From f9ab71424471dca1735f19509add6d6892403dfd Mon Sep 17 00:00:00 2001 From: arnaudgolfouse Date: Mon, 11 Dec 2023 15:24:39 +0100 Subject: [PATCH] Change some tests to pass with final borrows --- creusot/tests/should_succeed/100doors.mlcfg | 2 +- creusot/tests/should_succeed/all_zero.mlcfg | 4 +- creusot/tests/should_succeed/bdd.mlcfg | 14 +- creusot/tests/should_succeed/bug/682.mlcfg | 2 +- creusot/tests/should_succeed/bug/766.mlcfg | 2 +- .../should_succeed/closures/01_basic.mlcfg | 2 +- .../should_succeed/closures/05_map.mlcfg | 2 +- creusot/tests/should_succeed/drop_pair.mlcfg | 2 +- creusot/tests/should_succeed/hashmap.mlcfg | 16 +- creusot/tests/should_succeed/hillel.mlcfg | 50 +- .../tests/should_succeed/index_range.mlcfg | 10 +- .../inplace_list_reversal.mlcfg | 2 +- .../should_succeed/invariant_moves.mlcfg | 2 +- .../iterators/02_iter_mut.mlcfg | 312 ++++++------ .../should_succeed/iterators/02_iter_mut.rs | 10 +- .../iterators/02_iter_mut/why3session.xml | 8 +- .../iterators/03_std_iterators.mlcfg | 110 ++--- .../should_succeed/iterators/04_skip.mlcfg | 4 +- .../should_succeed/iterators/05_map.mlcfg | 6 +- .../iterators/06_map_precond.mlcfg | 462 +++++++++--------- .../iterators/06_map_precond.rs | 1 - .../should_succeed/iterators/07_fuse.mlcfg | 6 +- .../iterators/08_collect_extend.mlcfg | 6 +- .../should_succeed/iterators/10_once.mlcfg | 2 +- .../should_succeed/iterators/12_zip.mlcfg | 6 +- .../should_succeed/iterators/13_cloned.mlcfg | 4 +- .../should_succeed/iterators/14_copied.mlcfg | 4 +- .../iterators/15_enumerate.mlcfg | 4 +- .../should_succeed/iterators/16_take.mlcfg | 4 +- .../tests/should_succeed/knapsack_full.mlcfg | 4 +- .../should_succeed/lang/branch_borrow_2.mlcfg | 10 +- .../tests/should_succeed/list_index_mut.mlcfg | 12 +- .../should_succeed/list_reversal_lasso.mlcfg | 20 +- .../tests/should_succeed/mapping_test.mlcfg | 2 +- .../should_succeed/projection_toggle.mlcfg | 14 +- .../tests/should_succeed/projections.mlcfg | 2 +- .../tests/should_succeed/red_black_tree.mlcfg | 116 ++--- .../tests/should_succeed/resolve_uninit.mlcfg | 8 +- creusot/tests/should_succeed/result/own.mlcfg | 8 +- .../should_succeed/rusthorn/inc_max.mlcfg | 14 +- .../should_succeed/rusthorn/inc_max_3.mlcfg | 18 +- .../rusthorn/inc_max_many.mlcfg | 14 +- .../rusthorn/inc_max_repeat.mlcfg | 16 +- .../rusthorn/inc_some_2_list.mlcfg | 8 +- .../rusthorn/inc_some_2_tree.mlcfg | 14 +- .../rusthorn/inc_some_list.mlcfg | 18 +- .../rusthorn/inc_some_tree.mlcfg | 24 +- .../selection_sort_generic.mlcfg | 4 +- .../tests/should_succeed/sparse_array.mlcfg | 6 +- .../tests/should_succeed/split_borrow.mlcfg | 2 +- creusot/tests/should_succeed/sum.mlcfg | 2 +- .../tests/should_succeed/sum_of_odds.mlcfg | 2 +- .../tests/should_succeed/swap_borrows.mlcfg | 2 +- .../should_succeed/syntax/05_pearlite.mlcfg | 4 +- .../tests/should_succeed/take_first_mut.mlcfg | 12 +- .../tests/should_succeed/take_first_mut.rs | 2 +- .../type_invariants/borrows.mlcfg | 40 +- creusot/tests/should_succeed/unnest.mlcfg | 2 +- creusot/tests/should_succeed/vector/01.mlcfg | 2 +- .../vector/03_knuth_shuffle.mlcfg | 2 +- .../vector/06_knights_tour.mlcfg | 52 +- .../should_succeed/vector/08_haystack.mlcfg | 4 +- .../should_succeed/vector/09_capacity.mlcfg | 4 +- 63 files changed, 761 insertions(+), 762 deletions(-) diff --git a/creusot/tests/should_succeed/100doors.mlcfg b/creusot/tests/should_succeed/100doors.mlcfg index 6c168f51b5..af9c28992c 100644 --- a/creusot/tests/should_succeed/100doors.mlcfg +++ b/creusot/tests/should_succeed/100doors.mlcfg @@ -1357,7 +1357,7 @@ module C100doors_F BB7 { _14 <- Borrow.borrow_mut iter; iter <- ^ _14; - _13 <- Borrow.borrow_mut ( * _14); + _13 <- Borrow.borrow_final ( * _14) (Borrow.get_id _14); _14 <- { _14 with current = ( ^ _13) ; }; _12 <- ([#"../100doors.rs" 20 4 20 41] Next0.next _13); _13 <- any borrowed (Core_Ops_Range_Range_Type.t_range usize); diff --git a/creusot/tests/should_succeed/all_zero.mlcfg b/creusot/tests/should_succeed/all_zero.mlcfg index ba88e33b32..4e919899f2 100644 --- a/creusot/tests/should_succeed/all_zero.mlcfg +++ b/creusot/tests/should_succeed/all_zero.mlcfg @@ -172,9 +172,9 @@ module AllZero_AllZero goto BB5 } BB5 { - value <- Borrow.borrow_mut (AllZero_List_Type.cons_0 ( * loop_l)); + value <- Borrow.borrow_final (AllZero_List_Type.cons_0 ( * loop_l)) (Borrow.inherit_id (Borrow.get_id loop_l) 1); loop_l <- { loop_l with current = (let AllZero_List_Type.C_Cons a b = * loop_l in AllZero_List_Type.C_Cons ( ^ value) b) ; }; - next <- Borrow.borrow_mut (AllZero_List_Type.cons_1 ( * loop_l)); + next <- Borrow.borrow_final (AllZero_List_Type.cons_1 ( * loop_l)) (Borrow.inherit_id (Borrow.get_id loop_l) 2); loop_l <- { loop_l with current = (let AllZero_List_Type.C_Cons a b = * loop_l in AllZero_List_Type.C_Cons a ( ^ next)) ; }; value <- { value with current = ([#"../all_zero.rs" 44 17 44 18] (0 : uint32)) ; }; assume { Resolve0.resolve value }; diff --git a/creusot/tests/should_succeed/bdd.mlcfg b/creusot/tests/should_succeed/bdd.mlcfg index e21c4a7ccb..564184f6e5 100644 --- a/creusot/tests/should_succeed/bdd.mlcfg +++ b/creusot/tests/should_succeed/bdd.mlcfg @@ -3023,7 +3023,7 @@ module Bdd_Impl11_Hashcons BB5 { r1 <- Bdd_Bdd_Type.C_Bdd ( * _19) (Bdd_Context_Type.context_cnt ( * self)); assume { Resolve1.resolve _19 }; - _24 <- Borrow.borrow_mut (Bdd_Context_Type.context_hashcons ( * self)); + _24 <- Borrow.borrow_final (Bdd_Context_Type.context_hashcons ( * self)) (Borrow.inherit_id (Borrow.get_id self) 2); self <- { self with current = (let Bdd_Context_Type.C_Context a b c d e f = * self in Bdd_Context_Type.C_Context a ( ^ _24) c d e f) ; }; _23 <- ([#"../bdd.rs" 446 8 446 31] Add0.add _24 n r1); _24 <- any borrowed (Bdd_Hashmap_MyHashMap_Type.t_myhashmap (Bdd_Node_Type.t_node) (Bdd_Bdd_Type.t_bdd)); @@ -3220,7 +3220,7 @@ module Bdd_Impl11_Node goto BB5 } BB3 { - _17 <- Borrow.borrow_mut ( * self); + _17 <- Borrow.borrow_final ( * self) (Borrow.get_id self); self <- { self with current = ( ^ _17) ; }; assume { Inv0.inv ( ^ _17) }; _0 <- ([#"../bdd.rs" 469 8 469 50] Hashcons0.hashcons _17 (Bdd_Node_Type.C_If x childt childf)); @@ -3352,7 +3352,7 @@ module Bdd_Impl11_True goto BB0 } BB0 { - _6 <- Borrow.borrow_mut ( * self); + _6 <- Borrow.borrow_final ( * self) (Borrow.get_id self); self <- { self with current = ( ^ _6) ; }; assume { Inv0.inv ( ^ _6) }; _0 <- ([#"../bdd.rs" 477 8 477 27] Hashcons0.hashcons _6 (Bdd_Node_Type.C_True)); @@ -3481,7 +3481,7 @@ module Bdd_Impl11_False goto BB0 } BB0 { - _6 <- Borrow.borrow_mut ( * self); + _6 <- Borrow.borrow_final ( * self) (Borrow.get_id self); self <- { self with current = ( ^ _6) ; }; assume { Inv0.inv ( ^ _6) }; _0 <- ([#"../bdd.rs" 485 8 485 28] Hashcons0.hashcons _6 (Bdd_Node_Type.C_False)); @@ -3642,7 +3642,7 @@ module Bdd_Impl11_V goto BB2 } BB2 { - _10 <- Borrow.borrow_mut ( * self); + _10 <- Borrow.borrow_final ( * self) (Borrow.get_id self); self <- { self with current = ( ^ _10) ; }; assume { Inv0.inv ( ^ _10) }; _0 <- ([#"../bdd.rs" 494 8 494 26] Node0.node _10 x t f); @@ -3955,7 +3955,7 @@ module Bdd_Impl11_Not goto BB16 } BB16 { - _35 <- Borrow.borrow_mut (Bdd_Context_Type.context_not_memo ( * self)); + _35 <- Borrow.borrow_final (Bdd_Context_Type.context_not_memo ( * self)) (Borrow.inherit_id (Borrow.get_id self) 4); self <- { self with current = (let Bdd_Context_Type.C_Context a b c d e f = * self in Bdd_Context_Type.C_Context a b c ( ^ _35) e f) ; }; _34 <- ([#"../bdd.rs" 516 8 516 31] Add0.add _35 x r1); _35 <- any borrowed (Bdd_Hashmap_MyHashMap_Type.t_myhashmap (Bdd_Bdd_Type.t_bdd) (Bdd_Bdd_Type.t_bdd)); @@ -4657,7 +4657,7 @@ module Bdd_Impl11_And goto BB33 } BB33 { - _79 <- Borrow.borrow_mut (Bdd_Context_Type.context_and_memo ( * self)); + _79 <- Borrow.borrow_final (Bdd_Context_Type.context_and_memo ( * self)) (Borrow.inherit_id (Borrow.get_id self) 5); self <- { self with current = (let Bdd_Context_Type.C_Context a b c d e f = * self in Bdd_Context_Type.C_Context a b c d ( ^ _79) f) ; }; _78 <- ([#"../bdd.rs" 560 8 560 36] Add0.add _79 (a, b) r1); _79 <- any borrowed (Bdd_Hashmap_MyHashMap_Type.t_myhashmap (Bdd_Bdd_Type.t_bdd, Bdd_Bdd_Type.t_bdd) (Bdd_Bdd_Type.t_bdd)); diff --git a/creusot/tests/should_succeed/bug/682.mlcfg b/creusot/tests/should_succeed/bug/682.mlcfg index c9b67c8185..24bb9300f7 100644 --- a/creusot/tests/should_succeed/bug/682.mlcfg +++ b/creusot/tests/should_succeed/bug/682.mlcfg @@ -104,7 +104,7 @@ module C682_Foo goto BB1 } BB1 { - _7 <- Borrow.borrow_mut ( * a); + _7 <- Borrow.borrow_final ( * a) (Borrow.get_id a); a <- { a with current = ( ^ _7) ; }; _6 <- ([#"../682.rs" 14 4 14 15] AddSome0.add_some _7); _7 <- any borrowed uint64; diff --git a/creusot/tests/should_succeed/bug/766.mlcfg b/creusot/tests/should_succeed/bug/766.mlcfg index 271c8c0347..2400f5e581 100644 --- a/creusot/tests/should_succeed/bug/766.mlcfg +++ b/creusot/tests/should_succeed/bug/766.mlcfg @@ -189,7 +189,7 @@ module C766_Trait_Goo goto BB0 } BB0 { - _2 <- Borrow.borrow_mut ( * self); + _2 <- Borrow.borrow_final ( * self) (Borrow.get_id self); self <- { self with current = ( ^ _2) ; }; assume { Inv0.inv ( ^ _2) }; _0 <- ([#"../766.rs" 11 8 11 16] F0.f _2); diff --git a/creusot/tests/should_succeed/closures/01_basic.mlcfg b/creusot/tests/should_succeed/closures/01_basic.mlcfg index c0e54ed250..f795fe8cc5 100644 --- a/creusot/tests/should_succeed/closures/01_basic.mlcfg +++ b/creusot/tests/should_succeed/closures/01_basic.mlcfg @@ -508,7 +508,7 @@ module C01Basic_MoveMut_Closure0 goto BB1 } BB1 { - _2 <- Borrow.borrow_mut ( * _3); + _2 <- Borrow.borrow_final ( * _3) (Borrow.get_id _3); _3 <- { _3 with current = ( ^ _2) ; }; _1 <- { _1 with current = (let C01Basic_MoveMut_Closure0 a = * _1 in C01Basic_MoveMut_Closure0 _2) ; }; _2 <- any borrowed uint32; diff --git a/creusot/tests/should_succeed/closures/05_map.mlcfg b/creusot/tests/should_succeed/closures/05_map.mlcfg index 8812cdd018..1ac0a34971 100644 --- a/creusot/tests/should_succeed/closures/05_map.mlcfg +++ b/creusot/tests/should_succeed/closures/05_map.mlcfg @@ -962,7 +962,7 @@ module C05Map_Impl0_Next goto BB0 } BB0 { - _3 <- Borrow.borrow_mut (C05Map_Map_Type.map_iter ( * self)); + _3 <- Borrow.borrow_final (C05Map_Map_Type.map_iter ( * self)) (Borrow.inherit_id (Borrow.get_id self) 1); self <- { self with current = (let C05Map_Map_Type.C_Map a b = * self in C05Map_Map_Type.C_Map ( ^ _3) b) ; }; assume { Inv0.inv ( ^ _3) }; _2 <- ([#"../05_map.rs" 18 14 18 30] Next0.next _3); diff --git a/creusot/tests/should_succeed/drop_pair.mlcfg b/creusot/tests/should_succeed/drop_pair.mlcfg index cec4c24d44..be26dda1ca 100644 --- a/creusot/tests/should_succeed/drop_pair.mlcfg +++ b/creusot/tests/should_succeed/drop_pair.mlcfg @@ -163,7 +163,7 @@ module DropPair_Drop } BB0 { assume { Resolve0.resolve _x }; - _3 <- Borrow.borrow_mut ( * y); + _3 <- Borrow.borrow_final ( * y) (Borrow.get_id y); y <- { y with current = ( ^ _3) ; }; _x <- _3; _3 <- any borrowed uint32; diff --git a/creusot/tests/should_succeed/hashmap.mlcfg b/creusot/tests/should_succeed/hashmap.mlcfg index fd270632a7..f10880d71e 100644 --- a/creusot/tests/should_succeed/hashmap.mlcfg +++ b/creusot/tests/should_succeed/hashmap.mlcfg @@ -1782,7 +1782,7 @@ module Hashmap_Impl5_Add index <- ([#"../hashmap.rs" 110 27 110 55] UIntSize.of_int (UInt64.to_int _13) % _15); _13 <- any uint64; _15 <- any usize; - _20 <- Borrow.borrow_mut (Hashmap_MyHashMap_Type.myhashmap_buckets ( * self)); + _20 <- Borrow.borrow_final (Hashmap_MyHashMap_Type.myhashmap_buckets ( * self)) (Borrow.inherit_id (Borrow.get_id self) 1); self <- { self with current = (let Hashmap_MyHashMap_Type.C_MyHashMap a = * self in Hashmap_MyHashMap_Type.C_MyHashMap ( ^ _20)) ; }; assume { Inv1.inv ( ^ _20) }; _19 <- ([#"../hashmap.rs" 111 39 111 58] IndexMut0.index_mut _20 index); @@ -1790,10 +1790,10 @@ module Hashmap_Impl5_Add goto BB5 } BB5 { - _18 <- Borrow.borrow_mut ( * _19); + _18 <- Borrow.borrow_final ( * _19) (Borrow.get_id _19); _19 <- { _19 with current = ( ^ _18) ; }; assume { Inv2.inv ( ^ _18) }; - l <- Borrow.borrow_mut ( * _18); + l <- Borrow.borrow_final ( * _18) (Borrow.get_id _18); _18 <- { _18 with current = ( ^ l) ; }; assume { Inv2.inv ( ^ l) }; assert { [@expl:type invariant] Inv3.inv _18 }; @@ -1825,13 +1825,13 @@ module Hashmap_Impl5_Add goto BB10 } BB10 { - k <- Borrow.borrow_mut (let (a, _) = Hashmap_List_Type.cons_0 ( * l) in a); + k <- Borrow.borrow_final (let (a, _) = Hashmap_List_Type.cons_0 ( * l) in a) (Borrow.inherit_id (Borrow.inherit_id (Borrow.get_id l) 1) 1); l <- { l with current = (let Hashmap_List_Type.C_Cons a b = * l in Hashmap_List_Type.C_Cons (let (a, b) = Hashmap_List_Type.cons_0 ( * l) in ( ^ k, b)) b) ; }; assume { Inv6.inv ( ^ k) }; - v <- Borrow.borrow_mut (let (_, a) = Hashmap_List_Type.cons_0 ( * l) in a); + v <- Borrow.borrow_final (let (_, a) = Hashmap_List_Type.cons_0 ( * l) in a) (Borrow.inherit_id (Borrow.inherit_id (Borrow.get_id l) 1) 2); l <- { l with current = (let Hashmap_List_Type.C_Cons a b = * l in Hashmap_List_Type.C_Cons (let (a, b) = Hashmap_List_Type.cons_0 ( * l) in (a, ^ v)) b) ; }; assume { Inv7.inv ( ^ v) }; - tl <- Borrow.borrow_mut (Hashmap_List_Type.cons_1 ( * l)); + tl <- Borrow.borrow_final (Hashmap_List_Type.cons_1 ( * l)) (Borrow.inherit_id (Borrow.get_id l) 2); l <- { l with current = (let Hashmap_List_Type.C_Cons a b = * l in Hashmap_List_Type.C_Cons a ( ^ tl)) ; }; assume { Inv8.inv ( ^ tl) }; tl1 <- tl; @@ -1875,7 +1875,7 @@ module Hashmap_Impl5_Add _46 <- Borrow.borrow_mut ( * tl1); tl1 <- { tl1 with current = ( ^ _46) ; }; assume { Inv2.inv ( ^ _46) }; - _45 <- Borrow.borrow_mut ( * _46); + _45 <- Borrow.borrow_final ( * _46) (Borrow.get_id _46); _46 <- { _46 with current = ( ^ _45) ; }; assume { Inv2.inv ( ^ _45) }; assert { [@expl:type invariant] Inv3.inv l }; @@ -2785,7 +2785,7 @@ module Hashmap_Impl5_Resize _28 <- Borrow.borrow_mut ( * _29); _29 <- { _29 with current = ( ^ _28) ; }; assume { Inv5.inv ( ^ _28) }; - _27 <- Borrow.borrow_mut ( * _28); + _27 <- Borrow.borrow_final ( * _28) (Borrow.get_id _28); _28 <- { _28 with current = ( ^ _27) ; }; assume { Inv5.inv ( ^ _27) }; l <- ([#"../hashmap.rs" 177 33 177 83] Replace0.replace _27 (Hashmap_List_Type.C_Nil)); diff --git a/creusot/tests/should_succeed/hillel.mlcfg b/creusot/tests/should_succeed/hillel.mlcfg index c704f1c2e0..fe321db1cc 100644 --- a/creusot/tests/should_succeed/hillel.mlcfg +++ b/creusot/tests/should_succeed/hillel.mlcfg @@ -1459,7 +1459,7 @@ module CreusotContracts_Std1_Slice_Impl14_Produces predicate produces (self : Core_Slice_Iter_Iter_Type.t_iter t) (visited : Seq.seq t) (tl : Core_Slice_Iter_Iter_Type.t_iter t) = - [#"../../../../creusot-contracts/src/std/slice.rs" 379 12 379 66] ToRefSeq0.to_ref_seq (ShallowModel0.shallow_model self) = Seq.(++) visited (ToRefSeq0.to_ref_seq (ShallowModel0.shallow_model tl)) + [#"../../../../creusot-contracts/src/std/slice.rs" 380 12 380 66] ToRefSeq0.to_ref_seq (ShallowModel0.shallow_model self) = Seq.(++) visited (ToRefSeq0.to_ref_seq (ShallowModel0.shallow_model tl)) val produces (self : Core_Slice_Iter_Iter_Type.t_iter t) (visited : Seq.seq t) (tl : Core_Slice_Iter_Iter_Type.t_iter t) : bool ensures { result = produces self visited tl } @@ -1775,10 +1775,10 @@ module CreusotContracts_Std1_Slice_Impl14_ProducesRefl_Interface type t = t function produces_refl (a : Core_Slice_Iter_Iter_Type.t_iter t) : () val produces_refl (a : Core_Slice_Iter_Iter_Type.t_iter t) : () - ensures { [#"../../../../creusot-contracts/src/std/slice.rs" 385 14 385 39] Produces0.produces a (Seq.empty ) a } + ensures { [#"../../../../creusot-contracts/src/std/slice.rs" 386 14 386 39] Produces0.produces a (Seq.empty ) a } ensures { result = produces_refl a } - axiom produces_refl_spec : forall a : Core_Slice_Iter_Iter_Type.t_iter t . [#"../../../../creusot-contracts/src/std/slice.rs" 385 14 385 39] Produces0.produces a (Seq.empty ) a + axiom produces_refl_spec : forall a : Core_Slice_Iter_Iter_Type.t_iter t . [#"../../../../creusot-contracts/src/std/slice.rs" 386 14 386 39] Produces0.produces a (Seq.empty ) a end module CreusotContracts_Std1_Slice_Impl14_ProducesRefl type t @@ -1787,12 +1787,12 @@ module CreusotContracts_Std1_Slice_Impl14_ProducesRefl clone CreusotContracts_Std1_Slice_Impl14_Produces_Stub as Produces0 with type t = t function produces_refl (a : Core_Slice_Iter_Iter_Type.t_iter t) : () = - [#"../../../../creusot-contracts/src/std/slice.rs" 383 4 383 10] () + [#"../../../../creusot-contracts/src/std/slice.rs" 384 4 384 10] () val produces_refl (a : Core_Slice_Iter_Iter_Type.t_iter t) : () - ensures { [#"../../../../creusot-contracts/src/std/slice.rs" 385 14 385 39] Produces0.produces a (Seq.empty ) a } + ensures { [#"../../../../creusot-contracts/src/std/slice.rs" 386 14 386 39] Produces0.produces a (Seq.empty ) a } ensures { result = produces_refl a } - axiom produces_refl_spec : forall a : Core_Slice_Iter_Iter_Type.t_iter t . [#"../../../../creusot-contracts/src/std/slice.rs" 385 14 385 39] Produces0.produces a (Seq.empty ) a + axiom produces_refl_spec : forall a : Core_Slice_Iter_Iter_Type.t_iter t . [#"../../../../creusot-contracts/src/std/slice.rs" 386 14 386 39] Produces0.produces a (Seq.empty ) a end module CreusotContracts_Std1_Slice_Impl14_ProducesTrans_Stub type t @@ -1820,14 +1820,14 @@ module CreusotContracts_Std1_Slice_Impl14_ProducesTrans_Interface function produces_trans (a : Core_Slice_Iter_Iter_Type.t_iter t) (ab : Seq.seq t) (b : Core_Slice_Iter_Iter_Type.t_iter t) (bc : Seq.seq t) (c : Core_Slice_Iter_Iter_Type.t_iter t) : () val produces_trans (a : Core_Slice_Iter_Iter_Type.t_iter t) (ab : Seq.seq t) (b : Core_Slice_Iter_Iter_Type.t_iter t) (bc : Seq.seq t) (c : Core_Slice_Iter_Iter_Type.t_iter t) : () - requires {[#"../../../../creusot-contracts/src/std/slice.rs" 390 15 390 32] Produces0.produces a ab b} - requires {[#"../../../../creusot-contracts/src/std/slice.rs" 391 15 391 32] Produces0.produces b bc c} - requires {[#"../../../../creusot-contracts/src/std/slice.rs" 393 31 393 33] Inv0.inv ab} - requires {[#"../../../../creusot-contracts/src/std/slice.rs" 393 61 393 63] Inv0.inv bc} - ensures { [#"../../../../creusot-contracts/src/std/slice.rs" 392 14 392 42] Produces0.produces a (Seq.(++) ab bc) c } + requires {[#"../../../../creusot-contracts/src/std/slice.rs" 391 15 391 32] Produces0.produces a ab b} + requires {[#"../../../../creusot-contracts/src/std/slice.rs" 392 15 392 32] Produces0.produces b bc c} + requires {[#"../../../../creusot-contracts/src/std/slice.rs" 394 31 394 33] Inv0.inv ab} + requires {[#"../../../../creusot-contracts/src/std/slice.rs" 394 61 394 63] Inv0.inv bc} + ensures { [#"../../../../creusot-contracts/src/std/slice.rs" 393 14 393 42] Produces0.produces a (Seq.(++) ab bc) c } ensures { result = produces_trans a ab b bc c } - axiom produces_trans_spec : forall a : Core_Slice_Iter_Iter_Type.t_iter t, ab : Seq.seq t, b : Core_Slice_Iter_Iter_Type.t_iter t, bc : Seq.seq t, c : Core_Slice_Iter_Iter_Type.t_iter t . ([#"../../../../creusot-contracts/src/std/slice.rs" 390 15 390 32] Produces0.produces a ab b) -> ([#"../../../../creusot-contracts/src/std/slice.rs" 391 15 391 32] Produces0.produces b bc c) -> ([#"../../../../creusot-contracts/src/std/slice.rs" 393 31 393 33] Inv0.inv ab) -> ([#"../../../../creusot-contracts/src/std/slice.rs" 393 61 393 63] Inv0.inv bc) -> ([#"../../../../creusot-contracts/src/std/slice.rs" 392 14 392 42] Produces0.produces a (Seq.(++) ab bc) c) + axiom produces_trans_spec : forall a : Core_Slice_Iter_Iter_Type.t_iter t, ab : Seq.seq t, b : Core_Slice_Iter_Iter_Type.t_iter t, bc : Seq.seq t, c : Core_Slice_Iter_Iter_Type.t_iter t . ([#"../../../../creusot-contracts/src/std/slice.rs" 391 15 391 32] Produces0.produces a ab b) -> ([#"../../../../creusot-contracts/src/std/slice.rs" 392 15 392 32] Produces0.produces b bc c) -> ([#"../../../../creusot-contracts/src/std/slice.rs" 394 31 394 33] Inv0.inv ab) -> ([#"../../../../creusot-contracts/src/std/slice.rs" 394 61 394 63] Inv0.inv bc) -> ([#"../../../../creusot-contracts/src/std/slice.rs" 393 14 393 42] Produces0.produces a (Seq.(++) ab bc) c) end module CreusotContracts_Std1_Slice_Impl14_ProducesTrans type t @@ -1842,16 +1842,16 @@ module CreusotContracts_Std1_Slice_Impl14_ProducesTrans function produces_trans (a : Core_Slice_Iter_Iter_Type.t_iter t) (ab : Seq.seq t) (b : Core_Slice_Iter_Iter_Type.t_iter t) (bc : Seq.seq t) (c : Core_Slice_Iter_Iter_Type.t_iter t) : () = - [#"../../../../creusot-contracts/src/std/slice.rs" 388 4 388 10] () + [#"../../../../creusot-contracts/src/std/slice.rs" 389 4 389 10] () val produces_trans (a : Core_Slice_Iter_Iter_Type.t_iter t) (ab : Seq.seq t) (b : Core_Slice_Iter_Iter_Type.t_iter t) (bc : Seq.seq t) (c : Core_Slice_Iter_Iter_Type.t_iter t) : () - requires {[#"../../../../creusot-contracts/src/std/slice.rs" 390 15 390 32] Produces0.produces a ab b} - requires {[#"../../../../creusot-contracts/src/std/slice.rs" 391 15 391 32] Produces0.produces b bc c} - requires {[#"../../../../creusot-contracts/src/std/slice.rs" 393 31 393 33] Inv0.inv ab} - requires {[#"../../../../creusot-contracts/src/std/slice.rs" 393 61 393 63] Inv0.inv bc} - ensures { [#"../../../../creusot-contracts/src/std/slice.rs" 392 14 392 42] Produces0.produces a (Seq.(++) ab bc) c } + requires {[#"../../../../creusot-contracts/src/std/slice.rs" 391 15 391 32] Produces0.produces a ab b} + requires {[#"../../../../creusot-contracts/src/std/slice.rs" 392 15 392 32] Produces0.produces b bc c} + requires {[#"../../../../creusot-contracts/src/std/slice.rs" 394 31 394 33] Inv0.inv ab} + requires {[#"../../../../creusot-contracts/src/std/slice.rs" 394 61 394 63] Inv0.inv bc} + ensures { [#"../../../../creusot-contracts/src/std/slice.rs" 393 14 393 42] Produces0.produces a (Seq.(++) ab bc) c } ensures { result = produces_trans a ab b bc c } - axiom produces_trans_spec : forall a : Core_Slice_Iter_Iter_Type.t_iter t, ab : Seq.seq t, b : Core_Slice_Iter_Iter_Type.t_iter t, bc : Seq.seq t, c : Core_Slice_Iter_Iter_Type.t_iter t . ([#"../../../../creusot-contracts/src/std/slice.rs" 390 15 390 32] Produces0.produces a ab b) -> ([#"../../../../creusot-contracts/src/std/slice.rs" 391 15 391 32] Produces0.produces b bc c) -> ([#"../../../../creusot-contracts/src/std/slice.rs" 393 31 393 33] Inv0.inv ab) -> ([#"../../../../creusot-contracts/src/std/slice.rs" 393 61 393 63] Inv0.inv bc) -> ([#"../../../../creusot-contracts/src/std/slice.rs" 392 14 392 42] Produces0.produces a (Seq.(++) ab bc) c) + axiom produces_trans_spec : forall a : Core_Slice_Iter_Iter_Type.t_iter t, ab : Seq.seq t, b : Core_Slice_Iter_Iter_Type.t_iter t, bc : Seq.seq t, c : Core_Slice_Iter_Iter_Type.t_iter t . ([#"../../../../creusot-contracts/src/std/slice.rs" 391 15 391 32] Produces0.produces a ab b) -> ([#"../../../../creusot-contracts/src/std/slice.rs" 392 15 392 32] Produces0.produces b bc c) -> ([#"../../../../creusot-contracts/src/std/slice.rs" 394 31 394 33] Inv0.inv ab) -> ([#"../../../../creusot-contracts/src/std/slice.rs" 394 61 394 63] Inv0.inv bc) -> ([#"../../../../creusot-contracts/src/std/slice.rs" 393 14 393 42] Produces0.produces a (Seq.(++) ab bc) c) end module Hillel_InsertUnique_Interface type t @@ -2307,7 +2307,7 @@ module Hillel_InsertUnique BB13 { _30 <- Borrow.borrow_mut iter; iter <- ^ _30; - _29 <- Borrow.borrow_mut ( * _30); + _29 <- Borrow.borrow_final ( * _30) (Borrow.get_id _30); _30 <- { _30 with current = ( ^ _29) ; }; _28 <- ([#"../hillel.rs" 84 4 84 111] Next0.next _29); _29 <- any borrowed (Core_Slice_Iter_Iter_Type.t_iter t); @@ -2387,7 +2387,7 @@ module Hillel_InsertUnique goto BB12 } BB24 { - _49 <- Borrow.borrow_mut ( * vec); + _49 <- Borrow.borrow_final ( * vec) (Borrow.get_id vec); vec <- { vec with current = ( ^ _49) ; }; assume { Inv8.inv ( ^ _49) }; _48 <- ([#"../hillel.rs" 94 4 94 18] Push0.push _49 elem); @@ -3262,7 +3262,7 @@ module Hillel_Unique BB11 { _25 <- Borrow.borrow_mut iter; iter <- ^ _25; - _24 <- Borrow.borrow_mut ( * _25); + _24 <- Borrow.borrow_final ( * _25) (Borrow.get_id _25); _25 <- { _25 with current = ( ^ _24) ; }; _23 <- ([#"../hillel.rs" 104 4 104 48] Next0.next _24); _24 <- any borrowed (Core_Ops_Range_Range_Type.t_range usize); @@ -3310,7 +3310,7 @@ module Hillel_Unique _37 <- Borrow.borrow_mut unique; unique <- ^ _37; assume { Inv2.inv ( ^ _37) }; - _36 <- Borrow.borrow_mut ( * _37); + _36 <- Borrow.borrow_final ( * _37) (Borrow.get_id _37); _37 <- { _37 with current = ( ^ _36) ; }; assume { Inv2.inv ( ^ _36) }; assert { [@expl:type invariant] Inv3.inv elem }; @@ -3896,7 +3896,7 @@ module Hillel_Fulcrum BB5 { _21 <- Borrow.borrow_mut iter; iter <- ^ _21; - _20 <- Borrow.borrow_mut ( * _21); + _20 <- Borrow.borrow_final ( * _21) (Borrow.get_id _21); _21 <- { _21 with current = ( ^ _20) ; }; _19 <- ([#"../hillel.rs" 159 4 159 60] Next0.next _20); _20 <- any borrowed (Core_Slice_Iter_Iter_Type.t_iter uint32); @@ -3965,7 +3965,7 @@ module Hillel_Fulcrum BB17 { _52 <- Borrow.borrow_mut iter1; iter1 <- ^ _52; - _51 <- Borrow.borrow_mut ( * _52); + _51 <- Borrow.borrow_final ( * _52) (Borrow.get_id _52); _52 <- { _52 with current = ( ^ _51) ; }; _50 <- ([#"../hillel.rs" 171 4 171 58] Next1.next _51); _51 <- any borrowed (Core_Ops_Range_Range_Type.t_range usize); diff --git a/creusot/tests/should_succeed/index_range.mlcfg b/creusot/tests/should_succeed/index_range.mlcfg index 4774faca69..1ae5e2d66c 100644 --- a/creusot/tests/should_succeed/index_range.mlcfg +++ b/creusot/tests/should_succeed/index_range.mlcfg @@ -1662,7 +1662,7 @@ module IndexRange_TestRange goto BB54 } BB54 { - s2 <- Borrow.borrow_mut ( * _105); + s2 <- Borrow.borrow_final ( * _105) (Borrow.get_id _105); _105 <- { _105 with current = ( ^ s2) ; }; _111 <- ([#"../index_range.rs" 60 12 60 19] Len0.len ( * s2)); goto BB55 @@ -2290,7 +2290,7 @@ module IndexRange_TestRangeTo goto BB23 } BB23 { - s1 <- Borrow.borrow_mut ( * _44); + s1 <- Borrow.borrow_final ( * _44) (Borrow.get_id _44); _44 <- { _44 with current = ( ^ s1) ; }; _50 <- ([#"../index_range.rs" 100 12 100 19] Len0.len ( * s1)); goto BB24 @@ -2948,7 +2948,7 @@ module IndexRange_TestRangeFrom goto BB28 } BB28 { - s1 <- Borrow.borrow_mut ( * _54); + s1 <- Borrow.borrow_final ( * _54) (Borrow.get_id _54); _54 <- { _54 with current = ( ^ s1) ; }; _60 <- ([#"../index_range.rs" 139 12 139 19] Len0.len ( * s1)); goto BB29 @@ -3542,7 +3542,7 @@ module IndexRange_TestRangeFull goto BB26 } BB26 { - s1 <- Borrow.borrow_mut ( * _43); + s1 <- Borrow.borrow_final ( * _43) (Borrow.get_id _43); _43 <- { _43 with current = ( ^ s1) ; }; _49 <- ([#"../index_range.rs" 166 12 166 19] Len0.len ( * s1)); goto BB27 @@ -4143,7 +4143,7 @@ module IndexRange_TestRangeToInclusive goto BB19 } BB19 { - s1 <- Borrow.borrow_mut ( * _35); + s1 <- Borrow.borrow_final ( * _35) (Borrow.get_id _35); _35 <- { _35 with current = ( ^ s1) ; }; _41 <- ([#"../index_range.rs" 196 12 196 19] Len0.len ( * s1)); goto BB20 diff --git a/creusot/tests/should_succeed/inplace_list_reversal.mlcfg b/creusot/tests/should_succeed/inplace_list_reversal.mlcfg index c54c32e462..022b34d656 100644 --- a/creusot/tests/should_succeed/inplace_list_reversal.mlcfg +++ b/creusot/tests/should_succeed/inplace_list_reversal.mlcfg @@ -192,7 +192,7 @@ module InplaceListReversal_Rev assert { [@expl:type invariant] Inv0.inv old_l }; assume { Resolve0.resolve old_l }; prev <- InplaceListReversal_List_Type.C_Nil; - _7 <- Borrow.borrow_mut ( * l); + _7 <- Borrow.borrow_final ( * l) (Borrow.get_id l); l <- { l with current = ( ^ _7) ; }; assume { Inv1.inv ( ^ _7) }; head <- ([#"../inplace_list_reversal.rs" 27 19 27 34] Replace0.replace _7 (InplaceListReversal_List_Type.C_Nil)); diff --git a/creusot/tests/should_succeed/invariant_moves.mlcfg b/creusot/tests/should_succeed/invariant_moves.mlcfg index 4511bf29df..000beda38a 100644 --- a/creusot/tests/should_succeed/invariant_moves.mlcfg +++ b/creusot/tests/should_succeed/invariant_moves.mlcfg @@ -488,7 +488,7 @@ module InvariantMoves_TestInvariantMove BB3 { _6 <- Borrow.borrow_mut x; x <- ^ _6; - _5 <- Borrow.borrow_mut ( * _6); + _5 <- Borrow.borrow_final ( * _6) (Borrow.get_id _6); _6 <- { _6 with current = ( ^ _5) ; }; _4 <- ([#"../invariant_moves.rs" 7 26 7 40] Pop0.pop _5); _5 <- any borrowed (Alloc_Vec_Vec_Type.t_vec uint32 (Alloc_Alloc_Global_Type.t_global)); diff --git a/creusot/tests/should_succeed/iterators/02_iter_mut.mlcfg b/creusot/tests/should_succeed/iterators/02_iter_mut.mlcfg index f52c094699..c8949dd3e5 100644 --- a/creusot/tests/should_succeed/iterators/02_iter_mut.mlcfg +++ b/creusot/tests/should_succeed/iterators/02_iter_mut.mlcfg @@ -134,28 +134,6 @@ module C02IterMut_Impl0_Invariant val invariant' [#"../02_iter_mut.rs" 20 4 20 30] (self : C02IterMut_IterMut_Type.t_itermut t) : bool ensures { result = invariant' self } -end -module CreusotContracts_Resolve_Impl1_Resolve_Stub - type t - use prelude.Borrow - predicate resolve (self : borrowed t) -end -module CreusotContracts_Resolve_Impl1_Resolve_Interface - type t - use prelude.Borrow - predicate resolve (self : borrowed t) - val resolve (self : borrowed t) : bool - ensures { result = resolve self } - -end -module CreusotContracts_Resolve_Impl1_Resolve - type t - use prelude.Borrow - predicate resolve (self : borrowed t) = - [#"../../../../../creusot-contracts/src/resolve.rs" 25 20 25 34] ^ self = * self - val resolve (self : borrowed t) : bool - ensures { result = resolve self } - end module CreusotContracts_Model_ShallowModel_ShallowModelTy_Type type self @@ -241,10 +219,8 @@ module C02IterMut_Impl1_Completed type t = slice t, type ShallowModelTy0.shallowModelTy = Seq.seq t use C02IterMut_IterMut_Type as C02IterMut_IterMut_Type - clone CreusotContracts_Resolve_Impl1_Resolve_Stub as Resolve0 with - type t = C02IterMut_IterMut_Type.t_itermut t predicate completed [#"../02_iter_mut.rs" 31 4 31 35] (self : borrowed (C02IterMut_IterMut_Type.t_itermut t)) = - [#"../02_iter_mut.rs" 32 8 32 70] Resolve0.resolve self /\ Seq.(==) (ShallowModel0.shallow_model (C02IterMut_IterMut_Type.itermut_inner ( * self))) (Seq.empty ) + [#"../02_iter_mut.rs" 32 8 32 88] ShallowModel0.shallow_model (C02IterMut_IterMut_Type.itermut_inner ( * self)) = ShallowModel0.shallow_model (C02IterMut_IterMut_Type.itermut_inner ( ^ self)) /\ Seq.(==) (ShallowModel0.shallow_model (C02IterMut_IterMut_Type.itermut_inner ( * self))) (Seq.empty ) val completed [#"../02_iter_mut.rs" 31 4 31 35] (self : borrowed (C02IterMut_IterMut_Type.t_itermut t)) : bool ensures { result = completed self } @@ -382,17 +358,18 @@ module C02IterMut_Impl1_Produces type t use seq.Seq use prelude.Borrow + use prelude.Int use prelude.Slice use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv1 with type t = Seq.seq (borrowed t) clone CreusotContracts_Logic_Ops_Impl2_IndexLogic_Stub as IndexLogic0 with type t = t + clone CreusotContracts_Invariant_Inv_Stub as Inv0 with + type t = borrowed (slice t) clone CreusotContracts_Model_Impl7_ShallowModel_Stub as ShallowModel0 with type t = slice t, type ShallowModelTy0.shallowModelTy = Seq.seq t - clone CreusotContracts_Invariant_Inv_Stub as Inv0 with - type t = borrowed (slice t) clone CreusotContracts_Std1_Slice_Impl4_ToMutSeq_Stub as ToMutSeq0 with type t = t, predicate Inv0.inv = Inv0.inv, @@ -404,7 +381,7 @@ module C02IterMut_Impl1_Produces predicate produces [#"../02_iter_mut.rs" 37 4 37 65] (self : C02IterMut_IterMut_Type.t_itermut t) (visited : Seq.seq (borrowed t)) (tl : C02IterMut_IterMut_Type.t_itermut t) = - [#"../02_iter_mut.rs" 36 4 36 16] Seq.(==) (ToMutSeq0.to_mut_seq (C02IterMut_IterMut_Type.itermut_inner self)) (Seq.(++) visited (ToMutSeq0.to_mut_seq (C02IterMut_IterMut_Type.itermut_inner tl))) + [#"../02_iter_mut.rs" 39 12 43 13] Seq.length (ShallowModel0.shallow_model (C02IterMut_IterMut_Type.itermut_inner self)) = Seq.length visited + Seq.length (ShallowModel0.shallow_model (C02IterMut_IterMut_Type.itermut_inner tl)) /\ (forall i : int . 0 <= i /\ i < Seq.length (ShallowModel0.shallow_model (C02IterMut_IterMut_Type.itermut_inner self)) -> * Seq.get (ToMutSeq0.to_mut_seq (C02IterMut_IterMut_Type.itermut_inner self)) i = * Seq.get (Seq.(++) visited (ToMutSeq0.to_mut_seq (C02IterMut_IterMut_Type.itermut_inner tl))) i /\ ^ Seq.get (ToMutSeq0.to_mut_seq (C02IterMut_IterMut_Type.itermut_inner self)) i = ^ Seq.get (Seq.(++) visited (ToMutSeq0.to_mut_seq (C02IterMut_IterMut_Type.itermut_inner tl))) i) val produces [#"../02_iter_mut.rs" 37 4 37 65] (self : C02IterMut_IterMut_Type.t_itermut t) (visited : Seq.seq (borrowed t)) (tl : C02IterMut_IterMut_Type.t_itermut t) : bool ensures { result = produces self visited tl } @@ -438,7 +415,7 @@ module C02IterMut_Impl1_ProducesRefl_Stub type t = t clone CreusotContracts_Invariant_Inv_Stub as Inv0 with type t = C02IterMut_IterMut_Type.t_itermut t - function produces_refl [#"../02_iter_mut.rs" 44 4 44 29] (a : C02IterMut_IterMut_Type.t_itermut t) : () + function produces_refl [#"../02_iter_mut.rs" 50 4 50 29] (a : C02IterMut_IterMut_Type.t_itermut t) : () end module C02IterMut_Impl1_ProducesRefl_Interface type t @@ -448,13 +425,13 @@ module C02IterMut_Impl1_ProducesRefl_Interface type t = t clone CreusotContracts_Invariant_Inv_Stub as Inv0 with type t = C02IterMut_IterMut_Type.t_itermut t - function produces_refl [#"../02_iter_mut.rs" 44 4 44 29] (a : C02IterMut_IterMut_Type.t_itermut t) : () - val produces_refl [#"../02_iter_mut.rs" 44 4 44 29] (a : C02IterMut_IterMut_Type.t_itermut t) : () - requires {[#"../02_iter_mut.rs" 44 21 44 22] Inv0.inv a} - ensures { [#"../02_iter_mut.rs" 43 14 43 39] Produces0.produces a (Seq.empty ) a } + function produces_refl [#"../02_iter_mut.rs" 50 4 50 29] (a : C02IterMut_IterMut_Type.t_itermut t) : () + val produces_refl [#"../02_iter_mut.rs" 50 4 50 29] (a : C02IterMut_IterMut_Type.t_itermut t) : () + requires {[#"../02_iter_mut.rs" 50 21 50 22] Inv0.inv a} + ensures { [#"../02_iter_mut.rs" 49 14 49 39] Produces0.produces a (Seq.empty ) a } ensures { result = produces_refl a } - axiom produces_refl_spec : forall a : C02IterMut_IterMut_Type.t_itermut t . ([#"../02_iter_mut.rs" 44 21 44 22] Inv0.inv a) -> ([#"../02_iter_mut.rs" 43 14 43 39] Produces0.produces a (Seq.empty ) a) + axiom produces_refl_spec : forall a : C02IterMut_IterMut_Type.t_itermut t . ([#"../02_iter_mut.rs" 50 21 50 22] Inv0.inv a) -> ([#"../02_iter_mut.rs" 49 14 49 39] Produces0.produces a (Seq.empty ) a) end module C02IterMut_Impl1_ProducesRefl type t @@ -464,14 +441,14 @@ module C02IterMut_Impl1_ProducesRefl type t = t clone CreusotContracts_Invariant_Inv_Stub as Inv0 with type t = C02IterMut_IterMut_Type.t_itermut t - function produces_refl [#"../02_iter_mut.rs" 44 4 44 29] (a : C02IterMut_IterMut_Type.t_itermut t) : () = - [#"../02_iter_mut.rs" 41 4 41 10] () - val produces_refl [#"../02_iter_mut.rs" 44 4 44 29] (a : C02IterMut_IterMut_Type.t_itermut t) : () - requires {[#"../02_iter_mut.rs" 44 21 44 22] Inv0.inv a} - ensures { [#"../02_iter_mut.rs" 43 14 43 39] Produces0.produces a (Seq.empty ) a } + function produces_refl [#"../02_iter_mut.rs" 50 4 50 29] (a : C02IterMut_IterMut_Type.t_itermut t) : () = + [#"../02_iter_mut.rs" 47 4 47 10] () + val produces_refl [#"../02_iter_mut.rs" 50 4 50 29] (a : C02IterMut_IterMut_Type.t_itermut t) : () + requires {[#"../02_iter_mut.rs" 50 21 50 22] Inv0.inv a} + ensures { [#"../02_iter_mut.rs" 49 14 49 39] Produces0.produces a (Seq.empty ) a } ensures { result = produces_refl a } - axiom produces_refl_spec : forall a : C02IterMut_IterMut_Type.t_itermut t . ([#"../02_iter_mut.rs" 44 21 44 22] Inv0.inv a) -> ([#"../02_iter_mut.rs" 43 14 43 39] Produces0.produces a (Seq.empty ) a) + axiom produces_refl_spec : forall a : C02IterMut_IterMut_Type.t_itermut t . ([#"../02_iter_mut.rs" 50 21 50 22] Inv0.inv a) -> ([#"../02_iter_mut.rs" 49 14 49 39] Produces0.produces a (Seq.empty ) a) end module C02IterMut_Impl1_ProducesRefl_Impl type t @@ -504,18 +481,18 @@ module C02IterMut_Impl1_ProducesRefl_Impl predicate Inv0.inv = Inv2.inv, axiom . clone Core_Num_Impl11_Max as Max0 - clone CreusotContracts_Std1_Slice_Impl0_ShallowModel_Interface as ShallowModel1 with - type t = t, - predicate Inv0.inv = Inv4.inv, - val Max0.mAX' = Max0.mAX', - predicate Inv1.inv = Inv5.inv, - axiom . clone CreusotContracts_Invariant_Inv_Interface as Inv1 with type t = borrowed (slice t) clone TyInv_Trivial as TyInv_Trivial0 with type t = borrowed (slice t), predicate Inv0.inv = Inv1.inv, axiom . + clone CreusotContracts_Std1_Slice_Impl0_ShallowModel_Interface as ShallowModel1 with + type t = t, + predicate Inv0.inv = Inv4.inv, + val Max0.mAX' = Max0.mAX', + predicate Inv1.inv = Inv5.inv, + axiom . use C02IterMut_IterMut_Type as C02IterMut_IterMut_Type clone C02IterMut_Impl0_Invariant as Invariant0 with type t = t, @@ -550,17 +527,17 @@ module C02IterMut_Impl1_ProducesRefl_Impl axiom . clone C02IterMut_Impl1_Produces as Produces0 with type t = t, + function ShallowModel0.shallow_model = ShallowModel0.shallow_model, function ToMutSeq0.to_mut_seq = ToMutSeq0.to_mut_seq, predicate Inv0.inv = Inv1.inv, - function ShallowModel0.shallow_model = ShallowModel0.shallow_model, function IndexLogic0.index_logic = IndexLogic0.index_logic, predicate Inv1.inv = Inv2.inv - let rec ghost function produces_refl [#"../02_iter_mut.rs" 44 4 44 29] (a : C02IterMut_IterMut_Type.t_itermut t) : () - requires {[#"../02_iter_mut.rs" 44 21 44 22] Inv0.inv a} - ensures { [#"../02_iter_mut.rs" 43 14 43 39] Produces0.produces a (Seq.empty ) a } + let rec ghost function produces_refl [#"../02_iter_mut.rs" 50 4 50 29] (a : C02IterMut_IterMut_Type.t_itermut t) : () + requires {[#"../02_iter_mut.rs" 50 21 50 22] Inv0.inv a} + ensures { [#"../02_iter_mut.rs" 49 14 49 39] Produces0.produces a (Seq.empty ) a } = [@vc:do_not_keep_trace] [@vc:sp] - [#"../02_iter_mut.rs" 41 4 41 10] () + [#"../02_iter_mut.rs" 47 4 47 10] () end module C02IterMut_Impl1_ProducesTrans_Stub type t @@ -574,7 +551,7 @@ module C02IterMut_Impl1_ProducesTrans_Stub type t = C02IterMut_IterMut_Type.t_itermut t clone C02IterMut_Impl1_Produces_Stub as Produces0 with type t = t - function produces_trans [#"../02_iter_mut.rs" 51 4 51 90] (a : C02IterMut_IterMut_Type.t_itermut t) (ab : Seq.seq (borrowed t)) (b : C02IterMut_IterMut_Type.t_itermut t) (bc : Seq.seq (borrowed t)) (c : C02IterMut_IterMut_Type.t_itermut t) : () + function produces_trans [#"../02_iter_mut.rs" 57 4 57 90] (a : C02IterMut_IterMut_Type.t_itermut t) (ab : Seq.seq (borrowed t)) (b : C02IterMut_IterMut_Type.t_itermut t) (bc : Seq.seq (borrowed t)) (c : C02IterMut_IterMut_Type.t_itermut t) : () end module C02IterMut_Impl1_ProducesTrans_Interface @@ -589,20 +566,20 @@ module C02IterMut_Impl1_ProducesTrans_Interface type t = C02IterMut_IterMut_Type.t_itermut t clone C02IterMut_Impl1_Produces_Stub as Produces0 with type t = t - function produces_trans [#"../02_iter_mut.rs" 51 4 51 90] (a : C02IterMut_IterMut_Type.t_itermut t) (ab : Seq.seq (borrowed t)) (b : C02IterMut_IterMut_Type.t_itermut t) (bc : Seq.seq (borrowed t)) (c : C02IterMut_IterMut_Type.t_itermut t) : () - - val produces_trans [#"../02_iter_mut.rs" 51 4 51 90] (a : C02IterMut_IterMut_Type.t_itermut t) (ab : Seq.seq (borrowed t)) (b : C02IterMut_IterMut_Type.t_itermut t) (bc : Seq.seq (borrowed t)) (c : C02IterMut_IterMut_Type.t_itermut t) : () - requires {[#"../02_iter_mut.rs" 48 15 48 32] Produces0.produces a ab b} - requires {[#"../02_iter_mut.rs" 49 15 49 32] Produces0.produces b bc c} - requires {[#"../02_iter_mut.rs" 51 22 51 23] Inv0.inv a} - requires {[#"../02_iter_mut.rs" 51 31 51 33] Inv1.inv ab} - requires {[#"../02_iter_mut.rs" 51 52 51 53] Inv0.inv b} - requires {[#"../02_iter_mut.rs" 51 61 51 63] Inv1.inv bc} - requires {[#"../02_iter_mut.rs" 51 82 51 83] Inv0.inv c} - ensures { [#"../02_iter_mut.rs" 50 14 50 42] Produces0.produces a (Seq.