diff --git a/creusot/tests/creusot-contracts/creusot-contracts.coma b/creusot/tests/creusot-contracts/creusot-contracts.coma index 14c819fe43..7113db6f78 100644 --- a/creusot/tests/creusot-contracts/creusot-contracts.coma +++ b/creusot/tests/creusot-contracts/creusot-contracts.coma @@ -1,6278 +1,5830 @@ -module M_creusot_contracts__logic__fmap__qyi9892930999379617882__subtract [#"../../../creusot-contracts/src/logic/fmap.rs" 179 4 179 46] (* logic::fmap::FMap *) - let%span sfmap0 = "../../../creusot-contracts/src/logic/fmap.rs" 171 15 171 33 - let%span sfmap1 = "../../../creusot-contracts/src/logic/fmap.rs" 172 14 172 36 - let%span sfmap2 = "../../../creusot-contracts/src/logic/fmap.rs" 173 14 173 46 - let%span sfmap3 = "../../../creusot-contracts/src/logic/fmap.rs" 174 14 178 5 - let%span sfmap4 = "../../../creusot-contracts/src/logic/fmap.rs" 160 14 164 5 - let%span sfmap5 = "../../../creusot-contracts/src/logic/fmap.rs" 180 8 180 33 - let%span sfmap6 = "../../../creusot-contracts/src/logic/fmap.rs" 139 12 139 89 - let%span sfmap7 = "../../../creusot-contracts/src/logic/fmap.rs" 132 19 132 71 - let%span sfmap8 = "../../../creusot-contracts/src/logic/fmap.rs" 145 15 145 35 - let%span sfmap9 = "../../../creusot-contracts/src/logic/fmap.rs" 146 14 152 5 - let%span sfmap10 = "../../../creusot-contracts/src/logic/fmap.rs" 153 14 153 54 - let%span sfmap11 = "../../../creusot-contracts/src/logic/fmap.rs" 185 14 185 38 - let%span sfmap12 = "../../../creusot-contracts/src/logic/fmap.rs" 186 14 186 83 - let%span sfmap13 = "../../../creusot-contracts/src/logic/fmap.rs" 188 8 188 35 - let%span sfmap14 = "../../../creusot-contracts/src/logic/fmap.rs" 96 8 96 26 - let%span sfmap15 = "../../../creusot-contracts/src/logic/fmap.rs" 120 8 120 35 - let%span sfmap16 = "../../../creusot-contracts/src/logic/fmap.rs" 44 14 44 25 - let%span sfmap17 = "../../../creusot-contracts/src/logic/fmap.rs" 57 14 57 38 - - type t_FMap'0 - - type t_K'0 - - type t_V'0 - - type t_Option'0 = - | C_None'0 - | C_Some'0 t_V'0 - - use map.Map - - function mk'0 [#"../../../creusot-contracts/src/logic/fmap.rs" 51 4 51 37] (_m : Map.map t_K'0 (t_Option'0)) : t_FMap'0 - +module M_creusot_contracts__stdqy35z1__cmp__qyi16241606109483467814__cmp_le_log [#"../../../creusot-contracts/src/std/cmp.rs" 88 4 88 35] (* as logic::ord::OrdLogic> *) + let%span scmp0 = "../../../creusot-contracts/src/std/cmp.rs" 87 14 87 64 + let%span scmp1 = "../../../creusot-contracts/src/std/cmp.rs" 85 4 85 10 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 25 20 25 56 + let%span scmp3 = "../../../creusot-contracts/src/std/cmp.rs" 78 8 82 9 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 + let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 + let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 + let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 + let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 + let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 + let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 + let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 + let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 + let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 + let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 + let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 + let%span sord16 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 - function view'0 [#"../../../creusot-contracts/src/logic/fmap.rs" 58 4 58 35] (self : t_FMap'0) : Map.map t_K'0 (t_Option'0) - + type t_T'0 - axiom view'0_spec : forall self : t_FMap'0 . [%#sfmap17] mk'0 (view'0 self) = self + type t_Reverse'0 = + { t_Reverse__0'0: t_T'0 } - use map.Map + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function get_unsized'0 [@inline:trivial] [#"../../../creusot-contracts/src/logic/fmap.rs" 95 4 95 55] (self : t_FMap'0) (k : t_K'0) : t_Option'0 + function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_T'0) (other : t_T'0) : t_Ordering'0 - = - [%#sfmap14] Map.get (view'0 self) k - function contains'0 [@inline:trivial] [#"../../../creusot-contracts/src/logic/fmap.rs" 119 4 119 39] (self : t_FMap'0) (k : t_K'0) : bool - - = - [%#sfmap15] get_unsized'0 self k <> C_None'0 + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_T'0) (y : t_T'0) : () - function subset'0 [#"../../../creusot-contracts/src/logic/fmap.rs" 137 4 137 44] (self : t_FMap'0) (other : t_FMap'0) : bool - - = - [%#sfmap6] forall k : t_K'0 . contains'0 self k -> get_unsized'0 other k = get_unsized'0 self k + axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord16] (x = y) = (cmp_log'1 x y = C_Equal'0) - function disjoint'0 [#"../../../creusot-contracts/src/logic/fmap.rs" 131 4 131 46] (self : t_FMap'0) (other : t_FMap'0) : bool - - = - [%#sfmap7] forall k : t_K'0 . not contains'0 self k \/ not contains'0 other k + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_T'0) (y : t_T'0) : () - use prelude.prelude.Int + axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord14] cmp_log'1 x y = C_Greater'0) + -> ([%#sord15] cmp_log'1 y x = C_Less'0) - function len'0 [#"../../../creusot-contracts/src/logic/fmap.rs" 45 4 45 27] (self : t_FMap'0) : int + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_T'0) (y : t_T'0) : () - axiom len'0_spec : forall self : t_FMap'0 . [%#sfmap16] len'0 self >= 0 + axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord12] cmp_log'1 x y = C_Less'0) + -> ([%#sord13] cmp_log'1 y x = C_Greater'0) - function union'0 [#"../../../creusot-contracts/src/logic/fmap.rs" 154 4 154 43] (self : t_FMap'0) (other : t_FMap'0) : t_FMap'0 + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () - axiom union'0_spec : forall self : t_FMap'0, other : t_FMap'0 . ([%#sfmap8] disjoint'0 self other) - -> ([%#sfmap9] forall k : t_K'0 . get_unsized'0 (union'0 self other) k - = (if contains'0 self k then - get_unsized'0 self k - else - if contains'0 other k then get_unsized'0 other k else C_None'0 - )) - && ([%#sfmap10] len'0 (union'0 self other) = len'0 self + len'0 other) + axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord9] cmp_log'1 x y = o) + -> ([%#sord10] cmp_log'1 y z = o) -> ([%#sord11] cmp_log'1 x z = o) - function ext_eq'0 [#"../../../creusot-contracts/src/logic/fmap.rs" 187 4 187 44] (self : t_FMap'0) (other : t_FMap'0) : bool - - = - [%#sfmap13] view'0 self = view'0 other + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_T'0) : () - axiom ext_eq'0_spec : forall self : t_FMap'0, other : t_FMap'0 . ([%#sfmap11] ext_eq'0 self other -> self = other) - && ([%#sfmap12] (forall k : t_K'0 . get_unsized'0 self k = get_unsized'0 other k) -> ext_eq'0 self other) + axiom refl'0_spec : forall x : t_T'0 . [%#sord8] cmp_log'1 x x = C_Equal'0 - function subtract_keys'0 [#"../../../creusot-contracts/src/logic/fmap.rs" 165 4 165 51] (self : t_FMap'0) (other : t_FMap'0) : t_FMap'0 - + function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_T'0) (o : t_T'0) : bool - axiom subtract_keys'0_spec : forall self : t_FMap'0, other : t_FMap'0 . [%#sfmap4] forall k : t_K'0 . get_unsized'0 (subtract_keys'0 self other) k - = (if contains'0 other k then C_None'0 else get_unsized'0 self k) + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_T'0) (y : t_T'0) : () - constant self : t_FMap'0 + axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord7] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) - constant other : t_FMap'0 + function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_T'0) (o : t_T'0) : bool - function subtract'0 [#"../../../creusot-contracts/src/logic/fmap.rs" 179 4 179 46] (self : t_FMap'0) (other : t_FMap'0) : t_FMap'0 - + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_T'0) (y : t_T'0) : () - goal vc_subtract'0 : ([%#sfmap0] subset'0 other self) - -> ([%#sfmap4] forall k : t_K'0 . get_unsized'0 (subtract_keys'0 self other) k - = (if contains'0 other k then C_None'0 else get_unsized'0 self k)) - -> (let result = subtract_keys'0 self other in ([%#sfmap1] disjoint'0 result other) - && ([%#sfmap2] ext_eq'0 (union'0 other result) self) - && ([%#sfmap3] forall k : t_K'0 . get_unsized'0 result k - = (if contains'0 other k then C_None'0 else get_unsized'0 self k))) -end -module M_creusot_contracts__logic__fmap__qyi9892930999379617882__ext_eq [#"../../../creusot-contracts/src/logic/fmap.rs" 187 4 187 44] (* logic::fmap::FMap *) - let%span sfmap0 = "../../../creusot-contracts/src/logic/fmap.rs" 185 14 185 38 - let%span sfmap1 = "../../../creusot-contracts/src/logic/fmap.rs" 186 14 186 83 - let%span sfmap2 = "../../../creusot-contracts/src/logic/fmap.rs" 57 14 57 38 - let%span sfmap3 = "../../../creusot-contracts/src/logic/fmap.rs" 188 8 188 35 - let%span sfmap4 = "../../../creusot-contracts/src/logic/fmap.rs" 96 8 96 26 + axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord6] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) - type t_K'0 + function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_T'0) (o : t_T'0) : bool - type t_FMap'0 + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_T'0) (y : t_T'0) : () - type t_V'0 + axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) - type t_Option'0 = - | C_None'0 - | C_Some'0 t_V'0 + function le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_T'0) (o : t_T'0) : bool - use map.Map + function cmp_le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_T'0) (y : t_T'0) : () - function mk'0 [#"../../../creusot-contracts/src/logic/fmap.rs" 51 4 51 37] (_m : Map.map t_K'0 (t_Option'0)) : t_FMap'0 - + axiom cmp_le_log'1_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] le_log'1 x y = (cmp_log'1 x y <> C_Greater'0) - function view'0 [#"../../../creusot-contracts/src/logic/fmap.rs" 58 4 58 35] (self : t_FMap'0) : Map.map t_K'0 (t_Option'0) + function cmp_log'0 [#"../../../creusot-contracts/src/std/cmp.rs" 77 4 77 41] (self : t_Reverse'0) (o : t_Reverse'0) : t_Ordering'0 + = + [%#scmp3] match cmp_log'1 self.t_Reverse__0'0 o.t_Reverse__0'0 with + | C_Equal'0 -> C_Equal'0 + | C_Less'0 -> C_Greater'0 + | C_Greater'0 -> C_Less'0 + end - axiom view'0_spec : forall self : t_FMap'0 . [%#sfmap2] mk'0 (view'0 self) = self - - use map.Map - - function get_unsized'0 [@inline:trivial] [#"../../../creusot-contracts/src/logic/fmap.rs" 95 4 95 55] (self : t_FMap'0) (k : t_K'0) : t_Option'0 + function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_Reverse'0) (o : t_Reverse'0) : bool = - [%#sfmap4] Map.get (view'0 self) k + [%#sord2] cmp_log'0 self o <> C_Greater'0 - constant self : t_FMap'0 + constant x : t_Reverse'0 - constant other : t_FMap'0 + constant y : t_Reverse'0 - function ext_eq'0 [#"../../../creusot-contracts/src/logic/fmap.rs" 187 4 187 44] (self : t_FMap'0) (other : t_FMap'0) : bool + function cmp_le_log'0 [#"../../../creusot-contracts/src/std/cmp.rs" 88 4 88 35] (x : t_Reverse'0) (y : t_Reverse'0) : () - goal vc_ext_eq'0 : ([%#sfmap2] mk'0 (view'0 self) = self) - -> ([%#sfmap2] mk'0 (view'0 other) = other) - -> (let result = view'0 self = view'0 other in ([%#sfmap0] result -> self = other) - && ([%#sfmap1] (forall k : t_K'0 . get_unsized'0 self k = get_unsized'0 other k) -> result)) + goal vc_cmp_le_log'0 : [%#scmp0] le_log'0 x y = (cmp_log'0 x y <> C_Greater'0) end -module M_creusot_contracts__logic__fmap__qyi9892930999379617882__contains_ghost [#"../../../creusot-contracts/src/logic/fmap.rs" 256 4 256 49] (* logic::fmap::FMap *) - let%span sfmap0 = "../../../creusot-contracts/src/logic/fmap.rs" 256 33 256 36 - let%span sfmap1 = "../../../creusot-contracts/src/logic/fmap.rs" 255 14 255 43 - let%span sfmap2 = "../../../creusot-contracts/src/logic/fmap.rs" 285 28 285 31 - let%span sfmap3 = "../../../creusot-contracts/src/logic/fmap.rs" 285 40 285 50 - let%span sfmap4 = "../../../creusot-contracts/src/logic/fmap.rs" 277 4 284 11 - let%span soption5 = "../../../creusot-contracts/src/std/option.rs" 36 26 36 51 - let%span sfmap6 = "../../../creusot-contracts/src/logic/fmap.rs" 120 8 120 35 - let%span sfmap7 = "../../../creusot-contracts/src/logic/fmap.rs" 103 8 103 35 - let%span sfmap8 = "../../../creusot-contracts/src/logic/fmap.rs" 96 8 96 26 - let%span sutil9 = "../../../creusot-contracts/src/util.rs" 32 11 32 21 - let%span sutil10 = "../../../creusot-contracts/src/util.rs" 33 10 33 28 - let%span sinvariant11 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 - let%span sfmap12 = "../../../creusot-contracts/src/logic/fmap.rs" 57 14 57 38 +module M_creusot_contracts__stdqy35z1__cmp__qyi16241606109483467814__cmp_lt_log [#"../../../creusot-contracts/src/std/cmp.rs" 93 4 93 35] (* as logic::ord::OrdLogic> *) + let%span scmp0 = "../../../creusot-contracts/src/std/cmp.rs" 92 14 92 61 + let%span scmp1 = "../../../creusot-contracts/src/std/cmp.rs" 90 4 90 10 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 36 20 36 53 + let%span scmp3 = "../../../creusot-contracts/src/std/cmp.rs" 78 8 82 9 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 + let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 + let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 + let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 + let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 + let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 + let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 + let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 + let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 + let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 + let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 + let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 + let%span sord16 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 - use prelude.prelude.Borrow + type t_T'0 - type t_K'0 + type t_Reverse'0 = + { t_Reverse__0'0: t_T'0 } - predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_K'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate invariant'0 [#"../../../creusot-contracts/src/invariant.rs" 23 4 23 30] (self : t_K'0) = - [%#sinvariant11] inv'4 self + function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_T'0) (other : t_T'0) : t_Ordering'0 + - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_K'0) + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_T'0) (y : t_T'0) : () - axiom inv_axiom'0 [@rewrite] : forall x : t_K'0 [inv'0 x] . inv'0 x = invariant'0 x + axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord16] (x = y) = (cmp_log'1 x y = C_Equal'0) - type t_V'0 + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_T'0) (y : t_T'0) : () - type t_Option'0 = - | C_None'0 - | C_Some'0 t_V'0 + axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord14] cmp_log'1 x y = C_Greater'0) + -> ([%#sord15] cmp_log'1 y x = C_Less'0) - predicate inv'5 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_V'0) + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_T'0) (y : t_T'0) : () - predicate invariant'2 [#"../../../creusot-contracts/src/invariant.rs" 23 4 23 30] (self : t_V'0) = - [%#sinvariant11] inv'5 self + axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord12] cmp_log'1 x y = C_Less'0) + -> ([%#sord13] cmp_log'1 y x = C_Greater'0) - predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_V'0) + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () + - axiom inv_axiom'3 [@rewrite] : forall x : t_V'0 [inv'3 x] . inv'3 x = invariant'2 x + axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord9] cmp_log'1 x y = o) + -> ([%#sord10] cmp_log'1 y z = o) -> ([%#sord11] cmp_log'1 x z = o) - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Option'0) + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_T'0) : () - axiom inv_axiom'1 [@rewrite] : forall x : t_Option'0 [inv'1 x] . inv'1 x - = match x with - | C_None'0 -> true - | C_Some'0 a_0 -> inv'3 a_0 - end + axiom refl'0_spec : forall x : t_T'0 . [%#sord8] cmp_log'1 x x = C_Equal'0 - type t_FMap'0 + function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_T'0) (o : t_T'0) : bool - type t_Option'1 = - | C_None'1 - | C_Some'1 t_V'0 + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_T'0) (y : t_T'0) : () - use map.Map + axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord7] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) - function mk'0 [#"../../../creusot-contracts/src/logic/fmap.rs" 51 4 51 37] (_m : Map.map t_K'0 (t_Option'1)) : t_FMap'0 - + function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_T'0) (o : t_T'0) : bool - function view'0 [#"../../../creusot-contracts/src/logic/fmap.rs" 58 4 58 35] (self : t_FMap'0) : Map.map t_K'0 (t_Option'1) - + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_T'0) (y : t_T'0) : () - axiom view'0_spec : forall self : t_FMap'0 . [%#sfmap12] mk'0 (view'0 self) = self + axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord6] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) - use map.Map + function lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_T'0) (o : t_T'0) : bool - function get_unsized'0 [@inline:trivial] [#"../../../creusot-contracts/src/logic/fmap.rs" 95 4 95 55] (self : t_FMap'0) (k : t_K'0) : t_Option'1 - - = - [%#sfmap8] Map.get (view'0 self) k + function cmp_lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_T'0) (y : t_T'0) : () - function contains'0 [@inline:trivial] [#"../../../creusot-contracts/src/logic/fmap.rs" 119 4 119 39] (self : t_FMap'0) (k : t_K'0) : bool - - = - [%#sfmap6] get_unsized'0 self k <> C_None'1 + axiom cmp_lt_log'1_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] lt_log'1 x y = (cmp_log'1 x y = C_Less'0) - function unwrap'0 [#"../../../creusot-contracts/src/util.rs" 34 0 34 36] (op : t_Option'1) : t_V'0 + function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_T'0) (o : t_T'0) : bool - axiom unwrap'0_spec : forall op : t_Option'1 . ([%#sutil9] op <> C_None'1) - -> ([%#sutil10] C_Some'1 (unwrap'0 op) = op) + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_T'0) (y : t_T'0) : () + + axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) - function lookup_unsized'0 [@inline:trivial] [#"../../../creusot-contracts/src/logic/fmap.rs" 102 4 102 50] (self : t_FMap'0) (k : t_K'0) : t_V'0 + function cmp_log'0 [#"../../../creusot-contracts/src/std/cmp.rs" 77 4 77 41] (self : t_Reverse'0) (o : t_Reverse'0) : t_Ordering'0 = - [%#sfmap7] unwrap'0 (get_unsized'0 self k) + [%#scmp3] match cmp_log'1 self.t_Reverse__0'0 o.t_Reverse__0'0 with + | C_Equal'0 -> C_Equal'0 + | C_Less'0 -> C_Greater'0 + | C_Greater'0 -> C_Less'0 + end - let rec get_ghost'0 (self:t_FMap'0) (key:t_K'0) (return' (ret:t_Option'0))= {[@expl:get_ghost 'key' type invariant] [%#sfmap2] inv'0 key} - any - [ return' (result:t_Option'0)-> {[%#sfmap3] inv'1 result} - {[%#sfmap4] if contains'0 self key then - match result with - | C_None'0 -> false - | C_Some'0 r -> lookup_unsized'0 self key = r - end - else - result = C_None'0 - } - (! return' {result}) ] + function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_Reverse'0) (o : t_Reverse'0) : bool + = + [%#sord2] cmp_log'0 self o = C_Less'0 - predicate invariant'1 [#"../../../creusot-contracts/src/invariant.rs" 23 4 23 30] (self : t_Option'0) = - [%#sinvariant11] inv'1 self - - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Option'0) - - axiom inv_axiom'2 [@rewrite] : forall x : t_Option'0 [inv'2 x] . inv'2 x = invariant'1 x - - let rec is_some'0 (self:t_Option'0) (return' (ret:bool))= {[@expl:is_some 'self' type invariant] inv'2 self} - any [ return' (result:bool)-> {[%#soption5] result = (self <> C_None'0)} (! return' {result}) ] - - use prelude.prelude.Intrinsic + constant x : t_Reverse'0 - meta "compute_max_steps" 1000000 + constant y : t_Reverse'0 - let rec contains_ghost'0 (self:t_FMap'0) (key:t_K'0) (return' (ret:bool))= {[@expl:contains_ghost 'key' type invariant] [%#sfmap0] inv'0 key} - (! bb0 - [ bb0 = s0 [ s0 = get_ghost'0 {self} {key} (fun (_ret':t_Option'0) -> [ &_5 <- _ret' ] s1) | s1 = bb1 ] - | bb1 = s0 [ s0 = is_some'0 {_5} (fun (_ret':bool) -> [ &_0 <- _ret' ] s1) | s1 = bb2 ] - | bb2 = return' {_0} ] - ) [ & _0 : bool = any_l () | & self : t_FMap'0 = self | & key : t_K'0 = key | & _5 : t_Option'0 = any_l () ] - [ return' (result:bool)-> {[@expl:contains_ghost ensures] [%#sfmap1] result = contains'0 self key} - (! return' {result}) ] + function cmp_lt_log'0 [#"../../../creusot-contracts/src/std/cmp.rs" 93 4 93 35] (x : t_Reverse'0) (y : t_Reverse'0) : () + + goal vc_cmp_lt_log'0 : [%#scmp0] lt_log'0 x y = (cmp_log'0 x y = C_Less'0) end -module M_creusot_contracts__logic__ord__qyi8355372356285216375__cmp_le_log [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 78 39 78 89 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 76 8 76 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 +module M_creusot_contracts__stdqy35z1__cmp__qyi16241606109483467814__cmp_ge_log [#"../../../creusot-contracts/src/std/cmp.rs" 98 4 98 35] (* as logic::ord::OrdLogic> *) + let%span scmp0 = "../../../creusot-contracts/src/std/cmp.rs" 97 14 97 61 + let%span scmp1 = "../../../creusot-contracts/src/std/cmp.rs" 95 4 95 10 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 47 20 47 53 + let%span scmp3 = "../../../creusot-contracts/src/std/cmp.rs" 78 8 82 9 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 + let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 + let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 + let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 + let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 + let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 + let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 + let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 + let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 + let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 + let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 + let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 + let%span sord16 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 - use prelude.prelude.Int + type t_T'0 + + type t_Reverse'0 = + { t_Reverse__0'0: t_T'0 } type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int) (o : int) : t_Ordering'0 + function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_T'0) (other : t_T'0) : t_Ordering'0 - = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - constant x : int + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_T'0) (y : t_T'0) : () - constant y : int + axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord16] (x = y) = (cmp_log'1 x y = C_Equal'0) - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (x : int) (y : int) : () + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_T'0) (y : t_T'0) : () - goal vc_cmp_le_log'0 : [%#sord0] (x <= y) = (cmp_log'0 x y <> C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi8355372356285216375__cmp_lt_log [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 83 39 83 86 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 81 8 81 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord14] cmp_log'1 x y = C_Greater'0) + -> ([%#sord15] cmp_log'1 y x = C_Less'0) - use prelude.prelude.Int + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_T'0) (y : t_T'0) : () - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord12] cmp_log'1 x y = C_Less'0) + -> ([%#sord13] cmp_log'1 y x = C_Greater'0) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int) (o : int) : t_Ordering'0 + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () - = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - constant x : int + axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord9] cmp_log'1 x y = o) + -> ([%#sord10] cmp_log'1 y z = o) -> ([%#sord11] cmp_log'1 x z = o) - constant y : int + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_T'0) : () - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (x : int) (y : int) : () + axiom refl'0_spec : forall x : t_T'0 . [%#sord8] cmp_log'1 x x = C_Equal'0 - goal vc_cmp_lt_log'0 : [%#sord0] (x < y) = (cmp_log'0 x y = C_Less'0) -end -module M_creusot_contracts__logic__ord__qyi8355372356285216375__cmp_ge_log [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 88 39 88 86 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 86 8 86 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_T'0) (o : t_T'0) : bool - use prelude.prelude.Int + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_T'0) (y : t_T'0) : () - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord7] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int) (o : int) : t_Ordering'0 - - = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + function ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_T'0) (o : t_T'0) : bool - constant x : int + function cmp_ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_T'0) (y : t_T'0) : () - constant y : int + axiom cmp_ge_log'1_spec : forall x : t_T'0, y : t_T'0 . [%#sord6] ge_log'1 x y = (cmp_log'1 x y <> C_Less'0) - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (x : int) (y : int) : () + function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_T'0) (o : t_T'0) : bool - goal vc_cmp_ge_log'0 : [%#sord0] (x >= y) = (cmp_log'0 x y <> C_Less'0) -end -module M_creusot_contracts__logic__ord__qyi8355372356285216375__cmp_gt_log [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 93 39 93 89 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 91 8 91 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_T'0) (y : t_T'0) : () - use prelude.prelude.Int + axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_T'0) (o : t_T'0) : bool + + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_T'0) (y : t_T'0) : () + + axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int) (o : int) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/std/cmp.rs" 77 4 77 41] (self : t_Reverse'0) (o : t_Reverse'0) : t_Ordering'0 = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#scmp3] match cmp_log'1 self.t_Reverse__0'0 o.t_Reverse__0'0 with + | C_Equal'0 -> C_Equal'0 + | C_Less'0 -> C_Greater'0 + | C_Greater'0 -> C_Less'0 + end - constant x : int + function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_Reverse'0) (o : t_Reverse'0) : bool + + = + [%#sord2] cmp_log'0 self o <> C_Less'0 - constant y : int + constant x : t_Reverse'0 - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (x : int) (y : int) : () + constant y : t_Reverse'0 - goal vc_cmp_gt_log'0 : [%#sord0] (x > y) = (cmp_log'0 x y = C_Greater'0) + function cmp_ge_log'0 [#"../../../creusot-contracts/src/std/cmp.rs" 98 4 98 35] (x : t_Reverse'0) (y : t_Reverse'0) : () + + + goal vc_cmp_ge_log'0 : [%#scmp0] ge_log'0 x y = (cmp_log'0 x y <> C_Less'0) end -module M_creusot_contracts__logic__ord__qyi8355372356285216375__refl [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 98 39 98 70 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 96 8 96 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 +module M_creusot_contracts__stdqy35z1__cmp__qyi16241606109483467814__cmp_gt_log [#"../../../creusot-contracts/src/std/cmp.rs" 103 4 103 35] (* as logic::ord::OrdLogic> *) + let%span scmp0 = "../../../creusot-contracts/src/std/cmp.rs" 102 14 102 64 + let%span scmp1 = "../../../creusot-contracts/src/std/cmp.rs" 100 4 100 10 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 58 20 58 56 + let%span scmp3 = "../../../creusot-contracts/src/std/cmp.rs" 78 8 82 9 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 + let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 + let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 + let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 + let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 + let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 + let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 + let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 + let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 + let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 + let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 + let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 + let%span sord16 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 - use prelude.prelude.Int + type t_T'0 + + type t_Reverse'0 = + { t_Reverse__0'0: t_T'0 } type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int) (o : int) : t_Ordering'0 + function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_T'0) (other : t_T'0) : t_Ordering'0 - = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - constant x : int + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_T'0) (y : t_T'0) : () - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (x : int) : () + axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord16] (x = y) = (cmp_log'1 x y = C_Equal'0) - goal vc_refl'0 : [%#sord0] cmp_log'0 x x = C_Equal'0 -end -module M_creusot_contracts__logic__ord__qyi8355372356285216375__trans [#"../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 103 40 103 57 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 104 40 104 57 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 105 39 105 56 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 101 8 101 35 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_T'0) (y : t_T'0) : () - use prelude.prelude.Int + axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord14] cmp_log'1 x y = C_Greater'0) + -> ([%#sord15] cmp_log'1 y x = C_Less'0) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_T'0) (y : t_T'0) : () + + axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord12] cmp_log'1 x y = C_Less'0) + -> ([%#sord13] cmp_log'1 y x = C_Greater'0) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int) (o : int) : t_Ordering'0 + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () - = - [%#sord4] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - constant x : int + axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord9] cmp_log'1 x y = o) + -> ([%#sord10] cmp_log'1 y z = o) -> ([%#sord11] cmp_log'1 x z = o) - constant y : int + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_T'0) : () - constant z : int + axiom refl'0_spec : forall x : t_T'0 . [%#sord8] cmp_log'1 x x = C_Equal'0 - constant o : t_Ordering'0 + function gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_T'0) (o : t_T'0) : bool - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56] (x : int) (y : int) (z : int) (o : t_Ordering'0) : () - + function cmp_gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_T'0) (y : t_T'0) : () - goal vc_trans'0 : ([%#sord1] cmp_log'0 y z = o) -> ([%#sord0] cmp_log'0 x y = o) -> ([%#sord2] cmp_log'0 x z = o) -end -module M_creusot_contracts__logic__ord__qyi8355372356285216375__antisym1 [#"../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 110 40 110 70 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 111 39 111 72 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 108 8 108 35 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + axiom cmp_gt_log'1_spec : forall x : t_T'0, y : t_T'0 . [%#sord7] gt_log'1 x y = (cmp_log'1 x y = C_Greater'0) - use prelude.prelude.Int + function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_T'0) (o : t_T'0) : bool - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_T'0) (y : t_T'0) : () - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int) (o : int) : t_Ordering'0 - - = - [%#sord3] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord6] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) - constant x : int + function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_T'0) (o : t_T'0) : bool - constant y : int + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_T'0) (y : t_T'0) : () - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37] (x : int) (y : int) : () + axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) - goal vc_antisym1'0 : ([%#sord0] cmp_log'0 x y = C_Less'0) -> ([%#sord1] cmp_log'0 y x = C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi8355372356285216375__antisym2 [#"../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 116 40 116 73 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 117 39 117 69 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 114 8 114 35 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_T'0) (o : t_T'0) : bool - use prelude.prelude.Int + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_T'0) (y : t_T'0) : () - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int) (o : int) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/std/cmp.rs" 77 4 77 41] (self : t_Reverse'0) (o : t_Reverse'0) : t_Ordering'0 = - [%#sord3] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#scmp3] match cmp_log'1 self.t_Reverse__0'0 o.t_Reverse__0'0 with + | C_Equal'0 -> C_Equal'0 + | C_Less'0 -> C_Greater'0 + | C_Greater'0 -> C_Less'0 + end - constant x : int + function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_Reverse'0) (o : t_Reverse'0) : bool + + = + [%#sord2] cmp_log'0 self o = C_Greater'0 - constant y : int + constant x : t_Reverse'0 - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37] (x : int) (y : int) : () + constant y : t_Reverse'0 - goal vc_antisym2'0 : ([%#sord0] cmp_log'0 x y = C_Greater'0) -> ([%#sord1] cmp_log'0 y x = C_Less'0) + function cmp_gt_log'0 [#"../../../creusot-contracts/src/std/cmp.rs" 103 4 103 35] (x : t_Reverse'0) (y : t_Reverse'0) : () + + + goal vc_cmp_gt_log'0 : [%#scmp0] gt_log'0 x y = (cmp_log'0 x y = C_Greater'0) end -module M_creusot_contracts__logic__ord__qyi8355372356285216375__eq_cmp [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 122 39 122 84 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 120 8 120 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 +module M_creusot_contracts__stdqy35z1__cmp__qyi16241606109483467814__refl [#"../../../creusot-contracts/src/std/cmp.rs" 108 4 108 20] (* as logic::ord::OrdLogic> *) + let%span scmp0 = "../../../creusot-contracts/src/std/cmp.rs" 107 14 107 45 + let%span scmp1 = "../../../creusot-contracts/src/std/cmp.rs" 105 4 105 10 + let%span scmp2 = "../../../creusot-contracts/src/std/cmp.rs" 78 8 82 9 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 + let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 + let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 + let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 + let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 + let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 + let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 + let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 + let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 + let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 + let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 + let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 - use prelude.prelude.Int + type t_T'0 + + type t_Reverse'0 = + { t_Reverse__0'0: t_T'0 } type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int) (o : int) : t_Ordering'0 + function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_T'0) (other : t_T'0) : t_Ordering'0 - = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - - constant x : int - constant y : int + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_T'0) (y : t_T'0) : () - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (x : int) (y : int) : () + axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord15] (x = y) = (cmp_log'1 x y = C_Equal'0) - goal vc_eq_cmp'0 : [%#sord0] (x = y) = (cmp_log'0 x y = C_Equal'0) -end -module M_creusot_contracts__logic__ord__qyi15418235539824427604__cmp_le_log [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 78 39 78 89 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 76 8 76 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_T'0) (y : t_T'0) : () - use prelude.prelude.Int + axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord13] cmp_log'1 x y = C_Greater'0) + -> ([%#sord14] cmp_log'1 y x = C_Less'0) - use prelude.prelude.UInt8 + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_T'0) (y : t_T'0) : () - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord11] cmp_log'1 x y = C_Less'0) + -> ([%#sord12] cmp_log'1 y x = C_Greater'0) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint8) (o : uint8) : t_Ordering'0 + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () - = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - constant x : uint8 + axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord8] cmp_log'1 x y = o) + -> ([%#sord9] cmp_log'1 y z = o) -> ([%#sord10] cmp_log'1 x z = o) - constant y : uint8 + function refl'1 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_T'0) : () - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (x : uint8) (y : uint8) : () + axiom refl'1_spec : forall x : t_T'0 . [%#sord7] cmp_log'1 x x = C_Equal'0 - goal vc_cmp_le_log'0 : [%#sord0] (x <= y) = (cmp_log'0 x y <> C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi15418235539824427604__cmp_lt_log [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 83 39 83 86 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 81 8 81 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_T'0) (o : t_T'0) : bool - use prelude.prelude.Int + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_T'0) (y : t_T'0) : () - use prelude.prelude.UInt8 + axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord6] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_T'0) (o : t_T'0) : bool - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint8) (o : uint8) : t_Ordering'0 - - = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_T'0) (y : t_T'0) : () - constant x : uint8 + axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) - constant y : uint8 + function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_T'0) (o : t_T'0) : bool - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (x : uint8) (y : uint8) : () + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_T'0) (y : t_T'0) : () - goal vc_cmp_lt_log'0 : [%#sord0] (x < y) = (cmp_log'0 x y = C_Less'0) -end -module M_creusot_contracts__logic__ord__qyi15418235539824427604__cmp_ge_log [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 88 39 88 86 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 86 8 86 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) - use prelude.prelude.Int + function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_T'0) (o : t_T'0) : bool - use prelude.prelude.UInt8 + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_T'0) (y : t_T'0) : () - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord3] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint8) (o : uint8) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/std/cmp.rs" 77 4 77 41] (self : t_Reverse'0) (o : t_Reverse'0) : t_Ordering'0 = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - - constant x : uint8 + [%#scmp2] match cmp_log'1 self.t_Reverse__0'0 o.t_Reverse__0'0 with + | C_Equal'0 -> C_Equal'0 + | C_Less'0 -> C_Greater'0 + | C_Greater'0 -> C_Less'0 + end - constant y : uint8 + constant x : t_Reverse'0 - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (x : uint8) (y : uint8) : () + function refl'0 [#"../../../creusot-contracts/src/std/cmp.rs" 108 4 108 20] (x : t_Reverse'0) : () - goal vc_cmp_ge_log'0 : [%#sord0] (x >= y) = (cmp_log'0 x y <> C_Less'0) + goal vc_refl'0 : [%#scmp0] cmp_log'0 x x = C_Equal'0 end -module M_creusot_contracts__logic__ord__qyi15418235539824427604__cmp_gt_log [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 93 39 93 89 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 91 8 91 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 +module M_creusot_contracts__stdqy35z1__cmp__qyi16241606109483467814__trans [#"../../../creusot-contracts/src/std/cmp.rs" 115 4 115 52] (* as logic::ord::OrdLogic> *) + let%span scmp0 = "../../../creusot-contracts/src/std/cmp.rs" 112 15 112 32 + let%span scmp1 = "../../../creusot-contracts/src/std/cmp.rs" 113 15 113 32 + let%span scmp2 = "../../../creusot-contracts/src/std/cmp.rs" 114 14 114 31 + let%span scmp3 = "../../../creusot-contracts/src/std/cmp.rs" 110 4 110 10 + let%span scmp4 = "../../../creusot-contracts/src/std/cmp.rs" 78 8 82 9 + let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 + let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 + let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 + let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 + let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 + let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 + let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 + let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 + let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 + let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 + let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 + let%span sord16 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 + let%span sord17 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 - use prelude.prelude.Int + type t_T'0 - use prelude.prelude.UInt8 + type t_Reverse'0 = + { t_Reverse__0'0: t_T'0 } type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint8) (o : uint8) : t_Ordering'0 + function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_T'0) (other : t_T'0) : t_Ordering'0 - = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - - constant x : uint8 - constant y : uint8 + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_T'0) (y : t_T'0) : () - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (x : uint8) (y : uint8) : () + axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord17] (x = y) = (cmp_log'1 x y = C_Equal'0) - goal vc_cmp_gt_log'0 : [%#sord0] (x > y) = (cmp_log'0 x y = C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi15418235539824427604__refl [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 98 39 98 70 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 96 8 96 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_T'0) (y : t_T'0) : () - use prelude.prelude.UInt8 + axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord15] cmp_log'1 x y = C_Greater'0) + -> ([%#sord16] cmp_log'1 y x = C_Less'0) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_T'0) (y : t_T'0) : () - use prelude.prelude.Int + axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord13] cmp_log'1 x y = C_Less'0) + -> ([%#sord14] cmp_log'1 y x = C_Greater'0) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint8) (o : uint8) : t_Ordering'0 + function trans'1 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () - = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - constant x : uint8 - - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (x : uint8) : () + axiom trans'1_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord10] cmp_log'1 x y = o) + -> ([%#sord11] cmp_log'1 y z = o) -> ([%#sord12] cmp_log'1 x z = o) - goal vc_refl'0 : [%#sord0] cmp_log'0 x x = C_Equal'0 -end -module M_creusot_contracts__logic__ord__qyi15418235539824427604__trans [#"../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 103 40 103 57 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 104 40 104 57 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 105 39 105 56 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 101 8 101 35 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_T'0) : () - use prelude.prelude.UInt8 + axiom refl'0_spec : forall x : t_T'0 . [%#sord9] cmp_log'1 x x = C_Equal'0 - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_T'0) (o : t_T'0) : bool - use prelude.prelude.Int + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_T'0) (y : t_T'0) : () - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint8) (o : uint8) : t_Ordering'0 - - = - [%#sord4] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord8] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) - constant x : uint8 + function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_T'0) (o : t_T'0) : bool - constant y : uint8 + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_T'0) (y : t_T'0) : () - constant z : uint8 + axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord7] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) - constant o : t_Ordering'0 + function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_T'0) (o : t_T'0) : bool - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56] (x : uint8) (y : uint8) (z : uint8) (o : t_Ordering'0) : () - + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_T'0) (y : t_T'0) : () - goal vc_trans'0 : ([%#sord1] cmp_log'0 y z = o) -> ([%#sord0] cmp_log'0 x y = o) -> ([%#sord2] cmp_log'0 x z = o) -end -module M_creusot_contracts__logic__ord__qyi15418235539824427604__antisym1 [#"../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 110 40 110 70 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 111 39 111 72 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 108 8 108 35 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord6] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) - use prelude.prelude.UInt8 + function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_T'0) (o : t_T'0) : bool - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_T'0) (y : t_T'0) : () - use prelude.prelude.Int + axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint8) (o : uint8) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/std/cmp.rs" 77 4 77 41] (self : t_Reverse'0) (o : t_Reverse'0) : t_Ordering'0 = - [%#sord3] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - - constant x : uint8 - - constant y : uint8 - - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37] (x : uint8) (y : uint8) : () + [%#scmp4] match cmp_log'1 self.t_Reverse__0'0 o.t_Reverse__0'0 with + | C_Equal'0 -> C_Equal'0 + | C_Less'0 -> C_Greater'0 + | C_Greater'0 -> C_Less'0 + end - goal vc_antisym1'0 : ([%#sord0] cmp_log'0 x y = C_Less'0) -> ([%#sord1] cmp_log'0 y x = C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi15418235539824427604__antisym2 [#"../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 116 40 116 73 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 117 39 117 69 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 114 8 114 35 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + constant x : t_Reverse'0 - use prelude.prelude.UInt8 + constant y : t_Reverse'0 - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + constant z : t_Reverse'0 - use prelude.prelude.Int + constant o : t_Ordering'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint8) (o : uint8) : t_Ordering'0 + function trans'0 [#"../../../creusot-contracts/src/std/cmp.rs" 115 4 115 52] (x : t_Reverse'0) (y : t_Reverse'0) (z : t_Reverse'0) (o : t_Ordering'0) : () - = - [%#sord3] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - constant x : uint8 - - constant y : uint8 - - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37] (x : uint8) (y : uint8) : () - - goal vc_antisym2'0 : ([%#sord0] cmp_log'0 x y = C_Greater'0) -> ([%#sord1] cmp_log'0 y x = C_Less'0) + goal vc_trans'0 : ([%#scmp1] cmp_log'0 y z = o) -> ([%#scmp0] cmp_log'0 x y = o) -> ([%#scmp2] cmp_log'0 x z = o) end -module M_creusot_contracts__logic__ord__qyi15418235539824427604__eq_cmp [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 122 39 122 84 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 120 8 120 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 +module M_creusot_contracts__stdqy35z1__cmp__qyi16241606109483467814__antisym1 [#"../../../creusot-contracts/src/std/cmp.rs" 121 4 121 33] (* as logic::ord::OrdLogic> *) + let%span scmp0 = "../../../creusot-contracts/src/std/cmp.rs" 119 15 119 45 + let%span scmp1 = "../../../creusot-contracts/src/std/cmp.rs" 120 14 120 47 + let%span scmp2 = "../../../creusot-contracts/src/std/cmp.rs" 117 4 117 10 + let%span scmp3 = "../../../creusot-contracts/src/std/cmp.rs" 78 8 82 9 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 + let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 + let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 + let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 + let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 + let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 + let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 + let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 + let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 + let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 + let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 + let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 + let%span sord16 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 - use prelude.prelude.UInt8 + type t_T'0 + + type t_Reverse'0 = + { t_Reverse__0'0: t_T'0 } type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int - - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint8) (o : uint8) : t_Ordering'0 + function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_T'0) (other : t_T'0) : t_Ordering'0 - = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - - constant x : uint8 - constant y : uint8 + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_T'0) (y : t_T'0) : () - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (x : uint8) (y : uint8) : () + axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord16] (x = y) = (cmp_log'1 x y = C_Equal'0) - goal vc_eq_cmp'0 : [%#sord0] (x = y) = (cmp_log'0 x y = C_Equal'0) -end -module M_creusot_contracts__logic__ord__qyi7305497527599188430__cmp_le_log [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 78 39 78 89 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 76 8 76 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_T'0) (y : t_T'0) : () - use prelude.prelude.Int + axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord14] cmp_log'1 x y = C_Greater'0) + -> ([%#sord15] cmp_log'1 y x = C_Less'0) - use prelude.prelude.UInt16 + function antisym1'1 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_T'0) (y : t_T'0) : () - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + axiom antisym1'1_spec : forall x : t_T'0, y : t_T'0 . ([%#sord12] cmp_log'1 x y = C_Less'0) + -> ([%#sord13] cmp_log'1 y x = C_Greater'0) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint16) (o : uint16) : t_Ordering'0 + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () - = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - constant x : uint16 + axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord9] cmp_log'1 x y = o) + -> ([%#sord10] cmp_log'1 y z = o) -> ([%#sord11] cmp_log'1 x z = o) - constant y : uint16 + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_T'0) : () - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (x : uint16) (y : uint16) : () + axiom refl'0_spec : forall x : t_T'0 . [%#sord8] cmp_log'1 x x = C_Equal'0 - goal vc_cmp_le_log'0 : [%#sord0] (x <= y) = (cmp_log'0 x y <> C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi7305497527599188430__cmp_lt_log [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 83 39 83 86 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 81 8 81 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_T'0) (o : t_T'0) : bool - use prelude.prelude.Int + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_T'0) (y : t_T'0) : () - use prelude.prelude.UInt16 + axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord7] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_T'0) (o : t_T'0) : bool - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint16) (o : uint16) : t_Ordering'0 - - = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_T'0) (y : t_T'0) : () - constant x : uint16 + axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord6] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) - constant y : uint16 + function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_T'0) (o : t_T'0) : bool - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (x : uint16) (y : uint16) : () + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_T'0) (y : t_T'0) : () - goal vc_cmp_lt_log'0 : [%#sord0] (x < y) = (cmp_log'0 x y = C_Less'0) -end -module M_creusot_contracts__logic__ord__qyi7305497527599188430__cmp_ge_log [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 88 39 88 86 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 86 8 86 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) - use prelude.prelude.Int + function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_T'0) (o : t_T'0) : bool - use prelude.prelude.UInt16 + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_T'0) (y : t_T'0) : () - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint16) (o : uint16) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/std/cmp.rs" 77 4 77 41] (self : t_Reverse'0) (o : t_Reverse'0) : t_Ordering'0 = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#scmp3] match cmp_log'1 self.t_Reverse__0'0 o.t_Reverse__0'0 with + | C_Equal'0 -> C_Equal'0 + | C_Less'0 -> C_Greater'0 + | C_Greater'0 -> C_Less'0 + end - constant x : uint16 + constant x : t_Reverse'0 - constant y : uint16 + constant y : t_Reverse'0 - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (x : uint16) (y : uint16) : () + function antisym1'0 [#"../../../creusot-contracts/src/std/cmp.rs" 121 4 121 33] (x : t_Reverse'0) (y : t_Reverse'0) : () + - goal vc_cmp_ge_log'0 : [%#sord0] (x >= y) = (cmp_log'0 x y <> C_Less'0) + goal vc_antisym1'0 : ([%#scmp0] cmp_log'0 x y = C_Less'0) -> ([%#scmp1] cmp_log'0 y x = C_Greater'0) end -module M_creusot_contracts__logic__ord__qyi7305497527599188430__cmp_gt_log [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 93 39 93 89 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 91 8 91 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 +module M_creusot_contracts__stdqy35z1__cmp__qyi16241606109483467814__antisym2 [#"../../../creusot-contracts/src/std/cmp.rs" 127 4 127 33] (* as logic::ord::OrdLogic> *) + let%span scmp0 = "../../../creusot-contracts/src/std/cmp.rs" 125 15 125 48 + let%span scmp1 = "../../../creusot-contracts/src/std/cmp.rs" 126 14 126 44 + let%span scmp2 = "../../../creusot-contracts/src/std/cmp.rs" 123 4 123 10 + let%span scmp3 = "../../../creusot-contracts/src/std/cmp.rs" 78 8 82 9 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 + let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 + let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 + let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 + let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 + let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 + let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 + let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 + let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 + let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 + let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 + let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 + let%span sord16 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 - use prelude.prelude.Int + type t_T'0 - use prelude.prelude.UInt16 + type t_Reverse'0 = + { t_Reverse__0'0: t_T'0 } type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint16) (o : uint16) : t_Ordering'0 + function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_T'0) (other : t_T'0) : t_Ordering'0 - = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - constant x : uint16 - - constant y : uint16 + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_T'0) (y : t_T'0) : () - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (x : uint16) (y : uint16) : () + axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord16] (x = y) = (cmp_log'1 x y = C_Equal'0) - goal vc_cmp_gt_log'0 : [%#sord0] (x > y) = (cmp_log'0 x y = C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi7305497527599188430__refl [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 98 39 98 70 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 96 8 96 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + function antisym2'1 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_T'0) (y : t_T'0) : () - use prelude.prelude.UInt16 + axiom antisym2'1_spec : forall x : t_T'0, y : t_T'0 . ([%#sord14] cmp_log'1 x y = C_Greater'0) + -> ([%#sord15] cmp_log'1 y x = C_Less'0) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_T'0) (y : t_T'0) : () - use prelude.prelude.Int + axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord12] cmp_log'1 x y = C_Less'0) + -> ([%#sord13] cmp_log'1 y x = C_Greater'0) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint16) (o : uint16) : t_Ordering'0 + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () - = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - - constant x : uint16 - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (x : uint16) : () + axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord9] cmp_log'1 x y = o) + -> ([%#sord10] cmp_log'1 y z = o) -> ([%#sord11] cmp_log'1 x z = o) - goal vc_refl'0 : [%#sord0] cmp_log'0 x x = C_Equal'0 -end -module M_creusot_contracts__logic__ord__qyi7305497527599188430__trans [#"../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 103 40 103 57 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 104 40 104 57 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 105 39 105 56 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 101 8 101 35 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_T'0) : () - use prelude.prelude.UInt16 + axiom refl'0_spec : forall x : t_T'0 . [%#sord8] cmp_log'1 x x = C_Equal'0 - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_T'0) (o : t_T'0) : bool - use prelude.prelude.Int + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_T'0) (y : t_T'0) : () - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint16) (o : uint16) : t_Ordering'0 - - = - [%#sord4] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord7] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) - constant x : uint16 + function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_T'0) (o : t_T'0) : bool - constant y : uint16 + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_T'0) (y : t_T'0) : () - constant z : uint16 + axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord6] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) - constant o : t_Ordering'0 + function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_T'0) (o : t_T'0) : bool - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56] (x : uint16) (y : uint16) (z : uint16) (o : t_Ordering'0) : () - + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_T'0) (y : t_T'0) : () - goal vc_trans'0 : ([%#sord1] cmp_log'0 y z = o) -> ([%#sord0] cmp_log'0 x y = o) -> ([%#sord2] cmp_log'0 x z = o) -end -module M_creusot_contracts__logic__ord__qyi7305497527599188430__antisym1 [#"../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 110 40 110 70 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 111 39 111 72 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 108 8 108 35 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) - use prelude.prelude.UInt16 + function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_T'0) (o : t_T'0) : bool - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_T'0) (y : t_T'0) : () - use prelude.prelude.Int + axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint16) (o : uint16) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/std/cmp.rs" 77 4 77 41] (self : t_Reverse'0) (o : t_Reverse'0) : t_Ordering'0 = - [%#sord3] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#scmp3] match cmp_log'1 self.t_Reverse__0'0 o.t_Reverse__0'0 with + | C_Equal'0 -> C_Equal'0 + | C_Less'0 -> C_Greater'0 + | C_Greater'0 -> C_Less'0 + end - constant x : uint16 + constant x : t_Reverse'0 - constant y : uint16 + constant y : t_Reverse'0 - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37] (x : uint16) (y : uint16) : () + function antisym2'0 [#"../../../creusot-contracts/src/std/cmp.rs" 127 4 127 33] (x : t_Reverse'0) (y : t_Reverse'0) : () + - goal vc_antisym1'0 : ([%#sord0] cmp_log'0 x y = C_Less'0) -> ([%#sord1] cmp_log'0 y x = C_Greater'0) + goal vc_antisym2'0 : ([%#scmp0] cmp_log'0 x y = C_Greater'0) -> ([%#scmp1] cmp_log'0 y x = C_Less'0) end -module M_creusot_contracts__logic__ord__qyi7305497527599188430__antisym2 [#"../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 116 40 116 73 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 117 39 117 69 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 114 8 114 35 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 +module M_creusot_contracts__stdqy35z1__cmp__qyi16241606109483467814__eq_cmp [#"../../../creusot-contracts/src/std/cmp.rs" 132 4 132 31] (* as logic::ord::OrdLogic> *) + let%span scmp0 = "../../../creusot-contracts/src/std/cmp.rs" 131 14 131 59 + let%span scmp1 = "../../../creusot-contracts/src/std/cmp.rs" 129 4 129 10 + let%span scmp2 = "../../../creusot-contracts/src/std/cmp.rs" 78 8 82 9 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 + let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 + let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 + let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 + let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 + let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 + let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 + let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 + let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 + let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 + let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 + let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 - use prelude.prelude.UInt16 + type t_T'0 + + type t_Reverse'0 = + { t_Reverse__0'0: t_T'0 } type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int - - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint16) (o : uint16) : t_Ordering'0 + function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_T'0) (other : t_T'0) : t_Ordering'0 - = - [%#sord3] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - - constant x : uint16 - constant y : uint16 + function eq_cmp'1 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_T'0) (y : t_T'0) : () - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37] (x : uint16) (y : uint16) : () + axiom eq_cmp'1_spec : forall x : t_T'0, y : t_T'0 . [%#sord15] (x = y) = (cmp_log'1 x y = C_Equal'0) - goal vc_antisym2'0 : ([%#sord0] cmp_log'0 x y = C_Greater'0) -> ([%#sord1] cmp_log'0 y x = C_Less'0) -end -module M_creusot_contracts__logic__ord__qyi7305497527599188430__eq_cmp [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 122 39 122 84 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 120 8 120 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_T'0) (y : t_T'0) : () - use prelude.prelude.UInt16 + axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord13] cmp_log'1 x y = C_Greater'0) + -> ([%#sord14] cmp_log'1 y x = C_Less'0) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_T'0) (y : t_T'0) : () - use prelude.prelude.Int + axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord11] cmp_log'1 x y = C_Less'0) + -> ([%#sord12] cmp_log'1 y x = C_Greater'0) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint16) (o : uint16) : t_Ordering'0 + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () - = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - constant x : uint16 + axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord8] cmp_log'1 x y = o) + -> ([%#sord9] cmp_log'1 y z = o) -> ([%#sord10] cmp_log'1 x z = o) - constant y : uint16 + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_T'0) : () - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (x : uint16) (y : uint16) : () + axiom refl'0_spec : forall x : t_T'0 . [%#sord7] cmp_log'1 x x = C_Equal'0 - goal vc_eq_cmp'0 : [%#sord0] (x = y) = (cmp_log'0 x y = C_Equal'0) -end -module M_creusot_contracts__logic__ord__qyi4526525114627399862__cmp_le_log [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 78 39 78 89 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 76 8 76 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_T'0) (o : t_T'0) : bool - use prelude.prelude.Int + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_T'0) (y : t_T'0) : () - use prelude.prelude.UInt32 + axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord6] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_T'0) (o : t_T'0) : bool - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint32) (o : uint32) : t_Ordering'0 - - = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_T'0) (y : t_T'0) : () - constant x : uint32 + axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) - constant y : uint32 + function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_T'0) (o : t_T'0) : bool - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (x : uint32) (y : uint32) : () + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_T'0) (y : t_T'0) : () - goal vc_cmp_le_log'0 : [%#sord0] (x <= y) = (cmp_log'0 x y <> C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi4526525114627399862__cmp_lt_log [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 83 39 83 86 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 81 8 81 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) - use prelude.prelude.Int + function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_T'0) (o : t_T'0) : bool - use prelude.prelude.UInt32 + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_T'0) (y : t_T'0) : () - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord3] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint32) (o : uint32) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/std/cmp.rs" 77 4 77 41] (self : t_Reverse'0) (o : t_Reverse'0) : t_Ordering'0 = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#scmp2] match cmp_log'1 self.t_Reverse__0'0 o.t_Reverse__0'0 with + | C_Equal'0 -> C_Equal'0 + | C_Less'0 -> C_Greater'0 + | C_Greater'0 -> C_Less'0 + end - constant x : uint32 + constant x : t_Reverse'0 - constant y : uint32 + constant y : t_Reverse'0 - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (x : uint32) (y : uint32) : () + function eq_cmp'0 [#"../../../creusot-contracts/src/std/cmp.rs" 132 4 132 31] (x : t_Reverse'0) (y : t_Reverse'0) : () - goal vc_cmp_lt_log'0 : [%#sord0] (x < y) = (cmp_log'0 x y = C_Less'0) + goal vc_eq_cmp'0 : [%#scmp0] (x = y) = (cmp_log'0 x y = C_Equal'0) end -module M_creusot_contracts__logic__ord__qyi4526525114627399862__cmp_ge_log [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 88 39 88 86 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 86 8 86 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 - - use prelude.prelude.Int - - use prelude.prelude.UInt32 +module M_creusot_contracts__stdqy35z1__deque__qyi3159098507555769709__produces_refl [#"../../../creusot-contracts/src/std/deque.rs" 178 4 178 26] (* as std::iter::Iterator> *) + let%span sdeque0 = "../../../creusot-contracts/src/std/deque.rs" 177 14 177 45 + let%span sdeque1 = "../../../creusot-contracts/src/std/deque.rs" 175 4 175 10 + let%span sdeque2 = "../../../creusot-contracts/src/std/deque.rs" 171 12 171 66 + let%span sslice3 = "../../../creusot-contracts/src/std/slice.rs" 96 14 96 41 + let%span sslice4 = "../../../creusot-contracts/src/std/slice.rs" 97 14 97 80 + let%span smodel5 = "../../../creusot-contracts/src/model.rs" 88 8 88 22 + let%span sops6 = "../../../creusot-contracts/src/logic/ops.rs" 44 8 44 31 + let%span sslice7 = "../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 + let%span sslice8 = "../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint32) (o : uint32) : t_Ordering'0 - - = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + use prelude.prelude.Borrow - constant x : uint32 + type t_T'0 - constant y : uint32 + use seq.Seq - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (x : uint32) (y : uint32) : () + use prelude.prelude.Opaque - goal vc_cmp_ge_log'0 : [%#sord0] (x >= y) = (cmp_log'0 x y <> C_Less'0) -end -module M_creusot_contracts__logic__ord__qyi4526525114627399862__cmp_gt_log [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 93 39 93 89 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 91 8 91 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + type t_NonNull'0 = + { t_NonNull__pointer'0: opaque_ptr } - use prelude.prelude.Int + type t_Iter'1 = + { t_Iter__ptr'0: t_NonNull'0; t_Iter__end_or_len'0: opaque_ptr; t_Iter__qy95zmarker'0: () } - use prelude.prelude.UInt32 + type t_Iter'0 = + { t_Iter__i1'0: t_Iter'1; t_Iter__i2'0: t_Iter'1 } - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use prelude.prelude.Slice - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint32) (o : uint32) : t_Ordering'0 - - = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + function view'0 [#"../../../creusot-contracts/src/std/deque.rs" 155 4 155 33] (self : t_Iter'0) : slice t_T'0 - constant x : uint32 + use seq.Seq - constant y : uint32 + use seq.Seq - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (x : uint32) (y : uint32) : () + use seq.Seq - goal vc_cmp_gt_log'0 : [%#sord0] (x > y) = (cmp_log'0 x y = C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi4526525114627399862__refl [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 98 39 98 70 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 96 8 96 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + use prelude.prelude.UIntSize - use prelude.prelude.UInt32 + constant v_MAX'0 : usize = (18446744073709551615 : usize) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use prelude.prelude.UIntSize use prelude.prelude.Int - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint32) (o : uint32) : t_Ordering'0 - - = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - - constant x : uint32 + use prelude.prelude.Slice - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (x : uint32) : () + function view'2 [#"../../../creusot-contracts/src/std/slice.rs" 30 4 30 33] (self : slice t_T'0) : Seq.seq t_T'0 - goal vc_refl'0 : [%#sord0] cmp_log'0 x x = C_Equal'0 -end -module M_creusot_contracts__logic__ord__qyi4526525114627399862__trans [#"../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 103 40 103 57 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 104 40 104 57 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 105 39 105 56 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 101 8 101 35 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + axiom view'2_spec : forall self : slice t_T'0 . ([%#sslice7] Seq.length (view'2 self) + <= UIntSize.to_int (v_MAX'0 : usize)) + && ([%#sslice8] view'2 self = Slice.id self) - use prelude.prelude.UInt32 + function view'1 [#"../../../creusot-contracts/src/model.rs" 87 4 87 33] (self : slice t_T'0) : Seq.seq t_T'0 = + [%#smodel5] view'2 self - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use seq.Seq - use prelude.prelude.Int + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint32) (o : uint32) : t_Ordering'0 + function index_logic'0 [@inline:trivial] [#"../../../creusot-contracts/src/logic/ops.rs" 43 4 43 47] (self : slice t_T'0) (ix : int) : t_T'0 = - [%#sord4] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - - constant x : uint32 - - constant y : uint32 - - constant z : uint32 - - constant o : t_Ordering'0 - - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56] (x : uint32) (y : uint32) (z : uint32) (o : t_Ordering'0) : () - - - goal vc_trans'0 : ([%#sord1] cmp_log'0 y z = o) -> ([%#sord0] cmp_log'0 x y = o) -> ([%#sord2] cmp_log'0 x z = o) -end -module M_creusot_contracts__logic__ord__qyi4526525114627399862__antisym1 [#"../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 110 40 110 70 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 111 39 111 72 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 108 8 108 35 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + [%#sops6] Seq.get (view'2 self) ix - use prelude.prelude.UInt32 + function to_ref_seq'0 [#"../../../creusot-contracts/src/std/slice.rs" 98 4 98 35] (self : slice t_T'0) : Seq.seq t_T'0 - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + axiom to_ref_seq'0_spec : forall self : slice t_T'0 . ([%#sslice3] Seq.length (to_ref_seq'0 self) + = Seq.length (view'1 self)) + && ([%#sslice4] forall i : int . 0 <= i /\ i < Seq.length (to_ref_seq'0 self) + -> Seq.get (to_ref_seq'0 self) i = index_logic'0 self i) - use prelude.prelude.Int + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint32) (o : uint32) : t_Ordering'0 + predicate produces'0 [#"../../../creusot-contracts/src/std/deque.rs" 169 4 169 65] (self : t_Iter'0) (visited : Seq.seq t_T'0) (tl : t_Iter'0) = - [%#sord3] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - - constant x : uint32 + [%#sdeque2] to_ref_seq'0 (view'0 self) = Seq.(++) visited (to_ref_seq'0 (view'0 tl)) - constant y : uint32 + constant self : t_Iter'0 - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37] (x : uint32) (y : uint32) : () + function produces_refl'0 [#"../../../creusot-contracts/src/std/deque.rs" 178 4 178 26] (self : t_Iter'0) : () - goal vc_antisym1'0 : ([%#sord0] cmp_log'0 x y = C_Less'0) -> ([%#sord1] cmp_log'0 y x = C_Greater'0) + goal vc_produces_refl'0 : [%#sdeque0] produces'0 self (Seq.empty : Seq.seq t_T'0) self end -module M_creusot_contracts__logic__ord__qyi4526525114627399862__antisym2 [#"../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 116 40 116 73 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 117 39 117 69 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 114 8 114 35 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 - - use prelude.prelude.UInt32 +module M_creusot_contracts__stdqy35z1__deque__qyi3159098507555769709__produces_trans [#"../../../creusot-contracts/src/std/deque.rs" 185 4 185 90] (* as std::iter::Iterator> *) + let%span sdeque0 = "../../../creusot-contracts/src/std/deque.rs" 182 15 182 32 + let%span sdeque1 = "../../../creusot-contracts/src/std/deque.rs" 183 15 183 32 + let%span sdeque2 = "../../../creusot-contracts/src/std/deque.rs" 184 14 184 42 + let%span sdeque3 = "../../../creusot-contracts/src/std/deque.rs" 180 4 180 10 + let%span sdeque4 = "../../../creusot-contracts/src/std/deque.rs" 171 12 171 66 + let%span sslice5 = "../../../creusot-contracts/src/std/slice.rs" 96 14 96 41 + let%span sslice6 = "../../../creusot-contracts/src/std/slice.rs" 97 14 97 80 + let%span smodel7 = "../../../creusot-contracts/src/model.rs" 88 8 88 22 + let%span sops8 = "../../../creusot-contracts/src/logic/ops.rs" 44 8 44 31 + let%span sslice9 = "../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 + let%span sslice10 = "../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use prelude.prelude.Opaque - use prelude.prelude.Int + type t_NonNull'0 = + { t_NonNull__pointer'0: opaque_ptr } - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint32) (o : uint32) : t_Ordering'0 - - = - [%#sord3] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + type t_Iter'1 = + { t_Iter__ptr'0: t_NonNull'0; t_Iter__end_or_len'0: opaque_ptr; t_Iter__qy95zmarker'0: () } - constant x : uint32 + type t_Iter'0 = + { t_Iter__i1'0: t_Iter'1; t_Iter__i2'0: t_Iter'1 } - constant y : uint32 + use prelude.prelude.Borrow - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37] (x : uint32) (y : uint32) : () + type t_T'0 - goal vc_antisym2'0 : ([%#sord0] cmp_log'0 x y = C_Greater'0) -> ([%#sord1] cmp_log'0 y x = C_Less'0) -end -module M_creusot_contracts__logic__ord__qyi4526525114627399862__eq_cmp [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 122 39 122 84 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 120 8 120 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + use seq.Seq - use prelude.prelude.UInt32 + use prelude.prelude.Slice - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function view'0 [#"../../../creusot-contracts/src/std/deque.rs" 155 4 155 33] (self : t_Iter'0) : slice t_T'0 - use prelude.prelude.Int + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint32) (o : uint32) : t_Ordering'0 - - = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + use seq.Seq - constant x : uint32 + use seq.Seq - constant y : uint32 + use prelude.prelude.UIntSize - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (x : uint32) (y : uint32) : () + constant v_MAX'0 : usize = (18446744073709551615 : usize) - goal vc_eq_cmp'0 : [%#sord0] (x = y) = (cmp_log'0 x y = C_Equal'0) -end -module M_creusot_contracts__logic__ord__qyi11489483489418918928__cmp_le_log [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 78 39 78 89 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 76 8 76 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + use prelude.prelude.UIntSize use prelude.prelude.Int - use prelude.prelude.UInt64 - - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 - - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint64) (o : uint64) : t_Ordering'0 - - = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - - constant x : uint64 - - constant y : uint64 + use prelude.prelude.Slice - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (x : uint64) (y : uint64) : () + function view'2 [#"../../../creusot-contracts/src/std/slice.rs" 30 4 30 33] (self : slice t_T'0) : Seq.seq t_T'0 - goal vc_cmp_le_log'0 : [%#sord0] (x <= y) = (cmp_log'0 x y <> C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi11489483489418918928__cmp_lt_log [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 83 39 83 86 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 81 8 81 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + axiom view'2_spec : forall self : slice t_T'0 . ([%#sslice9] Seq.length (view'2 self) + <= UIntSize.to_int (v_MAX'0 : usize)) + && ([%#sslice10] view'2 self = Slice.id self) - use prelude.prelude.Int + function view'1 [#"../../../creusot-contracts/src/model.rs" 87 4 87 33] (self : slice t_T'0) : Seq.seq t_T'0 = + [%#smodel7] view'2 self - use prelude.prelude.UInt64 + use seq.Seq - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint64) (o : uint64) : t_Ordering'0 + function index_logic'0 [@inline:trivial] [#"../../../creusot-contracts/src/logic/ops.rs" 43 4 43 47] (self : slice t_T'0) (ix : int) : t_T'0 = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - - constant x : uint64 - - constant y : uint64 - - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (x : uint64) (y : uint64) : () - - goal vc_cmp_lt_log'0 : [%#sord0] (x < y) = (cmp_log'0 x y = C_Less'0) -end -module M_creusot_contracts__logic__ord__qyi11489483489418918928__cmp_ge_log [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 88 39 88 86 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 86 8 86 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + [%#sops8] Seq.get (view'2 self) ix - use prelude.prelude.Int + function to_ref_seq'0 [#"../../../creusot-contracts/src/std/slice.rs" 98 4 98 35] (self : slice t_T'0) : Seq.seq t_T'0 - use prelude.prelude.UInt64 + axiom to_ref_seq'0_spec : forall self : slice t_T'0 . ([%#sslice5] Seq.length (to_ref_seq'0 self) + = Seq.length (view'1 self)) + && ([%#sslice6] forall i : int . 0 <= i /\ i < Seq.length (to_ref_seq'0 self) + -> Seq.get (to_ref_seq'0 self) i = index_logic'0 self i) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint64) (o : uint64) : t_Ordering'0 + predicate produces'0 [#"../../../creusot-contracts/src/std/deque.rs" 169 4 169 65] (self : t_Iter'0) (visited : Seq.seq t_T'0) (tl : t_Iter'0) = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - - constant x : uint64 - - constant y : uint64 + [%#sdeque4] to_ref_seq'0 (view'0 self) = Seq.(++) visited (to_ref_seq'0 (view'0 tl)) - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (x : uint64) (y : uint64) : () + constant a : t_Iter'0 - goal vc_cmp_ge_log'0 : [%#sord0] (x >= y) = (cmp_log'0 x y <> C_Less'0) -end -module M_creusot_contracts__logic__ord__qyi11489483489418918928__cmp_gt_log [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 93 39 93 89 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 91 8 91 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + constant ab : Seq.seq t_T'0 - use prelude.prelude.Int + constant b : t_Iter'0 - use prelude.prelude.UInt64 + constant bc : Seq.seq t_T'0 - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + constant c : t_Iter'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint64) (o : uint64) : t_Ordering'0 + function produces_trans'0 [#"../../../creusot-contracts/src/std/deque.rs" 185 4 185 90] (a : t_Iter'0) (ab : Seq.seq t_T'0) (b : t_Iter'0) (bc : Seq.seq t_T'0) (c : t_Iter'0) : () - = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - - constant x : uint64 - - constant y : uint64 - - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (x : uint64) (y : uint64) : () - goal vc_cmp_gt_log'0 : [%#sord0] (x > y) = (cmp_log'0 x y = C_Greater'0) + goal vc_produces_trans'0 : ([%#sdeque1] produces'0 b bc c) + -> ([%#sdeque0] produces'0 a ab b) -> ([%#sdeque2] produces'0 a (Seq.(++) ab bc) c) end -module M_creusot_contracts__logic__ord__qyi11489483489418918928__refl [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 98 39 98 70 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 96 8 96 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 - - use prelude.prelude.UInt64 +module M_creusot_contracts__stdqy35z1__iter__cloned__qyi10472681371035856984__produces_refl [#"../../../creusot-contracts/src/std/iter/cloned.rs" 62 4 62 26] (* as std::iter::Iterator> *) + let%span scloned0 = "../../../creusot-contracts/src/std/iter/cloned.rs" 60 15 60 24 + let%span scloned1 = "../../../creusot-contracts/src/std/iter/cloned.rs" 61 14 61 45 + let%span scloned2 = "../../../creusot-contracts/src/std/iter/cloned.rs" 58 4 58 10 + let%span scloned3 = "../../../creusot-contracts/src/std/iter/cloned.rs" 51 12 54 79 + let%span scloned4 = "../../../creusot-contracts/src/std/iter/cloned.rs" 11 14 11 39 + let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 38 15 38 24 + let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 39 14 39 45 + let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 21 + let%span siter8 = "../../../creusot-contracts/src/std/iter.rs" 44 15 44 21 + let%span siter9 = "../../../creusot-contracts/src/std/iter.rs" 45 15 45 21 + let%span siter10 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 + let%span siter11 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 + let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 + let%span sseq13 = "../../../creusot-contracts/src/logic/seq.rs" 609 20 609 95 + let%span sboxed14 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 + let%span sinvariant15 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + type t_I'0 - use prelude.prelude.Int + type t_Cloned'0 = + { t_Cloned__it'0: t_I'0 } - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint64) (o : uint64) : t_Ordering'0 - - = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) - constant x : uint64 + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Cloned'0) - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (x : uint64) : () + axiom inv_axiom'0 [@rewrite] : forall x : t_Cloned'0 [inv'0 x] . inv'0 x + = match x with + | {t_Cloned__it'0 = it} -> inv'2 it + end - goal vc_refl'0 : [%#sord0] cmp_log'0 x x = C_Equal'0 -end -module M_creusot_contracts__logic__ord__qyi11489483489418918928__trans [#"../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 103 40 103 57 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 104 40 104 57 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 105 39 105 56 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 101 8 101 35 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + use seq.Seq - use prelude.prelude.UInt64 + type t_T'0 - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use seq.Seq - use prelude.prelude.Int + use prelude.prelude.Borrow - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint64) (o : uint64) : t_Ordering'0 - - = - [%#sord4] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + use seq.Seq - constant x : uint64 + use prelude.prelude.Int - constant y : uint64 + use seq.Seq - constant z : uint64 + use seq.Seq - constant o : t_Ordering'0 + predicate inv'5 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56] (x : uint64) (y : uint64) (z : uint64) (o : t_Ordering'0) : () - + predicate invariant'2 [#"../../../creusot-contracts/src/invariant.rs" 23 4 23 30] (self : t_T'0) = + [%#sinvariant15] inv'5 self - goal vc_trans'0 : ([%#sord1] cmp_log'0 y z = o) -> ([%#sord0] cmp_log'0 x y = o) -> ([%#sord2] cmp_log'0 x z = o) -end -module M_creusot_contracts__logic__ord__qyi11489483489418918928__antisym1 [#"../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 110 40 110 70 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 111 39 111 72 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 108 8 108 35 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) - use prelude.prelude.UInt64 + axiom inv_axiom'3 [@rewrite] : forall x : t_T'0 [inv'4 x] . inv'4 x = invariant'2 x - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + predicate invariant'1 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : t_T'0) = + [%#sboxed14] inv'4 self - use prelude.prelude.Int + predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint64) (o : uint64) : t_Ordering'0 - - = - [%#sord3] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + axiom inv_axiom'2 [@rewrite] : forall x : t_T'0 [inv'3 x] . inv'3 x = invariant'1 x - constant x : uint64 + predicate invariant'0 [#"../../../creusot-contracts/src/logic/seq.rs" 608 4 608 30] (self : Seq.seq t_T'0) = + [%#sseq13] forall i : int . 0 <= i /\ i < Seq.length self -> inv'3 (Seq.get self i) - constant y : uint64 + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t_T'0) - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37] (x : uint64) (y : uint64) : () + axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq t_T'0 [inv'1 x] . inv'1 x = invariant'0 x - goal vc_antisym1'0 : ([%#sord0] cmp_log'0 x y = C_Less'0) -> ([%#sord1] cmp_log'0 y x = C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi11489483489418918928__antisym2 [#"../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 116 40 116 73 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 117 39 117 69 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 114 8 114 35 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + function iter'0 [#"../../../creusot-contracts/src/std/iter/cloned.rs" 12 4 12 22] (self : t_Cloned'0) : t_I'0 - use prelude.prelude.UInt64 + axiom iter'0_spec : forall self : t_Cloned'0 . [%#scloned4] inv'0 self -> inv'2 (iter'0 self) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use seq.Seq - use prelude.prelude.Int + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint64) (o : uint64) : t_Ordering'0 + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_T'0) (o : t_I'0) - = - [%#sord3] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - constant x : uint64 + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_T'0) (b : t_I'0) (bc : Seq.seq t_T'0) (c : t_I'0) : () + - constant y : uint64 + axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_T'0, b : t_I'0, bc : Seq.seq t_T'0, c : t_I'0 . ([%#siter7] inv'2 a) + -> ([%#siter8] inv'2 b) + -> ([%#siter9] inv'2 c) + -> ([%#siter10] produces'1 a ab b) + -> ([%#siter11] produces'1 b bc c) -> ([%#siter12] produces'1 a (Seq.(++) ab bc) c) - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37] (x : uint64) (y : uint64) : () + function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 40 4 40 27] (self : t_I'0) : () - goal vc_antisym2'0 : ([%#sord0] cmp_log'0 x y = C_Greater'0) -> ([%#sord1] cmp_log'0 y x = C_Less'0) -end -module M_creusot_contracts__logic__ord__qyi11489483489418918928__eq_cmp [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 122 39 122 84 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 120 8 120 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + axiom produces_refl'1_spec : forall self : t_I'0 . ([%#siter5] inv'2 self) + -> ([%#siter6] produces'1 self (Seq.empty : Seq.seq t_T'0) self) - use prelude.prelude.UInt64 + use seq.Seq - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use seq.Seq - use prelude.prelude.Int + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint64) (o : uint64) : t_Ordering'0 + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/cloned.rs" 49 4 49 64] (self : t_Cloned'0) (visited : Seq.seq t_T'0) (o : t_Cloned'0) = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - - constant x : uint64 + [%#scloned3] exists s : Seq.seq t_T'0 . inv'1 s + /\ produces'1 (iter'0 self) s (iter'0 o) + /\ Seq.length visited = Seq.length s + /\ (forall i : int . 0 <= i /\ i < Seq.length s -> Seq.get visited i = Seq.get s i) - constant y : uint64 + constant self : t_Cloned'0 - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (x : uint64) (y : uint64) : () + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter/cloned.rs" 62 4 62 26] (self : t_Cloned'0) : () - goal vc_eq_cmp'0 : [%#sord0] (x = y) = (cmp_log'0 x y = C_Equal'0) + goal vc_produces_refl'0 : ([%#scloned0] inv'0 self) + -> ([%#scloned1] produces'0 self (Seq.empty : Seq.seq t_T'0) self) end -module M_creusot_contracts__logic__ord__qyi13757098721041279861__cmp_le_log [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 78 39 78 89 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 76 8 76 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 +module M_creusot_contracts__stdqy35z1__iter__cloned__qyi10472681371035856984__produces_trans [#"../../../creusot-contracts/src/std/iter/cloned.rs" 72 4 72 90] (* as std::iter::Iterator> *) + let%span scloned0 = "../../../creusot-contracts/src/std/iter/cloned.rs" 66 15 66 21 + let%span scloned1 = "../../../creusot-contracts/src/std/iter/cloned.rs" 67 15 67 21 + let%span scloned2 = "../../../creusot-contracts/src/std/iter/cloned.rs" 68 15 68 21 + let%span scloned3 = "../../../creusot-contracts/src/std/iter/cloned.rs" 69 15 69 32 + let%span scloned4 = "../../../creusot-contracts/src/std/iter/cloned.rs" 70 15 70 32 + let%span scloned5 = "../../../creusot-contracts/src/std/iter/cloned.rs" 71 14 71 42 + let%span scloned6 = "../../../creusot-contracts/src/std/iter/cloned.rs" 64 4 64 10 + let%span scloned7 = "../../../creusot-contracts/src/std/iter/cloned.rs" 51 12 54 79 + let%span scloned8 = "../../../creusot-contracts/src/std/iter/cloned.rs" 11 14 11 39 + let%span siter9 = "../../../creusot-contracts/src/std/iter.rs" 38 15 38 24 + let%span siter10 = "../../../creusot-contracts/src/std/iter.rs" 39 14 39 45 + let%span siter11 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 21 + let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 44 15 44 21 + let%span siter13 = "../../../creusot-contracts/src/std/iter.rs" 45 15 45 21 + let%span siter14 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 + let%span siter15 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 + let%span siter16 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 + let%span sseq17 = "../../../creusot-contracts/src/logic/seq.rs" 609 20 609 95 + let%span sboxed18 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 + let%span sinvariant19 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 - use prelude.prelude.Int + type t_I'0 - use prelude.prelude.UInt128 + type t_Cloned'0 = + { t_Cloned__it'0: t_I'0 } - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint128) (o : uint128) : t_Ordering'0 - - = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Cloned'0) - constant x : uint128 + axiom inv_axiom'0 [@rewrite] : forall x : t_Cloned'0 [inv'0 x] . inv'0 x + = match x with + | {t_Cloned__it'0 = it} -> inv'2 it + end - constant y : uint128 + type t_T'0 - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (x : uint128) (y : uint128) : () + use seq.Seq - goal vc_cmp_le_log'0 : [%#sord0] (x <= y) = (cmp_log'0 x y <> C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi13757098721041279861__cmp_lt_log [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 83 39 83 86 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 81 8 81 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + use prelude.prelude.Borrow - use prelude.prelude.Int + use seq.Seq - use prelude.prelude.UInt128 + use prelude.prelude.Int - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint128) (o : uint128) : t_Ordering'0 - - = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + use seq.Seq - constant x : uint128 + predicate inv'5 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) - constant y : uint128 + predicate invariant'2 [#"../../../creusot-contracts/src/invariant.rs" 23 4 23 30] (self : t_T'0) = + [%#sinvariant19] inv'5 self - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (x : uint128) (y : uint128) : () + predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) - goal vc_cmp_lt_log'0 : [%#sord0] (x < y) = (cmp_log'0 x y = C_Less'0) -end -module M_creusot_contracts__logic__ord__qyi13757098721041279861__cmp_ge_log [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 88 39 88 86 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 86 8 86 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + axiom inv_axiom'3 [@rewrite] : forall x : t_T'0 [inv'4 x] . inv'4 x = invariant'2 x - use prelude.prelude.Int + predicate invariant'1 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : t_T'0) = + [%#sboxed18] inv'4 self - use prelude.prelude.UInt128 + predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + axiom inv_axiom'2 [@rewrite] : forall x : t_T'0 [inv'3 x] . inv'3 x = invariant'1 x - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint128) (o : uint128) : t_Ordering'0 - - = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + predicate invariant'0 [#"../../../creusot-contracts/src/logic/seq.rs" 608 4 608 30] (self : Seq.seq t_T'0) = + [%#sseq17] forall i : int . 0 <= i /\ i < Seq.length self -> inv'3 (Seq.get self i) - constant x : uint128 + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t_T'0) - constant y : uint128 + axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq t_T'0 [inv'1 x] . inv'1 x = invariant'0 x - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (x : uint128) (y : uint128) : () + function iter'0 [#"../../../creusot-contracts/src/std/iter/cloned.rs" 12 4 12 22] (self : t_Cloned'0) : t_I'0 - goal vc_cmp_ge_log'0 : [%#sord0] (x >= y) = (cmp_log'0 x y <> C_Less'0) -end -module M_creusot_contracts__logic__ord__qyi13757098721041279861__cmp_gt_log [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 93 39 93 89 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 91 8 91 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + axiom iter'0_spec : forall self : t_Cloned'0 . [%#scloned8] inv'0 self -> inv'2 (iter'0 self) - use prelude.prelude.Int + use seq.Seq - use prelude.prelude.UInt128 + use seq.Seq - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_T'0) (o : t_I'0) + - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint128) (o : uint128) : t_Ordering'0 + function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_T'0) (b : t_I'0) (bc : Seq.seq t_T'0) (c : t_I'0) : () - = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - constant x : uint128 + axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_T'0, b : t_I'0, bc : Seq.seq t_T'0, c : t_I'0 . ([%#siter11] inv'2 a) + -> ([%#siter12] inv'2 b) + -> ([%#siter13] inv'2 c) + -> ([%#siter14] produces'1 a ab b) + -> ([%#siter15] produces'1 b bc c) -> ([%#siter16] produces'1 a (Seq.(++) ab bc) c) - constant y : uint128 + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 40 4 40 27] (self : t_I'0) : () - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (x : uint128) (y : uint128) : () - - goal vc_cmp_gt_log'0 : [%#sord0] (x > y) = (cmp_log'0 x y = C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi13757098721041279861__refl [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 98 39 98 70 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 96 8 96 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + axiom produces_refl'0_spec : forall self : t_I'0 . ([%#siter9] inv'2 self) + -> ([%#siter10] produces'1 self (Seq.empty : Seq.seq t_T'0) self) - use prelude.prelude.UInt128 + use seq.Seq - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use seq.Seq - use prelude.prelude.Int + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint128) (o : uint128) : t_Ordering'0 + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/cloned.rs" 49 4 49 64] (self : t_Cloned'0) (visited : Seq.seq t_T'0) (o : t_Cloned'0) = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - - constant x : uint128 - - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (x : uint128) : () - - goal vc_refl'0 : [%#sord0] cmp_log'0 x x = C_Equal'0 -end -module M_creusot_contracts__logic__ord__qyi13757098721041279861__trans [#"../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 103 40 103 57 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 104 40 104 57 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 105 39 105 56 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 101 8 101 35 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 - - use prelude.prelude.UInt128 - - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + [%#scloned7] exists s : Seq.seq t_T'0 . inv'1 s + /\ produces'1 (iter'0 self) s (iter'0 o) + /\ Seq.length visited = Seq.length s + /\ (forall i : int . 0 <= i /\ i < Seq.length s -> Seq.get visited i = Seq.get s i) - use prelude.prelude.Int + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint128) (o : uint128) : t_Ordering'0 - - = - [%#sord4] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + constant a : t_Cloned'0 - constant x : uint128 + constant ab : Seq.seq t_T'0 - constant y : uint128 + constant b : t_Cloned'0 - constant z : uint128 + constant bc : Seq.seq t_T'0 - constant o : t_Ordering'0 + constant c : t_Cloned'0 - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56] (x : uint128) (y : uint128) (z : uint128) (o : t_Ordering'0) : () + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter/cloned.rs" 72 4 72 90] (a : t_Cloned'0) (ab : Seq.seq t_T'0) (b : t_Cloned'0) (bc : Seq.seq t_T'0) (c : t_Cloned'0) : () - goal vc_trans'0 : ([%#sord1] cmp_log'0 y z = o) -> ([%#sord0] cmp_log'0 x y = o) -> ([%#sord2] cmp_log'0 x z = o) + goal vc_produces_trans'0 : ([%#scloned4] produces'0 b bc c) + -> ([%#scloned3] produces'0 a ab b) + -> ([%#scloned2] inv'0 c) + -> ([%#scloned1] inv'0 b) -> ([%#scloned0] inv'0 a) -> ([%#scloned5] produces'0 a (Seq.(++) ab bc) c) end -module M_creusot_contracts__logic__ord__qyi13757098721041279861__antisym1 [#"../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 110 40 110 70 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 111 39 111 72 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 108 8 108 35 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 +module M_creusot_contracts__stdqy35z1__iter__copied__qyi18224474876607687026__produces_refl [#"../../../creusot-contracts/src/std/iter/copied.rs" 62 4 62 26] (* as std::iter::Iterator> *) + let%span scopied0 = "../../../creusot-contracts/src/std/iter/copied.rs" 60 15 60 24 + let%span scopied1 = "../../../creusot-contracts/src/std/iter/copied.rs" 61 14 61 45 + let%span scopied2 = "../../../creusot-contracts/src/std/iter/copied.rs" 58 4 58 10 + let%span scopied3 = "../../../creusot-contracts/src/std/iter/copied.rs" 51 12 54 79 + let%span scopied4 = "../../../creusot-contracts/src/std/iter/copied.rs" 11 14 11 39 + let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 38 15 38 24 + let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 39 14 39 45 + let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 21 + let%span siter8 = "../../../creusot-contracts/src/std/iter.rs" 44 15 44 21 + let%span siter9 = "../../../creusot-contracts/src/std/iter.rs" 45 15 45 21 + let%span siter10 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 + let%span siter11 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 + let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 + let%span sseq13 = "../../../creusot-contracts/src/logic/seq.rs" 609 20 609 95 + let%span sboxed14 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 + let%span sinvariant15 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 - use prelude.prelude.UInt128 + type t_I'0 - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + type t_Copied'0 = + { t_Copied__it'0: t_I'0 } - use prelude.prelude.Int + predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint128) (o : uint128) : t_Ordering'0 - - = - [%#sord3] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Copied'0) - constant x : uint128 + axiom inv_axiom'0 [@rewrite] : forall x : t_Copied'0 [inv'0 x] . inv'0 x + = match x with + | {t_Copied__it'0 = it} -> inv'2 it + end - constant y : uint128 + use seq.Seq - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37] (x : uint128) (y : uint128) : () + type t_T'0 - goal vc_antisym1'0 : ([%#sord0] cmp_log'0 x y = C_Less'0) -> ([%#sord1] cmp_log'0 y x = C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi13757098721041279861__antisym2 [#"../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 116 40 116 73 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 117 39 117 69 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 114 8 114 35 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + use seq.Seq - use prelude.prelude.UInt128 + use prelude.prelude.Borrow - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use seq.Seq use prelude.prelude.Int - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint128) (o : uint128) : t_Ordering'0 - - = - [%#sord3] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + use seq.Seq - constant x : uint128 + use seq.Seq - constant y : uint128 + predicate inv'5 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37] (x : uint128) (y : uint128) : () + predicate invariant'2 [#"../../../creusot-contracts/src/invariant.rs" 23 4 23 30] (self : t_T'0) = + [%#sinvariant15] inv'5 self - goal vc_antisym2'0 : ([%#sord0] cmp_log'0 x y = C_Greater'0) -> ([%#sord1] cmp_log'0 y x = C_Less'0) -end -module M_creusot_contracts__logic__ord__qyi13757098721041279861__eq_cmp [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 122 39 122 84 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 120 8 120 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) - use prelude.prelude.UInt128 + axiom inv_axiom'3 [@rewrite] : forall x : t_T'0 [inv'4 x] . inv'4 x = invariant'2 x - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + predicate invariant'1 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : t_T'0) = + [%#sboxed14] inv'4 self - use prelude.prelude.Int + predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint128) (o : uint128) : t_Ordering'0 - - = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + axiom inv_axiom'2 [@rewrite] : forall x : t_T'0 [inv'3 x] . inv'3 x = invariant'1 x - constant x : uint128 + predicate invariant'0 [#"../../../creusot-contracts/src/logic/seq.rs" 608 4 608 30] (self : Seq.seq t_T'0) = + [%#sseq13] forall i : int . 0 <= i /\ i < Seq.length self -> inv'3 (Seq.get self i) - constant y : uint128 + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t_T'0) - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (x : uint128) (y : uint128) : () + axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq t_T'0 [inv'1 x] . inv'1 x = invariant'0 x - goal vc_eq_cmp'0 : [%#sord0] (x = y) = (cmp_log'0 x y = C_Equal'0) -end -module M_creusot_contracts__logic__ord__qyi8186105652185060096__cmp_le_log [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 78 39 78 89 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 76 8 76 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + function iter'0 [#"../../../creusot-contracts/src/std/iter/copied.rs" 12 4 12 22] (self : t_Copied'0) : t_I'0 - use prelude.prelude.Int + axiom iter'0_spec : forall self : t_Copied'0 . [%#scopied4] inv'0 self -> inv'2 (iter'0 self) - use prelude.prelude.UIntSize + use seq.Seq - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : usize) (o : usize) : t_Ordering'0 + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_T'0) (o : t_I'0) - = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - constant x : usize + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_T'0) (b : t_I'0) (bc : Seq.seq t_T'0) (c : t_I'0) : () + - constant y : usize + axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_T'0, b : t_I'0, bc : Seq.seq t_T'0, c : t_I'0 . ([%#siter7] inv'2 a) + -> ([%#siter8] inv'2 b) + -> ([%#siter9] inv'2 c) + -> ([%#siter10] produces'1 a ab b) + -> ([%#siter11] produces'1 b bc c) -> ([%#siter12] produces'1 a (Seq.(++) ab bc) c) - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (x : usize) (y : usize) : () + function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 40 4 40 27] (self : t_I'0) : () - goal vc_cmp_le_log'0 : [%#sord0] (x <= y) = (cmp_log'0 x y <> C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi8186105652185060096__cmp_lt_log [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 83 39 83 86 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 81 8 81 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + axiom produces_refl'1_spec : forall self : t_I'0 . ([%#siter5] inv'2 self) + -> ([%#siter6] produces'1 self (Seq.empty : Seq.seq t_T'0) self) - use prelude.prelude.Int + use seq.Seq - use prelude.prelude.UIntSize + use seq.Seq - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : usize) (o : usize) : t_Ordering'0 + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/copied.rs" 49 4 49 64] (self : t_Copied'0) (visited : Seq.seq t_T'0) (o : t_Copied'0) = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - - constant x : usize + [%#scopied3] exists s : Seq.seq t_T'0 . inv'1 s + /\ produces'1 (iter'0 self) s (iter'0 o) + /\ Seq.length visited = Seq.length s + /\ (forall i : int . 0 <= i /\ i < Seq.length s -> Seq.get visited i = Seq.get s i) - constant y : usize + constant self : t_Copied'0 - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (x : usize) (y : usize) : () + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter/copied.rs" 62 4 62 26] (self : t_Copied'0) : () - goal vc_cmp_lt_log'0 : [%#sord0] (x < y) = (cmp_log'0 x y = C_Less'0) + goal vc_produces_refl'0 : ([%#scopied0] inv'0 self) + -> ([%#scopied1] produces'0 self (Seq.empty : Seq.seq t_T'0) self) end -module M_creusot_contracts__logic__ord__qyi8186105652185060096__cmp_ge_log [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 88 39 88 86 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 86 8 86 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 +module M_creusot_contracts__stdqy35z1__iter__copied__qyi18224474876607687026__produces_trans [#"../../../creusot-contracts/src/std/iter/copied.rs" 72 4 72 90] (* as std::iter::Iterator> *) + let%span scopied0 = "../../../creusot-contracts/src/std/iter/copied.rs" 66 15 66 21 + let%span scopied1 = "../../../creusot-contracts/src/std/iter/copied.rs" 67 15 67 21 + let%span scopied2 = "../../../creusot-contracts/src/std/iter/copied.rs" 68 15 68 21 + let%span scopied3 = "../../../creusot-contracts/src/std/iter/copied.rs" 69 15 69 32 + let%span scopied4 = "../../../creusot-contracts/src/std/iter/copied.rs" 70 15 70 32 + let%span scopied5 = "../../../creusot-contracts/src/std/iter/copied.rs" 71 14 71 42 + let%span scopied6 = "../../../creusot-contracts/src/std/iter/copied.rs" 64 4 64 10 + let%span scopied7 = "../../../creusot-contracts/src/std/iter/copied.rs" 51 12 54 79 + let%span scopied8 = "../../../creusot-contracts/src/std/iter/copied.rs" 11 14 11 39 + let%span siter9 = "../../../creusot-contracts/src/std/iter.rs" 38 15 38 24 + let%span siter10 = "../../../creusot-contracts/src/std/iter.rs" 39 14 39 45 + let%span siter11 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 21 + let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 44 15 44 21 + let%span siter13 = "../../../creusot-contracts/src/std/iter.rs" 45 15 45 21 + let%span siter14 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 + let%span siter15 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 + let%span siter16 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 + let%span sseq17 = "../../../creusot-contracts/src/logic/seq.rs" 609 20 609 95 + let%span sboxed18 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 + let%span sinvariant19 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 - use prelude.prelude.Int + type t_I'0 - use prelude.prelude.UIntSize + type t_Copied'0 = + { t_Copied__it'0: t_I'0 } - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : usize) (o : usize) : t_Ordering'0 - - = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Copied'0) - constant x : usize + axiom inv_axiom'0 [@rewrite] : forall x : t_Copied'0 [inv'0 x] . inv'0 x + = match x with + | {t_Copied__it'0 = it} -> inv'2 it + end - constant y : usize + type t_T'0 - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (x : usize) (y : usize) : () + use seq.Seq - goal vc_cmp_ge_log'0 : [%#sord0] (x >= y) = (cmp_log'0 x y <> C_Less'0) -end -module M_creusot_contracts__logic__ord__qyi8186105652185060096__cmp_gt_log [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 93 39 93 89 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 91 8 91 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + use prelude.prelude.Borrow + + use seq.Seq use prelude.prelude.Int - use prelude.prelude.UIntSize + use seq.Seq - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : usize) (o : usize) : t_Ordering'0 - - = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + predicate inv'5 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) - constant x : usize + predicate invariant'2 [#"../../../creusot-contracts/src/invariant.rs" 23 4 23 30] (self : t_T'0) = + [%#sinvariant19] inv'5 self - constant y : usize + predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (x : usize) (y : usize) : () + axiom inv_axiom'3 [@rewrite] : forall x : t_T'0 [inv'4 x] . inv'4 x = invariant'2 x - goal vc_cmp_gt_log'0 : [%#sord0] (x > y) = (cmp_log'0 x y = C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi8186105652185060096__refl [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 98 39 98 70 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 96 8 96 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + predicate invariant'1 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : t_T'0) = + [%#sboxed18] inv'4 self - use prelude.prelude.UIntSize + predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 - - use prelude.prelude.Int + axiom inv_axiom'2 [@rewrite] : forall x : t_T'0 [inv'3 x] . inv'3 x = invariant'1 x - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : usize) (o : usize) : t_Ordering'0 - - = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + predicate invariant'0 [#"../../../creusot-contracts/src/logic/seq.rs" 608 4 608 30] (self : Seq.seq t_T'0) = + [%#sseq17] forall i : int . 0 <= i /\ i < Seq.length self -> inv'3 (Seq.get self i) - constant x : usize + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t_T'0) - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (x : usize) : () + axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq t_T'0 [inv'1 x] . inv'1 x = invariant'0 x - goal vc_refl'0 : [%#sord0] cmp_log'0 x x = C_Equal'0 -end -module M_creusot_contracts__logic__ord__qyi8186105652185060096__trans [#"../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 103 40 103 57 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 104 40 104 57 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 105 39 105 56 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 101 8 101 35 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + function iter'0 [#"../../../creusot-contracts/src/std/iter/copied.rs" 12 4 12 22] (self : t_Copied'0) : t_I'0 - use prelude.prelude.UIntSize + axiom iter'0_spec : forall self : t_Copied'0 . [%#scopied8] inv'0 self -> inv'2 (iter'0 self) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use seq.Seq - use prelude.prelude.Int + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : usize) (o : usize) : t_Ordering'0 + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_T'0) (o : t_I'0) - = - [%#sord4] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - - constant x : usize - - constant y : usize - constant z : usize + function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_T'0) (b : t_I'0) (bc : Seq.seq t_T'0) (c : t_I'0) : () + - constant o : t_Ordering'0 + axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_T'0, b : t_I'0, bc : Seq.seq t_T'0, c : t_I'0 . ([%#siter11] inv'2 a) + -> ([%#siter12] inv'2 b) + -> ([%#siter13] inv'2 c) + -> ([%#siter14] produces'1 a ab b) + -> ([%#siter15] produces'1 b bc c) -> ([%#siter16] produces'1 a (Seq.(++) ab bc) c) - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56] (x : usize) (y : usize) (z : usize) (o : t_Ordering'0) : () - + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 40 4 40 27] (self : t_I'0) : () - goal vc_trans'0 : ([%#sord1] cmp_log'0 y z = o) -> ([%#sord0] cmp_log'0 x y = o) -> ([%#sord2] cmp_log'0 x z = o) -end -module M_creusot_contracts__logic__ord__qyi8186105652185060096__antisym1 [#"../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 110 40 110 70 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 111 39 111 72 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 108 8 108 35 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + axiom produces_refl'0_spec : forall self : t_I'0 . ([%#siter9] inv'2 self) + -> ([%#siter10] produces'1 self (Seq.empty : Seq.seq t_T'0) self) - use prelude.prelude.UIntSize + use seq.Seq - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use seq.Seq - use prelude.prelude.Int + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : usize) (o : usize) : t_Ordering'0 + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/copied.rs" 49 4 49 64] (self : t_Copied'0) (visited : Seq.seq t_T'0) (o : t_Copied'0) = - [%#sord3] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - - constant x : usize + [%#scopied7] exists s : Seq.seq t_T'0 . inv'1 s + /\ produces'1 (iter'0 self) s (iter'0 o) + /\ Seq.length visited = Seq.length s + /\ (forall i : int . 0 <= i /\ i < Seq.length s -> Seq.get visited i = Seq.get s i) - constant y : usize + use seq.Seq - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37] (x : usize) (y : usize) : () + constant a : t_Copied'0 - goal vc_antisym1'0 : ([%#sord0] cmp_log'0 x y = C_Less'0) -> ([%#sord1] cmp_log'0 y x = C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi8186105652185060096__antisym2 [#"../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 116 40 116 73 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 117 39 117 69 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 114 8 114 35 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + constant ab : Seq.seq t_T'0 - use prelude.prelude.UIntSize + constant b : t_Copied'0 - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + constant bc : Seq.seq t_T'0 - use prelude.prelude.Int + constant c : t_Copied'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : usize) (o : usize) : t_Ordering'0 + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter/copied.rs" 72 4 72 90] (a : t_Copied'0) (ab : Seq.seq t_T'0) (b : t_Copied'0) (bc : Seq.seq t_T'0) (c : t_Copied'0) : () - = - [%#sord3] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - constant x : usize + goal vc_produces_trans'0 : ([%#scopied4] produces'0 b bc c) + -> ([%#scopied3] produces'0 a ab b) + -> ([%#scopied2] inv'0 c) + -> ([%#scopied1] inv'0 b) -> ([%#scopied0] inv'0 a) -> ([%#scopied5] produces'0 a (Seq.(++) ab bc) c) +end +module M_creusot_contracts__stdqy35z1__iter__empty__qyi10605201058978801838__produces_refl [#"../../../creusot-contracts/src/std/iter/empty.rs" 20 4 20 26] (* as std::iter::Iterator> *) + let%span sempty0 = "../../../creusot-contracts/src/std/iter/empty.rs" 18 15 18 24 + let%span sempty1 = "../../../creusot-contracts/src/std/iter/empty.rs" 19 14 19 45 + let%span sempty2 = "../../../creusot-contracts/src/std/iter/empty.rs" 16 4 16 10 + let%span sempty3 = "../../../creusot-contracts/src/std/iter/empty.rs" 13 20 13 54 - constant y : usize + type t_Empty'0 = + { t_Empty__0'0: () } - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37] (x : usize) (y : usize) : () + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Empty'0) - goal vc_antisym2'0 : ([%#sord0] cmp_log'0 x y = C_Greater'0) -> ([%#sord1] cmp_log'0 y x = C_Less'0) -end -module M_creusot_contracts__logic__ord__qyi8186105652185060096__eq_cmp [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 122 39 122 84 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 120 8 120 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + axiom inv_axiom'0 [@rewrite] : forall x : t_Empty'0 [inv'0 x] . inv'0 x = true - use prelude.prelude.UIntSize + use seq.Seq - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + type t_T'0 - use prelude.prelude.Int + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : usize) (o : usize) : t_Ordering'0 + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/empty.rs" 12 4 12 64] (self : t_Empty'0) (visited : Seq.seq t_T'0) (o : t_Empty'0) = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - - constant x : usize + [%#sempty3] visited = (Seq.empty : Seq.seq t_T'0) /\ self = o - constant y : usize + constant self : t_Empty'0 - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (x : usize) (y : usize) : () + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter/empty.rs" 20 4 20 26] (self : t_Empty'0) : () - goal vc_eq_cmp'0 : [%#sord0] (x = y) = (cmp_log'0 x y = C_Equal'0) + goal vc_produces_refl'0 : ([%#sempty0] inv'0 self) -> ([%#sempty1] produces'0 self (Seq.empty : Seq.seq t_T'0) self) end -module M_creusot_contracts__logic__ord__qyi18413678402769648790__cmp_le_log [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 78 39 78 89 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 76 8 76 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 - - use prelude.prelude.Int +module M_creusot_contracts__stdqy35z1__iter__empty__qyi10605201058978801838__produces_trans [#"../../../creusot-contracts/src/std/iter/empty.rs" 30 4 30 90] (* as std::iter::Iterator> *) + let%span sempty0 = "../../../creusot-contracts/src/std/iter/empty.rs" 24 15 24 21 + let%span sempty1 = "../../../creusot-contracts/src/std/iter/empty.rs" 25 15 25 21 + let%span sempty2 = "../../../creusot-contracts/src/std/iter/empty.rs" 26 15 26 21 + let%span sempty3 = "../../../creusot-contracts/src/std/iter/empty.rs" 27 15 27 32 + let%span sempty4 = "../../../creusot-contracts/src/std/iter/empty.rs" 28 15 28 32 + let%span sempty5 = "../../../creusot-contracts/src/std/iter/empty.rs" 29 14 29 42 + let%span sempty6 = "../../../creusot-contracts/src/std/iter/empty.rs" 22 4 22 10 + let%span sempty7 = "../../../creusot-contracts/src/std/iter/empty.rs" 13 20 13 54 - use prelude.prelude.Int8 + type t_Empty'0 = + { t_Empty__0'0: () } - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Empty'0) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int8) (o : int8) : t_Ordering'0 - - = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + axiom inv_axiom'0 [@rewrite] : forall x : t_Empty'0 [inv'0 x] . inv'0 x = true - constant x : int8 + type t_T'0 - constant y : int8 + use seq.Seq - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (x : int8) (y : int8) : () + use seq.Seq - goal vc_cmp_le_log'0 : [%#sord0] (x <= y) = (cmp_log'0 x y <> C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi18413678402769648790__cmp_lt_log [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 83 39 83 86 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 81 8 81 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/empty.rs" 12 4 12 64] (self : t_Empty'0) (visited : Seq.seq t_T'0) (o : t_Empty'0) + + = + [%#sempty7] visited = (Seq.empty : Seq.seq t_T'0) /\ self = o - use prelude.prelude.Int + use seq.Seq - use prelude.prelude.Int8 + constant a : t_Empty'0 - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + constant ab : Seq.seq t_T'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int8) (o : int8) : t_Ordering'0 - - = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + constant b : t_Empty'0 - constant x : int8 + constant bc : Seq.seq t_T'0 - constant y : int8 + constant c : t_Empty'0 - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (x : int8) (y : int8) : () + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter/empty.rs" 30 4 30 90] (a : t_Empty'0) (ab : Seq.seq t_T'0) (b : t_Empty'0) (bc : Seq.seq t_T'0) (c : t_Empty'0) : () + - goal vc_cmp_lt_log'0 : [%#sord0] (x < y) = (cmp_log'0 x y = C_Less'0) + goal vc_produces_trans'0 : ([%#sempty4] produces'0 b bc c) + -> ([%#sempty3] produces'0 a ab b) + -> ([%#sempty2] inv'0 c) + -> ([%#sempty1] inv'0 b) -> ([%#sempty0] inv'0 a) -> ([%#sempty5] produces'0 a (Seq.(++) ab bc) c) end -module M_creusot_contracts__logic__ord__qyi18413678402769648790__cmp_ge_log [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 88 39 88 86 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 86 8 86 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 +module M_creusot_contracts__stdqy35z1__iter__enumerate__qyi2718914205750388896__produces_refl [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 86 4 86 26] (* as std::iter::Iterator> *) + let%span senumerate0 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 84 15 84 24 + let%span senumerate1 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 85 14 85 45 + let%span senumerate2 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 82 4 82 10 + let%span senumerate3 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 74 12 78 113 + let%span senumerate4 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 14 14 14 39 + let%span senumerate5 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 45 12 49 79 + let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 38 15 38 24 + let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 39 14 39 45 + let%span siter8 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 21 + let%span siter9 = "../../../creusot-contracts/src/std/iter.rs" 44 15 44 21 + let%span siter10 = "../../../creusot-contracts/src/std/iter.rs" 45 15 45 21 + let%span siter11 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 + let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 + let%span siter13 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 + let%span sseq14 = "../../../creusot-contracts/src/logic/seq.rs" 609 20 609 95 + let%span sboxed15 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 - use prelude.prelude.Int + type t_I'0 - use prelude.prelude.Int8 + use prelude.prelude.UIntSize - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + type t_Enumerate'0 = + { t_Enumerate__iter'0: t_I'0; t_Enumerate__count'0: usize } - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int8) (o : int8) : t_Ordering'0 - - = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + type t_Item'0 - constant x : int8 + use seq.Seq - constant y : int8 + use prelude.prelude.Int - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (x : int8) (y : int8) : () + use seq.Seq - goal vc_cmp_ge_log'0 : [%#sord0] (x >= y) = (cmp_log'0 x y <> C_Less'0) -end -module M_creusot_contracts__logic__ord__qyi18413678402769648790__cmp_gt_log [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 93 39 93 89 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 91 8 91 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + use seq.Seq - use prelude.prelude.Int + predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) - use prelude.prelude.Int8 + predicate invariant'2 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : t_Item'0) = + [%#sboxed15] inv'4 self - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int8) (o : int8) : t_Ordering'0 - - = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + axiom inv_axiom'2 [@rewrite] : forall x : t_Item'0 [inv'3 x] . inv'3 x = invariant'2 x - constant x : int8 + predicate invariant'1 [#"../../../creusot-contracts/src/logic/seq.rs" 608 4 608 30] (self : Seq.seq t_Item'0) = + [%#sseq14] forall i : int . 0 <= i /\ i < Seq.length self -> inv'3 (Seq.get self i) - constant y : int8 + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t_Item'0) - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (x : int8) (y : int8) : () + axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq t_Item'0 [inv'1 x] . inv'1 x = invariant'1 x - goal vc_cmp_gt_log'0 : [%#sord0] (x > y) = (cmp_log'0 x y = C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi18413678402769648790__refl [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 98 39 98 70 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 96 8 96 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) - use prelude.prelude.Int8 + use seq.Seq - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use seq.Seq - use prelude.prelude.Int + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) + - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int8) (o : int8) : t_Ordering'0 + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - constant x : int8 + axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter8] inv'2 a) + -> ([%#siter9] inv'2 b) + -> ([%#siter10] inv'2 c) + -> ([%#siter11] produces'1 a ab b) + -> ([%#siter12] produces'1 b bc c) -> ([%#siter13] produces'1 a (Seq.(++) ab bc) c) - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (x : int8) : () - - goal vc_refl'0 : [%#sord0] cmp_log'0 x x = C_Equal'0 -end -module M_creusot_contracts__logic__ord__qyi18413678402769648790__trans [#"../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 103 40 103 57 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 104 40 104 57 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 105 39 105 56 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 101 8 101 35 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 - - use prelude.prelude.Int8 - - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 - - use prelude.prelude.Int - - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int8) (o : int8) : t_Ordering'0 - - = - [%#sord4] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - - constant x : int8 + function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 40 4 40 27] (self : t_I'0) : () - constant y : int8 + axiom produces_refl'1_spec : forall self : t_I'0 . ([%#siter6] inv'2 self) + -> ([%#siter7] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) - constant z : int8 + function n'0 [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 21 4 21 21] (self : t_Enumerate'0) : int - constant o : t_Ordering'0 + constant v_MAX'0 : usize = (18446744073709551615 : usize) - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56] (x : int8) (y : int8) (z : int8) (o : t_Ordering'0) : () - + use prelude.prelude.UIntSize - goal vc_trans'0 : ([%#sord1] cmp_log'0 y z = o) -> ([%#sord0] cmp_log'0 x y = o) -> ([%#sord2] cmp_log'0 x z = o) -end -module M_creusot_contracts__logic__ord__qyi18413678402769648790__antisym1 [#"../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 110 40 110 70 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 111 39 111 72 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 108 8 108 35 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + use prelude.prelude.Borrow - use prelude.prelude.Int8 + predicate completed'0 [#"../../../creusot-contracts/src/std/iter.rs" 35 4 35 36] (self : borrowed t_I'0) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Enumerate'0) - use prelude.prelude.Int + function iter'0 [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 15 4 15 22] (self : t_Enumerate'0) : t_I'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int8) (o : int8) : t_Ordering'0 - - = - [%#sord3] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + axiom iter'0_spec : forall self : t_Enumerate'0 . [%#senumerate4] inv'0 self -> inv'2 (iter'0 self) - constant x : int8 + predicate invariant'0 [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 43 4 43 30] (self : t_Enumerate'0) = + [%#senumerate5] (forall s : Seq.seq t_Item'0, i : t_I'0 [produces'1 (iter'0 self) s i] . inv'1 s + /\ inv'2 i /\ produces'1 (iter'0 self) s i -> n'0 self + Seq.length s < UIntSize.to_int v_MAX'0) + /\ (forall i : borrowed t_I'0 . completed'0 i -> produces'1 i.current (Seq.empty : Seq.seq t_Item'0) i.final) - constant y : int8 + axiom inv_axiom'0 [@rewrite] : forall x : t_Enumerate'0 [inv'0 x] . inv'0 x + = (invariant'0 x + /\ match x with + | {t_Enumerate__iter'0 = iter ; t_Enumerate__count'0 = count} -> inv'2 iter + end) - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37] (x : int8) (y : int8) : () + use seq.Seq - goal vc_antisym1'0 : ([%#sord0] cmp_log'0 x y = C_Less'0) -> ([%#sord1] cmp_log'0 y x = C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi18413678402769648790__antisym2 [#"../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 116 40 116 73 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 117 39 117 69 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 114 8 114 35 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + use seq.Seq - use prelude.prelude.Int8 + use seq.Seq - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use seq.Seq - use prelude.prelude.Int + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int8) (o : int8) : t_Ordering'0 + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 72 4 72 64] (self : t_Enumerate'0) (visited : Seq.seq (usize, t_Item'0)) (o : t_Enumerate'0) = - [%#sord3] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - - constant x : int8 + [%#senumerate3] Seq.length visited = n'0 o - n'0 self + /\ (exists s : Seq.seq t_Item'0 . inv'1 s + /\ produces'1 (iter'0 self) s (iter'0 o) + /\ Seq.length visited = Seq.length s + /\ (forall i : int . 0 <= i /\ i < Seq.length s + -> UIntSize.to_int (let (a, _) = Seq.get visited i in a) = n'0 self + i + /\ (let (_, a) = Seq.get visited i in a) = Seq.get s i)) - constant y : int8 + constant self : t_Enumerate'0 - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37] (x : int8) (y : int8) : () + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 86 4 86 26] (self : t_Enumerate'0) : () + - goal vc_antisym2'0 : ([%#sord0] cmp_log'0 x y = C_Greater'0) -> ([%#sord1] cmp_log'0 y x = C_Less'0) + goal vc_produces_refl'0 : ([%#senumerate0] inv'0 self) + -> ([%#senumerate1] produces'0 self (Seq.empty : Seq.seq (usize, t_Item'0)) self) end -module M_creusot_contracts__logic__ord__qyi18413678402769648790__eq_cmp [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 122 39 122 84 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 120 8 120 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 +module M_creusot_contracts__stdqy35z1__iter__enumerate__qyi2718914205750388896__produces_trans [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 96 4 96 90] (* as std::iter::Iterator> *) + let%span senumerate0 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 90 15 90 21 + let%span senumerate1 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 91 15 91 21 + let%span senumerate2 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 92 15 92 21 + let%span senumerate3 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 93 15 93 32 + let%span senumerate4 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 94 15 94 32 + let%span senumerate5 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 95 14 95 42 + let%span senumerate6 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 88 4 88 10 + let%span senumerate7 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 74 12 78 113 + let%span senumerate8 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 14 14 14 39 + let%span senumerate9 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 45 12 49 79 + let%span siter10 = "../../../creusot-contracts/src/std/iter.rs" 38 15 38 24 + let%span siter11 = "../../../creusot-contracts/src/std/iter.rs" 39 14 39 45 + let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 21 + let%span siter13 = "../../../creusot-contracts/src/std/iter.rs" 44 15 44 21 + let%span siter14 = "../../../creusot-contracts/src/std/iter.rs" 45 15 45 21 + let%span siter15 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 + let%span siter16 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 + let%span siter17 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 + let%span sseq18 = "../../../creusot-contracts/src/logic/seq.rs" 609 20 609 95 + let%span sboxed19 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 - use prelude.prelude.Int8 + type t_I'0 - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use prelude.prelude.UIntSize - use prelude.prelude.Int + type t_Enumerate'0 = + { t_Enumerate__iter'0: t_I'0; t_Enumerate__count'0: usize } - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int8) (o : int8) : t_Ordering'0 - - = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + type t_Item'0 - constant x : int8 + use seq.Seq - constant y : int8 + use prelude.prelude.Int - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (x : int8) (y : int8) : () + use seq.Seq - goal vc_eq_cmp'0 : [%#sord0] (x = y) = (cmp_log'0 x y = C_Equal'0) -end -module M_creusot_contracts__logic__ord__qyi8040194823849327911__cmp_le_log [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 78 39 78 89 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 76 8 76 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + use seq.Seq - use prelude.prelude.Int + predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) - use prelude.prelude.Int16 + predicate invariant'2 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : t_Item'0) = + [%#sboxed19] inv'4 self - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int16) (o : int16) : t_Ordering'0 - - = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + axiom inv_axiom'2 [@rewrite] : forall x : t_Item'0 [inv'3 x] . inv'3 x = invariant'2 x - constant x : int16 + predicate invariant'1 [#"../../../creusot-contracts/src/logic/seq.rs" 608 4 608 30] (self : Seq.seq t_Item'0) = + [%#sseq18] forall i : int . 0 <= i /\ i < Seq.length self -> inv'3 (Seq.get self i) - constant y : int16 + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t_Item'0) - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (x : int16) (y : int16) : () + axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq t_Item'0 [inv'1 x] . inv'1 x = invariant'1 x - goal vc_cmp_le_log'0 : [%#sord0] (x <= y) = (cmp_log'0 x y <> C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi8040194823849327911__cmp_lt_log [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 83 39 83 86 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 81 8 81 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) - use prelude.prelude.Int + use seq.Seq - use prelude.prelude.Int16 + use seq.Seq - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) + - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int16) (o : int16) : t_Ordering'0 + function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - constant x : int16 + axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter12] inv'2 a) + -> ([%#siter13] inv'2 b) + -> ([%#siter14] inv'2 c) + -> ([%#siter15] produces'1 a ab b) + -> ([%#siter16] produces'1 b bc c) -> ([%#siter17] produces'1 a (Seq.(++) ab bc) c) - constant y : int16 + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 40 4 40 27] (self : t_I'0) : () - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (x : int16) (y : int16) : () + axiom produces_refl'0_spec : forall self : t_I'0 . ([%#siter10] inv'2 self) + -> ([%#siter11] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) - goal vc_cmp_lt_log'0 : [%#sord0] (x < y) = (cmp_log'0 x y = C_Less'0) -end -module M_creusot_contracts__logic__ord__qyi8040194823849327911__cmp_ge_log [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 88 39 88 86 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 86 8 86 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + function n'0 [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 21 4 21 21] (self : t_Enumerate'0) : int - use prelude.prelude.Int + constant v_MAX'0 : usize = (18446744073709551615 : usize) - use prelude.prelude.Int16 + use prelude.prelude.UIntSize - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use prelude.prelude.Borrow - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int16) (o : int16) : t_Ordering'0 - - = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + predicate completed'0 [#"../../../creusot-contracts/src/std/iter.rs" 35 4 35 36] (self : borrowed t_I'0) - constant x : int16 + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Enumerate'0) - constant y : int16 + function iter'0 [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 15 4 15 22] (self : t_Enumerate'0) : t_I'0 - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (x : int16) (y : int16) : () + axiom iter'0_spec : forall self : t_Enumerate'0 . [%#senumerate8] inv'0 self -> inv'2 (iter'0 self) - goal vc_cmp_ge_log'0 : [%#sord0] (x >= y) = (cmp_log'0 x y <> C_Less'0) -end -module M_creusot_contracts__logic__ord__qyi8040194823849327911__cmp_gt_log [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 93 39 93 89 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 91 8 91 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + predicate invariant'0 [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 43 4 43 30] (self : t_Enumerate'0) = + [%#senumerate9] (forall s : Seq.seq t_Item'0, i : t_I'0 [produces'1 (iter'0 self) s i] . inv'1 s + /\ inv'2 i /\ produces'1 (iter'0 self) s i -> n'0 self + Seq.length s < UIntSize.to_int v_MAX'0) + /\ (forall i : borrowed t_I'0 . completed'0 i -> produces'1 i.current (Seq.empty : Seq.seq t_Item'0) i.final) - use prelude.prelude.Int + axiom inv_axiom'0 [@rewrite] : forall x : t_Enumerate'0 [inv'0 x] . inv'0 x + = (invariant'0 x + /\ match x with + | {t_Enumerate__iter'0 = iter ; t_Enumerate__count'0 = count} -> inv'2 iter + end) - use prelude.prelude.Int16 + use seq.Seq - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use seq.Seq + + use seq.Seq + + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int16) (o : int16) : t_Ordering'0 + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 72 4 72 64] (self : t_Enumerate'0) (visited : Seq.seq (usize, t_Item'0)) (o : t_Enumerate'0) = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - - constant x : int16 + [%#senumerate7] Seq.length visited = n'0 o - n'0 self + /\ (exists s : Seq.seq t_Item'0 . inv'1 s + /\ produces'1 (iter'0 self) s (iter'0 o) + /\ Seq.length visited = Seq.length s + /\ (forall i : int . 0 <= i /\ i < Seq.length s + -> UIntSize.to_int (let (a, _) = Seq.get visited i in a) = n'0 self + i + /\ (let (_, a) = Seq.get visited i in a) = Seq.get s i)) - constant y : int16 + use seq.Seq - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (x : int16) (y : int16) : () + constant a : t_Enumerate'0 - goal vc_cmp_gt_log'0 : [%#sord0] (x > y) = (cmp_log'0 x y = C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi8040194823849327911__refl [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 98 39 98 70 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 96 8 96 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + constant ab : Seq.seq (usize, t_Item'0) - use prelude.prelude.Int16 + constant b : t_Enumerate'0 - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + constant bc : Seq.seq (usize, t_Item'0) - use prelude.prelude.Int + constant c : t_Enumerate'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int16) (o : int16) : t_Ordering'0 + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 96 4 96 90] (a : t_Enumerate'0) (ab : Seq.seq (usize, t_Item'0)) (b : t_Enumerate'0) (bc : Seq.seq (usize, t_Item'0)) (c : t_Enumerate'0) : () - = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - - constant x : int16 - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (x : int16) : () - - goal vc_refl'0 : [%#sord0] cmp_log'0 x x = C_Equal'0 + goal vc_produces_trans'0 : ([%#senumerate4] produces'0 b bc c) + -> ([%#senumerate3] produces'0 a ab b) + -> ([%#senumerate2] inv'0 c) + -> ([%#senumerate1] inv'0 b) -> ([%#senumerate0] inv'0 a) -> ([%#senumerate5] produces'0 a (Seq.(++) ab bc) c) end -module M_creusot_contracts__logic__ord__qyi8040194823849327911__trans [#"../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 103 40 103 57 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 104 40 104 57 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 105 39 105 56 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 101 8 101 35 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 - - use prelude.prelude.Int16 - - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 +module M_creusot_contracts__stdqy35z1__iter__filter__qyi9573749579793237160__produces_refl [#"../../../creusot-contracts/src/std/iter/filter.rs" 106 4 106 26] (* as std::iter::Iterator> *) + let%span sfilter0 = "../../../creusot-contracts/src/std/iter/filter.rs" 104 15 104 24 + let%span sfilter1 = "../../../creusot-contracts/src/std/iter/filter.rs" 105 14 105 45 + let%span sfilter2 = "../../../creusot-contracts/src/std/iter/filter.rs" 102 4 102 10 + let%span sfilter3 = "../../../creusot-contracts/src/std/iter/filter.rs" 87 12 98 17 + let%span sfilter4 = "../../../creusot-contracts/src/std/iter/filter.rs" 22 14 22 39 + let%span sfilter5 = "../../../creusot-contracts/src/std/iter/filter.rs" 15 14 15 39 + let%span sfilter6 = "../../../creusot-contracts/src/std/iter/filter.rs" 34 12 40 124 + let%span sops7 = "../../../creusot-contracts/src/std/ops.rs" 105 15 105 59 + let%span sops8 = "../../../creusot-contracts/src/std/ops.rs" 106 14 106 36 + let%span sops9 = "../../../creusot-contracts/src/std/ops.rs" 111 14 111 31 + let%span sops10 = "../../../creusot-contracts/src/std/ops.rs" 116 15 116 29 + let%span sops11 = "../../../creusot-contracts/src/std/ops.rs" 117 15 117 26 + let%span sops12 = "../../../creusot-contracts/src/std/ops.rs" 118 14 118 28 + let%span sops13 = "../../../creusot-contracts/src/std/ops.rs" 123 14 124 105 + let%span siter14 = "../../../creusot-contracts/src/std/iter.rs" 38 15 38 24 + let%span siter15 = "../../../creusot-contracts/src/std/iter.rs" 39 14 39 45 + let%span siter16 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 21 + let%span siter17 = "../../../creusot-contracts/src/std/iter.rs" 44 15 44 21 + let%span siter18 = "../../../creusot-contracts/src/std/iter.rs" 45 15 45 21 + let%span siter19 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 + let%span siter20 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 + let%span siter21 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 - use prelude.prelude.Int + type t_I'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int16) (o : int16) : t_Ordering'0 - - = - [%#sord4] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + type t_F'0 - constant x : int16 + type t_Filter'0 = + { t_Filter__iter'0: t_I'0; t_Filter__predicate'0: t_F'0 } - constant y : int16 + use prelude.prelude.Borrow - constant z : int16 + type t_Item'0 - constant o : t_Ordering'0 + predicate precondition'0 [#"../../../creusot-contracts/src/std/ops.rs" 73 4 73 45] (self : t_F'0) (args : t_Item'0) - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56] (x : int16) (y : int16) (z : int16) (o : t_Ordering'0) : () + predicate postcondition_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 81 4 81 73] (self : t_F'0) (args : t_Item'0) (result : bool) - goal vc_trans'0 : ([%#sord1] cmp_log'0 y z = o) -> ([%#sord0] cmp_log'0 x y = o) -> ([%#sord2] cmp_log'0 x z = o) -end -module M_creusot_contracts__logic__ord__qyi8040194823849327911__antisym1 [#"../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 110 40 110 70 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 111 39 111 72 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 108 8 108 35 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 - - use prelude.prelude.Int16 - - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 - - use prelude.prelude.Int + predicate resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_F'0) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int16) (o : int16) : t_Ordering'0 + predicate postcondition_mut'0 [#"../../../creusot-contracts/src/std/ops.rs" 91 4 91 92] (self : t_F'0) (args : t_Item'0) (result_state : t_F'0) (result : bool) - = - [%#sord3] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - constant x : int16 + function fn_mut_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 125 4 125 55] (self : t_F'0) (args : t_Item'0) (res : bool) : () + - constant y : int16 + axiom fn_mut_once'0_spec : forall self : t_F'0, args : t_Item'0, res : bool . [%#sops13] postcondition_once'0 self args res + = (exists res_state : t_F'0 . postcondition_mut'0 self args res_state res /\ resolve'0 res_state) - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37] (x : int16) (y : int16) : () + predicate unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 99 4 99 36] (self : t_F'0) (_2 : t_F'0) - goal vc_antisym1'0 : ([%#sord0] cmp_log'0 x y = C_Less'0) -> ([%#sord1] cmp_log'0 y x = C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi8040194823849327911__antisym2 [#"../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 116 40 116 73 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 117 39 117 69 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 114 8 114 35 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + function unnest_trans'0 [#"../../../creusot-contracts/src/std/ops.rs" 119 4 119 43] (self : t_F'0) (b : t_F'0) (c : t_F'0) : () + - use prelude.prelude.Int16 + axiom unnest_trans'0_spec : forall self : t_F'0, b : t_F'0, c : t_F'0 . ([%#sops10] unnest'0 self b) + -> ([%#sops11] unnest'0 b c) -> ([%#sops12] unnest'0 self c) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function unnest_refl'0 [#"../../../creusot-contracts/src/std/ops.rs" 112 4 112 24] (self : t_F'0) : () - use prelude.prelude.Int + axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops9] unnest'0 self self - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int16) (o : int16) : t_Ordering'0 + function postcondition_mut_unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 107 4 107 85] (self : t_F'0) (args : t_Item'0) (res_state : t_F'0) (res : bool) : () - = - [%#sord3] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - constant x : int16 + axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : t_Item'0, res_state : t_F'0, res : bool . ([%#sops7] postcondition_mut'0 self args res_state res) + -> ([%#sops8] unnest'0 self res_state) - constant y : int16 + predicate invariant'0 [#"../../../creusot-contracts/src/std/iter/filter.rs" 31 4 31 30] (self : t_Filter'0) = + [%#sfilter6] forall f : t_F'0, i : t_Item'0 . precondition'0 f (i) + /\ (forall f : t_F'0, g : t_F'0 . unnest'0 f g -> f = g) + /\ (forall f1 : t_F'0, f2 : t_F'0, i : t_Item'0 . not (postcondition_mut'0 f1 (i) f2 true + /\ postcondition_mut'0 f1 (i) f2 false)) - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37] (x : int16) (y : int16) : () + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) - goal vc_antisym2'0 : ([%#sord0] cmp_log'0 x y = C_Greater'0) -> ([%#sord1] cmp_log'0 y x = C_Less'0) -end -module M_creusot_contracts__logic__ord__qyi8040194823849327911__eq_cmp [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 122 39 122 84 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 120 8 120 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_F'0) - use prelude.prelude.Int16 + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Filter'0) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + axiom inv_axiom'0 [@rewrite] : forall x : t_Filter'0 [inv'0 x] . inv'0 x + = (invariant'0 x + /\ match x with + | {t_Filter__iter'0 = iter ; t_Filter__predicate'0 = predicate'} -> inv'1 iter /\ inv'2 predicate' + end) - use prelude.prelude.Int + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int16) (o : int16) : t_Ordering'0 - - = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + use seq.Seq - constant x : int16 + function func'0 [#"../../../creusot-contracts/src/std/iter/filter.rs" 23 4 23 22] (self : t_Filter'0) : t_F'0 - constant y : int16 + axiom func'0_spec : forall self : t_Filter'0 . [%#sfilter4] inv'0 self -> inv'2 (func'0 self) - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (x : int16) (y : int16) : () + use prelude.prelude.Int - goal vc_eq_cmp'0 : [%#sord0] (x = y) = (cmp_log'0 x y = C_Equal'0) -end -module M_creusot_contracts__logic__ord__qyi211457485035727011__cmp_le_log [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 78 39 78 89 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 76 8 76 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + use map.Map - use prelude.prelude.Int + function iter'0 [#"../../../creusot-contracts/src/std/iter/filter.rs" 16 4 16 22] (self : t_Filter'0) : t_I'0 - use prelude.prelude.Int32 + axiom iter'0_spec : forall self : t_Filter'0 . [%#sfilter5] inv'0 self -> inv'1 (iter'0 self) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int32) (o : int32) : t_Ordering'0 + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - constant x : int32 + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + - constant y : int32 + axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter16] inv'1 a) + -> ([%#siter17] inv'1 b) + -> ([%#siter18] inv'1 c) + -> ([%#siter19] produces'1 a ab b) + -> ([%#siter20] produces'1 b bc c) -> ([%#siter21] produces'1 a (Seq.(++) ab bc) c) - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (x : int32) (y : int32) : () + function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 40 4 40 27] (self : t_I'0) : () - goal vc_cmp_le_log'0 : [%#sord0] (x <= y) = (cmp_log'0 x y <> C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi211457485035727011__cmp_lt_log [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 83 39 83 86 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 81 8 81 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + axiom produces_refl'1_spec : forall self : t_I'0 . ([%#siter14] inv'1 self) + -> ([%#siter15] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) - use prelude.prelude.Int + use seq.Seq - use prelude.prelude.Int32 + use map.Map - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int32) (o : int32) : t_Ordering'0 + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/filter.rs" 85 4 85 67] (self : t_Filter'0) (visited : Seq.seq t_Item'0) (succ : t_Filter'0) = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - - constant x : int32 + [%#sfilter3] unnest'0 (func'0 self) (func'0 succ) + /\ (exists s : Seq.seq t_Item'0, f : Map.map int int . produces'1 (iter'0 self) s (iter'0 succ) + /\ (forall i : int, j : int . 0 <= i /\ i <= j /\ j < Seq.length visited + -> 0 <= Map.get f i /\ Map.get f i <= Map.get f j /\ Map.get f j < Seq.length s) + /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> Seq.get visited i = Seq.get s (Map.get f i)) + /\ (forall i : int . 0 <= i /\ i < Seq.length s + -> (exists j : int . 0 <= j /\ j < Seq.length visited /\ Map.get f j = i) + = postcondition_mut'0 (func'0 self) (Seq.get s i) (func'0 self) true)) - constant y : int32 + constant self : t_Filter'0 - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (x : int32) (y : int32) : () + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter/filter.rs" 106 4 106 26] (self : t_Filter'0) : () - goal vc_cmp_lt_log'0 : [%#sord0] (x < y) = (cmp_log'0 x y = C_Less'0) + goal vc_produces_refl'0 : ([%#sfilter0] inv'0 self) + -> ([%#sfilter1] produces'0 self (Seq.empty : Seq.seq t_Item'0) self) end -module M_creusot_contracts__logic__ord__qyi211457485035727011__cmp_ge_log [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 88 39 88 86 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 86 8 86 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 +module M_creusot_contracts__stdqy35z1__iter__filter__qyi9573749579793237160__produces_trans [#"../../../creusot-contracts/src/std/iter/filter.rs" 116 4 116 90] (* as std::iter::Iterator> *) + let%span sfilter0 = "../../../creusot-contracts/src/std/iter/filter.rs" 110 15 110 21 + let%span sfilter1 = "../../../creusot-contracts/src/std/iter/filter.rs" 111 15 111 21 + let%span sfilter2 = "../../../creusot-contracts/src/std/iter/filter.rs" 112 15 112 21 + let%span sfilter3 = "../../../creusot-contracts/src/std/iter/filter.rs" 113 15 113 32 + let%span sfilter4 = "../../../creusot-contracts/src/std/iter/filter.rs" 114 15 114 32 + let%span sfilter5 = "../../../creusot-contracts/src/std/iter/filter.rs" 115 14 115 42 + let%span sfilter6 = "../../../creusot-contracts/src/std/iter/filter.rs" 108 4 108 10 + let%span sfilter7 = "../../../creusot-contracts/src/std/iter/filter.rs" 87 12 98 17 + let%span sfilter8 = "../../../creusot-contracts/src/std/iter/filter.rs" 22 14 22 39 + let%span sfilter9 = "../../../creusot-contracts/src/std/iter/filter.rs" 15 14 15 39 + let%span sfilter10 = "../../../creusot-contracts/src/std/iter/filter.rs" 34 12 40 124 + let%span sops11 = "../../../creusot-contracts/src/std/ops.rs" 105 15 105 59 + let%span sops12 = "../../../creusot-contracts/src/std/ops.rs" 106 14 106 36 + let%span sops13 = "../../../creusot-contracts/src/std/ops.rs" 111 14 111 31 + let%span sops14 = "../../../creusot-contracts/src/std/ops.rs" 116 15 116 29 + let%span sops15 = "../../../creusot-contracts/src/std/ops.rs" 117 15 117 26 + let%span sops16 = "../../../creusot-contracts/src/std/ops.rs" 118 14 118 28 + let%span sops17 = "../../../creusot-contracts/src/std/ops.rs" 123 14 124 105 + let%span siter18 = "../../../creusot-contracts/src/std/iter.rs" 38 15 38 24 + let%span siter19 = "../../../creusot-contracts/src/std/iter.rs" 39 14 39 45 + let%span siter20 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 21 + let%span siter21 = "../../../creusot-contracts/src/std/iter.rs" 44 15 44 21 + let%span siter22 = "../../../creusot-contracts/src/std/iter.rs" 45 15 45 21 + let%span siter23 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 + let%span siter24 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 + let%span siter25 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 - use prelude.prelude.Int + type t_I'0 - use prelude.prelude.Int32 + type t_F'0 - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + type t_Filter'0 = + { t_Filter__iter'0: t_I'0; t_Filter__predicate'0: t_F'0 } - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int32) (o : int32) : t_Ordering'0 - - = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + use prelude.prelude.Borrow - constant x : int32 + type t_Item'0 - constant y : int32 + predicate precondition'0 [#"../../../creusot-contracts/src/std/ops.rs" 73 4 73 45] (self : t_F'0) (args : t_Item'0) - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (x : int32) (y : int32) : () + predicate postcondition_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 81 4 81 73] (self : t_F'0) (args : t_Item'0) (result : bool) + - goal vc_cmp_ge_log'0 : [%#sord0] (x >= y) = (cmp_log'0 x y <> C_Less'0) -end -module M_creusot_contracts__logic__ord__qyi211457485035727011__cmp_gt_log [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 93 39 93 89 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 91 8 91 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + predicate resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_F'0) - use prelude.prelude.Int + predicate postcondition_mut'0 [#"../../../creusot-contracts/src/std/ops.rs" 91 4 91 92] (self : t_F'0) (args : t_Item'0) (result_state : t_F'0) (result : bool) + - use prelude.prelude.Int32 + function fn_mut_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 125 4 125 55] (self : t_F'0) (args : t_Item'0) (res : bool) : () + - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + axiom fn_mut_once'0_spec : forall self : t_F'0, args : t_Item'0, res : bool . [%#sops17] postcondition_once'0 self args res + = (exists res_state : t_F'0 . postcondition_mut'0 self args res_state res /\ resolve'0 res_state) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int32) (o : int32) : t_Ordering'0 + predicate unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 99 4 99 36] (self : t_F'0) (_2 : t_F'0) + + function unnest_trans'0 [#"../../../creusot-contracts/src/std/ops.rs" 119 4 119 43] (self : t_F'0) (b : t_F'0) (c : t_F'0) : () - = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - constant x : int32 + axiom unnest_trans'0_spec : forall self : t_F'0, b : t_F'0, c : t_F'0 . ([%#sops14] unnest'0 self b) + -> ([%#sops15] unnest'0 b c) -> ([%#sops16] unnest'0 self c) - constant y : int32 + function unnest_refl'0 [#"../../../creusot-contracts/src/std/ops.rs" 112 4 112 24] (self : t_F'0) : () - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (x : int32) (y : int32) : () + axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops13] unnest'0 self self - goal vc_cmp_gt_log'0 : [%#sord0] (x > y) = (cmp_log'0 x y = C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi211457485035727011__refl [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 98 39 98 70 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 96 8 96 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + function postcondition_mut_unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 107 4 107 85] (self : t_F'0) (args : t_Item'0) (res_state : t_F'0) (res : bool) : () + - use prelude.prelude.Int32 + axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : t_Item'0, res_state : t_F'0, res : bool . ([%#sops11] postcondition_mut'0 self args res_state res) + -> ([%#sops12] unnest'0 self res_state) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + predicate invariant'0 [#"../../../creusot-contracts/src/std/iter/filter.rs" 31 4 31 30] (self : t_Filter'0) = + [%#sfilter10] forall f : t_F'0, i : t_Item'0 . precondition'0 f (i) + /\ (forall f : t_F'0, g : t_F'0 . unnest'0 f g -> f = g) + /\ (forall f1 : t_F'0, f2 : t_F'0, i : t_Item'0 . not (postcondition_mut'0 f1 (i) f2 true + /\ postcondition_mut'0 f1 (i) f2 false)) - use prelude.prelude.Int + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int32) (o : int32) : t_Ordering'0 - - = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_F'0) - constant x : int32 + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Filter'0) - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (x : int32) : () + axiom inv_axiom'0 [@rewrite] : forall x : t_Filter'0 [inv'0 x] . inv'0 x + = (invariant'0 x + /\ match x with + | {t_Filter__iter'0 = iter ; t_Filter__predicate'0 = predicate'} -> inv'1 iter /\ inv'2 predicate' + end) - goal vc_refl'0 : [%#sord0] cmp_log'0 x x = C_Equal'0 -end -module M_creusot_contracts__logic__ord__qyi211457485035727011__trans [#"../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 103 40 103 57 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 104 40 104 57 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 105 39 105 56 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 101 8 101 35 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + use seq.Seq - use prelude.prelude.Int32 + function func'0 [#"../../../creusot-contracts/src/std/iter/filter.rs" 23 4 23 22] (self : t_Filter'0) : t_F'0 - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + axiom func'0_spec : forall self : t_Filter'0 . [%#sfilter8] inv'0 self -> inv'2 (func'0 self) use prelude.prelude.Int - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int32) (o : int32) : t_Ordering'0 - - = - [%#sord4] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + use map.Map - constant x : int32 + function iter'0 [#"../../../creusot-contracts/src/std/iter/filter.rs" 16 4 16 22] (self : t_Filter'0) : t_I'0 - constant y : int32 + axiom iter'0_spec : forall self : t_Filter'0 . [%#sfilter9] inv'0 self -> inv'1 (iter'0 self) - constant z : int32 + use seq.Seq - constant o : t_Ordering'0 + use seq.Seq - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56] (x : int32) (y : int32) (z : int32) (o : t_Ordering'0) : () + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - goal vc_trans'0 : ([%#sord1] cmp_log'0 y z = o) -> ([%#sord0] cmp_log'0 x y = o) -> ([%#sord2] cmp_log'0 x z = o) -end -module M_creusot_contracts__logic__ord__qyi211457485035727011__antisym1 [#"../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 110 40 110 70 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 111 39 111 72 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 108 8 108 35 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 - - use prelude.prelude.Int32 - - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 - - use prelude.prelude.Int - - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int32) (o : int32) : t_Ordering'0 + function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - = - [%#sord3] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - - constant x : int32 - constant y : int32 + axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter20] inv'1 a) + -> ([%#siter21] inv'1 b) + -> ([%#siter22] inv'1 c) + -> ([%#siter23] produces'1 a ab b) + -> ([%#siter24] produces'1 b bc c) -> ([%#siter25] produces'1 a (Seq.(++) ab bc) c) - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37] (x : int32) (y : int32) : () + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 40 4 40 27] (self : t_I'0) : () - goal vc_antisym1'0 : ([%#sord0] cmp_log'0 x y = C_Less'0) -> ([%#sord1] cmp_log'0 y x = C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi211457485035727011__antisym2 [#"../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 116 40 116 73 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 117 39 117 69 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 114 8 114 35 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + axiom produces_refl'0_spec : forall self : t_I'0 . ([%#siter18] inv'1 self) + -> ([%#siter19] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) - use prelude.prelude.Int32 + use seq.Seq - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use map.Map - use prelude.prelude.Int + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int32) (o : int32) : t_Ordering'0 + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/filter.rs" 85 4 85 67] (self : t_Filter'0) (visited : Seq.seq t_Item'0) (succ : t_Filter'0) = - [%#sord3] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - - constant x : int32 - - constant y : int32 + [%#sfilter7] unnest'0 (func'0 self) (func'0 succ) + /\ (exists s : Seq.seq t_Item'0, f : Map.map int int . produces'1 (iter'0 self) s (iter'0 succ) + /\ (forall i : int, j : int . 0 <= i /\ i <= j /\ j < Seq.length visited + -> 0 <= Map.get f i /\ Map.get f i <= Map.get f j /\ Map.get f j < Seq.length s) + /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> Seq.get visited i = Seq.get s (Map.get f i)) + /\ (forall i : int . 0 <= i /\ i < Seq.length s + -> (exists j : int . 0 <= j /\ j < Seq.length visited /\ Map.get f j = i) + = postcondition_mut'0 (func'0 self) (Seq.get s i) (func'0 self) true)) - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37] (x : int32) (y : int32) : () + constant a : t_Filter'0 - goal vc_antisym2'0 : ([%#sord0] cmp_log'0 x y = C_Greater'0) -> ([%#sord1] cmp_log'0 y x = C_Less'0) -end -module M_creusot_contracts__logic__ord__qyi211457485035727011__eq_cmp [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 122 39 122 84 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 120 8 120 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + constant ab : Seq.seq t_Item'0 - use prelude.prelude.Int32 + constant b : t_Filter'0 - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + constant bc : Seq.seq t_Item'0 - use prelude.prelude.Int + constant c : t_Filter'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int32) (o : int32) : t_Ordering'0 + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter/filter.rs" 116 4 116 90] (a : t_Filter'0) (ab : Seq.seq t_Item'0) (b : t_Filter'0) (bc : Seq.seq t_Item'0) (c : t_Filter'0) : () - = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - - constant x : int32 - constant y : int32 - - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (x : int32) (y : int32) : () - - goal vc_eq_cmp'0 : [%#sord0] (x = y) = (cmp_log'0 x y = C_Equal'0) + goal vc_produces_trans'0 : ([%#sfilter4] produces'0 b bc c) + -> ([%#sfilter3] produces'0 a ab b) + -> ([%#sfilter2] inv'0 c) + -> ([%#sfilter1] inv'0 b) -> ([%#sfilter0] inv'0 a) -> ([%#sfilter5] produces'0 a (Seq.(++) ab bc) c) end -module M_creusot_contracts__logic__ord__qyi2565746305859701215__cmp_le_log [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 78 39 78 89 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 76 8 76 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 +module M_creusot_contracts__stdqy35z1__iter__fuse__qyi10730559947553418603__produces_refl [#"../../../creusot-contracts/src/std/iter/fuse.rs" 43 4 43 26] (* as std::iter::Iterator> *) + let%span sfuse0 = "../../../creusot-contracts/src/std/iter/fuse.rs" 41 15 41 24 + let%span sfuse1 = "../../../creusot-contracts/src/std/iter/fuse.rs" 42 14 42 45 + let%span sfuse2 = "../../../creusot-contracts/src/std/iter/fuse.rs" 39 4 39 10 + let%span sfuse3 = "../../../creusot-contracts/src/std/iter/fuse.rs" 29 12 35 13 + let%span sfuse4 = "../../../creusot-contracts/src/std/iter/fuse.rs" 8 14 8 39 + let%span sfuse5 = "../../../creusot-contracts/src/std/iter/fuse.rs" 9 14 9 71 + let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 38 15 38 24 + let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 39 14 39 45 + let%span siter8 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 21 + let%span siter9 = "../../../creusot-contracts/src/std/iter.rs" 44 15 44 21 + let%span siter10 = "../../../creusot-contracts/src/std/iter.rs" 45 15 45 21 + let%span siter11 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 + let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 + let%span siter13 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 - use prelude.prelude.Int + type t_I'0 - use prelude.prelude.Int64 + type t_Option'0 = + | C_None'0 + | C_Some'0 t_I'0 - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + type t_Fuse'0 = + { t_Fuse__iter'0: t_Option'0 } - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int64) (o : int64) : t_Ordering'0 - - = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) - constant x : int64 + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Option'0) - constant y : int64 + axiom inv_axiom'1 [@rewrite] : forall x : t_Option'0 [inv'1 x] . inv'1 x + = match x with + | C_None'0 -> true + | C_Some'0 a_0 -> inv'2 a_0 + end - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (x : int64) (y : int64) : () + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Fuse'0) - goal vc_cmp_le_log'0 : [%#sord0] (x <= y) = (cmp_log'0 x y <> C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi2565746305859701215__cmp_lt_log [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 83 39 83 86 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 81 8 81 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + axiom inv_axiom'0 [@rewrite] : forall x : t_Fuse'0 [inv'0 x] . inv'0 x + = match x with + | {t_Fuse__iter'0 = iter} -> inv'1 iter + end - use prelude.prelude.Int + use seq.Seq - use prelude.prelude.Int64 + type t_Item'0 - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int64) (o : int64) : t_Ordering'0 - - = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + function view'0 [#"../../../creusot-contracts/src/std/iter/fuse.rs" 10 4 10 30] (self : t_Fuse'0) : t_Option'0 - constant x : int64 + axiom view'0_spec : forall self : t_Fuse'0 . ([%#sfuse4] inv'0 self -> inv'1 (view'0 self)) + && ([%#sfuse5] forall other : t_Fuse'0 . view'0 self = view'0 other -> self = other) - constant y : int64 + use seq.Seq - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (x : int64) (y : int64) : () + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) + - goal vc_cmp_lt_log'0 : [%#sord0] (x < y) = (cmp_log'0 x y = C_Less'0) -end -module M_creusot_contracts__logic__ord__qyi2565746305859701215__cmp_ge_log [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 88 39 88 86 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 86 8 86 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + - use prelude.prelude.Int + axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter8] inv'2 a) + -> ([%#siter9] inv'2 b) + -> ([%#siter10] inv'2 c) + -> ([%#siter11] produces'1 a ab b) + -> ([%#siter12] produces'1 b bc c) -> ([%#siter13] produces'1 a (Seq.(++) ab bc) c) - use prelude.prelude.Int64 + function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 40 4 40 27] (self : t_I'0) : () - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + axiom produces_refl'1_spec : forall self : t_I'0 . ([%#siter6] inv'2 self) + -> ([%#siter7] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int64) (o : int64) : t_Ordering'0 + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/fuse.rs" 27 4 27 65] (self : t_Fuse'0) (prod : Seq.seq t_Item'0) (other : t_Fuse'0) = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - - constant x : int64 + [%#sfuse3] match view'0 self with + | C_None'0 -> prod = (Seq.empty : Seq.seq t_Item'0) /\ view'0 other = view'0 self + | C_Some'0 i -> match view'0 other with + | C_Some'0 i2 -> produces'1 i prod i2 + | C_None'0 -> false + end + end - constant y : int64 + constant self : t_Fuse'0 - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (x : int64) (y : int64) : () + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter/fuse.rs" 43 4 43 26] (self : t_Fuse'0) : () - goal vc_cmp_ge_log'0 : [%#sord0] (x >= y) = (cmp_log'0 x y <> C_Less'0) + goal vc_produces_refl'0 : ([%#sfuse0] inv'0 self) + -> ([%#sfuse1] produces'0 self (Seq.empty : Seq.seq t_Item'0) self) end -module M_creusot_contracts__logic__ord__qyi2565746305859701215__cmp_gt_log [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 93 39 93 89 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 91 8 91 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 +module M_creusot_contracts__stdqy35z1__iter__fuse__qyi10730559947553418603__produces_trans [#"../../../creusot-contracts/src/std/iter/fuse.rs" 53 4 53 90] (* as std::iter::Iterator> *) + let%span sfuse0 = "../../../creusot-contracts/src/std/iter/fuse.rs" 47 15 47 21 + let%span sfuse1 = "../../../creusot-contracts/src/std/iter/fuse.rs" 48 15 48 21 + let%span sfuse2 = "../../../creusot-contracts/src/std/iter/fuse.rs" 49 15 49 21 + let%span sfuse3 = "../../../creusot-contracts/src/std/iter/fuse.rs" 50 15 50 32 + let%span sfuse4 = "../../../creusot-contracts/src/std/iter/fuse.rs" 51 15 51 32 + let%span sfuse5 = "../../../creusot-contracts/src/std/iter/fuse.rs" 52 14 52 42 + let%span sfuse6 = "../../../creusot-contracts/src/std/iter/fuse.rs" 45 4 45 10 + let%span sfuse7 = "../../../creusot-contracts/src/std/iter/fuse.rs" 29 12 35 13 + let%span sfuse8 = "../../../creusot-contracts/src/std/iter/fuse.rs" 8 14 8 39 + let%span sfuse9 = "../../../creusot-contracts/src/std/iter/fuse.rs" 9 14 9 71 + let%span siter10 = "../../../creusot-contracts/src/std/iter.rs" 38 15 38 24 + let%span siter11 = "../../../creusot-contracts/src/std/iter.rs" 39 14 39 45 + let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 21 + let%span siter13 = "../../../creusot-contracts/src/std/iter.rs" 44 15 44 21 + let%span siter14 = "../../../creusot-contracts/src/std/iter.rs" 45 15 45 21 + let%span siter15 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 + let%span siter16 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 + let%span siter17 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 - use prelude.prelude.Int + type t_I'0 - use prelude.prelude.Int64 + type t_Option'0 = + | C_None'0 + | C_Some'0 t_I'0 - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + type t_Fuse'0 = + { t_Fuse__iter'0: t_Option'0 } - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int64) (o : int64) : t_Ordering'0 - - = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) - constant x : int64 + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Option'0) - constant y : int64 + axiom inv_axiom'1 [@rewrite] : forall x : t_Option'0 [inv'1 x] . inv'1 x + = match x with + | C_None'0 -> true + | C_Some'0 a_0 -> inv'2 a_0 + end - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (x : int64) (y : int64) : () + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Fuse'0) - goal vc_cmp_gt_log'0 : [%#sord0] (x > y) = (cmp_log'0 x y = C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi2565746305859701215__refl [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 98 39 98 70 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 96 8 96 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + axiom inv_axiom'0 [@rewrite] : forall x : t_Fuse'0 [inv'0 x] . inv'0 x + = match x with + | {t_Fuse__iter'0 = iter} -> inv'1 iter + end - use prelude.prelude.Int64 + type t_Item'0 - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use seq.Seq - use prelude.prelude.Int + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int64) (o : int64) : t_Ordering'0 - - = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + function view'0 [#"../../../creusot-contracts/src/std/iter/fuse.rs" 10 4 10 30] (self : t_Fuse'0) : t_Option'0 - constant x : int64 + axiom view'0_spec : forall self : t_Fuse'0 . ([%#sfuse8] inv'0 self -> inv'1 (view'0 self)) + && ([%#sfuse9] forall other : t_Fuse'0 . view'0 self = view'0 other -> self = other) + + use seq.Seq - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (x : int64) : () + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) + - goal vc_refl'0 : [%#sord0] cmp_log'0 x x = C_Equal'0 -end -module M_creusot_contracts__logic__ord__qyi2565746305859701215__trans [#"../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 103 40 103 57 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 104 40 104 57 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 105 39 105 56 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 101 8 101 35 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + - use prelude.prelude.Int64 + axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter12] inv'2 a) + -> ([%#siter13] inv'2 b) + -> ([%#siter14] inv'2 c) + -> ([%#siter15] produces'1 a ab b) + -> ([%#siter16] produces'1 b bc c) -> ([%#siter17] produces'1 a (Seq.(++) ab bc) c) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 40 4 40 27] (self : t_I'0) : () - use prelude.prelude.Int + axiom produces_refl'0_spec : forall self : t_I'0 . ([%#siter10] inv'2 self) + -> ([%#siter11] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int64) (o : int64) : t_Ordering'0 + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/fuse.rs" 27 4 27 65] (self : t_Fuse'0) (prod : Seq.seq t_Item'0) (other : t_Fuse'0) = - [%#sord4] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sfuse7] match view'0 self with + | C_None'0 -> prod = (Seq.empty : Seq.seq t_Item'0) /\ view'0 other = view'0 self + | C_Some'0 i -> match view'0 other with + | C_Some'0 i2 -> produces'1 i prod i2 + | C_None'0 -> false + end + end - constant x : int64 + constant a : t_Fuse'0 - constant y : int64 + constant ab : Seq.seq t_Item'0 - constant z : int64 + constant b : t_Fuse'0 - constant o : t_Ordering'0 + constant bc : Seq.seq t_Item'0 + + constant c : t_Fuse'0 - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56] (x : int64) (y : int64) (z : int64) (o : t_Ordering'0) : () + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter/fuse.rs" 53 4 53 90] (a : t_Fuse'0) (ab : Seq.seq t_Item'0) (b : t_Fuse'0) (bc : Seq.seq t_Item'0) (c : t_Fuse'0) : () - goal vc_trans'0 : ([%#sord1] cmp_log'0 y z = o) -> ([%#sord0] cmp_log'0 x y = o) -> ([%#sord2] cmp_log'0 x z = o) + goal vc_produces_trans'0 : ([%#sfuse4] produces'0 b bc c) + -> ([%#sfuse3] produces'0 a ab b) + -> ([%#sfuse2] inv'0 c) + -> ([%#sfuse1] inv'0 b) -> ([%#sfuse0] inv'0 a) -> ([%#sfuse5] produces'0 a (Seq.(++) ab bc) c) end -module M_creusot_contracts__logic__ord__qyi2565746305859701215__antisym1 [#"../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 110 40 110 70 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 111 39 111 72 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 108 8 108 35 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 - - use prelude.prelude.Int64 +module M_creusot_contracts__stdqy35z1__iter__fuse__qyi7691061398646472980__is_fused [#"../../../creusot-contracts/src/std/iter/fuse.rs" 76 4 76 62] (* as std::iter::fuse::FusedIterator> *) + let%span sfuse0 = "../../../creusot-contracts/src/std/iter/fuse.rs" 70 15 70 24 + let%span sfuse1 = "../../../creusot-contracts/src/std/iter/fuse.rs" 71 15 71 24 + let%span sfuse2 = "../../../creusot-contracts/src/std/iter/fuse.rs" 72 15 72 25 + let%span sfuse3 = "../../../creusot-contracts/src/std/iter/fuse.rs" 73 15 73 31 + let%span sfuse4 = "../../../creusot-contracts/src/std/iter/fuse.rs" 74 15 74 44 + let%span sfuse5 = "../../../creusot-contracts/src/std/iter/fuse.rs" 75 14 75 50 + let%span sfuse6 = "../../../creusot-contracts/src/std/iter/fuse.rs" 68 4 68 10 + let%span sfuse7 = "../../../creusot-contracts/src/std/iter/fuse.rs" 20 12 21 28 + let%span sfuse8 = "../../../creusot-contracts/src/std/iter/fuse.rs" 29 12 35 13 + let%span sfuse9 = "../../../creusot-contracts/src/std/iter/fuse.rs" 41 15 41 24 + let%span sfuse10 = "../../../creusot-contracts/src/std/iter/fuse.rs" 42 14 42 45 + let%span sfuse11 = "../../../creusot-contracts/src/std/iter/fuse.rs" 39 4 39 10 + let%span sfuse12 = "../../../creusot-contracts/src/std/iter/fuse.rs" 47 15 47 21 + let%span sfuse13 = "../../../creusot-contracts/src/std/iter/fuse.rs" 48 15 48 21 + let%span sfuse14 = "../../../creusot-contracts/src/std/iter/fuse.rs" 49 15 49 21 + let%span sfuse15 = "../../../creusot-contracts/src/std/iter/fuse.rs" 50 15 50 32 + let%span sfuse16 = "../../../creusot-contracts/src/std/iter/fuse.rs" 51 15 51 32 + let%span sfuse17 = "../../../creusot-contracts/src/std/iter/fuse.rs" 52 14 52 42 + let%span sfuse18 = "../../../creusot-contracts/src/std/iter/fuse.rs" 45 4 45 10 + let%span smodel19 = "../../../creusot-contracts/src/model.rs" 106 8 106 22 + let%span sfuse20 = "../../../creusot-contracts/src/std/iter/fuse.rs" 8 14 8 39 + let%span sfuse21 = "../../../creusot-contracts/src/std/iter/fuse.rs" 9 14 9 71 + let%span sinvariant22 = "../../../creusot-contracts/src/invariant.rs" 34 20 34 44 + let%span sseq23 = "../../../creusot-contracts/src/logic/seq.rs" 609 20 609 95 + let%span siter24 = "../../../creusot-contracts/src/std/iter.rs" 38 15 38 24 + let%span siter25 = "../../../creusot-contracts/src/std/iter.rs" 39 14 39 45 + let%span siter26 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 21 + let%span siter27 = "../../../creusot-contracts/src/std/iter.rs" 44 15 44 21 + let%span siter28 = "../../../creusot-contracts/src/std/iter.rs" 45 15 45 21 + let%span siter29 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 + let%span siter30 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 + let%span siter31 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 + let%span sboxed32 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use prelude.prelude.Borrow - use prelude.prelude.Int + type t_I'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int64) (o : int64) : t_Ordering'0 - - = - [%#sord3] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + type t_Option'0 = + | C_None'0 + | C_Some'0 t_I'0 - constant x : int64 + type t_Fuse'0 = + { t_Fuse__iter'0: t_Option'0 } - constant y : int64 + predicate inv'6 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37] (x : int64) (y : int64) : () + predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Option'0) - goal vc_antisym1'0 : ([%#sord0] cmp_log'0 x y = C_Less'0) -> ([%#sord1] cmp_log'0 y x = C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi2565746305859701215__antisym2 [#"../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 116 40 116 73 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 117 39 117 69 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 114 8 114 35 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + axiom inv_axiom'4 [@rewrite] : forall x : t_Option'0 [inv'4 x] . inv'4 x + = match x with + | C_None'0 -> true + | C_Some'0 a_0 -> inv'6 a_0 + end - use prelude.prelude.Int64 + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Fuse'0) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + axiom inv_axiom'1 [@rewrite] : forall x : t_Fuse'0 [inv'1 x] . inv'1 x + = match x with + | {t_Fuse__iter'0 = iter} -> inv'4 iter + end - use prelude.prelude.Int + predicate invariant'0 [#"../../../creusot-contracts/src/invariant.rs" 33 4 33 30] (self : borrowed (t_Fuse'0)) = + [%#sinvariant22] inv'1 self.current /\ inv'1 self.final - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int64) (o : int64) : t_Ordering'0 - - = - [%#sord3] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : borrowed (t_Fuse'0)) - constant x : int64 + axiom inv_axiom'0 [@rewrite] : forall x : borrowed (t_Fuse'0) [inv'0 x] . inv'0 x = invariant'0 x - constant y : int64 + type t_Item'0 - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37] (x : int64) (y : int64) : () + use seq.Seq - goal vc_antisym2'0 : ([%#sord0] cmp_log'0 x y = C_Greater'0) -> ([%#sord1] cmp_log'0 y x = C_Less'0) -end -module M_creusot_contracts__logic__ord__qyi2565746305859701215__eq_cmp [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 122 39 122 84 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 120 8 120 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + use prelude.prelude.Int - use prelude.prelude.Int64 + use seq.Seq - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use seq.Seq - use prelude.prelude.Int + predicate inv'7 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int64) (o : int64) : t_Ordering'0 - - = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + predicate invariant'3 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : t_Item'0) = + [%#sboxed32] inv'7 self - constant x : int64 + predicate inv'5 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) - constant y : int64 + axiom inv_axiom'5 [@rewrite] : forall x : t_Item'0 [inv'5 x] . inv'5 x = invariant'3 x - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (x : int64) (y : int64) : () + predicate invariant'1 [#"../../../creusot-contracts/src/logic/seq.rs" 608 4 608 30] (self : Seq.seq t_Item'0) = + [%#sseq23] forall i : int . 0 <= i /\ i < Seq.length self -> inv'5 (Seq.get self i) - goal vc_eq_cmp'0 : [%#sord0] (x = y) = (cmp_log'0 x y = C_Equal'0) -end -module M_creusot_contracts__logic__ord__qyi2364657485180829964__cmp_le_log [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 78 39 78 89 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 76 8 76 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t_Item'0) - use prelude.prelude.Int + axiom inv_axiom'2 [@rewrite] : forall x : Seq.seq t_Item'0 [inv'2 x] . inv'2 x = invariant'1 x - use prelude.prelude.Int128 + use seq.Seq - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function view'1 [#"../../../creusot-contracts/src/std/iter/fuse.rs" 10 4 10 30] (self : t_Fuse'0) : t_Option'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int128) (o : int128) : t_Ordering'0 - - = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + axiom view'1_spec : forall self : t_Fuse'0 . ([%#sfuse20] inv'1 self -> inv'4 (view'1 self)) + && ([%#sfuse21] forall other : t_Fuse'0 . view'1 self = view'1 other -> self = other) - constant x : int128 + use seq.Seq - constant y : int128 + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) + - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (x : int128) (y : int128) : () + function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + - goal vc_cmp_le_log'0 : [%#sord0] (x <= y) = (cmp_log'0 x y <> C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi2364657485180829964__cmp_lt_log [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 83 39 83 86 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 81 8 81 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter26] inv'6 a) + -> ([%#siter27] inv'6 b) + -> ([%#siter28] inv'6 c) + -> ([%#siter29] produces'1 a ab b) + -> ([%#siter30] produces'1 b bc c) -> ([%#siter31] produces'1 a (Seq.(++) ab bc) c) - use prelude.prelude.Int + function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 40 4 40 27] (self : t_I'0) : () - use prelude.prelude.Int128 + axiom produces_refl'1_spec : forall self : t_I'0 . ([%#siter24] inv'6 self) + -> ([%#siter25] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/fuse.rs" 27 4 27 65] (self : t_Fuse'0) (prod : Seq.seq t_Item'0) (other : t_Fuse'0) + + = + [%#sfuse8] match view'1 self with + | C_None'0 -> prod = (Seq.empty : Seq.seq t_Item'0) /\ view'1 other = view'1 self + | C_Some'0 i -> match view'1 other with + | C_Some'0 i2 -> produces'1 i prod i2 + | C_None'0 -> false + end + end - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int128) (o : int128) : t_Ordering'0 + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter/fuse.rs" 53 4 53 90] (a : t_Fuse'0) (ab : Seq.seq t_Item'0) (b : t_Fuse'0) (bc : Seq.seq t_Item'0) (c : t_Fuse'0) : () = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sfuse18] () - constant x : int128 + axiom produces_trans'0_spec : forall a : t_Fuse'0, ab : Seq.seq t_Item'0, b : t_Fuse'0, bc : Seq.seq t_Item'0, c : t_Fuse'0 . ([%#sfuse12] inv'1 a) + -> ([%#sfuse13] inv'1 b) + -> ([%#sfuse14] inv'1 c) + -> ([%#sfuse15] produces'0 a ab b) + -> ([%#sfuse16] produces'0 b bc c) -> ([%#sfuse17] produces'0 a (Seq.(++) ab bc) c) - constant y : int128 + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter/fuse.rs" 43 4 43 26] (self : t_Fuse'0) : () = + [%#sfuse11] () - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (x : int128) (y : int128) : () + axiom produces_refl'0_spec : forall self : t_Fuse'0 . ([%#sfuse9] inv'1 self) + -> ([%#sfuse10] produces'0 self (Seq.empty : Seq.seq t_Item'0) self) - goal vc_cmp_lt_log'0 : [%#sord0] (x < y) = (cmp_log'0 x y = C_Less'0) -end -module M_creusot_contracts__logic__ord__qyi2364657485180829964__cmp_ge_log [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 88 39 88 86 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 86 8 86 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + function view'0 [#"../../../creusot-contracts/src/model.rs" 105 4 105 33] (self : borrowed (t_Fuse'0)) : t_Option'0 = + [%#smodel19] view'1 self.current - use prelude.prelude.Int + predicate invariant'2 [#"../../../creusot-contracts/src/invariant.rs" 33 4 33 30] (self : borrowed t_I'0) = + [%#sinvariant22] inv'6 self.current /\ inv'6 self.final - use prelude.prelude.Int128 + predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : borrowed t_I'0) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 - - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int128) (o : int128) : t_Ordering'0 - - = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - - constant x : int128 - - constant y : int128 + axiom inv_axiom'3 [@rewrite] : forall x : borrowed t_I'0 [inv'3 x] . inv'3 x = invariant'2 x - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (x : int128) (y : int128) : () + predicate completed'1 [#"../../../creusot-contracts/src/std/iter.rs" 35 4 35 36] (self : borrowed t_I'0) - goal vc_cmp_ge_log'0 : [%#sord0] (x >= y) = (cmp_log'0 x y <> C_Less'0) -end -module M_creusot_contracts__logic__ord__qyi2364657485180829964__cmp_gt_log [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 93 39 93 89 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 91 8 91 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + predicate completed'0 [#"../../../creusot-contracts/src/std/iter/fuse.rs" 18 4 18 35] (self : borrowed (t_Fuse'0)) = + [%#sfuse7] (view'0 self = C_None'0 + \/ (exists it : borrowed t_I'0 . inv'3 it /\ completed'1 it /\ view'0 self = C_Some'0 (it.current))) + /\ view'1 self.final = C_None'0 - use prelude.prelude.Int + constant self : borrowed (t_Fuse'0) - use prelude.prelude.Int128 + constant steps : Seq.seq t_Item'0 - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + constant next : t_Fuse'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int128) (o : int128) : t_Ordering'0 + function is_fused'0 [#"../../../creusot-contracts/src/std/iter/fuse.rs" 76 4 76 62] (self : borrowed (t_Fuse'0)) (steps : Seq.seq t_Item'0) (next : t_Fuse'0) : () - = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - constant x : int128 + goal vc_is_fused'0 : ([%#sfuse4] produces'0 self.final steps next) + -> ([%#sfuse3] completed'0 self) + -> ([%#sfuse2] inv'2 steps) + -> ([%#sfuse1] inv'1 next) + -> ([%#sfuse0] inv'0 self) -> ([%#sfuse5] steps = (Seq.empty : Seq.seq t_Item'0) /\ self.final = next) +end +module M_creusot_contracts__stdqy35z1__iter__map__qyi6597778842032428791__produces_refl [#"../../../creusot-contracts/src/std/iter/map.rs" 83 4 83 26] (* as std::iter::Iterator> *) + let%span smap0 = "../../../creusot-contracts/src/std/iter/map.rs" 81 15 81 24 + let%span smap1 = "../../../creusot-contracts/src/std/iter/map.rs" 82 14 82 45 + let%span smap2 = "../../../creusot-contracts/src/std/iter/map.rs" 79 4 79 10 + let%span smap3 = "../../../creusot-contracts/src/std/iter/map.rs" 64 12 75 75 + let%span smap4 = "../../../creusot-contracts/src/std/iter/map.rs" 24 14 24 39 + let%span smap5 = "../../../creusot-contracts/src/std/iter/map.rs" 17 14 17 39 + let%span sops6 = "../../../creusot-contracts/src/std/ops.rs" 105 15 105 59 + let%span sops7 = "../../../creusot-contracts/src/std/ops.rs" 106 14 106 36 + let%span sops8 = "../../../creusot-contracts/src/std/ops.rs" 111 14 111 31 + let%span sops9 = "../../../creusot-contracts/src/std/ops.rs" 116 15 116 29 + let%span sops10 = "../../../creusot-contracts/src/std/ops.rs" 117 15 117 26 + let%span sops11 = "../../../creusot-contracts/src/std/ops.rs" 118 14 118 28 + let%span sops12 = "../../../creusot-contracts/src/std/ops.rs" 123 14 124 105 + let%span siter13 = "../../../creusot-contracts/src/std/iter.rs" 38 15 38 24 + let%span siter14 = "../../../creusot-contracts/src/std/iter.rs" 39 14 39 45 + let%span siter15 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 21 + let%span siter16 = "../../../creusot-contracts/src/std/iter.rs" 44 15 44 21 + let%span siter17 = "../../../creusot-contracts/src/std/iter.rs" 45 15 45 21 + let%span siter18 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 + let%span siter19 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 + let%span siter20 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 + let%span sseq21 = "../../../creusot-contracts/src/logic/seq.rs" 609 20 609 95 + let%span sboxed22 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 + let%span sinvariant23 = "../../../creusot-contracts/src/invariant.rs" 34 20 34 44 - constant y : int128 + type t_I'0 - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (x : int128) (y : int128) : () + type t_F'0 - goal vc_cmp_gt_log'0 : [%#sord0] (x > y) = (cmp_log'0 x y = C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi2364657485180829964__refl [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 98 39 98 70 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 96 8 96 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + type t_Map'0 = + { t_Map__iter'0: t_I'0; t_Map__f'0: t_F'0 } - use prelude.prelude.Int128 + predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_F'0) - use prelude.prelude.Int + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Map'0) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int128) (o : int128) : t_Ordering'0 - - = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + axiom inv_axiom'0 [@rewrite] : forall x : t_Map'0 [inv'0 x] . inv'0 x + = match x with + | {t_Map__iter'0 = iter ; t_Map__f'0 = f} -> inv'3 iter /\ inv'4 f + end - constant x : int128 + use seq.Seq - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (x : int128) : () + type t_B'0 - goal vc_refl'0 : [%#sord0] cmp_log'0 x x = C_Equal'0 -end -module M_creusot_contracts__logic__ord__qyi2364657485180829964__trans [#"../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 103 40 103 57 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 104 40 104 57 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 105 39 105 56 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 101 8 101 35 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + use seq.Seq - use prelude.prelude.Int128 + function func'0 [#"../../../creusot-contracts/src/std/iter/map.rs" 25 4 25 22] (self : t_Map'0) : t_F'0 - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + axiom func'0_spec : forall self : t_Map'0 . [%#smap4] inv'0 self -> inv'4 (func'0 self) - use prelude.prelude.Int + type t_Item'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int128) (o : int128) : t_Ordering'0 + predicate postcondition_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 81 4 81 73] (self : t_F'0) (args : t_Item'0) (result : t_B'0) - = - [%#sord4] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - constant x : int128 - - constant y : int128 - - constant z : int128 + use prelude.prelude.Borrow - constant o : t_Ordering'0 + predicate resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_F'0) - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56] (x : int128) (y : int128) (z : int128) (o : t_Ordering'0) : () + predicate postcondition_mut'0 [#"../../../creusot-contracts/src/std/ops.rs" 91 4 91 92] (self : t_F'0) (args : t_Item'0) (result_state : t_F'0) (result : t_B'0) - goal vc_trans'0 : ([%#sord1] cmp_log'0 y z = o) -> ([%#sord0] cmp_log'0 x y = o) -> ([%#sord2] cmp_log'0 x z = o) -end -module M_creusot_contracts__logic__ord__qyi2364657485180829964__antisym1 [#"../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 110 40 110 70 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 111 39 111 72 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 108 8 108 35 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 - - use prelude.prelude.Int128 + function fn_mut_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 125 4 125 55] (self : t_F'0) (args : t_Item'0) (res : t_B'0) : () + - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + axiom fn_mut_once'0_spec : forall self : t_F'0, args : t_Item'0, res : t_B'0 . [%#sops12] postcondition_once'0 self args res + = (exists res_state : t_F'0 . postcondition_mut'0 self args res_state res /\ resolve'0 res_state) - use prelude.prelude.Int + predicate unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 99 4 99 36] (self : t_F'0) (_2 : t_F'0) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int128) (o : int128) : t_Ordering'0 + function unnest_trans'0 [#"../../../creusot-contracts/src/std/ops.rs" 119 4 119 43] (self : t_F'0) (b : t_F'0) (c : t_F'0) : () - = - [%#sord3] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - constant x : int128 + axiom unnest_trans'0_spec : forall self : t_F'0, b : t_F'0, c : t_F'0 . ([%#sops9] unnest'0 self b) + -> ([%#sops10] unnest'0 b c) -> ([%#sops11] unnest'0 self c) - constant y : int128 + function unnest_refl'0 [#"../../../creusot-contracts/src/std/ops.rs" 112 4 112 24] (self : t_F'0) : () - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37] (x : int128) (y : int128) : () + axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops8] unnest'0 self self - goal vc_antisym1'0 : ([%#sord0] cmp_log'0 x y = C_Less'0) -> ([%#sord1] cmp_log'0 y x = C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi2364657485180829964__antisym2 [#"../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 116 40 116 73 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 117 39 117 69 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 114 8 114 35 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + function postcondition_mut_unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 107 4 107 85] (self : t_F'0) (args : t_Item'0) (res_state : t_F'0) (res : t_B'0) : () + - use prelude.prelude.Int128 + axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : t_Item'0, res_state : t_F'0, res : t_B'0 . ([%#sops6] postcondition_mut'0 self args res_state res) + -> ([%#sops7] unnest'0 self res_state) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use seq.Seq use prelude.prelude.Int - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int128) (o : int128) : t_Ordering'0 - - = - [%#sord3] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + use seq.Seq - constant x : int128 + use seq.Seq - constant y : int128 + predicate invariant'4 [#"../../../creusot-contracts/src/invariant.rs" 33 4 33 30] (self : borrowed t_F'0) = + [%#sinvariant23] inv'4 self.current /\ inv'4 self.final - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37] (x : int128) (y : int128) : () + predicate inv'7 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : borrowed t_F'0) - goal vc_antisym2'0 : ([%#sord0] cmp_log'0 x y = C_Greater'0) -> ([%#sord1] cmp_log'0 y x = C_Less'0) -end -module M_creusot_contracts__logic__ord__qyi2364657485180829964__eq_cmp [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 122 39 122 84 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 120 8 120 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + axiom inv_axiom'5 [@rewrite] : forall x : borrowed t_F'0 [inv'7 x] . inv'7 x = invariant'4 x - use prelude.prelude.Int128 + predicate invariant'2 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : borrowed t_F'0) = + [%#sboxed22] inv'7 self - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + predicate inv'5 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : borrowed t_F'0) - use prelude.prelude.Int + axiom inv_axiom'3 [@rewrite] : forall x : borrowed t_F'0 [inv'5 x] . inv'5 x = invariant'2 x - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int128) (o : int128) : t_Ordering'0 - + predicate invariant'0 [#"../../../creusot-contracts/src/logic/seq.rs" 608 4 608 30] (self : Seq.seq (borrowed t_F'0)) = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - - constant x : int128 - - constant y : int128 - - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (x : int128) (y : int128) : () - - goal vc_eq_cmp'0 : [%#sord0] (x = y) = (cmp_log'0 x y = C_Equal'0) -end -module M_creusot_contracts__logic__ord__qyi8047313880300482848__cmp_le_log [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 78 39 78 89 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 76 8 76 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 - - use prelude.prelude.Int + [%#sseq21] forall i : int . 0 <= i /\ i < Seq.length self -> inv'5 (Seq.get self i) - use prelude.prelude.IntSize + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq (borrowed t_F'0)) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq (borrowed t_F'0) [inv'1 x] . inv'1 x = invariant'0 x - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : isize) (o : isize) : t_Ordering'0 - - = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + use seq.Seq - constant x : isize + use seq.Seq - constant y : isize + use seq.Seq - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (x : isize) (y : isize) : () + use seq.Seq - goal vc_cmp_le_log'0 : [%#sord0] (x <= y) = (cmp_log'0 x y <> C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi8047313880300482848__cmp_lt_log [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 83 39 83 86 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 81 8 81 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + predicate inv'8 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) - use prelude.prelude.Int + predicate invariant'3 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : t_Item'0) = + [%#sboxed22] inv'8 self - use prelude.prelude.IntSize + predicate inv'6 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + axiom inv_axiom'4 [@rewrite] : forall x : t_Item'0 [inv'6 x] . inv'6 x = invariant'3 x - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : isize) (o : isize) : t_Ordering'0 - - = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + predicate invariant'1 [#"../../../creusot-contracts/src/logic/seq.rs" 608 4 608 30] (self : Seq.seq t_Item'0) = + [%#sseq21] forall i : int . 0 <= i /\ i < Seq.length self -> inv'6 (Seq.get self i) - constant x : isize + predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t_Item'0) - constant y : isize + axiom inv_axiom'2 [@rewrite] : forall x : Seq.seq t_Item'0 [inv'2 x] . inv'2 x = invariant'1 x - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (x : isize) (y : isize) : () + function iter'0 [#"../../../creusot-contracts/src/std/iter/map.rs" 18 4 18 22] (self : t_Map'0) : t_I'0 - goal vc_cmp_lt_log'0 : [%#sord0] (x < y) = (cmp_log'0 x y = C_Less'0) -end -module M_creusot_contracts__logic__ord__qyi8047313880300482848__cmp_ge_log [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 88 39 88 86 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 86 8 86 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + axiom iter'0_spec : forall self : t_Map'0 . [%#smap5] inv'0 self -> inv'3 (iter'0 self) - use prelude.prelude.Int + use seq.Seq - use prelude.prelude.IntSize + use seq.Seq - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) + - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : isize) (o : isize) : t_Ordering'0 + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - constant x : isize + axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter15] inv'3 a) + -> ([%#siter16] inv'3 b) + -> ([%#siter17] inv'3 c) + -> ([%#siter18] produces'1 a ab b) + -> ([%#siter19] produces'1 b bc c) -> ([%#siter20] produces'1 a (Seq.(++) ab bc) c) - constant y : isize + function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 40 4 40 27] (self : t_I'0) : () - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (x : isize) (y : isize) : () + axiom produces_refl'1_spec : forall self : t_I'0 . ([%#siter13] inv'3 self) + -> ([%#siter14] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) - goal vc_cmp_ge_log'0 : [%#sord0] (x >= y) = (cmp_log'0 x y <> C_Less'0) -end -module M_creusot_contracts__logic__ord__qyi8047313880300482848__cmp_gt_log [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 93 39 93 89 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 91 8 91 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + use seq.Seq - use prelude.prelude.Int + use seq.Seq - use prelude.prelude.IntSize + predicate precondition'0 [#"../../../creusot-contracts/src/std/ops.rs" 73 4 73 45] (self : t_F'0) (args : t_Item'0) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : isize) (o : isize) : t_Ordering'0 + predicate produces'0 [@inline:trivial] [#"../../../creusot-contracts/src/std/iter/map.rs" 62 4 62 67] (self : t_Map'0) (visited : Seq.seq t_B'0) (succ : t_Map'0) = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - - constant x : isize + [%#smap3] unnest'0 (func'0 self) (func'0 succ) + /\ (exists fs : Seq.seq (borrowed t_F'0) . inv'1 fs + /\ Seq.length fs = Seq.length visited + /\ (exists s : Seq.seq t_Item'0 [produces'1 (iter'0 self) s (iter'0 succ)] . inv'2 s + /\ Seq.length s = Seq.length visited + /\ produces'1 (iter'0 self) s (iter'0 succ) + /\ (forall i : int . 1 <= i /\ i < Seq.length fs -> (Seq.get fs (i - 1)).final = (Seq.get fs i).current) + /\ (if Seq.length visited = 0 then + func'0 self = func'0 succ + else + (Seq.get fs 0).current = func'0 self /\ (Seq.get fs (Seq.length visited - 1)).final = func'0 succ + ) + /\ (forall i : int . 0 <= i /\ i < Seq.length visited + -> unnest'0 (func'0 self) (Seq.get fs i).current + /\ precondition'0 (Seq.get fs i).current (Seq.get s i) + /\ postcondition_mut'0 (Seq.get fs i).current (Seq.get s i) (Seq.get fs i).final (Seq.get visited i)))) - constant y : isize + constant self : t_Map'0 - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (x : isize) (y : isize) : () + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter/map.rs" 83 4 83 26] (self : t_Map'0) : () - goal vc_cmp_gt_log'0 : [%#sord0] (x > y) = (cmp_log'0 x y = C_Greater'0) + goal vc_produces_refl'0 : ([%#smap0] inv'0 self) -> ([%#smap1] produces'0 self (Seq.empty : Seq.seq t_B'0) self) end -module M_creusot_contracts__logic__ord__qyi8047313880300482848__refl [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 98 39 98 70 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 96 8 96 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 +module M_creusot_contracts__stdqy35z1__iter__map__qyi6597778842032428791__produces_trans [#"../../../creusot-contracts/src/std/iter/map.rs" 93 4 93 90] (* as std::iter::Iterator> *) + let%span smap0 = "../../../creusot-contracts/src/std/iter/map.rs" 87 15 87 21 + let%span smap1 = "../../../creusot-contracts/src/std/iter/map.rs" 88 15 88 21 + let%span smap2 = "../../../creusot-contracts/src/std/iter/map.rs" 89 15 89 21 + let%span smap3 = "../../../creusot-contracts/src/std/iter/map.rs" 90 15 90 32 + let%span smap4 = "../../../creusot-contracts/src/std/iter/map.rs" 91 15 91 32 + let%span smap5 = "../../../creusot-contracts/src/std/iter/map.rs" 92 14 92 42 + let%span smap6 = "../../../creusot-contracts/src/std/iter/map.rs" 85 4 85 10 + let%span smap7 = "../../../creusot-contracts/src/std/iter/map.rs" 64 12 75 75 + let%span smap8 = "../../../creusot-contracts/src/std/iter/map.rs" 24 14 24 39 + let%span smap9 = "../../../creusot-contracts/src/std/iter/map.rs" 17 14 17 39 + let%span sops10 = "../../../creusot-contracts/src/std/ops.rs" 105 15 105 59 + let%span sops11 = "../../../creusot-contracts/src/std/ops.rs" 106 14 106 36 + let%span sops12 = "../../../creusot-contracts/src/std/ops.rs" 111 14 111 31 + let%span sops13 = "../../../creusot-contracts/src/std/ops.rs" 116 15 116 29 + let%span sops14 = "../../../creusot-contracts/src/std/ops.rs" 117 15 117 26 + let%span sops15 = "../../../creusot-contracts/src/std/ops.rs" 118 14 118 28 + let%span sops16 = "../../../creusot-contracts/src/std/ops.rs" 123 14 124 105 + let%span siter17 = "../../../creusot-contracts/src/std/iter.rs" 38 15 38 24 + let%span siter18 = "../../../creusot-contracts/src/std/iter.rs" 39 14 39 45 + let%span siter19 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 21 + let%span siter20 = "../../../creusot-contracts/src/std/iter.rs" 44 15 44 21 + let%span siter21 = "../../../creusot-contracts/src/std/iter.rs" 45 15 45 21 + let%span siter22 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 + let%span siter23 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 + let%span siter24 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 + let%span sseq25 = "../../../creusot-contracts/src/logic/seq.rs" 609 20 609 95 + let%span sboxed26 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 + let%span sinvariant27 = "../../../creusot-contracts/src/invariant.rs" 34 20 34 44 - use prelude.prelude.IntSize + type t_I'0 - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + type t_F'0 - use prelude.prelude.Int + type t_Map'0 = + { t_Map__iter'0: t_I'0; t_Map__f'0: t_F'0 } - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : isize) (o : isize) : t_Ordering'0 - - = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) - constant x : isize + predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_F'0) - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (x : isize) : () + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Map'0) - goal vc_refl'0 : [%#sord0] cmp_log'0 x x = C_Equal'0 -end -module M_creusot_contracts__logic__ord__qyi8047313880300482848__trans [#"../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 103 40 103 57 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 104 40 104 57 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 105 39 105 56 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 101 8 101 35 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + axiom inv_axiom'0 [@rewrite] : forall x : t_Map'0 [inv'0 x] . inv'0 x + = match x with + | {t_Map__iter'0 = iter ; t_Map__f'0 = f} -> inv'3 iter /\ inv'4 f + end - use prelude.prelude.IntSize + type t_B'0 - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use seq.Seq - use prelude.prelude.Int + function func'0 [#"../../../creusot-contracts/src/std/iter/map.rs" 25 4 25 22] (self : t_Map'0) : t_F'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : isize) (o : isize) : t_Ordering'0 - - = - [%#sord4] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + axiom func'0_spec : forall self : t_Map'0 . [%#smap8] inv'0 self -> inv'4 (func'0 self) - constant x : isize + type t_Item'0 - constant y : isize + predicate postcondition_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 81 4 81 73] (self : t_F'0) (args : t_Item'0) (result : t_B'0) + - constant z : isize + use prelude.prelude.Borrow - constant o : t_Ordering'0 + predicate resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_F'0) - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56] (x : isize) (y : isize) (z : isize) (o : t_Ordering'0) : () + predicate postcondition_mut'0 [#"../../../creusot-contracts/src/std/ops.rs" 91 4 91 92] (self : t_F'0) (args : t_Item'0) (result_state : t_F'0) (result : t_B'0) - goal vc_trans'0 : ([%#sord1] cmp_log'0 y z = o) -> ([%#sord0] cmp_log'0 x y = o) -> ([%#sord2] cmp_log'0 x z = o) -end -module M_creusot_contracts__logic__ord__qyi8047313880300482848__antisym1 [#"../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 110 40 110 70 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 111 39 111 72 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 108 8 108 35 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 - - use prelude.prelude.IntSize + function fn_mut_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 125 4 125 55] (self : t_F'0) (args : t_Item'0) (res : t_B'0) : () + - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + axiom fn_mut_once'0_spec : forall self : t_F'0, args : t_Item'0, res : t_B'0 . [%#sops16] postcondition_once'0 self args res + = (exists res_state : t_F'0 . postcondition_mut'0 self args res_state res /\ resolve'0 res_state) - use prelude.prelude.Int + predicate unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 99 4 99 36] (self : t_F'0) (_2 : t_F'0) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : isize) (o : isize) : t_Ordering'0 + function unnest_trans'0 [#"../../../creusot-contracts/src/std/ops.rs" 119 4 119 43] (self : t_F'0) (b : t_F'0) (c : t_F'0) : () - = - [%#sord3] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - constant x : isize + axiom unnest_trans'0_spec : forall self : t_F'0, b : t_F'0, c : t_F'0 . ([%#sops13] unnest'0 self b) + -> ([%#sops14] unnest'0 b c) -> ([%#sops15] unnest'0 self c) - constant y : isize + function unnest_refl'0 [#"../../../creusot-contracts/src/std/ops.rs" 112 4 112 24] (self : t_F'0) : () - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37] (x : isize) (y : isize) : () + axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops12] unnest'0 self self - goal vc_antisym1'0 : ([%#sord0] cmp_log'0 x y = C_Less'0) -> ([%#sord1] cmp_log'0 y x = C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi8047313880300482848__antisym2 [#"../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 116 40 116 73 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 117 39 117 69 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 114 8 114 35 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + function postcondition_mut_unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 107 4 107 85] (self : t_F'0) (args : t_Item'0) (res_state : t_F'0) (res : t_B'0) : () + - use prelude.prelude.IntSize + axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : t_Item'0, res_state : t_F'0, res : t_B'0 . ([%#sops10] postcondition_mut'0 self args res_state res) + -> ([%#sops11] unnest'0 self res_state) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use seq.Seq use prelude.prelude.Int - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : isize) (o : isize) : t_Ordering'0 - - = - [%#sord3] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + use seq.Seq - constant x : isize + use seq.Seq - constant y : isize + predicate invariant'4 [#"../../../creusot-contracts/src/invariant.rs" 33 4 33 30] (self : borrowed t_F'0) = + [%#sinvariant27] inv'4 self.current /\ inv'4 self.final - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37] (x : isize) (y : isize) : () + predicate inv'7 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : borrowed t_F'0) - goal vc_antisym2'0 : ([%#sord0] cmp_log'0 x y = C_Greater'0) -> ([%#sord1] cmp_log'0 y x = C_Less'0) -end -module M_creusot_contracts__logic__ord__qyi8047313880300482848__eq_cmp [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 122 39 122 84 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 120 8 120 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + axiom inv_axiom'5 [@rewrite] : forall x : borrowed t_F'0 [inv'7 x] . inv'7 x = invariant'4 x - use prelude.prelude.IntSize + predicate invariant'2 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : borrowed t_F'0) = + [%#sboxed26] inv'7 self - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + predicate inv'5 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : borrowed t_F'0) - use prelude.prelude.Int + axiom inv_axiom'3 [@rewrite] : forall x : borrowed t_F'0 [inv'5 x] . inv'5 x = invariant'2 x - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : isize) (o : isize) : t_Ordering'0 - + predicate invariant'0 [#"../../../creusot-contracts/src/logic/seq.rs" 608 4 608 30] (self : Seq.seq (borrowed t_F'0)) = - [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - - constant x : isize + [%#sseq25] forall i : int . 0 <= i /\ i < Seq.length self -> inv'5 (Seq.get self i) - constant y : isize + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq (borrowed t_F'0)) - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (x : isize) (y : isize) : () + axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq (borrowed t_F'0) [inv'1 x] . inv'1 x = invariant'0 x - goal vc_eq_cmp'0 : [%#sord0] (x = y) = (cmp_log'0 x y = C_Equal'0) -end -module M_creusot_contracts__logic__ord__qyi17836724837647357586__cmp_le_log [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 78 39 78 89 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 76 8 76 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 11 20 11 56 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 197 8 202 9 + use seq.Seq - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 196 4 196 41] (self : bool) (o : bool) : t_Ordering'0 - - = - [%#sord3] match (self, o) with - | (False, False) -> C_Equal'0 - | (True, True) -> C_Equal'0 - | (False, True) -> C_Less'0 - | (True, False) -> C_Greater'0 - end + use seq.Seq - function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 10 4 10 36] (self : bool) (o : bool) : bool = - [%#sord2] cmp_log'0 self o <> C_Greater'0 + use seq.Seq - constant x : bool + predicate inv'8 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) - constant y : bool + predicate invariant'3 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : t_Item'0) = + [%#sboxed26] inv'8 self - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (x : bool) (y : bool) : () + predicate inv'6 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) - goal vc_cmp_le_log'0 : [%#sord0] le_log'0 x y = (cmp_log'0 x y <> C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi17836724837647357586__cmp_lt_log [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 83 39 83 86 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 81 8 81 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 21 20 21 53 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 197 8 202 9 + axiom inv_axiom'4 [@rewrite] : forall x : t_Item'0 [inv'6 x] . inv'6 x = invariant'3 x - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + predicate invariant'1 [#"../../../creusot-contracts/src/logic/seq.rs" 608 4 608 30] (self : Seq.seq t_Item'0) = + [%#sseq25] forall i : int . 0 <= i /\ i < Seq.length self -> inv'6 (Seq.get self i) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 196 4 196 41] (self : bool) (o : bool) : t_Ordering'0 - - = - [%#sord3] match (self, o) with - | (False, False) -> C_Equal'0 - | (True, True) -> C_Equal'0 - | (False, True) -> C_Less'0 - | (True, False) -> C_Greater'0 - end + predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t_Item'0) - function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 20 4 20 36] (self : bool) (o : bool) : bool = - [%#sord2] cmp_log'0 self o = C_Less'0 + axiom inv_axiom'2 [@rewrite] : forall x : Seq.seq t_Item'0 [inv'2 x] . inv'2 x = invariant'1 x - constant x : bool + function iter'0 [#"../../../creusot-contracts/src/std/iter/map.rs" 18 4 18 22] (self : t_Map'0) : t_I'0 - constant y : bool + axiom iter'0_spec : forall self : t_Map'0 . [%#smap9] inv'0 self -> inv'3 (iter'0 self) - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (x : bool) (y : bool) : () + use seq.Seq - goal vc_cmp_lt_log'0 : [%#sord0] lt_log'0 x y = (cmp_log'0 x y = C_Less'0) -end -module M_creusot_contracts__logic__ord__qyi17836724837647357586__cmp_ge_log [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 88 39 88 86 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 86 8 86 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 31 20 31 53 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 197 8 202 9 + use seq.Seq - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) + - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 196 4 196 41] (self : bool) (o : bool) : t_Ordering'0 + function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - = - [%#sord3] match (self, o) with - | (False, False) -> C_Equal'0 - | (True, True) -> C_Equal'0 - | (False, True) -> C_Less'0 - | (True, False) -> C_Greater'0 - end - function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (self : bool) (o : bool) : bool = - [%#sord2] cmp_log'0 self o <> C_Less'0 + axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter19] inv'3 a) + -> ([%#siter20] inv'3 b) + -> ([%#siter21] inv'3 c) + -> ([%#siter22] produces'1 a ab b) + -> ([%#siter23] produces'1 b bc c) -> ([%#siter24] produces'1 a (Seq.