From 677c50dbc3227e3c35776eb75fca98c63f144be1 Mon Sep 17 00:00:00 2001 From: Li-yao Xia Date: Wed, 11 Dec 2024 00:38:54 +0100 Subject: [PATCH] Add Iterator impls for [T;N] and &mut I --- creusot-contracts/src/std/array.rs | 58 +- creusot-contracts/src/std/iter.rs | 28 +- creusot-contracts/src/std/iter/enumerate.rs | 2 +- creusot-contracts/src/std/iter/zip.rs | 4 +- .../creusot-contracts/creusot-contracts.coma | 13518 ++++++++-------- .../creusot-contracts/why3session.xml | 48 + .../creusot-contracts/why3shapes.gz | Bin 23384 -> 24505 bytes .../diagnostics/view_unimplemented.stderr | 4 +- .../should_succeed/bug/final_borrows.coma | 2 +- creusot/tests/should_succeed/cc/array.coma | 532 + creusot/tests/should_succeed/cc/array.rs | 12 + .../should_succeed/cc/array/why3session.xml | 14 + .../should_succeed/cc/array/why3shapes.gz | Bin 0 -> 645 bytes creusot/tests/should_succeed/cc/iter.coma | 335 + creusot/tests/should_succeed/cc/iter.rs | 8 + .../should_succeed/cc/iter/why3session.xml | 14 + .../should_succeed/cc/iter/why3shapes.gz | Bin 0 -> 517 bytes .../iterators/03_std_iterators.coma | 4 +- 18 files changed, 7992 insertions(+), 6591 deletions(-) create mode 100644 creusot/tests/should_succeed/cc/array.coma create mode 100644 creusot/tests/should_succeed/cc/array.rs create mode 100644 creusot/tests/should_succeed/cc/array/why3session.xml create mode 100644 creusot/tests/should_succeed/cc/array/why3shapes.gz create mode 100644 creusot/tests/should_succeed/cc/iter.coma create mode 100644 creusot/tests/should_succeed/cc/iter.rs create mode 100644 creusot/tests/should_succeed/cc/iter/why3session.xml create mode 100644 creusot/tests/should_succeed/cc/iter/why3shapes.gz diff --git a/creusot-contracts/src/std/array.rs b/creusot-contracts/src/std/array.rs index 09d78167d..a86ac7510 100644 --- a/creusot-contracts/src/std/array.rs +++ b/creusot-contracts/src/std/array.rs @@ -1,4 +1,9 @@ -use crate::{invariant::*, *}; +use crate::{ + invariant::*, + std::iter::{IntoIterator, Iterator}, + *, +}; +use ::std::array::*; impl Invariant for [T; N] { #[predicate(prophetic)] @@ -37,3 +42,54 @@ impl DeepModel for [T; N] { dead } } + +impl View for IntoIter { + type ViewTy = Seq; + + #[logic] + #[trusted] + #[open] + fn view(self) -> Self::ViewTy { + dead + } +} + +impl Iterator for IntoIter { + #[open] + #[predicate(prophetic)] + fn produces(self, visited: Seq, o: Self) -> bool { + pearlite! { self@ == visited.concat(o@) } + } + + #[open] + #[predicate(prophetic)] + fn completed(&mut self) -> bool { + pearlite! { self.resolve() && self@ == Seq::EMPTY } + } + + #[law] + #[open] + #[ensures(self.produces(Seq::EMPTY, self))] + fn produces_refl(self) {} + + #[law] + #[open] + #[requires(a.produces(ab, b))] + #[requires(b.produces(bc, c))] + #[ensures(a.produces(ab.concat(bc), c))] + fn produces_trans(a: Self, ab: Seq, b: Self, bc: Seq, c: Self) {} +} + +impl IntoIterator for [T; N] { + #[predicate] + #[open] + fn into_iter_pre(self) -> bool { + pearlite! { true } + } + + #[predicate(prophetic)] + #[open] + fn into_iter_post(self, res: Self::IntoIter) -> bool { + pearlite! { self@ == res@ } + } +} diff --git a/creusot-contracts/src/std/iter.rs b/creusot-contracts/src/std/iter.rs index 3c1388236..be4286824 100644 --- a/creusot-contracts/src/std/iter.rs +++ b/creusot-contracts/src/std/iter.rs @@ -147,7 +147,7 @@ extern_spec! { #[pure] // These two requirements are here only to prove the absence of overflows - #[requires(forall i.completed() ==> i.produces(Seq::EMPTY, ^i))] + #[requires(forall (*i).completed() ==> (*i).produces(Seq::EMPTY, ^i))] #[requires(forall, i: Self_> self.produces(s, i) ==> s.len() < std::usize::MAX@)] #[ensures(result.iter() == self && result.n() == 0)] fn enumerate(self) -> Enumerate; @@ -203,3 +203,29 @@ extern_spec! { } } } + +impl Iterator for &mut I { + #[open] + #[predicate(prophetic)] + fn produces(self, visited: Seq, o: Self) -> bool { + pearlite! { (*self).produces(visited, *o) && ^self == ^o } + } + + #[open] + #[predicate(prophetic)] + fn completed(&mut self) -> bool { + pearlite! { (*self).completed() && ^*self == ^^self } + } + + #[law] + #[open] + #[ensures(self.produces(Seq::EMPTY, self))] + fn produces_refl(self) {} + + #[law] + #[open] + #[requires(a.produces(ab, b))] + #[requires(b.produces(bc, c))] + #[ensures(a.produces(ab.concat(bc), c))] + fn produces_trans(a: Self, ab: Seq, b: Self, bc: Seq, c: Self) {} +} diff --git a/creusot-contracts/src/std/iter/enumerate.rs b/creusot-contracts/src/std/iter/enumerate.rs index dad51bd34..bfd25a458 100644 --- a/creusot-contracts/src/std/iter/enumerate.rs +++ b/creusot-contracts/src/std/iter/enumerate.rs @@ -46,7 +46,7 @@ impl Invariant for Enumerate { #![trigger self.iter().produces(s, i)] self.iter().produces(s, i) ==> self.n() + s.len() < std::usize::MAX@) - && (forall i.completed() ==> i.produces(Seq::EMPTY, ^i)) + && (forall (*i).completed() ==> (*i).produces(Seq::EMPTY, ^i)) } } } diff --git a/creusot-contracts/src/std/iter/zip.rs b/creusot-contracts/src/std/iter/zip.rs index cd9b1400f..4ec427232 100644 --- a/creusot-contracts/src/std/iter/zip.rs +++ b/creusot-contracts/src/std/iter/zip.rs @@ -33,8 +33,8 @@ impl Iterator for Zip { *a == (*self).itera() && *b == (*self).iterb() && ^a == (^self).itera() && ^b == (^self).iterb() && (a.completed() && resolve(&b) - || exists inv(x) && a.produces(Seq::singleton(x), ^a) && - resolve(&x) && b.completed()) + || exists inv(x) && (*a).produces(Seq::singleton(x), ^a) && + resolve(&x) && (*b).completed()) } } diff --git a/creusot/tests/creusot-contracts/creusot-contracts.coma b/creusot/tests/creusot-contracts/creusot-contracts.coma index 73be482c3..0c2ae723a 100644 --- a/creusot/tests/creusot-contracts/creusot-contracts.coma +++ b/creusot/tests/creusot-contracts/creusot-contracts.coma @@ -1,3 +1,97 @@ +module M_creusot_contracts__stdqy35z1__array__qyi15505960269205342033__produces_refl [#"../../../creusot-contracts/src/std/array.rs" 73 4 73 26] (* as std::iter::Iterator> *) + let%span sarray0 = "../../../creusot-contracts/src/std/array.rs" 72 14 72 45 + let%span sarray1 = "../../../creusot-contracts/src/std/array.rs" 70 4 70 10 + let%span sarray2 = "../../../creusot-contracts/src/std/array.rs" 61 20 61 47 + + use seq.Seq + + type t_T'0 + + use seq.Seq + + use prelude.prelude.Slice + + type t_ManuallyDrop'0 = + { t_ManuallyDrop__value'0: t_T'0 } + + type t_MaybeUninit'0 = + { t_MaybeUninit__uninit'0: (); t_MaybeUninit__value'0: t_ManuallyDrop'0 } + + use prelude.prelude.UIntSize + + type t_IndexRange'0 = + { t_IndexRange__start'0: usize; t_IndexRange__end'0: usize } + + type t_IntoIter'0 = + { t_IntoIter__data'0: array (t_MaybeUninit'0); t_IntoIter__alive'0: t_IndexRange'0 } + + function view'0 [#"../../../creusot-contracts/src/std/array.rs" 52 4 52 33] (self : t_IntoIter'0) : Seq.seq t_T'0 + + use seq.Seq + + predicate produces'0 [#"../../../creusot-contracts/src/std/array.rs" 60 4 60 64] (self : t_IntoIter'0) (visited : Seq.seq t_T'0) (o : t_IntoIter'0) + + = + [%#sarray2] view'0 self = Seq.(++) visited (view'0 o) + + constant self : t_IntoIter'0 + + function produces_refl'0 [#"../../../creusot-contracts/src/std/array.rs" 73 4 73 26] (self : t_IntoIter'0) : () + + goal vc_produces_refl'0 : [%#sarray0] produces'0 self (Seq.empty : Seq.seq t_T'0) self +end +module M_creusot_contracts__stdqy35z1__array__qyi15505960269205342033__produces_trans [#"../../../creusot-contracts/src/std/array.rs" 80 4 80 90] (* as std::iter::Iterator> *) + let%span sarray0 = "../../../creusot-contracts/src/std/array.rs" 77 15 77 32 + let%span sarray1 = "../../../creusot-contracts/src/std/array.rs" 78 15 78 32 + let%span sarray2 = "../../../creusot-contracts/src/std/array.rs" 79 14 79 42 + let%span sarray3 = "../../../creusot-contracts/src/std/array.rs" 75 4 75 10 + let%span sarray4 = "../../../creusot-contracts/src/std/array.rs" 61 20 61 47 + + use prelude.prelude.Slice + + type t_T'0 + + type t_ManuallyDrop'0 = + { t_ManuallyDrop__value'0: t_T'0 } + + type t_MaybeUninit'0 = + { t_MaybeUninit__uninit'0: (); t_MaybeUninit__value'0: t_ManuallyDrop'0 } + + use prelude.prelude.UIntSize + + type t_IndexRange'0 = + { t_IndexRange__start'0: usize; t_IndexRange__end'0: usize } + + type t_IntoIter'0 = + { t_IntoIter__data'0: array (t_MaybeUninit'0); t_IntoIter__alive'0: t_IndexRange'0 } + + use seq.Seq + + function view'0 [#"../../../creusot-contracts/src/std/array.rs" 52 4 52 33] (self : t_IntoIter'0) : Seq.seq t_T'0 + + use seq.Seq + + predicate produces'0 [#"../../../creusot-contracts/src/std/array.rs" 60 4 60 64] (self : t_IntoIter'0) (visited : Seq.seq t_T'0) (o : t_IntoIter'0) + + = + [%#sarray4] view'0 self = Seq.(++) visited (view'0 o) + + constant a : t_IntoIter'0 + + constant ab : Seq.seq t_T'0 + + constant b : t_IntoIter'0 + + constant bc : Seq.seq t_T'0 + + constant c : t_IntoIter'0 + + function produces_trans'0 [#"../../../creusot-contracts/src/std/array.rs" 80 4 80 90] (a : t_IntoIter'0) (ab : Seq.seq t_T'0) (b : t_IntoIter'0) (bc : Seq.seq t_T'0) (c : t_IntoIter'0) : () + + + goal vc_produces_trans'0 : ([%#sarray1] produces'0 b bc c) + -> ([%#sarray0] produces'0 a ab b) -> ([%#sarray2] produces'0 a (Seq.(++) ab bc) c) +end module M_creusot_contracts__stdqy35z1__cmp__qyi16241606109483467814__cmp_le_log [#"../../../creusot-contracts/src/std/cmp.rs" 88 4 88 35] (* as logic::ord::OrdLogic> *) let%span scmp0 = "../../../creusot-contracts/src/std/cmp.rs" 87 14 87 64 let%span scmp1 = "../../../creusot-contracts/src/std/cmp.rs" 85 4 85 10 @@ -1494,7 +1588,7 @@ module M_creusot_contracts__stdqy35z1__iter__enumerate__qyi2718914205750388896__ let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 - let%span senumerate8 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 45 12 49 79 + let%span senumerate8 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 45 12 49 85 use seq.Seq @@ -1595,7 +1689,7 @@ module M_creusot_contracts__stdqy35z1__iter__enumerate__qyi2718914205750388896__ let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 let%span siter8 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 let%span siter9 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 - let%span senumerate10 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 45 12 49 79 + let%span senumerate10 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 45 12 49 85 type t_I'0 @@ -4672,6 +4766,108 @@ module M_creusot_contracts__stdqy35z1__iter__zip__qyi2281060687216883844__produc goal vc_produces_trans'0 : ([%#szip1] produces'0 b bc c) -> ([%#szip0] produces'0 a ab b) -> ([%#szip2] produces'0 a (Seq.(++) ab bc) c) end +module M_creusot_contracts__stdqy35z1__iter__qyi8355237225316942617__produces_refl [#"../../../creusot-contracts/src/std/iter.rs" 223 4 223 26] (* <&mut I as std::iter::Iterator> *) + let%span siter0 = "../../../creusot-contracts/src/std/iter.rs" 222 14 222 45 + let%span siter1 = "../../../creusot-contracts/src/std/iter.rs" 220 4 220 10 + let%span siter2 = "../../../creusot-contracts/src/std/iter.rs" 211 20 211 64 + let%span siter3 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 + let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 + let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 + let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 + + use seq.Seq + + type t_Item'0 + + use seq.Seq + + use prelude.prelude.Borrow + + type t_I'0 + + use seq.Seq + + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) + + + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + + + axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter4] produces'1 a ab b) + -> ([%#siter5] produces'1 b bc c) -> ([%#siter6] produces'1 a (Seq.(++) ab bc) c) + + function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () + + axiom produces_refl'1_spec : forall self : t_I'0 . [%#siter3] produces'1 self (Seq.empty : Seq.seq t_Item'0) self + + predicate produces'0 [#"../../../creusot-contracts/src/std/iter.rs" 210 4 210 64] (self : borrowed t_I'0) (visited : Seq.seq t_Item'0) (o : borrowed t_I'0) + + = + [%#siter2] produces'1 self.current visited o.current /\ self.final = o.final + + constant self : borrowed t_I'0 + + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 223 4 223 26] (self : borrowed t_I'0) : () + + goal vc_produces_refl'0 : [%#siter0] produces'0 self (Seq.empty : Seq.seq t_Item'0) self +end +module M_creusot_contracts__stdqy35z1__iter__qyi8355237225316942617__produces_trans [#"../../../creusot-contracts/src/std/iter.rs" 230 4 230 90] (* <&mut I as std::iter::Iterator> *) + let%span siter0 = "../../../creusot-contracts/src/std/iter.rs" 227 15 227 32 + let%span siter1 = "../../../creusot-contracts/src/std/iter.rs" 228 15 228 32 + let%span siter2 = "../../../creusot-contracts/src/std/iter.rs" 229 14 229 42 + let%span siter3 = "../../../creusot-contracts/src/std/iter.rs" 225 4 225 10 + let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 211 20 211 64 + let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 + let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 + let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 + let%span siter8 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 + + use prelude.prelude.Borrow + + type t_I'0 + + type t_Item'0 + + use seq.Seq + + use seq.Seq + + use seq.Seq + + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) + + + function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + + + axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter6] produces'1 a ab b) + -> ([%#siter7] produces'1 b bc c) -> ([%#siter8] produces'1 a (Seq.(++) ab bc) c) + + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () + + axiom produces_refl'0_spec : forall self : t_I'0 . [%#siter5] produces'1 self (Seq.empty : Seq.seq t_Item'0) self + + predicate produces'0 [#"../../../creusot-contracts/src/std/iter.rs" 210 4 210 64] (self : borrowed t_I'0) (visited : Seq.seq t_Item'0) (o : borrowed t_I'0) + + = + [%#siter4] produces'1 self.current visited o.current /\ self.final = o.final + + constant a : borrowed t_I'0 + + constant ab : Seq.seq t_Item'0 + + constant b : borrowed t_I'0 + + constant bc : Seq.seq t_Item'0 + + constant c : borrowed t_I'0 + + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 230 4 230 90] (a : borrowed t_I'0) (ab : Seq.seq t_Item'0) (b : borrowed t_I'0) (bc : Seq.seq t_Item'0) (c : borrowed t_I'0) : () + + + goal vc_produces_trans'0 : ([%#siter1] produces'0 b bc c) + -> ([%#siter0] produces'0 a ab b) -> ([%#siter2] produces'0 a (Seq.(++) ab bc) c) +end module M_creusot_contracts__stdqy35z1__option__extern_spec_std_option_T_Option_T_unwrap_or_else_body [#"../../../creusot-contracts/src/std/option.rs" 103 16 105 36] let%span soption0 = "../../../creusot-contracts/src/std/option.rs" 31 0 423 1 let%span soption1 = "../../../creusot-contracts/src/std/option.rs" 103 43 103 44 @@ -14158,4577 +14354,3896 @@ module M_creusot_contracts__util__unwrap [#"../../../creusot-contracts/src/util. /\ (([%#sutil3] false) -> ([%#sutil1] C_Some'0 (unreachable'0 ()) = op)) end end -module M_creusot_contracts__stdqy35z1__cmp__qyi16241606109483467814__cmp_lt_log__refines [#"../../../creusot-contracts/src/std/cmp.rs" 93 4 93 35] (* as logic::ord::OrdLogic> *) - let%span scmp0 = "../../../creusot-contracts/src/std/cmp.rs" 93 4 93 35 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 36 20 36 53 - let%span scmp2 = "../../../creusot-contracts/src/std/cmp.rs" 78 8 82 9 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 - let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 - let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 - let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 - let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 - let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 - let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 - let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 - let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 - let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 - let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 - let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 +module M_creusot_contracts__stdqy35z1__array__qyi15505960269205342033__produces_refl__refines [#"../../../creusot-contracts/src/std/array.rs" 73 4 73 26] (* as std::iter::Iterator> *) + let%span sarray0 = "../../../creusot-contracts/src/std/array.rs" 73 4 73 26 + let%span sarray1 = "../../../creusot-contracts/src/std/array.rs" 61 20 61 47 + + use prelude.prelude.Slice type t_T'0 - type t_Reverse'0 = - { t_Reverse__0'0: t_T'0 } + type t_ManuallyDrop'0 = + { t_ManuallyDrop__value'0: t_T'0 } - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + type t_MaybeUninit'0 = + { t_MaybeUninit__uninit'0: (); t_MaybeUninit__value'0: t_ManuallyDrop'0 } - function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_T'0) (other : t_T'0) : t_Ordering'0 - + use prelude.prelude.UIntSize - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_T'0) (y : t_T'0) : () + type t_IndexRange'0 = + { t_IndexRange__start'0: usize; t_IndexRange__end'0: usize } - axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord15] (x = y) = (cmp_log'1 x y = C_Equal'0) + type t_IntoIter'0 = + { t_IntoIter__data'0: array (t_MaybeUninit'0); t_IntoIter__alive'0: t_IndexRange'0 } - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_T'0) (y : t_T'0) : () + use seq.Seq - axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord13] cmp_log'1 x y = C_Greater'0) - -> ([%#sord14] cmp_log'1 y x = C_Less'0) + use seq.Seq - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_T'0) (y : t_T'0) : () + function view'0 [#"../../../creusot-contracts/src/std/array.rs" 52 4 52 33] (self : t_IntoIter'0) : Seq.seq t_T'0 - axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord11] cmp_log'1 x y = C_Less'0) - -> ([%#sord12] cmp_log'1 y x = C_Greater'0) + use seq.Seq - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () + predicate produces'0 [#"../../../creusot-contracts/src/std/array.rs" 60 4 60 64] (self : t_IntoIter'0) (visited : Seq.seq t_T'0) (o : t_IntoIter'0) + = + [%#sarray1] view'0 self = Seq.(++) visited (view'0 o) - axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord8] cmp_log'1 x y = o) - -> ([%#sord9] cmp_log'1 y z = o) -> ([%#sord10] cmp_log'1 x z = o) - - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_T'0) : () - - axiom refl'0_spec : forall x : t_T'0 . [%#sord7] cmp_log'1 x x = C_Equal'0 - - function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_T'0) (o : t_T'0) : bool - - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_T'0) (y : t_T'0) : () - - axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord6] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) + goal refines : [%#sarray0] forall self : t_IntoIter'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_T'0) self + -> produces'0 self (Seq.empty : Seq.seq t_T'0) self +end +module M_creusot_contracts__stdqy35z1__array__qyi15505960269205342033__produces_trans__refines [#"../../../creusot-contracts/src/std/array.rs" 80 4 80 90] (* as std::iter::Iterator> *) + let%span sarray0 = "../../../creusot-contracts/src/std/array.rs" 80 4 80 90 + let%span sarray1 = "../../../creusot-contracts/src/std/array.rs" 61 20 61 47 - function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_T'0) (o : t_T'0) : bool + use prelude.prelude.Slice - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_T'0) (y : t_T'0) : () + type t_T'0 - axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) + type t_ManuallyDrop'0 = + { t_ManuallyDrop__value'0: t_T'0 } - function lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_T'0) (o : t_T'0) : bool + type t_MaybeUninit'0 = + { t_MaybeUninit__uninit'0: (); t_MaybeUninit__value'0: t_ManuallyDrop'0 } - function cmp_lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_T'0) (y : t_T'0) : () + use prelude.prelude.UIntSize - axiom cmp_lt_log'1_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] lt_log'1 x y = (cmp_log'1 x y = C_Less'0) + type t_IndexRange'0 = + { t_IndexRange__start'0: usize; t_IndexRange__end'0: usize } - function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_T'0) (o : t_T'0) : bool + type t_IntoIter'0 = + { t_IntoIter__data'0: array (t_MaybeUninit'0); t_IntoIter__alive'0: t_IndexRange'0 } - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_T'0) (y : t_T'0) : () + use seq.Seq - axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord3] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) + function view'0 [#"../../../creusot-contracts/src/std/array.rs" 52 4 52 33] (self : t_IntoIter'0) : Seq.seq t_T'0 - function cmp_log'0 [#"../../../creusot-contracts/src/std/cmp.rs" 77 4 77 41] (self : t_Reverse'0) (o : t_Reverse'0) : t_Ordering'0 - - = - [%#scmp2] match cmp_log'1 self.t_Reverse__0'0 o.t_Reverse__0'0 with - | C_Equal'0 -> C_Equal'0 - | C_Less'0 -> C_Greater'0 - | C_Greater'0 -> C_Less'0 - end + use seq.Seq - function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_Reverse'0) (o : t_Reverse'0) : bool + predicate produces'0 [#"../../../creusot-contracts/src/std/array.rs" 60 4 60 64] (self : t_IntoIter'0) (visited : Seq.seq t_T'0) (o : t_IntoIter'0) = - [%#sord1] cmp_log'0 self o = C_Less'0 + [%#sarray1] view'0 self = Seq.(++) visited (view'0 o) - goal refines : [%#scmp0] forall x : t_Reverse'0 . forall y : t_Reverse'0 . forall result : () . lt_log'0 x y - = (cmp_log'0 x y = C_Less'0) -> lt_log'0 x y = (cmp_log'0 x y = C_Less'0) + goal refines : [%#sarray0] forall a : t_IntoIter'0 . forall ab : Seq.seq t_T'0 . forall b : t_IntoIter'0 . forall bc : Seq.seq t_T'0 . forall c : t_IntoIter'0 . produces'0 b bc c + /\ produces'0 a ab b + -> produces'0 b bc c + /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) end -module M_creusot_contracts__stdqy35z1__cmp__qyi16241606109483467814__antisym1__refines [#"../../../creusot-contracts/src/std/cmp.rs" 121 4 121 33] (* as logic::ord::OrdLogic> *) - let%span scmp0 = "../../../creusot-contracts/src/std/cmp.rs" 121 4 121 33 - let%span scmp1 = "../../../creusot-contracts/src/std/cmp.rs" 78 8 82 9 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 - let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 - let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 - let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 - let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 - let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 - let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 - let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 - let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 - let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 - let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 - - type t_T'0 +module M_creusot_contracts__stdqy35z1__deque__qyi3159098507555769709__produces_refl__refines [#"../../../creusot-contracts/src/std/deque.rs" 178 4 178 26] (* as std::iter::Iterator> *) + let%span sdeque0 = "../../../creusot-contracts/src/std/deque.rs" 178 4 178 26 + let%span sdeque1 = "../../../creusot-contracts/src/std/deque.rs" 171 12 171 66 + let%span sslice2 = "../../../creusot-contracts/src/std/slice.rs" 96 14 96 41 + let%span sslice3 = "../../../creusot-contracts/src/std/slice.rs" 97 14 97 80 + let%span smodel4 = "../../../creusot-contracts/src/model.rs" 92 8 92 22 + let%span sindex5 = "../../../creusot-contracts/src/logic/ops/index.rs" 49 8 49 31 + let%span sslice6 = "../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 + let%span sslice7 = "../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 - type t_Reverse'0 = - { t_Reverse__0'0: t_T'0 } + use prelude.prelude.Opaque - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + type t_NonNull'0 = + { t_NonNull__pointer'0: opaque_ptr } - function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_T'0) (other : t_T'0) : t_Ordering'0 - + type t_Iter'1 = + { t_Iter__ptr'0: t_NonNull'0; t_Iter__end_or_len'0: opaque_ptr; t_Iter__qy95zmarker'0: () } - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_T'0) (y : t_T'0) : () + type t_Iter'0 = + { t_Iter__i1'0: t_Iter'1; t_Iter__i2'0: t_Iter'1 } - axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord14] (x = y) = (cmp_log'1 x y = C_Equal'0) + use seq.Seq - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_T'0) (y : t_T'0) : () + use prelude.prelude.Borrow - axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord12] cmp_log'1 x y = C_Greater'0) - -> ([%#sord13] cmp_log'1 y x = C_Less'0) + type t_T'0 - function antisym1'1 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_T'0) (y : t_T'0) : () + use seq.Seq - axiom antisym1'1_spec : forall x : t_T'0, y : t_T'0 . ([%#sord10] cmp_log'1 x y = C_Less'0) - -> ([%#sord11] cmp_log'1 y x = C_Greater'0) + use prelude.prelude.Slice - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () - + function view'0 [#"../../../creusot-contracts/src/std/deque.rs" 155 4 155 33] (self : t_Iter'0) : slice t_T'0 - axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord7] cmp_log'1 x y = o) - -> ([%#sord8] cmp_log'1 y z = o) -> ([%#sord9] cmp_log'1 x z = o) + use seq.Seq - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_T'0) : () + use seq.Seq - axiom refl'0_spec : forall x : t_T'0 . [%#sord6] cmp_log'1 x x = C_Equal'0 + use seq.Seq - function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_T'0) (o : t_T'0) : bool + use prelude.prelude.UIntSize - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_T'0) (y : t_T'0) : () + constant v_MAX'0 : usize = (18446744073709551615 : usize) - axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) + use prelude.prelude.UIntSize - function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_T'0) (o : t_T'0) : bool + use prelude.prelude.Int - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_T'0) (y : t_T'0) : () + use prelude.prelude.Slice - axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) + function view'2 [#"../../../creusot-contracts/src/std/slice.rs" 30 4 30 33] (self : slice t_T'0) : Seq.seq t_T'0 - function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_T'0) (o : t_T'0) : bool + axiom view'2_spec : forall self : slice t_T'0 . ([%#sslice6] Seq.length (view'2 self) + <= UIntSize.to_int (v_MAX'0 : usize)) + && ([%#sslice7] view'2 self = Slice.id self) - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_T'0) (y : t_T'0) : () + function view'1 [#"../../../creusot-contracts/src/model.rs" 91 4 91 33] (self : slice t_T'0) : Seq.seq t_T'0 = + [%#smodel4] view'2 self - axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord3] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) + use seq.Seq - function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_T'0) (o : t_T'0) : bool + use seq.Seq - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_T'0) (y : t_T'0) : () + function index_logic'0 [@inline:trivial] [#"../../../creusot-contracts/src/logic/ops/index.rs" 48 4 48 47] (self : slice t_T'0) (ix : int) : t_T'0 + + = + [%#sindex5] Seq.get (view'2 self) ix - axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord2] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) + function to_ref_seq'0 [#"../../../creusot-contracts/src/std/slice.rs" 98 4 98 35] (self : slice t_T'0) : Seq.seq t_T'0 - function cmp_log'0 [#"../../../creusot-contracts/src/std/cmp.rs" 77 4 77 41] (self : t_Reverse'0) (o : t_Reverse'0) : t_Ordering'0 + axiom to_ref_seq'0_spec : forall self : slice t_T'0 . ([%#sslice2] Seq.length (to_ref_seq'0 self) + = Seq.length (view'1 self)) + && ([%#sslice3] forall i : int . 0 <= i /\ i < Seq.length (to_ref_seq'0 self) + -> Seq.get (to_ref_seq'0 self) i = index_logic'0 self i) + + use seq.Seq + + predicate produces'0 [#"../../../creusot-contracts/src/std/deque.rs" 169 4 169 65] (self : t_Iter'0) (visited : Seq.seq t_T'0) (tl : t_Iter'0) = - [%#scmp1] match cmp_log'1 self.t_Reverse__0'0 o.t_Reverse__0'0 with - | C_Equal'0 -> C_Equal'0 - | C_Less'0 -> C_Greater'0 - | C_Greater'0 -> C_Less'0 - end + [%#sdeque1] to_ref_seq'0 (view'0 self) = Seq.(++) visited (to_ref_seq'0 (view'0 tl)) - goal refines : [%#scmp0] forall x : t_Reverse'0 . forall y : t_Reverse'0 . cmp_log'0 x y = C_Less'0 - -> cmp_log'0 x y = C_Less'0 /\ (forall result : () . cmp_log'0 y x = C_Greater'0 -> cmp_log'0 y x = C_Greater'0) + goal refines : [%#sdeque0] forall self : t_Iter'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_T'0) self + -> produces'0 self (Seq.empty : Seq.seq t_T'0) self end -module M_creusot_contracts__stdqy35z1__cmp__qyi16241606109483467814__eq_cmp__refines [#"../../../creusot-contracts/src/std/cmp.rs" 132 4 132 31] (* as logic::ord::OrdLogic> *) - let%span scmp0 = "../../../creusot-contracts/src/std/cmp.rs" 132 4 132 31 - let%span scmp1 = "../../../creusot-contracts/src/std/cmp.rs" 78 8 82 9 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 - let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 - let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 - let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 - let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 - let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 - let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 - let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 - let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 - let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 - let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 +module M_creusot_contracts__stdqy35z1__deque__qyi3159098507555769709__produces_trans__refines [#"../../../creusot-contracts/src/std/deque.rs" 185 4 185 90] (* as std::iter::Iterator> *) + let%span sdeque0 = "../../../creusot-contracts/src/std/deque.rs" 185 4 185 90 + let%span sdeque1 = "../../../creusot-contracts/src/std/deque.rs" 171 12 171 66 + let%span sslice2 = "../../../creusot-contracts/src/std/slice.rs" 96 14 96 41 + let%span sslice3 = "../../../creusot-contracts/src/std/slice.rs" 97 14 97 80 + let%span smodel4 = "../../../creusot-contracts/src/model.rs" 92 8 92 22 + let%span sindex5 = "../../../creusot-contracts/src/logic/ops/index.rs" 49 8 49 31 + let%span sslice6 = "../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 + let%span sslice7 = "../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 - type t_T'0 + use prelude.prelude.Opaque - type t_Reverse'0 = - { t_Reverse__0'0: t_T'0 } + type t_NonNull'0 = + { t_NonNull__pointer'0: opaque_ptr } - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + type t_Iter'1 = + { t_Iter__ptr'0: t_NonNull'0; t_Iter__end_or_len'0: opaque_ptr; t_Iter__qy95zmarker'0: () } - function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_T'0) (other : t_T'0) : t_Ordering'0 - + type t_Iter'0 = + { t_Iter__i1'0: t_Iter'1; t_Iter__i2'0: t_Iter'1 } - function eq_cmp'1 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_T'0) (y : t_T'0) : () + use prelude.prelude.Borrow - axiom eq_cmp'1_spec : forall x : t_T'0, y : t_T'0 . [%#sord14] (x = y) = (cmp_log'1 x y = C_Equal'0) + type t_T'0 - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_T'0) (y : t_T'0) : () + use seq.Seq - axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord12] cmp_log'1 x y = C_Greater'0) - -> ([%#sord13] cmp_log'1 y x = C_Less'0) + use prelude.prelude.Slice - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_T'0) (y : t_T'0) : () + function view'0 [#"../../../creusot-contracts/src/std/deque.rs" 155 4 155 33] (self : t_Iter'0) : slice t_T'0 - axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord10] cmp_log'1 x y = C_Less'0) - -> ([%#sord11] cmp_log'1 y x = C_Greater'0) + use seq.Seq - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () - + use seq.Seq - axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord7] cmp_log'1 x y = o) - -> ([%#sord8] cmp_log'1 y z = o) -> ([%#sord9] cmp_log'1 x z = o) + use seq.Seq - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_T'0) : () + use prelude.prelude.UIntSize - axiom refl'0_spec : forall x : t_T'0 . [%#sord6] cmp_log'1 x x = C_Equal'0 + constant v_MAX'0 : usize = (18446744073709551615 : usize) - function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_T'0) (o : t_T'0) : bool + use prelude.prelude.UIntSize - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_T'0) (y : t_T'0) : () + use prelude.prelude.Int - axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) + use prelude.prelude.Slice - function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_T'0) (o : t_T'0) : bool + function view'2 [#"../../../creusot-contracts/src/std/slice.rs" 30 4 30 33] (self : slice t_T'0) : Seq.seq t_T'0 - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_T'0) (y : t_T'0) : () + axiom view'2_spec : forall self : slice t_T'0 . ([%#sslice6] Seq.length (view'2 self) + <= UIntSize.to_int (v_MAX'0 : usize)) + && ([%#sslice7] view'2 self = Slice.id self) - axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) + function view'1 [#"../../../creusot-contracts/src/model.rs" 91 4 91 33] (self : slice t_T'0) : Seq.seq t_T'0 = + [%#smodel4] view'2 self - function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_T'0) (o : t_T'0) : bool + use seq.Seq - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_T'0) (y : t_T'0) : () + use seq.Seq - axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord3] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) + function index_logic'0 [@inline:trivial] [#"../../../creusot-contracts/src/logic/ops/index.rs" 48 4 48 47] (self : slice t_T'0) (ix : int) : t_T'0 + + = + [%#sindex5] Seq.get (view'2 self) ix - function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_T'0) (o : t_T'0) : bool + function to_ref_seq'0 [#"../../../creusot-contracts/src/std/slice.rs" 98 4 98 35] (self : slice t_T'0) : Seq.seq t_T'0 - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_T'0) (y : t_T'0) : () + axiom to_ref_seq'0_spec : forall self : slice t_T'0 . ([%#sslice2] Seq.length (to_ref_seq'0 self) + = Seq.length (view'1 self)) + && ([%#sslice3] forall i : int . 0 <= i /\ i < Seq.length (to_ref_seq'0 self) + -> Seq.get (to_ref_seq'0 self) i = index_logic'0 self i) - axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord2] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/std/cmp.rs" 77 4 77 41] (self : t_Reverse'0) (o : t_Reverse'0) : t_Ordering'0 + predicate produces'0 [#"../../../creusot-contracts/src/std/deque.rs" 169 4 169 65] (self : t_Iter'0) (visited : Seq.seq t_T'0) (tl : t_Iter'0) = - [%#scmp1] match cmp_log'1 self.t_Reverse__0'0 o.t_Reverse__0'0 with - | C_Equal'0 -> C_Equal'0 - | C_Less'0 -> C_Greater'0 - | C_Greater'0 -> C_Less'0 - end + [%#sdeque1] to_ref_seq'0 (view'0 self) = Seq.(++) visited (to_ref_seq'0 (view'0 tl)) - goal refines : [%#scmp0] forall x : t_Reverse'0 . forall y : t_Reverse'0 . forall result : () . (x = y) - = (cmp_log'0 x y = C_Equal'0) -> (x = y) = (cmp_log'0 x y = C_Equal'0) + goal refines : [%#sdeque0] forall a : t_Iter'0 . forall ab : Seq.seq t_T'0 . forall b : t_Iter'0 . forall bc : Seq.seq t_T'0 . forall c : t_Iter'0 . produces'0 b bc c + /\ produces'0 a ab b + -> produces'0 b bc c + /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) end -module M_creusot_contracts__stdqy35z1__cmp__qyi16241606109483467814__refl__refines [#"../../../creusot-contracts/src/std/cmp.rs" 108 4 108 20] (* as logic::ord::OrdLogic> *) - let%span scmp0 = "../../../creusot-contracts/src/std/cmp.rs" 108 4 108 20 - let%span scmp1 = "../../../creusot-contracts/src/std/cmp.rs" 78 8 82 9 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 - let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 - let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 - let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 - let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 - let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 - let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 - let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 - let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 - let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 - let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 +module M_creusot_contracts__stdqy35z1__iter__cloned__qyi10472681371035856984__produces_trans__refines [#"../../../creusot-contracts/src/std/iter/cloned.rs" 65 4 65 90] (* as std::iter::Iterator> *) + let%span scloned0 = "../../../creusot-contracts/src/std/iter/cloned.rs" 65 4 65 90 + let%span scloned1 = "../../../creusot-contracts/src/std/iter/cloned.rs" 48 12 51 79 + let%span scloned2 = "../../../creusot-contracts/src/std/iter/cloned.rs" 11 14 11 39 + let%span siter3 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 + let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 + let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 + let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 + + type t_I'0 + + type t_Cloned'0 = + { t_Cloned__it'0: t_I'0 } type t_T'0 - type t_Reverse'0 = - { t_Reverse__0'0: t_T'0 } + use seq.Seq - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use prelude.prelude.Borrow - function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_T'0) (other : t_T'0) : t_Ordering'0 - + use seq.Seq - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_T'0) (y : t_T'0) : () + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) - axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord14] (x = y) = (cmp_log'1 x y = C_Equal'0) + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Cloned'0) - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_T'0) (y : t_T'0) : () + axiom inv_axiom'0 [@rewrite] : forall x : t_Cloned'0 [inv'0 x] . inv'0 x + = match x with + | {t_Cloned__it'0 = it} -> inv'1 it + end - axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord12] cmp_log'1 x y = C_Greater'0) - -> ([%#sord13] cmp_log'1 y x = C_Less'0) + function iter'0 [#"../../../creusot-contracts/src/std/iter/cloned.rs" 12 4 12 22] (self : t_Cloned'0) : t_I'0 - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_T'0) (y : t_T'0) : () + axiom iter'0_spec : forall self : t_Cloned'0 . [%#scloned2] inv'0 self -> inv'1 (iter'0 self) - axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord10] cmp_log'1 x y = C_Less'0) - -> ([%#sord11] cmp_log'1 y x = C_Greater'0) + use seq.Seq - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () - + use seq.Seq - axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord7] cmp_log'1 x y = o) - -> ([%#sord8] cmp_log'1 y z = o) -> ([%#sord9] cmp_log'1 x z = o) - - function refl'1 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_T'0) : () - - axiom refl'1_spec : forall x : t_T'0 . [%#sord6] cmp_log'1 x x = C_Equal'0 - - function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_T'0) (o : t_T'0) : bool - - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_T'0) (y : t_T'0) : () - - axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_T'0) (o : t_I'0) + - function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_T'0) (o : t_T'0) : bool + function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_T'0) (b : t_I'0) (bc : Seq.seq t_T'0) (c : t_I'0) : () + - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_T'0) (y : t_T'0) : () + axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_T'0, b : t_I'0, bc : Seq.seq t_T'0, c : t_I'0 . ([%#siter4] produces'1 a ab b) + -> ([%#siter5] produces'1 b bc c) -> ([%#siter6] produces'1 a (Seq.(++) ab bc) c) - axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () - function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_T'0) (o : t_T'0) : bool + axiom produces_refl'0_spec : forall self : t_I'0 . [%#siter3] produces'1 self (Seq.empty : Seq.seq t_T'0) self - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_T'0) (y : t_T'0) : () + use seq.Seq - axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord3] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) + use seq.Seq - function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_T'0) (o : t_T'0) : bool + use prelude.prelude.Int - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_T'0) (y : t_T'0) : () + use seq.Seq - axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord2] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/std/cmp.rs" 77 4 77 41] (self : t_Reverse'0) (o : t_Reverse'0) : t_Ordering'0 + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/cloned.rs" 46 4 46 64] (self : t_Cloned'0) (visited : Seq.seq t_T'0) (o : t_Cloned'0) = - [%#scmp1] match cmp_log'1 self.t_Reverse__0'0 o.t_Reverse__0'0 with - | C_Equal'0 -> C_Equal'0 - | C_Less'0 -> C_Greater'0 - | C_Greater'0 -> C_Less'0 - end - - goal refines : [%#scmp0] forall x : t_Reverse'0 . forall result : () . cmp_log'0 x x = C_Equal'0 - -> cmp_log'0 x x = C_Equal'0 -end -module M_creusot_contracts__stdqy35z1__cmp__qyi16241606109483467814__trans__refines [#"../../../creusot-contracts/src/std/cmp.rs" 115 4 115 52] (* as logic::ord::OrdLogic> *) - let%span scmp0 = "../../../creusot-contracts/src/std/cmp.rs" 115 4 115 52 - let%span scmp1 = "../../../creusot-contracts/src/std/cmp.rs" 78 8 82 9 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 - let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 - let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 - let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 - let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 - let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 - let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 - let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 - let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 - let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 - let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 + [%#scloned1] exists s : Seq.seq t_T'0 . produces'1 (iter'0 self) s (iter'0 o) + /\ Seq.length visited = Seq.length s + /\ (forall i : int . 0 <= i /\ i < Seq.length s -> Seq.get visited i = Seq.get s i) - type t_T'0 + use seq.Seq - type t_Reverse'0 = - { t_Reverse__0'0: t_T'0 } + goal refines : [%#scloned0] forall a : t_Cloned'0 . forall ab : Seq.seq t_T'0 . forall b : t_Cloned'0 . forall bc : Seq.seq t_T'0 . forall c : t_Cloned'0 . produces'0 b bc c + /\ produces'0 a ab b + -> produces'0 b bc c + /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) +end +module M_creusot_contracts__stdqy35z1__iter__cloned__qyi10472681371035856984__produces_refl__refines [#"../../../creusot-contracts/src/std/iter/cloned.rs" 58 4 58 26] (* as std::iter::Iterator> *) + let%span scloned0 = "../../../creusot-contracts/src/std/iter/cloned.rs" 58 4 58 26 + let%span scloned1 = "../../../creusot-contracts/src/std/iter/cloned.rs" 48 12 51 79 + let%span scloned2 = "../../../creusot-contracts/src/std/iter/cloned.rs" 11 14 11 39 + let%span siter3 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 + let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 + let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 + let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + type t_I'0 - function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_T'0) (other : t_T'0) : t_Ordering'0 - + type t_Cloned'0 = + { t_Cloned__it'0: t_I'0 } - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_T'0) (y : t_T'0) : () + use seq.Seq - axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord14] (x = y) = (cmp_log'1 x y = C_Equal'0) + type t_T'0 - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_T'0) (y : t_T'0) : () + use seq.Seq - axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord12] cmp_log'1 x y = C_Greater'0) - -> ([%#sord13] cmp_log'1 y x = C_Less'0) + use prelude.prelude.Borrow - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_T'0) (y : t_T'0) : () + use seq.Seq - axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord10] cmp_log'1 x y = C_Less'0) - -> ([%#sord11] cmp_log'1 y x = C_Greater'0) + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) - function trans'1 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () - + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Cloned'0) - axiom trans'1_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord7] cmp_log'1 x y = o) - -> ([%#sord8] cmp_log'1 y z = o) -> ([%#sord9] cmp_log'1 x z = o) + axiom inv_axiom'0 [@rewrite] : forall x : t_Cloned'0 [inv'0 x] . inv'0 x + = match x with + | {t_Cloned__it'0 = it} -> inv'1 it + end - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_T'0) : () + function iter'0 [#"../../../creusot-contracts/src/std/iter/cloned.rs" 12 4 12 22] (self : t_Cloned'0) : t_I'0 - axiom refl'0_spec : forall x : t_T'0 . [%#sord6] cmp_log'1 x x = C_Equal'0 + axiom iter'0_spec : forall self : t_Cloned'0 . [%#scloned2] inv'0 self -> inv'1 (iter'0 self) - function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_T'0) (o : t_T'0) : bool + use seq.Seq - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_T'0) (y : t_T'0) : () + use seq.Seq - axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_T'0) (o : t_I'0) + - function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_T'0) (o : t_T'0) : bool + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_T'0) (b : t_I'0) (bc : Seq.seq t_T'0) (c : t_I'0) : () + - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_T'0) (y : t_T'0) : () + axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_T'0, b : t_I'0, bc : Seq.seq t_T'0, c : t_I'0 . ([%#siter4] produces'1 a ab b) + -> ([%#siter5] produces'1 b bc c) -> ([%#siter6] produces'1 a (Seq.(++) ab bc) c) - axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) + function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () - function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_T'0) (o : t_T'0) : bool + axiom produces_refl'1_spec : forall self : t_I'0 . [%#siter3] produces'1 self (Seq.empty : Seq.seq t_T'0) self - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_T'0) (y : t_T'0) : () + use seq.Seq - axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord3] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) + use seq.Seq - function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_T'0) (o : t_T'0) : bool + use prelude.prelude.Int - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_T'0) (y : t_T'0) : () + use seq.Seq - axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord2] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/std/cmp.rs" 77 4 77 41] (self : t_Reverse'0) (o : t_Reverse'0) : t_Ordering'0 + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/cloned.rs" 46 4 46 64] (self : t_Cloned'0) (visited : Seq.seq t_T'0) (o : t_Cloned'0) = - [%#scmp1] match cmp_log'1 self.t_Reverse__0'0 o.t_Reverse__0'0 with - | C_Equal'0 -> C_Equal'0 - | C_Less'0 -> C_Greater'0 - | C_Greater'0 -> C_Less'0 - end + [%#scloned1] exists s : Seq.seq t_T'0 . produces'1 (iter'0 self) s (iter'0 o) + /\ Seq.length visited = Seq.length s + /\ (forall i : int . 0 <= i /\ i < Seq.length s -> Seq.get visited i = Seq.get s i) - goal refines : [%#scmp0] forall x : t_Reverse'0 . forall y : t_Reverse'0 . forall z : t_Reverse'0 . forall o : t_Ordering'0 . cmp_log'0 y z - = o - /\ cmp_log'0 x y = o - -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) + goal refines : [%#scloned0] forall self : t_Cloned'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_T'0) self + -> produces'0 self (Seq.empty : Seq.seq t_T'0) self end -module M_creusot_contracts__stdqy35z1__cmp__qyi16241606109483467814__antisym2__refines [#"../../../creusot-contracts/src/std/cmp.rs" 127 4 127 33] (* as logic::ord::OrdLogic> *) - let%span scmp0 = "../../../creusot-contracts/src/std/cmp.rs" 127 4 127 33 - let%span scmp1 = "../../../creusot-contracts/src/std/cmp.rs" 78 8 82 9 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 - let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 - let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 - let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 - let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 - let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 - let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 - let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 - let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 - let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 - let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 - - type t_T'0 - - type t_Reverse'0 = - { t_Reverse__0'0: t_T'0 } +module M_creusot_contracts__stdqy35z1__iter__copied__qyi18224474876607687026__produces_refl__refines [#"../../../creusot-contracts/src/std/iter/copied.rs" 58 4 58 26] (* as std::iter::Iterator> *) + let%span scopied0 = "../../../creusot-contracts/src/std/iter/copied.rs" 58 4 58 26 + let%span scopied1 = "../../../creusot-contracts/src/std/iter/copied.rs" 48 12 51 79 + let%span scopied2 = "../../../creusot-contracts/src/std/iter/copied.rs" 11 14 11 39 + let%span siter3 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 + let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 + let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 + let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + type t_I'0 - function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_T'0) (other : t_T'0) : t_Ordering'0 - + type t_Copied'0 = + { t_Copied__it'0: t_I'0 } - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_T'0) (y : t_T'0) : () + use seq.Seq - axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord14] (x = y) = (cmp_log'1 x y = C_Equal'0) + type t_T'0 - function antisym2'1 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_T'0) (y : t_T'0) : () + use seq.Seq - axiom antisym2'1_spec : forall x : t_T'0, y : t_T'0 . ([%#sord12] cmp_log'1 x y = C_Greater'0) - -> ([%#sord13] cmp_log'1 y x = C_Less'0) + use prelude.prelude.Borrow - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_T'0) (y : t_T'0) : () + use seq.Seq - axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord10] cmp_log'1 x y = C_Less'0) - -> ([%#sord11] cmp_log'1 y x = C_Greater'0) + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () - + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Copied'0) - axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord7] cmp_log'1 x y = o) - -> ([%#sord8] cmp_log'1 y z = o) -> ([%#sord9] cmp_log'1 x z = o) + axiom inv_axiom'0 [@rewrite] : forall x : t_Copied'0 [inv'0 x] . inv'0 x + = match x with + | {t_Copied__it'0 = it} -> inv'1 it + end - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_T'0) : () + function iter'0 [#"../../../creusot-contracts/src/std/iter/copied.rs" 12 4 12 22] (self : t_Copied'0) : t_I'0 - axiom refl'0_spec : forall x : t_T'0 . [%#sord6] cmp_log'1 x x = C_Equal'0 + axiom iter'0_spec : forall self : t_Copied'0 . [%#scopied2] inv'0 self -> inv'1 (iter'0 self) - function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_T'0) (o : t_T'0) : bool + use seq.Seq - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_T'0) (y : t_T'0) : () + use seq.Seq - axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_T'0) (o : t_I'0) + - function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_T'0) (o : t_T'0) : bool + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_T'0) (b : t_I'0) (bc : Seq.seq t_T'0) (c : t_I'0) : () + - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_T'0) (y : t_T'0) : () + axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_T'0, b : t_I'0, bc : Seq.seq t_T'0, c : t_I'0 . ([%#siter4] produces'1 a ab b) + -> ([%#siter5] produces'1 b bc c) -> ([%#siter6] produces'1 a (Seq.(++) ab bc) c) - axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) + function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () - function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_T'0) (o : t_T'0) : bool + axiom produces_refl'1_spec : forall self : t_I'0 . [%#siter3] produces'1 self (Seq.empty : Seq.seq t_T'0) self - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_T'0) (y : t_T'0) : () + use seq.Seq - axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord3] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) + use seq.Seq - function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_T'0) (o : t_T'0) : bool + use prelude.prelude.Int - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_T'0) (y : t_T'0) : () + use seq.Seq - axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord2] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/std/cmp.rs" 77 4 77 41] (self : t_Reverse'0) (o : t_Reverse'0) : t_Ordering'0 + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/copied.rs" 46 4 46 64] (self : t_Copied'0) (visited : Seq.seq t_T'0) (o : t_Copied'0) = - [%#scmp1] match cmp_log'1 self.t_Reverse__0'0 o.t_Reverse__0'0 with - | C_Equal'0 -> C_Equal'0 - | C_Less'0 -> C_Greater'0 - | C_Greater'0 -> C_Less'0 - end + [%#scopied1] exists s : Seq.seq t_T'0 . produces'1 (iter'0 self) s (iter'0 o) + /\ Seq.length visited = Seq.length s + /\ (forall i : int . 0 <= i /\ i < Seq.length s -> Seq.get visited i = Seq.get s i) - goal refines : [%#scmp0] forall x : t_Reverse'0 . forall y : t_Reverse'0 . cmp_log'0 x y = C_Greater'0 - -> cmp_log'0 x y = C_Greater'0 /\ (forall result : () . cmp_log'0 y x = C_Less'0 -> cmp_log'0 y x = C_Less'0) + goal refines : [%#scopied0] forall self : t_Copied'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_T'0) self + -> produces'0 self (Seq.empty : Seq.seq t_T'0) self end -module M_creusot_contracts__stdqy35z1__cmp__qyi16241606109483467814__cmp_le_log__refines [#"../../../creusot-contracts/src/std/cmp.rs" 88 4 88 35] (* as logic::ord::OrdLogic> *) - let%span scmp0 = "../../../creusot-contracts/src/std/cmp.rs" 88 4 88 35 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 25 20 25 56 - let%span scmp2 = "../../../creusot-contracts/src/std/cmp.rs" 78 8 82 9 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 - let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 - let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 - let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 - let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 - let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 - let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 - let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 - let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 - let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 - let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 - let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 +module M_creusot_contracts__stdqy35z1__iter__copied__qyi18224474876607687026__produces_trans__refines [#"../../../creusot-contracts/src/std/iter/copied.rs" 65 4 65 90] (* as std::iter::Iterator> *) + let%span scopied0 = "../../../creusot-contracts/src/std/iter/copied.rs" 65 4 65 90 + let%span scopied1 = "../../../creusot-contracts/src/std/iter/copied.rs" 48 12 51 79 + let%span scopied2 = "../../../creusot-contracts/src/std/iter/copied.rs" 11 14 11 39 + let%span siter3 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 + let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 + let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 + let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 + + type t_I'0 + + type t_Copied'0 = + { t_Copied__it'0: t_I'0 } type t_T'0 - type t_Reverse'0 = - { t_Reverse__0'0: t_T'0 } + use seq.Seq - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use prelude.prelude.Borrow - function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_T'0) (other : t_T'0) : t_Ordering'0 - + use seq.Seq - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_T'0) (y : t_T'0) : () + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) - axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord15] (x = y) = (cmp_log'1 x y = C_Equal'0) + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Copied'0) - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_T'0) (y : t_T'0) : () + axiom inv_axiom'0 [@rewrite] : forall x : t_Copied'0 [inv'0 x] . inv'0 x + = match x with + | {t_Copied__it'0 = it} -> inv'1 it + end - axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord13] cmp_log'1 x y = C_Greater'0) - -> ([%#sord14] cmp_log'1 y x = C_Less'0) + function iter'0 [#"../../../creusot-contracts/src/std/iter/copied.rs" 12 4 12 22] (self : t_Copied'0) : t_I'0 - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_T'0) (y : t_T'0) : () + axiom iter'0_spec : forall self : t_Copied'0 . [%#scopied2] inv'0 self -> inv'1 (iter'0 self) - axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord11] cmp_log'1 x y = C_Less'0) - -> ([%#sord12] cmp_log'1 y x = C_Greater'0) + use seq.Seq - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () + use seq.Seq + + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_T'0) (o : t_I'0) - axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord8] cmp_log'1 x y = o) - -> ([%#sord9] cmp_log'1 y z = o) -> ([%#sord10] cmp_log'1 x z = o) + function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_T'0) (b : t_I'0) (bc : Seq.seq t_T'0) (c : t_I'0) : () + - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_T'0) : () + axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_T'0, b : t_I'0, bc : Seq.seq t_T'0, c : t_I'0 . ([%#siter4] produces'1 a ab b) + -> ([%#siter5] produces'1 b bc c) -> ([%#siter6] produces'1 a (Seq.(++) ab bc) c) - axiom refl'0_spec : forall x : t_T'0 . [%#sord7] cmp_log'1 x x = C_Equal'0 + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () - function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_T'0) (o : t_T'0) : bool + axiom produces_refl'0_spec : forall self : t_I'0 . [%#siter3] produces'1 self (Seq.empty : Seq.seq t_T'0) self - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_T'0) (y : t_T'0) : () + use seq.Seq - axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord6] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) + use seq.Seq - function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_T'0) (o : t_T'0) : bool + use prelude.prelude.Int - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_T'0) (y : t_T'0) : () + use seq.Seq - axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) + use seq.Seq - function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_T'0) (o : t_T'0) : bool + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/copied.rs" 46 4 46 64] (self : t_Copied'0) (visited : Seq.seq t_T'0) (o : t_Copied'0) + + = + [%#scopied1] exists s : Seq.seq t_T'0 . produces'1 (iter'0 self) s (iter'0 o) + /\ Seq.length visited = Seq.length s + /\ (forall i : int . 0 <= i /\ i < Seq.length s -> Seq.get visited i = Seq.get s i) - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_T'0) (y : t_T'0) : () + use seq.Seq - axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) + goal refines : [%#scopied0] forall a : t_Copied'0 . forall ab : Seq.seq t_T'0 . forall b : t_Copied'0 . forall bc : Seq.seq t_T'0 . forall c : t_Copied'0 . produces'0 b bc c + /\ produces'0 a ab b + -> produces'0 b bc c + /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) +end +module M_creusot_contracts__stdqy35z1__iter__empty__qyi10605201058978801838__produces_refl__refines [#"../../../creusot-contracts/src/std/iter/empty.rs" 19 4 19 26] (* as std::iter::Iterator> *) + let%span sempty0 = "../../../creusot-contracts/src/std/iter/empty.rs" 19 4 19 26 + let%span sempty1 = "../../../creusot-contracts/src/std/iter/empty.rs" 13 20 13 54 - function le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_T'0) (o : t_T'0) : bool + type t_Empty'0 = + { t_Empty__0'0: () } - function cmp_le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_T'0) (y : t_T'0) : () + use seq.Seq - axiom cmp_le_log'1_spec : forall x : t_T'0, y : t_T'0 . [%#sord3] le_log'1 x y = (cmp_log'1 x y <> C_Greater'0) + type t_T'0 - function cmp_log'0 [#"../../../creusot-contracts/src/std/cmp.rs" 77 4 77 41] (self : t_Reverse'0) (o : t_Reverse'0) : t_Ordering'0 - - = - [%#scmp2] match cmp_log'1 self.t_Reverse__0'0 o.t_Reverse__0'0 with - | C_Equal'0 -> C_Equal'0 - | C_Less'0 -> C_Greater'0 - | C_Greater'0 -> C_Less'0 - end + use seq.Seq - function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_Reverse'0) (o : t_Reverse'0) : bool + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/empty.rs" 12 4 12 64] (self : t_Empty'0) (visited : Seq.seq t_T'0) (o : t_Empty'0) = - [%#sord1] cmp_log'0 self o <> C_Greater'0 + [%#sempty1] visited = (Seq.empty : Seq.seq t_T'0) /\ self = o - goal refines : [%#scmp0] forall x : t_Reverse'0 . forall y : t_Reverse'0 . forall result : () . le_log'0 x y - = (cmp_log'0 x y <> C_Greater'0) -> le_log'0 x y = (cmp_log'0 x y <> C_Greater'0) + goal refines : [%#sempty0] forall self : t_Empty'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_T'0) self + -> produces'0 self (Seq.empty : Seq.seq t_T'0) self end -module M_creusot_contracts__stdqy35z1__cmp__qyi16241606109483467814__cmp_ge_log__refines [#"../../../creusot-contracts/src/std/cmp.rs" 98 4 98 35] (* as logic::ord::OrdLogic> *) - let%span scmp0 = "../../../creusot-contracts/src/std/cmp.rs" 98 4 98 35 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 47 20 47 53 - let%span scmp2 = "../../../creusot-contracts/src/std/cmp.rs" 78 8 82 9 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 - let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 - let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 - let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 - let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 - let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 - let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 - let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 - let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 - let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 - let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 - let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 +module M_creusot_contracts__stdqy35z1__iter__empty__qyi10605201058978801838__produces_trans__refines [#"../../../creusot-contracts/src/std/iter/empty.rs" 26 4 26 90] (* as std::iter::Iterator> *) + let%span sempty0 = "../../../creusot-contracts/src/std/iter/empty.rs" 26 4 26 90 + let%span sempty1 = "../../../creusot-contracts/src/std/iter/empty.rs" 13 20 13 54 + + type t_Empty'0 = + { t_Empty__0'0: () } type t_T'0 - type t_Reverse'0 = - { t_Reverse__0'0: t_T'0 } + use seq.Seq - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use seq.Seq - function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_T'0) (other : t_T'0) : t_Ordering'0 + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/empty.rs" 12 4 12 64] (self : t_Empty'0) (visited : Seq.seq t_T'0) (o : t_Empty'0) + = + [%#sempty1] visited = (Seq.empty : Seq.seq t_T'0) /\ self = o - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_T'0) (y : t_T'0) : () + use seq.Seq - axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord15] (x = y) = (cmp_log'1 x y = C_Equal'0) + goal refines : [%#sempty0] forall a : t_Empty'0 . forall ab : Seq.seq t_T'0 . forall b : t_Empty'0 . forall bc : Seq.seq t_T'0 . forall c : t_Empty'0 . produces'0 b bc c + /\ produces'0 a ab b + -> produces'0 b bc c + /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) +end +module M_creusot_contracts__stdqy35z1__iter__enumerate__qyi2718914205750388896__produces_trans__refines [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 90 4 90 90] (* as std::iter::Iterator> *) + let%span senumerate0 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 90 4 90 90 + let%span senumerate1 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 72 12 76 113 + let%span senumerate2 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 14 14 14 39 + let%span siter3 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 + let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 + let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 + let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 + let%span senumerate7 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 45 12 49 85 - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_T'0) (y : t_T'0) : () + type t_I'0 - axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord13] cmp_log'1 x y = C_Greater'0) - -> ([%#sord14] cmp_log'1 y x = C_Less'0) + use prelude.prelude.UIntSize - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_T'0) (y : t_T'0) : () + type t_Enumerate'0 = + { t_Enumerate__iter'0: t_I'0; t_Enumerate__count'0: usize } - axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord11] cmp_log'1 x y = C_Less'0) - -> ([%#sord12] cmp_log'1 y x = C_Greater'0) + type t_Item'0 - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () - + use seq.Seq - axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord8] cmp_log'1 x y = o) - -> ([%#sord9] cmp_log'1 y z = o) -> ([%#sord10] cmp_log'1 x z = o) + use seq.Seq - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_T'0) : () + use prelude.prelude.Int - axiom refl'0_spec : forall x : t_T'0 . [%#sord7] cmp_log'1 x x = C_Equal'0 + function n'0 [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 21 4 21 21] (self : t_Enumerate'0) : int - function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_T'0) (o : t_T'0) : bool + use seq.Seq - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_T'0) (y : t_T'0) : () + use seq.Seq - axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord6] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) + use seq.Seq - function ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_T'0) (o : t_T'0) : bool + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) + - function cmp_ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_T'0) (y : t_T'0) : () + function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + - axiom cmp_ge_log'1_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] ge_log'1 x y = (cmp_log'1 x y <> C_Less'0) + axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter4] produces'1 a ab b) + -> ([%#siter5] produces'1 b bc c) -> ([%#siter6] produces'1 a (Seq.(++) ab bc) c) - function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_T'0) (o : t_T'0) : bool + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_T'0) (y : t_T'0) : () + axiom produces_refl'0_spec : forall self : t_I'0 . [%#siter3] produces'1 self (Seq.empty : Seq.seq t_Item'0) self - axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) + use seq.Seq - function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_T'0) (o : t_T'0) : bool + constant v_MAX'0 : usize = (18446744073709551615 : usize) - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_T'0) (y : t_T'0) : () + use prelude.prelude.UIntSize - axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord3] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) + use prelude.prelude.Borrow - function cmp_log'0 [#"../../../creusot-contracts/src/std/cmp.rs" 77 4 77 41] (self : t_Reverse'0) (o : t_Reverse'0) : t_Ordering'0 - - = - [%#scmp2] match cmp_log'1 self.t_Reverse__0'0 o.t_Reverse__0'0 with - | C_Equal'0 -> C_Equal'0 - | C_Less'0 -> C_Greater'0 - | C_Greater'0 -> C_Less'0 - end + predicate completed'0 [#"../../../creusot-contracts/src/std/iter.rs" 35 4 35 36] (self : borrowed t_I'0) - function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_Reverse'0) (o : t_Reverse'0) : bool - - = - [%#sord1] cmp_log'0 self o <> C_Less'0 + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) - goal refines : [%#scmp0] forall x : t_Reverse'0 . forall y : t_Reverse'0 . forall result : () . ge_log'0 x y - = (cmp_log'0 x y <> C_Less'0) -> ge_log'0 x y = (cmp_log'0 x y <> C_Less'0) -end -module M_creusot_contracts__stdqy35z1__cmp__qyi16241606109483467814__cmp_gt_log__refines [#"../../../creusot-contracts/src/std/cmp.rs" 103 4 103 35] (* as logic::ord::OrdLogic> *) - let%span scmp0 = "../../../creusot-contracts/src/std/cmp.rs" 103 4 103 35 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 58 20 58 56 - let%span scmp2 = "../../../creusot-contracts/src/std/cmp.rs" 78 8 82 9 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 - let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 - let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 - let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 - let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 - let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 - let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 - let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 - let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 - let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 - let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 - let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Enumerate'0) - type t_T'0 + function iter'0 [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 15 4 15 22] (self : t_Enumerate'0) : t_I'0 - type t_Reverse'0 = - { t_Reverse__0'0: t_T'0 } + axiom iter'0_spec : forall self : t_Enumerate'0 . [%#senumerate2] inv'0 self -> inv'1 (iter'0 self) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + predicate invariant'0 [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 43 4 43 30] (self : t_Enumerate'0) = + [%#senumerate7] (forall s : Seq.seq t_Item'0, i : t_I'0 [produces'1 (iter'0 self) s i] . produces'1 (iter'0 self) s i + -> n'0 self + Seq.length s < UIntSize.to_int v_MAX'0) + /\ (forall i : borrowed t_I'0 . completed'0 i -> produces'1 i.current (Seq.empty : Seq.seq t_Item'0) i.final) - function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_T'0) (other : t_T'0) : t_Ordering'0 - + axiom inv_axiom'0 [@rewrite] : forall x : t_Enumerate'0 [inv'0 x] . inv'0 x + = (invariant'0 x + /\ match x with + | {t_Enumerate__iter'0 = iter ; t_Enumerate__count'0 = count} -> inv'1 iter + end) - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_T'0) (y : t_T'0) : () + use seq.Seq - axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord15] (x = y) = (cmp_log'1 x y = C_Equal'0) + use seq.Seq - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_T'0) (y : t_T'0) : () + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 70 4 70 64] (self : t_Enumerate'0) (visited : Seq.seq (usize, t_Item'0)) (o : t_Enumerate'0) + + = + [%#senumerate1] Seq.length visited = n'0 o - n'0 self + /\ (exists s : Seq.seq t_Item'0 . produces'1 (iter'0 self) s (iter'0 o) + /\ Seq.length visited = Seq.length s + /\ (forall i : int . 0 <= i /\ i < Seq.length s + -> UIntSize.to_int (let (a, _) = Seq.get visited i in a) = n'0 self + i + /\ (let (_, a) = Seq.get visited i in a) = Seq.get s i)) - axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord13] cmp_log'1 x y = C_Greater'0) - -> ([%#sord14] cmp_log'1 y x = C_Less'0) + use seq.Seq - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_T'0) (y : t_T'0) : () + goal refines : [%#senumerate0] forall a : t_Enumerate'0 . forall ab : Seq.seq (usize, t_Item'0) . forall b : t_Enumerate'0 . forall bc : Seq.seq (usize, t_Item'0) . forall c : t_Enumerate'0 . produces'0 b bc c + /\ produces'0 a ab b + -> produces'0 b bc c + /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) +end +module M_creusot_contracts__stdqy35z1__iter__enumerate__qyi2718914205750388896__produces_refl__refines [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 83 4 83 26] (* as std::iter::Iterator> *) + let%span senumerate0 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 83 4 83 26 + let%span senumerate1 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 72 12 76 113 + let%span senumerate2 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 14 14 14 39 + let%span siter3 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 + let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 + let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 + let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 + let%span senumerate7 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 45 12 49 85 - axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord11] cmp_log'1 x y = C_Less'0) - -> ([%#sord12] cmp_log'1 y x = C_Greater'0) + type t_I'0 - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () - + use prelude.prelude.UIntSize - axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord8] cmp_log'1 x y = o) - -> ([%#sord9] cmp_log'1 y z = o) -> ([%#sord10] cmp_log'1 x z = o) + type t_Enumerate'0 = + { t_Enumerate__iter'0: t_I'0; t_Enumerate__count'0: usize } - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_T'0) : () + use seq.Seq - axiom refl'0_spec : forall x : t_T'0 . [%#sord7] cmp_log'1 x x = C_Equal'0 + type t_Item'0 - function gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_T'0) (o : t_T'0) : bool + use seq.Seq - function cmp_gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_T'0) (y : t_T'0) : () + use seq.Seq - axiom cmp_gt_log'1_spec : forall x : t_T'0, y : t_T'0 . [%#sord6] gt_log'1 x y = (cmp_log'1 x y = C_Greater'0) + use prelude.prelude.Int - function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_T'0) (o : t_T'0) : bool + function n'0 [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 21 4 21 21] (self : t_Enumerate'0) : int - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_T'0) (y : t_T'0) : () + use seq.Seq - axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) + use seq.Seq - function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_T'0) (o : t_T'0) : bool + use seq.Seq - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_T'0) (y : t_T'0) : () + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) + - axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + - function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_T'0) (o : t_T'0) : bool + axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter4] produces'1 a ab b) + -> ([%#siter5] produces'1 b bc c) -> ([%#siter6] produces'1 a (Seq.(++) ab bc) c) - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_T'0) (y : t_T'0) : () + function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () - axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord3] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) + axiom produces_refl'1_spec : forall self : t_I'0 . [%#siter3] produces'1 self (Seq.empty : Seq.seq t_Item'0) self - function cmp_log'0 [#"../../../creusot-contracts/src/std/cmp.rs" 77 4 77 41] (self : t_Reverse'0) (o : t_Reverse'0) : t_Ordering'0 - - = - [%#scmp2] match cmp_log'1 self.t_Reverse__0'0 o.t_Reverse__0'0 with - | C_Equal'0 -> C_Equal'0 - | C_Less'0 -> C_Greater'0 - | C_Greater'0 -> C_Less'0 - end + use seq.Seq - function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_Reverse'0) (o : t_Reverse'0) : bool - - = - [%#sord1] cmp_log'0 self o = C_Greater'0 + constant v_MAX'0 : usize = (18446744073709551615 : usize) - goal refines : [%#scmp0] forall x : t_Reverse'0 . forall y : t_Reverse'0 . forall result : () . gt_log'0 x y - = (cmp_log'0 x y = C_Greater'0) -> gt_log'0 x y = (cmp_log'0 x y = C_Greater'0) -end -module M_creusot_contracts__stdqy35z1__option__qyi10751279649878241649__cmp_ge_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39] (* as logic::ord::OrdLogic> *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 47 20 47 53 - let%span soption2 = "../../../creusot-contracts/src/std/option.rs" 437 8 442 9 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 - let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 - let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 - let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 - let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 - let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 - let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 - let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 - let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 - let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 - let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 - let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 + use prelude.prelude.UIntSize - type t_T'0 + use prelude.prelude.Borrow - type t_Option'0 = - | C_None'0 - | C_Some'0 t_T'0 + predicate completed'0 [#"../../../creusot-contracts/src/std/iter.rs" 35 4 35 36] (self : borrowed t_I'0) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) - function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_T'0) (other : t_T'0) : t_Ordering'0 - + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Enumerate'0) - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_T'0) (y : t_T'0) : () + function iter'0 [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 15 4 15 22] (self : t_Enumerate'0) : t_I'0 - axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord15] (x = y) = (cmp_log'1 x y = C_Equal'0) + axiom iter'0_spec : forall self : t_Enumerate'0 . [%#senumerate2] inv'0 self -> inv'1 (iter'0 self) - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_T'0) (y : t_T'0) : () + predicate invariant'0 [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 43 4 43 30] (self : t_Enumerate'0) = + [%#senumerate7] (forall s : Seq.seq t_Item'0, i : t_I'0 [produces'1 (iter'0 self) s i] . produces'1 (iter'0 self) s i + -> n'0 self + Seq.length s < UIntSize.to_int v_MAX'0) + /\ (forall i : borrowed t_I'0 . completed'0 i -> produces'1 i.current (Seq.empty : Seq.seq t_Item'0) i.final) - axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord13] cmp_log'1 x y = C_Greater'0) - -> ([%#sord14] cmp_log'1 y x = C_Less'0) + axiom inv_axiom'0 [@rewrite] : forall x : t_Enumerate'0 [inv'0 x] . inv'0 x + = (invariant'0 x + /\ match x with + | {t_Enumerate__iter'0 = iter ; t_Enumerate__count'0 = count} -> inv'1 iter + end) - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_T'0) (y : t_T'0) : () + use seq.Seq - axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord11] cmp_log'1 x y = C_Less'0) - -> ([%#sord12] cmp_log'1 y x = C_Greater'0) + use seq.Seq - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 70 4 70 64] (self : t_Enumerate'0) (visited : Seq.seq (usize, t_Item'0)) (o : t_Enumerate'0) + = + [%#senumerate1] Seq.length visited = n'0 o - n'0 self + /\ (exists s : Seq.seq t_Item'0 . produces'1 (iter'0 self) s (iter'0 o) + /\ Seq.length visited = Seq.length s + /\ (forall i : int . 0 <= i /\ i < Seq.length s + -> UIntSize.to_int (let (a, _) = Seq.get visited i in a) = n'0 self + i + /\ (let (_, a) = Seq.get visited i in a) = Seq.get s i)) - axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord8] cmp_log'1 x y = o) - -> ([%#sord9] cmp_log'1 y z = o) -> ([%#sord10] cmp_log'1 x z = o) + goal refines : [%#senumerate0] forall self : t_Enumerate'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq (usize, t_Item'0)) self + -> produces'0 self (Seq.empty : Seq.seq (usize, t_Item'0)) self +end +module M_creusot_contracts__stdqy35z1__iter__filter__qyi9573749579793237160__produces_refl__refines [#"../../../creusot-contracts/src/std/iter/filter.rs" 106 4 106 26] (* as std::iter::Iterator> *) + let%span sfilter0 = "../../../creusot-contracts/src/std/iter/filter.rs" 106 4 106 26 + let%span sfilter1 = "../../../creusot-contracts/src/std/iter/filter.rs" 87 12 99 17 + let%span sfilter2 = "../../../creusot-contracts/src/std/iter/filter.rs" 34 12 40 124 + let%span sfilter3 = "../../../creusot-contracts/src/std/iter/filter.rs" 22 14 22 39 + let%span sfilter4 = "../../../creusot-contracts/src/std/iter/filter.rs" 15 14 15 39 + let%span sops5 = "../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 + let%span sops6 = "../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 + let%span sops7 = "../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 + let%span sops8 = "../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 + let%span sops9 = "../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 + let%span sops10 = "../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 + let%span sops11 = "../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 + let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 + let%span siter13 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 + let%span siter14 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 + let%span siter15 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_T'0) : () + type t_I'0 - axiom refl'0_spec : forall x : t_T'0 . [%#sord7] cmp_log'1 x x = C_Equal'0 + type t_F'0 - function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_T'0) (o : t_T'0) : bool + type t_Filter'0 = + { t_Filter__iter'0: t_I'0; t_Filter__predicate'0: t_F'0 } - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_T'0) (y : t_T'0) : () + use seq.Seq - axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord6] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) + type t_Item'0 - function ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_T'0) (o : t_T'0) : bool + use seq.Seq - function cmp_ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_T'0) (y : t_T'0) : () + use prelude.prelude.Borrow - axiom cmp_ge_log'1_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] ge_log'1 x y = (cmp_log'1 x y <> C_Less'0) + predicate precondition'0 [#"../../../creusot-contracts/src/std/ops.rs" 77 4 77 45] (self : t_F'0) (args : t_Item'0) - function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_T'0) (o : t_T'0) : bool + predicate postcondition_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 85 4 85 73] (self : t_F'0) (args : t_Item'0) (result : bool) + - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_T'0) (y : t_T'0) : () + predicate resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_F'0) - axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) + predicate postcondition_mut'0 [#"../../../creusot-contracts/src/std/ops.rs" 95 4 95 92] (self : t_F'0) (args : t_Item'0) (result_state : t_F'0) (result : bool) + - function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_T'0) (o : t_T'0) : bool + function fn_mut_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 129 4 129 55] (self : t_F'0) (args : t_Item'0) (res : bool) : () + - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_T'0) (y : t_T'0) : () + axiom fn_mut_once'0_spec : forall self : t_F'0, args : t_Item'0, res : bool . [%#sops11] postcondition_once'0 self args res + = (exists res_state : t_F'0 . postcondition_mut'0 self args res_state res /\ resolve'0 res_state) - axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord3] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) + predicate unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 103 4 103 36] (self : t_F'0) (_2 : t_F'0) - function cmp_log'0 [#"../../../creusot-contracts/src/std/option.rs" 436 4 436 41] (self : t_Option'0) (o : t_Option'0) : t_Ordering'0 + function unnest_trans'0 [#"../../../creusot-contracts/src/std/ops.rs" 123 4 123 43] (self : t_F'0) (b : t_F'0) (c : t_F'0) : () - = - [%#soption2] match (self, o) with - | (C_None'0, C_None'0) -> C_Equal'0 - | (C_None'0, C_Some'0 _) -> C_Less'0 - | (C_Some'0 _, C_None'0) -> C_Greater'0 - | (C_Some'0 x, C_Some'0 y) -> cmp_log'1 x y - end - function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_Option'0) (o : t_Option'0) : bool - - = - [%#sord1] cmp_log'0 self o <> C_Less'0 + axiom unnest_trans'0_spec : forall self : t_F'0, b : t_F'0, c : t_F'0 . ([%#sops8] unnest'0 self b) + -> ([%#sops9] unnest'0 b c) -> ([%#sops10] unnest'0 self c) - goal refines : [%#sord0] forall x : t_Option'0 . forall y : t_Option'0 . forall result : () . ge_log'0 x y - = (cmp_log'0 x y <> C_Less'0) -> ge_log'0 x y = (cmp_log'0 x y <> C_Less'0) -end -module M_creusot_contracts__stdqy35z1__option__qyi10751279649878241649__cmp_le_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39] (* as logic::ord::OrdLogic> *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 25 20 25 56 - let%span soption2 = "../../../creusot-contracts/src/std/option.rs" 437 8 442 9 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 - let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 - let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 - let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 - let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 - let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 - let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 - let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 - let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 - let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 - let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 - let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 + function unnest_refl'0 [#"../../../creusot-contracts/src/std/ops.rs" 116 4 116 24] (self : t_F'0) : () - type t_T'0 + axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops7] unnest'0 self self - type t_Option'0 = - | C_None'0 - | C_Some'0 t_T'0 + function postcondition_mut_unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 111 4 111 85] (self : t_F'0) (args : t_Item'0) (res_state : t_F'0) (res : bool) : () + - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : t_Item'0, res_state : t_F'0, res : bool . ([%#sops5] postcondition_mut'0 self args res_state res) + -> ([%#sops6] unnest'0 self res_state) - function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_T'0) (other : t_T'0) : t_Ordering'0 - + predicate invariant'0 [#"../../../creusot-contracts/src/std/iter/filter.rs" 31 4 31 30] (self : t_Filter'0) = + [%#sfilter2] forall f : t_F'0, i : t_Item'0 . precondition'0 f (i) + /\ (forall f : t_F'0, g : t_F'0 . unnest'0 f g -> f = g) + /\ (forall f1 : t_F'0, f2 : t_F'0, i : t_Item'0 . not (postcondition_mut'0 f1 (i) f2 true + /\ postcondition_mut'0 f1 (i) f2 false)) - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_T'0) (y : t_T'0) : () + predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) - axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord15] (x = y) = (cmp_log'1 x y = C_Equal'0) + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_F'0) - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_T'0) (y : t_T'0) : () + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Filter'0) - axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord13] cmp_log'1 x y = C_Greater'0) - -> ([%#sord14] cmp_log'1 y x = C_Less'0) + axiom inv_axiom'0 [@rewrite] : forall x : t_Filter'0 [inv'0 x] . inv'0 x + = (invariant'0 x + /\ match x with + | {t_Filter__iter'0 = iter ; t_Filter__predicate'0 = predicate'} -> inv'2 iter /\ inv'1 predicate' + end) - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_T'0) (y : t_T'0) : () + function func'0 [#"../../../creusot-contracts/src/std/iter/filter.rs" 23 4 23 22] (self : t_Filter'0) : t_F'0 - axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord11] cmp_log'1 x y = C_Less'0) - -> ([%#sord12] cmp_log'1 y x = C_Greater'0) + axiom func'0_spec : forall self : t_Filter'0 . [%#sfilter3] inv'0 self -> inv'1 (func'0 self) - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () + use prelude.prelude.Int + + use map.Map + + function iter'0 [#"../../../creusot-contracts/src/std/iter/filter.rs" 16 4 16 22] (self : t_Filter'0) : t_I'0 + + axiom iter'0_spec : forall self : t_Filter'0 . [%#sfilter4] inv'0 self -> inv'2 (iter'0 self) + + use seq.Seq + + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord8] cmp_log'1 x y = o) - -> ([%#sord9] cmp_log'1 y z = o) -> ([%#sord10] cmp_log'1 x z = o) + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_T'0) : () + axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter13] produces'1 a ab b) + -> ([%#siter14] produces'1 b bc c) -> ([%#siter15] produces'1 a (Seq.(++) ab bc) c) - axiom refl'0_spec : forall x : t_T'0 . [%#sord7] cmp_log'1 x x = C_Equal'0 + function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () - function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_T'0) (o : t_T'0) : bool + axiom produces_refl'1_spec : forall self : t_I'0 . [%#siter12] produces'1 self (Seq.empty : Seq.seq t_Item'0) self - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_T'0) (y : t_T'0) : () + use seq.Seq - axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord6] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) + use map.Map - function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_T'0) (o : t_T'0) : bool + use seq.Seq - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_T'0) (y : t_T'0) : () + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/filter.rs" 85 4 85 67] (self : t_Filter'0) (visited : Seq.seq t_Item'0) (succ : t_Filter'0) + + = + [%#sfilter1] invariant'0 self + -> unnest'0 (func'0 self) (func'0 succ) + /\ (exists s : Seq.seq t_Item'0, f : Map.map int int . produces'1 (iter'0 self) s (iter'0 succ) + /\ (forall i : int, j : int . 0 <= i /\ i <= j /\ j < Seq.length visited + -> 0 <= Map.get f i /\ Map.get f i <= Map.get f j /\ Map.get f j < Seq.length s) + /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> Seq.get visited i = Seq.get s (Map.get f i)) + /\ (forall i : int . 0 <= i /\ i < Seq.length s + -> (exists j : int . 0 <= j /\ j < Seq.length visited /\ Map.get f j = i) + = postcondition_mut'0 (func'0 self) (Seq.get s i) (func'0 self) true)) - axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) + goal refines : [%#sfilter0] forall self : t_Filter'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_Item'0) self + -> produces'0 self (Seq.empty : Seq.seq t_Item'0) self +end +module M_creusot_contracts__stdqy35z1__iter__filter__qyi9573749579793237160__produces_trans__refines [#"../../../creusot-contracts/src/std/iter/filter.rs" 113 4 113 90] (* as std::iter::Iterator> *) + let%span sfilter0 = "../../../creusot-contracts/src/std/iter/filter.rs" 113 4 113 90 + let%span sfilter1 = "../../../creusot-contracts/src/std/iter/filter.rs" 87 12 99 17 + let%span sfilter2 = "../../../creusot-contracts/src/std/iter/filter.rs" 34 12 40 124 + let%span sfilter3 = "../../../creusot-contracts/src/std/iter/filter.rs" 22 14 22 39 + let%span sfilter4 = "../../../creusot-contracts/src/std/iter/filter.rs" 15 14 15 39 + let%span sops5 = "../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 + let%span sops6 = "../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 + let%span sops7 = "../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 + let%span sops8 = "../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 + let%span sops9 = "../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 + let%span sops10 = "../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 + let%span sops11 = "../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 + let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 + let%span siter13 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 + let%span siter14 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 + let%span siter15 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 - function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_T'0) (o : t_T'0) : bool + type t_I'0 - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_T'0) (y : t_T'0) : () + type t_F'0 - axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) + type t_Filter'0 = + { t_Filter__iter'0: t_I'0; t_Filter__predicate'0: t_F'0 } - function le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_T'0) (o : t_T'0) : bool + type t_Item'0 - function cmp_le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_T'0) (y : t_T'0) : () + use seq.Seq - axiom cmp_le_log'1_spec : forall x : t_T'0, y : t_T'0 . [%#sord3] le_log'1 x y = (cmp_log'1 x y <> C_Greater'0) + use prelude.prelude.Borrow - function cmp_log'0 [#"../../../creusot-contracts/src/std/option.rs" 436 4 436 41] (self : t_Option'0) (o : t_Option'0) : t_Ordering'0 + predicate precondition'0 [#"../../../creusot-contracts/src/std/ops.rs" 77 4 77 45] (self : t_F'0) (args : t_Item'0) + + predicate postcondition_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 85 4 85 73] (self : t_F'0) (args : t_Item'0) (result : bool) - = - [%#soption2] match (self, o) with - | (C_None'0, C_None'0) -> C_Equal'0 - | (C_None'0, C_Some'0 _) -> C_Less'0 - | (C_Some'0 _, C_None'0) -> C_Greater'0 - | (C_Some'0 x, C_Some'0 y) -> cmp_log'1 x y - end - function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_Option'0) (o : t_Option'0) : bool + predicate resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_F'0) + + predicate postcondition_mut'0 [#"../../../creusot-contracts/src/std/ops.rs" 95 4 95 92] (self : t_F'0) (args : t_Item'0) (result_state : t_F'0) (result : bool) - = - [%#sord1] cmp_log'0 self o <> C_Greater'0 - goal refines : [%#sord0] forall x : t_Option'0 . forall y : t_Option'0 . forall result : () . le_log'0 x y - = (cmp_log'0 x y <> C_Greater'0) -> le_log'0 x y = (cmp_log'0 x y <> C_Greater'0) -end -module M_creusot_contracts__stdqy35z1__option__qyi10751279649878241649__cmp_gt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39] (* as logic::ord::OrdLogic> *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 58 20 58 56 - let%span soption2 = "../../../creusot-contracts/src/std/option.rs" 437 8 442 9 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 - let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 - let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 - let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 - let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 - let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 - let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 - let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 - let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 - let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 - let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 - let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 + function fn_mut_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 129 4 129 55] (self : t_F'0) (args : t_Item'0) (res : bool) : () + - type t_T'0 + axiom fn_mut_once'0_spec : forall self : t_F'0, args : t_Item'0, res : bool . [%#sops11] postcondition_once'0 self args res + = (exists res_state : t_F'0 . postcondition_mut'0 self args res_state res /\ resolve'0 res_state) - type t_Option'0 = - | C_None'0 - | C_Some'0 t_T'0 + predicate unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 103 4 103 36] (self : t_F'0) (_2 : t_F'0) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function unnest_trans'0 [#"../../../creusot-contracts/src/std/ops.rs" 123 4 123 43] (self : t_F'0) (b : t_F'0) (c : t_F'0) : () + - function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_T'0) (other : t_T'0) : t_Ordering'0 + axiom unnest_trans'0_spec : forall self : t_F'0, b : t_F'0, c : t_F'0 . ([%#sops8] unnest'0 self b) + -> ([%#sops9] unnest'0 b c) -> ([%#sops10] unnest'0 self c) + + function unnest_refl'0 [#"../../../creusot-contracts/src/std/ops.rs" 116 4 116 24] (self : t_F'0) : () + + axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops7] unnest'0 self self + + function postcondition_mut_unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 111 4 111 85] (self : t_F'0) (args : t_Item'0) (res_state : t_F'0) (res : bool) : () - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_T'0) (y : t_T'0) : () + axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : t_Item'0, res_state : t_F'0, res : bool . ([%#sops5] postcondition_mut'0 self args res_state res) + -> ([%#sops6] unnest'0 self res_state) - axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord15] (x = y) = (cmp_log'1 x y = C_Equal'0) + predicate invariant'0 [#"../../../creusot-contracts/src/std/iter/filter.rs" 31 4 31 30] (self : t_Filter'0) = + [%#sfilter2] forall f : t_F'0, i : t_Item'0 . precondition'0 f (i) + /\ (forall f : t_F'0, g : t_F'0 . unnest'0 f g -> f = g) + /\ (forall f1 : t_F'0, f2 : t_F'0, i : t_Item'0 . not (postcondition_mut'0 f1 (i) f2 true + /\ postcondition_mut'0 f1 (i) f2 false)) - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_T'0) (y : t_T'0) : () + predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) - axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord13] cmp_log'1 x y = C_Greater'0) - -> ([%#sord14] cmp_log'1 y x = C_Less'0) + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_F'0) - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_T'0) (y : t_T'0) : () + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Filter'0) - axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord11] cmp_log'1 x y = C_Less'0) - -> ([%#sord12] cmp_log'1 y x = C_Greater'0) + axiom inv_axiom'0 [@rewrite] : forall x : t_Filter'0 [inv'0 x] . inv'0 x + = (invariant'0 x + /\ match x with + | {t_Filter__iter'0 = iter ; t_Filter__predicate'0 = predicate'} -> inv'2 iter /\ inv'1 predicate' + end) - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () - + function func'0 [#"../../../creusot-contracts/src/std/iter/filter.rs" 23 4 23 22] (self : t_Filter'0) : t_F'0 - axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord8] cmp_log'1 x y = o) - -> ([%#sord9] cmp_log'1 y z = o) -> ([%#sord10] cmp_log'1 x z = o) + axiom func'0_spec : forall self : t_Filter'0 . [%#sfilter3] inv'0 self -> inv'1 (func'0 self) - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_T'0) : () + use prelude.prelude.Int - axiom refl'0_spec : forall x : t_T'0 . [%#sord7] cmp_log'1 x x = C_Equal'0 + use map.Map - function gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_T'0) (o : t_T'0) : bool + function iter'0 [#"../../../creusot-contracts/src/std/iter/filter.rs" 16 4 16 22] (self : t_Filter'0) : t_I'0 - function cmp_gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_T'0) (y : t_T'0) : () + axiom iter'0_spec : forall self : t_Filter'0 . [%#sfilter4] inv'0 self -> inv'2 (iter'0 self) - axiom cmp_gt_log'1_spec : forall x : t_T'0, y : t_T'0 . [%#sord6] gt_log'1 x y = (cmp_log'1 x y = C_Greater'0) + use seq.Seq - function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_T'0) (o : t_T'0) : bool + use seq.Seq - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_T'0) (y : t_T'0) : () + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) + - axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) + function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + - function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_T'0) (o : t_T'0) : bool + axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter13] produces'1 a ab b) + -> ([%#siter14] produces'1 b bc c) -> ([%#siter15] produces'1 a (Seq.(++) ab bc) c) - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_T'0) (y : t_T'0) : () + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () - axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) + axiom produces_refl'0_spec : forall self : t_I'0 . [%#siter12] produces'1 self (Seq.empty : Seq.seq t_Item'0) self - function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_T'0) (o : t_T'0) : bool + use seq.Seq - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_T'0) (y : t_T'0) : () + use map.Map - axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord3] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/std/option.rs" 436 4 436 41] (self : t_Option'0) (o : t_Option'0) : t_Ordering'0 + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/filter.rs" 85 4 85 67] (self : t_Filter'0) (visited : Seq.seq t_Item'0) (succ : t_Filter'0) = - [%#soption2] match (self, o) with - | (C_None'0, C_None'0) -> C_Equal'0 - | (C_None'0, C_Some'0 _) -> C_Less'0 - | (C_Some'0 _, C_None'0) -> C_Greater'0 - | (C_Some'0 x, C_Some'0 y) -> cmp_log'1 x y - end - - function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_Option'0) (o : t_Option'0) : bool - - = - [%#sord1] cmp_log'0 self o = C_Greater'0 + [%#sfilter1] invariant'0 self + -> unnest'0 (func'0 self) (func'0 succ) + /\ (exists s : Seq.seq t_Item'0, f : Map.map int int . produces'1 (iter'0 self) s (iter'0 succ) + /\ (forall i : int, j : int . 0 <= i /\ i <= j /\ j < Seq.length visited + -> 0 <= Map.get f i /\ Map.get f i <= Map.get f j /\ Map.get f j < Seq.length s) + /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> Seq.get visited i = Seq.get s (Map.get f i)) + /\ (forall i : int . 0 <= i /\ i < Seq.length s + -> (exists j : int . 