(++) ab bc) c } + function produces_trans [#"../02_iter_mut.rs" 57 4 57 90] (a : C02IterMut_IterMut_Type.t_itermut t) (ab : Seq.seq (borrowed t)) (b : C02IterMut_IterMut_Type.t_itermut t) (bc : Seq.seq (borrowed t)) (c : C02IterMut_IterMut_Type.t_itermut t) : () + + val produces_trans [#"../02_iter_mut.rs" 57 4 57 90] (a : C02IterMut_IterMut_Type.t_itermut t) (ab : Seq.seq (borrowed t)) (b : C02IterMut_IterMut_Type.t_itermut t) (bc : Seq.seq (borrowed t)) (c : C02IterMut_IterMut_Type.t_itermut t) : () + requires {[#"../02_iter_mut.rs" 54 15 54 32] Produces0.produces a ab b} + requires {[#"../02_iter_mut.rs" 55 15 55 32] Produces0.produces b bc c} + requires {[#"../02_iter_mut.rs" 57 22 57 23] Inv0.inv a} + requires {[#"../02_iter_mut.rs" 57 31 57 33] Inv1.inv ab} + requires {[#"../02_iter_mut.rs" 57 52 57 53] Inv0.inv b} + requires {[#"../02_iter_mut.rs" 57 61 57 63] Inv1.inv bc} + requires {[#"../02_iter_mut.rs" 57 82 57 83] Inv0.inv c} + ensures { [#"../02_iter_mut.rs" 56 14 56 42] Produces0.produces a (Seq.(++) ab bc) c } ensures { result = produces_trans a ab b bc c } - axiom produces_trans_spec : forall a : C02IterMut_IterMut_Type.t_itermut t, ab : Seq.seq (borrowed t), b : C02IterMut_IterMut_Type.t_itermut t, bc : Seq.seq (borrowed t), c : C02IterMut_IterMut_Type.t_itermut t . ([#"../02_iter_mut.rs" 48 15 48 32] Produces0.produces a ab b) -> ([#"../02_iter_mut.rs" 49 15 49 32] Produces0.produces b bc c) -> ([#"../02_iter_mut.rs" 51 22 51 23] Inv0.inv a) -> ([#"../02_iter_mut.rs" 51 31 51 33] Inv1.inv ab) -> ([#"../02_iter_mut.rs" 51 52 51 53] Inv0.inv b) -> ([#"../02_iter_mut.rs" 51 61 51 63] Inv1.inv bc) -> ([#"../02_iter_mut.rs" 51 82 51 83] Inv0.inv c) -> ([#"../02_iter_mut.rs" 50 14 50 42] Produces0.produces a (Seq.(++) ab bc) c) + axiom produces_trans_spec : forall a : C02IterMut_IterMut_Type.t_itermut t, ab : Seq.seq (borrowed t), b : C02IterMut_IterMut_Type.t_itermut t, bc : Seq.seq (borrowed t), c : C02IterMut_IterMut_Type.t_itermut t . ([#"../02_iter_mut.rs" 54 15 54 32] Produces0.produces a ab b) -> ([#"../02_iter_mut.rs" 55 15 55 32] Produces0.produces b bc c) -> ([#"../02_iter_mut.rs" 57 22 57 23] Inv0.inv a) -> ([#"../02_iter_mut.rs" 57 31 57 33] Inv1.inv ab) -> ([#"../02_iter_mut.rs" 57 52 57 53] Inv0.inv b) -> ([#"../02_iter_mut.rs" 57 61 57 63] Inv1.inv bc) -> ([#"../02_iter_mut.rs" 57 82 57 83] Inv0.inv c) -> ([#"../02_iter_mut.rs" 56 14 56 42] Produces0.produces a (Seq.(++) ab bc) c) end module C02IterMut_Impl1_ProducesTrans type t @@ -616,22 +593,22 @@ module C02IterMut_Impl1_ProducesTrans type t = C02IterMut_IterMut_Type.t_itermut t clone C02IterMut_Impl1_Produces_Stub as Produces0 with type t = t - function produces_trans [#"../02_iter_mut.rs" 51 4 51 90] (a : C02IterMut_IterMut_Type.t_itermut t) (ab : Seq.seq (borrowed t)) (b : C02IterMut_IterMut_Type.t_itermut t) (bc : Seq.seq (borrowed t)) (c : C02IterMut_IterMut_Type.t_itermut t) : () + function produces_trans [#"../02_iter_mut.rs" 57 4 57 90] (a : C02IterMut_IterMut_Type.t_itermut t) (ab : Seq.seq (borrowed t)) (b : C02IterMut_IterMut_Type.t_itermut t) (bc : Seq.seq (borrowed t)) (c : C02IterMut_IterMut_Type.t_itermut t) : () = - [#"../02_iter_mut.rs" 46 4 46 10] () - val produces_trans [#"../02_iter_mut.rs" 51 4 51 90] (a : C02IterMut_IterMut_Type.t_itermut t) (ab : Seq.seq (borrowed t)) (b : C02IterMut_IterMut_Type.t_itermut t) (bc : Seq.seq (borrowed t)) (c : C02IterMut_IterMut_Type.t_itermut t) : () - requires {[#"../02_iter_mut.rs" 48 15 48 32] Produces0.produces a ab b} - requires {[#"../02_iter_mut.rs" 49 15 49 32] Produces0.produces b bc c} - requires {[#"../02_iter_mut.rs" 51 22 51 23] Inv0.inv a} - requires {[#"../02_iter_mut.rs" 51 31 51 33] Inv1.inv ab} - requires {[#"../02_iter_mut.rs" 51 52 51 53] Inv0.inv b} - requires {[#"../02_iter_mut.rs" 51 61 51 63] Inv1.inv bc} - requires {[#"../02_iter_mut.rs" 51 82 51 83] Inv0.inv c} - ensures { [#"../02_iter_mut.rs" 50 14 50 42] Produces0.produces a (Seq.(++) ab bc) c } + [#"../02_iter_mut.rs" 52 4 52 10] () + val produces_trans [#"../02_iter_mut.rs" 57 4 57 90] (a : C02IterMut_IterMut_Type.t_itermut t) (ab : Seq.seq (borrowed t)) (b : C02IterMut_IterMut_Type.t_itermut t) (bc : Seq.seq (borrowed t)) (c : C02IterMut_IterMut_Type.t_itermut t) : () + requires {[#"../02_iter_mut.rs" 54 15 54 32] Produces0.produces a ab b} + requires {[#"../02_iter_mut.rs" 55 15 55 32] Produces0.produces b bc c} + requires {[#"../02_iter_mut.rs" 57 22 57 23] Inv0.inv a} + requires {[#"../02_iter_mut.rs" 57 31 57 33] Inv1.inv ab} + requires {[#"../02_iter_mut.rs" 57 52 57 53] Inv0.inv b} + requires {[#"../02_iter_mut.rs" 57 61 57 63] Inv1.inv bc} + requires {[#"../02_iter_mut.rs" 57 82 57 83] Inv0.inv c} + ensures { [#"../02_iter_mut.rs" 56 14 56 42] Produces0.produces a (Seq.(++) ab bc) c } ensures { result = produces_trans a ab b bc c } - axiom produces_trans_spec : forall a : C02IterMut_IterMut_Type.t_itermut t, ab : Seq.seq (borrowed t), b : C02IterMut_IterMut_Type.t_itermut t, bc : Seq.seq (borrowed t), c : C02IterMut_IterMut_Type.t_itermut t . ([#"../02_iter_mut.rs" 48 15 48 32] Produces0.produces a ab b) -> ([#"../02_iter_mut.rs" 49 15 49 32] Produces0.produces b bc c) -> ([#"../02_iter_mut.rs" 51 22 51 23] Inv0.inv a) -> ([#"../02_iter_mut.rs" 51 31 51 33] Inv1.inv ab) -> ([#"../02_iter_mut.rs" 51 52 51 53] Inv0.inv b) -> ([#"../02_iter_mut.rs" 51 61 51 63] Inv1.inv bc) -> ([#"../02_iter_mut.rs" 51 82 51 83] Inv0.inv c) -> ([#"../02_iter_mut.rs" 50 14 50 42] Produces0.produces a (Seq.(++) ab bc) c) + axiom produces_trans_spec : forall a : C02IterMut_IterMut_Type.t_itermut t, ab : Seq.seq (borrowed t), b : C02IterMut_IterMut_Type.t_itermut t, bc : Seq.seq (borrowed t), c : C02IterMut_IterMut_Type.t_itermut t . ([#"../02_iter_mut.rs" 54 15 54 32] Produces0.produces a ab b) -> ([#"../02_iter_mut.rs" 55 15 55 32] Produces0.produces b bc c) -> ([#"../02_iter_mut.rs" 57 22 57 23] Inv0.inv a) -> ([#"../02_iter_mut.rs" 57 31 57 33] Inv1.inv ab) -> ([#"../02_iter_mut.rs" 57 52 57 53] Inv0.inv b) -> ([#"../02_iter_mut.rs" 57 61 57 63] Inv1.inv bc) -> ([#"../02_iter_mut.rs" 57 82 57 83] Inv0.inv c) -> ([#"../02_iter_mut.rs" 56 14 56 42] Produces0.produces a (Seq.(++) ab bc) c) end module C02IterMut_Impl1_ProducesTrans_Impl type t @@ -710,23 +687,23 @@ module C02IterMut_Impl1_ProducesTrans_Impl axiom . clone C02IterMut_Impl1_Produces as Produces0 with type t = t, + function ShallowModel0.shallow_model = ShallowModel0.shallow_model, function ToMutSeq0.to_mut_seq = ToMutSeq0.to_mut_seq, predicate Inv0.inv = Inv2.inv, - function ShallowModel0.shallow_model = ShallowModel0.shallow_model, function IndexLogic0.index_logic = IndexLogic0.index_logic, predicate Inv1.inv = Inv1.inv - let rec ghost function produces_trans [#"../02_iter_mut.rs" 51 4 51 90] (a : C02IterMut_IterMut_Type.t_itermut t) (ab : Seq.seq (borrowed t)) (b : C02IterMut_IterMut_Type.t_itermut t) (bc : Seq.seq (borrowed t)) (c : C02IterMut_IterMut_Type.t_itermut t) : () - requires {[#"../02_iter_mut.rs" 48 15 48 32] Produces0.produces a ab b} - requires {[#"../02_iter_mut.rs" 49 15 49 32] Produces0.produces b bc c} - requires {[#"../02_iter_mut.rs" 51 22 51 23] Inv0.inv a} - requires {[#"../02_iter_mut.rs" 51 31 51 33] Inv1.inv ab} - requires {[#"../02_iter_mut.rs" 51 52 51 53] Inv0.inv b} - requires {[#"../02_iter_mut.rs" 51 61 51 63] Inv1.inv bc} - requires {[#"../02_iter_mut.rs" 51 82 51 83] Inv0.inv c} - ensures { [#"../02_iter_mut.rs" 50 14 50 42] Produces0.produces a (Seq.(++) ab bc) c } + let rec ghost function produces_trans [#"../02_iter_mut.rs" 57 4 57 90] (a : C02IterMut_IterMut_Type.t_itermut t) (ab : Seq.seq (borrowed t)) (b : C02IterMut_IterMut_Type.t_itermut t) (bc : Seq.seq (borrowed t)) (c : C02IterMut_IterMut_Type.t_itermut t) : () + requires {[#"../02_iter_mut.rs" 54 15 54 32] Produces0.produces a ab b} + requires {[#"../02_iter_mut.rs" 55 15 55 32] Produces0.produces b bc c} + requires {[#"../02_iter_mut.rs" 57 22 57 23] Inv0.inv a} + requires {[#"../02_iter_mut.rs" 57 31 57 33] Inv1.inv ab} + requires {[#"../02_iter_mut.rs" 57 52 57 53] Inv0.inv b} + requires {[#"../02_iter_mut.rs" 57 61 57 63] Inv1.inv bc} + requires {[#"../02_iter_mut.rs" 57 82 57 83] Inv0.inv c} + ensures { [#"../02_iter_mut.rs" 56 14 56 42] Produces0.produces a (Seq.(++) ab bc) c } = [@vc:do_not_keep_trace] [@vc:sp] - [#"../02_iter_mut.rs" 46 4 46 10] () + [#"../02_iter_mut.rs" 52 4 52 10] () end module Core_Option_Option_Type type t_option 't = @@ -739,6 +716,28 @@ module Core_Option_Option_Type | C_Some a -> a end end +module CreusotContracts_Resolve_Impl1_Resolve_Stub + type t + use prelude.Borrow + predicate resolve (self : borrowed t) +end +module CreusotContracts_Resolve_Impl1_Resolve_Interface + type t + use prelude.Borrow + predicate resolve (self : borrowed t) + val resolve (self : borrowed t) : bool + ensures { result = resolve self } + +end +module CreusotContracts_Resolve_Impl1_Resolve + type t + use prelude.Borrow + predicate resolve (self : borrowed t) = + [#"../../../../../creusot-contracts/src/resolve.rs" 25 20 25 34] ^ self = * self + val resolve (self : borrowed t) : bool + ensures { result = resolve self } + +end module CreusotContracts_Logic_Seq_Impl0_Tail_Stub type t use seq.Seq @@ -793,7 +792,7 @@ module Core_Slice_Impl0_TakeFirstMut_Interface requires {Inv0.inv self} ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 271 18 278 9] match (result) with | Core_Option_Option_Type.C_Some r -> * r = IndexLogic0.index_logic ( * * self) 0 /\ ^ r = IndexLogic0.index_logic ( ^ * self) 0 /\ Seq.length (ShallowModel0.shallow_model ( * * self)) > 0 /\ Seq.length (ShallowModel0.shallow_model ( ^ * self)) > 0 /\ ShallowModel0.shallow_model ( * ^ self) = Tail0.tail (ShallowModel0.shallow_model ( * * self)) /\ ShallowModel0.shallow_model ( ^ ^ self) = Tail0.tail (ShallowModel0.shallow_model ( ^ * self)) - | Core_Option_Option_Type.C_None -> ^ self = * self /\ Seq.length (ShallowModel0.shallow_model ( * * self)) = 0 + | Core_Option_Option_Type.C_None -> Seq.length (ShallowModel0.shallow_model ( * ^ self)) = 0 /\ Seq.length (ShallowModel0.shallow_model ( ^ * self)) = 0 /\ Seq.length (ShallowModel0.shallow_model ( * * self)) = 0 /\ Seq.length (ShallowModel0.shallow_model ( ^ ^ self)) = 0 end } ensures { Inv1.inv result } @@ -821,13 +820,13 @@ module C02IterMut_Impl1_Next_Interface type t = t clone CreusotContracts_Invariant_Inv_Stub as Inv0 with type t = borrowed (C02IterMut_IterMut_Type.t_itermut t) - val next [#"../02_iter_mut.rs" 57 4 57 44] (self : borrowed (C02IterMut_IterMut_Type.t_itermut t)) : Core_Option_Option_Type.t_option (borrowed t) - requires {[#"../02_iter_mut.rs" 57 17 57 21] Inv0.inv self} - ensures { [#"../02_iter_mut.rs" 53 14 56 5] match (result) with + val next [#"../02_iter_mut.rs" 63 4 63 44] (self : borrowed (C02IterMut_IterMut_Type.t_itermut t)) : Core_Option_Option_Type.t_option (borrowed t) + requires {[#"../02_iter_mut.rs" 63 17 63 21] Inv0.inv self} + ensures { [#"../02_iter_mut.rs" 59 14 62 5] match (result) with | Core_Option_Option_Type.C_None -> Completed0.completed self | Core_Option_Option_Type.C_Some v -> Produces0.produces ( * self) (Seq.singleton v) ( ^ self) end } - ensures { [#"../02_iter_mut.rs" 57 26 57 44] Inv1.inv result } + ensures { [#"../02_iter_mut.rs" 63 26 63 44] Inv1.inv result } end module C02IterMut_Impl1_Next @@ -929,17 +928,16 @@ module C02IterMut_Impl1_Next axiom . clone C02IterMut_Impl1_Produces as Produces0 with type t = t, + function ShallowModel0.shallow_model = ShallowModel1.shallow_model, function ToMutSeq0.to_mut_seq = ToMutSeq0.to_mut_seq, predicate Inv0.inv = Inv0.inv, - function ShallowModel0.shallow_model = ShallowModel1.shallow_model, function IndexLogic0.index_logic = IndexLogic0.index_logic, predicate Inv1.inv = Inv6.inv - clone CreusotContracts_Resolve_Impl1_Resolve as Resolve0 with - type t = C02IterMut_IterMut_Type.t_itermut t clone C02IterMut_Impl1_Completed as Completed0 with type t = t, - predicate Resolve0.resolve = Resolve0.resolve, function ShallowModel0.shallow_model = ShallowModel1.shallow_model + clone CreusotContracts_Resolve_Impl1_Resolve as Resolve0 with + type t = C02IterMut_IterMut_Type.t_itermut t clone Core_Slice_Impl0_TakeFirstMut_Interface as TakeFirstMut0 with type t = t, predicate Inv0.inv = Inv3.inv, @@ -950,13 +948,13 @@ module C02IterMut_Impl1_Next predicate Inv2.inv = Inv4.inv, val Max0.mAX' = Max0.mAX', predicate Inv3.inv = Inv5.inv - let rec cfg next [#"../02_iter_mut.rs" 57 4 57 44] [@cfg:stackify] [@cfg:subregion_analysis] (self : borrowed (C02IterMut_IterMut_Type.t_itermut t)) : Core_Option_Option_Type.t_option (borrowed t) - requires {[#"../02_iter_mut.rs" 57 17 57 21] Inv1.inv self} - ensures { [#"../02_iter_mut.rs" 53 14 56 5] match (result) with + let rec cfg next [#"../02_iter_mut.rs" 63 4 63 44] [@cfg:stackify] [@cfg:subregion_analysis] (self : borrowed (C02IterMut_IterMut_Type.t_itermut t)) : Core_Option_Option_Type.t_option (borrowed t) + requires {[#"../02_iter_mut.rs" 63 17 63 21] Inv1.inv self} + ensures { [#"../02_iter_mut.rs" 59 14 62 5] match (result) with | Core_Option_Option_Type.C_None -> Completed0.completed self | Core_Option_Option_Type.C_Some v -> Produces0.produces ( * self) (Seq.singleton v) ( ^ self) end } - ensures { [#"../02_iter_mut.rs" 57 26 57 44] Inv2.inv result } + ensures { [#"../02_iter_mut.rs" 63 26 63 44] Inv2.inv result } = [@vc:do_not_keep_trace] [@vc:sp] var _0 : Core_Option_Option_Type.t_option (borrowed t); @@ -966,10 +964,10 @@ module C02IterMut_Impl1_Next goto BB0 } BB0 { - _3 <- Borrow.borrow_mut (C02IterMut_IterMut_Type.itermut_inner ( * self)); + _3 <- Borrow.borrow_final (C02IterMut_IterMut_Type.itermut_inner ( * self)) (Borrow.inherit_id (Borrow.get_id self) 1); self <- { self with current = (let C02IterMut_IterMut_Type.C_IterMut a = * self in C02IterMut_IterMut_Type.C_IterMut ( ^ _3)) ; }; assume { Inv0.inv ( ^ _3) }; - _0 <- ([#"../02_iter_mut.rs" 58 8 58 37] TakeFirstMut0.take_first_mut _3); + _0 <- ([#"../02_iter_mut.rs" 64 8 64 37] TakeFirstMut0.take_first_mut _3); _3 <- any borrowed (borrowed (slice t)); goto BB1 } @@ -985,10 +983,10 @@ module C02IterMut_Impl2_IntoIter_Interface use C02IterMut_IterMut_Type as C02IterMut_IterMut_Type clone CreusotContracts_Invariant_Inv_Stub as Inv0 with type t = C02IterMut_IterMut_Type.t_itermut t - val into_iter [#"../02_iter_mut.rs" 64 4 64 30] (self : C02IterMut_IterMut_Type.t_itermut t) : C02IterMut_IterMut_Type.t_itermut t - requires {[#"../02_iter_mut.rs" 64 17 64 21] Inv0.inv self} - ensures { [#"../02_iter_mut.rs" 63 14 63 28] result = self } - ensures { [#"../02_iter_mut.rs" 64 26 64 30] Inv0.inv result } + val into_iter [#"../02_iter_mut.rs" 70 4 70 30] (self : C02IterMut_IterMut_Type.t_itermut t) : C02IterMut_IterMut_Type.t_itermut t + requires {[#"../02_iter_mut.rs" 70 17 70 21] Inv0.inv self} + ensures { [#"../02_iter_mut.rs" 69 14 69 28] result = self } + ensures { [#"../02_iter_mut.rs" 70 26 70 30] Inv0.inv result } end module C02IterMut_Impl2_IntoIter @@ -1036,10 +1034,10 @@ module C02IterMut_Impl2_IntoIter predicate Invariant0.invariant' = Invariant0.invariant', predicate Inv1.inv = Inv1.inv, axiom . - let rec cfg into_iter [#"../02_iter_mut.rs" 64 4 64 30] [@cfg:stackify] [@cfg:subregion_analysis] (self : C02IterMut_IterMut_Type.t_itermut t) : C02IterMut_IterMut_Type.t_itermut t - requires {[#"../02_iter_mut.rs" 64 17 64 21] Inv0.inv self} - ensures { [#"../02_iter_mut.rs" 63 14 63 28] result = self } - ensures { [#"../02_iter_mut.rs" 64 26 64 30] Inv0.inv result } + let rec cfg into_iter [#"../02_iter_mut.rs" 70 4 70 30] [@cfg:stackify] [@cfg:subregion_analysis] (self : C02IterMut_IterMut_Type.t_itermut t) : C02IterMut_IterMut_Type.t_itermut t + requires {[#"../02_iter_mut.rs" 70 17 70 21] Inv0.inv self} + ensures { [#"../02_iter_mut.rs" 69 14 69 28] result = self } + ensures { [#"../02_iter_mut.rs" 70 26 70 30] Inv0.inv result } = [@vc:do_not_keep_trace] [@vc:sp] var _0 : C02IterMut_IterMut_Type.t_itermut t; @@ -1441,12 +1439,12 @@ module C02IterMut_IterMut_Interface type ShallowModelTy0.shallowModelTy = Seq.seq t clone CreusotContracts_Invariant_Inv_Stub as Inv0 with type t = borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) - val iter_mut [#"../02_iter_mut.rs" 72 0 72 55] (v : borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global))) : C02IterMut_IterMut_Type.t_itermut t - requires {[#"../02_iter_mut.rs" 72 19 72 20] Inv0.inv v} - ensures { [#"../02_iter_mut.rs" 69 10 69 29] ShallowModel0.shallow_model (C02IterMut_IterMut_Type.itermut_inner result) = ShallowModel1.shallow_model v } - ensures { [#"../02_iter_mut.rs" 70 10 70 35] ShallowModel2.shallow_model ( ^ C02IterMut_IterMut_Type.itermut_inner result) = ShallowModel3.shallow_model ( ^ v) } - ensures { [#"../02_iter_mut.rs" 71 10 71 33] Seq.length (ShallowModel3.shallow_model ( ^ v)) = Seq.length (ShallowModel1.shallow_model v) } - ensures { [#"../02_iter_mut.rs" 72 41 72 55] Inv1.inv result } + val iter_mut [#"../02_iter_mut.rs" 78 0 78 55] (v : borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global))) : C02IterMut_IterMut_Type.t_itermut t + requires {[#"../02_iter_mut.rs" 78 19 78 20] Inv0.inv v} + ensures { [#"../02_iter_mut.rs" 75 10 75 29] ShallowModel0.shallow_model (C02IterMut_IterMut_Type.itermut_inner result) = ShallowModel1.shallow_model v } + ensures { [#"../02_iter_mut.rs" 76 10 76 35] ShallowModel2.shallow_model ( ^ C02IterMut_IterMut_Type.itermut_inner result) = ShallowModel3.shallow_model ( ^ v) } + ensures { [#"../02_iter_mut.rs" 77 10 77 33] Seq.length (ShallowModel3.shallow_model ( ^ v)) = Seq.length (ShallowModel1.shallow_model v) } + ensures { [#"../02_iter_mut.rs" 78 41 78 55] Inv1.inv result } end module C02IterMut_IterMut @@ -1567,12 +1565,12 @@ module C02IterMut_IterMut predicate Inv3.inv = Inv0.inv, val Max0.mAX' = Max0.mAX', predicate Inv4.inv = Inv6.inv - let rec cfg iter_mut [#"../02_iter_mut.rs" 72 0 72 55] [@cfg:stackify] [@cfg:subregion_analysis] (v : borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global))) : C02IterMut_IterMut_Type.t_itermut t - requires {[#"../02_iter_mut.rs" 72 19 72 20] Inv3.inv v} - ensures { [#"../02_iter_mut.rs" 69 10 69 29] ShallowModel0.shallow_model (C02IterMut_IterMut_Type.itermut_inner result) = ShallowModel1.shallow_model v } - ensures { [#"../02_iter_mut.rs" 70 10 70 35] ShallowModel2.shallow_model ( ^ C02IterMut_IterMut_Type.itermut_inner result) = ShallowModel3.shallow_model ( ^ v) } - ensures { [#"../02_iter_mut.rs" 71 10 71 33] Seq.length (ShallowModel3.shallow_model ( ^ v)) = Seq.length (ShallowModel1.shallow_model v) } - ensures { [#"../02_iter_mut.rs" 72 41 72 55] Inv4.inv result } + let rec cfg iter_mut [#"../02_iter_mut.rs" 78 0 78 55] [@cfg:stackify] [@cfg:subregion_analysis] (v : borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global))) : C02IterMut_IterMut_Type.t_itermut t + requires {[#"../02_iter_mut.rs" 78 19 78 20] Inv3.inv v} + ensures { [#"../02_iter_mut.rs" 75 10 75 29] ShallowModel0.shallow_model (C02IterMut_IterMut_Type.itermut_inner result) = ShallowModel1.shallow_model v } + ensures { [#"../02_iter_mut.rs" 76 10 76 35] ShallowModel2.shallow_model ( ^ C02IterMut_IterMut_Type.itermut_inner result) = ShallowModel3.shallow_model ( ^ v) } + ensures { [#"../02_iter_mut.rs" 77 10 77 33] Seq.length (ShallowModel3.shallow_model ( ^ v)) = Seq.length (ShallowModel1.shallow_model v) } + ensures { [#"../02_iter_mut.rs" 78 41 78 55] Inv4.inv result } = [@vc:do_not_keep_trace] [@vc:sp] var _0 : C02IterMut_IterMut_Type.t_itermut t; @@ -1585,18 +1583,18 @@ module C02IterMut_IterMut goto BB0 } BB0 { - _8 <- Borrow.borrow_mut ( * v); + _8 <- Borrow.borrow_final ( * v) (Borrow.get_id v); v <- { v with current = ( ^ _8) ; }; assume { Inv0.inv ( ^ _8) }; - _7 <- ([#"../02_iter_mut.rs" 73 26 73 31] IndexMut0.index_mut _8 (Core_Ops_Range_RangeFull_Type.C_RangeFull)); + _7 <- ([#"../02_iter_mut.rs" 79 26 79 31] IndexMut0.index_mut _8 (Core_Ops_Range_RangeFull_Type.C_RangeFull)); _8 <- any borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)); goto BB1 } BB1 { - _6 <- Borrow.borrow_mut ( * _7); + _6 <- Borrow.borrow_final ( * _7) (Borrow.get_id _7); _7 <- { _7 with current = ( ^ _6) ; }; assume { Inv1.inv ( ^ _6) }; - _5 <- Borrow.borrow_mut ( * _6); + _5 <- Borrow.borrow_final ( * _6) (Borrow.get_id _6); _6 <- { _6 with current = ( ^ _5) ; }; assume { Inv1.inv ( ^ _5) }; _0 <- C02IterMut_IterMut_Type.C_IterMut _5; @@ -1707,9 +1705,9 @@ module C02IterMut_AllZero_Interface val Max0.mAX' = Max0.mAX', predicate Inv1.inv = Inv1.inv, axiom . - val all_zero [#"../02_iter_mut.rs" 78 0 78 35] (v : borrowed (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global))) : () - ensures { [#"../02_iter_mut.rs" 76 10 76 33] Seq.length (ShallowModel0.shallow_model ( ^ v)) = Seq.length (ShallowModel1.shallow_model v) } - ensures { [#"../02_iter_mut.rs" 77 0 77 66] forall i : int . 0 <= i /\ i < Seq.length (ShallowModel1.shallow_model v) -> UIntSize.to_int (IndexLogic0.index_logic ( ^ v) i) = 0 } + val all_zero [#"../02_iter_mut.rs" 84 0 84 35] (v : borrowed (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global))) : () + ensures { [#"../02_iter_mut.rs" 82 10 82 33] Seq.length (ShallowModel0.shallow_model ( ^ v)) = Seq.length (ShallowModel1.shallow_model v) } + ensures { [#"../02_iter_mut.rs" 83 0 83 66] forall i : int . 0 <= i /\ i < Seq.length (ShallowModel1.shallow_model v) -> UIntSize.to_int (IndexLogic0.index_logic ( ^ v) i) = 0 } end module C02IterMut_AllZero @@ -1733,8 +1731,6 @@ module C02IterMut_AllZero predicate Inv0.inv = Inv8.inv, axiom . use C02IterMut_IterMut_Type as C02IterMut_IterMut_Type - clone CreusotContracts_Resolve_Impl1_Resolve as Resolve2 with - type t = C02IterMut_IterMut_Type.t_itermut usize clone CreusotContracts_Invariant_Inv_Interface as Inv0 with type t = C02IterMut_IterMut_Type.t_itermut usize clone CreusotContracts_Invariant_Inv_Interface as Inv7 with @@ -1802,7 +1798,6 @@ module C02IterMut_AllZero function ShallowModel0.shallow_model = ShallowModel3.shallow_model clone C02IterMut_Impl1_Completed as Completed0 with type t = usize, - predicate Resolve0.resolve = Resolve2.resolve, function ShallowModel0.shallow_model = ShallowModel2.shallow_model clone CreusotContracts_Logic_Ops_Impl2_IndexLogic as IndexLogic2 with type t = usize, @@ -1819,9 +1814,9 @@ module C02IterMut_AllZero axiom . clone C02IterMut_Impl1_Produces as Produces0 with type t = usize, + function ShallowModel0.shallow_model = ShallowModel2.shallow_model, function ToMutSeq0.to_mut_seq = ToMutSeq0.to_mut_seq, predicate Inv0.inv = Inv5.inv, - function ShallowModel0.shallow_model = ShallowModel2.shallow_model, function IndexLogic0.index_logic = IndexLogic2.index_logic, predicate Inv1.inv = Inv6.inv clone C02IterMut_Impl1_ProducesTrans as ProducesTrans0 with @@ -1886,9 +1881,9 @@ module C02IterMut_AllZero val Max0.mAX' = Max0.mAX', predicate Inv3.inv = Inv3.inv, predicate Inv4.inv = Inv4.inv - let rec cfg all_zero [#"../02_iter_mut.rs" 78 0 78 35] [@cfg:stackify] [@cfg:subregion_analysis] (v : borrowed (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global))) : () - ensures { [#"../02_iter_mut.rs" 76 10 76 33] Seq.length (ShallowModel0.shallow_model ( ^ v)) = Seq.length (ShallowModel1.shallow_model v) } - ensures { [#"../02_iter_mut.rs" 77 0 77 66] forall i : int . 0 <= i /\ i < Seq.length (ShallowModel1.shallow_model v) -> UIntSize.to_int (IndexLogic1.index_logic ( ^ v) i) = 0 } + let rec cfg all_zero [#"../02_iter_mut.rs" 84 0 84 35] [@cfg:stackify] [@cfg:subregion_analysis] (v : borrowed (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global))) : () + ensures { [#"../02_iter_mut.rs" 82 10 82 33] Seq.length (ShallowModel0.shallow_model ( ^ v)) = Seq.length (ShallowModel1.shallow_model v) } + ensures { [#"../02_iter_mut.rs" 83 0 83 66] forall i : int . 0 <= i /\ i < Seq.length (ShallowModel1.shallow_model v) -> UIntSize.to_int (IndexLogic1.index_logic ( ^ v) i) = 0 } = [@vc:do_not_keep_trace] [@vc:sp] var _0 : (); @@ -1906,39 +1901,39 @@ module C02IterMut_AllZero goto BB0 } BB0 { - _6 <- Borrow.borrow_mut ( * v); + _6 <- Borrow.borrow_final ( * v) (Borrow.get_id v); v <- { v with current = ( ^ _6) ; }; - _5 <- ([#"../02_iter_mut.rs" 79 17 79 28] IterMut0.iter_mut _6); + _5 <- ([#"../02_iter_mut.rs" 85 17 85 28] IterMut0.iter_mut _6); _6 <- any borrowed (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)); goto BB1 } BB1 { - it <- ([#"../02_iter_mut.rs" 79 17 79 40] IntoIter0.into_iter _5); + it <- ([#"../02_iter_mut.rs" 85 17 85 40] IntoIter0.into_iter _5); _5 <- any C02IterMut_IterMut_Type.t_itermut usize; goto BB2 } BB2 { - iter_old <- ([#"../02_iter_mut.rs" 80 19 80 29] Ghost.new it); + iter_old <- ([#"../02_iter_mut.rs" 86 19 86 29] Ghost.new it); goto BB3 } BB3 { - produced <- ([#"../02_iter_mut.rs" 81 23 81 41] Ghost.new (Seq.empty )); + produced <- ([#"../02_iter_mut.rs" 87 23 87 41] Ghost.new (Seq.empty )); goto BB4 } BB4 { goto BB5 } BB5 { - invariant { [#"../02_iter_mut.rs" 82 16 82 23] Inv0.inv it }; - invariant { [#"../02_iter_mut.rs" 83 16 83 55] Produces0.produces (Ghost.inner iter_old) (Ghost.inner produced) it }; - invariant { [#"../02_iter_mut.rs" 82 4 82 25] forall i : int . 0 <= i /\ i < Seq.length (Ghost.inner produced) -> UIntSize.to_int ( ^ IndexLogic0.index_logic produced i) = 0 }; + invariant { [#"../02_iter_mut.rs" 88 16 88 23] Inv0.inv it }; + invariant { [#"../02_iter_mut.rs" 89 16 89 55] Produces0.produces (Ghost.inner iter_old) (Ghost.inner produced) it }; + invariant { [#"../02_iter_mut.rs" 88 4 88 25] forall i : int . 0 <= i /\ i < Seq.length (Ghost.inner produced) -> UIntSize.to_int ( ^ IndexLogic0.index_logic produced i) = 0 }; goto BB6 } BB6 { _16 <- Borrow.borrow_mut it; it <- ^ _16; assume { Inv0.inv ( ^ _16) }; - _15 <- ([#"../02_iter_mut.rs" 86 14 86 23] Next0.next _16); + _15 <- ([#"../02_iter_mut.rs" 92 14 92 23] Next0.next _16); _16 <- any borrowed (C02IterMut_IterMut_Type.t_itermut usize); goto BB7 } @@ -1963,13 +1958,13 @@ module C02IterMut_AllZero BB11 { x <- Core_Option_Option_Type.some_0 _15; _15 <- (let Core_Option_Option_Type.C_Some a = _15 in Core_Option_Option_Type.C_Some (any borrowed usize)); - _19 <- ([#"../02_iter_mut.rs" 88 27 88 69] Ghost.new (Seq.(++) (Ghost.inner produced) (Seq.singleton x))); + _19 <- ([#"../02_iter_mut.rs" 94 27 94 69] Ghost.new (Seq.(++) (Ghost.inner produced) (Seq.singleton x))); goto BB12 } BB12 { produced <- _19; _19 <- any Ghost.ghost_ty (Seq.seq (borrowed usize)); - x <- { x with current = ([#"../02_iter_mut.rs" 89 21 89 22] (0 : usize)) ; }; + x <- { x with current = ([#"../02_iter_mut.rs" 95 21 95 22] (0 : usize)) ; }; assume { Resolve0.resolve x }; goto BB5 } @@ -2003,18 +1998,18 @@ module C02IterMut_Impl1 predicate Inv0.inv = Inv5.inv, axiom . clone Core_Num_Impl11_Max as Max0 - clone CreusotContracts_Std1_Slice_Impl0_ShallowModel_Interface as ShallowModel1 with - type t = t, - predicate Inv0.inv = Inv6.inv, - val Max0.mAX' = Max0.mAX', - predicate Inv1.inv = Inv7.inv, - axiom . clone CreusotContracts_Invariant_Inv_Interface as Inv4 with type t = borrowed (slice t) clone TyInv_Trivial as TyInv_Trivial2 with type t = borrowed (slice t), predicate Inv0.inv = Inv4.inv, axiom . + clone CreusotContracts_Std1_Slice_Impl0_ShallowModel_Interface as ShallowModel1 with + type t = t, + predicate Inv0.inv = Inv6.inv, + val Max0.mAX' = Max0.mAX', + predicate Inv1.inv = Inv7.inv, + axiom . use C02IterMut_IterMut_Type as C02IterMut_IterMut_Type clone C02IterMut_Impl0_Invariant as Invariant0 with type t = t, @@ -2028,8 +2023,6 @@ module C02IterMut_Impl1 type t = Seq.seq (borrowed t), predicate Inv0.inv = Inv3.inv, axiom . - clone CreusotContracts_Resolve_Impl1_Resolve as Resolve0 with - type t = C02IterMut_IterMut_Type.t_itermut t use Core_Option_Option_Type as Core_Option_Option_Type clone CreusotContracts_Invariant_Inv_Interface as Inv2 with type t = Core_Option_Option_Type.t_option (borrowed t) @@ -2071,22 +2064,21 @@ module C02IterMut_Impl1 axiom . clone C02IterMut_Impl1_Completed as Completed0 with type t = t, - predicate Resolve0.resolve = Resolve0.resolve, function ShallowModel0.shallow_model = ShallowModel0.shallow_model clone C02IterMut_Impl1_Produces as Produces0 with type t = t, + function ShallowModel0.shallow_model = ShallowModel0.shallow_model, function ToMutSeq0.to_mut_seq = ToMutSeq0.to_mut_seq, predicate Inv0.inv = Inv4.inv, - function ShallowModel0.shallow_model = ShallowModel0.shallow_model, function IndexLogic0.index_logic = IndexLogic0.index_logic, predicate Inv1.inv = Inv3.inv - goal produces_refl_refn : [#"../02_iter_mut.rs" 44 4 44 29] forall a : C02IterMut_IterMut_Type.t_itermut t . Inv0.inv a -> Inv0.inv a /\ (forall result : () . Produces0.produces a (Seq.empty ) a -> Produces0.produces a (Seq.empty ) a) - goal next_refn : [#"../02_iter_mut.rs" 57 4 57 44] forall self : borrowed (C02IterMut_IterMut_Type.t_itermut t) . Inv1.inv self -> Inv1.inv self /\ (forall result : Core_Option_Option_Type.t_option (borrowed t) . Inv2.inv result /\ match (result) with + goal produces_refl_refn : [#"../02_iter_mut.rs" 50 4 50 29] forall a : C02IterMut_IterMut_Type.t_itermut t . Inv0.inv a -> Inv0.inv a /\ (forall result : () . Produces0.produces a (Seq.empty ) a -> Produces0.produces a (Seq.empty ) a) + goal next_refn : [#"../02_iter_mut.rs" 63 4 63 44] forall self : borrowed (C02IterMut_IterMut_Type.t_itermut t) . Inv1.inv self -> Inv1.inv self /\ (forall result : Core_Option_Option_Type.t_option (borrowed t) . Inv2.inv result /\ match (result) with | Core_Option_Option_Type.C_None -> Completed0.completed self | Core_Option_Option_Type.C_Some v -> Produces0.produces ( * self) (Seq.singleton v) ( ^ self) end -> Inv2.inv result /\ match (result) with | Core_Option_Option_Type.C_None -> Completed0.completed self | Core_Option_Option_Type.C_Some v -> Produces0.produces ( * self) (Seq.singleton v) ( ^ self) end) - goal produces_trans_refn : [#"../02_iter_mut.rs" 51 4 51 90] forall a : C02IterMut_IterMut_Type.t_itermut t . forall ab : Seq.seq (borrowed t) . forall b : C02IterMut_IterMut_Type.t_itermut t . forall bc : Seq.seq (borrowed t) . forall c : C02IterMut_IterMut_Type.t_itermut t . Inv0.inv c /\ Inv3.inv bc /\ Inv0.inv b /\ Inv3.inv ab /\ Inv0.inv a /\ Produces0.produces b bc c /\ Produces0.produces a ab b -> Inv0.inv c /\ Inv3.inv bc /\ Inv0.inv b /\ Inv3.inv ab /\ Inv0.inv a /\ Produces0.produces b bc c /\ Produces0.produces a ab b /\ (forall result : () . Produces0.produces a (Seq.(++) ab bc) c -> Produces0.produces a (Seq.(++) ab bc) c) + goal produces_trans_refn : [#"../02_iter_mut.rs" 57 4 57 90] forall a : C02IterMut_IterMut_Type.t_itermut t . forall ab : Seq.seq (borrowed t) . forall b : C02IterMut_IterMut_Type.t_itermut t . forall bc : Seq.seq (borrowed t) . forall c : C02IterMut_IterMut_Type.t_itermut t . Inv0.inv c /\ Inv3.inv bc /\ Inv0.inv b /\ Inv3.inv ab /\ Inv0.inv a /\ Produces0.produces b bc c /\ Produces0.produces a ab b -> Inv0.inv c /\ Inv3.inv bc /\ Inv0.inv b /\ Inv3.inv ab /\ Inv0.inv a /\ Produces0.produces b bc c /\ Produces0.produces a ab b /\ (forall result : () . Produces0.produces a (Seq.(++) ab bc) c -> Produces0.produces a (Seq.(++) ab bc) c) end diff --git a/creusot/tests/should_succeed/iterators/02_iter_mut.rs b/creusot/tests/should_succeed/iterators/02_iter_mut.rs index 594dfcfe70..cd7c571076 100644 --- a/creusot/tests/should_succeed/iterators/02_iter_mut.rs +++ b/creusot/tests/should_succeed/iterators/02_iter_mut.rs @@ -29,13 +29,19 @@ impl<'a, T> Iterator for IterMut<'a, T> { #[open] #[predicate] fn completed(&mut self) -> bool { - pearlite! { self.resolve() && self.inner@.ext_eq(Seq::EMPTY) } + pearlite! { (*self).inner@ == (^self).inner@ && self.inner@.ext_eq(Seq::EMPTY) } } #[open] #[predicate] fn produces(self, visited: Seq, tl: Self) -> bool { - self.inner.to_mut_seq().ext_eq(visited.concat(tl.inner.to_mut_seq())) + pearlite! { + self.inner@.len() == visited.len() + tl.inner@.len() && + (forall 0 <= i && i < self.inner@.len() ==> + *self.inner.to_mut_seq()[i] == *visited.concat(tl.inner.to_mut_seq())[i] && + ^self.inner.to_mut_seq()[i] == ^visited.concat(tl.inner.to_mut_seq())[i] + ) + } } #[law] diff --git a/creusot/tests/should_succeed/iterators/02_iter_mut/why3session.xml b/creusot/tests/should_succeed/iterators/02_iter_mut/why3session.xml index ab02f40f50..64a724261b 100644 --- a/creusot/tests/should_succeed/iterators/02_iter_mut/why3session.xml +++ b/creusot/tests/should_succeed/iterators/02_iter_mut/why3session.xml @@ -37,7 +37,7 @@ - + @@ -89,13 +89,13 @@ - + - + - + diff --git a/creusot/tests/should_succeed/iterators/03_std_iterators.mlcfg b/creusot/tests/should_succeed/iterators/03_std_iterators.mlcfg index d30753b61d..b36fa39201 100644 --- a/creusot/tests/should_succeed/iterators/03_std_iterators.mlcfg +++ b/creusot/tests/should_succeed/iterators/03_std_iterators.mlcfg @@ -366,7 +366,7 @@ module CreusotContracts_Std1_Slice_Impl14_Produces predicate produces (self : Core_Slice_Iter_Iter_Type.t_iter t) (visited : Seq.seq t) (tl : Core_Slice_Iter_Iter_Type.t_iter t) = - [#"../../../../../creusot-contracts/src/std/slice.rs" 379 12 379 66] ToRefSeq0.to_ref_seq (ShallowModel0.shallow_model self) = Seq.