(++) ab bc) c) - constant x : bool + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 40 4 40 27] (self : t_I'0) : () - constant y : bool + axiom produces_refl'0_spec : forall self : t_I'0 . ([%#siter17] inv'3 self) + -> ([%#siter18] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (x : bool) (y : bool) : () + use seq.Seq - goal vc_cmp_ge_log'0 : [%#sord0] ge_log'0 x y = (cmp_log'0 x y <> C_Less'0) -end -module M_creusot_contracts__logic__ord__qyi17836724837647357586__cmp_gt_log [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 93 39 93 89 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 91 8 91 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 41 20 41 56 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 197 8 202 9 + use seq.Seq - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + predicate precondition'0 [#"../../../creusot-contracts/src/std/ops.rs" 73 4 73 45] (self : t_F'0) (args : t_Item'0) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 196 4 196 41] (self : bool) (o : bool) : t_Ordering'0 - + use seq.Seq + + predicate produces'0 [@inline:trivial] [#"../../../creusot-contracts/src/std/iter/map.rs" 62 4 62 67] (self : t_Map'0) (visited : Seq.seq t_B'0) (succ : t_Map'0) + = - [%#sord3] match (self, o) with - | (False, False) -> C_Equal'0 - | (True, True) -> C_Equal'0 - | (False, True) -> C_Less'0 - | (True, False) -> C_Greater'0 - end + [%#smap7] unnest'0 (func'0 self) (func'0 succ) + /\ (exists fs : Seq.seq (borrowed t_F'0) . inv'1 fs + /\ Seq.length fs = Seq.length visited + /\ (exists s : Seq.seq t_Item'0 [produces'1 (iter'0 self) s (iter'0 succ)] . inv'2 s + /\ Seq.length s = Seq.length visited + /\ produces'1 (iter'0 self) s (iter'0 succ) + /\ (forall i : int . 1 <= i /\ i < Seq.length fs -> (Seq.get fs (i - 1)).final = (Seq.get fs i).current) + /\ (if Seq.length visited = 0 then + func'0 self = func'0 succ + else + (Seq.get fs 0).current = func'0 self /\ (Seq.get fs (Seq.length visited - 1)).final = func'0 succ + ) + /\ (forall i : int . 0 <= i /\ i < Seq.length visited + -> unnest'0 (func'0 self) (Seq.get fs i).current + /\ precondition'0 (Seq.get fs i).current (Seq.get s i) + /\ postcondition_mut'0 (Seq.get fs i).current (Seq.get s i) (Seq.get fs i).final (Seq.get visited i)))) - function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 40 4 40 36] (self : bool) (o : bool) : bool = - [%#sord2] cmp_log'0 self o = C_Greater'0 + use seq.Seq - constant x : bool + constant a : t_Map'0 - constant y : bool + constant ab : Seq.seq t_B'0 - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (x : bool) (y : bool) : () + constant b : t_Map'0 - goal vc_cmp_gt_log'0 : [%#sord0] gt_log'0 x y = (cmp_log'0 x y = C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi17836724837647357586__refl [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 98 39 98 70 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 96 8 96 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 197 8 202 9 + constant bc : Seq.seq t_B'0 - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + constant c : t_Map'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 196 4 196 41] (self : bool) (o : bool) : t_Ordering'0 + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter/map.rs" 93 4 93 90] (a : t_Map'0) (ab : Seq.seq t_B'0) (b : t_Map'0) (bc : Seq.seq t_B'0) (c : t_Map'0) : () - = - [%#sord2] match (self, o) with - | (False, False) -> C_Equal'0 - | (True, True) -> C_Equal'0 - | (False, True) -> C_Less'0 - | (True, False) -> C_Greater'0 - end - - constant x : bool - - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (x : bool) : () - goal vc_refl'0 : [%#sord0] cmp_log'0 x x = C_Equal'0 + goal vc_produces_trans'0 : ([%#smap4] produces'0 b bc c) + -> ([%#smap3] produces'0 a ab b) + -> ([%#smap2] inv'0 c) + -> ([%#smap1] inv'0 b) -> ([%#smap0] inv'0 a) -> ([%#smap5] produces'0 a (Seq.(++) ab bc) c) end -module M_creusot_contracts__logic__ord__qyi17836724837647357586__trans [#"../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 103 40 103 57 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 104 40 104 57 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 105 39 105 56 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 101 8 101 35 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 197 8 202 9 - - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 +module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi9026772487048432788__produces_refl [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 25 4 25 26] (* ::Item, F> as std::iter::Iterator> *) + let%span smap_inv0 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 23 15 23 24 + let%span smap_inv1 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 24 14 24 45 + let%span smap_inv2 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 21 4 21 10 + let%span smap_inv3 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 41 8 54 9 + let%span smap_inv4 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 80 12 82 73 + let%span sops5 = "../../../creusot-contracts/src/std/ops.rs" 105 15 105 59 + let%span sops6 = "../../../creusot-contracts/src/std/ops.rs" 106 14 106 36 + let%span sops7 = "../../../creusot-contracts/src/std/ops.rs" 111 14 111 31 + let%span sops8 = "../../../creusot-contracts/src/std/ops.rs" 116 15 116 29 + let%span sops9 = "../../../creusot-contracts/src/std/ops.rs" 117 15 117 26 + let%span sops10 = "../../../creusot-contracts/src/std/ops.rs" 118 14 118 28 + let%span sops11 = "../../../creusot-contracts/src/std/ops.rs" 123 14 124 105 + let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 38 15 38 24 + let%span siter13 = "../../../creusot-contracts/src/std/iter.rs" 39 14 39 45 + let%span siter14 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 21 + let%span siter15 = "../../../creusot-contracts/src/std/iter.rs" 44 15 44 21 + let%span siter16 = "../../../creusot-contracts/src/std/iter.rs" 45 15 45 21 + let%span siter17 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 + let%span siter18 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 + let%span siter19 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 + let%span smap_inv20 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 159 12 163 47 + let%span smap_inv21 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 130 14 130 81 + let%span smap_inv22 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 133 12 138 88 + let%span smap_inv23 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 123 12 125 63 + let%span sseq24 = "../../../creusot-contracts/src/logic/seq.rs" 609 20 609 95 + let%span smap_inv25 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 146 12 151 71 + let%span sinvariant26 = "../../../creusot-contracts/src/invariant.rs" 34 20 34 44 + let%span sboxed27 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 196 4 196 41] (self : bool) (o : bool) : t_Ordering'0 - - = - [%#sord4] match (self, o) with - | (False, False) -> C_Equal'0 - | (True, True) -> C_Equal'0 - | (False, True) -> C_Less'0 - | (True, False) -> C_Greater'0 - end + type t_I'0 - constant x : bool + type t_F'0 - constant y : bool + type t_Item'0 - constant z : bool + use seq.Seq - constant o : t_Ordering'0 + use prelude.prelude.Snapshot - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56] (x : bool) (y : bool) (z : bool) (o : t_Ordering'0) : () - + type t_MapInv'0 = + { t_MapInv__iter'0: t_I'0; t_MapInv__func'0: t_F'0; t_MapInv__produced'0: Snapshot.snap_ty (Seq.seq t_Item'0) } - goal vc_trans'0 : ([%#sord1] cmp_log'0 y z = o) -> ([%#sord0] cmp_log'0 x y = o) -> ([%#sord2] cmp_log'0 x z = o) -end -module M_creusot_contracts__logic__ord__qyi17836724837647357586__antisym1 [#"../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 110 40 110 70 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 111 39 111 72 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 108 8 108 35 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 197 8 202 9 + use prelude.prelude.Borrow - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 196 4 196 41] (self : bool) (o : bool) : t_Ordering'0 - - = - [%#sord3] match (self, o) with - | (False, False) -> C_Equal'0 - | (True, True) -> C_Equal'0 - | (False, True) -> C_Less'0 - | (True, False) -> C_Greater'0 - end + predicate invariant'3 [#"../../../creusot-contracts/src/invariant.rs" 33 4 33 30] (self : borrowed t_I'0) = + [%#sinvariant26] inv'3 self.current /\ inv'3 self.final - constant x : bool + predicate inv'5 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : borrowed t_I'0) - constant y : bool + axiom inv_axiom'3 [@rewrite] : forall x : borrowed t_I'0 [inv'5 x] . inv'5 x = invariant'3 x - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37] (x : bool) (y : bool) : () + predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_F'0) - goal vc_antisym1'0 : ([%#sord0] cmp_log'0 x y = C_Less'0) -> ([%#sord1] cmp_log'0 y x = C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi17836724837647357586__antisym2 [#"../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 116 40 116 73 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 117 39 117 69 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 114 8 114 35 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 197 8 202 9 + use seq.Seq - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 196 4 196 41] (self : bool) (o : bool) : t_Ordering'0 + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - = - [%#sord3] match (self, o) with - | (False, False) -> C_Equal'0 - | (True, True) -> C_Equal'0 - | (False, True) -> C_Less'0 - | (True, False) -> C_Greater'0 - end - - constant x : bool - - constant y : bool - - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37] (x : bool) (y : bool) : () - - goal vc_antisym2'0 : ([%#sord0] cmp_log'0 x y = C_Greater'0) -> ([%#sord1] cmp_log'0 y x = C_Less'0) -end -module M_creusot_contracts__logic__ord__qyi17836724837647357586__eq_cmp [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 122 39 122 84 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 120 8 120 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 197 8 202 9 - - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 196 4 196 41] (self : bool) (o : bool) : t_Ordering'0 + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - = - [%#sord2] match (self, o) with - | (False, False) -> C_Equal'0 - | (True, True) -> C_Equal'0 - | (False, True) -> C_Less'0 - | (True, False) -> C_Greater'0 - end - constant x : bool + axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter14] inv'3 a) + -> ([%#siter15] inv'3 b) + -> ([%#siter16] inv'3 c) + -> ([%#siter17] produces'1 a ab b) + -> ([%#siter18] produces'1 b bc c) -> ([%#siter19] produces'1 a (Seq.(++) ab bc) c) - constant y : bool + function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 40 4 40 27] (self : t_I'0) : () - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (x : bool) (y : bool) : () + axiom produces_refl'1_spec : forall self : t_I'0 . ([%#siter12] inv'3 self) + -> ([%#siter13] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) - goal vc_eq_cmp'0 : [%#sord0] (x = y) = (cmp_log'0 x y = C_Equal'0) -end -module M_creusot_contracts__logic__ord__qyi1910662420989811789__cmp_le_log [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (* <(A, B) as logic::ord::OrdLogic> *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 78 39 78 89 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 76 8 76 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 225 20 225 68 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 212 8 219 11 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 15 14 15 64 - let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 25 14 25 61 - let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 35 14 35 61 - let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 45 14 45 64 - let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 49 14 49 45 - let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 53 15 53 32 - let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 54 15 54 32 - let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 55 14 55 31 - let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 59 15 59 45 - let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 60 14 60 47 - let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 64 15 64 48 - let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 65 14 65 44 - let%span sord16 = "../../../creusot-contracts/src/logic/ord.rs" 69 14 69 59 + predicate completed'0 [#"../../../creusot-contracts/src/std/iter.rs" 35 4 35 36] (self : borrowed t_I'0) - type t_A'0 + predicate inv'6 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) - type t_B'0 + use seq.Seq - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use prelude.prelude.Snapshot - function cmp_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 6 4 6 42] (self : t_B'0) (_2 : t_B'0) : t_Ordering'0 + predicate precondition'0 [#"../../../creusot-contracts/src/std/ops.rs" 73 4 73 45] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 70 4 70 32] (x : t_B'0) (y : t_B'0) : () - - axiom eq_cmp'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord16] (x = y) = (cmp_log'2 x y = C_Equal'0) + predicate next_precondition'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 121 4 121 78] (iter : t_I'0) (func : t_F'0) (produced : Seq.seq t_Item'0) + + = + [%#smap_inv23] forall e : t_Item'0, i : t_I'0 . inv'6 e /\ inv'3 i /\ produces'1 iter (Seq.singleton e) i + -> precondition'0 func (e, Snapshot.new produced) - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 66 4 66 34] (x : t_B'0) (y : t_B'0) : () + type t_B'0 - axiom antisym2'0_spec : forall x : t_B'0, y : t_B'0 . ([%#sord14] cmp_log'2 x y = C_Greater'0) - -> ([%#sord15] cmp_log'2 y x = C_Less'0) + use prelude.prelude.Int - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 61 4 61 34] (x : t_B'0) (y : t_B'0) : () + use seq.Seq - axiom antisym1'0_spec : forall x : t_B'0, y : t_B'0 . ([%#sord12] cmp_log'2 x y = C_Less'0) - -> ([%#sord13] cmp_log'2 y x = C_Greater'0) + use seq.Seq - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 56 4 56 53] (x : t_B'0) (y : t_B'0) (z : t_B'0) (o : t_Ordering'0) : () - + predicate invariant'6 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : t_Item'0) = + [%#sboxed27] inv'6 self - axiom trans'0_spec : forall x : t_B'0, y : t_B'0, z : t_B'0, o : t_Ordering'0 . ([%#sord9] cmp_log'2 x y = o) - -> ([%#sord10] cmp_log'2 y z = o) -> ([%#sord11] cmp_log'2 x z = o) + predicate inv'10 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 50 4 50 21] (x : t_B'0) : () + axiom inv_axiom'6 [@rewrite] : forall x : t_Item'0 [inv'10 x] . inv'10 x = invariant'6 x - axiom refl'0_spec : forall x : t_B'0 . [%#sord8] cmp_log'2 x x = C_Equal'0 + predicate invariant'2 [#"../../../creusot-contracts/src/logic/seq.rs" 608 4 608 30] (self : Seq.seq t_Item'0) = + [%#sseq24] forall i : int . 0 <= i /\ i < Seq.length self -> inv'10 (Seq.get self i) - function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 40 4 40 36] (self : t_B'0) (o : t_B'0) : bool + predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t_Item'0) - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (x : t_B'0) (y : t_B'0) : () + axiom inv_axiom'2 [@rewrite] : forall x : Seq.seq t_Item'0 [inv'2 x] . inv'2 x = invariant'2 x - axiom cmp_gt_log'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord7] gt_log'0 x y = (cmp_log'2 x y = C_Greater'0) + predicate invariant'4 [#"../../../creusot-contracts/src/invariant.rs" 33 4 33 30] (self : borrowed t_F'0) = + [%#sinvariant26] inv'4 self.current /\ inv'4 self.final - function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (self : t_B'0) (o : t_B'0) : bool + predicate inv'7 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : borrowed t_F'0) - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 36 4 36 36] (x : t_B'0) (y : t_B'0) : () + axiom inv_axiom'4 [@rewrite] : forall x : borrowed t_F'0 [inv'7 x] . inv'7 x = invariant'4 x - axiom cmp_ge_log'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord6] ge_log'0 x y = (cmp_log'2 x y <> C_Less'0) + predicate inv'8 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_B'0) - function lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 20 4 20 36] (self : t_B'0) (o : t_B'0) : bool + predicate postcondition_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 81 4 81 73] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (result : t_B'0) + - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 26 4 26 36] (x : t_B'0) (y : t_B'0) : () + predicate resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_F'0) - axiom cmp_lt_log'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord5] lt_log'1 x y = (cmp_log'2 x y = C_Less'0) + predicate postcondition_mut'0 [#"../../../creusot-contracts/src/std/ops.rs" 91 4 91 92] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (result_state : t_F'0) (result : t_B'0) + - function le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 10 4 10 36] (self : t_B'0) (o : t_B'0) : bool + function fn_mut_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 125 4 125 55] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (res : t_B'0) : () + - function cmp_le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 16 4 16 36] (x : t_B'0) (y : t_B'0) : () + axiom fn_mut_once'0_spec : forall self : t_F'0, args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0)), res : t_B'0 . [%#sops11] postcondition_once'0 self args res + = (exists res_state : t_F'0 . postcondition_mut'0 self args res_state res /\ resolve'0 res_state) - axiom cmp_le_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord4] le_log'1 x y = (cmp_log'2 x y <> C_Greater'0) + predicate unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 99 4 99 36] (self : t_F'0) (_2 : t_F'0) - function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 6 4 6 42] (self : t_A'0) (_2 : t_A'0) : t_Ordering'0 + function unnest_trans'0 [#"../../../creusot-contracts/src/std/ops.rs" 119 4 119 43] (self : t_F'0) (b : t_F'0) (c : t_F'0) : () - function eq_cmp'1 [#"../../../creusot-contracts/src/logic/ord.rs" 70 4 70 32] (x : t_A'0) (y : t_A'0) : () + axiom unnest_trans'0_spec : forall self : t_F'0, b : t_F'0, c : t_F'0 . ([%#sops8] unnest'0 self b) + -> ([%#sops9] unnest'0 b c) -> ([%#sops10] unnest'0 self c) - axiom eq_cmp'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord16] (x = y) = (cmp_log'1 x y = C_Equal'0) + function unnest_refl'0 [#"../../../creusot-contracts/src/std/ops.rs" 112 4 112 24] (self : t_F'0) : () - function antisym2'1 [#"../../../creusot-contracts/src/logic/ord.rs" 66 4 66 34] (x : t_A'0) (y : t_A'0) : () + axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops7] unnest'0 self self - axiom antisym2'1_spec : forall x : t_A'0, y : t_A'0 . ([%#sord14] cmp_log'1 x y = C_Greater'0) - -> ([%#sord15] cmp_log'1 y x = C_Less'0) + function postcondition_mut_unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 107 4 107 85] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (res_state : t_F'0) (res : t_B'0) : () + - function antisym1'1 [#"../../../creusot-contracts/src/logic/ord.rs" 61 4 61 34] (x : t_A'0) (y : t_A'0) : () + axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0)), res_state : t_F'0, res : t_B'0 . ([%#sops5] postcondition_mut'0 self args res_state res) + -> ([%#sops6] unnest'0 self res_state) - axiom antisym1'1_spec : forall x : t_A'0, y : t_A'0 . ([%#sord12] cmp_log'1 x y = C_Less'0) - -> ([%#sord13] cmp_log'1 y x = C_Greater'0) + use seq.Seq - function trans'1 [#"../../../creusot-contracts/src/logic/ord.rs" 56 4 56 53] (x : t_A'0) (y : t_A'0) (z : t_A'0) (o : t_Ordering'0) : () + predicate preservation'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 144 4 144 49] (iter : t_I'0) (func : t_F'0) + = + [%#smap_inv25] forall s : Seq.seq t_Item'0, e1 : t_Item'0, e2 : t_Item'0, f : borrowed t_F'0, b : t_B'0, i : t_I'0 . inv'2 s + /\ inv'6 e1 /\ inv'6 e2 /\ inv'7 f /\ inv'8 b /\ inv'3 i /\ unnest'0 func f.current + -> produces'1 iter (Seq.snoc (Seq.snoc s e1) e2) i + -> precondition'0 f.current (e1, Snapshot.new s) + -> postcondition_mut'0 f.current (e1, Snapshot.new s) f.final b + -> precondition'0 f.final (e2, Snapshot.new (Seq.snoc s e1)) - axiom trans'1_spec : forall x : t_A'0, y : t_A'0, z : t_A'0, o : t_Ordering'0 . ([%#sord9] cmp_log'1 x y = o) - -> ([%#sord10] cmp_log'1 y z = o) -> ([%#sord11] cmp_log'1 x z = o) - - function refl'1 [#"../../../creusot-contracts/src/logic/ord.rs" 50 4 50 21] (x : t_A'0) : () + predicate reinitialize'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 157 4 157 33] (_1 : ()) = + [%#smap_inv20] forall iter : borrowed t_I'0, func : t_F'0 . inv'5 iter /\ inv'4 func + -> completed'0 iter + -> next_precondition'0 iter.final func (Seq.empty : Seq.seq t_Item'0) /\ preservation'0 iter.final func - axiom refl'1_spec : forall x : t_A'0 . [%#sord8] cmp_log'1 x x = C_Equal'0 + use prelude.prelude.Snapshot - function gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 40 4 40 36] (self : t_A'0) (o : t_A'0) : bool + predicate preservation_inv'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 131 4 131 73] (iter : t_I'0) (func : t_F'0) (produced : Seq.seq t_Item'0) + + = + [%#smap_inv22] forall s : Seq.seq t_Item'0, e1 : t_Item'0, e2 : t_Item'0, f : borrowed t_F'0, b : t_B'0, i : t_I'0 . inv'2 s + /\ inv'6 e1 /\ inv'6 e2 /\ inv'7 f /\ inv'8 b /\ inv'3 i /\ unnest'0 func f.current + -> produces'1 iter (Seq.snoc (Seq.snoc s e1) e2) i + -> precondition'0 f.current (e1, Snapshot.new (Seq.(++) produced s)) + -> postcondition_mut'0 f.current (e1, Snapshot.new (Seq.(++) produced s)) f.final b + -> precondition'0 f.final (e2, Snapshot.new (Seq.snoc (Seq.(++) produced s) e1)) - function cmp_gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (x : t_A'0) (y : t_A'0) : () + axiom preservation_inv'0_spec : forall iter : t_I'0, func : t_F'0, produced : Seq.seq t_Item'0 . [%#smap_inv21] produced + = (Seq.empty : Seq.seq t_Item'0) -> preservation_inv'0 iter func produced = preservation'0 iter func - axiom cmp_gt_log'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord7] gt_log'1 x y = (cmp_log'1 x y = C_Greater'0) + predicate invariant'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 78 4 78 30] (self : t_MapInv'0) = + [%#smap_inv4] reinitialize'0 () + /\ preservation_inv'0 self.t_MapInv__iter'0 self.t_MapInv__func'0 (Snapshot.inner self.t_MapInv__produced'0) + /\ next_precondition'0 self.t_MapInv__iter'0 self.t_MapInv__func'0 (Snapshot.inner self.t_MapInv__produced'0) - function ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (self : t_A'0) (o : t_A'0) : bool + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_MapInv'0) - function cmp_ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 36 4 36 36] (x : t_A'0) (y : t_A'0) : () + axiom inv_axiom'0 [@rewrite] : forall x : t_MapInv'0 [inv'0 x] . inv'0 x + = (invariant'0 x + /\ match x with + | {t_MapInv__iter'0 = iter ; t_MapInv__func'0 = func ; t_MapInv__produced'0 = produced} -> inv'3 iter /\ inv'4 func + end) - axiom cmp_ge_log'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord6] ge_log'1 x y = (cmp_log'1 x y <> C_Less'0) + use seq.Seq - function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 20 4 20 36] (self : t_A'0) (o : t_A'0) : bool + use seq.Seq - function cmp_lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 26 4 26 36] (x : t_A'0) (y : t_A'0) : () + use seq.Seq - axiom cmp_lt_log'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord5] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) + use seq.Seq - function le_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 10 4 10 36] (self : t_A'0) (o : t_A'0) : bool + use seq.Seq - function cmp_le_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 16 4 16 36] (x : t_A'0) (y : t_A'0) : () + predicate invariant'5 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : borrowed t_F'0) = + [%#sboxed27] inv'7 self - axiom cmp_le_log'2_spec : forall x : t_A'0, y : t_A'0 . [%#sord4] le_log'2 x y = (cmp_log'1 x y <> C_Greater'0) + predicate inv'9 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : borrowed t_F'0) - function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 224 4 224 36] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : bool - - = - [%#sord2] (let (a, _) = self in a) = (let (a, _) = o in a) - /\ le_log'1 (let (_, a) = self in a) (let (_, a) = o in a) - \/ lt_log'0 (let (a, _) = self in a) (let (a, _) = o in a) + axiom inv_axiom'5 [@rewrite] : forall x : borrowed t_F'0 [inv'9 x] . inv'9 x = invariant'5 x - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 211 4 211 41] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : t_Ordering'0 - + predicate invariant'1 [#"../../../creusot-contracts/src/logic/seq.rs" 608 4 608 30] (self : Seq.seq (borrowed t_F'0)) = - [%#sord3] let r = cmp_log'1 (let (a, _) = self in a) (let (a, _) = o in a) in if r = C_Equal'0 then - cmp_log'2 (let (_, a) = self in a) (let (_, a) = o in a) - else - r - - - constant x : (t_A'0, t_B'0) - - constant y : (t_A'0, t_B'0) - - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (x : (t_A'0, t_B'0)) (y : (t_A'0, t_B'0)) : () - + [%#sseq24] forall i : int . 0 <= i /\ i < Seq.length self -> inv'9 (Seq.get self i) - goal vc_cmp_le_log'0 : [%#sord0] le_log'0 x y = (cmp_log'0 x y <> C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi1910662420989811789__cmp_lt_log [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (* <(A, B) as logic::ord::OrdLogic> *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 83 39 83 86 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 81 8 81 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 231 20 231 67 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 212 8 219 11 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 15 14 15 64 - let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 25 14 25 61 - let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 35 14 35 61 - let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 45 14 45 64 - let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 49 14 49 45 - let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 53 15 53 32 - let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 54 15 54 32 - let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 55 14 55 31 - let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 59 15 59 45 - let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 60 14 60 47 - let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 64 15 64 48 - let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 65 14 65 44 - let%span sord16 = "../../../creusot-contracts/src/logic/ord.rs" 69 14 69 59 + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq (borrowed t_F'0)) - type t_A'0 + axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq (borrowed t_F'0) [inv'1 x] . inv'1 x = invariant'1 x - type t_B'0 + use seq.Seq - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use prelude.prelude.Snapshot - function cmp_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 6 4 6 42] (self : t_B'0) (_2 : t_B'0) : t_Ordering'0 - + use seq.Seq - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 70 4 70 32] (x : t_B'0) (y : t_B'0) : () + use seq.Seq - axiom eq_cmp'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord16] (x = y) = (cmp_log'2 x y = C_Equal'0) + use seq.Seq - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 66 4 66 34] (x : t_B'0) (y : t_B'0) : () + use seq.Seq - axiom antisym2'0_spec : forall x : t_B'0, y : t_B'0 . ([%#sord14] cmp_log'2 x y = C_Greater'0) - -> ([%#sord15] cmp_log'2 y x = C_Less'0) + predicate produces'0 [@inline:trivial] [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 40 4 40 67] (self : t_MapInv'0) (visited : Seq.seq t_B'0) (succ : t_MapInv'0) + + = + [%#smap_inv3] unnest'0 self.t_MapInv__func'0 succ.t_MapInv__func'0 + /\ (exists fs : Seq.seq (borrowed t_F'0) . inv'1 fs + /\ Seq.length fs = Seq.length visited + /\ (exists s : Seq.seq t_Item'0 . inv'2 s + /\ Seq.length s = Seq.length visited + /\ produces'1 self.t_MapInv__iter'0 s succ.t_MapInv__iter'0 + /\ Snapshot.inner succ.t_MapInv__produced'0 = Seq.(++) (Snapshot.inner self.t_MapInv__produced'0) s + /\ (forall i : int . 1 <= i /\ i < Seq.length fs -> (Seq.get fs (i - 1)).final = (Seq.get fs i).current) + /\ (if Seq.length visited = 0 then + self.t_MapInv__func'0 = succ.t_MapInv__func'0 + else + (Seq.get fs 0).current = self.t_MapInv__func'0 + /\ (Seq.get fs (Seq.length visited - 1)).final = succ.t_MapInv__func'0 + ) + /\ (forall i : int . 0 <= i /\ i < Seq.length visited + -> unnest'0 self.t_MapInv__func'0 (Seq.get fs i).current + /\ precondition'0 (Seq.get fs i).current (Seq.get s i, Snapshot.new (Seq.(++) (Snapshot.inner self.t_MapInv__produced'0) (Seq.([..]) s 0 i))) + /\ postcondition_mut'0 (Seq.get fs i).current (Seq.get s i, Snapshot.new (Seq.(++) (Snapshot.inner self.t_MapInv__produced'0) (Seq.([..]) s 0 i))) (Seq.get fs i).final (Seq.get visited i)))) - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 61 4 61 34] (x : t_B'0) (y : t_B'0) : () + constant self : t_MapInv'0 - axiom antisym1'0_spec : forall x : t_B'0, y : t_B'0 . ([%#sord12] cmp_log'2 x y = C_Less'0) - -> ([%#sord13] cmp_log'2 y x = C_Greater'0) + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 25 4 25 26] (self : t_MapInv'0) : () - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 56 4 56 53] (x : t_B'0) (y : t_B'0) (z : t_B'0) (o : t_Ordering'0) : () - + goal vc_produces_refl'0 : ([%#smap_inv0] inv'0 self) + -> ([%#smap_inv1] produces'0 self (Seq.empty : Seq.seq t_B'0) self) +end +module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi9026772487048432788__produces_trans [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 35 4 35 90] (* ::Item, F> as std::iter::Iterator> *) + let%span smap_inv0 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 29 15 29 21 + let%span smap_inv1 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 30 15 30 21 + let%span smap_inv2 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 31 15 31 21 + let%span smap_inv3 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 32 15 32 32 + let%span smap_inv4 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 33 15 33 32 + let%span smap_inv5 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 34 14 34 42 + let%span smap_inv6 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 27 4 27 10 + let%span smap_inv7 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 41 8 54 9 + let%span smap_inv8 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 80 12 82 73 + let%span sops9 = "../../../creusot-contracts/src/std/ops.rs" 105 15 105 59 + let%span sops10 = "../../../creusot-contracts/src/std/ops.rs" 106 14 106 36 + let%span sops11 = "../../../creusot-contracts/src/std/ops.rs" 111 14 111 31 + let%span sops12 = "../../../creusot-contracts/src/std/ops.rs" 116 15 116 29 + let%span sops13 = "../../../creusot-contracts/src/std/ops.rs" 117 15 117 26 + let%span sops14 = "../../../creusot-contracts/src/std/ops.rs" 118 14 118 28 + let%span sops15 = "../../../creusot-contracts/src/std/ops.rs" 123 14 124 105 + let%span siter16 = "../../../creusot-contracts/src/std/iter.rs" 38 15 38 24 + let%span siter17 = "../../../creusot-contracts/src/std/iter.rs" 39 14 39 45 + let%span siter18 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 21 + let%span siter19 = "../../../creusot-contracts/src/std/iter.rs" 44 15 44 21 + let%span siter20 = "../../../creusot-contracts/src/std/iter.rs" 45 15 45 21 + let%span siter21 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 + let%span siter22 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 + let%span siter23 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 + let%span smap_inv24 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 159 12 163 47 + let%span smap_inv25 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 130 14 130 81 + let%span smap_inv26 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 133 12 138 88 + let%span smap_inv27 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 123 12 125 63 + let%span sseq28 = "../../../creusot-contracts/src/logic/seq.rs" 609 20 609 95 + let%span smap_inv29 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 146 12 151 71 + let%span sinvariant30 = "../../../creusot-contracts/src/invariant.rs" 34 20 34 44 + let%span sboxed31 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 - axiom trans'0_spec : forall x : t_B'0, y : t_B'0, z : t_B'0, o : t_Ordering'0 . ([%#sord9] cmp_log'2 x y = o) - -> ([%#sord10] cmp_log'2 y z = o) -> ([%#sord11] cmp_log'2 x z = o) + type t_I'0 - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 50 4 50 21] (x : t_B'0) : () + type t_F'0 - axiom refl'0_spec : forall x : t_B'0 . [%#sord8] cmp_log'2 x x = C_Equal'0 + type t_Item'0 - function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 40 4 40 36] (self : t_B'0) (o : t_B'0) : bool + use seq.Seq - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (x : t_B'0) (y : t_B'0) : () + use prelude.prelude.Snapshot - axiom cmp_gt_log'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord7] gt_log'0 x y = (cmp_log'2 x y = C_Greater'0) + type t_MapInv'0 = + { t_MapInv__iter'0: t_I'0; t_MapInv__func'0: t_F'0; t_MapInv__produced'0: Snapshot.snap_ty (Seq.seq t_Item'0) } - function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (self : t_B'0) (o : t_B'0) : bool + use prelude.prelude.Borrow - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 36 4 36 36] (x : t_B'0) (y : t_B'0) : () + predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) - axiom cmp_ge_log'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord6] ge_log'0 x y = (cmp_log'2 x y <> C_Less'0) + predicate invariant'3 [#"../../../creusot-contracts/src/invariant.rs" 33 4 33 30] (self : borrowed t_I'0) = + [%#sinvariant30] inv'3 self.current /\ inv'3 self.final - function lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 20 4 20 36] (self : t_B'0) (o : t_B'0) : bool + predicate inv'5 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : borrowed t_I'0) - function cmp_lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 26 4 26 36] (x : t_B'0) (y : t_B'0) : () + axiom inv_axiom'3 [@rewrite] : forall x : borrowed t_I'0 [inv'5 x] . inv'5 x = invariant'3 x - axiom cmp_lt_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord5] lt_log'1 x y = (cmp_log'2 x y = C_Less'0) + predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_F'0) - function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 10 4 10 36] (self : t_B'0) (o : t_B'0) : bool + use seq.Seq - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 16 4 16 36] (x : t_B'0) (y : t_B'0) : () + use seq.Seq - axiom cmp_le_log'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord4] le_log'0 x y = (cmp_log'2 x y <> C_Greater'0) + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) + - function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 6 4 6 42] (self : t_A'0) (_2 : t_A'0) : t_Ordering'0 + function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - function eq_cmp'1 [#"../../../creusot-contracts/src/logic/ord.rs" 70 4 70 32] (x : t_A'0) (y : t_A'0) : () + axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter18] inv'3 a) + -> ([%#siter19] inv'3 b) + -> ([%#siter20] inv'3 c) + -> ([%#siter21] produces'1 a ab b) + -> ([%#siter22] produces'1 b bc c) -> ([%#siter23] produces'1 a (Seq.(++) ab bc) c) + + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 40 4 40 27] (self : t_I'0) : () - axiom eq_cmp'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord16] (x = y) = (cmp_log'1 x y = C_Equal'0) + axiom produces_refl'0_spec : forall self : t_I'0 . ([%#siter16] inv'3 self) + -> ([%#siter17] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) - function antisym2'1 [#"../../../creusot-contracts/src/logic/ord.rs" 66 4 66 34] (x : t_A'0) (y : t_A'0) : () + predicate completed'0 [#"../../../creusot-contracts/src/std/iter.rs" 35 4 35 36] (self : borrowed t_I'0) - axiom antisym2'1_spec : forall x : t_A'0, y : t_A'0 . ([%#sord14] cmp_log'1 x y = C_Greater'0) - -> ([%#sord15] cmp_log'1 y x = C_Less'0) + predicate inv'6 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) - function antisym1'1 [#"../../../creusot-contracts/src/logic/ord.rs" 61 4 61 34] (x : t_A'0) (y : t_A'0) : () + use seq.Seq - axiom antisym1'1_spec : forall x : t_A'0, y : t_A'0 . ([%#sord12] cmp_log'1 x y = C_Less'0) - -> ([%#sord13] cmp_log'1 y x = C_Greater'0) + use prelude.prelude.Snapshot - function trans'1 [#"../../../creusot-contracts/src/logic/ord.rs" 56 4 56 53] (x : t_A'0) (y : t_A'0) (z : t_A'0) (o : t_Ordering'0) : () + predicate precondition'0 [#"../../../creusot-contracts/src/std/ops.rs" 73 4 73 45] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) - axiom trans'1_spec : forall x : t_A'0, y : t_A'0, z : t_A'0, o : t_Ordering'0 . ([%#sord9] cmp_log'1 x y = o) - -> ([%#sord10] cmp_log'1 y z = o) -> ([%#sord11] cmp_log'1 x z = o) + predicate next_precondition'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 121 4 121 78] (iter : t_I'0) (func : t_F'0) (produced : Seq.seq t_Item'0) + + = + [%#smap_inv27] forall e : t_Item'0, i : t_I'0 . inv'6 e /\ inv'3 i /\ produces'1 iter (Seq.singleton e) i + -> precondition'0 func (e, Snapshot.new produced) - function refl'1 [#"../../../creusot-contracts/src/logic/ord.rs" 50 4 50 21] (x : t_A'0) : () + type t_B'0 - axiom refl'1_spec : forall x : t_A'0 . [%#sord8] cmp_log'1 x x = C_Equal'0 + use prelude.prelude.Int - function gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 40 4 40 36] (self : t_A'0) (o : t_A'0) : bool + use seq.Seq - function cmp_gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (x : t_A'0) (y : t_A'0) : () + use seq.Seq - axiom cmp_gt_log'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord7] gt_log'1 x y = (cmp_log'1 x y = C_Greater'0) + predicate invariant'6 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : t_Item'0) = + [%#sboxed31] inv'6 self - function ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (self : t_A'0) (o : t_A'0) : bool + predicate inv'10 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) - function cmp_ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 36 4 36 36] (x : t_A'0) (y : t_A'0) : () + axiom inv_axiom'6 [@rewrite] : forall x : t_Item'0 [inv'10 x] . inv'10 x = invariant'6 x - axiom cmp_ge_log'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord6] ge_log'1 x y = (cmp_log'1 x y <> C_Less'0) + predicate invariant'2 [#"../../../creusot-contracts/src/logic/seq.rs" 608 4 608 30] (self : Seq.seq t_Item'0) = + [%#sseq28] forall i : int . 0 <= i /\ i < Seq.length self -> inv'10 (Seq.get self i) - function lt_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 20 4 20 36] (self : t_A'0) (o : t_A'0) : bool + predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t_Item'0) - function cmp_lt_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 26 4 26 36] (x : t_A'0) (y : t_A'0) : () + axiom inv_axiom'2 [@rewrite] : forall x : Seq.seq t_Item'0 [inv'2 x] . inv'2 x = invariant'2 x - axiom cmp_lt_log'2_spec : forall x : t_A'0, y : t_A'0 . [%#sord5] lt_log'2 x y = (cmp_log'1 x y = C_Less'0) + predicate invariant'4 [#"../../../creusot-contracts/src/invariant.rs" 33 4 33 30] (self : borrowed t_F'0) = + [%#sinvariant30] inv'4 self.current /\ inv'4 self.final - function le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 10 4 10 36] (self : t_A'0) (o : t_A'0) : bool + predicate inv'7 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : borrowed t_F'0) - function cmp_le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 16 4 16 36] (x : t_A'0) (y : t_A'0) : () + axiom inv_axiom'4 [@rewrite] : forall x : borrowed t_F'0 [inv'7 x] . inv'7 x = invariant'4 x - axiom cmp_le_log'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord4] le_log'1 x y = (cmp_log'1 x y <> C_Greater'0) + predicate inv'8 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_B'0) - function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 230 4 230 36] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : bool + predicate postcondition_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 81 4 81 73] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (result : t_B'0) - = - [%#sord2] (let (a, _) = self in a) = (let (a, _) = o in a) - /\ lt_log'1 (let (_, a) = self in a) (let (_, a) = o in a) - \/ lt_log'2 (let (a, _) = self in a) (let (a, _) = o in a) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 211 4 211 41] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : t_Ordering'0 + predicate resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_F'0) + + predicate postcondition_mut'0 [#"../../../creusot-contracts/src/std/ops.rs" 91 4 91 92] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (result_state : t_F'0) (result : t_B'0) - = - [%#sord3] let r = cmp_log'1 (let (a, _) = self in a) (let (a, _) = o in a) in if r = C_Equal'0 then - cmp_log'2 (let (_, a) = self in a) (let (_, a) = o in a) - else - r + + function fn_mut_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 125 4 125 55] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (res : t_B'0) : () - constant x : (t_A'0, t_B'0) + axiom fn_mut_once'0_spec : forall self : t_F'0, args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0)), res : t_B'0 . [%#sops15] postcondition_once'0 self args res + = (exists res_state : t_F'0 . postcondition_mut'0 self args res_state res /\ resolve'0 res_state) - constant y : (t_A'0, t_B'0) + predicate unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 99 4 99 36] (self : t_F'0) (_2 : t_F'0) - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (x : (t_A'0, t_B'0)) (y : (t_A'0, t_B'0)) : () + function unnest_trans'0 [#"../../../creusot-contracts/src/std/ops.rs" 119 4 119 43] (self : t_F'0) (b : t_F'0) (c : t_F'0) : () - goal vc_cmp_lt_log'0 : [%#sord0] lt_log'0 x y = (cmp_log'0 x y = C_Less'0) -end -module M_creusot_contracts__logic__ord__qyi1910662420989811789__cmp_ge_log [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (* <(A, B) as logic::ord::OrdLogic> *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 88 39 88 86 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 86 8 86 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 237 20 237 68 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 212 8 219 11 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 15 14 15 64 - let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 25 14 25 61 - let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 35 14 35 61 - let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 45 14 45 64 - let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 49 14 49 45 - let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 53 15 53 32 - let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 54 15 54 32 - let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 55 14 55 31 - let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 59 15 59 45 - let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 60 14 60 47 - let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 64 15 64 48 - let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 65 14 65 44 - let%span sord16 = "../../../creusot-contracts/src/logic/ord.rs" 69 14 69 59 - - type t_A'0 + axiom unnest_trans'0_spec : forall self : t_F'0, b : t_F'0, c : t_F'0 . ([%#sops12] unnest'0 self b) + -> ([%#sops13] unnest'0 b c) -> ([%#sops14] unnest'0 self c) - type t_B'0 + function unnest_refl'0 [#"../../../creusot-contracts/src/std/ops.rs" 112 4 112 24] (self : t_F'0) : () - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops11] unnest'0 self self - function cmp_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 6 4 6 42] (self : t_B'0) (_2 : t_B'0) : t_Ordering'0 + function postcondition_mut_unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 107 4 107 85] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (res_state : t_F'0) (res : t_B'0) : () - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 70 4 70 32] (x : t_B'0) (y : t_B'0) : () - - axiom eq_cmp'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord16] (x = y) = (cmp_log'2 x y = C_Equal'0) + axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0)), res_state : t_F'0, res : t_B'0 . ([%#sops9] postcondition_mut'0 self args res_state res) + -> ([%#sops10] unnest'0 self res_state) - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 66 4 66 34] (x : t_B'0) (y : t_B'0) : () + use seq.Seq - axiom antisym2'0_spec : forall x : t_B'0, y : t_B'0 . ([%#sord14] cmp_log'2 x y = C_Greater'0) - -> ([%#sord15] cmp_log'2 y x = C_Less'0) + predicate preservation'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 144 4 144 49] (iter : t_I'0) (func : t_F'0) + + = + [%#smap_inv29] forall s : Seq.seq t_Item'0, e1 : t_Item'0, e2 : t_Item'0, f : borrowed t_F'0, b : t_B'0, i : t_I'0 . inv'2 s + /\ inv'6 e1 /\ inv'6 e2 /\ inv'7 f /\ inv'8 b /\ inv'3 i /\ unnest'0 func f.current + -> produces'1 iter (Seq.snoc (Seq.snoc s e1) e2) i + -> precondition'0 f.current (e1, Snapshot.new s) + -> postcondition_mut'0 f.current (e1, Snapshot.new s) f.final b + -> precondition'0 f.final (e2, Snapshot.new (Seq.snoc s e1)) - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 61 4 61 34] (x : t_B'0) (y : t_B'0) : () + predicate reinitialize'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 157 4 157 33] (_1 : ()) = + [%#smap_inv24] forall iter : borrowed t_I'0, func : t_F'0 . inv'5 iter /\ inv'4 func + -> completed'0 iter + -> next_precondition'0 iter.final func (Seq.empty : Seq.seq t_Item'0) /\ preservation'0 iter.final func - axiom antisym1'0_spec : forall x : t_B'0, y : t_B'0 . ([%#sord12] cmp_log'2 x y = C_Less'0) - -> ([%#sord13] cmp_log'2 y x = C_Greater'0) + use prelude.prelude.Snapshot - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 56 4 56 53] (x : t_B'0) (y : t_B'0) (z : t_B'0) (o : t_Ordering'0) : () + predicate preservation_inv'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 131 4 131 73] (iter : t_I'0) (func : t_F'0) (produced : Seq.seq t_Item'0) + = + [%#smap_inv26] forall s : Seq.seq t_Item'0, e1 : t_Item'0, e2 : t_Item'0, f : borrowed t_F'0, b : t_B'0, i : t_I'0 . inv'2 s + /\ inv'6 e1 /\ inv'6 e2 /\ inv'7 f /\ inv'8 b /\ inv'3 i /\ unnest'0 func f.current + -> produces'1 iter (Seq.snoc (Seq.snoc s e1) e2) i + -> precondition'0 f.current (e1, Snapshot.new (Seq.(++) produced s)) + -> postcondition_mut'0 f.current (e1, Snapshot.new (Seq.(++) produced s)) f.final b + -> precondition'0 f.final (e2, Snapshot.new (Seq.snoc (Seq.(++) produced s) e1)) - axiom trans'0_spec : forall x : t_B'0, y : t_B'0, z : t_B'0, o : t_Ordering'0 . ([%#sord9] cmp_log'2 x y = o) - -> ([%#sord10] cmp_log'2 y z = o) -> ([%#sord11] cmp_log'2 x z = o) - - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 50 4 50 21] (x : t_B'0) : () - - axiom refl'0_spec : forall x : t_B'0 . [%#sord8] cmp_log'2 x x = C_Equal'0 + axiom preservation_inv'0_spec : forall iter : t_I'0, func : t_F'0, produced : Seq.seq t_Item'0 . [%#smap_inv25] produced + = (Seq.empty : Seq.seq t_Item'0) -> preservation_inv'0 iter func produced = preservation'0 iter func - function gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 40 4 40 36] (self : t_B'0) (o : t_B'0) : bool + predicate invariant'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 78 4 78 30] (self : t_MapInv'0) = + [%#smap_inv8] reinitialize'0 () + /\ preservation_inv'0 self.t_MapInv__iter'0 self.t_MapInv__func'0 (Snapshot.inner self.t_MapInv__produced'0) + /\ next_precondition'0 self.t_MapInv__iter'0 self.t_MapInv__func'0 (Snapshot.inner self.t_MapInv__produced'0) - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (x : t_B'0) (y : t_B'0) : () + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_MapInv'0) - axiom cmp_gt_log'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord7] gt_log'1 x y = (cmp_log'2 x y = C_Greater'0) + axiom inv_axiom'0 [@rewrite] : forall x : t_MapInv'0 [inv'0 x] . inv'0 x + = (invariant'0 x + /\ match x with + | {t_MapInv__iter'0 = iter ; t_MapInv__func'0 = func ; t_MapInv__produced'0 = produced} -> inv'3 iter /\ inv'4 func + end) - function ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (self : t_B'0) (o : t_B'0) : bool + use seq.Seq - function cmp_ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 36 4 36 36] (x : t_B'0) (y : t_B'0) : () + use seq.Seq - axiom cmp_ge_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord6] ge_log'1 x y = (cmp_log'2 x y <> C_Less'0) + use seq.Seq - function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 20 4 20 36] (self : t_B'0) (o : t_B'0) : bool + use seq.Seq - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 26 4 26 36] (x : t_B'0) (y : t_B'0) : () + predicate invariant'5 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : borrowed t_F'0) = + [%#sboxed31] inv'7 self - axiom cmp_lt_log'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord5] lt_log'0 x y = (cmp_log'2 x y = C_Less'0) + predicate inv'9 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : borrowed t_F'0) - function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 10 4 10 36] (self : t_B'0) (o : t_B'0) : bool + axiom inv_axiom'5 [@rewrite] : forall x : borrowed t_F'0 [inv'9 x] . inv'9 x = invariant'5 x - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 16 4 16 36] (x : t_B'0) (y : t_B'0) : () + predicate invariant'1 [#"../../../creusot-contracts/src/logic/seq.rs" 608 4 608 30] (self : Seq.seq (borrowed t_F'0)) + = + [%#sseq28] forall i : int . 0 <= i /\ i < Seq.length self -> inv'9 (Seq.get self i) - axiom cmp_le_log'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord4] le_log'0 x y = (cmp_log'2 x y <> C_Greater'0) + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq (borrowed t_F'0)) - function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 6 4 6 42] (self : t_A'0) (_2 : t_A'0) : t_Ordering'0 - + axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq (borrowed t_F'0) [inv'1 x] . inv'1 x = invariant'1 x - function eq_cmp'1 [#"../../../creusot-contracts/src/logic/ord.rs" 70 4 70 32] (x : t_A'0) (y : t_A'0) : () + use seq.Seq - axiom eq_cmp'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord16] (x = y) = (cmp_log'1 x y = C_Equal'0) + use prelude.prelude.Snapshot - function antisym2'1 [#"../../../creusot-contracts/src/logic/ord.rs" 66 4 66 34] (x : t_A'0) (y : t_A'0) : () + use seq.Seq - axiom antisym2'1_spec : forall x : t_A'0, y : t_A'0 . ([%#sord14] cmp_log'1 x y = C_Greater'0) - -> ([%#sord15] cmp_log'1 y x = C_Less'0) + use seq.Seq - function antisym1'1 [#"../../../creusot-contracts/src/logic/ord.rs" 61 4 61 34] (x : t_A'0) (y : t_A'0) : () + use seq.Seq - axiom antisym1'1_spec : forall x : t_A'0, y : t_A'0 . ([%#sord12] cmp_log'1 x y = C_Less'0) - -> ([%#sord13] cmp_log'1 y x = C_Greater'0) + use seq.Seq - function trans'1 [#"../../../creusot-contracts/src/logic/ord.rs" 56 4 56 53] (x : t_A'0) (y : t_A'0) (z : t_A'0) (o : t_Ordering'0) : () + predicate produces'0 [@inline:trivial] [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 40 4 40 67] (self : t_MapInv'0) (visited : Seq.seq t_B'0) (succ : t_MapInv'0) + = + [%#smap_inv7] unnest'0 self.t_MapInv__func'0 succ.t_MapInv__func'0 + /\ (exists fs : Seq.seq (borrowed t_F'0) . inv'1 fs + /\ Seq.length fs = Seq.length visited + /\ (exists s : Seq.seq t_Item'0 . inv'2 s + /\ Seq.length s = Seq.length visited + /\ produces'1 self.t_MapInv__iter'0 s succ.t_MapInv__iter'0 + /\ Snapshot.inner succ.t_MapInv__produced'0 = Seq.(++) (Snapshot.inner self.t_MapInv__produced'0) s + /\ (forall i : int . 1 <= i /\ i < Seq.length fs -> (Seq.get fs (i - 1)).final = (Seq.get fs i).current) + /\ (if Seq.length visited = 0 then + self.t_MapInv__func'0 = succ.t_MapInv__func'0 + else + (Seq.get fs 0).current = self.t_MapInv__func'0 + /\ (Seq.get fs (Seq.length visited - 1)).final = succ.t_MapInv__func'0 + ) + /\ (forall i : int . 0 <= i /\ i < Seq.length visited + -> unnest'0 self.t_MapInv__func'0 (Seq.get fs i).current + /\ precondition'0 (Seq.get fs i).current (Seq.get s i, Snapshot.new (Seq.(++) (Snapshot.inner self.t_MapInv__produced'0) (Seq.([..]) s 0 i))) + /\ postcondition_mut'0 (Seq.get fs i).current (Seq.get s i, Snapshot.new (Seq.(++) (Snapshot.inner self.t_MapInv__produced'0) (Seq.([..]) s 0 i))) (Seq.get fs i).final (Seq.get visited i)))) - axiom trans'1_spec : forall x : t_A'0, y : t_A'0, z : t_A'0, o : t_Ordering'0 . ([%#sord9] cmp_log'1 x y = o) - -> ([%#sord10] cmp_log'1 y z = o) -> ([%#sord11] cmp_log'1 x z = o) + use seq.Seq - function refl'1 [#"../../../creusot-contracts/src/logic/ord.rs" 50 4 50 21] (x : t_A'0) : () + constant a : t_MapInv'0 - axiom refl'1_spec : forall x : t_A'0 . [%#sord8] cmp_log'1 x x = C_Equal'0 + constant ab : Seq.seq t_B'0 - function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 40 4 40 36] (self : t_A'0) (o : t_A'0) : bool + constant b : t_MapInv'0 - function cmp_gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (x : t_A'0) (y : t_A'0) : () + constant bc : Seq.seq t_B'0 - axiom cmp_gt_log'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord7] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) + constant c : t_MapInv'0 - function ge_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (self : t_A'0) (o : t_A'0) : bool + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 35 4 35 90] (a : t_MapInv'0) (ab : Seq.seq t_B'0) (b : t_MapInv'0) (bc : Seq.seq t_B'0) (c : t_MapInv'0) : () + - function cmp_ge_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 36 4 36 36] (x : t_A'0) (y : t_A'0) : () + goal vc_produces_trans'0 : ([%#smap_inv4] produces'0 b bc c) + -> ([%#smap_inv3] produces'0 a ab b) + -> ([%#smap_inv2] inv'0 c) + -> ([%#smap_inv1] inv'0 b) -> ([%#smap_inv0] inv'0 a) -> ([%#smap_inv5] produces'0 a (Seq.(++) ab bc) c) +end +module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi5691635635396426195__resolve_coherence [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 69 4 69 31] (* as resolve::Resolve> *) + let%span smap_inv0 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 67 15 67 39 + let%span smap_inv1 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 68 14 68 31 + let%span smap_inv2 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 65 4 65 23 + let%span smap_inv3 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 62 8 62 50 - axiom cmp_ge_log'2_spec : forall x : t_A'0, y : t_A'0 . [%#sord6] ge_log'2 x y = (cmp_log'1 x y <> C_Less'0) + use prelude.prelude.Borrow - function lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 20 4 20 36] (self : t_A'0) (o : t_A'0) : bool + type t_I'0 - function cmp_lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 26 4 26 36] (x : t_A'0) (y : t_A'0) : () + type t_F'0 - axiom cmp_lt_log'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord5] lt_log'1 x y = (cmp_log'1 x y = C_Less'0) + type t_B'0 - function le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 10 4 10 36] (self : t_A'0) (o : t_A'0) : bool + use seq.Seq - function cmp_le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 16 4 16 36] (x : t_A'0) (y : t_A'0) : () + use prelude.prelude.Snapshot - axiom cmp_le_log'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord4] le_log'1 x y = (cmp_log'1 x y <> C_Greater'0) + type t_MapInv'0 = + { t_MapInv__iter'0: t_I'0; t_MapInv__func'0: t_F'0; t_MapInv__produced'0: Snapshot.snap_ty (Seq.seq t_B'0) } - function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 236 4 236 36] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : bool - + predicate resolve'1 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : Snapshot.snap_ty (Seq.seq t_B'0)) = - [%#sord2] (let (a, _) = self in a) = (let (a, _) = o in a) - /\ ge_log'1 (let (_, a) = self in a) (let (_, a) = o in a) - \/ gt_log'0 (let (a, _) = self in a) (let (a, _) = o in a) + true - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 211 4 211 41] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : t_Ordering'0 - - = - [%#sord3] let r = cmp_log'1 (let (a, _) = self in a) (let (a, _) = o in a) in if r = C_Equal'0 then - cmp_log'2 (let (_, a) = self in a) (let (_, a) = o in a) - else - r - + predicate resolve'2 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_F'0) - constant x : (t_A'0, t_B'0) + predicate resolve'3 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_I'0) - constant y : (t_A'0, t_B'0) + predicate structural_resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 27 0 27 51] (_1 : t_MapInv'0) = + match _1 with + | {t_MapInv__iter'0 = x0 ; t_MapInv__func'0 = x1 ; t_MapInv__produced'0 = x2} -> resolve'1 x2 + /\ resolve'2 x1 /\ resolve'3 x0 + end + + predicate resolve'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 61 4 61 28] (self : t_MapInv'0) = + [%#smap_inv3] resolve'3 self.t_MapInv__iter'0 /\ resolve'2 self.t_MapInv__func'0 + + constant self : t_MapInv'0 - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (x : (t_A'0, t_B'0)) (y : (t_A'0, t_B'0)) : () + function resolve_coherence'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 69 4 69 31] (self : t_MapInv'0) : () - goal vc_cmp_ge_log'0 : [%#sord0] ge_log'0 x y = (cmp_log'0 x y <> C_Less'0) + goal vc_resolve_coherence'0 : ([%#smap_inv0] structural_resolve'0 self) -> ([%#smap_inv1] resolve'0 self) end -module M_creusot_contracts__logic__ord__qyi1910662420989811789__cmp_gt_log [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (* <(A, B) as logic::ord::OrdLogic> *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 93 39 93 89 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 91 8 91 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 243 20 243 67 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 212 8 219 11 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 15 14 15 64 - let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 25 14 25 61 - let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 35 14 35 61 - let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 45 14 45 64 - let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 49 14 49 45 - let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 53 15 53 32 - let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 54 15 54 32 - let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 55 14 55 31 - let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 59 15 59 45 - let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 60 14 60 47 - let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 64 15 64 48 - let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 65 14 65 44 - let%span sord16 = "../../../creusot-contracts/src/logic/ord.rs" 69 14 69 59 - - type t_A'0 +module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi4413682431414748756__next [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 96 4 96 44] (* ::Item, F> as std::iter::Iterator> *) + let%span smap_inv0 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 97 39 97 58 + let%span smap_inv1 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 100 16 100 76 + let%span smap_inv2 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 101 31 101 71 + let%span smap_inv3 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 105 38 105 88 + let%span smap_inv4 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 106 32 106 63 + let%span smap_inv5 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 111 32 111 56 + let%span smap_inv6 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 96 17 96 21 + let%span smap_inv7 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 96 26 96 44 + let%span smap_inv8 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 92 14 95 5 + let%span siter9 = "../../../creusot-contracts/src/std/iter.rs" 107 26 110 17 + let%span sops10 = "../../../creusot-contracts/src/std/ops.rs" 158 27 158 52 + let%span sops11 = "../../../creusot-contracts/src/std/ops.rs" 159 26 159 71 + let%span smap_inv12 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 170 15 170 24 + let%span smap_inv13 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 171 15 171 21 + let%span smap_inv14 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 172 15 172 21 + let%span smap_inv15 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 173 15 173 21 + let%span smap_inv16 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 174 15 174 24 + let%span smap_inv17 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 175 4 175 60 + let%span smap_inv18 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 176 15 176 30 + let%span smap_inv19 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 177 15 177 64 + let%span smap_inv20 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 178 14 178 74 + let%span smap_inv21 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 179 14 179 75 + let%span smap_inv22 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 191 14 191 68 + let%span smap_inv23 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 194 12 199 74 + let%span smap_inv24 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 15 8 18 9 + let%span smap_inv25 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 130 14 130 81 + let%span smap_inv26 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 133 12 138 88 + let%span smap_inv27 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 123 12 125 63 + let%span smap_inv28 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 41 8 54 9 + let%span sresolve29 = "../../../creusot-contracts/src/resolve.rs" 54 20 54 34 + let%span smap_inv30 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 23 15 23 24 + let%span smap_inv31 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 24 14 24 45 + let%span smap_inv32 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 21 4 21 10 + let%span smap_inv33 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 29 15 29 21 + let%span smap_inv34 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 30 15 30 21 + let%span smap_inv35 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 31 15 31 21 + let%span smap_inv36 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 32 15 32 32 + let%span smap_inv37 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 33 15 33 32 + let%span smap_inv38 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 34 14 34 42 + let%span smap_inv39 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 27 4 27 10 + let%span siter40 = "../../../creusot-contracts/src/std/iter.rs" 38 15 38 24 + let%span siter41 = "../../../creusot-contracts/src/std/iter.rs" 39 14 39 45 + let%span siter42 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 21 + let%span siter43 = "../../../creusot-contracts/src/std/iter.rs" 44 15 44 21 + let%span siter44 = "../../../creusot-contracts/src/std/iter.rs" 45 15 45 21 + let%span siter45 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 + let%span siter46 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 + let%span siter47 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 + let%span sops48 = "../../../creusot-contracts/src/std/ops.rs" 105 15 105 59 + let%span sops49 = "../../../creusot-contracts/src/std/ops.rs" 106 14 106 36 + let%span sops50 = "../../../creusot-contracts/src/std/ops.rs" 111 14 111 31 + let%span sops51 = "../../../creusot-contracts/src/std/ops.rs" 116 15 116 29 + let%span sops52 = "../../../creusot-contracts/src/std/ops.rs" 117 15 117 26 + let%span sops53 = "../../../creusot-contracts/src/std/ops.rs" 118 14 118 28 + let%span sops54 = "../../../creusot-contracts/src/std/ops.rs" 123 14 124 105 + let%span smap_inv55 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 146 12 151 71 + let%span sinvariant56 = "../../../creusot-contracts/src/invariant.rs" 34 20 34 44 + let%span smap_inv57 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 80 12 82 73 + let%span smap_inv58 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 159 12 163 47 + let%span sseq59 = "../../../creusot-contracts/src/logic/seq.rs" 609 20 609 95 + let%span sboxed60 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 - type t_B'0 + use prelude.prelude.Borrow - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use prelude.prelude.Snapshot - function cmp_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 6 4 6 42] (self : t_B'0) (_2 : t_B'0) : t_Ordering'0 - + type t_I'0 - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 70 4 70 32] (x : t_B'0) (y : t_B'0) : () + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) - axiom eq_cmp'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord16] (x = y) = (cmp_log'2 x y = C_Equal'0) + type t_F'0 - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 66 4 66 34] (x : t_B'0) (y : t_B'0) : () + type t_Item'0 - axiom antisym2'0_spec : forall x : t_B'0, y : t_B'0 . ([%#sord14] cmp_log'2 x y = C_Greater'0) - -> ([%#sord15] cmp_log'2 y x = C_Less'0) + use seq.Seq - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 61 4 61 34] (x : t_B'0) (y : t_B'0) : () + use prelude.prelude.Snapshot - axiom antisym1'0_spec : forall x : t_B'0, y : t_B'0 . ([%#sord12] cmp_log'2 x y = C_Less'0) - -> ([%#sord13] cmp_log'2 y x = C_Greater'0) + type t_MapInv'0 = + { t_MapInv__iter'0: t_I'0; t_MapInv__func'0: t_F'0; t_MapInv__produced'0: Snapshot.snap_ty (Seq.seq t_Item'0) } - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 56 4 56 53] (x : t_B'0) (y : t_B'0) (z : t_B'0) (o : t_Ordering'0) : () - + predicate invariant'1 [#"../../../creusot-contracts/src/invariant.rs" 33 4 33 30] (self : borrowed t_I'0) = + [%#sinvariant56] inv'0 self.current /\ inv'0 self.final - axiom trans'0_spec : forall x : t_B'0, y : t_B'0, z : t_B'0, o : t_Ordering'0 . ([%#sord9] cmp_log'2 x y = o) - -> ([%#sord10] cmp_log'2 y z = o) -> ([%#sord11] cmp_log'2 x z = o) + predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : borrowed t_I'0) - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 50 4 50 21] (x : t_B'0) : () + axiom inv_axiom'2 [@rewrite] : forall x : borrowed t_I'0 [inv'4 x] . inv'4 x = invariant'1 x - axiom refl'0_spec : forall x : t_B'0 . [%#sord8] cmp_log'2 x x = C_Equal'0 + type t_Option'0 = + | C_None'0 + | C_Some'0 t_Item'0 - function gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 40 4 40 36] (self : t_B'0) (o : t_B'0) : bool + predicate inv'10 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) - function cmp_gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (x : t_B'0) (y : t_B'0) : () + predicate inv'5 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Option'0) - axiom cmp_gt_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord7] gt_log'1 x y = (cmp_log'2 x y = C_Greater'0) - - function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (self : t_B'0) (o : t_B'0) : bool - - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 36 4 36 36] (x : t_B'0) (y : t_B'0) : () - - axiom cmp_ge_log'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord6] ge_log'0 x y = (cmp_log'2 x y <> C_Less'0) - - function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 20 4 20 36] (self : t_B'0) (o : t_B'0) : bool - - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 26 4 26 36] (x : t_B'0) (y : t_B'0) : () - - axiom cmp_lt_log'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord5] lt_log'0 x y = (cmp_log'2 x y = C_Less'0) - - function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 10 4 10 36] (self : t_B'0) (o : t_B'0) : bool + axiom inv_axiom'3 [@rewrite] : forall x : t_Option'0 [inv'5 x] . inv'5 x + = match x with + | C_None'0 -> true + | C_Some'0 a_0 -> inv'10 a_0 + end - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 16 4 16 36] (x : t_B'0) (y : t_B'0) : () + use seq.Seq - axiom cmp_le_log'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord4] le_log'0 x y = (cmp_log'2 x y <> C_Greater'0) + use seq.Seq - function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 6 4 6 42] (self : t_A'0) (_2 : t_A'0) : t_Ordering'0 + predicate produces'0 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function eq_cmp'1 [#"../../../creusot-contracts/src/logic/ord.rs" 70 4 70 32] (x : t_A'0) (y : t_A'0) : () + function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + - axiom eq_cmp'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord16] (x = y) = (cmp_log'1 x y = C_Equal'0) + axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter42] inv'0 a) + -> ([%#siter43] inv'0 b) + -> ([%#siter44] inv'0 c) + -> ([%#siter45] produces'0 a ab b) + -> ([%#siter46] produces'0 b bc c) -> ([%#siter47] produces'0 a (Seq.(++) ab bc) c) - function antisym2'1 [#"../../../creusot-contracts/src/logic/ord.rs" 66 4 66 34] (x : t_A'0) (y : t_A'0) : () + function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 40 4 40 27] (self : t_I'0) : () - axiom antisym2'1_spec : forall x : t_A'0, y : t_A'0 . ([%#sord14] cmp_log'1 x y = C_Greater'0) - -> ([%#sord15] cmp_log'1 y x = C_Less'0) + axiom produces_refl'1_spec : forall self : t_I'0 . ([%#siter40] inv'0 self) + -> ([%#siter41] produces'0 self (Seq.empty : Seq.seq t_Item'0) self) - function antisym1'1 [#"../../../creusot-contracts/src/logic/ord.rs" 61 4 61 34] (x : t_A'0) (y : t_A'0) : () + predicate completed'1 [#"../../../creusot-contracts/src/std/iter.rs" 35 4 35 36] (self : borrowed t_I'0) - axiom antisym1'1_spec : forall x : t_A'0, y : t_A'0 . ([%#sord12] cmp_log'1 x y = C_Less'0) - -> ([%#sord13] cmp_log'1 y x = C_Greater'0) + use seq.Seq - function trans'1 [#"../../../creusot-contracts/src/logic/ord.rs" 56 4 56 53] (x : t_A'0) (y : t_A'0) (z : t_A'0) (o : t_Ordering'0) : () + let rec next'1 (self:borrowed t_I'0) (return' (ret:t_Option'0))= {[@expl:next 'self' type invariant] inv'4 self} + any + [ return' (result:t_Option'0)-> {inv'5 result} + {[%#siter9] match result with + | C_None'0 -> completed'1 self + | C_Some'0 v -> produces'0 self.current (Seq.singleton v) self.final + end} + (! return' {result}) ] - axiom trans'1_spec : forall x : t_A'0, y : t_A'0, z : t_A'0, o : t_Ordering'0 . ([%#sord9] cmp_log'1 x y = o) - -> ([%#sord10] cmp_log'1 y z = o) -> ([%#sord11] cmp_log'1 x z = o) + let rec v_Some'0 (input:t_Option'0) (ret (field_0:t_Item'0))= any + [ good (field_0:t_Item'0)-> {C_Some'0 field_0 = input} (! ret {field_0}) + | bad -> {forall field_0 : t_Item'0 [C_Some'0 field_0 : t_Option'0] . C_Some'0 field_0 <> input} (! {false} any) ] + - function refl'1 [#"../../../creusot-contracts/src/logic/ord.rs" 50 4 50 21] (x : t_A'0) : () + predicate precondition'0 [#"../../../creusot-contracts/src/std/ops.rs" 73 4 73 45] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) + - axiom refl'1_spec : forall x : t_A'0 . [%#sord8] cmp_log'1 x x = C_Equal'0 + use prelude.prelude.Snapshot - function gt_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 40 4 40 36] (self : t_A'0) (o : t_A'0) : bool + use seq.Seq - function cmp_gt_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (x : t_A'0) (y : t_A'0) : () + use prelude.prelude.Snapshot - axiom cmp_gt_log'2_spec : forall x : t_A'0, y : t_A'0 . [%#sord7] gt_log'2 x y = (cmp_log'1 x y = C_Greater'0) + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_F'0) - function ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (self : t_A'0) (o : t_A'0) : bool + predicate invariant'2 [#"../../../creusot-contracts/src/invariant.rs" 33 4 33 30] (self : borrowed t_F'0) = + [%#sinvariant56] inv'1 self.current /\ inv'1 self.final - function cmp_ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 36 4 36 36] (x : t_A'0) (y : t_A'0) : () + predicate inv'6 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : borrowed t_F'0) - axiom cmp_ge_log'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord6] ge_log'1 x y = (cmp_log'1 x y <> C_Less'0) + axiom inv_axiom'4 [@rewrite] : forall x : borrowed t_F'0 [inv'6 x] . inv'6 x = invariant'2 x - function lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 20 4 20 36] (self : t_A'0) (o : t_A'0) : bool + predicate inv'7 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) + - function cmp_lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 26 4 26 36] (x : t_A'0) (y : t_A'0) : () + axiom inv_axiom'5 [@rewrite] : forall x : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0)) [inv'7 x] . inv'7 x + = (let (x0, x1) = x in inv'10 x0) - axiom cmp_lt_log'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord5] lt_log'1 x y = (cmp_log'1 x y = C_Less'0) + type t_B'0 - function le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 10 4 10 36] (self : t_A'0) (o : t_A'0) : bool + predicate inv'8 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_B'0) - function cmp_le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 16 4 16 36] (x : t_A'0) (y : t_A'0) : () + predicate postcondition_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 81 4 81 73] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (result : t_B'0) + - axiom cmp_le_log'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord4] le_log'1 x y = (cmp_log'1 x y <> C_Greater'0) + predicate resolve'2 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_F'0) - function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 242 4 242 36] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : bool + predicate postcondition_mut'0 [#"../../../creusot-contracts/src/std/ops.rs" 91 4 91 92] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (result_state : t_F'0) (result : t_B'0) - = - [%#sord2] (let (a, _) = self in a) = (let (a, _) = o in a) - /\ gt_log'1 (let (_, a) = self in a) (let (_, a) = o in a) - \/ gt_log'2 (let (a, _) = self in a) (let (a, _) = o in a) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 211 4 211 41] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : t_Ordering'0 - - = - [%#sord3] let r = cmp_log'1 (let (a, _) = self in a) (let (a, _) = o in a) in if r = C_Equal'0 then - cmp_log'2 (let (_, a) = self in a) (let (_, a) = o in a) - else - r + function fn_mut_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 125 4 125 55] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (res : t_B'0) : () - constant x : (t_A'0, t_B'0) + axiom fn_mut_once'0_spec : forall self : t_F'0, args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0)), res : t_B'0 . [%#sops54] postcondition_once'0 self args res + = (exists res_state : t_F'0 . postcondition_mut'0 self args res_state res /\ resolve'2 res_state) - constant y : (t_A'0, t_B'0) + predicate unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 99 4 99 36] (self : t_F'0) (_2 : t_F'0) - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (x : (t_A'0, t_B'0)) (y : (t_A'0, t_B'0)) : () + function unnest_trans'0 [#"../../../creusot-contracts/src/std/ops.rs" 119 4 119 43] (self : t_F'0) (b : t_F'0) (c : t_F'0) : () - goal vc_cmp_gt_log'0 : [%#sord0] gt_log'0 x y = (cmp_log'0 x y = C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi1910662420989811789__refl [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (* <(A, B) as logic::ord::OrdLogic> *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 98 39 98 70 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 96 8 96 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 212 8 219 11 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 15 14 15 64 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 25 14 25 61 - let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 35 14 35 61 - let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 45 14 45 64 - let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 49 14 49 45 - let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 53 15 53 32 - let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 54 15 54 32 - let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 55 14 55 31 - let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 59 15 59 45 - let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 60 14 60 47 - let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 64 15 64 48 - let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 65 14 65 44 - let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 69 14 69 59 - - type t_A'0 + axiom unnest_trans'0_spec : forall self : t_F'0, b : t_F'0, c : t_F'0 . ([%#sops51] unnest'0 self b) + -> ([%#sops52] unnest'0 b c) -> ([%#sops53] unnest'0 self c) - type t_B'0 + function unnest_refl'0 [#"../../../creusot-contracts/src/std/ops.rs" 112 4 112 24] (self : t_F'0) : () - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops50] unnest'0 self self - function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 6 4 6 42] (self : t_A'0) (_2 : t_A'0) : t_Ordering'0 + function postcondition_mut_unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 107 4 107 85] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (res_state : t_F'0) (res : t_B'0) : () - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 70 4 70 32] (x : t_A'0) (y : t_A'0) : () - - axiom eq_cmp'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord15] (x = y) = (cmp_log'1 x y = C_Equal'0) - - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 66 4 66 34] (x : t_A'0) (y : t_A'0) : () - - axiom antisym2'0_spec : forall x : t_A'0, y : t_A'0 . ([%#sord13] cmp_log'1 x y = C_Greater'0) - -> ([%#sord14] cmp_log'1 y x = C_Less'0) - - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 61 4 61 34] (x : t_A'0) (y : t_A'0) : () + axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0)), res_state : t_F'0, res : t_B'0 . ([%#sops48] postcondition_mut'0 self args res_state res) + -> ([%#sops49] unnest'0 self res_state) - axiom antisym1'0_spec : forall x : t_A'0, y : t_A'0 . ([%#sord11] cmp_log'1 x y = C_Less'0) - -> ([%#sord12] cmp_log'1 y x = C_Greater'0) + let rec call_mut'0 (self:borrowed t_F'0) (args:(t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (return' (ret:t_B'0))= {[@expl:call_mut 'self' type invariant] inv'6 self} + {[@expl:call_mut 'args' type invariant] inv'7 args} + {[@expl:call_mut requires] [%#sops10] precondition'0 self.current args} + any + [ return' (result:t_B'0)-> {inv'8 result} + {[%#sops11] postcondition_mut'0 self.current args self.final result} + (! return' {result}) ] + - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 56 4 56 53] (x : t_A'0) (y : t_A'0) (z : t_A'0) (o : t_Ordering'0) : () + predicate next_precondition'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 121 4 121 78] (iter : t_I'0) (func : t_F'0) (produced : Seq.seq t_Item'0) + = + [%#smap_inv27] forall e : t_Item'0, i : t_I'0 . inv'10 e /\ inv'0 i /\ produces'0 iter (Seq.singleton e) i + -> precondition'0 func (e, Snapshot.new produced) - axiom trans'0_spec : forall x : t_A'0, y : t_A'0, z : t_A'0, o : t_Ordering'0 . ([%#sord8] cmp_log'1 x y = o) - -> ([%#sord9] cmp_log'1 y z = o) -> ([%#sord10] cmp_log'1 x z = o) + use prelude.prelude.Int - function refl'1 [#"../../../creusot-contracts/src/logic/ord.rs" 50 4 50 21] (x : t_A'0) : () + use seq.Seq - axiom refl'1_spec : forall x : t_A'0 . [%#sord7] cmp_log'1 x x = C_Equal'0 + use seq.Seq - function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 40 4 40 36] (self : t_A'0) (o : t_A'0) : bool + predicate invariant'6 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : t_Item'0) = + [%#sboxed60] inv'10 self - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (x : t_A'0) (y : t_A'0) : () + predicate inv'13 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) - axiom cmp_gt_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord6] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) + axiom inv_axiom'9 [@rewrite] : forall x : t_Item'0 [inv'13 x] . inv'13 x = invariant'6 x - function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (self : t_A'0) (o : t_A'0) : bool + predicate invariant'4 [#"../../../creusot-contracts/src/logic/seq.rs" 608 4 608 30] (self : Seq.seq t_Item'0) = + [%#sseq59] forall i : int . 0 <= i /\ i < Seq.length self -> inv'13 (Seq.get self i) - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 36 4 36 36] (x : t_A'0) (y : t_A'0) : () + predicate inv'11 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t_Item'0) - axiom cmp_ge_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord5] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) + axiom inv_axiom'7 [@rewrite] : forall x : Seq.seq t_Item'0 [inv'11 x] . inv'11 x = invariant'4 x - function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 20 4 20 36] (self : t_A'0) (o : t_A'0) : bool + predicate preservation'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 144 4 144 49] (iter : t_I'0) (func : t_F'0) + + = + [%#smap_inv55] forall s : Seq.seq t_Item'0, e1 : t_Item'0, e2 : t_Item'0, f : borrowed t_F'0, b : t_B'0, i : t_I'0 . inv'11 s + /\ inv'10 e1 /\ inv'10 e2 /\ inv'6 f /\ inv'8 b /\ inv'0 i /\ unnest'0 func f.current + -> produces'0 iter (Seq.snoc (Seq.snoc s e1) e2) i + -> precondition'0 f.current (e1, Snapshot.new s) + -> postcondition_mut'0 f.current (e1, Snapshot.new s) f.final b + -> precondition'0 f.final (e2, Snapshot.new (Seq.snoc s e1)) - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 26 4 26 36] (x : t_A'0) (y : t_A'0) : () + predicate reinitialize'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 157 4 157 33] (_1 : ()) = + [%#smap_inv58] forall iter : borrowed t_I'0, func : t_F'0 . inv'4 iter /\ inv'1 func + -> completed'1 iter + -> next_precondition'0 iter.final func (Seq.empty : Seq.seq t_Item'0) /\ preservation'0 iter.final func - axiom cmp_lt_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord4] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) + predicate preservation_inv'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 131 4 131 73] (iter : t_I'0) (func : t_F'0) (produced : Seq.seq t_Item'0) + + = + [%#smap_inv26] forall s : Seq.seq t_Item'0, e1 : t_Item'0, e2 : t_Item'0, f : borrowed t_F'0, b : t_B'0, i : t_I'0 . inv'11 s + /\ inv'10 e1 /\ inv'10 e2 /\ inv'6 f /\ inv'8 b /\ inv'0 i /\ unnest'0 func f.current + -> produces'0 iter (Seq.snoc (Seq.snoc s e1) e2) i + -> precondition'0 f.current (e1, Snapshot.new (Seq.(++) produced s)) + -> postcondition_mut'0 f.current (e1, Snapshot.new (Seq.(++) produced s)) f.final b + -> precondition'0 f.final (e2, Snapshot.new (Seq.snoc (Seq.(++) produced s) e1)) + + axiom preservation_inv'0_spec : forall iter : t_I'0, func : t_F'0, produced : Seq.seq t_Item'0 . [%#smap_inv25] produced + = (Seq.empty : Seq.seq t_Item'0) -> preservation_inv'0 iter func produced = preservation'0 iter func - function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 10 4 10 36] (self : t_A'0) (o : t_A'0) : bool + predicate invariant'3 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 78 4 78 30] (self : t_MapInv'0) = + [%#smap_inv57] reinitialize'0 () + /\ preservation_inv'0 self.t_MapInv__iter'0 self.t_MapInv__func'0 (Snapshot.inner self.t_MapInv__produced'0) + /\ next_precondition'0 self.t_MapInv__iter'0 self.t_MapInv__func'0 (Snapshot.inner self.t_MapInv__produced'0) - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 16 4 16 36] (x : t_A'0) (y : t_A'0) : () + predicate inv'9 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_MapInv'0) - axiom cmp_le_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord3] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) + axiom inv_axiom'6 [@rewrite] : forall x : t_MapInv'0 [inv'9 x] . inv'9 x + = (invariant'3 x + /\ match x with + | {t_MapInv__iter'0 = iter ; t_MapInv__func'0 = func ; t_MapInv__produced'0 = produced} -> inv'0 iter /\ inv'1 func + end) - function cmp_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 6 4 6 42] (self : t_B'0) (_2 : t_B'0) : t_Ordering'0 + function produces_one_invariant'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 180 4 180 73] (self : t_MapInv'0) (e : t_Item'0) (r : t_B'0) (f : borrowed t_F'0) (iter : t_I'0) : () - function eq_cmp'1 [#"../../../creusot-contracts/src/logic/ord.rs" 70 4 70 32] (x : t_B'0) (y : t_B'0) : () + axiom produces_one_invariant'0_spec : forall self : t_MapInv'0, e : t_Item'0, r : t_B'0, f : borrowed t_F'0, iter : t_I'0 . ([%#smap_inv12] inv'9 self) + -> ([%#smap_inv13] inv'10 e) + -> ([%#smap_inv14] inv'8 r) + -> ([%#smap_inv15] inv'6 f) + -> ([%#smap_inv16] inv'0 iter) + -> ([%#smap_inv17] produces'0 self.t_MapInv__iter'0 (Seq.singleton e) iter) + -> ([%#smap_inv18] f.current = self.t_MapInv__func'0) + -> ([%#smap_inv19] postcondition_mut'0 f.current (e, self.t_MapInv__produced'0) f.final r) + -> ([%#smap_inv20] preservation_inv'0 iter f.final (Seq.snoc (Snapshot.inner self.t_MapInv__produced'0) e)) + && ([%#smap_inv21] next_precondition'0 iter f.final (Seq.snoc (Snapshot.inner self.t_MapInv__produced'0) e)) - axiom eq_cmp'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord15] (x = y) = (cmp_log'2 x y = C_Equal'0) + use prelude.prelude.Snapshot - function antisym2'1 [#"../../../creusot-contracts/src/logic/ord.rs" 66 4 66 34] (x : t_B'0) (y : t_B'0) : () + use prelude.prelude.Snapshot - axiom antisym2'1_spec : forall x : t_B'0, y : t_B'0 . ([%#sord13] cmp_log'2 x y = C_Greater'0) - -> ([%#sord14] cmp_log'2 y x = C_Less'0) + use seq.Seq - function antisym1'1 [#"../../../creusot-contracts/src/logic/ord.rs" 61 4 61 34] (x : t_B'0) (y : t_B'0) : () + use seq.Seq - axiom antisym1'1_spec : forall x : t_B'0, y : t_B'0 . ([%#sord11] cmp_log'2 x y = C_Less'0) - -> ([%#sord12] cmp_log'2 y x = C_Greater'0) + use seq.Seq - function trans'1 [#"../../../creusot-contracts/src/logic/ord.rs" 56 4 56 53] (x : t_B'0) (y : t_B'0) (z : t_B'0) (o : t_Ordering'0) : () - + use seq.Seq - axiom trans'1_spec : forall x : t_B'0, y : t_B'0, z : t_B'0, o : t_Ordering'0 . ([%#sord8] cmp_log'2 x y = o) - -> ([%#sord9] cmp_log'2 y z = o) -> ([%#sord10] cmp_log'2 x z = o) + use seq.Seq - function refl'2 [#"../../../creusot-contracts/src/logic/ord.rs" 50 4 50 21] (x : t_B'0) : () + use seq.Seq - axiom refl'2_spec : forall x : t_B'0 . [%#sord7] cmp_log'2 x x = C_Equal'0 + use seq.Seq - function gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 40 4 40 36] (self : t_B'0) (o : t_B'0) : bool + predicate invariant'7 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : borrowed t_F'0) = + [%#sboxed60] inv'6 self - function cmp_gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (x : t_B'0) (y : t_B'0) : () + predicate inv'14 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : borrowed t_F'0) - axiom cmp_gt_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord6] gt_log'1 x y = (cmp_log'2 x y = C_Greater'0) + axiom inv_axiom'10 [@rewrite] : forall x : borrowed t_F'0 [inv'14 x] . inv'14 x = invariant'7 x - function ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (self : t_B'0) (o : t_B'0) : bool + predicate invariant'5 [#"../../../creusot-contracts/src/logic/seq.rs" 608 4 608 30] (self : Seq.seq (borrowed t_F'0)) + = + [%#sseq59] forall i : int . 0 <= i /\ i < Seq.length self -> inv'14 (Seq.get self i) - function cmp_ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 36 4 36 36] (x : t_B'0) (y : t_B'0) : () + predicate inv'12 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq (borrowed t_F'0)) - axiom cmp_ge_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord5] ge_log'1 x y = (cmp_log'2 x y <> C_Less'0) + axiom inv_axiom'8 [@rewrite] : forall x : Seq.seq (borrowed t_F'0) [inv'12 x] . inv'12 x = invariant'5 x - function lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 20 4 20 36] (self : t_B'0) (o : t_B'0) : bool + use seq.Seq - function cmp_lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 26 4 26 36] (x : t_B'0) (y : t_B'0) : () + use prelude.prelude.Snapshot - axiom cmp_lt_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord4] lt_log'1 x y = (cmp_log'2 x y = C_Less'0) + use seq.Seq - function le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 10 4 10 36] (self : t_B'0) (o : t_B'0) : bool + use seq.Seq - function cmp_le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 16 4 16 36] (x : t_B'0) (y : t_B'0) : () + use seq.Seq - axiom cmp_le_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord3] le_log'1 x y = (cmp_log'2 x y <> C_Greater'0) + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 211 4 211 41] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : t_Ordering'0 + predicate produces'1 [@inline:trivial] [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 40 4 40 67] (self : t_MapInv'0) (visited : Seq.seq t_B'0) (succ : t_MapInv'0) = - [%#sord2] let r = cmp_log'1 (let (a, _) = self in a) (let (a, _) = o in a) in if r = C_Equal'0 then - cmp_log'2 (let (_, a) = self in a) (let (_, a) = o in a) + [%#smap_inv28] unnest'0 self.t_MapInv__func'0 succ.t_MapInv__func'0 + /\ (exists fs : Seq.seq (borrowed t_F'0) . inv'12 fs + /\ Seq.length fs = Seq.length visited + /\ (exists s : Seq.seq t_Item'0 . inv'11 s + /\ Seq.length s = Seq.length visited + /\ produces'0 self.t_MapInv__iter'0 s succ.t_MapInv__iter'0 + /\ Snapshot.inner succ.t_MapInv__produced'0 = Seq.(++) (Snapshot.inner self.t_MapInv__produced'0) s + /\ (forall i : int . 1 <= i /\ i < Seq.length fs -> (Seq.get fs (i - 1)).final = (Seq.get fs i).current) + /\ (if Seq.length visited = 0 then + self.t_MapInv__func'0 = succ.t_MapInv__func'0 else - r - - - constant x : (t_A'0, t_B'0) + (Seq.get fs 0).current = self.t_MapInv__func'0 + /\ (Seq.get fs (Seq.length visited - 1)).final = succ.t_MapInv__func'0 + ) + /\ (forall i : int . 0 <= i /\ i < Seq.length visited + -> unnest'0 self.t_MapInv__func'0 (Seq.get fs i).current + /\ precondition'0 (Seq.get fs i).current (Seq.get s i, Snapshot.new (Seq.(++) (Snapshot.inner self.t_MapInv__produced'0) (Seq.([..]) s 0 i))) + /\ postcondition_mut'0 (Seq.get fs i).current (Seq.get s i, Snapshot.new (Seq.(++) (Snapshot.inner self.t_MapInv__produced'0) (Seq.([..]) s 0 i))) (Seq.get fs i).final (Seq.get visited i)))) - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (x : (t_A'0, t_B'0)) : () + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 35 4 35 90] (a : t_MapInv'0) (ab : Seq.seq t_B'0) (b : t_MapInv'0) (bc : Seq.seq t_B'0) (c : t_MapInv'0) : () + + = + [%#smap_inv39] () - goal vc_refl'0 : [%#sord0] cmp_log'0 x x = C_Equal'0 -end -module M_creusot_contracts__logic__ord__qyi1910662420989811789__trans [#"../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56] (* <(A, B) as logic::ord::OrdLogic> *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 103 40 103 57 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 104 40 104 57 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 105 39 105 56 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 101 8 101 35 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 212 8 219 11 - let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 15 14 15 64 - let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 25 14 25 61 - let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 35 14 35 61 - let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 45 14 45 64 - let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 49 14 49 45 - let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 53 15 53 32 - let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 54 15 54 32 - let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 55 14 55 31 - let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 59 15 59 45 - let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 60 14 60 47 - let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 64 15 64 48 - let%span sord16 = "../../../creusot-contracts/src/logic/ord.rs" 65 14 65 44 - let%span sord17 = "../../../creusot-contracts/src/logic/ord.rs" 69 14 69 59 - - type t_A'0 + axiom produces_trans'0_spec : forall a : t_MapInv'0, ab : Seq.seq t_B'0, b : t_MapInv'0, bc : Seq.seq t_B'0, c : t_MapInv'0 . ([%#smap_inv33] inv'9 a) + -> ([%#smap_inv34] inv'9 b) + -> ([%#smap_inv35] inv'9 c) + -> ([%#smap_inv36] produces'1 a ab b) + -> ([%#smap_inv37] produces'1 b bc c) -> ([%#smap_inv38] produces'1 a (Seq.(++) ab bc) c) - type t_B'0 + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 25 4 25 26] (self : t_MapInv'0) : () = + [%#smap_inv32] () - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + axiom produces_refl'0_spec : forall self : t_MapInv'0 . ([%#smap_inv30] inv'9 self) + -> ([%#smap_inv31] produces'1 self (Seq.empty : Seq.seq t_B'0) self) - function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 6 4 6 42] (self : t_A'0) (_2 : t_A'0) : t_Ordering'0 + predicate produces_one'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 192 4 192 57] (self : t_MapInv'0) (visited : t_B'0) (succ : t_MapInv'0) + = + [%#smap_inv23] exists f : borrowed t_F'0, e : t_Item'0 . inv'6 f + /\ inv'10 e + /\ f.current = self.t_MapInv__func'0 + /\ f.final = succ.t_MapInv__func'0 + /\ produces'0 self.t_MapInv__iter'0 (Seq.singleton e) succ.t_MapInv__iter'0 + /\ Snapshot.inner succ.t_MapInv__produced'0 = Seq.snoc (Snapshot.inner self.t_MapInv__produced'0) e + /\ precondition'0 f.current (e, self.t_MapInv__produced'0) + /\ postcondition_mut'0 f.current (e, self.t_MapInv__produced'0) f.final visited - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 70 4 70 32] (x : t_A'0) (y : t_A'0) : () + axiom produces_one'0_spec : forall self : t_MapInv'0, visited : t_B'0, succ : t_MapInv'0 . [%#smap_inv22] produces_one'0 self visited succ + = produces'1 self (Seq.singleton visited) succ - axiom eq_cmp'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord17] (x = y) = (cmp_log'1 x y = C_Equal'0) + predicate invariant'0 [#"../../../creusot-contracts/src/invariant.rs" 33 4 33 30] (self : borrowed (t_MapInv'0)) = + [%#sinvariant56] inv'9 self.current /\ inv'9 self.final - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 66 4 66 34] (x : t_A'0) (y : t_A'0) : () + predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : borrowed (t_MapInv'0)) - axiom antisym2'0_spec : forall x : t_A'0, y : t_A'0 . ([%#sord15] cmp_log'1 x y = C_Greater'0) - -> ([%#sord16] cmp_log'1 y x = C_Less'0) + axiom inv_axiom'0 [@rewrite] : forall x : borrowed (t_MapInv'0) [inv'2 x] . inv'2 x = invariant'0 x - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 61 4 61 34] (x : t_A'0) (y : t_A'0) : () + predicate resolve'1 [#"../../../creusot-contracts/src/resolve.rs" 53 4 53 28] (self : borrowed (t_MapInv'0)) = + [%#sresolve29] self.final = self.current - axiom antisym1'0_spec : forall x : t_A'0, y : t_A'0 . ([%#sord13] cmp_log'1 x y = C_Less'0) - -> ([%#sord14] cmp_log'1 y x = C_Greater'0) + predicate resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : borrowed (t_MapInv'0)) = + resolve'1 _1 - function trans'1 [#"../../../creusot-contracts/src/logic/ord.rs" 56 4 56 53] (x : t_A'0) (y : t_A'0) (z : t_A'0) (o : t_Ordering'0) : () - + type t_Option'1 = + | C_None'1 + | C_Some'1 t_B'0 - axiom trans'1_spec : forall x : t_A'0, y : t_A'0, z : t_A'0, o : t_Ordering'0 . ([%#sord10] cmp_log'1 x y = o) - -> ([%#sord11] cmp_log'1 y z = o) -> ([%#sord12] cmp_log'1 x z = o) + use prelude.prelude.Intrinsic - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 50 4 50 21] (x : t_A'0) : () + use prelude.prelude.Snapshot - axiom refl'0_spec : forall x : t_A'0 . [%#sord9] cmp_log'1 x x = C_Equal'0 + use prelude.prelude.Snapshot - function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 40 4 40 36] (self : t_A'0) (o : t_A'0) : bool + predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Option'1) - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (x : t_A'0) (y : t_A'0) : () + axiom inv_axiom'1 [@rewrite] : forall x : t_Option'1 [inv'3 x] . inv'3 x + = match x with + | C_None'1 -> true + | C_Some'1 a_0 -> inv'8 a_0 + end - axiom cmp_gt_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord8] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) + predicate completed'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 14 4 14 35] (self : borrowed (t_MapInv'0)) + + = + [%#smap_inv24] Snapshot.inner (self.final).t_MapInv__produced'0 = (Seq.empty : Seq.seq t_Item'0) + /\ completed'1 (Borrow.borrow_logic (self.current).t_MapInv__iter'0 (self.final).t_MapInv__iter'0 (Borrow.inherit_id (Borrow.get_id self) 1)) + /\ (self.current).t_MapInv__func'0 = (self.final).t_MapInv__func'0 - function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (self : t_A'0) (o : t_A'0) : bool + meta "compute_max_steps" 1000000 - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 36 4 36 36] (x : t_A'0) (y : t_A'0) : () + let rec next'0 (self:borrowed (t_MapInv'0)) (return' (ret:t_Option'1))= {[@expl:next 'self' type invariant] [%#smap_inv6] inv'2 self} + (! bb0 + [ bb0 = s0 [ s0 = [ &old_self <- [%#smap_inv0] Snapshot.new self.current ] s1 | s1 = bb1 ] + | bb1 = s0 + [ s0 = {inv'0 (self.current).t_MapInv__iter'0} + Borrow.borrow_final {(self.current).t_MapInv__iter'0} {Borrow.inherit_id (Borrow.get_id self) 1} + (fun (_ret':borrowed t_I'0) -> + [ &_6 <- _ret' ] + -{inv'0 _ret'.final}- + [ &self <- { self with current = { self.current with t_MapInv__iter'0 = _ret'.final } } ] + s1) + | s1 = next'1 {_6} (fun (_ret':t_Option'0) -> [ &_5 <- _ret' ] s2) + | s2 = bb2 ] + + | bb2 = any [ br0 -> {_5 = C_None'0 } (! bb5) | br1 (x0:t_Item'0)-> {_5 = C_Some'0 x0} (! bb4) ] + | bb4 = bb6 + | bb6 = s0 + [ s0 = v_Some'0 {_5} (fun (r0'0:t_Item'0) -> [ &v <- r0'0 ] s1) + | s1 = {[@expl:assertion] [%#smap_inv1] precondition'0 (self.current).t_MapInv__func'0 (v, (self.current).t_MapInv__produced'0)} + s2 + | s2 = bb7 ] + + | bb7 = s0 + [ s0 = + [ &produced <- [%#smap_inv2] Snapshot.new (Seq.snoc (Snapshot.inner (self.current).t_MapInv__produced'0) v) ] + + s1 + | s1 = bb8 ] + + | bb8 = s0 + [ s0 = {inv'1 (self.current).t_MapInv__func'0} + Borrow.borrow_final {(self.current).t_MapInv__func'0} {Borrow.inherit_id (Borrow.get_id self) 2} + (fun (_ret':borrowed t_F'0) -> + [ &_14 <- _ret' ] + -{inv'1 _ret'.final}- + [ &self <- { self with current = { self.current with t_MapInv__func'0 = _ret'.final } } ] + s1) + | s1 = [ &_15 <- (v, (self.current).t_MapInv__produced'0) ] s2 + | s2 = call_mut'0 {_14} {_15} (fun (_ret':t_B'0) -> [ &r <- _ret' ] s3) + | s3 = bb9 ] + + | bb9 = bb10 + | bb10 = s0 + [ s0 = [ &self <- { self with current = { self.current with t_MapInv__produced'0 = produced } } ] s1 + | s1 = [ &_19 <- [%#smap_inv3] Snapshot.new (let _ = () in ()) ] s2 + | s2 = bb11 ] + + | bb11 = s0 + [ s0 = {[@expl:assertion] [%#smap_inv4] produces_one'0 (Snapshot.inner old_self) r self.current} s1 | s1 = bb12 ] + + | bb12 = s0 + [ s0 = {[@expl:type invariant] inv'2 self} s1 + | s1 = -{resolve'0 self}- s2 + | s2 = [ &_0 <- C_Some'1 r ] s3 + | s3 = bb13 ] + + | bb13 = bb14 + | bb14 = bb15 + | bb15 = bb17 + | bb5 = s0 [ s0 = [ &_24 <- [%#smap_inv5] Snapshot.new (Seq.empty : Seq.seq t_Item'0) ] s1 | s1 = bb16 ] + | bb16 = s0 + [ s0 = [ &self <- { self with current = { self.current with t_MapInv__produced'0 = _24 } } ] s1 + | s1 = {[@expl:type invariant] inv'2 self} s2 + | s2 = -{resolve'0 self}- s3 + | s3 = [ &_0 <- C_None'1 ] s4 + | s4 = bb17 ] + + | bb17 = bb18 + | bb18 = return' {_0} ] + ) + [ & _0 : t_Option'1 = any_l () + | & self : borrowed (t_MapInv'0) = self + | & old_self : Snapshot.snap_ty (t_MapInv'0) = any_l () + | & _5 : t_Option'0 = any_l () + | & _6 : borrowed t_I'0 = any_l () + | & v : t_Item'0 = any_l () + | & produced : Snapshot.snap_ty (Seq.seq t_Item'0) = any_l () + | & r : t_B'0 = any_l () + | & _14 : borrowed t_F'0 = any_l () + | & _15 : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0)) = any_l () + | & _19 : Snapshot.snap_ty () = any_l () + | & _24 : Snapshot.snap_ty (Seq.seq t_Item'0) = any_l () ] + + [ return' (result:t_Option'1)-> {[@expl:next result type invariant] [%#smap_inv7] inv'3 result} + {[@expl:next ensures] [%#smap_inv8] match result with + | C_None'1 -> completed'0 self + | C_Some'1 v -> produces_one'0 self.current v self.final + end} + (! return' {result}) ] + +end +module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi4899712594723907874__preservation_inv [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 131 4 131 73] (* std::iter::map_inv::MapInv::Item, F> *) + let%span smap_inv0 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 130 14 130 81 + let%span smap_inv1 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 133 12 138 88 + let%span smap_inv2 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 146 12 151 71 + let%span sops3 = "../../../creusot-contracts/src/std/ops.rs" 105 15 105 59 + let%span sops4 = "../../../creusot-contracts/src/std/ops.rs" 106 14 106 36 + let%span sops5 = "../../../creusot-contracts/src/std/ops.rs" 111 14 111 31 + let%span sops6 = "../../../creusot-contracts/src/std/ops.rs" 116 15 116 29 + let%span sops7 = "../../../creusot-contracts/src/std/ops.rs" 117 15 117 26 + let%span sops8 = "../../../creusot-contracts/src/std/ops.rs" 118 14 118 28 + let%span sops9 = "../../../creusot-contracts/src/std/ops.rs" 123 14 124 105 + let%span siter10 = "../../../creusot-contracts/src/std/iter.rs" 38 15 38 24 + let%span siter11 = "../../../creusot-contracts/src/std/iter.rs" 39 14 39 45 + let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 21 + let%span siter13 = "../../../creusot-contracts/src/std/iter.rs" 44 15 44 21 + let%span siter14 = "../../../creusot-contracts/src/std/iter.rs" 45 15 45 21 + let%span siter15 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 + let%span siter16 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 + let%span siter17 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 + let%span sseq18 = "../../../creusot-contracts/src/logic/seq.rs" 609 20 609 95 + let%span sinvariant19 = "../../../creusot-contracts/src/invariant.rs" 34 20 34 44 + let%span sboxed20 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 - axiom cmp_ge_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord7] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) + use seq.Seq - function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 20 4 20 36] (self : t_A'0) (o : t_A'0) : bool + type t_Item'0 - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 26 4 26 36] (x : t_A'0) (y : t_A'0) : () + use seq.Seq - axiom cmp_lt_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord6] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) + type t_I'0 - function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 10 4 10 36] (self : t_A'0) (o : t_A'0) : bool + type t_F'0 - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 16 4 16 36] (x : t_A'0) (y : t_A'0) : () + use prelude.prelude.Borrow - axiom cmp_le_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord5] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) + type t_B'0 - function cmp_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 6 4 6 42] (self : t_B'0) (_2 : t_B'0) : t_Ordering'0 - + use prelude.prelude.Int - function eq_cmp'1 [#"../../../creusot-contracts/src/logic/ord.rs" 70 4 70 32] (x : t_B'0) (y : t_B'0) : () + use seq.Seq - axiom eq_cmp'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord17] (x = y) = (cmp_log'2 x y = C_Equal'0) + use seq.Seq - function antisym2'1 [#"../../../creusot-contracts/src/logic/ord.rs" 66 4 66 34] (x : t_B'0) (y : t_B'0) : () + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) - axiom antisym2'1_spec : forall x : t_B'0, y : t_B'0 . ([%#sord15] cmp_log'2 x y = C_Greater'0) - -> ([%#sord16] cmp_log'2 y x = C_Less'0) + predicate invariant'2 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : t_Item'0) = + [%#sboxed20] inv'1 self - function antisym1'1 [#"../../../creusot-contracts/src/logic/ord.rs" 61 4 61 34] (x : t_B'0) (y : t_B'0) : () + predicate inv'5 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) - axiom antisym1'1_spec : forall x : t_B'0, y : t_B'0 . ([%#sord13] cmp_log'2 x y = C_Less'0) - -> ([%#sord14] cmp_log'2 y x = C_Greater'0) + axiom inv_axiom'2 [@rewrite] : forall x : t_Item'0 [inv'5 x] . inv'5 x = invariant'2 x - function trans'2 [#"../../../creusot-contracts/src/logic/ord.rs" 56 4 56 53] (x : t_B'0) (y : t_B'0) (z : t_B'0) (o : t_Ordering'0) : () - + predicate invariant'0 [#"../../../creusot-contracts/src/logic/seq.rs" 608 4 608 30] (self : Seq.seq t_Item'0) = + [%#sseq18] forall i : int . 0 <= i /\ i < Seq.length self -> inv'5 (Seq.get self i) - axiom trans'2_spec : forall x : t_B'0, y : t_B'0, z : t_B'0, o : t_Ordering'0 . ([%#sord10] cmp_log'2 x y = o) - -> ([%#sord11] cmp_log'2 y z = o) -> ([%#sord12] cmp_log'2 x z = o) + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t_Item'0) - function refl'1 [#"../../../creusot-contracts/src/logic/ord.rs" 50 4 50 21] (x : t_B'0) : () + axiom inv_axiom'0 [@rewrite] : forall x : Seq.seq t_Item'0 [inv'0 x] . inv'0 x = invariant'0 x - axiom refl'1_spec : forall x : t_B'0 . [%#sord9] cmp_log'2 x x = C_Equal'0 + predicate inv'6 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_F'0) - function gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 40 4 40 36] (self : t_B'0) (o : t_B'0) : bool + predicate invariant'1 [#"../../../creusot-contracts/src/invariant.rs" 33 4 33 30] (self : borrowed t_F'0) = + [%#sinvariant19] inv'6 self.current /\ inv'6 self.final - function cmp_gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (x : t_B'0) (y : t_B'0) : () + predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : borrowed t_F'0) - axiom cmp_gt_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord8] gt_log'1 x y = (cmp_log'2 x y = C_Greater'0) + axiom inv_axiom'1 [@rewrite] : forall x : borrowed t_F'0 [inv'2 x] . inv'2 x = invariant'1 x - function ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (self : t_B'0) (o : t_B'0) : bool + predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_B'0) - function cmp_ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 36 4 36 36] (x : t_B'0) (y : t_B'0) : () + predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) - axiom cmp_ge_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord7] ge_log'1 x y = (cmp_log'2 x y <> C_Less'0) + use prelude.prelude.Snapshot - function lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 20 4 20 36] (self : t_B'0) (o : t_B'0) : bool + predicate postcondition_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 81 4 81 73] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (result : t_B'0) + - function cmp_lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 26 4 26 36] (x : t_B'0) (y : t_B'0) : () + predicate resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_F'0) - axiom cmp_lt_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord6] lt_log'1 x y = (cmp_log'2 x y = C_Less'0) + predicate postcondition_mut'0 [#"../../../creusot-contracts/src/std/ops.rs" 91 4 91 92] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (result_state : t_F'0) (result : t_B'0) + - function le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 10 4 10 36] (self : t_B'0) (o : t_B'0) : bool + function fn_mut_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 125 4 125 55] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (res : t_B'0) : () + - function cmp_le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 16 4 16 36] (x : t_B'0) (y : t_B'0) : () + axiom fn_mut_once'0_spec : forall self : t_F'0, args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0)), res : t_B'0 . [%#sops9] postcondition_once'0 self args res + = (exists res_state : t_F'0 . postcondition_mut'0 self args res_state res /\ resolve'0 res_state) - axiom cmp_le_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord5] le_log'1 x y = (cmp_log'2 x y <> C_Greater'0) + predicate unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 99 4 99 36] (self : t_F'0) (_2 : t_F'0) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 211 4 211 41] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : t_Ordering'0 - - = - [%#sord4] let r = cmp_log'1 (let (a, _) = self in a) (let (a, _) = o in a) in if r = C_Equal'0 then - cmp_log'2 (let (_, a) = self in a) (let (_, a) = o in a) - else - r + function unnest_trans'0 [#"../../../creusot-contracts/src/std/ops.rs" 119 4 119 43] (self : t_F'0) (b : t_F'0) (c : t_F'0) : () - constant x : (t_A'0, t_B'0) - - constant y : (t_A'0, t_B'0) + axiom unnest_trans'0_spec : forall self : t_F'0, b : t_F'0, c : t_F'0 . ([%#sops6] unnest'0 self b) + -> ([%#sops7] unnest'0 b c) -> ([%#sops8] unnest'0 self c) - constant z : (t_A'0, t_B'0) + function unnest_refl'0 [#"../../../creusot-contracts/src/std/ops.rs" 112 4 112 24] (self : t_F'0) : () - constant o : t_Ordering'0 + axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops5] unnest'0 self self - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56] (x : (t_A'0, t_B'0)) (y : (t_A'0, t_B'0)) (z : (t_A'0, t_B'0)) (o : t_Ordering'0) : () + function postcondition_mut_unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 107 4 107 85] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (res_state : t_F'0) (res : t_B'0) : () - goal vc_trans'0 : ([%#sord1] cmp_log'0 y z = o) -> ([%#sord0] cmp_log'0 x y = o) -> ([%#sord2] cmp_log'0 x z = o) -end -module M_creusot_contracts__logic__ord__qyi1910662420989811789__antisym1 [#"../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37] (* <(A, B) as logic::ord::OrdLogic> *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 110 40 110 70 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 111 39 111 72 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 108 8 108 35 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 212 8 219 11 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 15 14 15 64 - let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 25 14 25 61 - let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 35 14 35 61 - let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 45 14 45 64 - let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 49 14 49 45 - let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 53 15 53 32 - let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 54 15 54 32 - let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 55 14 55 31 - let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 59 15 59 45 - let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 60 14 60 47 - let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 64 15 64 48 - let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 65 14 65 44 - let%span sord16 = "../../../creusot-contracts/src/logic/ord.rs" 69 14 69 59 + axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0)), res_state : t_F'0, res : t_B'0 . ([%#sops3] postcondition_mut'0 self args res_state res) + -> ([%#sops4] unnest'0 self res_state) - type t_A'0 + use seq.Seq - type t_B'0 + use seq.Seq - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 - - function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 6 4 6 42] (self : t_A'0) (_2 : t_A'0) : t_Ordering'0 + predicate produces'0 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 70 4 70 32] (x : t_A'0) (y : t_A'0) : () - - axiom eq_cmp'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord16] (x = y) = (cmp_log'1 x y = C_Equal'0) + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 66 4 66 34] (x : t_A'0) (y : t_A'0) : () + axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter12] inv'4 a) + -> ([%#siter13] inv'4 b) + -> ([%#siter14] inv'4 c) + -> ([%#siter15] produces'0 a ab b) + -> ([%#siter16] produces'0 b bc c) -> ([%#siter17] produces'0 a (Seq.(++) ab bc) c) - axiom antisym2'0_spec : forall x : t_A'0, y : t_A'0 . ([%#sord14] cmp_log'1 x y = C_Greater'0) - -> ([%#sord15] cmp_log'1 y x = C_Less'0) + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 40 4 40 27] (self : t_I'0) : () - function antisym1'1 [#"../../../creusot-contracts/src/logic/ord.rs" 61 4 61 34] (x : t_A'0) (y : t_A'0) : () + axiom produces_refl'0_spec : forall self : t_I'0 . ([%#siter10] inv'4 self) + -> ([%#siter11] produces'0 self (Seq.empty : Seq.seq t_Item'0) self) - axiom antisym1'1_spec : forall x : t_A'0, y : t_A'0 . ([%#sord12] cmp_log'1 x y = C_Less'0) - -> ([%#sord13] cmp_log'1 y x = C_Greater'0) + use prelude.prelude.Snapshot - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 56 4 56 53] (x : t_A'0) (y : t_A'0) (z : t_A'0) (o : t_Ordering'0) : () + predicate precondition'0 [#"../../../creusot-contracts/src/std/ops.rs" 73 4 73 45] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) - axiom trans'0_spec : forall x : t_A'0, y : t_A'0, z : t_A'0, o : t_Ordering'0 . ([%#sord9] cmp_log'1 x y = o) - -> ([%#sord10] cmp_log'1 y z = o) -> ([%#sord11] cmp_log'1 x z = o) + predicate preservation'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 144 4 144 49] (iter : t_I'0) (func : t_F'0) + + = + [%#smap_inv2] forall s : Seq.seq t_Item'0, e1 : t_Item'0, e2 : t_Item'0, f : borrowed t_F'0, b : t_B'0, i : t_I'0 . inv'0 s + /\ inv'1 e1 /\ inv'1 e2 /\ inv'2 f /\ inv'3 b /\ inv'4 i /\ unnest'0 func f.current + -> produces'0 iter (Seq.snoc (Seq.snoc s e1) e2) i + -> precondition'0 f.current (e1, Snapshot.new s) + -> postcondition_mut'0 f.current (e1, Snapshot.new s) f.final b + -> precondition'0 f.final (e2, Snapshot.new (Seq.snoc s e1)) - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 50 4 50 21] (x : t_A'0) : () + constant iter : t_I'0 - axiom refl'0_spec : forall x : t_A'0 . [%#sord8] cmp_log'1 x x = C_Equal'0 + constant func : t_F'0 - function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 40 4 40 36] (self : t_A'0) (o : t_A'0) : bool + constant produced : Seq.seq t_Item'0 - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (x : t_A'0) (y : t_A'0) : () + predicate preservation_inv'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 131 4 131 73] (iter : t_I'0) (func : t_F'0) (produced : Seq.seq t_Item'0) + - axiom cmp_gt_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord7] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) + goal vc_preservation_inv'0 : [%#smap_inv0] produced = (Seq.empty : Seq.seq t_Item'0) + -> ([%#smap_inv1] forall s : Seq.seq t_Item'0, e1 : t_Item'0, e2 : t_Item'0, f : borrowed t_F'0, b : t_B'0, i : t_I'0 . inv'0 s + /\ inv'1 e1 /\ inv'1 e2 /\ inv'2 f /\ inv'3 b /\ inv'4 i /\ unnest'0 func f.current + -> produces'0 iter (Seq.snoc (Seq.snoc s e1) e2) i + -> precondition'0 f.current (e1, Snapshot.new (Seq.(++) produced s)) + -> postcondition_mut'0 f.current (e1, Snapshot.new (Seq.(++) produced s)) f.final b + -> precondition'0 f.final (e2, Snapshot.new (Seq.snoc (Seq.(++) produced s) e1))) + = preservation'0 iter func +end +module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi4899712594723907874__produces_one [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 192 4 192 57] (* std::iter::map_inv::MapInv::Item, F> *) + let%span smap_inv0 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 191 14 191 68 + let%span smap_inv1 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 194 12 199 74 + let%span smap_inv2 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 41 8 54 9 + let%span smap_inv3 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 23 15 23 24 + let%span smap_inv4 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 24 14 24 45 + let%span smap_inv5 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 21 4 21 10 + let%span smap_inv6 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 29 15 29 21 + let%span smap_inv7 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 30 15 30 21 + let%span smap_inv8 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 31 15 31 21 + let%span smap_inv9 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 32 15 32 32 + let%span smap_inv10 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 33 15 33 32 + let%span smap_inv11 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 34 14 34 42 + let%span smap_inv12 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 27 4 27 10 + let%span siter13 = "../../../creusot-contracts/src/std/iter.rs" 38 15 38 24 + let%span siter14 = "../../../creusot-contracts/src/std/iter.rs" 39 14 39 45 + let%span siter15 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 21 + let%span siter16 = "../../../creusot-contracts/src/std/iter.rs" 44 15 44 21 + let%span siter17 = "../../../creusot-contracts/src/std/iter.rs" 45 15 45 21 + let%span siter18 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 + let%span siter19 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 + let%span siter20 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 + let%span sops21 = "../../../creusot-contracts/src/std/ops.rs" 105 15 105 59 + let%span sops22 = "../../../creusot-contracts/src/std/ops.rs" 106 14 106 36 + let%span sops23 = "../../../creusot-contracts/src/std/ops.rs" 111 14 111 31 + let%span sops24 = "../../../creusot-contracts/src/std/ops.rs" 116 15 116 29 + let%span sops25 = "../../../creusot-contracts/src/std/ops.rs" 117 15 117 26 + let%span sops26 = "../../../creusot-contracts/src/std/ops.rs" 118 14 118 28 + let%span sops27 = "../../../creusot-contracts/src/std/ops.rs" 123 14 124 105 + let%span sinvariant28 = "../../../creusot-contracts/src/invariant.rs" 34 20 34 44 + let%span sseq29 = "../../../creusot-contracts/src/logic/seq.rs" 609 20 609 95 + let%span smap_inv30 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 80 12 82 73 + let%span smap_inv31 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 159 12 163 47 + let%span smap_inv32 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 130 14 130 81 + let%span smap_inv33 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 133 12 138 88 + let%span smap_inv34 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 123 12 125 63 + let%span smap_inv35 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 146 12 151 71 + let%span sboxed36 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 - function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (self : t_A'0) (o : t_A'0) : bool + use seq.Seq - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 36 4 36 36] (x : t_A'0) (y : t_A'0) : () + type t_I'0 - axiom cmp_ge_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord6] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) + type t_F'0 - function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 20 4 20 36] (self : t_A'0) (o : t_A'0) : bool + type t_Item'0 - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 26 4 26 36] (x : t_A'0) (y : t_A'0) : () + use seq.Seq - axiom cmp_lt_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord5] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) + use prelude.prelude.Snapshot - function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 10 4 10 36] (self : t_A'0) (o : t_A'0) : bool + type t_MapInv'0 = + { t_MapInv__iter'0: t_I'0; t_MapInv__func'0: t_F'0; t_MapInv__produced'0: Snapshot.snap_ty (Seq.seq t_Item'0) } - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 16 4 16 36] (x : t_A'0) (y : t_A'0) : () + use prelude.prelude.Borrow - axiom cmp_le_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord4] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) + predicate inv'5 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) - function cmp_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 6 4 6 42] (self : t_B'0) (_2 : t_B'0) : t_Ordering'0 - + predicate invariant'6 [#"../../../creusot-contracts/src/invariant.rs" 33 4 33 30] (self : borrowed t_I'0) = + [%#sinvariant28] inv'5 self.current /\ inv'5 self.final - function eq_cmp'1 [#"../../../creusot-contracts/src/logic/ord.rs" 70 4 70 32] (x : t_B'0) (y : t_B'0) : () + predicate inv'9 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : borrowed t_I'0) - axiom eq_cmp'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord16] (x = y) = (cmp_log'2 x y = C_Equal'0) + axiom inv_axiom'6 [@rewrite] : forall x : borrowed t_I'0 [inv'9 x] . inv'9 x = invariant'6 x - function antisym2'1 [#"../../../creusot-contracts/src/logic/ord.rs" 66 4 66 34] (x : t_B'0) (y : t_B'0) : () + predicate inv'6 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_F'0) - axiom antisym2'1_spec : forall x : t_B'0, y : t_B'0 . ([%#sord14] cmp_log'2 x y = C_Greater'0) - -> ([%#sord15] cmp_log'2 y x = C_Less'0) + use seq.Seq - function antisym1'2 [#"../../../creusot-contracts/src/logic/ord.rs" 61 4 61 34] (x : t_B'0) (y : t_B'0) : () + use seq.Seq - axiom antisym1'2_spec : forall x : t_B'0, y : t_B'0 . ([%#sord12] cmp_log'2 x y = C_Less'0) - -> ([%#sord13] cmp_log'2 y x = C_Greater'0) + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) + - function trans'1 [#"../../../creusot-contracts/src/logic/ord.rs" 56 4 56 53] (x : t_B'0) (y : t_B'0) (z : t_B'0) (o : t_Ordering'0) : () + function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - axiom trans'1_spec : forall x : t_B'0, y : t_B'0, z : t_B'0, o : t_Ordering'0 . ([%#sord9] cmp_log'2 x y = o) - -> ([%#sord10] cmp_log'2 y z = o) -> ([%#sord11] cmp_log'2 x z = o) + axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter15] inv'5 a) + -> ([%#siter16] inv'5 b) + -> ([%#siter17] inv'5 c) + -> ([%#siter18] produces'1 a ab b) + -> ([%#siter19] produces'1 b bc c) -> ([%#siter20] produces'1 a (Seq.(++) ab bc) c) - function refl'1 [#"../../../creusot-contracts/src/logic/ord.rs" 50 4 50 21] (x : t_B'0) : () + function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 40 4 40 27] (self : t_I'0) : () - axiom refl'1_spec : forall x : t_B'0 . [%#sord8] cmp_log'2 x x = C_Equal'0 + axiom produces_refl'1_spec : forall self : t_I'0 . ([%#siter13] inv'5 self) + -> ([%#siter14] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) - function gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 40 4 40 36] (self : t_B'0) (o : t_B'0) : bool + predicate completed'0 [#"../../../creusot-contracts/src/std/iter.rs" 35 4 35 36] (self : borrowed t_I'0) - function cmp_gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (x : t_B'0) (y : t_B'0) : () + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) - axiom cmp_gt_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord7] gt_log'1 x y = (cmp_log'2 x y = C_Greater'0) + use seq.Seq - function ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (self : t_B'0) (o : t_B'0) : bool + use prelude.prelude.Snapshot - function cmp_ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 36 4 36 36] (x : t_B'0) (y : t_B'0) : () + predicate precondition'0 [#"../../../creusot-contracts/src/std/ops.rs" 73 4 73 45] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) + - axiom cmp_ge_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord6] ge_log'1 x y = (cmp_log'2 x y <> C_Less'0) + predicate next_precondition'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 121 4 121 78] (iter : t_I'0) (func : t_F'0) (produced : Seq.seq t_Item'0) + + = + [%#smap_inv34] forall e : t_Item'0, i : t_I'0 . inv'1 e /\ inv'5 i /\ produces'1 iter (Seq.singleton e) i + -> precondition'0 func (e, Snapshot.new produced) - function lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 20 4 20 36] (self : t_B'0) (o : t_B'0) : bool + type t_B'0 - function cmp_lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 26 4 26 36] (x : t_B'0) (y : t_B'0) : () + use prelude.prelude.Int - axiom cmp_lt_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord5] lt_log'1 x y = (cmp_log'2 x y = C_Less'0) + use seq.Seq - function le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 10 4 10 36] (self : t_B'0) (o : t_B'0) : bool + use seq.Seq - function cmp_le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 16 4 16 36] (x : t_B'0) (y : t_B'0) : () + predicate invariant'5 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : t_Item'0) = + [%#sboxed36] inv'1 self - axiom cmp_le_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord4] le_log'1 x y = (cmp_log'2 x y <> C_Greater'0) + predicate inv'8 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 211 4 211 41] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : t_Ordering'0 - - = - [%#sord3] let r = cmp_log'1 (let (a, _) = self in a) (let (a, _) = o in a) in if r = C_Equal'0 then - cmp_log'2 (let (_, a) = self in a) (let (_, a) = o in a) - else - r - + axiom inv_axiom'5 [@rewrite] : forall x : t_Item'0 [inv'8 x] . inv'8 x = invariant'5 x - constant x : (t_A'0, t_B'0) + predicate invariant'2 [#"../../../creusot-contracts/src/logic/seq.rs" 608 4 608 30] (self : Seq.seq t_Item'0) = + [%#sseq29] forall i : int . 0 <= i /\ i < Seq.length self -> inv'8 (Seq.get self i) - constant y : (t_A'0, t_B'0) + predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t_Item'0) - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37] (x : (t_A'0, t_B'0)) (y : (t_A'0, t_B'0)) : () - + axiom inv_axiom'2 [@rewrite] : forall x : Seq.seq t_Item'0 [inv'3 x] . inv'3 x = invariant'2 x - goal vc_antisym1'0 : ([%#sord0] cmp_log'0 x y = C_Less'0) -> ([%#sord1] cmp_log'0 y x = C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi1910662420989811789__antisym2 [#"../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37] (* <(A, B) as logic::ord::OrdLogic> *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 116 40 116 73 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 117 39 117 69 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 114 8 114 35 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 212 8 219 11 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 15 14 15 64 - let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 25 14 25 61 - let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 35 14 35 61 - let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 45 14 45 64 - let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 49 14 49 45 - let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 53 15 53 32 - let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 54 15 54 32 - let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 55 14 55 31 - let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 59 15 59 45 - let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 60 14 60 47 - let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 64 15 64 48 - let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 65 14 65 44 - let%span sord16 = "../../../creusot-contracts/src/logic/ord.rs" 69 14 69 59 + predicate invariant'0 [#"../../../creusot-contracts/src/invariant.rs" 33 4 33 30] (self : borrowed t_F'0) = + [%#sinvariant28] inv'6 self.current /\ inv'6 self.final - type t_A'0 + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : borrowed t_F'0) - type t_B'0 + axiom inv_axiom'0 [@rewrite] : forall x : borrowed t_F'0 [inv'0 x] . inv'0 x = invariant'0 x - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + predicate inv'10 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_B'0) - function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 6 4 6 42] (self : t_A'0) (_2 : t_A'0) : t_Ordering'0 + predicate postcondition_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 81 4 81 73] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (result : t_B'0) - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 70 4 70 32] (x : t_A'0) (y : t_A'0) : () - - axiom eq_cmp'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord16] (x = y) = (cmp_log'1 x y = C_Equal'0) + predicate resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_F'0) - function antisym2'1 [#"../../../creusot-contracts/src/logic/ord.rs" 66 4 66 34] (x : t_A'0) (y : t_A'0) : () + predicate postcondition_mut'0 [#"../../../creusot-contracts/src/std/ops.rs" 91 4 91 92] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (result_state : t_F'0) (result : t_B'0) + - axiom antisym2'1_spec : forall x : t_A'0, y : t_A'0 . ([%#sord14] cmp_log'1 x y = C_Greater'0) - -> ([%#sord15] cmp_log'1 y x = C_Less'0) + function fn_mut_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 125 4 125 55] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (res : t_B'0) : () + - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 61 4 61 34] (x : t_A'0) (y : t_A'0) : () + axiom fn_mut_once'0_spec : forall self : t_F'0, args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0)), res : t_B'0 . [%#sops27] postcondition_once'0 self args res + = (exists res_state : t_F'0 . postcondition_mut'0 self args res_state res /\ resolve'0 res_state) - axiom antisym1'0_spec : forall x : t_A'0, y : t_A'0 . ([%#sord12] cmp_log'1 x y = C_Less'0) - -> ([%#sord13] cmp_log'1 y x = C_Greater'0) + predicate unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 99 4 99 36] (self : t_F'0) (_2 : t_F'0) - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 56 4 56 53] (x : t_A'0) (y : t_A'0) (z : t_A'0) (o : t_Ordering'0) : () + function unnest_trans'0 [#"../../../creusot-contracts/src/std/ops.rs" 119 4 119 43] (self : t_F'0) (b : t_F'0) (c : t_F'0) : () - axiom trans'0_spec : forall x : t_A'0, y : t_A'0, z : t_A'0, o : t_Ordering'0 . ([%#sord9] cmp_log'1 x y = o) - -> ([%#sord10] cmp_log'1 y z = o) -> ([%#sord11] cmp_log'1 x z = o) + axiom unnest_trans'0_spec : forall self : t_F'0, b : t_F'0, c : t_F'0 . ([%#sops24] unnest'0 self b) + -> ([%#sops25] unnest'0 b c) -> ([%#sops26] unnest'0 self c) - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 50 4 50 21] (x : t_A'0) : () + function unnest_refl'0 [#"../../../creusot-contracts/src/std/ops.rs" 112 4 112 24] (self : t_F'0) : () - axiom refl'0_spec : forall x : t_A'0 . [%#sord8] cmp_log'1 x x = C_Equal'0 + axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops23] unnest'0 self self - function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 40 4 40 36] (self : t_A'0) (o : t_A'0) : bool + function postcondition_mut_unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 107 4 107 85] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (res_state : t_F'0) (res : t_B'0) : () + - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (x : t_A'0) (y : t_A'0) : () + axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0)), res_state : t_F'0, res : t_B'0 . ([%#sops21] postcondition_mut'0 self args res_state res) + -> ([%#sops22] unnest'0 self res_state) - axiom cmp_gt_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord7] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) + use seq.Seq - function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (self : t_A'0) (o : t_A'0) : bool + predicate preservation'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 144 4 144 49] (iter : t_I'0) (func : t_F'0) + + = + [%#smap_inv35] forall s : Seq.seq t_Item'0, e1 : t_Item'0, e2 : t_Item'0, f : borrowed t_F'0, b : t_B'0, i : t_I'0 . inv'3 s + /\ inv'1 e1 /\ inv'1 e2 /\ inv'0 f /\ inv'10 b /\ inv'5 i /\ unnest'0 func f.current + -> produces'1 iter (Seq.snoc (Seq.snoc s e1) e2) i + -> precondition'0 f.current (e1, Snapshot.new s) + -> postcondition_mut'0 f.current (e1, Snapshot.new s) f.final b + -> precondition'0 f.final (e2, Snapshot.new (Seq.snoc s e1)) - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 36 4 36 36] (x : t_A'0) (y : t_A'0) : () + predicate reinitialize'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 157 4 157 33] (_1 : ()) = + [%#smap_inv31] forall iter : borrowed t_I'0, func : t_F'0 . inv'9 iter /\ inv'6 func + -> completed'0 iter + -> next_precondition'0 iter.final func (Seq.empty : Seq.seq t_Item'0) /\ preservation'0 iter.final func - axiom cmp_ge_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord6] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) + use prelude.prelude.Snapshot - function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 20 4 20 36] (self : t_A'0) (o : t_A'0) : bool + predicate preservation_inv'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 131 4 131 73] (iter : t_I'0) (func : t_F'0) (produced : Seq.seq t_Item'0) + + = + [%#smap_inv33] forall s : Seq.seq t_Item'0, e1 : t_Item'0, e2 : t_Item'0, f : borrowed t_F'0, b : t_B'0, i : t_I'0 . inv'3 s + /\ inv'1 e1 /\ inv'1 e2 /\ inv'0 f /\ inv'10 b /\ inv'5 i /\ unnest'0 func f.current + -> produces'1 iter (Seq.snoc (Seq.snoc s e1) e2) i + -> precondition'0 f.current (e1, Snapshot.new (Seq.(++) produced s)) + -> postcondition_mut'0 f.current (e1, Snapshot.new (Seq.(++) produced s)) f.final b + -> precondition'0 f.final (e2, Snapshot.new (Seq.snoc (Seq.(++) produced s) e1)) - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 26 4 26 36] (x : t_A'0) (y : t_A'0) : () + axiom preservation_inv'0_spec : forall iter : t_I'0, func : t_F'0, produced : Seq.seq t_Item'0 . [%#smap_inv32] produced + = (Seq.empty : Seq.seq t_Item'0) -> preservation_inv'0 iter func produced = preservation'0 iter func - axiom cmp_lt_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord5] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) + predicate invariant'3 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 78 4 78 30] (self : t_MapInv'0) = + [%#smap_inv30] reinitialize'0 () + /\ preservation_inv'0 self.t_MapInv__iter'0 self.t_MapInv__func'0 (Snapshot.inner self.t_MapInv__produced'0) + /\ next_precondition'0 self.t_MapInv__iter'0 self.t_MapInv__func'0 (Snapshot.inner self.t_MapInv__produced'0) - function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 10 4 10 36] (self : t_A'0) (o : t_A'0) : bool + predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_MapInv'0) - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 16 4 16 36] (x : t_A'0) (y : t_A'0) : () + axiom inv_axiom'3 [@rewrite] : forall x : t_MapInv'0 [inv'4 x] . inv'4 x + = (invariant'3 x + /\ match x with + | {t_MapInv__iter'0 = iter ; t_MapInv__func'0 = func ; t_MapInv__produced'0 = produced} -> inv'5 iter /\ inv'6 func + end) - axiom cmp_le_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord4] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) + use seq.Seq - function cmp_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 6 4 6 42] (self : t_B'0) (_2 : t_B'0) : t_Ordering'0 - + use seq.Seq - function eq_cmp'1 [#"../../../creusot-contracts/src/logic/ord.rs" 70 4 70 32] (x : t_B'0) (y : t_B'0) : () + use seq.Seq - axiom eq_cmp'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord16] (x = y) = (cmp_log'2 x y = C_Equal'0) + use seq.Seq - function antisym2'2 [#"../../../creusot-contracts/src/logic/ord.rs" 66 4 66 34] (x : t_B'0) (y : t_B'0) : () + use seq.Seq - axiom antisym2'2_spec : forall x : t_B'0, y : t_B'0 . ([%#sord14] cmp_log'2 x y = C_Greater'0) - -> ([%#sord15] cmp_log'2 y x = C_Less'0) + use seq.Seq - function antisym1'1 [#"../../../creusot-contracts/src/logic/ord.rs" 61 4 61 34] (x : t_B'0) (y : t_B'0) : () + predicate invariant'4 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : borrowed t_F'0) = + [%#sboxed36] inv'0 self - axiom antisym1'1_spec : forall x : t_B'0, y : t_B'0 . ([%#sord12] cmp_log'2 x y = C_Less'0) - -> ([%#sord13] cmp_log'2 y x = C_Greater'0) - - function trans'1 [#"../../../creusot-contracts/src/logic/ord.rs" 56 4 56 53] (x : t_B'0) (y : t_B'0) (z : t_B'0) (o : t_Ordering'0) : () - - - axiom trans'1_spec : forall x : t_B'0, y : t_B'0, z : t_B'0, o : t_Ordering'0 . ([%#sord9] cmp_log'2 x y = o) - -> ([%#sord10] cmp_log'2 y z = o) -> ([%#sord11] cmp_log'2 x z = o) - - function refl'1 [#"../../../creusot-contracts/src/logic/ord.rs" 50 4 50 21] (x : t_B'0) : () - - axiom refl'1_spec : forall x : t_B'0 . [%#sord8] cmp_log'2 x x = C_Equal'0 - - function gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 40 4 40 36] (self : t_B'0) (o : t_B'0) : bool - - function cmp_gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (x : t_B'0) (y : t_B'0) : () + predicate inv'7 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : borrowed t_F'0) - axiom cmp_gt_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord7] gt_log'1 x y = (cmp_log'2 x y = C_Greater'0) + axiom inv_axiom'4 [@rewrite] : forall x : borrowed t_F'0 [inv'7 x] . inv'7 x = invariant'4 x - function ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (self : t_B'0) (o : t_B'0) : bool + predicate invariant'1 [#"../../../creusot-contracts/src/logic/seq.rs" 608 4 608 30] (self : Seq.seq (borrowed t_F'0)) + = + [%#sseq29] forall i : int . 0 <= i /\ i < Seq.length self -> inv'7 (Seq.get self i) - function cmp_ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 36 4 36 36] (x : t_B'0) (y : t_B'0) : () + predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq (borrowed t_F'0)) - axiom cmp_ge_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord6] ge_log'1 x y = (cmp_log'2 x y <> C_Less'0) + axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq (borrowed t_F'0) [inv'2 x] . inv'2 x = invariant'1 x - function lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 20 4 20 36] (self : t_B'0) (o : t_B'0) : bool + use seq.Seq - function cmp_lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 26 4 26 36] (x : t_B'0) (y : t_B'0) : () + use prelude.prelude.Snapshot - axiom cmp_lt_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord5] lt_log'1 x y = (cmp_log'2 x y = C_Less'0) + use seq.Seq - function le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 10 4 10 36] (self : t_B'0) (o : t_B'0) : bool + use seq.Seq - function cmp_le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 16 4 16 36] (x : t_B'0) (y : t_B'0) : () + use seq.Seq - axiom cmp_le_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord4] le_log'1 x y = (cmp_log'2 x y <> C_Greater'0) + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 211 4 211 41] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : t_Ordering'0 + predicate produces'0 [@inline:trivial] [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 40 4 40 67] (self : t_MapInv'0) (visited : Seq.seq t_B'0) (succ : t_MapInv'0) = - [%#sord3] let r = cmp_log'1 (let (a, _) = self in a) (let (a, _) = o in a) in if r = C_Equal'0 then - cmp_log'2 (let (_, a) = self in a) (let (_, a) = o in a) + [%#smap_inv2] unnest'0 self.t_MapInv__func'0 succ.t_MapInv__func'0 + /\ (exists fs : Seq.seq (borrowed t_F'0) . inv'2 fs + /\ Seq.length fs = Seq.length visited + /\ (exists s : Seq.seq t_Item'0 . inv'3 s + /\ Seq.length s = Seq.length visited + /\ produces'1 self.t_MapInv__iter'0 s succ.t_MapInv__iter'0 + /\ Snapshot.inner succ.t_MapInv__produced'0 = Seq.(++) (Snapshot.inner self.t_MapInv__produced'0) s + /\ (forall i : int . 1 <= i /\ i < Seq.length fs -> (Seq.get fs (i - 1)).final = (Seq.get fs i).current) + /\ (if Seq.length visited = 0 then + self.t_MapInv__func'0 = succ.t_MapInv__func'0 else - r - - - constant x : (t_A'0, t_B'0) - - constant y : (t_A'0, t_B'0) + (Seq.get fs 0).current = self.t_MapInv__func'0 + /\ (Seq.get fs (Seq.length visited - 1)).final = succ.t_MapInv__func'0 + ) + /\ (forall i : int . 0 <= i /\ i < Seq.length visited + -> unnest'0 self.t_MapInv__func'0 (Seq.get fs i).current + /\ precondition'0 (Seq.get fs i).current (Seq.get s i, Snapshot.new (Seq.(++) (Snapshot.inner self.t_MapInv__produced'0) (Seq.([..]) s 0 i))) + /\ postcondition_mut'0 (Seq.get fs i).current (Seq.get s i, Snapshot.new (Seq.(++) (Snapshot.inner self.t_MapInv__produced'0) (Seq.([..]) s 0 i))) (Seq.get fs i).final (Seq.get visited i)))) - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37] (x : (t_A'0, t_B'0)) (y : (t_A'0, t_B'0)) : () + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 35 4 35 90] (a : t_MapInv'0) (ab : Seq.seq t_B'0) (b : t_MapInv'0) (bc : Seq.seq t_B'0) (c : t_MapInv'0) : () + = + [%#smap_inv12] () - goal vc_antisym2'0 : ([%#sord0] cmp_log'0 x y = C_Greater'0) -> ([%#sord1] cmp_log'0 y x = C_Less'0) -end -module M_creusot_contracts__logic__ord__qyi1910662420989811789__eq_cmp [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (* <(A, B) as logic::ord::OrdLogic> *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 122 39 122 84 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 120 8 120 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 212 8 219 11 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 15 14 15 64 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 25 14 25 61 - let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 35 14 35 61 - let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 45 14 45 64 - let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 49 14 49 45 - let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 53 15 53 32 - let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 54 15 54 32 - let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 55 14 55 31 - let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 59 15 59 45 - let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 60 14 60 47 - let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 64 15 64 48 - let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 65 14 65 44 - let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 69 14 69 59 - - type t_A'0 + axiom produces_trans'0_spec : forall a : t_MapInv'0, ab : Seq.seq t_B'0, b : t_MapInv'0, bc : Seq.seq t_B'0, c : t_MapInv'0 . ([%#smap_inv6] inv'4 a) + -> ([%#smap_inv7] inv'4 b) + -> ([%#smap_inv8] inv'4 c) + -> ([%#smap_inv9] produces'0 a ab b) + -> ([%#smap_inv10] produces'0 b bc c) -> ([%#smap_inv11] produces'0 a (Seq.(++) ab bc) c) - type t_B'0 + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 25 4 25 26] (self : t_MapInv'0) : () = + [%#smap_inv5] () - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + axiom produces_refl'0_spec : forall self : t_MapInv'0 . ([%#smap_inv3] inv'4 self) + -> ([%#smap_inv4] produces'0 self (Seq.empty : Seq.seq t_B'0) self) - function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 6 4 6 42] (self : t_A'0) (_2 : t_A'0) : t_Ordering'0 - + constant self : t_MapInv'0 - function eq_cmp'1 [#"../../../creusot-contracts/src/logic/ord.rs" 70 4 70 32] (x : t_A'0) (y : t_A'0) : () + constant visited : t_B'0 - axiom eq_cmp'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord15] (x = y) = (cmp_log'1 x y = C_Equal'0) + constant succ : t_MapInv'0 - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 66 4 66 34] (x : t_A'0) (y : t_A'0) : () + predicate produces_one'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 192 4 192 57] (self : t_MapInv'0) (visited : t_B'0) (succ : t_MapInv'0) + - axiom antisym2'0_spec : forall x : t_A'0, y : t_A'0 . ([%#sord13] cmp_log'1 x y = C_Greater'0) - -> ([%#sord14] cmp_log'1 y x = C_Less'0) + goal vc_produces_one'0 : [%#smap_inv0] ([%#smap_inv1] exists f : borrowed t_F'0, e : t_Item'0 . inv'0 f + /\ inv'1 e + /\ f.current = self.t_MapInv__func'0 + /\ f.final = succ.t_MapInv__func'0 + /\ produces'1 self.t_MapInv__iter'0 (Seq.singleton e) succ.t_MapInv__iter'0 + /\ Snapshot.inner succ.t_MapInv__produced'0 = Seq.snoc (Snapshot.inner self.t_MapInv__produced'0) e + /\ precondition'0 f.current (e, self.t_MapInv__produced'0) + /\ postcondition_mut'0 f.current (e, self.t_MapInv__produced'0) f.final visited) + = produces'0 self (Seq.singleton visited) succ +end +module M_creusot_contracts__stdqy35z1__iter__once__qyi8116812009287608646__produces_refl [#"../../../creusot-contracts/src/std/iter/once.rs" 33 4 33 26] (* as std::iter::Iterator> *) + let%span sonce0 = "../../../creusot-contracts/src/std/iter/once.rs" 31 15 31 24 + let%span sonce1 = "../../../creusot-contracts/src/std/iter/once.rs" 32 14 32 45 + let%span sonce2 = "../../../creusot-contracts/src/std/iter/once.rs" 29 4 29 10 + let%span sonce3 = "../../../creusot-contracts/src/std/iter/once.rs" 24 12 25 106 - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 61 4 61 34] (x : t_A'0) (y : t_A'0) : () + type t_T'0 - axiom antisym1'0_spec : forall x : t_A'0, y : t_A'0 . ([%#sord11] cmp_log'1 x y = C_Less'0) - -> ([%#sord12] cmp_log'1 y x = C_Greater'0) + type t_Option'0 = + | C_None'0 + | C_Some'0 t_T'0 - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 56 4 56 53] (x : t_A'0) (y : t_A'0) (z : t_A'0) (o : t_Ordering'0) : () - + type t_Item'0 = + { t_Item__opt'0: t_Option'0 } - axiom trans'0_spec : forall x : t_A'0, y : t_A'0, z : t_A'0, o : t_Ordering'0 . ([%#sord8] cmp_log'1 x y = o) - -> ([%#sord9] cmp_log'1 y z = o) -> ([%#sord10] cmp_log'1 x z = o) + type t_IntoIter'0 = + { t_IntoIter__inner'0: t_Item'0 } - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 50 4 50 21] (x : t_A'0) : () + type t_Once'0 = + { t_Once__inner'0: t_IntoIter'0 } - axiom refl'0_spec : forall x : t_A'0 . [%#sord7] cmp_log'1 x x = C_Equal'0 + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) - function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 40 4 40 36] (self : t_A'0) (o : t_A'0) : bool + predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Option'0) - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (x : t_A'0) (y : t_A'0) : () + axiom inv_axiom'3 [@rewrite] : forall x : t_Option'0 [inv'4 x] . inv'4 x + = match x with + | C_None'0 -> true + | C_Some'0 a_0 -> inv'1 a_0 + end - axiom cmp_gt_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord6] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) + predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) - function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (self : t_A'0) (o : t_A'0) : bool + axiom inv_axiom'2 [@rewrite] : forall x : t_Item'0 [inv'3 x] . inv'3 x + = match x with + | {t_Item__opt'0 = opt} -> inv'4 opt + end - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 36 4 36 36] (x : t_A'0) (y : t_A'0) : () + predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_IntoIter'0) - axiom cmp_ge_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord5] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) + axiom inv_axiom'1 [@rewrite] : forall x : t_IntoIter'0 [inv'2 x] . inv'2 x + = match x with + | {t_IntoIter__inner'0 = inner} -> inv'3 inner + end - function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 20 4 20 36] (self : t_A'0) (o : t_A'0) : bool + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Once'0) - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 26 4 26 36] (x : t_A'0) (y : t_A'0) : () + axiom inv_axiom'0 [@rewrite] : forall x : t_Once'0 [inv'0 x] . inv'0 x + = match x with + | {t_Once__inner'0 = inner} -> inv'2 inner + end - axiom cmp_lt_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord4] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) + use seq.Seq - function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 10 4 10 36] (self : t_A'0) (o : t_A'0) : bool + use seq.Seq - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 16 4 16 36] (x : t_A'0) (y : t_A'0) : () + function view'0 [#"../../../creusot-contracts/src/std/iter/once.rs" 8 4 8 30] (self : t_Once'0) : t_Option'0 - axiom cmp_le_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord3] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) + use seq.Seq - function cmp_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 6 4 6 42] (self : t_B'0) (_2 : t_B'0) : t_Ordering'0 + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/once.rs" 22 4 22 64] (self : t_Once'0) (visited : Seq.seq t_T'0) (o : t_Once'0) + = + [%#sonce3] visited = (Seq.empty : Seq.seq t_T'0) /\ self = o + \/ (exists e : t_T'0 . inv'1 e /\ view'0 self = C_Some'0 e /\ visited = Seq.singleton e /\ view'0 o = C_None'0) - function eq_cmp'2 [#"../../../creusot-contracts/src/logic/ord.rs" 70 4 70 32] (x : t_B'0) (y : t_B'0) : () - - axiom eq_cmp'2_spec : forall x : t_B'0, y : t_B'0 . [%#sord15] (x = y) = (cmp_log'2 x y = C_Equal'0) + constant self : t_Once'0 - function antisym2'1 [#"../../../creusot-contracts/src/logic/ord.rs" 66 4 66 34] (x : t_B'0) (y : t_B'0) : () + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter/once.rs" 33 4 33 26] (self : t_Once'0) : () - axiom antisym2'1_spec : forall x : t_B'0, y : t_B'0 . ([%#sord13] cmp_log'2 x y = C_Greater'0) - -> ([%#sord14] cmp_log'2 y x = C_Less'0) + goal vc_produces_refl'0 : ([%#sonce0] inv'0 self) -> ([%#sonce1] produces'0 self (Seq.empty : Seq.seq t_T'0) self) +end +module M_creusot_contracts__stdqy35z1__iter__once__qyi8116812009287608646__produces_trans [#"../../../creusot-contracts/src/std/iter/once.rs" 43 4 43 90] (* as std::iter::Iterator> *) + let%span sonce0 = "../../../creusot-contracts/src/std/iter/once.rs" 37 15 37 21 + let%span sonce1 = "../../../creusot-contracts/src/std/iter/once.rs" 38 15 38 21 + let%span sonce2 = "../../../creusot-contracts/src/std/iter/once.rs" 39 15 39 21 + let%span sonce3 = "../../../creusot-contracts/src/std/iter/once.rs" 40 15 40 32 + let%span sonce4 = "../../../creusot-contracts/src/std/iter/once.rs" 41 15 41 32 + let%span sonce5 = "../../../creusot-contracts/src/std/iter/once.rs" 42 14 42 42 + let%span sonce6 = "../../../creusot-contracts/src/std/iter/once.rs" 35 4 35 10 + let%span sonce7 = "../../../creusot-contracts/src/std/iter/once.rs" 24 12 25 106 - function antisym1'1 [#"../../../creusot-contracts/src/logic/ord.rs" 61 4 61 34] (x : t_B'0) (y : t_B'0) : () + type t_T'0 - axiom antisym1'1_spec : forall x : t_B'0, y : t_B'0 . ([%#sord11] cmp_log'2 x y = C_Less'0) - -> ([%#sord12] cmp_log'2 y x = C_Greater'0) + type t_Option'0 = + | C_None'0 + | C_Some'0 t_T'0 - function trans'1 [#"../../../creusot-contracts/src/logic/ord.rs" 56 4 56 53] (x : t_B'0) (y : t_B'0) (z : t_B'0) (o : t_Ordering'0) : () - + type t_Item'0 = + { t_Item__opt'0: t_Option'0 } - axiom trans'1_spec : forall x : t_B'0, y : t_B'0, z : t_B'0, o : t_Ordering'0 . ([%#sord8] cmp_log'2 x y = o) - -> ([%#sord9] cmp_log'2 y z = o) -> ([%#sord10] cmp_log'2 x z = o) + type t_IntoIter'0 = + { t_IntoIter__inner'0: t_Item'0 } - function refl'1 [#"../../../creusot-contracts/src/logic/ord.rs" 50 4 50 21] (x : t_B'0) : () + type t_Once'0 = + { t_Once__inner'0: t_IntoIter'0 } - axiom refl'1_spec : forall x : t_B'0 . [%#sord7] cmp_log'2 x x = C_Equal'0 + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) - function gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 40 4 40 36] (self : t_B'0) (o : t_B'0) : bool + predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Option'0) - function cmp_gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (x : t_B'0) (y : t_B'0) : () + axiom inv_axiom'3 [@rewrite] : forall x : t_Option'0 [inv'4 x] . inv'4 x + = match x with + | C_None'0 -> true + | C_Some'0 a_0 -> inv'1 a_0 + end - axiom cmp_gt_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord6] gt_log'1 x y = (cmp_log'2 x y = C_Greater'0) + predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) - function ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (self : t_B'0) (o : t_B'0) : bool + axiom inv_axiom'2 [@rewrite] : forall x : t_Item'0 [inv'3 x] . inv'3 x + = match x with + | {t_Item__opt'0 = opt} -> inv'4 opt + end - function cmp_ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 36 4 36 36] (x : t_B'0) (y : t_B'0) : () + predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_IntoIter'0) - axiom cmp_ge_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord5] ge_log'1 x y = (cmp_log'2 x y <> C_Less'0) + axiom inv_axiom'1 [@rewrite] : forall x : t_IntoIter'0 [inv'2 x] . inv'2 x + = match x with + | {t_IntoIter__inner'0 = inner} -> inv'3 inner + end - function lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 20 4 20 36] (self : t_B'0) (o : t_B'0) : bool + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Once'0) - function cmp_lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 26 4 26 36] (x : t_B'0) (y : t_B'0) : () + axiom inv_axiom'0 [@rewrite] : forall x : t_Once'0 [inv'0 x] . inv'0 x + = match x with + | {t_Once__inner'0 = inner} -> inv'2 inner + end - axiom cmp_lt_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord4] lt_log'1 x y = (cmp_log'2 x y = C_Less'0) + use seq.Seq - function le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 10 4 10 36] (self : t_B'0) (o : t_B'0) : bool + use seq.Seq - function cmp_le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 16 4 16 36] (x : t_B'0) (y : t_B'0) : () + function view'0 [#"../../../creusot-contracts/src/std/iter/once.rs" 8 4 8 30] (self : t_Once'0) : t_Option'0 - axiom cmp_le_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord3] le_log'1 x y = (cmp_log'2 x y <> C_Greater'0) + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 211 4 211 41] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : t_Ordering'0 + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/once.rs" 22 4 22 64] (self : t_Once'0) (visited : Seq.seq t_T'0) (o : t_Once'0) = - [%#sord2] let r = cmp_log'1 (let (a, _) = self in a) (let (a, _) = o in a) in if r = C_Equal'0 then - cmp_log'2 (let (_, a) = self in a) (let (_, a) = o in a) - else - r - - - constant x : (t_A'0, t_B'0) + [%#sonce7] visited = (Seq.empty : Seq.seq t_T'0) /\ self = o + \/ (exists e : t_T'0 . inv'1 e /\ view'0 self = C_Some'0 e /\ visited = Seq.singleton e /\ view'0 o = C_None'0) - constant y : (t_A'0, t_B'0) + use seq.Seq - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (x : (t_A'0, t_B'0)) (y : (t_A'0, t_B'0)) : () - + constant a : t_Once'0 - goal vc_eq_cmp'0 : [%#sord0] (x = y) = (cmp_log'0 x y = C_Equal'0) -end -module M_creusot_contracts__stdqy35z1__cmp__qyi16241606109483467814__cmp_le_log [#"../../../creusot-contracts/src/std/cmp.rs" 88 4 88 35] (* as logic::ord::OrdLogic> *) - let%span scmp0 = "../../../creusot-contracts/src/std/cmp.rs" 87 14 87 64 - let%span scmp1 = "../../../creusot-contracts/src/std/cmp.rs" 85 4 85 10 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 11 20 11 56 - let%span scmp3 = "../../../creusot-contracts/src/std/cmp.rs" 78 8 82 9 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 15 14 15 64 - let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 25 14 25 61 - let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 35 14 35 61 - let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 45 14 45 64 - let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 49 14 49 45 - let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 53 15 53 32 - let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 54 15 54 32 - let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 55 14 55 31 - let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 59 15 59 45 - let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 60 14 60 47 - let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 64 15 64 48 - let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 65 14 65 44 - let%span sord16 = "../../../creusot-contracts/src/logic/ord.rs" 69 14 69 59 + constant ab : Seq.seq t_T'0 - type t_T'0 + constant b : t_Once'0 - type t_Reverse'0 = - { t_Reverse__0'0: t_T'0 } + constant bc : Seq.seq t_T'0 - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + constant c : t_Once'0 - function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 6 4 6 42] (self : t_T'0) (_2 : t_T'0) : t_Ordering'0 + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter/once.rs" 43 4 43 90] (a : t_Once'0) (ab : Seq.seq t_T'0) (b : t_Once'0) (bc : Seq.seq t_T'0) (c : t_Once'0) : () - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 70 4 70 32] (x : t_T'0) (y : t_T'0) : () + goal vc_produces_trans'0 : ([%#sonce4] produces'0 b bc c) + -> ([%#sonce3] produces'0 a ab b) + -> ([%#sonce2] inv'0 c) + -> ([%#sonce1] inv'0 b) -> ([%#sonce0] inv'0 a) -> ([%#sonce5] produces'0 a (Seq.(++) ab bc) c) +end +module M_creusot_contracts__stdqy35z1__iter__range__qyi16860283617022118777__produces_refl [#"../../../creusot-contracts/src/std/iter/range.rs" 35 4 35 26] (* as std::iter::Iterator> *) + let%span srange0 = "../../../creusot-contracts/src/std/iter/range.rs" 33 15 33 24 + let%span srange1 = "../../../creusot-contracts/src/std/iter/range.rs" 34 14 34 45 + let%span srange2 = "../../../creusot-contracts/src/std/iter/range.rs" 31 4 31 10 + let%span srange3 = "../../../creusot-contracts/src/std/iter/range.rs" 23 12 27 70 - axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord16] (x = y) = (cmp_log'1 x y = C_Equal'0) + type t_Idx'0 - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 66 4 66 34] (x : t_T'0) (y : t_T'0) : () + type t_Range'0 = + { t_Range__start'0: t_Idx'0; t_Range__end'0: t_Idx'0 } - axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord14] cmp_log'1 x y = C_Greater'0) - -> ([%#sord15] cmp_log'1 y x = C_Less'0) + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Idx'0) - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 61 4 61 34] (x : t_T'0) (y : t_T'0) : () + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Range'0) - axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord12] cmp_log'1 x y = C_Less'0) - -> ([%#sord13] cmp_log'1 y x = C_Greater'0) + axiom inv_axiom'0 [@rewrite] : forall x : t_Range'0 [inv'0 x] . inv'0 x + = match x with + | {t_Range__start'0 = start ; t_Range__end'0 = end'} -> inv'1 start /\ inv'1 end' + end - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 56 4 56 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () - + use seq.Seq - axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord9] cmp_log'1 x y = o) - -> ([%#sord10] cmp_log'1 y z = o) -> ([%#sord11] cmp_log'1 x z = o) + use seq.Seq - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 50 4 50 21] (x : t_T'0) : () + use prelude.prelude.Int - axiom refl'0_spec : forall x : t_T'0 . [%#sord8] cmp_log'1 x x = C_Equal'0 + function deep_model'0 [#"../../../creusot-contracts/src/model.rs" 25 4 25 45] (self : t_Idx'0) : int - function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 40 4 40 36] (self : t_T'0) (o : t_T'0) : bool + use seq.Seq - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (x : t_T'0) (y : t_T'0) : () + use seq.Seq - axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord7] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 21 4 21 64] (self : t_Range'0) (visited : Seq.seq t_Idx'0) (o : t_Range'0) + + = + [%#srange3] self.t_Range__end'0 = o.t_Range__end'0 + /\ deep_model'0 self.t_Range__start'0 <= deep_model'0 o.t_Range__start'0 + /\ (Seq.length visited > 0 -> deep_model'0 o.t_Range__start'0 <= deep_model'0 o.t_Range__end'0) + /\ Seq.length visited = deep_model'0 o.t_Range__start'0 - deep_model'0 self.t_Range__start'0 + /\ (forall i : int . 0 <= i /\ i < Seq.length visited + -> deep_model'0 (Seq.get visited i) = deep_model'0 self.t_Range__start'0 + i) - function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (self : t_T'0) (o : t_T'0) : bool + constant self : t_Range'0 - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 36 4 36 36] (x : t_T'0) (y : t_T'0) : () + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 35 4 35 26] (self : t_Range'0) : () - axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord6] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) + goal vc_produces_refl'0 : ([%#srange0] inv'0 self) + -> ([%#srange1] produces'0 self (Seq.empty : Seq.seq t_Idx'0) self) +end +module M_creusot_contracts__stdqy35z1__iter__range__qyi16860283617022118777__produces_trans [#"../../../creusot-contracts/src/std/iter/range.rs" 45 4 45 90] (* as std::iter::Iterator> *) + let%span srange0 = "../../../creusot-contracts/src/std/iter/range.rs" 39 15 39 21 + let%span srange1 = "../../../creusot-contracts/src/std/iter/range.rs" 40 15 40 21 + let%span srange2 = "../../../creusot-contracts/src/std/iter/range.rs" 41 15 41 21 + let%span srange3 = "../../../creusot-contracts/src/std/iter/range.rs" 42 15 42 32 + let%span srange4 = "../../../creusot-contracts/src/std/iter/range.rs" 43 15 43 32 + let%span srange5 = "../../../creusot-contracts/src/std/iter/range.rs" 44 14 44 42 + let%span srange6 = "../../../creusot-contracts/src/std/iter/range.rs" 37 4 37 10 + let%span srange7 = "../../../creusot-contracts/src/std/iter/range.rs" 23 12 27 70 - function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 20 4 20 36] (self : t_T'0) (o : t_T'0) : bool + type t_Idx'0 - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 26 4 26 36] (x : t_T'0) (y : t_T'0) : () + type t_Range'0 = + { t_Range__start'0: t_Idx'0; t_Range__end'0: t_Idx'0 } - axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Idx'0) - function le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 10 4 10 36] (self : t_T'0) (o : t_T'0) : bool + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Range'0) - function cmp_le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 16 4 16 36] (x : t_T'0) (y : t_T'0) : () + axiom inv_axiom'0 [@rewrite] : forall x : t_Range'0 [inv'0 x] . inv'0 x + = match x with + | {t_Range__start'0 = start ; t_Range__end'0 = end'} -> inv'1 start /\ inv'1 end' + end - axiom cmp_le_log'1_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] le_log'1 x y = (cmp_log'1 x y <> C_Greater'0) + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/std/cmp.rs" 77 4 77 41] (self : t_Reverse'0) (o : t_Reverse'0) : t_Ordering'0 - - = - [%#scmp3] match cmp_log'1 self.t_Reverse__0'0 o.t_Reverse__0'0 with - | C_Equal'0 -> C_Equal'0 - | C_Less'0 -> C_Greater'0 - | C_Greater'0 -> C_Less'0 - end + use prelude.prelude.Int - function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 10 4 10 36] (self : t_Reverse'0) (o : t_Reverse'0) : bool - - = - [%#sord2] cmp_log'0 self o <> C_Greater'0 + function deep_model'0 [#"../../../creusot-contracts/src/model.rs" 25 4 25 45] (self : t_Idx'0) : int - constant x : t_Reverse'0 + use seq.Seq - constant y : t_Reverse'0 + use seq.Seq - function cmp_le_log'0 [#"../../../creusot-contracts/src/std/cmp.rs" 88 4 88 35] (x : t_Reverse'0) (y : t_Reverse'0) : () + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 21 4 21 64] (self : t_Range'0) (visited : Seq.seq t_Idx'0) (o : t_Range'0) + = + [%#srange7] self.t_Range__end'0 = o.t_Range__end'0 + /\ deep_model'0 self.t_Range__start'0 <= deep_model'0 o.t_Range__start'0 + /\ (Seq.length visited > 0 -> deep_model'0 o.t_Range__start'0 <= deep_model'0 o.t_Range__end'0) + /\ Seq.length visited = deep_model'0 o.t_Range__start'0 - deep_model'0 self.t_Range__start'0 + /\ (forall i : int . 0 <= i /\ i < Seq.length visited + -> deep_model'0 (Seq.get visited i) = deep_model'0 self.t_Range__start'0 + i) - goal vc_cmp_le_log'0 : [%#scmp0] le_log'0 x y = (cmp_log'0 x y <> C_Greater'0) -end -module M_creusot_contracts__stdqy35z1__cmp__qyi16241606109483467814__cmp_lt_log [#"../../../creusot-contracts/src/std/cmp.rs" 93 4 93 35] (* as logic::ord::OrdLogic> *) - let%span scmp0 = "../../../creusot-contracts/src/std/cmp.rs" 92 14 92 61 - let%span scmp1 = "../../../creusot-contracts/src/std/cmp.rs" 90 4 90 10 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 21 20 21 53 - let%span scmp3 = "../../../creusot-contracts/src/std/cmp.rs" 78 8 82 9 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 15 14 15 64 - let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 25 14 25 61 - let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 35 14 35 61 - let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 45 14 45 64 - let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 49 14 49 45 - let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 53 15 53 32 - let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 54 15 54 32 - let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 55 14 55 31 - let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 59 15 59 45 - let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 60 14 60 47 - let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 64 15 64 48 - let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 65 14 65 44 - let%span sord16 = "../../../creusot-contracts/src/logic/ord.rs" 69 14 69 59 + use seq.Seq - type t_T'0 + constant a : t_Range'0 - type t_Reverse'0 = - { t_Reverse__0'0: t_T'0 } + constant ab : Seq.seq t_Idx'0 - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + constant b : t_Range'0 + + constant bc : Seq.seq t_Idx'0 - function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 6 4 6 42] (self : t_T'0) (_2 : t_T'0) : t_Ordering'0 + constant c : t_Range'0 + + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 45 4 45 90] (a : t_Range'0) (ab : Seq.seq t_Idx'0) (b : t_Range'0) (bc : Seq.seq t_Idx'0) (c : t_Range'0) : () - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 70 4 70 32] (x : t_T'0) (y : t_T'0) : () + goal vc_produces_trans'0 : ([%#srange4] produces'0 b bc c) + -> ([%#srange3] produces'0 a ab b) + -> ([%#srange2] inv'0 c) + -> ([%#srange1] inv'0 b) -> ([%#srange0] inv'0 a) -> ([%#srange5] produces'0 a (Seq.(++) ab bc) c) +end +module M_creusot_contracts__stdqy35z1__iter__range__range_inclusive_len [#"../../../creusot-contracts/src/std/iter/range.rs" 51 0 51 92] + let%span srange0 = "../../../creusot-contracts/src/std/iter/range.rs" 50 10 50 43 + let%span sops1 = "../../../creusot-contracts/src/std/ops.rs" 201 14 201 86 + let%span srange2 = "../../../creusot-contracts/src/std/iter/range.rs" 52 4 55 5 - axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord16] (x = y) = (cmp_log'1 x y = C_Equal'0) + type t_Idx'0 - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 66 4 66 34] (x : t_T'0) (y : t_T'0) : () + type t_RangeInclusive'0 = + { t_RangeInclusive__start'0: t_Idx'0; t_RangeInclusive__end'0: t_Idx'0; t_RangeInclusive__exhausted'0: bool } - axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord14] cmp_log'1 x y = C_Greater'0) - -> ([%#sord15] cmp_log'1 y x = C_Less'0) + function start_log'0 [#"../../../creusot-contracts/src/std/ops.rs" 189 4 189 29] (self : t_RangeInclusive'0) : t_Idx'0 - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 61 4 61 34] (x : t_T'0) (y : t_T'0) : () + use prelude.prelude.Int - axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord12] cmp_log'1 x y = C_Less'0) - -> ([%#sord13] cmp_log'1 y x = C_Greater'0) + function deep_model'0 [#"../../../creusot-contracts/src/model.rs" 25 4 25 45] (self : t_Idx'0) : int - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 56 4 56 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () - + function end_log'0 [#"../../../creusot-contracts/src/std/ops.rs" 195 4 195 27] (self : t_RangeInclusive'0) : t_Idx'0 - axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord9] cmp_log'1 x y = o) - -> ([%#sord10] cmp_log'1 y z = o) -> ([%#sord11] cmp_log'1 x z = o) + function is_empty_log'0 [#"../../../creusot-contracts/src/std/ops.rs" 202 4 205 35] (self : t_RangeInclusive'0) : bool - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 50 4 50 21] (x : t_T'0) : () + axiom is_empty_log'0_spec : forall self : t_RangeInclusive'0 . [%#sops1] not is_empty_log'0 self + -> deep_model'0 (start_log'0 self) <= deep_model'0 (end_log'0 self) - axiom refl'0_spec : forall x : t_T'0 . [%#sord8] cmp_log'1 x x = C_Equal'0 + constant r : t_RangeInclusive'0 - function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 40 4 40 36] (self : t_T'0) (o : t_T'0) : bool + function range_inclusive_len'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 51 0 51 92] (r : t_RangeInclusive'0) : int + - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (x : t_T'0) (y : t_T'0) : () + goal vc_range_inclusive_len'0 : ([%#sops1] not is_empty_log'0 r + -> deep_model'0 (start_log'0 r) <= deep_model'0 (end_log'0 r)) + -> (if is_empty_log'0 r then + [%#srange0] is_empty_log'0 r = (0 = 0) + else + [%#srange0] is_empty_log'0 r = (deep_model'0 (end_log'0 r) - deep_model'0 (start_log'0 r) + 1 = 0) + ) +end +module M_creusot_contracts__stdqy35z1__iter__range__qyi11108913944999844411__produces_refl [#"../../../creusot-contracts/src/std/iter/range.rs" 82 4 82 26] (* as std::iter::Iterator> *) + let%span srange0 = "../../../creusot-contracts/src/std/iter/range.rs" 81 14 81 45 + let%span srange1 = "../../../creusot-contracts/src/std/iter/range.rs" 79 4 79 10 + let%span srange2 = "../../../creusot-contracts/src/std/iter/range.rs" 71 12 75 76 + let%span srange3 = "../../../creusot-contracts/src/std/iter/range.rs" 50 10 50 43 + let%span srange4 = "../../../creusot-contracts/src/std/iter/range.rs" 52 4 55 5 + let%span sops5 = "../../../creusot-contracts/src/std/ops.rs" 201 14 201 86 - axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord7] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) + use seq.Seq - function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (self : t_T'0) (o : t_T'0) : bool + type t_Idx'0 - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 36 4 36 36] (x : t_T'0) (y : t_T'0) : () + use seq.Seq - axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord6] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) + type t_RangeInclusive'0 = + { t_RangeInclusive__start'0: t_Idx'0; t_RangeInclusive__end'0: t_Idx'0; t_RangeInclusive__exhausted'0: bool } - function lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 20 4 20 36] (self : t_T'0) (o : t_T'0) : bool + use seq.Seq - function cmp_lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 26 4 26 36] (x : t_T'0) (y : t_T'0) : () + function start_log'0 [#"../../../creusot-contracts/src/std/ops.rs" 189 4 189 29] (self : t_RangeInclusive'0) : t_Idx'0 - axiom cmp_lt_log'1_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] lt_log'1 x y = (cmp_log'1 x y = C_Less'0) + use prelude.prelude.Int - function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 10 4 10 36] (self : t_T'0) (o : t_T'0) : bool + function deep_model'0 [#"../../../creusot-contracts/src/model.rs" 25 4 25 45] (self : t_Idx'0) : int - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 16 4 16 36] (x : t_T'0) (y : t_T'0) : () + function end_log'0 [#"../../../creusot-contracts/src/std/ops.rs" 195 4 195 27] (self : t_RangeInclusive'0) : t_Idx'0 - axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) + function is_empty_log'0 [#"../../../creusot-contracts/src/std/ops.rs" 202 4 205 35] (self : t_RangeInclusive'0) : bool - function cmp_log'0 [#"../../../creusot-contracts/src/std/cmp.rs" 77 4 77 41] (self : t_Reverse'0) (o : t_Reverse'0) : t_Ordering'0 + axiom is_empty_log'0_spec : forall self : t_RangeInclusive'0 . [%#sops5] not is_empty_log'0 self + -> deep_model'0 (start_log'0 self) <= deep_model'0 (end_log'0 self) + + function range_inclusive_len'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 51 0 51 92] (r : t_RangeInclusive'0) : int = - [%#scmp3] match cmp_log'1 self.t_Reverse__0'0 o.t_Reverse__0'0 with - | C_Equal'0 -> C_Equal'0 - | C_Less'0 -> C_Greater'0 - | C_Greater'0 -> C_Less'0 - end + [%#srange4] if is_empty_log'0 r then 0 else deep_model'0 (end_log'0 r) - deep_model'0 (start_log'0 r) + 1 + + axiom range_inclusive_len'0_spec : forall r : t_RangeInclusive'0 . [%#srange3] is_empty_log'0 r + = (range_inclusive_len'0 r = 0) + + use seq.Seq - function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 20 4 20 36] (self : t_Reverse'0) (o : t_Reverse'0) : bool + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 69 4 69 64] (self : t_RangeInclusive'0) (visited : Seq.seq t_Idx'0) (o : t_RangeInclusive'0) = - [%#sord2] cmp_log'0 self o = C_Less'0 - - constant x : t_Reverse'0 + [%#srange2] Seq.length visited = range_inclusive_len'0 self - range_inclusive_len'0 o + /\ (is_empty_log'0 self -> is_empty_log'0 o) + /\ (is_empty_log'0 o \/ end_log'0 self = end_log'0 o) + /\ (forall i : int . 0 <= i /\ i < Seq.length visited + -> deep_model'0 (Seq.get visited i) = deep_model'0 (start_log'0 self) + i) - constant y : t_Reverse'0 + constant self : t_RangeInclusive'0 - function cmp_lt_log'0 [#"../../../creusot-contracts/src/std/cmp.rs" 93 4 93 35] (x : t_Reverse'0) (y : t_Reverse'0) : () + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 82 4 82 26] (self : t_RangeInclusive'0) : () - goal vc_cmp_lt_log'0 : [%#scmp0] lt_log'0 x y = (cmp_log'0 x y = C_Less'0) + goal vc_produces_refl'0 : [%#srange0] produces'0 self (Seq.empty : Seq.seq t_Idx'0) self end -module M_creusot_contracts__stdqy35z1__cmp__qyi16241606109483467814__cmp_ge_log [#"../../../creusot-contracts/src/std/cmp.rs" 98 4 98 35] (* as logic::ord::OrdLogic> *) - let%span scmp0 = "../../../creusot-contracts/src/std/cmp.rs" 97 14 97 61 - let%span scmp1 = "../../../creusot-contracts/src/std/cmp.rs" 95 4 95 10 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 31 20 31 53 - let%span scmp3 = "../../../creusot-contracts/src/std/cmp.rs" 78 8 82 9 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 15 14 15 64 - let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 25 14 25 61 - let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 35 14 35 61 - let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 45 14 45 64 - let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 49 14 49 45 - let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 53 15 53 32 - let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 54 15 54 32 - let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 55 14 55 31 - let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 59 15 59 45 - let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 60 14 60 47 - let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 64 15 64 48 - let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 65 14 65 44 - let%span sord16 = "../../../creusot-contracts/src/logic/ord.rs" 69 14 69 59 +module M_creusot_contracts__stdqy35z1__iter__range__qyi11108913944999844411__produces_trans [#"../../../creusot-contracts/src/std/iter/range.rs" 89 4 89 90] (* as std::iter::Iterator> *) + let%span srange0 = "../../../creusot-contracts/src/std/iter/range.rs" 86 15 86 32 + let%span srange1 = "../../../creusot-contracts/src/std/iter/range.rs" 87 15 87 32 + let%span srange2 = "../../../creusot-contracts/src/std/iter/range.rs" 88 14 88 42 + let%span srange3 = "../../../creusot-contracts/src/std/iter/range.rs" 84 4 84 10 + let%span srange4 = "../../../creusot-contracts/src/std/iter/range.rs" 71 12 75 76 + let%span srange5 = "../../../creusot-contracts/src/std/iter/range.rs" 50 10 50 43 + let%span srange6 = "../../../creusot-contracts/src/std/iter/range.rs" 52 4 55 5 + let%span sops7 = "../../../creusot-contracts/src/std/ops.rs" 201 14 201 86 - type t_T'0 + type t_Idx'0 - type t_Reverse'0 = - { t_Reverse__0'0: t_T'0 } + type t_RangeInclusive'0 = + { t_RangeInclusive__start'0: t_Idx'0; t_RangeInclusive__end'0: t_Idx'0; t_RangeInclusive__exhausted'0: bool } - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use seq.Seq - function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 6 4 6 42] (self : t_T'0) (_2 : t_T'0) : t_Ordering'0 - + use seq.Seq - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 70 4 70 32] (x : t_T'0) (y : t_T'0) : () + function start_log'0 [#"../../../creusot-contracts/src/std/ops.rs" 189 4 189 29] (self : t_RangeInclusive'0) : t_Idx'0 - axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord16] (x = y) = (cmp_log'1 x y = C_Equal'0) + use prelude.prelude.Int - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 66 4 66 34] (x : t_T'0) (y : t_T'0) : () + function deep_model'0 [#"../../../creusot-contracts/src/model.rs" 25 4 25 45] (self : t_Idx'0) : int - axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord14] cmp_log'1 x y = C_Greater'0) - -> ([%#sord15] cmp_log'1 y x = C_Less'0) + function end_log'0 [#"../../../creusot-contracts/src/std/ops.rs" 195 4 195 27] (self : t_RangeInclusive'0) : t_Idx'0 - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 61 4 61 34] (x : t_T'0) (y : t_T'0) : () + function is_empty_log'0 [#"../../../creusot-contracts/src/std/ops.rs" 202 4 205 35] (self : t_RangeInclusive'0) : bool - axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord12] cmp_log'1 x y = C_Less'0) - -> ([%#sord13] cmp_log'1 y x = C_Greater'0) + axiom is_empty_log'0_spec : forall self : t_RangeInclusive'0 . [%#sops7] not is_empty_log'0 self + -> deep_model'0 (start_log'0 self) <= deep_model'0 (end_log'0 self) - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 56 4 56 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () + function range_inclusive_len'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 51 0 51 92] (r : t_RangeInclusive'0) : int + = + [%#srange6] if is_empty_log'0 r then 0 else deep_model'0 (end_log'0 r) - deep_model'0 (start_log'0 r) + 1 - axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord9] cmp_log'1 x y = o) - -> ([%#sord10] cmp_log'1 y z = o) -> ([%#sord11] cmp_log'1 x z = o) + axiom range_inclusive_len'0_spec : forall r : t_RangeInclusive'0 . [%#srange5] is_empty_log'0 r + = (range_inclusive_len'0 r = 0) - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 50 4 50 21] (x : t_T'0) : () + use seq.Seq - axiom refl'0_spec : forall x : t_T'0 . [%#sord8] cmp_log'1 x x = C_Equal'0 + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 69 4 69 64] (self : t_RangeInclusive'0) (visited : Seq.seq t_Idx'0) (o : t_RangeInclusive'0) + + = + [%#srange4] Seq.length visited = range_inclusive_len'0 self - range_inclusive_len'0 o + /\ (is_empty_log'0 self -> is_empty_log'0 o) + /\ (is_empty_log'0 o \/ end_log'0 self = end_log'0 o) + /\ (forall i : int . 0 <= i /\ i < Seq.length visited + -> deep_model'0 (Seq.get visited i) = deep_model'0 (start_log'0 self) + i) - function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 40 4 40 36] (self : t_T'0) (o : t_T'0) : bool + use seq.Seq - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (x : t_T'0) (y : t_T'0) : () + constant a : t_RangeInclusive'0 - axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord7] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) - - function ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (self : t_T'0) (o : t_T'0) : bool - - function cmp_ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 36 4 36 36] (x : t_T'0) (y : t_T'0) : () - - axiom cmp_ge_log'1_spec : forall x : t_T'0, y : t_T'0 . [%#sord6] ge_log'1 x y = (cmp_log'1 x y <> C_Less'0) - - function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 20 4 20 36] (self : t_T'0) (o : t_T'0) : bool - - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 26 4 26 36] (x : t_T'0) (y : t_T'0) : () - - axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) - - function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 10 4 10 36] (self : t_T'0) (o : t_T'0) : bool - - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 16 4 16 36] (x : t_T'0) (y : t_T'0) : () - - axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) - - function cmp_log'0 [#"../../../creusot-contracts/src/std/cmp.rs" 77 4 77 41] (self : t_Reverse'0) (o : t_Reverse'0) : t_Ordering'0 - - = - [%#scmp3] match cmp_log'1 self.t_Reverse__0'0 o.t_Reverse__0'0 with - | C_Equal'0 -> C_Equal'0 - | C_Less'0 -> C_Greater'0 - | C_Greater'0 -> C_Less'0 - end + constant ab : Seq.seq t_Idx'0 - function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (self : t_Reverse'0) (o : t_Reverse'0) : bool - - = - [%#sord2] cmp_log'0 self o <> C_Less'0 + constant b : t_RangeInclusive'0 - constant x : t_Reverse'0 + constant bc : Seq.seq t_Idx'0 - constant y : t_Reverse'0 + constant c : t_RangeInclusive'0 - function cmp_ge_log'0 [#"../../../creusot-contracts/src/std/cmp.rs" 98 4 98 35] (x : t_Reverse'0) (y : t_Reverse'0) : () + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 89 4 89 90] (a : t_RangeInclusive'0) (ab : Seq.seq t_Idx'0) (b : t_RangeInclusive'0) (bc : Seq.seq t_Idx'0) (c : t_RangeInclusive'0) : () - goal vc_cmp_ge_log'0 : [%#scmp0] ge_log'0 x y = (cmp_log'0 x y <> C_Less'0) + goal vc_produces_trans'0 : ([%#srange1] produces'0 b bc c) + -> ([%#srange0] produces'0 a ab b) -> ([%#srange2] produces'0 a (Seq.(++) ab bc) c) end -module M_creusot_contracts__stdqy35z1__cmp__qyi16241606109483467814__cmp_gt_log [#"../../../creusot-contracts/src/std/cmp.rs" 103 4 103 35] (* as logic::ord::OrdLogic> *) - let%span scmp0 = "../../../creusot-contracts/src/std/cmp.rs" 102 14 102 64 - let%span scmp1 = "../../../creusot-contracts/src/std/cmp.rs" 100 4 100 10 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 41 20 41 56 - let%span scmp3 = "../../../creusot-contracts/src/std/cmp.rs" 78 8 82 9 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 15 14 15 64 - let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 25 14 25 61 - let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 35 14 35 61 - let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 45 14 45 64 - let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 49 14 49 45 - let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 53 15 53 32 - let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 54 15 54 32 - let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 55 14 55 31 - let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 59 15 59 45 - let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 60 14 60 47 - let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 64 15 64 48 - let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 65 14 65 44 - let%span sord16 = "../../../creusot-contracts/src/logic/ord.rs" 69 14 69 59 +module M_creusot_contracts__stdqy35z1__iter__repeat__qyi8658929399712466629__produces_refl [#"../../../creusot-contracts/src/std/iter/repeat.rs" 33 4 33 26] (* as std::iter::Iterator> *) + let%span srepeat0 = "../../../creusot-contracts/src/std/iter/repeat.rs" 31 15 31 24 + let%span srepeat1 = "../../../creusot-contracts/src/std/iter/repeat.rs" 32 14 32 45 + let%span srepeat2 = "../../../creusot-contracts/src/std/iter/repeat.rs" 29 4 29 10 + let%span srepeat3 = "../../../creusot-contracts/src/std/iter/repeat.rs" 24 12 25 78 type t_T'0 - type t_Reverse'0 = - { t_Reverse__0'0: t_T'0 } - - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 - - function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 6 4 6 42] (self : t_T'0) (_2 : t_T'0) : t_Ordering'0 - + type t_Repeat'0 = + { t_Repeat__element'0: t_T'0 } - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 70 4 70 32] (x : t_T'0) (y : t_T'0) : () + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) - axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord16] (x = y) = (cmp_log'1 x y = C_Equal'0) + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Repeat'0) - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 66 4 66 34] (x : t_T'0) (y : t_T'0) : () + axiom inv_axiom'0 [@rewrite] : forall x : t_Repeat'0 [inv'0 x] . inv'0 x + = match x with + | {t_Repeat__element'0 = element} -> inv'1 element + end - axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord14] cmp_log'1 x y = C_Greater'0) - -> ([%#sord15] cmp_log'1 y x = C_Less'0) + use seq.Seq - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 61 4 61 34] (x : t_T'0) (y : t_T'0) : () + use seq.Seq - axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord12] cmp_log'1 x y = C_Less'0) - -> ([%#sord13] cmp_log'1 y x = C_Greater'0) + use prelude.prelude.Int - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 56 4 56 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () - + use seq.Seq - axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord9] cmp_log'1 x y = o) - -> ([%#sord10] cmp_log'1 y z = o) -> ([%#sord11] cmp_log'1 x z = o) + use seq.Seq - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 50 4 50 21] (x : t_T'0) : () + function view'0 [#"../../../creusot-contracts/src/std/iter/repeat.rs" 8 4 8 22] (self : t_Repeat'0) : t_T'0 - axiom refl'0_spec : forall x : t_T'0 . [%#sord8] cmp_log'1 x x = C_Equal'0 + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/repeat.rs" 22 4 22 64] (self : t_Repeat'0) (visited : Seq.seq t_T'0) (o : t_Repeat'0) + + = + [%#srepeat3] self = o /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> Seq.get visited i = view'0 self) - function gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 40 4 40 36] (self : t_T'0) (o : t_T'0) : bool + constant self : t_Repeat'0 - function cmp_gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (x : t_T'0) (y : t_T'0) : () + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter/repeat.rs" 33 4 33 26] (self : t_Repeat'0) : () - axiom cmp_gt_log'1_spec : forall x : t_T'0, y : t_T'0 . [%#sord7] gt_log'1 x y = (cmp_log'1 x y = C_Greater'0) + goal vc_produces_refl'0 : ([%#srepeat0] inv'0 self) + -> ([%#srepeat1] produces'0 self (Seq.empty : Seq.seq t_T'0) self) +end +module M_creusot_contracts__stdqy35z1__iter__repeat__qyi8658929399712466629__produces_trans [#"../../../creusot-contracts/src/std/iter/repeat.rs" 43 4 43 90] (* as std::iter::Iterator> *) + let%span srepeat0 = "../../../creusot-contracts/src/std/iter/repeat.rs" 37 15 37 21 + let%span srepeat1 = "../../../creusot-contracts/src/std/iter/repeat.rs" 38 15 38 21 + let%span srepeat2 = "../../../creusot-contracts/src/std/iter/repeat.rs" 39 15 39 21 + let%span srepeat3 = "../../../creusot-contracts/src/std/iter/repeat.rs" 40 15 40 32 + let%span srepeat4 = "../../../creusot-contracts/src/std/iter/repeat.rs" 41 15 41 32 + let%span srepeat5 = "../../../creusot-contracts/src/std/iter/repeat.rs" 42 14 42 42 + let%span srepeat6 = "../../../creusot-contracts/src/std/iter/repeat.rs" 35 4 35 10 + let%span srepeat7 = "../../../creusot-contracts/src/std/iter/repeat.rs" 24 12 25 78 - function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (self : t_T'0) (o : t_T'0) : bool + type t_T'0 - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 36 4 36 36] (x : t_T'0) (y : t_T'0) : () + type t_Repeat'0 = + { t_Repeat__element'0: t_T'0 } - axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord6] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) - function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 20 4 20 36] (self : t_T'0) (o : t_T'0) : bool + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Repeat'0) - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 26 4 26 36] (x : t_T'0) (y : t_T'0) : () + axiom inv_axiom'0 [@rewrite] : forall x : t_Repeat'0 [inv'0 x] . inv'0 x + = match x with + | {t_Repeat__element'0 = element} -> inv'1 element + end - axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) + use seq.Seq - function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 10 4 10 36] (self : t_T'0) (o : t_T'0) : bool + use prelude.prelude.Int - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 16 4 16 36] (x : t_T'0) (y : t_T'0) : () + use seq.Seq - axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/std/cmp.rs" 77 4 77 41] (self : t_Reverse'0) (o : t_Reverse'0) : t_Ordering'0 - - = - [%#scmp3] match cmp_log'1 self.t_Reverse__0'0 o.t_Reverse__0'0 with - | C_Equal'0 -> C_Equal'0 - | C_Less'0 -> C_Greater'0 - | C_Greater'0 -> C_Less'0 - end + function view'0 [#"../../../creusot-contracts/src/std/iter/repeat.rs" 8 4 8 22] (self : t_Repeat'0) : t_T'0 - function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 40 4 40 36] (self : t_Reverse'0) (o : t_Reverse'0) : bool + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/repeat.rs" 22 4 22 64] (self : t_Repeat'0) (visited : Seq.seq t_T'0) (o : t_Repeat'0) = - [%#sord2] cmp_log'0 self o = C_Greater'0 - - constant x : t_Reverse'0 + [%#srepeat7] self = o /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> Seq.get visited i = view'0 self) - constant y : t_Reverse'0 + use seq.Seq - function cmp_gt_log'0 [#"../../../creusot-contracts/src/std/cmp.rs" 103 4 103 35] (x : t_Reverse'0) (y : t_Reverse'0) : () - + constant a : t_Repeat'0 - goal vc_cmp_gt_log'0 : [%#scmp0] gt_log'0 x y = (cmp_log'0 x y = C_Greater'0) -end -module M_creusot_contracts__stdqy35z1__cmp__qyi16241606109483467814__refl [#"../../../creusot-contracts/src/std/cmp.rs" 108 4 108 20] (* as logic::ord::OrdLogic> *) - let%span scmp0 = "../../../creusot-contracts/src/std/cmp.rs" 107 14 107 45 - let%span scmp1 = "../../../creusot-contracts/src/std/cmp.rs" 105 4 105 10 - let%span scmp2 = "../../../creusot-contracts/src/std/cmp.rs" 78 8 82 9 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 15 14 15 64 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 25 14 25 61 - let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 35 14 35 61 - let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 45 14 45 64 - let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 49 14 49 45 - let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 53 15 53 32 - let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 54 15 54 32 - let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 55 14 55 31 - let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 59 15 59 45 - let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 60 14 60 47 - let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 64 15 64 48 - let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 65 14 65 44 - let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 69 14 69 59 + constant ab : Seq.seq t_T'0 - type t_T'0 + constant b : t_Repeat'0 - type t_Reverse'0 = - { t_Reverse__0'0: t_T'0 } + constant bc : Seq.seq t_T'0 - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + constant c : t_Repeat'0 - function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 6 4 6 42] (self : t_T'0) (_2 : t_T'0) : t_Ordering'0 + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter/repeat.rs" 43 4 43 90] (a : t_Repeat'0) (ab : Seq.seq t_T'0) (b : t_Repeat'0) (bc : Seq.seq t_T'0) (c : t_Repeat'0) : () - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 70 4 70 32] (x : t_T'0) (y : t_T'0) : () - - axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord15] (x = y) = (cmp_log'1 x y = C_Equal'0) + goal vc_produces_trans'0 : ([%#srepeat4] produces'0 b bc c) + -> ([%#srepeat3] produces'0 a ab b) + -> ([%#srepeat2] inv'0 c) + -> ([%#srepeat1] inv'0 b) -> ([%#srepeat0] inv'0 a) -> ([%#srepeat5] produces'0 a (Seq.(++) ab bc) c) +end +module M_creusot_contracts__stdqy35z1__iter__skip__qyi3195031491774060502__produces_refl [#"../../../creusot-contracts/src/std/iter/skip.rs" 75 4 75 26] (* as std::iter::Iterator> *) + let%span sskip0 = "../../../creusot-contracts/src/std/iter/skip.rs" 73 15 73 24 + let%span sskip1 = "../../../creusot-contracts/src/std/iter/skip.rs" 74 14 74 45 + let%span sskip2 = "../../../creusot-contracts/src/std/iter/skip.rs" 71 4 71 10 + let%span sskip3 = "../../../creusot-contracts/src/std/iter/skip.rs" 62 12 67 74 + let%span sskip4 = "../../../creusot-contracts/src/std/iter/skip.rs" 21 14 21 50 + let%span sskip5 = "../../../creusot-contracts/src/std/iter/skip.rs" 14 14 14 39 + let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 38 15 38 24 + let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 39 14 39 45 + let%span siter8 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 21 + let%span siter9 = "../../../creusot-contracts/src/std/iter.rs" 44 15 44 21 + let%span siter10 = "../../../creusot-contracts/src/std/iter.rs" 45 15 45 21 + let%span siter11 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 + let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 + let%span siter13 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 + let%span sseq14 = "../../../creusot-contracts/src/logic/seq.rs" 609 20 609 95 + let%span sboxed15 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 66 4 66 34] (x : t_T'0) (y : t_T'0) : () + type t_I'0 - axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord13] cmp_log'1 x y = C_Greater'0) - -> ([%#sord14] cmp_log'1 y x = C_Less'0) + use prelude.prelude.UIntSize - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 61 4 61 34] (x : t_T'0) (y : t_T'0) : () + type t_Skip'0 = + { t_Skip__iter'0: t_I'0; t_Skip__n'0: usize } - axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord11] cmp_log'1 x y = C_Less'0) - -> ([%#sord12] cmp_log'1 y x = C_Greater'0) + predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 56 4 56 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () - + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Skip'0) - axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord8] cmp_log'1 x y = o) - -> ([%#sord9] cmp_log'1 y z = o) -> ([%#sord10] cmp_log'1 x z = o) + axiom inv_axiom'0 [@rewrite] : forall x : t_Skip'0 [inv'0 x] . inv'0 x + = match x with + | {t_Skip__iter'0 = iter ; t_Skip__n'0 = n} -> inv'2 iter + end - function refl'1 [#"../../../creusot-contracts/src/logic/ord.rs" 50 4 50 21] (x : t_T'0) : () + use seq.Seq - axiom refl'1_spec : forall x : t_T'0 . [%#sord7] cmp_log'1 x x = C_Equal'0 + type t_Item'0 - function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 40 4 40 36] (self : t_T'0) (o : t_T'0) : bool + use seq.Seq - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (x : t_T'0) (y : t_T'0) : () + use prelude.prelude.Int - axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord6] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) + constant v_MAX'0 : usize = (18446744073709551615 : usize) - function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (self : t_T'0) (o : t_T'0) : bool + use prelude.prelude.UIntSize - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 36 4 36 36] (x : t_T'0) (y : t_T'0) : () + function n'0 [#"../../../creusot-contracts/src/std/iter/skip.rs" 22 4 22 21] (self : t_Skip'0) : int - axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) + axiom n'0_spec : forall self : t_Skip'0 . [%#sskip4] n'0 self >= 0 /\ n'0 self <= UIntSize.to_int (v_MAX'0 : usize) - function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 20 4 20 36] (self : t_T'0) (o : t_T'0) : bool + use seq.Seq - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 26 4 26 36] (x : t_T'0) (y : t_T'0) : () + use seq.Seq - axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) + predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) - function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 10 4 10 36] (self : t_T'0) (o : t_T'0) : bool + predicate invariant'1 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : t_Item'0) = + [%#sboxed15] inv'4 self - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 16 4 16 36] (x : t_T'0) (y : t_T'0) : () + predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) - axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord3] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) + axiom inv_axiom'2 [@rewrite] : forall x : t_Item'0 [inv'3 x] . inv'3 x = invariant'1 x - function cmp_log'0 [#"../../../creusot-contracts/src/std/cmp.rs" 77 4 77 41] (self : t_Reverse'0) (o : t_Reverse'0) : t_Ordering'0 - - = - [%#scmp2] match cmp_log'1 self.t_Reverse__0'0 o.t_Reverse__0'0 with - | C_Equal'0 -> C_Equal'0 - | C_Less'0 -> C_Greater'0 - | C_Greater'0 -> C_Less'0 - end + predicate invariant'0 [#"../../../creusot-contracts/src/logic/seq.rs" 608 4 608 30] (self : Seq.seq t_Item'0) = + [%#sseq14] forall i : int . 0 <= i /\ i < Seq.length self -> inv'3 (Seq.get self i) - constant x : t_Reverse'0 + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t_Item'0) - function refl'0 [#"../../../creusot-contracts/src/std/cmp.rs" 108 4 108 20] (x : t_Reverse'0) : () + axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq t_Item'0 [inv'1 x] . inv'1 x = invariant'0 x - goal vc_refl'0 : [%#scmp0] cmp_log'0 x x = C_Equal'0 -end -module M_creusot_contracts__stdqy35z1__cmp__qyi16241606109483467814__trans [#"../../../creusot-contracts/src/std/cmp.rs" 115 4 115 52] (* as logic::ord::OrdLogic> *) - let%span scmp0 = "../../../creusot-contracts/src/std/cmp.rs" 112 15 112 32 - let%span scmp1 = "../../../creusot-contracts/src/std/cmp.rs" 113 15 113 32 - let%span scmp2 = "../../../creusot-contracts/src/std/cmp.rs" 114 14 114 31 - let%span scmp3 = "../../../creusot-contracts/src/std/cmp.rs" 110 4 110 10 - let%span scmp4 = "../../../creusot-contracts/src/std/cmp.rs" 78 8 82 9 - let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 15 14 15 64 - let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 25 14 25 61 - let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 35 14 35 61 - let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 45 14 45 64 - let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 49 14 49 45 - let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 53 15 53 32 - let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 54 15 54 32 - let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 55 14 55 31 - let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 59 15 59 45 - let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 60 14 60 47 - let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 64 15 64 48 - let%span sord16 = "../../../creusot-contracts/src/logic/ord.rs" 65 14 65 44 - let%span sord17 = "../../../creusot-contracts/src/logic/ord.rs" 69 14 69 59 + function iter'0 [#"../../../creusot-contracts/src/std/iter/skip.rs" 15 4 15 22] (self : t_Skip'0) : t_I'0 - type t_T'0 + axiom iter'0_spec : forall self : t_Skip'0 . [%#sskip5] inv'0 self -> inv'2 (iter'0 self) - type t_Reverse'0 = - { t_Reverse__0'0: t_T'0 } + use seq.Seq - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) + - function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 6 4 6 42] (self : t_T'0) (_2 : t_T'0) : t_Ordering'0 + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 70 4 70 32] (x : t_T'0) (y : t_T'0) : () + axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter8] inv'2 a) + -> ([%#siter9] inv'2 b) + -> ([%#siter10] inv'2 c) + -> ([%#siter11] produces'1 a ab b) + -> ([%#siter12] produces'1 b bc c) -> ([%#siter13] produces'1 a (Seq.(++) ab bc) c) - axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord17] (x = y) = (cmp_log'1 x y = C_Equal'0) + function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 40 4 40 27] (self : t_I'0) : () - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 66 4 66 34] (x : t_T'0) (y : t_T'0) : () + axiom produces_refl'1_spec : forall self : t_I'0 . ([%#siter6] inv'2 self) + -> ([%#siter7] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) - axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord15] cmp_log'1 x y = C_Greater'0) - -> ([%#sord16] cmp_log'1 y x = C_Less'0) + use seq.Seq - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 61 4 61 34] (x : t_T'0) (y : t_T'0) : () + use prelude.prelude.Borrow - axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord13] cmp_log'1 x y = C_Less'0) - -> ([%#sord14] cmp_log'1 y x = C_Greater'0) + predicate resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_Item'0) - function trans'1 [#"../../../creusot-contracts/src/logic/ord.rs" 56 4 56 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/skip.rs" 60 4 60 64] (self : t_Skip'0) (visited : Seq.seq t_Item'0) (o : t_Skip'0) + = + [%#sskip3] visited = (Seq.empty : Seq.seq t_Item'0) /\ self = o + \/ n'0 o = 0 + /\ Seq.length visited > 0 + /\ (exists s : Seq.seq t_Item'0 . inv'1 s + /\ Seq.length s = n'0 self + /\ produces'1 (iter'0 self) (Seq.(++) s visited) (iter'0 o) + /\ (forall i : int . 0 <= i /\ i < Seq.length s -> resolve'0 (Seq.get s i))) - axiom trans'1_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord10] cmp_log'1 x y = o) - -> ([%#sord11] cmp_log'1 y z = o) -> ([%#sord12] cmp_log'1 x z = o) - - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 50 4 50 21] (x : t_T'0) : () - - axiom refl'0_spec : forall x : t_T'0 . [%#sord9] cmp_log'1 x x = C_Equal'0 - - function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 40 4 40 36] (self : t_T'0) (o : t_T'0) : bool + constant self : t_Skip'0 - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (x : t_T'0) (y : t_T'0) : () + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter/skip.rs" 75 4 75 26] (self : t_Skip'0) : () - axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord8] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) + goal vc_produces_refl'0 : ([%#sskip0] inv'0 self) + -> ([%#sskip1] produces'0 self (Seq.empty : Seq.seq t_Item'0) self) +end +module M_creusot_contracts__stdqy35z1__iter__skip__qyi3195031491774060502__produces_trans [#"../../../creusot-contracts/src/std/iter/skip.rs" 85 4 85 90] (* as std::iter::Iterator> *) + let%span sskip0 = "../../../creusot-contracts/src/std/iter/skip.rs" 79 15 79 21 + let%span sskip1 = "../../../creusot-contracts/src/std/iter/skip.rs" 80 15 80 21 + let%span sskip2 = "../../../creusot-contracts/src/std/iter/skip.rs" 81 15 81 21 + let%span sskip3 = "../../../creusot-contracts/src/std/iter/skip.rs" 82 15 82 32 + let%span sskip4 = "../../../creusot-contracts/src/std/iter/skip.rs" 83 15 83 32 + let%span sskip5 = "../../../creusot-contracts/src/std/iter/skip.rs" 84 14 84 42 + let%span sskip6 = "../../../creusot-contracts/src/std/iter/skip.rs" 77 4 77 10 + let%span sskip7 = "../../../creusot-contracts/src/std/iter/skip.rs" 62 12 67 74 + let%span sskip8 = "../../../creusot-contracts/src/std/iter/skip.rs" 21 14 21 50 + let%span sskip9 = "../../../creusot-contracts/src/std/iter/skip.rs" 14 14 14 39 + let%span siter10 = "../../../creusot-contracts/src/std/iter.rs" 38 15 38 24 + let%span siter11 = "../../../creusot-contracts/src/std/iter.rs" 39 14 39 45 + let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 21 + let%span siter13 = "../../../creusot-contracts/src/std/iter.rs" 44 15 44 21 + let%span siter14 = "../../../creusot-contracts/src/std/iter.rs" 45 15 45 21 + let%span siter15 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 + let%span siter16 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 + let%span siter17 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 + let%span sseq18 = "../../../creusot-contracts/src/logic/seq.rs" 609 20 609 95 + let%span sboxed19 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 - function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (self : t_T'0) (o : t_T'0) : bool + type t_I'0 - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 36 4 36 36] (x : t_T'0) (y : t_T'0) : () + use prelude.prelude.UIntSize - axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord7] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) + type t_Skip'0 = + { t_Skip__iter'0: t_I'0; t_Skip__n'0: usize } - function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 20 4 20 36] (self : t_T'0) (o : t_T'0) : bool + predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 26 4 26 36] (x : t_T'0) (y : t_T'0) : () + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Skip'0) - axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord6] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) + axiom inv_axiom'0 [@rewrite] : forall x : t_Skip'0 [inv'0 x] . inv'0 x + = match x with + | {t_Skip__iter'0 = iter ; t_Skip__n'0 = n} -> inv'2 iter + end - function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 10 4 10 36] (self : t_T'0) (o : t_T'0) : bool + type t_Item'0 - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 16 4 16 36] (x : t_T'0) (y : t_T'0) : () + use seq.Seq - axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/std/cmp.rs" 77 4 77 41] (self : t_Reverse'0) (o : t_Reverse'0) : t_Ordering'0 - - = - [%#scmp4] match cmp_log'1 self.t_Reverse__0'0 o.t_Reverse__0'0 with - | C_Equal'0 -> C_Equal'0 - | C_Less'0 -> C_Greater'0 - | C_Greater'0 -> C_Less'0 - end + use prelude.prelude.Int - constant x : t_Reverse'0 + constant v_MAX'0 : usize = (18446744073709551615 : usize) - constant y : t_Reverse'0 + use prelude.prelude.UIntSize - constant z : t_Reverse'0 + function n'0 [#"../../../creusot-contracts/src/std/iter/skip.rs" 22 4 22 21] (self : t_Skip'0) : int - constant o : t_Ordering'0 + axiom n'0_spec : forall self : t_Skip'0 . [%#sskip8] n'0 self >= 0 /\ n'0 self <= UIntSize.to_int (v_MAX'0 : usize) - function trans'0 [#"../../../creusot-contracts/src/std/cmp.rs" 115 4 115 52] (x : t_Reverse'0) (y : t_Reverse'0) (z : t_Reverse'0) (o : t_Ordering'0) : () - + use seq.Seq - goal vc_trans'0 : ([%#scmp1] cmp_log'0 y z = o) -> ([%#scmp0] cmp_log'0 x y = o) -> ([%#scmp2] cmp_log'0 x z = o) -end -module M_creusot_contracts__stdqy35z1__cmp__qyi16241606109483467814__antisym1 [#"../../../creusot-contracts/src/std/cmp.rs" 121 4 121 33] (* as logic::ord::OrdLogic> *) - let%span scmp0 = "../../../creusot-contracts/src/std/cmp.rs" 119 15 119 45 - let%span scmp1 = "../../../creusot-contracts/src/std/cmp.rs" 120 14 120 47 - let%span scmp2 = "../../../creusot-contracts/src/std/cmp.rs" 117 4 117 10 - let%span scmp3 = "../../../creusot-contracts/src/std/cmp.rs" 78 8 82 9 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 15 14 15 64 - let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 25 14 25 61 - let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 35 14 35 61 - let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 45 14 45 64 - let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 49 14 49 45 - let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 53 15 53 32 - let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 54 15 54 32 - let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 55 14 55 31 - let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 59 15 59 45 - let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 60 14 60 47 - let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 64 15 64 48 - let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 65 14 65 44 - let%span sord16 = "../../../creusot-contracts/src/logic/ord.rs" 69 14 69 59 + use seq.Seq - type t_T'0 + predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) - type t_Reverse'0 = - { t_Reverse__0'0: t_T'0 } + predicate invariant'1 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : t_Item'0) = + [%#sboxed19] inv'4 self - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) - function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 6 4 6 42] (self : t_T'0) (_2 : t_T'0) : t_Ordering'0 - + axiom inv_axiom'2 [@rewrite] : forall x : t_Item'0 [inv'3 x] . inv'3 x = invariant'1 x - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 70 4 70 32] (x : t_T'0) (y : t_T'0) : () + predicate invariant'0 [#"../../../creusot-contracts/src/logic/seq.rs" 608 4 608 30] (self : Seq.seq t_Item'0) = + [%#sseq18] forall i : int . 0 <= i /\ i < Seq.length self -> inv'3 (Seq.get self i) - axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord16] (x = y) = (cmp_log'1 x y = C_Equal'0) + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t_Item'0) - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 66 4 66 34] (x : t_T'0) (y : t_T'0) : () + axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq t_Item'0 [inv'1 x] . inv'1 x = invariant'0 x - axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord14] cmp_log'1 x y = C_Greater'0) - -> ([%#sord15] cmp_log'1 y x = C_Less'0) + function iter'0 [#"../../../creusot-contracts/src/std/iter/skip.rs" 15 4 15 22] (self : t_Skip'0) : t_I'0 - function antisym1'1 [#"../../../creusot-contracts/src/logic/ord.rs" 61 4 61 34] (x : t_T'0) (y : t_T'0) : () + axiom iter'0_spec : forall self : t_Skip'0 . [%#sskip9] inv'0 self -> inv'2 (iter'0 self) - axiom antisym1'1_spec : forall x : t_T'0, y : t_T'0 . ([%#sord12] cmp_log'1 x y = C_Less'0) - -> ([%#sord13] cmp_log'1 y x = C_Greater'0) + use seq.Seq - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 56 4 56 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord9] cmp_log'1 x y = o) - -> ([%#sord10] cmp_log'1 y z = o) -> ([%#sord11] cmp_log'1 x z = o) - - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 50 4 50 21] (x : t_T'0) : () - - axiom refl'0_spec : forall x : t_T'0 . [%#sord8] cmp_log'1 x x = C_Equal'0 - - function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 40 4 40 36] (self : t_T'0) (o : t_T'0) : bool - - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (x : t_T'0) (y : t_T'0) : () - - axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord7] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) - - function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (self : t_T'0) (o : t_T'0) : bool - - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 36 4 36 36] (x : t_T'0) (y : t_T'0) : () - - axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord6] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) + function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + - function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 20 4 20 36] (self : t_T'0) (o : t_T'0) : bool + axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter12] inv'2 a) + -> ([%#siter13] inv'2 b) + -> ([%#siter14] inv'2 c) + -> ([%#siter15] produces'1 a ab b) + -> ([%#siter16] produces'1 b bc c) -> ([%#siter17] produces'1 a (Seq.(++) ab bc) c) - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 26 4 26 36] (x : t_T'0) (y : t_T'0) : () + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 40 4 40 27] (self : t_I'0) : () - axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) + axiom produces_refl'0_spec : forall self : t_I'0 . ([%#siter10] inv'2 self) + -> ([%#siter11] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) - function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 10 4 10 36] (self : t_T'0) (o : t_T'0) : bool + use seq.Seq - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 16 4 16 36] (x : t_T'0) (y : t_T'0) : () + use prelude.prelude.Borrow - axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) + predicate resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_Item'0) - function cmp_log'0 [#"../../../creusot-contracts/src/std/cmp.rs" 77 4 77 41] (self : t_Reverse'0) (o : t_Reverse'0) : t_Ordering'0 + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/skip.rs" 60 4 60 64] (self : t_Skip'0) (visited : Seq.seq t_Item'0) (o : t_Skip'0) = - [%#scmp3] match cmp_log'1 self.t_Reverse__0'0 o.t_Reverse__0'0 with - | C_Equal'0 -> C_Equal'0 - | C_Less'0 -> C_Greater'0 - | C_Greater'0 -> C_Less'0 - end + [%#sskip7] visited = (Seq.empty : Seq.seq t_Item'0) /\ self = o + \/ n'0 o = 0 + /\ Seq.length visited > 0 + /\ (exists s : Seq.seq t_Item'0 . inv'1 s + /\ Seq.length s = n'0 self + /\ produces'1 (iter'0 self) (Seq.(++) s visited) (iter'0 o) + /\ (forall i : int . 0 <= i /\ i < Seq.length s -> resolve'0 (Seq.get s i))) - constant x : t_Reverse'0 + constant a : t_Skip'0 - constant y : t_Reverse'0 + constant ab : Seq.seq t_Item'0 - function antisym1'0 [#"../../../creusot-contracts/src/std/cmp.rs" 121 4 121 33] (x : t_Reverse'0) (y : t_Reverse'0) : () - + constant b : t_Skip'0 - goal vc_antisym1'0 : ([%#scmp0] cmp_log'0 x y = C_Less'0) -> ([%#scmp1] cmp_log'0 y x = C_Greater'0) -end -module M_creusot_contracts__stdqy35z1__cmp__qyi16241606109483467814__antisym2 [#"../../../creusot-contracts/src/std/cmp.rs" 127 4 127 33] (* as logic::ord::OrdLogic> *) - let%span scmp0 = "../../../creusot-contracts/src/std/cmp.rs" 125 15 125 48 - let%span scmp1 = "../../../creusot-contracts/src/std/cmp.rs" 126 14 126 44 - let%span scmp2 = "../../../creusot-contracts/src/std/cmp.rs" 123 4 123 10 - let%span scmp3 = "../../../creusot-contracts/src/std/cmp.rs" 78 8 82 9 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 15 14 15 64 - let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 25 14 25 61 - let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 35 14 35 61 - let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 45 14 45 64 - let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 49 14 49 45 - let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 53 15 53 32 - let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 54 15 54 32 - let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 55 14 55 31 - let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 59 15 59 45 - let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 60 14 60 47 - let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 64 15 64 48 - let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 65 14 65 44 - let%span sord16 = "../../../creusot-contracts/src/logic/ord.rs" 69 14 69 59 + constant bc : Seq.seq t_Item'0 - type t_T'0 + constant c : t_Skip'0 - type t_Reverse'0 = - { t_Reverse__0'0: t_T'0 } + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter/skip.rs" 85 4 85 90] (a : t_Skip'0) (ab : Seq.seq t_Item'0) (b : t_Skip'0) (bc : Seq.seq t_Item'0) (c : t_Skip'0) : () + - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + goal vc_produces_trans'0 : ([%#sskip4] produces'0 b bc c) + -> ([%#sskip3] produces'0 a ab b) + -> ([%#sskip2] inv'0 c) + -> ([%#sskip1] inv'0 b) -> ([%#sskip0] inv'0 a) -> ([%#sskip5] produces'0 a (Seq.(++) ab bc) c) +end +module M_creusot_contracts__stdqy35z1__iter__take__qyi12344256497067751022__produces_refl [#"../../../creusot-contracts/src/std/iter/take.rs" 73 4 73 26] (* as std::iter::Iterator> *) + let%span stake0 = "../../../creusot-contracts/src/std/iter/take.rs" 71 15 71 24 + let%span stake1 = "../../../creusot-contracts/src/std/iter/take.rs" 72 14 72 45 + let%span stake2 = "../../../creusot-contracts/src/std/iter/take.rs" 69 4 69 10 + let%span stake3 = "../../../creusot-contracts/src/std/iter/take.rs" 65 12 65 88 + let%span stake4 = "../../../creusot-contracts/src/std/iter/take.rs" 31 14 31 50 + let%span stake5 = "../../../creusot-contracts/src/std/iter/take.rs" 17 14 17 39 + let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 38 15 38 24 + let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 39 14 39 45 + let%span siter8 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 21 + let%span siter9 = "../../../creusot-contracts/src/std/iter.rs" 44 15 44 21 + let%span siter10 = "../../../creusot-contracts/src/std/iter.rs" 45 15 45 21 + let%span siter11 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 + let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 + let%span siter13 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 - function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 6 4 6 42] (self : t_T'0) (_2 : t_T'0) : t_Ordering'0 - + type t_I'0 - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 70 4 70 32] (x : t_T'0) (y : t_T'0) : () + use prelude.prelude.UIntSize - axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord16] (x = y) = (cmp_log'1 x y = C_Equal'0) + type t_Take'0 = + { t_Take__iter'0: t_I'0; t_Take__n'0: usize } - function antisym2'1 [#"../../../creusot-contracts/src/logic/ord.rs" 66 4 66 34] (x : t_T'0) (y : t_T'0) : () + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) - axiom antisym2'1_spec : forall x : t_T'0, y : t_T'0 . ([%#sord14] cmp_log'1 x y = C_Greater'0) - -> ([%#sord15] cmp_log'1 y x = C_Less'0) + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Take'0) - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 61 4 61 34] (x : t_T'0) (y : t_T'0) : () + axiom inv_axiom'0 [@rewrite] : forall x : t_Take'0 [inv'0 x] . inv'0 x + = match x with + | {t_Take__iter'0 = iter ; t_Take__n'0 = n} -> inv'1 iter + end - axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord12] cmp_log'1 x y = C_Less'0) - -> ([%#sord13] cmp_log'1 y x = C_Greater'0) + use seq.Seq - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 56 4 56 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () - + type t_Item'0 - axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord9] cmp_log'1 x y = o) - -> ([%#sord10] cmp_log'1 y z = o) -> ([%#sord11] cmp_log'1 x z = o) + use seq.Seq - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 50 4 50 21] (x : t_T'0) : () + use prelude.prelude.Int - axiom refl'0_spec : forall x : t_T'0 . [%#sord8] cmp_log'1 x x = C_Equal'0 + constant v_MAX'0 : usize = (18446744073709551615 : usize) - function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 40 4 40 36] (self : t_T'0) (o : t_T'0) : bool + use prelude.prelude.UIntSize - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (x : t_T'0) (y : t_T'0) : () + function n'0 [#"../../../creusot-contracts/src/std/iter/take.rs" 32 4 32 21] (self : t_Take'0) : int - axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord7] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) + axiom n'0_spec : forall self : t_Take'0 . [%#stake4] n'0 self >= 0 /\ n'0 self <= UIntSize.to_int (v_MAX'0 : usize) - function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (self : t_T'0) (o : t_T'0) : bool + use seq.Seq - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 36 4 36 36] (x : t_T'0) (y : t_T'0) : () + function iter'0 [#"../../../creusot-contracts/src/std/iter/take.rs" 18 4 18 22] (self : t_Take'0) : t_I'0 - axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord6] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) + axiom iter'0_spec : forall self : t_Take'0 . [%#stake5] inv'0 self -> inv'1 (iter'0 self) - function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 20 4 20 36] (self : t_T'0) (o : t_T'0) : bool + use seq.Seq - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 26 4 26 36] (x : t_T'0) (y : t_T'0) : () + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) + - axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + - function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 10 4 10 36] (self : t_T'0) (o : t_T'0) : bool + axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter8] inv'1 a) + -> ([%#siter9] inv'1 b) + -> ([%#siter10] inv'1 c) + -> ([%#siter11] produces'1 a ab b) + -> ([%#siter12] produces'1 b bc c) -> ([%#siter13] produces'1 a (Seq.