64.to_uint n} - {[%#svec8] forall i : int . 0 <= i /\ i < UInt64.to_uint n -> index_logic'0 result i = elem} + {[%#svec7] Seq.length (view'1 result) = UInt64.t'int n} + {[%#svec8] forall i : int . 0 <= i /\ i < UInt64.t'int n -> index_logic'0 result i = elem} (! return' {result}) ] @@ -992,7 +992,7 @@ module M_sparse_array__create [#"sparse_array.rs" 134 0 134 64] function view'2 (self : t_Vec'1) : Seq.seq UInt64.t - axiom view'2_spec : forall self : t_Vec'1 . [%#svec10] Seq.length (view'2 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) + axiom view'2_spec : forall self : t_Vec'1 . [%#svec10] Seq.length (view'2 self) <= UInt64.t'int (v_MAX'0 : UInt64.t) use seq.Seq @@ -1002,8 +1002,8 @@ module M_sparse_array__create [#"sparse_array.rs" 134 0 134 64] let rec from_elem'1 (elem:UInt64.t) (n:UInt64.t) (return' (ret:t_Vec'1))= {[@expl:from_elem 'elem' type invariant] inv'3 elem} any [ return' (result:t_Vec'1)-> {inv'4 result} - {[%#svec7] Seq.length (view'2 result) = UInt64.to_uint n} - {[%#svec8] forall i : int . 0 <= i /\ i < UInt64.to_uint n -> index_logic'1 result i = elem} + {[%#svec7] Seq.length (view'2 result) = UInt64.t'int n} + {[%#svec8] forall i : int . 0 <= i /\ i < UInt64.t'int n -> index_logic'1 result i = elem} (! return' {result}) ] @@ -1017,15 +1017,15 @@ module M_sparse_array__create [#"sparse_array.rs" 134 0 134 64] use prelude.prelude.Intrinsic predicate invariant'0 [#"sparse_array.rs" 49 4 49 30] (self : t_Sparse'0) = - [%#ssparse_array13] UInt64.to_uint self.t_Sparse__n'0 <= UInt64.to_uint self.t_Sparse__size'0 - /\ Seq.length (view'1 self.t_Sparse__values'0) = UInt64.to_uint self.t_Sparse__size'0 - /\ Seq.length (view'2 self.t_Sparse__idx'0) = UInt64.to_uint self.t_Sparse__size'0 - /\ Seq.length (view'2 self.t_Sparse__back'0) = UInt64.to_uint self.t_Sparse__size'0 - /\ (forall i : int . 0 <= i /\ i < UInt64.to_uint self.t_Sparse__n'0 + [%#ssparse_array13] UInt64.t'int self.t_Sparse__n'0 <= UInt64.t'int self.t_Sparse__size'0 + /\ Seq.length (view'1 self.t_Sparse__values'0) = UInt64.t'int self.t_Sparse__size'0 + /\ Seq.length (view'2 self.t_Sparse__idx'0) = UInt64.t'int self.t_Sparse__size'0 + /\ Seq.length (view'2 self.t_Sparse__back'0) = UInt64.t'int self.t_Sparse__size'0 + /\ (forall i : int . 0 <= i /\ i < UInt64.t'int self.t_Sparse__n'0 -> match index_logic'1 self.t_Sparse__back'0 i with - | j -> 0 <= UInt64.to_uint j - /\ UInt64.to_uint j < UInt64.to_uint self.t_Sparse__size'0 - /\ UInt64.to_uint (index_logic'1 self.t_Sparse__idx'0 (UInt64.to_uint j)) = i + | j -> 0 <= UInt64.t'int j + /\ UInt64.t'int j < UInt64.t'int self.t_Sparse__size'0 + /\ UInt64.t'int (index_logic'1 self.t_Sparse__idx'0 (UInt64.t'int j)) = i end) predicate inv'1 (_1 : t_Sparse'0) @@ -1045,15 +1045,15 @@ module M_sparse_array__create [#"sparse_array.rs" 134 0 134 64] use prelude.prelude.Borrow function is_elt'0 [#"sparse_array.rs" 71 4 71 36] (self : t_Sparse'0) (i : int) : bool = - [%#ssparse_array12] UInt64.to_uint (index_logic'1 self.t_Sparse__idx'0 i) < UInt64.to_uint self.t_Sparse__n'0 - /\ UInt64.to_uint (index_logic'1 self.t_Sparse__back'0 (UInt64.to_uint (index_logic'1 self.t_Sparse__idx'0 i))) = i + [%#ssparse_array12] UInt64.t'int (index_logic'1 self.t_Sparse__idx'0 i) < UInt64.t'int self.t_Sparse__n'0 + /\ UInt64.t'int (index_logic'1 self.t_Sparse__back'0 (UInt64.t'int (index_logic'1 self.t_Sparse__idx'0 i))) = i use prelude.prelude.Mapping use seq.Seq function view'0 [#"sparse_array.rs" 38 4 38 33] (self : t_Sparse'0) : Seq.seq (t_Option'0) = - [%#ssparse_array9] Seq.create (UInt64.to_uint self.t_Sparse__size'0) (Mapping.from_fn (fun (i : int) -> if is_elt'0 self i then + [%#ssparse_array9] Seq.create (UInt64.t'int self.t_Sparse__size'0) (Mapping.from_fn (fun (i : int) -> if is_elt'0 self i then C_Some'0 (index_logic'0 self.t_Sparse__values'0 i) else C_None'0 @@ -1098,7 +1098,7 @@ module M_sparse_array__create [#"sparse_array.rs" 134 0 134 64] [ return' (result:t_Sparse'0)-> {[@expl:create result type invariant] [%#ssparse_array4] inv'1 result} {[@expl:create ensures #0] [%#ssparse_array5] result.t_Sparse__size'0 = sz} - {[@expl:create ensures #1] [%#ssparse_array6] forall i : int . 0 <= i /\ i < UInt64.to_uint sz + {[@expl:create ensures #1] [%#ssparse_array6] forall i : int . 0 <= i /\ i < UInt64.t'int sz -> Seq.get (view'0 result) i = C_None'0} (! return' {result}) ] @@ -1208,7 +1208,7 @@ module M_sparse_array__f [#"sparse_array.rs" 140 0 140 10] function view'4 (self : t_Vec'0) : Seq.seq Int32.t - axiom view'4_spec : forall self : t_Vec'0 . [%#svec44] Seq.length (view'4 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) + axiom view'4_spec : forall self : t_Vec'0 . [%#svec44] Seq.length (view'4 self) <= UInt64.t'int (v_MAX'0 : UInt64.t) use seq.Seq @@ -1216,7 +1216,7 @@ module M_sparse_array__f [#"sparse_array.rs" 140 0 140 10] function view'5 (self : t_Vec'1) : Seq.seq UInt64.t - axiom view'5_spec : forall self : t_Vec'1 . [%#svec44] Seq.length (view'5 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) + axiom view'5_spec : forall self : t_Vec'1 . [%#svec44] Seq.length (view'5 self) <= UInt64.t'int (v_MAX'0 : UInt64.t) use seq.Seq @@ -1224,15 +1224,15 @@ module M_sparse_array__f [#"sparse_array.rs" 140 0 140 10] [%#sops42] Seq.get (view'5 self) ix predicate invariant'0 [#"sparse_array.rs" 49 4 49 30] (self : t_Sparse'0) = - [%#ssparse_array43] UInt64.to_uint self.t_Sparse__n'0 <= UInt64.to_uint self.t_Sparse__size'0 - /\ Seq.length (view'4 self.t_Sparse__values'0) = UInt64.to_uint self.t_Sparse__size'0 - /\ Seq.length (view'5 self.t_Sparse__idx'0) = UInt64.to_uint self.t_Sparse__size'0 - /\ Seq.length (view'5 self.t_Sparse__back'0) = UInt64.to_uint self.t_Sparse__size'0 - /\ (forall i : int . 0 <= i /\ i < UInt64.to_uint self.t_Sparse__n'0 + [%#ssparse_array43] UInt64.t'int self.t_Sparse__n'0 <= UInt64.t'int self.t_Sparse__size'0 + /\ Seq.length (view'4 self.t_Sparse__values'0) = UInt64.t'int self.t_Sparse__size'0 + /\ Seq.length (view'5 self.t_Sparse__idx'0) = UInt64.t'int self.t_Sparse__size'0 + /\ Seq.length (view'5 self.t_Sparse__back'0) = UInt64.t'int self.t_Sparse__size'0 + /\ (forall i : int . 0 <= i /\ i < UInt64.t'int self.t_Sparse__n'0 -> match index_logic'1 self.t_Sparse__back'0 i with - | j -> 0 <= UInt64.to_uint j - /\ UInt64.to_uint j < UInt64.to_uint self.t_Sparse__size'0 - /\ UInt64.to_uint (index_logic'1 self.t_Sparse__idx'0 (UInt64.to_uint j)) = i + | j -> 0 <= UInt64.t'int j + /\ UInt64.t'int j < UInt64.t'int self.t_Sparse__size'0 + /\ UInt64.t'int (index_logic'1 self.t_Sparse__idx'0 (UInt64.t'int j)) = i end) predicate inv'0 (_1 : t_Sparse'0) @@ -1252,8 +1252,8 @@ module M_sparse_array__f [#"sparse_array.rs" 140 0 140 10] use prelude.prelude.Borrow function is_elt'0 [#"sparse_array.rs" 71 4 71 36] (self : t_Sparse'0) (i : int) : bool = - [%#ssparse_array41] UInt64.to_uint (index_logic'1 self.t_Sparse__idx'0 i) < UInt64.to_uint self.t_Sparse__n'0 - /\ UInt64.to_uint (index_logic'1 self.t_Sparse__back'0 (UInt64.to_uint (index_logic'1 self.t_Sparse__idx'0 i))) = i + [%#ssparse_array41] UInt64.t'int (index_logic'1 self.t_Sparse__idx'0 i) < UInt64.t'int self.t_Sparse__n'0 + /\ UInt64.t'int (index_logic'1 self.t_Sparse__back'0 (UInt64.t'int (index_logic'1 self.t_Sparse__idx'0 i))) = i use seq.Seq @@ -1265,7 +1265,7 @@ module M_sparse_array__f [#"sparse_array.rs" 140 0 140 10] use seq.Seq function view'1 [#"sparse_array.rs" 38 4 38 33] (self : t_Sparse'0) : Seq.seq (t_Option'1) = - [%#ssparse_array39] Seq.create (UInt64.to_uint self.t_Sparse__size'0) (Mapping.from_fn (fun (i : int) -> if is_elt'0 self i then + [%#ssparse_array39] Seq.create (UInt64.t'int self.t_Sparse__size'0) (Mapping.from_fn (fun (i : int) -> if is_elt'0 self i then C_Some'1 (index_logic'0 self.t_Sparse__values'0 i) else C_None'1 @@ -1277,7 +1277,7 @@ module M_sparse_array__f [#"sparse_array.rs" 140 0 140 10] any [ return' (result:t_Sparse'0)-> {[%#ssparse_array24] inv'0 result} {[%#ssparse_array25] result.t_Sparse__size'0 = sz} - {[%#ssparse_array26] forall i : int . 0 <= i /\ i < UInt64.to_uint sz -> Seq.get (view'1 result) i = C_None'1} + {[%#ssparse_array26] forall i : int . 0 <= i /\ i < UInt64.t'int sz -> Seq.get (view'1 result) i = C_None'1} (! return' {result}) ] @@ -1302,14 +1302,14 @@ module M_sparse_array__f [#"sparse_array.rs" 140 0 140 10] axiom inv_axiom'3 [@rewrite] : forall x : t_Option'0 [inv'3 x] . inv'3 x = true let rec get'0 (self:t_Sparse'0) (i:UInt64.t) (return' (ret:t_Option'0))= {[@expl:get 'self' type invariant] [%#ssparse_array27] inv'2 self} - {[@expl:get requires] [%#ssparse_array28] UInt64.to_uint i < Seq.length (view'2 self)} + {[@expl:get requires] [%#ssparse_array28] UInt64.t'int i < Seq.length (view'2 self)} any [ return' (result:t_Option'0)-> {[%#ssparse_array29] inv'3 result} {[%#ssparse_array30] match result with - | C_None'0 -> Seq.get (view'2 self) (UInt64.to_uint i) = C_None'1 - | C_Some'0 x -> Seq.get (view'2 self) (UInt64.to_uint i) = C_Some'1 x + | C_None'0 -> Seq.get (view'2 self) (UInt64.t'int i) = C_None'1 + | C_Some'0 x -> Seq.get (view'2 self) (UInt64.t'int i) = C_Some'1 x end} - {[%#ssparse_array31] match Seq.get (view'2 self) (UInt64.to_uint i) with + {[%#ssparse_array31] match Seq.get (view'2 self) (UInt64.t'int i) with | C_None'1 -> result = C_None'0 | C_Some'1 _ -> true end} @@ -1328,12 +1328,12 @@ module M_sparse_array__f [#"sparse_array.rs" 140 0 140 10] let rec set'0 (self:borrowed (t_Sparse'0)) (i:UInt64.t) (v:Int32.t) (return' (ret:()))= {[@expl:set 'self' type invariant] [%#ssparse_array32] inv'4 self} {[@expl:set 'v' type invariant] [%#ssparse_array33] inv'1 v} - {[@expl:set requires] [%#ssparse_array34] UInt64.to_uint i < Seq.length (view'3 self)} + {[@expl:set requires] [%#ssparse_array34] UInt64.t'int i < Seq.length (view'3 self)} any [ return' (result:())-> {[%#ssparse_array35] Seq.length (view'1 self.final) = Seq.length (view'3 self)} - {[%#ssparse_array36] forall j : int . 0 <= j /\ j < Seq.length (view'3 self) /\ j <> UInt64.to_uint i + {[%#ssparse_array36] forall j : int . 0 <= j /\ j < Seq.length (view'3 self) /\ j <> UInt64.t'int i -> Seq.get (view'1 self.final) j = Seq.get (view'3 self) j} - {[%#ssparse_array37] Seq.get (view'1 self.final) (UInt64.to_uint i) = C_Some'1 v} + {[%#ssparse_array37] Seq.get (view'1 self.final) (UInt64.t'int i) = C_Some'1 v} (! return' {result}) ] diff --git a/creusot/tests/should_succeed/specification/division/why3session.xml b/creusot/tests/should_succeed/specification/division/why3session.xml index 95480aef7e..aa4e52f335 100644 --- a/creusot/tests/should_succeed/specification/division/why3session.xml +++ b/creusot/tests/should_succeed/specification/division/why3session.xml @@ -6,8 +6,8 @@ - - + + diff --git a/creusot/tests/should_succeed/specification/division/why3shapes.gz b/creusot/tests/should_succeed/specification/division/why3shapes.gz index 86db29babc3093bbfa0de6a15461ba1574812005..c1557484aa7817a94ade52dd61c5942f99b5991d 100644 GIT binary patch literal 145 zcmV;C0B-*uiwFP!00000|I^S?D9%VMNG(<*Bqhzl+|a}#H7&)&+(5z5!+;9_GS-U>ssI20SQkUK literal 154 zcmV;L0A>FliwFP!00000|4oiP55gc6MR$G$qjq{vqyZBLm&PugOxNZKBr*uK&?f$S zQ$L8?IrrY-ZYrK`G`hqWHzgm#f!Dm+GV)=##yQwT)-ROf;6v`=2YBk}Sj51p{f;iv z?Am`SlP?%pYc%jEtETNfQN!GQ%+KNdhcQ`8BBZ_31lnk!5K&01EeSA6D~@MiFRqHI IqQ3wD0CjCgS^xk5 diff --git a/creusot/tests/should_succeed/specification/logic_call/why3session.xml b/creusot/tests/should_succeed/specification/logic_call/why3session.xml index 036ff03ef4..86b4b03655 100644 --- a/creusot/tests/should_succeed/specification/logic_call/why3session.xml +++ b/creusot/tests/should_succeed/specification/logic_call/why3session.xml @@ -6,8 +6,8 @@ - - + + diff --git a/creusot/tests/should_succeed/specification/logic_call/why3shapes.gz b/creusot/tests/should_succeed/specification/logic_call/why3shapes.gz index d6bc639411d553871634d44de41c155f36961680..298a3ed92b4da2a2bb088463ddea7bb1cd1479c7 100644 GIT binary patch delta 52 zcmXRcoZzIt$;8Lo#L&ps)Y#A4)X&Gz-_K~1hmWVRsgZ}7iHGOr0D~_E511HupWHf| Iz`(!&0JD7%vH$=8 delta 52 zcmXRcoZzHy>SJbNZ05Da#9*U|pXoLqZ=Wq5e#RSp3=PbUf(^bHJYZtT*3rL_ Iz`(!&0KRq*WB>pF diff --git a/creusot/tests/should_succeed/specification/model.coma b/creusot/tests/should_succeed/specification/model.coma index ee6f1fc93f..374a4ed0c8 100644 --- a/creusot/tests/should_succeed/specification/model.coma +++ b/creusot/tests/should_succeed/specification/model.coma @@ -21,7 +21,7 @@ module M_model__test_arc [#"model.rs" 41 0 41 41] meta "compute_max_steps" 1000000 - let rec test_arc'0 (a:t_Arc'0) (return' (ret:()))= {[@expl:test_arc requires] [%#smodel0] UInt64.to_uint (view'0 a) + let rec test_arc'0 (a:t_Arc'0) (return' (ret:()))= {[@expl:test_arc requires] [%#smodel0] UInt64.t'int (view'0 a) = 0} (! bb0 [ bb0 = bb1 | bb1 = bb2 | bb2 = return' {_0} ] ) [ & _0 : () = any_l () ] [ return' (result:())-> (! return' {result}) ] @@ -50,7 +50,7 @@ module M_model__test_rc [#"model.rs" 44 0 44 37] meta "compute_max_steps" 1000000 - let rec test_rc'0 (v:t_Rc'0) (return' (ret:()))= {[@expl:test_rc requires] [%#smodel0] UInt64.to_uint (view'0 v) = 0} + let rec test_rc'0 (v:t_Rc'0) (return' (ret:()))= {[@expl:test_rc requires] [%#smodel0] UInt64.t'int (view'0 v) = 0} (! bb0 [ bb0 = bb1 | bb1 = bb2 | bb2 = return' {_0} ] ) [ & _0 : () = any_l () ] [ return' (result:())-> (! return' {result}) ] diff --git a/creusot/tests/should_succeed/specification/trusted/why3session.xml b/creusot/tests/should_succeed/specification/trusted/why3session.xml index ad88cdb285..405437192a 100644 --- a/creusot/tests/should_succeed/specification/trusted/why3session.xml +++ b/creusot/tests/should_succeed/specification/trusted/why3session.xml @@ -6,8 +6,8 @@ - - + + diff --git a/creusot/tests/should_succeed/specification/trusted/why3shapes.gz b/creusot/tests/should_succeed/specification/trusted/why3shapes.gz index 2ae39f818f883d2289bac9c23bebb85a5d4906f9..efe9e75be8656527615a61eaaf4310cfdadf0bcd 100644 GIT binary patch delta 51 zcmYdGn_!{WCdMY_DJHf|&2y#Zvd)!in#)!mYjd0C*>+Mbla0-@ldDaREr#L9-j=** H1_lNI&9D(z delta 51 zcmV-30L=epW{@~8X@+L0iK$7(rp6{IDJhATNlBK;NybU$M&^lz2Ik2r3WgpATmZVy J-mqH$002|P75D%E diff --git a/creusot/tests/should_succeed/sum.coma b/creusot/tests/should_succeed/sum.coma index fb21e46493..781636ab6c 100644 --- a/creusot/tests/should_succeed/sum.coma +++ b/creusot/tests/should_succeed/sum.coma @@ -14,7 +14,7 @@ module M_sum__sum_first_n [#"sum.rs" 6 0 6 33] let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 101 0 213 1 let%span srange13 = "../../../creusot-contracts/src/std/iter/range.rs" 71 12 75 76 let%span siter14 = "../../../creusot-contracts/src/std/iter.rs" 107 26 110 17 - let%span snum15 = "../../../creusot-contracts/src/std/num.rs" 52 28 52 33 + let%span snum15 = "../../../creusot-contracts/src/std/num.rs" 54 32 54 37 let%span sops16 = "../../../creusot-contracts/src/std/ops.rs" 201 14 201 86 let%span siter17 = "../../../creusot-contracts/src/std/iter.rs" 86 20 86 24 let%span siter18 = "../../../creusot-contracts/src/std/iter.rs" 92 8 92 19 @@ -51,7 +51,7 @@ module M_sum__sum_first_n [#"sum.rs" 6 0 6 33] use prelude.prelude.UInt32 function deep_model'0 (self : UInt32.t) : int = - [%#snum15] UInt32.to_uint self + [%#snum15] UInt32.t'int self function is_empty_log'0 (self : t_RangeInclusive'0) : bool @@ -180,7 +180,7 @@ module M_sum__sum_first_n [#"sum.rs" 6 0 6 33] meta "compute_max_steps" 1000000 - let rec sum_first_n'0 (n:UInt32.t) (return' (ret:UInt32.t))= {[@expl:sum_first_n requires] [%#ssum7] UInt32.to_uint n + let rec sum_first_n'0 (n:UInt32.t) (return' (ret:UInt32.t))= {[@expl:sum_first_n requires] [%#ssum7] UInt32.t'int n < 1000} (! bb0 [ bb0 = s0 @@ -196,7 +196,7 @@ module M_sum__sum_first_n [#"sum.rs" 6 0 6 33] [ bb5 = {[@expl:for invariant] [%#ssum5] inv'1 (Snapshot.inner produced)} {[@expl:for invariant] [%#ssum5] inv'0 iter} {[@expl:for invariant] [%#ssum5] produces'0 (Snapshot.inner iter_old) (Snapshot.inner produced) iter} - {[@expl:loop invariant] [%#ssum4] UInt32.to_uint sum * 2 + {[@expl:loop invariant] [%#ssum4] UInt32.t'int sum * 2 = Seq.length (Snapshot.inner produced) * (Seq.length (Snapshot.inner produced) + 1)} (! s0) [ s0 = bb6 ] [ bb6 = s0 @@ -247,8 +247,8 @@ module M_sum__sum_first_n [#"sum.rs" 6 0 6 33] | & _23 : Snapshot.snap_ty (Seq.seq UInt32.t) = any_l () | & i : UInt32.t = any_l () ] - [ return' (result:UInt32.t)-> {[@expl:sum_first_n ensures] [%#ssum8] UInt32.to_uint result - = div (UInt32.to_uint n * (UInt32.to_uint n + 1)) 2} + [ return' (result:UInt32.t)-> {[@expl:sum_first_n ensures] [%#ssum8] UInt32.t'int result + = div (UInt32.t'int n * (UInt32.t'int n + 1)) 2} (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/sum/why3session.xml b/creusot/tests/should_succeed/sum/why3session.xml index d2f4b6a825..0688a974c7 100644 --- a/creusot/tests/should_succeed/sum/why3session.xml +++ b/creusot/tests/should_succeed/sum/why3session.xml @@ -12,52 +12,52 @@ - + - + - + - + - + - + - + - + - + - + - - + + - + - + - + - + - + diff --git a/creusot/tests/should_succeed/sum/why3shapes.gz b/creusot/tests/should_succeed/sum/why3shapes.gz index ba1e2996557e82d26fe52098b7b1725c7152d889..68a97a29b9f64db8d05b06d0b280dca1d11786db 100644 GIT binary patch literal 1407 zcmV-_1%Ub=iwFP!00000|E*TZa@$4_z4I$@Q(|7GXP;DjU|hu-UX(*pxUvSb$f%G2 zO@fk>uTKL6z*RDB`64xYdA&F0mk-(Qv)ja7_8hmnvaWv1WcK0LN%O^()$;?*$$TIN z9?4-o5EJ+NM;Bt;EZ232s|VtCjoUWMRsDowdM=7p7zB$)_tBNRWn6EXe@E@VxBEDs zpk(W+r?@ODzuNE0=eS(O3Kf_qU#`vAV7A%TVejJ(dE8B>xyV(n7pH7_#o?$W&uxwC z&~q~%5{4Z5DzwzVWjXY9XsLnAbD;B)!t%K0p{yELc_4&L4z=_!sp3oa(ADZ8YyRED z3%tGRwv3C*etJ0XVKu>Q z>Sfu)Eyf>L=~i&P!g8~X$1sm}+xTT)BKJHGIJ2yG%`vhQ1?&O-ts+iHd^vP#lIrcL z|6?ytG<%3k+avTx_uv)1_VhO2_cdg$sJGktC5DIfKOMA7W#yh?vn<0+8O9TEAip-RcO6H*51vjw zIbW|gtJok4`5|ZS)AF&d+W9%HQme2lt0zRRs~lK|^lAB5y++M^bl(#7>N#HcZk2~z z+ADL=9zC_ZvA8aj&ttJGEawTlzFxrT^m6jX?wlKuuJCs+=N-5`;Bg}^61ly_ z_WQ+xL%@${~ct~-aLi{;URLq8jfpJNC`GH2eH+SU>>|#q6 zXN?eTBansvPPlA78%{(Eb#fuvQ#2jP_C}1xhugBaeUfsDPYRP$vUv4k=AcmP#<^?- zo$aktiNez&%NAlx1Or?2Zxl>(cKu2Cw$FK6on!X$Y9`w*PcJzh7H`iN>Y$6oFhxBD zqi{ZZ|A+dX5kEWuL5%Y(uIIVaSzJ9@aK%x5OhI(@J$n(M#(+DS2&Wj2N+>T#VVrWL z5Sj=VQW1g{Dig#Cu-Ymst+3oOOD$M3iBXvXIA}?O4n!1QdQKHr_|TS#n+(7LvF3)U zj45!%nQ_bs%_I|oB~OAE0X*R%17?A~W-VkP(YI!SaR*LN>3zY1k;!S}q{~2C;1-kx zX+gB~Etq7qOGOkQMUYfMk=pPJ42LpJDa$CaVD3SRAt)JzD4-BDFzsnHAh{<}3Gb81 zD7O@qsip8uFiDGGAZe`&Lb$|CK^BRrAVieWrw$D6$D^Lg1Q;R#Wk@iZO5!9WNeaZ2 zzQYsW1&KoviO@JHlt2UqA*uj^E6E&q#WSibmEVi%DNrW7Vu^8tlhJsO9+;L~MtnME zj9Er41Ivh|#!`JJuy#xt!*IT-ir8ewIJ2Bu4wjSm_z^mIm55QE6GNgZa9VWa1SeKY?OoeWjt2bw zu3`d8sc}weZomOa#^9D4O$tcpy>lghmN#5nTA1K9&H$5z5;93n1#VN)QYg}SQ$Num zUZ05jib;W!COV)_6g-Hem{WKQ+9~Gx=lWDa_#jvT!Ej%sm^4Y66@m$7QZTeVw%oka N$^Vj0#mZ9=002H`v5Wu! literal 1357 zcmV-T1+w}diwFP!00000|E*TblH0fr-Rmo~^S$W}!8fO-7hS1x(VJ{$idz>%f<3D1 zmO8TR%>4Z=*|ID@k~ov>AP_hJ4giY(`A}~E!gt!1d+N4z+x%AQ^22|N{xjCie!&A< zo`jQ*1z4Vh0)KzTMD)IXYZGl247WXY{d&{BE?D4~N7SU#!Riw}W4&F|+k5}dWc_Ei zqh*25*kSWZ>$-`X-L~G-dPB{E1rgcjTQ_lXd+*w`i?m&^Ao1xbs9=I!&DHuwBZCV1 z(%0buJ-FqmUFi0n@2r%+6NGGifz?YL$;P2SC>$>T&iNF{uj$}qC8v0T$4rDFL z{-1X$>t>H#jZHt=U~{ygCf&DS*wJ>k=?B7QtdH6VgMOlX)M8WIGJiT7cwAjKG{R*Q zo1$)pl6vaO#g;btUUH+s`n{ubnrFX`KJV&|wwHClg=f3%&za2(_6xweX{f`7z8qUs z&D^fD+dvZP20X-cj**yOe&pf9;$pO z)sy4saZVGrySLj!C-bNK`Z%&Euxh)m{X%K+_P+x*=DNXG>eqF;dj?piqM^V0ulIew zkYo0|_=vH6d*4t`X~F(gF#Ndw)HcHe&1o78wsrHmp}uVbhy&8c^&jmUEm)Ys4??@y z(^c%j_*Bbq(HyO(NQ3UoE~a{arn|wX*)m67YCNAqEQ=#{#%-BXu0?Uz}qM$RzBbsq4@M^)|&v+{4VFp;&@vg{*+f9Tn0Wj=JI7$ zSm65GH3hJ%*RIFKeg?id-eNeGN2 zNU>x}01wQ&JFZG|-&DWgp$mE3r)e;75psxnF&PGFTtL>3VR zhpZBSmy>c@Gpi-H1X5MmC~ld8m@UuMA(Z}A(Nc8W7|UXkJTo3CY2}3BOjgLXV~1$w z7Y59fNwI7Npvw+j%+h9VnJ|nisN^uk(*D|*E< {iter} @@ -266,7 +265,7 @@ module M_sum_of_odds__compute_sum_of_odd [#"sum_of_odds.rs" 36 0 36 36] | bb11 = s0 [ s0 = [ &produced <- _24 ] s1 | s1 = [ &i <- __creusot_proc_iter_elem ] s2 - | s2 = {[@expl:assertion] [%#ssum_of_odds7] let _ = sum_of_odd_is_sqr'0 (UInt32.to_uint i) in true} s3 + | s2 = {[@expl:assertion] [%#ssum_of_odds7] let _ = sum_of_odd_is_sqr'0 (UInt32.t'int i) in true} s3 | s3 = UInt32.mul {[%#ssum_of_odds8] (2 : UInt32.t)} {i} (fun (_ret':UInt32.t) -> [ &_30 <- _ret' ] s4) | s4 = UInt32.add {_30} {[%#ssum_of_odds9] (1 : UInt32.t)} (fun (_ret':UInt32.t) -> [ &_29 <- _ret' ] s5) | s5 = UInt32.add {s} {_29} (fun (_ret':UInt32.t) -> [ &s <- _ret' ] s6) @@ -292,8 +291,8 @@ module M_sum_of_odds__compute_sum_of_odd [#"sum_of_odds.rs" 36 0 36 36] | & _29 : UInt32.t = any_l () | & _30 : UInt32.t = any_l () ] - [ return' (result:UInt32.t)-> {[@expl:compute_sum_of_odd ensures] [%#ssum_of_odds11] UInt32.to_uint result - = sum_of_odd'0 (UInt32.to_uint x)} + [ return' (result:UInt32.t)-> {[@expl:compute_sum_of_odd ensures] [%#ssum_of_odds11] UInt32.t'int result + = sum_of_odd'0 (UInt32.t'int x)} (! return' {result}) ] end @@ -322,10 +321,10 @@ module M_sum_of_odds__test [#"sum_of_odds.rs" 50 0 50 19] use prelude.prelude.UInt32 - let rec compute_sum_of_odd'0 (x:UInt32.t) (return' (ret:UInt32.t))= {[@expl:compute_sum_of_odd requires] [%#ssum_of_odds2] UInt32.to_uint x + let rec compute_sum_of_odd'0 (x:UInt32.t) (return' (ret:UInt32.t))= {[@expl:compute_sum_of_odd requires] [%#ssum_of_odds2] UInt32.t'int x < 65536} any - [ return' (result:UInt32.t)-> {[%#ssum_of_odds3] UInt32.to_uint result = sum_of_odd'0 (UInt32.to_uint x)} + [ return' (result:UInt32.t)-> {[%#ssum_of_odds3] UInt32.t'int result = sum_of_odd'0 (UInt32.t'int x)} (! return' {result}) ] @@ -347,11 +346,11 @@ module M_sum_of_odds__test [#"sum_of_odds.rs" 50 0 50 19] meta "compute_max_steps" 1000000 - let rec test'0 (x:UInt32.t) (return' (ret:()))= {[@expl:test requires] [%#ssum_of_odds1] UInt32.to_uint x < 65536} + let rec test'0 (x:UInt32.t) (return' (ret:()))= {[@expl:test requires] [%#ssum_of_odds1] UInt32.t'int x < 65536} (! bb0 [ bb0 = s0 [ s0 = compute_sum_of_odd'0 {x} (fun (_ret':UInt32.t) -> [ &y <- _ret' ] s1) | s1 = bb1 ] | bb1 = s0 - [ s0 = {[@expl:assertion] [%#ssum_of_odds0] let _ = sum_of_odd_is_sqr'0 (UInt32.to_uint x) in is_square'0 (UInt32.to_uint y)} + [ s0 = {[@expl:assertion] [%#ssum_of_odds0] let _ = sum_of_odd_is_sqr'0 (UInt32.t'int x) in is_square'0 (UInt32.t'int y)} s1 | s1 = return' {_0} ] ] diff --git a/creusot/tests/should_succeed/sum_of_odds/why3session.xml b/creusot/tests/should_succeed/sum_of_odds/why3session.xml index 015788d29a..0ad41c119d 100644 --- a/creusot/tests/should_succeed/sum_of_odds/why3session.xml +++ b/creusot/tests/should_succeed/sum_of_odds/why3session.xml @@ -3,7 +3,6 @@ "https://www.why3.org/why3session.dtd"> - @@ -21,62 +20,62 @@ - + - + - + - + - + - + - + - + - + - - + + - - + + - - + + - + - + - + - + - + - + diff --git a/creusot/tests/should_succeed/sum_of_odds/why3shapes.gz b/creusot/tests/should_succeed/sum_of_odds/why3shapes.gz index c3a9e8148edb38b02ccbb1a6e0db019cadd019c6..b8843c63505d2668658b67281c2e35ac32312239 100644 GIT binary patch literal 1610 zcmV-Q2DSMgiwFP!00000|E*U^ZyU!FzVlbiO?egq^u9b;2KWpR&5Hvh4|64YwTVz1 znKQJM{Q6YS#%)L`wht1U)m2}8Rb5rx{N-Iyf3Z)oF22QGy{@+ZEkyC|KeM%cZ-2Ef z9^03>egEK*eQDqmBxn{NpPIi`t=Y^z*n0oCs?w?o;SQB(4QBTzGW%6_570f+nR5lwC96yzLy$RBM&+r{EC zeZ=;7q|+j;)_dFBt+x%Fg5aErSr?3LR=?Zr=Xi(i9{VI)-ArH{X+m=0|2FRIHa>SpF-z6% zn9<>|jx;-jbJG#{p-YEHr**c8+t1CH3x}JkdOFR)fmZK53_<3&-ok0H>kWEBw!T5= z)D^L=+U=_67$9pcicRaS{T!RsI!x{XSJ};`xw|M3|D-W?i)_U#H)74D&R%j#%NvrF)YhaSk?0ysN<9=hIy8l-aE<72R zqv4}{S?z(z%GTY^Z_t|WvR*Dn(l18!=DC6sW3kFi<%qJj$~ZK~%s z;LZqq1Hxc>6|^I2LpZQIwH*25X}b5*4tsa_g7io*`#iA$R<4Q+BgvfGpKEdhM`bksW~W<%R7 zj)iAhgqGx3fzbIe*Anvs*^;m~^DMDEnmUBdCo`H!zHVD$HSb>o!)oem&&`%6^)wO5 zP)m91yqH>z`DHisx@Yas;oa&TLe@n0oC| z_mla+=4do$tG7+%mdXi(d9ysJU6yMXMDTGWC5y3ybJ8!bCAb7fqwX48PTzhd$rV>( zy}Wukmlz^K6E}0-XlpmBY<<%5ieGtF)9`2sQ z!)tizF+9A5yQgsX5^fRpwtKv`gxG-_n>ro3m=Evgl6LRs<+)%no2jIw=1e&1trXOH zXM+nt1r{t#G#1#PnP7py4kk`n3Au7iM=7|#0sfqnphOLsQNg23C~+D*l|Dv>qTKqZf!N$WWwi7P}1Rt4q;GlQ>~YoZeK zBzf#yvKB?;lP1JbAxKPw6<8W9ZXsaoXd)^=E|ee|BhNYfDXk<;fzyIuLy*DRV09HF zF-(?(6^#FnK)-bTAg@M!fE7O$T?CxSwwt6ks;a;fRcs? zL-;Fz8fwE!