(++) visited (ToRefSeq0.to_ref_seq (ShallowModel0.shallow_model tl)) + [#"../../../../../creusot-contracts/src/std/slice.rs" 380 12 380 66] ToRefSeq0.to_ref_seq (ShallowModel0.shallow_model self) = Seq.(++) visited (ToRefSeq0.to_ref_seq (ShallowModel0.shallow_model tl)) val produces (self : Core_Slice_Iter_Iter_Type.t_iter t) (visited : Seq.seq t) (tl : Core_Slice_Iter_Iter_Type.t_iter t) : bool ensures { result = produces self visited tl } @@ -636,10 +636,10 @@ module CreusotContracts_Std1_Slice_Impl14_ProducesRefl_Interface type t = t function produces_refl (a : Core_Slice_Iter_Iter_Type.t_iter t) : () val produces_refl (a : Core_Slice_Iter_Iter_Type.t_iter t) : () - ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 385 14 385 39] Produces0.produces a (Seq.empty ) a } + ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 386 14 386 39] Produces0.produces a (Seq.empty ) a } ensures { result = produces_refl a } - axiom produces_refl_spec : forall a : Core_Slice_Iter_Iter_Type.t_iter t . [#"../../../../../creusot-contracts/src/std/slice.rs" 385 14 385 39] Produces0.produces a (Seq.empty ) a + axiom produces_refl_spec : forall a : Core_Slice_Iter_Iter_Type.t_iter t . [#"../../../../../creusot-contracts/src/std/slice.rs" 386 14 386 39] Produces0.produces a (Seq.empty ) a end module CreusotContracts_Std1_Slice_Impl14_ProducesRefl type t @@ -648,12 +648,12 @@ module CreusotContracts_Std1_Slice_Impl14_ProducesRefl clone CreusotContracts_Std1_Slice_Impl14_Produces_Stub as Produces0 with type t = t function produces_refl (a : Core_Slice_Iter_Iter_Type.t_iter t) : () = - [#"../../../../../creusot-contracts/src/std/slice.rs" 383 4 383 10] () + [#"../../../../../creusot-contracts/src/std/slice.rs" 384 4 384 10] () val produces_refl (a : Core_Slice_Iter_Iter_Type.t_iter t) : () - ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 385 14 385 39] Produces0.produces a (Seq.empty ) a } + ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 386 14 386 39] Produces0.produces a (Seq.empty ) a } ensures { result = produces_refl a } - axiom produces_refl_spec : forall a : Core_Slice_Iter_Iter_Type.t_iter t . [#"../../../../../creusot-contracts/src/std/slice.rs" 385 14 385 39] Produces0.produces a (Seq.empty ) a + axiom produces_refl_spec : forall a : Core_Slice_Iter_Iter_Type.t_iter t . [#"../../../../../creusot-contracts/src/std/slice.rs" 386 14 386 39] Produces0.produces a (Seq.empty ) a end module CreusotContracts_Std1_Slice_Impl14_ProducesTrans_Stub type t @@ -681,14 +681,14 @@ module CreusotContracts_Std1_Slice_Impl14_ProducesTrans_Interface function produces_trans (a : Core_Slice_Iter_Iter_Type.t_iter t) (ab : Seq.seq t) (b : Core_Slice_Iter_Iter_Type.t_iter t) (bc : Seq.seq t) (c : Core_Slice_Iter_Iter_Type.t_iter t) : () val produces_trans (a : Core_Slice_Iter_Iter_Type.t_iter t) (ab : Seq.seq t) (b : Core_Slice_Iter_Iter_Type.t_iter t) (bc : Seq.seq t) (c : Core_Slice_Iter_Iter_Type.t_iter t) : () - requires {[#"../../../../../creusot-contracts/src/std/slice.rs" 390 15 390 32] Produces0.produces a ab b} - requires {[#"../../../../../creusot-contracts/src/std/slice.rs" 391 15 391 32] Produces0.produces b bc c} - requires {[#"../../../../../creusot-contracts/src/std/slice.rs" 393 31 393 33] Inv0.inv ab} - requires {[#"../../../../../creusot-contracts/src/std/slice.rs" 393 61 393 63] Inv0.inv bc} - ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 392 14 392 42] Produces0.produces a (Seq.(++) ab bc) c } + requires {[#"../../../../../creusot-contracts/src/std/slice.rs" 391 15 391 32] Produces0.produces a ab b} + requires {[#"../../../../../creusot-contracts/src/std/slice.rs" 392 15 392 32] Produces0.produces b bc c} + requires {[#"../../../../../creusot-contracts/src/std/slice.rs" 394 31 394 33] Inv0.inv ab} + requires {[#"../../../../../creusot-contracts/src/std/slice.rs" 394 61 394 63] Inv0.inv bc} + ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 393 14 393 42] Produces0.produces a (Seq.(++) ab bc) c } ensures { result = produces_trans a ab b bc c } - axiom produces_trans_spec : forall a : Core_Slice_Iter_Iter_Type.t_iter t, ab : Seq.seq t, b : Core_Slice_Iter_Iter_Type.t_iter t, bc : Seq.seq t, c : Core_Slice_Iter_Iter_Type.t_iter t . ([#"../../../../../creusot-contracts/src/std/slice.rs" 390 15 390 32] Produces0.produces a ab b) -> ([#"../../../../../creusot-contracts/src/std/slice.rs" 391 15 391 32] Produces0.produces b bc c) -> ([#"../../../../../creusot-contracts/src/std/slice.rs" 393 31 393 33] Inv0.inv ab) -> ([#"../../../../../creusot-contracts/src/std/slice.rs" 393 61 393 63] Inv0.inv bc) -> ([#"../../../../../creusot-contracts/src/std/slice.rs" 392 14 392 42] Produces0.produces a (Seq.(++) ab bc) c) + axiom produces_trans_spec : forall a : Core_Slice_Iter_Iter_Type.t_iter t, ab : Seq.seq t, b : Core_Slice_Iter_Iter_Type.t_iter t, bc : Seq.seq t, c : Core_Slice_Iter_Iter_Type.t_iter t . ([#"../../../../../creusot-contracts/src/std/slice.rs" 391 15 391 32] Produces0.produces a ab b) -> ([#"../../../../../creusot-contracts/src/std/slice.rs" 392 15 392 32] Produces0.produces b bc c) -> ([#"../../../../../creusot-contracts/src/std/slice.rs" 394 31 394 33] Inv0.inv ab) -> ([#"../../../../../creusot-contracts/src/std/slice.rs" 394 61 394 63] Inv0.inv bc) -> ([#"../../../../../creusot-contracts/src/std/slice.rs" 393 14 393 42] Produces0.produces a (Seq.(++) ab bc) c) end module CreusotContracts_Std1_Slice_Impl14_ProducesTrans type t @@ -703,16 +703,16 @@ module CreusotContracts_Std1_Slice_Impl14_ProducesTrans function produces_trans (a : Core_Slice_Iter_Iter_Type.t_iter t) (ab : Seq.seq t) (b : Core_Slice_Iter_Iter_Type.t_iter t) (bc : Seq.seq t) (c : Core_Slice_Iter_Iter_Type.t_iter t) : () = - [#"../../../../../creusot-contracts/src/std/slice.rs" 388 4 388 10] () + [#"../../../../../creusot-contracts/src/std/slice.rs" 389 4 389 10] () val produces_trans (a : Core_Slice_Iter_Iter_Type.t_iter t) (ab : Seq.seq t) (b : Core_Slice_Iter_Iter_Type.t_iter t) (bc : Seq.seq t) (c : Core_Slice_Iter_Iter_Type.t_iter t) : () - requires {[#"../../../../../creusot-contracts/src/std/slice.rs" 390 15 390 32] Produces0.produces a ab b} - requires {[#"../../../../../creusot-contracts/src/std/slice.rs" 391 15 391 32] Produces0.produces b bc c} - requires {[#"../../../../../creusot-contracts/src/std/slice.rs" 393 31 393 33] Inv0.inv ab} - requires {[#"../../../../../creusot-contracts/src/std/slice.rs" 393 61 393 63] Inv0.inv bc} - ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 392 14 392 42] Produces0.produces a (Seq.(++) ab bc) c } + requires {[#"../../../../../creusot-contracts/src/std/slice.rs" 391 15 391 32] Produces0.produces a ab b} + requires {[#"../../../../../creusot-contracts/src/std/slice.rs" 392 15 392 32] Produces0.produces b bc c} + requires {[#"../../../../../creusot-contracts/src/std/slice.rs" 394 31 394 33] Inv0.inv ab} + requires {[#"../../../../../creusot-contracts/src/std/slice.rs" 394 61 394 63] Inv0.inv bc} + ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 393 14 393 42] Produces0.produces a (Seq.(++) ab bc) c } ensures { result = produces_trans a ab b bc c } - axiom produces_trans_spec : forall a : Core_Slice_Iter_Iter_Type.t_iter t, ab : Seq.seq t, b : Core_Slice_Iter_Iter_Type.t_iter t, bc : Seq.seq t, c : Core_Slice_Iter_Iter_Type.t_iter t . ([#"../../../../../creusot-contracts/src/std/slice.rs" 390 15 390 32] Produces0.produces a ab b) -> ([#"../../../../../creusot-contracts/src/std/slice.rs" 391 15 391 32] Produces0.produces b bc c) -> ([#"../../../../../creusot-contracts/src/std/slice.rs" 393 31 393 33] Inv0.inv ab) -> ([#"../../../../../creusot-contracts/src/std/slice.rs" 393 61 393 63] Inv0.inv bc) -> ([#"../../../../../creusot-contracts/src/std/slice.rs" 392 14 392 42] Produces0.produces a (Seq.(++) ab bc) c) + axiom produces_trans_spec : forall a : Core_Slice_Iter_Iter_Type.t_iter t, ab : Seq.seq t, b : Core_Slice_Iter_Iter_Type.t_iter t, bc : Seq.seq t, c : Core_Slice_Iter_Iter_Type.t_iter t . ([#"../../../../../creusot-contracts/src/std/slice.rs" 391 15 391 32] Produces0.produces a ab b) -> ([#"../../../../../creusot-contracts/src/std/slice.rs" 392 15 392 32] Produces0.produces b bc c) -> ([#"../../../../../creusot-contracts/src/std/slice.rs" 394 31 394 33] Inv0.inv ab) -> ([#"../../../../../creusot-contracts/src/std/slice.rs" 394 61 394 63] Inv0.inv bc) -> ([#"../../../../../creusot-contracts/src/std/slice.rs" 393 14 393 42] Produces0.produces a (Seq.(++) ab bc) c) end module C03StdIterators_SliceIter_Interface type t @@ -936,7 +936,7 @@ module C03StdIterators_SliceIter BB6 { _19 <- Borrow.borrow_mut iter; iter <- ^ _19; - _18 <- Borrow.borrow_mut ( * _19); + _18 <- Borrow.borrow_final ( * _19) (Borrow.get_id _19); _19 <- { _19 with current = ( ^ _18) ; }; _17 <- ([#"../03_std_iterators.rs" 8 4 8 38] Next0.next _18); _18 <- any borrowed (Core_Slice_Iter_Iter_Type.t_iter t); @@ -1405,7 +1405,7 @@ module C03StdIterators_VecIter BB5 { _18 <- Borrow.borrow_mut iter; iter <- ^ _18; - _17 <- Borrow.borrow_mut ( * _18); + _17 <- Borrow.borrow_final ( * _18) (Borrow.get_id _18); _18 <- { _18 with current = ( ^ _17) ; }; _16 <- ([#"../03_std_iterators.rs" 19 4 19 38] Next0.next _17); _17 <- any borrowed (Core_Slice_Iter_Iter_Type.t_iter t); @@ -1548,11 +1548,11 @@ module CreusotContracts_Std1_Slice_Impl15_ShallowModel_Interface axiom . function shallow_model (self : Core_Slice_Iter_IterMut_Type.t_itermut t) : borrowed (slice t) val shallow_model (self : Core_Slice_Iter_IterMut_Type.t_itermut t) : borrowed (slice t) - ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 402 14 402 50] Seq.length (ShallowModel0.shallow_model ( ^ result)) = Seq.length (ShallowModel0.shallow_model ( * result)) } - ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 403 4 403 50] Inv0.inv result } + ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 403 14 403 50] Seq.length (ShallowModel0.shallow_model ( ^ result)) = Seq.length (ShallowModel0.shallow_model ( * result)) } + ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 404 4 404 50] Inv0.inv result } ensures { result = shallow_model self } - axiom shallow_model_spec : forall self : Core_Slice_Iter_IterMut_Type.t_itermut t . ([#"../../../../../creusot-contracts/src/std/slice.rs" 403 4 403 50] Inv0.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 402 14 402 50] Seq.length (ShallowModel0.shallow_model ( ^ shallow_model self)) = Seq.length (ShallowModel0.shallow_model ( * shallow_model self))) + axiom shallow_model_spec : forall self : Core_Slice_Iter_IterMut_Type.t_itermut t . ([#"../../../../../creusot-contracts/src/std/slice.rs" 404 4 404 50] Inv0.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 403 14 403 50] Seq.length (ShallowModel0.shallow_model ( ^ shallow_model self)) = Seq.length (ShallowModel0.shallow_model ( * shallow_model self))) end module CreusotContracts_Std1_Slice_Impl15_ShallowModel type t @@ -1576,11 +1576,11 @@ module CreusotContracts_Std1_Slice_Impl15_ShallowModel axiom . function shallow_model (self : Core_Slice_Iter_IterMut_Type.t_itermut t) : borrowed (slice t) val shallow_model (self : Core_Slice_Iter_IterMut_Type.t_itermut t) : borrowed (slice t) - ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 402 14 402 50] Seq.length (ShallowModel0.shallow_model ( ^ result)) = Seq.length (ShallowModel0.shallow_model ( * result)) } - ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 403 4 403 50] Inv0.inv result } + ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 403 14 403 50] Seq.length (ShallowModel0.shallow_model ( ^ result)) = Seq.length (ShallowModel0.shallow_model ( * result)) } + ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 404 4 404 50] Inv0.inv result } ensures { result = shallow_model self } - axiom shallow_model_spec : forall self : Core_Slice_Iter_IterMut_Type.t_itermut t . ([#"../../../../../creusot-contracts/src/std/slice.rs" 403 4 403 50] Inv0.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 402 14 402 50] Seq.length (ShallowModel0.shallow_model ( ^ shallow_model self)) = Seq.length (ShallowModel0.shallow_model ( * shallow_model self))) + axiom shallow_model_spec : forall self : Core_Slice_Iter_IterMut_Type.t_itermut t . ([#"../../../../../creusot-contracts/src/std/slice.rs" 404 4 404 50] Inv0.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 403 14 403 50] Seq.length (ShallowModel0.shallow_model ( ^ shallow_model self)) = Seq.length (ShallowModel0.shallow_model ( * shallow_model self))) end module CreusotContracts_Std1_Slice_Impl4_ToMutSeq_Stub type t @@ -1718,7 +1718,7 @@ module CreusotContracts_Std1_Slice_Impl16_Produces predicate produces (self : Core_Slice_Iter_IterMut_Type.t_itermut t) (visited : Seq.seq (borrowed t)) (tl : Core_Slice_Iter_IterMut_Type.t_itermut t) = - [#"../../../../../creusot-contracts/src/std/slice.rs" 428 12 428 66] ToMutSeq0.to_mut_seq (ShallowModel0.shallow_model self) = Seq.(++) visited (ToMutSeq0.to_mut_seq (ShallowModel0.shallow_model tl)) + [#"../../../../../creusot-contracts/src/std/slice.rs" 429 12 429 66] ToMutSeq0.to_mut_seq (ShallowModel0.shallow_model self) = Seq.(++) visited (ToMutSeq0.to_mut_seq (ShallowModel0.shallow_model tl)) val produces (self : Core_Slice_Iter_IterMut_Type.t_itermut t) (visited : Seq.seq (borrowed t)) (tl : Core_Slice_Iter_IterMut_Type.t_itermut t) : bool ensures { result = produces self visited tl } @@ -1793,7 +1793,7 @@ module CreusotContracts_Std1_Slice_Impl17_Resolve predicate Inv2.inv = Inv2.inv, axiom . predicate resolve (self : Core_Slice_Iter_IterMut_Type.t_itermut t) = - [#"../../../../../creusot-contracts/src/std/slice.rs" 413 20 413 36] * ShallowModel0.shallow_model self = ^ ShallowModel0.shallow_model self + [#"../../../../../creusot-contracts/src/std/slice.rs" 414 20 414 36] * ShallowModel0.shallow_model self = ^ ShallowModel0.shallow_model self val resolve (self : Core_Slice_Iter_IterMut_Type.t_itermut t) : bool ensures { result = resolve self } @@ -1915,7 +1915,7 @@ module CreusotContracts_Std1_Slice_Impl16_Completed clone CreusotContracts_Resolve_Impl1_Resolve_Stub as Resolve0 with type t = Core_Slice_Iter_IterMut_Type.t_itermut t predicate completed (self : borrowed (Core_Slice_Iter_IterMut_Type.t_itermut t)) = - [#"../../../../../creusot-contracts/src/std/slice.rs" 421 20 421 61] Resolve0.resolve self /\ ShallowModel1.shallow_model ( * ShallowModel0.shallow_model self) = Seq.empty + [#"../../../../../creusot-contracts/src/std/slice.rs" 422 20 422 61] Resolve0.resolve self /\ ShallowModel1.shallow_model ( * ShallowModel0.shallow_model self) = Seq.empty val completed (self : borrowed (Core_Slice_Iter_IterMut_Type.t_itermut t)) : bool ensures { result = completed self } @@ -1956,10 +1956,10 @@ module CreusotContracts_Std1_Slice_Impl16_ProducesRefl_Interface type t = t function produces_refl (a : Core_Slice_Iter_IterMut_Type.t_itermut t) : () val produces_refl (a : Core_Slice_Iter_IterMut_Type.t_itermut t) : () - ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 434 14 434 39] Produces0.produces a (Seq.empty ) a } + ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 435 14 435 39] Produces0.produces a (Seq.empty ) a } ensures { result = produces_refl a } - axiom produces_refl_spec : forall a : Core_Slice_Iter_IterMut_Type.t_itermut t . [#"../../../../../creusot-contracts/src/std/slice.rs" 434 14 434 39] Produces0.produces a (Seq.empty ) a + axiom produces_refl_spec : forall a : Core_Slice_Iter_IterMut_Type.t_itermut t . [#"../../../../../creusot-contracts/src/std/slice.rs" 435 14 435 39] Produces0.produces a (Seq.empty ) a end module CreusotContracts_Std1_Slice_Impl16_ProducesRefl type t @@ -1968,12 +1968,12 @@ module CreusotContracts_Std1_Slice_Impl16_ProducesRefl clone CreusotContracts_Std1_Slice_Impl16_Produces_Stub as Produces0 with type t = t function produces_refl (a : Core_Slice_Iter_IterMut_Type.t_itermut t) : () = - [#"../../../../../creusot-contracts/src/std/slice.rs" 432 4 432 10] () + [#"../../../../../creusot-contracts/src/std/slice.rs" 433 4 433 10] () val produces_refl (a : Core_Slice_Iter_IterMut_Type.t_itermut t) : () - ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 434 14 434 39] Produces0.produces a (Seq.empty ) a } + ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 435 14 435 39] Produces0.produces a (Seq.empty ) a } ensures { result = produces_refl a } - axiom produces_refl_spec : forall a : Core_Slice_Iter_IterMut_Type.t_itermut t . [#"../../../../../creusot-contracts/src/std/slice.rs" 434 14 434 39] Produces0.produces a (Seq.empty ) a + axiom produces_refl_spec : forall a : Core_Slice_Iter_IterMut_Type.t_itermut t . [#"../../../../../creusot-contracts/src/std/slice.rs" 435 14 435 39] Produces0.produces a (Seq.empty ) a end module CreusotContracts_Std1_Slice_Impl16_ProducesTrans_Stub type t @@ -2001,14 +2001,14 @@ module CreusotContracts_Std1_Slice_Impl16_ProducesTrans_Interface function produces_trans (a : Core_Slice_Iter_IterMut_Type.t_itermut t) (ab : Seq.seq (borrowed t)) (b : Core_Slice_Iter_IterMut_Type.t_itermut t) (bc : Seq.seq (borrowed t)) (c : Core_Slice_Iter_IterMut_Type.t_itermut t) : () val produces_trans (a : Core_Slice_Iter_IterMut_Type.t_itermut t) (ab : Seq.seq (borrowed t)) (b : Core_Slice_Iter_IterMut_Type.t_itermut t) (bc : Seq.seq (borrowed t)) (c : Core_Slice_Iter_IterMut_Type.t_itermut t) : () - requires {[#"../../../../../creusot-contracts/src/std/slice.rs" 439 15 439 32] Produces0.produces a ab b} - requires {[#"../../../../../creusot-contracts/src/std/slice.rs" 440 15 440 32] Produces0.produces b bc c} - requires {[#"../../../../../creusot-contracts/src/std/slice.rs" 442 31 442 33] Inv0.inv ab} - requires {[#"../../../../../creusot-contracts/src/std/slice.rs" 442 61 442 63] Inv0.inv bc} - ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 441 14 441 42] Produces0.produces a (Seq.(++) ab bc) c } + requires {[#"../../../../../creusot-contracts/src/std/slice.rs" 440 15 440 32] Produces0.produces a ab b} + requires {[#"../../../../../creusot-contracts/src/std/slice.rs" 441 15 441 32] Produces0.produces b bc c} + requires {[#"../../../../../creusot-contracts/src/std/slice.rs" 443 31 443 33] Inv0.inv ab} + requires {[#"../../../../../creusot-contracts/src/std/slice.rs" 443 61 443 63] Inv0.inv bc} + ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 442 14 442 42] Produces0.produces a (Seq.(++) ab bc) c } ensures { result = produces_trans a ab b bc c } - axiom produces_trans_spec : forall a : Core_Slice_Iter_IterMut_Type.t_itermut t, ab : Seq.seq (borrowed t), b : Core_Slice_Iter_IterMut_Type.t_itermut t, bc : Seq.seq (borrowed t), c : Core_Slice_Iter_IterMut_Type.t_itermut t . ([#"../../../../../creusot-contracts/src/std/slice.rs" 439 15 439 32] Produces0.produces a ab b) -> ([#"../../../../../creusot-contracts/src/std/slice.rs" 440 15 440 32] Produces0.produces b bc c) -> ([#"../../../../../creusot-contracts/src/std/slice.rs" 442 31 442 33] Inv0.inv ab) -> ([#"../../../../../creusot-contracts/src/std/slice.rs" 442 61 442 63] Inv0.inv bc) -> ([#"../../../../../creusot-contracts/src/std/slice.rs" 441 14 441 42] Produces0.produces a (Seq.(++) ab bc) c) + axiom produces_trans_spec : forall a : Core_Slice_Iter_IterMut_Type.t_itermut t, ab : Seq.seq (borrowed t), b : Core_Slice_Iter_IterMut_Type.t_itermut t, bc : Seq.seq (borrowed t), c : Core_Slice_Iter_IterMut_Type.t_itermut t . ([#"../../../../../creusot-contracts/src/std/slice.rs" 440 15 440 32] Produces0.produces a ab b) -> ([#"../../../../../creusot-contracts/src/std/slice.rs" 441 15 441 32] Produces0.produces b bc c) -> ([#"../../../../../creusot-contracts/src/std/slice.rs" 443 31 443 33] Inv0.inv ab) -> ([#"../../../../../creusot-contracts/src/std/slice.rs" 443 61 443 63] Inv0.inv bc) -> ([#"../../../../../creusot-contracts/src/std/slice.rs" 442 14 442 42] Produces0.produces a (Seq.(++) ab bc) c) end module CreusotContracts_Std1_Slice_Impl16_ProducesTrans type t @@ -2023,16 +2023,16 @@ module CreusotContracts_Std1_Slice_Impl16_ProducesTrans function produces_trans (a : Core_Slice_Iter_IterMut_Type.t_itermut t) (ab : Seq.seq (borrowed t)) (b : Core_Slice_Iter_IterMut_Type.t_itermut t) (bc : Seq.seq (borrowed t)) (c : Core_Slice_Iter_IterMut_Type.t_itermut t) : () = - [#"../../../../../creusot-contracts/src/std/slice.rs" 437 4 437 10] () + [#"../../../../../creusot-contracts/src/std/slice.rs" 438 4 438 10] () val produces_trans (a : Core_Slice_Iter_IterMut_Type.t_itermut t) (ab : Seq.seq (borrowed t)) (b : Core_Slice_Iter_IterMut_Type.t_itermut t) (bc : Seq.seq (borrowed t)) (c : Core_Slice_Iter_IterMut_Type.t_itermut t) : () - requires {[#"../../../../../creusot-contracts/src/std/slice.rs" 439 15 439 32] Produces0.produces a ab b} - requires {[#"../../../../../creusot-contracts/src/std/slice.rs" 440 15 440 32] Produces0.produces b bc c} - requires {[#"../../../../../creusot-contracts/src/std/slice.rs" 442 31 442 33] Inv0.inv ab} - requires {[#"../../../../../creusot-contracts/src/std/slice.rs" 442 61 442 63] Inv0.inv bc} - ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 441 14 441 42] Produces0.produces a (Seq.(++) ab bc) c } + requires {[#"../../../../../creusot-contracts/src/std/slice.rs" 440 15 440 32] Produces0.produces a ab b} + requires {[#"../../../../../creusot-contracts/src/std/slice.rs" 441 15 441 32] Produces0.produces b bc c} + requires {[#"../../../../../creusot-contracts/src/std/slice.rs" 443 31 443 33] Inv0.inv ab} + requires {[#"../../../../../creusot-contracts/src/std/slice.rs" 443 61 443 63] Inv0.inv bc} + ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 442 14 442 42] Produces0.produces a (Seq.(++) ab bc) c } ensures { result = produces_trans a ab b bc c } - axiom produces_trans_spec : forall a : Core_Slice_Iter_IterMut_Type.t_itermut t, ab : Seq.seq (borrowed t), b : Core_Slice_Iter_IterMut_Type.t_itermut t, bc : Seq.seq (borrowed t), c : Core_Slice_Iter_IterMut_Type.t_itermut t . ([#"../../../../../creusot-contracts/src/std/slice.rs" 439 15 439 32] Produces0.produces a ab b) -> ([#"../../../../../creusot-contracts/src/std/slice.rs" 440 15 440 32] Produces0.produces b bc c) -> ([#"../../../../../creusot-contracts/src/std/slice.rs" 442 31 442 33] Inv0.inv ab) -> ([#"../../../../../creusot-contracts/src/std/slice.rs" 442 61 442 63] Inv0.inv bc) -> ([#"../../../../../creusot-contracts/src/std/slice.rs" 441 14 441 42] Produces0.produces a (Seq.(++) ab bc) c) + axiom produces_trans_spec : forall a : Core_Slice_Iter_IterMut_Type.t_itermut t, ab : Seq.seq (borrowed t), b : Core_Slice_Iter_IterMut_Type.t_itermut t, bc : Seq.seq (borrowed t), c : Core_Slice_Iter_IterMut_Type.t_itermut t . ([#"../../../../../creusot-contracts/src/std/slice.rs" 440 15 440 32] Produces0.produces a ab b) -> ([#"../../../../../creusot-contracts/src/std/slice.rs" 441 15 441 32] Produces0.produces b bc c) -> ([#"../../../../../creusot-contracts/src/std/slice.rs" 443 31 443 33] Inv0.inv ab) -> ([#"../../../../../creusot-contracts/src/std/slice.rs" 443 61 443 63] Inv0.inv bc) -> ([#"../../../../../creusot-contracts/src/std/slice.rs" 442 14 442 42] Produces0.produces a (Seq.(++) ab bc) c) end module C03StdIterators_AllZero_Interface use prelude.Borrow @@ -2285,14 +2285,14 @@ module C03StdIterators_AllZero goto BB0 } BB0 { - _8 <- Borrow.borrow_mut ( * v); + _8 <- Borrow.borrow_final ( * v) (Borrow.get_id v); v <- { v with current = ( ^ _8) ; }; _7 <- ([#"../03_std_iterators.rs" 30 13 30 25] DerefMut0.deref_mut _8); _8 <- any borrowed (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)); goto BB1 } BB1 { - _6 <- Borrow.borrow_mut ( * _7); + _6 <- Borrow.borrow_final ( * _7) (Borrow.get_id _7); _7 <- { _7 with current = ( ^ _6) ; }; _5 <- ([#"../03_std_iterators.rs" 30 13 30 25] IterMut0.iter_mut _6); _6 <- any borrowed (slice usize); @@ -2324,7 +2324,7 @@ module C03StdIterators_AllZero BB7 { _19 <- Borrow.borrow_mut iter; iter <- ^ _19; - _18 <- Borrow.borrow_mut ( * _19); + _18 <- Borrow.borrow_final ( * _19) (Borrow.get_id _19); _19 <- { _19 with current = ( ^ _18) ; }; _17 <- ([#"../03_std_iterators.rs" 29 4 29 87] Next0.next _18); _18 <- any borrowed (Core_Slice_Iter_IterMut_Type.t_itermut usize); @@ -4197,7 +4197,7 @@ module CreusotContracts_Std1_Iter_MapInv_Impl0_Completed type self = i use CreusotContracts_Std1_Iter_MapInv_MapInv_Type as CreusotContracts_Std1_Iter_MapInv_MapInv_Type predicate completed (self : borrowed (CreusotContracts_Std1_Iter_MapInv_MapInv_Type.t_mapinv i Item0.item f)) = - [#"../../../../../creusot-contracts/src/std/iter/map_inv.rs" 15 8 18 9] Ghost.inner (CreusotContracts_Std1_Iter_MapInv_MapInv_Type.mapinv_produced ( ^ self)) = Seq.empty /\ Completed0.completed {current = CreusotContracts_Std1_Iter_MapInv_MapInv_Type.mapinv_iter ( * self); final = CreusotContracts_Std1_Iter_MapInv_MapInv_Type.mapinv_iter ( ^ self); addr = Borrow.make_new_addr ()} /\ CreusotContracts_Std1_Iter_MapInv_MapInv_Type.mapinv_func ( * self) = CreusotContracts_Std1_Iter_MapInv_MapInv_Type.mapinv_func ( ^ self) + [#"../../../../../creusot-contracts/src/std/iter/map_inv.rs" 15 8 18 9] Ghost.inner (CreusotContracts_Std1_Iter_MapInv_MapInv_Type.mapinv_produced ( ^ self)) = Seq.empty /\ Completed0.completed {current = CreusotContracts_Std1_Iter_MapInv_MapInv_Type.mapinv_iter ( * self); final = CreusotContracts_Std1_Iter_MapInv_MapInv_Type.mapinv_iter ( ^ self); id = Borrow.inherit_id (Borrow.get_id self) 1} /\ CreusotContracts_Std1_Iter_MapInv_MapInv_Type.mapinv_func ( * self) = CreusotContracts_Std1_Iter_MapInv_MapInv_Type.mapinv_func ( ^ self) val completed (self : borrowed (CreusotContracts_Std1_Iter_MapInv_MapInv_Type.t_mapinv i Item0.item f)) : bool ensures { result = completed self } @@ -5268,7 +5268,7 @@ module C03StdIterators_SumRange BB5 { _19 <- Borrow.borrow_mut iter; iter <- ^ _19; - _18 <- Borrow.borrow_mut ( * _19); + _18 <- Borrow.borrow_final ( * _19) (Borrow.get_id _19); _19 <- { _19 with current = ( ^ _18) ; }; _17 <- ([#"../03_std_iterators.rs" 65 4 65 48] Next0.next _18); _18 <- any borrowed (Core_Ops_Range_Range_Type.t_range isize); @@ -5901,7 +5901,7 @@ module C03StdIterators_EnumerateRange _14 <- Borrow.borrow_mut iter; iter <- ^ _14; assume { Inv0.inv ( ^ _14) }; - _13 <- Borrow.borrow_mut ( * _14); + _13 <- Borrow.borrow_final ( * _14) (Borrow.get_id _14); _14 <- { _14 with current = ( ^ _13) ; }; assume { Inv0.inv ( ^ _13) }; _12 <- ([#"../03_std_iterators.rs" 73 4 73 96] Next0.next _13); @@ -6827,7 +6827,7 @@ module C03StdIterators_MyReverse BB10 { _30 <- Borrow.borrow_mut iter; iter <- ^ _30; - _29 <- Borrow.borrow_mut ( * _30); + _29 <- Borrow.borrow_final ( * _30) (Borrow.get_id _30); _30 <- { _30 with current = ( ^ _29) ; }; _28 <- ([#"../03_std_iterators.rs" 97 4 97 36] Next0.next _29); _29 <- any borrowed (Core_Iter_Adapters_Zip_Zip_Type.t_zip (Core_Ops_Range_Range_Type.t_range usize) (Core_Ops_Range_Range_Type.t_range usize)); diff --git a/creusot/tests/should_succeed/iterators/04_skip.mlcfg b/creusot/tests/should_succeed/iterators/04_skip.mlcfg index 398967964a..a871cc6a29 100644 --- a/creusot/tests/should_succeed/iterators/04_skip.mlcfg +++ b/creusot/tests/should_succeed/iterators/04_skip.mlcfg @@ -893,9 +893,9 @@ module C04Skip_Impl0_Next BB1 { assert { [@expl:type invariant] Inv0.inv old_self }; assume { Resolve0.resolve old_self }; - _7 <- Borrow.borrow_mut (C04Skip_Skip_Type.skip_n ( * self)); + _7 <- Borrow.borrow_final (C04Skip_Skip_Type.skip_n ( * self)) (Borrow.inherit_id (Borrow.get_id self) 2); self <- { self with current = (let C04Skip_Skip_Type.C_Skip a b = * self in C04Skip_Skip_Type.C_Skip a ( ^ _7)) ; }; - _6 <- Borrow.borrow_mut ( * _7); + _6 <- Borrow.borrow_final ( * _7) (Borrow.get_id _7); _7 <- { _7 with current = ( ^ _6) ; }; n <- ([#"../04_skip.rs" 65 20 65 47] Take0.take _6); _6 <- any borrowed usize; diff --git a/creusot/tests/should_succeed/iterators/05_map.mlcfg b/creusot/tests/should_succeed/iterators/05_map.mlcfg index 0f1aeef998..5e2a34b2e3 100644 --- a/creusot/tests/should_succeed/iterators/05_map.mlcfg +++ b/creusot/tests/should_succeed/iterators/05_map.mlcfg @@ -61,7 +61,7 @@ module C05Map_Impl0_Completed type self = i use C05Map_Map_Type as C05Map_Map_Type predicate completed [#"../05_map.rs" 22 4 22 35] (self : borrowed (C05Map_Map_Type.t_map i b f)) = - [#"../05_map.rs" 23 8 23 75] Completed0.completed {current = C05Map_Map_Type.map_iter ( * self); final = C05Map_Map_Type.map_iter ( ^ self); addr = Borrow.make_new_addr ()} /\ C05Map_Map_Type.map_func ( * self) = C05Map_Map_Type.map_func ( ^ self) + [#"../05_map.rs" 23 8 23 75] Completed0.completed {current = C05Map_Map_Type.map_iter ( * self); final = C05Map_Map_Type.map_iter ( ^ self); id = Borrow.inherit_id (Borrow.get_id self) 1} /\ C05Map_Map_Type.map_func ( * self) = C05Map_Map_Type.map_func ( ^ self) val completed [#"../05_map.rs" 22 4 22 35] (self : borrowed (C05Map_Map_Type.t_map i b f)) : bool ensures { result = completed self } @@ -2545,7 +2545,7 @@ module C05Map_Impl0_Next goto BB0 } BB0 { - _4 <- Borrow.borrow_mut (C05Map_Map_Type.map_iter ( * self)); + _4 <- Borrow.borrow_final (C05Map_Map_Type.map_iter ( * self)) (Borrow.inherit_id (Borrow.get_id self) 1); self <- { self with current = (let C05Map_Map_Type.C_Map a b = * self in C05Map_Map_Type.C_Map ( ^ _4) b) ; }; assume { Inv0.inv ( ^ _4) }; _3 <- ([#"../05_map.rs" 61 14 61 30] Next0.next _4); @@ -2590,7 +2590,7 @@ module C05Map_Impl0_Next } BB7 { assume { Resolve1.resolve _9 }; - _12 <- Borrow.borrow_mut (C05Map_Map_Type.map_func ( * self)); + _12 <- Borrow.borrow_final (C05Map_Map_Type.map_func ( * self)) (Borrow.inherit_id (Borrow.get_id self) 2); self <- { self with current = (let C05Map_Map_Type.C_Map a b = * self in C05Map_Map_Type.C_Map a ( ^ _12)) ; }; assume { Inv2.inv ( ^ _12) }; _11 <- ([#"../05_map.rs" 65 21 65 35] CallMut0.call_mut _12 (v)); diff --git a/creusot/tests/should_succeed/iterators/06_map_precond.mlcfg b/creusot/tests/should_succeed/iterators/06_map_precond.mlcfg index 9a07dec312..eb3d977edb 100644 --- a/creusot/tests/should_succeed/iterators/06_map_precond.mlcfg +++ b/creusot/tests/should_succeed/iterators/06_map_precond.mlcfg @@ -256,7 +256,7 @@ module C06MapPrecond_Impl0_Completed predicate completed [#"../06_map_precond.rs" 21 4 21 35] (self : borrowed (C06MapPrecond_Map_Type.t_map i b f Item0.item)) = - [#"../06_map_precond.rs" 22 8 25 9] Ghost.inner (C06MapPrecond_Map_Type.map_produced ( ^ self)) = Seq.empty /\ Completed0.completed {current = C06MapPrecond_Map_Type.map_iter ( * self); final = C06MapPrecond_Map_Type.map_iter ( ^ self); addr = Borrow.make_new_addr ()} /\ C06MapPrecond_Map_Type.map_func ( * self) = C06MapPrecond_Map_Type.map_func ( ^ self) + [#"../06_map_precond.rs" 22 8 25 9] Ghost.inner (C06MapPrecond_Map_Type.map_produced ( ^ self)) = Seq.empty /\ Completed0.completed {current = C06MapPrecond_Map_Type.map_iter ( * self); final = C06MapPrecond_Map_Type.map_iter ( ^ self); id = Borrow.inherit_id (Borrow.get_id self) 1} /\ C06MapPrecond_Map_Type.map_func ( * self) = C06MapPrecond_Map_Type.map_func ( ^ self) val completed [#"../06_map_precond.rs" 21 4 21 35] (self : borrowed (C06MapPrecond_Map_Type.t_map i b f Item0.item)) : bool ensures { result = completed self } @@ -416,7 +416,7 @@ module C06MapPrecond_Impl1_NextPrecondition_Stub use seq.Seq clone C06MapPrecond_Common_Iterator_Item_Type as Item0 with type self = i - predicate next_precondition [#"../06_map_precond.rs" 84 4 84 74] (iter : i) (func : f) (produced : Seq.seq Item0.item) + predicate next_precondition [#"../06_map_precond.rs" 83 4 83 74] (iter : i) (func : f) (produced : Seq.seq Item0.item) end module C06MapPrecond_Impl1_NextPrecondition_Interface type i @@ -425,8 +425,8 @@ module C06MapPrecond_Impl1_NextPrecondition_Interface use seq.Seq clone C06MapPrecond_Common_Iterator_Item_Type as Item0 with type self = i - predicate next_precondition [#"../06_map_precond.rs" 84 4 84 74] (iter : i) (func : f) (produced : Seq.seq Item0.item) - val next_precondition [#"../06_map_precond.rs" 84 4 84 74] (iter : i) (func : f) (produced : Seq.seq Item0.item) : bool + predicate next_precondition [#"../06_map_precond.rs" 83 4 83 74] (iter : i) (func : f) (produced : Seq.seq Item0.item) + val next_precondition [#"../06_map_precond.rs" 83 4 83 74] (iter : i) (func : f) (produced : Seq.seq Item0.item) : bool ensures { result = next_precondition iter func produced } end @@ -450,10 +450,10 @@ module C06MapPrecond_Impl1_NextPrecondition type t = Item0.item clone CreusotContracts_Invariant_Inv_Stub as Inv0 with type t = i - predicate next_precondition [#"../06_map_precond.rs" 84 4 84 74] (iter : i) (func : f) (produced : Seq.seq Item0.item) + predicate next_precondition [#"../06_map_precond.rs" 83 4 83 74] (iter : i) (func : f) (produced : Seq.seq Item0.item) = - [#"../06_map_precond.rs" 85 8 89 9] forall i : i . forall e : Item0.item . Inv0.inv i -> Inv1.inv e -> Produces0.produces iter (Seq.singleton e) i -> Precondition0.precondition func (e, Ghost.new produced) - val next_precondition [#"../06_map_precond.rs" 84 4 84 74] (iter : i) (func : f) (produced : Seq.seq Item0.item) : bool + [#"../06_map_precond.rs" 84 8 88 9] forall i : i . forall e : Item0.item . Inv0.inv i -> Inv1.inv e -> Produces0.produces iter (Seq.singleton e) i -> Precondition0.precondition func (e, Ghost.new produced) + val next_precondition [#"../06_map_precond.rs" 83 4 83 74] (iter : i) (func : f) (produced : Seq.seq Item0.item) : bool ensures { result = next_precondition iter func produced } end @@ -461,14 +461,14 @@ module C06MapPrecond_Impl1_Preservation_Stub type i type b type f - predicate preservation [#"../06_map_precond.rs" 106 4 106 45] (iter : i) (func : f) + predicate preservation [#"../06_map_precond.rs" 105 4 105 45] (iter : i) (func : f) end module C06MapPrecond_Impl1_Preservation_Interface type i type b type f - predicate preservation [#"../06_map_precond.rs" 106 4 106 45] (iter : i) (func : f) - val preservation [#"../06_map_precond.rs" 106 4 106 45] (iter : i) (func : f) : bool + predicate preservation [#"../06_map_precond.rs" 105 4 105 45] (iter : i) (func : f) + val preservation [#"../06_map_precond.rs" 105 4 105 45] (iter : i) (func : f) : bool ensures { result = preservation iter func } end @@ -506,9 +506,9 @@ module C06MapPrecond_Impl1_Preservation type t = b clone CreusotContracts_Invariant_Inv_Stub as Inv0 with type t = i - predicate preservation [#"../06_map_precond.rs" 106 4 106 45] (iter : i) (func : f) = - [#"../06_map_precond.rs" 107 8 114 9] forall i : i . forall b : b . forall f : borrowed f . forall e2 : Item0.item . forall e1 : Item0.item . forall s : Seq.seq Item0.item . Inv0.inv i -> Inv1.inv b -> Inv2.inv f -> Inv3.inv e2 -> Inv3.inv e1 -> Inv4.inv s -> Unnest0.unnest func ( * f) -> Produces0.produces iter (Seq.snoc (Seq.snoc s e1) e2) i -> Precondition0.precondition ( * f) (e1, Ghost.new s) -> PostconditionMut0.postcondition_mut f (e1, Ghost.new s) b -> Precondition0.precondition ( ^ f) (e2, Ghost.new (Seq.snoc s e1)) - val preservation [#"../06_map_precond.rs" 106 4 106 45] (iter : i) (func : f) : bool + predicate preservation [#"../06_map_precond.rs" 105 4 105 45] (iter : i) (func : f) = + [#"../06_map_precond.rs" 106 8 113 9] forall i : i . forall b : b . forall f : borrowed f . forall e2 : Item0.item . forall e1 : Item0.item . forall s : Seq.seq Item0.item . Inv0.inv i -> Inv1.inv b -> Inv2.inv f -> Inv3.inv e2 -> Inv3.inv e1 -> Inv4.inv s -> Unnest0.unnest func ( * f) -> Produces0.produces iter (Seq.snoc (Seq.snoc s e1) e2) i -> Precondition0.precondition ( * f) (e1, Ghost.new s) -> PostconditionMut0.postcondition_mut f (e1, Ghost.new s) b -> Precondition0.precondition ( ^ f) (e2, Ghost.new (Seq.snoc s e1)) + val preservation [#"../06_map_precond.rs" 105 4 105 45] (iter : i) (func : f) : bool ensures { result = preservation iter func } end @@ -516,14 +516,14 @@ module C06MapPrecond_Impl1_Reinitialize_Stub type i type b type f - predicate reinitialize [#"../06_map_precond.rs" 118 4 118 29] (_1 : ()) + predicate reinitialize [#"../06_map_precond.rs" 117 4 117 29] (_1 : ()) end module C06MapPrecond_Impl1_Reinitialize_Interface type i type b type f - predicate reinitialize [#"../06_map_precond.rs" 118 4 118 29] (_1 : ()) - val reinitialize [#"../06_map_precond.rs" 118 4 118 29] (_1 : ()) : bool + predicate reinitialize [#"../06_map_precond.rs" 117 4 117 29] (_1 : ()) + val reinitialize [#"../06_map_precond.rs" 117 4 117 29] (_1 : ()) : bool ensures { result = reinitialize _1 } end @@ -550,9 +550,9 @@ module C06MapPrecond_Impl1_Reinitialize type t = borrowed i clone CreusotContracts_Invariant_Inv_Stub as Inv0 with type t = f - predicate reinitialize [#"../06_map_precond.rs" 118 4 118 29] (_1 : ()) = - [#"../06_map_precond.rs" 119 8 124 9] forall func : f . forall iter : borrowed i . Inv0.inv func -> Inv1.inv iter -> Completed0.completed iter -> NextPrecondition0.next_precondition ( ^ iter) func (Seq.empty ) /\ Preservation0.preservation ( ^ iter) func - val reinitialize [#"../06_map_precond.rs" 118 4 118 29] (_1 : ()) : bool + predicate reinitialize [#"../06_map_precond.rs" 117 4 117 29] (_1 : ()) = + [#"../06_map_precond.rs" 118 8 123 9] forall func : f . forall iter : borrowed i . Inv0.inv func -> Inv1.inv iter -> Completed0.completed iter -> NextPrecondition0.next_precondition ( ^ iter) func (Seq.empty ) /\ Preservation0.preservation ( ^ iter) func + val reinitialize [#"../06_map_precond.rs" 117 4 117 29] (_1 : ()) : bool ensures { result = reinitialize _1 } end @@ -898,7 +898,7 @@ module C06MapPrecond_Impl1_PreservationInv_Stub type t = f clone CreusotContracts_Invariant_Inv_Stub as Inv0 with type t = i - predicate preservation_inv [#"../06_map_precond.rs" 94 4 94 73] (iter : i) (func : f) (produced : Seq.seq Item0.item) + predicate preservation_inv [#"../06_map_precond.rs" 93 4 93 73] (iter : i) (func : f) (produced : Seq.seq Item0.item) end module C06MapPrecond_Impl1_PreservationInv_Interface type i @@ -918,15 +918,15 @@ module C06MapPrecond_Impl1_PreservationInv_Interface type t = f clone CreusotContracts_Invariant_Inv_Stub as Inv0 with type t = i - predicate preservation_inv [#"../06_map_precond.rs" 94 4 94 73] (iter : i) (func : f) (produced : Seq.seq Item0.item) - val preservation_inv [#"../06_map_precond.rs" 94 4 94 73] (iter : i) (func : f) (produced : Seq.seq Item0.item) : bool - requires {[#"../06_map_precond.rs" 94 24 94 28] Inv0.inv iter} - requires {[#"../06_map_precond.rs" 94 33 94 37] Inv1.inv func} - requires {[#"../06_map_precond.rs" 94 42 94 50] Inv2.inv produced} - ensures { [#"../06_map_precond.rs" 93 4 93 83] produced = Seq.empty -> result = Preservation0.preservation iter func } + predicate preservation_inv [#"../06_map_precond.rs" 93 4 93 73] (iter : i) (func : f) (produced : Seq.seq Item0.item) + val preservation_inv [#"../06_map_precond.rs" 93 4 93 73] (iter : i) (func : f) (produced : Seq.seq Item0.item) : bool + requires {[#"../06_map_precond.rs" 93 24 93 28] Inv0.inv iter} + requires {[#"../06_map_precond.rs" 93 33 93 37] Inv1.inv func} + requires {[#"../06_map_precond.rs" 93 42 93 50] Inv2.inv produced} + ensures { [#"../06_map_precond.rs" 92 4 92 83] produced = Seq.empty -> result = Preservation0.preservation iter func } ensures { result = preservation_inv iter func produced } - axiom preservation_inv_spec : forall iter : i, func : f, produced : Seq.seq Item0.item . ([#"../06_map_precond.rs" 94 24 94 28] Inv0.inv iter) -> ([#"../06_map_precond.rs" 94 33 94 37] Inv1.inv func) -> ([#"../06_map_precond.rs" 94 42 94 50] Inv2.inv produced) -> ([#"../06_map_precond.rs" 93 4 93 83] produced = Seq.empty -> preservation_inv iter func produced = Preservation0.preservation iter func) + axiom preservation_inv_spec : forall iter : i, func : f, produced : Seq.seq Item0.item . ([#"../06_map_precond.rs" 93 24 93 28] Inv0.inv iter) -> ([#"../06_map_precond.rs" 93 33 93 37] Inv1.inv func) -> ([#"../06_map_precond.rs" 93 42 93 50] Inv2.inv produced) -> ([#"../06_map_precond.rs" 92 4 92 83] produced = Seq.empty -> preservation_inv iter func produced = Preservation0.preservation iter func) end module C06MapPrecond_Impl1_PreservationInv type i @@ -968,17 +968,17 @@ module C06MapPrecond_Impl1_PreservationInv type t = f clone CreusotContracts_Invariant_Inv_Stub as Inv0 with type t = i - predicate preservation_inv [#"../06_map_precond.rs" 94 4 94 73] (iter : i) (func : f) (produced : Seq.seq Item0.item) + predicate preservation_inv [#"../06_map_precond.rs" 93 4 93 73] (iter : i) (func : f) (produced : Seq.seq Item0.item) = - [#"../06_map_precond.rs" 95 8 102 9] forall i : i . forall b : b . forall f : borrowed f . forall e2 : Item0.item . forall e1 : Item0.item . forall s : Seq.seq Item0.item . Inv0.inv i -> Inv3.inv b -> Inv4.inv f -> Inv5.inv e2 -> Inv5.inv e1 -> Inv2.inv s -> Unnest0.unnest func ( * f) -> Produces0.produces iter (Seq.snoc (Seq.snoc s e1) e2) i -> Precondition0.precondition ( * f) (e1, Ghost.new (Seq.