(++) ab bc) c) - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 16 4 16 36] (x : t_T'0) (y : t_T'0) : () + function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 40 4 40 27] (self : t_I'0) : () - axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) + axiom produces_refl'1_spec : forall self : t_I'0 . ([%#siter6] inv'1 self) + -> ([%#siter7] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) - function cmp_log'0 [#"../../../creusot-contracts/src/std/cmp.rs" 77 4 77 41] (self : t_Reverse'0) (o : t_Reverse'0) : t_Ordering'0 + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/take.rs" 63 4 63 64] (self : t_Take'0) (visited : Seq.seq t_Item'0) (o : t_Take'0) = - [%#scmp3] match cmp_log'1 self.t_Reverse__0'0 o.t_Reverse__0'0 with - | C_Equal'0 -> C_Equal'0 - | C_Less'0 -> C_Greater'0 - | C_Greater'0 -> C_Less'0 - end + [%#stake3] n'0 self = n'0 o + Seq.length visited /\ produces'1 (iter'0 self) visited (iter'0 o) - constant x : t_Reverse'0 - - constant y : t_Reverse'0 + constant self : t_Take'0 - function antisym2'0 [#"../../../creusot-contracts/src/std/cmp.rs" 127 4 127 33] (x : t_Reverse'0) (y : t_Reverse'0) : () - + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter/take.rs" 73 4 73 26] (self : t_Take'0) : () - goal vc_antisym2'0 : ([%#scmp0] cmp_log'0 x y = C_Greater'0) -> ([%#scmp1] cmp_log'0 y x = C_Less'0) + goal vc_produces_refl'0 : ([%#stake0] inv'0 self) + -> ([%#stake1] produces'0 self (Seq.empty : Seq.seq t_Item'0) self) end -module M_creusot_contracts__stdqy35z1__cmp__qyi16241606109483467814__eq_cmp [#"../../../creusot-contracts/src/std/cmp.rs" 132 4 132 31] (* as logic::ord::OrdLogic> *) - let%span scmp0 = "../../../creusot-contracts/src/std/cmp.rs" 131 14 131 59 - let%span scmp1 = "../../../creusot-contracts/src/std/cmp.rs" 129 4 129 10 - let%span scmp2 = "../../../creusot-contracts/src/std/cmp.rs" 78 8 82 9 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 15 14 15 64 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 25 14 25 61 - let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 35 14 35 61 - let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 45 14 45 64 - let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 49 14 49 45 - let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 53 15 53 32 - let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 54 15 54 32 - let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 55 14 55 31 - let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 59 15 59 45 - let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 60 14 60 47 - let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 64 15 64 48 - let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 65 14 65 44 - let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 69 14 69 59 +module M_creusot_contracts__stdqy35z1__iter__take__qyi12344256497067751022__produces_trans [#"../../../creusot-contracts/src/std/iter/take.rs" 83 4 83 90] (* as std::iter::Iterator> *) + let%span stake0 = "../../../creusot-contracts/src/std/iter/take.rs" 77 15 77 21 + let%span stake1 = "../../../creusot-contracts/src/std/iter/take.rs" 78 15 78 21 + let%span stake2 = "../../../creusot-contracts/src/std/iter/take.rs" 79 15 79 21 + let%span stake3 = "../../../creusot-contracts/src/std/iter/take.rs" 80 15 80 32 + let%span stake4 = "../../../creusot-contracts/src/std/iter/take.rs" 81 15 81 32 + let%span stake5 = "../../../creusot-contracts/src/std/iter/take.rs" 82 14 82 42 + let%span stake6 = "../../../creusot-contracts/src/std/iter/take.rs" 75 4 75 10 + let%span stake7 = "../../../creusot-contracts/src/std/iter/take.rs" 65 12 65 88 + let%span stake8 = "../../../creusot-contracts/src/std/iter/take.rs" 31 14 31 50 + let%span stake9 = "../../../creusot-contracts/src/std/iter/take.rs" 17 14 17 39 + let%span siter10 = "../../../creusot-contracts/src/std/iter.rs" 38 15 38 24 + let%span siter11 = "../../../creusot-contracts/src/std/iter.rs" 39 14 39 45 + let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 21 + let%span siter13 = "../../../creusot-contracts/src/std/iter.rs" 44 15 44 21 + let%span siter14 = "../../../creusot-contracts/src/std/iter.rs" 45 15 45 21 + let%span siter15 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 + let%span siter16 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 + let%span siter17 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 - type t_T'0 + type t_I'0 - type t_Reverse'0 = - { t_Reverse__0'0: t_T'0 } + use prelude.prelude.UIntSize - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + type t_Take'0 = + { t_Take__iter'0: t_I'0; t_Take__n'0: usize } - function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 6 4 6 42] (self : t_T'0) (_2 : t_T'0) : t_Ordering'0 - + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) - function eq_cmp'1 [#"../../../creusot-contracts/src/logic/ord.rs" 70 4 70 32] (x : t_T'0) (y : t_T'0) : () + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Take'0) - axiom eq_cmp'1_spec : forall x : t_T'0, y : t_T'0 . [%#sord15] (x = y) = (cmp_log'1 x y = C_Equal'0) + axiom inv_axiom'0 [@rewrite] : forall x : t_Take'0 [inv'0 x] . inv'0 x + = match x with + | {t_Take__iter'0 = iter ; t_Take__n'0 = n} -> inv'1 iter + end - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 66 4 66 34] (x : t_T'0) (y : t_T'0) : () + type t_Item'0 - axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord13] cmp_log'1 x y = C_Greater'0) - -> ([%#sord14] cmp_log'1 y x = C_Less'0) + use seq.Seq - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 61 4 61 34] (x : t_T'0) (y : t_T'0) : () + use prelude.prelude.Int - axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord11] cmp_log'1 x y = C_Less'0) - -> ([%#sord12] cmp_log'1 y x = C_Greater'0) + constant v_MAX'0 : usize = (18446744073709551615 : usize) - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 56 4 56 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () - + use prelude.prelude.UIntSize - axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord8] cmp_log'1 x y = o) - -> ([%#sord9] cmp_log'1 y z = o) -> ([%#sord10] cmp_log'1 x z = o) + function n'0 [#"../../../creusot-contracts/src/std/iter/take.rs" 32 4 32 21] (self : t_Take'0) : int - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 50 4 50 21] (x : t_T'0) : () + axiom n'0_spec : forall self : t_Take'0 . [%#stake8] n'0 self >= 0 /\ n'0 self <= UIntSize.to_int (v_MAX'0 : usize) - axiom refl'0_spec : forall x : t_T'0 . [%#sord7] cmp_log'1 x x = C_Equal'0 + use seq.Seq - function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 40 4 40 36] (self : t_T'0) (o : t_T'0) : bool + function iter'0 [#"../../../creusot-contracts/src/std/iter/take.rs" 18 4 18 22] (self : t_Take'0) : t_I'0 - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (x : t_T'0) (y : t_T'0) : () + axiom iter'0_spec : forall self : t_Take'0 . [%#stake9] inv'0 self -> inv'1 (iter'0 self) - axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord6] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) + use seq.Seq - function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (self : t_T'0) (o : t_T'0) : bool + use seq.Seq - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 36 4 36 36] (x : t_T'0) (y : t_T'0) : () + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) + - axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) + function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + - function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 20 4 20 36] (self : t_T'0) (o : t_T'0) : bool + axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter12] inv'1 a) + -> ([%#siter13] inv'1 b) + -> ([%#siter14] inv'1 c) + -> ([%#siter15] produces'1 a ab b) + -> ([%#siter16] produces'1 b bc c) -> ([%#siter17] produces'1 a (Seq.(++) ab bc) c) - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 26 4 26 36] (x : t_T'0) (y : t_T'0) : () + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 40 4 40 27] (self : t_I'0) : () - axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) + axiom produces_refl'0_spec : forall self : t_I'0 . ([%#siter10] inv'1 self) + -> ([%#siter11] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) - function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 10 4 10 36] (self : t_T'0) (o : t_T'0) : bool + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/take.rs" 63 4 63 64] (self : t_Take'0) (visited : Seq.seq t_Item'0) (o : t_Take'0) + + = + [%#stake7] n'0 self = n'0 o + Seq.length visited /\ produces'1 (iter'0 self) visited (iter'0 o) - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 16 4 16 36] (x : t_T'0) (y : t_T'0) : () + constant a : t_Take'0 - axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord3] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) + constant ab : Seq.seq t_Item'0 - function cmp_log'0 [#"../../../creusot-contracts/src/std/cmp.rs" 77 4 77 41] (self : t_Reverse'0) (o : t_Reverse'0) : t_Ordering'0 - - = - [%#scmp2] match cmp_log'1 self.t_Reverse__0'0 o.t_Reverse__0'0 with - | C_Equal'0 -> C_Equal'0 - | C_Less'0 -> C_Greater'0 - | C_Greater'0 -> C_Less'0 - end + constant b : t_Take'0 - constant x : t_Reverse'0 + constant bc : Seq.seq t_Item'0 - constant y : t_Reverse'0 + constant c : t_Take'0 - function eq_cmp'0 [#"../../../creusot-contracts/src/std/cmp.rs" 132 4 132 31] (x : t_Reverse'0) (y : t_Reverse'0) : () + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter/take.rs" 83 4 83 90] (a : t_Take'0) (ab : Seq.seq t_Item'0) (b : t_Take'0) (bc : Seq.seq t_Item'0) (c : t_Take'0) : () + - goal vc_eq_cmp'0 : [%#scmp0] (x = y) = (cmp_log'0 x y = C_Equal'0) + goal vc_produces_trans'0 : ([%#stake4] produces'0 b bc c) + -> ([%#stake3] produces'0 a ab b) + -> ([%#stake2] inv'0 c) + -> ([%#stake1] inv'0 b) -> ([%#stake0] inv'0 a) -> ([%#stake5] produces'0 a (Seq.(++) ab bc) c) end -module M_creusot_contracts__stdqy35z1__deque__qyi3159098507555769709__produces_refl [#"../../../creusot-contracts/src/std/deque.rs" 178 4 178 26] (* as std::iter::Iterator> *) - let%span sdeque0 = "../../../creusot-contracts/src/std/deque.rs" 177 14 177 45 - let%span sdeque1 = "../../../creusot-contracts/src/std/deque.rs" 175 4 175 10 - let%span sdeque2 = "../../../creusot-contracts/src/std/deque.rs" 171 12 171 66 - let%span sslice3 = "../../../creusot-contracts/src/std/slice.rs" 96 14 96 41 - let%span sslice4 = "../../../creusot-contracts/src/std/slice.rs" 97 14 97 80 - let%span smodel5 = "../../../creusot-contracts/src/model.rs" 88 8 88 22 - let%span sops6 = "../../../creusot-contracts/src/logic/ops.rs" 42 8 42 31 - let%span sslice7 = "../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 - let%span sslice8 = "../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 +module M_creusot_contracts__stdqy35z1__iter__zip__qyi2281060687216883844__produces_refl [#"../../../creusot-contracts/src/std/iter/zip.rs" 57 4 57 26] (* as std::iter::Iterator> *) + let%span szip0 = "../../../creusot-contracts/src/std/iter/zip.rs" 55 15 55 24 + let%span szip1 = "../../../creusot-contracts/src/std/iter/zip.rs" 56 14 56 45 + let%span szip2 = "../../../creusot-contracts/src/std/iter/zip.rs" 53 4 53 10 + let%span szip3 = "../../../creusot-contracts/src/std/iter/zip.rs" 46 12 49 95 + let%span szip4 = "../../../creusot-contracts/src/std/iter/zip.rs" 14 14 14 39 + let%span szip5 = "../../../creusot-contracts/src/std/iter/zip.rs" 21 14 21 39 + let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 38 15 38 24 + let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 39 14 39 45 + let%span siter8 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 21 + let%span siter9 = "../../../creusot-contracts/src/std/iter.rs" 44 15 44 21 + let%span siter10 = "../../../creusot-contracts/src/std/iter.rs" 45 15 45 21 + let%span siter11 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 + let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 + let%span siter13 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 + let%span sseq14 = "../../../creusot-contracts/src/logic/seq.rs" 609 20 609 95 + let%span sboxed15 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 - use seq.Seq + type t_A'0 - use prelude.prelude.Borrow + type t_B'0 - type t_T'0 + use prelude.prelude.UIntSize - use seq.Seq + type t_Zip'0 = + { t_Zip__a'0: t_A'0; t_Zip__b'0: t_B'0; t_Zip__index'0: usize; t_Zip__len'0: usize; t_Zip__a_len'0: usize } - use prelude.prelude.Opaque + predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_A'0) - type t_NonNull'0 = - { t_NonNull__pointer'0: opaque_ptr } + predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_B'0) - type t_Iter'1 = - { t_Iter__ptr'0: t_NonNull'0; t_Iter__end_or_len'0: opaque_ptr; t_Iter__qy95zmarker'0: () } + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Zip'0) - type t_Iter'0 = - { t_Iter__i1'0: t_Iter'1; t_Iter__i2'0: t_Iter'1 } + axiom inv_axiom'0 [@rewrite] : forall x : t_Zip'0 [inv'0 x] . inv'0 x + = match x with + | {t_Zip__a'0 = a ; t_Zip__b'0 = b ; t_Zip__index'0 = index ; t_Zip__len'0 = len ; t_Zip__a_len'0 = a_len} -> inv'3 a + /\ inv'4 b + end - use prelude.prelude.Slice + use seq.Seq - function view'0 [#"../../../creusot-contracts/src/std/deque.rs" 155 4 155 33] (self : t_Iter'0) : slice t_T'0 + type t_Item'0 - use seq.Seq + type t_Item'1 use seq.Seq use seq.Seq - use prelude.prelude.UIntSize - - constant v_MAX'0 : usize = (18446744073709551615 : usize) - - use prelude.prelude.UIntSize + use seq.Seq use prelude.prelude.Int - use prelude.prelude.Slice + use seq.Seq - function view'2 [#"../../../creusot-contracts/src/std/slice.rs" 30 4 30 33] (self : slice t_T'0) : Seq.seq t_T'0 + use seq.Seq - axiom view'2_spec : forall self : slice t_T'0 . ([%#sslice7] Seq.length (view'2 self) - <= UIntSize.to_int (v_MAX'0 : usize)) - && ([%#sslice8] view'2 self = Slice.id self) + predicate inv'7 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) - function view'1 [#"../../../creusot-contracts/src/model.rs" 87 4 87 33] (self : slice t_T'0) : Seq.seq t_T'0 = - [%#smodel5] view'2 self + predicate invariant'2 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : t_Item'0) = + [%#sboxed15] inv'7 self - use seq.Seq + predicate inv'5 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) - use seq.Seq + axiom inv_axiom'3 [@rewrite] : forall x : t_Item'0 [inv'5 x] . inv'5 x = invariant'2 x - function index_logic'0 [@inline:trivial] [#"../../../creusot-contracts/src/logic/ops.rs" 41 4 41 47] (self : slice t_T'0) (ix : int) : t_T'0 - - = - [%#sops6] Seq.get (view'2 self) ix + predicate invariant'0 [#"../../../creusot-contracts/src/logic/seq.rs" 608 4 608 30] (self : Seq.seq t_Item'0) = + [%#sseq14] forall i : int . 0 <= i /\ i < Seq.length self -> inv'5 (Seq.get self i) - function to_ref_seq'0 [#"../../../creusot-contracts/src/std/slice.rs" 98 4 98 35] (self : slice t_T'0) : Seq.seq t_T'0 + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t_Item'0) - axiom to_ref_seq'0_spec : forall self : slice t_T'0 . ([%#sslice3] Seq.length (to_ref_seq'0 self) - = Seq.length (view'1 self)) - && ([%#sslice4] forall i : int . 0 <= i /\ i < Seq.length (to_ref_seq'0 self) - -> Seq.get (to_ref_seq'0 self) i = index_logic'0 self i) + axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq t_Item'0 [inv'1 x] . inv'1 x = invariant'0 x use seq.Seq - predicate produces'0 [#"../../../creusot-contracts/src/std/deque.rs" 169 4 169 65] (self : t_Iter'0) (visited : Seq.seq t_T'0) (tl : t_Iter'0) - - = - [%#sdeque2] to_ref_seq'0 (view'0 self) = Seq.(++) visited (to_ref_seq'0 (view'0 tl)) + use seq.Seq - constant self : t_Iter'0 + predicate inv'8 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'1) - function produces_refl'0 [#"../../../creusot-contracts/src/std/deque.rs" 178 4 178 26] (self : t_Iter'0) : () + predicate invariant'3 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : t_Item'1) = + [%#sboxed15] inv'8 self - goal vc_produces_refl'0 : [%#sdeque0] produces'0 self (Seq.empty : Seq.seq t_T'0) self -end -module M_creusot_contracts__stdqy35z1__deque__qyi3159098507555769709__produces_trans [#"../../../creusot-contracts/src/std/deque.rs" 185 4 185 90] (* as std::iter::Iterator> *) - let%span sdeque0 = "../../../creusot-contracts/src/std/deque.rs" 182 15 182 32 - let%span sdeque1 = "../../../creusot-contracts/src/std/deque.rs" 183 15 183 32 - let%span sdeque2 = "../../../creusot-contracts/src/std/deque.rs" 184 14 184 42 - let%span sdeque3 = "../../../creusot-contracts/src/std/deque.rs" 180 4 180 10 - let%span sdeque4 = "../../../creusot-contracts/src/std/deque.rs" 171 12 171 66 - let%span sslice5 = "../../../creusot-contracts/src/std/slice.rs" 96 14 96 41 - let%span sslice6 = "../../../creusot-contracts/src/std/slice.rs" 97 14 97 80 - let%span smodel7 = "../../../creusot-contracts/src/model.rs" 88 8 88 22 - let%span sops8 = "../../../creusot-contracts/src/logic/ops.rs" 42 8 42 31 - let%span sslice9 = "../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 - let%span sslice10 = "../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 + predicate inv'6 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'1) - use prelude.prelude.Opaque + axiom inv_axiom'4 [@rewrite] : forall x : t_Item'1 [inv'6 x] . inv'6 x = invariant'3 x - type t_NonNull'0 = - { t_NonNull__pointer'0: opaque_ptr } + predicate invariant'1 [#"../../../creusot-contracts/src/logic/seq.rs" 608 4 608 30] (self : Seq.seq t_Item'1) = + [%#sseq14] forall i : int . 0 <= i /\ i < Seq.length self -> inv'6 (Seq.get self i) - type t_Iter'1 = - { t_Iter__ptr'0: t_NonNull'0; t_Iter__end_or_len'0: opaque_ptr; t_Iter__qy95zmarker'0: () } + predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t_Item'1) - type t_Iter'0 = - { t_Iter__i1'0: t_Iter'1; t_Iter__i2'0: t_Iter'1 } + axiom inv_axiom'2 [@rewrite] : forall x : Seq.seq t_Item'1 [inv'2 x] . inv'2 x = invariant'1 x - use prelude.prelude.Borrow + use seq.Seq - type t_T'0 + use seq.Seq use seq.Seq - use prelude.prelude.Slice + use seq.Seq - function view'0 [#"../../../creusot-contracts/src/std/deque.rs" 155 4 155 33] (self : t_Iter'0) : slice t_T'0 + function itera'0 [#"../../../creusot-contracts/src/std/iter/zip.rs" 15 4 15 23] (self : t_Zip'0) : t_A'0 - use seq.Seq + axiom itera'0_spec : forall self : t_Zip'0 . [%#szip4] inv'0 self -> inv'3 (itera'0 self) use seq.Seq use seq.Seq - use prelude.prelude.UIntSize - - constant v_MAX'0 : usize = (18446744073709551615 : usize) + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_A'0) (visited : Seq.seq t_Item'0) (o : t_A'0) + - use prelude.prelude.UIntSize + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_A'0) (ab : Seq.seq t_Item'0) (b : t_A'0) (bc : Seq.seq t_Item'0) (c : t_A'0) : () + - use prelude.prelude.Int + axiom produces_trans'0_spec : forall a : t_A'0, ab : Seq.seq t_Item'0, b : t_A'0, bc : Seq.seq t_Item'0, c : t_A'0 . ([%#siter8] inv'3 a) + -> ([%#siter9] inv'3 b) + -> ([%#siter10] inv'3 c) + -> ([%#siter11] produces'1 a ab b) + -> ([%#siter12] produces'1 b bc c) -> ([%#siter13] produces'1 a (Seq.(++) ab bc) c) - use prelude.prelude.Slice + function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 40 4 40 27] (self : t_A'0) : () - function view'2 [#"../../../creusot-contracts/src/std/slice.rs" 30 4 30 33] (self : slice t_T'0) : Seq.seq t_T'0 + axiom produces_refl'1_spec : forall self : t_A'0 . ([%#siter6] inv'3 self) + -> ([%#siter7] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) - axiom view'2_spec : forall self : slice t_T'0 . ([%#sslice9] Seq.length (view'2 self) - <= UIntSize.to_int (v_MAX'0 : usize)) - && ([%#sslice10] view'2 self = Slice.id self) + function iterb'0 [#"../../../creusot-contracts/src/std/iter/zip.rs" 22 4 22 23] (self : t_Zip'0) : t_B'0 - function view'1 [#"../../../creusot-contracts/src/model.rs" 87 4 87 33] (self : slice t_T'0) : Seq.seq t_T'0 = - [%#smodel7] view'2 self + axiom iterb'0_spec : forall self : t_Zip'0 . [%#szip5] inv'0 self -> inv'4 (iterb'0 self) use seq.Seq use seq.Seq - function index_logic'0 [@inline:trivial] [#"../../../creusot-contracts/src/logic/ops.rs" 41 4 41 47] (self : slice t_T'0) (ix : int) : t_T'0 + predicate produces'2 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_B'0) (visited : Seq.seq t_Item'1) (o : t_B'0) - = - [%#sops8] Seq.get (view'2 self) ix - function to_ref_seq'0 [#"../../../creusot-contracts/src/std/slice.rs" 98 4 98 35] (self : slice t_T'0) : Seq.seq t_T'0 + function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_B'0) (ab : Seq.seq t_Item'1) (b : t_B'0) (bc : Seq.seq t_Item'1) (c : t_B'0) : () + - axiom to_ref_seq'0_spec : forall self : slice t_T'0 . ([%#sslice5] Seq.length (to_ref_seq'0 self) - = Seq.length (view'1 self)) - && ([%#sslice6] forall i : int . 0 <= i /\ i < Seq.length (to_ref_seq'0 self) - -> Seq.get (to_ref_seq'0 self) i = index_logic'0 self i) + axiom produces_trans'1_spec : forall a : t_B'0, ab : Seq.seq t_Item'1, b : t_B'0, bc : Seq.seq t_Item'1, c : t_B'0 . ([%#siter8] inv'4 a) + -> ([%#siter9] inv'4 b) + -> ([%#siter10] inv'4 c) + -> ([%#siter11] produces'2 a ab b) + -> ([%#siter12] produces'2 b bc c) -> ([%#siter13] produces'2 a (Seq.(++) ab bc) c) - use seq.Seq + function produces_refl'2 [#"../../../creusot-contracts/src/std/iter.rs" 40 4 40 27] (self : t_B'0) : () - predicate produces'0 [#"../../../creusot-contracts/src/std/deque.rs" 169 4 169 65] (self : t_Iter'0) (visited : Seq.seq t_T'0) (tl : t_Iter'0) + axiom produces_refl'2_spec : forall self : t_B'0 . ([%#siter6] inv'4 self) + -> ([%#siter7] produces'2 self (Seq.empty : Seq.seq t_Item'1) self) + + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/zip.rs" 43 4 43 64] (self : t_Zip'0) (visited : Seq.seq (t_Item'0, t_Item'1)) (o : t_Zip'0) = - [%#sdeque4] to_ref_seq'0 (view'0 self) = Seq.(++) visited (to_ref_seq'0 (view'0 tl)) - - constant a : t_Iter'0 + [%#szip3] exists p1 : Seq.seq t_Item'0, p2 : Seq.seq t_Item'1 . inv'1 p1 + /\ inv'2 p2 + /\ Seq.length p1 = Seq.length p2 + /\ Seq.length p2 = Seq.length visited + /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> Seq.get visited i = (Seq.get p1 i, Seq.get p2 i)) + /\ produces'1 (itera'0 self) p1 (itera'0 o) /\ produces'2 (iterb'0 self) p2 (iterb'0 o) - constant ab : Seq.seq t_T'0 + constant self : t_Zip'0 - constant b : t_Iter'0 + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter/zip.rs" 57 4 57 26] (self : t_Zip'0) : () - constant bc : Seq.seq t_T'0 + goal vc_produces_refl'0 : ([%#szip0] inv'0 self) + -> ([%#szip1] produces'0 self (Seq.empty : Seq.seq (t_Item'0, t_Item'1)) self) +end +module M_creusot_contracts__stdqy35z1__iter__zip__qyi2281060687216883844__produces_trans [#"../../../creusot-contracts/src/std/iter/zip.rs" 67 4 67 90] (* as std::iter::Iterator> *) + let%span szip0 = "../../../creusot-contracts/src/std/iter/zip.rs" 61 15 61 21 + let%span szip1 = "../../../creusot-contracts/src/std/iter/zip.rs" 62 15 62 21 + let%span szip2 = "../../../creusot-contracts/src/std/iter/zip.rs" 63 15 63 21 + let%span szip3 = "../../../creusot-contracts/src/std/iter/zip.rs" 64 15 64 32 + let%span szip4 = "../../../creusot-contracts/src/std/iter/zip.rs" 65 15 65 32 + let%span szip5 = "../../../creusot-contracts/src/std/iter/zip.rs" 66 14 66 42 + let%span szip6 = "../../../creusot-contracts/src/std/iter/zip.rs" 59 4 59 10 + let%span szip7 = "../../../creusot-contracts/src/std/iter/zip.rs" 46 12 49 95 + let%span szip8 = "../../../creusot-contracts/src/std/iter/zip.rs" 14 14 14 39 + let%span szip9 = "../../../creusot-contracts/src/std/iter/zip.rs" 21 14 21 39 + let%span siter10 = "../../../creusot-contracts/src/std/iter.rs" 38 15 38 24 + let%span siter11 = "../../../creusot-contracts/src/std/iter.rs" 39 14 39 45 + let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 21 + let%span siter13 = "../../../creusot-contracts/src/std/iter.rs" 44 15 44 21 + let%span siter14 = "../../../creusot-contracts/src/std/iter.rs" 45 15 45 21 + let%span siter15 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 + let%span siter16 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 + let%span siter17 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 + let%span sseq18 = "../../../creusot-contracts/src/logic/seq.rs" 609 20 609 95 + let%span sboxed19 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 - constant c : t_Iter'0 + type t_A'0 - function produces_trans'0 [#"../../../creusot-contracts/src/std/deque.rs" 185 4 185 90] (a : t_Iter'0) (ab : Seq.seq t_T'0) (b : t_Iter'0) (bc : Seq.seq t_T'0) (c : t_Iter'0) : () - + type t_B'0 - goal vc_produces_trans'0 : ([%#sdeque1] produces'0 b bc c) - -> ([%#sdeque0] produces'0 a ab b) -> ([%#sdeque2] produces'0 a (Seq.(++) ab bc) c) -end -module M_creusot_contracts__stdqy35z1__iter__cloned__qyi10472681371035856984__produces_refl [#"../../../creusot-contracts/src/std/iter/cloned.rs" 62 4 62 26] (* as std::iter::Iterator> *) - let%span scloned0 = "../../../creusot-contracts/src/std/iter/cloned.rs" 60 15 60 24 - let%span scloned1 = "../../../creusot-contracts/src/std/iter/cloned.rs" 61 14 61 45 - let%span scloned2 = "../../../creusot-contracts/src/std/iter/cloned.rs" 58 4 58 10 - let%span scloned3 = "../../../creusot-contracts/src/std/iter/cloned.rs" 51 12 54 79 - let%span scloned4 = "../../../creusot-contracts/src/std/iter/cloned.rs" 11 14 11 39 - let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 38 15 38 24 - let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 39 14 39 45 - let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 21 - let%span siter8 = "../../../creusot-contracts/src/std/iter.rs" 44 15 44 21 - let%span siter9 = "../../../creusot-contracts/src/std/iter.rs" 45 15 45 21 - let%span siter10 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 - let%span siter11 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 - let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 - let%span sseq13 = "../../../creusot-contracts/src/logic/seq.rs" 451 20 451 95 - let%span sboxed14 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 - let%span sinvariant15 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 + use prelude.prelude.UIntSize - type t_I'0 + type t_Zip'0 = + { t_Zip__a'0: t_A'0; t_Zip__b'0: t_B'0; t_Zip__index'0: usize; t_Zip__len'0: usize; t_Zip__a_len'0: usize } - type t_Cloned'0 = - { t_Cloned__it'0: t_I'0 } + predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_A'0) - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) + predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_B'0) - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Cloned'0) + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Zip'0) - axiom inv_axiom'0 [@rewrite] : forall x : t_Cloned'0 [inv'0 x] . inv'0 x + axiom inv_axiom'0 [@rewrite] : forall x : t_Zip'0 [inv'0 x] . inv'0 x = match x with - | {t_Cloned__it'0 = it} -> inv'2 it + | {t_Zip__a'0 = a ; t_Zip__b'0 = b ; t_Zip__index'0 = index ; t_Zip__len'0 = len ; t_Zip__a_len'0 = a_len} -> inv'3 a + /\ inv'4 b end - use seq.Seq + type t_Item'0 - type t_T'0 + type t_Item'1 use seq.Seq - use prelude.prelude.Borrow + use seq.Seq use seq.Seq @@ -6282,53 +5834,41 @@ module M_creusot_contracts__stdqy35z1__iter__cloned__qyi10472681371035856984__pr use seq.Seq - predicate inv'5 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) - - predicate invariant'2 [#"../../../creusot-contracts/src/invariant.rs" 23 4 23 30] (self : t_T'0) = - [%#sinvariant15] inv'5 self - - predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) - - axiom inv_axiom'3 [@rewrite] : forall x : t_T'0 [inv'4 x] . inv'4 x = invariant'2 x - - predicate invariant'1 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : t_T'0) = - [%#sboxed14] inv'4 self - - predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) + predicate inv'7 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) - axiom inv_axiom'2 [@rewrite] : forall x : t_T'0 [inv'3 x] . inv'3 x = invariant'1 x + predicate invariant'2 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : t_Item'0) = + [%#sboxed19] inv'7 self - predicate invariant'0 [#"../../../creusot-contracts/src/logic/seq.rs" 450 4 450 30] (self : Seq.seq t_T'0) = - [%#sseq13] forall i : int . 0 <= i /\ i < Seq.length self -> inv'3 (Seq.get self i) + predicate inv'5 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t_T'0) + axiom inv_axiom'3 [@rewrite] : forall x : t_Item'0 [inv'5 x] . inv'5 x = invariant'2 x - axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq t_T'0 [inv'1 x] . inv'1 x = invariant'0 x + predicate invariant'0 [#"../../../creusot-contracts/src/logic/seq.rs" 608 4 608 30] (self : Seq.seq t_Item'0) = + [%#sseq18] forall i : int . 0 <= i /\ i < Seq.length self -> inv'5 (Seq.get self i) - function iter'0 [#"../../../creusot-contracts/src/std/iter/cloned.rs" 12 4 12 22] (self : t_Cloned'0) : t_I'0 + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t_Item'0) - axiom iter'0_spec : forall self : t_Cloned'0 . [%#scloned4] inv'0 self -> inv'2 (iter'0 self) + axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq t_Item'0 [inv'1 x] . inv'1 x = invariant'0 x use seq.Seq use seq.Seq - predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_T'0) (o : t_I'0) - + predicate inv'8 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'1) - function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_T'0) (b : t_I'0) (bc : Seq.seq t_T'0) (c : t_I'0) : () - + predicate invariant'3 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : t_Item'1) = + [%#sboxed19] inv'8 self - axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_T'0, b : t_I'0, bc : Seq.seq t_T'0, c : t_I'0 . ([%#siter7] inv'2 a) - -> ([%#siter8] inv'2 b) - -> ([%#siter9] inv'2 c) - -> ([%#siter10] produces'1 a ab b) - -> ([%#siter11] produces'1 b bc c) -> ([%#siter12] produces'1 a (Seq.(++) ab bc) c) + predicate inv'6 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'1) - function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 40 4 40 27] (self : t_I'0) : () + axiom inv_axiom'4 [@rewrite] : forall x : t_Item'1 [inv'6 x] . inv'6 x = invariant'3 x - axiom produces_refl'1_spec : forall self : t_I'0 . ([%#siter5] inv'2 self) - -> ([%#siter6] produces'1 self (Seq.empty : Seq.seq t_T'0) self) + predicate invariant'1 [#"../../../creusot-contracts/src/logic/seq.rs" 608 4 608 30] (self : Seq.seq t_Item'1) = + [%#sseq18] forall i : int . 0 <= i /\ i < Seq.length self -> inv'6 (Seq.get self i) + + predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t_Item'1) + + axiom inv_axiom'2 [@rewrite] : forall x : Seq.seq t_Item'1 [inv'2 x] . inv'2 x = invariant'1 x use seq.Seq @@ -6336,8780 +5876,9212 @@ module M_creusot_contracts__stdqy35z1__iter__cloned__qyi10472681371035856984__pr use seq.Seq - predicate produces'0 [#"../../../creusot-contracts/src/std/iter/cloned.rs" 49 4 49 64] (self : t_Cloned'0) (visited : Seq.seq t_T'0) (o : t_Cloned'0) - - = - [%#scloned3] exists s : Seq.seq t_T'0 . inv'1 s - /\ produces'1 (iter'0 self) s (iter'0 o) - /\ Seq.length visited = Seq.length s - /\ (forall i : int . 0 <= i /\ i < Seq.length s -> Seq.get visited i = Seq.get s i) + use seq.Seq - constant self : t_Cloned'0 + function itera'0 [#"../../../creusot-contracts/src/std/iter/zip.rs" 15 4 15 23] (self : t_Zip'0) : t_A'0 - function produces_refl'0 [#"../../../creusot-contracts/src/std/iter/cloned.rs" 62 4 62 26] (self : t_Cloned'0) : () + axiom itera'0_spec : forall self : t_Zip'0 . [%#szip8] inv'0 self -> inv'3 (itera'0 self) - goal vc_produces_refl'0 : ([%#scloned0] inv'0 self) - -> ([%#scloned1] produces'0 self (Seq.empty : Seq.seq t_T'0) self) -end -module M_creusot_contracts__stdqy35z1__iter__cloned__qyi10472681371035856984__produces_trans [#"../../../creusot-contracts/src/std/iter/cloned.rs" 72 4 72 90] (* as std::iter::Iterator> *) - let%span scloned0 = "../../../creusot-contracts/src/std/iter/cloned.rs" 66 15 66 21 - let%span scloned1 = "../../../creusot-contracts/src/std/iter/cloned.rs" 67 15 67 21 - let%span scloned2 = "../../../creusot-contracts/src/std/iter/cloned.rs" 68 15 68 21 - let%span scloned3 = "../../../creusot-contracts/src/std/iter/cloned.rs" 69 15 69 32 - let%span scloned4 = "../../../creusot-contracts/src/std/iter/cloned.rs" 70 15 70 32 - let%span scloned5 = "../../../creusot-contracts/src/std/iter/cloned.rs" 71 14 71 42 - let%span scloned6 = "../../../creusot-contracts/src/std/iter/cloned.rs" 64 4 64 10 - let%span scloned7 = "../../../creusot-contracts/src/std/iter/cloned.rs" 51 12 54 79 - let%span scloned8 = "../../../creusot-contracts/src/std/iter/cloned.rs" 11 14 11 39 - let%span siter9 = "../../../creusot-contracts/src/std/iter.rs" 38 15 38 24 - let%span siter10 = "../../../creusot-contracts/src/std/iter.rs" 39 14 39 45 - let%span siter11 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 21 - let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 44 15 44 21 - let%span siter13 = "../../../creusot-contracts/src/std/iter.rs" 45 15 45 21 - let%span siter14 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 - let%span siter15 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 - let%span siter16 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 - let%span sseq17 = "../../../creusot-contracts/src/logic/seq.rs" 451 20 451 95 - let%span sboxed18 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 - let%span sinvariant19 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 + use seq.Seq - type t_I'0 + use seq.Seq - type t_Cloned'0 = - { t_Cloned__it'0: t_I'0 } + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_A'0) (visited : Seq.seq t_Item'0) (o : t_A'0) + - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) + function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_A'0) (ab : Seq.seq t_Item'0) (b : t_A'0) (bc : Seq.seq t_Item'0) (c : t_A'0) : () + - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Cloned'0) + axiom produces_trans'1_spec : forall a : t_A'0, ab : Seq.seq t_Item'0, b : t_A'0, bc : Seq.seq t_Item'0, c : t_A'0 . ([%#siter12] inv'3 a) + -> ([%#siter13] inv'3 b) + -> ([%#siter14] inv'3 c) + -> ([%#siter15] produces'1 a ab b) + -> ([%#siter16] produces'1 b bc c) -> ([%#siter17] produces'1 a (Seq.(++) ab bc) c) - axiom inv_axiom'0 [@rewrite] : forall x : t_Cloned'0 [inv'0 x] . inv'0 x - = match x with - | {t_Cloned__it'0 = it} -> inv'2 it - end + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 40 4 40 27] (self : t_A'0) : () - type t_T'0 + axiom produces_refl'0_spec : forall self : t_A'0 . ([%#siter10] inv'3 self) + -> ([%#siter11] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) - use seq.Seq + function iterb'0 [#"../../../creusot-contracts/src/std/iter/zip.rs" 22 4 22 23] (self : t_Zip'0) : t_B'0 - use prelude.prelude.Borrow + axiom iterb'0_spec : forall self : t_Zip'0 . [%#szip9] inv'0 self -> inv'4 (iterb'0 self) use seq.Seq - use prelude.prelude.Int - use seq.Seq - use seq.Seq + predicate produces'2 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_B'0) (visited : Seq.seq t_Item'1) (o : t_B'0) + - predicate inv'5 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) + function produces_trans'2 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_B'0) (ab : Seq.seq t_Item'1) (b : t_B'0) (bc : Seq.seq t_Item'1) (c : t_B'0) : () + - predicate invariant'2 [#"../../../creusot-contracts/src/invariant.rs" 23 4 23 30] (self : t_T'0) = - [%#sinvariant19] inv'5 self + axiom produces_trans'2_spec : forall a : t_B'0, ab : Seq.seq t_Item'1, b : t_B'0, bc : Seq.seq t_Item'1, c : t_B'0 . ([%#siter12] inv'4 a) + -> ([%#siter13] inv'4 b) + -> ([%#siter14] inv'4 c) + -> ([%#siter15] produces'2 a ab b) + -> ([%#siter16] produces'2 b bc c) -> ([%#siter17] produces'2 a (Seq.(++) ab bc) c) - predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) + function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 40 4 40 27] (self : t_B'0) : () - axiom inv_axiom'3 [@rewrite] : forall x : t_T'0 [inv'4 x] . inv'4 x = invariant'2 x + axiom produces_refl'1_spec : forall self : t_B'0 . ([%#siter10] inv'4 self) + -> ([%#siter11] produces'2 self (Seq.empty : Seq.seq t_Item'1) self) - predicate invariant'1 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : t_T'0) = - [%#sboxed18] inv'4 self - - predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) - - axiom inv_axiom'2 [@rewrite] : forall x : t_T'0 [inv'3 x] . inv'3 x = invariant'1 x - - predicate invariant'0 [#"../../../creusot-contracts/src/logic/seq.rs" 450 4 450 30] (self : Seq.seq t_T'0) = - [%#sseq17] forall i : int . 0 <= i /\ i < Seq.length self -> inv'3 (Seq.get self i) + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/zip.rs" 43 4 43 64] (self : t_Zip'0) (visited : Seq.seq (t_Item'0, t_Item'1)) (o : t_Zip'0) + + = + [%#szip7] exists p1 : Seq.seq t_Item'0, p2 : Seq.seq t_Item'1 . inv'1 p1 + /\ inv'2 p2 + /\ Seq.length p1 = Seq.length p2 + /\ Seq.length p2 = Seq.length visited + /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> Seq.get visited i = (Seq.get p1 i, Seq.get p2 i)) + /\ produces'1 (itera'0 self) p1 (itera'0 o) /\ produces'2 (iterb'0 self) p2 (iterb'0 o) - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t_T'0) + use seq.Seq - axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq t_T'0 [inv'1 x] . inv'1 x = invariant'0 x + constant a : t_Zip'0 - function iter'0 [#"../../../creusot-contracts/src/std/iter/cloned.rs" 12 4 12 22] (self : t_Cloned'0) : t_I'0 + constant ab : Seq.seq (t_Item'0, t_Item'1) - axiom iter'0_spec : forall self : t_Cloned'0 . [%#scloned8] inv'0 self -> inv'2 (iter'0 self) + constant b : t_Zip'0 - use seq.Seq + constant bc : Seq.seq (t_Item'0, t_Item'1) - use seq.Seq + constant c : t_Zip'0 - predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_T'0) (o : t_I'0) + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter/zip.rs" 67 4 67 90] (a : t_Zip'0) (ab : Seq.seq (t_Item'0, t_Item'1)) (b : t_Zip'0) (bc : Seq.seq (t_Item'0, t_Item'1)) (c : t_Zip'0) : () - function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_T'0) (b : t_I'0) (bc : Seq.seq t_T'0) (c : t_I'0) : () - + goal vc_produces_trans'0 : ([%#szip4] produces'0 b bc c) + -> ([%#szip3] produces'0 a ab b) + -> ([%#szip2] inv'0 c) + -> ([%#szip1] inv'0 b) -> ([%#szip0] inv'0 a) -> ([%#szip5] produces'0 a (Seq.(++) ab bc) c) +end +module M_creusot_contracts__stdqy35z1__option__extern_spec_std_option_T_Option_T_unwrap_or_else_body [#"../../../creusot-contracts/src/std/option.rs" 103 16 105 36] + let%span soption0 = "../../../creusot-contracts/src/std/option.rs" 31 0 423 1 + let%span soption1 = "../../../creusot-contracts/src/std/option.rs" 103 43 103 44 + let%span soption2 = "../../../creusot-contracts/src/std/option.rs" 103 52 103 53 + let%span soption3 = "../../../creusot-contracts/src/std/option.rs" 99 26 102 17 + let%span sops4 = "../../../creusot-contracts/src/std/ops.rs" 148 0 170 1 - axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_T'0, b : t_I'0, bc : Seq.seq t_T'0, c : t_I'0 . ([%#siter11] inv'2 a) - -> ([%#siter12] inv'2 b) - -> ([%#siter13] inv'2 c) - -> ([%#siter14] produces'1 a ab b) - -> ([%#siter15] produces'1 b bc c) -> ([%#siter16] produces'1 a (Seq.(++) ab bc) c) + type t_T'0 - function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 40 4 40 27] (self : t_I'0) : () + type t_Option'0 = + | C_None'0 + | C_Some'0 t_T'0 - axiom produces_refl'0_spec : forall self : t_I'0 . ([%#siter9] inv'2 self) - -> ([%#siter10] produces'1 self (Seq.empty : Seq.seq t_T'0) self) + type t_F'0 - use seq.Seq + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_F'0) - use seq.Seq + use prelude.prelude.Borrow - use seq.Seq + predicate resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_F'0) - predicate produces'0 [#"../../../creusot-contracts/src/std/iter/cloned.rs" 49 4 49 64] (self : t_Cloned'0) (visited : Seq.seq t_T'0) (o : t_Cloned'0) + let rec v_Some'0 (input:t_Option'0) (ret (field_0:t_T'0))= any + [ good (field_0:t_T'0)-> {C_Some'0 field_0 = input} (! ret {field_0}) + | bad -> {forall field_0 : t_T'0 [C_Some'0 field_0 : t_Option'0] . C_Some'0 field_0 <> input} (! {false} any) ] - = - [%#scloned7] exists s : Seq.seq t_T'0 . inv'1 s - /\ produces'1 (iter'0 self) s (iter'0 o) - /\ Seq.length visited = Seq.length s - /\ (forall i : int . 0 <= i /\ i < Seq.length s -> Seq.get visited i = Seq.get s i) - - use seq.Seq - - constant a : t_Cloned'0 - constant ab : Seq.seq t_T'0 + predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : ()) - constant b : t_Cloned'0 + axiom inv_axiom'1 [@rewrite] : forall x : () [inv'3 x] . inv'3 x = true - constant bc : Seq.seq t_T'0 + predicate precondition'0 [#"../../../creusot-contracts/src/std/ops.rs" 73 4 73 45] (self : t_F'0) (args : ()) - constant c : t_Cloned'0 + predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) - function produces_trans'0 [#"../../../creusot-contracts/src/std/iter/cloned.rs" 72 4 72 90] (a : t_Cloned'0) (ab : Seq.seq t_T'0) (b : t_Cloned'0) (bc : Seq.seq t_T'0) (c : t_Cloned'0) : () + predicate postcondition_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 81 4 81 73] (self : t_F'0) (args : ()) (result : t_T'0) - goal vc_produces_trans'0 : ([%#scloned4] produces'0 b bc c) - -> ([%#scloned3] produces'0 a ab b) - -> ([%#scloned2] inv'0 c) - -> ([%#scloned1] inv'0 b) -> ([%#scloned0] inv'0 a) -> ([%#scloned5] produces'0 a (Seq.(++) ab bc) c) -end -module M_creusot_contracts__stdqy35z1__iter__copied__qyi18224474876607687026__produces_refl [#"../../../creusot-contracts/src/std/iter/copied.rs" 62 4 62 26] (* as std::iter::Iterator> *) - let%span scopied0 = "../../../creusot-contracts/src/std/iter/copied.rs" 60 15 60 24 - let%span scopied1 = "../../../creusot-contracts/src/std/iter/copied.rs" 61 14 61 45 - let%span scopied2 = "../../../creusot-contracts/src/std/iter/copied.rs" 58 4 58 10 - let%span scopied3 = "../../../creusot-contracts/src/std/iter/copied.rs" 51 12 54 79 - let%span scopied4 = "../../../creusot-contracts/src/std/iter/copied.rs" 11 14 11 39 - let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 38 15 38 24 - let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 39 14 39 45 - let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 21 - let%span siter8 = "../../../creusot-contracts/src/std/iter.rs" 44 15 44 21 - let%span siter9 = "../../../creusot-contracts/src/std/iter.rs" 45 15 45 21 - let%span siter10 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 - let%span siter11 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 - let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 - let%span sseq13 = "../../../creusot-contracts/src/logic/seq.rs" 451 20 451 95 - let%span sboxed14 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 - let%span sinvariant15 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 - - type t_I'0 - - type t_Copied'0 = - { t_Copied__it'0: t_I'0 } + let rec call_once'0 (self:t_F'0) (args:()) (return' (ret:t_T'0))= {[@expl:call_once 'self' type invariant] inv'0 self} + {[@expl:call_once 'args' type invariant] inv'3 args} + {[@expl:call_once requires] [%#sops4] precondition'0 self args} + any + [ return' (result:t_T'0)-> {inv'2 result} {[%#sops4] postcondition_once'0 self args result} (! return' {result}) ] + - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) + use prelude.prelude.Intrinsic - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Copied'0) + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Option'0) - axiom inv_axiom'0 [@rewrite] : forall x : t_Copied'0 [inv'0 x] . inv'0 x + axiom inv_axiom'0 [@rewrite] : forall x : t_Option'0 [inv'1 x] . inv'1 x = match x with - | {t_Copied__it'0 = it} -> inv'2 it + | C_None'0 -> true + | C_Some'0 a_0 -> inv'2 a_0 end - use seq.Seq - - type t_T'0 + meta "compute_max_steps" 1000000 - use seq.Seq + let rec extern_spec_std_option_T_Option_T_unwrap_or_else_body'0 (self_:t_Option'0) (f:t_F'0) (return' (ret:t_T'0))= {[@expl:extern_spec_std_option_T_Option_T_unwrap_or_else_body 'self_' type invariant] [%#soption0] inv'1 self_} + {[@expl:extern_spec_std_option_T_Option_T_unwrap_or_else_body 'f' type invariant] [%#soption1] inv'0 f} + {[@expl:extern_spec_std_option_T_Option_T_unwrap_or_else_body requires] [%#soption0] self_ = C_None'0 + -> precondition'0 f ()} + (! bb0 + [ bb0 = bb1 + | bb1 = bb2 + | bb2 = any [ br0 -> {self_ = C_None'0 } (! bb4) | br1 (x0:t_T'0)-> {self_ = C_Some'0 x0} (! bb5) ] + | bb5 = s0 + [ s0 = {[@expl:type invariant] inv'0 f} s1 + | s1 = -{resolve'0 f}- s2 + | s2 = v_Some'0 {self_} (fun (r0'0:t_T'0) -> [ &t <- r0'0 ] s3) + | s3 = [ &_0 <- t ] s4 + | s4 = bb8 ] + + | bb8 = bb9 + | bb4 = bb6 + | bb6 = s0 [ s0 = call_once'0 {f} {_7} (fun (_ret':t_T'0) -> [ &_0 <- _ret' ] s1) | s1 = bb7 ] + | bb7 = bb9 + | bb9 = bb10 + | bb10 = bb11 + | bb11 = return' {_0} ] + ) + [ & _0 : t_T'0 = any_l () + | & self_ : t_Option'0 = self_ + | & f : t_F'0 = f + | & _7 : () = any_l () + | & t : t_T'0 = any_l () ] + + [ return' (result:t_T'0)-> {[@expl:extern_spec_std_option_T_Option_T_unwrap_or_else_body result type invariant] [%#soption2] inv'2 result} + {[@expl:extern_spec_std_option_T_Option_T_unwrap_or_else_body ensures] [%#soption3] match self_ with + | C_None'0 -> postcondition_once'0 f () result + | C_Some'0 t -> result = t + end} + (! return' {result}) ] + +end +module M_creusot_contracts__stdqy35z1__option__extern_spec_std_option_T_Option_T_map_body [#"../../../creusot-contracts/src/std/option.rs" 131 16 133 37] + let%span soption0 = "../../../creusot-contracts/src/std/option.rs" 31 0 423 1 + let%span soption1 = "../../../creusot-contracts/src/std/option.rs" 131 35 131 36 + let%span soption2 = "../../../creusot-contracts/src/std/option.rs" 123 27 126 17 + let%span soption3 = "../../../creusot-contracts/src/std/option.rs" 131 44 131 53 + let%span soption4 = "../../../creusot-contracts/src/std/option.rs" 127 26 130 17 + let%span sops5 = "../../../creusot-contracts/src/std/ops.rs" 148 0 170 1 - use prelude.prelude.Borrow + type t_T'0 - use seq.Seq + type t_Option'1 = + | C_None'0 + | C_Some'0 t_T'0 - use prelude.prelude.Int + let rec v_Some'0 (input:t_Option'1) (ret (field_0:t_T'0))= any + [ good (field_0:t_T'0)-> {C_Some'0 field_0 = input} (! ret {field_0}) + | bad -> {forall field_0 : t_T'0 [C_Some'0 field_0 : t_Option'1] . C_Some'0 field_0 <> input} (! {false} any) ] + - use seq.Seq + type t_F'0 - use seq.Seq + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_F'0) predicate inv'5 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) - predicate invariant'2 [#"../../../creusot-contracts/src/invariant.rs" 23 4 23 30] (self : t_T'0) = - [%#sinvariant15] inv'5 self - - predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) - - axiom inv_axiom'3 [@rewrite] : forall x : t_T'0 [inv'4 x] . inv'4 x = invariant'2 x - - predicate invariant'1 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : t_T'0) = - [%#sboxed14] inv'4 self - predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) - axiom inv_axiom'2 [@rewrite] : forall x : t_T'0 [inv'3 x] . inv'3 x = invariant'1 x - - predicate invariant'0 [#"../../../creusot-contracts/src/logic/seq.rs" 450 4 450 30] (self : Seq.seq t_T'0) = - [%#sseq13] forall i : int . 0 <= i /\ i < Seq.length self -> inv'3 (Seq.get self i) - - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t_T'0) - - axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq t_T'0 [inv'1 x] . inv'1 x = invariant'0 x - - function iter'0 [#"../../../creusot-contracts/src/std/iter/copied.rs" 12 4 12 22] (self : t_Copied'0) : t_I'0 + axiom inv_axiom'2 [@rewrite] : forall x : t_T'0 [inv'3 x] . inv'3 x = (let (x0) = x in inv'5 x0) - axiom iter'0_spec : forall self : t_Copied'0 . [%#scopied4] inv'0 self -> inv'2 (iter'0 self) + predicate precondition'0 [#"../../../creusot-contracts/src/std/ops.rs" 73 4 73 45] (self : t_F'0) (args : t_T'0) - use seq.Seq + type t_U'0 - use seq.Seq + predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_U'0) - predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_T'0) (o : t_I'0) + predicate postcondition_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 81 4 81 73] (self : t_F'0) (args : t_T'0) (result : t_U'0) - function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_T'0) (b : t_I'0) (bc : Seq.seq t_T'0) (c : t_I'0) : () + let rec call_once'0 (self:t_F'0) (args:t_T'0) (return' (ret:t_U'0))= {[@expl:call_once 'self' type invariant] inv'0 self} + {[@expl:call_once 'args' type invariant] inv'3 args} + {[@expl:call_once requires] [%#sops5] precondition'0 self args} + any + [ return' (result:t_U'0)-> {inv'4 result} {[%#sops5] postcondition_once'0 self args result} (! return' {result}) ] - axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_T'0, b : t_I'0, bc : Seq.seq t_T'0, c : t_I'0 . ([%#siter7] inv'2 a) - -> ([%#siter8] inv'2 b) - -> ([%#siter9] inv'2 c) - -> ([%#siter10] produces'1 a ab b) - -> ([%#siter11] produces'1 b bc c) -> ([%#siter12] produces'1 a (Seq.(++) ab bc) c) + type t_Option'0 = + | C_None'1 + | C_Some'1 t_U'0 - function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 40 4 40 27] (self : t_I'0) : () + use prelude.prelude.Borrow - axiom produces_refl'1_spec : forall self : t_I'0 . ([%#siter5] inv'2 self) - -> ([%#siter6] produces'1 self (Seq.empty : Seq.seq t_T'0) self) + predicate resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_F'0) - use seq.Seq + use prelude.prelude.Intrinsic - use seq.Seq + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Option'1) - use seq.Seq + axiom inv_axiom'0 [@rewrite] : forall x : t_Option'1 [inv'1 x] . inv'1 x + = match x with + | C_None'0 -> true + | C_Some'0 a_0 -> inv'5 a_0 + end - predicate produces'0 [#"../../../creusot-contracts/src/std/iter/copied.rs" 49 4 49 64] (self : t_Copied'0) (visited : Seq.seq t_T'0) (o : t_Copied'0) - - = - [%#scopied3] exists s : Seq.seq t_T'0 . inv'1 s - /\ produces'1 (iter'0 self) s (iter'0 o) - /\ Seq.length visited = Seq.length s - /\ (forall i : int . 0 <= i /\ i < Seq.length s -> Seq.get visited i = Seq.get s i) + predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Option'0) - constant self : t_Copied'0 + axiom inv_axiom'1 [@rewrite] : forall x : t_Option'0 [inv'2 x] . inv'2 x + = match x with + | C_None'1 -> true + | C_Some'1 a_0 -> inv'4 a_0 + end - function produces_refl'0 [#"../../../creusot-contracts/src/std/iter/copied.rs" 62 4 62 26] (self : t_Copied'0) : () + meta "compute_max_steps" 1000000 - goal vc_produces_refl'0 : ([%#scopied0] inv'0 self) - -> ([%#scopied1] produces'0 self (Seq.empty : Seq.seq t_T'0) self) + let rec extern_spec_std_option_T_Option_T_map_body'0 (self_:t_Option'1) (f:t_F'0) (return' (ret:t_Option'0))= {[@expl:extern_spec_std_option_T_Option_T_map_body 'self_' type invariant] [%#soption0] inv'1 self_} + {[@expl:extern_spec_std_option_T_Option_T_map_body 'f' type invariant] [%#soption1] inv'0 f} + {[@expl:extern_spec_std_option_T_Option_T_map_body requires] [%#soption2] match self_ with + | C_None'0 -> true + | C_Some'0 t -> precondition'0 f (t) + end} + (! bb0 + [ bb0 = bb1 + | bb1 = bb2 + | bb2 = any [ br0 -> {self_ = C_None'0 } (! bb4) | br1 (x0:t_T'0)-> {self_ = C_Some'0 x0} (! bb5) ] + | bb5 = s0 + [ s0 = v_Some'0 {self_} (fun (r0'0:t_T'0) -> [ &t <- r0'0 ] s1) + | s1 = [ &_9 <- (t) ] s2 + | s2 = call_once'0 {f} {_9} (fun (_ret':t_U'0) -> [ &_7 <- _ret' ] s3) + | s3 = bb7 ] + + | bb7 = bb8 + | bb8 = s0 [ s0 = [ &_0 <- C_Some'1 _7 ] s1 | s1 = bb9 ] + | bb9 = bb10 + | bb10 = bb11 + | bb4 = s0 [ s0 = {[@expl:type invariant] inv'0 f} s1 | s1 = -{resolve'0 f}- s2 | s2 = bb6 ] + | bb6 = s0 [ s0 = [ &_0 <- C_None'1 ] s1 | s1 = bb11 ] + | bb11 = bb12 + | bb12 = bb13 + | bb13 = return' {_0} ] + ) + [ & _0 : t_Option'0 = any_l () + | & self_ : t_Option'1 = self_ + | & f : t_F'0 = f + | & t : t_T'0 = any_l () + | & _7 : t_U'0 = any_l () + | & _9 : t_T'0 = any_l () ] + + [ return' (result:t_Option'0)-> {[@expl:extern_spec_std_option_T_Option_T_map_body result type invariant] [%#soption3] inv'2 result} + {[@expl:extern_spec_std_option_T_Option_T_map_body ensures] [%#soption4] match self_ with + | C_None'0 -> result = C_None'1 + | C_Some'0 t -> exists r : t_U'0 . result = C_Some'1 r /\ postcondition_once'0 f (t) r + end} + (! return' {result}) ] + end -module M_creusot_contracts__stdqy35z1__iter__copied__qyi18224474876607687026__produces_trans [#"../../../creusot-contracts/src/std/iter/copied.rs" 72 4 72 90] (* as std::iter::Iterator> *) - let%span scopied0 = "../../../creusot-contracts/src/std/iter/copied.rs" 66 15 66 21 - let%span scopied1 = "../../../creusot-contracts/src/std/iter/copied.rs" 67 15 67 21 - let%span scopied2 = "../../../creusot-contracts/src/std/iter/copied.rs" 68 15 68 21 - let%span scopied3 = "../../../creusot-contracts/src/std/iter/copied.rs" 69 15 69 32 - let%span scopied4 = "../../../creusot-contracts/src/std/iter/copied.rs" 70 15 70 32 - let%span scopied5 = "../../../creusot-contracts/src/std/iter/copied.rs" 71 14 71 42 - let%span scopied6 = "../../../creusot-contracts/src/std/iter/copied.rs" 64 4 64 10 - let%span scopied7 = "../../../creusot-contracts/src/std/iter/copied.rs" 51 12 54 79 - let%span scopied8 = "../../../creusot-contracts/src/std/iter/copied.rs" 11 14 11 39 - let%span siter9 = "../../../creusot-contracts/src/std/iter.rs" 38 15 38 24 - let%span siter10 = "../../../creusot-contracts/src/std/iter.rs" 39 14 39 45 - let%span siter11 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 21 - let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 44 15 44 21 - let%span siter13 = "../../../creusot-contracts/src/std/iter.rs" 45 15 45 21 - let%span siter14 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 - let%span siter15 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 - let%span siter16 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 - let%span sseq17 = "../../../creusot-contracts/src/logic/seq.rs" 451 20 451 95 - let%span sboxed18 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 - let%span sinvariant19 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 - - type t_I'0 - - type t_Copied'0 = - { t_Copied__it'0: t_I'0 } +module M_creusot_contracts__stdqy35z1__option__extern_spec_std_option_T_Option_T_inspect_body [#"../../../creusot-contracts/src/std/option.rs" 149 16 151 33] + let%span soption0 = "../../../creusot-contracts/src/std/option.rs" 31 0 423 1 + let%span soption1 = "../../../creusot-contracts/src/std/option.rs" 149 36 149 37 + let%span soption2 = "../../../creusot-contracts/src/std/option.rs" 140 27 143 17 + let%span soption3 = "../../../creusot-contracts/src/std/option.rs" 149 45 149 54 + let%span soption4 = "../../../creusot-contracts/src/std/option.rs" 145 26 148 17 + let%span sops5 = "../../../creusot-contracts/src/std/ops.rs" 148 0 170 1 + let%span sinvariant6 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) + type t_T'0 - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Copied'0) + type t_Option'0 = + | C_None'0 + | C_Some'0 t_T'0 - axiom inv_axiom'0 [@rewrite] : forall x : t_Copied'0 [inv'0 x] . inv'0 x - = match x with - | {t_Copied__it'0 = it} -> inv'2 it - end + let rec v_Some'0 (input:t_Option'0) (ret (field_0:t_T'0))= any + [ good (field_0:t_T'0)-> {C_Some'0 field_0 = input} (! ret {field_0}) + | bad -> {forall field_0 : t_T'0 [C_Some'0 field_0 : t_Option'0] . C_Some'0 field_0 <> input} (! {false} any) ] + - type t_T'0 + type t_F'0 - use seq.Seq + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_F'0) use prelude.prelude.Borrow - use seq.Seq - - use prelude.prelude.Int - - use seq.Seq + predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) - use seq.Seq + predicate invariant'0 [#"../../../creusot-contracts/src/invariant.rs" 23 4 23 30] (self : t_T'0) = + [%#sinvariant6] inv'4 self predicate inv'5 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) - predicate invariant'2 [#"../../../creusot-contracts/src/invariant.rs" 23 4 23 30] (self : t_T'0) = - [%#sinvariant19] inv'5 self + axiom inv_axiom'3 [@rewrite] : forall x : t_T'0 [inv'5 x] . inv'5 x = invariant'0 x - predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) + predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) - axiom inv_axiom'3 [@rewrite] : forall x : t_T'0 [inv'4 x] . inv'4 x = invariant'2 x + axiom inv_axiom'1 [@rewrite] : forall x : t_T'0 [inv'2 x] . inv'2 x = (let (x0) = x in inv'5 x0) - predicate invariant'1 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : t_T'0) = - [%#sboxed18] inv'4 self + predicate precondition'0 [#"../../../creusot-contracts/src/std/ops.rs" 73 4 73 45] (self : t_F'0) (args : t_T'0) - predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) + predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : ()) - axiom inv_axiom'2 [@rewrite] : forall x : t_T'0 [inv'3 x] . inv'3 x = invariant'1 x + axiom inv_axiom'2 [@rewrite] : forall x : () [inv'3 x] . inv'3 x = true - predicate invariant'0 [#"../../../creusot-contracts/src/logic/seq.rs" 450 4 450 30] (self : Seq.seq t_T'0) = - [%#sseq17] forall i : int . 0 <= i /\ i < Seq.length self -> inv'3 (Seq.get self i) + predicate postcondition_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 81 4 81 73] (self : t_F'0) (args : t_T'0) (result : ()) + - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t_T'0) + let rec call_once'0 (self:t_F'0) (args:t_T'0) (return' (ret:()))= {[@expl:call_once 'self' type invariant] inv'0 self} + {[@expl:call_once 'args' type invariant] inv'2 args} + {[@expl:call_once requires] [%#sops5] precondition'0 self args} + any [ return' (result:())-> {inv'3 result} {[%#sops5] postcondition_once'0 self args result} (! return' {result}) ] - axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq t_T'0 [inv'1 x] . inv'1 x = invariant'0 x + predicate resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_F'0) - function iter'0 [#"../../../creusot-contracts/src/std/iter/copied.rs" 12 4 12 22] (self : t_Copied'0) : t_I'0 + use prelude.prelude.Intrinsic - axiom iter'0_spec : forall self : t_Copied'0 . [%#scopied8] inv'0 self -> inv'2 (iter'0 self) + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Option'0) - use seq.Seq + axiom inv_axiom'0 [@rewrite] : forall x : t_Option'0 [inv'1 x] . inv'1 x + = match x with + | C_None'0 -> true + | C_Some'0 a_0 -> inv'4 a_0 + end - use seq.Seq + meta "compute_max_steps" 1000000 - predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_T'0) (o : t_I'0) + let rec extern_spec_std_option_T_Option_T_inspect_body'0 (self_:t_Option'0) (f:t_F'0) (return' (ret:t_Option'0))= {[@expl:extern_spec_std_option_T_Option_T_inspect_body 'self_' type invariant] [%#soption0] inv'1 self_} + {[@expl:extern_spec_std_option_T_Option_T_inspect_body 'f' type invariant] [%#soption1] inv'0 f} + {[@expl:extern_spec_std_option_T_Option_T_inspect_body requires] [%#soption2] match self_ with + | C_None'0 -> true + | C_Some'0 t -> precondition'0 f (t) + end} + (! bb0 + [ bb0 = bb1 + | bb1 = bb2 + | bb2 = bb3 + | bb3 = any [ br0 -> {self_ = C_None'0 } (! bb5) | br1 (x0:t_T'0)-> {self_ = C_Some'0 x0} (! bb6) ] + | bb6 = s0 + [ s0 = v_Some'0 {self_} (fun (r0'0:t_T'0) -> [ &t <- r0'0 ] s1) + | s1 = [ &_12 <- t ] s2 + | s2 = [ &_10 <- (_12) ] s3 + | s3 = call_once'0 {f} {_10} (fun (_ret':()) -> [ &_8 <- _ret' ] s4) + | s4 = bb8 ] + + | bb8 = s0 [ s0 = [ &_0 <- C_Some'0 t ] s1 | s1 = bb9 ] + | bb9 = bb10 + | bb10 = bb11 + | bb5 = s0 [ s0 = {[@expl:type invariant] inv'0 f} s1 | s1 = -{resolve'0 f}- s2 | s2 = bb7 ] + | bb7 = s0 [ s0 = [ &_0 <- C_None'0 ] s1 | s1 = bb11 ] + | bb11 = bb12 + | bb12 = bb13 + | bb13 = return' {_0} ] + ) + [ & _0 : t_Option'0 = any_l () + | & self_ : t_Option'0 = self_ + | & f : t_F'0 = f + | & t : t_T'0 = any_l () + | & _8 : () = any_l () + | & _10 : t_T'0 = any_l () + | & _12 : t_T'0 = any_l () ] - - function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_T'0) (b : t_I'0) (bc : Seq.seq t_T'0) (c : t_I'0) : () + [ return' (result:t_Option'0)-> {[@expl:extern_spec_std_option_T_Option_T_inspect_body result type invariant] [%#soption3] inv'1 result} + {[@expl:extern_spec_std_option_T_Option_T_inspect_body ensures #0] [%#soption0] result = self_} + {[@expl:extern_spec_std_option_T_Option_T_inspect_body ensures #1] [%#soption4] match self_ with + | C_None'0 -> true + | C_Some'0 t -> postcondition_once'0 f (t) () + end} + (! return' {result}) ] +end +module M_creusot_contracts__stdqy35z1__option__extern_spec_std_option_T_Option_T_map_or_body [#"../../../creusot-contracts/src/std/option.rs" 166 16 168 37] + let%span soption0 = "../../../creusot-contracts/src/std/option.rs" 31 0 423 1 + let%span soption1 = "../../../creusot-contracts/src/std/option.rs" 166 38 166 45 + let%span soption2 = "../../../creusot-contracts/src/std/option.rs" 166 50 166 51 + let%span soption3 = "../../../creusot-contracts/src/std/option.rs" 158 27 161 17 + let%span soption4 = "../../../creusot-contracts/src/std/option.rs" 166 59 166 60 + let%span soption5 = "../../../creusot-contracts/src/std/option.rs" 162 26 165 17 + let%span sops6 = "../../../creusot-contracts/src/std/ops.rs" 148 0 170 1 - axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_T'0, b : t_I'0, bc : Seq.seq t_T'0, c : t_I'0 . ([%#siter11] inv'2 a) - -> ([%#siter12] inv'2 b) - -> ([%#siter13] inv'2 c) - -> ([%#siter14] produces'1 a ab b) - -> ([%#siter15] produces'1 b bc c) -> ([%#siter16] produces'1 a (Seq.(++) ab bc) c) + type t_T'0 - function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 40 4 40 27] (self : t_I'0) : () + type t_Option'0 = + | C_None'0 + | C_Some'0 t_T'0 - axiom produces_refl'0_spec : forall self : t_I'0 . ([%#siter9] inv'2 self) - -> ([%#siter10] produces'1 self (Seq.empty : Seq.seq t_T'0) self) + type t_U'0 - use seq.Seq + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_U'0) - use seq.Seq + use prelude.prelude.Borrow - use seq.Seq + predicate resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_U'0) - predicate produces'0 [#"../../../creusot-contracts/src/std/iter/copied.rs" 49 4 49 64] (self : t_Copied'0) (visited : Seq.seq t_T'0) (o : t_Copied'0) + let rec v_Some'0 (input:t_Option'0) (ret (field_0:t_T'0))= any + [ good (field_0:t_T'0)-> {C_Some'0 field_0 = input} (! ret {field_0}) + | bad -> {forall field_0 : t_T'0 [C_Some'0 field_0 : t_Option'0] . C_Some'0 field_0 <> input} (! {false} any) ] - = - [%#scopied7] exists s : Seq.seq t_T'0 . inv'1 s - /\ produces'1 (iter'0 self) s (iter'0 o) - /\ Seq.length visited = Seq.length s - /\ (forall i : int . 0 <= i /\ i < Seq.length s -> Seq.get visited i = Seq.get s i) - use seq.Seq + type t_F'0 - constant a : t_Copied'0 + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_F'0) - constant ab : Seq.seq t_T'0 + predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) - constant b : t_Copied'0 + predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) - constant bc : Seq.seq t_T'0 + axiom inv_axiom'1 [@rewrite] : forall x : t_T'0 [inv'3 x] . inv'3 x = (let (x0) = x in inv'4 x0) - constant c : t_Copied'0 + predicate precondition'0 [#"../../../creusot-contracts/src/std/ops.rs" 73 4 73 45] (self : t_F'0) (args : t_T'0) - function produces_trans'0 [#"../../../creusot-contracts/src/std/iter/copied.rs" 72 4 72 90] (a : t_Copied'0) (ab : Seq.seq t_T'0) (b : t_Copied'0) (bc : Seq.seq t_T'0) (c : t_Copied'0) : () + predicate postcondition_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 81 4 81 73] (self : t_F'0) (args : t_T'0) (result : t_U'0) - goal vc_produces_trans'0 : ([%#scopied4] produces'0 b bc c) - -> ([%#scopied3] produces'0 a ab b) - -> ([%#scopied2] inv'0 c) - -> ([%#scopied1] inv'0 b) -> ([%#scopied0] inv'0 a) -> ([%#scopied5] produces'0 a (Seq.(++) ab bc) c) -end -module M_creusot_contracts__stdqy35z1__iter__empty__qyi10605201058978801838__produces_refl [#"../../../creusot-contracts/src/std/iter/empty.rs" 20 4 20 26] (* as std::iter::Iterator> *) - let%span sempty0 = "../../../creusot-contracts/src/std/iter/empty.rs" 18 15 18 24 - let%span sempty1 = "../../../creusot-contracts/src/std/iter/empty.rs" 19 14 19 45 - let%span sempty2 = "../../../creusot-contracts/src/std/iter/empty.rs" 16 4 16 10 - let%span sempty3 = "../../../creusot-contracts/src/std/iter/empty.rs" 13 20 13 54 + let rec call_once'0 (self:t_F'0) (args:t_T'0) (return' (ret:t_U'0))= {[@expl:call_once 'self' type invariant] inv'1 self} + {[@expl:call_once 'args' type invariant] inv'3 args} + {[@expl:call_once requires] [%#sops6] precondition'0 self args} + any + [ return' (result:t_U'0)-> {inv'0 result} {[%#sops6] postcondition_once'0 self args result} (! return' {result}) ] + - type t_Empty'0 = - { t_Empty__0'0: () } - - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Empty'0) + predicate resolve'1 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_F'0) - axiom inv_axiom'0 [@rewrite] : forall x : t_Empty'0 [inv'0 x] . inv'0 x = true + use prelude.prelude.Intrinsic - use seq.Seq + predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Option'0) - type t_T'0 + axiom inv_axiom'0 [@rewrite] : forall x : t_Option'0 [inv'2 x] . inv'2 x + = match x with + | C_None'0 -> true + | C_Some'0 a_0 -> inv'4 a_0 + end - use seq.Seq + meta "compute_max_steps" 1000000 - predicate produces'0 [#"../../../creusot-contracts/src/std/iter/empty.rs" 12 4 12 64] (self : t_Empty'0) (visited : Seq.seq t_T'0) (o : t_Empty'0) + let rec extern_spec_std_option_T_Option_T_map_or_body'0 (self_:t_Option'0) (default:t_U'0) (f:t_F'0) (return' (ret:t_U'0))= {[@expl:extern_spec_std_option_T_Option_T_map_or_body 'self_' type invariant] [%#soption0] inv'2 self_} + {[@expl:extern_spec_std_option_T_Option_T_map_or_body 'default' type invariant] [%#soption1] inv'0 default} + {[@expl:extern_spec_std_option_T_Option_T_map_or_body 'f' type invariant] [%#soption2] inv'1 f} + {[@expl:extern_spec_std_option_T_Option_T_map_or_body requires] [%#soption3] match self_ with + | C_None'0 -> true + | C_Some'0 t -> precondition'0 f (t) + end} + (! bb0 + [ bb0 = bb1 + | bb1 = bb2 + | bb2 = any [ br0 -> {self_ = C_None'0 } (! bb4) | br1 (x0:t_T'0)-> {self_ = C_Some'0 x0} (! bb5) ] + | bb5 = s0 + [ s0 = {[@expl:type invariant] inv'0 default} s1 + | s1 = -{resolve'0 default}- s2 + | s2 = v_Some'0 {self_} (fun (r0'0:t_T'0) -> [ &t <- r0'0 ] s3) + | s3 = [ &_9 <- (t) ] s4 + | s4 = call_once'0 {f} {_9} (fun (_ret':t_U'0) -> [ &_0 <- _ret' ] s5) + | s5 = bb7 ] + + | bb7 = bb8 + | bb8 = bb9 + | bb9 = bb10 + | bb4 = s0 [ s0 = {[@expl:type invariant] inv'1 f} s1 | s1 = -{resolve'1 f}- s2 | s2 = bb6 ] + | bb6 = s0 [ s0 = [ &_0 <- default ] s1 | s1 = bb10 ] + | bb10 = bb11 + | bb11 = bb12 + | bb12 = bb13 + | bb13 = return' {_0} ] + ) + [ & _0 : t_U'0 = any_l () + | & self_ : t_Option'0 = self_ + | & default : t_U'0 = default + | & f : t_F'0 = f + | & t : t_T'0 = any_l () + | & _9 : t_T'0 = any_l () ] + + [ return' (result:t_U'0)-> {[@expl:extern_spec_std_option_T_Option_T_map_or_body result type invariant] [%#soption4] inv'0 result} + {[@expl:extern_spec_std_option_T_Option_T_map_or_body ensures] [%#soption5] match self_ with + | C_None'0 -> result = default + | C_Some'0 t -> postcondition_once'0 f (t) result + end} + (! return' {result}) ] - = - [%#sempty3] visited = (Seq.empty : Seq.seq t_T'0) /\ self = o - - constant self : t_Empty'0 - - function produces_refl'0 [#"../../../creusot-contracts/src/std/iter/empty.rs" 20 4 20 26] (self : t_Empty'0) : () - - goal vc_produces_refl'0 : ([%#sempty0] inv'0 self) -> ([%#sempty1] produces'0 self (Seq.empty : Seq.seq t_T'0) self) end -module M_creusot_contracts__stdqy35z1__iter__empty__qyi10605201058978801838__produces_trans [#"../../../creusot-contracts/src/std/iter/empty.rs" 30 4 30 90] (* as std::iter::Iterator> *) - let%span sempty0 = "../../../creusot-contracts/src/std/iter/empty.rs" 24 15 24 21 - let%span sempty1 = "../../../creusot-contracts/src/std/iter/empty.rs" 25 15 25 21 - let%span sempty2 = "../../../creusot-contracts/src/std/iter/empty.rs" 26 15 26 21 - let%span sempty3 = "../../../creusot-contracts/src/std/iter/empty.rs" 27 15 27 32 - let%span sempty4 = "../../../creusot-contracts/src/std/iter/empty.rs" 28 15 28 32 - let%span sempty5 = "../../../creusot-contracts/src/std/iter/empty.rs" 29 14 29 42 - let%span sempty6 = "../../../creusot-contracts/src/std/iter/empty.rs" 22 4 22 10 - let%span sempty7 = "../../../creusot-contracts/src/std/iter/empty.rs" 13 20 13 54 +module M_creusot_contracts__stdqy35z1__option__extern_spec_std_option_T_Option_T_map_or_else_body [#"../../../creusot-contracts/src/std/option.rs" 183 16 186 37] + let%span soption0 = "../../../creusot-contracts/src/std/option.rs" 31 0 423 1 + let%span soption1 = "../../../creusot-contracts/src/std/option.rs" 183 46 183 53 + let%span soption2 = "../../../creusot-contracts/src/std/option.rs" 183 58 183 59 + let%span soption3 = "../../../creusot-contracts/src/std/option.rs" 175 27 178 17 + let%span soption4 = "../../../creusot-contracts/src/std/option.rs" 183 67 183 68 + let%span soption5 = "../../../creusot-contracts/src/std/option.rs" 179 26 182 17 + let%span sops6 = "../../../creusot-contracts/src/std/ops.rs" 148 0 170 1 - type t_Empty'0 = - { t_Empty__0'0: () } + type t_T'0 - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Empty'0) + type t_Option'0 = + | C_None'0 + | C_Some'0 t_T'0 - axiom inv_axiom'0 [@rewrite] : forall x : t_Empty'0 [inv'0 x] . inv'0 x = true + type t_D'0 - type t_T'0 + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_D'0) - use seq.Seq + use prelude.prelude.Borrow - use seq.Seq + predicate resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_D'0) - predicate produces'0 [#"../../../creusot-contracts/src/std/iter/empty.rs" 12 4 12 64] (self : t_Empty'0) (visited : Seq.seq t_T'0) (o : t_Empty'0) + let rec v_Some'0 (input:t_Option'0) (ret (field_0:t_T'0))= any + [ good (field_0:t_T'0)-> {C_Some'0 field_0 = input} (! ret {field_0}) + | bad -> {forall field_0 : t_T'0 [C_Some'0 field_0 : t_Option'0] . C_Some'0 field_0 <> input} (! {false} any) ] - = - [%#sempty7] visited = (Seq.empty : Seq.seq t_T'0) /\ self = o - use seq.Seq + type t_F'0 - constant a : t_Empty'0 + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_F'0) - constant ab : Seq.seq t_T'0 + predicate inv'6 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) - constant b : t_Empty'0 + predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) - constant bc : Seq.seq t_T'0 + axiom inv_axiom'1 [@rewrite] : forall x : t_T'0 [inv'4 x] . inv'4 x = (let (x0) = x in inv'6 x0) - constant c : t_Empty'0 + predicate precondition'1 [#"../../../creusot-contracts/src/std/ops.rs" 73 4 73 45] (self : t_F'0) (args : t_T'0) - function produces_trans'0 [#"../../../creusot-contracts/src/std/iter/empty.rs" 30 4 30 90] (a : t_Empty'0) (ab : Seq.seq t_T'0) (b : t_Empty'0) (bc : Seq.seq t_T'0) (c : t_Empty'0) : () - + type t_U'0 - goal vc_produces_trans'0 : ([%#sempty4] produces'0 b bc c) - -> ([%#sempty3] produces'0 a ab b) - -> ([%#sempty2] inv'0 c) - -> ([%#sempty1] inv'0 b) -> ([%#sempty0] inv'0 a) -> ([%#sempty5] produces'0 a (Seq.(++) ab bc) c) -end -module M_creusot_contracts__stdqy35z1__iter__enumerate__qyi2718914205750388896__produces_refl [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 86 4 86 26] (* as std::iter::Iterator> *) - let%span senumerate0 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 84 15 84 24 - let%span senumerate1 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 85 14 85 45 - let%span senumerate2 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 82 4 82 10 - let%span senumerate3 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 74 12 78 113 - let%span senumerate4 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 14 14 14 39 - let%span senumerate5 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 45 12 49 79 - let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 38 15 38 24 - let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 39 14 39 45 - let%span siter8 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 21 - let%span siter9 = "../../../creusot-contracts/src/std/iter.rs" 44 15 44 21 - let%span siter10 = "../../../creusot-contracts/src/std/iter.rs" 45 15 45 21 - let%span siter11 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 - let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 - let%span siter13 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 - let%span sseq14 = "../../../creusot-contracts/src/logic/seq.rs" 451 20 451 95 - let%span sboxed15 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 + predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_U'0) - type t_I'0 + predicate postcondition_once'1 [#"../../../creusot-contracts/src/std/ops.rs" 81 4 81 73] (self : t_F'0) (args : t_T'0) (result : t_U'0) + - use prelude.prelude.UIntSize + let rec call_once'0 (self:t_F'0) (args:t_T'0) (return' (ret:t_U'0))= {[@expl:call_once 'self' type invariant] inv'1 self} + {[@expl:call_once 'args' type invariant] inv'4 args} + {[@expl:call_once requires] [%#sops6] precondition'1 self args} + any + [ return' (result:t_U'0)-> {inv'3 result} {[%#sops6] postcondition_once'1 self args result} (! return' {result}) ] + - type t_Enumerate'0 = - { t_Enumerate__iter'0: t_I'0; t_Enumerate__count'0: usize } + predicate resolve'1 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_F'0) - type t_Item'0 + predicate inv'5 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : ()) - use seq.Seq + axiom inv_axiom'2 [@rewrite] : forall x : () [inv'5 x] . inv'5 x = true - use prelude.prelude.Int + predicate precondition'0 [#"../../../creusot-contracts/src/std/ops.rs" 73 4 73 45] (self : t_D'0) (args : ()) - use seq.Seq + predicate postcondition_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 81 4 81 73] (self : t_D'0) (args : ()) (result : t_U'0) + - use seq.Seq + let rec call_once'1 (self:t_D'0) (args:()) (return' (ret:t_U'0))= {[@expl:call_once 'self' type invariant] inv'0 self} + {[@expl:call_once 'args' type invariant] inv'5 args} + {[@expl:call_once requires] [%#sops6] precondition'0 self args} + any + [ return' (result:t_U'0)-> {inv'3 result} {[%#sops6] postcondition_once'0 self args result} (! return' {result}) ] + - predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) + use prelude.prelude.Intrinsic - predicate invariant'2 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : t_Item'0) = - [%#sboxed15] inv'4 self + predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Option'0) - predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) + axiom inv_axiom'0 [@rewrite] : forall x : t_Option'0 [inv'2 x] . inv'2 x + = match x with + | C_None'0 -> true + | C_Some'0 a_0 -> inv'6 a_0 + end - axiom inv_axiom'2 [@rewrite] : forall x : t_Item'0 [inv'3 x] . inv'3 x = invariant'2 x + meta "compute_max_steps" 1000000 - predicate invariant'1 [#"../../../creusot-contracts/src/logic/seq.rs" 450 4 450 30] (self : Seq.seq t_Item'0) = - [%#sseq14] forall i : int . 0 <= i /\ i < Seq.length self -> inv'3 (Seq.get self i) + let rec extern_spec_std_option_T_Option_T_map_or_else_body'0 (self_:t_Option'0) (default:t_D'0) (f:t_F'0) (return' (ret:t_U'0))= {[@expl:extern_spec_std_option_T_Option_T_map_or_else_body 'self_' type invariant] [%#soption0] inv'2 self_} + {[@expl:extern_spec_std_option_T_Option_T_map_or_else_body 'default' type invariant] [%#soption1] inv'0 default} + {[@expl:extern_spec_std_option_T_Option_T_map_or_else_body 'f' type invariant] [%#soption2] inv'1 f} + {[@expl:extern_spec_std_option_T_Option_T_map_or_else_body requires] [%#soption3] match self_ with + | C_None'0 -> precondition'0 default () + | C_Some'0 t -> precondition'1 f (t) + end} + (! bb0 + [ bb0 = bb1 + | bb1 = bb2 + | bb2 = any [ br0 -> {self_ = C_None'0 } (! bb4) | br1 (x0:t_T'0)-> {self_ = C_Some'0 x0} (! bb5) ] + | bb5 = s0 + [ s0 = {[@expl:type invariant] inv'0 default} s1 + | s1 = -{resolve'0 default}- s2 + | s2 = v_Some'0 {self_} (fun (r0'0:t_T'0) -> [ &t <- r0'0 ] s3) + | s3 = [ &_11 <- (t) ] s4 + | s4 = call_once'0 {f} {_11} (fun (_ret':t_U'0) -> [ &_0 <- _ret' ] s5) + | s5 = bb8 ] + + | bb8 = bb9 + | bb9 = bb10 + | bb10 = bb11 + | bb4 = s0 [ s0 = {[@expl:type invariant] inv'1 f} s1 | s1 = -{resolve'1 f}- s2 | s2 = bb6 ] + | bb6 = s0 [ s0 = call_once'1 {default} {_8} (fun (_ret':t_U'0) -> [ &_0 <- _ret' ] s1) | s1 = bb7 ] + | bb7 = bb11 + | bb11 = bb12 + | bb12 = bb13 + | bb13 = bb14 + | bb14 = return' {_0} ] + ) + [ & _0 : t_U'0 = any_l () + | & self_ : t_Option'0 = self_ + | & default : t_D'0 = default + | & f : t_F'0 = f + | & _8 : () = any_l () + | & t : t_T'0 = any_l () + | & _11 : t_T'0 = any_l () ] + + [ return' (result:t_U'0)-> {[@expl:extern_spec_std_option_T_Option_T_map_or_else_body result type invariant] [%#soption4] inv'3 result} + {[@expl:extern_spec_std_option_T_Option_T_map_or_else_body ensures] [%#soption5] match self_ with + | C_None'0 -> postcondition_once'0 default () result + | C_Some'0 t -> postcondition_once'1 f (t) result + end} + (! return' {result}) ] + +end +module M_creusot_contracts__stdqy35z1__option__extern_spec_std_option_T_Option_T_ok_or_else_body [#"../../../creusot-contracts/src/std/option.rs" 204 16 206 36] + let%span soption0 = "../../../creusot-contracts/src/std/option.rs" 31 0 423 1 + let%span soption1 = "../../../creusot-contracts/src/std/option.rs" 204 42 204 45 + let%span soption2 = "../../../creusot-contracts/src/std/option.rs" 204 53 204 65 + let%span soption3 = "../../../creusot-contracts/src/std/option.rs" 200 26 203 17 + let%span sops4 = "../../../creusot-contracts/src/std/ops.rs" 148 0 170 1 - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t_Item'0) + type t_T'0 - axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq t_Item'0 [inv'1 x] . inv'1 x = invariant'1 x + type t_Option'0 = + | C_None'0 + | C_Some'0 t_T'0 - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) + type t_F'0 - use seq.Seq + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_F'0) - use seq.Seq + use prelude.prelude.Borrow - predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) + predicate resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_F'0) + + let rec v_Some'0 (input:t_Option'0) (ret (field_0:t_T'0))= any + [ good (field_0:t_T'0)-> {C_Some'0 field_0 = input} (! ret {field_0}) + | bad -> {forall field_0 : t_T'0 [C_Some'0 field_0 : t_Option'0] . C_Some'0 field_0 <> input} (! {false} any) ] - function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - - - axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter8] inv'2 a) - -> ([%#siter9] inv'2 b) - -> ([%#siter10] inv'2 c) - -> ([%#siter11] produces'1 a ab b) - -> ([%#siter12] produces'1 b bc c) -> ([%#siter13] produces'1 a (Seq.(++) ab bc) c) - - function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 40 4 40 27] (self : t_I'0) : () - - axiom produces_refl'1_spec : forall self : t_I'0 . ([%#siter6] inv'2 self) - -> ([%#siter7] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) - - function n'0 [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 21 4 21 21] (self : t_Enumerate'0) : int + type t_E'0 - constant v_MAX'0 : usize = (18446744073709551615 : usize) + type t_Result'0 = + | C_Ok'0 t_T'0 + | C_Err'0 t_E'0 - use prelude.prelude.UIntSize + predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : ()) - use prelude.prelude.Borrow + axiom inv_axiom'2 [@rewrite] : forall x : () [inv'3 x] . inv'3 x = true - predicate completed'0 [#"../../../creusot-contracts/src/std/iter.rs" 35 4 35 36] (self : borrowed t_I'0) + predicate precondition'0 [#"../../../creusot-contracts/src/std/ops.rs" 73 4 73 45] (self : t_F'0) (args : ()) - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Enumerate'0) + predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_E'0) - function iter'0 [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 15 4 15 22] (self : t_Enumerate'0) : t_I'0 + predicate postcondition_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 81 4 81 73] (self : t_F'0) (args : ()) (result : t_E'0) + - axiom iter'0_spec : forall self : t_Enumerate'0 . [%#senumerate4] inv'0 self -> inv'2 (iter'0 self) + let rec call_once'0 (self:t_F'0) (args:()) (return' (ret:t_E'0))= {[@expl:call_once 'self' type invariant] inv'0 self} + {[@expl:call_once 'args' type invariant] inv'3 args} + {[@expl:call_once requires] [%#sops4] precondition'0 self args} + any + [ return' (result:t_E'0)-> {inv'4 result} {[%#sops4] postcondition_once'0 self args result} (! return' {result}) ] + - predicate invariant'0 [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 43 4 43 30] (self : t_Enumerate'0) = - [%#senumerate5] (forall s : Seq.seq t_Item'0, i : t_I'0 [produces'1 (iter'0 self) s i] . inv'1 s - /\ inv'2 i /\ produces'1 (iter'0 self) s i -> n'0 self + Seq.length s < UIntSize.to_int v_MAX'0) - /\ (forall i : borrowed t_I'0 . completed'0 i -> produces'1 i.current (Seq.empty : Seq.seq t_Item'0) i.final) + use prelude.prelude.Intrinsic - axiom inv_axiom'0 [@rewrite] : forall x : t_Enumerate'0 [inv'0 x] . inv'0 x - = (invariant'0 x - /\ match x with - | {t_Enumerate__iter'0 = iter ; t_Enumerate__count'0 = count} -> inv'2 iter - end) + predicate inv'5 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) - use seq.Seq + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Option'0) - use seq.Seq + axiom inv_axiom'0 [@rewrite] : forall x : t_Option'0 [inv'1 x] . inv'1 x + = match x with + | C_None'0 -> true + | C_Some'0 a_0 -> inv'5 a_0 + end - use seq.Seq + predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Result'0) - use seq.Seq + axiom inv_axiom'1 [@rewrite] : forall x : t_Result'0 [inv'2 x] . inv'2 x + = match x with + | C_Ok'0 a_0 -> inv'5 a_0 + | C_Err'0 a_0 -> inv'4 a_0 + end - use seq.Seq + meta "compute_max_steps" 1000000 - predicate produces'0 [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 72 4 72 64] (self : t_Enumerate'0) (visited : Seq.seq (usize, t_Item'0)) (o : t_Enumerate'0) + let rec extern_spec_std_option_T_Option_T_ok_or_else_body'0 (self_:t_Option'0) (err:t_F'0) (return' (ret:t_Result'0))= {[@expl:extern_spec_std_option_T_Option_T_ok_or_else_body 'self_' type invariant] [%#soption0] inv'1 self_} + {[@expl:extern_spec_std_option_T_Option_T_ok_or_else_body 'err' type invariant] [%#soption1] inv'0 err} + {[@expl:extern_spec_std_option_T_Option_T_ok_or_else_body requires] [%#soption0] self_ = C_None'0 + -> precondition'0 err ()} + (! bb0 + [ bb0 = bb1 + | bb1 = bb2 + | bb2 = any [ br0 -> {self_ = C_None'0 } (! bb4) | br1 (x0:t_T'0)-> {self_ = C_Some'0 x0} (! bb5) ] + | bb5 = s0 + [ s0 = {[@expl:type invariant] inv'0 err} s1 + | s1 = -{resolve'0 err}- s2 + | s2 = v_Some'0 {self_} (fun (r0'0:t_T'0) -> [ &t <- r0'0 ] s3) + | s3 = [ &_0 <- C_Ok'0 t ] s4 + | s4 = bb9 ] + + | bb9 = bb10 + | bb10 = bb11 + | bb4 = bb6 + | bb6 = s0 [ s0 = call_once'0 {err} {_8} (fun (_ret':t_E'0) -> [ &_6 <- _ret' ] s1) | s1 = bb7 ] + | bb7 = s0 [ s0 = [ &_0 <- C_Err'0 _6 ] s1 | s1 = bb8 ] + | bb8 = bb11 + | bb11 = bb12 + | bb12 = bb13 + | bb13 = return' {_0} ] + ) + [ & _0 : t_Result'0 = any_l () + | & self_ : t_Option'0 = self_ + | & err : t_F'0 = err + | & _6 : t_E'0 = any_l () + | & _8 : () = any_l () + | & t : t_T'0 = any_l () ] - = - [%#senumerate3] Seq.length visited = n'0 o - n'0 self - /\ (exists s : Seq.seq t_Item'0 . inv'1 s - /\ produces'1 (iter'0 self) s (iter'0 o) - /\ Seq.length visited = Seq.length s - /\ (forall i : int . 0 <= i /\ i < Seq.length s - -> UIntSize.to_int (let (a, _) = Seq.get visited i in a) = n'0 self + i - /\ (let (_, a) = Seq.get visited i in a) = Seq.get s i)) - - constant self : t_Enumerate'0 - - function produces_refl'0 [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 86 4 86 26] (self : t_Enumerate'0) : () + [ return' (result:t_Result'0)-> {[@expl:extern_spec_std_option_T_Option_T_ok_or_else_body result type invariant] [%#soption2] inv'2 result} + {[@expl:extern_spec_std_option_T_Option_T_ok_or_else_body ensures] [%#soption3] match self_ with + | C_None'0 -> exists r : t_E'0 . result = C_Err'0 r /\ postcondition_once'0 err () r + | C_Some'0 t -> result = C_Ok'0 t + end} + (! return' {result}) ] - - goal vc_produces_refl'0 : ([%#senumerate0] inv'0 self) - -> ([%#senumerate1] produces'0 self (Seq.empty : Seq.seq (usize, t_Item'0)) self) end -module M_creusot_contracts__stdqy35z1__iter__enumerate__qyi2718914205750388896__produces_trans [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 96 4 96 90] (* as std::iter::Iterator> *) - let%span senumerate0 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 90 15 90 21 - let%span senumerate1 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 91 15 91 21 - let%span senumerate2 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 92 15 92 21 - let%span senumerate3 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 93 15 93 32 - let%span senumerate4 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 94 15 94 32 - let%span senumerate5 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 95 14 95 42 - let%span senumerate6 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 88 4 88 10 - let%span senumerate7 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 74 12 78 113 - let%span senumerate8 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 14 14 14 39 - let%span senumerate9 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 45 12 49 79 - let%span siter10 = "../../../creusot-contracts/src/std/iter.rs" 38 15 38 24 - let%span siter11 = "../../../creusot-contracts/src/std/iter.rs" 39 14 39 45 - let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 21 - let%span siter13 = "../../../creusot-contracts/src/std/iter.rs" 44 15 44 21 - let%span siter14 = "../../../creusot-contracts/src/std/iter.rs" 45 15 45 21 - let%span siter15 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 - let%span siter16 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 - let%span siter17 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 - let%span sseq18 = "../../../creusot-contracts/src/logic/seq.rs" 451 20 451 95 - let%span sboxed19 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 - - type t_I'0 - - use prelude.prelude.UIntSize - - type t_Enumerate'0 = - { t_Enumerate__iter'0: t_I'0; t_Enumerate__count'0: usize } - - type t_Item'0 +module M_creusot_contracts__stdqy35z1__option__extern_spec_std_option_T_Option_T_and_then_body [#"../../../creusot-contracts/src/std/option.rs" 234 16 236 45] + let%span soption0 = "../../../creusot-contracts/src/std/option.rs" 31 0 423 1 + let%span soption1 = "../../../creusot-contracts/src/std/option.rs" 234 40 234 41 + let%span soption2 = "../../../creusot-contracts/src/std/option.rs" 226 27 229 17 + let%span soption3 = "../../../creusot-contracts/src/std/option.rs" 234 49 234 58 + let%span soption4 = "../../../creusot-contracts/src/std/option.rs" 230 26 233 17 + let%span sops5 = "../../../creusot-contracts/src/std/ops.rs" 148 0 170 1 - use seq.Seq + type t_T'0 - use prelude.prelude.Int + type t_Option'1 = + | C_None'0 + | C_Some'0 t_T'0 - use seq.Seq + let rec v_Some'0 (input:t_Option'1) (ret (field_0:t_T'0))= any + [ good (field_0:t_T'0)-> {C_Some'0 field_0 = input} (! ret {field_0}) + | bad -> {forall field_0 : t_T'0 [C_Some'0 field_0 : t_Option'1] . C_Some'0 field_0 <> input} (! {false} any) ] + - use seq.Seq + type t_F'0 - predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_F'0) - predicate invariant'2 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : t_Item'0) = - [%#sboxed19] inv'4 self + predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) - predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) + predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) - axiom inv_axiom'2 [@rewrite] : forall x : t_Item'0 [inv'3 x] . inv'3 x = invariant'2 x + axiom inv_axiom'2 [@rewrite] : forall x : t_T'0 [inv'3 x] . inv'3 x = (let (x0) = x in inv'4 x0) - predicate invariant'1 [#"../../../creusot-contracts/src/logic/seq.rs" 450 4 450 30] (self : Seq.seq t_Item'0) = - [%#sseq18] forall i : int . 0 <= i /\ i < Seq.length self -> inv'3 (Seq.get self i) + predicate precondition'0 [#"../../../creusot-contracts/src/std/ops.rs" 73 4 73 45] (self : t_F'0) (args : t_T'0) - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t_Item'0) + type t_U'0 - axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq t_Item'0 [inv'1 x] . inv'1 x = invariant'1 x + type t_Option'0 = + | C_None'1 + | C_Some'1 t_U'0 - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) + predicate inv'5 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_U'0) - use seq.Seq + predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Option'0) - use seq.Seq + axiom inv_axiom'1 [@rewrite] : forall x : t_Option'0 [inv'2 x] . inv'2 x + = match x with + | C_None'1 -> true + | C_Some'1 a_0 -> inv'5 a_0 + end - predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) + predicate postcondition_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 81 4 81 73] (self : t_F'0) (args : t_T'0) (result : t_Option'0) - function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + let rec call_once'0 (self:t_F'0) (args:t_T'0) (return' (ret:t_Option'0))= {[@expl:call_once 'self' type invariant] inv'0 self} + {[@expl:call_once 'args' type invariant] inv'3 args} + {[@expl:call_once requires] [%#sops5] precondition'0 self args} + any + [ return' (result:t_Option'0)-> {inv'2 result} + {[%#sops5] postcondition_once'0 self args result} + (! return' {result}) ] - axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter12] inv'2 a) - -> ([%#siter13] inv'2 b) - -> ([%#siter14] inv'2 c) - -> ([%#siter15] produces'1 a ab b) - -> ([%#siter16] produces'1 b bc c) -> ([%#siter17] produces'1 a (Seq.(++) ab bc) c) - - function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 40 4 40 27] (self : t_I'0) : () - - axiom produces_refl'0_spec : forall self : t_I'0 . ([%#siter10] inv'2 self) - -> ([%#siter11] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) - - function n'0 [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 21 4 21 21] (self : t_Enumerate'0) : int - - constant v_MAX'0 : usize = (18446744073709551615 : usize) - - use prelude.prelude.UIntSize - use prelude.prelude.Borrow - predicate completed'0 [#"../../../creusot-contracts/src/std/iter.rs" 35 4 35 36] (self : borrowed t_I'0) - - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Enumerate'0) - - function iter'0 [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 15 4 15 22] (self : t_Enumerate'0) : t_I'0 - - axiom iter'0_spec : forall self : t_Enumerate'0 . [%#senumerate8] inv'0 self -> inv'2 (iter'0 self) - - predicate invariant'0 [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 43 4 43 30] (self : t_Enumerate'0) = - [%#senumerate9] (forall s : Seq.seq t_Item'0, i : t_I'0 [produces'1 (iter'0 self) s i] . inv'1 s - /\ inv'2 i /\ produces'1 (iter'0 self) s i -> n'0 self + Seq.length s < UIntSize.to_int v_MAX'0) - /\ (forall i : borrowed t_I'0 . completed'0 i -> produces'1 i.current (Seq.empty : Seq.seq t_Item'0) i.final) - - axiom inv_axiom'0 [@rewrite] : forall x : t_Enumerate'0 [inv'0 x] . inv'0 x - = (invariant'0 x - /\ match x with - | {t_Enumerate__iter'0 = iter ; t_Enumerate__count'0 = count} -> inv'2 iter - end) + predicate resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_F'0) - use seq.Seq + use prelude.prelude.Intrinsic - use seq.Seq + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Option'1) - use seq.Seq + axiom inv_axiom'0 [@rewrite] : forall x : t_Option'1 [inv'1 x] . inv'1 x + = match x with + | C_None'0 -> true + | C_Some'0 a_0 -> inv'4 a_0 + end - use seq.Seq + meta "compute_max_steps" 1000000 - predicate produces'0 [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 72 4 72 64] (self : t_Enumerate'0) (visited : Seq.seq (usize, t_Item'0)) (o : t_Enumerate'0) - - = - [%#senumerate7] Seq.length visited = n'0 o - n'0 self - /\ (exists s : Seq.seq t_Item'0 . inv'1 s - /\ produces'1 (iter'0 self) s (iter'0 o) - /\ Seq.length visited = Seq.length s - /\ (forall i : int . 0 <= i /\ i < Seq.length s - -> UIntSize.to_int (let (a, _) = Seq.get visited i in a) = n'0 self + i - /\ (let (_, a) = Seq.get visited i in a) = Seq.get s i)) - - use seq.Seq + let rec extern_spec_std_option_T_Option_T_and_then_body'0 (self_:t_Option'1) (f:t_F'0) (return' (ret:t_Option'0))= {[@expl:extern_spec_std_option_T_Option_T_and_then_body 'self_' type invariant] [%#soption0] inv'1 self_} + {[@expl:extern_spec_std_option_T_Option_T_and_then_body 'f' type invariant] [%#soption1] inv'0 f} + {[@expl:extern_spec_std_option_T_Option_T_and_then_body requires] [%#soption2] match self_ with + | C_None'0 -> true + | C_Some'0 t -> precondition'0 f (t) + end} + (! bb0 + [ bb0 = bb1 + | bb1 = bb2 + | bb2 = any [ br0 -> {self_ = C_None'0 } (! bb4) | br1 (x0:t_T'0)-> {self_ = C_Some'0 x0} (! bb5) ] + | bb5 = s0 + [ s0 = v_Some'0 {self_} (fun (r0'0:t_T'0) -> [ &t <- r0'0 ] s1) + | s1 = [ &_8 <- (t) ] s2 + | s2 = call_once'0 {f} {_8} (fun (_ret':t_Option'0) -> [ &_0 <- _ret' ] s3) + | s3 = bb7 ] + + | bb7 = bb8 + | bb8 = bb9 + | bb9 = bb10 + | bb4 = s0 [ s0 = {[@expl:type invariant] inv'0 f} s1 | s1 = -{resolve'0 f}- s2 | s2 = bb6 ] + | bb6 = s0 [ s0 = [ &_0 <- C_None'1 ] s1 | s1 = bb10 ] + | bb10 = bb11 + | bb11 = bb12 + | bb12 = return' {_0} ] + ) + [ & _0 : t_Option'0 = any_l () + | & self_ : t_Option'1 = self_ + | & f : t_F'0 = f + | & t : t_T'0 = any_l () + | & _8 : t_T'0 = any_l () ] + + [ return' (result:t_Option'0)-> {[@expl:extern_spec_std_option_T_Option_T_and_then_body result type invariant] [%#soption3] inv'2 result} + {[@expl:extern_spec_std_option_T_Option_T_and_then_body ensures] [%#soption4] match self_ with + | C_None'0 -> result = C_None'1 + | C_Some'0 t -> postcondition_once'0 f (t) result + end} + (! return' {result}) ] + +end +module M_creusot_contracts__stdqy35z1__option__extern_spec_std_option_T_Option_T_filter_body [#"../../../creusot-contracts/src/std/option.rs" 254 16 256 41] + let%span soption0 = "../../../creusot-contracts/src/std/option.rs" 31 0 423 1 + let%span soption1 = "../../../creusot-contracts/src/std/option.rs" 254 35 254 44 + let%span soption2 = "../../../creusot-contracts/src/std/option.rs" 243 27 246 17 + let%span soption3 = "../../../creusot-contracts/src/std/option.rs" 254 52 254 61 + let%span soption4 = "../../../creusot-contracts/src/std/option.rs" 247 26 253 17 + let%span sops5 = "../../../creusot-contracts/src/std/ops.rs" 148 0 170 1 + let%span sinvariant6 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 - constant a : t_Enumerate'0 + type t_T'0 - constant ab : Seq.seq (usize, t_Item'0) + type t_Option'0 = + | C_None'0 + | C_Some'0 t_T'0 - constant b : t_Enumerate'0 + let rec v_Some'0 (input:t_Option'0) (ret (field_0:t_T'0))= any + [ good (field_0:t_T'0)-> {C_Some'0 field_0 = input} (! ret {field_0}) + | bad -> {forall field_0 : t_T'0 [C_Some'0 field_0 : t_Option'0] . C_Some'0 field_0 <> input} (! {false} any) ] + - constant bc : Seq.seq (usize, t_Item'0) + type t_P'0 - constant c : t_Enumerate'0 + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_P'0) - function produces_trans'0 [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 96 4 96 90] (a : t_Enumerate'0) (ab : Seq.seq (usize, t_Item'0)) (b : t_Enumerate'0) (bc : Seq.seq (usize, t_Item'0)) (c : t_Enumerate'0) : () - + use prelude.prelude.Borrow - goal vc_produces_trans'0 : ([%#senumerate4] produces'0 b bc c) - -> ([%#senumerate3] produces'0 a ab b) - -> ([%#senumerate2] inv'0 c) - -> ([%#senumerate1] inv'0 b) -> ([%#senumerate0] inv'0 a) -> ([%#senumerate5] produces'0 a (Seq.(++) ab bc) c) -end -module M_creusot_contracts__stdqy35z1__iter__filter__qyi9573749579793237160__produces_refl [#"../../../creusot-contracts/src/std/iter/filter.rs" 106 4 106 26] (* as std::iter::Iterator> *) - let%span sfilter0 = "../../../creusot-contracts/src/std/iter/filter.rs" 104 15 104 24 - let%span sfilter1 = "../../../creusot-contracts/src/std/iter/filter.rs" 105 14 105 45 - let%span sfilter2 = "../../../creusot-contracts/src/std/iter/filter.rs" 102 4 102 10 - let%span sfilter3 = "../../../creusot-contracts/src/std/iter/filter.rs" 87 12 98 17 - let%span sfilter4 = "../../../creusot-contracts/src/std/iter/filter.rs" 22 14 22 39 - let%span sfilter5 = "../../../creusot-contracts/src/std/iter/filter.rs" 15 14 15 39 - let%span sfilter6 = "../../../creusot-contracts/src/std/iter/filter.rs" 34 12 40 124 - let%span sops7 = "../../../creusot-contracts/src/std/ops.rs" 105 15 105 59 - let%span sops8 = "../../../creusot-contracts/src/std/ops.rs" 106 14 106 36 - let%span sops9 = "../../../creusot-contracts/src/std/ops.rs" 111 14 111 31 - let%span sops10 = "../../../creusot-contracts/src/std/ops.rs" 116 15 116 29 - let%span sops11 = "../../../creusot-contracts/src/std/ops.rs" 117 15 117 26 - let%span sops12 = "../../../creusot-contracts/src/std/ops.rs" 118 14 118 28 - let%span sops13 = "../../../creusot-contracts/src/std/ops.rs" 123 14 124 105 - let%span siter14 = "../../../creusot-contracts/src/std/iter.rs" 38 15 38 24 - let%span siter15 = "../../../creusot-contracts/src/std/iter.rs" 39 14 39 45 - let%span siter16 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 21 - let%span siter17 = "../../../creusot-contracts/src/std/iter.rs" 44 15 44 21 - let%span siter18 = "../../../creusot-contracts/src/std/iter.rs" 45 15 45 21 - let%span siter19 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 - let%span siter20 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 - let%span siter21 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) - type t_I'0 + predicate invariant'0 [#"../../../creusot-contracts/src/invariant.rs" 23 4 23 30] (self : t_T'0) = + [%#sinvariant6] inv'0 self - type t_F'0 + predicate inv'5 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) - type t_Filter'0 = - { t_Filter__iter'0: t_I'0; t_Filter__predicate'0: t_F'0 } + axiom inv_axiom'3 [@rewrite] : forall x : t_T'0 [inv'5 x] . inv'5 x = invariant'0 x - use prelude.prelude.Borrow + predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) - type t_Item'0 + axiom inv_axiom'1 [@rewrite] : forall x : t_T'0 [inv'3 x] . inv'3 x = (let (x0) = x in inv'5 x0) - predicate precondition'0 [#"../../../creusot-contracts/src/std/ops.rs" 73 4 73 45] (self : t_F'0) (args : t_Item'0) + predicate precondition'0 [#"../../../creusot-contracts/src/std/ops.rs" 73 4 73 45] (self : t_P'0) (args : t_T'0) - predicate postcondition_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 81 4 81 73] (self : t_F'0) (args : t_Item'0) (result : bool) - + predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : bool) - predicate resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_F'0) + axiom inv_axiom'2 [@rewrite] : forall x : bool [inv'4 x] . inv'4 x = true - predicate postcondition_mut'0 [#"../../../creusot-contracts/src/std/ops.rs" 91 4 91 92] (self : t_F'0) (args : t_Item'0) (result_state : t_F'0) (result : bool) + predicate postcondition_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 81 4 81 73] (self : t_P'0) (args : t_T'0) (result : bool) - function fn_mut_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 125 4 125 55] (self : t_F'0) (args : t_Item'0) (res : bool) : () + let rec call_once'0 (self:t_P'0) (args:t_T'0) (return' (ret:bool))= {[@expl:call_once 'self' type invariant] inv'1 self} + {[@expl:call_once 'args' type invariant] inv'3 args} + {[@expl:call_once requires] [%#sops5] precondition'0 self args} + any + [ return' (result:bool)-> {inv'4 result} {[%#sops5] postcondition_once'0 self args result} (! return' {result}) ] - axiom fn_mut_once'0_spec : forall self : t_F'0, args : t_Item'0, res : bool . [%#sops13] postcondition_once'0 self args res - = (exists res_state : t_F'0 . postcondition_mut'0 self args res_state res /\ resolve'0 res_state) + predicate resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_T'0) - predicate unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 99 4 99 36] (self : t_F'0) (_2 : t_F'0) + predicate resolve'1 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_P'0) - function unnest_trans'0 [#"../../../creusot-contracts/src/std/ops.rs" 119 4 119 43] (self : t_F'0) (b : t_F'0) (c : t_F'0) : () - + use prelude.prelude.Intrinsic - axiom unnest_trans'0_spec : forall self : t_F'0, b : t_F'0, c : t_F'0 . ([%#sops10] unnest'0 self b) - -> ([%#sops11] unnest'0 b c) -> ([%#sops12] unnest'0 self c) + predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Option'0) - function unnest_refl'0 [#"../../../creusot-contracts/src/std/ops.rs" 112 4 112 24] (self : t_F'0) : () + axiom inv_axiom'0 [@rewrite] : forall x : t_Option'0 [inv'2 x] . inv'2 x + = match x with + | C_None'0 -> true + | C_Some'0 a_0 -> inv'0 a_0 + end - axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops9] unnest'0 self self + meta "compute_max_steps" 1000000 - function postcondition_mut_unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 107 4 107 85] (self : t_F'0) (args : t_Item'0) (res_state : t_F'0) (res : bool) : () + let rec extern_spec_std_option_T_Option_T_filter_body'0 (self_:t_Option'0) (predicate':t_P'0) (return' (ret:t_Option'0))= {[@expl:extern_spec_std_option_T_Option_T_filter_body 'self_' type invariant] [%#soption0] inv'2 self_} + {[@expl:extern_spec_std_option_T_Option_T_filter_body 'predicate' type invariant] [%#soption1] inv'1 predicate'} + {[@expl:extern_spec_std_option_T_Option_T_filter_body requires] [%#soption2] match self_ with + | C_None'0 -> true + | C_Some'0 t -> precondition'0 predicate' (t) + end} + (! bb0 + [ bb0 = bb1 + | bb1 = bb2 + | bb2 = any [ br0 -> {self_ = C_None'0 } (! bb4) | br1 (x0:t_T'0)-> {self_ = C_Some'0 x0} (! bb5) ] + | bb5 = s0 + [ s0 = v_Some'0 {self_} (fun (r0'0:t_T'0) -> [ &t <- r0'0 ] s1) + | s1 = [ &_11 <- t ] s2 + | s2 = [ &_9 <- (_11) ] s3 + | s3 = call_once'0 {predicate'} {_9} (fun (_ret':bool) -> [ &_7 <- _ret' ] s4) + | s4 = bb7 ] + + | bb7 = any [ br0 -> {_7 = false} (! bb10) | br1 -> {_7} (! bb8) ] + | bb8 = s0 [ s0 = [ &_0 <- C_Some'0 t ] s1 | s1 = bb9 ] + | bb9 = bb12 + | bb10 = s0 [ s0 = {[@expl:type invariant] inv'0 t} s1 | s1 = -{resolve'0 t}- s2 | s2 = bb11 ] + | bb11 = s0 [ s0 = [ &_0 <- C_None'0 ] s1 | s1 = bb12 ] + | bb12 = bb13 + | bb13 = bb14 + | bb4 = s0 [ s0 = {[@expl:type invariant] inv'1 predicate'} s1 | s1 = -{resolve'1 predicate'}- s2 | s2 = bb6 ] + | bb6 = s0 [ s0 = [ &_0 <- C_None'0 ] s1 | s1 = bb14 ] + | bb14 = bb15 + | bb15 = bb16 + | bb16 = return' {_0} ] + ) + [ & _0 : t_Option'0 = any_l () + | & self_ : t_Option'0 = self_ + | & predicate' : t_P'0 = predicate' + | & t : t_T'0 = any_l () + | & _7 : bool = any_l () + | & _9 : t_T'0 = any_l () + | & _11 : t_T'0 = any_l () ] + [ return' (result:t_Option'0)-> {[@expl:extern_spec_std_option_T_Option_T_filter_body result type invariant] [%#soption3] inv'2 result} + {[@expl:extern_spec_std_option_T_Option_T_filter_body ensures] [%#soption4] match self_ with + | C_None'0 -> result = C_None'0 + | C_Some'0 t -> match result with + | C_None'0 -> postcondition_once'0 predicate' (t) false /\ resolve'0 t + | C_Some'0 r -> postcondition_once'0 predicate' (t) true /\ r = t + end + end} + (! return' {result}) ] + +end +module M_creusot_contracts__stdqy35z1__option__extern_spec_std_option_T_Option_T_or_else_body [#"../../../creusot-contracts/src/std/option.rs" 273 16 275 44] + let%span soption0 = "../../../creusot-contracts/src/std/option.rs" 31 0 423 1 + let%span soption1 = "../../../creusot-contracts/src/std/option.rs" 273 36 273 37 + let%span soption2 = "../../../creusot-contracts/src/std/option.rs" 273 45 273 54 + let%span soption3 = "../../../creusot-contracts/src/std/option.rs" 269 26 272 17 + let%span sops4 = "../../../creusot-contracts/src/std/ops.rs" 148 0 170 1 - axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : t_Item'0, res_state : t_F'0, res : bool . ([%#sops7] postcondition_mut'0 self args res_state res) - -> ([%#sops8] unnest'0 self res_state) - - predicate invariant'0 [#"../../../creusot-contracts/src/std/iter/filter.rs" 31 4 31 30] (self : t_Filter'0) = - [%#sfilter6] forall f : t_F'0, i : t_Item'0 . precondition'0 f (i) - /\ (forall f : t_F'0, g : t_F'0 . unnest'0 f g -> f = g) - /\ (forall f1 : t_F'0, f2 : t_F'0, i : t_Item'0 . not (postcondition_mut'0 f1 (i) f2 true - /\ postcondition_mut'0 f1 (i) f2 false)) - - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) + type t_T'0 - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_F'0) + type t_Option'0 = + | C_None'0 + | C_Some'0 t_T'0 - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Filter'0) + type t_F'0 - axiom inv_axiom'0 [@rewrite] : forall x : t_Filter'0 [inv'0 x] . inv'0 x - = (invariant'0 x - /\ match x with - | {t_Filter__iter'0 = iter ; t_Filter__predicate'0 = predicate'} -> inv'1 iter /\ inv'2 predicate' - end) + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_F'0) - use seq.Seq + use prelude.prelude.Borrow - use seq.Seq + predicate resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_F'0) - function func'0 [#"../../../creusot-contracts/src/std/iter/filter.rs" 23 4 23 22] (self : t_Filter'0) : t_F'0 + let rec v_Some'0 (input:t_Option'0) (ret (field_0:t_T'0))= any + [ good (field_0:t_T'0)-> {C_Some'0 field_0 = input} (! ret {field_0}) + | bad -> {forall field_0 : t_T'0 [C_Some'0 field_0 : t_Option'0] . C_Some'0 field_0 <> input} (! {false} any) ] + - axiom func'0_spec : forall self : t_Filter'0 . [%#sfilter4] inv'0 self -> inv'2 (func'0 self) + predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : ()) - use prelude.prelude.Int + axiom inv_axiom'1 [@rewrite] : forall x : () [inv'2 x] . inv'2 x = true - use map.Map + predicate precondition'0 [#"../../../creusot-contracts/src/std/ops.rs" 73 4 73 45] (self : t_F'0) (args : ()) - function iter'0 [#"../../../creusot-contracts/src/std/iter/filter.rs" 16 4 16 22] (self : t_Filter'0) : t_I'0 + predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) - axiom iter'0_spec : forall self : t_Filter'0 . [%#sfilter5] inv'0 self -> inv'1 (iter'0 self) + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Option'0) - use seq.Seq + axiom inv_axiom'0 [@rewrite] : forall x : t_Option'0 [inv'1 x] . inv'1 x + = match x with + | C_None'0 -> true + | C_Some'0 a_0 -> inv'3 a_0 + end - predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) + predicate postcondition_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 81 4 81 73] (self : t_F'0) (args : ()) (result : t_Option'0) - function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + let rec call_once'0 (self:t_F'0) (args:()) (return' (ret:t_Option'0))= {[@expl:call_once 'self' type invariant] inv'0 self} + {[@expl:call_once 'args' type invariant] inv'2 args} + {[@expl:call_once requires] [%#sops4] precondition'0 self args} + any + [ return' (result:t_Option'0)-> {inv'1 result} + {[%#sops4] postcondition_once'0 self args result} + (! return' {result}) ] - axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter16] inv'1 a) - -> ([%#siter17] inv'1 b) - -> ([%#siter18] inv'1 c) - -> ([%#siter19] produces'1 a ab b) - -> ([%#siter20] produces'1 b bc c) -> ([%#siter21] produces'1 a (Seq.(++) ab bc) c) - - function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 40 4 40 27] (self : t_I'0) : () - - axiom produces_refl'1_spec : forall self : t_I'0 . ([%#siter14] inv'1 self) - -> ([%#siter15] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) - - use seq.Seq - - use map.Map + use prelude.prelude.Intrinsic - use seq.Seq + meta "compute_max_steps" 1000000 - predicate produces'0 [#"../../../creusot-contracts/src/std/iter/filter.rs" 85 4 85 67] (self : t_Filter'0) (visited : Seq.seq t_Item'0) (succ : t_Filter'0) + let rec extern_spec_std_option_T_Option_T_or_else_body'0 (self_:t_Option'0) (f:t_F'0) (return' (ret:t_Option'0))= {[@expl:extern_spec_std_option_T_Option_T_or_else_body 'self_' type invariant] [%#soption0] inv'1 self_} + {[@expl:extern_spec_std_option_T_Option_T_or_else_body 'f' type invariant] [%#soption1] inv'0 f} + {[@expl:extern_spec_std_option_T_Option_T_or_else_body requires] [%#soption0] self_ = C_None'0 + -> precondition'0 f ()} + (! bb0 + [ bb0 = bb1 + | bb1 = bb2 + | bb2 = any [ br0 -> {self_ = C_None'0 } (! bb4) | br1 (x0:t_T'0)-> {self_ = C_Some'0 x0} (! bb5) ] + | bb5 = s0 + [ s0 = {[@expl:type invariant] inv'0 f} s1 + | s1 = -{resolve'0 f}- s2 + | s2 = v_Some'0 {self_} (fun (r0'0:t_T'0) -> [ &t <- r0'0 ] s3) + | s3 = [ &_0 <- C_Some'0 t ] s4 + | s4 = bb8 ] + + | bb8 = bb9 + | bb9 = bb10 + | bb4 = bb6 + | bb6 = s0 [ s0 = call_once'0 {f} {_7} (fun (_ret':t_Option'0) -> [ &_0 <- _ret' ] s1) | s1 = bb7 ] + | bb7 = bb10 + | bb10 = bb11 + | bb11 = bb12 + | bb12 = return' {_0} ] + ) + [ & _0 : t_Option'0 = any_l () + | & self_ : t_Option'0 = self_ + | & f : t_F'0 = f + | & _7 : () = any_l () + | & t : t_T'0 = any_l () ] + + [ return' (result:t_Option'0)-> {[@expl:extern_spec_std_option_T_Option_T_or_else_body result type invariant] [%#soption2] inv'1 result} + {[@expl:extern_spec_std_option_T_Option_T_or_else_body ensures] [%#soption3] match self_ with + | C_None'0 -> postcondition_once'0 f () result + | C_Some'0 t -> result = C_Some'0 t + end} + (! return' {result}) ] - = - [%#sfilter3] unnest'0 (func'0 self) (func'0 succ) - /\ (exists s : Seq.seq t_Item'0, f : Map.map int int . produces'1 (iter'0 self) s (iter'0 succ) - /\ (forall i : int, j : int . 0 <= i /\ i <= j /\ j < Seq.length visited - -> 0 <= Map.get f i /\ Map.get f i <= Map.get f j /\ Map.get f j < Seq.length s) - /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> Seq.get visited i = Seq.get s (Map.get f i)) - /\ (forall i : int . 0 <= i /\ i < Seq.length s - -> (exists j : int . 0 <= j /\ j < Seq.length visited /\ Map.get f j = i) - = postcondition_mut'0 (func'0 self) (Seq.get s i) (func'0 self) true)) - - constant self : t_Filter'0 - - function produces_refl'0 [#"../../../creusot-contracts/src/std/iter/filter.rs" 106 4 106 26] (self : t_Filter'0) : () - - goal vc_produces_refl'0 : ([%#sfilter0] inv'0 self) - -> ([%#sfilter1] produces'0 self (Seq.empty : Seq.seq t_Item'0) self) end -module M_creusot_contracts__stdqy35z1__iter__filter__qyi9573749579793237160__produces_trans [#"../../../creusot-contracts/src/std/iter/filter.rs" 116 4 116 90] (* as std::iter::Iterator> *) - let%span sfilter0 = "../../../creusot-contracts/src/std/iter/filter.rs" 110 15 110 21 - let%span sfilter1 = "../../../creusot-contracts/src/std/iter/filter.rs" 111 15 111 21 - let%span sfilter2 = "../../../creusot-contracts/src/std/iter/filter.rs" 112 15 112 21 - let%span sfilter3 = "../../../creusot-contracts/src/std/iter/filter.rs" 113 15 113 32 - let%span sfilter4 = "../../../creusot-contracts/src/std/iter/filter.rs" 114 15 114 32 - let%span sfilter5 = "../../../creusot-contracts/src/std/iter/filter.rs" 115 14 115 42 - let%span sfilter6 = "../../../creusot-contracts/src/std/iter/filter.rs" 108 4 108 10 - let%span sfilter7 = "../../../creusot-contracts/src/std/iter/filter.rs" 87 12 98 17 - let%span sfilter8 = "../../../creusot-contracts/src/std/iter/filter.rs" 22 14 22 39 - let%span sfilter9 = "../../../creusot-contracts/src/std/iter/filter.rs" 15 14 15 39 - let%span sfilter10 = "../../../creusot-contracts/src/std/iter/filter.rs" 34 12 40 124 - let%span sops11 = "../../../creusot-contracts/src/std/ops.rs" 105 15 105 59 - let%span sops12 = "../../../creusot-contracts/src/std/ops.rs" 106 14 106 36 - let%span sops13 = "../../../creusot-contracts/src/std/ops.rs" 111 14 111 31 - let%span sops14 = "../../../creusot-contracts/src/std/ops.rs" 116 15 116 29 - let%span sops15 = "../../../creusot-contracts/src/std/ops.rs" 117 15 117 26 - let%span sops16 = "../../../creusot-contracts/src/std/ops.rs" 118 14 118 28 - let%span sops17 = "../../../creusot-contracts/src/std/ops.rs" 123 14 124 105 - let%span siter18 = "../../../creusot-contracts/src/std/iter.rs" 38 15 38 24 - let%span siter19 = "../../../creusot-contracts/src/std/iter.rs" 39 14 39 45 - let%span siter20 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 21 - let%span siter21 = "../../../creusot-contracts/src/std/iter.rs" 44 15 44 21 - let%span siter22 = "../../../creusot-contracts/src/std/iter.rs" 45 15 45 21 - let%span siter23 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 - let%span siter24 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 - let%span siter25 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 +module M_creusot_contracts__stdqy35z1__option__extern_spec_std_option_T_Option_T_get_or_insert_with_body [#"../../../creusot-contracts/src/std/option.rs" 311 16 313 36] + let%span soption0 = "../../../creusot-contracts/src/std/option.rs" 31 0 423 1 + let%span soption1 = "../../../creusot-contracts/src/std/option.rs" 311 52 311 53 + let%span soption2 = "../../../creusot-contracts/src/std/option.rs" 306 27 306 63 + let%span soption3 = "../../../creusot-contracts/src/std/option.rs" 311 61 311 67 + let%span soption4 = "../../../creusot-contracts/src/std/option.rs" 307 26 310 17 + let%span sops5 = "../../../creusot-contracts/src/std/ops.rs" 148 0 170 1 + let%span soption6 = "../../../creusot-contracts/src/std/option.rs" 62 26 62 75 + let%span soption7 = "../../../creusot-contracts/src/std/option.rs" 64 20 65 100 + let%span soption8 = "../../../creusot-contracts/src/std/option.rs" 31 0 423 1 + let%span sresolve9 = "../../../creusot-contracts/src/resolve.rs" 54 20 54 34 + let%span sresolve10 = "../../../creusot-contracts/src/resolve.rs" 82 8 85 9 + let%span sinvariant11 = "../../../creusot-contracts/src/invariant.rs" 34 20 34 44 - type t_I'0 + type t_T'0 + + type t_Option'0 = + | C_None'0 + | C_Some'0 t_T'0 type t_F'0 - type t_Filter'0 = - { t_Filter__iter'0: t_I'0; t_Filter__predicate'0: t_F'0 } + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_F'0) use prelude.prelude.Borrow - type t_Item'0 - - predicate precondition'0 [#"../../../creusot-contracts/src/std/ops.rs" 73 4 73 45] (self : t_F'0) (args : t_Item'0) - - predicate postcondition_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 81 4 81 73] (self : t_F'0) (args : t_Item'0) (result : bool) - - predicate resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_F'0) - predicate postcondition_mut'0 [#"../../../creusot-contracts/src/std/ops.rs" 91 4 91 92] (self : t_F'0) (args : t_Item'0) (result_state : t_F'0) (result : bool) - + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) - function fn_mut_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 125 4 125 55] (self : t_F'0) (args : t_Item'0) (res : bool) : () + let rec v_Some'0 (input:t_Option'0) (ret (field_0:t_T'0))= any + [ good (field_0:t_T'0)-> {C_Some'0 field_0 = input} (! ret {field_0}) + | bad -> {forall field_0 : t_T'0 [C_Some'0 field_0 : t_Option'0] . C_Some'0 field_0 <> input} (! {false} any) ] - axiom fn_mut_once'0_spec : forall self : t_F'0, args : t_Item'0, res : bool . [%#sops17] postcondition_once'0 self args res - = (exists res_state : t_F'0 . postcondition_mut'0 self args res_state res /\ resolve'0 res_state) - - predicate unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 99 4 99 36] (self : t_F'0) (_2 : t_F'0) - - function unnest_trans'0 [#"../../../creusot-contracts/src/std/ops.rs" 119 4 119 43] (self : t_F'0) (b : t_F'0) (c : t_F'0) : () - + predicate invariant'0 [#"../../../creusot-contracts/src/invariant.rs" 33 4 33 30] (self : borrowed t_T'0) = + [%#sinvariant11] inv'1 self.current /\ inv'1 self.final - axiom unnest_trans'0_spec : forall self : t_F'0, b : t_F'0, c : t_F'0 . ([%#sops14] unnest'0 self b) - -> ([%#sops15] unnest'0 b c) -> ([%#sops16] unnest'0 self c) + predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : borrowed t_T'0) - function unnest_refl'0 [#"../../../creusot-contracts/src/std/ops.rs" 112 4 112 24] (self : t_F'0) : () + axiom inv_axiom'0 [@rewrite] : forall x : borrowed t_T'0 [inv'2 x] . inv'2 x = invariant'0 x - axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops13] unnest'0 self self + predicate resolve'4 [#"../../../creusot-contracts/src/resolve.rs" 53 4 53 28] (self : borrowed t_T'0) = + [%#sresolve9] self.final = self.current - function postcondition_mut_unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 107 4 107 85] (self : t_F'0) (args : t_Item'0) (res_state : t_F'0) (res : bool) : () - + predicate resolve'1 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : borrowed t_T'0) = + resolve'4 _1 - axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : t_Item'0, res_state : t_F'0, res : bool . ([%#sops11] postcondition_mut'0 self args res_state res) - -> ([%#sops12] unnest'0 self res_state) + predicate inv'5 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : ()) - predicate invariant'0 [#"../../../creusot-contracts/src/std/iter/filter.rs" 31 4 31 30] (self : t_Filter'0) = - [%#sfilter10] forall f : t_F'0, i : t_Item'0 . precondition'0 f (i) - /\ (forall f : t_F'0, g : t_F'0 . unnest'0 f g -> f = g) - /\ (forall f1 : t_F'0, f2 : t_F'0, i : t_Item'0 . not (postcondition_mut'0 f1 (i) f2 true - /\ postcondition_mut'0 f1 (i) f2 false)) + axiom inv_axiom'3 [@rewrite] : forall x : () [inv'5 x] . inv'5 x = true - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) + predicate precondition'0 [#"../../../creusot-contracts/src/std/ops.rs" 73 4 73 45] (self : t_F'0) (args : ()) - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_F'0) + predicate postcondition_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 81 4 81 73] (self : t_F'0) (args : ()) (result : t_T'0) + - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Filter'0) + let rec call_once'0 (self:t_F'0) (args:()) (return' (ret:t_T'0))= {[@expl:call_once 'self' type invariant] inv'0 self} + {[@expl:call_once 'args' type invariant] inv'5 args} + {[@expl:call_once requires] [%#sops5] precondition'0 self args} + any + [ return' (result:t_T'0)-> {inv'1 result} {[%#sops5] postcondition_once'0 self args result} (! return' {result}) ] + - axiom inv_axiom'0 [@rewrite] : forall x : t_Filter'0 [inv'0 x] . inv'0 x - = (invariant'0 x - /\ match x with - | {t_Filter__iter'0 = iter ; t_Filter__predicate'0 = predicate'} -> inv'1 iter /\ inv'2 predicate' - end) + predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Option'0) - use seq.Seq + axiom inv_axiom'1 [@rewrite] : forall x : t_Option'0 [inv'3 x] . inv'3 x + = match x with + | C_None'0 -> true + | C_Some'0 a_0 -> inv'1 a_0 + end - function func'0 [#"../../../creusot-contracts/src/std/iter/filter.rs" 23 4 23 22] (self : t_Filter'0) : t_F'0 + predicate resolve'7 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_T'0) - axiom func'0_spec : forall self : t_Filter'0 . [%#sfilter8] inv'0 self -> inv'2 (func'0 self) + predicate resolve'5 [#"../../../creusot-contracts/src/resolve.rs" 81 4 81 28] (self : t_Option'0) = + [%#sresolve10] match self with + | C_Some'0 x -> resolve'7 x + | C_None'0 -> true + end - use prelude.prelude.Int + predicate resolve'2 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_Option'0) = + resolve'5 _1 - use map.Map + predicate invariant'1 [#"../../../creusot-contracts/src/invariant.rs" 33 4 33 30] (self : borrowed (t_Option'0)) = + [%#sinvariant11] inv'3 self.current /\ inv'3 self.final - function iter'0 [#"../../../creusot-contracts/src/std/iter/filter.rs" 16 4 16 22] (self : t_Filter'0) : t_I'0 + predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : borrowed (t_Option'0)) - axiom iter'0_spec : forall self : t_Filter'0 . [%#sfilter9] inv'0 self -> inv'1 (iter'0 self) + axiom inv_axiom'2 [@rewrite] : forall x : borrowed (t_Option'0) [inv'4 x] . inv'4 x = invariant'1 x - use seq.Seq + type t_Option'1 = + | C_None'1 + | C_Some'1 (borrowed t_T'0) - use seq.Seq + predicate inv'6 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Option'1) - predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - + axiom inv_axiom'4 [@rewrite] : forall x : t_Option'1 [inv'6 x] . inv'6 x + = match x with + | C_None'1 -> true + | C_Some'1 a_0 -> inv'2 a_0 + end - function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + let rec as_mut'0 (self:borrowed (t_Option'0)) (return' (ret:t_Option'1))= {[@expl:as_mut 'self' type invariant] inv'4 self} + any + [ return' (result:t_Option'1)-> {inv'6 result} + {[%#soption6] self.current = C_None'0 -> result = C_None'1 /\ self.final = C_None'0} + {[%#soption7] self.current = C_None'0 + \/ (exists r : borrowed t_T'0 . result = C_Some'1 r + /\ self.current = C_Some'0 (r.current) /\ self.final = C_Some'0 (r.final))} + (! return' {result}) ] - axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter20] inv'1 a) - -> ([%#siter21] inv'1 b) - -> ([%#siter22] inv'1 c) - -> ([%#siter23] produces'1 a ab b) - -> ([%#siter24] produces'1 b bc c) -> ([%#siter25] produces'1 a (Seq.(++) ab bc) c) - - function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 40 4 40 27] (self : t_I'0) : () + let rec unwrap'0 (self:t_Option'1) (return' (ret:borrowed t_T'0))= {[@expl:unwrap 'self' type invariant] inv'6 self} + {[@expl:unwrap requires] [%#soption8] self <> C_None'1} + any [ return' (result:borrowed t_T'0)-> {inv'2 result} {[%#soption8] C_Some'1 result = self} (! return' {result}) ] - axiom produces_refl'0_spec : forall self : t_I'0 . ([%#siter18] inv'1 self) - -> ([%#siter19] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) + predicate resolve'6 [#"../../../creusot-contracts/src/resolve.rs" 53 4 53 28] (self : borrowed (t_Option'0)) = + [%#sresolve9] self.final = self.current - use seq.Seq + predicate resolve'3 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : borrowed (t_Option'0)) = + resolve'6 _1 - use map.Map + use prelude.prelude.Intrinsic - use seq.Seq + meta "compute_max_steps" 1000000 - predicate produces'0 [#"../../../creusot-contracts/src/std/iter/filter.rs" 85 4 85 67] (self : t_Filter'0) (visited : Seq.seq t_Item'0) (succ : t_Filter'0) + let rec extern_spec_std_option_T_Option_T_get_or_insert_with_body'0 (self_:borrowed (t_Option'0)) (f:t_F'0) (return' (ret:borrowed t_T'0))= {[@expl:extern_spec_std_option_T_Option_T_get_or_insert_with_body 'self_' type invariant] [%#soption0] inv'4 self_} + {[@expl:extern_spec_std_option_T_Option_T_get_or_insert_with_body 'f' type invariant] [%#soption1] inv'0 f} + {[@expl:extern_spec_std_option_T_Option_T_get_or_insert_with_body requires] [%#soption2] self_.current = C_None'0 + -> precondition'0 f ()} + (! bb0 + [ bb0 = bb1 + | bb1 = bb2 + | bb2 = any [ br0 -> {self_.current = C_None'0 } (! bb4) | br1 (x0:t_T'0)-> {self_.current = C_Some'0 x0} (! bb5) ] + | bb5 = s0 + [ s0 = {[@expl:type invariant] inv'0 f} s1 + | s1 = -{resolve'0 f}- s2 + | s2 = v_Some'0 {self_.current} + (fun (r0'0:t_T'0) -> + {inv'1 r0'0} + Borrow.borrow_final {r0'0} {Borrow.inherit_id (Borrow.get_id self_) 1} + (fun (_ret':borrowed t_T'0) -> + [ &t <- _ret' ] + -{inv'1 _ret'.final}- + [ &self_ <- { self_ with current = C_Some'0 _ret'.final } ] + s3)) + | s3 = {inv'1 t.current} + Borrow.borrow_final {t.current} {Borrow.get_id t} + (fun (_ret':borrowed t_T'0) -> + [ &_6 <- _ret' ] + -{inv'1 _ret'.final}- + [ &t <- { t with current = _ret'.final } ] + s4) + | s4 = {[@expl:type invariant] inv'2 t} s5 + | s5 = -{resolve'1 t}- s6 + | s6 = bb14 ] + + | bb4 = bb6 + | bb6 = s0 [ s0 = call_once'0 {f} {_12} (fun (_ret':t_T'0) -> [ &_10 <- _ret' ] s1) | s1 = bb7 ] + | bb7 = s0 [ s0 = [ &_9 <- C_Some'0 _10 ] s1 | s1 = bb8 ] + | bb8 = bb9 + | bb9 = s0 + [ s0 = {[@expl:type invariant] match self_ with + | {current = x'0} -> inv'3 x'0 + | _ -> true + end} + s1 + | s1 = -{match self_ with + | {current = x'1} -> resolve'2 x'1 + | _ -> true + end}- + s2 + | s2 = [ &self_ <- { self_ with current = _9 } ] s3 + | s3 = bb11 ] + + | bb11 = s0 + [ s0 = {inv'3 self_.current} + Borrow.borrow_final {self_.current} {Borrow.get_id self_} + (fun (_ret':borrowed (t_Option'0)) -> + [ &_15 <- _ret' ] + -{inv'3 _ret'.final}- + [ &self_ <- { self_ with current = _ret'.final } ] + s1) + | s1 = as_mut'0 {_15} (fun (_ret':t_Option'1) -> [ &_14 <- _ret' ] s2) + | s2 = bb12 ] + + | bb12 = s0 [ s0 = unwrap'0 {_14} (fun (_ret':borrowed t_T'0) -> [ &_13 <- _ret' ] s1) | s1 = bb13 ] + | bb13 = s0 + [ s0 = {inv'1 _13.current} + Borrow.borrow_final {_13.current} {Borrow.get_id _13} + (fun (_ret':borrowed t_T'0) -> + [ &_8 <- _ret' ] + -{inv'1 _ret'.final}- + [ &_13 <- { _13 with current = _ret'.final } ] + s1) + | s1 = {inv'1 _8.current} + Borrow.borrow_final {_8.current} {Borrow.get_id _8} + (fun (_ret':borrowed t_T'0) -> + [ &_6 <- _ret' ] + -{inv'1 _ret'.final}- + [ &_8 <- { _8 with current = _ret'.final } ] + s2) + | s2 = {[@expl:type invariant] inv'2 _13} s3 + | s3 = -{resolve'1 _13}- s4 + | s4 = {[@expl:type invariant] inv'2 _8} s5 + | s5 = -{resolve'1 _8}- s6 + | s6 = bb14 ] + + | bb14 = s0 + [ s0 = {inv'1 _6.current} + Borrow.borrow_final {_6.current} {Borrow.get_id _6} + (fun (_ret':borrowed t_T'0) -> + [ &_3 <- _ret' ] + -{inv'1 _ret'.final}- + [ &_6 <- { _6 with current = _ret'.final } ] + s1) + | s1 = {inv'1 _3.current} + Borrow.borrow_final {_3.current} {Borrow.get_id _3} + (fun (_ret':borrowed t_T'0) -> + [ &_0 <- _ret' ] + -{inv'1 _ret'.final}- + [ &_3 <- { _3 with current = _ret'.final } ] + s2) + | s2 = {[@expl:type invariant] inv'2 _6} s3 + | s3 = -{resolve'1 _6}- s4 + | s4 = {[@expl:type invariant] inv'2 _3} s5 + | s5 = -{resolve'1 _3}- s6 + | s6 = bb15 ] + + | bb15 = s0 [ s0 = {[@expl:type invariant] inv'4 self_} s1 | s1 = -{resolve'3 self_}- s2 | s2 = return' {_0} ] ] + ) + [ & _0 : borrowed t_T'0 = any_l () + | & self_ : borrowed (t_Option'0) = self_ + | & f : t_F'0 = f + | & _3 : borrowed t_T'0 = any_l () + | & _6 : borrowed t_T'0 = any_l () + | & _8 : borrowed t_T'0 = any_l () + | & _9 : t_Option'0 = any_l () + | & _10 : t_T'0 = any_l () + | & _12 : () = any_l () + | & _13 : borrowed t_T'0 = any_l () + | & _14 : t_Option'1 = any_l () + | & _15 : borrowed (t_Option'0) = any_l () + | & t : borrowed t_T'0 = any_l () ] + + [ return' (result:borrowed t_T'0)-> {[@expl:extern_spec_std_option_T_Option_T_get_or_insert_with_body result type invariant] [%#soption3] inv'2 result} + {[@expl:extern_spec_std_option_T_Option_T_get_or_insert_with_body ensures] [%#soption4] match self_.current with + | C_None'0 -> postcondition_once'0 f () result.current /\ self_.final = C_Some'0 (result.final) + | C_Some'0 _ -> self_.current = C_Some'0 (result.current) /\ self_.final = C_Some'0 (result.final) + end} + (! return' {result}) ] + +end +module M_creusot_contracts__stdqy35z1__option__extern_spec_std_option_T_Option_T_take_if_body [#"../../../creusot-contracts/src/std/option.rs" 338 16 340 45] + let%span soption0 = "../../../creusot-contracts/src/std/option.rs" 31 0 423 1 + let%span soption1 = "../../../creusot-contracts/src/std/option.rs" 338 41 338 50 + let%span soption2 = "../../../creusot-contracts/src/std/option.rs" 324 27 327 17 + let%span soption3 = "../../../creusot-contracts/src/std/option.rs" 338 58 338 67 + let%span soption4 = "../../../creusot-contracts/src/std/option.rs" 328 26 337 17 + let%span sops5 = "../../../creusot-contracts/src/std/ops.rs" 148 0 170 1 + let%span soption6 = "../../../creusot-contracts/src/std/option.rs" 31 0 423 1 + let%span sresolve7 = "../../../creusot-contracts/src/resolve.rs" 54 20 54 34 + let%span sinvariant8 = "../../../creusot-contracts/src/invariant.rs" 34 20 34 44 + + type t_T'0 + + type t_Option'0 = + | C_None'0 + | C_Some'0 t_T'0 + + use prelude.prelude.Borrow + + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) + + let rec v_Some'0 (input:t_Option'0) (ret (field_0:t_T'0))= any + [ good (field_0:t_T'0)-> {C_Some'0 field_0 = input} (! ret {field_0}) + | bad -> {forall field_0 : t_T'0 [C_Some'0 field_0 : t_Option'0] . C_Some'0 field_0 <> input} (! {false} any) ] + + + type t_P'0 + + predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_P'0) + + predicate invariant'0 [#"../../../creusot-contracts/src/invariant.rs" 33 4 33 30] (self : borrowed t_T'0) = + [%#sinvariant8] inv'0 self.current /\ inv'0 self.final + + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : borrowed t_T'0) + + axiom inv_axiom'0 [@rewrite] : forall x : borrowed t_T'0 [inv'1 x] . inv'1 x = invariant'0 x + + predicate inv'5 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : borrowed t_T'0) + + axiom inv_axiom'3 [@rewrite] : forall x : borrowed t_T'0 [inv'5 x] . inv'5 x = (let (x0) = x in inv'1 x0) + + predicate precondition'0 [#"../../../creusot-contracts/src/std/ops.rs" 73 4 73 45] (self : t_P'0) (args : borrowed t_T'0) + + + predicate inv'6 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : bool) + + axiom inv_axiom'4 [@rewrite] : forall x : bool [inv'6 x] . inv'6 x = true + + predicate postcondition_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 81 4 81 73] (self : t_P'0) (args : borrowed t_T'0) (result : bool) + + + let rec call_once'0 (self:t_P'0) (args:borrowed t_T'0) (return' (ret:bool))= {[@expl:call_once 'self' type invariant] inv'4 self} + {[@expl:call_once 'args' type invariant] inv'5 args} + {[@expl:call_once requires] [%#sops5] precondition'0 self args} + any + [ return' (result:bool)-> {inv'6 result} {[%#sops5] postcondition_once'0 self args result} (! return' {result}) ] + + + predicate resolve'3 [#"../../../creusot-contracts/src/resolve.rs" 53 4 53 28] (self : borrowed t_T'0) = + [%#sresolve7] self.final = self.current + + predicate resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : borrowed t_T'0) = + resolve'3 _1 + + predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Option'0) + + axiom inv_axiom'1 [@rewrite] : forall x : t_Option'0 [inv'2 x] . inv'2 x + = match x with + | C_None'0 -> true + | C_Some'0 a_0 -> inv'0 a_0 + end + + predicate invariant'1 [#"../../../creusot-contracts/src/invariant.rs" 33 4 33 30] (self : borrowed (t_Option'0)) = + [%#sinvariant8] inv'2 self.current /\ inv'2 self.final + + predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : borrowed (t_Option'0)) + + axiom inv_axiom'2 [@rewrite] : forall x : borrowed (t_Option'0) [inv'3 x] . inv'3 x = invariant'1 x + + let rec take'0 (self:borrowed (t_Option'0)) (return' (ret:t_Option'0))= {[@expl:take 'self' type invariant] inv'3 self} + any + [ return' (result:t_Option'0)-> {inv'2 result} + {[%#soption6] result = self.current /\ self.final = C_None'0} + (! return' {result}) ] + + + predicate resolve'4 [#"../../../creusot-contracts/src/resolve.rs" 53 4 53 28] (self : borrowed (t_Option'0)) = + [%#sresolve7] self.final = self.current + + predicate resolve'1 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : borrowed (t_Option'0)) = + resolve'4 _1 + + predicate resolve'2 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_P'0) + + use prelude.prelude.Intrinsic + + meta "compute_max_steps" 1000000 + + let rec extern_spec_std_option_T_Option_T_take_if_body'0 (self_:borrowed (t_Option'0)) (predicate':t_P'0) (return' (ret:t_Option'0))= {[@expl:extern_spec_std_option_T_Option_T_take_if_body 'self_' type invariant] [%#soption0] inv'3 self_} + {[@expl:extern_spec_std_option_T_Option_T_take_if_body 'predicate' type invariant] [%#soption1] inv'4 predicate'} + {[@expl:extern_spec_std_option_T_Option_T_take_if_body requires] [%#soption2] match self_.current with + | C_None'0 -> true + | C_Some'0 t -> forall b : borrowed t_T'0 . inv'1 b /\ b.current = t -> precondition'0 predicate' (b) + end} + (! bb0 + [ bb0 = bb1 + | bb1 = bb2 + | bb2 = any [ br0 -> {self_.current = C_None'0 } (! bb4) | br1 (x0:t_T'0)-> {self_.current = C_Some'0 x0} (! bb5) ] + | bb5 = s0 + [ s0 = v_Some'0 {self_.current} + (fun (r0'0:t_T'0) -> + {inv'0 r0'0} + Borrow.borrow_mut {r0'0} + (fun (_ret':borrowed t_T'0) -> + [ &t <- _ret' ] + -{inv'0 _ret'.final}- + [ &self_ <- { self_ with current = C_Some'0 _ret'.final } ] + s1)) + | s1 = {inv'0 t.current} + Borrow.borrow_final {t.current} {Borrow.get_id t} + (fun (_ret':borrowed t_T'0) -> + [ &_10 <- _ret' ] + -{inv'0 _ret'.final}- + [ &t <- { t with current = _ret'.final } ] + s2) + | s2 = [ &_9 <- (_10) ] s3 + | s3 = call_once'0 {predicate'} {_9} (fun (_ret':bool) -> [ &_7 <- _ret' ] s4) + | s4 = bb7 ] + + | bb7 = s0 + [ s0 = {[@expl:type invariant] inv'1 t} s1 + | s1 = -{resolve'0 t}- s2 + | s2 = any [ br0 -> {_7 = false} (! bb10) | br1 -> {_7} (! bb8) ] ] + + | bb8 = s0 + [ s0 = {inv'2 self_.current} + Borrow.borrow_final {self_.current} {Borrow.get_id self_} + (fun (_ret':borrowed (t_Option'0)) -> + [ &_11 <- _ret' ] + -{inv'2 _ret'.final}- + [ &self_ <- { self_ with current = _ret'.final } ] + s1) + | s1 = take'0 {_11} (fun (_ret':t_Option'0) -> [ &_0 <- _ret' ] s2) + | s2 = bb9 ] + + | bb9 = s0 [ s0 = {[@expl:type invariant] inv'3 self_} s1 | s1 = -{resolve'1 self_}- s2 | s2 = bb12 ] + | bb10 = s0 [ s0 = {[@expl:type invariant] inv'3 self_} s1 | s1 = -{resolve'1 self_}- s2 | s2 = bb11 ] + | bb11 = s0 [ s0 = [ &_0 <- C_None'0 ] s1 | s1 = bb12 ] + | bb12 = bb13 + | bb4 = s0 + [ s0 = {[@expl:type invariant] inv'4 predicate'} s1 + | s1 = -{resolve'2 predicate'}- s2 + | s2 = {[@expl:type invariant] inv'3 self_} s3 + | s3 = -{resolve'1 self_}- s4 + | s4 = bb6 ] + + | bb6 = s0 [ s0 = [ &_0 <- C_None'0 ] s1 | s1 = bb13 ] + | bb13 = bb14 + | bb14 = return' {_0} ] + ) + [ & _0 : t_Option'0 = any_l () + | & self_ : borrowed (t_Option'0) = self_ + | & predicate' : t_P'0 = predicate' + | & t : borrowed t_T'0 = any_l () + | & _7 : bool = any_l () + | & _9 : borrowed t_T'0 = any_l () + | & _10 : borrowed t_T'0 = any_l () + | & _11 : borrowed (t_Option'0) = any_l () ] + + [ return' (result:t_Option'0)-> {[@expl:extern_spec_std_option_T_Option_T_take_if_body result type invariant] [%#soption3] inv'2 result} + {[@expl:extern_spec_std_option_T_Option_T_take_if_body ensures] [%#soption4] match self_.current with + | C_None'0 -> result = C_None'0 /\ self_.final = C_None'0 + | C_Some'0 cur -> exists b : borrowed t_T'0, res : bool . inv'1 b + /\ cur = b.current + /\ postcondition_once'0 predicate' (b) res + /\ (if res then + self_.final = C_None'0 /\ result = C_Some'0 (b.final) + else + self_.final = C_Some'0 (b.final) /\ result = C_None'0 + ) + end} + (! return' {result}) ] + +end +module M_creusot_contracts__stdqy35z1__option__qyi10751279649878241649__cmp_le_log [#"../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39] (* as logic::ord::OrdLogic> *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 129 39 129 89 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 127 8 127 35 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 25 20 25 56 + let%span soption3 = "../../../creusot-contracts/src/std/option.rs" 437 8 442 9 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 + let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 + let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 + let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 + let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 + let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 + let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 + let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 + let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 + let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 + let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 + let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 + let%span sord16 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 + + type t_T'0 + + type t_Option'0 = + | C_None'0 + | C_Some'0 t_T'0 + + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 + + function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_T'0) (other : t_T'0) : t_Ordering'0 + + + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_T'0) (y : t_T'0) : () + + axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord16] (x = y) = (cmp_log'1 x y = C_Equal'0) + + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_T'0) (y : t_T'0) : () + + axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord14] cmp_log'1 x y = C_Greater'0) + -> ([%#sord15] cmp_log'1 y x = C_Less'0) + + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_T'0) (y : t_T'0) : () + + axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord12] cmp_log'1 x y = C_Less'0) + -> ([%#sord13] cmp_log'1 y x = C_Greater'0) + + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () + + + axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord9] cmp_log'1 x y = o) + -> ([%#sord10] cmp_log'1 y z = o) -> ([%#sord11] cmp_log'1 x z = o) + + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_T'0) : () + + axiom refl'0_spec : forall x : t_T'0 . [%#sord8] cmp_log'1 x x = C_Equal'0 + + function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_T'0) (o : t_T'0) : bool + + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_T'0) (y : t_T'0) : () + + axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord7] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) + + function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_T'0) (o : t_T'0) : bool + + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_T'0) (y : t_T'0) : () + + axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord6] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) + + function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_T'0) (o : t_T'0) : bool + + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_T'0) (y : t_T'0) : () + + axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) + + function le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_T'0) (o : t_T'0) : bool + + function cmp_le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_T'0) (y : t_T'0) : () + + axiom cmp_le_log'1_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] le_log'1 x y = (cmp_log'1 x y <> C_Greater'0) + + function cmp_log'0 [#"../../../creusot-contracts/src/std/option.rs" 436 4 436 41] (self : t_Option'0) (o : t_Option'0) : t_Ordering'0 = - [%#sfilter7] unnest'0 (func'0 self) (func'0 succ) - /\ (exists s : Seq.seq t_Item'0, f : Map.map int int . produces'1 (iter'0 self) s (iter'0 succ) - /\ (forall i : int, j : int . 0 <= i /\ i <= j /\ j < Seq.length visited - -> 0 <= Map.get f i /\ Map.get f i <= Map.get f j /\ Map.get f j < Seq.length s) - /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> Seq.get visited i = Seq.get s (Map.get f i)) - /\ (forall i : int . 0 <= i /\ i < Seq.length s - -> (exists j : int . 0 <= j /\ j < Seq.length visited /\ Map.get f j = i) - = postcondition_mut'0 (func'0 self) (Seq.get s i) (func'0 self) true)) + [%#soption3] match (self, o) with + | (C_None'0, C_None'0) -> C_Equal'0 + | (C_None'0, C_Some'0 _) -> C_Less'0 + | (C_Some'0 _, C_None'0) -> C_Greater'0 + | (C_Some'0 x, C_Some'0 y) -> cmp_log'1 x y + end + + function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_Option'0) (o : t_Option'0) : bool + + = + [%#sord2] cmp_log'0 self o <> C_Greater'0 + + constant x : t_Option'0 + + constant y : t_Option'0 + + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39] (x : t_Option'0) (y : t_Option'0) : () + + + goal vc_cmp_le_log'0 : [%#sord0] le_log'0 x y = (cmp_log'0 x y <> C_Greater'0) +end +module M_creusot_contracts__stdqy35z1__option__qyi10751279649878241649__cmp_lt_log [#"../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39] (* as logic::ord::OrdLogic> *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 134 39 134 86 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 132 8 132 35 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 36 20 36 53 + let%span soption3 = "../../../creusot-contracts/src/std/option.rs" 437 8 442 9 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 + let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 + let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 + let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 + let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 + let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 + let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 + let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 + let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 + let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 + let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 + let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 + let%span sord16 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 + + type t_T'0 + + type t_Option'0 = + | C_None'0 + | C_Some'0 t_T'0 + + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 + + function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_T'0) (other : t_T'0) : t_Ordering'0 + + + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_T'0) (y : t_T'0) : () + + axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord16] (x = y) = (cmp_log'1 x y = C_Equal'0) + + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_T'0) (y : t_T'0) : () + + axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord14] cmp_log'1 x y = C_Greater'0) + -> ([%#sord15] cmp_log'1 y x = C_Less'0) + + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_T'0) (y : t_T'0) : () + + axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord12] cmp_log'1 x y = C_Less'0) + -> ([%#sord13] cmp_log'1 y x = C_Greater'0) + + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () + - constant a : t_Filter'0 + axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord9] cmp_log'1 x y = o) + -> ([%#sord10] cmp_log'1 y z = o) -> ([%#sord11] cmp_log'1 x z = o) - constant ab : Seq.seq t_Item'0 + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_T'0) : () - constant b : t_Filter'0 + axiom refl'0_spec : forall x : t_T'0 . [%#sord8] cmp_log'1 x x = C_Equal'0 - constant bc : Seq.seq t_Item'0 + function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_T'0) (o : t_T'0) : bool - constant c : t_Filter'0 + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_T'0) (y : t_T'0) : () - function produces_trans'0 [#"../../../creusot-contracts/src/std/iter/filter.rs" 116 4 116 90] (a : t_Filter'0) (ab : Seq.seq t_Item'0) (b : t_Filter'0) (bc : Seq.seq t_Item'0) (c : t_Filter'0) : () + axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord7] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) + + function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_T'0) (o : t_T'0) : bool + + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_T'0) (y : t_T'0) : () + + axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord6] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) + + function lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_T'0) (o : t_T'0) : bool + + function cmp_lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_T'0) (y : t_T'0) : () + + axiom cmp_lt_log'1_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] lt_log'1 x y = (cmp_log'1 x y = C_Less'0) + + function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_T'0) (o : t_T'0) : bool + + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_T'0) (y : t_T'0) : () + + axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) + + function cmp_log'0 [#"../../../creusot-contracts/src/std/option.rs" 436 4 436 41] (self : t_Option'0) (o : t_Option'0) : t_Ordering'0 + = + [%#soption3] match (self, o) with + | (C_None'0, C_None'0) -> C_Equal'0 + | (C_None'0, C_Some'0 _) -> C_Less'0 + | (C_Some'0 _, C_None'0) -> C_Greater'0 + | (C_Some'0 x, C_Some'0 y) -> cmp_log'1 x y + end - goal vc_produces_trans'0 : ([%#sfilter4] produces'0 b bc c) - -> ([%#sfilter3] produces'0 a ab b) - -> ([%#sfilter2] inv'0 c) - -> ([%#sfilter1] inv'0 b) -> ([%#sfilter0] inv'0 a) -> ([%#sfilter5] produces'0 a (Seq.(++) ab bc) c) + function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_Option'0) (o : t_Option'0) : bool + + = + [%#sord2] cmp_log'0 self o = C_Less'0 + + constant x : t_Option'0 + + constant y : t_Option'0 + + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39] (x : t_Option'0) (y : t_Option'0) : () + + + goal vc_cmp_lt_log'0 : [%#sord0] lt_log'0 x y = (cmp_log'0 x y = C_Less'0) end -module M_creusot_contracts__stdqy35z1__iter__fuse__qyi10730559947553418603__produces_refl [#"../../../creusot-contracts/src/std/iter/fuse.rs" 43 4 43 26] (* as std::iter::Iterator> *) - let%span sfuse0 = "../../../creusot-contracts/src/std/iter/fuse.rs" 41 15 41 24 - let%span sfuse1 = "../../../creusot-contracts/src/std/iter/fuse.rs" 42 14 42 45 - let%span sfuse2 = "../../../creusot-contracts/src/std/iter/fuse.rs" 39 4 39 10 - let%span sfuse3 = "../../../creusot-contracts/src/std/iter/fuse.rs" 29 12 35 13 - let%span sfuse4 = "../../../creusot-contracts/src/std/iter/fuse.rs" 8 14 8 39 - let%span sfuse5 = "../../../creusot-contracts/src/std/iter/fuse.rs" 9 14 9 71 - let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 38 15 38 24 - let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 39 14 39 45 - let%span siter8 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 21 - let%span siter9 = "../../../creusot-contracts/src/std/iter.rs" 44 15 44 21 - let%span siter10 = "../../../creusot-contracts/src/std/iter.rs" 45 15 45 21 - let%span siter11 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 - let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 - let%span siter13 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 +module M_creusot_contracts__stdqy35z1__option__qyi10751279649878241649__cmp_ge_log [#"../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39] (* as logic::ord::OrdLogic> *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 139 39 139 86 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 137 8 137 35 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 47 20 47 53 + let%span soption3 = "../../../creusot-contracts/src/std/option.rs" 437 8 442 9 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 + let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 + let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 + let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 + let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 + let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 + let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 + let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 + let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 + let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 + let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 + let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 + let%span sord16 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 - type t_I'0 + type t_T'0 type t_Option'0 = | C_None'0 - | C_Some'0 t_I'0 + | C_Some'0 t_T'0 - type t_Fuse'0 = - { t_Fuse__iter'0: t_Option'0 } + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) + function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_T'0) (other : t_T'0) : t_Ordering'0 + - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Option'0) + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_T'0) (y : t_T'0) : () - axiom inv_axiom'1 [@rewrite] : forall x : t_Option'0 [inv'1 x] . inv'1 x - = match x with - | C_None'0 -> true - | C_Some'0 a_0 -> inv'2 a_0 - end + axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord16] (x = y) = (cmp_log'1 x y = C_Equal'0) - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Fuse'0) + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_T'0) (y : t_T'0) : () - axiom inv_axiom'0 [@rewrite] : forall x : t_Fuse'0 [inv'0 x] . inv'0 x - = match x with - | {t_Fuse__iter'0 = iter} -> inv'1 iter - end + axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord14] cmp_log'1 x y = C_Greater'0) + -> ([%#sord15] cmp_log'1 y x = C_Less'0) - use seq.Seq + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_T'0) (y : t_T'0) : () - type t_Item'0 + axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord12] cmp_log'1 x y = C_Less'0) + -> ([%#sord13] cmp_log'1 y x = C_Greater'0) - use seq.Seq + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () + - function view'0 [#"../../../creusot-contracts/src/std/iter/fuse.rs" 10 4 10 30] (self : t_Fuse'0) : t_Option'0 + axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord9] cmp_log'1 x y = o) + -> ([%#sord10] cmp_log'1 y z = o) -> ([%#sord11] cmp_log'1 x z = o) - axiom view'0_spec : forall self : t_Fuse'0 . ([%#sfuse4] inv'0 self -> inv'1 (view'0 self)) - && ([%#sfuse5] forall other : t_Fuse'0 . view'0 self = view'0 other -> self = other) + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_T'0) : () - use seq.Seq + axiom refl'0_spec : forall x : t_T'0 . [%#sord8] cmp_log'1 x x = C_Equal'0 - predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - + function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_T'0) (o : t_T'0) : bool - function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_T'0) (y : t_T'0) : () - axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter8] inv'2 a) - -> ([%#siter9] inv'2 b) - -> ([%#siter10] inv'2 c) - -> ([%#siter11] produces'1 a ab b) - -> ([%#siter12] produces'1 b bc c) -> ([%#siter13] produces'1 a (Seq.(++) ab bc) c) + axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord7] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) - function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 40 4 40 27] (self : t_I'0) : () + function ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_T'0) (o : t_T'0) : bool - axiom produces_refl'1_spec : forall self : t_I'0 . ([%#siter6] inv'2 self) - -> ([%#siter7] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) + function cmp_ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_T'0) (y : t_T'0) : () - predicate produces'0 [#"../../../creusot-contracts/src/std/iter/fuse.rs" 27 4 27 65] (self : t_Fuse'0) (prod : Seq.seq t_Item'0) (other : t_Fuse'0) + axiom cmp_ge_log'1_spec : forall x : t_T'0, y : t_T'0 . [%#sord6] ge_log'1 x y = (cmp_log'1 x y <> C_Less'0) + + function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_T'0) (o : t_T'0) : bool + + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_T'0) (y : t_T'0) : () + + axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) + + function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_T'0) (o : t_T'0) : bool + + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_T'0) (y : t_T'0) : () + + axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) + + function cmp_log'0 [#"../../../creusot-contracts/src/std/option.rs" 436 4 436 41] (self : t_Option'0) (o : t_Option'0) : t_Ordering'0 = - [%#sfuse3] match view'0 self with - | C_None'0 -> prod = (Seq.empty : Seq.seq t_Item'0) /\ view'0 other = view'0 self - | C_Some'0 i -> match view'0 other with - | C_Some'0 i2 -> produces'1 i prod i2 - | C_None'0 -> false - end + [%#soption3] match (self, o) with + | (C_None'0, C_None'0) -> C_Equal'0 + | (C_None'0, C_Some'0 _) -> C_Less'0 + | (C_Some'0 _, C_None'0) -> C_Greater'0 + | (C_Some'0 x, C_Some'0 y) -> cmp_log'1 x y end - constant self : t_Fuse'0 + function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_Option'0) (o : t_Option'0) : bool + + = + [%#sord2] cmp_log'0 self o <> C_Less'0 - function produces_refl'0 [#"../../../creusot-contracts/src/std/iter/fuse.rs" 43 4 43 26] (self : t_Fuse'0) : () + constant x : t_Option'0 - goal vc_produces_refl'0 : ([%#sfuse0] inv'0 self) - -> ([%#sfuse1] produces'0 self (Seq.empty : Seq.seq t_Item'0) self) + constant y : t_Option'0 + + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39] (x : t_Option'0) (y : t_Option'0) : () + + + goal vc_cmp_ge_log'0 : [%#sord0] ge_log'0 x y = (cmp_log'0 x y <> C_Less'0) end -module M_creusot_contracts__stdqy35z1__iter__fuse__qyi10730559947553418603__produces_trans [#"../../../creusot-contracts/src/std/iter/fuse.rs" 53 4 53 90] (* as std::iter::Iterator> *) - let%span sfuse0 = "../../../creusot-contracts/src/std/iter/fuse.rs" 47 15 47 21 - let%span sfuse1 = "../../../creusot-contracts/src/std/iter/fuse.rs" 48 15 48 21 - let%span sfuse2 = "../../../creusot-contracts/src/std/iter/fuse.rs" 49 15 49 21 - let%span sfuse3 = "../../../creusot-contracts/src/std/iter/fuse.rs" 50 15 50 32 - let%span sfuse4 = "../../../creusot-contracts/src/std/iter/fuse.rs" 51 15 51 32 - let%span sfuse5 = "../../../creusot-contracts/src/std/iter/fuse.rs" 52 14 52 42 - let%span sfuse6 = "../../../creusot-contracts/src/std/iter/fuse.rs" 45 4 45 10 - let%span sfuse7 = "../../../creusot-contracts/src/std/iter/fuse.rs" 29 12 35 13 - let%span sfuse8 = "../../../creusot-contracts/src/std/iter/fuse.rs" 8 14 8 39 - let%span sfuse9 = "../../../creusot-contracts/src/std/iter/fuse.rs" 9 14 9 71 - let%span siter10 = "../../../creusot-contracts/src/std/iter.rs" 38 15 38 24 - let%span siter11 = "../../../creusot-contracts/src/std/iter.rs" 39 14 39 45 - let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 21 - let%span siter13 = "../../../creusot-contracts/src/std/iter.rs" 44 15 44 21 - let%span siter14 = "../../../creusot-contracts/src/std/iter.rs" 45 15 45 21 - let%span siter15 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 - let%span siter16 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 - let%span siter17 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 +module M_creusot_contracts__stdqy35z1__option__qyi10751279649878241649__cmp_gt_log [#"../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39] (* as logic::ord::OrdLogic> *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 144 39 144 89 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 142 8 142 35 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 58 20 58 56 + let%span soption3 = "../../../creusot-contracts/src/std/option.rs" 437 8 442 9 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 + let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 + let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 + let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 + let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 + let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 + let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 + let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 + let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 + let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 + let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 + let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 + let%span sord16 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 - type t_I'0 + type t_T'0 type t_Option'0 = | C_None'0 - | C_Some'0 t_I'0 + | C_Some'0 t_T'0 - type t_Fuse'0 = - { t_Fuse__iter'0: t_Option'0 } + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) + function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_T'0) (other : t_T'0) : t_Ordering'0 + - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Option'0) + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_T'0) (y : t_T'0) : () - axiom inv_axiom'1 [@rewrite] : forall x : t_Option'0 [inv'1 x] . inv'1 x - = match x with - | C_None'0 -> true - | C_Some'0 a_0 -> inv'2 a_0 - end + axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord16] (x = y) = (cmp_log'1 x y = C_Equal'0) - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Fuse'0) + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_T'0) (y : t_T'0) : () - axiom inv_axiom'0 [@rewrite] : forall x : t_Fuse'0 [inv'0 x] . inv'0 x - = match x with - | {t_Fuse__iter'0 = iter} -> inv'1 iter - end + axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord14] cmp_log'1 x y = C_Greater'0) + -> ([%#sord15] cmp_log'1 y x = C_Less'0) - type t_Item'0 + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_T'0) (y : t_T'0) : () - use seq.Seq + axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord12] cmp_log'1 x y = C_Less'0) + -> ([%#sord13] cmp_log'1 y x = C_Greater'0) - use seq.Seq + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () + - function view'0 [#"../../../creusot-contracts/src/std/iter/fuse.rs" 10 4 10 30] (self : t_Fuse'0) : t_Option'0 + axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord9] cmp_log'1 x y = o) + -> ([%#sord10] cmp_log'1 y z = o) -> ([%#sord11] cmp_log'1 x z = o) - axiom view'0_spec : forall self : t_Fuse'0 . ([%#sfuse8] inv'0 self -> inv'1 (view'0 self)) - && ([%#sfuse9] forall other : t_Fuse'0 . view'0 self = view'0 other -> self = other) + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_T'0) : () - use seq.Seq + axiom refl'0_spec : forall x : t_T'0 . [%#sord8] cmp_log'1 x x = C_Equal'0 - predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - + function gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_T'0) (o : t_T'0) : bool - function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - + function cmp_gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_T'0) (y : t_T'0) : () - axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter12] inv'2 a) - -> ([%#siter13] inv'2 b) - -> ([%#siter14] inv'2 c) - -> ([%#siter15] produces'1 a ab b) - -> ([%#siter16] produces'1 b bc c) -> ([%#siter17] produces'1 a (Seq.(++) ab bc) c) + axiom cmp_gt_log'1_spec : forall x : t_T'0, y : t_T'0 . [%#sord7] gt_log'1 x y = (cmp_log'1 x y = C_Greater'0) - function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 40 4 40 27] (self : t_I'0) : () + function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_T'0) (o : t_T'0) : bool - axiom produces_refl'0_spec : forall self : t_I'0 . ([%#siter10] inv'2 self) - -> ([%#siter11] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_T'0) (y : t_T'0) : () - predicate produces'0 [#"../../../creusot-contracts/src/std/iter/fuse.rs" 27 4 27 65] (self : t_Fuse'0) (prod : Seq.seq t_Item'0) (other : t_Fuse'0) + axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord6] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) + + function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_T'0) (o : t_T'0) : bool + + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_T'0) (y : t_T'0) : () + + axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) + + function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_T'0) (o : t_T'0) : bool + + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_T'0) (y : t_T'0) : () + + axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) + + function cmp_log'0 [#"../../../creusot-contracts/src/std/option.rs" 436 4 436 41] (self : t_Option'0) (o : t_Option'0) : t_Ordering'0 = - [%#sfuse7] match view'0 self with - | C_None'0 -> prod = (Seq.empty : Seq.seq t_Item'0) /\ view'0 other = view'0 self - | C_Some'0 i -> match view'0 other with - | C_Some'0 i2 -> produces'1 i prod i2 - | C_None'0 -> false - end + [%#soption3] match (self, o) with + | (C_None'0, C_None'0) -> C_Equal'0 + | (C_None'0, C_Some'0 _) -> C_Less'0 + | (C_Some'0 _, C_None'0) -> C_Greater'0 + | (C_Some'0 x, C_Some'0 y) -> cmp_log'1 x y end - constant a : t_Fuse'0 - - constant ab : Seq.seq t_Item'0 - - constant b : t_Fuse'0 + function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_Option'0) (o : t_Option'0) : bool + + = + [%#sord2] cmp_log'0 self o = C_Greater'0 - constant bc : Seq.seq t_Item'0 + constant x : t_Option'0 - constant c : t_Fuse'0 + constant y : t_Option'0 - function produces_trans'0 [#"../../../creusot-contracts/src/std/iter/fuse.rs" 53 4 53 90] (a : t_Fuse'0) (ab : Seq.seq t_Item'0) (b : t_Fuse'0) (bc : Seq.seq t_Item'0) (c : t_Fuse'0) : () + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39] (x : t_Option'0) (y : t_Option'0) : () - goal vc_produces_trans'0 : ([%#sfuse4] produces'0 b bc c) - -> ([%#sfuse3] produces'0 a ab b) - -> ([%#sfuse2] inv'0 c) - -> ([%#sfuse1] inv'0 b) -> ([%#sfuse0] inv'0 a) -> ([%#sfuse5] produces'0 a (Seq.(++) ab bc) c) + goal vc_cmp_gt_log'0 : [%#sord0] gt_log'0 x y = (cmp_log'0 x y = C_Greater'0) end -module M_creusot_contracts__stdqy35z1__iter__fuse__qyi7691061398646472980__is_fused [#"../../../creusot-contracts/src/std/iter/fuse.rs" 76 4 76 62] (* as std::iter::fuse::FusedIterator> *) - let%span sfuse0 = "../../../creusot-contracts/src/std/iter/fuse.rs" 70 15 70 24 - let%span sfuse1 = "../../../creusot-contracts/src/std/iter/fuse.rs" 71 15 71 24 - let%span sfuse2 = "../../../creusot-contracts/src/std/iter/fuse.rs" 72 15 72 25 - let%span sfuse3 = "../../../creusot-contracts/src/std/iter/fuse.rs" 73 15 73 31 - let%span sfuse4 = "../../../creusot-contracts/src/std/iter/fuse.rs" 74 15 74 44 - let%span sfuse5 = "../../../creusot-contracts/src/std/iter/fuse.rs" 75 14 75 50 - let%span sfuse6 = "../../../creusot-contracts/src/std/iter/fuse.rs" 68 4 68 10 - let%span sfuse7 = "../../../creusot-contracts/src/std/iter/fuse.rs" 20 12 21 28 - let%span sfuse8 = "../../../creusot-contracts/src/std/iter/fuse.rs" 29 12 35 13 - let%span sfuse9 = "../../../creusot-contracts/src/std/iter/fuse.rs" 41 15 41 24 - let%span sfuse10 = "../../../creusot-contracts/src/std/iter/fuse.rs" 42 14 42 45 - let%span sfuse11 = "../../../creusot-contracts/src/std/iter/fuse.rs" 39 4 39 10 - let%span sfuse12 = "../../../creusot-contracts/src/std/iter/fuse.rs" 47 15 47 21 - let%span sfuse13 = "../../../creusot-contracts/src/std/iter/fuse.rs" 48 15 48 21 - let%span sfuse14 = "../../../creusot-contracts/src/std/iter/fuse.rs" 49 15 49 21 - let%span sfuse15 = "../../../creusot-contracts/src/std/iter/fuse.rs" 50 15 50 32 - let%span sfuse16 = "../../../creusot-contracts/src/std/iter/fuse.rs" 51 15 51 32 - let%span sfuse17 = "../../../creusot-contracts/src/std/iter/fuse.rs" 52 14 52 42 - let%span sfuse18 = "../../../creusot-contracts/src/std/iter/fuse.rs" 45 4 45 10 - let%span smodel19 = "../../../creusot-contracts/src/model.rs" 106 8 106 22 - let%span sfuse20 = "../../../creusot-contracts/src/std/iter/fuse.rs" 8 14 8 39 - let%span sfuse21 = "../../../creusot-contracts/src/std/iter/fuse.rs" 9 14 9 71 - let%span sinvariant22 = "../../../creusot-contracts/src/invariant.rs" 34 20 34 44 - let%span sseq23 = "../../../creusot-contracts/src/logic/seq.rs" 451 20 451 95 - let%span siter24 = "../../../creusot-contracts/src/std/iter.rs" 38 15 38 24 - let%span siter25 = "../../../creusot-contracts/src/std/iter.rs" 39 14 39 45 - let%span siter26 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 21 - let%span siter27 = "../../../creusot-contracts/src/std/iter.rs" 44 15 44 21 - let%span siter28 = "../../../creusot-contracts/src/std/iter.rs" 45 15 45 21 - let%span siter29 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 - let%span siter30 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 - let%span siter31 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 - let%span sboxed32 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 - - use prelude.prelude.Borrow +module M_creusot_contracts__stdqy35z1__option__qyi10751279649878241649__refl [#"../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24] (* as logic::ord::OrdLogic> *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 149 39 149 70 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 147 8 147 35 + let%span soption2 = "../../../creusot-contracts/src/std/option.rs" 437 8 442 9 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 + let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 + let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 + let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 + let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 + let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 + let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 + let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 + let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 + let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 + let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 + let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 - type t_I'0 + type t_T'0 type t_Option'0 = | C_None'0 - | C_Some'0 t_I'0 - - type t_Fuse'0 = - { t_Fuse__iter'0: t_Option'0 } + | C_Some'0 t_T'0 - predicate inv'6 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Option'0) + function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_T'0) (other : t_T'0) : t_Ordering'0 + - axiom inv_axiom'4 [@rewrite] : forall x : t_Option'0 [inv'4 x] . inv'4 x - = match x with - | C_None'0 -> true - | C_Some'0 a_0 -> inv'6 a_0 - end + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_T'0) (y : t_T'0) : () - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Fuse'0) + axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord15] (x = y) = (cmp_log'1 x y = C_Equal'0) - axiom inv_axiom'1 [@rewrite] : forall x : t_Fuse'0 [inv'1 x] . inv'1 x - = match x with - | {t_Fuse__iter'0 = iter} -> inv'4 iter - end + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_T'0) (y : t_T'0) : () - predicate invariant'0 [#"../../../creusot-contracts/src/invariant.rs" 33 4 33 30] (self : borrowed (t_Fuse'0)) = - [%#sinvariant22] inv'1 self.current /\ inv'1 self.final + axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord13] cmp_log'1 x y = C_Greater'0) + -> ([%#sord14] cmp_log'1 y x = C_Less'0) - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : borrowed (t_Fuse'0)) + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_T'0) (y : t_T'0) : () - axiom inv_axiom'0 [@rewrite] : forall x : borrowed (t_Fuse'0) [inv'0 x] . inv'0 x = invariant'0 x + axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord11] cmp_log'1 x y = C_Less'0) + -> ([%#sord12] cmp_log'1 y x = C_Greater'0) - type t_Item'0 + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () + - use seq.Seq + axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord8] cmp_log'1 x y = o) + -> ([%#sord9] cmp_log'1 y z = o) -> ([%#sord10] cmp_log'1 x z = o) - use prelude.prelude.Int + function refl'1 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_T'0) : () - use seq.Seq + axiom refl'1_spec : forall x : t_T'0 . [%#sord7] cmp_log'1 x x = C_Equal'0 - use seq.Seq + function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_T'0) (o : t_T'0) : bool - predicate inv'7 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_T'0) (y : t_T'0) : () - predicate invariant'3 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : t_Item'0) = - [%#sboxed32] inv'7 self + axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord6] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) - predicate inv'5 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) + function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_T'0) (o : t_T'0) : bool - axiom inv_axiom'5 [@rewrite] : forall x : t_Item'0 [inv'5 x] . inv'5 x = invariant'3 x + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_T'0) (y : t_T'0) : () - predicate invariant'1 [#"../../../creusot-contracts/src/logic/seq.rs" 450 4 450 30] (self : Seq.seq t_Item'0) = - [%#sseq23] forall i : int . 0 <= i /\ i < Seq.length self -> inv'5 (Seq.get self i) + axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t_Item'0) + function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_T'0) (o : t_T'0) : bool - axiom inv_axiom'2 [@rewrite] : forall x : Seq.seq t_Item'0 [inv'2 x] . inv'2 x = invariant'1 x + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_T'0) (y : t_T'0) : () - use seq.Seq + axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) - function view'1 [#"../../../creusot-contracts/src/std/iter/fuse.rs" 10 4 10 30] (self : t_Fuse'0) : t_Option'0 + function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_T'0) (o : t_T'0) : bool - axiom view'1_spec : forall self : t_Fuse'0 . ([%#sfuse20] inv'1 self -> inv'4 (view'1 self)) - && ([%#sfuse21] forall other : t_Fuse'0 . view'1 self = view'1 other -> self = other) + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_T'0) (y : t_T'0) : () - use seq.Seq + axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord3] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) - predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) + function cmp_log'0 [#"../../../creusot-contracts/src/std/option.rs" 436 4 436 41] (self : t_Option'0) (o : t_Option'0) : t_Ordering'0 + = + [%#soption2] match (self, o) with + | (C_None'0, C_None'0) -> C_Equal'0 + | (C_None'0, C_Some'0 _) -> C_Less'0 + | (C_Some'0 _, C_None'0) -> C_Greater'0 + | (C_Some'0 x, C_Some'0 y) -> cmp_log'1 x y + end - function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - + constant x : t_Option'0 - axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter26] inv'6 a) - -> ([%#siter27] inv'6 b) - -> ([%#siter28] inv'6 c) - -> ([%#siter29] produces'1 a ab b) - -> ([%#siter30] produces'1 b bc c) -> ([%#siter31] produces'1 a (Seq.(++) ab bc) c) + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24] (x : t_Option'0) : () - function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 40 4 40 27] (self : t_I'0) : () + goal vc_refl'0 : [%#sord0] cmp_log'0 x x = C_Equal'0 +end +module M_creusot_contracts__stdqy35z1__option__qyi10751279649878241649__trans [#"../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56] (* as logic::ord::OrdLogic> *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 154 40 154 57 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 155 40 155 57 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 156 39 156 56 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 152 8 152 35 + let%span soption4 = "../../../creusot-contracts/src/std/option.rs" 437 8 442 9 + let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 + let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 + let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 + let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 + let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 + let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 + let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 + let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 + let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 + let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 + let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 + let%span sord16 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 + let%span sord17 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 - axiom produces_refl'1_spec : forall self : t_I'0 . ([%#siter24] inv'6 self) - -> ([%#siter25] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) + type t_T'0 - predicate produces'0 [#"../../../creusot-contracts/src/std/iter/fuse.rs" 27 4 27 65] (self : t_Fuse'0) (prod : Seq.seq t_Item'0) (other : t_Fuse'0) - - = - [%#sfuse8] match view'1 self with - | C_None'0 -> prod = (Seq.empty : Seq.seq t_Item'0) /\ view'1 other = view'1 self - | C_Some'0 i -> match view'1 other with - | C_Some'0 i2 -> produces'1 i prod i2 - | C_None'0 -> false - end - end + type t_Option'0 = + | C_None'0 + | C_Some'0 t_T'0 - function produces_trans'0 [#"../../../creusot-contracts/src/std/iter/fuse.rs" 53 4 53 90] (a : t_Fuse'0) (ab : Seq.seq t_Item'0) (b : t_Fuse'0) (bc : Seq.seq t_Item'0) (c : t_Fuse'0) : () + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 + + function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_T'0) (other : t_T'0) : t_Ordering'0 - = - [%#sfuse18] () - axiom produces_trans'0_spec : forall a : t_Fuse'0, ab : Seq.seq t_Item'0, b : t_Fuse'0, bc : Seq.seq t_Item'0, c : t_Fuse'0 . ([%#sfuse12] inv'1 a) - -> ([%#sfuse13] inv'1 b) - -> ([%#sfuse14] inv'1 c) - -> ([%#sfuse15] produces'0 a ab b) - -> ([%#sfuse16] produces'0 b bc c) -> ([%#sfuse17] produces'0 a (Seq.(++) ab bc) c) + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_T'0) (y : t_T'0) : () - function produces_refl'0 [#"../../../creusot-contracts/src/std/iter/fuse.rs" 43 4 43 26] (self : t_Fuse'0) : () = - [%#sfuse11] () + axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord17] (x = y) = (cmp_log'1 x y = C_Equal'0) - axiom produces_refl'0_spec : forall self : t_Fuse'0 . ([%#sfuse9] inv'1 self) - -> ([%#sfuse10] produces'0 self (Seq.empty : Seq.seq t_Item'0) self) + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_T'0) (y : t_T'0) : () - function view'0 [#"../../../creusot-contracts/src/model.rs" 105 4 105 33] (self : borrowed (t_Fuse'0)) : t_Option'0 = - [%#smodel19] view'1 self.current + axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord15] cmp_log'1 x y = C_Greater'0) + -> ([%#sord16] cmp_log'1 y x = C_Less'0) - predicate invariant'2 [#"../../../creusot-contracts/src/invariant.rs" 33 4 33 30] (self : borrowed t_I'0) = - [%#sinvariant22] inv'6 self.current /\ inv'6 self.final + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_T'0) (y : t_T'0) : () - predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : borrowed t_I'0) + axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord13] cmp_log'1 x y = C_Less'0) + -> ([%#sord14] cmp_log'1 y x = C_Greater'0) - axiom inv_axiom'3 [@rewrite] : forall x : borrowed t_I'0 [inv'3 x] . inv'3 x = invariant'2 x + function trans'1 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () + - predicate completed'1 [#"../../../creusot-contracts/src/std/iter.rs" 35 4 35 36] (self : borrowed t_I'0) + axiom trans'1_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord10] cmp_log'1 x y = o) + -> ([%#sord11] cmp_log'1 y z = o) -> ([%#sord12] cmp_log'1 x z = o) - predicate completed'0 [#"../../../creusot-contracts/src/std/iter/fuse.rs" 18 4 18 35] (self : borrowed (t_Fuse'0)) = - [%#sfuse7] (view'0 self = C_None'0 - \/ (exists it : borrowed t_I'0 . inv'3 it /\ completed'1 it /\ view'0 self = C_Some'0 (it.current))) - /\ view'1 self.final = C_None'0 + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_T'0) : () - constant self : borrowed (t_Fuse'0) + axiom refl'0_spec : forall x : t_T'0 . [%#sord9] cmp_log'1 x x = C_Equal'0 - constant steps : Seq.seq t_Item'0 + function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_T'0) (o : t_T'0) : bool - constant next : t_Fuse'0 + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_T'0) (y : t_T'0) : () - function is_fused'0 [#"../../../creusot-contracts/src/std/iter/fuse.rs" 76 4 76 62] (self : borrowed (t_Fuse'0)) (steps : Seq.seq t_Item'0) (next : t_Fuse'0) : () - + axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord8] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) - goal vc_is_fused'0 : ([%#sfuse4] produces'0 self.final steps next) - -> ([%#sfuse3] completed'0 self) - -> ([%#sfuse2] inv'2 steps) - -> ([%#sfuse1] inv'1 next) - -> ([%#sfuse0] inv'0 self) -> ([%#sfuse5] steps = (Seq.empty : Seq.seq t_Item'0) /\ self.final = next) -end -module M_creusot_contracts__stdqy35z1__iter__map__qyi6597778842032428791__produces_refl [#"../../../creusot-contracts/src/std/iter/map.rs" 83 4 83 26] (* as std::iter::Iterator> *) - let%span smap0 = "../../../creusot-contracts/src/std/iter/map.rs" 81 15 81 24 - let%span smap1 = "../../../creusot-contracts/src/std/iter/map.rs" 82 14 82 45 - let%span smap2 = "../../../creusot-contracts/src/std/iter/map.rs" 79 4 79 10 - let%span smap3 = "../../../creusot-contracts/src/std/iter/map.rs" 64 12 75 75 - let%span smap4 = "../../../creusot-contracts/src/std/iter/map.rs" 24 14 24 39 - let%span smap5 = "../../../creusot-contracts/src/std/iter/map.rs" 17 14 17 39 - let%span sops6 = "../../../creusot-contracts/src/std/ops.rs" 105 15 105 59 - let%span sops7 = "../../../creusot-contracts/src/std/ops.rs" 106 14 106 36 - let%span sops8 = "../../../creusot-contracts/src/std/ops.rs" 111 14 111 31 - let%span sops9 = "../../../creusot-contracts/src/std/ops.rs" 116 15 116 29 - let%span sops10 = "../../../creusot-contracts/src/std/ops.rs" 117 15 117 26 - let%span sops11 = "../../../creusot-contracts/src/std/ops.rs" 118 14 118 28 - let%span sops12 = "../../../creusot-contracts/src/std/ops.rs" 123 14 124 105 - let%span siter13 = "../../../creusot-contracts/src/std/iter.rs" 38 15 38 24 - let%span siter14 = "../../../creusot-contracts/src/std/iter.rs" 39 14 39 45 - let%span siter15 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 21 - let%span siter16 = "../../../creusot-contracts/src/std/iter.rs" 44 15 44 21 - let%span siter17 = "../../../creusot-contracts/src/std/iter.rs" 45 15 45 21 - let%span siter18 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 - let%span siter19 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 - let%span siter20 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 - let%span sseq21 = "../../../creusot-contracts/src/logic/seq.rs" 451 20 451 95 - let%span sboxed22 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 - let%span sinvariant23 = "../../../creusot-contracts/src/invariant.rs" 34 20 34 44 + function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_T'0) (o : t_T'0) : bool - type t_I'0 + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_T'0) (y : t_T'0) : () - type t_F'0 + axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord7] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) - type t_Map'0 = - { t_Map__iter'0: t_I'0; t_Map__f'0: t_F'0 } + function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_T'0) (o : t_T'0) : bool - predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_T'0) (y : t_T'0) : () - predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_F'0) + axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord6] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Map'0) + function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_T'0) (o : t_T'0) : bool - axiom inv_axiom'0 [@rewrite] : forall x : t_Map'0 [inv'0 x] . inv'0 x - = match x with - | {t_Map__iter'0 = iter ; t_Map__f'0 = f} -> inv'3 iter /\ inv'4 f - end + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_T'0) (y : t_T'0) : () - use seq.Seq + axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) - type t_B'0 + function cmp_log'0 [#"../../../creusot-contracts/src/std/option.rs" 436 4 436 41] (self : t_Option'0) (o : t_Option'0) : t_Ordering'0 + + = + [%#soption4] match (self, o) with + | (C_None'0, C_None'0) -> C_Equal'0 + | (C_None'0, C_Some'0 _) -> C_Less'0 + | (C_Some'0 _, C_None'0) -> C_Greater'0 + | (C_Some'0 x, C_Some'0 y) -> cmp_log'1 x y + end - use seq.Seq + constant x : t_Option'0 - function func'0 [#"../../../creusot-contracts/src/std/iter/map.rs" 25 4 25 22] (self : t_Map'0) : t_F'0 + constant y : t_Option'0 - axiom func'0_spec : forall self : t_Map'0 . [%#smap4] inv'0 self -> inv'4 (func'0 self) + constant z : t_Option'0 - type t_Item'0 + constant o : t_Ordering'0 - predicate postcondition_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 81 4 81 73] (self : t_F'0) (args : t_Item'0) (result : t_B'0) + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56] (x : t_Option'0) (y : t_Option'0) (z : t_Option'0) (o : t_Ordering'0) : () - use prelude.prelude.Borrow + goal vc_trans'0 : ([%#sord1] cmp_log'0 y z = o) -> ([%#sord0] cmp_log'0 x y = o) -> ([%#sord2] cmp_log'0 x z = o) +end +module M_creusot_contracts__stdqy35z1__option__qyi10751279649878241649__antisym1 [#"../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37] (* as logic::ord::OrdLogic> *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 161 40 161 70 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 162 39 162 72 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 159 8 159 35 + let%span soption3 = "../../../creusot-contracts/src/std/option.rs" 437 8 442 9 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 + let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 + let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 + let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 + let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 + let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 + let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 + let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 + let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 + let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 + let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 + let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 + let%span sord16 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 - predicate resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_F'0) + type t_T'0 + + type t_Option'0 = + | C_None'0 + | C_Some'0 t_T'0 - predicate postcondition_mut'0 [#"../../../creusot-contracts/src/std/ops.rs" 91 4 91 92] (self : t_F'0) (args : t_Item'0) (result_state : t_F'0) (result : t_B'0) - + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function fn_mut_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 125 4 125 55] (self : t_F'0) (args : t_Item'0) (res : t_B'0) : () + function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_T'0) (other : t_T'0) : t_Ordering'0 - axiom fn_mut_once'0_spec : forall self : t_F'0, args : t_Item'0, res : t_B'0 . [%#sops12] postcondition_once'0 self args res - = (exists res_state : t_F'0 . postcondition_mut'0 self args res_state res /\ resolve'0 res_state) + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_T'0) (y : t_T'0) : () - predicate unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 99 4 99 36] (self : t_F'0) (_2 : t_F'0) + axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord16] (x = y) = (cmp_log'1 x y = C_Equal'0) - function unnest_trans'0 [#"../../../creusot-contracts/src/std/ops.rs" 119 4 119 43] (self : t_F'0) (b : t_F'0) (c : t_F'0) : () - + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_T'0) (y : t_T'0) : () - axiom unnest_trans'0_spec : forall self : t_F'0, b : t_F'0, c : t_F'0 . ([%#sops9] unnest'0 self b) - -> ([%#sops10] unnest'0 b c) -> ([%#sops11] unnest'0 self c) + axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord14] cmp_log'1 x y = C_Greater'0) + -> ([%#sord15] cmp_log'1 y x = C_Less'0) - function unnest_refl'0 [#"../../../creusot-contracts/src/std/ops.rs" 112 4 112 24] (self : t_F'0) : () + function antisym1'1 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_T'0) (y : t_T'0) : () - axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops8] unnest'0 self self + axiom antisym1'1_spec : forall x : t_T'0, y : t_T'0 . ([%#sord12] cmp_log'1 x y = C_Less'0) + -> ([%#sord13] cmp_log'1 y x = C_Greater'0) - function postcondition_mut_unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 107 4 107 85] (self : t_F'0) (args : t_Item'0) (res_state : t_F'0) (res : t_B'0) : () + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () - axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : t_Item'0, res_state : t_F'0, res : t_B'0 . ([%#sops6] postcondition_mut'0 self args res_state res) - -> ([%#sops7] unnest'0 self res_state) + axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord9] cmp_log'1 x y = o) + -> ([%#sord10] cmp_log'1 y z = o) -> ([%#sord11] cmp_log'1 x z = o) - use seq.Seq + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_T'0) : () - use prelude.prelude.Int + axiom refl'0_spec : forall x : t_T'0 . [%#sord8] cmp_log'1 x x = C_Equal'0 - use seq.Seq + function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_T'0) (o : t_T'0) : bool - use seq.Seq + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_T'0) (y : t_T'0) : () - predicate invariant'4 [#"../../../creusot-contracts/src/invariant.rs" 33 4 33 30] (self : borrowed t_F'0) = - [%#sinvariant23] inv'4 self.current /\ inv'4 self.final + axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord7] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) - predicate inv'7 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : borrowed t_F'0) + function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_T'0) (o : t_T'0) : bool - axiom inv_axiom'5 [@rewrite] : forall x : borrowed t_F'0 [inv'7 x] . inv'7 x = invariant'4 x + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_T'0) (y : t_T'0) : () - predicate invariant'2 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : borrowed t_F'0) = - [%#sboxed22] inv'7 self + axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord6] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) - predicate inv'5 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : borrowed t_F'0) + function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_T'0) (o : t_T'0) : bool - axiom inv_axiom'3 [@rewrite] : forall x : borrowed t_F'0 [inv'5 x] . inv'5 x = invariant'2 x + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_T'0) (y : t_T'0) : () - predicate invariant'0 [#"../../../creusot-contracts/src/logic/seq.rs" 450 4 450 30] (self : Seq.seq (borrowed t_F'0)) - = - [%#sseq21] forall i : int . 0 <= i /\ i < Seq.length self -> inv'5 (Seq.get self i) + axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq (borrowed t_F'0)) + function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_T'0) (o : t_T'0) : bool - axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq (borrowed t_F'0) [inv'1 x] . inv'1 x = invariant'0 x + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_T'0) (y : t_T'0) : () - use seq.Seq + axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) - use seq.Seq + function cmp_log'0 [#"../../../creusot-contracts/src/std/option.rs" 436 4 436 41] (self : t_Option'0) (o : t_Option'0) : t_Ordering'0 + + = + [%#soption3] match (self, o) with + | (C_None'0, C_None'0) -> C_Equal'0 + | (C_None'0, C_Some'0 _) -> C_Less'0 + | (C_Some'0 _, C_None'0) -> C_Greater'0 + | (C_Some'0 x, C_Some'0 y) -> cmp_log'1 x y + end - use seq.Seq + constant x : t_Option'0 - use seq.Seq + constant y : t_Option'0 - predicate inv'8 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37] (x : t_Option'0) (y : t_Option'0) : () + - predicate invariant'3 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : t_Item'0) = - [%#sboxed22] inv'8 self + goal vc_antisym1'0 : ([%#sord0] cmp_log'0 x y = C_Less'0) -> ([%#sord1] cmp_log'0 y x = C_Greater'0) +end +module M_creusot_contracts__stdqy35z1__option__qyi10751279649878241649__antisym2 [#"../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37] (* as logic::ord::OrdLogic> *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 167 40 167 73 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 168 39 168 69 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 165 8 165 35 + let%span soption3 = "../../../creusot-contracts/src/std/option.rs" 437 8 442 9 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 + let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 + let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 + let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 + let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 + let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 + let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 + let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 + let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 + let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 + let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 + let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 + let%span sord16 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 - predicate inv'6 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) + type t_T'0 - axiom inv_axiom'4 [@rewrite] : forall x : t_Item'0 [inv'6 x] . inv'6 x = invariant'3 x + type t_Option'0 = + | C_None'0 + | C_Some'0 t_T'0 - predicate invariant'1 [#"../../../creusot-contracts/src/logic/seq.rs" 450 4 450 30] (self : Seq.seq t_Item'0) = - [%#sseq21] forall i : int . 0 <= i /\ i < Seq.length self -> inv'6 (Seq.get self i) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t_Item'0) + function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_T'0) (other : t_T'0) : t_Ordering'0 + - axiom inv_axiom'2 [@rewrite] : forall x : Seq.seq t_Item'0 [inv'2 x] . inv'2 x = invariant'1 x + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_T'0) (y : t_T'0) : () - function iter'0 [#"../../../creusot-contracts/src/std/iter/map.rs" 18 4 18 22] (self : t_Map'0) : t_I'0 + axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord16] (x = y) = (cmp_log'1 x y = C_Equal'0) - axiom iter'0_spec : forall self : t_Map'0 . [%#smap5] inv'0 self -> inv'3 (iter'0 self) + function antisym2'1 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_T'0) (y : t_T'0) : () - use seq.Seq + axiom antisym2'1_spec : forall x : t_T'0, y : t_T'0 . ([%#sord14] cmp_log'1 x y = C_Greater'0) + -> ([%#sord15] cmp_log'1 y x = C_Less'0) - use seq.Seq + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_T'0) (y : t_T'0) : () - predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - + axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord12] cmp_log'1 x y = C_Less'0) + -> ([%#sord13] cmp_log'1 y x = C_Greater'0) - function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () - axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter15] inv'3 a) - -> ([%#siter16] inv'3 b) - -> ([%#siter17] inv'3 c) - -> ([%#siter18] produces'1 a ab b) - -> ([%#siter19] produces'1 b bc c) -> ([%#siter20] produces'1 a (Seq.(++) ab bc) c) + axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord9] cmp_log'1 x y = o) + -> ([%#sord10] cmp_log'1 y z = o) -> ([%#sord11] cmp_log'1 x z = o) - function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 40 4 40 27] (self : t_I'0) : () + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_T'0) : () - axiom produces_refl'1_spec : forall self : t_I'0 . ([%#siter13] inv'3 self) - -> ([%#siter14] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) + axiom refl'0_spec : forall x : t_T'0 . [%#sord8] cmp_log'1 x x = C_Equal'0 - use seq.Seq + function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_T'0) (o : t_T'0) : bool - use seq.Seq + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_T'0) (y : t_T'0) : () - predicate precondition'0 [#"../../../creusot-contracts/src/std/ops.rs" 73 4 73 45] (self : t_F'0) (args : t_Item'0) + axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord7] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) - use seq.Seq + function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_T'0) (o : t_T'0) : bool - predicate produces'0 [@inline:trivial] [#"../../../creusot-contracts/src/std/iter/map.rs" 62 4 62 67] (self : t_Map'0) (visited : Seq.seq t_B'0) (succ : t_Map'0) - - = - [%#smap3] unnest'0 (func'0 self) (func'0 succ) - /\ (exists fs : Seq.seq (borrowed t_F'0) . inv'1 fs - /\ Seq.length fs = Seq.length visited - /\ (exists s : Seq.seq t_Item'0 [produces'1 (iter'0 self) s (iter'0 succ)] . inv'2 s - /\ Seq.length s = Seq.length visited - /\ produces'1 (iter'0 self) s (iter'0 succ) - /\ (forall i : int . 1 <= i /\ i < Seq.length fs -> (Seq.get fs (i - 1)).final = (Seq.get fs i).current) - /\ (if Seq.length visited = 0 then - func'0 self = func'0 succ - else - (Seq.get fs 0).current = func'0 self /\ (Seq.get fs (Seq.length visited - 1)).final = func'0 succ - ) - /\ (forall i : int . 0 <= i /\ i < Seq.length visited - -> unnest'0 (func'0 self) (Seq.get fs i).current - /\ precondition'0 (Seq.get fs i).current (Seq.get s i) - /\ postcondition_mut'0 (Seq.get fs i).current (Seq.get s i) (Seq.get fs i).final (Seq.get visited i)))) + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_T'0) (y : t_T'0) : () - constant self : t_Map'0 + axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord6] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) - function produces_refl'0 [#"../../../creusot-contracts/src/std/iter/map.rs" 83 4 83 26] (self : t_Map'0) : () + function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_T'0) (o : t_T'0) : bool - goal vc_produces_refl'0 : ([%#smap0] inv'0 self) -> ([%#smap1] produces'0 self (Seq.empty : Seq.seq t_B'0) self) -end -module M_creusot_contracts__stdqy35z1__iter__map__qyi6597778842032428791__produces_trans [#"../../../creusot-contracts/src/std/iter/map.rs" 93 4 93 90] (* as std::iter::Iterator> *) - let%span smap0 = "../../../creusot-contracts/src/std/iter/map.rs" 87 15 87 21 - let%span smap1 = "../../../creusot-contracts/src/std/iter/map.rs" 88 15 88 21 - let%span smap2 = "../../../creusot-contracts/src/std/iter/map.rs" 89 15 89 21 - let%span smap3 = "../../../creusot-contracts/src/std/iter/map.rs" 90 15 90 32 - let%span smap4 = "../../../creusot-contracts/src/std/iter/map.rs" 91 15 91 32 - let%span smap5 = "../../../creusot-contracts/src/std/iter/map.rs" 92 14 92 42 - let%span smap6 = "../../../creusot-contracts/src/std/iter/map.rs" 85 4 85 10 - let%span smap7 = "../../../creusot-contracts/src/std/iter/map.rs" 64 12 75 75 - let%span smap8 = "../../../creusot-contracts/src/std/iter/map.rs" 24 14 24 39 - let%span smap9 = "../../../creusot-contracts/src/std/iter/map.rs" 17 14 17 39 - let%span sops10 = "../../../creusot-contracts/src/std/ops.rs" 105 15 105 59 - let%span sops11 = "../../../creusot-contracts/src/std/ops.rs" 106 14 106 36 - let%span sops12 = "../../../creusot-contracts/src/std/ops.rs" 111 14 111 31 - let%span sops13 = "../../../creusot-contracts/src/std/ops.rs" 116 15 116 29 - let%span sops14 = "../../../creusot-contracts/src/std/ops.rs" 117 15 117 26 - let%span sops15 = "../../../creusot-contracts/src/std/ops.rs" 118 14 118 28 - let%span sops16 = "../../../creusot-contracts/src/std/ops.rs" 123 14 124 105 - let%span siter17 = "../../../creusot-contracts/src/std/iter.rs" 38 15 38 24 - let%span siter18 = "../../../creusot-contracts/src/std/iter.rs" 39 14 39 45 - let%span siter19 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 21 - let%span siter20 = "../../../creusot-contracts/src/std/iter.rs" 44 15 44 21 - let%span siter21 = "../../../creusot-contracts/src/std/iter.rs" 45 15 45 21 - let%span siter22 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 - let%span siter23 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 - let%span siter24 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 - let%span sseq25 = "../../../creusot-contracts/src/logic/seq.rs" 451 20 451 95 - let%span sboxed26 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 - let%span sinvariant27 = "../../../creusot-contracts/src/invariant.rs" 34 20 34 44 + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_T'0) (y : t_T'0) : () - type t_I'0 + axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) - type t_F'0 + function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_T'0) (o : t_T'0) : bool - type t_Map'0 = - { t_Map__iter'0: t_I'0; t_Map__f'0: t_F'0 } + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_T'0) (y : t_T'0) : () - predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) + axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) - predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_F'0) + function cmp_log'0 [#"../../../creusot-contracts/src/std/option.rs" 436 4 436 41] (self : t_Option'0) (o : t_Option'0) : t_Ordering'0 + + = + [%#soption3] match (self, o) with + | (C_None'0, C_None'0) -> C_Equal'0 + | (C_None'0, C_Some'0 _) -> C_Less'0 + | (C_Some'0 _, C_None'0) -> C_Greater'0 + | (C_Some'0 x, C_Some'0 y) -> cmp_log'1 x y + end - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Map'0) + constant x : t_Option'0 - axiom inv_axiom'0 [@rewrite] : forall x : t_Map'0 [inv'0 x] . inv'0 x - = match x with - | {t_Map__iter'0 = iter ; t_Map__f'0 = f} -> inv'3 iter /\ inv'4 f - end + constant y : t_Option'0 - type t_B'0 + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37] (x : t_Option'0) (y : t_Option'0) : () + - use seq.Seq + goal vc_antisym2'0 : ([%#sord0] cmp_log'0 x y = C_Greater'0) -> ([%#sord1] cmp_log'0 y x = C_Less'0) +end +module M_creusot_contracts__stdqy35z1__option__qyi10751279649878241649__eq_cmp [#"../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35] (* as logic::ord::OrdLogic> *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 173 39 173 84 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 171 8 171 35 + let%span soption2 = "../../../creusot-contracts/src/std/option.rs" 437 8 442 9 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 + let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 + let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 + let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 + let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 + let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 + let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 + let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 + let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 + let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 + let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 + let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 - function func'0 [#"../../../creusot-contracts/src/std/iter/map.rs" 25 4 25 22] (self : t_Map'0) : t_F'0 + type t_T'0 - axiom func'0_spec : forall self : t_Map'0 . [%#smap8] inv'0 self -> inv'4 (func'0 self) + type t_Option'0 = + | C_None'0 + | C_Some'0 t_T'0 - type t_Item'0 + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate postcondition_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 81 4 81 73] (self : t_F'0) (args : t_Item'0) (result : t_B'0) + function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_T'0) (other : t_T'0) : t_Ordering'0 - use prelude.prelude.Borrow + function eq_cmp'1 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_T'0) (y : t_T'0) : () - predicate resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_F'0) + axiom eq_cmp'1_spec : forall x : t_T'0, y : t_T'0 . [%#sord15] (x = y) = (cmp_log'1 x y = C_Equal'0) - predicate postcondition_mut'0 [#"../../../creusot-contracts/src/std/ops.rs" 91 4 91 92] (self : t_F'0) (args : t_Item'0) (result_state : t_F'0) (result : t_B'0) - + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_T'0) (y : t_T'0) : () - function fn_mut_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 125 4 125 55] (self : t_F'0) (args : t_Item'0) (res : t_B'0) : () - + axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord13] cmp_log'1 x y = C_Greater'0) + -> ([%#sord14] cmp_log'1 y x = C_Less'0) - axiom fn_mut_once'0_spec : forall self : t_F'0, args : t_Item'0, res : t_B'0 . [%#sops16] postcondition_once'0 self args res - = (exists res_state : t_F'0 . postcondition_mut'0 self args res_state res /\ resolve'0 res_state) + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_T'0) (y : t_T'0) : () - predicate unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 99 4 99 36] (self : t_F'0) (_2 : t_F'0) + axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord11] cmp_log'1 x y = C_Less'0) + -> ([%#sord12] cmp_log'1 y x = C_Greater'0) - function unnest_trans'0 [#"../../../creusot-contracts/src/std/ops.rs" 119 4 119 43] (self : t_F'0) (b : t_F'0) (c : t_F'0) : () + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () - axiom unnest_trans'0_spec : forall self : t_F'0, b : t_F'0, c : t_F'0 . ([%#sops13] unnest'0 self b) - -> ([%#sops14] unnest'0 b c) -> ([%#sops15] unnest'0 self c) + axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord8] cmp_log'1 x y = o) + -> ([%#sord9] cmp_log'1 y z = o) -> ([%#sord10] cmp_log'1 x z = o) - function unnest_refl'0 [#"../../../creusot-contracts/src/std/ops.rs" 112 4 112 24] (self : t_F'0) : () + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_T'0) : () - axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops12] unnest'0 self self + axiom refl'0_spec : forall x : t_T'0 . [%#sord7] cmp_log'1 x x = C_Equal'0 - function postcondition_mut_unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 107 4 107 85] (self : t_F'0) (args : t_Item'0) (res_state : t_F'0) (res : t_B'0) : () - + function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_T'0) (o : t_T'0) : bool - axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : t_Item'0, res_state : t_F'0, res : t_B'0 . ([%#sops10] postcondition_mut'0 self args res_state res) - -> ([%#sops11] unnest'0 self res_state) + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_T'0) (y : t_T'0) : () - use seq.Seq + axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord6] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) - use prelude.prelude.Int + function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_T'0) (o : t_T'0) : bool - use seq.Seq + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_T'0) (y : t_T'0) : () - use seq.Seq + axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) - predicate invariant'4 [#"../../../creusot-contracts/src/invariant.rs" 33 4 33 30] (self : borrowed t_F'0) = - [%#sinvariant27] inv'4 self.current /\ inv'4 self.final + function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_T'0) (o : t_T'0) : bool - predicate inv'7 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : borrowed t_F'0) + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_T'0) (y : t_T'0) : () - axiom inv_axiom'5 [@rewrite] : forall x : borrowed t_F'0 [inv'7 x] . inv'7 x = invariant'4 x + axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) - predicate invariant'2 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : borrowed t_F'0) = - [%#sboxed26] inv'7 self + function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_T'0) (o : t_T'0) : bool - predicate inv'5 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : borrowed t_F'0) + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_T'0) (y : t_T'0) : () - axiom inv_axiom'3 [@rewrite] : forall x : borrowed t_F'0 [inv'5 x] . inv'5 x = invariant'2 x + axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord3] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) + + function cmp_log'0 [#"../../../creusot-contracts/src/std/option.rs" 436 4 436 41] (self : t_Option'0) (o : t_Option'0) : t_Ordering'0 + + = + [%#soption2] match (self, o) with + | (C_None'0, C_None'0) -> C_Equal'0 + | (C_None'0, C_Some'0 _) -> C_Less'0 + | (C_Some'0 _, C_None'0) -> C_Greater'0 + | (C_Some'0 x, C_Some'0 y) -> cmp_log'1 x y + end - predicate invariant'0 [#"../../../creusot-contracts/src/logic/seq.rs" 450 4 450 30] (self : Seq.seq (borrowed t_F'0)) - = - [%#sseq25] forall i : int . 0 <= i /\ i < Seq.length self -> inv'5 (Seq.get self i) + constant x : t_Option'0 - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq (borrowed t_F'0)) + constant y : t_Option'0 - axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq (borrowed t_F'0) [inv'1 x] . inv'1 x = invariant'0 x + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35] (x : t_Option'0) (y : t_Option'0) : () - use seq.Seq + goal vc_eq_cmp'0 : [%#sord0] (x = y) = (cmp_log'0 x y = C_Equal'0) +end +module M_creusot_contracts__stdqy35z1__option__qyi15354566128244900690__produces_refl [#"../../../creusot-contracts/src/std/option.rs" 477 4 477 26] (* as std::iter::Iterator> *) + let%span soption0 = "../../../creusot-contracts/src/std/option.rs" 476 14 476 45 + let%span soption1 = "../../../creusot-contracts/src/std/option.rs" 474 4 474 10 + let%span soption2 = "../../../creusot-contracts/src/std/option.rs" 469 12 470 96 use seq.Seq - use seq.Seq + type t_T'0 use seq.Seq - predicate inv'8 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) - - predicate invariant'3 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : t_Item'0) = - [%#sboxed26] inv'8 self - - predicate inv'6 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) - - axiom inv_axiom'4 [@rewrite] : forall x : t_Item'0 [inv'6 x] . inv'6 x = invariant'3 x + type t_Option'0 = + | C_None'0 + | C_Some'0 t_T'0 - predicate invariant'1 [#"../../../creusot-contracts/src/logic/seq.rs" 450 4 450 30] (self : Seq.seq t_Item'0) = - [%#sseq25] forall i : int . 0 <= i /\ i < Seq.length self -> inv'6 (Seq.get self i) + type t_Item'0 = + { t_Item__opt'0: t_Option'0 } - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t_Item'0) + type t_IntoIter'0 = + { t_IntoIter__inner'0: t_Item'0 } - axiom inv_axiom'2 [@rewrite] : forall x : Seq.seq t_Item'0 [inv'2 x] . inv'2 x = invariant'1 x + function view'0 [#"../../../creusot-contracts/src/std/option.rs" 453 4 453 30] (self : t_IntoIter'0) : t_Option'0 - function iter'0 [#"../../../creusot-contracts/src/std/iter/map.rs" 18 4 18 22] (self : t_Map'0) : t_I'0 + use seq.Seq - axiom iter'0_spec : forall self : t_Map'0 . [%#smap9] inv'0 self -> inv'3 (iter'0 self) + predicate produces'0 [#"../../../creusot-contracts/src/std/option.rs" 467 4 467 64] (self : t_IntoIter'0) (visited : Seq.seq t_T'0) (o : t_IntoIter'0) + + = + [%#soption2] visited = (Seq.empty : Seq.seq t_T'0) /\ self = o + \/ (exists e : t_T'0 . view'0 self = C_Some'0 e /\ visited = Seq.singleton e /\ view'0 o = C_None'0) - use seq.Seq + constant self : t_IntoIter'0 - use seq.Seq + function produces_refl'0 [#"../../../creusot-contracts/src/std/option.rs" 477 4 477 26] (self : t_IntoIter'0) : () - predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - + goal vc_produces_refl'0 : [%#soption0] produces'0 self (Seq.empty : Seq.seq t_T'0) self +end +module M_creusot_contracts__stdqy35z1__option__qyi15354566128244900690__produces_trans [#"../../../creusot-contracts/src/std/option.rs" 484 4 484 90] (* as std::iter::Iterator> *) + let%span soption0 = "../../../creusot-contracts/src/std/option.rs" 481 15 481 32 + let%span soption1 = "../../../creusot-contracts/src/std/option.rs" 482 15 482 32 + let%span soption2 = "../../../creusot-contracts/src/std/option.rs" 483 14 483 42 + let%span soption3 = "../../../creusot-contracts/src/std/option.rs" 479 4 479 10 + let%span soption4 = "../../../creusot-contracts/src/std/option.rs" 469 12 470 96 - function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - + type t_T'0 - axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter19] inv'3 a) - -> ([%#siter20] inv'3 b) - -> ([%#siter21] inv'3 c) - -> ([%#siter22] produces'1 a ab b) - -> ([%#siter23] produces'1 b bc c) -> ([%#siter24] produces'1 a (Seq.(++) ab bc) c) + type t_Option'0 = + | C_None'0 + | C_Some'0 t_T'0 - function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 40 4 40 27] (self : t_I'0) : () + type t_Item'0 = + { t_Item__opt'0: t_Option'0 } - axiom produces_refl'0_spec : forall self : t_I'0 . ([%#siter17] inv'3 self) - -> ([%#siter18] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) + type t_IntoIter'0 = + { t_IntoIter__inner'0: t_Item'0 } use seq.Seq use seq.Seq - predicate precondition'0 [#"../../../creusot-contracts/src/std/ops.rs" 73 4 73 45] (self : t_F'0) (args : t_Item'0) + function view'0 [#"../../../creusot-contracts/src/std/option.rs" 453 4 453 30] (self : t_IntoIter'0) : t_Option'0 use seq.Seq - predicate produces'0 [@inline:trivial] [#"../../../creusot-contracts/src/std/iter/map.rs" 62 4 62 67] (self : t_Map'0) (visited : Seq.seq t_B'0) (succ : t_Map'0) + predicate produces'0 [#"../../../creusot-contracts/src/std/option.rs" 467 4 467 64] (self : t_IntoIter'0) (visited : Seq.seq t_T'0) (o : t_IntoIter'0) = - [%#smap7] unnest'0 (func'0 self) (func'0 succ) - /\ (exists fs : Seq.seq (borrowed t_F'0) . inv'1 fs - /\ Seq.length fs = Seq.length visited - /\ (exists s : Seq.seq t_Item'0 [produces'1 (iter'0 self) s (iter'0 succ)] . inv'2 s - /\ Seq.length s = Seq.length visited - /\ produces'1 (iter'0 self) s (iter'0 succ) - /\ (forall i : int . 1 <= i /\ i < Seq.length fs -> (Seq.get fs (i - 1)).final = (Seq.get fs i).current) - /\ (if Seq.length visited = 0 then - func'0 self = func'0 succ - else - (Seq.get fs 0).current = func'0 self /\ (Seq.get fs (Seq.length visited - 1)).final = func'0 succ - ) - /\ (forall i : int . 0 <= i /\ i < Seq.length visited - -> unnest'0 (func'0 self) (Seq.get fs i).current - /\ precondition'0 (Seq.get fs i).current (Seq.get s i) - /\ postcondition_mut'0 (Seq.get fs i).current (Seq.get s i) (Seq.get fs i).final (Seq.get visited i)))) + [%#soption4] visited = (Seq.empty : Seq.seq t_T'0) /\ self = o + \/ (exists e : t_T'0 . view'0 self = C_Some'0 e /\ visited = Seq.singleton e /\ view'0 o = C_None'0) use seq.Seq - constant a : t_Map'0 + constant a : t_IntoIter'0 - constant ab : Seq.seq t_B'0 + constant ab : Seq.seq t_T'0 - constant b : t_Map'0 + constant b : t_IntoIter'0 - constant bc : Seq.seq t_B'0 + constant bc : Seq.seq t_T'0 - constant c : t_Map'0 + constant c : t_IntoIter'0 - function produces_trans'0 [#"../../../creusot-contracts/src/std/iter/map.rs" 93 4 93 90] (a : t_Map'0) (ab : Seq.seq t_B'0) (b : t_Map'0) (bc : Seq.seq t_B'0) (c : t_Map'0) : () + function produces_trans'0 [#"../../../creusot-contracts/src/std/option.rs" 484 4 484 90] (a : t_IntoIter'0) (ab : Seq.seq t_T'0) (b : t_IntoIter'0) (bc : Seq.seq t_T'0) (c : t_IntoIter'0) : () - goal vc_produces_trans'0 : ([%#smap4] produces'0 b bc c) - -> ([%#smap3] produces'0 a ab b) - -> ([%#smap2] inv'0 c) - -> ([%#smap1] inv'0 b) -> ([%#smap0] inv'0 a) -> ([%#smap5] produces'0 a (Seq.(++) ab bc) c) + goal vc_produces_trans'0 : ([%#soption1] produces'0 b bc c) + -> ([%#soption0] produces'0 a ab b) -> ([%#soption2] produces'0 a (Seq.(++) ab bc) c) end -module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi9026772487048432788__produces_refl [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 25 4 25 26] (* ::Item, F> as std::iter::Iterator> *) - let%span smap_inv0 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 23 15 23 24 - let%span smap_inv1 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 24 14 24 45 - let%span smap_inv2 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 21 4 21 10 - let%span smap_inv3 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 41 8 54 9 - let%span smap_inv4 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 80 12 82 73 - let%span sops5 = "../../../creusot-contracts/src/std/ops.rs" 105 15 105 59 - let%span sops6 = "../../../creusot-contracts/src/std/ops.rs" 106 14 106 36 - let%span sops7 = "../../../creusot-contracts/src/std/ops.rs" 111 14 111 31 - let%span sops8 = "../../../creusot-contracts/src/std/ops.rs" 116 15 116 29 - let%span sops9 = "../../../creusot-contracts/src/std/ops.rs" 117 15 117 26 - let%span sops10 = "../../../creusot-contracts/src/std/ops.rs" 118 14 118 28 - let%span sops11 = "../../../creusot-contracts/src/std/ops.rs" 123 14 124 105 - let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 38 15 38 24 - let%span siter13 = "../../../creusot-contracts/src/std/iter.rs" 39 14 39 45 - let%span siter14 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 21 - let%span siter15 = "../../../creusot-contracts/src/std/iter.rs" 44 15 44 21 - let%span siter16 = "../../../creusot-contracts/src/std/iter.rs" 45 15 45 21 - let%span siter17 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 - let%span siter18 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 - let%span siter19 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 - let%span smap_inv20 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 159 12 163 47 - let%span smap_inv21 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 130 14 130 81 - let%span smap_inv22 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 133 12 138 88 - let%span smap_inv23 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 123 12 125 63 - let%span sseq24 = "../../../creusot-contracts/src/logic/seq.rs" 451 20 451 95 - let%span smap_inv25 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 146 12 151 71 - let%span sinvariant26 = "../../../creusot-contracts/src/invariant.rs" 34 20 34 44 - let%span sboxed27 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 - - type t_I'0 - - type t_F'0 - - type t_Item'0 +module M_creusot_contracts__stdqy35z1__option__qyi15411423289202690388__produces_refl [#"../../../creusot-contracts/src/std/option.rs" 530 4 530 26] (* as std::iter::Iterator> *) + let%span soption0 = "../../../creusot-contracts/src/std/option.rs" 529 14 529 45 + let%span soption1 = "../../../creusot-contracts/src/std/option.rs" 527 4 527 10 + let%span soption2 = "../../../creusot-contracts/src/std/option.rs" 522 12 523 96 use seq.Seq - use prelude.prelude.Snapshot - - type t_MapInv'0 = - { t_MapInv__iter'0: t_I'0; t_MapInv__func'0: t_F'0; t_MapInv__produced'0: Snapshot.snap_ty (Seq.seq t_Item'0) } - use prelude.prelude.Borrow - predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) + type t_T'0 - predicate invariant'3 [#"../../../creusot-contracts/src/invariant.rs" 33 4 33 30] (self : borrowed t_I'0) = - [%#sinvariant26] inv'3 self.current /\ inv'3 self.final + use seq.Seq - predicate inv'5 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : borrowed t_I'0) + type t_Option'0 = + | C_None'0 + | C_Some'0 t_T'0 - axiom inv_axiom'3 [@rewrite] : forall x : borrowed t_I'0 [inv'5 x] . inv'5 x = invariant'3 x + type t_Item'0 = + { t_Item__opt'0: t_Option'0 } - predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_F'0) + type t_Iter'0 = + { t_Iter__inner'0: t_Item'0 } - use seq.Seq + function view'0 [#"../../../creusot-contracts/src/std/option.rs" 506 4 506 34] (self : t_Iter'0) : t_Option'0 use seq.Seq - predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - - - function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + predicate produces'0 [#"../../../creusot-contracts/src/std/option.rs" 520 4 520 64] (self : t_Iter'0) (visited : Seq.seq t_T'0) (o : t_Iter'0) + = + [%#soption2] visited = (Seq.empty : Seq.seq t_T'0) /\ self = o + \/ (exists e : t_T'0 . view'0 self = C_Some'0 e /\ visited = Seq.singleton e /\ view'0 o = C_None'0) - axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter14] inv'3 a) - -> ([%#siter15] inv'3 b) - -> ([%#siter16] inv'3 c) - -> ([%#siter17] produces'1 a ab b) - -> ([%#siter18] produces'1 b bc c) -> ([%#siter19] produces'1 a (Seq.(++) ab bc) c) - - function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 40 4 40 27] (self : t_I'0) : () - - axiom produces_refl'1_spec : forall self : t_I'0 . ([%#siter12] inv'3 self) - -> ([%#siter13] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) - - predicate completed'0 [#"../../../creusot-contracts/src/std/iter.rs" 35 4 35 36] (self : borrowed t_I'0) + constant self : t_Iter'0 - predicate inv'6 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) + function produces_refl'0 [#"../../../creusot-contracts/src/std/option.rs" 530 4 530 26] (self : t_Iter'0) : () - use seq.Seq + goal vc_produces_refl'0 : [%#soption0] produces'0 self (Seq.empty : Seq.seq t_T'0) self +end +module M_creusot_contracts__stdqy35z1__option__qyi15411423289202690388__produces_trans [#"../../../creusot-contracts/src/std/option.rs" 537 4 537 90] (* as std::iter::Iterator> *) + let%span soption0 = "../../../creusot-contracts/src/std/option.rs" 534 15 534 32 + let%span soption1 = "../../../creusot-contracts/src/std/option.rs" 535 15 535 32 + let%span soption2 = "../../../creusot-contracts/src/std/option.rs" 536 14 536 42 + let%span soption3 = "../../../creusot-contracts/src/std/option.rs" 532 4 532 10 + let%span soption4 = "../../../creusot-contracts/src/std/option.rs" 522 12 523 96 - use prelude.prelude.Snapshot + use prelude.prelude.Borrow - predicate precondition'0 [#"../../../creusot-contracts/src/std/ops.rs" 73 4 73 45] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) - + type t_T'0 - predicate next_precondition'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 121 4 121 78] (iter : t_I'0) (func : t_F'0) (produced : Seq.seq t_Item'0) - - = - [%#smap_inv23] forall e : t_Item'0, i : t_I'0 . inv'6 e /\ inv'3 i /\ produces'1 iter (Seq.singleton e) i - -> precondition'0 func (e, Snapshot.new produced) + type t_Option'0 = + | C_None'0 + | C_Some'0 t_T'0 - type t_B'0 + type t_Item'0 = + { t_Item__opt'0: t_Option'0 } - use prelude.prelude.Int + type t_Iter'0 = + { t_Iter__inner'0: t_Item'0 } use seq.Seq use seq.Seq - predicate invariant'6 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : t_Item'0) = - [%#sboxed27] inv'6 self - - predicate inv'10 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) - - axiom inv_axiom'6 [@rewrite] : forall x : t_Item'0 [inv'10 x] . inv'10 x = invariant'6 x - - predicate invariant'2 [#"../../../creusot-contracts/src/logic/seq.rs" 450 4 450 30] (self : Seq.seq t_Item'0) = - [%#sseq24] forall i : int . 0 <= i /\ i < Seq.length self -> inv'10 (Seq.get self i) + function view'0 [#"../../../creusot-contracts/src/std/option.rs" 506 4 506 34] (self : t_Iter'0) : t_Option'0 - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t_Item'0) + use seq.Seq - axiom inv_axiom'2 [@rewrite] : forall x : Seq.seq t_Item'0 [inv'2 x] . inv'2 x = invariant'2 x + predicate produces'0 [#"../../../creusot-contracts/src/std/option.rs" 520 4 520 64] (self : t_Iter'0) (visited : Seq.seq t_T'0) (o : t_Iter'0) + + = + [%#soption4] visited = (Seq.empty : Seq.seq t_T'0) /\ self = o + \/ (exists e : t_T'0 . view'0 self = C_Some'0 e /\ visited = Seq.singleton e /\ view'0 o = C_None'0) - predicate invariant'4 [#"../../../creusot-contracts/src/invariant.rs" 33 4 33 30] (self : borrowed t_F'0) = - [%#sinvariant26] inv'4 self.current /\ inv'4 self.final + use seq.Seq - predicate inv'7 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : borrowed t_F'0) + constant a : t_Iter'0 - axiom inv_axiom'4 [@rewrite] : forall x : borrowed t_F'0 [inv'7 x] . inv'7 x = invariant'4 x + constant ab : Seq.seq t_T'0 - predicate inv'8 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_B'0) + constant b : t_Iter'0 - predicate postcondition_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 81 4 81 73] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (result : t_B'0) - + constant bc : Seq.seq t_T'0 - predicate resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_F'0) + constant c : t_Iter'0 - predicate postcondition_mut'0 [#"../../../creusot-contracts/src/std/ops.rs" 91 4 91 92] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (result_state : t_F'0) (result : t_B'0) + function produces_trans'0 [#"../../../creusot-contracts/src/std/option.rs" 537 4 537 90] (a : t_Iter'0) (ab : Seq.seq t_T'0) (b : t_Iter'0) (bc : Seq.seq t_T'0) (c : t_Iter'0) : () - function fn_mut_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 125 4 125 55] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (res : t_B'0) : () - + goal vc_produces_trans'0 : ([%#soption1] produces'0 b bc c) + -> ([%#soption0] produces'0 a ab b) -> ([%#soption2] produces'0 a (Seq.(++) ab bc) c) +end +module M_creusot_contracts__stdqy35z1__option__qyi6601631924869095363__produces_refl [#"../../../creusot-contracts/src/std/option.rs" 586 4 586 26] (* as std::iter::Iterator> *) + let%span soption0 = "../../../creusot-contracts/src/std/option.rs" 585 14 585 45 + let%span soption1 = "../../../creusot-contracts/src/std/option.rs" 583 4 583 10 + let%span soption2 = "../../../creusot-contracts/src/std/option.rs" 578 12 579 96 - axiom fn_mut_once'0_spec : forall self : t_F'0, args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0)), res : t_B'0 . [%#sops11] postcondition_once'0 self args res - = (exists res_state : t_F'0 . postcondition_mut'0 self args res_state res /\ resolve'0 res_state) + use seq.Seq - predicate unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 99 4 99 36] (self : t_F'0) (_2 : t_F'0) + use prelude.prelude.Borrow - function unnest_trans'0 [#"../../../creusot-contracts/src/std/ops.rs" 119 4 119 43] (self : t_F'0) (b : t_F'0) (c : t_F'0) : () - + type t_T'0 - axiom unnest_trans'0_spec : forall self : t_F'0, b : t_F'0, c : t_F'0 . ([%#sops8] unnest'0 self b) - -> ([%#sops9] unnest'0 b c) -> ([%#sops10] unnest'0 self c) + use seq.Seq - function unnest_refl'0 [#"../../../creusot-contracts/src/std/ops.rs" 112 4 112 24] (self : t_F'0) : () + type t_Option'0 = + | C_None'0 + | C_Some'0 (borrowed t_T'0) - axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops7] unnest'0 self self + type t_Item'0 = + { t_Item__opt'0: t_Option'0 } - function postcondition_mut_unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 107 4 107 85] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (res_state : t_F'0) (res : t_B'0) : () - + type t_IterMut'0 = + { t_IterMut__inner'0: t_Item'0 } - axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0)), res_state : t_F'0, res : t_B'0 . ([%#sops5] postcondition_mut'0 self args res_state res) - -> ([%#sops6] unnest'0 self res_state) + function view'0 [#"../../../creusot-contracts/src/std/option.rs" 562 4 562 38] (self : t_IterMut'0) : t_Option'0 use seq.Seq - predicate preservation'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 144 4 144 49] (iter : t_I'0) (func : t_F'0) + predicate produces'0 [#"../../../creusot-contracts/src/std/option.rs" 576 4 576 64] (self : t_IterMut'0) (visited : Seq.seq (borrowed t_T'0)) (o : t_IterMut'0) = - [%#smap_inv25] forall s : Seq.seq t_Item'0, e1 : t_Item'0, e2 : t_Item'0, f : borrowed t_F'0, b : t_B'0, i : t_I'0 . inv'2 s - /\ inv'6 e1 /\ inv'6 e2 /\ inv'7 f /\ inv'8 b /\ inv'3 i /\ unnest'0 func f.current - -> produces'1 iter (Seq.snoc (Seq.snoc s e1) e2) i - -> precondition'0 f.current (e1, Snapshot.new s) - -> postcondition_mut'0 f.current (e1, Snapshot.new s) f.final b - -> precondition'0 f.final (e2, Snapshot.new (Seq.snoc s e1)) + [%#soption2] visited = (Seq.empty : Seq.seq (borrowed t_T'0)) /\ self = o + \/ (exists e : borrowed t_T'0 . view'0 self = C_Some'0 e /\ visited = Seq.singleton e /\ view'0 o = C_None'0) - predicate reinitialize'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 157 4 157 33] (_1 : ()) = - [%#smap_inv20] forall iter : borrowed t_I'0, func : t_F'0 . inv'5 iter /\ inv'4 func - -> completed'0 iter - -> next_precondition'0 iter.final func (Seq.empty : Seq.seq t_Item'0) /\ preservation'0 iter.final func + constant self : t_IterMut'0 - use prelude.prelude.Snapshot + function produces_refl'0 [#"../../../creusot-contracts/src/std/option.rs" 586 4 586 26] (self : t_IterMut'0) : () - predicate preservation_inv'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 131 4 131 73] (iter : t_I'0) (func : t_F'0) (produced : Seq.seq t_Item'0) - - = - [%#smap_inv22] forall s : Seq.seq t_Item'0, e1 : t_Item'0, e2 : t_Item'0, f : borrowed t_F'0, b : t_B'0, i : t_I'0 . inv'2 s - /\ inv'6 e1 /\ inv'6 e2 /\ inv'7 f /\ inv'8 b /\ inv'3 i /\ unnest'0 func f.current - -> produces'1 iter (Seq.snoc (Seq.snoc s e1) e2) i - -> precondition'0 f.current (e1, Snapshot.new (Seq.