$vsV8FioMHp!5*2!U`V}FQ_n-8_Eo&h7v>ZzX0bRVXYN%%0b&PI0#A= z;@Aa*Rl=cQ$WU#lGE{yKKGHa0Z<&^iMWiGbLByyMoLaP8`GOI{@DI6Alm+jgi=fwp z7S2n}B6K0eQ6TC=>w+0Ze=LxInO7=O$%4}n1*-FrP%SY0GEc1aA`Ig{>PQBm6vm!# z94(9(7&Zb4NfMlXA~@#4X38-6GkkFwEwMD}q#=ovBg_c~zr<6fNN9cOpXV;Zu;A9g z!84>_{DcHqq?jotC_(K2;pk_2B-Fu_A>0L#G_B~}_o0*RC)V}m9)9A?(+A1ap$ I;g%Et0LzLdIsgCw literal 1534 zcmV+k}XQ z981)A^6vwZqD(EbJliL=s;j=Q)@J?oq1gRRk7-vtrR}b2>i-q0`0)FzqFee%&jILp zLAQ5-(Q`|;ck~?CEImB7|E_zp8Qsxt|FCZIx`}blN>0hqRls66xlqVEo!_J`$V z`j8HIIA~$7bxUotuIiSagOZY~*$@r2>p!TzPjfbZ_@^u0tg1W3Hf@XfE^YF>X#ago zMO8o1wxYW2><$X+$8CBYVVl10t8LniWZSgcZ%!eaU3&#%qWLrjs_HszsZQU9TFi2@ zoqF`WS`*Cy;oS5He0Ru4V5gn7N%ejE_XXpoX&z6L@ZGNieH^3g0(*~Bqus$^^oVw^ zcy!8zOA=o zGWxv!($rm_OcT;6?5g^HliH>(f%izC*MBw-Y0ku=H|TR zkHw#c_0;FKhWAeNJ75oZ7tX&v^Y8KZ%a=(@lpw}#SWbm!TF6VBDj;7RT`N())2kBn zWOz_4uBNMV>22E*%;NA}8&B5?cW$;iaeM59668^;mWwNWb)qo^QQuWi9$WJ|#zbKX zAung9L~#OfO<~clPD&)Y60PX2M3_i%IjI!LYtKpv{Ae~jM62uXSBYJ+OR%dKpVtyp ziR{YT+FkUv*WT3<)U-;bgE)pzBCHNO2o8xo`+mI5xm>PZPQtWZOVF#=o3aF5!g2Q+ zPjI}Pr2Bne==Ti4u*iWpcD%Uk_+DrA)`n67FX6Z`!q8VB$j+w5?2?J$v(;)FmOShiA+W*ow6{N6(Ai52QQctp~R4cvQ{%4a?TbM zPm~n5K51EicA#EEkU)`X;dAsHB$rwSZ)~z;lT2P1GYz=Xvth2>GkU<=M1T8GA=cBmZ6HvpB)fmzS97l8n? zP>PVUwwPq(N*7!?E*%$+bH~wf_&>nG5VuAv$Uc+Rf)X&5g4bGyth_1&bKE*^9M?aB zPd;cgk~s6(coB>s78MvJvh|>`5a - + diff --git a/creusot/tests/should_succeed/swap_borrows/why3shapes.gz b/creusot/tests/should_succeed/swap_borrows/why3shapes.gz index 4890e87b27a5fe806cc055e464408277c2cd2f75..b389ddded5b0fe8f7fc5e289caac0f15bbe65a9b 100644 GIT binary patch literal 240 zcmVm>j&7~&_);R;CL|$< ze~&422+)ejPw(@*T*=|dbv($4`=M!1_cE2MJF#)iX<8`K#Wzsy@wGd!CL(w_b3kA( zKzxCVCn4O<8KlGtK6c~#?z|_)ze*lRRZzqSD+OEE^Uxk9jxE0J`}U2);`kgDGH%b~ zt_d?9K1Z&E$lMTPGJbS^@DKg^;P0a1R#DXdU2Uxuf{j~aIi-GR+S9$vE!xH(N3k}AIi^22L)NQ#Ky%Y7Q!!;~^$-}Zg`mST2%4hUrV zF^#(>&V2YRx$;EzMi_vQ)O_%d{CeSUP - - + + - - + + diff --git a/creusot/tests/should_succeed/switch/why3shapes.gz b/creusot/tests/should_succeed/switch/why3shapes.gz index 139e1b2217c25b33b8397b46f1af6eface8d87f8..0919b6b58ba85a0f43c6cd0338a1d4ee28442522 100644 GIT binary patch delta 53 zcmb=fp5Sc|r0e6`qjNb(c=8$DGeMVidV_f;>k6Ok?ePhoq{AZ|EXrfc(-F+Vpq0Ym JJ)ePr0RR%s5byv1 delta 53 zcmb=fp5Se8sfTy64)3KPp|io0&+<;@IeS+4vJbDWuC9)5untc!uLzGVPe(8dL)hi@ JiSrp47yuJA5nliR diff --git a/creusot/tests/should_succeed/switch_struct/why3session.xml b/creusot/tests/should_succeed/switch_struct/why3session.xml index 94cb511bb5..c1f0fcd2b1 100644 --- a/creusot/tests/should_succeed/switch_struct/why3session.xml +++ b/creusot/tests/should_succeed/switch_struct/why3session.xml @@ -6,8 +6,8 @@ - - + + diff --git a/creusot/tests/should_succeed/switch_struct/why3shapes.gz b/creusot/tests/should_succeed/switch_struct/why3shapes.gz index 252536b0a8fe90c16b6c5a0b3afcf8f8a5df5c61..9f1d2f19a4130a148074c200dc13dccb8882caa6 100644 GIT binary patch delta 78 zcmV-U0I~mw0fzyQKt~|Y1fmMegsB2?jNRP0QgaJRD&xWSaB-O=S|lZ>ni?mXSz08e kCK;QhStgkp7$hcJq#0RS8m1^1dKhp40249vLYDvl0KtJ9+5i9m delta 79 zcmV-V0I>gu0f+&RKuC3iFcXL>FcYQ<#4&br<4VmfD5;DG+r!0WlALIoY-wz2Y;I 0} (! bb0 [ bb0 = s0 @@ -44,7 +44,7 @@ module M_02_operators__modulus [#"02_operators.rs" 23 0 23 39] meta "compute_max_steps" 1000000 - let rec modulus'0 (x:UInt64.t) (y:UInt64.t) (return' (ret:UInt64.t))= {[@expl:modulus requires] [%#s02_operators1] UInt64.to_uint y + let rec modulus'0 (x:UInt64.t) (y:UInt64.t) (return' (ret:UInt64.t))= {[@expl:modulus requires] [%#s02_operators1] UInt64.t'int y > 0} (! bb0 [ bb0 = s0 @@ -77,9 +77,9 @@ module M_02_operators__multiply [#"02_operators.rs" 38 0 38 40] meta "compute_max_steps" 1000000 - let rec multiply'0 (x:UInt64.t) (y:UInt64.t) (return' (ret:UInt64.t))= {[@expl:multiply requires] [%#s02_operators0] UInt64.to_uint x - * UInt64.to_uint y - <= UInt64.to_uint (v_MAX'0 : UInt64.t)} + let rec multiply'0 (x:UInt64.t) (y:UInt64.t) (return' (ret:UInt64.t))= {[@expl:multiply requires] [%#s02_operators0] UInt64.t'int x + * UInt64.t'int y + <= UInt64.t'int (v_MAX'0 : UInt64.t)} (! bb0 [ bb0 = s0 [ s0 = UInt64.mul {x} {y} (fun (_ret':UInt64.t) -> [ &_0 <- _ret' ] s1) | s1 = return' {_0} ] ] ) [ & _0 : UInt64.t = any_l () | & x : UInt64.t = x | & y : UInt64.t = y ] @@ -101,9 +101,9 @@ module M_02_operators__add [#"02_operators.rs" 48 0 48 35] meta "compute_max_steps" 1000000 - let rec add'0 (x:UInt64.t) (y:UInt64.t) (return' (ret:UInt64.t))= {[@expl:add requires] [%#s02_operators0] UInt64.to_uint x - + UInt64.to_uint y - <= UInt64.to_uint (v_MAX'0 : UInt64.t)} + let rec add'0 (x:UInt64.t) (y:UInt64.t) (return' (ret:UInt64.t))= {[@expl:add requires] [%#s02_operators0] UInt64.t'int x + + UInt64.t'int y + <= UInt64.t'int (v_MAX'0 : UInt64.t)} (! bb0 [ bb0 = s0 [ s0 = UInt64.add {x} {y} (fun (_ret':UInt64.t) -> [ &_0 <- _ret' ] s1) | s1 = return' {_0} ] ] ) [ & _0 : UInt64.t = any_l () | & x : UInt64.t = x | & y : UInt64.t = y ] @@ -123,8 +123,8 @@ module M_02_operators__sub [#"02_operators.rs" 63 0 63 35] meta "compute_max_steps" 1000000 - let rec sub'0 (x:UInt64.t) (y:UInt64.t) (return' (ret:UInt64.t))= {[@expl:sub requires] [%#s02_operators0] UInt64.to_uint x - - UInt64.to_uint y + let rec sub'0 (x:UInt64.t) (y:UInt64.t) (return' (ret:UInt64.t))= {[@expl:sub requires] [%#s02_operators0] UInt64.t'int x + - UInt64.t'int y >= 0} (! bb0 [ bb0 = s0 [ s0 = UInt64.sub {x} {y} (fun (_ret':UInt64.t) -> [ &_0 <- _ret' ] s1) | s1 = return' {_0} ] ] @@ -151,10 +151,10 @@ module M_02_operators__expression [#"02_operators.rs" 77 0 77 51] meta "compute_max_steps" 1000000 - let rec expression'0 (x:UInt64.t) (y:UInt64.t) (z:UInt64.t) (return' (ret:bool))= {[@expl:expression requires #0] [%#s02_operators2] UInt64.to_uint y + let rec expression'0 (x:UInt64.t) (y:UInt64.t) (z:UInt64.t) (return' (ret:bool))= {[@expl:expression requires #0] [%#s02_operators2] UInt64.t'int y > 0} - {[@expl:expression requires #1] [%#s02_operators3] div (UInt64.to_uint x) (UInt64.to_uint y) * UInt64.to_uint z - <= UInt64.to_uint (v_MAX'0 : UInt64.t)} + {[@expl:expression requires #1] [%#s02_operators3] div (UInt64.t'int x) (UInt64.t'int y) * UInt64.t'int z + <= UInt64.t'int (v_MAX'0 : UInt64.t)} (! bb0 [ bb0 = s0 [ s0 = [ &_10 <- y ] s1 diff --git a/creusot/tests/should_succeed/syntax/02_operators/why3session.xml b/creusot/tests/should_succeed/syntax/02_operators/why3session.xml index f90c18aab0..028001432a 100644 --- a/creusot/tests/should_succeed/syntax/02_operators/why3session.xml +++ b/creusot/tests/should_succeed/syntax/02_operators/why3session.xml @@ -2,43 +2,64 @@ - - + - + - + - + - + - + + + + + + + + + + + + + + + + + + + + + + + - + diff --git a/creusot/tests/should_succeed/syntax/02_operators/why3shapes.gz b/creusot/tests/should_succeed/syntax/02_operators/why3shapes.gz index b936dc96521c979db1f0dccbcd0c3a6541c2cd99..57ccbb939d406ae6e94726eaecc13a8e12e69182 100644 GIT binary patch literal 1011 zcmVqQnVy~eTztV( zY*+Q-rmdJ~SM*vje2VMU<}9xP|5|V3Wwv^DH#Y3OhQ)aM;u1e$J0D0digo>1|i|5l^PU2-tpK)wiqfab0f~PbBE$X@<=Q z)O-NtC*Iee&;Fj1jxIKa@NZ&&cwg)fKaTx1R;+?6{B)GN3NEwtmnlci-7b^(=vmR9 zGA!-~+rw^ecs?CQE%s%~i03llI&QYhwyRafJRV!WOx`KxBDc+~d7S0;7&T6I&y7Pd zy2cqr-Dar|v_VhU86Wn3$IbBUv9~x;|d z^ySvB_@T6H+jTfUd*#GCP=5*eJ5GE+dvq61kD%RknO?ZF(cpt&@WE*C$^GDiezM8w z;Dd1!4BP*Q%!p}b#M_w>yUgrn7rZVg zE(jSW5J7zB^`F$+nQFYlNz!@!$2wvg*Yhd0qEe1_4_zhQfF0??Pgk~bhiG$b(qwcK zPsqRL<4kv<0zOuBM_-b*H(zvfWrP(K$i2Y3?vvBmrktt*J;p8D-gZQ2DzKB_%h;Ry z&uImYewjblAdj1P*OjL$dQk}Q2~32Lc;l20L3tIDQzAucWAHO5+514iw3EzQY+~|E zM`;|lPBZHp55Xh?@gnjlxW** zxbQigEW8USm0~G9W&dA0{9Rnr}TuUvJ5Yii%0V`c; zOH=An6>l9FU9*x6j1?U8U8-X5eMgxo-g5{uG<8*8o6WR$KWK@k}!O{s5iI63T z68Ol+y2xT;UK#XECep;2Y@`;F5@32sU`sG1=n~YSa|CX@=Gsfrmo(=X90v|wN*j|F zgThz+NmN4)(z|4&;b0|N%ajw|Hj=nI!7lr}N}+{IAvCHn%mAfPN031(nb07kzi%_n zOHRpW`PVzY$|bFL)|x<7aY{N7prJB`h{-!Z9dbK}Qt(pHf(Tv7ZOKi^b;(u9Wf6@K hrb${$si2__p^`x(tfJgn=UgU`#Xky}EO%WC005_2{C)rc literal 469 zcmV;`0V@6&j4$bb)Dij7| zFjD?~1UBchxg-=(x;G#DX5Q?3KT*3Md@nn7kcZuBv;M4{ntW(@wO*#pBwx*SOo1 z|GLIt^yG5zoNwB({4?Og^2_x5yVo=ye?v2p{}aupF`Cl#c;LHTrbC6^}+5!j(u6z{6&r#lVkp+9No*& zSIN<5IVT5>j_G%P&$Hqx= z3Oi`T>#U8>hH{3&#&Zl_TW!%ftVt{Es6mwMQ?0>>)xnbx#%!uDIf|*#E9`V5T)d6s zz-bYx;E5rEBu}JS7gpGrMzRPJ2suMp7YoU{Oet~1K$$>cXPfMkEmb421PGBue5njp zP@Ihp6?U%Cgqd7+ozHJosu269 {[@expl:respect_assoc ensures] [%#s04_assoc_prec0] UInt32.to_uint (0 : UInt32.t) - + UInt32.to_uint (1 : UInt32.t) - = 0} - (! return' {result}) ] + [ return' (result:())-> {[@expl:respect_assoc ensures] [%#s04_assoc_prec0] 0 + 1 = 0} (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/syntax/05_pearlite.coma b/creusot/tests/should_succeed/syntax/05_pearlite.coma index bc777d8121..f1d6d43427 100644 --- a/creusot/tests/should_succeed/syntax/05_pearlite.coma +++ b/creusot/tests/should_succeed/syntax/05_pearlite.coma @@ -28,7 +28,7 @@ module M_05_pearlite__has_len_3 [#"05_pearlite.rs" 11 0 11 35] function view'1 (self : slice UInt32.t) : Seq.seq UInt32.t axiom view'1_spec : forall self : slice UInt32.t . ([%#sslice3] Seq.length (view'1 self) - <= UInt64.to_uint (v_MAX'0 : UInt64.t)) + <= UInt64.t'int (v_MAX'0 : UInt64.t)) && ([%#sslice4] view'1 self = Slice64.id self) function view'0 (self : slice UInt32.t) : Seq.seq UInt32.t = diff --git a/creusot/tests/should_succeed/syntax/07_extern_spec/why3session.xml b/creusot/tests/should_succeed/syntax/07_extern_spec/why3session.xml index 0ec67f2516..8c46f2d591 100644 --- a/creusot/tests/should_succeed/syntax/07_extern_spec/why3session.xml +++ b/creusot/tests/should_succeed/syntax/07_extern_spec/why3session.xml @@ -18,7 +18,7 @@ - + diff --git a/creusot/tests/should_succeed/syntax/07_extern_spec/why3shapes.gz b/creusot/tests/should_succeed/syntax/07_extern_spec/why3shapes.gz index 3ead216e2c5a3e1132c77b7a44fab993e4f103f6..81f271bcc543aff4c7eedb49140239ee1a9ef3d4 100644 GIT binary patch literal 156 zcmV;N0Av3jiwFP!00000|BZ?<4}vfdM)&&_9hK=?S}Z26M0dkVuE#Yp2uQ1m|6XDo z92}g!m+!qzq0)tBN$Md>8m4itDphPDgIwqQ?A{XS&?4*GI-1VQT~0p^%2PLtxy28B z>!txPB^$#oL|ylcfzf;I>R3u2tac_SeZ>DFtc85wfR2PM`N~Jf9<3M~cPw#@47>oH K{;^Ei0001(&PGH4 literal 158 zcmV;P0Ac?hiwFP!00000|BcGA4uUWcfZ@GQ(NURt*Y+qTtORz$O0K1i3<5$m@$F5F zgK={ElK(#xa=-8zcln6hJ}vV}k}QrQi+El0b9hI=b*}>4xbA_^+dX#Q;=BygoO|^_ zfbREi8X-^z#9)1bY7EK;xwq$L|n5d8lk(B`|orD&} M3lM!kDA@o20J2p`BLDyZ diff --git a/creusot/tests/should_succeed/syntax/09_maintains.coma b/creusot/tests/should_succeed/syntax/09_maintains.coma index 8355664418..2d1e1cd94f 100644 --- a/creusot/tests/should_succeed/syntax/09_maintains.coma +++ b/creusot/tests/should_succeed/syntax/09_maintains.coma @@ -102,10 +102,10 @@ module M_09_maintains__test_5 [#"09_maintains.rs" 37 0 37 29] meta "compute_max_steps" 1000000 - let rec test_5'0 (a:()) (b:UInt64.t) (return' (ret:()))= {[@expl:test_5 requires] [%#s09_maintains0] inv2'0 a (UInt64.to_uint b + let rec test_5'0 (a:()) (b:UInt64.t) (return' (ret:()))= {[@expl:test_5 requires] [%#s09_maintains0] inv2'0 a (UInt64.t'int b + 0)} (! bb0 [ bb0 = return' {_0} ] ) [ & _0 : () = any_l () ] - [ return' (result:())-> {[@expl:test_5 ensures] [%#s09_maintains0] inv2'0 a (UInt64.to_uint b + 0)} + [ return' (result:())-> {[@expl:test_5 ensures] [%#s09_maintains0] inv2'0 a (UInt64.t'int b + 0)} (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/syntax/09_maintains/why3session.xml b/creusot/tests/should_succeed/syntax/09_maintains/why3session.xml index ed140f13eb..19c6820034 100644 --- a/creusot/tests/should_succeed/syntax/09_maintains/why3session.xml +++ b/creusot/tests/should_succeed/syntax/09_maintains/why3session.xml @@ -8,27 +8,27 @@ - - + + - - + + - - + + - - + + - + diff --git a/creusot/tests/should_succeed/syntax/09_maintains/why3shapes.gz b/creusot/tests/should_succeed/syntax/09_maintains/why3shapes.gz index 8dba95df015cac465310d836c0ec582dd9526717..0ac64c4fb26db12b4490caa7c4440e2afa74e3a0 100644 GIT binary patch literal 294 zcmV+>0onc^iwFP!00000|8w-?nb$3JKoJ~ZPwh&aM+z?8izX@=TqNHH(t2apN5}$=h3t0Ce{B)uiaH{ zW}07kT(mQgFXud@xBvJsZl&K$(9Fzhe+4&Gl^7)gVHReNDFAYSoV+O%Y)(??H&B*R z)*7M*OC}~Hn|zR55Rr9L`~(@5v-3I>oqY<8qZFcRkfNc+yF!L0$SN^9U|}CK=0t3b saa3Ru0u;e8uXCypiZ#W62DUNi0vS^#bV!LCZzc%U7x>I(jSK<+0BVwq@Bjb+ literal 298 zcmV+_0oDE=iwFP!00000|8%`0?qJ^t6@Zk{T&%?LrZj?&f(P?2D+|$5gf0}ut8g*x*bQuQjrYpDm)9_R8Jg|6HDf}b7bvHRK zG`-N&AKHaT*Lxo0^+W2XBM*nRn-^$V{3}>d5nM7=MkG*Flu_PjE>Kw)wY6Bhgjxwt z7K$&yCs&cl7%ULjkOL*JLogC*6fqm)iV0cSSfOE4*aHTmbt)wUC!y9N#mYK}Y=K?M wnIUk>F(e;3YK0`BHX?h=8Z# 0 - /\ Seq.length (Slice64.id x.t_UsesArray__0'0) < UInt64.to_uint (v_MAX'0 : UInt64.t)} + /\ Seq.length (Slice64.id x.t_UsesArray__0'0) < UInt64.t'int (v_MAX'0 : UInt64.t)} (! bb0 [ bb0 = s0 [ s0 = [ &_3 <- [%#s11_array_types0] (0 : UInt64.t) ] s1 - | s1 = [ &_4 <- Slice.length x.t_UsesArray__0'0 ] s2 + | s1 = [ &_4 <- Slice64.length x.t_UsesArray__0'0 ] s2 | s2 = UInt64.lt {_3} {_4} (fun (_ret':bool) -> [ &_5 <- _ret' ] s3) | s3 = {[@expl:index in bounds] [%#s11_array_types1] _5} s4 | s4 = bb1 ] @@ -87,7 +87,7 @@ module M_11_array_types__call_omg [#"11_array_types.rs" 14 0 14 17] let rec omg'0 (x:t_UsesArray'0) (return' (ret:()))= {[@expl:omg requires] [%#s11_array_types2] Seq.length (Slice64.id x.t_UsesArray__0'0) > 0 - /\ Seq.length (Slice64.id x.t_UsesArray__0'0) < UInt64.to_uint (v_MAX'0 : UInt64.t)} + /\ Seq.length (Slice64.id x.t_UsesArray__0'0) < UInt64.t'int (v_MAX'0 : UInt64.t)} any [ return' (result:())-> (! return' {result}) ] use prelude.prelude.Intrinsic diff --git a/creusot/tests/should_succeed/syntax/11_array_types/why3session.xml b/creusot/tests/should_succeed/syntax/11_array_types/why3session.xml index 509cedb428..6886677a56 100644 --- a/creusot/tests/should_succeed/syntax/11_array_types/why3session.xml +++ b/creusot/tests/should_succeed/syntax/11_array_types/why3session.xml @@ -7,12 +7,12 @@ - + - + diff --git a/creusot/tests/should_succeed/syntax/11_array_types/why3shapes.gz b/creusot/tests/should_succeed/syntax/11_array_types/why3shapes.gz index a1f100dbe5e34577ca8583a9357ee61710b35633..8c22dea99268db665487404af0cc80e6af00f994 100644 GIT binary patch literal 291 zcmV+;0o?u{iwFP!00000|CNw2Z-X!pg?Il7Hrh;Q8wjaNl`K{n+NrX-A!8p25`{F7 zsQvdn8jFxBODFs8zI)GpcZ;CknLYNw2@ieUwGTlOEbf`f%+M8eJD9q4_*FFBwzeT? zVZp{ZO$|0fuZ5QW23qE?CZqbiXJKO=scNv@4m;0KE3-tZnZm@Mb?3ae-d40e(YJ(W z)|uw!?Qq209GeTxHGIxSGd2I&8<-k7Z&o`^XgHFm;$`z5lGD?CXhAXj*bm>uZ>sEH ztCvuKyw^zOdQ8|#r8&KVn*P1950b0Dkxd!I>N=B{u_`X3(n>2*NK4MSTS1CwQ-dH^ pbO!txm|4nXX%Q1HmuZx604V{Sa4r&6B`bmi`vC)mvv@WF001z6h(iDX literal 286 zcmV+(0pb21iwFP!00000|8agPzRB8yS{qOM*}f zHv0Cax+&Du+a&XS|78BVWiagNz(a82w*V_0 zI9*Ui#O*j(X_cSAs^Xb4tGtH}a!ReDmb=}!_fSr0=D;d5iHnpADQ~8v?E+D7J`PzXI{B{_>%AX3wP5EDUY5*+K znkl38xlgBz#e!0cKEY|<8k)cLzy&c^?>j9-5@D!yT*VA7OcE_YYqyGVOEMxYF~ALo k3S%Irsv09!tT+jown@dH5MU+405?*61BiL!;Uoe80PW(8rvLx| diff --git a/creusot/tests/should_succeed/syntax/12_ghost_code.coma b/creusot/tests/should_succeed/syntax/12_ghost_code.coma index 7cc05ae546..9a8de49d99 100644 --- a/creusot/tests/should_succeed/syntax/12_ghost_code.coma +++ b/creusot/tests/should_succeed/syntax/12_ghost_code.coma @@ -65,7 +65,7 @@ module M_12_ghost_code__ghost_vec [#"12_ghost_code.rs" 8 0 8 18] function view'0 (self : t_Vec'0) : Seq.seq UInt32.t - axiom view'0_spec : forall self : t_Vec'0 . [%#svec3] Seq.length (view'0 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) + axiom view'0_spec : forall self : t_Vec'0 . [%#svec3] Seq.length (view'0 self) <= UInt64.t'int (v_MAX'0 : UInt64.t) let rec new'0 (_1:()) (return' (ret:t_Vec'0))= any [ return' (result:t_Vec'0)-> {inv'0 result} {[%#svec2] Seq.length (view'0 result) = 0} (! return' {result}) ] @@ -229,7 +229,7 @@ module M_12_ghost_code__ghost_check [#"12_ghost_code.rs" 35 0 35 20] function view'0 (self : t_Vec'0) : Seq.seq Int32.t - axiom view'0_spec : forall self : t_Vec'0 . [%#svec9] Seq.length (view'0 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) + axiom view'0_spec : forall self : t_Vec'0 . [%#svec9] Seq.length (view'0 self) <= UInt64.t'int (v_MAX'0 : UInt64.t) let rec new'0 (_1:()) (return' (ret:t_Vec'0))= any [ return' (result:t_Vec'0)-> {inv'0 result} {[%#svec5] Seq.length (view'0 result) = 0} (! return' {result}) ] @@ -267,9 +267,7 @@ module M_12_ghost_code__ghost_check [#"12_ghost_code.rs" 35 0 35 20] [%#smodel11] view'0 self let rec len'0 (self:t_Vec'0) (return' (ret:UInt64.t))= {[@expl:len 'self' type invariant] inv'3 self} - any - [ return' (result:UInt64.t)-> {[%#svec8] UInt64.to_uint result = Seq.length (view'2 self)} (! return' {result}) ] - + any [ return' (result:UInt64.t)-> {[%#svec8] UInt64.t'int result = Seq.length (view'2 self)} (! return' {result}) ] use prelude.prelude.Intrinsic @@ -330,7 +328,7 @@ module M_12_ghost_code__takes_struct [#"12_ghost_code.rs" 52 0 52 36] use prelude.prelude.UInt32 function view'1 (self : UInt32.t) : int = - [%#smodel3] UInt32.to_uint self + [%#smodel3] UInt32.t'int self function view'0 (self : Snapshot.snap_ty UInt32.t) : int = [%#ssnapshot2] view'1 (Snapshot.inner self) diff --git a/creusot/tests/should_succeed/syntax/12_ghost_code/why3session.xml b/creusot/tests/should_succeed/syntax/12_ghost_code/why3session.xml index e799d62a18..ac25a5210c 100644 --- a/creusot/tests/should_succeed/syntax/12_ghost_code/why3session.xml +++ b/creusot/tests/should_succeed/syntax/12_ghost_code/why3session.xml @@ -7,7 +7,7 @@ - + diff --git a/creusot/tests/should_succeed/syntax/12_ghost_code/why3shapes.gz b/creusot/tests/should_succeed/syntax/12_ghost_code/why3shapes.gz index f33744ab5f0f277bd5327ae4a106bb52fd903556..ce1ce321ea2b0f36a1ba5596680e389d45a8972e 100644 GIT binary patch literal 241 zcmVmvLG_FBkE?IUD8-dAhD67 zzI~J0RISwQyH9t&?(ShhhdrLdK*!JzU5Zas)5Rmn7wqE5z=JJ7@VUZch#z^6V;8PB z$1$@mW*qC6%^L$-#<&-@KykuLTc9}Um$m?T#mbwOUv^upFsJ$!?9B{6noaii8p3P4 znN#$=XEM;ue$~P>Bnte~WAAZ)PgX5#=Z`2$!s(np>+cT| r(yX~eWdv`G;u5q`D0T`~9740!AgOlBEuD12aR=lJl^(P5djS9dFAsJ4 literal 239 zcmVz%rV5J=E<^n|eM}+I*!|{V zZd+S6L(3Gpdj-^nc@9_KXQxlpXz-;Icaco+&yKy>{k>RsqTU{&E%T>y{BC|9$e1ef p7KXOWy@a6z)q_%P4@!%+FLUtRIPG$$oOIv>`vDYeIv{!h007=dZ~OoN diff --git a/creusot/tests/should_succeed/syntax/13_vec_macro.coma b/creusot/tests/should_succeed/syntax/13_vec_macro.coma index 2c0f49dc1b..895ec0e854 100644 --- a/creusot/tests/should_succeed/syntax/13_vec_macro.coma +++ b/creusot/tests/should_succeed/syntax/13_vec_macro.coma @@ -55,7 +55,7 @@ module M_13_vec_macro__x [#"13_vec_macro.rs" 5 0 5 10] function view'0 (self : t_Vec'0) : Seq.seq UInt32.t - axiom view'0_spec : forall self : t_Vec'0 . [%#svec10] Seq.length (view'0 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) + axiom view'0_spec : forall self : t_Vec'0 . [%#svec10] Seq.length (view'0 self) <= UInt64.t'int (v_MAX'0 : UInt64.t) let rec new'0 (_1:()) (return' (ret:t_Vec'0))= any [ return' (result:t_Vec'0)-> {inv'0 result} {[%#svec9] Seq.length (view'0 result) = 0} (! return' {result}) ] @@ -89,7 +89,7 @@ module M_13_vec_macro__x [#"13_vec_macro.rs" 5 0 5 10] function view'1 (self : t_Vec'1) : Seq.seq Int32.t - axiom view'1_spec : forall self : t_Vec'1 . [%#svec10] Seq.length (view'1 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) + axiom view'1_spec : forall self : t_Vec'1 . [%#svec10] Seq.length (view'1 self) <= UInt64.t'int (v_MAX'0 : UInt64.t) use seq.Seq @@ -99,8 +99,8 @@ module M_13_vec_macro__x [#"13_vec_macro.rs" 5 0 5 10] let rec from_elem'0 (elem:Int32.t) (n:UInt64.t) (return' (ret:t_Vec'1))= {[@expl:from_elem 'elem' type invariant] inv'1 elem} any [ return' (result:t_Vec'1)-> {inv'2 result} - {[%#svec11] Seq.length (view'1 result) = UInt64.to_uint n} - {[%#svec12] forall i : int . 0 <= i /\ i < UInt64.to_uint n -> index_logic'0 result i = elem} + {[%#svec11] Seq.length (view'1 result) = UInt64.t'int n} + {[%#svec12] forall i : int . 0 <= i /\ i < UInt64.t'int n -> index_logic'0 result i = elem} (! return' {result}) ] @@ -115,7 +115,7 @@ module M_13_vec_macro__x [#"13_vec_macro.rs" 5 0 5 10] function view'3 (self : slice Int32.t) : Seq.seq Int32.t axiom view'3_spec : forall self : slice Int32.t . ([%#sslice16] Seq.length (view'3 self) - <= UInt64.to_uint (v_MAX'0 : UInt64.t)) + <= UInt64.t'int (v_MAX'0 : UInt64.t)) && ([%#sslice17] view'3 self = Slice64.id self) function view'2 (self : slice Int32.t) : Seq.seq Int32.t = diff --git a/creusot/tests/should_succeed/syntax/13_vec_macro/why3session.xml b/creusot/tests/should_succeed/syntax/13_vec_macro/why3session.xml index 4d9a942eb0..ee01eae4bc 100644 --- a/creusot/tests/should_succeed/syntax/13_vec_macro/why3session.xml +++ b/creusot/tests/should_succeed/syntax/13_vec_macro/why3session.xml @@ -7,7 +7,7 @@ - + diff --git a/creusot/tests/should_succeed/syntax/13_vec_macro/why3shapes.gz b/creusot/tests/should_succeed/syntax/13_vec_macro/why3shapes.gz index 0721f03512f6cf268b8b5f0e599b5b6a73ff34fa..380f430c828b2bfe1dc6fd2b842632ffae140349 100644 GIT binary patch literal 295 zcmV+?0oeW@iwFP!00000|8;fa&O9x^9dyIAdt!nHJGt?S2bJn z;XSO}$&OCV^>g`h0v^h+Bs_@V5lMLv2Nag^KPW0MJP4$UHJwVPY%5v0=PVmLj@oy^ zplKCIOSmc`vuc|U124CpS@m0Q1~4od;v!-}1rb;P`UW$c6_`^3002GVhEf0k literal 294 zcmV+>0onc^iwFP!00000|8@oLfHxp4!LyDFq$pkfe?xdXh37#fpWr{g0K=PDdfQy7p(J*dIvMOVE6<1o3hg zg3X$Un#-$_R5rJS2)e#4Et}tYcM2nwHmkYf-i27pm4j9;9I&YCRg%KW8SjUK`)E(+ z-rE$YAVdod?+N1#&$xYMfe>}Gru=lp{KYLkT39Xx%4hhW=Jly_E!@i`e74_TLx|2j sTgip$I@__zZHcAaNy!J4IjTY>g~^RFJF_*Jkp>NjFMoM{s8|930E{@2g8%>k diff --git a/creusot/tests/should_succeed/syntax/14_const_fns/why3session.xml b/creusot/tests/should_succeed/syntax/14_const_fns/why3session.xml index d21b22d5e5..267e2b486f 100644 --- a/creusot/tests/should_succeed/syntax/14_const_fns/why3session.xml +++ b/creusot/tests/should_succeed/syntax/14_const_fns/why3session.xml @@ -6,8 +6,8 @@ - - + + diff --git a/creusot/tests/should_succeed/syntax/14_const_fns/why3shapes.gz b/creusot/tests/should_succeed/syntax/14_const_fns/why3shapes.gz index 5d7ffb1e3a55d8dd228901d1067b87b50024a906..22762d3912cd13ebdaae7a786054222735840d4b 100644 GIT binary patch literal 190 zcmV;v073sBiwFP!00000|8sM>&!46Rnbo08r>boSQE3Rhs z>su>?pl&nsFaxu2s5wK6hF-BVm2NgPq|TCnxnRbjhMP21(@QXNo4G-lP5|nv`HnMw z1T*B&>yKx%EcgjxSWVtG-oT22LqBTS>JdA;^+0Jy2P1WZDa6TC_=A6K9Uz&*!rKw7 s+x{+J&j=~e73)ZpOt>igoT)NUN-^}KwWsnTq04rr#A`os<3N z&uDWRHyBOgwH3~N*mUw(Ud+m!tg2H#CN%HZaj8e>a*xkhU!Gp!;4{IO&IC>3_2uC? c+vB6Fdx_`LBwtY;Tb>;Z(_|wLRRApo0Jo|$bN~PV diff --git a/creusot/tests/should_succeed/syntax/derive_macros/mixed.coma b/creusot/tests/should_succeed/syntax/derive_macros/mixed.coma index 9f8f33da16..f5bfda7469 100644 --- a/creusot/tests/should_succeed/syntax/derive_macros/mixed.coma +++ b/creusot/tests/should_succeed/syntax/derive_macros/mixed.coma @@ -505,7 +505,7 @@ module M_mixed__qyi9942470069884222103__resolve_coherence [#"mixed.rs" 49 9 49 1 function view'0 (self : t_Vec'0) : Seq.seq UInt32.t - axiom view'0_spec : forall self : t_Vec'0 . [%#svec5] Seq.length (view'0 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) + axiom view'0_spec : forall self : t_Vec'0 . [%#svec5] Seq.length (view'0 self) <= UInt64.t'int (v_MAX'0 : UInt64.t) use seq.Seq @@ -822,7 +822,7 @@ module M_mixed__qyi9942470069884222103__resolve_coherence__refines [#"mixed.rs" function view'0 (self : t_Vec'0) : Seq.seq UInt32.t - axiom view'0_spec : forall self : t_Vec'0 . [%#svec5] Seq.length (view'0 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) + axiom view'0_spec : forall self : t_Vec'0 . [%#svec5] Seq.length (view'0 self) <= UInt64.t'int (v_MAX'0 : UInt64.t) use seq.Seq diff --git a/creusot/tests/should_succeed/syntax/derive_macros/mixed/why3session.xml b/creusot/tests/should_succeed/syntax/derive_macros/mixed/why3session.xml index 44025745ee..aede40e1df 100644 --- a/creusot/tests/should_succeed/syntax/derive_macros/mixed/why3session.xml +++ b/creusot/tests/should_succeed/syntax/derive_macros/mixed/why3session.xml @@ -50,12 +50,12 @@ - + - + diff --git a/creusot/tests/should_succeed/syntax/derive_macros/mixed/why3shapes.gz b/creusot/tests/should_succeed/syntax/derive_macros/mixed/why3shapes.gz index 8e195d02b2e5f74dbcef641f205e0246e94fcc3c..8850865919765bca43cbb0283297cda0073ce110 100644 GIT binary patch literal 1014 zcmVeiwFP!00000|CLtBj^s8Bz56Tr*2$biY7f!