(++) produced s)) -> PostconditionMut0.postcondition_mut f (e1, Ghost.new (Seq.(++) produced s)) b -> Precondition0.precondition ( ^ f) (e2, Ghost.new (Seq.snoc (Seq.(++) produced s) e1)) - val preservation_inv [#"../06_map_precond.rs" 94 4 94 73] (iter : i) (func : f) (produced : Seq.seq Item0.item) : bool - requires {[#"../06_map_precond.rs" 94 24 94 28] Inv0.inv iter} - requires {[#"../06_map_precond.rs" 94 33 94 37] Inv1.inv func} - requires {[#"../06_map_precond.rs" 94 42 94 50] Inv2.inv produced} - ensures { [#"../06_map_precond.rs" 93 4 93 83] produced = Seq.empty -> result = Preservation0.preservation iter func } + [#"../06_map_precond.rs" 94 8 101 9] forall i : i . forall b : b . forall f : borrowed f . forall e2 : Item0.item . forall e1 : Item0.item . forall s : Seq.seq Item0.item . Inv0.inv i -> Inv3.inv b -> Inv4.inv f -> Inv5.inv e2 -> Inv5.inv e1 -> Inv2.inv s -> Unnest0.unnest func ( * f) -> Produces0.produces iter (Seq.snoc (Seq.snoc s e1) e2) i -> Precondition0.precondition ( * f) (e1, Ghost.new (Seq.(++) produced s)) -> PostconditionMut0.postcondition_mut f (e1, Ghost.new (Seq.(++) produced s)) b -> Precondition0.precondition ( ^ f) (e2, Ghost.new (Seq.snoc (Seq.(++) produced s) e1)) + val preservation_inv [#"../06_map_precond.rs" 93 4 93 73] (iter : i) (func : f) (produced : Seq.seq Item0.item) : bool + requires {[#"../06_map_precond.rs" 93 24 93 28] Inv0.inv iter} + requires {[#"../06_map_precond.rs" 93 33 93 37] Inv1.inv func} + requires {[#"../06_map_precond.rs" 93 42 93 50] Inv2.inv produced} + ensures { [#"../06_map_precond.rs" 92 4 92 83] produced = Seq.empty -> result = Preservation0.preservation iter func } ensures { result = preservation_inv iter func produced } - axiom preservation_inv_spec : forall iter : i, func : f, produced : Seq.seq Item0.item . ([#"../06_map_precond.rs" 94 24 94 28] Inv0.inv iter) -> ([#"../06_map_precond.rs" 94 33 94 37] Inv1.inv func) -> ([#"../06_map_precond.rs" 94 42 94 50] Inv2.inv produced) -> ([#"../06_map_precond.rs" 93 4 93 83] produced = Seq.empty -> preservation_inv iter func produced = Preservation0.preservation iter func) + axiom preservation_inv_spec : forall iter : i, func : f, produced : Seq.seq Item0.item . ([#"../06_map_precond.rs" 93 24 93 28] Inv0.inv iter) -> ([#"../06_map_precond.rs" 93 33 93 37] Inv1.inv func) -> ([#"../06_map_precond.rs" 93 42 93 50] Inv2.inv produced) -> ([#"../06_map_precond.rs" 92 4 92 83] produced = Seq.empty -> preservation_inv iter func produced = Preservation0.preservation iter func) end module C06MapPrecond_Impl1_PreservationInv_Impl type i @@ -1113,14 +1113,14 @@ module C06MapPrecond_Impl1_PreservationInv_Impl predicate Produces0.produces = Produces0.produces, predicate Precondition0.precondition = Precondition0.precondition, predicate PostconditionMut0.postcondition_mut = PostconditionMut0.postcondition_mut - let rec ghost predicate preservation_inv [#"../06_map_precond.rs" 94 4 94 73] (iter : i) (func : f) (produced : Seq.seq Item0.item) - requires {[#"../06_map_precond.rs" 94 24 94 28] Inv0.inv iter} - requires {[#"../06_map_precond.rs" 94 33 94 37] Inv1.inv func} - requires {[#"../06_map_precond.rs" 94 42 94 50] Inv2.inv produced} - ensures { [#"../06_map_precond.rs" 93 4 93 83] produced = Seq.empty -> result = Preservation0.preservation iter func } + let rec ghost predicate preservation_inv [#"../06_map_precond.rs" 93 4 93 73] (iter : i) (func : f) (produced : Seq.seq Item0.item) + requires {[#"../06_map_precond.rs" 93 24 93 28] Inv0.inv iter} + requires {[#"../06_map_precond.rs" 93 33 93 37] Inv1.inv func} + requires {[#"../06_map_precond.rs" 93 42 93 50] Inv2.inv produced} + ensures { [#"../06_map_precond.rs" 92 4 92 83] produced = Seq.empty -> result = Preservation0.preservation iter func } = [@vc:do_not_keep_trace] [@vc:sp] - [#"../06_map_precond.rs" 95 8 102 9] pure {forall i : i . forall b : b . forall f : borrowed f . forall e2 : Item0.item . forall e1 : Item0.item . forall s : Seq.seq Item0.item . Inv0.inv i -> Inv3.inv b -> Inv4.inv f -> Inv5.inv e2 -> Inv5.inv e1 -> Inv2.inv s -> Unnest0.unnest func ( * f) -> Produces0.produces iter (Seq.snoc (Seq.snoc s e1) e2) i -> Precondition0.precondition ( * f) (e1, Ghost.new (Seq.(++) produced s)) -> PostconditionMut0.postcondition_mut f (e1, Ghost.new (Seq.(++) produced s)) b -> Precondition0.precondition ( ^ f) (e2, Ghost.new (Seq.snoc (Seq.(++) produced s) e1))} + [#"../06_map_precond.rs" 94 8 101 9] pure {forall i : i . forall b : b . forall f : borrowed f . forall e2 : Item0.item . forall e1 : Item0.item . forall s : Seq.seq Item0.item . Inv0.inv i -> Inv3.inv b -> Inv4.inv f -> Inv5.inv e2 -> Inv5.inv e1 -> Inv2.inv s -> Unnest0.unnest func ( * f) -> Produces0.produces iter (Seq.snoc (Seq.snoc s e1) e2) i -> Precondition0.precondition ( * f) (e1, Ghost.new (Seq.(++) produced s)) -> PostconditionMut0.postcondition_mut f (e1, Ghost.new (Seq.(++) produced s)) b -> Precondition0.precondition ( ^ f) (e2, Ghost.new (Seq.snoc (Seq.(++) produced s) e1))} end module C06MapPrecond_Impl2_Invariant_Stub type i @@ -1129,7 +1129,7 @@ module C06MapPrecond_Impl2_Invariant_Stub clone C06MapPrecond_Common_Iterator_Item_Type as Item0 with type self = i use C06MapPrecond_Map_Type as C06MapPrecond_Map_Type - predicate invariant' [#"../06_map_precond.rs" 158 4 158 30] (self : C06MapPrecond_Map_Type.t_map i b f Item0.item) + predicate invariant' [#"../06_map_precond.rs" 157 4 157 30] (self : C06MapPrecond_Map_Type.t_map i b f Item0.item) end module C06MapPrecond_Impl2_Invariant_Interface type i @@ -1138,8 +1138,8 @@ module C06MapPrecond_Impl2_Invariant_Interface clone C06MapPrecond_Common_Iterator_Item_Type as Item0 with type self = i use C06MapPrecond_Map_Type as C06MapPrecond_Map_Type - predicate invariant' [#"../06_map_precond.rs" 158 4 158 30] (self : C06MapPrecond_Map_Type.t_map i b f Item0.item) - val invariant' [#"../06_map_precond.rs" 158 4 158 30] (self : C06MapPrecond_Map_Type.t_map i b f Item0.item) : bool + predicate invariant' [#"../06_map_precond.rs" 157 4 157 30] (self : C06MapPrecond_Map_Type.t_map i b f Item0.item) + val invariant' [#"../06_map_precond.rs" 157 4 157 30] (self : C06MapPrecond_Map_Type.t_map i b f Item0.item) : bool ensures { result = invariant' self } end @@ -1182,9 +1182,9 @@ module C06MapPrecond_Impl2_Invariant type b = b, type f = f use C06MapPrecond_Map_Type as C06MapPrecond_Map_Type - predicate invariant' [#"../06_map_precond.rs" 158 4 158 30] (self : C06MapPrecond_Map_Type.t_map i b f Item0.item) = - [#"../06_map_precond.rs" 160 12 162 73] Reinitialize0.reinitialize () /\ PreservationInv0.preservation_inv (C06MapPrecond_Map_Type.map_iter self) (C06MapPrecond_Map_Type.map_func self) (Ghost.inner (C06MapPrecond_Map_Type.map_produced self)) /\ NextPrecondition0.next_precondition (C06MapPrecond_Map_Type.map_iter self) (C06MapPrecond_Map_Type.map_func self) (Ghost.inner (C06MapPrecond_Map_Type.map_produced self)) - val invariant' [#"../06_map_precond.rs" 158 4 158 30] (self : C06MapPrecond_Map_Type.t_map i b f Item0.item) : bool + predicate invariant' [#"../06_map_precond.rs" 157 4 157 30] (self : C06MapPrecond_Map_Type.t_map i b f Item0.item) = + [#"../06_map_precond.rs" 159 12 161 73] Reinitialize0.reinitialize () /\ PreservationInv0.preservation_inv (C06MapPrecond_Map_Type.map_iter self) (C06MapPrecond_Map_Type.map_func self) (Ghost.inner (C06MapPrecond_Map_Type.map_produced self)) /\ NextPrecondition0.next_precondition (C06MapPrecond_Map_Type.map_iter self) (C06MapPrecond_Map_Type.map_func self) (Ghost.inner (C06MapPrecond_Map_Type.map_produced self)) + val invariant' [#"../06_map_precond.rs" 157 4 157 30] (self : C06MapPrecond_Map_Type.t_map i b f Item0.item) : bool ensures { result = invariant' self } end @@ -1856,7 +1856,7 @@ module C06MapPrecond_Impl1_ProducesOne_Stub type t = b clone CreusotContracts_Invariant_Inv_Stub as Inv0 with type t = C06MapPrecond_Map_Type.t_map i b f Item0.item - predicate produces_one [#"../06_map_precond.rs" 143 4 143 57] (self : C06MapPrecond_Map_Type.t_map i b f Item0.item) (visited : b) (succ : C06MapPrecond_Map_Type.t_map i b f Item0.item) + predicate produces_one [#"../06_map_precond.rs" 142 4 142 57] (self : C06MapPrecond_Map_Type.t_map i b f Item0.item) (visited : b) (succ : C06MapPrecond_Map_Type.t_map i b f Item0.item) end module C06MapPrecond_Impl1_ProducesOne_Interface @@ -1876,16 +1876,16 @@ module C06MapPrecond_Impl1_ProducesOne_Interface type t = b clone CreusotContracts_Invariant_Inv_Stub as Inv0 with type t = C06MapPrecond_Map_Type.t_map i b f Item0.item - predicate produces_one [#"../06_map_precond.rs" 143 4 143 57] (self : C06MapPrecond_Map_Type.t_map i b f Item0.item) (visited : b) (succ : C06MapPrecond_Map_Type.t_map i b f Item0.item) + predicate produces_one [#"../06_map_precond.rs" 142 4 142 57] (self : C06MapPrecond_Map_Type.t_map i b f Item0.item) (visited : b) (succ : C06MapPrecond_Map_Type.t_map i b f Item0.item) - val produces_one [#"../06_map_precond.rs" 143 4 143 57] (self : C06MapPrecond_Map_Type.t_map i b f Item0.item) (visited : b) (succ : C06MapPrecond_Map_Type.t_map i b f Item0.item) : bool - requires {[#"../06_map_precond.rs" 143 20 143 24] Inv0.inv self} - requires {[#"../06_map_precond.rs" 143 26 143 33] Inv1.inv visited} - requires {[#"../06_map_precond.rs" 143 38 143 42] Inv0.inv succ} - ensures { [#"../06_map_precond.rs" 142 14 142 68] result = Produces0.produces self (Seq.singleton visited) succ } + val produces_one [#"../06_map_precond.rs" 142 4 142 57] (self : C06MapPrecond_Map_Type.t_map i b f Item0.item) (visited : b) (succ : C06MapPrecond_Map_Type.t_map i b f Item0.item) : bool + requires {[#"../06_map_precond.rs" 142 20 142 24] Inv0.inv self} + requires {[#"../06_map_precond.rs" 142 26 142 33] Inv1.inv visited} + requires {[#"../06_map_precond.rs" 142 38 142 42] Inv0.inv succ} + ensures { [#"../06_map_precond.rs" 141 14 141 68] result = Produces0.produces self (Seq.singleton visited) succ } ensures { result = produces_one self visited succ } - axiom produces_one_spec : forall self : C06MapPrecond_Map_Type.t_map i b f Item0.item, visited : b, succ : C06MapPrecond_Map_Type.t_map i b f Item0.item . ([#"../06_map_precond.rs" 143 20 143 24] Inv0.inv self) -> ([#"../06_map_precond.rs" 143 26 143 33] Inv1.inv visited) -> ([#"../06_map_precond.rs" 143 38 143 42] Inv0.inv succ) -> ([#"../06_map_precond.rs" 142 14 142 68] produces_one self visited succ = Produces0.produces self (Seq.singleton visited) succ) + axiom produces_one_spec : forall self : C06MapPrecond_Map_Type.t_map i b f Item0.item, visited : b, succ : C06MapPrecond_Map_Type.t_map i b f Item0.item . ([#"../06_map_precond.rs" 142 20 142 24] Inv0.inv self) -> ([#"../06_map_precond.rs" 142 26 142 33] Inv1.inv visited) -> ([#"../06_map_precond.rs" 142 38 142 42] Inv0.inv succ) -> ([#"../06_map_precond.rs" 141 14 141 68] produces_one self visited succ = Produces0.produces self (Seq.singleton visited) succ) end module C06MapPrecond_Impl1_ProducesOne type i @@ -1922,18 +1922,18 @@ module C06MapPrecond_Impl1_ProducesOne type t = b clone CreusotContracts_Invariant_Inv_Stub as Inv0 with type t = C06MapPrecond_Map_Type.t_map i b f Item0.item - predicate produces_one [#"../06_map_precond.rs" 143 4 143 57] (self : C06MapPrecond_Map_Type.t_map i b f Item0.item) (visited : b) (succ : C06MapPrecond_Map_Type.t_map i b f Item0.item) + predicate produces_one [#"../06_map_precond.rs" 142 4 142 57] (self : C06MapPrecond_Map_Type.t_map i b f Item0.item) (visited : b) (succ : C06MapPrecond_Map_Type.t_map i b f Item0.item) = - [#"../06_map_precond.rs" 144 8 150 9] exists f : borrowed f . Inv2.inv f /\ * f = C06MapPrecond_Map_Type.map_func self /\ ^ f = C06MapPrecond_Map_Type.map_func succ /\ (exists e : Item0.item . Inv3.inv e /\ Produces1.produces (C06MapPrecond_Map_Type.map_iter self) (Seq.singleton e) (C06MapPrecond_Map_Type.map_iter succ) /\ Ghost.inner (C06MapPrecond_Map_Type.map_produced succ) = Seq.snoc (Ghost.inner (C06MapPrecond_Map_Type.map_produced self)) e /\ Precondition0.precondition ( * f) (e, C06MapPrecond_Map_Type.map_produced self) /\ PostconditionMut0.postcondition_mut f (e, C06MapPrecond_Map_Type.map_produced self) visited) - val produces_one [#"../06_map_precond.rs" 143 4 143 57] (self : C06MapPrecond_Map_Type.t_map i b f Item0.item) (visited : b) (succ : C06MapPrecond_Map_Type.t_map i b f Item0.item) : bool - requires {[#"../06_map_precond.rs" 143 20 143 24] Inv0.inv self} - requires {[#"../06_map_precond.rs" 143 26 143 33] Inv1.inv visited} - requires {[#"../06_map_precond.rs" 143 38 143 42] Inv0.inv succ} - ensures { [#"../06_map_precond.rs" 142 14 142 68] result = Produces0.produces self (Seq.singleton visited) succ } + [#"../06_map_precond.rs" 143 8 149 9] exists f : borrowed f . Inv2.inv f /\ * f = C06MapPrecond_Map_Type.map_func self /\ ^ f = C06MapPrecond_Map_Type.map_func succ /\ (exists e : Item0.item . Inv3.inv e /\ Produces1.produces (C06MapPrecond_Map_Type.map_iter self) (Seq.singleton e) (C06MapPrecond_Map_Type.map_iter succ) /\ Ghost.inner (C06MapPrecond_Map_Type.map_produced succ) = Seq.snoc (Ghost.inner (C06MapPrecond_Map_Type.map_produced self)) e /\ Precondition0.precondition ( * f) (e, C06MapPrecond_Map_Type.map_produced self) /\ PostconditionMut0.postcondition_mut f (e, C06MapPrecond_Map_Type.map_produced self) visited) + val produces_one [#"../06_map_precond.rs" 142 4 142 57] (self : C06MapPrecond_Map_Type.t_map i b f Item0.item) (visited : b) (succ : C06MapPrecond_Map_Type.t_map i b f Item0.item) : bool + requires {[#"../06_map_precond.rs" 142 20 142 24] Inv0.inv self} + requires {[#"../06_map_precond.rs" 142 26 142 33] Inv1.inv visited} + requires {[#"../06_map_precond.rs" 142 38 142 42] Inv0.inv succ} + ensures { [#"../06_map_precond.rs" 141 14 141 68] result = Produces0.produces self (Seq.singleton visited) succ } ensures { result = produces_one self visited succ } - axiom produces_one_spec : forall self : C06MapPrecond_Map_Type.t_map i b f Item0.item, visited : b, succ : C06MapPrecond_Map_Type.t_map i b f Item0.item . ([#"../06_map_precond.rs" 143 20 143 24] Inv0.inv self) -> ([#"../06_map_precond.rs" 143 26 143 33] Inv1.inv visited) -> ([#"../06_map_precond.rs" 143 38 143 42] Inv0.inv succ) -> ([#"../06_map_precond.rs" 142 14 142 68] produces_one self visited succ = Produces0.produces self (Seq.singleton visited) succ) + axiom produces_one_spec : forall self : C06MapPrecond_Map_Type.t_map i b f Item0.item, visited : b, succ : C06MapPrecond_Map_Type.t_map i b f Item0.item . ([#"../06_map_precond.rs" 142 20 142 24] Inv0.inv self) -> ([#"../06_map_precond.rs" 142 26 142 33] Inv1.inv visited) -> ([#"../06_map_precond.rs" 142 38 142 42] Inv0.inv succ) -> ([#"../06_map_precond.rs" 141 14 141 68] produces_one self visited succ = Produces0.produces self (Seq.singleton visited) succ) end module C06MapPrecond_Impl1_ProducesOne_Impl type i @@ -2177,14 +2177,14 @@ module C06MapPrecond_Impl1_ProducesOne_Impl predicate Inv1.inv = Inv6.inv, predicate Inv2.inv = Inv7.inv, axiom . - let rec ghost predicate produces_one [#"../06_map_precond.rs" 143 4 143 57] (self : C06MapPrecond_Map_Type.t_map i b f Item0.item) (visited : b) (succ : C06MapPrecond_Map_Type.t_map i b f Item0.item) - requires {[#"../06_map_precond.rs" 143 20 143 24] Inv0.inv self} - requires {[#"../06_map_precond.rs" 143 26 143 33] Inv1.inv visited} - requires {[#"../06_map_precond.rs" 143 38 143 42] Inv0.inv succ} - ensures { [#"../06_map_precond.rs" 142 14 142 68] result = Produces0.produces self (Seq.singleton visited) succ } + let rec ghost predicate produces_one [#"../06_map_precond.rs" 142 4 142 57] (self : C06MapPrecond_Map_Type.t_map i b f Item0.item) (visited : b) (succ : C06MapPrecond_Map_Type.t_map i b f Item0.item) + requires {[#"../06_map_precond.rs" 142 20 142 24] Inv0.inv self} + requires {[#"../06_map_precond.rs" 142 26 142 33] Inv1.inv visited} + requires {[#"../06_map_precond.rs" 142 38 142 42] Inv0.inv succ} + ensures { [#"../06_map_precond.rs" 141 14 141 68] result = Produces0.produces self (Seq.singleton visited) succ } = [@vc:do_not_keep_trace] [@vc:sp] - [#"../06_map_precond.rs" 144 8 150 9] pure {exists f : borrowed f . Inv2.inv f /\ * f = C06MapPrecond_Map_Type.map_func self /\ ^ f = C06MapPrecond_Map_Type.map_func succ /\ (exists e : Item0.item . Inv3.inv e /\ Produces1.produces (C06MapPrecond_Map_Type.map_iter self) (Seq.singleton e) (C06MapPrecond_Map_Type.map_iter succ) /\ Ghost.inner (C06MapPrecond_Map_Type.map_produced succ) = Seq.snoc (Ghost.inner (C06MapPrecond_Map_Type.map_produced self)) e /\ Precondition0.precondition ( * f) (e, C06MapPrecond_Map_Type.map_produced self) /\ PostconditionMut0.postcondition_mut f (e, C06MapPrecond_Map_Type.map_produced self) visited)} + [#"../06_map_precond.rs" 143 8 149 9] pure {exists f : borrowed f . Inv2.inv f /\ * f = C06MapPrecond_Map_Type.map_func self /\ ^ f = C06MapPrecond_Map_Type.map_func succ /\ (exists e : Item0.item . Inv3.inv e /\ Produces1.produces (C06MapPrecond_Map_Type.map_iter self) (Seq.singleton e) (C06MapPrecond_Map_Type.map_iter succ) /\ Ghost.inner (C06MapPrecond_Map_Type.map_produced succ) = Seq.snoc (Ghost.inner (C06MapPrecond_Map_Type.map_produced self)) e /\ Precondition0.precondition ( * f) (e, C06MapPrecond_Map_Type.map_produced self) /\ PostconditionMut0.postcondition_mut f (e, C06MapPrecond_Map_Type.map_produced self) visited)} end module CreusotContracts_Resolve_Impl1_Resolve_Stub type t @@ -2294,6 +2294,15 @@ module Core_Ops_Function_FnMut_CallMut_Interface ensures { Inv2.inv result } end +module TyInv_Borrow + type t + use prelude.Borrow + clone CreusotContracts_Invariant_Inv_Stub as Inv1 with + type t = t + clone CreusotContracts_Invariant_Inv_Stub as Inv0 with + type t = borrowed t + axiom inv_borrow [@rewrite] : forall self : borrowed t . Inv0.inv self = (Inv1.inv ( * self) /\ Inv1.inv ( ^ self)) +end module C06MapPrecond_Impl1_ProducesOneInvariant_Stub type i type b @@ -2346,7 +2355,7 @@ module C06MapPrecond_Impl1_ProducesOneInvariant_Stub clone C06MapPrecond_Common_Iterator_Produces_Stub as Produces0 with type self = i, type Item0.item = Item0.item - function produces_one_invariant [#"../06_map_precond.rs" 133 4 133 73] (self : C06MapPrecond_Map_Type.t_map i b f Item0.item) (e : Item0.item) (r : b) (f : borrowed f) (iter : i) : () + function produces_one_invariant [#"../06_map_precond.rs" 132 4 132 73] (self : C06MapPrecond_Map_Type.t_map i b f Item0.item) (e : Item0.item) (r : b) (f : borrowed f) (iter : i) : () end module C06MapPrecond_Impl1_ProducesOneInvariant_Interface @@ -2401,22 +2410,22 @@ module C06MapPrecond_Impl1_ProducesOneInvariant_Interface clone C06MapPrecond_Common_Iterator_Produces_Stub as Produces0 with type self = i, type Item0.item = Item0.item - function produces_one_invariant [#"../06_map_precond.rs" 133 4 133 73] (self : C06MapPrecond_Map_Type.t_map i b f Item0.item) (e : Item0.item) (r : b) (f : borrowed f) (iter : i) : () + function produces_one_invariant [#"../06_map_precond.rs" 132 4 132 73] (self : C06MapPrecond_Map_Type.t_map i b f Item0.item) (e : Item0.item) (r : b) (f : borrowed f) (iter : i) : () - val produces_one_invariant [#"../06_map_precond.rs" 133 4 133 73] (self : C06MapPrecond_Map_Type.t_map i b f Item0.item) (e : Item0.item) (r : b) (f : borrowed f) (iter : i) : () - requires {[#"../06_map_precond.rs" 128 4 128 60] Produces0.produces (C06MapPrecond_Map_Type.map_iter self) (Seq.singleton e) iter} - requires {[#"../06_map_precond.rs" 129 15 129 30] * f = C06MapPrecond_Map_Type.map_func self} - requires {[#"../06_map_precond.rs" 130 15 130 57] PostconditionMut0.postcondition_mut f (e, C06MapPrecond_Map_Type.map_produced self) r} - requires {[#"../06_map_precond.rs" 133 30 133 34] Inv0.inv self} - requires {[#"../06_map_precond.rs" 133 36 133 37] Inv1.inv e} - requires {[#"../06_map_precond.rs" 133 48 133 49] Inv2.inv r} - requires {[#"../06_map_precond.rs" 133 54 133 55] Inv3.inv f} - requires {[#"../06_map_precond.rs" 133 65 133 69] Inv4.inv iter} - ensures { [#"../06_map_precond.rs" 131 14 131 69] PreservationInv0.preservation_inv iter ( ^ f) (Seq.snoc (Ghost.inner (C06MapPrecond_Map_Type.map_produced self)) e) } - ensures { [#"../06_map_precond.rs" 132 14 132 70] NextPrecondition0.next_precondition iter ( ^ f) (Seq.snoc (Ghost.inner (C06MapPrecond_Map_Type.map_produced self)) e) } + val produces_one_invariant [#"../06_map_precond.rs" 132 4 132 73] (self : C06MapPrecond_Map_Type.t_map i b f Item0.item) (e : Item0.item) (r : b) (f : borrowed f) (iter : i) : () + requires {[#"../06_map_precond.rs" 127 4 127 60] Produces0.produces (C06MapPrecond_Map_Type.map_iter self) (Seq.singleton e) iter} + requires {[#"../06_map_precond.rs" 128 15 128 30] * f = C06MapPrecond_Map_Type.map_func self} + requires {[#"../06_map_precond.rs" 129 15 129 57] PostconditionMut0.postcondition_mut f (e, C06MapPrecond_Map_Type.map_produced self) r} + requires {[#"../06_map_precond.rs" 132 30 132 34] Inv0.inv self} + requires {[#"../06_map_precond.rs" 132 36 132 37] Inv1.inv e} + requires {[#"../06_map_precond.rs" 132 48 132 49] Inv2.inv r} + requires {[#"../06_map_precond.rs" 132 54 132 55] Inv3.inv f} + requires {[#"../06_map_precond.rs" 132 65 132 69] Inv4.inv iter} + ensures { [#"../06_map_precond.rs" 130 14 130 69] PreservationInv0.preservation_inv iter ( ^ f) (Seq.snoc (Ghost.inner (C06MapPrecond_Map_Type.map_produced self)) e) } + ensures { [#"../06_map_precond.rs" 131 14 131 70] NextPrecondition0.next_precondition iter ( ^ f) (Seq.snoc (Ghost.inner (C06MapPrecond_Map_Type.map_produced self)) e) } ensures { result = produces_one_invariant self e r f iter } - axiom produces_one_invariant_spec : forall self : C06MapPrecond_Map_Type.t_map i b f Item0.item, e : Item0.item, r : b, f : borrowed f, iter : i . ([#"../06_map_precond.rs" 128 4 128 60] Produces0.produces (C06MapPrecond_Map_Type.map_iter self) (Seq.singleton e) iter) -> ([#"../06_map_precond.rs" 129 15 129 30] * f = C06MapPrecond_Map_Type.map_func self) -> ([#"../06_map_precond.rs" 130 15 130 57] PostconditionMut0.postcondition_mut f (e, C06MapPrecond_Map_Type.map_produced self) r) -> ([#"../06_map_precond.rs" 133 30 133 34] Inv0.inv self) -> ([#"../06_map_precond.rs" 133 36 133 37] Inv1.inv e) -> ([#"../06_map_precond.rs" 133 48 133 49] Inv2.inv r) -> ([#"../06_map_precond.rs" 133 54 133 55] Inv3.inv f) -> ([#"../06_map_precond.rs" 133 65 133 69] Inv4.inv iter) -> ([#"../06_map_precond.rs" 132 14 132 70] NextPrecondition0.next_precondition iter ( ^ f) (Seq.snoc (Ghost.inner (C06MapPrecond_Map_Type.map_produced self)) e)) && ([#"../06_map_precond.rs" 131 14 131 69] PreservationInv0.preservation_inv iter ( ^ f) (Seq.snoc (Ghost.inner (C06MapPrecond_Map_Type.map_produced self)) e)) + axiom produces_one_invariant_spec : forall self : C06MapPrecond_Map_Type.t_map i b f Item0.item, e : Item0.item, r : b, f : borrowed f, iter : i . ([#"../06_map_precond.rs" 127 4 127 60] Produces0.produces (C06MapPrecond_Map_Type.map_iter self) (Seq.singleton e) iter) -> ([#"../06_map_precond.rs" 128 15 128 30] * f = C06MapPrecond_Map_Type.map_func self) -> ([#"../06_map_precond.rs" 129 15 129 57] PostconditionMut0.postcondition_mut f (e, C06MapPrecond_Map_Type.map_produced self) r) -> ([#"../06_map_precond.rs" 132 30 132 34] Inv0.inv self) -> ([#"../06_map_precond.rs" 132 36 132 37] Inv1.inv e) -> ([#"../06_map_precond.rs" 132 48 132 49] Inv2.inv r) -> ([#"../06_map_precond.rs" 132 54 132 55] Inv3.inv f) -> ([#"../06_map_precond.rs" 132 65 132 69] Inv4.inv iter) -> ([#"../06_map_precond.rs" 131 14 131 70] NextPrecondition0.next_precondition iter ( ^ f) (Seq.snoc (Ghost.inner (C06MapPrecond_Map_Type.map_produced self)) e)) && ([#"../06_map_precond.rs" 130 14 130 69] PreservationInv0.preservation_inv iter ( ^ f) (Seq.snoc (Ghost.inner (C06MapPrecond_Map_Type.map_produced self)) e)) end module C06MapPrecond_Impl1_ProducesOneInvariant type i @@ -2470,22 +2479,22 @@ module C06MapPrecond_Impl1_ProducesOneInvariant clone C06MapPrecond_Common_Iterator_Produces_Stub as Produces0 with type self = i, type Item0.item = Item0.item - function produces_one_invariant [#"../06_map_precond.rs" 133 4 133 73] (self : C06MapPrecond_Map_Type.t_map i b f Item0.item) (e : Item0.item) (r : b) (f : borrowed f) (iter : i) : () + function produces_one_invariant [#"../06_map_precond.rs" 132 4 132 73] (self : C06MapPrecond_Map_Type.t_map i b f Item0.item) (e : Item0.item) (r : b) (f : borrowed f) (iter : i) : () - val produces_one_invariant [#"../06_map_precond.rs" 133 4 133 73] (self : C06MapPrecond_Map_Type.t_map i b f Item0.item) (e : Item0.item) (r : b) (f : borrowed f) (iter : i) : () - requires {[#"../06_map_precond.rs" 128 4 128 60] Produces0.produces (C06MapPrecond_Map_Type.map_iter self) (Seq.singleton e) iter} - requires {[#"../06_map_precond.rs" 129 15 129 30] * f = C06MapPrecond_Map_Type.map_func self} - requires {[#"../06_map_precond.rs" 130 15 130 57] PostconditionMut0.postcondition_mut f (e, C06MapPrecond_Map_Type.map_produced self) r} - requires {[#"../06_map_precond.rs" 133 30 133 34] Inv0.inv self} - requires {[#"../06_map_precond.rs" 133 36 133 37] Inv1.inv e} - requires {[#"../06_map_precond.rs" 133 48 133 49] Inv2.inv r} - requires {[#"../06_map_precond.rs" 133 54 133 55] Inv3.inv f} - requires {[#"../06_map_precond.rs" 133 65 133 69] Inv4.inv iter} - ensures { [#"../06_map_precond.rs" 131 14 131 69] PreservationInv0.preservation_inv iter ( ^ f) (Seq.snoc (Ghost.inner (C06MapPrecond_Map_Type.map_produced self)) e) } - ensures { [#"../06_map_precond.rs" 132 14 132 70] NextPrecondition0.next_precondition iter ( ^ f) (Seq.snoc (Ghost.inner (C06MapPrecond_Map_Type.map_produced self)) e) } + val produces_one_invariant [#"../06_map_precond.rs" 132 4 132 73] (self : C06MapPrecond_Map_Type.t_map i b f Item0.item) (e : Item0.item) (r : b) (f : borrowed f) (iter : i) : () + requires {[#"../06_map_precond.rs" 127 4 127 60] Produces0.produces (C06MapPrecond_Map_Type.map_iter self) (Seq.singleton e) iter} + requires {[#"../06_map_precond.rs" 128 15 128 30] * f = C06MapPrecond_Map_Type.map_func self} + requires {[#"../06_map_precond.rs" 129 15 129 57] PostconditionMut0.postcondition_mut f (e, C06MapPrecond_Map_Type.map_produced self) r} + requires {[#"../06_map_precond.rs" 132 30 132 34] Inv0.inv self} + requires {[#"../06_map_precond.rs" 132 36 132 37] Inv1.inv e} + requires {[#"../06_map_precond.rs" 132 48 132 49] Inv2.inv r} + requires {[#"../06_map_precond.rs" 132 54 132 55] Inv3.inv f} + requires {[#"../06_map_precond.rs" 132 65 132 69] Inv4.inv iter} + ensures { [#"../06_map_precond.rs" 130 14 130 69] PreservationInv0.preservation_inv iter ( ^ f) (Seq.snoc (Ghost.inner (C06MapPrecond_Map_Type.map_produced self)) e) } + ensures { [#"../06_map_precond.rs" 131 14 131 70] NextPrecondition0.next_precondition iter ( ^ f) (Seq.snoc (Ghost.inner (C06MapPrecond_Map_Type.map_produced self)) e) } ensures { result = produces_one_invariant self e r f iter } - axiom produces_one_invariant_spec : forall self : C06MapPrecond_Map_Type.t_map i b f Item0.item, e : Item0.item, r : b, f : borrowed f, iter : i . ([#"../06_map_precond.rs" 128 4 128 60] Produces0.produces (C06MapPrecond_Map_Type.map_iter self) (Seq.singleton e) iter) -> ([#"../06_map_precond.rs" 129 15 129 30] * f = C06MapPrecond_Map_Type.map_func self) -> ([#"../06_map_precond.rs" 130 15 130 57] PostconditionMut0.postcondition_mut f (e, C06MapPrecond_Map_Type.map_produced self) r) -> ([#"../06_map_precond.rs" 133 30 133 34] Inv0.inv self) -> ([#"../06_map_precond.rs" 133 36 133 37] Inv1.inv e) -> ([#"../06_map_precond.rs" 133 48 133 49] Inv2.inv r) -> ([#"../06_map_precond.rs" 133 54 133 55] Inv3.inv f) -> ([#"../06_map_precond.rs" 133 65 133 69] Inv4.inv iter) -> ([#"../06_map_precond.rs" 132 14 132 70] NextPrecondition0.next_precondition iter ( ^ f) (Seq.snoc (Ghost.inner (C06MapPrecond_Map_Type.map_produced self)) e)) && ([#"../06_map_precond.rs" 131 14 131 69] PreservationInv0.preservation_inv iter ( ^ f) (Seq.snoc (Ghost.inner (C06MapPrecond_Map_Type.map_produced self)) e)) + axiom produces_one_invariant_spec : forall self : C06MapPrecond_Map_Type.t_map i b f Item0.item, e : Item0.item, r : b, f : borrowed f, iter : i . ([#"../06_map_precond.rs" 127 4 127 60] Produces0.produces (C06MapPrecond_Map_Type.map_iter self) (Seq.singleton e) iter) -> ([#"../06_map_precond.rs" 128 15 128 30] * f = C06MapPrecond_Map_Type.map_func self) -> ([#"../06_map_precond.rs" 129 15 129 57] PostconditionMut0.postcondition_mut f (e, C06MapPrecond_Map_Type.map_produced self) r) -> ([#"../06_map_precond.rs" 132 30 132 34] Inv0.inv self) -> ([#"../06_map_precond.rs" 132 36 132 37] Inv1.inv e) -> ([#"../06_map_precond.rs" 132 48 132 49] Inv2.inv r) -> ([#"../06_map_precond.rs" 132 54 132 55] Inv3.inv f) -> ([#"../06_map_precond.rs" 132 65 132 69] Inv4.inv iter) -> ([#"../06_map_precond.rs" 131 14 131 70] NextPrecondition0.next_precondition iter ( ^ f) (Seq.snoc (Ghost.inner (C06MapPrecond_Map_Type.map_produced self)) e)) && ([#"../06_map_precond.rs" 130 14 130 69] PreservationInv0.preservation_inv iter ( ^ f) (Seq.snoc (Ghost.inner (C06MapPrecond_Map_Type.map_produced self)) e)) end module C06MapPrecond_Impl1_ProducesOneInvariant_Impl type i @@ -2689,29 +2698,20 @@ module C06MapPrecond_Impl1_ProducesOneInvariant_Impl predicate Produces0.produces = Produces0.produces, type Item0.item = Item0.item, axiom . - let rec ghost function produces_one_invariant [#"../06_map_precond.rs" 133 4 133 73] (self : C06MapPrecond_Map_Type.t_map i b f Item0.item) (e : Item0.item) (r : b) (f : borrowed f) (iter : i) : () - requires {[#"../06_map_precond.rs" 128 4 128 60] Produces0.produces (C06MapPrecond_Map_Type.map_iter self) (Seq.singleton e) iter} - requires {[#"../06_map_precond.rs" 129 15 129 30] * f = C06MapPrecond_Map_Type.map_func self} - requires {[#"../06_map_precond.rs" 130 15 130 57] PostconditionMut0.postcondition_mut f (e, C06MapPrecond_Map_Type.map_produced self) r} - requires {[#"../06_map_precond.rs" 133 30 133 34] Inv0.inv self} - requires {[#"../06_map_precond.rs" 133 36 133 37] Inv1.inv e} - requires {[#"../06_map_precond.rs" 133 48 133 49] Inv2.inv r} - requires {[#"../06_map_precond.rs" 133 54 133 55] Inv3.inv f} - requires {[#"../06_map_precond.rs" 133 65 133 69] Inv4.inv iter} - ensures { [#"../06_map_precond.rs" 131 14 131 69] PreservationInv0.preservation_inv iter ( ^ f) (Seq.snoc (Ghost.inner (C06MapPrecond_Map_Type.map_produced self)) e) } - ensures { [#"../06_map_precond.rs" 132 14 132 70] NextPrecondition0.next_precondition iter ( ^ f) (Seq.snoc (Ghost.inner (C06MapPrecond_Map_Type.map_produced self)) e) } + let rec ghost function produces_one_invariant [#"../06_map_precond.rs" 132 4 132 73] (self : C06MapPrecond_Map_Type.t_map i b f Item0.item) (e : Item0.item) (r : b) (f : borrowed f) (iter : i) : () + requires {[#"../06_map_precond.rs" 127 4 127 60] Produces0.produces (C06MapPrecond_Map_Type.map_iter self) (Seq.singleton e) iter} + requires {[#"../06_map_precond.rs" 128 15 128 30] * f = C06MapPrecond_Map_Type.map_func self} + requires {[#"../06_map_precond.rs" 129 15 129 57] PostconditionMut0.postcondition_mut f (e, C06MapPrecond_Map_Type.map_produced self) r} + requires {[#"../06_map_precond.rs" 132 30 132 34] Inv0.inv self} + requires {[#"../06_map_precond.rs" 132 36 132 37] Inv1.inv e} + requires {[#"../06_map_precond.rs" 132 48 132 49] Inv2.inv r} + requires {[#"../06_map_precond.rs" 132 54 132 55] Inv3.inv f} + requires {[#"../06_map_precond.rs" 132 65 132 69] Inv4.inv iter} + ensures { [#"../06_map_precond.rs" 130 14 130 69] PreservationInv0.preservation_inv iter ( ^ f) (Seq.snoc (Ghost.inner (C06MapPrecond_Map_Type.map_produced self)) e) } + ensures { [#"../06_map_precond.rs" 131 14 131 70] NextPrecondition0.next_precondition iter ( ^ f) (Seq.snoc (Ghost.inner (C06MapPrecond_Map_Type.map_produced self)) e) } = [@vc:do_not_keep_trace] [@vc:sp] - [#"../06_map_precond.rs" 127 4 127 12] let _ = let a = pure {forall i : i . forall e2 : Item0.item . forall e1 : Item0.item . forall s : Seq.seq Item0.item . Inv4.inv i -> Inv1.inv e2 -> Inv1.inv e1 -> Inv5.inv s -> Produces0.produces iter (Seq.snoc (Seq.snoc s e1) e2) i -> Produces0.produces (C06MapPrecond_Map_Type.map_iter self) (Seq.snoc (Seq.snoc (Seq.