(++) produced s)) - -> postcondition_mut'0 f.current (e1, Snapshot.new (Seq.(++) produced s)) f.final b - -> precondition'0 f.final (e2, Snapshot.new (Seq.snoc (Seq.(++) produced s) e1)) + goal vc_produces_refl'0 : [%#soption0] produces'0 self (Seq.empty : Seq.seq (borrowed t_T'0)) self +end +module M_creusot_contracts__stdqy35z1__option__qyi6601631924869095363__produces_trans [#"../../../creusot-contracts/src/std/option.rs" 593 4 593 90] (* as std::iter::Iterator> *) + let%span soption0 = "../../../creusot-contracts/src/std/option.rs" 590 15 590 32 + let%span soption1 = "../../../creusot-contracts/src/std/option.rs" 591 15 591 32 + let%span soption2 = "../../../creusot-contracts/src/std/option.rs" 592 14 592 42 + let%span soption3 = "../../../creusot-contracts/src/std/option.rs" 588 4 588 10 + let%span soption4 = "../../../creusot-contracts/src/std/option.rs" 578 12 579 96 - axiom preservation_inv'0_spec : forall iter : t_I'0, func : t_F'0, produced : Seq.seq t_Item'0 . [%#smap_inv21] produced - = (Seq.empty : Seq.seq t_Item'0) -> preservation_inv'0 iter func produced = preservation'0 iter func + use prelude.prelude.Borrow - predicate invariant'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 78 4 78 30] (self : t_MapInv'0) = - [%#smap_inv4] reinitialize'0 () - /\ preservation_inv'0 self.t_MapInv__iter'0 self.t_MapInv__func'0 (Snapshot.inner self.t_MapInv__produced'0) - /\ next_precondition'0 self.t_MapInv__iter'0 self.t_MapInv__func'0 (Snapshot.inner self.t_MapInv__produced'0) + type t_T'0 - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_MapInv'0) + type t_Option'0 = + | C_None'0 + | C_Some'0 (borrowed t_T'0) - axiom inv_axiom'0 [@rewrite] : forall x : t_MapInv'0 [inv'0 x] . inv'0 x - = (invariant'0 x - /\ match x with - | {t_MapInv__iter'0 = iter ; t_MapInv__func'0 = func ; t_MapInv__produced'0 = produced} -> inv'3 iter /\ inv'4 func - end) + type t_Item'0 = + { t_Item__opt'0: t_Option'0 } - use seq.Seq + type t_IterMut'0 = + { t_IterMut__inner'0: t_Item'0 } use seq.Seq use seq.Seq + function view'0 [#"../../../creusot-contracts/src/std/option.rs" 562 4 562 38] (self : t_IterMut'0) : t_Option'0 + use seq.Seq + predicate produces'0 [#"../../../creusot-contracts/src/std/option.rs" 576 4 576 64] (self : t_IterMut'0) (visited : Seq.seq (borrowed t_T'0)) (o : t_IterMut'0) + + = + [%#soption4] visited = (Seq.empty : Seq.seq (borrowed t_T'0)) /\ self = o + \/ (exists e : borrowed t_T'0 . view'0 self = C_Some'0 e /\ visited = Seq.singleton e /\ view'0 o = C_None'0) + use seq.Seq - predicate invariant'5 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : borrowed t_F'0) = - [%#sboxed27] inv'7 self + constant a : t_IterMut'0 - predicate inv'9 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : borrowed t_F'0) + constant ab : Seq.seq (borrowed t_T'0) - axiom inv_axiom'5 [@rewrite] : forall x : borrowed t_F'0 [inv'9 x] . inv'9 x = invariant'5 x + constant b : t_IterMut'0 - predicate invariant'1 [#"../../../creusot-contracts/src/logic/seq.rs" 450 4 450 30] (self : Seq.seq (borrowed t_F'0)) - = - [%#sseq24] forall i : int . 0 <= i /\ i < Seq.length self -> inv'9 (Seq.get self i) + constant bc : Seq.seq (borrowed t_T'0) - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq (borrowed t_F'0)) + constant c : t_IterMut'0 - axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq (borrowed t_F'0) [inv'1 x] . inv'1 x = invariant'1 x + function produces_trans'0 [#"../../../creusot-contracts/src/std/option.rs" 593 4 593 90] (a : t_IterMut'0) (ab : Seq.seq (borrowed t_T'0)) (b : t_IterMut'0) (bc : Seq.seq (borrowed t_T'0)) (c : t_IterMut'0) : () + - use seq.Seq + goal vc_produces_trans'0 : ([%#soption1] produces'0 b bc c) + -> ([%#soption0] produces'0 a ab b) -> ([%#soption2] produces'0 a (Seq.(++) ab bc) c) +end +module M_creusot_contracts__stdqy35z1__ptr__qyi17063894948818224584__is_null_logic [#"../../../creusot-contracts/src/std/ptr.rs" 81 4 81 34] (* <*const T as std::ptr::PointerExt> *) + let%span sptr0 = "../../../creusot-contracts/src/std/ptr.rs" 80 14 80 48 + let%span sptr1 = "../../../creusot-contracts/src/std/ptr.rs" 82 8 82 30 - use prelude.prelude.Snapshot + use prelude.prelude.Opaque - use seq.Seq + use prelude.prelude.Int - use seq.Seq + function addr_logic'0 [#"../../../creusot-contracts/src/std/ptr.rs" 74 4 74 30] (self : opaque_ptr) : int - use seq.Seq + constant self : opaque_ptr - use seq.Seq + function is_null_logic'0 [#"../../../creusot-contracts/src/std/ptr.rs" 81 4 81 34] (self : opaque_ptr) : bool - predicate produces'0 [@inline:trivial] [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 40 4 40 67] (self : t_MapInv'0) (visited : Seq.seq t_B'0) (succ : t_MapInv'0) - - = - [%#smap_inv3] unnest'0 self.t_MapInv__func'0 succ.t_MapInv__func'0 - /\ (exists fs : Seq.seq (borrowed t_F'0) . inv'1 fs - /\ Seq.length fs = Seq.length visited - /\ (exists s : Seq.seq t_Item'0 . inv'2 s - /\ Seq.length s = Seq.length visited - /\ produces'1 self.t_MapInv__iter'0 s succ.t_MapInv__iter'0 - /\ Snapshot.inner succ.t_MapInv__produced'0 = Seq.(++) (Snapshot.inner self.t_MapInv__produced'0) s - /\ (forall i : int . 1 <= i /\ i < Seq.length fs -> (Seq.get fs (i - 1)).final = (Seq.get fs i).current) - /\ (if Seq.length visited = 0 then - self.t_MapInv__func'0 = succ.t_MapInv__func'0 - else - (Seq.get fs 0).current = self.t_MapInv__func'0 - /\ (Seq.get fs (Seq.length visited - 1)).final = succ.t_MapInv__func'0 - ) - /\ (forall i : int . 0 <= i /\ i < Seq.length visited - -> unnest'0 self.t_MapInv__func'0 (Seq.get fs i).current - /\ precondition'0 (Seq.get fs i).current (Seq.get s i, Snapshot.new (Seq.(++) (Snapshot.inner self.t_MapInv__produced'0) (Seq.([..]) s 0 i))) - /\ postcondition_mut'0 (Seq.get fs i).current (Seq.get s i, Snapshot.new (Seq.(++) (Snapshot.inner self.t_MapInv__produced'0) (Seq.([..]) s 0 i))) (Seq.get fs i).final (Seq.get visited i)))) + goal vc_is_null_logic'0 : [%#sptr0] (addr_logic'0 self = 0) = (addr_logic'0 self = 0) +end +module M_creusot_contracts__stdqy35z1__ptr__qyi4877913266695965320__is_null_logic [#"../../../creusot-contracts/src/std/ptr.rs" 97 4 97 34] (* <*mut T as std::ptr::PointerExt> *) + let%span sptr0 = "../../../creusot-contracts/src/std/ptr.rs" 96 14 96 48 + let%span sptr1 = "../../../creusot-contracts/src/std/ptr.rs" 98 8 98 30 - constant self : t_MapInv'0 + use prelude.prelude.Opaque - function produces_refl'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 25 4 25 26] (self : t_MapInv'0) : () + use prelude.prelude.Int - goal vc_produces_refl'0 : ([%#smap_inv0] inv'0 self) - -> ([%#smap_inv1] produces'0 self (Seq.empty : Seq.seq t_B'0) self) -end -module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi9026772487048432788__produces_trans [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 35 4 35 90] (* ::Item, F> as std::iter::Iterator> *) - let%span smap_inv0 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 29 15 29 21 - let%span smap_inv1 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 30 15 30 21 - let%span smap_inv2 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 31 15 31 21 - let%span smap_inv3 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 32 15 32 32 - let%span smap_inv4 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 33 15 33 32 - let%span smap_inv5 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 34 14 34 42 - let%span smap_inv6 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 27 4 27 10 - let%span smap_inv7 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 41 8 54 9 - let%span smap_inv8 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 80 12 82 73 - let%span sops9 = "../../../creusot-contracts/src/std/ops.rs" 105 15 105 59 - let%span sops10 = "../../../creusot-contracts/src/std/ops.rs" 106 14 106 36 - let%span sops11 = "../../../creusot-contracts/src/std/ops.rs" 111 14 111 31 - let%span sops12 = "../../../creusot-contracts/src/std/ops.rs" 116 15 116 29 - let%span sops13 = "../../../creusot-contracts/src/std/ops.rs" 117 15 117 26 - let%span sops14 = "../../../creusot-contracts/src/std/ops.rs" 118 14 118 28 - let%span sops15 = "../../../creusot-contracts/src/std/ops.rs" 123 14 124 105 - let%span siter16 = "../../../creusot-contracts/src/std/iter.rs" 38 15 38 24 - let%span siter17 = "../../../creusot-contracts/src/std/iter.rs" 39 14 39 45 - let%span siter18 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 21 - let%span siter19 = "../../../creusot-contracts/src/std/iter.rs" 44 15 44 21 - let%span siter20 = "../../../creusot-contracts/src/std/iter.rs" 45 15 45 21 - let%span siter21 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 - let%span siter22 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 - let%span siter23 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 - let%span smap_inv24 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 159 12 163 47 - let%span smap_inv25 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 130 14 130 81 - let%span smap_inv26 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 133 12 138 88 - let%span smap_inv27 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 123 12 125 63 - let%span sseq28 = "../../../creusot-contracts/src/logic/seq.rs" 451 20 451 95 - let%span smap_inv29 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 146 12 151 71 - let%span sinvariant30 = "../../../creusot-contracts/src/invariant.rs" 34 20 34 44 - let%span sboxed31 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 + function addr_logic'0 [#"../../../creusot-contracts/src/std/ptr.rs" 90 4 90 30] (self : opaque_ptr) : int - type t_I'0 + constant self : opaque_ptr - type t_F'0 + function is_null_logic'0 [#"../../../creusot-contracts/src/std/ptr.rs" 97 4 97 34] (self : opaque_ptr) : bool - type t_Item'0 + goal vc_is_null_logic'0 : [%#sptr0] (addr_logic'0 self = 0) = (addr_logic'0 self = 0) +end +module M_creusot_contracts__stdqy35z1__slice__qyi8256668011736225471__produces_refl [#"../../../creusot-contracts/src/std/slice.rs" 412 4 412 26] (* as std::iter::Iterator> *) + let%span sslice0 = "../../../creusot-contracts/src/std/slice.rs" 411 14 411 45 + let%span sslice1 = "../../../creusot-contracts/src/std/slice.rs" 409 4 409 10 + let%span sslice2 = "../../../creusot-contracts/src/std/slice.rs" 405 12 405 66 + let%span sslice3 = "../../../creusot-contracts/src/std/slice.rs" 96 14 96 41 + let%span sslice4 = "../../../creusot-contracts/src/std/slice.rs" 97 14 97 80 + let%span smodel5 = "../../../creusot-contracts/src/model.rs" 88 8 88 22 + let%span sops6 = "../../../creusot-contracts/src/logic/ops.rs" 44 8 44 31 + let%span sslice7 = "../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 + let%span sslice8 = "../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 use seq.Seq - use prelude.prelude.Snapshot + use prelude.prelude.Borrow - type t_MapInv'0 = - { t_MapInv__iter'0: t_I'0; t_MapInv__func'0: t_F'0; t_MapInv__produced'0: Snapshot.snap_ty (Seq.seq t_Item'0) } + type t_T'0 - use prelude.prelude.Borrow + use seq.Seq - predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) + use prelude.prelude.Opaque - predicate invariant'3 [#"../../../creusot-contracts/src/invariant.rs" 33 4 33 30] (self : borrowed t_I'0) = - [%#sinvariant30] inv'3 self.current /\ inv'3 self.final + type t_NonNull'0 = + { t_NonNull__pointer'0: opaque_ptr } - predicate inv'5 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : borrowed t_I'0) + type t_Iter'0 = + { t_Iter__ptr'0: t_NonNull'0; t_Iter__end_or_len'0: opaque_ptr; t_Iter__qy95zmarker'0: () } - axiom inv_axiom'3 [@rewrite] : forall x : borrowed t_I'0 [inv'5 x] . inv'5 x = invariant'3 x + use prelude.prelude.Slice - predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_F'0) + function view'0 [#"../../../creusot-contracts/src/std/slice.rs" 389 4 389 33] (self : t_Iter'0) : slice t_T'0 use seq.Seq use seq.Seq - predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - + use seq.Seq - function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - + use prelude.prelude.UIntSize - axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter18] inv'3 a) - -> ([%#siter19] inv'3 b) - -> ([%#siter20] inv'3 c) - -> ([%#siter21] produces'1 a ab b) - -> ([%#siter22] produces'1 b bc c) -> ([%#siter23] produces'1 a (Seq.(++) ab bc) c) + constant v_MAX'0 : usize = (18446744073709551615 : usize) - function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 40 4 40 27] (self : t_I'0) : () + use prelude.prelude.UIntSize - axiom produces_refl'0_spec : forall self : t_I'0 . ([%#siter16] inv'3 self) - -> ([%#siter17] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) + use prelude.prelude.Int + + use prelude.prelude.Slice + + function view'2 [#"../../../creusot-contracts/src/std/slice.rs" 30 4 30 33] (self : slice t_T'0) : Seq.seq t_T'0 - predicate completed'0 [#"../../../creusot-contracts/src/std/iter.rs" 35 4 35 36] (self : borrowed t_I'0) + axiom view'2_spec : forall self : slice t_T'0 . ([%#sslice7] Seq.length (view'2 self) + <= UIntSize.to_int (v_MAX'0 : usize)) + && ([%#sslice8] view'2 self = Slice.id self) - predicate inv'6 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) + function view'1 [#"../../../creusot-contracts/src/model.rs" 87 4 87 33] (self : slice t_T'0) : Seq.seq t_T'0 = + [%#smodel5] view'2 self use seq.Seq - use prelude.prelude.Snapshot + use seq.Seq - predicate precondition'0 [#"../../../creusot-contracts/src/std/ops.rs" 73 4 73 45] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) + function index_logic'0 [@inline:trivial] [#"../../../creusot-contracts/src/logic/ops.rs" 43 4 43 47] (self : slice t_T'0) (ix : int) : t_T'0 + = + [%#sops6] Seq.get (view'2 self) ix - predicate next_precondition'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 121 4 121 78] (iter : t_I'0) (func : t_F'0) (produced : Seq.seq t_Item'0) + function to_ref_seq'0 [#"../../../creusot-contracts/src/std/slice.rs" 98 4 98 35] (self : slice t_T'0) : Seq.seq t_T'0 + + axiom to_ref_seq'0_spec : forall self : slice t_T'0 . ([%#sslice3] Seq.length (to_ref_seq'0 self) + = Seq.length (view'1 self)) + && ([%#sslice4] forall i : int . 0 <= i /\ i < Seq.length (to_ref_seq'0 self) + -> Seq.get (to_ref_seq'0 self) i = index_logic'0 self i) + + use seq.Seq + + predicate produces'0 [#"../../../creusot-contracts/src/std/slice.rs" 403 4 403 65] (self : t_Iter'0) (visited : Seq.seq t_T'0) (tl : t_Iter'0) = - [%#smap_inv27] forall e : t_Item'0, i : t_I'0 . inv'6 e /\ inv'3 i /\ produces'1 iter (Seq.singleton e) i - -> precondition'0 func (e, Snapshot.new produced) + [%#sslice2] to_ref_seq'0 (view'0 self) = Seq.(++) visited (to_ref_seq'0 (view'0 tl)) - type t_B'0 + constant self : t_Iter'0 - use prelude.prelude.Int + function produces_refl'0 [#"../../../creusot-contracts/src/std/slice.rs" 412 4 412 26] (self : t_Iter'0) : () - use seq.Seq + goal vc_produces_refl'0 : [%#sslice0] produces'0 self (Seq.empty : Seq.seq t_T'0) self +end +module M_creusot_contracts__stdqy35z1__slice__qyi8256668011736225471__produces_trans [#"../../../creusot-contracts/src/std/slice.rs" 419 4 419 90] (* as std::iter::Iterator> *) + let%span sslice0 = "../../../creusot-contracts/src/std/slice.rs" 416 15 416 32 + let%span sslice1 = "../../../creusot-contracts/src/std/slice.rs" 417 15 417 32 + let%span sslice2 = "../../../creusot-contracts/src/std/slice.rs" 418 14 418 42 + let%span sslice3 = "../../../creusot-contracts/src/std/slice.rs" 414 4 414 10 + let%span sslice4 = "../../../creusot-contracts/src/std/slice.rs" 405 12 405 66 + let%span sslice5 = "../../../creusot-contracts/src/std/slice.rs" 96 14 96 41 + let%span sslice6 = "../../../creusot-contracts/src/std/slice.rs" 97 14 97 80 + let%span smodel7 = "../../../creusot-contracts/src/model.rs" 88 8 88 22 + let%span sops8 = "../../../creusot-contracts/src/logic/ops.rs" 44 8 44 31 + let%span sslice9 = "../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 + let%span sslice10 = "../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 - use seq.Seq + use prelude.prelude.Opaque - predicate invariant'6 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : t_Item'0) = - [%#sboxed31] inv'6 self + type t_NonNull'0 = + { t_NonNull__pointer'0: opaque_ptr } - predicate inv'10 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) + type t_Iter'0 = + { t_Iter__ptr'0: t_NonNull'0; t_Iter__end_or_len'0: opaque_ptr; t_Iter__qy95zmarker'0: () } - axiom inv_axiom'6 [@rewrite] : forall x : t_Item'0 [inv'10 x] . inv'10 x = invariant'6 x + use prelude.prelude.Borrow - predicate invariant'2 [#"../../../creusot-contracts/src/logic/seq.rs" 450 4 450 30] (self : Seq.seq t_Item'0) = - [%#sseq28] forall i : int . 0 <= i /\ i < Seq.length self -> inv'10 (Seq.get self i) + type t_T'0 - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t_Item'0) + use seq.Seq - axiom inv_axiom'2 [@rewrite] : forall x : Seq.seq t_Item'0 [inv'2 x] . inv'2 x = invariant'2 x + use prelude.prelude.Slice - predicate invariant'4 [#"../../../creusot-contracts/src/invariant.rs" 33 4 33 30] (self : borrowed t_F'0) = - [%#sinvariant30] inv'4 self.current /\ inv'4 self.final + function view'0 [#"../../../creusot-contracts/src/std/slice.rs" 389 4 389 33] (self : t_Iter'0) : slice t_T'0 - predicate inv'7 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : borrowed t_F'0) + use seq.Seq - axiom inv_axiom'4 [@rewrite] : forall x : borrowed t_F'0 [inv'7 x] . inv'7 x = invariant'4 x + use seq.Seq - predicate inv'8 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_B'0) + use seq.Seq - predicate postcondition_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 81 4 81 73] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (result : t_B'0) - + use prelude.prelude.UIntSize - predicate resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_F'0) + constant v_MAX'0 : usize = (18446744073709551615 : usize) - predicate postcondition_mut'0 [#"../../../creusot-contracts/src/std/ops.rs" 91 4 91 92] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (result_state : t_F'0) (result : t_B'0) - + use prelude.prelude.UIntSize - function fn_mut_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 125 4 125 55] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (res : t_B'0) : () - + use prelude.prelude.Int - axiom fn_mut_once'0_spec : forall self : t_F'0, args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0)), res : t_B'0 . [%#sops15] postcondition_once'0 self args res - = (exists res_state : t_F'0 . postcondition_mut'0 self args res_state res /\ resolve'0 res_state) + use prelude.prelude.Slice - predicate unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 99 4 99 36] (self : t_F'0) (_2 : t_F'0) + function view'2 [#"../../../creusot-contracts/src/std/slice.rs" 30 4 30 33] (self : slice t_T'0) : Seq.seq t_T'0 - function unnest_trans'0 [#"../../../creusot-contracts/src/std/ops.rs" 119 4 119 43] (self : t_F'0) (b : t_F'0) (c : t_F'0) : () - + axiom view'2_spec : forall self : slice t_T'0 . ([%#sslice9] Seq.length (view'2 self) + <= UIntSize.to_int (v_MAX'0 : usize)) + && ([%#sslice10] view'2 self = Slice.id self) - axiom unnest_trans'0_spec : forall self : t_F'0, b : t_F'0, c : t_F'0 . ([%#sops12] unnest'0 self b) - -> ([%#sops13] unnest'0 b c) -> ([%#sops14] unnest'0 self c) + function view'1 [#"../../../creusot-contracts/src/model.rs" 87 4 87 33] (self : slice t_T'0) : Seq.seq t_T'0 = + [%#smodel7] view'2 self - function unnest_refl'0 [#"../../../creusot-contracts/src/std/ops.rs" 112 4 112 24] (self : t_F'0) : () + use seq.Seq - axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops11] unnest'0 self self + use seq.Seq - function postcondition_mut_unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 107 4 107 85] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (res_state : t_F'0) (res : t_B'0) : () + function index_logic'0 [@inline:trivial] [#"../../../creusot-contracts/src/logic/ops.rs" 43 4 43 47] (self : slice t_T'0) (ix : int) : t_T'0 + = + [%#sops8] Seq.get (view'2 self) ix - axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0)), res_state : t_F'0, res : t_B'0 . ([%#sops9] postcondition_mut'0 self args res_state res) - -> ([%#sops10] unnest'0 self res_state) + function to_ref_seq'0 [#"../../../creusot-contracts/src/std/slice.rs" 98 4 98 35] (self : slice t_T'0) : Seq.seq t_T'0 + + axiom to_ref_seq'0_spec : forall self : slice t_T'0 . ([%#sslice5] Seq.length (to_ref_seq'0 self) + = Seq.length (view'1 self)) + && ([%#sslice6] forall i : int . 0 <= i /\ i < Seq.length (to_ref_seq'0 self) + -> Seq.get (to_ref_seq'0 self) i = index_logic'0 self i) use seq.Seq - predicate preservation'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 144 4 144 49] (iter : t_I'0) (func : t_F'0) + predicate produces'0 [#"../../../creusot-contracts/src/std/slice.rs" 403 4 403 65] (self : t_Iter'0) (visited : Seq.seq t_T'0) (tl : t_Iter'0) = - [%#smap_inv29] forall s : Seq.seq t_Item'0, e1 : t_Item'0, e2 : t_Item'0, f : borrowed t_F'0, b : t_B'0, i : t_I'0 . inv'2 s - /\ inv'6 e1 /\ inv'6 e2 /\ inv'7 f /\ inv'8 b /\ inv'3 i /\ unnest'0 func f.current - -> produces'1 iter (Seq.snoc (Seq.snoc s e1) e2) i - -> precondition'0 f.current (e1, Snapshot.new s) - -> postcondition_mut'0 f.current (e1, Snapshot.new s) f.final b - -> precondition'0 f.final (e2, Snapshot.new (Seq.snoc s e1)) + [%#sslice4] to_ref_seq'0 (view'0 self) = Seq.(++) visited (to_ref_seq'0 (view'0 tl)) - predicate reinitialize'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 157 4 157 33] (_1 : ()) = - [%#smap_inv24] forall iter : borrowed t_I'0, func : t_F'0 . inv'5 iter /\ inv'4 func - -> completed'0 iter - -> next_precondition'0 iter.final func (Seq.empty : Seq.seq t_Item'0) /\ preservation'0 iter.final func + constant a : t_Iter'0 - use prelude.prelude.Snapshot + constant ab : Seq.seq t_T'0 - predicate preservation_inv'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 131 4 131 73] (iter : t_I'0) (func : t_F'0) (produced : Seq.seq t_Item'0) + constant b : t_Iter'0 + + constant bc : Seq.seq t_T'0 + + constant c : t_Iter'0 + + function produces_trans'0 [#"../../../creusot-contracts/src/std/slice.rs" 419 4 419 90] (a : t_Iter'0) (ab : Seq.seq t_T'0) (b : t_Iter'0) (bc : Seq.seq t_T'0) (c : t_Iter'0) : () - = - [%#smap_inv26] forall s : Seq.seq t_Item'0, e1 : t_Item'0, e2 : t_Item'0, f : borrowed t_F'0, b : t_B'0, i : t_I'0 . inv'2 s - /\ inv'6 e1 /\ inv'6 e2 /\ inv'7 f /\ inv'8 b /\ inv'3 i /\ unnest'0 func f.current - -> produces'1 iter (Seq.snoc (Seq.snoc s e1) e2) i - -> precondition'0 f.current (e1, Snapshot.new (Seq.(++) produced s)) - -> postcondition_mut'0 f.current (e1, Snapshot.new (Seq.(++) produced s)) f.final b - -> precondition'0 f.final (e2, Snapshot.new (Seq.snoc (Seq.(++) produced s) e1)) - axiom preservation_inv'0_spec : forall iter : t_I'0, func : t_F'0, produced : Seq.seq t_Item'0 . [%#smap_inv25] produced - = (Seq.empty : Seq.seq t_Item'0) -> preservation_inv'0 iter func produced = preservation'0 iter func + goal vc_produces_trans'0 : ([%#sslice1] produces'0 b bc c) + -> ([%#sslice0] produces'0 a ab b) -> ([%#sslice2] produces'0 a (Seq.(++) ab bc) c) +end +module M_creusot_contracts__stdqy35z1__slice__qyi7128337469104663169__produces_refl [#"../../../creusot-contracts/src/std/slice.rs" 467 4 467 26] (* as std::iter::Iterator> *) + let%span sslice0 = "../../../creusot-contracts/src/std/slice.rs" 465 15 465 24 + let%span sslice1 = "../../../creusot-contracts/src/std/slice.rs" 466 14 466 45 + let%span sslice2 = "../../../creusot-contracts/src/std/slice.rs" 463 4 463 10 + let%span sslice3 = "../../../creusot-contracts/src/std/slice.rs" 459 12 459 66 + let%span sslice4 = "../../../creusot-contracts/src/std/slice.rs" 427 14 427 50 + let%span sslice5 = "../../../creusot-contracts/src/std/slice.rs" 87 14 87 41 + let%span sslice6 = "../../../creusot-contracts/src/std/slice.rs" 88 14 88 84 + let%span sslice7 = "../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 + let%span sslice8 = "../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 + let%span smodel9 = "../../../creusot-contracts/src/model.rs" 106 8 106 22 + let%span sops10 = "../../../creusot-contracts/src/logic/ops.rs" 44 8 44 31 - predicate invariant'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 78 4 78 30] (self : t_MapInv'0) = - [%#smap_inv8] reinitialize'0 () - /\ preservation_inv'0 self.t_MapInv__iter'0 self.t_MapInv__func'0 (Snapshot.inner self.t_MapInv__produced'0) - /\ next_precondition'0 self.t_MapInv__iter'0 self.t_MapInv__func'0 (Snapshot.inner self.t_MapInv__produced'0) + use prelude.prelude.Opaque - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_MapInv'0) + type t_NonNull'0 = + { t_NonNull__pointer'0: opaque_ptr } - axiom inv_axiom'0 [@rewrite] : forall x : t_MapInv'0 [inv'0 x] . inv'0 x - = (invariant'0 x - /\ match x with - | {t_MapInv__iter'0 = iter ; t_MapInv__func'0 = func ; t_MapInv__produced'0 = produced} -> inv'3 iter /\ inv'4 func - end) + type t_IterMut'0 = + { t_IterMut__ptr'0: t_NonNull'0; t_IterMut__end_or_len'0: opaque_ptr; t_IterMut__qy95zmarker'0: () } - use seq.Seq + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_IterMut'0) + + axiom inv_axiom'0 [@rewrite] : forall x : t_IterMut'0 [inv'0 x] . inv'0 x = true use seq.Seq + use prelude.prelude.Borrow + + type t_T'0 + use seq.Seq use seq.Seq - predicate invariant'5 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : borrowed t_F'0) = - [%#sboxed31] inv'7 self + use prelude.prelude.UIntSize - predicate inv'9 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : borrowed t_F'0) + constant v_MAX'0 : usize = (18446744073709551615 : usize) - axiom inv_axiom'5 [@rewrite] : forall x : borrowed t_F'0 [inv'9 x] . inv'9 x = invariant'5 x + use prelude.prelude.UIntSize - predicate invariant'1 [#"../../../creusot-contracts/src/logic/seq.rs" 450 4 450 30] (self : Seq.seq (borrowed t_F'0)) - = - [%#sseq28] forall i : int . 0 <= i /\ i < Seq.length self -> inv'9 (Seq.get self i) + use prelude.prelude.Int - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq (borrowed t_F'0)) + use prelude.prelude.Slice - axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq (borrowed t_F'0) [inv'1 x] . inv'1 x = invariant'1 x + use prelude.prelude.Slice use seq.Seq - use prelude.prelude.Snapshot + function view'1 [#"../../../creusot-contracts/src/std/slice.rs" 30 4 30 33] (self : slice t_T'0) : Seq.seq t_T'0 - use seq.Seq + axiom view'1_spec : forall self : slice t_T'0 . ([%#sslice7] Seq.length (view'1 self) + <= UIntSize.to_int (v_MAX'0 : usize)) + && ([%#sslice8] view'1 self = Slice.id self) + + function view'0 [#"../../../creusot-contracts/src/std/slice.rs" 428 4 428 33] (self : t_IterMut'0) : borrowed (slice t_T'0) + + + axiom view'0_spec : forall self : t_IterMut'0 . [%#sslice4] Seq.length (view'1 (view'0 self).final) + = Seq.length (view'1 (view'0 self).current) use seq.Seq + function view'2 [#"../../../creusot-contracts/src/model.rs" 105 4 105 33] (self : borrowed (slice t_T'0)) : Seq.seq t_T'0 + + = + [%#smodel9] view'1 self.current + use seq.Seq use seq.Seq - predicate produces'0 [@inline:trivial] [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 40 4 40 67] (self : t_MapInv'0) (visited : Seq.seq t_B'0) (succ : t_MapInv'0) + function index_logic'0 [@inline:trivial] [#"../../../creusot-contracts/src/logic/ops.rs" 43 4 43 47] (self : slice t_T'0) (ix : int) : t_T'0 = - [%#smap_inv7] unnest'0 self.t_MapInv__func'0 succ.t_MapInv__func'0 - /\ (exists fs : Seq.seq (borrowed t_F'0) . inv'1 fs - /\ Seq.length fs = Seq.length visited - /\ (exists s : Seq.seq t_Item'0 . inv'2 s - /\ Seq.length s = Seq.length visited - /\ produces'1 self.t_MapInv__iter'0 s succ.t_MapInv__iter'0 - /\ Snapshot.inner succ.t_MapInv__produced'0 = Seq.(++) (Snapshot.inner self.t_MapInv__produced'0) s - /\ (forall i : int . 1 <= i /\ i < Seq.length fs -> (Seq.get fs (i - 1)).final = (Seq.get fs i).current) - /\ (if Seq.length visited = 0 then - self.t_MapInv__func'0 = succ.t_MapInv__func'0 - else - (Seq.get fs 0).current = self.t_MapInv__func'0 - /\ (Seq.get fs (Seq.length visited - 1)).final = succ.t_MapInv__func'0 - ) - /\ (forall i : int . 0 <= i /\ i < Seq.length visited - -> unnest'0 self.t_MapInv__func'0 (Seq.get fs i).current - /\ precondition'0 (Seq.get fs i).current (Seq.get s i, Snapshot.new (Seq.(++) (Snapshot.inner self.t_MapInv__produced'0) (Seq.([..]) s 0 i))) - /\ postcondition_mut'0 (Seq.get fs i).current (Seq.get s i, Snapshot.new (Seq.(++) (Snapshot.inner self.t_MapInv__produced'0) (Seq.([..]) s 0 i))) (Seq.get fs i).final (Seq.get visited i)))) + [%#sops10] Seq.get (view'1 self) ix + + function to_mut_seq'0 [#"../../../creusot-contracts/src/std/slice.rs" 90 4 90 43] (self : borrowed (slice t_T'0)) : Seq.seq (borrowed t_T'0) + + + axiom to_mut_seq'0_spec : forall self : borrowed (slice t_T'0) . ([%#sslice5] Seq.length (to_mut_seq'0 self) + = Seq.length (view'2 self)) + && ([%#sslice6] forall i : int . 0 <= i /\ i < Seq.length (to_mut_seq'0 self) + -> Seq.get (to_mut_seq'0 self) i + = Borrow.borrow_logic (index_logic'0 self.current i) (index_logic'0 self.final i) (Borrow.inherit_id (Borrow.get_id self) i)) use seq.Seq - constant a : t_MapInv'0 + predicate produces'0 [#"../../../creusot-contracts/src/std/slice.rs" 457 4 457 65] (self : t_IterMut'0) (visited : Seq.seq (borrowed t_T'0)) (tl : t_IterMut'0) + + = + [%#sslice3] to_mut_seq'0 (view'0 self) = Seq.(++) visited (to_mut_seq'0 (view'0 tl)) - constant ab : Seq.seq t_B'0 + constant self : t_IterMut'0 + + function produces_refl'0 [#"../../../creusot-contracts/src/std/slice.rs" 467 4 467 26] (self : t_IterMut'0) : () + + goal vc_produces_refl'0 : ([%#sslice0] inv'0 self) + -> ([%#sslice1] produces'0 self (Seq.empty : Seq.seq (borrowed t_T'0)) self) +end +module M_creusot_contracts__stdqy35z1__slice__qyi7128337469104663169__produces_trans [#"../../../creusot-contracts/src/std/slice.rs" 477 4 477 90] (* as std::iter::Iterator> *) + let%span sslice0 = "../../../creusot-contracts/src/std/slice.rs" 471 15 471 21 + let%span sslice1 = "../../../creusot-contracts/src/std/slice.rs" 472 15 472 21 + let%span sslice2 = "../../../creusot-contracts/src/std/slice.rs" 473 15 473 21 + let%span sslice3 = "../../../creusot-contracts/src/std/slice.rs" 474 15 474 32 + let%span sslice4 = "../../../creusot-contracts/src/std/slice.rs" 475 15 475 32 + let%span sslice5 = "../../../creusot-contracts/src/std/slice.rs" 476 14 476 42 + let%span sslice6 = "../../../creusot-contracts/src/std/slice.rs" 469 4 469 10 + let%span sslice7 = "../../../creusot-contracts/src/std/slice.rs" 459 12 459 66 + let%span sslice8 = "../../../creusot-contracts/src/std/slice.rs" 427 14 427 50 + let%span sslice9 = "../../../creusot-contracts/src/std/slice.rs" 87 14 87 41 + let%span sslice10 = "../../../creusot-contracts/src/std/slice.rs" 88 14 88 84 + let%span sslice11 = "../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 + let%span sslice12 = "../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 + let%span smodel13 = "../../../creusot-contracts/src/model.rs" 106 8 106 22 + let%span sops14 = "../../../creusot-contracts/src/logic/ops.rs" 44 8 44 31 - constant b : t_MapInv'0 + use prelude.prelude.Opaque - constant bc : Seq.seq t_B'0 + type t_NonNull'0 = + { t_NonNull__pointer'0: opaque_ptr } - constant c : t_MapInv'0 + type t_IterMut'0 = + { t_IterMut__ptr'0: t_NonNull'0; t_IterMut__end_or_len'0: opaque_ptr; t_IterMut__qy95zmarker'0: () } - function produces_trans'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 35 4 35 90] (a : t_MapInv'0) (ab : Seq.seq t_B'0) (b : t_MapInv'0) (bc : Seq.seq t_B'0) (c : t_MapInv'0) : () - + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_IterMut'0) - goal vc_produces_trans'0 : ([%#smap_inv4] produces'0 b bc c) - -> ([%#smap_inv3] produces'0 a ab b) - -> ([%#smap_inv2] inv'0 c) - -> ([%#smap_inv1] inv'0 b) -> ([%#smap_inv0] inv'0 a) -> ([%#smap_inv5] produces'0 a (Seq.(++) ab bc) c) -end -module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi5691635635396426195__resolve_coherence [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 69 4 69 31] (* as resolve::Resolve> *) - let%span smap_inv0 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 67 15 67 39 - let%span smap_inv1 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 68 14 68 31 - let%span smap_inv2 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 65 4 65 23 - let%span smap_inv3 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 62 8 62 50 + axiom inv_axiom'0 [@rewrite] : forall x : t_IterMut'0 [inv'0 x] . inv'0 x = true use prelude.prelude.Borrow - type t_I'0 - - type t_F'0 + type t_T'0 - type t_B'0 + use seq.Seq use seq.Seq - use prelude.prelude.Snapshot + use prelude.prelude.UIntSize - type t_MapInv'0 = - { t_MapInv__iter'0: t_I'0; t_MapInv__func'0: t_F'0; t_MapInv__produced'0: Snapshot.snap_ty (Seq.seq t_B'0) } + constant v_MAX'0 : usize = (18446744073709551615 : usize) - predicate resolve'1 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : Snapshot.snap_ty (Seq.seq t_B'0)) - = - true + use prelude.prelude.UIntSize - predicate resolve'2 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_F'0) + use prelude.prelude.Int - predicate resolve'3 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_I'0) + use prelude.prelude.Slice - predicate structural_resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 27 0 27 51] (_1 : t_MapInv'0) = - match _1 with - | {t_MapInv__iter'0 = x0 ; t_MapInv__func'0 = x1 ; t_MapInv__produced'0 = x2} -> resolve'1 x2 - /\ resolve'2 x1 /\ resolve'3 x0 - end + use prelude.prelude.Slice - predicate resolve'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 61 4 61 28] (self : t_MapInv'0) = - [%#smap_inv3] resolve'3 self.t_MapInv__iter'0 /\ resolve'2 self.t_MapInv__func'0 + use seq.Seq - constant self : t_MapInv'0 + function view'1 [#"../../../creusot-contracts/src/std/slice.rs" 30 4 30 33] (self : slice t_T'0) : Seq.seq t_T'0 - function resolve_coherence'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 69 4 69 31] (self : t_MapInv'0) : () + axiom view'1_spec : forall self : slice t_T'0 . ([%#sslice11] Seq.length (view'1 self) + <= UIntSize.to_int (v_MAX'0 : usize)) + && ([%#sslice12] view'1 self = Slice.id self) + + function view'0 [#"../../../creusot-contracts/src/std/slice.rs" 428 4 428 33] (self : t_IterMut'0) : borrowed (slice t_T'0) - goal vc_resolve_coherence'0 : ([%#smap_inv0] structural_resolve'0 self) -> ([%#smap_inv1] resolve'0 self) -end -module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi4413682431414748756__next [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 96 4 96 44] (* ::Item, F> as std::iter::Iterator> *) - let%span smap_inv0 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 97 39 97 58 - let%span smap_inv1 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 100 16 100 76 - let%span smap_inv2 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 101 31 101 71 - let%span smap_inv3 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 105 38 105 88 - let%span smap_inv4 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 106 32 106 63 - let%span smap_inv5 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 111 32 111 56 - let%span smap_inv6 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 96 17 96 21 - let%span smap_inv7 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 96 26 96 44 - let%span smap_inv8 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 92 14 95 5 - let%span siter9 = "../../../creusot-contracts/src/std/iter.rs" 107 26 110 17 - let%span sops10 = "../../../creusot-contracts/src/std/ops.rs" 158 27 158 52 - let%span sops11 = "../../../creusot-contracts/src/std/ops.rs" 159 26 159 71 - let%span smap_inv12 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 170 15 170 24 - let%span smap_inv13 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 171 15 171 21 - let%span smap_inv14 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 172 15 172 21 - let%span smap_inv15 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 173 15 173 21 - let%span smap_inv16 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 174 15 174 24 - let%span smap_inv17 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 175 4 175 60 - let%span smap_inv18 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 176 15 176 30 - let%span smap_inv19 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 177 15 177 64 - let%span smap_inv20 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 178 14 178 74 - let%span smap_inv21 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 179 14 179 75 - let%span smap_inv22 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 191 14 191 68 - let%span smap_inv23 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 194 12 199 74 - let%span smap_inv24 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 15 8 18 9 - let%span smap_inv25 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 130 14 130 81 - let%span smap_inv26 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 133 12 138 88 - let%span smap_inv27 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 123 12 125 63 - let%span smap_inv28 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 41 8 54 9 - let%span sresolve29 = "../../../creusot-contracts/src/resolve.rs" 54 20 54 34 - let%span smap_inv30 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 23 15 23 24 - let%span smap_inv31 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 24 14 24 45 - let%span smap_inv32 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 21 4 21 10 - let%span smap_inv33 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 29 15 29 21 - let%span smap_inv34 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 30 15 30 21 - let%span smap_inv35 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 31 15 31 21 - let%span smap_inv36 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 32 15 32 32 - let%span smap_inv37 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 33 15 33 32 - let%span smap_inv38 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 34 14 34 42 - let%span smap_inv39 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 27 4 27 10 - let%span siter40 = "../../../creusot-contracts/src/std/iter.rs" 38 15 38 24 - let%span siter41 = "../../../creusot-contracts/src/std/iter.rs" 39 14 39 45 - let%span siter42 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 21 - let%span siter43 = "../../../creusot-contracts/src/std/iter.rs" 44 15 44 21 - let%span siter44 = "../../../creusot-contracts/src/std/iter.rs" 45 15 45 21 - let%span siter45 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 - let%span siter46 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 - let%span siter47 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 - let%span sops48 = "../../../creusot-contracts/src/std/ops.rs" 105 15 105 59 - let%span sops49 = "../../../creusot-contracts/src/std/ops.rs" 106 14 106 36 - let%span sops50 = "../../../creusot-contracts/src/std/ops.rs" 111 14 111 31 - let%span sops51 = "../../../creusot-contracts/src/std/ops.rs" 116 15 116 29 - let%span sops52 = "../../../creusot-contracts/src/std/ops.rs" 117 15 117 26 - let%span sops53 = "../../../creusot-contracts/src/std/ops.rs" 118 14 118 28 - let%span sops54 = "../../../creusot-contracts/src/std/ops.rs" 123 14 124 105 - let%span smap_inv55 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 146 12 151 71 - let%span sinvariant56 = "../../../creusot-contracts/src/invariant.rs" 34 20 34 44 - let%span smap_inv57 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 80 12 82 73 - let%span smap_inv58 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 159 12 163 47 - let%span sseq59 = "../../../creusot-contracts/src/logic/seq.rs" 451 20 451 95 - let%span sboxed60 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 + axiom view'0_spec : forall self : t_IterMut'0 . [%#sslice8] Seq.length (view'1 (view'0 self).final) + = Seq.length (view'1 (view'0 self).current) - use prelude.prelude.Borrow + use seq.Seq - use prelude.prelude.Snapshot + function view'2 [#"../../../creusot-contracts/src/model.rs" 105 4 105 33] (self : borrowed (slice t_T'0)) : Seq.seq t_T'0 + + = + [%#smodel13] view'1 self.current - type t_I'0 + use seq.Seq - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) + use seq.Seq - type t_F'0 + function index_logic'0 [@inline:trivial] [#"../../../creusot-contracts/src/logic/ops.rs" 43 4 43 47] (self : slice t_T'0) (ix : int) : t_T'0 + + = + [%#sops14] Seq.get (view'1 self) ix - type t_Item'0 + function to_mut_seq'0 [#"../../../creusot-contracts/src/std/slice.rs" 90 4 90 43] (self : borrowed (slice t_T'0)) : Seq.seq (borrowed t_T'0) + - use seq.Seq + axiom to_mut_seq'0_spec : forall self : borrowed (slice t_T'0) . ([%#sslice9] Seq.length (to_mut_seq'0 self) + = Seq.length (view'2 self)) + && ([%#sslice10] forall i : int . 0 <= i /\ i < Seq.length (to_mut_seq'0 self) + -> Seq.get (to_mut_seq'0 self) i + = Borrow.borrow_logic (index_logic'0 self.current i) (index_logic'0 self.final i) (Borrow.inherit_id (Borrow.get_id self) i)) - use prelude.prelude.Snapshot + use seq.Seq - type t_MapInv'0 = - { t_MapInv__iter'0: t_I'0; t_MapInv__func'0: t_F'0; t_MapInv__produced'0: Snapshot.snap_ty (Seq.seq t_Item'0) } + predicate produces'0 [#"../../../creusot-contracts/src/std/slice.rs" 457 4 457 65] (self : t_IterMut'0) (visited : Seq.seq (borrowed t_T'0)) (tl : t_IterMut'0) + + = + [%#sslice7] to_mut_seq'0 (view'0 self) = Seq.(++) visited (to_mut_seq'0 (view'0 tl)) - predicate invariant'1 [#"../../../creusot-contracts/src/invariant.rs" 33 4 33 30] (self : borrowed t_I'0) = - [%#sinvariant56] inv'0 self.current /\ inv'0 self.final + constant a : t_IterMut'0 - predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : borrowed t_I'0) + constant ab : Seq.seq (borrowed t_T'0) - axiom inv_axiom'2 [@rewrite] : forall x : borrowed t_I'0 [inv'4 x] . inv'4 x = invariant'1 x + constant b : t_IterMut'0 - type t_Option'0 = - | C_None'0 - | C_Some'0 t_Item'0 + constant bc : Seq.seq (borrowed t_T'0) - predicate inv'10 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) + constant c : t_IterMut'0 - predicate inv'5 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Option'0) + function produces_trans'0 [#"../../../creusot-contracts/src/std/slice.rs" 477 4 477 90] (a : t_IterMut'0) (ab : Seq.seq (borrowed t_T'0)) (b : t_IterMut'0) (bc : Seq.seq (borrowed t_T'0)) (c : t_IterMut'0) : () + - axiom inv_axiom'3 [@rewrite] : forall x : t_Option'0 [inv'5 x] . inv'5 x - = match x with - | C_None'0 -> true - | C_Some'0 a_0 -> inv'10 a_0 - end + goal vc_produces_trans'0 : ([%#sslice4] produces'0 b bc c) + -> ([%#sslice3] produces'0 a ab b) + -> ([%#sslice2] inv'0 c) + -> ([%#sslice1] inv'0 b) -> ([%#sslice0] inv'0 a) -> ([%#sslice5] produces'0 a (Seq.(++) ab bc) c) +end +module M_creusot_contracts__stdqy35z1__vec__qyi12862303518309667396__produces_refl [#"../../../creusot-contracts/src/std/vec.rs" 271 4 271 26] (* as std::iter::Iterator> *) + let%span svec0 = "../../../creusot-contracts/src/std/vec.rs" 270 14 270 45 + let%span svec1 = "../../../creusot-contracts/src/std/vec.rs" 268 4 268 10 + let%span svec2 = "../../../creusot-contracts/src/std/vec.rs" 264 12 264 41 use seq.Seq + type t_T'0 + use seq.Seq - predicate produces'0 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - + use prelude.prelude.Opaque - function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - + type t_NonNull'0 = + { t_NonNull__pointer'0: opaque_ptr } - axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter42] inv'0 a) - -> ([%#siter43] inv'0 b) - -> ([%#siter44] inv'0 c) - -> ([%#siter45] produces'0 a ab b) - -> ([%#siter46] produces'0 b bc c) -> ([%#siter47] produces'0 a (Seq.(++) ab bc) c) + use prelude.prelude.UIntSize - function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 40 4 40 27] (self : t_I'0) : () + type t_A'0 - axiom produces_refl'1_spec : forall self : t_I'0 . ([%#siter40] inv'0 self) - -> ([%#siter41] produces'0 self (Seq.empty : Seq.seq t_Item'0) self) + type t_ManuallyDrop'0 = + { t_ManuallyDrop__value'0: t_A'0 } - predicate completed'1 [#"../../../creusot-contracts/src/std/iter.rs" 35 4 35 36] (self : borrowed t_I'0) + type t_IntoIter'0 = + { t_IntoIter__buf'0: t_NonNull'0; + t_IntoIter__phantom'0: (); + t_IntoIter__cap'0: usize; + t_IntoIter__alloc'0: t_ManuallyDrop'0; + t_IntoIter__ptr'0: t_NonNull'0; + t_IntoIter__end'0: opaque_ptr } + + function view'0 [#"../../../creusot-contracts/src/std/vec.rs" 234 4 234 33] (self : t_IntoIter'0) : Seq.seq t_T'0 use seq.Seq - let rec next'1 (self:borrowed t_I'0) (return' (ret:t_Option'0))= {[@expl:next 'self' type invariant] inv'4 self} - any - [ return' (result:t_Option'0)-> {inv'5 result} - {[%#siter9] match result with - | C_None'0 -> completed'1 self - | C_Some'0 v -> produces'0 self.current (Seq.singleton v) self.final - end} - (! return' {result}) ] + predicate produces'0 [#"../../../creusot-contracts/src/std/vec.rs" 262 4 262 57] (self : t_IntoIter'0) (visited : Seq.seq t_T'0) (rhs : t_IntoIter'0) + = + [%#svec2] view'0 self = Seq.(++) visited (view'0 rhs) - let rec v_Some'0 (input:t_Option'0) (ret (field_0:t_Item'0))= any - [ good (field_0:t_Item'0)-> {C_Some'0 field_0 = input} (! ret {field_0}) - | bad -> {forall field_0 : t_Item'0 [C_Some'0 field_0 : t_Option'0] . C_Some'0 field_0 <> input} (! {false} any) ] - + constant self : t_IntoIter'0 - predicate precondition'0 [#"../../../creusot-contracts/src/std/ops.rs" 73 4 73 45] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) - + function produces_refl'0 [#"../../../creusot-contracts/src/std/vec.rs" 271 4 271 26] (self : t_IntoIter'0) : () - use prelude.prelude.Snapshot + goal vc_produces_refl'0 : [%#svec0] produces'0 self (Seq.empty : Seq.seq t_T'0) self +end +module M_creusot_contracts__stdqy35z1__vec__qyi12862303518309667396__produces_trans [#"../../../creusot-contracts/src/std/vec.rs" 278 4 278 72] (* as std::iter::Iterator> *) + let%span svec0 = "../../../creusot-contracts/src/std/vec.rs" 275 15 275 32 + let%span svec1 = "../../../creusot-contracts/src/std/vec.rs" 276 15 276 32 + let%span svec2 = "../../../creusot-contracts/src/std/vec.rs" 277 14 277 42 + let%span svec3 = "../../../creusot-contracts/src/std/vec.rs" 273 4 273 10 + let%span svec4 = "../../../creusot-contracts/src/std/vec.rs" 264 12 264 41 - use seq.Seq + use prelude.prelude.Opaque - use prelude.prelude.Snapshot + type t_NonNull'0 = + { t_NonNull__pointer'0: opaque_ptr } - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_F'0) + use prelude.prelude.UIntSize - predicate invariant'2 [#"../../../creusot-contracts/src/invariant.rs" 33 4 33 30] (self : borrowed t_F'0) = - [%#sinvariant56] inv'1 self.current /\ inv'1 self.final + type t_A'0 - predicate inv'6 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : borrowed t_F'0) + type t_ManuallyDrop'0 = + { t_ManuallyDrop__value'0: t_A'0 } - axiom inv_axiom'4 [@rewrite] : forall x : borrowed t_F'0 [inv'6 x] . inv'6 x = invariant'2 x + type t_IntoIter'0 = + { t_IntoIter__buf'0: t_NonNull'0; + t_IntoIter__phantom'0: (); + t_IntoIter__cap'0: usize; + t_IntoIter__alloc'0: t_ManuallyDrop'0; + t_IntoIter__ptr'0: t_NonNull'0; + t_IntoIter__end'0: opaque_ptr } - predicate inv'7 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) - + type t_T'0 - axiom inv_axiom'5 [@rewrite] : forall x : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0)) [inv'7 x] . inv'7 x - = (let (x0, x1) = x in inv'10 x0) + use seq.Seq - type t_B'0 + function view'0 [#"../../../creusot-contracts/src/std/vec.rs" 234 4 234 33] (self : t_IntoIter'0) : Seq.seq t_T'0 - predicate inv'8 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_B'0) + use seq.Seq - predicate postcondition_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 81 4 81 73] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (result : t_B'0) + predicate produces'0 [#"../../../creusot-contracts/src/std/vec.rs" 262 4 262 57] (self : t_IntoIter'0) (visited : Seq.seq t_T'0) (rhs : t_IntoIter'0) + = + [%#svec4] view'0 self = Seq.(++) visited (view'0 rhs) - predicate resolve'2 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_F'0) + constant a : t_IntoIter'0 - predicate postcondition_mut'0 [#"../../../creusot-contracts/src/std/ops.rs" 91 4 91 92] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (result_state : t_F'0) (result : t_B'0) - + constant ab : Seq.seq t_T'0 - function fn_mut_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 125 4 125 55] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (res : t_B'0) : () - + constant b : t_IntoIter'0 - axiom fn_mut_once'0_spec : forall self : t_F'0, args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0)), res : t_B'0 . [%#sops54] postcondition_once'0 self args res - = (exists res_state : t_F'0 . postcondition_mut'0 self args res_state res /\ resolve'2 res_state) + constant bc : Seq.seq t_T'0 - predicate unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 99 4 99 36] (self : t_F'0) (_2 : t_F'0) + constant c : t_IntoIter'0 - function unnest_trans'0 [#"../../../creusot-contracts/src/std/ops.rs" 119 4 119 43] (self : t_F'0) (b : t_F'0) (c : t_F'0) : () + function produces_trans'0 [#"../../../creusot-contracts/src/std/vec.rs" 278 4 278 72] (a : t_IntoIter'0) (ab : Seq.seq t_T'0) (b : t_IntoIter'0) (bc : Seq.seq t_T'0) (c : t_IntoIter'0) : () - axiom unnest_trans'0_spec : forall self : t_F'0, b : t_F'0, c : t_F'0 . ([%#sops51] unnest'0 self b) - -> ([%#sops52] unnest'0 b c) -> ([%#sops53] unnest'0 self c) - - function unnest_refl'0 [#"../../../creusot-contracts/src/std/ops.rs" 112 4 112 24] (self : t_F'0) : () + goal vc_produces_trans'0 : ([%#svec1] produces'0 b bc c) + -> ([%#svec0] produces'0 a ab b) -> ([%#svec2] produces'0 a (Seq.(++) ab bc) c) +end +module M_creusot_contracts__num_rational__qyi7156484438548626841__cmp_le_log [#"../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 129 39 129 89 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 127 8 127 35 + let%span snum_rational2 = "../../../creusot-contracts/src/num_rational.rs" 29 4 29 12 - axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops50] unnest'0 self self + use prelude.prelude.Real - function postcondition_mut_unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 107 4 107 85] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (res_state : t_F'0) (res : t_B'0) : () - + use prelude.prelude.Real - axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0)), res_state : t_F'0, res : t_B'0 . ([%#sops48] postcondition_mut'0 self args res_state res) - -> ([%#sops49] unnest'0 self res_state) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - let rec call_mut'0 (self:borrowed t_F'0) (args:(t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (return' (ret:t_B'0))= {[@expl:call_mut 'self' type invariant] inv'6 self} - {[@expl:call_mut 'args' type invariant] inv'7 args} - {[@expl:call_mut requires] [%#sops10] precondition'0 self.current args} - any - [ return' (result:t_B'0)-> {inv'8 result} - {[%#sops11] postcondition_mut'0 self.current args self.final result} - (! return' {result}) ] - + use prelude.prelude.Real - predicate next_precondition'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 121 4 121 78] (iter : t_I'0) (func : t_F'0) (produced : Seq.seq t_Item'0) + function cmp_log'0 [#"../../../creusot-contracts/src/num_rational.rs" 31 4 31 41] (self : Real.real) (o : Real.real) : t_Ordering'0 = - [%#smap_inv27] forall e : t_Item'0, i : t_I'0 . inv'10 e /\ inv'0 i /\ produces'0 iter (Seq.singleton e) i - -> precondition'0 func (e, Snapshot.new produced) - - use prelude.prelude.Int - - use seq.Seq + [%#snum_rational2] if Real.(<) self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - use seq.Seq + constant x : Real.real - predicate invariant'6 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : t_Item'0) = - [%#sboxed60] inv'10 self + constant y : Real.real - predicate inv'13 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39] (x : Real.real) (y : Real.real) : () + - axiom inv_axiom'9 [@rewrite] : forall x : t_Item'0 [inv'13 x] . inv'13 x = invariant'6 x + goal vc_cmp_le_log'0 : [%#sord0] Real.(<=) x y = (cmp_log'0 x y <> C_Greater'0) +end +module M_creusot_contracts__num_rational__qyi7156484438548626841__cmp_lt_log [#"../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 134 39 134 86 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 132 8 132 35 + let%span snum_rational2 = "../../../creusot-contracts/src/num_rational.rs" 29 4 29 12 - predicate invariant'4 [#"../../../creusot-contracts/src/logic/seq.rs" 450 4 450 30] (self : Seq.seq t_Item'0) = - [%#sseq59] forall i : int . 0 <= i /\ i < Seq.length self -> inv'13 (Seq.get self i) + use prelude.prelude.Real - predicate inv'11 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t_Item'0) + use prelude.prelude.Real - axiom inv_axiom'7 [@rewrite] : forall x : Seq.seq t_Item'0 [inv'11 x] . inv'11 x = invariant'4 x + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate preservation'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 144 4 144 49] (iter : t_I'0) (func : t_F'0) + function cmp_log'0 [#"../../../creusot-contracts/src/num_rational.rs" 31 4 31 41] (self : Real.real) (o : Real.real) : t_Ordering'0 = - [%#smap_inv55] forall s : Seq.seq t_Item'0, e1 : t_Item'0, e2 : t_Item'0, f : borrowed t_F'0, b : t_B'0, i : t_I'0 . inv'11 s - /\ inv'10 e1 /\ inv'10 e2 /\ inv'6 f /\ inv'8 b /\ inv'0 i /\ unnest'0 func f.current - -> produces'0 iter (Seq.snoc (Seq.snoc s e1) e2) i - -> precondition'0 f.current (e1, Snapshot.new s) - -> postcondition_mut'0 f.current (e1, Snapshot.new s) f.final b - -> precondition'0 f.final (e2, Snapshot.new (Seq.snoc s e1)) + [%#snum_rational2] if Real.(<) self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - predicate reinitialize'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 157 4 157 33] (_1 : ()) = - [%#smap_inv58] forall iter : borrowed t_I'0, func : t_F'0 . inv'4 iter /\ inv'1 func - -> completed'1 iter - -> next_precondition'0 iter.final func (Seq.empty : Seq.seq t_Item'0) /\ preservation'0 iter.final func + constant x : Real.real - predicate preservation_inv'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 131 4 131 73] (iter : t_I'0) (func : t_F'0) (produced : Seq.seq t_Item'0) + constant y : Real.real + + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39] (x : Real.real) (y : Real.real) : () - = - [%#smap_inv26] forall s : Seq.seq t_Item'0, e1 : t_Item'0, e2 : t_Item'0, f : borrowed t_F'0, b : t_B'0, i : t_I'0 . inv'11 s - /\ inv'10 e1 /\ inv'10 e2 /\ inv'6 f /\ inv'8 b /\ inv'0 i /\ unnest'0 func f.current - -> produces'0 iter (Seq.snoc (Seq.snoc s e1) e2) i - -> precondition'0 f.current (e1, Snapshot.new (Seq.(++) produced s)) - -> postcondition_mut'0 f.current (e1, Snapshot.new (Seq.(++) produced s)) f.final b - -> precondition'0 f.final (e2, Snapshot.new (Seq.snoc (Seq.(++) produced s) e1)) - axiom preservation_inv'0_spec : forall iter : t_I'0, func : t_F'0, produced : Seq.seq t_Item'0 . [%#smap_inv25] produced - = (Seq.empty : Seq.seq t_Item'0) -> preservation_inv'0 iter func produced = preservation'0 iter func + goal vc_cmp_lt_log'0 : [%#sord0] Real.(<) x y = (cmp_log'0 x y = C_Less'0) +end +module M_creusot_contracts__num_rational__qyi7156484438548626841__cmp_ge_log [#"../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 139 39 139 86 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 137 8 137 35 + let%span snum_rational2 = "../../../creusot-contracts/src/num_rational.rs" 29 4 29 12 - predicate invariant'3 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 78 4 78 30] (self : t_MapInv'0) = - [%#smap_inv57] reinitialize'0 () - /\ preservation_inv'0 self.t_MapInv__iter'0 self.t_MapInv__func'0 (Snapshot.inner self.t_MapInv__produced'0) - /\ next_precondition'0 self.t_MapInv__iter'0 self.t_MapInv__func'0 (Snapshot.inner self.t_MapInv__produced'0) + use prelude.prelude.Real - predicate inv'9 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_MapInv'0) + use prelude.prelude.Real - axiom inv_axiom'6 [@rewrite] : forall x : t_MapInv'0 [inv'9 x] . inv'9 x - = (invariant'3 x - /\ match x with - | {t_MapInv__iter'0 = iter ; t_MapInv__func'0 = func ; t_MapInv__produced'0 = produced} -> inv'0 iter /\ inv'1 func - end) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function produces_one_invariant'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 180 4 180 73] (self : t_MapInv'0) (e : t_Item'0) (r : t_B'0) (f : borrowed t_F'0) (iter : t_I'0) : () + use prelude.prelude.Real + + function cmp_log'0 [#"../../../creusot-contracts/src/num_rational.rs" 31 4 31 41] (self : Real.real) (o : Real.real) : t_Ordering'0 + = + [%#snum_rational2] if Real.(<) self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - axiom produces_one_invariant'0_spec : forall self : t_MapInv'0, e : t_Item'0, r : t_B'0, f : borrowed t_F'0, iter : t_I'0 . ([%#smap_inv12] inv'9 self) - -> ([%#smap_inv13] inv'10 e) - -> ([%#smap_inv14] inv'8 r) - -> ([%#smap_inv15] inv'6 f) - -> ([%#smap_inv16] inv'0 iter) - -> ([%#smap_inv17] produces'0 self.t_MapInv__iter'0 (Seq.singleton e) iter) - -> ([%#smap_inv18] f.current = self.t_MapInv__func'0) - -> ([%#smap_inv19] postcondition_mut'0 f.current (e, self.t_MapInv__produced'0) f.final r) - -> ([%#smap_inv20] preservation_inv'0 iter f.final (Seq.snoc (Snapshot.inner self.t_MapInv__produced'0) e)) - && ([%#smap_inv21] next_precondition'0 iter f.final (Seq.snoc (Snapshot.inner self.t_MapInv__produced'0) e)) + constant x : Real.real - use prelude.prelude.Snapshot + constant y : Real.real - use prelude.prelude.Snapshot + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39] (x : Real.real) (y : Real.real) : () + - use seq.Seq + goal vc_cmp_ge_log'0 : [%#sord0] Real.(>=) x y = (cmp_log'0 x y <> C_Less'0) +end +module M_creusot_contracts__num_rational__qyi7156484438548626841__cmp_gt_log [#"../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 144 39 144 89 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 142 8 142 35 + let%span snum_rational2 = "../../../creusot-contracts/src/num_rational.rs" 29 4 29 12 - use seq.Seq + use prelude.prelude.Real - use seq.Seq + use prelude.prelude.Real - use seq.Seq + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - use seq.Seq + use prelude.prelude.Real - use seq.Seq + function cmp_log'0 [#"../../../creusot-contracts/src/num_rational.rs" 31 4 31 41] (self : Real.real) (o : Real.real) : t_Ordering'0 + + = + [%#snum_rational2] if Real.(<) self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - use seq.Seq + constant x : Real.real - predicate invariant'7 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : borrowed t_F'0) = - [%#sboxed60] inv'6 self + constant y : Real.real - predicate inv'14 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : borrowed t_F'0) + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39] (x : Real.real) (y : Real.real) : () + - axiom inv_axiom'10 [@rewrite] : forall x : borrowed t_F'0 [inv'14 x] . inv'14 x = invariant'7 x + goal vc_cmp_gt_log'0 : [%#sord0] Real.(>) x y = (cmp_log'0 x y = C_Greater'0) +end +module M_creusot_contracts__num_rational__qyi7156484438548626841__refl [#"../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 149 39 149 70 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 147 8 147 35 + let%span snum_rational2 = "../../../creusot-contracts/src/num_rational.rs" 29 4 29 12 - predicate invariant'5 [#"../../../creusot-contracts/src/logic/seq.rs" 450 4 450 30] (self : Seq.seq (borrowed t_F'0)) - = - [%#sseq59] forall i : int . 0 <= i /\ i < Seq.length self -> inv'14 (Seq.get self i) + use prelude.prelude.Real - predicate inv'12 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq (borrowed t_F'0)) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - axiom inv_axiom'8 [@rewrite] : forall x : Seq.seq (borrowed t_F'0) [inv'12 x] . inv'12 x = invariant'5 x + use prelude.prelude.Real - use seq.Seq + function cmp_log'0 [#"../../../creusot-contracts/src/num_rational.rs" 31 4 31 41] (self : Real.real) (o : Real.real) : t_Ordering'0 + + = + [%#snum_rational2] if Real.(<) self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - use prelude.prelude.Snapshot + constant x : Real.real - use seq.Seq + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24] (x : Real.real) : () - use seq.Seq + goal vc_refl'0 : [%#sord0] cmp_log'0 x x = C_Equal'0 +end +module M_creusot_contracts__num_rational__qyi7156484438548626841__trans [#"../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 154 40 154 57 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 155 40 155 57 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 156 39 156 56 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 152 8 152 35 + let%span snum_rational4 = "../../../creusot-contracts/src/num_rational.rs" 29 4 29 12 - use seq.Seq + use prelude.prelude.Real - use seq.Seq + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate produces'1 [@inline:trivial] [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 40 4 40 67] (self : t_MapInv'0) (visited : Seq.seq t_B'0) (succ : t_MapInv'0) + use prelude.prelude.Real + + function cmp_log'0 [#"../../../creusot-contracts/src/num_rational.rs" 31 4 31 41] (self : Real.real) (o : Real.real) : t_Ordering'0 = - [%#smap_inv28] unnest'0 self.t_MapInv__func'0 succ.t_MapInv__func'0 - /\ (exists fs : Seq.seq (borrowed t_F'0) . inv'12 fs - /\ Seq.length fs = Seq.length visited - /\ (exists s : Seq.seq t_Item'0 . inv'11 s - /\ Seq.length s = Seq.length visited - /\ produces'0 self.t_MapInv__iter'0 s succ.t_MapInv__iter'0 - /\ Snapshot.inner succ.t_MapInv__produced'0 = Seq.(++) (Snapshot.inner self.t_MapInv__produced'0) s - /\ (forall i : int . 1 <= i /\ i < Seq.length fs -> (Seq.get fs (i - 1)).final = (Seq.get fs i).current) - /\ (if Seq.length visited = 0 then - self.t_MapInv__func'0 = succ.t_MapInv__func'0 - else - (Seq.get fs 0).current = self.t_MapInv__func'0 - /\ (Seq.get fs (Seq.length visited - 1)).final = succ.t_MapInv__func'0 - ) - /\ (forall i : int . 0 <= i /\ i < Seq.length visited - -> unnest'0 self.t_MapInv__func'0 (Seq.get fs i).current - /\ precondition'0 (Seq.get fs i).current (Seq.get s i, Snapshot.new (Seq.(++) (Snapshot.inner self.t_MapInv__produced'0) (Seq.([..]) s 0 i))) - /\ postcondition_mut'0 (Seq.get fs i).current (Seq.get s i, Snapshot.new (Seq.(++) (Snapshot.inner self.t_MapInv__produced'0) (Seq.([..]) s 0 i))) (Seq.get fs i).final (Seq.get visited i)))) + [%#snum_rational4] if Real.(<) self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - function produces_trans'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 35 4 35 90] (a : t_MapInv'0) (ab : Seq.seq t_B'0) (b : t_MapInv'0) (bc : Seq.seq t_B'0) (c : t_MapInv'0) : () + constant x : Real.real + + constant y : Real.real + + constant z : Real.real + + constant o : t_Ordering'0 + + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56] (x : Real.real) (y : Real.real) (z : Real.real) (o : t_Ordering'0) : () - = - [%#smap_inv39] () - axiom produces_trans'0_spec : forall a : t_MapInv'0, ab : Seq.seq t_B'0, b : t_MapInv'0, bc : Seq.seq t_B'0, c : t_MapInv'0 . ([%#smap_inv33] inv'9 a) - -> ([%#smap_inv34] inv'9 b) - -> ([%#smap_inv35] inv'9 c) - -> ([%#smap_inv36] produces'1 a ab b) - -> ([%#smap_inv37] produces'1 b bc c) -> ([%#smap_inv38] produces'1 a (Seq.(++) ab bc) c) + goal vc_trans'0 : ([%#sord1] cmp_log'0 y z = o) -> ([%#sord0] cmp_log'0 x y = o) -> ([%#sord2] cmp_log'0 x z = o) +end +module M_creusot_contracts__num_rational__qyi7156484438548626841__antisym1 [#"../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 161 40 161 70 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 162 39 162 72 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 159 8 159 35 + let%span snum_rational3 = "../../../creusot-contracts/src/num_rational.rs" 29 4 29 12 - function produces_refl'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 25 4 25 26] (self : t_MapInv'0) : () = - [%#smap_inv32] () + use prelude.prelude.Real - axiom produces_refl'0_spec : forall self : t_MapInv'0 . ([%#smap_inv30] inv'9 self) - -> ([%#smap_inv31] produces'1 self (Seq.empty : Seq.seq t_B'0) self) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate produces_one'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 192 4 192 57] (self : t_MapInv'0) (visited : t_B'0) (succ : t_MapInv'0) + use prelude.prelude.Real + + function cmp_log'0 [#"../../../creusot-contracts/src/num_rational.rs" 31 4 31 41] (self : Real.real) (o : Real.real) : t_Ordering'0 = - [%#smap_inv23] exists f : borrowed t_F'0, e : t_Item'0 . inv'6 f - /\ inv'10 e - /\ f.current = self.t_MapInv__func'0 - /\ f.final = succ.t_MapInv__func'0 - /\ produces'0 self.t_MapInv__iter'0 (Seq.singleton e) succ.t_MapInv__iter'0 - /\ Snapshot.inner succ.t_MapInv__produced'0 = Seq.snoc (Snapshot.inner self.t_MapInv__produced'0) e - /\ precondition'0 f.current (e, self.t_MapInv__produced'0) - /\ postcondition_mut'0 f.current (e, self.t_MapInv__produced'0) f.final visited + [%#snum_rational3] if Real.(<) self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - axiom produces_one'0_spec : forall self : t_MapInv'0, visited : t_B'0, succ : t_MapInv'0 . [%#smap_inv22] produces_one'0 self visited succ - = produces'1 self (Seq.singleton visited) succ + constant x : Real.real - predicate invariant'0 [#"../../../creusot-contracts/src/invariant.rs" 33 4 33 30] (self : borrowed (t_MapInv'0)) = - [%#sinvariant56] inv'9 self.current /\ inv'9 self.final + constant y : Real.real - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : borrowed (t_MapInv'0)) + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37] (x : Real.real) (y : Real.real) : () - axiom inv_axiom'0 [@rewrite] : forall x : borrowed (t_MapInv'0) [inv'2 x] . inv'2 x = invariant'0 x + goal vc_antisym1'0 : ([%#sord0] cmp_log'0 x y = C_Less'0) -> ([%#sord1] cmp_log'0 y x = C_Greater'0) +end +module M_creusot_contracts__num_rational__qyi7156484438548626841__antisym2 [#"../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 167 40 167 73 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 168 39 168 69 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 165 8 165 35 + let%span snum_rational3 = "../../../creusot-contracts/src/num_rational.rs" 29 4 29 12 - predicate resolve'1 [#"../../../creusot-contracts/src/resolve.rs" 53 4 53 28] (self : borrowed (t_MapInv'0)) = - [%#sresolve29] self.final = self.current + use prelude.prelude.Real - predicate resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : borrowed (t_MapInv'0)) = - resolve'1 _1 + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - type t_Option'1 = - | C_None'1 - | C_Some'1 t_B'0 + use prelude.prelude.Real - use prelude.prelude.Intrinsic + function cmp_log'0 [#"../../../creusot-contracts/src/num_rational.rs" 31 4 31 41] (self : Real.real) (o : Real.real) : t_Ordering'0 + + = + [%#snum_rational3] if Real.(<) self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - use prelude.prelude.Snapshot + constant x : Real.real - use prelude.prelude.Snapshot + constant y : Real.real - predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Option'1) + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37] (x : Real.real) (y : Real.real) : () - axiom inv_axiom'1 [@rewrite] : forall x : t_Option'1 [inv'3 x] . inv'3 x - = match x with - | C_None'1 -> true - | C_Some'1 a_0 -> inv'8 a_0 - end + goal vc_antisym2'0 : ([%#sord0] cmp_log'0 x y = C_Greater'0) -> ([%#sord1] cmp_log'0 y x = C_Less'0) +end +module M_creusot_contracts__num_rational__qyi7156484438548626841__eq_cmp [#"../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 173 39 173 84 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 171 8 171 35 + let%span snum_rational2 = "../../../creusot-contracts/src/num_rational.rs" 29 4 29 12 - predicate completed'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 14 4 14 35] (self : borrowed (t_MapInv'0)) + use prelude.prelude.Real + + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 + + use prelude.prelude.Real + + function cmp_log'0 [#"../../../creusot-contracts/src/num_rational.rs" 31 4 31 41] (self : Real.real) (o : Real.real) : t_Ordering'0 = - [%#smap_inv24] Snapshot.inner (self.final).t_MapInv__produced'0 = (Seq.empty : Seq.seq t_Item'0) - /\ completed'1 (Borrow.borrow_logic (self.current).t_MapInv__iter'0 (self.final).t_MapInv__iter'0 (Borrow.inherit_id (Borrow.get_id self) 1)) - /\ (self.current).t_MapInv__func'0 = (self.final).t_MapInv__func'0 + [%#snum_rational2] if Real.(<) self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - meta "compute_max_steps" 1000000 + constant x : Real.real - let rec next'0 (self:borrowed (t_MapInv'0)) (return' (ret:t_Option'1))= {[@expl:next 'self' type invariant] [%#smap_inv6] inv'2 self} - (! bb0 - [ bb0 = s0 [ s0 = [ &old_self <- [%#smap_inv0] Snapshot.new self.current ] s1 | s1 = bb1 ] - | bb1 = s0 - [ s0 = {inv'0 (self.current).t_MapInv__iter'0} - Borrow.borrow_final {(self.current).t_MapInv__iter'0} {Borrow.inherit_id (Borrow.get_id self) 1} - (fun (_ret':borrowed t_I'0) -> - [ &_6 <- _ret' ] - -{inv'0 _ret'.final}- - [ &self <- { self with current = { self.current with t_MapInv__iter'0 = _ret'.final } } ] - s1) - | s1 = next'1 {_6} (fun (_ret':t_Option'0) -> [ &_5 <- _ret' ] s2) - | s2 = bb2 ] - - | bb2 = any [ br0 -> {_5 = C_None'0 } (! bb5) | br1 (x0:t_Item'0)-> {_5 = C_Some'0 x0} (! bb4) ] - | bb4 = bb6 - | bb6 = s0 - [ s0 = v_Some'0 {_5} (fun (r0'0:t_Item'0) -> [ &v <- r0'0 ] s1) - | s1 = {[@expl:assertion] [%#smap_inv1] precondition'0 (self.current).t_MapInv__func'0 (v, (self.current).t_MapInv__produced'0)} - s2 - | s2 = bb7 ] - - | bb7 = s0 - [ s0 = - [ &produced <- [%#smap_inv2] Snapshot.new (Seq.snoc (Snapshot.inner (self.current).t_MapInv__produced'0) v) ] - - s1 - | s1 = bb8 ] - - | bb8 = s0 - [ s0 = {inv'1 (self.current).t_MapInv__func'0} - Borrow.borrow_final {(self.current).t_MapInv__func'0} {Borrow.inherit_id (Borrow.get_id self) 2} - (fun (_ret':borrowed t_F'0) -> - [ &_14 <- _ret' ] - -{inv'1 _ret'.final}- - [ &self <- { self with current = { self.current with t_MapInv__func'0 = _ret'.final } } ] - s1) - | s1 = [ &_15 <- (v, (self.current).t_MapInv__produced'0) ] s2 - | s2 = call_mut'0 {_14} {_15} (fun (_ret':t_B'0) -> [ &r <- _ret' ] s3) - | s3 = bb9 ] - - | bb9 = bb10 - | bb10 = s0 - [ s0 = [ &self <- { self with current = { self.current with t_MapInv__produced'0 = produced } } ] s1 - | s1 = [ &_19 <- [%#smap_inv3] Snapshot.new (let _ = () in ()) ] s2 - | s2 = bb11 ] - - | bb11 = s0 - [ s0 = {[@expl:assertion] [%#smap_inv4] produces_one'0 (Snapshot.inner old_self) r self.current} s1 | s1 = bb12 ] - - | bb12 = s0 - [ s0 = {[@expl:type invariant] inv'2 self} s1 - | s1 = -{resolve'0 self}- s2 - | s2 = [ &_0 <- C_Some'1 r ] s3 - | s3 = bb13 ] - - | bb13 = bb14 - | bb14 = bb15 - | bb15 = bb17 - | bb5 = s0 [ s0 = [ &_24 <- [%#smap_inv5] Snapshot.new (Seq.empty : Seq.seq t_Item'0) ] s1 | s1 = bb16 ] - | bb16 = s0 - [ s0 = [ &self <- { self with current = { self.current with t_MapInv__produced'0 = _24 } } ] s1 - | s1 = {[@expl:type invariant] inv'2 self} s2 - | s2 = -{resolve'0 self}- s3 - | s3 = [ &_0 <- C_None'1 ] s4 - | s4 = bb17 ] - - | bb17 = bb18 - | bb18 = return' {_0} ] - ) - [ & _0 : t_Option'1 = any_l () - | & self : borrowed (t_MapInv'0) = self - | & old_self : Snapshot.snap_ty (t_MapInv'0) = any_l () - | & _5 : t_Option'0 = any_l () - | & _6 : borrowed t_I'0 = any_l () - | & v : t_Item'0 = any_l () - | & produced : Snapshot.snap_ty (Seq.seq t_Item'0) = any_l () - | & r : t_B'0 = any_l () - | & _14 : borrowed t_F'0 = any_l () - | & _15 : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0)) = any_l () - | & _19 : Snapshot.snap_ty () = any_l () - | & _24 : Snapshot.snap_ty (Seq.seq t_Item'0) = any_l () ] - - [ return' (result:t_Option'1)-> {[@expl:next result type invariant] [%#smap_inv7] inv'3 result} - {[@expl:next ensures] [%#smap_inv8] match result with - | C_None'1 -> completed'0 self - | C_Some'1 v -> produces_one'0 self.current v self.final - end} - (! return' {result}) ] - + constant y : Real.real + + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35] (x : Real.real) (y : Real.real) : () + + goal vc_eq_cmp'0 : [%#sord0] (x = y) = (cmp_log'0 x y = C_Equal'0) end -module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi4899712594723907874__preservation_inv [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 131 4 131 73] (* std::iter::map_inv::MapInv::Item, F> *) - let%span smap_inv0 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 130 14 130 81 - let%span smap_inv1 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 133 12 138 88 - let%span smap_inv2 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 146 12 151 71 - let%span sops3 = "../../../creusot-contracts/src/std/ops.rs" 105 15 105 59 - let%span sops4 = "../../../creusot-contracts/src/std/ops.rs" 106 14 106 36 - let%span sops5 = "../../../creusot-contracts/src/std/ops.rs" 111 14 111 31 - let%span sops6 = "../../../creusot-contracts/src/std/ops.rs" 116 15 116 29 - let%span sops7 = "../../../creusot-contracts/src/std/ops.rs" 117 15 117 26 - let%span sops8 = "../../../creusot-contracts/src/std/ops.rs" 118 14 118 28 - let%span sops9 = "../../../creusot-contracts/src/std/ops.rs" 123 14 124 105 - let%span siter10 = "../../../creusot-contracts/src/std/iter.rs" 38 15 38 24 - let%span siter11 = "../../../creusot-contracts/src/std/iter.rs" 39 14 39 45 - let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 21 - let%span siter13 = "../../../creusot-contracts/src/std/iter.rs" 44 15 44 21 - let%span siter14 = "../../../creusot-contracts/src/std/iter.rs" 45 15 45 21 - let%span siter15 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 - let%span siter16 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 - let%span siter17 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 - let%span sseq18 = "../../../creusot-contracts/src/logic/seq.rs" 451 20 451 95 - let%span sinvariant19 = "../../../creusot-contracts/src/invariant.rs" 34 20 34 44 - let%span sboxed20 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 +module M_creusot_contracts__ghost__qyi17645547594388049322__clone [#"../../../creusot-contracts/src/ghost.rs" 50 4 50 27] (* as std::clone::Clone> *) + let%span sghost0 = "../../../creusot-contracts/src/ghost.rs" 50 14 50 18 + let%span sghost1 = "../../../creusot-contracts/src/ghost.rs" 50 23 50 27 + let%span sghost2 = "../../../creusot-contracts/src/ghost.rs" 49 14 49 29 + let%span sclone3 = "../../../creusot-contracts/src/std/clone.rs" 7 0 20 1 + let%span sinvariant4 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 + let%span sboxed5 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 - use seq.Seq + type t_T'0 - type t_Item'0 + type t_GhostBox'0 = + { t_GhostBox__0'0: t_T'0 } - use seq.Seq + use prelude.prelude.Borrow - type t_I'0 + predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) - type t_F'0 + predicate invariant'2 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : t_T'0) = + [%#sboxed5] inv'4 self - use prelude.prelude.Borrow + predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) - type t_B'0 + axiom inv_axiom'3 [@rewrite] : forall x : t_T'0 [inv'3 x] . inv'3 x = invariant'2 x - use prelude.prelude.Int + predicate invariant'1 [#"../../../creusot-contracts/src/invariant.rs" 23 4 23 30] (self : t_T'0) = + [%#sinvariant4] inv'3 self - use seq.Seq + predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) - use seq.Seq + axiom inv_axiom'2 [@rewrite] : forall x : t_T'0 [inv'2 x] . inv'2 x = invariant'1 x - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) + let rec clone'1 (self:t_T'0) (return' (ret:t_T'0))= {[@expl:clone 'self' type invariant] inv'2 self} + any [ return' (result:t_T'0)-> {inv'3 result} {[%#sclone3] result = self} (! return' {result}) ] - predicate invariant'2 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : t_Item'0) = - [%#sboxed20] inv'1 self + use prelude.prelude.Intrinsic - predicate inv'5 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_GhostBox'0) + + axiom inv_axiom'1 [@rewrite] : forall x : t_GhostBox'0 [inv'1 x] . inv'1 x + = match x with + | {t_GhostBox__0'0 = a_0} -> inv'3 a_0 + end + + predicate invariant'0 [#"../../../creusot-contracts/src/invariant.rs" 23 4 23 30] (self : t_GhostBox'0) = + [%#sinvariant4] inv'1 self - axiom inv_axiom'2 [@rewrite] : forall x : t_Item'0 [inv'5 x] . inv'5 x = invariant'2 x + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_GhostBox'0) - predicate invariant'0 [#"../../../creusot-contracts/src/logic/seq.rs" 450 4 450 30] (self : Seq.seq t_Item'0) = - [%#sseq18] forall i : int . 0 <= i /\ i < Seq.length self -> inv'5 (Seq.get self i) + axiom inv_axiom'0 [@rewrite] : forall x : t_GhostBox'0 [inv'0 x] . inv'0 x = invariant'0 x - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t_Item'0) + meta "compute_max_steps" 1000000 - axiom inv_axiom'0 [@rewrite] : forall x : Seq.seq t_Item'0 [inv'0 x] . inv'0 x = invariant'0 x + let rec clone'0 (self:t_GhostBox'0) (return' (ret:t_GhostBox'0))= {[@expl:clone 'self' type invariant] [%#sghost0] inv'0 self} + (! bb0 + [ bb0 = s0 [ s0 = clone'1 {self.t_GhostBox__0'0} (fun (_ret':t_T'0) -> [ &_3 <- _ret' ] s1) | s1 = bb1 ] + | bb1 = s0 [ s0 = [ &_0 <- { t_GhostBox__0'0 = _3 } ] s1 | s1 = bb2 ] + | bb2 = return' {_0} ] + ) [ & _0 : t_GhostBox'0 = any_l () | & self : t_GhostBox'0 = self | & _3 : t_T'0 = any_l () ] + [ return' (result:t_GhostBox'0)-> {[@expl:clone result type invariant] [%#sghost1] inv'1 result} + {[@expl:clone ensures] [%#sghost2] result = self} + (! return' {result}) ] + +end +module M_creusot_contracts__ghost__qyi1862168959261460300__deref [#"../../../creusot-contracts/src/ghost.rs" 69 4 69 36] (* as std::ops::Deref> *) + let%span sghost0 = "../../../creusot-contracts/src/ghost.rs" 69 14 69 18 + let%span sghost1 = "../../../creusot-contracts/src/ghost.rs" 69 23 69 36 + let%span sghost2 = "../../../creusot-contracts/src/ghost.rs" 68 14 68 35 + let%span sinvariant3 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 + let%span sboxed4 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 - predicate inv'6 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_F'0) + type t_T'0 - predicate invariant'1 [#"../../../creusot-contracts/src/invariant.rs" 33 4 33 30] (self : borrowed t_F'0) = - [%#sinvariant19] inv'6 self.current /\ inv'6 self.final + type t_GhostBox'0 = + { t_GhostBox__0'0: t_T'0 } - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : borrowed t_F'0) + use prelude.prelude.Borrow - axiom inv_axiom'1 [@rewrite] : forall x : borrowed t_F'0 [inv'2 x] . inv'2 x = invariant'1 x + use prelude.prelude.Intrinsic - predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_B'0) + predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) - predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) + predicate invariant'2 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : t_T'0) = + [%#sboxed4] inv'3 self - use prelude.prelude.Snapshot + predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) - predicate postcondition_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 81 4 81 73] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (result : t_B'0) - + axiom inv_axiom'3 [@rewrite] : forall x : t_T'0 [inv'4 x] . inv'4 x = invariant'2 x - predicate resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_F'0) + predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_GhostBox'0) - predicate postcondition_mut'0 [#"../../../creusot-contracts/src/std/ops.rs" 91 4 91 92] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (result_state : t_F'0) (result : t_B'0) - + axiom inv_axiom'2 [@rewrite] : forall x : t_GhostBox'0 [inv'2 x] . inv'2 x + = match x with + | {t_GhostBox__0'0 = a_0} -> inv'4 a_0 + end - function fn_mut_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 125 4 125 55] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (res : t_B'0) : () - + predicate invariant'0 [#"../../../creusot-contracts/src/invariant.rs" 23 4 23 30] (self : t_GhostBox'0) = + [%#sinvariant3] inv'2 self - axiom fn_mut_once'0_spec : forall self : t_F'0, args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0)), res : t_B'0 . [%#sops9] postcondition_once'0 self args res - = (exists res_state : t_F'0 . postcondition_mut'0 self args res_state res /\ resolve'0 res_state) + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_GhostBox'0) - predicate unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 99 4 99 36] (self : t_F'0) (_2 : t_F'0) + axiom inv_axiom'0 [@rewrite] : forall x : t_GhostBox'0 [inv'0 x] . inv'0 x = invariant'0 x - function unnest_trans'0 [#"../../../creusot-contracts/src/std/ops.rs" 119 4 119 43] (self : t_F'0) (b : t_F'0) (c : t_F'0) : () - + predicate invariant'1 [#"../../../creusot-contracts/src/invariant.rs" 23 4 23 30] (self : t_T'0) = + [%#sinvariant3] inv'3 self - axiom unnest_trans'0_spec : forall self : t_F'0, b : t_F'0, c : t_F'0 . ([%#sops6] unnest'0 self b) - -> ([%#sops7] unnest'0 b c) -> ([%#sops8] unnest'0 self c) + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) - function unnest_refl'0 [#"../../../creusot-contracts/src/std/ops.rs" 112 4 112 24] (self : t_F'0) : () + axiom inv_axiom'1 [@rewrite] : forall x : t_T'0 [inv'1 x] . inv'1 x = invariant'1 x - axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops5] unnest'0 self self + meta "compute_max_steps" 1000000 - function postcondition_mut_unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 107 4 107 85] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (res_state : t_F'0) (res : t_B'0) : () + let rec deref'0 (self:t_GhostBox'0) (return' (ret:t_T'0))= {[@expl:deref 'self' type invariant] [%#sghost0] inv'0 self} + (! bb0 + [ bb0 = s0 + [ s0 = [ &_5 <- self.t_GhostBox__0'0 ] s1 + | s1 = [ &_4 <- _5 ] s2 + | s2 = [ &_2 <- _4 ] s3 + | s3 = [ &_0 <- _2 ] s4 + | s4 = return' {_0} ] + ] + ) + [ & _0 : t_T'0 = any_l () + | & self : t_GhostBox'0 = self + | & _2 : t_T'0 = any_l () + | & _4 : t_T'0 = any_l () + | & _5 : t_T'0 = any_l () ] + + [ return' (result:t_T'0)-> {[@expl:deref result type invariant] [%#sghost1] inv'1 result} + {[@expl:deref ensures] [%#sghost2] self.t_GhostBox__0'0 = result} + (! return' {result}) ] +end +module M_creusot_contracts__ghost__qyi17214052996668775070__deref_mut [#"../../../creusot-contracts/src/ghost.rs" 85 4 85 48] (* as std::ops::DerefMut> *) + let%span sghost0 = "../../../creusot-contracts/src/ghost.rs" 85 22 85 26 + let%span sghost1 = "../../../creusot-contracts/src/ghost.rs" 85 31 85 48 + let%span sghost2 = "../../../creusot-contracts/src/ghost.rs" 84 14 84 36 + let%span sresolve3 = "../../../creusot-contracts/src/resolve.rs" 54 20 54 34 + let%span sinvariant4 = "../../../creusot-contracts/src/invariant.rs" 34 20 34 44 + let%span sboxed5 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 - axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0)), res_state : t_F'0, res : t_B'0 . ([%#sops3] postcondition_mut'0 self args res_state res) - -> ([%#sops4] unnest'0 self res_state) + use prelude.prelude.Borrow - use seq.Seq + type t_T'0 - use seq.Seq + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) - predicate produces'0 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - + type t_GhostBox'0 = + { t_GhostBox__0'0: t_T'0 } - function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - + predicate invariant'0 [#"../../../creusot-contracts/src/invariant.rs" 33 4 33 30] (self : borrowed t_T'0) = + [%#sinvariant4] inv'0 self.current /\ inv'0 self.final - axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter12] inv'4 a) - -> ([%#siter13] inv'4 b) - -> ([%#siter14] inv'4 c) - -> ([%#siter15] produces'0 a ab b) - -> ([%#siter16] produces'0 b bc c) -> ([%#siter17] produces'0 a (Seq.(++) ab bc) c) + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : borrowed t_T'0) - function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 40 4 40 27] (self : t_I'0) : () + axiom inv_axiom'0 [@rewrite] : forall x : borrowed t_T'0 [inv'1 x] . inv'1 x = invariant'0 x - axiom produces_refl'0_spec : forall self : t_I'0 . ([%#siter10] inv'4 self) - -> ([%#siter11] produces'0 self (Seq.empty : Seq.seq t_Item'0) self) + predicate resolve'2 [#"../../../creusot-contracts/src/resolve.rs" 53 4 53 28] (self : borrowed t_T'0) = + [%#sresolve3] self.final = self.current - use prelude.prelude.Snapshot + predicate resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : borrowed t_T'0) = + resolve'2 _1 - predicate precondition'0 [#"../../../creusot-contracts/src/std/ops.rs" 73 4 73 45] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) - + predicate invariant'2 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : t_T'0) = + [%#sboxed5] inv'0 self - predicate preservation'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 144 4 144 49] (iter : t_I'0) (func : t_F'0) - - = - [%#smap_inv2] forall s : Seq.seq t_Item'0, e1 : t_Item'0, e2 : t_Item'0, f : borrowed t_F'0, b : t_B'0, i : t_I'0 . inv'0 s - /\ inv'1 e1 /\ inv'1 e2 /\ inv'2 f /\ inv'3 b /\ inv'4 i /\ unnest'0 func f.current - -> produces'0 iter (Seq.snoc (Seq.snoc s e1) e2) i - -> precondition'0 f.current (e1, Snapshot.new s) - -> postcondition_mut'0 f.current (e1, Snapshot.new s) f.final b - -> precondition'0 f.final (e2, Snapshot.new (Seq.snoc s e1)) + predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) - constant iter : t_I'0 + axiom inv_axiom'3 [@rewrite] : forall x : t_T'0 [inv'4 x] . inv'4 x = invariant'2 x - constant func : t_F'0 + predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_GhostBox'0) - constant produced : Seq.seq t_Item'0 + axiom inv_axiom'2 [@rewrite] : forall x : t_GhostBox'0 [inv'3 x] . inv'3 x + = match x with + | {t_GhostBox__0'0 = a_0} -> inv'4 a_0 + end - predicate preservation_inv'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 131 4 131 73] (iter : t_I'0) (func : t_F'0) (produced : Seq.seq t_Item'0) - + predicate invariant'1 [#"../../../creusot-contracts/src/invariant.rs" 33 4 33 30] (self : borrowed (t_GhostBox'0)) = + [%#sinvariant4] inv'3 self.current /\ inv'3 self.final - goal vc_preservation_inv'0 : [%#smap_inv0] produced = (Seq.empty : Seq.seq t_Item'0) - -> ([%#smap_inv1] forall s : Seq.seq t_Item'0, e1 : t_Item'0, e2 : t_Item'0, f : borrowed t_F'0, b : t_B'0, i : t_I'0 . inv'0 s - /\ inv'1 e1 /\ inv'1 e2 /\ inv'2 f /\ inv'3 b /\ inv'4 i /\ unnest'0 func f.current - -> produces'0 iter (Seq.snoc (Seq.snoc s e1) e2) i - -> precondition'0 f.current (e1, Snapshot.new (Seq.(++) produced s)) - -> postcondition_mut'0 f.current (e1, Snapshot.new (Seq.(++) produced s)) f.final b - -> precondition'0 f.final (e2, Snapshot.new (Seq.snoc (Seq.(++) produced s) e1))) - = preservation'0 iter func -end -module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi4899712594723907874__produces_one [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 192 4 192 57] (* std::iter::map_inv::MapInv::Item, F> *) - let%span smap_inv0 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 191 14 191 68 - let%span smap_inv1 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 194 12 199 74 - let%span smap_inv2 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 41 8 54 9 - let%span smap_inv3 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 23 15 23 24 - let%span smap_inv4 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 24 14 24 45 - let%span smap_inv5 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 21 4 21 10 - let%span smap_inv6 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 29 15 29 21 - let%span smap_inv7 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 30 15 30 21 - let%span smap_inv8 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 31 15 31 21 - let%span smap_inv9 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 32 15 32 32 - let%span smap_inv10 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 33 15 33 32 - let%span smap_inv11 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 34 14 34 42 - let%span smap_inv12 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 27 4 27 10 - let%span siter13 = "../../../creusot-contracts/src/std/iter.rs" 38 15 38 24 - let%span siter14 = "../../../creusot-contracts/src/std/iter.rs" 39 14 39 45 - let%span siter15 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 21 - let%span siter16 = "../../../creusot-contracts/src/std/iter.rs" 44 15 44 21 - let%span siter17 = "../../../creusot-contracts/src/std/iter.rs" 45 15 45 21 - let%span siter18 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 - let%span siter19 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 - let%span siter20 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 - let%span sops21 = "../../../creusot-contracts/src/std/ops.rs" 105 15 105 59 - let%span sops22 = "../../../creusot-contracts/src/std/ops.rs" 106 14 106 36 - let%span sops23 = "../../../creusot-contracts/src/std/ops.rs" 111 14 111 31 - let%span sops24 = "../../../creusot-contracts/src/std/ops.rs" 116 15 116 29 - let%span sops25 = "../../../creusot-contracts/src/std/ops.rs" 117 15 117 26 - let%span sops26 = "../../../creusot-contracts/src/std/ops.rs" 118 14 118 28 - let%span sops27 = "../../../creusot-contracts/src/std/ops.rs" 123 14 124 105 - let%span sinvariant28 = "../../../creusot-contracts/src/invariant.rs" 34 20 34 44 - let%span sseq29 = "../../../creusot-contracts/src/logic/seq.rs" 451 20 451 95 - let%span smap_inv30 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 80 12 82 73 - let%span smap_inv31 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 159 12 163 47 - let%span smap_inv32 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 130 14 130 81 - let%span smap_inv33 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 133 12 138 88 - let%span smap_inv34 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 123 12 125 63 - let%span smap_inv35 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 146 12 151 71 - let%span sboxed36 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 + predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : borrowed (t_GhostBox'0)) - use seq.Seq + axiom inv_axiom'1 [@rewrite] : forall x : borrowed (t_GhostBox'0) [inv'2 x] . inv'2 x = invariant'1 x - type t_I'0 + predicate resolve'3 [#"../../../creusot-contracts/src/resolve.rs" 53 4 53 28] (self : borrowed (t_GhostBox'0)) = + [%#sresolve3] self.final = self.current - type t_F'0 + predicate resolve'1 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : borrowed (t_GhostBox'0)) = + resolve'3 _1 - type t_Item'0 + use prelude.prelude.Intrinsic - use seq.Seq + meta "compute_max_steps" 1000000 + + let rec deref_mut'0 (self:borrowed (t_GhostBox'0)) (return' (ret:borrowed t_T'0))= {[@expl:deref_mut 'self' type invariant] [%#sghost0] inv'2 self} + (! bb0 + [ bb0 = s0 + [ s0 = {inv'0 (self.current).t_GhostBox__0'0} + Borrow.borrow_final {(self.current).t_GhostBox__0'0} {Borrow.inherit_id (Borrow.get_id self) 1} + (fun (_ret':borrowed t_T'0) -> + [ &_5 <- _ret' ] + -{inv'0 _ret'.final}- + [ &self <- { self with current = { t_GhostBox__0'0 = _ret'.final } } ] + s1) + | s1 = {inv'0 _5.current} + Borrow.borrow_final {_5.current} {Borrow.get_id _5} + (fun (_ret':borrowed t_T'0) -> + [ &_4 <- _ret' ] + -{inv'0 _ret'.final}- + [ &_5 <- { _5 with current = _ret'.final } ] + s2) + | s2 = {inv'0 _4.current} + Borrow.borrow_final {_4.current} {Borrow.get_id _4} + (fun (_ret':borrowed t_T'0) -> + [ &_2 <- _ret' ] + -{inv'0 _ret'.final}- + [ &_4 <- { _4 with current = _ret'.final } ] + s3) + | s3 = {inv'0 _2.current} + Borrow.borrow_final {_2.current} {Borrow.get_id _2} + (fun (_ret':borrowed t_T'0) -> + [ &_0 <- _ret' ] + -{inv'0 _ret'.final}- + [ &_2 <- { _2 with current = _ret'.final } ] + s4) + | s4 = {[@expl:type invariant] inv'1 _5} s5 + | s5 = -{resolve'0 _5}- s6 + | s6 = {[@expl:type invariant] inv'1 _4} s7 + | s7 = -{resolve'0 _4}- s8 + | s8 = {[@expl:type invariant] inv'1 _2} s9 + | s9 = -{resolve'0 _2}- s10 + | s10 = {[@expl:type invariant] inv'2 self} s11 + | s11 = -{resolve'1 self}- s12 + | s12 = return' {_0} ] + ] + ) + [ & _0 : borrowed t_T'0 = any_l () + | & self : borrowed (t_GhostBox'0) = self + | & _2 : borrowed t_T'0 = any_l () + | & _4 : borrowed t_T'0 = any_l () + | & _5 : borrowed t_T'0 = any_l () ] + + [ return' (result:borrowed t_T'0)-> {[@expl:deref_mut result type invariant] [%#sghost1] inv'1 result} + {[@expl:deref_mut ensures] [%#sghost2] result + = Borrow.borrow_logic (self.current).t_GhostBox__0'0 (self.final).t_GhostBox__0'0 (Borrow.inherit_id (Borrow.get_id self) 1)} + (! return' {result}) ] + +end +module M_creusot_contracts__ghost__qyi2175792468772189056__borrow [#"../../../creusot-contracts/src/ghost.rs" 124 4 124 40] (* ghost::GhostBox *) + let%span sghost0 = "../../../creusot-contracts/src/ghost.rs" 124 19 124 23 + let%span sghost1 = "../../../creusot-contracts/src/ghost.rs" 124 28 124 40 + let%span sghost2 = "../../../creusot-contracts/src/ghost.rs" 123 14 123 35 + let%span sinvariant3 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 + let%span sboxed4 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 - use prelude.prelude.Snapshot + type t_T'0 - type t_MapInv'0 = - { t_MapInv__iter'0: t_I'0; t_MapInv__func'0: t_F'0; t_MapInv__produced'0: Snapshot.snap_ty (Seq.seq t_Item'0) } + type t_GhostBox'1 = + { t_GhostBox__0'0: t_T'0 } use prelude.prelude.Borrow - predicate inv'5 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) + type t_GhostBox'0 = + { t_GhostBox__0'1: t_T'0 } - predicate invariant'6 [#"../../../creusot-contracts/src/invariant.rs" 33 4 33 30] (self : borrowed t_I'0) = - [%#sinvariant28] inv'5 self.current /\ inv'5 self.final + use prelude.prelude.Intrinsic - predicate inv'9 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : borrowed t_I'0) + predicate inv'6 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) - axiom inv_axiom'6 [@rewrite] : forall x : borrowed t_I'0 [inv'9 x] . inv'9 x = invariant'6 x + predicate invariant'2 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : t_T'0) = + [%#sboxed4] inv'6 self - predicate inv'6 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_F'0) + predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) - use seq.Seq + axiom inv_axiom'4 [@rewrite] : forall x : t_T'0 [inv'4 x] . inv'4 x = invariant'2 x - use seq.Seq + predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_GhostBox'1) - predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - + axiom inv_axiom'3 [@rewrite] : forall x : t_GhostBox'1 [inv'3 x] . inv'3 x + = match x with + | {t_GhostBox__0'0 = a_0} -> inv'4 a_0 + end - function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - + predicate invariant'0 [#"../../../creusot-contracts/src/invariant.rs" 23 4 23 30] (self : t_GhostBox'1) = + [%#sinvariant3] inv'3 self - axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter15] inv'5 a) - -> ([%#siter16] inv'5 b) - -> ([%#siter17] inv'5 c) - -> ([%#siter18] produces'1 a ab b) - -> ([%#siter19] produces'1 b bc c) -> ([%#siter20] produces'1 a (Seq.(++) ab bc) c) + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_GhostBox'1) - function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 40 4 40 27] (self : t_I'0) : () + axiom inv_axiom'0 [@rewrite] : forall x : t_GhostBox'1 [inv'0 x] . inv'0 x = invariant'0 x - axiom produces_refl'1_spec : forall self : t_I'0 . ([%#siter13] inv'5 self) - -> ([%#siter14] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) + predicate invariant'3 [#"../../../creusot-contracts/src/invariant.rs" 23 4 23 30] (self : t_T'0) = + [%#sinvariant3] inv'6 self - predicate completed'0 [#"../../../creusot-contracts/src/std/iter.rs" 35 4 35 36] (self : borrowed t_I'0) + predicate inv'5 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) + axiom inv_axiom'5 [@rewrite] : forall x : t_T'0 [inv'5 x] . inv'5 x = invariant'3 x - use seq.Seq + predicate invariant'1 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : t_T'0) = + [%#sboxed4] inv'5 self - use prelude.prelude.Snapshot + predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) - predicate precondition'0 [#"../../../creusot-contracts/src/std/ops.rs" 73 4 73 45] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) - + axiom inv_axiom'2 [@rewrite] : forall x : t_T'0 [inv'2 x] . inv'2 x = invariant'1 x - predicate next_precondition'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 121 4 121 78] (iter : t_I'0) (func : t_F'0) (produced : Seq.seq t_Item'0) - - = - [%#smap_inv34] forall e : t_Item'0, i : t_I'0 . inv'1 e /\ inv'5 i /\ produces'1 iter (Seq.singleton e) i - -> precondition'0 func (e, Snapshot.new produced) + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_GhostBox'0) - type t_B'0 + axiom inv_axiom'1 [@rewrite] : forall x : t_GhostBox'0 [inv'1 x] . inv'1 x + = match x with + | {t_GhostBox__0'1 = a_0} -> inv'2 a_0 + end - use prelude.prelude.Int + meta "compute_max_steps" 1000000 - use seq.Seq + let rec borrow'0 (self:t_GhostBox'1) (return' (ret:t_GhostBox'0))= {[@expl:borrow 'self' type invariant] [%#sghost0] inv'0 self} + (! bb0 + [ bb0 = s0 [ s0 = [ &_5 <- self.t_GhostBox__0'0 ] s1 | s1 = bb1 ] + | bb1 = s0 [ s0 = [ &_0 <- { t_GhostBox__0'1 = _5 } ] s1 | s1 = bb2 ] + | bb2 = return' {_0} ] + ) [ & _0 : t_GhostBox'0 = any_l () | & self : t_GhostBox'1 = self | & _5 : t_T'0 = any_l () ] + [ return' (result:t_GhostBox'0)-> {[@expl:borrow result type invariant] [%#sghost1] inv'1 result} + {[@expl:borrow ensures] [%#sghost2] result.t_GhostBox__0'1 = self.t_GhostBox__0'0} + (! return' {result}) ] + +end +module M_creusot_contracts__ghost__qyi2175792468772189056__borrow_mut [#"../../../creusot-contracts/src/ghost.rs" 138 4 138 52] (* ghost::GhostBox *) + let%span sghost0 = "../../../creusot-contracts/src/ghost.rs" 138 27 138 31 + let%span sghost1 = "../../../creusot-contracts/src/ghost.rs" 138 36 138 52 + let%span sghost2 = "../../../creusot-contracts/src/ghost.rs" 137 14 137 39 + let%span sresolve3 = "../../../creusot-contracts/src/resolve.rs" 54 20 54 34 + let%span sinvariant4 = "../../../creusot-contracts/src/invariant.rs" 34 20 34 44 + let%span sboxed5 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 - use seq.Seq + use prelude.prelude.Borrow - predicate invariant'5 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : t_Item'0) = - [%#sboxed36] inv'1 self + type t_T'0 - predicate inv'8 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) - axiom inv_axiom'5 [@rewrite] : forall x : t_Item'0 [inv'8 x] . inv'8 x = invariant'5 x + type t_GhostBox'1 = + { t_GhostBox__0'0: t_T'0 } - predicate invariant'2 [#"../../../creusot-contracts/src/logic/seq.rs" 450 4 450 30] (self : Seq.seq t_Item'0) = - [%#sseq29] forall i : int . 0 <= i /\ i < Seq.length self -> inv'8 (Seq.get self i) + type t_GhostBox'0 = + { t_GhostBox__0'1: borrowed t_T'0 } - predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t_Item'0) + predicate invariant'0 [#"../../../creusot-contracts/src/invariant.rs" 33 4 33 30] (self : borrowed t_T'0) = + [%#sinvariant4] inv'0 self.current /\ inv'0 self.final - axiom inv_axiom'2 [@rewrite] : forall x : Seq.seq t_Item'0 [inv'3 x] . inv'3 x = invariant'2 x + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : borrowed t_T'0) - predicate invariant'0 [#"../../../creusot-contracts/src/invariant.rs" 33 4 33 30] (self : borrowed t_F'0) = - [%#sinvariant28] inv'6 self.current /\ inv'6 self.final + axiom inv_axiom'0 [@rewrite] : forall x : borrowed t_T'0 [inv'1 x] . inv'1 x = invariant'0 x - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : borrowed t_F'0) + predicate resolve'2 [#"../../../creusot-contracts/src/resolve.rs" 53 4 53 28] (self : borrowed t_T'0) = + [%#sresolve3] self.final = self.current - axiom inv_axiom'0 [@rewrite] : forall x : borrowed t_F'0 [inv'0 x] . inv'0 x = invariant'0 x + predicate resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : borrowed t_T'0) = + resolve'2 _1 - predicate inv'10 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_B'0) + predicate invariant'3 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : t_T'0) = + [%#sboxed5] inv'0 self - predicate postcondition_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 81 4 81 73] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (result : t_B'0) - + predicate inv'6 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) - predicate resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_F'0) + axiom inv_axiom'5 [@rewrite] : forall x : t_T'0 [inv'6 x] . inv'6 x = invariant'3 x - predicate postcondition_mut'0 [#"../../../creusot-contracts/src/std/ops.rs" 91 4 91 92] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (result_state : t_F'0) (result : t_B'0) - + predicate inv'5 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_GhostBox'1) - function fn_mut_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 125 4 125 55] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (res : t_B'0) : () - + axiom inv_axiom'4 [@rewrite] : forall x : t_GhostBox'1 [inv'5 x] . inv'5 x + = match x with + | {t_GhostBox__0'0 = a_0} -> inv'6 a_0 + end - axiom fn_mut_once'0_spec : forall self : t_F'0, args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0)), res : t_B'0 . [%#sops27] postcondition_once'0 self args res - = (exists res_state : t_F'0 . postcondition_mut'0 self args res_state res /\ resolve'0 res_state) + predicate invariant'1 [#"../../../creusot-contracts/src/invariant.rs" 33 4 33 30] (self : borrowed (t_GhostBox'1)) = + [%#sinvariant4] inv'5 self.current /\ inv'5 self.final - predicate unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 99 4 99 36] (self : t_F'0) (_2 : t_F'0) + predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : borrowed (t_GhostBox'1)) - function unnest_trans'0 [#"../../../creusot-contracts/src/std/ops.rs" 119 4 119 43] (self : t_F'0) (b : t_F'0) (c : t_F'0) : () - + axiom inv_axiom'1 [@rewrite] : forall x : borrowed (t_GhostBox'1) [inv'2 x] . inv'2 x = invariant'1 x - axiom unnest_trans'0_spec : forall self : t_F'0, b : t_F'0, c : t_F'0 . ([%#sops24] unnest'0 self b) - -> ([%#sops25] unnest'0 b c) -> ([%#sops26] unnest'0 self c) + predicate resolve'3 [#"../../../creusot-contracts/src/resolve.rs" 53 4 53 28] (self : borrowed (t_GhostBox'1)) = + [%#sresolve3] self.final = self.current - function unnest_refl'0 [#"../../../creusot-contracts/src/std/ops.rs" 112 4 112 24] (self : t_F'0) : () + predicate resolve'1 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : borrowed (t_GhostBox'1)) = + resolve'3 _1 - axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops23] unnest'0 self self + use prelude.prelude.Intrinsic - function postcondition_mut_unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 107 4 107 85] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (res_state : t_F'0) (res : t_B'0) : () - + predicate invariant'2 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : borrowed t_T'0) = + [%#sboxed5] inv'1 self - axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0)), res_state : t_F'0, res : t_B'0 . ([%#sops21] postcondition_mut'0 self args res_state res) - -> ([%#sops22] unnest'0 self res_state) + predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : borrowed t_T'0) - use seq.Seq + axiom inv_axiom'3 [@rewrite] : forall x : borrowed t_T'0 [inv'4 x] . inv'4 x = invariant'2 x - predicate preservation'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 144 4 144 49] (iter : t_I'0) (func : t_F'0) - - = - [%#smap_inv35] forall s : Seq.seq t_Item'0, e1 : t_Item'0, e2 : t_Item'0, f : borrowed t_F'0, b : t_B'0, i : t_I'0 . inv'3 s - /\ inv'1 e1 /\ inv'1 e2 /\ inv'0 f /\ inv'10 b /\ inv'5 i /\ unnest'0 func f.current - -> produces'1 iter (Seq.snoc (Seq.snoc s e1) e2) i - -> precondition'0 f.current (e1, Snapshot.new s) - -> postcondition_mut'0 f.current (e1, Snapshot.new s) f.final b - -> precondition'0 f.final (e2, Snapshot.new (Seq.snoc s e1)) + predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_GhostBox'0) - predicate reinitialize'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 157 4 157 33] (_1 : ()) = - [%#smap_inv31] forall iter : borrowed t_I'0, func : t_F'0 . inv'9 iter /\ inv'6 func - -> completed'0 iter - -> next_precondition'0 iter.final func (Seq.empty : Seq.seq t_Item'0) /\ preservation'0 iter.final func + axiom inv_axiom'2 [@rewrite] : forall x : t_GhostBox'0 [inv'3 x] . inv'3 x + = match x with + | {t_GhostBox__0'1 = a_0} -> inv'4 a_0 + end - use prelude.prelude.Snapshot + meta "compute_max_steps" 1000000 - predicate preservation_inv'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 131 4 131 73] (iter : t_I'0) (func : t_F'0) (produced : Seq.seq t_Item'0) + let rec borrow_mut'0 (self:borrowed (t_GhostBox'1)) (return' (ret:t_GhostBox'0))= {[@expl:borrow_mut 'self' type invariant] [%#sghost0] inv'2 self} + (! bb0 + [ bb0 = s0 + [ s0 = {inv'0 (self.current).t_GhostBox__0'0} + Borrow.borrow_final {(self.current).t_GhostBox__0'0} {Borrow.inherit_id (Borrow.get_id self) 1} + (fun (_ret':borrowed t_T'0) -> + [ &_5 <- _ret' ] + -{inv'0 _ret'.final}- + [ &self <- { self with current = { t_GhostBox__0'0 = _ret'.final } } ] + s1) + | s1 = {inv'0 _5.current} + Borrow.borrow_final {_5.current} {Borrow.get_id _5} + (fun (_ret':borrowed t_T'0) -> + [ &_4 <- _ret' ] + -{inv'0 _ret'.final}- + [ &_5 <- { _5 with current = _ret'.final } ] + s2) + | s2 = bb1 ] + + | bb1 = s0 [ s0 = [ &_0 <- { t_GhostBox__0'1 = _4 } ] s1 | s1 = bb2 ] + | bb2 = s0 + [ s0 = {[@expl:type invariant] inv'1 _5} s1 + | s1 = -{resolve'0 _5}- s2 + | s2 = {[@expl:type invariant] inv'2 self} s3 + | s3 = -{resolve'1 self}- s4 + | s4 = return' {_0} ] + ] + ) + [ & _0 : t_GhostBox'0 = any_l () + | & self : borrowed (t_GhostBox'1) = self + | & _4 : borrowed t_T'0 = any_l () + | & _5 : borrowed t_T'0 = any_l () ] - = - [%#smap_inv33] forall s : Seq.seq t_Item'0, e1 : t_Item'0, e2 : t_Item'0, f : borrowed t_F'0, b : t_B'0, i : t_I'0 . inv'3 s - /\ inv'1 e1 /\ inv'1 e2 /\ inv'0 f /\ inv'10 b /\ inv'5 i /\ unnest'0 func f.current - -> produces'1 iter (Seq.snoc (Seq.snoc s e1) e2) i - -> precondition'0 f.current (e1, Snapshot.new (Seq.(++) produced s)) - -> postcondition_mut'0 f.current (e1, Snapshot.new (Seq.(++) produced s)) f.final b - -> precondition'0 f.final (e2, Snapshot.new (Seq.snoc (Seq.(++) produced s) e1)) - - axiom preservation_inv'0_spec : forall iter : t_I'0, func : t_F'0, produced : Seq.seq t_Item'0 . [%#smap_inv32] produced - = (Seq.empty : Seq.seq t_Item'0) -> preservation_inv'0 iter func produced = preservation'0 iter func - - predicate invariant'3 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 78 4 78 30] (self : t_MapInv'0) = - [%#smap_inv30] reinitialize'0 () - /\ preservation_inv'0 self.t_MapInv__iter'0 self.t_MapInv__func'0 (Snapshot.inner self.t_MapInv__produced'0) - /\ next_precondition'0 self.t_MapInv__iter'0 self.t_MapInv__func'0 (Snapshot.inner self.t_MapInv__produced'0) - - predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_MapInv'0) - - axiom inv_axiom'3 [@rewrite] : forall x : t_MapInv'0 [inv'4 x] . inv'4 x - = (invariant'3 x - /\ match x with - | {t_MapInv__iter'0 = iter ; t_MapInv__func'0 = func ; t_MapInv__produced'0 = produced} -> inv'5 iter /\ inv'6 func - end) - - use seq.Seq - - use seq.Seq - - use seq.Seq - - use seq.Seq - - use seq.Seq - - use seq.Seq + [ return' (result:t_GhostBox'0)-> {[@expl:borrow_mut result type invariant] [%#sghost1] inv'3 result} + {[@expl:borrow_mut ensures] [%#sghost2] result.t_GhostBox__0'1 + = Borrow.borrow_logic (self.current).t_GhostBox__0'0 (self.final).t_GhostBox__0'0 (Borrow.inherit_id (Borrow.get_id self) 1)} + (! return' {result}) ] + +end +module M_creusot_contracts__ghost__qyi2175792468772189056__conjure [#"../../../creusot-contracts/src/ghost.rs" 155 4 155 28] (* ghost::GhostBox *) + let%span sghost0 = "../../../creusot-contracts/src/ghost.rs" 154 15 154 20 + let%span sghost1 = "../../../creusot-contracts/src/ghost.rs" 155 24 155 28 + let%span sboxed2 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 - predicate invariant'4 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : borrowed t_F'0) = - [%#sboxed36] inv'0 self + type t_T'0 - predicate inv'7 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : borrowed t_F'0) + type t_GhostBox'0 = + { t_GhostBox__0'0: t_T'0 } - axiom inv_axiom'4 [@rewrite] : forall x : borrowed t_F'0 [inv'7 x] . inv'7 x = invariant'4 x + predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) - predicate invariant'1 [#"../../../creusot-contracts/src/logic/seq.rs" 450 4 450 30] (self : Seq.seq (borrowed t_F'0)) - = - [%#sseq29] forall i : int . 0 <= i /\ i < Seq.length self -> inv'7 (Seq.get self i) + predicate invariant'0 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : t_T'0) = + [%#sboxed2] inv'2 self - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq (borrowed t_F'0)) + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) - axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq (borrowed t_F'0) [inv'2 x] . inv'2 x = invariant'1 x + axiom inv_axiom'1 [@rewrite] : forall x : t_T'0 [inv'1 x] . inv'1 x = invariant'0 x - use seq.Seq + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_GhostBox'0) - use prelude.prelude.Snapshot + axiom inv_axiom'0 [@rewrite] : forall x : t_GhostBox'0 [inv'0 x] . inv'0 x + = match x with + | {t_GhostBox__0'0 = a_0} -> inv'1 a_0 + end - use seq.Seq + meta "compute_max_steps" 1000000 - use seq.Seq + let rec conjure'0 (_1:()) (return' (ret:t_GhostBox'0))= {[@expl:conjure requires] [%#sghost0] false} + (! bb0 [ bb0 = bb1 | bb1 = bb1 [ bb1 = (! bb2) [ bb2 = bb1 ] ] ] ) + [ return' (result:t_GhostBox'0)-> {[@expl:conjure result type invariant] [%#sghost1] inv'0 result} + (! return' {result}) ] + +end +module M_creusot_contracts__ghost__qyi2175792468772189056__new [#"../../../creusot-contracts/src/ghost.rs" 181 4 181 28] (* ghost::GhostBox *) + let%span sghost0 = "../../../creusot-contracts/src/ghost.rs" 181 15 181 16 + let%span sghost1 = "../../../creusot-contracts/src/ghost.rs" 181 24 181 28 + let%span sghost2 = "../../../creusot-contracts/src/ghost.rs" 179 14 179 28 + let%span sboxed3 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 - use seq.Seq + type t_T'0 - use seq.Seq + type t_GhostBox'0 = + { t_GhostBox__0'0: t_T'0 } - predicate produces'0 [@inline:trivial] [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 40 4 40 67] (self : t_MapInv'0) (visited : Seq.seq t_B'0) (succ : t_MapInv'0) - - = - [%#smap_inv2] unnest'0 self.t_MapInv__func'0 succ.t_MapInv__func'0 - /\ (exists fs : Seq.seq (borrowed t_F'0) . inv'2 fs - /\ Seq.length fs = Seq.length visited - /\ (exists s : Seq.seq t_Item'0 . inv'3 s - /\ Seq.length s = Seq.length visited - /\ produces'1 self.t_MapInv__iter'0 s succ.t_MapInv__iter'0 - /\ Snapshot.inner succ.t_MapInv__produced'0 = Seq.(++) (Snapshot.inner self.t_MapInv__produced'0) s - /\ (forall i : int . 1 <= i /\ i < Seq.length fs -> (Seq.get fs (i - 1)).final = (Seq.get fs i).current) - /\ (if Seq.length visited = 0 then - self.t_MapInv__func'0 = succ.t_MapInv__func'0 - else - (Seq.get fs 0).current = self.t_MapInv__func'0 - /\ (Seq.get fs (Seq.length visited - 1)).final = succ.t_MapInv__func'0 - ) - /\ (forall i : int . 0 <= i /\ i < Seq.length visited - -> unnest'0 self.t_MapInv__func'0 (Seq.get fs i).current - /\ precondition'0 (Seq.get fs i).current (Seq.get s i, Snapshot.new (Seq.(++) (Snapshot.inner self.t_MapInv__produced'0) (Seq.([..]) s 0 i))) - /\ postcondition_mut'0 (Seq.get fs i).current (Seq.get s i, Snapshot.new (Seq.(++) (Snapshot.inner self.t_MapInv__produced'0) (Seq.([..]) s 0 i))) (Seq.get fs i).final (Seq.get visited i)))) + use prelude.prelude.Intrinsic - function produces_trans'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 35 4 35 90] (a : t_MapInv'0) (ab : Seq.seq t_B'0) (b : t_MapInv'0) (bc : Seq.seq t_B'0) (c : t_MapInv'0) : () - - = - [%#smap_inv12] () + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) - axiom produces_trans'0_spec : forall a : t_MapInv'0, ab : Seq.seq t_B'0, b : t_MapInv'0, bc : Seq.seq t_B'0, c : t_MapInv'0 . ([%#smap_inv6] inv'4 a) - -> ([%#smap_inv7] inv'4 b) - -> ([%#smap_inv8] inv'4 c) - -> ([%#smap_inv9] produces'0 a ab b) - -> ([%#smap_inv10] produces'0 b bc c) -> ([%#smap_inv11] produces'0 a (Seq.(++) ab bc) c) + predicate invariant'0 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : t_T'0) = + [%#sboxed3] inv'0 self - function produces_refl'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 25 4 25 26] (self : t_MapInv'0) : () = - [%#smap_inv5] () + predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) - axiom produces_refl'0_spec : forall self : t_MapInv'0 . ([%#smap_inv3] inv'4 self) - -> ([%#smap_inv4] produces'0 self (Seq.empty : Seq.seq t_B'0) self) + axiom inv_axiom'1 [@rewrite] : forall x : t_T'0 [inv'2 x] . inv'2 x = invariant'0 x - constant self : t_MapInv'0 + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_GhostBox'0) - constant visited : t_B'0 + axiom inv_axiom'0 [@rewrite] : forall x : t_GhostBox'0 [inv'1 x] . inv'1 x + = match x with + | {t_GhostBox__0'0 = a_0} -> inv'2 a_0 + end - constant succ : t_MapInv'0 + meta "compute_max_steps" 1000000 - predicate produces_one'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 192 4 192 57] (self : t_MapInv'0) (visited : t_B'0) (succ : t_MapInv'0) + let rec new'0 (x:t_T'0) (return' (ret:t_GhostBox'0))= {[@expl:new 'x' type invariant] [%#sghost0] inv'0 x} + (! bb0 + [ bb0 = bb1 + | bb1 = bb2 + | bb2 = s0 [ s0 = [ &_0 <- { t_GhostBox__0'0 = x } ] s1 | s1 = bb3 ] + | bb3 = bb4 + | bb4 = return' {_0} ] + ) [ & _0 : t_GhostBox'0 = any_l () | & x : t_T'0 = x ] + [ return' (result:t_GhostBox'0)-> {[@expl:new result type invariant] [%#sghost1] inv'1 result} + {[@expl:new ensures] [%#sghost2] result.t_GhostBox__0'0 = x} + (! return' {result}) ] - - goal vc_produces_one'0 : [%#smap_inv0] ([%#smap_inv1] exists f : borrowed t_F'0, e : t_Item'0 . inv'0 f - /\ inv'1 e - /\ f.current = self.t_MapInv__func'0 - /\ f.final = succ.t_MapInv__func'0 - /\ produces'1 self.t_MapInv__iter'0 (Seq.singleton e) succ.t_MapInv__iter'0 - /\ Snapshot.inner succ.t_MapInv__produced'0 = Seq.snoc (Snapshot.inner self.t_MapInv__produced'0) e - /\ precondition'0 f.current (e, self.t_MapInv__produced'0) - /\ postcondition_mut'0 f.current (e, self.t_MapInv__produced'0) f.final visited) - = produces'0 self (Seq.singleton visited) succ end -module M_creusot_contracts__stdqy35z1__iter__once__qyi8116812009287608646__produces_refl [#"../../../creusot-contracts/src/std/iter/once.rs" 33 4 33 26] (* as std::iter::Iterator> *) - let%span sonce0 = "../../../creusot-contracts/src/std/iter/once.rs" 31 15 31 24 - let%span sonce1 = "../../../creusot-contracts/src/std/iter/once.rs" 32 14 32 45 - let%span sonce2 = "../../../creusot-contracts/src/std/iter/once.rs" 29 4 29 10 - let%span sonce3 = "../../../creusot-contracts/src/std/iter/once.rs" 24 12 25 106 +module M_creusot_contracts__ghost__qyi2175792468772189056__into_inner [#"../../../creusot-contracts/src/ghost.rs" 199 4 199 32] (* ghost::GhostBox *) + let%span sghost0 = "../../../creusot-contracts/src/ghost.rs" 199 22 199 26 + let%span sghost1 = "../../../creusot-contracts/src/ghost.rs" 199 31 199 32 + let%span sghost2 = "../../../creusot-contracts/src/ghost.rs" 197 14 197 31 + let%span sboxed3 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 type t_T'0 - type t_Option'0 = - | C_None'0 - | C_Some'0 t_T'0 - - type t_Item'0 = - { t_Item__opt'0: t_Option'0 } - - type t_IntoIter'0 = - { t_IntoIter__inner'0: t_Item'0 } + type t_GhostBox'0 = + { t_GhostBox__0'0: t_T'0 } - type t_Once'0 = - { t_Once__inner'0: t_IntoIter'0 } + use prelude.prelude.Intrinsic predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) - predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Option'0) - - axiom inv_axiom'3 [@rewrite] : forall x : t_Option'0 [inv'4 x] . inv'4 x - = match x with - | C_None'0 -> true - | C_Some'0 a_0 -> inv'1 a_0 - end - - predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) - - axiom inv_axiom'2 [@rewrite] : forall x : t_Item'0 [inv'3 x] . inv'3 x - = match x with - | {t_Item__opt'0 = opt} -> inv'4 opt - end + predicate invariant'0 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : t_T'0) = + [%#sboxed3] inv'1 self - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_IntoIter'0) + predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) - axiom inv_axiom'1 [@rewrite] : forall x : t_IntoIter'0 [inv'2 x] . inv'2 x - = match x with - | {t_IntoIter__inner'0 = inner} -> inv'3 inner - end + axiom inv_axiom'1 [@rewrite] : forall x : t_T'0 [inv'2 x] . inv'2 x = invariant'0 x - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Once'0) + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_GhostBox'0) - axiom inv_axiom'0 [@rewrite] : forall x : t_Once'0 [inv'0 x] . inv'0 x + axiom inv_axiom'0 [@rewrite] : forall x : t_GhostBox'0 [inv'0 x] . inv'0 x = match x with - | {t_Once__inner'0 = inner} -> inv'2 inner + | {t_GhostBox__0'0 = a_0} -> inv'2 a_0 end - use seq.Seq - - use seq.Seq - - function view'0 [#"../../../creusot-contracts/src/std/iter/once.rs" 8 4 8 30] (self : t_Once'0) : t_Option'0 - - use seq.Seq + meta "compute_max_steps" 1000000 - predicate produces'0 [#"../../../creusot-contracts/src/std/iter/once.rs" 22 4 22 64] (self : t_Once'0) (visited : Seq.seq t_T'0) (o : t_Once'0) + let rec into_inner'0 (self:t_GhostBox'0) (return' (ret:t_T'0))= {[@expl:into_inner 'self' type invariant] [%#sghost0] inv'0 self} + (! bb0 [ bb0 = bb1 | bb1 = s0 [ s0 = [ &_0 <- self.t_GhostBox__0'0 ] s1 | s1 = bb2 ] | bb2 = return' {_0} ] ) + [ & _0 : t_T'0 = any_l () | & self : t_GhostBox'0 = self ] - = - [%#sonce3] visited = (Seq.empty : Seq.seq t_T'0) /\ self = o - \/ (exists e : t_T'0 . inv'1 e /\ view'0 self = C_Some'0 e /\ visited = Seq.singleton e /\ view'0 o = C_None'0) - - constant self : t_Once'0 + [ return' (result:t_T'0)-> {[@expl:into_inner result type invariant] [%#sghost1] inv'1 result} + {[@expl:into_inner ensures] [%#sghost2] result = self.t_GhostBox__0'0} + (! return' {result}) ] + +end +module M_creusot_contracts__logic__fmap__qyi9892930999379617882__subtract [#"../../../creusot-contracts/src/logic/fmap.rs" 203 4 203 46] (* logic::fmap::FMap *) + let%span sfmap0 = "../../../creusot-contracts/src/logic/fmap.rs" 195 15 195 33 + let%span sfmap1 = "../../../creusot-contracts/src/logic/fmap.rs" 196 14 196 36 + let%span sfmap2 = "../../../creusot-contracts/src/logic/fmap.rs" 197 14 197 46 + let%span sfmap3 = "../../../creusot-contracts/src/logic/fmap.rs" 198 14 202 5 + let%span sfmap4 = "../../../creusot-contracts/src/logic/fmap.rs" 180 14 184 5 + let%span sfmap5 = "../../../creusot-contracts/src/logic/fmap.rs" 204 8 204 33 + let%span sfmap6 = "../../../creusot-contracts/src/logic/fmap.rs" 154 12 154 89 + let%span sfmap7 = "../../../creusot-contracts/src/logic/fmap.rs" 146 19 146 71 + let%span sfmap8 = "../../../creusot-contracts/src/logic/fmap.rs" 163 15 163 35 + let%span sfmap9 = "../../../creusot-contracts/src/logic/fmap.rs" 164 14 170 5 + let%span sfmap10 = "../../../creusot-contracts/src/logic/fmap.rs" 171 14 171 54 + let%span sfmap11 = "../../../creusot-contracts/src/logic/fmap.rs" 214 14 214 38 + let%span sfmap12 = "../../../creusot-contracts/src/logic/fmap.rs" 215 14 215 83 + let%span sfmap13 = "../../../creusot-contracts/src/logic/fmap.rs" 217 8 217 35 + let%span sfmap14 = "../../../creusot-contracts/src/logic/fmap.rs" 103 8 103 26 + let%span sfmap15 = "../../../creusot-contracts/src/logic/fmap.rs" 132 8 132 35 + let%span sfmap16 = "../../../creusot-contracts/src/logic/fmap.rs" 48 14 48 25 + let%span sfmap17 = "../../../creusot-contracts/src/logic/fmap.rs" 58 14 58 86 - function produces_refl'0 [#"../../../creusot-contracts/src/std/iter/once.rs" 33 4 33 26] (self : t_Once'0) : () + type t_FMap'0 - goal vc_produces_refl'0 : ([%#sonce0] inv'0 self) -> ([%#sonce1] produces'0 self (Seq.empty : Seq.seq t_T'0) self) -end -module M_creusot_contracts__stdqy35z1__iter__once__qyi8116812009287608646__produces_trans [#"../../../creusot-contracts/src/std/iter/once.rs" 43 4 43 90] (* as std::iter::Iterator> *) - let%span sonce0 = "../../../creusot-contracts/src/std/iter/once.rs" 37 15 37 21 - let%span sonce1 = "../../../creusot-contracts/src/std/iter/once.rs" 38 15 38 21 - let%span sonce2 = "../../../creusot-contracts/src/std/iter/once.rs" 39 15 39 21 - let%span sonce3 = "../../../creusot-contracts/src/std/iter/once.rs" 40 15 40 32 - let%span sonce4 = "../../../creusot-contracts/src/std/iter/once.rs" 41 15 41 32 - let%span sonce5 = "../../../creusot-contracts/src/std/iter/once.rs" 42 14 42 42 - let%span sonce6 = "../../../creusot-contracts/src/std/iter/once.rs" 35 4 35 10 - let%span sonce7 = "../../../creusot-contracts/src/std/iter/once.rs" 24 12 25 106 + type t_K'0 - type t_T'0 + type t_V'0 type t_Option'0 = | C_None'0 - | C_Some'0 t_T'0 + | C_Some'0 t_V'0 - type t_Item'0 = - { t_Item__opt'0: t_Option'0 } + use map.Map - type t_IntoIter'0 = - { t_IntoIter__inner'0: t_Item'0 } + function view'0 [#"../../../creusot-contracts/src/logic/fmap.rs" 59 4 59 35] (self : t_FMap'0) : Map.map t_K'0 (t_Option'0) + - type t_Once'0 = - { t_Once__inner'0: t_IntoIter'0 } + axiom view'0_spec : forall self : t_FMap'0 . [%#sfmap17] forall m1 : t_FMap'0, m2 : t_FMap'0 . m1 <> m2 + -> view'0 m1 <> view'0 m2 - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) + use map.Map - predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Option'0) + function get_unsized'0 [@inline:trivial] [#"../../../creusot-contracts/src/logic/fmap.rs" 102 4 102 55] (self : t_FMap'0) (k : t_K'0) : t_Option'0 + + = + [%#sfmap14] Map.get (view'0 self) k - axiom inv_axiom'3 [@rewrite] : forall x : t_Option'0 [inv'4 x] . inv'4 x - = match x with - | C_None'0 -> true - | C_Some'0 a_0 -> inv'1 a_0 - end + function contains'0 [@inline:trivial] [#"../../../creusot-contracts/src/logic/fmap.rs" 131 4 131 39] (self : t_FMap'0) (k : t_K'0) : bool + + = + [%#sfmap15] get_unsized'0 self k <> C_None'0 - predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) + function subset'0 [#"../../../creusot-contracts/src/logic/fmap.rs" 152 4 152 44] (self : t_FMap'0) (other : t_FMap'0) : bool + + = + [%#sfmap6] forall k : t_K'0 . contains'0 self k -> get_unsized'0 other k = get_unsized'0 self k - axiom inv_axiom'2 [@rewrite] : forall x : t_Item'0 [inv'3 x] . inv'3 x - = match x with - | {t_Item__opt'0 = opt} -> inv'4 opt - end + function disjoint'0 [#"../../../creusot-contracts/src/logic/fmap.rs" 145 4 145 46] (self : t_FMap'0) (other : t_FMap'0) : bool + + = + [%#sfmap7] forall k : t_K'0 . not contains'0 self k \/ not contains'0 other k - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_IntoIter'0) + use prelude.prelude.Int - axiom inv_axiom'1 [@rewrite] : forall x : t_IntoIter'0 [inv'2 x] . inv'2 x - = match x with - | {t_IntoIter__inner'0 = inner} -> inv'3 inner - end + function len'0 [#"../../../creusot-contracts/src/logic/fmap.rs" 49 4 49 27] (self : t_FMap'0) : int - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Once'0) + axiom len'0_spec : forall self : t_FMap'0 . [%#sfmap16] len'0 self >= 0 + + function union'0 [#"../../../creusot-contracts/src/logic/fmap.rs" 172 4 172 43] (self : t_FMap'0) (other : t_FMap'0) : t_FMap'0 + + + axiom union'0_spec : forall self : t_FMap'0, other : t_FMap'0 . ([%#sfmap8] disjoint'0 self other) + -> ([%#sfmap9] forall k : t_K'0 . get_unsized'0 (union'0 self other) k + = (if contains'0 self k then + get_unsized'0 self k + else + if contains'0 other k then get_unsized'0 other k else C_None'0 + )) + && ([%#sfmap10] len'0 (union'0 self other) = len'0 self + len'0 other) + + function ext_eq'0 [#"../../../creusot-contracts/src/logic/fmap.rs" 216 4 216 44] (self : t_FMap'0) (other : t_FMap'0) : bool + + = + [%#sfmap13] view'0 self = view'0 other - axiom inv_axiom'0 [@rewrite] : forall x : t_Once'0 [inv'0 x] . inv'0 x - = match x with - | {t_Once__inner'0 = inner} -> inv'2 inner - end + axiom ext_eq'0_spec : forall self : t_FMap'0, other : t_FMap'0 . ([%#sfmap11] ext_eq'0 self other -> self = other) + && ([%#sfmap12] (forall k : t_K'0 . get_unsized'0 self k = get_unsized'0 other k) -> ext_eq'0 self other) - use seq.Seq + function subtract_keys'0 [#"../../../creusot-contracts/src/logic/fmap.rs" 185 4 185 51] (self : t_FMap'0) (other : t_FMap'0) : t_FMap'0 + - use seq.Seq + axiom subtract_keys'0_spec : forall self : t_FMap'0, other : t_FMap'0 . [%#sfmap4] forall k : t_K'0 . get_unsized'0 (subtract_keys'0 self other) k + = (if contains'0 other k then C_None'0 else get_unsized'0 self k) - function view'0 [#"../../../creusot-contracts/src/std/iter/once.rs" 8 4 8 30] (self : t_Once'0) : t_Option'0 + constant self : t_FMap'0 - use seq.Seq + constant other : t_FMap'0 - predicate produces'0 [#"../../../creusot-contracts/src/std/iter/once.rs" 22 4 22 64] (self : t_Once'0) (visited : Seq.seq t_T'0) (o : t_Once'0) + function subtract'0 [#"../../../creusot-contracts/src/logic/fmap.rs" 203 4 203 46] (self : t_FMap'0) (other : t_FMap'0) : t_FMap'0 - = - [%#sonce7] visited = (Seq.empty : Seq.seq t_T'0) /\ self = o - \/ (exists e : t_T'0 . inv'1 e /\ view'0 self = C_Some'0 e /\ visited = Seq.singleton e /\ view'0 o = C_None'0) - use seq.Seq + goal vc_subtract'0 : ([%#sfmap0] subset'0 other self) + -> ([%#sfmap4] forall k : t_K'0 . get_unsized'0 (subtract_keys'0 self other) k + = (if contains'0 other k then C_None'0 else get_unsized'0 self k)) + -> (let result = subtract_keys'0 self other in ([%#sfmap1] disjoint'0 result other) + && ([%#sfmap2] ext_eq'0 (union'0 other result) self) + && ([%#sfmap3] forall k : t_K'0 . get_unsized'0 result k + = (if contains'0 other k then C_None'0 else get_unsized'0 self k))) +end +module M_creusot_contracts__logic__fmap__qyi9892930999379617882__ext_eq [#"../../../creusot-contracts/src/logic/fmap.rs" 216 4 216 44] (* logic::fmap::FMap *) + let%span sfmap0 = "../../../creusot-contracts/src/logic/fmap.rs" 214 14 214 38 + let%span sfmap1 = "../../../creusot-contracts/src/logic/fmap.rs" 215 14 215 83 + let%span sfmap2 = "../../../creusot-contracts/src/logic/fmap.rs" 58 14 58 86 + let%span sfmap3 = "../../../creusot-contracts/src/logic/fmap.rs" 217 8 217 35 + let%span sfmap4 = "../../../creusot-contracts/src/logic/fmap.rs" 103 8 103 26 - constant a : t_Once'0 + type t_K'0 - constant ab : Seq.seq t_T'0 + type t_FMap'0 - constant b : t_Once'0 + type t_V'0 - constant bc : Seq.seq t_T'0 + type t_Option'0 = + | C_None'0 + | C_Some'0 t_V'0 - constant c : t_Once'0 + use map.Map - function produces_trans'0 [#"../../../creusot-contracts/src/std/iter/once.rs" 43 4 43 90] (a : t_Once'0) (ab : Seq.seq t_T'0) (b : t_Once'0) (bc : Seq.seq t_T'0) (c : t_Once'0) : () + function view'0 [#"../../../creusot-contracts/src/logic/fmap.rs" 59 4 59 35] (self : t_FMap'0) : Map.map t_K'0 (t_Option'0) - goal vc_produces_trans'0 : ([%#sonce4] produces'0 b bc c) - -> ([%#sonce3] produces'0 a ab b) - -> ([%#sonce2] inv'0 c) - -> ([%#sonce1] inv'0 b) -> ([%#sonce0] inv'0 a) -> ([%#sonce5] produces'0 a (Seq.(++) ab bc) c) -end -module M_creusot_contracts__stdqy35z1__iter__range__qyi16860283617022118777__produces_refl [#"../../../creusot-contracts/src/std/iter/range.rs" 35 4 35 26] (* as std::iter::Iterator> *) - let%span srange0 = "../../../creusot-contracts/src/std/iter/range.rs" 33 15 33 24 - let%span srange1 = "../../../creusot-contracts/src/std/iter/range.rs" 34 14 34 45 - let%span srange2 = "../../../creusot-contracts/src/std/iter/range.rs" 31 4 31 10 - let%span srange3 = "../../../creusot-contracts/src/std/iter/range.rs" 23 12 27 70 + axiom view'0_spec : forall self : t_FMap'0 . [%#sfmap2] forall m1 : t_FMap'0, m2 : t_FMap'0 . m1 <> m2 + -> view'0 m1 <> view'0 m2 - type t_Idx'0 + use map.Map - type t_Range'0 = - { t_Range__start'0: t_Idx'0; t_Range__end'0: t_Idx'0 } + function get_unsized'0 [@inline:trivial] [#"../../../creusot-contracts/src/logic/fmap.rs" 102 4 102 55] (self : t_FMap'0) (k : t_K'0) : t_Option'0 + + = + [%#sfmap4] Map.get (view'0 self) k - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Idx'0) + constant self : t_FMap'0 - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Range'0) + constant other : t_FMap'0 - axiom inv_axiom'0 [@rewrite] : forall x : t_Range'0 [inv'0 x] . inv'0 x - = match x with - | {t_Range__start'0 = start ; t_Range__end'0 = end'} -> inv'1 start /\ inv'1 end' - end + function ext_eq'0 [#"../../../creusot-contracts/src/logic/fmap.rs" 216 4 216 44] (self : t_FMap'0) (other : t_FMap'0) : bool + - use seq.Seq + goal vc_ext_eq'0 : ([%#sfmap2] forall m1 : t_FMap'0, m2 : t_FMap'0 . m1 <> m2 -> view'0 m1 <> view'0 m2) + -> ([%#sfmap2] forall m1 : t_FMap'0, m2 : t_FMap'0 . m1 <> m2 -> view'0 m1 <> view'0 m2) + -> (let result = view'0 self = view'0 other in ([%#sfmap0] result -> self = other) + && ([%#sfmap1] (forall k : t_K'0 . get_unsized'0 self k = get_unsized'0 other k) -> result)) +end +module M_creusot_contracts__logic__fmap__qyi9892930999379617882__contains_ghost [#"../../../creusot-contracts/src/logic/fmap.rs" 285 4 285 49] (* logic::fmap::FMap *) + let%span sfmap0 = "../../../creusot-contracts/src/logic/fmap.rs" 285 33 285 36 + let%span sfmap1 = "../../../creusot-contracts/src/logic/fmap.rs" 284 14 284 43 + let%span sfmap2 = "../../../creusot-contracts/src/logic/fmap.rs" 314 28 314 31 + let%span sfmap3 = "../../../creusot-contracts/src/logic/fmap.rs" 314 40 314 50 + let%span sfmap4 = "../../../creusot-contracts/src/logic/fmap.rs" 306 4 313 11 + let%span soption5 = "../../../creusot-contracts/src/std/option.rs" 36 26 36 51 + let%span sfmap6 = "../../../creusot-contracts/src/logic/fmap.rs" 132 8 132 35 + let%span sfmap7 = "../../../creusot-contracts/src/logic/fmap.rs" 124 8 124 35 + let%span sfmap8 = "../../../creusot-contracts/src/logic/fmap.rs" 103 8 103 26 + let%span sutil9 = "../../../creusot-contracts/src/util.rs" 43 11 43 21 + let%span sutil10 = "../../../creusot-contracts/src/util.rs" 44 10 44 28 + let%span sinvariant11 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 + let%span sfmap12 = "../../../creusot-contracts/src/logic/fmap.rs" 58 14 58 86 - use seq.Seq + use prelude.prelude.Borrow - use prelude.prelude.Int + type t_K'0 - function deep_model'0 [#"../../../creusot-contracts/src/model.rs" 25 4 25 45] (self : t_Idx'0) : int + predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_K'0) - use seq.Seq + predicate invariant'0 [#"../../../creusot-contracts/src/invariant.rs" 23 4 23 30] (self : t_K'0) = + [%#sinvariant11] inv'4 self - use seq.Seq + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_K'0) - predicate produces'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 21 4 21 64] (self : t_Range'0) (visited : Seq.seq t_Idx'0) (o : t_Range'0) - - = - [%#srange3] self.t_Range__end'0 = o.t_Range__end'0 - /\ deep_model'0 self.t_Range__start'0 <= deep_model'0 o.t_Range__start'0 - /\ (Seq.length visited > 0 -> deep_model'0 o.t_Range__start'0 <= deep_model'0 o.t_Range__end'0) - /\ Seq.length visited = deep_model'0 o.t_Range__start'0 - deep_model'0 self.t_Range__start'0 - /\ (forall i : int . 0 <= i /\ i < Seq.length visited - -> deep_model'0 (Seq.get visited i) = deep_model'0 self.t_Range__start'0 + i) + axiom inv_axiom'0 [@rewrite] : forall x : t_K'0 [inv'0 x] . inv'0 x = invariant'0 x - constant self : t_Range'0 + type t_V'0 - function produces_refl'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 35 4 35 26] (self : t_Range'0) : () + type t_Option'0 = + | C_None'0 + | C_Some'0 t_V'0 - goal vc_produces_refl'0 : ([%#srange0] inv'0 self) - -> ([%#srange1] produces'0 self (Seq.empty : Seq.seq t_Idx'0) self) -end -module M_creusot_contracts__stdqy35z1__iter__range__qyi16860283617022118777__produces_trans [#"../../../creusot-contracts/src/std/iter/range.rs" 45 4 45 90] (* as std::iter::Iterator> *) - let%span srange0 = "../../../creusot-contracts/src/std/iter/range.rs" 39 15 39 21 - let%span srange1 = "../../../creusot-contracts/src/std/iter/range.rs" 40 15 40 21 - let%span srange2 = "../../../creusot-contracts/src/std/iter/range.rs" 41 15 41 21 - let%span srange3 = "../../../creusot-contracts/src/std/iter/range.rs" 42 15 42 32 - let%span srange4 = "../../../creusot-contracts/src/std/iter/range.rs" 43 15 43 32 - let%span srange5 = "../../../creusot-contracts/src/std/iter/range.rs" 44 14 44 42 - let%span srange6 = "../../../creusot-contracts/src/std/iter/range.rs" 37 4 37 10 - let%span srange7 = "../../../creusot-contracts/src/std/iter/range.rs" 23 12 27 70 + predicate inv'5 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_V'0) - type t_Idx'0 + predicate invariant'2 [#"../../../creusot-contracts/src/invariant.rs" 23 4 23 30] (self : t_V'0) = + [%#sinvariant11] inv'5 self - type t_Range'0 = - { t_Range__start'0: t_Idx'0; t_Range__end'0: t_Idx'0 } + predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_V'0) - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Idx'0) + axiom inv_axiom'3 [@rewrite] : forall x : t_V'0 [inv'3 x] . inv'3 x = invariant'2 x - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Range'0) + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Option'0) - axiom inv_axiom'0 [@rewrite] : forall x : t_Range'0 [inv'0 x] . inv'0 x + axiom inv_axiom'1 [@rewrite] : forall x : t_Option'0 [inv'1 x] . inv'1 x = match x with - | {t_Range__start'0 = start ; t_Range__end'0 = end'} -> inv'1 start /\ inv'1 end' + | C_None'0 -> true + | C_Some'0 a_0 -> inv'3 a_0 end - use seq.Seq - - use prelude.prelude.Int - - function deep_model'0 [#"../../../creusot-contracts/src/model.rs" 25 4 25 45] (self : t_Idx'0) : int + type t_FMap'0 - use seq.Seq + type t_Option'1 = + | C_None'1 + | C_Some'1 t_V'0 - use seq.Seq + use map.Map - predicate produces'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 21 4 21 64] (self : t_Range'0) (visited : Seq.seq t_Idx'0) (o : t_Range'0) + function view'0 [#"../../../creusot-contracts/src/logic/fmap.rs" 59 4 59 35] (self : t_FMap'0) : Map.map t_K'0 (t_Option'1) - = - [%#srange7] self.t_Range__end'0 = o.t_Range__end'0 - /\ deep_model'0 self.t_Range__start'0 <= deep_model'0 o.t_Range__start'0 - /\ (Seq.length visited > 0 -> deep_model'0 o.t_Range__start'0 <= deep_model'0 o.t_Range__end'0) - /\ Seq.length visited = deep_model'0 o.t_Range__start'0 - deep_model'0 self.t_Range__start'0 - /\ (forall i : int . 0 <= i /\ i < Seq.length visited - -> deep_model'0 (Seq.get visited i) = deep_model'0 self.t_Range__start'0 + i) - use seq.Seq + axiom view'0_spec : forall self : t_FMap'0 . [%#sfmap12] forall m1 : t_FMap'0, m2 : t_FMap'0 . m1 <> m2 + -> view'0 m1 <> view'0 m2 - constant a : t_Range'0 + use map.Map - constant ab : Seq.seq t_Idx'0 + function get_unsized'0 [@inline:trivial] [#"../../../creusot-contracts/src/logic/fmap.rs" 102 4 102 55] (self : t_FMap'0) (k : t_K'0) : t_Option'1 + + = + [%#sfmap8] Map.get (view'0 self) k - constant b : t_Range'0 + function contains'0 [@inline:trivial] [#"../../../creusot-contracts/src/logic/fmap.rs" 131 4 131 39] (self : t_FMap'0) (k : t_K'0) : bool + + = + [%#sfmap6] get_unsized'0 self k <> C_None'1 - constant bc : Seq.seq t_Idx'0 + function unwrap'0 [#"../../../creusot-contracts/src/util.rs" 45 0 45 36] (op : t_Option'1) : t_V'0 - constant c : t_Range'0 + axiom unwrap'0_spec : forall op : t_Option'1 . ([%#sutil9] op <> C_None'1) + -> ([%#sutil10] C_Some'1 (unwrap'0 op) = op) - function produces_trans'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 45 4 45 90] (a : t_Range'0) (ab : Seq.seq t_Idx'0) (b : t_Range'0) (bc : Seq.seq t_Idx'0) (c : t_Range'0) : () + function lookup_unsized'0 [@inline:trivial] [#"../../../creusot-contracts/src/logic/fmap.rs" 123 4 123 50] (self : t_FMap'0) (k : t_K'0) : t_V'0 + = + [%#sfmap7] unwrap'0 (get_unsized'0 self k) - goal vc_produces_trans'0 : ([%#srange4] produces'0 b bc c) - -> ([%#srange3] produces'0 a ab b) - -> ([%#srange2] inv'0 c) - -> ([%#srange1] inv'0 b) -> ([%#srange0] inv'0 a) -> ([%#srange5] produces'0 a (Seq.(++) ab bc) c) -end -module M_creusot_contracts__stdqy35z1__iter__range__range_inclusive_len [#"../../../creusot-contracts/src/std/iter/range.rs" 51 0 51 92] - let%span srange0 = "../../../creusot-contracts/src/std/iter/range.rs" 50 10 50 43 - let%span sops1 = "../../../creusot-contracts/src/std/ops.rs" 201 14 201 86 - let%span srange2 = "../../../creusot-contracts/src/std/iter/range.rs" 52 4 55 5 + let rec get_ghost'0 (self:t_FMap'0) (key:t_K'0) (return' (ret:t_Option'0))= {[@expl:get_ghost 'key' type invariant] [%#sfmap2] inv'0 key} + any + [ return' (result:t_Option'0)-> {[%#sfmap3] inv'1 result} + {[%#sfmap4] if contains'0 self key then + match result with + | C_None'0 -> false + | C_Some'0 r -> lookup_unsized'0 self key = r + end + else + result = C_None'0 + } + (! return' {result}) ] + - type t_Idx'0 + predicate invariant'1 [#"../../../creusot-contracts/src/invariant.rs" 23 4 23 30] (self : t_Option'0) = + [%#sinvariant11] inv'1 self - type t_RangeInclusive'0 = - { t_RangeInclusive__start'0: t_Idx'0; t_RangeInclusive__end'0: t_Idx'0; t_RangeInclusive__exhausted'0: bool } + predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Option'0) - function start_log'0 [#"../../../creusot-contracts/src/std/ops.rs" 189 4 189 29] (self : t_RangeInclusive'0) : t_Idx'0 + axiom inv_axiom'2 [@rewrite] : forall x : t_Option'0 [inv'2 x] . inv'2 x = invariant'1 x - use prelude.prelude.Int + let rec is_some'0 (self:t_Option'0) (return' (ret:bool))= {[@expl:is_some 'self' type invariant] inv'2 self} + any [ return' (result:bool)-> {[%#soption5] result = (self <> C_None'0)} (! return' {result}) ] - function deep_model'0 [#"../../../creusot-contracts/src/model.rs" 25 4 25 45] (self : t_Idx'0) : int + use prelude.prelude.Intrinsic - function end_log'0 [#"../../../creusot-contracts/src/std/ops.rs" 195 4 195 27] (self : t_RangeInclusive'0) : t_Idx'0 + meta "compute_max_steps" 1000000 - function is_empty_log'0 [#"../../../creusot-contracts/src/std/ops.rs" 202 4 205 35] (self : t_RangeInclusive'0) : bool + let rec contains_ghost'0 (self:t_FMap'0) (key:t_K'0) (return' (ret:bool))= {[@expl:contains_ghost 'key' type invariant] [%#sfmap0] inv'0 key} + (! bb0 + [ bb0 = s0 [ s0 = get_ghost'0 {self} {key} (fun (_ret':t_Option'0) -> [ &_5 <- _ret' ] s1) | s1 = bb1 ] + | bb1 = s0 [ s0 = is_some'0 {_5} (fun (_ret':bool) -> [ &_0 <- _ret' ] s1) | s1 = bb2 ] + | bb2 = return' {_0} ] + ) [ & _0 : bool = any_l () | & self : t_FMap'0 = self | & key : t_K'0 = key | & _5 : t_Option'0 = any_l () ] + [ return' (result:bool)-> {[@expl:contains_ghost ensures] [%#sfmap1] result = contains'0 self key} + (! return' {result}) ] + +end +module M_creusot_contracts__logic__ord__qyi8355372356285216375__cmp_le_log [#"../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 129 39 129 89 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 127 8 127 35 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - axiom is_empty_log'0_spec : forall self : t_RangeInclusive'0 . [%#sops1] not is_empty_log'0 self - -> deep_model'0 (start_log'0 self) <= deep_model'0 (end_log'0 self) + use prelude.prelude.Int - constant r : t_RangeInclusive'0 + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function range_inclusive_len'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 51 0 51 92] (r : t_RangeInclusive'0) : int + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int) (o : int) : t_Ordering'0 + = + [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal vc_range_inclusive_len'0 : ([%#sops1] not is_empty_log'0 r - -> deep_model'0 (start_log'0 r) <= deep_model'0 (end_log'0 r)) - -> (if is_empty_log'0 r then - [%#srange0] is_empty_log'0 r = (0 = 0) - else - [%#srange0] is_empty_log'0 r = (deep_model'0 (end_log'0 r) - deep_model'0 (start_log'0 r) + 1 = 0) - ) -end -module M_creusot_contracts__stdqy35z1__iter__range__qyi11108913944999844411__produces_refl [#"../../../creusot-contracts/src/std/iter/range.rs" 82 4 82 26] (* as std::iter::Iterator> *) - let%span srange0 = "../../../creusot-contracts/src/std/iter/range.rs" 81 14 81 45 - let%span srange1 = "../../../creusot-contracts/src/std/iter/range.rs" 79 4 79 10 - let%span srange2 = "../../../creusot-contracts/src/std/iter/range.rs" 71 12 75 76 - let%span srange3 = "../../../creusot-contracts/src/std/iter/range.rs" 50 10 50 43 - let%span srange4 = "../../../creusot-contracts/src/std/iter/range.rs" 52 4 55 5 - let%span sops5 = "../../../creusot-contracts/src/std/ops.rs" 201 14 201 86 + constant x : int - use seq.Seq + constant y : int - type t_Idx'0 + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39] (x : int) (y : int) : () - use seq.Seq + goal vc_cmp_le_log'0 : [%#sord0] (x <= y) = (cmp_log'0 x y <> C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi8355372356285216375__cmp_lt_log [#"../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 134 39 134 86 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 132 8 132 35 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - type t_RangeInclusive'0 = - { t_RangeInclusive__start'0: t_Idx'0; t_RangeInclusive__end'0: t_Idx'0; t_RangeInclusive__exhausted'0: bool } + use prelude.prelude.Int + + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - use seq.Seq + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int) (o : int) : t_Ordering'0 + + = + [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - function start_log'0 [#"../../../creusot-contracts/src/std/ops.rs" 189 4 189 29] (self : t_RangeInclusive'0) : t_Idx'0 + constant x : int - use prelude.prelude.Int + constant y : int - function deep_model'0 [#"../../../creusot-contracts/src/model.rs" 25 4 25 45] (self : t_Idx'0) : int + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39] (x : int) (y : int) : () - function end_log'0 [#"../../../creusot-contracts/src/std/ops.rs" 195 4 195 27] (self : t_RangeInclusive'0) : t_Idx'0 + goal vc_cmp_lt_log'0 : [%#sord0] (x < y) = (cmp_log'0 x y = C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi8355372356285216375__cmp_ge_log [#"../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 139 39 139 86 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 137 8 137 35 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - function is_empty_log'0 [#"../../../creusot-contracts/src/std/ops.rs" 202 4 205 35] (self : t_RangeInclusive'0) : bool + use prelude.prelude.Int - axiom is_empty_log'0_spec : forall self : t_RangeInclusive'0 . [%#sops5] not is_empty_log'0 self - -> deep_model'0 (start_log'0 self) <= deep_model'0 (end_log'0 self) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function range_inclusive_len'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 51 0 51 92] (r : t_RangeInclusive'0) : int + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int) (o : int) : t_Ordering'0 = - [%#srange4] if is_empty_log'0 r then 0 else deep_model'0 (end_log'0 r) - deep_model'0 (start_log'0 r) + 1 + [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - axiom range_inclusive_len'0_spec : forall r : t_RangeInclusive'0 . [%#srange3] is_empty_log'0 r - = (range_inclusive_len'0 r = 0) + constant x : int - use seq.Seq + constant y : int - predicate produces'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 69 4 69 64] (self : t_RangeInclusive'0) (visited : Seq.seq t_Idx'0) (o : t_RangeInclusive'0) - - = - [%#srange2] Seq.length visited = range_inclusive_len'0 self - range_inclusive_len'0 o - /\ (is_empty_log'0 self -> is_empty_log'0 o) - /\ (is_empty_log'0 o \/ end_log'0 self = end_log'0 o) - /\ (forall i : int . 0 <= i /\ i < Seq.length visited - -> deep_model'0 (Seq.get visited i) = deep_model'0 (start_log'0 self) + i) + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39] (x : int) (y : int) : () - constant self : t_RangeInclusive'0 + goal vc_cmp_ge_log'0 : [%#sord0] (x >= y) = (cmp_log'0 x y <> C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi8355372356285216375__cmp_gt_log [#"../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 144 39 144 89 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 142 8 142 35 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - function produces_refl'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 82 4 82 26] (self : t_RangeInclusive'0) : () - + use prelude.prelude.Int - goal vc_produces_refl'0 : [%#srange0] produces'0 self (Seq.empty : Seq.seq t_Idx'0) self -end -module M_creusot_contracts__stdqy35z1__iter__range__qyi11108913944999844411__produces_trans [#"../../../creusot-contracts/src/std/iter/range.rs" 89 4 89 90] (* as std::iter::Iterator> *) - let%span srange0 = "../../../creusot-contracts/src/std/iter/range.rs" 86 15 86 32 - let%span srange1 = "../../../creusot-contracts/src/std/iter/range.rs" 87 15 87 32 - let%span srange2 = "../../../creusot-contracts/src/std/iter/range.rs" 88 14 88 42 - let%span srange3 = "../../../creusot-contracts/src/std/iter/range.rs" 84 4 84 10 - let%span srange4 = "../../../creusot-contracts/src/std/iter/range.rs" 71 12 75 76 - let%span srange5 = "../../../creusot-contracts/src/std/iter/range.rs" 50 10 50 43 - let%span srange6 = "../../../creusot-contracts/src/std/iter/range.rs" 52 4 55 5 - let%span sops7 = "../../../creusot-contracts/src/std/ops.rs" 201 14 201 86 + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - type t_Idx'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int) (o : int) : t_Ordering'0 + + = + [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - type t_RangeInclusive'0 = - { t_RangeInclusive__start'0: t_Idx'0; t_RangeInclusive__end'0: t_Idx'0; t_RangeInclusive__exhausted'0: bool } + constant x : int - use seq.Seq + constant y : int - use seq.Seq + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39] (x : int) (y : int) : () - function start_log'0 [#"../../../creusot-contracts/src/std/ops.rs" 189 4 189 29] (self : t_RangeInclusive'0) : t_Idx'0 + goal vc_cmp_gt_log'0 : [%#sord0] (x > y) = (cmp_log'0 x y = C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi8355372356285216375__refl [#"../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 149 39 149 70 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 147 8 147 35 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 use prelude.prelude.Int - function deep_model'0 [#"../../../creusot-contracts/src/model.rs" 25 4 25 45] (self : t_Idx'0) : int + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function end_log'0 [#"../../../creusot-contracts/src/std/ops.rs" 195 4 195 27] (self : t_RangeInclusive'0) : t_Idx'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int) (o : int) : t_Ordering'0 + + = + [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - function is_empty_log'0 [#"../../../creusot-contracts/src/std/ops.rs" 202 4 205 35] (self : t_RangeInclusive'0) : bool + constant x : int - axiom is_empty_log'0_spec : forall self : t_RangeInclusive'0 . [%#sops7] not is_empty_log'0 self - -> deep_model'0 (start_log'0 self) <= deep_model'0 (end_log'0 self) + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24] (x : int) : () - function range_inclusive_len'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 51 0 51 92] (r : t_RangeInclusive'0) : int - - = - [%#srange6] if is_empty_log'0 r then 0 else deep_model'0 (end_log'0 r) - deep_model'0 (start_log'0 r) + 1 + goal vc_refl'0 : [%#sord0] cmp_log'0 x x = C_Equal'0 +end +module M_creusot_contracts__logic__ord__qyi8355372356285216375__trans [#"../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 154 40 154 57 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 155 40 155 57 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 156 39 156 56 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 152 8 152 35 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - axiom range_inclusive_len'0_spec : forall r : t_RangeInclusive'0 . [%#srange5] is_empty_log'0 r - = (range_inclusive_len'0 r = 0) + use prelude.prelude.Int - use seq.Seq + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate produces'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 69 4 69 64] (self : t_RangeInclusive'0) (visited : Seq.seq t_Idx'0) (o : t_RangeInclusive'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int) (o : int) : t_Ordering'0 = - [%#srange4] Seq.length visited = range_inclusive_len'0 self - range_inclusive_len'0 o - /\ (is_empty_log'0 self -> is_empty_log'0 o) - /\ (is_empty_log'0 o \/ end_log'0 self = end_log'0 o) - /\ (forall i : int . 0 <= i /\ i < Seq.length visited - -> deep_model'0 (Seq.get visited i) = deep_model'0 (start_log'0 self) + i) - - use seq.Seq - - constant a : t_RangeInclusive'0 + [%#sord4] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - constant ab : Seq.seq t_Idx'0 + constant x : int - constant b : t_RangeInclusive'0 + constant y : int - constant bc : Seq.seq t_Idx'0 + constant z : int - constant c : t_RangeInclusive'0 + constant o : t_Ordering'0 - function produces_trans'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 89 4 89 90] (a : t_RangeInclusive'0) (ab : Seq.seq t_Idx'0) (b : t_RangeInclusive'0) (bc : Seq.seq t_Idx'0) (c : t_RangeInclusive'0) : () + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56] (x : int) (y : int) (z : int) (o : t_Ordering'0) : () - goal vc_produces_trans'0 : ([%#srange1] produces'0 b bc c) - -> ([%#srange0] produces'0 a ab b) -> ([%#srange2] produces'0 a (Seq.(++) ab bc) c) + goal vc_trans'0 : ([%#sord1] cmp_log'0 y z = o) -> ([%#sord0] cmp_log'0 x y = o) -> ([%#sord2] cmp_log'0 x z = o) end -module M_creusot_contracts__stdqy35z1__iter__repeat__qyi8658929399712466629__produces_refl [#"../../../creusot-contracts/src/std/iter/repeat.rs" 33 4 33 26] (* as std::iter::Iterator> *) - let%span srepeat0 = "../../../creusot-contracts/src/std/iter/repeat.rs" 31 15 31 24 - let%span srepeat1 = "../../../creusot-contracts/src/std/iter/repeat.rs" 32 14 32 45 - let%span srepeat2 = "../../../creusot-contracts/src/std/iter/repeat.rs" 29 4 29 10 - let%span srepeat3 = "../../../creusot-contracts/src/std/iter/repeat.rs" 24 12 25 78 +module M_creusot_contracts__logic__ord__qyi8355372356285216375__antisym1 [#"../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 161 40 161 70 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 162 39 162 72 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 159 8 159 35 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - type t_T'0 + use prelude.prelude.Int - type t_Repeat'0 = - { t_Repeat__element'0: t_T'0 } + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int) (o : int) : t_Ordering'0 + + = + [%#sord3] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Repeat'0) + constant x : int - axiom inv_axiom'0 [@rewrite] : forall x : t_Repeat'0 [inv'0 x] . inv'0 x - = match x with - | {t_Repeat__element'0 = element} -> inv'1 element - end + constant y : int - use seq.Seq + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37] (x : int) (y : int) : () - use seq.Seq + goal vc_antisym1'0 : ([%#sord0] cmp_log'0 x y = C_Less'0) -> ([%#sord1] cmp_log'0 y x = C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi8355372356285216375__antisym2 [#"../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 167 40 167 73 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 168 39 168 69 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 165 8 165 35 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 use prelude.prelude.Int - use seq.Seq - - use seq.Seq - - function view'0 [#"../../../creusot-contracts/src/std/iter/repeat.rs" 8 4 8 22] (self : t_Repeat'0) : t_T'0 + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate produces'0 [#"../../../creusot-contracts/src/std/iter/repeat.rs" 22 4 22 64] (self : t_Repeat'0) (visited : Seq.seq t_T'0) (o : t_Repeat'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int) (o : int) : t_Ordering'0 = - [%#srepeat3] self = o /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> Seq.get visited i = view'0 self) + [%#sord3] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - constant self : t_Repeat'0 + constant x : int - function produces_refl'0 [#"../../../creusot-contracts/src/std/iter/repeat.rs" 33 4 33 26] (self : t_Repeat'0) : () + constant y : int - goal vc_produces_refl'0 : ([%#srepeat0] inv'0 self) - -> ([%#srepeat1] produces'0 self (Seq.empty : Seq.seq t_T'0) self) + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37] (x : int) (y : int) : () + + goal vc_antisym2'0 : ([%#sord0] cmp_log'0 x y = C_Greater'0) -> ([%#sord1] cmp_log'0 y x = C_Less'0) end -module M_creusot_contracts__stdqy35z1__iter__repeat__qyi8658929399712466629__produces_trans [#"../../../creusot-contracts/src/std/iter/repeat.rs" 43 4 43 90] (* as std::iter::Iterator> *) - let%span srepeat0 = "../../../creusot-contracts/src/std/iter/repeat.rs" 37 15 37 21 - let%span srepeat1 = "../../../creusot-contracts/src/std/iter/repeat.rs" 38 15 38 21 - let%span srepeat2 = "../../../creusot-contracts/src/std/iter/repeat.rs" 39 15 39 21 - let%span srepeat3 = "../../../creusot-contracts/src/std/iter/repeat.rs" 40 15 40 32 - let%span srepeat4 = "../../../creusot-contracts/src/std/iter/repeat.rs" 41 15 41 32 - let%span srepeat5 = "../../../creusot-contracts/src/std/iter/repeat.rs" 42 14 42 42 - let%span srepeat6 = "../../../creusot-contracts/src/std/iter/repeat.rs" 35 4 35 10 - let%span srepeat7 = "../../../creusot-contracts/src/std/iter/repeat.rs" 24 12 25 78 +module M_creusot_contracts__logic__ord__qyi8355372356285216375__eq_cmp [#"../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 173 39 173 84 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 171 8 171 35 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - type t_T'0 + use prelude.prelude.Int - type t_Repeat'0 = - { t_Repeat__element'0: t_T'0 } + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int) (o : int) : t_Ordering'0 + + = + [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Repeat'0) + constant x : int - axiom inv_axiom'0 [@rewrite] : forall x : t_Repeat'0 [inv'0 x] . inv'0 x - = match x with - | {t_Repeat__element'0 = element} -> inv'1 element - end + constant y : int - use seq.Seq + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35] (x : int) (y : int) : () - use prelude.prelude.Int + goal vc_eq_cmp'0 : [%#sord0] (x = y) = (cmp_log'0 x y = C_Equal'0) +end +module M_creusot_contracts__logic__ord__qyi15418235539824427604__cmp_le_log [#"../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 129 39 129 89 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 127 8 127 35 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - use seq.Seq + use prelude.prelude.Int - use seq.Seq + use prelude.prelude.UInt8 - function view'0 [#"../../../creusot-contracts/src/std/iter/repeat.rs" 8 4 8 22] (self : t_Repeat'0) : t_T'0 + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate produces'0 [#"../../../creusot-contracts/src/std/iter/repeat.rs" 22 4 22 64] (self : t_Repeat'0) (visited : Seq.seq t_T'0) (o : t_Repeat'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint8) (o : uint8) : t_Ordering'0 = - [%#srepeat7] self = o /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> Seq.get visited i = view'0 self) - - use seq.Seq - - constant a : t_Repeat'0 - - constant ab : Seq.seq t_T'0 - - constant b : t_Repeat'0 + [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - constant bc : Seq.seq t_T'0 + constant x : uint8 - constant c : t_Repeat'0 + constant y : uint8 - function produces_trans'0 [#"../../../creusot-contracts/src/std/iter/repeat.rs" 43 4 43 90] (a : t_Repeat'0) (ab : Seq.seq t_T'0) (b : t_Repeat'0) (bc : Seq.seq t_T'0) (c : t_Repeat'0) : () - + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39] (x : uint8) (y : uint8) : () - goal vc_produces_trans'0 : ([%#srepeat4] produces'0 b bc c) - -> ([%#srepeat3] produces'0 a ab b) - -> ([%#srepeat2] inv'0 c) - -> ([%#srepeat1] inv'0 b) -> ([%#srepeat0] inv'0 a) -> ([%#srepeat5] produces'0 a (Seq.(++) ab bc) c) + goal vc_cmp_le_log'0 : [%#sord0] (x <= y) = (cmp_log'0 x y <> C_Greater'0) end -module M_creusot_contracts__stdqy35z1__iter__skip__qyi3195031491774060502__produces_refl [#"../../../creusot-contracts/src/std/iter/skip.rs" 75 4 75 26] (* as std::iter::Iterator> *) - let%span sskip0 = "../../../creusot-contracts/src/std/iter/skip.rs" 73 15 73 24 - let%span sskip1 = "../../../creusot-contracts/src/std/iter/skip.rs" 74 14 74 45 - let%span sskip2 = "../../../creusot-contracts/src/std/iter/skip.rs" 71 4 71 10 - let%span sskip3 = "../../../creusot-contracts/src/std/iter/skip.rs" 62 12 67 74 - let%span sskip4 = "../../../creusot-contracts/src/std/iter/skip.rs" 21 14 21 50 - let%span sskip5 = "../../../creusot-contracts/src/std/iter/skip.rs" 14 14 14 39 - let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 38 15 38 24 - let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 39 14 39 45 - let%span siter8 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 21 - let%span siter9 = "../../../creusot-contracts/src/std/iter.rs" 44 15 44 21 - let%span siter10 = "../../../creusot-contracts/src/std/iter.rs" 45 15 45 21 - let%span siter11 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 - let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 - let%span siter13 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 - let%span sseq14 = "../../../creusot-contracts/src/logic/seq.rs" 451 20 451 95 - let%span sboxed15 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 - - type t_I'0 +module M_creusot_contracts__logic__ord__qyi15418235539824427604__cmp_lt_log [#"../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 134 39 134 86 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 132 8 132 35 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - use prelude.prelude.UIntSize + use prelude.prelude.Int - type t_Skip'0 = - { t_Skip__iter'0: t_I'0; t_Skip__n'0: usize } + use prelude.prelude.UInt8 - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Skip'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint8) (o : uint8) : t_Ordering'0 + + = + [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - axiom inv_axiom'0 [@rewrite] : forall x : t_Skip'0 [inv'0 x] . inv'0 x - = match x with - | {t_Skip__iter'0 = iter ; t_Skip__n'0 = n} -> inv'2 iter - end + constant x : uint8 - use seq.Seq + constant y : uint8 - type t_Item'0 + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39] (x : uint8) (y : uint8) : () - use seq.Seq + goal vc_cmp_lt_log'0 : [%#sord0] (x < y) = (cmp_log'0 x y = C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi15418235539824427604__cmp_ge_log [#"../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 139 39 139 86 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 137 8 137 35 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 use prelude.prelude.Int - constant v_MAX'0 : usize = (18446744073709551615 : usize) + use prelude.prelude.UInt8 - use prelude.prelude.UIntSize + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function n'0 [#"../../../creusot-contracts/src/std/iter/skip.rs" 22 4 22 21] (self : t_Skip'0) : int + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint8) (o : uint8) : t_Ordering'0 + + = + [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - axiom n'0_spec : forall self : t_Skip'0 . [%#sskip4] n'0 self >= 0 /\ n'0 self <= UIntSize.to_int (v_MAX'0 : usize) + constant x : uint8 - use seq.Seq + constant y : uint8 - use seq.Seq + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39] (x : uint8) (y : uint8) : () - predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) + goal vc_cmp_ge_log'0 : [%#sord0] (x >= y) = (cmp_log'0 x y <> C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi15418235539824427604__cmp_gt_log [#"../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 144 39 144 89 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 142 8 142 35 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - predicate invariant'1 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : t_Item'0) = - [%#sboxed15] inv'4 self + use prelude.prelude.Int - predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) + use prelude.prelude.UInt8 - axiom inv_axiom'2 [@rewrite] : forall x : t_Item'0 [inv'3 x] . inv'3 x = invariant'1 x + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate invariant'0 [#"../../../creusot-contracts/src/logic/seq.rs" 450 4 450 30] (self : Seq.seq t_Item'0) = - [%#sseq14] forall i : int . 0 <= i /\ i < Seq.length self -> inv'3 (Seq.get self i) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint8) (o : uint8) : t_Ordering'0 + + = + [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t_Item'0) + constant x : uint8 - axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq t_Item'0 [inv'1 x] . inv'1 x = invariant'0 x + constant y : uint8 - function iter'0 [#"../../../creusot-contracts/src/std/iter/skip.rs" 15 4 15 22] (self : t_Skip'0) : t_I'0 + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39] (x : uint8) (y : uint8) : () - axiom iter'0_spec : forall self : t_Skip'0 . [%#sskip5] inv'0 self -> inv'2 (iter'0 self) + goal vc_cmp_gt_log'0 : [%#sord0] (x > y) = (cmp_log'0 x y = C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi15418235539824427604__refl [#"../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 149 39 149 70 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 147 8 147 35 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - use seq.Seq + use prelude.prelude.UInt8 - predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + use prelude.prelude.Int + + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint8) (o : uint8) : t_Ordering'0 + = + [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter8] inv'2 a) - -> ([%#siter9] inv'2 b) - -> ([%#siter10] inv'2 c) - -> ([%#siter11] produces'1 a ab b) - -> ([%#siter12] produces'1 b bc c) -> ([%#siter13] produces'1 a (Seq.(++) ab bc) c) + constant x : uint8 - function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 40 4 40 27] (self : t_I'0) : () + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24] (x : uint8) : () - axiom produces_refl'1_spec : forall self : t_I'0 . ([%#siter6] inv'2 self) - -> ([%#siter7] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) + goal vc_refl'0 : [%#sord0] cmp_log'0 x x = C_Equal'0 +end +module M_creusot_contracts__logic__ord__qyi15418235539824427604__trans [#"../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 154 40 154 57 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 155 40 155 57 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 156 39 156 56 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 152 8 152 35 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - use seq.Seq + use prelude.prelude.UInt8 - use prelude.prelude.Borrow + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_Item'0) + use prelude.prelude.Int - predicate produces'0 [#"../../../creusot-contracts/src/std/iter/skip.rs" 60 4 60 64] (self : t_Skip'0) (visited : Seq.seq t_Item'0) (o : t_Skip'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint8) (o : uint8) : t_Ordering'0 = - [%#sskip3] visited = (Seq.empty : Seq.seq t_Item'0) /\ self = o - \/ n'0 o = 0 - /\ Seq.length visited > 0 - /\ (exists s : Seq.seq t_Item'0 . inv'1 s - /\ Seq.length s = n'0 self - /\ produces'1 (iter'0 self) (Seq.(++) s visited) (iter'0 o) - /\ (forall i : int . 0 <= i /\ i < Seq.length s -> resolve'0 (Seq.get s i))) + [%#sord4] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - constant self : t_Skip'0 + constant x : uint8 - function produces_refl'0 [#"../../../creusot-contracts/src/std/iter/skip.rs" 75 4 75 26] (self : t_Skip'0) : () + constant y : uint8 - goal vc_produces_refl'0 : ([%#sskip0] inv'0 self) - -> ([%#sskip1] produces'0 self (Seq.empty : Seq.seq t_Item'0) self) + constant z : uint8 + + constant o : t_Ordering'0 + + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56] (x : uint8) (y : uint8) (z : uint8) (o : t_Ordering'0) : () + + + goal vc_trans'0 : ([%#sord1] cmp_log'0 y z = o) -> ([%#sord0] cmp_log'0 x y = o) -> ([%#sord2] cmp_log'0 x z = o) end -module M_creusot_contracts__stdqy35z1__iter__skip__qyi3195031491774060502__produces_trans [#"../../../creusot-contracts/src/std/iter/skip.rs" 85 4 85 90] (* as std::iter::Iterator> *) - let%span sskip0 = "../../../creusot-contracts/src/std/iter/skip.rs" 79 15 79 21 - let%span sskip1 = "../../../creusot-contracts/src/std/iter/skip.rs" 80 15 80 21 - let%span sskip2 = "../../../creusot-contracts/src/std/iter/skip.rs" 81 15 81 21 - let%span sskip3 = "../../../creusot-contracts/src/std/iter/skip.rs" 82 15 82 32 - let%span sskip4 = "../../../creusot-contracts/src/std/iter/skip.rs" 83 15 83 32 - let%span sskip5 = "../../../creusot-contracts/src/std/iter/skip.rs" 84 14 84 42 - let%span sskip6 = "../../../creusot-contracts/src/std/iter/skip.rs" 77 4 77 10 - let%span sskip7 = "../../../creusot-contracts/src/std/iter/skip.rs" 62 12 67 74 - let%span sskip8 = "../../../creusot-contracts/src/std/iter/skip.rs" 21 14 21 50 - let%span sskip9 = "../../../creusot-contracts/src/std/iter/skip.rs" 14 14 14 39 - let%span siter10 = "../../../creusot-contracts/src/std/iter.rs" 38 15 38 24 - let%span siter11 = "../../../creusot-contracts/src/std/iter.rs" 39 14 39 45 - let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 21 - let%span siter13 = "../../../creusot-contracts/src/std/iter.rs" 44 15 44 21 - let%span siter14 = "../../../creusot-contracts/src/std/iter.rs" 45 15 45 21 - let%span siter15 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 - let%span siter16 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 - let%span siter17 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 - let%span sseq18 = "../../../creusot-contracts/src/logic/seq.rs" 451 20 451 95 - let%span sboxed19 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 +module M_creusot_contracts__logic__ord__qyi15418235539824427604__antisym1 [#"../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 161 40 161 70 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 162 39 162 72 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 159 8 159 35 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - type t_I'0 + use prelude.prelude.UInt8 - use prelude.prelude.UIntSize + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - type t_Skip'0 = - { t_Skip__iter'0: t_I'0; t_Skip__n'0: usize } + use prelude.prelude.Int - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint8) (o : uint8) : t_Ordering'0 + + = + [%#sord3] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Skip'0) + constant x : uint8 - axiom inv_axiom'0 [@rewrite] : forall x : t_Skip'0 [inv'0 x] . inv'0 x - = match x with - | {t_Skip__iter'0 = iter ; t_Skip__n'0 = n} -> inv'2 iter - end + constant y : uint8 - type t_Item'0 + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37] (x : uint8) (y : uint8) : () - use seq.Seq + goal vc_antisym1'0 : ([%#sord0] cmp_log'0 x y = C_Less'0) -> ([%#sord1] cmp_log'0 y x = C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi15418235539824427604__antisym2 [#"../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 167 40 167 73 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 168 39 168 69 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 165 8 165 35 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - use seq.Seq + use prelude.prelude.UInt8 + + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 use prelude.prelude.Int - constant v_MAX'0 : usize = (18446744073709551615 : usize) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint8) (o : uint8) : t_Ordering'0 + + = + [%#sord3] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - use prelude.prelude.UIntSize + constant x : uint8 - function n'0 [#"../../../creusot-contracts/src/std/iter/skip.rs" 22 4 22 21] (self : t_Skip'0) : int + constant y : uint8 - axiom n'0_spec : forall self : t_Skip'0 . [%#sskip8] n'0 self >= 0 /\ n'0 self <= UIntSize.to_int (v_MAX'0 : usize) + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37] (x : uint8) (y : uint8) : () - use seq.Seq + goal vc_antisym2'0 : ([%#sord0] cmp_log'0 x y = C_Greater'0) -> ([%#sord1] cmp_log'0 y x = C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi15418235539824427604__eq_cmp [#"../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 173 39 173 84 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 171 8 171 35 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - use seq.Seq + use prelude.prelude.UInt8 - predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate invariant'1 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : t_Item'0) = - [%#sboxed19] inv'4 self + use prelude.prelude.Int - predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint8) (o : uint8) : t_Ordering'0 + + = + [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - axiom inv_axiom'2 [@rewrite] : forall x : t_Item'0 [inv'3 x] . inv'3 x = invariant'1 x + constant x : uint8 - predicate invariant'0 [#"../../../creusot-contracts/src/logic/seq.rs" 450 4 450 30] (self : Seq.seq t_Item'0) = - [%#sseq18] forall i : int . 0 <= i /\ i < Seq.length self -> inv'3 (Seq.get self i) + constant y : uint8 - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t_Item'0) + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35] (x : uint8) (y : uint8) : () - axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq t_Item'0 [inv'1 x] . inv'1 x = invariant'0 x + goal vc_eq_cmp'0 : [%#sord0] (x = y) = (cmp_log'0 x y = C_Equal'0) +end +module M_creusot_contracts__logic__ord__qyi7305497527599188430__cmp_le_log [#"../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 129 39 129 89 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 127 8 127 35 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - function iter'0 [#"../../../creusot-contracts/src/std/iter/skip.rs" 15 4 15 22] (self : t_Skip'0) : t_I'0 + use prelude.prelude.Int - axiom iter'0_spec : forall self : t_Skip'0 . [%#sskip9] inv'0 self -> inv'2 (iter'0 self) + use prelude.prelude.UInt16 - use seq.Seq + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint16) (o : uint16) : t_Ordering'0 + = + [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - + constant x : uint16 - axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter12] inv'2 a) - -> ([%#siter13] inv'2 b) - -> ([%#siter14] inv'2 c) - -> ([%#siter15] produces'1 a ab b) - -> ([%#siter16] produces'1 b bc c) -> ([%#siter17] produces'1 a (Seq.(++) ab bc) c) + constant y : uint16 - function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 40 4 40 27] (self : t_I'0) : () + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39] (x : uint16) (y : uint16) : () - axiom produces_refl'0_spec : forall self : t_I'0 . ([%#siter10] inv'2 self) - -> ([%#siter11] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) + goal vc_cmp_le_log'0 : [%#sord0] (x <= y) = (cmp_log'0 x y <> C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi7305497527599188430__cmp_lt_log [#"../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 134 39 134 86 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 132 8 132 35 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - use seq.Seq + use prelude.prelude.Int - use prelude.prelude.Borrow + use prelude.prelude.UInt16 - predicate resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_Item'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate produces'0 [#"../../../creusot-contracts/src/std/iter/skip.rs" 60 4 60 64] (self : t_Skip'0) (visited : Seq.seq t_Item'0) (o : t_Skip'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint16) (o : uint16) : t_Ordering'0 = - [%#sskip7] visited = (Seq.empty : Seq.seq t_Item'0) /\ self = o - \/ n'0 o = 0 - /\ Seq.length visited > 0 - /\ (exists s : Seq.seq t_Item'0 . inv'1 s - /\ Seq.length s = n'0 self - /\ produces'1 (iter'0 self) (Seq.(++) s visited) (iter'0 o) - /\ (forall i : int . 0 <= i /\ i < Seq.length s -> resolve'0 (Seq.get s i))) + [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + + constant x : uint16 + + constant y : uint16 + + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39] (x : uint16) (y : uint16) : () + + goal vc_cmp_lt_log'0 : [%#sord0] (x < y) = (cmp_log'0 x y = C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi7305497527599188430__cmp_ge_log [#"../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 139 39 139 86 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 137 8 137 35 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + + use prelude.prelude.Int - constant a : t_Skip'0 + use prelude.prelude.UInt16 - constant ab : Seq.seq t_Item'0 + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - constant b : t_Skip'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint16) (o : uint16) : t_Ordering'0 + + = + [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - constant bc : Seq.seq t_Item'0 + constant x : uint16 - constant c : t_Skip'0 + constant y : uint16 - function produces_trans'0 [#"../../../creusot-contracts/src/std/iter/skip.rs" 85 4 85 90] (a : t_Skip'0) (ab : Seq.seq t_Item'0) (b : t_Skip'0) (bc : Seq.seq t_Item'0) (c : t_Skip'0) : () - + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39] (x : uint16) (y : uint16) : () - goal vc_produces_trans'0 : ([%#sskip4] produces'0 b bc c) - -> ([%#sskip3] produces'0 a ab b) - -> ([%#sskip2] inv'0 c) - -> ([%#sskip1] inv'0 b) -> ([%#sskip0] inv'0 a) -> ([%#sskip5] produces'0 a (Seq.(++) ab bc) c) + goal vc_cmp_ge_log'0 : [%#sord0] (x >= y) = (cmp_log'0 x y <> C_Less'0) end -module M_creusot_contracts__stdqy35z1__iter__take__qyi12344256497067751022__produces_refl [#"../../../creusot-contracts/src/std/iter/take.rs" 73 4 73 26] (* as std::iter::Iterator> *) - let%span stake0 = "../../../creusot-contracts/src/std/iter/take.rs" 71 15 71 24 - let%span stake1 = "../../../creusot-contracts/src/std/iter/take.rs" 72 14 72 45 - let%span stake2 = "../../../creusot-contracts/src/std/iter/take.rs" 69 4 69 10 - let%span stake3 = "../../../creusot-contracts/src/std/iter/take.rs" 65 12 65 88 - let%span stake4 = "../../../creusot-contracts/src/std/iter/take.rs" 31 14 31 50 - let%span stake5 = "../../../creusot-contracts/src/std/iter/take.rs" 17 14 17 39 - let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 38 15 38 24 - let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 39 14 39 45 - let%span siter8 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 21 - let%span siter9 = "../../../creusot-contracts/src/std/iter.rs" 44 15 44 21 - let%span siter10 = "../../../creusot-contracts/src/std/iter.rs" 45 15 45 21 - let%span siter11 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 - let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 - let%span siter13 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 +module M_creusot_contracts__logic__ord__qyi7305497527599188430__cmp_gt_log [#"../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 144 39 144 89 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 142 8 142 35 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - type t_I'0 + use prelude.prelude.Int - use prelude.prelude.UIntSize + use prelude.prelude.UInt16 - type t_Take'0 = - { t_Take__iter'0: t_I'0; t_Take__n'0: usize } + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint16) (o : uint16) : t_Ordering'0 + + = + [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Take'0) + constant x : uint16 - axiom inv_axiom'0 [@rewrite] : forall x : t_Take'0 [inv'0 x] . inv'0 x - = match x with - | {t_Take__iter'0 = iter ; t_Take__n'0 = n} -> inv'1 iter - end + constant y : uint16 - use seq.Seq + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39] (x : uint16) (y : uint16) : () - type t_Item'0 + goal vc_cmp_gt_log'0 : [%#sord0] (x > y) = (cmp_log'0 x y = C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi7305497527599188430__refl [#"../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 149 39 149 70 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 147 8 147 35 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - use seq.Seq + use prelude.prelude.UInt16 - use prelude.prelude.Int + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - constant v_MAX'0 : usize = (18446744073709551615 : usize) + use prelude.prelude.Int - use prelude.prelude.UIntSize + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint16) (o : uint16) : t_Ordering'0 + + = + [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - function n'0 [#"../../../creusot-contracts/src/std/iter/take.rs" 32 4 32 21] (self : t_Take'0) : int + constant x : uint16 - axiom n'0_spec : forall self : t_Take'0 . [%#stake4] n'0 self >= 0 /\ n'0 self <= UIntSize.to_int (v_MAX'0 : usize) + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24] (x : uint16) : () - use seq.Seq + goal vc_refl'0 : [%#sord0] cmp_log'0 x x = C_Equal'0 +end +module M_creusot_contracts__logic__ord__qyi7305497527599188430__trans [#"../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 154 40 154 57 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 155 40 155 57 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 156 39 156 56 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 152 8 152 35 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - function iter'0 [#"../../../creusot-contracts/src/std/iter/take.rs" 18 4 18 22] (self : t_Take'0) : t_I'0 + use prelude.prelude.UInt16 - axiom iter'0_spec : forall self : t_Take'0 . [%#stake5] inv'0 self -> inv'1 (iter'0 self) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - use seq.Seq + use prelude.prelude.Int - predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint16) (o : uint16) : t_Ordering'0 + = + [%#sord4] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - + constant x : uint16 - axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter8] inv'1 a) - -> ([%#siter9] inv'1 b) - -> ([%#siter10] inv'1 c) - -> ([%#siter11] produces'1 a ab b) - -> ([%#siter12] produces'1 b bc c) -> ([%#siter13] produces'1 a (Seq.(++) ab bc) c) + constant y : uint16 - function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 40 4 40 27] (self : t_I'0) : () + constant z : uint16 - axiom produces_refl'1_spec : forall self : t_I'0 . ([%#siter6] inv'1 self) - -> ([%#siter7] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) + constant o : t_Ordering'0 - predicate produces'0 [#"../../../creusot-contracts/src/std/iter/take.rs" 63 4 63 64] (self : t_Take'0) (visited : Seq.seq t_Item'0) (o : t_Take'0) + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56] (x : uint16) (y : uint16) (z : uint16) (o : t_Ordering'0) : () - = - [%#stake3] n'0 self = n'0 o + Seq.length visited /\ produces'1 (iter'0 self) visited (iter'0 o) - constant self : t_Take'0 + goal vc_trans'0 : ([%#sord1] cmp_log'0 y z = o) -> ([%#sord0] cmp_log'0 x y = o) -> ([%#sord2] cmp_log'0 x z = o) +end +module M_creusot_contracts__logic__ord__qyi7305497527599188430__antisym1 [#"../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 161 40 161 70 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 162 39 162 72 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 159 8 159 35 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - function produces_refl'0 [#"../../../creusot-contracts/src/std/iter/take.rs" 73 4 73 26] (self : t_Take'0) : () + use prelude.prelude.UInt16 - goal vc_produces_refl'0 : ([%#stake0] inv'0 self) - -> ([%#stake1] produces'0 self (Seq.empty : Seq.seq t_Item'0) self) -end -module M_creusot_contracts__stdqy35z1__iter__take__qyi12344256497067751022__produces_trans [#"../../../creusot-contracts/src/std/iter/take.rs" 83 4 83 90] (* as std::iter::Iterator> *) - let%span stake0 = "../../../creusot-contracts/src/std/iter/take.rs" 77 15 77 21 - let%span stake1 = "../../../creusot-contracts/src/std/iter/take.rs" 78 15 78 21 - let%span stake2 = "../../../creusot-contracts/src/std/iter/take.rs" 79 15 79 21 - let%span stake3 = "../../../creusot-contracts/src/std/iter/take.rs" 80 15 80 32 - let%span stake4 = "../../../creusot-contracts/src/std/iter/take.rs" 81 15 81 32 - let%span stake5 = "../../../creusot-contracts/src/std/iter/take.rs" 82 14 82 42 - let%span stake6 = "../../../creusot-contracts/src/std/iter/take.rs" 75 4 75 10 - let%span stake7 = "../../../creusot-contracts/src/std/iter/take.rs" 65 12 65 88 - let%span stake8 = "../../../creusot-contracts/src/std/iter/take.rs" 31 14 31 50 - let%span stake9 = "../../../creusot-contracts/src/std/iter/take.rs" 17 14 17 39 - let%span siter10 = "../../../creusot-contracts/src/std/iter.rs" 38 15 38 24 - let%span siter11 = "../../../creusot-contracts/src/std/iter.rs" 39 14 39 45 - let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 21 - let%span siter13 = "../../../creusot-contracts/src/std/iter.rs" 44 15 44 21 - let%span siter14 = "../../../creusot-contracts/src/std/iter.rs" 45 15 45 21 - let%span siter15 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 - let%span siter16 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 - let%span siter17 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - type t_I'0 + use prelude.prelude.Int - use prelude.prelude.UIntSize + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint16) (o : uint16) : t_Ordering'0 + + = + [%#sord3] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - type t_Take'0 = - { t_Take__iter'0: t_I'0; t_Take__n'0: usize } + constant x : uint16 - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) + constant y : uint16 - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Take'0) + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37] (x : uint16) (y : uint16) : () - axiom inv_axiom'0 [@rewrite] : forall x : t_Take'0 [inv'0 x] . inv'0 x - = match x with - | {t_Take__iter'0 = iter ; t_Take__n'0 = n} -> inv'1 iter - end + goal vc_antisym1'0 : ([%#sord0] cmp_log'0 x y = C_Less'0) -> ([%#sord1] cmp_log'0 y x = C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi7305497527599188430__antisym2 [#"../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 167 40 167 73 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 168 39 168 69 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 165 8 165 35 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - type t_Item'0 + use prelude.prelude.UInt16 - use seq.Seq + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 use prelude.prelude.Int - constant v_MAX'0 : usize = (18446744073709551615 : usize) - - use prelude.prelude.UIntSize + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint16) (o : uint16) : t_Ordering'0 + + = + [%#sord3] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - function n'0 [#"../../../creusot-contracts/src/std/iter/take.rs" 32 4 32 21] (self : t_Take'0) : int + constant x : uint16 - axiom n'0_spec : forall self : t_Take'0 . [%#stake8] n'0 self >= 0 /\ n'0 self <= UIntSize.to_int (v_MAX'0 : usize) + constant y : uint16 - use seq.Seq + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37] (x : uint16) (y : uint16) : () - function iter'0 [#"../../../creusot-contracts/src/std/iter/take.rs" 18 4 18 22] (self : t_Take'0) : t_I'0 + goal vc_antisym2'0 : ([%#sord0] cmp_log'0 x y = C_Greater'0) -> ([%#sord1] cmp_log'0 y x = C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi7305497527599188430__eq_cmp [#"../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 173 39 173 84 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 171 8 171 35 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - axiom iter'0_spec : forall self : t_Take'0 . [%#stake9] inv'0 self -> inv'1 (iter'0 self) + use prelude.prelude.UInt16 - use seq.Seq + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - use seq.Seq + use prelude.prelude.Int - predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint16) (o : uint16) : t_Ordering'0 + = + [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - + constant x : uint16 - axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter12] inv'1 a) - -> ([%#siter13] inv'1 b) - -> ([%#siter14] inv'1 c) - -> ([%#siter15] produces'1 a ab b) - -> ([%#siter16] produces'1 b bc c) -> ([%#siter17] produces'1 a (Seq.(++) ab bc) c) + constant y : uint16 - function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 40 4 40 27] (self : t_I'0) : () + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35] (x : uint16) (y : uint16) : () - axiom produces_refl'0_spec : forall self : t_I'0 . ([%#siter10] inv'1 self) - -> ([%#siter11] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) + goal vc_eq_cmp'0 : [%#sord0] (x = y) = (cmp_log'0 x y = C_Equal'0) +end +module M_creusot_contracts__logic__ord__qyi4526525114627399862__cmp_le_log [#"../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 129 39 129 89 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 127 8 127 35 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - predicate produces'0 [#"../../../creusot-contracts/src/std/iter/take.rs" 63 4 63 64] (self : t_Take'0) (visited : Seq.seq t_Item'0) (o : t_Take'0) - - = - [%#stake7] n'0 self = n'0 o + Seq.length visited /\ produces'1 (iter'0 self) visited (iter'0 o) + use prelude.prelude.Int - constant a : t_Take'0 + use prelude.prelude.UInt32 - constant ab : Seq.seq t_Item'0 + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - constant b : t_Take'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint32) (o : uint32) : t_Ordering'0 + + = + [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - constant bc : Seq.seq t_Item'0 + constant x : uint32 - constant c : t_Take'0 + constant y : uint32 - function produces_trans'0 [#"../../../creusot-contracts/src/std/iter/take.rs" 83 4 83 90] (a : t_Take'0) (ab : Seq.seq t_Item'0) (b : t_Take'0) (bc : Seq.seq t_Item'0) (c : t_Take'0) : () - + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39] (x : uint32) (y : uint32) : () - goal vc_produces_trans'0 : ([%#stake4] produces'0 b bc c) - -> ([%#stake3] produces'0 a ab b) - -> ([%#stake2] inv'0 c) - -> ([%#stake1] inv'0 b) -> ([%#stake0] inv'0 a) -> ([%#stake5] produces'0 a (Seq.(++) ab bc) c) + goal vc_cmp_le_log'0 : [%#sord0] (x <= y) = (cmp_log'0 x y <> C_Greater'0) end -module M_creusot_contracts__stdqy35z1__iter__zip__qyi2281060687216883844__produces_refl [#"../../../creusot-contracts/src/std/iter/zip.rs" 57 4 57 26] (* as std::iter::Iterator> *) - let%span szip0 = "../../../creusot-contracts/src/std/iter/zip.rs" 55 15 55 24 - let%span szip1 = "../../../creusot-contracts/src/std/iter/zip.rs" 56 14 56 45 - let%span szip2 = "../../../creusot-contracts/src/std/iter/zip.rs" 53 4 53 10 - let%span szip3 = "../../../creusot-contracts/src/std/iter/zip.rs" 46 12 49 95 - let%span szip4 = "../../../creusot-contracts/src/std/iter/zip.rs" 14 14 14 39 - let%span szip5 = "../../../creusot-contracts/src/std/iter/zip.rs" 21 14 21 39 - let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 38 15 38 24 - let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 39 14 39 45 - let%span siter8 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 21 - let%span siter9 = "../../../creusot-contracts/src/std/iter.rs" 44 15 44 21 - let%span siter10 = "../../../creusot-contracts/src/std/iter.rs" 45 15 45 21 - let%span siter11 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 - let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 - let%span siter13 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 - let%span sseq14 = "../../../creusot-contracts/src/logic/seq.rs" 451 20 451 95 - let%span sboxed15 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 +module M_creusot_contracts__logic__ord__qyi4526525114627399862__cmp_lt_log [#"../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 134 39 134 86 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 132 8 132 35 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - type t_A'0 + use prelude.prelude.Int + + use prelude.prelude.UInt32 + + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - type t_B'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint32) (o : uint32) : t_Ordering'0 + + = + [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - use prelude.prelude.UIntSize + constant x : uint32 - type t_Zip'0 = - { t_Zip__a'0: t_A'0; t_Zip__b'0: t_B'0; t_Zip__index'0: usize; t_Zip__len'0: usize; t_Zip__a_len'0: usize } + constant y : uint32 - predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_A'0) + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39] (x : uint32) (y : uint32) : () - predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_B'0) + goal vc_cmp_lt_log'0 : [%#sord0] (x < y) = (cmp_log'0 x y = C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi4526525114627399862__cmp_ge_log [#"../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 139 39 139 86 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 137 8 137 35 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Zip'0) + use prelude.prelude.Int - axiom inv_axiom'0 [@rewrite] : forall x : t_Zip'0 [inv'0 x] . inv'0 x - = match x with - | {t_Zip__a'0 = a ; t_Zip__b'0 = b ; t_Zip__index'0 = index ; t_Zip__len'0 = len ; t_Zip__a_len'0 = a_len} -> inv'3 a - /\ inv'4 b - end + use prelude.prelude.UInt32 - use seq.Seq + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - type t_Item'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint32) (o : uint32) : t_Ordering'0 + + = + [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - type t_Item'1 + constant x : uint32 - use seq.Seq + constant y : uint32 - use seq.Seq + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39] (x : uint32) (y : uint32) : () - use seq.Seq + goal vc_cmp_ge_log'0 : [%#sord0] (x >= y) = (cmp_log'0 x y <> C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi4526525114627399862__cmp_gt_log [#"../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 144 39 144 89 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 142 8 142 35 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 use prelude.prelude.Int - use seq.Seq + use prelude.prelude.UInt32 - use seq.Seq + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate inv'7 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint32) (o : uint32) : t_Ordering'0 + + = + [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - predicate invariant'2 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : t_Item'0) = - [%#sboxed15] inv'7 self + constant x : uint32 - predicate inv'5 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) + constant y : uint32 - axiom inv_axiom'3 [@rewrite] : forall x : t_Item'0 [inv'5 x] . inv'5 x = invariant'2 x + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39] (x : uint32) (y : uint32) : () - predicate invariant'0 [#"../../../creusot-contracts/src/logic/seq.rs" 450 4 450 30] (self : Seq.seq t_Item'0) = - [%#sseq14] forall i : int . 0 <= i /\ i < Seq.length self -> inv'5 (Seq.get self i) + goal vc_cmp_gt_log'0 : [%#sord0] (x > y) = (cmp_log'0 x y = C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi4526525114627399862__refl [#"../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 149 39 149 70 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 147 8 147 35 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t_Item'0) + use prelude.prelude.UInt32 - axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq t_Item'0 [inv'1 x] . inv'1 x = invariant'0 x + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - use seq.Seq + use prelude.prelude.Int - use seq.Seq + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint32) (o : uint32) : t_Ordering'0 + + = + [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - predicate inv'8 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'1) + constant x : uint32 - predicate invariant'3 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : t_Item'1) = - [%#sboxed15] inv'8 self + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24] (x : uint32) : () - predicate inv'6 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'1) + goal vc_refl'0 : [%#sord0] cmp_log'0 x x = C_Equal'0 +end +module M_creusot_contracts__logic__ord__qyi4526525114627399862__trans [#"../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 154 40 154 57 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 155 40 155 57 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 156 39 156 56 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 152 8 152 35 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - axiom inv_axiom'4 [@rewrite] : forall x : t_Item'1 [inv'6 x] . inv'6 x = invariant'3 x + use prelude.prelude.UInt32 - predicate invariant'1 [#"../../../creusot-contracts/src/logic/seq.rs" 450 4 450 30] (self : Seq.seq t_Item'1) = - [%#sseq14] forall i : int . 0 <= i /\ i < Seq.length self -> inv'6 (Seq.get self i) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t_Item'1) + use prelude.prelude.Int - axiom inv_axiom'2 [@rewrite] : forall x : Seq.seq t_Item'1 [inv'2 x] . inv'2 x = invariant'1 x + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint32) (o : uint32) : t_Ordering'0 + + = + [%#sord4] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - use seq.Seq + constant x : uint32 - use seq.Seq + constant y : uint32 - use seq.Seq + constant z : uint32 - use seq.Seq + constant o : t_Ordering'0 - function itera'0 [#"../../../creusot-contracts/src/std/iter/zip.rs" 15 4 15 23] (self : t_Zip'0) : t_A'0 + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56] (x : uint32) (y : uint32) (z : uint32) (o : t_Ordering'0) : () + - axiom itera'0_spec : forall self : t_Zip'0 . [%#szip4] inv'0 self -> inv'3 (itera'0 self) + goal vc_trans'0 : ([%#sord1] cmp_log'0 y z = o) -> ([%#sord0] cmp_log'0 x y = o) -> ([%#sord2] cmp_log'0 x z = o) +end +module M_creusot_contracts__logic__ord__qyi4526525114627399862__antisym1 [#"../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 161 40 161 70 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 162 39 162 72 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 159 8 159 35 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - use seq.Seq + use prelude.prelude.UInt32 - use seq.Seq + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_A'0) (visited : Seq.seq t_Item'0) (o : t_A'0) - + use prelude.prelude.Int - function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_A'0) (ab : Seq.seq t_Item'0) (b : t_A'0) (bc : Seq.seq t_Item'0) (c : t_A'0) : () + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint32) (o : uint32) : t_Ordering'0 + = + [%#sord3] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - axiom produces_trans'0_spec : forall a : t_A'0, ab : Seq.seq t_Item'0, b : t_A'0, bc : Seq.seq t_Item'0, c : t_A'0 . ([%#siter8] inv'3 a) - -> ([%#siter9] inv'3 b) - -> ([%#siter10] inv'3 c) - -> ([%#siter11] produces'1 a ab b) - -> ([%#siter12] produces'1 b bc c) -> ([%#siter13] produces'1 a (Seq.(++) ab bc) c) - - function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 40 4 40 27] (self : t_A'0) : () + constant x : uint32 - axiom produces_refl'1_spec : forall self : t_A'0 . ([%#siter6] inv'3 self) - -> ([%#siter7] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) + constant y : uint32 - function iterb'0 [#"../../../creusot-contracts/src/std/iter/zip.rs" 22 4 22 23] (self : t_Zip'0) : t_B'0 + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37] (x : uint32) (y : uint32) : () - axiom iterb'0_spec : forall self : t_Zip'0 . [%#szip5] inv'0 self -> inv'4 (iterb'0 self) + goal vc_antisym1'0 : ([%#sord0] cmp_log'0 x y = C_Less'0) -> ([%#sord1] cmp_log'0 y x = C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi4526525114627399862__antisym2 [#"../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 167 40 167 73 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 168 39 168 69 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 165 8 165 35 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - use seq.Seq + use prelude.prelude.UInt32 - use seq.Seq + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate produces'2 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_B'0) (visited : Seq.seq t_Item'1) (o : t_B'0) - + use prelude.prelude.Int - function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_B'0) (ab : Seq.seq t_Item'1) (b : t_B'0) (bc : Seq.seq t_Item'1) (c : t_B'0) : () + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint32) (o : uint32) : t_Ordering'0 + = + [%#sord3] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - axiom produces_trans'1_spec : forall a : t_B'0, ab : Seq.seq t_Item'1, b : t_B'0, bc : Seq.seq t_Item'1, c : t_B'0 . ([%#siter8] inv'4 a) - -> ([%#siter9] inv'4 b) - -> ([%#siter10] inv'4 c) - -> ([%#siter11] produces'2 a ab b) - -> ([%#siter12] produces'2 b bc c) -> ([%#siter13] produces'2 a (Seq.(++) ab bc) c) + constant x : uint32 - function produces_refl'2 [#"../../../creusot-contracts/src/std/iter.rs" 40 4 40 27] (self : t_B'0) : () + constant y : uint32 - axiom produces_refl'2_spec : forall self : t_B'0 . ([%#siter6] inv'4 self) - -> ([%#siter7] produces'2 self (Seq.empty : Seq.seq t_Item'1) self) + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37] (x : uint32) (y : uint32) : () - predicate produces'0 [#"../../../creusot-contracts/src/std/iter/zip.rs" 43 4 43 64] (self : t_Zip'0) (visited : Seq.seq (t_Item'0, t_Item'1)) (o : t_Zip'0) - - = - [%#szip3] exists p1 : Seq.seq t_Item'0, p2 : Seq.seq t_Item'1 . inv'1 p1 - /\ inv'2 p2 - /\ Seq.length p1 = Seq.length p2 - /\ Seq.length p2 = Seq.length visited - /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> Seq.get visited i = (Seq.get p1 i, Seq.get p2 i)) - /\ produces'1 (itera'0 self) p1 (itera'0 o) /\ produces'2 (iterb'0 self) p2 (iterb'0 o) + goal vc_antisym2'0 : ([%#sord0] cmp_log'0 x y = C_Greater'0) -> ([%#sord1] cmp_log'0 y x = C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi4526525114627399862__eq_cmp [#"../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 173 39 173 84 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 171 8 171 35 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - constant self : t_Zip'0 + use prelude.prelude.UInt32 - function produces_refl'0 [#"../../../creusot-contracts/src/std/iter/zip.rs" 57 4 57 26] (self : t_Zip'0) : () + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - goal vc_produces_refl'0 : ([%#szip0] inv'0 self) - -> ([%#szip1] produces'0 self (Seq.empty : Seq.seq (t_Item'0, t_Item'1)) self) -end -module M_creusot_contracts__stdqy35z1__iter__zip__qyi2281060687216883844__produces_trans [#"../../../creusot-contracts/src/std/iter/zip.rs" 67 4 67 90] (* as std::iter::Iterator> *) - let%span szip0 = "../../../creusot-contracts/src/std/iter/zip.rs" 61 15 61 21 - let%span szip1 = "../../../creusot-contracts/src/std/iter/zip.rs" 62 15 62 21 - let%span szip2 = "../../../creusot-contracts/src/std/iter/zip.rs" 63 15 63 21 - let%span szip3 = "../../../creusot-contracts/src/std/iter/zip.rs" 64 15 64 32 - let%span szip4 = "../../../creusot-contracts/src/std/iter/zip.rs" 65 15 65 32 - let%span szip5 = "../../../creusot-contracts/src/std/iter/zip.rs" 66 14 66 42 - let%span szip6 = "../../../creusot-contracts/src/std/iter/zip.rs" 59 4 59 10 - let%span szip7 = "../../../creusot-contracts/src/std/iter/zip.rs" 46 12 49 95 - let%span szip8 = "../../../creusot-contracts/src/std/iter/zip.rs" 14 14 14 39 - let%span szip9 = "../../../creusot-contracts/src/std/iter/zip.rs" 21 14 21 39 - let%span siter10 = "../../../creusot-contracts/src/std/iter.rs" 38 15 38 24 - let%span siter11 = "../../../creusot-contracts/src/std/iter.rs" 39 14 39 45 - let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 21 - let%span siter13 = "../../../creusot-contracts/src/std/iter.rs" 44 15 44 21 - let%span siter14 = "../../../creusot-contracts/src/std/iter.rs" 45 15 45 21 - let%span siter15 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 - let%span siter16 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 - let%span siter17 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 - let%span sseq18 = "../../../creusot-contracts/src/logic/seq.rs" 451 20 451 95 - let%span sboxed19 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 + use prelude.prelude.Int - type t_A'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint32) (o : uint32) : t_Ordering'0 + + = + [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - type t_B'0 + constant x : uint32 - use prelude.prelude.UIntSize + constant y : uint32 - type t_Zip'0 = - { t_Zip__a'0: t_A'0; t_Zip__b'0: t_B'0; t_Zip__index'0: usize; t_Zip__len'0: usize; t_Zip__a_len'0: usize } + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35] (x : uint32) (y : uint32) : () - predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_A'0) + goal vc_eq_cmp'0 : [%#sord0] (x = y) = (cmp_log'0 x y = C_Equal'0) +end +module M_creusot_contracts__logic__ord__qyi11489483489418918928__cmp_le_log [#"../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 129 39 129 89 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 127 8 127 35 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_B'0) + use prelude.prelude.Int - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Zip'0) + use prelude.prelude.UInt64 - axiom inv_axiom'0 [@rewrite] : forall x : t_Zip'0 [inv'0 x] . inv'0 x - = match x with - | {t_Zip__a'0 = a ; t_Zip__b'0 = b ; t_Zip__index'0 = index ; t_Zip__len'0 = len ; t_Zip__a_len'0 = a_len} -> inv'3 a - /\ inv'4 b - end + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - type t_Item'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint64) (o : uint64) : t_Ordering'0 + + = + [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - type t_Item'1 + constant x : uint64 - use seq.Seq + constant y : uint64 - use seq.Seq + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39] (x : uint64) (y : uint64) : () - use seq.Seq + goal vc_cmp_le_log'0 : [%#sord0] (x <= y) = (cmp_log'0 x y <> C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi11489483489418918928__cmp_lt_log [#"../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 134 39 134 86 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 132 8 132 35 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 use prelude.prelude.Int - use seq.Seq - - use seq.Seq + use prelude.prelude.UInt64 - predicate inv'7 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate invariant'2 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : t_Item'0) = - [%#sboxed19] inv'7 self + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint64) (o : uint64) : t_Ordering'0 + + = + [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - predicate inv'5 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) + constant x : uint64 - axiom inv_axiom'3 [@rewrite] : forall x : t_Item'0 [inv'5 x] . inv'5 x = invariant'2 x + constant y : uint64 - predicate invariant'0 [#"../../../creusot-contracts/src/logic/seq.rs" 450 4 450 30] (self : Seq.seq t_Item'0) = - [%#sseq18] forall i : int . 0 <= i /\ i < Seq.length self -> inv'5 (Seq.get self i) + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39] (x : uint64) (y : uint64) : () - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t_Item'0) + goal vc_cmp_lt_log'0 : [%#sord0] (x < y) = (cmp_log'0 x y = C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi11489483489418918928__cmp_ge_log [#"../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 139 39 139 86 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 137 8 137 35 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq t_Item'0 [inv'1 x] . inv'1 x = invariant'0 x + use prelude.prelude.Int - use seq.Seq + use prelude.prelude.UInt64 - use seq.Seq + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate inv'8 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'1) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint64) (o : uint64) : t_Ordering'0 + + = + [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - predicate invariant'3 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : t_Item'1) = - [%#sboxed19] inv'8 self + constant x : uint64 - predicate inv'6 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'1) + constant y : uint64 - axiom inv_axiom'4 [@rewrite] : forall x : t_Item'1 [inv'6 x] . inv'6 x = invariant'3 x + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39] (x : uint64) (y : uint64) : () - predicate invariant'1 [#"../../../creusot-contracts/src/logic/seq.rs" 450 4 450 30] (self : Seq.seq t_Item'1) = - [%#sseq18] forall i : int . 0 <= i /\ i < Seq.length self -> inv'6 (Seq.get self i) + goal vc_cmp_ge_log'0 : [%#sord0] (x >= y) = (cmp_log'0 x y <> C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi11489483489418918928__cmp_gt_log [#"../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 144 39 144 89 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 142 8 142 35 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t_Item'1) + use prelude.prelude.Int - axiom inv_axiom'2 [@rewrite] : forall x : Seq.seq t_Item'1 [inv'2 x] . inv'2 x = invariant'1 x + use prelude.prelude.UInt64 - use seq.Seq + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - use seq.Seq + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint64) (o : uint64) : t_Ordering'0 + + = + [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - use seq.Seq + constant x : uint64 - use seq.Seq + constant y : uint64 - function itera'0 [#"../../../creusot-contracts/src/std/iter/zip.rs" 15 4 15 23] (self : t_Zip'0) : t_A'0 + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39] (x : uint64) (y : uint64) : () - axiom itera'0_spec : forall self : t_Zip'0 . [%#szip8] inv'0 self -> inv'3 (itera'0 self) + goal vc_cmp_gt_log'0 : [%#sord0] (x > y) = (cmp_log'0 x y = C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi11489483489418918928__refl [#"../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 149 39 149 70 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 147 8 147 35 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - use seq.Seq + use prelude.prelude.UInt64 - use seq.Seq + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_A'0) (visited : Seq.seq t_Item'0) (o : t_A'0) - + use prelude.prelude.Int - function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_A'0) (ab : Seq.seq t_Item'0) (b : t_A'0) (bc : Seq.seq t_Item'0) (c : t_A'0) : () + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint64) (o : uint64) : t_Ordering'0 + = + [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - axiom produces_trans'1_spec : forall a : t_A'0, ab : Seq.seq t_Item'0, b : t_A'0, bc : Seq.seq t_Item'0, c : t_A'0 . ([%#siter12] inv'3 a) - -> ([%#siter13] inv'3 b) - -> ([%#siter14] inv'3 c) - -> ([%#siter15] produces'1 a ab b) - -> ([%#siter16] produces'1 b bc c) -> ([%#siter17] produces'1 a (Seq.(++) ab bc) c) - - function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 40 4 40 27] (self : t_A'0) : () + constant x : uint64 - axiom produces_refl'0_spec : forall self : t_A'0 . ([%#siter10] inv'3 self) - -> ([%#siter11] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24] (x : uint64) : () - function iterb'0 [#"../../../creusot-contracts/src/std/iter/zip.rs" 22 4 22 23] (self : t_Zip'0) : t_B'0 + goal vc_refl'0 : [%#sord0] cmp_log'0 x x = C_Equal'0 +end +module M_creusot_contracts__logic__ord__qyi11489483489418918928__trans [#"../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 154 40 154 57 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 155 40 155 57 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 156 39 156 56 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 152 8 152 35 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - axiom iterb'0_spec : forall self : t_Zip'0 . [%#szip9] inv'0 self -> inv'4 (iterb'0 self) + use prelude.prelude.UInt64 - use seq.Seq + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - use seq.Seq + use prelude.prelude.Int - predicate produces'2 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_B'0) (visited : Seq.seq t_Item'1) (o : t_B'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint64) (o : uint64) : t_Ordering'0 + = + [%#sord4] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - function produces_trans'2 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_B'0) (ab : Seq.seq t_Item'1) (b : t_B'0) (bc : Seq.seq t_Item'1) (c : t_B'0) : () - + constant x : uint64 - axiom produces_trans'2_spec : forall a : t_B'0, ab : Seq.seq t_Item'1, b : t_B'0, bc : Seq.seq t_Item'1, c : t_B'0 . ([%#siter12] inv'4 a) - -> ([%#siter13] inv'4 b) - -> ([%#siter14] inv'4 c) - -> ([%#siter15] produces'2 a ab b) - -> ([%#siter16] produces'2 b bc c) -> ([%#siter17] produces'2 a (Seq.(++) ab bc) c) + constant y : uint64 - function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 40 4 40 27] (self : t_B'0) : () + constant z : uint64 - axiom produces_refl'1_spec : forall self : t_B'0 . ([%#siter10] inv'4 self) - -> ([%#siter11] produces'2 self (Seq.empty : Seq.seq t_Item'1) self) + constant o : t_Ordering'0 - predicate produces'0 [#"../../../creusot-contracts/src/std/iter/zip.rs" 43 4 43 64] (self : t_Zip'0) (visited : Seq.seq (t_Item'0, t_Item'1)) (o : t_Zip'0) + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56] (x : uint64) (y : uint64) (z : uint64) (o : t_Ordering'0) : () - = - [%#szip7] exists p1 : Seq.seq t_Item'0, p2 : Seq.seq t_Item'1 . inv'1 p1 - /\ inv'2 p2 - /\ Seq.length p1 = Seq.length p2 - /\ Seq.length p2 = Seq.length visited - /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> Seq.get visited i = (Seq.get p1 i, Seq.get p2 i)) - /\ produces'1 (itera'0 self) p1 (itera'0 o) /\ produces'2 (iterb'0 self) p2 (iterb'0 o) - - use seq.Seq - constant a : t_Zip'0 - - constant ab : Seq.seq (t_Item'0, t_Item'1) + goal vc_trans'0 : ([%#sord1] cmp_log'0 y z = o) -> ([%#sord0] cmp_log'0 x y = o) -> ([%#sord2] cmp_log'0 x z = o) +end +module M_creusot_contracts__logic__ord__qyi11489483489418918928__antisym1 [#"../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 161 40 161 70 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 162 39 162 72 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 159 8 159 35 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - constant b : t_Zip'0 + use prelude.prelude.UInt64 - constant bc : Seq.seq (t_Item'0, t_Item'1) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - constant c : t_Zip'0 + use prelude.prelude.Int - function produces_trans'0 [#"../../../creusot-contracts/src/std/iter/zip.rs" 67 4 67 90] (a : t_Zip'0) (ab : Seq.seq (t_Item'0, t_Item'1)) (b : t_Zip'0) (bc : Seq.seq (t_Item'0, t_Item'1)) (c : t_Zip'0) : () + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint64) (o : uint64) : t_Ordering'0 + = + [%#sord3] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal vc_produces_trans'0 : ([%#szip4] produces'0 b bc c) - -> ([%#szip3] produces'0 a ab b) - -> ([%#szip2] inv'0 c) - -> ([%#szip1] inv'0 b) -> ([%#szip0] inv'0 a) -> ([%#szip5] produces'0 a (Seq.