}rvbx#$RLNnn4Ai?eTz&buxTX8Y*K65e zIT+Xg?N)zmp2ClAcP*|T{%M*3jbcLTl5QH^sJkP- zDktQ$!bVlZhv(gYtAXe80LTn5Gr&Uz%z6Z<2C8gKrSVziRHHmC4RdLjOT)v`bS_Qj z(sV&LM~U|CYDEk&%Rt))8Z(kOR`>m#qdfW~KIT&w@bV<_)ZdeMmfuu;T_MKj)x%SW z>%Jq0E=zI41pnOph<6`{?i-yAeRmS6so#Sx6J*PeZP-tF^8`0 zYw_pG#uM@1TwNrp&U9mdT!?d*ZW=diE#IY^MsP*z?J;9Gowv7E2gYv6_!M#>KF^h1 z4A|}b#@wz-4&@fG`y0Dw+n&2B5BI3N=iCkc`jyKb*Bzgm&2opBYC+pPffm?8uid`{a4(I67Of?+Zxgy>MZY&*r{WA7p2< z-uj@=?lb!b21k?O7n9+aD+r_Fqy0g}QGP~oMxRq08x%)AzU-6dhl!)JCH51FI4eH5 zVxjm@r8}HoQ=NMT=+_%s$H%{S-|6)}{>wo@yX*VM9lfr8FTY)jqp!i`#~zn&JmyFK z{ja)tnb~BcpiSI9tzY9vcHyul+ueo___3k&>Hsy>b_q}|lF~M=xiRN}!_vXy_-+5t z^|$@6{(8UvH%#TKRIW-btJ2G=^rfoiud}`csEWcT@RVfdT`=B45R$;74no_+OZrOI zSVJueg(OMajN*&+!DF+hTL{59j zU_WHF#&tHKX^j!dbkfGw$j-)2qBgn}36RwS zoY+}qzzdgRt0JNEBvVJ$T4li`JtXd>0Gl}n<&+XulZ|KvXb1#dvOxm*u7#d6|FA}= zQPkjzWGsO-A_Txrv?8@ZYoo9wt0T6t-=TV-l_Wf(f-Xi9C{$2^Q|g4)krYE}TcfE_ k7pgOn^(PUiMUvLEQakC9$Z!|U&}vou4=P~2Kwk_100pxK?*IS* literal 1020 zcmV>?>FRLOx{5br#>2XdkfQ$e$0z5~69)_&9za}H_x+PYdDP54 z?v6X=Zc{FW&n@7)&2LL_ebMBu()k&g&s=-KU%&Ed^joj1ES5*BJH5xzFg_da@*Z^S zX>_&j2YS#=RgO1wfB=Ro2Dv=haeB#M86UF;%rn~ArYDXU^#)PRs&`QdIjh9kY)>iy z;#3L{<x#GW@$bWTe!Y+XE`=9-c-q`Q9{6?hd--iCE?gm zJmxL`{%2i3AK_%7;9cB5ZC~SncA``z?+?3|aCq7Ac5@arlDid9O_K6HZqxc|VDCEH zj^9q3u6yo(b?^KA|1g+KR7K$uI8GFtZM8Gd3Sw}mTA@rz z;M9U@tf3Z#L`O_28bfW8DFC<0MdjMSjpk$*RNLCrx>mI;BwDF0svvb_vN4Dlqy>T| zu~m*1RJ%T_(KeWby3txB9mvE+Q!p_QDyzGntV~jMQlj;+9r2sQxmdUnY39%6(BuFtRXQE6YY6YPu ziBu!j2sMftT+ynAglKd^nXCm2vQZ#dG=Qx}?!chz0u8Znh!R4KEKtZ+wk|X(p|MN? qx - + diff --git a/creusot/tests/should_succeed/take_first_mut/why3shapes.gz b/creusot/tests/should_succeed/take_first_mut/why3shapes.gz index 4689bc2c47a826eba3be764528ba816c7691f1ed..4e38ea4f46d7e9fd4c797e37fd2120d2635dcd2f 100644 GIT binary patch literal 538 zcmV+#0_FW5iwFP!00000|D{yHj@mE~z2_^qWxFSjoy1ACR6!)>schA9)tvjSx-nX6COl!SF4!0P_Dkd9V<-{k@x%@x$q#G zcWS;`Hnon4ivgI(m*!w1h(LNxW{|j|Kn1Q1Fs}lma_$%(ojn#s%cYr%ukDvb0Vzeu z#du~mE=rMR<06}xUFWZMWv#0IiIAvHm6eI!B{y$vtLx6B1Dy*#Qu=hL{d9lA2GuuY z$QjnLtSK@(jjjH`gq;TB(8H(>!xj+cfE}d--AlF_g;4^b8jeH zs8*kv>TDej=m>nUB6HE;&X3DM{72QTAH7pD=fGvBTXQg&JKuj{Jz764JTvc^`Ph1g zti^?8Jrccu1yI-rzA3KVQ9ZlDel7a)<<-FiL_TN_ycH$JGs@e-0JkL90zaIGTusFV`gFY@!x<8t({j^9I4<947R41d~VuD1O z8p%pME>)x3-SBcv3|(p3L7mDktM4%pkuvQ`^+vTr%n^Rt*SJ6sJ_vyX=?G*X^7S0JSc^c6%KYL?ELkMIho51uAfDfO!=lf^&x>ID2dqZMSN9sqME# z0Vzeu#e8NpFXBkkd6CVmE(4&RO{<#miIAv4nIR$jgmPB&L^z_DRcAv59;3jY2nFyB=fob zPN~hAvL1<1zyjy4&2GJ&^*OiIz0dh|&TJp=9(`|_;P?pK9T9 - - + + diff --git a/creusot/tests/should_succeed/traits/01/why3shapes.gz b/creusot/tests/should_succeed/traits/01/why3shapes.gz index 84dd951b239384846235f646da528dce0b727829..bdd3b348abc5307e4c9ef503a8fa1665143b5b30 100644 GIT binary patch literal 116 zcmb2|=3oGW|CcWWX`J)W@z4#^@YdBjcjo-&AcNowm!4>8`kXnV9c<2HT+nQ|;{Z>y zfwRBF;a+Xi?F*I|$>lJKPoJ1s)K%Cu(Y0&iLf2UfCw4l{TDf#%=g!WB69c`vChlC= UG_ieQJEJ(mr1?3Yih-5^0BZ&?WB>pF literal 115 zcmb2|=3oGW|E6cGxf%?37%tc@Kk+Qx%d7Vhql^9nt&L(OAEE{K>{TeKzU*DhvsupW z!Q=HC-bD8{RkD3wdHS2monT=``xVdi7BTLZ`)>V*`GAU2itg-FQtz*Lu1wOB3+2+f SsWod_bQ3?b|D2`8K)V2iUoThy diff --git a/creusot/tests/should_succeed/traits/03/why3session.xml b/creusot/tests/should_succeed/traits/03/why3session.xml index d01fd66f2a..c5eb702225 100644 --- a/creusot/tests/should_succeed/traits/03/why3session.xml +++ b/creusot/tests/should_succeed/traits/03/why3session.xml @@ -8,12 +8,12 @@ - + - + diff --git a/creusot/tests/should_succeed/traits/03/why3shapes.gz b/creusot/tests/should_succeed/traits/03/why3shapes.gz index 2f3113c72a8f40087c1943dd97dcf2f04c7d7ad0..d3da2aff3fcb8b3d00e06265f5f96bd06bd3b150 100644 GIT binary patch literal 232 zcmV@Rbih`&=V>I0ZKCi4X_1|o5h)1ECR&NV zC%Z~ONZTD*IA+^qS0RRAJV{Ebj literal 233 zcmVCapUv{c<8*s+oojd4GvE1k2eSdRubUQH zqaT;$`|Upadq4B3ga6t}d>wgO*7XPfcJ;4w-pKEfZ_R_qXzjU4iM8h_!B;|b%^*=B zF+xBKB@|zri46_f=bAJottdHDV#rFp_QW6-O1z6ah&ZJzgRoO{fE9wz>|#jL=ql!t jOs%BCSiR>!f{r4|K*AIppoVIpU`gf&qXoszb^!nYfaY*( diff --git a/creusot/tests/should_succeed/traits/06/why3session.xml b/creusot/tests/should_succeed/traits/06/why3session.xml index 4ddab335f8..8828bee2c2 100644 --- a/creusot/tests/should_succeed/traits/06/why3session.xml +++ b/creusot/tests/should_succeed/traits/06/why3session.xml @@ -7,7 +7,7 @@ - + diff --git a/creusot/tests/should_succeed/traits/06/why3shapes.gz b/creusot/tests/should_succeed/traits/06/why3shapes.gz index 72a5737848606ef447791a675355d54495d4ec4a..36905ef0bcf61fe4b6215eeb6744ac8bd6cd6605 100644 GIT binary patch delta 55 zcmV-70LcG@0fYgNR4@`PQj8PRlG4nK($Xv~Qd11f%?(XVlM;>6l9N-+(h?PnJPbVy NxBxIyJxr4T003&T6o3E# delta 55 zcmZo+Y+;-bV!#u0#@F|ZkMP;amxX+NeJAVi^!WDl@b+Aqq~oKj - + diff --git a/creusot/tests/should_succeed/traits/07/why3shapes.gz b/creusot/tests/should_succeed/traits/07/why3shapes.gz index 58e00ece6be73ee8efbf0ce31d84697ddec37a32..b19ec76db0c63823b43e66eabe10f72b73a33cd3 100644 GIT binary patch delta 55 zcmV-70LcG-evnKu#3aqg#Ms;-(by!>#56T6#oWl!%+%1#*fQDB+}OlK!Pvvd!_dQk N3jj6LT6T&6005l$A7}so delta 55 zcmV-70LcG-evnKu$k@=##5gs@$RH&t)zZ}1EX~x!)Wpm<*)q+@#KPEA!Pvvd!_dQk N3jm9`_FRep0051mA8G&q diff --git a/creusot/tests/should_succeed/traits/09/why3session.xml b/creusot/tests/should_succeed/traits/09/why3session.xml index 787616aa56..0613db9ebb 100644 --- a/creusot/tests/should_succeed/traits/09/why3session.xml +++ b/creusot/tests/should_succeed/traits/09/why3session.xml @@ -6,12 +6,12 @@ - - + + - + diff --git a/creusot/tests/should_succeed/traits/09/why3shapes.gz b/creusot/tests/should_succeed/traits/09/why3shapes.gz index 28d95cfeb592fcc111b8295d6e0bbb82f350cdd6..0bc0c5e88958ec42deee8c872d36de8a4b39ed96 100644 GIT binary patch literal 188 zcmV;t07L&DiwFP!00000|2@q+4}vflh2g!wqMM3KY3T*y3lBZHE@<%Uc7-GC zKO&ARjS*p3dOh@u9kq8aTOivG;i6suYLFK$Mls1skhDb)40;Noq3zbqH5k+ruv8E8(0002RzfeyA literal 153 zcmV;K0A~LmiwFP!00000|24}^4#FT1K;b>7V5ip200jmQ(9{cb+YEoP3uzK< z?!Lu)$Bx$!;lhFv0bY zfiY!O?rqE_xU4YS*rV4Pz{M0CM#aSl%vwUHeULJfkQuC!3JEcIXHZDZ#VFYu0v~^E Hq5uE@tOP}_ diff --git a/creusot/tests/should_succeed/traits/12_default_method/why3session.xml b/creusot/tests/should_succeed/traits/12_default_method/why3session.xml index 7b541d87cb..44a36311a0 100644 --- a/creusot/tests/should_succeed/traits/12_default_method/why3session.xml +++ b/creusot/tests/should_succeed/traits/12_default_method/why3session.xml @@ -6,8 +6,8 @@ - - + + diff --git a/creusot/tests/should_succeed/traits/12_default_method/why3shapes.gz b/creusot/tests/should_succeed/traits/12_default_method/why3shapes.gz index 5fc78aee93ad2cd4138ebf79c605710de8f32d98..ff3379be26ce1257468290e400a0053b701fa8f9 100644 GIT binary patch delta 79 zcmV-V0I>gx0f+&RKuCashKV6XrKyfkC5CQXsksFumGNLBxwz6S%uJJ$EKE~OQc_JV lj4aJk%q@+~Qqv5L%#%|s%?uTcJPbVyxBw@8oEn4x001o8A0q$& delta 81 zcmV-X0IvUt0g3^TKuXjN!VD8bib_)*p-K$hxKeWqN-E>QMsjf(8m6XNn3yIdCmAFg nB%7L=CmR@~7$qepB^f80TBM~a7 - + diff --git a/creusot/tests/should_succeed/traits/16_impl_cloning/why3shapes.gz b/creusot/tests/should_succeed/traits/16_impl_cloning/why3shapes.gz index 6af1afd4038d1a0b8a0c6bc91d72bc56968b4093..2f8d385197bcfbf8dd92aa48870157b122178381 100644 GIT binary patch literal 237 zcmViFPpe(hNu#vL)TL`>ujGIs|iVL z>Z<>~NwFnw58Mk9Y_@zn;*~}|(J=Ox_{>YbePZ~s#}mcRbi}ErAE7~F5`9cK)$fN7 zAw9!BPB`=!lQ5uekEO7n{DO6$LFd4L_6yd50+Ry`#xG#6vkFW#P%ET3e*xHBDzJXR z`YH)!4({*^81C~!B)ANP?e{QHOyJ&dpz(5==rKLaNA9~bJfrh9{nq~<#hC3{*(y~~ nwQJhKbh`$t#u>uObr?X(Fe# z>e7E-QbpkHIrQp4dfHU;8E-UK3r+Jd#+S-gn`efvJG@Xlr86!A{cr^W)7TC%;nKeE zKe+G=hq&N0U`$+t{JM|afb<3HK!M7E2IULZfdric1=<&|w})y>El|e=zkULkTuLy$ zV7*F!&4B>x3mES5O9Z$KiQV@!QB2?tIMF;_7P_DAA6ML=z%#nu(r^3!Q;d=B>)sx9 n-#Dw9`q(MexQ5KuXxtJul?yi1!2}&tkU_9Njh=S^WdQ&H5pr?# diff --git a/creusot/tests/should_succeed/trigger2.coma b/creusot/tests/should_succeed/trigger2.coma index e08af331bd..1cf2189591 100644 --- a/creusot/tests/should_succeed/trigger2.coma +++ b/creusot/tests/should_succeed/trigger2.coma @@ -41,7 +41,7 @@ module M_trigger2__resolve_seq [#"trigger2.rs" 6 0 6 43] function view'0 (self : t_Vec'0) : Seq.seq (borrowed t_T'0) - axiom view'0_spec : forall self : t_Vec'0 . [%#svec1] Seq.length (view'0 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) + axiom view'0_spec : forall self : t_Vec'0 . [%#svec1] Seq.length (view'0 self) <= UInt64.t'int (v_MAX'0 : UInt64.t) use seq.Seq @@ -113,7 +113,7 @@ module M_trigger2__resolve_seq2 [#"trigger2.rs" 16 0 16 48] function view'0 (self : t_Vec'0) : Seq.seq (borrowed t_T'0) - axiom view'0_spec : forall self : t_Vec'0 . [%#svec5] Seq.length (view'0 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) + axiom view'0_spec : forall self : t_Vec'0 . [%#svec5] Seq.length (view'0 self) <= UInt64.t'int (v_MAX'0 : UInt64.t) use seq.Seq diff --git a/creusot/tests/should_succeed/trigger2/why3session.xml b/creusot/tests/should_succeed/trigger2/why3session.xml index 077433a9b0..5347ab5887 100644 --- a/creusot/tests/should_succeed/trigger2/why3session.xml +++ b/creusot/tests/should_succeed/trigger2/why3session.xml @@ -7,12 +7,12 @@ - + - + diff --git a/creusot/tests/should_succeed/trigger2/why3shapes.gz b/creusot/tests/should_succeed/trigger2/why3shapes.gz index 0b9c16aedf26119935c4ea456b84a94444ba5551..689f7ab3994221acb7372832c89492fc6994d7ce 100644 GIT binary patch literal 226 zcmV<803H7yiwFP!00000|AmgbZo)tiMf?4V?F>|7?;{XFL4!<@)=Fp1E;C@sG2mSs zQO02LFGKb8Z0u09UST`~Uy| literal 228 zcmVH z_1{pkaQ-G>d2XS`743(awu!j5acd1P2tI8r#JGcE(YW#9nQ)D9ux(mw5< zGpHF>=wIiVLc$ZJZx16~oxpwwIR1(cSUPdLyMjHIl?Ny4KMFI&Xl4C+a)Aw(rIc{~C-5*?X;Q2i6pMPNWLuk6S?OI<0#uxNJlN%;$x%L<)`c epnZ1~x#+Ys)_5z8Up3Wi8(<&hJnyA%0RRA$A!z*o diff --git a/creusot/tests/should_succeed/type_invariants/generated/why3session.xml b/creusot/tests/should_succeed/type_invariants/generated/why3session.xml index f609f0be4d..51a0684526 100644 --- a/creusot/tests/should_succeed/type_invariants/generated/why3session.xml +++ b/creusot/tests/should_succeed/type_invariants/generated/why3session.xml @@ -7,7 +7,7 @@ - + diff --git a/creusot/tests/should_succeed/type_invariants/generated/why3shapes.gz b/creusot/tests/should_succeed/type_invariants/generated/why3shapes.gz index 23390a78789235af64ea68b9b030b5c8795deb49..74237b0482b2679f2faa4563e1d53edf1a9d3da1 100644 GIT binary patch literal 224 zcmV<603ZJ!iwFP!00000|4q=bZo?oD2H>5iU~`-44zOjqIhGKeTit45i>Ov>$Bjv( zzI}-aZYMsD|2V|cfv+EK@hiXi%Q~Lt7hdthGi!qj-P?6SD4>`=i3l1u&Np`%-5d%e z_`YuoMPM@6zW|U-0VHWMSo=`v+OCN!g^1%FDy1bUld-2UjgB?#-mlA-7x6iDY7kVL zjK2o4-48^MBUIa*SU^mD5M_3;tg_kly2~&>E#arzK8mpuDCp~Ia9U{L2jzWVOQ&^z a!a=LP 0 + [%#snon_zero2] UInt32.t'int self.t_NonZeroU32__0'0 > 0 predicate inv'0 (_1 : t_NonZeroU32'0) @@ -27,7 +27,7 @@ module M_non_zero__qyi12916758414494363779__new [#"non_zero.rs" 16 4 16 30] (* N meta "compute_max_steps" 1000000 - let rec new'0 (n:UInt32.t) (return' (ret:t_NonZeroU32'0))= {[@expl:new requires] [%#snon_zero0] UInt32.to_uint n > 0} + let rec new'0 (n:UInt32.t) (return' (ret:t_NonZeroU32'0))= {[@expl:new requires] [%#snon_zero0] UInt32.t'int n > 0} (! bb0 [ bb0 = s0 [ s0 = [ &_0 <- { t_NonZeroU32__0'0 = n } ] s1 | s1 = return' {_0} ] ] ) [ & _0 : t_NonZeroU32'0 = any_l () | & n : UInt32.t = n ] @@ -54,7 +54,7 @@ module M_non_zero__qyi12916758414494363779__add [#"non_zero.rs" 21 4 21 39] (* N use prelude.prelude.UInt32 predicate invariant'0 [#"non_zero.rs" 9 4 9 30] (self : t_NonZeroU32'0) = - [%#snon_zero4] UInt32.to_uint self.t_NonZeroU32__0'0 > 0 + [%#snon_zero4] UInt32.t'int self.t_NonZeroU32__0'0 > 0 predicate inv'0 (_1 : t_NonZeroU32'0) @@ -70,8 +70,8 @@ module M_non_zero__qyi12916758414494363779__add [#"non_zero.rs" 21 4 21 39] (* N let rec add'0 (self:t_NonZeroU32'0) (rhs:t_NonZeroU32'0) (return' (ret:t_NonZeroU32'0))= {[@expl:add 'self' type invariant] [%#snon_zero0] inv'0 self} {[@expl:add 'rhs' type invariant] [%#snon_zero1] inv'0 rhs} - {[@expl:add requires] [%#snon_zero2] UInt32.to_uint self.t_NonZeroU32__0'0 + UInt32.to_uint rhs.t_NonZeroU32__0'0 - <= UInt32.to_uint (v_MAX'0 : UInt32.t)} + {[@expl:add requires] [%#snon_zero2] UInt32.t'int self.t_NonZeroU32__0'0 + UInt32.t'int rhs.t_NonZeroU32__0'0 + <= UInt32.t'int (v_MAX'0 : UInt32.t)} (! bb0 [ bb0 = s0 [ s0 = UInt32.add {self.t_NonZeroU32__0'0} {rhs.t_NonZeroU32__0'0} (fun (_ret':UInt32.t) -> [ &_4 <- _ret' ] s1) @@ -105,7 +105,7 @@ module M_non_zero__qyi12916758414494363779__sub_pre_trans [#"non_zero.rs" 36 4 3 use prelude.prelude.UInt32 predicate sub_pre'0 [#"non_zero.rs" 27 4 27 43] (self : t_NonZeroU32'0) (rhs : t_NonZeroU32'0) = - [%#snon_zero4] UInt32.to_uint self.t_NonZeroU32__0'0 > UInt32.to_uint rhs.t_NonZeroU32__0'0 + [%#snon_zero4] UInt32.t'int self.t_NonZeroU32__0'0 > UInt32.t'int rhs.t_NonZeroU32__0'0 constant a : t_NonZeroU32'0 @@ -139,7 +139,7 @@ module M_non_zero__qyi12916758414494363779__sub [#"non_zero.rs" 40 4 40 39] (* N use prelude.prelude.UInt32 predicate invariant'0 [#"non_zero.rs" 9 4 9 30] (self : t_NonZeroU32'0) = - [%#snon_zero5] UInt32.to_uint self.t_NonZeroU32__0'0 > 0 + [%#snon_zero5] UInt32.t'int self.t_NonZeroU32__0'0 > 0 predicate inv'0 (_1 : t_NonZeroU32'0) @@ -150,7 +150,7 @@ module M_non_zero__qyi12916758414494363779__sub [#"non_zero.rs" 40 4 40 39] (* N end) predicate sub_pre'0 [#"non_zero.rs" 27 4 27 43] (self : t_NonZeroU32'0) (rhs : t_NonZeroU32'0) = - [%#snon_zero4] UInt32.to_uint self.t_NonZeroU32__0'0 > UInt32.to_uint rhs.t_NonZeroU32__0'0 + [%#snon_zero4] UInt32.t'int self.t_NonZeroU32__0'0 > UInt32.t'int rhs.t_NonZeroU32__0'0 meta "compute_max_steps" 1000000 diff --git a/creusot/tests/should_succeed/type_invariants/non_zero/why3session.xml b/creusot/tests/should_succeed/type_invariants/non_zero/why3session.xml index bc79e87f42..f34e50acf4 100644 --- a/creusot/tests/should_succeed/type_invariants/non_zero/why3session.xml +++ b/creusot/tests/should_succeed/type_invariants/non_zero/why3session.xml @@ -8,22 +8,22 @@ - + - + - + - + diff --git a/creusot/tests/should_succeed/type_invariants/non_zero/why3shapes.gz b/creusot/tests/should_succeed/type_invariants/non_zero/why3shapes.gz index 961f5e9a48f3366d3ab488c7367989e225ce2b10..d25c9c1c6a86290d3a70142d06d5bd6b6183bd35 100644 GIT binary patch literal 384 zcmV-`0e}7SgBBK60k1d1AM<|s(Iz72w9r`4 zf`-=k-h)HulcB{y;F7k_JOc4(-Dr`heY%%OYx-@r9yQeOy?eTv8$`oPYc}l*cc!mj zxuC1Xh(!|>P0)DK&U{-wL{J?4Hy)3~DxiK_noY+(C$hyqW%;oz$sS*m$NpQ>B&i!Q0#8nU|u7pyYD&evu1hx>7prJ^qn#h3gYSo?Yi}YQtuER9NMrfbwXeSKo(0AbZ{Ldo zHq^8S>Kkgu7z+59=mgReU`H@x#+>eG?8>Gc3#=eze!Ck#%kS;WE}7H%6NqIAQ%1wymAl@@Ktxskhq`m>s9J8R&su7_ z{-@=PezvJl)1w`~;}@uhx%hKKkuv7FRl!uI61>)?ay56(C8&cC#Jx)*%ypw9rW0ssJ@X`6fi diff --git a/creusot/tests/should_succeed/type_invariants/vec_inv.coma b/creusot/tests/should_succeed/type_invariants/vec_inv.coma index 7489ed0092..01856cedef 100644 --- a/creusot/tests/should_succeed/type_invariants/vec_inv.coma +++ b/creusot/tests/should_succeed/type_invariants/vec_inv.coma @@ -50,7 +50,7 @@ module M_vec_inv__vec [#"vec_inv.rs" 18 0 18 32] function view'0 (self : t_Vec'0) : Seq.seq (borrowed (t_SumTo10'0)) - axiom view'0_spec : forall self : t_Vec'0 . [%#svec4] Seq.length (view'0 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) + axiom view'0_spec : forall self : t_Vec'0 . [%#svec4] Seq.length (view'0 self) <= UInt64.t'int (v_MAX'0 : UInt64.t) use seq.Seq diff --git a/creusot/tests/should_succeed/type_invariants/vec_inv/why3session.xml b/creusot/tests/should_succeed/type_invariants/vec_inv/why3session.xml index 4b2c63ab5d..5b16a2314f 100644 --- a/creusot/tests/should_succeed/type_invariants/vec_inv/why3session.xml +++ b/creusot/tests/should_succeed/type_invariants/vec_inv/why3session.xml @@ -7,7 +7,7 @@ - + diff --git a/creusot/tests/should_succeed/type_invariants/vec_inv/why3shapes.gz b/creusot/tests/should_succeed/type_invariants/vec_inv/why3shapes.gz index 302dc23f71d80e072a842dfbaef1ef64f94333ee..00dbb2f0c4649aa2bac207072405fc32c46f4bc3 100644 GIT binary patch literal 274 zcmV+t0qy=DiwFP!00000|9#OxPs1P>fZ;p8qBnG2KH9FW#+fuGgdRL;h&S@Jl8xBX z*|MttUTVcOi}CgX4GS96SVBfkdVY@WDf@K`gfm@WDf@ z0h8GReDDx!05V^I4<3Tx4zJMlYQE3!9h5=}*qnwz`)Ole^oMHuy=nZGqJckr{hx0b zR5<9dZzny^ls~5z72cgat=Cmprg^(i8utCgfokErraZ|?$z;&FkS|b!` Yl#5JkMJf^z3nqYk0W+aK+tC340M)I4h5!Hn literal 278 zcmV+x0qOo9iwFP!00000|9z27Ps1<_K=1h#y#>a_Y10oOhBP5X*?|+t;ud*Xwnen* zXtM(U9*wS|LWtY5{VdD&)gtK+baZ_(xUTnYxJ`;=an0y%Nwo|6c%Z?%cMb>?TjN8d z!91>BI4JfIDVnEK^V|yHz?)Y@6f5#!pw3f>T%ve8hi6a|u$hpd9EA*}nqV%Zn2$n= zxtd@u2rNcHV4)_M3xMS)0G4V3MoYT6>?3}bFormgJ$0Q6k$l*?4^y{$Z#iIP;jf0x ze+^c^nmX6F_2AB#)n$IQru$#ltt_mks$#A=#!vJ87{#IJ7?2s cE6JuiNJ?GkTuYtlR0|F43mDGP*VF+30DPW=D*ylh diff --git a/creusot/tests/should_succeed/unnest/why3session.xml b/creusot/tests/should_succeed/unnest/why3session.xml index 10c5afb93f..ff4e1bb5c6 100644 --- a/creusot/tests/should_succeed/unnest/why3session.xml +++ b/creusot/tests/should_succeed/unnest/why3session.xml @@ -7,7 +7,7 @@ - + diff --git a/creusot/tests/should_succeed/unnest/why3shapes.gz b/creusot/tests/should_succeed/unnest/why3shapes.gz index e38009eee74e9fc1db0694f5b9678daec2b91ba3..83b271054912bc006e97d25755ecd6ec970297a7 100644 GIT binary patch literal 174 zcmV;f08#%RiwFP!00000|6NW^4}vfZz3*4-rgG}s0*eU;FGLg1yPC3HovjCmudd@N+GVFx#Ri7`6TIIM3l3O9f~kr>v4F ch0s}9S*Ns4r7a8!=&UA(}YfYOYXXBT&*J#(!@l z__m5wa#F3@I%o bWx7%Zv?)O=ZL&;qu?O}5K2*zf>;M1&uAWV; diff --git a/creusot/tests/should_succeed/vecdeque.coma b/creusot/tests/should_succeed/vecdeque.coma index b0bfe24f87..d8921165fa 100644 --- a/creusot/tests/should_succeed/vecdeque.coma +++ b/creusot/tests/should_succeed/vecdeque.coma @@ -34,7 +34,7 @@ module M_vecdeque__test_deque [#"vecdeque.rs" 5 0 5 19] let%span sseq32 = "../../../creusot-contracts/src/logic/seq.rs" 150 8 150 27 let%span smodel33 = "../../../creusot-contracts/src/model.rs" 79 8 79 28 let%span soption34 = "../../../creusot-contracts/src/std/option.rs" 11 8 14 9 - let%span snum35 = "../../../creusot-contracts/src/std/num.rs" 52 28 52 33 + let%span snum35 = "../../../creusot-contracts/src/std/num.rs" 54 32 54 37 use prelude.prelude.Int @@ -70,7 +70,7 @@ module M_vecdeque__test_deque [#"vecdeque.rs" 5 0 5 19] function view'0 (self : t_VecDeque'0) : Seq.seq UInt32.t axiom view'0_spec : forall self : t_VecDeque'0 . [%#sdeque29] Seq.length (view'0 self) - <= UInt64.to_uint (v_MAX'0 : UInt64.t) + <= UInt64.t'int (v_MAX'0 : UInt64.t) let rec with_capacity'0 (capacity:UInt64.t) (return' (ret:t_VecDeque'0))= any [ return' (result:t_VecDeque'0)-> {[%#sdeque16] Seq.length (view'0 result) = 0} (! return' {result}) ] @@ -90,7 +90,7 @@ module M_vecdeque__test_deque [#"vecdeque.rs" 5 0 5 19] let rec len'0 (self:t_VecDeque'0) (return' (ret:UInt64.t))= {[@expl:len 'self' type invariant] inv'0 self} any - [ return' (result:UInt64.t)-> {[%#sdeque18] UInt64.to_uint result = Seq.length (view'1 self)} (! return' {result}) ] + [ return' (result:UInt64.t)-> {[%#sdeque18] UInt64.t'int result = Seq.length (view'1 self)} (! return' {result}) ] let rec new'0 (_1:()) (return' (ret:t_VecDeque'0))= any @@ -149,7 +149,7 @@ module M_vecdeque__test_deque [#"vecdeque.rs" 5 0 5 19] use prelude.prelude.UInt32 function deep_model'2 (self : UInt32.t) : int = - [%#snum35] UInt32.to_uint self + [%#snum35] UInt32.t'int self function deep_model'1 (self : t_Option'0) : t_Option'1 = [%#soption34] match self with diff --git a/creusot/tests/should_succeed/vecdeque/why3session.xml b/creusot/tests/should_succeed/vecdeque/why3session.xml index b0599dc328..d097a30f83 100644 --- a/creusot/tests/should_succeed/vecdeque/why3session.xml +++ b/creusot/tests/should_succeed/vecdeque/why3session.xml @@ -2,113 +2,110 @@ - - - - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + diff --git a/creusot/tests/should_succeed/vecdeque/why3shapes.gz b/creusot/tests/should_succeed/vecdeque/why3shapes.gz index f94fd6286bf8fb88922990a91e3f8928b8c8d8a2..f1b045f9fa5982af722b0e037fc99a2451896d8b 100644 GIT binary patch literal 1944 zcmV;J2WR*niwFP!00000|HW5JZ{x@jzUx=$=FJ8Hx~lpaBnM*vq2~}^5(v2&{oFCu zBY9+v7yIv1Bt?m$C|R4ay?{)U&3b?J;!i)%pTC5s@;rYjo9Bo1>hE(s|M@So@Q;6n z$Fllm`z5?Ql;3W|QiScz!)hB|?*DcB-y5-*ZNG(w)eFCYMSs(u!4en!O@D?H#q35o?xE}q#Q?5o{NHgpAuZ0V9gy}{3;&vai?(Eb3-Fj8_8DhH# z(EhP}yA&zf^S6ZS?U%Bds+L^J)BV?VE{_LI$A`U~1L|&!x*MbJ&Z6FU#(%&rLyLI~ z>DOx@2XPMbp~&#OTBiZBur$X|!z9*25lMuG>o8w;Y-^4H7pJJ`ZHjv&Q}GJl1A z(pzjU#3a-^gOjGxYo;CqjZLL%OdYV}8B?jbNG6e8xL+$GnP^CO7M6pha!^Sp79P|m zI%8qm!xWRKQ5oZfGCnY!>)dK-kLy{TtLKBPi>>=u>($jfklvT`?r2=kII3qn^yf}j zmt|8Gj^hgN83r|evWdXSD$>(T1ErdaW>548D0u;>1Jk(S>ZLmdNS_1fAmjCpJD~jo zEqAD42h#3n43ZpyBu_x1b0EnxAkhG%lf4a27Pp>e8YJCZ40~c`>9K^(b^CT3e{)zh zo2S-@<881b`c_Y0Eveb|>h113gY@UIhL+;?)aWJg=Z0RASuo3zI_GZhy8G7k&!c!Q z=~5(n5sTXsV0I_W|9LuLmuOpaXqc<*$)K0;^Hielc`xVaf$Ylk9LQxGx~F|sHm>xa zY;rLb-JZLPE)1dz=c0SEE)1GUFXA-1xR0(l8(rO)gKny2w}uWH0zXejc_-sit3D{Y zGQz#gF2c>zAi`oFVKE)y9d{Gqz47|oP+X#HIZU69vcG{zvLmVTwWVN**mA0brv=FD z7uJyjEA)opq+t!&Y$gF*KoudmoQkvtt+Es>L|Ksk&jGxZUU})sqX#c$nw_o~q!Ef& zQsVte#6Sg#2rSIyx%I~DBNmFukuHiAcsF8`1+=4xkq5O) zPL+~ni7Mx6g)Jq`fmjvb2_p~bkjWGsjg-y=<*JBAXCx(~6r$C~oZ5r(Ag4r_2&&jZ zD2i?7RdlFbL3R+SC@a`Y6ds%hdr^)wIg-r<(2>bCCS5hhA=;9YE4B?VqDQzwmZ_0( zjf!MUQU|EAx=^ZdiJ}l-ns~5LNY{xImU2ouRimX%qEJaCM`Mjq3TkapLE}+-R37Ek za@j>B_SXoTs?gR#$%tz@Z2L&i?gC+RQ!p-T}90$cqu%&A5#OBOU)(|g~M24u1<41;nB^5 z#LA)?JS6|fOZ;JFvZP=$=9C?91z4qp(^%2w6xlPi!{*KODPSE~K`N1|jE-!vrVtpZ zO@my6lhj_SH_~S%VbsE!P?7s^LF>57MQ(P*Dg$9IotM^2^L8pj)RklBis4{#LsHyn zGikJ(l!bTDxdN}mTWbZ0g*7K31Gm%yE_21%z+F+t=F&K-c<7K<_@;_AgrtUdHpDw3y=bH+FxZGlIk2Cv0?S`g6j=;Fn*X0j$J20J9=1Q%RVM(AcNX!080&4Orn z3`a{YnwUY@Y+}l)Cap7NL2b9v+H2*td`~+Prym*ang$>Vo?tOSO;lnsT61Jkr74iHZPa0)|{D~5l(f#OHm1iH$^%V!pq*dopI3581v zI7or0T~3VpaI-8HO~Ctx4Yq2GJRW6D3bWP7=B6fxjPXW)tXaGkW8j!&wx6I0-h7=e|h%ZDG+{_%m#y8kC@5h(ED} eAtQNXhX&CS39P{OgOL6tR2Ud4t0 literal 1905 zcmV-%2afn3iwFP!00000|HW5LZzH)8z3W%#=468atSVNK3^E5}0E2VLUJ?jpKt$l{mYfPnLT~gS+uEJD9KfVfzmHpNDUC_VdBSjov-hS&w_$t27(0zN@SA8Mk_E0&tSR z9uNJ3c*F$(e)|a6&9BFtl>&M%FufNnQvly9r5#L>FWCgA-4(`04Qr;Ig6@I3EI8X&(j~KOhNG3wdiSlq^kFcYEPuPK-=0f` z*^#9dJ*+N^-N^k?5!p4f1veWo)E`yR%+EIcY>yimsbpmUv@7yh`O`CL8ku`agmwxYo?9j?jgD?GBV0uFlrw(Zn&}t#|Ftc zgZ3CNcie-uf1u?aX4smvof?~DM<&@5ljxjD_KZn%VA9FO4Nh)u!o$`@3d0>PZ~m1~-eow$pztsJj@p>+LTMl279d{fg^T(hI@`$%5R?C;hOX z&E~Fu-n{o)|1{EbL6?*qAa1TtjM>gC$bOnWunY7(9XdR#{melxSrASg)Lrc5GrC{) z%Hw%}d#xWfqur_Owle%^vo}-f4$&KR;XqwDr|!vh;h>oe5U1+mPF-_WUFqmxm}=QQ z(SwGtKtHYW7UNQ@-Y0sc!UN_;;cj%Gu-PeWrWM{scM9*w%ejx@0&O4RhT~|57nodj zglb>96f6+?NX~d#fM_pWNA{sG5W`7g-Lly%WlG+cfX#}cNn|*MTrp&88xqa|qPLNw zjTA9LG&4-5VCE|7vq>6i$^u1`WJ94V0XgNXvqiymHCTsFviL<>sl+=ORc1 zj$o%CB()~Qu4QjiP}fT3CY%$3#R}an(L@Ll{6(AwCK zMxsa<3I4AH8f;<1%}KQ_H(yK%fs?I{9T~23l1Ti0IWW|cQ>#|MvsMO1>Nb-T7v_>W z-N{FC-;u)_3)~oM;MOFdM?o!|BvbZA>)b-LCQ|smGzpSs2b6+$J|Ht=5$l6VT7uEu z4{M{PXz{y~)xsi_&?qKnL_#R)Tkw*Nx8BRvn;(`hu?6q}TLNP{=E$~gqiiEnWc;Ctt5Yd8Yjep}ttF@;AqPnaj#BBj z%Wsq0OaG@1Dns#(Lo>;EED&t)S?3%g`^YY`yg~XTSS4wr9I%QvuC~zFsI91m4bBCk zn73r$t)tXhPQ?qfq~aJ*8i06{DO2}Z5Q>6t$G~{k6;usARCYw_g0bR})Kqn@>sBIB zIEsBs9%MqnPz<(IGN)jeQ|8vVRwPq$*T}@Z3l#^<)~LbMT~BhgR#4CqVGG4m-{T}i z@o!J1yPBaP;Obn1(2Db|I!>0nY6;qXvK&Nb-iJ*lAgQ%@C{03c?AceRfLOg(>duO@ z(NT2xUYyvXB1x8904w{NEg4OTTlOAP>&}hicc&$_BvWk_HR4>cwz`J3gjBd}uB8y2 zi%#B`mhpj7t)?