0 <= j /\ j < Seq.length visited /\ Map.get f j = i) + = postcondition_mut'0 (func'0 self) (Seq.get s i) (func'0 self) true)) - goal refines : [%#sord0] forall x : t_Option'0 . forall y : t_Option'0 . forall result : () . gt_log'0 x y - = (cmp_log'0 x y = C_Greater'0) -> gt_log'0 x y = (cmp_log'0 x y = C_Greater'0) + goal refines : [%#sfilter0] forall a : t_Filter'0 . forall ab : Seq.seq t_Item'0 . forall b : t_Filter'0 . forall bc : Seq.seq t_Item'0 . forall c : t_Filter'0 . produces'0 b bc c + /\ produces'0 a ab b + -> produces'0 b bc c + /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) end -module M_creusot_contracts__stdqy35z1__option__qyi10751279649878241649__eq_cmp__refines [#"../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35] (* as logic::ord::OrdLogic> *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35 - let%span soption1 = "../../../creusot-contracts/src/std/option.rs" 437 8 442 9 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 - let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 - let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 - let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 - let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 - let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 - let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 - let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 - let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 - let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 - let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 +module M_creusot_contracts__stdqy35z1__iter__fuse__qyi10730559947553418603__produces_trans__refines [#"../../../creusot-contracts/src/std/iter/fuse.rs" 49 4 49 90] (* as std::iter::Iterator> *) + let%span sfuse0 = "../../../creusot-contracts/src/std/iter/fuse.rs" 49 4 49 90 + let%span sfuse1 = "../../../creusot-contracts/src/std/iter/fuse.rs" 29 12 35 13 + let%span sfuse2 = "../../../creusot-contracts/src/std/iter/fuse.rs" 8 14 8 39 + let%span sfuse3 = "../../../creusot-contracts/src/std/iter/fuse.rs" 9 14 9 71 + let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 + let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 + let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 + let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 - type t_T'0 + type t_I'0 type t_Option'0 = | C_None'0 - | C_Some'0 t_T'0 - - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 - - function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_T'0) (other : t_T'0) : t_Ordering'0 - - - function eq_cmp'1 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_T'0) (y : t_T'0) : () - - axiom eq_cmp'1_spec : forall x : t_T'0, y : t_T'0 . [%#sord14] (x = y) = (cmp_log'1 x y = C_Equal'0) - - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_T'0) (y : t_T'0) : () - - axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord12] cmp_log'1 x y = C_Greater'0) - -> ([%#sord13] cmp_log'1 y x = C_Less'0) - - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_T'0) (y : t_T'0) : () + | C_Some'0 t_I'0 - axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord10] cmp_log'1 x y = C_Less'0) - -> ([%#sord11] cmp_log'1 y x = C_Greater'0) + type t_Fuse'0 = + { t_Fuse__iter'0: t_Option'0 } - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () - + type t_Item'0 - axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord7] cmp_log'1 x y = o) - -> ([%#sord8] cmp_log'1 y z = o) -> ([%#sord9] cmp_log'1 x z = o) + use seq.Seq - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_T'0) : () + use seq.Seq - axiom refl'0_spec : forall x : t_T'0 . [%#sord6] cmp_log'1 x x = C_Equal'0 + predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) - function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_T'0) (o : t_T'0) : bool + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Option'0) - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_T'0) (y : t_T'0) : () + axiom inv_axiom'1 [@rewrite] : forall x : t_Option'0 [inv'1 x] . inv'1 x + = match x with + | C_None'0 -> true + | C_Some'0 a_0 -> inv'2 a_0 + end - axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Fuse'0) - function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_T'0) (o : t_T'0) : bool + axiom inv_axiom'0 [@rewrite] : forall x : t_Fuse'0 [inv'0 x] . inv'0 x + = match x with + | {t_Fuse__iter'0 = iter} -> inv'1 iter + end - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_T'0) (y : t_T'0) : () + function view'0 [#"../../../creusot-contracts/src/std/iter/fuse.rs" 10 4 10 30] (self : t_Fuse'0) : t_Option'0 - axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) + axiom view'0_spec : forall self : t_Fuse'0 . ([%#sfuse2] inv'0 self -> inv'1 (view'0 self)) + && ([%#sfuse3] forall other : t_Fuse'0 . view'0 self = view'0 other -> self = other) - function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_T'0) (o : t_T'0) : bool + use seq.Seq - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_T'0) (y : t_T'0) : () + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) + - axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord3] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) + function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + - function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_T'0) (o : t_T'0) : bool + axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter5] produces'1 a ab b) + -> ([%#siter6] produces'1 b bc c) -> ([%#siter7] produces'1 a (Seq.(++) ab bc) c) - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_T'0) (y : t_T'0) : () + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () - axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord2] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) + axiom produces_refl'0_spec : forall self : t_I'0 . [%#siter4] produces'1 self (Seq.empty : Seq.seq t_Item'0) self - function cmp_log'0 [#"../../../creusot-contracts/src/std/option.rs" 436 4 436 41] (self : t_Option'0) (o : t_Option'0) : t_Ordering'0 + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/fuse.rs" 27 4 27 65] (self : t_Fuse'0) (prod : Seq.seq t_Item'0) (other : t_Fuse'0) = - [%#soption1] match (self, o) with - | (C_None'0, C_None'0) -> C_Equal'0 - | (C_None'0, C_Some'0 _) -> C_Less'0 - | (C_Some'0 _, C_None'0) -> C_Greater'0 - | (C_Some'0 x, C_Some'0 y) -> cmp_log'1 x y + [%#sfuse1] match view'0 self with + | C_None'0 -> prod = (Seq.empty : Seq.seq t_Item'0) /\ view'0 other = view'0 self + | C_Some'0 i -> match view'0 other with + | C_Some'0 i2 -> produces'1 i prod i2 + | C_None'0 -> false + end end - goal refines : [%#sord0] forall x : t_Option'0 . forall y : t_Option'0 . forall result : () . (x = y) - = (cmp_log'0 x y = C_Equal'0) -> (x = y) = (cmp_log'0 x y = C_Equal'0) + goal refines : [%#sfuse0] forall a : t_Fuse'0 . forall ab : Seq.seq t_Item'0 . forall b : t_Fuse'0 . forall bc : Seq.seq t_Item'0 . forall c : t_Fuse'0 . produces'0 b bc c + /\ produces'0 a ab b + -> produces'0 b bc c + /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) end -module M_creusot_contracts__stdqy35z1__option__qyi10751279649878241649__cmp_lt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39] (* as logic::ord::OrdLogic> *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 36 20 36 53 - let%span soption2 = "../../../creusot-contracts/src/std/option.rs" 437 8 442 9 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 - let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 - let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 - let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 - let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 - let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 - let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 - let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 - let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 - let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 - let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 - let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 +module M_creusot_contracts__stdqy35z1__iter__fuse__qyi10730559947553418603__produces_refl__refines [#"../../../creusot-contracts/src/std/iter/fuse.rs" 42 4 42 26] (* as std::iter::Iterator> *) + let%span sfuse0 = "../../../creusot-contracts/src/std/iter/fuse.rs" 42 4 42 26 + let%span sfuse1 = "../../../creusot-contracts/src/std/iter/fuse.rs" 29 12 35 13 + let%span sfuse2 = "../../../creusot-contracts/src/std/iter/fuse.rs" 8 14 8 39 + let%span sfuse3 = "../../../creusot-contracts/src/std/iter/fuse.rs" 9 14 9 71 + let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 + let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 + let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 + let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 - type t_T'0 + type t_I'0 type t_Option'0 = | C_None'0 - | C_Some'0 t_T'0 - - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 - - function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_T'0) (other : t_T'0) : t_Ordering'0 - - - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_T'0) (y : t_T'0) : () - - axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord15] (x = y) = (cmp_log'1 x y = C_Equal'0) - - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_T'0) (y : t_T'0) : () - - axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord13] cmp_log'1 x y = C_Greater'0) - -> ([%#sord14] cmp_log'1 y x = C_Less'0) - - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_T'0) (y : t_T'0) : () + | C_Some'0 t_I'0 - axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord11] cmp_log'1 x y = C_Less'0) - -> ([%#sord12] cmp_log'1 y x = C_Greater'0) + type t_Fuse'0 = + { t_Fuse__iter'0: t_Option'0 } - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () - + use seq.Seq - axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord8] cmp_log'1 x y = o) - -> ([%#sord9] cmp_log'1 y z = o) -> ([%#sord10] cmp_log'1 x z = o) + type t_Item'0 - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_T'0) : () + use seq.Seq - axiom refl'0_spec : forall x : t_T'0 . [%#sord7] cmp_log'1 x x = C_Equal'0 + predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) - function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_T'0) (o : t_T'0) : bool + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Option'0) - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_T'0) (y : t_T'0) : () + axiom inv_axiom'1 [@rewrite] : forall x : t_Option'0 [inv'1 x] . inv'1 x + = match x with + | C_None'0 -> true + | C_Some'0 a_0 -> inv'2 a_0 + end - axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord6] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Fuse'0) - function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_T'0) (o : t_T'0) : bool + axiom inv_axiom'0 [@rewrite] : forall x : t_Fuse'0 [inv'0 x] . inv'0 x + = match x with + | {t_Fuse__iter'0 = iter} -> inv'1 iter + end - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_T'0) (y : t_T'0) : () + function view'0 [#"../../../creusot-contracts/src/std/iter/fuse.rs" 10 4 10 30] (self : t_Fuse'0) : t_Option'0 - axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) + axiom view'0_spec : forall self : t_Fuse'0 . ([%#sfuse2] inv'0 self -> inv'1 (view'0 self)) + && ([%#sfuse3] forall other : t_Fuse'0 . view'0 self = view'0 other -> self = other) - function lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_T'0) (o : t_T'0) : bool + use seq.Seq - function cmp_lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_T'0) (y : t_T'0) : () + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) + - axiom cmp_lt_log'1_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] lt_log'1 x y = (cmp_log'1 x y = C_Less'0) + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + - function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_T'0) (o : t_T'0) : bool + axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter5] produces'1 a ab b) + -> ([%#siter6] produces'1 b bc c) -> ([%#siter7] produces'1 a (Seq.(++) ab bc) c) - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_T'0) (y : t_T'0) : () + function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () - axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord3] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) + axiom produces_refl'1_spec : forall self : t_I'0 . [%#siter4] produces'1 self (Seq.empty : Seq.seq t_Item'0) self - function cmp_log'0 [#"../../../creusot-contracts/src/std/option.rs" 436 4 436 41] (self : t_Option'0) (o : t_Option'0) : t_Ordering'0 + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/fuse.rs" 27 4 27 65] (self : t_Fuse'0) (prod : Seq.seq t_Item'0) (other : t_Fuse'0) = - [%#soption2] match (self, o) with - | (C_None'0, C_None'0) -> C_Equal'0 - | (C_None'0, C_Some'0 _) -> C_Less'0 - | (C_Some'0 _, C_None'0) -> C_Greater'0 - | (C_Some'0 x, C_Some'0 y) -> cmp_log'1 x y + [%#sfuse1] match view'0 self with + | C_None'0 -> prod = (Seq.empty : Seq.seq t_Item'0) /\ view'0 other = view'0 self + | C_Some'0 i -> match view'0 other with + | C_Some'0 i2 -> produces'1 i prod i2 + | C_None'0 -> false + end end - function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_Option'0) (o : t_Option'0) : bool - - = - [%#sord1] cmp_log'0 self o = C_Less'0 - - goal refines : [%#sord0] forall x : t_Option'0 . forall y : t_Option'0 . forall result : () . lt_log'0 x y - = (cmp_log'0 x y = C_Less'0) -> lt_log'0 x y = (cmp_log'0 x y = C_Less'0) + goal refines : [%#sfuse0] forall self : t_Fuse'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_Item'0) self + -> produces'0 self (Seq.empty : Seq.seq t_Item'0) self end -module M_creusot_contracts__stdqy35z1__option__qyi10751279649878241649__antisym2__refines [#"../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37] (* as logic::ord::OrdLogic> *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37 - let%span soption1 = "../../../creusot-contracts/src/std/option.rs" 437 8 442 9 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 - let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 - let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 - let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 - let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 - let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 - let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 - let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 - let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 - let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 - let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 +module M_creusot_contracts__stdqy35z1__iter__map__qyi6597778842032428791__produces_refl__refines [#"../../../creusot-contracts/src/std/iter/map.rs" 81 4 81 26] (* as std::iter::Iterator> *) + let%span smap0 = "../../../creusot-contracts/src/std/iter/map.rs" 81 4 81 26 + let%span smap1 = "../../../creusot-contracts/src/std/iter/map.rs" 63 12 74 75 + let%span smap2 = "../../../creusot-contracts/src/std/iter/map.rs" 22 14 22 39 + let%span smap3 = "../../../creusot-contracts/src/std/iter/map.rs" 15 14 15 39 + let%span sops4 = "../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 + let%span sops5 = "../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 + let%span sops6 = "../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 + let%span sops7 = "../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 + let%span sops8 = "../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 + let%span sops9 = "../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 + let%span sops10 = "../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 + let%span siter11 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 + let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 + let%span siter13 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 + let%span siter14 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 - type t_T'0 + type t_I'0 - type t_Option'0 = - | C_None'0 - | C_Some'0 t_T'0 + type t_F'0 - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + type t_Map'0 = + { t_Map__iter'0: t_I'0; t_Map__f'0: t_F'0 } - function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_T'0) (other : t_T'0) : t_Ordering'0 - + use seq.Seq - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_T'0) (y : t_T'0) : () + type t_B'0 - axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord14] (x = y) = (cmp_log'1 x y = C_Equal'0) + use seq.Seq - function antisym2'1 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_T'0) (y : t_T'0) : () + predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) - axiom antisym2'1_spec : forall x : t_T'0, y : t_T'0 . ([%#sord12] cmp_log'1 x y = C_Greater'0) - -> ([%#sord13] cmp_log'1 y x = C_Less'0) + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_F'0) - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_T'0) (y : t_T'0) : () + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Map'0) - axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord10] cmp_log'1 x y = C_Less'0) - -> ([%#sord11] cmp_log'1 y x = C_Greater'0) + axiom inv_axiom'0 [@rewrite] : forall x : t_Map'0 [inv'0 x] . inv'0 x + = match x with + | {t_Map__iter'0 = iter ; t_Map__f'0 = f} -> inv'2 iter /\ inv'1 f + end - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () + function func'0 [#"../../../creusot-contracts/src/std/iter/map.rs" 23 4 23 22] (self : t_Map'0) : t_F'0 + + axiom func'0_spec : forall self : t_Map'0 . [%#smap2] inv'0 self -> inv'1 (func'0 self) + + type t_Item'0 + + predicate postcondition_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 85 4 85 73] (self : t_F'0) (args : t_Item'0) (result : t_B'0) - axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord7] cmp_log'1 x y = o) - -> ([%#sord8] cmp_log'1 y z = o) -> ([%#sord9] cmp_log'1 x z = o) + use prelude.prelude.Borrow - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_T'0) : () + predicate resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_F'0) - axiom refl'0_spec : forall x : t_T'0 . [%#sord6] cmp_log'1 x x = C_Equal'0 + predicate postcondition_mut'0 [#"../../../creusot-contracts/src/std/ops.rs" 95 4 95 92] (self : t_F'0) (args : t_Item'0) (result_state : t_F'0) (result : t_B'0) + - function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_T'0) (o : t_T'0) : bool + function fn_mut_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 129 4 129 55] (self : t_F'0) (args : t_Item'0) (res : t_B'0) : () + - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_T'0) (y : t_T'0) : () + axiom fn_mut_once'0_spec : forall self : t_F'0, args : t_Item'0, res : t_B'0 . [%#sops10] postcondition_once'0 self args res + = (exists res_state : t_F'0 . postcondition_mut'0 self args res_state res /\ resolve'0 res_state) - axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) + predicate unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 103 4 103 36] (self : t_F'0) (_2 : t_F'0) - function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_T'0) (o : t_T'0) : bool + function unnest_trans'0 [#"../../../creusot-contracts/src/std/ops.rs" 123 4 123 43] (self : t_F'0) (b : t_F'0) (c : t_F'0) : () + - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_T'0) (y : t_T'0) : () + axiom unnest_trans'0_spec : forall self : t_F'0, b : t_F'0, c : t_F'0 . ([%#sops7] unnest'0 self b) + -> ([%#sops8] unnest'0 b c) -> ([%#sops9] unnest'0 self c) - axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) + function unnest_refl'0 [#"../../../creusot-contracts/src/std/ops.rs" 116 4 116 24] (self : t_F'0) : () - function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_T'0) (o : t_T'0) : bool + axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops6] unnest'0 self self - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_T'0) (y : t_T'0) : () + function postcondition_mut_unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 111 4 111 85] (self : t_F'0) (args : t_Item'0) (res_state : t_F'0) (res : t_B'0) : () + - axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord3] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) + axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : t_Item'0, res_state : t_F'0, res : t_B'0 . ([%#sops4] postcondition_mut'0 self args res_state res) + -> ([%#sops5] unnest'0 self res_state) - function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_T'0) (o : t_T'0) : bool + use seq.Seq - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_T'0) (y : t_T'0) : () + use seq.Seq - axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord2] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/std/option.rs" 436 4 436 41] (self : t_Option'0) (o : t_Option'0) : t_Ordering'0 - - = - [%#soption1] match (self, o) with - | (C_None'0, C_None'0) -> C_Equal'0 - | (C_None'0, C_Some'0 _) -> C_Less'0 - | (C_Some'0 _, C_None'0) -> C_Greater'0 - | (C_Some'0 x, C_Some'0 y) -> cmp_log'1 x y - end + use seq.Seq - goal refines : [%#sord0] forall x : t_Option'0 . forall y : t_Option'0 . cmp_log'0 x y = C_Greater'0 - -> cmp_log'0 x y = C_Greater'0 /\ (forall result : () . cmp_log'0 y x = C_Less'0 -> cmp_log'0 y x = C_Less'0) -end -module M_creusot_contracts__stdqy35z1__option__qyi10751279649878241649__antisym1__refines [#"../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37] (* as logic::ord::OrdLogic> *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37 - let%span soption1 = "../../../creusot-contracts/src/std/option.rs" 437 8 442 9 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 - let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 - let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 - let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 - let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 - let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 - let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 - let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 - let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 - let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 - let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 + use seq.Seq - type t_T'0 + function iter'0 [#"../../../creusot-contracts/src/std/iter/map.rs" 16 4 16 22] (self : t_Map'0) : t_I'0 - type t_Option'0 = - | C_None'0 - | C_Some'0 t_T'0 + axiom iter'0_spec : forall self : t_Map'0 . [%#smap3] inv'0 self -> inv'2 (iter'0 self) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use seq.Seq - function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_T'0) (other : t_T'0) : t_Ordering'0 + use seq.Seq + + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_T'0) (y : t_T'0) : () + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + - axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord14] (x = y) = (cmp_log'1 x y = C_Equal'0) + axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter12] produces'1 a ab b) + -> ([%#siter13] produces'1 b bc c) -> ([%#siter14] produces'1 a (Seq.(++) ab bc) c) - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_T'0) (y : t_T'0) : () + function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () - axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord12] cmp_log'1 x y = C_Greater'0) - -> ([%#sord13] cmp_log'1 y x = C_Less'0) + axiom produces_refl'1_spec : forall self : t_I'0 . [%#siter11] produces'1 self (Seq.empty : Seq.seq t_Item'0) self - function antisym1'1 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_T'0) (y : t_T'0) : () + use prelude.prelude.Int - axiom antisym1'1_spec : forall x : t_T'0, y : t_T'0 . ([%#sord10] cmp_log'1 x y = C_Less'0) - -> ([%#sord11] cmp_log'1 y x = C_Greater'0) + use seq.Seq - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () - + use seq.Seq - axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord7] cmp_log'1 x y = o) - -> ([%#sord8] cmp_log'1 y z = o) -> ([%#sord9] cmp_log'1 x z = o) + predicate precondition'0 [#"../../../creusot-contracts/src/std/ops.rs" 77 4 77 45] (self : t_F'0) (args : t_Item'0) - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_T'0) : () + use seq.Seq - axiom refl'0_spec : forall x : t_T'0 . [%#sord6] cmp_log'1 x x = C_Equal'0 + predicate produces'0 [@inline:trivial] [#"../../../creusot-contracts/src/std/iter/map.rs" 61 4 61 67] (self : t_Map'0) (visited : Seq.seq t_B'0) (succ : t_Map'0) + + = + [%#smap1] unnest'0 (func'0 self) (func'0 succ) + /\ (exists fs : Seq.seq (borrowed t_F'0) . Seq.length fs = Seq.length visited + /\ (exists s : Seq.seq t_Item'0 [produces'1 (iter'0 self) s (iter'0 succ)] . Seq.length s = Seq.length visited + /\ produces'1 (iter'0 self) s (iter'0 succ) + /\ (forall i : int . 1 <= i /\ i < Seq.length fs -> (Seq.get fs (i - 1)).final = (Seq.get fs i).current) + /\ (if Seq.length visited = 0 then + func'0 self = func'0 succ + else + (Seq.get fs 0).current = func'0 self /\ (Seq.get fs (Seq.length visited - 1)).final = func'0 succ + ) + /\ (forall i : int . 0 <= i /\ i < Seq.length visited + -> unnest'0 (func'0 self) (Seq.get fs i).current + /\ precondition'0 (Seq.get fs i).current (Seq.get s i) + /\ postcondition_mut'0 (Seq.get fs i).current (Seq.get s i) (Seq.get fs i).final (Seq.get visited i)))) - function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_T'0) (o : t_T'0) : bool + goal refines : [%#smap0] forall self : t_Map'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_B'0) self + -> produces'0 self (Seq.empty : Seq.seq t_B'0) self +end +module M_creusot_contracts__stdqy35z1__iter__map__qyi6597778842032428791__produces_trans__refines [#"../../../creusot-contracts/src/std/iter/map.rs" 88 4 88 90] (* as std::iter::Iterator> *) + let%span smap0 = "../../../creusot-contracts/src/std/iter/map.rs" 88 4 88 90 + let%span smap1 = "../../../creusot-contracts/src/std/iter/map.rs" 63 12 74 75 + let%span smap2 = "../../../creusot-contracts/src/std/iter/map.rs" 22 14 22 39 + let%span smap3 = "../../../creusot-contracts/src/std/iter/map.rs" 15 14 15 39 + let%span sops4 = "../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 + let%span sops5 = "../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 + let%span sops6 = "../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 + let%span sops7 = "../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 + let%span sops8 = "../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 + let%span sops9 = "../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 + let%span sops10 = "../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 + let%span siter11 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 + let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 + let%span siter13 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 + let%span siter14 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_T'0) (y : t_T'0) : () + type t_I'0 - axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) + type t_F'0 - function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_T'0) (o : t_T'0) : bool + type t_Map'0 = + { t_Map__iter'0: t_I'0; t_Map__f'0: t_F'0 } - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_T'0) (y : t_T'0) : () + type t_B'0 - axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) + use seq.Seq - function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_T'0) (o : t_T'0) : bool + predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_T'0) (y : t_T'0) : () + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_F'0) - axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord3] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Map'0) - function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_T'0) (o : t_T'0) : bool + axiom inv_axiom'0 [@rewrite] : forall x : t_Map'0 [inv'0 x] . inv'0 x + = match x with + | {t_Map__iter'0 = iter ; t_Map__f'0 = f} -> inv'2 iter /\ inv'1 f + end - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_T'0) (y : t_T'0) : () + function func'0 [#"../../../creusot-contracts/src/std/iter/map.rs" 23 4 23 22] (self : t_Map'0) : t_F'0 - axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord2] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) + axiom func'0_spec : forall self : t_Map'0 . [%#smap2] inv'0 self -> inv'1 (func'0 self) - function cmp_log'0 [#"../../../creusot-contracts/src/std/option.rs" 436 4 436 41] (self : t_Option'0) (o : t_Option'0) : t_Ordering'0 + type t_Item'0 + + predicate postcondition_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 85 4 85 73] (self : t_F'0) (args : t_Item'0) (result : t_B'0) - = - [%#soption1] match (self, o) with - | (C_None'0, C_None'0) -> C_Equal'0 - | (C_None'0, C_Some'0 _) -> C_Less'0 - | (C_Some'0 _, C_None'0) -> C_Greater'0 - | (C_Some'0 x, C_Some'0 y) -> cmp_log'1 x y - end - - goal refines : [%#sord0] forall x : t_Option'0 . forall y : t_Option'0 . cmp_log'0 x y = C_Less'0 - -> cmp_log'0 x y = C_Less'0 /\ (forall result : () . cmp_log'0 y x = C_Greater'0 -> cmp_log'0 y x = C_Greater'0) -end -module M_creusot_contracts__stdqy35z1__option__qyi10751279649878241649__refl__refines [#"../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24] (* as logic::ord::OrdLogic> *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24 - let%span soption1 = "../../../creusot-contracts/src/std/option.rs" 437 8 442 9 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 - let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 - let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 - let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 - let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 - let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 - let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 - let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 - let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 - let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 - let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 - type t_T'0 + use prelude.prelude.Borrow - type t_Option'0 = - | C_None'0 - | C_Some'0 t_T'0 + predicate resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_F'0) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + predicate postcondition_mut'0 [#"../../../creusot-contracts/src/std/ops.rs" 95 4 95 92] (self : t_F'0) (args : t_Item'0) (result_state : t_F'0) (result : t_B'0) + - function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_T'0) (other : t_T'0) : t_Ordering'0 + function fn_mut_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 129 4 129 55] (self : t_F'0) (args : t_Item'0) (res : t_B'0) : () - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_T'0) (y : t_T'0) : () + axiom fn_mut_once'0_spec : forall self : t_F'0, args : t_Item'0, res : t_B'0 . [%#sops10] postcondition_once'0 self args res + = (exists res_state : t_F'0 . postcondition_mut'0 self args res_state res /\ resolve'0 res_state) - axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord14] (x = y) = (cmp_log'1 x y = C_Equal'0) + predicate unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 103 4 103 36] (self : t_F'0) (_2 : t_F'0) - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_T'0) (y : t_T'0) : () + function unnest_trans'0 [#"../../../creusot-contracts/src/std/ops.rs" 123 4 123 43] (self : t_F'0) (b : t_F'0) (c : t_F'0) : () + - axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord12] cmp_log'1 x y = C_Greater'0) - -> ([%#sord13] cmp_log'1 y x = C_Less'0) + axiom unnest_trans'0_spec : forall self : t_F'0, b : t_F'0, c : t_F'0 . ([%#sops7] unnest'0 self b) + -> ([%#sops8] unnest'0 b c) -> ([%#sops9] unnest'0 self c) - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_T'0) (y : t_T'0) : () + function unnest_refl'0 [#"../../../creusot-contracts/src/std/ops.rs" 116 4 116 24] (self : t_F'0) : () - axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord10] cmp_log'1 x y = C_Less'0) - -> ([%#sord11] cmp_log'1 y x = C_Greater'0) + axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops6] unnest'0 self self - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () + function postcondition_mut_unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 111 4 111 85] (self : t_F'0) (args : t_Item'0) (res_state : t_F'0) (res : t_B'0) : () - axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord7] cmp_log'1 x y = o) - -> ([%#sord8] cmp_log'1 y z = o) -> ([%#sord9] cmp_log'1 x z = o) + axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : t_Item'0, res_state : t_F'0, res : t_B'0 . ([%#sops4] postcondition_mut'0 self args res_state res) + -> ([%#sops5] unnest'0 self res_state) - function refl'1 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_T'0) : () + use seq.Seq - axiom refl'1_spec : forall x : t_T'0 . [%#sord6] cmp_log'1 x x = C_Equal'0 + use seq.Seq - function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_T'0) (o : t_T'0) : bool + use seq.Seq - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_T'0) (y : t_T'0) : () + use seq.Seq - axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) + use seq.Seq - function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_T'0) (o : t_T'0) : bool + function iter'0 [#"../../../creusot-contracts/src/std/iter/map.rs" 16 4 16 22] (self : t_Map'0) : t_I'0 - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_T'0) (y : t_T'0) : () + axiom iter'0_spec : forall self : t_Map'0 . [%#smap3] inv'0 self -> inv'2 (iter'0 self) - axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) + use seq.Seq - function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_T'0) (o : t_T'0) : bool + use seq.Seq - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_T'0) (y : t_T'0) : () + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) + - axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord3] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) + function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + - function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_T'0) (o : t_T'0) : bool + axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter12] produces'1 a ab b) + -> ([%#siter13] produces'1 b bc c) -> ([%#siter14] produces'1 a (Seq.(++) ab bc) c) - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_T'0) (y : t_T'0) : () + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () - axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord2] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) + axiom produces_refl'0_spec : forall self : t_I'0 . [%#siter11] produces'1 self (Seq.empty : Seq.seq t_Item'0) self - function cmp_log'0 [#"../../../creusot-contracts/src/std/option.rs" 436 4 436 41] (self : t_Option'0) (o : t_Option'0) : t_Ordering'0 - - = - [%#soption1] match (self, o) with - | (C_None'0, C_None'0) -> C_Equal'0 - | (C_None'0, C_Some'0 _) -> C_Less'0 - | (C_Some'0 _, C_None'0) -> C_Greater'0 - | (C_Some'0 x, C_Some'0 y) -> cmp_log'1 x y - end + use prelude.prelude.Int - goal refines : [%#sord0] forall x : t_Option'0 . forall result : () . cmp_log'0 x x = C_Equal'0 - -> cmp_log'0 x x = C_Equal'0 -end -module M_creusot_contracts__stdqy35z1__option__qyi10751279649878241649__trans__refines [#"../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56] (* as logic::ord::OrdLogic> *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56 - let%span soption1 = "../../../creusot-contracts/src/std/option.rs" 437 8 442 9 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 - let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 - let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 - let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 - let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 - let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 - let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 - let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 - let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 - let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 - let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 + use seq.Seq - type t_T'0 + use seq.Seq - type t_Option'0 = - | C_None'0 - | C_Some'0 t_T'0 + predicate precondition'0 [#"../../../creusot-contracts/src/std/ops.rs" 77 4 77 45] (self : t_F'0) (args : t_Item'0) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use seq.Seq - function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_T'0) (other : t_T'0) : t_Ordering'0 + predicate produces'0 [@inline:trivial] [#"../../../creusot-contracts/src/std/iter/map.rs" 61 4 61 67] (self : t_Map'0) (visited : Seq.seq t_B'0) (succ : t_Map'0) + = + [%#smap1] unnest'0 (func'0 self) (func'0 succ) + /\ (exists fs : Seq.seq (borrowed t_F'0) . Seq.length fs = Seq.length visited + /\ (exists s : Seq.seq t_Item'0 [produces'1 (iter'0 self) s (iter'0 succ)] . Seq.length s = Seq.length visited + /\ produces'1 (iter'0 self) s (iter'0 succ) + /\ (forall i : int . 1 <= i /\ i < Seq.length fs -> (Seq.get fs (i - 1)).final = (Seq.get fs i).current) + /\ (if Seq.length visited = 0 then + func'0 self = func'0 succ + else + (Seq.get fs 0).current = func'0 self /\ (Seq.get fs (Seq.length visited - 1)).final = func'0 succ + ) + /\ (forall i : int . 0 <= i /\ i < Seq.length visited + -> unnest'0 (func'0 self) (Seq.get fs i).current + /\ precondition'0 (Seq.get fs i).current (Seq.get s i) + /\ postcondition_mut'0 (Seq.get fs i).current (Seq.get s i) (Seq.get fs i).final (Seq.get visited i)))) - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_T'0) (y : t_T'0) : () + use seq.Seq - axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord14] (x = y) = (cmp_log'1 x y = C_Equal'0) + goal refines : [%#smap0] forall a : t_Map'0 . forall ab : Seq.seq t_B'0 . forall b : t_Map'0 . forall bc : Seq.seq t_B'0 . forall c : t_Map'0 . produces'0 b bc c + /\ produces'0 a ab b + -> produces'0 b bc c + /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) +end +module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi9026772487048432788__produces_refl__refines [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 24 4 24 26] (* ::Item, F> as std::iter::Iterator> *) + let%span smap_inv0 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 24 4 24 26 + let%span smap_inv1 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 37 8 49 9 + let%span sops2 = "../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 + let%span sops3 = "../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 + let%span sops4 = "../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 + let%span sops5 = "../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 + let%span sops6 = "../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 + let%span sops7 = "../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 + let%span sops8 = "../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 + let%span siter9 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 + let%span siter10 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 + let%span siter11 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 + let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_T'0) (y : t_T'0) : () + type t_I'0 - axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord12] cmp_log'1 x y = C_Greater'0) - -> ([%#sord13] cmp_log'1 y x = C_Less'0) + type t_F'0 - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_T'0) (y : t_T'0) : () + type t_Item'0 - axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord10] cmp_log'1 x y = C_Less'0) - -> ([%#sord11] cmp_log'1 y x = C_Greater'0) + use seq.Seq - function trans'1 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () - + use prelude.prelude.Snapshot - axiom trans'1_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord7] cmp_log'1 x y = o) - -> ([%#sord8] cmp_log'1 y z = o) -> ([%#sord9] cmp_log'1 x z = o) + type t_MapInv'0 = + { t_MapInv__iter'0: t_I'0; t_MapInv__func'0: t_F'0; t_MapInv__produced'0: Snapshot.snap_ty (Seq.seq t_Item'0) } - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_T'0) : () + use seq.Seq - axiom refl'0_spec : forall x : t_T'0 . [%#sord6] cmp_log'1 x x = C_Equal'0 + type t_B'0 - function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_T'0) (o : t_T'0) : bool + use seq.Seq - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_T'0) (y : t_T'0) : () + predicate postcondition_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 85 4 85 73] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (result : t_B'0) + - axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) + use prelude.prelude.Borrow - function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_T'0) (o : t_T'0) : bool + predicate resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_F'0) - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_T'0) (y : t_T'0) : () + predicate postcondition_mut'0 [#"../../../creusot-contracts/src/std/ops.rs" 95 4 95 92] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (result_state : t_F'0) (result : t_B'0) + - axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) + function fn_mut_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 129 4 129 55] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (res : t_B'0) : () + - function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_T'0) (o : t_T'0) : bool + axiom fn_mut_once'0_spec : forall self : t_F'0, args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0)), res : t_B'0 . [%#sops8] postcondition_once'0 self args res + = (exists res_state : t_F'0 . postcondition_mut'0 self args res_state res /\ resolve'0 res_state) - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_T'0) (y : t_T'0) : () + predicate unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 103 4 103 36] (self : t_F'0) (_2 : t_F'0) - axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord3] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) + function unnest_trans'0 [#"../../../creusot-contracts/src/std/ops.rs" 123 4 123 43] (self : t_F'0) (b : t_F'0) (c : t_F'0) : () + - function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_T'0) (o : t_T'0) : bool + axiom unnest_trans'0_spec : forall self : t_F'0, b : t_F'0, c : t_F'0 . ([%#sops5] unnest'0 self b) + -> ([%#sops6] unnest'0 b c) -> ([%#sops7] unnest'0 self c) - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_T'0) (y : t_T'0) : () + function unnest_refl'0 [#"../../../creusot-contracts/src/std/ops.rs" 116 4 116 24] (self : t_F'0) : () - axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord2] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) + axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops4] unnest'0 self self - function cmp_log'0 [#"../../../creusot-contracts/src/std/option.rs" 436 4 436 41] (self : t_Option'0) (o : t_Option'0) : t_Ordering'0 + function postcondition_mut_unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 111 4 111 85] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (res_state : t_F'0) (res : t_B'0) : () - = - [%#soption1] match (self, o) with - | (C_None'0, C_None'0) -> C_Equal'0 - | (C_None'0, C_Some'0 _) -> C_Less'0 - | (C_Some'0 _, C_None'0) -> C_Greater'0 - | (C_Some'0 x, C_Some'0 y) -> cmp_log'1 x y - end - goal refines : [%#sord0] forall x : t_Option'0 . forall y : t_Option'0 . forall z : t_Option'0 . forall o : t_Ordering'0 . cmp_log'0 y z - = o - /\ cmp_log'0 x y = o - -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) -end -module M_creusot_contracts__num_rational__qyi7156484438548626841__cmp_le_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39 - let%span snum_rational1 = "../../../creusot-contracts/src/num_rational.rs" 29 4 29 12 + axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0)), res_state : t_F'0, res : t_B'0 . ([%#sops2] postcondition_mut'0 self args res_state res) + -> ([%#sops3] unnest'0 self res_state) - use prelude.prelude.Real + use seq.Seq - use prelude.prelude.Real + use seq.Seq - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use seq.Seq - use prelude.prelude.Real + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/num_rational.rs" 31 4 31 41] (self : Real.real) (o : Real.real) : t_Ordering'0 - - = - [%#snum_rational1] if Real.(<) self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + use seq.Seq - goal refines : [%#sord0] forall x : Real.real . forall y : Real.real . forall result : () . Real.(<=) x y - = (cmp_log'0 x y <> C_Greater'0) -> Real.(<=) x y = (cmp_log'0 x y <> C_Greater'0) -end -module M_creusot_contracts__num_rational__qyi7156484438548626841__eq_cmp__refines [#"../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35 - let%span snum_rational1 = "../../../creusot-contracts/src/num_rational.rs" 29 4 29 12 + use seq.Seq - use prelude.prelude.Real + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) + - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + - use prelude.prelude.Real + axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter10] produces'1 a ab b) + -> ([%#siter11] produces'1 b bc c) -> ([%#siter12] produces'1 a (Seq.(++) ab bc) c) - function cmp_log'0 [#"../../../creusot-contracts/src/num_rational.rs" 31 4 31 41] (self : Real.real) (o : Real.real) : t_Ordering'0 - - = - [%#snum_rational1] if Real.(<) self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () - goal refines : [%#sord0] forall x : Real.real . forall y : Real.real . forall result : () . (x = y) - = (cmp_log'0 x y = C_Equal'0) -> (x = y) = (cmp_log'0 x y = C_Equal'0) -end -module M_creusot_contracts__num_rational__qyi7156484438548626841__cmp_lt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39 - let%span snum_rational1 = "../../../creusot-contracts/src/num_rational.rs" 29 4 29 12 + axiom produces_refl'1_spec : forall self : t_I'0 . [%#siter9] produces'1 self (Seq.empty : Seq.seq t_Item'0) self - use prelude.prelude.Real + use prelude.prelude.Snapshot - use prelude.prelude.Real + use prelude.prelude.Snapshot - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use prelude.prelude.Int - function cmp_log'0 [#"../../../creusot-contracts/src/num_rational.rs" 31 4 31 41] (self : Real.real) (o : Real.real) : t_Ordering'0 - - = - [%#snum_rational1] if Real.(<) self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + use seq.Seq - goal refines : [%#sord0] forall x : Real.real . forall y : Real.real . forall result : () . Real.(<) x y - = (cmp_log'0 x y = C_Less'0) -> Real.(<) x y = (cmp_log'0 x y = C_Less'0) -end -module M_creusot_contracts__num_rational__qyi7156484438548626841__cmp_ge_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39 - let%span snum_rational1 = "../../../creusot-contracts/src/num_rational.rs" 29 4 29 12 + use seq.Seq - use prelude.prelude.Real + use seq.Seq - use prelude.prelude.Real + use prelude.prelude.Snapshot - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + predicate precondition'0 [#"../../../creusot-contracts/src/std/ops.rs" 77 4 77 45] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) + - use prelude.prelude.Real + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/num_rational.rs" 31 4 31 41] (self : Real.real) (o : Real.real) : t_Ordering'0 + predicate produces'0 [@inline:trivial] [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 36 4 36 67] (self : t_MapInv'0) (visited : Seq.seq t_B'0) (succ : t_MapInv'0) = - [%#snum_rational1] if Real.(<) self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#smap_inv1] unnest'0 self.t_MapInv__func'0 succ.t_MapInv__func'0 + /\ (exists fs : Seq.seq (borrowed t_F'0) . Seq.length fs = Seq.length visited + /\ (exists s : Seq.seq t_Item'0 . Seq.length s = Seq.length visited + /\ produces'1 self.t_MapInv__iter'0 s succ.t_MapInv__iter'0 + /\ Snapshot.inner succ.t_MapInv__produced'0 = Seq.(++) (Snapshot.inner self.t_MapInv__produced'0) s + /\ (forall i : int . 1 <= i /\ i < Seq.length fs -> (Seq.get fs (i - 1)).final = (Seq.get fs i).current) + /\ (if Seq.length visited = 0 then + self.t_MapInv__func'0 = succ.t_MapInv__func'0 + else + (Seq.get fs 0).current = self.t_MapInv__func'0 + /\ (Seq.get fs (Seq.length visited - 1)).final = succ.t_MapInv__func'0 + ) + /\ (forall i : int . 0 <= i /\ i < Seq.length visited + -> unnest'0 self.t_MapInv__func'0 (Seq.get fs i).current + /\ precondition'0 (Seq.get fs i).current (Seq.get s i, Snapshot.new (Seq.(++) (Snapshot.inner self.t_MapInv__produced'0) (Seq.([..]) s 0 i))) + /\ postcondition_mut'0 (Seq.get fs i).current (Seq.get s i, Snapshot.new (Seq.(++) (Snapshot.inner self.t_MapInv__produced'0) (Seq.([..]) s 0 i))) (Seq.get fs i).final (Seq.get visited i)))) - goal refines : [%#sord0] forall x : Real.real . forall y : Real.real . forall result : () . Real.(>=) x y - = (cmp_log'0 x y <> C_Less'0) -> Real.(>=) x y = (cmp_log'0 x y <> C_Less'0) + goal refines : [%#smap_inv0] forall self : t_MapInv'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_B'0) self + -> produces'0 self (Seq.empty : Seq.seq t_B'0) self end -module M_creusot_contracts__num_rational__qyi7156484438548626841__cmp_gt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39 - let%span snum_rational1 = "../../../creusot-contracts/src/num_rational.rs" 29 4 29 12 - - use prelude.prelude.Real +module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi9026772487048432788__produces_trans__refines [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 31 4 31 90] (* ::Item, F> as std::iter::Iterator> *) + let%span smap_inv0 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 31 4 31 90 + let%span smap_inv1 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 37 8 49 9 + let%span sops2 = "../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 + let%span sops3 = "../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 + let%span sops4 = "../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 + let%span sops5 = "../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 + let%span sops6 = "../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 + let%span sops7 = "../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 + let%span sops8 = "../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 + let%span siter9 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 + let%span siter10 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 + let%span siter11 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 + let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 - use prelude.prelude.Real + type t_I'0 - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + type t_F'0 - use prelude.prelude.Real + type t_Item'0 - function cmp_log'0 [#"../../../creusot-contracts/src/num_rational.rs" 31 4 31 41] (self : Real.real) (o : Real.real) : t_Ordering'0 - - = - [%#snum_rational1] if Real.(<) self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + use seq.Seq - goal refines : [%#sord0] forall x : Real.real . forall y : Real.real . forall result : () . Real.(>) x y - = (cmp_log'0 x y = C_Greater'0) -> Real.(>) x y = (cmp_log'0 x y = C_Greater'0) -end -module M_creusot_contracts__num_rational__qyi7156484438548626841__antisym2__refines [#"../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37 - let%span snum_rational1 = "../../../creusot-contracts/src/num_rational.rs" 29 4 29 12 + use prelude.prelude.Snapshot - use prelude.prelude.Real + type t_MapInv'0 = + { t_MapInv__iter'0: t_I'0; t_MapInv__func'0: t_F'0; t_MapInv__produced'0: Snapshot.snap_ty (Seq.seq t_Item'0) } - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + type t_B'0 - use prelude.prelude.Real + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/num_rational.rs" 31 4 31 41] (self : Real.real) (o : Real.real) : t_Ordering'0 + predicate postcondition_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 85 4 85 73] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (result : t_B'0) - = - [%#snum_rational1] if Real.(<) self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - - goal refines : [%#sord0] forall x : Real.real . forall y : Real.real . cmp_log'0 x y = C_Greater'0 - -> cmp_log'0 x y = C_Greater'0 /\ (forall result : () . cmp_log'0 y x = C_Less'0 -> cmp_log'0 y x = C_Less'0) -end -module M_creusot_contracts__num_rational__qyi7156484438548626841__trans__refines [#"../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56 - let%span snum_rational1 = "../../../creusot-contracts/src/num_rational.rs" 29 4 29 12 - - use prelude.prelude.Real - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use prelude.prelude.Borrow - use prelude.prelude.Real + predicate resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_F'0) - function cmp_log'0 [#"../../../creusot-contracts/src/num_rational.rs" 31 4 31 41] (self : Real.real) (o : Real.real) : t_Ordering'0 + predicate postcondition_mut'0 [#"../../../creusot-contracts/src/std/ops.rs" 95 4 95 92] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (result_state : t_F'0) (result : t_B'0) - = - [%#snum_rational1] if Real.(<) self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - - goal refines : [%#sord0] forall x : Real.real . forall y : Real.real . forall z : Real.real . forall o : t_Ordering'0 . cmp_log'0 y z - = o - /\ cmp_log'0 x y = o - -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) -end -module M_creusot_contracts__num_rational__qyi7156484438548626841__antisym1__refines [#"../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37 - let%span snum_rational1 = "../../../creusot-contracts/src/num_rational.rs" 29 4 29 12 - use prelude.prelude.Real + function fn_mut_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 129 4 129 55] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (res : t_B'0) : () + - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + axiom fn_mut_once'0_spec : forall self : t_F'0, args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0)), res : t_B'0 . [%#sops8] postcondition_once'0 self args res + = (exists res_state : t_F'0 . postcondition_mut'0 self args res_state res /\ resolve'0 res_state) - use prelude.prelude.Real + predicate unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 103 4 103 36] (self : t_F'0) (_2 : t_F'0) - function cmp_log'0 [#"../../../creusot-contracts/src/num_rational.rs" 31 4 31 41] (self : Real.real) (o : Real.real) : t_Ordering'0 + function unnest_trans'0 [#"../../../creusot-contracts/src/std/ops.rs" 123 4 123 43] (self : t_F'0) (b : t_F'0) (c : t_F'0) : () - = - [%#snum_rational1] if Real.(<) self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - - goal refines : [%#sord0] forall x : Real.real . forall y : Real.real . cmp_log'0 x y = C_Less'0 - -> cmp_log'0 x y = C_Less'0 /\ (forall result : () . cmp_log'0 y x = C_Greater'0 -> cmp_log'0 y x = C_Greater'0) -end -module M_creusot_contracts__num_rational__qyi7156484438548626841__refl__refines [#"../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24 - let%span snum_rational1 = "../../../creusot-contracts/src/num_rational.rs" 29 4 29 12 - use prelude.prelude.Real + axiom unnest_trans'0_spec : forall self : t_F'0, b : t_F'0, c : t_F'0 . ([%#sops5] unnest'0 self b) + -> ([%#sops6] unnest'0 b c) -> ([%#sops7] unnest'0 self c) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function unnest_refl'0 [#"../../../creusot-contracts/src/std/ops.rs" 116 4 116 24] (self : t_F'0) : () - use prelude.prelude.Real + axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops4] unnest'0 self self - function cmp_log'0 [#"../../../creusot-contracts/src/num_rational.rs" 31 4 31 41] (self : Real.real) (o : Real.real) : t_Ordering'0 + function postcondition_mut_unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 111 4 111 85] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (res_state : t_F'0) (res : t_B'0) : () - = - [%#snum_rational1] if Real.(<) self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : Real.real . forall result : () . cmp_log'0 x x = C_Equal'0 - -> cmp_log'0 x x = C_Equal'0 -end -module M_creusot_contracts__logic__ord__qyi8355372356285216375__cmp_ge_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0)), res_state : t_F'0, res : t_B'0 . ([%#sops2] postcondition_mut'0 self args res_state res) + -> ([%#sops3] unnest'0 self res_state) - use prelude.prelude.Int + use seq.Seq - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int) (o : int) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + use seq.Seq - goal refines : [%#sord0] forall x : int . forall y : int . forall result : () . (x >= y) = (cmp_log'0 x y <> C_Less'0) - -> (x >= y) = (cmp_log'0 x y <> C_Less'0) -end -module M_creusot_contracts__logic__ord__qyi8355372356285216375__refl__refines [#"../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + use seq.Seq - use prelude.prelude.Int + use seq.Seq - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int) (o : int) : t_Ordering'0 + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : int . forall result : () . cmp_log'0 x x = C_Equal'0 -> cmp_log'0 x x = C_Equal'0 -end -module M_creusot_contracts__logic__ord__qyi8355372356285216375__cmp_gt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + - use prelude.prelude.Int + axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter10] produces'1 a ab b) + -> ([%#siter11] produces'1 b bc c) -> ([%#siter12] produces'1 a (Seq.(++) ab bc) c) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int) (o : int) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + axiom produces_refl'0_spec : forall self : t_I'0 . [%#siter9] produces'1 self (Seq.empty : Seq.seq t_Item'0) self - goal refines : [%#sord0] forall x : int . forall y : int . forall result : () . (x > y) - = (cmp_log'0 x y = C_Greater'0) -> (x > y) = (cmp_log'0 x y = C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi8355372356285216375__cmp_lt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + use prelude.prelude.Snapshot + + use prelude.prelude.Snapshot use prelude.prelude.Int - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int) (o : int) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + use seq.Seq - goal refines : [%#sord0] forall x : int . forall y : int . forall result : () . (x < y) = (cmp_log'0 x y = C_Less'0) - -> (x < y) = (cmp_log'0 x y = C_Less'0) -end -module M_creusot_contracts__logic__ord__qyi8355372356285216375__eq_cmp__refines [#"../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + use seq.Seq - use prelude.prelude.Int + use prelude.prelude.Snapshot - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + predicate precondition'0 [#"../../../creusot-contracts/src/std/ops.rs" 77 4 77 45] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) + - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int) (o : int) : t_Ordering'0 + use seq.Seq + + predicate produces'0 [@inline:trivial] [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 36 4 36 67] (self : t_MapInv'0) (visited : Seq.seq t_B'0) (succ : t_MapInv'0) = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#smap_inv1] unnest'0 self.t_MapInv__func'0 succ.t_MapInv__func'0 + /\ (exists fs : Seq.seq (borrowed t_F'0) . Seq.length fs = Seq.length visited + /\ (exists s : Seq.seq t_Item'0 . Seq.length s = Seq.length visited + /\ produces'1 self.t_MapInv__iter'0 s succ.t_MapInv__iter'0 + /\ Snapshot.inner succ.t_MapInv__produced'0 = Seq.(++) (Snapshot.inner self.t_MapInv__produced'0) s + /\ (forall i : int . 1 <= i /\ i < Seq.length fs -> (Seq.get fs (i - 1)).final = (Seq.get fs i).current) + /\ (if Seq.length visited = 0 then + self.t_MapInv__func'0 = succ.t_MapInv__func'0 + else + (Seq.get fs 0).current = self.t_MapInv__func'0 + /\ (Seq.get fs (Seq.length visited - 1)).final = succ.t_MapInv__func'0 + ) + /\ (forall i : int . 0 <= i /\ i < Seq.length visited + -> unnest'0 self.t_MapInv__func'0 (Seq.get fs i).current + /\ precondition'0 (Seq.get fs i).current (Seq.get s i, Snapshot.new (Seq.(++) (Snapshot.inner self.t_MapInv__produced'0) (Seq.([..]) s 0 i))) + /\ postcondition_mut'0 (Seq.get fs i).current (Seq.get s i, Snapshot.new (Seq.(++) (Snapshot.inner self.t_MapInv__produced'0) (Seq.([..]) s 0 i))) (Seq.get fs i).final (Seq.get visited i)))) - goal refines : [%#sord0] forall x : int . forall y : int . forall result : () . (x = y) = (cmp_log'0 x y = C_Equal'0) - -> (x = y) = (cmp_log'0 x y = C_Equal'0) -end -module M_creusot_contracts__logic__ord__qyi8355372356285216375__antisym1__refines [#"../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + use seq.Seq - use prelude.prelude.Int + goal refines : [%#smap_inv0] forall a : t_MapInv'0 . forall ab : Seq.seq t_B'0 . forall b : t_MapInv'0 . forall bc : Seq.seq t_B'0 . forall c : t_MapInv'0 . produces'0 b bc c + /\ produces'0 a ab b + -> produces'0 b bc c + /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) +end +module M_creusot_contracts__stdqy35z1__iter__once__qyi8116812009287608646__produces_trans__refines [#"../../../creusot-contracts/src/std/iter/once.rs" 39 4 39 90] (* as std::iter::Iterator> *) + let%span sonce0 = "../../../creusot-contracts/src/std/iter/once.rs" 39 4 39 90 + let%span sonce1 = "../../../creusot-contracts/src/std/iter/once.rs" 24 12 25 96 - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + type t_T'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int) (o : int) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + type t_Option'0 = + | C_None'0 + | C_Some'0 t_T'0 - goal refines : [%#sord0] forall x : int . forall y : int . cmp_log'0 x y = C_Less'0 - -> cmp_log'0 x y = C_Less'0 /\ (forall result : () . cmp_log'0 y x = C_Greater'0 -> cmp_log'0 y x = C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi8355372356285216375__antisym2__refines [#"../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + type t_Item'0 = + { t_Item__opt'0: t_Option'0 } - use prelude.prelude.Int + type t_IntoIter'0 = + { t_IntoIter__inner'0: t_Item'0 } - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + type t_Once'0 = + { t_Once__inner'0: t_IntoIter'0 } - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int) (o : int) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + use seq.Seq - goal refines : [%#sord0] forall x : int . forall y : int . cmp_log'0 x y = C_Greater'0 - -> cmp_log'0 x y = C_Greater'0 /\ (forall result : () . cmp_log'0 y x = C_Less'0 -> cmp_log'0 y x = C_Less'0) -end -module M_creusot_contracts__logic__ord__qyi8355372356285216375__cmp_le_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + use seq.Seq - use prelude.prelude.Int + function view'0 [#"../../../creusot-contracts/src/std/iter/once.rs" 8 4 8 30] (self : t_Once'0) : t_Option'0 - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int) (o : int) : t_Ordering'0 + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/once.rs" 22 4 22 64] (self : t_Once'0) (visited : Seq.seq t_T'0) (o : t_Once'0) = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sonce1] visited = (Seq.empty : Seq.seq t_T'0) /\ self = o + \/ (exists e : t_T'0 . view'0 self = C_Some'0 e /\ visited = Seq.singleton e /\ view'0 o = C_None'0) - goal refines : [%#sord0] forall x : int . forall y : int . forall result : () . (x <= y) - = (cmp_log'0 x y <> C_Greater'0) -> (x <= y) = (cmp_log'0 x y <> C_Greater'0) + use seq.Seq + + goal refines : [%#sonce0] forall a : t_Once'0 . forall ab : Seq.seq t_T'0 . forall b : t_Once'0 . forall bc : Seq.seq t_T'0 . forall c : t_Once'0 . produces'0 b bc c + /\ produces'0 a ab b + -> produces'0 b bc c + /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) end -module M_creusot_contracts__logic__ord__qyi8355372356285216375__trans__refines [#"../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 +module M_creusot_contracts__stdqy35z1__iter__once__qyi8116812009287608646__produces_refl__refines [#"../../../creusot-contracts/src/std/iter/once.rs" 32 4 32 26] (* as std::iter::Iterator> *) + let%span sonce0 = "../../../creusot-contracts/src/std/iter/once.rs" 32 4 32 26 + let%span sonce1 = "../../../creusot-contracts/src/std/iter/once.rs" 24 12 25 96 - use prelude.prelude.Int + type t_T'0 - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + type t_Option'0 = + | C_None'0 + | C_Some'0 t_T'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int) (o : int) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + type t_Item'0 = + { t_Item__opt'0: t_Option'0 } - goal refines : [%#sord0] forall x : int . forall y : int . forall z : int . forall o : t_Ordering'0 . cmp_log'0 y z - = o - /\ cmp_log'0 x y = o - -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) -end -module M_creusot_contracts__logic__ord__qyi15418235539824427604__eq_cmp__refines [#"../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + type t_IntoIter'0 = + { t_IntoIter__inner'0: t_Item'0 } - use prelude.prelude.UInt8 + type t_Once'0 = + { t_Once__inner'0: t_IntoIter'0 } - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use seq.Seq - use prelude.prelude.Int + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint8) (o : uint8) : t_Ordering'0 + function view'0 [#"../../../creusot-contracts/src/std/iter/once.rs" 8 4 8 30] (self : t_Once'0) : t_Option'0 + + use seq.Seq + + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/once.rs" 22 4 22 64] (self : t_Once'0) (visited : Seq.seq t_T'0) (o : t_Once'0) = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sonce1] visited = (Seq.empty : Seq.seq t_T'0) /\ self = o + \/ (exists e : t_T'0 . view'0 self = C_Some'0 e /\ visited = Seq.singleton e /\ view'0 o = C_None'0) - goal refines : [%#sord0] forall x : uint8 . forall y : uint8 . forall result : () . (x = y) - = (cmp_log'0 x y = C_Equal'0) -> (x = y) = (cmp_log'0 x y = C_Equal'0) + goal refines : [%#sonce0] forall self : t_Once'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_T'0) self + -> produces'0 self (Seq.empty : Seq.seq t_T'0) self end -module M_creusot_contracts__logic__ord__qyi15418235539824427604__cmp_gt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 +module M_creusot_contracts__stdqy35z1__iter__range__qyi16860283617022118777__produces_refl__refines [#"../../../creusot-contracts/src/std/iter/range.rs" 33 4 33 26] (* as std::iter::Iterator> *) + let%span srange0 = "../../../creusot-contracts/src/std/iter/range.rs" 33 4 33 26 + let%span srange1 = "../../../creusot-contracts/src/std/iter/range.rs" 22 12 26 70 - use prelude.prelude.UInt8 + type t_Idx'0 - use prelude.prelude.Int + type t_Range'0 = + { t_Range__start'0: t_Idx'0; t_Range__end'0: t_Idx'0 } - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint8) (o : uint8) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + use seq.Seq - goal refines : [%#sord0] forall x : uint8 . forall y : uint8 . forall result : () . (x > y) - = (cmp_log'0 x y = C_Greater'0) -> (x > y) = (cmp_log'0 x y = C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi15418235539824427604__trans__refines [#"../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + use prelude.prelude.Int - use prelude.prelude.UInt8 + function deep_model'0 [#"../../../creusot-contracts/src/model.rs" 29 4 29 45] (self : t_Idx'0) : int - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use seq.Seq - use prelude.prelude.Int + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint8) (o : uint8) : t_Ordering'0 + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 20 4 20 64] (self : t_Range'0) (visited : Seq.seq t_Idx'0) (o : t_Range'0) = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#srange1] self.t_Range__end'0 = o.t_Range__end'0 + /\ deep_model'0 self.t_Range__start'0 <= deep_model'0 o.t_Range__start'0 + /\ (Seq.length visited > 0 -> deep_model'0 o.t_Range__start'0 <= deep_model'0 o.t_Range__end'0) + /\ Seq.length visited = deep_model'0 o.t_Range__start'0 - deep_model'0 self.t_Range__start'0 + /\ (forall i : int . 0 <= i /\ i < Seq.length visited + -> deep_model'0 (Seq.get visited i) = deep_model'0 self.t_Range__start'0 + i) - goal refines : [%#sord0] forall x : uint8 . forall y : uint8 . forall z : uint8 . forall o : t_Ordering'0 . cmp_log'0 y z - = o - /\ cmp_log'0 x y = o - -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) + goal refines : [%#srange0] forall self : t_Range'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_Idx'0) self + -> produces'0 self (Seq.empty : Seq.seq t_Idx'0) self end -module M_creusot_contracts__logic__ord__qyi15418235539824427604__antisym2__refines [#"../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 +module M_creusot_contracts__stdqy35z1__iter__range__qyi16860283617022118777__produces_trans__refines [#"../../../creusot-contracts/src/std/iter/range.rs" 40 4 40 90] (* as std::iter::Iterator> *) + let%span srange0 = "../../../creusot-contracts/src/std/iter/range.rs" 40 4 40 90 + let%span srange1 = "../../../creusot-contracts/src/std/iter/range.rs" 22 12 26 70 - use prelude.prelude.UInt8 + type t_Idx'0 - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + type t_Range'0 = + { t_Range__start'0: t_Idx'0; t_Range__end'0: t_Idx'0 } + + use seq.Seq use prelude.prelude.Int - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint8) (o : uint8) : t_Ordering'0 + function deep_model'0 [#"../../../creusot-contracts/src/model.rs" 29 4 29 45] (self : t_Idx'0) : int + + use seq.Seq + + use seq.Seq + + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 20 4 20 64] (self : t_Range'0) (visited : Seq.seq t_Idx'0) (o : t_Range'0) = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#srange1] self.t_Range__end'0 = o.t_Range__end'0 + /\ deep_model'0 self.t_Range__start'0 <= deep_model'0 o.t_Range__start'0 + /\ (Seq.length visited > 0 -> deep_model'0 o.t_Range__start'0 <= deep_model'0 o.t_Range__end'0) + /\ Seq.length visited = deep_model'0 o.t_Range__start'0 - deep_model'0 self.t_Range__start'0 + /\ (forall i : int . 0 <= i /\ i < Seq.length visited + -> deep_model'0 (Seq.get visited i) = deep_model'0 self.t_Range__start'0 + i) - goal refines : [%#sord0] forall x : uint8 . forall y : uint8 . cmp_log'0 x y = C_Greater'0 - -> cmp_log'0 x y = C_Greater'0 /\ (forall result : () . cmp_log'0 y x = C_Less'0 -> cmp_log'0 y x = C_Less'0) -end -module M_creusot_contracts__logic__ord__qyi15418235539824427604__cmp_le_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + use seq.Seq - use prelude.prelude.UInt8 + goal refines : [%#srange0] forall a : t_Range'0 . forall ab : Seq.seq t_Idx'0 . forall b : t_Range'0 . forall bc : Seq.seq t_Idx'0 . forall c : t_Range'0 . produces'0 b bc c + /\ produces'0 a ab b + -> produces'0 b bc c + /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) +end +module M_creusot_contracts__stdqy35z1__iter__range__qyi11108913944999844411__produces_trans__refines [#"../../../creusot-contracts/src/std/iter/range.rs" 84 4 84 90] (* as std::iter::Iterator> *) + let%span srange0 = "../../../creusot-contracts/src/std/iter/range.rs" 84 4 84 90 + let%span srange1 = "../../../creusot-contracts/src/std/iter/range.rs" 66 12 70 76 + let%span srange2 = "../../../creusot-contracts/src/std/iter/range.rs" 45 10 45 43 + let%span srange3 = "../../../creusot-contracts/src/std/iter/range.rs" 47 4 50 5 + let%span sops4 = "../../../creusot-contracts/src/std/ops.rs" 205 14 205 86 - use prelude.prelude.Int + type t_Idx'0 - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + type t_RangeInclusive'0 = + { t_RangeInclusive__start'0: t_Idx'0; t_RangeInclusive__end'0: t_Idx'0; t_RangeInclusive__exhausted'0: bool } - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint8) (o : uint8) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + use seq.Seq - goal refines : [%#sord0] forall x : uint8 . forall y : uint8 . forall result : () . (x <= y) - = (cmp_log'0 x y <> C_Greater'0) -> (x <= y) = (cmp_log'0 x y <> C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi15418235539824427604__cmp_lt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + use seq.Seq - use prelude.prelude.UInt8 + function start_log'0 [#"../../../creusot-contracts/src/std/ops.rs" 193 4 193 29] (self : t_RangeInclusive'0) : t_Idx'0 use prelude.prelude.Int - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function deep_model'0 [#"../../../creusot-contracts/src/model.rs" 29 4 29 45] (self : t_Idx'0) : int - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint8) (o : uint8) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + function end_log'0 [#"../../../creusot-contracts/src/std/ops.rs" 199 4 199 27] (self : t_RangeInclusive'0) : t_Idx'0 - goal refines : [%#sord0] forall x : uint8 . forall y : uint8 . forall result : () . (x < y) - = (cmp_log'0 x y = C_Less'0) -> (x < y) = (cmp_log'0 x y = C_Less'0) -end -module M_creusot_contracts__logic__ord__qyi15418235539824427604__cmp_ge_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + function is_empty_log'0 [#"../../../creusot-contracts/src/std/ops.rs" 206 4 209 35] (self : t_RangeInclusive'0) : bool - use prelude.prelude.UInt8 + axiom is_empty_log'0_spec : forall self : t_RangeInclusive'0 . [%#sops4] not is_empty_log'0 self + -> deep_model'0 (start_log'0 self) <= deep_model'0 (end_log'0 self) - use prelude.prelude.Int + function range_inclusive_len'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 46 0 46 92] (r : t_RangeInclusive'0) : int + + = + [%#srange3] if is_empty_log'0 r then 0 else deep_model'0 (end_log'0 r) - deep_model'0 (start_log'0 r) + 1 - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + axiom range_inclusive_len'0_spec : forall r : t_RangeInclusive'0 . [%#srange2] is_empty_log'0 r + = (range_inclusive_len'0 r = 0) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint8) (o : uint8) : t_Ordering'0 + use seq.Seq + + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 64 4 64 64] (self : t_RangeInclusive'0) (visited : Seq.seq t_Idx'0) (o : t_RangeInclusive'0) = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#srange1] Seq.length visited = range_inclusive_len'0 self - range_inclusive_len'0 o + /\ (is_empty_log'0 self -> is_empty_log'0 o) + /\ (is_empty_log'0 o \/ end_log'0 self = end_log'0 o) + /\ (forall i : int . 0 <= i /\ i < Seq.length visited + -> deep_model'0 (Seq.get visited i) = deep_model'0 (start_log'0 self) + i) - goal refines : [%#sord0] forall x : uint8 . forall y : uint8 . forall result : () . (x >= y) - = (cmp_log'0 x y <> C_Less'0) -> (x >= y) = (cmp_log'0 x y <> C_Less'0) -end -module M_creusot_contracts__logic__ord__qyi15418235539824427604__antisym1__refines [#"../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + use seq.Seq - use prelude.prelude.UInt8 + goal refines : [%#srange0] forall a : t_RangeInclusive'0 . forall ab : Seq.seq t_Idx'0 . forall b : t_RangeInclusive'0 . forall bc : Seq.seq t_Idx'0 . forall c : t_RangeInclusive'0 . produces'0 b bc c + /\ produces'0 a ab b + -> produces'0 b bc c + /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) +end +module M_creusot_contracts__stdqy35z1__iter__range__qyi11108913944999844411__produces_refl__refines [#"../../../creusot-contracts/src/std/iter/range.rs" 77 4 77 26] (* as std::iter::Iterator> *) + let%span srange0 = "../../../creusot-contracts/src/std/iter/range.rs" 77 4 77 26 + let%span srange1 = "../../../creusot-contracts/src/std/iter/range.rs" 66 12 70 76 + let%span srange2 = "../../../creusot-contracts/src/std/iter/range.rs" 45 10 45 43 + let%span srange3 = "../../../creusot-contracts/src/std/iter/range.rs" 47 4 50 5 + let%span sops4 = "../../../creusot-contracts/src/std/ops.rs" 205 14 205 86 - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + type t_Idx'0 - use prelude.prelude.Int + type t_RangeInclusive'0 = + { t_RangeInclusive__start'0: t_Idx'0; t_RangeInclusive__end'0: t_Idx'0; t_RangeInclusive__exhausted'0: bool } - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint8) (o : uint8) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + use seq.Seq - goal refines : [%#sord0] forall x : uint8 . forall y : uint8 . cmp_log'0 x y = C_Less'0 - -> cmp_log'0 x y = C_Less'0 /\ (forall result : () . cmp_log'0 y x = C_Greater'0 -> cmp_log'0 y x = C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi15418235539824427604__refl__refines [#"../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + use seq.Seq - use prelude.prelude.UInt8 + use seq.Seq - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function start_log'0 [#"../../../creusot-contracts/src/std/ops.rs" 193 4 193 29] (self : t_RangeInclusive'0) : t_Idx'0 use prelude.prelude.Int - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint8) (o : uint8) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - - goal refines : [%#sord0] forall x : uint8 . forall result : () . cmp_log'0 x x = C_Equal'0 - -> cmp_log'0 x x = C_Equal'0 -end -module M_creusot_contracts__logic__ord__qyi7305497527599188430__antisym2__refines [#"../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + function deep_model'0 [#"../../../creusot-contracts/src/model.rs" 29 4 29 45] (self : t_Idx'0) : int - use prelude.prelude.UInt16 + function end_log'0 [#"../../../creusot-contracts/src/std/ops.rs" 199 4 199 27] (self : t_RangeInclusive'0) : t_Idx'0 - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function is_empty_log'0 [#"../../../creusot-contracts/src/std/ops.rs" 206 4 209 35] (self : t_RangeInclusive'0) : bool - use prelude.prelude.Int + axiom is_empty_log'0_spec : forall self : t_RangeInclusive'0 . [%#sops4] not is_empty_log'0 self + -> deep_model'0 (start_log'0 self) <= deep_model'0 (end_log'0 self) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint16) (o : uint16) : t_Ordering'0 + function range_inclusive_len'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 46 0 46 92] (r : t_RangeInclusive'0) : int = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - - goal refines : [%#sord0] forall x : uint16 . forall y : uint16 . cmp_log'0 x y = C_Greater'0 - -> cmp_log'0 x y = C_Greater'0 /\ (forall result : () . cmp_log'0 y x = C_Less'0 -> cmp_log'0 y x = C_Less'0) -end -module M_creusot_contracts__logic__ord__qyi7305497527599188430__cmp_ge_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - - use prelude.prelude.UInt16 + [%#srange3] if is_empty_log'0 r then 0 else deep_model'0 (end_log'0 r) - deep_model'0 (start_log'0 r) + 1 - use prelude.prelude.Int + axiom range_inclusive_len'0_spec : forall r : t_RangeInclusive'0 . [%#srange2] is_empty_log'0 r + = (range_inclusive_len'0 r = 0) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint16) (o : uint16) : t_Ordering'0 + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 64 4 64 64] (self : t_RangeInclusive'0) (visited : Seq.seq t_Idx'0) (o : t_RangeInclusive'0) = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#srange1] Seq.length visited = range_inclusive_len'0 self - range_inclusive_len'0 o + /\ (is_empty_log'0 self -> is_empty_log'0 o) + /\ (is_empty_log'0 o \/ end_log'0 self = end_log'0 o) + /\ (forall i : int . 0 <= i /\ i < Seq.length visited + -> deep_model'0 (Seq.get visited i) = deep_model'0 (start_log'0 self) + i) - goal refines : [%#sord0] forall x : uint16 . forall y : uint16 . forall result : () . (x >= y) - = (cmp_log'0 x y <> C_Less'0) -> (x >= y) = (cmp_log'0 x y <> C_Less'0) + goal refines : [%#srange0] forall self : t_RangeInclusive'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_Idx'0) self + -> produces'0 self (Seq.empty : Seq.seq t_Idx'0) self end -module M_creusot_contracts__logic__ord__qyi7305497527599188430__refl__refines [#"../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 +module M_creusot_contracts__stdqy35z1__iter__repeat__qyi8658929399712466629__produces_refl__refines [#"../../../creusot-contracts/src/std/iter/repeat.rs" 32 4 32 26] (* as std::iter::Iterator> *) + let%span srepeat0 = "../../../creusot-contracts/src/std/iter/repeat.rs" 32 4 32 26 + let%span srepeat1 = "../../../creusot-contracts/src/std/iter/repeat.rs" 24 12 25 78 - use prelude.prelude.UInt16 + type t_T'0 - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + type t_Repeat'0 = + { t_Repeat__element'0: t_T'0 } + + use seq.Seq + + use seq.Seq use prelude.prelude.Int - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint16) (o : uint16) : t_Ordering'0 + use seq.Seq + + use seq.Seq + + function view'0 [#"../../../creusot-contracts/src/std/iter/repeat.rs" 8 4 8 22] (self : t_Repeat'0) : t_T'0 + + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/repeat.rs" 22 4 22 64] (self : t_Repeat'0) (visited : Seq.seq t_T'0) (o : t_Repeat'0) = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#srepeat1] self = o /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> Seq.get visited i = view'0 self) - goal refines : [%#sord0] forall x : uint16 . forall result : () . cmp_log'0 x x = C_Equal'0 - -> cmp_log'0 x x = C_Equal'0 + goal refines : [%#srepeat0] forall self : t_Repeat'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_T'0) self + -> produces'0 self (Seq.empty : Seq.seq t_T'0) self end -module M_creusot_contracts__logic__ord__qyi7305497527599188430__cmp_lt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 +module M_creusot_contracts__stdqy35z1__iter__repeat__qyi8658929399712466629__produces_trans__refines [#"../../../creusot-contracts/src/std/iter/repeat.rs" 39 4 39 90] (* as std::iter::Iterator> *) + let%span srepeat0 = "../../../creusot-contracts/src/std/iter/repeat.rs" 39 4 39 90 + let%span srepeat1 = "../../../creusot-contracts/src/std/iter/repeat.rs" 24 12 25 78 - use prelude.prelude.UInt16 + type t_T'0 + + type t_Repeat'0 = + { t_Repeat__element'0: t_T'0 } + + use seq.Seq use prelude.prelude.Int - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint16) (o : uint16) : t_Ordering'0 + use seq.Seq + + function view'0 [#"../../../creusot-contracts/src/std/iter/repeat.rs" 8 4 8 22] (self : t_Repeat'0) : t_T'0 + + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/repeat.rs" 22 4 22 64] (self : t_Repeat'0) (visited : Seq.seq t_T'0) (o : t_Repeat'0) = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#srepeat1] self = o /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> Seq.get visited i = view'0 self) - goal refines : [%#sord0] forall x : uint16 . forall y : uint16 . forall result : () . (x < y) - = (cmp_log'0 x y = C_Less'0) -> (x < y) = (cmp_log'0 x y = C_Less'0) -end -module M_creusot_contracts__logic__ord__qyi7305497527599188430__cmp_le_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + use seq.Seq - use prelude.prelude.UInt16 + goal refines : [%#srepeat0] forall a : t_Repeat'0 . forall ab : Seq.seq t_T'0 . forall b : t_Repeat'0 . forall bc : Seq.seq t_T'0 . forall c : t_Repeat'0 . produces'0 b bc c + /\ produces'0 a ab b + -> produces'0 b bc c + /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) +end +module M_creusot_contracts__stdqy35z1__iter__skip__qyi3195031491774060502__produces_trans__refines [#"../../../creusot-contracts/src/std/iter/skip.rs" 81 4 81 90] (* as std::iter::Iterator> *) + let%span sskip0 = "../../../creusot-contracts/src/std/iter/skip.rs" 81 4 81 90 + let%span sskip1 = "../../../creusot-contracts/src/std/iter/skip.rs" 62 12 67 74 + let%span sskip2 = "../../../creusot-contracts/src/std/iter/skip.rs" 21 14 21 50 + let%span sskip3 = "../../../creusot-contracts/src/std/iter/skip.rs" 14 14 14 39 + let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 + let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 + let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 + let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 - use prelude.prelude.Int + type t_I'0 - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use prelude.prelude.UIntSize - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint16) (o : uint16) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + type t_Skip'0 = + { t_Skip__iter'0: t_I'0; t_Skip__n'0: usize } - goal refines : [%#sord0] forall x : uint16 . forall y : uint16 . forall result : () . (x <= y) - = (cmp_log'0 x y <> C_Greater'0) -> (x <= y) = (cmp_log'0 x y <> C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi7305497527599188430__antisym1__refines [#"../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + type t_Item'0 - use prelude.prelude.UInt16 + use seq.Seq - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use seq.Seq use prelude.prelude.Int - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint16) (o : uint16) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - - goal refines : [%#sord0] forall x : uint16 . forall y : uint16 . cmp_log'0 x y = C_Less'0 - -> cmp_log'0 x y = C_Less'0 /\ (forall result : () . cmp_log'0 y x = C_Greater'0 -> cmp_log'0 y x = C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi7305497527599188430__trans__refines [#"../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + constant v_MAX'0 : usize = (18446744073709551615 : usize) - use prelude.prelude.UInt16 + use prelude.prelude.UIntSize - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function n'0 [#"../../../creusot-contracts/src/std/iter/skip.rs" 22 4 22 21] (self : t_Skip'0) : int - use prelude.prelude.Int + axiom n'0_spec : forall self : t_Skip'0 . [%#sskip2] n'0 self >= 0 /\ n'0 self <= UIntSize.to_int (v_MAX'0 : usize) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint16) (o : uint16) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + use seq.Seq - goal refines : [%#sord0] forall x : uint16 . forall y : uint16 . forall z : uint16 . forall o : t_Ordering'0 . cmp_log'0 y z - = o - /\ cmp_log'0 x y = o - -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) -end -module M_creusot_contracts__logic__ord__qyi7305497527599188430__eq_cmp__refines [#"../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) - use prelude.prelude.UInt16 + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Skip'0) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + axiom inv_axiom'0 [@rewrite] : forall x : t_Skip'0 [inv'0 x] . inv'0 x + = match x with + | {t_Skip__iter'0 = iter ; t_Skip__n'0 = n} -> inv'1 iter + end - use prelude.prelude.Int + function iter'0 [#"../../../creusot-contracts/src/std/iter/skip.rs" 15 4 15 22] (self : t_Skip'0) : t_I'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint16) (o : uint16) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + axiom iter'0_spec : forall self : t_Skip'0 . [%#sskip3] inv'0 self -> inv'1 (iter'0 self) - goal refines : [%#sord0] forall x : uint16 . forall y : uint16 . forall result : () . (x = y) - = (cmp_log'0 x y = C_Equal'0) -> (x = y) = (cmp_log'0 x y = C_Equal'0) -end -module M_creusot_contracts__logic__ord__qyi7305497527599188430__cmp_gt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + use seq.Seq - use prelude.prelude.UInt16 + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) + - use prelude.prelude.Int + function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter5] produces'1 a ab b) + -> ([%#siter6] produces'1 b bc c) -> ([%#siter7] produces'1 a (Seq.(++) ab bc) c) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint16) (o : uint16) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () - goal refines : [%#sord0] forall x : uint16 . forall y : uint16 . forall result : () . (x > y) - = (cmp_log'0 x y = C_Greater'0) -> (x > y) = (cmp_log'0 x y = C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi4526525114627399862__cmp_gt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + axiom produces_refl'0_spec : forall self : t_I'0 . [%#siter4] produces'1 self (Seq.empty : Seq.seq t_Item'0) self - use prelude.prelude.UInt32 + use seq.Seq - use prelude.prelude.Int + use prelude.prelude.Borrow - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + predicate resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_Item'0) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint32) (o : uint32) : t_Ordering'0 + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/skip.rs" 60 4 60 64] (self : t_Skip'0) (visited : Seq.seq t_Item'0) (o : t_Skip'0) = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sskip1] visited = (Seq.empty : Seq.seq t_Item'0) /\ self = o + \/ n'0 o = 0 + /\ Seq.length visited > 0 + /\ (exists s : Seq.seq t_Item'0 . Seq.length s = n'0 self + /\ produces'1 (iter'0 self) (Seq.(++) s visited) (iter'0 o) + /\ (forall i : int . 0 <= i /\ i < Seq.length s -> resolve'0 (Seq.get s i))) - goal refines : [%#sord0] forall x : uint32 . forall y : uint32 . forall result : () . (x > y) - = (cmp_log'0 x y = C_Greater'0) -> (x > y) = (cmp_log'0 x y = C_Greater'0) + goal refines : [%#sskip0] forall a : t_Skip'0 . forall ab : Seq.seq t_Item'0 . forall b : t_Skip'0 . forall bc : Seq.seq t_Item'0 . forall c : t_Skip'0 . produces'0 b bc c + /\ produces'0 a ab b + -> produces'0 b bc c + /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) end -module M_creusot_contracts__logic__ord__qyi4526525114627399862__trans__refines [#"../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 +module M_creusot_contracts__stdqy35z1__iter__skip__qyi3195031491774060502__produces_refl__refines [#"../../../creusot-contracts/src/std/iter/skip.rs" 74 4 74 26] (* as std::iter::Iterator> *) + let%span sskip0 = "../../../creusot-contracts/src/std/iter/skip.rs" 74 4 74 26 + let%span sskip1 = "../../../creusot-contracts/src/std/iter/skip.rs" 62 12 67 74 + let%span sskip2 = "../../../creusot-contracts/src/std/iter/skip.rs" 21 14 21 50 + let%span sskip3 = "../../../creusot-contracts/src/std/iter/skip.rs" 14 14 14 39 + let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 + let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 + let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 + let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 - use prelude.prelude.UInt32 + type t_I'0 - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use prelude.prelude.UIntSize - use prelude.prelude.Int + type t_Skip'0 = + { t_Skip__iter'0: t_I'0; t_Skip__n'0: usize } - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint32) (o : uint32) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + use seq.Seq - goal refines : [%#sord0] forall x : uint32 . forall y : uint32 . forall z : uint32 . forall o : t_Ordering'0 . cmp_log'0 y z - = o - /\ cmp_log'0 x y = o - -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) -end -module M_creusot_contracts__logic__ord__qyi4526525114627399862__cmp_lt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + type t_Item'0 - use prelude.prelude.UInt32 + use seq.Seq use prelude.prelude.Int - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + constant v_MAX'0 : usize = (18446744073709551615 : usize) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint32) (o : uint32) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + use prelude.prelude.UIntSize - goal refines : [%#sord0] forall x : uint32 . forall y : uint32 . forall result : () . (x < y) - = (cmp_log'0 x y = C_Less'0) -> (x < y) = (cmp_log'0 x y = C_Less'0) -end -module M_creusot_contracts__logic__ord__qyi4526525114627399862__cmp_ge_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + function n'0 [#"../../../creusot-contracts/src/std/iter/skip.rs" 22 4 22 21] (self : t_Skip'0) : int - use prelude.prelude.UInt32 + axiom n'0_spec : forall self : t_Skip'0 . [%#sskip2] n'0 self >= 0 /\ n'0 self <= UIntSize.to_int (v_MAX'0 : usize) - use prelude.prelude.Int + use seq.Seq - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint32) (o : uint32) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Skip'0) - goal refines : [%#sord0] forall x : uint32 . forall y : uint32 . forall result : () . (x >= y) - = (cmp_log'0 x y <> C_Less'0) -> (x >= y) = (cmp_log'0 x y <> C_Less'0) -end -module M_creusot_contracts__logic__ord__qyi4526525114627399862__cmp_le_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + axiom inv_axiom'0 [@rewrite] : forall x : t_Skip'0 [inv'0 x] . inv'0 x + = match x with + | {t_Skip__iter'0 = iter ; t_Skip__n'0 = n} -> inv'1 iter + end - use prelude.prelude.UInt32 + function iter'0 [#"../../../creusot-contracts/src/std/iter/skip.rs" 15 4 15 22] (self : t_Skip'0) : t_I'0 - use prelude.prelude.Int + axiom iter'0_spec : forall self : t_Skip'0 . [%#sskip3] inv'0 self -> inv'1 (iter'0 self) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint32) (o : uint32) : t_Ordering'0 + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : uint32 . forall y : uint32 . forall result : () . (x <= y) - = (cmp_log'0 x y <> C_Greater'0) -> (x <= y) = (cmp_log'0 x y <> C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi4526525114627399862__antisym2__refines [#"../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + - use prelude.prelude.UInt32 + axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter5] produces'1 a ab b) + -> ([%#siter6] produces'1 b bc c) -> ([%#siter7] produces'1 a (Seq.(++) ab bc) c) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () - use prelude.prelude.Int + axiom produces_refl'1_spec : forall self : t_I'0 . [%#siter4] produces'1 self (Seq.empty : Seq.seq t_Item'0) self - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint32) (o : uint32) : t_Ordering'0 + use seq.Seq + + use prelude.prelude.Borrow + + predicate resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_Item'0) + + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/skip.rs" 60 4 60 64] (self : t_Skip'0) (visited : Seq.seq t_Item'0) (o : t_Skip'0) = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sskip1] visited = (Seq.empty : Seq.seq t_Item'0) /\ self = o + \/ n'0 o = 0 + /\ Seq.length visited > 0 + /\ (exists s : Seq.seq t_Item'0 . Seq.length s = n'0 self + /\ produces'1 (iter'0 self) (Seq.(++) s visited) (iter'0 o) + /\ (forall i : int . 0 <= i /\ i < Seq.length s -> resolve'0 (Seq.get s i))) - goal refines : [%#sord0] forall x : uint32 . forall y : uint32 . cmp_log'0 x y = C_Greater'0 - -> cmp_log'0 x y = C_Greater'0 /\ (forall result : () . cmp_log'0 y x = C_Less'0 -> cmp_log'0 y x = C_Less'0) + goal refines : [%#sskip0] forall self : t_Skip'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_Item'0) self + -> produces'0 self (Seq.empty : Seq.seq t_Item'0) self end -module M_creusot_contracts__logic__ord__qyi4526525114627399862__refl__refines [#"../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - - use prelude.prelude.UInt32 +module M_creusot_contracts__stdqy35z1__iter__take__qyi12344256497067751022__produces_refl__refines [#"../../../creusot-contracts/src/std/iter/take.rs" 72 4 72 26] (* as std::iter::Iterator> *) + let%span stake0 = "../../../creusot-contracts/src/std/iter/take.rs" 72 4 72 26 + let%span stake1 = "../../../creusot-contracts/src/std/iter/take.rs" 65 12 65 88 + let%span stake2 = "../../../creusot-contracts/src/std/iter/take.rs" 31 14 31 50 + let%span stake3 = "../../../creusot-contracts/src/std/iter/take.rs" 17 14 17 39 + let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 + let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 + let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 + let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + type t_I'0 - use prelude.prelude.Int + use prelude.prelude.UIntSize - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint32) (o : uint32) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + type t_Take'0 = + { t_Take__iter'0: t_I'0; t_Take__n'0: usize } - goal refines : [%#sord0] forall x : uint32 . forall result : () . cmp_log'0 x x = C_Equal'0 - -> cmp_log'0 x x = C_Equal'0 -end -module M_creusot_contracts__logic__ord__qyi4526525114627399862__eq_cmp__refines [#"../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + use seq.Seq - use prelude.prelude.UInt32 + type t_Item'0 - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use seq.Seq use prelude.prelude.Int - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint32) (o : uint32) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + constant v_MAX'0 : usize = (18446744073709551615 : usize) - goal refines : [%#sord0] forall x : uint32 . forall y : uint32 . forall result : () . (x = y) - = (cmp_log'0 x y = C_Equal'0) -> (x = y) = (cmp_log'0 x y = C_Equal'0) -end -module M_creusot_contracts__logic__ord__qyi4526525114627399862__antisym1__refines [#"../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + use prelude.prelude.UIntSize - use prelude.prelude.UInt32 + function n'0 [#"../../../creusot-contracts/src/std/iter/take.rs" 32 4 32 21] (self : t_Take'0) : int - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + axiom n'0_spec : forall self : t_Take'0 . [%#stake2] n'0 self >= 0 /\ n'0 self <= UIntSize.to_int (v_MAX'0 : usize) - use prelude.prelude.Int + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint32) (o : uint32) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) - goal refines : [%#sord0] forall x : uint32 . forall y : uint32 . cmp_log'0 x y = C_Less'0 - -> cmp_log'0 x y = C_Less'0 /\ (forall result : () . cmp_log'0 y x = C_Greater'0 -> cmp_log'0 y x = C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi11489483489418918928__trans__refines [#"../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Take'0) - use prelude.prelude.UInt64 + axiom inv_axiom'0 [@rewrite] : forall x : t_Take'0 [inv'0 x] . inv'0 x + = match x with + | {t_Take__iter'0 = iter ; t_Take__n'0 = n} -> inv'1 iter + end - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function iter'0 [#"../../../creusot-contracts/src/std/iter/take.rs" 18 4 18 22] (self : t_Take'0) : t_I'0 - use prelude.prelude.Int + axiom iter'0_spec : forall self : t_Take'0 . [%#stake3] inv'0 self -> inv'1 (iter'0 self) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint64) (o : uint64) : t_Ordering'0 + use seq.Seq + + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : uint64 . forall y : uint64 . forall z : uint64 . forall o : t_Ordering'0 . cmp_log'0 y z - = o - /\ cmp_log'0 x y = o - -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) -end -module M_creusot_contracts__logic__ord__qyi11489483489418918928__eq_cmp__refines [#"../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + - use prelude.prelude.UInt64 + axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter5] produces'1 a ab b) + -> ([%#siter6] produces'1 b bc c) -> ([%#siter7] produces'1 a (Seq.(++) ab bc) c) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () - use prelude.prelude.Int + axiom produces_refl'1_spec : forall self : t_I'0 . [%#siter4] produces'1 self (Seq.empty : Seq.seq t_Item'0) self - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint64) (o : uint64) : t_Ordering'0 + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/take.rs" 63 4 63 64] (self : t_Take'0) (visited : Seq.seq t_Item'0) (o : t_Take'0) = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#stake1] n'0 self = n'0 o + Seq.length visited /\ produces'1 (iter'0 self) visited (iter'0 o) - goal refines : [%#sord0] forall x : uint64 . forall y : uint64 . forall result : () . (x = y) - = (cmp_log'0 x y = C_Equal'0) -> (x = y) = (cmp_log'0 x y = C_Equal'0) + goal refines : [%#stake0] forall self : t_Take'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_Item'0) self + -> produces'0 self (Seq.empty : Seq.seq t_Item'0) self end -module M_creusot_contracts__logic__ord__qyi11489483489418918928__antisym1__refines [#"../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 +module M_creusot_contracts__stdqy35z1__iter__take__qyi12344256497067751022__produces_trans__refines [#"../../../creusot-contracts/src/std/iter/take.rs" 79 4 79 90] (* as std::iter::Iterator> *) + let%span stake0 = "../../../creusot-contracts/src/std/iter/take.rs" 79 4 79 90 + let%span stake1 = "../../../creusot-contracts/src/std/iter/take.rs" 65 12 65 88 + let%span stake2 = "../../../creusot-contracts/src/std/iter/take.rs" 31 14 31 50 + let%span stake3 = "../../../creusot-contracts/src/std/iter/take.rs" 17 14 17 39 + let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 + let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 + let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 + let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 - use prelude.prelude.UInt64 + type t_I'0 - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use prelude.prelude.UIntSize + + type t_Take'0 = + { t_Take__iter'0: t_I'0; t_Take__n'0: usize } + + type t_Item'0 + + use seq.Seq use prelude.prelude.Int - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint64) (o : uint64) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + constant v_MAX'0 : usize = (18446744073709551615 : usize) - goal refines : [%#sord0] forall x : uint64 . forall y : uint64 . cmp_log'0 x y = C_Less'0 - -> cmp_log'0 x y = C_Less'0 /\ (forall result : () . cmp_log'0 y x = C_Greater'0 -> cmp_log'0 y x = C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi11489483489418918928__refl__refines [#"../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + use prelude.prelude.UIntSize - use prelude.prelude.UInt64 + function n'0 [#"../../../creusot-contracts/src/std/iter/take.rs" 32 4 32 21] (self : t_Take'0) : int - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + axiom n'0_spec : forall self : t_Take'0 . [%#stake2] n'0 self >= 0 /\ n'0 self <= UIntSize.to_int (v_MAX'0 : usize) - use prelude.prelude.Int + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint64) (o : uint64) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) - goal refines : [%#sord0] forall x : uint64 . forall result : () . cmp_log'0 x x = C_Equal'0 - -> cmp_log'0 x x = C_Equal'0 -end -module M_creusot_contracts__logic__ord__qyi11489483489418918928__cmp_le_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Take'0) - use prelude.prelude.UInt64 + axiom inv_axiom'0 [@rewrite] : forall x : t_Take'0 [inv'0 x] . inv'0 x + = match x with + | {t_Take__iter'0 = iter ; t_Take__n'0 = n} -> inv'1 iter + end - use prelude.prelude.Int + function iter'0 [#"../../../creusot-contracts/src/std/iter/take.rs" 18 4 18 22] (self : t_Take'0) : t_I'0 - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + axiom iter'0_spec : forall self : t_Take'0 . [%#stake3] inv'0 self -> inv'1 (iter'0 self) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint64) (o : uint64) : t_Ordering'0 + use seq.Seq + + use seq.Seq + + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : uint64 . forall y : uint64 . forall result : () . (x <= y) - = (cmp_log'0 x y <> C_Greater'0) -> (x <= y) = (cmp_log'0 x y <> C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi11489483489418918928__cmp_ge_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + - use prelude.prelude.UInt64 + axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter5] produces'1 a ab b) + -> ([%#siter6] produces'1 b bc c) -> ([%#siter7] produces'1 a (Seq.