(++) ab bc) c) -end -module M_creusot_contracts__stdqy35z1__option__extern_spec_std_option_T_Option_T_unwrap_or_else_body [#"../../../creusot-contracts/src/std/option.rs" 103 16 105 36] - let%span soption0 = "../../../creusot-contracts/src/std/option.rs" 31 0 423 1 - let%span soption1 = "../../../creusot-contracts/src/std/option.rs" 103 43 103 44 - let%span soption2 = "../../../creusot-contracts/src/std/option.rs" 103 52 103 53 - let%span soption3 = "../../../creusot-contracts/src/std/option.rs" 99 26 102 17 - let%span sops4 = "../../../creusot-contracts/src/std/ops.rs" 148 0 170 1 + constant x : uint64 - type t_T'0 + constant y : uint64 - type t_Option'0 = - | C_None'0 - | C_Some'0 t_T'0 + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37] (x : uint64) (y : uint64) : () - type t_F'0 + goal vc_antisym1'0 : ([%#sord0] cmp_log'0 x y = C_Less'0) -> ([%#sord1] cmp_log'0 y x = C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi11489483489418918928__antisym2 [#"../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 167 40 167 73 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 168 39 168 69 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 165 8 165 35 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_F'0) + use prelude.prelude.UInt64 - use prelude.prelude.Borrow + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_F'0) + use prelude.prelude.Int - let rec v_Some'0 (input:t_Option'0) (ret (field_0:t_T'0))= any - [ good (field_0:t_T'0)-> {C_Some'0 field_0 = input} (! ret {field_0}) - | bad -> {forall field_0 : t_T'0 [C_Some'0 field_0 : t_Option'0] . C_Some'0 field_0 <> input} (! {false} any) ] + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint64) (o : uint64) : t_Ordering'0 + = + [%#sord3] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : ()) + constant x : uint64 - axiom inv_axiom'1 [@rewrite] : forall x : () [inv'3 x] . inv'3 x = true + constant y : uint64 - predicate precondition'0 [#"../../../creusot-contracts/src/std/ops.rs" 73 4 73 45] (self : t_F'0) (args : ()) + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37] (x : uint64) (y : uint64) : () - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) + goal vc_antisym2'0 : ([%#sord0] cmp_log'0 x y = C_Greater'0) -> ([%#sord1] cmp_log'0 y x = C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi11489483489418918928__eq_cmp [#"../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 173 39 173 84 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 171 8 171 35 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - predicate postcondition_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 81 4 81 73] (self : t_F'0) (args : ()) (result : t_T'0) - + use prelude.prelude.UInt64 - let rec call_once'0 (self:t_F'0) (args:()) (return' (ret:t_T'0))= {[@expl:call_once 'self' type invariant] inv'0 self} - {[@expl:call_once 'args' type invariant] inv'3 args} - {[@expl:call_once requires] [%#sops4] precondition'0 self args} - any - [ return' (result:t_T'0)-> {inv'2 result} {[%#sops4] postcondition_once'0 self args result} (! return' {result}) ] - + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - use prelude.prelude.Intrinsic + use prelude.prelude.Int - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Option'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint64) (o : uint64) : t_Ordering'0 + + = + [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - axiom inv_axiom'0 [@rewrite] : forall x : t_Option'0 [inv'1 x] . inv'1 x - = match x with - | C_None'0 -> true - | C_Some'0 a_0 -> inv'2 a_0 - end + constant x : uint64 - meta "compute_max_steps" 1000000 + constant y : uint64 - let rec extern_spec_std_option_T_Option_T_unwrap_or_else_body'0 (self_:t_Option'0) (f:t_F'0) (return' (ret:t_T'0))= {[@expl:extern_spec_std_option_T_Option_T_unwrap_or_else_body 'self_' type invariant] [%#soption0] inv'1 self_} - {[@expl:extern_spec_std_option_T_Option_T_unwrap_or_else_body 'f' type invariant] [%#soption1] inv'0 f} - {[@expl:extern_spec_std_option_T_Option_T_unwrap_or_else_body requires] [%#soption0] self_ = C_None'0 - -> precondition'0 f ()} - (! bb0 - [ bb0 = bb1 - | bb1 = bb2 - | bb2 = any [ br0 -> {self_ = C_None'0 } (! bb4) | br1 (x0:t_T'0)-> {self_ = C_Some'0 x0} (! bb5) ] - | bb5 = s0 - [ s0 = {[@expl:type invariant] inv'0 f} s1 - | s1 = -{resolve'0 f}- s2 - | s2 = v_Some'0 {self_} (fun (r0'0:t_T'0) -> [ &t <- r0'0 ] s3) - | s3 = [ &_0 <- t ] s4 - | s4 = bb8 ] - - | bb8 = bb9 - | bb4 = bb6 - | bb6 = s0 [ s0 = call_once'0 {f} {_7} (fun (_ret':t_T'0) -> [ &_0 <- _ret' ] s1) | s1 = bb7 ] - | bb7 = bb9 - | bb9 = bb10 - | bb10 = bb11 - | bb11 = return' {_0} ] - ) - [ & _0 : t_T'0 = any_l () - | & self_ : t_Option'0 = self_ - | & f : t_F'0 = f - | & _7 : () = any_l () - | & t : t_T'0 = any_l () ] - - [ return' (result:t_T'0)-> {[@expl:extern_spec_std_option_T_Option_T_unwrap_or_else_body result type invariant] [%#soption2] inv'2 result} - {[@expl:extern_spec_std_option_T_Option_T_unwrap_or_else_body ensures] [%#soption3] match self_ with - | C_None'0 -> postcondition_once'0 f () result - | C_Some'0 t -> result = t - end} - (! return' {result}) ] - + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35] (x : uint64) (y : uint64) : () + + goal vc_eq_cmp'0 : [%#sord0] (x = y) = (cmp_log'0 x y = C_Equal'0) end -module M_creusot_contracts__stdqy35z1__option__extern_spec_std_option_T_Option_T_map_body [#"../../../creusot-contracts/src/std/option.rs" 131 16 133 37] - let%span soption0 = "../../../creusot-contracts/src/std/option.rs" 31 0 423 1 - let%span soption1 = "../../../creusot-contracts/src/std/option.rs" 131 35 131 36 - let%span soption2 = "../../../creusot-contracts/src/std/option.rs" 123 27 126 17 - let%span soption3 = "../../../creusot-contracts/src/std/option.rs" 131 44 131 53 - let%span soption4 = "../../../creusot-contracts/src/std/option.rs" 127 26 130 17 - let%span sops5 = "../../../creusot-contracts/src/std/ops.rs" 148 0 170 1 +module M_creusot_contracts__logic__ord__qyi13757098721041279861__cmp_le_log [#"../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 129 39 129 89 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 127 8 127 35 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - type t_T'0 + use prelude.prelude.Int - type t_Option'1 = - | C_None'0 - | C_Some'0 t_T'0 + use prelude.prelude.UInt128 - let rec v_Some'0 (input:t_Option'1) (ret (field_0:t_T'0))= any - [ good (field_0:t_T'0)-> {C_Some'0 field_0 = input} (! ret {field_0}) - | bad -> {forall field_0 : t_T'0 [C_Some'0 field_0 : t_Option'1] . C_Some'0 field_0 <> input} (! {false} any) ] - + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - type t_F'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint128) (o : uint128) : t_Ordering'0 + + = + [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_F'0) + constant x : uint128 - predicate inv'5 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) + constant y : uint128 - predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39] (x : uint128) (y : uint128) : () - axiom inv_axiom'2 [@rewrite] : forall x : t_T'0 [inv'3 x] . inv'3 x = (let (x0) = x in inv'5 x0) + goal vc_cmp_le_log'0 : [%#sord0] (x <= y) = (cmp_log'0 x y <> C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi13757098721041279861__cmp_lt_log [#"../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 134 39 134 86 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 132 8 132 35 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - predicate precondition'0 [#"../../../creusot-contracts/src/std/ops.rs" 73 4 73 45] (self : t_F'0) (args : t_T'0) + use prelude.prelude.Int - type t_U'0 + use prelude.prelude.UInt128 - predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_U'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate postcondition_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 81 4 81 73] (self : t_F'0) (args : t_T'0) (result : t_U'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint128) (o : uint128) : t_Ordering'0 + = + [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - let rec call_once'0 (self:t_F'0) (args:t_T'0) (return' (ret:t_U'0))= {[@expl:call_once 'self' type invariant] inv'0 self} - {[@expl:call_once 'args' type invariant] inv'3 args} - {[@expl:call_once requires] [%#sops5] precondition'0 self args} - any - [ return' (result:t_U'0)-> {inv'4 result} {[%#sops5] postcondition_once'0 self args result} (! return' {result}) ] - + constant x : uint128 - type t_Option'0 = - | C_None'1 - | C_Some'1 t_U'0 + constant y : uint128 - use prelude.prelude.Borrow + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39] (x : uint128) (y : uint128) : () - predicate resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_F'0) + goal vc_cmp_lt_log'0 : [%#sord0] (x < y) = (cmp_log'0 x y = C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi13757098721041279861__cmp_ge_log [#"../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 139 39 139 86 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 137 8 137 35 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - use prelude.prelude.Intrinsic + use prelude.prelude.Int - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Option'1) + use prelude.prelude.UInt128 - axiom inv_axiom'0 [@rewrite] : forall x : t_Option'1 [inv'1 x] . inv'1 x - = match x with - | C_None'0 -> true - | C_Some'0 a_0 -> inv'5 a_0 - end + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Option'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint128) (o : uint128) : t_Ordering'0 + + = + [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - axiom inv_axiom'1 [@rewrite] : forall x : t_Option'0 [inv'2 x] . inv'2 x - = match x with - | C_None'1 -> true - | C_Some'1 a_0 -> inv'4 a_0 - end + constant x : uint128 - meta "compute_max_steps" 1000000 + constant y : uint128 - let rec extern_spec_std_option_T_Option_T_map_body'0 (self_:t_Option'1) (f:t_F'0) (return' (ret:t_Option'0))= {[@expl:extern_spec_std_option_T_Option_T_map_body 'self_' type invariant] [%#soption0] inv'1 self_} - {[@expl:extern_spec_std_option_T_Option_T_map_body 'f' type invariant] [%#soption1] inv'0 f} - {[@expl:extern_spec_std_option_T_Option_T_map_body requires] [%#soption2] match self_ with - | C_None'0 -> true - | C_Some'0 t -> precondition'0 f (t) - end} - (! bb0 - [ bb0 = bb1 - | bb1 = bb2 - | bb2 = any [ br0 -> {self_ = C_None'0 } (! bb4) | br1 (x0:t_T'0)-> {self_ = C_Some'0 x0} (! bb5) ] - | bb5 = s0 - [ s0 = v_Some'0 {self_} (fun (r0'0:t_T'0) -> [ &t <- r0'0 ] s1) - | s1 = [ &_9 <- (t) ] s2 - | s2 = call_once'0 {f} {_9} (fun (_ret':t_U'0) -> [ &_7 <- _ret' ] s3) - | s3 = bb7 ] - - | bb7 = bb8 - | bb8 = s0 [ s0 = [ &_0 <- C_Some'1 _7 ] s1 | s1 = bb9 ] - | bb9 = bb10 - | bb10 = bb11 - | bb4 = s0 [ s0 = {[@expl:type invariant] inv'0 f} s1 | s1 = -{resolve'0 f}- s2 | s2 = bb6 ] - | bb6 = s0 [ s0 = [ &_0 <- C_None'1 ] s1 | s1 = bb11 ] - | bb11 = bb12 - | bb12 = bb13 - | bb13 = return' {_0} ] - ) - [ & _0 : t_Option'0 = any_l () - | & self_ : t_Option'1 = self_ - | & f : t_F'0 = f - | & t : t_T'0 = any_l () - | & _7 : t_U'0 = any_l () - | & _9 : t_T'0 = any_l () ] - - [ return' (result:t_Option'0)-> {[@expl:extern_spec_std_option_T_Option_T_map_body result type invariant] [%#soption3] inv'2 result} - {[@expl:extern_spec_std_option_T_Option_T_map_body ensures] [%#soption4] match self_ with - | C_None'0 -> result = C_None'1 - | C_Some'0 t -> exists r : t_U'0 . result = C_Some'1 r /\ postcondition_once'0 f (t) r - end} - (! return' {result}) ] - + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39] (x : uint128) (y : uint128) : () + + goal vc_cmp_ge_log'0 : [%#sord0] (x >= y) = (cmp_log'0 x y <> C_Less'0) end -module M_creusot_contracts__stdqy35z1__option__extern_spec_std_option_T_Option_T_inspect_body [#"../../../creusot-contracts/src/std/option.rs" 149 16 151 33] - let%span soption0 = "../../../creusot-contracts/src/std/option.rs" 31 0 423 1 - let%span soption1 = "../../../creusot-contracts/src/std/option.rs" 149 36 149 37 - let%span soption2 = "../../../creusot-contracts/src/std/option.rs" 140 27 143 17 - let%span soption3 = "../../../creusot-contracts/src/std/option.rs" 149 45 149 54 - let%span soption4 = "../../../creusot-contracts/src/std/option.rs" 145 26 148 17 - let%span sops5 = "../../../creusot-contracts/src/std/ops.rs" 148 0 170 1 - let%span sinvariant6 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 +module M_creusot_contracts__logic__ord__qyi13757098721041279861__cmp_gt_log [#"../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 144 39 144 89 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 142 8 142 35 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - type t_T'0 + use prelude.prelude.Int - type t_Option'0 = - | C_None'0 - | C_Some'0 t_T'0 + use prelude.prelude.UInt128 - let rec v_Some'0 (input:t_Option'0) (ret (field_0:t_T'0))= any - [ good (field_0:t_T'0)-> {C_Some'0 field_0 = input} (! ret {field_0}) - | bad -> {forall field_0 : t_T'0 [C_Some'0 field_0 : t_Option'0] . C_Some'0 field_0 <> input} (! {false} any) ] + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 + + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint128) (o : uint128) : t_Ordering'0 + = + [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - type t_F'0 + constant x : uint128 - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_F'0) + constant y : uint128 - use prelude.prelude.Borrow + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39] (x : uint128) (y : uint128) : () - predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) + goal vc_cmp_gt_log'0 : [%#sord0] (x > y) = (cmp_log'0 x y = C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi13757098721041279861__refl [#"../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 149 39 149 70 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 147 8 147 35 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - predicate invariant'0 [#"../../../creusot-contracts/src/invariant.rs" 23 4 23 30] (self : t_T'0) = - [%#sinvariant6] inv'4 self + use prelude.prelude.UInt128 - predicate inv'5 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - axiom inv_axiom'3 [@rewrite] : forall x : t_T'0 [inv'5 x] . inv'5 x = invariant'0 x + use prelude.prelude.Int - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint128) (o : uint128) : t_Ordering'0 + + = + [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - axiom inv_axiom'1 [@rewrite] : forall x : t_T'0 [inv'2 x] . inv'2 x = (let (x0) = x in inv'5 x0) + constant x : uint128 - predicate precondition'0 [#"../../../creusot-contracts/src/std/ops.rs" 73 4 73 45] (self : t_F'0) (args : t_T'0) + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24] (x : uint128) : () - predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : ()) + goal vc_refl'0 : [%#sord0] cmp_log'0 x x = C_Equal'0 +end +module M_creusot_contracts__logic__ord__qyi13757098721041279861__trans [#"../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 154 40 154 57 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 155 40 155 57 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 156 39 156 56 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 152 8 152 35 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - axiom inv_axiom'2 [@rewrite] : forall x : () [inv'3 x] . inv'3 x = true + use prelude.prelude.UInt128 - predicate postcondition_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 81 4 81 73] (self : t_F'0) (args : t_T'0) (result : ()) - + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - let rec call_once'0 (self:t_F'0) (args:t_T'0) (return' (ret:()))= {[@expl:call_once 'self' type invariant] inv'0 self} - {[@expl:call_once 'args' type invariant] inv'2 args} - {[@expl:call_once requires] [%#sops5] precondition'0 self args} - any [ return' (result:())-> {inv'3 result} {[%#sops5] postcondition_once'0 self args result} (! return' {result}) ] + use prelude.prelude.Int - predicate resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_F'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint128) (o : uint128) : t_Ordering'0 + + = + [%#sord4] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - use prelude.prelude.Intrinsic + constant x : uint128 - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Option'0) + constant y : uint128 - axiom inv_axiom'0 [@rewrite] : forall x : t_Option'0 [inv'1 x] . inv'1 x - = match x with - | C_None'0 -> true - | C_Some'0 a_0 -> inv'4 a_0 - end + constant z : uint128 - meta "compute_max_steps" 1000000 + constant o : t_Ordering'0 - let rec extern_spec_std_option_T_Option_T_inspect_body'0 (self_:t_Option'0) (f:t_F'0) (return' (ret:t_Option'0))= {[@expl:extern_spec_std_option_T_Option_T_inspect_body 'self_' type invariant] [%#soption0] inv'1 self_} - {[@expl:extern_spec_std_option_T_Option_T_inspect_body 'f' type invariant] [%#soption1] inv'0 f} - {[@expl:extern_spec_std_option_T_Option_T_inspect_body requires] [%#soption2] match self_ with - | C_None'0 -> true - | C_Some'0 t -> precondition'0 f (t) - end} - (! bb0 - [ bb0 = bb1 - | bb1 = bb2 - | bb2 = bb3 - | bb3 = any [ br0 -> {self_ = C_None'0 } (! bb5) | br1 (x0:t_T'0)-> {self_ = C_Some'0 x0} (! bb6) ] - | bb6 = s0 - [ s0 = v_Some'0 {self_} (fun (r0'0:t_T'0) -> [ &t <- r0'0 ] s1) - | s1 = [ &_12 <- t ] s2 - | s2 = [ &_10 <- (_12) ] s3 - | s3 = call_once'0 {f} {_10} (fun (_ret':()) -> [ &_8 <- _ret' ] s4) - | s4 = bb8 ] - - | bb8 = s0 [ s0 = [ &_0 <- C_Some'0 t ] s1 | s1 = bb9 ] - | bb9 = bb10 - | bb10 = bb11 - | bb5 = s0 [ s0 = {[@expl:type invariant] inv'0 f} s1 | s1 = -{resolve'0 f}- s2 | s2 = bb7 ] - | bb7 = s0 [ s0 = [ &_0 <- C_None'0 ] s1 | s1 = bb11 ] - | bb11 = bb12 - | bb12 = bb13 - | bb13 = return' {_0} ] - ) - [ & _0 : t_Option'0 = any_l () - | & self_ : t_Option'0 = self_ - | & f : t_F'0 = f - | & t : t_T'0 = any_l () - | & _8 : () = any_l () - | & _10 : t_T'0 = any_l () - | & _12 : t_T'0 = any_l () ] - - [ return' (result:t_Option'0)-> {[@expl:extern_spec_std_option_T_Option_T_inspect_body result type invariant] [%#soption3] inv'1 result} - {[@expl:extern_spec_std_option_T_Option_T_inspect_body ensures #0] [%#soption0] result = self_} - {[@expl:extern_spec_std_option_T_Option_T_inspect_body ensures #1] [%#soption4] match self_ with - | C_None'0 -> true - | C_Some'0 t -> postcondition_once'0 f (t) () - end} - (! return' {result}) ] + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56] (x : uint128) (y : uint128) (z : uint128) (o : t_Ordering'0) : () -end -module M_creusot_contracts__stdqy35z1__option__extern_spec_std_option_T_Option_T_map_or_body [#"../../../creusot-contracts/src/std/option.rs" 166 16 168 37] - let%span soption0 = "../../../creusot-contracts/src/std/option.rs" 31 0 423 1 - let%span soption1 = "../../../creusot-contracts/src/std/option.rs" 166 38 166 45 - let%span soption2 = "../../../creusot-contracts/src/std/option.rs" 166 50 166 51 - let%span soption3 = "../../../creusot-contracts/src/std/option.rs" 158 27 161 17 - let%span soption4 = "../../../creusot-contracts/src/std/option.rs" 166 59 166 60 - let%span soption5 = "../../../creusot-contracts/src/std/option.rs" 162 26 165 17 - let%span sops6 = "../../../creusot-contracts/src/std/ops.rs" 148 0 170 1 - - type t_T'0 - - type t_Option'0 = - | C_None'0 - | C_Some'0 t_T'0 - type t_U'0 + goal vc_trans'0 : ([%#sord1] cmp_log'0 y z = o) -> ([%#sord0] cmp_log'0 x y = o) -> ([%#sord2] cmp_log'0 x z = o) +end +module M_creusot_contracts__logic__ord__qyi13757098721041279861__antisym1 [#"../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 161 40 161 70 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 162 39 162 72 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 159 8 159 35 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_U'0) + use prelude.prelude.UInt128 - use prelude.prelude.Borrow + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_U'0) + use prelude.prelude.Int - let rec v_Some'0 (input:t_Option'0) (ret (field_0:t_T'0))= any - [ good (field_0:t_T'0)-> {C_Some'0 field_0 = input} (! ret {field_0}) - | bad -> {forall field_0 : t_T'0 [C_Some'0 field_0 : t_Option'0] . C_Some'0 field_0 <> input} (! {false} any) ] + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint128) (o : uint128) : t_Ordering'0 + = + [%#sord3] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - type t_F'0 + constant x : uint128 - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_F'0) + constant y : uint128 - predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37] (x : uint128) (y : uint128) : () - predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) + goal vc_antisym1'0 : ([%#sord0] cmp_log'0 x y = C_Less'0) -> ([%#sord1] cmp_log'0 y x = C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi13757098721041279861__antisym2 [#"../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 167 40 167 73 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 168 39 168 69 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 165 8 165 35 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - axiom inv_axiom'1 [@rewrite] : forall x : t_T'0 [inv'3 x] . inv'3 x = (let (x0) = x in inv'4 x0) + use prelude.prelude.UInt128 - predicate precondition'0 [#"../../../creusot-contracts/src/std/ops.rs" 73 4 73 45] (self : t_F'0) (args : t_T'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate postcondition_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 81 4 81 73] (self : t_F'0) (args : t_T'0) (result : t_U'0) - + use prelude.prelude.Int - let rec call_once'0 (self:t_F'0) (args:t_T'0) (return' (ret:t_U'0))= {[@expl:call_once 'self' type invariant] inv'1 self} - {[@expl:call_once 'args' type invariant] inv'3 args} - {[@expl:call_once requires] [%#sops6] precondition'0 self args} - any - [ return' (result:t_U'0)-> {inv'0 result} {[%#sops6] postcondition_once'0 self args result} (! return' {result}) ] + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint128) (o : uint128) : t_Ordering'0 + = + [%#sord3] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - predicate resolve'1 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_F'0) + constant x : uint128 - use prelude.prelude.Intrinsic + constant y : uint128 - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Option'0) + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37] (x : uint128) (y : uint128) : () - axiom inv_axiom'0 [@rewrite] : forall x : t_Option'0 [inv'2 x] . inv'2 x - = match x with - | C_None'0 -> true - | C_Some'0 a_0 -> inv'4 a_0 - end + goal vc_antisym2'0 : ([%#sord0] cmp_log'0 x y = C_Greater'0) -> ([%#sord1] cmp_log'0 y x = C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi13757098721041279861__eq_cmp [#"../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 173 39 173 84 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 171 8 171 35 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - meta "compute_max_steps" 1000000 + use prelude.prelude.UInt128 - let rec extern_spec_std_option_T_Option_T_map_or_body'0 (self_:t_Option'0) (default:t_U'0) (f:t_F'0) (return' (ret:t_U'0))= {[@expl:extern_spec_std_option_T_Option_T_map_or_body 'self_' type invariant] [%#soption0] inv'2 self_} - {[@expl:extern_spec_std_option_T_Option_T_map_or_body 'default' type invariant] [%#soption1] inv'0 default} - {[@expl:extern_spec_std_option_T_Option_T_map_or_body 'f' type invariant] [%#soption2] inv'1 f} - {[@expl:extern_spec_std_option_T_Option_T_map_or_body requires] [%#soption3] match self_ with - | C_None'0 -> true - | C_Some'0 t -> precondition'0 f (t) - end} - (! bb0 - [ bb0 = bb1 - | bb1 = bb2 - | bb2 = any [ br0 -> {self_ = C_None'0 } (! bb4) | br1 (x0:t_T'0)-> {self_ = C_Some'0 x0} (! bb5) ] - | bb5 = s0 - [ s0 = {[@expl:type invariant] inv'0 default} s1 - | s1 = -{resolve'0 default}- s2 - | s2 = v_Some'0 {self_} (fun (r0'0:t_T'0) -> [ &t <- r0'0 ] s3) - | s3 = [ &_9 <- (t) ] s4 - | s4 = call_once'0 {f} {_9} (fun (_ret':t_U'0) -> [ &_0 <- _ret' ] s5) - | s5 = bb7 ] - - | bb7 = bb8 - | bb8 = bb9 - | bb9 = bb10 - | bb4 = s0 [ s0 = {[@expl:type invariant] inv'1 f} s1 | s1 = -{resolve'1 f}- s2 | s2 = bb6 ] - | bb6 = s0 [ s0 = [ &_0 <- default ] s1 | s1 = bb10 ] - | bb10 = bb11 - | bb11 = bb12 - | bb12 = bb13 - | bb13 = return' {_0} ] - ) - [ & _0 : t_U'0 = any_l () - | & self_ : t_Option'0 = self_ - | & default : t_U'0 = default - | & f : t_F'0 = f - | & t : t_T'0 = any_l () - | & _9 : t_T'0 = any_l () ] - - [ return' (result:t_U'0)-> {[@expl:extern_spec_std_option_T_Option_T_map_or_body result type invariant] [%#soption4] inv'0 result} - {[@expl:extern_spec_std_option_T_Option_T_map_or_body ensures] [%#soption5] match self_ with - | C_None'0 -> result = default - | C_Some'0 t -> postcondition_once'0 f (t) result - end} - (! return' {result}) ] + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 + + use prelude.prelude.Int + + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint128) (o : uint128) : t_Ordering'0 -end -module M_creusot_contracts__stdqy35z1__option__extern_spec_std_option_T_Option_T_map_or_else_body [#"../../../creusot-contracts/src/std/option.rs" 183 16 186 37] - let%span soption0 = "../../../creusot-contracts/src/std/option.rs" 31 0 423 1 - let%span soption1 = "../../../creusot-contracts/src/std/option.rs" 183 46 183 53 - let%span soption2 = "../../../creusot-contracts/src/std/option.rs" 183 58 183 59 - let%span soption3 = "../../../creusot-contracts/src/std/option.rs" 175 27 178 17 - let%span soption4 = "../../../creusot-contracts/src/std/option.rs" 183 67 183 68 - let%span soption5 = "../../../creusot-contracts/src/std/option.rs" 179 26 182 17 - let%span sops6 = "../../../creusot-contracts/src/std/ops.rs" 148 0 170 1 + = + [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - type t_T'0 + constant x : uint128 - type t_Option'0 = - | C_None'0 - | C_Some'0 t_T'0 + constant y : uint128 - type t_D'0 + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35] (x : uint128) (y : uint128) : () - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_D'0) + goal vc_eq_cmp'0 : [%#sord0] (x = y) = (cmp_log'0 x y = C_Equal'0) +end +module M_creusot_contracts__logic__ord__qyi8186105652185060096__cmp_le_log [#"../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 129 39 129 89 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 127 8 127 35 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - use prelude.prelude.Borrow + use prelude.prelude.Int - predicate resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_D'0) + use prelude.prelude.UIntSize - let rec v_Some'0 (input:t_Option'0) (ret (field_0:t_T'0))= any - [ good (field_0:t_T'0)-> {C_Some'0 field_0 = input} (! ret {field_0}) - | bad -> {forall field_0 : t_T'0 [C_Some'0 field_0 : t_Option'0] . C_Some'0 field_0 <> input} (! {false} any) ] - + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - type t_F'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : usize) (o : usize) : t_Ordering'0 + + = + [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_F'0) + constant x : usize - predicate inv'6 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) + constant y : usize - predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39] (x : usize) (y : usize) : () - axiom inv_axiom'1 [@rewrite] : forall x : t_T'0 [inv'4 x] . inv'4 x = (let (x0) = x in inv'6 x0) + goal vc_cmp_le_log'0 : [%#sord0] (x <= y) = (cmp_log'0 x y <> C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi8186105652185060096__cmp_lt_log [#"../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 134 39 134 86 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 132 8 132 35 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - predicate precondition'1 [#"../../../creusot-contracts/src/std/ops.rs" 73 4 73 45] (self : t_F'0) (args : t_T'0) + use prelude.prelude.Int - type t_U'0 + use prelude.prelude.UIntSize - predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_U'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate postcondition_once'1 [#"../../../creusot-contracts/src/std/ops.rs" 81 4 81 73] (self : t_F'0) (args : t_T'0) (result : t_U'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : usize) (o : usize) : t_Ordering'0 + = + [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - let rec call_once'0 (self:t_F'0) (args:t_T'0) (return' (ret:t_U'0))= {[@expl:call_once 'self' type invariant] inv'1 self} - {[@expl:call_once 'args' type invariant] inv'4 args} - {[@expl:call_once requires] [%#sops6] precondition'1 self args} - any - [ return' (result:t_U'0)-> {inv'3 result} {[%#sops6] postcondition_once'1 self args result} (! return' {result}) ] - + constant x : usize - predicate resolve'1 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_F'0) + constant y : usize - predicate inv'5 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : ()) + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39] (x : usize) (y : usize) : () - axiom inv_axiom'2 [@rewrite] : forall x : () [inv'5 x] . inv'5 x = true + goal vc_cmp_lt_log'0 : [%#sord0] (x < y) = (cmp_log'0 x y = C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi8186105652185060096__cmp_ge_log [#"../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 139 39 139 86 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 137 8 137 35 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - predicate precondition'0 [#"../../../creusot-contracts/src/std/ops.rs" 73 4 73 45] (self : t_D'0) (args : ()) + use prelude.prelude.Int - predicate postcondition_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 81 4 81 73] (self : t_D'0) (args : ()) (result : t_U'0) - + use prelude.prelude.UIntSize - let rec call_once'1 (self:t_D'0) (args:()) (return' (ret:t_U'0))= {[@expl:call_once 'self' type invariant] inv'0 self} - {[@expl:call_once 'args' type invariant] inv'5 args} - {[@expl:call_once requires] [%#sops6] precondition'0 self args} - any - [ return' (result:t_U'0)-> {inv'3 result} {[%#sops6] postcondition_once'0 self args result} (! return' {result}) ] + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 + + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : usize) (o : usize) : t_Ordering'0 + = + [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - use prelude.prelude.Intrinsic + constant x : usize - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Option'0) + constant y : usize - axiom inv_axiom'0 [@rewrite] : forall x : t_Option'0 [inv'2 x] . inv'2 x - = match x with - | C_None'0 -> true - | C_Some'0 a_0 -> inv'6 a_0 - end + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39] (x : usize) (y : usize) : () - meta "compute_max_steps" 1000000 + goal vc_cmp_ge_log'0 : [%#sord0] (x >= y) = (cmp_log'0 x y <> C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi8186105652185060096__cmp_gt_log [#"../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 144 39 144 89 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 142 8 142 35 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - let rec extern_spec_std_option_T_Option_T_map_or_else_body'0 (self_:t_Option'0) (default:t_D'0) (f:t_F'0) (return' (ret:t_U'0))= {[@expl:extern_spec_std_option_T_Option_T_map_or_else_body 'self_' type invariant] [%#soption0] inv'2 self_} - {[@expl:extern_spec_std_option_T_Option_T_map_or_else_body 'default' type invariant] [%#soption1] inv'0 default} - {[@expl:extern_spec_std_option_T_Option_T_map_or_else_body 'f' type invariant] [%#soption2] inv'1 f} - {[@expl:extern_spec_std_option_T_Option_T_map_or_else_body requires] [%#soption3] match self_ with - | C_None'0 -> precondition'0 default () - | C_Some'0 t -> precondition'1 f (t) - end} - (! bb0 - [ bb0 = bb1 - | bb1 = bb2 - | bb2 = any [ br0 -> {self_ = C_None'0 } (! bb4) | br1 (x0:t_T'0)-> {self_ = C_Some'0 x0} (! bb5) ] - | bb5 = s0 - [ s0 = {[@expl:type invariant] inv'0 default} s1 - | s1 = -{resolve'0 default}- s2 - | s2 = v_Some'0 {self_} (fun (r0'0:t_T'0) -> [ &t <- r0'0 ] s3) - | s3 = [ &_11 <- (t) ] s4 - | s4 = call_once'0 {f} {_11} (fun (_ret':t_U'0) -> [ &_0 <- _ret' ] s5) - | s5 = bb8 ] - - | bb8 = bb9 - | bb9 = bb10 - | bb10 = bb11 - | bb4 = s0 [ s0 = {[@expl:type invariant] inv'1 f} s1 | s1 = -{resolve'1 f}- s2 | s2 = bb6 ] - | bb6 = s0 [ s0 = call_once'1 {default} {_8} (fun (_ret':t_U'0) -> [ &_0 <- _ret' ] s1) | s1 = bb7 ] - | bb7 = bb11 - | bb11 = bb12 - | bb12 = bb13 - | bb13 = bb14 - | bb14 = return' {_0} ] - ) - [ & _0 : t_U'0 = any_l () - | & self_ : t_Option'0 = self_ - | & default : t_D'0 = default - | & f : t_F'0 = f - | & _8 : () = any_l () - | & t : t_T'0 = any_l () - | & _11 : t_T'0 = any_l () ] - - [ return' (result:t_U'0)-> {[@expl:extern_spec_std_option_T_Option_T_map_or_else_body result type invariant] [%#soption4] inv'3 result} - {[@expl:extern_spec_std_option_T_Option_T_map_or_else_body ensures] [%#soption5] match self_ with - | C_None'0 -> postcondition_once'0 default () result - | C_Some'0 t -> postcondition_once'1 f (t) result - end} - (! return' {result}) ] + use prelude.prelude.Int + + use prelude.prelude.UIntSize + + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 + + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : usize) (o : usize) : t_Ordering'0 -end -module M_creusot_contracts__stdqy35z1__option__extern_spec_std_option_T_Option_T_ok_or_else_body [#"../../../creusot-contracts/src/std/option.rs" 204 16 206 36] - let%span soption0 = "../../../creusot-contracts/src/std/option.rs" 31 0 423 1 - let%span soption1 = "../../../creusot-contracts/src/std/option.rs" 204 42 204 45 - let%span soption2 = "../../../creusot-contracts/src/std/option.rs" 204 53 204 65 - let%span soption3 = "../../../creusot-contracts/src/std/option.rs" 200 26 203 17 - let%span sops4 = "../../../creusot-contracts/src/std/ops.rs" 148 0 170 1 + = + [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - type t_T'0 + constant x : usize - type t_Option'0 = - | C_None'0 - | C_Some'0 t_T'0 + constant y : usize - type t_F'0 + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39] (x : usize) (y : usize) : () - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_F'0) + goal vc_cmp_gt_log'0 : [%#sord0] (x > y) = (cmp_log'0 x y = C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi8186105652185060096__refl [#"../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 149 39 149 70 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 147 8 147 35 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - use prelude.prelude.Borrow + use prelude.prelude.UIntSize - predicate resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_F'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - let rec v_Some'0 (input:t_Option'0) (ret (field_0:t_T'0))= any - [ good (field_0:t_T'0)-> {C_Some'0 field_0 = input} (! ret {field_0}) - | bad -> {forall field_0 : t_T'0 [C_Some'0 field_0 : t_Option'0] . C_Some'0 field_0 <> input} (! {false} any) ] + use prelude.prelude.Int + + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : usize) (o : usize) : t_Ordering'0 + = + [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - type t_E'0 + constant x : usize - type t_Result'0 = - | C_Ok'0 t_T'0 - | C_Err'0 t_E'0 + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24] (x : usize) : () - predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : ()) + goal vc_refl'0 : [%#sord0] cmp_log'0 x x = C_Equal'0 +end +module M_creusot_contracts__logic__ord__qyi8186105652185060096__trans [#"../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 154 40 154 57 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 155 40 155 57 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 156 39 156 56 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 152 8 152 35 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - axiom inv_axiom'2 [@rewrite] : forall x : () [inv'3 x] . inv'3 x = true + use prelude.prelude.UIntSize - predicate precondition'0 [#"../../../creusot-contracts/src/std/ops.rs" 73 4 73 45] (self : t_F'0) (args : ()) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_E'0) + use prelude.prelude.Int - predicate postcondition_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 81 4 81 73] (self : t_F'0) (args : ()) (result : t_E'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : usize) (o : usize) : t_Ordering'0 + = + [%#sord4] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - let rec call_once'0 (self:t_F'0) (args:()) (return' (ret:t_E'0))= {[@expl:call_once 'self' type invariant] inv'0 self} - {[@expl:call_once 'args' type invariant] inv'3 args} - {[@expl:call_once requires] [%#sops4] precondition'0 self args} - any - [ return' (result:t_E'0)-> {inv'4 result} {[%#sops4] postcondition_once'0 self args result} (! return' {result}) ] - + constant x : usize - use prelude.prelude.Intrinsic + constant y : usize - predicate inv'5 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) + constant z : usize - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Option'0) + constant o : t_Ordering'0 - axiom inv_axiom'0 [@rewrite] : forall x : t_Option'0 [inv'1 x] . inv'1 x - = match x with - | C_None'0 -> true - | C_Some'0 a_0 -> inv'5 a_0 - end + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56] (x : usize) (y : usize) (z : usize) (o : t_Ordering'0) : () + - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Result'0) + goal vc_trans'0 : ([%#sord1] cmp_log'0 y z = o) -> ([%#sord0] cmp_log'0 x y = o) -> ([%#sord2] cmp_log'0 x z = o) +end +module M_creusot_contracts__logic__ord__qyi8186105652185060096__antisym1 [#"../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 161 40 161 70 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 162 39 162 72 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 159 8 159 35 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - axiom inv_axiom'1 [@rewrite] : forall x : t_Result'0 [inv'2 x] . inv'2 x - = match x with - | C_Ok'0 a_0 -> inv'5 a_0 - | C_Err'0 a_0 -> inv'4 a_0 - end + use prelude.prelude.UIntSize - meta "compute_max_steps" 1000000 + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - let rec extern_spec_std_option_T_Option_T_ok_or_else_body'0 (self_:t_Option'0) (err:t_F'0) (return' (ret:t_Result'0))= {[@expl:extern_spec_std_option_T_Option_T_ok_or_else_body 'self_' type invariant] [%#soption0] inv'1 self_} - {[@expl:extern_spec_std_option_T_Option_T_ok_or_else_body 'err' type invariant] [%#soption1] inv'0 err} - {[@expl:extern_spec_std_option_T_Option_T_ok_or_else_body requires] [%#soption0] self_ = C_None'0 - -> precondition'0 err ()} - (! bb0 - [ bb0 = bb1 - | bb1 = bb2 - | bb2 = any [ br0 -> {self_ = C_None'0 } (! bb4) | br1 (x0:t_T'0)-> {self_ = C_Some'0 x0} (! bb5) ] - | bb5 = s0 - [ s0 = {[@expl:type invariant] inv'0 err} s1 - | s1 = -{resolve'0 err}- s2 - | s2 = v_Some'0 {self_} (fun (r0'0:t_T'0) -> [ &t <- r0'0 ] s3) - | s3 = [ &_0 <- C_Ok'0 t ] s4 - | s4 = bb9 ] - - | bb9 = bb10 - | bb10 = bb11 - | bb4 = bb6 - | bb6 = s0 [ s0 = call_once'0 {err} {_8} (fun (_ret':t_E'0) -> [ &_6 <- _ret' ] s1) | s1 = bb7 ] - | bb7 = s0 [ s0 = [ &_0 <- C_Err'0 _6 ] s1 | s1 = bb8 ] - | bb8 = bb11 - | bb11 = bb12 - | bb12 = bb13 - | bb13 = return' {_0} ] - ) - [ & _0 : t_Result'0 = any_l () - | & self_ : t_Option'0 = self_ - | & err : t_F'0 = err - | & _6 : t_E'0 = any_l () - | & _8 : () = any_l () - | & t : t_T'0 = any_l () ] - - [ return' (result:t_Result'0)-> {[@expl:extern_spec_std_option_T_Option_T_ok_or_else_body result type invariant] [%#soption2] inv'2 result} - {[@expl:extern_spec_std_option_T_Option_T_ok_or_else_body ensures] [%#soption3] match self_ with - | C_None'0 -> exists r : t_E'0 . result = C_Err'0 r /\ postcondition_once'0 err () r - | C_Some'0 t -> result = C_Ok'0 t - end} - (! return' {result}) ] + use prelude.prelude.Int + + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : usize) (o : usize) : t_Ordering'0 -end -module M_creusot_contracts__stdqy35z1__option__extern_spec_std_option_T_Option_T_and_then_body [#"../../../creusot-contracts/src/std/option.rs" 234 16 236 45] - let%span soption0 = "../../../creusot-contracts/src/std/option.rs" 31 0 423 1 - let%span soption1 = "../../../creusot-contracts/src/std/option.rs" 234 40 234 41 - let%span soption2 = "../../../creusot-contracts/src/std/option.rs" 226 27 229 17 - let%span soption3 = "../../../creusot-contracts/src/std/option.rs" 234 49 234 58 - let%span soption4 = "../../../creusot-contracts/src/std/option.rs" 230 26 233 17 - let%span sops5 = "../../../creusot-contracts/src/std/ops.rs" 148 0 170 1 + = + [%#sord3] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - type t_T'0 + constant x : usize - type t_Option'1 = - | C_None'0 - | C_Some'0 t_T'0 + constant y : usize - let rec v_Some'0 (input:t_Option'1) (ret (field_0:t_T'0))= any - [ good (field_0:t_T'0)-> {C_Some'0 field_0 = input} (! ret {field_0}) - | bad -> {forall field_0 : t_T'0 [C_Some'0 field_0 : t_Option'1] . C_Some'0 field_0 <> input} (! {false} any) ] - + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37] (x : usize) (y : usize) : () - type t_F'0 + goal vc_antisym1'0 : ([%#sord0] cmp_log'0 x y = C_Less'0) -> ([%#sord1] cmp_log'0 y x = C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi8186105652185060096__antisym2 [#"../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 167 40 167 73 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 168 39 168 69 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 165 8 165 35 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_F'0) + use prelude.prelude.UIntSize - predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) + use prelude.prelude.Int - axiom inv_axiom'2 [@rewrite] : forall x : t_T'0 [inv'3 x] . inv'3 x = (let (x0) = x in inv'4 x0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : usize) (o : usize) : t_Ordering'0 + + = + [%#sord3] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - predicate precondition'0 [#"../../../creusot-contracts/src/std/ops.rs" 73 4 73 45] (self : t_F'0) (args : t_T'0) + constant x : usize - type t_U'0 + constant y : usize - type t_Option'0 = - | C_None'1 - | C_Some'1 t_U'0 + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37] (x : usize) (y : usize) : () - predicate inv'5 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_U'0) + goal vc_antisym2'0 : ([%#sord0] cmp_log'0 x y = C_Greater'0) -> ([%#sord1] cmp_log'0 y x = C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi8186105652185060096__eq_cmp [#"../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 173 39 173 84 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 171 8 171 35 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Option'0) + use prelude.prelude.UIntSize - axiom inv_axiom'1 [@rewrite] : forall x : t_Option'0 [inv'2 x] . inv'2 x - = match x with - | C_None'1 -> true - | C_Some'1 a_0 -> inv'5 a_0 - end + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate postcondition_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 81 4 81 73] (self : t_F'0) (args : t_T'0) (result : t_Option'0) - + use prelude.prelude.Int - let rec call_once'0 (self:t_F'0) (args:t_T'0) (return' (ret:t_Option'0))= {[@expl:call_once 'self' type invariant] inv'0 self} - {[@expl:call_once 'args' type invariant] inv'3 args} - {[@expl:call_once requires] [%#sops5] precondition'0 self args} - any - [ return' (result:t_Option'0)-> {inv'2 result} - {[%#sops5] postcondition_once'0 self args result} - (! return' {result}) ] + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : usize) (o : usize) : t_Ordering'0 + = + [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - use prelude.prelude.Borrow + constant x : usize - predicate resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_F'0) + constant y : usize - use prelude.prelude.Intrinsic + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35] (x : usize) (y : usize) : () - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Option'1) + goal vc_eq_cmp'0 : [%#sord0] (x = y) = (cmp_log'0 x y = C_Equal'0) +end +module M_creusot_contracts__logic__ord__qyi18413678402769648790__cmp_le_log [#"../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 129 39 129 89 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 127 8 127 35 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - axiom inv_axiom'0 [@rewrite] : forall x : t_Option'1 [inv'1 x] . inv'1 x - = match x with - | C_None'0 -> true - | C_Some'0 a_0 -> inv'4 a_0 - end + use prelude.prelude.Int - meta "compute_max_steps" 1000000 + use prelude.prelude.Int8 - let rec extern_spec_std_option_T_Option_T_and_then_body'0 (self_:t_Option'1) (f:t_F'0) (return' (ret:t_Option'0))= {[@expl:extern_spec_std_option_T_Option_T_and_then_body 'self_' type invariant] [%#soption0] inv'1 self_} - {[@expl:extern_spec_std_option_T_Option_T_and_then_body 'f' type invariant] [%#soption1] inv'0 f} - {[@expl:extern_spec_std_option_T_Option_T_and_then_body requires] [%#soption2] match self_ with - | C_None'0 -> true - | C_Some'0 t -> precondition'0 f (t) - end} - (! bb0 - [ bb0 = bb1 - | bb1 = bb2 - | bb2 = any [ br0 -> {self_ = C_None'0 } (! bb4) | br1 (x0:t_T'0)-> {self_ = C_Some'0 x0} (! bb5) ] - | bb5 = s0 - [ s0 = v_Some'0 {self_} (fun (r0'0:t_T'0) -> [ &t <- r0'0 ] s1) - | s1 = [ &_8 <- (t) ] s2 - | s2 = call_once'0 {f} {_8} (fun (_ret':t_Option'0) -> [ &_0 <- _ret' ] s3) - | s3 = bb7 ] - - | bb7 = bb8 - | bb8 = bb9 - | bb9 = bb10 - | bb4 = s0 [ s0 = {[@expl:type invariant] inv'0 f} s1 | s1 = -{resolve'0 f}- s2 | s2 = bb6 ] - | bb6 = s0 [ s0 = [ &_0 <- C_None'1 ] s1 | s1 = bb10 ] - | bb10 = bb11 - | bb11 = bb12 - | bb12 = return' {_0} ] - ) - [ & _0 : t_Option'0 = any_l () - | & self_ : t_Option'1 = self_ - | & f : t_F'0 = f - | & t : t_T'0 = any_l () - | & _8 : t_T'0 = any_l () ] - - [ return' (result:t_Option'0)-> {[@expl:extern_spec_std_option_T_Option_T_and_then_body result type invariant] [%#soption3] inv'2 result} - {[@expl:extern_spec_std_option_T_Option_T_and_then_body ensures] [%#soption4] match self_ with - | C_None'0 -> result = C_None'1 - | C_Some'0 t -> postcondition_once'0 f (t) result - end} - (! return' {result}) ] - -end -module M_creusot_contracts__stdqy35z1__option__extern_spec_std_option_T_Option_T_filter_body [#"../../../creusot-contracts/src/std/option.rs" 254 16 256 41] - let%span soption0 = "../../../creusot-contracts/src/std/option.rs" 31 0 423 1 - let%span soption1 = "../../../creusot-contracts/src/std/option.rs" 254 35 254 44 - let%span soption2 = "../../../creusot-contracts/src/std/option.rs" 243 27 246 17 - let%span soption3 = "../../../creusot-contracts/src/std/option.rs" 254 52 254 61 - let%span soption4 = "../../../creusot-contracts/src/std/option.rs" 247 26 253 17 - let%span sops5 = "../../../creusot-contracts/src/std/ops.rs" 148 0 170 1 - let%span sinvariant6 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - type t_T'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int8) (o : int8) : t_Ordering'0 + + = + [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - type t_Option'0 = - | C_None'0 - | C_Some'0 t_T'0 + constant x : int8 - let rec v_Some'0 (input:t_Option'0) (ret (field_0:t_T'0))= any - [ good (field_0:t_T'0)-> {C_Some'0 field_0 = input} (! ret {field_0}) - | bad -> {forall field_0 : t_T'0 [C_Some'0 field_0 : t_Option'0] . C_Some'0 field_0 <> input} (! {false} any) ] - + constant y : int8 - type t_P'0 + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39] (x : int8) (y : int8) : () - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_P'0) + goal vc_cmp_le_log'0 : [%#sord0] (x <= y) = (cmp_log'0 x y <> C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi18413678402769648790__cmp_lt_log [#"../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 134 39 134 86 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 132 8 132 35 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - use prelude.prelude.Borrow + use prelude.prelude.Int - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) + use prelude.prelude.Int8 - predicate invariant'0 [#"../../../creusot-contracts/src/invariant.rs" 23 4 23 30] (self : t_T'0) = - [%#sinvariant6] inv'0 self + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate inv'5 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int8) (o : int8) : t_Ordering'0 + + = + [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - axiom inv_axiom'3 [@rewrite] : forall x : t_T'0 [inv'5 x] . inv'5 x = invariant'0 x + constant x : int8 - predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) + constant y : int8 - axiom inv_axiom'1 [@rewrite] : forall x : t_T'0 [inv'3 x] . inv'3 x = (let (x0) = x in inv'5 x0) + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39] (x : int8) (y : int8) : () - predicate precondition'0 [#"../../../creusot-contracts/src/std/ops.rs" 73 4 73 45] (self : t_P'0) (args : t_T'0) + goal vc_cmp_lt_log'0 : [%#sord0] (x < y) = (cmp_log'0 x y = C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi18413678402769648790__cmp_ge_log [#"../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 139 39 139 86 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 137 8 137 35 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : bool) + use prelude.prelude.Int - axiom inv_axiom'2 [@rewrite] : forall x : bool [inv'4 x] . inv'4 x = true + use prelude.prelude.Int8 - predicate postcondition_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 81 4 81 73] (self : t_P'0) (args : t_T'0) (result : bool) - + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - let rec call_once'0 (self:t_P'0) (args:t_T'0) (return' (ret:bool))= {[@expl:call_once 'self' type invariant] inv'1 self} - {[@expl:call_once 'args' type invariant] inv'3 args} - {[@expl:call_once requires] [%#sops5] precondition'0 self args} - any - [ return' (result:bool)-> {inv'4 result} {[%#sops5] postcondition_once'0 self args result} (! return' {result}) ] + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int8) (o : int8) : t_Ordering'0 + = + [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - predicate resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_T'0) + constant x : int8 - predicate resolve'1 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_P'0) + constant y : int8 - use prelude.prelude.Intrinsic + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39] (x : int8) (y : int8) : () - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Option'0) + goal vc_cmp_ge_log'0 : [%#sord0] (x >= y) = (cmp_log'0 x y <> C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi18413678402769648790__cmp_gt_log [#"../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 144 39 144 89 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 142 8 142 35 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - axiom inv_axiom'0 [@rewrite] : forall x : t_Option'0 [inv'2 x] . inv'2 x - = match x with - | C_None'0 -> true - | C_Some'0 a_0 -> inv'0 a_0 - end + use prelude.prelude.Int - meta "compute_max_steps" 1000000 + use prelude.prelude.Int8 - let rec extern_spec_std_option_T_Option_T_filter_body'0 (self_:t_Option'0) (predicate':t_P'0) (return' (ret:t_Option'0))= {[@expl:extern_spec_std_option_T_Option_T_filter_body 'self_' type invariant] [%#soption0] inv'2 self_} - {[@expl:extern_spec_std_option_T_Option_T_filter_body 'predicate' type invariant] [%#soption1] inv'1 predicate'} - {[@expl:extern_spec_std_option_T_Option_T_filter_body requires] [%#soption2] match self_ with - | C_None'0 -> true - | C_Some'0 t -> precondition'0 predicate' (t) - end} - (! bb0 - [ bb0 = bb1 - | bb1 = bb2 - | bb2 = any [ br0 -> {self_ = C_None'0 } (! bb4) | br1 (x0:t_T'0)-> {self_ = C_Some'0 x0} (! bb5) ] - | bb5 = s0 - [ s0 = v_Some'0 {self_} (fun (r0'0:t_T'0) -> [ &t <- r0'0 ] s1) - | s1 = [ &_11 <- t ] s2 - | s2 = [ &_9 <- (_11) ] s3 - | s3 = call_once'0 {predicate'} {_9} (fun (_ret':bool) -> [ &_7 <- _ret' ] s4) - | s4 = bb7 ] - - | bb7 = any [ br0 -> {_7 = false} (! bb10) | br1 -> {_7} (! bb8) ] - | bb8 = s0 [ s0 = [ &_0 <- C_Some'0 t ] s1 | s1 = bb9 ] - | bb9 = bb12 - | bb10 = s0 [ s0 = {[@expl:type invariant] inv'0 t} s1 | s1 = -{resolve'0 t}- s2 | s2 = bb11 ] - | bb11 = s0 [ s0 = [ &_0 <- C_None'0 ] s1 | s1 = bb12 ] - | bb12 = bb13 - | bb13 = bb14 - | bb4 = s0 [ s0 = {[@expl:type invariant] inv'1 predicate'} s1 | s1 = -{resolve'1 predicate'}- s2 | s2 = bb6 ] - | bb6 = s0 [ s0 = [ &_0 <- C_None'0 ] s1 | s1 = bb14 ] - | bb14 = bb15 - | bb15 = bb16 - | bb16 = return' {_0} ] - ) - [ & _0 : t_Option'0 = any_l () - | & self_ : t_Option'0 = self_ - | & predicate' : t_P'0 = predicate' - | & t : t_T'0 = any_l () - | & _7 : bool = any_l () - | & _9 : t_T'0 = any_l () - | & _11 : t_T'0 = any_l () ] - - [ return' (result:t_Option'0)-> {[@expl:extern_spec_std_option_T_Option_T_filter_body result type invariant] [%#soption3] inv'2 result} - {[@expl:extern_spec_std_option_T_Option_T_filter_body ensures] [%#soption4] match self_ with - | C_None'0 -> result = C_None'0 - | C_Some'0 t -> match result with - | C_None'0 -> postcondition_once'0 predicate' (t) false /\ resolve'0 t - | C_Some'0 r -> postcondition_once'0 predicate' (t) true /\ r = t - end - end} - (! return' {result}) ] + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 + + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int8) (o : int8) : t_Ordering'0 -end -module M_creusot_contracts__stdqy35z1__option__extern_spec_std_option_T_Option_T_or_else_body [#"../../../creusot-contracts/src/std/option.rs" 273 16 275 44] - let%span soption0 = "../../../creusot-contracts/src/std/option.rs" 31 0 423 1 - let%span soption1 = "../../../creusot-contracts/src/std/option.rs" 273 36 273 37 - let%span soption2 = "../../../creusot-contracts/src/std/option.rs" 273 45 273 54 - let%span soption3 = "../../../creusot-contracts/src/std/option.rs" 269 26 272 17 - let%span sops4 = "../../../creusot-contracts/src/std/ops.rs" 148 0 170 1 + = + [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - type t_T'0 + constant x : int8 - type t_Option'0 = - | C_None'0 - | C_Some'0 t_T'0 + constant y : int8 - type t_F'0 + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39] (x : int8) (y : int8) : () - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_F'0) + goal vc_cmp_gt_log'0 : [%#sord0] (x > y) = (cmp_log'0 x y = C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi18413678402769648790__refl [#"../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 149 39 149 70 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 147 8 147 35 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - use prelude.prelude.Borrow + use prelude.prelude.Int8 - predicate resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_F'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - let rec v_Some'0 (input:t_Option'0) (ret (field_0:t_T'0))= any - [ good (field_0:t_T'0)-> {C_Some'0 field_0 = input} (! ret {field_0}) - | bad -> {forall field_0 : t_T'0 [C_Some'0 field_0 : t_Option'0] . C_Some'0 field_0 <> input} (! {false} any) ] + use prelude.prelude.Int + + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int8) (o : int8) : t_Ordering'0 + = + [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : ()) + constant x : int8 - axiom inv_axiom'1 [@rewrite] : forall x : () [inv'2 x] . inv'2 x = true + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24] (x : int8) : () - predicate precondition'0 [#"../../../creusot-contracts/src/std/ops.rs" 73 4 73 45] (self : t_F'0) (args : ()) + goal vc_refl'0 : [%#sord0] cmp_log'0 x x = C_Equal'0 +end +module M_creusot_contracts__logic__ord__qyi18413678402769648790__trans [#"../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 154 40 154 57 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 155 40 155 57 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 156 39 156 56 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 152 8 152 35 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) + use prelude.prelude.Int8 - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Option'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - axiom inv_axiom'0 [@rewrite] : forall x : t_Option'0 [inv'1 x] . inv'1 x - = match x with - | C_None'0 -> true - | C_Some'0 a_0 -> inv'3 a_0 - end + use prelude.prelude.Int - predicate postcondition_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 81 4 81 73] (self : t_F'0) (args : ()) (result : t_Option'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int8) (o : int8) : t_Ordering'0 + = + [%#sord4] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - let rec call_once'0 (self:t_F'0) (args:()) (return' (ret:t_Option'0))= {[@expl:call_once 'self' type invariant] inv'0 self} - {[@expl:call_once 'args' type invariant] inv'2 args} - {[@expl:call_once requires] [%#sops4] precondition'0 self args} - any - [ return' (result:t_Option'0)-> {inv'1 result} - {[%#sops4] postcondition_once'0 self args result} - (! return' {result}) ] - + constant x : int8 - use prelude.prelude.Intrinsic + constant y : int8 - meta "compute_max_steps" 1000000 + constant z : int8 - let rec extern_spec_std_option_T_Option_T_or_else_body'0 (self_:t_Option'0) (f:t_F'0) (return' (ret:t_Option'0))= {[@expl:extern_spec_std_option_T_Option_T_or_else_body 'self_' type invariant] [%#soption0] inv'1 self_} - {[@expl:extern_spec_std_option_T_Option_T_or_else_body 'f' type invariant] [%#soption1] inv'0 f} - {[@expl:extern_spec_std_option_T_Option_T_or_else_body requires] [%#soption0] self_ = C_None'0 - -> precondition'0 f ()} - (! bb0 - [ bb0 = bb1 - | bb1 = bb2 - | bb2 = any [ br0 -> {self_ = C_None'0 } (! bb4) | br1 (x0:t_T'0)-> {self_ = C_Some'0 x0} (! bb5) ] - | bb5 = s0 - [ s0 = {[@expl:type invariant] inv'0 f} s1 - | s1 = -{resolve'0 f}- s2 - | s2 = v_Some'0 {self_} (fun (r0'0:t_T'0) -> [ &t <- r0'0 ] s3) - | s3 = [ &_0 <- C_Some'0 t ] s4 - | s4 = bb8 ] - - | bb8 = bb9 - | bb9 = bb10 - | bb4 = bb6 - | bb6 = s0 [ s0 = call_once'0 {f} {_7} (fun (_ret':t_Option'0) -> [ &_0 <- _ret' ] s1) | s1 = bb7 ] - | bb7 = bb10 - | bb10 = bb11 - | bb11 = bb12 - | bb12 = return' {_0} ] - ) - [ & _0 : t_Option'0 = any_l () - | & self_ : t_Option'0 = self_ - | & f : t_F'0 = f - | & _7 : () = any_l () - | & t : t_T'0 = any_l () ] - - [ return' (result:t_Option'0)-> {[@expl:extern_spec_std_option_T_Option_T_or_else_body result type invariant] [%#soption2] inv'1 result} - {[@expl:extern_spec_std_option_T_Option_T_or_else_body ensures] [%#soption3] match self_ with - | C_None'0 -> postcondition_once'0 f () result - | C_Some'0 t -> result = C_Some'0 t - end} - (! return' {result}) ] + constant o : t_Ordering'0 + + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56] (x : int8) (y : int8) (z : int8) (o : t_Ordering'0) : () + + goal vc_trans'0 : ([%#sord1] cmp_log'0 y z = o) -> ([%#sord0] cmp_log'0 x y = o) -> ([%#sord2] cmp_log'0 x z = o) end -module M_creusot_contracts__stdqy35z1__option__extern_spec_std_option_T_Option_T_get_or_insert_with_body [#"../../../creusot-contracts/src/std/option.rs" 311 16 313 36] - let%span soption0 = "../../../creusot-contracts/src/std/option.rs" 31 0 423 1 - let%span soption1 = "../../../creusot-contracts/src/std/option.rs" 311 52 311 53 - let%span soption2 = "../../../creusot-contracts/src/std/option.rs" 306 27 306 63 - let%span soption3 = "../../../creusot-contracts/src/std/option.rs" 311 61 311 67 - let%span soption4 = "../../../creusot-contracts/src/std/option.rs" 307 26 310 17 - let%span sops5 = "../../../creusot-contracts/src/std/ops.rs" 148 0 170 1 - let%span soption6 = "../../../creusot-contracts/src/std/option.rs" 62 26 62 75 - let%span soption7 = "../../../creusot-contracts/src/std/option.rs" 64 20 65 100 - let%span soption8 = "../../../creusot-contracts/src/std/option.rs" 31 0 423 1 - let%span sresolve9 = "../../../creusot-contracts/src/resolve.rs" 54 20 54 34 - let%span sresolve10 = "../../../creusot-contracts/src/resolve.rs" 82 8 85 9 - let%span sinvariant11 = "../../../creusot-contracts/src/invariant.rs" 34 20 34 44 +module M_creusot_contracts__logic__ord__qyi18413678402769648790__antisym1 [#"../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 161 40 161 70 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 162 39 162 72 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 159 8 159 35 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - type t_T'0 + use prelude.prelude.Int8 - type t_Option'0 = - | C_None'0 - | C_Some'0 t_T'0 + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 + + use prelude.prelude.Int + + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int8) (o : int8) : t_Ordering'0 + + = + [%#sord3] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + + constant x : int8 + + constant y : int8 - type t_F'0 + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37] (x : int8) (y : int8) : () - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_F'0) + goal vc_antisym1'0 : ([%#sord0] cmp_log'0 x y = C_Less'0) -> ([%#sord1] cmp_log'0 y x = C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi18413678402769648790__antisym2 [#"../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 167 40 167 73 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 168 39 168 69 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 165 8 165 35 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - use prelude.prelude.Borrow + use prelude.prelude.Int8 - predicate resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_F'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) + use prelude.prelude.Int - let rec v_Some'0 (input:t_Option'0) (ret (field_0:t_T'0))= any - [ good (field_0:t_T'0)-> {C_Some'0 field_0 = input} (! ret {field_0}) - | bad -> {forall field_0 : t_T'0 [C_Some'0 field_0 : t_Option'0] . C_Some'0 field_0 <> input} (! {false} any) ] + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int8) (o : int8) : t_Ordering'0 + = + [%#sord3] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - predicate invariant'0 [#"../../../creusot-contracts/src/invariant.rs" 33 4 33 30] (self : borrowed t_T'0) = - [%#sinvariant11] inv'1 self.current /\ inv'1 self.final - - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : borrowed t_T'0) + constant x : int8 - axiom inv_axiom'0 [@rewrite] : forall x : borrowed t_T'0 [inv'2 x] . inv'2 x = invariant'0 x + constant y : int8 - predicate resolve'4 [#"../../../creusot-contracts/src/resolve.rs" 53 4 53 28] (self : borrowed t_T'0) = - [%#sresolve9] self.final = self.current + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37] (x : int8) (y : int8) : () - predicate resolve'1 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : borrowed t_T'0) = - resolve'4 _1 + goal vc_antisym2'0 : ([%#sord0] cmp_log'0 x y = C_Greater'0) -> ([%#sord1] cmp_log'0 y x = C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi18413678402769648790__eq_cmp [#"../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 173 39 173 84 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 171 8 171 35 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - predicate inv'5 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : ()) + use prelude.prelude.Int8 - axiom inv_axiom'3 [@rewrite] : forall x : () [inv'5 x] . inv'5 x = true + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate precondition'0 [#"../../../creusot-contracts/src/std/ops.rs" 73 4 73 45] (self : t_F'0) (args : ()) + use prelude.prelude.Int - predicate postcondition_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 81 4 81 73] (self : t_F'0) (args : ()) (result : t_T'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int8) (o : int8) : t_Ordering'0 + = + [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - let rec call_once'0 (self:t_F'0) (args:()) (return' (ret:t_T'0))= {[@expl:call_once 'self' type invariant] inv'0 self} - {[@expl:call_once 'args' type invariant] inv'5 args} - {[@expl:call_once requires] [%#sops5] precondition'0 self args} - any - [ return' (result:t_T'0)-> {inv'1 result} {[%#sops5] postcondition_once'0 self args result} (! return' {result}) ] - + constant x : int8 - predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Option'0) + constant y : int8 - axiom inv_axiom'1 [@rewrite] : forall x : t_Option'0 [inv'3 x] . inv'3 x - = match x with - | C_None'0 -> true - | C_Some'0 a_0 -> inv'1 a_0 - end + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35] (x : int8) (y : int8) : () - predicate resolve'7 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_T'0) + goal vc_eq_cmp'0 : [%#sord0] (x = y) = (cmp_log'0 x y = C_Equal'0) +end +module M_creusot_contracts__logic__ord__qyi8040194823849327911__cmp_le_log [#"../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 129 39 129 89 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 127 8 127 35 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - predicate resolve'5 [#"../../../creusot-contracts/src/resolve.rs" 81 4 81 28] (self : t_Option'0) = - [%#sresolve10] match self with - | C_Some'0 x -> resolve'7 x - | C_None'0 -> true - end + use prelude.prelude.Int - predicate resolve'2 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_Option'0) = - resolve'5 _1 + use prelude.prelude.Int16 - predicate invariant'1 [#"../../../creusot-contracts/src/invariant.rs" 33 4 33 30] (self : borrowed (t_Option'0)) = - [%#sinvariant11] inv'3 self.current /\ inv'3 self.final + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : borrowed (t_Option'0)) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int16) (o : int16) : t_Ordering'0 + + = + [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - axiom inv_axiom'2 [@rewrite] : forall x : borrowed (t_Option'0) [inv'4 x] . inv'4 x = invariant'1 x + constant x : int16 - type t_Option'1 = - | C_None'1 - | C_Some'1 (borrowed t_T'0) + constant y : int16 - predicate inv'6 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Option'1) + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39] (x : int16) (y : int16) : () - axiom inv_axiom'4 [@rewrite] : forall x : t_Option'1 [inv'6 x] . inv'6 x - = match x with - | C_None'1 -> true - | C_Some'1 a_0 -> inv'2 a_0 - end + goal vc_cmp_le_log'0 : [%#sord0] (x <= y) = (cmp_log'0 x y <> C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi8040194823849327911__cmp_lt_log [#"../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 134 39 134 86 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 132 8 132 35 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - let rec as_mut'0 (self:borrowed (t_Option'0)) (return' (ret:t_Option'1))= {[@expl:as_mut 'self' type invariant] inv'4 self} - any - [ return' (result:t_Option'1)-> {inv'6 result} - {[%#soption6] self.current = C_None'0 -> result = C_None'1 /\ self.final = C_None'0} - {[%#soption7] self.current = C_None'0 - \/ (exists r : borrowed t_T'0 . result = C_Some'1 r - /\ self.current = C_Some'0 (r.current) /\ self.final = C_Some'0 (r.final))} - (! return' {result}) ] + use prelude.prelude.Int + + use prelude.prelude.Int16 + + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 + + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int16) (o : int16) : t_Ordering'0 + = + [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - let rec unwrap'0 (self:t_Option'1) (return' (ret:borrowed t_T'0))= {[@expl:unwrap 'self' type invariant] inv'6 self} - {[@expl:unwrap requires] [%#soption8] self <> C_None'1} - any [ return' (result:borrowed t_T'0)-> {inv'2 result} {[%#soption8] C_Some'1 result = self} (! return' {result}) ] + constant x : int16 - predicate resolve'6 [#"../../../creusot-contracts/src/resolve.rs" 53 4 53 28] (self : borrowed (t_Option'0)) = - [%#sresolve9] self.final = self.current + constant y : int16 - predicate resolve'3 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : borrowed (t_Option'0)) = - resolve'6 _1 + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39] (x : int16) (y : int16) : () - use prelude.prelude.Intrinsic + goal vc_cmp_lt_log'0 : [%#sord0] (x < y) = (cmp_log'0 x y = C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi8040194823849327911__cmp_ge_log [#"../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 139 39 139 86 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 137 8 137 35 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - meta "compute_max_steps" 1000000 + use prelude.prelude.Int - let rec extern_spec_std_option_T_Option_T_get_or_insert_with_body'0 (self_:borrowed (t_Option'0)) (f:t_F'0) (return' (ret:borrowed t_T'0))= {[@expl:extern_spec_std_option_T_Option_T_get_or_insert_with_body 'self_' type invariant] [%#soption0] inv'4 self_} - {[@expl:extern_spec_std_option_T_Option_T_get_or_insert_with_body 'f' type invariant] [%#soption1] inv'0 f} - {[@expl:extern_spec_std_option_T_Option_T_get_or_insert_with_body requires] [%#soption2] self_.current = C_None'0 - -> precondition'0 f ()} - (! bb0 - [ bb0 = bb1 - | bb1 = bb2 - | bb2 = any [ br0 -> {self_.current = C_None'0 } (! bb4) | br1 (x0:t_T'0)-> {self_.current = C_Some'0 x0} (! bb5) ] - | bb5 = s0 - [ s0 = {[@expl:type invariant] inv'0 f} s1 - | s1 = -{resolve'0 f}- s2 - | s2 = v_Some'0 {self_.current} - (fun (r0'0:t_T'0) -> - {inv'1 r0'0} - Borrow.borrow_final {r0'0} {Borrow.inherit_id (Borrow.get_id self_) 1} - (fun (_ret':borrowed t_T'0) -> - [ &t <- _ret' ] - -{inv'1 _ret'.final}- - [ &self_ <- { self_ with current = C_Some'0 _ret'.final } ] - s3)) - | s3 = {inv'1 t.current} - Borrow.borrow_final {t.current} {Borrow.get_id t} - (fun (_ret':borrowed t_T'0) -> - [ &_6 <- _ret' ] - -{inv'1 _ret'.final}- - [ &t <- { t with current = _ret'.final } ] - s4) - | s4 = {[@expl:type invariant] inv'2 t} s5 - | s5 = -{resolve'1 t}- s6 - | s6 = bb14 ] - - | bb4 = bb6 - | bb6 = s0 [ s0 = call_once'0 {f} {_12} (fun (_ret':t_T'0) -> [ &_10 <- _ret' ] s1) | s1 = bb7 ] - | bb7 = s0 [ s0 = [ &_9 <- C_Some'0 _10 ] s1 | s1 = bb8 ] - | bb8 = bb9 - | bb9 = s0 - [ s0 = {[@expl:type invariant] match self_ with - | {current = x'0} -> inv'3 x'0 - | _ -> true - end} - s1 - | s1 = -{match self_ with - | {current = x'1} -> resolve'2 x'1 - | _ -> true - end}- - s2 - | s2 = [ &self_ <- { self_ with current = _9 } ] s3 - | s3 = bb11 ] - - | bb11 = s0 - [ s0 = {inv'3 self_.current} - Borrow.borrow_final {self_.current} {Borrow.get_id self_} - (fun (_ret':borrowed (t_Option'0)) -> - [ &_15 <- _ret' ] - -{inv'3 _ret'.final}- - [ &self_ <- { self_ with current = _ret'.final } ] - s1) - | s1 = as_mut'0 {_15} (fun (_ret':t_Option'1) -> [ &_14 <- _ret' ] s2) - | s2 = bb12 ] - - | bb12 = s0 [ s0 = unwrap'0 {_14} (fun (_ret':borrowed t_T'0) -> [ &_13 <- _ret' ] s1) | s1 = bb13 ] - | bb13 = s0 - [ s0 = {inv'1 _13.current} - Borrow.borrow_final {_13.current} {Borrow.get_id _13} - (fun (_ret':borrowed t_T'0) -> - [ &_8 <- _ret' ] - -{inv'1 _ret'.final}- - [ &_13 <- { _13 with current = _ret'.final } ] - s1) - | s1 = {inv'1 _8.current} - Borrow.borrow_final {_8.current} {Borrow.get_id _8} - (fun (_ret':borrowed t_T'0) -> - [ &_6 <- _ret' ] - -{inv'1 _ret'.final}- - [ &_8 <- { _8 with current = _ret'.final } ] - s2) - | s2 = {[@expl:type invariant] inv'2 _13} s3 - | s3 = -{resolve'1 _13}- s4 - | s4 = {[@expl:type invariant] inv'2 _8} s5 - | s5 = -{resolve'1 _8}- s6 - | s6 = bb14 ] - - | bb14 = s0 - [ s0 = {inv'1 _6.current} - Borrow.borrow_final {_6.current} {Borrow.get_id _6} - (fun (_ret':borrowed t_T'0) -> - [ &_3 <- _ret' ] - -{inv'1 _ret'.final}- - [ &_6 <- { _6 with current = _ret'.final } ] - s1) - | s1 = {inv'1 _3.current} - Borrow.borrow_final {_3.current} {Borrow.get_id _3} - (fun (_ret':borrowed t_T'0) -> - [ &_0 <- _ret' ] - -{inv'1 _ret'.final}- - [ &_3 <- { _3 with current = _ret'.final } ] - s2) - | s2 = {[@expl:type invariant] inv'2 _6} s3 - | s3 = -{resolve'1 _6}- s4 - | s4 = {[@expl:type invariant] inv'2 _3} s5 - | s5 = -{resolve'1 _3}- s6 - | s6 = bb15 ] - - | bb15 = s0 [ s0 = {[@expl:type invariant] inv'4 self_} s1 | s1 = -{resolve'3 self_}- s2 | s2 = return' {_0} ] ] - ) - [ & _0 : borrowed t_T'0 = any_l () - | & self_ : borrowed (t_Option'0) = self_ - | & f : t_F'0 = f - | & _3 : borrowed t_T'0 = any_l () - | & _6 : borrowed t_T'0 = any_l () - | & _8 : borrowed t_T'0 = any_l () - | & _9 : t_Option'0 = any_l () - | & _10 : t_T'0 = any_l () - | & _12 : () = any_l () - | & _13 : borrowed t_T'0 = any_l () - | & _14 : t_Option'1 = any_l () - | & _15 : borrowed (t_Option'0) = any_l () - | & t : borrowed t_T'0 = any_l () ] - - [ return' (result:borrowed t_T'0)-> {[@expl:extern_spec_std_option_T_Option_T_get_or_insert_with_body result type invariant] [%#soption3] inv'2 result} - {[@expl:extern_spec_std_option_T_Option_T_get_or_insert_with_body ensures] [%#soption4] match self_.current with - | C_None'0 -> postcondition_once'0 f () result.current /\ self_.final = C_Some'0 (result.final) - | C_Some'0 _ -> self_.current = C_Some'0 (result.current) /\ self_.final = C_Some'0 (result.final) - end} - (! return' {result}) ] + use prelude.prelude.Int16 + + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 + + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int16) (o : int16) : t_Ordering'0 -end -module M_creusot_contracts__stdqy35z1__option__extern_spec_std_option_T_Option_T_take_if_body [#"../../../creusot-contracts/src/std/option.rs" 338 16 340 45] - let%span soption0 = "../../../creusot-contracts/src/std/option.rs" 31 0 423 1 - let%span soption1 = "../../../creusot-contracts/src/std/option.rs" 338 41 338 50 - let%span soption2 = "../../../creusot-contracts/src/std/option.rs" 324 27 327 17 - let%span soption3 = "../../../creusot-contracts/src/std/option.rs" 338 58 338 67 - let%span soption4 = "../../../creusot-contracts/src/std/option.rs" 328 26 337 17 - let%span sops5 = "../../../creusot-contracts/src/std/ops.rs" 148 0 170 1 - let%span soption6 = "../../../creusot-contracts/src/std/option.rs" 31 0 423 1 - let%span sresolve7 = "../../../creusot-contracts/src/resolve.rs" 54 20 54 34 - let%span sinvariant8 = "../../../creusot-contracts/src/invariant.rs" 34 20 34 44 + = + [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - type t_T'0 + constant x : int16 - type t_Option'0 = - | C_None'0 - | C_Some'0 t_T'0 + constant y : int16 - use prelude.prelude.Borrow + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39] (x : int16) (y : int16) : () - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) + goal vc_cmp_ge_log'0 : [%#sord0] (x >= y) = (cmp_log'0 x y <> C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi8040194823849327911__cmp_gt_log [#"../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 144 39 144 89 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 142 8 142 35 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - let rec v_Some'0 (input:t_Option'0) (ret (field_0:t_T'0))= any - [ good (field_0:t_T'0)-> {C_Some'0 field_0 = input} (! ret {field_0}) - | bad -> {forall field_0 : t_T'0 [C_Some'0 field_0 : t_Option'0] . C_Some'0 field_0 <> input} (! {false} any) ] + use prelude.prelude.Int + + use prelude.prelude.Int16 + + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 + + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int16) (o : int16) : t_Ordering'0 + = + [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - type t_P'0 + constant x : int16 - predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_P'0) + constant y : int16 - predicate invariant'0 [#"../../../creusot-contracts/src/invariant.rs" 33 4 33 30] (self : borrowed t_T'0) = - [%#sinvariant8] inv'0 self.current /\ inv'0 self.final + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39] (x : int16) (y : int16) : () - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : borrowed t_T'0) + goal vc_cmp_gt_log'0 : [%#sord0] (x > y) = (cmp_log'0 x y = C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi8040194823849327911__refl [#"../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 149 39 149 70 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 147 8 147 35 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - axiom inv_axiom'0 [@rewrite] : forall x : borrowed t_T'0 [inv'1 x] . inv'1 x = invariant'0 x + use prelude.prelude.Int16 - predicate inv'5 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : borrowed t_T'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - axiom inv_axiom'3 [@rewrite] : forall x : borrowed t_T'0 [inv'5 x] . inv'5 x = (let (x0) = x in inv'1 x0) + use prelude.prelude.Int - predicate precondition'0 [#"../../../creusot-contracts/src/std/ops.rs" 73 4 73 45] (self : t_P'0) (args : borrowed t_T'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int16) (o : int16) : t_Ordering'0 + = + [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - predicate inv'6 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : bool) + constant x : int16 - axiom inv_axiom'4 [@rewrite] : forall x : bool [inv'6 x] . inv'6 x = true + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24] (x : int16) : () - predicate postcondition_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 81 4 81 73] (self : t_P'0) (args : borrowed t_T'0) (result : bool) + goal vc_refl'0 : [%#sord0] cmp_log'0 x x = C_Equal'0 +end +module M_creusot_contracts__logic__ord__qyi8040194823849327911__trans [#"../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 154 40 154 57 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 155 40 155 57 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 156 39 156 56 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 152 8 152 35 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + + use prelude.prelude.Int16 + + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 + + use prelude.prelude.Int + + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int16) (o : int16) : t_Ordering'0 + = + [%#sord4] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - let rec call_once'0 (self:t_P'0) (args:borrowed t_T'0) (return' (ret:bool))= {[@expl:call_once 'self' type invariant] inv'4 self} - {[@expl:call_once 'args' type invariant] inv'5 args} - {[@expl:call_once requires] [%#sops5] precondition'0 self args} - any - [ return' (result:bool)-> {inv'6 result} {[%#sops5] postcondition_once'0 self args result} (! return' {result}) ] + constant x : int16 + + constant y : int16 + + constant z : int16 + + constant o : t_Ordering'0 + + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56] (x : int16) (y : int16) (z : int16) (o : t_Ordering'0) : () - predicate resolve'3 [#"../../../creusot-contracts/src/resolve.rs" 53 4 53 28] (self : borrowed t_T'0) = - [%#sresolve7] self.final = self.current + goal vc_trans'0 : ([%#sord1] cmp_log'0 y z = o) -> ([%#sord0] cmp_log'0 x y = o) -> ([%#sord2] cmp_log'0 x z = o) +end +module M_creusot_contracts__logic__ord__qyi8040194823849327911__antisym1 [#"../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 161 40 161 70 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 162 39 162 72 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 159 8 159 35 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - predicate resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : borrowed t_T'0) = - resolve'3 _1 + use prelude.prelude.Int16 - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Option'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - axiom inv_axiom'1 [@rewrite] : forall x : t_Option'0 [inv'2 x] . inv'2 x - = match x with - | C_None'0 -> true - | C_Some'0 a_0 -> inv'0 a_0 - end + use prelude.prelude.Int - predicate invariant'1 [#"../../../creusot-contracts/src/invariant.rs" 33 4 33 30] (self : borrowed (t_Option'0)) = - [%#sinvariant8] inv'2 self.current /\ inv'2 self.final + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int16) (o : int16) : t_Ordering'0 + + = + [%#sord3] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : borrowed (t_Option'0)) + constant x : int16 - axiom inv_axiom'2 [@rewrite] : forall x : borrowed (t_Option'0) [inv'3 x] . inv'3 x = invariant'1 x + constant y : int16 - let rec take'0 (self:borrowed (t_Option'0)) (return' (ret:t_Option'0))= {[@expl:take 'self' type invariant] inv'3 self} - any - [ return' (result:t_Option'0)-> {inv'2 result} - {[%#soption6] result = self.current /\ self.final = C_None'0} - (! return' {result}) ] + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37] (x : int16) (y : int16) : () + + goal vc_antisym1'0 : ([%#sord0] cmp_log'0 x y = C_Less'0) -> ([%#sord1] cmp_log'0 y x = C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi8040194823849327911__antisym2 [#"../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 167 40 167 73 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 168 39 168 69 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 165 8 165 35 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + + use prelude.prelude.Int16 + + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 + + use prelude.prelude.Int + + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int16) (o : int16) : t_Ordering'0 + = + [%#sord3] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - predicate resolve'4 [#"../../../creusot-contracts/src/resolve.rs" 53 4 53 28] (self : borrowed (t_Option'0)) = - [%#sresolve7] self.final = self.current + constant x : int16 - predicate resolve'1 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : borrowed (t_Option'0)) = - resolve'4 _1 + constant y : int16 - predicate resolve'2 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_P'0) + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37] (x : int16) (y : int16) : () - use prelude.prelude.Intrinsic + goal vc_antisym2'0 : ([%#sord0] cmp_log'0 x y = C_Greater'0) -> ([%#sord1] cmp_log'0 y x = C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi8040194823849327911__eq_cmp [#"../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 173 39 173 84 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 171 8 171 35 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - meta "compute_max_steps" 1000000 + use prelude.prelude.Int16 - let rec extern_spec_std_option_T_Option_T_take_if_body'0 (self_:borrowed (t_Option'0)) (predicate':t_P'0) (return' (ret:t_Option'0))= {[@expl:extern_spec_std_option_T_Option_T_take_if_body 'self_' type invariant] [%#soption0] inv'3 self_} - {[@expl:extern_spec_std_option_T_Option_T_take_if_body 'predicate' type invariant] [%#soption1] inv'4 predicate'} - {[@expl:extern_spec_std_option_T_Option_T_take_if_body requires] [%#soption2] match self_.current with - | C_None'0 -> true - | C_Some'0 t -> forall b : borrowed t_T'0 . inv'1 b /\ b.current = t -> precondition'0 predicate' (b) - end} - (! bb0 - [ bb0 = bb1 - | bb1 = bb2 - | bb2 = any [ br0 -> {self_.current = C_None'0 } (! bb4) | br1 (x0:t_T'0)-> {self_.current = C_Some'0 x0} (! bb5) ] - | bb5 = s0 - [ s0 = v_Some'0 {self_.current} - (fun (r0'0:t_T'0) -> - {inv'0 r0'0} - Borrow.borrow_mut {r0'0} - (fun (_ret':borrowed t_T'0) -> - [ &t <- _ret' ] - -{inv'0 _ret'.final}- - [ &self_ <- { self_ with current = C_Some'0 _ret'.final } ] - s1)) - | s1 = {inv'0 t.current} - Borrow.borrow_final {t.current} {Borrow.get_id t} - (fun (_ret':borrowed t_T'0) -> - [ &_10 <- _ret' ] - -{inv'0 _ret'.final}- - [ &t <- { t with current = _ret'.final } ] - s2) - | s2 = [ &_9 <- (_10) ] s3 - | s3 = call_once'0 {predicate'} {_9} (fun (_ret':bool) -> [ &_7 <- _ret' ] s4) - | s4 = bb7 ] - - | bb7 = s0 - [ s0 = {[@expl:type invariant] inv'1 t} s1 - | s1 = -{resolve'0 t}- s2 - | s2 = any [ br0 -> {_7 = false} (! bb10) | br1 -> {_7} (! bb8) ] ] - - | bb8 = s0 - [ s0 = {inv'2 self_.current} - Borrow.borrow_final {self_.current} {Borrow.get_id self_} - (fun (_ret':borrowed (t_Option'0)) -> - [ &_11 <- _ret' ] - -{inv'2 _ret'.final}- - [ &self_ <- { self_ with current = _ret'.final } ] - s1) - | s1 = take'0 {_11} (fun (_ret':t_Option'0) -> [ &_0 <- _ret' ] s2) - | s2 = bb9 ] - - | bb9 = s0 [ s0 = {[@expl:type invariant] inv'3 self_} s1 | s1 = -{resolve'1 self_}- s2 | s2 = bb12 ] - | bb10 = s0 [ s0 = {[@expl:type invariant] inv'3 self_} s1 | s1 = -{resolve'1 self_}- s2 | s2 = bb11 ] - | bb11 = s0 [ s0 = [ &_0 <- C_None'0 ] s1 | s1 = bb12 ] - | bb12 = bb13 - | bb4 = s0 - [ s0 = {[@expl:type invariant] inv'4 predicate'} s1 - | s1 = -{resolve'2 predicate'}- s2 - | s2 = {[@expl:type invariant] inv'3 self_} s3 - | s3 = -{resolve'1 self_}- s4 - | s4 = bb6 ] - - | bb6 = s0 [ s0 = [ &_0 <- C_None'0 ] s1 | s1 = bb13 ] - | bb13 = bb14 - | bb14 = return' {_0} ] - ) - [ & _0 : t_Option'0 = any_l () - | & self_ : borrowed (t_Option'0) = self_ - | & predicate' : t_P'0 = predicate' - | & t : borrowed t_T'0 = any_l () - | & _7 : bool = any_l () - | & _9 : borrowed t_T'0 = any_l () - | & _10 : borrowed t_T'0 = any_l () - | & _11 : borrowed (t_Option'0) = any_l () ] + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 + + use prelude.prelude.Int + + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int16) (o : int16) : t_Ordering'0 - [ return' (result:t_Option'0)-> {[@expl:extern_spec_std_option_T_Option_T_take_if_body result type invariant] [%#soption3] inv'2 result} - {[@expl:extern_spec_std_option_T_Option_T_take_if_body ensures] [%#soption4] match self_.current with - | C_None'0 -> result = C_None'0 /\ self_.final = C_None'0 - | C_Some'0 cur -> exists b : borrowed t_T'0, res : bool . inv'1 b - /\ cur = b.current - /\ postcondition_once'0 predicate' (b) res - /\ (if res then - self_.final = C_None'0 /\ result = C_Some'0 (b.final) - else - self_.final = C_Some'0 (b.final) /\ result = C_None'0 - ) - end} - (! return' {result}) ] + = + [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + + constant x : int16 + + constant y : int16 + + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35] (x : int16) (y : int16) : () + + goal vc_eq_cmp'0 : [%#sord0] (x = y) = (cmp_log'0 x y = C_Equal'0) +end +module M_creusot_contracts__logic__ord__qyi211457485035727011__cmp_le_log [#"../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 129 39 129 89 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 127 8 127 35 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + + use prelude.prelude.Int + + use prelude.prelude.Int32 + + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 + + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int32) (o : int32) : t_Ordering'0 + = + [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + + constant x : int32 + + constant y : int32 + + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39] (x : int32) (y : int32) : () + + goal vc_cmp_le_log'0 : [%#sord0] (x <= y) = (cmp_log'0 x y <> C_Greater'0) end -module M_creusot_contracts__stdqy35z1__option__qyi10751279649878241649__cmp_le_log [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (* as logic::ord::OrdLogic> *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 78 39 78 89 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 76 8 76 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 11 20 11 56 - let%span soption3 = "../../../creusot-contracts/src/std/option.rs" 437 8 442 9 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 15 14 15 64 - let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 25 14 25 61 - let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 35 14 35 61 - let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 45 14 45 64 - let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 49 14 49 45 - let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 53 15 53 32 - let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 54 15 54 32 - let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 55 14 55 31 - let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 59 15 59 45 - let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 60 14 60 47 - let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 64 15 64 48 - let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 65 14 65 44 - let%span sord16 = "../../../creusot-contracts/src/logic/ord.rs" 69 14 69 59 +module M_creusot_contracts__logic__ord__qyi211457485035727011__cmp_lt_log [#"../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 134 39 134 86 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 132 8 132 35 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - type t_T'0 + use prelude.prelude.Int - type t_Option'0 = - | C_None'0 - | C_Some'0 t_T'0 + use prelude.prelude.Int32 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 6 4 6 42] (self : t_T'0) (_2 : t_T'0) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int32) (o : int32) : t_Ordering'0 + = + [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 70 4 70 32] (x : t_T'0) (y : t_T'0) : () + constant x : int32 - axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord16] (x = y) = (cmp_log'1 x y = C_Equal'0) + constant y : int32 - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 66 4 66 34] (x : t_T'0) (y : t_T'0) : () + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39] (x : int32) (y : int32) : () - axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord14] cmp_log'1 x y = C_Greater'0) - -> ([%#sord15] cmp_log'1 y x = C_Less'0) + goal vc_cmp_lt_log'0 : [%#sord0] (x < y) = (cmp_log'0 x y = C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi211457485035727011__cmp_ge_log [#"../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 139 39 139 86 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 137 8 137 35 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 61 4 61 34] (x : t_T'0) (y : t_T'0) : () + use prelude.prelude.Int - axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord12] cmp_log'1 x y = C_Less'0) - -> ([%#sord13] cmp_log'1 y x = C_Greater'0) + use prelude.prelude.Int32 + + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 56 4 56 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int32) (o : int32) : t_Ordering'0 + = + [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord9] cmp_log'1 x y = o) - -> ([%#sord10] cmp_log'1 y z = o) -> ([%#sord11] cmp_log'1 x z = o) + constant x : int32 - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 50 4 50 21] (x : t_T'0) : () + constant y : int32 - axiom refl'0_spec : forall x : t_T'0 . [%#sord8] cmp_log'1 x x = C_Equal'0 + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39] (x : int32) (y : int32) : () - function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 40 4 40 36] (self : t_T'0) (o : t_T'0) : bool + goal vc_cmp_ge_log'0 : [%#sord0] (x >= y) = (cmp_log'0 x y <> C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi211457485035727011__cmp_gt_log [#"../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 144 39 144 89 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 142 8 142 35 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (x : t_T'0) (y : t_T'0) : () + use prelude.prelude.Int - axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord7] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) + use prelude.prelude.Int32 - function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (self : t_T'0) (o : t_T'0) : bool + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 36 4 36 36] (x : t_T'0) (y : t_T'0) : () + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int32) (o : int32) : t_Ordering'0 + + = + [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord6] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) + constant x : int32 - function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 20 4 20 36] (self : t_T'0) (o : t_T'0) : bool + constant y : int32 - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 26 4 26 36] (x : t_T'0) (y : t_T'0) : () + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39] (x : int32) (y : int32) : () - axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) + goal vc_cmp_gt_log'0 : [%#sord0] (x > y) = (cmp_log'0 x y = C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi211457485035727011__refl [#"../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 149 39 149 70 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 147 8 147 35 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - function le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 10 4 10 36] (self : t_T'0) (o : t_T'0) : bool + use prelude.prelude.Int32 - function cmp_le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 16 4 16 36] (x : t_T'0) (y : t_T'0) : () + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - axiom cmp_le_log'1_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] le_log'1 x y = (cmp_log'1 x y <> C_Greater'0) + use prelude.prelude.Int - function cmp_log'0 [#"../../../creusot-contracts/src/std/option.rs" 436 4 436 41] (self : t_Option'0) (o : t_Option'0) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int32) (o : int32) : t_Ordering'0 = - [%#soption3] match (self, o) with - | (C_None'0, C_None'0) -> C_Equal'0 - | (C_None'0, C_Some'0 _) -> C_Less'0 - | (C_Some'0 _, C_None'0) -> C_Greater'0 - | (C_Some'0 x, C_Some'0 y) -> cmp_log'1 x y - end + [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + + constant x : int32 - function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 10 4 10 36] (self : t_Option'0) (o : t_Option'0) : bool + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24] (x : int32) : () + + goal vc_refl'0 : [%#sord0] cmp_log'0 x x = C_Equal'0 +end +module M_creusot_contracts__logic__ord__qyi211457485035727011__trans [#"../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 154 40 154 57 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 155 40 155 57 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 156 39 156 56 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 152 8 152 35 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + + use prelude.prelude.Int32 + + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 + + use prelude.prelude.Int + + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int32) (o : int32) : t_Ordering'0 = - [%#sord2] cmp_log'0 self o <> C_Greater'0 + [%#sord4] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - constant x : t_Option'0 + constant x : int32 - constant y : t_Option'0 + constant y : int32 + + constant z : int32 + + constant o : t_Ordering'0 - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (x : t_Option'0) (y : t_Option'0) : () + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56] (x : int32) (y : int32) (z : int32) (o : t_Ordering'0) : () - goal vc_cmp_le_log'0 : [%#sord0] le_log'0 x y = (cmp_log'0 x y <> C_Greater'0) + goal vc_trans'0 : ([%#sord1] cmp_log'0 y z = o) -> ([%#sord0] cmp_log'0 x y = o) -> ([%#sord2] cmp_log'0 x z = o) end -module M_creusot_contracts__stdqy35z1__option__qyi10751279649878241649__cmp_lt_log [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (* as logic::ord::OrdLogic> *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 83 39 83 86 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 81 8 81 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 21 20 21 53 - let%span soption3 = "../../../creusot-contracts/src/std/option.rs" 437 8 442 9 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 15 14 15 64 - let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 25 14 25 61 - let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 35 14 35 61 - let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 45 14 45 64 - let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 49 14 49 45 - let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 53 15 53 32 - let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 54 15 54 32 - let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 55 14 55 31 - let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 59 15 59 45 - let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 60 14 60 47 - let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 64 15 64 48 - let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 65 14 65 44 - let%span sord16 = "../../../creusot-contracts/src/logic/ord.rs" 69 14 69 59 +module M_creusot_contracts__logic__ord__qyi211457485035727011__antisym1 [#"../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 161 40 161 70 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 162 39 162 72 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 159 8 159 35 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - type t_T'0 + use prelude.prelude.Int32 - type t_Option'0 = - | C_None'0 - | C_Some'0 t_T'0 + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 + + use prelude.prelude.Int + + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int32) (o : int32) : t_Ordering'0 + + = + [%#sord3] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + + constant x : int32 + + constant y : int32 + + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37] (x : int32) (y : int32) : () + + goal vc_antisym1'0 : ([%#sord0] cmp_log'0 x y = C_Less'0) -> ([%#sord1] cmp_log'0 y x = C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi211457485035727011__antisym2 [#"../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 167 40 167 73 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 168 39 168 69 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 165 8 165 35 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + + use prelude.prelude.Int32 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 6 4 6 42] (self : t_T'0) (_2 : t_T'0) : t_Ordering'0 + use prelude.prelude.Int + + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int32) (o : int32) : t_Ordering'0 + = + [%#sord3] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 70 4 70 32] (x : t_T'0) (y : t_T'0) : () + constant x : int32 - axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord16] (x = y) = (cmp_log'1 x y = C_Equal'0) + constant y : int32 - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 66 4 66 34] (x : t_T'0) (y : t_T'0) : () + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37] (x : int32) (y : int32) : () - axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord14] cmp_log'1 x y = C_Greater'0) - -> ([%#sord15] cmp_log'1 y x = C_Less'0) + goal vc_antisym2'0 : ([%#sord0] cmp_log'0 x y = C_Greater'0) -> ([%#sord1] cmp_log'0 y x = C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi211457485035727011__eq_cmp [#"../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 173 39 173 84 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 171 8 171 35 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 61 4 61 34] (x : t_T'0) (y : t_T'0) : () + use prelude.prelude.Int32 - axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord12] cmp_log'1 x y = C_Less'0) - -> ([%#sord13] cmp_log'1 y x = C_Greater'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 + + use prelude.prelude.Int - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 56 4 56 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int32) (o : int32) : t_Ordering'0 + = + [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord9] cmp_log'1 x y = o) - -> ([%#sord10] cmp_log'1 y z = o) -> ([%#sord11] cmp_log'1 x z = o) + constant x : int32 - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 50 4 50 21] (x : t_T'0) : () + constant y : int32 - axiom refl'0_spec : forall x : t_T'0 . [%#sord8] cmp_log'1 x x = C_Equal'0 + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35] (x : int32) (y : int32) : () - function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 40 4 40 36] (self : t_T'0) (o : t_T'0) : bool + goal vc_eq_cmp'0 : [%#sord0] (x = y) = (cmp_log'0 x y = C_Equal'0) +end +module M_creusot_contracts__logic__ord__qyi2565746305859701215__cmp_le_log [#"../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 129 39 129 89 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 127 8 127 35 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (x : t_T'0) (y : t_T'0) : () + use prelude.prelude.Int - axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord7] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) + use prelude.prelude.Int64 - function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (self : t_T'0) (o : t_T'0) : bool + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 36 4 36 36] (x : t_T'0) (y : t_T'0) : () + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int64) (o : int64) : t_Ordering'0 + + = + [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord6] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) + constant x : int64 - function lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 20 4 20 36] (self : t_T'0) (o : t_T'0) : bool + constant y : int64 - function cmp_lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 26 4 26 36] (x : t_T'0) (y : t_T'0) : () + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39] (x : int64) (y : int64) : () - axiom cmp_lt_log'1_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] lt_log'1 x y = (cmp_log'1 x y = C_Less'0) + goal vc_cmp_le_log'0 : [%#sord0] (x <= y) = (cmp_log'0 x y <> C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi2565746305859701215__cmp_lt_log [#"../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 134 39 134 86 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 132 8 132 35 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 10 4 10 36] (self : t_T'0) (o : t_T'0) : bool + use prelude.prelude.Int - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 16 4 16 36] (x : t_T'0) (y : t_T'0) : () + use prelude.prelude.Int64 - axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/std/option.rs" 436 4 436 41] (self : t_Option'0) (o : t_Option'0) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int64) (o : int64) : t_Ordering'0 = - [%#soption3] match (self, o) with - | (C_None'0, C_None'0) -> C_Equal'0 - | (C_None'0, C_Some'0 _) -> C_Less'0 - | (C_Some'0 _, C_None'0) -> C_Greater'0 - | (C_Some'0 x, C_Some'0 y) -> cmp_log'1 x y - end + [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + + constant x : int64 + + constant y : int64 + + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39] (x : int64) (y : int64) : () + + goal vc_cmp_lt_log'0 : [%#sord0] (x < y) = (cmp_log'0 x y = C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi2565746305859701215__cmp_ge_log [#"../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 139 39 139 86 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 137 8 137 35 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + + use prelude.prelude.Int + + use prelude.prelude.Int64 + + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 20 4 20 36] (self : t_Option'0) (o : t_Option'0) : bool + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int64) (o : int64) : t_Ordering'0 = - [%#sord2] cmp_log'0 self o = C_Less'0 + [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - constant x : t_Option'0 + constant x : int64 - constant y : t_Option'0 + constant y : int64 + + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39] (x : int64) (y : int64) : () + + goal vc_cmp_ge_log'0 : [%#sord0] (x >= y) = (cmp_log'0 x y <> C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi2565746305859701215__cmp_gt_log [#"../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 144 39 144 89 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 142 8 142 35 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + + use prelude.prelude.Int + + use prelude.prelude.Int64 + + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (x : t_Option'0) (y : t_Option'0) : () + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int64) (o : int64) : t_Ordering'0 + = + [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal vc_cmp_lt_log'0 : [%#sord0] lt_log'0 x y = (cmp_log'0 x y = C_Less'0) + constant x : int64 + + constant y : int64 + + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39] (x : int64) (y : int64) : () + + goal vc_cmp_gt_log'0 : [%#sord0] (x > y) = (cmp_log'0 x y = C_Greater'0) end -module M_creusot_contracts__stdqy35z1__option__qyi10751279649878241649__cmp_ge_log [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (* as logic::ord::OrdLogic> *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 88 39 88 86 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 86 8 86 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 31 20 31 53 - let%span soption3 = "../../../creusot-contracts/src/std/option.rs" 437 8 442 9 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 15 14 15 64 - let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 25 14 25 61 - let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 35 14 35 61 - let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 45 14 45 64 - let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 49 14 49 45 - let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 53 15 53 32 - let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 54 15 54 32 - let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 55 14 55 31 - let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 59 15 59 45 - let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 60 14 60 47 - let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 64 15 64 48 - let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 65 14 65 44 - let%span sord16 = "../../../creusot-contracts/src/logic/ord.rs" 69 14 69 59 +module M_creusot_contracts__logic__ord__qyi2565746305859701215__refl [#"../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 149 39 149 70 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 147 8 147 35 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - type t_T'0 + use prelude.prelude.Int64 + + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 + + use prelude.prelude.Int + + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int64) (o : int64) : t_Ordering'0 + + = + [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + + constant x : int64 + + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24] (x : int64) : () + + goal vc_refl'0 : [%#sord0] cmp_log'0 x x = C_Equal'0 +end +module M_creusot_contracts__logic__ord__qyi2565746305859701215__trans [#"../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 154 40 154 57 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 155 40 155 57 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 156 39 156 56 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 152 8 152 35 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - type t_Option'0 = - | C_None'0 - | C_Some'0 t_T'0 + use prelude.prelude.Int64 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 6 4 6 42] (self : t_T'0) (_2 : t_T'0) : t_Ordering'0 - - - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 70 4 70 32] (x : t_T'0) (y : t_T'0) : () + use prelude.prelude.Int - axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord16] (x = y) = (cmp_log'1 x y = C_Equal'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int64) (o : int64) : t_Ordering'0 + + = + [%#sord4] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 66 4 66 34] (x : t_T'0) (y : t_T'0) : () + constant x : int64 - axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord14] cmp_log'1 x y = C_Greater'0) - -> ([%#sord15] cmp_log'1 y x = C_Less'0) + constant y : int64 - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 61 4 61 34] (x : t_T'0) (y : t_T'0) : () + constant z : int64 - axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord12] cmp_log'1 x y = C_Less'0) - -> ([%#sord13] cmp_log'1 y x = C_Greater'0) + constant o : t_Ordering'0 - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 56 4 56 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56] (x : int64) (y : int64) (z : int64) (o : t_Ordering'0) : () - axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord9] cmp_log'1 x y = o) - -> ([%#sord10] cmp_log'1 y z = o) -> ([%#sord11] cmp_log'1 x z = o) - - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 50 4 50 21] (x : t_T'0) : () - - axiom refl'0_spec : forall x : t_T'0 . [%#sord8] cmp_log'1 x x = C_Equal'0 - - function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 40 4 40 36] (self : t_T'0) (o : t_T'0) : bool - - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (x : t_T'0) (y : t_T'0) : () + goal vc_trans'0 : ([%#sord1] cmp_log'0 y z = o) -> ([%#sord0] cmp_log'0 x y = o) -> ([%#sord2] cmp_log'0 x z = o) +end +module M_creusot_contracts__logic__ord__qyi2565746305859701215__antisym1 [#"../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 161 40 161 70 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 162 39 162 72 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 159 8 159 35 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord7] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) + use prelude.prelude.Int64 - function ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (self : t_T'0) (o : t_T'0) : bool + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function cmp_ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 36 4 36 36] (x : t_T'0) (y : t_T'0) : () + use prelude.prelude.Int - axiom cmp_ge_log'1_spec : forall x : t_T'0, y : t_T'0 . [%#sord6] ge_log'1 x y = (cmp_log'1 x y <> C_Less'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int64) (o : int64) : t_Ordering'0 + + = + [%#sord3] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 20 4 20 36] (self : t_T'0) (o : t_T'0) : bool + constant x : int64 - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 26 4 26 36] (x : t_T'0) (y : t_T'0) : () + constant y : int64 - axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37] (x : int64) (y : int64) : () - function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 10 4 10 36] (self : t_T'0) (o : t_T'0) : bool + goal vc_antisym1'0 : ([%#sord0] cmp_log'0 x y = C_Less'0) -> ([%#sord1] cmp_log'0 y x = C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi2565746305859701215__antisym2 [#"../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 167 40 167 73 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 168 39 168 69 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 165 8 165 35 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 16 4 16 36] (x : t_T'0) (y : t_T'0) : () + use prelude.prelude.Int64 - axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/std/option.rs" 436 4 436 41] (self : t_Option'0) (o : t_Option'0) : t_Ordering'0 - - = - [%#soption3] match (self, o) with - | (C_None'0, C_None'0) -> C_Equal'0 - | (C_None'0, C_Some'0 _) -> C_Less'0 - | (C_Some'0 _, C_None'0) -> C_Greater'0 - | (C_Some'0 x, C_Some'0 y) -> cmp_log'1 x y - end + use prelude.prelude.Int - function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (self : t_Option'0) (o : t_Option'0) : bool + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int64) (o : int64) : t_Ordering'0 = - [%#sord2] cmp_log'0 self o <> C_Less'0 + [%#sord3] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - constant x : t_Option'0 + constant x : int64 - constant y : t_Option'0 + constant y : int64 - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (x : t_Option'0) (y : t_Option'0) : () - + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37] (x : int64) (y : int64) : () - goal vc_cmp_ge_log'0 : [%#sord0] ge_log'0 x y = (cmp_log'0 x y <> C_Less'0) + goal vc_antisym2'0 : ([%#sord0] cmp_log'0 x y = C_Greater'0) -> ([%#sord1] cmp_log'0 y x = C_Less'0) end -module M_creusot_contracts__stdqy35z1__option__qyi10751279649878241649__cmp_gt_log [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (* as logic::ord::OrdLogic> *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 93 39 93 89 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 91 8 91 35 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 41 20 41 56 - let%span soption3 = "../../../creusot-contracts/src/std/option.rs" 437 8 442 9 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 15 14 15 64 - let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 25 14 25 61 - let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 35 14 35 61 - let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 45 14 45 64 - let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 49 14 49 45 - let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 53 15 53 32 - let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 54 15 54 32 - let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 55 14 55 31 - let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 59 15 59 45 - let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 60 14 60 47 - let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 64 15 64 48 - let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 65 14 65 44 - let%span sord16 = "../../../creusot-contracts/src/logic/ord.rs" 69 14 69 59 - - type t_T'0 +module M_creusot_contracts__logic__ord__qyi2565746305859701215__eq_cmp [#"../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 173 39 173 84 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 171 8 171 35 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - type t_Option'0 = - | C_None'0 - | C_Some'0 t_T'0 + use prelude.prelude.Int64 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 6 4 6 42] (self : t_T'0) (_2 : t_T'0) : t_Ordering'0 + use prelude.prelude.Int + + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int64) (o : int64) : t_Ordering'0 + = + [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 70 4 70 32] (x : t_T'0) (y : t_T'0) : () + constant x : int64 - axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord16] (x = y) = (cmp_log'1 x y = C_Equal'0) + constant y : int64 - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 66 4 66 34] (x : t_T'0) (y : t_T'0) : () + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35] (x : int64) (y : int64) : () - axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord14] cmp_log'1 x y = C_Greater'0) - -> ([%#sord15] cmp_log'1 y x = C_Less'0) + goal vc_eq_cmp'0 : [%#sord0] (x = y) = (cmp_log'0 x y = C_Equal'0) +end +module M_creusot_contracts__logic__ord__qyi2364657485180829964__cmp_le_log [#"../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 129 39 129 89 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 127 8 127 35 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 61 4 61 34] (x : t_T'0) (y : t_T'0) : () + use prelude.prelude.Int - axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord12] cmp_log'1 x y = C_Less'0) - -> ([%#sord13] cmp_log'1 y x = C_Greater'0) + use prelude.prelude.Int128 - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 56 4 56 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () - + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord9] cmp_log'1 x y = o) - -> ([%#sord10] cmp_log'1 y z = o) -> ([%#sord11] cmp_log'1 x z = o) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int128) (o : int128) : t_Ordering'0 + + = + [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 50 4 50 21] (x : t_T'0) : () + constant x : int128 - axiom refl'0_spec : forall x : t_T'0 . [%#sord8] cmp_log'1 x x = C_Equal'0 + constant y : int128 - function gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 40 4 40 36] (self : t_T'0) (o : t_T'0) : bool + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39] (x : int128) (y : int128) : () - function cmp_gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (x : t_T'0) (y : t_T'0) : () + goal vc_cmp_le_log'0 : [%#sord0] (x <= y) = (cmp_log'0 x y <> C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi2364657485180829964__cmp_lt_log [#"../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 134 39 134 86 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 132 8 132 35 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - axiom cmp_gt_log'1_spec : forall x : t_T'0, y : t_T'0 . [%#sord7] gt_log'1 x y = (cmp_log'1 x y = C_Greater'0) + use prelude.prelude.Int - function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (self : t_T'0) (o : t_T'0) : bool + use prelude.prelude.Int128 - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 36 4 36 36] (x : t_T'0) (y : t_T'0) : () + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord6] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int128) (o : int128) : t_Ordering'0 + + = + [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 20 4 20 36] (self : t_T'0) (o : t_T'0) : bool + constant x : int128 - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 26 4 26 36] (x : t_T'0) (y : t_T'0) : () + constant y : int128 - axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39] (x : int128) (y : int128) : () - function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 10 4 10 36] (self : t_T'0) (o : t_T'0) : bool + goal vc_cmp_lt_log'0 : [%#sord0] (x < y) = (cmp_log'0 x y = C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi2364657485180829964__cmp_ge_log [#"../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 139 39 139 86 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 137 8 137 35 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 16 4 16 36] (x : t_T'0) (y : t_T'0) : () + use prelude.prelude.Int - axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) + use prelude.prelude.Int128 - function cmp_log'0 [#"../../../creusot-contracts/src/std/option.rs" 436 4 436 41] (self : t_Option'0) (o : t_Option'0) : t_Ordering'0 - - = - [%#soption3] match (self, o) with - | (C_None'0, C_None'0) -> C_Equal'0 - | (C_None'0, C_Some'0 _) -> C_Less'0 - | (C_Some'0 _, C_None'0) -> C_Greater'0 - | (C_Some'0 x, C_Some'0 y) -> cmp_log'1 x y - end + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 40 4 40 36] (self : t_Option'0) (o : t_Option'0) : bool + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int128) (o : int128) : t_Ordering'0 = - [%#sord2] cmp_log'0 self o = C_Greater'0 + [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - constant x : t_Option'0 + constant x : int128 - constant y : t_Option'0 + constant y : int128 - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (x : t_Option'0) (y : t_Option'0) : () - + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39] (x : int128) (y : int128) : () - goal vc_cmp_gt_log'0 : [%#sord0] gt_log'0 x y = (cmp_log'0 x y = C_Greater'0) + goal vc_cmp_ge_log'0 : [%#sord0] (x >= y) = (cmp_log'0 x y <> C_Less'0) end -module M_creusot_contracts__stdqy35z1__option__qyi10751279649878241649__refl [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (* as logic::ord::OrdLogic> *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 98 39 98 70 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 96 8 96 35 - let%span soption2 = "../../../creusot-contracts/src/std/option.rs" 437 8 442 9 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 15 14 15 64 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 25 14 25 61 - let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 35 14 35 61 - let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 45 14 45 64 - let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 49 14 49 45 - let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 53 15 53 32 - let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 54 15 54 32 - let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 55 14 55 31 - let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 59 15 59 45 - let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 60 14 60 47 - let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 64 15 64 48 - let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 65 14 65 44 - let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 69 14 69 59 +module M_creusot_contracts__logic__ord__qyi2364657485180829964__cmp_gt_log [#"../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 144 39 144 89 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 142 8 142 35 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - type t_T'0 + use prelude.prelude.Int - type t_Option'0 = - | C_None'0 - | C_Some'0 t_T'0 + use prelude.prelude.Int128 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 6 4 6 42] (self : t_T'0) (_2 : t_T'0) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int128) (o : int128) : t_Ordering'0 + = + [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 70 4 70 32] (x : t_T'0) (y : t_T'0) : () + constant x : int128 - axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord15] (x = y) = (cmp_log'1 x y = C_Equal'0) + constant y : int128 - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 66 4 66 34] (x : t_T'0) (y : t_T'0) : () + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39] (x : int128) (y : int128) : () - axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord13] cmp_log'1 x y = C_Greater'0) - -> ([%#sord14] cmp_log'1 y x = C_Less'0) + goal vc_cmp_gt_log'0 : [%#sord0] (x > y) = (cmp_log'0 x y = C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi2364657485180829964__refl [#"../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 149 39 149 70 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 147 8 147 35 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 61 4 61 34] (x : t_T'0) (y : t_T'0) : () + use prelude.prelude.Int128 - axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord11] cmp_log'1 x y = C_Less'0) - -> ([%#sord12] cmp_log'1 y x = C_Greater'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 + + use prelude.prelude.Int - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 56 4 56 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int128) (o : int128) : t_Ordering'0 + = + [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord8] cmp_log'1 x y = o) - -> ([%#sord9] cmp_log'1 y z = o) -> ([%#sord10] cmp_log'1 x z = o) + constant x : int128 - function refl'1 [#"../../../creusot-contracts/src/logic/ord.rs" 50 4 50 21] (x : t_T'0) : () + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24] (x : int128) : () - axiom refl'1_spec : forall x : t_T'0 . [%#sord7] cmp_log'1 x x = C_Equal'0 + goal vc_refl'0 : [%#sord0] cmp_log'0 x x = C_Equal'0 +end +module M_creusot_contracts__logic__ord__qyi2364657485180829964__trans [#"../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 154 40 154 57 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 155 40 155 57 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 156 39 156 56 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 152 8 152 35 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 40 4 40 36] (self : t_T'0) (o : t_T'0) : bool + use prelude.prelude.Int128 - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (x : t_T'0) (y : t_T'0) : () + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord6] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) + use prelude.prelude.Int - function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (self : t_T'0) (o : t_T'0) : bool + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int128) (o : int128) : t_Ordering'0 + + = + [%#sord4] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 36 4 36 36] (x : t_T'0) (y : t_T'0) : () + constant x : int128 - axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) + constant y : int128 - function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 20 4 20 36] (self : t_T'0) (o : t_T'0) : bool + constant z : int128 - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 26 4 26 36] (x : t_T'0) (y : t_T'0) : () + constant o : t_Ordering'0 - axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56] (x : int128) (y : int128) (z : int128) (o : t_Ordering'0) : () + + + goal vc_trans'0 : ([%#sord1] cmp_log'0 y z = o) -> ([%#sord0] cmp_log'0 x y = o) -> ([%#sord2] cmp_log'0 x z = o) +end +module M_creusot_contracts__logic__ord__qyi2364657485180829964__antisym1 [#"../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 161 40 161 70 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 162 39 162 72 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 159 8 159 35 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 10 4 10 36] (self : t_T'0) (o : t_T'0) : bool + use prelude.prelude.Int128 - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 16 4 16 36] (x : t_T'0) (y : t_T'0) : () + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord3] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) + use prelude.prelude.Int - function cmp_log'0 [#"../../../creusot-contracts/src/std/option.rs" 436 4 436 41] (self : t_Option'0) (o : t_Option'0) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int128) (o : int128) : t_Ordering'0 = - [%#soption2] match (self, o) with - | (C_None'0, C_None'0) -> C_Equal'0 - | (C_None'0, C_Some'0 _) -> C_Less'0 - | (C_Some'0 _, C_None'0) -> C_Greater'0 - | (C_Some'0 x, C_Some'0 y) -> cmp_log'1 x y - end + [%#sord3] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - constant x : t_Option'0 + constant x : int128 - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (x : t_Option'0) : () + constant y : int128 - goal vc_refl'0 : [%#sord0] cmp_log'0 x x = C_Equal'0 -end -module M_creusot_contracts__stdqy35z1__option__qyi10751279649878241649__trans [#"../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56] (* as logic::ord::OrdLogic> *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 103 40 103 57 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 104 40 104 57 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 105 39 105 56 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 101 8 101 35 - let%span soption4 = "../../../creusot-contracts/src/std/option.rs" 437 8 442 9 - let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 15 14 15 64 - let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 25 14 25 61 - let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 35 14 35 61 - let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 45 14 45 64 - let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 49 14 49 45 - let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 53 15 53 32 - let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 54 15 54 32 - let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 55 14 55 31 - let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 59 15 59 45 - let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 60 14 60 47 - let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 64 15 64 48 - let%span sord16 = "../../../creusot-contracts/src/logic/ord.rs" 65 14 65 44 - let%span sord17 = "../../../creusot-contracts/src/logic/ord.rs" 69 14 69 59 + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37] (x : int128) (y : int128) : () - type t_T'0 + goal vc_antisym1'0 : ([%#sord0] cmp_log'0 x y = C_Less'0) -> ([%#sord1] cmp_log'0 y x = C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi2364657485180829964__antisym2 [#"../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 167 40 167 73 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 168 39 168 69 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 165 8 165 35 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - type t_Option'0 = - | C_None'0 - | C_Some'0 t_T'0 + use prelude.prelude.Int128 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 6 4 6 42] (self : t_T'0) (_2 : t_T'0) : t_Ordering'0 + use prelude.prelude.Int + + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int128) (o : int128) : t_Ordering'0 + = + [%#sord3] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 70 4 70 32] (x : t_T'0) (y : t_T'0) : () + constant x : int128 - axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord17] (x = y) = (cmp_log'1 x y = C_Equal'0) + constant y : int128 - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 66 4 66 34] (x : t_T'0) (y : t_T'0) : () + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37] (x : int128) (y : int128) : () - axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord15] cmp_log'1 x y = C_Greater'0) - -> ([%#sord16] cmp_log'1 y x = C_Less'0) + goal vc_antisym2'0 : ([%#sord0] cmp_log'0 x y = C_Greater'0) -> ([%#sord1] cmp_log'0 y x = C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi2364657485180829964__eq_cmp [#"../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 173 39 173 84 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 171 8 171 35 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + + use prelude.prelude.Int128 - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 61 4 61 34] (x : t_T'0) (y : t_T'0) : () + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord13] cmp_log'1 x y = C_Less'0) - -> ([%#sord14] cmp_log'1 y x = C_Greater'0) + use prelude.prelude.Int - function trans'1 [#"../../../creusot-contracts/src/logic/ord.rs" 56 4 56 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int128) (o : int128) : t_Ordering'0 + = + [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - axiom trans'1_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord10] cmp_log'1 x y = o) - -> ([%#sord11] cmp_log'1 y z = o) -> ([%#sord12] cmp_log'1 x z = o) + constant x : int128 - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 50 4 50 21] (x : t_T'0) : () + constant y : int128 - axiom refl'0_spec : forall x : t_T'0 . [%#sord9] cmp_log'1 x x = C_Equal'0 + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35] (x : int128) (y : int128) : () - function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 40 4 40 36] (self : t_T'0) (o : t_T'0) : bool + goal vc_eq_cmp'0 : [%#sord0] (x = y) = (cmp_log'0 x y = C_Equal'0) +end +module M_creusot_contracts__logic__ord__qyi8047313880300482848__cmp_le_log [#"../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 129 39 129 89 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 127 8 127 35 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (x : t_T'0) (y : t_T'0) : () + use prelude.prelude.Int - axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord8] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) + use prelude.prelude.IntSize - function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (self : t_T'0) (o : t_T'0) : bool + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 36 4 36 36] (x : t_T'0) (y : t_T'0) : () + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : isize) (o : isize) : t_Ordering'0 + + = + [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord7] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) + constant x : isize - function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 20 4 20 36] (self : t_T'0) (o : t_T'0) : bool + constant y : isize - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 26 4 26 36] (x : t_T'0) (y : t_T'0) : () + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39] (x : isize) (y : isize) : () - axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord6] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) + goal vc_cmp_le_log'0 : [%#sord0] (x <= y) = (cmp_log'0 x y <> C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi8047313880300482848__cmp_lt_log [#"../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 134 39 134 86 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 132 8 132 35 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 10 4 10 36] (self : t_T'0) (o : t_T'0) : bool + use prelude.prelude.Int - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 16 4 16 36] (x : t_T'0) (y : t_T'0) : () + use prelude.prelude.IntSize - axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/std/option.rs" 436 4 436 41] (self : t_Option'0) (o : t_Option'0) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : isize) (o : isize) : t_Ordering'0 = - [%#soption4] match (self, o) with - | (C_None'0, C_None'0) -> C_Equal'0 - | (C_None'0, C_Some'0 _) -> C_Less'0 - | (C_Some'0 _, C_None'0) -> C_Greater'0 - | (C_Some'0 x, C_Some'0 y) -> cmp_log'1 x y - end - - constant x : t_Option'0 - - constant y : t_Option'0 + [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - constant z : t_Option'0 + constant x : isize - constant o : t_Ordering'0 + constant y : isize - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56] (x : t_Option'0) (y : t_Option'0) (z : t_Option'0) (o : t_Ordering'0) : () - + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39] (x : isize) (y : isize) : () - goal vc_trans'0 : ([%#sord1] cmp_log'0 y z = o) -> ([%#sord0] cmp_log'0 x y = o) -> ([%#sord2] cmp_log'0 x z = o) + goal vc_cmp_lt_log'0 : [%#sord0] (x < y) = (cmp_log'0 x y = C_Less'0) end -module M_creusot_contracts__stdqy35z1__option__qyi10751279649878241649__antisym1 [#"../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37] (* as logic::ord::OrdLogic> *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 110 40 110 70 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 111 39 111 72 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 108 8 108 35 - let%span soption3 = "../../../creusot-contracts/src/std/option.rs" 437 8 442 9 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 15 14 15 64 - let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 25 14 25 61 - let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 35 14 35 61 - let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 45 14 45 64 - let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 49 14 49 45 - let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 53 15 53 32 - let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 54 15 54 32 - let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 55 14 55 31 - let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 59 15 59 45 - let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 60 14 60 47 - let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 64 15 64 48 - let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 65 14 65 44 - let%span sord16 = "../../../creusot-contracts/src/logic/ord.rs" 69 14 69 59 +module M_creusot_contracts__logic__ord__qyi8047313880300482848__cmp_ge_log [#"../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 139 39 139 86 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 137 8 137 35 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - type t_T'0 + use prelude.prelude.Int - type t_Option'0 = - | C_None'0 - | C_Some'0 t_T'0 + use prelude.prelude.IntSize type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 6 4 6 42] (self : t_T'0) (_2 : t_T'0) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : isize) (o : isize) : t_Ordering'0 + = + [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 70 4 70 32] (x : t_T'0) (y : t_T'0) : () + constant x : isize - axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord16] (x = y) = (cmp_log'1 x y = C_Equal'0) + constant y : isize - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 66 4 66 34] (x : t_T'0) (y : t_T'0) : () + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39] (x : isize) (y : isize) : () - axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord14] cmp_log'1 x y = C_Greater'0) - -> ([%#sord15] cmp_log'1 y x = C_Less'0) + goal vc_cmp_ge_log'0 : [%#sord0] (x >= y) = (cmp_log'0 x y <> C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi8047313880300482848__cmp_gt_log [#"../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 144 39 144 89 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 142 8 142 35 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - function antisym1'1 [#"../../../creusot-contracts/src/logic/ord.rs" 61 4 61 34] (x : t_T'0) (y : t_T'0) : () + use prelude.prelude.Int - axiom antisym1'1_spec : forall x : t_T'0, y : t_T'0 . ([%#sord12] cmp_log'1 x y = C_Less'0) - -> ([%#sord13] cmp_log'1 y x = C_Greater'0) + use prelude.prelude.IntSize - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 56 4 56 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () - + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord9] cmp_log'1 x y = o) - -> ([%#sord10] cmp_log'1 y z = o) -> ([%#sord11] cmp_log'1 x z = o) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : isize) (o : isize) : t_Ordering'0 + + = + [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 50 4 50 21] (x : t_T'0) : () + constant x : isize - axiom refl'0_spec : forall x : t_T'0 . [%#sord8] cmp_log'1 x x = C_Equal'0 + constant y : isize - function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 40 4 40 36] (self : t_T'0) (o : t_T'0) : bool + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39] (x : isize) (y : isize) : () - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (x : t_T'0) (y : t_T'0) : () + goal vc_cmp_gt_log'0 : [%#sord0] (x > y) = (cmp_log'0 x y = C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi8047313880300482848__refl [#"../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 149 39 149 70 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 147 8 147 35 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord7] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) + use prelude.prelude.IntSize - function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (self : t_T'0) (o : t_T'0) : bool + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 36 4 36 36] (x : t_T'0) (y : t_T'0) : () + use prelude.prelude.Int - axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord6] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : isize) (o : isize) : t_Ordering'0 + + = + [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 20 4 20 36] (self : t_T'0) (o : t_T'0) : bool + constant x : isize - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 26 4 26 36] (x : t_T'0) (y : t_T'0) : () + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24] (x : isize) : () - axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) + goal vc_refl'0 : [%#sord0] cmp_log'0 x x = C_Equal'0 +end +module M_creusot_contracts__logic__ord__qyi8047313880300482848__trans [#"../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 154 40 154 57 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 155 40 155 57 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 156 39 156 56 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 152 8 152 35 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 10 4 10 36] (self : t_T'0) (o : t_T'0) : bool + use prelude.prelude.IntSize - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 16 4 16 36] (x : t_T'0) (y : t_T'0) : () + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) + use prelude.prelude.Int - function cmp_log'0 [#"../../../creusot-contracts/src/std/option.rs" 436 4 436 41] (self : t_Option'0) (o : t_Option'0) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : isize) (o : isize) : t_Ordering'0 = - [%#soption3] match (self, o) with - | (C_None'0, C_None'0) -> C_Equal'0 - | (C_None'0, C_Some'0 _) -> C_Less'0 - | (C_Some'0 _, C_None'0) -> C_Greater'0 - | (C_Some'0 x, C_Some'0 y) -> cmp_log'1 x y - end + [%#sord4] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - constant x : t_Option'0 + constant x : isize - constant y : t_Option'0 + constant y : isize - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37] (x : t_Option'0) (y : t_Option'0) : () + constant z : isize + + constant o : t_Ordering'0 + + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56] (x : isize) (y : isize) (z : isize) (o : t_Ordering'0) : () - goal vc_antisym1'0 : ([%#sord0] cmp_log'0 x y = C_Less'0) -> ([%#sord1] cmp_log'0 y x = C_Greater'0) + goal vc_trans'0 : ([%#sord1] cmp_log'0 y z = o) -> ([%#sord0] cmp_log'0 x y = o) -> ([%#sord2] cmp_log'0 x z = o) end -module M_creusot_contracts__stdqy35z1__option__qyi10751279649878241649__antisym2 [#"../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37] (* as logic::ord::OrdLogic> *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 116 40 116 73 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 117 39 117 69 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 114 8 114 35 - let%span soption3 = "../../../creusot-contracts/src/std/option.rs" 437 8 442 9 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 15 14 15 64 - let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 25 14 25 61 - let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 35 14 35 61 - let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 45 14 45 64 - let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 49 14 49 45 - let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 53 15 53 32 - let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 54 15 54 32 - let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 55 14 55 31 - let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 59 15 59 45 - let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 60 14 60 47 - let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 64 15 64 48 - let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 65 14 65 44 - let%span sord16 = "../../../creusot-contracts/src/logic/ord.rs" 69 14 69 59 - - type t_T'0 +module M_creusot_contracts__logic__ord__qyi8047313880300482848__antisym1 [#"../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 161 40 161 70 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 162 39 162 72 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 159 8 159 35 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - type t_Option'0 = - | C_None'0 - | C_Some'0 t_T'0 + use prelude.prelude.IntSize type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 6 4 6 42] (self : t_T'0) (_2 : t_T'0) : t_Ordering'0 - + use prelude.prelude.Int - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 70 4 70 32] (x : t_T'0) (y : t_T'0) : () + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : isize) (o : isize) : t_Ordering'0 + + = + [%#sord3] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord16] (x = y) = (cmp_log'1 x y = C_Equal'0) + constant x : isize - function antisym2'1 [#"../../../creusot-contracts/src/logic/ord.rs" 66 4 66 34] (x : t_T'0) (y : t_T'0) : () + constant y : isize - axiom antisym2'1_spec : forall x : t_T'0, y : t_T'0 . ([%#sord14] cmp_log'1 x y = C_Greater'0) - -> ([%#sord15] cmp_log'1 y x = C_Less'0) + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37] (x : isize) (y : isize) : () - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 61 4 61 34] (x : t_T'0) (y : t_T'0) : () + goal vc_antisym1'0 : ([%#sord0] cmp_log'0 x y = C_Less'0) -> ([%#sord1] cmp_log'0 y x = C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi8047313880300482848__antisym2 [#"../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 167 40 167 73 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 168 39 168 69 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 165 8 165 35 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord12] cmp_log'1 x y = C_Less'0) - -> ([%#sord13] cmp_log'1 y x = C_Greater'0) + use prelude.prelude.IntSize - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 56 4 56 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () - + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord9] cmp_log'1 x y = o) - -> ([%#sord10] cmp_log'1 y z = o) -> ([%#sord11] cmp_log'1 x z = o) + use prelude.prelude.Int - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 50 4 50 21] (x : t_T'0) : () + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : isize) (o : isize) : t_Ordering'0 + + = + [%#sord3] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - axiom refl'0_spec : forall x : t_T'0 . [%#sord8] cmp_log'1 x x = C_Equal'0 + constant x : isize - function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 40 4 40 36] (self : t_T'0) (o : t_T'0) : bool + constant y : isize - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (x : t_T'0) (y : t_T'0) : () + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37] (x : isize) (y : isize) : () - axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord7] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) + goal vc_antisym2'0 : ([%#sord0] cmp_log'0 x y = C_Greater'0) -> ([%#sord1] cmp_log'0 y x = C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi8047313880300482848__eq_cmp [#"../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 173 39 173 84 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 171 8 171 35 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (self : t_T'0) (o : t_T'0) : bool + use prelude.prelude.IntSize - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 36 4 36 36] (x : t_T'0) (y : t_T'0) : () + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord6] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) + use prelude.prelude.Int - function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 20 4 20 36] (self : t_T'0) (o : t_T'0) : bool + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : isize) (o : isize) : t_Ordering'0 + + = + [%#sord2] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 26 4 26 36] (x : t_T'0) (y : t_T'0) : () + constant x : isize - axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) + constant y : isize - function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 10 4 10 36] (self : t_T'0) (o : t_T'0) : bool + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35] (x : isize) (y : isize) : () - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 16 4 16 36] (x : t_T'0) (y : t_T'0) : () + goal vc_eq_cmp'0 : [%#sord0] (x = y) = (cmp_log'0 x y = C_Equal'0) +end +module M_creusot_contracts__logic__ord__qyi17836724837647357586__cmp_le_log [#"../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 129 39 129 89 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 127 8 127 35 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 25 20 25 56 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 248 8 253 9 - axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/std/option.rs" 436 4 436 41] (self : t_Option'0) (o : t_Option'0) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 247 4 247 41] (self : bool) (o : bool) : t_Ordering'0 = - [%#soption3] match (self, o) with - | (C_None'0, C_None'0) -> C_Equal'0 - | (C_None'0, C_Some'0 _) -> C_Less'0 - | (C_Some'0 _, C_None'0) -> C_Greater'0 - | (C_Some'0 x, C_Some'0 y) -> cmp_log'1 x y + [%#sord3] match (self, o) with + | (False, False) -> C_Equal'0 + | (True, True) -> C_Equal'0 + | (False, True) -> C_Less'0 + | (True, False) -> C_Greater'0 end - constant x : t_Option'0 - - constant y : t_Option'0 + function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : bool) (o : bool) : bool = + [%#sord2] cmp_log'0 self o <> C_Greater'0 - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37] (x : t_Option'0) (y : t_Option'0) : () - + constant x : bool - goal vc_antisym2'0 : ([%#sord0] cmp_log'0 x y = C_Greater'0) -> ([%#sord1] cmp_log'0 y x = C_Less'0) -end -module M_creusot_contracts__stdqy35z1__option__qyi10751279649878241649__eq_cmp [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (* as logic::ord::OrdLogic> *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 122 39 122 84 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 120 8 120 35 - let%span soption2 = "../../../creusot-contracts/src/std/option.rs" 437 8 442 9 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 15 14 15 64 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 25 14 25 61 - let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 35 14 35 61 - let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 45 14 45 64 - let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 49 14 49 45 - let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 53 15 53 32 - let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 54 15 54 32 - let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 55 14 55 31 - let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 59 15 59 45 - let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 60 14 60 47 - let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 64 15 64 48 - let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 65 14 65 44 - let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 69 14 69 59 + constant y : bool - type t_T'0 + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39] (x : bool) (y : bool) : () - type t_Option'0 = - | C_None'0 - | C_Some'0 t_T'0 + goal vc_cmp_le_log'0 : [%#sord0] le_log'0 x y = (cmp_log'0 x y <> C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi17836724837647357586__cmp_lt_log [#"../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 134 39 134 86 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 132 8 132 35 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 36 20 36 53 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 248 8 253 9 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 6 4 6 42] (self : t_T'0) (_2 : t_T'0) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 247 4 247 41] (self : bool) (o : bool) : t_Ordering'0 + = + [%#sord3] match (self, o) with + | (False, False) -> C_Equal'0 + | (True, True) -> C_Equal'0 + | (False, True) -> C_Less'0 + | (True, False) -> C_Greater'0 + end - function eq_cmp'1 [#"../../../creusot-contracts/src/logic/ord.rs" 70 4 70 32] (x : t_T'0) (y : t_T'0) : () + function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : bool) (o : bool) : bool = + [%#sord2] cmp_log'0 self o = C_Less'0 - axiom eq_cmp'1_spec : forall x : t_T'0, y : t_T'0 . [%#sord15] (x = y) = (cmp_log'1 x y = C_Equal'0) + constant x : bool - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 66 4 66 34] (x : t_T'0) (y : t_T'0) : () + constant y : bool - axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord13] cmp_log'1 x y = C_Greater'0) - -> ([%#sord14] cmp_log'1 y x = C_Less'0) + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39] (x : bool) (y : bool) : () - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 61 4 61 34] (x : t_T'0) (y : t_T'0) : () + goal vc_cmp_lt_log'0 : [%#sord0] lt_log'0 x y = (cmp_log'0 x y = C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi17836724837647357586__cmp_ge_log [#"../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 139 39 139 86 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 137 8 137 35 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 47 20 47 53 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 248 8 253 9 - axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord11] cmp_log'1 x y = C_Less'0) - -> ([%#sord12] cmp_log'1 y x = C_Greater'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 56 4 56 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 247 4 247 41] (self : bool) (o : bool) : t_Ordering'0 + = + [%#sord3] match (self, o) with + | (False, False) -> C_Equal'0 + | (True, True) -> C_Equal'0 + | (False, True) -> C_Less'0 + | (True, False) -> C_Greater'0 + end - axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord8] cmp_log'1 x y = o) - -> ([%#sord9] cmp_log'1 y z = o) -> ([%#sord10] cmp_log'1 x z = o) - - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 50 4 50 21] (x : t_T'0) : () - - axiom refl'0_spec : forall x : t_T'0 . [%#sord7] cmp_log'1 x x = C_Equal'0 + function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : bool) (o : bool) : bool = + [%#sord2] cmp_log'0 self o <> C_Less'0 - function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 40 4 40 36] (self : t_T'0) (o : t_T'0) : bool + constant x : bool - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (x : t_T'0) (y : t_T'0) : () + constant y : bool - axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord6] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39] (x : bool) (y : bool) : () - function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (self : t_T'0) (o : t_T'0) : bool + goal vc_cmp_ge_log'0 : [%#sord0] ge_log'0 x y = (cmp_log'0 x y <> C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi17836724837647357586__cmp_gt_log [#"../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 144 39 144 89 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 142 8 142 35 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 58 20 58 56 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 248 8 253 9 - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 36 4 36 36] (x : t_T'0) (y : t_T'0) : () + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 247 4 247 41] (self : bool) (o : bool) : t_Ordering'0 + + = + [%#sord3] match (self, o) with + | (False, False) -> C_Equal'0 + | (True, True) -> C_Equal'0 + | (False, True) -> C_Less'0 + | (True, False) -> C_Greater'0 + end - function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 20 4 20 36] (self : t_T'0) (o : t_T'0) : bool + function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : bool) (o : bool) : bool = + [%#sord2] cmp_log'0 self o = C_Greater'0 - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 26 4 26 36] (x : t_T'0) (y : t_T'0) : () + constant x : bool - axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) + constant y : bool - function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 10 4 10 36] (self : t_T'0) (o : t_T'0) : bool + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39] (x : bool) (y : bool) : () - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 16 4 16 36] (x : t_T'0) (y : t_T'0) : () + goal vc_cmp_gt_log'0 : [%#sord0] gt_log'0 x y = (cmp_log'0 x y = C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi17836724837647357586__refl [#"../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 149 39 149 70 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 147 8 147 35 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 248 8 253 9 - axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord3] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/std/option.rs" 436 4 436 41] (self : t_Option'0) (o : t_Option'0) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 247 4 247 41] (self : bool) (o : bool) : t_Ordering'0 = - [%#soption2] match (self, o) with - | (C_None'0, C_None'0) -> C_Equal'0 - | (C_None'0, C_Some'0 _) -> C_Less'0 - | (C_Some'0 _, C_None'0) -> C_Greater'0 - | (C_Some'0 x, C_Some'0 y) -> cmp_log'1 x y + [%#sord2] match (self, o) with + | (False, False) -> C_Equal'0 + | (True, True) -> C_Equal'0 + | (False, True) -> C_Less'0 + | (True, False) -> C_Greater'0 end - constant x : t_Option'0 - - constant y : t_Option'0 + constant x : bool - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (x : t_Option'0) (y : t_Option'0) : () + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24] (x : bool) : () - goal vc_eq_cmp'0 : [%#sord0] (x = y) = (cmp_log'0 x y = C_Equal'0) + goal vc_refl'0 : [%#sord0] cmp_log'0 x x = C_Equal'0 end -module M_creusot_contracts__stdqy35z1__option__qyi15354566128244900690__produces_refl [#"../../../creusot-contracts/src/std/option.rs" 477 4 477 26] (* as std::iter::Iterator> *) - let%span soption0 = "../../../creusot-contracts/src/std/option.rs" 476 14 476 45 - let%span soption1 = "../../../creusot-contracts/src/std/option.rs" 474 4 474 10 - let%span soption2 = "../../../creusot-contracts/src/std/option.rs" 469 12 470 96 +module M_creusot_contracts__logic__ord__qyi17836724837647357586__trans [#"../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 154 40 154 57 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 155 40 155 57 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 156 39 156 56 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 152 8 152 35 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 248 8 253 9 - use seq.Seq - - type t_T'0 - - use seq.Seq + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - type t_Option'0 = - | C_None'0 - | C_Some'0 t_T'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 247 4 247 41] (self : bool) (o : bool) : t_Ordering'0 + + = + [%#sord4] match (self, o) with + | (False, False) -> C_Equal'0 + | (True, True) -> C_Equal'0 + | (False, True) -> C_Less'0 + | (True, False) -> C_Greater'0 + end - type t_Item'0 = - { t_Item__opt'0: t_Option'0 } + constant x : bool - type t_IntoIter'0 = - { t_IntoIter__inner'0: t_Item'0 } + constant y : bool - function view'0 [#"../../../creusot-contracts/src/std/option.rs" 453 4 453 30] (self : t_IntoIter'0) : t_Option'0 + constant z : bool - use seq.Seq + constant o : t_Ordering'0 - predicate produces'0 [#"../../../creusot-contracts/src/std/option.rs" 467 4 467 64] (self : t_IntoIter'0) (visited : Seq.seq t_T'0) (o : t_IntoIter'0) + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56] (x : bool) (y : bool) (z : bool) (o : t_Ordering'0) : () - = - [%#soption2] visited = (Seq.empty : Seq.seq t_T'0) /\ self = o - \/ (exists e : t_T'0 . view'0 self = C_Some'0 e /\ visited = Seq.singleton e /\ view'0 o = C_None'0) - - constant self : t_IntoIter'0 - function produces_refl'0 [#"../../../creusot-contracts/src/std/option.rs" 477 4 477 26] (self : t_IntoIter'0) : () - - goal vc_produces_refl'0 : [%#soption0] produces'0 self (Seq.empty : Seq.seq t_T'0) self + goal vc_trans'0 : ([%#sord1] cmp_log'0 y z = o) -> ([%#sord0] cmp_log'0 x y = o) -> ([%#sord2] cmp_log'0 x z = o) end -module M_creusot_contracts__stdqy35z1__option__qyi15354566128244900690__produces_trans [#"../../../creusot-contracts/src/std/option.rs" 484 4 484 90] (* as std::iter::Iterator> *) - let%span soption0 = "../../../creusot-contracts/src/std/option.rs" 481 15 481 32 - let%span soption1 = "../../../creusot-contracts/src/std/option.rs" 482 15 482 32 - let%span soption2 = "../../../creusot-contracts/src/std/option.rs" 483 14 483 42 - let%span soption3 = "../../../creusot-contracts/src/std/option.rs" 479 4 479 10 - let%span soption4 = "../../../creusot-contracts/src/std/option.rs" 469 12 470 96 - - type t_T'0 +module M_creusot_contracts__logic__ord__qyi17836724837647357586__antisym1 [#"../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 161 40 161 70 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 162 39 162 72 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 159 8 159 35 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 248 8 253 9 - type t_Option'0 = - | C_None'0 - | C_Some'0 t_T'0 + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - type t_Item'0 = - { t_Item__opt'0: t_Option'0 } + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 247 4 247 41] (self : bool) (o : bool) : t_Ordering'0 + + = + [%#sord3] match (self, o) with + | (False, False) -> C_Equal'0 + | (True, True) -> C_Equal'0 + | (False, True) -> C_Less'0 + | (True, False) -> C_Greater'0 + end - type t_IntoIter'0 = - { t_IntoIter__inner'0: t_Item'0 } + constant x : bool - use seq.Seq + constant y : bool - use seq.Seq + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37] (x : bool) (y : bool) : () - function view'0 [#"../../../creusot-contracts/src/std/option.rs" 453 4 453 30] (self : t_IntoIter'0) : t_Option'0 + goal vc_antisym1'0 : ([%#sord0] cmp_log'0 x y = C_Less'0) -> ([%#sord1] cmp_log'0 y x = C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi17836724837647357586__antisym2 [#"../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 167 40 167 73 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 168 39 168 69 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 165 8 165 35 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 248 8 253 9 - use seq.Seq + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate produces'0 [#"../../../creusot-contracts/src/std/option.rs" 467 4 467 64] (self : t_IntoIter'0) (visited : Seq.seq t_T'0) (o : t_IntoIter'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 247 4 247 41] (self : bool) (o : bool) : t_Ordering'0 = - [%#soption4] visited = (Seq.empty : Seq.seq t_T'0) /\ self = o - \/ (exists e : t_T'0 . view'0 self = C_Some'0 e /\ visited = Seq.singleton e /\ view'0 o = C_None'0) - - use seq.Seq + [%#sord3] match (self, o) with + | (False, False) -> C_Equal'0 + | (True, True) -> C_Equal'0 + | (False, True) -> C_Less'0 + | (True, False) -> C_Greater'0 + end - constant a : t_IntoIter'0 + constant x : bool - constant ab : Seq.seq t_T'0 + constant y : bool - constant b : t_IntoIter'0 + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37] (x : bool) (y : bool) : () - constant bc : Seq.seq t_T'0 + goal vc_antisym2'0 : ([%#sord0] cmp_log'0 x y = C_Greater'0) -> ([%#sord1] cmp_log'0 y x = C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi17836724837647357586__eq_cmp [#"../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 173 39 173 84 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 171 8 171 35 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 248 8 253 9 - constant c : t_IntoIter'0 + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function produces_trans'0 [#"../../../creusot-contracts/src/std/option.rs" 484 4 484 90] (a : t_IntoIter'0) (ab : Seq.seq t_T'0) (b : t_IntoIter'0) (bc : Seq.seq t_T'0) (c : t_IntoIter'0) : () + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 247 4 247 41] (self : bool) (o : bool) : t_Ordering'0 + = + [%#sord2] match (self, o) with + | (False, False) -> C_Equal'0 + | (True, True) -> C_Equal'0 + | (False, True) -> C_Less'0 + | (True, False) -> C_Greater'0 + end - goal vc_produces_trans'0 : ([%#soption1] produces'0 b bc c) - -> ([%#soption0] produces'0 a ab b) -> ([%#soption2] produces'0 a (Seq.(++) ab bc) c) -end -module M_creusot_contracts__stdqy35z1__option__qyi15411423289202690388__produces_refl [#"../../../creusot-contracts/src/std/option.rs" 530 4 530 26] (* as std::iter::Iterator> *) - let%span soption0 = "../../../creusot-contracts/src/std/option.rs" 529 14 529 45 - let%span soption1 = "../../../creusot-contracts/src/std/option.rs" 527 4 527 10 - let%span soption2 = "../../../creusot-contracts/src/std/option.rs" 522 12 523 96 + constant x : bool - use seq.Seq + constant y : bool - use prelude.prelude.Borrow + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35] (x : bool) (y : bool) : () - type t_T'0 + goal vc_eq_cmp'0 : [%#sord0] (x = y) = (cmp_log'0 x y = C_Equal'0) +end +module M_creusot_contracts__logic__ord__qyi1910662420989811789__cmp_le_log [#"../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39] (* <(A, B) as logic::ord::OrdLogic> *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 129 39 129 89 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 127 8 127 35 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 276 20 276 68 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 263 8 270 11 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 + let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 + let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 + let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 + let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 + let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 + let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 + let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 + let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 + let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 + let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 + let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 + let%span sord16 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 - use seq.Seq + type t_A'0 - type t_Option'0 = - | C_None'0 - | C_Some'0 t_T'0 + type t_B'0 - type t_Item'0 = - { t_Item__opt'0: t_Option'0 } + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - type t_Iter'0 = - { t_Iter__inner'0: t_Item'0 } + function cmp_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_B'0) (other : t_B'0) : t_Ordering'0 + - function view'0 [#"../../../creusot-contracts/src/std/option.rs" 506 4 506 34] (self : t_Iter'0) : t_Option'0 + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_B'0) (y : t_B'0) : () - use seq.Seq + axiom eq_cmp'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord16] (x = y) = (cmp_log'2 x y = C_Equal'0) - predicate produces'0 [#"../../../creusot-contracts/src/std/option.rs" 520 4 520 64] (self : t_Iter'0) (visited : Seq.seq t_T'0) (o : t_Iter'0) - - = - [%#soption2] visited = (Seq.empty : Seq.seq t_T'0) /\ self = o - \/ (exists e : t_T'0 . view'0 self = C_Some'0 e /\ visited = Seq.singleton e /\ view'0 o = C_None'0) + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_B'0) (y : t_B'0) : () - constant self : t_Iter'0 + axiom antisym2'0_spec : forall x : t_B'0, y : t_B'0 . ([%#sord14] cmp_log'2 x y = C_Greater'0) + -> ([%#sord15] cmp_log'2 y x = C_Less'0) - function produces_refl'0 [#"../../../creusot-contracts/src/std/option.rs" 530 4 530 26] (self : t_Iter'0) : () + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_B'0) (y : t_B'0) : () - goal vc_produces_refl'0 : [%#soption0] produces'0 self (Seq.empty : Seq.seq t_T'0) self -end -module M_creusot_contracts__stdqy35z1__option__qyi15411423289202690388__produces_trans [#"../../../creusot-contracts/src/std/option.rs" 537 4 537 90] (* as std::iter::Iterator> *) - let%span soption0 = "../../../creusot-contracts/src/std/option.rs" 534 15 534 32 - let%span soption1 = "../../../creusot-contracts/src/std/option.rs" 535 15 535 32 - let%span soption2 = "../../../creusot-contracts/src/std/option.rs" 536 14 536 42 - let%span soption3 = "../../../creusot-contracts/src/std/option.rs" 532 4 532 10 - let%span soption4 = "../../../creusot-contracts/src/std/option.rs" 522 12 523 96 + axiom antisym1'0_spec : forall x : t_B'0, y : t_B'0 . ([%#sord12] cmp_log'2 x y = C_Less'0) + -> ([%#sord13] cmp_log'2 y x = C_Greater'0) - use prelude.prelude.Borrow + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_B'0) (y : t_B'0) (z : t_B'0) (o : t_Ordering'0) : () + - type t_T'0 + axiom trans'0_spec : forall x : t_B'0, y : t_B'0, z : t_B'0, o : t_Ordering'0 . ([%#sord9] cmp_log'2 x y = o) + -> ([%#sord10] cmp_log'2 y z = o) -> ([%#sord11] cmp_log'2 x z = o) - type t_Option'0 = - | C_None'0 - | C_Some'0 t_T'0 + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_B'0) : () - type t_Item'0 = - { t_Item__opt'0: t_Option'0 } + axiom refl'0_spec : forall x : t_B'0 . [%#sord8] cmp_log'2 x x = C_Equal'0 - type t_Iter'0 = - { t_Iter__inner'0: t_Item'0 } + function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_B'0) (o : t_B'0) : bool - use seq.Seq + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_B'0) (y : t_B'0) : () - use seq.Seq + axiom cmp_gt_log'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord7] gt_log'0 x y = (cmp_log'2 x y = C_Greater'0) - function view'0 [#"../../../creusot-contracts/src/std/option.rs" 506 4 506 34] (self : t_Iter'0) : t_Option'0 + function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_B'0) (o : t_B'0) : bool - use seq.Seq + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_B'0) (y : t_B'0) : () - predicate produces'0 [#"../../../creusot-contracts/src/std/option.rs" 520 4 520 64] (self : t_Iter'0) (visited : Seq.seq t_T'0) (o : t_Iter'0) - - = - [%#soption4] visited = (Seq.empty : Seq.seq t_T'0) /\ self = o - \/ (exists e : t_T'0 . view'0 self = C_Some'0 e /\ visited = Seq.singleton e /\ view'0 o = C_None'0) + axiom cmp_ge_log'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord6] ge_log'0 x y = (cmp_log'2 x y <> C_Less'0) - use seq.Seq + function lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_B'0) (o : t_B'0) : bool - constant a : t_Iter'0 + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_B'0) (y : t_B'0) : () - constant ab : Seq.seq t_T'0 + axiom cmp_lt_log'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord5] lt_log'1 x y = (cmp_log'2 x y = C_Less'0) - constant b : t_Iter'0 + function le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_B'0) (o : t_B'0) : bool - constant bc : Seq.seq t_T'0 + function cmp_le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_B'0) (y : t_B'0) : () - constant c : t_Iter'0 + axiom cmp_le_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord4] le_log'1 x y = (cmp_log'2 x y <> C_Greater'0) - function produces_trans'0 [#"../../../creusot-contracts/src/std/option.rs" 537 4 537 90] (a : t_Iter'0) (ab : Seq.seq t_T'0) (b : t_Iter'0) (bc : Seq.seq t_T'0) (c : t_Iter'0) : () + function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_A'0) (other : t_A'0) : t_Ordering'0 - goal vc_produces_trans'0 : ([%#soption1] produces'0 b bc c) - -> ([%#soption0] produces'0 a ab b) -> ([%#soption2] produces'0 a (Seq.(++) ab bc) c) -end -module M_creusot_contracts__stdqy35z1__option__qyi6601631924869095363__produces_refl [#"../../../creusot-contracts/src/std/option.rs" 586 4 586 26] (* as std::iter::Iterator> *) - let%span soption0 = "../../../creusot-contracts/src/std/option.rs" 585 14 585 45 - let%span soption1 = "../../../creusot-contracts/src/std/option.rs" 583 4 583 10 - let%span soption2 = "../../../creusot-contracts/src/std/option.rs" 578 12 579 96 + function eq_cmp'1 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_A'0) (y : t_A'0) : () - use seq.Seq + axiom eq_cmp'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord16] (x = y) = (cmp_log'1 x y = C_Equal'0) - use prelude.prelude.Borrow + function antisym2'1 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_A'0) (y : t_A'0) : () - type t_T'0 + axiom antisym2'1_spec : forall x : t_A'0, y : t_A'0 . ([%#sord14] cmp_log'1 x y = C_Greater'0) + -> ([%#sord15] cmp_log'1 y x = C_Less'0) - use seq.Seq + function antisym1'1 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_A'0) (y : t_A'0) : () - type t_Option'0 = - | C_None'0 - | C_Some'0 (borrowed t_T'0) + axiom antisym1'1_spec : forall x : t_A'0, y : t_A'0 . ([%#sord12] cmp_log'1 x y = C_Less'0) + -> ([%#sord13] cmp_log'1 y x = C_Greater'0) - type t_Item'0 = - { t_Item__opt'0: t_Option'0 } + function trans'1 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_A'0) (y : t_A'0) (z : t_A'0) (o : t_Ordering'0) : () + - type t_IterMut'0 = - { t_IterMut__inner'0: t_Item'0 } + axiom trans'1_spec : forall x : t_A'0, y : t_A'0, z : t_A'0, o : t_Ordering'0 . ([%#sord9] cmp_log'1 x y = o) + -> ([%#sord10] cmp_log'1 y z = o) -> ([%#sord11] cmp_log'1 x z = o) - function view'0 [#"../../../creusot-contracts/src/std/option.rs" 562 4 562 38] (self : t_IterMut'0) : t_Option'0 + function refl'1 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_A'0) : () - use seq.Seq + axiom refl'1_spec : forall x : t_A'0 . [%#sord8] cmp_log'1 x x = C_Equal'0 - predicate produces'0 [#"../../../creusot-contracts/src/std/option.rs" 576 4 576 64] (self : t_IterMut'0) (visited : Seq.seq (borrowed t_T'0)) (o : t_IterMut'0) - - = - [%#soption2] visited = (Seq.empty : Seq.seq (borrowed t_T'0)) /\ self = o - \/ (exists e : borrowed t_T'0 . view'0 self = C_Some'0 e /\ visited = Seq.singleton e /\ view'0 o = C_None'0) + function gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_A'0) (o : t_A'0) : bool - constant self : t_IterMut'0 + function cmp_gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_A'0) (y : t_A'0) : () - function produces_refl'0 [#"../../../creusot-contracts/src/std/option.rs" 586 4 586 26] (self : t_IterMut'0) : () + axiom cmp_gt_log'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord7] gt_log'1 x y = (cmp_log'1 x y = C_Greater'0) - goal vc_produces_refl'0 : [%#soption0] produces'0 self (Seq.empty : Seq.seq (borrowed t_T'0)) self -end -module M_creusot_contracts__stdqy35z1__option__qyi6601631924869095363__produces_trans [#"../../../creusot-contracts/src/std/option.rs" 593 4 593 90] (* as std::iter::Iterator> *) - let%span soption0 = "../../../creusot-contracts/src/std/option.rs" 590 15 590 32 - let%span soption1 = "../../../creusot-contracts/src/std/option.rs" 591 15 591 32 - let%span soption2 = "../../../creusot-contracts/src/std/option.rs" 592 14 592 42 - let%span soption3 = "../../../creusot-contracts/src/std/option.rs" 588 4 588 10 - let%span soption4 = "../../../creusot-contracts/src/std/option.rs" 578 12 579 96 + function ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_A'0) (o : t_A'0) : bool - use prelude.prelude.Borrow + function cmp_ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_A'0) (y : t_A'0) : () - type t_T'0 + axiom cmp_ge_log'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord6] ge_log'1 x y = (cmp_log'1 x y <> C_Less'0) - type t_Option'0 = - | C_None'0 - | C_Some'0 (borrowed t_T'0) + function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_A'0) (o : t_A'0) : bool - type t_Item'0 = - { t_Item__opt'0: t_Option'0 } + function cmp_lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_A'0) (y : t_A'0) : () - type t_IterMut'0 = - { t_IterMut__inner'0: t_Item'0 } + axiom cmp_lt_log'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord5] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) - use seq.Seq + function le_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_A'0) (o : t_A'0) : bool - use seq.Seq + function cmp_le_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_A'0) (y : t_A'0) : () - function view'0 [#"../../../creusot-contracts/src/std/option.rs" 562 4 562 38] (self : t_IterMut'0) : t_Option'0 + axiom cmp_le_log'2_spec : forall x : t_A'0, y : t_A'0 . [%#sord4] le_log'2 x y = (cmp_log'1 x y <> C_Greater'0) - use seq.Seq + function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 275 4 275 36] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : bool + + = + [%#sord2] (let (a, _) = self in a) = (let (a, _) = o in a) + /\ le_log'1 (let (_, a) = self in a) (let (_, a) = o in a) + \/ lt_log'0 (let (a, _) = self in a) (let (a, _) = o in a) - predicate produces'0 [#"../../../creusot-contracts/src/std/option.rs" 576 4 576 64] (self : t_IterMut'0) (visited : Seq.seq (borrowed t_T'0)) (o : t_IterMut'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 262 4 262 41] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : t_Ordering'0 = - [%#soption4] visited = (Seq.empty : Seq.seq (borrowed t_T'0)) /\ self = o - \/ (exists e : borrowed t_T'0 . view'0 self = C_Some'0 e /\ visited = Seq.singleton e /\ view'0 o = C_None'0) + [%#sord3] let r = cmp_log'1 (let (a, _) = self in a) (let (a, _) = o in a) in if r = C_Equal'0 then + cmp_log'2 (let (_, a) = self in a) (let (_, a) = o in a) + else + r + - use seq.Seq + constant x : (t_A'0, t_B'0) - constant a : t_IterMut'0 + constant y : (t_A'0, t_B'0) - constant ab : Seq.seq (borrowed t_T'0) + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39] (x : (t_A'0, t_B'0)) (y : (t_A'0, t_B'0)) : () + - constant b : t_IterMut'0 + goal vc_cmp_le_log'0 : [%#sord0] le_log'0 x y = (cmp_log'0 x y <> C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi1910662420989811789__cmp_lt_log [#"../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39] (* <(A, B) as logic::ord::OrdLogic> *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 134 39 134 86 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 132 8 132 35 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 282 20 282 67 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 263 8 270 11 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 + let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 + let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 + let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 + let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 + let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 + let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 + let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 + let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 + let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 + let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 + let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 + let%span sord16 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 - constant bc : Seq.seq (borrowed t_T'0) + type t_A'0 - constant c : t_IterMut'0 + type t_B'0 - function produces_trans'0 [#"../../../creusot-contracts/src/std/option.rs" 593 4 593 90] (a : t_IterMut'0) (ab : Seq.seq (borrowed t_T'0)) (b : t_IterMut'0) (bc : Seq.seq (borrowed t_T'0)) (c : t_IterMut'0) : () + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 + + function cmp_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_B'0) (other : t_B'0) : t_Ordering'0 - goal vc_produces_trans'0 : ([%#soption1] produces'0 b bc c) - -> ([%#soption0] produces'0 a ab b) -> ([%#soption2] produces'0 a (Seq.(++) ab bc) c) -end -module M_creusot_contracts__stdqy35z1__ptr__qyi17063894948818224584__is_null_logic [#"../../../creusot-contracts/src/std/ptr.rs" 81 4 81 34] (* <*const T as std::ptr::PointerExt> *) - let%span sptr0 = "../../../creusot-contracts/src/std/ptr.rs" 80 14 80 48 - let%span sptr1 = "../../../creusot-contracts/src/std/ptr.rs" 82 8 82 30 + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_B'0) (y : t_B'0) : () - use prelude.prelude.Opaque + axiom eq_cmp'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord16] (x = y) = (cmp_log'2 x y = C_Equal'0) - use prelude.prelude.Int + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_B'0) (y : t_B'0) : () - function addr_logic'0 [#"../../../creusot-contracts/src/std/ptr.rs" 74 4 74 30] (self : opaque_ptr) : int + axiom antisym2'0_spec : forall x : t_B'0, y : t_B'0 . ([%#sord14] cmp_log'2 x y = C_Greater'0) + -> ([%#sord15] cmp_log'2 y x = C_Less'0) - constant self : opaque_ptr + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_B'0) (y : t_B'0) : () - function is_null_logic'0 [#"../../../creusot-contracts/src/std/ptr.rs" 81 4 81 34] (self : opaque_ptr) : bool + axiom antisym1'0_spec : forall x : t_B'0, y : t_B'0 . ([%#sord12] cmp_log'2 x y = C_Less'0) + -> ([%#sord13] cmp_log'2 y x = C_Greater'0) - goal vc_is_null_logic'0 : [%#sptr0] (addr_logic'0 self = 0) = (addr_logic'0 self = 0) -end -module M_creusot_contracts__stdqy35z1__ptr__qyi4877913266695965320__is_null_logic [#"../../../creusot-contracts/src/std/ptr.rs" 97 4 97 34] (* <*mut T as std::ptr::PointerExt> *) - let%span sptr0 = "../../../creusot-contracts/src/std/ptr.rs" 96 14 96 48 - let%span sptr1 = "../../../creusot-contracts/src/std/ptr.rs" 98 8 98 30 + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_B'0) (y : t_B'0) (z : t_B'0) (o : t_Ordering'0) : () + - use prelude.prelude.Opaque + axiom trans'0_spec : forall x : t_B'0, y : t_B'0, z : t_B'0, o : t_Ordering'0 . ([%#sord9] cmp_log'2 x y = o) + -> ([%#sord10] cmp_log'2 y z = o) -> ([%#sord11] cmp_log'2 x z = o) - use prelude.prelude.Int + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_B'0) : () - function addr_logic'0 [#"../../../creusot-contracts/src/std/ptr.rs" 90 4 90 30] (self : opaque_ptr) : int + axiom refl'0_spec : forall x : t_B'0 . [%#sord8] cmp_log'2 x x = C_Equal'0 - constant self : opaque_ptr + function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_B'0) (o : t_B'0) : bool - function is_null_logic'0 [#"../../../creusot-contracts/src/std/ptr.rs" 97 4 97 34] (self : opaque_ptr) : bool + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_B'0) (y : t_B'0) : () - goal vc_is_null_logic'0 : [%#sptr0] (addr_logic'0 self = 0) = (addr_logic'0 self = 0) -end -module M_creusot_contracts__stdqy35z1__slice__qyi8256668011736225471__produces_refl [#"../../../creusot-contracts/src/std/slice.rs" 412 4 412 26] (* as std::iter::Iterator> *) - let%span sslice0 = "../../../creusot-contracts/src/std/slice.rs" 411 14 411 45 - let%span sslice1 = "../../../creusot-contracts/src/std/slice.rs" 409 4 409 10 - let%span sslice2 = "../../../creusot-contracts/src/std/slice.rs" 405 12 405 66 - let%span sslice3 = "../../../creusot-contracts/src/std/slice.rs" 96 14 96 41 - let%span sslice4 = "../../../creusot-contracts/src/std/slice.rs" 97 14 97 80 - let%span smodel5 = "../../../creusot-contracts/src/model.rs" 88 8 88 22 - let%span sops6 = "../../../creusot-contracts/src/logic/ops.rs" 42 8 42 31 - let%span sslice7 = "../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 - let%span sslice8 = "../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 + axiom cmp_gt_log'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord7] gt_log'0 x y = (cmp_log'2 x y = C_Greater'0) - use seq.Seq + function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_B'0) (o : t_B'0) : bool - use prelude.prelude.Borrow + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_B'0) (y : t_B'0) : () - type t_T'0 + axiom cmp_ge_log'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord6] ge_log'0 x y = (cmp_log'2 x y <> C_Less'0) - use seq.Seq + function lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_B'0) (o : t_B'0) : bool - use prelude.prelude.Opaque + function cmp_lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_B'0) (y : t_B'0) : () - type t_NonNull'0 = - { t_NonNull__pointer'0: opaque_ptr } + axiom cmp_lt_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord5] lt_log'1 x y = (cmp_log'2 x y = C_Less'0) - type t_Iter'0 = - { t_Iter__ptr'0: t_NonNull'0; t_Iter__end_or_len'0: opaque_ptr; t_Iter__qy95zmarker'0: () } + function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_B'0) (o : t_B'0) : bool - use prelude.prelude.Slice + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_B'0) (y : t_B'0) : () - function view'0 [#"../../../creusot-contracts/src/std/slice.rs" 389 4 389 33] (self : t_Iter'0) : slice t_T'0 + axiom cmp_le_log'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord4] le_log'0 x y = (cmp_log'2 x y <> C_Greater'0) - use seq.Seq + function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_A'0) (other : t_A'0) : t_Ordering'0 + - use seq.Seq + function eq_cmp'1 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_A'0) (y : t_A'0) : () - use seq.Seq + axiom eq_cmp'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord16] (x = y) = (cmp_log'1 x y = C_Equal'0) - use prelude.prelude.UIntSize + function antisym2'1 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_A'0) (y : t_A'0) : () - constant v_MAX'0 : usize = (18446744073709551615 : usize) + axiom antisym2'1_spec : forall x : t_A'0, y : t_A'0 . ([%#sord14] cmp_log'1 x y = C_Greater'0) + -> ([%#sord15] cmp_log'1 y x = C_Less'0) - use prelude.prelude.UIntSize + function antisym1'1 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_A'0) (y : t_A'0) : () - use prelude.prelude.Int + axiom antisym1'1_spec : forall x : t_A'0, y : t_A'0 . ([%#sord12] cmp_log'1 x y = C_Less'0) + -> ([%#sord13] cmp_log'1 y x = C_Greater'0) - use prelude.prelude.Slice + function trans'1 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_A'0) (y : t_A'0) (z : t_A'0) (o : t_Ordering'0) : () + - function view'2 [#"../../../creusot-contracts/src/std/slice.rs" 30 4 30 33] (self : slice t_T'0) : Seq.seq t_T'0 + axiom trans'1_spec : forall x : t_A'0, y : t_A'0, z : t_A'0, o : t_Ordering'0 . ([%#sord9] cmp_log'1 x y = o) + -> ([%#sord10] cmp_log'1 y z = o) -> ([%#sord11] cmp_log'1 x z = o) - axiom view'2_spec : forall self : slice t_T'0 . ([%#sslice7] Seq.length (view'2 self) - <= UIntSize.to_int (v_MAX'0 : usize)) - && ([%#sslice8] view'2 self = Slice.id self) + function refl'1 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_A'0) : () - function view'1 [#"../../../creusot-contracts/src/model.rs" 87 4 87 33] (self : slice t_T'0) : Seq.seq t_T'0 = - [%#smodel5] view'2 self + axiom refl'1_spec : forall x : t_A'0 . [%#sord8] cmp_log'1 x x = C_Equal'0 - use seq.Seq + function gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_A'0) (o : t_A'0) : bool - use seq.Seq + function cmp_gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_A'0) (y : t_A'0) : () - function index_logic'0 [@inline:trivial] [#"../../../creusot-contracts/src/logic/ops.rs" 41 4 41 47] (self : slice t_T'0) (ix : int) : t_T'0 - - = - [%#sops6] Seq.get (view'2 self) ix + axiom cmp_gt_log'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord7] gt_log'1 x y = (cmp_log'1 x y = C_Greater'0) - function to_ref_seq'0 [#"../../../creusot-contracts/src/std/slice.rs" 98 4 98 35] (self : slice t_T'0) : Seq.seq t_T'0 + function ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_A'0) (o : t_A'0) : bool - axiom to_ref_seq'0_spec : forall self : slice t_T'0 . ([%#sslice3] Seq.length (to_ref_seq'0 self) - = Seq.length (view'1 self)) - && ([%#sslice4] forall i : int . 0 <= i /\ i < Seq.length (to_ref_seq'0 self) - -> Seq.get (to_ref_seq'0 self) i = index_logic'0 self i) + function cmp_ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_A'0) (y : t_A'0) : () - use seq.Seq + axiom cmp_ge_log'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord6] ge_log'1 x y = (cmp_log'1 x y <> C_Less'0) - predicate produces'0 [#"../../../creusot-contracts/src/std/slice.rs" 403 4 403 65] (self : t_Iter'0) (visited : Seq.seq t_T'0) (tl : t_Iter'0) - - = - [%#sslice2] to_ref_seq'0 (view'0 self) = Seq.(++) visited (to_ref_seq'0 (view'0 tl)) + function lt_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_A'0) (o : t_A'0) : bool - constant self : t_Iter'0 + function cmp_lt_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_A'0) (y : t_A'0) : () - function produces_refl'0 [#"../../../creusot-contracts/src/std/slice.rs" 412 4 412 26] (self : t_Iter'0) : () + axiom cmp_lt_log'2_spec : forall x : t_A'0, y : t_A'0 . [%#sord5] lt_log'2 x y = (cmp_log'1 x y = C_Less'0) - goal vc_produces_refl'0 : [%#sslice0] produces'0 self (Seq.empty : Seq.seq t_T'0) self -end -module M_creusot_contracts__stdqy35z1__slice__qyi8256668011736225471__produces_trans [#"../../../creusot-contracts/src/std/slice.rs" 419 4 419 90] (* as std::iter::Iterator> *) - let%span sslice0 = "../../../creusot-contracts/src/std/slice.rs" 416 15 416 32 - let%span sslice1 = "../../../creusot-contracts/src/std/slice.rs" 417 15 417 32 - let%span sslice2 = "../../../creusot-contracts/src/std/slice.rs" 418 14 418 42 - let%span sslice3 = "../../../creusot-contracts/src/std/slice.rs" 414 4 414 10 - let%span sslice4 = "../../../creusot-contracts/src/std/slice.rs" 405 12 405 66 - let%span sslice5 = "../../../creusot-contracts/src/std/slice.rs" 96 14 96 41 - let%span sslice6 = "../../../creusot-contracts/src/std/slice.rs" 97 14 97 80 - let%span smodel7 = "../../../creusot-contracts/src/model.rs" 88 8 88 22 - let%span sops8 = "../../../creusot-contracts/src/logic/ops.rs" 42 8 42 31 - let%span sslice9 = "../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 - let%span sslice10 = "../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 + function le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_A'0) (o : t_A'0) : bool - use prelude.prelude.Opaque + function cmp_le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_A'0) (y : t_A'0) : () - type t_NonNull'0 = - { t_NonNull__pointer'0: opaque_ptr } + axiom cmp_le_log'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord4] le_log'1 x y = (cmp_log'1 x y <> C_Greater'0) - type t_Iter'0 = - { t_Iter__ptr'0: t_NonNull'0; t_Iter__end_or_len'0: opaque_ptr; t_Iter__qy95zmarker'0: () } + function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 281 4 281 36] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : bool + + = + [%#sord2] (let (a, _) = self in a) = (let (a, _) = o in a) + /\ lt_log'1 (let (_, a) = self in a) (let (_, a) = o in a) + \/ lt_log'2 (let (a, _) = self in a) (let (a, _) = o in a) - use prelude.prelude.Borrow + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 262 4 262 41] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : t_Ordering'0 + + = + [%#sord3] let r = cmp_log'1 (let (a, _) = self in a) (let (a, _) = o in a) in if r = C_Equal'0 then + cmp_log'2 (let (_, a) = self in a) (let (_, a) = o in a) + else + r + - type t_T'0 + constant x : (t_A'0, t_B'0) - use seq.Seq + constant y : (t_A'0, t_B'0) - use prelude.prelude.Slice + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39] (x : (t_A'0, t_B'0)) (y : (t_A'0, t_B'0)) : () + - function view'0 [#"../../../creusot-contracts/src/std/slice.rs" 389 4 389 33] (self : t_Iter'0) : slice t_T'0 + goal vc_cmp_lt_log'0 : [%#sord0] lt_log'0 x y = (cmp_log'0 x y = C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi1910662420989811789__cmp_ge_log [#"../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39] (* <(A, B) as logic::ord::OrdLogic> *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 139 39 139 86 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 137 8 137 35 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 288 20 288 68 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 263 8 270 11 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 + let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 + let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 + let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 + let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 + let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 + let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 + let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 + let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 + let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 + let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 + let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 + let%span sord16 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 - use seq.Seq + type t_A'0 - use seq.Seq + type t_B'0 - use seq.Seq + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - use prelude.prelude.UIntSize + function cmp_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_B'0) (other : t_B'0) : t_Ordering'0 + - constant v_MAX'0 : usize = (18446744073709551615 : usize) + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_B'0) (y : t_B'0) : () - use prelude.prelude.UIntSize + axiom eq_cmp'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord16] (x = y) = (cmp_log'2 x y = C_Equal'0) - use prelude.prelude.Int + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_B'0) (y : t_B'0) : () - use prelude.prelude.Slice + axiom antisym2'0_spec : forall x : t_B'0, y : t_B'0 . ([%#sord14] cmp_log'2 x y = C_Greater'0) + -> ([%#sord15] cmp_log'2 y x = C_Less'0) - function view'2 [#"../../../creusot-contracts/src/std/slice.rs" 30 4 30 33] (self : slice t_T'0) : Seq.seq t_T'0 + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_B'0) (y : t_B'0) : () - axiom view'2_spec : forall self : slice t_T'0 . ([%#sslice9] Seq.length (view'2 self) - <= UIntSize.to_int (v_MAX'0 : usize)) - && ([%#sslice10] view'2 self = Slice.id self) + axiom antisym1'0_spec : forall x : t_B'0, y : t_B'0 . ([%#sord12] cmp_log'2 x y = C_Less'0) + -> ([%#sord13] cmp_log'2 y x = C_Greater'0) - function view'1 [#"../../../creusot-contracts/src/model.rs" 87 4 87 33] (self : slice t_T'0) : Seq.seq t_T'0 = - [%#smodel7] view'2 self + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_B'0) (y : t_B'0) (z : t_B'0) (o : t_Ordering'0) : () + - use seq.Seq + axiom trans'0_spec : forall x : t_B'0, y : t_B'0, z : t_B'0, o : t_Ordering'0 . ([%#sord9] cmp_log'2 x y = o) + -> ([%#sord10] cmp_log'2 y z = o) -> ([%#sord11] cmp_log'2 x z = o) - use seq.Seq + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_B'0) : () - function index_logic'0 [@inline:trivial] [#"../../../creusot-contracts/src/logic/ops.rs" 41 4 41 47] (self : slice t_T'0) (ix : int) : t_T'0 - - = - [%#sops8] Seq.get (view'2 self) ix + axiom refl'0_spec : forall x : t_B'0 . [%#sord8] cmp_log'2 x x = C_Equal'0 - function to_ref_seq'0 [#"../../../creusot-contracts/src/std/slice.rs" 98 4 98 35] (self : slice t_T'0) : Seq.seq t_T'0 + function gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_B'0) (o : t_B'0) : bool - axiom to_ref_seq'0_spec : forall self : slice t_T'0 . ([%#sslice5] Seq.length (to_ref_seq'0 self) - = Seq.length (view'1 self)) - && ([%#sslice6] forall i : int . 0 <= i /\ i < Seq.length (to_ref_seq'0 self) - -> Seq.get (to_ref_seq'0 self) i = index_logic'0 self i) + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_B'0) (y : t_B'0) : () - use seq.Seq + axiom cmp_gt_log'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord7] gt_log'1 x y = (cmp_log'2 x y = C_Greater'0) - predicate produces'0 [#"../../../creusot-contracts/src/std/slice.rs" 403 4 403 65] (self : t_Iter'0) (visited : Seq.seq t_T'0) (tl : t_Iter'0) - - = - [%#sslice4] to_ref_seq'0 (view'0 self) = Seq.(++) visited (to_ref_seq'0 (view'0 tl)) + function ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_B'0) (o : t_B'0) : bool - constant a : t_Iter'0 + function cmp_ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_B'0) (y : t_B'0) : () + + axiom cmp_ge_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord6] ge_log'1 x y = (cmp_log'2 x y <> C_Less'0) + + function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_B'0) (o : t_B'0) : bool + + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_B'0) (y : t_B'0) : () - constant ab : Seq.seq t_T'0 + axiom cmp_lt_log'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord5] lt_log'0 x y = (cmp_log'2 x y = C_Less'0) - constant b : t_Iter'0 + function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_B'0) (o : t_B'0) : bool - constant bc : Seq.seq t_T'0 + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_B'0) (y : t_B'0) : () - constant c : t_Iter'0 + axiom cmp_le_log'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord4] le_log'0 x y = (cmp_log'2 x y <> C_Greater'0) - function produces_trans'0 [#"../../../creusot-contracts/src/std/slice.rs" 419 4 419 90] (a : t_Iter'0) (ab : Seq.seq t_T'0) (b : t_Iter'0) (bc : Seq.seq t_T'0) (c : t_Iter'0) : () + function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_A'0) (other : t_A'0) : t_Ordering'0 - goal vc_produces_trans'0 : ([%#sslice1] produces'0 b bc c) - -> ([%#sslice0] produces'0 a ab b) -> ([%#sslice2] produces'0 a (Seq.(++) ab bc) c) -end -module M_creusot_contracts__stdqy35z1__slice__qyi7128337469104663169__produces_refl [#"../../../creusot-contracts/src/std/slice.rs" 467 4 467 26] (* as std::iter::Iterator> *) - let%span sslice0 = "../../../creusot-contracts/src/std/slice.rs" 465 15 465 24 - let%span sslice1 = "../../../creusot-contracts/src/std/slice.rs" 466 14 466 45 - let%span sslice2 = "../../../creusot-contracts/src/std/slice.rs" 463 4 463 10 - let%span sslice3 = "../../../creusot-contracts/src/std/slice.rs" 459 12 459 66 - let%span sslice4 = "../../../creusot-contracts/src/std/slice.rs" 427 14 427 50 - let%span sslice5 = "../../../creusot-contracts/src/std/slice.rs" 87 14 87 41 - let%span sslice6 = "../../../creusot-contracts/src/std/slice.rs" 88 14 88 84 - let%span sslice7 = "../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 - let%span sslice8 = "../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 - let%span smodel9 = "../../../creusot-contracts/src/model.rs" 106 8 106 22 - let%span sops10 = "../../../creusot-contracts/src/logic/ops.rs" 42 8 42 31 + function eq_cmp'1 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_A'0) (y : t_A'0) : () - use prelude.prelude.Opaque + axiom eq_cmp'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord16] (x = y) = (cmp_log'1 x y = C_Equal'0) - type t_NonNull'0 = - { t_NonNull__pointer'0: opaque_ptr } + function antisym2'1 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_A'0) (y : t_A'0) : () - type t_IterMut'0 = - { t_IterMut__ptr'0: t_NonNull'0; t_IterMut__end_or_len'0: opaque_ptr; t_IterMut__qy95zmarker'0: () } + axiom antisym2'1_spec : forall x : t_A'0, y : t_A'0 . ([%#sord14] cmp_log'1 x y = C_Greater'0) + -> ([%#sord15] cmp_log'1 y x = C_Less'0) - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_IterMut'0) + function antisym1'1 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_A'0) (y : t_A'0) : () - axiom inv_axiom'0 [@rewrite] : forall x : t_IterMut'0 [inv'0 x] . inv'0 x = true + axiom antisym1'1_spec : forall x : t_A'0, y : t_A'0 . ([%#sord12] cmp_log'1 x y = C_Less'0) + -> ([%#sord13] cmp_log'1 y x = C_Greater'0) - use seq.Seq + function trans'1 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_A'0) (y : t_A'0) (z : t_A'0) (o : t_Ordering'0) : () + - use prelude.prelude.Borrow + axiom trans'1_spec : forall x : t_A'0, y : t_A'0, z : t_A'0, o : t_Ordering'0 . ([%#sord9] cmp_log'1 x y = o) + -> ([%#sord10] cmp_log'1 y z = o) -> ([%#sord11] cmp_log'1 x z = o) - type t_T'0 + function refl'1 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_A'0) : () - use seq.Seq + axiom refl'1_spec : forall x : t_A'0 . [%#sord8] cmp_log'1 x x = C_Equal'0 - use seq.Seq + function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_A'0) (o : t_A'0) : bool - use prelude.prelude.UIntSize + function cmp_gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_A'0) (y : t_A'0) : () - constant v_MAX'0 : usize = (18446744073709551615 : usize) + axiom cmp_gt_log'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord7] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) - use prelude.prelude.UIntSize + function ge_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_A'0) (o : t_A'0) : bool - use prelude.prelude.Int + function cmp_ge_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_A'0) (y : t_A'0) : () - use prelude.prelude.Slice + axiom cmp_ge_log'2_spec : forall x : t_A'0, y : t_A'0 . [%#sord6] ge_log'2 x y = (cmp_log'1 x y <> C_Less'0) - use prelude.prelude.Slice + function lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_A'0) (o : t_A'0) : bool - use seq.Seq + function cmp_lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_A'0) (y : t_A'0) : () - function view'1 [#"../../../creusot-contracts/src/std/slice.rs" 30 4 30 33] (self : slice t_T'0) : Seq.seq t_T'0 + axiom cmp_lt_log'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord5] lt_log'1 x y = (cmp_log'1 x y = C_Less'0) - axiom view'1_spec : forall self : slice t_T'0 . ([%#sslice7] Seq.length (view'1 self) - <= UIntSize.to_int (v_MAX'0 : usize)) - && ([%#sslice8] view'1 self = Slice.id self) + function le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_A'0) (o : t_A'0) : bool - function view'0 [#"../../../creusot-contracts/src/std/slice.rs" 428 4 428 33] (self : t_IterMut'0) : borrowed (slice t_T'0) - + function cmp_le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_A'0) (y : t_A'0) : () - axiom view'0_spec : forall self : t_IterMut'0 . [%#sslice4] Seq.length (view'1 (view'0 self).final) - = Seq.length (view'1 (view'0 self).current) + axiom cmp_le_log'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord4] le_log'1 x y = (cmp_log'1 x y <> C_Greater'0) - use seq.Seq + function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 287 4 287 36] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : bool + + = + [%#sord2] (let (a, _) = self in a) = (let (a, _) = o in a) + /\ ge_log'1 (let (_, a) = self in a) (let (_, a) = o in a) + \/ gt_log'0 (let (a, _) = self in a) (let (a, _) = o in a) - function view'2 [#"../../../creusot-contracts/src/model.rs" 105 4 105 33] (self : borrowed (slice t_T'0)) : Seq.seq t_T'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 262 4 262 41] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : t_Ordering'0 = - [%#smodel9] view'1 self.current + [%#sord3] let r = cmp_log'1 (let (a, _) = self in a) (let (a, _) = o in a) in if r = C_Equal'0 then + cmp_log'2 (let (_, a) = self in a) (let (_, a) = o in a) + else + r + - use seq.Seq + constant x : (t_A'0, t_B'0) - use seq.Seq + constant y : (t_A'0, t_B'0) - function index_logic'0 [@inline:trivial] [#"../../../creusot-contracts/src/logic/ops.rs" 41 4 41 47] (self : slice t_T'0) (ix : int) : t_T'0 + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39] (x : (t_A'0, t_B'0)) (y : (t_A'0, t_B'0)) : () - = - [%#sops10] Seq.get (view'1 self) ix - function to_mut_seq'0 [#"../../../creusot-contracts/src/std/slice.rs" 90 4 90 43] (self : borrowed (slice t_T'0)) : Seq.seq (borrowed t_T'0) - + goal vc_cmp_ge_log'0 : [%#sord0] ge_log'0 x y = (cmp_log'0 x y <> C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi1910662420989811789__cmp_gt_log [#"../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39] (* <(A, B) as logic::ord::OrdLogic> *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 144 39 144 89 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 142 8 142 35 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 294 20 294 67 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 263 8 270 11 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 + let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 + let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 + let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 + let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 + let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 + let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 + let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 + let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 + let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 + let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 + let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 + let%span sord16 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 - axiom to_mut_seq'0_spec : forall self : borrowed (slice t_T'0) . ([%#sslice5] Seq.length (to_mut_seq'0 self) - = Seq.length (view'2 self)) - && ([%#sslice6] forall i : int . 0 <= i /\ i < Seq.length (to_mut_seq'0 self) - -> Seq.get (to_mut_seq'0 self) i - = Borrow.borrow_logic (index_logic'0 self.current i) (index_logic'0 self.final i) (Borrow.inherit_id (Borrow.get_id self) i)) + type t_A'0 - use seq.Seq + type t_B'0 - predicate produces'0 [#"../../../creusot-contracts/src/std/slice.rs" 457 4 457 65] (self : t_IterMut'0) (visited : Seq.seq (borrowed t_T'0)) (tl : t_IterMut'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 + + function cmp_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_B'0) (other : t_B'0) : t_Ordering'0 - = - [%#sslice3] to_mut_seq'0 (view'0 self) = Seq.(++) visited (to_mut_seq'0 (view'0 tl)) - constant self : t_IterMut'0 + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_B'0) (y : t_B'0) : () - function produces_refl'0 [#"../../../creusot-contracts/src/std/slice.rs" 467 4 467 26] (self : t_IterMut'0) : () + axiom eq_cmp'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord16] (x = y) = (cmp_log'2 x y = C_Equal'0) - goal vc_produces_refl'0 : ([%#sslice0] inv'0 self) - -> ([%#sslice1] produces'0 self (Seq.empty : Seq.seq (borrowed t_T'0)) self) -end -module M_creusot_contracts__stdqy35z1__slice__qyi7128337469104663169__produces_trans [#"../../../creusot-contracts/src/std/slice.rs" 477 4 477 90] (* as std::iter::Iterator> *) - let%span sslice0 = "../../../creusot-contracts/src/std/slice.rs" 471 15 471 21 - let%span sslice1 = "../../../creusot-contracts/src/std/slice.rs" 472 15 472 21 - let%span sslice2 = "../../../creusot-contracts/src/std/slice.rs" 473 15 473 21 - let%span sslice3 = "../../../creusot-contracts/src/std/slice.rs" 474 15 474 32 - let%span sslice4 = "../../../creusot-contracts/src/std/slice.rs" 475 15 475 32 - let%span sslice5 = "../../../creusot-contracts/src/std/slice.rs" 476 14 476 42 - let%span sslice6 = "../../../creusot-contracts/src/std/slice.rs" 469 4 469 10 - let%span sslice7 = "../../../creusot-contracts/src/std/slice.rs" 459 12 459 66 - let%span sslice8 = "../../../creusot-contracts/src/std/slice.rs" 427 14 427 50 - let%span sslice9 = "../../../creusot-contracts/src/std/slice.rs" 87 14 87 41 - let%span sslice10 = "../../../creusot-contracts/src/std/slice.rs" 88 14 88 84 - let%span sslice11 = "../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 - let%span sslice12 = "../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 - let%span smodel13 = "../../../creusot-contracts/src/model.rs" 106 8 106 22 - let%span sops14 = "../../../creusot-contracts/src/logic/ops.rs" 42 8 42 31 + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_B'0) (y : t_B'0) : () - use prelude.prelude.Opaque + axiom antisym2'0_spec : forall x : t_B'0, y : t_B'0 . ([%#sord14] cmp_log'2 x y = C_Greater'0) + -> ([%#sord15] cmp_log'2 y x = C_Less'0) - type t_NonNull'0 = - { t_NonNull__pointer'0: opaque_ptr } + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_B'0) (y : t_B'0) : () - type t_IterMut'0 = - { t_IterMut__ptr'0: t_NonNull'0; t_IterMut__end_or_len'0: opaque_ptr; t_IterMut__qy95zmarker'0: () } + axiom antisym1'0_spec : forall x : t_B'0, y : t_B'0 . ([%#sord12] cmp_log'2 x y = C_Less'0) + -> ([%#sord13] cmp_log'2 y x = C_Greater'0) - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_IterMut'0) + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_B'0) (y : t_B'0) (z : t_B'0) (o : t_Ordering'0) : () + - axiom inv_axiom'0 [@rewrite] : forall x : t_IterMut'0 [inv'0 x] . inv'0 x = true + axiom trans'0_spec : forall x : t_B'0, y : t_B'0, z : t_B'0, o : t_Ordering'0 . ([%#sord9] cmp_log'2 x y = o) + -> ([%#sord10] cmp_log'2 y z = o) -> ([%#sord11] cmp_log'2 x z = o) - use prelude.prelude.Borrow + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_B'0) : () - type t_T'0 + axiom refl'0_spec : forall x : t_B'0 . [%#sord8] cmp_log'2 x x = C_Equal'0 - use seq.Seq + function gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_B'0) (o : t_B'0) : bool - use seq.Seq + function cmp_gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_B'0) (y : t_B'0) : () - use prelude.prelude.UIntSize + axiom cmp_gt_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord7] gt_log'1 x y = (cmp_log'2 x y = C_Greater'0) - constant v_MAX'0 : usize = (18446744073709551615 : usize) + function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_B'0) (o : t_B'0) : bool - use prelude.prelude.UIntSize + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_B'0) (y : t_B'0) : () - use prelude.prelude.Int + axiom cmp_ge_log'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord6] ge_log'0 x y = (cmp_log'2 x y <> C_Less'0) - use prelude.prelude.Slice + function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_B'0) (o : t_B'0) : bool - use prelude.prelude.Slice + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_B'0) (y : t_B'0) : () - use seq.Seq + axiom cmp_lt_log'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord5] lt_log'0 x y = (cmp_log'2 x y = C_Less'0) - function view'1 [#"../../../creusot-contracts/src/std/slice.rs" 30 4 30 33] (self : slice t_T'0) : Seq.seq t_T'0 + function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_B'0) (o : t_B'0) : bool - axiom view'1_spec : forall self : slice t_T'0 . ([%#sslice11] Seq.length (view'1 self) - <= UIntSize.to_int (v_MAX'0 : usize)) - && ([%#sslice12] view'1 self = Slice.id self) + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_B'0) (y : t_B'0) : () - function view'0 [#"../../../creusot-contracts/src/std/slice.rs" 428 4 428 33] (self : t_IterMut'0) : borrowed (slice t_T'0) + axiom cmp_le_log'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord4] le_log'0 x y = (cmp_log'2 x y <> C_Greater'0) + + function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_A'0) (other : t_A'0) : t_Ordering'0 - axiom view'0_spec : forall self : t_IterMut'0 . [%#sslice8] Seq.length (view'1 (view'0 self).final) - = Seq.length (view'1 (view'0 self).current) + function eq_cmp'1 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_A'0) (y : t_A'0) : () - use seq.Seq + axiom eq_cmp'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord16] (x = y) = (cmp_log'1 x y = C_Equal'0) - function view'2 [#"../../../creusot-contracts/src/model.rs" 105 4 105 33] (self : borrowed (slice t_T'0)) : Seq.seq t_T'0 - - = - [%#smodel13] view'1 self.current + function antisym2'1 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_A'0) (y : t_A'0) : () - use seq.Seq + axiom antisym2'1_spec : forall x : t_A'0, y : t_A'0 . ([%#sord14] cmp_log'1 x y = C_Greater'0) + -> ([%#sord15] cmp_log'1 y x = C_Less'0) - use seq.Seq + function antisym1'1 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_A'0) (y : t_A'0) : () - function index_logic'0 [@inline:trivial] [#"../../../creusot-contracts/src/logic/ops.rs" 41 4 41 47] (self : slice t_T'0) (ix : int) : t_T'0 - - = - [%#sops14] Seq.get (view'1 self) ix + axiom antisym1'1_spec : forall x : t_A'0, y : t_A'0 . ([%#sord12] cmp_log'1 x y = C_Less'0) + -> ([%#sord13] cmp_log'1 y x = C_Greater'0) - function to_mut_seq'0 [#"../../../creusot-contracts/src/std/slice.rs" 90 4 90 43] (self : borrowed (slice t_T'0)) : Seq.seq (borrowed t_T'0) + function trans'1 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_A'0) (y : t_A'0) (z : t_A'0) (o : t_Ordering'0) : () - axiom to_mut_seq'0_spec : forall self : borrowed (slice t_T'0) . ([%#sslice9] Seq.length (to_mut_seq'0 self) - = Seq.length (view'2 self)) - && ([%#sslice10] forall i : int . 0 <= i /\ i < Seq.length (to_mut_seq'0 self) - -> Seq.get (to_mut_seq'0 self) i - = Borrow.borrow_logic (index_logic'0 self.current i) (index_logic'0 self.final i) (Borrow.inherit_id (Borrow.get_id self) i)) + axiom trans'1_spec : forall x : t_A'0, y : t_A'0, z : t_A'0, o : t_Ordering'0 . ([%#sord9] cmp_log'1 x y = o) + -> ([%#sord10] cmp_log'1 y z = o) -> ([%#sord11] cmp_log'1 x z = o) - use seq.Seq + function refl'1 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_A'0) : () - predicate produces'0 [#"../../../creusot-contracts/src/std/slice.rs" 457 4 457 65] (self : t_IterMut'0) (visited : Seq.seq (borrowed t_T'0)) (tl : t_IterMut'0) - - = - [%#sslice7] to_mut_seq'0 (view'0 self) = Seq.(++) visited (to_mut_seq'0 (view'0 tl)) + axiom refl'1_spec : forall x : t_A'0 . [%#sord8] cmp_log'1 x x = C_Equal'0 - constant a : t_IterMut'0 + function gt_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_A'0) (o : t_A'0) : bool - constant ab : Seq.seq (borrowed t_T'0) + function cmp_gt_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_A'0) (y : t_A'0) : () - constant b : t_IterMut'0 + axiom cmp_gt_log'2_spec : forall x : t_A'0, y : t_A'0 . [%#sord7] gt_log'2 x y = (cmp_log'1 x y = C_Greater'0) - constant bc : Seq.seq (borrowed t_T'0) + function ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_A'0) (o : t_A'0) : bool - constant c : t_IterMut'0 + function cmp_ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_A'0) (y : t_A'0) : () - function produces_trans'0 [#"../../../creusot-contracts/src/std/slice.rs" 477 4 477 90] (a : t_IterMut'0) (ab : Seq.seq (borrowed t_T'0)) (b : t_IterMut'0) (bc : Seq.seq (borrowed t_T'0)) (c : t_IterMut'0) : () - + axiom cmp_ge_log'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord6] ge_log'1 x y = (cmp_log'1 x y <> C_Less'0) - goal vc_produces_trans'0 : ([%#sslice4] produces'0 b bc c) - -> ([%#sslice3] produces'0 a ab b) - -> ([%#sslice2] inv'0 c) - -> ([%#sslice1] inv'0 b) -> ([%#sslice0] inv'0 a) -> ([%#sslice5] produces'0 a (Seq.(++) ab bc) c) -end -module M_creusot_contracts__stdqy35z1__vec__qyi12862303518309667396__produces_refl [#"../../../creusot-contracts/src/std/vec.rs" 271 4 271 26] (* as std::iter::Iterator> *) - let%span svec0 = "../../../creusot-contracts/src/std/vec.rs" 270 14 270 45 - let%span svec1 = "../../../creusot-contracts/src/std/vec.rs" 268 4 268 10 - let%span svec2 = "../../../creusot-contracts/src/std/vec.rs" 264 12 264 41 + function lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_A'0) (o : t_A'0) : bool - use seq.Seq + function cmp_lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_A'0) (y : t_A'0) : () - type t_T'0 + axiom cmp_lt_log'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord5] lt_log'1 x y = (cmp_log'1 x y = C_Less'0) - use seq.Seq + function le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_A'0) (o : t_A'0) : bool - use prelude.prelude.Opaque + function cmp_le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_A'0) (y : t_A'0) : () - type t_NonNull'0 = - { t_NonNull__pointer'0: opaque_ptr } + axiom cmp_le_log'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord4] le_log'1 x y = (cmp_log'1 x y <> C_Greater'0) - use prelude.prelude.UIntSize + function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 293 4 293 36] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : bool + + = + [%#sord2] (let (a, _) = self in a) = (let (a, _) = o in a) + /\ gt_log'1 (let (_, a) = self in a) (let (_, a) = o in a) + \/ gt_log'2 (let (a, _) = self in a) (let (a, _) = o in a) + + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 262 4 262 41] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : t_Ordering'0 + + = + [%#sord3] let r = cmp_log'1 (let (a, _) = self in a) (let (a, _) = o in a) in if r = C_Equal'0 then + cmp_log'2 (let (_, a) = self in a) (let (_, a) = o in a) + else + r + + + constant x : (t_A'0, t_B'0) + + constant y : (t_A'0, t_B'0) + + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39] (x : (t_A'0, t_B'0)) (y : (t_A'0, t_B'0)) : () + + + goal vc_cmp_gt_log'0 : [%#sord0] gt_log'0 x y = (cmp_log'0 x y = C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi1910662420989811789__refl [#"../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24] (* <(A, B) as logic::ord::OrdLogic> *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 149 39 149 70 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 147 8 147 35 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 263 8 270 11 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 + let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 + let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 + let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 + let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 + let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 + let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 + let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 + let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 + let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 + let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 + let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 type t_A'0 - type t_ManuallyDrop'0 = - { t_ManuallyDrop__value'0: t_A'0 } + type t_B'0 - type t_IntoIter'0 = - { t_IntoIter__buf'0: t_NonNull'0; - t_IntoIter__phantom'0: (); - t_IntoIter__cap'0: usize; - t_IntoIter__alloc'0: t_ManuallyDrop'0; - t_IntoIter__ptr'0: t_NonNull'0; - t_IntoIter__end'0: opaque_ptr } + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 + + function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_A'0) (other : t_A'0) : t_Ordering'0 + + + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_A'0) (y : t_A'0) : () + + axiom eq_cmp'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord15] (x = y) = (cmp_log'1 x y = C_Equal'0) - function view'0 [#"../../../creusot-contracts/src/std/vec.rs" 234 4 234 33] (self : t_IntoIter'0) : Seq.seq t_T'0 + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_A'0) (y : t_A'0) : () - use seq.Seq + axiom antisym2'0_spec : forall x : t_A'0, y : t_A'0 . ([%#sord13] cmp_log'1 x y = C_Greater'0) + -> ([%#sord14] cmp_log'1 y x = C_Less'0) - predicate produces'0 [#"../../../creusot-contracts/src/std/vec.rs" 262 4 262 57] (self : t_IntoIter'0) (visited : Seq.seq t_T'0) (rhs : t_IntoIter'0) + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_A'0) (y : t_A'0) : () + + axiom antisym1'0_spec : forall x : t_A'0, y : t_A'0 . ([%#sord11] cmp_log'1 x y = C_Less'0) + -> ([%#sord12] cmp_log'1 y x = C_Greater'0) + + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_A'0) (y : t_A'0) (z : t_A'0) (o : t_Ordering'0) : () - = - [%#svec2] view'0 self = Seq.(++) visited (view'0 rhs) - constant self : t_IntoIter'0 + axiom trans'0_spec : forall x : t_A'0, y : t_A'0, z : t_A'0, o : t_Ordering'0 . ([%#sord8] cmp_log'1 x y = o) + -> ([%#sord9] cmp_log'1 y z = o) -> ([%#sord10] cmp_log'1 x z = o) - function produces_refl'0 [#"../../../creusot-contracts/src/std/vec.rs" 271 4 271 26] (self : t_IntoIter'0) : () + function refl'1 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_A'0) : () - goal vc_produces_refl'0 : [%#svec0] produces'0 self (Seq.empty : Seq.seq t_T'0) self -end -module M_creusot_contracts__stdqy35z1__vec__qyi12862303518309667396__produces_trans [#"../../../creusot-contracts/src/std/vec.rs" 278 4 278 72] (* as std::iter::Iterator> *) - let%span svec0 = "../../../creusot-contracts/src/std/vec.rs" 275 15 275 32 - let%span svec1 = "../../../creusot-contracts/src/std/vec.rs" 276 15 276 32 - let%span svec2 = "../../../creusot-contracts/src/std/vec.rs" 277 14 277 42 - let%span svec3 = "../../../creusot-contracts/src/std/vec.rs" 273 4 273 10 - let%span svec4 = "../../../creusot-contracts/src/std/vec.rs" 264 12 264 41 + axiom refl'1_spec : forall x : t_A'0 . [%#sord7] cmp_log'1 x x = C_Equal'0 - use prelude.prelude.Opaque + function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_A'0) (o : t_A'0) : bool - type t_NonNull'0 = - { t_NonNull__pointer'0: opaque_ptr } + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_A'0) (y : t_A'0) : () - use prelude.prelude.UIntSize + axiom cmp_gt_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord6] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) - type t_A'0 + function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_A'0) (o : t_A'0) : bool - type t_ManuallyDrop'0 = - { t_ManuallyDrop__value'0: t_A'0 } + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_A'0) (y : t_A'0) : () - type t_IntoIter'0 = - { t_IntoIter__buf'0: t_NonNull'0; - t_IntoIter__phantom'0: (); - t_IntoIter__cap'0: usize; - t_IntoIter__alloc'0: t_ManuallyDrop'0; - t_IntoIter__ptr'0: t_NonNull'0; - t_IntoIter__end'0: opaque_ptr } + axiom cmp_ge_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord5] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) - type t_T'0 + function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_A'0) (o : t_A'0) : bool - use seq.Seq + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_A'0) (y : t_A'0) : () - function view'0 [#"../../../creusot-contracts/src/std/vec.rs" 234 4 234 33] (self : t_IntoIter'0) : Seq.seq t_T'0 + axiom cmp_lt_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord4] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) - use seq.Seq + function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_A'0) (o : t_A'0) : bool - predicate produces'0 [#"../../../creusot-contracts/src/std/vec.rs" 262 4 262 57] (self : t_IntoIter'0) (visited : Seq.seq t_T'0) (rhs : t_IntoIter'0) + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_A'0) (y : t_A'0) : () + + axiom cmp_le_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord3] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) + + function cmp_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_B'0) (other : t_B'0) : t_Ordering'0 - = - [%#svec4] view'0 self = Seq.(++) visited (view'0 rhs) - constant a : t_IntoIter'0 + function eq_cmp'1 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_B'0) (y : t_B'0) : () - constant ab : Seq.seq t_T'0 + axiom eq_cmp'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord15] (x = y) = (cmp_log'2 x y = C_Equal'0) - constant b : t_IntoIter'0 + function antisym2'1 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_B'0) (y : t_B'0) : () - constant bc : Seq.seq t_T'0 + axiom antisym2'1_spec : forall x : t_B'0, y : t_B'0 . ([%#sord13] cmp_log'2 x y = C_Greater'0) + -> ([%#sord14] cmp_log'2 y x = C_Less'0) - constant c : t_IntoIter'0 + function antisym1'1 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_B'0) (y : t_B'0) : () - function produces_trans'0 [#"../../../creusot-contracts/src/std/vec.rs" 278 4 278 72] (a : t_IntoIter'0) (ab : Seq.seq t_T'0) (b : t_IntoIter'0) (bc : Seq.seq t_T'0) (c : t_IntoIter'0) : () + axiom antisym1'1_spec : forall x : t_B'0, y : t_B'0 . ([%#sord11] cmp_log'2 x y = C_Less'0) + -> ([%#sord12] cmp_log'2 y x = C_Greater'0) + + function trans'1 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_B'0) (y : t_B'0) (z : t_B'0) (o : t_Ordering'0) : () - goal vc_produces_trans'0 : ([%#svec1] produces'0 b bc c) - -> ([%#svec0] produces'0 a ab b) -> ([%#svec2] produces'0 a (Seq.(++) ab bc) c) -end -module M_creusot_contracts__num_rational__qyi7156484438548626841__cmp_le_log [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 78 39 78 89 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 76 8 76 35 - let%span snum_rational2 = "../../../creusot-contracts/src/num_rational.rs" 29 4 29 12 + axiom trans'1_spec : forall x : t_B'0, y : t_B'0, z : t_B'0, o : t_Ordering'0 . ([%#sord8] cmp_log'2 x y = o) + -> ([%#sord9] cmp_log'2 y z = o) -> ([%#sord10] cmp_log'2 x z = o) - use prelude.prelude.Real + function refl'2 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_B'0) : () - use prelude.prelude.Real + axiom refl'2_spec : forall x : t_B'0 . [%#sord7] cmp_log'2 x x = C_Equal'0 - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_B'0) (o : t_B'0) : bool - use prelude.prelude.Real + function cmp_gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_B'0) (y : t_B'0) : () - function cmp_log'0 [#"../../../creusot-contracts/src/num_rational.rs" 31 4 31 41] (self : Real.real) (o : Real.real) : t_Ordering'0 - - = - [%#snum_rational2] if Real.(<) self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + axiom cmp_gt_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord6] gt_log'1 x y = (cmp_log'2 x y = C_Greater'0) - constant x : Real.real + function ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_B'0) (o : t_B'0) : bool - constant y : Real.real + function cmp_ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_B'0) (y : t_B'0) : () - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (x : Real.real) (y : Real.real) : () + axiom cmp_ge_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord5] ge_log'1 x y = (cmp_log'2 x y <> C_Less'0) - goal vc_cmp_le_log'0 : [%#sord0] Real.(<=) x y = (cmp_log'0 x y <> C_Greater'0) -end -module M_creusot_contracts__num_rational__qyi7156484438548626841__cmp_lt_log [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 83 39 83 86 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 81 8 81 35 - let%span snum_rational2 = "../../../creusot-contracts/src/num_rational.rs" 29 4 29 12 + function lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_B'0) (o : t_B'0) : bool - use prelude.prelude.Real + function cmp_lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_B'0) (y : t_B'0) : () - use prelude.prelude.Real + axiom cmp_lt_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord4] lt_log'1 x y = (cmp_log'2 x y = C_Less'0) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_B'0) (o : t_B'0) : bool - function cmp_log'0 [#"../../../creusot-contracts/src/num_rational.rs" 31 4 31 41] (self : Real.real) (o : Real.real) : t_Ordering'0 + function cmp_le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_B'0) (y : t_B'0) : () + + axiom cmp_le_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord3] le_log'1 x y = (cmp_log'2 x y <> C_Greater'0) + + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 262 4 262 41] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : t_Ordering'0 = - [%#snum_rational2] if Real.(<) self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - - constant x : Real.real + [%#sord2] let r = cmp_log'1 (let (a, _) = self in a) (let (a, _) = o in a) in if r = C_Equal'0 then + cmp_log'2 (let (_, a) = self in a) (let (_, a) = o in a) + else + r + - constant y : Real.real + constant x : (t_A'0, t_B'0) - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (x : Real.real) (y : Real.real) : () + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24] (x : (t_A'0, t_B'0)) : () - goal vc_cmp_lt_log'0 : [%#sord0] Real.(<) x y = (cmp_log'0 x y = C_Less'0) + goal vc_refl'0 : [%#sord0] cmp_log'0 x x = C_Equal'0 end -module M_creusot_contracts__num_rational__qyi7156484438548626841__cmp_ge_log [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 88 39 88 86 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 86 8 86 35 - let%span snum_rational2 = "../../../creusot-contracts/src/num_rational.rs" 29 4 29 12 +module M_creusot_contracts__logic__ord__qyi1910662420989811789__trans [#"../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56] (* <(A, B) as logic::ord::OrdLogic> *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 154 40 154 57 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 155 40 155 57 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 156 39 156 56 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 152 8 152 35 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 263 8 270 11 + let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 + let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 + let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 + let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 + let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 + let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 + let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 + let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 + let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 + let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 + let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 + let%span sord16 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 + let%span sord17 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 - use prelude.prelude.Real + type t_A'0 - use prelude.prelude.Real + type t_B'0 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - use prelude.prelude.Real - - function cmp_log'0 [#"../../../creusot-contracts/src/num_rational.rs" 31 4 31 41] (self : Real.real) (o : Real.real) : t_Ordering'0 + function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_A'0) (other : t_A'0) : t_Ordering'0 - = - [%#snum_rational2] if Real.(<) self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - - constant x : Real.real - - constant y : Real.real - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (x : Real.real) (y : Real.real) : () + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_A'0) (y : t_A'0) : () - goal vc_cmp_ge_log'0 : [%#sord0] Real.(>=) x y = (cmp_log'0 x y <> C_Less'0) -end -module M_creusot_contracts__num_rational__qyi7156484438548626841__cmp_gt_log [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 93 39 93 89 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 91 8 91 35 - let%span snum_rational2 = "../../../creusot-contracts/src/num_rational.rs" 29 4 29 12 + axiom eq_cmp'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord17] (x = y) = (cmp_log'1 x y = C_Equal'0) - use prelude.prelude.Real + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_A'0) (y : t_A'0) : () - use prelude.prelude.Real + axiom antisym2'0_spec : forall x : t_A'0, y : t_A'0 . ([%#sord15] cmp_log'1 x y = C_Greater'0) + -> ([%#sord16] cmp_log'1 y x = C_Less'0) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_A'0) (y : t_A'0) : () - use prelude.prelude.Real + axiom antisym1'0_spec : forall x : t_A'0, y : t_A'0 . ([%#sord13] cmp_log'1 x y = C_Less'0) + -> ([%#sord14] cmp_log'1 y x = C_Greater'0) - function cmp_log'0 [#"../../../creusot-contracts/src/num_rational.rs" 31 4 31 41] (self : Real.real) (o : Real.real) : t_Ordering'0 + function trans'1 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_A'0) (y : t_A'0) (z : t_A'0) (o : t_Ordering'0) : () - = - [%#snum_rational2] if Real.(<) self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - constant x : Real.real + axiom trans'1_spec : forall x : t_A'0, y : t_A'0, z : t_A'0, o : t_Ordering'0 . ([%#sord10] cmp_log'1 x y = o) + -> ([%#sord11] cmp_log'1 y z = o) -> ([%#sord12] cmp_log'1 x z = o) - constant y : Real.real + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_A'0) : () - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (x : Real.real) (y : Real.real) : () + axiom refl'0_spec : forall x : t_A'0 . [%#sord9] cmp_log'1 x x = C_Equal'0 - goal vc_cmp_gt_log'0 : [%#sord0] Real.