+ou+E`Ri8+Xtz><{b-b5Fo^Y6|KjVUIJGnsSKYKg>KNdi<&^-Oag rJw^|I1~+nQTD5^(Yrx7GKvh~Q3Tg;i|AUbJBy#@)1_46fNFM+I#UsH7 diff --git a/creusot/tests/should_succeed/vector/01.coma b/creusot/tests/should_succeed/vector/01.coma index 73e57f4fac..0a00dc31d5 100644 --- a/creusot/tests/should_succeed/vector/01.coma +++ b/creusot/tests/should_succeed/vector/01.coma @@ -34,7 +34,7 @@ module M_01__all_zero [#"01.rs" 7 0 7 33] let%span srange32 = "../../../../creusot-contracts/src/std/iter/range.rs" 42 15 42 32 let%span srange33 = "../../../../creusot-contracts/src/std/iter/range.rs" 43 15 43 32 let%span srange34 = "../../../../creusot-contracts/src/std/iter/range.rs" 44 14 44 42 - let%span snum35 = "../../../../creusot-contracts/src/std/num.rs" 52 28 52 33 + let%span snum35 = "../../../../creusot-contracts/src/std/num.rs" 54 32 54 37 let%span srange36 = "../../../../creusot-contracts/src/std/iter/range.rs" 15 12 15 78 let%span sresolve37 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 let%span sslice38 = "../../../../creusot-contracts/src/std/slice.rs" 140 20 140 37 @@ -82,14 +82,14 @@ module M_01__all_zero [#"01.rs" 7 0 7 33] function view'2 (self : t_Vec'0) : Seq.seq UInt32.t - axiom view'2_spec : forall self : t_Vec'0 . [%#svec23] Seq.length (view'2 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) + axiom view'2_spec : forall self : t_Vec'0 . [%#svec23] Seq.length (view'2 self) <= UInt64.t'int (v_MAX'0 : UInt64.t) function view'3 (self : t_Vec'0) : Seq.seq UInt32.t = [%#smodel24] view'2 self let rec len'0 (self:t_Vec'0) (return' (ret:UInt64.t))= {[@expl:len 'self' type invariant] inv'2 self} any - [ return' (result:UInt64.t)-> {[%#svec11] UInt64.to_uint result = Seq.length (view'3 self)} (! return' {result}) ] + [ return' (result:UInt64.t)-> {[%#svec11] UInt64.t'int result = Seq.length (view'3 self)} (! return' {result}) ] type t_Range'0 = @@ -146,7 +146,7 @@ module M_01__all_zero [#"01.rs" 7 0 7 33] use seq.Seq function deep_model'0 (self : UInt64.t) : int = - [%#snum35] UInt64.to_uint self + [%#snum35] UInt64.t'int self use seq.Seq @@ -224,17 +224,17 @@ module M_01__all_zero [#"01.rs" 7 0 7 33] axiom inv_axiom'6 [@rewrite] : forall x : UInt64.t [inv'6 x] . inv'6 x = true predicate in_bounds'0 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq UInt32.t) = - [%#sslice38] UInt64.to_uint self < Seq.length seq + [%#sslice38] UInt64.t'int self < Seq.length seq predicate inv'7 (_1 : borrowed UInt32.t) axiom inv_axiom'7 [@rewrite] : forall x : borrowed UInt32.t [inv'7 x] . inv'7 x = true predicate has_value'0 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq UInt32.t) (out : UInt32.t) = - [%#sslice39] Seq.get seq (UInt64.to_uint self) = out + [%#sslice39] Seq.get seq (UInt64.t'int self) = out predicate resolve_elswhere'0 [@inline:trivial] (self : UInt64.t) (old' : Seq.seq UInt32.t) (fin : Seq.seq UInt32.t) = - [%#sslice40] forall i : int . 0 <= i /\ i <> UInt64.to_uint self /\ i < Seq.length old' + [%#sslice40] forall i : int . 0 <= i /\ i <> UInt64.t'int self /\ i < Seq.length old' -> Seq.get old' i = Seq.get fin i let rec index_mut'0 (self:borrowed (t_Vec'0)) (index:UInt64.t) (return' (ret:borrowed UInt32.t))= {[@expl:index_mut 'self' type invariant] inv'5 self} diff --git a/creusot/tests/should_succeed/vector/01/why3session.xml b/creusot/tests/should_succeed/vector/01/why3session.xml index 92ffd93a2c..456c578d1f 100644 --- a/creusot/tests/should_succeed/vector/01/why3session.xml +++ b/creusot/tests/should_succeed/vector/01/why3session.xml @@ -2,12 +2,12 @@ - + - + diff --git a/creusot/tests/should_succeed/vector/01/why3shapes.gz b/creusot/tests/should_succeed/vector/01/why3shapes.gz index 76a52227fec09da640edaa97fe8cb76f98664519..81a0c445109ee15764dad88b80c29b59250fc3fb 100644 GIT binary patch literal 570 zcmV-A0>%9wiwFP!00000|BY13j+-zP-SZXMrJdRM0T`;u0*z$BqS;ikxTApt{AN+O9VG%OYMpeGd9xQ0rky1mfNZ;AI7k z(%XIqL#<90!_Y5l-NR6R&Au-Y_i0EF?u`Hrt&zt{b@oKz`B{V_7Oa@V(H%lsU1s<>EERTi)V?J3PjRYR=;w+EG0#iO&9%TZD ze6oV|8dmUHelvUJh=>KT-q|^`?pjOryKKz1t{j#KiYrvWi~W19YpqoaTAeI+mxCY( zx>|1=)f+7c%j{+N>rl(vTY-|~V>+NZwyn~= zZQzI}>C~oFO?TR<_Pi$cNb0p;0Xyi*0h;4Hn_RhfW4;&ip9UUq=@*4j#2v%s#vHZm z98Jc5!@`{cvii_i(bN`jmP zGETHM+D>$JzR^FmsuYA2uTYu&!K%;Vw;?#SQLt5gS<5?z%bl9c-yfXLk6;n@k! zFH?DbWP^ZhKuMyiREA-agkY_d#fV8srBskCFv&5_G0M|C$ypxfQ6Ak|uiwFP!00000|BY17ubMy*zVlajqkUd>c0sVwgL%mY4tkBT+Shs^AK(0*`Lds0CheB?+)j?%v}J9+OlFgp&tCVFN^|rj3hjVLizQWT zHr8)IjWhgJaR+5yKYgnllI92+2j9*|>0gnkx_96Li$dO(hi5CT0Q z@9mA2^qPIEcWf6iLmBAt|B9AWnu332RlO;5%f+Z57bz`Jfm?QI3^!!>MAPZz2c@94 zG@FXM+MtY9v{>c>6=<7sd?P{Yx@qbY7yj-C%9!3uLlr_yWnsT#U$8Y0!qsTA*Ww7# z6P=)hl{gdInTlaM>v{8>W1dCPnnR%!a1j=?4ud$(*D8M(Gy$0aBp{M`5+_kIOTr{bR3Z~dg!cz( K2-^s*1pok`>=ohw diff --git a/creusot/tests/should_succeed/vector/02_gnome.coma b/creusot/tests/should_succeed/vector/02_gnome.coma index ccaf8734d7..42263012e0 100644 --- a/creusot/tests/should_succeed/vector/02_gnome.coma +++ b/creusot/tests/should_succeed/vector/02_gnome.coma @@ -94,7 +94,7 @@ module M_02_gnome__gnome_sort [#"02_gnome.rs" 22 0 24 29] function view'2 (self : t_Vec'0) : Seq.seq t_T'0 - axiom view'2_spec : forall self : t_Vec'0 . [%#svec29] Seq.length (view'2 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) + axiom view'2_spec : forall self : t_Vec'0 . [%#svec29] Seq.length (view'2 self) <= UInt64.t'int (v_MAX'0 : UInt64.t) function view'0 (self : borrowed (t_Vec'0)) : Seq.seq t_T'0 = [%#smodel12] view'2 self.current @@ -238,7 +238,7 @@ module M_02_gnome__gnome_sort [#"02_gnome.rs" 22 0 24 29] let rec len'0 (self:t_Vec'0) (return' (ret:UInt64.t))= {[@expl:len 'self' type invariant] inv'4 self} any - [ return' (result:UInt64.t)-> {[%#svec17] UInt64.to_uint result = Seq.length (view'4 self)} (! return' {result}) ] + [ return' (result:UInt64.t)-> {[%#svec17] UInt64.t'int result = Seq.length (view'4 self)} (! return' {result}) ] predicate inv'5 (_1 : UInt64.t) @@ -246,7 +246,7 @@ module M_02_gnome__gnome_sort [#"02_gnome.rs" 22 0 24 29] axiom inv_axiom'5 [@rewrite] : forall x : UInt64.t [inv'5 x] . inv'5 x = true predicate in_bounds'0 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq t_T'0) = - [%#sslice31] UInt64.to_uint self < Seq.length seq + [%#sslice31] UInt64.t'int self < Seq.length seq predicate invariant'5 (self : t_T'0) = [%#sinvariant54] inv'8 self @@ -256,7 +256,7 @@ module M_02_gnome__gnome_sort [#"02_gnome.rs" 22 0 24 29] axiom inv_axiom'6 [@rewrite] : forall x : t_T'0 [inv'6 x] . inv'6 x = invariant'5 x predicate has_value'0 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq t_T'0) (out : t_T'0) = - [%#sslice32] Seq.get seq (UInt64.to_uint self) = out + [%#sslice32] Seq.get seq (UInt64.t'int self) = out let rec index'0 (self:t_Vec'0) (index:UInt64.t) (return' (ret:t_T'0))= {[@expl:index 'self' type invariant] inv'4 self} {[@expl:index 'index' type invariant] inv'5 index} @@ -289,7 +289,7 @@ module M_02_gnome__gnome_sort [#"02_gnome.rs" 22 0 24 29] function view'6 (self : slice t_T'0) : Seq.seq t_T'0 axiom view'6_spec : forall self : slice t_T'0 . ([%#sslice34] Seq.length (view'6 self) - <= UInt64.to_uint (v_MAX'0 : UInt64.t)) + <= UInt64.t'int (v_MAX'0 : UInt64.t)) && ([%#sslice35] view'6 self = Slice64.id self) predicate invariant'1 (self : slice t_T'0) = @@ -320,10 +320,10 @@ module M_02_gnome__gnome_sort [#"02_gnome.rs" 22 0 24 29] use seq.Permut let rec swap'0 (self:borrowed (slice t_T'0)) (a:UInt64.t) (b:UInt64.t) (return' (ret:()))= {[@expl:swap 'self' type invariant] inv'2 self} - {[@expl:swap requires #0] [%#sslice23] UInt64.to_uint a < Seq.length (view'5 self)} - {[@expl:swap requires #1] [%#sslice24] UInt64.to_uint b < Seq.length (view'5 self)} + {[@expl:swap requires #0] [%#sslice23] UInt64.t'int a < Seq.length (view'5 self)} + {[@expl:swap requires #1] [%#sslice24] UInt64.t'int b < Seq.length (view'5 self)} any - [ return' (result:())-> {[%#sslice25] Permut.exchange (view'6 self.final) (view'5 self) (UInt64.to_uint a) (UInt64.to_uint b)} + [ return' (result:())-> {[%#sslice25] Permut.exchange (view'6 self.final) (view'5 self) (UInt64.t'int a) (UInt64.t'int b)} (! return' {result}) ] @@ -354,7 +354,7 @@ module M_02_gnome__gnome_sort [#"02_gnome.rs" 22 0 24 29] | bb2 = bb2 [ bb2 = {[@expl:mut invariant] (Snapshot.inner old_2_0).final = v.final} - {[@expl:loop invariant #0] [%#s02_gnome3] sorted_range'0 (deep_model'0 v) 0 (UInt64.to_uint i)} + {[@expl:loop invariant #0] [%#s02_gnome3] sorted_range'0 (deep_model'0 v) 0 (UInt64.t'int i)} {[@expl:loop invariant #1] [%#s02_gnome2] permutation_of'0 (view'0 v) (view'1 old_v)} (! s0) [ s0 = bb3 ] [ bb3 = s0 [ s0 = len'0 {v.current} (fun (_ret':UInt64.t) -> [ &_12 <- _ret' ] s1) | s1 = bb4 ] diff --git a/creusot/tests/should_succeed/vector/02_gnome/why3session.xml b/creusot/tests/should_succeed/vector/02_gnome/why3session.xml index d1f6be13ee..d6f2188bc6 100644 --- a/creusot/tests/should_succeed/vector/02_gnome/why3session.xml +++ b/creusot/tests/should_succeed/vector/02_gnome/why3session.xml @@ -9,100 +9,100 @@ - + - + - + - + - + - + - + - - + + - + - + - + - + - + - + - + - + - + - + - + - - + + - + - + - + - + - - + + - + - + - + - - + + - + - + - + diff --git a/creusot/tests/should_succeed/vector/02_gnome/why3shapes.gz b/creusot/tests/should_succeed/vector/02_gnome/why3shapes.gz index 759895f7d745c34670e1d11be208a9aa3b056219..3cae6770e99abfe176a762d9da9b6b0ab2b1abed 100644 GIT binary patch literal 2287 zcmVPQTGxQ&Ss&?1zHtnkWwB0qE^O_m%D>o&B>j6 zS0+waWG#^8pJ}(7llPMqQA=F;$2Pfr+8%fIxTU5RYAjZJ%%6aT3tN+;^(qi`Sshq4q4VYV@G+F9|rZTz)Gm%;CCrjrH zQTzv|09R?UdbHK7@7=a>>-}8Sl-`x`+#t0Ws4t&|`AV3kYBep$h;P4%=-io`)HpNj2Z4Ri0P-UvJacBkzv-w`q4+?I))&Hnl(?VC_-uuA3C z=3%6Acko5l{d`8Utv=5kVSBTC@t(E)Imf&7o5MO{`Wp;BJ?u`$Hr*W>+<#|59$kSc z?Aq;?_ilAaFDZFs@9;HK%YQD6i--Q4bfUAFy4zlssohqm8rx0?ry-JAc7(U%x(BFtjiro1eP>V@;|t@9!6 zihiaK;#bTJ>G~M_6KVR07Y5s#g@9RIz6Z&i9d~n&)tb9kBl&_;fm+wf+ z@*Qd3>+6QSQ@asqja;4>{V*71y`7`;diA~3C#x^N&m^+~eL7LhzLs2DrY<2r;eS5q zqpd-zke^cBE}!-UhgEVe#=`P9>||xf-IA!|#(i8KP;`lq+PM!HEPsBg*zF%S%Ug`N z?Q+-rHZI>qcR_PT=#x9LqmF08y=H6_(KVx&FKI^ZvF4ib&M_ygBdY19kpKN;Kdr>D zAsmhTdvqrZPCPDul0(O;PCSYTYOZRAoj($&RkwtwnQ94MGuaZXW}+o%%{ykOdB;42 zFs}5MqbTK_WZT&E-ati<+%Kql;Wi+sld+t{cG>MTtkKggQ};MJVIR<)6XJsqpWcK{ z;^(tx)%u~m28Bk(_Rj!E-#n@r35^+kDTiGa(I%_#`Ww|uHkH!gV4q#lXzyCF`qN@DKKNAQk+OqNns7M zlvpqpv;}2BS`Zev1!jR-01Lz#tF5xq3d=3BTd-uNvj!8WmYfL=6tw0lFbFz&hpif| zC~{Iu;q%lJ4TL)*2tp4IbRsGRPbu?QTNJp83QPGHS#VS+3Xw!jqRK>Rbd3&1I6;G8 zxB+FU{6ZtiFi(vF2+63Bqtu?^4>g7fWeik|S_YO8OO2)av+W3(fu-Q2OAtf^;esaF zX{V{gP>B`OmMP1mWx_I)V_$BQs$gOu!e`AuaOq{hpzzsbDH2b);$S(k%zSmrnI*=7 zn8-!Iy-FV-P{KM?O1WSm<>)EHlXg4=nkqp`Fmdx1#seeV7z{5(@wh4Y>rMiGp+XpGEBIi53~hSUD& ze}PisjUZs=V*(FBYY}8tDlF8bV_f_iHdm|SuqGK;8bO2lhI08~;K7Qit3 zv}d8e0T7KFS6FitRb1$VpHu=v!YC~R^P!SZj7wsLc~c+~nATnhfD}`yjM0fGV~7~0 zQkF_fTL|9*i!mVu?v2TiG!+`dB1FuWTqGJJRi)}nZYBE$Sez~~5}eNo?{9RDDUu{L zQi5_h_)2OkQAmC>MA2m~xK5rKr?`qkhgBM1wWh?Ep>Jp3d{=heW7+POoAuv2-F^3$ z3BSAHRat-7f8@ty`835Kc)wXJ*L!|k{A>2#shCgrhCh@&=Thz#x0_s6QwR`n{DOG7 z&gG}YYV%>4rlJkM=XU`wa>I<@-6RokKI2PVI6a@^^ziBSuBD!eKtb~Niy!VEcr_LG zeA8ZBxagqx`^7)YZZ{S0&qh?x{Qcq|+rs;@JKRXOZwKLHG7th?#1tm?Ge|9n@*HMuzfY|HLp zwLe?IvmE?xpmHA4cErItY=z0_dCsd{85RpBm+0HF+pHeT6h^f;uL2B<`C+}eEsN&U zmG$mnTXwH344%SX!SW^>v6_M+7aR9gY7e!E>67{&!_#VslReiwdeQOJN^wXP_`e;dYjtsXp8nc z*kIf5XzTVn+VTW)cs$km@FaTV*#(n-51@3)cXIp1`P%;r?XPh?f6;J0*N%IqLkoZA z-zsq>0_+gc%%Qx^{fe$;*KQ7{LXr0=Zc;bRgRsDv;?78A$gA1ya3% zL5bdgAP-T4eu5GwDYm5Y7T7W<0!f|M7}`bA_0j-502RaHsX4Prw9eETUoCoW{c+eh{2kC)4pa<|Eyz|x@uf6iplSdC;OwfVI z8Wh)z281*+RUs*Am#ZeC4#^{WgfB~9VsQei7N~3%I=iZqE6J#AYbljGR37DTL8#SL zjVd};mPK_^QAyR7RFY#AbBD&G{*53cY>ovuRTHh0$_n9x6DiiLZ7k3cdIC?vqw{FL zd@>0$ricZMP*rMHD0MN+kwGXn9T`vBlky}z(QgN&oLQh|sWet&N^-j7YO-QmonX^R z;mLWjUl+ET#1_DiU;&t{QCuZL<)mwhRdf=)gttI8!e&vFRw^c2Qv$0rvy8?`6hf6w z8ZWh%%1h}beJxm($SJ2S%Hl+ERI8;}C7?;MQdOOFO+eCqb>xz5B2c;*Sx7Mg>k2Z* z#1S))>J)e--U!?vX-wd95>X}%+M$XJ1{En+a_JO#g>Q(TBbF>}BH=Jrg%C@2y2fNg zELe|aSIR5-7WmOxU5$~FfVHs*q|jt7kz$mYY+ro+rWB+x0;xD_P0~UpO4%g`5VMM{ zHTO$k-kJqUES##k; zz@3I3|ILZ8kxHtXw30bPsLkCF$sww~kperblGDHieLK3OgRu==_2(O*j_IKkYZHmb%DWe8TYygte zNs=gBv!&CiVep%<%iPZHB>EeiAeKUsutliMB3Uguqr8#c(6=I3SV@slGeqPFnNzBj zZLK0#E=hLAc%#29M^GFIGe}pRMM?$@AxV>Tk|kEv8Rw1t<}?YVa9XD#ibN5e6IBCQ zbWvb78rlufg16!ua>Q(FB&SjsjV{?aaojByzd6(BNY@%2=mdb(>LRmA zZ5L@|n^phyW4)z60$CF+m9~4NMbyqxBGgGZZOItQ{kN2re;mG!MFG?pu>vO%MU6_8 z8l|)jwdVF^X8%}}QDL^6k_MJh7N=~?nJa5+uvV#>a-Hzjd278j-s-ROImE6c3(}%g zB3CN~8DO+YtI8JbQHBn_Ix=K!OeUmUL^LRs(Med7+J_j_3{6uG-w51*p(3?(NMLhi cooy7lVzSx^7O@G0#M|NjALgfg4XPsm0AG7RC;$Ke diff --git a/creusot/tests/should_succeed/vector/03_knuth_shuffle.coma b/creusot/tests/should_succeed/vector/03_knuth_shuffle.coma index 888451cdde..2a14521594 100644 --- a/creusot/tests/should_succeed/vector/03_knuth_shuffle.coma +++ b/creusot/tests/should_succeed/vector/03_knuth_shuffle.coma @@ -36,7 +36,7 @@ module M_03_knuth_shuffle__knuth_shuffle [#"03_knuth_shuffle.rs" 13 0 13 39] let%span srange34 = "../../../../creusot-contracts/src/std/iter/range.rs" 42 15 42 32 let%span srange35 = "../../../../creusot-contracts/src/std/iter/range.rs" 43 15 43 32 let%span srange36 = "../../../../creusot-contracts/src/std/iter/range.rs" 44 14 44 42 - let%span snum37 = "../../../../creusot-contracts/src/std/num.rs" 52 28 52 33 + let%span snum37 = "../../../../creusot-contracts/src/std/num.rs" 54 32 54 37 let%span srange38 = "../../../../creusot-contracts/src/std/iter/range.rs" 15 12 15 78 let%span sresolve39 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 let%span sslice40 = "../../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 @@ -85,7 +85,7 @@ module M_03_knuth_shuffle__knuth_shuffle [#"03_knuth_shuffle.rs" 13 0 13 39] function view'2 (self : t_Vec'0) : Seq.seq t_T'0 - axiom view'2_spec : forall self : t_Vec'0 . [%#svec25] Seq.length (view'2 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) + axiom view'2_spec : forall self : t_Vec'0 . [%#svec25] Seq.length (view'2 self) <= UInt64.t'int (v_MAX'0 : UInt64.t) use seq.Seq @@ -124,7 +124,7 @@ module M_03_knuth_shuffle__knuth_shuffle [#"03_knuth_shuffle.rs" 13 0 13 39] let rec len'0 (self:t_Vec'0) (return' (ret:UInt64.t))= {[@expl:len 'self' type invariant] inv'6 self} any - [ return' (result:UInt64.t)-> {[%#svec11] UInt64.to_uint result = Seq.length (view'3 self)} (! return' {result}) ] + [ return' (result:UInt64.t)-> {[%#svec11] UInt64.t'int result = Seq.length (view'3 self)} (! return' {result}) ] type t_Range'0 = @@ -177,7 +177,7 @@ module M_03_knuth_shuffle__knuth_shuffle [#"03_knuth_shuffle.rs" 13 0 13 39] use seq.Seq function deep_model'0 (self : UInt64.t) : int = - [%#snum37] UInt64.to_uint self + [%#snum37] UInt64.t'int self use seq.Seq @@ -250,11 +250,11 @@ module M_03_knuth_shuffle__knuth_shuffle [#"03_knuth_shuffle.rs" 13 0 13 39] | bad -> {forall field_0 : UInt64.t [C_Some'0 field_0 : t_Option'0] . C_Some'0 field_0 <> input} (! {false} any) ] - let rec rand_in_range'0 (l:UInt64.t) (u:UInt64.t) (return' (ret:UInt64.t))= {[@expl:rand_in_range requires] [%#s03_knuth_shuffle18] UInt64.to_uint l - <= UInt64.to_uint u} + let rec rand_in_range'0 (l:UInt64.t) (u:UInt64.t) (return' (ret:UInt64.t))= {[@expl:rand_in_range requires] [%#s03_knuth_shuffle18] UInt64.t'int l + <= UInt64.t'int u} any - [ return' (result:UInt64.t)-> {[%#s03_knuth_shuffle19] UInt64.to_uint l <= UInt64.to_uint result - /\ UInt64.to_uint result < UInt64.to_uint u} + [ return' (result:UInt64.t)-> {[%#s03_knuth_shuffle19] UInt64.t'int l <= UInt64.t'int result + /\ UInt64.t'int result < UInt64.t'int u} (! return' {result}) ] @@ -272,7 +272,7 @@ module M_03_knuth_shuffle__knuth_shuffle [#"03_knuth_shuffle.rs" 13 0 13 39] function view'6 (self : slice t_T'0) : Seq.seq t_T'0 axiom view'6_spec : forall self : slice t_T'0 . ([%#sslice40] Seq.length (view'6 self) - <= UInt64.to_uint (v_MAX'0 : UInt64.t)) + <= UInt64.t'int (v_MAX'0 : UInt64.t)) && ([%#sslice41] view'6 self = Slice64.id self) predicate invariant'1 (self : slice t_T'0) = @@ -303,10 +303,10 @@ module M_03_knuth_shuffle__knuth_shuffle [#"03_knuth_shuffle.rs" 13 0 13 39] use seq.Permut let rec swap'0 (self:borrowed (slice t_T'0)) (a:UInt64.t) (b:UInt64.t) (return' (ret:()))= {[@expl:swap 'self' type invariant] inv'4 self} - {[@expl:swap requires #0] [%#sslice22] UInt64.to_uint a < Seq.length (view'5 self)} - {[@expl:swap requires #1] [%#sslice23] UInt64.to_uint b < Seq.length (view'5 self)} + {[@expl:swap requires #0] [%#sslice22] UInt64.t'int a < Seq.length (view'5 self)} + {[@expl:swap requires #1] [%#sslice23] UInt64.t'int b < Seq.length (view'5 self)} any - [ return' (result:())-> {[%#sslice24] Permut.exchange (view'6 self.final) (view'5 self) (UInt64.to_uint a) (UInt64.to_uint b)} + [ return' (result:())-> {[%#sslice24] Permut.exchange (view'6 self.final) (view'5 self) (UInt64.t'int a) (UInt64.t'int b)} (! return' {result}) ] diff --git a/creusot/tests/should_succeed/vector/03_knuth_shuffle/why3session.xml b/creusot/tests/should_succeed/vector/03_knuth_shuffle/why3session.xml index 918991cb98..bf0482c27e 100644 --- a/creusot/tests/should_succeed/vector/03_knuth_shuffle/why3session.xml +++ b/creusot/tests/should_succeed/vector/03_knuth_shuffle/why3session.xml @@ -10,88 +10,88 @@ - + - + - + - + - + - + - + - + - + - + - + - + - - + + - + - + - + - + - - + + - + - + - + - + - + - + - + - + - + - + diff --git a/creusot/tests/should_succeed/vector/03_knuth_shuffle/why3shapes.gz b/creusot/tests/should_succeed/vector/03_knuth_shuffle/why3shapes.gz index 424887960b9d27f5a3601b5e9e5d5ac5edb8e6d6..de7befce984b910eaddd5d9d112335473fd54cf6 100644 GIT binary patch literal 2005 zcmV;`2P*g(V`78btbGdtnxeeG_@L z#n_TZlHEOjzfo6}WNF&%akmGI6_s@|;zVRzvi|;4wY~B8d0Rc^&33t7{i{;dPyd+t z_aFRiUS02Q{NplzzTh?UyNl&&=N}jUzWm<>o6r1m_2@TCzuH}>8h&dYFM!oBAEhZo z*1Ut*n$HJe3Sc#M0AAyK5T*c8iw>Y_F&~84u3KZZoDagx-*49GA?7VTDgW+Wt!rBY zyPB?>r%Q@(=Bn4yyz8WKNzD&51NeM*zx$npaTCl3LQq5RXCn=(x`y7lMjBR44ZTN= zH1!#4kR3*nG#{mz|InQaMPB)3qW_o2N7lYNe`Z8WcdE&Vo{!QL!)q`dMvycgrCCSB zKX!uh@nN&cjiDJas4lkowp>)Z-|urZDr+crY&LoOaJxI;iW3c8Ed6fri(g&m3wCk$ zYh?YV8SP&$mb<(;XJiB{?l<`vYBu?|hb65JW;*~JC|YlK=QQo{AADJ^{4MQU<&9tE z&;GGrd7Rxn><&3nR!o3x8qLajGX?E4ZG!Br9q-+}A&c$Hk}hs>!)&G#bQqxws1Z5RrPW4 z-}N0K>(PEAtZyIlk?{sRdPAqw!$(tNA;Rp~zd<2ykMMN3`EbZ%^k=`W9(Fg2?af0e zx4Fuz?L%7}Q_~%H|AjTn<6~Lo+q7VNkB&M695(7HoYV$<}8Nk@5q z;IBBZ;qs}Seoq%hJ`GM=@r!n94{zxd`H%|J^x5xfA(TaYmhvW-MbnY~pfE&le?MsC zurj2|*X)cFs?V{5?NiG8lOJt%%LKtL6;6aK!ZaaHoo)9j!chvG)U{89Ki1U6=9KG$ zdkyKKRSf=YKl}T0(LTPC@1XF^I6d-eZ1~VR zbUbW7eVTOinvczVK3zOQA+4GD^!f5RY-$u8mzp>I0-B#a7aEk8CxcY;Q}L;}m<(AY zW%9DWk`K~zwp~8G2MrUup?P&WTWZuj1Xb$^s>`RDcmj2GTq+Ibe4)^e2GCVVqopl} z8u73$YNYQbh~&)s(=WbW@W+-$RgJM1>^|EykD*sjTJ=bJ+Mv6|u`OQ?GhzTAO@<@* zRsX4jdVYC0fO-bgvDL)6{{TiYzLewg$vH^5Lg*UhRsY3=syB5yV2AMLp@;JcuN3jk7AoI4KR zq!O&6xD^D0Mv7dNjzVRH7=8AbWyO`_(sAK9K3}W0nj0mVRe_WVl-^6w%ts-T*WOp$ zIIdryID7APp_W$+)5U;cA;pM-*-*T+vQ>;P(;dB1I(ci2$kGP1luA)so`PgjduVmr z7prG77sePz<`Xi81~}5$8EJ$OCGiTuA^S5HycB{cGm1BL46apSf<}}!33-%RRA?M( zhsvRJNc+$s|Mn=61DQq4h0efw=8@7-?IhNXeX2t@|DdBy5SguP)bf(auKmWi~>`@oSAAGfn-itC(LWvq(USU zOs8bM<{$)QiJEB)nm*}Mt|U6iorKplOSw`+5Xhv*VyR%G7Fz1;nO3N{tt8>4lj7Aa zQ#mM473?800~uLnEHSU?qC+jthNf>zDIWrV_$5Uu}8IVGJEPT}|E;!Vi_R8@kbw%J6@CAAX( zjXpVks0pU9N`uqPDf=Tyai0=cj7Z-M6su^B zNzuw8BibxwsWdvxe>^W#A;v(TNiv4SeG@w!Brrp9i;1R}mQIT|p=Jzcipt8%LN!j; zC?V-Wpji=C1e>rK8CpB7elV{}TSz9GSos34_8L6=+GoNm^XZvcS-`XEX}(6G1V7$MTF zFfc7?ilRcRJvVfh(A)-^Y^vo5Z%&h@Y?gFYi;2Ejtcqx;j1#9J5Qr{)bi8g literal 1942 zcmV;H2Wj{piwFP!00000|IJrRj~mGizUx;skb{yn7ATVS4AzH%0iouQJtROQH=!OZ zTd<}zD`{l!zYkjdn3hJe$FpNQC$ZUIef)~WB3pm|rP_T6_q?kPyxpxf%|9z${qm1l z`0Z_2bMt=xAsklxX^yoB`^|FI?89OCubcnQ#bOp#%^_@8q1n%M4S%$ca}YHwMr#UD zHFgkJ<6wM_mtLGO0|dUi-~U+yjEi6~2!a~=eYV!%H8u2`Ypua+Yv^~> zTGKsK4XVSa8u}f!)-1g34o26Y!z$OHZ_dx``05LX1~r(Dn`$tN(VAkg2HRm|4R$eF zvrb7kbcPP;VY}rv&}_|3HQ({N%&YyM_gsx+t>#|NmUj>9{fSzdP;}W0`{lnw^PcBo ze)lnne$i~zv?P1pUW+mUmiJqJ2F;fLcvx+DH-zl~a6+`%?XNLC;@^g{YQj3KnufQb z;ZNbvdk(X^hyAI>!yG2SV}8psN$ZtcMtopUu~M@rp!f`UJ(wR z0iCefdb7DdJ)5iI;Z$!gD-ZcYB^M2FR z;Eq)9mjBt@@m$nn{MOj44}2E91&_N4ZwL4oYP^XsJKx_xh{q$moNgQrdCdOoWAm{8 zu-tukC}qtRH@k=9<(P)~4b&ro_#p}Ejk2^YR4e+D`(6ttDEV*UeJT!S1em!5* zKlbt3tIY3tTWt=!E$hvvCt>7QDcauIxso_rJKKgPFIUZS+ur?2xA^T8sLs~iT<26> zYH+&W<1Jnuhw<>XtQs7ScUlsUtB#Pc$~eos<+5zM%omDX_VM*NKGfhDj{j?M#<|ni z&B^kqXjf zWo)&Nm%E!&Z5Ms^P<;mPKzL=0o$YFDv~b+e`H=hl_em$MacrWCsq+j)qDH%zKHoe? zO--uPQe%6kq5XN(QiHp>n4}sn<)=nD8EynMs+;~}c(9(c?B?nB$1o{dnYWj#r6$`$ z$Q*Y<=H_W7UO?TRUyT-X{bJN)T0nOrT9&T*Ym%eoZpQ0ell%HjKBt^6moHg6v8n+xrE3b^h6E0A5>oHqNOe>x)CeD(h!NsTYn=)O2}YHZOp>D&G< z2bn(9<#e3F+lL;G6UgmJj>m0X8q_t(#brND^GB2P;AmY--~=%x!OI^(HDbSq@e`_^ z&6rI@qlv6gMd$!g0>~&JxhQ}`rJT3YgY-Zi&;xi7-g)bd*Is$)$)g7^W+l3q!IbD2 zvgWKT$m{~=ECdCSDli_j2lX5>XL89(MnEf-C?q%)&-%gNUjJ(sX+^HDOnvX%Mxvc+N1I)J<{`83nwe1h|y65m(fbWQYN;B9Fk@gj8=x-k(ge_Ed*#Nj*t^c zqhd*<42Z-oApqqgw|g;tP*NpE5ei!y(WD?LTIUpM5tP7+z?1kZ5o}H=$LMU)mJ(+b zvPsHdDZ&zGSCRE(JZVqLlk`NM@SB4eGR7!E5HbfcNESs;tj)^$qKW?=;uAzAB6kyq#yylz-XHeyLR1sk&_3Q607EVOi_ zl?;{AUMa8St4AipluWVKCYRU-E7*WjBG}BJq-*=OvR;|*5nNjBoTjLf5!Q$-l13p( zg5^XabEVO1@LGI72@Xt%25kw_flvWMR!JKjF%-w?IJdO+T6rzKrthl7s+eR}6jKBh zIAR8J45GvmneDOowDsEjFhx!oDAL+eTn>cUxhxYXiCKh_q^JydBfNG$R20e79+NC8 z1}G_tVmS*{EMefll_78N$LnGiDQ2Zp0-F#}+RQqYER1w*6RV8!M*b9OQi&XlL2h$r zWkf|}k`dfq_nfdD8OC^{f3Pm4*w|ELFp!IFKPu2>p{a9WZohp9y|F(BUWD}AL zkWw~D$H2Kbse~~{jquZDhLWQut!)8`;7rz16&oFCp3^ojxh2fQH+;*1>t0MgRP2mk;8 diff --git a/creusot/tests/should_succeed/vector/04_binary_search.coma b/creusot/tests/should_succeed/vector/04_binary_search.coma index f2bd40bda9..8cd26c1813 100644 --- a/creusot/tests/should_succeed/vector/04_binary_search.coma +++ b/creusot/tests/should_succeed/vector/04_binary_search.coma @@ -92,14 +92,14 @@ module M_04_binary_search__binary_search [#"04_binary_search.rs" 26 0 26 71] function view'1 (self : t_Vec'0) : Seq.seq UInt32.t - axiom view'1_spec : forall self : t_Vec'0 . [%#svec21] Seq.length (view'1 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) + axiom view'1_spec : forall self : t_Vec'0 . [%#svec21] Seq.length (view'1 self) <= UInt64.t'int (v_MAX'0 : UInt64.t) function view'0 (self : t_Vec'0) : Seq.seq UInt32.t = [%#smodel16] view'1 self let rec len'0 (self:t_Vec'0) (return' (ret:UInt64.t))= {[@expl:len 'self' type invariant] inv'0 self} any - [ return' (result:UInt64.t)-> {[%#svec15] UInt64.to_uint result = Seq.length (view'0 self)} (! return' {result}) ] + [ return' (result:UInt64.t)-> {[%#svec15] UInt64.t'int result = Seq.length (view'0 self)} (! return' {result}) ] type t_Result'0 = @@ -225,14 +225,14 @@ module M_04_binary_search__binary_search [#"04_binary_search.rs" 26 0 26 71] axiom inv_axiom'1 [@rewrite] : forall x : UInt64.t [inv'1 x] . inv'1 x = true predicate in_bounds'0 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq UInt32.t) = - [%#sslice48] UInt64.to_uint self < Seq.length seq + [%#sslice48] UInt64.t'int self < Seq.length seq predicate inv'2 (_1 : UInt32.t) axiom inv_axiom'2 [@rewrite] : forall x : UInt32.t [inv'2 x] . inv'2 x = true predicate has_value'0 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq UInt32.t) (out : UInt32.t) = - [%#sslice49] Seq.get seq (UInt64.to_uint self) = out + [%#sslice49] Seq.get seq (UInt64.t'int self) = out let rec index'0 (self:t_Vec'0) (index:UInt64.t) (return' (ret:UInt32.t))= {[@expl:index 'self' type invariant] inv'0 self} {[@expl:index 'index' type invariant] inv'1 index} @@ -255,7 +255,7 @@ module M_04_binary_search__binary_search [#"04_binary_search.rs" 26 0 26 71] meta "compute_max_steps" 1000000 let rec binary_search'0 (arr:t_Vec'0) (elem:UInt32.t) (return' (ret:t_Result'0))= {[@expl:binary_search requires #0] [%#s04_binary_search10] Seq.length (view'0 arr) - <= UInt64.to_uint (v_MAX'0 : UInt64.t)} + <= UInt64.t'int (v_MAX'0 : UInt64.t)} {[@expl:binary_search requires #1] [%#s04_binary_search11] sorted'0 (view'0 arr)} (! bb0 [ bb0 = s0 [ s0 = len'0 {arr} (fun (_ret':UInt64.t) -> [ &_10 <- _ret' ] s1) | s1 = bb1 ] @@ -267,14 +267,13 @@ module M_04_binary_search__binary_search [#"04_binary_search.rs" 26 0 26 71] | bb3 = s0 [ s0 = len'0 {arr} (fun (_ret':UInt64.t) -> [ &size <- _ret' ] s1) | s1 = bb4 ] | bb4 = s0 [ s0 = [ &base <- [%#s04_binary_search2] (0 : UInt64.t) ] s1 | s1 = bb5 ] | bb5 = bb5 - [ bb5 = {[@expl:loop invariant #0] [%#s04_binary_search5] 0 < UInt64.to_uint size - /\ UInt64.to_uint size + UInt64.to_uint base <= Seq.length (view'0 arr)} + [ bb5 = {[@expl:loop invariant #0] [%#s04_binary_search5] 0 < UInt64.t'int size + /\ UInt64.t'int size + UInt64.t'int base <= Seq.length (view'0 arr)} {[@expl:loop invariant #1] [%#s04_binary_search4] forall i : UInt64.t . UInt64.ult i base - -> UInt32.ule (index_logic'0 arr (UInt64.to_uint i)) elem} - {[@expl:loop invariant #2] [%#s04_binary_search3] forall i : UInt64.t . UInt64.to_uint base - + UInt64.to_uint size - < UInt64.to_uint i - /\ UInt64.to_uint i < Seq.length (view'0 arr) -> UInt32.ult elem (index_logic'0 arr (UInt64.to_uint i))} + -> UInt32.ule (index_logic'0 arr (UInt64.t'int i)) elem} + {[@expl:loop invariant #2] [%#s04_binary_search3] forall i : UInt64.t . UInt64.t'int base + UInt64.t'int size + < UInt64.t'int i + /\ UInt64.t'int i < Seq.length (view'0 arr) -> UInt32.ult elem (index_logic'0 arr (UInt64.t'int i))} (! s0) [ s0 = bb6 ] [ bb6 = s0 [ s0 = UInt64.gt {size} {[%#s04_binary_search6] (1 : UInt64.t)} (fun (_ret':bool) -> [ &_21 <- _ret' ] s1) @@ -348,12 +347,12 @@ module M_04_binary_search__binary_search [#"04_binary_search.rs" 26 0 26 71] | & _51 : UInt64.t = any_l () ] [ return' (result:t_Result'0)-> {[@expl:binary_search ensures #0] [%#s04_binary_search12] forall x : UInt64.t . result - = C_Ok'0 x -> index_logic'0 arr (UInt64.to_uint x) = elem} + = C_Ok'0 x -> index_logic'0 arr (UInt64.t'int x) = elem} {[@expl:binary_search ensures #1] [%#s04_binary_search13] forall x : UInt64.t . result = C_Err'0 x - -> (forall i : UInt64.t . UInt64.ult i x -> UInt32.ule (index_logic'0 arr (UInt64.to_uint i)) elem)} + -> (forall i : UInt64.t . UInt64.ult i x -> UInt32.ule (index_logic'0 arr (UInt64.t'int i)) elem)} {[@expl:binary_search ensures #2] [%#s04_binary_search14] forall x : UInt64.t . result = C_Err'0 x - -> (forall i : UInt64.t . UInt64.ult x i /\ UInt64.to_uint i < Seq.length (view'0 arr) - -> UInt32.ult elem (index_logic'0 arr (UInt64.to_uint i)))} + -> (forall i : UInt64.t . UInt64.ult x i /\ UInt64.t'int i < Seq.length (view'0 arr) + -> UInt32.ult elem (index_logic'0 arr (UInt64.t'int i)))} (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/vector/04_binary_search/why3session.xml b/creusot/tests/should_succeed/vector/04_binary_search/why3session.xml index 0eccad0852..e62c9e0090 100644 --- a/creusot/tests/should_succeed/vector/04_binary_search/why3session.xml +++ b/creusot/tests/should_succeed/vector/04_binary_search/why3session.xml @@ -2,12 +2,105 @@ - + - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/creusot/tests/should_succeed/vector/04_binary_search/why3shapes.gz b/creusot/tests/should_succeed/vector/04_binary_search/why3shapes.gz index 03abd5bcba7bc865195c63d8ff33f55c3b9c384b..c91afffbe5687d0b9dbff4aab01d30033b9b2449 100644 GIT binary patch literal 2365 zcmV-D3BvXtiwFP!00000|IJugZzH)8e(zt=KpvcI5P&S+!FT~BSce9ZnU|oEH-T4= z1;~~y$uqnA>r?DYtyatS%zEtwJRWwjj*nHvs-pk=L%F+g_i0ytN!