(++) ab bc) c) - use prelude.prelude.Int + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + axiom produces_refl'0_spec : forall self : t_I'0 . [%#siter4] produces'1 self (Seq.empty : Seq.seq t_Item'0) self - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint64) (o : uint64) : t_Ordering'0 + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/take.rs" 63 4 63 64] (self : t_Take'0) (visited : Seq.seq t_Item'0) (o : t_Take'0) = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#stake1] n'0 self = n'0 o + Seq.length visited /\ produces'1 (iter'0 self) visited (iter'0 o) - goal refines : [%#sord0] forall x : uint64 . forall y : uint64 . forall result : () . (x >= y) - = (cmp_log'0 x y <> C_Less'0) -> (x >= y) = (cmp_log'0 x y <> C_Less'0) + goal refines : [%#stake0] forall a : t_Take'0 . forall ab : Seq.seq t_Item'0 . forall b : t_Take'0 . forall bc : Seq.seq t_Item'0 . forall c : t_Take'0 . produces'0 b bc c + /\ produces'0 a ab b + -> produces'0 b bc c + /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) end -module M_creusot_contracts__logic__ord__qyi11489483489418918928__antisym2__refines [#"../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 +module M_creusot_contracts__stdqy35z1__iter__zip__qyi2281060687216883844__produces_trans__refines [#"../../../creusot-contracts/src/std/iter/zip.rs" 63 4 63 90] (* as std::iter::Iterator> *) + let%span szip0 = "../../../creusot-contracts/src/std/iter/zip.rs" 63 4 63 90 + let%span szip1 = "../../../creusot-contracts/src/std/iter/zip.rs" 46 12 49 95 + let%span szip2 = "../../../creusot-contracts/src/std/iter/zip.rs" 14 14 14 39 + let%span szip3 = "../../../creusot-contracts/src/std/iter/zip.rs" 21 14 21 39 + let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 + let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 + let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 + let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 - use prelude.prelude.UInt64 + type t_A'0 - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + type t_B'0 - use prelude.prelude.Int + use prelude.prelude.UIntSize - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint64) (o : uint64) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + type t_Zip'0 = + { t_Zip__a'0: t_A'0; t_Zip__b'0: t_B'0; t_Zip__index'0: usize; t_Zip__len'0: usize; t_Zip__a_len'0: usize } - goal refines : [%#sord0] forall x : uint64 . forall y : uint64 . cmp_log'0 x y = C_Greater'0 - -> cmp_log'0 x y = C_Greater'0 /\ (forall result : () . cmp_log'0 y x = C_Less'0 -> cmp_log'0 y x = C_Less'0) -end -module M_creusot_contracts__logic__ord__qyi11489483489418918928__cmp_gt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + type t_Item'0 - use prelude.prelude.UInt64 + type t_Item'1 - use prelude.prelude.Int + use seq.Seq - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint64) (o : uint64) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + use seq.Seq - goal refines : [%#sord0] forall x : uint64 . forall y : uint64 . forall result : () . (x > y) - = (cmp_log'0 x y = C_Greater'0) -> (x > y) = (cmp_log'0 x y = C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi11489483489418918928__cmp_lt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + use seq.Seq - use prelude.prelude.UInt64 + use seq.Seq + + use seq.Seq use prelude.prelude.Int - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint64) (o : uint64) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + use seq.Seq - goal refines : [%#sord0] forall x : uint64 . forall y : uint64 . forall result : () . (x < y) - = (cmp_log'0 x y = C_Less'0) -> (x < y) = (cmp_log'0 x y = C_Less'0) -end -module M_creusot_contracts__logic__ord__qyi13757098721041279861__antisym2__refines [#"../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + use seq.Seq - use prelude.prelude.UInt128 + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_A'0) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_B'0) - use prelude.prelude.Int + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Zip'0) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint128) (o : uint128) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + axiom inv_axiom'0 [@rewrite] : forall x : t_Zip'0 [inv'0 x] . inv'0 x + = match x with + | {t_Zip__a'0 = a ; t_Zip__b'0 = b ; t_Zip__index'0 = index ; t_Zip__len'0 = len ; t_Zip__a_len'0 = a_len} -> inv'1 a + /\ inv'2 b + end - goal refines : [%#sord0] forall x : uint128 . forall y : uint128 . cmp_log'0 x y = C_Greater'0 - -> cmp_log'0 x y = C_Greater'0 /\ (forall result : () . cmp_log'0 y x = C_Less'0 -> cmp_log'0 y x = C_Less'0) -end -module M_creusot_contracts__logic__ord__qyi13757098721041279861__cmp_le_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + function itera'0 [#"../../../creusot-contracts/src/std/iter/zip.rs" 15 4 15 23] (self : t_Zip'0) : t_A'0 - use prelude.prelude.UInt128 + axiom itera'0_spec : forall self : t_Zip'0 . [%#szip2] inv'0 self -> inv'1 (itera'0 self) - use prelude.prelude.Int + use seq.Seq - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint128) (o : uint128) : t_Ordering'0 + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_A'0) (visited : Seq.seq t_Item'0) (o : t_A'0) - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : uint128 . forall y : uint128 . forall result : () . (x <= y) - = (cmp_log'0 x y <> C_Greater'0) -> (x <= y) = (cmp_log'0 x y <> C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi13757098721041279861__antisym1__refines [#"../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_A'0) (ab : Seq.seq t_Item'0) (b : t_A'0) (bc : Seq.seq t_Item'0) (c : t_A'0) : () + - use prelude.prelude.UInt128 + axiom produces_trans'1_spec : forall a : t_A'0, ab : Seq.seq t_Item'0, b : t_A'0, bc : Seq.seq t_Item'0, c : t_A'0 . ([%#siter5] produces'1 a ab b) + -> ([%#siter6] produces'1 b bc c) -> ([%#siter7] produces'1 a (Seq.(++) ab bc) c) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_A'0) : () - use prelude.prelude.Int + axiom produces_refl'0_spec : forall self : t_A'0 . [%#siter4] produces'1 self (Seq.empty : Seq.seq t_Item'0) self - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint128) (o : uint128) : t_Ordering'0 + function iterb'0 [#"../../../creusot-contracts/src/std/iter/zip.rs" 22 4 22 23] (self : t_Zip'0) : t_B'0 + + axiom iterb'0_spec : forall self : t_Zip'0 . [%#szip3] inv'0 self -> inv'2 (iterb'0 self) + + use seq.Seq + + use seq.Seq + + predicate produces'2 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_B'0) (visited : Seq.seq t_Item'1) (o : t_B'0) - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : uint128 . forall y : uint128 . cmp_log'0 x y = C_Less'0 - -> cmp_log'0 x y = C_Less'0 /\ (forall result : () . cmp_log'0 y x = C_Greater'0 -> cmp_log'0 y x = C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi13757098721041279861__trans__refines [#"../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + function produces_trans'2 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_B'0) (ab : Seq.seq t_Item'1) (b : t_B'0) (bc : Seq.seq t_Item'1) (c : t_B'0) : () + - use prelude.prelude.UInt128 + axiom produces_trans'2_spec : forall a : t_B'0, ab : Seq.seq t_Item'1, b : t_B'0, bc : Seq.seq t_Item'1, c : t_B'0 . ([%#siter5] produces'2 a ab b) + -> ([%#siter6] produces'2 b bc c) -> ([%#siter7] produces'2 a (Seq.(++) ab bc) c) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_B'0) : () - use prelude.prelude.Int + axiom produces_refl'1_spec : forall self : t_B'0 . [%#siter4] produces'2 self (Seq.empty : Seq.seq t_Item'1) self - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint128) (o : uint128) : t_Ordering'0 + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/zip.rs" 43 4 43 64] (self : t_Zip'0) (visited : Seq.seq (t_Item'0, t_Item'1)) (o : t_Zip'0) = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#szip1] exists p1 : Seq.seq t_Item'0, p2 : Seq.seq t_Item'1 . Seq.length p1 = Seq.length p2 + /\ Seq.length p2 = Seq.length visited + /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> Seq.get visited i = (Seq.get p1 i, Seq.get p2 i)) + /\ produces'1 (itera'0 self) p1 (itera'0 o) /\ produces'2 (iterb'0 self) p2 (iterb'0 o) - goal refines : [%#sord0] forall x : uint128 . forall y : uint128 . forall z : uint128 . forall o : t_Ordering'0 . cmp_log'0 y z - = o - /\ cmp_log'0 x y = o - -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) + use seq.Seq + + goal refines : [%#szip0] forall a : t_Zip'0 . forall ab : Seq.seq (t_Item'0, t_Item'1) . forall b : t_Zip'0 . forall bc : Seq.seq (t_Item'0, t_Item'1) . forall c : t_Zip'0 . produces'0 b bc c + /\ produces'0 a ab b + -> produces'0 b bc c + /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) end -module M_creusot_contracts__logic__ord__qyi13757098721041279861__refl__refines [#"../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 +module M_creusot_contracts__stdqy35z1__iter__zip__qyi2281060687216883844__produces_refl__refines [#"../../../creusot-contracts/src/std/iter/zip.rs" 56 4 56 26] (* as std::iter::Iterator> *) + let%span szip0 = "../../../creusot-contracts/src/std/iter/zip.rs" 56 4 56 26 + let%span szip1 = "../../../creusot-contracts/src/std/iter/zip.rs" 46 12 49 95 + let%span szip2 = "../../../creusot-contracts/src/std/iter/zip.rs" 14 14 14 39 + let%span szip3 = "../../../creusot-contracts/src/std/iter/zip.rs" 21 14 21 39 + let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 + let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 + let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 + let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 - use prelude.prelude.UInt128 + type t_A'0 - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + type t_B'0 - use prelude.prelude.Int + use prelude.prelude.UIntSize - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint128) (o : uint128) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + type t_Zip'0 = + { t_Zip__a'0: t_A'0; t_Zip__b'0: t_B'0; t_Zip__index'0: usize; t_Zip__len'0: usize; t_Zip__a_len'0: usize } - goal refines : [%#sord0] forall x : uint128 . forall result : () . cmp_log'0 x x = C_Equal'0 - -> cmp_log'0 x x = C_Equal'0 -end -module M_creusot_contracts__logic__ord__qyi13757098721041279861__cmp_ge_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + use seq.Seq - use prelude.prelude.UInt128 + type t_Item'0 - use prelude.prelude.Int + type t_Item'1 - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint128) (o : uint128) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + use seq.Seq - goal refines : [%#sord0] forall x : uint128 . forall y : uint128 . forall result : () . (x >= y) - = (cmp_log'0 x y <> C_Less'0) -> (x >= y) = (cmp_log'0 x y <> C_Less'0) -end -module M_creusot_contracts__logic__ord__qyi13757098721041279861__eq_cmp__refines [#"../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + use seq.Seq - use prelude.prelude.UInt128 + use seq.Seq - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use seq.Seq + + use seq.Seq use prelude.prelude.Int - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint128) (o : uint128) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + use seq.Seq - goal refines : [%#sord0] forall x : uint128 . forall y : uint128 . forall result : () . (x = y) - = (cmp_log'0 x y = C_Equal'0) -> (x = y) = (cmp_log'0 x y = C_Equal'0) -end -module M_creusot_contracts__logic__ord__qyi13757098721041279861__cmp_gt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + use seq.Seq - use prelude.prelude.UInt128 + use seq.Seq - use prelude.prelude.Int + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_A'0) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_B'0) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint128) (o : uint128) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Zip'0) - goal refines : [%#sord0] forall x : uint128 . forall y : uint128 . forall result : () . (x > y) - = (cmp_log'0 x y = C_Greater'0) -> (x > y) = (cmp_log'0 x y = C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi13757098721041279861__cmp_lt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + axiom inv_axiom'0 [@rewrite] : forall x : t_Zip'0 [inv'0 x] . inv'0 x + = match x with + | {t_Zip__a'0 = a ; t_Zip__b'0 = b ; t_Zip__index'0 = index ; t_Zip__len'0 = len ; t_Zip__a_len'0 = a_len} -> inv'1 a + /\ inv'2 b + end - use prelude.prelude.UInt128 + function itera'0 [#"../../../creusot-contracts/src/std/iter/zip.rs" 15 4 15 23] (self : t_Zip'0) : t_A'0 - use prelude.prelude.Int + axiom itera'0_spec : forall self : t_Zip'0 . [%#szip2] inv'0 self -> inv'1 (itera'0 self) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint128) (o : uint128) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + use seq.Seq - goal refines : [%#sord0] forall x : uint128 . forall y : uint128 . forall result : () . (x < y) - = (cmp_log'0 x y = C_Less'0) -> (x < y) = (cmp_log'0 x y = C_Less'0) -end -module M_creusot_contracts__logic__ord__qyi8186105652185060096__antisym1__refines [#"../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_A'0) (visited : Seq.seq t_Item'0) (o : t_A'0) + - use prelude.prelude.UIntSize + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_A'0) (ab : Seq.seq t_Item'0) (b : t_A'0) (bc : Seq.seq t_Item'0) (c : t_A'0) : () + - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + axiom produces_trans'0_spec : forall a : t_A'0, ab : Seq.seq t_Item'0, b : t_A'0, bc : Seq.seq t_Item'0, c : t_A'0 . ([%#siter5] produces'1 a ab b) + -> ([%#siter6] produces'1 b bc c) -> ([%#siter7] produces'1 a (Seq.(++) ab bc) c) - use prelude.prelude.Int + function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_A'0) : () - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : usize) (o : usize) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + axiom produces_refl'1_spec : forall self : t_A'0 . [%#siter4] produces'1 self (Seq.empty : Seq.seq t_Item'0) self - goal refines : [%#sord0] forall x : usize . forall y : usize . cmp_log'0 x y = C_Less'0 - -> cmp_log'0 x y = C_Less'0 /\ (forall result : () . cmp_log'0 y x = C_Greater'0 -> cmp_log'0 y x = C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi8186105652185060096__cmp_ge_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + function iterb'0 [#"../../../creusot-contracts/src/std/iter/zip.rs" 22 4 22 23] (self : t_Zip'0) : t_B'0 - use prelude.prelude.UIntSize + axiom iterb'0_spec : forall self : t_Zip'0 . [%#szip3] inv'0 self -> inv'2 (iterb'0 self) - use prelude.prelude.Int + use seq.Seq - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : usize) (o : usize) : t_Ordering'0 + predicate produces'2 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_B'0) (visited : Seq.seq t_Item'1) (o : t_B'0) - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : usize . forall y : usize . forall result : () . (x >= y) - = (cmp_log'0 x y <> C_Less'0) -> (x >= y) = (cmp_log'0 x y <> C_Less'0) -end -module M_creusot_contracts__logic__ord__qyi8186105652185060096__cmp_le_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_B'0) (ab : Seq.seq t_Item'1) (b : t_B'0) (bc : Seq.seq t_Item'1) (c : t_B'0) : () + - use prelude.prelude.UIntSize + axiom produces_trans'1_spec : forall a : t_B'0, ab : Seq.seq t_Item'1, b : t_B'0, bc : Seq.seq t_Item'1, c : t_B'0 . ([%#siter5] produces'2 a ab b) + -> ([%#siter6] produces'2 b bc c) -> ([%#siter7] produces'2 a (Seq.(++) ab bc) c) - use prelude.prelude.Int + function produces_refl'2 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_B'0) : () - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + axiom produces_refl'2_spec : forall self : t_B'0 . [%#siter4] produces'2 self (Seq.empty : Seq.seq t_Item'1) self - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : usize) (o : usize) : t_Ordering'0 + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/zip.rs" 43 4 43 64] (self : t_Zip'0) (visited : Seq.seq (t_Item'0, t_Item'1)) (o : t_Zip'0) = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#szip1] exists p1 : Seq.seq t_Item'0, p2 : Seq.seq t_Item'1 . Seq.length p1 = Seq.length p2 + /\ Seq.length p2 = Seq.length visited + /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> Seq.get visited i = (Seq.get p1 i, Seq.get p2 i)) + /\ produces'1 (itera'0 self) p1 (itera'0 o) /\ produces'2 (iterb'0 self) p2 (iterb'0 o) - goal refines : [%#sord0] forall x : usize . forall y : usize . forall result : () . (x <= y) - = (cmp_log'0 x y <> C_Greater'0) -> (x <= y) = (cmp_log'0 x y <> C_Greater'0) + goal refines : [%#szip0] forall self : t_Zip'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq (t_Item'0, t_Item'1)) self + -> produces'0 self (Seq.empty : Seq.seq (t_Item'0, t_Item'1)) self end -module M_creusot_contracts__logic__ord__qyi8186105652185060096__cmp_lt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 +module M_creusot_contracts__stdqy35z1__iter__qyi8355237225316942617__produces_refl__refines [#"../../../creusot-contracts/src/std/iter.rs" 223 4 223 26] (* <&mut I as std::iter::Iterator> *) + let%span siter0 = "../../../creusot-contracts/src/std/iter.rs" 223 4 223 26 + let%span siter1 = "../../../creusot-contracts/src/std/iter.rs" 211 20 211 64 + let%span siter2 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 + let%span siter3 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 + let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 + let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 - use prelude.prelude.UIntSize + use prelude.prelude.Borrow - use prelude.prelude.Int + type t_I'0 - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : usize) (o : usize) : t_Ordering'0 + type t_Item'0 + + use seq.Seq + + use seq.Seq + + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : usize . forall y : usize . forall result : () . (x < y) - = (cmp_log'0 x y = C_Less'0) -> (x < y) = (cmp_log'0 x y = C_Less'0) -end -module M_creusot_contracts__logic__ord__qyi8186105652185060096__cmp_gt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + - use prelude.prelude.UIntSize + axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter3] produces'1 a ab b) + -> ([%#siter4] produces'1 b bc c) -> ([%#siter5] produces'1 a (Seq.(++) ab bc) c) - use prelude.prelude.Int + function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + axiom produces_refl'1_spec : forall self : t_I'0 . [%#siter2] produces'1 self (Seq.empty : Seq.seq t_Item'0) self - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : usize) (o : usize) : t_Ordering'0 + predicate produces'0 [#"../../../creusot-contracts/src/std/iter.rs" 210 4 210 64] (self : borrowed t_I'0) (visited : Seq.seq t_Item'0) (o : borrowed t_I'0) = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#siter1] produces'1 self.current visited o.current /\ self.final = o.final - goal refines : [%#sord0] forall x : usize . forall y : usize . forall result : () . (x > y) - = (cmp_log'0 x y = C_Greater'0) -> (x > y) = (cmp_log'0 x y = C_Greater'0) + goal refines : [%#siter0] forall self : borrowed t_I'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_Item'0) self + -> produces'0 self (Seq.empty : Seq.seq t_Item'0) self end -module M_creusot_contracts__logic__ord__qyi8186105652185060096__trans__refines [#"../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 +module M_creusot_contracts__stdqy35z1__iter__qyi8355237225316942617__produces_trans__refines [#"../../../creusot-contracts/src/std/iter.rs" 230 4 230 90] (* <&mut I as std::iter::Iterator> *) + let%span siter0 = "../../../creusot-contracts/src/std/iter.rs" 230 4 230 90 + let%span siter1 = "../../../creusot-contracts/src/std/iter.rs" 211 20 211 64 + let%span siter2 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 + let%span siter3 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 + let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 + let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 - use prelude.prelude.UIntSize + use prelude.prelude.Borrow - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + type t_I'0 - use prelude.prelude.Int + type t_Item'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : usize) (o : usize) : t_Ordering'0 + use seq.Seq + + use seq.Seq + + use seq.Seq + + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : usize . forall y : usize . forall z : usize . forall o : t_Ordering'0 . cmp_log'0 y z - = o - /\ cmp_log'0 x y = o - -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) -end -module M_creusot_contracts__logic__ord__qyi8186105652185060096__eq_cmp__refines [#"../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + - use prelude.prelude.UIntSize + axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter3] produces'1 a ab b) + -> ([%#siter4] produces'1 b bc c) -> ([%#siter5] produces'1 a (Seq.(++) ab bc) c) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () - use prelude.prelude.Int + axiom produces_refl'0_spec : forall self : t_I'0 . [%#siter2] produces'1 self (Seq.empty : Seq.seq t_Item'0) self - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : usize) (o : usize) : t_Ordering'0 + predicate produces'0 [#"../../../creusot-contracts/src/std/iter.rs" 210 4 210 64] (self : borrowed t_I'0) (visited : Seq.seq t_Item'0) (o : borrowed t_I'0) = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#siter1] produces'1 self.current visited o.current /\ self.final = o.final - goal refines : [%#sord0] forall x : usize . forall y : usize . forall result : () . (x = y) - = (cmp_log'0 x y = C_Equal'0) -> (x = y) = (cmp_log'0 x y = C_Equal'0) + goal refines : [%#siter0] forall a : borrowed t_I'0 . forall ab : Seq.seq t_Item'0 . forall b : borrowed t_I'0 . forall bc : Seq.seq t_Item'0 . forall c : borrowed t_I'0 . produces'0 b bc c + /\ produces'0 a ab b + -> produces'0 b bc c + /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) end -module M_creusot_contracts__logic__ord__qyi8186105652185060096__antisym2__refines [#"../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 +module M_creusot_contracts__stdqy35z1__option__qyi15354566128244900690__produces_refl__refines [#"../../../creusot-contracts/src/std/option.rs" 477 4 477 26] (* as std::iter::Iterator> *) + let%span soption0 = "../../../creusot-contracts/src/std/option.rs" 477 4 477 26 + let%span soption1 = "../../../creusot-contracts/src/std/option.rs" 469 12 470 96 - use prelude.prelude.UIntSize + type t_T'0 - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + type t_Option'0 = + | C_None'0 + | C_Some'0 t_T'0 - use prelude.prelude.Int + type t_Item'0 = + { t_Item__opt'0: t_Option'0 } - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : usize) (o : usize) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + type t_IntoIter'0 = + { t_IntoIter__inner'0: t_Item'0 } - goal refines : [%#sord0] forall x : usize . forall y : usize . cmp_log'0 x y = C_Greater'0 - -> cmp_log'0 x y = C_Greater'0 /\ (forall result : () . cmp_log'0 y x = C_Less'0 -> cmp_log'0 y x = C_Less'0) -end -module M_creusot_contracts__logic__ord__qyi8186105652185060096__refl__refines [#"../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + use seq.Seq - use prelude.prelude.UIntSize + use seq.Seq - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function view'0 [#"../../../creusot-contracts/src/std/option.rs" 453 4 453 30] (self : t_IntoIter'0) : t_Option'0 - use prelude.prelude.Int + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : usize) (o : usize) : t_Ordering'0 + predicate produces'0 [#"../../../creusot-contracts/src/std/option.rs" 467 4 467 64] (self : t_IntoIter'0) (visited : Seq.seq t_T'0) (o : t_IntoIter'0) = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#soption1] visited = (Seq.empty : Seq.seq t_T'0) /\ self = o + \/ (exists e : t_T'0 . view'0 self = C_Some'0 e /\ visited = Seq.singleton e /\ view'0 o = C_None'0) - goal refines : [%#sord0] forall x : usize . forall result : () . cmp_log'0 x x = C_Equal'0 - -> cmp_log'0 x x = C_Equal'0 + goal refines : [%#soption0] forall self : t_IntoIter'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_T'0) self + -> produces'0 self (Seq.empty : Seq.seq t_T'0) self end -module M_creusot_contracts__logic__ord__qyi18413678402769648790__cmp_lt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 +module M_creusot_contracts__stdqy35z1__option__qyi15354566128244900690__produces_trans__refines [#"../../../creusot-contracts/src/std/option.rs" 484 4 484 90] (* as std::iter::Iterator> *) + let%span soption0 = "../../../creusot-contracts/src/std/option.rs" 484 4 484 90 + let%span soption1 = "../../../creusot-contracts/src/std/option.rs" 469 12 470 96 - use prelude.prelude.Int8 + type t_T'0 - use prelude.prelude.Int + type t_Option'0 = + | C_None'0 + | C_Some'0 t_T'0 - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + type t_Item'0 = + { t_Item__opt'0: t_Option'0 } - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int8) (o : int8) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + type t_IntoIter'0 = + { t_IntoIter__inner'0: t_Item'0 } - goal refines : [%#sord0] forall x : int8 . forall y : int8 . forall result : () . (x < y) = (cmp_log'0 x y = C_Less'0) - -> (x < y) = (cmp_log'0 x y = C_Less'0) -end -module M_creusot_contracts__logic__ord__qyi18413678402769648790__cmp_ge_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + use seq.Seq - use prelude.prelude.Int8 + use seq.Seq - use prelude.prelude.Int + function view'0 [#"../../../creusot-contracts/src/std/option.rs" 453 4 453 30] (self : t_IntoIter'0) : t_Option'0 - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int8) (o : int8) : t_Ordering'0 + predicate produces'0 [#"../../../creusot-contracts/src/std/option.rs" 467 4 467 64] (self : t_IntoIter'0) (visited : Seq.seq t_T'0) (o : t_IntoIter'0) = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#soption1] visited = (Seq.empty : Seq.seq t_T'0) /\ self = o + \/ (exists e : t_T'0 . view'0 self = C_Some'0 e /\ visited = Seq.singleton e /\ view'0 o = C_None'0) - goal refines : [%#sord0] forall x : int8 . forall y : int8 . forall result : () . (x >= y) - = (cmp_log'0 x y <> C_Less'0) -> (x >= y) = (cmp_log'0 x y <> C_Less'0) + use seq.Seq + + goal refines : [%#soption0] forall a : t_IntoIter'0 . forall ab : Seq.seq t_T'0 . forall b : t_IntoIter'0 . forall bc : Seq.seq t_T'0 . forall c : t_IntoIter'0 . produces'0 b bc c + /\ produces'0 a ab b + -> produces'0 b bc c + /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) end -module M_creusot_contracts__logic__ord__qyi18413678402769648790__trans__refines [#"../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 +module M_creusot_contracts__stdqy35z1__option__qyi15411423289202690388__produces_refl__refines [#"../../../creusot-contracts/src/std/option.rs" 530 4 530 26] (* as std::iter::Iterator> *) + let%span soption0 = "../../../creusot-contracts/src/std/option.rs" 530 4 530 26 + let%span soption1 = "../../../creusot-contracts/src/std/option.rs" 522 12 523 96 - use prelude.prelude.Int8 + use prelude.prelude.Borrow - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + type t_T'0 - use prelude.prelude.Int + type t_Option'0 = + | C_None'0 + | C_Some'0 t_T'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int8) (o : int8) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + type t_Item'0 = + { t_Item__opt'0: t_Option'0 } - goal refines : [%#sord0] forall x : int8 . forall y : int8 . forall z : int8 . forall o : t_Ordering'0 . cmp_log'0 y z - = o - /\ cmp_log'0 x y = o - -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) -end -module M_creusot_contracts__logic__ord__qyi18413678402769648790__refl__refines [#"../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + type t_Iter'0 = + { t_Iter__inner'0: t_Item'0 } - use prelude.prelude.Int8 + use seq.Seq - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use seq.Seq - use prelude.prelude.Int + function view'0 [#"../../../creusot-contracts/src/std/option.rs" 506 4 506 34] (self : t_Iter'0) : t_Option'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int8) (o : int8) : t_Ordering'0 + use seq.Seq + + predicate produces'0 [#"../../../creusot-contracts/src/std/option.rs" 520 4 520 64] (self : t_Iter'0) (visited : Seq.seq t_T'0) (o : t_Iter'0) = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#soption1] visited = (Seq.empty : Seq.seq t_T'0) /\ self = o + \/ (exists e : t_T'0 . view'0 self = C_Some'0 e /\ visited = Seq.singleton e /\ view'0 o = C_None'0) - goal refines : [%#sord0] forall x : int8 . forall result : () . cmp_log'0 x x = C_Equal'0 - -> cmp_log'0 x x = C_Equal'0 + goal refines : [%#soption0] forall self : t_Iter'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_T'0) self + -> produces'0 self (Seq.empty : Seq.seq t_T'0) self end -module M_creusot_contracts__logic__ord__qyi18413678402769648790__antisym1__refines [#"../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 +module M_creusot_contracts__stdqy35z1__option__qyi15411423289202690388__produces_trans__refines [#"../../../creusot-contracts/src/std/option.rs" 537 4 537 90] (* as std::iter::Iterator> *) + let%span soption0 = "../../../creusot-contracts/src/std/option.rs" 537 4 537 90 + let%span soption1 = "../../../creusot-contracts/src/std/option.rs" 522 12 523 96 - use prelude.prelude.Int8 + use prelude.prelude.Borrow - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + type t_T'0 - use prelude.prelude.Int + type t_Option'0 = + | C_None'0 + | C_Some'0 t_T'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int8) (o : int8) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + type t_Item'0 = + { t_Item__opt'0: t_Option'0 } - goal refines : [%#sord0] forall x : int8 . forall y : int8 . cmp_log'0 x y = C_Less'0 - -> cmp_log'0 x y = C_Less'0 /\ (forall result : () . cmp_log'0 y x = C_Greater'0 -> cmp_log'0 y x = C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi18413678402769648790__cmp_gt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + type t_Iter'0 = + { t_Iter__inner'0: t_Item'0 } - use prelude.prelude.Int8 + use seq.Seq - use prelude.prelude.Int + use seq.Seq - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function view'0 [#"../../../creusot-contracts/src/std/option.rs" 506 4 506 34] (self : t_Iter'0) : t_Option'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int8) (o : int8) : t_Ordering'0 + use seq.Seq + + predicate produces'0 [#"../../../creusot-contracts/src/std/option.rs" 520 4 520 64] (self : t_Iter'0) (visited : Seq.seq t_T'0) (o : t_Iter'0) = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#soption1] visited = (Seq.empty : Seq.seq t_T'0) /\ self = o + \/ (exists e : t_T'0 . view'0 self = C_Some'0 e /\ visited = Seq.singleton e /\ view'0 o = C_None'0) - goal refines : [%#sord0] forall x : int8 . forall y : int8 . forall result : () . (x > y) - = (cmp_log'0 x y = C_Greater'0) -> (x > y) = (cmp_log'0 x y = C_Greater'0) + use seq.Seq + + goal refines : [%#soption0] forall a : t_Iter'0 . forall ab : Seq.seq t_T'0 . forall b : t_Iter'0 . forall bc : Seq.seq t_T'0 . forall c : t_Iter'0 . produces'0 b bc c + /\ produces'0 a ab b + -> produces'0 b bc c + /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) end -module M_creusot_contracts__logic__ord__qyi18413678402769648790__eq_cmp__refines [#"../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 +module M_creusot_contracts__stdqy35z1__option__qyi6601631924869095363__produces_trans__refines [#"../../../creusot-contracts/src/std/option.rs" 593 4 593 90] (* as std::iter::Iterator> *) + let%span soption0 = "../../../creusot-contracts/src/std/option.rs" 593 4 593 90 + let%span soption1 = "../../../creusot-contracts/src/std/option.rs" 578 12 579 96 - use prelude.prelude.Int8 + use prelude.prelude.Borrow - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + type t_T'0 - use prelude.prelude.Int + type t_Option'0 = + | C_None'0 + | C_Some'0 (borrowed t_T'0) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int8) (o : int8) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + type t_Item'0 = + { t_Item__opt'0: t_Option'0 } - goal refines : [%#sord0] forall x : int8 . forall y : int8 . forall result : () . (x = y) - = (cmp_log'0 x y = C_Equal'0) -> (x = y) = (cmp_log'0 x y = C_Equal'0) -end -module M_creusot_contracts__logic__ord__qyi18413678402769648790__antisym2__refines [#"../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + type t_IterMut'0 = + { t_IterMut__inner'0: t_Item'0 } - use prelude.prelude.Int8 + use seq.Seq - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use seq.Seq - use prelude.prelude.Int + function view'0 [#"../../../creusot-contracts/src/std/option.rs" 562 4 562 38] (self : t_IterMut'0) : t_Option'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int8) (o : int8) : t_Ordering'0 + use seq.Seq + + predicate produces'0 [#"../../../creusot-contracts/src/std/option.rs" 576 4 576 64] (self : t_IterMut'0) (visited : Seq.seq (borrowed t_T'0)) (o : t_IterMut'0) = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#soption1] visited = (Seq.empty : Seq.seq (borrowed t_T'0)) /\ self = o + \/ (exists e : borrowed t_T'0 . view'0 self = C_Some'0 e /\ visited = Seq.singleton e /\ view'0 o = C_None'0) - goal refines : [%#sord0] forall x : int8 . forall y : int8 . cmp_log'0 x y = C_Greater'0 - -> cmp_log'0 x y = C_Greater'0 /\ (forall result : () . cmp_log'0 y x = C_Less'0 -> cmp_log'0 y x = C_Less'0) + use seq.Seq + + goal refines : [%#soption0] forall a : t_IterMut'0 . forall ab : Seq.seq (borrowed t_T'0) . forall b : t_IterMut'0 . forall bc : Seq.seq (borrowed t_T'0) . forall c : t_IterMut'0 . produces'0 b bc c + /\ produces'0 a ab b + -> produces'0 b bc c + /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) end -module M_creusot_contracts__logic__ord__qyi18413678402769648790__cmp_le_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 +module M_creusot_contracts__stdqy35z1__option__qyi6601631924869095363__produces_refl__refines [#"../../../creusot-contracts/src/std/option.rs" 586 4 586 26] (* as std::iter::Iterator> *) + let%span soption0 = "../../../creusot-contracts/src/std/option.rs" 586 4 586 26 + let%span soption1 = "../../../creusot-contracts/src/std/option.rs" 578 12 579 96 - use prelude.prelude.Int8 + use prelude.prelude.Borrow - use prelude.prelude.Int + type t_T'0 - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + type t_Option'0 = + | C_None'0 + | C_Some'0 (borrowed t_T'0) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int8) (o : int8) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + type t_Item'0 = + { t_Item__opt'0: t_Option'0 } - goal refines : [%#sord0] forall x : int8 . forall y : int8 . forall result : () . (x <= y) - = (cmp_log'0 x y <> C_Greater'0) -> (x <= y) = (cmp_log'0 x y <> C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi8040194823849327911__cmp_ge_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + type t_IterMut'0 = + { t_IterMut__inner'0: t_Item'0 } - use prelude.prelude.Int16 + use seq.Seq - use prelude.prelude.Int + use seq.Seq - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function view'0 [#"../../../creusot-contracts/src/std/option.rs" 562 4 562 38] (self : t_IterMut'0) : t_Option'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int16) (o : int16) : t_Ordering'0 + use seq.Seq + + predicate produces'0 [#"../../../creusot-contracts/src/std/option.rs" 576 4 576 64] (self : t_IterMut'0) (visited : Seq.seq (borrowed t_T'0)) (o : t_IterMut'0) = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#soption1] visited = (Seq.empty : Seq.seq (borrowed t_T'0)) /\ self = o + \/ (exists e : borrowed t_T'0 . view'0 self = C_Some'0 e /\ visited = Seq.singleton e /\ view'0 o = C_None'0) - goal refines : [%#sord0] forall x : int16 . forall y : int16 . forall result : () . (x >= y) - = (cmp_log'0 x y <> C_Less'0) -> (x >= y) = (cmp_log'0 x y <> C_Less'0) + goal refines : [%#soption0] forall self : t_IterMut'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq (borrowed t_T'0)) self + -> produces'0 self (Seq.empty : Seq.seq (borrowed t_T'0)) self end -module M_creusot_contracts__logic__ord__qyi8040194823849327911__trans__refines [#"../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 +module M_creusot_contracts__stdqy35z1__slice__qyi8256668011736225471__produces_trans__refines [#"../../../creusot-contracts/src/std/slice.rs" 419 4 419 90] (* as std::iter::Iterator> *) + let%span sslice0 = "../../../creusot-contracts/src/std/slice.rs" 419 4 419 90 + let%span sslice1 = "../../../creusot-contracts/src/std/slice.rs" 405 12 405 66 + let%span sslice2 = "../../../creusot-contracts/src/std/slice.rs" 96 14 96 41 + let%span sslice3 = "../../../creusot-contracts/src/std/slice.rs" 97 14 97 80 + let%span smodel4 = "../../../creusot-contracts/src/model.rs" 92 8 92 22 + let%span sindex5 = "../../../creusot-contracts/src/logic/ops/index.rs" 49 8 49 31 + let%span sslice6 = "../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 + let%span sslice7 = "../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 - use prelude.prelude.Int16 + use prelude.prelude.Opaque - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + type t_NonNull'0 = + { t_NonNull__pointer'0: opaque_ptr } - use prelude.prelude.Int + type t_Iter'0 = + { t_Iter__ptr'0: t_NonNull'0; t_Iter__end_or_len'0: opaque_ptr; t_Iter__qy95zmarker'0: () } - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int16) (o : int16) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + use prelude.prelude.Borrow - goal refines : [%#sord0] forall x : int16 . forall y : int16 . forall z : int16 . forall o : t_Ordering'0 . cmp_log'0 y z - = o - /\ cmp_log'0 x y = o - -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) -end -module M_creusot_contracts__logic__ord__qyi8040194823849327911__cmp_le_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + type t_T'0 - use prelude.prelude.Int16 + use seq.Seq - use prelude.prelude.Int + use prelude.prelude.Slice - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function view'0 [#"../../../creusot-contracts/src/std/slice.rs" 389 4 389 33] (self : t_Iter'0) : slice t_T'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int16) (o : int16) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + use seq.Seq - goal refines : [%#sord0] forall x : int16 . forall y : int16 . forall result : () . (x <= y) - = (cmp_log'0 x y <> C_Greater'0) -> (x <= y) = (cmp_log'0 x y <> C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi8040194823849327911__refl__refines [#"../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + use seq.Seq - use prelude.prelude.Int16 + use seq.Seq - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use prelude.prelude.UIntSize + + constant v_MAX'0 : usize = (18446744073709551615 : usize) + + use prelude.prelude.UIntSize use prelude.prelude.Int - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int16) (o : int16) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + use prelude.prelude.Slice - goal refines : [%#sord0] forall x : int16 . forall result : () . cmp_log'0 x x = C_Equal'0 - -> cmp_log'0 x x = C_Equal'0 -end -module M_creusot_contracts__logic__ord__qyi8040194823849327911__eq_cmp__refines [#"../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + function view'2 [#"../../../creusot-contracts/src/std/slice.rs" 30 4 30 33] (self : slice t_T'0) : Seq.seq t_T'0 - use prelude.prelude.Int16 + axiom view'2_spec : forall self : slice t_T'0 . ([%#sslice6] Seq.length (view'2 self) + <= UIntSize.to_int (v_MAX'0 : usize)) + && ([%#sslice7] view'2 self = Slice.id self) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function view'1 [#"../../../creusot-contracts/src/model.rs" 91 4 91 33] (self : slice t_T'0) : Seq.seq t_T'0 = + [%#smodel4] view'2 self - use prelude.prelude.Int + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int16) (o : int16) : t_Ordering'0 + use seq.Seq + + function index_logic'0 [@inline:trivial] [#"../../../creusot-contracts/src/logic/ops/index.rs" 48 4 48 47] (self : slice t_T'0) (ix : int) : t_T'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - - goal refines : [%#sord0] forall x : int16 . forall y : int16 . forall result : () . (x = y) - = (cmp_log'0 x y = C_Equal'0) -> (x = y) = (cmp_log'0 x y = C_Equal'0) -end -module M_creusot_contracts__logic__ord__qyi8040194823849327911__cmp_lt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + [%#sindex5] Seq.get (view'2 self) ix - use prelude.prelude.Int16 + function to_ref_seq'0 [#"../../../creusot-contracts/src/std/slice.rs" 98 4 98 35] (self : slice t_T'0) : Seq.seq t_T'0 - use prelude.prelude.Int + axiom to_ref_seq'0_spec : forall self : slice t_T'0 . ([%#sslice2] Seq.length (to_ref_seq'0 self) + = Seq.length (view'1 self)) + && ([%#sslice3] forall i : int . 0 <= i /\ i < Seq.length (to_ref_seq'0 self) + -> Seq.get (to_ref_seq'0 self) i = index_logic'0 self i) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int16) (o : int16) : t_Ordering'0 + predicate produces'0 [#"../../../creusot-contracts/src/std/slice.rs" 403 4 403 65] (self : t_Iter'0) (visited : Seq.seq t_T'0) (tl : t_Iter'0) = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sslice1] to_ref_seq'0 (view'0 self) = Seq.(++) visited (to_ref_seq'0 (view'0 tl)) - goal refines : [%#sord0] forall x : int16 . forall y : int16 . forall result : () . (x < y) - = (cmp_log'0 x y = C_Less'0) -> (x < y) = (cmp_log'0 x y = C_Less'0) + goal refines : [%#sslice0] forall a : t_Iter'0 . forall ab : Seq.seq t_T'0 . forall b : t_Iter'0 . forall bc : Seq.seq t_T'0 . forall c : t_Iter'0 . produces'0 b bc c + /\ produces'0 a ab b + -> produces'0 b bc c + /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) end -module M_creusot_contracts__logic__ord__qyi8040194823849327911__antisym2__refines [#"../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - - use prelude.prelude.Int16 +module M_creusot_contracts__stdqy35z1__slice__qyi8256668011736225471__produces_refl__refines [#"../../../creusot-contracts/src/std/slice.rs" 412 4 412 26] (* as std::iter::Iterator> *) + let%span sslice0 = "../../../creusot-contracts/src/std/slice.rs" 412 4 412 26 + let%span sslice1 = "../../../creusot-contracts/src/std/slice.rs" 405 12 405 66 + let%span sslice2 = "../../../creusot-contracts/src/std/slice.rs" 96 14 96 41 + let%span sslice3 = "../../../creusot-contracts/src/std/slice.rs" 97 14 97 80 + let%span smodel4 = "../../../creusot-contracts/src/model.rs" 92 8 92 22 + let%span sindex5 = "../../../creusot-contracts/src/logic/ops/index.rs" 49 8 49 31 + let%span sslice6 = "../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 + let%span sslice7 = "../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use prelude.prelude.Opaque - use prelude.prelude.Int + type t_NonNull'0 = + { t_NonNull__pointer'0: opaque_ptr } - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int16) (o : int16) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + type t_Iter'0 = + { t_Iter__ptr'0: t_NonNull'0; t_Iter__end_or_len'0: opaque_ptr; t_Iter__qy95zmarker'0: () } - goal refines : [%#sord0] forall x : int16 . forall y : int16 . cmp_log'0 x y = C_Greater'0 - -> cmp_log'0 x y = C_Greater'0 /\ (forall result : () . cmp_log'0 y x = C_Less'0 -> cmp_log'0 y x = C_Less'0) -end -module M_creusot_contracts__logic__ord__qyi8040194823849327911__cmp_gt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + use seq.Seq - use prelude.prelude.Int16 + use prelude.prelude.Borrow - use prelude.prelude.Int + type t_T'0 - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int16) (o : int16) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + use prelude.prelude.Slice - goal refines : [%#sord0] forall x : int16 . forall y : int16 . forall result : () . (x > y) - = (cmp_log'0 x y = C_Greater'0) -> (x > y) = (cmp_log'0 x y = C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi8040194823849327911__antisym1__refines [#"../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + function view'0 [#"../../../creusot-contracts/src/std/slice.rs" 389 4 389 33] (self : t_Iter'0) : slice t_T'0 - use prelude.prelude.Int16 + use seq.Seq - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use seq.Seq - use prelude.prelude.Int + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int16) (o : int16) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + use prelude.prelude.UIntSize - goal refines : [%#sord0] forall x : int16 . forall y : int16 . cmp_log'0 x y = C_Less'0 - -> cmp_log'0 x y = C_Less'0 /\ (forall result : () . cmp_log'0 y x = C_Greater'0 -> cmp_log'0 y x = C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi211457485035727011__cmp_le_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + constant v_MAX'0 : usize = (18446744073709551615 : usize) - use prelude.prelude.Int32 + use prelude.prelude.UIntSize use prelude.prelude.Int - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use prelude.prelude.Slice - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int32) (o : int32) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + function view'2 [#"../../../creusot-contracts/src/std/slice.rs" 30 4 30 33] (self : slice t_T'0) : Seq.seq t_T'0 - goal refines : [%#sord0] forall x : int32 . forall y : int32 . forall result : () . (x <= y) - = (cmp_log'0 x y <> C_Greater'0) -> (x <= y) = (cmp_log'0 x y <> C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi211457485035727011__trans__refines [#"../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + axiom view'2_spec : forall self : slice t_T'0 . ([%#sslice6] Seq.length (view'2 self) + <= UIntSize.to_int (v_MAX'0 : usize)) + && ([%#sslice7] view'2 self = Slice.id self) - use prelude.prelude.Int32 + function view'1 [#"../../../creusot-contracts/src/model.rs" 91 4 91 33] (self : slice t_T'0) : Seq.seq t_T'0 = + [%#smodel4] view'2 self - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use seq.Seq - use prelude.prelude.Int + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int32) (o : int32) : t_Ordering'0 + function index_logic'0 [@inline:trivial] [#"../../../creusot-contracts/src/logic/ops/index.rs" 48 4 48 47] (self : slice t_T'0) (ix : int) : t_T'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sindex5] Seq.get (view'2 self) ix - goal refines : [%#sord0] forall x : int32 . forall y : int32 . forall z : int32 . forall o : t_Ordering'0 . cmp_log'0 y z - = o - /\ cmp_log'0 x y = o - -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) -end -module M_creusot_contracts__logic__ord__qyi211457485035727011__cmp_gt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - - use prelude.prelude.Int32 + function to_ref_seq'0 [#"../../../creusot-contracts/src/std/slice.rs" 98 4 98 35] (self : slice t_T'0) : Seq.seq t_T'0 - use prelude.prelude.Int + axiom to_ref_seq'0_spec : forall self : slice t_T'0 . ([%#sslice2] Seq.length (to_ref_seq'0 self) + = Seq.length (view'1 self)) + && ([%#sslice3] forall i : int . 0 <= i /\ i < Seq.length (to_ref_seq'0 self) + -> Seq.get (to_ref_seq'0 self) i = index_logic'0 self i) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int32) (o : int32) : t_Ordering'0 + predicate produces'0 [#"../../../creusot-contracts/src/std/slice.rs" 403 4 403 65] (self : t_Iter'0) (visited : Seq.seq t_T'0) (tl : t_Iter'0) = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sslice1] to_ref_seq'0 (view'0 self) = Seq.(++) visited (to_ref_seq'0 (view'0 tl)) - goal refines : [%#sord0] forall x : int32 . forall y : int32 . forall result : () . (x > y) - = (cmp_log'0 x y = C_Greater'0) -> (x > y) = (cmp_log'0 x y = C_Greater'0) + goal refines : [%#sslice0] forall self : t_Iter'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_T'0) self + -> produces'0 self (Seq.empty : Seq.seq t_T'0) self end -module M_creusot_contracts__logic__ord__qyi211457485035727011__cmp_lt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - - use prelude.prelude.Int32 +module M_creusot_contracts__stdqy35z1__slice__qyi7128337469104663169__produces_refl__refines [#"../../../creusot-contracts/src/std/slice.rs" 466 4 466 26] (* as std::iter::Iterator> *) + let%span sslice0 = "../../../creusot-contracts/src/std/slice.rs" 466 4 466 26 + let%span sslice1 = "../../../creusot-contracts/src/std/slice.rs" 459 12 459 66 + let%span sslice2 = "../../../creusot-contracts/src/std/slice.rs" 427 14 427 50 + let%span sslice3 = "../../../creusot-contracts/src/std/slice.rs" 87 14 87 41 + let%span sslice4 = "../../../creusot-contracts/src/std/slice.rs" 88 14 88 84 + let%span sslice5 = "../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 + let%span sslice6 = "../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 + let%span smodel7 = "../../../creusot-contracts/src/model.rs" 110 8 110 22 + let%span sindex8 = "../../../creusot-contracts/src/logic/ops/index.rs" 49 8 49 31 - use prelude.prelude.Int + use prelude.prelude.Opaque - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + type t_NonNull'0 = + { t_NonNull__pointer'0: opaque_ptr } - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int32) (o : int32) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + type t_IterMut'0 = + { t_IterMut__ptr'0: t_NonNull'0; t_IterMut__end_or_len'0: opaque_ptr; t_IterMut__qy95zmarker'0: () } - goal refines : [%#sord0] forall x : int32 . forall y : int32 . forall result : () . (x < y) - = (cmp_log'0 x y = C_Less'0) -> (x < y) = (cmp_log'0 x y = C_Less'0) -end -module M_creusot_contracts__logic__ord__qyi211457485035727011__cmp_ge_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + use seq.Seq - use prelude.prelude.Int32 + use prelude.prelude.Borrow - use prelude.prelude.Int + type t_T'0 - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int32) (o : int32) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + use seq.Seq - goal refines : [%#sord0] forall x : int32 . forall y : int32 . forall result : () . (x >= y) - = (cmp_log'0 x y <> C_Less'0) -> (x >= y) = (cmp_log'0 x y <> C_Less'0) -end -module M_creusot_contracts__logic__ord__qyi211457485035727011__antisym1__refines [#"../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + use prelude.prelude.UIntSize - use prelude.prelude.Int32 + constant v_MAX'0 : usize = (18446744073709551615 : usize) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use prelude.prelude.UIntSize use prelude.prelude.Int - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int32) (o : int32) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + use prelude.prelude.Slice - goal refines : [%#sord0] forall x : int32 . forall y : int32 . cmp_log'0 x y = C_Less'0 - -> cmp_log'0 x y = C_Less'0 /\ (forall result : () . cmp_log'0 y x = C_Greater'0 -> cmp_log'0 y x = C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi211457485035727011__antisym2__refines [#"../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + use prelude.prelude.Slice - use prelude.prelude.Int32 + use seq.Seq - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function view'1 [#"../../../creusot-contracts/src/std/slice.rs" 30 4 30 33] (self : slice t_T'0) : Seq.seq t_T'0 - use prelude.prelude.Int + axiom view'1_spec : forall self : slice t_T'0 . ([%#sslice5] Seq.length (view'1 self) + <= UIntSize.to_int (v_MAX'0 : usize)) + && ([%#sslice6] view'1 self = Slice.id self) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int32) (o : int32) : t_Ordering'0 + function view'0 [#"../../../creusot-contracts/src/std/slice.rs" 428 4 428 33] (self : t_IterMut'0) : borrowed (slice t_T'0) - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - - goal refines : [%#sord0] forall x : int32 . forall y : int32 . cmp_log'0 x y = C_Greater'0 - -> cmp_log'0 x y = C_Greater'0 /\ (forall result : () . cmp_log'0 y x = C_Less'0 -> cmp_log'0 y x = C_Less'0) -end -module M_creusot_contracts__logic__ord__qyi211457485035727011__refl__refines [#"../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - - use prelude.prelude.Int32 - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + axiom view'0_spec : forall self : t_IterMut'0 . [%#sslice2] Seq.length (view'1 (view'0 self).final) + = Seq.length (view'1 (view'0 self).current) - use prelude.prelude.Int + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int32) (o : int32) : t_Ordering'0 + function view'2 [#"../../../creusot-contracts/src/model.rs" 109 4 109 33] (self : borrowed (slice t_T'0)) : Seq.seq t_T'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - - goal refines : [%#sord0] forall x : int32 . forall result : () . cmp_log'0 x x = C_Equal'0 - -> cmp_log'0 x x = C_Equal'0 -end -module M_creusot_contracts__logic__ord__qyi211457485035727011__eq_cmp__refines [#"../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - - use prelude.prelude.Int32 + [%#smodel7] view'1 self.current - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use seq.Seq - use prelude.prelude.Int + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int32) (o : int32) : t_Ordering'0 + function index_logic'0 [@inline:trivial] [#"../../../creusot-contracts/src/logic/ops/index.rs" 48 4 48 47] (self : slice t_T'0) (ix : int) : t_T'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - - goal refines : [%#sord0] forall x : int32 . forall y : int32 . forall result : () . (x = y) - = (cmp_log'0 x y = C_Equal'0) -> (x = y) = (cmp_log'0 x y = C_Equal'0) -end -module M_creusot_contracts__logic__ord__qyi2565746305859701215__refl__refines [#"../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + [%#sindex8] Seq.get (view'1 self) ix - use prelude.prelude.Int64 + function to_mut_seq'0 [#"../../../creusot-contracts/src/std/slice.rs" 90 4 90 43] (self : borrowed (slice t_T'0)) : Seq.seq (borrowed t_T'0) + - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + axiom to_mut_seq'0_spec : forall self : borrowed (slice t_T'0) . ([%#sslice3] Seq.length (to_mut_seq'0 self) + = Seq.length (view'2 self)) + && ([%#sslice4] forall i : int . 0 <= i /\ i < Seq.length (to_mut_seq'0 self) + -> Seq.get (to_mut_seq'0 self) i + = Borrow.borrow_logic (index_logic'0 self.current i) (index_logic'0 self.final i) (Borrow.inherit_id (Borrow.get_id self) i)) - use prelude.prelude.Int + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int64) (o : int64) : t_Ordering'0 + predicate produces'0 [#"../../../creusot-contracts/src/std/slice.rs" 457 4 457 65] (self : t_IterMut'0) (visited : Seq.seq (borrowed t_T'0)) (tl : t_IterMut'0) = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sslice1] to_mut_seq'0 (view'0 self) = Seq.(++) visited (to_mut_seq'0 (view'0 tl)) - goal refines : [%#sord0] forall x : int64 . forall result : () . cmp_log'0 x x = C_Equal'0 - -> cmp_log'0 x x = C_Equal'0 + goal refines : [%#sslice0] forall self : t_IterMut'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq (borrowed t_T'0)) self + -> produces'0 self (Seq.empty : Seq.seq (borrowed t_T'0)) self end -module M_creusot_contracts__logic__ord__qyi2565746305859701215__cmp_lt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 +module M_creusot_contracts__stdqy35z1__slice__qyi7128337469104663169__produces_trans__refines [#"../../../creusot-contracts/src/std/slice.rs" 473 4 473 90] (* as std::iter::Iterator> *) + let%span sslice0 = "../../../creusot-contracts/src/std/slice.rs" 473 4 473 90 + let%span sslice1 = "../../../creusot-contracts/src/std/slice.rs" 459 12 459 66 + let%span sslice2 = "../../../creusot-contracts/src/std/slice.rs" 427 14 427 50 + let%span sslice3 = "../../../creusot-contracts/src/std/slice.rs" 87 14 87 41 + let%span sslice4 = "../../../creusot-contracts/src/std/slice.rs" 88 14 88 84 + let%span sslice5 = "../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 + let%span sslice6 = "../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 + let%span smodel7 = "../../../creusot-contracts/src/model.rs" 110 8 110 22 + let%span sindex8 = "../../../creusot-contracts/src/logic/ops/index.rs" 49 8 49 31 - use prelude.prelude.Int64 + use prelude.prelude.Opaque - use prelude.prelude.Int + type t_NonNull'0 = + { t_NonNull__pointer'0: opaque_ptr } - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + type t_IterMut'0 = + { t_IterMut__ptr'0: t_NonNull'0; t_IterMut__end_or_len'0: opaque_ptr; t_IterMut__qy95zmarker'0: () } - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int64) (o : int64) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + use prelude.prelude.Borrow - goal refines : [%#sord0] forall x : int64 . forall y : int64 . forall result : () . (x < y) - = (cmp_log'0 x y = C_Less'0) -> (x < y) = (cmp_log'0 x y = C_Less'0) -end -module M_creusot_contracts__logic__ord__qyi2565746305859701215__antisym1__refines [#"../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + type t_T'0 - use prelude.prelude.Int64 + use seq.Seq - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use seq.Seq - use prelude.prelude.Int + use prelude.prelude.UIntSize - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int64) (o : int64) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + constant v_MAX'0 : usize = (18446744073709551615 : usize) - goal refines : [%#sord0] forall x : int64 . forall y : int64 . cmp_log'0 x y = C_Less'0 - -> cmp_log'0 x y = C_Less'0 /\ (forall result : () . cmp_log'0 y x = C_Greater'0 -> cmp_log'0 y x = C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi2565746305859701215__trans__refines [#"../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + use prelude.prelude.UIntSize - use prelude.prelude.Int64 + use prelude.prelude.Int - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use prelude.prelude.Slice - use prelude.prelude.Int + use prelude.prelude.Slice - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int64) (o : int64) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + use seq.Seq - goal refines : [%#sord0] forall x : int64 . forall y : int64 . forall z : int64 . forall o : t_Ordering'0 . cmp_log'0 y z - = o - /\ cmp_log'0 x y = o - -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) -end -module M_creusot_contracts__logic__ord__qyi2565746305859701215__eq_cmp__refines [#"../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + function view'1 [#"../../../creusot-contracts/src/std/slice.rs" 30 4 30 33] (self : slice t_T'0) : Seq.seq t_T'0 - use prelude.prelude.Int64 + axiom view'1_spec : forall self : slice t_T'0 . ([%#sslice5] Seq.length (view'1 self) + <= UIntSize.to_int (v_MAX'0 : usize)) + && ([%#sslice6] view'1 self = Slice.id self) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function view'0 [#"../../../creusot-contracts/src/std/slice.rs" 428 4 428 33] (self : t_IterMut'0) : borrowed (slice t_T'0) + - use prelude.prelude.Int + axiom view'0_spec : forall self : t_IterMut'0 . [%#sslice2] Seq.length (view'1 (view'0 self).final) + = Seq.length (view'1 (view'0 self).current) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int64) (o : int64) : t_Ordering'0 + use seq.Seq + + function view'2 [#"../../../creusot-contracts/src/model.rs" 109 4 109 33] (self : borrowed (slice t_T'0)) : Seq.seq t_T'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - - goal refines : [%#sord0] forall x : int64 . forall y : int64 . forall result : () . (x = y) - = (cmp_log'0 x y = C_Equal'0) -> (x = y) = (cmp_log'0 x y = C_Equal'0) -end -module M_creusot_contracts__logic__ord__qyi2565746305859701215__antisym2__refines [#"../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - - use prelude.prelude.Int64 + [%#smodel7] view'1 self.current - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use seq.Seq - use prelude.prelude.Int + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int64) (o : int64) : t_Ordering'0 + function index_logic'0 [@inline:trivial] [#"../../../creusot-contracts/src/logic/ops/index.rs" 48 4 48 47] (self : slice t_T'0) (ix : int) : t_T'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - - goal refines : [%#sord0] forall x : int64 . forall y : int64 . cmp_log'0 x y = C_Greater'0 - -> cmp_log'0 x y = C_Greater'0 /\ (forall result : () . cmp_log'0 y x = C_Less'0 -> cmp_log'0 y x = C_Less'0) -end -module M_creusot_contracts__logic__ord__qyi2565746305859701215__cmp_gt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + [%#sindex8] Seq.get (view'1 self) ix - use prelude.prelude.Int64 + function to_mut_seq'0 [#"../../../creusot-contracts/src/std/slice.rs" 90 4 90 43] (self : borrowed (slice t_T'0)) : Seq.seq (borrowed t_T'0) + - use prelude.prelude.Int + axiom to_mut_seq'0_spec : forall self : borrowed (slice t_T'0) . ([%#sslice3] Seq.length (to_mut_seq'0 self) + = Seq.length (view'2 self)) + && ([%#sslice4] forall i : int . 0 <= i /\ i < Seq.length (to_mut_seq'0 self) + -> Seq.get (to_mut_seq'0 self) i + = Borrow.borrow_logic (index_logic'0 self.current i) (index_logic'0 self.final i) (Borrow.inherit_id (Borrow.get_id self) i)) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int64) (o : int64) : t_Ordering'0 + predicate produces'0 [#"../../../creusot-contracts/src/std/slice.rs" 457 4 457 65] (self : t_IterMut'0) (visited : Seq.seq (borrowed t_T'0)) (tl : t_IterMut'0) = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sslice1] to_mut_seq'0 (view'0 self) = Seq.(++) visited (to_mut_seq'0 (view'0 tl)) - goal refines : [%#sord0] forall x : int64 . forall y : int64 . forall result : () . (x > y) - = (cmp_log'0 x y = C_Greater'0) -> (x > y) = (cmp_log'0 x y = C_Greater'0) + goal refines : [%#sslice0] forall a : t_IterMut'0 . forall ab : Seq.seq (borrowed t_T'0) . forall b : t_IterMut'0 . forall bc : Seq.seq (borrowed t_T'0) . forall c : t_IterMut'0 . produces'0 b bc c + /\ produces'0 a ab b + -> produces'0 b bc c + /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) end -module M_creusot_contracts__logic__ord__qyi2565746305859701215__cmp_le_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 +module M_creusot_contracts__stdqy35z1__vec__qyi12862303518309667396__produces_trans__refines [#"../../../creusot-contracts/src/std/vec.rs" 278 4 278 72] (* as std::iter::Iterator> *) + let%span svec0 = "../../../creusot-contracts/src/std/vec.rs" 278 4 278 72 + let%span svec1 = "../../../creusot-contracts/src/std/vec.rs" 264 12 264 41 - use prelude.prelude.Int64 + use prelude.prelude.Opaque - use prelude.prelude.Int + type t_NonNull'0 = + { t_NonNull__pointer'0: opaque_ptr } - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use prelude.prelude.UIntSize - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int64) (o : int64) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + type t_A'0 - goal refines : [%#sord0] forall x : int64 . forall y : int64 . forall result : () . (x <= y) - = (cmp_log'0 x y <> C_Greater'0) -> (x <= y) = (cmp_log'0 x y <> C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi2565746305859701215__cmp_ge_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + type t_ManuallyDrop'0 = + { t_ManuallyDrop__value'0: t_A'0 } - use prelude.prelude.Int64 + type t_IntoIter'0 = + { t_IntoIter__buf'0: t_NonNull'0; + t_IntoIter__phantom'0: (); + t_IntoIter__cap'0: usize; + t_IntoIter__alloc'0: t_ManuallyDrop'0; + t_IntoIter__ptr'0: t_NonNull'0; + t_IntoIter__end'0: opaque_ptr } - use prelude.prelude.Int + type t_T'0 - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int64) (o : int64) : t_Ordering'0 + function view'0 [#"../../../creusot-contracts/src/std/vec.rs" 234 4 234 33] (self : t_IntoIter'0) : Seq.seq t_T'0 + + use seq.Seq + + predicate produces'0 [#"../../../creusot-contracts/src/std/vec.rs" 262 4 262 57] (self : t_IntoIter'0) (visited : Seq.seq t_T'0) (rhs : t_IntoIter'0) = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#svec1] view'0 self = Seq.(++) visited (view'0 rhs) - goal refines : [%#sord0] forall x : int64 . forall y : int64 . forall result : () . (x >= y) - = (cmp_log'0 x y <> C_Less'0) -> (x >= y) = (cmp_log'0 x y <> C_Less'0) + goal refines : [%#svec0] forall a : t_IntoIter'0 . forall ab : Seq.seq t_T'0 . forall b : t_IntoIter'0 . forall bc : Seq.seq t_T'0 . forall c : t_IntoIter'0 . produces'0 b bc c + /\ produces'0 a ab b + -> produces'0 b bc c + /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) end -module M_creusot_contracts__logic__ord__qyi2364657485180829964__antisym1__refines [#"../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - - use prelude.prelude.Int128 - - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 +module M_creusot_contracts__stdqy35z1__vec__qyi12862303518309667396__produces_refl__refines [#"../../../creusot-contracts/src/std/vec.rs" 271 4 271 26] (* as std::iter::Iterator> *) + let%span svec0 = "../../../creusot-contracts/src/std/vec.rs" 271 4 271 26 + let%span svec1 = "../../../creusot-contracts/src/std/vec.rs" 264 12 264 41 - use prelude.prelude.Int + use prelude.prelude.Opaque - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int128) (o : int128) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + type t_NonNull'0 = + { t_NonNull__pointer'0: opaque_ptr } - goal refines : [%#sord0] forall x : int128 . forall y : int128 . cmp_log'0 x y = C_Less'0 - -> cmp_log'0 x y = C_Less'0 /\ (forall result : () . cmp_log'0 y x = C_Greater'0 -> cmp_log'0 y x = C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi2364657485180829964__eq_cmp__refines [#"../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + use prelude.prelude.UIntSize - use prelude.prelude.Int128 + type t_A'0 - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + type t_ManuallyDrop'0 = + { t_ManuallyDrop__value'0: t_A'0 } - use prelude.prelude.Int + type t_IntoIter'0 = + { t_IntoIter__buf'0: t_NonNull'0; + t_IntoIter__phantom'0: (); + t_IntoIter__cap'0: usize; + t_IntoIter__alloc'0: t_ManuallyDrop'0; + t_IntoIter__ptr'0: t_NonNull'0; + t_IntoIter__end'0: opaque_ptr } - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int128) (o : int128) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + use seq.Seq - goal refines : [%#sord0] forall x : int128 . forall y : int128 . forall result : () . (x = y) - = (cmp_log'0 x y = C_Equal'0) -> (x = y) = (cmp_log'0 x y = C_Equal'0) -end -module M_creusot_contracts__logic__ord__qyi2364657485180829964__antisym2__refines [#"../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + type t_T'0 - use prelude.prelude.Int128 + use seq.Seq - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function view'0 [#"../../../creusot-contracts/src/std/vec.rs" 234 4 234 33] (self : t_IntoIter'0) : Seq.seq t_T'0 - use prelude.prelude.Int + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int128) (o : int128) : t_Ordering'0 + predicate produces'0 [#"../../../creusot-contracts/src/std/vec.rs" 262 4 262 57] (self : t_IntoIter'0) (visited : Seq.seq t_T'0) (rhs : t_IntoIter'0) = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#svec1] view'0 self = Seq.(++) visited (view'0 rhs) - goal refines : [%#sord0] forall x : int128 . forall y : int128 . cmp_log'0 x y = C_Greater'0 - -> cmp_log'0 x y = C_Greater'0 /\ (forall result : () . cmp_log'0 y x = C_Less'0 -> cmp_log'0 y x = C_Less'0) + goal refines : [%#svec0] forall self : t_IntoIter'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_T'0) self + -> produces'0 self (Seq.empty : Seq.seq t_T'0) self end -module M_creusot_contracts__logic__ord__qyi2364657485180829964__cmp_gt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 +module M_creusot_contracts__stdqy35z1__cmp__qyi16241606109483467814__cmp_lt_log__refines [#"../../../creusot-contracts/src/std/cmp.rs" 93 4 93 35] (* as logic::ord::OrdLogic> *) + let%span scmp0 = "../../../creusot-contracts/src/std/cmp.rs" 93 4 93 35 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 36 20 36 53 + let%span scmp2 = "../../../creusot-contracts/src/std/cmp.rs" 78 8 82 9 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 + let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 + let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 + let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 + let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 + let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 + let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 + let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 + let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 + let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 + let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 + let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 - use prelude.prelude.Int128 + type t_T'0 - use prelude.prelude.Int + type t_Reverse'0 = + { t_Reverse__0'0: t_T'0 } type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int128) (o : int128) : t_Ordering'0 + function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_T'0) (other : t_T'0) : t_Ordering'0 - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : int128 . forall y : int128 . forall result : () . (x > y) - = (cmp_log'0 x y = C_Greater'0) -> (x > y) = (cmp_log'0 x y = C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi2364657485180829964__refl__refines [#"../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_T'0) (y : t_T'0) : () - use prelude.prelude.Int128 + axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord15] (x = y) = (cmp_log'1 x y = C_Equal'0) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_T'0) (y : t_T'0) : () - use prelude.prelude.Int + axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord13] cmp_log'1 x y = C_Greater'0) + -> ([%#sord14] cmp_log'1 y x = C_Less'0) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int128) (o : int128) : t_Ordering'0 + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_T'0) (y : t_T'0) : () + + axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord11] cmp_log'1 x y = C_Less'0) + -> ([%#sord12] cmp_log'1 y x = C_Greater'0) + + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : int128 . forall result : () . cmp_log'0 x x = C_Equal'0 - -> cmp_log'0 x x = C_Equal'0 -end -module M_creusot_contracts__logic__ord__qyi2364657485180829964__cmp_ge_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord8] cmp_log'1 x y = o) + -> ([%#sord9] cmp_log'1 y z = o) -> ([%#sord10] cmp_log'1 x z = o) - use prelude.prelude.Int128 + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_T'0) : () - use prelude.prelude.Int + axiom refl'0_spec : forall x : t_T'0 . [%#sord7] cmp_log'1 x x = C_Equal'0 - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_T'0) (o : t_T'0) : bool - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int128) (o : int128) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_T'0) (y : t_T'0) : () - goal refines : [%#sord0] forall x : int128 . forall y : int128 . forall result : () . (x >= y) - = (cmp_log'0 x y <> C_Less'0) -> (x >= y) = (cmp_log'0 x y <> C_Less'0) -end -module M_creusot_contracts__logic__ord__qyi2364657485180829964__cmp_lt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord6] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) - use prelude.prelude.Int128 + function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_T'0) (o : t_T'0) : bool - use prelude.prelude.Int + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_T'0) (y : t_T'0) : () - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int128) (o : int128) : t_Ordering'0 + function lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_T'0) (o : t_T'0) : bool + + function cmp_lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_T'0) (y : t_T'0) : () + + axiom cmp_lt_log'1_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] lt_log'1 x y = (cmp_log'1 x y = C_Less'0) + + function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_T'0) (o : t_T'0) : bool + + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_T'0) (y : t_T'0) : () + + axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord3] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) + + function cmp_log'0 [#"../../../creusot-contracts/src/std/cmp.rs" 77 4 77 41] (self : t_Reverse'0) (o : t_Reverse'0) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#scmp2] match cmp_log'1 self.t_Reverse__0'0 o.t_Reverse__0'0 with + | C_Equal'0 -> C_Equal'0 + | C_Less'0 -> C_Greater'0 + | C_Greater'0 -> C_Less'0 + end - goal refines : [%#sord0] forall x : int128 . forall y : int128 . forall result : () . (x < y) - = (cmp_log'0 x y = C_Less'0) -> (x < y) = (cmp_log'0 x y = C_Less'0) + function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_Reverse'0) (o : t_Reverse'0) : bool + + = + [%#sord1] cmp_log'0 self o = C_Less'0 + + goal refines : [%#scmp0] forall x : t_Reverse'0 . forall y : t_Reverse'0 . forall result : () . lt_log'0 x y + = (cmp_log'0 x y = C_Less'0) -> lt_log'0 x y = (cmp_log'0 x y = C_Less'0) end -module M_creusot_contracts__logic__ord__qyi2364657485180829964__cmp_le_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 +module M_creusot_contracts__stdqy35z1__cmp__qyi16241606109483467814__antisym1__refines [#"../../../creusot-contracts/src/std/cmp.rs" 121 4 121 33] (* as logic::ord::OrdLogic> *) + let%span scmp0 = "../../../creusot-contracts/src/std/cmp.rs" 121 4 121 33 + let%span scmp1 = "../../../creusot-contracts/src/std/cmp.rs" 78 8 82 9 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 + let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 + let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 + let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 + let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 + let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 + let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 + let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 + let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 + let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 + let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 - use prelude.prelude.Int128 + type t_T'0 - use prelude.prelude.Int + type t_Reverse'0 = + { t_Reverse__0'0: t_T'0 } type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int128) (o : int128) : t_Ordering'0 + function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_T'0) (other : t_T'0) : t_Ordering'0 - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : int128 . forall y : int128 . forall result : () . (x <= y) - = (cmp_log'0 x y <> C_Greater'0) -> (x <= y) = (cmp_log'0 x y <> C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi2364657485180829964__trans__refines [#"../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_T'0) (y : t_T'0) : () - use prelude.prelude.Int128 + axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord14] (x = y) = (cmp_log'1 x y = C_Equal'0) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_T'0) (y : t_T'0) : () - use prelude.prelude.Int + axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord12] cmp_log'1 x y = C_Greater'0) + -> ([%#sord13] cmp_log'1 y x = C_Less'0) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int128) (o : int128) : t_Ordering'0 + function antisym1'1 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_T'0) (y : t_T'0) : () + + axiom antisym1'1_spec : forall x : t_T'0, y : t_T'0 . ([%#sord10] cmp_log'1 x y = C_Less'0) + -> ([%#sord11] cmp_log'1 y x = C_Greater'0) + + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : int128 . forall y : int128 . forall z : int128 . forall o : t_Ordering'0 . cmp_log'0 y z - = o - /\ cmp_log'0 x y = o - -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) -end -module M_creusot_contracts__logic__ord__qyi8047313880300482848__antisym1__refines [#"../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord7] cmp_log'1 x y = o) + -> ([%#sord8] cmp_log'1 y z = o) -> ([%#sord9] cmp_log'1 x z = o) - use prelude.prelude.IntSize + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_T'0) : () - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + axiom refl'0_spec : forall x : t_T'0 . [%#sord6] cmp_log'1 x x = C_Equal'0 - use prelude.prelude.Int + function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_T'0) (o : t_T'0) : bool - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : isize) (o : isize) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_T'0) (y : t_T'0) : () - goal refines : [%#sord0] forall x : isize . forall y : isize . cmp_log'0 x y = C_Less'0 - -> cmp_log'0 x y = C_Less'0 /\ (forall result : () . cmp_log'0 y x = C_Greater'0 -> cmp_log'0 y x = C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi8047313880300482848__antisym2__refines [#"../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) - use prelude.prelude.IntSize + function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_T'0) (o : t_T'0) : bool - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_T'0) (y : t_T'0) : () - use prelude.prelude.Int + axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : isize) (o : isize) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_T'0) (o : t_T'0) : bool - goal refines : [%#sord0] forall x : isize . forall y : isize . cmp_log'0 x y = C_Greater'0 - -> cmp_log'0 x y = C_Greater'0 /\ (forall result : () . cmp_log'0 y x = C_Less'0 -> cmp_log'0 y x = C_Less'0) -end -module M_creusot_contracts__logic__ord__qyi8047313880300482848__cmp_ge_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_T'0) (y : t_T'0) : () - use prelude.prelude.IntSize + axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord3] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) - use prelude.prelude.Int + function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_T'0) (o : t_T'0) : bool - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_T'0) (y : t_T'0) : () - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : isize) (o : isize) : t_Ordering'0 + axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord2] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) + + function cmp_log'0 [#"../../../creusot-contracts/src/std/cmp.rs" 77 4 77 41] (self : t_Reverse'0) (o : t_Reverse'0) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#scmp1] match cmp_log'1 self.t_Reverse__0'0 o.t_Reverse__0'0 with + | C_Equal'0 -> C_Equal'0 + | C_Less'0 -> C_Greater'0 + | C_Greater'0 -> C_Less'0 + end - goal refines : [%#sord0] forall x : isize . forall y : isize . forall result : () . (x >= y) - = (cmp_log'0 x y <> C_Less'0) -> (x >= y) = (cmp_log'0 x y <> C_Less'0) + goal refines : [%#scmp0] forall x : t_Reverse'0 . forall y : t_Reverse'0 . cmp_log'0 x y = C_Less'0 + -> cmp_log'0 x y = C_Less'0 /\ (forall result : () . cmp_log'0 y x = C_Greater'0 -> cmp_log'0 y x = C_Greater'0) end -module M_creusot_contracts__logic__ord__qyi8047313880300482848__cmp_lt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 +module M_creusot_contracts__stdqy35z1__cmp__qyi16241606109483467814__eq_cmp__refines [#"../../../creusot-contracts/src/std/cmp.rs" 132 4 132 31] (* as logic::ord::OrdLogic> *) + let%span scmp0 = "../../../creusot-contracts/src/std/cmp.rs" 132 4 132 31 + let%span scmp1 = "../../../creusot-contracts/src/std/cmp.rs" 78 8 82 9 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 + let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 + let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 + let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 + let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 + let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 + let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 + let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 + let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 + let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 + let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 - use prelude.prelude.IntSize + type t_T'0 - use prelude.prelude.Int + type t_Reverse'0 = + { t_Reverse__0'0: t_T'0 } type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : isize) (o : isize) : t_Ordering'0 + function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_T'0) (other : t_T'0) : t_Ordering'0 - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : isize . forall y : isize . forall result : () . (x < y) - = (cmp_log'0 x y = C_Less'0) -> (x < y) = (cmp_log'0 x y = C_Less'0) -end -module M_creusot_contracts__logic__ord__qyi8047313880300482848__trans__refines [#"../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + function eq_cmp'1 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_T'0) (y : t_T'0) : () - use prelude.prelude.IntSize + axiom eq_cmp'1_spec : forall x : t_T'0, y : t_T'0 . [%#sord14] (x = y) = (cmp_log'1 x y = C_Equal'0) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_T'0) (y : t_T'0) : () - use prelude.prelude.Int + axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord12] cmp_log'1 x y = C_Greater'0) + -> ([%#sord13] cmp_log'1 y x = C_Less'0) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : isize) (o : isize) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_T'0) (y : t_T'0) : () - goal refines : [%#sord0] forall x : isize . forall y : isize . forall z : isize . forall o : t_Ordering'0 . cmp_log'0 y z - = o - /\ cmp_log'0 x y = o - -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) -end -module M_creusot_contracts__logic__ord__qyi8047313880300482848__eq_cmp__refines [#"../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord10] cmp_log'1 x y = C_Less'0) + -> ([%#sord11] cmp_log'1 y x = C_Greater'0) - use prelude.prelude.IntSize + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () + - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord7] cmp_log'1 x y = o) + -> ([%#sord8] cmp_log'1 y z = o) -> ([%#sord9] cmp_log'1 x z = o) - use prelude.prelude.Int + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_T'0) : () - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : isize) (o : isize) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + axiom refl'0_spec : forall x : t_T'0 . [%#sord6] cmp_log'1 x x = C_Equal'0 - goal refines : [%#sord0] forall x : isize . forall y : isize . forall result : () . (x = y) - = (cmp_log'0 x y = C_Equal'0) -> (x = y) = (cmp_log'0 x y = C_Equal'0) -end -module M_creusot_contracts__logic__ord__qyi8047313880300482848__refl__refines [#"../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_T'0) (o : t_T'0) : bool - use prelude.prelude.IntSize + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_T'0) (y : t_T'0) : () - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) - use prelude.prelude.Int + function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_T'0) (o : t_T'0) : bool - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : isize) (o : isize) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_T'0) (y : t_T'0) : () - goal refines : [%#sord0] forall x : isize . forall result : () . cmp_log'0 x x = C_Equal'0 - -> cmp_log'0 x x = C_Equal'0 -end -module M_creusot_contracts__logic__ord__qyi8047313880300482848__cmp_gt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) - use prelude.prelude.IntSize + function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_T'0) (o : t_T'0) : bool - use prelude.prelude.Int + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_T'0) (y : t_T'0) : () - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord3] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : isize) (o : isize) : t_Ordering'0 + function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_T'0) (o : t_T'0) : bool + + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_T'0) (y : t_T'0) : () + + axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord2] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) + + function cmp_log'0 [#"../../../creusot-contracts/src/std/cmp.rs" 77 4 77 41] (self : t_Reverse'0) (o : t_Reverse'0) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#scmp1] match cmp_log'1 self.t_Reverse__0'0 o.t_Reverse__0'0 with + | C_Equal'0 -> C_Equal'0 + | C_Less'0 -> C_Greater'0 + | C_Greater'0 -> C_Less'0 + end - goal refines : [%#sord0] forall x : isize . forall y : isize . forall result : () . (x > y) - = (cmp_log'0 x y = C_Greater'0) -> (x > y) = (cmp_log'0 x y = C_Greater'0) + goal refines : [%#scmp0] forall x : t_Reverse'0 . forall y : t_Reverse'0 . forall result : () . (x = y) + = (cmp_log'0 x y = C_Equal'0) -> (x = y) = (cmp_log'0 x y = C_Equal'0) end -module M_creusot_contracts__logic__ord__qyi8047313880300482848__cmp_le_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 +module M_creusot_contracts__stdqy35z1__cmp__qyi16241606109483467814__refl__refines [#"../../../creusot-contracts/src/std/cmp.rs" 108 4 108 20] (* as logic::ord::OrdLogic> *) + let%span scmp0 = "../../../creusot-contracts/src/std/cmp.rs" 108 4 108 20 + let%span scmp1 = "../../../creusot-contracts/src/std/cmp.rs" 78 8 82 9 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 + let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 + let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 + let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 + let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 + let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 + let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 + let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 + let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 + let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 + let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 - use prelude.prelude.IntSize + type t_T'0 - use prelude.prelude.Int + type t_Reverse'0 = + { t_Reverse__0'0: t_T'0 } type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : isize) (o : isize) : t_Ordering'0 + function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_T'0) (other : t_T'0) : t_Ordering'0 - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : isize . forall y : isize . forall result : () . (x <= y) - = (cmp_log'0 x y <> C_Greater'0) -> (x <= y) = (cmp_log'0 x y <> C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi17836724837647357586__cmp_ge_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 47 20 47 53 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 248 8 253 9 + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_T'0) (y : t_T'0) : () - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord14] (x = y) = (cmp_log'1 x y = C_Equal'0) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 247 4 247 41] (self : bool) (o : bool) : t_Ordering'0 - - = - [%#sord2] match (self, o) with - | (False, False) -> C_Equal'0 - | (True, True) -> C_Equal'0 - | (False, True) -> C_Less'0 - | (True, False) -> C_Greater'0 - end + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_T'0) (y : t_T'0) : () - function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : bool) (o : bool) : bool = - [%#sord1] cmp_log'0 self o <> C_Less'0 + axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord12] cmp_log'1 x y = C_Greater'0) + -> ([%#sord13] cmp_log'1 y x = C_Less'0) - goal refines : [%#sord0] forall x : bool . forall y : bool . forall result : () . ge_log'0 x y - = (cmp_log'0 x y <> C_Less'0) -> ge_log'0 x y = (cmp_log'0 x y <> C_Less'0) -end -module M_creusot_contracts__logic__ord__qyi17836724837647357586__refl__refines [#"../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 248 8 253 9 + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_T'0) (y : t_T'0) : () - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord10] cmp_log'1 x y = C_Less'0) + -> ([%#sord11] cmp_log'1 y x = C_Greater'0) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 247 4 247 41] (self : bool) (o : bool) : t_Ordering'0 + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () - = - [%#sord1] match (self, o) with - | (False, False) -> C_Equal'0 - | (True, True) -> C_Equal'0 - | (False, True) -> C_Less'0 - | (True, False) -> C_Greater'0 - end - goal refines : [%#sord0] forall x : bool . forall result : () . cmp_log'0 x x = C_Equal'0 - -> cmp_log'0 x x = C_Equal'0 -end -module M_creusot_contracts__logic__ord__qyi17836724837647357586__antisym1__refines [#"../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 248 8 253 9 + axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord7] cmp_log'1 x y = o) + -> ([%#sord8] cmp_log'1 y z = o) -> ([%#sord9] cmp_log'1 x z = o) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function refl'1 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_T'0) : () - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 247 4 247 41] (self : bool) (o : bool) : t_Ordering'0 + axiom refl'1_spec : forall x : t_T'0 . [%#sord6] cmp_log'1 x x = C_Equal'0 + + function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_T'0) (o : t_T'0) : bool + + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_T'0) (y : t_T'0) : () + + axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) + + function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_T'0) (o : t_T'0) : bool + + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_T'0) (y : t_T'0) : () + + axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) + + function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_T'0) (o : t_T'0) : bool + + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_T'0) (y : t_T'0) : () + + axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord3] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) + + function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_T'0) (o : t_T'0) : bool + + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_T'0) (y : t_T'0) : () + + axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord2] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) + + function cmp_log'0 [#"../../../creusot-contracts/src/std/cmp.rs" 77 4 77 41] (self : t_Reverse'0) (o : t_Reverse'0) : t_Ordering'0 = - [%#sord1] match (self, o) with - | (False, False) -> C_Equal'0 - | (True, True) -> C_Equal'0 - | (False, True) -> C_Less'0 - | (True, False) -> C_Greater'0 + [%#scmp1] match cmp_log'1 self.t_Reverse__0'0 o.t_Reverse__0'0 with + | C_Equal'0 -> C_Equal'0 + | C_Less'0 -> C_Greater'0 + | C_Greater'0 -> C_Less'0 end - goal refines : [%#sord0] forall x : bool . forall y : bool . cmp_log'0 x y = C_Less'0 - -> cmp_log'0 x y = C_Less'0 /\ (forall result : () . cmp_log'0 y x = C_Greater'0 -> cmp_log'0 y x = C_Greater'0) + goal refines : [%#scmp0] forall x : t_Reverse'0 . forall result : () . cmp_log'0 x x = C_Equal'0 + -> cmp_log'0 x x = C_Equal'0 end -module M_creusot_contracts__logic__ord__qyi17836724837647357586__cmp_gt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 58 20 58 56 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 248 8 253 9 +module M_creusot_contracts__stdqy35z1__cmp__qyi16241606109483467814__trans__refines [#"../../../creusot-contracts/src/std/cmp.rs" 115 4 115 52] (* as logic::ord::OrdLogic> *) + let%span scmp0 = "../../../creusot-contracts/src/std/cmp.rs" 115 4 115 52 + let%span scmp1 = "../../../creusot-contracts/src/std/cmp.rs" 78 8 82 9 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 + let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 + let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 + let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 + let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 + let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 + let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 + let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 + let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 + let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 + let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 + + type t_T'0 + + type t_Reverse'0 = + { t_Reverse__0'0: t_T'0 } type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 247 4 247 41] (self : bool) (o : bool) : t_Ordering'0 + function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_T'0) (other : t_T'0) : t_Ordering'0 - = - [%#sord2] match (self, o) with - | (False, False) -> C_Equal'0 - | (True, True) -> C_Equal'0 - | (False, True) -> C_Less'0 - | (True, False) -> C_Greater'0 - end - function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : bool) (o : bool) : bool = - [%#sord1] cmp_log'0 self o = C_Greater'0 + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_T'0) (y : t_T'0) : () - goal refines : [%#sord0] forall x : bool . forall y : bool . forall result : () . gt_log'0 x y - = (cmp_log'0 x y = C_Greater'0) -> gt_log'0 x y = (cmp_log'0 x y = C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi17836724837647357586__cmp_le_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 25 20 25 56 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 248 8 253 9 + axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord14] (x = y) = (cmp_log'1 x y = C_Equal'0) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_T'0) (y : t_T'0) : () - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 247 4 247 41] (self : bool) (o : bool) : t_Ordering'0 + axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord12] cmp_log'1 x y = C_Greater'0) + -> ([%#sord13] cmp_log'1 y x = C_Less'0) + + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_T'0) (y : t_T'0) : () + + axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord10] cmp_log'1 x y = C_Less'0) + -> ([%#sord11] cmp_log'1 y x = C_Greater'0) + + function trans'1 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () - = - [%#sord2] match (self, o) with - | (False, False) -> C_Equal'0 - | (True, True) -> C_Equal'0 - | (False, True) -> C_Less'0 - | (True, False) -> C_Greater'0 - end - function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : bool) (o : bool) : bool = - [%#sord1] cmp_log'0 self o <> C_Greater'0 + axiom trans'1_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord7] cmp_log'1 x y = o) + -> ([%#sord8] cmp_log'1 y z = o) -> ([%#sord9] cmp_log'1 x z = o) - goal refines : [%#sord0] forall x : bool . forall y : bool . forall result : () . le_log'0 x y - = (cmp_log'0 x y <> C_Greater'0) -> le_log'0 x y = (cmp_log'0 x y <> C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi17836724837647357586__cmp_lt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 36 20 36 53 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 248 8 253 9 + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_T'0) : () - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + axiom refl'0_spec : forall x : t_T'0 . [%#sord6] cmp_log'1 x x = C_Equal'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 247 4 247 41] (self : bool) (o : bool) : t_Ordering'0 - - = - [%#sord2] match (self, o) with - | (False, False) -> C_Equal'0 - | (True, True) -> C_Equal'0 - | (False, True) -> C_Less'0 - | (True, False) -> C_Greater'0 - end + function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_T'0) (o : t_T'0) : bool - function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : bool) (o : bool) : bool = - [%#sord1] cmp_log'0 self o = C_Less'0 + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_T'0) (y : t_T'0) : () - goal refines : [%#sord0] forall x : bool . forall y : bool . forall result : () . lt_log'0 x y - = (cmp_log'0 x y = C_Less'0) -> lt_log'0 x y = (cmp_log'0 x y = C_Less'0) -end -module M_creusot_contracts__logic__ord__qyi17836724837647357586__eq_cmp__refines [#"../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 248 8 253 9 + axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_T'0) (o : t_T'0) : bool - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 247 4 247 41] (self : bool) (o : bool) : t_Ordering'0 + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_T'0) (y : t_T'0) : () + + axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) + + function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_T'0) (o : t_T'0) : bool + + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_T'0) (y : t_T'0) : () + + axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord3] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) + + function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_T'0) (o : t_T'0) : bool + + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_T'0) (y : t_T'0) : () + + axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord2] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) + + function cmp_log'0 [#"../../../creusot-contracts/src/std/cmp.rs" 77 4 77 41] (self : t_Reverse'0) (o : t_Reverse'0) : t_Ordering'0 = - [%#sord1] match (self, o) with - | (False, False) -> C_Equal'0 - | (True, True) -> C_Equal'0 - | (False, True) -> C_Less'0 - | (True, False) -> C_Greater'0 + [%#scmp1] match cmp_log'1 self.t_Reverse__0'0 o.t_Reverse__0'0 with + | C_Equal'0 -> C_Equal'0 + | C_Less'0 -> C_Greater'0 + | C_Greater'0 -> C_Less'0 end - goal refines : [%#sord0] forall x : bool . forall y : bool . forall result : () . (x = y) - = (cmp_log'0 x y = C_Equal'0) -> (x = y) = (cmp_log'0 x y = C_Equal'0) + goal refines : [%#scmp0] forall x : t_Reverse'0 . forall y : t_Reverse'0 . forall z : t_Reverse'0 . forall o : t_Ordering'0 . cmp_log'0 y z + = o + /\ cmp_log'0 x y = o + -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) end -module M_creusot_contracts__logic__ord__qyi17836724837647357586__antisym2__refines [#"../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 248 8 253 9 +module M_creusot_contracts__stdqy35z1__cmp__qyi16241606109483467814__antisym2__refines [#"../../../creusot-contracts/src/std/cmp.rs" 127 4 127 33] (* as logic::ord::OrdLogic> *) + let%span scmp0 = "../../../creusot-contracts/src/std/cmp.rs" 127 4 127 33 + let%span scmp1 = "../../../creusot-contracts/src/std/cmp.rs" 78 8 82 9 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 + let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 + let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 + let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 + let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 + let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 + let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 + let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 + let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 + let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 + let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 + + type t_T'0 + + type t_Reverse'0 = + { t_Reverse__0'0: t_T'0 } type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 247 4 247 41] (self : bool) (o : bool) : t_Ordering'0 + function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_T'0) (other : t_T'0) : t_Ordering'0 - = - [%#sord1] match (self, o) with - | (False, False) -> C_Equal'0 - | (True, True) -> C_Equal'0 - | (False, True) -> C_Less'0 - | (True, False) -> C_Greater'0 - end - goal refines : [%#sord0] forall x : bool . forall y : bool . cmp_log'0 x y = C_Greater'0 - -> cmp_log'0 x y = C_Greater'0 /\ (forall result : () . cmp_log'0 y x = C_Less'0 -> cmp_log'0 y x = C_Less'0) -end -module M_creusot_contracts__logic__ord__qyi17836724837647357586__trans__refines [#"../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 248 8 253 9 + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_T'0) (y : t_T'0) : () - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord14] (x = y) = (cmp_log'1 x y = C_Equal'0) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 247 4 247 41] (self : bool) (o : bool) : t_Ordering'0 + function antisym2'1 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_T'0) (y : t_T'0) : () + + axiom antisym2'1_spec : forall x : t_T'0, y : t_T'0 . ([%#sord12] cmp_log'1 x y = C_Greater'0) + -> ([%#sord13] cmp_log'1 y x = C_Less'0) + + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_T'0) (y : t_T'0) : () + + axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord10] cmp_log'1 x y = C_Less'0) + -> ([%#sord11] cmp_log'1 y x = C_Greater'0) + + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () + + + axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord7] cmp_log'1 x y = o) + -> ([%#sord8] cmp_log'1 y z = o) -> ([%#sord9] cmp_log'1 x z = o) + + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_T'0) : () + + axiom refl'0_spec : forall x : t_T'0 . [%#sord6] cmp_log'1 x x = C_Equal'0 + + function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_T'0) (o : t_T'0) : bool + + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_T'0) (y : t_T'0) : () + + axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) + + function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_T'0) (o : t_T'0) : bool + + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_T'0) (y : t_T'0) : () + + axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) + + function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_T'0) (o : t_T'0) : bool + + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_T'0) (y : t_T'0) : () + + axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord3] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) + + function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_T'0) (o : t_T'0) : bool + + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_T'0) (y : t_T'0) : () + + axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord2] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) + + function cmp_log'0 [#"../../../creusot-contracts/src/std/cmp.rs" 77 4 77 41] (self : t_Reverse'0) (o : t_Reverse'0) : t_Ordering'0 = - [%#sord1] match (self, o) with - | (False, False) -> C_Equal'0 - | (True, True) -> C_Equal'0 - | (False, True) -> C_Less'0 - | (True, False) -> C_Greater'0 + [%#scmp1] match cmp_log'1 self.t_Reverse__0'0 o.t_Reverse__0'0 with + | C_Equal'0 -> C_Equal'0 + | C_Less'0 -> C_Greater'0 + | C_Greater'0 -> C_Less'0 end - goal refines : [%#sord0] forall x : bool . forall y : bool . forall z : bool . forall o : t_Ordering'0 . cmp_log'0 y z - = o - /\ cmp_log'0 x y = o - -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) + goal refines : [%#scmp0] forall x : t_Reverse'0 . forall y : t_Reverse'0 . cmp_log'0 x y = C_Greater'0 + -> cmp_log'0 x y = C_Greater'0 /\ (forall result : () . cmp_log'0 y x = C_Less'0 -> cmp_log'0 y x = C_Less'0) end -module M_creusot_contracts__logic__ord__qyi1910662420989811789__cmp_gt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39] (* <(A, B) as logic::ord::OrdLogic> *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 294 20 294 67 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 263 8 270 11 +module M_creusot_contracts__stdqy35z1__cmp__qyi16241606109483467814__cmp_le_log__refines [#"../../../creusot-contracts/src/std/cmp.rs" 88 4 88 35] (* as logic::ord::OrdLogic> *) + let%span scmp0 = "../../../creusot-contracts/src/std/cmp.rs" 88 4 88 35 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 25 20 25 56 + let%span scmp2 = "../../../creusot-contracts/src/std/cmp.rs" 78 8 82 9 let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 @@ -18743,140 +18258,184 @@ module M_creusot_contracts__logic__ord__qyi1910662420989811789__cmp_gt_log__refi let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 - type t_A'0 + type t_T'0 - type t_B'0 + type t_Reverse'0 = + { t_Reverse__0'0: t_T'0 } type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_B'0) (other : t_B'0) : t_Ordering'0 + function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_T'0) (other : t_T'0) : t_Ordering'0 - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_B'0) (y : t_B'0) : () + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_T'0) (y : t_T'0) : () - axiom eq_cmp'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord15] (x = y) = (cmp_log'2 x y = C_Equal'0) + axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord15] (x = y) = (cmp_log'1 x y = C_Equal'0) - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_B'0) (y : t_B'0) : () + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_T'0) (y : t_T'0) : () - axiom antisym2'0_spec : forall x : t_B'0, y : t_B'0 . ([%#sord13] cmp_log'2 x y = C_Greater'0) - -> ([%#sord14] cmp_log'2 y x = C_Less'0) + axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord13] cmp_log'1 x y = C_Greater'0) + -> ([%#sord14] cmp_log'1 y x = C_Less'0) - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_B'0) (y : t_B'0) : () + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_T'0) (y : t_T'0) : () - axiom antisym1'0_spec : forall x : t_B'0, y : t_B'0 . ([%#sord11] cmp_log'2 x y = C_Less'0) - -> ([%#sord12] cmp_log'2 y x = C_Greater'0) + axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord11] cmp_log'1 x y = C_Less'0) + -> ([%#sord12] cmp_log'1 y x = C_Greater'0) - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_B'0) (y : t_B'0) (z : t_B'0) (o : t_Ordering'0) : () + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () - axiom trans'0_spec : forall x : t_B'0, y : t_B'0, z : t_B'0, o : t_Ordering'0 . ([%#sord8] cmp_log'2 x y = o) - -> ([%#sord9] cmp_log'2 y z = o) -> ([%#sord10] cmp_log'2 x z = o) + axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord8] cmp_log'1 x y = o) + -> ([%#sord9] cmp_log'1 y z = o) -> ([%#sord10] cmp_log'1 x z = o) - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_B'0) : () + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_T'0) : () - axiom refl'0_spec : forall x : t_B'0 . [%#sord7] cmp_log'2 x x = C_Equal'0 + axiom refl'0_spec : forall x : t_T'0 . [%#sord7] cmp_log'1 x x = C_Equal'0 - function gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_B'0) (o : t_B'0) : bool + function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_T'0) (o : t_T'0) : bool - function cmp_gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_B'0) (y : t_B'0) : () + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_T'0) (y : t_T'0) : () - axiom cmp_gt_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord6] gt_log'1 x y = (cmp_log'2 x y = C_Greater'0) + axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord6] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) - function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_B'0) (o : t_B'0) : bool + function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_T'0) (o : t_T'0) : bool - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_B'0) (y : t_B'0) : () + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_T'0) (y : t_T'0) : () - axiom cmp_ge_log'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord5] ge_log'0 x y = (cmp_log'2 x y <> C_Less'0) + axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) - function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_B'0) (o : t_B'0) : bool + function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_T'0) (o : t_T'0) : bool - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_B'0) (y : t_B'0) : () + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_T'0) (y : t_T'0) : () - axiom cmp_lt_log'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord4] lt_log'0 x y = (cmp_log'2 x y = C_Less'0) + axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) - function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_B'0) (o : t_B'0) : bool + function le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_T'0) (o : t_T'0) : bool - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_B'0) (y : t_B'0) : () + function cmp_le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_T'0) (y : t_T'0) : () - axiom cmp_le_log'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord3] le_log'0 x y = (cmp_log'2 x y <> C_Greater'0) + axiom cmp_le_log'1_spec : forall x : t_T'0, y : t_T'0 . [%#sord3] le_log'1 x y = (cmp_log'1 x y <> C_Greater'0) - function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_A'0) (other : t_A'0) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/std/cmp.rs" 77 4 77 41] (self : t_Reverse'0) (o : t_Reverse'0) : t_Ordering'0 + = + [%#scmp2] match cmp_log'1 self.t_Reverse__0'0 o.t_Reverse__0'0 with + | C_Equal'0 -> C_Equal'0 + | C_Less'0 -> C_Greater'0 + | C_Greater'0 -> C_Less'0 + end - function eq_cmp'1 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_A'0) (y : t_A'0) : () + function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_Reverse'0) (o : t_Reverse'0) : bool + + = + [%#sord1] cmp_log'0 self o <> C_Greater'0 - axiom eq_cmp'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord15] (x = y) = (cmp_log'1 x y = C_Equal'0) + goal refines : [%#scmp0] forall x : t_Reverse'0 . forall y : t_Reverse'0 . forall result : () . le_log'0 x y + = (cmp_log'0 x y <> C_Greater'0) -> le_log'0 x y = (cmp_log'0 x y <> C_Greater'0) +end +module M_creusot_contracts__stdqy35z1__cmp__qyi16241606109483467814__cmp_ge_log__refines [#"../../../creusot-contracts/src/std/cmp.rs" 98 4 98 35] (* as logic::ord::OrdLogic> *) + let%span scmp0 = "../../../creusot-contracts/src/std/cmp.rs" 98 4 98 35 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 47 20 47 53 + let%span scmp2 = "../../../creusot-contracts/src/std/cmp.rs" 78 8 82 9 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 + let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 + let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 + let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 + let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 + let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 + let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 + let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 + let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 + let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 + let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 + let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 - function antisym2'1 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_A'0) (y : t_A'0) : () + type t_T'0 - axiom antisym2'1_spec : forall x : t_A'0, y : t_A'0 . ([%#sord13] cmp_log'1 x y = C_Greater'0) + type t_Reverse'0 = + { t_Reverse__0'0: t_T'0 } + + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 + + function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_T'0) (other : t_T'0) : t_Ordering'0 + + + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_T'0) (y : t_T'0) : () + + axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord15] (x = y) = (cmp_log'1 x y = C_Equal'0) + + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_T'0) (y : t_T'0) : () + + axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord13] cmp_log'1 x y = C_Greater'0) -> ([%#sord14] cmp_log'1 y x = C_Less'0) - function antisym1'1 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_A'0) (y : t_A'0) : () + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_T'0) (y : t_T'0) : () - axiom antisym1'1_spec : forall x : t_A'0, y : t_A'0 . ([%#sord11] cmp_log'1 x y = C_Less'0) + axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord11] cmp_log'1 x y = C_Less'0) -> ([%#sord12] cmp_log'1 y x = C_Greater'0) - function trans'1 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_A'0) (y : t_A'0) (z : t_A'0) (o : t_Ordering'0) : () + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () - axiom trans'1_spec : forall x : t_A'0, y : t_A'0, z : t_A'0, o : t_Ordering'0 . ([%#sord8] cmp_log'1 x y = o) + axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord8] cmp_log'1 x y = o) -> ([%#sord9] cmp_log'1 y z = o) -> ([%#sord10] cmp_log'1 x z = o) - function refl'1 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_A'0) : () + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_T'0) : () - axiom refl'1_spec : forall x : t_A'0 . [%#sord7] cmp_log'1 x x = C_Equal'0 + axiom refl'0_spec : forall x : t_T'0 . [%#sord7] cmp_log'1 x x = C_Equal'0 - function gt_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_A'0) (o : t_A'0) : bool + function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_T'0) (o : t_T'0) : bool - function cmp_gt_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_A'0) (y : t_A'0) : () + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_T'0) (y : t_T'0) : () - axiom cmp_gt_log'2_spec : forall x : t_A'0, y : t_A'0 . [%#sord6] gt_log'2 x y = (cmp_log'1 x y = C_Greater'0) + axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord6] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) - function ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_A'0) (o : t_A'0) : bool + function ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_T'0) (o : t_T'0) : bool - function cmp_ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_A'0) (y : t_A'0) : () + function cmp_ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_T'0) (y : t_T'0) : () - axiom cmp_ge_log'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord5] ge_log'1 x y = (cmp_log'1 x y <> C_Less'0) + axiom cmp_ge_log'1_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] ge_log'1 x y = (cmp_log'1 x y <> C_Less'0) - function lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_A'0) (o : t_A'0) : bool + function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_T'0) (o : t_T'0) : bool - function cmp_lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_A'0) (y : t_A'0) : () + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_T'0) (y : t_T'0) : () - axiom cmp_lt_log'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord4] lt_log'1 x y = (cmp_log'1 x y = C_Less'0) + axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) - function le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_A'0) (o : t_A'0) : bool + function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_T'0) (o : t_T'0) : bool - function cmp_le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_A'0) (y : t_A'0) : () + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_T'0) (y : t_T'0) : () - axiom cmp_le_log'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord3] le_log'1 x y = (cmp_log'1 x y <> C_Greater'0) + axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord3] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) - function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 293 4 293 36] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : bool + function cmp_log'0 [#"../../../creusot-contracts/src/std/cmp.rs" 77 4 77 41] (self : t_Reverse'0) (o : t_Reverse'0) : t_Ordering'0 = - [%#sord1] (let (a, _) = self in a) = (let (a, _) = o in a) - /\ gt_log'1 (let (_, a) = self in a) (let (_, a) = o in a) - \/ gt_log'2 (let (a, _) = self in a) (let (a, _) = o in a) + [%#scmp2] match cmp_log'1 self.t_Reverse__0'0 o.t_Reverse__0'0 with + | C_Equal'0 -> C_Equal'0 + | C_Less'0 -> C_Greater'0 + | C_Greater'0 -> C_Less'0 + end - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 262 4 262 41] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : t_Ordering'0 + function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_Reverse'0) (o : t_Reverse'0) : bool = - [%#sord2] let r = cmp_log'1 (let (a, _) = self in a) (let (a, _) = o in a) in if r = C_Equal'0 then - cmp_log'2 (let (_, a) = self in a) (let (_, a) = o in a) - else - r - + [%#sord1] cmp_log'0 self o <> C_Less'0 - goal refines : [%#sord0] forall x : (t_A'0, t_B'0) . forall y : (t_A'0, t_B'0) . forall result : () . gt_log'0 x y - = (cmp_log'0 x y = C_Greater'0) -> gt_log'0 x y = (cmp_log'0 x y = C_Greater'0) + goal refines : [%#scmp0] forall x : t_Reverse'0 . forall y : t_Reverse'0 . forall result : () . ge_log'0 x y + = (cmp_log'0 x y <> C_Less'0) -> ge_log'0 x y = (cmp_log'0 x y <> C_Less'0) end -module M_creusot_contracts__logic__ord__qyi1910662420989811789__cmp_ge_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39] (* <(A, B) as logic::ord::OrdLogic> *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 288 20 288 68 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 263 8 270 11 +module M_creusot_contracts__stdqy35z1__cmp__qyi16241606109483467814__cmp_gt_log__refines [#"../../../creusot-contracts/src/std/cmp.rs" 103 4 103 35] (* as logic::ord::OrdLogic> *) + let%span scmp0 = "../../../creusot-contracts/src/std/cmp.rs" 103 4 103 35 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 58 20 58 56 + let%span scmp2 = "../../../creusot-contracts/src/std/cmp.rs" 78 8 82 9 let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 @@ -18891,279 +18450,381 @@ module M_creusot_contracts__logic__ord__qyi1910662420989811789__cmp_ge_log__refi let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 - type t_A'0 + type t_T'0 - type t_B'0 + type t_Reverse'0 = + { t_Reverse__0'0: t_T'0 } type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_B'0) (other : t_B'0) : t_Ordering'0 + function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_T'0) (other : t_T'0) : t_Ordering'0 - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_B'0) (y : t_B'0) : () + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_T'0) (y : t_T'0) : () - axiom eq_cmp'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord15] (x = y) = (cmp_log'2 x y = C_Equal'0) + axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord15] (x = y) = (cmp_log'1 x y = C_Equal'0) - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_B'0) (y : t_B'0) : () + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_T'0) (y : t_T'0) : () - axiom antisym2'0_spec : forall x : t_B'0, y : t_B'0 . ([%#sord13] cmp_log'2 x y = C_Greater'0) - -> ([%#sord14] cmp_log'2 y x = C_Less'0) + axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord13] cmp_log'1 x y = C_Greater'0) + -> ([%#sord14] cmp_log'1 y x = C_Less'0) - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_B'0) (y : t_B'0) : () + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_T'0) (y : t_T'0) : () - axiom antisym1'0_spec : forall x : t_B'0, y : t_B'0 . ([%#sord11] cmp_log'2 x y = C_Less'0) - -> ([%#sord12] cmp_log'2 y x = C_Greater'0) + axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord11] cmp_log'1 x y = C_Less'0) + -> ([%#sord12] cmp_log'1 y x = C_Greater'0) - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_B'0) (y : t_B'0) (z : t_B'0) (o : t_Ordering'0) : () + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () - axiom trans'0_spec : forall x : t_B'0, y : t_B'0, z : t_B'0, o : t_Ordering'0 . ([%#sord8] cmp_log'2 x y = o) - -> ([%#sord9] cmp_log'2 y z = o) -> ([%#sord10] cmp_log'2 x z = o) + axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord8] cmp_log'1 x y = o) + -> ([%#sord9] cmp_log'1 y z = o) -> ([%#sord10] cmp_log'1 x z = o) - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_B'0) : () + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_T'0) : () - axiom refl'0_spec : forall x : t_B'0 . [%#sord7] cmp_log'2 x x = C_Equal'0 + axiom refl'0_spec : forall x : t_T'0 . [%#sord7] cmp_log'1 x x = C_Equal'0 - function gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_B'0) (o : t_B'0) : bool + function gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_T'0) (o : t_T'0) : bool - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_B'0) (y : t_B'0) : () + function cmp_gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_T'0) (y : t_T'0) : () - axiom cmp_gt_log'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord6] gt_log'1 x y = (cmp_log'2 x y = C_Greater'0) + axiom cmp_gt_log'1_spec : forall x : t_T'0, y : t_T'0 . [%#sord6] gt_log'1 x y = (cmp_log'1 x y = C_Greater'0) - function ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_B'0) (o : t_B'0) : bool + function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_T'0) (o : t_T'0) : bool - function cmp_ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_B'0) (y : t_B'0) : () + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_T'0) (y : t_T'0) : () - axiom cmp_ge_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord5] ge_log'1 x y = (cmp_log'2 x y <> C_Less'0) + axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) - function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_B'0) (o : t_B'0) : bool + function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_T'0) (o : t_T'0) : bool - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_B'0) (y : t_B'0) : () + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_T'0) (y : t_T'0) : () - axiom cmp_lt_log'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord4] lt_log'0 x y = (cmp_log'2 x y = C_Less'0) + axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) - function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_B'0) (o : t_B'0) : bool + function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_T'0) (o : t_T'0) : bool - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_B'0) (y : t_B'0) : () + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_T'0) (y : t_T'0) : () - axiom cmp_le_log'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord3] le_log'0 x y = (cmp_log'2 x y <> C_Greater'0) + axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord3] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) - function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_A'0) (other : t_A'0) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/std/cmp.rs" 77 4 77 41] (self : t_Reverse'0) (o : t_Reverse'0) : t_Ordering'0 + = + [%#scmp2] match cmp_log'1 self.t_Reverse__0'0 o.t_Reverse__0'0 with + | C_Equal'0 -> C_Equal'0 + | C_Less'0 -> C_Greater'0 + | C_Greater'0 -> C_Less'0 + end - function eq_cmp'1 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_A'0) (y : t_A'0) : () - - axiom eq_cmp'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord15] (x = y) = (cmp_log'1 x y = C_Equal'0) + function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_Reverse'0) (o : t_Reverse'0) : bool + + = + [%#sord1] cmp_log'0 self o = C_Greater'0 - function antisym2'1 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_A'0) (y : t_A'0) : () + goal refines : [%#scmp0] forall x : t_Reverse'0 . forall y : t_Reverse'0 . forall result : () . gt_log'0 x y + = (cmp_log'0 x y = C_Greater'0) -> gt_log'0 x y = (cmp_log'0 x y = C_Greater'0) +end +module M_creusot_contracts__stdqy35z1__option__qyi10751279649878241649__cmp_ge_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39] (* as logic::ord::OrdLogic> *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 47 20 47 53 + let%span soption2 = "../../../creusot-contracts/src/std/option.rs" 437 8 442 9 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 + let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 + let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 + let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 + let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 + let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 + let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 + let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 + let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 + let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 + let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 + let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 - axiom antisym2'1_spec : forall x : t_A'0, y : t_A'0 . ([%#sord13] cmp_log'1 x y = C_Greater'0) - -> ([%#sord14] cmp_log'1 y x = C_Less'0) + type t_T'0 - function antisym1'1 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_A'0) (y : t_A'0) : () + type t_Option'0 = + | C_None'0 + | C_Some'0 t_T'0 - axiom antisym1'1_spec : forall x : t_A'0, y : t_A'0 . ([%#sord11] cmp_log'1 x y = C_Less'0) - -> ([%#sord12] cmp_log'1 y x = C_Greater'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function trans'1 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_A'0) (y : t_A'0) (z : t_A'0) (o : t_Ordering'0) : () + function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_T'0) (other : t_T'0) : t_Ordering'0 - axiom trans'1_spec : forall x : t_A'0, y : t_A'0, z : t_A'0, o : t_Ordering'0 . ([%#sord8] cmp_log'1 x y = o) - -> ([%#sord9] cmp_log'1 y z = o) -> ([%#sord10] cmp_log'1 x z = o) + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_T'0) (y : t_T'0) : () - function refl'1 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_A'0) : () + axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord15] (x = y) = (cmp_log'1 x y = C_Equal'0) - axiom refl'1_spec : forall x : t_A'0 . [%#sord7] cmp_log'1 x x = C_Equal'0 + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_T'0) (y : t_T'0) : () - function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_A'0) (o : t_A'0) : bool + axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord13] cmp_log'1 x y = C_Greater'0) + -> ([%#sord14] cmp_log'1 y x = C_Less'0) - function cmp_gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_A'0) (y : t_A'0) : () + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_T'0) (y : t_T'0) : () - axiom cmp_gt_log'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord6] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) + axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord11] cmp_log'1 x y = C_Less'0) + -> ([%#sord12] cmp_log'1 y x = C_Greater'0) - function ge_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_A'0) (o : t_A'0) : bool + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () + - function cmp_ge_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_A'0) (y : t_A'0) : () + axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord8] cmp_log'1 x y = o) + -> ([%#sord9] cmp_log'1 y z = o) -> ([%#sord10] cmp_log'1 x z = o) - axiom cmp_ge_log'2_spec : forall x : t_A'0, y : t_A'0 . [%#sord5] ge_log'2 x y = (cmp_log'1 x y <> C_Less'0) + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_T'0) : () - function lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_A'0) (o : t_A'0) : bool + axiom refl'0_spec : forall x : t_T'0 . [%#sord7] cmp_log'1 x x = C_Equal'0 - function cmp_lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_A'0) (y : t_A'0) : () + function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_T'0) (o : t_T'0) : bool - axiom cmp_lt_log'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord4] lt_log'1 x y = (cmp_log'1 x y = C_Less'0) + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_T'0) (y : t_T'0) : () - function le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_A'0) (o : t_A'0) : bool + axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord6] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) - function cmp_le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_A'0) (y : t_A'0) : () + function ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_T'0) (o : t_T'0) : bool - axiom cmp_le_log'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord3] le_log'1 x y = (cmp_log'1 x y <> C_Greater'0) + function cmp_ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_T'0) (y : t_T'0) : () - function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 287 4 287 36] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : bool + axiom cmp_ge_log'1_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] ge_log'1 x y = (cmp_log'1 x y <> C_Less'0) + + function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_T'0) (o : t_T'0) : bool + + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_T'0) (y : t_T'0) : () + + axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) + + function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_T'0) (o : t_T'0) : bool + + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_T'0) (y : t_T'0) : () + + axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord3] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) + + function cmp_log'0 [#"../../../creusot-contracts/src/std/option.rs" 436 4 436 41] (self : t_Option'0) (o : t_Option'0) : t_Ordering'0 = - [%#sord1] (let (a, _) = self in a) = (let (a, _) = o in a) - /\ ge_log'1 (let (_, a) = self in a) (let (_, a) = o in a) - \/ gt_log'0 (let (a, _) = self in a) (let (a, _) = o in a) + [%#soption2] match (self, o) with + | (C_None'0, C_None'0) -> C_Equal'0 + | (C_None'0, C_Some'0 _) -> C_Less'0 + | (C_Some'0 _, C_None'0) -> C_Greater'0 + | (C_Some'0 x, C_Some'0 y) -> cmp_log'1 x y + end - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 262 4 262 41] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : t_Ordering'0 + function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_Option'0) (o : t_Option'0) : bool = - [%#sord2] let r = cmp_log'1 (let (a, _) = self in a) (let (a, _) = o in a) in if r = C_Equal'0 then - cmp_log'2 (let (_, a) = self in a) (let (_, a) = o in a) - else - r - + [%#sord1] cmp_log'0 self o <> C_Less'0 - goal refines : [%#sord0] forall x : (t_A'0, t_B'0) . forall y : (t_A'0, t_B'0) . forall result : () . ge_log'0 x y + goal refines : [%#sord0] forall x : t_Option'0 . forall y : t_Option'0 . forall result : () . ge_log'0 x y = (cmp_log'0 x y <> C_Less'0) -> ge_log'0 x y = (cmp_log'0 x y <> C_Less'0) end -module M_creusot_contracts__logic__ord__qyi1910662420989811789__antisym2__refines [#"../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37] (* <(A, B) as logic::ord::OrdLogic> *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 263 8 270 11 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 - let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 - let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 - let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 - let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 - let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 - let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 - let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 - let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 - let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 - let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 +module M_creusot_contracts__stdqy35z1__option__qyi10751279649878241649__cmp_le_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39] (* as logic::ord::OrdLogic> *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 25 20 25 56 + let%span soption2 = "../../../creusot-contracts/src/std/option.rs" 437 8 442 9 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 + let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 + let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 + let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 + let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 + let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 + let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 + let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 + let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 + let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 + let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 + let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 - type t_A'0 + type t_T'0 - type t_B'0 + type t_Option'0 = + | C_None'0 + | C_Some'0 t_T'0 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_A'0) (other : t_A'0) : t_Ordering'0 + function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_T'0) (other : t_T'0) : t_Ordering'0 - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_A'0) (y : t_A'0) : () + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_T'0) (y : t_T'0) : () - axiom eq_cmp'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord14] (x = y) = (cmp_log'1 x y = C_Equal'0) + axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord15] (x = y) = (cmp_log'1 x y = C_Equal'0) - function antisym2'1 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_A'0) (y : t_A'0) : () + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_T'0) (y : t_T'0) : () - axiom antisym2'1_spec : forall x : t_A'0, y : t_A'0 . ([%#sord12] cmp_log'1 x y = C_Greater'0) - -> ([%#sord13] cmp_log'1 y x = C_Less'0) + axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord13] cmp_log'1 x y = C_Greater'0) + -> ([%#sord14] cmp_log'1 y x = C_Less'0) - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_A'0) (y : t_A'0) : () + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_T'0) (y : t_T'0) : () - axiom antisym1'0_spec : forall x : t_A'0, y : t_A'0 . ([%#sord10] cmp_log'1 x y = C_Less'0) - -> ([%#sord11] cmp_log'1 y x = C_Greater'0) + axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord11] cmp_log'1 x y = C_Less'0) + -> ([%#sord12] cmp_log'1 y x = C_Greater'0) - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_A'0) (y : t_A'0) (z : t_A'0) (o : t_Ordering'0) : () + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () - axiom trans'0_spec : forall x : t_A'0, y : t_A'0, z : t_A'0, o : t_Ordering'0 . ([%#sord7] cmp_log'1 x y = o) - -> ([%#sord8] cmp_log'1 y z = o) -> ([%#sord9] cmp_log'1 x z = o) + axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord8] cmp_log'1 x y = o) + -> ([%#sord9] cmp_log'1 y z = o) -> ([%#sord10] cmp_log'1 x z = o) - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_A'0) : () + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_T'0) : () - axiom refl'0_spec : forall x : t_A'0 . [%#sord6] cmp_log'1 x x = C_Equal'0 + axiom refl'0_spec : forall x : t_T'0 . [%#sord7] cmp_log'1 x x = C_Equal'0 - function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_A'0) (o : t_A'0) : bool + function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_T'0) (o : t_T'0) : bool - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_A'0) (y : t_A'0) : () + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_T'0) (y : t_T'0) : () - axiom cmp_gt_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord5] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) + axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord6] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) - function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_A'0) (o : t_A'0) : bool + function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_T'0) (o : t_T'0) : bool - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_A'0) (y : t_A'0) : () + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_T'0) (y : t_T'0) : () - axiom cmp_ge_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord4] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) + axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) - function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_A'0) (o : t_A'0) : bool + function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_T'0) (o : t_T'0) : bool - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_A'0) (y : t_A'0) : () + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_T'0) (y : t_T'0) : () - axiom cmp_lt_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord3] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) + axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) - function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_A'0) (o : t_A'0) : bool + function le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_T'0) (o : t_T'0) : bool - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_A'0) (y : t_A'0) : () + function cmp_le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_T'0) (y : t_T'0) : () - axiom cmp_le_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord2] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) + axiom cmp_le_log'1_spec : forall x : t_T'0, y : t_T'0 . [%#sord3] le_log'1 x y = (cmp_log'1 x y <> C_Greater'0) - function cmp_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_B'0) (other : t_B'0) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/std/option.rs" 436 4 436 41] (self : t_Option'0) (o : t_Option'0) : t_Ordering'0 + = + [%#soption2] match (self, o) with + | (C_None'0, C_None'0) -> C_Equal'0 + | (C_None'0, C_Some'0 _) -> C_Less'0 + | (C_Some'0 _, C_None'0) -> C_Greater'0 + | (C_Some'0 x, C_Some'0 y) -> cmp_log'1 x y + end - function eq_cmp'1 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_B'0) (y : t_B'0) : () + function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_Option'0) (o : t_Option'0) : bool + + = + [%#sord1] cmp_log'0 self o <> C_Greater'0 - axiom eq_cmp'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord14] (x = y) = (cmp_log'2 x y = C_Equal'0) + goal refines : [%#sord0] forall x : t_Option'0 . forall y : t_Option'0 . forall result : () . le_log'0 x y + = (cmp_log'0 x y <> C_Greater'0) -> le_log'0 x y = (cmp_log'0 x y <> C_Greater'0) +end +module M_creusot_contracts__stdqy35z1__option__qyi10751279649878241649__cmp_gt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39] (* as logic::ord::OrdLogic> *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 58 20 58 56 + let%span soption2 = "../../../creusot-contracts/src/std/option.rs" 437 8 442 9 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 + let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 + let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 + let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 + let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 + let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 + let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 + let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 + let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 + let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 + let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 + let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 - function antisym2'2 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_B'0) (y : t_B'0) : () + type t_T'0 - axiom antisym2'2_spec : forall x : t_B'0, y : t_B'0 . ([%#sord12] cmp_log'2 x y = C_Greater'0) - -> ([%#sord13] cmp_log'2 y x = C_Less'0) + type t_Option'0 = + | C_None'0 + | C_Some'0 t_T'0 - function antisym1'1 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_B'0) (y : t_B'0) : () + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - axiom antisym1'1_spec : forall x : t_B'0, y : t_B'0 . ([%#sord10] cmp_log'2 x y = C_Less'0) - -> ([%#sord11] cmp_log'2 y x = C_Greater'0) + function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_T'0) (other : t_T'0) : t_Ordering'0 + - function trans'1 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_B'0) (y : t_B'0) (z : t_B'0) (o : t_Ordering'0) : () + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_T'0) (y : t_T'0) : () + + axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord15] (x = y) = (cmp_log'1 x y = C_Equal'0) + + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_T'0) (y : t_T'0) : () + + axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord13] cmp_log'1 x y = C_Greater'0) + -> ([%#sord14] cmp_log'1 y x = C_Less'0) + + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_T'0) (y : t_T'0) : () + + axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord11] cmp_log'1 x y = C_Less'0) + -> ([%#sord12] cmp_log'1 y x = C_Greater'0) + + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () - axiom trans'1_spec : forall x : t_B'0, y : t_B'0, z : t_B'0, o : t_Ordering'0 . ([%#sord7] cmp_log'2 x y = o) - -> ([%#sord8] cmp_log'2 y z = o) -> ([%#sord9] cmp_log'2 x z = o) + axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord8] cmp_log'1 x y = o) + -> ([%#sord9] cmp_log'1 y z = o) -> ([%#sord10] cmp_log'1 x z = o) - function refl'1 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_B'0) : () + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_T'0) : () - axiom refl'1_spec : forall x : t_B'0 . [%#sord6] cmp_log'2 x x = C_Equal'0 + axiom refl'0_spec : forall x : t_T'0 . [%#sord7] cmp_log'1 x x = C_Equal'0 - function gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_B'0) (o : t_B'0) : bool + function gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_T'0) (o : t_T'0) : bool - function cmp_gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_B'0) (y : t_B'0) : () + function cmp_gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_T'0) (y : t_T'0) : () - axiom cmp_gt_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord5] gt_log'1 x y = (cmp_log'2 x y = C_Greater'0) + axiom cmp_gt_log'1_spec : forall x : t_T'0, y : t_T'0 . [%#sord6] gt_log'1 x y = (cmp_log'1 x y = C_Greater'0) - function ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_B'0) (o : t_B'0) : bool + function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_T'0) (o : t_T'0) : bool - function cmp_ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_B'0) (y : t_B'0) : () + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_T'0) (y : t_T'0) : () - axiom cmp_ge_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord4] ge_log'1 x y = (cmp_log'2 x y <> C_Less'0) + axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) - function lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_B'0) (o : t_B'0) : bool + function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_T'0) (o : t_T'0) : bool - function cmp_lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_B'0) (y : t_B'0) : () + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_T'0) (y : t_T'0) : () - axiom cmp_lt_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord3] lt_log'1 x y = (cmp_log'2 x y = C_Less'0) + axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) - function le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_B'0) (o : t_B'0) : bool + function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_T'0) (o : t_T'0) : bool - function cmp_le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_B'0) (y : t_B'0) : () + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_T'0) (y : t_T'0) : () - axiom cmp_le_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord2] le_log'1 x y = (cmp_log'2 x y <> C_Greater'0) + axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord3] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 262 4 262 41] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/std/option.rs" 436 4 436 41] (self : t_Option'0) (o : t_Option'0) : t_Ordering'0 = - [%#sord1] let r = cmp_log'1 (let (a, _) = self in a) (let (a, _) = o in a) in if r = C_Equal'0 then - cmp_log'2 (let (_, a) = self in a) (let (_, a) = o in a) - else - r - - - goal refines : [%#sord0] forall x : (t_A'0, t_B'0) . forall y : (t_A'0, t_B'0) . cmp_log'0 x y = C_Greater'0 - -> cmp_log'0 x y = C_Greater'0 /\ (forall result : () . cmp_log'0 y x = C_Less'0 -> cmp_log'0 y x = C_Less'0) -end -module M_creusot_contracts__logic__ord__qyi1910662420989811789__eq_cmp__refines [#"../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35] (* <(A, B) as logic::ord::OrdLogic> *) + [%#soption2] match (self, o) with + | (C_None'0, C_None'0) -> C_Equal'0 + | (C_None'0, C_Some'0 _) -> C_Less'0 + | (C_Some'0 _, C_None'0) -> C_Greater'0 + | (C_Some'0 x, C_Some'0 y) -> cmp_log'1 x y + end + + function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_Option'0) (o : t_Option'0) : bool + + = + [%#sord1] cmp_log'0 self o = C_Greater'0 + + goal refines : [%#sord0] forall x : t_Option'0 . forall y : t_Option'0 . forall result : () . gt_log'0 x y + = (cmp_log'0 x y = C_Greater'0) -> gt_log'0 x y = (cmp_log'0 x y = C_Greater'0) +end +module M_creusot_contracts__stdqy35z1__option__qyi10751279649878241649__eq_cmp__refines [#"../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35] (* as logic::ord::OrdLogic> *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 263 8 270 11 + let%span soption1 = "../../../creusot-contracts/src/std/option.rs" 437 8 442 9 let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 @@ -19178,133 +18839,85 @@ module M_creusot_contracts__logic__ord__qyi1910662420989811789__eq_cmp__refines let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 - type t_A'0 + type t_T'0 - type t_B'0 + type t_Option'0 = + | C_None'0 + | C_Some'0 t_T'0 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_A'0) (other : t_A'0) : t_Ordering'0 + function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_T'0) (other : t_T'0) : t_Ordering'0 - function eq_cmp'1 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_A'0) (y : t_A'0) : () + function eq_cmp'1 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_T'0) (y : t_T'0) : () - axiom eq_cmp'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord14] (x = y) = (cmp_log'1 x y = C_Equal'0) + axiom eq_cmp'1_spec : forall x : t_T'0, y : t_T'0 . [%#sord14] (x = y) = (cmp_log'1 x y = C_Equal'0) - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_A'0) (y : t_A'0) : () + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_T'0) (y : t_T'0) : () - axiom antisym2'0_spec : forall x : t_A'0, y : t_A'0 . ([%#sord12] cmp_log'1 x y = C_Greater'0) + axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord12] cmp_log'1 x y = C_Greater'0) -> ([%#sord13] cmp_log'1 y x = C_Less'0) - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_A'0) (y : t_A'0) : () + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_T'0) (y : t_T'0) : () - axiom antisym1'0_spec : forall x : t_A'0, y : t_A'0 . ([%#sord10] cmp_log'1 x y = C_Less'0) + axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord10] cmp_log'1 x y = C_Less'0) -> ([%#sord11] cmp_log'1 y x = C_Greater'0) - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_A'0) (y : t_A'0) (z : t_A'0) (o : t_Ordering'0) : () + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () - axiom trans'0_spec : forall x : t_A'0, y : t_A'0, z : t_A'0, o : t_Ordering'0 . ([%#sord7] cmp_log'1 x y = o) + axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord7] cmp_log'1 x y = o) -> ([%#sord8] cmp_log'1 y z = o) -> ([%#sord9] cmp_log'1 x z = o) - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_A'0) : () - - axiom refl'0_spec : forall x : t_A'0 . [%#sord6] cmp_log'1 x x = C_Equal'0 - - function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_A'0) (o : t_A'0) : bool - - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_A'0) (y : t_A'0) : () - - axiom cmp_gt_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord5] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) - - function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_A'0) (o : t_A'0) : bool - - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_A'0) (y : t_A'0) : () - - axiom cmp_ge_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord4] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) - - function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_A'0) (o : t_A'0) : bool - - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_A'0) (y : t_A'0) : () - - axiom cmp_lt_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord3] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) - - function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_A'0) (o : t_A'0) : bool - - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_A'0) (y : t_A'0) : () - - axiom cmp_le_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord2] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) - - function cmp_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_B'0) (other : t_B'0) : t_Ordering'0 - - - function eq_cmp'2 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_B'0) (y : t_B'0) : () - - axiom eq_cmp'2_spec : forall x : t_B'0, y : t_B'0 . [%#sord14] (x = y) = (cmp_log'2 x y = C_Equal'0) - - function antisym2'1 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_B'0) (y : t_B'0) : () - - axiom antisym2'1_spec : forall x : t_B'0, y : t_B'0 . ([%#sord12] cmp_log'2 x y = C_Greater'0) - -> ([%#sord13] cmp_log'2 y x = C_Less'0) - - function antisym1'1 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_B'0) (y : t_B'0) : () - - axiom antisym1'1_spec : forall x : t_B'0, y : t_B'0 . ([%#sord10] cmp_log'2 x y = C_Less'0) - -> ([%#sord11] cmp_log'2 y x = C_Greater'0) - - function trans'1 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_B'0) (y : t_B'0) (z : t_B'0) (o : t_Ordering'0) : () - - - axiom trans'1_spec : forall x : t_B'0, y : t_B'0, z : t_B'0, o : t_Ordering'0 . ([%#sord7] cmp_log'2 x y = o) - -> ([%#sord8] cmp_log'2 y z = o) -> ([%#sord9] cmp_log'2 x z = o) - - function refl'1 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_B'0) : () + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_T'0) : () - axiom refl'1_spec : forall x : t_B'0 . [%#sord6] cmp_log'2 x x = C_Equal'0 + axiom refl'0_spec : forall x : t_T'0 . [%#sord6] cmp_log'1 x x = C_Equal'0 - function gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_B'0) (o : t_B'0) : bool + function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_T'0) (o : t_T'0) : bool - function cmp_gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_B'0) (y : t_B'0) : () + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_T'0) (y : t_T'0) : () - axiom cmp_gt_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord5] gt_log'1 x y = (cmp_log'2 x y = C_Greater'0) + axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) - function ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_B'0) (o : t_B'0) : bool + function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_T'0) (o : t_T'0) : bool - function cmp_ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_B'0) (y : t_B'0) : () + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_T'0) (y : t_T'0) : () - axiom cmp_ge_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord4] ge_log'1 x y = (cmp_log'2 x y <> C_Less'0) + axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) - function lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_B'0) (o : t_B'0) : bool + function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_T'0) (o : t_T'0) : bool - function cmp_lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_B'0) (y : t_B'0) : () + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_T'0) (y : t_T'0) : () - axiom cmp_lt_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord3] lt_log'1 x y = (cmp_log'2 x y = C_Less'0) + axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord3] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) - function le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_B'0) (o : t_B'0) : bool + function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_T'0) (o : t_T'0) : bool - function cmp_le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_B'0) (y : t_B'0) : () + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_T'0) (y : t_T'0) : () - axiom cmp_le_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord2] le_log'1 x y = (cmp_log'2 x y <> C_Greater'0) + axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord2] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 262 4 262 41] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/std/option.rs" 436 4 436 41] (self : t_Option'0) (o : t_Option'0) : t_Ordering'0 = - [%#sord1] let r = cmp_log'1 (let (a, _) = self in a) (let (a, _) = o in a) in if r = C_Equal'0 then - cmp_log'2 (let (_, a) = self in a) (let (_, a) = o in a) - else - r - + [%#soption1] match (self, o) with + | (C_None'0, C_None'0) -> C_Equal'0 + | (C_None'0, C_Some'0 _) -> C_Less'0 + | (C_Some'0 _, C_None'0) -> C_Greater'0 + | (C_Some'0 x, C_Some'0 y) -> cmp_log'1 x y + end - goal refines : [%#sord0] forall x : (t_A'0, t_B'0) . forall y : (t_A'0, t_B'0) . forall result : () . (x = y) + goal refines : [%#sord0] forall x : t_Option'0 . forall y : t_Option'0 . forall result : () . (x = y) = (cmp_log'0 x y = C_Equal'0) -> (x = y) = (cmp_log'0 x y = C_Equal'0) end -module M_creusot_contracts__logic__ord__qyi1910662420989811789__cmp_le_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39] (* <(A, B) as logic::ord::OrdLogic> *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 276 20 276 68 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 263 8 270 11 +module M_creusot_contracts__stdqy35z1__option__qyi10751279649878241649__cmp_lt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39] (* as logic::ord::OrdLogic> *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 36 20 36 53 + let%span soption2 = "../../../creusot-contracts/src/std/option.rs" 437 8 442 9 let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 @@ -19319,139 +18932,181 @@ module M_creusot_contracts__logic__ord__qyi1910662420989811789__cmp_le_log__refi let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 - type t_A'0 + type t_T'0 - type t_B'0 + type t_Option'0 = + | C_None'0 + | C_Some'0 t_T'0 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_B'0) (other : t_B'0) : t_Ordering'0 + function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_T'0) (other : t_T'0) : t_Ordering'0 - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_B'0) (y : t_B'0) : () + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_T'0) (y : t_T'0) : () - axiom eq_cmp'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord15] (x = y) = (cmp_log'2 x y = C_Equal'0) + axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord15] (x = y) = (cmp_log'1 x y = C_Equal'0) - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_B'0) (y : t_B'0) : () + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_T'0) (y : t_T'0) : () - axiom antisym2'0_spec : forall x : t_B'0, y : t_B'0 . ([%#sord13] cmp_log'2 x y = C_Greater'0) - -> ([%#sord14] cmp_log'2 y x = C_Less'0) + axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord13] cmp_log'1 x y = C_Greater'0) + -> ([%#sord14] cmp_log'1 y x = C_Less'0) - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_B'0) (y : t_B'0) : () + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_T'0) (y : t_T'0) : () - axiom antisym1'0_spec : forall x : t_B'0, y : t_B'0 . ([%#sord11] cmp_log'2 x y = C_Less'0) - -> ([%#sord12] cmp_log'2 y x = C_Greater'0) + axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord11] cmp_log'1 x y = C_Less'0) + -> ([%#sord12] cmp_log'1 y x = C_Greater'0) - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_B'0) (y : t_B'0) (z : t_B'0) (o : t_Ordering'0) : () + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () - axiom trans'0_spec : forall x : t_B'0, y : t_B'0, z : t_B'0, o : t_Ordering'0 . ([%#sord8] cmp_log'2 x y = o) - -> ([%#sord9] cmp_log'2 y z = o) -> ([%#sord10] cmp_log'2 x z = o) + axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord8] cmp_log'1 x y = o) + -> ([%#sord9] cmp_log'1 y z = o) -> ([%#sord10] cmp_log'1 x z = o) - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_B'0) : () + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_T'0) : () - axiom refl'0_spec : forall x : t_B'0 . [%#sord7] cmp_log'2 x x = C_Equal'0 + axiom refl'0_spec : forall x : t_T'0 . [%#sord7] cmp_log'1 x x = C_Equal'0 - function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_B'0) (o : t_B'0) : bool + function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_T'0) (o : t_T'0) : bool - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_B'0) (y : t_B'0) : () + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_T'0) (y : t_T'0) : () - axiom cmp_gt_log'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord6] gt_log'0 x y = (cmp_log'2 x y = C_Greater'0) + axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord6] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) - function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_B'0) (o : t_B'0) : bool + function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_T'0) (o : t_T'0) : bool - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_B'0) (y : t_B'0) : () + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_T'0) (y : t_T'0) : () - axiom cmp_ge_log'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord5] ge_log'0 x y = (cmp_log'2 x y <> C_Less'0) + axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) - function lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_B'0) (o : t_B'0) : bool + function lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_T'0) (o : t_T'0) : bool - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_B'0) (y : t_B'0) : () + function cmp_lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_T'0) (y : t_T'0) : () - axiom cmp_lt_log'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord4] lt_log'1 x y = (cmp_log'2 x y = C_Less'0) + axiom cmp_lt_log'1_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] lt_log'1 x y = (cmp_log'1 x y = C_Less'0) - function le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_B'0) (o : t_B'0) : bool + function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_T'0) (o : t_T'0) : bool - function cmp_le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_B'0) (y : t_B'0) : () + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_T'0) (y : t_T'0) : () - axiom cmp_le_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord3] le_log'1 x y = (cmp_log'2 x y <> C_Greater'0) + axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord3] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) - function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_A'0) (other : t_A'0) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/std/option.rs" 436 4 436 41] (self : t_Option'0) (o : t_Option'0) : t_Ordering'0 + = + [%#soption2] match (self, o) with + | (C_None'0, C_None'0) -> C_Equal'0 + | (C_None'0, C_Some'0 _) -> C_Less'0 + | (C_Some'0 _, C_None'0) -> C_Greater'0 + | (C_Some'0 x, C_Some'0 y) -> cmp_log'1 x y + end - function eq_cmp'1 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_A'0) (y : t_A'0) : () - - axiom eq_cmp'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord15] (x = y) = (cmp_log'1 x y = C_Equal'0) + function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_Option'0) (o : t_Option'0) : bool + + = + [%#sord1] cmp_log'0 self o = C_Less'0 - function antisym2'1 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_A'0) (y : t_A'0) : () + goal refines : [%#sord0] forall x : t_Option'0 . forall y : t_Option'0 . forall result : () . lt_log'0 x y + = (cmp_log'0 x y = C_Less'0) -> lt_log'0 x y = (cmp_log'0 x y = C_Less'0) +end +module M_creusot_contracts__stdqy35z1__option__qyi10751279649878241649__antisym2__refines [#"../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37] (* as logic::ord::OrdLogic> *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37 + let%span soption1 = "../../../creusot-contracts/src/std/option.rs" 437 8 442 9 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 + let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 + let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 + let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 + let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 + let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 + let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 + let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 + let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 + let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 + let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 - axiom antisym2'1_spec : forall x : t_A'0, y : t_A'0 . ([%#sord13] cmp_log'1 x y = C_Greater'0) - -> ([%#sord14] cmp_log'1 y x = C_Less'0) + type t_T'0 - function antisym1'1 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_A'0) (y : t_A'0) : () + type t_Option'0 = + | C_None'0 + | C_Some'0 t_T'0 - axiom antisym1'1_spec : forall x : t_A'0, y : t_A'0 . ([%#sord11] cmp_log'1 x y = C_Less'0) - -> ([%#sord12] cmp_log'1 y x = C_Greater'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function trans'1 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_A'0) (y : t_A'0) (z : t_A'0) (o : t_Ordering'0) : () + function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_T'0) (other : t_T'0) : t_Ordering'0 - axiom trans'1_spec : forall x : t_A'0, y : t_A'0, z : t_A'0, o : t_Ordering'0 . ([%#sord8] cmp_log'1 x y = o) - -> ([%#sord9] cmp_log'1 y z = o) -> ([%#sord10] cmp_log'1 x z = o) + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_T'0) (y : t_T'0) : () - function refl'1 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_A'0) : () + axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord14] (x = y) = (cmp_log'1 x y = C_Equal'0) - axiom refl'1_spec : forall x : t_A'0 . [%#sord7] cmp_log'1 x x = C_Equal'0 + function antisym2'1 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_T'0) (y : t_T'0) : () - function gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_A'0) (o : t_A'0) : bool + axiom antisym2'1_spec : forall x : t_T'0, y : t_T'0 . ([%#sord12] cmp_log'1 x y = C_Greater'0) + -> ([%#sord13] cmp_log'1 y x = C_Less'0) - function cmp_gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_A'0) (y : t_A'0) : () + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_T'0) (y : t_T'0) : () - axiom cmp_gt_log'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord6] gt_log'1 x y = (cmp_log'1 x y = C_Greater'0) + axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord10] cmp_log'1 x y = C_Less'0) + -> ([%#sord11] cmp_log'1 y x = C_Greater'0) - function ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_A'0) (o : t_A'0) : bool + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () + - function cmp_ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_A'0) (y : t_A'0) : () + axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord7] cmp_log'1 x y = o) + -> ([%#sord8] cmp_log'1 y z = o) -> ([%#sord9] cmp_log'1 x z = o) - axiom cmp_ge_log'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord5] ge_log'1 x y = (cmp_log'1 x y <> C_Less'0) + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_T'0) : () - function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_A'0) (o : t_A'0) : bool + axiom refl'0_spec : forall x : t_T'0 . [%#sord6] cmp_log'1 x x = C_Equal'0 - function cmp_lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_A'0) (y : t_A'0) : () + function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_T'0) (o : t_T'0) : bool - axiom cmp_lt_log'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord4] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_T'0) (y : t_T'0) : () - function le_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_A'0) (o : t_A'0) : bool + axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) - function cmp_le_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_A'0) (y : t_A'0) : () + function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_T'0) (o : t_T'0) : bool - axiom cmp_le_log'2_spec : forall x : t_A'0, y : t_A'0 . [%#sord3] le_log'2 x y = (cmp_log'1 x y <> C_Greater'0) + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_T'0) (y : t_T'0) : () - function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 275 4 275 36] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : bool - - = - [%#sord1] (let (a, _) = self in a) = (let (a, _) = o in a) - /\ le_log'1 (let (_, a) = self in a) (let (_, a) = o in a) - \/ lt_log'0 (let (a, _) = self in a) (let (a, _) = o in a) + axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 262 4 262 41] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : t_Ordering'0 + function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_T'0) (o : t_T'0) : bool + + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_T'0) (y : t_T'0) : () + + axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord3] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) + + function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_T'0) (o : t_T'0) : bool + + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_T'0) (y : t_T'0) : () + + axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord2] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) + + function cmp_log'0 [#"../../../creusot-contracts/src/std/option.rs" 436 4 436 41] (self : t_Option'0) (o : t_Option'0) : t_Ordering'0 = - [%#sord2] let r = cmp_log'1 (let (a, _) = self in a) (let (a, _) = o in a) in if r = C_Equal'0 then - cmp_log'2 (let (_, a) = self in a) (let (_, a) = o in a) - else - r - + [%#soption1] match (self, o) with + | (C_None'0, C_None'0) -> C_Equal'0 + | (C_None'0, C_Some'0 _) -> C_Less'0 + | (C_Some'0 _, C_None'0) -> C_Greater'0 + | (C_Some'0 x, C_Some'0 y) -> cmp_log'1 x y + end - goal refines : [%#sord0] forall x : (t_A'0, t_B'0) . forall y : (t_A'0, t_B'0) . forall result : () . le_log'0 x y - = (cmp_log'0 x y <> C_Greater'0) -> le_log'0 x y = (cmp_log'0 x y <> C_Greater'0) + goal refines : [%#sord0] forall x : t_Option'0 . forall y : t_Option'0 . cmp_log'0 x y = C_Greater'0 + -> cmp_log'0 x y = C_Greater'0 /\ (forall result : () . cmp_log'0 y x = C_Less'0 -> cmp_log'0 y x = C_Less'0) end -module M_creusot_contracts__logic__ord__qyi1910662420989811789__refl__refines [#"../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24] (* <(A, B) as logic::ord::OrdLogic> *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 263 8 270 11 +module M_creusot_contracts__stdqy35z1__option__qyi10751279649878241649__antisym1__refines [#"../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37] (* as logic::ord::OrdLogic> *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37 + let%span soption1 = "../../../creusot-contracts/src/std/option.rs" 437 8 442 9 let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 @@ -19466,132 +19121,176 @@ module M_creusot_contracts__logic__ord__qyi1910662420989811789__refl__refines [# let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 - type t_A'0 + type t_T'0 - type t_B'0 + type t_Option'0 = + | C_None'0 + | C_Some'0 t_T'0 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_A'0) (other : t_A'0) : t_Ordering'0 + function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_T'0) (other : t_T'0) : t_Ordering'0 - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_A'0) (y : t_A'0) : () + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_T'0) (y : t_T'0) : () - axiom eq_cmp'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord14] (x = y) = (cmp_log'1 x y = C_Equal'0) + axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord14] (x = y) = (cmp_log'1 x y = C_Equal'0) - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_A'0) (y : t_A'0) : () + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_T'0) (y : t_T'0) : () - axiom antisym2'0_spec : forall x : t_A'0, y : t_A'0 . ([%#sord12] cmp_log'1 x y = C_Greater'0) + axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord12] cmp_log'1 x y = C_Greater'0) -> ([%#sord13] cmp_log'1 y x = C_Less'0) - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_A'0) (y : t_A'0) : () + function antisym1'1 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_T'0) (y : t_T'0) : () - axiom antisym1'0_spec : forall x : t_A'0, y : t_A'0 . ([%#sord10] cmp_log'1 x y = C_Less'0) + axiom antisym1'1_spec : forall x : t_T'0, y : t_T'0 . ([%#sord10] cmp_log'1 x y = C_Less'0) -> ([%#sord11] cmp_log'1 y x = C_Greater'0) - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_A'0) (y : t_A'0) (z : t_A'0) (o : t_Ordering'0) : () + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () - axiom trans'0_spec : forall x : t_A'0, y : t_A'0, z : t_A'0, o : t_Ordering'0 . ([%#sord7] cmp_log'1 x y = o) + axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord7] cmp_log'1 x y = o) -> ([%#sord8] cmp_log'1 y z = o) -> ([%#sord9] cmp_log'1 x z = o) - function refl'1 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_A'0) : () + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_T'0) : () - axiom refl'1_spec : forall x : t_A'0 . [%#sord6] cmp_log'1 x x = C_Equal'0 + axiom refl'0_spec : forall x : t_T'0 . [%#sord6] cmp_log'1 x x = C_Equal'0 - function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_A'0) (o : t_A'0) : bool + function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_T'0) (o : t_T'0) : bool - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_A'0) (y : t_A'0) : () + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_T'0) (y : t_T'0) : () - axiom cmp_gt_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord5] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) + axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) - function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_A'0) (o : t_A'0) : bool + function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_T'0) (o : t_T'0) : bool - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_A'0) (y : t_A'0) : () + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_T'0) (y : t_T'0) : () - axiom cmp_ge_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord4] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) + axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) - function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_A'0) (o : t_A'0) : bool + function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_T'0) (o : t_T'0) : bool - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_A'0) (y : t_A'0) : () + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_T'0) (y : t_T'0) : () - axiom cmp_lt_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord3] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) + axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord3] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) - function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_A'0) (o : t_A'0) : bool + function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_T'0) (o : t_T'0) : bool - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_A'0) (y : t_A'0) : () + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_T'0) (y : t_T'0) : () - axiom cmp_le_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord2] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) + axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord2] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) - function cmp_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_B'0) (other : t_B'0) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/std/option.rs" 436 4 436 41] (self : t_Option'0) (o : t_Option'0) : t_Ordering'0 + = + [%#soption1] match (self, o) with + | (C_None'0, C_None'0) -> C_Equal'0 + | (C_None'0, C_Some'0 _) -> C_Less'0 + | (C_Some'0 _, C_None'0) -> C_Greater'0 + | (C_Some'0 x, C_Some'0 y) -> cmp_log'1 x y + end - function eq_cmp'1 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_B'0) (y : t_B'0) : () + goal refines : [%#sord0] forall x : t_Option'0 . forall y : t_Option'0 . cmp_log'0 x y = C_Less'0 + -> cmp_log'0 x y = C_Less'0 /\ (forall result : () . cmp_log'0 y x = C_Greater'0 -> cmp_log'0 y x = C_Greater'0) +end +module M_creusot_contracts__stdqy35z1__option__qyi10751279649878241649__refl__refines [#"../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24] (* as logic::ord::OrdLogic> *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24 + let%span soption1 = "../../../creusot-contracts/src/std/option.rs" 437 8 442 9 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 + let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 + let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 + let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 + let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 + let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 + let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 + let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 + let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 + let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 + let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 - axiom eq_cmp'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord14] (x = y) = (cmp_log'2 x y = C_Equal'0) + type t_T'0 - function antisym2'1 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_B'0) (y : t_B'0) : () + type t_Option'0 = + | C_None'0 + | C_Some'0 t_T'0 - axiom antisym2'1_spec : forall x : t_B'0, y : t_B'0 . ([%#sord12] cmp_log'2 x y = C_Greater'0) - -> ([%#sord13] cmp_log'2 y x = C_Less'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function antisym1'1 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_B'0) (y : t_B'0) : () + function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_T'0) (other : t_T'0) : t_Ordering'0 + - axiom antisym1'1_spec : forall x : t_B'0, y : t_B'0 . ([%#sord10] cmp_log'2 x y = C_Less'0) - -> ([%#sord11] cmp_log'2 y x = C_Greater'0) + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_T'0) (y : t_T'0) : () - function trans'1 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_B'0) (y : t_B'0) (z : t_B'0) (o : t_Ordering'0) : () + axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord14] (x = y) = (cmp_log'1 x y = C_Equal'0) + + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_T'0) (y : t_T'0) : () + + axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord12] cmp_log'1 x y = C_Greater'0) + -> ([%#sord13] cmp_log'1 y x = C_Less'0) + + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_T'0) (y : t_T'0) : () + + axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord10] cmp_log'1 x y = C_Less'0) + -> ([%#sord11] cmp_log'1 y x = C_Greater'0) + + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () - axiom trans'1_spec : forall x : t_B'0, y : t_B'0, z : t_B'0, o : t_Ordering'0 . ([%#sord7] cmp_log'2 x y = o) - -> ([%#sord8] cmp_log'2 y z = o) -> ([%#sord9] cmp_log'2 x z = o) + axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord7] cmp_log'1 x y = o) + -> ([%#sord8] cmp_log'1 y z = o) -> ([%#sord9] cmp_log'1 x z = o) - function refl'2 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_B'0) : () + function refl'1 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_T'0) : () - axiom refl'2_spec : forall x : t_B'0 . [%#sord6] cmp_log'2 x x = C_Equal'0 + axiom refl'1_spec : forall x : t_T'0 . [%#sord6] cmp_log'1 x x = C_Equal'0 - function gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_B'0) (o : t_B'0) : bool + function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_T'0) (o : t_T'0) : bool - function cmp_gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_B'0) (y : t_B'0) : () + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_T'0) (y : t_T'0) : () - axiom cmp_gt_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord5] gt_log'1 x y = (cmp_log'2 x y = C_Greater'0) + axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) - function ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_B'0) (o : t_B'0) : bool + function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_T'0) (o : t_T'0) : bool - function cmp_ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_B'0) (y : t_B'0) : () + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_T'0) (y : t_T'0) : () - axiom cmp_ge_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord4] ge_log'1 x y = (cmp_log'2 x y <> C_Less'0) + axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) - function lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_B'0) (o : t_B'0) : bool + function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_T'0) (o : t_T'0) : bool - function cmp_lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_B'0) (y : t_B'0) : () + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_T'0) (y : t_T'0) : () - axiom cmp_lt_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord3] lt_log'1 x y = (cmp_log'2 x y = C_Less'0) + axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord3] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) - function le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_B'0) (o : t_B'0) : bool + function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_T'0) (o : t_T'0) : bool - function cmp_le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_B'0) (y : t_B'0) : () + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_T'0) (y : t_T'0) : () - axiom cmp_le_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord2] le_log'1 x y = (cmp_log'2 x y <> C_Greater'0) + axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord2] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 262 4 262 41] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/std/option.rs" 436 4 436 41] (self : t_Option'0) (o : t_Option'0) : t_Ordering'0 = - [%#sord1] let r = cmp_log'1 (let (a, _) = self in a) (let (a, _) = o in a) in if r = C_Equal'0 then - cmp_log'2 (let (_, a) = self in a) (let (_, a) = o in a) - else - r - + [%#soption1] match (self, o) with + | (C_None'0, C_None'0) -> C_Equal'0 + | (C_None'0, C_Some'0 _) -> C_Less'0 + | (C_Some'0 _, C_None'0) -> C_Greater'0 + | (C_Some'0 x, C_Some'0 y) -> cmp_log'1 x y + end - goal refines : [%#sord0] forall x : (t_A'0, t_B'0) . forall result : () . cmp_log'0 x x = C_Equal'0 + goal refines : [%#sord0] forall x : t_Option'0 . forall result : () . cmp_log'0 x x = C_Equal'0 -> cmp_log'0 x x = C_Equal'0 end -module M_creusot_contracts__logic__ord__qyi1910662420989811789__trans__refines [#"../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56] (* <(A, B) as logic::ord::OrdLogic> *) +module M_creusot_contracts__stdqy35z1__option__qyi10751279649878241649__trans__refines [#"../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56] (* as logic::ord::OrdLogic> *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 263 8 270 11 + let%span soption1 = "../../../creusot-contracts/src/std/option.rs" 437 8 442 9 let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 @@ -19606,4521 +19305,5178 @@ module M_creusot_contracts__logic__ord__qyi1910662420989811789__trans__refines [ let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 - type t_A'0 + type t_T'0 - type t_B'0 + type t_Option'0 = + | C_None'0 + | C_Some'0 t_T'0 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_A'0) (other : t_A'0) : t_Ordering'0 + function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_T'0) (other : t_T'0) : t_Ordering'0 - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_A'0) (y : t_A'0) : () + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_T'0) (y : t_T'0) : () - axiom eq_cmp'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord14] (x = y) = (cmp_log'1 x y = C_Equal'0) + axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord14] (x = y) = (cmp_log'1 x y = C_Equal'0) - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_A'0) (y : t_A'0) : () + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_T'0) (y : t_T'0) : () - axiom antisym2'0_spec : forall x : t_A'0, y : t_A'0 . ([%#sord12] cmp_log'1 x y = C_Greater'0) + axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord12] cmp_log'1 x y = C_Greater'0) -> ([%#sord13] cmp_log'1 y x = C_Less'0) - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_A'0) (y : t_A'0) : () + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_T'0) (y : t_T'0) : () - axiom antisym1'0_spec : forall x : t_A'0, y : t_A'0 . ([%#sord10] cmp_log'1 x y = C_Less'0) + axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord10] cmp_log'1 x y = C_Less'0) -> ([%#sord11] cmp_log'1 y x = C_Greater'0) - function trans'1 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_A'0) (y : t_A'0) (z : t_A'0) (o : t_Ordering'0) : () + function trans'1 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () - axiom trans'1_spec : forall x : t_A'0, y : t_A'0, z : t_A'0, o : t_Ordering'0 . ([%#sord7] cmp_log'1 x y = o) + axiom trans'1_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord7] cmp_log'1 x y = o) -> ([%#sord8] cmp_log'1 y z = o) -> ([%#sord9] cmp_log'1 x z = o) - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_A'0) : () + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_T'0) : () - axiom refl'0_spec : forall x : t_A'0 . [%#sord6] cmp_log'1 x x = C_Equal'0 + axiom refl'0_spec : forall x : t_T'0 . [%#sord6] cmp_log'1 x x = C_Equal'0 - function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_A'0) (o : t_A'0) : bool + function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_T'0) (o : t_T'0) : bool - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_A'0) (y : t_A'0) : () + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_T'0) (y : t_T'0) : () - axiom cmp_gt_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord5] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) + axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) - function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_A'0) (o : t_A'0) : bool + function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_T'0) (o : t_T'0) : bool - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_A'0) (y : t_A'0) : () + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_T'0) (y : t_T'0) : () - axiom cmp_ge_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord4] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) + axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) - function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_A'0) (o : t_A'0) : bool + function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_T'0) (o : t_T'0) : bool - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_A'0) (y : t_A'0) : () + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_T'0) (y : t_T'0) : () - axiom cmp_lt_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord3] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) + axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord3] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) - function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_A'0) (o : t_A'0) : bool + function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_T'0) (o : t_T'0) : bool - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_A'0) (y : t_A'0) : () + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_T'0) (y : t_T'0) : () - axiom cmp_le_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord2] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) + axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord2] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) - function cmp_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_B'0) (other : t_B'0) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/std/option.rs" 436 4 436 41] (self : t_Option'0) (o : t_Option'0) : t_Ordering'0 + = + [%#soption1] match (self, o) with + | (C_None'0, C_None'0) -> C_Equal'0 + | (C_None'0, C_Some'0 _) -> C_Less'0 + | (C_Some'0 _, C_None'0) -> C_Greater'0 + | (C_Some'0 x, C_Some'0 y) -> cmp_log'1 x y + end - function eq_cmp'1 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_B'0) (y : t_B'0) : () - - axiom eq_cmp'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord14] (x = y) = (cmp_log'2 x y = C_Equal'0) + goal refines : [%#sord0] forall x : t_Option'0 . forall y : t_Option'0 . forall z : t_Option'0 . forall o : t_Ordering'0 . cmp_log'0 y z + = o + /\ cmp_log'0 x y = o + -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) +end +module M_creusot_contracts__num_rational__qyi7156484438548626841__cmp_le_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39 + let%span snum_rational1 = "../../../creusot-contracts/src/num_rational.rs" 29 4 29 12 - function antisym2'1 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_B'0) (y : t_B'0) : () + use prelude.prelude.Real - axiom antisym2'1_spec : forall x : t_B'0, y : t_B'0 . ([%#sord12] cmp_log'2 x y = C_Greater'0) - -> ([%#sord13] cmp_log'2 y x = C_Less'0) + use prelude.prelude.Real - function antisym1'1 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_B'0) (y : t_B'0) : () + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - axiom antisym1'1_spec : forall x : t_B'0, y : t_B'0 . ([%#sord10] cmp_log'2 x y = C_Less'0) - -> ([%#sord11] cmp_log'2 y x = C_Greater'0) + use prelude.prelude.Real - function trans'2 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_B'0) (y : t_B'0) (z : t_B'0) (o : t_Ordering'0) : () + function cmp_log'0 [#"../../../creusot-contracts/src/num_rational.rs" 31 4 31 41] (self : Real.real) (o : Real.real) : t_Ordering'0 + = + [%#snum_rational1] if Real.(<) self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - axiom trans'2_spec : forall x : t_B'0, y : t_B'0, z : t_B'0, o : t_Ordering'0 . ([%#sord7] cmp_log'2 x y = o) - -> ([%#sord8] cmp_log'2 y z = o) -> ([%#sord9] cmp_log'2 x z = o) + goal refines : [%#sord0] forall x : Real.real . forall y : Real.real . forall result : () . Real.(<=) x y + = (cmp_log'0 x y <> C_Greater'0) -> Real.(<=) x y = (cmp_log'0 x y <> C_Greater'0) +end +module M_creusot_contracts__num_rational__qyi7156484438548626841__eq_cmp__refines [#"../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35 + let%span snum_rational1 = "../../../creusot-contracts/src/num_rational.rs" 29 4 29 12 - function refl'1 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_B'0) : () + use prelude.prelude.Real - axiom refl'1_spec : forall x : t_B'0 . [%#sord6] cmp_log'2 x x = C_Equal'0 + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_B'0) (o : t_B'0) : bool + use prelude.prelude.Real - function cmp_gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_B'0) (y : t_B'0) : () + function cmp_log'0 [#"../../../creusot-contracts/src/num_rational.rs" 31 4 31 41] (self : Real.real) (o : Real.real) : t_Ordering'0 + + = + [%#snum_rational1] if Real.(<) self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - axiom cmp_gt_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord5] gt_log'1 x y = (cmp_log'2 x y = C_Greater'0) + goal refines : [%#sord0] forall x : Real.real . forall y : Real.real . forall result : () . (x = y) + = (cmp_log'0 x y = C_Equal'0) -> (x = y) = (cmp_log'0 x y = C_Equal'0) +end +module M_creusot_contracts__num_rational__qyi7156484438548626841__cmp_lt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39 + let%span snum_rational1 = "../../../creusot-contracts/src/num_rational.rs" 29 4 29 12 - function ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_B'0) (o : t_B'0) : bool + use prelude.prelude.Real - function cmp_ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_B'0) (y : t_B'0) : () + use prelude.prelude.Real - axiom cmp_ge_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord4] ge_log'1 x y = (cmp_log'2 x y <> C_Less'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_B'0) (o : t_B'0) : bool + function cmp_log'0 [#"../../../creusot-contracts/src/num_rational.rs" 31 4 31 41] (self : Real.real) (o : Real.real) : t_Ordering'0 + + = + [%#snum_rational1] if Real.(<) self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - function cmp_lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_B'0) (y : t_B'0) : () + goal refines : [%#sord0] forall x : Real.real . forall y : Real.real . forall result : () . Real.(<) x y + = (cmp_log'0 x y = C_Less'0) -> Real.(<) x y = (cmp_log'0 x y = C_Less'0) +end +module M_creusot_contracts__num_rational__qyi7156484438548626841__cmp_ge_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39 + let%span snum_rational1 = "../../../creusot-contracts/src/num_rational.rs" 29 4 29 12 - axiom cmp_lt_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord3] lt_log'1 x y = (cmp_log'2 x y = C_Less'0) + use prelude.prelude.Real - function le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_B'0) (o : t_B'0) : bool + use prelude.prelude.Real - function cmp_le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_B'0) (y : t_B'0) : () + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - axiom cmp_le_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord2] le_log'1 x y = (cmp_log'2 x y <> C_Greater'0) + use prelude.prelude.Real - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 262 4 262 41] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/num_rational.rs" 31 4 31 41] (self : Real.real) (o : Real.real) : t_Ordering'0 = - [%#sord1] let r = cmp_log'1 (let (a, _) = self in a) (let (a, _) = o in a) in if r = C_Equal'0 then - cmp_log'2 (let (_, a) = self in a) (let (_, a) = o in a) - else - r - + [%#snum_rational1] if Real.(<) self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : (t_A'0, t_B'0) . forall y : (t_A'0, t_B'0) . forall z : (t_A'0, t_B'0) . forall o : t_Ordering'0 . cmp_log'0 y z - = o - /\ cmp_log'0 x y = o - -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) + goal refines : [%#sord0] forall x : Real.real . forall y : Real.real . forall result : () . Real.(>=) x y + = (cmp_log'0 x y <> C_Less'0) -> Real.(>=) x y = (cmp_log'0 x y <> C_Less'0) end -module M_creusot_contracts__logic__ord__qyi1910662420989811789__cmp_lt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39] (* <(A, B) as logic::ord::OrdLogic> *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 282 20 282 67 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 263 8 270 11 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 - let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 - let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 - let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 - let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 - let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 - let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 - let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 - let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 - let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 - let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 - let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 +module M_creusot_contracts__num_rational__qyi7156484438548626841__cmp_gt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39 + let%span snum_rational1 = "../../../creusot-contracts/src/num_rational.rs" 29 4 29 12 - type t_A'0 + use prelude.prelude.Real - type t_B'0 + use prelude.prelude.Real type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_B'0) (other : t_B'0) : t_Ordering'0 - - - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_B'0) (y : t_B'0) : () + use prelude.prelude.Real - axiom eq_cmp'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord15] (x = y) = (cmp_log'2 x y = C_Equal'0) + function cmp_log'0 [#"../../../creusot-contracts/src/num_rational.rs" 31 4 31 41] (self : Real.real) (o : Real.real) : t_Ordering'0 + + = + [%#snum_rational1] if Real.(<) self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_B'0) (y : t_B'0) : () + goal refines : [%#sord0] forall x : Real.real . forall y : Real.real . forall result : () . Real.(>) x y + = (cmp_log'0 x y = C_Greater'0) -> Real.(>) x y = (cmp_log'0 x y = C_Greater'0) +end +module M_creusot_contracts__num_rational__qyi7156484438548626841__antisym2__refines [#"../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37 + let%span snum_rational1 = "../../../creusot-contracts/src/num_rational.rs" 29 4 29 12 - axiom antisym2'0_spec : forall x : t_B'0, y : t_B'0 . ([%#sord13] cmp_log'2 x y = C_Greater'0) - -> ([%#sord14] cmp_log'2 y x = C_Less'0) + use prelude.prelude.Real - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_B'0) (y : t_B'0) : () + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - axiom antisym1'0_spec : forall x : t_B'0, y : t_B'0 . ([%#sord11] cmp_log'2 x y = C_Less'0) - -> ([%#sord12] cmp_log'2 y x = C_Greater'0) + use prelude.prelude.Real - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_B'0) (y : t_B'0) (z : t_B'0) (o : t_Ordering'0) : () + function cmp_log'0 [#"../../../creusot-contracts/src/num_rational.rs" 31 4 31 41] (self : Real.real) (o : Real.real) : t_Ordering'0 + = + [%#snum_rational1] if Real.(<) self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - axiom trans'0_spec : forall x : t_B'0, y : t_B'0, z : t_B'0, o : t_Ordering'0 . ([%#sord8] cmp_log'2 x y = o) - -> ([%#sord9] cmp_log'2 y z = o) -> ([%#sord10] cmp_log'2 x z = o) + goal refines : [%#sord0] forall x : Real.real . forall y : Real.real . cmp_log'0 x y = C_Greater'0 + -> cmp_log'0 x y = C_Greater'0 /\ (forall result : () . cmp_log'0 y x = C_Less'0 -> cmp_log'0 y x = C_Less'0) +end +module M_creusot_contracts__num_rational__qyi7156484438548626841__trans__refines [#"../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56 + let%span snum_rational1 = "../../../creusot-contracts/src/num_rational.rs" 29 4 29 12 - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_B'0) : () + use prelude.prelude.Real - axiom refl'0_spec : forall x : t_B'0 . [%#sord7] cmp_log'2 x x = C_Equal'0 + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_B'0) (o : t_B'0) : bool + use prelude.prelude.Real - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_B'0) (y : t_B'0) : () + function cmp_log'0 [#"../../../creusot-contracts/src/num_rational.rs" 31 4 31 41] (self : Real.real) (o : Real.real) : t_Ordering'0 + + = + [%#snum_rational1] if Real.(<) self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - axiom cmp_gt_log'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord6] gt_log'0 x y = (cmp_log'2 x y = C_Greater'0) + goal refines : [%#sord0] forall x : Real.real . forall y : Real.real . forall z : Real.real . forall o : t_Ordering'0 . cmp_log'0 y z + = o + /\ cmp_log'0 x y = o + -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) +end +module M_creusot_contracts__num_rational__qyi7156484438548626841__antisym1__refines [#"../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37 + let%span snum_rational1 = "../../../creusot-contracts/src/num_rational.rs" 29 4 29 12 - function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_B'0) (o : t_B'0) : bool + use prelude.prelude.Real - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_B'0) (y : t_B'0) : () + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - axiom cmp_ge_log'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord5] ge_log'0 x y = (cmp_log'2 x y <> C_Less'0) + use prelude.prelude.Real - function lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_B'0) (o : t_B'0) : bool + function cmp_log'0 [#"../../../creusot-contracts/src/num_rational.rs" 31 4 31 41] (self : Real.real) (o : Real.real) : t_Ordering'0 + + = + [%#snum_rational1] if Real.(<) self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - function cmp_lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_B'0) (y : t_B'0) : () + goal refines : [%#sord0] forall x : Real.real . forall y : Real.real . cmp_log'0 x y = C_Less'0 + -> cmp_log'0 x y = C_Less'0 /\ (forall result : () . cmp_log'0 y x = C_Greater'0 -> cmp_log'0 y x = C_Greater'0) +end +module M_creusot_contracts__num_rational__qyi7156484438548626841__refl__refines [#"../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24 + let%span snum_rational1 = "../../../creusot-contracts/src/num_rational.rs" 29 4 29 12 - axiom cmp_lt_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord4] lt_log'1 x y = (cmp_log'2 x y = C_Less'0) - - function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_B'0) (o : t_B'0) : bool + use prelude.prelude.Real - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_B'0) (y : t_B'0) : () + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - axiom cmp_le_log'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord3] le_log'0 x y = (cmp_log'2 x y <> C_Greater'0) + use prelude.prelude.Real - function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_A'0) (other : t_A'0) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/num_rational.rs" 31 4 31 41] (self : Real.real) (o : Real.real) : t_Ordering'0 + = + [%#snum_rational1] if Real.