(>) x y = (cmp_log'0 x y = C_Greater'0) -end -module M_creusot_contracts__num_rational__qyi7156484438548626841__refl [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 98 39 98 70 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 96 8 96 35 - let%span snum_rational2 = "../../../creusot-contracts/src/num_rational.rs" 29 4 29 12 + function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_A'0) (o : t_A'0) : bool - use prelude.prelude.Real + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_A'0) (y : t_A'0) : () - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + axiom cmp_gt_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord8] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) - use prelude.prelude.Real + function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_A'0) (o : t_A'0) : bool - function cmp_log'0 [#"../../../creusot-contracts/src/num_rational.rs" 31 4 31 41] (self : Real.real) (o : Real.real) : t_Ordering'0 - - = - [%#snum_rational2] if Real.(<) self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_A'0) (y : t_A'0) : () - constant x : Real.real + axiom cmp_ge_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord7] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (x : Real.real) : () + function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_A'0) (o : t_A'0) : bool - goal vc_refl'0 : [%#sord0] cmp_log'0 x x = C_Equal'0 -end -module M_creusot_contracts__num_rational__qyi7156484438548626841__trans [#"../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 103 40 103 57 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 104 40 104 57 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 105 39 105 56 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 101 8 101 35 - let%span snum_rational4 = "../../../creusot-contracts/src/num_rational.rs" 29 4 29 12 + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_A'0) (y : t_A'0) : () - use prelude.prelude.Real + axiom cmp_lt_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord6] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_A'0) (o : t_A'0) : bool - use prelude.prelude.Real + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_A'0) (y : t_A'0) : () - function cmp_log'0 [#"../../../creusot-contracts/src/num_rational.rs" 31 4 31 41] (self : Real.real) (o : Real.real) : t_Ordering'0 + axiom cmp_le_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord5] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) + + function cmp_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_B'0) (other : t_B'0) : t_Ordering'0 - = - [%#snum_rational4] if Real.(<) self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - constant x : Real.real + function eq_cmp'1 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_B'0) (y : t_B'0) : () - constant y : Real.real + axiom eq_cmp'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord17] (x = y) = (cmp_log'2 x y = C_Equal'0) - constant z : Real.real + function antisym2'1 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_B'0) (y : t_B'0) : () - constant o : t_Ordering'0 + axiom antisym2'1_spec : forall x : t_B'0, y : t_B'0 . ([%#sord15] cmp_log'2 x y = C_Greater'0) + -> ([%#sord16] cmp_log'2 y x = C_Less'0) + + function antisym1'1 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_B'0) (y : t_B'0) : () + + axiom antisym1'1_spec : forall x : t_B'0, y : t_B'0 . ([%#sord13] cmp_log'2 x y = C_Less'0) + -> ([%#sord14] cmp_log'2 y x = C_Greater'0) - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56] (x : Real.real) (y : Real.real) (z : Real.real) (o : t_Ordering'0) : () + function trans'2 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_B'0) (y : t_B'0) (z : t_B'0) (o : t_Ordering'0) : () - goal vc_trans'0 : ([%#sord1] cmp_log'0 y z = o) -> ([%#sord0] cmp_log'0 x y = o) -> ([%#sord2] cmp_log'0 x z = o) -end -module M_creusot_contracts__num_rational__qyi7156484438548626841__antisym1 [#"../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 110 40 110 70 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 111 39 111 72 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 108 8 108 35 - let%span snum_rational3 = "../../../creusot-contracts/src/num_rational.rs" 29 4 29 12 + axiom trans'2_spec : forall x : t_B'0, y : t_B'0, z : t_B'0, o : t_Ordering'0 . ([%#sord10] cmp_log'2 x y = o) + -> ([%#sord11] cmp_log'2 y z = o) -> ([%#sord12] cmp_log'2 x z = o) - use prelude.prelude.Real + function refl'1 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_B'0) : () - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + axiom refl'1_spec : forall x : t_B'0 . [%#sord9] cmp_log'2 x x = C_Equal'0 - use prelude.prelude.Real + function gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_B'0) (o : t_B'0) : bool - function cmp_log'0 [#"../../../creusot-contracts/src/num_rational.rs" 31 4 31 41] (self : Real.real) (o : Real.real) : t_Ordering'0 - - = - [%#snum_rational3] if Real.(<) self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + function cmp_gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_B'0) (y : t_B'0) : () - constant x : Real.real + axiom cmp_gt_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord8] gt_log'1 x y = (cmp_log'2 x y = C_Greater'0) - constant y : Real.real + function ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_B'0) (o : t_B'0) : bool - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37] (x : Real.real) (y : Real.real) : () + function cmp_ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_B'0) (y : t_B'0) : () - goal vc_antisym1'0 : ([%#sord0] cmp_log'0 x y = C_Less'0) -> ([%#sord1] cmp_log'0 y x = C_Greater'0) -end -module M_creusot_contracts__num_rational__qyi7156484438548626841__antisym2 [#"../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 116 40 116 73 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 117 39 117 69 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 114 8 114 35 - let%span snum_rational3 = "../../../creusot-contracts/src/num_rational.rs" 29 4 29 12 + axiom cmp_ge_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord7] ge_log'1 x y = (cmp_log'2 x y <> C_Less'0) - use prelude.prelude.Real + function lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_B'0) (o : t_B'0) : bool - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function cmp_lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_B'0) (y : t_B'0) : () - use prelude.prelude.Real + axiom cmp_lt_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord6] lt_log'1 x y = (cmp_log'2 x y = C_Less'0) - function cmp_log'0 [#"../../../creusot-contracts/src/num_rational.rs" 31 4 31 41] (self : Real.real) (o : Real.real) : t_Ordering'0 + function le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_B'0) (o : t_B'0) : bool + + function cmp_le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_B'0) (y : t_B'0) : () + + axiom cmp_le_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord5] le_log'1 x y = (cmp_log'2 x y <> C_Greater'0) + + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 262 4 262 41] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : t_Ordering'0 = - [%#snum_rational3] if Real.(<) self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord4] let r = cmp_log'1 (let (a, _) = self in a) (let (a, _) = o in a) in if r = C_Equal'0 then + cmp_log'2 (let (_, a) = self in a) (let (_, a) = o in a) + else + r + - constant x : Real.real + constant x : (t_A'0, t_B'0) - constant y : Real.real + constant y : (t_A'0, t_B'0) + + constant z : (t_A'0, t_B'0) - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37] (x : Real.real) (y : Real.real) : () + constant o : t_Ordering'0 - goal vc_antisym2'0 : ([%#sord0] cmp_log'0 x y = C_Greater'0) -> ([%#sord1] cmp_log'0 y x = C_Less'0) + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56] (x : (t_A'0, t_B'0)) (y : (t_A'0, t_B'0)) (z : (t_A'0, t_B'0)) (o : t_Ordering'0) : () + + + goal vc_trans'0 : ([%#sord1] cmp_log'0 y z = o) -> ([%#sord0] cmp_log'0 x y = o) -> ([%#sord2] cmp_log'0 x z = o) end -module M_creusot_contracts__num_rational__qyi7156484438548626841__eq_cmp [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 122 39 122 84 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 120 8 120 35 - let%span snum_rational2 = "../../../creusot-contracts/src/num_rational.rs" 29 4 29 12 +module M_creusot_contracts__logic__ord__qyi1910662420989811789__antisym1 [#"../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37] (* <(A, B) as logic::ord::OrdLogic> *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 161 40 161 70 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 162 39 162 72 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 159 8 159 35 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 263 8 270 11 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 + let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 + let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 + let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 + let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 + let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 + let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 + let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 + let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 + let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 + let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 + let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 + let%span sord16 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 - use prelude.prelude.Real + type t_A'0 + + type t_B'0 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - use prelude.prelude.Real - - function cmp_log'0 [#"../../../creusot-contracts/src/num_rational.rs" 31 4 31 41] (self : Real.real) (o : Real.real) : t_Ordering'0 + function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_A'0) (other : t_A'0) : t_Ordering'0 - = - [%#snum_rational2] if Real.(<) self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - - constant x : Real.real - - constant y : Real.real - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (x : Real.real) (y : Real.real) : () + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_A'0) (y : t_A'0) : () - goal vc_eq_cmp'0 : [%#sord0] (x = y) = (cmp_log'0 x y = C_Equal'0) -end -module M_creusot_contracts__ghost__qyi17645547594388049322__clone [#"../../../creusot-contracts/src/ghost.rs" 33 4 33 27] (* as std::clone::Clone> *) - let%span sghost0 = "../../../creusot-contracts/src/ghost.rs" 33 14 33 18 - let%span sghost1 = "../../../creusot-contracts/src/ghost.rs" 33 23 33 27 - let%span sghost2 = "../../../creusot-contracts/src/ghost.rs" 32 14 32 29 - let%span sclone3 = "../../../creusot-contracts/src/std/clone.rs" 7 0 20 1 - let%span sinvariant4 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 - let%span sboxed5 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 + axiom eq_cmp'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord16] (x = y) = (cmp_log'1 x y = C_Equal'0) - type t_T'0 + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_A'0) (y : t_A'0) : () - type t_GhostBox'0 = - { t_GhostBox__0'0: t_T'0 } + axiom antisym2'0_spec : forall x : t_A'0, y : t_A'0 . ([%#sord14] cmp_log'1 x y = C_Greater'0) + -> ([%#sord15] cmp_log'1 y x = C_Less'0) - use prelude.prelude.Borrow + function antisym1'1 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_A'0) (y : t_A'0) : () - predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) + axiom antisym1'1_spec : forall x : t_A'0, y : t_A'0 . ([%#sord12] cmp_log'1 x y = C_Less'0) + -> ([%#sord13] cmp_log'1 y x = C_Greater'0) - predicate invariant'2 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : t_T'0) = - [%#sboxed5] inv'4 self + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_A'0) (y : t_A'0) (z : t_A'0) (o : t_Ordering'0) : () + - predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) + axiom trans'0_spec : forall x : t_A'0, y : t_A'0, z : t_A'0, o : t_Ordering'0 . ([%#sord9] cmp_log'1 x y = o) + -> ([%#sord10] cmp_log'1 y z = o) -> ([%#sord11] cmp_log'1 x z = o) - axiom inv_axiom'3 [@rewrite] : forall x : t_T'0 [inv'3 x] . inv'3 x = invariant'2 x + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_A'0) : () - predicate invariant'1 [#"../../../creusot-contracts/src/invariant.rs" 23 4 23 30] (self : t_T'0) = - [%#sinvariant4] inv'3 self + axiom refl'0_spec : forall x : t_A'0 . [%#sord8] cmp_log'1 x x = C_Equal'0 - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) + function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_A'0) (o : t_A'0) : bool - axiom inv_axiom'2 [@rewrite] : forall x : t_T'0 [inv'2 x] . inv'2 x = invariant'1 x + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_A'0) (y : t_A'0) : () - let rec clone'1 (self:t_T'0) (return' (ret:t_T'0))= {[@expl:clone 'self' type invariant] inv'2 self} - any [ return' (result:t_T'0)-> {inv'3 result} {[%#sclone3] result = self} (! return' {result}) ] + axiom cmp_gt_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord7] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) - use prelude.prelude.Intrinsic + function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_A'0) (o : t_A'0) : bool - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_GhostBox'0) + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_A'0) (y : t_A'0) : () - axiom inv_axiom'1 [@rewrite] : forall x : t_GhostBox'0 [inv'1 x] . inv'1 x - = match x with - | {t_GhostBox__0'0 = a_0} -> inv'3 a_0 - end + axiom cmp_ge_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord6] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) - predicate invariant'0 [#"../../../creusot-contracts/src/invariant.rs" 23 4 23 30] (self : t_GhostBox'0) = - [%#sinvariant4] inv'1 self + function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_A'0) (o : t_A'0) : bool - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_GhostBox'0) + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_A'0) (y : t_A'0) : () - axiom inv_axiom'0 [@rewrite] : forall x : t_GhostBox'0 [inv'0 x] . inv'0 x = invariant'0 x + axiom cmp_lt_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord5] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) - meta "compute_max_steps" 1000000 + function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_A'0) (o : t_A'0) : bool - let rec clone'0 (self:t_GhostBox'0) (return' (ret:t_GhostBox'0))= {[@expl:clone 'self' type invariant] [%#sghost0] inv'0 self} - (! bb0 - [ bb0 = s0 [ s0 = clone'1 {self.t_GhostBox__0'0} (fun (_ret':t_T'0) -> [ &_3 <- _ret' ] s1) | s1 = bb1 ] - | bb1 = s0 [ s0 = [ &_0 <- { t_GhostBox__0'0 = _3 } ] s1 | s1 = bb2 ] - | bb2 = return' {_0} ] - ) [ & _0 : t_GhostBox'0 = any_l () | & self : t_GhostBox'0 = self | & _3 : t_T'0 = any_l () ] - [ return' (result:t_GhostBox'0)-> {[@expl:clone result type invariant] [%#sghost1] inv'1 result} - {[@expl:clone ensures] [%#sghost2] result = self} - (! return' {result}) ] - -end -module M_creusot_contracts__ghost__qyi1862168959261460300__deref [#"../../../creusot-contracts/src/ghost.rs" 52 4 52 36] (* as std::ops::Deref> *) - let%span sghost0 = "../../../creusot-contracts/src/ghost.rs" 52 14 52 18 - let%span sghost1 = "../../../creusot-contracts/src/ghost.rs" 52 23 52 36 - let%span sghost2 = "../../../creusot-contracts/src/ghost.rs" 51 14 51 35 - let%span sinvariant3 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 - let%span sboxed4 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_A'0) (y : t_A'0) : () - type t_T'0 + axiom cmp_le_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord4] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) - type t_GhostBox'0 = - { t_GhostBox__0'0: t_T'0 } + function cmp_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_B'0) (other : t_B'0) : t_Ordering'0 + - use prelude.prelude.Borrow + function eq_cmp'1 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_B'0) (y : t_B'0) : () - use prelude.prelude.Intrinsic + axiom eq_cmp'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord16] (x = y) = (cmp_log'2 x y = C_Equal'0) - predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) + function antisym2'1 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_B'0) (y : t_B'0) : () - predicate invariant'2 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : t_T'0) = - [%#sboxed4] inv'3 self + axiom antisym2'1_spec : forall x : t_B'0, y : t_B'0 . ([%#sord14] cmp_log'2 x y = C_Greater'0) + -> ([%#sord15] cmp_log'2 y x = C_Less'0) - predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) + function antisym1'2 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_B'0) (y : t_B'0) : () - axiom inv_axiom'3 [@rewrite] : forall x : t_T'0 [inv'4 x] . inv'4 x = invariant'2 x + axiom antisym1'2_spec : forall x : t_B'0, y : t_B'0 . ([%#sord12] cmp_log'2 x y = C_Less'0) + -> ([%#sord13] cmp_log'2 y x = C_Greater'0) - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_GhostBox'0) + function trans'1 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_B'0) (y : t_B'0) (z : t_B'0) (o : t_Ordering'0) : () + - axiom inv_axiom'2 [@rewrite] : forall x : t_GhostBox'0 [inv'2 x] . inv'2 x - = match x with - | {t_GhostBox__0'0 = a_0} -> inv'4 a_0 - end + axiom trans'1_spec : forall x : t_B'0, y : t_B'0, z : t_B'0, o : t_Ordering'0 . ([%#sord9] cmp_log'2 x y = o) + -> ([%#sord10] cmp_log'2 y z = o) -> ([%#sord11] cmp_log'2 x z = o) - predicate invariant'0 [#"../../../creusot-contracts/src/invariant.rs" 23 4 23 30] (self : t_GhostBox'0) = - [%#sinvariant3] inv'2 self + function refl'1 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_B'0) : () - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_GhostBox'0) + axiom refl'1_spec : forall x : t_B'0 . [%#sord8] cmp_log'2 x x = C_Equal'0 - axiom inv_axiom'0 [@rewrite] : forall x : t_GhostBox'0 [inv'0 x] . inv'0 x = invariant'0 x + function gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_B'0) (o : t_B'0) : bool - predicate invariant'1 [#"../../../creusot-contracts/src/invariant.rs" 23 4 23 30] (self : t_T'0) = - [%#sinvariant3] inv'3 self + function cmp_gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_B'0) (y : t_B'0) : () - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) + axiom cmp_gt_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord7] gt_log'1 x y = (cmp_log'2 x y = C_Greater'0) - axiom inv_axiom'1 [@rewrite] : forall x : t_T'0 [inv'1 x] . inv'1 x = invariant'1 x + function ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_B'0) (o : t_B'0) : bool - meta "compute_max_steps" 1000000 + function cmp_ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_B'0) (y : t_B'0) : () - let rec deref'0 (self:t_GhostBox'0) (return' (ret:t_T'0))= {[@expl:deref 'self' type invariant] [%#sghost0] inv'0 self} - (! bb0 - [ bb0 = s0 - [ s0 = [ &_5 <- self.t_GhostBox__0'0 ] s1 - | s1 = [ &_4 <- _5 ] s2 - | s2 = [ &_2 <- _4 ] s3 - | s3 = [ &_0 <- _2 ] s4 - | s4 = return' {_0} ] - ] - ) - [ & _0 : t_T'0 = any_l () - | & self : t_GhostBox'0 = self - | & _2 : t_T'0 = any_l () - | & _4 : t_T'0 = any_l () - | & _5 : t_T'0 = any_l () ] - - [ return' (result:t_T'0)-> {[@expl:deref result type invariant] [%#sghost1] inv'1 result} - {[@expl:deref ensures] [%#sghost2] self.t_GhostBox__0'0 = result} - (! return' {result}) ] - -end -module M_creusot_contracts__ghost__qyi17214052996668775070__deref_mut [#"../../../creusot-contracts/src/ghost.rs" 68 4 68 48] (* as std::ops::DerefMut> *) - let%span sghost0 = "../../../creusot-contracts/src/ghost.rs" 68 22 68 26 - let%span sghost1 = "../../../creusot-contracts/src/ghost.rs" 68 31 68 48 - let%span sghost2 = "../../../creusot-contracts/src/ghost.rs" 67 14 67 36 - let%span sresolve3 = "../../../creusot-contracts/src/resolve.rs" 54 20 54 34 - let%span sinvariant4 = "../../../creusot-contracts/src/invariant.rs" 34 20 34 44 - let%span sboxed5 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 + axiom cmp_ge_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord6] ge_log'1 x y = (cmp_log'2 x y <> C_Less'0) - use prelude.prelude.Borrow + function lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_B'0) (o : t_B'0) : bool - type t_T'0 + function cmp_lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_B'0) (y : t_B'0) : () - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) + axiom cmp_lt_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord5] lt_log'1 x y = (cmp_log'2 x y = C_Less'0) - type t_GhostBox'0 = - { t_GhostBox__0'0: t_T'0 } + function le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_B'0) (o : t_B'0) : bool - predicate invariant'0 [#"../../../creusot-contracts/src/invariant.rs" 33 4 33 30] (self : borrowed t_T'0) = - [%#sinvariant4] inv'0 self.current /\ inv'0 self.final + function cmp_le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_B'0) (y : t_B'0) : () - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : borrowed t_T'0) + axiom cmp_le_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord4] le_log'1 x y = (cmp_log'2 x y <> C_Greater'0) - axiom inv_axiom'0 [@rewrite] : forall x : borrowed t_T'0 [inv'1 x] . inv'1 x = invariant'0 x + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 262 4 262 41] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : t_Ordering'0 + + = + [%#sord3] let r = cmp_log'1 (let (a, _) = self in a) (let (a, _) = o in a) in if r = C_Equal'0 then + cmp_log'2 (let (_, a) = self in a) (let (_, a) = o in a) + else + r + - predicate resolve'2 [#"../../../creusot-contracts/src/resolve.rs" 53 4 53 28] (self : borrowed t_T'0) = - [%#sresolve3] self.final = self.current + constant x : (t_A'0, t_B'0) - predicate resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : borrowed t_T'0) = - resolve'2 _1 + constant y : (t_A'0, t_B'0) - predicate invariant'2 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : t_T'0) = - [%#sboxed5] inv'0 self + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37] (x : (t_A'0, t_B'0)) (y : (t_A'0, t_B'0)) : () + - predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) + goal vc_antisym1'0 : ([%#sord0] cmp_log'0 x y = C_Less'0) -> ([%#sord1] cmp_log'0 y x = C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi1910662420989811789__antisym2 [#"../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37] (* <(A, B) as logic::ord::OrdLogic> *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 167 40 167 73 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 168 39 168 69 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 165 8 165 35 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 263 8 270 11 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 + let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 + let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 + let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 + let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 + let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 + let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 + let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 + let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 + let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 + let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 + let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 + let%span sord16 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 - axiom inv_axiom'3 [@rewrite] : forall x : t_T'0 [inv'4 x] . inv'4 x = invariant'2 x + type t_A'0 - predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_GhostBox'0) + type t_B'0 - axiom inv_axiom'2 [@rewrite] : forall x : t_GhostBox'0 [inv'3 x] . inv'3 x - = match x with - | {t_GhostBox__0'0 = a_0} -> inv'4 a_0 - end + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate invariant'1 [#"../../../creusot-contracts/src/invariant.rs" 33 4 33 30] (self : borrowed (t_GhostBox'0)) = - [%#sinvariant4] inv'3 self.current /\ inv'3 self.final + function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_A'0) (other : t_A'0) : t_Ordering'0 + - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : borrowed (t_GhostBox'0)) + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_A'0) (y : t_A'0) : () - axiom inv_axiom'1 [@rewrite] : forall x : borrowed (t_GhostBox'0) [inv'2 x] . inv'2 x = invariant'1 x + axiom eq_cmp'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord16] (x = y) = (cmp_log'1 x y = C_Equal'0) - predicate resolve'3 [#"../../../creusot-contracts/src/resolve.rs" 53 4 53 28] (self : borrowed (t_GhostBox'0)) = - [%#sresolve3] self.final = self.current + function antisym2'1 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_A'0) (y : t_A'0) : () - predicate resolve'1 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : borrowed (t_GhostBox'0)) = - resolve'3 _1 + axiom antisym2'1_spec : forall x : t_A'0, y : t_A'0 . ([%#sord14] cmp_log'1 x y = C_Greater'0) + -> ([%#sord15] cmp_log'1 y x = C_Less'0) - use prelude.prelude.Intrinsic + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_A'0) (y : t_A'0) : () - meta "compute_max_steps" 1000000 + axiom antisym1'0_spec : forall x : t_A'0, y : t_A'0 . ([%#sord12] cmp_log'1 x y = C_Less'0) + -> ([%#sord13] cmp_log'1 y x = C_Greater'0) - let rec deref_mut'0 (self:borrowed (t_GhostBox'0)) (return' (ret:borrowed t_T'0))= {[@expl:deref_mut 'self' type invariant] [%#sghost0] inv'2 self} - (! bb0 - [ bb0 = s0 - [ s0 = {inv'0 (self.current).t_GhostBox__0'0} - Borrow.borrow_final {(self.current).t_GhostBox__0'0} {Borrow.inherit_id (Borrow.get_id self) 1} - (fun (_ret':borrowed t_T'0) -> - [ &_5 <- _ret' ] - -{inv'0 _ret'.final}- - [ &self <- { self with current = { t_GhostBox__0'0 = _ret'.final } } ] - s1) - | s1 = {inv'0 _5.current} - Borrow.borrow_final {_5.current} {Borrow.get_id _5} - (fun (_ret':borrowed t_T'0) -> - [ &_4 <- _ret' ] - -{inv'0 _ret'.final}- - [ &_5 <- { _5 with current = _ret'.final } ] - s2) - | s2 = {inv'0 _4.current} - Borrow.borrow_final {_4.current} {Borrow.get_id _4} - (fun (_ret':borrowed t_T'0) -> - [ &_2 <- _ret' ] - -{inv'0 _ret'.final}- - [ &_4 <- { _4 with current = _ret'.final } ] - s3) - | s3 = {inv'0 _2.current} - Borrow.borrow_final {_2.current} {Borrow.get_id _2} - (fun (_ret':borrowed t_T'0) -> - [ &_0 <- _ret' ] - -{inv'0 _ret'.final}- - [ &_2 <- { _2 with current = _ret'.final } ] - s4) - | s4 = {[@expl:type invariant] inv'1 _5} s5 - | s5 = -{resolve'0 _5}- s6 - | s6 = {[@expl:type invariant] inv'1 _4} s7 - | s7 = -{resolve'0 _4}- s8 - | s8 = {[@expl:type invariant] inv'1 _2} s9 - | s9 = -{resolve'0 _2}- s10 - | s10 = {[@expl:type invariant] inv'2 self} s11 - | s11 = -{resolve'1 self}- s12 - | s12 = return' {_0} ] - ] - ) - [ & _0 : borrowed t_T'0 = any_l () - | & self : borrowed (t_GhostBox'0) = self - | & _2 : borrowed t_T'0 = any_l () - | & _4 : borrowed t_T'0 = any_l () - | & _5 : borrowed t_T'0 = any_l () ] - - [ return' (result:borrowed t_T'0)-> {[@expl:deref_mut result type invariant] [%#sghost1] inv'1 result} - {[@expl:deref_mut ensures] [%#sghost2] result - = Borrow.borrow_logic (self.current).t_GhostBox__0'0 (self.final).t_GhostBox__0'0 (Borrow.inherit_id (Borrow.get_id self) 1)} - (! return' {result}) ] + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_A'0) (y : t_A'0) (z : t_A'0) (o : t_Ordering'0) : () -end -module M_creusot_contracts__ghost__qyi2175792468772189056__borrow [#"../../../creusot-contracts/src/ghost.rs" 107 4 107 40] (* ghost::GhostBox *) - let%span sghost0 = "../../../creusot-contracts/src/ghost.rs" 107 19 107 23 - let%span sghost1 = "../../../creusot-contracts/src/ghost.rs" 107 28 107 40 - let%span sghost2 = "../../../creusot-contracts/src/ghost.rs" 106 14 106 35 - let%span sinvariant3 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 - let%span sboxed4 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 - - type t_T'0 - type t_GhostBox'1 = - { t_GhostBox__0'0: t_T'0 } + axiom trans'0_spec : forall x : t_A'0, y : t_A'0, z : t_A'0, o : t_Ordering'0 . ([%#sord9] cmp_log'1 x y = o) + -> ([%#sord10] cmp_log'1 y z = o) -> ([%#sord11] cmp_log'1 x z = o) - use prelude.prelude.Borrow + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_A'0) : () - type t_GhostBox'0 = - { t_GhostBox__0'1: t_T'0 } + axiom refl'0_spec : forall x : t_A'0 . [%#sord8] cmp_log'1 x x = C_Equal'0 - use prelude.prelude.Intrinsic + function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_A'0) (o : t_A'0) : bool - predicate inv'6 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_A'0) (y : t_A'0) : () - predicate invariant'2 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : t_T'0) = - [%#sboxed4] inv'6 self + axiom cmp_gt_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord7] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) - predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) + function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_A'0) (o : t_A'0) : bool - axiom inv_axiom'4 [@rewrite] : forall x : t_T'0 [inv'4 x] . inv'4 x = invariant'2 x + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_A'0) (y : t_A'0) : () - predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_GhostBox'1) + axiom cmp_ge_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord6] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) - axiom inv_axiom'3 [@rewrite] : forall x : t_GhostBox'1 [inv'3 x] . inv'3 x - = match x with - | {t_GhostBox__0'0 = a_0} -> inv'4 a_0 - end + function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_A'0) (o : t_A'0) : bool - predicate invariant'0 [#"../../../creusot-contracts/src/invariant.rs" 23 4 23 30] (self : t_GhostBox'1) = - [%#sinvariant3] inv'3 self + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_A'0) (y : t_A'0) : () - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_GhostBox'1) + axiom cmp_lt_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord5] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) - axiom inv_axiom'0 [@rewrite] : forall x : t_GhostBox'1 [inv'0 x] . inv'0 x = invariant'0 x + function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_A'0) (o : t_A'0) : bool - predicate invariant'3 [#"../../../creusot-contracts/src/invariant.rs" 23 4 23 30] (self : t_T'0) = - [%#sinvariant3] inv'6 self + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_A'0) (y : t_A'0) : () - predicate inv'5 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) + axiom cmp_le_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord4] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) - axiom inv_axiom'5 [@rewrite] : forall x : t_T'0 [inv'5 x] . inv'5 x = invariant'3 x + function cmp_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_B'0) (other : t_B'0) : t_Ordering'0 + - predicate invariant'1 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : t_T'0) = - [%#sboxed4] inv'5 self + function eq_cmp'1 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_B'0) (y : t_B'0) : () - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) + axiom eq_cmp'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord16] (x = y) = (cmp_log'2 x y = C_Equal'0) - axiom inv_axiom'2 [@rewrite] : forall x : t_T'0 [inv'2 x] . inv'2 x = invariant'1 x + function antisym2'2 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_B'0) (y : t_B'0) : () - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_GhostBox'0) + axiom antisym2'2_spec : forall x : t_B'0, y : t_B'0 . ([%#sord14] cmp_log'2 x y = C_Greater'0) + -> ([%#sord15] cmp_log'2 y x = C_Less'0) - axiom inv_axiom'1 [@rewrite] : forall x : t_GhostBox'0 [inv'1 x] . inv'1 x - = match x with - | {t_GhostBox__0'1 = a_0} -> inv'2 a_0 - end + function antisym1'1 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_B'0) (y : t_B'0) : () - meta "compute_max_steps" 1000000 + axiom antisym1'1_spec : forall x : t_B'0, y : t_B'0 . ([%#sord12] cmp_log'2 x y = C_Less'0) + -> ([%#sord13] cmp_log'2 y x = C_Greater'0) - let rec borrow'0 (self:t_GhostBox'1) (return' (ret:t_GhostBox'0))= {[@expl:borrow 'self' type invariant] [%#sghost0] inv'0 self} - (! bb0 - [ bb0 = s0 [ s0 = [ &_5 <- self.t_GhostBox__0'0 ] s1 | s1 = bb1 ] - | bb1 = s0 [ s0 = [ &_0 <- { t_GhostBox__0'1 = _5 } ] s1 | s1 = bb2 ] - | bb2 = return' {_0} ] - ) [ & _0 : t_GhostBox'0 = any_l () | & self : t_GhostBox'1 = self | & _5 : t_T'0 = any_l () ] - [ return' (result:t_GhostBox'0)-> {[@expl:borrow result type invariant] [%#sghost1] inv'1 result} - {[@expl:borrow ensures] [%#sghost2] result.t_GhostBox__0'1 = self.t_GhostBox__0'0} - (! return' {result}) ] + function trans'1 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_B'0) (y : t_B'0) (z : t_B'0) (o : t_Ordering'0) : () -end -module M_creusot_contracts__ghost__qyi2175792468772189056__borrow_mut [#"../../../creusot-contracts/src/ghost.rs" 121 4 121 52] (* ghost::GhostBox *) - let%span sghost0 = "../../../creusot-contracts/src/ghost.rs" 121 27 121 31 - let%span sghost1 = "../../../creusot-contracts/src/ghost.rs" 121 36 121 52 - let%span sghost2 = "../../../creusot-contracts/src/ghost.rs" 120 14 120 39 - let%span sresolve3 = "../../../creusot-contracts/src/resolve.rs" 54 20 54 34 - let%span sinvariant4 = "../../../creusot-contracts/src/invariant.rs" 34 20 34 44 - let%span sboxed5 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 - use prelude.prelude.Borrow + axiom trans'1_spec : forall x : t_B'0, y : t_B'0, z : t_B'0, o : t_Ordering'0 . ([%#sord9] cmp_log'2 x y = o) + -> ([%#sord10] cmp_log'2 y z = o) -> ([%#sord11] cmp_log'2 x z = o) - type t_T'0 + function refl'1 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_B'0) : () - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) + axiom refl'1_spec : forall x : t_B'0 . [%#sord8] cmp_log'2 x x = C_Equal'0 - type t_GhostBox'1 = - { t_GhostBox__0'0: t_T'0 } + function gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_B'0) (o : t_B'0) : bool - type t_GhostBox'0 = - { t_GhostBox__0'1: borrowed t_T'0 } + function cmp_gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_B'0) (y : t_B'0) : () - predicate invariant'0 [#"../../../creusot-contracts/src/invariant.rs" 33 4 33 30] (self : borrowed t_T'0) = - [%#sinvariant4] inv'0 self.current /\ inv'0 self.final + axiom cmp_gt_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord7] gt_log'1 x y = (cmp_log'2 x y = C_Greater'0) - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : borrowed t_T'0) + function ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_B'0) (o : t_B'0) : bool - axiom inv_axiom'0 [@rewrite] : forall x : borrowed t_T'0 [inv'1 x] . inv'1 x = invariant'0 x + function cmp_ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_B'0) (y : t_B'0) : () - predicate resolve'2 [#"../../../creusot-contracts/src/resolve.rs" 53 4 53 28] (self : borrowed t_T'0) = - [%#sresolve3] self.final = self.current + axiom cmp_ge_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord6] ge_log'1 x y = (cmp_log'2 x y <> C_Less'0) - predicate resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : borrowed t_T'0) = - resolve'2 _1 + function lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_B'0) (o : t_B'0) : bool - predicate invariant'3 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : t_T'0) = - [%#sboxed5] inv'0 self + function cmp_lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_B'0) (y : t_B'0) : () - predicate inv'6 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) + axiom cmp_lt_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord5] lt_log'1 x y = (cmp_log'2 x y = C_Less'0) - axiom inv_axiom'5 [@rewrite] : forall x : t_T'0 [inv'6 x] . inv'6 x = invariant'3 x + function le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_B'0) (o : t_B'0) : bool - predicate inv'5 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_GhostBox'1) + function cmp_le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_B'0) (y : t_B'0) : () - axiom inv_axiom'4 [@rewrite] : forall x : t_GhostBox'1 [inv'5 x] . inv'5 x - = match x with - | {t_GhostBox__0'0 = a_0} -> inv'6 a_0 - end + axiom cmp_le_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord4] le_log'1 x y = (cmp_log'2 x y <> C_Greater'0) - predicate invariant'1 [#"../../../creusot-contracts/src/invariant.rs" 33 4 33 30] (self : borrowed (t_GhostBox'1)) = - [%#sinvariant4] inv'5 self.current /\ inv'5 self.final + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 262 4 262 41] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : t_Ordering'0 + + = + [%#sord3] let r = cmp_log'1 (let (a, _) = self in a) (let (a, _) = o in a) in if r = C_Equal'0 then + cmp_log'2 (let (_, a) = self in a) (let (_, a) = o in a) + else + r + - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : borrowed (t_GhostBox'1)) + constant x : (t_A'0, t_B'0) - axiom inv_axiom'1 [@rewrite] : forall x : borrowed (t_GhostBox'1) [inv'2 x] . inv'2 x = invariant'1 x + constant y : (t_A'0, t_B'0) - predicate resolve'3 [#"../../../creusot-contracts/src/resolve.rs" 53 4 53 28] (self : borrowed (t_GhostBox'1)) = - [%#sresolve3] self.final = self.current + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37] (x : (t_A'0, t_B'0)) (y : (t_A'0, t_B'0)) : () + - predicate resolve'1 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : borrowed (t_GhostBox'1)) = - resolve'3 _1 + goal vc_antisym2'0 : ([%#sord0] cmp_log'0 x y = C_Greater'0) -> ([%#sord1] cmp_log'0 y x = C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi1910662420989811789__eq_cmp [#"../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35] (* <(A, B) as logic::ord::OrdLogic> *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 173 39 173 84 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 171 8 171 35 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 263 8 270 11 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 + let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 + let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 + let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 + let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 + let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 + let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 + let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 + let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 + let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 + let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 + let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 - use prelude.prelude.Intrinsic + type t_A'0 - predicate invariant'2 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : borrowed t_T'0) = - [%#sboxed5] inv'1 self + type t_B'0 - predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : borrowed t_T'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - axiom inv_axiom'3 [@rewrite] : forall x : borrowed t_T'0 [inv'4 x] . inv'4 x = invariant'2 x + function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_A'0) (other : t_A'0) : t_Ordering'0 + - predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_GhostBox'0) + function eq_cmp'1 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_A'0) (y : t_A'0) : () - axiom inv_axiom'2 [@rewrite] : forall x : t_GhostBox'0 [inv'3 x] . inv'3 x - = match x with - | {t_GhostBox__0'1 = a_0} -> inv'4 a_0 - end + axiom eq_cmp'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord15] (x = y) = (cmp_log'1 x y = C_Equal'0) - meta "compute_max_steps" 1000000 + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_A'0) (y : t_A'0) : () - let rec borrow_mut'0 (self:borrowed (t_GhostBox'1)) (return' (ret:t_GhostBox'0))= {[@expl:borrow_mut 'self' type invariant] [%#sghost0] inv'2 self} - (! bb0 - [ bb0 = s0 - [ s0 = {inv'0 (self.current).t_GhostBox__0'0} - Borrow.borrow_final {(self.current).t_GhostBox__0'0} {Borrow.inherit_id (Borrow.get_id self) 1} - (fun (_ret':borrowed t_T'0) -> - [ &_5 <- _ret' ] - -{inv'0 _ret'.final}- - [ &self <- { self with current = { t_GhostBox__0'0 = _ret'.final } } ] - s1) - | s1 = {inv'0 _5.current} - Borrow.borrow_final {_5.current} {Borrow.get_id _5} - (fun (_ret':borrowed t_T'0) -> - [ &_4 <- _ret' ] - -{inv'0 _ret'.final}- - [ &_5 <- { _5 with current = _ret'.final } ] - s2) - | s2 = bb1 ] - - | bb1 = s0 [ s0 = [ &_0 <- { t_GhostBox__0'1 = _4 } ] s1 | s1 = bb2 ] - | bb2 = s0 - [ s0 = {[@expl:type invariant] inv'1 _5} s1 - | s1 = -{resolve'0 _5}- s2 - | s2 = {[@expl:type invariant] inv'2 self} s3 - | s3 = -{resolve'1 self}- s4 - | s4 = return' {_0} ] - ] - ) - [ & _0 : t_GhostBox'0 = any_l () - | & self : borrowed (t_GhostBox'1) = self - | & _4 : borrowed t_T'0 = any_l () - | & _5 : borrowed t_T'0 = any_l () ] - - [ return' (result:t_GhostBox'0)-> {[@expl:borrow_mut result type invariant] [%#sghost1] inv'3 result} - {[@expl:borrow_mut ensures] [%#sghost2] result.t_GhostBox__0'1 - = Borrow.borrow_logic (self.current).t_GhostBox__0'0 (self.final).t_GhostBox__0'0 (Borrow.inherit_id (Borrow.get_id self) 1)} - (! return' {result}) ] + axiom antisym2'0_spec : forall x : t_A'0, y : t_A'0 . ([%#sord13] cmp_log'1 x y = C_Greater'0) + -> ([%#sord14] cmp_log'1 y x = C_Less'0) + + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_A'0) (y : t_A'0) : () + + axiom antisym1'0_spec : forall x : t_A'0, y : t_A'0 . ([%#sord11] cmp_log'1 x y = C_Less'0) + -> ([%#sord12] cmp_log'1 y x = C_Greater'0) + + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_A'0) (y : t_A'0) (z : t_A'0) (o : t_Ordering'0) : () -end -module M_creusot_contracts__ghost__qyi2175792468772189056__conjure [#"../../../creusot-contracts/src/ghost.rs" 138 4 138 28] (* ghost::GhostBox *) - let%span sghost0 = "../../../creusot-contracts/src/ghost.rs" 137 15 137 20 - let%span sghost1 = "../../../creusot-contracts/src/ghost.rs" 138 24 138 28 - let%span sboxed2 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 - type t_T'0 + axiom trans'0_spec : forall x : t_A'0, y : t_A'0, z : t_A'0, o : t_Ordering'0 . ([%#sord8] cmp_log'1 x y = o) + -> ([%#sord9] cmp_log'1 y z = o) -> ([%#sord10] cmp_log'1 x z = o) - type t_GhostBox'0 = - { t_GhostBox__0'0: t_T'0 } + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_A'0) : () - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) + axiom refl'0_spec : forall x : t_A'0 . [%#sord7] cmp_log'1 x x = C_Equal'0 - predicate invariant'0 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : t_T'0) = - [%#sboxed2] inv'2 self + function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_A'0) (o : t_A'0) : bool - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_A'0) (y : t_A'0) : () - axiom inv_axiom'1 [@rewrite] : forall x : t_T'0 [inv'1 x] . inv'1 x = invariant'0 x + axiom cmp_gt_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord6] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_GhostBox'0) + function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_A'0) (o : t_A'0) : bool - axiom inv_axiom'0 [@rewrite] : forall x : t_GhostBox'0 [inv'0 x] . inv'0 x - = match x with - | {t_GhostBox__0'0 = a_0} -> inv'1 a_0 - end + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_A'0) (y : t_A'0) : () - meta "compute_max_steps" 1000000 + axiom cmp_ge_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord5] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) - let rec conjure'0 (_1:()) (return' (ret:t_GhostBox'0))= {[@expl:conjure requires] [%#sghost0] false} - (! bb0 [ bb0 = bb1 | bb1 = bb1 [ bb1 = (! bb2) [ bb2 = bb1 ] ] ] ) - [ return' (result:t_GhostBox'0)-> {[@expl:conjure result type invariant] [%#sghost1] inv'0 result} - (! return' {result}) ] - -end -module M_creusot_contracts__ghost__qyi2175792468772189056__new [#"../../../creusot-contracts/src/ghost.rs" 164 4 164 28] (* ghost::GhostBox *) - let%span sghost0 = "../../../creusot-contracts/src/ghost.rs" 164 15 164 16 - let%span sghost1 = "../../../creusot-contracts/src/ghost.rs" 164 24 164 28 - let%span sghost2 = "../../../creusot-contracts/src/ghost.rs" 162 14 162 28 - let%span sboxed3 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 + function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_A'0) (o : t_A'0) : bool - type t_T'0 + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_A'0) (y : t_A'0) : () - type t_GhostBox'0 = - { t_GhostBox__0'0: t_T'0 } + axiom cmp_lt_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord4] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) - use prelude.prelude.Intrinsic + function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_A'0) (o : t_A'0) : bool - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_A'0) (y : t_A'0) : () - predicate invariant'0 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : t_T'0) = - [%#sboxed3] inv'0 self + axiom cmp_le_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord3] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) + function cmp_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_B'0) (other : t_B'0) : t_Ordering'0 + - axiom inv_axiom'1 [@rewrite] : forall x : t_T'0 [inv'2 x] . inv'2 x = invariant'0 x + function eq_cmp'2 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_B'0) (y : t_B'0) : () - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_GhostBox'0) + axiom eq_cmp'2_spec : forall x : t_B'0, y : t_B'0 . [%#sord15] (x = y) = (cmp_log'2 x y = C_Equal'0) - axiom inv_axiom'0 [@rewrite] : forall x : t_GhostBox'0 [inv'1 x] . inv'1 x - = match x with - | {t_GhostBox__0'0 = a_0} -> inv'2 a_0 - end + function antisym2'1 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_B'0) (y : t_B'0) : () - meta "compute_max_steps" 1000000 + axiom antisym2'1_spec : forall x : t_B'0, y : t_B'0 . ([%#sord13] cmp_log'2 x y = C_Greater'0) + -> ([%#sord14] cmp_log'2 y x = C_Less'0) - let rec new'0 (x:t_T'0) (return' (ret:t_GhostBox'0))= {[@expl:new 'x' type invariant] [%#sghost0] inv'0 x} - (! bb0 - [ bb0 = bb1 - | bb1 = bb2 - | bb2 = s0 [ s0 = [ &_0 <- { t_GhostBox__0'0 = x } ] s1 | s1 = bb3 ] - | bb3 = bb4 - | bb4 = return' {_0} ] - ) [ & _0 : t_GhostBox'0 = any_l () | & x : t_T'0 = x ] - [ return' (result:t_GhostBox'0)-> {[@expl:new result type invariant] [%#sghost1] inv'1 result} - {[@expl:new ensures] [%#sghost2] result.t_GhostBox__0'0 = x} - (! return' {result}) ] + function antisym1'1 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_B'0) (y : t_B'0) : () + + axiom antisym1'1_spec : forall x : t_B'0, y : t_B'0 . ([%#sord11] cmp_log'2 x y = C_Less'0) + -> ([%#sord12] cmp_log'2 y x = C_Greater'0) + + function trans'1 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_B'0) (y : t_B'0) (z : t_B'0) (o : t_Ordering'0) : () -end -module M_creusot_contracts__ghost__qyi2175792468772189056__into_inner [#"../../../creusot-contracts/src/ghost.rs" 182 4 182 32] (* ghost::GhostBox *) - let%span sghost0 = "../../../creusot-contracts/src/ghost.rs" 182 22 182 26 - let%span sghost1 = "../../../creusot-contracts/src/ghost.rs" 182 31 182 32 - let%span sghost2 = "../../../creusot-contracts/src/ghost.rs" 180 14 180 31 - let%span sboxed3 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 - type t_T'0 + axiom trans'1_spec : forall x : t_B'0, y : t_B'0, z : t_B'0, o : t_Ordering'0 . ([%#sord8] cmp_log'2 x y = o) + -> ([%#sord9] cmp_log'2 y z = o) -> ([%#sord10] cmp_log'2 x z = o) - type t_GhostBox'0 = - { t_GhostBox__0'0: t_T'0 } + function refl'1 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_B'0) : () - use prelude.prelude.Intrinsic + axiom refl'1_spec : forall x : t_B'0 . [%#sord7] cmp_log'2 x x = C_Equal'0 - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) + function gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_B'0) (o : t_B'0) : bool - predicate invariant'0 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : t_T'0) = - [%#sboxed3] inv'1 self + function cmp_gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_B'0) (y : t_B'0) : () - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) + axiom cmp_gt_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord6] gt_log'1 x y = (cmp_log'2 x y = C_Greater'0) - axiom inv_axiom'1 [@rewrite] : forall x : t_T'0 [inv'2 x] . inv'2 x = invariant'0 x + function ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_B'0) (o : t_B'0) : bool - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_GhostBox'0) + function cmp_ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_B'0) (y : t_B'0) : () - axiom inv_axiom'0 [@rewrite] : forall x : t_GhostBox'0 [inv'0 x] . inv'0 x - = match x with - | {t_GhostBox__0'0 = a_0} -> inv'2 a_0 - end + axiom cmp_ge_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord5] ge_log'1 x y = (cmp_log'2 x y <> C_Less'0) - meta "compute_max_steps" 1000000 + function lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_B'0) (o : t_B'0) : bool - let rec into_inner'0 (self:t_GhostBox'0) (return' (ret:t_T'0))= {[@expl:into_inner 'self' type invariant] [%#sghost0] inv'0 self} - (! bb0 [ bb0 = bb1 | bb1 = s0 [ s0 = [ &_0 <- self.t_GhostBox__0'0 ] s1 | s1 = bb2 ] | bb2 = return' {_0} ] ) - [ & _0 : t_T'0 = any_l () | & self : t_GhostBox'0 = self ] - - [ return' (result:t_T'0)-> {[@expl:into_inner result type invariant] [%#sghost1] inv'1 result} - {[@expl:into_inner ensures] [%#sghost2] result = self.t_GhostBox__0'0} - (! return' {result}) ] - -end -module M_creusot_contracts__snapshot__qyi5567339964777190687__clone [#"../../../creusot-contracts/src/snapshot.rs" 33 4 33 27] (* as std::clone::Clone> *) - let%span ssnapshot0 = "../../../creusot-contracts/src/snapshot.rs" 34 8 34 28 - let%span ssnapshot1 = "../../../creusot-contracts/src/snapshot.rs" 32 14 32 29 + function cmp_lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_B'0) (y : t_B'0) : () - use prelude.prelude.Snapshot + axiom cmp_lt_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord4] lt_log'1 x y = (cmp_log'2 x y = C_Less'0) - use prelude.prelude.Snapshot + function le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_B'0) (o : t_B'0) : bool - type t_T'0 + function cmp_le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_B'0) (y : t_B'0) : () - use prelude.prelude.Snapshot + axiom cmp_le_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord3] le_log'1 x y = (cmp_log'2 x y <> C_Greater'0) - use prelude.prelude.Intrinsic + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 262 4 262 41] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : t_Ordering'0 + + = + [%#sord2] let r = cmp_log'1 (let (a, _) = self in a) (let (a, _) = o in a) in if r = C_Equal'0 then + cmp_log'2 (let (_, a) = self in a) (let (_, a) = o in a) + else + r + - use prelude.prelude.Borrow + constant x : (t_A'0, t_B'0) - meta "compute_max_steps" 1000000 + constant y : (t_A'0, t_B'0) - let rec clone'0 (self:Snapshot.snap_ty t_T'0) (return' (ret:Snapshot.snap_ty t_T'0))= (! bb0 - [ bb0 = s0 [ s0 = [ &_0 <- [%#ssnapshot0] Snapshot.new (Snapshot.inner self) ] s1 | s1 = bb1 ] - | bb1 = return' {_0} ] - ) [ & _0 : Snapshot.snap_ty t_T'0 = any_l () | & self : Snapshot.snap_ty t_T'0 = self ] - [ return' (result:Snapshot.snap_ty t_T'0)-> {[@expl:clone ensures] [%#ssnapshot1] result = self} - (! return' {result}) ] + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35] (x : (t_A'0, t_B'0)) (y : (t_A'0, t_B'0)) : () + + goal vc_eq_cmp'0 : [%#sord0] (x = y) = (cmp_log'0 x y = C_Equal'0) end -module M_creusot_contracts__ptr_own__qyi17842610664047605351__new [#"../../../creusot-contracts/src/ptr_own.rs" 50 4 50 56] (* ptr_own::PtrOwn *) - let%span sptr_own0 = "../../../creusot-contracts/src/ptr_own.rs" 50 15 50 16 - let%span sptr_own1 = "../../../creusot-contracts/src/ptr_own.rs" 50 24 50 56 - let%span sptr_own2 = "../../../creusot-contracts/src/ptr_own.rs" 49 14 49 64 - let%span sptr_own3 = "../../../creusot-contracts/src/ptr_own.rs" 59 20 59 23 - let%span sptr_own4 = "../../../creusot-contracts/src/ptr_own.rs" 59 36 59 68 - let%span sptr_own5 = "../../../creusot-contracts/src/ptr_own.rs" 58 14 58 67 - let%span sghost6 = "../../../creusot-contracts/src/ghost.rs" 200 9 200 15 +module M_creusot_contracts__ptr_own__qyi17842610664047605351__new [#"../../../creusot-contracts/src/ptr_own.rs" 52 4 52 56] (* ptr_own::PtrOwn *) + let%span sptr_own0 = "../../../creusot-contracts/src/ptr_own.rs" 52 15 52 16 + let%span sptr_own1 = "../../../creusot-contracts/src/ptr_own.rs" 52 24 52 56 + let%span sptr_own2 = "../../../creusot-contracts/src/ptr_own.rs" 51 14 51 64 + let%span sptr_own3 = "../../../creusot-contracts/src/ptr_own.rs" 61 20 61 23 + let%span sptr_own4 = "../../../creusot-contracts/src/ptr_own.rs" 61 36 61 68 + let%span sptr_own5 = "../../../creusot-contracts/src/ptr_own.rs" 60 14 60 67 + let%span sghost6 = "../../../creusot-contracts/src/ghost.rs" 217 9 217 15 let%span sboxed7 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 - let%span sptr_own8 = "../../../creusot-contracts/src/ptr_own.rs" 42 20 42 66 + let%span sptr_own8 = "../../../creusot-contracts/src/ptr_own.rs" 44 20 44 66 let%span sptr9 = "../../../creusot-contracts/src/std/ptr.rs" 80 14 80 48 let%span sptr10 = "../../../creusot-contracts/src/std/ptr.rs" 82 8 82 30 @@ -15133,7 +15105,7 @@ module M_creusot_contracts__ptr_own__qyi17842610664047605351__new [#"../../../cr use prelude.prelude.Borrow - function ptr'0 [#"../../../creusot-contracts/src/ptr_own.rs" 24 4 24 34] (self : t_PtrOwn'0) : opaque_ptr + function ptr'0 [#"../../../creusot-contracts/src/ptr_own.rs" 26 4 26 34] (self : t_PtrOwn'0) : opaque_ptr use prelude.prelude.Int @@ -15144,9 +15116,9 @@ module M_creusot_contracts__ptr_own__qyi17842610664047605351__new [#"../../../cr axiom is_null_logic'0_spec : forall self : opaque_ptr . [%#sptr9] is_null_logic'0 self = (addr_logic'0 self = 0) - function val'0 [#"../../../creusot-contracts/src/ptr_own.rs" 31 4 31 34] (self : t_PtrOwn'0) : t_T'0 + function val'0 [#"../../../creusot-contracts/src/ptr_own.rs" 33 4 33 34] (self : t_PtrOwn'0) : t_T'0 - predicate invariant'2 [#"../../../creusot-contracts/src/ptr_own.rs" 41 4 41 30] (self : t_PtrOwn'0) = + predicate invariant'2 [#"../../../creusot-contracts/src/ptr_own.rs" 43 4 43 30] (self : t_PtrOwn'0) = [%#sptr_own8] not is_null_logic'0 (ptr'0 self) /\ inv'2 (val'0 self) predicate inv'5 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_PtrOwn'0) @@ -15172,7 +15144,7 @@ module M_creusot_contracts__ptr_own__qyi17842610664047605351__new [#"../../../cr axiom inv_axiom'0 [@rewrite] : forall x : (opaque_ptr, t_GhostBox'0) [inv'1 x] . inv'1 x = (let (x0, x1) = x in inv'3 x1) - function inner_logic'0 [#"../../../creusot-contracts/src/ghost.rs" 199 4 199 33] (self : t_GhostBox'0) : t_PtrOwn'0 = + function inner_logic'0 [#"../../../creusot-contracts/src/ghost.rs" 216 4 216 33] (self : t_GhostBox'0) : t_PtrOwn'0 = [%#sghost6] self.t_GhostBox__0'0 let rec from_box'0 (val':t_T'0) (return' (ret:(opaque_ptr, t_GhostBox'0)))= {[@expl:from_box 'val' type invariant] [%#sptr_own3] inv'2 val'} @@ -15201,17 +15173,17 @@ module M_creusot_contracts__ptr_own__qyi17842610664047605351__new [#"../../../cr (! return' {result}) ] end -module M_creusot_contracts__ptr_own__qyi17842610664047605351__drop [#"../../../creusot-contracts/src/ptr_own.rs" 96 4 96 57] (* ptr_own::PtrOwn *) - let%span sptr_own0 = "../../../creusot-contracts/src/ptr_own.rs" 96 32 96 35 - let%span sptr_own1 = "../../../creusot-contracts/src/ptr_own.rs" 95 15 95 31 - let%span sptr_own2 = "../../../creusot-contracts/src/ptr_own.rs" 90 34 90 37 - let%span sptr_own3 = "../../../creusot-contracts/src/ptr_own.rs" 87 15 87 31 - let%span sptr_own4 = "../../../creusot-contracts/src/ptr_own.rs" 90 63 90 69 - let%span sptr_own5 = "../../../creusot-contracts/src/ptr_own.rs" 88 14 88 35 - let%span sghost6 = "../../../creusot-contracts/src/ghost.rs" 200 9 200 15 +module M_creusot_contracts__ptr_own__qyi17842610664047605351__drop [#"../../../creusot-contracts/src/ptr_own.rs" 98 4 98 57] (* ptr_own::PtrOwn *) + let%span sptr_own0 = "../../../creusot-contracts/src/ptr_own.rs" 98 32 98 35 + let%span sptr_own1 = "../../../creusot-contracts/src/ptr_own.rs" 97 15 97 31 + let%span sptr_own2 = "../../../creusot-contracts/src/ptr_own.rs" 92 34 92 37 + let%span sptr_own3 = "../../../creusot-contracts/src/ptr_own.rs" 89 15 89 31 + let%span sptr_own4 = "../../../creusot-contracts/src/ptr_own.rs" 92 63 92 69 + let%span sptr_own5 = "../../../creusot-contracts/src/ptr_own.rs" 90 14 90 35 + let%span sghost6 = "../../../creusot-contracts/src/ghost.rs" 217 9 217 15 let%span sresolve7 = "../../../creusot-contracts/src/resolve.rs" 68 8 68 23 let%span sboxed8 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 - let%span sptr_own9 = "../../../creusot-contracts/src/ptr_own.rs" 42 20 42 66 + let%span sptr_own9 = "../../../creusot-contracts/src/ptr_own.rs" 44 20 44 66 let%span sptr10 = "../../../creusot-contracts/src/std/ptr.rs" 80 14 80 48 let%span sptr11 = "../../../creusot-contracts/src/std/ptr.rs" 82 8 82 30 @@ -15224,7 +15196,7 @@ module M_creusot_contracts__ptr_own__qyi17842610664047605351__drop [#"../../../c use prelude.prelude.Opaque - function ptr'0 [#"../../../creusot-contracts/src/ptr_own.rs" 24 4 24 34] (self : t_PtrOwn'0) : opaque_ptr + function ptr'0 [#"../../../creusot-contracts/src/ptr_own.rs" 26 4 26 34] (self : t_PtrOwn'0) : opaque_ptr use prelude.prelude.Int @@ -15237,7 +15209,7 @@ module M_creusot_contracts__ptr_own__qyi17842610664047605351__drop [#"../../../c type t_T'0 - function val'0 [#"../../../creusot-contracts/src/ptr_own.rs" 31 4 31 34] (self : t_PtrOwn'0) : t_T'0 + function val'0 [#"../../../creusot-contracts/src/ptr_own.rs" 33 4 33 34] (self : t_PtrOwn'0) : t_T'0 predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) @@ -15248,7 +15220,7 @@ module M_creusot_contracts__ptr_own__qyi17842610664047605351__drop [#"../../../c axiom inv_axiom'0 [@rewrite] : forall x : t_T'0 [inv'0 x] . inv'0 x = invariant'0 x - predicate invariant'2 [#"../../../creusot-contracts/src/ptr_own.rs" 41 4 41 30] (self : t_PtrOwn'0) = + predicate invariant'2 [#"../../../creusot-contracts/src/ptr_own.rs" 43 4 43 30] (self : t_PtrOwn'0) = [%#sptr_own9] not is_null_logic'0 (ptr'0 self) /\ inv'0 (val'0 self) predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_PtrOwn'0) @@ -15269,7 +15241,7 @@ module M_creusot_contracts__ptr_own__qyi17842610664047605351__drop [#"../../../c | {t_GhostBox__0'0 = a_0} -> inv'2 a_0 end - function inner_logic'0 [#"../../../creusot-contracts/src/ghost.rs" 199 4 199 33] (self : t_GhostBox'0) : t_PtrOwn'0 = + function inner_logic'0 [#"../../../creusot-contracts/src/ghost.rs" 216 4 216 33] (self : t_GhostBox'0) : t_PtrOwn'0 = [%#sghost6] self.t_GhostBox__0'0 let rec to_box'0 (ptr:opaque_ptr) (own:t_GhostBox'0) (return' (ret:t_T'0))= {[@expl:to_box 'own' type invariant] [%#sptr_own2] inv'1 own} @@ -15413,13 +15385,33 @@ module M_creusot_contracts__resolve__qyi12875730110607858017__resolve_coherence goal vc_resolve_coherence'0 : ([%#sresolve0] structural_resolve'0 self) -> ([%#sresolve1] resolve'0 self) end -module M_creusot_contracts__util__unwrap [#"../../../creusot-contracts/src/util.rs" 34 0 34 36] - let%span sutil0 = "../../../creusot-contracts/src/util.rs" 32 11 32 21 - let%span sutil1 = "../../../creusot-contracts/src/util.rs" 33 10 33 28 - let%span sutil2 = "../../../creusot-contracts/src/util.rs" 23 11 23 16 - let%span sutil3 = "../../../creusot-contracts/src/util.rs" 24 10 24 15 - let%span sutil4 = "../../../creusot-contracts/src/util.rs" 25 10 25 11 - let%span sutil5 = "../../../creusot-contracts/src/util.rs" 35 4 38 5 +module M_creusot_contracts__snapshot__qyi5567339964777190687__clone [#"../../../creusot-contracts/src/snapshot.rs" 59 4 59 27] (* as std::clone::Clone> *) + let%span ssnapshot0 = "../../../creusot-contracts/src/snapshot.rs" 58 14 58 29 + + type t_T'0 + + use prelude.prelude.Snapshot + + use prelude.prelude.Intrinsic + + use prelude.prelude.Borrow + + meta "compute_max_steps" 1000000 + + let rec clone'0 (self:Snapshot.snap_ty t_T'0) (return' (ret:Snapshot.snap_ty t_T'0))= (! bb0 + [ bb0 = s0 [ s0 = [ &_0 <- self ] s1 | s1 = return' {_0} ] ] + ) [ & _0 : Snapshot.snap_ty t_T'0 = any_l () | & self : Snapshot.snap_ty t_T'0 = self ] + [ return' (result:Snapshot.snap_ty t_T'0)-> {[@expl:clone ensures] [%#ssnapshot0] result = self} + (! return' {result}) ] + +end +module M_creusot_contracts__util__unwrap [#"../../../creusot-contracts/src/util.rs" 45 0 45 36] + let%span sutil0 = "../../../creusot-contracts/src/util.rs" 43 11 43 21 + let%span sutil1 = "../../../creusot-contracts/src/util.rs" 44 10 44 28 + let%span sutil2 = "../../../creusot-contracts/src/util.rs" 33 11 33 16 + let%span sutil3 = "../../../creusot-contracts/src/util.rs" 34 10 34 15 + let%span sutil4 = "../../../creusot-contracts/src/util.rs" 35 10 35 11 + let%span sutil5 = "../../../creusot-contracts/src/util.rs" 46 4 49 5 type t_T'0 @@ -15427,13 +15419,13 @@ module M_creusot_contracts__util__unwrap [#"../../../creusot-contracts/src/util. | C_None'0 | C_Some'0 t_T'0 - function unreachable'0 [#"../../../creusot-contracts/src/util.rs" 26 0 26 28] (_1 : ()) : t_T'0 + function unreachable'0 [#"../../../creusot-contracts/src/util.rs" 36 0 36 28] (_1 : ()) : t_T'0 axiom unreachable'0_spec : forall _1 : () . ([%#sutil2] false) -> ([%#sutil3] false) constant op : t_Option'0 - function unwrap'0 [#"../../../creusot-contracts/src/util.rs" 34 0 34 36] (op : t_Option'0) : t_T'0 + function unwrap'0 [#"../../../creusot-contracts/src/util.rs" 45 0 45 36] (op : t_Option'0) : t_T'0 goal vc_unwrap'0 : ([%#sutil0] op <> C_None'0) -> match op with @@ -15442,2070 +15434,1933 @@ module M_creusot_contracts__util__unwrap [#"../../../creusot-contracts/src/util. /\ (([%#sutil3] false) -> ([%#sutil1] C_Some'0 (unreachable'0 ()) = op)) end end -module M_creusot_contracts__logic__int__qyi3540547019284611154__clone__refines [#"../../../creusot-contracts/src/logic/int.rs" 19 4 19 27] (* *) - let%span sint0 = "../../../creusot-contracts/src/logic/int.rs" 19 4 19 27 +module M_creusot_contracts__stdqy35z1__cmp__qyi16241606109483467814__cmp_lt_log__refines [#"../../../creusot-contracts/src/std/cmp.rs" 93 4 93 35] (* as logic::ord::OrdLogic> *) + let%span scmp0 = "../../../creusot-contracts/src/std/cmp.rs" 93 4 93 35 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 36 20 36 53 + let%span scmp2 = "../../../creusot-contracts/src/std/cmp.rs" 78 8 82 9 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 + let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 + let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 + let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 + let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 + let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 + let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 + let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 + let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 + let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 + let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 + let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 - use prelude.prelude.Borrow + type t_T'0 - use prelude.prelude.Int + type t_Reverse'0 = + { t_Reverse__0'0: t_T'0 } - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : int) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - axiom inv_axiom'0 [@rewrite] : forall x : int [inv'0 x] . inv'0 x = true + function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_T'0) (other : t_T'0) : t_Ordering'0 + - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : int) + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_T'0) (y : t_T'0) : () - axiom inv_axiom'1 [@rewrite] : forall x : int [inv'1 x] . inv'1 x = true + axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord15] (x = y) = (cmp_log'1 x y = C_Equal'0) - goal refines : [%#sint0] forall self : int . inv'0 self - -> (forall result : int . result = self -> result = self /\ inv'1 result) -end -module M_creusot_contracts__ghost__qyi17645547594388049322__clone__refines [#"../../../creusot-contracts/src/ghost.rs" 33 4 33 27] (* as std::clone::Clone> *) - let%span sghost0 = "../../../creusot-contracts/src/ghost.rs" 33 4 33 27 - let%span sinvariant1 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 - let%span sboxed2 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_T'0) (y : t_T'0) : () - use prelude.prelude.Borrow + axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord13] cmp_log'1 x y = C_Greater'0) + -> ([%#sord14] cmp_log'1 y x = C_Less'0) - type t_T'0 + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_T'0) (y : t_T'0) : () - type t_GhostBox'0 = - { t_GhostBox__0'0: t_T'0 } + axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord11] cmp_log'1 x y = C_Less'0) + -> ([%#sord12] cmp_log'1 y x = C_Greater'0) - predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () + - predicate invariant'1 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : t_T'0) = - [%#sboxed2] inv'3 self + axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord8] cmp_log'1 x y = o) + -> ([%#sord9] cmp_log'1 y z = o) -> ([%#sord10] cmp_log'1 x z = o) - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_T'0) : () - axiom inv_axiom'2 [@rewrite] : forall x : t_T'0 [inv'2 x] . inv'2 x = invariant'1 x + axiom refl'0_spec : forall x : t_T'0 . [%#sord7] cmp_log'1 x x = C_Equal'0 - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_GhostBox'0) + function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_T'0) (o : t_T'0) : bool - axiom inv_axiom'1 [@rewrite] : forall x : t_GhostBox'0 [inv'1 x] . inv'1 x - = match x with - | {t_GhostBox__0'0 = a_0} -> inv'2 a_0 - end + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_T'0) (y : t_T'0) : () - predicate invariant'0 [#"../../../creusot-contracts/src/invariant.rs" 23 4 23 30] (self : t_GhostBox'0) = - [%#sinvariant1] inv'1 self + axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord6] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_GhostBox'0) + function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_T'0) (o : t_T'0) : bool - axiom inv_axiom'0 [@rewrite] : forall x : t_GhostBox'0 [inv'0 x] . inv'0 x = invariant'0 x + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_T'0) (y : t_T'0) : () - goal refines : [%#sghost0] forall self : t_GhostBox'0 . inv'0 self - -> inv'0 self /\ (forall result : t_GhostBox'0 . result = self /\ inv'1 result -> result = self /\ inv'1 result) -end -module M_creusot_contracts__snapshot__qyi5567339964777190687__clone__refines [#"../../../creusot-contracts/src/snapshot.rs" 33 4 33 27] (* as std::clone::Clone> *) - let%span ssnapshot0 = "../../../creusot-contracts/src/snapshot.rs" 33 4 33 27 + axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) - use prelude.prelude.Borrow + function lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_T'0) (o : t_T'0) : bool - type t_T'0 + function cmp_lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_T'0) (y : t_T'0) : () - use prelude.prelude.Snapshot + axiom cmp_lt_log'1_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] lt_log'1 x y = (cmp_log'1 x y = C_Less'0) - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Snapshot.snap_ty t_T'0) + function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_T'0) (o : t_T'0) : bool - axiom inv_axiom'0 [@rewrite] : forall x : Snapshot.snap_ty t_T'0 [inv'0 x] . inv'0 x = true + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_T'0) (y : t_T'0) : () - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Snapshot.snap_ty t_T'0) + axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord3] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) - axiom inv_axiom'1 [@rewrite] : forall x : Snapshot.snap_ty t_T'0 [inv'1 x] . inv'1 x = true + function cmp_log'0 [#"../../../creusot-contracts/src/std/cmp.rs" 77 4 77 41] (self : t_Reverse'0) (o : t_Reverse'0) : t_Ordering'0 + + = + [%#scmp2] match cmp_log'1 self.t_Reverse__0'0 o.t_Reverse__0'0 with + | C_Equal'0 -> C_Equal'0 + | C_Less'0 -> C_Greater'0 + | C_Greater'0 -> C_Less'0 + end - goal refines : [%#ssnapshot0] forall self : Snapshot.snap_ty t_T'0 . inv'0 self - -> (forall result : Snapshot.snap_ty t_T'0 . result = self -> result = self /\ inv'1 result) + function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_Reverse'0) (o : t_Reverse'0) : bool + + = + [%#sord1] cmp_log'0 self o = C_Less'0 + + goal refines : [%#scmp0] forall x : t_Reverse'0 . forall y : t_Reverse'0 . forall result : () . lt_log'0 x y + = (cmp_log'0 x y = C_Less'0) -> lt_log'0 x y = (cmp_log'0 x y = C_Less'0) end -module M_creusot_contracts__logic__int__qyi3411234291730139970__add__refines [#"../../../creusot-contracts/src/logic/int.rs" 87 4 87 32] (* *) - let%span sint0 = "../../../creusot-contracts/src/logic/int.rs" 87 4 87 32 +module M_creusot_contracts__stdqy35z1__cmp__qyi16241606109483467814__antisym1__refines [#"../../../creusot-contracts/src/std/cmp.rs" 121 4 121 33] (* as logic::ord::OrdLogic> *) + let%span scmp0 = "../../../creusot-contracts/src/std/cmp.rs" 121 4 121 33 + let%span scmp1 = "../../../creusot-contracts/src/std/cmp.rs" 78 8 82 9 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 + let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 + let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 + let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 + let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 + let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 + let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 + let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 + let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 + let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 + let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 - use prelude.prelude.Int + type t_T'0 - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : int) + type t_Reverse'0 = + { t_Reverse__0'0: t_T'0 } - axiom inv_axiom'0 [@rewrite] : forall x : int [inv'0 x] . inv'0 x = true + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - goal refines : [%#sint0] forall self : int . forall rhs : int . inv'0 rhs /\ inv'0 self - -> (forall result : int . inv'0 result) -end -module M_creusot_contracts__logic__int__qyi14674898037351238599__sub__refines [#"../../../creusot-contracts/src/logic/int.rs" 98 4 98 32] (* *) - let%span sint0 = "../../../creusot-contracts/src/logic/int.rs" 98 4 98 32 + function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_T'0) (other : t_T'0) : t_Ordering'0 + - use prelude.prelude.Int + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_T'0) (y : t_T'0) : () - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : int) + axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord14] (x = y) = (cmp_log'1 x y = C_Equal'0) - axiom inv_axiom'0 [@rewrite] : forall x : int [inv'0 x] . inv'0 x = true + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_T'0) (y : t_T'0) : () - goal refines : [%#sint0] forall self : int . forall rhs : int . inv'0 rhs /\ inv'0 self - -> (forall result : int . inv'0 result) -end -module M_creusot_contracts__logic__int__qyi92031444461445902__mul__refines [#"../../../creusot-contracts/src/logic/int.rs" 109 4 109 32] (* *) - let%span sint0 = "../../../creusot-contracts/src/logic/int.rs" 109 4 109 32 + axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord12] cmp_log'1 x y = C_Greater'0) + -> ([%#sord13] cmp_log'1 y x = C_Less'0) - use prelude.prelude.Int + function antisym1'1 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_T'0) (y : t_T'0) : () - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : int) + axiom antisym1'1_spec : forall x : t_T'0, y : t_T'0 . ([%#sord10] cmp_log'1 x y = C_Less'0) + -> ([%#sord11] cmp_log'1 y x = C_Greater'0) - axiom inv_axiom'0 [@rewrite] : forall x : int [inv'0 x] . inv'0 x = true + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () + - goal refines : [%#sint0] forall self : int . forall rhs : int . inv'0 rhs /\ inv'0 self - -> (forall result : int . inv'0 result) -end -module M_creusot_contracts__logic__int__qyi2704776725966497021__div__refines [#"../../../creusot-contracts/src/logic/int.rs" 120 4 120 32] (* *) - let%span sint0 = "../../../creusot-contracts/src/logic/int.rs" 120 4 120 32 + axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord7] cmp_log'1 x y = o) + -> ([%#sord8] cmp_log'1 y z = o) -> ([%#sord9] cmp_log'1 x z = o) - use prelude.prelude.Int + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_T'0) : () - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : int) + axiom refl'0_spec : forall x : t_T'0 . [%#sord6] cmp_log'1 x x = C_Equal'0 - axiom inv_axiom'0 [@rewrite] : forall x : int [inv'0 x] . inv'0 x = true + function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_T'0) (o : t_T'0) : bool - goal refines : [%#sint0] forall self : int . forall rhs : int . inv'0 rhs /\ inv'0 self - -> (forall result : int . inv'0 result) -end -module M_creusot_contracts__logic__int__qyi13390566486180286353__rem__refines [#"../../../creusot-contracts/src/logic/int.rs" 131 4 131 32] (* *) - let%span sint0 = "../../../creusot-contracts/src/logic/int.rs" 131 4 131 32 + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_T'0) (y : t_T'0) : () - use prelude.prelude.Int + axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : int) + function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_T'0) (o : t_T'0) : bool - axiom inv_axiom'0 [@rewrite] : forall x : int [inv'0 x] . inv'0 x = true + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_T'0) (y : t_T'0) : () - goal refines : [%#sint0] forall self : int . forall rhs : int . inv'0 rhs /\ inv'0 self - -> (forall result : int . inv'0 result) -end -module M_creusot_contracts__logic__int__qyi6972377124305281595__neg__refines [#"../../../creusot-contracts/src/logic/int.rs" 142 4 142 24] (* *) - let%span sint0 = "../../../creusot-contracts/src/logic/int.rs" 142 4 142 24 + axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) - use prelude.prelude.Int + function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_T'0) (o : t_T'0) : bool - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : int) + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_T'0) (y : t_T'0) : () - axiom inv_axiom'0 [@rewrite] : forall x : int [inv'0 x] . inv'0 x = true + axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord3] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) - goal refines : [%#sint0] forall self : int . inv'0 self -> (forall result : int . inv'0 result) -end -module M_creusot_contracts__logic__ord__qyi8355372356285216375__cmp_ge_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_T'0) (o : t_T'0) : bool - use prelude.prelude.Int + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_T'0) (y : t_T'0) : () - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord2] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int) (o : int) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/std/cmp.rs" 77 4 77 41] (self : t_Reverse'0) (o : t_Reverse'0) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#scmp1] match cmp_log'1 self.t_Reverse__0'0 o.t_Reverse__0'0 with + | C_Equal'0 -> C_Equal'0 + | C_Less'0 -> C_Greater'0 + | C_Greater'0 -> C_Less'0 + end - goal refines : [%#sord0] forall x : int . forall y : int . forall result : () . (x >= y) = (cmp_log'0 x y <> C_Less'0) - -> (x >= y) = (cmp_log'0 x y <> C_Less'0) + goal refines : [%#scmp0] forall x : t_Reverse'0 . forall y : t_Reverse'0 . cmp_log'0 x y = C_Less'0 + -> cmp_log'0 x y = C_Less'0 /\ (forall result : () . cmp_log'0 y x = C_Greater'0 -> cmp_log'0 y x = C_Greater'0) end -module M_creusot_contracts__logic__ord__qyi8355372356285216375__refl__refines [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 +module M_creusot_contracts__stdqy35z1__cmp__qyi16241606109483467814__eq_cmp__refines [#"../../../creusot-contracts/src/std/cmp.rs" 132 4 132 31] (* as logic::ord::OrdLogic> *) + let%span scmp0 = "../../../creusot-contracts/src/std/cmp.rs" 132 4 132 31 + let%span scmp1 = "../../../creusot-contracts/src/std/cmp.rs" 78 8 82 9 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 + let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 + let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 + let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 + let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 + let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 + let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 + let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 + let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 + let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 + let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 - use prelude.prelude.Int + type t_T'0 + + type t_Reverse'0 = + { t_Reverse__0'0: t_T'0 } type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int) (o : int) : t_Ordering'0 + function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_T'0) (other : t_T'0) : t_Ordering'0 - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : int . forall result : () . cmp_log'0 x x = C_Equal'0 -> cmp_log'0 x x = C_Equal'0 -end -module M_creusot_contracts__logic__ord__qyi8355372356285216375__cmp_gt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + function eq_cmp'1 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_T'0) (y : t_T'0) : () - use prelude.prelude.Int + axiom eq_cmp'1_spec : forall x : t_T'0, y : t_T'0 . [%#sord14] (x = y) = (cmp_log'1 x y = C_Equal'0) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_T'0) (y : t_T'0) : () - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int) (o : int) : t_Ordering'0 + axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord12] cmp_log'1 x y = C_Greater'0) + -> ([%#sord13] cmp_log'1 y x = C_Less'0) + + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_T'0) (y : t_T'0) : () + + axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord10] cmp_log'1 x y = C_Less'0) + -> ([%#sord11] cmp_log'1 y x = C_Greater'0) + + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : int . forall y : int . forall result : () . (x > y) - = (cmp_log'0 x y = C_Greater'0) -> (x > y) = (cmp_log'0 x y = C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi8355372356285216375__cmp_lt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord7] cmp_log'1 x y = o) + -> ([%#sord8] cmp_log'1 y z = o) -> ([%#sord9] cmp_log'1 x z = o) - use prelude.prelude.Int + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_T'0) : () - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + axiom refl'0_spec : forall x : t_T'0 . [%#sord6] cmp_log'1 x x = C_Equal'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int) (o : int) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_T'0) (o : t_T'0) : bool - goal refines : [%#sord0] forall x : int . forall y : int . forall result : () . (x < y) = (cmp_log'0 x y = C_Less'0) - -> (x < y) = (cmp_log'0 x y = C_Less'0) -end -module M_creusot_contracts__logic__ord__qyi8355372356285216375__eq_cmp__refines [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_T'0) (y : t_T'0) : () - use prelude.prelude.Int + axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_T'0) (o : t_T'0) : bool + + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_T'0) (y : t_T'0) : () + + axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) + + function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_T'0) (o : t_T'0) : bool + + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_T'0) (y : t_T'0) : () + + axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord3] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) + + function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_T'0) (o : t_T'0) : bool - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int) (o : int) : t_Ordering'0 + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_T'0) (y : t_T'0) : () + + axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord2] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) + + function cmp_log'0 [#"../../../creusot-contracts/src/std/cmp.rs" 77 4 77 41] (self : t_Reverse'0) (o : t_Reverse'0) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#scmp1] match cmp_log'1 self.t_Reverse__0'0 o.t_Reverse__0'0 with + | C_Equal'0 -> C_Equal'0 + | C_Less'0 -> C_Greater'0 + | C_Greater'0 -> C_Less'0 + end - goal refines : [%#sord0] forall x : int . forall y : int . forall result : () . (x = y) = (cmp_log'0 x y = C_Equal'0) - -> (x = y) = (cmp_log'0 x y = C_Equal'0) + goal refines : [%#scmp0] forall x : t_Reverse'0 . forall y : t_Reverse'0 . forall result : () . (x = y) + = (cmp_log'0 x y = C_Equal'0) -> (x = y) = (cmp_log'0 x y = C_Equal'0) end -module M_creusot_contracts__logic__ord__qyi8355372356285216375__antisym1__refines [#"../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 +module M_creusot_contracts__stdqy35z1__cmp__qyi16241606109483467814__refl__refines [#"../../../creusot-contracts/src/std/cmp.rs" 108 4 108 20] (* as logic::ord::OrdLogic> *) + let%span scmp0 = "../../../creusot-contracts/src/std/cmp.rs" 108 4 108 20 + let%span scmp1 = "../../../creusot-contracts/src/std/cmp.rs" 78 8 82 9 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 + let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 + let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 + let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 + let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 + let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 + let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 + let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 + let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 + let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 + let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 - use prelude.prelude.Int + type t_T'0 + + type t_Reverse'0 = + { t_Reverse__0'0: t_T'0 } type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int) (o : int) : t_Ordering'0 + function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_T'0) (other : t_T'0) : t_Ordering'0 - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : int . forall y : int . cmp_log'0 x y = C_Less'0 - -> cmp_log'0 x y = C_Less'0 /\ (forall result : () . cmp_log'0 y x = C_Greater'0 -> cmp_log'0 y x = C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi8355372356285216375__antisym2__refines [#"../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 - - use prelude.prelude.Int + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_T'0) (y : t_T'0) : () - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord14] (x = y) = (cmp_log'1 x y = C_Equal'0) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int) (o : int) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_T'0) (y : t_T'0) : () - goal refines : [%#sord0] forall x : int . forall y : int . cmp_log'0 x y = C_Greater'0 - -> cmp_log'0 x y = C_Greater'0 /\ (forall result : () . cmp_log'0 y x = C_Less'0 -> cmp_log'0 y x = C_Less'0) -end -module M_creusot_contracts__logic__ord__qyi8355372356285216375__cmp_le_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord12] cmp_log'1 x y = C_Greater'0) + -> ([%#sord13] cmp_log'1 y x = C_Less'0) - use prelude.prelude.Int + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_T'0) (y : t_T'0) : () - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord10] cmp_log'1 x y = C_Less'0) + -> ([%#sord11] cmp_log'1 y x = C_Greater'0) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int) (o : int) : t_Ordering'0 + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : int . forall y : int . forall result : () . (x <= y) - = (cmp_log'0 x y <> C_Greater'0) -> (x <= y) = (cmp_log'0 x y <> C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi8355372356285216375__trans__refines [#"../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord7] cmp_log'1 x y = o) + -> ([%#sord8] cmp_log'1 y z = o) -> ([%#sord9] cmp_log'1 x z = o) - use prelude.prelude.Int + function refl'1 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_T'0) : () - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + axiom refl'1_spec : forall x : t_T'0 . [%#sord6] cmp_log'1 x x = C_Equal'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int) (o : int) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_T'0) (o : t_T'0) : bool - goal refines : [%#sord0] forall x : int . forall y : int . forall z : int . forall o : t_Ordering'0 . cmp_log'0 y z - = o - /\ cmp_log'0 x y = o - -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) -end -module M_creusot_contracts__logic__ord__qyi15418235539824427604__eq_cmp__refines [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_T'0) (y : t_T'0) : () - use prelude.prelude.UInt8 + axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_T'0) (o : t_T'0) : bool - use prelude.prelude.Int + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_T'0) (y : t_T'0) : () - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint8) (o : uint8) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) - goal refines : [%#sord0] forall x : uint8 . forall y : uint8 . forall result : () . (x = y) - = (cmp_log'0 x y = C_Equal'0) -> (x = y) = (cmp_log'0 x y = C_Equal'0) -end -module M_creusot_contracts__logic__ord__qyi15418235539824427604__cmp_gt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_T'0) (o : t_T'0) : bool - use prelude.prelude.UInt8 + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_T'0) (y : t_T'0) : () - use prelude.prelude.Int + axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord3] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_T'0) (o : t_T'0) : bool + + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_T'0) (y : t_T'0) : () - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint8) (o : uint8) : t_Ordering'0 + axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord2] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) + + function cmp_log'0 [#"../../../creusot-contracts/src/std/cmp.rs" 77 4 77 41] (self : t_Reverse'0) (o : t_Reverse'0) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#scmp1] match cmp_log'1 self.t_Reverse__0'0 o.t_Reverse__0'0 with + | C_Equal'0 -> C_Equal'0 + | C_Less'0 -> C_Greater'0 + | C_Greater'0 -> C_Less'0 + end - goal refines : [%#sord0] forall x : uint8 . forall y : uint8 . forall result : () . (x > y) - = (cmp_log'0 x y = C_Greater'0) -> (x > y) = (cmp_log'0 x y = C_Greater'0) + goal refines : [%#scmp0] forall x : t_Reverse'0 . forall result : () . cmp_log'0 x x = C_Equal'0 + -> cmp_log'0 x x = C_Equal'0 end -module M_creusot_contracts__logic__ord__qyi15418235539824427604__trans__refines [#"../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 +module M_creusot_contracts__stdqy35z1__cmp__qyi16241606109483467814__trans__refines [#"../../../creusot-contracts/src/std/cmp.rs" 115 4 115 52] (* as logic::ord::OrdLogic> *) + let%span scmp0 = "../../../creusot-contracts/src/std/cmp.rs" 115 4 115 52 + let%span scmp1 = "../../../creusot-contracts/src/std/cmp.rs" 78 8 82 9 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 + let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 + let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 + let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 + let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 + let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 + let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 + let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 + let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 + let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 + let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 - use prelude.prelude.UInt8 + type t_T'0 + + type t_Reverse'0 = + { t_Reverse__0'0: t_T'0 } type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int - - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint8) (o : uint8) : t_Ordering'0 + function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_T'0) (other : t_T'0) : t_Ordering'0 - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : uint8 . forall y : uint8 . forall z : uint8 . forall o : t_Ordering'0 . cmp_log'0 y z - = o - /\ cmp_log'0 x y = o - -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) -end -module M_creusot_contracts__logic__ord__qyi15418235539824427604__antisym2__refines [#"../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_T'0) (y : t_T'0) : () - use prelude.prelude.UInt8 + axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord14] (x = y) = (cmp_log'1 x y = C_Equal'0) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_T'0) (y : t_T'0) : () - use prelude.prelude.Int + axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord12] cmp_log'1 x y = C_Greater'0) + -> ([%#sord13] cmp_log'1 y x = C_Less'0) + + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_T'0) (y : t_T'0) : () - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint8) (o : uint8) : t_Ordering'0 + axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord10] cmp_log'1 x y = C_Less'0) + -> ([%#sord11] cmp_log'1 y x = C_Greater'0) + + function trans'1 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : uint8 . forall y : uint8 . cmp_log'0 x y = C_Greater'0 - -> cmp_log'0 x y = C_Greater'0 /\ (forall result : () . cmp_log'0 y x = C_Less'0 -> cmp_log'0 y x = C_Less'0) -end -module M_creusot_contracts__logic__ord__qyi15418235539824427604__cmp_le_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + axiom trans'1_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord7] cmp_log'1 x y = o) + -> ([%#sord8] cmp_log'1 y z = o) -> ([%#sord9] cmp_log'1 x z = o) - use prelude.prelude.UInt8 + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_T'0) : () - use prelude.prelude.Int + axiom refl'0_spec : forall x : t_T'0 . [%#sord6] cmp_log'1 x x = C_Equal'0 - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_T'0) (o : t_T'0) : bool - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint8) (o : uint8) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_T'0) (y : t_T'0) : () - goal refines : [%#sord0] forall x : uint8 . forall y : uint8 . forall result : () . (x <= y) - = (cmp_log'0 x y <> C_Greater'0) -> (x <= y) = (cmp_log'0 x y <> C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi15418235539824427604__cmp_lt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) - use prelude.prelude.UInt8 + function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_T'0) (o : t_T'0) : bool - use prelude.prelude.Int + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_T'0) (y : t_T'0) : () - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint8) (o : uint8) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_T'0) (o : t_T'0) : bool - goal refines : [%#sord0] forall x : uint8 . forall y : uint8 . forall result : () . (x < y) - = (cmp_log'0 x y = C_Less'0) -> (x < y) = (cmp_log'0 x y = C_Less'0) -end -module M_creusot_contracts__logic__ord__qyi15418235539824427604__cmp_ge_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_T'0) (y : t_T'0) : () - use prelude.prelude.UInt8 + axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord3] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) - use prelude.prelude.Int + function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_T'0) (o : t_T'0) : bool - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_T'0) (y : t_T'0) : () - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint8) (o : uint8) : t_Ordering'0 + axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord2] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) + + function cmp_log'0 [#"../../../creusot-contracts/src/std/cmp.rs" 77 4 77 41] (self : t_Reverse'0) (o : t_Reverse'0) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#scmp1] match cmp_log'1 self.t_Reverse__0'0 o.t_Reverse__0'0 with + | C_Equal'0 -> C_Equal'0 + | C_Less'0 -> C_Greater'0 + | C_Greater'0 -> C_Less'0 + end - goal refines : [%#sord0] forall x : uint8 . forall y : uint8 . forall result : () . (x >= y) - = (cmp_log'0 x y <> C_Less'0) -> (x >= y) = (cmp_log'0 x y <> C_Less'0) + goal refines : [%#scmp0] forall x : t_Reverse'0 . forall y : t_Reverse'0 . forall z : t_Reverse'0 . forall o : t_Ordering'0 . cmp_log'0 y z + = o + /\ cmp_log'0 x y = o + -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) end -module M_creusot_contracts__logic__ord__qyi15418235539824427604__antisym1__refines [#"../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 +module M_creusot_contracts__stdqy35z1__cmp__qyi16241606109483467814__antisym2__refines [#"../../../creusot-contracts/src/std/cmp.rs" 127 4 127 33] (* as logic::ord::OrdLogic> *) + let%span scmp0 = "../../../creusot-contracts/src/std/cmp.rs" 127 4 127 33 + let%span scmp1 = "../../../creusot-contracts/src/std/cmp.rs" 78 8 82 9 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 + let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 + let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 + let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 + let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 + let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 + let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 + let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 + let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 + let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 + let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 - use prelude.prelude.UInt8 + type t_T'0 + + type t_Reverse'0 = + { t_Reverse__0'0: t_T'0 } type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int - - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint8) (o : uint8) : t_Ordering'0 + function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_T'0) (other : t_T'0) : t_Ordering'0 - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : uint8 . forall y : uint8 . cmp_log'0 x y = C_Less'0 - -> cmp_log'0 x y = C_Less'0 /\ (forall result : () . cmp_log'0 y x = C_Greater'0 -> cmp_log'0 y x = C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi15418235539824427604__refl__refines [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_T'0) (y : t_T'0) : () - use prelude.prelude.UInt8 + axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord14] (x = y) = (cmp_log'1 x y = C_Equal'0) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function antisym2'1 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_T'0) (y : t_T'0) : () - use prelude.prelude.Int + axiom antisym2'1_spec : forall x : t_T'0, y : t_T'0 . ([%#sord12] cmp_log'1 x y = C_Greater'0) + -> ([%#sord13] cmp_log'1 y x = C_Less'0) + + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_T'0) (y : t_T'0) : () - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint8) (o : uint8) : t_Ordering'0 + axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord10] cmp_log'1 x y = C_Less'0) + -> ([%#sord11] cmp_log'1 y x = C_Greater'0) + + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : uint8 . forall result : () . cmp_log'0 x x = C_Equal'0 - -> cmp_log'0 x x = C_Equal'0 -end -module M_creusot_contracts__logic__ord__qyi7305497527599188430__antisym2__refines [#"../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord7] cmp_log'1 x y = o) + -> ([%#sord8] cmp_log'1 y z = o) -> ([%#sord9] cmp_log'1 x z = o) - use prelude.prelude.UInt16 + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_T'0) : () - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + axiom refl'0_spec : forall x : t_T'0 . [%#sord6] cmp_log'1 x x = C_Equal'0 - use prelude.prelude.Int + function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_T'0) (o : t_T'0) : bool - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint16) (o : uint16) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_T'0) (y : t_T'0) : () - goal refines : [%#sord0] forall x : uint16 . forall y : uint16 . cmp_log'0 x y = C_Greater'0 - -> cmp_log'0 x y = C_Greater'0 /\ (forall result : () . cmp_log'0 y x = C_Less'0 -> cmp_log'0 y x = C_Less'0) -end -module M_creusot_contracts__logic__ord__qyi7305497527599188430__cmp_ge_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) - use prelude.prelude.UInt16 + function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_T'0) (o : t_T'0) : bool - use prelude.prelude.Int + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_T'0) (y : t_T'0) : () - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint16) (o : uint16) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_T'0) (o : t_T'0) : bool - goal refines : [%#sord0] forall x : uint16 . forall y : uint16 . forall result : () . (x >= y) - = (cmp_log'0 x y <> C_Less'0) -> (x >= y) = (cmp_log'0 x y <> C_Less'0) -end -module M_creusot_contracts__logic__ord__qyi7305497527599188430__refl__refines [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_T'0) (y : t_T'0) : () - use prelude.prelude.UInt16 + axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord3] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_T'0) (o : t_T'0) : bool - use prelude.prelude.Int + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_T'0) (y : t_T'0) : () - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint16) (o : uint16) : t_Ordering'0 + axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord2] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) + + function cmp_log'0 [#"../../../creusot-contracts/src/std/cmp.rs" 77 4 77 41] (self : t_Reverse'0) (o : t_Reverse'0) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - - goal refines : [%#sord0] forall x : uint16 . forall result : () . cmp_log'0 x x = C_Equal'0 - -> cmp_log'0 x x = C_Equal'0 + [%#scmp1] match cmp_log'1 self.t_Reverse__0'0 o.t_Reverse__0'0 with + | C_Equal'0 -> C_Equal'0 + | C_Less'0 -> C_Greater'0 + | C_Greater'0 -> C_Less'0 + end + + goal refines : [%#scmp0] forall x : t_Reverse'0 . forall y : t_Reverse'0 . cmp_log'0 x y = C_Greater'0 + -> cmp_log'0 x y = C_Greater'0 /\ (forall result : () . cmp_log'0 y x = C_Less'0 -> cmp_log'0 y x = C_Less'0) end -module M_creusot_contracts__logic__ord__qyi7305497527599188430__cmp_lt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 +module M_creusot_contracts__stdqy35z1__cmp__qyi16241606109483467814__cmp_le_log__refines [#"../../../creusot-contracts/src/std/cmp.rs" 88 4 88 35] (* as logic::ord::OrdLogic> *) + let%span scmp0 = "../../../creusot-contracts/src/std/cmp.rs" 88 4 88 35 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 25 20 25 56 + let%span scmp2 = "../../../creusot-contracts/src/std/cmp.rs" 78 8 82 9 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 + let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 + let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 + let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 + let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 + let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 + let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 + let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 + let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 + let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 + let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 + let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 - use prelude.prelude.UInt16 + type t_T'0 - use prelude.prelude.Int + type t_Reverse'0 = + { t_Reverse__0'0: t_T'0 } type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint16) (o : uint16) : t_Ordering'0 + function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_T'0) (other : t_T'0) : t_Ordering'0 - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : uint16 . forall y : uint16 . forall result : () . (x < y) - = (cmp_log'0 x y = C_Less'0) -> (x < y) = (cmp_log'0 x y = C_Less'0) -end -module M_creusot_contracts__logic__ord__qyi7305497527599188430__cmp_le_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_T'0) (y : t_T'0) : () - use prelude.prelude.UInt16 + axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord15] (x = y) = (cmp_log'1 x y = C_Equal'0) - use prelude.prelude.Int + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_T'0) (y : t_T'0) : () - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord13] cmp_log'1 x y = C_Greater'0) + -> ([%#sord14] cmp_log'1 y x = C_Less'0) + + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_T'0) (y : t_T'0) : () + + axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord11] cmp_log'1 x y = C_Less'0) + -> ([%#sord12] cmp_log'1 y x = C_Greater'0) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint16) (o : uint16) : t_Ordering'0 + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : uint16 . forall y : uint16 . forall result : () . (x <= y) - = (cmp_log'0 x y <> C_Greater'0) -> (x <= y) = (cmp_log'0 x y <> C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi7305497527599188430__antisym1__refines [#"../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord8] cmp_log'1 x y = o) + -> ([%#sord9] cmp_log'1 y z = o) -> ([%#sord10] cmp_log'1 x z = o) - use prelude.prelude.UInt16 + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_T'0) : () - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + axiom refl'0_spec : forall x : t_T'0 . [%#sord7] cmp_log'1 x x = C_Equal'0 - use prelude.prelude.Int + function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_T'0) (o : t_T'0) : bool - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint16) (o : uint16) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_T'0) (y : t_T'0) : () - goal refines : [%#sord0] forall x : uint16 . forall y : uint16 . cmp_log'0 x y = C_Less'0 - -> cmp_log'0 x y = C_Less'0 /\ (forall result : () . cmp_log'0 y x = C_Greater'0 -> cmp_log'0 y x = C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi7305497527599188430__trans__refines [#"../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord6] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) - use prelude.prelude.UInt16 + function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_T'0) (o : t_T'0) : bool - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_T'0) (y : t_T'0) : () - use prelude.prelude.Int + axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint16) (o : uint16) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_T'0) (o : t_T'0) : bool - goal refines : [%#sord0] forall x : uint16 . forall y : uint16 . forall z : uint16 . forall o : t_Ordering'0 . cmp_log'0 y z - = o - /\ cmp_log'0 x y = o - -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) -end -module M_creusot_contracts__logic__ord__qyi7305497527599188430__eq_cmp__refines [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_T'0) (y : t_T'0) : () - use prelude.prelude.UInt16 + axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_T'0) (o : t_T'0) : bool - use prelude.prelude.Int + function cmp_le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_T'0) (y : t_T'0) : () - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint16) (o : uint16) : t_Ordering'0 + axiom cmp_le_log'1_spec : forall x : t_T'0, y : t_T'0 . [%#sord3] le_log'1 x y = (cmp_log'1 x y <> C_Greater'0) + + function cmp_log'0 [#"../../../creusot-contracts/src/std/cmp.rs" 77 4 77 41] (self : t_Reverse'0) (o : t_Reverse'0) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#scmp2] match cmp_log'1 self.t_Reverse__0'0 o.t_Reverse__0'0 with + | C_Equal'0 -> C_Equal'0 + | C_Less'0 -> C_Greater'0 + | C_Greater'0 -> C_Less'0 + end - goal refines : [%#sord0] forall x : uint16 . forall y : uint16 . forall result : () . (x = y) - = (cmp_log'0 x y = C_Equal'0) -> (x = y) = (cmp_log'0 x y = C_Equal'0) + function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_Reverse'0) (o : t_Reverse'0) : bool + + = + [%#sord1] cmp_log'0 self o <> C_Greater'0 + + goal refines : [%#scmp0] forall x : t_Reverse'0 . forall y : t_Reverse'0 . forall result : () . le_log'0 x y + = (cmp_log'0 x y <> C_Greater'0) -> le_log'0 x y = (cmp_log'0 x y <> C_Greater'0) end -module M_creusot_contracts__logic__ord__qyi7305497527599188430__cmp_gt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 +module M_creusot_contracts__stdqy35z1__cmp__qyi16241606109483467814__cmp_ge_log__refines [#"../../../creusot-contracts/src/std/cmp.rs" 98 4 98 35] (* as logic::ord::OrdLogic> *) + let%span scmp0 = "../../../creusot-contracts/src/std/cmp.rs" 98 4 98 35 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 47 20 47 53 + let%span scmp2 = "../../../creusot-contracts/src/std/cmp.rs" 78 8 82 9 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 + let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 + let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 + let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 + let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 + let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 + let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 + let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 + let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 + let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 + let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 + let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 - use prelude.prelude.UInt16 + type t_T'0 - use prelude.prelude.Int + type t_Reverse'0 = + { t_Reverse__0'0: t_T'0 } type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint16) (o : uint16) : t_Ordering'0 + function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_T'0) (other : t_T'0) : t_Ordering'0 - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : uint16 . forall y : uint16 . forall result : () . (x > y) - = (cmp_log'0 x y = C_Greater'0) -> (x > y) = (cmp_log'0 x y = C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi4526525114627399862__cmp_gt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_T'0) (y : t_T'0) : () - use prelude.prelude.UInt32 + axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord15] (x = y) = (cmp_log'1 x y = C_Equal'0) - use prelude.prelude.Int + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_T'0) (y : t_T'0) : () - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord13] cmp_log'1 x y = C_Greater'0) + -> ([%#sord14] cmp_log'1 y x = C_Less'0) + + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_T'0) (y : t_T'0) : () - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint32) (o : uint32) : t_Ordering'0 + axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord11] cmp_log'1 x y = C_Less'0) + -> ([%#sord12] cmp_log'1 y x = C_Greater'0) + + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : uint32 . forall y : uint32 . forall result : () . (x > y) - = (cmp_log'0 x y = C_Greater'0) -> (x > y) = (cmp_log'0 x y = C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi4526525114627399862__trans__refines [#"../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord8] cmp_log'1 x y = o) + -> ([%#sord9] cmp_log'1 y z = o) -> ([%#sord10] cmp_log'1 x z = o) - use prelude.prelude.UInt32 + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_T'0) : () - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + axiom refl'0_spec : forall x : t_T'0 . [%#sord7] cmp_log'1 x x = C_Equal'0 - use prelude.prelude.Int + function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_T'0) (o : t_T'0) : bool - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint32) (o : uint32) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_T'0) (y : t_T'0) : () - goal refines : [%#sord0] forall x : uint32 . forall y : uint32 . forall z : uint32 . forall o : t_Ordering'0 . cmp_log'0 y z - = o - /\ cmp_log'0 x y = o - -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) -end -module M_creusot_contracts__logic__ord__qyi4526525114627399862__cmp_lt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord6] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) - use prelude.prelude.UInt32 + function ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_T'0) (o : t_T'0) : bool - use prelude.prelude.Int + function cmp_ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_T'0) (y : t_T'0) : () - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + axiom cmp_ge_log'1_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] ge_log'1 x y = (cmp_log'1 x y <> C_Less'0) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint32) (o : uint32) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_T'0) (o : t_T'0) : bool - goal refines : [%#sord0] forall x : uint32 . forall y : uint32 . forall result : () . (x < y) - = (cmp_log'0 x y = C_Less'0) -> (x < y) = (cmp_log'0 x y = C_Less'0) -end -module M_creusot_contracts__logic__ord__qyi4526525114627399862__cmp_ge_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_T'0) (y : t_T'0) : () - use prelude.prelude.UInt32 + axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) - use prelude.prelude.Int + function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_T'0) (o : t_T'0) : bool - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_T'0) (y : t_T'0) : () + + axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord3] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint32) (o : uint32) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/std/cmp.rs" 77 4 77 41] (self : t_Reverse'0) (o : t_Reverse'0) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#scmp2] match cmp_log'1 self.t_Reverse__0'0 o.t_Reverse__0'0 with + | C_Equal'0 -> C_Equal'0 + | C_Less'0 -> C_Greater'0 + | C_Greater'0 -> C_Less'0 + end - goal refines : [%#sord0] forall x : uint32 . forall y : uint32 . forall result : () . (x >= y) - = (cmp_log'0 x y <> C_Less'0) -> (x >= y) = (cmp_log'0 x y <> C_Less'0) + function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_Reverse'0) (o : t_Reverse'0) : bool + + = + [%#sord1] cmp_log'0 self o <> C_Less'0 + + goal refines : [%#scmp0] forall x : t_Reverse'0 . forall y : t_Reverse'0 . forall result : () . ge_log'0 x y + = (cmp_log'0 x y <> C_Less'0) -> ge_log'0 x y = (cmp_log'0 x y <> C_Less'0) end -module M_creusot_contracts__logic__ord__qyi4526525114627399862__cmp_le_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 +module M_creusot_contracts__stdqy35z1__cmp__qyi16241606109483467814__cmp_gt_log__refines [#"../../../creusot-contracts/src/std/cmp.rs" 103 4 103 35] (* as logic::ord::OrdLogic> *) + let%span scmp0 = "../../../creusot-contracts/src/std/cmp.rs" 103 4 103 35 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 58 20 58 56 + let%span scmp2 = "../../../creusot-contracts/src/std/cmp.rs" 78 8 82 9 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 + let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 + let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 + let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 + let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 + let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 + let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 + let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 + let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 + let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 + let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 + let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 - use prelude.prelude.UInt32 + type t_T'0 - use prelude.prelude.Int + type t_Reverse'0 = + { t_Reverse__0'0: t_T'0 } type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint32) (o : uint32) : t_Ordering'0 + function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_T'0) (other : t_T'0) : t_Ordering'0 - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : uint32 . forall y : uint32 . forall result : () . (x <= y) - = (cmp_log'0 x y <> C_Greater'0) -> (x <= y) = (cmp_log'0 x y <> C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi4526525114627399862__antisym2__refines [#"../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_T'0) (y : t_T'0) : () - use prelude.prelude.UInt32 + axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord15] (x = y) = (cmp_log'1 x y = C_Equal'0) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_T'0) (y : t_T'0) : () - use prelude.prelude.Int + axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord13] cmp_log'1 x y = C_Greater'0) + -> ([%#sord14] cmp_log'1 y x = C_Less'0) + + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_T'0) (y : t_T'0) : () + + axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord11] cmp_log'1 x y = C_Less'0) + -> ([%#sord12] cmp_log'1 y x = C_Greater'0) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint32) (o : uint32) : t_Ordering'0 + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : uint32 . forall y : uint32 . cmp_log'0 x y = C_Greater'0 - -> cmp_log'0 x y = C_Greater'0 /\ (forall result : () . cmp_log'0 y x = C_Less'0 -> cmp_log'0 y x = C_Less'0) -end -module M_creusot_contracts__logic__ord__qyi4526525114627399862__refl__refines [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord8] cmp_log'1 x y = o) + -> ([%#sord9] cmp_log'1 y z = o) -> ([%#sord10] cmp_log'1 x z = o) - use prelude.prelude.UInt32 + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_T'0) : () - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + axiom refl'0_spec : forall x : t_T'0 . [%#sord7] cmp_log'1 x x = C_Equal'0 - use prelude.prelude.Int + function gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_T'0) (o : t_T'0) : bool - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint32) (o : uint32) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + function cmp_gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_T'0) (y : t_T'0) : () - goal refines : [%#sord0] forall x : uint32 . forall result : () . cmp_log'0 x x = C_Equal'0 - -> cmp_log'0 x x = C_Equal'0 -end -module M_creusot_contracts__logic__ord__qyi4526525114627399862__eq_cmp__refines [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + axiom cmp_gt_log'1_spec : forall x : t_T'0, y : t_T'0 . [%#sord6] gt_log'1 x y = (cmp_log'1 x y = C_Greater'0) - use prelude.prelude.UInt32 + function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_T'0) (o : t_T'0) : bool - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_T'0) (y : t_T'0) : () - use prelude.prelude.Int + axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint32) (o : uint32) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_T'0) (o : t_T'0) : bool - goal refines : [%#sord0] forall x : uint32 . forall y : uint32 . forall result : () . (x = y) - = (cmp_log'0 x y = C_Equal'0) -> (x = y) = (cmp_log'0 x y = C_Equal'0) -end -module M_creusot_contracts__logic__ord__qyi4526525114627399862__antisym1__refines [#"../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_T'0) (y : t_T'0) : () - use prelude.prelude.UInt32 + axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_T'0) (o : t_T'0) : bool - use prelude.prelude.Int + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_T'0) (y : t_T'0) : () + + axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord3] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint32) (o : uint32) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/std/cmp.rs" 77 4 77 41] (self : t_Reverse'0) (o : t_Reverse'0) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#scmp2] match cmp_log'1 self.t_Reverse__0'0 o.t_Reverse__0'0 with + | C_Equal'0 -> C_Equal'0 + | C_Less'0 -> C_Greater'0 + | C_Greater'0 -> C_Less'0 + end - goal refines : [%#sord0] forall x : uint32 . forall y : uint32 . cmp_log'0 x y = C_Less'0 - -> cmp_log'0 x y = C_Less'0 /\ (forall result : () . cmp_log'0 y x = C_Greater'0 -> cmp_log'0 y x = C_Greater'0) + function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_Reverse'0) (o : t_Reverse'0) : bool + + = + [%#sord1] cmp_log'0 self o = C_Greater'0 + + goal refines : [%#scmp0] forall x : t_Reverse'0 . forall y : t_Reverse'0 . forall result : () . gt_log'0 x y + = (cmp_log'0 x y = C_Greater'0) -> gt_log'0 x y = (cmp_log'0 x y = C_Greater'0) end -module M_creusot_contracts__logic__ord__qyi11489483489418918928__trans__refines [#"../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 +module M_creusot_contracts__stdqy35z1__option__qyi10751279649878241649__cmp_ge_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39] (* as logic::ord::OrdLogic> *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 47 20 47 53 + let%span soption2 = "../../../creusot-contracts/src/std/option.rs" 437 8 442 9 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 + let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 + let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 + let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 + let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 + let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 + let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 + let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 + let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 + let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 + let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 + let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 - use prelude.prelude.UInt64 + type t_T'0 + + type t_Option'0 = + | C_None'0 + | C_Some'0 t_T'0 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int - - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint64) (o : uint64) : t_Ordering'0 + function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_T'0) (other : t_T'0) : t_Ordering'0 - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : uint64 . forall y : uint64 . forall z : uint64 . forall o : t_Ordering'0 . cmp_log'0 y z - = o - /\ cmp_log'0 x y = o - -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) -end -module M_creusot_contracts__logic__ord__qyi11489483489418918928__eq_cmp__refines [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_T'0) (y : t_T'0) : () - use prelude.prelude.UInt64 + axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord15] (x = y) = (cmp_log'1 x y = C_Equal'0) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_T'0) (y : t_T'0) : () - use prelude.prelude.Int + axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord13] cmp_log'1 x y = C_Greater'0) + -> ([%#sord14] cmp_log'1 y x = C_Less'0) + + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_T'0) (y : t_T'0) : () + + axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord11] cmp_log'1 x y = C_Less'0) + -> ([%#sord12] cmp_log'1 y x = C_Greater'0) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint64) (o : uint64) : t_Ordering'0 + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : uint64 . forall y : uint64 . forall result : () . (x = y) - = (cmp_log'0 x y = C_Equal'0) -> (x = y) = (cmp_log'0 x y = C_Equal'0) -end -module M_creusot_contracts__logic__ord__qyi11489483489418918928__antisym1__refines [#"../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord8] cmp_log'1 x y = o) + -> ([%#sord9] cmp_log'1 y z = o) -> ([%#sord10] cmp_log'1 x z = o) - use prelude.prelude.UInt64 + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_T'0) : () - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + axiom refl'0_spec : forall x : t_T'0 . [%#sord7] cmp_log'1 x x = C_Equal'0 - use prelude.prelude.Int + function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_T'0) (o : t_T'0) : bool - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint64) (o : uint64) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_T'0) (y : t_T'0) : () - goal refines : [%#sord0] forall x : uint64 . forall y : uint64 . cmp_log'0 x y = C_Less'0 - -> cmp_log'0 x y = C_Less'0 /\ (forall result : () . cmp_log'0 y x = C_Greater'0 -> cmp_log'0 y x = C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi11489483489418918928__refl__refines [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord6] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) - use prelude.prelude.UInt64 + function ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_T'0) (o : t_T'0) : bool - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function cmp_ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_T'0) (y : t_T'0) : () - use prelude.prelude.Int + axiom cmp_ge_log'1_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] ge_log'1 x y = (cmp_log'1 x y <> C_Less'0) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint64) (o : uint64) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_T'0) (o : t_T'0) : bool - goal refines : [%#sord0] forall x : uint64 . forall result : () . cmp_log'0 x x = C_Equal'0 - -> cmp_log'0 x x = C_Equal'0 -end -module M_creusot_contracts__logic__ord__qyi11489483489418918928__cmp_le_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_T'0) (y : t_T'0) : () - use prelude.prelude.UInt64 + axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) - use prelude.prelude.Int + function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_T'0) (o : t_T'0) : bool - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_T'0) (y : t_T'0) : () + + axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord3] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint64) (o : uint64) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/std/option.rs" 436 4 436 41] (self : t_Option'0) (o : t_Option'0) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#soption2] match (self, o) with + | (C_None'0, C_None'0) -> C_Equal'0 + | (C_None'0, C_Some'0 _) -> C_Less'0 + | (C_Some'0 _, C_None'0) -> C_Greater'0 + | (C_Some'0 x, C_Some'0 y) -> cmp_log'1 x y + end - goal refines : [%#sord0] forall x : uint64 . forall y : uint64 . forall result : () . (x <= y) - = (cmp_log'0 x y <> C_Greater'0) -> (x <= y) = (cmp_log'0 x y <> C_Greater'0) + function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_Option'0) (o : t_Option'0) : bool + + = + [%#sord1] cmp_log'0 self o <> C_Less'0 + + goal refines : [%#sord0] forall x : t_Option'0 . forall y : t_Option'0 . forall result : () . ge_log'0 x y + = (cmp_log'0 x y <> C_Less'0) -> ge_log'0 x y = (cmp_log'0 x y <> C_Less'0) end -module M_creusot_contracts__logic__ord__qyi11489483489418918928__cmp_ge_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 +module M_creusot_contracts__stdqy35z1__option__qyi10751279649878241649__cmp_le_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39] (* as logic::ord::OrdLogic> *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 25 20 25 56 + let%span soption2 = "../../../creusot-contracts/src/std/option.rs" 437 8 442 9 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 + let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 + let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 + let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 + let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 + let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 + let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 + let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 + let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 + let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 + let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 + let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 - use prelude.prelude.UInt64 + type t_T'0 - use prelude.prelude.Int + type t_Option'0 = + | C_None'0 + | C_Some'0 t_T'0 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint64) (o : uint64) : t_Ordering'0 + function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_T'0) (other : t_T'0) : t_Ordering'0 - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : uint64 . forall y : uint64 . forall result : () . (x >= y) - = (cmp_log'0 x y <> C_Less'0) -> (x >= y) = (cmp_log'0 x y <> C_Less'0) -end -module M_creusot_contracts__logic__ord__qyi11489483489418918928__antisym2__refines [#"../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_T'0) (y : t_T'0) : () - use prelude.prelude.UInt64 + axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord15] (x = y) = (cmp_log'1 x y = C_Equal'0) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_T'0) (y : t_T'0) : () - use prelude.prelude.Int + axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord13] cmp_log'1 x y = C_Greater'0) + -> ([%#sord14] cmp_log'1 y x = C_Less'0) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint64) (o : uint64) : t_Ordering'0 + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_T'0) (y : t_T'0) : () + + axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord11] cmp_log'1 x y = C_Less'0) + -> ([%#sord12] cmp_log'1 y x = C_Greater'0) + + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : uint64 . forall y : uint64 . cmp_log'0 x y = C_Greater'0 - -> cmp_log'0 x y = C_Greater'0 /\ (forall result : () . cmp_log'0 y x = C_Less'0 -> cmp_log'0 y x = C_Less'0) -end -module M_creusot_contracts__logic__ord__qyi11489483489418918928__cmp_gt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord8] cmp_log'1 x y = o) + -> ([%#sord9] cmp_log'1 y z = o) -> ([%#sord10] cmp_log'1 x z = o) - use prelude.prelude.UInt64 + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_T'0) : () - use prelude.prelude.Int + axiom refl'0_spec : forall x : t_T'0 . [%#sord7] cmp_log'1 x x = C_Equal'0 - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_T'0) (o : t_T'0) : bool - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint64) (o : uint64) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_T'0) (y : t_T'0) : () - goal refines : [%#sord0] forall x : uint64 . forall y : uint64 . forall result : () . (x > y) - = (cmp_log'0 x y = C_Greater'0) -> (x > y) = (cmp_log'0 x y = C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi11489483489418918928__cmp_lt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord6] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) - use prelude.prelude.UInt64 + function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_T'0) (o : t_T'0) : bool - use prelude.prelude.Int + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_T'0) (y : t_T'0) : () - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint64) (o : uint64) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_T'0) (o : t_T'0) : bool - goal refines : [%#sord0] forall x : uint64 . forall y : uint64 . forall result : () . (x < y) - = (cmp_log'0 x y = C_Less'0) -> (x < y) = (cmp_log'0 x y = C_Less'0) -end -module M_creusot_contracts__logic__ord__qyi13757098721041279861__antisym2__refines [#"../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_T'0) (y : t_T'0) : () - use prelude.prelude.UInt128 + axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_T'0) (o : t_T'0) : bool - use prelude.prelude.Int + function cmp_le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_T'0) (y : t_T'0) : () + + axiom cmp_le_log'1_spec : forall x : t_T'0, y : t_T'0 . [%#sord3] le_log'1 x y = (cmp_log'1 x y <> C_Greater'0) + + function cmp_log'0 [#"../../../creusot-contracts/src/std/option.rs" 436 4 436 41] (self : t_Option'0) (o : t_Option'0) : t_Ordering'0 + + = + [%#soption2] match (self, o) with + | (C_None'0, C_None'0) -> C_Equal'0 + | (C_None'0, C_Some'0 _) -> C_Less'0 + | (C_Some'0 _, C_None'0) -> C_Greater'0 + | (C_Some'0 x, C_Some'0 y) -> cmp_log'1 x y + end - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint128) (o : uint128) : t_Ordering'0 + function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_Option'0) (o : t_Option'0) : bool = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord1] cmp_log'0 self o <> C_Greater'0 - goal refines : [%#sord0] forall x : uint128 . forall y : uint128 . cmp_log'0 x y = C_Greater'0 - -> cmp_log'0 x y = C_Greater'0 /\ (forall result : () . cmp_log'0 y x = C_Less'0 -> cmp_log'0 y x = C_Less'0) + goal refines : [%#sord0] forall x : t_Option'0 . forall y : t_Option'0 . forall result : () . le_log'0 x y + = (cmp_log'0 x y <> C_Greater'0) -> le_log'0 x y = (cmp_log'0 x y <> C_Greater'0) end -module M_creusot_contracts__logic__ord__qyi13757098721041279861__cmp_le_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 +module M_creusot_contracts__stdqy35z1__option__qyi10751279649878241649__cmp_gt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39] (* as logic::ord::OrdLogic> *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 58 20 58 56 + let%span soption2 = "../../../creusot-contracts/src/std/option.rs" 437 8 442 9 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 + let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 + let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 + let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 + let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 + let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 + let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 + let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 + let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 + let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 + let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 + let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 - use prelude.prelude.UInt128 + type t_T'0 - use prelude.prelude.Int + type t_Option'0 = + | C_None'0 + | C_Some'0 t_T'0 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint128) (o : uint128) : t_Ordering'0 + function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_T'0) (other : t_T'0) : t_Ordering'0 - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : uint128 . forall y : uint128 . forall result : () . (x <= y) - = (cmp_log'0 x y <> C_Greater'0) -> (x <= y) = (cmp_log'0 x y <> C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi13757098721041279861__antisym1__refines [#"../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_T'0) (y : t_T'0) : () - use prelude.prelude.UInt128 + axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord15] (x = y) = (cmp_log'1 x y = C_Equal'0) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_T'0) (y : t_T'0) : () - use prelude.prelude.Int + axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord13] cmp_log'1 x y = C_Greater'0) + -> ([%#sord14] cmp_log'1 y x = C_Less'0) + + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_T'0) (y : t_T'0) : () + + axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord11] cmp_log'1 x y = C_Less'0) + -> ([%#sord12] cmp_log'1 y x = C_Greater'0) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint128) (o : uint128) : t_Ordering'0 + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : uint128 . forall y : uint128 . cmp_log'0 x y = C_Less'0 - -> cmp_log'0 x y = C_Less'0 /\ (forall result : () . cmp_log'0 y x = C_Greater'0 -> cmp_log'0 y x = C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi13757098721041279861__trans__refines [#"../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord8] cmp_log'1 x y = o) + -> ([%#sord9] cmp_log'1 y z = o) -> ([%#sord10] cmp_log'1 x z = o) - use prelude.prelude.UInt128 + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_T'0) : () - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + axiom refl'0_spec : forall x : t_T'0 . [%#sord7] cmp_log'1 x x = C_Equal'0 - use prelude.prelude.Int + function gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_T'0) (o : t_T'0) : bool - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint128) (o : uint128) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + function cmp_gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_T'0) (y : t_T'0) : () - goal refines : [%#sord0] forall x : uint128 . forall y : uint128 . forall z : uint128 . forall o : t_Ordering'0 . cmp_log'0 y z - = o - /\ cmp_log'0 x y = o - -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) -end -module M_creusot_contracts__logic__ord__qyi13757098721041279861__refl__refines [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + axiom cmp_gt_log'1_spec : forall x : t_T'0, y : t_T'0 . [%#sord6] gt_log'1 x y = (cmp_log'1 x y = C_Greater'0) - use prelude.prelude.UInt128 + function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_T'0) (o : t_T'0) : bool - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_T'0) (y : t_T'0) : () - use prelude.prelude.Int + axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint128) (o : uint128) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_T'0) (o : t_T'0) : bool - goal refines : [%#sord0] forall x : uint128 . forall result : () . cmp_log'0 x x = C_Equal'0 - -> cmp_log'0 x x = C_Equal'0 -end -module M_creusot_contracts__logic__ord__qyi13757098721041279861__cmp_ge_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_T'0) (y : t_T'0) : () - use prelude.prelude.UInt128 + axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) - use prelude.prelude.Int + function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_T'0) (o : t_T'0) : bool - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_T'0) (y : t_T'0) : () + + axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord3] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint128) (o : uint128) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/std/option.rs" 436 4 436 41] (self : t_Option'0) (o : t_Option'0) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#soption2] match (self, o) with + | (C_None'0, C_None'0) -> C_Equal'0 + | (C_None'0, C_Some'0 _) -> C_Less'0 + | (C_Some'0 _, C_None'0) -> C_Greater'0 + | (C_Some'0 x, C_Some'0 y) -> cmp_log'1 x y + end + + function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_Option'0) (o : t_Option'0) : bool + + = + [%#sord1] cmp_log'0 self o = C_Greater'0 - goal refines : [%#sord0] forall x : uint128 . forall y : uint128 . forall result : () . (x >= y) - = (cmp_log'0 x y <> C_Less'0) -> (x >= y) = (cmp_log'0 x y <> C_Less'0) + goal refines : [%#sord0] forall x : t_Option'0 . forall y : t_Option'0 . forall result : () . gt_log'0 x y + = (cmp_log'0 x y = C_Greater'0) -> gt_log'0 x y = (cmp_log'0 x y = C_Greater'0) end -module M_creusot_contracts__logic__ord__qyi13757098721041279861__eq_cmp__refines [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 +module M_creusot_contracts__stdqy35z1__option__qyi10751279649878241649__eq_cmp__refines [#"../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35] (* as logic::ord::OrdLogic> *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35 + let%span soption1 = "../../../creusot-contracts/src/std/option.rs" 437 8 442 9 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 + let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 + let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 + let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 + let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 + let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 + let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 + let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 + let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 + let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 + let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 - use prelude.prelude.UInt128 + type t_T'0 + + type t_Option'0 = + | C_None'0 + | C_Some'0 t_T'0 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int - - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint128) (o : uint128) : t_Ordering'0 + function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_T'0) (other : t_T'0) : t_Ordering'0 - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : uint128 . forall y : uint128 . forall result : () . (x = y) - = (cmp_log'0 x y = C_Equal'0) -> (x = y) = (cmp_log'0 x y = C_Equal'0) -end -module M_creusot_contracts__logic__ord__qyi13757098721041279861__cmp_gt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + function eq_cmp'1 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_T'0) (y : t_T'0) : () - use prelude.prelude.UInt128 + axiom eq_cmp'1_spec : forall x : t_T'0, y : t_T'0 . [%#sord14] (x = y) = (cmp_log'1 x y = C_Equal'0) - use prelude.prelude.Int + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_T'0) (y : t_T'0) : () - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord12] cmp_log'1 x y = C_Greater'0) + -> ([%#sord13] cmp_log'1 y x = C_Less'0) + + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_T'0) (y : t_T'0) : () + + axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord10] cmp_log'1 x y = C_Less'0) + -> ([%#sord11] cmp_log'1 y x = C_Greater'0) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint128) (o : uint128) : t_Ordering'0 + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : uint128 . forall y : uint128 . forall result : () . (x > y) - = (cmp_log'0 x y = C_Greater'0) -> (x > y) = (cmp_log'0 x y = C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi13757098721041279861__cmp_lt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord7] cmp_log'1 x y = o) + -> ([%#sord8] cmp_log'1 y z = o) -> ([%#sord9] cmp_log'1 x z = o) - use prelude.prelude.UInt128 + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_T'0) : () - use prelude.prelude.Int + axiom refl'0_spec : forall x : t_T'0 . [%#sord6] cmp_log'1 x x = C_Equal'0 - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_T'0) (o : t_T'0) : bool - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : uint128) (o : uint128) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_T'0) (y : t_T'0) : () - goal refines : [%#sord0] forall x : uint128 . forall y : uint128 . forall result : () . (x < y) - = (cmp_log'0 x y = C_Less'0) -> (x < y) = (cmp_log'0 x y = C_Less'0) -end -module M_creusot_contracts__logic__ord__qyi8186105652185060096__antisym1__refines [#"../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) - use prelude.prelude.UIntSize + function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_T'0) (o : t_T'0) : bool - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_T'0) (y : t_T'0) : () - use prelude.prelude.Int + axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : usize) (o : usize) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_T'0) (o : t_T'0) : bool - goal refines : [%#sord0] forall x : usize . forall y : usize . cmp_log'0 x y = C_Less'0 - -> cmp_log'0 x y = C_Less'0 /\ (forall result : () . cmp_log'0 y x = C_Greater'0 -> cmp_log'0 y x = C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi8186105652185060096__cmp_ge_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_T'0) (y : t_T'0) : () - use prelude.prelude.UIntSize + axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord3] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) - use prelude.prelude.Int + function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_T'0) (o : t_T'0) : bool - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_T'0) (y : t_T'0) : () + + axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord2] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : usize) (o : usize) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/std/option.rs" 436 4 436 41] (self : t_Option'0) (o : t_Option'0) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#soption1] match (self, o) with + | (C_None'0, C_None'0) -> C_Equal'0 + | (C_None'0, C_Some'0 _) -> C_Less'0 + | (C_Some'0 _, C_None'0) -> C_Greater'0 + | (C_Some'0 x, C_Some'0 y) -> cmp_log'1 x y + end - goal refines : [%#sord0] forall x : usize . forall y : usize . forall result : () . (x >= y) - = (cmp_log'0 x y <> C_Less'0) -> (x >= y) = (cmp_log'0 x y <> C_Less'0) + goal refines : [%#sord0] forall x : t_Option'0 . forall y : t_Option'0 . forall result : () . (x = y) + = (cmp_log'0 x y = C_Equal'0) -> (x = y) = (cmp_log'0 x y = C_Equal'0) end -module M_creusot_contracts__logic__ord__qyi8186105652185060096__cmp_le_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 +module M_creusot_contracts__stdqy35z1__option__qyi10751279649878241649__cmp_lt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39] (* as logic::ord::OrdLogic> *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 36 20 36 53 + let%span soption2 = "../../../creusot-contracts/src/std/option.rs" 437 8 442 9 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 + let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 + let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 + let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 + let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 + let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 + let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 + let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 + let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 + let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 + let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 + let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 - use prelude.prelude.UIntSize + type t_T'0 - use prelude.prelude.Int + type t_Option'0 = + | C_None'0 + | C_Some'0 t_T'0 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : usize) (o : usize) : t_Ordering'0 + function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_T'0) (other : t_T'0) : t_Ordering'0 - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : usize . forall y : usize . forall result : () . (x <= y) - = (cmp_log'0 x y <> C_Greater'0) -> (x <= y) = (cmp_log'0 x y <> C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi8186105652185060096__cmp_lt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_T'0) (y : t_T'0) : () - use prelude.prelude.UIntSize + axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord15] (x = y) = (cmp_log'1 x y = C_Equal'0) - use prelude.prelude.Int + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_T'0) (y : t_T'0) : () - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord13] cmp_log'1 x y = C_Greater'0) + -> ([%#sord14] cmp_log'1 y x = C_Less'0) + + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_T'0) (y : t_T'0) : () + + axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord11] cmp_log'1 x y = C_Less'0) + -> ([%#sord12] cmp_log'1 y x = C_Greater'0) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : usize) (o : usize) : t_Ordering'0 + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : usize . forall y : usize . forall result : () . (x < y) - = (cmp_log'0 x y = C_Less'0) -> (x < y) = (cmp_log'0 x y = C_Less'0) -end -module M_creusot_contracts__logic__ord__qyi8186105652185060096__cmp_gt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord8] cmp_log'1 x y = o) + -> ([%#sord9] cmp_log'1 y z = o) -> ([%#sord10] cmp_log'1 x z = o) - use prelude.prelude.UIntSize + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_T'0) : () - use prelude.prelude.Int + axiom refl'0_spec : forall x : t_T'0 . [%#sord7] cmp_log'1 x x = C_Equal'0 - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_T'0) (o : t_T'0) : bool - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : usize) (o : usize) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_T'0) (y : t_T'0) : () - goal refines : [%#sord0] forall x : usize . forall y : usize . forall result : () . (x > y) - = (cmp_log'0 x y = C_Greater'0) -> (x > y) = (cmp_log'0 x y = C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi8186105652185060096__trans__refines [#"../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord6] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) - use prelude.prelude.UIntSize + function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_T'0) (o : t_T'0) : bool - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_T'0) (y : t_T'0) : () - use prelude.prelude.Int + axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : usize) (o : usize) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + function lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_T'0) (o : t_T'0) : bool - goal refines : [%#sord0] forall x : usize . forall y : usize . forall z : usize . forall o : t_Ordering'0 . cmp_log'0 y z - = o - /\ cmp_log'0 x y = o - -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) -end -module M_creusot_contracts__logic__ord__qyi8186105652185060096__eq_cmp__refines [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + function cmp_lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_T'0) (y : t_T'0) : () - use prelude.prelude.UIntSize + axiom cmp_lt_log'1_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] lt_log'1 x y = (cmp_log'1 x y = C_Less'0) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_T'0) (o : t_T'0) : bool - use prelude.prelude.Int + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_T'0) (y : t_T'0) : () + + axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord3] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : usize) (o : usize) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/std/option.rs" 436 4 436 41] (self : t_Option'0) (o : t_Option'0) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#soption2] match (self, o) with + | (C_None'0, C_None'0) -> C_Equal'0 + | (C_None'0, C_Some'0 _) -> C_Less'0 + | (C_Some'0 _, C_None'0) -> C_Greater'0 + | (C_Some'0 x, C_Some'0 y) -> cmp_log'1 x y + end - goal refines : [%#sord0] forall x : usize . forall y : usize . forall result : () . (x = y) - = (cmp_log'0 x y = C_Equal'0) -> (x = y) = (cmp_log'0 x y = C_Equal'0) + function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_Option'0) (o : t_Option'0) : bool + + = + [%#sord1] cmp_log'0 self o = C_Less'0 + + goal refines : [%#sord0] forall x : t_Option'0 . forall y : t_Option'0 . forall result : () . lt_log'0 x y + = (cmp_log'0 x y = C_Less'0) -> lt_log'0 x y = (cmp_log'0 x y = C_Less'0) end -module M_creusot_contracts__logic__ord__qyi8186105652185060096__antisym2__refines [#"../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 +module M_creusot_contracts__stdqy35z1__option__qyi10751279649878241649__antisym2__refines [#"../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37] (* as logic::ord::OrdLogic> *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37 + let%span soption1 = "../../../creusot-contracts/src/std/option.rs" 437 8 442 9 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 + let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 + let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 + let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 + let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 + let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 + let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 + let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 + let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 + let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 + let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 - use prelude.prelude.UIntSize + type t_T'0 + + type t_Option'0 = + | C_None'0 + | C_Some'0 t_T'0 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int - - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : usize) (o : usize) : t_Ordering'0 + function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_T'0) (other : t_T'0) : t_Ordering'0 - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : usize . forall y : usize . cmp_log'0 x y = C_Greater'0 - -> cmp_log'0 x y = C_Greater'0 /\ (forall result : () . cmp_log'0 y x = C_Less'0 -> cmp_log'0 y x = C_Less'0) -end -module M_creusot_contracts__logic__ord__qyi8186105652185060096__refl__refines [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_T'0) (y : t_T'0) : () - use prelude.prelude.UIntSize + axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord14] (x = y) = (cmp_log'1 x y = C_Equal'0) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function antisym2'1 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_T'0) (y : t_T'0) : () - use prelude.prelude.Int + axiom antisym2'1_spec : forall x : t_T'0, y : t_T'0 . ([%#sord12] cmp_log'1 x y = C_Greater'0) + -> ([%#sord13] cmp_log'1 y x = C_Less'0) + + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_T'0) (y : t_T'0) : () + + axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord10] cmp_log'1 x y = C_Less'0) + -> ([%#sord11] cmp_log'1 y x = C_Greater'0) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : usize) (o : usize) : t_Ordering'0 + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : usize . forall result : () . cmp_log'0 x x = C_Equal'0 - -> cmp_log'0 x x = C_Equal'0 -end -module M_creusot_contracts__logic__ord__qyi18413678402769648790__cmp_lt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord7] cmp_log'1 x y = o) + -> ([%#sord8] cmp_log'1 y z = o) -> ([%#sord9] cmp_log'1 x z = o) - use prelude.prelude.Int8 + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_T'0) : () - use prelude.prelude.Int + axiom refl'0_spec : forall x : t_T'0 . [%#sord6] cmp_log'1 x x = C_Equal'0 - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_T'0) (o : t_T'0) : bool - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int8) (o : int8) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_T'0) (y : t_T'0) : () - goal refines : [%#sord0] forall x : int8 . forall y : int8 . forall result : () . (x < y) = (cmp_log'0 x y = C_Less'0) - -> (x < y) = (cmp_log'0 x y = C_Less'0) -end -module M_creusot_contracts__logic__ord__qyi18413678402769648790__cmp_ge_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) - use prelude.prelude.Int8 + function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_T'0) (o : t_T'0) : bool - use prelude.prelude.Int + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_T'0) (y : t_T'0) : () - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int8) (o : int8) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_T'0) (o : t_T'0) : bool - goal refines : [%#sord0] forall x : int8 . forall y : int8 . forall result : () . (x >= y) - = (cmp_log'0 x y <> C_Less'0) -> (x >= y) = (cmp_log'0 x y <> C_Less'0) -end -module M_creusot_contracts__logic__ord__qyi18413678402769648790__trans__refines [#"../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_T'0) (y : t_T'0) : () - use prelude.prelude.Int8 + axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord3] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_T'0) (o : t_T'0) : bool - use prelude.prelude.Int + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_T'0) (y : t_T'0) : () + + axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord2] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int8) (o : int8) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/std/option.rs" 436 4 436 41] (self : t_Option'0) (o : t_Option'0) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - - goal refines : [%#sord0] forall x : int8 . forall y : int8 . forall z : int8 . forall o : t_Ordering'0 . cmp_log'0 y z - = o - /\ cmp_log'0 x y = o - -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) + [%#soption1] match (self, o) with + | (C_None'0, C_None'0) -> C_Equal'0 + | (C_None'0, C_Some'0 _) -> C_Less'0 + | (C_Some'0 _, C_None'0) -> C_Greater'0 + | (C_Some'0 x, C_Some'0 y) -> cmp_log'1 x y + end + + goal refines : [%#sord0] forall x : t_Option'0 . forall y : t_Option'0 . cmp_log'0 x y = C_Greater'0 + -> cmp_log'0 x y = C_Greater'0 /\ (forall result : () . cmp_log'0 y x = C_Less'0 -> cmp_log'0 y x = C_Less'0) end -module M_creusot_contracts__logic__ord__qyi18413678402769648790__refl__refines [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 +module M_creusot_contracts__stdqy35z1__option__qyi10751279649878241649__antisym1__refines [#"../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37] (* as logic::ord::OrdLogic> *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37 + let%span soption1 = "../../../creusot-contracts/src/std/option.rs" 437 8 442 9 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 + let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 + let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 + let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 + let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 + let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 + let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 + let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 + let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 + let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 + let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 - use prelude.prelude.Int8 + type t_T'0 + + type t_Option'0 = + | C_None'0 + | C_Some'0 t_T'0 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int - - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int8) (o : int8) : t_Ordering'0 + function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_T'0) (other : t_T'0) : t_Ordering'0 - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : int8 . forall result : () . cmp_log'0 x x = C_Equal'0 - -> cmp_log'0 x x = C_Equal'0 -end -module M_creusot_contracts__logic__ord__qyi18413678402769648790__antisym1__refines [#"../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_T'0) (y : t_T'0) : () - use prelude.prelude.Int8 + axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord14] (x = y) = (cmp_log'1 x y = C_Equal'0) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_T'0) (y : t_T'0) : () - use prelude.prelude.Int + axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord12] cmp_log'1 x y = C_Greater'0) + -> ([%#sord13] cmp_log'1 y x = C_Less'0) + + function antisym1'1 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_T'0) (y : t_T'0) : () + + axiom antisym1'1_spec : forall x : t_T'0, y : t_T'0 . ([%#sord10] cmp_log'1 x y = C_Less'0) + -> ([%#sord11] cmp_log'1 y x = C_Greater'0) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int8) (o : int8) : t_Ordering'0 + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : int8 . forall y : int8 . cmp_log'0 x y = C_Less'0 - -> cmp_log'0 x y = C_Less'0 /\ (forall result : () . cmp_log'0 y x = C_Greater'0 -> cmp_log'0 y x = C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi18413678402769648790__cmp_gt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord7] cmp_log'1 x y = o) + -> ([%#sord8] cmp_log'1 y z = o) -> ([%#sord9] cmp_log'1 x z = o) - use prelude.prelude.Int8 + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_T'0) : () - use prelude.prelude.Int + axiom refl'0_spec : forall x : t_T'0 . [%#sord6] cmp_log'1 x x = C_Equal'0 - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_T'0) (o : t_T'0) : bool - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int8) (o : int8) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_T'0) (y : t_T'0) : () - goal refines : [%#sord0] forall x : int8 . forall y : int8 . forall result : () . (x > y) - = (cmp_log'0 x y = C_Greater'0) -> (x > y) = (cmp_log'0 x y = C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi18413678402769648790__eq_cmp__refines [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) - use prelude.prelude.Int8 + function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_T'0) (o : t_T'0) : bool - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_T'0) (y : t_T'0) : () - use prelude.prelude.Int + axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int8) (o : int8) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_T'0) (o : t_T'0) : bool - goal refines : [%#sord0] forall x : int8 . forall y : int8 . forall result : () . (x = y) - = (cmp_log'0 x y = C_Equal'0) -> (x = y) = (cmp_log'0 x y = C_Equal'0) -end -module M_creusot_contracts__logic__ord__qyi18413678402769648790__antisym2__refines [#"../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_T'0) (y : t_T'0) : () - use prelude.prelude.Int8 + axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord3] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_T'0) (o : t_T'0) : bool - use prelude.prelude.Int + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_T'0) (y : t_T'0) : () + + axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord2] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int8) (o : int8) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/std/option.rs" 436 4 436 41] (self : t_Option'0) (o : t_Option'0) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#soption1] match (self, o) with + | (C_None'0, C_None'0) -> C_Equal'0 + | (C_None'0, C_Some'0 _) -> C_Less'0 + | (C_Some'0 _, C_None'0) -> C_Greater'0 + | (C_Some'0 x, C_Some'0 y) -> cmp_log'1 x y + end - goal refines : [%#sord0] forall x : int8 . forall y : int8 . cmp_log'0 x y = C_Greater'0 - -> cmp_log'0 x y = C_Greater'0 /\ (forall result : () . cmp_log'0 y x = C_Less'0 -> cmp_log'0 y x = C_Less'0) + goal refines : [%#sord0] forall x : t_Option'0 . forall y : t_Option'0 . cmp_log'0 x y = C_Less'0 + -> cmp_log'0 x y = C_Less'0 /\ (forall result : () . cmp_log'0 y x = C_Greater'0 -> cmp_log'0 y x = C_Greater'0) end -module M_creusot_contracts__logic__ord__qyi18413678402769648790__cmp_le_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 +module M_creusot_contracts__stdqy35z1__option__qyi10751279649878241649__refl__refines [#"../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24] (* as logic::ord::OrdLogic> *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24 + let%span soption1 = "../../../creusot-contracts/src/std/option.rs" 437 8 442 9 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 + let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 + let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 + let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 + let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 + let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 + let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 + let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 + let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 + let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 + let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 - use prelude.prelude.Int8 + type t_T'0 - use prelude.prelude.Int + type t_Option'0 = + | C_None'0 + | C_Some'0 t_T'0 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int8) (o : int8) : t_Ordering'0 + function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_T'0) (other : t_T'0) : t_Ordering'0 - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : int8 . forall y : int8 . forall result : () . (x <= y) - = (cmp_log'0 x y <> C_Greater'0) -> (x <= y) = (cmp_log'0 x y <> C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi8040194823849327911__cmp_ge_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_T'0) (y : t_T'0) : () - use prelude.prelude.Int16 + axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord14] (x = y) = (cmp_log'1 x y = C_Equal'0) - use prelude.prelude.Int + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_T'0) (y : t_T'0) : () - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord12] cmp_log'1 x y = C_Greater'0) + -> ([%#sord13] cmp_log'1 y x = C_Less'0) + + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_T'0) (y : t_T'0) : () + + axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord10] cmp_log'1 x y = C_Less'0) + -> ([%#sord11] cmp_log'1 y x = C_Greater'0) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int16) (o : int16) : t_Ordering'0 + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : int16 . forall y : int16 . forall result : () . (x >= y) - = (cmp_log'0 x y <> C_Less'0) -> (x >= y) = (cmp_log'0 x y <> C_Less'0) -end -module M_creusot_contracts__logic__ord__qyi8040194823849327911__trans__refines [#"../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord7] cmp_log'1 x y = o) + -> ([%#sord8] cmp_log'1 y z = o) -> ([%#sord9] cmp_log'1 x z = o) - use prelude.prelude.Int16 + function refl'1 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_T'0) : () - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + axiom refl'1_spec : forall x : t_T'0 . [%#sord6] cmp_log'1 x x = C_Equal'0 - use prelude.prelude.Int + function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_T'0) (o : t_T'0) : bool - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int16) (o : int16) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_T'0) (y : t_T'0) : () - goal refines : [%#sord0] forall x : int16 . forall y : int16 . forall z : int16 . forall o : t_Ordering'0 . cmp_log'0 y z - = o - /\ cmp_log'0 x y = o - -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) -end -module M_creusot_contracts__logic__ord__qyi8040194823849327911__cmp_le_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) - use prelude.prelude.Int16 + function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_T'0) (o : t_T'0) : bool - use prelude.prelude.Int + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_T'0) (y : t_T'0) : () - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int16) (o : int16) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_T'0) (o : t_T'0) : bool - goal refines : [%#sord0] forall x : int16 . forall y : int16 . forall result : () . (x <= y) - = (cmp_log'0 x y <> C_Greater'0) -> (x <= y) = (cmp_log'0 x y <> C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi8040194823849327911__refl__refines [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_T'0) (y : t_T'0) : () - use prelude.prelude.Int16 + axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord3] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_T'0) (o : t_T'0) : bool - use prelude.prelude.Int + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_T'0) (y : t_T'0) : () + + axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord2] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int16) (o : int16) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/std/option.rs" 436 4 436 41] (self : t_Option'0) (o : t_Option'0) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#soption1] match (self, o) with + | (C_None'0, C_None'0) -> C_Equal'0 + | (C_None'0, C_Some'0 _) -> C_Less'0 + | (C_Some'0 _, C_None'0) -> C_Greater'0 + | (C_Some'0 x, C_Some'0 y) -> cmp_log'1 x y + end - goal refines : [%#sord0] forall x : int16 . forall result : () . cmp_log'0 x x = C_Equal'0 + goal refines : [%#sord0] forall x : t_Option'0 . forall result : () . cmp_log'0 x x = C_Equal'0 -> cmp_log'0 x x = C_Equal'0 end -module M_creusot_contracts__logic__ord__qyi8040194823849327911__eq_cmp__refines [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 +module M_creusot_contracts__stdqy35z1__option__qyi10751279649878241649__trans__refines [#"../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56] (* as logic::ord::OrdLogic> *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56 + let%span soption1 = "../../../creusot-contracts/src/std/option.rs" 437 8 442 9 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 + let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 + let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 + let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 + let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 + let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 + let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 + let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 + let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 + let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 + let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 - use prelude.prelude.Int16 + type t_T'0 + + type t_Option'0 = + | C_None'0 + | C_Some'0 t_T'0 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int - - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int16) (o : int16) : t_Ordering'0 + function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_T'0) (other : t_T'0) : t_Ordering'0 - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : int16 . forall y : int16 . forall result : () . (x = y) - = (cmp_log'0 x y = C_Equal'0) -> (x = y) = (cmp_log'0 x y = C_Equal'0) -end -module M_creusot_contracts__logic__ord__qyi8040194823849327911__cmp_lt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_T'0) (y : t_T'0) : () - use prelude.prelude.Int16 + axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord14] (x = y) = (cmp_log'1 x y = C_Equal'0) - use prelude.prelude.Int + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_T'0) (y : t_T'0) : () - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord12] cmp_log'1 x y = C_Greater'0) + -> ([%#sord13] cmp_log'1 y x = C_Less'0) + + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_T'0) (y : t_T'0) : () + + axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord10] cmp_log'1 x y = C_Less'0) + -> ([%#sord11] cmp_log'1 y x = C_Greater'0) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int16) (o : int16) : t_Ordering'0 + function trans'1 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : int16 . forall y : int16 . forall result : () . (x < y) - = (cmp_log'0 x y = C_Less'0) -> (x < y) = (cmp_log'0 x y = C_Less'0) -end -module M_creusot_contracts__logic__ord__qyi8040194823849327911__antisym2__refines [#"../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + axiom trans'1_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord7] cmp_log'1 x y = o) + -> ([%#sord8] cmp_log'1 y z = o) -> ([%#sord9] cmp_log'1 x z = o) - use prelude.prelude.Int16 + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_T'0) : () - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + axiom refl'0_spec : forall x : t_T'0 . [%#sord6] cmp_log'1 x x = C_Equal'0 - use prelude.prelude.Int + function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_T'0) (o : t_T'0) : bool - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int16) (o : int16) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_T'0) (y : t_T'0) : () - goal refines : [%#sord0] forall x : int16 . forall y : int16 . cmp_log'0 x y = C_Greater'0 - -> cmp_log'0 x y = C_Greater'0 /\ (forall result : () . cmp_log'0 y x = C_Less'0 -> cmp_log'0 y x = C_Less'0) -end -module M_creusot_contracts__logic__ord__qyi8040194823849327911__cmp_gt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) - use prelude.prelude.Int16 + function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_T'0) (o : t_T'0) : bool - use prelude.prelude.Int + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_T'0) (y : t_T'0) : () - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) + + function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_T'0) (o : t_T'0) : bool + + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_T'0) (y : t_T'0) : () + + axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord3] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int16) (o : int16) : t_Ordering'0 + function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_T'0) (o : t_T'0) : bool + + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_T'0) (y : t_T'0) : () + + axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord2] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) + + function cmp_log'0 [#"../../../creusot-contracts/src/std/option.rs" 436 4 436 41] (self : t_Option'0) (o : t_Option'0) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#soption1] match (self, o) with + | (C_None'0, C_None'0) -> C_Equal'0 + | (C_None'0, C_Some'0 _) -> C_Less'0 + | (C_Some'0 _, C_None'0) -> C_Greater'0 + | (C_Some'0 x, C_Some'0 y) -> cmp_log'1 x y + end - goal refines : [%#sord0] forall x : int16 . forall y : int16 . forall result : () . (x > y) - = (cmp_log'0 x y = C_Greater'0) -> (x > y) = (cmp_log'0 x y = C_Greater'0) + goal refines : [%#sord0] forall x : t_Option'0 . forall y : t_Option'0 . forall z : t_Option'0 . forall o : t_Ordering'0 . cmp_log'0 y z + = o + /\ cmp_log'0 x y = o + -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) end -module M_creusot_contracts__logic__ord__qyi8040194823849327911__antisym1__refines [#"../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 +module M_creusot_contracts__num_rational__qyi7156484438548626841__cmp_le_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39 + let%span snum_rational1 = "../../../creusot-contracts/src/num_rational.rs" 29 4 29 12 - use prelude.prelude.Int16 + use prelude.prelude.Real + + use prelude.prelude.Real type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.Real - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int16) (o : int16) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/num_rational.rs" 31 4 31 41] (self : Real.real) (o : Real.real) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#snum_rational1] if Real.(<) self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : int16 . forall y : int16 . cmp_log'0 x y = C_Less'0 - -> cmp_log'0 x y = C_Less'0 /\ (forall result : () . cmp_log'0 y x = C_Greater'0 -> cmp_log'0 y x = C_Greater'0) + goal refines : [%#sord0] forall x : Real.real . forall y : Real.real . forall result : () . Real.(<=) x y + = (cmp_log'0 x y <> C_Greater'0) -> Real.(<=) x y = (cmp_log'0 x y <> C_Greater'0) end -module M_creusot_contracts__logic__ord__qyi211457485035727011__cmp_le_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 - - use prelude.prelude.Int32 +module M_creusot_contracts__num_rational__qyi7156484438548626841__eq_cmp__refines [#"../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35 + let%span snum_rational1 = "../../../creusot-contracts/src/num_rational.rs" 29 4 29 12 - use prelude.prelude.Int + use prelude.prelude.Real type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int32) (o : int32) : t_Ordering'0 + use prelude.prelude.Real + + function cmp_log'0 [#"../../../creusot-contracts/src/num_rational.rs" 31 4 31 41] (self : Real.real) (o : Real.real) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#snum_rational1] if Real.(<) self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : int32 . forall y : int32 . forall result : () . (x <= y) - = (cmp_log'0 x y <> C_Greater'0) -> (x <= y) = (cmp_log'0 x y <> C_Greater'0) + goal refines : [%#sord0] forall x : Real.real . forall y : Real.real . forall result : () . (x = y) + = (cmp_log'0 x y = C_Equal'0) -> (x = y) = (cmp_log'0 x y = C_Equal'0) end -module M_creusot_contracts__logic__ord__qyi211457485035727011__trans__refines [#"../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 +module M_creusot_contracts__num_rational__qyi7156484438548626841__cmp_lt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39 + let%span snum_rational1 = "../../../creusot-contracts/src/num_rational.rs" 29 4 29 12 - use prelude.prelude.Int32 + use prelude.prelude.Real + + use prelude.prelude.Real type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int - - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int32) (o : int32) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/num_rational.rs" 31 4 31 41] (self : Real.real) (o : Real.real) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#snum_rational1] if Real.(<) self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : int32 . forall y : int32 . forall z : int32 . forall o : t_Ordering'0 . cmp_log'0 y z - = o - /\ cmp_log'0 x y = o - -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) + goal refines : [%#sord0] forall x : Real.real . forall y : Real.real . forall result : () . Real.(<) x y + = (cmp_log'0 x y = C_Less'0) -> Real.(<) x y = (cmp_log'0 x y = C_Less'0) end -module M_creusot_contracts__logic__ord__qyi211457485035727011__cmp_gt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 +module M_creusot_contracts__num_rational__qyi7156484438548626841__cmp_ge_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39 + let%span snum_rational1 = "../../../creusot-contracts/src/num_rational.rs" 29 4 29 12 - use prelude.prelude.Int32 + use prelude.prelude.Real - use prelude.prelude.Int + use prelude.prelude.Real type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int32) (o : int32) : t_Ordering'0 + use prelude.prelude.Real + + function cmp_log'0 [#"../../../creusot-contracts/src/num_rational.rs" 31 4 31 41] (self : Real.real) (o : Real.real) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#snum_rational1] if Real.(<) self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : int32 . forall y : int32 . forall result : () . (x > y) - = (cmp_log'0 x y = C_Greater'0) -> (x > y) = (cmp_log'0 x y = C_Greater'0) + goal refines : [%#sord0] forall x : Real.real . forall y : Real.real . forall result : () . Real.(>=) x y + = (cmp_log'0 x y <> C_Less'0) -> Real.(>=) x y = (cmp_log'0 x y <> C_Less'0) end -module M_creusot_contracts__logic__ord__qyi211457485035727011__cmp_lt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 +module M_creusot_contracts__num_rational__qyi7156484438548626841__cmp_gt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39 + let%span snum_rational1 = "../../../creusot-contracts/src/num_rational.rs" 29 4 29 12 - use prelude.prelude.Int32 + use prelude.prelude.Real - use prelude.prelude.Int + use prelude.prelude.Real type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int32) (o : int32) : t_Ordering'0 + use prelude.prelude.Real + + function cmp_log'0 [#"../../../creusot-contracts/src/num_rational.rs" 31 4 31 41] (self : Real.real) (o : Real.real) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#snum_rational1] if Real.(<) self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : int32 . forall y : int32 . forall result : () . (x < y) - = (cmp_log'0 x y = C_Less'0) -> (x < y) = (cmp_log'0 x y = C_Less'0) + goal refines : [%#sord0] forall x : Real.real . forall y : Real.real . forall result : () . Real.(>) x y + = (cmp_log'0 x y = C_Greater'0) -> Real.(>) x y = (cmp_log'0 x y = C_Greater'0) end -module M_creusot_contracts__logic__ord__qyi211457485035727011__cmp_ge_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 - - use prelude.prelude.Int32 +module M_creusot_contracts__num_rational__qyi7156484438548626841__antisym2__refines [#"../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37 + let%span snum_rational1 = "../../../creusot-contracts/src/num_rational.rs" 29 4 29 12 - use prelude.prelude.Int + use prelude.prelude.Real type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int32) (o : int32) : t_Ordering'0 + use prelude.prelude.Real + + function cmp_log'0 [#"../../../creusot-contracts/src/num_rational.rs" 31 4 31 41] (self : Real.real) (o : Real.real) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#snum_rational1] if Real.(<) self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : int32 . forall y : int32 . forall result : () . (x >= y) - = (cmp_log'0 x y <> C_Less'0) -> (x >= y) = (cmp_log'0 x y <> C_Less'0) + goal refines : [%#sord0] forall x : Real.real . forall y : Real.real . cmp_log'0 x y = C_Greater'0 + -> cmp_log'0 x y = C_Greater'0 /\ (forall result : () . cmp_log'0 y x = C_Less'0 -> cmp_log'0 y x = C_Less'0) end -module M_creusot_contracts__logic__ord__qyi211457485035727011__antisym1__refines [#"../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 +module M_creusot_contracts__num_rational__qyi7156484438548626841__trans__refines [#"../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56 + let%span snum_rational1 = "../../../creusot-contracts/src/num_rational.rs" 29 4 29 12 - use prelude.prelude.Int32 + use prelude.prelude.Real type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.Real - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int32) (o : int32) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/num_rational.rs" 31 4 31 41] (self : Real.real) (o : Real.real) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#snum_rational1] if Real.(<) self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : int32 . forall y : int32 . cmp_log'0 x y = C_Less'0 - -> cmp_log'0 x y = C_Less'0 /\ (forall result : () . cmp_log'0 y x = C_Greater'0 -> cmp_log'0 y x = C_Greater'0) + goal refines : [%#sord0] forall x : Real.real . forall y : Real.real . forall z : Real.real . forall o : t_Ordering'0 . cmp_log'0 y z + = o + /\ cmp_log'0 x y = o + -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) end -module M_creusot_contracts__logic__ord__qyi211457485035727011__antisym2__refines [#"../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 +module M_creusot_contracts__num_rational__qyi7156484438548626841__antisym1__refines [#"../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37 + let%span snum_rational1 = "../../../creusot-contracts/src/num_rational.rs" 29 4 29 12 - use prelude.prelude.Int32 + use prelude.prelude.Real type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.Real - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int32) (o : int32) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/num_rational.rs" 31 4 31 41] (self : Real.real) (o : Real.real) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#snum_rational1] if Real.(<) self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : int32 . forall y : int32 . cmp_log'0 x y = C_Greater'0 - -> cmp_log'0 x y = C_Greater'0 /\ (forall result : () . cmp_log'0 y x = C_Less'0 -> cmp_log'0 y x = C_Less'0) + goal refines : [%#sord0] forall x : Real.real . forall y : Real.real . cmp_log'0 x y = C_Less'0 + -> cmp_log'0 x y = C_Less'0 /\ (forall result : () . cmp_log'0 y x = C_Greater'0 -> cmp_log'0 y x = C_Greater'0) end -module M_creusot_contracts__logic__ord__qyi211457485035727011__refl__refines [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 +module M_creusot_contracts__num_rational__qyi7156484438548626841__refl__refines [#"../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24 + let%span snum_rational1 = "../../../creusot-contracts/src/num_rational.rs" 29 4 29 12 - use prelude.prelude.Int32 + use prelude.prelude.Real type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int + use prelude.prelude.Real - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int32) (o : int32) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/num_rational.rs" 31 4 31 41] (self : Real.real) (o : Real.real) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#snum_rational1] if Real.(<) self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : int32 . forall result : () . cmp_log'0 x x = C_Equal'0 + goal refines : [%#sord0] forall x : Real.real . forall result : () . cmp_log'0 x x = C_Equal'0 -> cmp_log'0 x x = C_Equal'0 end -module M_creusot_contracts__logic__ord__qyi211457485035727011__eq_cmp__refines [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 +module M_creusot_contracts__logic__ord__qyi8355372356285216375__cmp_ge_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - use prelude.prelude.Int32 + use prelude.prelude.Int type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int - - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int32) (o : int32) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int) (o : int) : t_Ordering'0 = [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : int32 . forall y : int32 . forall result : () . (x = y) - = (cmp_log'0 x y = C_Equal'0) -> (x = y) = (cmp_log'0 x y = C_Equal'0) + goal refines : [%#sord0] forall x : int . forall y : int . forall result : () . (x >= y) = (cmp_log'0 x y <> C_Less'0) + -> (x >= y) = (cmp_log'0 x y <> C_Less'0) end -module M_creusot_contracts__logic__ord__qyi2565746305859701215__refl__refines [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 +module M_creusot_contracts__logic__ord__qyi8355372356285216375__refl__refines [#"../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - use prelude.prelude.Int64 + use prelude.prelude.Int type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int - - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int64) (o : int64) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int) (o : int) : t_Ordering'0 = [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : int64 . forall result : () . cmp_log'0 x x = C_Equal'0 - -> cmp_log'0 x x = C_Equal'0 + goal refines : [%#sord0] forall x : int . forall result : () . cmp_log'0 x x = C_Equal'0 -> cmp_log'0 x x = C_Equal'0 end -module M_creusot_contracts__logic__ord__qyi2565746305859701215__cmp_lt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 - - use prelude.prelude.Int64 +module M_creusot_contracts__logic__ord__qyi8355372356285216375__cmp_gt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 use prelude.prelude.Int @@ -17514,105 +17369,93 @@ module M_creusot_contracts__logic__ord__qyi2565746305859701215__cmp_lt_log__refi | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int64) (o : int64) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int) (o : int) : t_Ordering'0 = [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : int64 . forall y : int64 . forall result : () . (x < y) - = (cmp_log'0 x y = C_Less'0) -> (x < y) = (cmp_log'0 x y = C_Less'0) + goal refines : [%#sord0] forall x : int . forall y : int . forall result : () . (x > y) + = (cmp_log'0 x y = C_Greater'0) -> (x > y) = (cmp_log'0 x y = C_Greater'0) end -module M_creusot_contracts__logic__ord__qyi2565746305859701215__antisym1__refines [#"../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 +module M_creusot_contracts__logic__ord__qyi8355372356285216375__cmp_lt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - use prelude.prelude.Int64 + use prelude.prelude.Int type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int - - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int64) (o : int64) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int) (o : int) : t_Ordering'0 = [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : int64 . forall y : int64 . cmp_log'0 x y = C_Less'0 - -> cmp_log'0 x y = C_Less'0 /\ (forall result : () . cmp_log'0 y x = C_Greater'0 -> cmp_log'0 y x = C_Greater'0) + goal refines : [%#sord0] forall x : int . forall y : int . forall result : () . (x < y) = (cmp_log'0 x y = C_Less'0) + -> (x < y) = (cmp_log'0 x y = C_Less'0) end -module M_creusot_contracts__logic__ord__qyi2565746305859701215__trans__refines [#"../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 +module M_creusot_contracts__logic__ord__qyi8355372356285216375__eq_cmp__refines [#"../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - use prelude.prelude.Int64 + use prelude.prelude.Int type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int - - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int64) (o : int64) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int) (o : int) : t_Ordering'0 = [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : int64 . forall y : int64 . forall z : int64 . forall o : t_Ordering'0 . cmp_log'0 y z - = o - /\ cmp_log'0 x y = o - -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) + goal refines : [%#sord0] forall x : int . forall y : int . forall result : () . (x = y) = (cmp_log'0 x y = C_Equal'0) + -> (x = y) = (cmp_log'0 x y = C_Equal'0) end -module M_creusot_contracts__logic__ord__qyi2565746305859701215__eq_cmp__refines [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 +module M_creusot_contracts__logic__ord__qyi8355372356285216375__antisym1__refines [#"../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - use prelude.prelude.Int64 + use prelude.prelude.Int type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int - - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int64) (o : int64) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int) (o : int) : t_Ordering'0 = [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : int64 . forall y : int64 . forall result : () . (x = y) - = (cmp_log'0 x y = C_Equal'0) -> (x = y) = (cmp_log'0 x y = C_Equal'0) + goal refines : [%#sord0] forall x : int . forall y : int . cmp_log'0 x y = C_Less'0 + -> cmp_log'0 x y = C_Less'0 /\ (forall result : () . cmp_log'0 y x = C_Greater'0 -> cmp_log'0 y x = C_Greater'0) end -module M_creusot_contracts__logic__ord__qyi2565746305859701215__antisym2__refines [#"../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 +module M_creusot_contracts__logic__ord__qyi8355372356285216375__antisym2__refines [#"../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - use prelude.prelude.Int64 + use prelude.prelude.Int type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int - - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int64) (o : int64) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int) (o : int) : t_Ordering'0 = [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : int64 . forall y : int64 . cmp_log'0 x y = C_Greater'0 + goal refines : [%#sord0] forall x : int . forall y : int . cmp_log'0 x y = C_Greater'0 -> cmp_log'0 x y = C_Greater'0 /\ (forall result : () . cmp_log'0 y x = C_Less'0 -> cmp_log'0 y x = C_Less'0) end -module M_creusot_contracts__logic__ord__qyi2565746305859701215__cmp_gt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 - - use prelude.prelude.Int64 +module M_creusot_contracts__logic__ord__qyi8355372356285216375__cmp_le_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 use prelude.prelude.Int @@ -17621,19 +17464,17 @@ module M_creusot_contracts__logic__ord__qyi2565746305859701215__cmp_gt_log__refi | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int64) (o : int64) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int) (o : int) : t_Ordering'0 = [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : int64 . forall y : int64 . forall result : () . (x > y) - = (cmp_log'0 x y = C_Greater'0) -> (x > y) = (cmp_log'0 x y = C_Greater'0) + goal refines : [%#sord0] forall x : int . forall y : int . forall result : () . (x <= y) + = (cmp_log'0 x y <> C_Greater'0) -> (x <= y) = (cmp_log'0 x y <> C_Greater'0) end -module M_creusot_contracts__logic__ord__qyi2565746305859701215__cmp_le_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 - - use prelude.prelude.Int64 +module M_creusot_contracts__logic__ord__qyi8355372356285216375__trans__refines [#"../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 use prelude.prelude.Int @@ -17642,61 +17483,63 @@ module M_creusot_contracts__logic__ord__qyi2565746305859701215__cmp_le_log__refi | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int64) (o : int64) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int) (o : int) : t_Ordering'0 = [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : int64 . forall y : int64 . forall result : () . (x <= y) - = (cmp_log'0 x y <> C_Greater'0) -> (x <= y) = (cmp_log'0 x y <> C_Greater'0) + goal refines : [%#sord0] forall x : int . forall y : int . forall z : int . forall o : t_Ordering'0 . cmp_log'0 y z + = o + /\ cmp_log'0 x y = o + -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) end -module M_creusot_contracts__logic__ord__qyi2565746305859701215__cmp_ge_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 - - use prelude.prelude.Int64 +module M_creusot_contracts__logic__ord__qyi15418235539824427604__eq_cmp__refines [#"../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - use prelude.prelude.Int + use prelude.prelude.UInt8 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int64) (o : int64) : t_Ordering'0 + use prelude.prelude.Int + + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint8) (o : uint8) : t_Ordering'0 = [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : int64 . forall y : int64 . forall result : () . (x >= y) - = (cmp_log'0 x y <> C_Less'0) -> (x >= y) = (cmp_log'0 x y <> C_Less'0) + goal refines : [%#sord0] forall x : uint8 . forall y : uint8 . forall result : () . (x = y) + = (cmp_log'0 x y = C_Equal'0) -> (x = y) = (cmp_log'0 x y = C_Equal'0) end -module M_creusot_contracts__logic__ord__qyi2364657485180829964__antisym1__refines [#"../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 +module M_creusot_contracts__logic__ord__qyi15418235539824427604__cmp_gt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - use prelude.prelude.Int128 + use prelude.prelude.UInt8 + + use prelude.prelude.Int type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int - - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int128) (o : int128) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint8) (o : uint8) : t_Ordering'0 = [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : int128 . forall y : int128 . cmp_log'0 x y = C_Less'0 - -> cmp_log'0 x y = C_Less'0 /\ (forall result : () . cmp_log'0 y x = C_Greater'0 -> cmp_log'0 y x = C_Greater'0) + goal refines : [%#sord0] forall x : uint8 . forall y : uint8 . forall result : () . (x > y) + = (cmp_log'0 x y = C_Greater'0) -> (x > y) = (cmp_log'0 x y = C_Greater'0) end -module M_creusot_contracts__logic__ord__qyi2364657485180829964__eq_cmp__refines [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 +module M_creusot_contracts__logic__ord__qyi15418235539824427604__trans__refines [#"../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - use prelude.prelude.Int128 + use prelude.prelude.UInt8 type t_Ordering'0 = | C_Less'0 @@ -17705,19 +17548,21 @@ module M_creusot_contracts__logic__ord__qyi2364657485180829964__eq_cmp__refines use prelude.prelude.Int - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int128) (o : int128) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint8) (o : uint8) : t_Ordering'0 = [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : int128 . forall y : int128 . forall result : () . (x = y) - = (cmp_log'0 x y = C_Equal'0) -> (x = y) = (cmp_log'0 x y = C_Equal'0) + goal refines : [%#sord0] forall x : uint8 . forall y : uint8 . forall z : uint8 . forall o : t_Ordering'0 . cmp_log'0 y z + = o + /\ cmp_log'0 x y = o + -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) end -module M_creusot_contracts__logic__ord__qyi2364657485180829964__antisym2__refines [#"../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 +module M_creusot_contracts__logic__ord__qyi15418235539824427604__antisym2__refines [#"../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - use prelude.prelude.Int128 + use prelude.prelude.UInt8 type t_Ordering'0 = | C_Less'0 @@ -17726,19 +17571,19 @@ module M_creusot_contracts__logic__ord__qyi2364657485180829964__antisym2__refine use prelude.prelude.Int - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int128) (o : int128) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint8) (o : uint8) : t_Ordering'0 = [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : int128 . forall y : int128 . cmp_log'0 x y = C_Greater'0 + goal refines : [%#sord0] forall x : uint8 . forall y : uint8 . cmp_log'0 x y = C_Greater'0 -> cmp_log'0 x y = C_Greater'0 /\ (forall result : () . cmp_log'0 y x = C_Less'0 -> cmp_log'0 y x = C_Less'0) end -module M_creusot_contracts__logic__ord__qyi2364657485180829964__cmp_gt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 +module M_creusot_contracts__logic__ord__qyi15418235539824427604__cmp_le_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - use prelude.prelude.Int128 + use prelude.prelude.UInt8 use prelude.prelude.Int @@ -17747,40 +17592,40 @@ module M_creusot_contracts__logic__ord__qyi2364657485180829964__cmp_gt_log__refi | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int128) (o : int128) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint8) (o : uint8) : t_Ordering'0 = [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : int128 . forall y : int128 . forall result : () . (x > y) - = (cmp_log'0 x y = C_Greater'0) -> (x > y) = (cmp_log'0 x y = C_Greater'0) + goal refines : [%#sord0] forall x : uint8 . forall y : uint8 . forall result : () . (x <= y) + = (cmp_log'0 x y <> C_Greater'0) -> (x <= y) = (cmp_log'0 x y <> C_Greater'0) end -module M_creusot_contracts__logic__ord__qyi2364657485180829964__refl__refines [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 +module M_creusot_contracts__logic__ord__qyi15418235539824427604__cmp_lt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - use prelude.prelude.Int128 + use prelude.prelude.UInt8 + + use prelude.prelude.Int type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int - - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int128) (o : int128) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint8) (o : uint8) : t_Ordering'0 = [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : int128 . forall result : () . cmp_log'0 x x = C_Equal'0 - -> cmp_log'0 x x = C_Equal'0 + goal refines : [%#sord0] forall x : uint8 . forall y : uint8 . forall result : () . (x < y) + = (cmp_log'0 x y = C_Less'0) -> (x < y) = (cmp_log'0 x y = C_Less'0) end -module M_creusot_contracts__logic__ord__qyi2364657485180829964__cmp_ge_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 +module M_creusot_contracts__logic__ord__qyi15418235539824427604__cmp_ge_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - use prelude.prelude.Int128 + use prelude.prelude.UInt8 use prelude.prelude.Int @@ -17789,61 +17634,61 @@ module M_creusot_contracts__logic__ord__qyi2364657485180829964__cmp_ge_log__refi | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int128) (o : int128) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint8) (o : uint8) : t_Ordering'0 = [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : int128 . forall y : int128 . forall result : () . (x >= y) + goal refines : [%#sord0] forall x : uint8 . forall y : uint8 . forall result : () . (x >= y) = (cmp_log'0 x y <> C_Less'0) -> (x >= y) = (cmp_log'0 x y <> C_Less'0) end -module M_creusot_contracts__logic__ord__qyi2364657485180829964__cmp_lt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 - - use prelude.prelude.Int128 +module M_creusot_contracts__logic__ord__qyi15418235539824427604__antisym1__refines [#"../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - use prelude.prelude.Int + use prelude.prelude.UInt8 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int128) (o : int128) : t_Ordering'0 + use prelude.prelude.Int + + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint8) (o : uint8) : t_Ordering'0 = [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : int128 . forall y : int128 . forall result : () . (x < y) - = (cmp_log'0 x y = C_Less'0) -> (x < y) = (cmp_log'0 x y = C_Less'0) + goal refines : [%#sord0] forall x : uint8 . forall y : uint8 . cmp_log'0 x y = C_Less'0 + -> cmp_log'0 x y = C_Less'0 /\ (forall result : () . cmp_log'0 y x = C_Greater'0 -> cmp_log'0 y x = C_Greater'0) end -module M_creusot_contracts__logic__ord__qyi2364657485180829964__cmp_le_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 - - use prelude.prelude.Int128 +module M_creusot_contracts__logic__ord__qyi15418235539824427604__refl__refines [#"../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - use prelude.prelude.Int + use prelude.prelude.UInt8 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int128) (o : int128) : t_Ordering'0 + use prelude.prelude.Int + + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint8) (o : uint8) : t_Ordering'0 = [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : int128 . forall y : int128 . forall result : () . (x <= y) - = (cmp_log'0 x y <> C_Greater'0) -> (x <= y) = (cmp_log'0 x y <> C_Greater'0) + goal refines : [%#sord0] forall x : uint8 . forall result : () . cmp_log'0 x x = C_Equal'0 + -> cmp_log'0 x x = C_Equal'0 end -module M_creusot_contracts__logic__ord__qyi2364657485180829964__trans__refines [#"../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 +module M_creusot_contracts__logic__ord__qyi7305497527599188430__antisym2__refines [#"../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - use prelude.prelude.Int128 + use prelude.prelude.UInt16 type t_Ordering'0 = | C_Less'0 @@ -17852,42 +17697,40 @@ module M_creusot_contracts__logic__ord__qyi2364657485180829964__trans__refines [ use prelude.prelude.Int - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : int128) (o : int128) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint16) (o : uint16) : t_Ordering'0 - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - - goal refines : [%#sord0] forall x : int128 . forall y : int128 . forall z : int128 . forall o : t_Ordering'0 . cmp_log'0 y z - = o - /\ cmp_log'0 x y = o - -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + + goal refines : [%#sord0] forall x : uint16 . forall y : uint16 . cmp_log'0 x y = C_Greater'0 + -> cmp_log'0 x y = C_Greater'0 /\ (forall result : () . cmp_log'0 y x = C_Less'0 -> cmp_log'0 y x = C_Less'0) end -module M_creusot_contracts__logic__ord__qyi8047313880300482848__antisym1__refines [#"../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 +module M_creusot_contracts__logic__ord__qyi7305497527599188430__cmp_ge_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - use prelude.prelude.IntSize + use prelude.prelude.UInt16 + + use prelude.prelude.Int type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - use prelude.prelude.Int - - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : isize) (o : isize) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint16) (o : uint16) : t_Ordering'0 = [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : isize . forall y : isize . cmp_log'0 x y = C_Less'0 - -> cmp_log'0 x y = C_Less'0 /\ (forall result : () . cmp_log'0 y x = C_Greater'0 -> cmp_log'0 y x = C_Greater'0) + goal refines : [%#sord0] forall x : uint16 . forall y : uint16 . forall result : () . (x >= y) + = (cmp_log'0 x y <> C_Less'0) -> (x >= y) = (cmp_log'0 x y <> C_Less'0) end -module M_creusot_contracts__logic__ord__qyi8047313880300482848__antisym2__refines [#"../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 +module M_creusot_contracts__logic__ord__qyi7305497527599188430__refl__refines [#"../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - use prelude.prelude.IntSize + use prelude.prelude.UInt16 type t_Ordering'0 = | C_Less'0 @@ -17896,19 +17739,19 @@ module M_creusot_contracts__logic__ord__qyi8047313880300482848__antisym2__refine use prelude.prelude.Int - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : isize) (o : isize) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint16) (o : uint16) : t_Ordering'0 = [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : isize . forall y : isize . cmp_log'0 x y = C_Greater'0 - -> cmp_log'0 x y = C_Greater'0 /\ (forall result : () . cmp_log'0 y x = C_Less'0 -> cmp_log'0 y x = C_Less'0) + goal refines : [%#sord0] forall x : uint16 . forall result : () . cmp_log'0 x x = C_Equal'0 + -> cmp_log'0 x x = C_Equal'0 end -module M_creusot_contracts__logic__ord__qyi8047313880300482848__cmp_ge_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 +module M_creusot_contracts__logic__ord__qyi7305497527599188430__cmp_lt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - use prelude.prelude.IntSize + use prelude.prelude.UInt16 use prelude.prelude.Int @@ -17917,19 +17760,19 @@ module M_creusot_contracts__logic__ord__qyi8047313880300482848__cmp_ge_log__refi | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : isize) (o : isize) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint16) (o : uint16) : t_Ordering'0 = [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : isize . forall y : isize . forall result : () . (x >= y) - = (cmp_log'0 x y <> C_Less'0) -> (x >= y) = (cmp_log'0 x y <> C_Less'0) + goal refines : [%#sord0] forall x : uint16 . forall y : uint16 . forall result : () . (x < y) + = (cmp_log'0 x y = C_Less'0) -> (x < y) = (cmp_log'0 x y = C_Less'0) end -module M_creusot_contracts__logic__ord__qyi8047313880300482848__cmp_lt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 +module M_creusot_contracts__logic__ord__qyi7305497527599188430__cmp_le_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - use prelude.prelude.IntSize + use prelude.prelude.UInt16 use prelude.prelude.Int @@ -17938,19 +17781,19 @@ module M_creusot_contracts__logic__ord__qyi8047313880300482848__cmp_lt_log__refi | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : isize) (o : isize) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint16) (o : uint16) : t_Ordering'0 = [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : isize . forall y : isize . forall result : () . (x < y) - = (cmp_log'0 x y = C_Less'0) -> (x < y) = (cmp_log'0 x y = C_Less'0) + goal refines : [%#sord0] forall x : uint16 . forall y : uint16 . forall result : () . (x <= y) + = (cmp_log'0 x y <> C_Greater'0) -> (x <= y) = (cmp_log'0 x y <> C_Greater'0) end -module M_creusot_contracts__logic__ord__qyi8047313880300482848__trans__refines [#"../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 +module M_creusot_contracts__logic__ord__qyi7305497527599188430__antisym1__refines [#"../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - use prelude.prelude.IntSize + use prelude.prelude.UInt16 type t_Ordering'0 = | C_Less'0 @@ -17959,21 +17802,19 @@ module M_creusot_contracts__logic__ord__qyi8047313880300482848__trans__refines [ use prelude.prelude.Int - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : isize) (o : isize) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint16) (o : uint16) : t_Ordering'0 = [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : isize . forall y : isize . forall z : isize . forall o : t_Ordering'0 . cmp_log'0 y z - = o - /\ cmp_log'0 x y = o - -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) + goal refines : [%#sord0] forall x : uint16 . forall y : uint16 . cmp_log'0 x y = C_Less'0 + -> cmp_log'0 x y = C_Less'0 /\ (forall result : () . cmp_log'0 y x = C_Greater'0 -> cmp_log'0 y x = C_Greater'0) end -module M_creusot_contracts__logic__ord__qyi8047313880300482848__eq_cmp__refines [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 +module M_creusot_contracts__logic__ord__qyi7305497527599188430__trans__refines [#"../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - use prelude.prelude.IntSize + use prelude.prelude.UInt16 type t_Ordering'0 = | C_Less'0 @@ -17982,19 +17823,21 @@ module M_creusot_contracts__logic__ord__qyi8047313880300482848__eq_cmp__refines use prelude.prelude.Int - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : isize) (o : isize) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint16) (o : uint16) : t_Ordering'0 = [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : isize . forall y : isize . forall result : () . (x = y) - = (cmp_log'0 x y = C_Equal'0) -> (x = y) = (cmp_log'0 x y = C_Equal'0) + goal refines : [%#sord0] forall x : uint16 . forall y : uint16 . forall z : uint16 . forall o : t_Ordering'0 . cmp_log'0 y z + = o + /\ cmp_log'0 x y = o + -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) end -module M_creusot_contracts__logic__ord__qyi8047313880300482848__refl__refines [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 +module M_creusot_contracts__logic__ord__qyi7305497527599188430__eq_cmp__refines [#"../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - use prelude.prelude.IntSize + use prelude.prelude.UInt16 type t_Ordering'0 = | C_Less'0 @@ -18003,19 +17846,19 @@ module M_creusot_contracts__logic__ord__qyi8047313880300482848__refl__refines [# use prelude.prelude.Int - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : isize) (o : isize) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint16) (o : uint16) : t_Ordering'0 = [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : isize . forall result : () . cmp_log'0 x x = C_Equal'0 - -> cmp_log'0 x x = C_Equal'0 + goal refines : [%#sord0] forall x : uint16 . forall y : uint16 . forall result : () . (x = y) + = (cmp_log'0 x y = C_Equal'0) -> (x = y) = (cmp_log'0 x y = C_Equal'0) end -module M_creusot_contracts__logic__ord__qyi8047313880300482848__cmp_gt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 +module M_creusot_contracts__logic__ord__qyi7305497527599188430__cmp_gt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - use prelude.prelude.IntSize + use prelude.prelude.UInt16 use prelude.prelude.Int @@ -18024,19 +17867,19 @@ module M_creusot_contracts__logic__ord__qyi8047313880300482848__cmp_gt_log__refi | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : isize) (o : isize) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint16) (o : uint16) : t_Ordering'0 = [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : isize . forall y : isize . forall result : () . (x > y) + goal refines : [%#sord0] forall x : uint16 . forall y : uint16 . forall result : () . (x > y) = (cmp_log'0 x y = C_Greater'0) -> (x > y) = (cmp_log'0 x y = C_Greater'0) end -module M_creusot_contracts__logic__ord__qyi8047313880300482848__cmp_le_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 +module M_creusot_contracts__logic__ord__qyi4526525114627399862__cmp_gt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - use prelude.prelude.IntSize + use prelude.prelude.UInt32 use prelude.prelude.Int @@ -18045,3410 +17888,3412 @@ module M_creusot_contracts__logic__ord__qyi8047313880300482848__cmp_le_log__refi | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 134 12 134 49] (self : isize) (o : isize) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint32) (o : uint32) : t_Ordering'0 = [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : isize . forall y : isize . forall result : () . (x <= y) - = (cmp_log'0 x y <> C_Greater'0) -> (x <= y) = (cmp_log'0 x y <> C_Greater'0) + goal refines : [%#sord0] forall x : uint32 . forall y : uint32 . forall result : () . (x > y) + = (cmp_log'0 x y = C_Greater'0) -> (x > y) = (cmp_log'0 x y = C_Greater'0) end -module M_creusot_contracts__logic__ord__qyi17836724837647357586__cmp_ge_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 31 20 31 53 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 197 8 202 9 +module M_creusot_contracts__logic__ord__qyi4526525114627399862__trans__refines [#"../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + + use prelude.prelude.UInt32 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 196 4 196 41] (self : bool) (o : bool) : t_Ordering'0 + use prelude.prelude.Int + + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint32) (o : uint32) : t_Ordering'0 = - [%#sord2] match (self, o) with - | (False, False) -> C_Equal'0 - | (True, True) -> C_Equal'0 - | (False, True) -> C_Less'0 - | (True, False) -> C_Greater'0 - end - - function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (self : bool) (o : bool) : bool = - [%#sord1] cmp_log'0 self o <> C_Less'0 + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : bool . forall y : bool . forall result : () . ge_log'0 x y - = (cmp_log'0 x y <> C_Less'0) -> ge_log'0 x y = (cmp_log'0 x y <> C_Less'0) + goal refines : [%#sord0] forall x : uint32 . forall y : uint32 . forall z : uint32 . forall o : t_Ordering'0 . cmp_log'0 y z + = o + /\ cmp_log'0 x y = o + -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) end -module M_creusot_contracts__logic__ord__qyi17836724837647357586__refl__refines [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 197 8 202 9 - - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 +module M_creusot_contracts__logic__ord__qyi4526525114627399862__cmp_lt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 196 4 196 41] (self : bool) (o : bool) : t_Ordering'0 - - = - [%#sord1] match (self, o) with - | (False, False) -> C_Equal'0 - | (True, True) -> C_Equal'0 - | (False, True) -> C_Less'0 - | (True, False) -> C_Greater'0 - end + use prelude.prelude.UInt32 - goal refines : [%#sord0] forall x : bool . forall result : () . cmp_log'0 x x = C_Equal'0 - -> cmp_log'0 x x = C_Equal'0 -end -module M_creusot_contracts__logic__ord__qyi17836724837647357586__antisym1__refines [#"../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 197 8 202 9 + use prelude.prelude.Int type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 196 4 196 41] (self : bool) (o : bool) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint32) (o : uint32) : t_Ordering'0 = - [%#sord1] match (self, o) with - | (False, False) -> C_Equal'0 - | (True, True) -> C_Equal'0 - | (False, True) -> C_Less'0 - | (True, False) -> C_Greater'0 - end + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : bool . forall y : bool . cmp_log'0 x y = C_Less'0 - -> cmp_log'0 x y = C_Less'0 /\ (forall result : () . cmp_log'0 y x = C_Greater'0 -> cmp_log'0 y x = C_Greater'0) + goal refines : [%#sord0] forall x : uint32 . forall y : uint32 . forall result : () . (x < y) + = (cmp_log'0 x y = C_Less'0) -> (x < y) = (cmp_log'0 x y = C_Less'0) end -module M_creusot_contracts__logic__ord__qyi17836724837647357586__cmp_gt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 41 20 41 56 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 197 8 202 9 - - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 - - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 196 4 196 41] (self : bool) (o : bool) : t_Ordering'0 - - = - [%#sord2] match (self, o) with - | (False, False) -> C_Equal'0 - | (True, True) -> C_Equal'0 - | (False, True) -> C_Less'0 - | (True, False) -> C_Greater'0 - end +module M_creusot_contracts__logic__ord__qyi4526525114627399862__cmp_ge_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 40 4 40 36] (self : bool) (o : bool) : bool = - [%#sord1] cmp_log'0 self o = C_Greater'0 + use prelude.prelude.UInt32 - goal refines : [%#sord0] forall x : bool . forall y : bool . forall result : () . gt_log'0 x y - = (cmp_log'0 x y = C_Greater'0) -> gt_log'0 x y = (cmp_log'0 x y = C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi17836724837647357586__cmp_le_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 11 20 11 56 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 197 8 202 9 + use prelude.prelude.Int type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 196 4 196 41] (self : bool) (o : bool) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint32) (o : uint32) : t_Ordering'0 = - [%#sord2] match (self, o) with - | (False, False) -> C_Equal'0 - | (True, True) -> C_Equal'0 - | (False, True) -> C_Less'0 - | (True, False) -> C_Greater'0 - end - - function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 10 4 10 36] (self : bool) (o : bool) : bool = - [%#sord1] cmp_log'0 self o <> C_Greater'0 + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : bool . forall y : bool . forall result : () . le_log'0 x y - = (cmp_log'0 x y <> C_Greater'0) -> le_log'0 x y = (cmp_log'0 x y <> C_Greater'0) + goal refines : [%#sord0] forall x : uint32 . forall y : uint32 . forall result : () . (x >= y) + = (cmp_log'0 x y <> C_Less'0) -> (x >= y) = (cmp_log'0 x y <> C_Less'0) end -module M_creusot_contracts__logic__ord__qyi17836724837647357586__cmp_lt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 21 20 21 53 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 197 8 202 9 +module M_creusot_contracts__logic__ord__qyi4526525114627399862__cmp_le_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + + use prelude.prelude.UInt32 + + use prelude.prelude.Int type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 196 4 196 41] (self : bool) (o : bool) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint32) (o : uint32) : t_Ordering'0 = - [%#sord2] match (self, o) with - | (False, False) -> C_Equal'0 - | (True, True) -> C_Equal'0 - | (False, True) -> C_Less'0 - | (True, False) -> C_Greater'0 - end - - function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 20 4 20 36] (self : bool) (o : bool) : bool = - [%#sord1] cmp_log'0 self o = C_Less'0 + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : bool . forall y : bool . forall result : () . lt_log'0 x y - = (cmp_log'0 x y = C_Less'0) -> lt_log'0 x y = (cmp_log'0 x y = C_Less'0) + goal refines : [%#sord0] forall x : uint32 . forall y : uint32 . forall result : () . (x <= y) + = (cmp_log'0 x y <> C_Greater'0) -> (x <= y) = (cmp_log'0 x y <> C_Greater'0) end -module M_creusot_contracts__logic__ord__qyi17836724837647357586__eq_cmp__refines [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 197 8 202 9 +module M_creusot_contracts__logic__ord__qyi4526525114627399862__antisym2__refines [#"../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + + use prelude.prelude.UInt32 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 196 4 196 41] (self : bool) (o : bool) : t_Ordering'0 + use prelude.prelude.Int + + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint32) (o : uint32) : t_Ordering'0 = - [%#sord1] match (self, o) with - | (False, False) -> C_Equal'0 - | (True, True) -> C_Equal'0 - | (False, True) -> C_Less'0 - | (True, False) -> C_Greater'0 - end + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : bool . forall y : bool . forall result : () . (x = y) - = (cmp_log'0 x y = C_Equal'0) -> (x = y) = (cmp_log'0 x y = C_Equal'0) + goal refines : [%#sord0] forall x : uint32 . forall y : uint32 . cmp_log'0 x y = C_Greater'0 + -> cmp_log'0 x y = C_Greater'0 /\ (forall result : () . cmp_log'0 y x = C_Less'0 -> cmp_log'0 y x = C_Less'0) end -module M_creusot_contracts__logic__ord__qyi17836724837647357586__antisym2__refines [#"../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 197 8 202 9 +module M_creusot_contracts__logic__ord__qyi4526525114627399862__refl__refines [#"../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + + use prelude.prelude.UInt32 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 196 4 196 41] (self : bool) (o : bool) : t_Ordering'0 + use prelude.prelude.Int + + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint32) (o : uint32) : t_Ordering'0 = - [%#sord1] match (self, o) with - | (False, False) -> C_Equal'0 - | (True, True) -> C_Equal'0 - | (False, True) -> C_Less'0 - | (True, False) -> C_Greater'0 - end + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : bool . forall y : bool . cmp_log'0 x y = C_Greater'0 - -> cmp_log'0 x y = C_Greater'0 /\ (forall result : () . cmp_log'0 y x = C_Less'0 -> cmp_log'0 y x = C_Less'0) + goal refines : [%#sord0] forall x : uint32 . forall result : () . cmp_log'0 x x = C_Equal'0 + -> cmp_log'0 x x = C_Equal'0 end -module M_creusot_contracts__logic__ord__qyi17836724837647357586__trans__refines [#"../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 197 8 202 9 +module M_creusot_contracts__logic__ord__qyi4526525114627399862__eq_cmp__refines [#"../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + + use prelude.prelude.UInt32 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 196 4 196 41] (self : bool) (o : bool) : t_Ordering'0 + use prelude.prelude.Int + + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint32) (o : uint32) : t_Ordering'0 = - [%#sord1] match (self, o) with - | (False, False) -> C_Equal'0 - | (True, True) -> C_Equal'0 - | (False, True) -> C_Less'0 - | (True, False) -> C_Greater'0 - end + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : bool . forall y : bool . forall z : bool . forall o : t_Ordering'0 . cmp_log'0 y z - = o - /\ cmp_log'0 x y = o - -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) + goal refines : [%#sord0] forall x : uint32 . forall y : uint32 . forall result : () . (x = y) + = (cmp_log'0 x y = C_Equal'0) -> (x = y) = (cmp_log'0 x y = C_Equal'0) end -module M_creusot_contracts__logic__ord__qyi1910662420989811789__cmp_gt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (* <(A, B) as logic::ord::OrdLogic> *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 243 20 243 67 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 212 8 219 11 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 15 14 15 64 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 25 14 25 61 - let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 35 14 35 61 - let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 45 14 45 64 - let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 49 14 49 45 - let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 53 15 53 32 - let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 54 15 54 32 - let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 55 14 55 31 - let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 59 15 59 45 - let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 60 14 60 47 - let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 64 15 64 48 - let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 65 14 65 44 - let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 69 14 69 59 - - type t_A'0 +module M_creusot_contracts__logic__ord__qyi4526525114627399862__antisym1__refines [#"../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - type t_B'0 + use prelude.prelude.UInt32 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 6 4 6 42] (self : t_B'0) (_2 : t_B'0) : t_Ordering'0 - - - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 70 4 70 32] (x : t_B'0) (y : t_B'0) : () - - axiom eq_cmp'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord15] (x = y) = (cmp_log'2 x y = C_Equal'0) - - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 66 4 66 34] (x : t_B'0) (y : t_B'0) : () - - axiom antisym2'0_spec : forall x : t_B'0, y : t_B'0 . ([%#sord13] cmp_log'2 x y = C_Greater'0) - -> ([%#sord14] cmp_log'2 y x = C_Less'0) - - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 61 4 61 34] (x : t_B'0) (y : t_B'0) : () - - axiom antisym1'0_spec : forall x : t_B'0, y : t_B'0 . ([%#sord11] cmp_log'2 x y = C_Less'0) - -> ([%#sord12] cmp_log'2 y x = C_Greater'0) - - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 56 4 56 53] (x : t_B'0) (y : t_B'0) (z : t_B'0) (o : t_Ordering'0) : () - - - axiom trans'0_spec : forall x : t_B'0, y : t_B'0, z : t_B'0, o : t_Ordering'0 . ([%#sord8] cmp_log'2 x y = o) - -> ([%#sord9] cmp_log'2 y z = o) -> ([%#sord10] cmp_log'2 x z = o) - - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 50 4 50 21] (x : t_B'0) : () - - axiom refl'0_spec : forall x : t_B'0 . [%#sord7] cmp_log'2 x x = C_Equal'0 - - function gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 40 4 40 36] (self : t_B'0) (o : t_B'0) : bool - - function cmp_gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (x : t_B'0) (y : t_B'0) : () - - axiom cmp_gt_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord6] gt_log'1 x y = (cmp_log'2 x y = C_Greater'0) - - function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (self : t_B'0) (o : t_B'0) : bool - - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 36 4 36 36] (x : t_B'0) (y : t_B'0) : () - - axiom cmp_ge_log'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord5] ge_log'0 x y = (cmp_log'2 x y <> C_Less'0) - - function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 20 4 20 36] (self : t_B'0) (o : t_B'0) : bool - - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 26 4 26 36] (x : t_B'0) (y : t_B'0) : () - - axiom cmp_lt_log'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord4] lt_log'0 x y = (cmp_log'2 x y = C_Less'0) - - function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 10 4 10 36] (self : t_B'0) (o : t_B'0) : bool - - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 16 4 16 36] (x : t_B'0) (y : t_B'0) : () - - axiom cmp_le_log'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord3] le_log'0 x y = (cmp_log'2 x y <> C_Greater'0) - - function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 6 4 6 42] (self : t_A'0) (_2 : t_A'0) : t_Ordering'0 - - - function eq_cmp'1 [#"../../../creusot-contracts/src/logic/ord.rs" 70 4 70 32] (x : t_A'0) (y : t_A'0) : () - - axiom eq_cmp'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord15] (x = y) = (cmp_log'1 x y = C_Equal'0) - - function antisym2'1 [#"../../../creusot-contracts/src/logic/ord.rs" 66 4 66 34] (x : t_A'0) (y : t_A'0) : () + use prelude.prelude.Int - axiom antisym2'1_spec : forall x : t_A'0, y : t_A'0 . ([%#sord13] cmp_log'1 x y = C_Greater'0) - -> ([%#sord14] cmp_log'1 y x = C_Less'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint32) (o : uint32) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - function antisym1'1 [#"../../../creusot-contracts/src/logic/ord.rs" 61 4 61 34] (x : t_A'0) (y : t_A'0) : () + goal refines : [%#sord0] forall x : uint32 . forall y : uint32 . cmp_log'0 x y = C_Less'0 + -> cmp_log'0 x y = C_Less'0 /\ (forall result : () . cmp_log'0 y x = C_Greater'0 -> cmp_log'0 