#6ObNBaBmOuQZ z*gv?{-Iohek*j`DxDS_Zo$fyGZ`_wv`g%bt>h>3_yS@9e{LkWl7v!pNmoD7iFV~yT zC;=67|6Km`@aWbTnJ+WI7S2fIo*bO?O#E`54xNd;Gj_$yde4V_s2FIiSppsijSIs*36{ z-+JHDP86C7$i(;c-qaH5{Aeh^74sIjK4lb^qNyregShYLB`rx89|xVVJXwC;#h& ztN9A#lzZVmAo+;7SZ_A>hqIP{LPs?SR-suX^iWJc=a8+!kzZFXt<&v^JbhBC;?Rg) zw|T)Kt1~{x9?x3OV?BWhN1ofQeofudyIp$PbD8!(XT+hN7FgHM_@KFlw{Mct>yV2$%eZWl47rddipMBZ}n8{eyXJvpH^2aG5uD+~t z=Pdm%<*#YGX*hcIfqeRy6}h~#8{L;j6l(#2%gY(y&^Q~Mi!qb_fn`&6r|-YUT5jFX z%SV)3x?Q{bsdZYbxR;yS-hbUJ?>Ar5cG-q^yV~E}ru{0E8=MI0_2%mcbVkxB8f$pY zM9~EOT#0E4+^phWuK90HaOpRXcX5|9WDeKpqO_W}>EUsOp=*so7e!vU8}!&0w|-2| zt2zkvxkh`^@SQXLkT#;rCd|NrbDrbUE!lu-(R`AgrTGNYK+EgfRh)&|@`*k}^XH9Q z*QYFP>0L}fe0mXxbB2EhP+dRBUAMg(S@4tl@p9(EG<&0L-97q)jQiVpiE%+Zl4)uA z$WIr>u~2bRF~6nW7N=)FIHs6!TygB%;)yU6PlT^Hj`SoMizg2I9lq;3ZQd>Bu0faR z&omo;)NFVb8~4;k&3R<2@z~K=_NzO${bh-c*@l}k-R&N6yKC%wiVj$vV}ZlOvZOQf z$0#ZD{?KxoY(+}DJk!1E~N`OGQ6w=={iGx|Kfmn zhF`#8j1-es19B~fqoC$Mk>zS}>X(r^)|hXcBG@2zb$t|zhBib3zlJz0hK!&?5_J17 zN{F$pNjfx6p)Yd^A324eaY}Zz;Lo^2jNE~1b=9G0F4uJn!ywPY0o?WBR^#4bIp(?Q zBHXFD94R54lFKKQkY35Cie=9YCq$X+{>g0ch@;AQ#JA{Q+iKDM&5J_=N4L-xdCmKE z^Ctr?b46YZr5g#O!u@Py)F?7)CNe`WYck=YH_!<@6D>W8md?>yjGFa951%#Mw|nGU z^u4XZf;MISsd0+P4Qw$)2??VfcaTT&Z1xrD_I{6*A^#z=C^%0LybLb5#6>N&P@dJo z87dX1P?wY%OR2U%EfAYOw57^YX{oT3Tgog2zJ6Aj4NhJPAoH)Y0H#l^40BYO${#sxuR%E$Au;Wg_H_m#$lG9%b&#Q! z#$c}`%o$ENc+C^l7$XRx6wC^+g1!wLOovD#1L2J@&eSdn4@^_41T|ceQZ!dk@Ha!m zoEF>zM5EAG(J@Lm)&#BVP)8MXDU=oRjX@b6bs|JWEKH0AnjCn}0tcB?NGX;AGf2NZ zE-I-)iYrk_z9U9Xpf(@?=N1CO1fZcNQ4pqy!agCp3a!bzBTZP+Yv!3&hGDEFB%?%d zj1Yq*&Ww;MW0lTem9h$d3#+(Q%qp;oT18%Z0%@$&uY3p>n36b7;A^QSGz4WpD$cPD zV{;_#>>)H99YWLhJOooo(GZP^o+ZHh7bUQW9j^8eF|UW-s_`i7-7|+1$qd0-8mJzz zp_g(l3|BQtNGP@JWL6xuA4QCum*oKYv6Dh(72)25Ub5^MB%XodAztu8v>M2tf(mg zJ_roe0&pJ3`NGJz03uTm42UEq2^<4mognu`mmhZ6DDzBV-UtiVc$+k6Du}9sCIsJp z%y3Kz+I3zsuOISt-Kd^vOHK}Z~`olCU|8n0U(&nU`LV&2iGMycdn&1k@vJSNz1q3??o2U~A=2sH&DEHXtj*W7^1W3bXNihtIY)x9@lmGClqC4*-? jB%`$tc*ASYKtrwZJwvm$tS;+&OJx5C6~q2%*d_n~O6ibn literal 413 zcmV;O0b>3iiwFP!00000|D9A#Ps1<_z4ur2Rv4E!{YDfi2cq@>Clqn3Oq*?$M#t8! zz`sWuNt&_pd9&i@=l5(YXEV23;6 z#G#Qd9tgmGT{dlxLwU;{Ji>Jy2+DP!->C4p4jjy|X>0jfuGWjD@`wl&l}JTcU?za# z{dOlAUa16#P)A>tLRc8Mfbd8x5dpK3Rt;x+V?R+xqYS%AG&1r6GmHPi7*at6oMF?J zkLz7qcT@R;Z~q^@V_Q=Ejqh|s{mynWZ96f9T#4qm>SST51{g~>qcN_QtMF#g&HPWR zp~M;+B~z<8IRw*9Q1YuSQJCD4c^2sh&BaNBbV5)?42)S9eFD8 {[%#svec17] UInt64.to_uint result = Seq.length (view'0 self)} (! return' {result}) ] + [ return' (result:UInt64.t)-> {[%#svec17] UInt64.t'int result = Seq.length (view'0 self)} (! return' {result}) ] predicate resolve'0 (_1 : t_T'0) @@ -287,7 +287,7 @@ module M_05_binary_search_generic__binary_search [#"05_binary_search_generic.rs" axiom inv_axiom'1 [@rewrite] : forall x : UInt64.t [inv'2 x] . inv'2 x = true predicate in_bounds'0 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq t_T'0) = - [%#sslice54] UInt64.to_uint self < Seq.length seq + [%#sslice54] UInt64.t'int self < Seq.length seq predicate invariant'1 (self : t_T'0) = [%#sinvariant59] inv'0 self @@ -297,7 +297,7 @@ module M_05_binary_search_generic__binary_search [#"05_binary_search_generic.rs" axiom inv_axiom'2 [@rewrite] : forall x : t_T'0 [inv'3 x] . inv'3 x = invariant'1 x predicate has_value'0 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq t_T'0) (out : t_T'0) = - [%#sslice55] Seq.get seq (UInt64.to_uint self) = out + [%#sslice55] Seq.get seq (UInt64.t'int self) = out let rec index'0 (self:t_Vec'0) (index:UInt64.t) (return' (ret:t_T'0))= {[@expl:index 'self' type invariant] inv'1 self} {[@expl:index 'index' type invariant] inv'2 index} @@ -337,7 +337,7 @@ module M_05_binary_search_generic__binary_search [#"05_binary_search_generic.rs" let rec binary_search'0 (arr:t_Vec'0) (elem:t_T'0) (return' (ret:t_Result'0))= {[@expl:binary_search 'arr' type invariant] [%#s05_binary_search_generic10] inv'1 arr} {[@expl:binary_search 'elem' type invariant] [%#s05_binary_search_generic11] inv'0 elem} {[@expl:binary_search requires #0] [%#s05_binary_search_generic12] Seq.length (view'0 arr) - <= UInt64.to_uint (v_MAX'0 : UInt64.t)} + <= UInt64.t'int (v_MAX'0 : UInt64.t)} {[@expl:binary_search requires #1] [%#s05_binary_search_generic13] sorted'0 (deep_model'1 arr)} (! bb0 [ bb0 = bb1 @@ -359,15 +359,15 @@ module M_05_binary_search_generic__binary_search [#"05_binary_search_generic.rs" | bb8 = bb9 | bb9 = bb10 | bb10 = bb10 - [ bb10 = {[@expl:loop invariant #0] [%#s05_binary_search_generic5] 0 < UInt64.to_uint size - /\ UInt64.to_uint size + UInt64.to_uint base <= Seq.length (view'0 arr)} + [ bb10 = {[@expl:loop invariant #0] [%#s05_binary_search_generic5] 0 < UInt64.t'int size + /\ UInt64.t'int size + UInt64.t'int base <= Seq.length (view'0 arr)} {[@expl:loop invariant #1] [%#s05_binary_search_generic4] forall i : UInt64.t . UInt64.ult i base - -> le_log'0 (Seq.get (deep_model'1 arr) (UInt64.to_uint i)) (deep_model'0 elem)} - {[@expl:loop invariant #2] [%#s05_binary_search_generic3] forall i : UInt64.t . UInt64.to_uint base - + UInt64.to_uint size - <= UInt64.to_uint i - /\ UInt64.to_uint i < Seq.length (view'0 arr) - -> lt_log'0 (deep_model'0 elem) (Seq.get (deep_model'1 arr) (UInt64.to_uint i))} + -> le_log'0 (Seq.get (deep_model'1 arr) (UInt64.t'int i)) (deep_model'0 elem)} + {[@expl:loop invariant #2] [%#s05_binary_search_generic3] forall i : UInt64.t . UInt64.t'int base + + UInt64.t'int size + <= UInt64.t'int i + /\ UInt64.t'int i < Seq.length (view'0 arr) + -> lt_log'0 (deep_model'0 elem) (Seq.get (deep_model'1 arr) (UInt64.t'int i))} (! s0) [ s0 = bb11 ] [ bb11 = s0 [ s0 = UInt64.gt {size} {[%#s05_binary_search_generic6] (1 : UInt64.t)} @@ -450,13 +450,13 @@ module M_05_binary_search_generic__binary_search [#"05_binary_search_generic.rs" | & _50 : UInt64.t = any_l () ] [ return' (result:t_Result'0)-> {[@expl:binary_search ensures #0] [%#s05_binary_search_generic14] forall x : UInt64.t . result - = C_Ok'0 x -> Seq.get (deep_model'1 arr) (UInt64.to_uint x) = deep_model'0 elem} + = C_Ok'0 x -> Seq.get (deep_model'1 arr) (UInt64.t'int x) = deep_model'0 elem} {[@expl:binary_search ensures #1] [%#s05_binary_search_generic15] forall x : UInt64.t . result = C_Err'0 x -> (forall i : UInt64.t . UInt64.ult i x - -> le_log'0 (Seq.get (deep_model'1 arr) (UInt64.to_uint i)) (deep_model'0 elem))} + -> le_log'0 (Seq.get (deep_model'1 arr) (UInt64.t'int i)) (deep_model'0 elem))} {[@expl:binary_search ensures #2] [%#s05_binary_search_generic16] forall x : UInt64.t . result = C_Err'0 x - -> (forall i : UInt64.t . UInt64.ule x i /\ UInt64.to_uint i < Seq.length (view'0 arr) - -> lt_log'0 (deep_model'0 elem) (Seq.get (deep_model'1 arr) (UInt64.to_uint i)))} + -> (forall i : UInt64.t . UInt64.ule x i /\ UInt64.t'int i < Seq.length (view'0 arr) + -> lt_log'0 (deep_model'0 elem) (Seq.get (deep_model'1 arr) (UInt64.t'int i)))} (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/vector/05_binary_search_generic/why3session.xml b/creusot/tests/should_succeed/vector/05_binary_search_generic/why3session.xml index 1a7519c24c..22aa1961dc 100644 --- a/creusot/tests/should_succeed/vector/05_binary_search_generic/why3session.xml +++ b/creusot/tests/should_succeed/vector/05_binary_search_generic/why3session.xml @@ -2,12 +2,123 @@ - + - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/creusot/tests/should_succeed/vector/05_binary_search_generic/why3shapes.gz b/creusot/tests/should_succeed/vector/05_binary_search_generic/why3shapes.gz index bb9850e475cd8ae396d5f23bee2dace42e695fe3..fb2a1ddf4bca79e1df3fd35dbcad96ec956b8b84 100644 GIT binary patch literal 2631 zcmV-N3b^$jiwFP!00000|J7JoZyU)Ge&??kAP-7*5umH@4(tV(AWR!b?3ZAWH=<9A z042&KC9n6_Z}kj^oEZ&eTaZ@_KuCR5Rex30b@crCr)qcY?$WM$NZZ|NbNjbSRzLk^ z=H9$@>va2Zf9)Pt>GKuT#O<$Ew|n=n{LlP+UAf!+6|dn_nO?~n7Tusv zz-rnOh?*|CL7#xutR>(zTXcgy0jYUQ05xB9gPD8lKBm2kDcvn^HZiSHkf>#Ufgo{A zzb@CCkE?)UaQmHmgET|+#2i%)q?U`h8>=q5`S6@YIX>Ln711bI)!O}I`Oi=H4iEk0 z-j;5e*a?Y=14=JYoiklcT7$suF z!X{T~vmwSJB>v9$6?aw5^w4bgANTF@(8Nem%CIQffVgqDciI|Wgj2XP;8bxl6DrFTiPzQp)fnnpV|Yr zaO+(fA55oCMx}oqQ8lwb9#dn23}i?=TW>aZCta&Qp^b_Ht3YPG2pi{U=-GBP%+}#rcbm^?yKHa8cD290N&8i( zHrU|h_2zRAbV1Sx>Pz_A5woV9I+yI4R6HrT<7@s+F)sb){xEr$>jaXYF3ejeNjm2mp$uAl0q|KWtIkrIkSUKVx zE*AL>8+Ho?ZyDdL;w1i-PIT9{Ot0NKKPG7_!@SpweIt^F@575Kbxx62RPsaz~@@DNAgwKz;29D|Fu>Vb|rY~!hXuj9%-3PT}X~N}s z`_bk&V!e^z@A~<>AUPVi+3d&`^L|Yj(9I8DlLVc2Uzru+t_5o=3%aEQ+hJTjhY2X9 zXnrhNxX>$D&%85|jP8si6L;oR{u`@bb*CRVX6fc`kNK;7;GfNmca$)1B8G!P?@9t1 zm=g@N^qQ&)D7QeFrNZK<45+1GDY0NIXbZ}Mv>+@X9YazJV1Za;wN+MHVYx*n3zp18 zVuDcyhIpQ$=Td{wB++0gT;SWF*wbqV# zWjH7r0@X|!ZU}hklOhBv!L49cP%FR+V!5$gTdpks@zA)|F(^h&Vw5UPefEGs8@vyW zuojwlEp)*+Krf0MOwL3^>LZsXYDc5t9AYK370L?vS^%9&j0KruCQeGcX)4PUf^){` zXf&&2lK_NyMU0UqO)wpqn6spUi-dm8o)F9$BxO}eY9+inObryM!wV=>W{hYrnUX>g z9P>bQtR%ORT>?@8GG!A;NIPCUq0+3alcR0M=uOGb#nAAts$O zlQf4+d}i5Y4x*G@#jK(if|pRtNT39zQDL5Ek~_=|^WjAHJH z%teVEq|hRo93umAULieDNUIA`NDu)EvJ){Iz_!-}B`}8v3|>@AvQx8Vh}GtzZkJCc z_?UT+%gqQlo>v;h|y#0|0j2h0^*OJCFZ=w=YZFW`N$%{&Mq0}zNXft-n5v# zU<&(F$*_@$jwPj(PC#gIQIpEha+-l32O&YCjzEkQ6R8YYB&@3)TJwl1% z%m}>DECz#4pfP5uIfh#iSR|sz3&0yE6yYfS0uW~> pC8ja&v764$=m^>yd@JXyli@D)t_Plis$B~3-vO1|A*Spv004Aq0A&CG literal 623 zcmV-#0+9V5iwFP!00000|D9D$kDD+Mz4I$_qupLSWAjxdmC&lxk=mYCqu$Uoad(ke z@&QTPe_ufY*buF{dmH<`=QlGR!@Ijh{lt4yFV5yz7rW}?B3#_P_jtMD(o~Pl6Q2w7 z+XoWd?DC>&_?&-BfA}KvxTwy2EVycXMQ~`Ben^n@flZKv7eYXo^?^-5k{5y^ne~B9 z5Tq^yAeHrj$18p`4R4Lv=g+&XDSf1XLVH7SQEkniyxct&8(*~WnwJz#>I+g{t~P?g zEahqKLBDo=vetg{yl;>81w|C|eg64y;?frfUbPz&3J6O0KL2X!+81jFN(cns=UnM=`Y}{1?5a4j~R4WMrf^Z^HH+N+RgwrD;f@rL6ipB(qo!p_lm&QRKjwh3O z-yIzaLKw2{M8<(GB3FZi($SQS1Kl)Iguyhy(m3cv*Ib4S3BzoN>^TI&=)#eNQ8q-L zm5DQcgvoS9fiS*4Cz4_3yym5~V~?L8jN929U^x=6vwC%X$t9ZQGNG&|D?FTK7eDbwrs z8{;*vNGi^_tWDa+qK`ifRpL {inv'7 result} - {[%#svec15] Seq.length (view'0 result) = UInt64.to_uint n} - {[%#svec16] forall i : int . 0 <= i /\ i < UInt64.to_uint n -> index_logic'1 result i = elem} + {[%#svec15] Seq.length (view'0 result) = UInt64.t'int n} + {[%#svec16] forall i : int . 0 <= i /\ i < UInt64.t'int n -> index_logic'1 result i = elem} (! return' {result}) ] @@ -224,7 +224,7 @@ module M_06_knights_tour__qyi4580598960913230815__new [#"06_knights_tour.rs" 40 predicate postcondition_once'0 (self : closure3'1) (args : (UInt64.t, Snapshot.snap_ty (Seq.seq UInt64.t))) (result : t_Vec'1) = - [%#s06_knights_tour5] let (_2, _3) = args in Seq.length (view'0 result) = UInt64.to_uint self.field_0'0 + [%#s06_knights_tour5] let (_2, _3) = args in Seq.length (view'0 result) = UInt64.t'int self.field_0'0 predicate resolve'4 (_1 : closure3'1) = true @@ -235,7 +235,7 @@ module M_06_knights_tour__qyi4580598960913230815__new [#"06_knights_tour.rs" 40 predicate postcondition_mut'0 (self : closure3'1) (args : (UInt64.t, Snapshot.snap_ty (Seq.seq UInt64.t))) (result_state : closure3'1) (result : t_Vec'1) = - (let (_2, _3) = args in Seq.length (view'0 result) = UInt64.to_uint result_state.field_0'0) + (let (_2, _3) = args in Seq.length (view'0 result) = UInt64.t'int result_state.field_0'0) /\ unnest'0 self result_state function fn_mut_once'0 (self : closure3'1) (args : (UInt64.t, Snapshot.snap_ty (Seq.seq UInt64.t))) (res : t_Vec'1) : () @@ -271,7 +271,7 @@ module M_06_knights_tour__qyi4580598960913230815__new [#"06_knights_tour.rs" 40 | bb3 = return' {_0} ] ) [ & _0 : t_Vec'1 = any_l () | & _1 : borrowed closure3'1 = _1 | & res : t_Vec'1 = any_l () ] [ return' (result:t_Vec'1)-> {[@expl:closure ensures] [%#s06_knights_tour5] Seq.length (view'0 result) - = UInt64.to_uint (_1.final).field_0'0} + = UInt64.t'int (_1.final).field_0'0} {[@expl:closure unnest] unnest'0 _1.current _1.final} (! return' {result}) ] @@ -285,7 +285,7 @@ module M_06_knights_tour__qyi4580598960913230815__new [#"06_knights_tour.rs" 40 use seq.Seq function deep_model'0 (self : UInt64.t) : int = - [%#snum41] UInt64.to_uint self + [%#snum41] UInt64.t'int self predicate produces'0 (self : t_Range'0) (visited : Seq.seq UInt64.t) (o : t_Range'0) = [%#srange26] self.t_Range__end'0 = o.t_Range__end'0 @@ -505,7 +505,7 @@ module M_06_knights_tour__qyi4580598960913230815__new [#"06_knights_tour.rs" 40 function view'1 (self : t_Vec'0) : Seq.seq (t_Vec'1) - axiom view'1_spec : forall self : t_Vec'0 . [%#svec17] Seq.length (view'1 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) + axiom view'1_spec : forall self : t_Vec'0 . [%#svec17] Seq.length (view'1 self) <= UInt64.t'int (v_MAX'0 : UInt64.t) predicate from_iter_post'0 (prod : Seq.seq (t_Vec'1)) (res : t_Vec'0) = [%#svec31] prod = view'1 res @@ -527,14 +527,14 @@ module M_06_knights_tour__qyi4580598960913230815__new [#"06_knights_tour.rs" 40 [%#sops32] Seq.get (view'1 self) ix predicate wf'0 [#"06_knights_tour.rs" 30 4 30 23] (self : t_Board'0) = - [%#s06_knights_tour14] UInt64.to_uint self.t_Board__size'0 <= 1000 - /\ Seq.length (view'1 self.t_Board__field'0) = UInt64.to_uint self.t_Board__size'0 - /\ (forall i : int . 0 <= i /\ i < UInt64.to_uint self.t_Board__size'0 - -> Seq.length (view'0 (index_logic'0 self.t_Board__field'0 i)) = UInt64.to_uint self.t_Board__size'0) + [%#s06_knights_tour14] UInt64.t'int self.t_Board__size'0 <= 1000 + /\ Seq.length (view'1 self.t_Board__field'0) = UInt64.t'int self.t_Board__size'0 + /\ (forall i : int . 0 <= i /\ i < UInt64.t'int self.t_Board__size'0 + -> Seq.length (view'0 (index_logic'0 self.t_Board__field'0 i)) = UInt64.t'int self.t_Board__size'0) meta "compute_max_steps" 1000000 - let rec new'0 (size:UInt64.t) (return' (ret:t_Board'0))= {[@expl:new requires] [%#s06_knights_tour1] UInt64.to_uint size + let rec new'0 (size:UInt64.t) (return' (ret:t_Board'0))= {[@expl:new requires] [%#s06_knights_tour1] UInt64.t'int size <= 1000} (! bb0 [ bb0 = s0 @@ -638,13 +638,13 @@ module M_06_knights_tour__qyi4580598960913230815__available [#"06_knights_tour.r function view'2 (self : t_Vec'1) : Seq.seq (t_Vec'0) - axiom view'2_spec : forall self : t_Vec'1 . [%#svec13] Seq.length (view'2 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) + axiom view'2_spec : forall self : t_Vec'1 . [%#svec13] Seq.length (view'2 self) <= UInt64.t'int (v_MAX'0 : UInt64.t) function view'0 (self : t_Vec'1) : Seq.seq (t_Vec'0) = [%#smodel10] view'2 self predicate in_bounds'1 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq (t_Vec'0)) = - [%#sslice11] UInt64.to_uint self < Seq.length seq + [%#sslice11] UInt64.t'int self < Seq.length seq predicate inv'2 (_1 : t_Vec'0) @@ -653,7 +653,7 @@ module M_06_knights_tour__qyi4580598960913230815__available [#"06_knights_tour.r use seq.Seq predicate has_value'0 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq (t_Vec'0)) (out : t_Vec'0) = - [%#sslice12] Seq.get seq (UInt64.to_uint self) = out + [%#sslice12] Seq.get seq (UInt64.t'int self) = out let rec index'0 (self:t_Vec'1) (index:UInt64.t) (return' (ret:t_Vec'0))= {[@expl:index 'self' type invariant] inv'0 self} {[@expl:index 'index' type invariant] inv'1 index} @@ -670,13 +670,13 @@ module M_06_knights_tour__qyi4580598960913230815__available [#"06_knights_tour.r function view'3 (self : t_Vec'0) : Seq.seq UInt64.t - axiom view'3_spec : forall self : t_Vec'0 . [%#svec13] Seq.length (view'3 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) + axiom view'3_spec : forall self : t_Vec'0 . [%#svec13] Seq.length (view'3 self) <= UInt64.t'int (v_MAX'0 : UInt64.t) function view'1 (self : t_Vec'0) : Seq.seq UInt64.t = [%#smodel10] view'3 self predicate in_bounds'2 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq UInt64.t) = - [%#sslice11] UInt64.to_uint self < Seq.length seq + [%#sslice11] UInt64.t'int self < Seq.length seq predicate inv'3 (_1 : UInt64.t) @@ -685,7 +685,7 @@ module M_06_knights_tour__qyi4580598960913230815__available [#"06_knights_tour.r use seq.Seq predicate has_value'1 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq UInt64.t) (out : UInt64.t) = - [%#sslice12] Seq.get seq (UInt64.to_uint self) = out + [%#sslice12] Seq.get seq (UInt64.t'int self) = out let rec index'1 (self:t_Vec'0) (index:UInt64.t) (return' (ret:UInt64.t))= {[@expl:index 'self' type invariant] inv'2 self} {[@expl:index 'index' type invariant] inv'1 index} @@ -702,17 +702,17 @@ module M_06_knights_tour__qyi4580598960913230815__available [#"06_knights_tour.r [%#sops14] Seq.get (view'2 self) ix predicate wf'0 [#"06_knights_tour.rs" 30 4 30 23] (self : t_Board'0) = - [%#s06_knights_tour8] UInt64.to_uint self.t_Board__size'0 <= 1000 - /\ Seq.length (view'2 self.t_Board__field'0) = UInt64.to_uint self.t_Board__size'0 - /\ (forall i : int . 0 <= i /\ i < UInt64.to_uint self.t_Board__size'0 - -> Seq.length (view'3 (index_logic'0 self.t_Board__field'0 i)) = UInt64.to_uint self.t_Board__size'0) + [%#s06_knights_tour8] UInt64.t'int self.t_Board__size'0 <= 1000 + /\ Seq.length (view'2 self.t_Board__field'0) = UInt64.t'int self.t_Board__size'0 + /\ (forall i : int . 0 <= i /\ i < UInt64.t'int self.t_Board__size'0 + -> Seq.length (view'3 (index_logic'0 self.t_Board__field'0 i)) = UInt64.t'int self.t_Board__size'0) use prelude.prelude.Int64 predicate in_bounds'0 [#"06_knights_tour.rs" 61 4 61 40] (self : t_Board'0) (p : t_Point'0) = [%#s06_knights_tour9] 0 <= Int64.to_int p.t_Point__x'0 - /\ Int64.to_int p.t_Point__x'0 < UInt64.to_uint self.t_Board__size'0 - /\ 0 <= Int64.to_int p.t_Point__y'0 /\ Int64.to_int p.t_Point__y'0 < UInt64.to_uint self.t_Board__size'0 + /\ Int64.to_int p.t_Point__x'0 < UInt64.t'int self.t_Board__size'0 + /\ 0 <= Int64.to_int p.t_Point__y'0 /\ Int64.to_int p.t_Point__y'0 < UInt64.t'int self.t_Board__size'0 meta "compute_max_steps" 1000000 @@ -852,7 +852,7 @@ module M_06_knights_tour__qyi4580598960913230815__count_degree [#"06_knights_tou function view'0 (self : t_Vec'0) : Seq.seq (Int64.t, Int64.t) - axiom view'0_spec : forall self : t_Vec'0 . [%#svec25] Seq.length (view'0 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) + axiom view'0_spec : forall self : t_Vec'0 . [%#svec25] Seq.length (view'0 self) <= UInt64.t'int (v_MAX'0 : UInt64.t) use seq.Seq @@ -1036,7 +1036,7 @@ module M_06_knights_tour__qyi4580598960913230815__count_degree [#"06_knights_tou function view'2 (self : t_Vec'1) : Seq.seq (t_Vec'2) - axiom view'2_spec : forall self : t_Vec'1 . [%#svec25] Seq.length (view'2 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) + axiom view'2_spec : forall self : t_Vec'1 . [%#svec25] Seq.length (view'2 self) <= UInt64.t'int (v_MAX'0 : UInt64.t) use seq.Seq @@ -1049,18 +1049,18 @@ module M_06_knights_tour__qyi4580598960913230815__count_degree [#"06_knights_tou function view'3 (self : t_Vec'2) : Seq.seq UInt64.t - axiom view'3_spec : forall self : t_Vec'2 . [%#svec25] Seq.length (view'3 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) + axiom view'3_spec : forall self : t_Vec'2 . [%#svec25] Seq.length (view'3 self) <= UInt64.t'int (v_MAX'0 : UInt64.t) predicate wf'0 [#"06_knights_tour.rs" 30 4 30 23] (self : t_Board'0) = - [%#s06_knights_tour23] UInt64.to_uint self.t_Board__size'0 <= 1000 - /\ Seq.length (view'2 self.t_Board__field'0) = UInt64.to_uint self.t_Board__size'0 - /\ (forall i : int . 0 <= i /\ i < UInt64.to_uint self.t_Board__size'0 - -> Seq.length (view'3 (index_logic'1 self.t_Board__field'0 i)) = UInt64.to_uint self.t_Board__size'0) + [%#s06_knights_tour23] UInt64.t'int self.t_Board__size'0 <= 1000 + /\ Seq.length (view'2 self.t_Board__field'0) = UInt64.t'int self.t_Board__size'0 + /\ (forall i : int . 0 <= i /\ i < UInt64.t'int self.t_Board__size'0 + -> Seq.length (view'3 (index_logic'1 self.t_Board__field'0 i)) = UInt64.t'int self.t_Board__size'0) predicate in_bounds'0 [#"06_knights_tour.rs" 61 4 61 40] (self : t_Board'0) (p : t_Point'0) = [%#s06_knights_tour24] 0 <= Int64.to_int p.t_Point__x'0 - /\ Int64.to_int p.t_Point__x'0 < UInt64.to_uint self.t_Board__size'0 - /\ 0 <= Int64.to_int p.t_Point__y'0 /\ Int64.to_int p.t_Point__y'0 < UInt64.to_uint self.t_Board__size'0 + /\ Int64.to_int p.t_Point__x'0 < UInt64.t'int self.t_Board__size'0 + /\ 0 <= Int64.to_int p.t_Point__y'0 /\ Int64.to_int p.t_Point__y'0 < UInt64.t'int self.t_Board__size'0 let rec available'0 (self:t_Board'0) (p:t_Point'0) (return' (ret:bool))= {[@expl:available requires] [%#s06_knights_tour21] wf'0 self} any [ return' (result:bool)-> {[%#s06_knights_tour22] result -> in_bounds'0 self p} (! return' {result}) ] @@ -1094,7 +1094,7 @@ module M_06_knights_tour__qyi4580598960913230815__count_degree [#"06_knights_tou [ bb7 = {[@expl:for invariant] [%#s06_knights_tour5] inv'1 (Snapshot.inner produced)} {[@expl:for invariant] [%#s06_knights_tour5] inv'0 iter} {[@expl:for invariant] [%#s06_knights_tour5] produces'0 (Snapshot.inner iter_old) (Snapshot.inner produced) iter} - {[@expl:loop invariant] [%#s06_knights_tour4] UInt64.to_uint count <= Seq.length (Snapshot.inner produced)} + {[@expl:loop invariant] [%#s06_knights_tour4] UInt64.t'int count <= Seq.length (Snapshot.inner produced)} (! s0) [ s0 = bb8 ] [ bb8 = s0 [ s0 = Borrow.borrow_mut {iter} @@ -1243,13 +1243,13 @@ module M_06_knights_tour__qyi4580598960913230815__set [#"06_knights_tour.rs" 87 function view'1 (self : t_Vec'0) : Seq.seq (t_Vec'1) - axiom view'1_spec : forall self : t_Vec'0 . [%#svec14] Seq.length (view'1 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) + axiom view'1_spec : forall self : t_Vec'0 . [%#svec14] Seq.length (view'1 self) <= UInt64.t'int (v_MAX'0 : UInt64.t) function view'0 (self : borrowed (t_Vec'0)) : Seq.seq (t_Vec'1) = [%#smodel11] view'1 self.current predicate in_bounds'1 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq (t_Vec'1)) = - [%#sslice12] UInt64.to_uint self < Seq.length seq + [%#sslice12] UInt64.t'int self < Seq.length seq predicate inv'2 (_1 : borrowed (t_Vec'1)) @@ -1258,11 +1258,11 @@ module M_06_knights_tour__qyi4580598960913230815__set [#"06_knights_tour.rs" 87 use seq.Seq predicate has_value'0 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq (t_Vec'1)) (out : t_Vec'1) = - [%#sslice13] Seq.get seq (UInt64.to_uint self) = out + [%#sslice13] Seq.get seq (UInt64.t'int self) = out predicate resolve_elswhere'0 [@inline:trivial] (self : UInt64.t) (old' : Seq.seq (t_Vec'1)) (fin : Seq.seq (t_Vec'1)) = - [%#sslice15] forall i : int . 0 <= i /\ i <> UInt64.to_uint self /\ i < Seq.length old' + [%#sslice15] forall i : int . 