(<) self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - function eq_cmp'1 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_A'0) (y : t_A'0) : () - - axiom eq_cmp'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord15] (x = y) = (cmp_log'1 x y = C_Equal'0) - - function antisym2'1 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_A'0) (y : t_A'0) : () - - axiom antisym2'1_spec : forall x : t_A'0, y : t_A'0 . ([%#sord13] cmp_log'1 x y = C_Greater'0) - -> ([%#sord14] cmp_log'1 y x = C_Less'0) + goal refines : [%#sord0] forall x : Real.real . forall result : () . cmp_log'0 x x = C_Equal'0 + -> cmp_log'0 x x = C_Equal'0 +end +module M_creusot_contracts__logic__ord__qyi8355372356285216375__cmp_ge_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - function antisym1'1 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_A'0) (y : t_A'0) : () + use prelude.prelude.Int - axiom antisym1'1_spec : forall x : t_A'0, y : t_A'0 . ([%#sord11] cmp_log'1 x y = C_Less'0) - -> ([%#sord12] cmp_log'1 y x = C_Greater'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function trans'1 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_A'0) (y : t_A'0) (z : t_A'0) (o : t_Ordering'0) : () + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int) (o : int) : t_Ordering'0 + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - axiom trans'1_spec : forall x : t_A'0, y : t_A'0, z : t_A'0, o : t_Ordering'0 . ([%#sord8] cmp_log'1 x y = o) - -> ([%#sord9] cmp_log'1 y z = o) -> ([%#sord10] cmp_log'1 x z = o) - - function refl'1 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_A'0) : () + goal refines : [%#sord0] forall x : int . forall y : int . forall result : () . (x >= y) = (cmp_log'0 x y <> C_Less'0) + -> (x >= y) = (cmp_log'0 x y <> C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi8355372356285216375__refl__refines [#"../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - axiom refl'1_spec : forall x : t_A'0 . [%#sord7] cmp_log'1 x x = C_Equal'0 + use prelude.prelude.Int - function gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_A'0) (o : t_A'0) : bool + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function cmp_gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_A'0) (y : t_A'0) : () + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int) (o : int) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - axiom cmp_gt_log'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord6] gt_log'1 x y = (cmp_log'1 x y = C_Greater'0) + goal refines : [%#sord0] forall x : int . forall result : () . cmp_log'0 x x = C_Equal'0 -> cmp_log'0 x x = C_Equal'0 +end +module M_creusot_contracts__logic__ord__qyi8355372356285216375__cmp_gt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - function ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_A'0) (o : t_A'0) : bool + use prelude.prelude.Int - function cmp_ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_A'0) (y : t_A'0) : () + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - axiom cmp_ge_log'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord5] ge_log'1 x y = (cmp_log'1 x y <> C_Less'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int) (o : int) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - function lt_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_A'0) (o : t_A'0) : bool + goal refines : [%#sord0] forall x : int . forall y : int . forall result : () . (x > y) + = (cmp_log'0 x y = C_Greater'0) -> (x > y) = (cmp_log'0 x y = C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi8355372356285216375__cmp_lt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - function cmp_lt_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_A'0) (y : t_A'0) : () + use prelude.prelude.Int - axiom cmp_lt_log'2_spec : forall x : t_A'0, y : t_A'0 . [%#sord4] lt_log'2 x y = (cmp_log'1 x y = C_Less'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_A'0) (o : t_A'0) : bool + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int) (o : int) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - function cmp_le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_A'0) (y : t_A'0) : () + goal refines : [%#sord0] forall x : int . forall y : int . forall result : () . (x < y) = (cmp_log'0 x y = C_Less'0) + -> (x < y) = (cmp_log'0 x y = C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi8355372356285216375__eq_cmp__refines [#"../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - axiom cmp_le_log'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord3] le_log'1 x y = (cmp_log'1 x y <> C_Greater'0) + use prelude.prelude.Int - function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 281 4 281 36] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : bool - - = - [%#sord1] (let (a, _) = self in a) = (let (a, _) = o in a) - /\ lt_log'1 (let (_, a) = self in a) (let (_, a) = o in a) - \/ lt_log'2 (let (a, _) = self in a) (let (a, _) = o in a) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 262 4 262 41] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int) (o : int) : t_Ordering'0 = - [%#sord2] let r = cmp_log'1 (let (a, _) = self in a) (let (a, _) = o in a) in if r = C_Equal'0 then - cmp_log'2 (let (_, a) = self in a) (let (_, a) = o in a) - else - r - + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : (t_A'0, t_B'0) . forall y : (t_A'0, t_B'0) . forall result : () . lt_log'0 x y - = (cmp_log'0 x y = C_Less'0) -> lt_log'0 x y = (cmp_log'0 x y = C_Less'0) + goal refines : [%#sord0] forall x : int . forall y : int . forall result : () . (x = y) = (cmp_log'0 x y = C_Equal'0) + -> (x = y) = (cmp_log'0 x y = C_Equal'0) end -module M_creusot_contracts__logic__ord__qyi1910662420989811789__antisym1__refines [#"../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37] (* <(A, B) as logic::ord::OrdLogic> *) +module M_creusot_contracts__logic__ord__qyi8355372356285216375__antisym1__refines [#"../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 263 8 270 11 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 - let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 - let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 - let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 - let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 - let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 - let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 - let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 - let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 - let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 - let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 - - type t_A'0 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - type t_B'0 + use prelude.prelude.Int type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_A'0) (other : t_A'0) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int) (o : int) : t_Ordering'0 + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_A'0) (y : t_A'0) : () - - axiom eq_cmp'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord14] (x = y) = (cmp_log'1 x y = C_Equal'0) - - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_A'0) (y : t_A'0) : () - - axiom antisym2'0_spec : forall x : t_A'0, y : t_A'0 . ([%#sord12] cmp_log'1 x y = C_Greater'0) - -> ([%#sord13] cmp_log'1 y x = C_Less'0) + goal refines : [%#sord0] forall x : int . forall y : int . cmp_log'0 x y = C_Less'0 + -> cmp_log'0 x y = C_Less'0 /\ (forall result : () . cmp_log'0 y x = C_Greater'0 -> cmp_log'0 y x = C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi8355372356285216375__antisym2__refines [#"../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - function antisym1'1 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_A'0) (y : t_A'0) : () + use prelude.prelude.Int - axiom antisym1'1_spec : forall x : t_A'0, y : t_A'0 . ([%#sord10] cmp_log'1 x y = C_Less'0) - -> ([%#sord11] cmp_log'1 y x = C_Greater'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_A'0) (y : t_A'0) (z : t_A'0) (o : t_Ordering'0) : () + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int) (o : int) : t_Ordering'0 + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - axiom trans'0_spec : forall x : t_A'0, y : t_A'0, z : t_A'0, o : t_Ordering'0 . ([%#sord7] cmp_log'1 x y = o) - -> ([%#sord8] cmp_log'1 y z = o) -> ([%#sord9] cmp_log'1 x z = o) + goal refines : [%#sord0] forall x : int . forall y : int . cmp_log'0 x y = C_Greater'0 + -> cmp_log'0 x y = C_Greater'0 /\ (forall result : () . cmp_log'0 y x = C_Less'0 -> cmp_log'0 y x = C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi8355372356285216375__cmp_le_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_A'0) : () + use prelude.prelude.Int - axiom refl'0_spec : forall x : t_A'0 . [%#sord6] cmp_log'1 x x = C_Equal'0 + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_A'0) (o : t_A'0) : bool + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int) (o : int) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_A'0) (y : t_A'0) : () + goal refines : [%#sord0] forall x : int . forall y : int . forall result : () . (x <= y) + = (cmp_log'0 x y <> C_Greater'0) -> (x <= y) = (cmp_log'0 x y <> C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi8355372356285216375__trans__refines [#"../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - axiom cmp_gt_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord5] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) + use prelude.prelude.Int - function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_A'0) (o : t_A'0) : bool + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_A'0) (y : t_A'0) : () + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int) (o : int) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - axiom cmp_ge_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord4] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) + goal refines : [%#sord0] forall x : int . forall y : int . forall z : int . forall o : t_Ordering'0 . cmp_log'0 y z + = o + /\ cmp_log'0 x y = o + -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) +end +module M_creusot_contracts__logic__ord__qyi15418235539824427604__eq_cmp__refines [#"../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_A'0) (o : t_A'0) : bool + use prelude.prelude.UInt8 - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_A'0) (y : t_A'0) : () + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - axiom cmp_lt_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord3] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) + use prelude.prelude.Int - function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_A'0) (o : t_A'0) : bool + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint8) (o : uint8) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_A'0) (y : t_A'0) : () + goal refines : [%#sord0] forall x : uint8 . forall y : uint8 . forall result : () . (x = y) + = (cmp_log'0 x y = C_Equal'0) -> (x = y) = (cmp_log'0 x y = C_Equal'0) +end +module M_creusot_contracts__logic__ord__qyi15418235539824427604__cmp_gt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - axiom cmp_le_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord2] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) + use prelude.prelude.UInt8 - function cmp_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_B'0) (other : t_B'0) : t_Ordering'0 - + use prelude.prelude.Int - function eq_cmp'1 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_B'0) (y : t_B'0) : () + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - axiom eq_cmp'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord14] (x = y) = (cmp_log'2 x y = C_Equal'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint8) (o : uint8) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - function antisym2'1 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_B'0) (y : t_B'0) : () + goal refines : [%#sord0] forall x : uint8 . forall y : uint8 . forall result : () . (x > y) + = (cmp_log'0 x y = C_Greater'0) -> (x > y) = (cmp_log'0 x y = C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi15418235539824427604__trans__refines [#"../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - axiom antisym2'1_spec : forall x : t_B'0, y : t_B'0 . ([%#sord12] cmp_log'2 x y = C_Greater'0) - -> ([%#sord13] cmp_log'2 y x = C_Less'0) + use prelude.prelude.UInt8 - function antisym1'2 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_B'0) (y : t_B'0) : () + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - axiom antisym1'2_spec : forall x : t_B'0, y : t_B'0 . ([%#sord10] cmp_log'2 x y = C_Less'0) - -> ([%#sord11] cmp_log'2 y x = C_Greater'0) + use prelude.prelude.Int - function trans'1 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_B'0) (y : t_B'0) (z : t_B'0) (o : t_Ordering'0) : () + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint8) (o : uint8) : t_Ordering'0 + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - axiom trans'1_spec : forall x : t_B'0, y : t_B'0, z : t_B'0, o : t_Ordering'0 . ([%#sord7] cmp_log'2 x y = o) - -> ([%#sord8] cmp_log'2 y z = o) -> ([%#sord9] cmp_log'2 x z = o) - - function refl'1 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_B'0) : () + goal refines : [%#sord0] forall x : uint8 . forall y : uint8 . forall z : uint8 . forall o : t_Ordering'0 . cmp_log'0 y z + = o + /\ cmp_log'0 x y = o + -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) +end +module M_creusot_contracts__logic__ord__qyi15418235539824427604__antisym2__refines [#"../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - axiom refl'1_spec : forall x : t_B'0 . [%#sord6] cmp_log'2 x x = C_Equal'0 + use prelude.prelude.UInt8 - function gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_B'0) (o : t_B'0) : bool + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function cmp_gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_B'0) (y : t_B'0) : () + use prelude.prelude.Int - axiom cmp_gt_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord5] gt_log'1 x y = (cmp_log'2 x y = C_Greater'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint8) (o : uint8) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - function ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_B'0) (o : t_B'0) : bool + goal refines : [%#sord0] forall x : uint8 . forall y : uint8 . cmp_log'0 x y = C_Greater'0 + -> cmp_log'0 x y = C_Greater'0 /\ (forall result : () . cmp_log'0 y x = C_Less'0 -> cmp_log'0 y x = C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi15418235539824427604__cmp_le_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - function cmp_ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_B'0) (y : t_B'0) : () + use prelude.prelude.UInt8 - axiom cmp_ge_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord4] ge_log'1 x y = (cmp_log'2 x y <> C_Less'0) + use prelude.prelude.Int - function lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_B'0) (o : t_B'0) : bool + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function cmp_lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_B'0) (y : t_B'0) : () + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint8) (o : uint8) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - axiom cmp_lt_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord3] lt_log'1 x y = (cmp_log'2 x y = C_Less'0) + goal refines : [%#sord0] forall x : uint8 . forall y : uint8 . forall result : () . (x <= y) + = (cmp_log'0 x y <> C_Greater'0) -> (x <= y) = (cmp_log'0 x y <> C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi15418235539824427604__cmp_lt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - function le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_B'0) (o : t_B'0) : bool + use prelude.prelude.UInt8 - function cmp_le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_B'0) (y : t_B'0) : () + use prelude.prelude.Int - axiom cmp_le_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord2] le_log'1 x y = (cmp_log'2 x y <> C_Greater'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 262 4 262 41] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint8) (o : uint8) : t_Ordering'0 = - [%#sord1] let r = cmp_log'1 (let (a, _) = self in a) (let (a, _) = o in a) in if r = C_Equal'0 then - cmp_log'2 (let (_, a) = self in a) (let (_, a) = o in a) - else - r - + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : (t_A'0, t_B'0) . forall y : (t_A'0, t_B'0) . cmp_log'0 x y = C_Less'0 - -> cmp_log'0 x y = C_Less'0 /\ (forall result : () . cmp_log'0 y x = C_Greater'0 -> cmp_log'0 y x = C_Greater'0) + goal refines : [%#sord0] forall x : uint8 . forall y : uint8 . forall result : () . (x < y) + = (cmp_log'0 x y = C_Less'0) -> (x < y) = (cmp_log'0 x y = C_Less'0) end -module M_creusot_contracts__stdqy35z1__deque__qyi8367101395671471553__resolve_coherence__refines [#"../../../creusot-contracts/src/std/deque.rs" 65 4 65 31] (* as resolve::Resolve> *) - let%span sdeque0 = "../../../creusot-contracts/src/std/deque.rs" 65 4 65 31 - let%span sdeque1 = "../../../creusot-contracts/src/std/deque.rs" 58 20 58 83 - let%span sdeque2 = "../../../creusot-contracts/src/std/deque.rs" 13 14 13 41 - let%span sdeque3 = "../../../creusot-contracts/src/std/deque.rs" 39 8 39 31 - - use prelude.prelude.Borrow +module M_creusot_contracts__logic__ord__qyi15418235539824427604__cmp_ge_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - use prelude.prelude.UIntSize + use prelude.prelude.UInt8 - use prelude.prelude.Opaque + use prelude.prelude.Int - type t_NonNull'0 = - { t_NonNull__pointer'0: opaque_ptr } + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - type t_Unique'0 = - { t_Unique__pointer'0: t_NonNull'0; t_Unique__qy95zmarker'0: () } + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint8) (o : uint8) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - type t_Cap'0 = - { t_Cap__0'0: usize } + goal refines : [%#sord0] forall x : uint8 . forall y : uint8 . forall result : () . (x >= y) + = (cmp_log'0 x y <> C_Less'0) -> (x >= y) = (cmp_log'0 x y <> C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi15418235539824427604__antisym1__refines [#"../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - type t_RawVec'0 = - { t_RawVec__ptr'0: t_Unique'0; t_RawVec__cap'0: t_Cap'0; t_RawVec__alloc'0: () } + use prelude.prelude.UInt8 - type t_VecDeque'0 = - { t_VecDeque__head'0: usize; t_VecDeque__len'0: usize; t_VecDeque__buf'0: t_RawVec'0 } + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate resolve'1 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_RawVec'0) = - true + use prelude.prelude.Int - predicate resolve'2 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : usize) = - true + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint8) (o : uint8) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - predicate structural_resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 27 0 27 51] (_1 : t_VecDeque'0) = - match _1 with - | {t_VecDeque__head'0 = x0 ; t_VecDeque__len'0 = x1 ; t_VecDeque__buf'0 = x2} -> resolve'1 x2 - /\ resolve'2 x1 /\ resolve'2 x0 - end + goal refines : [%#sord0] forall x : uint8 . forall y : uint8 . cmp_log'0 x y = C_Less'0 + -> cmp_log'0 x y = C_Less'0 /\ (forall result : () . cmp_log'0 y x = C_Greater'0 -> cmp_log'0 y x = C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi15418235539824427604__refl__refines [#"../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_VecDeque'0) + use prelude.prelude.UInt8 - axiom inv_axiom'0 [@rewrite] : forall x : t_VecDeque'0 [inv'0 x] . inv'0 x = true + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 use prelude.prelude.Int - use seq.Seq + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint8) (o : uint8) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - constant v_MAX'0 : usize = (18446744073709551615 : usize) + goal refines : [%#sord0] forall x : uint8 . forall result : () . cmp_log'0 x x = C_Equal'0 + -> cmp_log'0 x x = C_Equal'0 +end +module M_creusot_contracts__logic__ord__qyi7305497527599188430__antisym2__refines [#"../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - use prelude.prelude.UIntSize + use prelude.prelude.UInt16 - type t_T'0 + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - use seq.Seq + use prelude.prelude.Int - function view'0 [#"../../../creusot-contracts/src/std/deque.rs" 14 4 14 27] (self : t_VecDeque'0) : Seq.seq t_T'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint16) (o : uint16) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - axiom view'0_spec : forall self : t_VecDeque'0 . [%#sdeque2] Seq.length (view'0 self) - <= UIntSize.to_int (v_MAX'0 : usize) + goal refines : [%#sord0] forall x : uint16 . forall y : uint16 . cmp_log'0 x y = C_Greater'0 + -> cmp_log'0 x y = C_Greater'0 /\ (forall result : () . cmp_log'0 y x = C_Less'0 -> cmp_log'0 y x = C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi7305497527599188430__cmp_ge_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - use seq.Seq + use prelude.prelude.UInt16 - function index_logic'0 [@inline:trivial] [#"../../../creusot-contracts/src/std/deque.rs" 38 4 38 47] (self : t_VecDeque'0) (ix : int) : t_T'0 - - = - [%#sdeque3] Seq.get (view'0 self) ix + use prelude.prelude.Int - predicate resolve'3 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_T'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate resolve'0 [#"../../../creusot-contracts/src/std/deque.rs" 57 4 57 28] (self : t_VecDeque'0) = - [%#sdeque1] forall i : int . 0 <= i /\ i < Seq.length (view'0 self) -> resolve'3 (index_logic'0 self i) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint16) (o : uint16) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sdeque0] forall self : t_VecDeque'0 . structural_resolve'0 self /\ inv'0 self - -> structural_resolve'0 self /\ (forall result : () . resolve'0 self -> resolve'0 self) + goal refines : [%#sord0] forall x : uint16 . forall y : uint16 . forall result : () . (x >= y) + = (cmp_log'0 x y <> C_Less'0) -> (x >= y) = (cmp_log'0 x y <> C_Less'0) end -module M_creusot_contracts__stdqy35z1__iter__cloned__qyi49636360433726320__resolve_coherence__refines [#"../../../creusot-contracts/src/std/iter/cloned.rs" 28 4 28 31] (* as resolve::Resolve> *) - let%span scloned0 = "../../../creusot-contracts/src/std/iter/cloned.rs" 28 4 28 31 - let%span scloned1 = "../../../creusot-contracts/src/std/iter/cloned.rs" 21 8 21 29 - let%span scloned2 = "../../../creusot-contracts/src/std/iter/cloned.rs" 11 14 11 39 - let%span sinvariant3 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 +module M_creusot_contracts__logic__ord__qyi7305497527599188430__refl__refines [#"../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - use prelude.prelude.Borrow + use prelude.prelude.UInt16 - type t_I'0 + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - type t_Cloned'0 = - { t_Cloned__it'0: t_I'0 } + use prelude.prelude.Int - predicate resolve'1 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_I'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint16) (o : uint16) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - predicate structural_resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 27 0 27 51] (_1 : t_Cloned'0) = - match _1 with - | {t_Cloned__it'0 = x0} -> resolve'1 x0 - end + goal refines : [%#sord0] forall x : uint16 . forall result : () . cmp_log'0 x x = C_Equal'0 + -> cmp_log'0 x x = C_Equal'0 +end +module M_creusot_contracts__logic__ord__qyi7305497527599188430__cmp_lt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) + use prelude.prelude.UInt16 - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Cloned'0) + use prelude.prelude.Int - axiom inv_axiom'1 [@rewrite] : forall x : t_Cloned'0 [inv'1 x] . inv'1 x - = match x with - | {t_Cloned__it'0 = it} -> inv'2 it - end + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate invariant'0 [#"../../../creusot-contracts/src/invariant.rs" 23 4 23 30] (self : t_Cloned'0) = - [%#sinvariant3] inv'1 self + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint16) (o : uint16) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Cloned'0) + goal refines : [%#sord0] forall x : uint16 . forall y : uint16 . forall result : () . (x < y) + = (cmp_log'0 x y = C_Less'0) -> (x < y) = (cmp_log'0 x y = C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi7305497527599188430__cmp_le_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - axiom inv_axiom'0 [@rewrite] : forall x : t_Cloned'0 [inv'0 x] . inv'0 x = invariant'0 x + use prelude.prelude.UInt16 - function iter'0 [#"../../../creusot-contracts/src/std/iter/cloned.rs" 12 4 12 22] (self : t_Cloned'0) : t_I'0 + use prelude.prelude.Int - axiom iter'0_spec : forall self : t_Cloned'0 . [%#scloned2] inv'1 self -> inv'2 (iter'0 self) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate resolve'0 [#"../../../creusot-contracts/src/std/iter/cloned.rs" 20 4 20 28] (self : t_Cloned'0) = - [%#scloned1] resolve'1 (iter'0 self) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint16) (o : uint16) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#scloned0] forall self : t_Cloned'0 . structural_resolve'0 self /\ inv'0 self - -> structural_resolve'0 self /\ (forall result : () . resolve'0 self -> resolve'0 self) + goal refines : [%#sord0] forall x : uint16 . forall y : uint16 . forall result : () . (x <= y) + = (cmp_log'0 x y <> C_Greater'0) -> (x <= y) = (cmp_log'0 x y <> C_Greater'0) end -module M_creusot_contracts__stdqy35z1__iter__copied__qyi4622684907952448174__resolve_coherence__refines [#"../../../creusot-contracts/src/std/iter/copied.rs" 28 4 28 31] (* as resolve::Resolve> *) - let%span scopied0 = "../../../creusot-contracts/src/std/iter/copied.rs" 28 4 28 31 - let%span scopied1 = "../../../creusot-contracts/src/std/iter/copied.rs" 21 8 21 29 - let%span scopied2 = "../../../creusot-contracts/src/std/iter/copied.rs" 11 14 11 39 - let%span sinvariant3 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 +module M_creusot_contracts__logic__ord__qyi7305497527599188430__antisym1__refines [#"../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - use prelude.prelude.Borrow + use prelude.prelude.UInt16 - type t_I'0 + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - type t_Copied'0 = - { t_Copied__it'0: t_I'0 } + use prelude.prelude.Int - predicate resolve'1 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_I'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint16) (o : uint16) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - predicate structural_resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 27 0 27 51] (_1 : t_Copied'0) = - match _1 with - | {t_Copied__it'0 = x0} -> resolve'1 x0 - end + goal refines : [%#sord0] forall x : uint16 . forall y : uint16 . cmp_log'0 x y = C_Less'0 + -> cmp_log'0 x y = C_Less'0 /\ (forall result : () . cmp_log'0 y x = C_Greater'0 -> cmp_log'0 y x = C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi7305497527599188430__trans__refines [#"../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) + use prelude.prelude.UInt16 - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Copied'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - axiom inv_axiom'1 [@rewrite] : forall x : t_Copied'0 [inv'1 x] . inv'1 x - = match x with - | {t_Copied__it'0 = it} -> inv'2 it - end + use prelude.prelude.Int - predicate invariant'0 [#"../../../creusot-contracts/src/invariant.rs" 23 4 23 30] (self : t_Copied'0) = - [%#sinvariant3] inv'1 self + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint16) (o : uint16) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Copied'0) + goal refines : [%#sord0] forall x : uint16 . forall y : uint16 . forall z : uint16 . forall o : t_Ordering'0 . cmp_log'0 y z + = o + /\ cmp_log'0 x y = o + -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) +end +module M_creusot_contracts__logic__ord__qyi7305497527599188430__eq_cmp__refines [#"../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - axiom inv_axiom'0 [@rewrite] : forall x : t_Copied'0 [inv'0 x] . inv'0 x = invariant'0 x + use prelude.prelude.UInt16 - function iter'0 [#"../../../creusot-contracts/src/std/iter/copied.rs" 12 4 12 22] (self : t_Copied'0) : t_I'0 + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - axiom iter'0_spec : forall self : t_Copied'0 . [%#scopied2] inv'1 self -> inv'2 (iter'0 self) + use prelude.prelude.Int - predicate resolve'0 [#"../../../creusot-contracts/src/std/iter/copied.rs" 20 4 20 28] (self : t_Copied'0) = - [%#scopied1] resolve'1 (iter'0 self) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint16) (o : uint16) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#scopied0] forall self : t_Copied'0 . structural_resolve'0 self /\ inv'0 self - -> structural_resolve'0 self /\ (forall result : () . resolve'0 self -> resolve'0 self) + goal refines : [%#sord0] forall x : uint16 . forall y : uint16 . forall result : () . (x = y) + = (cmp_log'0 x y = C_Equal'0) -> (x = y) = (cmp_log'0 x y = C_Equal'0) end -module M_creusot_contracts__stdqy35z1__iter__enumerate__qyi2208779330486735413__resolve_coherence__refines [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 37 4 37 31] (* as resolve::Resolve> *) - let%span senumerate0 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 37 4 37 31 - let%span senumerate1 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 30 8 30 29 - let%span senumerate2 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 14 14 14 39 - let%span sinvariant3 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 - - use prelude.prelude.Borrow - - type t_I'0 +module M_creusot_contracts__logic__ord__qyi7305497527599188430__cmp_gt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - use prelude.prelude.UIntSize + use prelude.prelude.UInt16 - type t_Enumerate'0 = - { t_Enumerate__iter'0: t_I'0; t_Enumerate__count'0: usize } + use prelude.prelude.Int - predicate resolve'1 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : usize) = - true + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate resolve'2 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_I'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint16) (o : uint16) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - predicate structural_resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 27 0 27 51] (_1 : t_Enumerate'0) = - match _1 with - | {t_Enumerate__iter'0 = x0 ; t_Enumerate__count'0 = x1} -> resolve'1 x1 /\ resolve'2 x0 - end + goal refines : [%#sord0] forall x : uint16 . forall y : uint16 . forall result : () . (x > y) + = (cmp_log'0 x y = C_Greater'0) -> (x > y) = (cmp_log'0 x y = C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi4526525114627399862__cmp_gt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) + use prelude.prelude.UInt32 - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Enumerate'0) + use prelude.prelude.Int - axiom inv_axiom'1 : forall x : t_Enumerate'0 [inv'1 x] . inv'1 x - -> match x with - | {t_Enumerate__iter'0 = iter ; t_Enumerate__count'0 = count} -> inv'2 iter - end + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate invariant'0 [#"../../../creusot-contracts/src/invariant.rs" 23 4 23 30] (self : t_Enumerate'0) = - [%#sinvariant3] inv'1 self + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint32) (o : uint32) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Enumerate'0) + goal refines : [%#sord0] forall x : uint32 . forall y : uint32 . forall result : () . (x > y) + = (cmp_log'0 x y = C_Greater'0) -> (x > y) = (cmp_log'0 x y = C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi4526525114627399862__trans__refines [#"../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - axiom inv_axiom'0 [@rewrite] : forall x : t_Enumerate'0 [inv'0 x] . inv'0 x = invariant'0 x + use prelude.prelude.UInt32 - function iter'0 [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 15 4 15 22] (self : t_Enumerate'0) : t_I'0 + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - axiom iter'0_spec : forall self : t_Enumerate'0 . [%#senumerate2] inv'1 self -> inv'2 (iter'0 self) + use prelude.prelude.Int - predicate resolve'0 [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 29 4 29 28] (self : t_Enumerate'0) = - [%#senumerate1] resolve'2 (iter'0 self) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint32) (o : uint32) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#senumerate0] forall self : t_Enumerate'0 . structural_resolve'0 self /\ inv'0 self - -> structural_resolve'0 self /\ (forall result : () . resolve'0 self -> resolve'0 self) + goal refines : [%#sord0] forall x : uint32 . forall y : uint32 . forall z : uint32 . forall o : t_Ordering'0 . cmp_log'0 y z + = o + /\ cmp_log'0 x y = o + -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) end -module M_creusot_contracts__stdqy35z1__iter__map__qyi13484997498660514945__resolve_coherence__refines [#"../../../creusot-contracts/src/std/iter/map.rs" 40 4 40 31] (* as resolve::Resolve> *) - let%span smap0 = "../../../creusot-contracts/src/std/iter/map.rs" 40 4 40 31 - let%span smap1 = "../../../creusot-contracts/src/std/iter/map.rs" 32 8 32 54 - let%span smap2 = "../../../creusot-contracts/src/std/iter/map.rs" 15 14 15 39 - let%span smap3 = "../../../creusot-contracts/src/std/iter/map.rs" 22 14 22 39 - let%span sinvariant4 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 - - use prelude.prelude.Borrow +module M_creusot_contracts__logic__ord__qyi4526525114627399862__cmp_lt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - type t_I'0 + use prelude.prelude.UInt32 - type t_F'0 + use prelude.prelude.Int - type t_Map'0 = - { t_Map__iter'0: t_I'0; t_Map__f'0: t_F'0 } + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate resolve'1 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_F'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint32) (o : uint32) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - predicate resolve'2 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_I'0) + goal refines : [%#sord0] forall x : uint32 . forall y : uint32 . forall result : () . (x < y) + = (cmp_log'0 x y = C_Less'0) -> (x < y) = (cmp_log'0 x y = C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi4526525114627399862__cmp_ge_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - predicate structural_resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 27 0 27 51] (_1 : t_Map'0) = - match _1 with - | {t_Map__iter'0 = x0 ; t_Map__f'0 = x1} -> resolve'1 x1 /\ resolve'2 x0 - end + use prelude.prelude.UInt32 - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) + use prelude.prelude.Int - predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_F'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Map'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint32) (o : uint32) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - axiom inv_axiom'1 [@rewrite] : forall x : t_Map'0 [inv'1 x] . inv'1 x - = match x with - | {t_Map__iter'0 = iter ; t_Map__f'0 = f} -> inv'2 iter /\ inv'3 f - end + goal refines : [%#sord0] forall x : uint32 . forall y : uint32 . forall result : () . (x >= y) + = (cmp_log'0 x y <> C_Less'0) -> (x >= y) = (cmp_log'0 x y <> C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi4526525114627399862__cmp_le_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - predicate invariant'0 [#"../../../creusot-contracts/src/invariant.rs" 23 4 23 30] (self : t_Map'0) = - [%#sinvariant4] inv'1 self + use prelude.prelude.UInt32 - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Map'0) + use prelude.prelude.Int - axiom inv_axiom'0 [@rewrite] : forall x : t_Map'0 [inv'0 x] . inv'0 x = invariant'0 x + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function iter'0 [#"../../../creusot-contracts/src/std/iter/map.rs" 16 4 16 22] (self : t_Map'0) : t_I'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint32) (o : uint32) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - axiom iter'0_spec : forall self : t_Map'0 . [%#smap2] inv'1 self -> inv'2 (iter'0 self) + goal refines : [%#sord0] forall x : uint32 . forall y : uint32 . forall result : () . (x <= y) + = (cmp_log'0 x y <> C_Greater'0) -> (x <= y) = (cmp_log'0 x y <> C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi4526525114627399862__antisym2__refines [#"../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - function func'0 [#"../../../creusot-contracts/src/std/iter/map.rs" 23 4 23 22] (self : t_Map'0) : t_F'0 + use prelude.prelude.UInt32 - axiom func'0_spec : forall self : t_Map'0 . [%#smap3] inv'1 self -> inv'3 (func'0 self) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate resolve'0 [#"../../../creusot-contracts/src/std/iter/map.rs" 31 4 31 28] (self : t_Map'0) = - [%#smap1] resolve'2 (iter'0 self) /\ resolve'1 (func'0 self) + use prelude.prelude.Int - goal refines : [%#smap0] forall self : t_Map'0 . structural_resolve'0 self /\ inv'0 self - -> structural_resolve'0 self /\ (forall result : () . resolve'0 self -> resolve'0 self) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint32) (o : uint32) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + + goal refines : [%#sord0] forall x : uint32 . forall y : uint32 . cmp_log'0 x y = C_Greater'0 + -> cmp_log'0 x y = C_Greater'0 /\ (forall result : () . cmp_log'0 y x = C_Less'0 -> cmp_log'0 y x = C_Less'0) end -module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi5691635635396426195__resolve_coherence__refines [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 64 4 64 31] (* as resolve::Resolve> *) - let%span smap_inv0 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 64 4 64 31 - let%span smap_inv1 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 57 8 57 50 - let%span sinvariant2 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 +module M_creusot_contracts__logic__ord__qyi4526525114627399862__refl__refines [#"../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - use prelude.prelude.Borrow + use prelude.prelude.UInt32 - type t_I'0 + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - type t_F'0 + use prelude.prelude.Int - type t_B'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint32) (o : uint32) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - use seq.Seq + goal refines : [%#sord0] forall x : uint32 . forall result : () . cmp_log'0 x x = C_Equal'0 + -> cmp_log'0 x x = C_Equal'0 +end +module M_creusot_contracts__logic__ord__qyi4526525114627399862__eq_cmp__refines [#"../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - use prelude.prelude.Snapshot + use prelude.prelude.UInt32 - type t_MapInv'0 = - { t_MapInv__iter'0: t_I'0; t_MapInv__func'0: t_F'0; t_MapInv__produced'0: Snapshot.snap_ty (Seq.seq t_B'0) } + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate resolve'1 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : Snapshot.snap_ty (Seq.seq t_B'0)) - = - true + use prelude.prelude.Int - predicate resolve'2 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_F'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint32) (o : uint32) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - predicate resolve'3 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_I'0) + goal refines : [%#sord0] forall x : uint32 . forall y : uint32 . forall result : () . (x = y) + = (cmp_log'0 x y = C_Equal'0) -> (x = y) = (cmp_log'0 x y = C_Equal'0) +end +module M_creusot_contracts__logic__ord__qyi4526525114627399862__antisym1__refines [#"../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - predicate structural_resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 27 0 27 51] (_1 : t_MapInv'0) = - match _1 with - | {t_MapInv__iter'0 = x0 ; t_MapInv__func'0 = x1 ; t_MapInv__produced'0 = x2} -> resolve'1 x2 - /\ resolve'2 x1 /\ resolve'3 x0 - end + use prelude.prelude.UInt32 - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_F'0) + use prelude.prelude.Int - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_MapInv'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint32) (o : uint32) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - axiom inv_axiom'1 : forall x : t_MapInv'0 [inv'1 x] . inv'1 x - -> match x with - | {t_MapInv__iter'0 = iter ; t_MapInv__func'0 = func ; t_MapInv__produced'0 = produced} -> inv'2 iter /\ inv'3 func - end + goal refines : [%#sord0] forall x : uint32 . forall y : uint32 . cmp_log'0 x y = C_Less'0 + -> cmp_log'0 x y = C_Less'0 /\ (forall result : () . cmp_log'0 y x = C_Greater'0 -> cmp_log'0 y x = C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi11489483489418918928__trans__refines [#"../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - predicate invariant'0 [#"../../../creusot-contracts/src/invariant.rs" 23 4 23 30] (self : t_MapInv'0) = - [%#sinvariant2] inv'1 self + use prelude.prelude.UInt64 - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_MapInv'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - axiom inv_axiom'0 [@rewrite] : forall x : t_MapInv'0 [inv'0 x] . inv'0 x = invariant'0 x + use prelude.prelude.Int - predicate resolve'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 56 4 56 28] (self : t_MapInv'0) = - [%#smap_inv1] resolve'3 self.t_MapInv__iter'0 /\ resolve'2 self.t_MapInv__func'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint64) (o : uint64) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#smap_inv0] forall self : t_MapInv'0 . structural_resolve'0 self /\ inv'0 self - -> structural_resolve'0 self /\ (forall result : () . resolve'0 self -> resolve'0 self) + goal refines : [%#sord0] forall x : uint64 . forall y : uint64 . forall z : uint64 . forall o : t_Ordering'0 . cmp_log'0 y z + = o + /\ cmp_log'0 x y = o + -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) end -module M_creusot_contracts__stdqy35z1__iter__skip__qyi14372835745621067113__resolve_coherence__refines [#"../../../creusot-contracts/src/std/iter/skip.rs" 40 4 40 31] (* as resolve::Resolve> *) - let%span sskip0 = "../../../creusot-contracts/src/std/iter/skip.rs" 40 4 40 31 - let%span sskip1 = "../../../creusot-contracts/src/std/iter/skip.rs" 32 12 32 33 - let%span sskip2 = "../../../creusot-contracts/src/std/iter/skip.rs" 14 14 14 39 - let%span sinvariant3 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 - - use prelude.prelude.Borrow - - type t_I'0 +module M_creusot_contracts__logic__ord__qyi11489483489418918928__eq_cmp__refines [#"../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 - type t_Skip'0 = - { t_Skip__iter'0: t_I'0; t_Skip__n'0: usize } + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate resolve'1 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : usize) = - true + use prelude.prelude.Int - predicate resolve'2 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_I'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint64) (o : uint64) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - predicate structural_resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 27 0 27 51] (_1 : t_Skip'0) = - match _1 with - | {t_Skip__iter'0 = x0 ; t_Skip__n'0 = x1} -> resolve'1 x1 /\ resolve'2 x0 - end + goal refines : [%#sord0] forall x : uint64 . forall y : uint64 . forall result : () . (x = y) + = (cmp_log'0 x y = C_Equal'0) -> (x = y) = (cmp_log'0 x y = C_Equal'0) +end +module M_creusot_contracts__logic__ord__qyi11489483489418918928__antisym1__refines [#"../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) + use prelude.prelude.UInt64 - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Skip'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - axiom inv_axiom'1 [@rewrite] : forall x : t_Skip'0 [inv'1 x] . inv'1 x - = match x with - | {t_Skip__iter'0 = iter ; t_Skip__n'0 = n} -> inv'2 iter - end + use prelude.prelude.Int - predicate invariant'0 [#"../../../creusot-contracts/src/invariant.rs" 23 4 23 30] (self : t_Skip'0) = - [%#sinvariant3] inv'1 self + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint64) (o : uint64) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Skip'0) + goal refines : [%#sord0] forall x : uint64 . forall y : uint64 . cmp_log'0 x y = C_Less'0 + -> cmp_log'0 x y = C_Less'0 /\ (forall result : () . cmp_log'0 y x = C_Greater'0 -> cmp_log'0 y x = C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi11489483489418918928__refl__refines [#"../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - axiom inv_axiom'0 [@rewrite] : forall x : t_Skip'0 [inv'0 x] . inv'0 x = invariant'0 x + use prelude.prelude.UInt64 - function iter'0 [#"../../../creusot-contracts/src/std/iter/skip.rs" 15 4 15 22] (self : t_Skip'0) : t_I'0 + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - axiom iter'0_spec : forall self : t_Skip'0 . [%#sskip2] inv'1 self -> inv'2 (iter'0 self) + use prelude.prelude.Int - predicate resolve'0 [#"../../../creusot-contracts/src/std/iter/skip.rs" 30 4 30 28] (self : t_Skip'0) = - [%#sskip1] resolve'2 (iter'0 self) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint64) (o : uint64) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sskip0] forall self : t_Skip'0 . structural_resolve'0 self /\ inv'0 self - -> structural_resolve'0 self /\ (forall result : () . resolve'0 self -> resolve'0 self) + goal refines : [%#sord0] forall x : uint64 . forall result : () . cmp_log'0 x x = C_Equal'0 + -> cmp_log'0 x x = C_Equal'0 end -module M_creusot_contracts__stdqy35z1__iter__take__qyi11550387566643656565__resolve_coherence__refines [#"../../../creusot-contracts/src/std/iter/take.rs" 48 4 48 31] (* as resolve::Resolve> *) - let%span stake0 = "../../../creusot-contracts/src/std/iter/take.rs" 48 4 48 31 - let%span stake1 = "../../../creusot-contracts/src/std/iter/take.rs" 41 8 41 29 - let%span stake2 = "../../../creusot-contracts/src/std/iter/take.rs" 17 14 17 39 - let%span sinvariant3 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 +module M_creusot_contracts__logic__ord__qyi11489483489418918928__cmp_le_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - use prelude.prelude.Borrow + use prelude.prelude.UInt64 - type t_I'0 + use prelude.prelude.Int - use prelude.prelude.UIntSize + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - type t_Take'0 = - { t_Take__iter'0: t_I'0; t_Take__n'0: usize } + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint64) (o : uint64) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - predicate resolve'1 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : usize) = - true + goal refines : [%#sord0] forall x : uint64 . forall y : uint64 . forall result : () . (x <= y) + = (cmp_log'0 x y <> C_Greater'0) -> (x <= y) = (cmp_log'0 x y <> C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi11489483489418918928__cmp_ge_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - predicate resolve'2 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_I'0) + use prelude.prelude.UInt64 - predicate structural_resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 27 0 27 51] (_1 : t_Take'0) = - match _1 with - | {t_Take__iter'0 = x0 ; t_Take__n'0 = x1} -> resolve'1 x1 /\ resolve'2 x0 - end + use prelude.prelude.Int - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Take'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint64) (o : uint64) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - axiom inv_axiom'1 [@rewrite] : forall x : t_Take'0 [inv'1 x] . inv'1 x - = match x with - | {t_Take__iter'0 = iter ; t_Take__n'0 = n} -> inv'2 iter - end + goal refines : [%#sord0] forall x : uint64 . forall y : uint64 . forall result : () . (x >= y) + = (cmp_log'0 x y <> C_Less'0) -> (x >= y) = (cmp_log'0 x y <> C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi11489483489418918928__antisym2__refines [#"../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - predicate invariant'0 [#"../../../creusot-contracts/src/invariant.rs" 23 4 23 30] (self : t_Take'0) = - [%#sinvariant3] inv'1 self + use prelude.prelude.UInt64 - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Take'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - axiom inv_axiom'0 [@rewrite] : forall x : t_Take'0 [inv'0 x] . inv'0 x = invariant'0 x + use prelude.prelude.Int - function iter'0 [#"../../../creusot-contracts/src/std/iter/take.rs" 18 4 18 22] (self : t_Take'0) : t_I'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint64) (o : uint64) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - axiom iter'0_spec : forall self : t_Take'0 . [%#stake2] inv'1 self -> inv'2 (iter'0 self) + goal refines : [%#sord0] forall x : uint64 . forall y : uint64 . cmp_log'0 x y = C_Greater'0 + -> cmp_log'0 x y = C_Greater'0 /\ (forall result : () . cmp_log'0 y x = C_Less'0 -> cmp_log'0 y x = C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi11489483489418918928__cmp_gt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - predicate resolve'0 [#"../../../creusot-contracts/src/std/iter/take.rs" 40 4 40 28] (self : t_Take'0) = - [%#stake1] resolve'2 (iter'0 self) + use prelude.prelude.UInt64 - goal refines : [%#stake0] forall self : t_Take'0 . structural_resolve'0 self /\ inv'0 self - -> structural_resolve'0 self /\ (forall result : () . resolve'0 self -> resolve'0 self) -end -module M_creusot_contracts__stdqy35z1__slice__qyi4472237099583716627__resolve_coherence__refines [#"../../../creusot-contracts/src/std/slice.rs" 445 4 445 31] (* as resolve::Resolve> *) - let%span sslice0 = "../../../creusot-contracts/src/std/slice.rs" 445 4 445 31 - let%span sslice1 = "../../../creusot-contracts/src/std/slice.rs" 437 20 437 36 - let%span sslice2 = "../../../creusot-contracts/src/std/slice.rs" 427 14 427 50 - let%span sslice3 = "../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 - let%span sslice4 = "../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 + use prelude.prelude.Int - use prelude.prelude.Borrow + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - use prelude.prelude.Opaque + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint64) (o : uint64) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - type t_NonNull'0 = - { t_NonNull__pointer'0: opaque_ptr } + goal refines : [%#sord0] forall x : uint64 . forall y : uint64 . forall result : () . (x > y) + = (cmp_log'0 x y = C_Greater'0) -> (x > y) = (cmp_log'0 x y = C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi11489483489418918928__cmp_lt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - type t_IterMut'0 = - { t_IterMut__ptr'0: t_NonNull'0; t_IterMut__end_or_len'0: opaque_ptr; t_IterMut__qy95zmarker'0: () } + use prelude.prelude.UInt64 - predicate resolve'1 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : ()) = - true + use prelude.prelude.Int - predicate resolve'2 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : opaque_ptr) = - true + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate resolve'3 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_NonNull'0) = - true + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint64) (o : uint64) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - predicate structural_resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 27 0 27 51] (_1 : t_IterMut'0) = - match _1 with - | {t_IterMut__ptr'0 = x0 ; t_IterMut__end_or_len'0 = x1 ; t_IterMut__qy95zmarker'0 = x2} -> resolve'1 x2 - /\ resolve'2 x1 /\ resolve'3 x0 - end + goal refines : [%#sord0] forall x : uint64 . forall y : uint64 . forall result : () . (x < y) + = (cmp_log'0 x y = C_Less'0) -> (x < y) = (cmp_log'0 x y = C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi13757098721041279861__antisym2__refines [#"../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_IterMut'0) + use prelude.prelude.UInt128 - axiom inv_axiom'0 [@rewrite] : forall x : t_IterMut'0 [inv'0 x] . inv'0 x = true + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - use seq.Seq + use prelude.prelude.Int - use prelude.prelude.UIntSize + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint128) (o : uint128) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - constant v_MAX'0 : usize = (18446744073709551615 : usize) + goal refines : [%#sord0] forall x : uint128 . forall y : uint128 . cmp_log'0 x y = C_Greater'0 + -> cmp_log'0 x y = C_Greater'0 /\ (forall result : () . cmp_log'0 y x = C_Less'0 -> cmp_log'0 y x = C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi13757098721041279861__cmp_le_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - use prelude.prelude.UIntSize + use prelude.prelude.UInt128 use prelude.prelude.Int - use prelude.prelude.Slice + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - use prelude.prelude.Slice + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint128) (o : uint128) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - type t_T'0 + goal refines : [%#sord0] forall x : uint128 . forall y : uint128 . forall result : () . (x <= y) + = (cmp_log'0 x y <> C_Greater'0) -> (x <= y) = (cmp_log'0 x y <> C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi13757098721041279861__antisym1__refines [#"../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - use seq.Seq + use prelude.prelude.UInt128 - function view'1 [#"../../../creusot-contracts/src/std/slice.rs" 30 4 30 33] (self : slice t_T'0) : Seq.seq t_T'0 + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - axiom view'1_spec : forall self : slice t_T'0 . ([%#sslice3] Seq.length (view'1 self) - <= UIntSize.to_int (v_MAX'0 : usize)) - && ([%#sslice4] view'1 self = Slice.id self) + use prelude.prelude.Int - function view'0 [#"../../../creusot-contracts/src/std/slice.rs" 428 4 428 33] (self : t_IterMut'0) : borrowed (slice t_T'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint128) (o : uint128) : t_Ordering'0 + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - axiom view'0_spec : forall self : t_IterMut'0 . [%#sslice2] Seq.length (view'1 (view'0 self).final) - = Seq.length (view'1 (view'0 self).current) - - predicate resolve'0 [#"../../../creusot-contracts/src/std/slice.rs" 436 4 436 28] (self : t_IterMut'0) = - [%#sslice1] (view'0 self).current = (view'0 self).final - - goal refines : [%#sslice0] forall self : t_IterMut'0 . structural_resolve'0 self /\ inv'0 self - -> structural_resolve'0 self /\ (forall result : () . resolve'0 self -> resolve'0 self) + goal refines : [%#sord0] forall x : uint128 . forall y : uint128 . cmp_log'0 x y = C_Less'0 + -> cmp_log'0 x y = C_Less'0 /\ (forall result : () . cmp_log'0 y x = C_Greater'0 -> cmp_log'0 y x = C_Greater'0) end -module M_creusot_contracts__stdqy35z1__vec__qyi6844585276173866460__resolve_coherence__refines [#"../../../creusot-contracts/src/std/vec.rs" 56 4 56 31] (* as resolve::Resolve> *) - let%span svec0 = "../../../creusot-contracts/src/std/vec.rs" 56 4 56 31 - let%span svec1 = "../../../creusot-contracts/src/std/vec.rs" 49 20 49 83 - let%span svec2 = "../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - let%span sindex3 = "../../../creusot-contracts/src/logic/ops/index.rs" 27 8 27 31 - let%span sinvariant4 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 - let%span svec5 = "../../../creusot-contracts/src/std/vec.rs" 65 20 65 41 - let%span sseq6 = "../../../creusot-contracts/src/logic/seq.rs" 623 20 623 95 - let%span sboxed7 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 +module M_creusot_contracts__logic__ord__qyi13757098721041279861__trans__refines [#"../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - use prelude.prelude.Borrow + use prelude.prelude.UInt128 - use prelude.prelude.Opaque + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - type t_NonNull'0 = - { t_NonNull__pointer'0: opaque_ptr } + use prelude.prelude.Int - type t_Unique'0 = - { t_Unique__pointer'0: t_NonNull'0; t_Unique__qy95zmarker'0: () } + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint128) (o : uint128) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - use prelude.prelude.UIntSize + goal refines : [%#sord0] forall x : uint128 . forall y : uint128 . forall z : uint128 . forall o : t_Ordering'0 . cmp_log'0 y z + = o + /\ cmp_log'0 x y = o + -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) +end +module M_creusot_contracts__logic__ord__qyi13757098721041279861__refl__refines [#"../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - type t_Cap'0 = - { t_Cap__0'0: usize } + use prelude.prelude.UInt128 - type t_A'0 + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - type t_RawVec'0 = - { t_RawVec__ptr'0: t_Unique'0; t_RawVec__cap'0: t_Cap'0; t_RawVec__alloc'0: t_A'0 } + use prelude.prelude.Int - type t_Vec'0 = - { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: usize } + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint128) (o : uint128) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - predicate resolve'1 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : usize) = - true + goal refines : [%#sord0] forall x : uint128 . forall result : () . cmp_log'0 x x = C_Equal'0 + -> cmp_log'0 x x = C_Equal'0 +end +module M_creusot_contracts__logic__ord__qyi13757098721041279861__cmp_ge_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - predicate resolve'2 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_RawVec'0) = - true - - predicate structural_resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 27 0 27 51] (_1 : t_Vec'0) = - match _1 with - | {t_Vec__buf'0 = x0 ; t_Vec__len'0 = x1} -> resolve'1 x1 /\ resolve'2 x0 - end - - use seq.Seq + use prelude.prelude.UInt128 - constant v_MAX'0 : usize = (18446744073709551615 : usize) + use prelude.prelude.Int - use prelude.prelude.UIntSize + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - use prelude.prelude.Int + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint128) (o : uint128) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - type t_T'0 + goal refines : [%#sord0] forall x : uint128 . forall y : uint128 . forall result : () . (x >= y) + = (cmp_log'0 x y <> C_Less'0) -> (x >= y) = (cmp_log'0 x y <> C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi13757098721041279861__eq_cmp__refines [#"../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - use seq.Seq + use prelude.prelude.UInt128 - function view'0 [#"../../../creusot-contracts/src/std/vec.rs" 19 4 19 27] (self : t_Vec'0) : Seq.seq t_T'0 + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - axiom view'0_spec : forall self : t_Vec'0 . [%#svec2] Seq.length (view'0 self) <= UIntSize.to_int (v_MAX'0 : usize) + use prelude.prelude.Int - use seq.Seq + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint128) (o : uint128) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) + goal refines : [%#sord0] forall x : uint128 . forall y : uint128 . forall result : () . (x = y) + = (cmp_log'0 x y = C_Equal'0) -> (x = y) = (cmp_log'0 x y = C_Equal'0) +end +module M_creusot_contracts__logic__ord__qyi13757098721041279861__cmp_gt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - predicate invariant'3 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : t_T'0) = - [%#sboxed7] inv'4 self + use prelude.prelude.UInt128 - predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) + use prelude.prelude.Int - axiom inv_axiom'3 [@rewrite] : forall x : t_T'0 [inv'3 x] . inv'3 x = invariant'3 x + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate invariant'2 [#"../../../creusot-contracts/src/logic/seq.rs" 622 4 622 30] (self : Seq.seq t_T'0) = - [%#sseq6] forall i : int . 0 <= i /\ i < Seq.length self -> inv'3 (Seq.get self i) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint128) (o : uint128) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t_T'0) + goal refines : [%#sord0] forall x : uint128 . forall y : uint128 . forall result : () . (x > y) + = (cmp_log'0 x y = C_Greater'0) -> (x > y) = (cmp_log'0 x y = C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi13757098721041279861__cmp_lt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - axiom inv_axiom'2 [@rewrite] : forall x : Seq.seq t_T'0 [inv'2 x] . inv'2 x = invariant'2 x + use prelude.prelude.UInt128 - predicate invariant'1 [#"../../../creusot-contracts/src/std/vec.rs" 64 4 64 30] (self : t_Vec'0) = - [%#svec5] inv'2 (view'0 self) + use prelude.prelude.Int - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Vec'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - axiom inv_axiom'1 [@rewrite] : forall x : t_Vec'0 [inv'1 x] . inv'1 x = invariant'1 x + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint128) (o : uint128) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - predicate invariant'0 [#"../../../creusot-contracts/src/invariant.rs" 23 4 23 30] (self : t_Vec'0) = - [%#sinvariant4] inv'1 self + goal refines : [%#sord0] forall x : uint128 . forall y : uint128 . forall result : () . (x < y) + = (cmp_log'0 x y = C_Less'0) -> (x < y) = (cmp_log'0 x y = C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi8186105652185060096__antisym1__refines [#"../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Vec'0) + use prelude.prelude.UIntSize - axiom inv_axiom'0 [@rewrite] : forall x : t_Vec'0 [inv'0 x] . inv'0 x = invariant'0 x + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - use seq.Seq + use prelude.prelude.Int - function index_logic'0 [@inline:trivial] [#"../../../creusot-contracts/src/logic/ops/index.rs" 26 4 26 47] (self : t_Vec'0) (ix : int) : t_T'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : usize) (o : usize) : t_Ordering'0 = - [%#sindex3] Seq.get (view'0 self) ix + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - predicate resolve'3 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_T'0) + goal refines : [%#sord0] forall x : usize . forall y : usize . cmp_log'0 x y = C_Less'0 + -> cmp_log'0 x y = C_Less'0 /\ (forall result : () . cmp_log'0 y x = C_Greater'0 -> cmp_log'0 y x = C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi8186105652185060096__cmp_ge_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - predicate resolve'0 [#"../../../creusot-contracts/src/std/vec.rs" 48 4 48 28] (self : t_Vec'0) = - [%#svec1] forall i : int . 0 <= i /\ i < Seq.length (view'0 self) -> resolve'3 (index_logic'0 self i) + use prelude.prelude.UIntSize - goal refines : [%#svec0] forall self : t_Vec'0 . structural_resolve'0 self /\ inv'0 self - -> structural_resolve'0 self /\ (forall result : () . resolve'0 self -> resolve'0 self) -end -module M_creusot_contracts__stdqy35z1__vec__qyi8594830193745006303__resolve_coherence__refines [#"../../../creusot-contracts/src/std/vec.rs" 250 4 250 31] (* as resolve::Resolve> *) - let%span svec0 = "../../../creusot-contracts/src/std/vec.rs" 250 4 250 31 - let%span svec1 = "../../../creusot-contracts/src/std/vec.rs" 243 20 243 83 - let%span sinvariant2 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 + use prelude.prelude.Int - use prelude.prelude.Borrow + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - use prelude.prelude.Opaque + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : usize) (o : usize) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - type t_NonNull'0 = - { t_NonNull__pointer'0: opaque_ptr } + goal refines : [%#sord0] forall x : usize . forall y : usize . forall result : () . (x >= y) + = (cmp_log'0 x y <> C_Less'0) -> (x >= y) = (cmp_log'0 x y <> C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi8186105652185060096__cmp_le_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 use prelude.prelude.UIntSize - type t_A'0 - - type t_ManuallyDrop'0 = - { t_ManuallyDrop__value'0: t_A'0 } + use prelude.prelude.Int - type t_IntoIter'0 = - { t_IntoIter__buf'0: t_NonNull'0; - t_IntoIter__phantom'0: (); - t_IntoIter__cap'0: usize; - t_IntoIter__alloc'0: t_ManuallyDrop'0; - t_IntoIter__ptr'0: t_NonNull'0; - t_IntoIter__end'0: opaque_ptr } + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate resolve'1 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : opaque_ptr) = - true + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : usize) (o : usize) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - predicate resolve'2 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_NonNull'0) = - true + goal refines : [%#sord0] forall x : usize . forall y : usize . forall result : () . (x <= y) + = (cmp_log'0 x y <> C_Greater'0) -> (x <= y) = (cmp_log'0 x y <> C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi8186105652185060096__cmp_lt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - predicate resolve'3 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_ManuallyDrop'0) = - true + use prelude.prelude.UIntSize - predicate resolve'4 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : usize) = - true + use prelude.prelude.Int - predicate resolve'5 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : ()) = - true + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate structural_resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 27 0 27 51] (_1 : t_IntoIter'0) = - match _1 with - | {t_IntoIter__buf'0 = x0 ; t_IntoIter__phantom'0 = x1 ; t_IntoIter__cap'0 = x2 ; t_IntoIter__alloc'0 = x3 ; t_IntoIter__ptr'0 = x4 ; t_IntoIter__end'0 = x5} -> resolve'1 x5 - /\ resolve'2 x4 /\ resolve'3 x3 /\ resolve'4 x2 /\ resolve'5 x1 /\ resolve'2 x0 - end + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : usize) (o : usize) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_A'0) + goal refines : [%#sord0] forall x : usize . forall y : usize . forall result : () . (x < y) + = (cmp_log'0 x y = C_Less'0) -> (x < y) = (cmp_log'0 x y = C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi8186105652185060096__cmp_gt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_ManuallyDrop'0) + use prelude.prelude.UIntSize - axiom inv_axiom'2 [@rewrite] : forall x : t_ManuallyDrop'0 [inv'2 x] . inv'2 x - = match x with - | {t_ManuallyDrop__value'0 = value} -> inv'3 value - end + use prelude.prelude.Int - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_IntoIter'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - axiom inv_axiom'1 [@rewrite] : forall x : t_IntoIter'0 [inv'1 x] . inv'1 x - = match x with - | {t_IntoIter__buf'0 = buf ; t_IntoIter__phantom'0 = phantom ; t_IntoIter__cap'0 = cap ; t_IntoIter__alloc'0 = alloc ; t_IntoIter__ptr'0 = ptr ; t_IntoIter__end'0 = end'} -> inv'2 alloc - end + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : usize) (o : usize) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - predicate invariant'0 [#"../../../creusot-contracts/src/invariant.rs" 23 4 23 30] (self : t_IntoIter'0) = - [%#sinvariant2] inv'1 self + goal refines : [%#sord0] forall x : usize . forall y : usize . forall result : () . (x > y) + = (cmp_log'0 x y = C_Greater'0) -> (x > y) = (cmp_log'0 x y = C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi8186105652185060096__trans__refines [#"../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_IntoIter'0) + use prelude.prelude.UIntSize - axiom inv_axiom'0 [@rewrite] : forall x : t_IntoIter'0 [inv'0 x] . inv'0 x = invariant'0 x + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 use prelude.prelude.Int - type t_T'0 - - use seq.Seq + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : usize) (o : usize) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - function view'0 [#"../../../creusot-contracts/src/std/vec.rs" 234 4 234 33] (self : t_IntoIter'0) : Seq.seq t_T'0 + goal refines : [%#sord0] forall x : usize . forall y : usize . forall z : usize . forall o : t_Ordering'0 . cmp_log'0 y z + = o + /\ cmp_log'0 x y = o + -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) +end +module M_creusot_contracts__logic__ord__qyi8186105652185060096__eq_cmp__refines [#"../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - use seq.Seq + use prelude.prelude.UIntSize - use seq.Seq + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate resolve'6 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_T'0) + use prelude.prelude.Int - predicate resolve'0 [#"../../../creusot-contracts/src/std/vec.rs" 242 4 242 28] (self : t_IntoIter'0) = - [%#svec1] forall i : int . 0 <= i /\ i < Seq.length (view'0 self) -> resolve'6 (Seq.get (view'0 self) i) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : usize) (o : usize) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#svec0] forall self : t_IntoIter'0 . structural_resolve'0 self /\ inv'0 self - -> structural_resolve'0 self /\ (forall result : () . resolve'0 self -> resolve'0 self) + goal refines : [%#sord0] forall x : usize . forall y : usize . forall result : () . (x = y) + = (cmp_log'0 x y = C_Equal'0) -> (x = y) = (cmp_log'0 x y = C_Equal'0) end -module M_creusot_contracts__ghost__qyi2241556416362616690__resolve_coherence__refines [#"../../../creusot-contracts/src/ghost.rs" 117 4 117 31] (* as resolve::Resolve> *) - let%span sghost0 = "../../../creusot-contracts/src/ghost.rs" 117 4 117 31 - let%span sghost1 = "../../../creusot-contracts/src/ghost.rs" 110 8 110 24 - let%span sresolve2 = "../../../creusot-contracts/src/resolve.rs" 68 8 68 23 - let%span sinvariant3 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 - let%span sboxed4 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 +module M_creusot_contracts__logic__ord__qyi8186105652185060096__antisym2__refines [#"../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - use prelude.prelude.Borrow + use prelude.prelude.UIntSize - type t_T'0 + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - type t_GhostBox'0 = - { t_GhostBox__0'0: t_T'0 } + use prelude.prelude.Int - predicate resolve'3 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_T'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : usize) (o : usize) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - predicate resolve'2 [#"../../../creusot-contracts/src/resolve.rs" 67 4 67 28] (self : t_T'0) = - [%#sresolve2] resolve'3 self + goal refines : [%#sord0] forall x : usize . forall y : usize . cmp_log'0 x y = C_Greater'0 + -> cmp_log'0 x y = C_Greater'0 /\ (forall result : () . cmp_log'0 y x = C_Less'0 -> cmp_log'0 y x = C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi8186105652185060096__refl__refines [#"../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - predicate resolve'1 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_T'0) = - resolve'2 _1 + use prelude.prelude.UIntSize - predicate structural_resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 27 0 27 51] (_1 : t_GhostBox'0) = - match _1 with - | {t_GhostBox__0'0 = x0} -> resolve'1 x0 - end + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) + use prelude.prelude.Int - predicate invariant'1 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : t_T'0) = - [%#sboxed4] inv'3 self + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : usize) (o : usize) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) + goal refines : [%#sord0] forall x : usize . forall result : () . cmp_log'0 x x = C_Equal'0 + -> cmp_log'0 x x = C_Equal'0 +end +module M_creusot_contracts__logic__ord__qyi18413678402769648790__cmp_lt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - axiom inv_axiom'2 [@rewrite] : forall x : t_T'0 [inv'2 x] . inv'2 x = invariant'1 x + use prelude.prelude.Int8 - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_GhostBox'0) + use prelude.prelude.Int - axiom inv_axiom'1 [@rewrite] : forall x : t_GhostBox'0 [inv'1 x] . inv'1 x - = match x with - | {t_GhostBox__0'0 = a_0} -> inv'2 a_0 - end + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate invariant'0 [#"../../../creusot-contracts/src/invariant.rs" 23 4 23 30] (self : t_GhostBox'0) = - [%#sinvariant3] inv'1 self + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int8) (o : int8) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_GhostBox'0) + goal refines : [%#sord0] forall x : int8 . forall y : int8 . forall result : () . (x < y) = (cmp_log'0 x y = C_Less'0) + -> (x < y) = (cmp_log'0 x y = C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi18413678402769648790__cmp_ge_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - axiom inv_axiom'0 [@rewrite] : forall x : t_GhostBox'0 [inv'0 x] . inv'0 x = invariant'0 x + use prelude.prelude.Int8 - predicate structural_resolve'1 [#"../../../creusot-contracts/src/resolve.rs" 27 0 27 51] (_1 : t_GhostBox'0) = - true + use prelude.prelude.Int - predicate resolve'0 [#"../../../creusot-contracts/src/ghost.rs" 109 4 109 28] (self : t_GhostBox'0) = - [%#sghost1] resolve'1 self.t_GhostBox__0'0 + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - goal refines : [%#sghost0] forall self : t_GhostBox'0 . structural_resolve'0 self /\ inv'0 self - -> structural_resolve'1 self /\ (forall result : () . resolve'0 self -> resolve'0 self) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int8) (o : int8) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + + goal refines : [%#sord0] forall x : int8 . forall y : int8 . forall result : () . (x >= y) + = (cmp_log'0 x y <> C_Less'0) -> (x >= y) = (cmp_log'0 x y <> C_Less'0) end -module M_creusot_contracts__resolve__qyi4855891653524509355__resolve_coherence__refines [#"../../../creusot-contracts/src/resolve.rs" 47 4 47 31] (* <(T1, T2) as resolve::Resolve> *) - let%span sresolve0 = "../../../creusot-contracts/src/resolve.rs" 47 4 47 31 - let%span sresolve1 = "../../../creusot-contracts/src/resolve.rs" 40 8 40 44 - let%span sinvariant2 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 +module M_creusot_contracts__logic__ord__qyi18413678402769648790__trans__refines [#"../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - use prelude.prelude.Borrow + use prelude.prelude.Int8 - type t_T1'0 + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - type t_T2'0 + use prelude.prelude.Int - predicate resolve'1 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_T2'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int8) (o : int8) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - predicate resolve'2 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_T1'0) + goal refines : [%#sord0] forall x : int8 . forall y : int8 . forall z : int8 . forall o : t_Ordering'0 . cmp_log'0 y z + = o + /\ cmp_log'0 x y = o + -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) +end +module M_creusot_contracts__logic__ord__qyi18413678402769648790__refl__refines [#"../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - predicate structural_resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 27 0 27 51] (_1 : (t_T1'0, t_T2'0)) = - match _1 with - | (x0, x1) -> resolve'1 x1 /\ resolve'2 x0 - end + use prelude.prelude.Int8 - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T1'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T2'0) + use prelude.prelude.Int - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : (t_T1'0, t_T2'0)) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int8) (o : int8) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - axiom inv_axiom'1 [@rewrite] : forall x : (t_T1'0, t_T2'0) [inv'1 x] . inv'1 x - = (let (x0, x1) = x in inv'2 x0 /\ inv'3 x1) + goal refines : [%#sord0] forall x : int8 . forall result : () . cmp_log'0 x x = C_Equal'0 + -> cmp_log'0 x x = C_Equal'0 +end +module M_creusot_contracts__logic__ord__qyi18413678402769648790__antisym1__refines [#"../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - predicate invariant'0 [#"../../../creusot-contracts/src/invariant.rs" 23 4 23 30] (self : (t_T1'0, t_T2'0)) = - [%#sinvariant2] inv'1 self + use prelude.prelude.Int8 - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : (t_T1'0, t_T2'0)) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - axiom inv_axiom'0 [@rewrite] : forall x : (t_T1'0, t_T2'0) [inv'0 x] . inv'0 x = invariant'0 x + use prelude.prelude.Int - predicate resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 39 4 39 28] (self : (t_T1'0, t_T2'0)) = - [%#sresolve1] resolve'2 (let (a, _) = self in a) /\ resolve'1 (let (_, a) = self in a) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int8) (o : int8) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sresolve0] forall self : (t_T1'0, t_T2'0) . structural_resolve'0 self /\ inv'0 self - -> structural_resolve'0 self /\ (forall result : () . resolve'0 self -> resolve'0 self) + goal refines : [%#sord0] forall x : int8 . forall y : int8 . cmp_log'0 x y = C_Less'0 + -> cmp_log'0 x y = C_Less'0 /\ (forall result : () . cmp_log'0 y x = C_Greater'0 -> cmp_log'0 y x = C_Greater'0) end -module M_creusot_contracts__resolve__qyi6740873903368268328__resolve_coherence__refines [#"../../../creusot-contracts/src/resolve.rs" 61 4 61 31] (* <&mut T as resolve::Resolve> *) - let%span sresolve0 = "../../../creusot-contracts/src/resolve.rs" 61 4 61 31 - let%span sresolve1 = "../../../creusot-contracts/src/resolve.rs" 54 20 54 34 - let%span sinvariant2 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 - let%span sinvariant3 = "../../../creusot-contracts/src/invariant.rs" 34 20 34 44 +module M_creusot_contracts__logic__ord__qyi18413678402769648790__cmp_gt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - use prelude.prelude.Borrow + use prelude.prelude.Int8 - type t_T'0 + use prelude.prelude.Int - predicate structural_resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 27 0 27 51] (_1 : borrowed t_T'0) = - _1.final = _1.current + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int8) (o : int8) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - predicate invariant'1 [#"../../../creusot-contracts/src/invariant.rs" 33 4 33 30] (self : borrowed t_T'0) = - [%#sinvariant3] inv'2 self.current /\ inv'2 self.final + goal refines : [%#sord0] forall x : int8 . forall y : int8 . forall result : () . (x > y) + = (cmp_log'0 x y = C_Greater'0) -> (x > y) = (cmp_log'0 x y = C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi18413678402769648790__eq_cmp__refines [#"../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : borrowed t_T'0) + use prelude.prelude.Int8 - axiom inv_axiom'1 [@rewrite] : forall x : borrowed t_T'0 [inv'1 x] . inv'1 x = invariant'1 x + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate invariant'0 [#"../../../creusot-contracts/src/invariant.rs" 23 4 23 30] (self : borrowed t_T'0) = - [%#sinvariant2] inv'1 self + use prelude.prelude.Int - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : borrowed t_T'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int8) (o : int8) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - axiom inv_axiom'0 [@rewrite] : forall x : borrowed t_T'0 [inv'0 x] . inv'0 x = invariant'0 x + goal refines : [%#sord0] forall x : int8 . forall y : int8 . forall result : () . (x = y) + = (cmp_log'0 x y = C_Equal'0) -> (x = y) = (cmp_log'0 x y = C_Equal'0) +end +module M_creusot_contracts__logic__ord__qyi18413678402769648790__antisym2__refines [#"../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - predicate resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 53 4 53 28] (self : borrowed t_T'0) = - [%#sresolve1] self.final = self.current + use prelude.prelude.Int8 - goal refines : [%#sresolve0] forall self : borrowed t_T'0 . structural_resolve'0 self /\ inv'0 self - -> structural_resolve'0 self /\ (forall result : () . resolve'0 self -> resolve'0 self) -end -module M_creusot_contracts__resolve__qyi10830812895881240411__resolve_coherence__refines [#"../../../creusot-contracts/src/resolve.rs" 75 4 75 31] (* as resolve::Resolve> *) - let%span sresolve0 = "../../../creusot-contracts/src/resolve.rs" 75 4 75 31 - let%span sresolve1 = "../../../creusot-contracts/src/resolve.rs" 68 8 68 23 - let%span sinvariant2 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 - let%span sboxed3 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 - - use prelude.prelude.Borrow - - type t_T'0 - - predicate resolve'1 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_T'0) - - predicate structural_resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 27 0 27 51] (_1 : t_T'0) = - resolve'1 _1 - - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate invariant'1 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : t_T'0) = - [%#sboxed3] inv'2 self + use prelude.prelude.Int - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int8) (o : int8) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - axiom inv_axiom'1 [@rewrite] : forall x : t_T'0 [inv'1 x] . inv'1 x = invariant'1 x + goal refines : [%#sord0] forall x : int8 . forall y : int8 . cmp_log'0 x y = C_Greater'0 + -> cmp_log'0 x y = C_Greater'0 /\ (forall result : () . cmp_log'0 y x = C_Less'0 -> cmp_log'0 y x = C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi18413678402769648790__cmp_le_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - predicate invariant'0 [#"../../../creusot-contracts/src/invariant.rs" 23 4 23 30] (self : t_T'0) = - [%#sinvariant2] inv'1 self + use prelude.prelude.Int8 - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) + use prelude.prelude.Int - axiom inv_axiom'0 [@rewrite] : forall x : t_T'0 [inv'0 x] . inv'0 x = invariant'0 x + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 67 4 67 28] (self : t_T'0) = - [%#sresolve1] resolve'1 self + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int8) (o : int8) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sresolve0] forall self : t_T'0 . structural_resolve'0 self /\ inv'0 self - -> structural_resolve'0 self /\ (forall result : () . resolve'0 self -> resolve'0 self) + goal refines : [%#sord0] forall x : int8 . forall y : int8 . forall result : () . (x <= y) + = (cmp_log'0 x y <> C_Greater'0) -> (x <= y) = (cmp_log'0 x y <> C_Greater'0) end -module M_creusot_contracts__resolve__qyi12875730110607858017__resolve_coherence__refines [#"../../../creusot-contracts/src/resolve.rs" 92 4 92 31] (* as resolve::Resolve> *) - let%span sresolve0 = "../../../creusot-contracts/src/resolve.rs" 92 4 92 31 - let%span sresolve1 = "../../../creusot-contracts/src/resolve.rs" 82 8 85 9 - let%span sinvariant2 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 - - use prelude.prelude.Borrow - - type t_T'0 - - type t_Option'0 = - | C_None'0 - | C_Some'0 t_T'0 +module M_creusot_contracts__logic__ord__qyi8040194823849327911__cmp_ge_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - predicate resolve'1 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_T'0) + use prelude.prelude.Int16 - predicate structural_resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 27 0 27 51] (_1 : t_Option'0) = - match _1 with - | C_None'0 -> true - | C_Some'0 x0 -> resolve'1 x0 - end + use prelude.prelude.Int - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Option'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int16) (o : int16) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - axiom inv_axiom'1 [@rewrite] : forall x : t_Option'0 [inv'1 x] . inv'1 x - = match x with - | C_None'0 -> true - | C_Some'0 a_0 -> inv'2 a_0 - end + goal refines : [%#sord0] forall x : int16 . forall y : int16 . forall result : () . (x >= y) + = (cmp_log'0 x y <> C_Less'0) -> (x >= y) = (cmp_log'0 x y <> C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi8040194823849327911__trans__refines [#"../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - predicate invariant'0 [#"../../../creusot-contracts/src/invariant.rs" 23 4 23 30] (self : t_Option'0) = - [%#sinvariant2] inv'1 self + use prelude.prelude.Int16 - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Option'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - axiom inv_axiom'0 [@rewrite] : forall x : t_Option'0 [inv'0 x] . inv'0 x = invariant'0 x + use prelude.prelude.Int - predicate resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 81 4 81 28] (self : t_Option'0) = - [%#sresolve1] match self with - | C_Some'0 x -> resolve'1 x - | C_None'0 -> true - end + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int16) (o : int16) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sresolve0] forall self : t_Option'0 . structural_resolve'0 self /\ inv'0 self - -> structural_resolve'0 self /\ (forall result : () . resolve'0 self -> resolve'0 self) + goal refines : [%#sord0] forall x : int16 . forall y : int16 . forall z : int16 . forall o : t_Ordering'0 . cmp_log'0 y z + = o + /\ cmp_log'0 x y = o + -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) end -module M_creusot_contracts__stdqy35z1__deque__qyi3159098507555769709__produces_refl__refines [#"../../../creusot-contracts/src/std/deque.rs" 178 4 178 26] (* as std::iter::Iterator> *) - let%span sdeque0 = "../../../creusot-contracts/src/std/deque.rs" 178 4 178 26 - let%span sdeque1 = "../../../creusot-contracts/src/std/deque.rs" 171 12 171 66 - let%span sslice2 = "../../../creusot-contracts/src/std/slice.rs" 96 14 96 41 - let%span sslice3 = "../../../creusot-contracts/src/std/slice.rs" 97 14 97 80 - let%span smodel4 = "../../../creusot-contracts/src/model.rs" 92 8 92 22 - let%span sindex5 = "../../../creusot-contracts/src/logic/ops/index.rs" 49 8 49 31 - let%span sslice6 = "../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 - let%span sslice7 = "../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 +module M_creusot_contracts__logic__ord__qyi8040194823849327911__cmp_le_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - use prelude.prelude.Opaque + use prelude.prelude.Int16 - type t_NonNull'0 = - { t_NonNull__pointer'0: opaque_ptr } + use prelude.prelude.Int - type t_Iter'1 = - { t_Iter__ptr'0: t_NonNull'0; t_Iter__end_or_len'0: opaque_ptr; t_Iter__qy95zmarker'0: () } + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - type t_Iter'0 = - { t_Iter__i1'0: t_Iter'1; t_Iter__i2'0: t_Iter'1 } + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int16) (o : int16) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - use seq.Seq + goal refines : [%#sord0] forall x : int16 . forall y : int16 . forall result : () . (x <= y) + = (cmp_log'0 x y <> C_Greater'0) -> (x <= y) = (cmp_log'0 x y <> C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi8040194823849327911__refl__refines [#"../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - use prelude.prelude.Borrow + use prelude.prelude.Int16 - type t_T'0 + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - use seq.Seq + use prelude.prelude.Int - use prelude.prelude.Slice + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int16) (o : int16) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - function view'0 [#"../../../creusot-contracts/src/std/deque.rs" 155 4 155 33] (self : t_Iter'0) : slice t_T'0 + goal refines : [%#sord0] forall x : int16 . forall result : () . cmp_log'0 x x = C_Equal'0 + -> cmp_log'0 x x = C_Equal'0 +end +module M_creusot_contracts__logic__ord__qyi8040194823849327911__eq_cmp__refines [#"../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - use seq.Seq + use prelude.prelude.Int16 - use seq.Seq + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - use seq.Seq + use prelude.prelude.Int - use prelude.prelude.UIntSize + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int16) (o : int16) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - constant v_MAX'0 : usize = (18446744073709551615 : usize) + goal refines : [%#sord0] forall x : int16 . forall y : int16 . forall result : () . (x = y) + = (cmp_log'0 x y = C_Equal'0) -> (x = y) = (cmp_log'0 x y = C_Equal'0) +end +module M_creusot_contracts__logic__ord__qyi8040194823849327911__cmp_lt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - use prelude.prelude.UIntSize + use prelude.prelude.Int16 use prelude.prelude.Int - use prelude.prelude.Slice + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function view'2 [#"../../../creusot-contracts/src/std/slice.rs" 30 4 30 33] (self : slice t_T'0) : Seq.seq t_T'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int16) (o : int16) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - axiom view'2_spec : forall self : slice t_T'0 . ([%#sslice6] Seq.length (view'2 self) - <= UIntSize.to_int (v_MAX'0 : usize)) - && ([%#sslice7] view'2 self = Slice.id self) + goal refines : [%#sord0] forall x : int16 . forall y : int16 . forall result : () . (x < y) + = (cmp_log'0 x y = C_Less'0) -> (x < y) = (cmp_log'0 x y = C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi8040194823849327911__antisym2__refines [#"../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - function view'1 [#"../../../creusot-contracts/src/model.rs" 91 4 91 33] (self : slice t_T'0) : Seq.seq t_T'0 = - [%#smodel4] view'2 self + use prelude.prelude.Int16 - use seq.Seq + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - use seq.Seq + use prelude.prelude.Int - function index_logic'0 [@inline:trivial] [#"../../../creusot-contracts/src/logic/ops/index.rs" 48 4 48 47] (self : slice t_T'0) (ix : int) : t_T'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int16) (o : int16) : t_Ordering'0 = - [%#sindex5] Seq.get (view'2 self) ix + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - function to_ref_seq'0 [#"../../../creusot-contracts/src/std/slice.rs" 98 4 98 35] (self : slice t_T'0) : Seq.seq t_T'0 + goal refines : [%#sord0] forall x : int16 . forall y : int16 . cmp_log'0 x y = C_Greater'0 + -> cmp_log'0 x y = C_Greater'0 /\ (forall result : () . cmp_log'0 y x = C_Less'0 -> cmp_log'0 y x = C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi8040194823849327911__cmp_gt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - axiom to_ref_seq'0_spec : forall self : slice t_T'0 . ([%#sslice2] Seq.length (to_ref_seq'0 self) - = Seq.length (view'1 self)) - && ([%#sslice3] forall i : int . 0 <= i /\ i < Seq.length (to_ref_seq'0 self) - -> Seq.get (to_ref_seq'0 self) i = index_logic'0 self i) + use prelude.prelude.Int16 - use seq.Seq + use prelude.prelude.Int - predicate produces'0 [#"../../../creusot-contracts/src/std/deque.rs" 169 4 169 65] (self : t_Iter'0) (visited : Seq.seq t_T'0) (tl : t_Iter'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 + + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int16) (o : int16) : t_Ordering'0 = - [%#sdeque1] to_ref_seq'0 (view'0 self) = Seq.(++) visited (to_ref_seq'0 (view'0 tl)) + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sdeque0] forall self : t_Iter'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_T'0) self - -> produces'0 self (Seq.empty : Seq.seq t_T'0) self + goal refines : [%#sord0] forall x : int16 . forall y : int16 . forall result : () . (x > y) + = (cmp_log'0 x y = C_Greater'0) -> (x > y) = (cmp_log'0 x y = C_Greater'0) end -module M_creusot_contracts__stdqy35z1__deque__qyi3159098507555769709__produces_trans__refines [#"../../../creusot-contracts/src/std/deque.rs" 185 4 185 90] (* as std::iter::Iterator> *) - let%span sdeque0 = "../../../creusot-contracts/src/std/deque.rs" 185 4 185 90 - let%span sdeque1 = "../../../creusot-contracts/src/std/deque.rs" 171 12 171 66 - let%span sslice2 = "../../../creusot-contracts/src/std/slice.rs" 96 14 96 41 - let%span sslice3 = "../../../creusot-contracts/src/std/slice.rs" 97 14 97 80 - let%span smodel4 = "../../../creusot-contracts/src/model.rs" 92 8 92 22 - let%span sindex5 = "../../../creusot-contracts/src/logic/ops/index.rs" 49 8 49 31 - let%span sslice6 = "../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 - let%span sslice7 = "../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 - - use prelude.prelude.Opaque - - type t_NonNull'0 = - { t_NonNull__pointer'0: opaque_ptr } - - type t_Iter'1 = - { t_Iter__ptr'0: t_NonNull'0; t_Iter__end_or_len'0: opaque_ptr; t_Iter__qy95zmarker'0: () } +module M_creusot_contracts__logic__ord__qyi8040194823849327911__antisym1__refines [#"../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - type t_Iter'0 = - { t_Iter__i1'0: t_Iter'1; t_Iter__i2'0: t_Iter'1 } + use prelude.prelude.Int16 - use prelude.prelude.Borrow + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - type t_T'0 + use prelude.prelude.Int - use seq.Seq + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int16) (o : int16) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - use prelude.prelude.Slice + goal refines : [%#sord0] forall x : int16 . forall y : int16 . cmp_log'0 x y = C_Less'0 + -> cmp_log'0 x y = C_Less'0 /\ (forall result : () . cmp_log'0 y x = C_Greater'0 -> cmp_log'0 y x = C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi211457485035727011__cmp_le_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - function view'0 [#"../../../creusot-contracts/src/std/deque.rs" 155 4 155 33] (self : t_Iter'0) : slice t_T'0 + use prelude.prelude.Int32 - use seq.Seq + use prelude.prelude.Int - use seq.Seq + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - use seq.Seq + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int32) (o : int32) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - use prelude.prelude.UIntSize + goal refines : [%#sord0] forall x : int32 . forall y : int32 . forall result : () . (x <= y) + = (cmp_log'0 x y <> C_Greater'0) -> (x <= y) = (cmp_log'0 x y <> C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi211457485035727011__trans__refines [#"../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - constant v_MAX'0 : usize = (18446744073709551615 : usize) + use prelude.prelude.Int32 - use prelude.prelude.UIntSize + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 use prelude.prelude.Int - use prelude.prelude.Slice - - function view'2 [#"../../../creusot-contracts/src/std/slice.rs" 30 4 30 33] (self : slice t_T'0) : Seq.seq t_T'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int32) (o : int32) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - axiom view'2_spec : forall self : slice t_T'0 . ([%#sslice6] Seq.length (view'2 self) - <= UIntSize.to_int (v_MAX'0 : usize)) - && ([%#sslice7] view'2 self = Slice.id self) + goal refines : [%#sord0] forall x : int32 . forall y : int32 . forall z : int32 . forall o : t_Ordering'0 . cmp_log'0 y z + = o + /\ cmp_log'0 x y = o + -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) +end +module M_creusot_contracts__logic__ord__qyi211457485035727011__cmp_gt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - function view'1 [#"../../../creusot-contracts/src/model.rs" 91 4 91 33] (self : slice t_T'0) : Seq.seq t_T'0 = - [%#smodel4] view'2 self + use prelude.prelude.Int32 - use seq.Seq + use prelude.prelude.Int - use seq.Seq + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function index_logic'0 [@inline:trivial] [#"../../../creusot-contracts/src/logic/ops/index.rs" 48 4 48 47] (self : slice t_T'0) (ix : int) : t_T'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int32) (o : int32) : t_Ordering'0 = - [%#sindex5] Seq.get (view'2 self) ix + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - function to_ref_seq'0 [#"../../../creusot-contracts/src/std/slice.rs" 98 4 98 35] (self : slice t_T'0) : Seq.seq t_T'0 + goal refines : [%#sord0] forall x : int32 . forall y : int32 . forall result : () . (x > y) + = (cmp_log'0 x y = C_Greater'0) -> (x > y) = (cmp_log'0 x y = C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi211457485035727011__cmp_lt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - axiom to_ref_seq'0_spec : forall self : slice t_T'0 . ([%#sslice2] Seq.length (to_ref_seq'0 self) - = Seq.length (view'1 self)) - && ([%#sslice3] forall i : int . 0 <= i /\ i < Seq.length (to_ref_seq'0 self) - -> Seq.get (to_ref_seq'0 self) i = index_logic'0 self i) + use prelude.prelude.Int32 - use seq.Seq + use prelude.prelude.Int - predicate produces'0 [#"../../../creusot-contracts/src/std/deque.rs" 169 4 169 65] (self : t_Iter'0) (visited : Seq.seq t_T'0) (tl : t_Iter'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 + + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int32) (o : int32) : t_Ordering'0 = - [%#sdeque1] to_ref_seq'0 (view'0 self) = Seq.(++) visited (to_ref_seq'0 (view'0 tl)) + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sdeque0] forall a : t_Iter'0 . forall ab : Seq.seq t_T'0 . forall b : t_Iter'0 . forall bc : Seq.seq t_T'0 . forall c : t_Iter'0 . produces'0 b bc c - /\ produces'0 a ab b - -> produces'0 b bc c - /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) + goal refines : [%#sord0] forall x : int32 . forall y : int32 . forall result : () . (x < y) + = (cmp_log'0 x y = C_Less'0) -> (x < y) = (cmp_log'0 x y = C_Less'0) end -module M_creusot_contracts__stdqy35z1__iter__cloned__qyi10472681371035856984__produces_trans__refines [#"../../../creusot-contracts/src/std/iter/cloned.rs" 65 4 65 90] (* as std::iter::Iterator> *) - let%span scloned0 = "../../../creusot-contracts/src/std/iter/cloned.rs" 65 4 65 90 - let%span scloned1 = "../../../creusot-contracts/src/std/iter/cloned.rs" 48 12 51 79 - let%span scloned2 = "../../../creusot-contracts/src/std/iter/cloned.rs" 11 14 11 39 - let%span siter3 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 - let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 - let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 - let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 +module M_creusot_contracts__logic__ord__qyi211457485035727011__cmp_ge_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - type t_I'0 + use prelude.prelude.Int32 - type t_Cloned'0 = - { t_Cloned__it'0: t_I'0 } + use prelude.prelude.Int - type t_T'0 + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - use seq.Seq + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int32) (o : int32) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - use prelude.prelude.Borrow + goal refines : [%#sord0] forall x : int32 . forall y : int32 . forall result : () . (x >= y) + = (cmp_log'0 x y <> C_Less'0) -> (x >= y) = (cmp_log'0 x y <> C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi211457485035727011__antisym1__refines [#"../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - use seq.Seq + use prelude.prelude.Int32 - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Cloned'0) + use prelude.prelude.Int - axiom inv_axiom'0 [@rewrite] : forall x : t_Cloned'0 [inv'0 x] . inv'0 x - = match x with - | {t_Cloned__it'0 = it} -> inv'1 it - end + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int32) (o : int32) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - function iter'0 [#"../../../creusot-contracts/src/std/iter/cloned.rs" 12 4 12 22] (self : t_Cloned'0) : t_I'0 + goal refines : [%#sord0] forall x : int32 . forall y : int32 . cmp_log'0 x y = C_Less'0 + -> cmp_log'0 x y = C_Less'0 /\ (forall result : () . cmp_log'0 y x = C_Greater'0 -> cmp_log'0 y x = C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi211457485035727011__antisym2__refines [#"../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - axiom iter'0_spec : forall self : t_Cloned'0 . [%#scloned2] inv'0 self -> inv'1 (iter'0 self) + use prelude.prelude.Int32 - use seq.Seq + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - use seq.Seq + use prelude.prelude.Int - predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_T'0) (o : t_I'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int32) (o : int32) : t_Ordering'0 + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_T'0) (b : t_I'0) (bc : Seq.seq t_T'0) (c : t_I'0) : () - + goal refines : [%#sord0] forall x : int32 . forall y : int32 . cmp_log'0 x y = C_Greater'0 + -> cmp_log'0 x y = C_Greater'0 /\ (forall result : () . cmp_log'0 y x = C_Less'0 -> cmp_log'0 y x = C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi211457485035727011__refl__refines [#"../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_T'0, b : t_I'0, bc : Seq.seq t_T'0, c : t_I'0 . ([%#siter4] produces'1 a ab b) - -> ([%#siter5] produces'1 b bc c) -> ([%#siter6] produces'1 a (Seq.(++) ab bc) c) + use prelude.prelude.Int32 - function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - axiom produces_refl'0_spec : forall self : t_I'0 . [%#siter3] produces'1 self (Seq.empty : Seq.seq t_T'0) self + use prelude.prelude.Int - use seq.Seq + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int32) (o : int32) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - use seq.Seq + goal refines : [%#sord0] forall x : int32 . forall result : () . cmp_log'0 x x = C_Equal'0 + -> cmp_log'0 x x = C_Equal'0 +end +module M_creusot_contracts__logic__ord__qyi211457485035727011__eq_cmp__refines [#"../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - use prelude.prelude.Int + use prelude.prelude.Int32 - use seq.Seq + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - use seq.Seq + use prelude.prelude.Int - predicate produces'0 [#"../../../creusot-contracts/src/std/iter/cloned.rs" 46 4 46 64] (self : t_Cloned'0) (visited : Seq.seq t_T'0) (o : t_Cloned'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int32) (o : int32) : t_Ordering'0 = - [%#scloned1] exists s : Seq.seq t_T'0 . produces'1 (iter'0 self) s (iter'0 o) - /\ Seq.length visited = Seq.length s - /\ (forall i : int . 0 <= i /\ i < Seq.length s -> Seq.get visited i = Seq.get s i) - - use seq.Seq + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#scloned0] forall a : t_Cloned'0 . forall ab : Seq.seq t_T'0 . forall b : t_Cloned'0 . forall bc : Seq.seq t_T'0 . forall c : t_Cloned'0 . produces'0 b bc c - /\ produces'0 a ab b - -> produces'0 b bc c - /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) + goal refines : [%#sord0] forall x : int32 . forall y : int32 . forall result : () . (x = y) + = (cmp_log'0 x y = C_Equal'0) -> (x = y) = (cmp_log'0 x y = C_Equal'0) end -module M_creusot_contracts__stdqy35z1__iter__cloned__qyi10472681371035856984__produces_refl__refines [#"../../../creusot-contracts/src/std/iter/cloned.rs" 58 4 58 26] (* as std::iter::Iterator> *) - let%span scloned0 = "../../../creusot-contracts/src/std/iter/cloned.rs" 58 4 58 26 - let%span scloned1 = "../../../creusot-contracts/src/std/iter/cloned.rs" 48 12 51 79 - let%span scloned2 = "../../../creusot-contracts/src/std/iter/cloned.rs" 11 14 11 39 - let%span siter3 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 - let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 - let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 - let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 - - type t_I'0 - - type t_Cloned'0 = - { t_Cloned__it'0: t_I'0 } +module M_creusot_contracts__logic__ord__qyi2565746305859701215__refl__refines [#"../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - use seq.Seq + use prelude.prelude.Int64 - type t_T'0 + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - use seq.Seq + use prelude.prelude.Int - use prelude.prelude.Borrow + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int64) (o : int64) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - use seq.Seq + goal refines : [%#sord0] forall x : int64 . forall result : () . cmp_log'0 x x = C_Equal'0 + -> cmp_log'0 x x = C_Equal'0 +end +module M_creusot_contracts__logic__ord__qyi2565746305859701215__cmp_lt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) + use prelude.prelude.Int64 - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Cloned'0) + use prelude.prelude.Int - axiom inv_axiom'0 [@rewrite] : forall x : t_Cloned'0 [inv'0 x] . inv'0 x - = match x with - | {t_Cloned__it'0 = it} -> inv'1 it - end + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function iter'0 [#"../../../creusot-contracts/src/std/iter/cloned.rs" 12 4 12 22] (self : t_Cloned'0) : t_I'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int64) (o : int64) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - axiom iter'0_spec : forall self : t_Cloned'0 . [%#scloned2] inv'0 self -> inv'1 (iter'0 self) + goal refines : [%#sord0] forall x : int64 . forall y : int64 . forall result : () . (x < y) + = (cmp_log'0 x y = C_Less'0) -> (x < y) = (cmp_log'0 x y = C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi2565746305859701215__antisym1__refines [#"../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - use seq.Seq + use prelude.prelude.Int64 - use seq.Seq + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_T'0) (o : t_I'0) - + use prelude.prelude.Int - function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_T'0) (b : t_I'0) (bc : Seq.seq t_T'0) (c : t_I'0) : () + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int64) (o : int64) : t_Ordering'0 + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_T'0, b : t_I'0, bc : Seq.seq t_T'0, c : t_I'0 . ([%#siter4] produces'1 a ab b) - -> ([%#siter5] produces'1 b bc c) -> ([%#siter6] produces'1 a (Seq.(++) ab bc) c) - - function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () - - axiom produces_refl'1_spec : forall self : t_I'0 . [%#siter3] produces'1 self (Seq.empty : Seq.seq t_T'0) self + goal refines : [%#sord0] forall x : int64 . forall y : int64 . cmp_log'0 x y = C_Less'0 + -> cmp_log'0 x y = C_Less'0 /\ (forall result : () . cmp_log'0 y x = C_Greater'0 -> cmp_log'0 y x = C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi2565746305859701215__trans__refines [#"../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - use seq.Seq + use prelude.prelude.Int64 - use seq.Seq + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 use prelude.prelude.Int - use seq.Seq - - use seq.Seq - - predicate produces'0 [#"../../../creusot-contracts/src/std/iter/cloned.rs" 46 4 46 64] (self : t_Cloned'0) (visited : Seq.seq t_T'0) (o : t_Cloned'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int64) (o : int64) : t_Ordering'0 = - [%#scloned1] exists s : Seq.seq t_T'0 . produces'1 (iter'0 self) s (iter'0 o) - /\ Seq.length visited = Seq.length s - /\ (forall i : int . 