y x = C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi11489483489418918928__trans__refines [#"../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - axiom antisym1'1_spec : forall x : t_A'0, y : t_A'0 . ([%#sord11] cmp_log'1 x y = C_Less'0) - -> ([%#sord12] cmp_log'1 y x = C_Greater'0) + use prelude.prelude.UInt64 - function trans'1 [#"../../../creusot-contracts/src/logic/ord.rs" 56 4 56 53] (x : t_A'0) (y : t_A'0) (z : t_A'0) (o : t_Ordering'0) : () - + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - axiom trans'1_spec : forall x : t_A'0, y : t_A'0, z : t_A'0, o : t_Ordering'0 . ([%#sord8] cmp_log'1 x y = o) - -> ([%#sord9] cmp_log'1 y z = o) -> ([%#sord10] cmp_log'1 x z = o) + use prelude.prelude.Int - function refl'1 [#"../../../creusot-contracts/src/logic/ord.rs" 50 4 50 21] (x : t_A'0) : () + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint64) (o : uint64) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - axiom refl'1_spec : forall x : t_A'0 . [%#sord7] cmp_log'1 x x = C_Equal'0 + goal refines : [%#sord0] forall x : uint64 . forall y : uint64 . forall z : uint64 . forall o : t_Ordering'0 . cmp_log'0 y z + = o + /\ cmp_log'0 x y = o + -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) +end +module M_creusot_contracts__logic__ord__qyi11489483489418918928__eq_cmp__refines [#"../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - function gt_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 40 4 40 36] (self : t_A'0) (o : t_A'0) : bool + use prelude.prelude.UInt64 - function cmp_gt_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (x : t_A'0) (y : t_A'0) : () + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - axiom cmp_gt_log'2_spec : forall x : t_A'0, y : t_A'0 . [%#sord6] gt_log'2 x y = (cmp_log'1 x y = C_Greater'0) + use prelude.prelude.Int - function ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (self : t_A'0) (o : t_A'0) : bool + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint64) (o : uint64) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - function cmp_ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 36 4 36 36] (x : t_A'0) (y : t_A'0) : () + goal refines : [%#sord0] forall x : uint64 . forall y : uint64 . forall result : () . (x = y) + = (cmp_log'0 x y = C_Equal'0) -> (x = y) = (cmp_log'0 x y = C_Equal'0) +end +module M_creusot_contracts__logic__ord__qyi11489483489418918928__antisym1__refines [#"../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - axiom cmp_ge_log'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord5] ge_log'1 x y = (cmp_log'1 x y <> C_Less'0) + use prelude.prelude.UInt64 - function lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 20 4 20 36] (self : t_A'0) (o : t_A'0) : bool + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function cmp_lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 26 4 26 36] (x : t_A'0) (y : t_A'0) : () + use prelude.prelude.Int - axiom cmp_lt_log'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord4] lt_log'1 x y = (cmp_log'1 x y = C_Less'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint64) (o : uint64) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - function le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 10 4 10 36] (self : t_A'0) (o : t_A'0) : bool + goal refines : [%#sord0] forall x : uint64 . forall y : uint64 . cmp_log'0 x y = C_Less'0 + -> cmp_log'0 x y = C_Less'0 /\ (forall result : () . cmp_log'0 y x = C_Greater'0 -> cmp_log'0 y x = C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi11489483489418918928__refl__refines [#"../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - function cmp_le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 16 4 16 36] (x : t_A'0) (y : t_A'0) : () + use prelude.prelude.UInt64 - axiom cmp_le_log'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord3] le_log'1 x y = (cmp_log'1 x y <> C_Greater'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 242 4 242 36] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : bool - - = - [%#sord1] (let (a, _) = self in a) = (let (a, _) = o in a) - /\ gt_log'1 (let (_, a) = self in a) (let (_, a) = o in a) - \/ gt_log'2 (let (a, _) = self in a) (let (a, _) = o in a) + use prelude.prelude.Int - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 211 4 211 41] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint64) (o : uint64) : t_Ordering'0 = - [%#sord2] let r = cmp_log'1 (let (a, _) = self in a) (let (a, _) = o in a) in if r = C_Equal'0 then - cmp_log'2 (let (_, a) = self in a) (let (_, a) = o in a) - else - r - + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : (t_A'0, t_B'0) . forall y : (t_A'0, t_B'0) . forall result : () . gt_log'0 x y - = (cmp_log'0 x y = C_Greater'0) -> gt_log'0 x y = (cmp_log'0 x y = C_Greater'0) + goal refines : [%#sord0] forall x : uint64 . forall result : () . cmp_log'0 x x = C_Equal'0 + -> cmp_log'0 x x = C_Equal'0 end -module M_creusot_contracts__logic__ord__qyi1910662420989811789__cmp_ge_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (* <(A, B) as logic::ord::OrdLogic> *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 237 20 237 68 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 212 8 219 11 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 15 14 15 64 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 25 14 25 61 - let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 35 14 35 61 - let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 45 14 45 64 - let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 49 14 49 45 - let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 53 15 53 32 - let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 54 15 54 32 - let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 55 14 55 31 - let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 59 15 59 45 - let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 60 14 60 47 - let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 64 15 64 48 - let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 65 14 65 44 - let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 69 14 69 59 +module M_creusot_contracts__logic__ord__qyi11489483489418918928__cmp_le_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - type t_A'0 + use prelude.prelude.UInt64 - type t_B'0 + use prelude.prelude.Int type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 6 4 6 42] (self : t_B'0) (_2 : t_B'0) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint64) (o : uint64) : t_Ordering'0 + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 70 4 70 32] (x : t_B'0) (y : t_B'0) : () - - axiom eq_cmp'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord15] (x = y) = (cmp_log'2 x y = C_Equal'0) - - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 66 4 66 34] (x : t_B'0) (y : t_B'0) : () + goal refines : [%#sord0] forall x : uint64 . forall y : uint64 . forall result : () . (x <= y) + = (cmp_log'0 x y <> C_Greater'0) -> (x <= y) = (cmp_log'0 x y <> C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi11489483489418918928__cmp_ge_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - axiom antisym2'0_spec : forall x : t_B'0, y : t_B'0 . ([%#sord13] cmp_log'2 x y = C_Greater'0) - -> ([%#sord14] cmp_log'2 y x = C_Less'0) + use prelude.prelude.UInt64 - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 61 4 61 34] (x : t_B'0) (y : t_B'0) : () + use prelude.prelude.Int - axiom antisym1'0_spec : forall x : t_B'0, y : t_B'0 . ([%#sord11] cmp_log'2 x y = C_Less'0) - -> ([%#sord12] cmp_log'2 y x = C_Greater'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 56 4 56 53] (x : t_B'0) (y : t_B'0) (z : t_B'0) (o : t_Ordering'0) : () + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint64) (o : uint64) : t_Ordering'0 + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - axiom trans'0_spec : forall x : t_B'0, y : t_B'0, z : t_B'0, o : t_Ordering'0 . ([%#sord8] cmp_log'2 x y = o) - -> ([%#sord9] cmp_log'2 y z = o) -> ([%#sord10] cmp_log'2 x z = o) - - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 50 4 50 21] (x : t_B'0) : () + goal refines : [%#sord0] forall x : uint64 . forall y : uint64 . forall result : () . (x >= y) + = (cmp_log'0 x y <> C_Less'0) -> (x >= y) = (cmp_log'0 x y <> C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi11489483489418918928__antisym2__refines [#"../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - axiom refl'0_spec : forall x : t_B'0 . [%#sord7] cmp_log'2 x x = C_Equal'0 + use prelude.prelude.UInt64 - function gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 40 4 40 36] (self : t_B'0) (o : t_B'0) : bool + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (x : t_B'0) (y : t_B'0) : () + use prelude.prelude.Int - axiom cmp_gt_log'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord6] gt_log'1 x y = (cmp_log'2 x y = C_Greater'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint64) (o : uint64) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - function ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (self : t_B'0) (o : t_B'0) : bool + goal refines : [%#sord0] forall x : uint64 . forall y : uint64 . cmp_log'0 x y = C_Greater'0 + -> cmp_log'0 x y = C_Greater'0 /\ (forall result : () . cmp_log'0 y x = C_Less'0 -> cmp_log'0 y x = C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi11489483489418918928__cmp_gt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - function cmp_ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 36 4 36 36] (x : t_B'0) (y : t_B'0) : () + use prelude.prelude.UInt64 - axiom cmp_ge_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord5] ge_log'1 x y = (cmp_log'2 x y <> C_Less'0) + use prelude.prelude.Int - function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 20 4 20 36] (self : t_B'0) (o : t_B'0) : bool + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 26 4 26 36] (x : t_B'0) (y : t_B'0) : () + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint64) (o : uint64) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - axiom cmp_lt_log'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord4] lt_log'0 x y = (cmp_log'2 x y = C_Less'0) + goal refines : [%#sord0] forall x : uint64 . forall y : uint64 . forall result : () . (x > y) + = (cmp_log'0 x y = C_Greater'0) -> (x > y) = (cmp_log'0 x y = C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi11489483489418918928__cmp_lt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 10 4 10 36] (self : t_B'0) (o : t_B'0) : bool + use prelude.prelude.UInt64 - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 16 4 16 36] (x : t_B'0) (y : t_B'0) : () + use prelude.prelude.Int - axiom cmp_le_log'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord3] le_log'0 x y = (cmp_log'2 x y <> C_Greater'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 6 4 6 42] (self : t_A'0) (_2 : t_A'0) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint64) (o : uint64) : t_Ordering'0 + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - function eq_cmp'1 [#"../../../creusot-contracts/src/logic/ord.rs" 70 4 70 32] (x : t_A'0) (y : t_A'0) : () - - axiom eq_cmp'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord15] (x = y) = (cmp_log'1 x y = C_Equal'0) - - function antisym2'1 [#"../../../creusot-contracts/src/logic/ord.rs" 66 4 66 34] (x : t_A'0) (y : t_A'0) : () + goal refines : [%#sord0] forall x : uint64 . forall y : uint64 . forall result : () . (x < y) + = (cmp_log'0 x y = C_Less'0) -> (x < y) = (cmp_log'0 x y = C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi13757098721041279861__antisym2__refines [#"../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - axiom antisym2'1_spec : forall x : t_A'0, y : t_A'0 . ([%#sord13] cmp_log'1 x y = C_Greater'0) - -> ([%#sord14] cmp_log'1 y x = C_Less'0) + use prelude.prelude.UInt128 - function antisym1'1 [#"../../../creusot-contracts/src/logic/ord.rs" 61 4 61 34] (x : t_A'0) (y : t_A'0) : () + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - axiom antisym1'1_spec : forall x : t_A'0, y : t_A'0 . ([%#sord11] cmp_log'1 x y = C_Less'0) - -> ([%#sord12] cmp_log'1 y x = C_Greater'0) + use prelude.prelude.Int - function trans'1 [#"../../../creusot-contracts/src/logic/ord.rs" 56 4 56 53] (x : t_A'0) (y : t_A'0) (z : t_A'0) (o : t_Ordering'0) : () + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint128) (o : uint128) : t_Ordering'0 + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - axiom trans'1_spec : forall x : t_A'0, y : t_A'0, z : t_A'0, o : t_Ordering'0 . ([%#sord8] cmp_log'1 x y = o) - -> ([%#sord9] cmp_log'1 y z = o) -> ([%#sord10] cmp_log'1 x z = o) - - function refl'1 [#"../../../creusot-contracts/src/logic/ord.rs" 50 4 50 21] (x : t_A'0) : () - - axiom refl'1_spec : forall x : t_A'0 . [%#sord7] cmp_log'1 x x = C_Equal'0 + goal refines : [%#sord0] forall x : uint128 . forall y : uint128 . cmp_log'0 x y = C_Greater'0 + -> cmp_log'0 x y = C_Greater'0 /\ (forall result : () . cmp_log'0 y x = C_Less'0 -> cmp_log'0 y x = C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi13757098721041279861__cmp_le_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 40 4 40 36] (self : t_A'0) (o : t_A'0) : bool + use prelude.prelude.UInt128 - function cmp_gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (x : t_A'0) (y : t_A'0) : () + use prelude.prelude.Int - axiom cmp_gt_log'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord6] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function ge_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (self : t_A'0) (o : t_A'0) : bool + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint128) (o : uint128) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - function cmp_ge_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 36 4 36 36] (x : t_A'0) (y : t_A'0) : () + goal refines : [%#sord0] forall x : uint128 . forall y : uint128 . forall result : () . (x <= y) + = (cmp_log'0 x y <> C_Greater'0) -> (x <= y) = (cmp_log'0 x y <> C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi13757098721041279861__antisym1__refines [#"../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - axiom cmp_ge_log'2_spec : forall x : t_A'0, y : t_A'0 . [%#sord5] ge_log'2 x y = (cmp_log'1 x y <> C_Less'0) + use prelude.prelude.UInt128 - function lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 20 4 20 36] (self : t_A'0) (o : t_A'0) : bool + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function cmp_lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 26 4 26 36] (x : t_A'0) (y : t_A'0) : () + use prelude.prelude.Int - axiom cmp_lt_log'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord4] lt_log'1 x y = (cmp_log'1 x y = C_Less'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint128) (o : uint128) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - function le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 10 4 10 36] (self : t_A'0) (o : t_A'0) : bool + goal refines : [%#sord0] forall x : uint128 . forall y : uint128 . cmp_log'0 x y = C_Less'0 + -> cmp_log'0 x y = C_Less'0 /\ (forall result : () . cmp_log'0 y x = C_Greater'0 -> cmp_log'0 y x = C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi13757098721041279861__trans__refines [#"../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - function cmp_le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 16 4 16 36] (x : t_A'0) (y : t_A'0) : () + use prelude.prelude.UInt128 - axiom cmp_le_log'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord3] le_log'1 x y = (cmp_log'1 x y <> C_Greater'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 236 4 236 36] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : bool - - = - [%#sord1] (let (a, _) = self in a) = (let (a, _) = o in a) - /\ ge_log'1 (let (_, a) = self in a) (let (_, a) = o in a) - \/ gt_log'0 (let (a, _) = self in a) (let (a, _) = o in a) + use prelude.prelude.Int - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 211 4 211 41] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint128) (o : uint128) : t_Ordering'0 = - [%#sord2] let r = cmp_log'1 (let (a, _) = self in a) (let (a, _) = o in a) in if r = C_Equal'0 then - cmp_log'2 (let (_, a) = self in a) (let (_, a) = o in a) - else - r - + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : (t_A'0, t_B'0) . forall y : (t_A'0, t_B'0) . forall result : () . ge_log'0 x y - = (cmp_log'0 x y <> C_Less'0) -> ge_log'0 x y = (cmp_log'0 x y <> C_Less'0) + goal refines : [%#sord0] forall x : uint128 . forall y : uint128 . forall z : uint128 . forall o : t_Ordering'0 . cmp_log'0 y z + = o + /\ cmp_log'0 x y = o + -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) end -module M_creusot_contracts__logic__ord__qyi1910662420989811789__antisym2__refines [#"../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37] (* <(A, B) as logic::ord::OrdLogic> *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 212 8 219 11 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 15 14 15 64 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 25 14 25 61 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 35 14 35 61 - let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 45 14 45 64 - let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 49 14 49 45 - let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 53 15 53 32 - let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 54 15 54 32 - let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 55 14 55 31 - let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 59 15 59 45 - let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 60 14 60 47 - let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 64 15 64 48 - let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 65 14 65 44 - let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 69 14 69 59 - - type t_A'0 +module M_creusot_contracts__logic__ord__qyi13757098721041279861__refl__refines [#"../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - type t_B'0 + use prelude.prelude.UInt128 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 6 4 6 42] (self : t_A'0) (_2 : t_A'0) : t_Ordering'0 - - - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 70 4 70 32] (x : t_A'0) (y : t_A'0) : () + use prelude.prelude.Int - axiom eq_cmp'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord14] (x = y) = (cmp_log'1 x y = C_Equal'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint128) (o : uint128) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - function antisym2'1 [#"../../../creusot-contracts/src/logic/ord.rs" 66 4 66 34] (x : t_A'0) (y : t_A'0) : () + goal refines : [%#sord0] forall x : uint128 . forall result : () . cmp_log'0 x x = C_Equal'0 + -> cmp_log'0 x x = C_Equal'0 +end +module M_creusot_contracts__logic__ord__qyi13757098721041279861__cmp_ge_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - axiom antisym2'1_spec : forall x : t_A'0, y : t_A'0 . ([%#sord12] cmp_log'1 x y = C_Greater'0) - -> ([%#sord13] cmp_log'1 y x = C_Less'0) + use prelude.prelude.UInt128 - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 61 4 61 34] (x : t_A'0) (y : t_A'0) : () + use prelude.prelude.Int - axiom antisym1'0_spec : forall x : t_A'0, y : t_A'0 . ([%#sord10] cmp_log'1 x y = C_Less'0) - -> ([%#sord11] cmp_log'1 y x = C_Greater'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 56 4 56 53] (x : t_A'0) (y : t_A'0) (z : t_A'0) (o : t_Ordering'0) : () + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint128) (o : uint128) : t_Ordering'0 + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - axiom trans'0_spec : forall x : t_A'0, y : t_A'0, z : t_A'0, o : t_Ordering'0 . ([%#sord7] cmp_log'1 x y = o) - -> ([%#sord8] cmp_log'1 y z = o) -> ([%#sord9] cmp_log'1 x z = o) - - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 50 4 50 21] (x : t_A'0) : () + goal refines : [%#sord0] forall x : uint128 . forall y : uint128 . forall result : () . (x >= y) + = (cmp_log'0 x y <> C_Less'0) -> (x >= y) = (cmp_log'0 x y <> C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi13757098721041279861__eq_cmp__refines [#"../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - axiom refl'0_spec : forall x : t_A'0 . [%#sord6] cmp_log'1 x x = C_Equal'0 + use prelude.prelude.UInt128 - function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 40 4 40 36] (self : t_A'0) (o : t_A'0) : bool + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (x : t_A'0) (y : t_A'0) : () + use prelude.prelude.Int - axiom cmp_gt_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord5] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint128) (o : uint128) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (self : t_A'0) (o : t_A'0) : bool + goal refines : [%#sord0] forall x : uint128 . forall y : uint128 . forall result : () . (x = y) + = (cmp_log'0 x y = C_Equal'0) -> (x = y) = (cmp_log'0 x y = C_Equal'0) +end +module M_creusot_contracts__logic__ord__qyi13757098721041279861__cmp_gt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 36 4 36 36] (x : t_A'0) (y : t_A'0) : () + use prelude.prelude.UInt128 - axiom cmp_ge_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord4] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) + use prelude.prelude.Int - function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 20 4 20 36] (self : t_A'0) (o : t_A'0) : bool + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 26 4 26 36] (x : t_A'0) (y : t_A'0) : () + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint128) (o : uint128) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - axiom cmp_lt_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord3] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) + goal refines : [%#sord0] forall x : uint128 . forall y : uint128 . forall result : () . (x > y) + = (cmp_log'0 x y = C_Greater'0) -> (x > y) = (cmp_log'0 x y = C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi13757098721041279861__cmp_lt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 10 4 10 36] (self : t_A'0) (o : t_A'0) : bool + use prelude.prelude.UInt128 - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 16 4 16 36] (x : t_A'0) (y : t_A'0) : () + use prelude.prelude.Int - axiom cmp_le_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord2] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function cmp_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 6 4 6 42] (self : t_B'0) (_2 : t_B'0) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint128) (o : uint128) : t_Ordering'0 + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - function eq_cmp'1 [#"../../../creusot-contracts/src/logic/ord.rs" 70 4 70 32] (x : t_B'0) (y : t_B'0) : () - - axiom eq_cmp'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord14] (x = y) = (cmp_log'2 x y = C_Equal'0) - - function antisym2'2 [#"../../../creusot-contracts/src/logic/ord.rs" 66 4 66 34] (x : t_B'0) (y : t_B'0) : () + goal refines : [%#sord0] forall x : uint128 . forall y : uint128 . forall result : () . (x < y) + = (cmp_log'0 x y = C_Less'0) -> (x < y) = (cmp_log'0 x y = C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi8186105652185060096__antisym1__refines [#"../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - axiom antisym2'2_spec : forall x : t_B'0, y : t_B'0 . ([%#sord12] cmp_log'2 x y = C_Greater'0) - -> ([%#sord13] cmp_log'2 y x = C_Less'0) + use prelude.prelude.UIntSize - function antisym1'1 [#"../../../creusot-contracts/src/logic/ord.rs" 61 4 61 34] (x : t_B'0) (y : t_B'0) : () + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - axiom antisym1'1_spec : forall x : t_B'0, y : t_B'0 . ([%#sord10] cmp_log'2 x y = C_Less'0) - -> ([%#sord11] cmp_log'2 y x = C_Greater'0) + use prelude.prelude.Int - function trans'1 [#"../../../creusot-contracts/src/logic/ord.rs" 56 4 56 53] (x : t_B'0) (y : t_B'0) (z : t_B'0) (o : t_Ordering'0) : () + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : usize) (o : usize) : t_Ordering'0 + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - axiom trans'1_spec : forall x : t_B'0, y : t_B'0, z : t_B'0, o : t_Ordering'0 . ([%#sord7] cmp_log'2 x y = o) - -> ([%#sord8] cmp_log'2 y z = o) -> ([%#sord9] cmp_log'2 x z = o) - - function refl'1 [#"../../../creusot-contracts/src/logic/ord.rs" 50 4 50 21] (x : t_B'0) : () + goal refines : [%#sord0] forall x : usize . forall y : usize . cmp_log'0 x y = C_Less'0 + -> cmp_log'0 x y = C_Less'0 /\ (forall result : () . cmp_log'0 y x = C_Greater'0 -> cmp_log'0 y x = C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi8186105652185060096__cmp_ge_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - axiom refl'1_spec : forall x : t_B'0 . [%#sord6] cmp_log'2 x x = C_Equal'0 + use prelude.prelude.UIntSize - function gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 40 4 40 36] (self : t_B'0) (o : t_B'0) : bool + use prelude.prelude.Int - function cmp_gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (x : t_B'0) (y : t_B'0) : () + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - axiom cmp_gt_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord5] gt_log'1 x y = (cmp_log'2 x y = C_Greater'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : usize) (o : usize) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - function ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (self : t_B'0) (o : t_B'0) : bool + goal refines : [%#sord0] forall x : usize . forall y : usize . forall result : () . (x >= y) + = (cmp_log'0 x y <> C_Less'0) -> (x >= y) = (cmp_log'0 x y <> C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi8186105652185060096__cmp_le_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - function cmp_ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 36 4 36 36] (x : t_B'0) (y : t_B'0) : () + use prelude.prelude.UIntSize - axiom cmp_ge_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord4] ge_log'1 x y = (cmp_log'2 x y <> C_Less'0) + use prelude.prelude.Int - function lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 20 4 20 36] (self : t_B'0) (o : t_B'0) : bool + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function cmp_lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 26 4 26 36] (x : t_B'0) (y : t_B'0) : () + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : usize) (o : usize) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - axiom cmp_lt_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord3] lt_log'1 x y = (cmp_log'2 x y = C_Less'0) + goal refines : [%#sord0] forall x : usize . forall y : usize . forall result : () . (x <= y) + = (cmp_log'0 x y <> C_Greater'0) -> (x <= y) = (cmp_log'0 x y <> C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi8186105652185060096__cmp_lt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - function le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 10 4 10 36] (self : t_B'0) (o : t_B'0) : bool + use prelude.prelude.UIntSize - function cmp_le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 16 4 16 36] (x : t_B'0) (y : t_B'0) : () + use prelude.prelude.Int - axiom cmp_le_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord2] le_log'1 x y = (cmp_log'2 x y <> C_Greater'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 211 4 211 41] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : usize) (o : usize) : t_Ordering'0 = - [%#sord1] let r = cmp_log'1 (let (a, _) = self in a) (let (a, _) = o in a) in if r = C_Equal'0 then - cmp_log'2 (let (_, a) = self in a) (let (_, a) = o in a) - else - r - + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : (t_A'0, t_B'0) . forall y : (t_A'0, t_B'0) . cmp_log'0 x y = C_Greater'0 - -> cmp_log'0 x y = C_Greater'0 /\ (forall result : () . cmp_log'0 y x = C_Less'0 -> cmp_log'0 y x = C_Less'0) + goal refines : [%#sord0] forall x : usize . forall y : usize . forall result : () . (x < y) + = (cmp_log'0 x y = C_Less'0) -> (x < y) = (cmp_log'0 x y = C_Less'0) end -module M_creusot_contracts__logic__ord__qyi1910662420989811789__eq_cmp__refines [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (* <(A, B) as logic::ord::OrdLogic> *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 212 8 219 11 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 15 14 15 64 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 25 14 25 61 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 35 14 35 61 - let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 45 14 45 64 - let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 49 14 49 45 - let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 53 15 53 32 - let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 54 15 54 32 - let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 55 14 55 31 - let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 59 15 59 45 - let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 60 14 60 47 - let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 64 15 64 48 - let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 65 14 65 44 - let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 69 14 69 59 +module M_creusot_contracts__logic__ord__qyi8186105652185060096__cmp_gt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - type t_A'0 + use prelude.prelude.UIntSize - type t_B'0 + use prelude.prelude.Int type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 6 4 6 42] (self : t_A'0) (_2 : t_A'0) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : usize) (o : usize) : t_Ordering'0 + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - function eq_cmp'1 [#"../../../creusot-contracts/src/logic/ord.rs" 70 4 70 32] (x : t_A'0) (y : t_A'0) : () + goal refines : [%#sord0] forall x : usize . forall y : usize . forall result : () . (x > y) + = (cmp_log'0 x y = C_Greater'0) -> (x > y) = (cmp_log'0 x y = C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi8186105652185060096__trans__refines [#"../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - axiom eq_cmp'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord14] (x = y) = (cmp_log'1 x y = C_Equal'0) + use prelude.prelude.UIntSize - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 66 4 66 34] (x : t_A'0) (y : t_A'0) : () + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - axiom antisym2'0_spec : forall x : t_A'0, y : t_A'0 . ([%#sord12] cmp_log'1 x y = C_Greater'0) - -> ([%#sord13] cmp_log'1 y x = C_Less'0) + use prelude.prelude.Int - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 61 4 61 34] (x : t_A'0) (y : t_A'0) : () + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : usize) (o : usize) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - axiom antisym1'0_spec : forall x : t_A'0, y : t_A'0 . ([%#sord10] cmp_log'1 x y = C_Less'0) - -> ([%#sord11] cmp_log'1 y x = C_Greater'0) + goal refines : [%#sord0] forall x : usize . forall y : usize . forall z : usize . forall o : t_Ordering'0 . cmp_log'0 y z + = o + /\ cmp_log'0 x y = o + -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) +end +module M_creusot_contracts__logic__ord__qyi8186105652185060096__eq_cmp__refines [#"../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 56 4 56 53] (x : t_A'0) (y : t_A'0) (z : t_A'0) (o : t_Ordering'0) : () - + use prelude.prelude.UIntSize - axiom trans'0_spec : forall x : t_A'0, y : t_A'0, z : t_A'0, o : t_Ordering'0 . ([%#sord7] cmp_log'1 x y = o) - -> ([%#sord8] cmp_log'1 y z = o) -> ([%#sord9] cmp_log'1 x z = o) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 50 4 50 21] (x : t_A'0) : () + use prelude.prelude.Int - axiom refl'0_spec : forall x : t_A'0 . [%#sord6] cmp_log'1 x x = C_Equal'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : usize) (o : usize) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 40 4 40 36] (self : t_A'0) (o : t_A'0) : bool + goal refines : [%#sord0] forall x : usize . forall y : usize . forall result : () . (x = y) + = (cmp_log'0 x y = C_Equal'0) -> (x = y) = (cmp_log'0 x y = C_Equal'0) +end +module M_creusot_contracts__logic__ord__qyi8186105652185060096__antisym2__refines [#"../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (x : t_A'0) (y : t_A'0) : () + use prelude.prelude.UIntSize - axiom cmp_gt_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord5] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (self : t_A'0) (o : t_A'0) : bool + use prelude.prelude.Int - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 36 4 36 36] (x : t_A'0) (y : t_A'0) : () + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : usize) (o : usize) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - axiom cmp_ge_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord4] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) + goal refines : [%#sord0] forall x : usize . forall y : usize . cmp_log'0 x y = C_Greater'0 + -> cmp_log'0 x y = C_Greater'0 /\ (forall result : () . cmp_log'0 y x = C_Less'0 -> cmp_log'0 y x = C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi8186105652185060096__refl__refines [#"../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 20 4 20 36] (self : t_A'0) (o : t_A'0) : bool + use prelude.prelude.UIntSize - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 26 4 26 36] (x : t_A'0) (y : t_A'0) : () + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - axiom cmp_lt_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord3] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) + use prelude.prelude.Int - function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 10 4 10 36] (self : t_A'0) (o : t_A'0) : bool + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : usize) (o : usize) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 16 4 16 36] (x : t_A'0) (y : t_A'0) : () + goal refines : [%#sord0] forall x : usize . forall result : () . cmp_log'0 x x = C_Equal'0 + -> cmp_log'0 x x = C_Equal'0 +end +module M_creusot_contracts__logic__ord__qyi18413678402769648790__cmp_lt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - axiom cmp_le_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord2] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) + use prelude.prelude.Int8 - function cmp_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 6 4 6 42] (self : t_B'0) (_2 : t_B'0) : t_Ordering'0 - + use prelude.prelude.Int - function eq_cmp'2 [#"../../../creusot-contracts/src/logic/ord.rs" 70 4 70 32] (x : t_B'0) (y : t_B'0) : () + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - axiom eq_cmp'2_spec : forall x : t_B'0, y : t_B'0 . [%#sord14] (x = y) = (cmp_log'2 x y = C_Equal'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int8) (o : int8) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - function antisym2'1 [#"../../../creusot-contracts/src/logic/ord.rs" 66 4 66 34] (x : t_B'0) (y : t_B'0) : () + goal refines : [%#sord0] forall x : int8 . forall y : int8 . forall result : () . (x < y) = (cmp_log'0 x y = C_Less'0) + -> (x < y) = (cmp_log'0 x y = C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi18413678402769648790__cmp_ge_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - axiom antisym2'1_spec : forall x : t_B'0, y : t_B'0 . ([%#sord12] cmp_log'2 x y = C_Greater'0) - -> ([%#sord13] cmp_log'2 y x = C_Less'0) + use prelude.prelude.Int8 - function antisym1'1 [#"../../../creusot-contracts/src/logic/ord.rs" 61 4 61 34] (x : t_B'0) (y : t_B'0) : () + use prelude.prelude.Int - axiom antisym1'1_spec : forall x : t_B'0, y : t_B'0 . ([%#sord10] cmp_log'2 x y = C_Less'0) - -> ([%#sord11] cmp_log'2 y x = C_Greater'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function trans'1 [#"../../../creusot-contracts/src/logic/ord.rs" 56 4 56 53] (x : t_B'0) (y : t_B'0) (z : t_B'0) (o : t_Ordering'0) : () + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int8) (o : int8) : t_Ordering'0 + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - axiom trans'1_spec : forall x : t_B'0, y : t_B'0, z : t_B'0, o : t_Ordering'0 . ([%#sord7] cmp_log'2 x y = o) - -> ([%#sord8] cmp_log'2 y z = o) -> ([%#sord9] cmp_log'2 x z = o) - - function refl'1 [#"../../../creusot-contracts/src/logic/ord.rs" 50 4 50 21] (x : t_B'0) : () + goal refines : [%#sord0] forall x : int8 . forall y : int8 . forall result : () . (x >= y) + = (cmp_log'0 x y <> C_Less'0) -> (x >= y) = (cmp_log'0 x y <> C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi18413678402769648790__trans__refines [#"../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - axiom refl'1_spec : forall x : t_B'0 . [%#sord6] cmp_log'2 x x = C_Equal'0 + use prelude.prelude.Int8 - function gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 40 4 40 36] (self : t_B'0) (o : t_B'0) : bool + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function cmp_gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (x : t_B'0) (y : t_B'0) : () + use prelude.prelude.Int - axiom cmp_gt_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord5] gt_log'1 x y = (cmp_log'2 x y = C_Greater'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int8) (o : int8) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - function ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (self : t_B'0) (o : t_B'0) : bool + goal refines : [%#sord0] forall x : int8 . forall y : int8 . forall z : int8 . forall o : t_Ordering'0 . cmp_log'0 y z + = o + /\ cmp_log'0 x y = o + -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) +end +module M_creusot_contracts__logic__ord__qyi18413678402769648790__refl__refines [#"../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - function cmp_ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 36 4 36 36] (x : t_B'0) (y : t_B'0) : () + use prelude.prelude.Int8 - axiom cmp_ge_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord4] ge_log'1 x y = (cmp_log'2 x y <> C_Less'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 20 4 20 36] (self : t_B'0) (o : t_B'0) : bool + use prelude.prelude.Int - function cmp_lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 26 4 26 36] (x : t_B'0) (y : t_B'0) : () + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int8) (o : int8) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - axiom cmp_lt_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord3] lt_log'1 x y = (cmp_log'2 x y = C_Less'0) + goal refines : [%#sord0] forall x : int8 . forall result : () . cmp_log'0 x x = C_Equal'0 + -> cmp_log'0 x x = C_Equal'0 +end +module M_creusot_contracts__logic__ord__qyi18413678402769648790__antisym1__refines [#"../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - function le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 10 4 10 36] (self : t_B'0) (o : t_B'0) : bool + use prelude.prelude.Int8 - function cmp_le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 16 4 16 36] (x : t_B'0) (y : t_B'0) : () + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - axiom cmp_le_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord2] le_log'1 x y = (cmp_log'2 x y <> C_Greater'0) + use prelude.prelude.Int - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 211 4 211 41] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int8) (o : int8) : t_Ordering'0 = - [%#sord1] let r = cmp_log'1 (let (a, _) = self in a) (let (a, _) = o in a) in if r = C_Equal'0 then - cmp_log'2 (let (_, a) = self in a) (let (_, a) = o in a) - else - r - + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : (t_A'0, t_B'0) . forall y : (t_A'0, t_B'0) . forall result : () . (x = y) - = (cmp_log'0 x y = C_Equal'0) -> (x = y) = (cmp_log'0 x y = C_Equal'0) + goal refines : [%#sord0] forall x : int8 . forall y : int8 . cmp_log'0 x y = C_Less'0 + -> cmp_log'0 x y = C_Less'0 /\ (forall result : () . cmp_log'0 y x = C_Greater'0 -> cmp_log'0 y x = C_Greater'0) end -module M_creusot_contracts__logic__ord__qyi1910662420989811789__cmp_le_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (* <(A, B) as logic::ord::OrdLogic> *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 225 20 225 68 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 212 8 219 11 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 15 14 15 64 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 25 14 25 61 - let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 35 14 35 61 - let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 45 14 45 64 - let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 49 14 49 45 - let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 53 15 53 32 - let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 54 15 54 32 - let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 55 14 55 31 - let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 59 15 59 45 - let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 60 14 60 47 - let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 64 15 64 48 - let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 65 14 65 44 - let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 69 14 69 59 +module M_creusot_contracts__logic__ord__qyi18413678402769648790__cmp_gt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - type t_A'0 + use prelude.prelude.Int8 - type t_B'0 + use prelude.prelude.Int type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 6 4 6 42] (self : t_B'0) (_2 : t_B'0) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int8) (o : int8) : t_Ordering'0 + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 70 4 70 32] (x : t_B'0) (y : t_B'0) : () - - axiom eq_cmp'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord15] (x = y) = (cmp_log'2 x y = C_Equal'0) - - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 66 4 66 34] (x : t_B'0) (y : t_B'0) : () + goal refines : [%#sord0] forall x : int8 . forall y : int8 . forall result : () . (x > y) + = (cmp_log'0 x y = C_Greater'0) -> (x > y) = (cmp_log'0 x y = C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi18413678402769648790__eq_cmp__refines [#"../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - axiom antisym2'0_spec : forall x : t_B'0, y : t_B'0 . ([%#sord13] cmp_log'2 x y = C_Greater'0) - -> ([%#sord14] cmp_log'2 y x = C_Less'0) + use prelude.prelude.Int8 - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 61 4 61 34] (x : t_B'0) (y : t_B'0) : () + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - axiom antisym1'0_spec : forall x : t_B'0, y : t_B'0 . ([%#sord11] cmp_log'2 x y = C_Less'0) - -> ([%#sord12] cmp_log'2 y x = C_Greater'0) + use prelude.prelude.Int - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 56 4 56 53] (x : t_B'0) (y : t_B'0) (z : t_B'0) (o : t_Ordering'0) : () + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int8) (o : int8) : t_Ordering'0 + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - axiom trans'0_spec : forall x : t_B'0, y : t_B'0, z : t_B'0, o : t_Ordering'0 . ([%#sord8] cmp_log'2 x y = o) - -> ([%#sord9] cmp_log'2 y z = o) -> ([%#sord10] cmp_log'2 x z = o) - - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 50 4 50 21] (x : t_B'0) : () + goal refines : [%#sord0] forall x : int8 . forall y : int8 . forall result : () . (x = y) + = (cmp_log'0 x y = C_Equal'0) -> (x = y) = (cmp_log'0 x y = C_Equal'0) +end +module M_creusot_contracts__logic__ord__qyi18413678402769648790__antisym2__refines [#"../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - axiom refl'0_spec : forall x : t_B'0 . [%#sord7] cmp_log'2 x x = C_Equal'0 + use prelude.prelude.Int8 - function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 40 4 40 36] (self : t_B'0) (o : t_B'0) : bool + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (x : t_B'0) (y : t_B'0) : () + use prelude.prelude.Int - axiom cmp_gt_log'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord6] gt_log'0 x y = (cmp_log'2 x y = C_Greater'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int8) (o : int8) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (self : t_B'0) (o : t_B'0) : bool + goal refines : [%#sord0] forall x : int8 . forall y : int8 . cmp_log'0 x y = C_Greater'0 + -> cmp_log'0 x y = C_Greater'0 /\ (forall result : () . cmp_log'0 y x = C_Less'0 -> cmp_log'0 y x = C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi18413678402769648790__cmp_le_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 36 4 36 36] (x : t_B'0) (y : t_B'0) : () + use prelude.prelude.Int8 - axiom cmp_ge_log'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord5] ge_log'0 x y = (cmp_log'2 x y <> C_Less'0) + use prelude.prelude.Int - function lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 20 4 20 36] (self : t_B'0) (o : t_B'0) : bool + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 26 4 26 36] (x : t_B'0) (y : t_B'0) : () + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int8) (o : int8) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - axiom cmp_lt_log'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord4] lt_log'1 x y = (cmp_log'2 x y = C_Less'0) + goal refines : [%#sord0] forall x : int8 . forall y : int8 . forall result : () . (x <= y) + = (cmp_log'0 x y <> C_Greater'0) -> (x <= y) = (cmp_log'0 x y <> C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi8040194823849327911__cmp_ge_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - function le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 10 4 10 36] (self : t_B'0) (o : t_B'0) : bool + use prelude.prelude.Int16 - function cmp_le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 16 4 16 36] (x : t_B'0) (y : t_B'0) : () + use prelude.prelude.Int - axiom cmp_le_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord3] le_log'1 x y = (cmp_log'2 x y <> C_Greater'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 6 4 6 42] (self : t_A'0) (_2 : t_A'0) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int16) (o : int16) : t_Ordering'0 + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - function eq_cmp'1 [#"../../../creusot-contracts/src/logic/ord.rs" 70 4 70 32] (x : t_A'0) (y : t_A'0) : () - - axiom eq_cmp'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord15] (x = y) = (cmp_log'1 x y = C_Equal'0) - - function antisym2'1 [#"../../../creusot-contracts/src/logic/ord.rs" 66 4 66 34] (x : t_A'0) (y : t_A'0) : () + goal refines : [%#sord0] forall x : int16 . forall y : int16 . forall result : () . (x >= y) + = (cmp_log'0 x y <> C_Less'0) -> (x >= y) = (cmp_log'0 x y <> C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi8040194823849327911__trans__refines [#"../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - axiom antisym2'1_spec : forall x : t_A'0, y : t_A'0 . ([%#sord13] cmp_log'1 x y = C_Greater'0) - -> ([%#sord14] cmp_log'1 y x = C_Less'0) + use prelude.prelude.Int16 - function antisym1'1 [#"../../../creusot-contracts/src/logic/ord.rs" 61 4 61 34] (x : t_A'0) (y : t_A'0) : () + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - axiom antisym1'1_spec : forall x : t_A'0, y : t_A'0 . ([%#sord11] cmp_log'1 x y = C_Less'0) - -> ([%#sord12] cmp_log'1 y x = C_Greater'0) + use prelude.prelude.Int - function trans'1 [#"../../../creusot-contracts/src/logic/ord.rs" 56 4 56 53] (x : t_A'0) (y : t_A'0) (z : t_A'0) (o : t_Ordering'0) : () + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int16) (o : int16) : t_Ordering'0 + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - axiom trans'1_spec : forall x : t_A'0, y : t_A'0, z : t_A'0, o : t_Ordering'0 . ([%#sord8] cmp_log'1 x y = o) - -> ([%#sord9] cmp_log'1 y z = o) -> ([%#sord10] cmp_log'1 x z = o) - - function refl'1 [#"../../../creusot-contracts/src/logic/ord.rs" 50 4 50 21] (x : t_A'0) : () - - axiom refl'1_spec : forall x : t_A'0 . [%#sord7] cmp_log'1 x x = C_Equal'0 + goal refines : [%#sord0] forall x : int16 . forall y : int16 . forall z : int16 . forall o : t_Ordering'0 . cmp_log'0 y z + = o + /\ cmp_log'0 x y = o + -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) +end +module M_creusot_contracts__logic__ord__qyi8040194823849327911__cmp_le_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - function gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 40 4 40 36] (self : t_A'0) (o : t_A'0) : bool + use prelude.prelude.Int16 - function cmp_gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (x : t_A'0) (y : t_A'0) : () + use prelude.prelude.Int - axiom cmp_gt_log'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord6] gt_log'1 x y = (cmp_log'1 x y = C_Greater'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (self : t_A'0) (o : t_A'0) : bool + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int16) (o : int16) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - function cmp_ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 36 4 36 36] (x : t_A'0) (y : t_A'0) : () + goal refines : [%#sord0] forall x : int16 . forall y : int16 . forall result : () . (x <= y) + = (cmp_log'0 x y <> C_Greater'0) -> (x <= y) = (cmp_log'0 x y <> C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi8040194823849327911__refl__refines [#"../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - axiom cmp_ge_log'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord5] ge_log'1 x y = (cmp_log'1 x y <> C_Less'0) + use prelude.prelude.Int16 - function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 20 4 20 36] (self : t_A'0) (o : t_A'0) : bool + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function cmp_lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 26 4 26 36] (x : t_A'0) (y : t_A'0) : () + use prelude.prelude.Int - axiom cmp_lt_log'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord4] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int16) (o : int16) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - function le_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 10 4 10 36] (self : t_A'0) (o : t_A'0) : bool + goal refines : [%#sord0] forall x : int16 . forall result : () . cmp_log'0 x x = C_Equal'0 + -> cmp_log'0 x x = C_Equal'0 +end +module M_creusot_contracts__logic__ord__qyi8040194823849327911__eq_cmp__refines [#"../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - function cmp_le_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 16 4 16 36] (x : t_A'0) (y : t_A'0) : () + use prelude.prelude.Int16 - axiom cmp_le_log'2_spec : forall x : t_A'0, y : t_A'0 . [%#sord3] le_log'2 x y = (cmp_log'1 x y <> C_Greater'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 224 4 224 36] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : bool - - = - [%#sord1] (let (a, _) = self in a) = (let (a, _) = o in a) - /\ le_log'1 (let (_, a) = self in a) (let (_, a) = o in a) - \/ lt_log'0 (let (a, _) = self in a) (let (a, _) = o in a) + use prelude.prelude.Int - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 211 4 211 41] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int16) (o : int16) : t_Ordering'0 = - [%#sord2] let r = cmp_log'1 (let (a, _) = self in a) (let (a, _) = o in a) in if r = C_Equal'0 then - cmp_log'2 (let (_, a) = self in a) (let (_, a) = o in a) - else - r - + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : (t_A'0, t_B'0) . forall y : (t_A'0, t_B'0) . forall result : () . le_log'0 x y - = (cmp_log'0 x y <> C_Greater'0) -> le_log'0 x y = (cmp_log'0 x y <> C_Greater'0) + goal refines : [%#sord0] forall x : int16 . forall y : int16 . forall result : () . (x = y) + = (cmp_log'0 x y = C_Equal'0) -> (x = y) = (cmp_log'0 x y = C_Equal'0) end -module M_creusot_contracts__logic__ord__qyi1910662420989811789__refl__refines [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (* <(A, B) as logic::ord::OrdLogic> *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 212 8 219 11 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 15 14 15 64 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 25 14 25 61 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 35 14 35 61 - let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 45 14 45 64 - let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 49 14 49 45 - let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 53 15 53 32 - let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 54 15 54 32 - let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 55 14 55 31 - let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 59 15 59 45 - let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 60 14 60 47 - let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 64 15 64 48 - let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 65 14 65 44 - let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 69 14 69 59 +module M_creusot_contracts__logic__ord__qyi8040194823849327911__cmp_lt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - type t_A'0 + use prelude.prelude.Int16 - type t_B'0 + use prelude.prelude.Int type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 6 4 6 42] (self : t_A'0) (_2 : t_A'0) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int16) (o : int16) : t_Ordering'0 + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 70 4 70 32] (x : t_A'0) (y : t_A'0) : () - - axiom eq_cmp'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord14] (x = y) = (cmp_log'1 x y = C_Equal'0) - - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 66 4 66 34] (x : t_A'0) (y : t_A'0) : () + goal refines : [%#sord0] forall x : int16 . forall y : int16 . forall result : () . (x < y) + = (cmp_log'0 x y = C_Less'0) -> (x < y) = (cmp_log'0 x y = C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi8040194823849327911__antisym2__refines [#"../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - axiom antisym2'0_spec : forall x : t_A'0, y : t_A'0 . ([%#sord12] cmp_log'1 x y = C_Greater'0) - -> ([%#sord13] cmp_log'1 y x = C_Less'0) + use prelude.prelude.Int16 - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 61 4 61 34] (x : t_A'0) (y : t_A'0) : () + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - axiom antisym1'0_spec : forall x : t_A'0, y : t_A'0 . ([%#sord10] cmp_log'1 x y = C_Less'0) - -> ([%#sord11] cmp_log'1 y x = C_Greater'0) + use prelude.prelude.Int - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 56 4 56 53] (x : t_A'0) (y : t_A'0) (z : t_A'0) (o : t_Ordering'0) : () + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int16) (o : int16) : t_Ordering'0 + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - axiom trans'0_spec : forall x : t_A'0, y : t_A'0, z : t_A'0, o : t_Ordering'0 . ([%#sord7] cmp_log'1 x y = o) - -> ([%#sord8] cmp_log'1 y z = o) -> ([%#sord9] cmp_log'1 x z = o) - - function refl'1 [#"../../../creusot-contracts/src/logic/ord.rs" 50 4 50 21] (x : t_A'0) : () - - axiom refl'1_spec : forall x : t_A'0 . [%#sord6] cmp_log'1 x x = C_Equal'0 - - function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 40 4 40 36] (self : t_A'0) (o : t_A'0) : bool - - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (x : t_A'0) (y : t_A'0) : () - - axiom cmp_gt_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord5] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) - - function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (self : t_A'0) (o : t_A'0) : bool + goal refines : [%#sord0] forall x : int16 . forall y : int16 . cmp_log'0 x y = C_Greater'0 + -> cmp_log'0 x y = C_Greater'0 /\ (forall result : () . cmp_log'0 y x = C_Less'0 -> cmp_log'0 y x = C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi8040194823849327911__cmp_gt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 36 4 36 36] (x : t_A'0) (y : t_A'0) : () + use prelude.prelude.Int16 - axiom cmp_ge_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord4] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) + use prelude.prelude.Int - function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 20 4 20 36] (self : t_A'0) (o : t_A'0) : bool + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 26 4 26 36] (x : t_A'0) (y : t_A'0) : () + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int16) (o : int16) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - axiom cmp_lt_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord3] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) + goal refines : [%#sord0] forall x : int16 . forall y : int16 . forall result : () . (x > y) + = (cmp_log'0 x y = C_Greater'0) -> (x > y) = (cmp_log'0 x y = C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi8040194823849327911__antisym1__refines [#"../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 10 4 10 36] (self : t_A'0) (o : t_A'0) : bool + use prelude.prelude.Int16 - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 16 4 16 36] (x : t_A'0) (y : t_A'0) : () + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - axiom cmp_le_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord2] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) + use prelude.prelude.Int - function cmp_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 6 4 6 42] (self : t_B'0) (_2 : t_B'0) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int16) (o : int16) : t_Ordering'0 + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - function eq_cmp'1 [#"../../../creusot-contracts/src/logic/ord.rs" 70 4 70 32] (x : t_B'0) (y : t_B'0) : () - - axiom eq_cmp'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord14] (x = y) = (cmp_log'2 x y = C_Equal'0) - - function antisym2'1 [#"../../../creusot-contracts/src/logic/ord.rs" 66 4 66 34] (x : t_B'0) (y : t_B'0) : () + goal refines : [%#sord0] forall x : int16 . forall y : int16 . cmp_log'0 x y = C_Less'0 + -> cmp_log'0 x y = C_Less'0 /\ (forall result : () . cmp_log'0 y x = C_Greater'0 -> cmp_log'0 y x = C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi211457485035727011__cmp_le_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - axiom antisym2'1_spec : forall x : t_B'0, y : t_B'0 . ([%#sord12] cmp_log'2 x y = C_Greater'0) - -> ([%#sord13] cmp_log'2 y x = C_Less'0) + use prelude.prelude.Int32 - function antisym1'1 [#"../../../creusot-contracts/src/logic/ord.rs" 61 4 61 34] (x : t_B'0) (y : t_B'0) : () + use prelude.prelude.Int - axiom antisym1'1_spec : forall x : t_B'0, y : t_B'0 . ([%#sord10] cmp_log'2 x y = C_Less'0) - -> ([%#sord11] cmp_log'2 y x = C_Greater'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function trans'1 [#"../../../creusot-contracts/src/logic/ord.rs" 56 4 56 53] (x : t_B'0) (y : t_B'0) (z : t_B'0) (o : t_Ordering'0) : () + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int32) (o : int32) : t_Ordering'0 + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - axiom trans'1_spec : forall x : t_B'0, y : t_B'0, z : t_B'0, o : t_Ordering'0 . ([%#sord7] cmp_log'2 x y = o) - -> ([%#sord8] cmp_log'2 y z = o) -> ([%#sord9] cmp_log'2 x z = o) - - function refl'2 [#"../../../creusot-contracts/src/logic/ord.rs" 50 4 50 21] (x : t_B'0) : () + goal refines : [%#sord0] forall x : int32 . forall y : int32 . forall result : () . (x <= y) + = (cmp_log'0 x y <> C_Greater'0) -> (x <= y) = (cmp_log'0 x y <> C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi211457485035727011__trans__refines [#"../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - axiom refl'2_spec : forall x : t_B'0 . [%#sord6] cmp_log'2 x x = C_Equal'0 + use prelude.prelude.Int32 - function gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 40 4 40 36] (self : t_B'0) (o : t_B'0) : bool + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function cmp_gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (x : t_B'0) (y : t_B'0) : () + use prelude.prelude.Int - axiom cmp_gt_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord5] gt_log'1 x y = (cmp_log'2 x y = C_Greater'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int32) (o : int32) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - function ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (self : t_B'0) (o : t_B'0) : bool + goal refines : [%#sord0] forall x : int32 . forall y : int32 . forall z : int32 . forall o : t_Ordering'0 . cmp_log'0 y z + = o + /\ cmp_log'0 x y = o + -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) +end +module M_creusot_contracts__logic__ord__qyi211457485035727011__cmp_gt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - function cmp_ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 36 4 36 36] (x : t_B'0) (y : t_B'0) : () + use prelude.prelude.Int32 - axiom cmp_ge_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord4] ge_log'1 x y = (cmp_log'2 x y <> C_Less'0) + use prelude.prelude.Int - function lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 20 4 20 36] (self : t_B'0) (o : t_B'0) : bool + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function cmp_lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 26 4 26 36] (x : t_B'0) (y : t_B'0) : () + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int32) (o : int32) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - axiom cmp_lt_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord3] lt_log'1 x y = (cmp_log'2 x y = C_Less'0) + goal refines : [%#sord0] forall x : int32 . forall y : int32 . forall result : () . (x > y) + = (cmp_log'0 x y = C_Greater'0) -> (x > y) = (cmp_log'0 x y = C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi211457485035727011__cmp_lt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - function le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 10 4 10 36] (self : t_B'0) (o : t_B'0) : bool + use prelude.prelude.Int32 - function cmp_le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 16 4 16 36] (x : t_B'0) (y : t_B'0) : () + use prelude.prelude.Int - axiom cmp_le_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord2] le_log'1 x y = (cmp_log'2 x y <> C_Greater'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 211 4 211 41] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int32) (o : int32) : t_Ordering'0 = - [%#sord1] let r = cmp_log'1 (let (a, _) = self in a) (let (a, _) = o in a) in if r = C_Equal'0 then - cmp_log'2 (let (_, a) = self in a) (let (_, a) = o in a) - else - r - + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : (t_A'0, t_B'0) . forall result : () . cmp_log'0 x x = C_Equal'0 - -> cmp_log'0 x x = C_Equal'0 + goal refines : [%#sord0] forall x : int32 . forall y : int32 . forall result : () . (x < y) + = (cmp_log'0 x y = C_Less'0) -> (x < y) = (cmp_log'0 x y = C_Less'0) end -module M_creusot_contracts__logic__ord__qyi1910662420989811789__trans__refines [#"../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56] (* <(A, B) as logic::ord::OrdLogic> *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 212 8 219 11 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 15 14 15 64 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 25 14 25 61 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 35 14 35 61 - let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 45 14 45 64 - let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 49 14 49 45 - let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 53 15 53 32 - let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 54 15 54 32 - let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 55 14 55 31 - let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 59 15 59 45 - let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 60 14 60 47 - let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 64 15 64 48 - let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 65 14 65 44 - let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 69 14 69 59 +module M_creusot_contracts__logic__ord__qyi211457485035727011__cmp_ge_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - type t_A'0 + use prelude.prelude.Int32 - type t_B'0 + use prelude.prelude.Int type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 6 4 6 42] (self : t_A'0) (_2 : t_A'0) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int32) (o : int32) : t_Ordering'0 + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 70 4 70 32] (x : t_A'0) (y : t_A'0) : () - - axiom eq_cmp'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord14] (x = y) = (cmp_log'1 x y = C_Equal'0) - - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 66 4 66 34] (x : t_A'0) (y : t_A'0) : () + goal refines : [%#sord0] forall x : int32 . forall y : int32 . forall result : () . (x >= y) + = (cmp_log'0 x y <> C_Less'0) -> (x >= y) = (cmp_log'0 x y <> C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi211457485035727011__antisym1__refines [#"../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - axiom antisym2'0_spec : forall x : t_A'0, y : t_A'0 . ([%#sord12] cmp_log'1 x y = C_Greater'0) - -> ([%#sord13] cmp_log'1 y x = C_Less'0) + use prelude.prelude.Int32 - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 61 4 61 34] (x : t_A'0) (y : t_A'0) : () + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - axiom antisym1'0_spec : forall x : t_A'0, y : t_A'0 . ([%#sord10] cmp_log'1 x y = C_Less'0) - -> ([%#sord11] cmp_log'1 y x = C_Greater'0) + use prelude.prelude.Int - function trans'1 [#"../../../creusot-contracts/src/logic/ord.rs" 56 4 56 53] (x : t_A'0) (y : t_A'0) (z : t_A'0) (o : t_Ordering'0) : () + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int32) (o : int32) : t_Ordering'0 + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - axiom trans'1_spec : forall x : t_A'0, y : t_A'0, z : t_A'0, o : t_Ordering'0 . ([%#sord7] cmp_log'1 x y = o) - -> ([%#sord8] cmp_log'1 y z = o) -> ([%#sord9] cmp_log'1 x z = o) - - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 50 4 50 21] (x : t_A'0) : () + goal refines : [%#sord0] forall x : int32 . forall y : int32 . cmp_log'0 x y = C_Less'0 + -> cmp_log'0 x y = C_Less'0 /\ (forall result : () . cmp_log'0 y x = C_Greater'0 -> cmp_log'0 y x = C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi211457485035727011__antisym2__refines [#"../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - axiom refl'0_spec : forall x : t_A'0 . [%#sord6] cmp_log'1 x x = C_Equal'0 + use prelude.prelude.Int32 - function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 40 4 40 36] (self : t_A'0) (o : t_A'0) : bool + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (x : t_A'0) (y : t_A'0) : () + use prelude.prelude.Int - axiom cmp_gt_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord5] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int32) (o : int32) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (self : t_A'0) (o : t_A'0) : bool + goal refines : [%#sord0] forall x : int32 . forall y : int32 . cmp_log'0 x y = C_Greater'0 + -> cmp_log'0 x y = C_Greater'0 /\ (forall result : () . cmp_log'0 y x = C_Less'0 -> cmp_log'0 y x = C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi211457485035727011__refl__refines [#"../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 36 4 36 36] (x : t_A'0) (y : t_A'0) : () + use prelude.prelude.Int32 - axiom cmp_ge_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord4] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 20 4 20 36] (self : t_A'0) (o : t_A'0) : bool + use prelude.prelude.Int - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 26 4 26 36] (x : t_A'0) (y : t_A'0) : () + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int32) (o : int32) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - axiom cmp_lt_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord3] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) + goal refines : [%#sord0] forall x : int32 . forall result : () . cmp_log'0 x x = C_Equal'0 + -> cmp_log'0 x x = C_Equal'0 +end +module M_creusot_contracts__logic__ord__qyi211457485035727011__eq_cmp__refines [#"../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 10 4 10 36] (self : t_A'0) (o : t_A'0) : bool + use prelude.prelude.Int32 - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 16 4 16 36] (x : t_A'0) (y : t_A'0) : () + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - axiom cmp_le_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord2] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) + use prelude.prelude.Int - function cmp_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 6 4 6 42] (self : t_B'0) (_2 : t_B'0) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int32) (o : int32) : t_Ordering'0 + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - function eq_cmp'1 [#"../../../creusot-contracts/src/logic/ord.rs" 70 4 70 32] (x : t_B'0) (y : t_B'0) : () - - axiom eq_cmp'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord14] (x = y) = (cmp_log'2 x y = C_Equal'0) - - function antisym2'1 [#"../../../creusot-contracts/src/logic/ord.rs" 66 4 66 34] (x : t_B'0) (y : t_B'0) : () + goal refines : [%#sord0] forall x : int32 . forall y : int32 . forall result : () . (x = y) + = (cmp_log'0 x y = C_Equal'0) -> (x = y) = (cmp_log'0 x y = C_Equal'0) +end +module M_creusot_contracts__logic__ord__qyi2565746305859701215__refl__refines [#"../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - axiom antisym2'1_spec : forall x : t_B'0, y : t_B'0 . ([%#sord12] cmp_log'2 x y = C_Greater'0) - -> ([%#sord13] cmp_log'2 y x = C_Less'0) + use prelude.prelude.Int64 - function antisym1'1 [#"../../../creusot-contracts/src/logic/ord.rs" 61 4 61 34] (x : t_B'0) (y : t_B'0) : () + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - axiom antisym1'1_spec : forall x : t_B'0, y : t_B'0 . ([%#sord10] cmp_log'2 x y = C_Less'0) - -> ([%#sord11] cmp_log'2 y x = C_Greater'0) + use prelude.prelude.Int - function trans'2 [#"../../../creusot-contracts/src/logic/ord.rs" 56 4 56 53] (x : t_B'0) (y : t_B'0) (z : t_B'0) (o : t_Ordering'0) : () + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int64) (o : int64) : t_Ordering'0 + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - axiom trans'2_spec : forall x : t_B'0, y : t_B'0, z : t_B'0, o : t_Ordering'0 . ([%#sord7] cmp_log'2 x y = o) - -> ([%#sord8] cmp_log'2 y z = o) -> ([%#sord9] cmp_log'2 x z = o) - - function refl'1 [#"../../../creusot-contracts/src/logic/ord.rs" 50 4 50 21] (x : t_B'0) : () + goal refines : [%#sord0] forall x : int64 . forall result : () . cmp_log'0 x x = C_Equal'0 + -> cmp_log'0 x x = C_Equal'0 +end +module M_creusot_contracts__logic__ord__qyi2565746305859701215__cmp_lt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - axiom refl'1_spec : forall x : t_B'0 . [%#sord6] cmp_log'2 x x = C_Equal'0 + use prelude.prelude.Int64 - function gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 40 4 40 36] (self : t_B'0) (o : t_B'0) : bool + use prelude.prelude.Int - function cmp_gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (x : t_B'0) (y : t_B'0) : () + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - axiom cmp_gt_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord5] gt_log'1 x y = (cmp_log'2 x y = C_Greater'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int64) (o : int64) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - function ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (self : t_B'0) (o : t_B'0) : bool + goal refines : [%#sord0] forall x : int64 . forall y : int64 . forall result : () . (x < y) + = (cmp_log'0 x y = C_Less'0) -> (x < y) = (cmp_log'0 x y = C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi2565746305859701215__antisym1__refines [#"../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - function cmp_ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 36 4 36 36] (x : t_B'0) (y : t_B'0) : () + use prelude.prelude.Int64 - axiom cmp_ge_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord4] ge_log'1 x y = (cmp_log'2 x y <> C_Less'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 20 4 20 36] (self : t_B'0) (o : t_B'0) : bool + use prelude.prelude.Int - function cmp_lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 26 4 26 36] (x : t_B'0) (y : t_B'0) : () + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int64) (o : int64) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - axiom cmp_lt_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord3] lt_log'1 x y = (cmp_log'2 x y = C_Less'0) + goal refines : [%#sord0] forall x : int64 . forall y : int64 . cmp_log'0 x y = C_Less'0 + -> cmp_log'0 x y = C_Less'0 /\ (forall result : () . cmp_log'0 y x = C_Greater'0 -> cmp_log'0 y x = C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi2565746305859701215__trans__refines [#"../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - function le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 10 4 10 36] (self : t_B'0) (o : t_B'0) : bool + use prelude.prelude.Int64 - function cmp_le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 16 4 16 36] (x : t_B'0) (y : t_B'0) : () + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - axiom cmp_le_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord2] le_log'1 x y = (cmp_log'2 x y <> C_Greater'0) + use prelude.prelude.Int - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 211 4 211 41] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int64) (o : int64) : t_Ordering'0 = - [%#sord1] let r = cmp_log'1 (let (a, _) = self in a) (let (a, _) = o in a) in if r = C_Equal'0 then - cmp_log'2 (let (_, a) = self in a) (let (_, a) = o in a) - else - r - + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : (t_A'0, t_B'0) . forall y : (t_A'0, t_B'0) . forall z : (t_A'0, t_B'0) . forall o : t_Ordering'0 . cmp_log'0 y z + goal refines : [%#sord0] forall x : int64 . forall y : int64 . forall z : int64 . forall o : t_Ordering'0 . cmp_log'0 y z = o /\ cmp_log'0 x y = o -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) end -module M_creusot_contracts__logic__ord__qyi1910662420989811789__cmp_lt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (* <(A, B) as logic::ord::OrdLogic> *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 231 20 231 67 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 212 8 219 11 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 15 14 15 64 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 25 14 25 61 - let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 35 14 35 61 - let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 45 14 45 64 - let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 49 14 49 45 - let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 53 15 53 32 - let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 54 15 54 32 - let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 55 14 55 31 - let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 59 15 59 45 - let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 60 14 60 47 - let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 64 15 64 48 - let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 65 14 65 44 - let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 69 14 69 59 +module M_creusot_contracts__logic__ord__qyi2565746305859701215__eq_cmp__refines [#"../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - type t_A'0 - - type t_B'0 + use prelude.prelude.Int64 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 6 4 6 42] (self : t_B'0) (_2 : t_B'0) : t_Ordering'0 - - - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 70 4 70 32] (x : t_B'0) (y : t_B'0) : () - - axiom eq_cmp'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord15] (x = y) = (cmp_log'2 x y = C_Equal'0) - - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 66 4 66 34] (x : t_B'0) (y : t_B'0) : () - - axiom antisym2'0_spec : forall x : t_B'0, y : t_B'0 . ([%#sord13] cmp_log'2 x y = C_Greater'0) - -> ([%#sord14] cmp_log'2 y x = C_Less'0) - - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 61 4 61 34] (x : t_B'0) (y : t_B'0) : () - - axiom antisym1'0_spec : forall x : t_B'0, y : t_B'0 . ([%#sord11] cmp_log'2 x y = C_Less'0) - -> ([%#sord12] cmp_log'2 y x = C_Greater'0) + use prelude.prelude.Int - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 56 4 56 53] (x : t_B'0) (y : t_B'0) (z : t_B'0) (o : t_Ordering'0) : () + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int64) (o : int64) : t_Ordering'0 + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - axiom trans'0_spec : forall x : t_B'0, y : t_B'0, z : t_B'0, o : t_Ordering'0 . ([%#sord8] cmp_log'2 x y = o) - -> ([%#sord9] cmp_log'2 y z = o) -> ([%#sord10] cmp_log'2 x z = o) - - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 50 4 50 21] (x : t_B'0) : () - - axiom refl'0_spec : forall x : t_B'0 . [%#sord7] cmp_log'2 x x = C_Equal'0 - - function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 40 4 40 36] (self : t_B'0) (o : t_B'0) : bool - - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (x : t_B'0) (y : t_B'0) : () - - axiom cmp_gt_log'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord6] gt_log'0 x y = (cmp_log'2 x y = C_Greater'0) - - function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (self : t_B'0) (o : t_B'0) : bool + goal refines : [%#sord0] forall x : int64 . forall y : int64 . forall result : () . (x = y) + = (cmp_log'0 x y = C_Equal'0) -> (x = y) = (cmp_log'0 x y = C_Equal'0) +end +module M_creusot_contracts__logic__ord__qyi2565746305859701215__antisym2__refines [#"../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 36 4 36 36] (x : t_B'0) (y : t_B'0) : () + use prelude.prelude.Int64 - axiom cmp_ge_log'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord5] ge_log'0 x y = (cmp_log'2 x y <> C_Less'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 20 4 20 36] (self : t_B'0) (o : t_B'0) : bool + use prelude.prelude.Int - function cmp_lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 26 4 26 36] (x : t_B'0) (y : t_B'0) : () + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int64) (o : int64) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - axiom cmp_lt_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord4] lt_log'1 x y = (cmp_log'2 x y = C_Less'0) + goal refines : [%#sord0] forall x : int64 . forall y : int64 . cmp_log'0 x y = C_Greater'0 + -> cmp_log'0 x y = C_Greater'0 /\ (forall result : () . cmp_log'0 y x = C_Less'0 -> cmp_log'0 y x = C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi2565746305859701215__cmp_gt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 10 4 10 36] (self : t_B'0) (o : t_B'0) : bool + use prelude.prelude.Int64 - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 16 4 16 36] (x : t_B'0) (y : t_B'0) : () + use prelude.prelude.Int - axiom cmp_le_log'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord3] le_log'0 x y = (cmp_log'2 x y <> C_Greater'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 6 4 6 42] (self : t_A'0) (_2 : t_A'0) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int64) (o : int64) : t_Ordering'0 + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - function eq_cmp'1 [#"../../../creusot-contracts/src/logic/ord.rs" 70 4 70 32] (x : t_A'0) (y : t_A'0) : () - - axiom eq_cmp'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord15] (x = y) = (cmp_log'1 x y = C_Equal'0) - - function antisym2'1 [#"../../../creusot-contracts/src/logic/ord.rs" 66 4 66 34] (x : t_A'0) (y : t_A'0) : () + goal refines : [%#sord0] forall x : int64 . forall y : int64 . forall result : () . (x > y) + = (cmp_log'0 x y = C_Greater'0) -> (x > y) = (cmp_log'0 x y = C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi2565746305859701215__cmp_le_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - axiom antisym2'1_spec : forall x : t_A'0, y : t_A'0 . ([%#sord13] cmp_log'1 x y = C_Greater'0) - -> ([%#sord14] cmp_log'1 y x = C_Less'0) + use prelude.prelude.Int64 - function antisym1'1 [#"../../../creusot-contracts/src/logic/ord.rs" 61 4 61 34] (x : t_A'0) (y : t_A'0) : () + use prelude.prelude.Int - axiom antisym1'1_spec : forall x : t_A'0, y : t_A'0 . ([%#sord11] cmp_log'1 x y = C_Less'0) - -> ([%#sord12] cmp_log'1 y x = C_Greater'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function trans'1 [#"../../../creusot-contracts/src/logic/ord.rs" 56 4 56 53] (x : t_A'0) (y : t_A'0) (z : t_A'0) (o : t_Ordering'0) : () + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int64) (o : int64) : t_Ordering'0 + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - axiom trans'1_spec : forall x : t_A'0, y : t_A'0, z : t_A'0, o : t_Ordering'0 . ([%#sord8] cmp_log'1 x y = o) - -> ([%#sord9] cmp_log'1 y z = o) -> ([%#sord10] cmp_log'1 x z = o) - - function refl'1 [#"../../../creusot-contracts/src/logic/ord.rs" 50 4 50 21] (x : t_A'0) : () - - axiom refl'1_spec : forall x : t_A'0 . [%#sord7] cmp_log'1 x x = C_Equal'0 + goal refines : [%#sord0] forall x : int64 . forall y : int64 . forall result : () . (x <= y) + = (cmp_log'0 x y <> C_Greater'0) -> (x <= y) = (cmp_log'0 x y <> C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi2565746305859701215__cmp_ge_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - function gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 40 4 40 36] (self : t_A'0) (o : t_A'0) : bool + use prelude.prelude.Int64 - function cmp_gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (x : t_A'0) (y : t_A'0) : () + use prelude.prelude.Int - axiom cmp_gt_log'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord6] gt_log'1 x y = (cmp_log'1 x y = C_Greater'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (self : t_A'0) (o : t_A'0) : bool + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int64) (o : int64) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - function cmp_ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 36 4 36 36] (x : t_A'0) (y : t_A'0) : () + goal refines : [%#sord0] forall x : int64 . forall y : int64 . forall result : () . (x >= y) + = (cmp_log'0 x y <> C_Less'0) -> (x >= y) = (cmp_log'0 x y <> C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi2364657485180829964__antisym1__refines [#"../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - axiom cmp_ge_log'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord5] ge_log'1 x y = (cmp_log'1 x y <> C_Less'0) + use prelude.prelude.Int128 - function lt_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 20 4 20 36] (self : t_A'0) (o : t_A'0) : bool + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function cmp_lt_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 26 4 26 36] (x : t_A'0) (y : t_A'0) : () + use prelude.prelude.Int - axiom cmp_lt_log'2_spec : forall x : t_A'0, y : t_A'0 . [%#sord4] lt_log'2 x y = (cmp_log'1 x y = C_Less'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int128) (o : int128) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - function le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 10 4 10 36] (self : t_A'0) (o : t_A'0) : bool + goal refines : [%#sord0] forall x : int128 . forall y : int128 . cmp_log'0 x y = C_Less'0 + -> cmp_log'0 x y = C_Less'0 /\ (forall result : () . cmp_log'0 y x = C_Greater'0 -> cmp_log'0 y x = C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi2364657485180829964__eq_cmp__refines [#"../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - function cmp_le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 16 4 16 36] (x : t_A'0) (y : t_A'0) : () + use prelude.prelude.Int128 - axiom cmp_le_log'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord3] le_log'1 x y = (cmp_log'1 x y <> C_Greater'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 230 4 230 36] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : bool - - = - [%#sord1] (let (a, _) = self in a) = (let (a, _) = o in a) - /\ lt_log'1 (let (_, a) = self in a) (let (_, a) = o in a) - \/ lt_log'2 (let (a, _) = self in a) (let (a, _) = o in a) + use prelude.prelude.Int - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 211 4 211 41] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int128) (o : int128) : t_Ordering'0 = - [%#sord2] let r = cmp_log'1 (let (a, _) = self in a) (let (a, _) = o in a) in if r = C_Equal'0 then - cmp_log'2 (let (_, a) = self in a) (let (_, a) = o in a) - else - r - + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : (t_A'0, t_B'0) . forall y : (t_A'0, t_B'0) . forall result : () . lt_log'0 x y - = (cmp_log'0 x y = C_Less'0) -> lt_log'0 x y = (cmp_log'0 x y = C_Less'0) + goal refines : [%#sord0] forall x : int128 . forall y : int128 . forall result : () . (x = y) + = (cmp_log'0 x y = C_Equal'0) -> (x = y) = (cmp_log'0 x y = C_Equal'0) end -module M_creusot_contracts__logic__ord__qyi1910662420989811789__antisym1__refines [#"../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37] (* <(A, B) as logic::ord::OrdLogic> *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 212 8 219 11 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 15 14 15 64 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 25 14 25 61 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 35 14 35 61 - let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 45 14 45 64 - let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 49 14 49 45 - let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 53 15 53 32 - let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 54 15 54 32 - let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 55 14 55 31 - let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 59 15 59 45 - let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 60 14 60 47 - let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 64 15 64 48 - let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 65 14 65 44 - let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 69 14 69 59 - - type t_A'0 +module M_creusot_contracts__logic__ord__qyi2364657485180829964__antisym2__refines [#"../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - type t_B'0 + use prelude.prelude.Int128 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 6 4 6 42] (self : t_A'0) (_2 : t_A'0) : t_Ordering'0 - - - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 70 4 70 32] (x : t_A'0) (y : t_A'0) : () + use prelude.prelude.Int - axiom eq_cmp'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord14] (x = y) = (cmp_log'1 x y = C_Equal'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int128) (o : int128) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 66 4 66 34] (x : t_A'0) (y : t_A'0) : () + goal refines : [%#sord0] forall x : int128 . forall y : int128 . cmp_log'0 x y = C_Greater'0 + -> cmp_log'0 x y = C_Greater'0 /\ (forall result : () . cmp_log'0 y x = C_Less'0 -> cmp_log'0 y x = C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi2364657485180829964__cmp_gt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - axiom antisym2'0_spec : forall x : t_A'0, y : t_A'0 . ([%#sord12] cmp_log'1 x y = C_Greater'0) - -> ([%#sord13] cmp_log'1 y x = C_Less'0) + use prelude.prelude.Int128 - function antisym1'1 [#"../../../creusot-contracts/src/logic/ord.rs" 61 4 61 34] (x : t_A'0) (y : t_A'0) : () + use prelude.prelude.Int - axiom antisym1'1_spec : forall x : t_A'0, y : t_A'0 . ([%#sord10] cmp_log'1 x y = C_Less'0) - -> ([%#sord11] cmp_log'1 y x = C_Greater'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 56 4 56 53] (x : t_A'0) (y : t_A'0) (z : t_A'0) (o : t_Ordering'0) : () + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int128) (o : int128) : t_Ordering'0 + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - axiom trans'0_spec : forall x : t_A'0, y : t_A'0, z : t_A'0, o : t_Ordering'0 . ([%#sord7] cmp_log'1 x y = o) - -> ([%#sord8] cmp_log'1 y z = o) -> ([%#sord9] cmp_log'1 x z = o) - - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 50 4 50 21] (x : t_A'0) : () + goal refines : [%#sord0] forall x : int128 . forall y : int128 . forall result : () . (x > y) + = (cmp_log'0 x y = C_Greater'0) -> (x > y) = (cmp_log'0 x y = C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi2364657485180829964__refl__refines [#"../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - axiom refl'0_spec : forall x : t_A'0 . [%#sord6] cmp_log'1 x x = C_Equal'0 + use prelude.prelude.Int128 - function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 40 4 40 36] (self : t_A'0) (o : t_A'0) : bool + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (x : t_A'0) (y : t_A'0) : () + use prelude.prelude.Int - axiom cmp_gt_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord5] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int128) (o : int128) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (self : t_A'0) (o : t_A'0) : bool + goal refines : [%#sord0] forall x : int128 . forall result : () . cmp_log'0 x x = C_Equal'0 + -> cmp_log'0 x x = C_Equal'0 +end +module M_creusot_contracts__logic__ord__qyi2364657485180829964__cmp_ge_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 36 4 36 36] (x : t_A'0) (y : t_A'0) : () + use prelude.prelude.Int128 - axiom cmp_ge_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord4] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) + use prelude.prelude.Int - function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 20 4 20 36] (self : t_A'0) (o : t_A'0) : bool + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 26 4 26 36] (x : t_A'0) (y : t_A'0) : () + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int128) (o : int128) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - axiom cmp_lt_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord3] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) + goal refines : [%#sord0] forall x : int128 . forall y : int128 . forall result : () . (x >= y) + = (cmp_log'0 x y <> C_Less'0) -> (x >= y) = (cmp_log'0 x y <> C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi2364657485180829964__cmp_lt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 10 4 10 36] (self : t_A'0) (o : t_A'0) : bool + use prelude.prelude.Int128 - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 16 4 16 36] (x : t_A'0) (y : t_A'0) : () + use prelude.prelude.Int - axiom cmp_le_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord2] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function cmp_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 6 4 6 42] (self : t_B'0) (_2 : t_B'0) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int128) (o : int128) : t_Ordering'0 + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - function eq_cmp'1 [#"../../../creusot-contracts/src/logic/ord.rs" 70 4 70 32] (x : t_B'0) (y : t_B'0) : () - - axiom eq_cmp'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord14] (x = y) = (cmp_log'2 x y = C_Equal'0) - - function antisym2'1 [#"../../../creusot-contracts/src/logic/ord.rs" 66 4 66 34] (x : t_B'0) (y : t_B'0) : () + goal refines : [%#sord0] forall x : int128 . forall y : int128 . forall result : () . (x < y) + = (cmp_log'0 x y = C_Less'0) -> (x < y) = (cmp_log'0 x y = C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi2364657485180829964__cmp_le_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - axiom antisym2'1_spec : forall x : t_B'0, y : t_B'0 . ([%#sord12] cmp_log'2 x y = C_Greater'0) - -> ([%#sord13] cmp_log'2 y x = C_Less'0) + use prelude.prelude.Int128 - function antisym1'2 [#"../../../creusot-contracts/src/logic/ord.rs" 61 4 61 34] (x : t_B'0) (y : t_B'0) : () + use prelude.prelude.Int - axiom antisym1'2_spec : forall x : t_B'0, y : t_B'0 . ([%#sord10] cmp_log'2 x y = C_Less'0) - -> ([%#sord11] cmp_log'2 y x = C_Greater'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function trans'1 [#"../../../creusot-contracts/src/logic/ord.rs" 56 4 56 53] (x : t_B'0) (y : t_B'0) (z : t_B'0) (o : t_Ordering'0) : () + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int128) (o : int128) : t_Ordering'0 + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - axiom trans'1_spec : forall x : t_B'0, y : t_B'0, z : t_B'0, o : t_Ordering'0 . ([%#sord7] cmp_log'2 x y = o) - -> ([%#sord8] cmp_log'2 y z = o) -> ([%#sord9] cmp_log'2 x z = o) - - function refl'1 [#"../../../creusot-contracts/src/logic/ord.rs" 50 4 50 21] (x : t_B'0) : () + goal refines : [%#sord0] forall x : int128 . forall y : int128 . forall result : () . (x <= y) + = (cmp_log'0 x y <> C_Greater'0) -> (x <= y) = (cmp_log'0 x y <> C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi2364657485180829964__trans__refines [#"../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - axiom refl'1_spec : forall x : t_B'0 . [%#sord6] cmp_log'2 x x = C_Equal'0 + use prelude.prelude.Int128 - function gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 40 4 40 36] (self : t_B'0) (o : t_B'0) : bool + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function cmp_gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (x : t_B'0) (y : t_B'0) : () + use prelude.prelude.Int - axiom cmp_gt_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord5] gt_log'1 x y = (cmp_log'2 x y = C_Greater'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int128) (o : int128) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - function ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (self : t_B'0) (o : t_B'0) : bool + goal refines : [%#sord0] forall x : int128 . forall y : int128 . forall z : int128 . forall o : t_Ordering'0 . cmp_log'0 y z + = o + /\ cmp_log'0 x y = o + -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) +end +module M_creusot_contracts__logic__ord__qyi8047313880300482848__antisym1__refines [#"../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - function cmp_ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 36 4 36 36] (x : t_B'0) (y : t_B'0) : () + use prelude.prelude.IntSize - axiom cmp_ge_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord4] ge_log'1 x y = (cmp_log'2 x y <> C_Less'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 20 4 20 36] (self : t_B'0) (o : t_B'0) : bool + use prelude.prelude.Int - function cmp_lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 26 4 26 36] (x : t_B'0) (y : t_B'0) : () + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : isize) (o : isize) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - axiom cmp_lt_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord3] lt_log'1 x y = (cmp_log'2 x y = C_Less'0) + goal refines : [%#sord0] forall x : isize . forall y : isize . cmp_log'0 x y = C_Less'0 + -> cmp_log'0 x y = C_Less'0 /\ (forall result : () . cmp_log'0 y x = C_Greater'0 -> cmp_log'0 y x = C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi8047313880300482848__antisym2__refines [#"../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - function le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 10 4 10 36] (self : t_B'0) (o : t_B'0) : bool + use prelude.prelude.IntSize - function cmp_le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 16 4 16 36] (x : t_B'0) (y : t_B'0) : () + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - axiom cmp_le_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord2] le_log'1 x y = (cmp_log'2 x y <> C_Greater'0) + use prelude.prelude.Int - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 211 4 211 41] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : isize) (o : isize) : t_Ordering'0 = - [%#sord1] let r = cmp_log'1 (let (a, _) = self in a) (let (a, _) = o in a) in if r = C_Equal'0 then - cmp_log'2 (let (_, a) = self in a) (let (_, a) = o in a) - else - r - + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : (t_A'0, t_B'0) . forall y : (t_A'0, t_B'0) . cmp_log'0 x y = C_Less'0 - -> cmp_log'0 x y = C_Less'0 /\ (forall result : () . cmp_log'0 y x = C_Greater'0 -> cmp_log'0 y x = C_Greater'0) + goal refines : [%#sord0] forall x : isize . forall y : isize . cmp_log'0 x y = C_Greater'0 + -> cmp_log'0 x y = C_Greater'0 /\ (forall result : () . cmp_log'0 y x = C_Less'0 -> cmp_log'0 y x = C_Less'0) end -module M_creusot_contracts__stdqy35z1__cmp__qyi16241606109483467814__cmp_lt_log__refines [#"../../../creusot-contracts/src/std/cmp.rs" 93 4 93 35] (* as logic::ord::OrdLogic> *) - let%span scmp0 = "../../../creusot-contracts/src/std/cmp.rs" 93 4 93 35 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 21 20 21 53 - let%span scmp2 = "../../../creusot-contracts/src/std/cmp.rs" 78 8 82 9 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 15 14 15 64 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 25 14 25 61 - let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 35 14 35 61 - let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 45 14 45 64 - let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 49 14 49 45 - let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 53 15 53 32 - let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 54 15 54 32 - let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 55 14 55 31 - let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 59 15 59 45 - let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 60 14 60 47 - let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 64 15 64 48 - let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 65 14 65 44 - let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 69 14 69 59 +module M_creusot_contracts__logic__ord__qyi8047313880300482848__cmp_ge_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - type t_T'0 + use prelude.prelude.IntSize - type t_Reverse'0 = - { t_Reverse__0'0: t_T'0 } + use prelude.prelude.Int type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 6 4 6 42] (self : t_T'0) (_2 : t_T'0) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : isize) (o : isize) : t_Ordering'0 + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 70 4 70 32] (x : t_T'0) (y : t_T'0) : () - - axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord15] (x = y) = (cmp_log'1 x y = C_Equal'0) - - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 66 4 66 34] (x : t_T'0) (y : t_T'0) : () + goal refines : [%#sord0] forall x : isize . forall y : isize . forall result : () . (x >= y) + = (cmp_log'0 x y <> C_Less'0) -> (x >= y) = (cmp_log'0 x y <> C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi8047313880300482848__cmp_lt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord13] cmp_log'1 x y = C_Greater'0) - -> ([%#sord14] cmp_log'1 y x = C_Less'0) + use prelude.prelude.IntSize - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 61 4 61 34] (x : t_T'0) (y : t_T'0) : () + use prelude.prelude.Int - axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord11] cmp_log'1 x y = C_Less'0) - -> ([%#sord12] cmp_log'1 y x = C_Greater'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 56 4 56 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : isize) (o : isize) : t_Ordering'0 + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord8] cmp_log'1 x y = o) - -> ([%#sord9] cmp_log'1 y z = o) -> ([%#sord10] cmp_log'1 x z = o) - - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 50 4 50 21] (x : t_T'0) : () - - axiom refl'0_spec : forall x : t_T'0 . [%#sord7] cmp_log'1 x x = C_Equal'0 + goal refines : [%#sord0] forall x : isize . forall y : isize . forall result : () . (x < y) + = (cmp_log'0 x y = C_Less'0) -> (x < y) = (cmp_log'0 x y = C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi8047313880300482848__trans__refines [#"../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 40 4 40 36] (self : t_T'0) (o : t_T'0) : bool + use prelude.prelude.IntSize - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (x : t_T'0) (y : t_T'0) : () + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord6] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) + use prelude.prelude.Int - function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (self : t_T'0) (o : t_T'0) : bool + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : isize) (o : isize) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 36 4 36 36] (x : t_T'0) (y : t_T'0) : () + goal refines : [%#sord0] forall x : isize . forall y : isize . forall z : isize . forall o : t_Ordering'0 . cmp_log'0 y z + = o + /\ cmp_log'0 x y = o + -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) +end +module M_creusot_contracts__logic__ord__qyi8047313880300482848__eq_cmp__refines [#"../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) + use prelude.prelude.IntSize - function lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 20 4 20 36] (self : t_T'0) (o : t_T'0) : bool + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function cmp_lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 26 4 26 36] (x : t_T'0) (y : t_T'0) : () + use prelude.prelude.Int - axiom cmp_lt_log'1_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] lt_log'1 x y = (cmp_log'1 x y = C_Less'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : isize) (o : isize) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 10 4 10 36] (self : t_T'0) (o : t_T'0) : bool + goal refines : [%#sord0] forall x : isize . forall y : isize . forall result : () . (x = y) + = (cmp_log'0 x y = C_Equal'0) -> (x = y) = (cmp_log'0 x y = C_Equal'0) +end +module M_creusot_contracts__logic__ord__qyi8047313880300482848__refl__refines [#"../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 16 4 16 36] (x : t_T'0) (y : t_T'0) : () + use prelude.prelude.IntSize - axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord3] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/std/cmp.rs" 77 4 77 41] (self : t_Reverse'0) (o : t_Reverse'0) : t_Ordering'0 - - = - [%#scmp2] match cmp_log'1 self.t_Reverse__0'0 o.t_Reverse__0'0 with - | C_Equal'0 -> C_Equal'0 - | C_Less'0 -> C_Greater'0 - | C_Greater'0 -> C_Less'0 - end + use prelude.prelude.Int - function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 20 4 20 36] (self : t_Reverse'0) (o : t_Reverse'0) : bool + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : isize) (o : isize) : t_Ordering'0 = - [%#sord1] cmp_log'0 self o = C_Less'0 + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#scmp0] forall x : t_Reverse'0 . forall y : t_Reverse'0 . forall result : () . lt_log'0 x y - = (cmp_log'0 x y = C_Less'0) -> lt_log'0 x y = (cmp_log'0 x y = C_Less'0) + goal refines : [%#sord0] forall x : isize . forall result : () . cmp_log'0 x x = C_Equal'0 + -> cmp_log'0 x x = C_Equal'0 end -module M_creusot_contracts__stdqy35z1__cmp__qyi16241606109483467814__antisym1__refines [#"../../../creusot-contracts/src/std/cmp.rs" 121 4 121 33] (* as logic::ord::OrdLogic> *) - let%span scmp0 = "../../../creusot-contracts/src/std/cmp.rs" 121 4 121 33 - let%span scmp1 = "../../../creusot-contracts/src/std/cmp.rs" 78 8 82 9 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 15 14 15 64 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 25 14 25 61 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 35 14 35 61 - let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 45 14 45 64 - let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 49 14 49 45 - let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 53 15 53 32 - let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 54 15 54 32 - let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 55 14 55 31 - let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 59 15 59 45 - let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 60 14 60 47 - let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 64 15 64 48 - let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 65 14 65 44 - let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 69 14 69 59 +module M_creusot_contracts__logic__ord__qyi8047313880300482848__cmp_gt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - type t_T'0 + use prelude.prelude.IntSize - type t_Reverse'0 = - { t_Reverse__0'0: t_T'0 } + use prelude.prelude.Int type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 6 4 6 42] (self : t_T'0) (_2 : t_T'0) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : isize) (o : isize) : t_Ordering'0 + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 70 4 70 32] (x : t_T'0) (y : t_T'0) : () - - axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord14] (x = y) = (cmp_log'1 x y = C_Equal'0) - - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 66 4 66 34] (x : t_T'0) (y : t_T'0) : () + goal refines : [%#sord0] forall x : isize . forall y : isize . forall result : () . (x > y) + = (cmp_log'0 x y = C_Greater'0) -> (x > y) = (cmp_log'0 x y = C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi8047313880300482848__cmp_le_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord12] cmp_log'1 x y = C_Greater'0) - -> ([%#sord13] cmp_log'1 y x = C_Less'0) + use prelude.prelude.IntSize - function antisym1'1 [#"../../../creusot-contracts/src/logic/ord.rs" 61 4 61 34] (x : t_T'0) (y : t_T'0) : () + use prelude.prelude.Int - axiom antisym1'1_spec : forall x : t_T'0, y : t_T'0 . ([%#sord10] cmp_log'1 x y = C_Less'0) - -> ([%#sord11] cmp_log'1 y x = C_Greater'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 56 4 56 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : isize) (o : isize) : t_Ordering'0 + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord7] cmp_log'1 x y = o) - -> ([%#sord8] cmp_log'1 y z = o) -> ([%#sord9] cmp_log'1 x z = o) - - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 50 4 50 21] (x : t_T'0) : () - - axiom refl'0_spec : forall x : t_T'0 . [%#sord6] cmp_log'1 x x = C_Equal'0 - - function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 40 4 40 36] (self : t_T'0) (o : t_T'0) : bool - - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (x : t_T'0) (y : t_T'0) : () - - axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) - - function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (self : t_T'0) (o : t_T'0) : bool + goal refines : [%#sord0] forall x : isize . forall y : isize . forall result : () . (x <= y) + = (cmp_log'0 x y <> C_Greater'0) -> (x <= y) = (cmp_log'0 x y <> C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi17836724837647357586__cmp_ge_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 47 20 47 53 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 248 8 253 9 - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 36 4 36 36] (x : t_T'0) (y : t_T'0) : () + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 247 4 247 41] (self : bool) (o : bool) : t_Ordering'0 + + = + [%#sord2] match (self, o) with + | (False, False) -> C_Equal'0 + | (True, True) -> C_Equal'0 + | (False, True) -> C_Less'0 + | (True, False) -> C_Greater'0 + end - function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 20 4 20 36] (self : t_T'0) (o : t_T'0) : bool + function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : bool) (o : bool) : bool = + [%#sord1] cmp_log'0 self o <> C_Less'0 - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 26 4 26 36] (x : t_T'0) (y : t_T'0) : () + goal refines : [%#sord0] forall x : bool . forall y : bool . forall result : () . ge_log'0 x y + = (cmp_log'0 x y <> C_Less'0) -> ge_log'0 x y = (cmp_log'0 x y <> C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi17836724837647357586__refl__refines [#"../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 248 8 253 9 - axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord3] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 10 4 10 36] (self : t_T'0) (o : t_T'0) : bool + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 247 4 247 41] (self : bool) (o : bool) : t_Ordering'0 + + = + [%#sord1] match (self, o) with + | (False, False) -> C_Equal'0 + | (True, True) -> C_Equal'0 + | (False, True) -> C_Less'0 + | (True, False) -> C_Greater'0 + end - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 16 4 16 36] (x : t_T'0) (y : t_T'0) : () + goal refines : [%#sord0] forall x : bool . forall result : () . cmp_log'0 x x = C_Equal'0 + -> cmp_log'0 x x = C_Equal'0 +end +module M_creusot_contracts__logic__ord__qyi17836724837647357586__antisym1__refines [#"../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 248 8 253 9 - axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord2] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/std/cmp.rs" 77 4 77 41] (self : t_Reverse'0) (o : t_Reverse'0) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 247 4 247 41] (self : bool) (o : bool) : t_Ordering'0 = - [%#scmp1] match cmp_log'1 self.t_Reverse__0'0 o.t_Reverse__0'0 with - | C_Equal'0 -> C_Equal'0 - | C_Less'0 -> C_Greater'0 - | C_Greater'0 -> C_Less'0 + [%#sord1] match (self, o) with + | (False, False) -> C_Equal'0 + | (True, True) -> C_Equal'0 + | (False, True) -> C_Less'0 + | (True, False) -> C_Greater'0 end - goal refines : [%#scmp0] forall x : t_Reverse'0 . forall y : t_Reverse'0 . cmp_log'0 x y = C_Less'0 + goal refines : [%#sord0] forall x : bool . forall y : bool . cmp_log'0 x y = C_Less'0 -> cmp_log'0 x y = C_Less'0 /\ (forall result : () . cmp_log'0 y x = C_Greater'0 -> cmp_log'0 y x = C_Greater'0) end -module M_creusot_contracts__stdqy35z1__cmp__qyi16241606109483467814__eq_cmp__refines [#"../../../creusot-contracts/src/std/cmp.rs" 132 4 132 31] (* as logic::ord::OrdLogic> *) - let%span scmp0 = "../../../creusot-contracts/src/std/cmp.rs" 132 4 132 31 - let%span scmp1 = "../../../creusot-contracts/src/std/cmp.rs" 78 8 82 9 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 15 14 15 64 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 25 14 25 61 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 35 14 35 61 - let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 45 14 45 64 - let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 49 14 49 45 - let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 53 15 53 32 - let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 54 15 54 32 - let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 55 14 55 31 - let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 59 15 59 45 - let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 60 14 60 47 - let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 64 15 64 48 - let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 65 14 65 44 - let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 69 14 69 59 - - type t_T'0 - - type t_Reverse'0 = - { t_Reverse__0'0: t_T'0 } +module M_creusot_contracts__logic__ord__qyi17836724837647357586__cmp_gt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 58 20 58 56 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 248 8 253 9 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 6 4 6 42] (self : t_T'0) (_2 : t_T'0) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 247 4 247 41] (self : bool) (o : bool) : t_Ordering'0 + = + [%#sord2] match (self, o) with + | (False, False) -> C_Equal'0 + | (True, True) -> C_Equal'0 + | (False, True) -> C_Less'0 + | (True, False) -> C_Greater'0 + end - function eq_cmp'1 [#"../../../creusot-contracts/src/logic/ord.rs" 70 4 70 32] (x : t_T'0) (y : t_T'0) : () - - axiom eq_cmp'1_spec : forall x : t_T'0, y : t_T'0 . [%#sord14] (x = y) = (cmp_log'1 x y = C_Equal'0) - - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 66 4 66 34] (x : t_T'0) (y : t_T'0) : () - - axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord12] cmp_log'1 x y = C_Greater'0) - -> ([%#sord13] cmp_log'1 y x = C_Less'0) + function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : bool) (o : bool) : bool = + [%#sord1] cmp_log'0 self o = C_Greater'0 - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 61 4 61 34] (x : t_T'0) (y : t_T'0) : () + goal refines : [%#sord0] forall x : bool . forall y : bool . forall result : () . gt_log'0 x y + = (cmp_log'0 x y = C_Greater'0) -> gt_log'0 x y = (cmp_log'0 x y = C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi17836724837647357586__cmp_le_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 25 20 25 56 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 248 8 253 9 - axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord10] cmp_log'1 x y = C_Less'0) - -> ([%#sord11] cmp_log'1 y x = C_Greater'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 56 4 56 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 247 4 247 41] (self : bool) (o : bool) : t_Ordering'0 + = + [%#sord2] match (self, o) with + | (False, False) -> C_Equal'0 + | (True, True) -> C_Equal'0 + | (False, True) -> C_Less'0 + | (True, False) -> C_Greater'0 + end - axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord7] cmp_log'1 x y = o) - -> ([%#sord8] cmp_log'1 y z = o) -> ([%#sord9] cmp_log'1 x z = o) - - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 50 4 50 21] (x : t_T'0) : () - - axiom refl'0_spec : forall x : t_T'0 . [%#sord6] cmp_log'1 x x = C_Equal'0 - - function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 40 4 40 36] (self : t_T'0) (o : t_T'0) : bool - - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (x : t_T'0) (y : t_T'0) : () - - axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) - - function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (self : t_T'0) (o : t_T'0) : bool - - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 36 4 36 36] (x : t_T'0) (y : t_T'0) : () - - axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) + function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : bool) (o : bool) : bool = + [%#sord1] cmp_log'0 self o <> C_Greater'0 - function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 20 4 20 36] (self : t_T'0) (o : t_T'0) : bool + goal refines : [%#sord0] forall x : bool . forall y : bool . forall result : () . le_log'0 x y + = (cmp_log'0 x y <> C_Greater'0) -> le_log'0 x y = (cmp_log'0 x y <> C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi17836724837647357586__cmp_lt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 36 20 36 53 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 248 8 253 9 - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 26 4 26 36] (x : t_T'0) (y : t_T'0) : () + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord3] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 247 4 247 41] (self : bool) (o : bool) : t_Ordering'0 + + = + [%#sord2] match (self, o) with + | (False, False) -> C_Equal'0 + | (True, True) -> C_Equal'0 + | (False, True) -> C_Less'0 + | (True, False) -> C_Greater'0 + end - function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 10 4 10 36] (self : t_T'0) (o : t_T'0) : bool + function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : bool) (o : bool) : bool = + [%#sord1] cmp_log'0 self o = C_Less'0 - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 16 4 16 36] (x : t_T'0) (y : t_T'0) : () + goal refines : [%#sord0] forall x : bool . forall y : bool . forall result : () . lt_log'0 x y + = (cmp_log'0 x y = C_Less'0) -> lt_log'0 x y = (cmp_log'0 x y = C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi17836724837647357586__eq_cmp__refines [#"../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 248 8 253 9 - axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord2] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/std/cmp.rs" 77 4 77 41] (self : t_Reverse'0) (o : t_Reverse'0) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 247 4 247 41] (self : bool) (o : bool) : t_Ordering'0 = - [%#scmp1] match cmp_log'1 self.t_Reverse__0'0 o.t_Reverse__0'0 with - | C_Equal'0 -> C_Equal'0 - | C_Less'0 -> C_Greater'0 - | C_Greater'0 -> C_Less'0 + [%#sord1] match (self, o) with + | (False, False) -> C_Equal'0 + | (True, True) -> C_Equal'0 + | (False, True) -> C_Less'0 + | (True, False) -> C_Greater'0 end - goal refines : [%#scmp0] forall x : t_Reverse'0 . forall y : t_Reverse'0 . forall result : () . (x = y) + goal refines : [%#sord0] forall x : bool . forall y : bool . forall result : () . (x = y) = (cmp_log'0 x y = C_Equal'0) -> (x = y) = (cmp_log'0 x y = C_Equal'0) end -module M_creusot_contracts__stdqy35z1__cmp__qyi16241606109483467814__refl__refines [#"../../../creusot-contracts/src/std/cmp.rs" 108 4 108 20] (* as logic::ord::OrdLogic> *) - let%span scmp0 = "../../../creusot-contracts/src/std/cmp.rs" 108 4 108 20 - let%span scmp1 = "../../../creusot-contracts/src/std/cmp.rs" 78 8 82 9 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 15 14 15 64 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 25 14 25 61 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 35 14 35 61 - let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 45 14 45 64 - let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 49 14 49 45 - let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 53 15 53 32 - let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 54 15 54 32 - let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 55 14 55 31 - let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 59 15 59 45 - let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 60 14 60 47 - let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 64 15 64 48 - let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 65 14 65 44 - let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 69 14 69 59 - - type t_T'0 - - type t_Reverse'0 = - { t_Reverse__0'0: t_T'0 } +module M_creusot_contracts__logic__ord__qyi17836724837647357586__antisym2__refines [#"../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 248 8 253 9 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 6 4 6 42] (self : t_T'0) (_2 : t_T'0) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 247 4 247 41] (self : bool) (o : bool) : t_Ordering'0 + = + [%#sord1] match (self, o) with + | (False, False) -> C_Equal'0 + | (True, True) -> C_Equal'0 + | (False, True) -> C_Less'0 + | (True, False) -> C_Greater'0 + end - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 70 4 70 32] (x : t_T'0) (y : t_T'0) : () - - axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord14] (x = y) = (cmp_log'1 x y = C_Equal'0) + goal refines : [%#sord0] forall x : bool . forall y : bool . cmp_log'0 x y = C_Greater'0 + -> cmp_log'0 x y = C_Greater'0 /\ (forall result : () . cmp_log'0 y x = C_Less'0 -> cmp_log'0 y x = C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi17836724837647357586__trans__refines [#"../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 248 8 253 9 - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 66 4 66 34] (x : t_T'0) (y : t_T'0) : () + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord12] cmp_log'1 x y = C_Greater'0) - -> ([%#sord13] cmp_log'1 y x = C_Less'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 247 4 247 41] (self : bool) (o : bool) : t_Ordering'0 + + = + [%#sord1] match (self, o) with + | (False, False) -> C_Equal'0 + | (True, True) -> C_Equal'0 + | (False, True) -> C_Less'0 + | (True, False) -> C_Greater'0 + end - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 61 4 61 34] (x : t_T'0) (y : t_T'0) : () + goal refines : [%#sord0] forall x : bool . forall y : bool . forall z : bool . forall o : t_Ordering'0 . cmp_log'0 y z + = o + /\ cmp_log'0 x y = o + -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) +end +module M_creusot_contracts__logic__ord__qyi1910662420989811789__cmp_gt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39] (* <(A, B) as logic::ord::OrdLogic> *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 294 20 294 67 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 263 8 270 11 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 + let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 + let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 + let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 + let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 + let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 + let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 + let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 + let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 + let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 + let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 + let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 - axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord10] cmp_log'1 x y = C_Less'0) - -> ([%#sord11] cmp_log'1 y x = C_Greater'0) + type t_A'0 - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 56 4 56 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () - + type t_B'0 - axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord7] cmp_log'1 x y = o) - -> ([%#sord8] cmp_log'1 y z = o) -> ([%#sord9] cmp_log'1 x z = o) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function refl'1 [#"../../../creusot-contracts/src/logic/ord.rs" 50 4 50 21] (x : t_T'0) : () + function cmp_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_B'0) (other : t_B'0) : t_Ordering'0 + - axiom refl'1_spec : forall x : t_T'0 . [%#sord6] cmp_log'1 x x = C_Equal'0 + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_B'0) (y : t_B'0) : () - function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 40 4 40 36] (self : t_T'0) (o : t_T'0) : bool + axiom eq_cmp'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord15] (x = y) = (cmp_log'2 x y = C_Equal'0) - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (x : t_T'0) (y : t_T'0) : () + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_B'0) (y : t_B'0) : () - axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) + axiom antisym2'0_spec : forall x : t_B'0, y : t_B'0 . ([%#sord13] cmp_log'2 x y = C_Greater'0) + -> ([%#sord14] cmp_log'2 y x = C_Less'0) - function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (self : t_T'0) (o : t_T'0) : bool + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_B'0) (y : t_B'0) : () - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 36 4 36 36] (x : t_T'0) (y : t_T'0) : () + axiom antisym1'0_spec : forall x : t_B'0, y : t_B'0 . ([%#sord11] cmp_log'2 x y = C_Less'0) + -> ([%#sord12] cmp_log'2 y x = C_Greater'0) - axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_B'0) (y : t_B'0) (z : t_B'0) (o : t_Ordering'0) : () + - function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 20 4 20 36] (self : t_T'0) (o : t_T'0) : bool + axiom trans'0_spec : forall x : t_B'0, y : t_B'0, z : t_B'0, o : t_Ordering'0 . ([%#sord8] cmp_log'2 x y = o) + -> ([%#sord9] cmp_log'2 y z = o) -> ([%#sord10] cmp_log'2 x z = o) - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 26 4 26 36] (x : t_T'0) (y : t_T'0) : () + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_B'0) : () - axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord3] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) + axiom refl'0_spec : forall x : t_B'0 . [%#sord7] cmp_log'2 x x = C_Equal'0 - function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 10 4 10 36] (self : t_T'0) (o : t_T'0) : bool + function gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_B'0) (o : t_B'0) : bool - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 16 4 16 36] (x : t_T'0) (y : t_T'0) : () + function cmp_gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_B'0) (y : t_B'0) : () - axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord2] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) + axiom cmp_gt_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord6] gt_log'1 x y = (cmp_log'2 x y = C_Greater'0) - function cmp_log'0 [#"../../../creusot-contracts/src/std/cmp.rs" 77 4 77 41] (self : t_Reverse'0) (o : t_Reverse'0) : t_Ordering'0 - - = - [%#scmp1] match cmp_log'1 self.t_Reverse__0'0 o.t_Reverse__0'0 with - | C_Equal'0 -> C_Equal'0 - | C_Less'0 -> C_Greater'0 - | C_Greater'0 -> C_Less'0 - end + function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_B'0) (o : t_B'0) : bool - goal refines : [%#scmp0] forall x : t_Reverse'0 . forall result : () . cmp_log'0 x x = C_Equal'0 - -> cmp_log'0 x x = C_Equal'0 -end -module M_creusot_contracts__stdqy35z1__cmp__qyi16241606109483467814__trans__refines [#"../../../creusot-contracts/src/std/cmp.rs" 115 4 115 52] (* as logic::ord::OrdLogic> *) - let%span scmp0 = "../../../creusot-contracts/src/std/cmp.rs" 115 4 115 52 - let%span scmp1 = "../../../creusot-contracts/src/std/cmp.rs" 78 8 82 9 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 15 14 15 64 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 25 14 25 61 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 35 14 35 61 - let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 45 14 45 64 - let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 49 14 49 45 - let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 53 15 53 32 - let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 54 15 54 32 - let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 55 14 55 31 - let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 59 15 59 45 - let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 60 14 60 47 - let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 64 15 64 48 - let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 65 14 65 44 - let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 69 14 69 59 + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_B'0) (y : t_B'0) : () - type t_T'0 + axiom cmp_ge_log'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord5] ge_log'0 x y = (cmp_log'2 x y <> C_Less'0) - type t_Reverse'0 = - { t_Reverse__0'0: t_T'0 } + function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_B'0) (o : t_B'0) : bool - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_B'0) (y : t_B'0) : () - function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 6 4 6 42] (self : t_T'0) (_2 : t_T'0) : t_Ordering'0 + axiom cmp_lt_log'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord4] lt_log'0 x y = (cmp_log'2 x y = C_Less'0) + + function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_B'0) (o : t_B'0) : bool + + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_B'0) (y : t_B'0) : () + + axiom cmp_le_log'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord3] le_log'0 x y = (cmp_log'2 x y <> C_Greater'0) + + function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_A'0) (other : t_A'0) : t_Ordering'0 - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 70 4 70 32] (x : t_T'0) (y : t_T'0) : () + function eq_cmp'1 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_A'0) (y : t_A'0) : () - axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord14] (x = y) = (cmp_log'1 x y = C_Equal'0) + axiom eq_cmp'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord15] (x = y) = (cmp_log'1 x y = C_Equal'0) - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 66 4 66 34] (x : t_T'0) (y : t_T'0) : () + function antisym2'1 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_A'0) (y : t_A'0) : () - axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord12] cmp_log'1 x y = C_Greater'0) - -> ([%#sord13] cmp_log'1 y x = C_Less'0) + axiom antisym2'1_spec : forall x : t_A'0, y : t_A'0 . ([%#sord13] cmp_log'1 x y = C_Greater'0) + -> ([%#sord14] cmp_log'1 y x = C_Less'0) - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 61 4 61 34] (x : t_T'0) (y : t_T'0) : () + function antisym1'1 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_A'0) (y : t_A'0) : () - axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord10] cmp_log'1 x y = C_Less'0) - -> ([%#sord11] cmp_log'1 y x = C_Greater'0) + axiom antisym1'1_spec : forall x : t_A'0, y : t_A'0 . ([%#sord11] cmp_log'1 x y = C_Less'0) + -> ([%#sord12] cmp_log'1 y x = C_Greater'0) - function trans'1 [#"../../../creusot-contracts/src/logic/ord.rs" 56 4 56 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () + function trans'1 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_A'0) (y : t_A'0) (z : t_A'0) (o : t_Ordering'0) : () - axiom trans'1_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord7] cmp_log'1 x y = o) - -> ([%#sord8] cmp_log'1 y z = o) -> ([%#sord9] cmp_log'1 x z = o) + axiom trans'1_spec : forall x : t_A'0, y : t_A'0, z : t_A'0, o : t_Ordering'0 . ([%#sord8] cmp_log'1 x y = o) + -> ([%#sord9] cmp_log'1 y z = o) -> ([%#sord10] cmp_log'1 x z = o) - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 50 4 50 21] (x : t_T'0) : () + function refl'1 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_A'0) : () - axiom refl'0_spec : forall x : t_T'0 . [%#sord6] cmp_log'1 x x = C_Equal'0 + axiom refl'1_spec : forall x : t_A'0 . [%#sord7] cmp_log'1 x x = C_Equal'0 - function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 40 4 40 36] (self : t_T'0) (o : t_T'0) : bool + function gt_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_A'0) (o : t_A'0) : bool - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (x : t_T'0) (y : t_T'0) : () + function cmp_gt_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_A'0) (y : t_A'0) : () - axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) + axiom cmp_gt_log'2_spec : forall x : t_A'0, y : t_A'0 . [%#sord6] gt_log'2 x y = (cmp_log'1 x y = C_Greater'0) - function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (self : t_T'0) (o : t_T'0) : bool + function ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_A'0) (o : t_A'0) : bool - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 36 4 36 36] (x : t_T'0) (y : t_T'0) : () + function cmp_ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_A'0) (y : t_A'0) : () - axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) + axiom cmp_ge_log'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord5] ge_log'1 x y = (cmp_log'1 x y <> C_Less'0) - function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 20 4 20 36] (self : t_T'0) (o : t_T'0) : bool + function lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_A'0) (o : t_A'0) : bool - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 26 4 26 36] (x : t_T'0) (y : t_T'0) : () + function cmp_lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_A'0) (y : t_A'0) : () - axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord3] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) + axiom cmp_lt_log'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord4] lt_log'1 x y = (cmp_log'1 x y = C_Less'0) - function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 10 4 10 36] (self : t_T'0) (o : t_T'0) : bool + function le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_A'0) (o : t_A'0) : bool - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 16 4 16 36] (x : t_T'0) (y : t_T'0) : () + function cmp_le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_A'0) (y : t_A'0) : () - axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord2] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) + axiom cmp_le_log'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord3] le_log'1 x y = (cmp_log'1 x y <> C_Greater'0) - function cmp_log'0 [#"../../../creusot-contracts/src/std/cmp.rs" 77 4 77 41] (self : t_Reverse'0) (o : t_Reverse'0) : t_Ordering'0 + function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 293 4 293 36] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : bool = - [%#scmp1] match cmp_log'1 self.t_Reverse__0'0 o.t_Reverse__0'0 with - | C_Equal'0 -> C_Equal'0 - | C_Less'0 -> C_Greater'0 - | C_Greater'0 -> C_Less'0 - end + [%#sord1] (let (a, _) = self in a) = (let (a, _) = o in a) + /\ gt_log'1 (let (_, a) = self in a) (let (_, a) = o in a) + \/ gt_log'2 (let (a, _) = self in a) (let (a, _) = o in a) - goal refines : [%#scmp0] forall x : t_Reverse'0 . forall y : t_Reverse'0 . forall z : t_Reverse'0 . forall o : t_Ordering'0 . cmp_log'0 y z - = o - /\ cmp_log'0 x y = o - -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 262 4 262 41] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : t_Ordering'0 + + = + [%#sord2] let r = cmp_log'1 (let (a, _) = self in a) (let (a, _) = o in a) in if r = C_Equal'0 then + cmp_log'2 (let (_, a) = self in a) (let (_, a) = o in a) + else + r + + + goal refines : [%#sord0] forall x : (t_A'0, t_B'0) . forall y : (t_A'0, t_B'0) . forall result : () . gt_log'0 x y + = (cmp_log'0 x y = C_Greater'0) -> gt_log'0 x y = (cmp_log'0 x y = C_Greater'0) end -module M_creusot_contracts__stdqy35z1__cmp__qyi16241606109483467814__antisym2__refines [#"../../../creusot-contracts/src/std/cmp.rs" 127 4 127 33] (* as logic::ord::OrdLogic> *) - let%span scmp0 = "../../../creusot-contracts/src/std/cmp.rs" 127 4 127 33 - let%span scmp1 = "../../../creusot-contracts/src/std/cmp.rs" 78 8 82 9 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 15 14 15 64 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 25 14 25 61 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 35 14 35 61 - let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 45 14 45 64 - let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 49 14 49 45 - let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 53 15 53 32 - let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 54 15 54 32 - let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 55 14 55 31 - let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 59 15 59 45 - let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 60 14 60 47 - let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 64 15 64 48 - let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 65 14 65 44 - let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 69 14 69 59 +module M_creusot_contracts__logic__ord__qyi1910662420989811789__cmp_ge_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39] (* <(A, B) as logic::ord::OrdLogic> *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 288 20 288 68 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 263 8 270 11 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 + let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 + let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 + let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 + let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 + let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 + let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 + let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 + let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 + let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 + let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 + let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 - type t_T'0 + type t_A'0 - type t_Reverse'0 = - { t_Reverse__0'0: t_T'0 } + type t_B'0 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 6 4 6 42] (self : t_T'0) (_2 : t_T'0) : t_Ordering'0 + function cmp_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_B'0) (other : t_B'0) : t_Ordering'0 - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 70 4 70 32] (x : t_T'0) (y : t_T'0) : () + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_B'0) (y : t_B'0) : () - axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord14] (x = y) = (cmp_log'1 x y = C_Equal'0) + axiom eq_cmp'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord15] (x = y) = (cmp_log'2 x y = C_Equal'0) - function antisym2'1 [#"../../../creusot-contracts/src/logic/ord.rs" 66 4 66 34] (x : t_T'0) (y : t_T'0) : () + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_B'0) (y : t_B'0) : () - axiom antisym2'1_spec : forall x : t_T'0, y : t_T'0 . ([%#sord12] cmp_log'1 x y = C_Greater'0) - -> ([%#sord13] cmp_log'1 y x = C_Less'0) + axiom antisym2'0_spec : forall x : t_B'0, y : t_B'0 . ([%#sord13] cmp_log'2 x y = C_Greater'0) + -> ([%#sord14] cmp_log'2 y x = C_Less'0) - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 61 4 61 34] (x : t_T'0) (y : t_T'0) : () + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_B'0) (y : t_B'0) : () - axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord10] cmp_log'1 x y = C_Less'0) - -> ([%#sord11] cmp_log'1 y x = C_Greater'0) + axiom antisym1'0_spec : forall x : t_B'0, y : t_B'0 . ([%#sord11] cmp_log'2 x y = C_Less'0) + -> ([%#sord12] cmp_log'2 y x = C_Greater'0) - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 56 4 56 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_B'0) (y : t_B'0) (z : t_B'0) (o : t_Ordering'0) : () - axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord7] cmp_log'1 x y = o) - -> ([%#sord8] cmp_log'1 y z = o) -> ([%#sord9] cmp_log'1 x z = o) - - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 50 4 50 21] (x : t_T'0) : () - - axiom refl'0_spec : forall x : t_T'0 . [%#sord6] cmp_log'1 x x = C_Equal'0 - - function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 40 4 40 36] (self : t_T'0) (o : t_T'0) : bool - - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (x : t_T'0) (y : t_T'0) : () - - axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) + axiom trans'0_spec : forall x : t_B'0, y : t_B'0, z : t_B'0, o : t_Ordering'0 . ([%#sord8] cmp_log'2 x y = o) + -> ([%#sord9] cmp_log'2 y z = o) -> ([%#sord10] cmp_log'2 x z = o) - function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (self : t_T'0) (o : t_T'0) : bool + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_B'0) : () - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 36 4 36 36] (x : t_T'0) (y : t_T'0) : () + axiom refl'0_spec : forall x : t_B'0 . [%#sord7] cmp_log'2 x x = C_Equal'0 - axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) + function gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_B'0) (o : t_B'0) : bool - function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 20 4 20 36] (self : t_T'0) (o : t_T'0) : bool + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_B'0) (y : t_B'0) : () - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 26 4 26 36] (x : t_T'0) (y : t_T'0) : () + axiom cmp_gt_log'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord6] gt_log'1 x y = (cmp_log'2 x y = C_Greater'0) - axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord3] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) + function ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_B'0) (o : t_B'0) : bool - function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 10 4 10 36] (self : t_T'0) (o : t_T'0) : bool + function cmp_ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_B'0) (y : t_B'0) : () - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 16 4 16 36] (x : t_T'0) (y : t_T'0) : () + axiom cmp_ge_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord5] ge_log'1 x y = (cmp_log'2 x y <> C_Less'0) - axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord2] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) + function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_B'0) (o : t_B'0) : bool - function cmp_log'0 [#"../../../creusot-contracts/src/std/cmp.rs" 77 4 77 41] (self : t_Reverse'0) (o : t_Reverse'0) : t_Ordering'0 - - = - [%#scmp1] match cmp_log'1 self.t_Reverse__0'0 o.t_Reverse__0'0 with - | C_Equal'0 -> C_Equal'0 - | C_Less'0 -> C_Greater'0 - | C_Greater'0 -> C_Less'0 - end + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_B'0) (y : t_B'0) : () - goal refines : [%#scmp0] forall x : t_Reverse'0 . forall y : t_Reverse'0 . cmp_log'0 x y = C_Greater'0 - -> cmp_log'0 x y = C_Greater'0 /\ (forall result : () . cmp_log'0 y x = C_Less'0 -> cmp_log'0 y x = C_Less'0) -end -module M_creusot_contracts__stdqy35z1__cmp__qyi16241606109483467814__cmp_le_log__refines [#"../../../creusot-contracts/src/std/cmp.rs" 88 4 88 35] (* as logic::ord::OrdLogic> *) - let%span scmp0 = "../../../creusot-contracts/src/std/cmp.rs" 88 4 88 35 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 11 20 11 56 - let%span scmp2 = "../../../creusot-contracts/src/std/cmp.rs" 78 8 82 9 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 15 14 15 64 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 25 14 25 61 - let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 35 14 35 61 - let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 45 14 45 64 - let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 49 14 49 45 - let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 53 15 53 32 - let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 54 15 54 32 - let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 55 14 55 31 - let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 59 15 59 45 - let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 60 14 60 47 - let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 64 15 64 48 - let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 65 14 65 44 - let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 69 14 69 59 + axiom cmp_lt_log'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord4] lt_log'0 x y = (cmp_log'2 x y = C_Less'0) - type t_T'0 + function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_B'0) (o : t_B'0) : bool - type t_Reverse'0 = - { t_Reverse__0'0: t_T'0 } + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_B'0) (y : t_B'0) : () - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + axiom cmp_le_log'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord3] le_log'0 x y = (cmp_log'2 x y <> C_Greater'0) - function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 6 4 6 42] (self : t_T'0) (_2 : t_T'0) : t_Ordering'0 + function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_A'0) (other : t_A'0) : t_Ordering'0 - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 70 4 70 32] (x : t_T'0) (y : t_T'0) : () + function eq_cmp'1 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_A'0) (y : t_A'0) : () - axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord15] (x = y) = (cmp_log'1 x y = C_Equal'0) + axiom eq_cmp'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord15] (x = y) = (cmp_log'1 x y = C_Equal'0) - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 66 4 66 34] (x : t_T'0) (y : t_T'0) : () + function antisym2'1 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_A'0) (y : t_A'0) : () - axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord13] cmp_log'1 x y = C_Greater'0) + axiom antisym2'1_spec : forall x : t_A'0, y : t_A'0 . ([%#sord13] cmp_log'1 x y = C_Greater'0) -> ([%#sord14] cmp_log'1 y x = C_Less'0) - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 61 4 61 34] (x : t_T'0) (y : t_T'0) : () + function antisym1'1 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_A'0) (y : t_A'0) : () - axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord11] cmp_log'1 x y = C_Less'0) + axiom antisym1'1_spec : forall x : t_A'0, y : t_A'0 . ([%#sord11] cmp_log'1 x y = C_Less'0) -> ([%#sord12] cmp_log'1 y x = C_Greater'0) - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 56 4 56 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () + function trans'1 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_A'0) (y : t_A'0) (z : t_A'0) (o : t_Ordering'0) : () - axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord8] cmp_log'1 x y = o) + axiom trans'1_spec : forall x : t_A'0, y : t_A'0, z : t_A'0, o : t_Ordering'0 . ([%#sord8] cmp_log'1 x y = o) -> ([%#sord9] cmp_log'1 y z = o) -> ([%#sord10] cmp_log'1 x z = o) - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 50 4 50 21] (x : t_T'0) : () + function refl'1 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_A'0) : () - axiom refl'0_spec : forall x : t_T'0 . [%#sord7] cmp_log'1 x x = C_Equal'0 + axiom refl'1_spec : forall x : t_A'0 . [%#sord7] cmp_log'1 x x = C_Equal'0 - function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 40 4 40 36] (self : t_T'0) (o : t_T'0) : bool + function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_A'0) (o : t_A'0) : bool - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (x : t_T'0) (y : t_T'0) : () + function cmp_gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_A'0) (y : t_A'0) : () - axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord6] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) + axiom cmp_gt_log'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord6] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) - function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (self : t_T'0) (o : t_T'0) : bool + function ge_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_A'0) (o : t_A'0) : bool - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 36 4 36 36] (x : t_T'0) (y : t_T'0) : () + function cmp_ge_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_A'0) (y : t_A'0) : () - axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) + axiom cmp_ge_log'2_spec : forall x : t_A'0, y : t_A'0 . [%#sord5] ge_log'2 x y = (cmp_log'1 x y <> C_Less'0) - function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 20 4 20 36] (self : t_T'0) (o : t_T'0) : bool + function lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_A'0) (o : t_A'0) : bool - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 26 4 26 36] (x : t_T'0) (y : t_T'0) : () + function cmp_lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_A'0) (y : t_A'0) : () - axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) + axiom cmp_lt_log'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord4] lt_log'1 x y = (cmp_log'1 x y = C_Less'0) - function le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 10 4 10 36] (self : t_T'0) (o : t_T'0) : bool + function le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_A'0) (o : t_A'0) : bool - function cmp_le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 16 4 16 36] (x : t_T'0) (y : t_T'0) : () + function cmp_le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_A'0) (y : t_A'0) : () - axiom cmp_le_log'1_spec : forall x : t_T'0, y : t_T'0 . [%#sord3] le_log'1 x y = (cmp_log'1 x y <> C_Greater'0) + axiom cmp_le_log'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord3] le_log'1 x y = (cmp_log'1 x y <> C_Greater'0) - function cmp_log'0 [#"../../../creusot-contracts/src/std/cmp.rs" 77 4 77 41] (self : t_Reverse'0) (o : t_Reverse'0) : t_Ordering'0 + function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 287 4 287 36] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : bool = - [%#scmp2] match cmp_log'1 self.t_Reverse__0'0 o.t_Reverse__0'0 with - | C_Equal'0 -> C_Equal'0 - | C_Less'0 -> C_Greater'0 - | C_Greater'0 -> C_Less'0 - end + [%#sord1] (let (a, _) = self in a) = (let (a, _) = o in a) + /\ ge_log'1 (let (_, a) = self in a) (let (_, a) = o in a) + \/ gt_log'0 (let (a, _) = self in a) (let (a, _) = o in a) - function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 10 4 10 36] (self : t_Reverse'0) (o : t_Reverse'0) : bool + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 262 4 262 41] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : t_Ordering'0 = - [%#sord1] cmp_log'0 self o <> C_Greater'0 + [%#sord2] let r = cmp_log'1 (let (a, _) = self in a) (let (a, _) = o in a) in if r = C_Equal'0 then + cmp_log'2 (let (_, a) = self in a) (let (_, a) = o in a) + else + r + - goal refines : [%#scmp0] forall x : t_Reverse'0 . forall y : t_Reverse'0 . forall result : () . le_log'0 x y - = (cmp_log'0 x y <> C_Greater'0) -> le_log'0 x y = (cmp_log'0 x y <> C_Greater'0) + goal refines : [%#sord0] forall x : (t_A'0, t_B'0) . forall y : (t_A'0, t_B'0) . forall result : () . ge_log'0 x y + = (cmp_log'0 x y <> C_Less'0) -> ge_log'0 x y = (cmp_log'0 x y <> C_Less'0) end -module M_creusot_contracts__stdqy35z1__cmp__qyi16241606109483467814__cmp_ge_log__refines [#"../../../creusot-contracts/src/std/cmp.rs" 98 4 98 35] (* as logic::ord::OrdLogic> *) - let%span scmp0 = "../../../creusot-contracts/src/std/cmp.rs" 98 4 98 35 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 31 20 31 53 - let%span scmp2 = "../../../creusot-contracts/src/std/cmp.rs" 78 8 82 9 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 15 14 15 64 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 25 14 25 61 - let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 35 14 35 61 - let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 45 14 45 64 - let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 49 14 49 45 - let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 53 15 53 32 - let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 54 15 54 32 - let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 55 14 55 31 - let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 59 15 59 45 - let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 60 14 60 47 - let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 64 15 64 48 - let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 65 14 65 44 - let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 69 14 69 59 +module M_creusot_contracts__logic__ord__qyi1910662420989811789__antisym2__refines [#"../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37] (* <(A, B) as logic::ord::OrdLogic> *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 263 8 270 11 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 + let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 + let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 + let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 + let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 + let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 + let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 + let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 + let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 + let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 + let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 - type t_T'0 + type t_A'0 - type t_Reverse'0 = - { t_Reverse__0'0: t_T'0 } + type t_B'0 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 6 4 6 42] (self : t_T'0) (_2 : t_T'0) : t_Ordering'0 + function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_A'0) (other : t_A'0) : t_Ordering'0 - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 70 4 70 32] (x : t_T'0) (y : t_T'0) : () + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_A'0) (y : t_A'0) : () - axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord15] (x = y) = (cmp_log'1 x y = C_Equal'0) + axiom eq_cmp'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord14] (x = y) = (cmp_log'1 x y = C_Equal'0) - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 66 4 66 34] (x : t_T'0) (y : t_T'0) : () + function antisym2'1 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_A'0) (y : t_A'0) : () - axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord13] cmp_log'1 x y = C_Greater'0) - -> ([%#sord14] cmp_log'1 y x = C_Less'0) + axiom antisym2'1_spec : forall x : t_A'0, y : t_A'0 . ([%#sord12] cmp_log'1 x y = C_Greater'0) + -> ([%#sord13] cmp_log'1 y x = C_Less'0) - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 61 4 61 34] (x : t_T'0) (y : t_T'0) : () + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_A'0) (y : t_A'0) : () - axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord11] cmp_log'1 x y = C_Less'0) - -> ([%#sord12] cmp_log'1 y x = C_Greater'0) + axiom antisym1'0_spec : forall x : t_A'0, y : t_A'0 . ([%#sord10] cmp_log'1 x y = C_Less'0) + -> ([%#sord11] cmp_log'1 y x = C_Greater'0) - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 56 4 56 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_A'0) (y : t_A'0) (z : t_A'0) (o : t_Ordering'0) : () - axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord8] cmp_log'1 x y = o) - -> ([%#sord9] cmp_log'1 y z = o) -> ([%#sord10] cmp_log'1 x z = o) + axiom trans'0_spec : forall x : t_A'0, y : t_A'0, z : t_A'0, o : t_Ordering'0 . ([%#sord7] cmp_log'1 x y = o) + -> ([%#sord8] cmp_log'1 y z = o) -> ([%#sord9] cmp_log'1 x z = o) - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 50 4 50 21] (x : t_T'0) : () + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_A'0) : () - axiom refl'0_spec : forall x : t_T'0 . [%#sord7] cmp_log'1 x x = C_Equal'0 + axiom refl'0_spec : forall x : t_A'0 . [%#sord6] cmp_log'1 x x = C_Equal'0 - function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 40 4 40 36] (self : t_T'0) (o : t_T'0) : bool + function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_A'0) (o : t_A'0) : bool - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (x : t_T'0) (y : t_T'0) : () + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_A'0) (y : t_A'0) : () - axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord6] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) + axiom cmp_gt_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord5] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) - function ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (self : t_T'0) (o : t_T'0) : bool + function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_A'0) (o : t_A'0) : bool - function cmp_ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 36 4 36 36] (x : t_T'0) (y : t_T'0) : () + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_A'0) (y : t_A'0) : () - axiom cmp_ge_log'1_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] ge_log'1 x y = (cmp_log'1 x y <> C_Less'0) + axiom cmp_ge_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord4] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) - function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 20 4 20 36] (self : t_T'0) (o : t_T'0) : bool + function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_A'0) (o : t_A'0) : bool - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 26 4 26 36] (x : t_T'0) (y : t_T'0) : () + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_A'0) (y : t_A'0) : () - axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) + axiom cmp_lt_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord3] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) - function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 10 4 10 36] (self : t_T'0) (o : t_T'0) : bool + function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_A'0) (o : t_A'0) : bool - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 16 4 16 36] (x : t_T'0) (y : t_T'0) : () + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_A'0) (y : t_A'0) : () - axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord3] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) + axiom cmp_le_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord2] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) - function cmp_log'0 [#"../../../creusot-contracts/src/std/cmp.rs" 77 4 77 41] (self : t_Reverse'0) (o : t_Reverse'0) : t_Ordering'0 + function cmp_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_B'0) (other : t_B'0) : t_Ordering'0 - = - [%#scmp2] match cmp_log'1 self.t_Reverse__0'0 o.t_Reverse__0'0 with - | C_Equal'0 -> C_Equal'0 - | C_Less'0 -> C_Greater'0 - | C_Greater'0 -> C_Less'0 - end - function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (self : t_Reverse'0) (o : t_Reverse'0) : bool - - = - [%#sord1] cmp_log'0 self o <> C_Less'0 + function eq_cmp'1 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_B'0) (y : t_B'0) : () - goal refines : [%#scmp0] forall x : t_Reverse'0 . forall y : t_Reverse'0 . forall result : () . ge_log'0 x y - = (cmp_log'0 x y <> C_Less'0) -> ge_log'0 x y = (cmp_log'0 x y <> C_Less'0) -end -module M_creusot_contracts__stdqy35z1__cmp__qyi16241606109483467814__cmp_gt_log__refines [#"../../../creusot-contracts/src/std/cmp.rs" 103 4 103 35] (* as logic::ord::OrdLogic> *) - let%span scmp0 = "../../../creusot-contracts/src/std/cmp.rs" 103 4 103 35 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 41 20 41 56 - let%span scmp2 = "../../../creusot-contracts/src/std/cmp.rs" 78 8 82 9 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 15 14 15 64 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 25 14 25 61 - let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 35 14 35 61 - let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 45 14 45 64 - let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 49 14 49 45 - let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 53 15 53 32 - let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 54 15 54 32 - let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 55 14 55 31 - let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 59 15 59 45 - let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 60 14 60 47 - let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 64 15 64 48 - let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 65 14 65 44 - let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 69 14 69 59 + axiom eq_cmp'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord14] (x = y) = (cmp_log'2 x y = C_Equal'0) - type t_T'0 + function antisym2'2 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_B'0) (y : t_B'0) : () - type t_Reverse'0 = - { t_Reverse__0'0: t_T'0 } + axiom antisym2'2_spec : forall x : t_B'0, y : t_B'0 . ([%#sord12] cmp_log'2 x y = C_Greater'0) + -> ([%#sord13] cmp_log'2 y x = C_Less'0) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function antisym1'1 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_B'0) (y : t_B'0) : () + + axiom antisym1'1_spec : forall x : t_B'0, y : t_B'0 . ([%#sord10] cmp_log'2 x y = C_Less'0) + -> ([%#sord11] cmp_log'2 y x = C_Greater'0) - function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 6 4 6 42] (self : t_T'0) (_2 : t_T'0) : t_Ordering'0 + function trans'1 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_B'0) (y : t_B'0) (z : t_B'0) (o : t_Ordering'0) : () - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 70 4 70 32] (x : t_T'0) (y : t_T'0) : () + axiom trans'1_spec : forall x : t_B'0, y : t_B'0, z : t_B'0, o : t_Ordering'0 . ([%#sord7] cmp_log'2 x y = o) + -> ([%#sord8] cmp_log'2 y z = o) -> ([%#sord9] cmp_log'2 x z = o) - axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord15] (x = y) = (cmp_log'1 x y = C_Equal'0) + function refl'1 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_B'0) : () - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 66 4 66 34] (x : t_T'0) (y : t_T'0) : () + axiom refl'1_spec : forall x : t_B'0 . [%#sord6] cmp_log'2 x x = C_Equal'0 - axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord13] cmp_log'1 x y = C_Greater'0) - -> ([%#sord14] cmp_log'1 y x = C_Less'0) + function gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_B'0) (o : t_B'0) : bool - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 61 4 61 34] (x : t_T'0) (y : t_T'0) : () + function cmp_gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_B'0) (y : t_B'0) : () - axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord11] cmp_log'1 x y = C_Less'0) - -> ([%#sord12] cmp_log'1 y x = C_Greater'0) + axiom cmp_gt_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord5] gt_log'1 x y = (cmp_log'2 x y = C_Greater'0) + + function ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_B'0) (o : t_B'0) : bool + + function cmp_ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_B'0) (y : t_B'0) : () + + axiom cmp_ge_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord4] ge_log'1 x y = (cmp_log'2 x y <> C_Less'0) + + function lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_B'0) (o : t_B'0) : bool + + function cmp_lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_B'0) (y : t_B'0) : () + + axiom cmp_lt_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord3] lt_log'1 x y = (cmp_log'2 x y = C_Less'0) + + function le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_B'0) (o : t_B'0) : bool + + function cmp_le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_B'0) (y : t_B'0) : () + + axiom cmp_le_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord2] le_log'1 x y = (cmp_log'2 x y <> C_Greater'0) + + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 262 4 262 41] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : t_Ordering'0 + + = + [%#sord1] let r = cmp_log'1 (let (a, _) = self in a) (let (a, _) = o in a) in if r = C_Equal'0 then + cmp_log'2 (let (_, a) = self in a) (let (_, a) = o in a) + else + r + + + goal refines : [%#sord0] forall x : (t_A'0, t_B'0) . forall y : (t_A'0, t_B'0) . cmp_log'0 x y = C_Greater'0 + -> cmp_log'0 x y = C_Greater'0 /\ (forall result : () . cmp_log'0 y x = C_Less'0 -> cmp_log'0 y x = C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi1910662420989811789__eq_cmp__refines [#"../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35] (* <(A, B) as logic::ord::OrdLogic> *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 263 8 270 11 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 + let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 + let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 + let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 + let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 + let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 + let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 + let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 + let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 + let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 + let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 + + type t_A'0 + + type t_B'0 + + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 56 4 56 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () + function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_A'0) (other : t_A'0) : t_Ordering'0 - axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord8] cmp_log'1 x y = o) - -> ([%#sord9] cmp_log'1 y z = o) -> ([%#sord10] cmp_log'1 x z = o) + function eq_cmp'1 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_A'0) (y : t_A'0) : () - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 50 4 50 21] (x : t_T'0) : () + axiom eq_cmp'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord14] (x = y) = (cmp_log'1 x y = C_Equal'0) - axiom refl'0_spec : forall x : t_T'0 . [%#sord7] cmp_log'1 x x = C_Equal'0 + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_A'0) (y : t_A'0) : () - function gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 40 4 40 36] (self : t_T'0) (o : t_T'0) : bool + axiom antisym2'0_spec : forall x : t_A'0, y : t_A'0 . ([%#sord12] cmp_log'1 x y = C_Greater'0) + -> ([%#sord13] cmp_log'1 y x = C_Less'0) - function cmp_gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (x : t_T'0) (y : t_T'0) : () + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_A'0) (y : t_A'0) : () - axiom cmp_gt_log'1_spec : forall x : t_T'0, y : t_T'0 . [%#sord6] gt_log'1 x y = (cmp_log'1 x y = C_Greater'0) + axiom antisym1'0_spec : forall x : t_A'0, y : t_A'0 . ([%#sord10] cmp_log'1 x y = C_Less'0) + -> ([%#sord11] cmp_log'1 y x = C_Greater'0) - function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (self : t_T'0) (o : t_T'0) : bool + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_A'0) (y : t_A'0) (z : t_A'0) (o : t_Ordering'0) : () + - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 36 4 36 36] (x : t_T'0) (y : t_T'0) : () + axiom trans'0_spec : forall x : t_A'0, y : t_A'0, z : t_A'0, o : t_Ordering'0 . ([%#sord7] cmp_log'1 x y = o) + -> ([%#sord8] cmp_log'1 y z = o) -> ([%#sord9] cmp_log'1 x z = o) - axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_A'0) : () - function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 20 4 20 36] (self : t_T'0) (o : t_T'0) : bool + axiom refl'0_spec : forall x : t_A'0 . [%#sord6] cmp_log'1 x x = C_Equal'0 - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 26 4 26 36] (x : t_T'0) (y : t_T'0) : () + function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_A'0) (o : t_A'0) : bool - axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_A'0) (y : t_A'0) : () - function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 10 4 10 36] (self : t_T'0) (o : t_T'0) : bool + axiom cmp_gt_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord5] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 16 4 16 36] (x : t_T'0) (y : t_T'0) : () + function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_A'0) (o : t_A'0) : bool - axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord3] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_A'0) (y : t_A'0) : () - function cmp_log'0 [#"../../../creusot-contracts/src/std/cmp.rs" 77 4 77 41] (self : t_Reverse'0) (o : t_Reverse'0) : t_Ordering'0 - - = - [%#scmp2] match cmp_log'1 self.t_Reverse__0'0 o.t_Reverse__0'0 with - | C_Equal'0 -> C_Equal'0 - | C_Less'0 -> C_Greater'0 - | C_Greater'0 -> C_Less'0 - end + axiom cmp_ge_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord4] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) - function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 40 4 40 36] (self : t_Reverse'0) (o : t_Reverse'0) : bool - - = - [%#sord1] cmp_log'0 self o = C_Greater'0 + function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_A'0) (o : t_A'0) : bool - goal refines : [%#scmp0] forall x : t_Reverse'0 . forall y : t_Reverse'0 . forall result : () . gt_log'0 x y - = (cmp_log'0 x y = C_Greater'0) -> gt_log'0 x y = (cmp_log'0 x y = C_Greater'0) -end -module M_creusot_contracts__stdqy35z1__option__qyi10751279649878241649__cmp_ge_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (* as logic::ord::OrdLogic> *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 31 20 31 53 - let%span soption2 = "../../../creusot-contracts/src/std/option.rs" 437 8 442 9 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 15 14 15 64 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 25 14 25 61 - let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 35 14 35 61 - let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 45 14 45 64 - let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 49 14 49 45 - let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 53 15 53 32 - let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 54 15 54 32 - let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 55 14 55 31 - let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 59 15 59 45 - let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 60 14 60 47 - let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 64 15 64 48 - let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 65 14 65 44 - let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 69 14 69 59 + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_A'0) (y : t_A'0) : () - type t_T'0 + axiom cmp_lt_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord3] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) - type t_Option'0 = - | C_None'0 - | C_Some'0 t_T'0 + function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_A'0) (o : t_A'0) : bool - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_A'0) (y : t_A'0) : () + + axiom cmp_le_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord2] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) - function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 6 4 6 42] (self : t_T'0) (_2 : t_T'0) : t_Ordering'0 + function cmp_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_B'0) (other : t_B'0) : t_Ordering'0 - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 70 4 70 32] (x : t_T'0) (y : t_T'0) : () + function eq_cmp'2 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_B'0) (y : t_B'0) : () - axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord15] (x = y) = (cmp_log'1 x y = C_Equal'0) + axiom eq_cmp'2_spec : forall x : t_B'0, y : t_B'0 . [%#sord14] (x = y) = (cmp_log'2 x y = C_Equal'0) - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 66 4 66 34] (x : t_T'0) (y : t_T'0) : () + function antisym2'1 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_B'0) (y : t_B'0) : () - axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord13] cmp_log'1 x y = C_Greater'0) - -> ([%#sord14] cmp_log'1 y x = C_Less'0) + axiom antisym2'1_spec : forall x : t_B'0, y : t_B'0 . ([%#sord12] cmp_log'2 x y = C_Greater'0) + -> ([%#sord13] cmp_log'2 y x = C_Less'0) - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 61 4 61 34] (x : t_T'0) (y : t_T'0) : () + function antisym1'1 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_B'0) (y : t_B'0) : () - axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord11] cmp_log'1 x y = C_Less'0) - -> ([%#sord12] cmp_log'1 y x = C_Greater'0) + axiom antisym1'1_spec : forall x : t_B'0, y : t_B'0 . ([%#sord10] cmp_log'2 x y = C_Less'0) + -> ([%#sord11] cmp_log'2 y x = C_Greater'0) - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 56 4 56 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () + function trans'1 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_B'0) (y : t_B'0) (z : t_B'0) (o : t_Ordering'0) : () - axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord8] cmp_log'1 x y = o) - -> ([%#sord9] cmp_log'1 y z = o) -> ([%#sord10] cmp_log'1 x z = o) + axiom trans'1_spec : forall x : t_B'0, y : t_B'0, z : t_B'0, o : t_Ordering'0 . ([%#sord7] cmp_log'2 x y = o) + -> ([%#sord8] cmp_log'2 y z = o) -> ([%#sord9] cmp_log'2 x z = o) - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 50 4 50 21] (x : t_T'0) : () + function refl'1 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_B'0) : () - axiom refl'0_spec : forall x : t_T'0 . [%#sord7] cmp_log'1 x x = C_Equal'0 + axiom refl'1_spec : forall x : t_B'0 . [%#sord6] cmp_log'2 x x = C_Equal'0 - function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 40 4 40 36] (self : t_T'0) (o : t_T'0) : bool + function gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_B'0) (o : t_B'0) : bool - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (x : t_T'0) (y : t_T'0) : () + function cmp_gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_B'0) (y : t_B'0) : () - axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord6] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) + axiom cmp_gt_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord5] gt_log'1 x y = (cmp_log'2 x y = C_Greater'0) - function ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (self : t_T'0) (o : t_T'0) : bool + function ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_B'0) (o : t_B'0) : bool - function cmp_ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 36 4 36 36] (x : t_T'0) (y : t_T'0) : () + function cmp_ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_B'0) (y : t_B'0) : () - axiom cmp_ge_log'1_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] ge_log'1 x y = (cmp_log'1 x y <> C_Less'0) + axiom cmp_ge_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord4] ge_log'1 x y = (cmp_log'2 x y <> C_Less'0) - function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 20 4 20 36] (self : t_T'0) (o : t_T'0) : bool + function lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_B'0) (o : t_B'0) : bool - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 26 4 26 36] (x : t_T'0) (y : t_T'0) : () + function cmp_lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_B'0) (y : t_B'0) : () - axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) + axiom cmp_lt_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord3] lt_log'1 x y = (cmp_log'2 x y = C_Less'0) - function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 10 4 10 36] (self : t_T'0) (o : t_T'0) : bool + function le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_B'0) (o : t_B'0) : bool - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 16 4 16 36] (x : t_T'0) (y : t_T'0) : () + function cmp_le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_B'0) (y : t_B'0) : () - axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord3] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) + axiom cmp_le_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord2] le_log'1 x y = (cmp_log'2 x y <> C_Greater'0) - function cmp_log'0 [#"../../../creusot-contracts/src/std/option.rs" 436 4 436 41] (self : t_Option'0) (o : t_Option'0) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 262 4 262 41] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : t_Ordering'0 = - [%#soption2] match (self, o) with - | (C_None'0, C_None'0) -> C_Equal'0 - | (C_None'0, C_Some'0 _) -> C_Less'0 - | (C_Some'0 _, C_None'0) -> C_Greater'0 - | (C_Some'0 x, C_Some'0 y) -> cmp_log'1 x y - end - - function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (self : t_Option'0) (o : t_Option'0) : bool + [%#sord1] let r = cmp_log'1 (let (a, _) = self in a) (let (a, _) = o in a) in if r = C_Equal'0 then + cmp_log'2 (let (_, a) = self in a) (let (_, a) = o in a) + else + r - = - [%#sord1] cmp_log'0 self o <> C_Less'0 - goal refines : [%#sord0] forall x : t_Option'0 . forall y : t_Option'0 . forall result : () . ge_log'0 x y - = (cmp_log'0 x y <> C_Less'0) -> ge_log'0 x y = (cmp_log'0 x y <> C_Less'0) + goal refines : [%#sord0] forall x : (t_A'0, t_B'0) . forall y : (t_A'0, t_B'0) . forall result : () . (x = y) + = (cmp_log'0 x y = C_Equal'0) -> (x = y) = (cmp_log'0 x y = C_Equal'0) end -module M_creusot_contracts__stdqy35z1__option__qyi10751279649878241649__cmp_le_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (* as logic::ord::OrdLogic> *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 11 20 11 56 - let%span soption2 = "../../../creusot-contracts/src/std/option.rs" 437 8 442 9 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 15 14 15 64 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 25 14 25 61 - let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 35 14 35 61 - let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 45 14 45 64 - let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 49 14 49 45 - let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 53 15 53 32 - let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 54 15 54 32 - let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 55 14 55 31 - let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 59 15 59 45 - let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 60 14 60 47 - let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 64 15 64 48 - let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 65 14 65 44 - let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 69 14 69 59 +module M_creusot_contracts__logic__ord__qyi1910662420989811789__cmp_le_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39] (* <(A, B) as logic::ord::OrdLogic> *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 276 20 276 68 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 263 8 270 11 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 + let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 + let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 + let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 + let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 + let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 + let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 + let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 + let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 + let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 + let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 + let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 - type t_T'0 + type t_A'0 - type t_Option'0 = - | C_None'0 - | C_Some'0 t_T'0 + type t_B'0 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 6 4 6 42] (self : t_T'0) (_2 : t_T'0) : t_Ordering'0 + function cmp_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_B'0) (other : t_B'0) : t_Ordering'0 - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 70 4 70 32] (x : t_T'0) (y : t_T'0) : () + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_B'0) (y : t_B'0) : () - axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord15] (x = y) = (cmp_log'1 x y = C_Equal'0) + axiom eq_cmp'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord15] (x = y) = (cmp_log'2 x y = C_Equal'0) - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 66 4 66 34] (x : t_T'0) (y : t_T'0) : () + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_B'0) (y : t_B'0) : () - axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord13] cmp_log'1 x y = C_Greater'0) - -> ([%#sord14] cmp_log'1 y x = C_Less'0) + axiom antisym2'0_spec : forall x : t_B'0, y : t_B'0 . ([%#sord13] cmp_log'2 x y = C_Greater'0) + -> ([%#sord14] cmp_log'2 y x = C_Less'0) - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 61 4 61 34] (x : t_T'0) (y : t_T'0) : () + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_B'0) (y : t_B'0) : () - axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord11] cmp_log'1 x y = C_Less'0) - -> ([%#sord12] cmp_log'1 y x = C_Greater'0) + axiom antisym1'0_spec : forall x : t_B'0, y : t_B'0 . ([%#sord11] cmp_log'2 x y = C_Less'0) + -> ([%#sord12] cmp_log'2 y x = C_Greater'0) - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 56 4 56 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_B'0) (y : t_B'0) (z : t_B'0) (o : t_Ordering'0) : () - axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord8] cmp_log'1 x y = o) - -> ([%#sord9] cmp_log'1 y z = o) -> ([%#sord10] cmp_log'1 x z = o) - - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 50 4 50 21] (x : t_T'0) : () - - axiom refl'0_spec : forall x : t_T'0 . [%#sord7] cmp_log'1 x x = C_Equal'0 - - function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 40 4 40 36] (self : t_T'0) (o : t_T'0) : bool - - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (x : t_T'0) (y : t_T'0) : () - - axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord6] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) - - function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (self : t_T'0) (o : t_T'0) : bool + axiom trans'0_spec : forall x : t_B'0, y : t_B'0, z : t_B'0, o : t_Ordering'0 . ([%#sord8] cmp_log'2 x y = o) + -> ([%#sord9] cmp_log'2 y z = o) -> ([%#sord10] cmp_log'2 x z = o) - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 36 4 36 36] (x : t_T'0) (y : t_T'0) : () + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_B'0) : () - axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) + axiom refl'0_spec : forall x : t_B'0 . [%#sord7] cmp_log'2 x x = C_Equal'0 - function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 20 4 20 36] (self : t_T'0) (o : t_T'0) : bool + function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_B'0) (o : t_B'0) : bool - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 26 4 26 36] (x : t_T'0) (y : t_T'0) : () + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_B'0) (y : t_B'0) : () - axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) + axiom cmp_gt_log'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord6] gt_log'0 x y = (cmp_log'2 x y = C_Greater'0) - function le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 10 4 10 36] (self : t_T'0) (o : t_T'0) : bool + function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_B'0) (o : t_B'0) : bool - function cmp_le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 16 4 16 36] (x : t_T'0) (y : t_T'0) : () + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_B'0) (y : t_B'0) : () - axiom cmp_le_log'1_spec : forall x : t_T'0, y : t_T'0 . [%#sord3] le_log'1 x y = (cmp_log'1 x y <> C_Greater'0) + axiom cmp_ge_log'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord5] ge_log'0 x y = (cmp_log'2 x y <> C_Less'0) - function cmp_log'0 [#"../../../creusot-contracts/src/std/option.rs" 436 4 436 41] (self : t_Option'0) (o : t_Option'0) : t_Ordering'0 - - = - [%#soption2] match (self, o) with - | (C_None'0, C_None'0) -> C_Equal'0 - | (C_None'0, C_Some'0 _) -> C_Less'0 - | (C_Some'0 _, C_None'0) -> C_Greater'0 - | (C_Some'0 x, C_Some'0 y) -> cmp_log'1 x y - end + function lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_B'0) (o : t_B'0) : bool - function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 10 4 10 36] (self : t_Option'0) (o : t_Option'0) : bool - - = - [%#sord1] cmp_log'0 self o <> C_Greater'0 + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_B'0) (y : t_B'0) : () - goal refines : [%#sord0] forall x : t_Option'0 . forall y : t_Option'0 . forall result : () . le_log'0 x y - = (cmp_log'0 x y <> C_Greater'0) -> le_log'0 x y = (cmp_log'0 x y <> C_Greater'0) -end -module M_creusot_contracts__stdqy35z1__option__qyi10751279649878241649__cmp_gt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (* as logic::ord::OrdLogic> *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 41 20 41 56 - let%span soption2 = "../../../creusot-contracts/src/std/option.rs" 437 8 442 9 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 15 14 15 64 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 25 14 25 61 - let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 35 14 35 61 - let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 45 14 45 64 - let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 49 14 49 45 - let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 53 15 53 32 - let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 54 15 54 32 - let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 55 14 55 31 - let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 59 15 59 45 - let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 60 14 60 47 - let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 64 15 64 48 - let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 65 14 65 44 - let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 69 14 69 59 + axiom cmp_lt_log'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord4] lt_log'1 x y = (cmp_log'2 x y = C_Less'0) - type t_T'0 + function le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_B'0) (o : t_B'0) : bool - type t_Option'0 = - | C_None'0 - | C_Some'0 t_T'0 + function cmp_le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_B'0) (y : t_B'0) : () - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + axiom cmp_le_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord3] le_log'1 x y = (cmp_log'2 x y <> C_Greater'0) - function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 6 4 6 42] (self : t_T'0) (_2 : t_T'0) : t_Ordering'0 + function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_A'0) (other : t_A'0) : t_Ordering'0 - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 70 4 70 32] (x : t_T'0) (y : t_T'0) : () + function eq_cmp'1 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_A'0) (y : t_A'0) : () - axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord15] (x = y) = (cmp_log'1 x y = C_Equal'0) + axiom eq_cmp'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord15] (x = y) = (cmp_log'1 x y = C_Equal'0) - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 66 4 66 34] (x : t_T'0) (y : t_T'0) : () + function antisym2'1 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_A'0) (y : t_A'0) : () - axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord13] cmp_log'1 x y = C_Greater'0) + axiom antisym2'1_spec : forall x : t_A'0, y : t_A'0 . ([%#sord13] cmp_log'1 x y = C_Greater'0) -> ([%#sord14] cmp_log'1 y x = C_Less'0) - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 61 4 61 34] (x : t_T'0) (y : t_T'0) : () + function antisym1'1 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_A'0) (y : t_A'0) : () - axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord11] cmp_log'1 x y = C_Less'0) + axiom antisym1'1_spec : forall x : t_A'0, y : t_A'0 . ([%#sord11] cmp_log'1 x y = C_Less'0) -> ([%#sord12] cmp_log'1 y x = C_Greater'0) - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 56 4 56 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () + function trans'1 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_A'0) (y : t_A'0) (z : t_A'0) (o : t_Ordering'0) : () - axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord8] cmp_log'1 x y = o) + axiom trans'1_spec : forall x : t_A'0, y : t_A'0, z : t_A'0, o : t_Ordering'0 . ([%#sord8] cmp_log'1 x y = o) -> ([%#sord9] cmp_log'1 y z = o) -> ([%#sord10] cmp_log'1 x z = o) - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 50 4 50 21] (x : t_T'0) : () + function refl'1 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_A'0) : () - axiom refl'0_spec : forall x : t_T'0 . [%#sord7] cmp_log'1 x x = C_Equal'0 + axiom refl'1_spec : forall x : t_A'0 . [%#sord7] cmp_log'1 x x = C_Equal'0 - function gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 40 4 40 36] (self : t_T'0) (o : t_T'0) : bool + function gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_A'0) (o : t_A'0) : bool - function cmp_gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (x : t_T'0) (y : t_T'0) : () + function cmp_gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_A'0) (y : t_A'0) : () - axiom cmp_gt_log'1_spec : forall x : t_T'0, y : t_T'0 . [%#sord6] gt_log'1 x y = (cmp_log'1 x y = C_Greater'0) + axiom cmp_gt_log'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord6] gt_log'1 x y = (cmp_log'1 x y = C_Greater'0) - function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (self : t_T'0) (o : t_T'0) : bool + function ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_A'0) (o : t_A'0) : bool - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 36 4 36 36] (x : t_T'0) (y : t_T'0) : () + function cmp_ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_A'0) (y : t_A'0) : () - axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) + axiom cmp_ge_log'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord5] ge_log'1 x y = (cmp_log'1 x y <> C_Less'0) - function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 20 4 20 36] (self : t_T'0) (o : t_T'0) : bool + function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_A'0) (o : t_A'0) : bool - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 26 4 26 36] (x : t_T'0) (y : t_T'0) : () + function cmp_lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_A'0) (y : t_A'0) : () - axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) + axiom cmp_lt_log'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord4] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) - function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 10 4 10 36] (self : t_T'0) (o : t_T'0) : bool + function le_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_A'0) (o : t_A'0) : bool - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 16 4 16 36] (x : t_T'0) (y : t_T'0) : () + function cmp_le_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_A'0) (y : t_A'0) : () - axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord3] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) + axiom cmp_le_log'2_spec : forall x : t_A'0, y : t_A'0 . [%#sord3] le_log'2 x y = (cmp_log'1 x y <> C_Greater'0) - function cmp_log'0 [#"../../../creusot-contracts/src/std/option.rs" 436 4 436 41] (self : t_Option'0) (o : t_Option'0) : t_Ordering'0 + function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 275 4 275 36] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : bool = - [%#soption2] match (self, o) with - | (C_None'0, C_None'0) -> C_Equal'0 - | (C_None'0, C_Some'0 _) -> C_Less'0 - | (C_Some'0 _, C_None'0) -> C_Greater'0 - | (C_Some'0 x, C_Some'0 y) -> cmp_log'1 x y - end + [%#sord1] (let (a, _) = self in a) = (let (a, _) = o in a) + /\ le_log'1 (let (_, a) = self in a) (let (_, a) = o in a) + \/ lt_log'0 (let (a, _) = self in a) (let (a, _) = o in a) - function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 40 4 40 36] (self : t_Option'0) (o : t_Option'0) : bool + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 262 4 262 41] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : t_Ordering'0 = - [%#sord1] cmp_log'0 self o = C_Greater'0 + [%#sord2] let r = cmp_log'1 (let (a, _) = self in a) (let (a, _) = o in a) in if r = C_Equal'0 then + cmp_log'2 (let (_, a) = self in a) (let (_, a) = o in a) + else + r + - goal refines : [%#sord0] forall x : t_Option'0 . forall y : t_Option'0 . forall result : () . gt_log'0 x y - = (cmp_log'0 x y = C_Greater'0) -> gt_log'0 x y = (cmp_log'0 x y = C_Greater'0) + goal refines : [%#sord0] forall x : (t_A'0, t_B'0) . forall y : (t_A'0, t_B'0) . forall result : () . le_log'0 x y + = (cmp_log'0 x y <> C_Greater'0) -> le_log'0 x y = (cmp_log'0 x y <> C_Greater'0) end -module M_creusot_contracts__stdqy35z1__option__qyi10751279649878241649__eq_cmp__refines [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (* as logic::ord::OrdLogic> *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35 - let%span soption1 = "../../../creusot-contracts/src/std/option.rs" 437 8 442 9 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 15 14 15 64 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 25 14 25 61 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 35 14 35 61 - let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 45 14 45 64 - let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 49 14 49 45 - let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 53 15 53 32 - let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 54 15 54 32 - let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 55 14 55 31 - let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 59 15 59 45 - let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 60 14 60 47 - let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 64 15 64 48 - let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 65 14 65 44 - let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 69 14 69 59 +module M_creusot_contracts__logic__ord__qyi1910662420989811789__refl__refines [#"../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24] (* <(A, B) as logic::ord::OrdLogic> *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 263 8 270 11 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 + let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 + let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 + let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 + let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 + let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 + let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 + let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 + let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 + let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 + let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 - type t_T'0 + type t_A'0 - type t_Option'0 = - | C_None'0 - | C_Some'0 t_T'0 + type t_B'0 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 6 4 6 42] (self : t_T'0) (_2 : t_T'0) : t_Ordering'0 + function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_A'0) (other : t_A'0) : t_Ordering'0 - function eq_cmp'1 [#"../../../creusot-contracts/src/logic/ord.rs" 70 4 70 32] (x : t_T'0) (y : t_T'0) : () + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_A'0) (y : t_A'0) : () - axiom eq_cmp'1_spec : forall x : t_T'0, y : t_T'0 . [%#sord14] (x = y) = (cmp_log'1 x y = C_Equal'0) + axiom eq_cmp'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord14] (x = y) = (cmp_log'1 x y = C_Equal'0) - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 66 4 66 34] (x : t_T'0) (y : t_T'0) : () + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_A'0) (y : t_A'0) : () - axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord12] cmp_log'1 x y = C_Greater'0) + axiom antisym2'0_spec : forall x : t_A'0, y : t_A'0 . ([%#sord12] cmp_log'1 x y = C_Greater'0) -> ([%#sord13] cmp_log'1 y x = C_Less'0) - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 61 4 61 34] (x : t_T'0) (y : t_T'0) : () + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_A'0) (y : t_A'0) : () - axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord10] cmp_log'1 x y = C_Less'0) + axiom antisym1'0_spec : forall x : t_A'0, y : t_A'0 . ([%#sord10] cmp_log'1 x y = C_Less'0) -> ([%#sord11] cmp_log'1 y x = C_Greater'0) - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 56 4 56 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_A'0) (y : t_A'0) (z : t_A'0) (o : t_Ordering'0) : () - axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord7] cmp_log'1 x y = o) + axiom trans'0_spec : forall x : t_A'0, y : t_A'0, z : t_A'0, o : t_Ordering'0 . ([%#sord7] cmp_log'1 x y = o) -> ([%#sord8] cmp_log'1 y z = o) -> ([%#sord9] cmp_log'1 x z = o) - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 50 4 50 21] (x : t_T'0) : () - - axiom refl'0_spec : forall x : t_T'0 . [%#sord6] cmp_log'1 x x = C_Equal'0 - - function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 40 4 40 36] (self : t_T'0) (o : t_T'0) : bool - - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (x : t_T'0) (y : t_T'0) : () - - axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) - - function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (self : t_T'0) (o : t_T'0) : bool + function refl'1 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_A'0) : () - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 36 4 36 36] (x : t_T'0) (y : t_T'0) : () + axiom refl'1_spec : forall x : t_A'0 . [%#sord6] cmp_log'1 x x = C_Equal'0 - axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) + function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_A'0) (o : t_A'0) : bool - function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 20 4 20 36] (self : t_T'0) (o : t_T'0) : bool + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_A'0) (y : t_A'0) : () - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 26 4 26 36] (x : t_T'0) (y : t_T'0) : () + axiom cmp_gt_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord5] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) - axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord3] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) + function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_A'0) (o : t_A'0) : bool - function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 10 4 10 36] (self : t_T'0) (o : t_T'0) : bool + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_A'0) (y : t_A'0) : () - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 16 4 16 36] (x : t_T'0) (y : t_T'0) : () + axiom cmp_ge_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord4] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) - axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord2] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) + function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_A'0) (o : t_A'0) : bool - function cmp_log'0 [#"../../../creusot-contracts/src/std/option.rs" 436 4 436 41] (self : t_Option'0) (o : t_Option'0) : t_Ordering'0 - - = - [%#soption1] match (self, o) with - | (C_None'0, C_None'0) -> C_Equal'0 - | (C_None'0, C_Some'0 _) -> C_Less'0 - | (C_Some'0 _, C_None'0) -> C_Greater'0 - | (C_Some'0 x, C_Some'0 y) -> cmp_log'1 x y - end + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_A'0) (y : t_A'0) : () - goal refines : [%#sord0] forall x : t_Option'0 . forall y : t_Option'0 . forall result : () . (x = y) - = (cmp_log'0 x y = C_Equal'0) -> (x = y) = (cmp_log'0 x y = C_Equal'0) -end -module M_creusot_contracts__stdqy35z1__option__qyi10751279649878241649__cmp_lt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (* as logic::ord::OrdLogic> *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 21 20 21 53 - let%span soption2 = "../../../creusot-contracts/src/std/option.rs" 437 8 442 9 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 15 14 15 64 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 25 14 25 61 - let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 35 14 35 61 - let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 45 14 45 64 - let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 49 14 49 45 - let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 53 15 53 32 - let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 54 15 54 32 - let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 55 14 55 31 - let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 59 15 59 45 - let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 60 14 60 47 - let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 64 15 64 48 - let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 65 14 65 44 - let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 69 14 69 59 + axiom cmp_lt_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord3] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) - type t_T'0 + function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_A'0) (o : t_A'0) : bool - type t_Option'0 = - | C_None'0 - | C_Some'0 t_T'0 + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_A'0) (y : t_A'0) : () - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + axiom cmp_le_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord2] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) - function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 6 4 6 42] (self : t_T'0) (_2 : t_T'0) : t_Ordering'0 + function cmp_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_B'0) (other : t_B'0) : t_Ordering'0 - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 70 4 70 32] (x : t_T'0) (y : t_T'0) : () + function eq_cmp'1 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_B'0) (y : t_B'0) : () - axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord15] (x = y) = (cmp_log'1 x y = C_Equal'0) + axiom eq_cmp'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord14] (x = y) = (cmp_log'2 x y = C_Equal'0) - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 66 4 66 34] (x : t_T'0) (y : t_T'0) : () + function antisym2'1 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_B'0) (y : t_B'0) : () - axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord13] cmp_log'1 x y = C_Greater'0) - -> ([%#sord14] cmp_log'1 y x = C_Less'0) + axiom antisym2'1_spec : forall x : t_B'0, y : t_B'0 . ([%#sord12] cmp_log'2 x y = C_Greater'0) + -> ([%#sord13] cmp_log'2 y x = C_Less'0) - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 61 4 61 34] (x : t_T'0) (y : t_T'0) : () + function antisym1'1 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_B'0) (y : t_B'0) : () - axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord11] cmp_log'1 x y = C_Less'0) - -> ([%#sord12] cmp_log'1 y x = C_Greater'0) + axiom antisym1'1_spec : forall x : t_B'0, y : t_B'0 . ([%#sord10] cmp_log'2 x y = C_Less'0) + -> ([%#sord11] cmp_log'2 y x = C_Greater'0) - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 56 4 56 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () + function trans'1 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_B'0) (y : t_B'0) (z : t_B'0) (o : t_Ordering'0) : () - axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord8] cmp_log'1 x y = o) - -> ([%#sord9] cmp_log'1 y z = o) -> ([%#sord10] cmp_log'1 x z = o) + axiom trans'1_spec : forall x : t_B'0, y : t_B'0, z : t_B'0, o : t_Ordering'0 . ([%#sord7] cmp_log'2 x y = o) + -> ([%#sord8] cmp_log'2 y z = o) -> ([%#sord9] cmp_log'2 x z = o) - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 50 4 50 21] (x : t_T'0) : () + function refl'2 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_B'0) : () - axiom refl'0_spec : forall x : t_T'0 . [%#sord7] cmp_log'1 x x = C_Equal'0 + axiom refl'2_spec : forall x : t_B'0 . [%#sord6] cmp_log'2 x x = C_Equal'0 - function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 40 4 40 36] (self : t_T'0) (o : t_T'0) : bool + function gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_B'0) (o : t_B'0) : bool - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (x : t_T'0) (y : t_T'0) : () + function cmp_gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_B'0) (y : t_B'0) : () - axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord6] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) + axiom cmp_gt_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord5] gt_log'1 x y = (cmp_log'2 x y = C_Greater'0) - function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (self : t_T'0) (o : t_T'0) : bool + function ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_B'0) (o : t_B'0) : bool - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 36 4 36 36] (x : t_T'0) (y : t_T'0) : () + function cmp_ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_B'0) (y : t_B'0) : () - axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) + axiom cmp_ge_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord4] ge_log'1 x y = (cmp_log'2 x y <> C_Less'0) - function lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 20 4 20 36] (self : t_T'0) (o : t_T'0) : bool + function lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_B'0) (o : t_B'0) : bool - function cmp_lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 26 4 26 36] (x : t_T'0) (y : t_T'0) : () + function cmp_lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_B'0) (y : t_B'0) : () - axiom cmp_lt_log'1_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] lt_log'1 x y = (cmp_log'1 x y = C_Less'0) + axiom cmp_lt_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord3] lt_log'1 x y = (cmp_log'2 x y = C_Less'0) - function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 10 4 10 36] (self : t_T'0) (o : t_T'0) : bool + function le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_B'0) (o : t_B'0) : bool - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 16 4 16 36] (x : t_T'0) (y : t_T'0) : () + function cmp_le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_B'0) (y : t_B'0) : () - axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord3] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) + axiom cmp_le_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord2] le_log'1 x y = (cmp_log'2 x y <> C_Greater'0) - function cmp_log'0 [#"../../../creusot-contracts/src/std/option.rs" 436 4 436 41] (self : t_Option'0) (o : t_Option'0) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 262 4 262 41] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : t_Ordering'0 = - [%#soption2] match (self, o) with - | (C_None'0, C_None'0) -> C_Equal'0 - | (C_None'0, C_Some'0 _) -> C_Less'0 - | (C_Some'0 _, C_None'0) -> C_Greater'0 - | (C_Some'0 x, C_Some'0 y) -> cmp_log'1 x y - end - - function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 20 4 20 36] (self : t_Option'0) (o : t_Option'0) : bool + [%#sord1] let r = cmp_log'1 (let (a, _) = self in a) (let (a, _) = o in a) in if r = C_Equal'0 then + cmp_log'2 (let (_, a) = self in a) (let (_, a) = o in a) + else + r - = - [%#sord1] cmp_log'0 self o = C_Less'0 - goal refines : [%#sord0] forall x : t_Option'0 . forall y : t_Option'0 . forall result : () . lt_log'0 x y - = (cmp_log'0 x y = C_Less'0) -> lt_log'0 x y = (cmp_log'0 x y = C_Less'0) + goal refines : [%#sord0] forall x : (t_A'0, t_B'0) . forall result : () . cmp_log'0 x x = C_Equal'0 + -> cmp_log'0 x x = C_Equal'0 end -module M_creusot_contracts__stdqy35z1__option__qyi10751279649878241649__antisym2__refines [#"../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37] (* as logic::ord::OrdLogic> *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37 - let%span soption1 = "../../../creusot-contracts/src/std/option.rs" 437 8 442 9 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 15 14 15 64 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 25 14 25 61 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 35 14 35 61 - let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 45 14 45 64 - let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 49 14 49 45 - let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 53 15 53 32 - let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 54 15 54 32 - let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 55 14 55 31 - let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 59 15 59 45 - let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 60 14 60 47 - let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 64 15 64 48 - let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 65 14 65 44 - let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 69 14 69 59 +module M_creusot_contracts__logic__ord__qyi1910662420989811789__trans__refines [#"../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56] (* <(A, B) as logic::ord::OrdLogic> *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 263 8 270 11 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 + let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 + let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 + let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 + let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 + let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 + let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 + let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 + let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 + let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 + let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 - type t_T'0 + type t_A'0 - type t_Option'0 = - | C_None'0 - | C_Some'0 t_T'0 + type t_B'0 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 6 4 6 42] (self : t_T'0) (_2 : t_T'0) : t_Ordering'0 + function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_A'0) (other : t_A'0) : t_Ordering'0 - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 70 4 70 32] (x : t_T'0) (y : t_T'0) : () + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_A'0) (y : t_A'0) : () - axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord14] (x = y) = (cmp_log'1 x y = C_Equal'0) + axiom eq_cmp'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord14] (x = y) = (cmp_log'1 x y = C_Equal'0) - function antisym2'1 [#"../../../creusot-contracts/src/logic/ord.rs" 66 4 66 34] (x : t_T'0) (y : t_T'0) : () + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_A'0) (y : t_A'0) : () - axiom antisym2'1_spec : forall x : t_T'0, y : t_T'0 . ([%#sord12] cmp_log'1 x y = C_Greater'0) + axiom antisym2'0_spec : forall x : t_A'0, y : t_A'0 . ([%#sord12] cmp_log'1 x y = C_Greater'0) -> ([%#sord13] cmp_log'1 y x = C_Less'0) - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 61 4 61 34] (x : t_T'0) (y : t_T'0) : () + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_A'0) (y : t_A'0) : () - axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord10] cmp_log'1 x y = C_Less'0) + axiom antisym1'0_spec : forall x : t_A'0, y : t_A'0 . ([%#sord10] cmp_log'1 x y = C_Less'0) -> ([%#sord11] cmp_log'1 y x = C_Greater'0) - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 56 4 56 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () + function trans'1 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_A'0) (y : t_A'0) (z : t_A'0) (o : t_Ordering'0) : () - axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord7] cmp_log'1 x y = o) + axiom trans'1_spec : forall x : t_A'0, y : t_A'0, z : t_A'0, o : t_Ordering'0 . ([%#sord7] cmp_log'1 x y = o) -> ([%#sord8] cmp_log'1 y z = o) -> ([%#sord9] cmp_log'1 x z = o) - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 50 4 50 21] (x : t_T'0) : () + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_A'0) : () - axiom refl'0_spec : forall x : t_T'0 . [%#sord6] cmp_log'1 x x = C_Equal'0 - - function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 40 4 40 36] (self : t_T'0) (o : t_T'0) : bool - - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (x : t_T'0) (y : t_T'0) : () - - axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) - - function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (self : t_T'0) (o : t_T'0) : bool - - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 36 4 36 36] (x : t_T'0) (y : t_T'0) : () + axiom refl'0_spec : forall x : t_A'0 . [%#sord6] cmp_log'1 x x = C_Equal'0 - axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) + function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_A'0) (o : t_A'0) : bool - function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 20 4 20 36] (self : t_T'0) (o : t_T'0) : bool + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_A'0) (y : t_A'0) : () - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 26 4 26 36] (x : t_T'0) (y : t_T'0) : () + axiom cmp_gt_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord5] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) - axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord3] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) + function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_A'0) (o : t_A'0) : bool - function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 10 4 10 36] (self : t_T'0) (o : t_T'0) : bool + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_A'0) (y : t_A'0) : () - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 16 4 16 36] (x : t_T'0) (y : t_T'0) : () + axiom cmp_ge_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord4] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) - axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord2] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) + function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_A'0) (o : t_A'0) : bool - function cmp_log'0 [#"../../../creusot-contracts/src/std/option.rs" 436 4 436 41] (self : t_Option'0) (o : t_Option'0) : t_Ordering'0 - - = - [%#soption1] match (self, o) with - | (C_None'0, C_None'0) -> C_Equal'0 - | (C_None'0, C_Some'0 _) -> C_Less'0 - | (C_Some'0 _, C_None'0) -> C_Greater'0 - | (C_Some'0 x, C_Some'0 y) -> cmp_log'1 x y - end + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_A'0) (y : t_A'0) : () - goal refines : [%#sord0] forall x : t_Option'0 . forall y : t_Option'0 . cmp_log'0 x y = C_Greater'0 - -> cmp_log'0 x y = C_Greater'0 /\ (forall result : () . cmp_log'0 y x = C_Less'0 -> cmp_log'0 y x = C_Less'0) -end -module M_creusot_contracts__stdqy35z1__option__qyi10751279649878241649__antisym1__refines [#"../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37] (* as logic::ord::OrdLogic> *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37 - let%span soption1 = "../../../creusot-contracts/src/std/option.rs" 437 8 442 9 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 15 14 15 64 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 25 14 25 61 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 35 14 35 61 - let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 45 14 45 64 - let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 49 14 49 45 - let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 53 15 53 32 - let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 54 15 54 32 - let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 55 14 55 31 - let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 59 15 59 45 - let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 60 14 60 47 - let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 64 15 64 48 - let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 65 14 65 44 - let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 69 14 69 59 + axiom cmp_lt_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord3] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) - type t_T'0 + function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_A'0) (o : t_A'0) : bool - type t_Option'0 = - | C_None'0 - | C_Some'0 t_T'0 + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_A'0) (y : t_A'0) : () - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + axiom cmp_le_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord2] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) - function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 6 4 6 42] (self : t_T'0) (_2 : t_T'0) : t_Ordering'0 + function cmp_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_B'0) (other : t_B'0) : t_Ordering'0 - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 70 4 70 32] (x : t_T'0) (y : t_T'0) : () + function eq_cmp'1 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_B'0) (y : t_B'0) : () - axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord14] (x = y) = (cmp_log'1 x y = C_Equal'0) + axiom eq_cmp'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord14] (x = y) = (cmp_log'2 x y = C_Equal'0) - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 66 4 66 34] (x : t_T'0) (y : t_T'0) : () + function antisym2'1 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_B'0) (y : t_B'0) : () - axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord12] cmp_log'1 x y = C_Greater'0) - -> ([%#sord13] cmp_log'1 y x = C_Less'0) + axiom antisym2'1_spec : forall x : t_B'0, y : t_B'0 . ([%#sord12] cmp_log'2 x y = C_Greater'0) + -> ([%#sord13] cmp_log'2 y x = C_Less'0) - function antisym1'1 [#"../../../creusot-contracts/src/logic/ord.rs" 61 4 61 34] (x : t_T'0) (y : t_T'0) : () + function antisym1'1 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_B'0) (y : t_B'0) : () - axiom antisym1'1_spec : forall x : t_T'0, y : t_T'0 . ([%#sord10] cmp_log'1 x y = C_Less'0) - -> ([%#sord11] cmp_log'1 y x = C_Greater'0) + axiom antisym1'1_spec : forall x : t_B'0, y : t_B'0 . ([%#sord10] cmp_log'2 x y = C_Less'0) + -> ([%#sord11] cmp_log'2 y x = C_Greater'0) - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 56 4 56 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () + function trans'2 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_B'0) (y : t_B'0) (z : t_B'0) (o : t_Ordering'0) : () - axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord7] cmp_log'1 x y = o) - -> ([%#sord8] cmp_log'1 y z = o) -> ([%#sord9] cmp_log'1 x z = o) + axiom trans'2_spec : forall x : t_B'0, y : t_B'0, z : t_B'0, o : t_Ordering'0 . ([%#sord7] cmp_log'2 x y = o) + -> ([%#sord8] cmp_log'2 y z = o) -> ([%#sord9] cmp_log'2 x z = o) - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 50 4 50 21] (x : t_T'0) : () + function refl'1 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_B'0) : () - axiom refl'0_spec : forall x : t_T'0 . [%#sord6] cmp_log'1 x x = C_Equal'0 + axiom refl'1_spec : forall x : t_B'0 . [%#sord6] cmp_log'2 x x = C_Equal'0 - function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 40 4 40 36] (self : t_T'0) (o : t_T'0) : bool + function gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_B'0) (o : t_B'0) : bool - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (x : t_T'0) (y : t_T'0) : () + function cmp_gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_B'0) (y : t_B'0) : () - axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) + axiom cmp_gt_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord5] gt_log'1 x y = (cmp_log'2 x y = C_Greater'0) - function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (self : t_T'0) (o : t_T'0) : bool + function ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_B'0) (o : t_B'0) : bool - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 36 4 36 36] (x : t_T'0) (y : t_T'0) : () + function cmp_ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_B'0) (y : t_B'0) : () - axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) + axiom cmp_ge_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord4] ge_log'1 x y = (cmp_log'2 x y <> C_Less'0) - function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 20 4 20 36] (self : t_T'0) (o : t_T'0) : bool + function lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_B'0) (o : t_B'0) : bool - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 26 4 26 36] (x : t_T'0) (y : t_T'0) : () + function cmp_lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_B'0) (y : t_B'0) : () - axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord3] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) + axiom cmp_lt_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord3] lt_log'1 x y = (cmp_log'2 x y = C_Less'0) - function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 10 4 10 36] (self : t_T'0) (o : t_T'0) : bool + function le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_B'0) (o : t_B'0) : bool - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 16 4 16 36] (x : t_T'0) (y : t_T'0) : () + function cmp_le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_B'0) (y : t_B'0) : () - axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord2] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) + axiom cmp_le_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord2] le_log'1 x y = (cmp_log'2 x y <> C_Greater'0) - function cmp_log'0 [#"../../../creusot-contracts/src/std/option.rs" 436 4 436 41] (self : t_Option'0) (o : t_Option'0) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 262 4 262 41] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : t_Ordering'0 = - [%#soption1] match (self, o) with - | (C_None'0, C_None'0) -> C_Equal'0 - | (C_None'0, C_Some'0 _) -> C_Less'0 - | (C_Some'0 _, C_None'0) -> C_Greater'0 - | (C_Some'0 x, C_Some'0 y) -> cmp_log'1 x y - end + [%#sord1] let r = cmp_log'1 (let (a, _) = self in a) (let (a, _) = o in a) in if r = C_Equal'0 then + cmp_log'2 (let (_, a) = self in a) (let (_, a) = o in a) + else + r + - goal refines : [%#sord0] forall x : t_Option'0 . forall y : t_Option'0 . cmp_log'0 x y = C_Less'0 - -> cmp_log'0 x y = C_Less'0 /\ (forall result : () . cmp_log'0 y x = C_Greater'0 -> cmp_log'0 y x = C_Greater'0) + goal refines : [%#sord0] forall x : (t_A'0, t_B'0) . forall y : (t_A'0, t_B'0) . forall z : (t_A'0, t_B'0) . forall o : t_Ordering'0 . cmp_log'0 y z + = o + /\ cmp_log'0 x y = o + -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) end -module M_creusot_contracts__stdqy35z1__option__qyi10751279649878241649__refl__refines [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (* as logic::ord::OrdLogic> *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24 - let%span soption1 = "../../../creusot-contracts/src/std/option.rs" 437 8 442 9 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 15 14 15 64 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 25 14 25 61 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 35 14 35 61 - let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 45 14 45 64 - let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 49 14 49 45 - let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 53 15 53 32 - let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 54 15 54 32 - let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 55 14 55 31 - let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 59 15 59 45 - let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 60 14 60 47 - let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 64 15 64 48 - let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 65 14 65 44 - let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 69 14 69 59 +module M_creusot_contracts__logic__ord__qyi1910662420989811789__cmp_lt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39] (* <(A, B) as logic::ord::OrdLogic> *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 282 20 282 67 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 263 8 270 11 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 + let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 + let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 + let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 + let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 + let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 + let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 + let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 + let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 + let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 + let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 + let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 - type t_T'0 + type t_A'0 - type t_Option'0 = - | C_None'0 - | C_Some'0 t_T'0 + type t_B'0 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 6 4 6 42] (self : t_T'0) (_2 : t_T'0) : t_Ordering'0 + function cmp_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_B'0) (other : t_B'0) : t_Ordering'0 - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 70 4 70 32] (x : t_T'0) (y : t_T'0) : () + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_B'0) (y : t_B'0) : () - axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord14] (x = y) = (cmp_log'1 x y = C_Equal'0) + axiom eq_cmp'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord15] (x = y) = (cmp_log'2 x y = C_Equal'0) - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 66 4 66 34] (x : t_T'0) (y : t_T'0) : () + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_B'0) (y : t_B'0) : () - axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord12] cmp_log'1 x y = C_Greater'0) - -> ([%#sord13] cmp_log'1 y x = C_Less'0) + axiom antisym2'0_spec : forall x : t_B'0, y : t_B'0 . ([%#sord13] cmp_log'2 x y = C_Greater'0) + -> ([%#sord14] cmp_log'2 y x = C_Less'0) - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 61 4 61 34] (x : t_T'0) (y : t_T'0) : () + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_B'0) (y : t_B'0) : () - axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord10] cmp_log'1 x y = C_Less'0) - -> ([%#sord11] cmp_log'1 y x = C_Greater'0) + axiom antisym1'0_spec : forall x : t_B'0, y : t_B'0 . ([%#sord11] cmp_log'2 x y = C_Less'0) + -> ([%#sord12] cmp_log'2 y x = C_Greater'0) - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 56 4 56 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_B'0) (y : t_B'0) (z : t_B'0) (o : t_Ordering'0) : () - axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord7] cmp_log'1 x y = o) - -> ([%#sord8] cmp_log'1 y z = o) -> ([%#sord9] cmp_log'1 x z = o) - - function refl'1 [#"../../../creusot-contracts/src/logic/ord.rs" 50 4 50 21] (x : t_T'0) : () - - axiom refl'1_spec : forall x : t_T'0 . [%#sord6] cmp_log'1 x x = C_Equal'0 - - function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 40 4 40 36] (self : t_T'0) (o : t_T'0) : bool - - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (x : t_T'0) (y : t_T'0) : () - - axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) + axiom trans'0_spec : forall x : t_B'0, y : t_B'0, z : t_B'0, o : t_Ordering'0 . ([%#sord8] cmp_log'2 x y = o) + -> ([%#sord9] cmp_log'2 y z = o) -> ([%#sord10] cmp_log'2 x z = o) - function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (self : t_T'0) (o : t_T'0) : bool + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_B'0) : () - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 36 4 36 36] (x : t_T'0) (y : t_T'0) : () + axiom refl'0_spec : forall x : t_B'0 . [%#sord7] cmp_log'2 x x = C_Equal'0 - axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) + function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_B'0) (o : t_B'0) : bool - function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 20 4 20 36] (self : t_T'0) (o : t_T'0) : bool + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_B'0) (y : t_B'0) : () - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 26 4 26 36] (x : t_T'0) (y : t_T'0) : () + axiom cmp_gt_log'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord6] gt_log'0 x y = (cmp_log'2 x y = C_Greater'0) - axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord3] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) + function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_B'0) (o : t_B'0) : bool - function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 10 4 10 36] (self : t_T'0) (o : t_T'0) : bool + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_B'0) (y : t_B'0) : () - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 16 4 16 36] (x : t_T'0) (y : t_T'0) : () + axiom cmp_ge_log'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord5] ge_log'0 x y = (cmp_log'2 x y <> C_Less'0) - axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord2] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) + function lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_B'0) (o : t_B'0) : bool - function cmp_log'0 [#"../../../creusot-contracts/src/std/option.rs" 436 4 436 41] (self : t_Option'0) (o : t_Option'0) : t_Ordering'0 - - = - [%#soption1] match (self, o) with - | (C_None'0, C_None'0) -> C_Equal'0 - | (C_None'0, C_Some'0 _) -> C_Less'0 - | (C_Some'0 _, C_None'0) -> C_Greater'0 - | (C_Some'0 x, C_Some'0 y) -> cmp_log'1 x y - end + function cmp_lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_B'0) (y : t_B'0) : () - goal refines : [%#sord0] forall x : t_Option'0 . forall result : () . cmp_log'0 x x = C_Equal'0 - -> cmp_log'0 x x = C_Equal'0 -end -module M_creusot_contracts__stdqy35z1__option__qyi10751279649878241649__trans__refines [#"../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56] (* as logic::ord::OrdLogic> *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56 - let%span soption1 = "../../../creusot-contracts/src/std/option.rs" 437 8 442 9 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 15 14 15 64 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 25 14 25 61 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 35 14 35 61 - let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 45 14 45 64 - let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 49 14 49 45 - let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 53 15 53 32 - let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 54 15 54 32 - let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 55 14 55 31 - let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 59 15 59 45 - let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 60 14 60 47 - let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 64 15 64 48 - let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 65 14 65 44 - let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 69 14 69 59 + axiom cmp_lt_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord4] lt_log'1 x y = (cmp_log'2 x y = C_Less'0) - type t_T'0 + function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_B'0) (o : t_B'0) : bool - type t_Option'0 = - | C_None'0 - | C_Some'0 t_T'0 + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_B'0) (y : t_B'0) : () - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + axiom cmp_le_log'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord3] le_log'0 x y = (cmp_log'2 x y <> C_Greater'0) - function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 6 4 6 42] (self : t_T'0) (_2 : t_T'0) : t_Ordering'0 + function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_A'0) (other : t_A'0) : t_Ordering'0 - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 70 4 70 32] (x : t_T'0) (y : t_T'0) : () + function eq_cmp'1 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_A'0) (y : t_A'0) : () - axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord14] (x = y) = (cmp_log'1 x y = C_Equal'0) + axiom eq_cmp'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord15] (x = y) = (cmp_log'1 x y = C_Equal'0) - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 66 4 66 34] (x : t_T'0) (y : t_T'0) : () + function antisym2'1 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_A'0) (y : t_A'0) : () - axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord12] cmp_log'1 x y = C_Greater'0) - -> ([%#sord13] cmp_log'1 y x = C_Less'0) + axiom antisym2'1_spec : forall x : t_A'0, y : t_A'0 . ([%#sord13] cmp_log'1 x y = C_Greater'0) + -> ([%#sord14] cmp_log'1 y x = C_Less'0) - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 61 4 61 34] (x : t_T'0) (y : t_T'0) : () + function antisym1'1 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_A'0) (y : t_A'0) : () - axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord10] cmp_log'1 x y = C_Less'0) - -> ([%#sord11] cmp_log'1 y x = C_Greater'0) + axiom antisym1'1_spec : forall x : t_A'0, y : t_A'0 . ([%#sord11] cmp_log'1 x y = C_Less'0) + -> ([%#sord12] cmp_log'1 y x = C_Greater'0) - function trans'1 [#"../../../creusot-contracts/src/logic/ord.rs" 56 4 56 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () + function trans'1 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_A'0) (y : t_A'0) (z : t_A'0) (o : t_Ordering'0) : () - axiom trans'1_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord7] cmp_log'1 x y = o) - -> ([%#sord8] cmp_log'1 y z = o) -> ([%#sord9] cmp_log'1 x z = o) + axiom trans'1_spec : forall x : t_A'0, y : t_A'0, z : t_A'0, o : t_Ordering'0 . ([%#sord8] cmp_log'1 x y = o) + -> ([%#sord9] cmp_log'1 y z = o) -> ([%#sord10] cmp_log'1 x z = o) - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 50 4 50 21] (x : t_T'0) : () + function refl'1 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_A'0) : () - axiom refl'0_spec : forall x : t_T'0 . [%#sord6] cmp_log'1 x x = C_Equal'0 + axiom refl'1_spec : forall x : t_A'0 . [%#sord7] cmp_log'1 x x = C_Equal'0 - function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 40 4 40 36] (self : t_T'0) (o : t_T'0) : bool + function gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_A'0) (o : t_A'0) : bool - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (x : t_T'0) (y : t_T'0) : () + function cmp_gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_A'0) (y : t_A'0) : () - axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) + axiom cmp_gt_log'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord6] gt_log'1 x y = (cmp_log'1 x y = C_Greater'0) - function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (self : t_T'0) (o : t_T'0) : bool + function ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_A'0) (o : t_A'0) : bool - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 36 4 36 36] (x : t_T'0) (y : t_T'0) : () + function cmp_ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_A'0) (y : t_A'0) : () - axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) + axiom cmp_ge_log'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord5] ge_log'1 x y = (cmp_log'1 x y <> C_Less'0) - function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 20 4 20 36] (self : t_T'0) (o : t_T'0) : bool + function lt_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_A'0) (o : t_A'0) : bool - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 26 4 26 36] (x : t_T'0) (y : t_T'0) : () + function cmp_lt_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_A'0) (y : t_A'0) : () - axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord3] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) + axiom cmp_lt_log'2_spec : forall x : t_A'0, y : t_A'0 . [%#sord4] lt_log'2 x y = (cmp_log'1 x y = C_Less'0) - function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 10 4 10 36] (self : t_T'0) (o : t_T'0) : bool + function le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_A'0) (o : t_A'0) : bool - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 16 4 16 36] (x : t_T'0) (y : t_T'0) : () + function cmp_le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_A'0) (y : t_A'0) : () - axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord2] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) + axiom cmp_le_log'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord3] le_log'1 x y = (cmp_log'1 x y <> C_Greater'0) - function cmp_log'0 [#"../../../creusot-contracts/src/std/option.rs" 436 4 436 41] (self : t_Option'0) (o : t_Option'0) : t_Ordering'0 + function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 281 4 281 36] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : bool = - [%#soption1] match (self, o) with - | (C_None'0, C_None'0) -> C_Equal'0 - | (C_None'0, C_Some'0 _) -> C_Less'0 - | (C_Some'0 _, C_None'0) -> C_Greater'0 - | (C_Some'0 x, C_Some'0 y) -> cmp_log'1 x y - end + [%#sord1] (let (a, _) = self in a) = (let (a, _) = o in a) + /\ lt_log'1 (let (_, a) = self in a) (let (_, a) = o in a) + \/ lt_log'2 (let (a, _) = self in a) (let (a, _) = o in a) - goal refines : [%#sord0] forall x : t_Option'0 . forall y : t_Option'0 . forall z : t_Option'0 . forall o : t_Ordering'0 . cmp_log'0 y z - = o - /\ cmp_log'0 x y = o - -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 262 4 262 41] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : t_Ordering'0 + + = + [%#sord2] let r = cmp_log'1 (let (a, _) = self in a) (let (a, _) = o in a) in if r = C_Equal'0 then + cmp_log'2 (let (_, a) = self in a) (let (_, a) = o in a) + else + r + + + goal refines : [%#sord0] forall x : (t_A'0, t_B'0) . forall y : (t_A'0, t_B'0) . forall result : () . lt_log'0 x y + = (cmp_log'0 x y = C_Less'0) -> lt_log'0 x y = (cmp_log'0 x y = C_Less'0) end -module M_creusot_contracts__num_rational__qyi7156484438548626841__cmp_le_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 79 8 79 39 - let%span snum_rational1 = "../../../creusot-contracts/src/num_rational.rs" 29 4 29 12 +module M_creusot_contracts__logic__ord__qyi1910662420989811789__antisym1__refines [#"../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37] (* <(A, B) as logic::ord::OrdLogic> *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 263 8 270 11 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 + let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 + let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 + let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 + let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 + let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 + let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 + let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 + let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 + let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 + let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 - use prelude.prelude.Real + type t_A'0 - use prelude.prelude.Real + type t_B'0 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - use prelude.prelude.Real - - function cmp_log'0 [#"../../../creusot-contracts/src/num_rational.rs" 31 4 31 41] (self : Real.real) (o : Real.real) : t_Ordering'0 + function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_A'0) (other : t_A'0) : t_Ordering'0 - = - [%#snum_rational1] if Real.