(++) (Seq.singleton e) s) e1) e2) i} in assert {a} in () -end -module TyInv_Borrow - type t - use prelude.Borrow - clone CreusotContracts_Invariant_Inv_Stub as Inv1 with - type t = t - clone CreusotContracts_Invariant_Inv_Stub as Inv0 with - type t = borrowed t - axiom inv_borrow [@rewrite] : forall self : borrowed t . Inv0.inv self = (Inv1.inv ( * self) /\ Inv1.inv ( ^ self)) + [#"../06_map_precond.rs" 126 4 126 12] let _ = let a = pure {forall i : i . forall e2 : Item0.item . forall e1 : Item0.item . forall s : Seq.seq Item0.item . Inv4.inv i -> Inv1.inv e2 -> Inv1.inv e1 -> Inv5.inv s -> Produces0.produces iter (Seq.snoc (Seq.snoc s e1) e2) i -> Produces0.produces (C06MapPrecond_Map_Type.map_iter self) (Seq.snoc (Seq.snoc (Seq.(++) (Seq.singleton e) s) e1) e2) i} in assert {a} in () end module C06MapPrecond_Impl0_Next_Interface type i @@ -3023,9 +3023,7 @@ module C06MapPrecond_Impl0_Next type f = f, type Item0.item = Item0.item, predicate Completed0.completed = Completed1.completed - clone CreusotContracts_Resolve_Impl1_Resolve as Resolve3 with - type t = C06MapPrecond_Map_Type.t_map i b f Item0.item - clone CreusotContracts_Resolve_Resolve_Resolve_Interface as Resolve2 with + clone CreusotContracts_Resolve_Resolve_Resolve_Interface as Resolve3 with type self = Ghost.ghost_ty () clone C06MapPrecond_Impl1_ProducesOneInvariant as ProducesOneInvariant0 with type i = i, @@ -3045,6 +3043,8 @@ module C06MapPrecond_Impl0_Next predicate Inv6.inv = Inv2.inv, predicate Preservation0.preservation = Preservation0.preservation, axiom . + clone CreusotContracts_Resolve_Impl1_Resolve as Resolve2 with + type t = C06MapPrecond_Map_Type.t_map i b f Item0.item clone CreusotContracts_Resolve_Resolve_Resolve_Interface as Resolve1 with type self = Ghost.ghost_ty (Seq.seq Item0.item) clone Core_Ops_Function_FnMut_CallMut_Interface as CallMut0 with @@ -3088,7 +3088,7 @@ module C06MapPrecond_Impl0_Next goto BB0 } BB0 { - _4 <- Borrow.borrow_mut (C06MapPrecond_Map_Type.map_iter ( * self)); + _4 <- Borrow.borrow_final (C06MapPrecond_Map_Type.map_iter ( * self)) (Borrow.inherit_id (Borrow.get_id self) 1); self <- { self with current = (let C06MapPrecond_Map_Type.C_Map a b c = * self in C06MapPrecond_Map_Type.C_Map ( ^ _4) b c) ; }; assume { Inv0.inv ( ^ _4) }; _3 <- ([#"../06_map_precond.rs" 64 14 64 30] Next0.next _4); @@ -3104,7 +3104,7 @@ module C06MapPrecond_Impl0_Next BB2 { assert { [@expl:type invariant] Inv1.inv _3 }; assume { Resolve0.resolve _3 }; - _20 <- ([#"../06_map_precond.rs" 75 32 75 50] Ghost.new (Seq.empty )); + _20 <- ([#"../06_map_precond.rs" 74 32 74 50] Ghost.new (Seq.empty )); goto BB14 } BB3 { @@ -3114,7 +3114,7 @@ module C06MapPrecond_Impl0_Next assert { [@expl:type invariant] Inv1.inv _3 }; assume { Resolve0.resolve _3 }; assert { [@expl:type invariant] Inv4.inv self }; - assume { Resolve3.resolve self }; + assume { Resolve2.resolve self }; absurd } BB5 { @@ -3130,7 +3130,7 @@ module C06MapPrecond_Impl0_Next goto BB7 } BB7 { - _12 <- Borrow.borrow_mut (C06MapPrecond_Map_Type.map_func ( * self)); + _12 <- Borrow.borrow_final (C06MapPrecond_Map_Type.map_func ( * self)) (Borrow.inherit_id (Borrow.get_id self) 2); self <- { self with current = (let C06MapPrecond_Map_Type.C_Map a b c = * self in C06MapPrecond_Map_Type.C_Map a ( ^ _12) c) ; }; assume { Inv2.inv ( ^ _12) }; r <- ([#"../06_map_precond.rs" 68 24 68 53] CallMut0.call_mut _12 (v, C06MapPrecond_Map_Type.map_produced ( * self))); @@ -3145,13 +3145,15 @@ module C06MapPrecond_Impl0_Next assert { [@expl:type invariant] Inv3.inv produced }; assume { Resolve1.resolve produced }; self <- { self with current = (let C06MapPrecond_Map_Type.C_Map a b c = * self in C06MapPrecond_Map_Type.C_Map a b produced) ; }; + assert { [@expl:type invariant] Inv3.inv (C06MapPrecond_Map_Type.map_produced ( * self)) }; + assume { Resolve1.resolve (C06MapPrecond_Map_Type.map_produced ( * self)) }; + assert { [@expl:type invariant] Inv4.inv self }; + assume { Resolve2.resolve self }; _17 <- ([#"../06_map_precond.rs" 70 16 70 52] Ghost.new ()); goto BB10 } BB10 { - assume { Resolve2.resolve _17 }; - assert { [@expl:type invariant] Inv4.inv self }; - assume { Resolve3.resolve self }; + assume { Resolve3.resolve _17 }; _0 <- Core_Option_Option_Type.C_Some r; r <- any b; goto BB11 @@ -3171,7 +3173,7 @@ module C06MapPrecond_Impl0_Next assert { [@expl:type invariant] Inv3.inv (C06MapPrecond_Map_Type.map_produced ( * self)) }; assume { Resolve1.resolve (C06MapPrecond_Map_Type.map_produced ( * self)) }; assert { [@expl:type invariant] Inv4.inv self }; - assume { Resolve3.resolve self }; + assume { Resolve2.resolve self }; _0 <- Core_Option_Option_Type.C_None; goto BB15 } @@ -3216,14 +3218,14 @@ module C06MapPrecond_Map_Interface type t = Item0.item clone CreusotContracts_Invariant_Inv_Stub as Inv0 with type t = i - val map [#"../06_map_precond.rs" 171 0 174 17] (iter : i) (func : f) : C06MapPrecond_Map_Type.t_map i b f Item0.item - requires {[#"../06_map_precond.rs" 167 0 167 128] forall i2 : i . forall e : Item0.item . Inv0.inv i2 -> Inv1.inv e -> Produces0.produces iter (Seq.singleton e) i2 -> Precondition0.precondition func (e, Ghost.new (Seq.empty ))} - requires {[#"../06_map_precond.rs" 168 11 168 41] Reinitialize0.reinitialize ()} - requires {[#"../06_map_precond.rs" 169 11 169 51] Preservation0.preservation iter func} - requires {[#"../06_map_precond.rs" 172 4 172 8] Inv0.inv iter} - requires {[#"../06_map_precond.rs" 173 4 173 8] Inv2.inv func} - ensures { [#"../06_map_precond.rs" 170 10 170 72] result = C06MapPrecond_Map_Type.C_Map iter func (Ghost.new (Seq.empty )) } - ensures { [#"../06_map_precond.rs" 174 5 174 17] Inv3.inv result } + val map [#"../06_map_precond.rs" 170 0 173 17] (iter : i) (func : f) : C06MapPrecond_Map_Type.t_map i b f Item0.item + requires {[#"../06_map_precond.rs" 166 0 166 128] forall i2 : i . forall e : Item0.item . Inv0.inv i2 -> Inv1.inv e -> Produces0.produces iter (Seq.singleton e) i2 -> Precondition0.precondition func (e, Ghost.new (Seq.empty ))} + requires {[#"../06_map_precond.rs" 167 11 167 41] Reinitialize0.reinitialize ()} + requires {[#"../06_map_precond.rs" 168 11 168 51] Preservation0.preservation iter func} + requires {[#"../06_map_precond.rs" 171 4 171 8] Inv0.inv iter} + requires {[#"../06_map_precond.rs" 172 4 172 8] Inv2.inv func} + ensures { [#"../06_map_precond.rs" 169 10 169 72] result = C06MapPrecond_Map_Type.C_Map iter func (Ghost.new (Seq.empty )) } + ensures { [#"../06_map_precond.rs" 173 5 173 17] Inv3.inv result } end module C06MapPrecond_Map @@ -3428,14 +3430,14 @@ module C06MapPrecond_Map predicate Produces0.produces = Produces0.produces, type Item0.item = Item0.item, axiom . - let rec cfg map [#"../06_map_precond.rs" 171 0 174 17] [@cfg:stackify] [@cfg:subregion_analysis] (iter : i) (func : f) : C06MapPrecond_Map_Type.t_map i b f Item0.item - requires {[#"../06_map_precond.rs" 167 0 167 128] forall i2 : i . forall e : Item0.item . Inv0.inv i2 -> Inv1.inv e -> Produces0.produces iter (Seq.singleton e) i2 -> Precondition0.precondition func (e, Ghost.new (Seq.empty ))} - requires {[#"../06_map_precond.rs" 168 11 168 41] Reinitialize0.reinitialize ()} - requires {[#"../06_map_precond.rs" 169 11 169 51] Preservation0.preservation iter func} - requires {[#"../06_map_precond.rs" 172 4 172 8] Inv0.inv iter} - requires {[#"../06_map_precond.rs" 173 4 173 8] Inv2.inv func} - ensures { [#"../06_map_precond.rs" 170 10 170 72] result = C06MapPrecond_Map_Type.C_Map iter func (Ghost.new (Seq.empty )) } - ensures { [#"../06_map_precond.rs" 174 5 174 17] Inv3.inv result } + let rec cfg map [#"../06_map_precond.rs" 170 0 173 17] [@cfg:stackify] [@cfg:subregion_analysis] (iter : i) (func : f) : C06MapPrecond_Map_Type.t_map i b f Item0.item + requires {[#"../06_map_precond.rs" 166 0 166 128] forall i2 : i . forall e : Item0.item . Inv0.inv i2 -> Inv1.inv e -> Produces0.produces iter (Seq.singleton e) i2 -> Precondition0.precondition func (e, Ghost.new (Seq.empty ))} + requires {[#"../06_map_precond.rs" 167 11 167 41] Reinitialize0.reinitialize ()} + requires {[#"../06_map_precond.rs" 168 11 168 51] Preservation0.preservation iter func} + requires {[#"../06_map_precond.rs" 171 4 171 8] Inv0.inv iter} + requires {[#"../06_map_precond.rs" 172 4 172 8] Inv2.inv func} + ensures { [#"../06_map_precond.rs" 169 10 169 72] result = C06MapPrecond_Map_Type.C_Map iter func (Ghost.new (Seq.empty )) } + ensures { [#"../06_map_precond.rs" 173 5 173 17] Inv3.inv result } = [@vc:do_not_keep_trace] [@vc:sp] var _0 : C06MapPrecond_Map_Type.t_map i b f Item0.item; @@ -3455,7 +3457,7 @@ module C06MapPrecond_Map goto BB3 } BB3 { - _9 <- ([#"../06_map_precond.rs" 175 32 175 48] Ghost.new (Seq.empty )); + _9 <- ([#"../06_map_precond.rs" 174 32 174 48] Ghost.new (Seq.empty )); goto BB4 } BB4 { @@ -3498,28 +3500,28 @@ module C06MapPrecond_Identity_Closure0_Interface type t = Ghost.ghost_ty (Seq.seq Item0.item) clone CreusotContracts_Invariant_Inv_Stub as Inv0 with type t = Item0.item - predicate resolve [#"../06_map_precond.rs" 179 14 179 20] (_1 : c06mapprecond_identity_closure0 i) = + predicate resolve [#"../06_map_precond.rs" 178 14 178 20] (_1 : c06mapprecond_identity_closure0 i) = [#"../06_map_precond.rs" 1 0 1 0] true - predicate unnest [#"../06_map_precond.rs" 179 14 179 20] (self : c06mapprecond_identity_closure0 i) (_2 : c06mapprecond_identity_closure0 i) + predicate unnest [#"../06_map_precond.rs" 178 14 178 20] (self : c06mapprecond_identity_closure0 i) (_2 : c06mapprecond_identity_closure0 i) = [#"../06_map_precond.rs" 1 0 1 0] true - predicate precondition [#"../06_map_precond.rs" 179 14 179 20] (self : c06mapprecond_identity_closure0 i) (args : (Item0.item, Ghost.ghost_ty (Seq.seq Item0.item))) + predicate precondition [#"../06_map_precond.rs" 178 14 178 20] (self : c06mapprecond_identity_closure0 i) (args : (Item0.item, Ghost.ghost_ty (Seq.seq Item0.item))) = [#"../06_map_precond.rs" 1 0 1 0] let (x, _3) = args in true - predicate postcondition_once [#"../06_map_precond.rs" 179 14 179 20] (self : c06mapprecond_identity_closure0 i) (args : (Item0.item, Ghost.ghost_ty (Seq.seq Item0.item))) (result : Item0.item) + predicate postcondition_once [#"../06_map_precond.rs" 178 14 178 20] (self : c06mapprecond_identity_closure0 i) (args : (Item0.item, Ghost.ghost_ty (Seq.seq Item0.item))) (result : Item0.item) = [#"../06_map_precond.rs" 1 0 1 0] let (x, _3) = args in true - predicate postcondition_mut [#"../06_map_precond.rs" 179 14 179 20] (self : borrowed (c06mapprecond_identity_closure0 i)) (args : (Item0.item, Ghost.ghost_ty (Seq.seq Item0.item))) (result : Item0.item) + predicate postcondition_mut [#"../06_map_precond.rs" 178 14 178 20] (self : borrowed (c06mapprecond_identity_closure0 i)) (args : (Item0.item, Ghost.ghost_ty (Seq.seq Item0.item))) (result : Item0.item) = [#"../06_map_precond.rs" 1 0 1 0] (let (x, _3) = args in true) /\ unnest ( * self) ( ^ self) - val c06MapPrecond_Identity_Closure0 [#"../06_map_precond.rs" 179 14 179 20] (_1 : borrowed (c06mapprecond_identity_closure0 i)) (x : Item0.item) (_3 : Ghost.ghost_ty (Seq.seq Item0.item)) : Item0.item - requires {[#"../06_map_precond.rs" 179 15 179 16] Inv0.inv x} + val c06MapPrecond_Identity_Closure0 [#"../06_map_precond.rs" 178 14 178 20] (_1 : borrowed (c06mapprecond_identity_closure0 i)) (x : Item0.item) (_3 : Ghost.ghost_ty (Seq.seq Item0.item)) : Item0.item + requires {[#"../06_map_precond.rs" 178 15 178 16] Inv0.inv x} requires {[#"../06_map_precond.rs" 1 0 1 0] Inv1.inv _3} - ensures { [#"../06_map_precond.rs" 179 14 179 20] Inv0.inv result } + ensures { [#"../06_map_precond.rs" 178 14 178 20] Inv0.inv result } ensures { unnest ( * _1) ( ^ _1) } end @@ -3577,28 +3579,28 @@ module C06MapPrecond_Identity_Closure0 type t = c06mapprecond_identity_closure0 i clone CreusotContracts_Resolve_Resolve_Resolve_Interface as Resolve0 with type self = Ghost.ghost_ty (Seq.seq Item0.item) - predicate resolve [#"../06_map_precond.rs" 179 14 179 20] (_1 : c06mapprecond_identity_closure0 i) = + predicate resolve [#"../06_map_precond.rs" 178 14 178 20] (_1 : c06mapprecond_identity_closure0 i) = [#"../06_map_precond.rs" 1 0 1 0] true - predicate unnest [#"../06_map_precond.rs" 179 14 179 20] (self : c06mapprecond_identity_closure0 i) (_2 : c06mapprecond_identity_closure0 i) + predicate unnest [#"../06_map_precond.rs" 178 14 178 20] (self : c06mapprecond_identity_closure0 i) (_2 : c06mapprecond_identity_closure0 i) = [#"../06_map_precond.rs" 1 0 1 0] true - predicate precondition [#"../06_map_precond.rs" 179 14 179 20] (self : c06mapprecond_identity_closure0 i) (args : (Item0.item, Ghost.ghost_ty (Seq.seq Item0.item))) + predicate precondition [#"../06_map_precond.rs" 178 14 178 20] (self : c06mapprecond_identity_closure0 i) (args : (Item0.item, Ghost.ghost_ty (Seq.seq Item0.item))) = [#"../06_map_precond.rs" 1 0 1 0] let (x, _3) = args in true - predicate postcondition_once [#"../06_map_precond.rs" 179 14 179 20] (self : c06mapprecond_identity_closure0 i) (args : (Item0.item, Ghost.ghost_ty (Seq.seq Item0.item))) (result : Item0.item) + predicate postcondition_once [#"../06_map_precond.rs" 178 14 178 20] (self : c06mapprecond_identity_closure0 i) (args : (Item0.item, Ghost.ghost_ty (Seq.seq Item0.item))) (result : Item0.item) = [#"../06_map_precond.rs" 1 0 1 0] let (x, _3) = args in true - predicate postcondition_mut [#"../06_map_precond.rs" 179 14 179 20] (self : borrowed (c06mapprecond_identity_closure0 i)) (args : (Item0.item, Ghost.ghost_ty (Seq.seq Item0.item))) (result : Item0.item) + predicate postcondition_mut [#"../06_map_precond.rs" 178 14 178 20] (self : borrowed (c06mapprecond_identity_closure0 i)) (args : (Item0.item, Ghost.ghost_ty (Seq.seq Item0.item))) (result : Item0.item) = [#"../06_map_precond.rs" 1 0 1 0] (let (x, _3) = args in true) /\ unnest ( * self) ( ^ self) - let rec cfg c06MapPrecond_Identity_Closure0 [#"../06_map_precond.rs" 179 14 179 20] [@cfg:stackify] [@cfg:subregion_analysis] (_1 : borrowed (c06mapprecond_identity_closure0 i)) (x : Item0.item) (_3 : Ghost.ghost_ty (Seq.seq Item0.item)) : Item0.item - requires {[#"../06_map_precond.rs" 179 15 179 16] Inv1.inv x} + let rec cfg c06MapPrecond_Identity_Closure0 [#"../06_map_precond.rs" 178 14 178 20] [@cfg:stackify] [@cfg:subregion_analysis] (_1 : borrowed (c06mapprecond_identity_closure0 i)) (x : Item0.item) (_3 : Ghost.ghost_ty (Seq.seq Item0.item)) : Item0.item + requires {[#"../06_map_precond.rs" 178 15 178 16] Inv1.inv x} requires {[#"../06_map_precond.rs" 1 0 1 0] Inv0.inv _3} - ensures { [#"../06_map_precond.rs" 179 14 179 20] Inv1.inv result } + ensures { [#"../06_map_precond.rs" 178 14 178 20] Inv1.inv result } = [@vc:do_not_keep_trace] [@vc:sp] var _0 : Item0.item; @@ -3625,8 +3627,8 @@ module C06MapPrecond_Identity_Interface type i clone CreusotContracts_Invariant_Inv_Stub as Inv0 with type t = i - val identity [#"../06_map_precond.rs" 178 0 178 37] (iter : i) : () - requires {[#"../06_map_precond.rs" 178 29 178 33] Inv0.inv iter} + val identity [#"../06_map_precond.rs" 177 0 177 37] (iter : i) : () + requires {[#"../06_map_precond.rs" 177 29 177 33] Inv0.inv iter} end module C06MapPrecond_Identity @@ -3793,8 +3795,8 @@ module C06MapPrecond_Identity predicate Preservation0.preservation = Preservation0.preservation, predicate Inv2.inv = Inv4.inv, predicate Inv3.inv = Inv0.inv - let rec cfg identity [#"../06_map_precond.rs" 178 0 178 37] [@cfg:stackify] [@cfg:subregion_analysis] (iter : i) : () - requires {[#"../06_map_precond.rs" 178 29 178 33] Inv1.inv iter} + let rec cfg identity [#"../06_map_precond.rs" 177 0 177 37] [@cfg:stackify] [@cfg:subregion_analysis] (iter : i) : () + requires {[#"../06_map_precond.rs" 177 29 177 33] Inv1.inv iter} = [@vc:do_not_keep_trace] [@vc:sp] var _0 : (); @@ -3804,7 +3806,7 @@ module C06MapPrecond_Identity goto BB0 } BB0 { - _2 <- ([#"../06_map_precond.rs" 179 4 179 23] Map0.map iter (Closure00.C06MapPrecond_Identity_Closure0)); + _2 <- ([#"../06_map_precond.rs" 178 4 178 23] Map0.map iter (Closure00.C06MapPrecond_Identity_Closure0)); iter <- any i; goto BB1 } @@ -3835,27 +3837,27 @@ module C06MapPrecond_Increment_Closure2_Interface use prelude.Borrow use prelude.Ghost use seq.Seq - predicate resolve [#"../06_map_precond.rs" 190 8 190 35] (_1 : c06mapprecond_increment_closure2 u) = + predicate resolve [#"../06_map_precond.rs" 189 8 189 35] (_1 : c06mapprecond_increment_closure2 u) = [#"../06_map_precond.rs" 1 0 1 0] true - predicate unnest [#"../06_map_precond.rs" 190 8 190 35] (self : c06mapprecond_increment_closure2 u) (_2 : c06mapprecond_increment_closure2 u) + predicate unnest [#"../06_map_precond.rs" 189 8 189 35] (self : c06mapprecond_increment_closure2 u) (_2 : c06mapprecond_increment_closure2 u) = [#"../06_map_precond.rs" 1 0 1 0] true - predicate precondition [#"../06_map_precond.rs" 190 8 190 35] (self : c06mapprecond_increment_closure2 u) (args : (uint32, Ghost.ghost_ty (Seq.seq uint32))) + predicate precondition [#"../06_map_precond.rs" 189 8 189 35] (self : c06mapprecond_increment_closure2 u) (args : (uint32, Ghost.ghost_ty (Seq.seq uint32))) = - [#"../06_map_precond.rs" 189 19 189 27] let (x, _3) = args in UInt32.to_int x <= 15 - predicate postcondition_once [#"../06_map_precond.rs" 190 8 190 35] (self : c06mapprecond_increment_closure2 u) (args : (uint32, Ghost.ghost_ty (Seq.seq uint32))) (result : uint32) + [#"../06_map_precond.rs" 188 19 188 27] let (x, _3) = args in UInt32.to_int x <= 15 + predicate postcondition_once [#"../06_map_precond.rs" 189 8 189 35] (self : c06mapprecond_increment_closure2 u) (args : (uint32, Ghost.ghost_ty (Seq.seq uint32))) (result : uint32) = - [#"../06_map_precond.rs" 190 18 190 33] let (x, _3) = args in UInt32.to_int result = UInt32.to_int x + 1 - predicate postcondition_mut [#"../06_map_precond.rs" 190 8 190 35] (self : borrowed (c06mapprecond_increment_closure2 u)) (args : (uint32, Ghost.ghost_ty (Seq.seq uint32))) (result : uint32) + [#"../06_map_precond.rs" 189 18 189 33] let (x, _3) = args in UInt32.to_int result = UInt32.to_int x + 1 + predicate postcondition_mut [#"../06_map_precond.rs" 189 8 189 35] (self : borrowed (c06mapprecond_increment_closure2 u)) (args : (uint32, Ghost.ghost_ty (Seq.seq uint32))) (result : uint32) = [#"../06_map_precond.rs" 1 0 1 0] (let (x, _3) = args in UInt32.to_int result = UInt32.to_int x + 1) /\ unnest ( * self) ( ^ self) - val c06MapPrecond_Increment_Closure2 [#"../06_map_precond.rs" 190 8 190 35] (_1 : borrowed (c06mapprecond_increment_closure2 u)) (x : uint32) (_3 : Ghost.ghost_ty (Seq.seq uint32)) : uint32 - requires {[#"../06_map_precond.rs" 189 19 189 27] UInt32.to_int x <= 15} - ensures { [#"../06_map_precond.rs" 190 18 190 33] UInt32.to_int result = UInt32.to_int x + 1 } + val c06MapPrecond_Increment_Closure2 [#"../06_map_precond.rs" 189 8 189 35] (_1 : borrowed (c06mapprecond_increment_closure2 u)) (x : uint32) (_3 : Ghost.ghost_ty (Seq.seq uint32)) : uint32 + requires {[#"../06_map_precond.rs" 188 19 188 27] UInt32.to_int x <= 15} + ensures { [#"../06_map_precond.rs" 189 18 189 33] UInt32.to_int result = UInt32.to_int x + 1 } ensures { unnest ( * _1) ( ^ _1) } end @@ -3871,27 +3873,27 @@ module C06MapPrecond_Increment_Closure2 use prelude.Ghost clone CreusotContracts_Resolve_Impl1_Resolve as Resolve0 with type t = c06mapprecond_increment_closure2 u - predicate resolve [#"../06_map_precond.rs" 190 8 190 35] (_1 : c06mapprecond_increment_closure2 u) = + predicate resolve [#"../06_map_precond.rs" 189 8 189 35] (_1 : c06mapprecond_increment_closure2 u) = [#"../06_map_precond.rs" 1 0 1 0] true - predicate unnest [#"../06_map_precond.rs" 190 8 190 35] (self : c06mapprecond_increment_closure2 u) (_2 : c06mapprecond_increment_closure2 u) + predicate unnest [#"../06_map_precond.rs" 189 8 189 35] (self : c06mapprecond_increment_closure2 u) (_2 : c06mapprecond_increment_closure2 u) = [#"../06_map_precond.rs" 1 0 1 0] true - predicate precondition [#"../06_map_precond.rs" 190 8 190 35] (self : c06mapprecond_increment_closure2 u) (args : (uint32, Ghost.ghost_ty (Seq.seq uint32))) + predicate precondition [#"../06_map_precond.rs" 189 8 189 35] (self : c06mapprecond_increment_closure2 u) (args : (uint32, Ghost.ghost_ty (Seq.seq uint32))) = - [#"../06_map_precond.rs" 189 19 189 27] let (x, _3) = args in UInt32.to_int x <= 15 - predicate postcondition_once [#"../06_map_precond.rs" 190 8 190 35] (self : c06mapprecond_increment_closure2 u) (args : (uint32, Ghost.ghost_ty (Seq.seq uint32))) (result : uint32) + [#"../06_map_precond.rs" 188 19 188 27] let (x, _3) = args in UInt32.to_int x <= 15 + predicate postcondition_once [#"../06_map_precond.rs" 189 8 189 35] (self : c06mapprecond_increment_closure2 u) (args : (uint32, Ghost.ghost_ty (Seq.seq uint32))) (result : uint32) = - [#"../06_map_precond.rs" 190 18 190 33] let (x, _3) = args in UInt32.to_int result = UInt32.to_int x + 1 - predicate postcondition_mut [#"../06_map_precond.rs" 190 8 190 35] (self : borrowed (c06mapprecond_increment_closure2 u)) (args : (uint32, Ghost.ghost_ty (Seq.seq uint32))) (result : uint32) + [#"../06_map_precond.rs" 189 18 189 33] let (x, _3) = args in UInt32.to_int result = UInt32.to_int x + 1 + predicate postcondition_mut [#"../06_map_precond.rs" 189 8 189 35] (self : borrowed (c06mapprecond_increment_closure2 u)) (args : (uint32, Ghost.ghost_ty (Seq.seq uint32))) (result : uint32) = [#"../06_map_precond.rs" 1 0 1 0] (let (x, _3) = args in UInt32.to_int result = UInt32.to_int x + 1) /\ unnest ( * self) ( ^ self) - let rec cfg c06MapPrecond_Increment_Closure2 [#"../06_map_precond.rs" 190 8 190 35] [@cfg:stackify] [@cfg:subregion_analysis] (_1 : borrowed (c06mapprecond_increment_closure2 u)) (x : uint32) (_3 : Ghost.ghost_ty (Seq.seq uint32)) : uint32 - requires {[#"../06_map_precond.rs" 189 19 189 27] UInt32.to_int x <= 15} - ensures { [#"../06_map_precond.rs" 190 18 190 33] UInt32.to_int result = UInt32.to_int x + 1 } + let rec cfg c06MapPrecond_Increment_Closure2 [#"../06_map_precond.rs" 189 8 189 35] [@cfg:stackify] [@cfg:subregion_analysis] (_1 : borrowed (c06mapprecond_increment_closure2 u)) (x : uint32) (_3 : Ghost.ghost_ty (Seq.seq uint32)) : uint32 + requires {[#"../06_map_precond.rs" 188 19 188 27] UInt32.to_int x <= 15} + ensures { [#"../06_map_precond.rs" 189 18 189 33] UInt32.to_int result = UInt32.to_int x + 1 } = [@vc:do_not_keep_trace] [@vc:sp] var _0 : uint32; @@ -3904,7 +3906,7 @@ module C06MapPrecond_Increment_Closure2 } BB0 { assume { Resolve0.resolve _1 }; - res1 <- ([#"../06_map_precond.rs" 191 20 191 25] x + ([#"../06_map_precond.rs" 191 24 191 25] (1 : uint32))); + res1 <- ([#"../06_map_precond.rs" 190 20 190 25] x + ([#"../06_map_precond.rs" 190 24 190 25] (1 : uint32))); res <- res1; _0 <- res; return _0 @@ -3926,10 +3928,10 @@ module C06MapPrecond_Increment_Interface type self = u clone CreusotContracts_Invariant_Inv_Stub as Inv0 with type t = borrowed u - val increment [#"../06_map_precond.rs" 186 0 186 50] (iter : u) : () - requires {[#"../06_map_precond.rs" 182 0 182 162] forall done_ : borrowed u . Inv0.inv done_ -> Completed0.completed done_ -> (forall steps : Seq.seq uint32 . forall next : u . Inv1.inv next -> Produces0.produces ( ^ done_) steps next -> steps = Seq.empty /\ ^ done_ = next)} - requires {[#"../06_map_precond.rs" 183 0 185 2] forall fin : u . forall prod : Seq.seq uint32 . Inv1.inv fin -> Produces0.produces iter prod fin -> (forall x : int . 0 <= x /\ x < Seq.length prod -> Seq.get prod x <= (10 : uint32))} - requires {[#"../06_map_precond.rs" 186 42 186 46] Inv1.inv iter} + val increment [#"../06_map_precond.rs" 185 0 185 50] (iter : u) : () + requires {[#"../06_map_precond.rs" 181 0 181 162] forall done_ : borrowed u . Inv0.inv done_ -> Completed0.completed done_ -> (forall steps : Seq.seq uint32 . forall next : u . Inv1.inv next -> Produces0.produces ( ^ done_) steps next -> steps = Seq.empty /\ ^ done_ = next)} + requires {[#"../06_map_precond.rs" 182 0 184 2] forall fin : u . forall prod : Seq.seq uint32 . Inv1.inv fin -> Produces0.produces iter prod fin -> (forall x : int . 0 <= x /\ x < Seq.length prod -> Seq.get prod x <= (10 : uint32))} + requires {[#"../06_map_precond.rs" 185 42 185 46] Inv1.inv iter} end module C06MapPrecond_Increment @@ -4120,10 +4122,10 @@ module C06MapPrecond_Increment predicate Preservation0.preservation = Preservation0.preservation, predicate Inv2.inv = Inv4.inv, predicate Inv3.inv = Inv0.inv - let rec cfg increment [#"../06_map_precond.rs" 186 0 186 50] [@cfg:stackify] [@cfg:subregion_analysis] (iter : u) : () - requires {[#"../06_map_precond.rs" 182 0 182 162] forall done_ : borrowed u . Inv1.inv done_ -> Completed0.completed done_ -> (forall steps : Seq.seq uint32 . forall next : u . Inv2.inv next -> Produces1.produces ( ^ done_) steps next -> steps = Seq.empty /\ ^ done_ = next)} - requires {[#"../06_map_precond.rs" 183 0 185 2] forall fin : u . forall prod : Seq.seq uint32 . Inv2.inv fin -> Produces1.produces iter prod fin -> (forall x : int . 0 <= x /\ x < Seq.length prod -> Seq.get prod x <= (10 : uint32))} - requires {[#"../06_map_precond.rs" 186 42 186 46] Inv2.inv iter} + let rec cfg increment [#"../06_map_precond.rs" 185 0 185 50] [@cfg:stackify] [@cfg:subregion_analysis] (iter : u) : () + requires {[#"../06_map_precond.rs" 181 0 181 162] forall done_ : borrowed u . Inv1.inv done_ -> Completed0.completed done_ -> (forall steps : Seq.seq uint32 . forall next : u . Inv2.inv next -> Produces1.produces ( ^ done_) steps next -> steps = Seq.empty /\ ^ done_ = next)} + requires {[#"../06_map_precond.rs" 182 0 184 2] forall fin : u . forall prod : Seq.seq uint32 . Inv2.inv fin -> Produces1.produces iter prod fin -> (forall x : int . 0 <= x /\ x < Seq.length prod -> Seq.get prod x <= (10 : uint32))} + requires {[#"../06_map_precond.rs" 185 42 185 46] Inv2.inv iter} = [@vc:do_not_keep_trace] [@vc:sp] var _0 : (); @@ -4136,14 +4138,14 @@ module C06MapPrecond_Increment goto BB1 } BB1 { - i <- ([#"../06_map_precond.rs" 187 12 192 5] Map0.map iter (Closure20.C06MapPrecond_Increment_Closure2)); + i <- ([#"../06_map_precond.rs" 186 12 191 5] Map0.map iter (Closure20.C06MapPrecond_Increment_Closure2)); iter <- any u; goto BB2 } BB2 { assert { [@expl:type invariant] Inv0.inv i }; assume { Resolve0.resolve i }; - assert { [@expl:assertion] [#"../06_map_precond.rs" 194 4 197 5] forall fin : C06MapPrecond_Map_Type.t_map u uint32 (Closure20.c06mapprecond_increment_closure2 u) uint32 . forall prod : Seq.seq uint32 . Inv0.inv fin -> Produces0.produces i prod fin -> (forall x : int . 0 <= x /\ x < Seq.length prod -> Seq.get prod x <= (11 : uint32)) }; + assert { [@expl:assertion] [#"../06_map_precond.rs" 193 4 196 5] forall fin : C06MapPrecond_Map_Type.t_map u uint32 (Closure20.c06mapprecond_increment_closure2 u) uint32 . forall prod : Seq.seq uint32 . Inv0.inv fin -> Produces0.produces i prod fin -> (forall x : int . 0 <= x /\ x < Seq.length prod -> Seq.get prod x <= (11 : uint32)) }; goto BB3 } BB3 { @@ -4189,30 +4191,30 @@ module C06MapPrecond_Counter_Closure2_Interface clone CreusotContracts_Resolve_Impl1_Resolve_Stub as Resolve0 with type t = usize clone Core_Num_Impl11_Max_Stub as Max0 - let function field_0 [#"../06_map_precond.rs" 207 8 207 41] (self : c06mapprecond_counter_closure2 i) : borrowed usize + let function field_0 [#"../06_map_precond.rs" 206 8 206 41] (self : c06mapprecond_counter_closure2 i) : borrowed usize = [@vc:do_not_keep_trace] [@vc:sp] [#"../06_map_precond.rs" 1 0 1 0] let C06MapPrecond_Counter_Closure2 a = self in a - predicate resolve [#"../06_map_precond.rs" 207 8 207 41] (_1 : c06mapprecond_counter_closure2 i) = + predicate resolve [#"../06_map_precond.rs" 206 8 206 41] (_1 : c06mapprecond_counter_closure2 i) = [#"../06_map_precond.rs" 1 0 1 0] Resolve0.resolve (field_0 _1) - predicate unnest [#"../06_map_precond.rs" 207 8 207 41] (self : c06mapprecond_counter_closure2 i) (_2 : c06mapprecond_counter_closure2 i) + predicate unnest [#"../06_map_precond.rs" 206 8 206 41] (self : c06mapprecond_counter_closure2 i) (_2 : c06mapprecond_counter_closure2 i) = [#"../06_map_precond.rs" 1 0 1 0] ^ field_0 _2 = ^ field_0 self - predicate precondition [#"../06_map_precond.rs" 207 8 207 41] (self : c06mapprecond_counter_closure2 i) (args : (uint32, Ghost.ghost_ty (Seq.seq uint32))) + predicate precondition [#"../06_map_precond.rs" 206 8 206 41] (self : c06mapprecond_counter_closure2 i) (args : (uint32, Ghost.ghost_ty (Seq.seq uint32))) = - [#"../06_map_precond.rs" 206 19 206 61] let (x, _prod) = args in UIntSize.to_int ( * field_0 self) = Seq.length (Ghost.inner _prod) /\ * field_0 self < Max0.mAX' - predicate postcondition_once [#"../06_map_precond.rs" 207 8 207 41] (self : c06mapprecond_counter_closure2 i) (args : (uint32, Ghost.ghost_ty (Seq.seq uint32))) (result : uint32) + [#"../06_map_precond.rs" 205 19 205 61] let (x, _prod) = args in UIntSize.to_int ( * field_0 self) = Seq.length (Ghost.inner _prod) /\ * field_0 self < Max0.mAX' + predicate postcondition_once [#"../06_map_precond.rs" 206 8 206 41] (self : c06mapprecond_counter_closure2 i) (args : (uint32, Ghost.ghost_ty (Seq.seq uint32))) (result : uint32) = - [#"../06_map_precond.rs" 207 18 207 39] let (x, _prod) = args in UIntSize.to_int ( ^ field_0 self) = UIntSize.to_int ( * field_0 self) + 1 - predicate postcondition_mut [#"../06_map_precond.rs" 207 8 207 41] (self : borrowed (c06mapprecond_counter_closure2 i)) (args : (uint32, Ghost.ghost_ty (Seq.seq uint32))) (result : uint32) + [#"../06_map_precond.rs" 206 18 206 39] let (x, _prod) = args in UIntSize.to_int ( ^ field_0 self) = UIntSize.to_int ( * field_0 self) + 1 + predicate postcondition_mut [#"../06_map_precond.rs" 206 8 206 41] (self : borrowed (c06mapprecond_counter_closure2 i)) (args : (uint32, Ghost.ghost_ty (Seq.seq uint32))) (result : uint32) = [#"../06_map_precond.rs" 1 0 1 0] (let (x, _prod) = args in UIntSize.to_int ( * field_0 ( ^ self)) = UIntSize.to_int ( * field_0 ( * self)) + 1) /\ unnest ( * self) ( ^ self) - val c06MapPrecond_Counter_Closure2 [#"../06_map_precond.rs" 207 8 207 41] (_1 : borrowed (c06mapprecond_counter_closure2 i)) (x : uint32) (_prod : Ghost.ghost_ty (Seq.seq uint32)) : uint32 - requires {[#"../06_map_precond.rs" 206 19 206 61] UIntSize.to_int ( * field_0 ( * _1)) = Seq.length (Ghost.inner _prod) /\ * field_0 ( * _1) < Max0.mAX'} - ensures { [#"../06_map_precond.rs" 207 18 207 39] UIntSize.to_int ( * field_0 ( ^ _1)) = UIntSize.to_int ( * field_0 ( * _1)) + 1 } + val c06MapPrecond_Counter_Closure2 [#"../06_map_precond.rs" 206 8 206 41] (_1 : borrowed (c06mapprecond_counter_closure2 i)) (x : uint32) (_prod : Ghost.ghost_ty (Seq.seq uint32)) : uint32 + requires {[#"../06_map_precond.rs" 205 19 205 61] UIntSize.to_int ( * field_0 ( * _1)) = Seq.length (Ghost.inner _prod) /\ * field_0 ( * _1) < Max0.mAX'} + ensures { [#"../06_map_precond.rs" 206 18 206 39] UIntSize.to_int ( * field_0 ( ^ _1)) = UIntSize.to_int ( * field_0 ( * _1)) + 1 } ensures { unnest ( * _1) ( ^ _1) } end @@ -4232,30 +4234,30 @@ module C06MapPrecond_Counter_Closure2 clone Core_Num_Impl11_Max as Max0 clone CreusotContracts_Resolve_Impl1_Resolve as Resolve0 with type t = c06mapprecond_counter_closure2 i - let function field_0 [#"../06_map_precond.rs" 207 8 207 41] (self : c06mapprecond_counter_closure2 i) : borrowed usize + let function field_0 [#"../06_map_precond.rs" 206 8 206 41] (self : c06mapprecond_counter_closure2 i) : borrowed usize = [@vc:do_not_keep_trace] [@vc:sp] [#"../06_map_precond.rs" 1 0 1 0] let C06MapPrecond_Counter_Closure2 a = self in a - predicate resolve [#"../06_map_precond.rs" 207 8 207 41] (_1 : c06mapprecond_counter_closure2 i) = + predicate resolve [#"../06_map_precond.rs" 206 8 206 41] (_1 : c06mapprecond_counter_closure2 i) = [#"../06_map_precond.rs" 1 0 1 0] Resolve1.resolve (field_0 _1) - predicate unnest [#"../06_map_precond.rs" 207 8 207 41] (self : c06mapprecond_counter_closure2 i) (_2 : c06mapprecond_counter_closure2 i) + predicate unnest [#"../06_map_precond.rs" 206 8 206 41] (self : c06mapprecond_counter_closure2 i) (_2 : c06mapprecond_counter_closure2 i) = [#"../06_map_precond.rs" 1 0 1 0] ^ field_0 _2 = ^ field_0 self - predicate precondition [#"../06_map_precond.rs" 207 8 207 41] (self : c06mapprecond_counter_closure2 i) (args : (uint32, Ghost.ghost_ty (Seq.seq uint32))) + predicate precondition [#"../06_map_precond.rs" 206 8 206 41] (self : c06mapprecond_counter_closure2 i) (args : (uint32, Ghost.ghost_ty (Seq.seq uint32))) = - [#"../06_map_precond.rs" 206 19 206 61] let (x, _prod) = args in UIntSize.to_int ( * field_0 self) = Seq.length (Ghost.inner _prod) /\ * field_0 self < Max0.mAX' - predicate postcondition_once [#"../06_map_precond.rs" 207 8 207 41] (self : c06mapprecond_counter_closure2 i) (args : (uint32, Ghost.ghost_ty (Seq.seq uint32))) (result : uint32) + [#"../06_map_precond.rs" 205 19 205 61] let (x, _prod) = args in UIntSize.to_int ( * field_0 self) = Seq.length (Ghost.inner _prod) /\ * field_0 self < Max0.mAX' + predicate postcondition_once [#"../06_map_precond.rs" 206 8 206 41] (self : c06mapprecond_counter_closure2 i) (args : (uint32, Ghost.ghost_ty (Seq.seq uint32))) (result : uint32) = - [#"../06_map_precond.rs" 207 18 207 39] let (x, _prod) = args in UIntSize.to_int ( ^ field_0 self) = UIntSize.to_int ( * field_0 self) + 1 - predicate postcondition_mut [#"../06_map_precond.rs" 207 8 207 41] (self : borrowed (c06mapprecond_counter_closure2 i)) (args : (uint32, Ghost.ghost_ty (Seq.seq uint32))) (result : uint32) + [#"../06_map_precond.rs" 206 18 206 39] let (x, _prod) = args in UIntSize.to_int ( ^ field_0 self) = UIntSize.to_int ( * field_0 self) + 1 + predicate postcondition_mut [#"../06_map_precond.rs" 206 8 206 41] (self : borrowed (c06mapprecond_counter_closure2 i)) (args : (uint32, Ghost.ghost_ty (Seq.seq uint32))) (result : uint32) = [#"../06_map_precond.rs" 1 0 1 0] (let (x, _prod) = args in UIntSize.to_int ( * field_0 ( ^ self)) = UIntSize.to_int ( * field_0 ( * self)) + 1) /\ unnest ( * self) ( ^ self) - let rec cfg c06MapPrecond_Counter_Closure2 [#"../06_map_precond.rs" 207 8 207 41] [@cfg:stackify] [@cfg:subregion_analysis] (_1 : borrowed (c06mapprecond_counter_closure2 i)) (x : uint32) (_prod : Ghost.ghost_ty (Seq.seq uint32)) : uint32 - requires {[#"../06_map_precond.rs" 206 19 206 61] UIntSize.to_int ( * field_0 ( * _1)) = Seq.length (Ghost.inner _prod) /\ * field_0 ( * _1) < Max0.mAX'} - ensures { [#"../06_map_precond.rs" 207 18 207 39] UIntSize.to_int ( * field_0 ( ^ _1)) = UIntSize.to_int ( * field_0 ( * _1)) + 1 } + let rec cfg c06MapPrecond_Counter_Closure2 [#"../06_map_precond.rs" 206 8 206 41] [@cfg:stackify] [@cfg:subregion_analysis] (_1 : borrowed (c06mapprecond_counter_closure2 i)) (x : uint32) (_prod : Ghost.ghost_ty (Seq.seq uint32)) : uint32 + requires {[#"../06_map_precond.rs" 205 19 205 61] UIntSize.to_int ( * field_0 ( * _1)) = Seq.length (Ghost.inner _prod) /\ * field_0 ( * _1) < Max0.mAX'} + ensures { [#"../06_map_precond.rs" 206 18 206 39] UIntSize.to_int ( * field_0 ( ^ _1)) = UIntSize.to_int ( * field_0 ( * _1)) + 1 } = [@vc:do_not_keep_trace] [@vc:sp] var _0 : uint32; @@ -4267,7 +4269,7 @@ module C06MapPrecond_Counter_Closure2 goto BB0 } BB0 { - _1 <- { _1 with current = (let C06MapPrecond_Counter_Closure2 a = * _1 in C06MapPrecond_Counter_Closure2 ({ (field_0 ( * _1)) with current = ([#"../06_map_precond.rs" 209 12 209 20] * field_0 ( * _1) + ([#"../06_map_precond.rs" 209 19 209 20] (1 : usize))) ; })) ; }; + _1 <- { _1 with current = (let C06MapPrecond_Counter_Closure2 a = * _1 in C06MapPrecond_Counter_Closure2 ({ (field_0 ( * _1)) with current = ([#"../06_map_precond.rs" 208 12 208 20] * field_0 ( * _1) + ([#"../06_map_precond.rs" 208 19 208 20] (1 : usize))) ; })) ; }; assume { Resolve0.resolve _1 }; res1 <- x; res <- res1; @@ -4293,10 +4295,10 @@ module C06MapPrecond_Counter_Interface type self = i clone CreusotContracts_Invariant_Inv_Stub as Inv0 with type t = borrowed i - val counter [#"../06_map_precond.rs" 202 0 202 48] (iter : i) : () - requires {[#"../06_map_precond.rs" 200 0 200 162] forall done_ : borrowed i . Inv0.inv done_ -> Completed0.completed done_ -> (forall steps : Seq.seq uint32 . forall next : i . Inv1.inv next -> Produces0.produces ( ^ done_) steps next -> steps = Seq.empty /\ ^ done_ = next)} - requires {[#"../06_map_precond.rs" 201 0 201 92] forall fin : i . forall prod : Seq.seq uint32 . Inv1.inv fin -> Produces0.produces iter prod fin -> Seq.length prod <= UIntSize.to_int Max0.mAX'} - requires {[#"../06_map_precond.rs" 202 40 202 44] Inv1.inv iter} + val counter [#"../06_map_precond.rs" 201 0 201 48] (iter : i) : () + requires {[#"../06_map_precond.rs" 199 0 199 162] forall done_ : borrowed i . Inv0.inv done_ -> Completed0.completed