0 <= i /\ i < Seq.length s -> Seq.get visited i = Seq.get s i) + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#scloned0] forall self : t_Cloned'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_T'0) self - -> produces'0 self (Seq.empty : Seq.seq t_T'0) self + goal refines : [%#sord0] forall x : int64 . forall y : int64 . forall z : int64 . forall o : t_Ordering'0 . cmp_log'0 y z + = o + /\ cmp_log'0 x y = o + -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) end -module M_creusot_contracts__stdqy35z1__iter__copied__qyi18224474876607687026__produces_refl__refines [#"../../../creusot-contracts/src/std/iter/copied.rs" 58 4 58 26] (* as std::iter::Iterator> *) - let%span scopied0 = "../../../creusot-contracts/src/std/iter/copied.rs" 58 4 58 26 - let%span scopied1 = "../../../creusot-contracts/src/std/iter/copied.rs" 48 12 51 79 - let%span scopied2 = "../../../creusot-contracts/src/std/iter/copied.rs" 11 14 11 39 - let%span siter3 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 - let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 - let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 - let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 - - type t_I'0 +module M_creusot_contracts__logic__ord__qyi2565746305859701215__eq_cmp__refines [#"../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - type t_Copied'0 = - { t_Copied__it'0: t_I'0 } + use prelude.prelude.Int64 - use seq.Seq + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - type t_T'0 + use prelude.prelude.Int - use seq.Seq + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int64) (o : int64) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - use prelude.prelude.Borrow + goal refines : [%#sord0] forall x : int64 . forall y : int64 . forall result : () . (x = y) + = (cmp_log'0 x y = C_Equal'0) -> (x = y) = (cmp_log'0 x y = C_Equal'0) +end +module M_creusot_contracts__logic__ord__qyi2565746305859701215__antisym2__refines [#"../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - use seq.Seq + use prelude.prelude.Int64 - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Copied'0) + use prelude.prelude.Int - axiom inv_axiom'0 [@rewrite] : forall x : t_Copied'0 [inv'0 x] . inv'0 x - = match x with - | {t_Copied__it'0 = it} -> inv'1 it - end + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int64) (o : int64) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - function iter'0 [#"../../../creusot-contracts/src/std/iter/copied.rs" 12 4 12 22] (self : t_Copied'0) : t_I'0 + goal refines : [%#sord0] forall x : int64 . forall y : int64 . cmp_log'0 x y = C_Greater'0 + -> cmp_log'0 x y = C_Greater'0 /\ (forall result : () . cmp_log'0 y x = C_Less'0 -> cmp_log'0 y x = C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi2565746305859701215__cmp_gt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - axiom iter'0_spec : forall self : t_Copied'0 . [%#scopied2] inv'0 self -> inv'1 (iter'0 self) + use prelude.prelude.Int64 - use seq.Seq + use prelude.prelude.Int - use seq.Seq + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_T'0) (o : t_I'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int64) (o : int64) : t_Ordering'0 + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_T'0) (b : t_I'0) (bc : Seq.seq t_T'0) (c : t_I'0) : () - + goal refines : [%#sord0] forall x : int64 . forall y : int64 . forall result : () . (x > y) + = (cmp_log'0 x y = C_Greater'0) -> (x > y) = (cmp_log'0 x y = C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi2565746305859701215__cmp_le_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_T'0, b : t_I'0, bc : Seq.seq t_T'0, c : t_I'0 . ([%#siter4] produces'1 a ab b) - -> ([%#siter5] produces'1 b bc c) -> ([%#siter6] produces'1 a (Seq.(++) ab bc) c) + use prelude.prelude.Int64 - function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () + use prelude.prelude.Int - axiom produces_refl'1_spec : forall self : t_I'0 . [%#siter3] produces'1 self (Seq.empty : Seq.seq t_T'0) self + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - use seq.Seq + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int64) (o : int64) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - use seq.Seq + goal refines : [%#sord0] forall x : int64 . forall y : int64 . forall result : () . (x <= y) + = (cmp_log'0 x y <> C_Greater'0) -> (x <= y) = (cmp_log'0 x y <> C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi2565746305859701215__cmp_ge_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - use prelude.prelude.Int + use prelude.prelude.Int64 - use seq.Seq + use prelude.prelude.Int - use seq.Seq + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate produces'0 [#"../../../creusot-contracts/src/std/iter/copied.rs" 46 4 46 64] (self : t_Copied'0) (visited : Seq.seq t_T'0) (o : t_Copied'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int64) (o : int64) : t_Ordering'0 = - [%#scopied1] exists s : Seq.seq t_T'0 . produces'1 (iter'0 self) s (iter'0 o) - /\ Seq.length visited = Seq.length s - /\ (forall i : int . 0 <= i /\ i < Seq.length s -> Seq.get visited i = Seq.get s i) + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#scopied0] forall self : t_Copied'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_T'0) self - -> produces'0 self (Seq.empty : Seq.seq t_T'0) self + goal refines : [%#sord0] forall x : int64 . forall y : int64 . forall result : () . (x >= y) + = (cmp_log'0 x y <> C_Less'0) -> (x >= y) = (cmp_log'0 x y <> C_Less'0) end -module M_creusot_contracts__stdqy35z1__iter__copied__qyi18224474876607687026__produces_trans__refines [#"../../../creusot-contracts/src/std/iter/copied.rs" 65 4 65 90] (* as std::iter::Iterator> *) - let%span scopied0 = "../../../creusot-contracts/src/std/iter/copied.rs" 65 4 65 90 - let%span scopied1 = "../../../creusot-contracts/src/std/iter/copied.rs" 48 12 51 79 - let%span scopied2 = "../../../creusot-contracts/src/std/iter/copied.rs" 11 14 11 39 - let%span siter3 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 - let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 - let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 - let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 +module M_creusot_contracts__logic__ord__qyi2364657485180829964__antisym1__refines [#"../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - type t_I'0 + use prelude.prelude.Int128 - type t_Copied'0 = - { t_Copied__it'0: t_I'0 } + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - type t_T'0 + use prelude.prelude.Int - use seq.Seq - - use prelude.prelude.Borrow + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int128) (o : int128) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - use seq.Seq + goal refines : [%#sord0] forall x : int128 . forall y : int128 . cmp_log'0 x y = C_Less'0 + -> cmp_log'0 x y = C_Less'0 /\ (forall result : () . cmp_log'0 y x = C_Greater'0 -> cmp_log'0 y x = C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi2364657485180829964__eq_cmp__refines [#"../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) + use prelude.prelude.Int128 - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Copied'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - axiom inv_axiom'0 [@rewrite] : forall x : t_Copied'0 [inv'0 x] . inv'0 x - = match x with - | {t_Copied__it'0 = it} -> inv'1 it - end + use prelude.prelude.Int - function iter'0 [#"../../../creusot-contracts/src/std/iter/copied.rs" 12 4 12 22] (self : t_Copied'0) : t_I'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int128) (o : int128) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - axiom iter'0_spec : forall self : t_Copied'0 . [%#scopied2] inv'0 self -> inv'1 (iter'0 self) + goal refines : [%#sord0] forall x : int128 . forall y : int128 . forall result : () . (x = y) + = (cmp_log'0 x y = C_Equal'0) -> (x = y) = (cmp_log'0 x y = C_Equal'0) +end +module M_creusot_contracts__logic__ord__qyi2364657485180829964__antisym2__refines [#"../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - use seq.Seq + use prelude.prelude.Int128 - use seq.Seq + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_T'0) (o : t_I'0) - + use prelude.prelude.Int - function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_T'0) (b : t_I'0) (bc : Seq.seq t_T'0) (c : t_I'0) : () + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int128) (o : int128) : t_Ordering'0 + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_T'0, b : t_I'0, bc : Seq.seq t_T'0, c : t_I'0 . ([%#siter4] produces'1 a ab b) - -> ([%#siter5] produces'1 b bc c) -> ([%#siter6] produces'1 a (Seq.(++) ab bc) c) - - function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () - - axiom produces_refl'0_spec : forall self : t_I'0 . [%#siter3] produces'1 self (Seq.empty : Seq.seq t_T'0) self - - use seq.Seq + goal refines : [%#sord0] forall x : int128 . forall y : int128 . cmp_log'0 x y = C_Greater'0 + -> cmp_log'0 x y = C_Greater'0 /\ (forall result : () . cmp_log'0 y x = C_Less'0 -> cmp_log'0 y x = C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi2364657485180829964__cmp_gt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - use seq.Seq + use prelude.prelude.Int128 use prelude.prelude.Int - use seq.Seq - - use seq.Seq + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate produces'0 [#"../../../creusot-contracts/src/std/iter/copied.rs" 46 4 46 64] (self : t_Copied'0) (visited : Seq.seq t_T'0) (o : t_Copied'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int128) (o : int128) : t_Ordering'0 = - [%#scopied1] exists s : Seq.seq t_T'0 . produces'1 (iter'0 self) s (iter'0 o) - /\ Seq.length visited = Seq.length s - /\ (forall i : int . 0 <= i /\ i < Seq.length s -> Seq.get visited i = Seq.get s i) - - use seq.Seq + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#scopied0] forall a : t_Copied'0 . forall ab : Seq.seq t_T'0 . forall b : t_Copied'0 . forall bc : Seq.seq t_T'0 . forall c : t_Copied'0 . produces'0 b bc c - /\ produces'0 a ab b - -> produces'0 b bc c - /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) + goal refines : [%#sord0] forall x : int128 . forall y : int128 . forall result : () . (x > y) + = (cmp_log'0 x y = C_Greater'0) -> (x > y) = (cmp_log'0 x y = C_Greater'0) end -module M_creusot_contracts__stdqy35z1__iter__empty__qyi10605201058978801838__produces_refl__refines [#"../../../creusot-contracts/src/std/iter/empty.rs" 19 4 19 26] (* as std::iter::Iterator> *) - let%span sempty0 = "../../../creusot-contracts/src/std/iter/empty.rs" 19 4 19 26 - let%span sempty1 = "../../../creusot-contracts/src/std/iter/empty.rs" 13 20 13 54 - - type t_Empty'0 = - { t_Empty__0'0: () } +module M_creusot_contracts__logic__ord__qyi2364657485180829964__refl__refines [#"../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - use seq.Seq + use prelude.prelude.Int128 - type t_T'0 + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - use seq.Seq + use prelude.prelude.Int - predicate produces'0 [#"../../../creusot-contracts/src/std/iter/empty.rs" 12 4 12 64] (self : t_Empty'0) (visited : Seq.seq t_T'0) (o : t_Empty'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int128) (o : int128) : t_Ordering'0 = - [%#sempty1] visited = (Seq.empty : Seq.seq t_T'0) /\ self = o + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sempty0] forall self : t_Empty'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_T'0) self - -> produces'0 self (Seq.empty : Seq.seq t_T'0) self + goal refines : [%#sord0] forall x : int128 . forall result : () . cmp_log'0 x x = C_Equal'0 + -> cmp_log'0 x x = C_Equal'0 end -module M_creusot_contracts__stdqy35z1__iter__empty__qyi10605201058978801838__produces_trans__refines [#"../../../creusot-contracts/src/std/iter/empty.rs" 26 4 26 90] (* as std::iter::Iterator> *) - let%span sempty0 = "../../../creusot-contracts/src/std/iter/empty.rs" 26 4 26 90 - let%span sempty1 = "../../../creusot-contracts/src/std/iter/empty.rs" 13 20 13 54 - - type t_Empty'0 = - { t_Empty__0'0: () } +module M_creusot_contracts__logic__ord__qyi2364657485180829964__cmp_ge_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - type t_T'0 + use prelude.prelude.Int128 - use seq.Seq + use prelude.prelude.Int - use seq.Seq + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate produces'0 [#"../../../creusot-contracts/src/std/iter/empty.rs" 12 4 12 64] (self : t_Empty'0) (visited : Seq.seq t_T'0) (o : t_Empty'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int128) (o : int128) : t_Ordering'0 = - [%#sempty1] visited = (Seq.empty : Seq.seq t_T'0) /\ self = o - - use seq.Seq + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sempty0] forall a : t_Empty'0 . forall ab : Seq.seq t_T'0 . forall b : t_Empty'0 . forall bc : Seq.seq t_T'0 . forall c : t_Empty'0 . produces'0 b bc c - /\ produces'0 a ab b - -> produces'0 b bc c - /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) + goal refines : [%#sord0] forall x : int128 . forall y : int128 . forall result : () . (x >= y) + = (cmp_log'0 x y <> C_Less'0) -> (x >= y) = (cmp_log'0 x y <> C_Less'0) end -module M_creusot_contracts__stdqy35z1__iter__enumerate__qyi2718914205750388896__produces_trans__refines [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 90 4 90 90] (* as std::iter::Iterator> *) - let%span senumerate0 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 90 4 90 90 - let%span senumerate1 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 72 12 76 113 - let%span senumerate2 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 14 14 14 39 - let%span siter3 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 - let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 - let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 - let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 - let%span senumerate7 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 45 12 49 79 +module M_creusot_contracts__logic__ord__qyi2364657485180829964__cmp_lt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - type t_I'0 + use prelude.prelude.Int128 - use prelude.prelude.UIntSize + use prelude.prelude.Int - type t_Enumerate'0 = - { t_Enumerate__iter'0: t_I'0; t_Enumerate__count'0: usize } + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - type t_Item'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int128) (o : int128) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - use seq.Seq + goal refines : [%#sord0] forall x : int128 . forall y : int128 . forall result : () . (x < y) + = (cmp_log'0 x y = C_Less'0) -> (x < y) = (cmp_log'0 x y = C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi2364657485180829964__cmp_le_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - use seq.Seq + use prelude.prelude.Int128 use prelude.prelude.Int - function n'0 [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 21 4 21 21] (self : t_Enumerate'0) : int + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - use seq.Seq + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int128) (o : int128) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - use seq.Seq + goal refines : [%#sord0] forall x : int128 . forall y : int128 . forall result : () . (x <= y) + = (cmp_log'0 x y <> C_Greater'0) -> (x <= y) = (cmp_log'0 x y <> C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi2364657485180829964__trans__refines [#"../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - use seq.Seq + use prelude.prelude.Int128 - predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + use prelude.prelude.Int + + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int128) (o : int128) : t_Ordering'0 + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter4] produces'1 a ab b) - -> ([%#siter5] produces'1 b bc c) -> ([%#siter6] produces'1 a (Seq.(++) ab bc) c) + goal refines : [%#sord0] forall x : int128 . forall y : int128 . forall z : int128 . forall o : t_Ordering'0 . cmp_log'0 y z + = o + /\ cmp_log'0 x y = o + -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) +end +module M_creusot_contracts__logic__ord__qyi8047313880300482848__antisym1__refines [#"../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () + use prelude.prelude.IntSize - axiom produces_refl'0_spec : forall self : t_I'0 . [%#siter3] produces'1 self (Seq.empty : Seq.seq t_Item'0) self + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - use seq.Seq + use prelude.prelude.Int - constant v_MAX'0 : usize = (18446744073709551615 : usize) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : isize) (o : isize) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - use prelude.prelude.UIntSize + goal refines : [%#sord0] forall x : isize . forall y : isize . cmp_log'0 x y = C_Less'0 + -> cmp_log'0 x y = C_Less'0 /\ (forall result : () . cmp_log'0 y x = C_Greater'0 -> cmp_log'0 y x = C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi8047313880300482848__antisym2__refines [#"../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - use prelude.prelude.Borrow + use prelude.prelude.IntSize - predicate completed'0 [#"../../../creusot-contracts/src/std/iter.rs" 35 4 35 36] (self : borrowed t_I'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) + use prelude.prelude.Int - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Enumerate'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : isize) (o : isize) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - function iter'0 [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 15 4 15 22] (self : t_Enumerate'0) : t_I'0 - - axiom iter'0_spec : forall self : t_Enumerate'0 . [%#senumerate2] inv'0 self -> inv'1 (iter'0 self) - - predicate invariant'0 [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 43 4 43 30] (self : t_Enumerate'0) = - [%#senumerate7] (forall s : Seq.seq t_Item'0, i : t_I'0 [produces'1 (iter'0 self) s i] . produces'1 (iter'0 self) s i - -> n'0 self + Seq.length s < UIntSize.to_int v_MAX'0) - /\ (forall i : borrowed t_I'0 . completed'0 i -> produces'1 i.current (Seq.empty : Seq.seq t_Item'0) i.final) + goal refines : [%#sord0] forall x : isize . forall y : isize . cmp_log'0 x y = C_Greater'0 + -> cmp_log'0 x y = C_Greater'0 /\ (forall result : () . cmp_log'0 y x = C_Less'0 -> cmp_log'0 y x = C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi8047313880300482848__cmp_ge_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - axiom inv_axiom'0 [@rewrite] : forall x : t_Enumerate'0 [inv'0 x] . inv'0 x - = (invariant'0 x - /\ match x with - | {t_Enumerate__iter'0 = iter ; t_Enumerate__count'0 = count} -> inv'1 iter - end) + use prelude.prelude.IntSize - use seq.Seq + use prelude.prelude.Int - use seq.Seq + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate produces'0 [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 70 4 70 64] (self : t_Enumerate'0) (visited : Seq.seq (usize, t_Item'0)) (o : t_Enumerate'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : isize) (o : isize) : t_Ordering'0 = - [%#senumerate1] Seq.length visited = n'0 o - n'0 self - /\ (exists s : Seq.seq t_Item'0 . produces'1 (iter'0 self) s (iter'0 o) - /\ Seq.length visited = Seq.length s - /\ (forall i : int . 0 <= i /\ i < Seq.length s - -> UIntSize.to_int (let (a, _) = Seq.get visited i in a) = n'0 self + i - /\ (let (_, a) = Seq.get visited i in a) = Seq.get s i)) - - use seq.Seq + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#senumerate0] forall a : t_Enumerate'0 . forall ab : Seq.seq (usize, t_Item'0) . forall b : t_Enumerate'0 . forall bc : Seq.seq (usize, t_Item'0) . forall c : t_Enumerate'0 . produces'0 b bc c - /\ produces'0 a ab b - -> produces'0 b bc c - /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) + goal refines : [%#sord0] forall x : isize . forall y : isize . forall result : () . (x >= y) + = (cmp_log'0 x y <> C_Less'0) -> (x >= y) = (cmp_log'0 x y <> C_Less'0) end -module M_creusot_contracts__stdqy35z1__iter__enumerate__qyi2718914205750388896__produces_refl__refines [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 83 4 83 26] (* as std::iter::Iterator> *) - let%span senumerate0 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 83 4 83 26 - let%span senumerate1 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 72 12 76 113 - let%span senumerate2 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 14 14 14 39 - let%span siter3 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 - let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 - let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 - let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 - let%span senumerate7 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 45 12 49 79 +module M_creusot_contracts__logic__ord__qyi8047313880300482848__cmp_lt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - type t_I'0 + use prelude.prelude.IntSize - use prelude.prelude.UIntSize + use prelude.prelude.Int - type t_Enumerate'0 = - { t_Enumerate__iter'0: t_I'0; t_Enumerate__count'0: usize } + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - use seq.Seq + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : isize) (o : isize) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - type t_Item'0 + goal refines : [%#sord0] forall x : isize . forall y : isize . forall result : () . (x < y) + = (cmp_log'0 x y = C_Less'0) -> (x < y) = (cmp_log'0 x y = C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi8047313880300482848__trans__refines [#"../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - use seq.Seq + use prelude.prelude.IntSize - use seq.Seq + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 use prelude.prelude.Int - function n'0 [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 21 4 21 21] (self : t_Enumerate'0) : int + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : isize) (o : isize) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - use seq.Seq + goal refines : [%#sord0] forall x : isize . forall y : isize . forall z : isize . forall o : t_Ordering'0 . cmp_log'0 y z + = o + /\ cmp_log'0 x y = o + -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) +end +module M_creusot_contracts__logic__ord__qyi8047313880300482848__eq_cmp__refines [#"../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - use seq.Seq + use prelude.prelude.IntSize - use seq.Seq + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - + use prelude.prelude.Int - function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : isize) (o : isize) : t_Ordering'0 + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter4] produces'1 a ab b) - -> ([%#siter5] produces'1 b bc c) -> ([%#siter6] produces'1 a (Seq.(++) ab bc) c) - - function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () - - axiom produces_refl'1_spec : forall self : t_I'0 . [%#siter3] produces'1 self (Seq.empty : Seq.seq t_Item'0) self + goal refines : [%#sord0] forall x : isize . forall y : isize . forall result : () . (x = y) + = (cmp_log'0 x y = C_Equal'0) -> (x = y) = (cmp_log'0 x y = C_Equal'0) +end +module M_creusot_contracts__logic__ord__qyi8047313880300482848__refl__refines [#"../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - use seq.Seq + use prelude.prelude.IntSize - constant v_MAX'0 : usize = (18446744073709551615 : usize) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - use prelude.prelude.UIntSize + use prelude.prelude.Int - use prelude.prelude.Borrow + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : isize) (o : isize) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - predicate completed'0 [#"../../../creusot-contracts/src/std/iter.rs" 35 4 35 36] (self : borrowed t_I'0) + goal refines : [%#sord0] forall x : isize . forall result : () . cmp_log'0 x x = C_Equal'0 + -> cmp_log'0 x x = C_Equal'0 +end +module M_creusot_contracts__logic__ord__qyi8047313880300482848__cmp_gt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) + use prelude.prelude.IntSize - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Enumerate'0) + use prelude.prelude.Int - function iter'0 [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 15 4 15 22] (self : t_Enumerate'0) : t_I'0 + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - axiom iter'0_spec : forall self : t_Enumerate'0 . [%#senumerate2] inv'0 self -> inv'1 (iter'0 self) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : isize) (o : isize) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - predicate invariant'0 [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 43 4 43 30] (self : t_Enumerate'0) = - [%#senumerate7] (forall s : Seq.seq t_Item'0, i : t_I'0 [produces'1 (iter'0 self) s i] . produces'1 (iter'0 self) s i - -> n'0 self + Seq.length s < UIntSize.to_int v_MAX'0) - /\ (forall i : borrowed t_I'0 . completed'0 i -> produces'1 i.current (Seq.empty : Seq.seq t_Item'0) i.final) + goal refines : [%#sord0] forall x : isize . forall y : isize . forall result : () . (x > y) + = (cmp_log'0 x y = C_Greater'0) -> (x > y) = (cmp_log'0 x y = C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi8047313880300482848__cmp_le_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - axiom inv_axiom'0 [@rewrite] : forall x : t_Enumerate'0 [inv'0 x] . inv'0 x - = (invariant'0 x - /\ match x with - | {t_Enumerate__iter'0 = iter ; t_Enumerate__count'0 = count} -> inv'1 iter - end) + use prelude.prelude.IntSize - use seq.Seq + use prelude.prelude.Int - use seq.Seq + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate produces'0 [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 70 4 70 64] (self : t_Enumerate'0) (visited : Seq.seq (usize, t_Item'0)) (o : t_Enumerate'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : isize) (o : isize) : t_Ordering'0 = - [%#senumerate1] Seq.length visited = n'0 o - n'0 self - /\ (exists s : Seq.seq t_Item'0 . produces'1 (iter'0 self) s (iter'0 o) - /\ Seq.length visited = Seq.length s - /\ (forall i : int . 0 <= i /\ i < Seq.length s - -> UIntSize.to_int (let (a, _) = Seq.get visited i in a) = n'0 self + i - /\ (let (_, a) = Seq.get visited i in a) = Seq.get s i)) + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#senumerate0] forall self : t_Enumerate'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq (usize, t_Item'0)) self - -> produces'0 self (Seq.empty : Seq.seq (usize, t_Item'0)) self + goal refines : [%#sord0] forall x : isize . forall y : isize . forall result : () . (x <= y) + = (cmp_log'0 x y <> C_Greater'0) -> (x <= y) = (cmp_log'0 x y <> C_Greater'0) end -module M_creusot_contracts__stdqy35z1__iter__filter__qyi9573749579793237160__produces_refl__refines [#"../../../creusot-contracts/src/std/iter/filter.rs" 106 4 106 26] (* as std::iter::Iterator> *) - let%span sfilter0 = "../../../creusot-contracts/src/std/iter/filter.rs" 106 4 106 26 - let%span sfilter1 = "../../../creusot-contracts/src/std/iter/filter.rs" 87 12 99 17 - let%span sfilter2 = "../../../creusot-contracts/src/std/iter/filter.rs" 34 12 40 124 - let%span sfilter3 = "../../../creusot-contracts/src/std/iter/filter.rs" 22 14 22 39 - let%span sfilter4 = "../../../creusot-contracts/src/std/iter/filter.rs" 15 14 15 39 - let%span sops5 = "../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 - let%span sops6 = "../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 - let%span sops7 = "../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 - let%span sops8 = "../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 - let%span sops9 = "../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 - let%span sops10 = "../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 - let%span sops11 = "../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 - let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 - let%span siter13 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 - let%span siter14 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 - let%span siter15 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 +module M_creusot_contracts__logic__ord__qyi17836724837647357586__cmp_ge_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 47 20 47 53 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 248 8 253 9 - type t_I'0 + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - type t_F'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 247 4 247 41] (self : bool) (o : bool) : t_Ordering'0 + + = + [%#sord2] match (self, o) with + | (False, False) -> C_Equal'0 + | (True, True) -> C_Equal'0 + | (False, True) -> C_Less'0 + | (True, False) -> C_Greater'0 + end - type t_Filter'0 = - { t_Filter__iter'0: t_I'0; t_Filter__predicate'0: t_F'0 } + function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : bool) (o : bool) : bool = + [%#sord1] cmp_log'0 self o <> C_Less'0 - use seq.Seq + goal refines : [%#sord0] forall x : bool . forall y : bool . forall result : () . ge_log'0 x y + = (cmp_log'0 x y <> C_Less'0) -> ge_log'0 x y = (cmp_log'0 x y <> C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi17836724837647357586__refl__refines [#"../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 248 8 253 9 - type t_Item'0 + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - use seq.Seq + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 247 4 247 41] (self : bool) (o : bool) : t_Ordering'0 + + = + [%#sord1] match (self, o) with + | (False, False) -> C_Equal'0 + | (True, True) -> C_Equal'0 + | (False, True) -> C_Less'0 + | (True, False) -> C_Greater'0 + end - use prelude.prelude.Borrow + goal refines : [%#sord0] forall x : bool . forall result : () . cmp_log'0 x x = C_Equal'0 + -> cmp_log'0 x x = C_Equal'0 +end +module M_creusot_contracts__logic__ord__qyi17836724837647357586__antisym1__refines [#"../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 248 8 253 9 - predicate precondition'0 [#"../../../creusot-contracts/src/std/ops.rs" 77 4 77 45] (self : t_F'0) (args : t_Item'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate postcondition_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 85 4 85 73] (self : t_F'0) (args : t_Item'0) (result : bool) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 247 4 247 41] (self : bool) (o : bool) : t_Ordering'0 + = + [%#sord1] match (self, o) with + | (False, False) -> C_Equal'0 + | (True, True) -> C_Equal'0 + | (False, True) -> C_Less'0 + | (True, False) -> C_Greater'0 + end - predicate resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_F'0) + goal refines : [%#sord0] forall x : bool . forall y : bool . cmp_log'0 x y = C_Less'0 + -> cmp_log'0 x y = C_Less'0 /\ (forall result : () . cmp_log'0 y x = C_Greater'0 -> cmp_log'0 y x = C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi17836724837647357586__cmp_gt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 58 20 58 56 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 248 8 253 9 - predicate postcondition_mut'0 [#"../../../creusot-contracts/src/std/ops.rs" 95 4 95 92] (self : t_F'0) (args : t_Item'0) (result_state : t_F'0) (result : bool) - + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function fn_mut_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 129 4 129 55] (self : t_F'0) (args : t_Item'0) (res : bool) : () + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 247 4 247 41] (self : bool) (o : bool) : t_Ordering'0 + = + [%#sord2] match (self, o) with + | (False, False) -> C_Equal'0 + | (True, True) -> C_Equal'0 + | (False, True) -> C_Less'0 + | (True, False) -> C_Greater'0 + end - axiom fn_mut_once'0_spec : forall self : t_F'0, args : t_Item'0, res : bool . [%#sops11] postcondition_once'0 self args res - = (exists res_state : t_F'0 . postcondition_mut'0 self args res_state res /\ resolve'0 res_state) + function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : bool) (o : bool) : bool = + [%#sord1] cmp_log'0 self o = C_Greater'0 - predicate unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 103 4 103 36] (self : t_F'0) (_2 : t_F'0) + goal refines : [%#sord0] forall x : bool . forall y : bool . forall result : () . gt_log'0 x y + = (cmp_log'0 x y = C_Greater'0) -> gt_log'0 x y = (cmp_log'0 x y = C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi17836724837647357586__cmp_le_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 25 20 25 56 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 248 8 253 9 - function unnest_trans'0 [#"../../../creusot-contracts/src/std/ops.rs" 123 4 123 43] (self : t_F'0) (b : t_F'0) (c : t_F'0) : () + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 + + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 247 4 247 41] (self : bool) (o : bool) : t_Ordering'0 + = + [%#sord2] match (self, o) with + | (False, False) -> C_Equal'0 + | (True, True) -> C_Equal'0 + | (False, True) -> C_Less'0 + | (True, False) -> C_Greater'0 + end - axiom unnest_trans'0_spec : forall self : t_F'0, b : t_F'0, c : t_F'0 . ([%#sops8] unnest'0 self b) - -> ([%#sops9] unnest'0 b c) -> ([%#sops10] unnest'0 self c) + function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : bool) (o : bool) : bool = + [%#sord1] cmp_log'0 self o <> C_Greater'0 - function unnest_refl'0 [#"../../../creusot-contracts/src/std/ops.rs" 116 4 116 24] (self : t_F'0) : () + goal refines : [%#sord0] forall x : bool . forall y : bool . forall result : () . le_log'0 x y + = (cmp_log'0 x y <> C_Greater'0) -> le_log'0 x y = (cmp_log'0 x y <> C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi17836724837647357586__cmp_lt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 36 20 36 53 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 248 8 253 9 - axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops7] unnest'0 self self + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function postcondition_mut_unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 111 4 111 85] (self : t_F'0) (args : t_Item'0) (res_state : t_F'0) (res : bool) : () + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 247 4 247 41] (self : bool) (o : bool) : t_Ordering'0 + = + [%#sord2] match (self, o) with + | (False, False) -> C_Equal'0 + | (True, True) -> C_Equal'0 + | (False, True) -> C_Less'0 + | (True, False) -> C_Greater'0 + end - axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : t_Item'0, res_state : t_F'0, res : bool . ([%#sops5] postcondition_mut'0 self args res_state res) - -> ([%#sops6] unnest'0 self res_state) + function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : bool) (o : bool) : bool = + [%#sord1] cmp_log'0 self o = C_Less'0 - predicate invariant'0 [#"../../../creusot-contracts/src/std/iter/filter.rs" 31 4 31 30] (self : t_Filter'0) = - [%#sfilter2] forall f : t_F'0, i : t_Item'0 . precondition'0 f (i) - /\ (forall f : t_F'0, g : t_F'0 . unnest'0 f g -> f = g) - /\ (forall f1 : t_F'0, f2 : t_F'0, i : t_Item'0 . not (postcondition_mut'0 f1 (i) f2 true - /\ postcondition_mut'0 f1 (i) f2 false)) + goal refines : [%#sord0] forall x : bool . forall y : bool . forall result : () . lt_log'0 x y + = (cmp_log'0 x y = C_Less'0) -> lt_log'0 x y = (cmp_log'0 x y = C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi17836724837647357586__eq_cmp__refines [#"../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 248 8 253 9 - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_F'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 247 4 247 41] (self : bool) (o : bool) : t_Ordering'0 + + = + [%#sord1] match (self, o) with + | (False, False) -> C_Equal'0 + | (True, True) -> C_Equal'0 + | (False, True) -> C_Less'0 + | (True, False) -> C_Greater'0 + end - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Filter'0) + goal refines : [%#sord0] forall x : bool . forall y : bool . forall result : () . (x = y) + = (cmp_log'0 x y = C_Equal'0) -> (x = y) = (cmp_log'0 x y = C_Equal'0) +end +module M_creusot_contracts__logic__ord__qyi17836724837647357586__antisym2__refines [#"../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 248 8 253 9 - axiom inv_axiom'0 [@rewrite] : forall x : t_Filter'0 [inv'0 x] . inv'0 x - = (invariant'0 x - /\ match x with - | {t_Filter__iter'0 = iter ; t_Filter__predicate'0 = predicate'} -> inv'2 iter /\ inv'1 predicate' - end) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function func'0 [#"../../../creusot-contracts/src/std/iter/filter.rs" 23 4 23 22] (self : t_Filter'0) : t_F'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 247 4 247 41] (self : bool) (o : bool) : t_Ordering'0 + + = + [%#sord1] match (self, o) with + | (False, False) -> C_Equal'0 + | (True, True) -> C_Equal'0 + | (False, True) -> C_Less'0 + | (True, False) -> C_Greater'0 + end - axiom func'0_spec : forall self : t_Filter'0 . [%#sfilter3] inv'0 self -> inv'1 (func'0 self) + goal refines : [%#sord0] forall x : bool . forall y : bool . cmp_log'0 x y = C_Greater'0 + -> cmp_log'0 x y = C_Greater'0 /\ (forall result : () . cmp_log'0 y x = C_Less'0 -> cmp_log'0 y x = C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi17836724837647357586__trans__refines [#"../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 248 8 253 9 - use prelude.prelude.Int + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - use map.Map + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 247 4 247 41] (self : bool) (o : bool) : t_Ordering'0 + + = + [%#sord1] match (self, o) with + | (False, False) -> C_Equal'0 + | (True, True) -> C_Equal'0 + | (False, True) -> C_Less'0 + | (True, False) -> C_Greater'0 + end - function iter'0 [#"../../../creusot-contracts/src/std/iter/filter.rs" 16 4 16 22] (self : t_Filter'0) : t_I'0 + goal refines : [%#sord0] forall x : bool . forall y : bool . forall z : bool . forall o : t_Ordering'0 . cmp_log'0 y z + = o + /\ cmp_log'0 x y = o + -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) +end +module M_creusot_contracts__logic__ord__qyi1910662420989811789__cmp_gt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39] (* <(A, B) as logic::ord::OrdLogic> *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 294 20 294 67 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 263 8 270 11 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 + let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 + let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 + let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 + let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 + let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 + let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 + let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 + let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 + let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 + let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 + let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 - axiom iter'0_spec : forall self : t_Filter'0 . [%#sfilter4] inv'0 self -> inv'2 (iter'0 self) + type t_A'0 - use seq.Seq + type t_B'0 - predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function cmp_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_B'0) (other : t_B'0) : t_Ordering'0 - axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter13] produces'1 a ab b) - -> ([%#siter14] produces'1 b bc c) -> ([%#siter15] produces'1 a (Seq.(++) ab bc) c) + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_B'0) (y : t_B'0) : () - function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () + axiom eq_cmp'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord15] (x = y) = (cmp_log'2 x y = C_Equal'0) - axiom produces_refl'1_spec : forall self : t_I'0 . [%#siter12] produces'1 self (Seq.empty : Seq.seq t_Item'0) self + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_B'0) (y : t_B'0) : () - use seq.Seq + axiom antisym2'0_spec : forall x : t_B'0, y : t_B'0 . ([%#sord13] cmp_log'2 x y = C_Greater'0) + -> ([%#sord14] cmp_log'2 y x = C_Less'0) - use map.Map + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_B'0) (y : t_B'0) : () - use seq.Seq + axiom antisym1'0_spec : forall x : t_B'0, y : t_B'0 . ([%#sord11] cmp_log'2 x y = C_Less'0) + -> ([%#sord12] cmp_log'2 y x = C_Greater'0) - predicate produces'0 [#"../../../creusot-contracts/src/std/iter/filter.rs" 85 4 85 67] (self : t_Filter'0) (visited : Seq.seq t_Item'0) (succ : t_Filter'0) + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_B'0) (y : t_B'0) (z : t_B'0) (o : t_Ordering'0) : () - = - [%#sfilter1] invariant'0 self - -> unnest'0 (func'0 self) (func'0 succ) - /\ (exists s : Seq.seq t_Item'0, f : Map.map int int . produces'1 (iter'0 self) s (iter'0 succ) - /\ (forall i : int, j : int . 0 <= i /\ i <= j /\ j < Seq.length visited - -> 0 <= Map.get f i /\ Map.get f i <= Map.get f j /\ Map.get f j < Seq.length s) - /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> Seq.get visited i = Seq.get s (Map.get f i)) - /\ (forall i : int . 0 <= i /\ i < Seq.length s - -> (exists j : int . 0 <= j /\ j < Seq.length visited /\ Map.get f j = i) - = postcondition_mut'0 (func'0 self) (Seq.get s i) (func'0 self) true)) - - goal refines : [%#sfilter0] forall self : t_Filter'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_Item'0) self - -> produces'0 self (Seq.empty : Seq.seq t_Item'0) self -end -module M_creusot_contracts__stdqy35z1__iter__filter__qyi9573749579793237160__produces_trans__refines [#"../../../creusot-contracts/src/std/iter/filter.rs" 113 4 113 90] (* as std::iter::Iterator> *) - let%span sfilter0 = "../../../creusot-contracts/src/std/iter/filter.rs" 113 4 113 90 - let%span sfilter1 = "../../../creusot-contracts/src/std/iter/filter.rs" 87 12 99 17 - let%span sfilter2 = "../../../creusot-contracts/src/std/iter/filter.rs" 34 12 40 124 - let%span sfilter3 = "../../../creusot-contracts/src/std/iter/filter.rs" 22 14 22 39 - let%span sfilter4 = "../../../creusot-contracts/src/std/iter/filter.rs" 15 14 15 39 - let%span sops5 = "../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 - let%span sops6 = "../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 - let%span sops7 = "../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 - let%span sops8 = "../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 - let%span sops9 = "../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 - let%span sops10 = "../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 - let%span sops11 = "../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 - let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 - let%span siter13 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 - let%span siter14 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 - let%span siter15 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 - - type t_I'0 - type t_F'0 - - type t_Filter'0 = - { t_Filter__iter'0: t_I'0; t_Filter__predicate'0: t_F'0 } + axiom trans'0_spec : forall x : t_B'0, y : t_B'0, z : t_B'0, o : t_Ordering'0 . ([%#sord8] cmp_log'2 x y = o) + -> ([%#sord9] cmp_log'2 y z = o) -> ([%#sord10] cmp_log'2 x z = o) - type t_Item'0 + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_B'0) : () - use seq.Seq + axiom refl'0_spec : forall x : t_B'0 . [%#sord7] cmp_log'2 x x = C_Equal'0 - use prelude.prelude.Borrow + function gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_B'0) (o : t_B'0) : bool - predicate precondition'0 [#"../../../creusot-contracts/src/std/ops.rs" 77 4 77 45] (self : t_F'0) (args : t_Item'0) + function cmp_gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_B'0) (y : t_B'0) : () - predicate postcondition_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 85 4 85 73] (self : t_F'0) (args : t_Item'0) (result : bool) - + axiom cmp_gt_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord6] gt_log'1 x y = (cmp_log'2 x y = C_Greater'0) - predicate resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_F'0) + function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_B'0) (o : t_B'0) : bool - predicate postcondition_mut'0 [#"../../../creusot-contracts/src/std/ops.rs" 95 4 95 92] (self : t_F'0) (args : t_Item'0) (result_state : t_F'0) (result : bool) - + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_B'0) (y : t_B'0) : () - function fn_mut_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 129 4 129 55] (self : t_F'0) (args : t_Item'0) (res : bool) : () - + axiom cmp_ge_log'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord5] ge_log'0 x y = (cmp_log'2 x y <> C_Less'0) - axiom fn_mut_once'0_spec : forall self : t_F'0, args : t_Item'0, res : bool . [%#sops11] postcondition_once'0 self args res - = (exists res_state : t_F'0 . postcondition_mut'0 self args res_state res /\ resolve'0 res_state) + function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_B'0) (o : t_B'0) : bool - predicate unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 103 4 103 36] (self : t_F'0) (_2 : t_F'0) + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_B'0) (y : t_B'0) : () - function unnest_trans'0 [#"../../../creusot-contracts/src/std/ops.rs" 123 4 123 43] (self : t_F'0) (b : t_F'0) (c : t_F'0) : () - + axiom cmp_lt_log'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord4] lt_log'0 x y = (cmp_log'2 x y = C_Less'0) - axiom unnest_trans'0_spec : forall self : t_F'0, b : t_F'0, c : t_F'0 . ([%#sops8] unnest'0 self b) - -> ([%#sops9] unnest'0 b c) -> ([%#sops10] unnest'0 self c) + function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_B'0) (o : t_B'0) : bool - function unnest_refl'0 [#"../../../creusot-contracts/src/std/ops.rs" 116 4 116 24] (self : t_F'0) : () + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_B'0) (y : t_B'0) : () - axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops7] unnest'0 self self + axiom cmp_le_log'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord3] le_log'0 x y = (cmp_log'2 x y <> C_Greater'0) - function postcondition_mut_unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 111 4 111 85] (self : t_F'0) (args : t_Item'0) (res_state : t_F'0) (res : bool) : () + function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_A'0) (other : t_A'0) : t_Ordering'0 - axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : t_Item'0, res_state : t_F'0, res : bool . ([%#sops5] postcondition_mut'0 self args res_state res) - -> ([%#sops6] unnest'0 self res_state) + function eq_cmp'1 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_A'0) (y : t_A'0) : () - predicate invariant'0 [#"../../../creusot-contracts/src/std/iter/filter.rs" 31 4 31 30] (self : t_Filter'0) = - [%#sfilter2] forall f : t_F'0, i : t_Item'0 . precondition'0 f (i) - /\ (forall f : t_F'0, g : t_F'0 . unnest'0 f g -> f = g) - /\ (forall f1 : t_F'0, f2 : t_F'0, i : t_Item'0 . not (postcondition_mut'0 f1 (i) f2 true - /\ postcondition_mut'0 f1 (i) f2 false)) + axiom eq_cmp'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord15] (x = y) = (cmp_log'1 x y = C_Equal'0) - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) + function antisym2'1 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_A'0) (y : t_A'0) : () - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_F'0) + axiom antisym2'1_spec : forall x : t_A'0, y : t_A'0 . ([%#sord13] cmp_log'1 x y = C_Greater'0) + -> ([%#sord14] cmp_log'1 y x = C_Less'0) - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Filter'0) + function antisym1'1 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_A'0) (y : t_A'0) : () - axiom inv_axiom'0 [@rewrite] : forall x : t_Filter'0 [inv'0 x] . inv'0 x - = (invariant'0 x - /\ match x with - | {t_Filter__iter'0 = iter ; t_Filter__predicate'0 = predicate'} -> inv'2 iter /\ inv'1 predicate' - end) + axiom antisym1'1_spec : forall x : t_A'0, y : t_A'0 . ([%#sord11] cmp_log'1 x y = C_Less'0) + -> ([%#sord12] cmp_log'1 y x = C_Greater'0) - function func'0 [#"../../../creusot-contracts/src/std/iter/filter.rs" 23 4 23 22] (self : t_Filter'0) : t_F'0 + function trans'1 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_A'0) (y : t_A'0) (z : t_A'0) (o : t_Ordering'0) : () + - axiom func'0_spec : forall self : t_Filter'0 . [%#sfilter3] inv'0 self -> inv'1 (func'0 self) + axiom trans'1_spec : forall x : t_A'0, y : t_A'0, z : t_A'0, o : t_Ordering'0 . ([%#sord8] cmp_log'1 x y = o) + -> ([%#sord9] cmp_log'1 y z = o) -> ([%#sord10] cmp_log'1 x z = o) - use prelude.prelude.Int + function refl'1 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_A'0) : () - use map.Map + axiom refl'1_spec : forall x : t_A'0 . [%#sord7] cmp_log'1 x x = C_Equal'0 - function iter'0 [#"../../../creusot-contracts/src/std/iter/filter.rs" 16 4 16 22] (self : t_Filter'0) : t_I'0 + function gt_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_A'0) (o : t_A'0) : bool - axiom iter'0_spec : forall self : t_Filter'0 . [%#sfilter4] inv'0 self -> inv'2 (iter'0 self) + function cmp_gt_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_A'0) (y : t_A'0) : () - use seq.Seq + axiom cmp_gt_log'2_spec : forall x : t_A'0, y : t_A'0 . [%#sord6] gt_log'2 x y = (cmp_log'1 x y = C_Greater'0) - use seq.Seq + function ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_A'0) (o : t_A'0) : bool + + function cmp_ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_A'0) (y : t_A'0) : () - predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - + axiom cmp_ge_log'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord5] ge_log'1 x y = (cmp_log'1 x y <> C_Less'0) - function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - + function lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_A'0) (o : t_A'0) : bool - axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter13] produces'1 a ab b) - -> ([%#siter14] produces'1 b bc c) -> ([%#siter15] produces'1 a (Seq.(++) ab bc) c) + function cmp_lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_A'0) (y : t_A'0) : () - function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () + axiom cmp_lt_log'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord4] lt_log'1 x y = (cmp_log'1 x y = C_Less'0) - axiom produces_refl'0_spec : forall self : t_I'0 . [%#siter12] produces'1 self (Seq.empty : Seq.seq t_Item'0) self + function le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_A'0) (o : t_A'0) : bool - use seq.Seq + function cmp_le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_A'0) (y : t_A'0) : () - use map.Map + axiom cmp_le_log'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord3] le_log'1 x y = (cmp_log'1 x y <> C_Greater'0) - use seq.Seq + function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 293 4 293 36] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : bool + + = + [%#sord1] (let (a, _) = self in a) = (let (a, _) = o in a) + /\ gt_log'1 (let (_, a) = self in a) (let (_, a) = o in a) + \/ gt_log'2 (let (a, _) = self in a) (let (a, _) = o in a) - predicate produces'0 [#"../../../creusot-contracts/src/std/iter/filter.rs" 85 4 85 67] (self : t_Filter'0) (visited : Seq.seq t_Item'0) (succ : t_Filter'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 262 4 262 41] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : t_Ordering'0 = - [%#sfilter1] invariant'0 self - -> unnest'0 (func'0 self) (func'0 succ) - /\ (exists s : Seq.seq t_Item'0, f : Map.map int int . produces'1 (iter'0 self) s (iter'0 succ) - /\ (forall i : int, j : int . 0 <= i /\ i <= j /\ j < Seq.length visited - -> 0 <= Map.get f i /\ Map.get f i <= Map.get f j /\ Map.get f j < Seq.length s) - /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> Seq.get visited i = Seq.get s (Map.get f i)) - /\ (forall i : int . 0 <= i /\ i < Seq.length s - -> (exists j : int . 0 <= j /\ j < Seq.length visited /\ Map.get f j = i) - = postcondition_mut'0 (func'0 self) (Seq.get s i) (func'0 self) true)) + [%#sord2] let r = cmp_log'1 (let (a, _) = self in a) (let (a, _) = o in a) in if r = C_Equal'0 then + cmp_log'2 (let (_, a) = self in a) (let (_, a) = o in a) + else + r + - goal refines : [%#sfilter0] forall a : t_Filter'0 . forall ab : Seq.seq t_Item'0 . forall b : t_Filter'0 . forall bc : Seq.seq t_Item'0 . forall c : t_Filter'0 . produces'0 b bc c - /\ produces'0 a ab b - -> produces'0 b bc c - /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) + goal refines : [%#sord0] forall x : (t_A'0, t_B'0) . forall y : (t_A'0, t_B'0) . forall result : () . gt_log'0 x y + = (cmp_log'0 x y = C_Greater'0) -> gt_log'0 x y = (cmp_log'0 x y = C_Greater'0) end -module M_creusot_contracts__stdqy35z1__iter__fuse__qyi10730559947553418603__produces_trans__refines [#"../../../creusot-contracts/src/std/iter/fuse.rs" 49 4 49 90] (* as std::iter::Iterator> *) - let%span sfuse0 = "../../../creusot-contracts/src/std/iter/fuse.rs" 49 4 49 90 - let%span sfuse1 = "../../../creusot-contracts/src/std/iter/fuse.rs" 29 12 35 13 - let%span sfuse2 = "../../../creusot-contracts/src/std/iter/fuse.rs" 8 14 8 39 - let%span sfuse3 = "../../../creusot-contracts/src/std/iter/fuse.rs" 9 14 9 71 - let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 - let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 - let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 - let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 +module M_creusot_contracts__logic__ord__qyi1910662420989811789__cmp_ge_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39] (* <(A, B) as logic::ord::OrdLogic> *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 288 20 288 68 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 263 8 270 11 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 + let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 + let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 + let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 + let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 + let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 + let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 + let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 + let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 + let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 + let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 + let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 - type t_I'0 + type t_A'0 - type t_Option'0 = - | C_None'0 - | C_Some'0 t_I'0 + type t_B'0 - type t_Fuse'0 = - { t_Fuse__iter'0: t_Option'0 } + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - type t_Item'0 + function cmp_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_B'0) (other : t_B'0) : t_Ordering'0 + - use seq.Seq + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_B'0) (y : t_B'0) : () - use seq.Seq + axiom eq_cmp'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord15] (x = y) = (cmp_log'2 x y = C_Equal'0) - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_B'0) (y : t_B'0) : () - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Option'0) + axiom antisym2'0_spec : forall x : t_B'0, y : t_B'0 . ([%#sord13] cmp_log'2 x y = C_Greater'0) + -> ([%#sord14] cmp_log'2 y x = C_Less'0) - axiom inv_axiom'1 [@rewrite] : forall x : t_Option'0 [inv'1 x] . inv'1 x - = match x with - | C_None'0 -> true - | C_Some'0 a_0 -> inv'2 a_0 - end + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_B'0) (y : t_B'0) : () - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Fuse'0) + axiom antisym1'0_spec : forall x : t_B'0, y : t_B'0 . ([%#sord11] cmp_log'2 x y = C_Less'0) + -> ([%#sord12] cmp_log'2 y x = C_Greater'0) - axiom inv_axiom'0 [@rewrite] : forall x : t_Fuse'0 [inv'0 x] . inv'0 x - = match x with - | {t_Fuse__iter'0 = iter} -> inv'1 iter - end + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_B'0) (y : t_B'0) (z : t_B'0) (o : t_Ordering'0) : () + - function view'0 [#"../../../creusot-contracts/src/std/iter/fuse.rs" 10 4 10 30] (self : t_Fuse'0) : t_Option'0 + axiom trans'0_spec : forall x : t_B'0, y : t_B'0, z : t_B'0, o : t_Ordering'0 . ([%#sord8] cmp_log'2 x y = o) + -> ([%#sord9] cmp_log'2 y z = o) -> ([%#sord10] cmp_log'2 x z = o) - axiom view'0_spec : forall self : t_Fuse'0 . ([%#sfuse2] inv'0 self -> inv'1 (view'0 self)) - && ([%#sfuse3] forall other : t_Fuse'0 . view'0 self = view'0 other -> self = other) + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_B'0) : () - use seq.Seq + axiom refl'0_spec : forall x : t_B'0 . [%#sord7] cmp_log'2 x x = C_Equal'0 - predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - + function gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_B'0) (o : t_B'0) : bool - function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_B'0) (y : t_B'0) : () - axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter5] produces'1 a ab b) - -> ([%#siter6] produces'1 b bc c) -> ([%#siter7] produces'1 a (Seq.(++) ab bc) c) + axiom cmp_gt_log'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord6] gt_log'1 x y = (cmp_log'2 x y = C_Greater'0) - function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () + function ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_B'0) (o : t_B'0) : bool - axiom produces_refl'0_spec : forall self : t_I'0 . [%#siter4] produces'1 self (Seq.empty : Seq.seq t_Item'0) self + function cmp_ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_B'0) (y : t_B'0) : () - predicate produces'0 [#"../../../creusot-contracts/src/std/iter/fuse.rs" 27 4 27 65] (self : t_Fuse'0) (prod : Seq.seq t_Item'0) (other : t_Fuse'0) - - = - [%#sfuse1] match view'0 self with - | C_None'0 -> prod = (Seq.empty : Seq.seq t_Item'0) /\ view'0 other = view'0 self - | C_Some'0 i -> match view'0 other with - | C_Some'0 i2 -> produces'1 i prod i2 - | C_None'0 -> false - end - end + axiom cmp_ge_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord5] ge_log'1 x y = (cmp_log'2 x y <> C_Less'0) - goal refines : [%#sfuse0] forall a : t_Fuse'0 . forall ab : Seq.seq t_Item'0 . forall b : t_Fuse'0 . forall bc : Seq.seq t_Item'0 . forall c : t_Fuse'0 . produces'0 b bc c - /\ produces'0 a ab b - -> produces'0 b bc c - /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) -end -module M_creusot_contracts__stdqy35z1__iter__fuse__qyi10730559947553418603__produces_refl__refines [#"../../../creusot-contracts/src/std/iter/fuse.rs" 42 4 42 26] (* as std::iter::Iterator> *) - let%span sfuse0 = "../../../creusot-contracts/src/std/iter/fuse.rs" 42 4 42 26 - let%span sfuse1 = "../../../creusot-contracts/src/std/iter/fuse.rs" 29 12 35 13 - let%span sfuse2 = "../../../creusot-contracts/src/std/iter/fuse.rs" 8 14 8 39 - let%span sfuse3 = "../../../creusot-contracts/src/std/iter/fuse.rs" 9 14 9 71 - let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 - let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 - let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 - let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 + function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_B'0) (o : t_B'0) : bool - type t_I'0 + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_B'0) (y : t_B'0) : () - type t_Option'0 = - | C_None'0 - | C_Some'0 t_I'0 + axiom cmp_lt_log'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord4] lt_log'0 x y = (cmp_log'2 x y = C_Less'0) - type t_Fuse'0 = - { t_Fuse__iter'0: t_Option'0 } + function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_B'0) (o : t_B'0) : bool - use seq.Seq + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_B'0) (y : t_B'0) : () - type t_Item'0 + axiom cmp_le_log'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord3] le_log'0 x y = (cmp_log'2 x y <> C_Greater'0) - use seq.Seq + function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_A'0) (other : t_A'0) : t_Ordering'0 + - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) + function eq_cmp'1 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_A'0) (y : t_A'0) : () - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Option'0) + axiom eq_cmp'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord15] (x = y) = (cmp_log'1 x y = C_Equal'0) - axiom inv_axiom'1 [@rewrite] : forall x : t_Option'0 [inv'1 x] . inv'1 x - = match x with - | C_None'0 -> true - | C_Some'0 a_0 -> inv'2 a_0 - end + function antisym2'1 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_A'0) (y : t_A'0) : () - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Fuse'0) + axiom antisym2'1_spec : forall x : t_A'0, y : t_A'0 . ([%#sord13] cmp_log'1 x y = C_Greater'0) + -> ([%#sord14] cmp_log'1 y x = C_Less'0) - axiom inv_axiom'0 [@rewrite] : forall x : t_Fuse'0 [inv'0 x] . inv'0 x - = match x with - | {t_Fuse__iter'0 = iter} -> inv'1 iter - end + function antisym1'1 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_A'0) (y : t_A'0) : () - function view'0 [#"../../../creusot-contracts/src/std/iter/fuse.rs" 10 4 10 30] (self : t_Fuse'0) : t_Option'0 + axiom antisym1'1_spec : forall x : t_A'0, y : t_A'0 . ([%#sord11] cmp_log'1 x y = C_Less'0) + -> ([%#sord12] cmp_log'1 y x = C_Greater'0) - axiom view'0_spec : forall self : t_Fuse'0 . ([%#sfuse2] inv'0 self -> inv'1 (view'0 self)) - && ([%#sfuse3] forall other : t_Fuse'0 . view'0 self = view'0 other -> self = other) + function trans'1 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_A'0) (y : t_A'0) (z : t_A'0) (o : t_Ordering'0) : () + - use seq.Seq + axiom trans'1_spec : forall x : t_A'0, y : t_A'0, z : t_A'0, o : t_Ordering'0 . ([%#sord8] cmp_log'1 x y = o) + -> ([%#sord9] cmp_log'1 y z = o) -> ([%#sord10] cmp_log'1 x z = o) - predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - + function refl'1 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_A'0) : () - function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - + axiom refl'1_spec : forall x : t_A'0 . [%#sord7] cmp_log'1 x x = C_Equal'0 - axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter5] produces'1 a ab b) - -> ([%#siter6] produces'1 b bc c) -> ([%#siter7] produces'1 a (Seq.(++) ab bc) c) + function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_A'0) (o : t_A'0) : bool - function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () + function cmp_gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_A'0) (y : t_A'0) : () - axiom produces_refl'1_spec : forall self : t_I'0 . [%#siter4] produces'1 self (Seq.empty : Seq.seq t_Item'0) self + axiom cmp_gt_log'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord6] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) - predicate produces'0 [#"../../../creusot-contracts/src/std/iter/fuse.rs" 27 4 27 65] (self : t_Fuse'0) (prod : Seq.seq t_Item'0) (other : t_Fuse'0) - - = - [%#sfuse1] match view'0 self with - | C_None'0 -> prod = (Seq.empty : Seq.seq t_Item'0) /\ view'0 other = view'0 self - | C_Some'0 i -> match view'0 other with - | C_Some'0 i2 -> produces'1 i prod i2 - | C_None'0 -> false - end - end + function ge_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_A'0) (o : t_A'0) : bool - goal refines : [%#sfuse0] forall self : t_Fuse'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_Item'0) self - -> produces'0 self (Seq.empty : Seq.seq t_Item'0) self -end -module M_creusot_contracts__stdqy35z1__iter__map__qyi6597778842032428791__produces_refl__refines [#"../../../creusot-contracts/src/std/iter/map.rs" 81 4 81 26] (* as std::iter::Iterator> *) - let%span smap0 = "../../../creusot-contracts/src/std/iter/map.rs" 81 4 81 26 - let%span smap1 = "../../../creusot-contracts/src/std/iter/map.rs" 63 12 74 75 - let%span smap2 = "../../../creusot-contracts/src/std/iter/map.rs" 22 14 22 39 - let%span smap3 = "../../../creusot-contracts/src/std/iter/map.rs" 15 14 15 39 - let%span sops4 = "../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 - let%span sops5 = "../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 - let%span sops6 = "../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 - let%span sops7 = "../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 - let%span sops8 = "../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 - let%span sops9 = "../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 - let%span sops10 = "../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 - let%span siter11 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 - let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 - let%span siter13 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 - let%span siter14 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 + function cmp_ge_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_A'0) (y : t_A'0) : () - type t_I'0 + axiom cmp_ge_log'2_spec : forall x : t_A'0, y : t_A'0 . [%#sord5] ge_log'2 x y = (cmp_log'1 x y <> C_Less'0) - type t_F'0 + function lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_A'0) (o : t_A'0) : bool - type t_Map'0 = - { t_Map__iter'0: t_I'0; t_Map__f'0: t_F'0 } + function cmp_lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_A'0) (y : t_A'0) : () - use seq.Seq + axiom cmp_lt_log'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord4] lt_log'1 x y = (cmp_log'1 x y = C_Less'0) - type t_B'0 + function le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_A'0) (o : t_A'0) : bool - use seq.Seq + function cmp_le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_A'0) (y : t_A'0) : () - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) + axiom cmp_le_log'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord3] le_log'1 x y = (cmp_log'1 x y <> C_Greater'0) - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_F'0) + function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 287 4 287 36] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : bool + + = + [%#sord1] (let (a, _) = self in a) = (let (a, _) = o in a) + /\ ge_log'1 (let (_, a) = self in a) (let (_, a) = o in a) + \/ gt_log'0 (let (a, _) = self in a) (let (a, _) = o in a) - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Map'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 262 4 262 41] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : t_Ordering'0 + + = + [%#sord2] let r = cmp_log'1 (let (a, _) = self in a) (let (a, _) = o in a) in if r = C_Equal'0 then + cmp_log'2 (let (_, a) = self in a) (let (_, a) = o in a) + else + r + - axiom inv_axiom'0 [@rewrite] : forall x : t_Map'0 [inv'0 x] . inv'0 x - = match x with - | {t_Map__iter'0 = iter ; t_Map__f'0 = f} -> inv'2 iter /\ inv'1 f - end + goal refines : [%#sord0] forall x : (t_A'0, t_B'0) . forall y : (t_A'0, t_B'0) . forall result : () . ge_log'0 x y + = (cmp_log'0 x y <> C_Less'0) -> ge_log'0 x y = (cmp_log'0 x y <> C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi1910662420989811789__antisym2__refines [#"../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37] (* <(A, B) as logic::ord::OrdLogic> *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 263 8 270 11 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 + let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 + let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 + let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 + let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 + let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 + let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 + let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 + let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 + let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 + let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 - function func'0 [#"../../../creusot-contracts/src/std/iter/map.rs" 23 4 23 22] (self : t_Map'0) : t_F'0 + type t_A'0 - axiom func'0_spec : forall self : t_Map'0 . [%#smap2] inv'0 self -> inv'1 (func'0 self) + type t_B'0 - type t_Item'0 + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate postcondition_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 85 4 85 73] (self : t_F'0) (args : t_Item'0) (result : t_B'0) + function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_A'0) (other : t_A'0) : t_Ordering'0 - use prelude.prelude.Borrow + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_A'0) (y : t_A'0) : () - predicate resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_F'0) + axiom eq_cmp'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord14] (x = y) = (cmp_log'1 x y = C_Equal'0) - predicate postcondition_mut'0 [#"../../../creusot-contracts/src/std/ops.rs" 95 4 95 92] (self : t_F'0) (args : t_Item'0) (result_state : t_F'0) (result : t_B'0) - + function antisym2'1 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_A'0) (y : t_A'0) : () - function fn_mut_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 129 4 129 55] (self : t_F'0) (args : t_Item'0) (res : t_B'0) : () - + axiom antisym2'1_spec : forall x : t_A'0, y : t_A'0 . ([%#sord12] cmp_log'1 x y = C_Greater'0) + -> ([%#sord13] cmp_log'1 y x = C_Less'0) - axiom fn_mut_once'0_spec : forall self : t_F'0, args : t_Item'0, res : t_B'0 . [%#sops10] postcondition_once'0 self args res - = (exists res_state : t_F'0 . postcondition_mut'0 self args res_state res /\ resolve'0 res_state) + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_A'0) (y : t_A'0) : () - predicate unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 103 4 103 36] (self : t_F'0) (_2 : t_F'0) + axiom antisym1'0_spec : forall x : t_A'0, y : t_A'0 . ([%#sord10] cmp_log'1 x y = C_Less'0) + -> ([%#sord11] cmp_log'1 y x = C_Greater'0) - function unnest_trans'0 [#"../../../creusot-contracts/src/std/ops.rs" 123 4 123 43] (self : t_F'0) (b : t_F'0) (c : t_F'0) : () + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_A'0) (y : t_A'0) (z : t_A'0) (o : t_Ordering'0) : () - axiom unnest_trans'0_spec : forall self : t_F'0, b : t_F'0, c : t_F'0 . ([%#sops7] unnest'0 self b) - -> ([%#sops8] unnest'0 b c) -> ([%#sops9] unnest'0 self c) + axiom trans'0_spec : forall x : t_A'0, y : t_A'0, z : t_A'0, o : t_Ordering'0 . ([%#sord7] cmp_log'1 x y = o) + -> ([%#sord8] cmp_log'1 y z = o) -> ([%#sord9] cmp_log'1 x z = o) - function unnest_refl'0 [#"../../../creusot-contracts/src/std/ops.rs" 116 4 116 24] (self : t_F'0) : () + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_A'0) : () - axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops6] unnest'0 self self + axiom refl'0_spec : forall x : t_A'0 . [%#sord6] cmp_log'1 x x = C_Equal'0 - function postcondition_mut_unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 111 4 111 85] (self : t_F'0) (args : t_Item'0) (res_state : t_F'0) (res : t_B'0) : () - + function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_A'0) (o : t_A'0) : bool - axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : t_Item'0, res_state : t_F'0, res : t_B'0 . ([%#sops4] postcondition_mut'0 self args res_state res) - -> ([%#sops5] unnest'0 self res_state) + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_A'0) (y : t_A'0) : () - use seq.Seq + axiom cmp_gt_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord5] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) - use seq.Seq + function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_A'0) (o : t_A'0) : bool - use seq.Seq + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_A'0) (y : t_A'0) : () - use seq.Seq + axiom cmp_ge_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord4] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) - use seq.Seq + function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_A'0) (o : t_A'0) : bool - function iter'0 [#"../../../creusot-contracts/src/std/iter/map.rs" 16 4 16 22] (self : t_Map'0) : t_I'0 + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_A'0) (y : t_A'0) : () - axiom iter'0_spec : forall self : t_Map'0 . [%#smap3] inv'0 self -> inv'2 (iter'0 self) + axiom cmp_lt_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord3] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) - use seq.Seq + function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_A'0) (o : t_A'0) : bool - use seq.Seq + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_A'0) (y : t_A'0) : () - predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - + axiom cmp_le_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord2] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) - function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function cmp_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_B'0) (other : t_B'0) : t_Ordering'0 - axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter12] produces'1 a ab b) - -> ([%#siter13] produces'1 b bc c) -> ([%#siter14] produces'1 a (Seq.(++) ab bc) c) - - function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () - - axiom produces_refl'1_spec : forall self : t_I'0 . [%#siter11] produces'1 self (Seq.empty : Seq.seq t_Item'0) self + function eq_cmp'1 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_B'0) (y : t_B'0) : () - use prelude.prelude.Int + axiom eq_cmp'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord14] (x = y) = (cmp_log'2 x y = C_Equal'0) - use seq.Seq + function antisym2'2 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_B'0) (y : t_B'0) : () - use seq.Seq + axiom antisym2'2_spec : forall x : t_B'0, y : t_B'0 . ([%#sord12] cmp_log'2 x y = C_Greater'0) + -> ([%#sord13] cmp_log'2 y x = C_Less'0) - predicate precondition'0 [#"../../../creusot-contracts/src/std/ops.rs" 77 4 77 45] (self : t_F'0) (args : t_Item'0) + function antisym1'1 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_B'0) (y : t_B'0) : () - use seq.Seq + axiom antisym1'1_spec : forall x : t_B'0, y : t_B'0 . ([%#sord10] cmp_log'2 x y = C_Less'0) + -> ([%#sord11] cmp_log'2 y x = C_Greater'0) - predicate produces'0 [@inline:trivial] [#"../../../creusot-contracts/src/std/iter/map.rs" 61 4 61 67] (self : t_Map'0) (visited : Seq.seq t_B'0) (succ : t_Map'0) + function trans'1 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_B'0) (y : t_B'0) (z : t_B'0) (o : t_Ordering'0) : () - = - [%#smap1] unnest'0 (func'0 self) (func'0 succ) - /\ (exists fs : Seq.seq (borrowed t_F'0) . Seq.length fs = Seq.length visited - /\ (exists s : Seq.seq t_Item'0 [produces'1 (iter'0 self) s (iter'0 succ)] . Seq.length s = Seq.length visited - /\ produces'1 (iter'0 self) s (iter'0 succ) - /\ (forall i : int . 1 <= i /\ i < Seq.length fs -> (Seq.get fs (i - 1)).final = (Seq.get fs i).current) - /\ (if Seq.length visited = 0 then - func'0 self = func'0 succ - else - (Seq.get fs 0).current = func'0 self /\ (Seq.get fs (Seq.length visited - 1)).final = func'0 succ - ) - /\ (forall i : int . 0 <= i /\ i < Seq.length visited - -> unnest'0 (func'0 self) (Seq.get fs i).current - /\ precondition'0 (Seq.get fs i).current (Seq.get s i) - /\ postcondition_mut'0 (Seq.get fs i).current (Seq.get s i) (Seq.get fs i).final (Seq.get visited i)))) - - goal refines : [%#smap0] forall self : t_Map'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_B'0) self - -> produces'0 self (Seq.empty : Seq.seq t_B'0) self -end -module M_creusot_contracts__stdqy35z1__iter__map__qyi6597778842032428791__produces_trans__refines [#"../../../creusot-contracts/src/std/iter/map.rs" 88 4 88 90] (* as std::iter::Iterator> *) - let%span smap0 = "../../../creusot-contracts/src/std/iter/map.rs" 88 4 88 90 - let%span smap1 = "../../../creusot-contracts/src/std/iter/map.rs" 63 12 74 75 - let%span smap2 = "../../../creusot-contracts/src/std/iter/map.rs" 22 14 22 39 - let%span smap3 = "../../../creusot-contracts/src/std/iter/map.rs" 15 14 15 39 - let%span sops4 = "../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 - let%span sops5 = "../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 - let%span sops6 = "../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 - let%span sops7 = "../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 - let%span sops8 = "../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 - let%span sops9 = "../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 - let%span sops10 = "../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 - let%span siter11 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 - let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 - let%span siter13 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 - let%span siter14 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 - type t_I'0 + axiom trans'1_spec : forall x : t_B'0, y : t_B'0, z : t_B'0, o : t_Ordering'0 . ([%#sord7] cmp_log'2 x y = o) + -> ([%#sord8] cmp_log'2 y z = o) -> ([%#sord9] cmp_log'2 x z = o) - type t_F'0 + function refl'1 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_B'0) : () - type t_Map'0 = - { t_Map__iter'0: t_I'0; t_Map__f'0: t_F'0 } + axiom refl'1_spec : forall x : t_B'0 . [%#sord6] cmp_log'2 x x = C_Equal'0 - type t_B'0 + function gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_B'0) (o : t_B'0) : bool - use seq.Seq + function cmp_gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_B'0) (y : t_B'0) : () - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) + axiom cmp_gt_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord5] gt_log'1 x y = (cmp_log'2 x y = C_Greater'0) - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_F'0) + function ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_B'0) (o : t_B'0) : bool - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Map'0) + function cmp_ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_B'0) (y : t_B'0) : () - axiom inv_axiom'0 [@rewrite] : forall x : t_Map'0 [inv'0 x] . inv'0 x - = match x with - | {t_Map__iter'0 = iter ; t_Map__f'0 = f} -> inv'2 iter /\ inv'1 f - end + axiom cmp_ge_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord4] ge_log'1 x y = (cmp_log'2 x y <> C_Less'0) - function func'0 [#"../../../creusot-contracts/src/std/iter/map.rs" 23 4 23 22] (self : t_Map'0) : t_F'0 + function lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_B'0) (o : t_B'0) : bool - axiom func'0_spec : forall self : t_Map'0 . [%#smap2] inv'0 self -> inv'1 (func'0 self) + function cmp_lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_B'0) (y : t_B'0) : () - type t_Item'0 + axiom cmp_lt_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord3] lt_log'1 x y = (cmp_log'2 x y = C_Less'0) - predicate postcondition_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 85 4 85 73] (self : t_F'0) (args : t_Item'0) (result : t_B'0) - + function le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_B'0) (o : t_B'0) : bool - use prelude.prelude.Borrow + function cmp_le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_B'0) (y : t_B'0) : () - predicate resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_F'0) + axiom cmp_le_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord2] le_log'1 x y = (cmp_log'2 x y <> C_Greater'0) - predicate postcondition_mut'0 [#"../../../creusot-contracts/src/std/ops.rs" 95 4 95 92] (self : t_F'0) (args : t_Item'0) (result_state : t_F'0) (result : t_B'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 262 4 262 41] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : t_Ordering'0 - - function fn_mut_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 129 4 129 55] (self : t_F'0) (args : t_Item'0) (res : t_B'0) : () + = + [%#sord1] let r = cmp_log'1 (let (a, _) = self in a) (let (a, _) = o in a) in if r = C_Equal'0 then + cmp_log'2 (let (_, a) = self in a) (let (_, a) = o in a) + else + r - axiom fn_mut_once'0_spec : forall self : t_F'0, args : t_Item'0, res : t_B'0 . [%#sops10] postcondition_once'0 self args res - = (exists res_state : t_F'0 . postcondition_mut'0 self args res_state res /\ resolve'0 res_state) - - predicate unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 103 4 103 36] (self : t_F'0) (_2 : t_F'0) - - function unnest_trans'0 [#"../../../creusot-contracts/src/std/ops.rs" 123 4 123 43] (self : t_F'0) (b : t_F'0) (c : t_F'0) : () - + goal refines : [%#sord0] forall x : (t_A'0, t_B'0) . forall y : (t_A'0, t_B'0) . cmp_log'0 x y = C_Greater'0 + -> cmp_log'0 x y = C_Greater'0 /\ (forall result : () . cmp_log'0 y x = C_Less'0 -> cmp_log'0 y x = C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi1910662420989811789__eq_cmp__refines [#"../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35] (* <(A, B) as logic::ord::OrdLogic> *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 263 8 270 11 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 + let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 + let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 + let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 + let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 + let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 + let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 + let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 + let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 + let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 + let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 - axiom unnest_trans'0_spec : forall self : t_F'0, b : t_F'0, c : t_F'0 . ([%#sops7] unnest'0 self b) - -> ([%#sops8] unnest'0 b c) -> ([%#sops9] unnest'0 self c) + type t_A'0 - function unnest_refl'0 [#"../../../creusot-contracts/src/std/ops.rs" 116 4 116 24] (self : t_F'0) : () + type t_B'0 - axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops6] unnest'0 self self + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function postcondition_mut_unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 111 4 111 85] (self : t_F'0) (args : t_Item'0) (res_state : t_F'0) (res : t_B'0) : () + function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_A'0) (other : t_A'0) : t_Ordering'0 - axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : t_Item'0, res_state : t_F'0, res : t_B'0 . ([%#sops4] postcondition_mut'0 self args res_state res) - -> ([%#sops5] unnest'0 self res_state) + function eq_cmp'1 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_A'0) (y : t_A'0) : () + + axiom eq_cmp'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord14] (x = y) = (cmp_log'1 x y = C_Equal'0) - use seq.Seq + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_A'0) (y : t_A'0) : () - use seq.Seq + axiom antisym2'0_spec : forall x : t_A'0, y : t_A'0 . ([%#sord12] cmp_log'1 x y = C_Greater'0) + -> ([%#sord13] cmp_log'1 y x = C_Less'0) - use seq.Seq + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_A'0) (y : t_A'0) : () - use seq.Seq + axiom antisym1'0_spec : forall x : t_A'0, y : t_A'0 . ([%#sord10] cmp_log'1 x y = C_Less'0) + -> ([%#sord11] cmp_log'1 y x = C_Greater'0) - use seq.Seq + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_A'0) (y : t_A'0) (z : t_A'0) (o : t_Ordering'0) : () + - function iter'0 [#"../../../creusot-contracts/src/std/iter/map.rs" 16 4 16 22] (self : t_Map'0) : t_I'0 + axiom trans'0_spec : forall x : t_A'0, y : t_A'0, z : t_A'0, o : t_Ordering'0 . ([%#sord7] cmp_log'1 x y = o) + -> ([%#sord8] cmp_log'1 y z = o) -> ([%#sord9] cmp_log'1 x z = o) - axiom iter'0_spec : forall self : t_Map'0 . [%#smap3] inv'0 self -> inv'2 (iter'0 self) + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_A'0) : () - use seq.Seq + axiom refl'0_spec : forall x : t_A'0 . [%#sord6] cmp_log'1 x x = C_Equal'0 - use seq.Seq + function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_A'0) (o : t_A'0) : bool - predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_A'0) (y : t_A'0) : () - function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - + axiom cmp_gt_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord5] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) - axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter12] produces'1 a ab b) - -> ([%#siter13] produces'1 b bc c) -> ([%#siter14] produces'1 a (Seq.(++) ab bc) c) + function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_A'0) (o : t_A'0) : bool - function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_A'0) (y : t_A'0) : () - axiom produces_refl'0_spec : forall self : t_I'0 . [%#siter11] produces'1 self (Seq.empty : Seq.seq t_Item'0) self + axiom cmp_ge_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord4] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) - use prelude.prelude.Int + function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_A'0) (o : t_A'0) : bool - use seq.Seq + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_A'0) (y : t_A'0) : () - use seq.Seq + axiom cmp_lt_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord3] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) - predicate precondition'0 [#"../../../creusot-contracts/src/std/ops.rs" 77 4 77 45] (self : t_F'0) (args : t_Item'0) + function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_A'0) (o : t_A'0) : bool - use seq.Seq + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_A'0) (y : t_A'0) : () - predicate produces'0 [@inline:trivial] [#"../../../creusot-contracts/src/std/iter/map.rs" 61 4 61 67] (self : t_Map'0) (visited : Seq.seq t_B'0) (succ : t_Map'0) + axiom cmp_le_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord2] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) + + function cmp_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_B'0) (other : t_B'0) : t_Ordering'0 - = - [%#smap1] unnest'0 (func'0 self) (func'0 succ) - /\ (exists fs : Seq.seq (borrowed t_F'0) . Seq.length fs = Seq.length visited - /\ (exists s : Seq.seq t_Item'0 [produces'1 (iter'0 self) s (iter'0 succ)] . Seq.length s = Seq.length visited - /\ produces'1 (iter'0 self) s (iter'0 succ) - /\ (forall i : int . 1 <= i /\ i < Seq.length fs -> (Seq.get fs (i - 1)).final = (Seq.get fs i).current) - /\ (if Seq.length visited = 0 then - func'0 self = func'0 succ - else - (Seq.get fs 0).current = func'0 self /\ (Seq.get fs (Seq.length visited - 1)).final = func'0 succ - ) - /\ (forall i : int . 0 <= i /\ i < Seq.length visited - -> unnest'0 (func'0 self) (Seq.get fs i).current - /\ precondition'0 (Seq.get fs i).current (Seq.get s i) - /\ postcondition_mut'0 (Seq.get fs i).current (Seq.get s i) (Seq.get fs i).final (Seq.get visited i)))) - use seq.Seq + function eq_cmp'2 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_B'0) (y : t_B'0) : () - goal refines : [%#smap0] forall a : t_Map'0 . forall ab : Seq.seq t_B'0 . forall b : t_Map'0 . forall bc : Seq.seq t_B'0 . forall c : t_Map'0 . produces'0 b bc c - /\ produces'0 a ab b - -> produces'0 b bc c - /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) -end -module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi9026772487048432788__produces_refl__refines [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 24 4 24 26] (* ::Item, F> as std::iter::Iterator> *) - let%span smap_inv0 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 24 4 24 26 - let%span smap_inv1 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 37 8 49 9 - let%span sops2 = "../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 - let%span sops3 = "../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 - let%span sops4 = "../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 - let%span sops5 = "../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 - let%span sops6 = "../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 - let%span sops7 = "../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 - let%span sops8 = "../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 - let%span siter9 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 - let%span siter10 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 - let%span siter11 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 - let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 + axiom eq_cmp'2_spec : forall x : t_B'0, y : t_B'0 . [%#sord14] (x = y) = (cmp_log'2 x y = C_Equal'0) - type t_I'0 + function antisym2'1 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_B'0) (y : t_B'0) : () - type t_F'0 + axiom antisym2'1_spec : forall x : t_B'0, y : t_B'0 . ([%#sord12] cmp_log'2 x y = C_Greater'0) + -> ([%#sord13] cmp_log'2 y x = C_Less'0) - type t_Item'0 + function antisym1'1 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_B'0) (y : t_B'0) : () - use seq.Seq + axiom antisym1'1_spec : forall x : t_B'0, y : t_B'0 . ([%#sord10] cmp_log'2 x y = C_Less'0) + -> ([%#sord11] cmp_log'2 y x = C_Greater'0) - use prelude.prelude.Snapshot + function trans'1 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_B'0) (y : t_B'0) (z : t_B'0) (o : t_Ordering'0) : () + - type t_MapInv'0 = - { t_MapInv__iter'0: t_I'0; t_MapInv__func'0: t_F'0; t_MapInv__produced'0: Snapshot.snap_ty (Seq.seq t_Item'0) } + axiom trans'1_spec : forall x : t_B'0, y : t_B'0, z : t_B'0, o : t_Ordering'0 . ([%#sord7] cmp_log'2 x y = o) + -> ([%#sord8] cmp_log'2 y z = o) -> ([%#sord9] cmp_log'2 x z = o) - use seq.Seq + function refl'1 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_B'0) : () - type t_B'0 + axiom refl'1_spec : forall x : t_B'0 . [%#sord6] cmp_log'2 x x = C_Equal'0 - use seq.Seq + function gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_B'0) (o : t_B'0) : bool - predicate postcondition_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 85 4 85 73] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (result : t_B'0) - + function cmp_gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_B'0) (y : t_B'0) : () - use prelude.prelude.Borrow + axiom cmp_gt_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord5] gt_log'1 x y = (cmp_log'2 x y = C_Greater'0) - predicate resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_F'0) + function ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_B'0) (o : t_B'0) : bool - predicate postcondition_mut'0 [#"../../../creusot-contracts/src/std/ops.rs" 95 4 95 92] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (result_state : t_F'0) (result : t_B'0) - + function cmp_ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_B'0) (y : t_B'0) : () - function fn_mut_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 129 4 129 55] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (res : t_B'0) : () - + axiom cmp_ge_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord4] ge_log'1 x y = (cmp_log'2 x y <> C_Less'0) - axiom fn_mut_once'0_spec : forall self : t_F'0, args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0)), res : t_B'0 . [%#sops8] postcondition_once'0 self args res - = (exists res_state : t_F'0 . postcondition_mut'0 self args res_state res /\ resolve'0 res_state) + function lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_B'0) (o : t_B'0) : bool - predicate unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 103 4 103 36] (self : t_F'0) (_2 : t_F'0) + function cmp_lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_B'0) (y : t_B'0) : () - function unnest_trans'0 [#"../../../creusot-contracts/src/std/ops.rs" 123 4 123 43] (self : t_F'0) (b : t_F'0) (c : t_F'0) : () - + axiom cmp_lt_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord3] lt_log'1 x y = (cmp_log'2 x y = C_Less'0) - axiom unnest_trans'0_spec : forall self : t_F'0, b : t_F'0, c : t_F'0 . ([%#sops5] unnest'0 self b) - -> ([%#sops6] unnest'0 b c) -> ([%#sops7] unnest'0 self c) + function le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_B'0) (o : t_B'0) : bool - function unnest_refl'0 [#"../../../creusot-contracts/src/std/ops.rs" 116 4 116 24] (self : t_F'0) : () + function cmp_le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_B'0) (y : t_B'0) : () - axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops4] unnest'0 self self + axiom cmp_le_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord2] le_log'1 x y = (cmp_log'2 x y <> C_Greater'0) - function postcondition_mut_unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 111 4 111 85] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (res_state : t_F'0) (res : t_B'0) : () + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 262 4 262 41] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : t_Ordering'0 + + = + [%#sord1] let r = cmp_log'1 (let (a, _) = self in a) (let (a, _) = o in a) in if r = C_Equal'0 then + cmp_log'2 (let (_, a) = self in a) (let (_, a) = o in a) + else + r - axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0)), res_state : t_F'0, res : t_B'0 . ([%#sops2] postcondition_mut'0 self args res_state res) - -> ([%#sops3] unnest'0 self res_state) + goal refines : [%#sord0] forall x : (t_A'0, t_B'0) . forall y : (t_A'0, t_B'0) . forall result : () . (x = y) + = (cmp_log'0 x y = C_Equal'0) -> (x = y) = (cmp_log'0 x y = C_Equal'0) +end +module M_creusot_contracts__logic__ord__qyi1910662420989811789__cmp_le_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39] (* <(A, B) as logic::ord::OrdLogic> *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 276 20 276 68 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 263 8 270 11 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 + let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 + let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 + let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 + let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 + let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 + let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 + let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 + let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 + let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 + let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 + let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 - use seq.Seq + type t_A'0 - use seq.Seq + type t_B'0 - use seq.Seq + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - use seq.Seq + function cmp_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_B'0) (other : t_B'0) : t_Ordering'0 + - use seq.Seq + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_B'0) (y : t_B'0) : () - use seq.Seq + axiom eq_cmp'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord15] (x = y) = (cmp_log'2 x y = C_Equal'0) - predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_B'0) (y : t_B'0) : () - function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - + axiom antisym2'0_spec : forall x : t_B'0, y : t_B'0 . ([%#sord13] cmp_log'2 x y = C_Greater'0) + -> ([%#sord14] cmp_log'2 y x = C_Less'0) - axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter10] produces'1 a ab b) - -> ([%#siter11] produces'1 b bc c) -> ([%#siter12] produces'1 a (Seq.(++) ab bc) c) + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_B'0) (y : t_B'0) : () - function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () + axiom antisym1'0_spec : forall x : t_B'0, y : t_B'0 . ([%#sord11] cmp_log'2 x y = C_Less'0) + -> ([%#sord12] cmp_log'2 y x = C_Greater'0) - axiom produces_refl'1_spec : forall self : t_I'0 . [%#siter9] produces'1 self (Seq.empty : Seq.seq t_Item'0) self + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_B'0) (y : t_B'0) (z : t_B'0) (o : t_Ordering'0) : () + - use prelude.prelude.Snapshot + axiom trans'0_spec : forall x : t_B'0, y : t_B'0, z : t_B'0, o : t_Ordering'0 . ([%#sord8] cmp_log'2 x y = o) + -> ([%#sord9] cmp_log'2 y z = o) -> ([%#sord10] cmp_log'2 x z = o) - use prelude.prelude.Snapshot + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_B'0) : () - use prelude.prelude.Int + axiom refl'0_spec : forall x : t_B'0 . [%#sord7] cmp_log'2 x x = C_Equal'0 - use seq.Seq + function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_B'0) (o : t_B'0) : bool - use seq.Seq + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_B'0) (y : t_B'0) : () - use seq.Seq + axiom cmp_gt_log'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord6] gt_log'0 x y = (cmp_log'2 x y = C_Greater'0) - use prelude.prelude.Snapshot + function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_B'0) (o : t_B'0) : bool - predicate precondition'0 [#"../../../creusot-contracts/src/std/ops.rs" 77 4 77 45] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) - + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_B'0) (y : t_B'0) : () - use seq.Seq + axiom cmp_ge_log'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord5] ge_log'0 x y = (cmp_log'2 x y <> C_Less'0) - predicate produces'0 [@inline:trivial] [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 36 4 36 67] (self : t_MapInv'0) (visited : Seq.seq t_B'0) (succ : t_MapInv'0) - - = - [%#smap_inv1] unnest'0 self.t_MapInv__func'0 succ.t_MapInv__func'0 - /\ (exists fs : Seq.seq (borrowed t_F'0) . Seq.length fs = Seq.length visited - /\ (exists s : Seq.seq t_Item'0 . Seq.length s = Seq.length visited - /\ produces'1 self.t_MapInv__iter'0 s succ.t_MapInv__iter'0 - /\ Snapshot.inner succ.t_MapInv__produced'0 = Seq.(++) (Snapshot.inner self.t_MapInv__produced'0) s - /\ (forall i : int . 1 <= i /\ i < Seq.length fs -> (Seq.get fs (i - 1)).final = (Seq.get fs i).current) - /\ (if Seq.length visited = 0 then - self.t_MapInv__func'0 = succ.t_MapInv__func'0 - else - (Seq.get fs 0).current = self.t_MapInv__func'0 - /\ (Seq.get fs (Seq.length visited - 1)).final = succ.t_MapInv__func'0 - ) - /\ (forall i : int . 0 <= i /\ i < Seq.length visited - -> unnest'0 self.t_MapInv__func'0 (Seq.get fs i).current - /\ precondition'0 (Seq.get fs i).current (Seq.get s i, Snapshot.new (Seq.(++) (Snapshot.inner self.t_MapInv__produced'0) (Seq.([..]) s 0 i))) - /\ postcondition_mut'0 (Seq.get fs i).current (Seq.get s i, Snapshot.new (Seq.(++) (Snapshot.inner self.t_MapInv__produced'0) (Seq.([..]) s 0 i))) (Seq.get fs i).final (Seq.get visited i)))) + function lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_B'0) (o : t_B'0) : bool - goal refines : [%#smap_inv0] forall self : t_MapInv'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_B'0) self - -> produces'0 self (Seq.empty : Seq.seq t_B'0) self -end -module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi9026772487048432788__produces_trans__refines [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 31 4 31 90] (* ::Item, F> as std::iter::Iterator> *) - let%span smap_inv0 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 31 4 31 90 - let%span smap_inv1 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 37 8 49 9 - let%span sops2 = "../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 - let%span sops3 = "../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 - let%span sops4 = "../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 - let%span sops5 = "../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 - let%span sops6 = "../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 - let%span sops7 = "../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 - let%span sops8 = "../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 - let%span siter9 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 - let%span siter10 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 - let%span siter11 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 - let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_B'0) (y : t_B'0) : () - type t_I'0 + axiom cmp_lt_log'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord4] lt_log'1 x y = (cmp_log'2 x y = C_Less'0) - type t_F'0 + function le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_B'0) (o : t_B'0) : bool - type t_Item'0 + function cmp_le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_B'0) (y : t_B'0) : () - use seq.Seq + axiom cmp_le_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord3] le_log'1 x y = (cmp_log'2 x y <> C_Greater'0) - use prelude.prelude.Snapshot + function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_A'0) (other : t_A'0) : t_Ordering'0 + - type t_MapInv'0 = - { t_MapInv__iter'0: t_I'0; t_MapInv__func'0: t_F'0; t_MapInv__produced'0: Snapshot.snap_ty (Seq.seq t_Item'0) } + function eq_cmp'1 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_A'0) (y : t_A'0) : () - type t_B'0 + axiom eq_cmp'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord15] (x = y) = (cmp_log'1 x y = C_Equal'0) - use seq.Seq + function antisym2'1 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_A'0) (y : t_A'0) : () - predicate postcondition_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 85 4 85 73] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (result : t_B'0) - + axiom antisym2'1_spec : forall x : t_A'0, y : t_A'0 . ([%#sord13] cmp_log'1 x y = C_Greater'0) + -> ([%#sord14] cmp_log'1 y x = C_Less'0) - use prelude.prelude.Borrow + function antisym1'1 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_A'0) (y : t_A'0) : () - predicate resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_F'0) + axiom antisym1'1_spec : forall x : t_A'0, y : t_A'0 . ([%#sord11] cmp_log'1 x y = C_Less'0) + -> ([%#sord12] cmp_log'1 y x = C_Greater'0) - predicate postcondition_mut'0 [#"../../../creusot-contracts/src/std/ops.rs" 95 4 95 92] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (result_state : t_F'0) (result : t_B'0) + function trans'1 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_A'0) (y : t_A'0) (z : t_A'0) (o : t_Ordering'0) : () - function fn_mut_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 129 4 129 55] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (res : t_B'0) : () - + axiom trans'1_spec : forall x : t_A'0, y : t_A'0, z : t_A'0, o : t_Ordering'0 . ([%#sord8] cmp_log'1 x y = o) + -> ([%#sord9] cmp_log'1 y z = o) -> ([%#sord10] cmp_log'1 x z = o) - axiom fn_mut_once'0_spec : forall self : t_F'0, args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0)), res : t_B'0 . [%#sops8] postcondition_once'0 self args res - = (exists res_state : t_F'0 . postcondition_mut'0 self args res_state res /\ resolve'0 res_state) + function refl'1 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_A'0) : () - predicate unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 103 4 103 36] (self : t_F'0) (_2 : t_F'0) + axiom refl'1_spec : forall x : t_A'0 . [%#sord7] cmp_log'1 x x = C_Equal'0 - function unnest_trans'0 [#"../../../creusot-contracts/src/std/ops.rs" 123 4 123 43] (self : t_F'0) (b : t_F'0) (c : t_F'0) : () - + function gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_A'0) (o : t_A'0) : bool - axiom unnest_trans'0_spec : forall self : t_F'0, b : t_F'0, c : t_F'0 . ([%#sops5] unnest'0 self b) - -> ([%#sops6] unnest'0 b c) -> ([%#sops7] unnest'0 self c) + function cmp_gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_A'0) (y : t_A'0) : () - function unnest_refl'0 [#"../../../creusot-contracts/src/std/ops.rs" 116 4 116 24] (self : t_F'0) : () + axiom cmp_gt_log'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord6] gt_log'1 x y = (cmp_log'1 x y = C_Greater'0) - axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops4] unnest'0 self self + function ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_A'0) (o : t_A'0) : bool - function postcondition_mut_unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 111 4 111 85] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (res_state : t_F'0) (res : t_B'0) : () - + function cmp_ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_A'0) (y : t_A'0) : () - axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0)), res_state : t_F'0, res : t_B'0 . ([%#sops2] postcondition_mut'0 self args res_state res) - -> ([%#sops3] unnest'0 self res_state) + axiom cmp_ge_log'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord5] ge_log'1 x y = (cmp_log'1 x y <> C_Less'0) - use seq.Seq + function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_A'0) (o : t_A'0) : bool - use seq.Seq + function cmp_lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_A'0) (y : t_A'0) : () - use seq.Seq + axiom cmp_lt_log'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord4] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) - use seq.Seq + function le_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_A'0) (o : t_A'0) : bool - use seq.Seq + function cmp_le_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_A'0) (y : t_A'0) : () - use seq.Seq + axiom cmp_le_log'2_spec : forall x : t_A'0, y : t_A'0 . [%#sord3] le_log'2 x y = (cmp_log'1 x y <> C_Greater'0) - predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) + function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 275 4 275 36] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : bool + = + [%#sord1] (let (a, _) = self in a) = (let (a, _) = o in a) + /\ le_log'1 (let (_, a) = self in a) (let (_, a) = o in a) + \/ lt_log'0 (let (a, _) = self in a) (let (a, _) = o in a) - function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 262 4 262 41] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : t_Ordering'0 + + = + [%#sord2] let r = cmp_log'1 (let (a, _) = self in a) (let (a, _) = o in a) in if r = C_Equal'0 then + cmp_log'2 (let (_, a) = self in a) (let (_, a) = o in a) + else + r - axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter10] produces'1 a ab b) - -> ([%#siter11] produces'1 b bc c) -> ([%#siter12] produces'1 a (Seq.