0 <= i /\ i <> UInt64.t'int self /\ i < Seq.length old' -> Seq.get old' i = Seq.get fin i let rec index_mut'0 (self:borrowed (t_Vec'0)) (index:UInt64.t) (return' (ret:borrowed (t_Vec'1)))= {[@expl:index_mut 'self' type invariant] inv'0 self} @@ -1283,13 +1283,13 @@ module M_06_knights_tour__qyi4580598960913230815__set [#"06_knights_tour.rs" 87 function view'3 (self : t_Vec'1) : Seq.seq UInt64.t - axiom view'3_spec : forall self : t_Vec'1 . [%#svec14] Seq.length (view'3 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) + axiom view'3_spec : forall self : t_Vec'1 . [%#svec14] Seq.length (view'3 self) <= UInt64.t'int (v_MAX'0 : UInt64.t) function view'2 (self : borrowed (t_Vec'1)) : Seq.seq UInt64.t = [%#smodel11] view'3 self.current predicate in_bounds'2 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq UInt64.t) = - [%#sslice12] UInt64.to_uint self < Seq.length seq + [%#sslice12] UInt64.t'int self < Seq.length seq predicate inv'3 (_1 : borrowed UInt64.t) @@ -1298,10 +1298,10 @@ module M_06_knights_tour__qyi4580598960913230815__set [#"06_knights_tour.rs" 87 use seq.Seq predicate has_value'1 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq UInt64.t) (out : UInt64.t) = - [%#sslice13] Seq.get seq (UInt64.to_uint self) = out + [%#sslice13] Seq.get seq (UInt64.t'int self) = out predicate resolve_elswhere'1 [@inline:trivial] (self : UInt64.t) (old' : Seq.seq UInt64.t) (fin : Seq.seq UInt64.t) = - [%#sslice15] forall i : int . 0 <= i /\ i <> UInt64.to_uint self /\ i < Seq.length old' + [%#sslice15] forall i : int . 0 <= i /\ i <> UInt64.t'int self /\ i < Seq.length old' -> Seq.get old' i = Seq.get fin i let rec index_mut'1 (self:borrowed (t_Vec'1)) (index:UInt64.t) (return' (ret:borrowed UInt64.t))= {[@expl:index_mut 'self' type invariant] inv'2 self} @@ -1340,17 +1340,17 @@ module M_06_knights_tour__qyi4580598960913230815__set [#"06_knights_tour.rs" 87 [%#sops17] Seq.get (view'1 self) ix predicate wf'0 [#"06_knights_tour.rs" 30 4 30 23] (self : t_Board'0) = - [%#s06_knights_tour9] UInt64.to_uint self.t_Board__size'0 <= 1000 - /\ Seq.length (view'1 self.t_Board__field'0) = UInt64.to_uint self.t_Board__size'0 - /\ (forall i : int . 0 <= i /\ i < UInt64.to_uint self.t_Board__size'0 - -> Seq.length (view'3 (index_logic'0 self.t_Board__field'0 i)) = UInt64.to_uint self.t_Board__size'0) + [%#s06_knights_tour9] UInt64.t'int self.t_Board__size'0 <= 1000 + /\ Seq.length (view'1 self.t_Board__field'0) = UInt64.t'int self.t_Board__size'0 + /\ (forall i : int . 0 <= i /\ i < UInt64.t'int self.t_Board__size'0 + -> Seq.length (view'3 (index_logic'0 self.t_Board__field'0 i)) = UInt64.t'int self.t_Board__size'0) use prelude.prelude.Int64 predicate in_bounds'0 [#"06_knights_tour.rs" 61 4 61 40] (self : t_Board'0) (p : t_Point'0) = [%#s06_knights_tour10] 0 <= Int64.to_int p.t_Point__x'0 - /\ Int64.to_int p.t_Point__x'0 < UInt64.to_uint self.t_Board__size'0 - /\ 0 <= Int64.to_int p.t_Point__y'0 /\ Int64.to_int p.t_Point__y'0 < UInt64.to_uint self.t_Board__size'0 + /\ Int64.to_int p.t_Point__x'0 < UInt64.t'int self.t_Board__size'0 + /\ 0 <= Int64.to_int p.t_Point__y'0 /\ Int64.to_int p.t_Point__y'0 < UInt64.t'int self.t_Board__size'0 meta "compute_max_steps" 1000000 @@ -1482,7 +1482,7 @@ module M_06_knights_tour__min [#"06_knights_tour.rs" 110 0 110 58] function view'1 (self : t_Vec'0) : Seq.seq (UInt64.t, t_Point'0) - axiom view'1_spec : forall self : t_Vec'0 . [%#svec13] Seq.length (view'1 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) + axiom view'1_spec : forall self : t_Vec'0 . [%#svec13] Seq.length (view'1 self) <= UInt64.t'int (v_MAX'0 : UInt64.t) function view'0 (self : t_Vec'0) : Seq.seq (UInt64.t, t_Point'0) = [%#smodel7] view'1 self @@ -1496,7 +1496,7 @@ module M_06_knights_tour__min [#"06_knights_tour.rs" 110 0 110 58] function view'5 (self : slice (UInt64.t, t_Point'0)) : Seq.seq (UInt64.t, t_Point'0) axiom view'5_spec : forall self : slice (UInt64.t, t_Point'0) . ([%#sslice26] Seq.length (view'5 self) - <= UInt64.to_uint (v_MAX'0 : UInt64.t)) + <= UInt64.t'int (v_MAX'0 : UInt64.t)) && ([%#sslice27] view'5 self = Slice64.id self) function view'3 (self : slice (UInt64.t, t_Point'0)) : Seq.seq (UInt64.t, t_Point'0) = @@ -1714,8 +1714,8 @@ module M_06_knights_tour__dumb_nonlinear_arith [#"06_knights_tour.rs" 130 0 130 function dumb_nonlinear_arith'0 [#"06_knights_tour.rs" 130 0 130 33] (a : UInt64.t) : () - goal vc_dumb_nonlinear_arith'0 : ([%#s06_knights_tour0] UInt64.to_uint a <= 1000) - -> ([%#s06_knights_tour1] UInt64.to_uint a * UInt64.to_uint a <= 1000000) + goal vc_dumb_nonlinear_arith'0 : ([%#s06_knights_tour0] UInt64.t'int a <= 1000) + -> ([%#s06_knights_tour1] UInt64.t'int a * UInt64.t'int a <= 1000000) end module M_06_knights_tour__knights_tour [#"06_knights_tour.rs" 135 0 135 69] let%span s06_knights_tour0 = "06_knights_tour.rs" 138 17 138 18 @@ -1782,7 +1782,7 @@ module M_06_knights_tour__knights_tour [#"06_knights_tour.rs" 135 0 135 69] let%span srange61 = "../../../../creusot-contracts/src/std/iter/range.rs" 42 15 42 32 let%span srange62 = "../../../../creusot-contracts/src/std/iter/range.rs" 43 15 43 32 let%span srange63 = "../../../../creusot-contracts/src/std/iter/range.rs" 44 14 44 42 - let%span snum64 = "../../../../creusot-contracts/src/std/num.rs" 52 28 52 33 + let%span snum64 = "../../../../creusot-contracts/src/std/num.rs" 54 32 54 37 let%span srange65 = "../../../../creusot-contracts/src/std/iter/range.rs" 15 12 15 78 let%span sresolve66 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 let%span svec67 = "../../../../creusot-contracts/src/std/vec.rs" 191 20 191 24 @@ -1857,7 +1857,7 @@ module M_06_knights_tour__knights_tour [#"06_knights_tour.rs" 135 0 135 69] function view'1 (self : t_Vec'2) : Seq.seq (t_Vec'3) - axiom view'1_spec : forall self : t_Vec'2 . [%#svec39] Seq.length (view'1 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) + axiom view'1_spec : forall self : t_Vec'2 . [%#svec39] Seq.length (view'1 self) <= UInt64.t'int (v_MAX'0 : UInt64.t) use seq.Seq @@ -1870,15 +1870,15 @@ module M_06_knights_tour__knights_tour [#"06_knights_tour.rs" 135 0 135 69] function view'2 (self : t_Vec'3) : Seq.seq UInt64.t - axiom view'2_spec : forall self : t_Vec'3 . [%#svec39] Seq.length (view'2 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) + axiom view'2_spec : forall self : t_Vec'3 . [%#svec39] Seq.length (view'2 self) <= UInt64.t'int (v_MAX'0 : UInt64.t) predicate wf'0 [#"06_knights_tour.rs" 30 4 30 23] (self : t_Board'0) = - [%#s06_knights_tour33] UInt64.to_uint self.t_Board__size'0 <= 1000 - /\ Seq.length (view'1 self.t_Board__field'0) = UInt64.to_uint self.t_Board__size'0 - /\ (forall i : int . 0 <= i /\ i < UInt64.to_uint self.t_Board__size'0 - -> Seq.length (view'2 (index_logic'1 self.t_Board__field'0 i)) = UInt64.to_uint self.t_Board__size'0) + [%#s06_knights_tour33] UInt64.t'int self.t_Board__size'0 <= 1000 + /\ Seq.length (view'1 self.t_Board__field'0) = UInt64.t'int self.t_Board__size'0 + /\ (forall i : int . 0 <= i /\ i < UInt64.t'int self.t_Board__size'0 + -> Seq.length (view'2 (index_logic'1 self.t_Board__field'0 i)) = UInt64.t'int self.t_Board__size'0) - let rec new'0 (size:UInt64.t) (return' (ret:t_Board'0))= {[@expl:new requires] [%#s06_knights_tour21] UInt64.to_uint size + let rec new'0 (size:UInt64.t) (return' (ret:t_Board'0))= {[@expl:new requires] [%#s06_knights_tour21] UInt64.t'int size <= 1000} any [ return' (result:t_Board'0)-> {[%#s06_knights_tour22] result.t_Board__size'0 = size} @@ -1897,8 +1897,8 @@ module M_06_knights_tour__knights_tour [#"06_knights_tour.rs" 135 0 135 69] predicate in_bounds'0 [#"06_knights_tour.rs" 61 4 61 40] (self : t_Board'0) (p : t_Point'0) = [%#s06_knights_tour32] 0 <= Int64.to_int p.t_Point__x'0 - /\ Int64.to_int p.t_Point__x'0 < UInt64.to_uint self.t_Board__size'0 - /\ 0 <= Int64.to_int p.t_Point__y'0 /\ Int64.to_int p.t_Point__y'0 < UInt64.to_uint self.t_Board__size'0 + /\ Int64.to_int p.t_Point__x'0 < UInt64.t'int self.t_Board__size'0 + /\ 0 <= Int64.to_int p.t_Point__y'0 /\ Int64.to_int p.t_Point__y'0 < UInt64.t'int self.t_Board__size'0 let rec set'0 (self:borrowed (t_Board'0)) (p:t_Point'0) (v:UInt64.t) (return' (ret:()))= {[@expl:set requires #0] [%#s06_knights_tour24] wf'0 self.current} {[@expl:set requires #1] [%#s06_knights_tour25] in_bounds'0 self.current p} @@ -1911,8 +1911,8 @@ module M_06_knights_tour__knights_tour [#"06_knights_tour.rs" 135 0 135 69] function dumb_nonlinear_arith'0 [#"06_knights_tour.rs" 130 0 130 33] (a : UInt64.t) : () = [%#s06_knights_tour30] () - axiom dumb_nonlinear_arith'0_spec : forall a : UInt64.t . ([%#s06_knights_tour28] UInt64.to_uint a <= 1000) - -> ([%#s06_knights_tour29] UInt64.to_uint a * UInt64.to_uint a <= 1000000) + axiom dumb_nonlinear_arith'0_spec : forall a : UInt64.t . ([%#s06_knights_tour28] UInt64.t'int a <= 1000) + -> ([%#s06_knights_tour29] UInt64.t'int a * UInt64.t'int a <= 1000000) use prelude.prelude.Snapshot @@ -1946,7 +1946,7 @@ module M_06_knights_tour__knights_tour [#"06_knights_tour.rs" 135 0 135 69] use seq.Seq function deep_model'0 (self : UInt64.t) : int = - [%#snum64] UInt64.to_uint self + [%#snum64] UInt64.t'int self use seq.Seq @@ -2039,7 +2039,7 @@ module M_06_knights_tour__knights_tour [#"06_knights_tour.rs" 135 0 135 69] function view'0 (self : t_Vec'0) : Seq.seq (UInt64.t, t_Point'0) - axiom view'0_spec : forall self : t_Vec'0 . [%#svec39] Seq.length (view'0 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) + axiom view'0_spec : forall self : t_Vec'0 . [%#svec39] Seq.length (view'0 self) <= UInt64.t'int (v_MAX'0 : UInt64.t) let rec new'1 (_1:()) (return' (ret:t_Vec'0))= any [ return' (result:t_Vec'0)-> {inv'6 result} {[%#svec36] Seq.length (view'0 result) = 0} (! return' {result}) ] @@ -2063,7 +2063,7 @@ module M_06_knights_tour__knights_tour [#"06_knights_tour.rs" 135 0 135 69] function view'3 (self : t_Vec'1) : Seq.seq (Int64.t, Int64.t) - axiom view'3_spec : forall self : t_Vec'1 . [%#svec39] Seq.length (view'3 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) + axiom view'3_spec : forall self : t_Vec'1 . [%#svec39] Seq.length (view'3 self) <= UInt64.t'int (v_MAX'0 : UInt64.t) use seq.Seq @@ -2332,8 +2332,8 @@ module M_06_knights_tour__knights_tour [#"06_knights_tour.rs" 135 0 135 69] meta "compute_max_steps" 1000000 let rec knights_tour'0 (size:UInt64.t) (x:UInt64.t) (y:UInt64.t) (return' (ret:t_Option'3))= {[@expl:knights_tour requires #0] [%#s06_knights_tour18] 0 - < UInt64.to_uint size - /\ UInt64.to_uint size <= 1000} + < UInt64.t'int size + /\ UInt64.t'int size <= 1000} {[@expl:knights_tour requires #1] [%#s06_knights_tour19] UInt64.ult x size} {[@expl:knights_tour requires #2] [%#s06_knights_tour20] UInt64.ult y size} (! bb0 diff --git a/creusot/tests/should_succeed/vector/07_read_write.coma b/creusot/tests/should_succeed/vector/07_read_write.coma index 138f363713..b7f7c7f13f 100644 --- a/creusot/tests/should_succeed/vector/07_read_write.coma +++ b/creusot/tests/should_succeed/vector/07_read_write.coma @@ -60,7 +60,7 @@ module M_07_read_write__read_write [#"07_read_write.rs" 6 0 6 75] function view'1 (self : t_Vec'0) : Seq.seq t_T'0 - axiom view'1_spec : forall self : t_Vec'0 . [%#svec15] Seq.length (view'1 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) + axiom view'1_spec : forall self : t_Vec'0 . [%#svec15] Seq.length (view'1 self) <= UInt64.t'int (v_MAX'0 : UInt64.t) use seq.Seq @@ -102,7 +102,7 @@ module M_07_read_write__read_write [#"07_read_write.rs" 6 0 6 75] [%#smodel12] view'1 self.current predicate in_bounds'0 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq t_T'0) = - [%#sslice13] UInt64.to_uint self < Seq.length seq + [%#sslice13] UInt64.t'int self < Seq.length seq predicate invariant'1 (self : borrowed t_T'0) = [%#sinvariant21] inv'3 self.current /\ inv'3 self.final @@ -114,10 +114,10 @@ module M_07_read_write__read_write [#"07_read_write.rs" 6 0 6 75] use seq.Seq predicate has_value'0 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq t_T'0) (out : t_T'0) = - [%#sslice14] Seq.get seq (UInt64.to_uint self) = out + [%#sslice14] Seq.get seq (UInt64.t'int self) = out predicate resolve_elswhere'0 [@inline:trivial] (self : UInt64.t) (old' : Seq.seq t_T'0) (fin : Seq.seq t_T'0) = - [%#sslice16] forall i : int . 0 <= i /\ i <> UInt64.to_uint self /\ i < Seq.length old' + [%#sslice16] forall i : int . 0 <= i /\ i <> UInt64.t'int self /\ i < Seq.length old' -> Seq.get old' i = Seq.get fin i let rec index_mut'0 (self:borrowed (t_Vec'0)) (index:UInt64.t) (return' (ret:borrowed t_T'0))= {[@expl:index_mut 'self' type invariant] inv'2 self} @@ -185,7 +185,7 @@ module M_07_read_write__read_write [#"07_read_write.rs" 6 0 6 75] let rec read_write'0 (a:borrowed (t_Vec'0)) (i:UInt64.t) (x:t_T'0) (return' (ret:()))= {[@expl:read_write 'a' type invariant] [%#s07_read_write1] inv'2 a} {[@expl:read_write 'x' type invariant] [%#s07_read_write2] inv'3 x} - {[@expl:read_write requires] [%#s07_read_write3] UInt64.to_uint i < Seq.length (view'0 a)} + {[@expl:read_write requires] [%#s07_read_write3] UInt64.t'int i < Seq.length (view'0 a)} (! bb0 [ bb0 = s0 [ s0 = {inv'0 a.current} diff --git a/creusot/tests/should_succeed/vector/07_read_write/why3session.xml b/creusot/tests/should_succeed/vector/07_read_write/why3session.xml index 7bc9002770..ca29f119ac 100644 --- a/creusot/tests/should_succeed/vector/07_read_write/why3session.xml +++ b/creusot/tests/should_succeed/vector/07_read_write/why3session.xml @@ -7,7 +7,7 @@ - + diff --git a/creusot/tests/should_succeed/vector/07_read_write/why3shapes.gz b/creusot/tests/should_succeed/vector/07_read_write/why3shapes.gz index 87c78ac8647720b6007b5de7577e60934ff0fdec..ab94051e1afbb6203423f23c40c4b05028c0efe5 100644 GIT binary patch delta 438 zcmV;n0ZIPE1H}W78GqP(glco(VwppGs;u77Bn%r=0;wTH{r80!Hze9!<@VY<xVnU$@v$`!*bKtmzVfW;g_OJK$J+&wd3=dRVt3ni|_7 zh&B9~m%&DZbYcxenp+^zTspA^m=+e8gmhvJa2;A;64D88uz!1@j-(UoAkeV|CLx_z z141Vjh;$;ISOcNnSRmFL>4f(Kw;Cdp*z}a6p}uQI3IKPVG2MmA;P_hu$Et3z(J9uY zPBUBcXGo4)EQwCVu`8*W41n-qJ-K{M{L`FCW=lB$|5cdd0sCUa=1eos?C|)M>H5)O z*Vtm$o!hd1;D55kM_}3F2k={q?7n_j>IX450K$gA=g{2d{neU$SZ~}V!Ts47Y6qRp z*c%OnwQ8xTpr*eZ$gJCaBL0^7eaGN7o4MfkkY}>E-T4fA`#^l){S(JMj)p(ulYL6S zm+QiAT#m2yNzXOh`S0SyG`xIyYpL|;cpCl|*WZQbB`-;s#(Tcor<}!D?W>fClVDZF gKqO4~z*MR>Dp9eDRH%gF3KaAH0qyG0191cZ0M>8kqyPW_ delta 437 zcmV;m0ZRVG1H=Q68Go4XYIERXnL~T3M!lf{%m$S}))1op`-&Jh5N%hvy*AHy-kGua z^5Tw1I;+v0l^)xn|K>*S%U6e957eptZ93B2s;dXcXc~&PpJ*<=XTLlq9BTWSbW8o@ zMF{W9(n}D86MR5MnH>*a87228b{bRyaTCfDn?PZd5sGH4fdZJfL#Wdbq0EJN-uB)U-Wym{MC~ zni2TYviqEL-~l{9Yp4`-jy(_)7ucn-KUMTFTttE#SM2T@tD;TC0A-biv-# zRG3z+jtbR{*Q3(ga-WF5Xa2ZjaG%X$_#@<*EOvJ}!`wdb|I_;?j(Z#pf2L37DFI)v z3%heUy{>P1F|iwf4fGKpUmsg49CbQRe~Q}=!*Qx42`wlc`K(EF&4pK>CtPkj(iD4(s(sa|8eYHkZ)m diff --git a/creusot/tests/should_succeed/vector/08_haystack.coma b/creusot/tests/should_succeed/vector/08_haystack.coma index 4cec42dbb7..f0e4c171f7 100644 --- a/creusot/tests/should_succeed/vector/08_haystack.coma +++ b/creusot/tests/should_succeed/vector/08_haystack.coma @@ -27,7 +27,7 @@ module M_08_haystack__search [#"08_haystack.rs" 21 0 21 60] let%span srange25 = "../../../../creusot-contracts/src/std/iter/range.rs" 23 12 27 70 let%span svec26 = "../../../../creusot-contracts/src/std/vec.rs" 162 27 162 46 let%span svec27 = "../../../../creusot-contracts/src/std/vec.rs" 163 26 163 54 - let%span snum28 = "../../../../creusot-contracts/src/std/num.rs" 52 28 52 33 + let%span snum28 = "../../../../creusot-contracts/src/std/num.rs" 54 32 54 37 let%span sops29 = "../../../../creusot-contracts/src/std/ops.rs" 201 14 201 86 let%span siter30 = "../../../../creusot-contracts/src/std/iter.rs" 86 20 86 24 let%span siter31 = "../../../../creusot-contracts/src/std/iter.rs" 92 8 92 19 @@ -94,14 +94,14 @@ module M_08_haystack__search [#"08_haystack.rs" 21 0 21 60] function view'1 (self : t_Vec'0) : Seq.seq UInt8.t - axiom view'1_spec : forall self : t_Vec'0 . [%#svec32] Seq.length (view'1 self) <= UInt64.to_uint (v_MAX'0 : UInt64.t) + axiom view'1_spec : forall self : t_Vec'0 . [%#svec32] Seq.length (view'1 self) <= UInt64.t'int (v_MAX'0 : UInt64.t) function view'0 (self : t_Vec'0) : Seq.seq UInt8.t = [%#smodel21] view'1 self let rec len'0 (self:t_Vec'0) (return' (ret:UInt64.t))= {[@expl:len 'self' type invariant] inv'3 self} any - [ return' (result:UInt64.t)-> {[%#svec16] UInt64.to_uint result = Seq.length (view'0 self)} (! return' {result}) ] + [ return' (result:UInt64.t)-> {[%#svec16] UInt64.t'int result = Seq.length (view'0 self)} (! return' {result}) ] predicate inv'4 (_1 : UInt64.t) @@ -120,7 +120,7 @@ module M_08_haystack__search [#"08_haystack.rs" 21 0 21 60] function end_log'0 (self : t_RangeInclusive'0) : UInt64.t function deep_model'0 (self : UInt64.t) : int = - [%#snum28] UInt64.to_uint self + [%#snum28] UInt64.t'int self function is_empty_log'0 (self : t_RangeInclusive'0) : bool @@ -317,14 +317,14 @@ module M_08_haystack__search [#"08_haystack.rs" 21 0 21 60] resolve'3 _1 predicate in_bounds'0 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq UInt8.t) = - [%#sslice53] UInt64.to_uint self < Seq.length seq + [%#sslice53] UInt64.t'int self < Seq.length seq predicate inv'8 (_1 : UInt8.t) axiom inv_axiom'8 [@rewrite] : forall x : UInt8.t [inv'8 x] . inv'8 x = true predicate has_value'0 [@inline:trivial] (self : UInt64.t) (seq : Seq.seq UInt8.t) (out : UInt8.t) = - [%#sslice54] Seq.get seq (UInt64.to_uint self) = out + [%#sslice54] Seq.get seq (UInt64.t'int self) = out let rec index'0 (self:t_Vec'0) (index:UInt64.t) (return' (ret:UInt8.t))= {[@expl:index 'self' type invariant] inv'3 self} {[@expl:index 'index' type invariant] inv'4 index} @@ -411,7 +411,7 @@ module M_08_haystack__search [#"08_haystack.rs" 21 0 21 60] [ bb19 = {[@expl:for invariant] [%#s08_haystack10] inv'1 (Snapshot.inner produced1)} {[@expl:for invariant] [%#s08_haystack10] inv'2 iter1} {[@expl:for invariant] [%#s08_haystack10] produces'1 (Snapshot.inner iter_old1) (Snapshot.inner produced1) iter1} - {[@expl:loop invariant] [%#s08_haystack9] match_at'0 needle haystack (UInt64.to_uint i) (Seq.length (Snapshot.inner produced1))} + {[@expl:loop invariant] [%#s08_haystack9] match_at'0 needle haystack (UInt64.t'int i) (Seq.length (Snapshot.inner produced1))} (! s0) [ s0 = bb20 ] [ bb20 = s0 [ s0 = Borrow.borrow_mut {iter1} @@ -495,14 +495,14 @@ module M_08_haystack__search [#"08_haystack.rs" 21 0 21 60] | & _61 : UInt8.t = any_l () | & _63 : UInt64.t = any_l () ] - [ return' (result:UInt64.t)-> {[@expl:search ensures #0] [%#s08_haystack13] UInt64.to_uint result + [ return' (result:UInt64.t)-> {[@expl:search ensures #0] [%#s08_haystack13] UInt64.t'int result = Seq.length (view'0 haystack) - \/ UInt64.to_uint result < Seq.length (view'0 haystack) - Seq.length (view'0 needle) + 1} - {[@expl:search ensures #1] [%#s08_haystack14] UInt64.to_uint result < Seq.length (view'0 haystack) - -> match_at'0 needle haystack (UInt64.to_uint result) (Seq.length (view'0 needle)) - /\ (forall i : int . 0 <= i /\ i < UInt64.to_uint result + \/ UInt64.t'int result < Seq.length (view'0 haystack) - Seq.length (view'0 needle) + 1} + {[@expl:search ensures #1] [%#s08_haystack14] UInt64.t'int result < Seq.length (view'0 haystack) + -> match_at'0 needle haystack (UInt64.t'int result) (Seq.length (view'0 needle)) + /\ (forall i : int . 0 <= i /\ i < UInt64.t'int result -> not match_at'0 needle haystack i (Seq.length (view'0 needle)))} - {[@expl:search ensures #2] [%#s08_haystack15] UInt64.to_uint result = Seq.length (view'0 haystack) + {[@expl:search ensures #2] [%#s08_haystack15] UInt64.t'int result = Seq.length (view'0 haystack) -> (forall i : int . 0 <= i /\ i < Seq.length (view'0 haystack) -> not match_at'0 needle haystack i (Seq.length (view'0 needle)))} (! return' {result}) ] diff --git a/creusot/tests/should_succeed/vector/08_haystack/why3session.xml b/creusot/tests/should_succeed/vector/08_haystack/why3session.xml index 770e9410a4..653c9fa1b7 100644 --- a/creusot/tests/should_succeed/vector/08_haystack/why3session.xml +++ b/creusot/tests/should_succeed/vector/08_haystack/why3session.xml @@ -2,145 +2,151 @@ - - - + - + - - + + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - - + + - + - + - + - + - + - + - + + + + + - + - + - + - + + + + + - + - + - + - + - + - + diff --git a/creusot/tests/should_succeed/vector/08_haystack/why3shapes.gz b/creusot/tests/should_succeed/vector/08_haystack/why3shapes.gz index 885ca61f7dcf54d20edeac9ab7a3f08f7c7b0a82..c32835780162fa45ba5a1ed97082994f390e9695 100644 GIT binary patch literal 3015 zcmV;&3pn&2iwFP!00000|J7MbZyU)GzVlZQ$U#Yr1-iPs`Vs5~P!=nU4)Fp>FvyMQ zr%fzH$|NOu^XpSRbaz#KRb9{FpZ_{uy?6I%HGWLX)pRlc+gOeN z`j^rAgPYDDuSCsm+J}+*@h3M+^LOj_?s1x)uAm0DzM9V0?s4+Z>;GP{o0d%0{HA?q z*H|rX+J}Z!OzD1dw}@$W#oTJ`mg~uE@s76T{#KgDcH{P~`^imLlXQ2#{=GZ>pXEck z8PU$t&EKWTbRK38tLbB!5Lh~Zfqgh8!`u4RfH8pgT?pmcXER8 z+qL`q@c96vjVpFXM|5m_wMw&mHD3RIpT@N9mQy!h7jM|O<}$4wX6qBOT80||heR+4 zW8@y*rIzjX;I9SqdNJt<+thJ;w{eUSPJ%B$YP0uxyuy1Rcj~ce;e%?O`4W>>w>1 zvm`5!Db{Iu>gKxxllx`rDYGM7rVkHOTHaSz?2#^3>mJzN2?}NUcb+KOq^C`AjPhdH zN3cr@y^~uOhqOD^KmJ78lS}^Serp}?P|jO-=hor<#I1Kx)cW#{YTsRFi^cun4YwL> zfyUMlMfJ1bw}cyt=U~-b4&tJ#?``dKy>4tl+cz6v==@^2Ts)rQ-mSj-;Nf$Va))umLo&FPNbeQe^ed(G1{ixalvx}VMPL^f-Zx?4~F zRf^{oBf+8Nfrr5a&zvh3VE4m*U`3TZydS6e>VaU4|1=={1m*KNP@m3$ zdY^xr`}EEAi@j(+vJZ8E%fonku6577zfBRHmRp;?=BAFQPS}#~J8GAZVJIU*7Xs6H zOdp>sNwTA9&o=)J9iI5b!#u9~V)ij_80_~tW(&oPNafY!(aj#xNe;WS5A@<bQf>h_O(aXd!_R5w4h4yMD=1d{a@;J#zksN)Sdnm zyVjON#QUZjWIs40w3f5`mOF<*NBOqXt91!;@NPeJeg&*)ksG4+@X15{g&Q|prQ=TZ z&6}fQ)n)Ai%Wd-U*+uy*&Rdqx%yusu6F;Z;pJ|FCBY)DQ$86fpy7X~p4+dxO-7*}U z70!Y6_H8dwl?1;{Q8)d?(PnOIJ`f#Jbj@?0LhTau1o$VD`2>b%gI@ekpf?H^p50^9 z;Fj$&BbJ?JX=CjPu*2DvmJa7uS}F{NhSbUS&ObSz7W%y@a$txo%-YRoJYaCN+BR~# zUg&cNm12Uft%LS$vY5pll*Y6)uI$8?clBz46Rw||Y@Yk*(ktx;=RTtge5t5c^?btv zSJO}7KL56#!gKnmXTMEd9HQIT*peoH5?zafj+B-Q*5hT|!WH`Fw!Pz8sN-WpLd>ub z)3Irpn>|}>$WO|Wo#KN)`kP07d~{L7uIIf&44+k-aBn{0H|J`x_c^7OqLxrgeqFZY z{uZO%f%tAVIvUZXiRKkb9;t;bFI>^N>*3EEJ;5h(+Bx#~)8j9{3|+C5gI6r~zdqH1 zZ*N*kve;0fCat=&gyDMob4L3F-R3XXM^%8zX=9Y_FCexcJ^E3C(&RZ+r{?CmU&#vZ z%~Jno6s|)Dk?ZCeDN7Tj$T$#J0VH4CU}?Dq+% z4h|??k4B8!NSX%i4Hpp&i`?4mgSVd4=XwkvDiEdutUy-fg;xL-u*z1Z(v_;Pl9i}v zwPK@?SWL`DBeQngf`|eNBamlOg-Bc=%h6jclt{{oXP2mY04Rt_ z1T8U!WP_sHN(wC&X_9?Gfx>}`s3<;Cpj@D$kkLd7S(2AHna5IAQdE*x627ctG*aut zl2clHi9XsK1Ot^a4^$=D7+EDrTT@A0NmWVwB4V>t-1(#-FhFi12QEG1DHtAs^5Ztk zAXX?V6czFc;fte?5T$lDI0Z?OJNYP_R*q46VoZ8bq7ik4>W>BzHAG4+0c~;sXsnPt zv5-@CDrhH4#G?5+STGuL{ZtZ$PCREprqDq+ucOYfi)ux;W4{6%auEszN@$eEB!!0O zoWjsz-~p+e=mH17Dx!$iWweCGXcJ}hkReB@5s|7CR*Eo+uLjMRHVHjw zsWP<<5FI)SKm$G~Fd~h$s5GxMRGKi-otkd~lPRgu7+d->OLwcI=UJf7RC%*OJJzbw zSZR3)V1-yn!r+)96gWHQ9aO- zy1gKb;#8f)*kGwfMpj0ATckjpW8&06BBf#-JUOf|!dP-(>KnKm8(kT7DPX12+>lAF zS5BfN(;62n^>Hk75PWQi%3Ka!>Ou^orq4S-NsRzC0}z>&i790R#xkc^URkK@Mc~bW zJb^%ZM;Xh|97yGmW+3X|sAmKlirdoYXT{|}rtFYJk|8E5qS8hhnk$)?CH)E(L-AiL zFAa5)2^d2zQbI`9I~iG`9vQe%&X~rLEnXmSNZiQG6AiKqtVOVliJ+)`iBfpvrBwk| z$cdhGFqI_*)J5swlSu-#)TB(5IR#8fa82_W)oTuMqXWNqJ**AdM=IM?8?DdUk^Q+c z4rE3{^Z7;(@m=WRkUC8!Ac2)iNtc5{a48$fsZYmLx=mo}`_U)R2pSB*Hvxo;+G7@) z2NsP-uf?V4!$=z@&kY>PS1eeTotBacm?iZh^$M2e`&_={H4bO!PhafCcoa#YL2W?m zBx4yvfjSs zfb4`}ktT5zQG&8Ui0#KJYE{eEs_#Xs>@6sX7^$hY8Kj6@k(X(wVp5X%%hKvai9jYr zlT2u4Gn>masbms?gN)SNmY)a;2V(K9?|?>x$SD7YNYJ9?N@+m@gf3T;gcMt#@{b*1 z>FSZXBrM+mEC~-ufL7%7lA2VX+aFX&3Xm8eIY5G_7c7{7(-v0+6>!|b0zv`2Y!Xd@ zQ+_}xmn1t8_q3sbv9GhAf%&=v*kDE!9cU_} zF0-Twq!3E0>=g^;;{}NFhnE3ZXA2(CW)T{(nPg JLQCT|008TI+|>X8 literal 2815 zcmVd-t4qXUK5;RY|d4ns$W@UTOF zY0_?p{mY%Ww!9NO%%Oca(m}mZgag~&JlE0Ayf*4*eMdX<+UP89fafA*CMT0`_>a|^ z^V@s=@5}TVN84B&NJlf7kMCA8t9Rq|AMa&6oj>w&%JX%LhFxqfW%XgUzM`y`xYcmR zg%^P|rb$|Sn3om*c%tT*eKeh~<+Uuwi$_`3+2Z4w2KqAz+ce5Bn#;%W-6l=Wjor}n z61S8xFPG_HN2eN=gS6|XGqi;v>H6tG`gsZtBrT&}o~Cw&<8@C;oCTe`k~41fR66Wz@4a#*qb{Zc_U1GL@Fr{nYtQqU z$W9=*vw*`E5_BybH>--LJ%8_De-z^Q*-|fr`Of0QIJaAAr-APGfsUtvP6xpIQ1^qj zRuoUX_JV)BayDOS0{*$rhZE1Ap6x5)Wqvc3`Rc<`R^$J;r2Y!))0NO&uY~SIL0HnuE^~<;$C0eDgML57cSfyy@rc*BRFpf6{Tp4#gQSRc9P>VLC7J`%}l0 z9(a1%&A&^;yRPz3%`xV!faAW$@1TSczv0#7k!K&|s)Rl5zK4Brx)H~pc-|Jn4LpZE zDZ;UJgP4o$cyAEmu|?Oo_T;aI9SpUvF}k_azCrFz;KkXR37cOB9h14P4P>r+J2$ zUVfHCJJKDQPMx%L9q9)5eA?