done_ -> (forall steps : Seq.seq uint32 . forall next : i . Inv1.inv next -> Produces0.produces ( ^ done_) steps next -> steps = Seq.empty /\ ^ done_ = next)} + requires {[#"../06_map_precond.rs" 200 0 200 92] forall fin : i . forall prod : Seq.seq uint32 . Inv1.inv fin -> Produces0.produces iter prod fin -> Seq.length prod <= UIntSize.to_int Max0.mAX'} + requires {[#"../06_map_precond.rs" 201 40 201 44] Inv1.inv iter} end module C06MapPrecond_Counter @@ -4459,10 +4461,10 @@ module C06MapPrecond_Counter predicate Preservation0.preservation = Preservation0.preservation, predicate Inv2.inv = Inv4.inv, predicate Inv3.inv = Inv0.inv - let rec cfg counter [#"../06_map_precond.rs" 202 0 202 48] [@cfg:stackify] [@cfg:subregion_analysis] (iter : i) : () - requires {[#"../06_map_precond.rs" 200 0 200 162] forall done_ : borrowed i . Inv1.inv done_ -> Completed0.completed done_ -> (forall steps : Seq.seq uint32 . forall next : i . Inv2.inv next -> Produces0.produces ( ^ done_) steps next -> steps = Seq.empty /\ ^ done_ = next)} - requires {[#"../06_map_precond.rs" 201 0 201 92] forall fin : i . forall prod : Seq.seq uint32 . Inv2.inv fin -> Produces0.produces iter prod fin -> Seq.length prod <= UIntSize.to_int Max0.mAX'} - requires {[#"../06_map_precond.rs" 202 40 202 44] Inv2.inv iter} + let rec cfg counter [#"../06_map_precond.rs" 201 0 201 48] [@cfg:stackify] [@cfg:subregion_analysis] (iter : i) : () + requires {[#"../06_map_precond.rs" 199 0 199 162] forall done_ : borrowed i . Inv1.inv done_ -> Completed0.completed done_ -> (forall steps : Seq.seq uint32 . forall next : i . Inv2.inv next -> Produces0.produces ( ^ done_) steps next -> steps = Seq.empty /\ ^ done_ = next)} + requires {[#"../06_map_precond.rs" 200 0 200 92] forall fin : i . forall prod : Seq.seq uint32 . Inv2.inv fin -> Produces0.produces iter prod fin -> Seq.length prod <= UIntSize.to_int Max0.mAX'} + requires {[#"../06_map_precond.rs" 201 40 201 44] Inv2.inv iter} = [@vc:do_not_keep_trace] [@vc:sp] var _0 : (); @@ -4477,10 +4479,10 @@ module C06MapPrecond_Counter goto BB1 } BB1 { - cnt <- ([#"../06_map_precond.rs" 203 18 203 19] (0 : usize)); + cnt <- ([#"../06_map_precond.rs" 202 18 202 19] (0 : usize)); _8 <- Borrow.borrow_mut cnt; cnt <- ^ _8; - _5 <- ([#"../06_map_precond.rs" 204 4 212 5] Map0.map iter (Closure20.C06MapPrecond_Counter_Closure2 _8)); + _5 <- ([#"../06_map_precond.rs" 203 4 211 5] Map0.map iter (Closure20.C06MapPrecond_Counter_Closure2 _8)); iter <- any i; _8 <- any borrowed usize; goto BB2 diff --git a/creusot/tests/should_succeed/iterators/06_map_precond.rs b/creusot/tests/should_succeed/iterators/06_map_precond.rs index 6398a3c77d..12fcdfd0c6 100644 --- a/creusot/tests/should_succeed/iterators/06_map_precond.rs +++ b/creusot/tests/should_succeed/iterators/06_map_precond.rs @@ -68,7 +68,6 @@ impl>) -> B> Iterator for M let r = (self.func)(v, self.produced); self.produced = produced; gh! { Self::produces_one_invariant }; - let _ = self; // Make sure self is not resolve until here. Some(r) } None => { diff --git a/creusot/tests/should_succeed/iterators/07_fuse.mlcfg b/creusot/tests/should_succeed/iterators/07_fuse.mlcfg index d77d4ca502..47d5d9bdee 100644 --- a/creusot/tests/should_succeed/iterators/07_fuse.mlcfg +++ b/creusot/tests/should_succeed/iterators/07_fuse.mlcfg @@ -497,7 +497,7 @@ module C07Fuse_Impl0_Next goto BB0 } BB0 { - _3 <- Borrow.borrow_mut (C07Fuse_Fuse_Type.fuse_iter ( * self)); + _3 <- Borrow.borrow_final (C07Fuse_Fuse_Type.fuse_iter ( * self)) (Borrow.inherit_id (Borrow.get_id self) 1); self <- { self with current = (let C07Fuse_Fuse_Type.C_Fuse a = * self in C07Fuse_Fuse_Type.C_Fuse ( ^ _3)) ; }; assume { Inv0.inv ( ^ _3) }; switch ( * _3) @@ -509,10 +509,10 @@ module C07Fuse_Impl0_Next goto BB4 } BB2 { - iter <- Borrow.borrow_mut (Core_Option_Option_Type.some_0 ( * _3)); + iter <- Borrow.borrow_final (Core_Option_Option_Type.some_0 ( * _3)) (Borrow.inherit_id (Borrow.get_id _3) 1); _3 <- { _3 with current = (let Core_Option_Option_Type.C_Some a = * _3 in Core_Option_Option_Type.C_Some ( ^ iter)) ; }; assume { Inv3.inv ( ^ iter) }; - _7 <- Borrow.borrow_mut ( * iter); + _7 <- Borrow.borrow_final ( * iter) (Borrow.get_id iter); iter <- { iter with current = ( ^ _7) ; }; assume { Inv3.inv ( ^ _7) }; _6 <- ([#"../07_fuse.rs" 42 32 42 43] Next0.next _7); diff --git a/creusot/tests/should_succeed/iterators/08_collect_extend.mlcfg b/creusot/tests/should_succeed/iterators/08_collect_extend.mlcfg index 497c322e9e..d3f4b91f94 100644 --- a/creusot/tests/should_succeed/iterators/08_collect_extend.mlcfg +++ b/creusot/tests/should_succeed/iterators/08_collect_extend.mlcfg @@ -891,7 +891,7 @@ module C08CollectExtend_Extend _19 <- Borrow.borrow_mut iter1; iter1 <- ^ _19; assume { Inv3.inv ( ^ _19) }; - _18 <- Borrow.borrow_mut ( * _19); + _18 <- Borrow.borrow_final ( * _19) (Borrow.get_id _19); _19 <- { _19 with current = ( ^ _18) ; }; assume { Inv3.inv ( ^ _18) }; _17 <- ([#"../08_collect_extend.rs" 27 4 27 35] Next0.next _18); @@ -1344,7 +1344,7 @@ module C08CollectExtend_Collect _17 <- Borrow.borrow_mut iter1; iter1 <- ^ _17; assume { Inv2.inv ( ^ _17) }; - _16 <- Borrow.borrow_mut ( * _17); + _16 <- Borrow.borrow_final ( * _17) (Borrow.get_id _17); _17 <- { _17 with current = ( ^ _16) ; }; assume { Inv2.inv ( ^ _16) }; _15 <- ([#"../08_collect_extend.rs" 45 4 45 40] Next0.next _16); @@ -2070,7 +2070,7 @@ module C08CollectExtend_ExtendIndex BB2 { _9 <- Borrow.borrow_mut v1; v1 <- ^ _9; - _8 <- Borrow.borrow_mut ( * _9); + _8 <- Borrow.borrow_final ( * _9) (Borrow.get_id _9); _9 <- { _9 with current = ( ^ _8) ; }; _10 <- ([#"../08_collect_extend.rs" 55 20 55 34] IntoIter0.into_iter v2); v2 <- any Alloc_Vec_Vec_Type.t_vec uint32 (Alloc_Alloc_Global_Type.t_global); diff --git a/creusot/tests/should_succeed/iterators/10_once.mlcfg b/creusot/tests/should_succeed/iterators/10_once.mlcfg index af54485c09..832ebbc7e1 100644 --- a/creusot/tests/should_succeed/iterators/10_once.mlcfg +++ b/creusot/tests/should_succeed/iterators/10_once.mlcfg @@ -395,7 +395,7 @@ module C10Once_Impl0_Next goto BB0 } BB0 { - _3 <- Borrow.borrow_mut (C10Once_Once_Type.once_0 ( * self)); + _3 <- Borrow.borrow_final (C10Once_Once_Type.once_0 ( * self)) (Borrow.inherit_id (Borrow.get_id self) 1); self <- { self with current = (let C10Once_Once_Type.C_Once a = * self in C10Once_Once_Type.C_Once ( ^ _3)) ; }; assume { Inv0.inv ( ^ _3) }; _0 <- ([#"../10_once.rs" 45 8 45 21] Take0.take _3); diff --git a/creusot/tests/should_succeed/iterators/12_zip.mlcfg b/creusot/tests/should_succeed/iterators/12_zip.mlcfg index 75dd3aaa92..19acbf68c6 100644 --- a/creusot/tests/should_succeed/iterators/12_zip.mlcfg +++ b/creusot/tests/should_succeed/iterators/12_zip.mlcfg @@ -138,7 +138,7 @@ module C12Zip_Impl0_Completed type self = a use C12Zip_Zip_Type as C12Zip_Zip_Type predicate completed [#"../12_zip.rs" 18 4 18 35] (self : borrowed (C12Zip_Zip_Type.t_zip a b)) = - [#"../12_zip.rs" 20 13 22 67] Completed0.completed {current = C12Zip_Zip_Type.zip_a ( * self); final = C12Zip_Zip_Type.zip_a ( ^ self); addr = Borrow.make_new_addr ()} /\ C12Zip_Zip_Type.zip_b ( * self) = C12Zip_Zip_Type.zip_b ( ^ self) \/ (exists x : Item0.item . Inv0.inv x /\ Produces0.produces (C12Zip_Zip_Type.zip_a ( * self)) (Seq.singleton x) (C12Zip_Zip_Type.zip_a ( ^ self)) /\ Resolve0.resolve x /\ Completed1.completed {current = C12Zip_Zip_Type.zip_b ( * self); final = C12Zip_Zip_Type.zip_b ( ^ self); addr = Borrow.make_new_addr ()}) + [#"../12_zip.rs" 20 13 22 67] Completed0.completed {current = C12Zip_Zip_Type.zip_a ( * self); final = C12Zip_Zip_Type.zip_a ( ^ self); id = Borrow.inherit_id (Borrow.get_id self) 1} /\ C12Zip_Zip_Type.zip_b ( * self) = C12Zip_Zip_Type.zip_b ( ^ self) \/ (exists x : Item0.item . Inv0.inv x /\ Produces0.produces (C12Zip_Zip_Type.zip_a ( * self)) (Seq.singleton x) (C12Zip_Zip_Type.zip_a ( ^ self)) /\ Resolve0.resolve x /\ Completed1.completed {current = C12Zip_Zip_Type.zip_b ( * self); final = C12Zip_Zip_Type.zip_b ( ^ self); id = Borrow.inherit_id (Borrow.get_id self) 2}) val completed [#"../12_zip.rs" 18 4 18 35] (self : borrowed (C12Zip_Zip_Type.t_zip a b)) : bool ensures { result = completed self } @@ -939,7 +939,7 @@ module C12Zip_Impl0_Next goto BB0 } BB0 { - _5 <- Borrow.borrow_mut (C12Zip_Zip_Type.zip_a ( * self)); + _5 <- Borrow.borrow_final (C12Zip_Zip_Type.zip_a ( * self)) (Borrow.inherit_id (Borrow.get_id self) 1); self <- { self with current = (let C12Zip_Zip_Type.C_Zip a b = * self in C12Zip_Zip_Type.C_Zip ( ^ _5) b) ; }; assume { Inv0.inv ( ^ _5) }; _4 <- ([#"../12_zip.rs" 55 22 55 35] Next0.next _5); @@ -979,7 +979,7 @@ module C12Zip_Impl0_Next goto BB7 } BB7 { - _11 <- Borrow.borrow_mut (C12Zip_Zip_Type.zip_b ( * self)); + _11 <- Borrow.borrow_final (C12Zip_Zip_Type.zip_b ( * self)) (Borrow.inherit_id (Borrow.get_id self) 2); self <- { self with current = (let C12Zip_Zip_Type.C_Zip a b = * self in C12Zip_Zip_Type.C_Zip a ( ^ _11)) ; }; assume { Inv3.inv ( ^ _11) }; _10 <- ([#"../12_zip.rs" 59 22 59 35] Next1.next _11); diff --git a/creusot/tests/should_succeed/iterators/13_cloned.mlcfg b/creusot/tests/should_succeed/iterators/13_cloned.mlcfg index a87989adc9..1f79729fa5 100644 --- a/creusot/tests/should_succeed/iterators/13_cloned.mlcfg +++ b/creusot/tests/should_succeed/iterators/13_cloned.mlcfg @@ -54,7 +54,7 @@ module C13Cloned_Impl0_Completed type self = i use C13Cloned_Cloned_Type as C13Cloned_Cloned_Type predicate completed [#"../13_cloned.rs" 22 4 22 35] (self : borrowed (C13Cloned_Cloned_Type.t_cloned i)) = - [#"../13_cloned.rs" 23 8 23 43] Completed0.completed {current = C13Cloned_Cloned_Type.cloned_iter ( * self); final = C13Cloned_Cloned_Type.cloned_iter ( ^ self); addr = Borrow.make_new_addr ()} + [#"../13_cloned.rs" 23 8 23 43] Completed0.completed {current = C13Cloned_Cloned_Type.cloned_iter ( * self); final = C13Cloned_Cloned_Type.cloned_iter ( ^ self); id = Borrow.inherit_id (Borrow.get_id self) 1} val completed [#"../13_cloned.rs" 22 4 22 35] (self : borrowed (C13Cloned_Cloned_Type.t_cloned i)) : bool ensures { result = completed self } @@ -720,7 +720,7 @@ module C13Cloned_Impl0_Next goto BB0 } BB0 { - _4 <- Borrow.borrow_mut (C13Cloned_Cloned_Type.cloned_iter ( * self)); + _4 <- Borrow.borrow_final (C13Cloned_Cloned_Type.cloned_iter ( * self)) (Borrow.inherit_id (Borrow.get_id self) 1); self <- { self with current = (let C13Cloned_Cloned_Type.C_Cloned a = * self in C13Cloned_Cloned_Type.C_Cloned ( ^ _4)) ; }; assume { Inv0.inv ( ^ _4) }; _3 <- ([#"../13_cloned.rs" 53 8 53 24] Next0.next _4); diff --git a/creusot/tests/should_succeed/iterators/14_copied.mlcfg b/creusot/tests/should_succeed/iterators/14_copied.mlcfg index 9d8e21cbbb..c6636d1465 100644 --- a/creusot/tests/should_succeed/iterators/14_copied.mlcfg +++ b/creusot/tests/should_succeed/iterators/14_copied.mlcfg @@ -54,7 +54,7 @@ module C14Copied_Impl0_Completed type self = i use C14Copied_Copied_Type as C14Copied_Copied_Type predicate completed [#"../14_copied.rs" 22 4 22 35] (self : borrowed (C14Copied_Copied_Type.t_copied i)) = - [#"../14_copied.rs" 23 8 23 43] Completed0.completed {current = C14Copied_Copied_Type.copied_iter ( * self); final = C14Copied_Copied_Type.copied_iter ( ^ self); addr = Borrow.make_new_addr ()} + [#"../14_copied.rs" 23 8 23 43] Completed0.completed {current = C14Copied_Copied_Type.copied_iter ( * self); final = C14Copied_Copied_Type.copied_iter ( ^ self); id = Borrow.inherit_id (Borrow.get_id self) 1} val completed [#"../14_copied.rs" 22 4 22 35] (self : borrowed (C14Copied_Copied_Type.t_copied i)) : bool ensures { result = completed self } @@ -720,7 +720,7 @@ module C14Copied_Impl0_Next goto BB0 } BB0 { - _4 <- Borrow.borrow_mut (C14Copied_Copied_Type.copied_iter ( * self)); + _4 <- Borrow.borrow_final (C14Copied_Copied_Type.copied_iter ( * self)) (Borrow.inherit_id (Borrow.get_id self) 1); self <- { self with current = (let C14Copied_Copied_Type.C_Copied a = * self in C14Copied_Copied_Type.C_Copied ( ^ _4)) ; }; assume { Inv0.inv ( ^ _4) }; _3 <- ([#"../14_copied.rs" 53 8 53 24] Next0.next _4); diff --git a/creusot/tests/should_succeed/iterators/15_enumerate.mlcfg b/creusot/tests/should_succeed/iterators/15_enumerate.mlcfg index 988f3a1ce5..39f76224e1 100644 --- a/creusot/tests/should_succeed/iterators/15_enumerate.mlcfg +++ b/creusot/tests/should_succeed/iterators/15_enumerate.mlcfg @@ -57,7 +57,7 @@ module C15Enumerate_Impl0_Completed type self = i use C15Enumerate_Enumerate_Type as C15Enumerate_Enumerate_Type predicate completed [#"../15_enumerate.rs" 22 4 22 35] (self : borrowed (C15Enumerate_Enumerate_Type.t_enumerate i)) = - [#"../15_enumerate.rs" 23 8 23 43] Completed0.completed {current = C15Enumerate_Enumerate_Type.enumerate_iter ( * self); final = C15Enumerate_Enumerate_Type.enumerate_iter ( ^ self); addr = Borrow.make_new_addr ()} + [#"../15_enumerate.rs" 23 8 23 43] Completed0.completed {current = C15Enumerate_Enumerate_Type.enumerate_iter ( * self); final = C15Enumerate_Enumerate_Type.enumerate_iter ( ^ self); id = Borrow.inherit_id (Borrow.get_id self) 1} val completed [#"../15_enumerate.rs" 22 4 22 35] (self : borrowed (C15Enumerate_Enumerate_Type.t_enumerate i)) : bool ensures { result = completed self } @@ -880,7 +880,7 @@ module C15Enumerate_Impl0_Next goto BB0 } BB0 { - _4 <- Borrow.borrow_mut (C15Enumerate_Enumerate_Type.enumerate_iter ( * self)); + _4 <- Borrow.borrow_final (C15Enumerate_Enumerate_Type.enumerate_iter ( * self)) (Borrow.inherit_id (Borrow.get_id self) 1); self <- { self with current = (let C15Enumerate_Enumerate_Type.C_Enumerate a b = * self in C15Enumerate_Enumerate_Type.C_Enumerate ( ^ _4) b) ; }; assume { Inv0.inv ( ^ _4) }; _3 <- ([#"../15_enumerate.rs" 54 14 54 30] Next0.next _4); diff --git a/creusot/tests/should_succeed/iterators/16_take.mlcfg b/creusot/tests/should_succeed/iterators/16_take.mlcfg index 4ae224be05..92f9e93e32 100644 --- a/creusot/tests/should_succeed/iterators/16_take.mlcfg +++ b/creusot/tests/should_succeed/iterators/16_take.mlcfg @@ -83,7 +83,7 @@ module C16Take_Impl0_Completed clone CreusotContracts_Resolve_Impl1_Resolve_Stub as Resolve0 with type t = C16Take_Take_Type.t_take i predicate completed [#"../16_take.rs" 22 4 22 35] (self : borrowed (C16Take_Take_Type.t_take i)) = - [#"../16_take.rs" 23 8 26 9] UIntSize.to_int (C16Take_Take_Type.take_n ( * self)) = 0 /\ Resolve0.resolve self \/ UIntSize.to_int (C16Take_Take_Type.take_n ( * self)) > 0 /\ UIntSize.to_int (C16Take_Take_Type.take_n ( * self)) = UIntSize.to_int (C16Take_Take_Type.take_n ( ^ self)) + 1 /\ Completed0.completed {current = C16Take_Take_Type.take_iter ( * self); final = C16Take_Take_Type.take_iter ( ^ self); addr = Borrow.make_new_addr ()} + [#"../16_take.rs" 23 8 26 9] UIntSize.to_int (C16Take_Take_Type.take_n ( * self)) = 0 /\ Resolve0.resolve self \/ UIntSize.to_int (C16Take_Take_Type.take_n ( * self)) > 0 /\ UIntSize.to_int (C16Take_Take_Type.take_n ( * self)) = UIntSize.to_int (C16Take_Take_Type.take_n ( ^ self)) + 1 /\ Completed0.completed {current = C16Take_Take_Type.take_iter ( * self); final = C16Take_Take_Type.take_iter ( ^ self); id = Borrow.inherit_id (Borrow.get_id self) 1} val completed [#"../16_take.rs" 22 4 22 35] (self : borrowed (C16Take_Take_Type.t_take i)) : bool ensures { result = completed self } @@ -699,7 +699,7 @@ module C16Take_Impl0_Next } BB1 { self <- { self with current = (let C16Take_Take_Type.C_Take a b = * self in C16Take_Take_Type.C_Take a ([#"../16_take.rs" 55 12 55 23] C16Take_Take_Type.take_n ( * self) - ([#"../16_take.rs" 55 22 55 23] (1 : usize)))) ; }; - _5 <- Borrow.borrow_mut (C16Take_Take_Type.take_iter ( * self)); + _5 <- Borrow.borrow_final (C16Take_Take_Type.take_iter ( * self)) (Borrow.inherit_id (Borrow.get_id self) 1); self <- { self with current = (let C16Take_Take_Type.C_Take a b = * self in C16Take_Take_Type.C_Take ( ^ _5) b) ; }; assume { Inv1.inv ( ^ _5) }; _0 <- ([#"../16_take.rs" 56 12 56 28] Next0.next _5); diff --git a/creusot/tests/should_succeed/knapsack_full.mlcfg b/creusot/tests/should_succeed/knapsack_full.mlcfg index 11ccbb7fa7..9f8af046a8 100644 --- a/creusot/tests/should_succeed/knapsack_full.mlcfg +++ b/creusot/tests/should_succeed/knapsack_full.mlcfg @@ -3008,7 +3008,7 @@ module KnapsackFull_Knapsack01Dyn BB13 { _34 <- Borrow.borrow_mut iter; iter <- ^ _34; - _33 <- Borrow.borrow_mut ( * _34); + _33 <- Borrow.borrow_final ( * _34) (Borrow.get_id _34); _34 <- { _34 with current = ( ^ _33) ; }; _32 <- ([#"../knapsack_full.rs" 88 4 88 55] Next0.next _33); _33 <- any borrowed (Core_Ops_Range_Range_Type.t_range usize); @@ -3094,7 +3094,7 @@ module KnapsackFull_Knapsack01Dyn BB31 { _60 <- Borrow.borrow_mut iter1; iter1 <- ^ _60; - _59 <- Borrow.borrow_mut ( * _60); + _59 <- Borrow.borrow_final ( * _60) (Borrow.get_id _60); _60 <- { _60 with current = ( ^ _59) ; }; _58 <- ([#"../knapsack_full.rs" 98 8 98 59] Next1.next _59); _59 <- any borrowed (Core_Ops_Range_RangeInclusive_Type.t_rangeinclusive usize); diff --git a/creusot/tests/should_succeed/lang/branch_borrow_2.mlcfg b/creusot/tests/should_succeed/lang/branch_borrow_2.mlcfg index 800215a910..8a253a0e64 100644 --- a/creusot/tests/should_succeed/lang/branch_borrow_2.mlcfg +++ b/creusot/tests/should_succeed/lang/branch_borrow_2.mlcfg @@ -72,7 +72,7 @@ module BranchBorrow2_F } BB3 { z <- { z with current = ([#"../branch_borrow_2.rs" 23 17 23 18] (8 : int32)) ; }; - _12 <- Borrow.borrow_mut ( * z); + _12 <- Borrow.borrow_final ( * z) (Borrow.get_id z); z <- { z with current = ( ^ _12) ; }; w <- _12; _12 <- any borrowed int32; @@ -91,7 +91,7 @@ module BranchBorrow2_F BB5 { assume { Resolve0.resolve z }; y <- { y with current = ([#"../branch_borrow_2.rs" 19 17 19 18] (7 : int32)) ; }; - _11 <- Borrow.borrow_mut ( * y); + _11 <- Borrow.borrow_final ( * y) (Borrow.get_id y); y <- { y with current = ( ^ _11) ; }; w <- _11; _11 <- any borrowed int32; @@ -237,9 +237,9 @@ module BranchBorrow2_G a <- (BranchBorrow2_MyInt_Type.C_MyInt ([#"../branch_borrow_2.rs" 36 23 36 25] (10 : usize)), BranchBorrow2_MyInt_Type.C_MyInt ([#"../branch_borrow_2.rs" 36 34 36 35] (5 : usize))); b <- Borrow.borrow_mut a; a <- ^ b; - c <- Borrow.borrow_mut (let (_, a) = * b in a); + c <- Borrow.borrow_final (let (_, a) = * b in a) (Borrow.inherit_id (Borrow.get_id b) 2); b <- { b with current = (let (a, b) = * b in (a, ^ c)) ; }; - d <- Borrow.borrow_mut (let (a, _) = * b in a); + d <- Borrow.borrow_final (let (a, _) = * b in a) (Borrow.inherit_id (Borrow.get_id b) 1); b <- { b with current = (let (a, b) = * b in ( ^ d, b)) ; }; assume { Resolve0.resolve c }; assume { Resolve0.resolve d }; @@ -295,7 +295,7 @@ module BranchBorrow2_H BB2 { assume { Resolve0.resolve x }; y <- { y with current = ([#"../branch_borrow_2.rs" 56 13 56 14] (6 : int32)) ; }; - _9 <- Borrow.borrow_mut ( * y); + _9 <- Borrow.borrow_final ( * y) (Borrow.get_id y); y <- { y with current = ( ^ _9) ; }; w <- _9; _9 <- any borrowed int32; diff --git a/creusot/tests/should_succeed/list_index_mut.mlcfg b/creusot/tests/should_succeed/list_index_mut.mlcfg index 4bad397ee2..150b52e979 100644 --- a/creusot/tests/should_succeed/list_index_mut.mlcfg +++ b/creusot/tests/should_succeed/list_index_mut.mlcfg @@ -394,7 +394,7 @@ module ListIndexMut_IndexMut end } BB5 { - _25 <- Borrow.borrow_mut (ListIndexMut_List_Type.list_1 ( * l)); + _25 <- Borrow.borrow_final (ListIndexMut_List_Type.list_1 ( * l)) (Borrow.inherit_id (Borrow.get_id l) 2); l <- { l with current = (let ListIndexMut_List_Type.C_List a b = * l in ListIndexMut_List_Type.C_List a ( ^ _25)) ; }; _24 <- ([#"../list_index_mut.rs" 50 12 50 24] AsMut0.as_mut _25); _25 <- any borrowed (Core_Option_Option_Type.t_option (ListIndexMut_List_Type.t_list)); @@ -416,11 +416,11 @@ module ListIndexMut_IndexMut goto BB3 } BB8 { - _29 <- Borrow.borrow_mut (ListIndexMut_List_Type.list_0 ( * l)); + _29 <- Borrow.borrow_final (ListIndexMut_List_Type.list_0 ( * l)) (Borrow.inherit_id (Borrow.get_id l) 1); l <- { l with current = (let ListIndexMut_List_Type.C_List a b = * l in ListIndexMut_List_Type.C_List ( ^ _29) b) ; }; - _3 <- Borrow.borrow_mut ( * _29); + _3 <- Borrow.borrow_final ( * _29) (Borrow.get_id _29); _29 <- { _29 with current = ( ^ _3) ; }; - _0 <- Borrow.borrow_mut ( * _3); + _0 <- Borrow.borrow_final ( * _3) (Borrow.get_id _3); _3 <- { _3 with current = ( ^ _0) ; }; assume { Resolve0.resolve _29 }; assume { Resolve0.resolve _3 }; @@ -478,7 +478,7 @@ module ListIndexMut_Write goto BB0 } BB0 { - _10 <- Borrow.borrow_mut ( * l); + _10 <- Borrow.borrow_final ( * l) (Borrow.get_id l); l <- { l with current = ( ^ _10) ; }; _9 <- ([#"../list_index_mut.rs" 64 5 64 21] IndexMut0.index_mut _10 ix); _10 <- any borrowed (ListIndexMut_List_Type.t_list); @@ -536,7 +536,7 @@ module ListIndexMut_F BB4 { _8 <- Borrow.borrow_mut l; l <- ^ _8; - _7 <- Borrow.borrow_mut ( * _8); + _7 <- Borrow.borrow_final ( * _8) (Borrow.get_id _8); _8 <- { _8 with current = ( ^ _7) ; }; _6 <- ([#"../list_index_mut.rs" 69 4 69 23] Write0.write _7 ([#"../list_index_mut.rs" 69 18 69 19] (0 : usize)) ([#"../list_index_mut.rs" 69 21 69 22] (2 : uint32))); _7 <- any borrowed (ListIndexMut_List_Type.t_list); diff --git a/creusot/tests/should_succeed/list_reversal_lasso.mlcfg b/creusot/tests/should_succeed/list_reversal_lasso.mlcfg index 624f174662..1d4f28562d 100644 --- a/creusot/tests/should_succeed/list_reversal_lasso.mlcfg +++ b/creusot/tests/should_succeed/list_reversal_lasso.mlcfg @@ -928,18 +928,18 @@ module ListReversalLasso_Impl2_IndexMut goto BB0 } BB0 { - _11 <- Borrow.borrow_mut (ListReversalLasso_Memory_Type.memory_0 ( * self)); + _11 <- Borrow.borrow_final (ListReversalLasso_Memory_Type.memory_0 ( * self)) (Borrow.inherit_id (Borrow.get_id self) 1); self <- { self with current = (let ListReversalLasso_Memory_Type.C_Memory a = * self in ListReversalLasso_Memory_Type.C_Memory ( ^ _11)) ; }; _10 <- ([#"../list_reversal_lasso.rs" 42 13 42 22] IndexMut0.index_mut _11 i); _11 <- any borrowed (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)); goto BB1 } BB1 { - _9 <- Borrow.borrow_mut ( * _10); + _9 <- Borrow.borrow_final ( * _10) (Borrow.get_id _10); _10 <- { _10 with current = ( ^ _9) ; }; - _3 <- Borrow.borrow_mut ( * _9); + _3 <- Borrow.borrow_final ( * _9) (Borrow.get_id _9); _9 <- { _9 with current = ( ^ _3) ; }; - _0 <- Borrow.borrow_mut ( * _3); + _0 <- Borrow.borrow_final ( * _3) (Borrow.get_id _3); _3 <- { _3 with current = ( ^ _0) ; }; assume { Resolve0.resolve _10 }; assume { Resolve0.resolve _9 }; @@ -1344,11 +1344,11 @@ module ListReversalLasso_Impl4_ListReversalList BB5 { _19 <- Borrow.borrow_mut ( * _20); _20 <- { _20 with current = ( ^ _19) ; }; - _18 <- Borrow.borrow_mut ( * _19); + _18 <- Borrow.borrow_final ( * _19) (Borrow.get_id _19); _19 <- { _19 with current = ( ^ _18) ; }; _25 <- Borrow.borrow_mut r; r <- ^ _25; - _24 <- Borrow.borrow_mut ( * _25); + _24 <- Borrow.borrow_final ( * _25) (Borrow.get_id _25); _25 <- { _25 with current = ( ^ _24) ; }; _23 <- ([#"../list_reversal_lasso.rs" 108 48 108 76] Replace0.replace _24 l); _24 <- any borrowed usize; @@ -1597,11 +1597,11 @@ module ListReversalLasso_Impl4_ListReversalLoop BB5 { _23 <- Borrow.borrow_mut ( * _24); _24 <- { _24 with current = ( ^ _23) ; }; - _22 <- Borrow.borrow_mut ( * _23); + _22 <- Borrow.borrow_final ( * _23) (Borrow.get_id _23); _23 <- { _23 with current = ( ^ _22) ; }; _29 <- Borrow.borrow_mut r; r <- ^ _29; - _28 <- Borrow.borrow_mut ( * _29); + _28 <- Borrow.borrow_final ( * _29) (Borrow.get_id _29); _29 <- { _29 with current = ( ^ _28) ; }; _27 <- ([#"../list_reversal_lasso.rs" 139 48 139 76] Replace0.replace _28 l); _28 <- any borrowed usize; @@ -1833,11 +1833,11 @@ module ListReversalLasso_Impl4_ListReversalLasso BB5 { _21 <- Borrow.borrow_mut ( * _22); _22 <- { _22 with current = ( ^ _21) ; }; - _20 <- Borrow.borrow_mut ( * _21); + _20 <- Borrow.borrow_final ( * _21) (Borrow.get_id _21); _21 <- { _21 with current = ( ^ _20) ; }; _27 <- Borrow.borrow_mut r; r <- ^ _27; - _26 <- Borrow.borrow_mut ( * _27); + _26 <- Borrow.borrow_final ( * _27) (Borrow.get_id _27); _27 <- { _27 with current = ( ^ _26) ; }; _25 <- ([#"../list_reversal_lasso.rs" 191 48 191 76] Replace0.replace _26 l); _26 <- any borrowed usize; diff --git a/creusot/tests/should_succeed/mapping_test.mlcfg b/creusot/tests/should_succeed/mapping_test.mlcfg index 661f595f43..b41d30c143 100644 --- a/creusot/tests/should_succeed/mapping_test.mlcfg +++ b/creusot/tests/should_succeed/mapping_test.mlcfg @@ -307,7 +307,7 @@ module MappingTest_F assert { [@expl:assertion] [#"../mapping_test.rs" 41 19 41 34] Map.get (ShallowModel0.shallow_model x) 42 = 0 }; _8 <- Borrow.borrow_mut x; x <- ^ _8; - _7 <- Borrow.borrow_mut ( * _8); + _7 <- Borrow.borrow_final ( * _8) (Borrow.get_id _8); _8 <- { _8 with current = ( ^ _7) ; }; _6 <- ([#"../mapping_test.rs" 42 4 42 16] Incr0.incr _7); _7 <- any borrowed (MappingTest_T_Type.t_t); diff --git a/creusot/tests/should_succeed/projection_toggle.mlcfg b/creusot/tests/should_succeed/projection_toggle.mlcfg index efbe623557..1ca317bd9b 100644 --- a/creusot/tests/should_succeed/projection_toggle.mlcfg +++ b/creusot/tests/should_succeed/projection_toggle.mlcfg @@ -109,10 +109,10 @@ module ProjectionToggle_ProjToggle BB1 { assert { [@expl:type invariant] Inv0.inv b }; assume { Resolve0.resolve b }; - _8 <- Borrow.borrow_mut ( * a); + _8 <- Borrow.borrow_final ( * a) (Borrow.get_id a); a <- { a with current = ( ^ _8) ; }; assume { Inv1.inv ( ^ _8) }; - _6 <- Borrow.borrow_mut ( * _8); + _6 <- Borrow.borrow_final ( * _8) (Borrow.get_id _8); _8 <- { _8 with current = ( ^ _6) ; }; assume { Inv1.inv ( ^ _6) }; assert { [@expl:type invariant] Inv0.inv _8 }; @@ -122,16 +122,16 @@ module ProjectionToggle_ProjToggle BB2 { assert { [@expl:type invariant] Inv0.inv a }; assume { Resolve0.resolve a }; - _6 <- Borrow.borrow_mut ( * b); + _6 <- Borrow.borrow_final ( * b) (Borrow.get_id b); b <- { b with current = ( ^ _6) ; }; assume { Inv1.inv ( ^ _6) }; goto BB3 } BB3 { - _4 <- Borrow.borrow_mut ( * _6); + _4 <- Borrow.borrow_final ( * _6) (Borrow.get_id _6); _6 <- { _6 with current = ( ^ _4) ; }; assume { Inv1.inv ( ^ _4) }; - _0 <- Borrow.borrow_mut ( * _4); + _0 <- Borrow.borrow_final ( * _4) (Borrow.get_id _4); _4 <- { _4 with current = ( ^ _0) ; }; assume { Inv1.inv ( ^ _0) }; assert { [@expl:type invariant] Inv0.inv _6 }; @@ -182,11 +182,11 @@ module ProjectionToggle_F b <- ([#"../projection_toggle.rs" 15 16 15 17] (5 : int32)); _5 <- Borrow.borrow_mut a; a <- ^ _5; - _4 <- Borrow.borrow_mut ( * _5); + _4 <- Borrow.borrow_final ( * _5) (Borrow.get_id _5); _5 <- { _5 with current = ( ^ _4) ; }; _7 <- Borrow.borrow_mut b; b <- ^ _7; - _6 <- Borrow.borrow_mut ( * _7); + _6 <- Borrow.borrow_final ( * _7) (Borrow.get_id _7); _7 <- { _7 with current = ( ^ _6) ; }; x <- ([#"../projection_toggle.rs" 17 12 17 45] ProjToggle0.proj_toggle ([#"../projection_toggle.rs" 17 24 17 28] true) _4 _6); _4 <- any borrowed int32; diff --git a/creusot/tests/should_succeed/projections.mlcfg b/creusot/tests/should_succeed/projections.mlcfg index 0c9e7562ef..4c9745c702 100644 --- a/creusot/tests/should_succeed/projections.mlcfg +++ b/creusot/tests/should_succeed/projections.mlcfg @@ -172,7 +172,7 @@ module Projections_WriteIntoSum absurd } BB4 { - y <- Borrow.borrow_mut (Core_Option_Option_Type.some_0 ( * x)); + y <- Borrow.borrow_final (Core_Option_Option_Type.some_0 ( * x)) (Borrow.inherit_id (Borrow.get_id x) 1); x <- { x with current = (let Core_Option_Option_Type.C_Some a = * x in Core_Option_Option_Type.C_Some ( ^ y)) ; }; y <- { y with current = ([#"../projections.rs" 18 24 18 26] (10 : uint32)) ; }; assume { Resolve0.resolve y }; diff --git a/creusot/tests/should_succeed/red_black_tree.mlcfg b/creusot/tests/should_succeed/red_black_tree.mlcfg index bf8d609f47..ebde59d614 100644 --- a/creusot/tests/should_succeed/red_black_tree.mlcfg +++ b/creusot/tests/should_succeed/red_black_tree.mlcfg @@ -3469,7 +3469,7 @@ module RedBlackTree_Impl14_RotateRight _16 <- Borrow.borrow_mut (RedBlackTree_Tree_Type.tree_node (RedBlackTree_Node_Type.node_left ( * self))); self <- { self with current = (let RedBlackTree_Node_Type.C_Node a b c d e = * self in RedBlackTree_Node_Type.C_Node (let RedBlackTree_Tree_Type.C_Tree a = RedBlackTree_Node_Type.node_left ( * self) in RedBlackTree_Tree_Type.C_Tree ( ^ _16)) b c d e) ; }; assume { Inv1.inv ( ^ _16) }; - _15 <- Borrow.borrow_mut ( * _16); + _15 <- Borrow.borrow_final ( * _16) (Borrow.get_id _16); _16 <- { _16 with current = ( ^ _15) ; }; assume { Inv1.inv ( ^ _15) }; _14 <- ([#"../red_black_tree.rs" 421 20 421 55] Take0.take _15); @@ -3487,13 +3487,13 @@ module RedBlackTree_Impl14_RotateRight _19 <- Borrow.borrow_mut (RedBlackTree_Node_Type.node_left ( * self)); self <- { self with current = (let RedBlackTree_Node_Type.C_Node a b c d e = * self in RedBlackTree_Node_Type.C_Node ( ^ _19) b c d e) ; }; assume { Inv3.inv ( ^ _19) }; - _18 <- Borrow.borrow_mut ( * _19); + _18 <- Borrow.borrow_final ( * _19) (Borrow.get_id _19); _19 <- { _19 with current = ( ^ _18) ; }; assume { Inv3.inv ( ^ _18) }; _21 <- Borrow.borrow_mut (RedBlackTree_Node_Type.node_right x); x <- (let RedBlackTree_Node_Type.C_Node a b c d e = x in RedBlackTree_Node_Type.C_Node a b c d ( ^ _21)); assume { Inv3.inv ( ^ _21) }; - _20 <- Borrow.borrow_mut ( * _21); + _20 <- Borrow.borrow_final ( * _21) (Borrow.get_id _21); _21 <- { _21 with current = ( ^ _20) ; }; assume { Inv3.inv ( ^ _20) }; _17 <- ([#"../red_black_tree.rs" 428 8 428 52] Swap0.swap _18 _20); @@ -3523,13 +3523,13 @@ module RedBlackTree_Impl14_RotateRight BB5 { assert { [@expl:type invariant] Inv7.inv _25 }; assume { Resolve3.resolve _25 }; - _28 <- Borrow.borrow_mut (RedBlackTree_Node_Type.node_color ( * self)); + _28 <- Borrow.borrow_final (RedBlackTree_Node_Type.node_color ( * self)) (Borrow.inherit_id (Borrow.get_id self) 2); self <- { self with current = (let RedBlackTree_Node_Type.C_Node a b c d e = * self in RedBlackTree_Node_Type.C_Node a ( ^ _28) c d e) ; }; - _27 <- Borrow.borrow_mut ( * _28); + _27 <- Borrow.borrow_final ( * _28) (Borrow.get_id _28); _28 <- { _28 with current = ( ^ _27) ; }; _30 <- Borrow.borrow_mut (RedBlackTree_Node_Type.node_color x); x <- (let RedBlackTree_Node_Type.C_Node a b c d e = x in RedBlackTree_Node_Type.C_Node a ( ^ _30) c d e); - _29 <- Borrow.borrow_mut ( * _30); + _29 <- Borrow.borrow_final ( * _30) (Borrow.get_id _30); _30 <- { _30 with current = ( ^ _29) ; }; _26 <- ([#"../red_black_tree.rs" 435 8 435 53] Swap2.swap _27 _29); _27 <- any borrowed (RedBlackTree_Color_Type.t_color); @@ -3932,7 +3932,7 @@ module RedBlackTree_Impl14_RotateLeft _16 <- Borrow.borrow_mut (RedBlackTree_Tree_Type.tree_node (RedBlackTree_Node_Type.node_right ( * self))); self <- { self with current = (let RedBlackTree_Node_Type.C_Node a b c d e = * self in RedBlackTree_Node_Type.C_Node a b c d (let RedBlackTree_Tree_Type.C_Tree a = RedBlackTree_Node_Type.node_right ( * self) in RedBlackTree_Tree_Type.C_Tree ( ^ _16))) ; }; assume { Inv1.inv ( ^ _16) }; - _15 <- Borrow.borrow_mut ( * _16); + _15 <- Borrow.borrow_final ( * _16) (Borrow.get_id _16); _16 <- { _16 with current = ( ^ _15) ; }; assume { Inv1.inv ( ^ _15) }; _14 <- ([#"../red_black_tree.rs" 464 20 464 56] Take0.take _15); @@ -3950,13 +3950,13 @@ module RedBlackTree_Impl14_RotateLeft _19 <- Borrow.borrow_mut (RedBlackTree_Node_Type.node_right ( * self)); self <- { self with current = (let RedBlackTree_Node_Type.C_Node a b c d e = * self in RedBlackTree_Node_Type.C_Node a b c d ( ^ _19)) ; }; assume { Inv3.inv ( ^ _19) }; - _18 <- Borrow.borrow_mut ( * _19); + _18 <- Borrow.borrow_final ( * _19) (Borrow.get_id _19); _19 <- { _19 with current = ( ^ _18) ; }; assume { Inv3.inv ( ^ _18) }; _21 <- Borrow.borrow_mut (RedBlackTree_Node_Type.node_left x); x <- (let RedBlackTree_Node_Type.C_Node a b c d e = x in RedBlackTree_Node_Type.C_Node ( ^ _21) b c d e); assume { Inv3.inv ( ^ _21) }; - _20 <- Borrow.borrow_mut ( * _21); + _20 <- Borrow.borrow_final ( * _21) (Borrow.get_id _21); _21 <- { _21 with current = ( ^ _20) ; }; assume { Inv3.inv ( ^ _20) }; _17 <- ([#"../red_black_tree.rs" 465 8 465 52] Swap0.swap _18 _20); @@ -3986,13 +3986,13 @@ module RedBlackTree_Impl14_RotateLeft BB5 { assert { [@expl:type invariant] Inv7.inv _25 }; assume { Resolve3.resolve _25 }; - _28 <- Borrow.borrow_mut (RedBlackTree_Node_Type.node_color ( * self)); + _28 <- Borrow.borrow_final (RedBlackTree_Node_Type.node_color ( * self)) (Borrow.inherit_id (Borrow.get_id self) 2); self <- { self with current = (let RedBlackTree_Node_Type.C_Node a b c d e = * self in RedBlackTree_Node_Type.C_Node a ( ^ _28) c d e) ; }; - _27 <- Borrow.borrow_mut ( * _28); + _27 <- Borrow.borrow_final ( * _28) (Borrow.get_id _28); _28 <- { _28 with current = ( ^ _27) ; }; _30 <- Borrow.borrow_mut (RedBlackTree_Node_Type.node_color x); x <- (let RedBlackTree_Node_Type.C_Node a b c d e = x in RedBlackTree_Node_Type.C_Node a ( ^ _30) c d e); - _29 <- Borrow.borrow_mut ( * _30); + _29 <- Borrow.borrow_final ( * _30) (Borrow.get_id _30); _30 <- { _30 with current = ( ^ _29) ; }; _26 <- ([#"../red_black_tree.rs" 467 8 467 53] Swap2.swap _27 _29); _27 <- any borrowed (RedBlackTree_Color_Type.t_color); @@ -4366,7 +4366,7 @@ module RedBlackTree_Impl14_FlipColors goto BB0 } BB0 { - _15 <- Borrow.borrow_mut (RedBlackTree_Tree_Type.tree_node (RedBlackTree_Node_Type.node_left ( * self))); + _15 <- Borrow.borrow_final (RedBlackTree_Tree_Type.tree_node (RedBlackTree_Node_Type.node_left ( * self))) (Borrow.inherit_id (Borrow.inherit_id (Borrow.get_id self) 1) 1); self <- { self with current = (let RedBlackTree_Node_Type.C_Node a b c d e = * self in RedBlackTree_Node_Type.C_Node (let RedBlackTree_Tree_Type.C_Tree a = RedBlackTree_Node_Type.node_left ( * self) in RedBlackTree_Tree_Type.C_Tree ( ^ _15)) b c d e) ; }; assume { Inv0.inv ( ^ _15) }; _14 <- ([#"../red_black_tree.rs" 487 8 487 31] AsMut0.as_mut _15); @@ -4382,11 +4382,11 @@ module RedBlackTree_Impl14_FlipColors _13 <- { _13 with current = (let RedBlackTree_Node_Type.C_Node a b c d e = * _13 in RedBlackTree_Node_Type.C_Node a (RedBlackTree_Node_Type.node_color ( * self)) c d e) ; }; assert { [@expl:type invariant] Inv1.inv _13 }; assume { Resolve0.resolve _13 }; - _18 <- Borrow.borrow_mut (RedBlackTree_Node_Type.node_color ( * self)); + _18 <- Borrow.borrow_final (RedBlackTree_Node_Type.node_color ( * self)) (Borrow.inherit_id (Borrow.get_id self) 2); self <- { self with current = (let RedBlackTree_Node_Type.C_Node a b c d e = * self in RedBlackTree_Node_Type.C_Node a ( ^ _18) c d e) ; }; - _17 <- Borrow.borrow_mut ( * _18); + _17 <- Borrow.borrow_final ( * _18) (Borrow.get_id _18); _18 <- { _18 with current = ( ^ _17) ; }; - _23 <- Borrow.borrow_mut (RedBlackTree_Tree_Type.tree_node (RedBlackTree_Node_Type.node_right ( * self))); + _23 <- Borrow.borrow_final (RedBlackTree_Tree_Type.tree_node (RedBlackTree_Node_Type.node_right ( * self))) (Borrow.inherit_id (Borrow.inherit_id (Borrow.get_id self) 5) 1); self <- { self with current = (let RedBlackTree_Node_Type.C_Node a b c d e = * self in RedBlackTree_Node_Type.C_Node a b c d (let RedBlackTree_Tree_Type.C_Tree a = RedBlackTree_Node_Type.node_right ( * self) in RedBlackTree_Tree_Type.C_Tree ( ^ _23))) ; }; assume { Inv0.inv ( ^ _23) }; _22 <- ([#"../red_black_tree.rs" 488 45 488 69] AsMut0.as_mut _23); @@ -4401,7 +4401,7 @@ module RedBlackTree_Impl14_FlipColors BB4 { _20 <- Borrow.borrow_mut (RedBlackTree_Node_Type.node_color ( * _21)); _21 <- { _21 with current = (let RedBlackTree_Node_Type.C_Node a b c d e = * _21 in RedBlackTree_Node_Type.C_Node a ( ^ _20) c d e) ; }; - _19 <- Borrow.borrow_mut ( * _20); + _19 <- Borrow.borrow_final ( * _20) (Borrow.get_id _20); _20 <- { _20 with current = ( ^ _19) ; }; _16 <- ([#"../red_black_tree.rs" 488 8 488 85] Swap0.swap _17 _19); _17 <- any borrowed (RedBlackTree_Color_Type.t_color); @@ -4969,7 +4969,7 @@ module RedBlackTree_Impl14_Balance goto BB23 } BB26 { - _40 <- Borrow.borrow_mut ( * self); + _40 <- Borrow.borrow_final ( * self) (Borrow.get_id self); self <- { self with current = ( ^ _40) ; }; assume { Inv0.inv ( ^ _40) }; _39 <- ([#"../red_black_tree.rs" 520 12 520 30] FlipColors0.flip_colors _40); @@ -5496,7 +5496,7 @@ module RedBlackTree_Impl14_MoveRedLeft goto BB10 } BB10 { - _35 <- Borrow.borrow_mut (RedBlackTree_Tree_Type.tree_node (RedBlackTree_Node_Type.node_left ( * self))); + _35 <- Borrow.borrow_final (RedBlackTree_Tree_Type.tree_node (RedBlackTree_Node_Type.node_left ( * self))) (Borrow.inherit_id (Borrow.inherit_id (Borrow.get_id self) 1) 1); self <- { self with current = (let RedBlackTree_Node_Type.C_Node a b c d e = * self in RedBlackTree_Node_Type.C_Node (let RedBlackTree_Tree_Type.C_Tree a = RedBlackTree_Node_Type.node_left ( * self) in RedBlackTree_Tree_Type.C_Tree ( ^ _35)) b c d e) ; }; assume { Inv1.inv ( ^ _35) }; _34 <- ([#"../red_black_tree.rs" 548 19 548 42] AsMut0.as_mut _35); @@ -5991,7 +5991,7 @@ module RedBlackTree_Impl14_MoveRedRight goto BB7 } BB7 { - _30 <- Borrow.borrow_mut (RedBlackTree_Tree_Type.tree_node (RedBlackTree_Node_Type.node_right ( * self))); + _30 <- Borrow.borrow_final (RedBlackTree_Tree_Type.tree_node (RedBlackTree_Node_Type.node_right ( * self))) (Borrow.inherit_id (Borrow.inherit_id (Borrow.get_id self) 5) 1); self <- { self with current = (let RedBlackTree_Node_Type.C_Node a b c d e = * self in RedBlackTree_Node_Type.C_Node a b c d (let RedBlackTree_Tree_Type.C_Tree a = RedBlackTree_Node_Type.node_right ( * self) in RedBlackTree_Tree_Type.C_Tree ( ^ _30))) ; }; assume { Inv1.inv ( ^ _30) }; _29 <- ([#"../red_black_tree.rs" 576 19 576 43] AsMut0.as_mut _30); @@ -6626,7 +6626,7 @@ module RedBlackTree_Impl15_InsertRec goto BB2 } BB2 { - _11 <- Borrow.borrow_mut (RedBlackTree_Tree_Type.tree_node ( * self)); + _11 <- Borrow.borrow_final (RedBlackTree_Tree_Type.tree_node ( * self)) (Borrow.inherit_id (Borrow.get_id self) 1); self <- { self with current = (let RedBlackTree_Tree_Type.C_Tree a = * self in RedBlackTree_Tree_Type.C_Tree ( ^ _11)) ; }; assume { Inv0.inv ( ^ _11) }; switch ( * _11) @@ -6638,7 +6638,7 @@ module RedBlackTree_Impl15_InsertRec goto BB4 } BB4 { - node <- Borrow.borrow_mut (Core_Option_Option_Type.some_0 ( * _11)); + node <- Borrow.borrow_final (Core_Option_Option_Type.some_0 ( * _11)) (Borrow.inherit_id (Borrow.get_id _11) 1); _11 <- { _11 with current = (let Core_Option_Option_Type.C_Some a = * _11 in Core_Option_Option_Type.C_Some ( ^ node)) ; }; assume { Inv1.inv ( ^ node) }; _18 <- RedBlackTree_Node_Type.node_key ( * node); @@ -7222,7 +7222,7 @@ module RedBlackTree_Impl15_Insert goto BB2 } BB2 { - _14 <- Borrow.borrow_mut (RedBlackTree_Tree_Type.tree_node ( * self)); + _14 <- Borrow.borrow_final (RedBlackTree_Tree_Type.tree_node ( * self)) (Borrow.inherit_id (Borrow.get_id self) 1); self <- { self with current = (let RedBlackTree_Tree_Type.C_Tree a = * self in RedBlackTree_Tree_Type.C_Tree ( ^ _14)) ; }; assume { Inv1.inv ( ^ _14) }; _13 <- ([#"../red_black_tree.rs" 628 8 628 26] AsMut0.as_mut _14); @@ -7771,7 +7771,7 @@ module RedBlackTree_Impl15_DeleteMaxRec goto BB2 } BB2 { - _12 <- Borrow.borrow_mut ( * _13); + _12 <- Borrow.borrow_final ( * _13) (Borrow.get_id _13); _13 <- { _13 with current = ( ^ _12) ; }; assume { Inv1.inv ( ^ _12) }; node <- ([#"../red_black_tree.rs" 644 23 644 59] AsMut1.as_mut _12); @@ -7817,10 +7817,10 @@ module RedBlackTree_Impl15_DeleteMaxRec BB10 { assert { [@expl:type invariant] Inv4.inv node }; assume { Resolve1.resolve node }; - _26 <- Borrow.borrow_mut (RedBlackTree_Tree_Type.tree_node ( * self)); + _26 <- Borrow.borrow_final (RedBlackTree_Tree_Type.tree_node ( * self)) (Borrow.inherit_id (Borrow.get_id self) 1); self <- { self with current = (let RedBlackTree_Tree_Type.C_Tree a = * self in RedBlackTree_Tree_Type.C_Tree ( ^ _26)) ; }; assume { Inv0.inv ( ^ _26) }; - _25 <- Borrow.borrow_mut ( * _26); + _25 <- Borrow.borrow_final ( * _26) (Borrow.get_id _26); _26 <- { _26 with current = ( ^ _25) ; }; assume { Inv0.inv ( ^ _25) }; _24 <- ([#"../red_black_tree.rs" 649 23 649 53] Take0.take _25); @@ -7891,7 +7891,7 @@ module RedBlackTree_Impl15_DeleteMaxRec goto BB18 } BB23 { - _42 <- Borrow.borrow_mut ( * node); + _42 <- Borrow.borrow_final ( * node) (Borrow.get_id node); node <- { node with current = ( ^ _42) ; }; assume { Inv3.inv ( ^ _42) }; _41 <- ([#"../red_black_tree.rs" 653 19 653 40] MoveRedRight0.move_red_right _42); @@ -7899,7 +7899,7 @@ module RedBlackTree_Impl15_DeleteMaxRec goto BB24 } BB24 { - _40 <- Borrow.borrow_mut ( * _41); + _40 <- Borrow.borrow_final ( * _41) (Borrow.get_id _41); _41 <- { _41 with current = ( ^ _40) ; }; assume { Inv3.inv ( ^ _40) }; assert { [@expl:type invariant] Inv4.inv node }; @@ -7924,7 +7924,7 @@ module RedBlackTree_Impl15_DeleteMaxRec goto BB27 } BB27 { - _46 <- Borrow.borrow_mut ( * node); + _46 <- Borrow.borrow_final ( * node) (Borrow.get_id node); node <- { node with current = ( ^ _46) ; }; assume { Inv3.inv ( ^ _46) }; _45 <- ([#"../red_black_tree.rs" 656 8 656 22] Balance0.balance _46); @@ -8371,7 +8371,7 @@ module RedBlackTree_Impl15_DeleteMax goto BB3 } BB3 { - node <- Borrow.borrow_mut (Core_Option_Option_Type.some_0 ( * _8)); + node <- Borrow.borrow_final (Core_Option_Option_Type.some_0 ( * _8)) (Borrow.inherit_id (Borrow.get_id _8) 1); _8 <- { _8 with current = (let Core_Option_Option_Type.C_Some a = * _8 in Core_Option_Option_Type.C_Some ( ^ node)) ; }; assume { Inv2.inv ( ^ node) }; _12 <- ([#"../red_black_tree.rs" 670 16 670 34] IsRed0.is_red (RedBlackTree_Node_Type.node_left ( * node))); @@ -8428,7 +8428,7 @@ module RedBlackTree_Impl15_DeleteMax end } BB11 { - _26 <- Borrow.borrow_mut (RedBlackTree_Tree_Type.tree_node ( * self)); + _26 <- Borrow.borrow_final (RedBlackTree_Tree_Type.tree_node ( * self)) (Borrow.inherit_id (Borrow.get_id self) 1); self <- { self with current = (let RedBlackTree_Tree_Type.C_Tree a = * self in RedBlackTree_Tree_Type.C_Tree ( ^ _26)) ; }; assume { Inv1.inv ( ^ _26) }; _25 <- ([#"../red_black_tree.rs" 679 12 679 30] AsMut0.as_mut _26); @@ -8958,7 +8958,7 @@ module RedBlackTree_Impl15_DeleteMinRec goto BB2 } BB2 { - _12 <- Borrow.borrow_mut ( * _13); + _12 <- Borrow.borrow_final ( * _13) (Borrow.get_id _13); _13 <- { _13 with current = ( ^ _12) ; }; assume { Inv1.inv ( ^ _12) }; node <- ([#"../red_black_tree.rs" 697 23 697 59] AsMut1.as_mut _12); @@ -8979,10 +8979,10 @@ module RedBlackTree_Impl15_DeleteMinRec BB5 { assert { [@expl:type invariant] Inv3.inv node }; assume { Resolve1.resolve node }; - _22 <- Borrow.borrow_mut (RedBlackTree_Tree_Type.tree_node ( * self)); + _22 <- Borrow.borrow_final (RedBlackTree_Tree_Type.tree_node ( * self)) (Borrow.inherit_id (Borrow.get_id self) 1); self <- { self with current = (let RedBlackTree_Tree_Type.C_Tree a = * self in RedBlackTree_Tree_Type.C_Tree ( ^ _22)) ; }; assume { Inv0.inv ( ^ _22) }; - _21 <- Borrow.borrow_mut ( * _22); + _21 <- Borrow.borrow_final ( * _22) (Borrow.get_id _22); _22 <- { _22 with current = ( ^ _21) ; }; assume { Inv0.inv ( ^ _21) }; _20 <- ([#"../red_black_tree.rs" 699 23 699 53] Take0.take _21); @@ -9053,7 +9053,7 @@ module RedBlackTree_Impl15_DeleteMinRec goto BB13 } BB18 { - _38 <- Borrow.borrow_mut ( * node); + _38 <- Borrow.borrow_final ( * node) (Borrow.get_id node); node <- { node with current = ( ^ _38) ; }; assume { Inv7.inv ( ^ _38) }; _37 <- ([#"../red_black_tree.rs" 703 19 703 39] MoveRedLeft0.move_red_left _38); @@ -9061,7 +9061,7 @@ module RedBlackTree_Impl15_DeleteMinRec goto BB19 } BB19 { - _36 <- Borrow.borrow_mut ( * _37); + _36 <- Borrow.borrow_final ( * _37) (Borrow.get_id _37); _37 <- { _37 with current = ( ^ _36) ; }; assume { Inv7.inv ( ^ _36) }; assert { [@expl:type invariant] Inv3.inv node }; @@ -9086,7 +9086,7 @@ module RedBlackTree_Impl15_DeleteMinRec goto BB22 } BB22 { - _42 <- Borrow.borrow_mut ( * node); + _42 <- Borrow.borrow_final ( * node) (Borrow.get_id node); node <- { node with current = ( ^ _42) ; }; assume { Inv7.inv ( ^ _42) }; _41 <- ([#"../red_black_tree.rs" 706 8 706 22] Balance0.balance _42); @@ -9516,7 +9516,7 @@ module RedBlackTree_Impl15_DeleteMin goto BB3 } BB3 { - node <- Borrow.borrow_mut (Core_Option_Option_Type.some_0 ( * _8)); + node <- Borrow.borrow_final (Core_Option_Option_Type.some_0 ( * _8)) (Borrow.inherit_id (Borrow.get_id _8) 1); _8 <- { _8 with current = (let Core_Option_Option_Type.C_Some a = * _8 in Core_Option_Option_Type.C_Some ( ^ node)) ; }; assume { Inv1.inv ( ^ node) }; _12 <- ([#"../red_black_tree.rs" 723 16 723 34] IsRed0.is_red (RedBlackTree_Node_Type.node_left ( * node))); @@ -9572,7 +9572,7 @@ module RedBlackTree_Impl15_DeleteMin end } BB11 { - _24 <- Borrow.borrow_mut (RedBlackTree_Tree_Type.tree_node ( * self)); + _24 <- Borrow.borrow_final (RedBlackTree_Tree_Type.tree_node ( * self)) (Borrow.inherit_id (Borrow.get_id self) 1); self <- { self with current = (let RedBlackTree_Tree_Type.C_Tree a = * self in RedBlackTree_Tree_Type.C_Tree ( ^ _24)) ; }; assume { Inv0.inv ( ^ _24) }; _23 <- ([#"../red_black_tree.rs" 731 12 731 30] AsMut0.as_mut _24); @@ -10368,7 +10368,7 @@ module RedBlackTree_Impl15_DeleteRec goto BB2 } BB2 { - _13 <- Borrow.borrow_mut ( * _14); + _13 <- Borrow.borrow_final ( * _14) (Borrow.get_id _14); _14 <- { _14 with current = ( ^ _13) ; }; assume { Inv1.inv ( ^ _13) }; node <- ([#"../red_black_tree.rs" 750 23 750 59] AsMut1.as_mut _13); @@ -10459,7 +10459,7 @@ module RedBlackTree_Impl15_DeleteRec goto BB13 } BB18 { - _40 <- Borrow.borrow_mut ( * node); + _40 <- Borrow.borrow_final ( * node) (Borrow.get_id node); node <- { node with current = ( ^ _40) ; }; assume { Inv5.inv ( ^ _40) }; _39 <- ([#"../red_black_tree.rs" 757 27 757 47] MoveRedLeft0.move_red_left _40); @@ -10467,7 +10467,7 @@ module RedBlackTree_Impl15_DeleteRec goto BB19 } BB19 { - _38 <- Borrow.borrow_mut ( * _39); + _38 <- Borrow.borrow_final ( * _39) (Borrow.get_id _39); _39 <- { _39 with current = ( ^ _38) ; }; assume { Inv5.inv ( ^ _38) }; assert { [@expl:type invariant] Inv6.inv node }; @@ -10571,10 +10571,10 @@ module RedBlackTree_Impl15_DeleteRec goto BB73 } BB38 { - _62 <- Borrow.borrow_mut (RedBlackTree_Tree_Type.tree_node ( * self)); + _62 <- Borrow.borrow_final (RedBlackTree_Tree_Type.tree_node ( * self)) (Borrow.inherit_id (Borrow.get_id self) 1); self <- { self with current = (let RedBlackTree_Tree_Type.C_Tree a = * self in RedBlackTree_Tree_Type.C_Tree ( ^ _62)) ; }; assume { Inv0.inv ( ^ _62) }; - _61 <- Borrow.borrow_mut ( * _62); + _61 <- Borrow.borrow_final ( * _62) (Borrow.get_id _62); _62 <- { _62 with current = ( ^ _61) ; }; assume { Inv0.inv ( ^ _61) }; _60 <- ([#"../red_black_tree.rs" 770 35 770 65] Take0.take _61); @@ -10629,7 +10629,7 @@ module RedBlackTree_Impl15_DeleteRec end } BB48 { - _75 <- Borrow.borrow_mut ( * node); + _75 <- Borrow.borrow_final ( * node) (Borrow.get_id node); node <- { node with current = ( ^ _75) ; }; assume { Inv5.inv ( ^ _75) }; _74 <- ([#"../red_black_tree.rs" 774 31 774 52] MoveRedRight0.move_red_right _75); @@ -10637,7 +10637,7 @@ module RedBlackTree_Impl15_DeleteRec goto BB49 } BB49 { - _73 <- Borrow.borrow_mut ( * _74); + _73 <- Borrow.borrow_final ( * _74) (Borrow.get_id _74); _74 <- { _74 with current = ( ^ _73) ; }; assume { Inv5.inv ( ^ _73) }; assert { [@expl:type invariant] Inv6.inv node }; @@ -10681,13 +10681,13 @@ module RedBlackTree_Impl15_DeleteRec _83 <- Borrow.borrow_mut (RedBlackTree_Node_Type.node_key ( * node)); node <- { node with current = (let RedBlackTree_Node_Type.C_Node a b c d e = * node in RedBlackTree_Node_Type.C_Node a b ( ^ _83) d e) ; }; assume { Inv9.inv ( ^ _83) }; - _82 <- Borrow.borrow_mut ( * _83); + _82 <- Borrow.borrow_final ( * _83) (Borrow.get_id _83); _83 <- { _83 with current = ( ^ _82) ; }; assume { Inv9.inv ( ^ _82) }; _85 <- Borrow.borrow_mut (let (a, _) = kv in a); kv <- (let (a, b) = kv in ( ^ _85, b)); assume { Inv9.inv ( ^ _85) }; - _84 <- Borrow.borrow_mut ( * _85); + _84 <- Borrow.borrow_final ( * _85) (Borrow.get_id _85); _85 <- { _85 with current = ( ^ _84) ; }; assume { Inv9.inv ( ^ _84) }; _81 <- ([#"../red_black_tree.rs" 779 24 779 64] Swap0.swap _82 _84); @@ -10703,13 +10703,13 @@ module RedBlackTree_Impl15_DeleteRec _88 <- Borrow.borrow_mut (RedBlackTree_Node_Type.node_val ( * node)); node <- { node with current = (let RedBlackTree_Node_Type.C_Node a b c d e = * node in RedBlackTree_Node_Type.C_Node a b c ( ^ _88) e) ; }; assume { Inv11.inv ( ^ _88) }; - _87 <- Borrow.borrow_mut ( * _88); + _87 <- Borrow.borrow_final ( * _88) (Borrow.get_id _88); _88 <- { _88 with current = ( ^ _87) ; }; assume { Inv11.inv ( ^ _87) }; _90 <- Borrow.borrow_mut (let (_, a) = kv in a); kv <- (let (a, b) = kv in (a, ^ _90)); assume { Inv11.inv ( ^ _90) }; - _89 <- Borrow.borrow_mut ( * _90); + _89 <- Borrow.borrow_final ( * _90) (Borrow.get_id _90); _90 <- { _90 with current = ( ^ _89) ; }; assume { Inv11.inv ( ^ _89) }; _86 <- ([#"../red_black_tree.rs" 780 24 780 64] Swap1.swap _87 _89); @@ -10765,7 +10765,7 @@ module RedBlackTree_Impl15_DeleteRec goto BB69 } BB69 { - _97 <- Borrow.borrow_mut ( * node); + _97 <- Borrow.borrow_final ( * node) (Borrow.get_id node); node <- { node with current = ( ^ _97) ; }; assume { Inv5.inv ( ^ _97) }; _96 <- ([#"../red_black_tree.rs" 788 8 788 22] Balance0.balance _97); @@ -11215,7 +11215,7 @@ module RedBlackTree_Impl15_Delete goto BB3 } BB3 { - node <- Borrow.borrow_mut (Core_Option_Option_Type.some_0 ( * _10)); + node <- Borrow.borrow_final (Core_Option_Option_Type.some_0 ( * _10)) (Borrow.inherit_id (Borrow.get_id _10) 1); _10 <- { _10 with current = (let Core_Option_Option_Type.C_Some a = * _10 in Core_Option_Option_Type.C_Some ( ^ node)) ; }; assume { Inv1.inv ( ^ node) }; _14 <- ([#"../red_black_tree.rs" 804 16 804 34] IsRed0.is_red (RedBlackTree_Node_Type.node_left ( * node))); @@ -11275,7 +11275,7 @@ module RedBlackTree_Impl15_Delete end } BB11 { - _27 <- Borrow.borrow_mut (RedBlackTree_Tree_Type.tree_node ( * self)); + _27 <- Borrow.borrow_final (RedBlackTree_Tree_Type.tree_node ( * self)) (Borrow.inherit_id (Borrow.get_id self) 1); self <- { self with current = (let RedBlackTree_Tree_Type.C_Tree a = * self in RedBlackTree_Tree_Type.C_Tree ( ^ _27)) ; }; assume { Inv0.inv ( ^ _27) }; _26 <- ([#"../red_black_tree.rs" 812 12 812 30] AsMut0.as_mut _27); @@ -12180,7 +12180,7 @@ module RedBlackTree_Impl15_GetMut goto BB4 } BB4 { - _23 <- Borrow.borrow_mut (RedBlackTree_Tree_Type.tree_node ( * tree)); + _23 <- Borrow.borrow_final (RedBlackTree_Tree_Type.tree_node ( * tree)) (Borrow.inherit_id (Borrow.get_id tree) 1); tree <- { tree with current = (let RedBlackTree_Tree_Type.C_Tree a = * tree in RedBlackTree_Tree_Type.C_Tree ( ^ _23)) ; }; assume { Inv3.inv ( ^ _23) }; switch ( * _23) @@ -12192,7 +12192,7 @@ module RedBlackTree_Impl15_GetMut goto BB6 } BB6 { - node <- Borrow.borrow_mut (Core_Option_Option_Type.some_0 ( * _23)); + node <- Borrow.borrow_final (Core_Option_Option_Type.some_0 ( * _23)) (Borrow.inherit_id (Borrow.get_id _23) 1); _23 <- { _23 with current = (let Core_Option_Option_Type.C_Some a = * _23 in Core_Option_Option_Type.C_Some ( ^ node)) ; }; assume { Inv4.inv ( ^ node) }; _29 <- RedBlackTree_Node_Type.node_key ( * node); @@ -12218,7 +12218,7 @@ module RedBlackTree_Impl15_GetMut _37 <- Borrow.borrow_mut (RedBlackTree_Node_Type.node_right ( * node)); node <- { node with current = (let RedBlackTree_Node_Type.C_Node a b c d e = * node in RedBlackTree_Node_Type.C_Node a b c d ( ^ _37)) ; }; assume { Inv6.inv ( ^ _37) }; - _36 <- Borrow.borrow_mut ( * _37); + _36 <- Borrow.borrow_final ( * _37) (Borrow.get_id _37); _37 <- { _37 with current = ( ^ _36) ; }; assume { Inv6.inv ( ^ _36) }; assert { [@expl:type invariant] Inv7.inv tree }; @@ -12245,7 +12245,7 @@ module RedBlackTree_Impl15_GetMut _32 <- Borrow.borrow_mut (RedBlackTree_Node_Type.node_left ( * node)); node <- { node with current = (let RedBlackTree_Node_Type.C_Node a b c d e = * node in RedBlackTree_Node_Type.C_Node ( ^ _32) b c d e) ; }; assume { Inv6.inv ( ^ _32) }; - _31 <- Borrow.borrow_mut ( * _32); + _31 <- Borrow.borrow_final ( * _32) (Borrow.get_id _32); _32 <- { _32 with current = ( ^ _31) ; }; assume { Inv6.inv ( ^ _31) }; assert { [@expl:type invariant] Inv7.inv tree }; @@ -12263,7 +12263,7 @@ module RedBlackTree_Impl15_GetMut _35 <- Borrow.borrow_mut (RedBlackTree_Node_Type.node_val ( * node)); node <- { node with current = (let RedBlackTree_Node_Type.C_Node a b c d e = * node in RedBlackTree_Node_Type.C_Node a b c ( ^ _35) e) ; }; assume { Inv1.inv ( ^ _35) }; - _34 <- Borrow.borrow_mut ( * _35); + _34 <- Borrow.borrow_final ( * _35) (Borrow.get_id _35); _35 <- { _35 with current = ( ^ _34) ; }; assume { Inv1.inv ( ^ _34) }; _0 <- Core_Option_Option_Type.C_Some _34; diff --git a/creusot/tests/should_succeed/resolve_uninit.mlcfg b/creusot/tests/should_succeed/resolve_uninit.mlcfg index 107fa5e7e7..597b664fbf 100644 --- a/creusot/tests/should_succeed/resolve_uninit.mlcfg +++ b/creusot/tests/should_succeed/resolve_uninit.mlcfg @@ -219,14 +219,14 @@ module ResolveUninit_InitJoin BB1 { _8 <- Borrow.borrow_mut x; x <- ^ _8; - _7 <- Borrow.borrow_mut ( * _8); + _7 <- Borrow.borrow_final ( * _8) (Borrow.get_id _8); _8 <- { _8 with current = ( ^ _7) ; }; z <- _7; _7 <- any borrowed int32; assume { Resolve0.resolve _8 }; - _10 <- Borrow.borrow_mut ( * z); + _10 <- Borrow.borrow_final ( * z) (Borrow.get_id z); z <- { z with current = ( ^ _10) ; }; - _9 <- Borrow.borrow_mut ( * _10); + _9 <- Borrow.borrow_final ( * _10) (Borrow.get_id _10); _10 <- { _10 with current = ( ^ _9) ; }; y <- _9; _9 <- any borrowed int32; @@ -237,7 +237,7 @@ module ResolveUninit_InitJoin BB2 { _12 <- Borrow.borrow_mut x; x <- ^ _12; - _11 <- Borrow.borrow_mut ( * _12); + _11 <- Borrow.borrow_final ( * _12) (Borrow.get_id _12); _12 <- { _12 with current = ( ^ _11) ; }; y <- _11; _11 <- any borrowed int32; diff --git a/creusot/tests/should_succeed/result/own.mlcfg b/creusot/tests/should_succeed/result/own.mlcfg index 2c45ee1e4b..d9ca26f93f 100644 --- a/creusot/tests/should_succeed/result/own.mlcfg +++ b/creusot/tests/should_succeed/result/own.mlcfg @@ -711,10 +711,10 @@ module Own_Impl0_AsMut goto BB4 } BB2 { - x1 <- Borrow.borrow_mut (Own_OwnResult_Type.err_0 ( * self)); + x1 <- Borrow.borrow_final (Own_OwnResult_Type.err_0 ( * self)) (Borrow.inherit_id (Borrow.get_id self) 1); self <- { self with current = (let Own_OwnResult_Type.C_Err a = * self in Own_OwnResult_Type.C_Err ( ^ x1)) ; }; assume { Inv2.inv ( ^ x1) }; - _7 <- Borrow.borrow_mut ( * x1); + _7 <- Borrow.borrow_final ( * x1) (Borrow.get_id x1); x1 <- { x1 with current = ( ^ _7) ; }; assume { Inv2.inv ( ^ _7) }; _0 <- Own_OwnResult_Type.C_Err _7; @@ -729,10 +729,10 @@ module Own_Impl0_AsMut absurd } BB4 { - x <- Borrow.borrow_mut (Own_OwnResult_Type.ok_0 ( * self)); + x <- Borrow.borrow_final (Own_OwnResult_Type.ok_0 ( * self)) (Borrow.inherit_id (Borrow.get_id self) 1); self <- { self with current = (let Own_OwnResult_Type.C_Ok a = * self in Own_OwnResult_Type.C_Ok ( ^ x)) ; }; assume { Inv0.inv ( ^ x) }; - _5 <- Borrow.borrow_mut ( * x); + _5 <- Borrow.borrow_final ( * x) (Borrow.get_id x); x <- { x with current = ( ^ _5) ; }; assume { Inv0.inv ( ^ _5) }; _0 <- Own_OwnResult_Type.C_Ok _5; diff --git a/creusot/tests/should_succeed/rusthorn/inc_max.mlcfg b/creusot/tests/should_succeed/rusthorn/inc_max.mlcfg index f2a8fd8bc8..04382e4f6f 100644 --- a/creusot/tests/should_succeed/rusthorn/inc_max.mlcfg +++ b/creusot/tests/should_succeed/rusthorn/inc_max.mlcfg @@ -64,23 +64,23 @@ module IncMax_TakeMax } BB1 { assume { Resolve0.resolve mb }; - _9 <- Borrow.borrow_mut ( * ma); + _9 <- Borrow.borrow_final ( * ma) (Borrow.get_id ma); ma <- { ma with current = ( ^ _9) ; }; - _5 <- Borrow.borrow_mut ( * _9); + _5 <- Borrow.borrow_final ( * _9) (Borrow.get_id _9); _9 <- { _9 with current = ( ^ _5) ; }; assume { Resolve0.resolve _9 }; goto BB3 } BB2 { assume { Resolve0.resolve ma }; - _5 <- Borrow.borrow_mut ( * mb); + _5 <- Borrow.borrow_final ( * mb) (Borrow.get_id mb); mb <- { mb with current = ( ^ _5) ; }; goto BB3 } BB3 { - _3 <- Borrow.borrow_mut ( * _5); + _3 <- Borrow.borrow_final ( * _5) (Borrow.get_id _5); _5 <- { _5 with current = ( ^ _3) ; }; - _0 <- Borrow.borrow_mut ( * _3); + _0 <- Borrow.borrow_final ( * _3) (Borrow.get_id _3); _3 <- { _3 with current = ( ^ _0) ; }; assume { Resolve0.resolve _5 }; assume { Resolve0.resolve _3 }; @@ -122,11 +122,11 @@ module IncMax_IncMax BB0 { _6 <- Borrow.borrow_mut a; a <- ^ _6; - _5 <- Borrow.borrow_mut ( * _6); + _5 <- Borrow.borrow_final ( * _6) (Borrow.get_id _6); _6 <- { _6 with current = ( ^ _5) ; }; _8 <- Borrow.borrow_mut b; b <- ^ _8; - _7 <- Borrow.borrow_mut ( * _8); + _7 <- Borrow.borrow_final ( * _8) (Borrow.get_id _8); _8 <- { _8 with current = ( ^ _7) ; }; mc <- ([#"../inc_max.rs" 16 13 16 37] TakeMax0.take_max _5 _7); _5 <- any borrowed uint32; diff --git a/creusot/tests/should_succeed/rusthorn/inc_max_3.mlcfg b/creusot/tests/should_succeed/rusthorn/inc_max_3.mlcfg index e5a34e45d8..97daaa96be 100644 --- a/creusot/tests/should_succeed/rusthorn/inc_max_3.mlcfg +++ b/creusot/tests/should_succeed/rusthorn/inc_max_3.mlcfg @@ -86,11 +86,11 @@ module IncMax3_IncMax3 BB1 { _12 <- Borrow.borrow_mut ma; ma <- ^ _12; - _11 <- Borrow.borrow_mut ( * _12); + _11 <- Borrow.borrow_final ( * _12) (Borrow.get_id _12); _12 <- { _12 with current = ( ^ _11) ; }; _14 <- Borrow.borrow_mut mb; mb <- ^ _14; - _13 <- Borrow.borrow_mut ( * _14); + _13 <- Borrow.borrow_final ( * _14) (Borrow.get_id _14); _14 <- { _14 with current = ( ^ _13) ; }; _10 <- ([#"../inc_max_3.rs" 14 8 14 30] Swap0.swap _11 _13); _11 <- any borrowed (borrowed uint32); @@ -116,11 +116,11 @@ module IncMax3_IncMax3 BB5 { _21 <- Borrow.borrow_mut mb; mb <- ^ _21; - _20 <- Borrow.borrow_mut ( * _21); + _20 <- Borrow.borrow_final ( * _21) (Borrow.get_id _21); _21 <- { _21 with current = ( ^ _20) ; }; _23 <- Borrow.borrow_mut mc; mc <- ^ _23; - _22 <- Borrow.borrow_mut ( * _23); + _22 <- Borrow.borrow_final ( * _23) (Borrow.get_id _23); _23 <- { _23 with current = ( ^ _22) ; }; _19 <- ([#"../inc_max_3.rs" 17 8 17 30] Swap0.swap _20 _22); _20 <- any borrowed (borrowed uint32); @@ -148,11 +148,11 @@ module IncMax3_IncMax3 BB9 { _30 <- Borrow.borrow_mut ma; ma <- ^ _30; - _29 <- Borrow.borrow_mut ( * _30); + _29 <- Borrow.borrow_final ( * _30) (Borrow.get_id _30); _30 <- { _30 with current = ( ^ _29) ; }; _32 <- Borrow.borrow_mut mb; mb <- ^ _32; - _31 <- Borrow.borrow_mut ( * _32); + _31 <- Borrow.borrow_final ( * _32) (Borrow.get_id _32); _32 <- { _32 with current = ( ^ _31) ; }; _28 <- ([#"../inc_max_3.rs" 20 8 20 30] Swap0.swap _29 _31); _29 <- any borrowed (borrowed uint32); @@ -216,15 +216,15 @@ module IncMax3_TestIncMax3 BB0 { _7 <- Borrow.borrow_mut a; a <- ^ _7; - _6 <- Borrow.borrow_mut ( * _7); + _6 <- Borrow.borrow_final ( * _7) (Borrow.get_id _7); _7 <- { _7 with current = ( ^ _6) ; }; _9 <- Borrow.borrow_mut b; b <- ^ _9; - _8 <- Borrow.borrow_mut ( * _9); + _8 <- Borrow.borrow_final ( * _9) (Borrow.get_id _9); _9 <- { _9 with current = ( ^ _8) ; }; _11 <- Borrow.borrow_mut c; c <- ^ _11; - _10 <- Borrow.borrow_mut ( * _11); + _10 <- Borrow.borrow_final ( * _11) (Borrow.get_id _11); _11 <- { _11 with current = ( ^ _10) ; }; _5 <- ([#"../inc_max_3.rs" 28 4 28 37] IncMax30.inc_max_3 _6 _8 _10); _6 <- any borrowed uint32; diff --git a/creusot/tests/should_succeed/rusthorn/inc_max_many.mlcfg b/creusot/tests/should_succeed/rusthorn/inc_max_many.mlcfg index 464fef4ba7..1f8b4b7340 100644 --- a/creusot/tests/should_succeed/rusthorn/inc_max_many.mlcfg +++ b/creusot/tests/should_succeed/rusthorn/inc_max_many.mlcfg @@ -64,23 +64,23 @@ module IncMaxMany_TakeMax } BB1 { assume { Resolve0.resolve mb }; - _9 <- Borrow.borrow_mut ( * ma); + _9 <- Borrow.borrow_final ( * ma) (Borrow.get_id ma); ma <- { ma with current = ( ^ _9) ; }; - _5 <- Borrow.borrow_mut ( * _9); + _5 <- Borrow.borrow_final ( * _9) (Borrow.get_id _9); _9 <- { _9 with current = ( ^ _5) ; }; assume { Resolve0.resolve _9 }; goto BB3 } BB2 { assume { Resolve0.resolve ma }; - _5 <- Borrow.borrow_mut ( * mb); + _5 <- Borrow.borrow_final ( * mb) (Borrow.get_id mb); mb <- { mb with current = ( ^ _5) ; }; goto BB3 } BB3 { - _3 <- Borrow.borrow_mut ( * _5); + _3 <- Borrow.borrow_final ( * _5) (Borrow.get_id _5); _5 <- { _5 with current = ( ^ _3) ; }; - _0 <- Borrow.borrow_mut ( * _3); + _0 <- Borrow.borrow_final ( * _3) (Borrow.get_id _3); _3 <- { _3 with current = ( ^ _0) ; }; assume { Resolve0.resolve _5 }; assume { Resolve0.resolve _3 }; @@ -124,11 +124,11 @@ module IncMaxMany_IncMaxMany BB0 { _7 <- Borrow.borrow_mut a; a <- ^ _7; - _6 <- Borrow.borrow_mut ( * _7); + _6 <- Borrow.borrow_final ( * _7) (Borrow.get_id _7); _7 <- { _7 with current = ( ^ _6) ; }; _9 <- Borrow.borrow_mut b; b <- ^ _9; - _8 <- Borrow.borrow_mut ( * _9); + _8 <- Borrow.borrow_final ( * _9) (Borrow.get_id _9); _9 <- { _9 with current = ( ^ _8) ; }; mc <- ([#"../inc_max_many.rs" 16 13 16 37] TakeMax0.take_max _6 _8); _6 <- any borrowed uint32; diff --git a/creusot/tests/should_succeed/rusthorn/inc_max_repeat.mlcfg b/creusot/tests/should_succeed/rusthorn/inc_max_repeat.mlcfg index 393ef71123..d62e7fd9fc 100644 --- a/creusot/tests/should_succeed/rusthorn/inc_max_repeat.mlcfg +++ b/creusot/tests/should_succeed/rusthorn/inc_max_repeat.mlcfg @@ -64,23 +64,23 @@ module IncMaxRepeat_TakeMax } BB1 { assume { Resolve0.resolve mb }; - _9 <- Borrow.borrow_mut ( * ma); + _9 <- Borrow.borrow_final ( * ma) (Borrow.get_id ma); ma <- { ma with current = ( ^ _9) ; }; - _5 <- Borrow.borrow_mut ( * _9); + _5 <- Borrow.borrow_final ( * _9) (Borrow.get_id _9); _9 <- { _9 with current = ( ^ _5) ; }; assume { Resolve0.resolve _9 }; goto BB3 } BB2 { assume { Resolve0.resolve ma }; - _5 <- Borrow.borrow_mut ( * mb); + _5 <- Borrow.borrow_final ( * mb) (Borrow.get_id mb); mb <- { mb with current = ( ^ _5) ; }; goto BB3 } BB3 { - _3 <- Borrow.borrow_mut ( * _5); + _3 <- Borrow.borrow_final ( * _5) (Borrow.get_id _5); _5 <- { _5 with current = ( ^ _3) ; }; - _0 <- Borrow.borrow_mut ( * _3); + _0 <- Borrow.borrow_final ( * _3) (Borrow.get_id _3); _3 <- { _3 with current = ( ^ _0) ; }; assume { Resolve0.resolve _5 }; assume { Resolve0.resolve _3 }; @@ -673,7 +673,7 @@ module IncMaxRepeat_IncMaxRepeat BB5 { _20 <- Borrow.borrow_mut iter; iter <- ^ _20; - _19 <- Borrow.borrow_mut ( * _20); + _19 <- Borrow.borrow_final ( * _20) (Borrow.get_id _20); _20 <- { _20 with current = ( ^ _19) ; }; _18 <- ([#"../inc_max_repeat.rs" 16 4 16 86] Next0.next _19); _19 <- any borrowed (Core_Ops_Range_Range_Type.t_range uint32); @@ -708,11 +708,11 @@ module IncMaxRepeat_IncMaxRepeat _23 <- any Ghost.ghost_ty (Seq.seq uint32); _27 <- Borrow.borrow_mut a; a <- ^ _27; - _26 <- Borrow.borrow_mut ( * _27); + _26 <- Borrow.borrow_final ( * _27) (Borrow.get_id _27); _27 <- { _27 with current = ( ^ _26) ; }; _29 <- Borrow.borrow_mut b; b <- ^ _29; - _28 <- Borrow.borrow_mut ( * _29); + _28 <- Borrow.borrow_final ( * _29) (Borrow.get_id _29); _29 <- { _29 with current = ( ^ _28) ; }; mc <- ([#"../inc_max_repeat.rs" 19 17 19 41] TakeMax0.take_max _26 _28); _26 <- any borrowed uint32; diff --git a/creusot/tests/should_succeed/rusthorn/inc_some_2_list.mlcfg b/creusot/tests/should_succeed/rusthorn/inc_some_2_list.mlcfg index 394905900e..3f9c40afdf 100644 --- a/creusot/tests/should_succeed/rusthorn/inc_some_2_list.mlcfg +++ b/creusot/tests/should_succeed/rusthorn/inc_some_2_list.mlcfg @@ -336,9 +336,9 @@ module IncSome2List_Impl0_TakeSomeRest absurd } BB4 { - ma <- Borrow.borrow_mut (IncSome2List_List_Type.cons_0 ( * self)); + ma <- Borrow.borrow_final (IncSome2List_List_Type.cons_0 ( * self)) (Borrow.inherit_id (Borrow.get_id self) 1); self <- { self with current = (let IncSome2List_List_Type.C_Cons a b = * self in IncSome2List_List_Type.C_Cons ( ^ ma) b) ; }; - ml <- Borrow.borrow_mut (IncSome2List_List_Type.cons_1 ( * self)); + ml <- Borrow.borrow_final (IncSome2List_List_Type.cons_1 ( * self)) (Borrow.inherit_id (Borrow.get_id self) 2); self <- { self with current = (let IncSome2List_List_Type.C_Cons a b = * self in IncSome2List_List_Type.C_Cons a ( ^ ml)) ; }; _8 <- ([#"../inc_some_2_list.rs" 57 16 57 45] Ghost.new (LemmaSumNonneg0.lemma_sum_nonneg ( * ml))); goto BB5 @@ -354,7 +354,7 @@ module IncSome2List_Impl0_TakeSomeRest end } BB7 { - _11 <- Borrow.borrow_mut ( * ma); + _11 <- Borrow.borrow_final ( * ma) (Borrow.get_id ma); ma <- { ma with current = ( ^ _11) ; }; _12 <- Borrow.borrow_mut ( * ml); ml <- { ml with current = ( ^ _12) ; }; @@ -507,7 +507,7 @@ module IncSome2List_IncSome2List ml <- (let (_, a) = _9 in a); _9 <- (let (a, b) = _9 in (a, any borrowed (IncSome2List_List_Type.t_list))); assume { Resolve0.resolve _9 }; - _13 <- Borrow.borrow_mut ( * ml); + _13 <- Borrow.borrow_final ( * ml) (Borrow.get_id ml); ml <- { ml with current = ( ^ _13) ; }; _12 <- ([#"../inc_some_2_list.rs" 73 18 73 37] TakeSomeRest0.take_some_rest _13); _13 <- any borrowed (IncSome2List_List_Type.t_list); diff --git a/creusot/tests/should_succeed/rusthorn/inc_some_2_tree.mlcfg b/creusot/tests/should_succeed/rusthorn/inc_some_2_tree.mlcfg index 96cbe1e7e6..1ef32ac51a 100644 --- a/creusot/tests/should_succeed/rusthorn/inc_some_2_tree.mlcfg +++ b/creusot/tests/should_succeed/rusthorn/inc_some_2_tree.mlcfg @@ -357,11 +357,11 @@ module IncSome2Tree_Impl0_TakeSomeRest absurd } BB4 { - mtl <- Borrow.borrow_mut (IncSome2Tree_Tree_Type.node_0 ( * self)); + mtl <- Borrow.borrow_final (IncSome2Tree_Tree_Type.node_0 ( * self)) (Borrow.inherit_id (Borrow.get_id self) 1); self <- { self with current = (let IncSome2Tree_Tree_Type.C_Node a b c = * self in IncSome2Tree_Tree_Type.C_Node ( ^ mtl) b c) ; }; - ma <- Borrow.borrow_mut (IncSome2Tree_Tree_Type.node_1 ( * self)); + ma <- Borrow.borrow_final (IncSome2Tree_Tree_Type.node_1 ( * self)) (Borrow.inherit_id (Borrow.get_id self) 2); self <- { self with current = (let IncSome2Tree_Tree_Type.C_Node a b c = * self in IncSome2Tree_Tree_Type.C_Node a ( ^ ma) c) ; }; - mtr <- Borrow.borrow_mut (IncSome2Tree_Tree_Type.node_2 ( * self)); + mtr <- Borrow.borrow_final (IncSome2Tree_Tree_Type.node_2 ( * self)) (Borrow.inherit_id (Borrow.get_id self) 3); self <- { self with current = (let IncSome2Tree_Tree_Type.C_Node a b c = * self in IncSome2Tree_Tree_Type.C_Node a b ( ^ mtr)) ; }; assert { [@expl:assertion] [#"../inc_some_2_tree.rs" 67 20 67 42] let _ = LemmaSumNonneg0.lemma_sum_nonneg ( * mtl) in let _ = LemmaSumNonneg0.lemma_sum_nonneg ( * mtr) in true }; _11 <- ([#"../inc_some_2_tree.rs" 71 19 71 27] Random0.random ()); @@ -374,7 +374,7 @@ module IncSome2Tree_Impl0_TakeSomeRest end } BB6 { - _12 <- Borrow.borrow_mut ( * ma); + _12 <- Borrow.borrow_final ( * ma) (Borrow.get_id ma); ma <- { ma with current = ( ^ _12) ; }; _15 <- ([#"../inc_some_2_tree.rs" 72 28 72 36] Random0.random ()); goto BB7 @@ -389,7 +389,7 @@ module IncSome2Tree_Impl0_TakeSomeRest assume { Resolve1.resolve mtr }; _16 <- Borrow.borrow_mut ( * mtl); mtl <- { mtl with current = ( ^ _16) ; }; - _14 <- Borrow.borrow_mut ( * _16); + _14 <- Borrow.borrow_final ( * _16) (Borrow.get_id _16); _16 <- { _16 with current = ( ^ _14) ; }; assume { Resolve2.resolve _16 }; goto BB10 @@ -401,7 +401,7 @@ module IncSome2Tree_Impl0_TakeSomeRest goto BB10 } BB10 { - _13 <- Borrow.borrow_mut ( * _14); + _13 <- Borrow.borrow_final ( * _14) (Borrow.get_id _14); _14 <- { _14 with current = ( ^ _13) ; }; _0 <- (_12, _13); _12 <- any borrowed uint32; @@ -579,7 +579,7 @@ module IncSome2Tree_IncSome2Tree mt <- (let (_, a) = _9 in a); _9 <- (let (a, b) = _9 in (a, any borrowed (IncSome2Tree_Tree_Type.t_tree))); assume { Resolve0.resolve _9 }; - _13 <- Borrow.borrow_mut ( * mt); + _13 <- Borrow.borrow_final ( * mt) (Borrow.get_id mt); mt <- { mt with current = ( ^ _13) ; }; _12 <- ([#"../inc_some_2_tree.rs" 88 18 88 37] TakeSomeRest0.take_some_rest _13); _13 <- any borrowed (IncSome2Tree_Tree_Type.t_tree); diff --git a/creusot/tests/should_succeed/rusthorn/inc_some_list.mlcfg b/creusot/tests/should_succeed/rusthorn/inc_some_list.mlcfg index 28fcde9e57..025ff9e209 100644 --- a/creusot/tests/should_succeed/rusthorn/inc_some_list.mlcfg +++ b/creusot/tests/should_succeed/rusthorn/inc_some_list.mlcfg @@ -338,9 +338,9 @@ module IncSomeList_Impl0_TakeSome absurd } BB4 { - ma <- Borrow.borrow_mut (IncSomeList_List_Type.cons_0 ( * self)); + ma <- Borrow.borrow_final (IncSomeList_List_Type.cons_0 ( * self)) (Borrow.inherit_id (Borrow.get_id self) 1); self <- { self with current = (let IncSomeList_List_Type.C_Cons a b = * self in IncSomeList_List_Type.C_Cons ( ^ ma) b) ; }; - ml <- Borrow.borrow_mut (IncSomeList_List_Type.cons_1 ( * self)); + ml <- Borrow.borrow_final (IncSomeList_List_Type.cons_1 ( * self)) (Borrow.inherit_id (Borrow.get_id self) 2); self <- { self with current = (let IncSomeList_List_Type.C_Cons a b = * self in IncSomeList_List_Type.C_Cons a ( ^ ml)) ; }; _10 <- ([#"../inc_some_list.rs" 54 16 54 45] Ghost.new (LemmaSumNonneg0.lemma_sum_nonneg ( * ml))); goto BB5 @@ -357,9 +357,9 @@ module IncSomeList_Impl0_TakeSome } BB7 { assume { Resolve1.resolve ml }; - _14 <- Borrow.borrow_mut ( * ma); + _14 <- Borrow.borrow_final ( * ma) (Borrow.get_id ma); ma <- { ma with current = ( ^ _14) ; }; - _12 <- Borrow.borrow_mut ( * _14); + _12 <- Borrow.borrow_final ( * _14) (Borrow.get_id _14); _14 <- { _14 with current = ( ^ _12) ; }; assume { Resolve0.resolve _14 }; goto BB10 @@ -373,23 +373,23 @@ module IncSomeList_Impl0_TakeSome goto BB9 } BB9 { - _12 <- Borrow.borrow_mut ( * _15); + _12 <- Borrow.borrow_final ( * _15) (Borrow.get_id _15); _15 <- { _15 with current = ( ^ _12) ; }; assume { Resolve0.resolve _15 }; goto BB10 } BB10 { - _9 <- Borrow.borrow_mut ( * _12); + _9 <- Borrow.borrow_final ( * _12) (Borrow.get_id _12); _12 <- { _12 with current = ( ^ _9) ; }; - _5 <- Borrow.borrow_mut ( * _9); + _5 <- Borrow.borrow_final ( * _9) (Borrow.get_id _9); _9 <- { _9 with current = ( ^ _5) ; }; assume { Resolve0.resolve _12 }; assume { Resolve0.resolve _9 }; assume { Resolve1.resolve ml }; assume { Resolve0.resolve ma }; - _2 <- Borrow.borrow_mut ( * _5); + _2 <- Borrow.borrow_final ( * _5) (Borrow.get_id _5); _5 <- { _5 with current = ( ^ _2) ; }; - _0 <- Borrow.borrow_mut ( * _2); + _0 <- Borrow.borrow_final ( * _2) (Borrow.get_id _2); _2 <- { _2 with current = ( ^ _0) ; }; assume { Resolve0.resolve _5 }; assume { Resolve0.resolve _2 }; diff --git a/creusot/tests/should_succeed/rusthorn/inc_some_tree.mlcfg b/creusot/tests/should_succeed/rusthorn/inc_some_tree.mlcfg index 14c815ed4d..29f44c4185 100644 --- a/creusot/tests/should_succeed/rusthorn/inc_some_tree.mlcfg +++ b/creusot/tests/should_succeed/rusthorn/inc_some_tree.mlcfg @@ -358,11 +358,11 @@ module IncSomeTree_Impl0_TakeSome absurd } BB4 { - mtl <- Borrow.borrow_mut (IncSomeTree_Tree_Type.node_0 ( * self)); + mtl <- Borrow.borrow_final (IncSomeTree_Tree_Type.node_0 ( * self)) (Borrow.inherit_id (Borrow.get_id self) 1); self <- { self with current = (let IncSomeTree_Tree_Type.C_Node a b c = * self in IncSomeTree_Tree_Type.C_Node ( ^ mtl) b c) ; }; - ma <- Borrow.borrow_mut (IncSomeTree_Tree_Type.node_1 ( * self)); + ma <- Borrow.borrow_final (IncSomeTree_Tree_Type.node_1 ( * self)) (Borrow.inherit_id (Borrow.get_id self) 2); self <- { self with current = (let IncSomeTree_Tree_Type.C_Node a b c = * self in IncSomeTree_Tree_Type.C_Node a ( ^ ma) c) ; }; - mtr <- Borrow.borrow_mut (IncSomeTree_Tree_Type.node_2 ( * self)); + mtr <- Borrow.borrow_final (IncSomeTree_Tree_Type.node_2 ( * self)) (Borrow.inherit_id (Borrow.get_id self) 3); self <- { self with current = (let IncSomeTree_Tree_Type.C_Node a b c = * self in IncSomeTree_Tree_Type.C_Node a b ( ^ mtr)) ; }; assert { [@expl:assertion] [#"../inc_some_tree.rs" 65 20 65 42] let _ = LemmaSumNonneg0.lemma_sum_nonneg ( * mtl) in let _ = LemmaSumNonneg0.lemma_sum_nonneg ( * mtr) in true }; _14 <- ([#"../inc_some_tree.rs" 69 19 69 27] Random0.random ()); @@ -377,9 +377,9 @@ module IncSomeTree_Impl0_TakeSome BB6 { assume { Resolve1.resolve mtr }; assume { Resolve1.resolve mtl }; - _15 <- Borrow.borrow_mut ( * ma); + _15 <- Borrow.borrow_final ( * ma) (Borrow.get_id ma); ma <- { ma with current = ( ^ _15) ; }; - _13 <- Borrow.borrow_mut ( * _15); + _13 <- Borrow.borrow_final ( * _15) (Borrow.get_id _15); _15 <- { _15 with current = ( ^ _13) ; }; assume { Resolve0.resolve _15 }; goto BB14 @@ -404,9 +404,9 @@ module IncSomeTree_Impl0_TakeSome goto BB10 } BB10 { - _17 <- Borrow.borrow_mut ( * _18); + _17 <- Borrow.borrow_final ( * _18) (Borrow.get_id _18); _18 <- { _18 with current = ( ^ _17) ; }; - _13 <- Borrow.borrow_mut ( * _17); + _13 <- Borrow.borrow_final ( * _17) (Borrow.get_id _17); _17 <- { _17 with current = ( ^ _13) ; }; assume { Resolve0.resolve _18 }; assume { Resolve0.resolve _17 }; @@ -421,7 +421,7 @@ module IncSomeTree_Impl0_TakeSome goto BB12 } BB12 { - _13 <- Borrow.borrow_mut ( * _20); + _13 <- Borrow.borrow_final ( * _20) (Borrow.get_id _20); _20 <- { _20 with current = ( ^ _13) ; }; assume { Resolve0.resolve _20 }; goto BB13 @@ -430,18 +430,18 @@ module IncSomeTree_Impl0_TakeSome