(++) ab bc) c) + goal refines : [%#sord0] forall x : (t_A'0, t_B'0) . forall y : (t_A'0, t_B'0) . forall result : () . le_log'0 x y + = (cmp_log'0 x y <> C_Greater'0) -> le_log'0 x y = (cmp_log'0 x y <> C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi1910662420989811789__refl__refines [#"../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24] (* <(A, B) as logic::ord::OrdLogic> *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 263 8 270 11 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 + let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 + let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 + let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 + let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 + let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 + let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 + let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 + let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 + let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 + let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 - function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () + type t_A'0 - axiom produces_refl'0_spec : forall self : t_I'0 . [%#siter9] produces'1 self (Seq.empty : Seq.seq t_Item'0) self + type t_B'0 - use prelude.prelude.Snapshot + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - use prelude.prelude.Snapshot + function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_A'0) (other : t_A'0) : t_Ordering'0 + - use prelude.prelude.Int + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_A'0) (y : t_A'0) : () - use seq.Seq + axiom eq_cmp'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord14] (x = y) = (cmp_log'1 x y = C_Equal'0) - use seq.Seq + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_A'0) (y : t_A'0) : () - use seq.Seq + axiom antisym2'0_spec : forall x : t_A'0, y : t_A'0 . ([%#sord12] cmp_log'1 x y = C_Greater'0) + -> ([%#sord13] cmp_log'1 y x = C_Less'0) - use prelude.prelude.Snapshot + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_A'0) (y : t_A'0) : () - predicate precondition'0 [#"../../../creusot-contracts/src/std/ops.rs" 77 4 77 45] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) + axiom antisym1'0_spec : forall x : t_A'0, y : t_A'0 . ([%#sord10] cmp_log'1 x y = C_Less'0) + -> ([%#sord11] cmp_log'1 y x = C_Greater'0) + + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_A'0) (y : t_A'0) (z : t_A'0) (o : t_Ordering'0) : () - use seq.Seq + axiom trans'0_spec : forall x : t_A'0, y : t_A'0, z : t_A'0, o : t_Ordering'0 . ([%#sord7] cmp_log'1 x y = o) + -> ([%#sord8] cmp_log'1 y z = o) -> ([%#sord9] cmp_log'1 x z = o) - predicate produces'0 [@inline:trivial] [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 36 4 36 67] (self : t_MapInv'0) (visited : Seq.seq t_B'0) (succ : t_MapInv'0) - - = - [%#smap_inv1] unnest'0 self.t_MapInv__func'0 succ.t_MapInv__func'0 - /\ (exists fs : Seq.seq (borrowed t_F'0) . Seq.length fs = Seq.length visited - /\ (exists s : Seq.seq t_Item'0 . Seq.length s = Seq.length visited - /\ produces'1 self.t_MapInv__iter'0 s succ.t_MapInv__iter'0 - /\ Snapshot.inner succ.t_MapInv__produced'0 = Seq.(++) (Snapshot.inner self.t_MapInv__produced'0) s - /\ (forall i : int . 1 <= i /\ i < Seq.length fs -> (Seq.get fs (i - 1)).final = (Seq.get fs i).current) - /\ (if Seq.length visited = 0 then - self.t_MapInv__func'0 = succ.t_MapInv__func'0 - else - (Seq.get fs 0).current = self.t_MapInv__func'0 - /\ (Seq.get fs (Seq.length visited - 1)).final = succ.t_MapInv__func'0 - ) - /\ (forall i : int . 0 <= i /\ i < Seq.length visited - -> unnest'0 self.t_MapInv__func'0 (Seq.get fs i).current - /\ precondition'0 (Seq.get fs i).current (Seq.get s i, Snapshot.new (Seq.(++) (Snapshot.inner self.t_MapInv__produced'0) (Seq.([..]) s 0 i))) - /\ postcondition_mut'0 (Seq.get fs i).current (Seq.get s i, Snapshot.new (Seq.(++) (Snapshot.inner self.t_MapInv__produced'0) (Seq.([..]) s 0 i))) (Seq.get fs i).final (Seq.get visited i)))) + function refl'1 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_A'0) : () - use seq.Seq + axiom refl'1_spec : forall x : t_A'0 . [%#sord6] cmp_log'1 x x = C_Equal'0 - goal refines : [%#smap_inv0] forall a : t_MapInv'0 . forall ab : Seq.seq t_B'0 . forall b : t_MapInv'0 . forall bc : Seq.seq t_B'0 . forall c : t_MapInv'0 . produces'0 b bc c - /\ produces'0 a ab b - -> produces'0 b bc c - /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) -end -module M_creusot_contracts__stdqy35z1__iter__once__qyi8116812009287608646__produces_trans__refines [#"../../../creusot-contracts/src/std/iter/once.rs" 39 4 39 90] (* as std::iter::Iterator> *) - let%span sonce0 = "../../../creusot-contracts/src/std/iter/once.rs" 39 4 39 90 - let%span sonce1 = "../../../creusot-contracts/src/std/iter/once.rs" 24 12 25 96 + function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_A'0) (o : t_A'0) : bool - type t_T'0 + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_A'0) (y : t_A'0) : () - type t_Option'0 = - | C_None'0 - | C_Some'0 t_T'0 + axiom cmp_gt_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord5] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) - type t_Item'0 = - { t_Item__opt'0: t_Option'0 } + function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_A'0) (o : t_A'0) : bool - type t_IntoIter'0 = - { t_IntoIter__inner'0: t_Item'0 } + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_A'0) (y : t_A'0) : () - type t_Once'0 = - { t_Once__inner'0: t_IntoIter'0 } + axiom cmp_ge_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord4] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) - use seq.Seq + function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_A'0) (o : t_A'0) : bool - use seq.Seq + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_A'0) (y : t_A'0) : () - function view'0 [#"../../../creusot-contracts/src/std/iter/once.rs" 8 4 8 30] (self : t_Once'0) : t_Option'0 + axiom cmp_lt_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord3] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) - use seq.Seq + function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_A'0) (o : t_A'0) : bool - predicate produces'0 [#"../../../creusot-contracts/src/std/iter/once.rs" 22 4 22 64] (self : t_Once'0) (visited : Seq.seq t_T'0) (o : t_Once'0) + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_A'0) (y : t_A'0) : () + + axiom cmp_le_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord2] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) + + function cmp_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_B'0) (other : t_B'0) : t_Ordering'0 - = - [%#sonce1] visited = (Seq.empty : Seq.seq t_T'0) /\ self = o - \/ (exists e : t_T'0 . view'0 self = C_Some'0 e /\ visited = Seq.singleton e /\ view'0 o = C_None'0) - use seq.Seq + function eq_cmp'1 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_B'0) (y : t_B'0) : () - goal refines : [%#sonce0] forall a : t_Once'0 . forall ab : Seq.seq t_T'0 . forall b : t_Once'0 . forall bc : Seq.seq t_T'0 . forall c : t_Once'0 . produces'0 b bc c - /\ produces'0 a ab b - -> produces'0 b bc c - /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) -end -module M_creusot_contracts__stdqy35z1__iter__once__qyi8116812009287608646__produces_refl__refines [#"../../../creusot-contracts/src/std/iter/once.rs" 32 4 32 26] (* as std::iter::Iterator> *) - let%span sonce0 = "../../../creusot-contracts/src/std/iter/once.rs" 32 4 32 26 - let%span sonce1 = "../../../creusot-contracts/src/std/iter/once.rs" 24 12 25 96 + axiom eq_cmp'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord14] (x = y) = (cmp_log'2 x y = C_Equal'0) - type t_T'0 + function antisym2'1 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_B'0) (y : t_B'0) : () - type t_Option'0 = - | C_None'0 - | C_Some'0 t_T'0 + axiom antisym2'1_spec : forall x : t_B'0, y : t_B'0 . ([%#sord12] cmp_log'2 x y = C_Greater'0) + -> ([%#sord13] cmp_log'2 y x = C_Less'0) - type t_Item'0 = - { t_Item__opt'0: t_Option'0 } + function antisym1'1 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_B'0) (y : t_B'0) : () - type t_IntoIter'0 = - { t_IntoIter__inner'0: t_Item'0 } + axiom antisym1'1_spec : forall x : t_B'0, y : t_B'0 . ([%#sord10] cmp_log'2 x y = C_Less'0) + -> ([%#sord11] cmp_log'2 y x = C_Greater'0) - type t_Once'0 = - { t_Once__inner'0: t_IntoIter'0 } + function trans'1 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_B'0) (y : t_B'0) (z : t_B'0) (o : t_Ordering'0) : () + - use seq.Seq + axiom trans'1_spec : forall x : t_B'0, y : t_B'0, z : t_B'0, o : t_Ordering'0 . ([%#sord7] cmp_log'2 x y = o) + -> ([%#sord8] cmp_log'2 y z = o) -> ([%#sord9] cmp_log'2 x z = o) - use seq.Seq + function refl'2 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_B'0) : () - function view'0 [#"../../../creusot-contracts/src/std/iter/once.rs" 8 4 8 30] (self : t_Once'0) : t_Option'0 + axiom refl'2_spec : forall x : t_B'0 . [%#sord6] cmp_log'2 x x = C_Equal'0 - use seq.Seq + function gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_B'0) (o : t_B'0) : bool + + function cmp_gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_B'0) (y : t_B'0) : () + + axiom cmp_gt_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord5] gt_log'1 x y = (cmp_log'2 x y = C_Greater'0) + + function ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_B'0) (o : t_B'0) : bool + + function cmp_ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_B'0) (y : t_B'0) : () + + axiom cmp_ge_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord4] ge_log'1 x y = (cmp_log'2 x y <> C_Less'0) + + function lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_B'0) (o : t_B'0) : bool + + function cmp_lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_B'0) (y : t_B'0) : () + + axiom cmp_lt_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord3] lt_log'1 x y = (cmp_log'2 x y = C_Less'0) + + function le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_B'0) (o : t_B'0) : bool + + function cmp_le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_B'0) (y : t_B'0) : () + + axiom cmp_le_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord2] le_log'1 x y = (cmp_log'2 x y <> C_Greater'0) - predicate produces'0 [#"../../../creusot-contracts/src/std/iter/once.rs" 22 4 22 64] (self : t_Once'0) (visited : Seq.seq t_T'0) (o : t_Once'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 262 4 262 41] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : t_Ordering'0 = - [%#sonce1] visited = (Seq.empty : Seq.seq t_T'0) /\ self = o - \/ (exists e : t_T'0 . view'0 self = C_Some'0 e /\ visited = Seq.singleton e /\ view'0 o = C_None'0) + [%#sord1] let r = cmp_log'1 (let (a, _) = self in a) (let (a, _) = o in a) in if r = C_Equal'0 then + cmp_log'2 (let (_, a) = self in a) (let (_, a) = o in a) + else + r + - goal refines : [%#sonce0] forall self : t_Once'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_T'0) self - -> produces'0 self (Seq.empty : Seq.seq t_T'0) self + goal refines : [%#sord0] forall x : (t_A'0, t_B'0) . forall result : () . cmp_log'0 x x = C_Equal'0 + -> cmp_log'0 x x = C_Equal'0 end -module M_creusot_contracts__stdqy35z1__iter__range__qyi16860283617022118777__produces_refl__refines [#"../../../creusot-contracts/src/std/iter/range.rs" 33 4 33 26] (* as std::iter::Iterator> *) - let%span srange0 = "../../../creusot-contracts/src/std/iter/range.rs" 33 4 33 26 - let%span srange1 = "../../../creusot-contracts/src/std/iter/range.rs" 22 12 26 70 +module M_creusot_contracts__logic__ord__qyi1910662420989811789__trans__refines [#"../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56] (* <(A, B) as logic::ord::OrdLogic> *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 263 8 270 11 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 + let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 + let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 + let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 + let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 + let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 + let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 + let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 + let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 + let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 + let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 - type t_Idx'0 + type t_A'0 - type t_Range'0 = - { t_Range__start'0: t_Idx'0; t_Range__end'0: t_Idx'0 } + type t_B'0 - use seq.Seq + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - use seq.Seq + function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_A'0) (other : t_A'0) : t_Ordering'0 + - use prelude.prelude.Int + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_A'0) (y : t_A'0) : () - function deep_model'0 [#"../../../creusot-contracts/src/model.rs" 29 4 29 45] (self : t_Idx'0) : int + axiom eq_cmp'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord14] (x = y) = (cmp_log'1 x y = C_Equal'0) - use seq.Seq + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_A'0) (y : t_A'0) : () - use seq.Seq + axiom antisym2'0_spec : forall x : t_A'0, y : t_A'0 . ([%#sord12] cmp_log'1 x y = C_Greater'0) + -> ([%#sord13] cmp_log'1 y x = C_Less'0) - predicate produces'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 20 4 20 64] (self : t_Range'0) (visited : Seq.seq t_Idx'0) (o : t_Range'0) - - = - [%#srange1] self.t_Range__end'0 = o.t_Range__end'0 - /\ deep_model'0 self.t_Range__start'0 <= deep_model'0 o.t_Range__start'0 - /\ (Seq.length visited > 0 -> deep_model'0 o.t_Range__start'0 <= deep_model'0 o.t_Range__end'0) - /\ Seq.length visited = deep_model'0 o.t_Range__start'0 - deep_model'0 self.t_Range__start'0 - /\ (forall i : int . 0 <= i /\ i < Seq.length visited - -> deep_model'0 (Seq.get visited i) = deep_model'0 self.t_Range__start'0 + i) + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_A'0) (y : t_A'0) : () - goal refines : [%#srange0] forall self : t_Range'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_Idx'0) self - -> produces'0 self (Seq.empty : Seq.seq t_Idx'0) self -end -module M_creusot_contracts__stdqy35z1__iter__range__qyi16860283617022118777__produces_trans__refines [#"../../../creusot-contracts/src/std/iter/range.rs" 40 4 40 90] (* as std::iter::Iterator> *) - let%span srange0 = "../../../creusot-contracts/src/std/iter/range.rs" 40 4 40 90 - let%span srange1 = "../../../creusot-contracts/src/std/iter/range.rs" 22 12 26 70 + axiom antisym1'0_spec : forall x : t_A'0, y : t_A'0 . ([%#sord10] cmp_log'1 x y = C_Less'0) + -> ([%#sord11] cmp_log'1 y x = C_Greater'0) - type t_Idx'0 + function trans'1 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_A'0) (y : t_A'0) (z : t_A'0) (o : t_Ordering'0) : () + - type t_Range'0 = - { t_Range__start'0: t_Idx'0; t_Range__end'0: t_Idx'0 } + axiom trans'1_spec : forall x : t_A'0, y : t_A'0, z : t_A'0, o : t_Ordering'0 . ([%#sord7] cmp_log'1 x y = o) + -> ([%#sord8] cmp_log'1 y z = o) -> ([%#sord9] cmp_log'1 x z = o) - use seq.Seq + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_A'0) : () - use prelude.prelude.Int + axiom refl'0_spec : forall x : t_A'0 . [%#sord6] cmp_log'1 x x = C_Equal'0 - function deep_model'0 [#"../../../creusot-contracts/src/model.rs" 29 4 29 45] (self : t_Idx'0) : int + function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_A'0) (o : t_A'0) : bool - use seq.Seq + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_A'0) (y : t_A'0) : () - use seq.Seq + axiom cmp_gt_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord5] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) - predicate produces'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 20 4 20 64] (self : t_Range'0) (visited : Seq.seq t_Idx'0) (o : t_Range'0) - - = - [%#srange1] self.t_Range__end'0 = o.t_Range__end'0 - /\ deep_model'0 self.t_Range__start'0 <= deep_model'0 o.t_Range__start'0 - /\ (Seq.length visited > 0 -> deep_model'0 o.t_Range__start'0 <= deep_model'0 o.t_Range__end'0) - /\ Seq.length visited = deep_model'0 o.t_Range__start'0 - deep_model'0 self.t_Range__start'0 - /\ (forall i : int . 0 <= i /\ i < Seq.length visited - -> deep_model'0 (Seq.get visited i) = deep_model'0 self.t_Range__start'0 + i) + function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_A'0) (o : t_A'0) : bool - use seq.Seq + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_A'0) (y : t_A'0) : () - goal refines : [%#srange0] forall a : t_Range'0 . forall ab : Seq.seq t_Idx'0 . forall b : t_Range'0 . forall bc : Seq.seq t_Idx'0 . forall c : t_Range'0 . produces'0 b bc c - /\ produces'0 a ab b - -> produces'0 b bc c - /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) -end -module M_creusot_contracts__stdqy35z1__iter__range__qyi11108913944999844411__produces_trans__refines [#"../../../creusot-contracts/src/std/iter/range.rs" 84 4 84 90] (* as std::iter::Iterator> *) - let%span srange0 = "../../../creusot-contracts/src/std/iter/range.rs" 84 4 84 90 - let%span srange1 = "../../../creusot-contracts/src/std/iter/range.rs" 66 12 70 76 - let%span srange2 = "../../../creusot-contracts/src/std/iter/range.rs" 45 10 45 43 - let%span srange3 = "../../../creusot-contracts/src/std/iter/range.rs" 47 4 50 5 - let%span sops4 = "../../../creusot-contracts/src/std/ops.rs" 205 14 205 86 + axiom cmp_ge_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord4] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) - type t_Idx'0 + function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_A'0) (o : t_A'0) : bool - type t_RangeInclusive'0 = - { t_RangeInclusive__start'0: t_Idx'0; t_RangeInclusive__end'0: t_Idx'0; t_RangeInclusive__exhausted'0: bool } + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_A'0) (y : t_A'0) : () - use seq.Seq + axiom cmp_lt_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord3] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) - use seq.Seq + function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_A'0) (o : t_A'0) : bool - function start_log'0 [#"../../../creusot-contracts/src/std/ops.rs" 193 4 193 29] (self : t_RangeInclusive'0) : t_Idx'0 + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_A'0) (y : t_A'0) : () - use prelude.prelude.Int + axiom cmp_le_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord2] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) - function deep_model'0 [#"../../../creusot-contracts/src/model.rs" 29 4 29 45] (self : t_Idx'0) : int + function cmp_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_B'0) (other : t_B'0) : t_Ordering'0 + - function end_log'0 [#"../../../creusot-contracts/src/std/ops.rs" 199 4 199 27] (self : t_RangeInclusive'0) : t_Idx'0 + function eq_cmp'1 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_B'0) (y : t_B'0) : () - function is_empty_log'0 [#"../../../creusot-contracts/src/std/ops.rs" 206 4 209 35] (self : t_RangeInclusive'0) : bool + axiom eq_cmp'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord14] (x = y) = (cmp_log'2 x y = C_Equal'0) - axiom is_empty_log'0_spec : forall self : t_RangeInclusive'0 . [%#sops4] not is_empty_log'0 self - -> deep_model'0 (start_log'0 self) <= deep_model'0 (end_log'0 self) + function antisym2'1 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_B'0) (y : t_B'0) : () - function range_inclusive_len'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 46 0 46 92] (r : t_RangeInclusive'0) : int - - = - [%#srange3] if is_empty_log'0 r then 0 else deep_model'0 (end_log'0 r) - deep_model'0 (start_log'0 r) + 1 + axiom antisym2'1_spec : forall x : t_B'0, y : t_B'0 . ([%#sord12] cmp_log'2 x y = C_Greater'0) + -> ([%#sord13] cmp_log'2 y x = C_Less'0) - axiom range_inclusive_len'0_spec : forall r : t_RangeInclusive'0 . [%#srange2] is_empty_log'0 r - = (range_inclusive_len'0 r = 0) + function antisym1'1 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_B'0) (y : t_B'0) : () - use seq.Seq + axiom antisym1'1_spec : forall x : t_B'0, y : t_B'0 . ([%#sord10] cmp_log'2 x y = C_Less'0) + -> ([%#sord11] cmp_log'2 y x = C_Greater'0) - predicate produces'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 64 4 64 64] (self : t_RangeInclusive'0) (visited : Seq.seq t_Idx'0) (o : t_RangeInclusive'0) + function trans'2 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_B'0) (y : t_B'0) (z : t_B'0) (o : t_Ordering'0) : () - = - [%#srange1] Seq.length visited = range_inclusive_len'0 self - range_inclusive_len'0 o - /\ (is_empty_log'0 self -> is_empty_log'0 o) - /\ (is_empty_log'0 o \/ end_log'0 self = end_log'0 o) - /\ (forall i : int . 0 <= i /\ i < Seq.length visited - -> deep_model'0 (Seq.get visited i) = deep_model'0 (start_log'0 self) + i) - use seq.Seq - - goal refines : [%#srange0] forall a : t_RangeInclusive'0 . forall ab : Seq.seq t_Idx'0 . forall b : t_RangeInclusive'0 . forall bc : Seq.seq t_Idx'0 . forall c : t_RangeInclusive'0 . produces'0 b bc c - /\ produces'0 a ab b - -> produces'0 b bc c - /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) -end -module M_creusot_contracts__stdqy35z1__iter__range__qyi11108913944999844411__produces_refl__refines [#"../../../creusot-contracts/src/std/iter/range.rs" 77 4 77 26] (* as std::iter::Iterator> *) - let%span srange0 = "../../../creusot-contracts/src/std/iter/range.rs" 77 4 77 26 - let%span srange1 = "../../../creusot-contracts/src/std/iter/range.rs" 66 12 70 76 - let%span srange2 = "../../../creusot-contracts/src/std/iter/range.rs" 45 10 45 43 - let%span srange3 = "../../../creusot-contracts/src/std/iter/range.rs" 47 4 50 5 - let%span sops4 = "../../../creusot-contracts/src/std/ops.rs" 205 14 205 86 + axiom trans'2_spec : forall x : t_B'0, y : t_B'0, z : t_B'0, o : t_Ordering'0 . ([%#sord7] cmp_log'2 x y = o) + -> ([%#sord8] cmp_log'2 y z = o) -> ([%#sord9] cmp_log'2 x z = o) - type t_Idx'0 + function refl'1 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_B'0) : () - type t_RangeInclusive'0 = - { t_RangeInclusive__start'0: t_Idx'0; t_RangeInclusive__end'0: t_Idx'0; t_RangeInclusive__exhausted'0: bool } + axiom refl'1_spec : forall x : t_B'0 . [%#sord6] cmp_log'2 x x = C_Equal'0 - use seq.Seq + function gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_B'0) (o : t_B'0) : bool - use seq.Seq + function cmp_gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_B'0) (y : t_B'0) : () - use seq.Seq + axiom cmp_gt_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord5] gt_log'1 x y = (cmp_log'2 x y = C_Greater'0) - function start_log'0 [#"../../../creusot-contracts/src/std/ops.rs" 193 4 193 29] (self : t_RangeInclusive'0) : t_Idx'0 + function ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_B'0) (o : t_B'0) : bool - use prelude.prelude.Int + function cmp_ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_B'0) (y : t_B'0) : () - function deep_model'0 [#"../../../creusot-contracts/src/model.rs" 29 4 29 45] (self : t_Idx'0) : int + axiom cmp_ge_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord4] ge_log'1 x y = (cmp_log'2 x y <> C_Less'0) - function end_log'0 [#"../../../creusot-contracts/src/std/ops.rs" 199 4 199 27] (self : t_RangeInclusive'0) : t_Idx'0 + function lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_B'0) (o : t_B'0) : bool - function is_empty_log'0 [#"../../../creusot-contracts/src/std/ops.rs" 206 4 209 35] (self : t_RangeInclusive'0) : bool + function cmp_lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_B'0) (y : t_B'0) : () - axiom is_empty_log'0_spec : forall self : t_RangeInclusive'0 . [%#sops4] not is_empty_log'0 self - -> deep_model'0 (start_log'0 self) <= deep_model'0 (end_log'0 self) + axiom cmp_lt_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord3] lt_log'1 x y = (cmp_log'2 x y = C_Less'0) - function range_inclusive_len'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 46 0 46 92] (r : t_RangeInclusive'0) : int - - = - [%#srange3] if is_empty_log'0 r then 0 else deep_model'0 (end_log'0 r) - deep_model'0 (start_log'0 r) + 1 + function le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_B'0) (o : t_B'0) : bool - axiom range_inclusive_len'0_spec : forall r : t_RangeInclusive'0 . [%#srange2] is_empty_log'0 r - = (range_inclusive_len'0 r = 0) + function cmp_le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_B'0) (y : t_B'0) : () - use seq.Seq + axiom cmp_le_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord2] le_log'1 x y = (cmp_log'2 x y <> C_Greater'0) - predicate produces'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 64 4 64 64] (self : t_RangeInclusive'0) (visited : Seq.seq t_Idx'0) (o : t_RangeInclusive'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 262 4 262 41] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : t_Ordering'0 = - [%#srange1] Seq.length visited = range_inclusive_len'0 self - range_inclusive_len'0 o - /\ (is_empty_log'0 self -> is_empty_log'0 o) - /\ (is_empty_log'0 o \/ end_log'0 self = end_log'0 o) - /\ (forall i : int . 0 <= i /\ i < Seq.length visited - -> deep_model'0 (Seq.get visited i) = deep_model'0 (start_log'0 self) + i) + [%#sord1] let r = cmp_log'1 (let (a, _) = self in a) (let (a, _) = o in a) in if r = C_Equal'0 then + cmp_log'2 (let (_, a) = self in a) (let (_, a) = o in a) + else + r + - goal refines : [%#srange0] forall self : t_RangeInclusive'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_Idx'0) self - -> produces'0 self (Seq.empty : Seq.seq t_Idx'0) self + goal refines : [%#sord0] forall x : (t_A'0, t_B'0) . forall y : (t_A'0, t_B'0) . forall z : (t_A'0, t_B'0) . forall o : t_Ordering'0 . cmp_log'0 y z + = o + /\ cmp_log'0 x y = o + -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) end -module M_creusot_contracts__stdqy35z1__iter__repeat__qyi8658929399712466629__produces_refl__refines [#"../../../creusot-contracts/src/std/iter/repeat.rs" 32 4 32 26] (* as std::iter::Iterator> *) - let%span srepeat0 = "../../../creusot-contracts/src/std/iter/repeat.rs" 32 4 32 26 - let%span srepeat1 = "../../../creusot-contracts/src/std/iter/repeat.rs" 24 12 25 78 +module M_creusot_contracts__logic__ord__qyi1910662420989811789__cmp_lt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39] (* <(A, B) as logic::ord::OrdLogic> *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 282 20 282 67 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 263 8 270 11 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 + let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 + let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 + let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 + let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 + let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 + let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 + let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 + let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 + let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 + let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 + let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 - type t_T'0 + type t_A'0 - type t_Repeat'0 = - { t_Repeat__element'0: t_T'0 } + type t_B'0 + + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 + + function cmp_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_B'0) (other : t_B'0) : t_Ordering'0 + - use seq.Seq + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_B'0) (y : t_B'0) : () - use seq.Seq + axiom eq_cmp'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord15] (x = y) = (cmp_log'2 x y = C_Equal'0) - use prelude.prelude.Int + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_B'0) (y : t_B'0) : () - use seq.Seq + axiom antisym2'0_spec : forall x : t_B'0, y : t_B'0 . ([%#sord13] cmp_log'2 x y = C_Greater'0) + -> ([%#sord14] cmp_log'2 y x = C_Less'0) - use seq.Seq + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_B'0) (y : t_B'0) : () - function view'0 [#"../../../creusot-contracts/src/std/iter/repeat.rs" 8 4 8 22] (self : t_Repeat'0) : t_T'0 + axiom antisym1'0_spec : forall x : t_B'0, y : t_B'0 . ([%#sord11] cmp_log'2 x y = C_Less'0) + -> ([%#sord12] cmp_log'2 y x = C_Greater'0) - predicate produces'0 [#"../../../creusot-contracts/src/std/iter/repeat.rs" 22 4 22 64] (self : t_Repeat'0) (visited : Seq.seq t_T'0) (o : t_Repeat'0) + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_B'0) (y : t_B'0) (z : t_B'0) (o : t_Ordering'0) : () - = - [%#srepeat1] self = o /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> Seq.get visited i = view'0 self) - goal refines : [%#srepeat0] forall self : t_Repeat'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_T'0) self - -> produces'0 self (Seq.empty : Seq.seq t_T'0) self -end -module M_creusot_contracts__stdqy35z1__iter__repeat__qyi8658929399712466629__produces_trans__refines [#"../../../creusot-contracts/src/std/iter/repeat.rs" 39 4 39 90] (* as std::iter::Iterator> *) - let%span srepeat0 = "../../../creusot-contracts/src/std/iter/repeat.rs" 39 4 39 90 - let%span srepeat1 = "../../../creusot-contracts/src/std/iter/repeat.rs" 24 12 25 78 + axiom trans'0_spec : forall x : t_B'0, y : t_B'0, z : t_B'0, o : t_Ordering'0 . ([%#sord8] cmp_log'2 x y = o) + -> ([%#sord9] cmp_log'2 y z = o) -> ([%#sord10] cmp_log'2 x z = o) - type t_T'0 + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_B'0) : () - type t_Repeat'0 = - { t_Repeat__element'0: t_T'0 } + axiom refl'0_spec : forall x : t_B'0 . [%#sord7] cmp_log'2 x x = C_Equal'0 - use seq.Seq + function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_B'0) (o : t_B'0) : bool - use prelude.prelude.Int + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_B'0) (y : t_B'0) : () - use seq.Seq + axiom cmp_gt_log'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord6] gt_log'0 x y = (cmp_log'2 x y = C_Greater'0) - use seq.Seq + function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_B'0) (o : t_B'0) : bool - function view'0 [#"../../../creusot-contracts/src/std/iter/repeat.rs" 8 4 8 22] (self : t_Repeat'0) : t_T'0 + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_B'0) (y : t_B'0) : () - predicate produces'0 [#"../../../creusot-contracts/src/std/iter/repeat.rs" 22 4 22 64] (self : t_Repeat'0) (visited : Seq.seq t_T'0) (o : t_Repeat'0) - - = - [%#srepeat1] self = o /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> Seq.get visited i = view'0 self) + axiom cmp_ge_log'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord5] ge_log'0 x y = (cmp_log'2 x y <> C_Less'0) - use seq.Seq + function lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_B'0) (o : t_B'0) : bool - goal refines : [%#srepeat0] forall a : t_Repeat'0 . forall ab : Seq.seq t_T'0 . forall b : t_Repeat'0 . forall bc : Seq.seq t_T'0 . forall c : t_Repeat'0 . produces'0 b bc c - /\ produces'0 a ab b - -> produces'0 b bc c - /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) -end -module M_creusot_contracts__stdqy35z1__iter__skip__qyi3195031491774060502__produces_trans__refines [#"../../../creusot-contracts/src/std/iter/skip.rs" 81 4 81 90] (* as std::iter::Iterator> *) - let%span sskip0 = "../../../creusot-contracts/src/std/iter/skip.rs" 81 4 81 90 - let%span sskip1 = "../../../creusot-contracts/src/std/iter/skip.rs" 62 12 67 74 - let%span sskip2 = "../../../creusot-contracts/src/std/iter/skip.rs" 21 14 21 50 - let%span sskip3 = "../../../creusot-contracts/src/std/iter/skip.rs" 14 14 14 39 - let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 - let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 - let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 - let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 + function cmp_lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_B'0) (y : t_B'0) : () - type t_I'0 + axiom cmp_lt_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord4] lt_log'1 x y = (cmp_log'2 x y = C_Less'0) - use prelude.prelude.UIntSize + function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_B'0) (o : t_B'0) : bool - type t_Skip'0 = - { t_Skip__iter'0: t_I'0; t_Skip__n'0: usize } + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_B'0) (y : t_B'0) : () - type t_Item'0 + axiom cmp_le_log'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord3] le_log'0 x y = (cmp_log'2 x y <> C_Greater'0) - use seq.Seq + function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_A'0) (other : t_A'0) : t_Ordering'0 + - use seq.Seq + function eq_cmp'1 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_A'0) (y : t_A'0) : () - use prelude.prelude.Int + axiom eq_cmp'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord15] (x = y) = (cmp_log'1 x y = C_Equal'0) - constant v_MAX'0 : usize = (18446744073709551615 : usize) + function antisym2'1 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_A'0) (y : t_A'0) : () - use prelude.prelude.UIntSize + axiom antisym2'1_spec : forall x : t_A'0, y : t_A'0 . ([%#sord13] cmp_log'1 x y = C_Greater'0) + -> ([%#sord14] cmp_log'1 y x = C_Less'0) - function n'0 [#"../../../creusot-contracts/src/std/iter/skip.rs" 22 4 22 21] (self : t_Skip'0) : int + function antisym1'1 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_A'0) (y : t_A'0) : () - axiom n'0_spec : forall self : t_Skip'0 . [%#sskip2] n'0 self >= 0 /\ n'0 self <= UIntSize.to_int (v_MAX'0 : usize) + axiom antisym1'1_spec : forall x : t_A'0, y : t_A'0 . ([%#sord11] cmp_log'1 x y = C_Less'0) + -> ([%#sord12] cmp_log'1 y x = C_Greater'0) - use seq.Seq + function trans'1 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_A'0) (y : t_A'0) (z : t_A'0) (o : t_Ordering'0) : () + - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) + axiom trans'1_spec : forall x : t_A'0, y : t_A'0, z : t_A'0, o : t_Ordering'0 . ([%#sord8] cmp_log'1 x y = o) + -> ([%#sord9] cmp_log'1 y z = o) -> ([%#sord10] cmp_log'1 x z = o) - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Skip'0) + function refl'1 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_A'0) : () - axiom inv_axiom'0 [@rewrite] : forall x : t_Skip'0 [inv'0 x] . inv'0 x - = match x with - | {t_Skip__iter'0 = iter ; t_Skip__n'0 = n} -> inv'1 iter - end + axiom refl'1_spec : forall x : t_A'0 . [%#sord7] cmp_log'1 x x = C_Equal'0 - function iter'0 [#"../../../creusot-contracts/src/std/iter/skip.rs" 15 4 15 22] (self : t_Skip'0) : t_I'0 + function gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_A'0) (o : t_A'0) : bool - axiom iter'0_spec : forall self : t_Skip'0 . [%#sskip3] inv'0 self -> inv'1 (iter'0 self) + function cmp_gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_A'0) (y : t_A'0) : () - use seq.Seq + axiom cmp_gt_log'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord6] gt_log'1 x y = (cmp_log'1 x y = C_Greater'0) - predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - + function ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_A'0) (o : t_A'0) : bool - function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - + function cmp_ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_A'0) (y : t_A'0) : () - axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter5] produces'1 a ab b) - -> ([%#siter6] produces'1 b bc c) -> ([%#siter7] produces'1 a (Seq.(++) ab bc) c) + axiom cmp_ge_log'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord5] ge_log'1 x y = (cmp_log'1 x y <> C_Less'0) - function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () + function lt_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_A'0) (o : t_A'0) : bool - axiom produces_refl'0_spec : forall self : t_I'0 . [%#siter4] produces'1 self (Seq.empty : Seq.seq t_Item'0) self + function cmp_lt_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_A'0) (y : t_A'0) : () - use seq.Seq + axiom cmp_lt_log'2_spec : forall x : t_A'0, y : t_A'0 . [%#sord4] lt_log'2 x y = (cmp_log'1 x y = C_Less'0) - use prelude.prelude.Borrow + function le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_A'0) (o : t_A'0) : bool - predicate resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_Item'0) + function cmp_le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_A'0) (y : t_A'0) : () - predicate produces'0 [#"../../../creusot-contracts/src/std/iter/skip.rs" 60 4 60 64] (self : t_Skip'0) (visited : Seq.seq t_Item'0) (o : t_Skip'0) + axiom cmp_le_log'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord3] le_log'1 x y = (cmp_log'1 x y <> C_Greater'0) + + function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 281 4 281 36] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : bool = - [%#sskip1] visited = (Seq.empty : Seq.seq t_Item'0) /\ self = o - \/ n'0 o = 0 - /\ Seq.length visited > 0 - /\ (exists s : Seq.seq t_Item'0 . Seq.length s = n'0 self - /\ produces'1 (iter'0 self) (Seq.(++) s visited) (iter'0 o) - /\ (forall i : int . 0 <= i /\ i < Seq.length s -> resolve'0 (Seq.get s i))) - - goal refines : [%#sskip0] forall a : t_Skip'0 . forall ab : Seq.seq t_Item'0 . forall b : t_Skip'0 . forall bc : Seq.seq t_Item'0 . forall c : t_Skip'0 . produces'0 b bc c - /\ produces'0 a ab b - -> produces'0 b bc c - /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) -end -module M_creusot_contracts__stdqy35z1__iter__skip__qyi3195031491774060502__produces_refl__refines [#"../../../creusot-contracts/src/std/iter/skip.rs" 74 4 74 26] (* as std::iter::Iterator> *) - let%span sskip0 = "../../../creusot-contracts/src/std/iter/skip.rs" 74 4 74 26 - let%span sskip1 = "../../../creusot-contracts/src/std/iter/skip.rs" 62 12 67 74 - let%span sskip2 = "../../../creusot-contracts/src/std/iter/skip.rs" 21 14 21 50 - let%span sskip3 = "../../../creusot-contracts/src/std/iter/skip.rs" 14 14 14 39 - let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 - let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 - let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 - let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 + [%#sord1] (let (a, _) = self in a) = (let (a, _) = o in a) + /\ lt_log'1 (let (_, a) = self in a) (let (_, a) = o in a) + \/ lt_log'2 (let (a, _) = self in a) (let (a, _) = o in a) - type t_I'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 262 4 262 41] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : t_Ordering'0 + + = + [%#sord2] let r = cmp_log'1 (let (a, _) = self in a) (let (a, _) = o in a) in if r = C_Equal'0 then + cmp_log'2 (let (_, a) = self in a) (let (_, a) = o in a) + else + r + - use prelude.prelude.UIntSize + goal refines : [%#sord0] forall x : (t_A'0, t_B'0) . forall y : (t_A'0, t_B'0) . forall result : () . lt_log'0 x y + = (cmp_log'0 x y = C_Less'0) -> lt_log'0 x y = (cmp_log'0 x y = C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi1910662420989811789__antisym1__refines [#"../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37] (* <(A, B) as logic::ord::OrdLogic> *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 263 8 270 11 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 + let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 + let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 + let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 + let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 + let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 + let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 + let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 + let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 + let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 + let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 - type t_Skip'0 = - { t_Skip__iter'0: t_I'0; t_Skip__n'0: usize } + type t_A'0 - use seq.Seq + type t_B'0 - type t_Item'0 + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - use seq.Seq + function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_A'0) (other : t_A'0) : t_Ordering'0 + - use prelude.prelude.Int + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_A'0) (y : t_A'0) : () - constant v_MAX'0 : usize = (18446744073709551615 : usize) + axiom eq_cmp'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord14] (x = y) = (cmp_log'1 x y = C_Equal'0) - use prelude.prelude.UIntSize + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_A'0) (y : t_A'0) : () - function n'0 [#"../../../creusot-contracts/src/std/iter/skip.rs" 22 4 22 21] (self : t_Skip'0) : int + axiom antisym2'0_spec : forall x : t_A'0, y : t_A'0 . ([%#sord12] cmp_log'1 x y = C_Greater'0) + -> ([%#sord13] cmp_log'1 y x = C_Less'0) - axiom n'0_spec : forall self : t_Skip'0 . [%#sskip2] n'0 self >= 0 /\ n'0 self <= UIntSize.to_int (v_MAX'0 : usize) + function antisym1'1 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_A'0) (y : t_A'0) : () - use seq.Seq + axiom antisym1'1_spec : forall x : t_A'0, y : t_A'0 . ([%#sord10] cmp_log'1 x y = C_Less'0) + -> ([%#sord11] cmp_log'1 y x = C_Greater'0) - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_A'0) (y : t_A'0) (z : t_A'0) (o : t_Ordering'0) : () + - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Skip'0) + axiom trans'0_spec : forall x : t_A'0, y : t_A'0, z : t_A'0, o : t_Ordering'0 . ([%#sord7] cmp_log'1 x y = o) + -> ([%#sord8] cmp_log'1 y z = o) -> ([%#sord9] cmp_log'1 x z = o) - axiom inv_axiom'0 [@rewrite] : forall x : t_Skip'0 [inv'0 x] . inv'0 x - = match x with - | {t_Skip__iter'0 = iter ; t_Skip__n'0 = n} -> inv'1 iter - end + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_A'0) : () - function iter'0 [#"../../../creusot-contracts/src/std/iter/skip.rs" 15 4 15 22] (self : t_Skip'0) : t_I'0 + axiom refl'0_spec : forall x : t_A'0 . [%#sord6] cmp_log'1 x x = C_Equal'0 - axiom iter'0_spec : forall self : t_Skip'0 . [%#sskip3] inv'0 self -> inv'1 (iter'0 self) + function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_A'0) (o : t_A'0) : bool - use seq.Seq + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_A'0) (y : t_A'0) : () - predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - + axiom cmp_gt_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord5] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) - function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - + function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_A'0) (o : t_A'0) : bool - axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter5] produces'1 a ab b) - -> ([%#siter6] produces'1 b bc c) -> ([%#siter7] produces'1 a (Seq.(++) ab bc) c) + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_A'0) (y : t_A'0) : () - function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () + axiom cmp_ge_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord4] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) - axiom produces_refl'1_spec : forall self : t_I'0 . [%#siter4] produces'1 self (Seq.empty : Seq.seq t_Item'0) self + function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_A'0) (o : t_A'0) : bool - use seq.Seq + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_A'0) (y : t_A'0) : () - use prelude.prelude.Borrow + axiom cmp_lt_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord3] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) - predicate resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_Item'0) + function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_A'0) (o : t_A'0) : bool - predicate produces'0 [#"../../../creusot-contracts/src/std/iter/skip.rs" 60 4 60 64] (self : t_Skip'0) (visited : Seq.seq t_Item'0) (o : t_Skip'0) - - = - [%#sskip1] visited = (Seq.empty : Seq.seq t_Item'0) /\ self = o - \/ n'0 o = 0 - /\ Seq.length visited > 0 - /\ (exists s : Seq.seq t_Item'0 . Seq.length s = n'0 self - /\ produces'1 (iter'0 self) (Seq.(++) s visited) (iter'0 o) - /\ (forall i : int . 0 <= i /\ i < Seq.length s -> resolve'0 (Seq.get s i))) + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_A'0) (y : t_A'0) : () - goal refines : [%#sskip0] forall self : t_Skip'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_Item'0) self - -> produces'0 self (Seq.empty : Seq.seq t_Item'0) self -end -module M_creusot_contracts__stdqy35z1__iter__take__qyi12344256497067751022__produces_refl__refines [#"../../../creusot-contracts/src/std/iter/take.rs" 72 4 72 26] (* as std::iter::Iterator> *) - let%span stake0 = "../../../creusot-contracts/src/std/iter/take.rs" 72 4 72 26 - let%span stake1 = "../../../creusot-contracts/src/std/iter/take.rs" 65 12 65 88 - let%span stake2 = "../../../creusot-contracts/src/std/iter/take.rs" 31 14 31 50 - let%span stake3 = "../../../creusot-contracts/src/std/iter/take.rs" 17 14 17 39 - let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 - let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 - let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 - let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 + axiom cmp_le_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord2] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) - type t_I'0 + function cmp_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_B'0) (other : t_B'0) : t_Ordering'0 + - use prelude.prelude.UIntSize + function eq_cmp'1 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_B'0) (y : t_B'0) : () - type t_Take'0 = - { t_Take__iter'0: t_I'0; t_Take__n'0: usize } + axiom eq_cmp'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord14] (x = y) = (cmp_log'2 x y = C_Equal'0) - use seq.Seq + function antisym2'1 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_B'0) (y : t_B'0) : () - type t_Item'0 + axiom antisym2'1_spec : forall x : t_B'0, y : t_B'0 . ([%#sord12] cmp_log'2 x y = C_Greater'0) + -> ([%#sord13] cmp_log'2 y x = C_Less'0) - use seq.Seq + function antisym1'2 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_B'0) (y : t_B'0) : () - use prelude.prelude.Int + axiom antisym1'2_spec : forall x : t_B'0, y : t_B'0 . ([%#sord10] cmp_log'2 x y = C_Less'0) + -> ([%#sord11] cmp_log'2 y x = C_Greater'0) - constant v_MAX'0 : usize = (18446744073709551615 : usize) + function trans'1 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_B'0) (y : t_B'0) (z : t_B'0) (o : t_Ordering'0) : () + - use prelude.prelude.UIntSize + axiom trans'1_spec : forall x : t_B'0, y : t_B'0, z : t_B'0, o : t_Ordering'0 . ([%#sord7] cmp_log'2 x y = o) + -> ([%#sord8] cmp_log'2 y z = o) -> ([%#sord9] cmp_log'2 x z = o) - function n'0 [#"../../../creusot-contracts/src/std/iter/take.rs" 32 4 32 21] (self : t_Take'0) : int + function refl'1 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_B'0) : () - axiom n'0_spec : forall self : t_Take'0 . [%#stake2] n'0 self >= 0 /\ n'0 self <= UIntSize.to_int (v_MAX'0 : usize) + axiom refl'1_spec : forall x : t_B'0 . [%#sord6] cmp_log'2 x x = C_Equal'0 - use seq.Seq + function gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_B'0) (o : t_B'0) : bool - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) + function cmp_gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_B'0) (y : t_B'0) : () - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Take'0) + axiom cmp_gt_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord5] gt_log'1 x y = (cmp_log'2 x y = C_Greater'0) - axiom inv_axiom'0 [@rewrite] : forall x : t_Take'0 [inv'0 x] . inv'0 x - = match x with - | {t_Take__iter'0 = iter ; t_Take__n'0 = n} -> inv'1 iter - end + function ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_B'0) (o : t_B'0) : bool - function iter'0 [#"../../../creusot-contracts/src/std/iter/take.rs" 18 4 18 22] (self : t_Take'0) : t_I'0 + function cmp_ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_B'0) (y : t_B'0) : () - axiom iter'0_spec : forall self : t_Take'0 . [%#stake3] inv'0 self -> inv'1 (iter'0 self) + axiom cmp_ge_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord4] ge_log'1 x y = (cmp_log'2 x y <> C_Less'0) - use seq.Seq + function lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_B'0) (o : t_B'0) : bool - predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - + function cmp_lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_B'0) (y : t_B'0) : () - function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - + axiom cmp_lt_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord3] lt_log'1 x y = (cmp_log'2 x y = C_Less'0) - axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter5] produces'1 a ab b) - -> ([%#siter6] produces'1 b bc c) -> ([%#siter7] produces'1 a (Seq.(++) ab bc) c) + function le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_B'0) (o : t_B'0) : bool - function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () + function cmp_le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_B'0) (y : t_B'0) : () - axiom produces_refl'1_spec : forall self : t_I'0 . [%#siter4] produces'1 self (Seq.empty : Seq.seq t_Item'0) self + axiom cmp_le_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord2] le_log'1 x y = (cmp_log'2 x y <> C_Greater'0) - predicate produces'0 [#"../../../creusot-contracts/src/std/iter/take.rs" 63 4 63 64] (self : t_Take'0) (visited : Seq.seq t_Item'0) (o : t_Take'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 262 4 262 41] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : t_Ordering'0 = - [%#stake1] n'0 self = n'0 o + Seq.length visited /\ produces'1 (iter'0 self) visited (iter'0 o) + [%#sord1] let r = cmp_log'1 (let (a, _) = self in a) (let (a, _) = o in a) in if r = C_Equal'0 then + cmp_log'2 (let (_, a) = self in a) (let (_, a) = o in a) + else + r + - goal refines : [%#stake0] forall self : t_Take'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_Item'0) self - -> produces'0 self (Seq.empty : Seq.seq t_Item'0) self + goal refines : [%#sord0] forall x : (t_A'0, t_B'0) . forall y : (t_A'0, t_B'0) . cmp_log'0 x y = C_Less'0 + -> cmp_log'0 x y = C_Less'0 /\ (forall result : () . cmp_log'0 y x = C_Greater'0 -> cmp_log'0 y x = C_Greater'0) end -module M_creusot_contracts__stdqy35z1__iter__take__qyi12344256497067751022__produces_trans__refines [#"../../../creusot-contracts/src/std/iter/take.rs" 79 4 79 90] (* as std::iter::Iterator> *) - let%span stake0 = "../../../creusot-contracts/src/std/iter/take.rs" 79 4 79 90 - let%span stake1 = "../../../creusot-contracts/src/std/iter/take.rs" 65 12 65 88 - let%span stake2 = "../../../creusot-contracts/src/std/iter/take.rs" 31 14 31 50 - let%span stake3 = "../../../creusot-contracts/src/std/iter/take.rs" 17 14 17 39 - let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 - let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 - let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 - let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 +module M_creusot_contracts__stdqy35z1__deque__qyi8367101395671471553__resolve_coherence__refines [#"../../../creusot-contracts/src/std/deque.rs" 65 4 65 31] (* as resolve::Resolve> *) + let%span sdeque0 = "../../../creusot-contracts/src/std/deque.rs" 65 4 65 31 + let%span sdeque1 = "../../../creusot-contracts/src/std/deque.rs" 58 20 58 83 + let%span sdeque2 = "../../../creusot-contracts/src/std/deque.rs" 13 14 13 41 + let%span sdeque3 = "../../../creusot-contracts/src/std/deque.rs" 39 8 39 31 - type t_I'0 + use prelude.prelude.Borrow use prelude.prelude.UIntSize - type t_Take'0 = - { t_Take__iter'0: t_I'0; t_Take__n'0: usize } - - type t_Item'0 - - use seq.Seq + use prelude.prelude.Opaque - use prelude.prelude.Int + type t_NonNull'0 = + { t_NonNull__pointer'0: opaque_ptr } - constant v_MAX'0 : usize = (18446744073709551615 : usize) + type t_Unique'0 = + { t_Unique__pointer'0: t_NonNull'0; t_Unique__qy95zmarker'0: () } - use prelude.prelude.UIntSize + type t_Cap'0 = + { t_Cap__0'0: usize } - function n'0 [#"../../../creusot-contracts/src/std/iter/take.rs" 32 4 32 21] (self : t_Take'0) : int + type t_RawVec'0 = + { t_RawVec__ptr'0: t_Unique'0; t_RawVec__cap'0: t_Cap'0; t_RawVec__alloc'0: () } - axiom n'0_spec : forall self : t_Take'0 . [%#stake2] n'0 self >= 0 /\ n'0 self <= UIntSize.to_int (v_MAX'0 : usize) + type t_VecDeque'0 = + { t_VecDeque__head'0: usize; t_VecDeque__len'0: usize; t_VecDeque__buf'0: t_RawVec'0 } - use seq.Seq + predicate resolve'1 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_RawVec'0) = + true - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) + predicate resolve'2 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : usize) = + true - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Take'0) + predicate structural_resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 27 0 27 51] (_1 : t_VecDeque'0) = + match _1 with + | {t_VecDeque__head'0 = x0 ; t_VecDeque__len'0 = x1 ; t_VecDeque__buf'0 = x2} -> resolve'1 x2 + /\ resolve'2 x1 /\ resolve'2 x0 + end - axiom inv_axiom'0 [@rewrite] : forall x : t_Take'0 [inv'0 x] . inv'0 x - = match x with - | {t_Take__iter'0 = iter ; t_Take__n'0 = n} -> inv'1 iter - end + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_VecDeque'0) - function iter'0 [#"../../../creusot-contracts/src/std/iter/take.rs" 18 4 18 22] (self : t_Take'0) : t_I'0 + axiom inv_axiom'0 [@rewrite] : forall x : t_VecDeque'0 [inv'0 x] . inv'0 x = true - axiom iter'0_spec : forall self : t_Take'0 . [%#stake3] inv'0 self -> inv'1 (iter'0 self) + use prelude.prelude.Int use seq.Seq - use seq.Seq + constant v_MAX'0 : usize = (18446744073709551615 : usize) - predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - + use prelude.prelude.UIntSize - function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - + type t_T'0 - axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter5] produces'1 a ab b) - -> ([%#siter6] produces'1 b bc c) -> ([%#siter7] produces'1 a (Seq.(++) ab bc) c) + use seq.Seq - function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () + function view'0 [#"../../../creusot-contracts/src/std/deque.rs" 14 4 14 27] (self : t_VecDeque'0) : Seq.seq t_T'0 - axiom produces_refl'0_spec : forall self : t_I'0 . [%#siter4] produces'1 self (Seq.empty : Seq.seq t_Item'0) self + axiom view'0_spec : forall self : t_VecDeque'0 . [%#sdeque2] Seq.length (view'0 self) + <= UIntSize.to_int (v_MAX'0 : usize) - predicate produces'0 [#"../../../creusot-contracts/src/std/iter/take.rs" 63 4 63 64] (self : t_Take'0) (visited : Seq.seq t_Item'0) (o : t_Take'0) + use seq.Seq + + function index_logic'0 [@inline:trivial] [#"../../../creusot-contracts/src/std/deque.rs" 38 4 38 47] (self : t_VecDeque'0) (ix : int) : t_T'0 = - [%#stake1] n'0 self = n'0 o + Seq.length visited /\ produces'1 (iter'0 self) visited (iter'0 o) - - goal refines : [%#stake0] forall a : t_Take'0 . forall ab : Seq.seq t_Item'0 . forall b : t_Take'0 . forall bc : Seq.seq t_Item'0 . forall c : t_Take'0 . produces'0 b bc c - /\ produces'0 a ab b - -> produces'0 b bc c - /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) -end -module M_creusot_contracts__stdqy35z1__iter__zip__qyi2281060687216883844__produces_trans__refines [#"../../../creusot-contracts/src/std/iter/zip.rs" 63 4 63 90] (* as std::iter::Iterator> *) - let%span szip0 = "../../../creusot-contracts/src/std/iter/zip.rs" 63 4 63 90 - let%span szip1 = "../../../creusot-contracts/src/std/iter/zip.rs" 46 12 49 95 - let%span szip2 = "../../../creusot-contracts/src/std/iter/zip.rs" 14 14 14 39 - let%span szip3 = "../../../creusot-contracts/src/std/iter/zip.rs" 21 14 21 39 - let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 - let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 - let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 - let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 - - type t_A'0 + [%#sdeque3] Seq.get (view'0 self) ix - type t_B'0 + predicate resolve'3 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_T'0) - use prelude.prelude.UIntSize + predicate resolve'0 [#"../../../creusot-contracts/src/std/deque.rs" 57 4 57 28] (self : t_VecDeque'0) = + [%#sdeque1] forall i : int . 0 <= i /\ i < Seq.length (view'0 self) -> resolve'3 (index_logic'0 self i) - type t_Zip'0 = - { t_Zip__a'0: t_A'0; t_Zip__b'0: t_B'0; t_Zip__index'0: usize; t_Zip__len'0: usize; t_Zip__a_len'0: usize } + goal refines : [%#sdeque0] forall self : t_VecDeque'0 . structural_resolve'0 self /\ inv'0 self + -> structural_resolve'0 self /\ (forall result : () . resolve'0 self -> resolve'0 self) +end +module M_creusot_contracts__stdqy35z1__iter__cloned__qyi49636360433726320__resolve_coherence__refines [#"../../../creusot-contracts/src/std/iter/cloned.rs" 28 4 28 31] (* as resolve::Resolve> *) + let%span scloned0 = "../../../creusot-contracts/src/std/iter/cloned.rs" 28 4 28 31 + let%span scloned1 = "../../../creusot-contracts/src/std/iter/cloned.rs" 21 8 21 29 + let%span scloned2 = "../../../creusot-contracts/src/std/iter/cloned.rs" 11 14 11 39 + let%span sinvariant3 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 - type t_Item'0 + use prelude.prelude.Borrow - type t_Item'1 + type t_I'0 - use seq.Seq + type t_Cloned'0 = + { t_Cloned__it'0: t_I'0 } - use seq.Seq + predicate resolve'1 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_I'0) - use seq.Seq + predicate structural_resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 27 0 27 51] (_1 : t_Cloned'0) = + match _1 with + | {t_Cloned__it'0 = x0} -> resolve'1 x0 + end - use seq.Seq + predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) - use seq.Seq + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Cloned'0) - use seq.Seq + axiom inv_axiom'1 [@rewrite] : forall x : t_Cloned'0 [inv'1 x] . inv'1 x + = match x with + | {t_Cloned__it'0 = it} -> inv'2 it + end - use prelude.prelude.Int + predicate invariant'0 [#"../../../creusot-contracts/src/invariant.rs" 23 4 23 30] (self : t_Cloned'0) = + [%#sinvariant3] inv'1 self - use seq.Seq + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Cloned'0) - use seq.Seq + axiom inv_axiom'0 [@rewrite] : forall x : t_Cloned'0 [inv'0 x] . inv'0 x = invariant'0 x - use seq.Seq + function iter'0 [#"../../../creusot-contracts/src/std/iter/cloned.rs" 12 4 12 22] (self : t_Cloned'0) : t_I'0 - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_A'0) + axiom iter'0_spec : forall self : t_Cloned'0 . [%#scloned2] inv'1 self -> inv'2 (iter'0 self) - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_B'0) + predicate resolve'0 [#"../../../creusot-contracts/src/std/iter/cloned.rs" 20 4 20 28] (self : t_Cloned'0) = + [%#scloned1] resolve'1 (iter'0 self) - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Zip'0) + goal refines : [%#scloned0] forall self : t_Cloned'0 . structural_resolve'0 self /\ inv'0 self + -> structural_resolve'0 self /\ (forall result : () . resolve'0 self -> resolve'0 self) +end +module M_creusot_contracts__stdqy35z1__iter__copied__qyi4622684907952448174__resolve_coherence__refines [#"../../../creusot-contracts/src/std/iter/copied.rs" 28 4 28 31] (* as resolve::Resolve> *) + let%span scopied0 = "../../../creusot-contracts/src/std/iter/copied.rs" 28 4 28 31 + let%span scopied1 = "../../../creusot-contracts/src/std/iter/copied.rs" 21 8 21 29 + let%span scopied2 = "../../../creusot-contracts/src/std/iter/copied.rs" 11 14 11 39 + let%span sinvariant3 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 - axiom inv_axiom'0 [@rewrite] : forall x : t_Zip'0 [inv'0 x] . inv'0 x - = match x with - | {t_Zip__a'0 = a ; t_Zip__b'0 = b ; t_Zip__index'0 = index ; t_Zip__len'0 = len ; t_Zip__a_len'0 = a_len} -> inv'1 a - /\ inv'2 b - end + use prelude.prelude.Borrow - function itera'0 [#"../../../creusot-contracts/src/std/iter/zip.rs" 15 4 15 23] (self : t_Zip'0) : t_A'0 + type t_I'0 - axiom itera'0_spec : forall self : t_Zip'0 . [%#szip2] inv'0 self -> inv'1 (itera'0 self) + type t_Copied'0 = + { t_Copied__it'0: t_I'0 } - use seq.Seq + predicate resolve'1 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_I'0) - use seq.Seq + predicate structural_resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 27 0 27 51] (_1 : t_Copied'0) = + match _1 with + | {t_Copied__it'0 = x0} -> resolve'1 x0 + end - predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_A'0) (visited : Seq.seq t_Item'0) (o : t_A'0) - + predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) - function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_A'0) (ab : Seq.seq t_Item'0) (b : t_A'0) (bc : Seq.seq t_Item'0) (c : t_A'0) : () - + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Copied'0) - axiom produces_trans'1_spec : forall a : t_A'0, ab : Seq.seq t_Item'0, b : t_A'0, bc : Seq.seq t_Item'0, c : t_A'0 . ([%#siter5] produces'1 a ab b) - -> ([%#siter6] produces'1 b bc c) -> ([%#siter7] produces'1 a (Seq.(++) ab bc) c) + axiom inv_axiom'1 [@rewrite] : forall x : t_Copied'0 [inv'1 x] . inv'1 x + = match x with + | {t_Copied__it'0 = it} -> inv'2 it + end - function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_A'0) : () + predicate invariant'0 [#"../../../creusot-contracts/src/invariant.rs" 23 4 23 30] (self : t_Copied'0) = + [%#sinvariant3] inv'1 self - axiom produces_refl'0_spec : forall self : t_A'0 . [%#siter4] produces'1 self (Seq.empty : Seq.seq t_Item'0) self + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Copied'0) - function iterb'0 [#"../../../creusot-contracts/src/std/iter/zip.rs" 22 4 22 23] (self : t_Zip'0) : t_B'0 + axiom inv_axiom'0 [@rewrite] : forall x : t_Copied'0 [inv'0 x] . inv'0 x = invariant'0 x - axiom iterb'0_spec : forall self : t_Zip'0 . [%#szip3] inv'0 self -> inv'2 (iterb'0 self) + function iter'0 [#"../../../creusot-contracts/src/std/iter/copied.rs" 12 4 12 22] (self : t_Copied'0) : t_I'0 - use seq.Seq + axiom iter'0_spec : forall self : t_Copied'0 . [%#scopied2] inv'1 self -> inv'2 (iter'0 self) - use seq.Seq + predicate resolve'0 [#"../../../creusot-contracts/src/std/iter/copied.rs" 20 4 20 28] (self : t_Copied'0) = + [%#scopied1] resolve'1 (iter'0 self) - predicate produces'2 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_B'0) (visited : Seq.seq t_Item'1) (o : t_B'0) - + goal refines : [%#scopied0] forall self : t_Copied'0 . structural_resolve'0 self /\ inv'0 self + -> structural_resolve'0 self /\ (forall result : () . resolve'0 self -> resolve'0 self) +end +module M_creusot_contracts__stdqy35z1__iter__enumerate__qyi2208779330486735413__resolve_coherence__refines [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 37 4 37 31] (* as resolve::Resolve> *) + let%span senumerate0 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 37 4 37 31 + let%span senumerate1 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 30 8 30 29 + let%span senumerate2 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 14 14 14 39 + let%span sinvariant3 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 - function produces_trans'2 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_B'0) (ab : Seq.seq t_Item'1) (b : t_B'0) (bc : Seq.seq t_Item'1) (c : t_B'0) : () - + use prelude.prelude.Borrow - axiom produces_trans'2_spec : forall a : t_B'0, ab : Seq.seq t_Item'1, b : t_B'0, bc : Seq.seq t_Item'1, c : t_B'0 . ([%#siter5] produces'2 a ab b) - -> ([%#siter6] produces'2 b bc c) -> ([%#siter7] produces'2 a (Seq.(++) ab bc) c) + type t_I'0 - function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_B'0) : () + use prelude.prelude.UIntSize - axiom produces_refl'1_spec : forall self : t_B'0 . [%#siter4] produces'2 self (Seq.empty : Seq.seq t_Item'1) self + type t_Enumerate'0 = + { t_Enumerate__iter'0: t_I'0; t_Enumerate__count'0: usize } - predicate produces'0 [#"../../../creusot-contracts/src/std/iter/zip.rs" 43 4 43 64] (self : t_Zip'0) (visited : Seq.seq (t_Item'0, t_Item'1)) (o : t_Zip'0) - - = - [%#szip1] exists p1 : Seq.seq t_Item'0, p2 : Seq.seq t_Item'1 . Seq.length p1 = Seq.length p2 - /\ Seq.length p2 = Seq.length visited - /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> Seq.get visited i = (Seq.get p1 i, Seq.get p2 i)) - /\ produces'1 (itera'0 self) p1 (itera'0 o) /\ produces'2 (iterb'0 self) p2 (iterb'0 o) + predicate resolve'1 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : usize) = + true - use seq.Seq + predicate resolve'2 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_I'0) - goal refines : [%#szip0] forall a : t_Zip'0 . forall ab : Seq.seq (t_Item'0, t_Item'1) . forall b : t_Zip'0 . forall bc : Seq.seq (t_Item'0, t_Item'1) . forall c : t_Zip'0 . produces'0 b bc c - /\ produces'0 a ab b - -> produces'0 b bc c - /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) -end -module M_creusot_contracts__stdqy35z1__iter__zip__qyi2281060687216883844__produces_refl__refines [#"../../../creusot-contracts/src/std/iter/zip.rs" 56 4 56 26] (* as std::iter::Iterator> *) - let%span szip0 = "../../../creusot-contracts/src/std/iter/zip.rs" 56 4 56 26 - let%span szip1 = "../../../creusot-contracts/src/std/iter/zip.rs" 46 12 49 95 - let%span szip2 = "../../../creusot-contracts/src/std/iter/zip.rs" 14 14 14 39 - let%span szip3 = "../../../creusot-contracts/src/std/iter/zip.rs" 21 14 21 39 - let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 - let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 - let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 - let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 + predicate structural_resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 27 0 27 51] (_1 : t_Enumerate'0) = + match _1 with + | {t_Enumerate__iter'0 = x0 ; t_Enumerate__count'0 = x1} -> resolve'1 x1 /\ resolve'2 x0 + end - type t_A'0 + predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) - type t_B'0 + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Enumerate'0) - use prelude.prelude.UIntSize + axiom inv_axiom'1 : forall x : t_Enumerate'0 [inv'1 x] . inv'1 x + -> match x with + | {t_Enumerate__iter'0 = iter ; t_Enumerate__count'0 = count} -> inv'2 iter + end - type t_Zip'0 = - { t_Zip__a'0: t_A'0; t_Zip__b'0: t_B'0; t_Zip__index'0: usize; t_Zip__len'0: usize; t_Zip__a_len'0: usize } + predicate invariant'0 [#"../../../creusot-contracts/src/invariant.rs" 23 4 23 30] (self : t_Enumerate'0) = + [%#sinvariant3] inv'1 self - use seq.Seq + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Enumerate'0) - type t_Item'0 + axiom inv_axiom'0 [@rewrite] : forall x : t_Enumerate'0 [inv'0 x] . inv'0 x = invariant'0 x - type t_Item'1 + function iter'0 [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 15 4 15 22] (self : t_Enumerate'0) : t_I'0 - use seq.Seq + axiom iter'0_spec : forall self : t_Enumerate'0 . [%#senumerate2] inv'1 self -> inv'2 (iter'0 self) - use seq.Seq + predicate resolve'0 [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 29 4 29 28] (self : t_Enumerate'0) = + [%#senumerate1] resolve'2 (iter'0 self) - use seq.Seq + goal refines : [%#senumerate0] forall self : t_Enumerate'0 . structural_resolve'0 self /\ inv'0 self + -> structural_resolve'0 self /\ (forall result : () . resolve'0 self -> resolve'0 self) +end +module M_creusot_contracts__stdqy35z1__iter__map__qyi13484997498660514945__resolve_coherence__refines [#"../../../creusot-contracts/src/std/iter/map.rs" 40 4 40 31] (* as resolve::Resolve> *) + let%span smap0 = "../../../creusot-contracts/src/std/iter/map.rs" 40 4 40 31 + let%span smap1 = "../../../creusot-contracts/src/std/iter/map.rs" 32 8 32 54 + let%span smap2 = "../../../creusot-contracts/src/std/iter/map.rs" 15 14 15 39 + let%span smap3 = "../../../creusot-contracts/src/std/iter/map.rs" 22 14 22 39 + let%span sinvariant4 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 - use seq.Seq + use prelude.prelude.Borrow - use seq.Seq + type t_I'0 - use seq.Seq + type t_F'0 - use prelude.prelude.Int + type t_Map'0 = + { t_Map__iter'0: t_I'0; t_Map__f'0: t_F'0 } - use seq.Seq + predicate resolve'1 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_F'0) - use seq.Seq + predicate resolve'2 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_I'0) - use seq.Seq + predicate structural_resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 27 0 27 51] (_1 : t_Map'0) = + match _1 with + | {t_Map__iter'0 = x0 ; t_Map__f'0 = x1} -> resolve'1 x1 /\ resolve'2 x0 + end - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_A'0) + predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_B'0) + predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_F'0) - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Zip'0) + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Map'0) - axiom inv_axiom'0 [@rewrite] : forall x : t_Zip'0 [inv'0 x] . inv'0 x + axiom inv_axiom'1 [@rewrite] : forall x : t_Map'0 [inv'1 x] . inv'1 x = match x with - | {t_Zip__a'0 = a ; t_Zip__b'0 = b ; t_Zip__index'0 = index ; t_Zip__len'0 = len ; t_Zip__a_len'0 = a_len} -> inv'1 a - /\ inv'2 b + | {t_Map__iter'0 = iter ; t_Map__f'0 = f} -> inv'2 iter /\ inv'3 f end - function itera'0 [#"../../../creusot-contracts/src/std/iter/zip.rs" 15 4 15 23] (self : t_Zip'0) : t_A'0 - - axiom itera'0_spec : forall self : t_Zip'0 . [%#szip2] inv'0 self -> inv'1 (itera'0 self) - - use seq.Seq + predicate invariant'0 [#"../../../creusot-contracts/src/invariant.rs" 23 4 23 30] (self : t_Map'0) = + [%#sinvariant4] inv'1 self - use seq.Seq + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Map'0) - predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_A'0) (visited : Seq.seq t_Item'0) (o : t_A'0) - + axiom inv_axiom'0 [@rewrite] : forall x : t_Map'0 [inv'0 x] . inv'0 x = invariant'0 x - function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_A'0) (ab : Seq.seq t_Item'0) (b : t_A'0) (bc : Seq.seq t_Item'0) (c : t_A'0) : () - + function iter'0 [#"../../../creusot-contracts/src/std/iter/map.rs" 16 4 16 22] (self : t_Map'0) : t_I'0 - axiom produces_trans'0_spec : forall a : t_A'0, ab : Seq.seq t_Item'0, b : t_A'0, bc : Seq.seq t_Item'0, c : t_A'0 . ([%#siter5] produces'1 a ab b) - -> ([%#siter6] produces'1 b bc c) -> ([%#siter7] produces'1 a (Seq.(++) ab bc) c) + axiom iter'0_spec : forall self : t_Map'0 . [%#smap2] inv'1 self -> inv'2 (iter'0 self) - function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_A'0) : () + function func'0 [#"../../../creusot-contracts/src/std/iter/map.rs" 23 4 23 22] (self : t_Map'0) : t_F'0 - axiom produces_refl'1_spec : forall self : t_A'0 . [%#siter4] produces'1 self (Seq.empty : Seq.seq t_Item'0) self + axiom func'0_spec : forall self : t_Map'0 . [%#smap3] inv'1 self -> inv'3 (func'0 self) - function iterb'0 [#"../../../creusot-contracts/src/std/iter/zip.rs" 22 4 22 23] (self : t_Zip'0) : t_B'0 + predicate resolve'0 [#"../../../creusot-contracts/src/std/iter/map.rs" 31 4 31 28] (self : t_Map'0) = + [%#smap1] resolve'2 (iter'0 self) /\ resolve'1 (func'0 self) - axiom iterb'0_spec : forall self : t_Zip'0 . [%#szip3] inv'0 self -> inv'2 (iterb'0 self) + goal refines : [%#smap0] forall self : t_Map'0 . structural_resolve'0 self /\ inv'0 self + -> structural_resolve'0 self /\ (forall result : () . resolve'0 self -> resolve'0 self) +end +module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi5691635635396426195__resolve_coherence__refines [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 64 4 64 31] (* as resolve::Resolve> *) + let%span smap_inv0 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 64 4 64 31 + let%span smap_inv1 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 57 8 57 50 + let%span sinvariant2 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 - use seq.Seq + use prelude.prelude.Borrow - use seq.Seq + type t_I'0 - predicate produces'2 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_B'0) (visited : Seq.seq t_Item'1) (o : t_B'0) - + type t_F'0 - function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_B'0) (ab : Seq.seq t_Item'1) (b : t_B'0) (bc : Seq.seq t_Item'1) (c : t_B'0) : () - + type t_B'0 - axiom produces_trans'1_spec : forall a : t_B'0, ab : Seq.seq t_Item'1, b : t_B'0, bc : Seq.seq t_Item'1, c : t_B'0 . ([%#siter5] produces'2 a ab b) - -> ([%#siter6] produces'2 b bc c) -> ([%#siter7] produces'2 a (Seq.(++) ab bc) c) + use seq.Seq - function produces_refl'2 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_B'0) : () + use prelude.prelude.Snapshot - axiom produces_refl'2_spec : forall self : t_B'0 . [%#siter4] produces'2 self (Seq.empty : Seq.seq t_Item'1) self + type t_MapInv'0 = + { t_MapInv__iter'0: t_I'0; t_MapInv__func'0: t_F'0; t_MapInv__produced'0: Snapshot.snap_ty (Seq.seq t_B'0) } - predicate produces'0 [#"../../../creusot-contracts/src/std/iter/zip.rs" 43 4 43 64] (self : t_Zip'0) (visited : Seq.seq (t_Item'0, t_Item'1)) (o : t_Zip'0) - + predicate resolve'1 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : Snapshot.snap_ty (Seq.seq t_B'0)) = - [%#szip1] exists p1 : Seq.seq t_Item'0, p2 : Seq.seq t_Item'1 . Seq.length p1 = Seq.length p2 - /\ Seq.length p2 = Seq.length visited - /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> Seq.get visited i = (Seq.get p1 i, Seq.get p2 i)) - /\ produces'1 (itera'0 self) p1 (itera'0 o) /\ produces'2 (iterb'0 self) p2 (iterb'0 o) + true - goal refines : [%#szip0] forall self : t_Zip'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq (t_Item'0, t_Item'1)) self - -> produces'0 self (Seq.empty : Seq.seq (t_Item'0, t_Item'1)) self -end -module M_creusot_contracts__stdqy35z1__option__qyi15354566128244900690__produces_refl__refines [#"../../../creusot-contracts/src/std/option.rs" 477 4 477 26] (* as std::iter::Iterator> *) - let%span soption0 = "../../../creusot-contracts/src/std/option.rs" 477 4 477 26 - let%span soption1 = "../../../creusot-contracts/src/std/option.rs" 469 12 470 96 + predicate resolve'2 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_F'0) - type t_T'0 + predicate resolve'3 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_I'0) - type t_Option'0 = - | C_None'0 - | C_Some'0 t_T'0 + predicate structural_resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 27 0 27 51] (_1 : t_MapInv'0) = + match _1 with + | {t_MapInv__iter'0 = x0 ; t_MapInv__func'0 = x1 ; t_MapInv__produced'0 = x2} -> resolve'1 x2 + /\ resolve'2 x1 /\ resolve'3 x0 + end - type t_Item'0 = - { t_Item__opt'0: t_Option'0 } + predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) - type t_IntoIter'0 = - { t_IntoIter__inner'0: t_Item'0 } + predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_F'0) - use seq.Seq + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_MapInv'0) - use seq.Seq + axiom inv_axiom'1 : forall x : t_MapInv'0 [inv'1 x] . inv'1 x + -> match x with + | {t_MapInv__iter'0 = iter ; t_MapInv__func'0 = func ; t_MapInv__produced'0 = produced} -> inv'2 iter /\ inv'3 func + end - function view'0 [#"../../../creusot-contracts/src/std/option.rs" 453 4 453 30] (self : t_IntoIter'0) : t_Option'0 + predicate invariant'0 [#"../../../creusot-contracts/src/invariant.rs" 23 4 23 30] (self : t_MapInv'0) = + [%#sinvariant2] inv'1 self - use seq.Seq + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_MapInv'0) - predicate produces'0 [#"../../../creusot-contracts/src/std/option.rs" 467 4 467 64] (self : t_IntoIter'0) (visited : Seq.seq t_T'0) (o : t_IntoIter'0) - - = - [%#soption1] visited = (Seq.empty : Seq.seq t_T'0) /\ self = o - \/ (exists e : t_T'0 . view'0 self = C_Some'0 e /\ visited = Seq.singleton e /\ view'0 o = C_None'0) + axiom inv_axiom'0 [@rewrite] : forall x : t_MapInv'0 [inv'0 x] . inv'0 x = invariant'0 x - goal refines : [%#soption0] forall self : t_IntoIter'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_T'0) self - -> produces'0 self (Seq.empty : Seq.seq t_T'0) self + predicate resolve'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 56 4 56 28] (self : t_MapInv'0) = + [%#smap_inv1] resolve'3 self.t_MapInv__iter'0 /\ resolve'2 self.t_MapInv__func'0 + + goal refines : [%#smap_inv0] forall self : t_MapInv'0 . structural_resolve'0 self /\ inv'0 self + -> structural_resolve'0 self /\ (forall result : () . resolve'0 self -> resolve'0 self) end -module M_creusot_contracts__stdqy35z1__option__qyi15354566128244900690__produces_trans__refines [#"../../../creusot-contracts/src/std/option.rs" 484 4 484 90] (* as std::iter::Iterator> *) - let%span soption0 = "../../../creusot-contracts/src/std/option.rs" 484 4 484 90 - let%span soption1 = "../../../creusot-contracts/src/std/option.rs" 469 12 470 96 +module M_creusot_contracts__stdqy35z1__iter__skip__qyi14372835745621067113__resolve_coherence__refines [#"../../../creusot-contracts/src/std/iter/skip.rs" 40 4 40 31] (* as resolve::Resolve> *) + let%span sskip0 = "../../../creusot-contracts/src/std/iter/skip.rs" 40 4 40 31 + let%span sskip1 = "../../../creusot-contracts/src/std/iter/skip.rs" 32 12 32 33 + let%span sskip2 = "../../../creusot-contracts/src/std/iter/skip.rs" 14 14 14 39 + let%span sinvariant3 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 - type t_T'0 + use prelude.prelude.Borrow - type t_Option'0 = - | C_None'0 - | C_Some'0 t_T'0 + type t_I'0 - type t_Item'0 = - { t_Item__opt'0: t_Option'0 } + use prelude.prelude.UIntSize - type t_IntoIter'0 = - { t_IntoIter__inner'0: t_Item'0 } + type t_Skip'0 = + { t_Skip__iter'0: t_I'0; t_Skip__n'0: usize } - use seq.Seq + predicate resolve'1 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : usize) = + true - use seq.Seq + predicate resolve'2 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_I'0) - function view'0 [#"../../../creusot-contracts/src/std/option.rs" 453 4 453 30] (self : t_IntoIter'0) : t_Option'0 + predicate structural_resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 27 0 27 51] (_1 : t_Skip'0) = + match _1 with + | {t_Skip__iter'0 = x0 ; t_Skip__n'0 = x1} -> resolve'1 x1 /\ resolve'2 x0 + end - use seq.Seq + predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) - predicate produces'0 [#"../../../creusot-contracts/src/std/option.rs" 467 4 467 64] (self : t_IntoIter'0) (visited : Seq.seq t_T'0) (o : t_IntoIter'0) - - = - [%#soption1] visited = (Seq.empty : Seq.seq t_T'0) /\ self = o - \/ (exists e : t_T'0 . view'0 self = C_Some'0 e /\ visited = Seq.singleton e /\ view'0 o = C_None'0) + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Skip'0) - use seq.Seq + axiom inv_axiom'1 [@rewrite] : forall x : t_Skip'0 [inv'1 x] . inv'1 x + = match x with + | {t_Skip__iter'0 = iter ; t_Skip__n'0 = n} -> inv'2 iter + end - goal refines : [%#soption0] forall a : t_IntoIter'0 . forall ab : Seq.seq t_T'0 . forall b : t_IntoIter'0 . forall bc : Seq.seq t_T'0 . forall c : t_IntoIter'0 . produces'0 b bc c - /\ produces'0 a ab b - -> produces'0 b bc c - /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) -end -module M_creusot_contracts__stdqy35z1__option__qyi15411423289202690388__produces_refl__refines [#"../../../creusot-contracts/src/std/option.rs" 530 4 530 26] (* as std::iter::Iterator> *) - let%span soption0 = "../../../creusot-contracts/src/std/option.rs" 530 4 530 26 - let%span soption1 = "../../../creusot-contracts/src/std/option.rs" 522 12 523 96 + predicate invariant'0 [#"../../../creusot-contracts/src/invariant.rs" 23 4 23 30] (self : t_Skip'0) = + [%#sinvariant3] inv'1 self - use prelude.prelude.Borrow + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Skip'0) - type t_T'0 + axiom inv_axiom'0 [@rewrite] : forall x : t_Skip'0 [inv'0 x] . inv'0 x = invariant'0 x - type t_Option'0 = - | C_None'0 - | C_Some'0 t_T'0 + function iter'0 [#"../../../creusot-contracts/src/std/iter/skip.rs" 15 4 15 22] (self : t_Skip'0) : t_I'0 - type t_Item'0 = - { t_Item__opt'0: t_Option'0 } + axiom iter'0_spec : forall self : t_Skip'0 . [%#sskip2] inv'1 self -> inv'2 (iter'0 self) - type t_Iter'0 = - { t_Iter__inner'0: t_Item'0 } + predicate resolve'0 [#"../../../creusot-contracts/src/std/iter/skip.rs" 30 4 30 28] (self : t_Skip'0) = + [%#sskip1] resolve'2 (iter'0 self) - use seq.Seq + goal refines : [%#sskip0] forall self : t_Skip'0 . structural_resolve'0 self /\ inv'0 self + -> structural_resolve'0 self /\ (forall result : () . resolve'0 self -> resolve'0 self) +end +module M_creusot_contracts__stdqy35z1__iter__take__qyi11550387566643656565__resolve_coherence__refines [#"../../../creusot-contracts/src/std/iter/take.rs" 48 4 48 31] (* as resolve::Resolve> *) + let%span stake0 = "../../../creusot-contracts/src/std/iter/take.rs" 48 4 48 31 + let%span stake1 = "../../../creusot-contracts/src/std/iter/take.rs" 41 8 41 29 + let%span stake2 = "../../../creusot-contracts/src/std/iter/take.rs" 17 14 17 39 + let%span sinvariant3 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 - use seq.Seq + use prelude.prelude.Borrow - function view'0 [#"../../../creusot-contracts/src/std/option.rs" 506 4 506 34] (self : t_Iter'0) : t_Option'0 + type t_I'0 - use seq.Seq + use prelude.prelude.UIntSize - predicate produces'0 [#"../../../creusot-contracts/src/std/option.rs" 520 4 520 64] (self : t_Iter'0) (visited : Seq.seq t_T'0) (o : t_Iter'0) - - = - [%#soption1] visited = (Seq.empty : Seq.seq t_T'0) /\ self = o - \/ (exists e : t_T'0 . view'0 self = C_Some'0 e /\ visited = Seq.singleton e /\ view'0 o = C_None'0) + type t_Take'0 = + { t_Take__iter'0: t_I'0; t_Take__n'0: usize } - goal refines : [%#soption0] forall self : t_Iter'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_T'0) self - -> produces'0 self (Seq.empty : Seq.seq t_T'0) self -end -module M_creusot_contracts__stdqy35z1__option__qyi15411423289202690388__produces_trans__refines [#"../../../creusot-contracts/src/std/option.rs" 537 4 537 90] (* as std::iter::Iterator> *) - let%span soption0 = "../../../creusot-contracts/src/std/option.rs" 537 4 537 90 - let%span soption1 = "../../../creusot-contracts/src/std/option.rs" 522 12 523 96 + predicate resolve'1 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : usize) = + true - use prelude.prelude.Borrow + predicate resolve'2 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_I'0) - type t_T'0 + predicate structural_resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 27 0 27 51] (_1 : t_Take'0) = + match _1 with + | {t_Take__iter'0 = x0 ; t_Take__n'0 = x1} -> resolve'1 x1 /\ resolve'2 x0 + end - type t_Option'0 = - | C_None'0 - | C_Some'0 t_T'0 + predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) - type t_Item'0 = - { t_Item__opt'0: t_Option'0 } + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Take'0) - type t_Iter'0 = - { t_Iter__inner'0: t_Item'0 } + axiom inv_axiom'1 [@rewrite] : forall x : t_Take'0 [inv'1 x] . inv'1 x + = match x with + | {t_Take__iter'0 = iter ; t_Take__n'0 = n} -> inv'2 iter + end - use seq.Seq + predicate invariant'0 [#"../../../creusot-contracts/src/invariant.rs" 23 4 23 30] (self : t_Take'0) = + [%#sinvariant3] inv'1 self - use seq.Seq + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Take'0) - function view'0 [#"../../../creusot-contracts/src/std/option.rs" 506 4 506 34] (self : t_Iter'0) : t_Option'0 + axiom inv_axiom'0 [@rewrite] : forall x : t_Take'0 [inv'0 x] . inv'0 x = invariant'0 x - use seq.Seq + function iter'0 [#"../../../creusot-contracts/src/std/iter/take.rs" 18 4 18 22] (self : t_Take'0) : t_I'0 - predicate produces'0 [#"../../../creusot-contracts/src/std/option.rs" 520 4 520 64] (self : t_Iter'0) (visited : Seq.seq t_T'0) (o : t_Iter'0) - - = - [%#soption1] visited = (Seq.empty : Seq.seq t_T'0) /\ self = o - \/ (exists e : t_T'0 . view'0 self = C_Some'0 e /\ visited = Seq.singleton e /\ view'0 o = C_None'0) + axiom iter'0_spec : forall self : t_Take'0 . [%#stake2] inv'1 self -> inv'2 (iter'0 self) - use seq.Seq + predicate resolve'0 [#"../../../creusot-contracts/src/std/iter/take.rs" 40 4 40 28] (self : t_Take'0) = + [%#stake1] resolve'2 (iter'0 self) - goal refines : [%#soption0] forall a : t_Iter'0 . forall ab : Seq.seq t_T'0 . forall b : t_Iter'0 . forall bc : Seq.seq t_T'0 . forall c : t_Iter'0 . produces'0 b bc c - /\ produces'0 a ab b - -> produces'0 b bc c - /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) + goal refines : [%#stake0] forall self : t_Take'0 . structural_resolve'0 self /\ inv'0 self + -> structural_resolve'0 self /\ (forall result : () . resolve'0 self -> resolve'0 self) end -module M_creusot_contracts__stdqy35z1__option__qyi6601631924869095363__produces_trans__refines [#"../../../creusot-contracts/src/std/option.rs" 593 4 593 90] (* as std::iter::Iterator> *) - let%span soption0 = "../../../creusot-contracts/src/std/option.rs" 593 4 593 90 - let%span soption1 = "../../../creusot-contracts/src/std/option.rs" 578 12 579 96 +module M_creusot_contracts__stdqy35z1__slice__qyi4472237099583716627__resolve_coherence__refines [#"../../../creusot-contracts/src/std/slice.rs" 445 4 445 31] (* as resolve::Resolve> *) + let%span sslice0 = "../../../creusot-contracts/src/std/slice.rs" 445 4 445 31 + let%span sslice1 = "../../../creusot-contracts/src/std/slice.rs" 437 20 437 36 + let%span sslice2 = "../../../creusot-contracts/src/std/slice.rs" 427 14 427 50 + let%span sslice3 = "../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 + let%span sslice4 = "../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 use prelude.prelude.Borrow - type t_T'0 - - type t_Option'0 = - | C_None'0 - | C_Some'0 (borrowed t_T'0) + use prelude.prelude.Opaque - type t_Item'0 = - { t_Item__opt'0: t_Option'0 } + type t_NonNull'0 = + { t_NonNull__pointer'0: opaque_ptr } type t_IterMut'0 = - { t_IterMut__inner'0: t_Item'0 } + { t_IterMut__ptr'0: t_NonNull'0; t_IterMut__end_or_len'0: opaque_ptr; t_IterMut__qy95zmarker'0: () } - use seq.Seq + predicate resolve'1 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : ()) = + true - use seq.Seq + predicate resolve'2 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : opaque_ptr) = + true - function view'0 [#"../../../creusot-contracts/src/std/option.rs" 562 4 562 38] (self : t_IterMut'0) : t_Option'0 + predicate resolve'3 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_NonNull'0) = + true - use seq.Seq + predicate structural_resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 27 0 27 51] (_1 : t_IterMut'0) = + match _1 with + | {t_IterMut__ptr'0 = x0 ; t_IterMut__end_or_len'0 = x1 ; t_IterMut__qy95zmarker'0 = x2} -> resolve'1 x2 + /\ resolve'2 x1 /\ resolve'3 x0 + end - predicate produces'0 [#"../../../creusot-contracts/src/std/option.rs" 576 4 576 64] (self : t_IterMut'0) (visited : Seq.seq (borrowed t_T'0)) (o : t_IterMut'0) - - = - [%#soption1] visited = (Seq.empty : Seq.seq (borrowed t_T'0)) /\ self = o - \/ (exists e : borrowed t_T'0 . view'0 self = C_Some'0 e /\ visited = Seq.singleton e /\ view'0 o = C_None'0) + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_IterMut'0) + + axiom inv_axiom'0 [@rewrite] : forall x : t_IterMut'0 [inv'0 x] . inv'0 x = true use seq.Seq - goal refines : [%#soption0] forall a : t_IterMut'0 . forall ab : Seq.seq (borrowed t_T'0) . forall b : t_IterMut'0 . forall bc : Seq.seq (borrowed t_T'0) . forall c : t_IterMut'0 . produces'0 b bc c - /\ produces'0 a ab b - -> produces'0 b bc c - /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) -end -module M_creusot_contracts__stdqy35z1__option__qyi6601631924869095363__produces_refl__refines [#"../../../creusot-contracts/src/std/option.rs" 586 4 586 26] (* as std::iter::Iterator> *) - let%span soption0 = "../../../creusot-contracts/src/std/option.rs" 586 4 586 26 - let%span soption1 = "../../../creusot-contracts/src/std/option.rs" 578 12 579 96 + use prelude.prelude.UIntSize - use prelude.prelude.Borrow + constant v_MAX'0 : usize = (18446744073709551615 : usize) - type t_T'0 + use prelude.prelude.UIntSize - type t_Option'0 = - | C_None'0 - | C_Some'0 (borrowed t_T'0) + use prelude.prelude.Int - type t_Item'0 = - { t_Item__opt'0: t_Option'0 } + use prelude.prelude.Slice - type t_IterMut'0 = - { t_IterMut__inner'0: t_Item'0 } + use prelude.prelude.Slice - use seq.Seq + type t_T'0 use seq.Seq - function view'0 [#"../../../creusot-contracts/src/std/option.rs" 562 4 562 38] (self : t_IterMut'0) : t_Option'0 + function view'1 [#"../../../creusot-contracts/src/std/slice.rs" 30 4 30 33] (self : slice t_T'0) : Seq.seq t_T'0 - use seq.Seq + axiom view'1_spec : forall self : slice t_T'0 . ([%#sslice3] Seq.length (view'1 self) + <= UIntSize.to_int (v_MAX'0 : usize)) + && ([%#sslice4] view'1 self = Slice.id self) - predicate produces'0 [#"../../../creusot-contracts/src/std/option.rs" 576 4 576 64] (self : t_IterMut'0) (visited : Seq.seq (borrowed t_T'0)) (o : t_IterMut'0) + function view'0 [#"../../../creusot-contracts/src/std/slice.rs" 428 4 428 33] (self : t_IterMut'0) : borrowed (slice t_T'0) - = - [%#soption1] visited = (Seq.empty : Seq.seq (borrowed t_T'0)) /\ self = o - \/ (exists e : borrowed t_T'0 . view'0 self = C_Some'0 e /\ visited = Seq.singleton e /\ view'0 o = C_None'0) - goal refines : [%#soption0] forall self : t_IterMut'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq (borrowed t_T'0)) self - -> produces'0 self (Seq.empty : Seq.seq (borrowed t_T'0)) self + axiom view'0_spec : forall self : t_IterMut'0 . [%#sslice2] Seq.length (view'1 (view'0 self).final) + = Seq.length (view'1 (view'0 self).current) + + predicate resolve'0 [#"../../../creusot-contracts/src/std/slice.rs" 436 4 436 28] (self : t_IterMut'0) = + [%#sslice1] (view'0 self).current = (view'0 self).final + + goal refines : [%#sslice0] forall self : t_IterMut'0 . structural_resolve'0 self /\ inv'0 self + -> structural_resolve'0 self /\ (forall result : () . resolve'0 self -> resolve'0 self) end -module M_creusot_contracts__stdqy35z1__slice__qyi8256668011736225471__produces_trans__refines [#"../../../creusot-contracts/src/std/slice.rs" 419 4 419 90] (* as std::iter::Iterator> *) - let%span sslice0 = "../../../creusot-contracts/src/std/slice.rs" 419 4 419 90 - let%span sslice1 = "../../../creusot-contracts/src/std/slice.rs" 405 12 405 66 - let%span sslice2 = "../../../creusot-contracts/src/std/slice.rs" 96 14 96 41 - let%span sslice3 = "../../../creusot-contracts/src/std/slice.rs" 97 14 97 80 - let%span smodel4 = "../../../creusot-contracts/src/model.rs" 92 8 92 22 - let%span sindex5 = "../../../creusot-contracts/src/logic/ops/index.rs" 49 8 49 31 - let%span sslice6 = "../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 - let%span sslice7 = "../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 +module M_creusot_contracts__stdqy35z1__vec__qyi6844585276173866460__resolve_coherence__refines [#"../../../creusot-contracts/src/std/vec.rs" 56 4 56 31] (* as resolve::Resolve> *) + let%span svec0 = "../../../creusot-contracts/src/std/vec.rs" 56 4 56 31 + let%span svec1 = "../../../creusot-contracts/src/std/vec.rs" 49 20 49 83 + let%span svec2 = "../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 + let%span sindex3 = "../../../creusot-contracts/src/logic/ops/index.rs" 27 8 27 31 + let%span sinvariant4 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 + let%span svec5 = "../../../creusot-contracts/src/std/vec.rs" 65 20 65 41 + let%span sseq6 = "../../../creusot-contracts/src/logic/seq.rs" 623 20 623 95 + let%span sboxed7 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 + + use prelude.prelude.Borrow use prelude.prelude.Opaque type t_NonNull'0 = { t_NonNull__pointer'0: opaque_ptr } - type t_Iter'0 = - { t_Iter__ptr'0: t_NonNull'0; t_Iter__end_or_len'0: opaque_ptr; t_Iter__qy95zmarker'0: () } + type t_Unique'0 = + { t_Unique__pointer'0: t_NonNull'0; t_Unique__qy95zmarker'0: () } - use prelude.prelude.Borrow + use prelude.prelude.UIntSize + + type t_Cap'0 = + { t_Cap__0'0: usize } - type t_T'0 + type t_A'0 - use seq.Seq + type t_RawVec'0 = + { t_RawVec__ptr'0: t_Unique'0; t_RawVec__cap'0: t_Cap'0; t_RawVec__alloc'0: t_A'0 } - use prelude.prelude.Slice + type t_Vec'0 = + { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: usize } - function view'0 [#"../../../creusot-contracts/src/std/slice.rs" 389 4 389 33] (self : t_Iter'0) : slice t_T'0 + predicate resolve'1 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : usize) = + true - use seq.Seq + predicate resolve'2 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_RawVec'0) = + true - use seq.Seq + predicate structural_resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 27 0 27 51] (_1 : t_Vec'0) = + match _1 with + | {t_Vec__buf'0 = x0 ; t_Vec__len'0 = x1} -> resolve'1 x1 /\ resolve'2 x0 + end use seq.Seq - use prelude.prelude.UIntSize - constant v_MAX'0 : usize = (18446744073709551615 : usize) use prelude.prelude.UIntSize use prelude.prelude.Int - use prelude.prelude.Slice + type t_T'0 - function view'2 [#"../../../creusot-contracts/src/std/slice.rs" 30 4 30 33] (self : slice t_T'0) : Seq.seq t_T'0 + use seq.Seq - axiom view'2_spec : forall self : slice t_T'0 . ([%#sslice6] Seq.length (view'2 self) - <= UIntSize.to_int (v_MAX'0 : usize)) - && ([%#sslice7] view'2 self = Slice.id self) + function view'0 [#"../../../creusot-contracts/src/std/vec.rs" 19 4 19 27] (self : t_Vec'0) : Seq.seq t_T'0 - function view'1 [#"../../../creusot-contracts/src/model.rs" 91 4 91 33] (self : slice t_T'0) : Seq.seq t_T'0 = - [%#smodel4] view'2 self + axiom view'0_spec : forall self : t_Vec'0 . [%#svec2] Seq.length (view'0 self) <= UIntSize.to_int (v_MAX'0 : usize) use seq.Seq - use seq.Seq + predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) - function index_logic'0 [@inline:trivial] [#"../../../creusot-contracts/src/logic/ops/index.rs" 48 4 48 47] (self : slice t_T'0) (ix : int) : t_T'0 - - = - [%#sindex5] Seq.get (view'2 self) ix + predicate invariant'3 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : t_T'0) = + [%#sboxed7] inv'4 self - function to_ref_seq'0 [#"../../../creusot-contracts/src/std/slice.rs" 98 4 98 35] (self : slice t_T'0) : Seq.seq t_T'0 + predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) - axiom to_ref_seq'0_spec : forall self : slice t_T'0 . ([%#sslice2] Seq.length (to_ref_seq'0 self) - = Seq.length (view'1 self)) - && ([%#sslice3] forall i : int . 0 <= i /\ i < Seq.length (to_ref_seq'0 self) - -> Seq.get (to_ref_seq'0 self) i = index_logic'0 self i) + axiom inv_axiom'3 [@rewrite] : forall x : t_T'0 [inv'3 x] . inv'3 x = invariant'3 x - use seq.Seq + predicate invariant'2 [#"../../../creusot-contracts/src/logic/seq.rs" 622 4 622 30] (self : Seq.seq t_T'0) = + [%#sseq6] forall i : int . 0 <= i /\ i < Seq.length self -> inv'3 (Seq.get self i) - predicate produces'0 [#"../../../creusot-contracts/src/std/slice.rs" 403 4 403 65] (self : t_Iter'0) (visited : Seq.seq t_T'0) (tl : t_Iter'0) - - = - [%#sslice1] to_ref_seq'0 (view'0 self) = Seq.(++) visited (to_ref_seq'0 (view'0 tl)) + predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t_T'0) - goal refines : [%#sslice0] forall a : t_Iter'0 . forall ab : Seq.seq t_T'0 . forall b : t_Iter'0 . forall bc : Seq.seq t_T'0 . forall c : t_Iter'0 . produces'0 b bc c - /\ produces'0 a ab b - -> produces'0 b bc c - /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) -end -module M_creusot_contracts__stdqy35z1__slice__qyi8256668011736225471__produces_refl__refines [#"../../../creusot-contracts/src/std/slice.rs" 412 4 412 26] (* as std::iter::Iterator> *) - let%span sslice0 = "../../../creusot-contracts/src/std/slice.rs" 412 4 412 26 - let%span sslice1 = "../../../creusot-contracts/src/std/slice.rs" 405 12 405 66 - let%span sslice2 = "../../../creusot-contracts/src/std/slice.rs" 96 14 96 41 - let%span sslice3 = "../../../creusot-contracts/src/std/slice.rs" 97 14 97 80 - let%span smodel4 = "../../../creusot-contracts/src/model.rs" 92 8 92 22 - let%span sindex5 = "../../../creusot-contracts/src/logic/ops/index.rs" 49 8 49 31 - let%span sslice6 = "../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 - let%span sslice7 = "../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 + axiom inv_axiom'2 [@rewrite] : forall x : Seq.seq t_T'0 [inv'2 x] . inv'2 x = invariant'2 x - use prelude.prelude.Opaque + predicate invariant'1 [#"../../../creusot-contracts/src/std/vec.rs" 64 4 64 30] (self : t_Vec'0) = + [%#svec5] inv'2 (view'0 self) - type t_NonNull'0 = - { t_NonNull__pointer'0: opaque_ptr } + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Vec'0) - type t_Iter'0 = - { t_Iter__ptr'0: t_NonNull'0; t_Iter__end_or_len'0: opaque_ptr; t_Iter__qy95zmarker'0: () } + axiom inv_axiom'1 [@rewrite] : forall x : t_Vec'0 [inv'1 x] . inv'1 x = invariant'1 x - use seq.Seq + predicate invariant'0 [#"../../../creusot-contracts/src/invariant.rs" 23 4 23 30] (self : t_Vec'0) = + [%#sinvariant4] inv'1 self - use prelude.prelude.Borrow + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Vec'0) - type t_T'0 + axiom inv_axiom'0 [@rewrite] : forall x : t_Vec'0 [inv'0 x] . inv'0 x = invariant'0 x use seq.Seq - use prelude.prelude.Slice + function index_logic'0 [@inline:trivial] [#"../../../creusot-contracts/src/logic/ops/index.rs" 26 4 26 47] (self : t_Vec'0) (ix : int) : t_T'0 + + = + [%#sindex3] Seq.get (view'0 self) ix - function view'0 [#"../../../creusot-contracts/src/std/slice.rs" 389 4 389 33] (self : t_Iter'0) : slice t_T'0 + predicate resolve'3 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_T'0) - use seq.Seq + predicate resolve'0 [#"../../../creusot-contracts/src/std/vec.rs" 48 4 48 28] (self : t_Vec'0) = + [%#svec1] forall i : int . 