(<) self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : Real.real . forall y : Real.real . forall result : () . Real.(<=) x y - = (cmp_log'0 x y <> C_Greater'0) -> Real.(<=) x y = (cmp_log'0 x y <> C_Greater'0) -end -module M_creusot_contracts__num_rational__qyi7156484438548626841__eq_cmp__refines [#"../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 123 8 123 35 - let%span snum_rational1 = "../../../creusot-contracts/src/num_rational.rs" 29 4 29 12 + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_A'0) (y : t_A'0) : () - use prelude.prelude.Real + axiom eq_cmp'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord14] (x = y) = (cmp_log'1 x y = C_Equal'0) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_A'0) (y : t_A'0) : () - use prelude.prelude.Real + axiom antisym2'0_spec : forall x : t_A'0, y : t_A'0 . ([%#sord12] cmp_log'1 x y = C_Greater'0) + -> ([%#sord13] cmp_log'1 y x = C_Less'0) - function cmp_log'0 [#"../../../creusot-contracts/src/num_rational.rs" 31 4 31 41] (self : Real.real) (o : Real.real) : t_Ordering'0 - - = - [%#snum_rational1] if Real.(<) self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + function antisym1'1 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_A'0) (y : t_A'0) : () - goal refines : [%#sord0] forall x : Real.real . forall y : Real.real . forall result : () . (x = y) - = (cmp_log'0 x y = C_Equal'0) -> (x = y) = (cmp_log'0 x y = C_Equal'0) -end -module M_creusot_contracts__num_rational__qyi7156484438548626841__cmp_lt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 84 8 84 39 - let%span snum_rational1 = "../../../creusot-contracts/src/num_rational.rs" 29 4 29 12 + axiom antisym1'1_spec : forall x : t_A'0, y : t_A'0 . ([%#sord10] cmp_log'1 x y = C_Less'0) + -> ([%#sord11] cmp_log'1 y x = C_Greater'0) - use prelude.prelude.Real + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_A'0) (y : t_A'0) (z : t_A'0) (o : t_Ordering'0) : () + - use prelude.prelude.Real + axiom trans'0_spec : forall x : t_A'0, y : t_A'0, z : t_A'0, o : t_Ordering'0 . ([%#sord7] cmp_log'1 x y = o) + -> ([%#sord8] cmp_log'1 y z = o) -> ([%#sord9] cmp_log'1 x z = o) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_A'0) : () - function cmp_log'0 [#"../../../creusot-contracts/src/num_rational.rs" 31 4 31 41] (self : Real.real) (o : Real.real) : t_Ordering'0 - - = - [%#snum_rational1] if Real.(<) self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + axiom refl'0_spec : forall x : t_A'0 . [%#sord6] cmp_log'1 x x = C_Equal'0 - goal refines : [%#sord0] forall x : Real.real . forall y : Real.real . forall result : () . Real.(<) x y - = (cmp_log'0 x y = C_Less'0) -> Real.(<) x y = (cmp_log'0 x y = C_Less'0) -end -module M_creusot_contracts__num_rational__qyi7156484438548626841__cmp_ge_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 89 8 89 39 - let%span snum_rational1 = "../../../creusot-contracts/src/num_rational.rs" 29 4 29 12 + function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_A'0) (o : t_A'0) : bool - use prelude.prelude.Real + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_A'0) (y : t_A'0) : () - use prelude.prelude.Real + axiom cmp_gt_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord5] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_A'0) (o : t_A'0) : bool - use prelude.prelude.Real + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_A'0) (y : t_A'0) : () - function cmp_log'0 [#"../../../creusot-contracts/src/num_rational.rs" 31 4 31 41] (self : Real.real) (o : Real.real) : t_Ordering'0 - - = - [%#snum_rational1] if Real.(<) self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + axiom cmp_ge_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord4] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) - goal refines : [%#sord0] forall x : Real.real . forall y : Real.real . forall result : () . Real.(>=) x y - = (cmp_log'0 x y <> C_Less'0) -> Real.(>=) x y = (cmp_log'0 x y <> C_Less'0) -end -module M_creusot_contracts__num_rational__qyi7156484438548626841__cmp_gt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 94 8 94 39 - let%span snum_rational1 = "../../../creusot-contracts/src/num_rational.rs" 29 4 29 12 + function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_A'0) (o : t_A'0) : bool - use prelude.prelude.Real + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_A'0) (y : t_A'0) : () - use prelude.prelude.Real + axiom cmp_lt_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord3] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_A'0) (o : t_A'0) : bool - use prelude.prelude.Real + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_A'0) (y : t_A'0) : () - function cmp_log'0 [#"../../../creusot-contracts/src/num_rational.rs" 31 4 31 41] (self : Real.real) (o : Real.real) : t_Ordering'0 + axiom cmp_le_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord2] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) + + function cmp_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_B'0) (other : t_B'0) : t_Ordering'0 - = - [%#snum_rational1] if Real.(<) self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : Real.real . forall y : Real.real . forall result : () . Real.(>) x y - = (cmp_log'0 x y = C_Greater'0) -> Real.(>) x y = (cmp_log'0 x y = C_Greater'0) -end -module M_creusot_contracts__num_rational__qyi7156484438548626841__antisym2__refines [#"../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 118 8 118 37 - let%span snum_rational1 = "../../../creusot-contracts/src/num_rational.rs" 29 4 29 12 + function eq_cmp'1 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_B'0) (y : t_B'0) : () - use prelude.prelude.Real + axiom eq_cmp'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord14] (x = y) = (cmp_log'2 x y = C_Equal'0) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function antisym2'1 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_B'0) (y : t_B'0) : () - use prelude.prelude.Real + axiom antisym2'1_spec : forall x : t_B'0, y : t_B'0 . ([%#sord12] cmp_log'2 x y = C_Greater'0) + -> ([%#sord13] cmp_log'2 y x = C_Less'0) - function cmp_log'0 [#"../../../creusot-contracts/src/num_rational.rs" 31 4 31 41] (self : Real.real) (o : Real.real) : t_Ordering'0 + function antisym1'2 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_B'0) (y : t_B'0) : () + + axiom antisym1'2_spec : forall x : t_B'0, y : t_B'0 . ([%#sord10] cmp_log'2 x y = C_Less'0) + -> ([%#sord11] cmp_log'2 y x = C_Greater'0) + + function trans'1 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_B'0) (y : t_B'0) (z : t_B'0) (o : t_Ordering'0) : () - = - [%#snum_rational1] if Real.(<) self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : Real.real . forall y : Real.real . cmp_log'0 x y = C_Greater'0 - -> cmp_log'0 x y = C_Greater'0 /\ (forall result : () . cmp_log'0 y x = C_Less'0 -> cmp_log'0 y x = C_Less'0) -end -module M_creusot_contracts__num_rational__qyi7156484438548626841__trans__refines [#"../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 106 8 106 56 - let%span snum_rational1 = "../../../creusot-contracts/src/num_rational.rs" 29 4 29 12 + axiom trans'1_spec : forall x : t_B'0, y : t_B'0, z : t_B'0, o : t_Ordering'0 . ([%#sord7] cmp_log'2 x y = o) + -> ([%#sord8] cmp_log'2 y z = o) -> ([%#sord9] cmp_log'2 x z = o) - use prelude.prelude.Real + function refl'1 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_B'0) : () - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + axiom refl'1_spec : forall x : t_B'0 . [%#sord6] cmp_log'2 x x = C_Equal'0 - use prelude.prelude.Real + function gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_B'0) (o : t_B'0) : bool - function cmp_log'0 [#"../../../creusot-contracts/src/num_rational.rs" 31 4 31 41] (self : Real.real) (o : Real.real) : t_Ordering'0 - - = - [%#snum_rational1] if Real.(<) self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + function cmp_gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_B'0) (y : t_B'0) : () - goal refines : [%#sord0] forall x : Real.real . forall y : Real.real . forall z : Real.real . forall o : t_Ordering'0 . cmp_log'0 y z - = o - /\ cmp_log'0 x y = o - -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) -end -module M_creusot_contracts__num_rational__qyi7156484438548626841__antisym1__refines [#"../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 112 8 112 37 - let%span snum_rational1 = "../../../creusot-contracts/src/num_rational.rs" 29 4 29 12 + axiom cmp_gt_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord5] gt_log'1 x y = (cmp_log'2 x y = C_Greater'0) - use prelude.prelude.Real + function ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_B'0) (o : t_B'0) : bool - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function cmp_ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_B'0) (y : t_B'0) : () - use prelude.prelude.Real + axiom cmp_ge_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord4] ge_log'1 x y = (cmp_log'2 x y <> C_Less'0) - function cmp_log'0 [#"../../../creusot-contracts/src/num_rational.rs" 31 4 31 41] (self : Real.real) (o : Real.real) : t_Ordering'0 - - = - [%#snum_rational1] if Real.(<) self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + function lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_B'0) (o : t_B'0) : bool - goal refines : [%#sord0] forall x : Real.real . forall y : Real.real . cmp_log'0 x y = C_Less'0 - -> cmp_log'0 x y = C_Less'0 /\ (forall result : () . cmp_log'0 y x = C_Greater'0 -> cmp_log'0 y x = C_Greater'0) -end -module M_creusot_contracts__num_rational__qyi7156484438548626841__refl__refines [#"../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 99 8 99 24 - let%span snum_rational1 = "../../../creusot-contracts/src/num_rational.rs" 29 4 29 12 + function cmp_lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_B'0) (y : t_B'0) : () - use prelude.prelude.Real + axiom cmp_lt_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord3] lt_log'1 x y = (cmp_log'2 x y = C_Less'0) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_B'0) (o : t_B'0) : bool - use prelude.prelude.Real + function cmp_le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_B'0) (y : t_B'0) : () - function cmp_log'0 [#"../../../creusot-contracts/src/num_rational.rs" 31 4 31 41] (self : Real.real) (o : Real.real) : t_Ordering'0 + axiom cmp_le_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord2] le_log'1 x y = (cmp_log'2 x y <> C_Greater'0) + + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 262 4 262 41] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : t_Ordering'0 = - [%#snum_rational1] if Real.(<) self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sord1] let r = cmp_log'1 (let (a, _) = self in a) (let (a, _) = o in a) in if r = C_Equal'0 then + cmp_log'2 (let (_, a) = self in a) (let (_, a) = o in a) + else + r + - goal refines : [%#sord0] forall x : Real.real . forall result : () . cmp_log'0 x x = C_Equal'0 - -> cmp_log'0 x x = C_Equal'0 + goal refines : [%#sord0] forall x : (t_A'0, t_B'0) . forall y : (t_A'0, t_B'0) . cmp_log'0 x y = C_Less'0 + -> cmp_log'0 x y = C_Less'0 /\ (forall result : () . cmp_log'0 y x = C_Greater'0 -> cmp_log'0 y x = C_Greater'0) end module M_creusot_contracts__stdqy35z1__deque__qyi8367101395671471553__resolve_coherence__refines [#"../../../creusot-contracts/src/std/deque.rs" 65 4 65 31] (* as resolve::Resolve> *) let%span sdeque0 = "../../../creusot-contracts/src/std/deque.rs" 65 4 65 31 @@ -21961,10 +21806,10 @@ module M_creusot_contracts__stdqy35z1__vec__qyi6844585276173866460__resolve_cohe let%span svec0 = "../../../creusot-contracts/src/std/vec.rs" 56 4 56 31 let%span svec1 = "../../../creusot-contracts/src/std/vec.rs" 49 20 49 83 let%span svec2 = "../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - let%span sops3 = "../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 + let%span sops3 = "../../../creusot-contracts/src/logic/ops.rs" 22 8 22 31 let%span sinvariant4 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 let%span svec5 = "../../../creusot-contracts/src/std/vec.rs" 65 20 65 41 - let%span sseq6 = "../../../creusot-contracts/src/logic/seq.rs" 451 20 451 95 + let%span sseq6 = "../../../creusot-contracts/src/logic/seq.rs" 609 20 609 95 let%span sboxed7 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 use prelude.prelude.Borrow @@ -22028,7 +21873,7 @@ module M_creusot_contracts__stdqy35z1__vec__qyi6844585276173866460__resolve_cohe axiom inv_axiom'3 [@rewrite] : forall x : t_T'0 [inv'3 x] . inv'3 x = invariant'3 x - predicate invariant'2 [#"../../../creusot-contracts/src/logic/seq.rs" 450 4 450 30] (self : Seq.seq t_T'0) = + predicate invariant'2 [#"../../../creusot-contracts/src/logic/seq.rs" 608 4 608 30] (self : Seq.seq t_T'0) = [%#sseq6] forall i : int . 0 <= i /\ i < Seq.length self -> inv'3 (Seq.get self i) predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t_T'0) @@ -22051,7 +21896,7 @@ module M_creusot_contracts__stdqy35z1__vec__qyi6844585276173866460__resolve_cohe use seq.Seq - function index_logic'0 [@inline:trivial] [#"../../../creusot-contracts/src/logic/ops.rs" 19 4 19 47] (self : t_Vec'0) (ix : int) : t_T'0 + function index_logic'0 [@inline:trivial] [#"../../../creusot-contracts/src/logic/ops.rs" 21 4 21 47] (self : t_Vec'0) (ix : int) : t_T'0 = [%#sops3] Seq.get (view'0 self) ix @@ -22155,9 +22000,9 @@ module M_creusot_contracts__stdqy35z1__vec__qyi8594830193745006303__resolve_cohe goal refines : [%#svec0] forall self : t_IntoIter'0 . structural_resolve'0 self /\ inv'0 self -> structural_resolve'0 self /\ (forall result : () . resolve'0 self -> resolve'0 self) end -module M_creusot_contracts__ghost__qyi2241556416362616690__resolve_coherence__refines [#"../../../creusot-contracts/src/ghost.rs" 100 4 100 31] (* as resolve::Resolve> *) - let%span sghost0 = "../../../creusot-contracts/src/ghost.rs" 100 4 100 31 - let%span sghost1 = "../../../creusot-contracts/src/ghost.rs" 93 8 93 24 +module M_creusot_contracts__ghost__qyi2241556416362616690__resolve_coherence__refines [#"../../../creusot-contracts/src/ghost.rs" 117 4 117 31] (* as resolve::Resolve> *) + let%span sghost0 = "../../../creusot-contracts/src/ghost.rs" 117 4 117 31 + let%span sghost1 = "../../../creusot-contracts/src/ghost.rs" 110 8 110 24 let%span sresolve2 = "../../../creusot-contracts/src/resolve.rs" 68 8 68 23 let%span sinvariant3 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 let%span sboxed4 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 @@ -22208,7 +22053,7 @@ module M_creusot_contracts__ghost__qyi2241556416362616690__resolve_coherence__re predicate structural_resolve'1 [#"../../../creusot-contracts/src/resolve.rs" 27 0 27 51] (_1 : t_GhostBox'0) = true - predicate resolve'0 [#"../../../creusot-contracts/src/ghost.rs" 92 4 92 28] (self : t_GhostBox'0) = + predicate resolve'0 [#"../../../creusot-contracts/src/ghost.rs" 109 4 109 28] (self : t_GhostBox'0) = [%#sghost1] resolve'1 self.t_GhostBox__0'0 goal refines : [%#sghost0] forall self : t_GhostBox'0 . structural_resolve'0 self /\ inv'0 self @@ -22381,7 +22226,7 @@ module M_creusot_contracts__stdqy35z1__deque__qyi3159098507555769709__produces_r let%span sslice2 = "../../../creusot-contracts/src/std/slice.rs" 96 14 96 41 let%span sslice3 = "../../../creusot-contracts/src/std/slice.rs" 97 14 97 80 let%span smodel4 = "../../../creusot-contracts/src/model.rs" 88 8 88 22 - let%span sops5 = "../../../creusot-contracts/src/logic/ops.rs" 42 8 42 31 + let%span sops5 = "../../../creusot-contracts/src/logic/ops.rs" 44 8 44 31 let%span sslice6 = "../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 let%span sslice7 = "../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 @@ -22441,7 +22286,7 @@ module M_creusot_contracts__stdqy35z1__deque__qyi3159098507555769709__produces_r use seq.Seq - function index_logic'0 [@inline:trivial] [#"../../../creusot-contracts/src/logic/ops.rs" 41 4 41 47] (self : slice t_T'0) (ix : int) : t_T'0 + function index_logic'0 [@inline:trivial] [#"../../../creusot-contracts/src/logic/ops.rs" 43 4 43 47] (self : slice t_T'0) (ix : int) : t_T'0 = [%#sops5] Seq.get (view'2 self) ix @@ -22470,7 +22315,7 @@ module M_creusot_contracts__stdqy35z1__deque__qyi3159098507555769709__produces_t let%span sslice2 = "../../../creusot-contracts/src/std/slice.rs" 96 14 96 41 let%span sslice3 = "../../../creusot-contracts/src/std/slice.rs" 97 14 97 80 let%span smodel4 = "../../../creusot-contracts/src/model.rs" 88 8 88 22 - let%span sops5 = "../../../creusot-contracts/src/logic/ops.rs" 42 8 42 31 + let%span sops5 = "../../../creusot-contracts/src/logic/ops.rs" 44 8 44 31 let%span sslice6 = "../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 let%span sslice7 = "../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 @@ -22524,7 +22369,7 @@ module M_creusot_contracts__stdqy35z1__deque__qyi3159098507555769709__produces_t use seq.Seq - function index_logic'0 [@inline:trivial] [#"../../../creusot-contracts/src/logic/ops.rs" 41 4 41 47] (self : slice t_T'0) (ix : int) : t_T'0 + function index_logic'0 [@inline:trivial] [#"../../../creusot-contracts/src/logic/ops.rs" 43 4 43 47] (self : slice t_T'0) (ix : int) : t_T'0 = [%#sops5] Seq.get (view'2 self) ix @@ -22564,7 +22409,7 @@ module M_creusot_contracts__stdqy35z1__iter__cloned__qyi10472681371035856984__pr let%span siter8 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 let%span siter9 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 let%span siter10 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 - let%span sseq11 = "../../../creusot-contracts/src/logic/seq.rs" 451 20 451 95 + let%span sseq11 = "../../../creusot-contracts/src/logic/seq.rs" 609 20 609 95 let%span sboxed12 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 let%span sinvariant13 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 @@ -22603,7 +22448,7 @@ module M_creusot_contracts__stdqy35z1__iter__cloned__qyi10472681371035856984__pr axiom inv_axiom'2 [@rewrite] : forall x : t_T'0 [inv'3 x] . inv'3 x = invariant'1 x - predicate invariant'0 [#"../../../creusot-contracts/src/logic/seq.rs" 450 4 450 30] (self : Seq.seq t_T'0) = + predicate invariant'0 [#"../../../creusot-contracts/src/logic/seq.rs" 608 4 608 30] (self : Seq.seq t_T'0) = [%#sseq11] forall i : int . 0 <= i /\ i < Seq.length self -> inv'3 (Seq.get self i) predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t_T'0) @@ -22679,7 +22524,7 @@ module M_creusot_contracts__stdqy35z1__iter__cloned__qyi10472681371035856984__pr let%span siter8 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 let%span siter9 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 let%span siter10 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 - let%span sseq11 = "../../../creusot-contracts/src/logic/seq.rs" 451 20 451 95 + let%span sseq11 = "../../../creusot-contracts/src/logic/seq.rs" 609 20 609 95 let%span sboxed12 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 let%span sinvariant13 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 @@ -22729,7 +22574,7 @@ module M_creusot_contracts__stdqy35z1__iter__cloned__qyi10472681371035856984__pr axiom inv_axiom'2 [@rewrite] : forall x : t_T'0 [inv'3 x] . inv'3 x = invariant'1 x - predicate invariant'0 [#"../../../creusot-contracts/src/logic/seq.rs" 450 4 450 30] (self : Seq.seq t_T'0) = + predicate invariant'0 [#"../../../creusot-contracts/src/logic/seq.rs" 608 4 608 30] (self : Seq.seq t_T'0) = [%#sseq11] forall i : int . 0 <= i /\ i < Seq.length self -> inv'3 (Seq.get self i) predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t_T'0) @@ -22792,7 +22637,7 @@ module M_creusot_contracts__stdqy35z1__iter__copied__qyi18224474876607687026__pr let%span siter8 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 let%span siter9 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 let%span siter10 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 - let%span sseq11 = "../../../creusot-contracts/src/logic/seq.rs" 451 20 451 95 + let%span sseq11 = "../../../creusot-contracts/src/logic/seq.rs" 609 20 609 95 let%span sboxed12 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 let%span sinvariant13 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 @@ -22842,7 +22687,7 @@ module M_creusot_contracts__stdqy35z1__iter__copied__qyi18224474876607687026__pr axiom inv_axiom'2 [@rewrite] : forall x : t_T'0 [inv'3 x] . inv'3 x = invariant'1 x - predicate invariant'0 [#"../../../creusot-contracts/src/logic/seq.rs" 450 4 450 30] (self : Seq.seq t_T'0) = + predicate invariant'0 [#"../../../creusot-contracts/src/logic/seq.rs" 608 4 608 30] (self : Seq.seq t_T'0) = [%#sseq11] forall i : int . 0 <= i /\ i < Seq.length self -> inv'3 (Seq.get self i) predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t_T'0) @@ -22905,7 +22750,7 @@ module M_creusot_contracts__stdqy35z1__iter__copied__qyi18224474876607687026__pr let%span siter8 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 let%span siter9 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 let%span siter10 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 - let%span sseq11 = "../../../creusot-contracts/src/logic/seq.rs" 451 20 451 95 + let%span sseq11 = "../../../creusot-contracts/src/logic/seq.rs" 609 20 609 95 let%span sboxed12 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 let%span sinvariant13 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 @@ -22944,7 +22789,7 @@ module M_creusot_contracts__stdqy35z1__iter__copied__qyi18224474876607687026__pr axiom inv_axiom'2 [@rewrite] : forall x : t_T'0 [inv'3 x] . inv'3 x = invariant'1 x - predicate invariant'0 [#"../../../creusot-contracts/src/logic/seq.rs" 450 4 450 30] (self : Seq.seq t_T'0) = + predicate invariant'0 [#"../../../creusot-contracts/src/logic/seq.rs" 608 4 608 30] (self : Seq.seq t_T'0) = [%#sseq11] forall i : int . 0 <= i /\ i < Seq.length self -> inv'3 (Seq.get self i) predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t_T'0) @@ -23079,7 +22924,7 @@ module M_creusot_contracts__stdqy35z1__iter__enumerate__qyi2718914205750388896__ let%span siter9 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 let%span siter10 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 let%span senumerate11 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 45 12 49 79 - let%span sseq12 = "../../../creusot-contracts/src/logic/seq.rs" 451 20 451 95 + let%span sseq12 = "../../../creusot-contracts/src/logic/seq.rs" 609 20 609 95 let%span sboxed13 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 type t_I'0 @@ -23114,7 +22959,7 @@ module M_creusot_contracts__stdqy35z1__iter__enumerate__qyi2718914205750388896__ axiom inv_axiom'2 [@rewrite] : forall x : t_Item'0 [inv'3 x] . inv'3 x = invariant'2 x - predicate invariant'1 [#"../../../creusot-contracts/src/logic/seq.rs" 450 4 450 30] (self : Seq.seq t_Item'0) = + predicate invariant'1 [#"../../../creusot-contracts/src/logic/seq.rs" 608 4 608 30] (self : Seq.seq t_Item'0) = [%#sseq12] forall i : int . 0 <= i /\ i < Seq.length self -> inv'3 (Seq.get self i) predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t_Item'0) @@ -23206,7 +23051,7 @@ module M_creusot_contracts__stdqy35z1__iter__enumerate__qyi2718914205750388896__ let%span siter9 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 let%span siter10 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 let%span siter11 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 - let%span sseq12 = "../../../creusot-contracts/src/logic/seq.rs" 451 20 451 95 + let%span sseq12 = "../../../creusot-contracts/src/logic/seq.rs" 609 20 609 95 let%span sboxed13 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 type t_I'0 @@ -23235,7 +23080,7 @@ module M_creusot_contracts__stdqy35z1__iter__enumerate__qyi2718914205750388896__ axiom inv_axiom'2 [@rewrite] : forall x : t_Item'0 [inv'3 x] . inv'3 x = invariant'2 x - predicate invariant'1 [#"../../../creusot-contracts/src/logic/seq.rs" 450 4 450 30] (self : Seq.seq t_Item'0) = + predicate invariant'1 [#"../../../creusot-contracts/src/logic/seq.rs" 608 4 608 30] (self : Seq.seq t_Item'0) = [%#sseq12] forall i : int . 0 <= i /\ i < Seq.length self -> inv'3 (Seq.get self i) predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t_Item'0) @@ -23800,7 +23645,7 @@ module M_creusot_contracts__stdqy35z1__iter__map__qyi6597778842032428791__produc let%span siter16 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 let%span siter17 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 let%span siter18 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 - let%span sseq19 = "../../../creusot-contracts/src/logic/seq.rs" 451 20 451 95 + let%span sseq19 = "../../../creusot-contracts/src/logic/seq.rs" 609 20 609 95 let%span sboxed20 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 let%span sinvariant21 = "../../../creusot-contracts/src/invariant.rs" 34 20 34 44 @@ -23890,7 +23735,7 @@ module M_creusot_contracts__stdqy35z1__iter__map__qyi6597778842032428791__produc axiom inv_axiom'3 [@rewrite] : forall x : borrowed t_F'0 [inv'5 x] . inv'5 x = invariant'2 x - predicate invariant'0 [#"../../../creusot-contracts/src/logic/seq.rs" 450 4 450 30] (self : Seq.seq (borrowed t_F'0)) + predicate invariant'0 [#"../../../creusot-contracts/src/logic/seq.rs" 608 4 608 30] (self : Seq.seq (borrowed t_F'0)) = [%#sseq19] forall i : int . 0 <= i /\ i < Seq.length self -> inv'5 (Seq.get self i) @@ -23915,7 +23760,7 @@ module M_creusot_contracts__stdqy35z1__iter__map__qyi6597778842032428791__produc axiom inv_axiom'4 [@rewrite] : forall x : t_Item'0 [inv'6 x] . inv'6 x = invariant'3 x - predicate invariant'1 [#"../../../creusot-contracts/src/logic/seq.rs" 450 4 450 30] (self : Seq.seq t_Item'0) = + predicate invariant'1 [#"../../../creusot-contracts/src/logic/seq.rs" 608 4 608 30] (self : Seq.seq t_Item'0) = [%#sseq19] forall i : int . 0 <= i /\ i < Seq.length self -> inv'6 (Seq.get self i) predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t_Item'0) @@ -24000,7 +23845,7 @@ module M_creusot_contracts__stdqy35z1__iter__map__qyi6597778842032428791__produc let%span siter16 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 let%span siter17 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 let%span siter18 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 - let%span sseq19 = "../../../creusot-contracts/src/logic/seq.rs" 451 20 451 95 + let%span sseq19 = "../../../creusot-contracts/src/logic/seq.rs" 609 20 609 95 let%span sboxed20 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 let%span sinvariant21 = "../../../creusot-contracts/src/invariant.rs" 34 20 34 44 @@ -24088,7 +23933,7 @@ module M_creusot_contracts__stdqy35z1__iter__map__qyi6597778842032428791__produc axiom inv_axiom'3 [@rewrite] : forall x : borrowed t_F'0 [inv'5 x] . inv'5 x = invariant'2 x - predicate invariant'0 [#"../../../creusot-contracts/src/logic/seq.rs" 450 4 450 30] (self : Seq.seq (borrowed t_F'0)) + predicate invariant'0 [#"../../../creusot-contracts/src/logic/seq.rs" 608 4 608 30] (self : Seq.seq (borrowed t_F'0)) = [%#sseq19] forall i : int . 0 <= i /\ i < Seq.length self -> inv'5 (Seq.get self i) @@ -24113,7 +23958,7 @@ module M_creusot_contracts__stdqy35z1__iter__map__qyi6597778842032428791__produc axiom inv_axiom'4 [@rewrite] : forall x : t_Item'0 [inv'6 x] . inv'6 x = invariant'3 x - predicate invariant'1 [#"../../../creusot-contracts/src/logic/seq.rs" 450 4 450 30] (self : Seq.seq t_Item'0) = + predicate invariant'1 [#"../../../creusot-contracts/src/logic/seq.rs" 608 4 608 30] (self : Seq.seq t_Item'0) = [%#sseq19] forall i : int . 0 <= i /\ i < Seq.length self -> inv'6 (Seq.get self i) predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t_Item'0) @@ -24205,7 +24050,7 @@ module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi9026772487048432788__pr let%span smap_inv19 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 130 14 130 81 let%span smap_inv20 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 133 12 138 88 let%span smap_inv21 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 123 12 125 63 - let%span sseq22 = "../../../creusot-contracts/src/logic/seq.rs" 451 20 451 95 + let%span sseq22 = "../../../creusot-contracts/src/logic/seq.rs" 609 20 609 95 let%span smap_inv23 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 146 12 151 71 let%span sinvariant24 = "../../../creusot-contracts/src/invariant.rs" 34 20 34 44 let%span sboxed25 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 @@ -24289,7 +24134,7 @@ module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi9026772487048432788__pr axiom inv_axiom'6 [@rewrite] : forall x : t_Item'0 [inv'10 x] . inv'10 x = invariant'6 x - predicate invariant'2 [#"../../../creusot-contracts/src/logic/seq.rs" 450 4 450 30] (self : Seq.seq t_Item'0) = + predicate invariant'2 [#"../../../creusot-contracts/src/logic/seq.rs" 608 4 608 30] (self : Seq.seq t_Item'0) = [%#sseq22] forall i : int . 0 <= i /\ i < Seq.length self -> inv'10 (Seq.get self i) predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t_Item'0) @@ -24399,7 +24244,7 @@ module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi9026772487048432788__pr axiom inv_axiom'5 [@rewrite] : forall x : borrowed t_F'0 [inv'9 x] . inv'9 x = invariant'5 x - predicate invariant'1 [#"../../../creusot-contracts/src/logic/seq.rs" 450 4 450 30] (self : Seq.seq (borrowed t_F'0)) + predicate invariant'1 [#"../../../creusot-contracts/src/logic/seq.rs" 608 4 608 30] (self : Seq.seq (borrowed t_F'0)) = [%#sseq22] forall i : int . 0 <= i /\ i < Seq.length self -> inv'9 (Seq.get self i) @@ -24465,7 +24310,7 @@ module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi9026772487048432788__pr let%span siter15 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 let%span siter16 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 let%span smap_inv17 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 80 12 82 73 - let%span sseq18 = "../../../creusot-contracts/src/logic/seq.rs" 451 20 451 95 + let%span sseq18 = "../../../creusot-contracts/src/logic/seq.rs" 609 20 609 95 let%span smap_inv19 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 159 12 163 47 let%span smap_inv20 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 130 14 130 81 let%span smap_inv21 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 133 12 138 88 @@ -24549,7 +24394,7 @@ module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi9026772487048432788__pr axiom inv_axiom'3 [@rewrite] : forall x : borrowed t_F'0 [inv'5 x] . inv'5 x = invariant'3 x - predicate invariant'1 [#"../../../creusot-contracts/src/logic/seq.rs" 450 4 450 30] (self : Seq.seq (borrowed t_F'0)) + predicate invariant'1 [#"../../../creusot-contracts/src/logic/seq.rs" 608 4 608 30] (self : Seq.seq (borrowed t_F'0)) = [%#sseq18] forall i : int . 0 <= i /\ i < Seq.length self -> inv'5 (Seq.get self i) @@ -24572,7 +24417,7 @@ module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi9026772487048432788__pr axiom inv_axiom'4 [@rewrite] : forall x : t_Item'0 [inv'6 x] . inv'6 x = invariant'4 x - predicate invariant'2 [#"../../../creusot-contracts/src/logic/seq.rs" 450 4 450 30] (self : Seq.seq t_Item'0) = + predicate invariant'2 [#"../../../creusot-contracts/src/logic/seq.rs" 608 4 608 30] (self : Seq.seq t_Item'0) = [%#sseq18] forall i : int . 0 <= i /\ i < Seq.length self -> inv'6 (Seq.get self i) predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t_Item'0) @@ -25170,7 +25015,7 @@ module M_creusot_contracts__stdqy35z1__iter__skip__qyi3195031491774060502__produ let%span siter9 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 let%span siter10 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 let%span siter11 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 - let%span sseq12 = "../../../creusot-contracts/src/logic/seq.rs" 451 20 451 95 + let%span sseq12 = "../../../creusot-contracts/src/logic/seq.rs" 609 20 609 95 let%span sboxed13 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 type t_I'0 @@ -25209,7 +25054,7 @@ module M_creusot_contracts__stdqy35z1__iter__skip__qyi3195031491774060502__produ axiom inv_axiom'2 [@rewrite] : forall x : t_Item'0 [inv'3 x] . inv'3 x = invariant'1 x - predicate invariant'0 [#"../../../creusot-contracts/src/logic/seq.rs" 450 4 450 30] (self : Seq.seq t_Item'0) = + predicate invariant'0 [#"../../../creusot-contracts/src/logic/seq.rs" 608 4 608 30] (self : Seq.seq t_Item'0) = [%#sseq12] forall i : int . 0 <= i /\ i < Seq.length self -> inv'3 (Seq.get self i) predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t_Item'0) @@ -25285,7 +25130,7 @@ module M_creusot_contracts__stdqy35z1__iter__skip__qyi3195031491774060502__produ let%span siter9 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 let%span siter10 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 let%span siter11 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 - let%span sseq12 = "../../../creusot-contracts/src/logic/seq.rs" 451 20 451 95 + let%span sseq12 = "../../../creusot-contracts/src/logic/seq.rs" 609 20 609 95 let%span sboxed13 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 type t_I'0 @@ -25333,7 +25178,7 @@ module M_creusot_contracts__stdqy35z1__iter__skip__qyi3195031491774060502__produ axiom inv_axiom'2 [@rewrite] : forall x : t_Item'0 [inv'3 x] . inv'3 x = invariant'1 x - predicate invariant'0 [#"../../../creusot-contracts/src/logic/seq.rs" 450 4 450 30] (self : Seq.seq t_Item'0) = + predicate invariant'0 [#"../../../creusot-contracts/src/logic/seq.rs" 608 4 608 30] (self : Seq.seq t_Item'0) = [%#sseq12] forall i : int . 0 <= i /\ i < Seq.length self -> inv'3 (Seq.get self i) predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t_Item'0) @@ -25562,7 +25407,7 @@ module M_creusot_contracts__stdqy35z1__iter__zip__qyi2281060687216883844__produc let%span siter9 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 let%span siter10 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 let%span siter11 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 - let%span sseq12 = "../../../creusot-contracts/src/logic/seq.rs" 451 20 451 95 + let%span sseq12 = "../../../creusot-contracts/src/logic/seq.rs" 609 20 609 95 let%span sboxed13 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 type t_A'0 @@ -25599,7 +25444,7 @@ module M_creusot_contracts__stdqy35z1__iter__zip__qyi2281060687216883844__produc axiom inv_axiom'3 [@rewrite] : forall x : t_Item'0 [inv'5 x] . inv'5 x = invariant'2 x - predicate invariant'0 [#"../../../creusot-contracts/src/logic/seq.rs" 450 4 450 30] (self : Seq.seq t_Item'0) = + predicate invariant'0 [#"../../../creusot-contracts/src/logic/seq.rs" 608 4 608 30] (self : Seq.seq t_Item'0) = [%#sseq12] forall i : int . 0 <= i /\ i < Seq.length self -> inv'5 (Seq.get self i) predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t_Item'0) @@ -25619,7 +25464,7 @@ module M_creusot_contracts__stdqy35z1__iter__zip__qyi2281060687216883844__produc axiom inv_axiom'4 [@rewrite] : forall x : t_Item'1 [inv'6 x] . inv'6 x = invariant'3 x - predicate invariant'1 [#"../../../creusot-contracts/src/logic/seq.rs" 450 4 450 30] (self : Seq.seq t_Item'1) = + predicate invariant'1 [#"../../../creusot-contracts/src/logic/seq.rs" 608 4 608 30] (self : Seq.seq t_Item'1) = [%#sseq12] forall i : int . 0 <= i /\ i < Seq.length self -> inv'6 (Seq.get self i) predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t_Item'1) @@ -25728,7 +25573,7 @@ module M_creusot_contracts__stdqy35z1__iter__zip__qyi2281060687216883844__produc let%span siter9 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 let%span siter10 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 let%span siter11 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 - let%span sseq12 = "../../../creusot-contracts/src/logic/seq.rs" 451 20 451 95 + let%span sseq12 = "../../../creusot-contracts/src/logic/seq.rs" 609 20 609 95 let%span sboxed13 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 type t_A'0 @@ -25779,7 +25624,7 @@ module M_creusot_contracts__stdqy35z1__iter__zip__qyi2281060687216883844__produc axiom inv_axiom'3 [@rewrite] : forall x : t_Item'0 [inv'5 x] . inv'5 x = invariant'2 x - predicate invariant'0 [#"../../../creusot-contracts/src/logic/seq.rs" 450 4 450 30] (self : Seq.seq t_Item'0) = + predicate invariant'0 [#"../../../creusot-contracts/src/logic/seq.rs" 608 4 608 30] (self : Seq.seq t_Item'0) = [%#sseq12] forall i : int . 0 <= i /\ i < Seq.length self -> inv'5 (Seq.get self i) predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t_Item'0) @@ -25799,7 +25644,7 @@ module M_creusot_contracts__stdqy35z1__iter__zip__qyi2281060687216883844__produc axiom inv_axiom'4 [@rewrite] : forall x : t_Item'1 [inv'6 x] . inv'6 x = invariant'3 x - predicate invariant'1 [#"../../../creusot-contracts/src/logic/seq.rs" 450 4 450 30] (self : Seq.seq t_Item'1) = + predicate invariant'1 [#"../../../creusot-contracts/src/logic/seq.rs" 608 4 608 30] (self : Seq.seq t_Item'1) = [%#sseq12] forall i : int . 0 <= i /\ i < Seq.length self -> inv'6 (Seq.get self i) predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t_Item'1) @@ -26282,7 +26127,7 @@ module M_creusot_contracts__stdqy35z1__slice__qyi8256668011736225471__produces_t let%span sslice2 = "../../../creusot-contracts/src/std/slice.rs" 96 14 96 41 let%span sslice3 = "../../../creusot-contracts/src/std/slice.rs" 97 14 97 80 let%span smodel4 = "../../../creusot-contracts/src/model.rs" 88 8 88 22 - let%span sops5 = "../../../creusot-contracts/src/logic/ops.rs" 42 8 42 31 + let%span sops5 = "../../../creusot-contracts/src/logic/ops.rs" 44 8 44 31 let%span sslice6 = "../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 let%span sslice7 = "../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 @@ -26333,7 +26178,7 @@ module M_creusot_contracts__stdqy35z1__slice__qyi8256668011736225471__produces_t use seq.Seq - function index_logic'0 [@inline:trivial] [#"../../../creusot-contracts/src/logic/ops.rs" 41 4 41 47] (self : slice t_T'0) (ix : int) : t_T'0 + function index_logic'0 [@inline:trivial] [#"../../../creusot-contracts/src/logic/ops.rs" 43 4 43 47] (self : slice t_T'0) (ix : int) : t_T'0 = [%#sops5] Seq.get (view'2 self) ix @@ -26367,7 +26212,7 @@ module M_creusot_contracts__stdqy35z1__slice__qyi8256668011736225471__produces_r let%span sslice2 = "../../../creusot-contracts/src/std/slice.rs" 96 14 96 41 let%span sslice3 = "../../../creusot-contracts/src/std/slice.rs" 97 14 97 80 let%span smodel4 = "../../../creusot-contracts/src/model.rs" 88 8 88 22 - let%span sops5 = "../../../creusot-contracts/src/logic/ops.rs" 42 8 42 31 + let%span sops5 = "../../../creusot-contracts/src/logic/ops.rs" 44 8 44 31 let%span sslice6 = "../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 let%span sslice7 = "../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 @@ -26424,7 +26269,7 @@ module M_creusot_contracts__stdqy35z1__slice__qyi8256668011736225471__produces_r use seq.Seq - function index_logic'0 [@inline:trivial] [#"../../../creusot-contracts/src/logic/ops.rs" 41 4 41 47] (self : slice t_T'0) (ix : int) : t_T'0 + function index_logic'0 [@inline:trivial] [#"../../../creusot-contracts/src/logic/ops.rs" 43 4 43 47] (self : slice t_T'0) (ix : int) : t_T'0 = [%#sops5] Seq.get (view'2 self) ix @@ -26456,7 +26301,7 @@ module M_creusot_contracts__stdqy35z1__slice__qyi7128337469104663169__produces_r let%span sslice5 = "../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 let%span sslice6 = "../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 let%span smodel7 = "../../../creusot-contracts/src/model.rs" 106 8 106 22 - let%span sops8 = "../../../creusot-contracts/src/logic/ops.rs" 42 8 42 31 + let%span sops8 = "../../../creusot-contracts/src/logic/ops.rs" 44 8 44 31 use prelude.prelude.Opaque @@ -26517,7 +26362,7 @@ module M_creusot_contracts__stdqy35z1__slice__qyi7128337469104663169__produces_r use seq.Seq - function index_logic'0 [@inline:trivial] [#"../../../creusot-contracts/src/logic/ops.rs" 41 4 41 47] (self : slice t_T'0) (ix : int) : t_T'0 + function index_logic'0 [@inline:trivial] [#"../../../creusot-contracts/src/logic/ops.rs" 43 4 43 47] (self : slice t_T'0) (ix : int) : t_T'0 = [%#sops8] Seq.get (view'1 self) ix @@ -26552,7 +26397,7 @@ module M_creusot_contracts__stdqy35z1__slice__qyi7128337469104663169__produces_t let%span sslice5 = "../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 let%span sslice6 = "../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 let%span smodel7 = "../../../creusot-contracts/src/model.rs" 106 8 106 22 - let%span sops8 = "../../../creusot-contracts/src/logic/ops.rs" 42 8 42 31 + let%span sops8 = "../../../creusot-contracts/src/logic/ops.rs" 44 8 44 31 use prelude.prelude.Opaque @@ -26607,7 +26452,7 @@ module M_creusot_contracts__stdqy35z1__slice__qyi7128337469104663169__produces_t use seq.Seq - function index_logic'0 [@inline:trivial] [#"../../../creusot-contracts/src/logic/ops.rs" 41 4 41 47] (self : slice t_T'0) (ix : int) : t_T'0 + function index_logic'0 [@inline:trivial] [#"../../../creusot-contracts/src/logic/ops.rs" 43 4 43 47] (self : slice t_T'0) (ix : int) : t_T'0 = [%#sops8] Seq.get (view'1 self) ix @@ -26781,7 +26626,7 @@ module M_creusot_contracts__stdqy35z1__iter__fuse__qyi7691061398646472980__is_fu let%span siter21 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 let%span siter22 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 let%span siter23 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 - let%span sseq24 = "../../../creusot-contracts/src/logic/seq.rs" 451 20 451 95 + let%span sseq24 = "../../../creusot-contracts/src/logic/seq.rs" 609 20 609 95 let%span sinvariant25 = "../../../creusot-contracts/src/invariant.rs" 34 20 34 44 let%span sboxed26 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 @@ -26903,7 +26748,7 @@ module M_creusot_contracts__stdqy35z1__iter__fuse__qyi7691061398646472980__is_fu axiom inv_axiom'5 [@rewrite] : forall x : t_Item'0 [inv'6 x] . inv'6 x = invariant'3 x - predicate invariant'0 [#"../../../creusot-contracts/src/logic/seq.rs" 450 4 450 30] (self : Seq.seq t_Item'0) = + predicate invariant'0 [#"../../../creusot-contracts/src/logic/seq.rs" 608 4 608 30] (self : Seq.seq t_Item'0) = [%#sseq24] forall i : int . 0 <= i /\ i < Seq.length self -> inv'6 (Seq.get self i) predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t_Item'0) @@ -26959,7 +26804,7 @@ module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi4413682431414748756__ne let%span sops28 = "../../../creusot-contracts/src/std/ops.rs" 117 15 117 26 let%span sops29 = "../../../creusot-contracts/src/std/ops.rs" 118 14 118 28 let%span sops30 = "../../../creusot-contracts/src/std/ops.rs" 123 14 124 105 - let%span sseq31 = "../../../creusot-contracts/src/logic/seq.rs" 451 20 451 95 + let%span sseq31 = "../../../creusot-contracts/src/logic/seq.rs" 609 20 609 95 let%span smap_inv32 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 80 12 82 73 let%span smap_inv33 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 159 12 163 47 let%span smap_inv34 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 130 14 130 81 @@ -27047,7 +26892,7 @@ module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi4413682431414748756__ne axiom inv_axiom'7 [@rewrite] : forall x : t_Item'0 [inv'11 x] . inv'11 x = invariant'6 x - predicate invariant'3 [#"../../../creusot-contracts/src/logic/seq.rs" 450 4 450 30] (self : Seq.seq t_Item'0) = + predicate invariant'3 [#"../../../creusot-contracts/src/logic/seq.rs" 608 4 608 30] (self : Seq.seq t_Item'0) = [%#sseq31] forall i : int . 0 <= i /\ i < Seq.length self -> inv'11 (Seq.get self i) predicate inv'5 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t_Item'0) @@ -27166,7 +27011,7 @@ module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi4413682431414748756__ne axiom inv_axiom'6 [@rewrite] : forall x : borrowed t_F'0 [inv'10 x] . inv'10 x = invariant'5 x - predicate invariant'2 [#"../../../creusot-contracts/src/logic/seq.rs" 450 4 450 30] (self : Seq.seq (borrowed t_F'0)) + predicate invariant'2 [#"../../../creusot-contracts/src/logic/seq.rs" 608 4 608 30] (self : Seq.seq (borrowed t_F'0)) = [%#sseq31] forall i : int . 0 <= i /\ i < Seq.length self -> inv'10 (Seq.get self i) @@ -27401,8 +27246,84 @@ module M_creusot_contracts__stdqy35z1__ptr__qyi4877913266695965320__is_null_logi goal refines : [%#sptr0] forall self : opaque_ptr . forall result : bool . result = (addr_logic'0 self = 0) -> result = (addr_logic'0 self = 0) end -module M_creusot_contracts__ghost__qyi1862168959261460300__deref__refines [#"../../../creusot-contracts/src/ghost.rs" 52 4 52 36] (* as std::ops::Deref> *) - let%span sghost0 = "../../../creusot-contracts/src/ghost.rs" 52 4 52 36 +module M_creusot_contracts__ghost__qyi17645547594388049322__clone__refines [#"../../../creusot-contracts/src/ghost.rs" 50 4 50 27] (* as std::clone::Clone> *) + let%span sghost0 = "../../../creusot-contracts/src/ghost.rs" 50 4 50 27 + let%span sinvariant1 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 + let%span sboxed2 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 + + use prelude.prelude.Borrow + + type t_T'0 + + type t_GhostBox'0 = + { t_GhostBox__0'0: t_T'0 } + + predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) + + predicate invariant'1 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : t_T'0) = + [%#sboxed2] inv'3 self + + predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) + + axiom inv_axiom'2 [@rewrite] : forall x : t_T'0 [inv'2 x] . inv'2 x = invariant'1 x + + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_GhostBox'0) + + axiom inv_axiom'1 [@rewrite] : forall x : t_GhostBox'0 [inv'1 x] . inv'1 x + = match x with + | {t_GhostBox__0'0 = a_0} -> inv'2 a_0 + end + + predicate invariant'0 [#"../../../creusot-contracts/src/invariant.rs" 23 4 23 30] (self : t_GhostBox'0) = + [%#sinvariant1] inv'1 self + + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_GhostBox'0) + + axiom inv_axiom'0 [@rewrite] : forall x : t_GhostBox'0 [inv'0 x] . inv'0 x = invariant'0 x + + goal refines : [%#sghost0] forall self : t_GhostBox'0 . inv'0 self + -> inv'0 self /\ (forall result : t_GhostBox'0 . result = self /\ inv'1 result -> result = self /\ inv'1 result) +end +module M_creusot_contracts__logic__int__qyi3540547019284611154__clone__refines [#"../../../creusot-contracts/src/logic/int.rs" 36 4 36 27] (* *) + let%span sint0 = "../../../creusot-contracts/src/logic/int.rs" 36 4 36 27 + + use prelude.prelude.Borrow + + use prelude.prelude.Int + + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : int) + + axiom inv_axiom'0 [@rewrite] : forall x : int [inv'0 x] . inv'0 x = true + + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : int) + + axiom inv_axiom'1 [@rewrite] : forall x : int [inv'1 x] . inv'1 x = true + + goal refines : [%#sint0] forall self : int . inv'0 self + -> (forall result : int . result = self -> result = self /\ inv'1 result) +end +module M_creusot_contracts__snapshot__qyi5567339964777190687__clone__refines [#"../../../creusot-contracts/src/snapshot.rs" 59 4 59 27] (* as std::clone::Clone> *) + let%span ssnapshot0 = "../../../creusot-contracts/src/snapshot.rs" 59 4 59 27 + + use prelude.prelude.Borrow + + type t_T'0 + + use prelude.prelude.Snapshot + + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Snapshot.snap_ty t_T'0) + + axiom inv_axiom'0 [@rewrite] : forall x : Snapshot.snap_ty t_T'0 [inv'0 x] . inv'0 x = true + + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Snapshot.snap_ty t_T'0) + + axiom inv_axiom'1 [@rewrite] : forall x : Snapshot.snap_ty t_T'0 [inv'1 x] . inv'1 x = true + + goal refines : [%#ssnapshot0] forall self : Snapshot.snap_ty t_T'0 . inv'0 self + -> (forall result : Snapshot.snap_ty t_T'0 . result = self -> result = self /\ inv'1 result) +end +module M_creusot_contracts__ghost__qyi1862168959261460300__deref__refines [#"../../../creusot-contracts/src/ghost.rs" 69 4 69 36] (* as std::ops::Deref> *) + let%span sghost0 = "../../../creusot-contracts/src/ghost.rs" 69 4 69 36 let%span sinvariant1 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 let%span sboxed2 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 @@ -27446,8 +27367,8 @@ module M_creusot_contracts__ghost__qyi1862168959261460300__deref__refines [#"../ goal refines : [%#sghost0] forall self : t_GhostBox'0 . inv'0 self -> inv'0 self /\ (forall result : t_T'0 . self.t_GhostBox__0'0 = result /\ inv'1 result -> inv'1 result) end -module M_creusot_contracts__ghost__qyi17214052996668775070__deref_mut__refines [#"../../../creusot-contracts/src/ghost.rs" 68 4 68 48] (* as std::ops::DerefMut> *) - let%span sghost0 = "../../../creusot-contracts/src/ghost.rs" 68 4 68 48 +module M_creusot_contracts__ghost__qyi17214052996668775070__deref_mut__refines [#"../../../creusot-contracts/src/ghost.rs" 85 4 85 48] (* as std::ops::DerefMut> *) + let%span sghost0 = "../../../creusot-contracts/src/ghost.rs" 85 4 85 48 let%span sinvariant1 = "../../../creusot-contracts/src/invariant.rs" 34 20 34 44 let%span sboxed2 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 @@ -27494,3 +27415,74 @@ module M_creusot_contracts__ghost__qyi17214052996668775070__deref_mut__refines [ = Borrow.borrow_logic (self.current).t_GhostBox__0'0 (self.final).t_GhostBox__0'0 (Borrow.inherit_id (Borrow.get_id self) 1) /\ inv'1 result -> inv'1 result) end +module M_creusot_contracts__logic__int__qyi3411234291730139970__add__refines [#"../../../creusot-contracts/src/logic/int.rs" 173 4 173 32] (* *) + let%span sint0 = "../../../creusot-contracts/src/logic/int.rs" 173 4 173 32 + + use prelude.prelude.Int + + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : int) + + axiom inv_axiom'0 [@rewrite] : forall x : int [inv'0 x] . inv'0 x = true + + goal refines : [%#sint0] forall self : int . forall rhs : int . inv'0 rhs /\ inv'0 self + -> (forall result : int . inv'0 result) +end +module M_creusot_contracts__logic__int__qyi14674898037351238599__sub__refines [#"../../../creusot-contracts/src/logic/int.rs" 184 4 184 32] (* *) + let%span sint0 = "../../../creusot-contracts/src/logic/int.rs" 184 4 184 32 + + use prelude.prelude.Int + + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : int) + + axiom inv_axiom'0 [@rewrite] : forall x : int [inv'0 x] . inv'0 x = true + + goal refines : [%#sint0] forall self : int . forall rhs : int . inv'0 rhs /\ inv'0 self + -> (forall result : int . inv'0 result) +end +module M_creusot_contracts__logic__int__qyi92031444461445902__mul__refines [#"../../../creusot-contracts/src/logic/int.rs" 195 4 195 32] (* *) + let%span sint0 = "../../../creusot-contracts/src/logic/int.rs" 195 4 195 32 + + use prelude.prelude.Int + + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : int) + + axiom inv_axiom'0 [@rewrite] : forall x : int [inv'0 x] . inv'0 x = true + + goal refines : [%#sint0] forall self : int . forall rhs : int . inv'0 rhs /\ inv'0 self + -> (forall result : int . inv'0 result) +end +module M_creusot_contracts__logic__int__qyi2704776725966497021__div__refines [#"../../../creusot-contracts/src/logic/int.rs" 206 4 206 32] (* *) + let%span sint0 = "../../../creusot-contracts/src/logic/int.rs" 206 4 206 32 + + use prelude.prelude.Int + + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : int) + + axiom inv_axiom'0 [@rewrite] : forall x : int [inv'0 x] . inv'0 x = true + + goal refines : [%#sint0] forall self : int . forall rhs : int . inv'0 rhs /\ inv'0 self + -> (forall result : int . inv'0 result) +end +module M_creusot_contracts__logic__int__qyi13390566486180286353__rem__refines [#"../../../creusot-contracts/src/logic/int.rs" 217 4 217 32] (* *) + let%span sint0 = "../../../creusot-contracts/src/logic/int.rs" 217 4 217 32 + + use prelude.prelude.Int + + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : int) + + axiom inv_axiom'0 [@rewrite] : forall x : int [inv'0 x] . inv'0 x = true + + goal refines : [%#sint0] forall self : int . forall rhs : int . inv'0 rhs /\ inv'0 self + -> (forall result : int . inv'0 result) +end +module M_creusot_contracts__logic__int__qyi6972377124305281595__neg__refines [#"../../../creusot-contracts/src/logic/int.rs" 228 4 228 24] (* *) + let%span sint0 = "../../../creusot-contracts/src/logic/int.rs" 228 4 228 24 + + use prelude.prelude.Int + + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : int) + + axiom inv_axiom'0 [@rewrite] : forall x : int [inv'0 x] . inv'0 x = true + + goal refines : [%#sint0] forall self : int . inv'0 self -> (forall result : int . inv'0 result) +end diff --git a/creusot/tests/creusot-contracts/creusot-contracts/why3session.xml b/creusot/tests/creusot-contracts/creusot-contracts/why3session.xml index 6a71a5c750..0057aeb485 100644 --- a/creusot/tests/creusot-contracts/creusot-contracts/why3session.xml +++ b/creusot/tests/creusot-contracts/creusot-contracts/why3session.xml @@ -8,184 +8,94 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + - - - + + + - - - + + + - - - + + + - - - + + + - - - + + + - + - + - - - + + + - + - + - - - - - - - - - - - - - - - - - - + + + - + - + - - - + + + - + - + - - - - - - - - - - - - - - - - - - + + + - + - + - - - + + + - + - + - - - - - - - - - - - - - - - - - - + + + @@ -1718,96 +1628,6 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -2706,6 +2526,166 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + @@ -2823,14 +2803,24 @@ - - - + + + - - - + + + + + + + + + + + + + @@ -2843,6 +2833,11 @@ + + + + + diff --git a/creusot/tests/creusot-contracts/creusot-contracts/why3shapes.gz b/creusot/tests/creusot-contracts/creusot-contracts/why3shapes.gz index 3d6df18096..c619aeceb2 100644 Binary files a/creusot/tests/creusot-contracts/creusot-contracts/why3shapes.gz and b/creusot/tests/creusot-contracts/creusot-contracts/why3shapes.gz differ diff --git a/creusot/tests/should_fail/bug/878.coma b/creusot/tests/should_fail/bug/878.coma index b55d15cbc4..3c852bd922 100644 --- a/creusot/tests/should_fail/bug/878.coma +++ b/creusot/tests/should_fail/bug/878.coma @@ -112,7 +112,7 @@ module M_878__test2 [#"878.rs" 19 0 19 14] let%span sboxed7 = "../../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 let%span svec8 = "../../../../creusot-contracts/src/std/vec.rs" 65 20 65 41 let%span sslice9 = "../../../../creusot-contracts/src/std/slice.rs" 18 20 18 30 - let%span sseq10 = "../../../../creusot-contracts/src/logic/seq.rs" 451 20 451 95 + let%span sseq10 = "../../../../creusot-contracts/src/logic/seq.rs" 609 20 609 95 let%span s87811 = "878.rs" 15 8 15 22 use prelude.prelude.UInt32 @@ -254,7 +254,7 @@ module M_878__test3 [#"878.rs" 25 0 25 14] let%span sboxed7 = "../../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 let%span svec8 = "../../../../creusot-contracts/src/std/vec.rs" 65 20 65 41 let%span sslice9 = "../../../../creusot-contracts/src/std/slice.rs" 18 20 18 30 - let%span sseq10 = "../../../../creusot-contracts/src/logic/seq.rs" 451 20 451 95 + let%span sseq10 = "../../../../creusot-contracts/src/logic/seq.rs" 609 20 609 95 let%span s87811 = "878.rs" 15 8 15 22 use prelude.prelude.UInt32 diff --git a/creusot/tests/should_fail/bug/specialize.coma b/creusot/tests/should_fail/bug/specialize.coma index b8c1d9ca9b..465cb99a14 100644 --- a/creusot/tests/should_fail/bug/specialize.coma +++ b/creusot/tests/should_fail/bug/specialize.coma @@ -43,7 +43,7 @@ module M_specialize__g [#"specialize.rs" 27 0 27 18] let%span sspecialize2 = "specialize.rs" 6 9 6 13 let%span svec3 = "../../../../creusot-contracts/src/std/vec.rs" 65 20 65 41 let%span svec4 = "../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - let%span sseq5 = "../../../../creusot-contracts/src/logic/seq.rs" 451 20 451 95 + let%span sseq5 = "../../../../creusot-contracts/src/logic/seq.rs" 609 20 609 95 let%span sboxed6 = "../../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 use prelude.prelude.Opaque @@ -169,7 +169,7 @@ module M_specialize__qyi2463200954251793265__x__refines [#"specialize.rs" 12 4 1 let%span sspecialize0 = "specialize.rs" 12 4 12 22 let%span svec1 = "../../../../creusot-contracts/src/std/vec.rs" 65 20 65 41 let%span svec2 = "../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - let%span sseq3 = "../../../../creusot-contracts/src/logic/seq.rs" 451 20 451 95 + let%span sseq3 = "../../../../creusot-contracts/src/logic/seq.rs" 609 20 609 95 let%span sboxed4 = "../../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 use prelude.prelude.Opaque diff --git a/creusot/tests/should_succeed/100doors.coma b/creusot/tests/should_succeed/100doors.coma index 391f2ccc0f..f61a8065d5 100644 --- a/creusot/tests/should_succeed/100doors.coma +++ b/creusot/tests/should_succeed/100doors.coma @@ -26,7 +26,7 @@ module M_100doors__f [#"100doors.rs" 18 0 18 10] let%span svec24 = "../../../creusot-contracts/src/std/vec.rs" 154 26 154 57 let%span svec25 = "../../../creusot-contracts/src/std/vec.rs" 155 26 155 62 let%span svec26 = "../../../creusot-contracts/src/std/vec.rs" 156 26 156 55 - let%span sops27 = "../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 + let%span sops27 = "../../../creusot-contracts/src/logic/ops.rs" 22 8 22 31 let%span siter28 = "../../../creusot-contracts/src/std/iter.rs" 86 20 86 24 let%span siter29 = "../../../creusot-contracts/src/std/iter.rs" 92 8 92 19 let%span srange30 = "../../../creusot-contracts/src/std/iter/range.rs" 33 15 33 24 diff --git a/creusot/tests/should_succeed/bdd.coma b/creusot/tests/should_succeed/bdd.coma index d24b0ed590..5a3929f06b 100644 --- a/creusot/tests/should_succeed/bdd.coma +++ b/creusot/tests/should_succeed/bdd.coma @@ -3775,23 +3775,23 @@ module M_bdd__qyi11078426090797403070__and [#"bdd.rs" 533 4 533 72] (* Context<' let%span smodel36 = "../../../creusot-contracts/src/model.rs" 79 8 79 28 let%span sresolve37 = "../../../creusot-contracts/src/resolve.rs" 54 20 54 34 let%span snum38 = "../../../creusot-contracts/src/std/num.rs" 21 28 21 33 - let%span sord39 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 + let%span sord39 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 let%span stuples40 = "../../../creusot-contracts/src/std/tuples.rs" 29 28 29 57 let%span smodel41 = "../../../creusot-contracts/src/model.rs" 106 8 106 22 let%span sinvariant42 = "../../../creusot-contracts/src/invariant.rs" 34 20 34 44 - let%span sord43 = "../../../creusot-contracts/src/logic/ord.rs" 78 39 78 89 - let%span sord44 = "../../../creusot-contracts/src/logic/ord.rs" 83 39 83 86 - let%span sord45 = "../../../creusot-contracts/src/logic/ord.rs" 88 39 88 86 - let%span sord46 = "../../../creusot-contracts/src/logic/ord.rs" 93 39 93 89 - let%span sord47 = "../../../creusot-contracts/src/logic/ord.rs" 98 39 98 70 - let%span sord48 = "../../../creusot-contracts/src/logic/ord.rs" 103 40 103 57 - let%span sord49 = "../../../creusot-contracts/src/logic/ord.rs" 104 40 104 57 - let%span sord50 = "../../../creusot-contracts/src/logic/ord.rs" 105 39 105 56 - let%span sord51 = "../../../creusot-contracts/src/logic/ord.rs" 110 40 110 70 - let%span sord52 = "../../../creusot-contracts/src/logic/ord.rs" 111 39 111 72 - let%span sord53 = "../../../creusot-contracts/src/logic/ord.rs" 116 40 116 73 - let%span sord54 = "../../../creusot-contracts/src/logic/ord.rs" 117 39 117 69 - let%span sord55 = "../../../creusot-contracts/src/logic/ord.rs" 122 39 122 84 + let%span sord43 = "../../../creusot-contracts/src/logic/ord.rs" 129 39 129 89 + let%span sord44 = "../../../creusot-contracts/src/logic/ord.rs" 134 39 134 86 + let%span sord45 = "../../../creusot-contracts/src/logic/ord.rs" 139 39 139 86 + let%span sord46 = "../../../creusot-contracts/src/logic/ord.rs" 144 39 144 89 + let%span sord47 = "../../../creusot-contracts/src/logic/ord.rs" 149 39 149 70 + let%span sord48 = "../../../creusot-contracts/src/logic/ord.rs" 154 40 154 57 + let%span sord49 = "../../../creusot-contracts/src/logic/ord.rs" 155 40 155 57 + let%span sord50 = "../../../creusot-contracts/src/logic/ord.rs" 156 39 156 56 + let%span sord51 = "../../../creusot-contracts/src/logic/ord.rs" 161 40 161 70 + let%span sord52 = "../../../creusot-contracts/src/logic/ord.rs" 162 39 162 72 + let%span sord53 = "../../../creusot-contracts/src/logic/ord.rs" 167 40 167 73 + let%span sord54 = "../../../creusot-contracts/src/logic/ord.rs" 168 39 168 69 + let%span sord55 = "../../../creusot-contracts/src/logic/ord.rs" 173 39 173 84 let%span sbdd56 = "bdd.rs" 267 12 291 19 let%span sbdd57 = "bdd.rs" 189 20 189 26 let%span sbdd58 = "bdd.rs" 179 20 179 37 diff --git a/creusot/tests/should_succeed/bug/217.coma b/creusot/tests/should_succeed/bug/217.coma index 20c26ebc29..02a01e8ce8 100644 --- a/creusot/tests/should_succeed/bug/217.coma +++ b/creusot/tests/should_succeed/bug/217.coma @@ -1,7 +1,7 @@ module M_217__ex [#"217.rs" 11 0 11 37] let%span s2170 = "217.rs" 10 10 10 17 let%span s2171 = "217.rs" 9 0 9 8 - let%span sseq2 = "../../../../creusot-contracts/src/logic/seq.rs" 106 8 106 39 + let%span sseq2 = "../../../../creusot-contracts/src/logic/seq.rs" 171 8 171 39 use seq.Seq diff --git a/creusot/tests/should_succeed/bug/final_borrows.coma b/creusot/tests/should_succeed/bug/final_borrows.coma index 99e12f315a..ddffab2d26 100644 --- a/creusot/tests/should_succeed/bug/final_borrows.coma +++ b/creusot/tests/should_succeed/bug/final_borrows.coma @@ -1937,13 +1937,13 @@ module M_final_borrows__index_mut_slice [#"final_borrows.rs" 208 0 208 48] let%span sfinal_borrows4 = "final_borrows.rs" 208 42 208 48 let%span sfinal_borrows5 = "final_borrows.rs" 207 10 207 30 let%span smodel6 = "../../../../creusot-contracts/src/model.rs" 106 8 106 22 - let%span sops7 = "../../../../creusot-contracts/src/logic/ops.rs" 42 8 42 31 + let%span sops7 = "../../../../creusot-contracts/src/logic/ops.rs" 44 8 44 31 let%span sresolve8 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 let%span sslice9 = "../../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 let%span sslice10 = "../../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 let%span sinvariant11 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 let%span sslice12 = "../../../../creusot-contracts/src/std/slice.rs" 18 20 18 30 - let%span sseq13 = "../../../../creusot-contracts/src/logic/seq.rs" 451 20 451 95 + let%span sseq13 = "../../../../creusot-contracts/src/logic/seq.rs" 609 20 609 95 let%span sboxed14 = "../../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 use prelude.prelude.UIntSize @@ -2100,11 +2100,11 @@ module M_final_borrows__index_mut_array [#"final_borrows.rs" 214 0 214 52] let%span sfinal_borrows4 = "final_borrows.rs" 214 46 214 52 let%span sfinal_borrows5 = "final_borrows.rs" 213 10 213 35 let%span smodel6 = "../../../../creusot-contracts/src/model.rs" 106 8 106 22 - let%span sops7 = "../../../../creusot-contracts/src/logic/ops.rs" 75 8 75 32 + let%span sops7 = "../../../../creusot-contracts/src/logic/ops.rs" 77 8 77 32 let%span sresolve8 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 let%span sinvariant9 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 let%span sarray10 = "../../../../creusot-contracts/src/std/array.rs" 9 20 9 30 - let%span sseq11 = "../../../../creusot-contracts/src/logic/seq.rs" 451 20 451 95 + let%span sseq11 = "../../../../creusot-contracts/src/logic/seq.rs" 609 20 609 95 let%span sboxed12 = "../../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 use prelude.prelude.UIntSize diff --git a/creusot/tests/should_succeed/bug/two_phase.coma b/creusot/tests/should_succeed/bug/two_phase.coma index d613080415..90d7e22713 100644 --- a/creusot/tests/should_succeed/bug/two_phase.coma +++ b/creusot/tests/should_succeed/bug/two_phase.coma @@ -3,7 +3,7 @@ module M_two_phase__test [#"two_phase.rs" 6 0 6 31] let%span svec1 = "../../../../creusot-contracts/src/std/vec.rs" 83 26 83 48 let%span svec2 = "../../../../creusot-contracts/src/std/vec.rs" 87 26 87 56 let%span smodel3 = "../../../../creusot-contracts/src/model.rs" 106 8 106 22 - let%span sops4 = "../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 + let%span sops4 = "../../../../creusot-contracts/src/logic/ops.rs" 22 8 22 31 let%span smodel5 = "../../../../creusot-contracts/src/model.rs" 88 8 88 22 let%span svec6 = "../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 let%span sresolve7 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 diff --git a/creusot/tests/should_succeed/bug/vcgen.coma b/creusot/tests/should_succeed/bug/vcgen.coma index a692c78890..c03e4dbec4 100644 --- a/creusot/tests/should_succeed/bug/vcgen.coma +++ b/creusot/tests/should_succeed/bug/vcgen.coma @@ -4,8 +4,8 @@ module M_vcgen__set_max [#"vcgen.rs" 10 0 10 42] let%span svcgen2 = "vcgen.rs" 9 10 9 53 let%span svcgen3 = "vcgen.rs" 7 10 7 17 let%span svcgen4 = "vcgen.rs" 4 0 4 8 - let%span sfset5 = "../../../../creusot-contracts/src/logic/fset.rs" 42 8 42 26 - let%span sfset6 = "../../../../creusot-contracts/src/logic/fset.rs" 79 8 79 26 + let%span sfset5 = "../../../../creusot-contracts/src/logic/fset.rs" 46 8 46 26 + let%span sfset6 = "../../../../creusot-contracts/src/logic/fset.rs" 92 8 92 26 use set.Fset @@ -24,8 +24,8 @@ module M_vcgen__set_max [#"vcgen.rs" 10 0 10 42] use set.Fset - function remove'0 [@inline:trivial] (self : Fset.fset int) (a : int) : Fset.fset int = - [%#sfset6] Fset.remove a self + function remove'0 [@inline:trivial] (self : Fset.fset int) (e : int) : Fset.fset int = + [%#sfset6] Fset.remove e self constant s : Fset.fset int diff --git a/creusot/tests/should_succeed/cell/02.coma b/creusot/tests/should_succeed/cell/02.coma index 17596c3734..980f8e2b7d 100644 --- a/creusot/tests/should_succeed/cell/02.coma +++ b/creusot/tests/should_succeed/cell/02.coma @@ -88,7 +88,7 @@ module M_02__fib_memo [#"02.rs" 95 0 95 50] let%span sslice30 = "../../../../creusot-contracts/src/std/slice.rs" 122 20 122 37 let%span sslice31 = "../../../../creusot-contracts/src/std/slice.rs" 129 20 129 37 let%span s0232 = "02.rs" 72 12 75 13 - let%span sops33 = "../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 + let%span sops33 = "../../../../creusot-contracts/src/logic/ops.rs" 22 8 22 31 let%span svec34 = "../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 use prelude.prelude.Borrow diff --git a/creusot/tests/should_succeed/constrained_types.coma b/creusot/tests/should_succeed/constrained_types.coma index ffa88a81c6..a6d951c744 100644 --- a/creusot/tests/should_succeed/constrained_types.coma +++ b/creusot/tests/should_succeed/constrained_types.coma @@ -1,40 +1,40 @@ module M_constrained_types__uses_concrete_instance [#"constrained_types.rs" 14 0 14 67] let%span sconstrained_types0 = "constrained_types.rs" 9 18 9 68 let%span smodel1 = "../../../creusot-contracts/src/model.rs" 79 8 79 28 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 231 20 231 67 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 282 20 282 67 let%span stuples3 = "../../../creusot-contracts/src/std/tuples.rs" 29 28 29 57 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 78 39 78 89 - let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 83 39 83 86 - let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 88 39 88 86 - let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 93 39 93 89 - let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 98 39 98 70 - let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 103 40 103 57 - let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 104 40 104 57 - let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 105 39 105 56 - let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 110 40 110 70 - let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 111 39 111 72 - let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 116 40 116 73 - let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 117 39 117 69 - let%span sord16 = "../../../creusot-contracts/src/logic/ord.rs" 122 39 122 84 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 129 39 129 89 + let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 134 39 134 86 + let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 139 39 139 86 + let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 144 39 144 89 + let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 149 39 149 70 + let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 154 40 154 57 + let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 155 40 155 57 + let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 156 39 156 56 + let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 161 40 161 70 + let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 162 39 162 72 + let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 167 40 167 73 + let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 168 39 168 69 + let%span sord16 = "../../../creusot-contracts/src/logic/ord.rs" 173 39 173 84 let%span snum17 = "../../../creusot-contracts/src/std/num.rs" 21 28 21 33 - let%span sord18 = "../../../creusot-contracts/src/logic/ord.rs" 225 20 225 68 - let%span sord19 = "../../../creusot-contracts/src/logic/ord.rs" 212 8 219 11 - let%span sord20 = "../../../creusot-contracts/src/logic/ord.rs" 237 20 237 68 - let%span sord21 = "../../../creusot-contracts/src/logic/ord.rs" 243 20 243 67 - let%span sord22 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 - let%span sord23 = "../../../creusot-contracts/src/logic/ord.rs" 78 39 78 89 - let%span sord24 = "../../../creusot-contracts/src/logic/ord.rs" 83 39 83 86 - let%span sord25 = "../../../creusot-contracts/src/logic/ord.rs" 88 39 88 86 - let%span sord26 = "../../../creusot-contracts/src/logic/ord.rs" 93 39 93 89 - let%span sord27 = "../../../creusot-contracts/src/logic/ord.rs" 98 39 98 70 - let%span sord28 = "../../../creusot-contracts/src/logic/ord.rs" 103 40 103 57 - let%span sord29 = "../../../creusot-contracts/src/logic/ord.rs" 104 40 104 57 - let%span sord30 = "../../../creusot-contracts/src/logic/ord.rs" 105 39 105 56 - let%span sord31 = "../../../creusot-contracts/src/logic/ord.rs" 110 40 110 70 - let%span sord32 = "../../../creusot-contracts/src/logic/ord.rs" 111 39 111 72 - let%span sord33 = "../../../creusot-contracts/src/logic/ord.rs" 116 40 116 73 - let%span sord34 = "../../../creusot-contracts/src/logic/ord.rs" 117 39 117 69 - let%span sord35 = "../../../creusot-contracts/src/logic/ord.rs" 122 39 122 84 + let%span sord18 = "../../../creusot-contracts/src/logic/ord.rs" 276 20 276 68 + let%span sord19 = "../../../creusot-contracts/src/logic/ord.rs" 263 8 270 11 + let%span sord20 = "../../../creusot-contracts/src/logic/ord.rs" 288 20 288 68 + let%span sord21 = "../../../creusot-contracts/src/logic/ord.rs" 294 20 294 67 + let%span sord22 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + let%span sord23 = "../../../creusot-contracts/src/logic/ord.rs" 129 39 129 89 + let%span sord24 = "../../../creusot-contracts/src/logic/ord.rs" 134 39 134 86 + let%span sord25 = "../../../creusot-contracts/src/logic/ord.rs" 139 39 139 86 + let%span sord26 = "../../../creusot-contracts/src/logic/ord.rs" 144 39 144 89 + let%span sord27 = "../../../creusot-contracts/src/logic/ord.rs" 149 39 149 70 + let%span sord28 = "../../../creusot-contracts/src/logic/ord.rs" 154 40 154 57 + let%span sord29 = "../../../creusot-contracts/src/logic/ord.rs" 155 40 155 57 + let%span sord30 = "../../../creusot-contracts/src/logic/ord.rs" 156 39 156 56 + let%span sord31 = "../../../creusot-contracts/src/logic/ord.rs" 161 40 161 70 + let%span sord32 = "../../../creusot-contracts/src/logic/ord.rs" 162 39 162 72 + let%span sord33 = "../../../creusot-contracts/src/logic/ord.rs" 167 40 167 73 + let%span sord34 = "../../../creusot-contracts/src/logic/ord.rs" 168 39 168 69 + let%span sord35 = "../../../creusot-contracts/src/logic/ord.rs" 173 39 173 84 use prelude.prelude.Borrow diff --git a/creusot/tests/should_succeed/filter_positive.coma b/creusot/tests/should_succeed/filter_positive.coma index 5fad2dbaaf..807d00bb9c 100644 --- a/creusot/tests/should_succeed/filter_positive.coma +++ b/creusot/tests/should_succeed/filter_positive.coma @@ -160,7 +160,7 @@ module M_filter_positive__m [#"filter_positive.rs" 82 0 82 33] let%span smodel39 = "../../../creusot-contracts/src/model.rs" 88 8 88 22 let%span sslice40 = "../../../creusot-contracts/src/std/slice.rs" 122 20 122 37 let%span sslice41 = "../../../creusot-contracts/src/std/slice.rs" 129 20 129 37 - let%span sops42 = "../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 + let%span sops42 = "../../../creusot-contracts/src/logic/ops.rs" 22 8 22 31 let%span smodel43 = "../../../creusot-contracts/src/model.rs" 106 8 106 22 let%span sslice44 = "../../../creusot-contracts/src/std/slice.rs" 136 20 136 94 let%span sresolve45 = "../../../creusot-contracts/src/resolve.rs" 54 20 54 34 diff --git a/creusot/tests/should_succeed/fmap_indexing.coma b/creusot/tests/should_succeed/fmap_indexing.coma index b5ee70f6eb..3d951cf040 100644 --- a/creusot/tests/should_succeed/fmap_indexing.coma +++ b/creusot/tests/should_succeed/fmap_indexing.coma @@ -6,21 +6,21 @@ module M_fmap_indexing__foo [#"fmap_indexing.rs" 4 0 4 12] let%span sfmap_indexing4 = "fmap_indexing.rs" 9 18 9 45 let%span sfmap_indexing5 = "fmap_indexing.rs" 10 10 10 37 let%span sfmap_indexing6 = "fmap_indexing.rs" 11 18 11 45 - let%span sfmap7 = "../../../creusot-contracts/src/logic/fmap.rs" 36 14 36 31 - let%span sfmap8 = "../../../creusot-contracts/src/logic/fmap.rs" 37 14 37 49 - let%span sfmap9 = "../../../creusot-contracts/src/logic/fmap.rs" 64 14 64 71 - let%span sfmap10 = "../../../creusot-contracts/src/logic/fmap.rs" 65 14 65 61 - let%span sfmap11 = "../../../creusot-contracts/src/logic/fmap.rs" 66 14 66 66 - let%span sfmap12 = "../../../creusot-contracts/src/logic/fmap.rs" 199 8 199 24 - let%span sfmap13 = "../../../creusot-contracts/src/logic/fmap.rs" 44 14 44 25 - let%span sfmap14 = "../../../creusot-contracts/src/logic/fmap.rs" 57 14 57 38 - let%span sutil15 = "../../../creusot-contracts/src/util.rs" 14 14 14 30 - let%span sfmap16 = "../../../creusot-contracts/src/logic/fmap.rs" 120 8 120 35 - let%span sfmap17 = "../../../creusot-contracts/src/logic/fmap.rs" 113 9 113 31 - let%span sfmap18 = "../../../creusot-contracts/src/logic/fmap.rs" 96 8 96 26 - let%span sfmap19 = "../../../creusot-contracts/src/logic/fmap.rs" 103 8 103 35 - let%span sutil20 = "../../../creusot-contracts/src/util.rs" 32 11 32 21 - let%span sutil21 = "../../../creusot-contracts/src/util.rs" 33 10 33 28 + let%span sfmap7 = "../../../creusot-contracts/src/logic/fmap.rs" 39 14 39 31 + let%span sfmap8 = "../../../creusot-contracts/src/logic/fmap.rs" 40 14 40 49 + let%span sfmap9 = "../../../creusot-contracts/src/logic/fmap.rs" 66 14 66 71 + let%span sfmap10 = "../../../creusot-contracts/src/logic/fmap.rs" 67 14 67 61 + let%span sfmap11 = "../../../creusot-contracts/src/logic/fmap.rs" 68 14 68 66 + let%span sfmap12 = "../../../creusot-contracts/src/logic/fmap.rs" 228 8 228 24 + let%span sfmap13 = "../../../creusot-contracts/src/logic/fmap.rs" 48 14 48 25 + let%span sfmap14 = "../../../creusot-contracts/src/logic/fmap.rs" 58 14 58 86 + let%span sutil15 = "../../../creusot-contracts/src/util.rs" 21 14 21 30 + let%span sfmap16 = "../../../creusot-contracts/src/logic/fmap.rs" 132 8 132 35 + let%span sfmap17 = "../../../creusot-contracts/src/logic/fmap.rs" 116 9 116 31 + let%span sfmap18 = "../../../creusot-contracts/src/logic/fmap.rs" 103 8 103 26 + let%span sfmap19 = "../../../creusot-contracts/src/logic/fmap.rs" 124 8 124 35 + let%span sutil20 = "../../../creusot-contracts/src/util.rs" 43 11 43 21 + let%span sutil21 = "../../../creusot-contracts/src/util.rs" 44 10 44 28 use prelude.prelude.Int @@ -36,11 +36,10 @@ module M_fmap_indexing__foo [#"fmap_indexing.rs" 4 0 4 12] use map.Map - function mk'0 (_m : Map.map int (t_Option'0)) : t_FMap'0 - function view'0 (self : t_FMap'0) : Map.map int (t_Option'0) - axiom view'0_spec : forall self : t_FMap'0 . [%#sfmap14] mk'0 (view'0 self) = self + axiom view'0_spec : forall self : t_FMap'0 . [%#sfmap14] forall m1 : t_FMap'0, m2 : t_FMap'0 . m1 <> m2 + -> view'0 m1 <> view'0 m2 use map.Const diff --git a/creusot/tests/should_succeed/fmap_indexing/why3session.xml b/creusot/tests/should_succeed/fmap_indexing/why3session.xml index f0dc4183e9..8734be581f 100644 --- a/creusot/tests/should_succeed/fmap_indexing/why3session.xml +++ b/creusot/tests/should_succeed/fmap_indexing/why3session.xml @@ -7,7 +7,7 @@ - + diff --git a/creusot/tests/should_succeed/fmap_indexing/why3shapes.gz b/creusot/tests/should_succeed/fmap_indexing/why3shapes.gz index cdaaa7c429..036ff9f67f 100644 Binary files a/creusot/tests/should_succeed/fmap_indexing/why3shapes.gz and b/creusot/tests/should_succeed/fmap_indexing/why3shapes.gz differ diff --git a/creusot/tests/should_succeed/ghost/assert_in_ghost.coma b/creusot/tests/should_succeed/ghost/assert_in_ghost.coma index 55342fd408..54be8f402a 100644 --- a/creusot/tests/should_succeed/ghost/assert_in_ghost.coma +++ b/creusot/tests/should_succeed/ghost/assert_in_ghost.coma @@ -1,9 +1,9 @@ module M_assert_in_ghost__ghost_only [#"assert_in_ghost.rs" 4 0 4 19] let%span sassert_in_ghost0 = "assert_in_ghost.rs" 6 16 6 20 let%span sassert_in_ghost1 = "assert_in_ghost.rs" 7 22 7 31 - let%span sghost2 = "../../../../creusot-contracts/src/ghost.rs" 164 15 164 16 - let%span sghost3 = "../../../../creusot-contracts/src/ghost.rs" 164 4 164 28 - let%span sghost4 = "../../../../creusot-contracts/src/ghost.rs" 162 14 162 28 + let%span sghost2 = "../../../../creusot-contracts/src/ghost.rs" 181 15 181 16 + let%span sghost3 = "../../../../creusot-contracts/src/ghost.rs" 181 4 181 28 + let%span sghost4 = "../../../../creusot-contracts/src/ghost.rs" 179 14 179 28 use prelude.prelude.Int32 @@ -54,9 +54,9 @@ end module M_assert_in_ghost__ghost_capture [#"assert_in_ghost.rs" 11 0 11 22] let%span sassert_in_ghost0 = "assert_in_ghost.rs" 12 12 12 17 let%span sassert_in_ghost1 = "assert_in_ghost.rs" 16 22 16 32 - let%span sghost2 = "../../../../creusot-contracts/src/ghost.rs" 164 15 164 16 - let%span sghost3 = "../../../../creusot-contracts/src/ghost.rs" 164 4 164 28 - let%span sghost4 = "../../../../creusot-contracts/src/ghost.rs" 162 14 162 28 + let%span sghost2 = "../../../../creusot-contracts/src/ghost.rs" 181 15 181 16 + let%span sghost3 = "../../../../creusot-contracts/src/ghost.rs" 181 4 181 28 + let%span sghost4 = "../../../../creusot-contracts/src/ghost.rs" 179 14 179 28 use prelude.prelude.Int32 @@ -122,13 +122,13 @@ module M_assert_in_ghost__ghost_mutate [#"assert_in_ghost.rs" 20 0 20 21] let%span sassert_in_ghost2 = "assert_in_ghost.rs" 24 14 24 15 let%span sassert_in_ghost3 = "assert_in_ghost.rs" 28 22 28 33 let%span sassert_in_ghost4 = "assert_in_ghost.rs" 29 22 29 33 - let%span sghost5 = "../../../../creusot-contracts/src/ghost.rs" 164 15 164 16 - let%span sghost6 = "../../../../creusot-contracts/src/ghost.rs" 164 4 164 28 - let%span sghost7 = "../../../../creusot-contracts/src/ghost.rs" 162 14 162 28 - let%span sghost8 = "../../../../creusot-contracts/src/ghost.rs" 68 22 68 26 - let%span sghost9 = "../../../../creusot-contracts/src/ghost.rs" 68 4 68 48 - let%span sghost10 = "../../../../creusot-contracts/src/ghost.rs" 67 14 67 36 - let%span sghost11 = "../../../../creusot-contracts/src/ghost.rs" 200 9 200 15 + let%span sghost5 = "../../../../creusot-contracts/src/ghost.rs" 181 15 181 16 + let%span sghost6 = "../../../../creusot-contracts/src/ghost.rs" 181 4 181 28 + let%span sghost7 = "../../../../creusot-contracts/src/ghost.rs" 179 14 179 28 + let%span sghost8 = "../../../../creusot-contracts/src/ghost.rs" 85 22 85 26 + let%span sghost9 = "../../../../creusot-contracts/src/ghost.rs" 85 4 85 48 + let%span sghost10 = "../../../../creusot-contracts/src/ghost.rs" 84 14 84 36 + let%span sghost11 = "../../../../creusot-contracts/src/ghost.rs" 217 9 217 15 let%span sresolve12 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 use prelude.prelude.Int32 diff --git a/creusot/tests/should_succeed/ghost/ghost_map.coma b/creusot/tests/should_succeed/ghost/ghost_map.coma index 1b1c82c843..ec4d8ae07f 100644 --- a/creusot/tests/should_succeed/ghost/ghost_map.coma +++ b/creusot/tests/should_succeed/ghost/ghost_map.coma @@ -1,6 +1,6 @@ module M_ghost_map__ghost_map [#"ghost_map.rs" 4 0 4 18] let%span sghost_map0 = "ghost_map.rs" 5 18 5 41 - let%span sfmap1 = "../../../../creusot-contracts/src/logic/fmap.rs" 208 14 208 31 + let%span sfmap1 = "../../../../creusot-contracts/src/logic/fmap.rs" 237 14 237 31 let%span sghost_map2 = "ghost_map.rs" 7 22 7 53 let%span sghost_map3 = "ghost_map.rs" 8 25 8 26 let%span sghost_map4 = "ghost_map.rs" 8 28 8 30 @@ -30,58 +30,58 @@ module M_ghost_map__ghost_map [#"ghost_map.rs" 4 0 4 18] let%span sghost_map28 = "ghost_map.rs" 45 22 45 42 let%span sghost_map29 = "ghost_map.rs" 46 22 46 34 let%span sghost_map30 = "ghost_map.rs" 47 22 47 34 - let%span sghost31 = "../../../../creusot-contracts/src/ghost.rs" 200 9 200 15 - let%span sfmap32 = "../../../../creusot-contracts/src/logic/fmap.rs" 126 8 126 34 - let%span sfmap33 = "../../../../creusot-contracts/src/logic/fmap.rs" 120 8 120 35 - let%span sghost34 = "../../../../creusot-contracts/src/ghost.rs" 68 22 68 26 - let%span sghost35 = "../../../../creusot-contracts/src/ghost.rs" 68 4 68 48 - let%span sghost36 = "../../../../creusot-contracts/src/ghost.rs" 67 14 67 36 - let%span sfmap37 = "../../../../creusot-contracts/src/logic/fmap.rs" 347 35 347 38 - let%span sfmap38 = "../../../../creusot-contracts/src/logic/fmap.rs" 347 43 347 48 - let%span sfmap39 = "../../../../creusot-contracts/src/logic/fmap.rs" 347 4 349 17 - let%span sfmap40 = "../../../../creusot-contracts/src/logic/fmap.rs" 345 14 345 49 - let%span sfmap41 = "../../../../creusot-contracts/src/logic/fmap.rs" 346 14 346 40 - let%span sghost42 = "../../../../creusot-contracts/src/ghost.rs" 52 14 52 18 - let%span sghost43 = "../../../../creusot-contracts/src/ghost.rs" 52 4 52 36 - let%span sghost44 = "../../../../creusot-contracts/src/ghost.rs" 51 14 51 35 - let%span sfmap45 = "../../../../creusot-contracts/src/logic/fmap.rs" 235 14 235 34 - let%span sfmap46 = "../../../../creusot-contracts/src/logic/fmap.rs" 113 9 113 31 - let%span sfmap47 = "../../../../creusot-contracts/src/logic/fmap.rs" 319 36 319 39 - let%span sfmap48 = "../../../../creusot-contracts/src/logic/fmap.rs" 319 4 319 62 - let%span sfmap49 = "../../../../creusot-contracts/src/logic/fmap.rs" 307 4 316 11 - let%span sfmap50 = "../../../../creusot-contracts/src/logic/fmap.rs" 317 14 317 89 - let%span sfmap51 = "../../../../creusot-contracts/src/logic/fmap.rs" 318 14 318 44 - let%span sfmap52 = "../../../../creusot-contracts/src/logic/fmap.rs" 386 35 386 38 - let%span sfmap53 = "../../../../creusot-contracts/src/logic/fmap.rs" 386 4 388 17 - let%span sfmap54 = "../../../../creusot-contracts/src/logic/fmap.rs" 384 14 384 43 - let%span sfmap55 = "../../../../creusot-contracts/src/logic/fmap.rs" 385 14 385 41 - let%span sfmap56 = "../../../../creusot-contracts/src/logic/fmap.rs" 86 8 89 9 - let%span sfmap57 = "../../../../creusot-contracts/src/logic/fmap.rs" 256 33 256 36 - let%span sfmap58 = "../../../../creusot-contracts/src/logic/fmap.rs" 255 14 255 43 - let%span sfmap59 = "../../../../creusot-contracts/src/logic/fmap.rs" 285 28 285 31 - let%span sfmap60 = "../../../../creusot-contracts/src/logic/fmap.rs" 285 4 285 50 - let%span sfmap61 = "../../../../creusot-contracts/src/logic/fmap.rs" 277 4 284 11 - let%span sghost62 = "../../../../creusot-contracts/src/ghost.rs" 164 15 164 16 - let%span sghost63 = "../../../../creusot-contracts/src/ghost.rs" 164 4 164 28 - let%span sghost64 = "../../../../creusot-contracts/src/ghost.rs" 162 14 162 28 - let%span sfmap65 = "../../../../creusot-contracts/src/logic/fmap.rs" 36 14 36 31 - let%span sfmap66 = "../../../../creusot-contracts/src/logic/fmap.rs" 37 14 37 49 - let%span sfmap67 = "../../../../creusot-contracts/src/logic/fmap.rs" 185 14 185 38 - let%span sfmap68 = "../../../../creusot-contracts/src/logic/fmap.rs" 186 14 186 83 - let%span sfmap69 = "../../../../creusot-contracts/src/logic/fmap.rs" 188 8 188 35 - let%span sfmap70 = "../../../../creusot-contracts/src/logic/fmap.rs" 96 8 96 26 - let%span sfmap71 = "../../../../creusot-contracts/src/logic/fmap.rs" 64 14 64 71 - let%span sfmap72 = "../../../../creusot-contracts/src/logic/fmap.rs" 65 14 65 61 - let%span sfmap73 = "../../../../creusot-contracts/src/logic/fmap.rs" 66 14 66 66 + let%span sghost31 = "../../../../creusot-contracts/src/ghost.rs" 217 9 217 15 + let%span sfmap32 = "../../../../creusot-contracts/src/logic/fmap.rs" 139 8 139 34 + let%span sfmap33 = "../../../../creusot-contracts/src/logic/fmap.rs" 132 8 132 35 + let%span sghost34 = "../../../../creusot-contracts/src/ghost.rs" 85 22 85 26 + let%span sghost35 = "../../../../creusot-contracts/src/ghost.rs" 85 4 85 48 + let%span sghost36 = "../../../../creusot-contracts/src/ghost.rs" 84 14 84 36 + let%span sfmap37 = "../../../../creusot-contracts/src/logic/fmap.rs" 376 35 376 38 + let%span sfmap38 = "../../../../creusot-contracts/src/logic/fmap.rs" 376 43 376 48 + let%span sfmap39 = "../../../../creusot-contracts/src/logic/fmap.rs" 376 4 378 17 + let%span sfmap40 = "../../../../creusot-contracts/src/logic/fmap.rs" 374 14 374 49 + let%span sfmap41 = "../../../../creusot-contracts/src/logic/fmap.rs" 375 14 375 40 + let%span sghost42 = "../../../../creusot-contracts/src/ghost.rs" 69 14 69 18 + let%span sghost43 = "../../../../creusot-contracts/src/ghost.rs" 69 4 69 36 + let%span sghost44 = "../../../../creusot-contracts/src/ghost.rs" 68 14 68 35 + let%span sfmap45 = "../../../../creusot-contracts/src/logic/fmap.rs" 264 14 264 34 + let%span sfmap46 = "../../../../creusot-contracts/src/logic/fmap.rs" 116 9 116 31 + let%span sfmap47 = "../../../../creusot-contracts/src/logic/fmap.rs" 348 36 348 39 + let%span sfmap48 = "../../../../creusot-contracts/src/logic/fmap.rs" 348 4 348 62 + let%span sfmap49 = "../../../../creusot-contracts/src/logic/fmap.rs" 336 4 345 11 + let%span sfmap50 = "../../../../creusot-contracts/src/logic/fmap.rs" 346 14 346 89 + let%span sfmap51 = "../../../../creusot-contracts/src/logic/fmap.rs" 347 14 347 44 + let%span sfmap52 = "../../../../creusot-contracts/src/logic/fmap.rs" 415 35 415 38 + let%span sfmap53 = "../../../../creusot-contracts/src/logic/fmap.rs" 415 4 417 17 + let%span sfmap54 = "../../../../creusot-contracts/src/logic/fmap.rs" 413 14 413 43 + let%span sfmap55 = "../../../../creusot-contracts/src/logic/fmap.rs" 414 14 414 41 + let%span sfmap56 = "../../../../creusot-contracts/src/logic/fmap.rs" 92 8 95 9 + let%span sfmap57 = "../../../../creusot-contracts/src/logic/fmap.rs" 285 33 285 36 + let%span sfmap58 = "../../../../creusot-contracts/src/logic/fmap.rs" 284 14 284 43 + let%span sfmap59 = "../../../../creusot-contracts/src/logic/fmap.rs" 314 28 314 31 + let%span sfmap60 = "../../../../creusot-contracts/src/logic/fmap.rs" 314 4 314 50 + let%span sfmap61 = "../../../../creusot-contracts/src/logic/fmap.rs" 306 4 313 11 + let%span sghost62 = "../../../../creusot-contracts/src/ghost.rs" 181 15 181 16 + let%span sghost63 = "../../../../creusot-contracts/src/ghost.rs" 181 4 181 28 + let%span sghost64 = "../../../../creusot-contracts/src/ghost.rs" 179 14 179 28 + let%span sfmap65 = "../../../../creusot-contracts/src/logic/fmap.rs" 39 14 39 31 + let%span sfmap66 = "../../../../creusot-contracts/src/logic/fmap.rs" 40 14 40 49 + let%span sfmap67 = "../../../../creusot-contracts/src/logic/fmap.rs" 214 14 214 38 + let%span sfmap68 = "../../../../creusot-contracts/src/logic/fmap.rs" 215 14 215 83 + let%span sfmap69 = "../../../../creusot-contracts/src/logic/fmap.rs" 217 8 217 35 + let%span sfmap70 = "../../../../creusot-contracts/src/logic/fmap.rs" 103 8 103 26 + let%span sfmap71 = "../../../../creusot-contracts/src/logic/fmap.rs" 66 14 66 71 + let%span sfmap72 = "../../../../creusot-contracts/src/logic/fmap.rs" 67 14 67 61 + let%span sfmap73 = "../../../../creusot-contracts/src/logic/fmap.rs" 68 14 68 66 let%span sresolve74 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 - let%span sfmap75 = "../../../../creusot-contracts/src/logic/fmap.rs" 44 14 44 25 - let%span sfmap76 = "../../../../creusot-contracts/src/logic/fmap.rs" 103 8 103 35 - let%span sfmap77 = "../../../../creusot-contracts/src/logic/fmap.rs" 73 14 73 55 - let%span sfmap78 = "../../../../creusot-contracts/src/logic/fmap.rs" 74 14 74 84 - let%span sfmap79 = "../../../../creusot-contracts/src/logic/fmap.rs" 57 14 57 38 - let%span sutil80 = "../../../../creusot-contracts/src/util.rs" 14 14 14 30 - let%span sutil81 = "../../../../creusot-contracts/src/util.rs" 32 11 32 21 - let%span sutil82 = "../../../../creusot-contracts/src/util.rs" 33 10 33 28 + let%span sfmap75 = "../../../../creusot-contracts/src/logic/fmap.rs" 48 14 48 25 + let%span sfmap76 = "../../../../creusot-contracts/src/logic/fmap.rs" 124 8 124 35 + let%span sfmap77 = "../../../../creusot-contracts/src/logic/fmap.rs" 76 14 76 55 + let%span sfmap78 = "../../../../creusot-contracts/src/logic/fmap.rs" 77 14 77 84 + let%span sfmap79 = "../../../../creusot-contracts/src/logic/fmap.rs" 58 14 58 86 + let%span sutil80 = "../../../../creusot-contracts/src/util.rs" 21 14 21 30 + let%span sutil81 = "../../../../creusot-contracts/src/util.rs" 43 11 43 21 + let%span sutil82 = "../../../../creusot-contracts/src/util.rs" 44 10 44 28 type t_FMap'0 @@ -105,11 +105,10 @@ module M_ghost_map__ghost_map [#"ghost_map.rs" 4 0 4 18] use map.Map - function mk'0 (_m : Map.map int32 (t_Option'3)) : t_FMap'0 - function view'0 (self : t_FMap'0) : Map.map int32 (t_Option'3) - axiom view'0_spec : forall self : t_FMap'0 . [%#sfmap79] mk'0 (view'0 self) = self + axiom view'0_spec : forall self : t_FMap'0 . [%#sfmap79] forall m1 : t_FMap'0, m2 : t_FMap'0 . m1 <> m2 + -> view'0 m1 <> view'0 m2 use map.Const diff --git a/creusot/tests/should_succeed/ghost/ghost_map/why3session.xml b/creusot/tests/should_succeed/ghost/ghost_map/why3session.xml index a7dec2c1d7..0c98bfe61b 100644 --- a/creusot/tests/should_succeed/ghost/ghost_map/why3session.xml +++ b/creusot/tests/should_succeed/ghost/ghost_map/why3session.xml @@ -7,7 +7,7 @@ - + diff --git a/creusot/tests/should_succeed/ghost/ghost_map/why3shapes.gz b/creusot/tests/should_succeed/ghost/ghost_map/why3shapes.gz index dbebbfd306..d2efb203a4 100644 Binary files a/creusot/tests/should_succeed/ghost/ghost_map/why3shapes.gz and b/creusot/tests/should_succeed/ghost/ghost_map/why3shapes.gz differ diff --git a/creusot/tests/should_succeed/ghost/ghost_set.coma b/creusot/tests/should_succeed/ghost/ghost_set.coma index 1e160d0878..4a11cd619d 100644 --- a/creusot/tests/should_succeed/ghost/ghost_set.coma +++ b/creusot/tests/should_succeed/ghost/ghost_set.coma @@ -1,6 +1,6 @@ module M_ghost_set__ghost_map [#"ghost_set.rs" 4 0 4 18] let%span sghost_set0 = "ghost_set.rs" 5 18 5 36 - let%span sfset1 = "../../../../creusot-contracts/src/logic/fset.rs" 148 14 148 31 + let%span sfset1 = "../../../../creusot-contracts/src/logic/fset.rs" 183 14 183 31 let%span sghost_set2 = "ghost_set.rs" 7 22 7 53 let%span sghost_set3 = "ghost_set.rs" 8 25 8 26 let%span sghost_set4 = "ghost_set.rs" 10 22 10 63 @@ -19,29 +19,29 @@ module M_ghost_set__ghost_map [#"ghost_set.rs" 4 0 4 18] let%span sghost_set17 = "ghost_set.rs" 31 22 31 31 let%span sghost_set18 = "ghost_set.rs" 32 22 32 32 let%span sghost_set19 = "ghost_set.rs" 33 22 33 32 - let%span sghost20 = "../../../../creusot-contracts/src/ghost.rs" 200 9 200 15 - let%span sfset21 = "../../../../creusot-contracts/src/logic/fset.rs" 42 8 42 26 - let%span sghost22 = "../../../../creusot-contracts/src/ghost.rs" 68 22 68 26 - let%span sghost23 = "../../../../creusot-contracts/src/ghost.rs" 68 4 68 48 - let%span sghost24 = "../../../../creusot-contracts/src/ghost.rs" 67 14 67 36 - let%span sfset25 = "../../../../creusot-contracts/src/logic/fset.rs" 231 35 231 40 - let%span sfset26 = "../../../../creusot-contracts/src/logic/fset.rs" 229 14 229 44 - let%span sfset27 = "../../../../creusot-contracts/src/logic/fset.rs" 230 14 230 48 - let%span sghost28 = "../../../../creusot-contracts/src/ghost.rs" 52 14 52 18 - let%span sghost29 = "../../../../creusot-contracts/src/ghost.rs" 52 4 52 36 - let%span sghost30 = "../../../../creusot-contracts/src/ghost.rs" 51 14 51 35 - let%span sfset31 = "../../../../creusot-contracts/src/logic/fset.rs" 175 14 175 34 - let%span sfset32 = "../../../../creusot-contracts/src/logic/fset.rs" 267 35 267 40 - let%span sfset33 = "../../../../creusot-contracts/src/logic/fset.rs" 265 14 265 45 - let%span sfset34 = "../../../../creusot-contracts/src/logic/fset.rs" 266 14 266 48 - let%span sfset35 = "../../../../creusot-contracts/src/logic/fset.rs" 197 33 197 38 - let%span sfset36 = "../../../../creusot-contracts/src/logic/fset.rs" 196 14 196 45 - let%span sghost37 = "../../../../creusot-contracts/src/ghost.rs" 164 15 164 16 - let%span sghost38 = "../../../../creusot-contracts/src/ghost.rs" 164 4 164 28 - let%span sghost39 = "../../../../creusot-contracts/src/ghost.rs" 162 14 162 28 - let%span sfset40 = "../../../../creusot-contracts/src/logic/fset.rs" 57 8 57 26 + let%span sghost20 = "../../../../creusot-contracts/src/ghost.rs" 217 9 217 15 + let%span sfset21 = "../../../../creusot-contracts/src/logic/fset.rs" 46 8 46 26 + let%span sghost22 = "../../../../creusot-contracts/src/ghost.rs" 85 22 85 26 + let%span sghost23 = "../../../../creusot-contracts/src/ghost.rs" 85 4 85 48 + let%span sghost24 = "../../../../creusot-contracts/src/ghost.rs" 84 14 84 36 + let%span sfset25 = "../../../../creusot-contracts/src/logic/fset.rs" 266 35 266 40 + let%span sfset26 = "../../../../creusot-contracts/src/logic/fset.rs" 264 14 264 44 + let%span sfset27 = "../../../../creusot-contracts/src/logic/fset.rs" 265 14 265 48 + let%span sghost28 = "../../../../creusot-contracts/src/ghost.rs" 69 14 69 18 + let%span sghost29 = "../../../../creusot-contracts/src/ghost.rs" 69 4 69 36 + let%span sghost30 = "../../../../creusot-contracts/src/ghost.rs" 68 14 68 35 + let%span sfset31 = "../../../../creusot-contracts/src/logic/fset.rs" 210 14 210 34 + let%span sfset32 = "../../../../creusot-contracts/src/logic/fset.rs" 302 35 302 40 + let%span sfset33 = "../../../../creusot-contracts/src/logic/fset.rs" 300 14 300 45 + let%span sfset34 = "../../../../creusot-contracts/src/logic/fset.rs" 301 14 301 48 + let%span sfset35 = "../../../../creusot-contracts/src/logic/fset.rs" 232 33 232 38 + let%span sfset36 = "../../../../creusot-contracts/src/logic/fset.rs" 231 14 231 45 + let%span sghost37 = "../../../../creusot-contracts/src/ghost.rs" 181 15 181 16 + let%span sghost38 = "../../../../creusot-contracts/src/ghost.rs" 181 4 181 28 + let%span sghost39 = "../../../../creusot-contracts/src/ghost.rs" 179 14 179 28 + let%span sfset40 = "../../../../creusot-contracts/src/logic/fset.rs" 65 8 65 26 let%span sresolve41 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 - let%span sfset42 = "../../../../creusot-contracts/src/logic/fset.rs" 79 8 79 26 + let%span sfset42 = "../../../../creusot-contracts/src/logic/fset.rs" 92 8 92 26 use prelude.prelude.Int32 @@ -133,8 +133,8 @@ module M_ghost_set__ghost_map [#"ghost_set.rs" 4 0 4 18] use set.Fset - function remove'0 [@inline:trivial] (self : Fset.fset int32) (a : int32) : Fset.fset int32 = - [%#sfset42] Fset.remove a self + function remove'0 [@inline:trivial] (self : Fset.fset int32) (e : int32) : Fset.fset int32 = + [%#sfset42] Fset.remove e self let rec remove_ghost'0 (self:borrowed (Fset.fset int32)) (value:int32) (return' (ret:bool))= {[@expl:remove_ghost 'value' type invariant] [%#sfset32] inv'5 value} any diff --git a/creusot/tests/should_succeed/ghost/ghost_vec.coma b/creusot/tests/should_succeed/ghost/ghost_vec.coma index 5980f14412..adaf87b7c4 100644 --- a/creusot/tests/should_succeed/ghost/ghost_vec.coma +++ b/creusot/tests/should_succeed/ghost/ghost_vec.coma @@ -2,10 +2,10 @@ module M_ghost_vec__ghost_vec [#"ghost_vec.rs" 4 0 4 18] let%span sghost_vec0 = "ghost_vec.rs" 5 16 5 26 let%span sghost_vec1 = "ghost_vec.rs" 6 18 6 49 let%span sghost_vec2 = "ghost_vec.rs" 40 16 40 26 - let%span sseq3 = "../../../../creusot-contracts/src/logic/seq.rs" 261 4 261 34 - let%span sseq4 = "../../../../creusot-contracts/src/logic/seq.rs" 259 14 259 36 - let%span sghost5 = "../../../../creusot-contracts/src/ghost.rs" 200 9 200 15 - let%span sseq6 = "../../../../creusot-contracts/src/logic/seq.rs" 69 4 69 12 + let%span sseq3 = "../../../../creusot-contracts/src/logic/seq.rs" 419 4 419 34 + let%span sseq4 = "../../../../creusot-contracts/src/logic/seq.rs" 417 14 417 36 + let%span sghost5 = "../../../../creusot-contracts/src/ghost.rs" 217 9 217 15 + let%span sseq6 = "../../../../creusot-contracts/src/logic/seq.rs" 80 4 80 12 let%span sghost_vec7 = "ghost_vec.rs" 8 26 8 28 let%span sghost_vec8 = "ghost_vec.rs" 9 22 9 35 let%span sghost_vec9 = "ghost_vec.rs" 10 22 10 34 @@ -32,43 +32,43 @@ module M_ghost_vec__ghost_vec [#"ghost_vec.rs" 4 0 4 18] let%span sghost_vec30 = "ghost_vec.rs" 50 22 50 40 let%span sghost_vec31 = "ghost_vec.rs" 51 22 51 40 let%span sghost_vec32 = "ghost_vec.rs" 52 22 52 34 - let%span sghost33 = "../../../../creusot-contracts/src/ghost.rs" 68 22 68 26 - let%span sghost34 = "../../../../creusot-contracts/src/ghost.rs" 68 4 68 48 - let%span sghost35 = "../../../../creusot-contracts/src/ghost.rs" 67 14 67 36 - let%span sseq36 = "../../../../creusot-contracts/src/logic/seq.rs" 328 32 328 36 - let%span sseq37 = "../../../../creusot-contracts/src/logic/seq.rs" 328 38 328 39 - let%span sseq38 = "../../../../creusot-contracts/src/logic/seq.rs" 327 14 327 40 - let%span sghost39 = "../../../../creusot-contracts/src/ghost.rs" 52 14 52 18 - let%span sghost40 = "../../../../creusot-contracts/src/ghost.rs" 52 4 52 36 - let%span sghost41 = "../../../../creusot-contracts/src/ghost.rs" 51 14 51 35 - let%span sseq42 = "../../../../creusot-contracts/src/logic/seq.rs" 285 22 285 26 - let%span sseq43 = "../../../../creusot-contracts/src/logic/seq.rs" 284 14 284 34 - let%span sint44 = "../../../../creusot-contracts/src/logic/int.rs" 28 14 28 31 - let%span sghost45 = "../../../../creusot-contracts/src/ghost.rs" 182 22 182 26 - let%span sghost46 = "../../../../creusot-contracts/src/ghost.rs" 182 4 182 32 - let%span sghost47 = "../../../../creusot-contracts/src/ghost.rs" 180 14 180 31 - let%span sseq48 = "../../../../creusot-contracts/src/logic/seq.rs" 356 22 356 26 - let%span sseq49 = "../../../../creusot-contracts/src/logic/seq.rs" 356 4 356 53 - let%span sseq50 = "../../../../creusot-contracts/src/logic/seq.rs" 352 14 355 5 - let%span sseq51 = "../../../../creusot-contracts/src/logic/seq.rs" 387 30 387 34 - let%span sseq52 = "../../../../creusot-contracts/src/logic/seq.rs" 387 4 387 65 - let%span sseq53 = "../../../../creusot-contracts/src/logic/seq.rs" 381 14 384 5 - let%span sseq54 = "../../../../creusot-contracts/src/logic/seq.rs" 385 14 385 84 - let%span sseq55 = "../../../../creusot-contracts/src/logic/seq.rs" 386 14 386 44 - let%span sseq56 = "../../../../creusot-contracts/src/logic/seq.rs" 414 31 414 35 - let%span sseq57 = "../../../../creusot-contracts/src/logic/seq.rs" 414 4 414 49 - let%span sseq58 = "../../../../creusot-contracts/src/logic/seq.rs" 410 14 413 5 - let%span sghost59 = "../../../../creusot-contracts/src/ghost.rs" 164 15 164 16 - let%span sghost60 = "../../../../creusot-contracts/src/ghost.rs" 164 4 164 28 - let%span sghost61 = "../../../../creusot-contracts/src/ghost.rs" 162 14 162 28 - let%span sseq62 = "../../../../creusot-contracts/src/logic/seq.rs" 306 33 306 37 - let%span sseq63 = "../../../../creusot-contracts/src/logic/seq.rs" 306 39 306 40 - let%span sseq64 = "../../../../creusot-contracts/src/logic/seq.rs" 305 14 305 41 - let%span sseq65 = "../../../../creusot-contracts/src/logic/seq.rs" 440 32 440 36 - let%span sseq66 = "../../../../creusot-contracts/src/logic/seq.rs" 440 4 440 50 - let%span sseq67 = "../../../../creusot-contracts/src/logic/seq.rs" 436 14 439 5 + let%span sghost33 = "../../../../creusot-contracts/src/ghost.rs" 85 22 85 26 + let%span sghost34 = "../../../../creusot-contracts/src/ghost.rs" 85 4 85 48 + let%span sghost35 = "../../../../creusot-contracts/src/ghost.rs" 84 14 84 36 + let%span sseq36 = "../../../../creusot-contracts/src/logic/seq.rs" 486 32 486 36 + let%span sseq37 = "../../../../creusot-contracts/src/logic/seq.rs" 486 38 486 39 + let%span sseq38 = "../../../../creusot-contracts/src/logic/seq.rs" 485 14 485 40 + let%span sghost39 = "../../../../creusot-contracts/src/ghost.rs" 69 14 69 18 + let%span sghost40 = "../../../../creusot-contracts/src/ghost.rs" 69 4 69 36 + let%span sghost41 = "../../../../creusot-contracts/src/ghost.rs" 68 14 68 35 + let%span sseq42 = "../../../../creusot-contracts/src/logic/seq.rs" 443 22 443 26 + let%span sseq43 = "../../../../creusot-contracts/src/logic/seq.rs" 442 14 442 34 + let%span sint44 = "../../../../creusot-contracts/src/logic/int.rs" 59 14 59 31 + let%span sghost45 = "../../../../creusot-contracts/src/ghost.rs" 199 22 199 26 + let%span sghost46 = "../../../../creusot-contracts/src/ghost.rs" 199 4 199 32 + let%span sghost47 = "../../../../creusot-contracts/src/ghost.rs" 197 14 197 31 + let%span sseq48 = "../../../../creusot-contracts/src/logic/seq.rs" 514 22 514 26 + let%span sseq49 = "../../../../creusot-contracts/src/logic/seq.rs" 514 4 514 53 + let%span sseq50 = "../../../../creusot-contracts/src/logic/seq.rs" 510 14 513 5 + let%span sseq51 = "../../../../creusot-contracts/src/logic/seq.rs" 545 30 545 34 + let%span sseq52 = "../../../../creusot-contracts/src/logic/seq.rs" 545 4 545 65 + let%span sseq53 = "../../../../creusot-contracts/src/logic/seq.rs" 539 14 542 5 + let%span sseq54 = "../../../../creusot-contracts/src/logic/seq.rs" 543 14 543 84 + let%span sseq55 = "../../../../creusot-contracts/src/logic/seq.rs" 544 14 544 44 + let%span sseq56 = "../../../../creusot-contracts/src/logic/seq.rs" 572 31 572 35 + let%span sseq57 = "../../../../creusot-contracts/src/logic/seq.rs" 572 4 572 49 + let%span sseq58 = "../../../../creusot-contracts/src/logic/seq.rs" 568 14 571 5 + let%span sghost59 = "../../../../creusot-contracts/src/ghost.rs" 181 15 181 16 + let%span sghost60 = "../../../../creusot-contracts/src/ghost.rs" 181 4 181 28 + let%span sghost61 = "../../../../creusot-contracts/src/ghost.rs" 179 14 179 28 + let%span sseq62 = "../../../../creusot-contracts/src/logic/seq.rs" 464 33 464 37 + let%span sseq63 = "../../../../creusot-contracts/src/logic/seq.rs" 464 39 464 40 + let%span sseq64 = "../../../../creusot-contracts/src/logic/seq.rs" 463 14 463 41 + let%span sseq65 = "../../../../creusot-contracts/src/logic/seq.rs" 598 32 598 36 + let%span sseq66 = "../../../../creusot-contracts/src/logic/seq.rs" 598 4 598 50 + let%span sseq67 = "../../../../creusot-contracts/src/logic/seq.rs" 594 14 597 5 let%span sresolve68 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 - let%span sseq69 = "../../../../creusot-contracts/src/logic/seq.rs" 150 8 150 27 + let%span sseq69 = "../../../../creusot-contracts/src/logic/seq.rs" 249 8 249 27 use prelude.prelude.Int32 diff --git a/creusot/tests/should_succeed/ghost/snapshot_in_ghost.coma b/creusot/tests/should_succeed/ghost/snapshot_in_ghost.coma index 040b713c7e..627f795ab6 100644 --- a/creusot/tests/should_succeed/ghost/snapshot_in_ghost.coma +++ b/creusot/tests/should_succeed/ghost/snapshot_in_ghost.coma @@ -1,9 +1,9 @@ module M_snapshot_in_ghost__foo [#"snapshot_in_ghost.rs" 5 0 5 12] let%span ssnapshot_in_ghost0 = "snapshot_in_ghost.rs" 7 16 7 28 let%span ssnapshot_in_ghost1 = "snapshot_in_ghost.rs" 8 22 8 29 - let%span sghost2 = "../../../../creusot-contracts/src/ghost.rs" 164 15 164 16 - let%span sghost3 = "../../../../creusot-contracts/src/ghost.rs" 164 4 164 28 - let%span sghost4 = "../../../../creusot-contracts/src/ghost.rs" 162 14 162 28 + let%span sghost2 = "../../../../creusot-contracts/src/ghost.rs" 181 15 181 16 + let%span sghost3 = "../../../../creusot-contracts/src/ghost.rs" 181 4 181 28 + let%span sghost4 = "../../../../creusot-contracts/src/ghost.rs" 179 14 179 28 use prelude.prelude.Snapshot diff --git a/creusot/tests/should_succeed/ghost/typing.coma b/creusot/tests/should_succeed/ghost/typing.coma index f536117f5a..770ac654b6 100644 --- a/creusot/tests/should_succeed/ghost/typing.coma +++ b/creusot/tests/should_succeed/ghost/typing.coma @@ -5,16 +5,16 @@ module M_typing__ghost_enter_ghost [#"typing.rs" 14 0 14 26] let%span styping3 = "typing.rs" 16 32 16 33 let%span styping4 = "typing.rs" 17 35 17 36 let%span styping5 = "typing.rs" 22 25 22 26 - let%span sghost6 = "../../../../creusot-contracts/src/ghost.rs" 82 4 82 12 - let%span sghost7 = "../../../../creusot-contracts/src/ghost.rs" 164 15 164 16 - let%span sghost8 = "../../../../creusot-contracts/src/ghost.rs" 164 4 164 28 - let%span sghost9 = "../../../../creusot-contracts/src/ghost.rs" 162 14 162 28 - let%span sghost10 = "../../../../creusot-contracts/src/ghost.rs" 52 14 52 18 - let%span sghost11 = "../../../../creusot-contracts/src/ghost.rs" 52 4 52 36 - let%span sghost12 = "../../../../creusot-contracts/src/ghost.rs" 51 14 51 35 - let%span sghost13 = "../../../../creusot-contracts/src/ghost.rs" 68 22 68 26 - let%span sghost14 = "../../../../creusot-contracts/src/ghost.rs" 68 4 68 48 - let%span sghost15 = "../../../../creusot-contracts/src/ghost.rs" 67 14 67 36 + let%span sghost6 = "../../../../creusot-contracts/src/ghost.rs" 99 4 99 12 + let%span sghost7 = "../../../../creusot-contracts/src/ghost.rs" 181 15 181 16 + let%span sghost8 = "../../../../creusot-contracts/src/ghost.rs" 181 4 181 28 + let%span sghost9 = "../../../../creusot-contracts/src/ghost.rs" 179 14 179 28 + let%span sghost10 = "../../../../creusot-contracts/src/ghost.rs" 69 14 69 18 + let%span sghost11 = "../../../../creusot-contracts/src/ghost.rs" 69 4 69 36 + let%span sghost12 = "../../../../creusot-contracts/src/ghost.rs" 68 14 68 35 + let%span sghost13 = "../../../../creusot-contracts/src/ghost.rs" 85 22 85 26 + let%span sghost14 = "../../../../creusot-contracts/src/ghost.rs" 85 4 85 48 + let%span sghost15 = "../../../../creusot-contracts/src/ghost.rs" 84 14 84 36 let%span sboxed16 = "../../../../creusot-contracts/src/std/boxed.rs" 18 8 18 22 let%span sresolve17 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 let%span styping18 = "typing.rs" 10 20 10 27 @@ -242,9 +242,9 @@ module M_typing__copy_enter_ghost [#"typing.rs" 29 0 29 25] let%span styping2 = "typing.rs" 32 19 32 21 let%span styping3 = "typing.rs" 39 18 39 25 let%span styping4 = "typing.rs" 40 18 40 47 - let%span sghost5 = "../../../../creusot-contracts/src/ghost.rs" 164 15 164 16 - let%span sghost6 = "../../../../creusot-contracts/src/ghost.rs" 164 4 164 28 - let%span sghost7 = "../../../../creusot-contracts/src/ghost.rs" 162 14 162 28 + let%span sghost5 = "../../../../creusot-contracts/src/ghost.rs" 181 15 181 16 + let%span sghost6 = "../../../../creusot-contracts/src/ghost.rs" 181 4 181 28 + let%span sghost7 = "../../../../creusot-contracts/src/ghost.rs" 179 14 179 28 use prelude.prelude.Int32 diff --git a/creusot/tests/should_succeed/hashmap.coma b/creusot/tests/should_succeed/hashmap.coma index 06e1a23df4..601c73d0e3 100644 --- a/creusot/tests/should_succeed/hashmap.coma +++ b/creusot/tests/should_succeed/hashmap.coma @@ -47,7 +47,7 @@ module M_hashmap__qyi7664122466964245986__new [#"hashmap.rs" 116 4 116 46] (* My let%span svec4 = "../../../creusot-contracts/src/std/vec.rs" 181 22 181 76 let%span shashmap5 = "hashmap.rs" 80 8 80 33 let%span svec6 = "../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - let%span sops7 = "../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 + let%span sops7 = "../../../creusot-contracts/src/logic/ops.rs" 22 8 22 31 let%span shashmap8 = "hashmap.rs" 86 8 86 53 let%span shashmap9 = "hashmap.rs" 31 12 34 13 let%span shashmap10 = "hashmap.rs" 107 12 108 139 @@ -56,7 +56,7 @@ module M_hashmap__qyi7664122466964245986__new [#"hashmap.rs" 116 4 116 46] (* My let%span shashmap13 = "hashmap.rs" 97 12 97 91 let%span shashmap14 = "hashmap.rs" 41 12 44 13 let%span sboxed15 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 - let%span sseq16 = "../../../creusot-contracts/src/logic/seq.rs" 451 20 451 95 + let%span sseq16 = "../../../creusot-contracts/src/logic/seq.rs" 609 20 609 95 type t_K'0 @@ -279,9 +279,9 @@ module M_hashmap__qyi7664122466964245986__add [#"hashmap.rs" 122 4 122 41] (* My let%span svec37 = "../../../creusot-contracts/src/std/vec.rs" 65 20 65 41 let%span sinvariant38 = "../../../creusot-contracts/src/invariant.rs" 34 20 34 44 let%span sboxed39 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 - let%span sops40 = "../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 + let%span sops40 = "../../../creusot-contracts/src/logic/ops.rs" 22 8 22 31 let%span sinvariant41 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 - let%span sseq42 = "../../../creusot-contracts/src/logic/seq.rs" 451 20 451 95 + let%span sseq42 = "../../../creusot-contracts/src/logic/seq.rs" 609 20 609 95 let%span shashmap43 = "hashmap.rs" 107 12 108 139 use prelude.prelude.Snapshot @@ -827,7 +827,7 @@ module M_hashmap__qyi7664122466964245986__get [#"hashmap.rs" 154 4 154 43] (* My let%span sslice17 = "../../../creusot-contracts/src/std/slice.rs" 122 20 122 37 let%span sslice18 = "../../../creusot-contracts/src/std/slice.rs" 129 20 129 37 let%span shashmap19 = "hashmap.rs" 91 20 91 66 - let%span sops20 = "../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 + let%span sops20 = "../../../creusot-contracts/src/logic/ops.rs" 22 8 22 31 let%span shashmap21 = "hashmap.rs" 80 8 80 33 let%span svec22 = "../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 let%span sinvariant23 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 @@ -836,7 +836,7 @@ module M_hashmap__qyi7664122466964245986__get [#"hashmap.rs" 154 4 154 43] (* My let%span shashmap26 = "hashmap.rs" 97 12 97 91 let%span shashmap27 = "hashmap.rs" 41 12 44 13 let%span sboxed28 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 - let%span sseq29 = "../../../creusot-contracts/src/logic/seq.rs" 451 20 451 95 + let%span sseq29 = "../../../creusot-contracts/src/logic/seq.rs" 609 20 609 95 use prelude.prelude.Borrow @@ -1185,10 +1185,10 @@ module M_hashmap__qyi7664122466964245986__resize [#"hashmap.rs" 173 4 173 24] (* let%span shashmap24 = "hashmap.rs" 116 31 116 46 let%span shashmap25 = "hashmap.rs" 115 14 115 62 let%span svec26 = "../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - let%span sops27 = "../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 + let%span sops27 = "../../../creusot-contracts/src/logic/ops.rs" 22 8 22 31 let%span shashmap28 = "hashmap.rs" 91 20 91 66 let%span shashmap29 = "hashmap.rs" 80 8 80 33 - let%span ssnapshot30 = "../../../creusot-contracts/src/snapshot.rs" 26 20 26 39 + let%span ssnapshot30 = "../../../creusot-contracts/src/snapshot.rs" 52 20 52 39 let%span svec31 = "../../../creusot-contracts/src/std/vec.rs" 152 27 152 46 let%span svec32 = "../../../creusot-contracts/src/std/vec.rs" 153 26 153 54 let%span svec33 = "../../../creusot-contracts/src/std/vec.rs" 154 26 154 57 @@ -1215,7 +1215,7 @@ module M_hashmap__qyi7664122466964245986__resize [#"hashmap.rs" 173 4 173 24] (* let%span svec54 = "../../../creusot-contracts/src/std/vec.rs" 65 20 65 41 let%span sinvariant55 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 let%span sboxed56 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 - let%span sseq57 = "../../../creusot-contracts/src/logic/seq.rs" 451 20 451 95 + let%span sseq57 = "../../../creusot-contracts/src/logic/seq.rs" 609 20 609 95 use prelude.prelude.Snapshot @@ -1720,7 +1720,7 @@ module M_hashmap__main [#"hashmap.rs" 213 0 213 13] let%span shashmap34 = "hashmap.rs" 31 12 34 13 let%span shashmap35 = "hashmap.rs" 107 12 108 139 let%span shashmap36 = "hashmap.rs" 91 20 91 66 - let%span sops37 = "../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 + let%span sops37 = "../../../creusot-contracts/src/logic/ops.rs" 22 8 22 31 let%span sinvariant38 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 let%span svec39 = "../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 let%span shashmap40 = "hashmap.rs" 97 12 97 91 diff --git a/creusot/tests/should_succeed/heapsort_generic.coma b/creusot/tests/should_succeed/heapsort_generic.coma index f73fcbf2dd..c1b66e6081 100644 --- a/creusot/tests/should_succeed/heapsort_generic.coma +++ b/creusot/tests/should_succeed/heapsort_generic.coma @@ -6,19 +6,19 @@ module M_heapsort_generic__heap_frag_max [#"heapsort_generic.rs" 25 0 25 58] let%span sheapsort_generic4 = "heapsort_generic.rs" 26 4 28 5 let%span sheapsort_generic5 = "heapsort_generic.rs" 16 16 17 24 let%span sheapsort_generic6 = "heapsort_generic.rs" 11 4 11 19 - let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 15 14 15 64 - let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 25 14 25 61 - let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 35 14 35 61 - let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 45 14 45 64 - let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 49 14 49 45 - let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 53 15 53 32 - let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 54 15 54 32 - let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 55 14 55 31 - let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 59 15 59 45 - let%span sord16 = "../../../creusot-contracts/src/logic/ord.rs" 60 14 60 47 - let%span sord17 = "../../../creusot-contracts/src/logic/ord.rs" 64 15 64 48 - let%span sord18 = "../../../creusot-contracts/src/logic/ord.rs" 65 14 65 44 - let%span sord19 = "../../../creusot-contracts/src/logic/ord.rs" 69 14 69 59 + let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 + let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 + let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 + let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 + let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 + let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 + let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 + let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 + let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 + let%span sord16 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 + let%span sord17 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 + let%span sord18 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 + let%span sord19 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 type t_T'0 @@ -36,7 +36,7 @@ module M_heapsort_generic__heap_frag_max [#"heapsort_generic.rs" 25 0 25 58] | C_Equal'0 | C_Greater'0 - function cmp_log'0 (self : t_T'0) (_2 : t_T'0) : t_Ordering'0 + function cmp_log'0 (self : t_T'0) (other : t_T'0) : t_Ordering'0 function eq_cmp'0 (x : t_T'0) (y : t_T'0) : () @@ -136,9 +136,9 @@ module M_heapsort_generic__sift_down [#"heapsort_generic.rs" 41 0 43 29] let%span sheapsort_generic23 = "heapsort_generic.rs" 11 4 11 19 let%span smodel24 = "../../../creusot-contracts/src/model.rs" 97 8 97 28 let%span smodel25 = "../../../creusot-contracts/src/model.rs" 106 8 106 22 - let%span sops26 = "../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 - let%span ssnapshot27 = "../../../creusot-contracts/src/snapshot.rs" 26 20 26 39 - let%span sseq28 = "../../../creusot-contracts/src/logic/seq.rs" 177 8 177 37 + let%span sops26 = "../../../creusot-contracts/src/logic/ops.rs" 22 8 22 31 + let%span ssnapshot27 = "../../../creusot-contracts/src/snapshot.rs" 52 20 52 39 + let%span sseq28 = "../../../creusot-contracts/src/logic/seq.rs" 314 8 314 41 let%span svec29 = "../../../creusot-contracts/src/std/vec.rs" 162 27 162 46 let%span svec30 = "../../../creusot-contracts/src/std/vec.rs" 163 26 163 54 let%span scmp31 = "../../../creusot-contracts/src/std/cmp.rs" 33 26 33 76 @@ -152,19 +152,19 @@ module M_heapsort_generic__sift_down [#"heapsort_generic.rs" 41 0 43 29] let%span svec39 = "../../../creusot-contracts/src/std/vec.rs" 29 14 29 47 let%span svec40 = "../../../creusot-contracts/src/std/vec.rs" 30 14 31 51 let%span svec41 = "../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - let%span sord42 = "../../../creusot-contracts/src/logic/ord.rs" 15 14 15 64 - let%span sord43 = "../../../creusot-contracts/src/logic/ord.rs" 25 14 25 61 - let%span sord44 = "../../../creusot-contracts/src/logic/ord.rs" 35 14 35 61 - let%span sord45 = "../../../creusot-contracts/src/logic/ord.rs" 45 14 45 64 - let%span sord46 = "../../../creusot-contracts/src/logic/ord.rs" 49 14 49 45 - let%span sord47 = "../../../creusot-contracts/src/logic/ord.rs" 53 15 53 32 - let%span sord48 = "../../../creusot-contracts/src/logic/ord.rs" 54 15 54 32 - let%span sord49 = "../../../creusot-contracts/src/logic/ord.rs" 55 14 55 31 - let%span sord50 = "../../../creusot-contracts/src/logic/ord.rs" 59 15 59 45 - let%span sord51 = "../../../creusot-contracts/src/logic/ord.rs" 60 14 60 47 - let%span sord52 = "../../../creusot-contracts/src/logic/ord.rs" 64 15 64 48 - let%span sord53 = "../../../creusot-contracts/src/logic/ord.rs" 65 14 65 44 - let%span sord54 = "../../../creusot-contracts/src/logic/ord.rs" 69 14 69 59 + let%span sord42 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 + let%span sord43 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 + let%span sord44 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 + let%span sord45 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 + let%span sord46 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 + let%span sord47 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 + let%span sord48 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 + let%span sord49 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 + let%span sord50 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 + let%span sord51 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 + let%span sord52 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 + let%span sord53 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 + let%span sord54 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 let%span smodel55 = "../../../creusot-contracts/src/model.rs" 88 8 88 22 let%span sslice56 = "../../../creusot-contracts/src/std/slice.rs" 122 20 122 37 let%span sslice57 = "../../../creusot-contracts/src/std/slice.rs" 129 20 129 37 @@ -176,7 +176,7 @@ module M_heapsort_generic__sift_down [#"heapsort_generic.rs" 41 0 43 29] let%span svec63 = "../../../creusot-contracts/src/std/vec.rs" 65 20 65 41 let%span sslice64 = "../../../creusot-contracts/src/std/slice.rs" 18 20 18 30 let%span sinvariant65 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 - let%span sseq66 = "../../../creusot-contracts/src/logic/seq.rs" 451 20 451 95 + let%span sseq66 = "../../../creusot-contracts/src/logic/seq.rs" 609 20 609 95 let%span sboxed67 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 use prelude.prelude.Snapshot @@ -251,7 +251,7 @@ module M_heapsort_generic__sift_down [#"heapsort_generic.rs" 41 0 43 29] | C_Equal'0 | C_Greater'0 - function cmp_log'0 (self : t_DeepModelTy'0) (_2 : t_DeepModelTy'0) : t_Ordering'0 + function cmp_log'0 (self : t_DeepModelTy'0) (other : t_DeepModelTy'0) : t_Ordering'0 function eq_cmp'0 (x : t_DeepModelTy'0) (y : t_DeepModelTy'0) : () @@ -320,8 +320,8 @@ module M_heapsort_generic__sift_down [#"heapsort_generic.rs" 41 0 43 29] use seq.Permut - predicate permutation_of'0 (self : Seq.seq t_T'0) (o : Seq.seq t_T'0) = - [%#sseq28] Permut.permut self o 0 (Seq.length self) + predicate permutation_of'0 (self : Seq.seq t_T'0) (other : Seq.seq t_T'0) = + [%#sseq28] Permut.permut self other 0 (Seq.length self) use seq.Seq @@ -641,8 +641,8 @@ module M_heapsort_generic__heap_sort [#"heapsort_generic.rs" 94 0 96 29] let%span smodel24 = "../../../creusot-contracts/src/model.rs" 106 8 106 22 let%span smodel25 = "../../../creusot-contracts/src/model.rs" 97 8 97 28 let%span sheapsort_generic26 = "heapsort_generic.rs" 16 16 17 24 - let%span ssnapshot27 = "../../../creusot-contracts/src/snapshot.rs" 26 20 26 39 - let%span sseq28 = "../../../creusot-contracts/src/logic/seq.rs" 177 8 177 37 + let%span ssnapshot27 = "../../../creusot-contracts/src/snapshot.rs" 52 20 52 39 + let%span sseq28 = "../../../creusot-contracts/src/logic/seq.rs" 314 8 314 41 let%span sheapsort_generic29 = "heapsort_generic.rs" 41 33 41 34 let%span sheapsort_generic30 = "heapsort_generic.rs" 31 11 31 54 let%span sheapsort_generic31 = "heapsort_generic.rs" 32 11 32 24 @@ -668,20 +668,20 @@ module M_heapsort_generic__heap_sort [#"heapsort_generic.rs" 94 0 96 29] let%span svec51 = "../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 let%span smodel52 = "../../../creusot-contracts/src/model.rs" 88 8 88 22 let%span sheapsort_generic53 = "heapsort_generic.rs" 11 4 11 19 - let%span sops54 = "../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 - let%span sord55 = "../../../creusot-contracts/src/logic/ord.rs" 15 14 15 64 - let%span sord56 = "../../../creusot-contracts/src/logic/ord.rs" 25 14 25 61 - let%span sord57 = "../../../creusot-contracts/src/logic/ord.rs" 35 14 35 61 - let%span sord58 = "../../../creusot-contracts/src/logic/ord.rs" 45 14 45 64 - let%span sord59 = "../../../creusot-contracts/src/logic/ord.rs" 49 14 49 45 - let%span sord60 = "../../../creusot-contracts/src/logic/ord.rs" 53 15 53 32 - let%span sord61 = "../../../creusot-contracts/src/logic/ord.rs" 54 15 54 32 - let%span sord62 = "../../../creusot-contracts/src/logic/ord.rs" 55 14 55 31 - let%span sord63 = "../../../creusot-contracts/src/logic/ord.rs" 59 15 59 45 - let%span sord64 = "../../../creusot-contracts/src/logic/ord.rs" 60 14 60 47 - let%span sord65 = "../../../creusot-contracts/src/logic/ord.rs" 64 15 64 48 - let%span sord66 = "../../../creusot-contracts/src/logic/ord.rs" 65 14 65 44 - let%span sord67 = "../../../creusot-contracts/src/logic/ord.rs" 69 14 69 59 + let%span sops54 = "../../../creusot-contracts/src/logic/ops.rs" 22 8 22 31 + let%span sord55 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 + let%span sord56 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 + let%span sord57 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 + let%span sord58 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 + let%span sord59 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 + let%span sord60 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 + let%span sord61 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 + let%span sord62 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 + let%span sord63 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 + let%span sord64 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 + let%span sord65 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 + let%span sord66 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 + let%span sord67 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 let%span sslice68 = "../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 let%span sslice69 = "../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 let%span sresolve70 = "../../../creusot-contracts/src/resolve.rs" 54 20 54 34 @@ -689,7 +689,7 @@ module M_heapsort_generic__heap_sort [#"heapsort_generic.rs" 94 0 96 29] let%span sinvariant72 = "../../../creusot-contracts/src/invariant.rs" 34 20 34 44 let%span sslice73 = "../../../creusot-contracts/src/std/slice.rs" 18 20 18 30 let%span sinvariant74 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 - let%span sseq75 = "../../../creusot-contracts/src/logic/seq.rs" 451 20 451 95 + let%span sseq75 = "../../../creusot-contracts/src/logic/seq.rs" 609 20 609 95 let%span sboxed76 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 use prelude.prelude.Snapshot @@ -807,7 +807,7 @@ module M_heapsort_generic__heap_sort [#"heapsort_generic.rs" 94 0 96 29] | C_Equal'0 | C_Greater'0 - function cmp_log'0 (self : t_DeepModelTy'0) (_2 : t_DeepModelTy'0) : t_Ordering'0 + function cmp_log'0 (self : t_DeepModelTy'0) (other : t_DeepModelTy'0) : t_Ordering'0 function eq_cmp'0 (x : t_DeepModelTy'0) (y : t_DeepModelTy'0) : () @@ -877,8 +877,8 @@ module M_heapsort_generic__heap_sort [#"heapsort_generic.rs" 94 0 96 29] use seq.Permut - predicate permutation_of'0 (self : Seq.seq t_T'0) (o : Seq.seq t_T'0) = - [%#sseq28] Permut.permut self o 0 (Seq.length self) + predicate permutation_of'0 (self : Seq.seq t_T'0) (other : Seq.seq t_T'0) = + [%#sseq28] Permut.permut self other 0 (Seq.length self) predicate invariant'1 (self : borrowed (t_Vec'0)) = [%#sinvariant72] inv'0 self.current /\ inv'0 self.final diff --git a/creusot/tests/should_succeed/hillel.coma b/creusot/tests/should_succeed/hillel.coma index 9cfe9d547e..feeb77497f 100644 --- a/creusot/tests/should_succeed/hillel.coma +++ b/creusot/tests/should_succeed/hillel.coma @@ -13,9 +13,9 @@ module M_hillel__right_pad [#"hillel.rs" 17 0 17 59] let%span shillel11 = "hillel.rs" 14 10 14 53 let%span shillel12 = "hillel.rs" 15 10 15 73 let%span shillel13 = "hillel.rs" 16 10 16 73 - let%span ssnapshot14 = "../../../creusot-contracts/src/snapshot.rs" 26 20 26 39 + let%span ssnapshot14 = "../../../creusot-contracts/src/snapshot.rs" 52 20 52 39 let%span smodel15 = "../../../creusot-contracts/src/model.rs" 106 8 106 22 - let%span sops16 = "../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 + let%span sops16 = "../../../creusot-contracts/src/logic/ops.rs" 22 8 22 31 let%span svec17 = "../../../creusot-contracts/src/std/vec.rs" 83 26 83 48 let%span svec18 = "../../../creusot-contracts/src/std/vec.rs" 87 26 87 56 let%span svec19 = "../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 @@ -24,7 +24,7 @@ module M_hillel__right_pad [#"hillel.rs" 17 0 17 59] let%span svec22 = "../../../creusot-contracts/src/std/vec.rs" 65 20 65 41 let%span sinvariant23 = "../../../creusot-contracts/src/invariant.rs" 34 20 34 44 let%span sinvariant24 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 - let%span sseq25 = "../../../creusot-contracts/src/logic/seq.rs" 451 20 451 95 + let%span sseq25 = "../../../creusot-contracts/src/logic/seq.rs" 609 20 609 95 let%span sboxed26 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 use prelude.prelude.Snapshot @@ -229,9 +229,9 @@ module M_hillel__left_pad [#"hillel.rs" 34 0 34 58] let%span shillel13 = "hillel.rs" 31 10 31 62 let%span shillel14 = "hillel.rs" 32 10 32 88 let%span shillel15 = "hillel.rs" 33 10 33 104 - let%span sops16 = "../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 + let%span sops16 = "../../../creusot-contracts/src/logic/ops.rs" 22 8 22 31 let%span smodel17 = "../../../creusot-contracts/src/model.rs" 106 8 106 22 - let%span ssnapshot18 = "../../../creusot-contracts/src/snapshot.rs" 26 20 26 39 + let%span ssnapshot18 = "../../../creusot-contracts/src/snapshot.rs" 52 20 52 39 let%span svec19 = "../../../creusot-contracts/src/std/vec.rs" 83 26 83 48 let%span svec20 = "../../../creusot-contracts/src/std/vec.rs" 107 26 107 59 let%span svec21 = "../../../creusot-contracts/src/std/vec.rs" 108 26 108 87 @@ -243,7 +243,7 @@ module M_hillel__left_pad [#"hillel.rs" 34 0 34 58] let%span svec27 = "../../../creusot-contracts/src/std/vec.rs" 65 20 65 41 let%span sinvariant28 = "../../../creusot-contracts/src/invariant.rs" 34 20 34 44 let%span sinvariant29 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 - let%span sseq30 = "../../../creusot-contracts/src/logic/seq.rs" 451 20 451 95 + let%span sseq30 = "../../../creusot-contracts/src/logic/seq.rs" 609 20 609 95 let%span sboxed31 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 use prelude.prelude.Snapshot @@ -505,11 +505,11 @@ module M_hillel__insert_unique [#"hillel.rs" 80 0 80 62] let%span svec23 = "../../../creusot-contracts/src/std/vec.rs" 169 26 169 42 let%span sslice24 = "../../../creusot-contracts/src/std/slice.rs" 245 0 354 1 let%span siter25 = "../../../creusot-contracts/src/std/iter.rs" 101 0 213 1 - let%span sops26 = "../../../creusot-contracts/src/logic/ops.rs" 86 8 86 33 + let%span sops26 = "../../../creusot-contracts/src/logic/ops.rs" 88 8 88 33 let%span smodel27 = "../../../creusot-contracts/src/model.rs" 79 8 79 28 let%span sslice28 = "../../../creusot-contracts/src/std/slice.rs" 405 12 405 66 let%span siter29 = "../../../creusot-contracts/src/std/iter.rs" 107 26 110 17 - let%span sops30 = "../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 + let%span sops30 = "../../../creusot-contracts/src/logic/ops.rs" 22 8 22 31 let%span scmp31 = "../../../creusot-contracts/src/std/cmp.rs" 11 26 11 75 let%span shillel32 = "hillel.rs" 60 8 60 64 let%span shillel33 = "hillel.rs" 53 8 53 105 @@ -533,8 +533,8 @@ module M_hillel__insert_unique [#"hillel.rs" 80 0 80 62] let%span smodel51 = "../../../creusot-contracts/src/model.rs" 106 8 106 22 let%span sslice52 = "../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 let%span sslice53 = "../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 - let%span sops54 = "../../../creusot-contracts/src/logic/ops.rs" 42 8 42 31 - let%span sseq55 = "../../../creusot-contracts/src/logic/seq.rs" 451 20 451 95 + let%span sops54 = "../../../creusot-contracts/src/logic/ops.rs" 44 8 44 31 + let%span sseq55 = "../../../creusot-contracts/src/logic/seq.rs" 609 20 609 95 let%span sinvariant56 = "../../../creusot-contracts/src/invariant.rs" 34 20 34 44 let%span svec57 = "../../../creusot-contracts/src/std/vec.rs" 65 20 65 41 let%span sinvariant58 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 @@ -1039,7 +1039,7 @@ module M_hillel__unique [#"hillel.rs" 102 0 102 56] let%span siter40 = "../../../creusot-contracts/src/std/iter.rs" 92 8 92 19 let%span sslice41 = "../../../creusot-contracts/src/std/slice.rs" 40 14 40 44 let%span sslice42 = "../../../creusot-contracts/src/std/slice.rs" 41 14 41 96 - let%span sops43 = "../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 + let%span sops43 = "../../../creusot-contracts/src/logic/ops.rs" 22 8 22 31 let%span shillel44 = "hillel.rs" 60 8 60 64 let%span srange45 = "../../../creusot-contracts/src/std/iter/range.rs" 33 15 33 24 let%span srange46 = "../../../creusot-contracts/src/std/iter/range.rs" 34 14 34 45 @@ -1055,11 +1055,11 @@ module M_hillel__unique [#"hillel.rs" 102 0 102 56] let%span smodel56 = "../../../creusot-contracts/src/model.rs" 97 8 97 28 let%span sslice57 = "../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 let%span sslice58 = "../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 - let%span sops59 = "../../../creusot-contracts/src/logic/ops.rs" 42 8 42 31 + let%span sops59 = "../../../creusot-contracts/src/logic/ops.rs" 44 8 44 31 let%span svec60 = "../../../creusot-contracts/src/std/vec.rs" 65 20 65 41 let%span sinvariant61 = "../../../creusot-contracts/src/invariant.rs" 34 20 34 44 let%span sinvariant62 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 - let%span sseq63 = "../../../creusot-contracts/src/logic/seq.rs" 451 20 451 95 + let%span sseq63 = "../../../creusot-contracts/src/logic/seq.rs" 609 20 609 95 let%span sslice64 = "../../../creusot-contracts/src/std/slice.rs" 18 20 18 30 let%span sboxed65 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 @@ -1595,7 +1595,7 @@ module M_hillel__score [#"hillel.rs" 147 0 147 38] let%span shillel9 = "hillel.rs" 148 4 148 41 let%span shillel10 = "hillel.rs" 121 0 121 8 let%span shillel11 = "hillel.rs" 138 4 140 5 - let%span sint12 = "../../../creusot-contracts/src/logic/int.rs" 70 4 70 12 + let%span sint12 = "../../../creusot-contracts/src/logic/int.rs" 156 4 156 12 use prelude.prelude.Int @@ -1713,7 +1713,7 @@ module M_hillel__fulcrum [#"hillel.rs" 159 0 159 30] let%span shillel57 = "hillel.rs" 136 10 136 85 let%span shillel58 = "hillel.rs" 134 10 134 18 let%span shillel59 = "hillel.rs" 138 4 140 5 - let%span sint60 = "../../../creusot-contracts/src/logic/int.rs" 70 4 70 12 + let%span sint60 = "../../../creusot-contracts/src/logic/int.rs" 156 4 156 12 let%span srange61 = "../../../creusot-contracts/src/std/iter/range.rs" 33 15 33 24 let%span srange62 = "../../../creusot-contracts/src/std/iter/range.rs" 34 14 34 45 let%span srange63 = "../../../creusot-contracts/src/std/iter/range.rs" 39 15 39 21 @@ -1724,7 +1724,7 @@ module M_hillel__fulcrum [#"hillel.rs" 159 0 159 30] let%span srange68 = "../../../creusot-contracts/src/std/iter/range.rs" 44 14 44 42 let%span snum69 = "../../../creusot-contracts/src/std/num.rs" 21 28 21 33 let%span srange70 = "../../../creusot-contracts/src/std/iter/range.rs" 15 12 15 78 - let%span sops71 = "../../../creusot-contracts/src/logic/ops.rs" 42 8 42 31 + let%span sops71 = "../../../creusot-contracts/src/logic/ops.rs" 44 8 44 31 let%span smodel72 = "../../../creusot-contracts/src/model.rs" 106 8 106 22 use prelude.prelude.UInt32 diff --git a/creusot/tests/should_succeed/index_range.coma b/creusot/tests/should_succeed/index_range.coma index a0d767ddc0..f70ad1c3f5 100644 --- a/creusot/tests/should_succeed/index_range.coma +++ b/creusot/tests/should_succeed/index_range.coma @@ -9,7 +9,7 @@ module M_index_range__create_arr [#"index_range.rs" 14 0 14 27] let%span svec7 = "../../../creusot-contracts/src/std/vec.rs" 74 26 74 44 let%span svec8 = "../../../creusot-contracts/src/std/vec.rs" 87 26 87 56 let%span svec9 = "../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - let%span sops10 = "../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 + let%span sops10 = "../../../creusot-contracts/src/logic/ops.rs" 22 8 22 31 let%span smodel11 = "../../../creusot-contracts/src/model.rs" 106 8 106 22 use prelude.prelude.Opaque @@ -229,7 +229,7 @@ module M_index_range__test_range [#"index_range.rs" 27 0 27 19] let%span svec84 = "../../../creusot-contracts/src/std/vec.rs" 156 26 156 55 let%span svec85 = "../../../creusot-contracts/src/std/vec.rs" 83 26 83 48 let%span svec86 = "../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - let%span sops87 = "../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 + let%span sops87 = "../../../creusot-contracts/src/logic/ops.rs" 22 8 22 31 let%span smodel88 = "../../../creusot-contracts/src/model.rs" 88 8 88 22 let%span sslice89 = "../../../creusot-contracts/src/std/slice.rs" 144 20 144 70 let%span sslice90 = "../../../creusot-contracts/src/std/slice.rs" 150 20 150 67 @@ -861,7 +861,7 @@ module M_index_range__test_range_to [#"index_range.rs" 78 0 78 22] let%span svec57 = "../../../creusot-contracts/src/std/vec.rs" 156 26 156 55 let%span svec58 = "../../../creusot-contracts/src/std/vec.rs" 83 26 83 48 let%span svec59 = "../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - let%span sops60 = "../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 + let%span sops60 = "../../../creusot-contracts/src/logic/ops.rs" 22 8 22 31 let%span smodel61 = "../../../creusot-contracts/src/model.rs" 88 8 88 22 let%span sslice62 = "../../../creusot-contracts/src/std/slice.rs" 167 20 167 42 let%span sslice63 = "../../../creusot-contracts/src/std/slice.rs" 173 20 173 57 @@ -1349,7 +1349,7 @@ module M_index_range__test_range_from [#"index_range.rs" 115 0 115 24] let%span svec59 = "../../../creusot-contracts/src/std/vec.rs" 156 26 156 55 let%span svec60 = "../../../creusot-contracts/src/std/vec.rs" 83 26 83 48 let%span svec61 = "../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - let%span sops62 = "../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 + let%span sops62 = "../../../creusot-contracts/src/logic/ops.rs" 22 8 22 31 let%span smodel63 = "../../../creusot-contracts/src/model.rs" 88 8 88 22 let%span sslice64 = "../../../creusot-contracts/src/std/slice.rs" 187 20 187 44 let%span sslice65 = "../../../creusot-contracts/src/std/slice.rs" 193 20 193 67 @@ -1842,7 +1842,7 @@ module M_index_range__test_range_full [#"index_range.rs" 154 0 154 24] let%span svec51 = "../../../creusot-contracts/src/std/vec.rs" 156 26 156 55 let%span svec52 = "../../../creusot-contracts/src/std/vec.rs" 83 26 83 48 let%span svec53 = "../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - let%span sops54 = "../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 + let%span sops54 = "../../../creusot-contracts/src/logic/ops.rs" 22 8 22 31 let%span smodel55 = "../../../creusot-contracts/src/model.rs" 88 8 88 22 let%span sslice56 = "../../../creusot-contracts/src/std/slice.rs" 209 20 209 24 let%span sslice57 = "../../../creusot-contracts/src/std/slice.rs" 215 20 215 31 @@ -2300,7 +2300,7 @@ module M_index_range__test_range_to_inclusive [#"index_range.rs" 179 0 179 32] let%span svec54 = "../../../creusot-contracts/src/std/vec.rs" 156 26 156 55 let%span svec55 = "../../../creusot-contracts/src/std/vec.rs" 83 26 83 48 let%span svec56 = "../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - let%span sops57 = "../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 + let%span sops57 = "../../../creusot-contracts/src/logic/ops.rs" 22 8 22 31 let%span smodel58 = "../../../creusot-contracts/src/model.rs" 88 8 88 22 let%span sslice59 = "../../../creusot-contracts/src/std/slice.rs" 229 20 229 41 let%span sslice60 = "../../../creusot-contracts/src/std/slice.rs" 235 20 235 61 diff --git a/creusot/tests/should_succeed/inferred_invariants.coma b/creusot/tests/should_succeed/inferred_invariants.coma index 24e7a53304..d8349c81ce 100644 --- a/creusot/tests/should_succeed/inferred_invariants.coma +++ b/creusot/tests/should_succeed/inferred_invariants.coma @@ -268,7 +268,7 @@ module M_inferred_invariants__y [#"inferred_invariants.rs" 41 0 41 26] let%span sinferred_invariants4 = "inferred_invariants.rs" 48 19 48 20 let%span sinferred_invariants5 = "inferred_invariants.rs" 51 13 51 14 let%span sinferred_invariants6 = "inferred_invariants.rs" 52 15 52 17 - let%span ssnapshot7 = "../../../creusot-contracts/src/snapshot.rs" 26 20 26 39 + let%span ssnapshot7 = "../../../creusot-contracts/src/snapshot.rs" 52 20 52 39 let%span smodel8 = "../../../creusot-contracts/src/model.rs" 106 8 106 22 let%span svec9 = "../../../creusot-contracts/src/std/vec.rs" 83 26 83 48 let%span svec10 = "../../../creusot-contracts/src/std/vec.rs" 152 27 152 46 diff --git a/creusot/tests/should_succeed/insertion_sort.coma b/creusot/tests/should_succeed/insertion_sort.coma index 62ef609bbd..6f9f0ccf76 100644 --- a/creusot/tests/should_succeed/insertion_sort.coma +++ b/creusot/tests/should_succeed/insertion_sort.coma @@ -24,14 +24,14 @@ module M_insertion_sort__insertion_sort [#"insertion_sort.rs" 21 0 21 40] let%span sinsertion_sort22 = "insertion_sort.rs" 20 10 20 27 let%span sslice23 = "../../../creusot-contracts/src/std/slice.rs" 245 0 354 1 let%span siter24 = "../../../creusot-contracts/src/std/iter.rs" 101 0 213 1 - let%span ssnapshot25 = "../../../creusot-contracts/src/snapshot.rs" 26 20 26 39 + let%span ssnapshot25 = "../../../creusot-contracts/src/snapshot.rs" 52 20 52 39 let%span smodel26 = "../../../creusot-contracts/src/model.rs" 106 8 106 22 - let%span sseq27 = "../../../creusot-contracts/src/logic/seq.rs" 177 8 177 37 + let%span sseq27 = "../../../creusot-contracts/src/logic/seq.rs" 314 8 314 41 let%span sinsertion_sort28 = "insertion_sort.rs" 8 8 8 72 let%span srange29 = "../../../creusot-contracts/src/std/iter/range.rs" 23 12 27 70 let%span siter30 = "../../../creusot-contracts/src/std/iter.rs" 107 26 110 17 - let%span sops31 = "../../../creusot-contracts/src/logic/ops.rs" 53 8 53 32 - let%span sops32 = "../../../creusot-contracts/src/logic/ops.rs" 42 8 42 31 + let%span sops31 = "../../../creusot-contracts/src/logic/ops.rs" 55 8 55 32 + let%span sops32 = "../../../creusot-contracts/src/logic/ops.rs" 44 8 44 31 let%span sslice33 = "../../../creusot-contracts/src/std/slice.rs" 257 19 257 35 let%span sslice34 = "../../../creusot-contracts/src/std/slice.rs" 258 19 258 35 let%span sslice35 = "../../../creusot-contracts/src/std/slice.rs" 259 18 259 50 @@ -133,8 +133,8 @@ module M_insertion_sort__insertion_sort [#"insertion_sort.rs" 21 0 21 40] use seq.Permut - predicate permutation_of'0 (self : Seq.seq int32) (o : Seq.seq int32) = - [%#sseq27] Permut.permut self o 0 (Seq.length self) + predicate permutation_of'0 (self : Seq.seq int32) (other : Seq.seq int32) = + [%#sseq27] Permut.permut self other 0 (Seq.length self) use prelude.prelude.Snapshot diff --git a/creusot/tests/should_succeed/instant.coma b/creusot/tests/should_succeed/instant.coma index a5c877ff18..bab81e57fe 100644 --- a/creusot/tests/should_succeed/instant.coma +++ b/creusot/tests/should_succeed/instant.coma @@ -44,40 +44,40 @@ module M_instant__test_instant [#"instant.rs" 7 0 7 21] let%span smodel42 = "../../../creusot-contracts/src/model.rs" 79 8 79 28 let%span soption43 = "../../../creusot-contracts/src/std/option.rs" 11 8 14 9 let%span smodel44 = "../../../creusot-contracts/src/model.rs" 88 8 88 22 - let%span sord45 = "../../../creusot-contracts/src/logic/ord.rs" 21 20 21 53 - let%span sord46 = "../../../creusot-contracts/src/logic/ord.rs" 41 20 41 56 + let%span sord45 = "../../../creusot-contracts/src/logic/ord.rs" 36 20 36 53 + let%span sord46 = "../../../creusot-contracts/src/logic/ord.rs" 58 20 58 56 let%span stime47 = "../../../creusot-contracts/src/std/time.rs" 24 8 24 19 let%span stime48 = "../../../creusot-contracts/src/std/time.rs" 68 8 68 19 - let%span sord49 = "../../../creusot-contracts/src/logic/ord.rs" 78 39 78 89 - let%span sord50 = "../../../creusot-contracts/src/logic/ord.rs" 83 39 83 86 - let%span sord51 = "../../../creusot-contracts/src/logic/ord.rs" 88 39 88 86 - let%span sord52 = "../../../creusot-contracts/src/logic/ord.rs" 93 39 93 89 - let%span sord53 = "../../../creusot-contracts/src/logic/ord.rs" 98 39 98 70 - let%span sord54 = "../../../creusot-contracts/src/logic/ord.rs" 103 40 103 57 - let%span sord55 = "../../../creusot-contracts/src/logic/ord.rs" 104 40 104 57 - let%span sord56 = "../../../creusot-contracts/src/logic/ord.rs" 105 39 105 56 - let%span sord57 = "../../../creusot-contracts/src/logic/ord.rs" 110 40 110 70 - let%span sord58 = "../../../creusot-contracts/src/logic/ord.rs" 111 39 111 72 - let%span sord59 = "../../../creusot-contracts/src/logic/ord.rs" 116 40 116 73 - let%span sord60 = "../../../creusot-contracts/src/logic/ord.rs" 117 39 117 69 - let%span sord61 = "../../../creusot-contracts/src/logic/ord.rs" 122 39 122 84 + let%span sord49 = "../../../creusot-contracts/src/logic/ord.rs" 129 39 129 89 + let%span sord50 = "../../../creusot-contracts/src/logic/ord.rs" 134 39 134 86 + let%span sord51 = "../../../creusot-contracts/src/logic/ord.rs" 139 39 139 86 + let%span sord52 = "../../../creusot-contracts/src/logic/ord.rs" 144 39 144 89 + let%span sord53 = "../../../creusot-contracts/src/logic/ord.rs" 149 39 149 70 + let%span sord54 = "../../../creusot-contracts/src/logic/ord.rs" 154 40 154 57 + let%span sord55 = "../../../creusot-contracts/src/logic/ord.rs" 155 40 155 57 + let%span sord56 = "../../../creusot-contracts/src/logic/ord.rs" 156 39 156 56 + let%span sord57 = "../../../creusot-contracts/src/logic/ord.rs" 161 40 161 70 + let%span sord58 = "../../../creusot-contracts/src/logic/ord.rs" 162 39 162 72 + let%span sord59 = "../../../creusot-contracts/src/logic/ord.rs" 167 40 167 73 + let%span sord60 = "../../../creusot-contracts/src/logic/ord.rs" 168 39 168 69 + let%span sord61 = "../../../creusot-contracts/src/logic/ord.rs" 173 39 173 84 let%span soption62 = "../../../creusot-contracts/src/std/option.rs" 437 8 442 9 - let%span sord63 = "../../../creusot-contracts/src/logic/ord.rs" 11 20 11 56 - let%span sord64 = "../../../creusot-contracts/src/logic/ord.rs" 31 20 31 53 - let%span sord65 = "../../../creusot-contracts/src/logic/ord.rs" 135 16 141 17 - let%span sord66 = "../../../creusot-contracts/src/logic/ord.rs" 78 39 78 89 - let%span sord67 = "../../../creusot-contracts/src/logic/ord.rs" 83 39 83 86 - let%span sord68 = "../../../creusot-contracts/src/logic/ord.rs" 88 39 88 86 - let%span sord69 = "../../../creusot-contracts/src/logic/ord.rs" 93 39 93 89 - let%span sord70 = "../../../creusot-contracts/src/logic/ord.rs" 98 39 98 70 - let%span sord71 = "../../../creusot-contracts/src/logic/ord.rs" 103 40 103 57 - let%span sord72 = "../../../creusot-contracts/src/logic/ord.rs" 104 40 104 57 - let%span sord73 = "../../../creusot-contracts/src/logic/ord.rs" 105 39 105 56 - let%span sord74 = "../../../creusot-contracts/src/logic/ord.rs" 110 40 110 70 - let%span sord75 = "../../../creusot-contracts/src/logic/ord.rs" 111 39 111 72 - let%span sord76 = "../../../creusot-contracts/src/logic/ord.rs" 116 40 116 73 - let%span sord77 = "../../../creusot-contracts/src/logic/ord.rs" 117 39 117 69 - let%span sord78 = "../../../creusot-contracts/src/logic/ord.rs" 122 39 122 84 + let%span sord63 = "../../../creusot-contracts/src/logic/ord.rs" 25 20 25 56 + let%span sord64 = "../../../creusot-contracts/src/logic/ord.rs" 47 20 47 53 + let%span sord65 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + let%span sord66 = "../../../creusot-contracts/src/logic/ord.rs" 129 39 129 89 + let%span sord67 = "../../../creusot-contracts/src/logic/ord.rs" 134 39 134 86 + let%span sord68 = "../../../creusot-contracts/src/logic/ord.rs" 139 39 139 86 + let%span sord69 = "../../../creusot-contracts/src/logic/ord.rs" 144 39 144 89 + let%span sord70 = "../../../creusot-contracts/src/logic/ord.rs" 149 39 149 70 + let%span sord71 = "../../../creusot-contracts/src/logic/ord.rs" 154 40 154 57 + let%span sord72 = "../../../creusot-contracts/src/logic/ord.rs" 155 40 155 57 + let%span sord73 = "../../../creusot-contracts/src/logic/ord.rs" 156 39 156 56 + let%span sord74 = "../../../creusot-contracts/src/logic/ord.rs" 161 40 161 70 + let%span sord75 = "../../../creusot-contracts/src/logic/ord.rs" 162 39 162 72 + let%span sord76 = "../../../creusot-contracts/src/logic/ord.rs" 167 40 167 73 + let%span sord77 = "../../../creusot-contracts/src/logic/ord.rs" 168 39 168 69 + let%span sord78 = "../../../creusot-contracts/src/logic/ord.rs" 173 39 173 84 use prelude.prelude.Int diff --git a/creusot/tests/should_succeed/iterators/02_iter_mut.coma b/creusot/tests/should_succeed/iterators/02_iter_mut.coma index c7f54e0ddf..825fab952e 100644 --- a/creusot/tests/should_succeed/iterators/02_iter_mut.coma +++ b/creusot/tests/should_succeed/iterators/02_iter_mut.coma @@ -9,10 +9,10 @@ module M_02_iter_mut__qyi4305820612590367313__produces_refl [#"02_iter_mut.rs" 5 let%span s02_iter_mut7 = "02_iter_mut.rs" 22 20 22 64 let%span sslice8 = "../../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 let%span sslice9 = "../../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 - let%span sops10 = "../../../../creusot-contracts/src/logic/ops.rs" 42 8 42 31 + let%span sops10 = "../../../../creusot-contracts/src/logic/ops.rs" 44 8 44 31 let%span sinvariant11 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 let%span sslice12 = "../../../../creusot-contracts/src/std/slice.rs" 18 20 18 30 - let%span sseq13 = "../../../../creusot-contracts/src/logic/seq.rs" 451 20 451 95 + let%span sseq13 = "../../../../creusot-contracts/src/logic/seq.rs" 609 20 609 95 let%span sboxed14 = "../../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 use prelude.prelude.Borrow @@ -147,10 +147,10 @@ module M_02_iter_mut__qyi4305820612590367313__produces_trans [#"02_iter_mut.rs" let%span s02_iter_mut11 = "02_iter_mut.rs" 22 20 22 64 let%span sslice12 = "../../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 let%span sslice13 = "../../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 - let%span sops14 = "../../../../creusot-contracts/src/logic/ops.rs" 42 8 42 31 + let%span sops14 = "../../../../creusot-contracts/src/logic/ops.rs" 44 8 44 31 let%span sinvariant15 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 let%span sslice16 = "../../../../creusot-contracts/src/std/slice.rs" 18 20 18 30 - let%span sseq17 = "../../../../creusot-contracts/src/logic/seq.rs" 451 20 451 95 + let%span sseq17 = "../../../../creusot-contracts/src/logic/seq.rs" 609 20 609 95 let%span sboxed18 = "../../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 use prelude.prelude.Borrow @@ -287,10 +287,10 @@ module M_02_iter_mut__qyi4305820612590367313__next [#"02_iter_mut.rs" 67 4 67 44 let%span sslice3 = "../../../../creusot-contracts/src/std/slice.rs" 291 18 298 9 let%span s02_iter_mut4 = "02_iter_mut.rs" 32 8 32 76 let%span s02_iter_mut5 = "02_iter_mut.rs" 39 12 43 13 - let%span sops6 = "../../../../creusot-contracts/src/logic/ops.rs" 42 8 42 31 + let%span sops6 = "../../../../creusot-contracts/src/logic/ops.rs" 44 8 44 31 let%span sslice7 = "../../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 let%span sslice8 = "../../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 - let%span sseq9 = "../../../../creusot-contracts/src/logic/seq.rs" 106 8 106 39 + let%span sseq9 = "../../../../creusot-contracts/src/logic/seq.rs" 171 8 171 39 let%span sresolve10 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 let%span smodel11 = "../../../../creusot-contracts/src/model.rs" 106 8 106 22 let%span sslice12 = "../../../../creusot-contracts/src/std/slice.rs" 87 14 87 41 @@ -298,7 +298,7 @@ module M_02_iter_mut__qyi4305820612590367313__next [#"02_iter_mut.rs" 67 4 67 44 let%span sinvariant14 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 let%span sslice15 = "../../../../creusot-contracts/src/std/slice.rs" 18 20 18 30 let%span s02_iter_mut16 = "02_iter_mut.rs" 22 20 22 64 - let%span sseq17 = "../../../../creusot-contracts/src/logic/seq.rs" 451 20 451 95 + let%span sseq17 = "../../../../creusot-contracts/src/logic/seq.rs" 609 20 609 95 let%span sboxed18 = "../../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 use prelude.prelude.Borrow @@ -527,7 +527,7 @@ module M_02_iter_mut__qyi7060081090368749043__into_iter [#"02_iter_mut.rs" 74 4 let%span sslice5 = "../../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 let%span sinvariant6 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 let%span sslice7 = "../../../../creusot-contracts/src/std/slice.rs" 18 20 18 30 - let%span sseq8 = "../../../../creusot-contracts/src/logic/seq.rs" 451 20 451 95 + let%span sseq8 = "../../../../creusot-contracts/src/logic/seq.rs" 609 20 609 95 let%span sboxed9 = "../../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 use prelude.prelude.Borrow @@ -639,7 +639,7 @@ module M_02_iter_mut__iter_mut [#"02_iter_mut.rs" 82 0 82 55] let%span sslice19 = "../../../../creusot-contracts/src/std/slice.rs" 18 20 18 30 let%span sinvariant20 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 let%span s02_iter_mut21 = "02_iter_mut.rs" 22 20 22 64 - let%span sseq22 = "../../../../creusot-contracts/src/logic/seq.rs" 451 20 451 95 + let%span sseq22 = "../../../../creusot-contracts/src/logic/seq.rs" 609 20 609 95 let%span sboxed23 = "../../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 use prelude.prelude.Borrow @@ -869,14 +869,14 @@ module M_02_iter_mut__all_zero [#"02_iter_mut.rs" 88 0 88 35] let%span s02_iter_mut14 = "02_iter_mut.rs" 74 17 74 21 let%span s02_iter_mut15 = "02_iter_mut.rs" 74 26 74 30 let%span s02_iter_mut16 = "02_iter_mut.rs" 73 14 73 28 - let%span sops17 = "../../../../creusot-contracts/src/logic/ops.rs" 86 8 86 33 + let%span sops17 = "../../../../creusot-contracts/src/logic/ops.rs" 88 8 88 33 let%span s02_iter_mut18 = "02_iter_mut.rs" 39 12 43 13 let%span s02_iter_mut19 = "02_iter_mut.rs" 67 17 67 21 let%span s02_iter_mut20 = "02_iter_mut.rs" 67 26 67 44 let%span s02_iter_mut21 = "02_iter_mut.rs" 63 14 66 5 let%span svec22 = "../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 let%span smodel23 = "../../../../creusot-contracts/src/model.rs" 106 8 106 22 - let%span sops24 = "../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 + let%span sops24 = "../../../../creusot-contracts/src/logic/ops.rs" 22 8 22 31 let%span sslice25 = "../../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 let%span sslice26 = "../../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 let%span s02_iter_mut27 = "02_iter_mut.rs" 49 15 49 24 @@ -893,7 +893,7 @@ module M_02_iter_mut__all_zero [#"02_iter_mut.rs" 88 0 88 35] let%span sslice38 = "../../../../creusot-contracts/src/std/slice.rs" 88 14 88 84 let%span s02_iter_mut39 = "02_iter_mut.rs" 32 8 32 76 let%span sresolve40 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 - let%span sops41 = "../../../../creusot-contracts/src/logic/ops.rs" 42 8 42 31 + let%span sops41 = "../../../../creusot-contracts/src/logic/ops.rs" 44 8 44 31 let%span s02_iter_mut42 = "02_iter_mut.rs" 22 20 22 64 let%span sinvariant43 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 @@ -1191,11 +1191,11 @@ module M_02_iter_mut__qyi4305820612590367313__produces_trans__refines [#"02_iter let%span sslice4 = "../../../../creusot-contracts/src/std/slice.rs" 88 14 88 84 let%span sslice5 = "../../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 let%span sslice6 = "../../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 - let%span sops7 = "../../../../creusot-contracts/src/logic/ops.rs" 42 8 42 31 + let%span sops7 = "../../../../creusot-contracts/src/logic/ops.rs" 44 8 44 31 let%span s02_iter_mut8 = "02_iter_mut.rs" 22 20 22 64 let%span sinvariant9 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 let%span sslice10 = "../../../../creusot-contracts/src/std/slice.rs" 18 20 18 30 - let%span sseq11 = "../../../../creusot-contracts/src/logic/seq.rs" 451 20 451 95 + let%span sseq11 = "../../../../creusot-contracts/src/logic/seq.rs" 609 20 609 95 let%span sboxed12 = "../../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 use prelude.prelude.Borrow @@ -1324,10 +1324,10 @@ module M_02_iter_mut__qyi4305820612590367313__next__refines [#"02_iter_mut.rs" 6 let%span sinvariant7 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 let%span sslice8 = "../../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 let%span sslice9 = "../../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 - let%span sops10 = "../../../../creusot-contracts/src/logic/ops.rs" 42 8 42 31 + let%span sops10 = "../../../../creusot-contracts/src/logic/ops.rs" 44 8 44 31 let%span s02_iter_mut11 = "02_iter_mut.rs" 22 20 22 64 let%span sslice12 = "../../../../creusot-contracts/src/std/slice.rs" 18 20 18 30 - let%span sseq13 = "../../../../creusot-contracts/src/logic/seq.rs" 451 20 451 95 + let%span sseq13 = "../../../../creusot-contracts/src/logic/seq.rs" 609 20 609 95 let%span sboxed14 = "../../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 use prelude.prelude.Borrow @@ -1499,10 +1499,10 @@ module M_02_iter_mut__qyi4305820612590367313__produces_refl__refines [#"02_iter_ let%span s02_iter_mut5 = "02_iter_mut.rs" 22 20 22 64 let%span sslice6 = "../../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 let%span sslice7 = "../../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 - let%span sops8 = "../../../../creusot-contracts/src/logic/ops.rs" 42 8 42 31 + let%span sops8 = "../../../../creusot-contracts/src/logic/ops.rs" 44 8 44 31 let%span sinvariant9 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 let%span sslice10 = "../../../../creusot-contracts/src/std/slice.rs" 18 20 18 30 - let%span sseq11 = "../../../../creusot-contracts/src/logic/seq.rs" 451 20 451 95 + let%span sseq11 = "../../../../creusot-contracts/src/logic/seq.rs" 609 20 609 95 let%span sboxed12 = "../../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 use prelude.prelude.Borrow diff --git a/creusot/tests/should_succeed/iterators/03_std_iterators.coma b/creusot/tests/should_succeed/iterators/03_std_iterators.coma index 370fc72972..39d963e48a 100644 --- a/creusot/tests/should_succeed/iterators/03_std_iterators.coma +++ b/creusot/tests/should_succeed/iterators/03_std_iterators.coma @@ -28,8 +28,8 @@ module M_03_std_iterators__slice_iter [#"03_std_iterators.rs" 6 0 6 42] let%span sresolve26 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 let%span sslice27 = "../../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 let%span sslice28 = "../../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 - let%span sops29 = "../../../../creusot-contracts/src/logic/ops.rs" 42 8 42 31 - let%span sseq30 = "../../../../creusot-contracts/src/logic/seq.rs" 451 20 451 95 + let%span sops29 = "../../../../creusot-contracts/src/logic/ops.rs" 44 8 44 31 + let%span sseq30 = "../../../../creusot-contracts/src/logic/seq.rs" 609 20 609 95 let%span smodel31 = "../../../../creusot-contracts/src/model.rs" 106 8 106 22 let%span sinvariant32 = "../../../../creusot-contracts/src/invariant.rs" 24 8 24 18 let%span sboxed33 = "../../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 @@ -339,8 +339,8 @@ module M_03_std_iterators__vec_iter [#"03_std_iterators.rs" 17 0 17 41] let%span sslice24 = "../../../../creusot-contracts/src/std/slice.rs" 398 20 398 61 let%span sresolve25 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 let%span svec26 = "../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - let%span sops27 = "../../../../creusot-contracts/src/logic/ops.rs" 42 8 42 31 - let%span sseq28 = "../../../../creusot-contracts/src/logic/seq.rs" 451 20 451 95 + let%span sops27 = "../../../../creusot-contracts/src/logic/ops.rs" 44 8 44 31 + let%span sseq28 = "../../../../creusot-contracts/src/logic/seq.rs" 609 20 609 95 let%span smodel29 = "../../../../creusot-contracts/src/model.rs" 106 8 106 22 let%span sslice30 = "../../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 let%span sslice31 = "../../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 @@ -651,12 +651,12 @@ module M_03_std_iterators__all_zero [#"03_std_iterators.rs" 28 0 28 35] let%span svec9 = "../../../../creusot-contracts/src/std/vec.rs" 176 26 176 48 let%span sslice10 = "../../../../creusot-contracts/src/std/slice.rs" 245 0 354 1 let%span siter11 = "../../../../creusot-contracts/src/std/iter.rs" 101 0 213 1 - let%span sops12 = "../../../../creusot-contracts/src/logic/ops.rs" 86 8 86 33 + let%span sops12 = "../../../../creusot-contracts/src/logic/ops.rs" 88 8 88 33 let%span sslice13 = "../../../../creusot-contracts/src/std/slice.rs" 459 12 459 66 let%span siter14 = "../../../../creusot-contracts/src/std/iter.rs" 107 26 110 17 let%span svec15 = "../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 let%span smodel16 = "../../../../creusot-contracts/src/model.rs" 106 8 106 22 - let%span sops17 = "../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 + let%span sops17 = "../../../../creusot-contracts/src/logic/ops.rs" 22 8 22 31 let%span sslice18 = "../../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 let%span sslice19 = "../../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 let%span sslice20 = "../../../../creusot-contracts/src/std/slice.rs" 427 14 427 50 @@ -677,7 +677,7 @@ module M_03_std_iterators__all_zero [#"03_std_iterators.rs" 28 0 28 35] let%span sslice35 = "../../../../creusot-contracts/src/std/slice.rs" 88 14 88 84 let%span sslice36 = "../../../../creusot-contracts/src/std/slice.rs" 452 20 452 61 let%span sslice37 = "../../../../creusot-contracts/src/std/slice.rs" 437 20 437 36 - let%span sops38 = "../../../../creusot-contracts/src/logic/ops.rs" 42 8 42 31 + let%span sops38 = "../../../../creusot-contracts/src/logic/ops.rs" 44 8 44 31 use prelude.prelude.Borrow @@ -1031,7 +1031,7 @@ module M_03_std_iterators__skip_take [#"03_std_iterators.rs" 35 0 35 48] let%span stake30 = "../../../../creusot-contracts/src/std/iter/take.rs" 82 14 82 42 let%span stake31 = "../../../../creusot-contracts/src/std/iter/take.rs" 24 14 24 68 let%span stake32 = "../../../../creusot-contracts/src/std/iter/take.rs" 41 8 41 29 - let%span sseq33 = "../../../../creusot-contracts/src/logic/seq.rs" 451 20 451 95 + let%span sseq33 = "../../../../creusot-contracts/src/logic/seq.rs" 609 20 609 95 let%span siter34 = "../../../../creusot-contracts/src/std/iter.rs" 38 15 38 24 let%span siter35 = "../../../../creusot-contracts/src/std/iter.rs" 39 14 39 45 let%span siter36 = "../../../../creusot-contracts/src/std/iter.rs" 43 15 43 21 @@ -1373,7 +1373,7 @@ module M_03_std_iterators__counter [#"03_std_iterators.rs" 41 0 41 27] let%span smap_inv51 = "../../../../creusot-contracts/src/std/iter/map_inv.rs" 32 15 32 32 let%span smap_inv52 = "../../../../creusot-contracts/src/std/iter/map_inv.rs" 33 15 33 32 let%span smap_inv53 = "../../../../creusot-contracts/src/std/iter/map_inv.rs" 34 14 34 42 - let%span sops54 = "../../../../creusot-contracts/src/logic/ops.rs" 42 8 42 31 + let%span sops54 = "../../../../creusot-contracts/src/logic/ops.rs" 44 8 44 31 let%span smodel55 = "../../../../creusot-contracts/src/model.rs" 106 8 106 22 let%span sinvariant56 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 @@ -2049,7 +2049,7 @@ module M_03_std_iterators__enumerate_range [#"03_std_iterators.rs" 72 0 72 24] let%span siter7 = "../../../../creusot-contracts/src/std/iter.rs" 154 27 154 103 let%span siter8 = "../../../../creusot-contracts/src/std/iter.rs" 155 27 157 54 let%span siter9 = "../../../../creusot-contracts/src/std/iter.rs" 101 0 213 1 - let%span sops10 = "../../../../creusot-contracts/src/logic/ops.rs" 86 8 86 33 + let%span sops10 = "../../../../creusot-contracts/src/logic/ops.rs" 88 8 88 33 let%span senumerate11 = "../../../../creusot-contracts/src/std/iter/enumerate.rs" 74 12 78 113 let%span siter12 = "../../../../creusot-contracts/src/std/iter.rs" 107 26 110 17 let%span srange13 = "../../../../creusot-contracts/src/std/iter/range.rs" 15 12 15 78 @@ -2398,7 +2398,7 @@ module M_03_std_iterators__my_reverse [#"03_std_iterators.rs" 94 0 94 37] let%span siter21 = "../../../../creusot-contracts/src/std/iter.rs" 101 0 213 1 let%span siter22 = "../../../../creusot-contracts/src/std/iter.rs" 167 26 167 62 let%span smodel23 = "../../../../creusot-contracts/src/model.rs" 106 8 106 22 - let%span ssnapshot24 = "../../../../creusot-contracts/src/snapshot.rs" 26 20 26 39 + let%span ssnapshot24 = "../../../../creusot-contracts/src/snapshot.rs" 52 20 52 39 let%span s03_std_iterators25 = "03_std_iterators.rs" 89 8 89 60 let%span s03_std_iterators26 = "03_std_iterators.rs" 82 8 82 58 let%span szip27 = "../../../../creusot-contracts/src/std/iter/zip.rs" 46 12 49 95 @@ -2406,8 +2406,8 @@ module M_03_std_iterators__my_reverse [#"03_std_iterators.rs" 94 0 94 37] let%span sslice29 = "../../../../creusot-contracts/src/std/slice.rs" 257 19 257 35 let%span sslice30 = "../../../../creusot-contracts/src/std/slice.rs" 258 19 258 35 let%span sslice31 = "../../../../creusot-contracts/src/std/slice.rs" 259 18 259 50 - let%span sops32 = "../../../../creusot-contracts/src/logic/ops.rs" 42 8 42 31 - let%span sops33 = "../../../../creusot-contracts/src/logic/ops.rs" 53 8 53 32 + let%span sops32 = "../../../../creusot-contracts/src/logic/ops.rs" 44 8 44 31 + let%span sops33 = "../../../../creusot-contracts/src/logic/ops.rs" 55 8 55 32 let%span sslice34 = "../../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 let%span sslice35 = "../../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 let%span smodel36 = "../../../../creusot-contracts/src/model.rs" 88 8 88 22 @@ -2439,7 +2439,7 @@ module M_03_std_iterators__my_reverse [#"03_std_iterators.rs" 94 0 94 37] let%span sslice62 = "../../../../creusot-contracts/src/std/slice.rs" 18 20 18 30 let%span sinvariant63 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 let%span sinvariant64 = "../../../../creusot-contracts/src/invariant.rs" 24 8 24 18 - let%span sseq65 = "../../../../creusot-contracts/src/logic/seq.rs" 451 20 451 95 + let%span sseq65 = "../../../../creusot-contracts/src/logic/seq.rs" 609 20 609 95 let%span sboxed66 = "../../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 use prelude.prelude.Borrow diff --git a/creusot/tests/should_succeed/iterators/04_skip.coma b/creusot/tests/should_succeed/iterators/04_skip.coma index acadf04212..6f1fa82eb8 100644 --- a/creusot/tests/should_succeed/iterators/04_skip.coma +++ b/creusot/tests/should_succeed/iterators/04_skip.coma @@ -11,7 +11,7 @@ module M_04_skip__qyi17349041008065389927__produces_refl [#"04_skip.rs" 51 4 51 let%span scommon9 = "common.rs" 22 15 22 32 let%span scommon10 = "common.rs" 23 15 23 32 let%span scommon11 = "common.rs" 24 14 24 42 - let%span sseq12 = "../../../../creusot-contracts/src/logic/seq.rs" 451 20 451 95 + let%span sseq12 = "../../../../creusot-contracts/src/logic/seq.rs" 609 20 609 95 let%span sboxed13 = "../../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 type t_I'0 @@ -117,7 +117,7 @@ module M_04_skip__qyi17349041008065389927__produces_trans [#"04_skip.rs" 61 4 61 let%span scommon13 = "common.rs" 22 15 22 32 let%span scommon14 = "common.rs" 23 15 23 32 let%span scommon15 = "common.rs" 24 14 24 42 - let%span sseq16 = "../../../../creusot-contracts/src/logic/seq.rs" 451 20 451 95 + let%span sseq16 = "../../../../creusot-contracts/src/logic/seq.rs" 609 20 609 95 let%span sboxed17 = "../../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 type t_I'0 @@ -234,7 +234,7 @@ module M_04_skip__qyi17349041008065389927__next [#"04_skip.rs" 67 4 67 41] (* Seq.get self i <= Seq.get self j + predicate sorted_range'0 (self : Seq.seq int) (start : int) (end' : int) = + [%#sseq19] forall i : int, j : int . start <= i /\ i <= j /\ j < end' -> Seq.get self i <= Seq.get self j predicate sorted'0 (self : Seq.seq int) = [%#sseq14] sorted_range'0 self 0 (Seq.length self) diff --git a/creusot/tests/should_succeed/sparse_array.coma b/creusot/tests/should_succeed/sparse_array.coma index 2bd014f66d..60feaf6796 100644 --- a/creusot/tests/should_succeed/sparse_array.coma +++ b/creusot/tests/should_succeed/sparse_array.coma @@ -13,10 +13,10 @@ module M_sparse_array__qyi912363311032332466__get [#"sparse_array.rs" 88 4 88 45 let%span svec11 = "../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 let%span sinvariant12 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 let%span ssparse_array13 = "sparse_array.rs" 72 20 73 52 - let%span sops14 = "../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 + let%span sops14 = "../../../creusot-contracts/src/logic/ops.rs" 22 8 22 31 let%span ssparse_array15 = "sparse_array.rs" 51 12 59 17 let%span svec16 = "../../../creusot-contracts/src/std/vec.rs" 65 20 65 41 - let%span sseq17 = "../../../creusot-contracts/src/logic/seq.rs" 451 20 451 95 + let%span sseq17 = "../../../creusot-contracts/src/logic/seq.rs" 609 20 609 95 let%span sboxed18 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 use prelude.prelude.UIntSize @@ -299,11 +299,11 @@ module M_sparse_array__qyi912363311032332466__lemma_permutation [#"sparse_array. let%span ssparse_array3 = "sparse_array.rs" 103 14 103 28 let%span ssparse_array4 = "sparse_array.rs" 99 4 99 12 let%span ssparse_array5 = "sparse_array.rs" 72 20 73 52 - let%span sops6 = "../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 + let%span sops6 = "../../../creusot-contracts/src/logic/ops.rs" 22 8 22 31 let%span ssparse_array7 = "sparse_array.rs" 51 12 59 17 let%span svec8 = "../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 let%span svec9 = "../../../creusot-contracts/src/std/vec.rs" 65 20 65 41 - let%span sseq10 = "../../../creusot-contracts/src/logic/seq.rs" 451 20 451 95 + let%span sseq10 = "../../../creusot-contracts/src/logic/seq.rs" 609 20 609 95 let%span sboxed11 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 use prelude.prelude.UIntSize @@ -466,11 +466,11 @@ module M_sparse_array__qyi912363311032332466__set [#"sparse_array.rs" 112 4 112 let%span sresolve27 = "../../../creusot-contracts/src/resolve.rs" 54 20 54 34 let%span smodel28 = "../../../creusot-contracts/src/model.rs" 88 8 88 22 let%span ssparse_array29 = "sparse_array.rs" 72 20 73 52 - let%span sops30 = "../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 + let%span sops30 = "../../../creusot-contracts/src/logic/ops.rs" 22 8 22 31 let%span svec31 = "../../../creusot-contracts/src/std/vec.rs" 65 20 65 41 let%span sinvariant32 = "../../../creusot-contracts/src/invariant.rs" 34 20 34 44 let%span ssparse_array33 = "sparse_array.rs" 51 12 59 17 - let%span sseq34 = "../../../creusot-contracts/src/logic/seq.rs" 451 20 451 95 + let%span sseq34 = "../../../creusot-contracts/src/logic/seq.rs" 609 20 609 95 let%span sboxed35 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 use prelude.prelude.Borrow @@ -883,11 +883,11 @@ module M_sparse_array__create [#"sparse_array.rs" 134 0 134 64] let%span svec8 = "../../../creusot-contracts/src/std/vec.rs" 181 22 181 76 let%span ssparse_array9 = "sparse_array.rs" 40 12 41 82 let%span svec10 = "../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - let%span sops11 = "../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 + let%span sops11 = "../../../creusot-contracts/src/logic/ops.rs" 22 8 22 31 let%span ssparse_array12 = "sparse_array.rs" 72 20 73 52 let%span ssparse_array13 = "sparse_array.rs" 51 12 59 17 let%span svec14 = "../../../creusot-contracts/src/std/vec.rs" 65 20 65 41 - let%span sseq15 = "../../../creusot-contracts/src/logic/seq.rs" 451 20 451 95 + let%span sseq15 = "../../../creusot-contracts/src/logic/seq.rs" 609 20 609 95 let%span sboxed16 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 type t_T'0 @@ -1144,7 +1144,7 @@ module M_sparse_array__f [#"sparse_array.rs" 140 0 140 10] let%span ssparse_array39 = "sparse_array.rs" 40 12 41 82 let%span smodel40 = "../../../creusot-contracts/src/model.rs" 106 8 106 22 let%span ssparse_array41 = "sparse_array.rs" 72 20 73 52 - let%span sops42 = "../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 + let%span sops42 = "../../../creusot-contracts/src/logic/ops.rs" 22 8 22 31 let%span ssparse_array43 = "sparse_array.rs" 51 12 59 17 let%span svec44 = "../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 let%span sinvariant45 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 diff --git a/creusot/tests/should_succeed/syntax/11_array_types.coma b/creusot/tests/should_succeed/syntax/11_array_types.coma index 36468b6fdd..444a2be334 100644 --- a/creusot/tests/should_succeed/syntax/11_array_types.coma +++ b/creusot/tests/should_succeed/syntax/11_array_types.coma @@ -4,7 +4,7 @@ module M_11_array_types__omg [#"11_array_types.rs" 8 0 8 28] let%span s11_array_types2 = "11_array_types.rs" 9 13 9 14 let%span s11_array_types3 = "11_array_types.rs" 11 20 11 32 let%span s11_array_types4 = "11_array_types.rs" 7 11 7 53 - let%span sops5 = "../../../../creusot-contracts/src/logic/ops.rs" 64 8 64 31 + let%span sops5 = "../../../../creusot-contracts/src/logic/ops.rs" 66 8 66 31 use prelude.prelude.UIntSize diff --git a/creusot/tests/should_succeed/syntax/12_ghost_code.coma b/creusot/tests/should_succeed/syntax/12_ghost_code.coma index e115c189c7..63df28e77b 100644 --- a/creusot/tests/should_succeed/syntax/12_ghost_code.coma +++ b/creusot/tests/should_succeed/syntax/12_ghost_code.coma @@ -298,7 +298,7 @@ end module M_12_ghost_code__takes_struct [#"12_ghost_code.rs" 52 0 52 36] let%span s12_ghost_code0 = "12_ghost_code.rs" 53 10 53 27 let%span s12_ghost_code1 = "12_ghost_code.rs" 51 11 51 20 - let%span ssnapshot2 = "../../../../creusot-contracts/src/snapshot.rs" 26 20 26 39 + let%span ssnapshot2 = "../../../../creusot-contracts/src/snapshot.rs" 52 20 52 39 let%span smodel3 = "../../../../creusot-contracts/src/model.rs" 88 8 88 22 use prelude.prelude.UInt32 diff --git a/creusot/tests/should_succeed/syntax/13_vec_macro.coma b/creusot/tests/should_succeed/syntax/13_vec_macro.coma index 718be3b03a..1be810c30f 100644 --- a/creusot/tests/should_succeed/syntax/13_vec_macro.coma +++ b/creusot/tests/should_succeed/syntax/13_vec_macro.coma @@ -1,5 +1,5 @@ module M_13_vec_macro__x [#"13_vec_macro.rs" 5 0 5 10] - let%span slib0 = "../../../../creusot-contracts/src/lib.rs" 271 8 271 30 + let%span slib0 = "../../../../creusot-contracts/src/lib.rs" 246 8 246 30 let%span s13_vec_macro1 = "13_vec_macro.rs" 7 20 7 34 let%span s13_vec_macro2 = "13_vec_macro.rs" 9 18 9 19 let%span s13_vec_macro3 = "13_vec_macro.rs" 9 21 9 22 @@ -13,7 +13,7 @@ module M_13_vec_macro__x [#"13_vec_macro.rs" 5 0 5 10] let%span svec11 = "../../../../creusot-contracts/src/std/vec.rs" 180 22 180 41 let%span svec12 = "../../../../creusot-contracts/src/std/vec.rs" 181 22 181 76 let%span sslice13 = "../../../../creusot-contracts/src/std/slice.rs" 332 18 332 35 - let%span sops14 = "../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 + let%span sops14 = "../../../../creusot-contracts/src/logic/ops.rs" 22 8 22 31 let%span sboxed15 = "../../../../creusot-contracts/src/std/boxed.rs" 18 8 18 22 let%span sslice16 = "../../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 let%span sslice17 = "../../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 diff --git a/creusot/tests/should_succeed/syntax/derive_macros/mixed.coma b/creusot/tests/should_succeed/syntax/derive_macros/mixed.coma index 1ced7e9419..056d5c2fc2 100644 --- a/creusot/tests/should_succeed/syntax/derive_macros/mixed.coma +++ b/creusot/tests/should_succeed/syntax/derive_macros/mixed.coma @@ -463,7 +463,7 @@ module M_mixed__qyi9942470069884222103__resolve_coherence [#"mixed.rs" 49 9 49 1 let%span svec3 = "../../../../../creusot-contracts/src/std/vec.rs" 49 20 49 83 let%span sresolve4 = "../../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 let%span svec5 = "../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - let%span sops6 = "../../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 + let%span sops6 = "../../../../../creusot-contracts/src/logic/ops.rs" 22 8 22 31 use prelude.prelude.Borrow @@ -779,7 +779,7 @@ module M_mixed__qyi9942470069884222103__resolve_coherence__refines [#"mixed.rs" let%span sresolve3 = "../../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 let%span sinvariant4 = "../../../../../creusot-contracts/src/invariant.rs" 24 8 24 18 let%span svec5 = "../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - let%span sops6 = "../../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 + let%span sops6 = "../../../../../creusot-contracts/src/logic/ops.rs" 22 8 22 31 let%span sinvariant7 = "../../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 use prelude.prelude.Borrow diff --git a/creusot/tests/should_succeed/syntax/int_suffix.coma b/creusot/tests/should_succeed/syntax/int_suffix.coma index af8ca55db1..970b9d939e 100644 --- a/creusot/tests/should_succeed/syntax/int_suffix.coma +++ b/creusot/tests/should_succeed/syntax/int_suffix.coma @@ -1,14 +1,14 @@ module M_int_suffix__foo [#"int_suffix.rs" 5 0 5 29] let%span sint_suffix0 = "int_suffix.rs" 4 10 4 25 let%span sint_suffix1 = "int_suffix.rs" 6 11 6 15 - let%span sghost2 = "../../../../creusot-contracts/src/ghost.rs" 200 9 200 15 - let%span sint3 = "../../../../creusot-contracts/src/logic/int.rs" 28 14 28 31 - let%span sghost4 = "../../../../creusot-contracts/src/ghost.rs" 182 22 182 26 - let%span sghost5 = "../../../../creusot-contracts/src/ghost.rs" 182 4 182 32 - let%span sghost6 = "../../../../creusot-contracts/src/ghost.rs" 180 14 180 31 - let%span sghost7 = "../../../../creusot-contracts/src/ghost.rs" 164 15 164 16 - let%span sghost8 = "../../../../creusot-contracts/src/ghost.rs" 164 4 164 28 - let%span sghost9 = "../../../../creusot-contracts/src/ghost.rs" 162 14 162 28 + let%span sghost2 = "../../../../creusot-contracts/src/ghost.rs" 217 9 217 15 + let%span sint3 = "../../../../creusot-contracts/src/logic/int.rs" 59 14 59 31 + let%span sghost4 = "../../../../creusot-contracts/src/ghost.rs" 199 22 199 26 + let%span sghost5 = "../../../../creusot-contracts/src/ghost.rs" 199 4 199 32 + let%span sghost6 = "../../../../creusot-contracts/src/ghost.rs" 197 14 197 31 + let%span sghost7 = "../../../../creusot-contracts/src/ghost.rs" 181 15 181 16 + let%span sghost8 = "../../../../creusot-contracts/src/ghost.rs" 181 4 181 28 + let%span sghost9 = "../../../../creusot-contracts/src/ghost.rs" 179 14 179 28 use prelude.prelude.Int128 diff --git a/creusot/tests/should_succeed/take_first_mut.coma b/creusot/tests/should_succeed/take_first_mut.coma index 55a1057128..be8e191aea 100644 --- a/creusot/tests/should_succeed/take_first_mut.coma +++ b/creusot/tests/should_succeed/take_first_mut.coma @@ -5,16 +5,16 @@ module M_take_first_mut__take_first_mut [#"take_first_mut.rs" 14 0 14 74] let%span smem3 = "../../../creusot-contracts/src/std/mem.rs" 17 22 17 37 let%span smem4 = "../../../creusot-contracts/src/std/mem.rs" 18 22 18 42 let%span sslice5 = "../../../creusot-contracts/src/std/slice.rs" 279 18 287 9 - let%span sops6 = "../../../creusot-contracts/src/logic/ops.rs" 42 8 42 31 + let%span sops6 = "../../../creusot-contracts/src/logic/ops.rs" 44 8 44 31 let%span sslice7 = "../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 let%span sslice8 = "../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 - let%span sseq9 = "../../../creusot-contracts/src/logic/seq.rs" 106 8 106 39 + let%span sseq9 = "../../../creusot-contracts/src/logic/seq.rs" 171 8 171 39 let%span sslice10 = "../../../creusot-contracts/src/std/slice.rs" 64 20 64 65 let%span smodel11 = "../../../creusot-contracts/src/model.rs" 106 8 106 22 let%span sresolve12 = "../../../creusot-contracts/src/resolve.rs" 54 20 54 34 let%span sinvariant13 = "../../../creusot-contracts/src/invariant.rs" 34 20 34 44 let%span sslice14 = "../../../creusot-contracts/src/std/slice.rs" 18 20 18 30 - let%span sseq15 = "../../../creusot-contracts/src/logic/seq.rs" 451 20 451 95 + let%span sseq15 = "../../../creusot-contracts/src/logic/seq.rs" 609 20 609 95 let%span sboxed16 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 use prelude.prelude.Borrow diff --git a/creusot/tests/should_succeed/traits/16_impl_cloning.coma b/creusot/tests/should_succeed/traits/16_impl_cloning.coma index 35e230cfd1..0200601d85 100644 --- a/creusot/tests/should_succeed/traits/16_impl_cloning.coma +++ b/creusot/tests/should_succeed/traits/16_impl_cloning.coma @@ -6,7 +6,7 @@ module M_16_impl_cloning__test [#"16_impl_cloning.rs" 16 0 16 30] let%span sinvariant4 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 let%span svec5 = "../../../../creusot-contracts/src/std/vec.rs" 65 20 65 41 let%span svec6 = "../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - let%span sseq7 = "../../../../creusot-contracts/src/logic/seq.rs" 451 20 451 95 + let%span sseq7 = "../../../../creusot-contracts/src/logic/seq.rs" 609 20 609 95 let%span sboxed8 = "../../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 use prelude.prelude.Borrow diff --git a/creusot/tests/should_succeed/trigger2.coma b/creusot/tests/should_succeed/trigger2.coma index 7a2da343a7..f3c499ccef 100644 --- a/creusot/tests/should_succeed/trigger2.coma +++ b/creusot/tests/should_succeed/trigger2.coma @@ -3,7 +3,7 @@ module M_trigger2__resolve_seq [#"trigger2.rs" 6 0 6 43] let%span svec1 = "../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 let%span strigger22 = "trigger2.rs" 8 8 9 32 let%span svec3 = "../../../creusot-contracts/src/std/vec.rs" 49 20 49 83 - let%span sops4 = "../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 + let%span sops4 = "../../../creusot-contracts/src/logic/ops.rs" 22 8 22 31 let%span sresolve5 = "../../../creusot-contracts/src/resolve.rs" 54 20 54 34 use prelude.prelude.Borrow @@ -75,7 +75,7 @@ module M_trigger2__resolve_seq2 [#"trigger2.rs" 16 0 16 48] let%span strigger23 = "trigger2.rs" 8 8 9 32 let%span svec4 = "../../../creusot-contracts/src/std/vec.rs" 49 20 49 83 let%span svec5 = "../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - let%span sops6 = "../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 + let%span sops6 = "../../../creusot-contracts/src/logic/ops.rs" 22 8 22 31 let%span sresolve7 = "../../../creusot-contracts/src/resolve.rs" 54 20 54 34 use prelude.prelude.Borrow diff --git a/creusot/tests/should_succeed/type_invariants/vec_inv.coma b/creusot/tests/should_succeed/type_invariants/vec_inv.coma index 15ebb30a14..09a6be8675 100644 --- a/creusot/tests/should_succeed/type_invariants/vec_inv.coma +++ b/creusot/tests/should_succeed/type_invariants/vec_inv.coma @@ -2,12 +2,12 @@ module M_vec_inv__vec [#"vec_inv.rs" 18 0 18 32] let%span svec_inv0 = "vec_inv.rs" 19 20 19 43 let%span svec_inv1 = "vec_inv.rs" 18 11 18 12 let%span svec_inv2 = "vec_inv.rs" 17 11 17 23 - let%span sops3 = "../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 + let%span sops3 = "../../../../creusot-contracts/src/logic/ops.rs" 22 8 22 31 let%span svec4 = "../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 let%span svec5 = "../../../../creusot-contracts/src/std/vec.rs" 49 20 49 83 let%span svec6 = "../../../../creusot-contracts/src/std/vec.rs" 65 20 65 41 let%span sresolve7 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 - let%span sseq8 = "../../../../creusot-contracts/src/logic/seq.rs" 451 20 451 95 + let%span sseq8 = "../../../../creusot-contracts/src/logic/seq.rs" 609 20 609 95 let%span sboxed9 = "../../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 let%span sinvariant10 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 let%span svec_inv11 = "vec_inv.rs" 13 20 13 43 diff --git a/creusot/tests/should_succeed/vecdeque.coma b/creusot/tests/should_succeed/vecdeque.coma index 20cfcff360..0b442a28f5 100644 --- a/creusot/tests/should_succeed/vecdeque.coma +++ b/creusot/tests/should_succeed/vecdeque.coma @@ -31,7 +31,7 @@ module M_vecdeque__test_deque [#"vecdeque.rs" 5 0 5 19] let%span sdeque29 = "../../../creusot-contracts/src/std/deque.rs" 13 14 13 41 let%span smodel30 = "../../../creusot-contracts/src/model.rs" 88 8 88 22 let%span smodel31 = "../../../creusot-contracts/src/model.rs" 106 8 106 22 - let%span sseq32 = "../../../creusot-contracts/src/logic/seq.rs" 150 8 150 27 + let%span sseq32 = "../../../creusot-contracts/src/logic/seq.rs" 249 8 249 27 let%span smodel33 = "../../../creusot-contracts/src/model.rs" 79 8 79 28 let%span soption34 = "../../../creusot-contracts/src/std/option.rs" 11 8 14 9 let%span snum35 = "../../../creusot-contracts/src/std/num.rs" 21 28 21 33 diff --git a/creusot/tests/should_succeed/vector/01.coma b/creusot/tests/should_succeed/vector/01.coma index 4eed4bcb8f..3a23ed529a 100644 --- a/creusot/tests/should_succeed/vector/01.coma +++ b/creusot/tests/should_succeed/vector/01.coma @@ -12,9 +12,9 @@ module M_01__all_zero [#"01.rs" 7 0 7 33] let%span s0110 = "01.rs" 6 10 6 33 let%span svec11 = "../../../../creusot-contracts/src/std/vec.rs" 83 26 83 48 let%span siter12 = "../../../../creusot-contracts/src/std/iter.rs" 101 0 213 1 - let%span sops13 = "../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 + let%span sops13 = "../../../../creusot-contracts/src/logic/ops.rs" 22 8 22 31 let%span smodel14 = "../../../../creusot-contracts/src/model.rs" 106 8 106 22 - let%span ssnapshot15 = "../../../../creusot-contracts/src/snapshot.rs" 26 20 26 39 + let%span ssnapshot15 = "../../../../creusot-contracts/src/snapshot.rs" 52 20 52 39 let%span srange16 = "../../../../creusot-contracts/src/std/iter/range.rs" 23 12 27 70 let%span siter17 = "../../../../creusot-contracts/src/std/iter.rs" 107 26 110 17 let%span svec18 = "../../../../creusot-contracts/src/std/vec.rs" 152 27 152 46 diff --git a/creusot/tests/should_succeed/vector/02_gnome.coma b/creusot/tests/should_succeed/vector/02_gnome.coma index d350ae70c3..6a64078ede 100644 --- a/creusot/tests/should_succeed/vector/02_gnome.coma +++ b/creusot/tests/should_succeed/vector/02_gnome.coma @@ -12,8 +12,8 @@ module M_02_gnome__gnome_sort [#"02_gnome.rs" 22 0 24 29] let%span s02_gnome10 = "02_gnome.rs" 20 10 20 35 let%span s02_gnome11 = "02_gnome.rs" 21 10 21 34 let%span smodel12 = "../../../../creusot-contracts/src/model.rs" 106 8 106 22 - let%span ssnapshot13 = "../../../../creusot-contracts/src/snapshot.rs" 26 20 26 39 - let%span sseq14 = "../../../../creusot-contracts/src/logic/seq.rs" 177 8 177 37 + let%span ssnapshot13 = "../../../../creusot-contracts/src/snapshot.rs" 52 20 52 39 + let%span sseq14 = "../../../../creusot-contracts/src/logic/seq.rs" 314 8 314 41 let%span smodel15 = "../../../../creusot-contracts/src/model.rs" 97 8 97 28 let%span s02_gnome16 = "02_gnome.rs" 11 8 11 74 let%span svec17 = "../../../../creusot-contracts/src/std/vec.rs" 83 26 83 48 @@ -36,25 +36,25 @@ module M_02_gnome__gnome_sort [#"02_gnome.rs" 22 0 24 29] let%span sslice34 = "../../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 let%span sslice35 = "../../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 let%span sresolve36 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 - let%span sops37 = "../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 - let%span sord38 = "../../../../creusot-contracts/src/logic/ord.rs" 15 14 15 64 - let%span sord39 = "../../../../creusot-contracts/src/logic/ord.rs" 25 14 25 61 - let%span sord40 = "../../../../creusot-contracts/src/logic/ord.rs" 35 14 35 61 - let%span sord41 = "../../../../creusot-contracts/src/logic/ord.rs" 45 14 45 64 - let%span sord42 = "../../../../creusot-contracts/src/logic/ord.rs" 49 14 49 45 - let%span sord43 = "../../../../creusot-contracts/src/logic/ord.rs" 53 15 53 32 - let%span sord44 = "../../../../creusot-contracts/src/logic/ord.rs" 54 15 54 32 - let%span sord45 = "../../../../creusot-contracts/src/logic/ord.rs" 55 14 55 31 - let%span sord46 = "../../../../creusot-contracts/src/logic/ord.rs" 59 15 59 45 - let%span sord47 = "../../../../creusot-contracts/src/logic/ord.rs" 60 14 60 47 - let%span sord48 = "../../../../creusot-contracts/src/logic/ord.rs" 64 15 64 48 - let%span sord49 = "../../../../creusot-contracts/src/logic/ord.rs" 65 14 65 44 - let%span sord50 = "../../../../creusot-contracts/src/logic/ord.rs" 69 14 69 59 + let%span sops37 = "../../../../creusot-contracts/src/logic/ops.rs" 22 8 22 31 + let%span sord38 = "../../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 + let%span sord39 = "../../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 + let%span sord40 = "../../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 + let%span sord41 = "../../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 + let%span sord42 = "../../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 + let%span sord43 = "../../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 + let%span sord44 = "../../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 + let%span sord45 = "../../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 + let%span sord46 = "../../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 + let%span sord47 = "../../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 + let%span sord48 = "../../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 + let%span sord49 = "../../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 + let%span sord50 = "../../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 let%span svec51 = "../../../../creusot-contracts/src/std/vec.rs" 65 20 65 41 let%span sslice52 = "../../../../creusot-contracts/src/std/slice.rs" 18 20 18 30 let%span sinvariant53 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 let%span sinvariant54 = "../../../../creusot-contracts/src/invariant.rs" 24 8 24 18 - let%span sseq55 = "../../../../creusot-contracts/src/logic/seq.rs" 451 20 451 95 + let%span sseq55 = "../../../../creusot-contracts/src/logic/seq.rs" 609 20 609 95 let%span sboxed56 = "../../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 use prelude.prelude.Snapshot @@ -111,8 +111,8 @@ module M_02_gnome__gnome_sort [#"02_gnome.rs" 22 0 24 29] use seq.Permut - predicate permutation_of'0 (self : Seq.seq t_T'0) (o : Seq.seq t_T'0) = - [%#sseq14] Permut.permut self o 0 (Seq.length self) + predicate permutation_of'0 (self : Seq.seq t_T'0) (other : Seq.seq t_T'0) = + [%#sseq14] Permut.permut self other 0 (Seq.length self) type t_DeepModelTy'0 @@ -144,7 +144,7 @@ module M_02_gnome__gnome_sort [#"02_gnome.rs" 22 0 24 29] | C_Equal'0 | C_Greater'0 - function cmp_log'0 (self : t_DeepModelTy'0) (_2 : t_DeepModelTy'0) : t_Ordering'0 + function cmp_log'0 (self : t_DeepModelTy'0) (other : t_DeepModelTy'0) : t_Ordering'0 function eq_cmp'0 (x : t_DeepModelTy'0) (y : t_DeepModelTy'0) : () diff --git a/creusot/tests/should_succeed/vector/03_knuth_shuffle.coma b/creusot/tests/should_succeed/vector/03_knuth_shuffle.coma index 31139ce2d6..8d84b9229e 100644 --- a/creusot/tests/should_succeed/vector/03_knuth_shuffle.coma +++ b/creusot/tests/should_succeed/vector/03_knuth_shuffle.coma @@ -13,8 +13,8 @@ module M_03_knuth_shuffle__knuth_shuffle [#"03_knuth_shuffle.rs" 13 0 13 39] let%span svec11 = "../../../../creusot-contracts/src/std/vec.rs" 83 26 83 48 let%span siter12 = "../../../../creusot-contracts/src/std/iter.rs" 101 0 213 1 let%span smodel13 = "../../../../creusot-contracts/src/model.rs" 106 8 106 22 - let%span ssnapshot14 = "../../../../creusot-contracts/src/snapshot.rs" 26 20 26 39 - let%span sseq15 = "../../../../creusot-contracts/src/logic/seq.rs" 177 8 177 37 + let%span ssnapshot14 = "../../../../creusot-contracts/src/snapshot.rs" 52 20 52 39 + let%span sseq15 = "../../../../creusot-contracts/src/logic/seq.rs" 314 8 314 41 let%span srange16 = "../../../../creusot-contracts/src/std/iter/range.rs" 23 12 27 70 let%span siter17 = "../../../../creusot-contracts/src/std/iter.rs" 107 26 110 17 let%span s03_knuth_shuffle18 = "03_knuth_shuffle.rs" 6 11 6 19 @@ -45,7 +45,7 @@ module M_03_knuth_shuffle__knuth_shuffle [#"03_knuth_shuffle.rs" 13 0 13 39] let%span sslice43 = "../../../../creusot-contracts/src/std/slice.rs" 18 20 18 30 let%span sinvariant44 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 let%span sinvariant45 = "../../../../creusot-contracts/src/invariant.rs" 24 8 24 18 - let%span sseq46 = "../../../../creusot-contracts/src/logic/seq.rs" 451 20 451 95 + let%span sseq46 = "../../../../creusot-contracts/src/logic/seq.rs" 609 20 609 95 let%span sboxed47 = "../../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 use prelude.prelude.Snapshot @@ -167,8 +167,8 @@ module M_03_knuth_shuffle__knuth_shuffle [#"03_knuth_shuffle.rs" 13 0 13 39] use seq.Permut - predicate permutation_of'0 (self : Seq.seq t_T'0) (o : Seq.seq t_T'0) = - [%#sseq15] Permut.permut self o 0 (Seq.length self) + predicate permutation_of'0 (self : Seq.seq t_T'0) (other : Seq.seq t_T'0) = + [%#sseq15] Permut.permut self other 0 (Seq.length self) use prelude.prelude.Snapshot diff --git a/creusot/tests/should_succeed/vector/04_binary_search.coma b/creusot/tests/should_succeed/vector/04_binary_search.coma index cae5d681d0..e75193723f 100644 --- a/creusot/tests/should_succeed/vector/04_binary_search.coma +++ b/creusot/tests/should_succeed/vector/04_binary_search.coma @@ -16,7 +16,7 @@ module M_04_binary_search__binary_search [#"04_binary_search.rs" 26 0 26 71] let%span s04_binary_search14 = "04_binary_search.rs" 24 10 25 63 let%span svec15 = "../../../../creusot-contracts/src/std/vec.rs" 83 26 83 48 let%span smodel16 = "../../../../creusot-contracts/src/model.rs" 88 8 88 22 - let%span sops17 = "../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 + let%span sops17 = "../../../../creusot-contracts/src/logic/ops.rs" 22 8 22 31 let%span svec18 = "../../../../creusot-contracts/src/std/vec.rs" 162 27 162 46 let%span svec19 = "../../../../creusot-contracts/src/std/vec.rs" 163 26 163 54 let%span s04_binary_search20 = "04_binary_search.rs" 16 4 16 31 diff --git a/creusot/tests/should_succeed/vector/05_binary_search_generic.coma b/creusot/tests/should_succeed/vector/05_binary_search_generic.coma index daea3367f7..9e4b019ee4 100644 --- a/creusot/tests/should_succeed/vector/05_binary_search_generic.coma +++ b/creusot/tests/should_succeed/vector/05_binary_search_generic.coma @@ -27,26 +27,26 @@ module M_05_binary_search_generic__binary_search [#"05_binary_search_generic.rs" let%span svec25 = "../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 let%span svec26 = "../../../../creusot-contracts/src/std/vec.rs" 29 14 29 47 let%span svec27 = "../../../../creusot-contracts/src/std/vec.rs" 30 14 31 51 - let%span sord28 = "../../../../creusot-contracts/src/logic/ord.rs" 15 14 15 64 - let%span sord29 = "../../../../creusot-contracts/src/logic/ord.rs" 25 14 25 61 - let%span sord30 = "../../../../creusot-contracts/src/logic/ord.rs" 35 14 35 61 - let%span sord31 = "../../../../creusot-contracts/src/logic/ord.rs" 45 14 45 64 - let%span sord32 = "../../../../creusot-contracts/src/logic/ord.rs" 49 14 49 45 - let%span sord33 = "../../../../creusot-contracts/src/logic/ord.rs" 53 15 53 32 - let%span sord34 = "../../../../creusot-contracts/src/logic/ord.rs" 54 15 54 32 - let%span sord35 = "../../../../creusot-contracts/src/logic/ord.rs" 55 14 55 31 - let%span sord36 = "../../../../creusot-contracts/src/logic/ord.rs" 59 15 59 45 - let%span sord37 = "../../../../creusot-contracts/src/logic/ord.rs" 60 14 60 47 - let%span sord38 = "../../../../creusot-contracts/src/logic/ord.rs" 64 15 64 48 - let%span sord39 = "../../../../creusot-contracts/src/logic/ord.rs" 65 14 65 44 - let%span sord40 = "../../../../creusot-contracts/src/logic/ord.rs" 69 14 69 59 + let%span sord28 = "../../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 + let%span sord29 = "../../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 + let%span sord30 = "../../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 + let%span sord31 = "../../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 + let%span sord32 = "../../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 + let%span sord33 = "../../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 + let%span sord34 = "../../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 + let%span sord35 = "../../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 + let%span sord36 = "../../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 + let%span sord37 = "../../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 + let%span sord38 = "../../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 + let%span sord39 = "../../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 + let%span sord40 = "../../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 let%span sslice41 = "../../../../creusot-contracts/src/std/slice.rs" 122 20 122 37 let%span sslice42 = "../../../../creusot-contracts/src/std/slice.rs" 129 20 129 37 let%span s05_binary_search_generic43 = "05_binary_search_generic.rs" 11 8 11 75 - let%span sops44 = "../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 + let%span sops44 = "../../../../creusot-contracts/src/logic/ops.rs" 22 8 22 31 let%span sinvariant45 = "../../../../creusot-contracts/src/invariant.rs" 24 8 24 18 let%span svec46 = "../../../../creusot-contracts/src/std/vec.rs" 65 20 65 41 - let%span sseq47 = "../../../../creusot-contracts/src/logic/seq.rs" 451 20 451 95 + let%span sseq47 = "../../../../creusot-contracts/src/logic/seq.rs" 609 20 609 95 let%span sboxed48 = "../../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 use prelude.prelude.Borrow @@ -162,7 +162,7 @@ module M_05_binary_search_generic__binary_search [#"05_binary_search_generic.rs" | C_Equal'0 | C_Greater'0 - function cmp_log'0 (self : t_DeepModelTy'0) (_2 : t_DeepModelTy'0) : t_Ordering'0 + function cmp_log'0 (self : t_DeepModelTy'0) (other : t_DeepModelTy'0) : t_Ordering'0 function eq_cmp'0 (x : t_DeepModelTy'0) (y : t_DeepModelTy'0) : () diff --git a/creusot/tests/should_succeed/vector/06_knights_tour.coma b/creusot/tests/should_succeed/vector/06_knights_tour.coma index c7fc8e7c52..2c0c3274f3 100644 --- a/creusot/tests/should_succeed/vector/06_knights_tour.coma +++ b/creusot/tests/should_succeed/vector/06_knights_tour.coma @@ -124,7 +124,7 @@ module M_06_knights_tour__qyi4580598960913230815__new [#"06_knights_tour.rs" 40 let%span smap_inv29 = "../../../../creusot-contracts/src/std/iter/map_inv.rs" 15 8 18 9 let%span smap_inv30 = "../../../../creusot-contracts/src/std/iter/map_inv.rs" 41 8 54 9 let%span svec31 = "../../../../creusot-contracts/src/std/vec.rs" 285 20 285 32 - let%span sops32 = "../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 + let%span sops32 = "../../../../creusot-contracts/src/logic/ops.rs" 22 8 22 31 let%span sresolve33 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 let%span sops34 = "../../../../creusot-contracts/src/std/ops.rs" 105 15 105 59 let%span sops35 = "../../../../creusot-contracts/src/std/ops.rs" 106 14 106 36 @@ -572,7 +572,7 @@ module M_06_knights_tour__qyi4580598960913230815__available [#"06_knights_tour.r let%span sslice11 = "../../../../creusot-contracts/src/std/slice.rs" 122 20 122 37 let%span sslice12 = "../../../../creusot-contracts/src/std/slice.rs" 129 20 129 37 let%span svec13 = "../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - let%span sops14 = "../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 + let%span sops14 = "../../../../creusot-contracts/src/logic/ops.rs" 22 8 22 31 use prelude.prelude.IntSize @@ -797,7 +797,7 @@ module M_06_knights_tour__qyi4580598960913230815__count_degree [#"06_knights_tou let%span s06_knights_tour23 = "06_knights_tour.rs" 32 12 34 93 let%span s06_knights_tour24 = "06_knights_tour.rs" 63 12 63 75 let%span svec25 = "../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - let%span sops26 = "../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 + let%span sops26 = "../../../../creusot-contracts/src/logic/ops.rs" 22 8 22 31 let%span svec27 = "../../../../creusot-contracts/src/std/vec.rs" 191 20 191 24 let%span svec28 = "../../../../creusot-contracts/src/std/vec.rs" 197 20 197 33 let%span svec29 = "../../../../creusot-contracts/src/std/vec.rs" 270 14 270 45 @@ -1167,7 +1167,7 @@ module M_06_knights_tour__qyi4580598960913230815__set [#"06_knights_tour.rs" 87 let%span svec14 = "../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 let%span sslice15 = "../../../../creusot-contracts/src/std/slice.rs" 136 20 136 94 let%span sresolve16 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 - let%span sops17 = "../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 + let%span sops17 = "../../../../creusot-contracts/src/logic/ops.rs" 22 8 22 31 use prelude.prelude.Borrow @@ -1393,7 +1393,7 @@ module M_06_knights_tour__min [#"06_knights_tour.rs" 110 0 110 58] let%span s06_knights_tour5 = "06_knights_tour.rs" 108 10 109 60 let%span siter6 = "../../../../creusot-contracts/src/std/iter.rs" 101 0 213 1 let%span smodel7 = "../../../../creusot-contracts/src/model.rs" 88 8 88 22 - let%span sops8 = "../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 + let%span sops8 = "../../../../creusot-contracts/src/logic/ops.rs" 22 8 22 31 let%span sslice9 = "../../../../creusot-contracts/src/std/slice.rs" 405 12 405 66 let%span siter10 = "../../../../creusot-contracts/src/std/iter.rs" 107 26 110 17 let%span svec11 = "../../../../creusot-contracts/src/std/vec.rs" 205 20 205 24 @@ -1409,7 +1409,7 @@ module M_06_knights_tour__min [#"06_knights_tour.rs" 110 0 110 58] let%span sslice21 = "../../../../creusot-contracts/src/std/slice.rs" 97 14 97 80 let%span sslice22 = "../../../../creusot-contracts/src/std/slice.rs" 398 20 398 61 let%span sresolve23 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 - let%span sops24 = "../../../../creusot-contracts/src/logic/ops.rs" 42 8 42 31 + let%span sops24 = "../../../../creusot-contracts/src/logic/ops.rs" 44 8 44 31 let%span smodel25 = "../../../../creusot-contracts/src/model.rs" 106 8 106 22 let%span sslice26 = "../../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 let%span sslice27 = "../../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 @@ -1740,7 +1740,7 @@ module M_06_knights_tour__knights_tour [#"06_knights_tour.rs" 135 0 135 69] let%span s06_knights_tour37 = "06_knights_tour.rs" 93 10 93 28 let%span s06_knights_tour38 = "06_knights_tour.rs" 94 10 94 128 let%span svec39 = "../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - let%span sops40 = "../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 + let%span sops40 = "../../../../creusot-contracts/src/logic/ops.rs" 22 8 22 31 let%span svec41 = "../../../../creusot-contracts/src/std/vec.rs" 264 12 264 41 let%span s06_knights_tour42 = "06_knights_tour.rs" 12 15 12 52 let%span s06_knights_tour43 = "06_knights_tour.rs" 13 15 13 52 diff --git a/creusot/tests/should_succeed/vector/07_read_write.coma b/creusot/tests/should_succeed/vector/07_read_write.coma index 079cd0c87c..4698086d6f 100644 --- a/creusot/tests/should_succeed/vector/07_read_write.coma +++ b/creusot/tests/should_succeed/vector/07_read_write.coma @@ -22,7 +22,7 @@ module M_07_read_write__read_write [#"07_read_write.rs" 6 0 6 75] let%span svec20 = "../../../../creusot-contracts/src/std/vec.rs" 65 20 65 41 let%span sinvariant21 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 let%span sinvariant22 = "../../../../creusot-contracts/src/invariant.rs" 24 8 24 18 - let%span sseq23 = "../../../../creusot-contracts/src/logic/seq.rs" 451 20 451 95 + let%span sseq23 = "../../../../creusot-contracts/src/logic/seq.rs" 609 20 609 95 let%span sboxed24 = "../../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 use prelude.prelude.Borrow diff --git a/creusot/tests/should_succeed/vector/08_haystack.coma b/creusot/tests/should_succeed/vector/08_haystack.coma index 7dd5e9c255..37a38e1b1b 100644 --- a/creusot/tests/should_succeed/vector/08_haystack.coma +++ b/creusot/tests/should_succeed/vector/08_haystack.coma @@ -32,7 +32,7 @@ module M_08_haystack__search [#"08_haystack.rs" 21 0 21 60] let%span siter30 = "../../../../creusot-contracts/src/std/iter.rs" 86 20 86 24 let%span siter31 = "../../../../creusot-contracts/src/std/iter.rs" 92 8 92 19 let%span svec32 = "../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - let%span sops33 = "../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 + let%span sops33 = "../../../../creusot-contracts/src/logic/ops.rs" 22 8 22 31 let%span srange34 = "../../../../creusot-contracts/src/std/iter/range.rs" 81 14 81 45 let%span srange35 = "../../../../creusot-contracts/src/std/iter/range.rs" 79 4 79 10 let%span srange36 = "../../../../creusot-contracts/src/std/iter/range.rs" 86 15 86 32 diff --git a/creusot/tests/should_succeed/vector/09_capacity.coma b/creusot/tests/should_succeed/vector/09_capacity.coma index a4175962d6..5143399722 100644 --- a/creusot/tests/should_succeed/vector/09_capacity.coma +++ b/creusot/tests/should_succeed/vector/09_capacity.coma @@ -11,11 +11,11 @@ module M_09_capacity__change_capacity [#"09_capacity.rs" 6 0 6 41] let%span svec9 = "../../../../creusot-contracts/src/std/vec.rs" 130 26 130 43 let%span svec10 = "../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 let%span smodel11 = "../../../../creusot-contracts/src/model.rs" 106 8 106 22 - let%span sops12 = "../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 + let%span sops12 = "../../../../creusot-contracts/src/logic/ops.rs" 22 8 22 31 let%span sresolve13 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 let%span svec14 = "../../../../creusot-contracts/src/std/vec.rs" 65 20 65 41 let%span sinvariant15 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 - let%span sseq16 = "../../../../creusot-contracts/src/logic/seq.rs" 451 20 451 95 + let%span sseq16 = "../../../../creusot-contracts/src/logic/seq.rs" 609 20 609 95 let%span sboxed17 = "../../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 use prelude.prelude.Borrow @@ -191,7 +191,7 @@ module M_09_capacity__clear_vec [#"09_capacity.rs" 14 0 14 35] let%span sresolve4 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 let%span svec5 = "../../../../creusot-contracts/src/std/vec.rs" 65 20 65 41 let%span sinvariant6 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 - let%span sseq7 = "../../../../creusot-contracts/src/logic/seq.rs" 451 20 451 95 + let%span sseq7 = "../../../../creusot-contracts/src/logic/seq.rs" 609 20 609 95 let%span sboxed8 = "../../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 use prelude.prelude.Borrow