^)EBEkn*y>K%bGl1f{ADeEFQ*spkNmOazphR1jlYQH zX!R_n&o-Ao%L<0a^{x{&Xig@H#6Wn=S+ zt*&$`v=6eK#{0|91qX_+)VN#pAD7Etf4#KPT3_5~ef*l!DcWtf)(`g=3wNi&K-+1! z-#zp9BODfgy+1n@I&vGQ?0y*t4e8lqJ-M4sp^p6h;mOuyZ>J7_ULcnTh~)0~AwqsQ zPdf@j;J^Wif-{#L3J4bx?5I01t}};?fpI4U)_2zK2}UEWDU)}m5*1%e)}n$A;Jr86 zvQcA1jHpaR6H!N05h=DQh#~suqKzi%s3Jv-Fsgt)WEaS)LR_U(=afqrf`Cu9j?qVS z5$%ogoCV9M$Y}$ZY$+jgvK3K+pj6l75kw5Pi!23va!HiO8o+1+Y{)yyth_jv$D|@r zB>W_)gqT%ACnOle7Yy2A^7^#X!YC9+S`2aRD^iS+QfKB88|ZDvS!+_|ugHaO|qmk}@$^D~faqws_0c zTFql+qS9ZkN7WR(PwWAd(q6Mec1Du2P&N2GRv{`Mm5a)Lp(@Uxl{MZ8BqIT=S617a zG}(}S_8V39YiTPUm|SwsDhnPVyO71zq9jvNYNJiVS5(NEydo+&RpJmJ6bHsvK`rcs zd8~ERDr$-vzpmy)wP^3XhFr7Z#Kl&NPNkAnGOCUZL>;2`QM;&Z)aI+G#i{}(Rc!IB zQc~>MI6x5_kdjxsDq~DEIvN!XMT1`-MF?7{3XZj|2|Xq9$%6q2UUASZ8;y&`{?$OT z&IXd03NG7fSQ!&YCkn}WRU^ zM2iWvx@6I2%t~=cHi(m)Nt*`8d{aazKx&7s!xWU!i5U~+RFa{T3vCct{KlZHu8wU< zWO9`Xg|iop*%uK)^w=thrEiZ*xE=Jt12EbuwzVt1dJMV(lHSx8>!P*MnrL;j>YG8U z-ejLBu-6hYBuW7^wxAEi7{swt(NT059Yh|ONsnSd=?Y(^7W^9HVR zF;d6{0*x8a(AbCQ{qwzr&!th`Px zgaS@szyQUF3$6unFwYP;RVPW21R|#?Ta|^`lt9ksr1GYhLul*}Lx{o0;9{`P$_5~` zYzRpS11HN;#5l{8YL!sT)&_d^b|3)fTqG#Xs7=z|I^_c>RY2>Mwsxq$g)O;SuaYRt z3N$9G9D_5a231`mDy`c@(0?0y0NJZhO3=v%gNhRYhgv<>VgYx1VtD9T}D& zfy8sLffJQbL+}ZW+vU1@_I4Cu4GBqU1vOa!)pB0>3Kp~gZ0+!W3tMskol`N@Ld~QJ zs8rFdB^Gev%kEtVA+(2`zl~KCP>VRq!WM1YF0O^NDNY9?w0*%w`0hYeY0q~xXRk$Z zrgpOnPC#l-4z%9^rN0z}He#KaWJ1-t+SJ~C0js!zNsJpF=qW@bACcPFMkLcPA?b*u z8Y(2(!NLZiJ;FB}jlJF - + - + diff --git a/creusot/tests/should_succeed/vector/09_capacity/why3shapes.gz b/creusot/tests/should_succeed/vector/09_capacity/why3shapes.gz index 750dd6e921406cb8ca461c8ad7c5ae3e3f479613..049db4a887529f68561670267c5ec6d5d7c46339 100644 GIT binary patch literal 409 zcmV;K0cQRmiwFP!00000|BaI|bE7a2g?oMl9Z9N1z#?vv!VLpOT1`67TI@NRIFQ2} zx%>B#F>+)diLZOid;6_cT5j&b{WHDsJ{-BHZM#=ZjUgvNLP2M!BMk;T`s}q^6$t z-EL$X*>rv1y>k=2zNlE7Dok@APv`wEQrnjEMO){{KhICbmWQ=zE{yBF{6Pf>K2N z_YRb_X{D{V&AjhEyPIt87XI!9-__3VRl74y{pd4)aqr=BgyO z4*T+H{Tx8%p{aXp4c1){a`G`8haj_oYoMI&4V2T&2Ce~kxHkX~GaI-D!lS)`@F=r^ zhbuI-RNv*c*%%Q3YE$Eu$DD*`g7|D(Rd=IQ;Bqjy0}>vuak&z}NtmtiYw)s*rczfl99x{v^$Ya0PECsIYO%potPyM5?QC(@|nQ*(-KXZ%e;t9>x zHUzgbnCmPV`DCu}BptYL;3f_>nWHkE@N|wj3YM50fXo518KAQOj6ckPPYt#JvjvWF zF>PO*dFt)G`zgmC to_uint a = to_uint b } { result <-> a = b }) = any - let ne (a: t) (b: t) (ret (result: bool) { result <-> to_uint a <> to_uint b } { result <-> a <> b }) = any - let le (a: t) (b: t) (ret (result: bool) { result <-> to_uint a <= to_uint b } { result <-> ule a b }) = any - let lt (a: t) (b: t) (ret (result: bool) { result <-> to_uint a < to_uint b } { result <-> ult a b }) = any - let ge (a: t) (b: t) (ret (result: bool) { result <-> to_uint a >= to_uint b } { result <-> uge a b }) = any - let gt (a: t) (b: t) (ret (result: bool) { result <-> to_uint a > to_uint b } { result <-> ugt a b }) = any + let eq (a: t) (b: t) (ret (result: bool) { result <-> to_int a = to_int b } { result <-> a = b }) = any + let ne (a: t) (b: t) (ret (result: bool) { result <-> to_int a <> to_int b } { result <-> a <> b }) = any + let le (a: t) (b: t) (ret (result: bool) { result <-> to_int a <= to_int b } { result <-> ule a b }) = any + let lt (a: t) (b: t) (ret (result: bool) { result <-> to_int a < to_int b } { result <-> ult a b }) = any + let ge (a: t) (b: t) (ret (result: bool) { result <-> to_int a >= to_int b } { result <-> uge a b }) = any + let gt (a: t) (b: t) (ret (result: bool) { result <-> to_int a > to_int b } { result <-> ugt a b }) = any let add (a:t) (b:t) - { [@expl:arithmetic overflow] to_uint a + to_uint b < two_power_size \/ BV256.ule (BV256.add (to_BV256 a) (to_BV256 b)) max_uint_as_BV256 } - (ret (result :t) { to_uint result = to_uint a + to_uint b } { result = add a b }) + { [@expl:arithmetic overflow] to_int a + to_int b < two_power_size \/ BV256.ule (BV256.add (to_BV256 a) (to_BV256 b)) max_uint_as_BV256 } + (ret (result :t) { to_int result = to_int a + to_int b } { result = add a b }) = any let sub (a:t) (b:t) - { [@expl:arithmetic overflow] to_uint a >= to_uint b \/ uge a b } - (ret (result: t) { to_uint result = to_uint a - to_uint b } { result = sub a b }) + { [@expl:arithmetic overflow] to_int a >= to_int b \/ uge a b } + (ret (result: t) { to_int result = to_int a - to_int b } { result = sub a b }) = any let mul (a:t) (b:t) - { [@expl:arithmetic overflow] to_uint a * to_uint b < two_power_size \/ BV256.ule (BV256.mul (to_BV256 a) (to_BV256 b)) max_uint_as_BV256 } - (ret (result: t) { result = mul a b } { to_int result = to_uint a * to_uint b }) + { [@expl:arithmetic overflow] to_int a * to_int b < two_power_size \/ BV256.ule (BV256.mul (to_BV256 a) (to_BV256 b)) max_uint_as_BV256 } + (ret (result: t) { result = mul a b } { to_int result = to_int a * to_int b }) = any let div (a:t) (b:t) - { [@expl:division by zero] b <> zeros \/ to_uint b <> 0 } - (ret (result: t) { to_uint result = ED.div (to_uint a) (to_uint b) } { result = udiv a b }) + { [@expl:division by zero] b <> zeros \/ to_int b <> 0 } + (ret (result: t) { to_int result = ED.div (to_int a) (to_int b) } { result = udiv a b }) = any let rem (a:t) (b:t) - { [@expl:remainder by zero] b <> zeros \/ to_uint b <> 0 } - (ret (result: t) { to_uint result = ED.mod (to_uint a) (to_uint b) } { result = urem a b }) + { [@expl:remainder by zero] b <> zeros \/ to_int b <> 0 } + (ret (result: t) { to_int result = ED.mod (to_int a) (to_int b) } { result = urem a b }) = any let bw_and (a:t) (b:t) (ret (result :t)) = ret { bw_and a b } @@ -58,7 +56,7 @@ module UInt8 (ret (result: BV256.t) { result = to_BV256 a }) = any let of_bv256 (a:BV256.t) - { [@expl:arithmetic overflow] bv256_to_uint a >= 0 /\ bv256_to_uint a < two_power_size } + { [@expl:arithmetic overflow] bv256_to_int a >= 0 /\ bv256_to_int a < two_power_size } (ret (result: t) { result = of_BV256 a }) = any end @@ -72,37 +70,35 @@ module UInt16 constant max_uint : t = 0xFFFF function to_BV256 (x: t) : BV256.t = toBig x function of_BV256 (x: BV256.t) : t = toSmall x - function bv256_to_uint (x: BV256.t) : int = BV256.t'int x + function bv256_to_int (x: BV256.t) : int = BV256.t'int x constant max_uint_as_BV256 : BV256.t = to_BV256 max_uint - function to_uint(x:t): int = t'int x - - let eq (a: t) (b: t) (ret (result: bool) { result <-> to_uint a = to_uint b } { result <-> a = b }) = any - let ne (a: t) (b: t) (ret (result: bool) { result <-> to_uint a <> to_uint b } { result <-> a <> b }) = any - let le (a: t) (b: t) (ret (result: bool) { result <-> to_uint a <= to_uint b } { result <-> ule a b }) = any - let lt (a: t) (b: t) (ret (result: bool) { result <-> to_uint a < to_uint b } { result <-> ult a b }) = any - let ge (a: t) (b: t) (ret (result: bool) { result <-> to_uint a >= to_uint b } { result <-> uge a b }) = any - let gt (a: t) (b: t) (ret (result: bool) { result <-> to_uint a > to_uint b } { result <-> ugt a b }) = any + let eq (a: t) (b: t) (ret (result: bool) { result <-> to_int a = to_int b } { result <-> a = b }) = any + let ne (a: t) (b: t) (ret (result: bool) { result <-> to_int a <> to_int b } { result <-> a <> b }) = any + let le (a: t) (b: t) (ret (result: bool) { result <-> to_int a <= to_int b } { result <-> ule a b }) = any + let lt (a: t) (b: t) (ret (result: bool) { result <-> to_int a < to_int b } { result <-> ult a b }) = any + let ge (a: t) (b: t) (ret (result: bool) { result <-> to_int a >= to_int b } { result <-> uge a b }) = any + let gt (a: t) (b: t) (ret (result: bool) { result <-> to_int a > to_int b } { result <-> ugt a b }) = any let add (a:t) (b:t) - { [@expl:arithmetic overflow] to_uint a + to_uint b < two_power_size \/ BV256.ule (BV256.add (to_BV256 a) (to_BV256 b)) max_uint_as_BV256 } - (ret (result :t) { to_uint result = to_uint a + to_uint b } { result = add a b }) + { [@expl:arithmetic overflow] to_int a + to_int b < two_power_size \/ BV256.ule (BV256.add (to_BV256 a) (to_BV256 b)) max_uint_as_BV256 } + (ret (result :t) { to_int result = to_int a + to_int b } { result = add a b }) = any let sub (a:t) (b:t) - { [@expl:arithmetic overflow] to_uint a >= to_uint b \/ uge a b } - (ret (result: t) { to_uint result = to_uint a - to_uint b } { result = sub a b }) + { [@expl:arithmetic overflow] to_int a >= to_int b \/ uge a b } + (ret (result: t) { to_int result = to_int a - to_int b } { result = sub a b }) = any let mul (a:t) (b:t) - { [@expl:arithmetic overflow] to_uint a * to_uint b < two_power_size \/ BV256.ule (BV256.mul (to_BV256 a) (to_BV256 b)) max_uint_as_BV256 } - (ret (result: t) { result = mul a b } { to_int result = to_uint a * to_uint b }) + { [@expl:arithmetic overflow] to_int a * to_int b < two_power_size \/ BV256.ule (BV256.mul (to_BV256 a) (to_BV256 b)) max_uint_as_BV256 } + (ret (result: t) { result = mul a b } { to_int result = to_int a * to_int b }) = any let div (a:t) (b:t) - { [@expl:division by zero] b <> zeros \/ to_uint b <> 0 } - (ret (result: t) { to_uint result = ED.div (to_uint a) (to_uint b) } { result = udiv a b }) + { [@expl:division by zero] b <> zeros \/ to_int b <> 0 } + (ret (result: t) { to_int result = ED.div (to_int a) (to_int b) } { result = udiv a b }) = any let rem (a:t) (b:t) - { [@expl:remainder by zero] b <> zeros \/ to_uint b <> 0 } - (ret (result: t) { to_uint result = ED.mod (to_uint a) (to_uint b) } { result = urem a b }) + { [@expl:remainder by zero] b <> zeros \/ to_int b <> 0 } + (ret (result: t) { to_int result = ED.mod (to_int a) (to_int b) } { result = urem a b }) = any let bw_and (a:t) (b:t) (ret (result :t)) = ret { bw_and a b } @@ -122,7 +118,7 @@ module UInt16 (ret (result: BV256.t) { result = to_BV256 a }) = any let of_bv256 (a:BV256.t) - { [@expl:arithmetic overflow] bv256_to_uint a >= 0 /\ bv256_to_uint a < two_power_size } + { [@expl:arithmetic overflow] bv256_to_int a >= 0 /\ bv256_to_int a < two_power_size } (ret (result: t) { result = of_BV256 a }) = any end @@ -136,37 +132,35 @@ module UInt32 constant max_uint : t = 0xFFFFFFFF function to_BV256 (x: t) : BV256.t = toBig x function of_BV256 (x: BV256.t) : t = toSmall x - function bv256_to_uint (x: BV256.t) : int = BV256.t'int x + function bv256_to_int (x: BV256.t) : int = BV256.t'int x constant max_uint_as_BV256 : BV256.t = to_BV256 max_uint - function to_uint(x:t): int = t'int x - - let eq (a: t) (b: t) (ret (result: bool) { result <-> to_uint a = to_uint b } { result <-> a = b }) = any - let ne (a: t) (b: t) (ret (result: bool) { result <-> to_uint a <> to_uint b } { result <-> a <> b }) = any - let le (a: t) (b: t) (ret (result: bool) { result <-> to_uint a <= to_uint b } { result <-> ule a b }) = any - let lt (a: t) (b: t) (ret (result: bool) { result <-> to_uint a < to_uint b } { result <-> ult a b }) = any - let ge (a: t) (b: t) (ret (result: bool) { result <-> to_uint a >= to_uint b } { result <-> uge a b }) = any - let gt (a: t) (b: t) (ret (result: bool) { result <-> to_uint a > to_uint b } { result <-> ugt a b }) = any + let eq (a: t) (b: t) (ret (result: bool) { result <-> to_int a = to_int b } { result <-> a = b }) = any + let ne (a: t) (b: t) (ret (result: bool) { result <-> to_int a <> to_int b } { result <-> a <> b }) = any + let le (a: t) (b: t) (ret (result: bool) { result <-> to_int a <= to_int b } { result <-> ule a b }) = any + let lt (a: t) (b: t) (ret (result: bool) { result <-> to_int a < to_int b } { result <-> ult a b }) = any + let ge (a: t) (b: t) (ret (result: bool) { result <-> to_int a >= to_int b } { result <-> uge a b }) = any + let gt (a: t) (b: t) (ret (result: bool) { result <-> to_int a > to_int b } { result <-> ugt a b }) = any let add (a:t) (b:t) - { [@expl:arithmetic overflow] to_uint a + to_uint b < two_power_size \/ BV256.ule (BV256.add (to_BV256 a) (to_BV256 b)) max_uint_as_BV256 } - (ret (result :t) { to_uint result = to_uint a + to_uint b } { result = add a b }) + { [@expl:arithmetic overflow] to_int a + to_int b < two_power_size \/ BV256.ule (BV256.add (to_BV256 a) (to_BV256 b)) max_uint_as_BV256 } + (ret (result :t) { to_int result = to_int a + to_int b } { result = add a b }) = any let sub (a:t) (b:t) - { [@expl:arithmetic overflow] to_uint a >= to_uint b \/ uge a b } - (ret (result: t) { to_uint result = to_uint a - to_uint b } { result = sub a b }) + { [@expl:arithmetic overflow] to_int a >= to_int b \/ uge a b } + (ret (result: t) { to_int result = to_int a - to_int b } { result = sub a b }) = any let mul (a:t) (b:t) - { [@expl:arithmetic overflow] to_uint a * to_uint b < two_power_size \/ BV256.ule (BV256.mul (to_BV256 a) (to_BV256 b)) max_uint_as_BV256 } - (ret (result: t) { result = mul a b } { to_int result = to_uint a * to_uint b }) + { [@expl:arithmetic overflow] to_int a * to_int b < two_power_size \/ BV256.ule (BV256.mul (to_BV256 a) (to_BV256 b)) max_uint_as_BV256 } + (ret (result: t) { result = mul a b } { to_int result = to_int a * to_int b }) = any let div (a:t) (b:t) - { [@expl:division by zero] b <> zeros \/ to_uint b <> 0 } - (ret (result: t) { to_uint result = ED.div (to_uint a) (to_uint b) } { result = udiv a b }) + { [@expl:division by zero] b <> zeros \/ to_int b <> 0 } + (ret (result: t) { to_int result = ED.div (to_int a) (to_int b) } { result = udiv a b }) = any let rem (a:t) (b:t) - { [@expl:remainder by zero] b <> zeros \/ to_uint b <> 0 } - (ret (result: t) { to_uint result = ED.mod (to_uint a) (to_uint b) } { result = urem a b }) + { [@expl:remainder by zero] b <> zeros \/ to_int b <> 0 } + (ret (result: t) { to_int result = ED.mod (to_int a) (to_int b) } { result = urem a b }) = any let bw_and (a:t) (b:t) (ret (result :t)) = ret { bw_and a b } @@ -186,7 +180,7 @@ module UInt32 (ret (result: BV256.t) { result = to_BV256 a }) = any let of_bv256 (a:BV256.t) - { [@expl:arithmetic overflow] bv256_to_uint a >= 0 /\ bv256_to_uint a < two_power_size } + { [@expl:arithmetic overflow] bv256_to_int a >= 0 /\ bv256_to_int a < two_power_size } (ret (result: t) { result = of_BV256 a }) = any end @@ -200,37 +194,35 @@ module UInt64 constant max_uint : t = 0xFFFFFFFFFFFFFFFF function to_BV256 (x: t) : BV256.t = toBig x function of_BV256 (x: BV256.t) : t = toSmall x - function bv256_to_uint (x: BV256.t) : int = BV256.t'int x + function bv256_to_int (x: BV256.t) : int = BV256.t'int x constant max_uint_as_BV256 : BV256.t = to_BV256 max_uint - function to_uint(x:t): int = t'int x - - let eq (a: t) (b: t) (ret (result: bool) { result <-> to_uint a = to_uint b } { result <-> a = b }) = any - let ne (a: t) (b: t) (ret (result: bool) { result <-> to_uint a <> to_uint b } { result <-> a <> b }) = any - let le (a: t) (b: t) (ret (result: bool) { result <-> to_uint a <= to_uint b } { result <-> ule a b }) = any - let lt (a: t) (b: t) (ret (result: bool) { result <-> to_uint a < to_uint b } { result <-> ult a b }) = any - let ge (a: t) (b: t) (ret (result: bool) { result <-> to_uint a >= to_uint b } { result <-> uge a b }) = any - let gt (a: t) (b: t) (ret (result: bool) { result <-> to_uint a > to_uint b } { result <-> ugt a b }) = any + let eq (a: t) (b: t) (ret (result: bool) { result <-> to_int a = to_int b } { result <-> a = b }) = any + let ne (a: t) (b: t) (ret (result: bool) { result <-> to_int a <> to_int b } { result <-> a <> b }) = any + let le (a: t) (b: t) (ret (result: bool) { result <-> to_int a <= to_int b } { result <-> ule a b }) = any + let lt (a: t) (b: t) (ret (result: bool) { result <-> to_int a < to_int b } { result <-> ult a b }) = any + let ge (a: t) (b: t) (ret (result: bool) { result <-> to_int a >= to_int b } { result <-> uge a b }) = any + let gt (a: t) (b: t) (ret (result: bool) { result <-> to_int a > to_int b } { result <-> ugt a b }) = any let add (a:t) (b:t) - { [@expl:arithmetic overflow] to_uint a + to_uint b < two_power_size \/ BV256.ule (BV256.add (to_BV256 a) (to_BV256 b)) max_uint_as_BV256 } - (ret (result :t) { to_uint result = to_uint a + to_uint b } { result = add a b }) + { [@expl:arithmetic overflow] to_int a + to_int b < two_power_size \/ BV256.ule (BV256.add (to_BV256 a) (to_BV256 b)) max_uint_as_BV256 } + (ret (result :t) { to_int result = to_int a + to_int b } { result = add a b }) = any let sub (a:t) (b:t) - { [@expl:arithmetic overflow] to_uint a >= to_uint b \/ uge a b } - (ret (result: t) { to_uint result = to_uint a - to_uint b } { result = sub a b }) + { [@expl:arithmetic overflow] to_int a >= to_int b \/ uge a b } + (ret (result: t) { to_int result = to_int a - to_int b } { result = sub a b }) = any let mul (a:t) (b:t) - { [@expl:arithmetic overflow] to_uint a * to_uint b < two_power_size \/ BV256.ule (BV256.mul (to_BV256 a) (to_BV256 b)) max_uint_as_BV256 } - (ret (result: t) { result = mul a b } { to_int result = to_uint a * to_uint b }) + { [@expl:arithmetic overflow] to_int a * to_int b < two_power_size \/ BV256.ule (BV256.mul (to_BV256 a) (to_BV256 b)) max_uint_as_BV256 } + (ret (result: t) { result = mul a b } { to_int result = to_int a * to_int b }) = any let div (a:t) (b:t) - { [@expl:division by zero] b <> zeros \/ to_uint b <> 0 } - (ret (result: t) { to_uint result = ED.div (to_uint a) (to_uint b) } { result = udiv a b }) + { [@expl:division by zero] b <> zeros \/ to_int b <> 0 } + (ret (result: t) { to_int result = ED.div (to_int a) (to_int b) } { result = udiv a b }) = any let rem (a:t) (b:t) - { [@expl:remainder by zero] b <> zeros \/ to_uint b <> 0 } - (ret (result: t) { to_uint result = ED.mod (to_uint a) (to_uint b) } { result = urem a b }) + { [@expl:remainder by zero] b <> zeros \/ to_int b <> 0 } + (ret (result: t) { to_int result = ED.mod (to_int a) (to_int b) } { result = urem a b }) = any let bw_and (a:t) (b:t) (ret (result :t)) = ret { bw_and a b } @@ -250,7 +242,7 @@ module UInt64 (ret (result: BV256.t) { result = to_BV256 a }) = any let of_bv256 (a:BV256.t) - { [@expl:arithmetic overflow] bv256_to_uint a >= 0 /\ bv256_to_uint a < two_power_size } + { [@expl:arithmetic overflow] bv256_to_int a >= 0 /\ bv256_to_int a < two_power_size } (ret (result: t) { result = of_BV256 a }) = any end @@ -264,37 +256,35 @@ module UInt128 constant max_uint : t = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF function to_BV256 (x: t) : BV256.t = toBig x function of_BV256 (x: BV256.t) : t = toSmall x - function bv256_to_uint (x: BV256.t) : int = BV256.t'int x + function bv256_to_int (x: BV256.t) : int = BV256.t'int x constant max_uint_as_BV256 : BV256.t = to_BV256 max_uint - function to_uint(x:t): int = t'int x - - let eq (a: t) (b: t) (ret (result: bool) { result <-> to_uint a = to_uint b } { result <-> a = b }) = any - let ne (a: t) (b: t) (ret (result: bool) { result <-> to_uint a <> to_uint b } { result <-> a <> b }) = any - let le (a: t) (b: t) (ret (result: bool) { result <-> to_uint a <= to_uint b } { result <-> ule a b }) = any - let lt (a: t) (b: t) (ret (result: bool) { result <-> to_uint a < to_uint b } { result <-> ult a b }) = any - let ge (a: t) (b: t) (ret (result: bool) { result <-> to_uint a >= to_uint b } { result <-> uge a b }) = any - let gt (a: t) (b: t) (ret (result: bool) { result <-> to_uint a > to_uint b } { result <-> ugt a b }) = any + let eq (a: t) (b: t) (ret (result: bool) { result <-> to_int a = to_int b } { result <-> a = b }) = any + let ne (a: t) (b: t) (ret (result: bool) { result <-> to_int a <> to_int b } { result <-> a <> b }) = any + let le (a: t) (b: t) (ret (result: bool) { result <-> to_int a <= to_int b } { result <-> ule a b }) = any + let lt (a: t) (b: t) (ret (result: bool) { result <-> to_int a < to_int b } { result <-> ult a b }) = any + let ge (a: t) (b: t) (ret (result: bool) { result <-> to_int a >= to_int b } { result <-> uge a b }) = any + let gt (a: t) (b: t) (ret (result: bool) { result <-> to_int a > to_int b } { result <-> ugt a b }) = any let add (a:t) (b:t) - { [@expl:arithmetic overflow] to_uint a + to_uint b < two_power_size \/ BV256.ule (BV256.add (to_BV256 a) (to_BV256 b)) max_uint_as_BV256 } - (ret (result :t) { to_uint result = to_uint a + to_uint b } { result = add a b }) + { [@expl:arithmetic overflow] to_int a + to_int b < two_power_size \/ BV256.ule (BV256.add (to_BV256 a) (to_BV256 b)) max_uint_as_BV256 } + (ret (result :t) { to_int result = to_int a + to_int b } { result = add a b }) = any let sub (a:t) (b:t) - { [@expl:arithmetic overflow] to_uint a >= to_uint b \/ uge a b } - (ret (result: t) { to_uint result = to_uint a - to_uint b } { result = sub a b }) + { [@expl:arithmetic overflow] to_int a >= to_int b \/ uge a b } + (ret (result: t) { to_int result = to_int a - to_int b } { result = sub a b }) = any let mul (a:t) (b:t) - { [@expl:arithmetic overflow] to_uint a * to_uint b < two_power_size \/ BV256.ule (BV256.mul (to_BV256 a) (to_BV256 b)) max_uint_as_BV256 } - (ret (result: t) { result = mul a b } { to_int result = to_uint a * to_uint b }) + { [@expl:arithmetic overflow] to_int a * to_int b < two_power_size \/ BV256.ule (BV256.mul (to_BV256 a) (to_BV256 b)) max_uint_as_BV256 } + (ret (result: t) { result = mul a b } { to_int result = to_int a * to_int b }) = any let div (a:t) (b:t) - { [@expl:division by zero] b <> zeros \/ to_uint b <> 0 } - (ret (result: t) { to_uint result = ED.div (to_uint a) (to_uint b) } { result = udiv a b }) + { [@expl:division by zero] b <> zeros \/ to_int b <> 0 } + (ret (result: t) { to_int result = ED.div (to_int a) (to_int b) } { result = udiv a b }) = any let rem (a:t) (b:t) - { [@expl:remainder by zero] b <> zeros \/ to_uint b <> 0 } - (ret (result: t) { to_uint result = ED.mod (to_uint a) (to_uint b) } { result = urem a b }) + { [@expl:remainder by zero] b <> zeros \/ to_int b <> 0 } + (ret (result: t) { to_int result = ED.mod (to_int a) (to_int b) } { result = urem a b }) = any let bw_and (a:t) (b:t) (ret (result :t)) = ret { bw_and a b } @@ -314,7 +304,7 @@ module UInt128 (ret (result: BV256.t) { result = to_BV256 a }) = any let of_bv256 (a:BV256.t) - { [@expl:arithmetic overflow] bv256_to_uint a >= 0 /\ bv256_to_uint a < two_power_size } + { [@expl:arithmetic overflow] bv256_to_int a >= 0 /\ bv256_to_int a < two_power_size } (ret (result: t) { result = of_BV256 a }) = any end @@ -328,7 +318,6 @@ module Int8 constant min_sint : t = 0x80 constant max_sint : t = 0x7F - (*constant two_power_size_minus_one : int = 0x80 *) constant minus_one : t = 0xFF function to_BV256 (x: t) : BV256.t = stoBig x @@ -337,8 +326,6 @@ module Int8 constant min_sint_as_BV256 : BV256.t = to_BV256 min_sint constant max_sint_as_BV256 : BV256.t = to_BV256 max_sint - function to_uint(x:t): int = t'int x - let eq (a: t) (b: t) (ret (result: bool) { result <-> to_int a = to_int b } { result <-> a = b }) = any let ne (a: t) (b: t) (ret (result: bool) { result <-> to_int a <> to_int b } { result <-> a <> b }) = any let le (a: t) (b: t) (ret (result: bool) { result <-> to_int a <= to_int b } { result <-> sle a b }) = any @@ -401,7 +388,6 @@ module Int16 constant min_sint : t = 0x8000 constant max_sint : t = 0x7FFF - (*constant two_power_size_minus_one : int = 0x8000*) constant minus_one : t = 0xFFFF function to_BV256 (x: t) : BV256.t = stoBig x @@ -410,8 +396,6 @@ module Int16 constant min_sint_as_BV256 : BV256.t = to_BV256 min_sint constant max_sint_as_BV256 : BV256.t = to_BV256 max_sint - function to_uint(x:t): int = t'int x - let eq (a: t) (b: t) (ret (result: bool) { result <-> to_int a = to_int b } { result <-> a = b }) = any let ne (a: t) (b: t) (ret (result: bool) { result <-> to_int a <> to_int b } { result <-> a <> b }) = any let le (a: t) (b: t) (ret (result: bool) { result <-> to_int a <= to_int b } { result <-> sle a b }) = any @@ -474,7 +458,6 @@ module Int32 constant min_sint : t = 0x80000000 constant max_sint : t = 0x7FFFFFFF - (*constant two_power_size_minus_one : int = 0x80000000*) constant minus_one : t = 0xFFFFFFFF function to_BV256 (x: t) : BV256.t = stoBig x @@ -483,8 +466,6 @@ module Int32 constant min_sint_as_BV256 : BV256.t = to_BV256 min_sint constant max_sint_as_BV256 : BV256.t = to_BV256 max_sint - function to_uint(x:t): int = t'int x - let eq (a: t) (b: t) (ret (result: bool) { result <-> to_int a = to_int b } { result <-> a = b }) = any let ne (a: t) (b: t) (ret (result: bool) { result <-> to_int a <> to_int b } { result <-> a <> b }) = any let le (a: t) (b: t) (ret (result: bool) { result <-> to_int a <= to_int b } { result <-> sle a b }) = any @@ -547,7 +528,6 @@ module Int64 constant min_sint : t = 0x8000000000000000 constant max_sint : t = 0x7FFFFFFFFFFFFFFF - (*constant two_power_size_minus_one : int = 0x8000000000000000*) constant minus_one : t = 0xFFFFFFFFFFFFFFFF function to_BV256 (x: t) : BV256.t = stoBig x @@ -556,8 +536,6 @@ module Int64 constant min_sint_as_BV256 : BV256.t = to_BV256 min_sint constant max_sint_as_BV256 : BV256.t = to_BV256 max_sint - function to_uint(x:t): int = t'int x - let eq (a: t) (b: t) (ret (result: bool) { result <-> to_int a = to_int b } { result <-> a = b }) = any let ne (a: t) (b: t) (ret (result: bool) { result <-> to_int a <> to_int b } { result <-> a <> b }) = any let le (a: t) (b: t) (ret (result: bool) { result <-> to_int a <= to_int b } { result <-> sle a b }) = any @@ -620,7 +598,6 @@ module Int128 constant min_sint : t = 0x80000000000000000000000000000000 constant max_sint : t = 0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF - (*constant two_power_size_minus_one : int = 0x80000000000000000000000000000000*) constant minus_one : t = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF function to_BV256 (x: t) : BV256.t = stoBig x @@ -629,8 +606,6 @@ module Int128 constant min_sint_as_BV256 : BV256.t = to_BV256 min_sint constant max_sint_as_BV256 : BV256.t = to_BV256 max_sint - function to_uint(x:t): int = t'int x - let eq (a: t) (b: t) (ret (result: bool) { result <-> to_int a = to_int b } { result <-> a = b }) = any let ne (a: t) (b: t) (ret (result: bool) { result <-> to_int a <> to_int b } { result <-> a <> b }) = any let le (a: t) (b: t) (ret (result: bool) { result <-> to_int a <= to_int b } { result <-> sle a b }) = any diff --git a/prelude/prelude.coma b/prelude/prelude.coma index 216eb35630..0189980df6 100644 --- a/prelude/prelude.coma +++ b/prelude/prelude.coma @@ -62,344 +62,6 @@ module Real use real.Real end - -(* Signed Integer *) -(* -module Int8 - use int.Int - - type int8 = < range -0x80 0x7f > - - constant min : int = - 0x80 - constant max : int = 0x7f - - function to_int (x : int8) : int = int8'int x - meta coercion function to_int - meta "model_projection" function to_int - - predicate in_bounds (n:int) = min <= n <= max - - axiom to_int_in_bounds: forall n:int8. in_bounds n - - let of_int (n:int) { [@expl:integer overflow] in_bounds n } - (ret (result : int8) { result = n }) = any - - let add (a:int8) (b:int8) { [@expl:integer overflow] in_bounds (a + b) } (ret (result : int8) { result = a + b }) = any - - let sub (a:int8) (b:int8) { [@expl:integer overflow] in_bounds (a - b) } (ret (result : int8) { result = a - b }) = any - - let mul (a:int8) (b:int8) { [@expl:integer overflow] in_bounds (a * b) } (ret (result : int8) { result = a * b }) = any - - let neg (a:int8) { [@expl:integer overflow] in_bounds (- a) } (ret (result : int8) { result = - a }) = any - - axiom extensionality: forall x y: int8. to_int x = to_int y -> x = y - - let eq (a:int8) (b:int8) (ret (result : bool) { result <-> a = b } { to_int a = to_int b -> result }) = any - - let ne (a:int8) (b:int8) (ret (result : bool) { result <-> a <> b } { to_int a <> to_int b -> result }) = any - - let le (a:int8) (b:int8) (ret (result : bool) { result <-> to_int a <= to_int b }) = any - - let lt (a:int8) (b:int8) (ret (result : bool) { result <-> to_int a < to_int b }) = any - - let ge (a:int8) (b:int8) (ret (result : bool) { result <-> to_int a >= to_int b }) = any - - let gt (a:int8) (b:int8) (ret (result : bool) { result <-> to_int a > to_int b }) = any - - use int.ComputerDivision - - let div (a:int8) (b:int8) - { [@expl:division by zero] b <> 0 } - { [@expl:integer overflow] in_bounds (div a b) } - (ret (result : int8) { result = div a b }) = any - - let rem (a:int8) (b:int8) - { [@expl:division by zero] b <> 0 } - { [@expl:integer overflow] in_bounds (mod a b) } - (ret (result : int8) { result = mod a b }) = any -end - -module Int16 - use export bv.BV16 - use bv.BV128 as BV128 - use bv.BVConverter_16_128 - use bv.Pow2int - use int.Int - use int.ComputerDivision as CD - - constant min_sint : t = 0x8000 - constant max_sint : t = 0x7FFF - constant two_power_size_minus_one : int = 0x8000 - constant minus_one : t = 0xFFFF - - function sto_bv128 (x: t) : BV128.t = stoBig x - constant min_sint_as_bv128 : BV128.t = sto_bv128 min_sint - constant max_sint_as_bv128 : BV128.t = sto_bv128 max_sint - - function to_uint(x:t): int = t'int x - - let eq (a: t) (b: t) (ret (result: bool) { result <-> to_int a = to_int b } { result <-> a = b }) = any - let ne (a: t) (b: t) (ret (result: bool) { result <-> to_int a <> to_int b } { result <-> a <> b }) = any - let le (a: t) (b: t) (ret (result: bool) { result <-> to_int a <= to_int b } { result <-> sle a b }) = any - let lt (a: t) (b: t) (ret (result: bool) { result <-> to_int a < to_int b } { result <-> slt a b }) = any - let ge (a: t) (b: t) (ret (result: bool) { result <-> to_int a >= to_int b } { result <-> sge a b }) = any - let gt (a: t) (b: t) (ret (result: bool) { result <-> to_int a > to_int b } { result <-> sgt a b }) = any - - let add (a:t) (b:t) - { [@expl:arithmetic overflow] - two_power_size_minus_one <= to_int a + to_int b < two_power_size_minus_one \/ let r = BV128.add (sto_bv128 a) (sto_bv128 b) in (BV128.sle min_sint_as_bv128 r /\ BV128.sle r max_sint_as_bv128) } - (ret (result :t) { to_int result = to_int a + to_int b } { result = add a b }) - = any - let sub (a:t) (b:t) - { [@expl:arithmetic overflow] - two_power_size_minus_one <= to_int a - to_int b < two_power_size_minus_one \/ let r = BV128.sub (sto_bv128 a) (sto_bv128 b) in (BV128.sle min_sint_as_bv128 r /\ BV128.sle r max_sint_as_bv128) } - (ret (result: t) { to_int result = to_int a - to_int b } { result = sub a b }) - = any - let mul (a:t) (b:t) - { [@expl:arithmetic overflow] - two_power_size_minus_one <= to_int a * to_int b < two_power_size_minus_one \/ let r = BV128.mul (sto_bv128 a) (sto_bv128 b) in (BV128.sle min_sint_as_bv128 r /\ BV128.sle r max_sint_as_bv128) } - (ret (result: t) { to_int result = to_int a * to_int b } { result = mul a b }) - = any - let div (a:t) (b:t) - { [@expl:division by zero] b <> zeros \/ to_int b <> 0 } - { [@expl:signed division overflow check] (a <> min_sint \/ b <> minus_one) \/ (to_int a <> to_int min_sint \/ to_int b <> -1) } - (ret (result: t) { to_int result = CD.div (to_int a) (to_int b) } { result = sdiv a b }) - = any - let rem (a:t) (b:t) - { [@expl:remainder by zero] b <> zeros \/ to_int b <> 0 } - (ret (result: t) { to_int result = CD.mod (to_int a) (to_int b) } { result = srem a b }) - = any - - let bw_and (a:t) (b:t) (ret (result :t)) = ret { bw_and a b } - let bw_or (a:t) (b:t) (ret (result :t)) = ret { bw_or a b } - let bw_xor (a:t) (b:t) (ret (result :t)) = ret { bw_xor a b } - let bw_not (a:t) (ret (result :t)) = ret { bw_not a } - let shl (a:t) (b:t) - { [@expl:out-of-bounds shifting] ult b size_bv \/ to_uint b < size } - { [@expl:out-of-bounds shifting] sle zeros a \/ to_int a >= 0 } - { [@expl:arithmetic overflow] (to_int a) * (pow2 (to_int b)) < two_power_size_minus_one \/ let r = BV128.lsl_bv (sto_bv128 a) (sto_bv128 b) in (BV128.sle min_sint_as_bv128 r /\ BV128.sle r max_sint_as_bv128)} - (ret (result :t) { result = lsl_bv a b } { result = lsl a (to_uint b) }) - = any - let shr (a:t) (b:t) - { [@expl:out-of-bounds shifting] ult b size_bv \/ to_uint b < size } - (ret (result :t) { result = asr_bv a b } { result = asr a (to_uint b) }) - = any -end -module Int32 - use int.Int - - type int32 = < range -0x80000000 0x7fffffff > - - constant min : int = - 0x8000_0000 - constant max : int = 0x7fff_ffff - - function to_int (x : int32) : int = int32'int x - meta coercion function to_int - meta "model_projection" function to_int - - predicate in_bounds (n:int) = min <= n <= max - - axiom to_int_in_bounds: forall n:int32. in_bounds n - - let of_int (n:int) { [@expl:integer overflow] in_bounds n } - (ret (result : int32) { result = n }) = any - - let add (a:int32) (b:int32) { [@expl:integer overflow] in_bounds (a + b) } (ret (result : int32) { result = a + b }) = any - - let sub (a:int32) (b:int32) { [@expl:integer overflow] in_bounds (a - b) } (ret (result : int32) { result = a - b }) = any - - let mul (a:int32) (b:int32) { [@expl:integer overflow] in_bounds (a * b) } (ret (result : int32) { result = a * b }) = any - - let neg (a:int32) { [@expl:integer overflow] in_bounds (- a) } (ret (result : int32) { result = - a }) = any - - axiom extensionality: forall x y: int32. to_int x = to_int y -> x = y - - let eq (a:int32) (b:int32) (ret (result : bool) { result <-> a = b } { to_int a = to_int b -> result }) = any - - let ne (a:int32) (b:int32) (ret (result : bool) { result <-> a <> b } { to_int a <> to_int b -> result }) = any - - let le (a:int32) (b:int32) (ret (result : bool) { result <-> to_int a <= to_int b }) = any - - let lt (a:int32) (b:int32) (ret (result : bool) { result <-> to_int a < to_int b }) = any - - let ge (a:int32) (b:int32) (ret (result : bool) { result <-> to_int a >= to_int b }) = any - - let gt (a:int32) (b:int32) (ret (result : bool) { result <-> to_int a > to_int b }) = any - - use int.ComputerDivision - - let div (a:int32) (b:int32) - { [@expl:division by zero] b <> 0 } - { [@expl:integer overflow] in_bounds (div a b) } - (ret (result : int32) { result = div a b }) = any - - let rem (a:int32) (b:int32) - { [@expl:division by zero] b <> 0 } - { [@expl:integer overflow] in_bounds (mod a b) } - (ret (result : int32) { result = mod a b }) = any -end -module Int64 - use int.Int - - type int64 = < range -0x8000_0000_0000_0000 0x7fff_ffff_ffff_ffff> - - constant min : int = - 0x8000_0000_0000_0000 - constant max : int = 0x7fff_ffff_ffff_ffff - - function to_int (x : int64) : int = int64'int x - meta coercion function to_int - meta "model_projection" function to_int - - predicate in_bounds (n:int) = min <= n <= max - - axiom to_int_in_bounds: forall n: int64. in_bounds n - - let of_int (n:int) { [@expl:integer overflow] in_bounds n } - (ret (result : int64) { result = n }) = any - - let add (a:int64) (b:int64) { [@expl:integer overflow] in_bounds (a + b) } (ret (result : int64) { result = a + b }) = any - - let sub (a:int64) (b:int64) { [@expl:integer overflow] in_bounds (a - b) } (ret (result : int64) { result = a - b }) = any - - let mul (a:int64) (b:int64) { [@expl:integer overflow] in_bounds (a * b) } (ret (result : int64) { result = a * b }) = any - - let neg (a:int64) { [@expl:integer overflow] in_bounds (- a) } (ret (result : int64) { result = - a }) = any - - axiom extensionality: forall x y :int64. to_int x = to_int y -> x = y - - let eq (a:int64) (b:int64) (ret (result : bool) { result <-> a = b } { to_int a = to_int b -> result }) = any - - let ne (a:int64) (b:int64) (ret (result : bool) { result <-> a <> b } { to_int a <> to_int b -> result }) = any - - let le (a:int64) (b:int64) (ret (result : bool) { result <-> to_int a <= to_int b }) = any - - let lt (a:int64) (b:int64) (ret (result : bool) { result <-> to_int a < to_int b }) = any - - let ge (a:int64) (b:int64) (ret (result : bool) { result <-> to_int a >= to_int b }) = any - - let gt (a:int64) (b:int64) (ret (result : bool) { result <-> to_int a > to_int b }) = any - - use int.ComputerDivision - - let div (a:int64) (b:int64) - { [@expl:division by zero] b <> 0 } - { [@expl:integer overflow] in_bounds (div a b) } - (ret (result : int64) { result = div a b }) = any - - let rem (a:int64) (b:int64) - { [@expl:division by zero] b <> 0 } - { [@expl:integer overflow] in_bounds (mod a b) } - (ret (result : int64) { result = mod a b }) = any -end -module Int128 - use int.Int - - type int128 = < range -0x8000_0000_0000_0000_0000_0000_0000_0000 0x7fff_ffff_ffff_ffff_ffff_ffff_ffff_ffff > - - constant min : int = - 0x8000_0000_0000_0000_0000_0000_0000_0000 - constant max : int = 0x7fff_ffff_ffff_ffff_ffff_ffff_ffff_ffff - - function to_int (x : int128) : int = int128'int x - meta coercion function to_int - meta "model_projection" function to_int - - predicate in_bounds (n:int) = min <= n <= max - - axiom to_int_in_bounds: forall n:int128. in_bounds n - - let of_int (n:int) { [@expl:integer overflow] in_bounds n } - (ret (result : int128) { result = n }) = any - - let add (a:int128) (b:int128) { [@expl:integer overflow] in_bounds (a + b) } (ret (result : int128) { result = a + b }) = any - - let sub (a:int128) (b:int128) { [@expl:integer overflow] in_bounds (a - b) } (ret (result : int128) { result = a - b }) = any - - let mul (a:int128) (b:int128) { [@expl:integer overflow] in_bounds (a * b) } (ret (result : int128) { result = a * b }) = any - - let neg (a:int128) { [@expl:integer overflow] in_bounds (- a) } (ret (result : int128) { result = - a }) = any - - axiom extensionality: forall x y: int128. to_int x = to_int y -> x = y - - let eq (a:int128) (b:int128) (ret (result : bool) { result <-> a = b } { to_int a = to_int b -> result }) = any - - let ne (a:int128) (b:int128) (ret (result : bool) { result <-> a <> b } { to_int a <> to_int b -> result }) = any - - let le (a:int128) (b:int128) (ret (result : bool) { result <-> to_int a <= to_int b }) = any - - let lt (a:int128) (b:int128) (ret (result : bool) { result <-> to_int a < to_int b }) = any - - let ge (a:int128) (b:int128) (ret (result : bool) { result <-> to_int a >= to_int b }) = any - - let gt (a:int128) (b:int128) (ret (result : bool) { result <-> to_int a > to_int b }) = any - - use int.ComputerDivision - - let div (a:int128) (b:int128) - { [@expl:division by zero] b <> 0 } - { [@expl:integer overflow] in_bounds (div a b) } - (ret (result : int128) { result = div a b }) = any - - let rem (a:int128) (b:int128) - { [@expl:division by zero] b <> 0 } - { [@expl:integer overflow] in_bounds (mod a b) } - (ret (result : int128) { result = mod a b }) = any -end - -*) - -(* -module IntSize - use int.Int - - type isize = < range -0x8000_0000_0000_0000 0x7fff_ffff_ffff_ffff> - - constant min : int = - 0x8000_0000_0000_0000 - constant max : int = 0x7fff_ffff_ffff_ffff - - function to_int (x : isize) : int = isize'int x - meta coercion function to_int - meta "model_projection" function to_int - - predicate in_bounds (n:int) = min <= n <= max - - axiom to_int_in_bounds: forall n:isize. in_bounds n - - let of_int (n:int) { [@expl:integer overflow] in_bounds n } - (ret (result :isize) { result = n }) = any - - let add (a:isize) (b:isize) { [@expl:integer overflow] in_bounds (a + b) } (ret (result :isize) { result = a + b }) = any - - let sub (a:isize) (b:isize) { [@expl:integer overflow] in_bounds (a - b) } (ret (result :isize) { result = a - b }) = any - - let mul (a:isize) (b:isize) { [@expl:integer overflow] in_bounds (a * b) } (ret (result :isize) { result = a * b }) = any - - let neg (a:isize) { [@expl:integer overflow] in_bounds (- a) } (ret (result :isize) { result = - a }) = any - - axiom extensionality: forall x y: isize. to_int x = to_int y -> x = y - - let eq (a:isize) (b:isize) (ret (result : bool) { result <-> a = b } { to_int a = to_int b -> result }) = any - - let ne (a:isize) (b:isize) (ret (result : bool) { result <-> a <> b } { to_int a <> to_int b -> result }) = any - - let le (a:isize) (b:isize) (ret (result : bool) { result <-> to_int a <= to_int b }) = any - - let lt (a:isize) (b:isize) (ret (result : bool) { result <-> to_int a < to_int b }) = any - - let ge (a:isize) (b:isize) (ret (result : bool) { result <-> to_int a >= to_int b }) = any - - let gt (a:isize) (b:isize) (ret (result : bool) { result <-> to_int a > to_int b }) = any - - use int.ComputerDivision - - let div (a:isize) (b:isize) - { [@expl:division by zero] b <> 0 } - { [@expl:integer overflow] in_bounds (div a b) } - (ret (result :isize) { result = div a b }) = any - - let rem (a:isize) (b:isize) - { [@expl:division by zero] b <> 0 } - { [@expl:integer overflow] in_bounds (mod a b) } - (ret (result :isize) { result = mod a b }) = any -end -*) - (* Int *) module UInt8 use export prelude.int.UInt8 @@ -416,7 +78,6 @@ end module UInt128 use export prelude.int.UInt128 end - module Int8 use export prelude.int.Int8 end @@ -433,118 +94,6 @@ module Int128 use export prelude.int.Int128 end - -(* -module UInt128 - use int.Int - - type uint128 = < range -0x0 0xffff_ffff_ffff_ffff_ffff_ffff_ffff_ffff > - - constant min : int = - 0x0 - constant max : int = 0xffff_ffff_ffff_ffff_ffff_ffff_ffff_ffff - - function to_int (x : uint128) : int = uint128'int x - meta coercion function to_int - meta "model_projection" function to_int - - predicate in_bounds (n:int) = min <= n <= max - - axiom to_int_in_bounds: forall n:uint128. in_bounds n - - let of_int (n:int) { [@expl:integer overflow] in_bounds n } - (ret (result : uint128) { result = n }) = any - - let add (a:uint128) (b:uint128) { [@expl:integer overflow] in_bounds (a + b) } (ret (result : uint128) { result = a + b }) = any - - let sub (a:uint128) (b:uint128) { [@expl:integer overflow] in_bounds (a - b) } (ret (result : uint128) { result = a - b }) = any - - let mul (a:uint128) (b:uint128) { [@expl:integer overflow] in_bounds (a * b) } (ret (result : uint128) { result = a * b }) = any - - let neg (a:uint128) { [@expl:integer overflow] in_bounds (- a) } (ret (result :uint128) { result = - a }) = any - - axiom extensionality: forall x y: uint128. to_int x = to_int y -> x = y - - let eq (a:uint128) (b:uint128) (ret (result : bool) { result <-> a = b } { to_int a = to_int b -> result }) = any - - let ne (a:uint128) (b:uint128) (ret (result : bool) { result <-> a <> b } { to_int a <> to_int b -> result }) = any - - let le (a:uint128) (b:uint128) (ret (result : bool) { result <-> to_int a <= to_int b }) = any - - let lt (a:uint128) (b:uint128) (ret (result : bool) { result <-> to_int a < to_int b }) = any - - let ge (a:uint128) (b:uint128) (ret (result : bool) { result <-> to_int a >= to_int b }) = any - - let gt (a:uint128) (b:uint128) (ret (result : bool) { result <-> to_int a > to_int b }) = any - - use int.ComputerDivision - - let div (a:uint128) (b:uint128) - { [@expl:division by zero] b <> 0 } - { [@expl:integer overflow] in_bounds (div a b) } - (ret (result :uint128) { result = div a b }) = any - - let rem (a:uint128) (b:uint128) - { [@expl:division by zero] b <> 0 } - { [@expl:integer overflow] in_bounds (mod a b) } - (ret (result :uint128) { result = mod a b }) = any -end -*) - -(* -module UIntSize - use int.Int - - type usize = < range -0x0 0xffff_ffff_ffff_ffff > - - constant min : int = - 0x0 - constant max : int = 0xffff_ffff_ffff_ffff - - function to_int (x : usize) : int = usize'int x - meta coercion function to_int - meta "model_projection" function to_int - - predicate in_bounds (n:int) = min <= n <= max - - axiom to_int_in_bounds: forall n:usize. in_bounds n - - let of_int (n:int) { [@expl:integer overflow] in_bounds n } - (ret (result : usize ) { result = n }) = any - - let add (a:usize) (b:usize) { [@expl:integer overflow] in_bounds (a + b) } (ret (result : usize) { result = a + b }) = any - - let sub (a:usize) (b:usize) { [@expl:integer overflow] in_bounds (a - b) } (ret (result : usize) { result = a - b }) = any - - let mul (a:usize) (b:usize) { [@expl:integer overflow] in_bounds (a * b) } (ret (result : usize) { result = a * b }) = any - - let neg (a:usize) { [@expl:integer overflow] in_bounds (- a) } (ret (result : usize) { result = - a }) = any - - axiom extensionality: forall x y: usize. to_int x = to_int y -> x = y - - let eq (a:usize) (b:usize) (ret (result : bool) { result <-> a = b } { to_int a = to_int b -> result }) = any - - let ne (a:usize) (b:usize) (ret (result : bool) { result <-> a <> b } { to_int a <> to_int b -> result }) = any - - let le (a:usize) (b:usize) (ret (result : bool) { result <-> to_int a <= to_int b }) = any - - let lt (a:usize) (b:usize) (ret (result : bool) { result <-> to_int a < to_int b }) = any - - let ge (a:usize) (b:usize) (ret (result : bool) { result <-> to_int a >= to_int b }) = any - - let gt (a:usize) (b:usize) (ret (result : bool) { result <-> to_int a > to_int b }) = any - - use int.ComputerDivision - - let div (a:usize) (b:usize) - { [@expl:division by zero] b <> 0 } - { [@expl:integer overflow] in_bounds (div a b) } - (ret (result : usize) { result = div a b }) = any - - let rem (a:usize) (b:usize) - { [@expl:division by zero] b <> 0 } - { [@expl:integer overflow] in_bounds (mod a b) } - (ret (result : usize) { result = mod a b }) = any -end -*) (* Floats *) module Float32 use export prelude.float.Float32 @@ -593,95 +142,36 @@ module Slice64 type slice 'a = { elts : seq 'a } - invariant { Seq.length elts <= UInt64.to_uint UInt64.max_uint } + invariant { Seq.length elts <= UInt64.to_int UInt64.max_uint } axiom slice_ext : forall x y: slice 'a. x.elts = y.elts -> x = y type array 'a = slice 'a function length (s : slice 'a) : UInt64.t - axiom spec : forall s : slice 'a . (UInt64.to_uint (length s)) = Seq.length s.elts - - - let get < 'a > (s : slice 'a) (ix : UInt64.t) (ret (res : 'a)) = - { UInt64.to_uint ix < Seq.length s.elts } - ret {Seq.get s.elts (to_int ix)} - - - let set < 'a > (s : slice 'a) (ix : UInt64.t) (v : 'a) - { 0 <= UInt64.to_uint ix < Seq.length s.elts } - (ret (result : slice 'a) - { Seq.length result.elts = Seq.length s.elts } - { result.elts[UInt64.to_uint ix] = v } - { forall j. 0 <= j < Seq.length s.elts /\ j <> UInt64.to_uint ix -> result.elts[j] = s.elts[j] } - ) = any + axiom spec : forall s : slice 'a . (UInt64.to_int (length s)) = Seq.length s.elts - let create < 'a > (len : UInt64.t) (f : int -> 'a) - { 0 <= UInt64.to_uint len } - (ret (result : slice 'a ) - { Seq.length result.elts = UInt64.to_uint len } - { forall i . 0 <= i < UInt64.to_uint len -> result.elts[i] = f i } - ) = any - - function id (s : slice 'a) : seq 'a = s.elts -end - -(* -module Slice - use seq.Seq - use UInt64 - use int.Int - - type slice 'a = - { elts : seq 'a } - invariant { Seq.length elts <= UInt64.to_uint UInt64.max_uint } - axiom slice_ext : - forall x y: slice 'a. x.elts = y.elts -> x = y - - type array 'a = slice 'a - - function length (s : slice 'a) : UInt64.t - axiom spec : forall s : slice 'a . (UInt64.to_uint (length s)) = Seq.length s.elts - (* - : usize = of_int (Seq.length s.elts) - *) - let get < 'a > (s : slice 'a) (ix : UInt64.t) (ret (res : 'a)) = - { UInt64.to_uint ix < Seq.length s.elts } + { UInt64.to_int ix < Seq.length s.elts } ret {Seq.get s.elts (to_int ix)} let set < 'a > (s : slice 'a) (ix : UInt64.t) (v : 'a) - { 0 <= UInt64.to_uint ix < Seq.length s.elts } + { 0 <= UInt64.to_int ix < Seq.length s.elts } (ret (result : slice 'a) { Seq.length result.elts = Seq.length s.elts } - { result.elts[UInt64.to_uint ix] = v } - { forall j. 0 <= j < Seq.length s.elts /\ j <> UInt64.to_uint ix -> result.elts[j] = s.elts[j] } + { result.elts[UInt64.to_int ix] = v } + { forall j. 0 <= j < Seq.length s.elts /\ j <> UInt64.to_int ix -> result.elts[j] = s.elts[j] } ) = any let create < 'a > (len : UInt64.t) (f : int -> 'a) - { 0 <= UInt64.to_uint len } + { 0 <= UInt64.to_int len } (ret (result : slice 'a ) - { Seq.length result.elts = UInt64.to_uint len } - { forall i . 0 <= i < UInt64.to_uint len -> result.elts[i] = f i } + { Seq.length result.elts = UInt64.to_int len } + { forall i . 0 <= i < UInt64.to_int len -> result.elts[i] = f i } ) = any - - (* - let function get < 'a > (s : slice 'a) (ix : UInt64.t) : 'a = - requires { ix < Seq.length s.elts } - Seq.get s.elts (to_int ix) - - let set (s : slice 'a) (ix : UInt64.t) (v : 'a) : slice 'a = - requires { 0 <= ix < Seq.length s.elts } - ensures { Seq.length result.elts = Seq.length s.elts } - ensures { result.elts[ix] = v } - ensures { forall j. 0 <= j < Seq.length s.elts /\ j <> ix -> result.elts[j] = s.elts[j] } - { elts = Seq.set s.elts (to_int ix) v } - *) function id (s : slice 'a) : seq 'a = s.elts end - -*)