0 <= i /\ i < Seq.length (view'0 self) -> resolve'3 (index_logic'0 self i) - use seq.Seq + goal refines : [%#svec0] forall self : t_Vec'0 . structural_resolve'0 self /\ inv'0 self + -> structural_resolve'0 self /\ (forall result : () . resolve'0 self -> resolve'0 self) +end +module M_creusot_contracts__stdqy35z1__vec__qyi8594830193745006303__resolve_coherence__refines [#"../../../creusot-contracts/src/std/vec.rs" 250 4 250 31] (* as resolve::Resolve> *) + let%span svec0 = "../../../creusot-contracts/src/std/vec.rs" 250 4 250 31 + let%span svec1 = "../../../creusot-contracts/src/std/vec.rs" 243 20 243 83 + let%span sinvariant2 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 - use seq.Seq + use prelude.prelude.Borrow - use prelude.prelude.UIntSize + use prelude.prelude.Opaque - constant v_MAX'0 : usize = (18446744073709551615 : usize) + type t_NonNull'0 = + { t_NonNull__pointer'0: opaque_ptr } use prelude.prelude.UIntSize - use prelude.prelude.Int + type t_A'0 - use prelude.prelude.Slice + type t_ManuallyDrop'0 = + { t_ManuallyDrop__value'0: t_A'0 } - function view'2 [#"../../../creusot-contracts/src/std/slice.rs" 30 4 30 33] (self : slice t_T'0) : Seq.seq t_T'0 + type t_IntoIter'0 = + { t_IntoIter__buf'0: t_NonNull'0; + t_IntoIter__phantom'0: (); + t_IntoIter__cap'0: usize; + t_IntoIter__alloc'0: t_ManuallyDrop'0; + t_IntoIter__ptr'0: t_NonNull'0; + t_IntoIter__end'0: opaque_ptr } - axiom view'2_spec : forall self : slice t_T'0 . ([%#sslice6] Seq.length (view'2 self) - <= UIntSize.to_int (v_MAX'0 : usize)) - && ([%#sslice7] view'2 self = Slice.id self) + predicate resolve'1 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : opaque_ptr) = + true - function view'1 [#"../../../creusot-contracts/src/model.rs" 91 4 91 33] (self : slice t_T'0) : Seq.seq t_T'0 = - [%#smodel4] view'2 self + predicate resolve'2 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_NonNull'0) = + true - use seq.Seq + predicate resolve'3 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_ManuallyDrop'0) = + true - use seq.Seq + predicate resolve'4 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : usize) = + true - function index_logic'0 [@inline:trivial] [#"../../../creusot-contracts/src/logic/ops/index.rs" 48 4 48 47] (self : slice t_T'0) (ix : int) : t_T'0 - - = - [%#sindex5] Seq.get (view'2 self) ix + predicate resolve'5 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : ()) = + true - function to_ref_seq'0 [#"../../../creusot-contracts/src/std/slice.rs" 98 4 98 35] (self : slice t_T'0) : Seq.seq t_T'0 + predicate structural_resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 27 0 27 51] (_1 : t_IntoIter'0) = + match _1 with + | {t_IntoIter__buf'0 = x0 ; t_IntoIter__phantom'0 = x1 ; t_IntoIter__cap'0 = x2 ; t_IntoIter__alloc'0 = x3 ; t_IntoIter__ptr'0 = x4 ; t_IntoIter__end'0 = x5} -> resolve'1 x5 + /\ resolve'2 x4 /\ resolve'3 x3 /\ resolve'4 x2 /\ resolve'5 x1 /\ resolve'2 x0 + end - axiom to_ref_seq'0_spec : forall self : slice t_T'0 . ([%#sslice2] Seq.length (to_ref_seq'0 self) - = Seq.length (view'1 self)) - && ([%#sslice3] forall i : int . 0 <= i /\ i < Seq.length (to_ref_seq'0 self) - -> Seq.get (to_ref_seq'0 self) i = index_logic'0 self i) + predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_A'0) - use seq.Seq + predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_ManuallyDrop'0) - predicate produces'0 [#"../../../creusot-contracts/src/std/slice.rs" 403 4 403 65] (self : t_Iter'0) (visited : Seq.seq t_T'0) (tl : t_Iter'0) - - = - [%#sslice1] to_ref_seq'0 (view'0 self) = Seq.(++) visited (to_ref_seq'0 (view'0 tl)) + axiom inv_axiom'2 [@rewrite] : forall x : t_ManuallyDrop'0 [inv'2 x] . inv'2 x + = match x with + | {t_ManuallyDrop__value'0 = value} -> inv'3 value + end - goal refines : [%#sslice0] forall self : t_Iter'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_T'0) self - -> produces'0 self (Seq.empty : Seq.seq t_T'0) self -end -module M_creusot_contracts__stdqy35z1__slice__qyi7128337469104663169__produces_refl__refines [#"../../../creusot-contracts/src/std/slice.rs" 466 4 466 26] (* as std::iter::Iterator> *) - let%span sslice0 = "../../../creusot-contracts/src/std/slice.rs" 466 4 466 26 - let%span sslice1 = "../../../creusot-contracts/src/std/slice.rs" 459 12 459 66 - let%span sslice2 = "../../../creusot-contracts/src/std/slice.rs" 427 14 427 50 - let%span sslice3 = "../../../creusot-contracts/src/std/slice.rs" 87 14 87 41 - let%span sslice4 = "../../../creusot-contracts/src/std/slice.rs" 88 14 88 84 - let%span sslice5 = "../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 - let%span sslice6 = "../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 - let%span smodel7 = "../../../creusot-contracts/src/model.rs" 110 8 110 22 - let%span sindex8 = "../../../creusot-contracts/src/logic/ops/index.rs" 49 8 49 31 + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_IntoIter'0) - use prelude.prelude.Opaque + axiom inv_axiom'1 [@rewrite] : forall x : t_IntoIter'0 [inv'1 x] . inv'1 x + = match x with + | {t_IntoIter__buf'0 = buf ; t_IntoIter__phantom'0 = phantom ; t_IntoIter__cap'0 = cap ; t_IntoIter__alloc'0 = alloc ; t_IntoIter__ptr'0 = ptr ; t_IntoIter__end'0 = end'} -> inv'2 alloc + end - type t_NonNull'0 = - { t_NonNull__pointer'0: opaque_ptr } + predicate invariant'0 [#"../../../creusot-contracts/src/invariant.rs" 23 4 23 30] (self : t_IntoIter'0) = + [%#sinvariant2] inv'1 self - type t_IterMut'0 = - { t_IterMut__ptr'0: t_NonNull'0; t_IterMut__end_or_len'0: opaque_ptr; t_IterMut__qy95zmarker'0: () } + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_IntoIter'0) - use seq.Seq + axiom inv_axiom'0 [@rewrite] : forall x : t_IntoIter'0 [inv'0 x] . inv'0 x = invariant'0 x - use prelude.prelude.Borrow + use prelude.prelude.Int type t_T'0 use seq.Seq - use seq.Seq + function view'0 [#"../../../creusot-contracts/src/std/vec.rs" 234 4 234 33] (self : t_IntoIter'0) : Seq.seq t_T'0 - use prelude.prelude.UIntSize + use seq.Seq - constant v_MAX'0 : usize = (18446744073709551615 : usize) + use seq.Seq - use prelude.prelude.UIntSize + predicate resolve'6 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_T'0) - use prelude.prelude.Int + predicate resolve'0 [#"../../../creusot-contracts/src/std/vec.rs" 242 4 242 28] (self : t_IntoIter'0) = + [%#svec1] forall i : int . 0 <= i /\ i < Seq.length (view'0 self) -> resolve'6 (Seq.get (view'0 self) i) - use prelude.prelude.Slice + goal refines : [%#svec0] forall self : t_IntoIter'0 . structural_resolve'0 self /\ inv'0 self + -> structural_resolve'0 self /\ (forall result : () . resolve'0 self -> resolve'0 self) +end +module M_creusot_contracts__ghost__qyi2241556416362616690__resolve_coherence__refines [#"../../../creusot-contracts/src/ghost.rs" 117 4 117 31] (* as resolve::Resolve> *) + let%span sghost0 = "../../../creusot-contracts/src/ghost.rs" 117 4 117 31 + let%span sghost1 = "../../../creusot-contracts/src/ghost.rs" 110 8 110 24 + let%span sresolve2 = "../../../creusot-contracts/src/resolve.rs" 68 8 68 23 + let%span sinvariant3 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 + let%span sboxed4 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 - use prelude.prelude.Slice + use prelude.prelude.Borrow - use seq.Seq + type t_T'0 - function view'1 [#"../../../creusot-contracts/src/std/slice.rs" 30 4 30 33] (self : slice t_T'0) : Seq.seq t_T'0 + type t_GhostBox'0 = + { t_GhostBox__0'0: t_T'0 } - axiom view'1_spec : forall self : slice t_T'0 . ([%#sslice5] Seq.length (view'1 self) - <= UIntSize.to_int (v_MAX'0 : usize)) - && ([%#sslice6] view'1 self = Slice.id self) + predicate resolve'3 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_T'0) - function view'0 [#"../../../creusot-contracts/src/std/slice.rs" 428 4 428 33] (self : t_IterMut'0) : borrowed (slice t_T'0) - + predicate resolve'2 [#"../../../creusot-contracts/src/resolve.rs" 67 4 67 28] (self : t_T'0) = + [%#sresolve2] resolve'3 self - axiom view'0_spec : forall self : t_IterMut'0 . [%#sslice2] Seq.length (view'1 (view'0 self).final) - = Seq.length (view'1 (view'0 self).current) + predicate resolve'1 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_T'0) = + resolve'2 _1 - use seq.Seq + predicate structural_resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 27 0 27 51] (_1 : t_GhostBox'0) = + match _1 with + | {t_GhostBox__0'0 = x0} -> resolve'1 x0 + end - function view'2 [#"../../../creusot-contracts/src/model.rs" 109 4 109 33] (self : borrowed (slice t_T'0)) : Seq.seq t_T'0 - - = - [%#smodel7] view'1 self.current + predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) - use seq.Seq + predicate invariant'1 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : t_T'0) = + [%#sboxed4] inv'3 self - use seq.Seq + predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) - function index_logic'0 [@inline:trivial] [#"../../../creusot-contracts/src/logic/ops/index.rs" 48 4 48 47] (self : slice t_T'0) (ix : int) : t_T'0 - - = - [%#sindex8] Seq.get (view'1 self) ix + axiom inv_axiom'2 [@rewrite] : forall x : t_T'0 [inv'2 x] . inv'2 x = invariant'1 x - function to_mut_seq'0 [#"../../../creusot-contracts/src/std/slice.rs" 90 4 90 43] (self : borrowed (slice t_T'0)) : Seq.seq (borrowed t_T'0) - + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_GhostBox'0) - axiom to_mut_seq'0_spec : forall self : borrowed (slice t_T'0) . ([%#sslice3] Seq.length (to_mut_seq'0 self) - = Seq.length (view'2 self)) - && ([%#sslice4] forall i : int . 0 <= i /\ i < Seq.length (to_mut_seq'0 self) - -> Seq.get (to_mut_seq'0 self) i - = Borrow.borrow_logic (index_logic'0 self.current i) (index_logic'0 self.final i) (Borrow.inherit_id (Borrow.get_id self) i)) + axiom inv_axiom'1 [@rewrite] : forall x : t_GhostBox'0 [inv'1 x] . inv'1 x + = match x with + | {t_GhostBox__0'0 = a_0} -> inv'2 a_0 + end - use seq.Seq + predicate invariant'0 [#"../../../creusot-contracts/src/invariant.rs" 23 4 23 30] (self : t_GhostBox'0) = + [%#sinvariant3] inv'1 self - predicate produces'0 [#"../../../creusot-contracts/src/std/slice.rs" 457 4 457 65] (self : t_IterMut'0) (visited : Seq.seq (borrowed t_T'0)) (tl : t_IterMut'0) - - = - [%#sslice1] to_mut_seq'0 (view'0 self) = Seq.(++) visited (to_mut_seq'0 (view'0 tl)) + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_GhostBox'0) - goal refines : [%#sslice0] forall self : t_IterMut'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq (borrowed t_T'0)) self - -> produces'0 self (Seq.empty : Seq.seq (borrowed t_T'0)) self -end -module M_creusot_contracts__stdqy35z1__slice__qyi7128337469104663169__produces_trans__refines [#"../../../creusot-contracts/src/std/slice.rs" 473 4 473 90] (* as std::iter::Iterator> *) - let%span sslice0 = "../../../creusot-contracts/src/std/slice.rs" 473 4 473 90 - let%span sslice1 = "../../../creusot-contracts/src/std/slice.rs" 459 12 459 66 - let%span sslice2 = "../../../creusot-contracts/src/std/slice.rs" 427 14 427 50 - let%span sslice3 = "../../../creusot-contracts/src/std/slice.rs" 87 14 87 41 - let%span sslice4 = "../../../creusot-contracts/src/std/slice.rs" 88 14 88 84 - let%span sslice5 = "../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 - let%span sslice6 = "../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 - let%span smodel7 = "../../../creusot-contracts/src/model.rs" 110 8 110 22 - let%span sindex8 = "../../../creusot-contracts/src/logic/ops/index.rs" 49 8 49 31 + axiom inv_axiom'0 [@rewrite] : forall x : t_GhostBox'0 [inv'0 x] . inv'0 x = invariant'0 x - use prelude.prelude.Opaque + predicate structural_resolve'1 [#"../../../creusot-contracts/src/resolve.rs" 27 0 27 51] (_1 : t_GhostBox'0) = + true - type t_NonNull'0 = - { t_NonNull__pointer'0: opaque_ptr } + predicate resolve'0 [#"../../../creusot-contracts/src/ghost.rs" 109 4 109 28] (self : t_GhostBox'0) = + [%#sghost1] resolve'1 self.t_GhostBox__0'0 - type t_IterMut'0 = - { t_IterMut__ptr'0: t_NonNull'0; t_IterMut__end_or_len'0: opaque_ptr; t_IterMut__qy95zmarker'0: () } + goal refines : [%#sghost0] forall self : t_GhostBox'0 . structural_resolve'0 self /\ inv'0 self + -> structural_resolve'1 self /\ (forall result : () . resolve'0 self -> resolve'0 self) +end +module M_creusot_contracts__resolve__qyi4855891653524509355__resolve_coherence__refines [#"../../../creusot-contracts/src/resolve.rs" 47 4 47 31] (* <(T1, T2) as resolve::Resolve> *) + let%span sresolve0 = "../../../creusot-contracts/src/resolve.rs" 47 4 47 31 + let%span sresolve1 = "../../../creusot-contracts/src/resolve.rs" 40 8 40 44 + let%span sinvariant2 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 use prelude.prelude.Borrow - type t_T'0 + type t_T1'0 - use seq.Seq + type t_T2'0 - use seq.Seq + predicate resolve'1 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_T2'0) - use prelude.prelude.UIntSize + predicate resolve'2 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_T1'0) - constant v_MAX'0 : usize = (18446744073709551615 : usize) + predicate structural_resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 27 0 27 51] (_1 : (t_T1'0, t_T2'0)) = + match _1 with + | (x0, x1) -> resolve'1 x1 /\ resolve'2 x0 + end - use prelude.prelude.UIntSize + predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T1'0) - use prelude.prelude.Int + predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T2'0) - use prelude.prelude.Slice + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : (t_T1'0, t_T2'0)) - use prelude.prelude.Slice + axiom inv_axiom'1 [@rewrite] : forall x : (t_T1'0, t_T2'0) [inv'1 x] . inv'1 x + = (let (x0, x1) = x in inv'2 x0 /\ inv'3 x1) - use seq.Seq + predicate invariant'0 [#"../../../creusot-contracts/src/invariant.rs" 23 4 23 30] (self : (t_T1'0, t_T2'0)) = + [%#sinvariant2] inv'1 self - function view'1 [#"../../../creusot-contracts/src/std/slice.rs" 30 4 30 33] (self : slice t_T'0) : Seq.seq t_T'0 + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : (t_T1'0, t_T2'0)) - axiom view'1_spec : forall self : slice t_T'0 . ([%#sslice5] Seq.length (view'1 self) - <= UIntSize.to_int (v_MAX'0 : usize)) - && ([%#sslice6] view'1 self = Slice.id self) + axiom inv_axiom'0 [@rewrite] : forall x : (t_T1'0, t_T2'0) [inv'0 x] . inv'0 x = invariant'0 x - function view'0 [#"../../../creusot-contracts/src/std/slice.rs" 428 4 428 33] (self : t_IterMut'0) : borrowed (slice t_T'0) - + predicate resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 39 4 39 28] (self : (t_T1'0, t_T2'0)) = + [%#sresolve1] resolve'2 (let (a, _) = self in a) /\ resolve'1 (let (_, a) = self in a) - axiom view'0_spec : forall self : t_IterMut'0 . [%#sslice2] Seq.length (view'1 (view'0 self).final) - = Seq.length (view'1 (view'0 self).current) + goal refines : [%#sresolve0] forall self : (t_T1'0, t_T2'0) . structural_resolve'0 self /\ inv'0 self + -> structural_resolve'0 self /\ (forall result : () . resolve'0 self -> resolve'0 self) +end +module M_creusot_contracts__resolve__qyi6740873903368268328__resolve_coherence__refines [#"../../../creusot-contracts/src/resolve.rs" 61 4 61 31] (* <&mut T as resolve::Resolve> *) + let%span sresolve0 = "../../../creusot-contracts/src/resolve.rs" 61 4 61 31 + let%span sresolve1 = "../../../creusot-contracts/src/resolve.rs" 54 20 54 34 + let%span sinvariant2 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 + let%span sinvariant3 = "../../../creusot-contracts/src/invariant.rs" 34 20 34 44 - use seq.Seq + use prelude.prelude.Borrow - function view'2 [#"../../../creusot-contracts/src/model.rs" 109 4 109 33] (self : borrowed (slice t_T'0)) : Seq.seq t_T'0 - - = - [%#smodel7] view'1 self.current + type t_T'0 - use seq.Seq + predicate structural_resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 27 0 27 51] (_1 : borrowed t_T'0) = + _1.final = _1.current - use seq.Seq + predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) - function index_logic'0 [@inline:trivial] [#"../../../creusot-contracts/src/logic/ops/index.rs" 48 4 48 47] (self : slice t_T'0) (ix : int) : t_T'0 - - = - [%#sindex8] Seq.get (view'1 self) ix + predicate invariant'1 [#"../../../creusot-contracts/src/invariant.rs" 33 4 33 30] (self : borrowed t_T'0) = + [%#sinvariant3] inv'2 self.current /\ inv'2 self.final - function to_mut_seq'0 [#"../../../creusot-contracts/src/std/slice.rs" 90 4 90 43] (self : borrowed (slice t_T'0)) : Seq.seq (borrowed t_T'0) - + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : borrowed t_T'0) - axiom to_mut_seq'0_spec : forall self : borrowed (slice t_T'0) . ([%#sslice3] Seq.length (to_mut_seq'0 self) - = Seq.length (view'2 self)) - && ([%#sslice4] forall i : int . 0 <= i /\ i < Seq.length (to_mut_seq'0 self) - -> Seq.get (to_mut_seq'0 self) i - = Borrow.borrow_logic (index_logic'0 self.current i) (index_logic'0 self.final i) (Borrow.inherit_id (Borrow.get_id self) i)) + axiom inv_axiom'1 [@rewrite] : forall x : borrowed t_T'0 [inv'1 x] . inv'1 x = invariant'1 x - use seq.Seq + predicate invariant'0 [#"../../../creusot-contracts/src/invariant.rs" 23 4 23 30] (self : borrowed t_T'0) = + [%#sinvariant2] inv'1 self - predicate produces'0 [#"../../../creusot-contracts/src/std/slice.rs" 457 4 457 65] (self : t_IterMut'0) (visited : Seq.seq (borrowed t_T'0)) (tl : t_IterMut'0) - - = - [%#sslice1] to_mut_seq'0 (view'0 self) = Seq.(++) visited (to_mut_seq'0 (view'0 tl)) + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : borrowed t_T'0) - goal refines : [%#sslice0] forall a : t_IterMut'0 . forall ab : Seq.seq (borrowed t_T'0) . forall b : t_IterMut'0 . forall bc : Seq.seq (borrowed t_T'0) . forall c : t_IterMut'0 . produces'0 b bc c - /\ produces'0 a ab b - -> produces'0 b bc c - /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) + axiom inv_axiom'0 [@rewrite] : forall x : borrowed t_T'0 [inv'0 x] . inv'0 x = invariant'0 x + + predicate resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 53 4 53 28] (self : borrowed t_T'0) = + [%#sresolve1] self.final = self.current + + goal refines : [%#sresolve0] forall self : borrowed t_T'0 . structural_resolve'0 self /\ inv'0 self + -> structural_resolve'0 self /\ (forall result : () . resolve'0 self -> resolve'0 self) end -module M_creusot_contracts__stdqy35z1__vec__qyi12862303518309667396__produces_trans__refines [#"../../../creusot-contracts/src/std/vec.rs" 278 4 278 72] (* as std::iter::Iterator> *) - let%span svec0 = "../../../creusot-contracts/src/std/vec.rs" 278 4 278 72 - let%span svec1 = "../../../creusot-contracts/src/std/vec.rs" 264 12 264 41 +module M_creusot_contracts__resolve__qyi10830812895881240411__resolve_coherence__refines [#"../../../creusot-contracts/src/resolve.rs" 75 4 75 31] (* as resolve::Resolve> *) + let%span sresolve0 = "../../../creusot-contracts/src/resolve.rs" 75 4 75 31 + let%span sresolve1 = "../../../creusot-contracts/src/resolve.rs" 68 8 68 23 + let%span sinvariant2 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 + let%span sboxed3 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 - use prelude.prelude.Opaque + use prelude.prelude.Borrow - type t_NonNull'0 = - { t_NonNull__pointer'0: opaque_ptr } + type t_T'0 - use prelude.prelude.UIntSize + predicate resolve'1 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_T'0) - type t_A'0 + predicate structural_resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 27 0 27 51] (_1 : t_T'0) = + resolve'1 _1 - type t_ManuallyDrop'0 = - { t_ManuallyDrop__value'0: t_A'0 } + predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) - type t_IntoIter'0 = - { t_IntoIter__buf'0: t_NonNull'0; - t_IntoIter__phantom'0: (); - t_IntoIter__cap'0: usize; - t_IntoIter__alloc'0: t_ManuallyDrop'0; - t_IntoIter__ptr'0: t_NonNull'0; - t_IntoIter__end'0: opaque_ptr } + predicate invariant'1 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : t_T'0) = + [%#sboxed3] inv'2 self - type t_T'0 + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) - use seq.Seq + axiom inv_axiom'1 [@rewrite] : forall x : t_T'0 [inv'1 x] . inv'1 x = invariant'1 x - function view'0 [#"../../../creusot-contracts/src/std/vec.rs" 234 4 234 33] (self : t_IntoIter'0) : Seq.seq t_T'0 + predicate invariant'0 [#"../../../creusot-contracts/src/invariant.rs" 23 4 23 30] (self : t_T'0) = + [%#sinvariant2] inv'1 self - use seq.Seq + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) - predicate produces'0 [#"../../../creusot-contracts/src/std/vec.rs" 262 4 262 57] (self : t_IntoIter'0) (visited : Seq.seq t_T'0) (rhs : t_IntoIter'0) - - = - [%#svec1] view'0 self = Seq.(++) visited (view'0 rhs) + axiom inv_axiom'0 [@rewrite] : forall x : t_T'0 [inv'0 x] . inv'0 x = invariant'0 x - goal refines : [%#svec0] forall a : t_IntoIter'0 . forall ab : Seq.seq t_T'0 . forall b : t_IntoIter'0 . forall bc : Seq.seq t_T'0 . forall c : t_IntoIter'0 . produces'0 b bc c - /\ produces'0 a ab b - -> produces'0 b bc c - /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) + predicate resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 67 4 67 28] (self : t_T'0) = + [%#sresolve1] resolve'1 self + + goal refines : [%#sresolve0] forall self : t_T'0 . structural_resolve'0 self /\ inv'0 self + -> structural_resolve'0 self /\ (forall result : () . resolve'0 self -> resolve'0 self) end -module M_creusot_contracts__stdqy35z1__vec__qyi12862303518309667396__produces_refl__refines [#"../../../creusot-contracts/src/std/vec.rs" 271 4 271 26] (* as std::iter::Iterator> *) - let%span svec0 = "../../../creusot-contracts/src/std/vec.rs" 271 4 271 26 - let%span svec1 = "../../../creusot-contracts/src/std/vec.rs" 264 12 264 41 +module M_creusot_contracts__resolve__qyi12875730110607858017__resolve_coherence__refines [#"../../../creusot-contracts/src/resolve.rs" 92 4 92 31] (* as resolve::Resolve> *) + let%span sresolve0 = "../../../creusot-contracts/src/resolve.rs" 92 4 92 31 + let%span sresolve1 = "../../../creusot-contracts/src/resolve.rs" 82 8 85 9 + let%span sinvariant2 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 - use prelude.prelude.Opaque + use prelude.prelude.Borrow - type t_NonNull'0 = - { t_NonNull__pointer'0: opaque_ptr } + type t_T'0 - use prelude.prelude.UIntSize + type t_Option'0 = + | C_None'0 + | C_Some'0 t_T'0 - type t_A'0 + predicate resolve'1 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_T'0) - type t_ManuallyDrop'0 = - { t_ManuallyDrop__value'0: t_A'0 } + predicate structural_resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 27 0 27 51] (_1 : t_Option'0) = + match _1 with + | C_None'0 -> true + | C_Some'0 x0 -> resolve'1 x0 + end - type t_IntoIter'0 = - { t_IntoIter__buf'0: t_NonNull'0; - t_IntoIter__phantom'0: (); - t_IntoIter__cap'0: usize; - t_IntoIter__alloc'0: t_ManuallyDrop'0; - t_IntoIter__ptr'0: t_NonNull'0; - t_IntoIter__end'0: opaque_ptr } + predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) - use seq.Seq + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Option'0) - type t_T'0 + axiom inv_axiom'1 [@rewrite] : forall x : t_Option'0 [inv'1 x] . inv'1 x + = match x with + | C_None'0 -> true + | C_Some'0 a_0 -> inv'2 a_0 + end - use seq.Seq + predicate invariant'0 [#"../../../creusot-contracts/src/invariant.rs" 23 4 23 30] (self : t_Option'0) = + [%#sinvariant2] inv'1 self - function view'0 [#"../../../creusot-contracts/src/std/vec.rs" 234 4 234 33] (self : t_IntoIter'0) : Seq.seq t_T'0 + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Option'0) - use seq.Seq + axiom inv_axiom'0 [@rewrite] : forall x : t_Option'0 [inv'0 x] . inv'0 x = invariant'0 x - predicate produces'0 [#"../../../creusot-contracts/src/std/vec.rs" 262 4 262 57] (self : t_IntoIter'0) (visited : Seq.seq t_T'0) (rhs : t_IntoIter'0) - - = - [%#svec1] view'0 self = Seq.(++) visited (view'0 rhs) + predicate resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 81 4 81 28] (self : t_Option'0) = + [%#sresolve1] match self with + | C_Some'0 x -> resolve'1 x + | C_None'0 -> true + end - goal refines : [%#svec0] forall self : t_IntoIter'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_T'0) self - -> produces'0 self (Seq.empty : Seq.seq t_T'0) self + goal refines : [%#sresolve0] forall self : t_Option'0 . structural_resolve'0 self /\ inv'0 self + -> structural_resolve'0 self /\ (forall result : () . resolve'0 self -> resolve'0 self) end module M_creusot_contracts__stdqy35z1__iter__fuse__qyi7691061398646472980__is_fused__refines [#"../../../creusot-contracts/src/std/iter/fuse.rs" 66 4 66 62] (* as std::iter::fuse::FusedIterator> *) let%span sfuse0 = "../../../creusot-contracts/src/std/iter/fuse.rs" 66 4 66 62 diff --git a/creusot/tests/creusot-contracts/creusot-contracts/why3session.xml b/creusot/tests/creusot-contracts/creusot-contracts/why3session.xml index 5b920d707..e070cf024 100644 --- a/creusot/tests/creusot-contracts/creusot-contracts/why3session.xml +++ b/creusot/tests/creusot-contracts/creusot-contracts/why3session.xml @@ -8,6 +8,34 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + @@ -1759,6 +1787,26 @@ + + + + + + + + + + + + + + + + + + + + diff --git a/creusot/tests/creusot-contracts/creusot-contracts/why3shapes.gz b/creusot/tests/creusot-contracts/creusot-contracts/why3shapes.gz index 18053c4dee2ac7150a649008034eefc06144e4ee..5ca92942f814d334cea05c482fc7f82fdd7f5216 100644 GIT binary patch literal 24505 zcmV)MK)AmjiwFP!00000|Lnb4b0s&HCis4Th2At%vNXfKjHS{#MiXq(OqKo6Wwf?= z3B#Jn%E$;QBBaXfUq9ag-2M7`dC4Hv%cv@;Al-oj;NUFZ0S@5*$G?2@`LE%p^7)%z z%csu|A3ywG-vw45yYKG#y}Va<`;TwlES}?`SUeHiy8C5r=>KMY z57cq|FT@bj_%PkA3gGSVXPmu?^lDaXG2C#bn(me_=;`87FGamdfB)&-`;UM5mQ(-3 z5AWXo{7ZQME&DlqPY-UEMdZCeksr%v(70Q?!BFw$KYuFWOZoIITh-I|YW{XvRo&}} z=&GK%clUl-+HM~iJoKxY9Gz$9;jG`{e`4Mv3^)AcOMA$cL-oLrw}je=bH3R>q}!|Cw_9u>pX) zt4dwr7yfu%RlE_6ORKTaR`XSML;Aj0U~h> zh{P5Ui7g-!JAg=B1VrMQfJi(85Q*mi0PzGsv~)~I8nP@VFkk!#+0yF^*jA`}A&({# zuOT98e>(9}-wS&$+^UM%eX83FwH1hC| z%?3YK;1M|b$7Xpi5!o@iPb>at54NWEdi_2G_!neOJX7ZQLgsd5XHUM*^7iy9kBGpm z&Ln3~D}E%*W0gN0d-`RO$Kr%P9sBrMk?S1%r3zQ{;}O?>eZX?1zvIvFcgqEUtL-*> zj@=f|u-p7lhxR1);CX7@t*1BILM`cFq@cU|W381qj@#&=QXD*Jo6 z#x-5Js1=u`PAsJEai{v1Yi;9WwH}|XS+z?R@^X!xW@f-~O>d5**Xn)^LfLIc`2D3dl;z7UPY%{?=5ID5 z_kBJNn%unJ6i57mrvpSyG5x^UmO)U@AC=F_CvmBZ`M5#lgpmcc078U8T`lF8?47Jf!~Q4)LBC$t{ahL#cQE`~4D&Zt%90HQTF{!=|ge+kJYo zF8$qi_lg#p?)D!qw@)RlX)T`UZQcDc%k5Kio7l=XY~_0syebmv!-w#G6bP|;nSS~7 zsZjOd^+G`8TtMWJfXGom-HkN?pn zY$d}zV93O#^UpC@t1Yopv!Kl%6@q4?{=TwtV>f84-6lz*W4YxS*pKp z&-vn6TL;?ExKMB~1hWC{<{9x#_7LycL(95)7@uAa&kT>v-R{$yb!l|KwqD;IJipmm zw8ay*Q~RJ$XTU-uKK}G@Q6m--xKnr`fpf}lKm79d@(C7XC{I~rm-S7K6y-=!uJlcf zB-BFR^jzQck-q6sA@os!o0STgv4%NoqT3sqeX|&d9S35^f!M{Q^D%{PHEpx!D>30+ zP={sAb*0&>rLgcp_LmREE|m)<2fdjAB^3Mk`AhovAwPV1`1pYg@)-Kwi?=_o-hTX$ z%J7{IJ7QCGO={oCn`rt+jFf*R&%_x@=vv>3GzD;kR zIvVnP?)YT&`DFIF7zLyL@}Xh=jKfrK7qRzP~cr%7B9Qz-LxDZ64aoIpeHe*B2dK&QT_q+L!#?0XDtS+hp8MhThvv^9Ygngm%3p%0i zrA3K16#v)}dA5FyagTl5f};`cg5vnbw2+A4{V)(WGt-9LrHv3r zt0KE$6qDVW?2VY%jFV-f7Q;;g!rNhg_n---(<5zFo~6dDfRm$;7IM@Ll*%p@u&!tm3&R z^pfo6%52^YZM_t+86h&4GeYJ9A+xf#H+|$U)TucGiQ7c_VQ-1J&HuE*`!N0edCYS0tBqartt|tFKXl7FoSn%g}n9_n!x5UE>q>nX`5eugRP>)DNdZyZaAc{`t*c|M}C$FMlncA3i@pcBx}~bNn(h z0P2rT!QEP%saF$+MnrYCEVN8;U|J}*Vb)oHp|hS^^^49nbaq~YSod_oXuUBd?v*?@ zrsQ#Bc=yLeft!29cLqEouI|;$NT>@&LXnYB3nQUs-c6Z%WoMM^1xl7E*=0B1th}Xi z_iDytb%DoW*XR5zhE_^LGO)GA0F4xy^`t230?yNlE zvT9j^Ev&jQ_Ri%gxRP?>|FJ0``!P0gtroY!e%Z|Q+?`9z*{a6%M8D5gHTiA-X+`T=&%6H-Yj7A8Bp`L3oH*(XDt6_9tDW8sfnyutSrny`oupfrk13q=ki=) z#=rJvZ{?wbwYkmTjZ)o(DD?`_q?P6a(KK!D?3+WCX*2qEAzEFOC!yMi=Co=&HQ|qC zXIv!y<5+mIkwY`nb9OE<7fti^ww1d21kr3(#2+nPwQSj@4YSqp)rb{)yWmKlfr%F# zO-&3{d}#ID0zV#c8gh02crGoM&75C|S((LR7QMS$`0gcB#Z&>mA2HQFiK$Otm|Bhc zs^zJPsgEyGt;xT_Qq_W~Ph7A{J4^ZJmB5vm*xiTxeLeQN_1Fu1Uaxy!zsn|6Vvz_sl3O4`i=6K(~C5T>lx!ew-lQs*|Z1r~A@a#`M`-`uNuHLQE zPt@@M)FbI9i%g+oGWxMBmYzs9e?MkUylI*AVqNvWiEVO{aG5B zycbh;P58H8etKWT{XuT!M10uy+)Kh5HbBo>&L7Xy`=sOd>ueimi?b@G&`vi@Ss8>&!CIl9FUU?7FTrdv&v$8n%3>cBxz_IY{#`LzFec z&eOzi4l)M6Z6f@AyWFGC@%VmB)EYB$#eK`3k!Pan?O1k9k)ed8@9*_u+Rc=vqsM92 zW0H;?d*z6;z_jhw5=c%Oxss*9(h3n@5XH|L=$Hjlx>*kxy z5GP7MY?wQCb|xnEY(BQVpIW(ElP)R7N*`DA)K3Dmq`^1stm=8f4qib~)5pKV5PzXu zUA&)b-nr6nVbRq^`#GP5;p3y><7>mmmxgcXYtMc8Q2z0SrswmQ^3&&WG_!6D-eKL5 zUb$By5_|sV%e#LKKTY|@2Y%z*aUFWh2<9!-^z8Z;35@0_o%oy_d{p3^f%-@n_pA1r#&x9LF zjUm*Y3_~%t0UAnRt%TZzn@?oNE5a*zoQ>-AFKVlRQxU#mui27V` zeA=YTub*^D+HcmAF4stJ+~6Vzcr@v1ciJ{dNe7d@UwgAB_{dJwOIQJd&abWiXW)EM z^Dl)KkLvs?viJ?OJ??6Ih>z)c+|~0(x5IWOd%2u69@*#1t1@QK*9*e!%-{JA^ut%H z1>s?tXnBl??NYf=a(&>aEtlMV`1RepX+}4X(jsa5{CajuVDqpoUOb?cPqTLemE7zG zwC%$CNZG)fHF(A_l#u{?uTujVW9(m ze<=U)D7ykWN@W)-E8LGOEBvCh`TBO>TokEIQ*Fvt2f7-ai?SJZXkV7ib|zyhv5yF6 zd}P#NOyOOx`LMk;pJwa?JIm*^=EELe^Vtq~fAwdFS34rQ$G~T;4e^DnvpaaWracJVwpZ#wy!0^WMI z$xdoxTy7;b@f&lKzFwB)qp~a?k>$O8ny)hGJ+*T#Mg8L?S4k1~H1BN2*iLOJ#q6RK zzd-xfOL1##xfHpUVz!oI?w%>d+`Y0CQ_t=NUr8~Iak*gEa&Eg6^RJiUzKVWHin+fm z#eB0pKbK;@-M+p&!CTf{u|N4rwwso3|EIFrhZ)Rwl=0g$gde{(S&ccwYRn;4^GspC zpDEnFL3;0wGKI%8C+9<0tQ{#?+`qc`o2~C-m2~0u{DJBT@Ou}u4(ahd=N%LDxqSLH z3@4M?cHz&9r|#^XJ5{S^=qK0kc;%lq=>Ox_*yZ@w*y5Z-9aGqc&ZG) zT=R{UgD89}Mx3k*Al9+wHA1*?M zs_7%$pWT&wR$kjSMbCe`)!(*lXP+Mk*1xHCe!%;^)H{6={R_XcXT7h~zuiQ-tN!QP zOuwg$i9!9_*^qZjBi~M1cgf-5^M{Y=f-N7@S#}zHGL?(Iu6<~&PpI%mM5YFt;rM=D zckNzU_T@}7*KVGuomF(Wdt+hVR)-8_lknj-mDQ&q^xi|+?;KlEanqg2s~3LOopx=+ z)|QQ5ESnC}C^hQ3l3Sy$R(H9p;qWGJ*Cw2QU7jyh=I8OO;BW~z{Wh}>yghXH%8llM zqb)l+3}tVo-%fv~?ZC;1XnC(;K4yQvIkIoc-)l2|_r<>%4k}IU>G`3g;hQp$k-z_K z#RZKw z?)iZWocSWn^m(yQtzdR1a;GQ6*3AcpE=s}0aXr$xl`teR9mhMLCcHrYby$42&|gLR z+l~j%j*n}xI$}B3*KRS^ZmebbwY0sT*S#LT*L8LV>@3-cI>t_pF87j0ITJZ2N6qR_ zO$`}&dvVZXG!`zV4XSmN{xjk6=I9qmi!G`bU#JakDG&QnQyj(2)7_%?O^y^7o-nDw}@iKX5K9p_N(fsYh?udr& zA0!}M;O3tnrFPJfy@jx)PHe|@*wBu_?sL7%yKCj=0t+u}KrKox(p_fqb4_wa>%+X( zb!j25+y24aJglA!EPi5tm&;)DrmtHM+v)N0RQ0N@-9A5d+WOV|duc82l3Z?fV>UxO z+LrlBHCyjVUZLervoaTL%$wtpY)_jn*tI$%G<$dT4$m_T`sJna>wNl~r+TF)DWP7h zMYq#iSIRPN4YS2*uQlZZmAiQU>!o}5d<8p{n3aO9kC*-Lt6=7mf~~GB*ikU^LJBq* z?aO*artuMVx@0}CNQL=bjeb|7-___5HQIGvmm;u7cW&w4*o8RL68-h!tlKRr^UYf| zUC*-Bv5Qx`yii}BqFTMlBN16?l-VTYsIOO~W)OZ`{b~KCW4L_7iscP4nB>HhBIktdrU&9b9l{K?^Uxn-`2e_pVJT@)0X`*^fl9Kr)2jAjv$;8yj?ZOAR_Sh~F0t4x2#-The#}{|B1Mu+qT_ZA;ru**uDgN)^Lig*2PlxS=Pl+e? z^M*325aj@Oeew1F^Set!T=!K?v)1Vg@rU*G-foBu{K`lsPVVzbL>R}}ZIQy+HYhfJcQOU*S6-q0Q9i^L$idD4>P zR`*l0@j{x_R_^Ss^SguR>lvSjcr|N_G)#5&2V-0@}bd2Sd28VRJx|`{ONHBp{o?N8!%gyloAOXWhz;R>WF%J^w=;6I7^V{vw~!^bT9k&gLJ*iU>s^YN3|9Iu!k ztk`__7GeUY^war|IUb*8m5QAINQ++2y3H5;UfoPQ=H~Nd$ERyoeiDyebF$O*&^j;; zWVi33^<^5#K^e+_L9zKTH+O)AsU#Ym^KAPar1gpSUSoEIzBhKw;q=8Rl%bEC(u*>^ zck4>~1E;oMWW@4d#PWO`^wG1Lmkv^07$Zu*JsO>SY;+?74u-WnC^DWh8I}E!!+4jD zjqME<#SRC;A0G(2RwA2a8h+zXlEImB?hWL8mmYmAaDO1`tcynjk!O{jedubnhqAn+ za=FEEHXQn9clBa<5uZF4*za~6Z)rW|KixvU<$t@4chPOLxOI1VlkVaU-C6$@UxhzE zK3`dB-=4mViOOuuQ{EnZ5PL@-_y|1k%PO(i+{;;7vw8Ew!3PKW0NMTQe8=|$9OmaY z#=}o`k$P#-!rk(lPXp$>TYk_5^Y~cne%?AknZ4#Wxs?-@@Bv}NL~H!8jNjz=u8NL1 zq1$J(L5v?a*-+}`*TtsVeOlyzvVewu9C6>pdDe5zjo&unO+8?9DUm8e#T3C z#grSeUwUs0`rHPeX1#xHOkFjxX7Nd?v)P|!SWjO$8)n$dW_WSd@ylo@#AqkPX4cJo z==XA*bve$u+-SXCYW)F&M%T&tMON~`70f@>rzd;8Z}<6D@7DssX9};T-}qMH^+G1h zIE%yA;TC4#v4P6R2db8HdmiZKkmN*tfkVdSly=N|s{=czL+>IHGZ#`jXULpZWL5M$8mcHAB%7qfBZW?TC|oSU2Q{_{Z_Tf}#kj;Y~R z|7GKx9e?+j?9IBk`QY-oGwLa$U3-|X35q6HB1jCsjAFw^vDuc8|weGWcG+BS)7b@7Fg5j8;vJR!wcZ zm^f<|yqF#@_R!*R6qsad(#7qNKw{X!AW8acPgZnR?V zZeNA`&A!r#1Jtl<#CE@W{^RboL|;bhB1h{Ymj=s>7R`(n&0KGO&hYA?wxDGCF!Y;@}cCI9fKe*6=}F@9i=SV+95K3O|^G! z%Q&_>L*!s?cE|NS8P*Oz_gFm5$BvLqmpss132}KQh9rb`ecJhohH)kYe`F>$@a_o) z`Z{AiuwnqjyBFXz^VD|`IO)H?I zEj>pC>}=H7u~DPci;(jt%7}ZQ`=fd$-;f%2ckyk{Pno}O$*4WmZs&2!NE>!4dotuE zH*Iwj+Fmd@DPS@K_x7$q@F7~Y555I)>@BjJ#eEK+MPwm0SG2x2tAiDeT z<>OsTft!-8cK6U0=G>3zSbj{$@~1`kw+sf4J~uyK^FAzcvt+@g@ldkafBq|!;{X2m zk6}D}5z+7qfyH}$2HxY}H#0y#{IY-X-eS99(aF6%s&Ss=wv&7O{&K!8Xjxj1YovNy z(;1$yZP77jPhDWmqLX_e!D5eW_+^S$+cwad^t*TLTQ+2hcHWJhYu5!1jK0v{J^J_K zT~A#D*Ue2N<; zibLI}J@=bxu}Ze@HTldf9r#RjVD|ak>>r^JIa(<_S}8r4{mG2!(TwTQjOob*+pSqN zqZ=`!8!=<<_PVUw@eHlk>q}+%7#;F4Ivg#tSz2a3x6F&3;)SKxqovoQrPmV=kB78~ zJ+Cz6l!^Wn5p%F;TM={D+FEyDYu!H4F^*Y{__rO|73Q%`t3Qt=j|&)w=5eRSVerL{ zdbS&m9hP1sbgboi#f!15zqY6tbz(=2rc(*><_c`Qb0}t_uqA!dZe<$+9zOme=or&I z?)Z!v)o{r>%;ji$^hhZI@&eRMg)bOt!Qb^zZ^5OHte{bg!XT|T$!^3%{U{S1@ z;O_%M)-UMsa9MTV4_lT~>vC!+*Di0&51;@2<3qn-_g;?&slE?%?{fLM?P0hnhFlW1 z1LQbAacvgcF3H^n!j0jr^5Hs2kvjhuv^!|4A{&wlg-ROGV=z85w?%ra5&yN7aj{wB4 z0=F~BIinmputPF1SDChs)=bw~34T5=Ro+Zn&g$-AS!%IEAKrib__tqvnyXu1TbqBJ z0F}SrG(L#h5P#415ahJjCC+R8v$e39F8JOBcl>_(fWq|s1X>#> z6nnS&dkUndJScl}s&|!~&wQCKeEey)_PXf)rxMa%Lwrwv4Li>tf4Zx0W=zK4qyvpc zf3#WcJD-dF@XP!6=f|Vfeb}zG9YMlrt!nCxa2dQiMT%i!_e&TzFTnG zLkK^8`83$`Dbt~?pdS}I@BI8YU3I*5-h5p15aX6NYo{G|mqj;hWEa?|MmDMgHZC&O zMoew1#o{9bS zz{Q&6f(aK^Ar-ZuM!u=qyJt_2(TVbM1MVn}y1_HItM(Lzgg@(=TVQrC3kWN);xH2j7Bufgy3Q!Y8 zGDiGhx7^=yw^KWMmaVbYh-AH#K1G?Gi{9{LOX8er^TXQASyo)~BAAMKag}TQUbs@M zFq3Ikg>1Fetq|+lMeCHbr;E3pWuf-lM^(jLhVYe(pXm(T~Nb#^s5ZwimOSc}es zjZ|A4)-Jy5w1j|Jrn!?Qnj~D3N(t{tTBJOz4OV$ql60&TrmQl>$iSFk+JW=3)mDeK z0ctSD#Ef;Y5gao>YVUk7!bxA7Y0-zZ4ce`S8B?{f=yNTg!)i$hJ>k7=bKJI8CC988 zNB>3gB@~M>u zE*7#O(w~%a(bbw%wJO8@yW)zFUL_{AHcoU}c!vp6Fld-lkxYybEytzK){5#?r^Sk? zIl<~g=&=sbK`_CdMD~u=Hk*o_B#cmiW#P7l?06{7F(Xxk)yP6NX;u6L4}#gvkO!NT zkdiy^BFm_04Mfv*S{S0wP;Ut-kIvg-qlfZWUR(Nn6k0 zfJNa6U5iN>!-ZiAW{8jhyVd?yyIXBCBuTB^PqL_mMl^W)T zl#2r{N$1HR3JIrB93v=}q_<|0WoO`Ip~YD#qqB4o9-?xZ_*^UTfS{)030!X|rdU9(Fvzk^DM3C&;<{*SIrl*T*uc?azKa{i_>y)6 zl5I+q6*v(t5xs+MWtSm9CW}(#WgLdCImu+KKs7p4m#xA?h7bs58mTYiFr}e0RcY{| zR?7jRbt)?5WFxR|L)S(S?tr@mI?`Zj**QFhYTQ;A$wnBRvYOMRm%+ z)Y4X1%>)sF%{0Ll4oD@7fgz{lu8W(_A{OBDLZS?5VIS6&;R*aYF(? zLd|rlrRm_AD zruc*j5W<(@9l{%jm_q?2nNG_@4g=?+fr0V@n1Vz$TTP<^!`aL8OB!D?e2WVTh=3uO zg6mciNRlA4PQw^6I+9l(19_LioQBOoADzm+n%Zg6rwfG#5>QGb(kajt>x`;!Z6vgVaJ10~ZE6a|tD*;fMX6jR(+Lj~0*7U>9Pew1*1}a%DSvC+t+D&I z)R;qC3a0@JT5?L{-m-x#C(pRIvS<#w-8J%gw867VkSSKcX!s&VIF`fKO1Rm~a_0d| zYASf>cu6(u90)8K&m|&N*v)|l2}Ujo8LWn9Mr?o(k|By>h$#x90`e!8odEtkK!leW za>;#$1bO8VC02!>(4s^RO=Mgu07C#x*MMKO@QaAW3+8E@XD=b(=qVyqOc25^7&s>t ze0RxcA`CKPJ%pw}USL}k+(e0F&oe|`z}XJ-EJKFC=mJY@v!>u01Ev}_duq4SdPzG{ zVniSUu4QdIs->355fa4c%IPf+9p-B}J7CF>Z`BZ59p>_65kBbkf4tN6e%LQ=p5k0-G2G zeJQzykP%IlP79q1imW*qX~+-s4hB5{k-?1oZj_E;P z0M;U{86cQ&5|dsEp19b&3~1pwz@ufRu>ktWK%)pa9OJgr3W!NDxiCerP4Isl!p3U$z<}@( z+6?`21S2cvM8VJUqzM;7qhX0t0e3pBEP#v<{J}iYq7@h?3IaLUcucn_<>mRsa|CWz zI>7T+X~@IDXeL^fV1sOfRs?!;09Qs>h%lmYz#AY(COD>7Hk=Py5poA3PBNn?*e(K? z-Te#LIx7O|0QfqH5{;M~b*8o@oKL=PKj$zOe61;n4z||0T-Zk=hv_TK}$-t3v zm?Xp`%##s{uuML($T|-Ym_`lF!mPk}rVJ-a(T{QrsMNOjmw4a+3n8i*PDFyA6$}>y zF@jA6vPnD;Cq&E^QveAs-YS?x?@4eVFW$o8H|qooYz)~DrBsEN1B{NqFjnM*(9fXu zps&d?2DpNDA-oLjTW}pgA$$Q7#rA%gD4@_7Q3Xv=6=V@mwLNbN+nxFM9@G62!L;WuIn zAaUaeGDd2{sT0h2f<8lvXuaA2&Oj}>aTb14)*1&|6iUG56(AhJF+J5Gg4Yc83884R zotA{R0AO_)GQ$E~upJ-$Kv)6u5*>^jVk?&64&V=%S5{E$A81CMIgum? zfTSdumk50jt8@4@i#P-V(xO1nLWcxG9*TY-TN3gM@JH(b2#1qskp*ah$-rqaJPe@} zT6DCc33HKQkRX$`(?UcSIk*9DiH6at_ln`lM&cvu01Dh1dQc-UFE5}2_JRLlo{35ReE z5U>uLB|We(N9YG1$Be?LRa+lXs?$ofAh-!x3Wa!EWg9G%9B2e~ zBSUmME#o)>YlV2A0*xTX6R>6$I6p`X(KkEo23rcu>+HTQ1?Jt_Qo{O}SRD~KdxYX1 zd{aKbcUo9$t-3}&k2b(1Kpw4U(!@#%{7rHNK^CN`hy!8u^*S`mm~7GThUP%;K14K33nQtPxZ!LATC z^N6_;lmY=PED>T;Ba#mTEn2q%4mG7BypaKRB3O!609uLN1Fb|WTL@*UMU%@gBmnnd-l}Ds#NMy;9X;?+p=l5i@sEDz_Q3PQy(A-oY zI;$f|JRr_Mt0rhh29S**!-z+2BWGX-ZTMyGU!Gr38i*KzC&Y{36J%9-fIZ+#j3~9$ z5zvxQZHNUt5E|jI>jqJ%P{3iZxkc7ai%Vc@1g#wIK@~*%0lzb-6QUFYVBKk%K%t+` zfSCf*gqQ|_B1b3yKF82j*FlTSlNSgtXvqp514fl2%HWs;fYoMwK>F7ETkmeYz4hkS z>szmGy}b3})*tWi(WXm*;lxzJD8LIiU_D-R#?+z#)%EcigcXbwVi4%1fDR!luh0XC z9NA>}aXYAlB0pYf85q73wh$b577!ByL-;kQ1at*Kvx6jf=qTsWi$I%*j$kZenSoY> zfrc771F>O1+#GZ;x3K?QmIhgAiV;@xjL3$gL5s)>{y+dGC?gRg^U!HkiTDNm!Q8-Y zJwpxKhfLh@M8Gs2>Ia28Q&BZNa2{wBG9iWj^1E2#sEWvehWYPBx z=i_+?`a%e)$fYq>qpyGgj5h5vOcMSAeG0Zx0N^gIkrRLe zKxK9aEP*W@oCYK85uQxXSa+>on;MS~#Gb}iy|coPeok+X~qXo47p`49v+NpKZH zR1m1B%z&^Evz0IsbLgmu8M6-XSCsJ8hLi(DFk`|R9sn^zQ6~qyF9NnGAovB2j2cjs zk$bHJu^b>}0Z^hS3=BarIt2O0P!(FKx)ZD1W9~3P23-_FXYZ2n@aWE<`Q%1o6(AZY zIM60YApoh-b~2m;ufTY8VlW|;!lGf7WN--k07rm?;RX=DSseyq0HS1HU8c`w!QC6c z9t91cr9ug`(TO2S36L&YjHM)xAPgo*P|k-^un>BjP3>T_U^Eos8cY!|y7n$xP2WX{ z(Y^-H0%x?gt#wWwa#c(rNprOD2z?uQW-UTUi6NCxiM5E=E$7KNLBOT0wt$#65Fbn~ zyawF8PK8!a&{xpXh%`oG3S0)LR$TLHAb|mD79pP!oMzDv!$en$RM3B>xulSnX_`s| zl87vOc)^)?mQ7WRR$Y|>$dhEM9elf{l|=--R>ZEE&mhdXHY~7|$X?UJC<9SQVWCCF z#MCf;ji4hV$l#J808>Csg$Lju#w@(1@0J0Q1^tI?#A*?jz>6XFh15nytH+{_#3C#v zR1kmyffj*w0apsy#(y9lWe~uMKEYc;>roRf973;HW-UX@^tFQ~Gqmpq1MZ?x4oD6` zpp?#WM+?2K2|b9x5x5!?tS4M4d2OeHgh7YoB1SK4G$#xJq*Sz#r%mAi8*q`CASXy7 z{(J>QQvjnK*j`Aq39#4DG)D0OF$E~E0L@v4NC)WrkwlxI zXbBmhh!&O**urH(wt>qSz&-T34Md)36`nS|7zIg)_$`o&BY{BZ%YC1GdCJCC3Ne|i z2z{i2UcvPNk!6sB#UF@e+EhszFA;tLLvjnirND$1Fsjmt!3lG4LNEchN*Q+uJP_Z( zP`X6GVjxEA!+`fNS|O1iP}&B#J|c_YpzW@J7`L7)5+#kG7}G_99Yt19c-m&k1F;J5 z1FHu|jA+P65hG?RAzTBVNQ04;Czw?exP}jgVI=$nR}Kut3ZiXT7&8!qYYx#+(wZp< zcB+Tc0xoOPT$ma)3^PL-EP_R-5Jp-7akbV8Hi|^c_<@)efa4B201X6KhMk5nj1E@qGU#!p)j{({!yFuF$QA9P(@1|l;8rFrwr|kmk33QS*CHAwD%YZ6$9$QRaSsK z4A8c%PE+GRETEJk_h@Mm9Z|GV8ZOV0??lu-5YvcyfRij`4gh>)*udf>6AoBR!{at$ z>N$oLZY(P};HVJmS5IRP8h*?sXt!ybiqOnw5Qd-ju)jb;2z#v5C4z?v7KQRV5h)Dg z2ZXm7mYDnCxu+Cd?qQKNg}PqXVf=-BVzrn%6%lC&m~F%;Q56AKZ`$@a5o4$o44fk( zb+khZCbZW<8Gb-6qXkehBA7rUWFU(tzYDMp;9-(3NsX!zXlDih4KY+kToY(J)B`0D4Dh&ekAc3xc-WIU+n!LWX6Qh`w^x?iI|5 z!`LZ_M>|KWOj;n2K%khJgSqP)Z5PrLD=kz5OM8sQdxRk+!sSFu`K$ncEjjK&dSWDt z1KpBv)rKq)VrE@nL=c16Aso~vde118j*__&f&xhyXMpph1+u4CYefH!_76jVk4BV} zD*RL>Zyu(Syi+a!E%OXdc?>Wj>-cu#H|ue z-6TK^2&{n(ivs?{Qert`nNCb8-K<#l73eM-N84tIC#>YOwL21ntkDWAqytqof(bz> zs4D0RD{UIA1hJf0K-g#j&NHGzSTowv0YE7Z2so&L7;;Fl2yYT)U}X!isrcVuQTlJ-!*7fEt~z}Tu_Rff*<>IPy6-oS88q8Sp0 zp)e*0l`8Opb*8yovH%E-V2%OMAT)^cN&$GYHk&N0^+68Afb=n&aEY`Hh-g6?N$D|# zc<#Gsk<56?ZG{1dA;LnySRm}D1Xxy>*LIv{&fy9vZ~^h2j4YbU~Gjpw-*f$O%vlTB{t~YJl5? zpN(GHA|ni3>Dj$ROeI>X2a?A;QUMNp|&^^1S~pC3Rout!W2#? zcLwXzq}R3#L7D`WC160Hj89G>c<4?Ms00=Z@tFZ~AC2IOWLYw0xFX=e#AR4iv?9lz zY3&o3<_LYFe}D)G5~0b0AtLBH4(#MCM_dN;gxDG26X7(bQy_NE87@o=#H64-0dmZo z^Z{lRCWt8sOb{FoJ=^}2V6_n9O6ZgV4xl}-=z%_>i6ZF1l+pHts0h|WHnj55a3RbT z%)PB1VmS=c6k0DaPC|}+0Qw1#3q}$u2~Wg<7>pJoK}!P+62T4!#-z1nNSgvK4X?m6 z(heYsP+71XaXH{zRtj*Ja{>;&>4 z3yh9EL5L*@zV;)}5=7NQff26=f+EhTS_x0p2%9YjIfF?>AWuFdDOS;F;qV*4biq~_ z@eT{!v!F0y&Va^XrQtj?nSez3_Z*@Q%QR@_GYDtQ8Nv@CD`6r9I}AhWBCQ<2{|+7t zG6T`lr9x8RDiT9913jYTYKU9NEyWz;hd2R?2}Cxqg*FySiJ|je+9K! z031{nF=9pF0_mmQcEo9&7>DFRr5!DYz?f7R5|!YxC_7uFVZ91%I-3dOcmcG>WTL%G zIAMftA`{piWF{kq0O&_tq@4}4$_?X=P!1)57VAh1AVL&cPlOu+(l)eiuW3o9Ab4my zJ1=fdK#aGuECpS3lu&~}kTQx8{qT15kJE%<#xNl#PJ+dtH(*wxker!938_9XG}g}d zahhnFX)aFQFxqL!l#LZRz%DJj02fA$fYP==MNWkgiUX!3fH({H!C{%9f^-&06^t&G zMPZ-@OB+?*g0Gp`Vn}Oj%d1wRZ4hxff-@FpK!4zEHo#%r19;FzGyo=?jONWyo2hW* z@QAeZ0-+OvQbvF);fw$RT?E!#6o&9dS`-BkqqHIKBh(^e!it2;?(2Fpj^LRE4nP^$ zRC!DNq<H;hpZhnOAUxpqYjFHWZ@+szA(rq|*et zrxq|62Byv` zU=nR2+kwy=@k@e5%L?cfU818TZQ!&jNgMXG`GRcR1R!)U>Ldhc0e1rFH5nP*mp6DEtQm?=sOqZy;LE}>2cM|??&a&o}NLh1^) zYv zR}Y`fIW79;AcBHy_a#FmHr2R;zXc<$qcgvS0hQAVe>>Y(Tnih_rV>1lp|a1KLgk(@g{btL zDMYoWPa!JV2(!@6m2%isMEC{%2I!(%z-!sOGCKjEXgc~(6($fYro+axQQ{;pn&@Z& zm`JpAn1TQ{#auBTPD(oZCz**Y)KVwRGjvL5W+}ZDXvreVq8vF-IdM&5%n5)adD;>& z3~nq`$QJ^7_GG+$T;nV$VS6WM+9sJQU=k|eQ$45NfiVlR87OW zR0SoW z6F;b8Ve~EdWyB&WP zX+R4Y8?68=DA7DsndtOKLG;F~vAx&V@sc)7gaStq0xCcQ5dpF(la&%XY>P*(6O)iA zS>H>*XVf%-RwrP<1#l^MLA9Jma-&y}%7`w2KC1)FXS7V?eX6Mf#TIUB-$-(F*b&7Y zxaQD92eM9GMV=BW0c;Z;<}?WKD+Z4_my8ZFg?6e)i06|}bnS(KEJ8#*yn`|kkdDy~ z8;o2=?B;26miGoc8ydKdxIv8Uw1w4A5E=tFgiyl+OIxPk*jhd%ffSGyV(7c4AKD+F z9R_)IQ?wy&h-ygaJ1v|5idE~ig~2N1252144L{FsNLE1UOgDXKg3Yi?bnKc510+Xz zBW+BkkBLzx5~X|+>%MM$fsSJUo+>2}Rnu+?ZAel+3LVvOEm@QB-3vFHxlRQxNkyQG zOlJnjXPAg6O;#B6)~tH*X6d+`(uEerXvNUb-eNXP26*j?po*Gh{KcC^P%V`)5c~*? zE-2QIkuf^|lcH;uN-&Kdg&&C@@$y}OuLf8rte~vqFz^ZDhR6!GMD{dIghsF0h0IjU zJ~@rh6xKQb?B?PMZQubhHG?LYebp||)+_)=@`VnlYVSlc(Bnv7Gu*v;XC%{fU`o;%QNR}FG9^HxXA)6TWeS}^<3jue$jv@p6(PpR%l-j`yM}h1RxwV97Nvo5N(Kbcqw1aK| zmUVS-y?~5C3fofSrGx>Gbae+%bb;E0nzf{zb6LsdT{x-D3jV zFM;O?LAJx!k~Xs`_@+aYltb>|bOquNKtXt@nETyc(wrRKhX5A={6mKYG4U~$5DF#l z0m<8OJpgf}pd}U{)}*Vk2supx)s#F!Q_7H)wCUWax)U6L2)dwYN_uYR9WV-t{wW)| z=M<9ZQ$*FDg4Z%|a3u>7yb272tu#S(i{?i>q!n@Shjh)@|=B4*B|a4V{u zNy_x0jFM0_=wXa1AzGxH!+MxZRB1!7h$2FjK!Bc7<8#E{nHS1!Sj7yZL;=_>x&olZk9!p{4wD#12m!GbF!M^1P|}eBT1W3!$=Thi2&a;T zWK>K01hUWxOo*b1-lE4+wD4%JqGu9AH%TKL;B=W7vjAR*(-I=ie(Ynu9J)sWkg)iK z$!?i#fd|i%HFT!SHASIr8-9^QfP>{eQ^LGalv2oiF1~sQKBcZT)zS7$LSrx*WHiWV zI`|4Qn#w?O6zrXHnCDFEv{6*LERhaB8c{cIaqizko_;4oceV-a^kvmv|2 zP{tlzmsfj6yC5U<1d_P`)F#?Wf)qO|WrUCOmeH+f5bQ?MuqTl;G71Ab5@=BhqXu}3 zDp6)DY#HxI6k$FE%%?D7cRECJ?es;|bOV|qLqt3AB_J*gvY!t#W=q28i3DZnDVT5t zsAM$sHRy=QAsWi=sG<)H9j29nVVz4D+8(F0eE1S-p04=OE|_ZQCPvI z=J!@H4oHa#Q%5&ErED-MhOR6OwFY23I%27|s~87_$gk3&APqa8A`E2IDN{6GH06!< zV?pe?KCxn06tq6vmg+dubV`m+(?N|{9ab>}T(7_|1+7@YJtK(64`$60If$mkGg=pd zn-&&=U{T&)#}>K|L^C?n0JNZ#@eIxZ8cW-qly*a-dF3uJ$eN>b%8*b5_8G2^PSj-v z|CnuCfffW(Ua<>>5|C*pG*h-a;$C2ogc;4*qboh)cKUU@V4Xv(L4L|7QsDwohv${h z9=iLnb-})B7h*2ZTjeW25&$k8XM@tg@Iea;Ye(z^kl|}~L1#K=t~6i;w35y&DnS{h z+`{ySj`uvDjPYjKH_^FGWiwy}g(|GV0|WKJ#s|7$wfp~r$^e26KqE*)!5^0xatVN_ zo{sbCWG`11#3)ECIxc_%HJ}o0ju=y%wXvU56^GT~D-)gFqiaWC^cbKX-AWLvp)~;0 zcj1pJd)N^KM8Ly3qtBZ0$h@QDOg6%Kv~)FbT-}OF$M%_zw8IqWc!~-@Fa*!ja6XD@ z{3!fL{0RKeGj^VO1P_SG@PnyG;2;n<2(Ql5?~gf$nF3Tt0E3Z7fGm+HSGY2uV4#P7 zbVIye^9~pnOs|fPCr3J*KzoMp?TYQN4`$X9C~p>jklho~8WbfkMWbAp-3bUQ}j?UqF; z#H%$AGhqM(L<%Y?%BPAE@sutIV*mu(RhqBaytkkrwRP1iPPZvZT7aWVJ4~py-FAZ@ z>eZT$bU+>&FA?#0x>1H=Z#o1F$&0*SE6nWcDIP5h#17xdv_t%&qI*CM#ZL|VAXs?4 zxi?C3%yqOHj)&8l77R6Tw@ZTC*v}r)4?~mw)w*F3ulph?SfXs@z>AL=p=wOJAn5L= z7SSw!Ju!@lQVR?Wfut*%>8`CJ>HKYl_wO0j;1qsd&k9-?z5 zlQ1ySx!;&gON+1E4WG9ua+mvZSFKl2$igxhu&c+Oh_2F=cNw z9fPKY*D4d`NV_<7#s4PVVT30G-QHF`Pjn|op;Lzr##ALAI%oLnbA{VPPQoC%j+~Na zymOi-3g4aAX6VLm!4W6uE~^5+p(@?W>LZ=Y33LxPqDfw+uKYF=98Nl(W=srh~t2OtaYL?=`{n( z5cn`*6Cz?>;GBpw#)qgFKOl>7ON?7;kkuedgV9t5WEILOlv60DP)?y7nvn|S6w1+h zWsZokjWKkk2|ONby`=1mmP+ONd04}y6{gL`REd;y?|87%21Hm%%K+yAU+!v88@g1z zT^M5N7_0F#DKKz!uoIKum2$4%&rc-KS#uod(YZ1mIqgM-zy;?;$dHPXz>WnIPh=c; zVZaLmUKsEK;ip9SiIDnH@(Eps5KtN&TtK3u^$0~6-4;ZrM;ecudp3E5`Y8t04n{NG zt{0)i2|B~4t7td4Kvthko-R3}`<8_&43T@v*29qsPq)Fv@7Jj ztTD0z`Jr@_tozvz{`}t47mB#o=r7MfL_xVHD#9+(0sYu*!}FO#K09gPemZ_q1br}x z?j1H{6KM6Z^f+>rfp4VqRhb-o45Bvy()RgU%spMs=IBFN zlCH?Yq@!q|n=7Mpw%H)-zp4qRxTd@Eg!FV)iLSS|jv{VB7lXI&ZXnLUPv41tHnRdy z7=jf6+Bw3P(v3wh-4;SXw;{G>#8)>{qY@TIlrC4*(81$|ik1gcbV*V|0ZC2LwY9meJG=eL7B2)TlzX36Gfav9~dg_CO5hf9MH%K zphYG7cj6fMo7%QjqI34Bn`pZmKHq}{ZI8vADsi1|`UD;@v?z(eYD-ttx=dMN%iZ7; zU1MByF4ee-Zt^TW0%pZiZQlfHZj7=whT_08j0vOYAT_iRk*=njvYcmRGI^f|d8Q6n zXy}}Vp${+6VMqpUbITMh7WMnL{H!zdy(V~20WoF5x^oauj08DqTLNK+8{hSg;EOYz(UbV0v3=^0$kMJBZ zBi`-41Hp*&=0w>~bh#}<>=#s_yQMj$%_{*_QvDb%;ui#Dt$2=fS7d6pTyhfBc6V*& zE;D6wU*VYwM?9iqEr{-FsE!V)wM(pYbs-kkKSIQ&;*vhN;{r2u2ceGil^(jKKGGdF zte=fBQ(;Q3FLc`}uy%AM+CcZKA#elXkXoW8J5^CAfXYQjrhx0M4(;3%twtN;heI12 z-i|)JMc<%;gJo4&I^V|)9n5I?aq6V$^ksp((dtEvF&Sb5q!U4k?I-fhsTf7qePlrw zI7NbBmPLg41;RmN`DS?@LorTwYFeH-9TN2cYQhq2yjq=L?z3->3+@>|20t1<3O^D* z;#BBr{E7e+5}FyN0FqZE>8z>%u>DlrUPagPA`w0Dl01F;jr;(dBpn6?Fl_@ySi9S% zPR1DvK+fnU1uZGvLbMaHx~SUIL-r~ry4e$qNw$6Jsn#kiFSN5&gibadR(vu~{i!%$ z8r{MM2`eaQs^}06ePXTl<(>^sIqR&UJJCt~j0jMQC@IB<;$#2`@4ENht*B+BBbjK2 zrBIRrS}2|_EhpLcFZGlVaQzwOKy5kGRS}RAXcPgnZYsSuU0CNHBPhTyf zgZLqn@WVLxT>CfV5R>8uW96vMQJqtD41o*$@Kb_ItBBVzbuI)@vOwN+KUUVsv-Yt~ zd67W1bYC;zgC{RmDLUYs8N|Pc$s=zzi~EZt=-NS453q3<0DXA~11OHJ)rYj%zFT;S z0DZ40QGCL9v{}>r8+2iGsu6|{27vk?FApPAsxB~Upi2=F<>G1j0uqIqhUb?327`Tz zuoFLEsQ@VfQUas|NC~=lo8F_GU>BQ;na;yQi3EKgN$MCf7j&~9ea?rq95*HTi!@~w zoy3o_P##bKq>SFmcAqibN~PN8-6VUFrgFQK4Ui=!Oe1`uq3iq#-4kW#%YLmXRF$Yo zxr>xlWXQ?WCI66P_#66OPN0iNWINQY6k3$%nMBVdpd<$}W}3B+io$!rl1Ie60__2k z#a@MOK}W~v9(09{Q7#-^p#XD@Sp^(PbXo|Af!rGc1whkQ4K2`TiIh1hg#1vy1O#5; zoXPK!(}s^rbo)d5&LGT<()2GnsQk$Q-oUZKWpnx<1PibNghSDm5vJ)ckP3d#F)iEh zfxnbTtm|tEh7M#Hs}W5w3`Rl^8_?3Wj|HfYI;JVDCp)77PUv2f40r(5gRd+C*rt8L z&Cm}z1#k!q+=d_MhTB*(kQu^k`fybZEd>IRH^5jM5700C7=FYlc%dY%2;+gF&ys5J z7>-Z{y6&*8<-q=;C|UrBR)#+2gbo^w4kD1GPechtw@kyy(&xXFghoX=@zSb-4OaC| zB5qX(kCnw7F-}+C17|@F2mlD!_o~T@A#`jf>*;b|7U=+o5%et}2ywC@ak|^Z&=+ai z7T2l7cI6X5Mxomo=u}PR)keBmSq0ucPIqz{A!wjoIZIz@6f&bhIAcSHHkoM#_k_Qr zu88mG#!pX|DZ{!`GQSXX=c!yFSflCwbEPP5i&ip7PN8r_qZ3}{v_i1-y<4C^>na17 zGl=Zl@c_E7$kMl=R|uBwI|>-476M2MSTcdB&N}+2o;A#_ASuF%NS71QMQ|9Rkk!!_ z&B%KO4XtVXgv~T62fDnN>^*=_wSg2wlj&>U-KA684p3RzN>?K}OojkRqYsc!a%hqr z8_}h&65OFHs|br?@Ie8RGKi<|-(LY1r0cDV1VBeybbgV(nhO~ti%*}zUGbA?1j2ML zECgJ64HplCQ4@Uy&4zwS#GIcplYT-o6L-` zrhxt?I`XR>I<8mz%#l9vh)A+(@@-Wh%yRVk7tbYqnyT>=hKU0Lxmc-Px|1)_kuJDa z)$X8c{7kY2<`|huAWr&-2ISjfvJ6HTTWUA3CIU*q+m<2Sp+{FY(2f-XBY_7U2cH1& zDqUYicS&bjY*)Z7^npW|Cawfu^OJ7X@pL1vr_HcLLZRtuY>Mw}jw^oBDJdWx4O9?; zNMU2SGjxBVEWlEIgJ8x_x?7NmA|Y-R#Bm2WP8Wp)s}Y(fzT#)1fK`hMk(Nb8`ot+> zN<^55R{>0$x3z}8x62{|SeED}tRU%o4}r%bY=Im;t8hGNXk&7BfITX86EY8&;?7O zqG~DG$`5no>36D1-y9&bWdsRHO9x|^tab;luchDQ22+C{)m!tjZ85d`&%m=n-|))S z(`TWgW{MUWS?E5|n@u%d3=lcpZttsXpI{X9eI#I9`nqQSt}J5kbu|YA;So~OK>_;6 zpV8USRRD0IhIvO8LNofIDv&$xnhOQX1%iF;7>pmP8rT?saBb=8x>8)LCKg--;t~)J z$enY>3;NItU582ch%+d2XjLqJ41P3zdPg>&Dd5aj>s>I|}F1z{jM|Ep0TBFhof{V(C&8+-Hz_UQpiR7fgF zsxEg1V&gI7i7XSpq+1$!di{)5r?5*RDe*a3#*hlRC@qSUp9YDR%`s9~stn{g)Z@Aj zKWZ}n9vDS>5~N9?&hXBl?H6#MTA;gjSpjeEirImqT;TSVrLh`hPBCNSq1SwZ)q`Geeb~W4FJSBdV+R;Jz}Q|&?j8w-Rc*5-s1xBY zOk;lE&&M8%=l@Qv$^da%{j88SW-=4qQBF2T{yA$O*O;WFKlY%g^jZxX(nqL^-FV6? zrrcQZl)F{+5A&UYok7PO{>N}2cnHA{*(X(dB6_=c^{DG4a@&C+yq*2)2`n98>1Y_5 z+xfXfYyarAG`Y_S-W#2hiAeC*rCKF$WX}$+Hj-6Hkpo%v*AZ`;hFfz>+me5?W^ql( z{@|lf4=G3^&#o+)yT0E|DeFzT`%o2tp_vNJVYS1rD9BH}*ZI7DBMN*Ec;vpgxto~; zep~+;bP6kij2`4-wO#{r&$T4_Cc(*EJ6xNkX}dvwPZYn8?z*OMYX z@+1bM99*;KVvlkRmnt477qpuG$fo_*bYsF2hVTV0Ve)G++Q6Uf_^Yf)*}lOa-)-&8BZ&h$v!rdsjoKwj56twyp#b!PLRA6#KmO^5$3MqU_3?*a z>*vRZk01W8ALNIB`acixbpsKFD(pWglF&ow^P&wnthe)h!k+GSTh*$L>XpPc+DEL*$FB00HJSoH*R z0&`x@x)x4=^BMgTU&lW^b+u-w{kP9w>fPaAm;LAjJWaOiRL4$TRo`jZ$DTkIecn$4 zbyb@KxfA&H1mD+1?PWi6f^b5!({HTRe)nJ3?e6aGQ2+Yr>F@74c3KV|{}%tg2cxS~ z2sh#ez7jWPft$@WZqeb4mzQ@@oNS=svdA0m};A1Tb%eDm9O^Ewc1l4 zi-xxi8lOJCd-(8lGUJaMrf}Kkwh8sEN!b{@_ zFO4JIFplu5afDxK9N||ONBA`c0KULDT5e2x60&TDctY5-a<%%3or`=z+P8F(PRM(< zF4_~i6Z%yb*(|kPg>- zn)e!z4W;|C=FiUHQq|rr-@69>6`sSdxVx*{W<>nQ2#^GKkj+IzWbLq|E<$npX=kt_rF$k z0p8F5xO)>HpFV%dPhURA_wN?1dic24pj%rvAf8NoC@1q~JrkU^?Ac6I*F9&NJG@x^3efs>de984uF&w)fk1Ct3 z(z`|L_*mb!zN-7Vg7oUuiPZ^pzg>LyW>K#Gu0@Hx?7Q9OuGciPdBynZRg5X79P|CM zLQ5A#eXEILZ~~_M#u#p&q=$$1g$VZ+eB0^^bJJRW?Mw;%hyEYlT{+x&57|qM7t8|QBW_$ zS?4{6FtBBeF?YLGe07qok;Znp#@F#bDViVRc7yoGlRwE>tDJoNQA_TA9^sBP`*V5q z>a3JD2ietNho3s3M^!-YetQ4$LoI(WfB5TPPAAjvc`)vIpnKlKhhO98hxp-1*?rs; zaoiN~&;yGP-F7}|6zJ%G)+0PuN4%$wcvMHc*WhlLJnT+>xnXy0$GM$%+Bqk{_SOOy z8wT_n#|{STMxL zPY+iaVnKk7#!CXs#x%p~&HZNS3MZypxuX1jyLgF>&X8G@;AP+KHkUYf`{B!9>*x4X zhn4A+uL}l^Yo~GTv=R&+LGVH_>|8MHo?zIKbM0P(C0A}D4=zvwJxZ2+?LZI(xey;2 zCn0Ak^jp|+Zx*<5BW~P?8@He|j4S|4&X|?2cmw+N4c^gpr&-mKM_}OlWg%`txzcjj zJZDDIoA~MD<5T|lp*%c2eEguwcsx;`@a-?F+K(S{9l7!D5Wjr*P#>SVtx@jJf7!)f zz22GrbSF3e)Ay*`n1dgsf2KJ3&B*E$pWfX)yzj`{lTMdBryWchA10L#I5I~2@}WCI zOza6G(@bm+6W4$&`3zh~Dc>iOEVyz=I9U~HwB`h12?cRr5?q;HI36-^sSRi4FQVca zzbh(kR&r0p^B8V>4DQT3d3#CI>CdqI(|3{h=}%==SQKE-(i?+~Y&;R`Ozb(WreBAV zThxuGR9o^)Pm`(RB;())F6q;W)O)$?*e4H7Tk^DN;IM6*j&cJCJMt{@8wIxJT=iYr zw@co|Nf#rnI2NasqO3U<-BjmRyylf-F`P)9hfB-AY!ssJ8k?21F`a&CMzLXL{SkQf z`+mNp@lmto)=GG3LjqDVya0XBc7DrtdqeQ}|QYGyL9LIF1zN`hVQV zI&A1oU7;D>FytAw>-uie58WBf z+B7T&I9K>tn>m`hx(3K3fju7mEOf%hLFU;gieF*VU ziNB=}6}CHJXR>UnuAV<+vD`dZcpK=Ck7vwH=zdlqfyc@>)R={R}R9(&h$rV7d z(zkd0%D>U1<_J`5E9i$U_i#u5$-Db7{rxz|#cvNSzJDB$b<3WxjhyxN@I8^U zHudA7YSO^N)8Bvi^WQ&xeEM^Je0Y2T@9M<1X#8y`a3Xq+1ovxp)>%y$8ZD}`W>Gi6 zj%v}AiP>bsmB|JjH7q9ES!ZV-#CoQajn)swcw#ya#}`DV3SvOn<*$9x6HtT^VdoLT2Cfh`>O$yEck z*=(Dt8(aPhIGr~+z1u2m@Aa9f+co{|+xs;q&pDO1I8`nK>IlSmrMIusc>=S$mJ=>2O6f;eTHhsQws- zxK)a~#$h?kRPN6$=4j>7pBT2$>ZkU-b8+*COE1GHdbP$kF*-Pa&6|bUd^V`z?ZTEn zp+DR5Z|0`}9EX~~;{BeHKH*QB@e=e@PUjXg{B<>3o`>F8o9q0|Q>wpmO1*(K)ziGg zn$pqEz1bC+j-qcDtktvf#8eloIeCqzA;LcIj85Vo$HtS69EO?7&AG*#HRZSKR-Nh# zShLe2Vb68dCE<3`F!PSDR?Oz@0wX;ICS3H^)PzumVbt>ou)pFwqyYbTZcWQ!&J{Ro zvv6i<-Th+kULqBz4kyMvq`DU&_2rJK)v9lDPfbXD-bu9v{~cUa3#7i#VU;&r`Dahy zN=>j{{I>qH{4qM=lwA}5?aQb46;C^Pl@stG?zxrMH3UGOz5CaX9~9&`yPw|u*N=bIHC)Z|>k=)#JdU|tn+c$=`vlzAWBxXe zKUBZwSon4KW=K!tv3^X{8nbfo)Md}m z87RLU+m0zRny~cxWEW(YDNVIj#zA1F zUvRe~_8x^`3*m6i+FK`|4IJRQ$jszF?@G@ziE%>e;ar%f+MSm3k^I^0gK$3wawe@N zP%QwB6~4b_IP206vETfst!ciwSmFffrwinclbx|iJFAb&*-xX~EJ@b{Vxzq3t(#=i#8)pl}2czPHwc>-N;v44L z=e~TXe|u8$JU-P=kK<})(-?M#^+fv4eJ2I6wf{W5`N@3pFH~ujCp~oa+=u%D3 zTi+sqQT8&F&&k1i4bB;;&rESEgMXOf`M%O(iqE7~?(E%NcIMS|p4nZO_INfhXT_`1 zo-|!F;xYd5gp|*hoBGl*!cJ$vos|k*T>aq!#u#gJiJ&^JSna;xG?rZch9C9xpS7V-LWJ?Cl1bQ`twb*CQF-LJ*8#wyK? zk!J|DgtK+@ylj8Jm#;IwD)#DChoQ3+og>)Kt#0Z%cul6b0=n5kw_1(9maB`t0{*%6 z&$~YBy;-u$86SUK_qihHQ?Kg`loxpKf$E;PJ^l&(iuY&h>Rm?uf{dda?0AYUq8M)$ zQ|hXI3nL63bA4N4n+N=g2mGx(FoXO8@?WB9L4N-~HTlCn`NM_Ba7q5{1na1ha7ps_r@!CgcWz_`d`2n zCv?A+AG#4wWR{Geb6;gEc3WjfdfJO|or8!A(qG8N4(YdhUoy@OM5iHRwNLY(uXe1N z5#3%V`V!W&M5haja!qu5L3DZ<(doAnomBc|O>|mYdSie~O~5^(^CsCYl9G0azTNvG zCiqMw>RV_5HJ!h={GScytCD~1Xz{GfuTB>K0BKK~(jL=ua-KHj{Mm5W2Cf9ywAAWuJZldT#QC=i%pQ~rL z1TG3Y=f%T^4|b}1J(zN_Shl*M@8M*{h_|gXWSo`OWkyY zY#{0NZJ7HCHwlCx%riJTAjA*#Kb}Qbe9YbZ@C(lhgweACSGCP=ANS2wmbw_KBiZUg zR|n@RZ^jMS*LkzMlX1zh&oF0tX4P>_;a&TD%$ComQ+8<1{5ko2%=12<%LQ+He>QNn z!J=CT{3_oNEO@0Wc%E50yy<=fYkv|Ihf4C!5o>mu~qhJBIz#E1JiBaPB?8-C_@CN#BZ zHs@8}>t3!0d%vv%eJeEw=49Uu`&i<2VY<7_NIeoNnT^ z6JmD}e4G7g#r||F`~Sw-d==AQ5`Dq+^uGnu^FGtBLhct#&%c@J2mN=2-&N^cWAzQC z^t`9{cQ*f>&HvYD^KTUC(s$DqT-SZe;WnGHJ{_R}c4YqVeuDRH(xfuLcaxwVt%*8sh6T*s%b&X4h zU6*s)b20pOF7CbP*SHwMbuNaB@cf*M;WB)Eoxqo(tc z@LLbG4(aiI&ikj&^|5~bH4ZnEx^Uqyi_&+)EuSfgy?bo6PktYeYCDatzj$tiOlVa< z`}~p-4wr~X<#777dJEo8cY&r`A!wJcHFo!Ux?pz~MV?prt-|4ZQLAr=jMsZ;{c#bD zj}IUI^u9iQ{LtTJ|7EIv*WFg=zwxB^IXA9Ak<9Kuksb5n$xc^d>~w#|zxio#H=z5} z(*SLjnm>NNfZTj$Lzu7cG!5wQUjn>e&ujp_qPYonxO!l^HyOrXiHt3q>Q`fg$X8tIVF@md~^7d~{_=$N3xj=ULJz^kd2?+>Jj5ehzx)Yr0+s!*ZOy z6h8eri#?t|w&i|!2w6^G_hf(eR`OYRT^AHR|Ls?QyDpr4Ev`Yx_R?iv&Lnfa%`3FChz@UWEYzF7c((b~tMN6J)n_5>Rw4Co zj;)~h>CNO-MVL*edp6=ymyI7nn=aBYkFw5msnmJ(mOBrZH=%nr;rw%Xzm(;d@vh+T z2)O>5X$R;E{fYgk9^iChH*Og0?xtUdf7Ni{q(m&8EZoiiezT|FIGn7E-+T#ghKowm zcy@j%Y51N@Er0myUshPK=45SWu{^_}i-CC>SU-6)4v+tUaaP#q;V9T8UcSlT+v0d> zqE3BA`Lz5zblZ`rXB6A#2QKW)Z!%0z7x&T*vPsB|nJ8K>J~nif3$Cu~naQn~A>(u% z?|hr^3i$7X;`@dCvdV9FJ$QC~+~VqrBSjj`Uwx-7pgZSR-$tcP!Poi_t>=ImFm zMgb|~mV0eSIRiN-N6q?ALk$^uTj!wXU@W$nZc*Jt^*@t6-fi@Yq{SKZ?%wYRu-_VP zO+UPvO}P6ljJtU*M!RH^{=tFq?7r3DOMWKtrN5avZf3D=wCG@5J>6@QXZ2bCy};c7 zcpDF|b-(*{x6>^UCRF|U@c8gl%e4fQuKf;5&vz9k)V0f^X^@TP^=k9ykbV73zb5MP zt=034m&rTxrCeqm&1)YvS2Rq2CjsdSHvjcmXgd?xa)d2q;&NTP18pemp4OYVyOn>g zpzulnYSD6$?lR+_Taq)nIm~VLJ@eAj>bc4-@zRe%DG2`W}>eX1A zbAIl&^>?4|HDBH}zPyOWTr6!bEb|-1Y#o!lLCRmIWv=R&H~TBOyluWf*XoYYtnTIr z&sQk)>#p+K_VhO|-IZP>gm&SJ?rv}0$jcfUHjCR{YsfnyclG|)x1QbC3)n8ltORU* zz3hKq0h4P2wtBK)L%`%43D}^tugjIH#%ILon)bXQ73Oy_`dy5E7o%syXmj(rb^?1g za;xvgF4$RJ^tZFK?Osut2XA?Lp5;=;u0HMZjpp(a(dviXW093a$wfjA|8_y@6v97N ze!6+;(rzYxYIX&-W@M~&XCP77m(xU4sv{*&DHAd^80H`T+e1U&5b1v5S1jK9^D)~z);rvKdiX7TEK%$f$aDB;V# z+imV`9lH^wJQ=9QYnpG%w_SX6RPWk!;8|XsF*r&0rJI$(A zFW3xEXD1CoBtb6UvpA!xKo;DdW?$fq%kzF`l>C z!|dDV^9vjC6O4C0KHG7V}=cOgufU zvYhzz?8+y6?wON~smE>t(?T}q9=o|rE7@tI`7a2IWnR1i7N?c~3!Ghk2Wfrdz3(x* zLf;Q|%jNXNEtFx77p)g<`q`~JZ7*EM{w6D?ofXshI_R@^HLqQyy0XR-;@iE|(Q~UC z5wNqYA&Tr}I#{#z( z!e?3BTL_&+diJ5KRSaeMNaZrbaaJ7mZqs|Qe2965 z4}X96eu6cASSDQL_^z6cIiZ(jvqg*_H@Se+w_i7#dJh+A1}n>+;OEiqyGmy}$K3dB zBN)GJq~Fh3r@iyZ&a>X9RQV}We#IH#Bs0zkZ+@D6No5niZnULecXljVL^l)BVI(>{ zPxPl7h(56R5}hkjjA`Jr!dvK1CxD+Pk=tbh{0(fdI}6%fSKo2Is8OtcGt=-bOrv6P zo0{M)HG!j=z!R?M@0B&qf4%vs|H74h23yie{2Wu0mfxkb3?E1vn_Y^zoW^wg@kjrO zuQ|K&-ReVtJvjZe(P@TDcLT{q^_SgRgFTM{6V>~#jqy!{mBlBi&T4<6u${hgHc(h* z6kgnQd>Zuxj(P$ws4nxRpJ=2yjZ~)#skck1-$Bs0bpl*PB@A1^{6l?q(%0L1A1>v7 z%@8mXc%FX2rNG+-Psm8c;p=bG_57lD6lCUR;u#pfBu@(Vfy=v%Zvp4XeX$ zS|T!MQa4A=OnmQux*TBAa$CF$>z!=+)Yf!GS4Q5omsgeTv*ze{%Ue12zx+kN$#&ki z-hTdkD+BM_D#IuGwm183L@--h#x+&`EC;zWbvt_q2YcwM<aK9I|AS=&1R&gmudiZgGXZ{fR*7XiA%o87o1-c|5k1?^Sf<<;|(%d<_47B|t) z6UJ$E+GDWvZ)!W!Ov~xmZ@7R>)P2hVc2~jQXtG}cXOvKwuJTWtmNLhpaA)@PvPteY zpN6Hax!|Jk^+FKN5;@n&e$-iS-T&; z#P{$2{{MXbIA%|6nU7<_mA*lA|KaK5eU}0^C0lLA&=%@EjOkcmOveg`#qn=>7~K2Z z{M_fg+vIMRn%boyzk1c@IL!-}Xu7s$O-TFCfByLR^nZW++py-XQ`7K64a$=}8|UNS zcQd2^VM-g^c${w$l2}Y~D~>hNk}fB?MU$uVi$crRcJ!m#(eE>qn9HVPULRjU&0>;U z$A(25ZTK;rX}eI-8T7k%rhij#LgF~N?n%J`(O2fX1^+a@2h~gIdbml`+l!iBHE+BT zb+Q?Dr#R6W#&Z*l=O&mCx=+Su&tVH+QGC66uWDy)r?CCJ)n0S|vgYn(&1D;<--S*a z`{e)PXxg(t)*K~g#FR0{12MS9%lS^TgCpBhAHD*UOW~VLKU8+SHw-Fh)5gGHl*KPgA&d|+z z{qQV|CrB7ikfUanrDle?W?n>-7n4Yu*d#hD4hCFr~E<+kBa1mh3Xt4=5AZyo(}cXra@vl%Z2{K3R8 z9|m8!-n$uE@bG^-q?x|^^5OB}zjt>RXU$LY@No7fEShyH_;t)5KRm^U55t4jeavjx zj@RvYXxBaPSRNk#{o_Ob2=B>`m#tn$eVe)d(#1Labk1A?c7w@rF7X`|yGY9Y7L2>Y z#bO`7q^Hj@KfU`){rltiJpBpqVFkL27S8?Tvjz3u>`0)l;wgJgkS+`=P+w0OQA} zKiAJ%-NAe_TgphBu?h93x88TNz$Q@NrmOpTz0ST{*Wd!NSK6MyZm+~%Ux_^v{P9bA ztWRUrdHRPgfU`;Iehgj}_MrO|`Ne7mFh4&G0mtEj;rz5a{O)_q#LA98q!TMWPR*;` z_``SA{g)3Wp9#b-AO7QW{M5bVPF;(0^nJ07+HtG*<5usNTRo5aq8;}|d$LP!fs8st zMjawcW5JEPzZ-Xdx7^D8xb^yR>-8J?eTx`i7!8mx8X#eHa6210XDdf9^(YU_MW*w$ zb*k$u1izf!nRioIn(rT$trk)I`2OR^zkK;L7q{O3HvfPD@Je2>OTO$_Z8(3=;tVu7 z#PA#snEA_Q6gO8WZdONHo?Zc;9s%Dp?%*_iWMTTog8I+ZioIX`JsqT{Tq$>VX!lJw zpSde9e*84^&n~9_xyJnGnBMDOLv;G%r~CG1hUAZ*IvMC-^hFmQ!SmhO4`1HDKNpW$ zcf%jIXA(~SxMeEHXdGT{rdx;|T|VQziPMfT{5t*`-}f3^;|%fB)8|2-PuUQimwmt4 zIXd+7^c?c#<_)9I1IMtq>25@Bx=t_9Xs)1O&d8W&k@qfN4p#!H`*85TeC*!XAf zAL>ytC2RQmdFjNjKVOXJrc8`24`G+oMyD>opuZgzJ#WFkUCWL(Im#Dv@|TQ)WcHZ<}Bm}5BlqdUsc z9{ET|Ji^f&xHbz8B~h+clJgcYI`0yBa$JM<1K8+@MIw1_B*2mrWU4u$!$cV?8Pj#- zBhV3W)iniEoH!?#T_6fMQSm+nf$VAq=(^g?uEsl4eGV9IWaHO{zN$G)9c|V2S#keyb;BlZ(wpoJU(AMU1&RAEKbA z&^m#^u+>v)rY1(DS#e2ntKz(AHD|*P`Z39Dj%m4;RICACGv-iZb+sB(LTx^@*!6_1 zo)Mx$N*Tly&(W3Kd<>bLvk|M1!H!ZkqCV7$rKZf6Q9Ws(8RS+qGfVI$p=?m3Q(j$ z^{G)W#bgg?vPtL@Cey6=7_i0+Eh2=BI5gvff!Z3CoN8e)A&8+&%^FvrL{4>p)?DHw zkg|_x#5OFknLu2u50+9Kq2)-Gn+xEbAu5HFi$*eMXNejQ&~j)co9d%Uj*ZFQHAAkT zsmuT+pYg_pVojz|yC5n3T@ zso%iJ9*nb?tqaDJ!wOkSNSQ?d#c&MWN-ZBP9W5R$9IZKWII=&oJF*rq@D=~wKh9M@59KA%g7Ep+=z#ySt2ON=-w>g6sNR^;@6d^1^sgmcB zMk;V%Es_ta5Rnj5^(KcTnSzruZ+i)ms^P*cwvbO8asy?7(prZHd$0%%l4~6!Q>n3H zOD4CFptQ=^ujpVbF^C0kq&Z0xsCqBXXD=Yst2E+6N|sE@A^3ucYBrb>Ri+$ME5^5B zZo1iFRQa)J4H;uWz{V=ovE?}Ow#zw-%b3Ad>l{FcSiGkYqs8jSm3~_d1Jz4S)Pl*7 zN&#D$i!bC*3f4wfOf2uolcCfiMH`zhj=jw>MiDPU_KJzcR@gSS#zJcjO7J#U&Lz9l zlDFM9Wkqca$w)rh5HUb34NQtG-Z%p`cPhrZ0~y;QpsrJ`MV9JQFj;)4o-maGT2cZ_ z;VL3Nm&Qh1VUV14{jChpQg&FgwW)c899o1xP?@V&iHiN8{!j!1xt1_x3qD|#=qgYu zR3(|73^p7>p+Y`mRFx|&K?e35nr$qJC=AfpNuU|2-n2~E49BE)Y|NZuG0yVns&P=A35ccympvLrYXRyww`QCXlo~Q%LkzVB&(3%Zg)^}X&?JGR>XW!& z0{WVjcZ;*SwCs9i`pxl15^5=hePm~Y;S?$oQwXePvd!a4ODf8}Aw}JMs`1vd4<>jn zp-CH{>Bs#r_|}-Mw@_0l&I`9dECq0!TdPGNME2FDl5B)v#b&B4#~QfW5pRjuH`S@Z z)fgdBa8Lucnw%r<*iz^ycof)HvSN0XthK%p)RMFAe??MuIT#3zs)dAckkPLL?y7BS zVWnn^Hvxc!;d82~zb?b1Sw)wXGxowd@3B#6!-Q6H;`Ri`W>d6=N!z z=AlNEZnF_Sgv>!~3sj(b2n8es4h~aeOfB|jLVGA;fY<3{fIj*)!VwjD$MXIoC%vmVb!fGs6xpG`h zVx#pfwo=tVND@i~QJN-~s5ghj9*8ADBRy9dikOlT&bb1ug}|kgPmu#As6J$CLq*?2 zKsZFMrNvkXnDAw7M#ZxViof<=6lI2iZtT|K~ph3XuTSHDs z{RJsFPd2++k&{pTCM5oVDI_1zBjpsTbs4<3hE%Cm!k7kVwzU{DC8zuld;$)^rwT=R zKK7QW_yYu~5{e$6Qmlbe$zF<2t$6eX+yE_-B;zeh@fOH4gceOJ0kSm5R>rw`wKz-dR&B`EAdAU0$8n_vAvv%NC{c)V3s@;-<4jHtYyB>GgObQ4wy|W_NOTXhnXsc_|vEnTN%9UmPX9d0OD2S;a) z5-!YS5esZ>BzAyE>QA!F$wV)$^=c9PR{{sbmb_3Q0Gmrd6I3lFTS`bKnE?+DTe8_V zOo7(S#zS%#nHpyf2CEz9CJ951 zwv;BZVdIje5wu*3p!nW85qF@{0vexlE+HCqsR6p+J&|CO-f9;AjWvw%P_dB#gv?oY zQi>)9N)@ehXs@{ba`HZ<3f?;BS)>_9Nj+M@RA`>Ax&E5xP>TymLM6k_ln}^Ru2ya9 zo?7luOCU~MY;84HHbl{)6&A1NW$H$7{*XQ8WZ4UOYl63_cyu7%MNr>l8lmaoqXb)P z%Lu_>^VwNzd}958xM$;TRm#FSVNLok6I zstX}@MD^yN?0}9qlL-`)w@kpsJMzSt`y-?a2U{z8=*~>h2-(&+1@$XrmW=(O#G8Y4 zuG*B?nkdPX=+*Hlt`#ULN8<))HJb#UvTqWyG=yB$>6nxHFfHZ*TJ;7RfN*Vvfjj~F zTGV20s`TRkEqHZfa5UmWt5tG`*W5~strl~JmM~*$f>J7AAfLUa5C+ za`i?}sjWYudvnO4a03Y~5jZGSf)U1y+__tr2WYufV<;9vCb3*xbOg;t+pH^W#+8Z( z;|jN^ZemVNeahr0gh-iP==7k+LCIP;de~O7j2lW;j|kAfCQcZN_rVi$$l0P}PL>B5 z{W{>#YN4v`QYA5||3I>@jwOY9#wuWn(Z-@DDu*C}Igq6ka+X?#1)2lpWPqGu&Io!| za^2QPR9kBmy91D?gPwlKa*1qeX|@#4RZpWPCUsl&3JVUcc~6zp?Vdu$L`X3(xf-*_ zY)AeHWUZ&zT1GL|c{Cx^)ItkZEsv3Z4BPBY^qgDOO&*vsV68TZi@sli@;0;*O#qLg zjA;yTYoyNlSR-*7SNcsgOi|Hqp42p8GzD|E)pjRtQe)|d-7pFkTTS8+YDM)~Bq=2r zlY=RieD1?On_(1*#MK(a#I44xHcU-1C)GDRM18z^B~#{xnMJL7D+1NK+=RJ1U-rQv zIv`|gTQgNqG+qE0OTkQ{{{NEN0L_}{tD0~jA?3^tYGNd@SulqXVmjf{`j9 z*h-S(Gf*9(pLDjx^B| zP|>si&yY=x(MmDm0vdMB!8kXTP_oNT3i%pS^Cf{VEm|)SE#P<2D4enl)@m5HWiEki zET(ZXT#}x8f7lH{6PXZby=`(ZpO3}nuTgK++Pf2 zpE@xM_CO(2um)4Kon8u6Ve6?Z#~l09HQED);#w)5oNonusMV-N6*5WKAzO^Jrp#7wppbyG`Et6&c$l5LS{tK4!7=t`j&DX{wOu-O4x zgWv)-PU0;i+7f)0fMUI1XxWd@nlwbBsPUDmmZgoRWC3W-Wk2Kw9Fk+gR&5ZX=&?GY zhJi|B7re7^fR>@ElJ!MDQbnSHC&R&6^*53?FhGNXu^Cp!uBL}Xl+-e6wg_`<$&NI& z9$K^|a)n}w#?x)^#aaCfNlNbf;4Oktce%AC2cJTfsvPIldl|}vH|Js?0-+k4qL)o} z09ib$71O(E&>pOKV+3^fh`!of)$4*5pjDe)9HFtx-cV$)(8M;0*@o0gA);tf7*`r8 zRO05qSRg$d8><8bo5}ES015I^)yhU4x6HteR9pMT*{XNaIqxtHqWLnQ09H&iIjhQ6 zm#WENO7K-(l-cmGZW~%EE?XcY*|BN0LKMu#xJWGwYT=N9Gq+?@bBx)hDBdAaGU|QC zHbP6;)LMLNmZ_-~k5B?dDuFPXI&xpj*+`Sp3N}Wn$s{(#RODu4a4#soXh4yI^GVnP z#*B@~d+_Qc_C3p^J@^d1r5sv7NV;o#jzl&@t4H~2MvY>cAhE^=tyJ*Q{u#yH9;0fNgpalzD`AGr?D2pt5>Xs{R!#hV;ksN6XDtfs{PP2I}5 zi8m0lZUbyxM4uIIin$NapgVvIz{*Ir5JJ*aDwD8q^i?A@Wq{V8S||uoqxV9XQZ6xj zid7(w8rB`KI*DLiV6mX~lR)GYO=Z&4oD9$yT1=t|Z&FQ`7ASavY*lPsiaf5ggeWc% zw&1atWp10)VxeNG0NOtI>+L5}l7I-v@66H4je=h337{0BdqdwLer%%^LYlk;>}( z&~%#8ghiw7HThyvp**crLzzjf;$U>QY#^HcGYxQK%w^%GGO`>}t zP#a1xt$Iuxj3Zl<<;q?_^Fa|u3ZsB4HZ=$_K&UFg!6x;P6b!bF>#n*NHs`%?a)yyH zdyvExF{q1efM#MTQF1kwJcQ1BqR|n}8cgCR9l(@QY&Jzzjy33p+XS4|oXMJbl#HnH zoD>SUR3K5*kg99dsUO*<2m`d75Ujdzn@JW6NJZvi)teYSn^B{L;v^>*QN#Cu=&{C9 z(GY_##rp4}Q9LqenvnHg{Z1AwX{Bz%*D^q}f+a|@yAa(w?kfEwpXj}9V*rrlh-4Uh~t{P0qn7Pjw2;m?;Qp!Ox zC4(5mN=)dorn{CzW?U(=?G#uEtr{xgHOf}2aReF`9-(;->XjwJM8>)#sHv?SZKD#T zHzzS1N;WYCbfM+KC3=%J^wSut=L)@A58_GAP?4b~JMw&kEIq6U*I zI?IN{VW_SkV=0MZ#1U`B2}(*u^MeFT&`6CVD>)=zppRpJbG%Uvu_|AH?rb(#3^p2d zkCzmOrq$rTVr_Q68 zYN!-lw$<0rCwyUeA<%?Wisl@vzr!>r4B(?48Pr0Hqo6V6jBE;kNnTve5-evagpz$QgU%cLq*ma4pM5!xy2||jZTt2-D)RqJZXqK zCU7Ptle?X;RTl{gVC-?Uoj2|SI6d`b$*OWpc7<5;c74k!#nLk=96~{k%p773MrAiA zw4oKFG1=<+xxt}T_4crD0?`L=yiI{zrBrOGLk6*exEoqOA&(xooEQkD!7E?y2L{z0T+^7qvn!=9=&6~BN7~JqL^4S&qO&9 zg&0Gstu#x)_h{;7XKlzBqgUHgvc$$wycdhc7}pCp!6AAF#UoM;>d93(_XDaHgw*_70#NF%sHdKh%N%t+Z9$XwLH%p{!3 zG`nw%I~5ZyAvO~oWMh&uh1n$ofF+e_c6!QCUx!IH6w2N^7ty+)nc?7b8^9SsLdnLd z#YYZ}UX$|JNX5X033oXd8*B~Y5!E>Ho?BDXswKyjM!t&zMw)IXnN2H{D-czSCAyZq z^f_4uUuqT?aS>ap6vbgtU63{FA7aVi!ziUM16r~*!h+P)I^tkCNb^aZ2Vg?KXLVd- zytB3CtQ$r)P_6a4H!H`*GNiJ@p%sV(HmmcWzUf(M2a-fWT0r9HcpXS zz?6;GpuEUPW+2wY60dHNXmYEWI70?a0q5L%tU4z2uBg2ekR%w&8q+L7oDCMWyGO1m zi3211QmuDU{oT<}jb2E-z-mxniLA^i<&|RgeiG$Zf zoLswXq)-CbL6_Pi7(Rlb11N8q(yUJ@>k-{Z)l}CIjf({a1Hm7`xFZ-j1Th+RDVouh z07~bB5ucKkfQ|>Q3{!hFH5r>zGtL@@QgfE5H;}kS0S_DSV==CZ zN|5XFxEcGX5p;cq_QvGuuoe+35WpvmSI49WdJDZ02Y{)4f)X^AQ`p;3jb zk#S6p*6TGkKrJb2wm3odsFx2@YdKmgIPAr<_BIA^1vEdRNRHrLZI<vz>752UWGt=wWWeGyR;Br1m@q*DaT(ZI$+6Et09f`B zE1`PU(3W6q8nRcE1eZv}nKO=Oeb{RPHj+RjtSKikg(C=x)e9~?4)kQKF(i#Z&HCyw zBQ%W~gY{KfMjKVCqDOV^^y8^7bEB^=#n@_si4;OG$<$nOaM2f2$9pgHzM6BO84KO* z4LAatL#;N{%$nv?NUBOTG#`Se;A)^@?s63d1*g{#Z4Qa8<6?_wf}dW|vCd;JSEQK| zYBDOkaIjI;6k4ES3YTCs{*zF1%+<%!k4x&qRS&T4R2sRX1KI$Pi^&B`NY-isdaO>= zs~U=&Wo*^YBv%{;L;xSiRZM z*g0c`^**u2FFcj#u#Nl7p=9jRR%(NiQ)$LGPo$Us$VlpsLBM!0m;fDG<1|ZE2%J=_ zsck`1*(eY5Js|rWG-4qJosA7ZkK3*pjZ!om_mhL|EKG-*L#?KYSZY<922GYX!?`_e4 z=-BqLw~n@}eq4(Y?P+}ojVXcpfGue7t}qVc;YGh1(T8dz`l|OM^xC}B%Q~Q@TN?N5 z%X#X}Z%yJ>)#LOyoeDZa%{&%?!E6*fg1`|($JROfBUpC?D@U;Q2$qjv=^!=`x28A3 zn`_BT`ToOLX{#UV!!dj#Pl2pxj3DG^eIq<(=W znu3i9po$uqy?i?NRj_?wxMAM6;Zvg=$PjIGz?cwI3sG}Z zH6Ozb&p9Zs-Ga}oS^0sYab$u-^)Do{7-9h*xp!mfK6V4F!oGx%ny(Rz`dC89EjRGK zf@^&U2=w&i`3Rnl;PD6^j^NEr@HI6OL0#^qh%mKiV+1Cn_n2ZC=KA&Uv%Ym9QMgnH zXn`fQsvfMSO0bw8!22V3Hw+-d0Ji}bt{Pg43>lmkU}vi4Ay{YFpdYd#xr2>3Og`v8 zI6_dwg`3CHc(y3mm`R$tJW0xRgol4$KM*yJq39DIRxMc&(TmvzC6}x@ zAN``RA17$ey*)zE-@k2vQEy%d3NyOwH6WtlL`^2qTN%EO46Bv(jmIrubImqz;^vB8 z4$$pHQcOV2=3%|&n~$sa<=9qrZK>-|G&)$sPz(WEas3G|xNknLkxDFr)+7@Q>JdF9 zWAw&PPQKS#XyAxO#}7vc{@c%?lmy_^oM1;_lH?c)2M?~%kZOqrzv~=|;Z#EQHu+$3 zixO+8zG@&2k{@E=hQ8|@G{%~MbEtY-)dr7QB<7@NK%oBAg2oj}dx0vP7= zedfSUok{_`@lwH3aW>>oO(Cw$`1k_?_LGkS^$5ln&1U8%RITPr{(umU2>u^}851jkXQ1q$X}qv$=7iIHI*Nw- zBu8`yN5v*A7Q48nkD8_d6%14H07D`N`a=S5G}KT)=o}4eABKTyjb^#;Tck5}cb{3d~1TmxnJQ+a}IZlk9UujF+I<0*wA z0I~1~oyMOYTim9XQH~?%&l?iVK8KBTJ%{PNh5GE+EWCQy)EQoZA}g*UJkK2T7Ipj_ zw*0J((UJWbHLtR@UVGN*2K`oCZ_m|t^*^@Jv(%akMe!ym8Z5bXo;*8HmUh2S%0Jpr zYNWN1Vq7q$(MY_JSR>I!BCmt;%Bq9TL1FCTYBWI@95cB*Vm5q7{z04F%K!w&$??LA zEHf130jhVNnsvhW=^wPY_E|oWB3f&NGmosEUI1B}>#aPnf7GV&Aj`Cl*cMk?%tIz> zSc$1V(nLeM*+}EldqOiVeZ^3~)dU|XWZieyvN}JKFr&Y=VfCX86yr$^6RJor5AHff z{Wt9 zcWx9B*gkZsr1wMCOGUB%r{SO9w1w1zDKhRR3t56NU3v^zv2ynLH1zSCw&;vi0g9T- zhCpYxw4c)_InsQ%U1|bH0Mf_?} zsN*1`n{MU2Lmw0<3CuTZLP}@DezEc{P^xt^`EM zh*J(j4P)aNq6hYoYX9BwNo8k1WT>n3t)-5V0WFgc-~8}6>9@x_9jN(B4y3g@1S-<| z99Y-SM;^tcHpYfMvr$H)^hRkvo`cjzDUI-KBsI#~D9ev$A$~u8IZbiHpRwzMajfxe z=U*kwXwvL51tnEu^ih z1F7TcH-nsuH!jw==(qL5qeA70jTNewd)+zKbkOX!lv|0z1@GbaJ&R+aw!v0e3{Esa zU7MlBJIdRH}|8+WCwTNIOPDqD1Lxj zG^0{&zWc!llzwwxrpE}kK60)!g(ey?+`|(!(=mSZMgJ%LDOhZF;NMQx2~5X^4l&eK zW?8-^*BlV*bU?tfXx%^h z^1r!9Ib;A^fJM5{v|bq;^ct0~5c0dMh)EiQQUl1l2`nuT&p^$hj>!nzmSTOr2mt^*aR)$!QQmPCa>Xr_WwnpE)L)Wad!PzGYIpYD%bCjERtXt#o-(CB9e@y*}KP&}6A*f64aSHiz`yMezmrFQZ^dgX;Gy^g}J#+(J z*uLI>kdQ!kCfViKp3C!?Py!=&-uF59%k4w7x_ay)#_R;vjs>{aHDa#E=OF0I?So!Z z`vt|7x-03J>2pax*`+?~MYAurKYF2V)rMBvv39H@771}}$hqS(jQ!Xb+eb<&)~1!h z3?*333B!~U5u!Jlm7{$9{)Wr0GeVJT%H%Uf*=h?_FYC@tvH92g&jtq!6)$yl8iW!T z8P*GA{5O~9ZtrXDVu4ywSs2}O9O_1%-;+@(WCArdXP;ISpsmP)Z)tt*Oa5rzb=w#M9Of|yDGL)< zFM=r34e;XlsXuU<%5?H^3dNcS#PbNC62`pICX5=E=l4a;k3!kM;MG-8e8LdK9~{y@ zwQ0FktiF5|E0in zfz|+OMrm%9@gZS)vGclY|Bn0c;z4WGL1m6rsy%Z|a^s{I>af7jEy>np187}Q+%Ht6 z$|LGcZJcubehmO9=f%&gc#tnd?y9kh_`2gn$XC37Kg5?qr{VMT6OgrCa4bF1$9~ou zX&=95_yk2S2DqUPxC?=rKfuK)<9Rj_1A2ZB8NdcuwNsAR!#lWbymRc*=To*W^>t`t z8@9HNBHfm2zqC<^a+~E3=}8?`;U)%0t*u^;I3$AApe?xz_i!&1qRy=xh=+_ZreRo? z7)$!2`^UZ5CSZ#!0xN1@5$9!iEqimprM>rl?>spJchk4mRiQx5zCy}G!q;`qnJe!( zPYO3F)TF@Z17nCWkJkpb|4_kGyvnM<-8bV6ms9Khkkfs3Y+TiwEVb^Lu(87&5>8N> zO22t$QsndV>a;Ll2`WiF$|(JyOLVJS&PTnH~;mv_}UhrDiN)Hdn#@uy?| z>G(>~*N!-%*G7bS!OD=3zv{4(J5N06*YOp^Uol3Ywc|ZC>N3t?R3Kps&eSu4J{#Zn zvC0D~PbM$3?D!gNAldCVdj%ZT+HRqbAyUU^I-J(0k2AgZ?%<{N` z;`e`O<2c~alY3%DJlJ>CT8vW6Y}9r4L;u(YkcT~I_jCFhuv0S49f1GqH2=s~{;3W4 zFiq@!N*%rw7!VMw=NTUOOkDk-KVQp2q484d05eQf5h|>mu$#5I?wUQJXhPbAqzS>6 zhnf)3;J8k-A5E$^srJWnjRiq|7@P}BXB~Z20$>pCMCGo_6Y_uMTrPkC4BjYJ>WgBe z^F>z%A4}?eF8f!`wJtauXBqRH&Se>(f*ZUlgPq}ZE~X}2o1pFzl~0DX0xStCEfp+B zw1a@cw~Soany@xuc-iqQYv(LlE{9Z3?{bFipn1-=Gwx$xmLxbfn{YHi?H&jYV_KhB z*i0y(vQJEl%rRHq$4L{|EeXA34QxneKR}ya^ET%F$d~|7^!xYG1ekbm;zeJUE9O|8 z!1|f1bY;R4ce)wb{Z5P4Ch&OzWS-&VW0GT(JhL0*CFYtQh34Vt_u500@9R;z`lcv6 zT47pj0JgHcXR=xa>V4cf4N-5R;MZ#tm1_(-V7ue2sTu+KG(f*7&T!e%( z9Sf|!m%E>U>svH|#Z9RI^q-ka1#1VYWgo?SmpvXiztq>{G9XGZg2mBxpipN8cgA3^ z6Yn*^9v6%%xo^NCpcgvz_yG4=dgb>TAeM3I$Pzl7Dv6g-l~N6=)ne~&@=Hn`deRI? z(gf~#D6E$@5n!zR>-yLfuyzq_6o+#$KO37L_0Z(UUGt~)F?@Zyo5v|-n+-Xa@BvUI zXTAj}Kd+C0W$Jdo0<5vJqK0^c2h0TBZcmJ#*Si*T0HFj}ofjuQ0S7nCwq4J#_xQR@ zlhr|3#>BAIk9WK~if>~b@A1_hOw4}3af<9gY!hB8sC1qDvBm}T9*jhc3T9rDX6sl(T{@^Qq9$#K~ ziA8DFKtB-_0{B*KQ|G5frys<2V}YsQx;>Yryle6h4aS@X!ni z*xF=e*m1qbx2V)DD09ZiffAfhvbmrZz1NTZ#N^XU6ntA{7Wjhn2p{BDmBuL_YuM;` z0+8MW{tq|_q}E1JBGr$z_N#6_AaH?(y^s))tOMSUqO}VBia~f40D%%L;Y8+c;)zjU zy|KykHGUmmh{UKPdf&&~I?t(LfI#vlrYDc_)A$09SZH&tj!k5Z;T>p`?z&QMEW^*^ zJF$IMI^7O$8SsJ?oh)2;pLyFXixZrR%jk#81kbB8{409zGT^~i?tQj6|Lg4?+hElI z8AA6u&!j39?jT{w{5d})?oHg9xHfTlVb3!bCt>3P8!nFldY@8I=UXZ-@F)qKE1P({ z7H}+!ykGfbM@ZFSsW9Qqd-lisT%_-_*Fdgn7orGg61FP5Sop{D23v!(*6IuHT!*gR z3#`y9fJOInBtb6_*>GjpvXXnRqs-|j`8l8fj`!~h7U*SrSwupZ6HnGsD~sibGvCke z!7`Qy{Ec9>FMdpQbp2xHC`c9u1HY)G*3O;Sd zg+gFZs(Gt%-BJdB-0;2>E%H~UN2XVaB=#Cw$#B=R=-@Aw=;Z4F`6%OUVGRl}& zty@`~7iT!neqeQya0jdR`LbMjvJ3E5b!~W>t&?!a8d?N_(bAteHu*2d)opWi(EIc7 zWmZWriaLG4lk{FUOUhr4i_=S{3q%ueK{Q8Y`*2{ulHhIw^d~^+rO;iAq(zz*Zd#~mx%;Z+?kjk- zkbT0e7w+H#fA9tubkCIAr?zC%5>1O=eb!=4%iZT#r9d9jQ31J*TLOqlgZSXW{mZWlg z^F59fP05>*H6?9I(v)BgO--pbrE;|e1QA%uu(N|`%4fjn0TBANA6Tw3-N!QArP21? z53p{=7zHKuYo0RuV9%a|M|oqAlwo(xFA)62U^p(Po~Z)_Fx|9-VHSDcJHhX>DMwTG zrff~I*0=id%l2x|f)Lw=zZF)6HMaPi^*NVlQ#>!iO`-R}@ls!6Oaj<@CoXb8<^tHz zL71ieKDReT9HHirb>gBP&< z6*dTC&$r`s{m@Jyf!$*tq`P#d4~o^3_wu!!Z!p=9Ytn&P} z2<^g{1QB&j?vU=~Fz{;L*QnQT9X#qBXWAa(z5rB9sZNQk;qxx&eQk9dzz$H3s8R^U z>ZF5#SAb#2{X9d9RQLttL creusot_contracts::Snapshot - and 31 others + and 32 others error[E0277]: Cannot take the model of `S` --> view_unimplemented.rs:11:25 @@ -58,7 +58,7 @@ error[E0277]: Cannot take the model of `S` [T] creusot_contracts::GhostBox creusot_contracts::Snapshot - and 31 others + and 32 others error: internal error: Cannot fetch THIR body diff --git a/creusot/tests/should_succeed/bug/final_borrows.coma b/creusot/tests/should_succeed/bug/final_borrows.coma index 332fba652..2bb331f3e 100644 --- a/creusot/tests/should_succeed/bug/final_borrows.coma +++ b/creusot/tests/should_succeed/bug/final_borrows.coma @@ -2103,7 +2103,7 @@ module M_final_borrows__index_mut_array [#"final_borrows.rs" 214 0 214 52] let%span sindex7 = "../../../../creusot-contracts/src/logic/ops/index.rs" 82 8 82 32 let%span sresolve8 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 let%span sinvariant9 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 - let%span sarray10 = "../../../../creusot-contracts/src/std/array.rs" 9 20 9 30 + let%span sarray10 = "../../../../creusot-contracts/src/std/array.rs" 14 20 14 30 let%span sseq11 = "../../../../creusot-contracts/src/logic/seq.rs" 623 20 623 95 let%span sboxed12 = "../../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 diff --git a/creusot/tests/should_succeed/cc/array.coma b/creusot/tests/should_succeed/cc/array.coma new file mode 100644 index 000000000..75f935b70 --- /dev/null +++ b/creusot/tests/should_succeed/cc/array.coma @@ -0,0 +1,532 @@ +module M_array__test_array [#"array.rs" 3 0 3 19] + let%span sarray0 = "array.rs" 9 54 9 55 + let%span sarray1 = "array.rs" 4 17 4 18 + let%span sarray2 = "array.rs" 4 20 4 21 + let%span sslice3 = "../../../../creusot-contracts/src/std/slice.rs" 245 0 354 1 + let%span siter4 = "../../../../creusot-contracts/src/std/iter.rs" 103 26 106 17 + let%span sarray5 = "array.rs" 5 31 5 32 + let%span soption6 = "../../../../creusot-contracts/src/std/option.rs" 23 26 23 75 + let%span sarray7 = "array.rs" 6 31 6 32 + let%span siter8 = "../../../../creusot-contracts/src/std/iter.rs" 97 0 205 1 + let%span sarray9 = "array.rs" 10 30 10 31 + let%span sslice10 = "../../../../creusot-contracts/src/std/slice.rs" 398 20 398 61 + let%span sslice11 = "../../../../creusot-contracts/src/std/slice.rs" 405 12 405 66 + let%span smodel12 = "../../../../creusot-contracts/src/model.rs" 83 8 83 28 + let%span sarray13 = "../../../../creusot-contracts/src/std/array.rs" 87 20 87 24 + let%span sarray14 = "../../../../creusot-contracts/src/std/array.rs" 93 20 93 33 + let%span sarray15 = "../../../../creusot-contracts/src/std/array.rs" 67 20 67 57 + let%span sarray16 = "../../../../creusot-contracts/src/std/array.rs" 61 20 61 47 + let%span sslice17 = "../../../../creusot-contracts/src/std/slice.rs" 411 14 411 45 + let%span sslice18 = "../../../../creusot-contracts/src/std/slice.rs" 409 4 409 10 + let%span sslice19 = "../../../../creusot-contracts/src/std/slice.rs" 416 15 416 32 + let%span sslice20 = "../../../../creusot-contracts/src/std/slice.rs" 417 15 417 32 + let%span sslice21 = "../../../../creusot-contracts/src/std/slice.rs" 418 14 418 42 + let%span sslice22 = "../../../../creusot-contracts/src/std/slice.rs" 414 4 414 10 + let%span sresolve23 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 + let%span smodel24 = "../../../../creusot-contracts/src/model.rs" 110 8 110 22 + let%span sslice25 = "../../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 + let%span sslice26 = "../../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 + let%span sslice27 = "../../../../creusot-contracts/src/std/slice.rs" 96 14 96 41 + let%span sslice28 = "../../../../creusot-contracts/src/std/slice.rs" 97 14 97 80 + let%span soption29 = "../../../../creusot-contracts/src/std/option.rs" 11 8 14 9 + let%span sarray30 = "../../../../creusot-contracts/src/std/array.rs" 72 14 72 45 + let%span sarray31 = "../../../../creusot-contracts/src/std/array.rs" 70 4 70 10 + let%span sarray32 = "../../../../creusot-contracts/src/std/array.rs" 77 15 77 32 + let%span sarray33 = "../../../../creusot-contracts/src/std/array.rs" 78 15 78 32 + let%span sarray34 = "../../../../creusot-contracts/src/std/array.rs" 79 14 79 42 + let%span sarray35 = "../../../../creusot-contracts/src/std/array.rs" 75 4 75 10 + let%span smodel36 = "../../../../creusot-contracts/src/model.rs" 92 8 92 22 + let%span sindex37 = "../../../../creusot-contracts/src/logic/ops/index.rs" 49 8 49 31 + let%span snum38 = "../../../../creusot-contracts/src/std/num.rs" 21 28 21 33 + + use prelude.prelude.Slice + + use prelude.prelude.Int32 + + use prelude.prelude.Borrow + + use prelude.prelude.Intrinsic + + let rec promoted5__test_array'0 (return' (ret:array int32))= bb0 + [ bb0 = s0 + [ s0 = any + [ any_ (__arr_temp:array int32)-> (! -{Seq.get __arr_temp.elts 0 = ([%#sarray1] (1 : int32)) + /\ Seq.get __arr_temp.elts 1 = ([%#sarray2] (2 : int32)) /\ Seq.length __arr_temp.elts = 2}- + [ &_1 <- __arr_temp ] + s1) ] + + | s1 = [ &_0 <- _1 ] s2 + | s2 = return' {_0} ] + ] + [ & _0 : array int32 = any_l () | & _1 : array int32 = any_l () ] + [ return' (result:array int32)-> return' {result} ] + + + predicate inv'0 (_1 : slice int32) + + axiom inv_axiom'0 [@rewrite] : forall x : slice int32 [inv'0 x] . inv'0 x = true + + use prelude.prelude.Opaque + + type t_NonNull'0 = + { t_NonNull__pointer'0: opaque_ptr } + + type t_Iter'0 = + { t_Iter__ptr'0: t_NonNull'0; t_Iter__end_or_len'0: opaque_ptr; t_Iter__qy95zmarker'0: () } + + function view'0 (self : t_Iter'0) : slice int32 + + let rec iter'0 (self:slice int32) (return' (ret:t_Iter'0))= {[@expl:iter 'self' type invariant] inv'0 self} + any [ return' (result:t_Iter'0)-> {[%#sslice3] view'0 result = self} (! return' {result}) ] + + type t_Option'0 = + | C_None'0 + | C_Some'0 int32 + + predicate inv'1 (_1 : t_Option'0) + + axiom inv_axiom'1 [@rewrite] : forall x : t_Option'0 [inv'1 x] . inv'1 x = true + + use seq.Seq + + use seq.Seq + + use seq.Seq + + use seq.Seq + + use prelude.prelude.UIntSize + + constant v_MAX'0 : usize = (18446744073709551615 : usize) + + use prelude.prelude.UIntSize + + use prelude.prelude.Int + + use prelude.prelude.Slice + + function view'2 (self : slice int32) : Seq.seq int32 + + axiom view'2_spec : forall self : slice int32 . ([%#sslice25] Seq.length (view'2 self) + <= UIntSize.to_int (v_MAX'0 : usize)) + && ([%#sslice26] view'2 self = Slice.id self) + + function view'5 (self : slice int32) : Seq.seq int32 = + [%#smodel36] view'2 self + + use seq.Seq + + use seq.Seq + + function index_logic'0 [@inline:trivial] (self : slice int32) (ix : int) : int32 = + [%#sindex37] Seq.get (view'2 self) ix + + function to_ref_seq'0 (self : slice int32) : Seq.seq int32 + + axiom to_ref_seq'0_spec : forall self : slice int32 . ([%#sslice27] Seq.length (to_ref_seq'0 self) + = Seq.length (view'5 self)) + && ([%#sslice28] forall i : int . 0 <= i /\ i < Seq.length (to_ref_seq'0 self) + -> Seq.get (to_ref_seq'0 self) i = index_logic'0 self i) + + use seq.Seq + + use seq.Seq + + predicate produces'0 (self : t_Iter'0) (visited : Seq.seq int32) (tl : t_Iter'0) = + [%#sslice11] to_ref_seq'0 (view'0 self) = Seq.(++) visited (to_ref_seq'0 (view'0 tl)) + + function produces_trans'0 (a : t_Iter'0) (ab : Seq.seq int32) (b : t_Iter'0) (bc : Seq.seq int32) (c : t_Iter'0) : () + = + [%#sslice22] () + + axiom produces_trans'0_spec : forall a : t_Iter'0, ab : Seq.seq int32, b : t_Iter'0, bc : Seq.seq int32, c : t_Iter'0 . ([%#sslice19] produces'0 a ab b) + -> ([%#sslice20] produces'0 b bc c) -> ([%#sslice21] produces'0 a (Seq.(++) ab bc) c) + + function produces_refl'0 (self : t_Iter'0) : () = + [%#sslice18] () + + axiom produces_refl'0_spec : forall self : t_Iter'0 . [%#sslice17] produces'0 self (Seq.empty : Seq.seq int32) self + + predicate resolve'0 (self : borrowed (t_Iter'0)) = + [%#sresolve23] self.final = self.current + + function view'1 (self : borrowed (t_Iter'0)) : slice int32 = + [%#smodel24] view'0 self.current + + use seq.Seq + + predicate completed'0 (self : borrowed (t_Iter'0)) = + [%#sslice10] resolve'0 self /\ view'2 (view'1 self) = (Seq.empty : Seq.seq int32) + + use seq.Seq + + let rec next'0 (self:borrowed (t_Iter'0)) (return' (ret:t_Option'0))= any + [ return' (result:t_Option'0)-> {inv'1 result} + {[%#siter4] match result with + | C_None'0 -> completed'0 self + | C_Some'0 v -> produces'0 self.current (Seq.singleton v) self.final + end} + (! return' {result}) ] + + + let rec promoted4__test_array'0 (return' (ret:t_Option'0))= bb0 + [ bb0 = s0 + [ s0 = [ &_1 <- C_Some'0 ([%#sarray5] (1 : int32)) ] s1 | s1 = [ &_0 <- _1 ] s2 | s2 = return' {_0} ] + ] + [ & _0 : t_Option'0 = any_l () | & _1 : t_Option'0 = any_l () ] + [ return' (result:t_Option'0)-> return' {result} ] + + + predicate inv'2 (_1 : t_Option'0) + + axiom inv_axiom'2 [@rewrite] : forall x : t_Option'0 [inv'2 x] . inv'2 x = true + + type t_Option'2 = + | C_None'2 + | C_Some'2 int + + use prelude.prelude.Int32 + + function deep_model'5 (self : int32) : int = + [%#snum38] Int32.to_int self + + function deep_model'4 (self : int32) : int = + [%#smodel12] deep_model'5 self + + function deep_model'2 (self : t_Option'0) : t_Option'2 = + [%#soption29] match self with + | C_Some'0 t -> C_Some'2 (deep_model'4 t) + | C_None'0 -> C_None'2 + end + + function deep_model'0 (self : t_Option'0) : t_Option'2 = + [%#smodel12] deep_model'2 self + + let rec eq'0 (self:t_Option'0) (other:t_Option'0) (return' (ret:bool))= {[@expl:eq 'self' type invariant] inv'2 self} + {[@expl:eq 'other' type invariant] inv'2 other} + any + [ return' (result:bool)-> {[%#soption6] result = (deep_model'0 self = deep_model'0 other)} (! return' {result}) ] + + + let rec promoted3__test_array'0 (return' (ret:t_Option'0))= bb0 + [ bb0 = s0 + [ s0 = [ &_1 <- C_Some'0 ([%#sarray7] (2 : int32)) ] s1 | s1 = [ &_0 <- _1 ] s2 | s2 = return' {_0} ] + ] + [ & _0 : t_Option'0 = any_l () | & _1 : t_Option'0 = any_l () ] + [ return' (result:t_Option'0)-> return' {result} ] + + + let rec promoted2__test_array'0 (return' (ret:t_Option'0))= bb0 + [ bb0 = s0 [ s0 = [ &_1 <- C_None'0 ] s1 | s1 = [ &_0 <- _1 ] s2 | s2 = return' {_0} ] ] + [ & _0 : t_Option'0 = any_l () | & _1 : t_Option'0 = any_l () ] + [ return' (result:t_Option'0)-> return' {result} ] + + + predicate inv'3 (_1 : array int32) + + axiom inv_axiom'3 [@rewrite] : forall x : array int32 [inv'3 x] . inv'3 x = true + + predicate into_iter_pre'0 (self : array int32) = + [%#sarray13] true + + type t_ManuallyDrop'0 = + { t_ManuallyDrop__value'0: int32 } + + type t_MaybeUninit'0 = + { t_MaybeUninit__uninit'0: (); t_MaybeUninit__value'0: t_ManuallyDrop'0 } + + type t_IndexRange'0 = + { t_IndexRange__start'0: usize; t_IndexRange__end'0: usize } + + type t_IntoIter'0 = + { t_IntoIter__data'0: array (t_MaybeUninit'0); t_IntoIter__alive'0: t_IndexRange'0 } + + predicate inv'4 (_1 : t_IntoIter'0) + + axiom inv_axiom'4 [@rewrite] : forall x : t_IntoIter'0 [inv'4 x] . inv'4 x = true + + use prelude.prelude.Slice + + function view'3 (self : t_IntoIter'0) : Seq.seq int32 + + predicate into_iter_post'0 (self : array int32) (res : t_IntoIter'0) = + [%#sarray14] Slice.id self = view'3 res + + let rec into_iter'0 (self:array int32) (return' (ret:t_IntoIter'0))= {[@expl:into_iter 'self' type invariant] inv'3 self} + {[@expl:into_iter requires] [%#siter8] into_iter_pre'0 self} + any + [ return' (result:t_IntoIter'0)-> {inv'4 result} {[%#siter8] into_iter_post'0 self result} (! return' {result}) ] + + + predicate inv'5 (_1 : borrowed (t_IntoIter'0)) + + axiom inv_axiom'5 [@rewrite] : forall x : borrowed (t_IntoIter'0) [inv'5 x] . inv'5 x = true + + type t_Option'1 = + | C_None'1 + | C_Some'1 int32 + + predicate inv'6 (_1 : t_Option'1) + + axiom inv_axiom'6 [@rewrite] : forall x : t_Option'1 [inv'6 x] . inv'6 x = true + + use seq.Seq + + predicate produces'1 (self : t_IntoIter'0) (visited : Seq.seq int32) (o : t_IntoIter'0) = + [%#sarray16] view'3 self = Seq.(++) visited (view'3 o) + + function produces_trans'1 (a : t_IntoIter'0) (ab : Seq.seq int32) (b : t_IntoIter'0) (bc : Seq.seq int32) (c : t_IntoIter'0) : () + + = + [%#sarray35] () + + axiom produces_trans'1_spec : forall a : t_IntoIter'0, ab : Seq.seq int32, b : t_IntoIter'0, bc : Seq.seq int32, c : t_IntoIter'0 . ([%#sarray32] produces'1 a ab b) + -> ([%#sarray33] produces'1 b bc c) -> ([%#sarray34] produces'1 a (Seq.(++) ab bc) c) + + function produces_refl'1 (self : t_IntoIter'0) : () = + [%#sarray31] () + + axiom produces_refl'1_spec : forall self : t_IntoIter'0 . [%#sarray30] produces'1 self (Seq.empty : Seq.seq int32) self + + predicate resolve'1 (self : borrowed (t_IntoIter'0)) = + [%#sresolve23] self.final = self.current + + function view'4 (self : borrowed (t_IntoIter'0)) : Seq.seq int32 = + [%#smodel24] view'3 self.current + + predicate completed'1 (self : borrowed (t_IntoIter'0)) = + [%#sarray15] resolve'1 self /\ view'4 self = (Seq.empty : Seq.seq int32) + + use seq.Seq + + let rec next'1 (self:borrowed (t_IntoIter'0)) (return' (ret:t_Option'1))= {[@expl:next 'self' type invariant] inv'5 self} + any + [ return' (result:t_Option'1)-> {inv'6 result} + {[%#siter4] match result with + | C_None'1 -> completed'1 self + | C_Some'1 v -> produces'1 self.current (Seq.singleton v) self.final + end} + (! return' {result}) ] + + + let rec promoted1__test_array'0 (return' (ret:t_Option'1))= bb0 + [ bb0 = s0 + [ s0 = [ &_1 <- C_Some'1 ([%#sarray9] (1 : int32)) ] s1 | s1 = [ &_0 <- _1 ] s2 | s2 = return' {_0} ] + ] + [ & _0 : t_Option'1 = any_l () | & _1 : t_Option'1 = any_l () ] + [ return' (result:t_Option'1)-> return' {result} ] + + + predicate inv'7 (_1 : t_Option'1) + + axiom inv_axiom'7 [@rewrite] : forall x : t_Option'1 [inv'7 x] . inv'7 x = true + + function deep_model'3 (self : t_Option'1) : t_Option'2 = + [%#soption29] match self with + | C_Some'1 t -> C_Some'2 (deep_model'5 t) + | C_None'1 -> C_None'2 + end + + function deep_model'1 (self : t_Option'1) : t_Option'2 = + [%#smodel12] deep_model'3 self + + let rec eq'1 (self:t_Option'1) (other:t_Option'1) (return' (ret:bool))= {[@expl:eq 'self' type invariant] inv'7 self} + {[@expl:eq 'other' type invariant] inv'7 other} + any + [ return' (result:bool)-> {[%#soption6] result = (deep_model'1 self = deep_model'1 other)} (! return' {result}) ] + + + let rec promoted0__test_array'0 (return' (ret:t_Option'1))= bb0 + [ bb0 = s0 [ s0 = [ &_1 <- C_None'1 ] s1 | s1 = [ &_0 <- _1 ] s2 | s2 = return' {_0} ] ] + [ & _0 : t_Option'1 = any_l () | & _1 : t_Option'1 = any_l () ] + [ return' (result:t_Option'1)-> return' {result} ] + + + type t_AssertKind'0 = + | C_Eq'0 + | C_Ne'0 + | C_Match'0 + + meta "compute_max_steps" 1000000 + + let rec test_array'0 (_1:()) (return' (ret:()))= (! bb0 + [ bb0 = s0 + [ s0 = promoted5__test_array'0 (fun (pr5:array int32) -> [ &_121 <- pr5 ] s1) + | s1 = iter'0 {_121} (fun (_ret':t_Iter'0) -> [ &a <- _ret' ] s2) + | s2 = bb1 ] + + | bb1 = s0 + [ s0 = Borrow.borrow_mut {a} + (fun (_ret':borrowed (t_Iter'0)) -> [ &_9 <- _ret' ] [ &a <- _ret'.final ] s1) + | s1 = next'0 {_9} (fun (_ret':t_Option'0) -> [ &_8 <- _ret' ] s2) + | s2 = bb2 ] + + | bb2 = s0 + [ s0 = promoted4__test_array'0 (fun (pr4:t_Option'0) -> [ &_120 <- pr4 ] s1) + | s1 = [ &_6 <- (_8, _120) ] s2 + | s2 = [ &left_val <- let (r'0, _) = _6 in r'0 ] s3 + | s3 = [ &right_val <- let (_, r'1) = _6 in r'1 ] s4 + | s4 = eq'0 {left_val} {right_val} (fun (_ret':bool) -> [ &_16 <- _ret' ] s5) + | s5 = bb3 ] + + | bb3 = any [ br0 -> {_16 = false} (! bb5) | br1 -> {_16} (! bb4) ] + | bb4 = s0 + [ s0 = Borrow.borrow_mut {a} + (fun (_ret':borrowed (t_Iter'0)) -> [ &_32 <- _ret' ] [ &a <- _ret'.final ] s1) + | s1 = next'0 {_32} (fun (_ret':t_Option'0) -> [ &_31 <- _ret' ] s2) + | s2 = bb6 ] + + | bb6 = s0 + [ s0 = promoted3__test_array'0 (fun (pr3:t_Option'0) -> [ &_119 <- pr3 ] s1) + | s1 = [ &_29 <- (_31, _119) ] s2 + | s2 = [ &left_val1 <- let (r'0, _) = _29 in r'0 ] s3 + | s3 = [ &right_val1 <- let (_, r'1) = _29 in r'1 ] s4 + | s4 = eq'0 {left_val1} {right_val1} (fun (_ret':bool) -> [ &_39 <- _ret' ] s5) + | s5 = bb7 ] + + | bb7 = any [ br0 -> {_39 = false} (! bb9) | br1 -> {_39} (! bb8) ] + | bb8 = s0 + [ s0 = Borrow.borrow_mut {a} + (fun (_ret':borrowed (t_Iter'0)) -> [ &_55 <- _ret' ] [ &a <- _ret'.final ] s1) + | s1 = next'0 {_55} (fun (_ret':t_Option'0) -> [ &_54 <- _ret' ] s2) + | s2 = bb10 ] + + | bb10 = s0 + [ s0 = promoted2__test_array'0 (fun (pr2:t_Option'0) -> [ &_118 <- pr2 ] s1) + | s1 = [ &_52 <- (_54, _118) ] s2 + | s2 = [ &left_val2 <- let (r'0, _) = _52 in r'0 ] s3 + | s3 = [ &right_val2 <- let (_, r'1) = _52 in r'1 ] s4 + | s4 = eq'0 {left_val2} {right_val2} (fun (_ret':bool) -> [ &_60 <- _ret' ] s5) + | s5 = bb11 ] + + | bb11 = any [ br0 -> {_60 = false} (! bb13) | br1 -> {_60} (! bb12) ] + | bb12 = s0 + [ s0 = any + [ any_ (__arr_temp:array int32)-> (! -{Seq.get __arr_temp.elts 0 = ([%#sarray0] (1 : int32)) + /\ Seq.length __arr_temp.elts = 1}- + [ &_73 <- __arr_temp ] + s1) ] + + | s1 = into_iter'0 {_73} (fun (_ret':t_IntoIter'0) -> [ &b <- _ret' ] s2) + | s2 = bb14 ] + + | bb14 = s0 + [ s0 = Borrow.borrow_mut {b} + (fun (_ret':borrowed (t_IntoIter'0)) -> [ &_78 <- _ret' ] [ &b <- _ret'.final ] s1) + | s1 = next'1 {_78} (fun (_ret':t_Option'1) -> [ &_77 <- _ret' ] s2) + | s2 = bb15 ] + + | bb15 = s0 + [ s0 = promoted1__test_array'0 (fun (pr1:t_Option'1) -> [ &_117 <- pr1 ] s1) + | s1 = [ &_75 <- (_77, _117) ] s2 + | s2 = [ &left_val3 <- let (r'0, _) = _75 in r'0 ] s3 + | s3 = [ &right_val3 <- let (_, r'1) = _75 in r'1 ] s4 + | s4 = eq'1 {left_val3} {right_val3} (fun (_ret':bool) -> [ &_83 <- _ret' ] s5) + | s5 = bb16 ] + + | bb16 = any [ br0 -> {_83 = false} (! bb18) | br1 -> {_83} (! bb17) ] + | bb17 = s0 + [ s0 = Borrow.borrow_mut {b} + (fun (_ret':borrowed (t_IntoIter'0)) -> [ &_99 <- _ret' ] [ &b <- _ret'.final ] s1) + | s1 = next'1 {_99} (fun (_ret':t_Option'1) -> [ &_98 <- _ret' ] s2) + | s2 = bb19 ] + + | bb19 = s0 + [ s0 = promoted0__test_array'0 (fun (pr0:t_Option'1) -> [ &_116 <- pr0 ] s1) + | s1 = [ &_96 <- (_98, _116) ] s2 + | s2 = [ &left_val4 <- let (r'0, _) = _96 in r'0 ] s3 + | s3 = [ &right_val4 <- let (_, r'1) = _96 in r'1 ] s4 + | s4 = eq'1 {left_val4} {right_val4} (fun (_ret':bool) -> [ &_104 <- _ret' ] s5) + | s5 = bb20 ] + + | bb20 = any [ br0 -> {_104 = false} (! bb22) | br1 -> {_104} (! bb21) ] + | bb21 = bb23 + | bb23 = return' {_0} + | bb22 = s0 + [ s0 = [ &kind4 <- C_Eq'0 ] s1 + | s1 = [ &_112 <- left_val4 ] s2 + | s2 = [ &_114 <- right_val4 ] s3 + | s3 = {false} any ] + + | bb18 = s0 + [ s0 = [ &kind3 <- C_Eq'0 ] s1 + | s1 = [ &_91 <- left_val3 ] s2 + | s2 = [ &_93 <- right_val3 ] s3 + | s3 = {false} any ] + + | bb13 = s0 + [ s0 = [ &kind2 <- C_Eq'0 ] s1 + | s1 = [ &_68 <- left_val2 ] s2 + | s2 = [ &_70 <- right_val2 ] s3 + | s3 = {false} any ] + + | bb9 = s0 + [ s0 = [ &kind1 <- C_Eq'0 ] s1 + | s1 = [ &_47 <- left_val1 ] s2 + | s2 = [ &_49 <- right_val1 ] s3 + | s3 = {false} any ] + + | bb5 = s0 + [ s0 = [ &kind <- C_Eq'0 ] s1 + | s1 = [ &_24 <- left_val ] s2 + | s2 = [ &_26 <- right_val ] s3 + | s3 = {false} any ] + ] + ) + [ & _0 : () = any_l () + | & a : t_Iter'0 = any_l () + | & _6 : (t_Option'0, t_Option'0) = any_l () + | & _8 : t_Option'0 = any_l () + | & _9 : borrowed (t_Iter'0) = any_l () + | & left_val : t_Option'0 = any_l () + | & right_val : t_Option'0 = any_l () + | & _16 : bool = any_l () + | & kind : t_AssertKind'0 = any_l () + | & _24 : t_Option'0 = any_l () + | & _26 : t_Option'0 = any_l () + | & _29 : (t_Option'0, t_Option'0) = any_l () + | & _31 : t_Option'0 = any_l () + | & _32 : borrowed (t_Iter'0) = any_l () + | & left_val1 : t_Option'0 = any_l () + | & right_val1 : t_Option'0 = any_l () + | & _39 : bool = any_l () + | & kind1 : t_AssertKind'0 = any_l () + | & _47 : t_Option'0 = any_l () + | & _49 : t_Option'0 = any_l () + | & _52 : (t_Option'0, t_Option'0) = any_l () + | & _54 : t_Option'0 = any_l () + | & _55 : borrowed (t_Iter'0) = any_l () + | & left_val2 : t_Option'0 = any_l () + | & right_val2 : t_Option'0 = any_l () + | & _60 : bool = any_l () + | & kind2 : t_AssertKind'0 = any_l () + | & _68 : t_Option'0 = any_l () + | & _70 : t_Option'0 = any_l () + | & b : t_IntoIter'0 = any_l () + | & _73 : array int32 = any_l () + | & _75 : (t_Option'1, t_Option'1) = any_l () + | & _77 : t_Option'1 = any_l () + | & _78 : borrowed (t_IntoIter'0) = any_l () + | & left_val3 : t_Option'1 = any_l () + | & right_val3 : t_Option'1 = any_l () + | & _83 : bool = any_l () + | & kind3 : t_AssertKind'0 = any_l () + | & _91 : t_Option'1 = any_l () + | & _93 : t_Option'1 = any_l () + | & _96 : (t_Option'1, t_Option'1) = any_l () + | & _98 : t_Option'1 = any_l () + | & _99 : borrowed (t_IntoIter'0) = any_l () + | & left_val4 : t_Option'1 = any_l () + | & right_val4 : t_Option'1 = any_l () + | & _104 : bool = any_l () + | & kind4 : t_AssertKind'0 = any_l () + | & _112 : t_Option'1 = any_l () + | & _114 : t_Option'1 = any_l () + | & _116 : t_Option'1 = any_l () + | & _117 : t_Option'1 = any_l () + | & _118 : t_Option'0 = any_l () + | & _119 : t_Option'0 = any_l () + | & _120 : t_Option'0 = any_l () + | & _121 : array int32 = any_l () ] + [ return' (result:())-> (! return' {result}) ] +end diff --git a/creusot/tests/should_succeed/cc/array.rs b/creusot/tests/should_succeed/cc/array.rs new file mode 100644 index 000000000..66673b127 --- /dev/null +++ b/creusot/tests/should_succeed/cc/array.rs @@ -0,0 +1,12 @@ +extern crate creusot_contracts; + +pub fn test_array() { + let mut a = [1, 2].iter(); + assert_eq!(a.next(), Some(&1)); + assert_eq!(a.next(), Some(&2)); + assert_eq!(a.next(), None); + + let mut b = ::std::iter::IntoIterator::into_iter([1]); + assert_eq!(b.next(), Some(1)); + assert_eq!(b.next(), None); +} diff --git a/creusot/tests/should_succeed/cc/array/why3session.xml b/creusot/tests/should_succeed/cc/array/why3session.xml new file mode 100644 index 000000000..1e7fdacb8 --- /dev/null +++ b/creusot/tests/should_succeed/cc/array/why3session.xml @@ -0,0 +1,14 @@ + + + + + + + + + + + + + diff --git a/creusot/tests/should_succeed/cc/array/why3shapes.gz b/creusot/tests/should_succeed/cc/array/why3shapes.gz new file mode 100644 index 0000000000000000000000000000000000000000..345b77a22a589fbfa0bf9ed52fd2866634a97797 GIT binary patch literal 645 zcmV;00($))iwFP!00000|9zEBbDJ;_hVT3e-`pk_tt7rW@xhZBjW{%yb~L>)3djyq z8*Cs>`|rErLqI}vTfN$SrDwguU+y-|i@umpAKzXoRrrU!uqPW=W-Fn928opw9?xn8s*UU7y?d$t{6{twX$y^RU zC_ZL|%UU4XoGYw$i*+2EM(5J>EAK2hMTYp#v*U3Umoa3$|h0jQ%?nY#t zG@6r!mV8DEjuh5O2Ww&T?2BtnonES@wQm8Dr?x@G z()Dk46i5bLOIa|r6yvp)qWNN696Y&B1_Kgxd&3%Q7wseqW*RGoH+F+V=C7141_!(2 z28SqXJAA{KFM5*MaIp2^KoWRQ(i>*T?*pBl6e0BAk33cdIkUhD0Dq9 literal 0 HcmV?d00001 diff --git a/creusot/tests/should_succeed/cc/iter.coma b/creusot/tests/should_succeed/cc/iter.coma new file mode 100644 index 000000000..ddb4b17c1 --- /dev/null +++ b/creusot/tests/should_succeed/cc/iter.coma @@ -0,0 +1,335 @@ +module M_iter__test_mut_ref [#"iter.rs" 3 0 3 21] + let%span siter0 = "iter.rs" 4 17 4 18 + let%span siter1 = "iter.rs" 4 20 4 21 + let%span sslice2 = "../../../../creusot-contracts/src/std/slice.rs" 245 0 354 1 + let%span siter3 = "../../../../creusot-contracts/src/std/iter.rs" 103 26 106 17 + let%span siter4 = "iter.rs" 5 38 5 39 + let%span soption5 = "../../../../creusot-contracts/src/std/option.rs" 23 26 23 75 + let%span siter6 = "iter.rs" 6 38 6 39 + let%span sslice7 = "../../../../creusot-contracts/src/std/slice.rs" 398 20 398 61 + let%span sslice8 = "../../../../creusot-contracts/src/std/slice.rs" 405 12 405 66 + let%span sresolve9 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 + let%span smodel10 = "../../../../creusot-contracts/src/model.rs" 83 8 83 28 + let%span sslice11 = "../../../../creusot-contracts/src/std/slice.rs" 411 14 411 45 + let%span sslice12 = "../../../../creusot-contracts/src/std/slice.rs" 409 4 409 10 + let%span sslice13 = "../../../../creusot-contracts/src/std/slice.rs" 416 15 416 32 + let%span sslice14 = "../../../../creusot-contracts/src/std/slice.rs" 417 15 417 32 + let%span sslice15 = "../../../../creusot-contracts/src/std/slice.rs" 418 14 418 42 + let%span sslice16 = "../../../../creusot-contracts/src/std/slice.rs" 414 4 414 10 + let%span smodel17 = "../../../../creusot-contracts/src/model.rs" 110 8 110 22 + let%span sslice18 = "../../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 + let%span sslice19 = "../../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 + let%span sslice20 = "../../../../creusot-contracts/src/std/slice.rs" 96 14 96 41 + let%span sslice21 = "../../../../creusot-contracts/src/std/slice.rs" 97 14 97 80 + let%span soption22 = "../../../../creusot-contracts/src/std/option.rs" 11 8 14 9 + let%span smodel23 = "../../../../creusot-contracts/src/model.rs" 92 8 92 22 + let%span sindex24 = "../../../../creusot-contracts/src/logic/ops/index.rs" 49 8 49 31 + let%span snum25 = "../../../../creusot-contracts/src/std/num.rs" 21 28 21 33 + + use prelude.prelude.Slice + + use prelude.prelude.Int32 + + use prelude.prelude.Borrow + + use prelude.prelude.Intrinsic + + let rec promoted3__test_mut_ref'0 (return' (ret:array int32))= bb0 + [ bb0 = s0 + [ s0 = any + [ any_ (__arr_temp:array int32)-> (! -{Seq.get __arr_temp.elts 0 = ([%#siter0] (1 : int32)) + /\ Seq.get __arr_temp.elts 1 = ([%#siter1] (2 : int32)) /\ Seq.length __arr_temp.elts = 2}- + [ &_1 <- __arr_temp ] + s1) ] + + | s1 = [ &_0 <- _1 ] s2 + | s2 = return' {_0} ] + ] + [ & _0 : array int32 = any_l () | & _1 : array int32 = any_l () ] + [ return' (result:array int32)-> return' {result} ] + + + predicate inv'0 (_1 : slice int32) + + axiom inv_axiom'0 [@rewrite] : forall x : slice int32 [inv'0 x] . inv'0 x = true + + use prelude.prelude.Opaque + + type t_NonNull'0 = + { t_NonNull__pointer'0: opaque_ptr } + + type t_Iter'0 = + { t_Iter__ptr'0: t_NonNull'0; t_Iter__end_or_len'0: opaque_ptr; t_Iter__qy95zmarker'0: () } + + function view'0 (self : t_Iter'0) : slice int32 + + let rec iter'0 (self:slice int32) (return' (ret:t_Iter'0))= {[@expl:iter 'self' type invariant] inv'0 self} + any [ return' (result:t_Iter'0)-> {[%#sslice2] view'0 result = self} (! return' {result}) ] + + type t_Option'0 = + | C_None'0 + | C_Some'0 int32 + + predicate inv'1 (_1 : t_Option'0) + + axiom inv_axiom'1 [@rewrite] : forall x : t_Option'0 [inv'1 x] . inv'1 x = true + + use seq.Seq + + use seq.Seq + + use seq.Seq + + use seq.Seq + + use prelude.prelude.UIntSize + + constant v_MAX'0 : usize = (18446744073709551615 : usize) + + use prelude.prelude.UIntSize + + use prelude.prelude.Int + + use prelude.prelude.Slice + + function view'2 (self : slice int32) : Seq.seq int32 + + axiom view'2_spec : forall self : slice int32 . ([%#sslice18] Seq.length (view'2 self) + <= UIntSize.to_int (v_MAX'0 : usize)) + && ([%#sslice19] view'2 self = Slice.id self) + + function view'3 (self : slice int32) : Seq.seq int32 = + [%#smodel23] view'2 self + + use seq.Seq + + use seq.Seq + + function index_logic'0 [@inline:trivial] (self : slice int32) (ix : int) : int32 = + [%#sindex24] Seq.get (view'2 self) ix + + function to_ref_seq'0 (self : slice int32) : Seq.seq int32 + + axiom to_ref_seq'0_spec : forall self : slice int32 . ([%#sslice20] Seq.length (to_ref_seq'0 self) + = Seq.length (view'3 self)) + && ([%#sslice21] forall i : int . 0 <= i /\ i < Seq.length (to_ref_seq'0 self) + -> Seq.get (to_ref_seq'0 self) i = index_logic'0 self i) + + use seq.Seq + + use seq.Seq + + predicate produces'0 (self : t_Iter'0) (visited : Seq.seq int32) (tl : t_Iter'0) = + [%#sslice8] to_ref_seq'0 (view'0 self) = Seq.(++) visited (to_ref_seq'0 (view'0 tl)) + + function produces_trans'0 (a : t_Iter'0) (ab : Seq.seq int32) (b : t_Iter'0) (bc : Seq.seq int32) (c : t_Iter'0) : () + = + [%#sslice16] () + + axiom produces_trans'0_spec : forall a : t_Iter'0, ab : Seq.seq int32, b : t_Iter'0, bc : Seq.seq int32, c : t_Iter'0 . ([%#sslice13] produces'0 a ab b) + -> ([%#sslice14] produces'0 b bc c) -> ([%#sslice15] produces'0 a (Seq.(++) ab bc) c) + + function produces_refl'0 (self : t_Iter'0) : () = + [%#sslice12] () + + axiom produces_refl'0_spec : forall self : t_Iter'0 . [%#sslice11] produces'0 self (Seq.empty : Seq.seq int32) self + + predicate resolve'1 (self : borrowed (t_Iter'0)) = + [%#sresolve9] self.final = self.current + + function view'1 (self : borrowed (t_Iter'0)) : slice int32 = + [%#smodel17] view'0 self.current + + use seq.Seq + + predicate completed'0 (self : borrowed (t_Iter'0)) = + [%#sslice7] resolve'1 self /\ view'2 (view'1 self) = (Seq.empty : Seq.seq int32) + + use seq.Seq + + let rec next'0 (self:borrowed (t_Iter'0)) (return' (ret:t_Option'0))= any + [ return' (result:t_Option'0)-> {inv'1 result} + {[%#siter3] match result with + | C_None'0 -> completed'0 self + | C_Some'0 v -> produces'0 self.current (Seq.singleton v) self.final + end} + (! return' {result}) ] + + + predicate resolve'0 (_1 : borrowed (t_Iter'0)) = + resolve'1 _1 + + let rec promoted2__test_mut_ref'0 (return' (ret:t_Option'0))= bb0 + [ bb0 = s0 [ s0 = [ &_1 <- C_Some'0 ([%#siter4] (1 : int32)) ] s1 | s1 = [ &_0 <- _1 ] s2 | s2 = return' {_0} ] ] + [ & _0 : t_Option'0 = any_l () | & _1 : t_Option'0 = any_l () ] + [ return' (result:t_Option'0)-> return' {result} ] + + + predicate inv'2 (_1 : t_Option'0) + + axiom inv_axiom'2 [@rewrite] : forall x : t_Option'0 [inv'2 x] . inv'2 x = true + + type t_Option'1 = + | C_None'1 + | C_Some'1 int + + use prelude.prelude.Int32 + + function deep_model'3 (self : int32) : int = + [%#snum25] Int32.to_int self + + function deep_model'2 (self : int32) : int = + [%#smodel10] deep_model'3 self + + function deep_model'1 (self : t_Option'0) : t_Option'1 = + [%#soption22] match self with + | C_Some'0 t -> C_Some'1 (deep_model'2 t) + | C_None'0 -> C_None'1 + end + + function deep_model'0 (self : t_Option'0) : t_Option'1 = + [%#smodel10] deep_model'1 self + + let rec eq'0 (self:t_Option'0) (other:t_Option'0) (return' (ret:bool))= {[@expl:eq 'self' type invariant] inv'2 self} + {[@expl:eq 'other' type invariant] inv'2 other} + any + [ return' (result:bool)-> {[%#soption5] result = (deep_model'0 self = deep_model'0 other)} (! return' {result}) ] + + + let rec promoted1__test_mut_ref'0 (return' (ret:t_Option'0))= bb0 + [ bb0 = s0 [ s0 = [ &_1 <- C_Some'0 ([%#siter6] (2 : int32)) ] s1 | s1 = [ &_0 <- _1 ] s2 | s2 = return' {_0} ] ] + [ & _0 : t_Option'0 = any_l () | & _1 : t_Option'0 = any_l () ] + [ return' (result:t_Option'0)-> return' {result} ] + + + let rec promoted0__test_mut_ref'0 (return' (ret:t_Option'0))= bb0 + [ bb0 = s0 [ s0 = [ &_1 <- C_None'0 ] s1 | s1 = [ &_0 <- _1 ] s2 | s2 = return' {_0} ] ] + [ & _0 : t_Option'0 = any_l () | & _1 : t_Option'0 = any_l () ] + [ return' (result:t_Option'0)-> return' {result} ] + + + type t_AssertKind'0 = + | C_Eq'0 + | C_Ne'0 + | C_Match'0 + + meta "compute_max_steps" 1000000 + + let rec test_mut_ref'0 (_1:()) (return' (ret:()))= (! bb0 + [ bb0 = s0 + [ s0 = promoted3__test_mut_ref'0 (fun (pr3:array int32) -> [ &_78 <- pr3 ] s1) + | s1 = iter'0 {_78} (fun (_ret':t_Iter'0) -> [ &a <- _ret' ] s2) + | s2 = bb1 ] + + | bb1 = s0 + [ s0 = Borrow.borrow_mut {a} + (fun (_ret':borrowed (t_Iter'0)) -> [ &_10 <- _ret' ] [ &a <- _ret'.final ] s1) + | s1 = Borrow.borrow_final {_10.current} {Borrow.get_id _10} + (fun (_ret':borrowed (t_Iter'0)) -> [ &_9 <- _ret' ] [ &_10 <- { _10 with current = _ret'.final } ] s2) + | s2 = next'0 {_9} (fun (_ret':t_Option'0) -> [ &_8 <- _ret' ] s3) + | s3 = bb2 ] + + | bb2 = s0 + [ s0 = -{resolve'0 _10}- s1 + | s1 = promoted2__test_mut_ref'0 (fun (pr2:t_Option'0) -> [ &_77 <- pr2 ] s2) + | s2 = [ &_6 <- (_8, _77) ] s3 + | s3 = [ &left_val <- let (r'0, _) = _6 in r'0 ] s4 + | s4 = [ &right_val <- let (_, r'1) = _6 in r'1 ] s5 + | s5 = eq'0 {left_val} {right_val} (fun (_ret':bool) -> [ &_17 <- _ret' ] s6) + | s6 = bb3 ] + + | bb3 = any [ br0 -> {_17 = false} (! bb5) | br1 -> {_17} (! bb4) ] + | bb4 = s0 + [ s0 = Borrow.borrow_mut {a} + (fun (_ret':borrowed (t_Iter'0)) -> [ &_34 <- _ret' ] [ &a <- _ret'.final ] s1) + | s1 = Borrow.borrow_final {_34.current} {Borrow.get_id _34} + (fun (_ret':borrowed (t_Iter'0)) -> [ &_33 <- _ret' ] [ &_34 <- { _34 with current = _ret'.final } ] s2) + | s2 = next'0 {_33} (fun (_ret':t_Option'0) -> [ &_32 <- _ret' ] s3) + | s3 = bb6 ] + + | bb6 = s0 + [ s0 = -{resolve'0 _34}- s1 + | s1 = promoted1__test_mut_ref'0 (fun (pr1:t_Option'0) -> [ &_76 <- pr1 ] s2) + | s2 = [ &_30 <- (_32, _76) ] s3 + | s3 = [ &left_val1 <- let (r'0, _) = _30 in r'0 ] s4 + | s4 = [ &right_val1 <- let (_, r'1) = _30 in r'1 ] s5 + | s5 = eq'0 {left_val1} {right_val1} (fun (_ret':bool) -> [ &_41 <- _ret' ] s6) + | s6 = bb7 ] + + | bb7 = any [ br0 -> {_41 = false} (! bb9) | br1 -> {_41} (! bb8) ] + | bb8 = s0 + [ s0 = Borrow.borrow_mut {a} + (fun (_ret':borrowed (t_Iter'0)) -> [ &_58 <- _ret' ] [ &a <- _ret'.final ] s1) + | s1 = Borrow.borrow_final {_58.current} {Borrow.get_id _58} + (fun (_ret':borrowed (t_Iter'0)) -> [ &_57 <- _ret' ] [ &_58 <- { _58 with current = _ret'.final } ] s2) + | s2 = next'0 {_57} (fun (_ret':t_Option'0) -> [ &_56 <- _ret' ] s3) + | s3 = bb10 ] + + | bb10 = s0 + [ s0 = -{resolve'0 _58}- s1 + | s1 = promoted0__test_mut_ref'0 (fun (pr0:t_Option'0) -> [ &_75 <- pr0 ] s2) + | s2 = [ &_54 <- (_56, _75) ] s3 + | s3 = [ &left_val2 <- let (r'0, _) = _54 in r'0 ] s4 + | s4 = [ &right_val2 <- let (_, r'1) = _54 in r'1 ] s5 + | s5 = eq'0 {left_val2} {right_val2} (fun (_ret':bool) -> [ &_63 <- _ret' ] s6) + | s6 = bb11 ] + + | bb11 = any [ br0 -> {_63 = false} (! bb13) | br1 -> {_63} (! bb12) ] + | bb12 = return' {_0} + | bb13 = s0 + [ s0 = [ &kind2 <- C_Eq'0 ] s1 + | s1 = [ &_71 <- left_val2 ] s2 + | s2 = [ &_73 <- right_val2 ] s3 + | s3 = {false} any ] + + | bb9 = s0 + [ s0 = [ &kind1 <- C_Eq'0 ] s1 + | s1 = [ &_49 <- left_val1 ] s2 + | s2 = [ &_51 <- right_val1 ] s3 + | s3 = {false} any ] + + | bb5 = s0 + [ s0 = [ &kind <- C_Eq'0 ] s1 + | s1 = [ &_25 <- left_val ] s2 + | s2 = [ &_27 <- right_val ] s3 + | s3 = {false} any ] + ] + ) + [ & _0 : () = any_l () + | & a : t_Iter'0 = any_l () + | & _6 : (t_Option'0, t_Option'0) = any_l () + | & _8 : t_Option'0 = any_l () + | & _9 : borrowed (t_Iter'0) = any_l () + | & _10 : borrowed (t_Iter'0) = any_l () + | & left_val : t_Option'0 = any_l () + | & right_val : t_Option'0 = any_l () + | & _17 : bool = any_l () + | & kind : t_AssertKind'0 = any_l () + | & _25 : t_Option'0 = any_l () + | & _27 : t_Option'0 = any_l () + | & _30 : (t_Option'0, t_Option'0) = any_l () + | & _32 : t_Option'0 = any_l () + | & _33 : borrowed (t_Iter'0) = any_l () + | & _34 : borrowed (t_Iter'0) = any_l () + | & left_val1 : t_Option'0 = any_l () + | & right_val1 : t_Option'0 = any_l () + | & _41 : bool = any_l () + | & kind1 : t_AssertKind'0 = any_l () + | & _49 : t_Option'0 = any_l () + | & _51 : t_Option'0 = any_l () + | & _54 : (t_Option'0, t_Option'0) = any_l () + | & _56 : t_Option'0 = any_l () + | & _57 : borrowed (t_Iter'0) = any_l () + | & _58 : borrowed (t_Iter'0) = any_l () + | & left_val2 : t_Option'0 = any_l () + | & right_val2 : t_Option'0 = any_l () + | & _63 : bool = any_l () + | & kind2 : t_AssertKind'0 = any_l () + | & _71 : t_Option'0 = any_l () + | & _73 : t_Option'0 = any_l () + | & _75 : t_Option'0 = any_l () + | & _76 : t_Option'0 = any_l () + | & _77 : t_Option'0 = any_l () + | & _78 : array int32 = any_l () ] + [ return' (result:())-> (! return' {result}) ] +end diff --git a/creusot/tests/should_succeed/cc/iter.rs b/creusot/tests/should_succeed/cc/iter.rs new file mode 100644 index 000000000..a74861d6f --- /dev/null +++ b/creusot/tests/should_succeed/cc/iter.rs @@ -0,0 +1,8 @@ +extern crate creusot_contracts; + +pub fn test_mut_ref() { + let mut a = [1, 2].iter(); + assert_eq!((&mut a).next(), Some(&1)); + assert_eq!((&mut a).next(), Some(&2)); + assert_eq!((&mut a).next(), None); +} diff --git a/creusot/tests/should_succeed/cc/iter/why3session.xml b/creusot/tests/should_succeed/cc/iter/why3session.xml new file mode 100644 index 000000000..64f15028f --- /dev/null +++ b/creusot/tests/should_succeed/cc/iter/why3session.xml @@ -0,0 +1,14 @@ + + + + + + + + + + + + + diff --git a/creusot/tests/should_succeed/cc/iter/why3shapes.gz b/creusot/tests/should_succeed/cc/iter/why3shapes.gz new file mode 100644 index 0000000000000000000000000000000000000000..4834e6dcaadb93d25cd48f95b5918685fb52050b GIT binary patch literal 517 zcmV+g0{Z)idZ{L zFtUL-?Z5BxWlSNttzPZE(mt$scwCgP`i$k`iba{){QJUNJbrVki%#?Fk|`$ppx3zK zvJV`+(bp6|mY_hViGr!Kr8wOrsKF7ZP4Lb+s` z;Ga0N$JDe+q@PLd?8fQ!L53+;ZuMq9V{{Fn1f6>>Z1Qffr0tb{dQzSW)H=GC{fV-o zEPq_fna0z(`b&ZAses}gmO66wbgKmM9G`508P$M4TI*fBw>d7^<*;q5Zc4YNibxk& z+U!cAez8SiKQLLI-V}HWTm`FWr;Rmp)s*8jnQYXxx8p{Qt#z5^M>4dz zf}pn8#Xs$d(o}Pw_OpX8rHu4OfzZE-ciisVSn90AXwo_S-+Ak3;4)aqfkMA~;{cy> z;7vR1D-P5vpXK1TweuX@dk*W`;*JB{I6%jN2LlI+=Q;4n1azJ9%V06(zJz}p$H-5A#?r#?cI-i H;RFBxb=3~Z literal 0 HcmV?d00001 diff --git a/creusot/tests/should_succeed/iterators/03_std_iterators.coma b/creusot/tests/should_succeed/iterators/03_std_iterators.coma index 8b0b49862..cb7da2c3f 100644 --- a/creusot/tests/should_succeed/iterators/03_std_iterators.coma +++ b/creusot/tests/should_succeed/iterators/03_std_iterators.coma @@ -1928,7 +1928,7 @@ module M_03_std_iterators__enumerate_range [#"03_std_iterators.rs" 72 0 72 24] let%span s03_std_iterators4 = "03_std_iterators.rs" 73 16 73 93 let%span s03_std_iterators5 = "03_std_iterators.rs" 74 4 74 7 let%span s03_std_iterators6 = "03_std_iterators.rs" 74 4 74 7 - let%span siter7 = "../../../../creusot-contracts/src/std/iter.rs" 150 27 150 93 + let%span siter7 = "../../../../creusot-contracts/src/std/iter.rs" 150 27 150 99 let%span siter8 = "../../../../creusot-contracts/src/std/iter.rs" 151 27 151 115 let%span siter9 = "../../../../creusot-contracts/src/std/iter.rs" 97 0 205 1 let%span sindex10 = "../../../../creusot-contracts/src/logic/ops/index.rs" 93 8 93 33 @@ -2276,7 +2276,7 @@ module M_03_std_iterators__my_reverse [#"03_std_iterators.rs" 94 0 94 37] let%span szip43 = "../../../../creusot-contracts/src/std/iter/zip.rs" 61 15 61 32 let%span szip44 = "../../../../creusot-contracts/src/std/iter/zip.rs" 62 14 62 42 let%span srange45 = "../../../../creusot-contracts/src/std/iter/range.rs" 22 12 26 70 - let%span szip46 = "../../../../creusot-contracts/src/std/iter/zip.rs" 32 12 37 71 + let%span szip46 = "../../../../creusot-contracts/src/std/iter/zip.rs" 32 12 37 74 let%span sresolve47 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 let%span srange48 = "../../../../creusot-contracts/src/std/iter/range.rs" 32 14 32 45 let%span srange49 = "../../../../creusot-contracts/src/std/iter/range.rs" 37 15 37 32