goto BB14 } BB14 { - _10 <- Borrow.borrow_mut ( * _13); + _10 <- Borrow.borrow_final ( * _13) (Borrow.get_id _13); _13 <- { _13 with current = ( ^ _10) ; }; - _5 <- Borrow.borrow_mut ( * _10); + _5 <- Borrow.borrow_final ( * _10) (Borrow.get_id _10); _10 <- { _10 with current = ( ^ _5) ; }; assume { Resolve0.resolve _13 }; assume { Resolve0.resolve _10 }; assume { Resolve1.resolve mtr }; assume { Resolve0.resolve ma }; assume { Resolve1.resolve mtl }; - _2 <- Borrow.borrow_mut ( * _5); + _2 <- Borrow.borrow_final ( * _5) (Borrow.get_id _5); _5 <- { _5 with current = ( ^ _2) ; }; - _0 <- Borrow.borrow_mut ( * _2); + _0 <- Borrow.borrow_final ( * _2) (Borrow.get_id _2); _2 <- { _2 with current = ( ^ _0) ; }; assume { Resolve0.resolve _5 }; assume { Resolve0.resolve _2 }; diff --git a/creusot/tests/should_succeed/selection_sort_generic.mlcfg b/creusot/tests/should_succeed/selection_sort_generic.mlcfg index d0effa110e..b964e3ccdf 100644 --- a/creusot/tests/should_succeed/selection_sort_generic.mlcfg +++ b/creusot/tests/should_succeed/selection_sort_generic.mlcfg @@ -2363,7 +2363,7 @@ module SelectionSortGeneric_SelectionSort BB7 { _22 <- Borrow.borrow_mut iter; iter <- ^ _22; - _21 <- Borrow.borrow_mut ( * _22); + _21 <- Borrow.borrow_final ( * _22) (Borrow.get_id _22); _22 <- { _22 with current = ( ^ _21) ; }; _20 <- ([#"../selection_sort_generic.rs" 35 4 35 43] Next0.next _21); _21 <- any borrowed (Core_Ops_Range_Range_Type.t_range usize); @@ -2427,7 +2427,7 @@ module SelectionSortGeneric_SelectionSort BB19 { _46 <- Borrow.borrow_mut iter1; iter1 <- ^ _46; - _45 <- Borrow.borrow_mut ( * _46); + _45 <- Borrow.borrow_final ( * _46) (Borrow.get_id _46); _46 <- { _46 with current = ( ^ _45) ; }; _44 <- ([#"../selection_sort_generic.rs" 41 8 41 121] Next0.next _45); _45 <- any borrowed (Core_Ops_Range_Range_Type.t_range usize); diff --git a/creusot/tests/should_succeed/sparse_array.mlcfg b/creusot/tests/should_succeed/sparse_array.mlcfg index f6d69ba210..3904d218c6 100644 --- a/creusot/tests/should_succeed/sparse_array.mlcfg +++ b/creusot/tests/should_succeed/sparse_array.mlcfg @@ -1523,7 +1523,7 @@ module SparseArray_Impl2_Set goto BB1 } BB1 { - _10 <- Borrow.borrow_mut (SparseArray_Sparse_Type.sparse_values ( * self)); + _10 <- Borrow.borrow_final (SparseArray_Sparse_Type.sparse_values ( * self)) (Borrow.inherit_id (Borrow.get_id self) 3); self <- { self with current = (let SparseArray_Sparse_Type.C_Sparse a b c d e = * self in SparseArray_Sparse_Type.C_Sparse a b ( ^ _10) d e) ; }; assume { Inv0.inv ( ^ _10) }; _9 <- ([#"../sparse_array.rs" 113 8 113 22] IndexMut0.index_mut _10 i); @@ -1578,7 +1578,7 @@ module SparseArray_Impl2_Set BB12 { assume { Resolve3.resolve _27 }; assert { [@expl:assertion] [#"../sparse_array.rs" 118 26 118 46] UIntSize.to_int (SparseArray_Sparse_Type.sparse_n ( * self)) < UIntSize.to_int (SparseArray_Sparse_Type.sparse_size ( * self)) }; - _33 <- Borrow.borrow_mut (SparseArray_Sparse_Type.sparse_idx ( * self)); + _33 <- Borrow.borrow_final (SparseArray_Sparse_Type.sparse_idx ( * self)) (Borrow.inherit_id (Borrow.get_id self) 4); self <- { self with current = (let SparseArray_Sparse_Type.C_Sparse a b c d e = * self in SparseArray_Sparse_Type.C_Sparse a b c ( ^ _33) e) ; }; _32 <- ([#"../sparse_array.rs" 120 12 120 23] IndexMut1.index_mut _33 i); _33 <- any borrowed (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)); @@ -1587,7 +1587,7 @@ module SparseArray_Impl2_Set BB13 { _32 <- { _32 with current = SparseArray_Sparse_Type.sparse_n ( * self) ; }; assume { Resolve4.resolve _32 }; - _37 <- Borrow.borrow_mut (SparseArray_Sparse_Type.sparse_back ( * self)); + _37 <- Borrow.borrow_final (SparseArray_Sparse_Type.sparse_back ( * self)) (Borrow.inherit_id (Borrow.get_id self) 5); self <- { self with current = (let SparseArray_Sparse_Type.C_Sparse a b c d e = * self in SparseArray_Sparse_Type.C_Sparse a b c d ( ^ _37)) ; }; _36 <- ([#"../sparse_array.rs" 121 12 121 29] IndexMut1.index_mut _37 (SparseArray_Sparse_Type.sparse_n ( * self))); _37 <- any borrowed (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)); diff --git a/creusot/tests/should_succeed/split_borrow.mlcfg b/creusot/tests/should_succeed/split_borrow.mlcfg index 3b3345ab96..f571ed7c00 100644 --- a/creusot/tests/should_succeed/split_borrow.mlcfg +++ b/creusot/tests/should_succeed/split_borrow.mlcfg @@ -198,7 +198,7 @@ module SplitBorrow_G a <- (SplitBorrow_MyInt_Type.C_MyInt ([#"../split_borrow.rs" 24 23 24 24] (1 : usize)), SplitBorrow_MyInt_Type.C_MyInt ([#"../split_borrow.rs" 24 33 24 34] (2 : usize))); x <- Borrow.borrow_mut a; a <- ^ x; - _z <- Borrow.borrow_mut (let (_, a) = * x in a); + _z <- Borrow.borrow_final (let (_, a) = * x in a) (Borrow.inherit_id (Borrow.get_id x) 2); x <- { x with current = (let (a, b) = * x in (a, ^ _z)) ; }; assume { Resolve0.resolve _z }; x <- { x with current = (let (a, b) = * x in (SplitBorrow_MyInt_Type.C_MyInt ([#"../split_borrow.rs" 29 19 29 20] (3 : usize)), b)) ; }; diff --git a/creusot/tests/should_succeed/sum.mlcfg b/creusot/tests/should_succeed/sum.mlcfg index 8443456311..3e520927f1 100644 --- a/creusot/tests/should_succeed/sum.mlcfg +++ b/creusot/tests/should_succeed/sum.mlcfg @@ -1176,7 +1176,7 @@ module Sum_SumFirstN BB6 { _19 <- Borrow.borrow_mut iter; iter <- ^ _19; - _18 <- Borrow.borrow_mut ( * _19); + _18 <- Borrow.borrow_final ( * _19) (Borrow.get_id _19); _19 <- { _19 with current = ( ^ _18) ; }; _17 <- ([#"../sum.rs" 8 4 8 67] Next0.next _18); _18 <- any borrowed (Core_Ops_Range_RangeInclusive_Type.t_rangeinclusive uint32); diff --git a/creusot/tests/should_succeed/sum_of_odds.mlcfg b/creusot/tests/should_succeed/sum_of_odds.mlcfg index 5b733cf251..b481ff030b 100644 --- a/creusot/tests/should_succeed/sum_of_odds.mlcfg +++ b/creusot/tests/should_succeed/sum_of_odds.mlcfg @@ -727,7 +727,7 @@ module SumOfOdds_ComputeSumOfOdd BB5 { _20 <- Borrow.borrow_mut iter; iter <- ^ _20; - _19 <- Borrow.borrow_mut ( * _20); + _19 <- Borrow.borrow_final ( * _20) (Borrow.get_id _20); _20 <- { _20 with current = ( ^ _19) ; }; _18 <- ([#"../sum_of_odds.rs" 38 4 38 50] Next0.next _19); _19 <- any borrowed (Core_Ops_Range_Range_Type.t_range uint32); diff --git a/creusot/tests/should_succeed/swap_borrows.mlcfg b/creusot/tests/should_succeed/swap_borrows.mlcfg index e24f195e6e..19d1300eb4 100644 --- a/creusot/tests/should_succeed/swap_borrows.mlcfg +++ b/creusot/tests/should_succeed/swap_borrows.mlcfg @@ -219,7 +219,7 @@ module SwapBorrows_F a <- ^ _6; _8 <- Borrow.borrow_mut b; b <- ^ _8; - _7 <- Borrow.borrow_mut ( * _8); + _7 <- Borrow.borrow_final ( * _8) (Borrow.get_id _8); _8 <- { _8 with current = ( ^ _7) ; }; p <- ([#"../swap_borrows.rs" 12 12 12 34] Swap0.swap (_6, _7)); _6 <- any borrowed uint32; diff --git a/creusot/tests/should_succeed/syntax/05_pearlite.mlcfg b/creusot/tests/should_succeed/syntax/05_pearlite.mlcfg index 05600f50ba..c5cc3d976b 100644 --- a/creusot/tests/should_succeed/syntax/05_pearlite.mlcfg +++ b/creusot/tests/should_succeed/syntax/05_pearlite.mlcfg @@ -457,7 +457,7 @@ module C05Pearlite_Proj clone C05Pearlite_Impl0_X_Stub as X0 function proj [#"../05_pearlite.rs" 72 0 72 35] (x : borrowed (C05Pearlite_S_Type.t_s, C05Pearlite_S_Type.t_s)) : bool = - [#"../05_pearlite.rs" 71 0 71 8] X0.x {current = let (a, _) = * x in a; final = let (a, _) = ^ x in a; addr = Borrow.make_new_addr ()} + [#"../05_pearlite.rs" 71 0 71 8] X0.x {current = let (a, _) = * x in a; final = let (a, _) = ^ x in a; id = Borrow.inherit_id (Borrow.get_id x) 1} val proj [#"../05_pearlite.rs" 72 0 72 35] (x : borrowed (C05Pearlite_S_Type.t_s, C05Pearlite_S_Type.t_s)) : bool ensures { result = proj x } @@ -484,7 +484,7 @@ module C05Pearlite_Proj2 function proj2 [#"../05_pearlite.rs" 78 0 78 41] (x : borrowed (borrowed (C05Pearlite_S_Type.t_s, C05Pearlite_S_Type.t_s))) : bool = - [#"../05_pearlite.rs" 77 0 77 8] X0.x {current = let (a, _) = * * x in a; final = let (a, _) = ^ * x in a; addr = Borrow.make_new_addr ()} + [#"../05_pearlite.rs" 77 0 77 8] X0.x {current = let (a, _) = * * x in a; final = let (a, _) = ^ * x in a; id = Borrow.inherit_id (Borrow.get_id ( * x)) 1} val proj2 [#"../05_pearlite.rs" 78 0 78 41] (x : borrowed (borrowed (C05Pearlite_S_Type.t_s, C05Pearlite_S_Type.t_s))) : bool ensures { result = proj2 x } diff --git a/creusot/tests/should_succeed/take_first_mut.mlcfg b/creusot/tests/should_succeed/take_first_mut.mlcfg index 25df706d2e..4d96a3def3 100644 --- a/creusot/tests/should_succeed/take_first_mut.mlcfg +++ b/creusot/tests/should_succeed/take_first_mut.mlcfg @@ -409,7 +409,7 @@ module TakeFirstMut_TakeFirstMut_Interface requires {[#"../take_first_mut.rs" 14 29 14 34] Inv0.inv self_} ensures { [#"../take_first_mut.rs" 6 10 13 1] match (result) with | Core_Option_Option_Type.C_Some r -> * r = IndexLogic0.index_logic ( * * self_) 0 /\ ^ r = IndexLogic0.index_logic ( ^ * self_) 0 /\ Seq.length (ShallowModel0.shallow_model ( * * self_)) > 0 /\ Seq.length (ShallowModel0.shallow_model ( ^ * self_)) > 0 /\ ShallowModel0.shallow_model ( * ^ self_) = Tail0.tail (ShallowModel0.shallow_model ( * * self_)) /\ ShallowModel0.shallow_model ( ^ ^ self_) = Tail0.tail (ShallowModel0.shallow_model ( ^ * self_)) - | Core_Option_Option_Type.C_None -> ^ self_ = * self_ /\ Seq.length (ShallowModel0.shallow_model ( * * self_)) = 0 + | Core_Option_Option_Type.C_None -> Seq.length (ShallowModel0.shallow_model ( * ^ self_)) = 0 /\ Seq.length (ShallowModel0.shallow_model ( ^ * self_)) = 0 /\ Seq.length (ShallowModel0.shallow_model ( * * self_)) = 0 end } ensures { [#"../take_first_mut.rs" 14 57 14 74] Inv1.inv result } @@ -524,7 +524,7 @@ module TakeFirstMut_TakeFirstMut requires {[#"../take_first_mut.rs" 14 29 14 34] Inv3.inv self_} ensures { [#"../take_first_mut.rs" 6 10 13 1] match (result) with | Core_Option_Option_Type.C_Some r -> * r = IndexLogic0.index_logic ( * * self_) 0 /\ ^ r = IndexLogic0.index_logic ( ^ * self_) 0 /\ Seq.length (ShallowModel0.shallow_model ( * * self_)) > 0 /\ Seq.length (ShallowModel0.shallow_model ( ^ * self_)) > 0 /\ ShallowModel0.shallow_model ( * ^ self_) = Tail0.tail (ShallowModel0.shallow_model ( * * self_)) /\ ShallowModel0.shallow_model ( ^ ^ self_) = Tail0.tail (ShallowModel0.shallow_model ( ^ * self_)) - | Core_Option_Option_Type.C_None -> ^ self_ = * self_ /\ Seq.length (ShallowModel0.shallow_model ( * * self_)) = 0 + | Core_Option_Option_Type.C_None -> Seq.length (ShallowModel0.shallow_model ( * ^ self_)) = 0 /\ Seq.length (ShallowModel0.shallow_model ( ^ * self_)) = 0 /\ Seq.length (ShallowModel0.shallow_model ( * * self_)) = 0 end } ensures { [#"../take_first_mut.rs" 14 57 14 74] Inv6.inv result } @@ -543,7 +543,7 @@ module TakeFirstMut_TakeFirstMut goto BB0 } BB0 { - _6 <- Borrow.borrow_mut ( * self_); + _6 <- Borrow.borrow_final ( * self_) (Borrow.get_id self_); self_ <- { self_ with current = ( ^ _6) ; }; assume { Inv0.inv ( ^ _6) }; _5 <- ([#"../take_first_mut.rs" 15 10 15 26] Take0.take _6); @@ -551,7 +551,7 @@ module TakeFirstMut_TakeFirstMut goto BB1 } BB1 { - _4 <- Borrow.borrow_mut ( * _5); + _4 <- Borrow.borrow_final ( * _5) (Borrow.get_id _5); _5 <- { _5 with current = ( ^ _4) ; }; assume { Inv1.inv ( ^ _4) }; _3 <- ([#"../take_first_mut.rs" 15 10 15 44] SplitFirstMut0.split_first_mut _4); @@ -574,7 +574,7 @@ module TakeFirstMut_TakeFirstMut _3 <- (let Core_Option_Option_Type.C_Some a = _3 in Core_Option_Option_Type.C_Some (let (a, b) = Core_Option_Option_Type.some_0 _3 in (a, any borrowed (slice t)))); assert { [@expl:type invariant] Inv2.inv _3 }; assume { Resolve0.resolve _3 }; - _11 <- Borrow.borrow_mut ( * rem); + _11 <- Borrow.borrow_final ( * rem) (Borrow.get_id rem); rem <- { rem with current = ( ^ _11) ; }; assume { Inv1.inv ( ^ _11) }; self_ <- { self_ with current = _11 ; }; @@ -583,7 +583,7 @@ module TakeFirstMut_TakeFirstMut assume { Resolve2.resolve ( * self_) }; assert { [@expl:type invariant] Inv3.inv self_ }; assume { Resolve1.resolve self_ }; - _12 <- Borrow.borrow_mut ( * first); + _12 <- Borrow.borrow_final ( * first) (Borrow.get_id first); first <- { first with current = ( ^ _12) ; }; assume { Inv4.inv ( ^ _12) }; _0 <- Core_Option_Option_Type.C_Some _12; diff --git a/creusot/tests/should_succeed/take_first_mut.rs b/creusot/tests/should_succeed/take_first_mut.rs index 70b9f6a477..b277811053 100644 --- a/creusot/tests/should_succeed/take_first_mut.rs +++ b/creusot/tests/should_succeed/take_first_mut.rs @@ -9,7 +9,7 @@ use std::mem; (**self_)@.len() > 0 && (^*self_)@.len() > 0 && (*^self_)@ == (**self_)@.tail() && (^^self_)@ == (^*self_)@.tail() } - None => ^self_ == * self_ && (**self_)@.len() == 0 + None => (*^self_)@.len() == 0 && (^*self_)@.len() == 0 && (**self_)@.len() == 0 })] pub fn take_first_mut<'a, T>(self_: &mut &'a mut [T]) -> Option<&'a mut T> { match mem::take(self_).split_first_mut() { diff --git a/creusot/tests/should_succeed/type_invariants/borrows.mlcfg b/creusot/tests/should_succeed/type_invariants/borrows.mlcfg index c5052b9d46..b456ded4ba 100644 --- a/creusot/tests/should_succeed/type_invariants/borrows.mlcfg +++ b/creusot/tests/should_succeed/type_invariants/borrows.mlcfg @@ -177,11 +177,11 @@ module Borrows_Impl1_InnerMut goto BB0 } BB0 { - _5 <- Borrow.borrow_mut (Borrows_NonZero_Type.nonzero_0 ( * self)); + _5 <- Borrow.borrow_final (Borrows_NonZero_Type.nonzero_0 ( * self)) (Borrow.inherit_id (Borrow.get_id self) 1); self <- { self with current = (let Borrows_NonZero_Type.C_NonZero a = * self in Borrows_NonZero_Type.C_NonZero ( ^ _5)) ; }; - _2 <- Borrow.borrow_mut ( * _5); + _2 <- Borrow.borrow_final ( * _5) (Borrow.get_id _5); _5 <- { _5 with current = ( ^ _2) ; }; - _0 <- Borrow.borrow_mut ( * _2); + _0 <- Borrow.borrow_final ( * _2) (Borrow.get_id _2); _2 <- { _2 with current = ( ^ _0) ; }; assume { Resolve0.resolve _5 }; assume { Resolve0.resolve _2 }; @@ -390,9 +390,9 @@ module Borrows_Simple goto BB0 } BB0 { - _6 <- Borrow.borrow_mut (Borrows_NonZero_Type.nonzero_0 ( * x)); + _6 <- Borrow.borrow_final (Borrows_NonZero_Type.nonzero_0 ( * x)) (Borrow.inherit_id (Borrow.get_id x) 1); x <- { x with current = (let Borrows_NonZero_Type.C_NonZero a = * x in Borrows_NonZero_Type.C_NonZero ( ^ _6)) ; }; - _5 <- Borrow.borrow_mut ( * _6); + _5 <- Borrow.borrow_final ( * _6) (Borrow.get_id _6); _6 <- { _6 with current = ( ^ _5) ; }; _4 <- ([#"../borrows.rs" 32 4 32 17] Inc0.inc _5); _5 <- any borrowed int32; @@ -472,7 +472,7 @@ module Borrows_Hard goto BB0 } BB0 { - _7 <- Borrow.borrow_mut ( * x); + _7 <- Borrow.borrow_final ( * x) (Borrow.get_id x); x <- { x with current = ( ^ _7) ; }; assume { Inv0.inv ( ^ _7) }; _6 <- ([#"../borrows.rs" 39 8 39 21] InnerMut0.inner_mut _7); @@ -480,7 +480,7 @@ module Borrows_Hard goto BB1 } BB1 { - _5 <- Borrow.borrow_mut ( * _6); + _5 <- Borrow.borrow_final ( * _6) (Borrow.get_id _6); _6 <- { _6 with current = ( ^ _5) ; }; _4 <- ([#"../borrows.rs" 39 4 39 22] Inc0.inc _5); _5 <- any borrowed int32; @@ -648,9 +648,9 @@ module Borrows_Tuple } BB0 { x <- (let (a, b) = x in (let Borrows_NonZero_Type.C_NonZero a = let (a, _) = x in a in Borrows_NonZero_Type.C_NonZero ([#"../borrows.rs" 46 13 46 14] (0 : int32)), b)); - _6 <- Borrow.borrow_mut (Borrows_NonZero_Type.nonzero_0 ( * (let (_, a) = x in a))); + _6 <- Borrow.borrow_final (Borrows_NonZero_Type.nonzero_0 ( * (let (_, a) = x in a))) (Borrow.inherit_id (Borrow.get_id (let (_, a) = x in a)) 1); x <- (let (a, b) = x in (a, { (let (_, a) = x in a) with current = (let Borrows_NonZero_Type.C_NonZero a = * (let (_, a) = x in a) in Borrows_NonZero_Type.C_NonZero ( ^ _6)) ; })); - _5 <- Borrow.borrow_mut ( * _6); + _5 <- Borrow.borrow_final ( * _6) (Borrow.get_id _6); _6 <- { _6 with current = ( ^ _5) ; }; _4 <- ([#"../borrows.rs" 47 4 47 20] Inc0.inc _5); _5 <- any borrowed int32; @@ -746,9 +746,9 @@ module Borrows_PartialMove BB0 { a <- (let (a, _) = x in a); x <- (let (a, b) = x in (any Borrows_NonZero_Type.t_nonzero, b)); - _7 <- Borrow.borrow_mut (Borrows_NonZero_Type.nonzero_0 ( * (let (_, a) = x in a))); + _7 <- Borrow.borrow_final (Borrows_NonZero_Type.nonzero_0 ( * (let (_, a) = x in a))) (Borrow.inherit_id (Borrow.get_id (let (_, a) = x in a)) 1); x <- (let (a, b) = x in (a, { (let (_, a) = x in a) with current = (let Borrows_NonZero_Type.C_NonZero a = * (let (_, a) = x in a) in Borrows_NonZero_Type.C_NonZero ( ^ _7)) ; })); - _6 <- Borrow.borrow_mut ( * _7); + _6 <- Borrow.borrow_final ( * _7) (Borrow.get_id _7); _7 <- { _7 with current = ( ^ _6) ; }; _5 <- ([#"../borrows.rs" 55 4 55 20] Inc0.inc _6); _6 <- any borrowed int32; @@ -851,9 +851,9 @@ module Borrows_Destruct assert { [@expl:type invariant] Inv0.inv x }; assume { Resolve0.resolve x }; a <- (let Borrows_NonZero_Type.C_NonZero a = a in Borrows_NonZero_Type.C_NonZero ([#"../borrows.rs" 63 10 63 11] (0 : int32))); - _8 <- Borrow.borrow_mut (Borrows_NonZero_Type.nonzero_0 ( * b)); + _8 <- Borrow.borrow_final (Borrows_NonZero_Type.nonzero_0 ( * b)) (Borrow.inherit_id (Borrow.get_id b) 1); b <- { b with current = (let Borrows_NonZero_Type.C_NonZero a = * b in Borrows_NonZero_Type.C_NonZero ( ^ _8)) ; }; - _7 <- Borrow.borrow_mut ( * _8); + _7 <- Borrow.borrow_final ( * _8) (Borrow.get_id _8); _8 <- { _8 with current = ( ^ _7) ; }; _6 <- ([#"../borrows.rs" 64 4 64 17] Inc0.inc _7); _7 <- any borrowed int32; @@ -934,9 +934,9 @@ module Borrows_FrozenDead goto BB0 } BB0 { - _a <- Borrow.borrow_mut (Borrows_NonZero_Type.nonzero_0 ( * x)); + _a <- Borrow.borrow_final (Borrows_NonZero_Type.nonzero_0 ( * x)) (Borrow.inherit_id (Borrow.get_id x) 1); x <- { x with current = (let Borrows_NonZero_Type.C_NonZero a = * x in Borrows_NonZero_Type.C_NonZero ( ^ _a)) ; }; - _6 <- Borrow.borrow_mut ( * y); + _6 <- Borrow.borrow_final ( * y) (Borrow.get_id y); y <- { y with current = ( ^ _6) ; }; assume { Inv0.inv ( ^ _6) }; assert { [@expl:type invariant] Inv1.inv x }; @@ -945,7 +945,7 @@ module Borrows_FrozenDead _6 <- any borrowed (Borrows_NonZero_Type.t_nonzero); assert { [@expl:type invariant] Inv1.inv x }; assume { Resolve0.resolve x }; - _8 <- Borrow.borrow_mut ( * _a); + _8 <- Borrow.borrow_final ( * _a) (Borrow.get_id _a); _a <- { _a with current = ( ^ _8) ; }; _7 <- ([#"../borrows.rs" 75 4 75 11] Inc0.inc _8); _8 <- any borrowed int32; @@ -1126,9 +1126,9 @@ module Borrows_Impl3_Foo goto BB0 } BB0 { - _5 <- Borrow.borrow_mut (Borrows_SumTo10_Type.sumto10_a ( * self)); + _5 <- Borrow.borrow_final (Borrows_SumTo10_Type.sumto10_a ( * self)) (Borrow.inherit_id (Borrow.get_id self) 1); self <- { self with current = (let Borrows_SumTo10_Type.C_SumTo10 a b = * self in Borrows_SumTo10_Type.C_SumTo10 ( ^ _5) b) ; }; - _4 <- Borrow.borrow_mut ( * _5); + _4 <- Borrow.borrow_final ( * _5) (Borrow.get_id _5); _5 <- { _5 with current = ( ^ _4) ; }; _3 <- ([#"../borrows.rs" 94 8 94 24] Inc0.inc _4); _4 <- any borrowed int32; @@ -1136,9 +1136,9 @@ module Borrows_Impl3_Foo } BB1 { assume { Resolve0.resolve _5 }; - _8 <- Borrow.borrow_mut (Borrows_SumTo10_Type.sumto10_b ( * self)); + _8 <- Borrow.borrow_final (Borrows_SumTo10_Type.sumto10_b ( * self)) (Borrow.inherit_id (Borrow.get_id self) 2); self <- { self with current = (let Borrows_SumTo10_Type.C_SumTo10 a b = * self in Borrows_SumTo10_Type.C_SumTo10 a ( ^ _8)) ; }; - _7 <- Borrow.borrow_mut ( * _8); + _7 <- Borrow.borrow_final ( * _8) (Borrow.get_id _8); _8 <- { _8 with current = ( ^ _7) ; }; _6 <- ([#"../borrows.rs" 95 8 95 24] Dec0.dec _7); _7 <- any borrowed int32; diff --git a/creusot/tests/should_succeed/unnest.mlcfg b/creusot/tests/should_succeed/unnest.mlcfg index 45effdb676..62bc4e14ee 100644 --- a/creusot/tests/should_succeed/unnest.mlcfg +++ b/creusot/tests/should_succeed/unnest.mlcfg @@ -54,7 +54,7 @@ module Unnest_Unnest BB0 { _2 <- Borrow.borrow_mut ( * * x); x <- { x with current = { ( * x) with current = ( ^ _2) ; } ; }; - _0 <- Borrow.borrow_mut ( * _2); + _0 <- Borrow.borrow_final ( * _2) (Borrow.get_id _2); _2 <- { _2 with current = ( ^ _0) ; }; assume { Resolve0.resolve _2 }; assume { Resolve1.resolve x }; diff --git a/creusot/tests/should_succeed/vector/01.mlcfg b/creusot/tests/should_succeed/vector/01.mlcfg index 8e2ebe6d38..c509c0fa46 100644 --- a/creusot/tests/should_succeed/vector/01.mlcfg +++ b/creusot/tests/should_succeed/vector/01.mlcfg @@ -1263,7 +1263,7 @@ module C01_AllZero BB7 { _21 <- Borrow.borrow_mut iter; iter <- ^ _21; - _20 <- Borrow.borrow_mut ( * _21); + _20 <- Borrow.borrow_final ( * _21) (Borrow.get_id _21); _21 <- { _21 with current = ( ^ _20) ; }; _19 <- ([#"../01.rs" 9 4 9 42] Next0.next _20); _20 <- any borrowed (Core_Ops_Range_Range_Type.t_range usize); diff --git a/creusot/tests/should_succeed/vector/03_knuth_shuffle.mlcfg b/creusot/tests/should_succeed/vector/03_knuth_shuffle.mlcfg index 9ad69eda24..72e7f4682d 100644 --- a/creusot/tests/should_succeed/vector/03_knuth_shuffle.mlcfg +++ b/creusot/tests/should_succeed/vector/03_knuth_shuffle.mlcfg @@ -1187,7 +1187,7 @@ module C03KnuthShuffle_KnuthShuffle BB7 { _19 <- Borrow.borrow_mut iter; iter <- ^ _19; - _18 <- Borrow.borrow_mut ( * _19); + _18 <- Borrow.borrow_final ( * _19) (Borrow.get_id _19); _19 <- { _19 with current = ( ^ _18) ; }; _17 <- ([#"../03_knuth_shuffle.rs" 16 4 16 43] Next0.next _18); _18 <- any borrowed (Core_Ops_Range_Range_Type.t_range usize); diff --git a/creusot/tests/should_succeed/vector/06_knights_tour.mlcfg b/creusot/tests/should_succeed/vector/06_knights_tour.mlcfg index d21238a12d..800d9f04f4 100644 --- a/creusot/tests/should_succeed/vector/06_knights_tour.mlcfg +++ b/creusot/tests/should_succeed/vector/06_knights_tour.mlcfg @@ -1267,7 +1267,7 @@ module CreusotContracts_Std1_Iter_MapInv_Impl0_Completed type self = i use CreusotContracts_Std1_Iter_MapInv_MapInv_Type as CreusotContracts_Std1_Iter_MapInv_MapInv_Type predicate completed (self : borrowed (CreusotContracts_Std1_Iter_MapInv_MapInv_Type.t_mapinv i Item0.item f)) = - [#"../../../../../creusot-contracts/src/std/iter/map_inv.rs" 15 8 18 9] Ghost.inner (CreusotContracts_Std1_Iter_MapInv_MapInv_Type.mapinv_produced ( ^ self)) = Seq.empty /\ Completed0.completed {current = CreusotContracts_Std1_Iter_MapInv_MapInv_Type.mapinv_iter ( * self); final = CreusotContracts_Std1_Iter_MapInv_MapInv_Type.mapinv_iter ( ^ self); addr = Borrow.make_new_addr ()} /\ CreusotContracts_Std1_Iter_MapInv_MapInv_Type.mapinv_func ( * self) = CreusotContracts_Std1_Iter_MapInv_MapInv_Type.mapinv_func ( ^ self) + [#"../../../../../creusot-contracts/src/std/iter/map_inv.rs" 15 8 18 9] Ghost.inner (CreusotContracts_Std1_Iter_MapInv_MapInv_Type.mapinv_produced ( ^ self)) = Seq.empty /\ Completed0.completed {current = CreusotContracts_Std1_Iter_MapInv_MapInv_Type.mapinv_iter ( * self); final = CreusotContracts_Std1_Iter_MapInv_MapInv_Type.mapinv_iter ( ^ self); id = Borrow.inherit_id (Borrow.get_id self) 1} /\ CreusotContracts_Std1_Iter_MapInv_MapInv_Type.mapinv_func ( * self) = CreusotContracts_Std1_Iter_MapInv_MapInv_Type.mapinv_func ( ^ self) val completed (self : borrowed (CreusotContracts_Std1_Iter_MapInv_MapInv_Type.t_mapinv i Item0.item f)) : bool ensures { result = completed self } @@ -3255,7 +3255,7 @@ module C06KnightsTour_Impl1_CountDegree BB8 { _19 <- Borrow.borrow_mut iter; iter <- ^ _19; - _18 <- Borrow.borrow_mut ( * _19); + _18 <- Borrow.borrow_final ( * _19) (Borrow.get_id _19); _19 <- { _19 with current = ( ^ _18) ; }; _17 <- ([#"../06_knights_tour.rs" 73 8 73 46] Next0.next _18); _18 <- any borrowed (Alloc_Vec_IntoIter_IntoIter_Type.t_intoiter (isize, isize) (Alloc_Alloc_Global_Type.t_global)); @@ -3620,14 +3620,14 @@ module C06KnightsTour_Impl1_Set goto BB0 } BB0 { - _12 <- Borrow.borrow_mut (C06KnightsTour_Board_Type.board_field ( * self)); + _12 <- Borrow.borrow_final (C06KnightsTour_Board_Type.board_field ( * self)) (Borrow.inherit_id (Borrow.get_id self) 2); self <- { self with current = (let C06KnightsTour_Board_Type.C_Board a b = * self in C06KnightsTour_Board_Type.C_Board a ( ^ _12)) ; }; _11 <- ([#"../06_knights_tour.rs" 88 8 88 32] IndexMut0.index_mut _12 (UIntSize.of_int (IntSize.to_int (C06KnightsTour_Point_Type.point_x p)))); _12 <- any borrowed (Alloc_Vec_Vec_Type.t_vec (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) (Alloc_Alloc_Global_Type.t_global)); goto BB1 } BB1 { - _10 <- Borrow.borrow_mut ( * _11); + _10 <- Borrow.borrow_final ( * _11) (Borrow.get_id _11); _11 <- { _11 with current = ( ^ _10) ; }; _9 <- ([#"../06_knights_tour.rs" 88 8 88 46] IndexMut1.index_mut _10 (UIntSize.of_int (IntSize.to_int (C06KnightsTour_Point_Type.point_y p)))); _10 <- any borrowed (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)); @@ -3892,7 +3892,7 @@ module CreusotContracts_Std1_Slice_Impl14_Produces predicate produces (self : Core_Slice_Iter_Iter_Type.t_iter t) (visited : Seq.seq t) (tl : Core_Slice_Iter_Iter_Type.t_iter t) = - [#"../../../../../creusot-contracts/src/std/slice.rs" 379 12 379 66] ToRefSeq0.to_ref_seq (ShallowModel0.shallow_model self) = Seq.(++) visited (ToRefSeq0.to_ref_seq (ShallowModel0.shallow_model tl)) + [#"../../../../../creusot-contracts/src/std/slice.rs" 380 12 380 66] ToRefSeq0.to_ref_seq (ShallowModel0.shallow_model self) = Seq.(++) visited (ToRefSeq0.to_ref_seq (ShallowModel0.shallow_model tl)) val produces (self : Core_Slice_Iter_Iter_Type.t_iter t) (visited : Seq.seq t) (tl : Core_Slice_Iter_Iter_Type.t_iter t) : bool ensures { result = produces self visited tl } @@ -4067,10 +4067,10 @@ module CreusotContracts_Std1_Slice_Impl14_ProducesRefl_Interface type t = t function produces_refl (a : Core_Slice_Iter_Iter_Type.t_iter t) : () val produces_refl (a : Core_Slice_Iter_Iter_Type.t_iter t) : () - ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 385 14 385 39] Produces0.produces a (Seq.empty ) a } + ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 386 14 386 39] Produces0.produces a (Seq.empty ) a } ensures { result = produces_refl a } - axiom produces_refl_spec : forall a : Core_Slice_Iter_Iter_Type.t_iter t . [#"../../../../../creusot-contracts/src/std/slice.rs" 385 14 385 39] Produces0.produces a (Seq.empty ) a + axiom produces_refl_spec : forall a : Core_Slice_Iter_Iter_Type.t_iter t . [#"../../../../../creusot-contracts/src/std/slice.rs" 386 14 386 39] Produces0.produces a (Seq.empty ) a end module CreusotContracts_Std1_Slice_Impl14_ProducesRefl type t @@ -4079,12 +4079,12 @@ module CreusotContracts_Std1_Slice_Impl14_ProducesRefl clone CreusotContracts_Std1_Slice_Impl14_Produces_Stub as Produces0 with type t = t function produces_refl (a : Core_Slice_Iter_Iter_Type.t_iter t) : () = - [#"../../../../../creusot-contracts/src/std/slice.rs" 383 4 383 10] () + [#"../../../../../creusot-contracts/src/std/slice.rs" 384 4 384 10] () val produces_refl (a : Core_Slice_Iter_Iter_Type.t_iter t) : () - ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 385 14 385 39] Produces0.produces a (Seq.empty ) a } + ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 386 14 386 39] Produces0.produces a (Seq.empty ) a } ensures { result = produces_refl a } - axiom produces_refl_spec : forall a : Core_Slice_Iter_Iter_Type.t_iter t . [#"../../../../../creusot-contracts/src/std/slice.rs" 385 14 385 39] Produces0.produces a (Seq.empty ) a + axiom produces_refl_spec : forall a : Core_Slice_Iter_Iter_Type.t_iter t . [#"../../../../../creusot-contracts/src/std/slice.rs" 386 14 386 39] Produces0.produces a (Seq.empty ) a end module CreusotContracts_Std1_Slice_Impl14_ProducesTrans_Stub type t @@ -4112,14 +4112,14 @@ module CreusotContracts_Std1_Slice_Impl14_ProducesTrans_Interface function produces_trans (a : Core_Slice_Iter_Iter_Type.t_iter t) (ab : Seq.seq t) (b : Core_Slice_Iter_Iter_Type.t_iter t) (bc : Seq.seq t) (c : Core_Slice_Iter_Iter_Type.t_iter t) : () val produces_trans (a : Core_Slice_Iter_Iter_Type.t_iter t) (ab : Seq.seq t) (b : Core_Slice_Iter_Iter_Type.t_iter t) (bc : Seq.seq t) (c : Core_Slice_Iter_Iter_Type.t_iter t) : () - requires {[#"../../../../../creusot-contracts/src/std/slice.rs" 390 15 390 32] Produces0.produces a ab b} - requires {[#"../../../../../creusot-contracts/src/std/slice.rs" 391 15 391 32] Produces0.produces b bc c} - requires {[#"../../../../../creusot-contracts/src/std/slice.rs" 393 31 393 33] Inv0.inv ab} - requires {[#"../../../../../creusot-contracts/src/std/slice.rs" 393 61 393 63] Inv0.inv bc} - ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 392 14 392 42] Produces0.produces a (Seq.(++) ab bc) c } + requires {[#"../../../../../creusot-contracts/src/std/slice.rs" 391 15 391 32] Produces0.produces a ab b} + requires {[#"../../../../../creusot-contracts/src/std/slice.rs" 392 15 392 32] Produces0.produces b bc c} + requires {[#"../../../../../creusot-contracts/src/std/slice.rs" 394 31 394 33] Inv0.inv ab} + requires {[#"../../../../../creusot-contracts/src/std/slice.rs" 394 61 394 63] Inv0.inv bc} + ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 393 14 393 42] Produces0.produces a (Seq.(++) ab bc) c } ensures { result = produces_trans a ab b bc c } - axiom produces_trans_spec : forall a : Core_Slice_Iter_Iter_Type.t_iter t, ab : Seq.seq t, b : Core_Slice_Iter_Iter_Type.t_iter t, bc : Seq.seq t, c : Core_Slice_Iter_Iter_Type.t_iter t . ([#"../../../../../creusot-contracts/src/std/slice.rs" 390 15 390 32] Produces0.produces a ab b) -> ([#"../../../../../creusot-contracts/src/std/slice.rs" 391 15 391 32] Produces0.produces b bc c) -> ([#"../../../../../creusot-contracts/src/std/slice.rs" 393 31 393 33] Inv0.inv ab) -> ([#"../../../../../creusot-contracts/src/std/slice.rs" 393 61 393 63] Inv0.inv bc) -> ([#"../../../../../creusot-contracts/src/std/slice.rs" 392 14 392 42] Produces0.produces a (Seq.(++) ab bc) c) + axiom produces_trans_spec : forall a : Core_Slice_Iter_Iter_Type.t_iter t, ab : Seq.seq t, b : Core_Slice_Iter_Iter_Type.t_iter t, bc : Seq.seq t, c : Core_Slice_Iter_Iter_Type.t_iter t . ([#"../../../../../creusot-contracts/src/std/slice.rs" 391 15 391 32] Produces0.produces a ab b) -> ([#"../../../../../creusot-contracts/src/std/slice.rs" 392 15 392 32] Produces0.produces b bc c) -> ([#"../../../../../creusot-contracts/src/std/slice.rs" 394 31 394 33] Inv0.inv ab) -> ([#"../../../../../creusot-contracts/src/std/slice.rs" 394 61 394 63] Inv0.inv bc) -> ([#"../../../../../creusot-contracts/src/std/slice.rs" 393 14 393 42] Produces0.produces a (Seq.(++) ab bc) c) end module CreusotContracts_Std1_Slice_Impl14_ProducesTrans type t @@ -4134,16 +4134,16 @@ module CreusotContracts_Std1_Slice_Impl14_ProducesTrans function produces_trans (a : Core_Slice_Iter_Iter_Type.t_iter t) (ab : Seq.seq t) (b : Core_Slice_Iter_Iter_Type.t_iter t) (bc : Seq.seq t) (c : Core_Slice_Iter_Iter_Type.t_iter t) : () = - [#"../../../../../creusot-contracts/src/std/slice.rs" 388 4 388 10] () + [#"../../../../../creusot-contracts/src/std/slice.rs" 389 4 389 10] () val produces_trans (a : Core_Slice_Iter_Iter_Type.t_iter t) (ab : Seq.seq t) (b : Core_Slice_Iter_Iter_Type.t_iter t) (bc : Seq.seq t) (c : Core_Slice_Iter_Iter_Type.t_iter t) : () - requires {[#"../../../../../creusot-contracts/src/std/slice.rs" 390 15 390 32] Produces0.produces a ab b} - requires {[#"../../../../../creusot-contracts/src/std/slice.rs" 391 15 391 32] Produces0.produces b bc c} - requires {[#"../../../../../creusot-contracts/src/std/slice.rs" 393 31 393 33] Inv0.inv ab} - requires {[#"../../../../../creusot-contracts/src/std/slice.rs" 393 61 393 63] Inv0.inv bc} - ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 392 14 392 42] Produces0.produces a (Seq.(++) ab bc) c } + requires {[#"../../../../../creusot-contracts/src/std/slice.rs" 391 15 391 32] Produces0.produces a ab b} + requires {[#"../../../../../creusot-contracts/src/std/slice.rs" 392 15 392 32] Produces0.produces b bc c} + requires {[#"../../../../../creusot-contracts/src/std/slice.rs" 394 31 394 33] Inv0.inv ab} + requires {[#"../../../../../creusot-contracts/src/std/slice.rs" 394 61 394 63] Inv0.inv bc} + ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 393 14 393 42] Produces0.produces a (Seq.(++) ab bc) c } ensures { result = produces_trans a ab b bc c } - axiom produces_trans_spec : forall a : Core_Slice_Iter_Iter_Type.t_iter t, ab : Seq.seq t, b : Core_Slice_Iter_Iter_Type.t_iter t, bc : Seq.seq t, c : Core_Slice_Iter_Iter_Type.t_iter t . ([#"../../../../../creusot-contracts/src/std/slice.rs" 390 15 390 32] Produces0.produces a ab b) -> ([#"../../../../../creusot-contracts/src/std/slice.rs" 391 15 391 32] Produces0.produces b bc c) -> ([#"../../../../../creusot-contracts/src/std/slice.rs" 393 31 393 33] Inv0.inv ab) -> ([#"../../../../../creusot-contracts/src/std/slice.rs" 393 61 393 63] Inv0.inv bc) -> ([#"../../../../../creusot-contracts/src/std/slice.rs" 392 14 392 42] Produces0.produces a (Seq.(++) ab bc) c) + axiom produces_trans_spec : forall a : Core_Slice_Iter_Iter_Type.t_iter t, ab : Seq.seq t, b : Core_Slice_Iter_Iter_Type.t_iter t, bc : Seq.seq t, c : Core_Slice_Iter_Iter_Type.t_iter t . ([#"../../../../../creusot-contracts/src/std/slice.rs" 391 15 391 32] Produces0.produces a ab b) -> ([#"../../../../../creusot-contracts/src/std/slice.rs" 392 15 392 32] Produces0.produces b bc c) -> ([#"../../../../../creusot-contracts/src/std/slice.rs" 394 31 394 33] Inv0.inv ab) -> ([#"../../../../../creusot-contracts/src/std/slice.rs" 394 61 394 63] Inv0.inv bc) -> ([#"../../../../../creusot-contracts/src/std/slice.rs" 393 14 393 42] Produces0.produces a (Seq.(++) ab bc) c) end module C06KnightsTour_Min_Interface use prelude.Borrow @@ -4367,7 +4367,7 @@ module C06KnightsTour_Min BB5 { _17 <- Borrow.borrow_mut iter; iter <- ^ _17; - _16 <- Borrow.borrow_mut ( * _17); + _16 <- Borrow.borrow_final ( * _17) (Borrow.get_id _17); _17 <- { _17 with current = ( ^ _16) ; }; _15 <- ([#"../06_knights_tour.rs" 113 4 114 74] Next0.next _16); _16 <- any borrowed (Core_Slice_Iter_Iter_Type.t_iter (usize, C06KnightsTour_Point_Type.t_point)); @@ -5154,7 +5154,7 @@ module C06KnightsTour_KnightsTour BB10 { _37 <- Borrow.borrow_mut iter; iter <- ^ _37; - _36 <- Borrow.borrow_mut ( * _37); + _36 <- Borrow.borrow_final ( * _37) (Borrow.get_id _37); _37 <- { _37 with current = ( ^ _36) ; }; _35 <- ([#"../06_knights_tour.rs" 142 4 142 36] Next0.next _36); _36 <- any borrowed (Core_Ops_Range_Range_Type.t_range usize); @@ -5228,7 +5228,7 @@ module C06KnightsTour_KnightsTour BB26 { _56 <- Borrow.borrow_mut iter1; iter1 <- ^ _56; - _55 <- Borrow.borrow_mut ( * _56); + _55 <- Borrow.borrow_final ( * _56) (Borrow.get_id _56); _56 <- { _56 with current = ( ^ _55) ; }; _54 <- ([#"../06_knights_tour.rs" 148 8 149 54] Next1.next _55); _55 <- any borrowed (Alloc_Vec_IntoIter_IntoIter_Type.t_intoiter (isize, isize) (Alloc_Alloc_Global_Type.t_global)); diff --git a/creusot/tests/should_succeed/vector/08_haystack.mlcfg b/creusot/tests/should_succeed/vector/08_haystack.mlcfg index 108f9a99ec..fc193634d1 100644 --- a/creusot/tests/should_succeed/vector/08_haystack.mlcfg +++ b/creusot/tests/should_succeed/vector/08_haystack.mlcfg @@ -1978,7 +1978,7 @@ module C08Haystack_Search BB8 { _26 <- Borrow.borrow_mut iter; iter <- ^ _26; - _25 <- Borrow.borrow_mut ( * _26); + _25 <- Borrow.borrow_final ( * _26) (Borrow.get_id _26); _26 <- { _26 with current = ( ^ _25) ; }; _24 <- ([#"../08_haystack.rs" 22 4 22 112] Next0.next _25); _25 <- any borrowed (Core_Ops_Range_RangeInclusive_Type.t_rangeinclusive usize); @@ -2038,7 +2038,7 @@ module C08Haystack_Search BB20 { _47 <- Borrow.borrow_mut iter1; iter1 <- ^ _47; - _46 <- Borrow.borrow_mut ( * _47); + _46 <- Borrow.borrow_final ( * _47) (Borrow.get_id _47); _47 <- { _47 with current = ( ^ _46) ; }; _45 <- ([#"../08_haystack.rs" 24 8 24 68] Next1.next _46); _46 <- any borrowed (Core_Ops_Range_Range_Type.t_range usize); diff --git a/creusot/tests/should_succeed/vector/09_capacity.mlcfg b/creusot/tests/should_succeed/vector/09_capacity.mlcfg index eab3800bfd..7e3a9c8d06 100644 --- a/creusot/tests/should_succeed/vector/09_capacity.mlcfg +++ b/creusot/tests/should_succeed/vector/09_capacity.mlcfg @@ -540,7 +540,7 @@ module C09Capacity_ChangeCapacity goto BB3 } BB3 { - _11 <- Borrow.borrow_mut ( * v); + _11 <- Borrow.borrow_final ( * v) (Borrow.get_id v); v <- { v with current = ( ^ _11) ; }; assume { Inv0.inv ( ^ _11) }; _10 <- ([#"../09_capacity.rs" 10 4 10 18] ShrinkTo0.shrink_to _11 ([#"../09_capacity.rs" 10 16 10 17] (1 : usize))); @@ -663,7 +663,7 @@ module C09Capacity_ClearVec goto BB0 } BB0 { - _4 <- Borrow.borrow_mut ( * v); + _4 <- Borrow.borrow_final ( * v) (Borrow.get_id v); v <- { v with current = ( ^ _4) ; }; assume { Inv0.inv ( ^ _4) }; _3 <- ([#"../09_capacity.rs" 15 4 15 13] Clear0.clear _4);